From 15cd2f9443e363adcf6c579c2ebe6e9a5544b6e4 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 11 Jul 2024 13:29:33 -0700
Subject: [PATCH 001/591] buildscripts: OS X env should be in macos.sh

unix.sh is shared by multiple OSes and environments. Clear JAVA_HOME,
since we never want to use that as PATH is more reliable, better
supported, and more typical.
---
 buildscripts/kokoro/macos.sh | 3 +++
 buildscripts/kokoro/unix.sh  | 5 -----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/buildscripts/kokoro/macos.sh b/buildscripts/kokoro/macos.sh
index 97259231ee8..018d15dd2f9 100755
--- a/buildscripts/kokoro/macos.sh
+++ b/buildscripts/kokoro/macos.sh
@@ -15,4 +15,7 @@ export GRADLE_FLAGS="${GRADLE_FLAGS:-} --max-workers=2"
 . "$GRPC_JAVA_DIR"/buildscripts/kokoro/kokoro.sh
 trap spongify_logs EXIT
 
+export -n JAVA_HOME
+export PATH="$(/usr/libexec/java_home -v"1.8.0")/bin:${PATH}"
+
 "$GRPC_JAVA_DIR"/buildscripts/kokoro/unix.sh
diff --git a/buildscripts/kokoro/unix.sh b/buildscripts/kokoro/unix.sh
index 9b1a4054c7e..1b88b56ab40 100755
--- a/buildscripts/kokoro/unix.sh
+++ b/buildscripts/kokoro/unix.sh
@@ -23,11 +23,6 @@ readonly GRPC_JAVA_DIR="$(cd "$(dirname "$0")"/../.. && pwd)"
 # cd to the root dir of grpc-java
 cd $(dirname $0)/../..
 
-# TODO(zpencer): always make sure we are using Oracle jdk8
-if [[ -f /usr/libexec/java_home ]]; then
-    JAVA_HOME=$(/usr/libexec/java_home -v"1.8.0")
-fi
-
 # ARCH is x86_64 unless otherwise specified.
 ARCH="${ARCH:-x86_64}"
 

From f3cf7c3c75a2dd80b5e852b42efb6dc41e0d073a Mon Sep 17 00:00:00 2001
From: Vindhya Ningegowda <DNVindhya@users.noreply.github.com>
Date: Thu, 12 Sep 2024 15:40:20 -0700
Subject: [PATCH 002/591] xds: Add xDS node ID in few control plane errors
 (#11519)

---
 .../java/io/grpc/xds/CdsLoadBalancer2.java    | 18 +++++---
 .../java/io/grpc/xds/XdsNameResolver.java     |  4 +-
 .../java/io/grpc/xds/XdsServerWrapper.java    | 15 +++++--
 .../io/grpc/xds/CdsLoadBalancer2Test.java     | 44 ++++++++++++++-----
 4 files changed, 59 insertions(+), 22 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
index 773fdf20563..3f1eb3e7e4f 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
@@ -206,8 +206,9 @@ private void handleClusterDiscovered() {
               }
               loopStatus = Status.UNAVAILABLE.withDescription(String.format(
                   "CDS error: circular aggregate clusters directly under %s for "
-                      + "root cluster %s, named %s",
-                  clusterState.name, root.name, namesCausingLoops));
+                      + "root cluster %s, named %s, xDS node ID: %s",
+                  clusterState.name, root.name, namesCausingLoops,
+                  xdsClient.getBootstrapInfo().node().getId()));
             }
           }
         }
@@ -224,9 +225,9 @@ private void handleClusterDiscovered() {
           childLb.shutdown();
           childLb = null;
         }
-        Status unavailable =
-            Status.UNAVAILABLE.withDescription("CDS error: found 0 leaf (logical DNS or EDS) "
-                + "clusters for root cluster " + root.name);
+        Status unavailable = Status.UNAVAILABLE.withDescription(String.format(
+            "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster %s"
+                + " xDS node ID: %s", root.name, xdsClient.getBootstrapInfo().node().getId()));
         helper.updateBalancingState(
             TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(unavailable)));
         return;
@@ -288,11 +289,14 @@ private void addAncestors(Set<String> ancestors, ClusterState clusterState,
     }
 
     private void handleClusterDiscoveryError(Status error) {
+      String description = error.getDescription() == null ? "" : error.getDescription() + " ";
+      Status errorWithNodeId = error.withDescription(
+              description + "xDS node ID: " + xdsClient.getBootstrapInfo().node().getId());
       if (childLb != null) {
-        childLb.handleNameResolutionError(error);
+        childLb.handleNameResolutionError(errorWithNodeId);
       } else {
         helper.updateBalancingState(
-            TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
+            TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(errorWithNodeId)));
       }
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index f0329387fc9..ca73b7d8451 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -815,10 +815,12 @@ private void cleanUpRoutes(String error) {
       // the config selector handles the error message itself. Once the LB API allows providing
       // failure information for addresses yet still providing a service config, the config seector
       // could be avoided.
+      String errorWithNodeId =
+          error + ", xDS node ID: " + xdsClient.getBootstrapInfo().node().getId();
       listener.onResult(ResolutionResult.newBuilder()
           .setAttributes(Attributes.newBuilder()
             .set(InternalConfigSelector.KEY,
-              new FailingConfigSelector(Status.UNAVAILABLE.withDescription(error)))
+              new FailingConfigSelector(Status.UNAVAILABLE.withDescription(errorWithNodeId)))
             .build())
           .setServiceConfig(emptyServiceConfig)
           .build());
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index dfb7c4fb7db..bd622a71124 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -425,7 +425,8 @@ public void onResourceDoesNotExist(final String resourceName) {
         return;
       }
       StatusException statusException = Status.UNAVAILABLE.withDescription(
-              "Listener " + resourceName + " unavailable").asException();
+          String.format("Listener %s unavailable, xDS node ID: %s", resourceName,
+              xdsClient.getBootstrapInfo().node().getId())).asException();
       handleConfigNotFound(statusException);
     }
 
@@ -434,9 +435,12 @@ public void onError(final Status error) {
       if (stopped) {
         return;
       }
-      logger.log(Level.FINE, "Error from XdsClient", error);
+      String description = error.getDescription() == null ? "" : error.getDescription() + " ";
+      Status errorWithNodeId = error.withDescription(
+          description + "xDS node ID: " + xdsClient.getBootstrapInfo().node().getId());
+      logger.log(Level.FINE, "Error from XdsClient", errorWithNodeId);
       if (!isServing) {
-        listener.onNotServing(error.asException());
+        listener.onNotServing(errorWithNodeId.asException());
       }
     }
 
@@ -664,8 +668,11 @@ public void run() {
             if (!routeDiscoveryStates.containsKey(resourceName)) {
               return;
             }
+            String description = error.getDescription() == null ? "" : error.getDescription() + " ";
+            Status errorWithNodeId = error.withDescription(
+                    description + "xDS node ID: " + xdsClient.getBootstrapInfo().node().getId());
             logger.log(Level.WARNING, "Error loading RDS resource {0} from XdsClient: {1}.",
-                    new Object[]{resourceName, error});
+                    new Object[]{resourceName, errorWithNodeId});
             maybeUpdateSelector();
           }
         });
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index 0884587cd95..da32332a2a5 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -58,7 +58,9 @@
 import io.grpc.xds.LeastRequestLoadBalancer.LeastRequestConfig;
 import io.grpc.xds.RingHashLoadBalancer.RingHashConfig;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.client.EnvoyProtoData;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
@@ -94,6 +96,16 @@ public class CdsLoadBalancer2Test {
   private static final String DNS_HOST_NAME = "backend-service-dns.googleapis.com:443";
   private static final ServerInfo LRS_SERVER_INFO =
       ServerInfo.create("lrs.googleapis.com", InsecureChannelCredentials.create());
+  private static final String SERVER_URI = "trafficdirector.googleapis.com";
+  private static final String NODE_ID =
+      "projects/42/networks/default/nodes/5c85b298-6f5b-4722-b74a-f7d1f0ccf5ad";
+  private static final EnvoyProtoData.Node BOOTSTRAP_NODE =
+      EnvoyProtoData.Node.newBuilder().setId(NODE_ID).build();
+  private static final BootstrapInfo BOOTSTRAP_INFO = BootstrapInfo.builder()
+      .servers(ImmutableList.of(
+          ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create())))
+      .node(BOOTSTRAP_NODE)
+      .build();
   private final UpstreamTlsContext upstreamTlsContext =
       CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
   private final OutlierDetection outlierDetection = OutlierDetection.create(
@@ -211,7 +223,8 @@ public void nonAggregateCluster_resourceNotExist_returnErrorPicker() {
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER);
+        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
+            + " xDS node ID: " + NODE_ID);
     assertPicker(pickerCaptor.getValue(), unavailable, null);
     assertThat(childBalancers).isEmpty();
   }
@@ -254,7 +267,8 @@ public void nonAggregateCluster_resourceRevoked() {
     xdsClient.deliverResourceNotExist(CLUSTER);
     assertThat(childBalancer.shutdown).isTrue();
     Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER);
+        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
+            + " xDS node ID: " + NODE_ID);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     assertPicker(pickerCaptor.getValue(), unavailable, null);
@@ -331,7 +345,8 @@ public void aggregateCluster_noNonAggregateClusterExits_returnErrorPicker() {
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER);
+        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
+            + " xDS node ID: " + NODE_ID);
     assertPicker(pickerCaptor.getValue(), unavailable, null);
     assertThat(childBalancers).isEmpty();
   }
@@ -379,7 +394,8 @@ public void aggregateCluster_descendantClustersRevoked() {
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER);
+        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
+            + " xDS node ID: " + NODE_ID);
     assertPicker(pickerCaptor.getValue(), unavailable, null);
     assertThat(childBalancer.shutdown).isTrue();
     assertThat(childBalancers).isEmpty();
@@ -418,7 +434,8 @@ public void aggregateCluster_rootClusterRevoked() {
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER);
+        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
+            + " xDS node ID: " + NODE_ID);
     assertPicker(pickerCaptor.getValue(), unavailable, null);
     assertThat(childBalancer.shutdown).isTrue();
     assertThat(childBalancers).isEmpty();
@@ -466,7 +483,8 @@ public void aggregateCluster_intermediateClusterChanges() {
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER);
+        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
+            + " xDS node ID: " + NODE_ID);
     assertPicker(pickerCaptor.getValue(), unavailable, null);
     assertThat(childBalancer.shutdown).isTrue();
     assertThat(childBalancers).isEmpty();
@@ -507,7 +525,7 @@ public void aggregateCluster_withLoops() {
     Status unavailable = Status.UNAVAILABLE.withDescription(
         "CDS error: circular aggregate clusters directly under cluster-02.googleapis.com for root"
             + " cluster cluster-foo.googleapis.com, named [cluster-01.googleapis.com,"
-            + " cluster-02.googleapis.com]");
+            + " cluster-02.googleapis.com], xDS node ID: " + NODE_ID);
     assertPicker(pickerCaptor.getValue(), unavailable, null);
   }
 
@@ -549,7 +567,7 @@ public void aggregateCluster_withLoops_afterEds() {
     Status unavailable = Status.UNAVAILABLE.withDescription(
         "CDS error: circular aggregate clusters directly under cluster-02.googleapis.com for root"
             + " cluster cluster-foo.googleapis.com, named [cluster-01.googleapis.com,"
-            + " cluster-02.googleapis.com]");
+            + " cluster-02.googleapis.com], xDS node ID: " + NODE_ID);
     assertPicker(pickerCaptor.getValue(), unavailable, null);
   }
 
@@ -617,7 +635,7 @@ public void aggregateCluster_discoveryErrorBeforeChildLbCreated_returnErrorPicke
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status expectedError = Status.UNAVAILABLE.withDescription(
         "Unable to load CDS cluster-foo.googleapis.com. xDS server returned: "
-        + "RESOURCE_EXHAUSTED: OOM");
+        + "RESOURCE_EXHAUSTED: OOM xDS node ID: " + NODE_ID);
     assertPicker(pickerCaptor.getValue(), expectedError, null);
     assertThat(childBalancers).isEmpty();
   }
@@ -647,7 +665,8 @@ public void aggregateCluster_discoveryErrorAfterChildLbCreated_propagateToChildL
 
   @Test
   public void handleNameResolutionErrorFromUpstream_beforeChildLbCreated_returnErrorPicker() {
-    Status upstreamError = Status.UNAVAILABLE.withDescription("unreachable");
+    Status upstreamError = Status.UNAVAILABLE.withDescription(
+        "unreachable xDS node ID: " + NODE_ID);
     loadBalancer.handleNameResolutionError(upstreamError);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
@@ -821,6 +840,11 @@ public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T>
       }
     }
 
+    @Override
+    public BootstrapInfo getBootstrapInfo() {
+      return BOOTSTRAP_INFO;
+    }
+
     private void deliverCdsUpdate(String clusterName, CdsUpdate update) {
       if (watchers.containsKey(clusterName)) {
         List<ResourceWatcher<CdsUpdate>> resourceWatchers =

From b8c1aa517a0de2746977af856fb2c30b7fb7a26b Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Fri, 13 Sep 2024 17:11:17 -0700
Subject: [PATCH 003/591] s2a: Add gRPC S2A (#11113)

---
 MODULE.bazel                                  |   1 +
 buildscripts/sync-protos.sh                   |   2 +-
 repositories.bzl                              |   2 +
 s2a/BUILD.bazel                               | 194 +++++++++
 s2a/build.gradle                              | 151 +++++++
 .../grpc/s2a/handshaker/S2AServiceGrpc.java   | 285 +++++++++++++
 .../grpc/s2a/MtlsToS2AChannelCredentials.java |  96 +++++
 .../io/grpc/s2a/S2AChannelCredentials.java    | 130 ++++++
 .../io/grpc/s2a/channel/S2AChannelPool.java   |  43 ++
 .../grpc/s2a/channel/S2AGrpcChannelPool.java  | 109 +++++
 .../channel/S2AHandshakerServiceChannel.java  | 195 +++++++++
 .../handshaker/ConnectionClosedException.java |  27 ++
 .../GetAuthenticationMechanisms.java          |  56 +++
 .../io/grpc/s2a/handshaker/ProtoUtil.java     |  96 +++++
 .../handshaker/S2AConnectionException.java    |  25 ++
 .../io/grpc/s2a/handshaker/S2AIdentity.java   |  62 +++
 .../s2a/handshaker/S2APrivateKeyMethod.java   | 143 +++++++
 .../S2AProtocolNegotiatorFactory.java         | 249 +++++++++++
 .../java/io/grpc/s2a/handshaker/S2AStub.java  | 221 ++++++++++
 .../grpc/s2a/handshaker/S2ATrustManager.java  | 152 +++++++
 .../s2a/handshaker/SslContextFactory.java     | 178 ++++++++
 .../tokenmanager/AccessTokenManager.java      |  61 +++
 .../tokenmanager/SingleTokenFetcher.java      |  57 +++
 .../handshaker/tokenmanager/TokenFetcher.java |  28 ++
 s2a/src/main/proto/grpc/gcp/s2a/common.proto  |  82 ++++
 s2a/src/main/proto/grpc/gcp/s2a/s2a.proto     | 369 +++++++++++++++++
 .../main/proto/grpc/gcp/s2a/s2a_context.proto |  62 +++
 .../s2a/MtlsToS2AChannelCredentialsTest.java  | 135 ++++++
 .../grpc/s2a/S2AChannelCredentialsTest.java   | 112 +++++
 .../s2a/channel/S2AGrpcChannelPoolTest.java   | 125 ++++++
 .../S2AHandshakerServiceChannelTest.java      | 390 ++++++++++++++++++
 .../io/grpc/s2a/handshaker/FakeS2AServer.java |  55 +++
 .../s2a/handshaker/FakeS2AServerTest.java     | 265 ++++++++++++
 .../io/grpc/s2a/handshaker/FakeWriter.java    | 363 ++++++++++++++++
 .../GetAuthenticationMechanismsTest.java      |  61 +++
 .../grpc/s2a/handshaker/IntegrationTest.java  | 320 ++++++++++++++
 .../io/grpc/s2a/handshaker/ProtoUtilTest.java | 131 ++++++
 .../handshaker/S2APrivateKeyMethodTest.java   | 308 ++++++++++++++
 .../S2AProtocolNegotiatorFactoryTest.java     | 284 +++++++++++++
 .../io/grpc/s2a/handshaker/S2AStubTest.java   | 260 ++++++++++++
 .../s2a/handshaker/S2ATrustManagerTest.java   | 262 ++++++++++++
 .../s2a/handshaker/SslContextFactoryTest.java | 177 ++++++++
 .../SingleTokenAccessTokenManagerTest.java    |  71 ++++
 s2a/src/test/resources/README.md              |  32 ++
 s2a/src/test/resources/client.csr             |  16 +
 s2a/src/test/resources/client_cert.pem        |  18 +
 s2a/src/test/resources/client_key.pem         |  28 ++
 s2a/src/test/resources/config.cnf             |  17 +
 s2a/src/test/resources/root_cert.pem          |  22 +
 s2a/src/test/resources/root_key.pem           |  30 ++
 s2a/src/test/resources/server.csr             |  16 +
 s2a/src/test/resources/server_cert.pem        |  20 +
 s2a/src/test/resources/server_key.pem         |  28 ++
 settings.gradle                               |   2 +
 54 files changed, 6623 insertions(+), 1 deletion(-)
 create mode 100644 s2a/BUILD.bazel
 create mode 100644 s2a/build.gradle
 create mode 100644 s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java
 create mode 100644 s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java
 create mode 100644 s2a/src/main/proto/grpc/gcp/s2a/common.proto
 create mode 100644 s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
 create mode 100644 s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto
 create mode 100644 s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java
 create mode 100644 s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
 create mode 100644 s2a/src/test/resources/README.md
 create mode 100644 s2a/src/test/resources/client.csr
 create mode 100644 s2a/src/test/resources/client_cert.pem
 create mode 100644 s2a/src/test/resources/client_key.pem
 create mode 100644 s2a/src/test/resources/config.cnf
 create mode 100644 s2a/src/test/resources/root_cert.pem
 create mode 100644 s2a/src/test/resources/root_key.pem
 create mode 100644 s2a/src/test/resources/server.csr
 create mode 100644 s2a/src/test/resources/server_cert.pem
 create mode 100644 s2a/src/test/resources/server_key.pem

diff --git a/MODULE.bazel b/MODULE.bazel
index b60ea565073..81fa8795e68 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -41,6 +41,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
     "org.apache.tomcat:annotations-api:6.0.53",
+    "org.checkerframework:checker-qual:3.12.0",
     "org.codehaus.mojo:animal-sniffer-annotations:1.24",
 ]
 # GRPC_DEPS_END
diff --git a/buildscripts/sync-protos.sh b/buildscripts/sync-protos.sh
index 5f01be2e5c9..628b1688d4c 100755
--- a/buildscripts/sync-protos.sh
+++ b/buildscripts/sync-protos.sh
@@ -8,7 +8,7 @@ curl -Ls https://github.com/grpc/grpc-proto/archive/master.tar.gz | tar xz -C "$
 base="$tmpdir/grpc-proto-master"
 
 # Copy protos in 'src/main/proto' from grpc-proto for these projects
-for project in alts grpclb services rls interop-testing; do
+for project in alts grpclb services s2a rls interop-testing; do
   while read -r proto; do
     [ -f "$base/$proto" ] && cp "$base/$proto" "$project/src/main/proto/$proto"
     echo "$proto"
diff --git a/repositories.bzl b/repositories.bzl
index 455e9dcf3ca..f8cf77c8190 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -45,6 +45,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
     "org.apache.tomcat:annotations-api:6.0.53",
+    "org.checkerframework:checker-qual:3.12.0",
     "org.codehaus.mojo:animal-sniffer-annotations:1.24",
 ]
 # GRPC_DEPS_END
@@ -80,6 +81,7 @@ IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS = {
     "io.grpc:grpc-rls": "@io_grpc_grpc_java//rls",
     "io.grpc:grpc-services": "@io_grpc_grpc_java//services:services_maven",
     "io.grpc:grpc-stub": "@io_grpc_grpc_java//stub",
+    "io.grpc:grpc-s2a": "@io_grpc_grpc_java//s2a",
     "io.grpc:grpc-testing": "@io_grpc_grpc_java//testing",
     "io.grpc:grpc-xds": "@io_grpc_grpc_java//xds:xds_maven",
     "io.grpc:grpc-util": "@io_grpc_grpc_java//util",
diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
new file mode 100644
index 00000000000..5aeaedbe358
--- /dev/null
+++ b/s2a/BUILD.bazel
@@ -0,0 +1,194 @@
+load("@rules_proto//proto:defs.bzl", "proto_library")
+load("//:java_grpc_library.bzl", "java_grpc_library")
+load("@rules_jvm_external//:defs.bzl", "artifact")
+
+java_library(
+    name = "s2a_channel_pool",
+    srcs = glob([
+        "src/main/java/io/grpc/s2a/channel/*.java",
+    ]),
+    deps = [
+        "//api",
+        "//core",
+        "//core:internal",
+        "//netty",
+        artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
+        artifact("com.google.guava:guava"),
+        artifact("org.checkerframework:checker-qual"),
+        artifact("io.netty:netty-common"),
+        artifact("io.netty:netty-transport"),
+    ],
+)
+
+java_library(
+    name = "s2a_identity",
+    srcs = ["src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java"],
+    deps = [
+        ":common_java_proto",
+        artifact("com.google.errorprone:error_prone_annotations"),
+        artifact("com.google.guava:guava"),
+    ],
+)
+
+java_library(
+    name = "token_fetcher",
+    srcs = ["src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java"],
+    deps = [
+        ":s2a_identity",
+    ],
+)
+
+java_library(
+    name = "access_token_manager",
+    srcs = [
+        "src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java",
+    ],
+    deps = [
+        ":s2a_identity",
+        ":token_fetcher",
+        artifact("com.google.code.findbugs:jsr305"),
+    ],
+)
+
+java_library(
+    name = "single_token_fetcher",
+    srcs = [
+        "src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java",
+    ],
+    deps = [
+        ":s2a_identity",
+        ":token_fetcher",
+        artifact("com.google.guava:guava"),
+    ],
+)
+
+java_library(
+    name = "s2a_handshaker",
+    srcs = [
+        "src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java",
+        "src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java",
+        "src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java",
+        "src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java",
+        "src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java",
+        "src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java",
+        "src/main/java/io/grpc/s2a/handshaker/S2AStub.java",
+        "src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java",
+        "src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java",
+    ],
+    deps = [
+        ":access_token_manager",
+        ":common_java_proto",
+        ":s2a_channel_pool",
+        ":s2a_identity",
+        ":s2a_java_proto",
+        ":s2a_java_grpc_proto",
+        ":single_token_fetcher",
+        "//api",
+        "//core:internal",
+        "//netty",
+        "//stub",
+        artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
+        artifact("com.google.guava:guava"),
+        artifact("org.checkerframework:checker-qual"),
+        "@com_google_protobuf//:protobuf_java",
+        artifact("io.netty:netty-common"),
+        artifact("io.netty:netty-handler"),
+        artifact("io.netty:netty-transport"),
+    ],
+)
+
+java_library(
+    name = "s2av2_credentials",
+    srcs = ["src/main/java/io/grpc/s2a/S2AChannelCredentials.java"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":s2a_channel_pool",
+        ":s2a_handshaker",
+        ":s2a_identity",
+        "//api",
+        "//core:internal",
+        "//netty",
+        artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
+        artifact("com.google.guava:guava"), 
+        artifact("org.checkerframework:checker-qual"), 
+    ],
+)
+
+java_library(
+    name = "mtls_to_s2av2_credentials",
+    srcs = ["src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":s2a_channel_pool",
+        ":s2av2_credentials",
+        "//api",
+        "//util",
+        artifact("com.google.guava:guava"),
+    ],
+)
+
+# bazel only accepts proto import with absolute path.
+genrule(
+    name = "protobuf_imports",
+    srcs = glob(["src/main/proto/grpc/gcp/s2a/*.proto"]),
+    outs = [
+        "protobuf_out/grpc/gcp/s2a/s2a.proto",
+        "protobuf_out/grpc/gcp/s2a/s2a_context.proto",
+        "protobuf_out/grpc/gcp/s2a/common.proto",
+    ],
+    cmd = "for fname in $(SRCS); do " +
+          "sed 's,import \",import \"s2a/protobuf_out/,g' $$fname > " +
+          "$(@D)/protobuf_out/grpc/gcp/s2a/$$(basename $$fname); done",
+)
+
+proto_library(
+    name = "common_proto",
+    srcs = [
+        "protobuf_out/grpc/gcp/s2a/common.proto",
+    ],
+)
+
+proto_library(
+    name = "s2a_context_proto",
+    srcs = [
+        "protobuf_out/grpc/gcp/s2a/s2a_context.proto",
+    ],
+    deps = [
+        ":common_proto",
+    ],
+)
+
+proto_library(
+    name = "s2a_proto",
+    srcs = [
+        "protobuf_out/grpc/gcp/s2a/s2a.proto",
+    ],
+    deps = [
+        ":common_proto",
+        ":s2a_context_proto",
+    ],
+)
+
+java_proto_library(
+    name = "s2a_java_proto",
+    deps = [":s2a_proto"],
+)
+
+java_proto_library(
+    name = "s2a_context_java_proto",
+    deps = [":s2a_context_proto"],
+)
+
+java_proto_library(
+    name = "common_java_proto",
+    deps = [":common_proto"],
+)
+
+java_grpc_library(
+    name = "s2a_java_grpc_proto",
+    srcs = [":s2a_proto"],
+    deps = [":s2a_java_proto"],
+)
diff --git a/s2a/build.gradle b/s2a/build.gradle
new file mode 100644
index 00000000000..403ac93552f
--- /dev/null
+++ b/s2a/build.gradle
@@ -0,0 +1,151 @@
+buildscript {
+  dependencies {
+    classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0'
+  }
+}
+
+plugins {
+    id "java-library"
+    id "maven-publish"
+
+    id "com.github.johnrengelman.shadow"
+    id "com.google.protobuf"
+    id "ru.vyarus.animalsniffer"
+}
+
+description = "gRPC: S2A"
+
+apply plugin: "com.google.osdetector"
+
+dependencies {
+
+    api project(':grpc-api')
+    implementation project(':grpc-stub'),
+            project(':grpc-protobuf'),
+            project(':grpc-core'),
+            libraries.protobuf.java,
+            libraries.conscrypt,
+            libraries.guava.jre // JRE required by protobuf-java-util from grpclb
+    def nettyDependency = implementation project(':grpc-netty')
+    compileOnly libraries.javax.annotation
+
+    shadow configurations.implementation.getDependencies().minus(nettyDependency)
+    shadow project(path: ':grpc-netty-shaded', configuration: 'shadow')
+    
+    testImplementation project(':grpc-benchmarks'),
+            project(':grpc-testing'),
+            project(':grpc-testing-proto'),
+            testFixtures(project(':grpc-core')),
+            libraries.guava,
+            libraries.junit,
+            libraries.mockito.core,
+            libraries.truth,
+            libraries.conscrypt,
+            libraries.netty.transport.epoll
+
+    testImplementation 'com.google.truth:truth:1.4.2'
+    testImplementation 'com.google.truth.extensions:truth-proto-extension:1.4.2' 
+    testImplementation libraries.guava.testlib
+
+    testRuntimeOnly libraries.netty.tcnative,
+            libraries.netty.tcnative.classes
+    testRuntimeOnly (libraries.netty.tcnative) {
+        artifact {
+            classifier = "linux-x86_64"
+        }
+    }
+    testRuntimeOnly (libraries.netty.tcnative) {
+        artifact {
+            classifier = "linux-aarch_64"
+        }
+    }
+    testRuntimeOnly (libraries.netty.tcnative) {
+        artifact {
+            classifier = "osx-x86_64"
+        }
+    }
+    testRuntimeOnly (libraries.netty.tcnative) {
+        artifact {
+            classifier = "osx-aarch_64"
+        }
+    }
+    testRuntimeOnly (libraries.netty.tcnative) {
+        artifact {
+            classifier = "windows-x86_64"
+        }
+    }
+    testRuntimeOnly (libraries.netty.transport.epoll) {
+        artifact {
+            classifier = "linux-x86_64"
+        }
+    }
+
+    signature libraries.signature.java
+}
+
+tasks.named("compileJava") {
+    dependsOn(tasks.named("generateProto"))
+    //dependsOn(tasks.named("syncGeneratedSourcesmain"))
+}
+
+
+tasks.named("sourcesJar") {
+    dependsOn(tasks.named("generateProto"))
+    //dependsOn(tasks.named("syncGeneratedSourcesmain"))
+}
+
+sourceSets {
+  main {
+    //java.srcDirs += "src/generated/main/java"
+    //java.srcDirs += "src/generated/main/grpc"
+  }
+}
+//println sourceSets.main.java.srcDirs
+//println sourceSets.test.resources.srcDirs
+
+configureProtoCompilation()
+
+tasks.named("javadoc").configure {
+    exclude 'io/grpc/s2a/**'
+}
+
+tasks.named("jar").configure {
+    // Must use a different archiveClassifier to avoid conflicting with shadowJar
+    archiveClassifier = 'original'
+    manifest {
+        attributes('Automatic-Module-Name': 'io.grpc.s2a')
+    }
+}
+
+// We want to use grpc-netty-shaded instead of grpc-netty. But we also want our
+// source to work with Bazel, so we rewrite the code as part of the build.
+tasks.named("shadowJar").configure {
+    archiveClassifier = null
+    dependencies {
+        exclude(dependency {true})
+    }
+    relocate 'io.grpc.netty', 'io.grpc.netty.shaded.io.grpc.netty'
+    relocate 'io.netty', 'io.grpc.netty.shaded.io.netty'
+}
+
+publishing {
+    publications {
+        maven(MavenPublication) {
+            // We want this to throw an exception if it isn't working
+            def originalJar = artifacts.find { dep -> dep.classifier == 'original'}
+            artifacts.remove(originalJar)
+
+            pom.withXml {
+                def dependenciesNode = new Node(null, 'dependencies')
+                project.configurations.shadow.allDependencies.each { dep ->
+                    def dependencyNode = dependenciesNode.appendNode('dependency')
+                    dependencyNode.appendNode('groupId', dep.group)
+                    dependencyNode.appendNode('artifactId', dep.name)
+                    dependencyNode.appendNode('version', dep.version)
+                    dependencyNode.appendNode('scope', 'compile')
+                }
+                asNode().dependencies[0].replaceNode(dependenciesNode)
+            }
+        }
+    }
+}
diff --git a/s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java b/s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java
new file mode 100644
index 00000000000..b365954b189
--- /dev/null
+++ b/s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java
@@ -0,0 +1,285 @@
+package io.grpc.s2a.handshaker;
+
+import static io.grpc.MethodDescriptor.generateFullMethodName;
+
+/**
+ */
+@javax.annotation.Generated(
+    value = "by gRPC proto compiler",
+    comments = "Source: grpc/gcp/s2a/s2a.proto")
+@io.grpc.stub.annotations.GrpcGenerated
+public final class S2AServiceGrpc {
+
+  private S2AServiceGrpc() {}
+
+  public static final java.lang.String SERVICE_NAME = "grpc.gcp.s2a.S2AService";
+
+  // Static method descriptors that strictly reflect the proto.
+  private static volatile io.grpc.MethodDescriptor<io.grpc.s2a.handshaker.SessionReq,
+      io.grpc.s2a.handshaker.SessionResp> getSetUpSessionMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "SetUpSession",
+      requestType = io.grpc.s2a.handshaker.SessionReq.class,
+      responseType = io.grpc.s2a.handshaker.SessionResp.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.BIDI_STREAMING)
+  public static io.grpc.MethodDescriptor<io.grpc.s2a.handshaker.SessionReq,
+      io.grpc.s2a.handshaker.SessionResp> getSetUpSessionMethod() {
+    io.grpc.MethodDescriptor<io.grpc.s2a.handshaker.SessionReq, io.grpc.s2a.handshaker.SessionResp> getSetUpSessionMethod;
+    if ((getSetUpSessionMethod = S2AServiceGrpc.getSetUpSessionMethod) == null) {
+      synchronized (S2AServiceGrpc.class) {
+        if ((getSetUpSessionMethod = S2AServiceGrpc.getSetUpSessionMethod) == null) {
+          S2AServiceGrpc.getSetUpSessionMethod = getSetUpSessionMethod =
+              io.grpc.MethodDescriptor.<io.grpc.s2a.handshaker.SessionReq, io.grpc.s2a.handshaker.SessionResp>newBuilder()
+              .setType(io.grpc.MethodDescriptor.MethodType.BIDI_STREAMING)
+              .setFullMethodName(generateFullMethodName(SERVICE_NAME, "SetUpSession"))
+              .setSampledToLocalTracing(true)
+              .setRequestMarshaller(io.grpc.protobuf.ProtoUtils.marshaller(
+                  io.grpc.s2a.handshaker.SessionReq.getDefaultInstance()))
+              .setResponseMarshaller(io.grpc.protobuf.ProtoUtils.marshaller(
+                  io.grpc.s2a.handshaker.SessionResp.getDefaultInstance()))
+              .setSchemaDescriptor(new S2AServiceMethodDescriptorSupplier("SetUpSession"))
+              .build();
+        }
+      }
+    }
+    return getSetUpSessionMethod;
+  }
+
+  /**
+   * Creates a new async stub that supports all call types for the service
+   */
+  public static S2AServiceStub newStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<S2AServiceStub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<S2AServiceStub>() {
+        @java.lang.Override
+        public S2AServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new S2AServiceStub(channel, callOptions);
+        }
+      };
+    return S2AServiceStub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new blocking-style stub that supports unary and streaming output calls on the service
+   */
+  public static S2AServiceBlockingStub newBlockingStub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<S2AServiceBlockingStub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<S2AServiceBlockingStub>() {
+        @java.lang.Override
+        public S2AServiceBlockingStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new S2AServiceBlockingStub(channel, callOptions);
+        }
+      };
+    return S2AServiceBlockingStub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new ListenableFuture-style stub that supports unary calls on the service
+   */
+  public static S2AServiceFutureStub newFutureStub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<S2AServiceFutureStub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<S2AServiceFutureStub>() {
+        @java.lang.Override
+        public S2AServiceFutureStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new S2AServiceFutureStub(channel, callOptions);
+        }
+      };
+    return S2AServiceFutureStub.newStub(factory, channel);
+  }
+
+  /**
+   */
+  public interface AsyncService {
+
+    /**
+     * <pre>
+     * SetUpSession is a bidirectional stream used by applications to offload
+     * operations from the TLS handshake.
+     * </pre>
+     */
+    default io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionReq> setUpSession(
+        io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionResp> responseObserver) {
+      return io.grpc.stub.ServerCalls.asyncUnimplementedStreamingCall(getSetUpSessionMethod(), responseObserver);
+    }
+  }
+
+  /**
+   * Base class for the server implementation of the service S2AService.
+   */
+  public static abstract class S2AServiceImplBase
+      implements io.grpc.BindableService, AsyncService {
+
+    @java.lang.Override public final io.grpc.ServerServiceDefinition bindService() {
+      return S2AServiceGrpc.bindService(this);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do asynchronous rpc calls to service S2AService.
+   */
+  public static final class S2AServiceStub
+      extends io.grpc.stub.AbstractAsyncStub<S2AServiceStub> {
+    private S2AServiceStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected S2AServiceStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new S2AServiceStub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * SetUpSession is a bidirectional stream used by applications to offload
+     * operations from the TLS handshake.
+     * </pre>
+     */
+    public io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionReq> setUpSession(
+        io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionResp> responseObserver) {
+      return io.grpc.stub.ClientCalls.asyncBidiStreamingCall(
+          getChannel().newCall(getSetUpSessionMethod(), getCallOptions()), responseObserver);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do synchronous rpc calls to service S2AService.
+   */
+  public static final class S2AServiceBlockingStub
+      extends io.grpc.stub.AbstractBlockingStub<S2AServiceBlockingStub> {
+    private S2AServiceBlockingStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected S2AServiceBlockingStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new S2AServiceBlockingStub(channel, callOptions);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do ListenableFuture-style rpc calls to service S2AService.
+   */
+  public static final class S2AServiceFutureStub
+      extends io.grpc.stub.AbstractFutureStub<S2AServiceFutureStub> {
+    private S2AServiceFutureStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected S2AServiceFutureStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new S2AServiceFutureStub(channel, callOptions);
+    }
+  }
+
+  private static final int METHODID_SET_UP_SESSION = 0;
+
+  private static final class MethodHandlers<Req, Resp> implements
+      io.grpc.stub.ServerCalls.UnaryMethod<Req, Resp>,
+      io.grpc.stub.ServerCalls.ServerStreamingMethod<Req, Resp>,
+      io.grpc.stub.ServerCalls.ClientStreamingMethod<Req, Resp>,
+      io.grpc.stub.ServerCalls.BidiStreamingMethod<Req, Resp> {
+    private final AsyncService serviceImpl;
+    private final int methodId;
+
+    MethodHandlers(AsyncService serviceImpl, int methodId) {
+      this.serviceImpl = serviceImpl;
+      this.methodId = methodId;
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public void invoke(Req request, io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        default:
+          throw new AssertionError();
+      }
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public io.grpc.stub.StreamObserver<Req> invoke(
+        io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        case METHODID_SET_UP_SESSION:
+          return (io.grpc.stub.StreamObserver<Req>) serviceImpl.setUpSession(
+              (io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionResp>) responseObserver);
+        default:
+          throw new AssertionError();
+      }
+    }
+  }
+
+  public static final io.grpc.ServerServiceDefinition bindService(AsyncService service) {
+    return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor())
+        .addMethod(
+          getSetUpSessionMethod(),
+          io.grpc.stub.ServerCalls.asyncBidiStreamingCall(
+            new MethodHandlers<
+              io.grpc.s2a.handshaker.SessionReq,
+              io.grpc.s2a.handshaker.SessionResp>(
+                service, METHODID_SET_UP_SESSION)))
+        .build();
+  }
+
+  private static abstract class S2AServiceBaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoFileDescriptorSupplier, io.grpc.protobuf.ProtoServiceDescriptorSupplier {
+    S2AServiceBaseDescriptorSupplier() {}
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
+      return io.grpc.s2a.handshaker.S2AProto.getDescriptor();
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() {
+      return getFileDescriptor().findServiceByName("S2AService");
+    }
+  }
+
+  private static final class S2AServiceFileDescriptorSupplier
+      extends S2AServiceBaseDescriptorSupplier {
+    S2AServiceFileDescriptorSupplier() {}
+  }
+
+  private static final class S2AServiceMethodDescriptorSupplier
+      extends S2AServiceBaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoMethodDescriptorSupplier {
+    private final java.lang.String methodName;
+
+    S2AServiceMethodDescriptorSupplier(java.lang.String methodName) {
+      this.methodName = methodName;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() {
+      return getServiceDescriptor().findMethodByName(methodName);
+    }
+  }
+
+  private static volatile io.grpc.ServiceDescriptor serviceDescriptor;
+
+  public static io.grpc.ServiceDescriptor getServiceDescriptor() {
+    io.grpc.ServiceDescriptor result = serviceDescriptor;
+    if (result == null) {
+      synchronized (S2AServiceGrpc.class) {
+        result = serviceDescriptor;
+        if (result == null) {
+          serviceDescriptor = result = io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME)
+              .setSchemaDescriptor(new S2AServiceFileDescriptorSupplier())
+              .addMethod(getSetUpSessionMethod())
+              .build();
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
new file mode 100644
index 00000000000..56f612502bf
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkState;
+import static com.google.common.base.Strings.isNullOrEmpty;
+
+import io.grpc.ChannelCredentials;
+import io.grpc.TlsChannelCredentials;
+import io.grpc.util.AdvancedTlsX509KeyManager;
+import io.grpc.util.AdvancedTlsX509TrustManager;
+import java.io.File;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+/**
+ * Configures an {@code S2AChannelCredentials.Builder} instance with credentials used to establish a
+ * connection with the S2A to support talking to the S2A over mTLS.
+ */
+public final class MtlsToS2AChannelCredentials {
+  /**
+   * Creates a {@code S2AChannelCredentials.Builder} builder, that talks to the S2A over mTLS.
+   *
+   * @param s2aAddress the address of the S2A server used to secure the connection.
+   * @param privateKeyPath the path to the private key PEM to use for authenticating to the S2A.
+   * @param certChainPath the path to the cert chain PEM to use for authenticating to the S2A.
+   * @param trustBundlePath the path to the trust bundle PEM.
+   * @return a {@code MtlsToS2AChannelCredentials.Builder} instance.
+   */
+  public static Builder createBuilder(
+      String s2aAddress, String privateKeyPath, String certChainPath, String trustBundlePath) {
+    checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
+    checkArgument(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty.");
+    checkArgument(!isNullOrEmpty(certChainPath), "certChainPath must not be null or empty.");
+    checkArgument(!isNullOrEmpty(trustBundlePath), "trustBundlePath must not be null or empty.");
+    return new Builder(s2aAddress, privateKeyPath, certChainPath, trustBundlePath);
+  }
+
+  /** Builds an {@code MtlsToS2AChannelCredentials} instance. */
+  public static final class Builder {
+    private final String s2aAddress;
+    private final String privateKeyPath;
+    private final String certChainPath;
+    private final String trustBundlePath;
+
+    Builder(
+        String s2aAddress, String privateKeyPath, String certChainPath, String trustBundlePath) {
+      this.s2aAddress = s2aAddress;
+      this.privateKeyPath = privateKeyPath;
+      this.certChainPath = certChainPath;
+      this.trustBundlePath = trustBundlePath;
+    }
+
+    public S2AChannelCredentials.Builder build() throws GeneralSecurityException, IOException {
+      checkState(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
+      checkState(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty.");
+      checkState(!isNullOrEmpty(certChainPath), "certChainPath must not be null or empty.");
+      checkState(!isNullOrEmpty(trustBundlePath), "trustBundlePath must not be null or empty.");
+      File privateKeyFile = new File(privateKeyPath);
+      File certChainFile = new File(certChainPath);
+      File trustBundleFile = new File(trustBundlePath);
+
+      AdvancedTlsX509KeyManager keyManager = new AdvancedTlsX509KeyManager();
+      keyManager.updateIdentityCredentials(certChainFile, privateKeyFile);
+
+      AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build();
+      trustManager.updateTrustCredentials(trustBundleFile);
+
+      ChannelCredentials channelToS2ACredentials =
+          TlsChannelCredentials.newBuilder()
+              .keyManager(keyManager)
+              .trustManager(trustManager)
+              .build();
+
+      return S2AChannelCredentials.createBuilder(s2aAddress)
+          .setS2AChannelCredentials(channelToS2ACredentials);
+    }
+  }
+
+  private MtlsToS2AChannelCredentials() {}
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
new file mode 100644
index 00000000000..8a5f1f51350
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+import static com.google.common.base.Strings.isNullOrEmpty;
+
+import com.google.errorprone.annotations.CanIgnoreReturnValue;
+import io.grpc.Channel;
+import io.grpc.ChannelCredentials;
+import io.grpc.internal.ObjectPool;
+import io.grpc.internal.SharedResourcePool;
+import io.grpc.netty.InternalNettyChannelCredentials;
+import io.grpc.netty.InternalProtocolNegotiator;
+import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory;
+import java.util.Optional;
+import javax.annotation.concurrent.NotThreadSafe;
+import org.checkerframework.checker.nullness.qual.Nullable;
+
+/**
+ * Configures gRPC to use S2A for transport security when establishing a secure channel. Only for
+ * use on the client side of a gRPC connection.
+ */
+public final class S2AChannelCredentials {
+  /**
+   * Creates a channel credentials builder for establishing an S2A-secured connection.
+   *
+   * @param s2aAddress the address of the S2A server used to secure the connection.
+   * @return a {@code S2AChannelCredentials.Builder} instance.
+   */
+  public static Builder createBuilder(String s2aAddress) {
+    checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
+    return new Builder(s2aAddress);
+  }
+
+  /** Builds an {@code S2AChannelCredentials} instance. */
+  @NotThreadSafe
+  public static final class Builder {
+    private final String s2aAddress;
+    private ObjectPool<Channel> s2aChannelPool;
+    private Optional<ChannelCredentials> s2aChannelCredentials;
+    private @Nullable S2AIdentity localIdentity = null;
+
+    Builder(String s2aAddress) {
+      this.s2aAddress = s2aAddress;
+      this.s2aChannelPool = null;
+      this.s2aChannelCredentials = Optional.empty();
+    }
+
+    /**
+     * Sets the local identity of the client in the form of a SPIFFE ID. The client may set at most
+     * 1 local identity. If no local identity is specified, then the S2A chooses a default local
+     * identity, if one exists.
+     */
+    @CanIgnoreReturnValue
+    public Builder setLocalSpiffeId(String localSpiffeId) {
+      checkNotNull(localSpiffeId);
+      checkArgument(localIdentity == null, "localIdentity is already set.");
+      localIdentity = S2AIdentity.fromSpiffeId(localSpiffeId);
+      return this;
+    }
+
+    /**
+     * Sets the local identity of the client in the form of a hostname. The client may set at most 1
+     * local identity. If no local identity is specified, then the S2A chooses a default local
+     * identity, if one exists.
+     */
+    @CanIgnoreReturnValue
+    public Builder setLocalHostname(String localHostname) {
+      checkNotNull(localHostname);
+      checkArgument(localIdentity == null, "localIdentity is already set.");
+      localIdentity = S2AIdentity.fromHostname(localHostname);
+      return this;
+    }
+
+    /**
+     * Sets the local identity of the client in the form of a UID. The client may set at most 1
+     * local identity. If no local identity is specified, then the S2A chooses a default local
+     * identity, if one exists.
+     */
+    @CanIgnoreReturnValue
+    public Builder setLocalUid(String localUid) {
+      checkNotNull(localUid);
+      checkArgument(localIdentity == null, "localIdentity is already set.");
+      localIdentity = S2AIdentity.fromUid(localUid);
+      return this;
+    }
+
+    /** Sets the credentials to be used when connecting to the S2A. */
+    @CanIgnoreReturnValue
+    public Builder setS2AChannelCredentials(ChannelCredentials s2aChannelCredentials) {
+      this.s2aChannelCredentials = Optional.of(s2aChannelCredentials);
+      return this;
+    }
+
+    public ChannelCredentials build() {
+      checkState(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
+      ObjectPool<Channel> s2aChannelPool =
+          SharedResourcePool.forResource(
+              S2AHandshakerServiceChannel.getChannelResource(s2aAddress, s2aChannelCredentials));
+      checkNotNull(s2aChannelPool, "s2aChannelPool");
+      this.s2aChannelPool = s2aChannelPool;
+      return InternalNettyChannelCredentials.create(buildProtocolNegotiatorFactory());
+    }
+
+    InternalProtocolNegotiator.ClientFactory buildProtocolNegotiatorFactory() {
+      return S2AProtocolNegotiatorFactory.createClientFactory(localIdentity, s2aChannelPool);
+    }
+  }
+
+  private S2AChannelCredentials() {}
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java
new file mode 100644
index 00000000000..e5caf5e69bd
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.channel;
+
+import com.google.errorprone.annotations.CanIgnoreReturnValue;
+import io.grpc.Channel;
+import javax.annotation.concurrent.ThreadSafe;
+
+/** Manages a channel pool to be used for communication with the S2A. */
+@ThreadSafe
+public interface S2AChannelPool extends AutoCloseable {
+  /**
+   * Retrieves an open channel to the S2A from the channel pool.
+   *
+   * @throws IllegalStateException if no channel is available.
+   */
+  @CanIgnoreReturnValue
+  Channel getChannel();
+
+  /** Returns a channel to the channel pool. */
+  void returnToPool(Channel channel);
+
+  /**
+   * Returns all channels to the channel pool and closes the pool so that no new channels can be
+   * retrieved from the pool.
+   */
+  @Override
+  void close();
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java
new file mode 100644
index 00000000000..4794cd9ee49
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.channel;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+
+import com.google.errorprone.annotations.concurrent.GuardedBy;
+import io.grpc.Channel;
+import io.grpc.internal.ObjectPool;
+import javax.annotation.concurrent.ThreadSafe;
+import org.checkerframework.checker.nullness.qual.Nullable;
+
+/**
+ * Manages a gRPC channel pool and a cached gRPC channel to be used for communication with the S2A.
+ */
+@ThreadSafe
+public final class S2AGrpcChannelPool implements S2AChannelPool {
+  private static final int MAX_NUMBER_USERS_OF_CACHED_CHANNEL = 100000;
+  private final ObjectPool<Channel> channelPool;
+
+  @GuardedBy("this")
+  private @Nullable Channel cachedChannel;
+
+  @GuardedBy("this")
+  private int numberOfUsersOfCachedChannel = 0;
+
+  private enum State {
+    OPEN,
+    CLOSED,
+  }
+  
+  ;
+
+  @GuardedBy("this")
+  private State state = State.OPEN;
+
+  public static S2AChannelPool create(ObjectPool<Channel> channelPool) {
+    checkNotNull(channelPool, "Channel pool should not be null.");
+    return new S2AGrpcChannelPool(channelPool);
+  }
+
+  private S2AGrpcChannelPool(ObjectPool<Channel> channelPool) {
+    this.channelPool = channelPool;
+  }
+
+  /**
+   * Retrieves a channel from {@code channelPool} if {@code channel} is null, and returns {@code
+   * channel} otherwise.
+   *
+   * @return a {@link Channel} obtained from the channel pool.
+   */
+  @Override
+  public synchronized Channel getChannel() {
+    checkState(state.equals(State.OPEN), "Channel pool is not open.");
+    checkState(
+        numberOfUsersOfCachedChannel < MAX_NUMBER_USERS_OF_CACHED_CHANNEL,
+        "Max number of channels have been retrieved from the channel pool.");
+    if (cachedChannel == null) {
+      cachedChannel = channelPool.getObject();
+    }
+    numberOfUsersOfCachedChannel += 1;
+    return cachedChannel;
+  }
+
+  /**
+   * Returns {@code channel} to {@code channelPool}.
+   *
+   * <p>The caller must ensure that {@code channel} was retrieved from this channel pool.
+   */
+  @Override
+  public synchronized void returnToPool(Channel channel) {
+    checkState(state.equals(State.OPEN), "Channel pool is not open.");
+    checkArgument(
+        cachedChannel != null && numberOfUsersOfCachedChannel > 0 && cachedChannel.equals(channel),
+        "Cannot return the channel to channel pool because the channel was not obtained from"
+            + " channel pool.");
+    numberOfUsersOfCachedChannel -= 1;
+    if (numberOfUsersOfCachedChannel == 0) {
+      channelPool.returnObject(channel);
+      cachedChannel = null;
+    }
+  }
+
+  @Override
+  public synchronized void close() {
+    state = State.CLOSED;
+    numberOfUsersOfCachedChannel = 0;
+    if (cachedChannel != null) {
+      channelPool.returnObject(cachedChannel);
+      cachedChannel = null;
+    }
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
new file mode 100644
index 00000000000..75ec7347bb5
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.channel;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.Maps;
+import io.grpc.CallOptions;
+import io.grpc.Channel;
+import io.grpc.ChannelCredentials;
+import io.grpc.ClientCall;
+import io.grpc.ManagedChannel;
+import io.grpc.MethodDescriptor;
+import io.grpc.internal.SharedResourceHolder.Resource;
+import io.grpc.netty.NettyChannelBuilder;
+import io.netty.channel.EventLoopGroup;
+import io.netty.channel.nio.NioEventLoopGroup;
+import io.netty.channel.socket.nio.NioSocketChannel;
+import io.netty.util.concurrent.DefaultThreadFactory;
+import java.time.Duration;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentMap;
+import javax.annotation.concurrent.ThreadSafe;
+
+/**
+ * Provides APIs for managing gRPC channels to S2A servers. Each channel is local and plaintext. If
+ * credentials are provided, they are used to secure the channel.
+ *
+ * <p>This is done as follows: for each S2A server, provides an implementation of gRPC's {@link
+ * SharedResourceHolder.Resource} interface called a {@code Resource<Channel>}. A {@code
+ * Resource<Channel>} is a factory for creating gRPC channels to the S2A server at a given address,
+ * and a channel must be returned to the {@code Resource<Channel>} when it is no longer needed.
+ *
+ * <p>Typical usage pattern is below:
+ *
+ * <pre>{@code
+ * Resource<Channel> resource = S2AHandshakerServiceChannel.getChannelResource("localhost:1234",
+ * creds);
+ * Channel channel = resource.create();
+ * // Send an RPC over the channel to the S2A server running at localhost:1234.
+ * resource.close(channel);
+ * }</pre>
+ */
+@ThreadSafe
+public final class S2AHandshakerServiceChannel {
+  private static final ConcurrentMap<String, Resource<Channel>> SHARED_RESOURCE_CHANNELS =
+      Maps.newConcurrentMap();
+  private static final Duration DELEGATE_TERMINATION_TIMEOUT = Duration.ofSeconds(2);
+  private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10);
+
+  /**
+   * Returns a {@link SharedResourceHolder.Resource} instance for managing channels to an S2A server
+   * running at {@code s2aAddress}.
+   *
+   * @param s2aAddress the address of the S2A, typically in the format {@code host:port}.
+   * @param s2aChannelCredentials the credentials to use when establishing a connection to the S2A.
+   * @return a {@link ChannelResource} instance that manages a {@link Channel} to the S2A server
+   *     running at {@code s2aAddress}.
+   */
+  public static Resource<Channel> getChannelResource(
+      String s2aAddress, Optional<ChannelCredentials> s2aChannelCredentials) {
+    checkNotNull(s2aAddress);
+    return SHARED_RESOURCE_CHANNELS.computeIfAbsent(
+        s2aAddress, channelResource -> new ChannelResource(s2aAddress, s2aChannelCredentials));
+  }
+
+  /**
+   * Defines how to create and destroy a {@link Channel} instance that uses shared resources. A
+   * channel created by {@code ChannelResource} is a plaintext, local channel to the service running
+   * at {@code targetAddress}.
+   */
+  private static class ChannelResource implements Resource<Channel> {
+    private final String targetAddress;
+    private final Optional<ChannelCredentials> channelCredentials;
+
+    public ChannelResource(String targetAddress, Optional<ChannelCredentials> channelCredentials) {
+      this.targetAddress = targetAddress;
+      this.channelCredentials = channelCredentials;
+    }
+
+    /**
+     * Creates a {@code EventLoopHoldingChannel} instance to the service running at {@code
+     * targetAddress}. This channel uses a dedicated thread pool for its {@code EventLoopGroup}
+     * instance to avoid blocking.
+     */
+    @Override
+    public Channel create() {
+      EventLoopGroup eventLoopGroup =
+          new NioEventLoopGroup(1, new DefaultThreadFactory("S2A channel pool", true));
+      ManagedChannel channel = null;
+      if (channelCredentials.isPresent()) {
+        // Create a secure channel.
+        channel =
+            NettyChannelBuilder.forTarget(targetAddress, channelCredentials.get())
+                .channelType(NioSocketChannel.class)
+                .directExecutor()
+                .eventLoopGroup(eventLoopGroup)
+                .build();
+      } else {
+        // Create a plaintext channel.
+        channel =
+            NettyChannelBuilder.forTarget(targetAddress)
+                .channelType(NioSocketChannel.class)
+                .directExecutor()
+                .eventLoopGroup(eventLoopGroup)
+                .usePlaintext()
+                .build();
+      }
+      return EventLoopHoldingChannel.create(channel, eventLoopGroup);
+    }
+
+    /** Destroys a {@code EventLoopHoldingChannel} instance. */
+    @Override
+    public void close(Channel instanceChannel) {
+      checkNotNull(instanceChannel);
+      EventLoopHoldingChannel channel = (EventLoopHoldingChannel) instanceChannel;
+      channel.close();
+    }
+
+    @Override
+    public String toString() {
+      return "grpc-s2a-channel";
+    }
+  }
+
+  /**
+   * Manages a channel using a {@link ManagedChannel} instance that belong to the {@code
+   * EventLoopGroup} thread pool.
+   */
+  @VisibleForTesting
+  static class EventLoopHoldingChannel extends Channel {
+    private final ManagedChannel delegate;
+    private final EventLoopGroup eventLoopGroup;
+
+    static EventLoopHoldingChannel create(ManagedChannel delegate, EventLoopGroup eventLoopGroup) {
+      checkNotNull(delegate);
+      checkNotNull(eventLoopGroup);
+      return new EventLoopHoldingChannel(delegate, eventLoopGroup);
+    }
+
+    private EventLoopHoldingChannel(ManagedChannel delegate, EventLoopGroup eventLoopGroup) {
+      this.delegate = delegate;
+      this.eventLoopGroup = eventLoopGroup;
+    }
+
+    /**
+     * Returns the address of the service to which the {@code delegate} channel connects, which is
+     * typically of the form {@code host:port}.
+     */
+    @Override
+    public String authority() {
+      return delegate.authority();
+    }
+
+    /** Creates a {@link ClientCall} that invokes the operations in {@link MethodDescriptor}. */
+    @Override
+    public <ReqT, RespT> ClientCall<ReqT, RespT> newCall(
+        MethodDescriptor<ReqT, RespT> methodDescriptor, CallOptions options) {
+      return delegate.newCall(methodDescriptor, options);
+    }
+
+    @SuppressWarnings("FutureReturnValueIgnored")
+    public void close() {
+      delegate.shutdownNow();
+      boolean isDelegateTerminated;
+      try {
+        isDelegateTerminated =
+            delegate.awaitTermination(DELEGATE_TERMINATION_TIMEOUT.getSeconds(), SECONDS);
+      } catch (InterruptedException e) {
+        isDelegateTerminated = false;
+      }
+      long quietPeriodSeconds = isDelegateTerminated ? 0 : 1;
+      eventLoopGroup.shutdownGracefully(
+          quietPeriodSeconds, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
+    }
+  }
+
+  private S2AHandshakerServiceChannel() {}
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java b/s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java
new file mode 100644
index 00000000000..1a7f86bda91
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import java.io.IOException;
+
+/** Indicates that a connection has been closed. */
+@SuppressWarnings("serial") // This class is never serialized.
+final class ConnectionClosedException extends IOException {
+  public ConnectionClosedException(String errorMessage) {
+    super(errorMessage);
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java b/s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java
new file mode 100644
index 00000000000..56d74a9b766
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import com.google.errorprone.annotations.Immutable;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.handshaker.tokenmanager.AccessTokenManager;
+import java.util.Optional;
+
+/** Retrieves the authentication mechanism for a given local identity. */
+@Immutable
+final class GetAuthenticationMechanisms {
+  private static final Optional<AccessTokenManager> TOKEN_MANAGER = AccessTokenManager.create();
+
+  /**
+   * Retrieves the authentication mechanism for a given local identity.
+   *
+   * @param localIdentity the identity for which to fetch a token.
+   * @return an {@link AuthenticationMechanism} for the given local identity.
+   */
+  static Optional<AuthenticationMechanism> getAuthMechanism(Optional<S2AIdentity> localIdentity) {
+    if (!TOKEN_MANAGER.isPresent()) {
+      return Optional.empty();
+    }
+    AccessTokenManager manager = TOKEN_MANAGER.get();
+    // If no identity is provided, fetch the default access token and DO NOT attach an identity
+    // to the request.
+    if (!localIdentity.isPresent()) {
+      return Optional.of(
+              AuthenticationMechanism.newBuilder().setToken(manager.getDefaultToken()).build());
+    } else {
+      // Fetch an access token for the provided identity.
+      return Optional.of(
+              AuthenticationMechanism.newBuilder()
+                  .setIdentity(localIdentity.get().getIdentity())
+                  .setToken(manager.getToken(localIdentity.get()))
+                  .build());
+    }
+  }
+
+  private GetAuthenticationMechanisms() {}
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java b/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java
new file mode 100644
index 00000000000..59e3931d9e6
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import com.google.common.collect.ImmutableSet;
+
+/** Converts proto messages to Netty strings. */
+final class ProtoUtil {
+  /**
+   * Converts {@link Ciphersuite} to its {@link String} representation.
+   *
+   * @param ciphersuite the {@link Ciphersuite} to be converted.
+   * @return a {@link String} representing the ciphersuite.
+   * @throws AssertionError if the {@link Ciphersuite} is not one of the supported ciphersuites.
+   */
+  static String convertCiphersuite(Ciphersuite ciphersuite) {
+    switch (ciphersuite) {
+      case CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+        return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+      case CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+        return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
+      case CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+        return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
+      case CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+        return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+      case CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+        return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
+      case CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+        return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
+      default:
+        throw new AssertionError(
+            String.format("Ciphersuite %d is not supported.", ciphersuite.getNumber()));
+    }
+  }
+
+  /**
+   * Converts a {@link TLSVersion} object to its {@link String} representation.
+   *
+   * @param tlsVersion the {@link TLSVersion} object to be converted.
+   * @return a {@link String} representation of the TLS version.
+   * @throws AssertionError if the {@code tlsVersion} is not one of the supported TLS versions.
+   */
+  static String convertTlsProtocolVersion(TLSVersion tlsVersion) {
+    switch (tlsVersion) {
+      case TLS_VERSION_1_3:
+        return "TLSv1.3";
+      case TLS_VERSION_1_2:
+        return "TLSv1.2";
+      case TLS_VERSION_1_1:
+        return "TLSv1.1";
+      case TLS_VERSION_1_0:
+        return "TLSv1";
+      default:
+        throw new AssertionError(
+            String.format("TLS version %d is not supported.", tlsVersion.getNumber()));
+    }
+  }
+
+  /**
+   * Builds a set of strings representing all {@link TLSVersion}s between {@code minTlsVersion} and
+   * {@code maxTlsVersion}.
+   */
+  static ImmutableSet<String> buildTlsProtocolVersionSet(
+      TLSVersion minTlsVersion, TLSVersion maxTlsVersion) {
+    ImmutableSet.Builder<String> tlsVersions = ImmutableSet.<String>builder();
+    for (TLSVersion tlsVersion : TLSVersion.values()) {
+      int versionNumber;
+      try {
+        versionNumber = tlsVersion.getNumber();
+      } catch (IllegalArgumentException e) {
+        continue;
+      }
+      if (versionNumber >= minTlsVersion.getNumber()
+          && versionNumber <= maxTlsVersion.getNumber()) {
+        tlsVersions.add(convertTlsProtocolVersion(tlsVersion));
+      }
+    }
+    return tlsVersions.build();
+  }
+
+  private ProtoUtil() {}
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java
new file mode 100644
index 00000000000..d976308ad22
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+/** Exception that denotes a runtime error that was encountered when talking to the S2A server. */
+@SuppressWarnings("serial") // This class is never serialized.
+public class S2AConnectionException extends RuntimeException {
+  S2AConnectionException(String message) {
+    super(message);
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java
new file mode 100644
index 00000000000..c4fed7377ac
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.errorprone.annotations.ThreadSafe;
+
+/**
+ * Stores an identity in such a way that it can be sent to the S2A handshaker service. The identity
+ * may be formatted as a SPIFFE ID or as a hostname.
+ */
+@ThreadSafe
+public final class S2AIdentity {
+  private final Identity identity;
+
+  /** Returns an {@link S2AIdentity} instance with SPIFFE ID set to {@code spiffeId}. */
+  public static S2AIdentity fromSpiffeId(String spiffeId) {
+    checkNotNull(spiffeId);
+    return new S2AIdentity(Identity.newBuilder().setSpiffeId(spiffeId).build());
+  }
+
+  /** Returns an {@link S2AIdentity} instance with hostname set to {@code hostname}. */
+  public static S2AIdentity fromHostname(String hostname) {
+    checkNotNull(hostname);
+    return new S2AIdentity(Identity.newBuilder().setHostname(hostname).build());
+  }
+
+  /** Returns an {@link S2AIdentity} instance with UID set to {@code uid}. */
+  public static S2AIdentity fromUid(String uid) {
+    checkNotNull(uid);
+    return new S2AIdentity(Identity.newBuilder().setUid(uid).build());
+  }
+
+  /** Returns an {@link S2AIdentity} instance with {@code identity} set. */
+  public static S2AIdentity fromIdentity(Identity identity) {
+    return new S2AIdentity(identity == null ? Identity.getDefaultInstance() : identity);
+  }
+
+  private S2AIdentity(Identity identity) {
+    this.identity = identity;
+  }
+
+  /** Returns the proto {@link Identity} representation of this identity instance. */
+  public Identity getIdentity() {
+    return identity;
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java
new file mode 100644
index 00000000000..fb6d5761355
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableMap;
+import com.google.protobuf.ByteString;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.netty.handler.ssl.OpenSslPrivateKeyMethod;
+import java.io.IOException;
+import java.util.Optional;
+import javax.annotation.concurrent.NotThreadSafe;
+import javax.net.ssl.SSLEngine;
+
+/**
+ * Handles requests on signing bytes with a private key designated by {@code stub}.
+ *
+ * <p>This is done by sending the to-be-signed bytes to an S2A server (designated by {@code stub})
+ * and read the signature from the server.
+ *
+ * <p>OpenSSL libraries must be appropriately initialized before using this class. One possible way
+ * to initialize OpenSSL library is to call {@code
+ * GrpcSslContexts.configure(SslContextBuilder.forClient());}.
+ */
+@NotThreadSafe
+final class S2APrivateKeyMethod implements OpenSslPrivateKeyMethod {
+  private final S2AStub stub;
+  private final Optional<S2AIdentity> localIdentity;
+  private static final ImmutableMap<Integer, SignatureAlgorithm>
+      OPENSSL_TO_S2A_SIGNATURE_ALGORITHM_MAP =
+          ImmutableMap.of(
+              OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256,
+              SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA256,
+              OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA384,
+              SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA384,
+              OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA512,
+              SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA512,
+              OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256,
+              SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256,
+              OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384,
+              SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384,
+              OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512,
+              SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512,
+              OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA256,
+              SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256,
+              OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA384,
+              SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384,
+              OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA512,
+              SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512);
+
+  public static S2APrivateKeyMethod create(S2AStub stub, Optional<S2AIdentity> localIdentity) {
+    checkNotNull(stub);
+    return new S2APrivateKeyMethod(stub, localIdentity);
+  }
+
+  private S2APrivateKeyMethod(S2AStub stub, Optional<S2AIdentity> localIdentity) {
+    this.stub = stub;
+    this.localIdentity = localIdentity;
+  }
+
+  /**
+   * Converts the signature algorithm to an enum understood by S2A.
+   *
+   * @param signatureAlgorithm the int representation of the signature algorithm define by {@code
+   *     OpenSslPrivateKeyMethod}.
+   * @return the signature algorithm enum defined by S2A proto.
+   * @throws UnsupportedOperationException if the algorithm is not supported by S2A.
+   */
+  @VisibleForTesting
+  static SignatureAlgorithm convertOpenSslSignAlgToS2ASignAlg(int signatureAlgorithm) {
+    SignatureAlgorithm sig = OPENSSL_TO_S2A_SIGNATURE_ALGORITHM_MAP.get(signatureAlgorithm);
+    if (sig == null) {
+      throw new UnsupportedOperationException(
+          String.format("Signature Algorithm %d is not supported.", signatureAlgorithm));
+    }
+    return sig;
+  }
+
+  /**
+   * Signs the input bytes by sending the request to the S2A srever.
+   *
+   * @param engine not used.
+   * @param signatureAlgorithm the {@link OpenSslPrivateKeyMethod}'s signature algorithm
+   *     representation
+   * @param input the bytes to be signed.
+   * @return the signature of the {@code input}.
+   * @throws IOException if the connection to the S2A server is corrupted.
+   * @throws InterruptedException if the connection to the S2A server is interrupted.
+   * @throws S2AConnectionException if the response from the S2A server does not contain valid data.
+   */
+  @Override
+  public byte[] sign(SSLEngine engine, int signatureAlgorithm, byte[] input)
+      throws IOException, InterruptedException {
+    checkArgument(input.length > 0, "No bytes to sign.");
+    SignatureAlgorithm s2aSignatureAlgorithm =
+        convertOpenSslSignAlgToS2ASignAlg(signatureAlgorithm);
+    SessionReq.Builder reqBuilder =
+        SessionReq.newBuilder()
+            .setOffloadPrivateKeyOperationReq(
+                OffloadPrivateKeyOperationReq.newBuilder()
+                    .setOperation(OffloadPrivateKeyOperationReq.PrivateKeyOperation.SIGN)
+                    .setSignatureAlgorithm(s2aSignatureAlgorithm)
+                    .setRawBytes(ByteString.copyFrom(input)));
+    if (localIdentity.isPresent()) {
+      reqBuilder.setLocalIdentity(localIdentity.get().getIdentity());
+    }
+
+    SessionResp resp = stub.send(reqBuilder.build());
+
+    if (resp.hasStatus() && resp.getStatus().getCode() != 0) {
+      throw new S2AConnectionException(
+          String.format(
+              "Error occurred in response from S2A, error code: %d, error message: \"%s\".",
+              resp.getStatus().getCode(), resp.getStatus().getDetails()));
+    }
+    if (!resp.hasOffloadPrivateKeyOperationResp()) {
+      throw new S2AConnectionException("No valid response received from S2A.");
+    }
+    return resp.getOffloadPrivateKeyOperationResp().getOutBytes().toByteArray();
+  }
+
+  @Override
+  public byte[] decrypt(SSLEngine engine, byte[] input) {
+    throw new UnsupportedOperationException("decrypt is not supported.");
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java
new file mode 100644
index 00000000000..25d1e325ea8
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Strings.isNullOrEmpty;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.net.HostAndPort;
+import com.google.common.util.concurrent.FutureCallback;
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.ListeningExecutorService;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.errorprone.annotations.ThreadSafe;
+import io.grpc.Channel;
+import io.grpc.internal.ObjectPool;
+import io.grpc.netty.GrpcHttp2ConnectionHandler;
+import io.grpc.netty.InternalProtocolNegotiator;
+import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
+import io.grpc.netty.InternalProtocolNegotiators;
+import io.grpc.netty.InternalProtocolNegotiators.ProtocolNegotiationHandler;
+import io.grpc.s2a.channel.S2AChannelPool;
+import io.grpc.s2a.channel.S2AGrpcChannelPool;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.ChannelHandlerAdapter;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelInboundHandlerAdapter;
+import io.netty.handler.ssl.SslContext;
+import io.netty.util.AsciiString;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+import java.util.concurrent.Executors;
+import javax.annotation.Nullable;
+
+/** Factory for performing negotiation of a secure channel using the S2A. */
+@ThreadSafe
+public final class S2AProtocolNegotiatorFactory {
+  @VisibleForTesting static final int DEFAULT_PORT = 443;
+  private static final AsciiString SCHEME = AsciiString.of("https");
+
+  /**
+   * Creates a {@code S2AProtocolNegotiatorFactory} configured for a client to establish secure
+   * connections using the S2A.
+   *
+   * @param localIdentity the identity of the client; if none is provided, the S2A will use the
+   *     client's default identity.
+   * @param s2aChannelPool a pool of shared channels that can be used to connect to the S2A.
+   * @return a factory for creating a client-side protocol negotiator.
+   */
+  public static InternalProtocolNegotiator.ClientFactory createClientFactory(
+      @Nullable S2AIdentity localIdentity, ObjectPool<Channel> s2aChannelPool) {
+    checkNotNull(s2aChannelPool, "S2A channel pool should not be null.");
+    S2AChannelPool channelPool = S2AGrpcChannelPool.create(s2aChannelPool);
+    return new S2AClientProtocolNegotiatorFactory(localIdentity, channelPool);
+  }
+
+  static final class S2AClientProtocolNegotiatorFactory
+      implements InternalProtocolNegotiator.ClientFactory {
+    private final @Nullable S2AIdentity localIdentity;
+    private final S2AChannelPool channelPool;
+
+    S2AClientProtocolNegotiatorFactory(
+        @Nullable S2AIdentity localIdentity, S2AChannelPool channelPool) {
+      this.localIdentity = localIdentity;
+      this.channelPool = channelPool;
+    }
+
+    @Override
+    public ProtocolNegotiator newNegotiator() {
+      return S2AProtocolNegotiator.createForClient(channelPool, localIdentity);
+    }
+
+    @Override
+    public int getDefaultPort() {
+      return DEFAULT_PORT;
+    }
+  }
+
+  /** Negotiates the TLS handshake using S2A. */
+  @VisibleForTesting
+  static final class S2AProtocolNegotiator implements ProtocolNegotiator {
+
+    private final S2AChannelPool channelPool;
+    private final Optional<S2AIdentity> localIdentity;
+    private final ListeningExecutorService service =
+        MoreExecutors.listeningDecorator(Executors.newFixedThreadPool(1));
+
+    static S2AProtocolNegotiator createForClient(
+        S2AChannelPool channelPool, @Nullable S2AIdentity localIdentity) {
+      checkNotNull(channelPool, "Channel pool should not be null.");
+      if (localIdentity == null) {
+        return new S2AProtocolNegotiator(channelPool, Optional.empty());
+      } else {
+        return new S2AProtocolNegotiator(channelPool, Optional.of(localIdentity));
+      }
+    }
+
+    @VisibleForTesting
+    static @Nullable String getHostNameFromAuthority(@Nullable String authority) {
+      if (authority == null) {
+        return null;
+      }
+      return HostAndPort.fromString(authority).getHost();
+    }
+
+    private S2AProtocolNegotiator(S2AChannelPool channelPool, Optional<S2AIdentity> localIdentity) {
+      this.channelPool = channelPool;
+      this.localIdentity = localIdentity;
+    }
+
+    @Override
+    public AsciiString scheme() {
+      return SCHEME;
+    }
+
+    @Override
+    public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
+      checkNotNull(grpcHandler, "grpcHandler should not be null.");
+      String hostname = getHostNameFromAuthority(grpcHandler.getAuthority());
+      checkArgument(!isNullOrEmpty(hostname), "hostname should not be null or empty.");
+      return new S2AProtocolNegotiationHandler(
+        grpcHandler, channelPool, localIdentity, hostname, service);
+    }
+
+    @Override
+    public void close() {
+      service.shutdown();
+      channelPool.close();
+    }
+  }
+
+  @VisibleForTesting
+  static class BufferReadsHandler extends ChannelInboundHandlerAdapter {
+    private final List<Object> reads = new ArrayList<>();
+    private boolean readComplete;
+
+    public List<Object> getReads() {
+      return reads;
+    }
+
+    @Override
+    public void channelRead(ChannelHandlerContext unused, Object msg) {
+      reads.add(msg);
+    }
+
+    @Override
+    public void channelReadComplete(ChannelHandlerContext unused) {
+      readComplete = true;
+    }
+
+    @Override
+    public void handlerRemoved(ChannelHandlerContext ctx) throws Exception {
+      for (Object msg : reads) {
+        super.channelRead(ctx, msg);
+      }
+      if (readComplete) {
+        super.channelReadComplete(ctx);
+      }
+    }
+  }
+
+  private static final class S2AProtocolNegotiationHandler extends ProtocolNegotiationHandler {
+    private final S2AChannelPool channelPool;
+    private final Optional<S2AIdentity> localIdentity;
+    private final String hostname;
+    private final GrpcHttp2ConnectionHandler grpcHandler;
+    private final ListeningExecutorService service;
+
+    private S2AProtocolNegotiationHandler(
+        GrpcHttp2ConnectionHandler grpcHandler,
+        S2AChannelPool channelPool,
+        Optional<S2AIdentity> localIdentity,
+        String hostname,
+        ListeningExecutorService service) {
+      super(
+          // superclass (InternalProtocolNegotiators.ProtocolNegotiationHandler) expects 'next'
+          // handler but we don't have a next handler _yet_. So we "disable" superclass's behavior
+          // here and then manually add 'next' when we call fireProtocolNegotiationEvent()
+          new ChannelHandlerAdapter() {
+            @Override
+            public void handlerAdded(ChannelHandlerContext ctx) {
+              ctx.pipeline().remove(this);
+            }
+          },
+          grpcHandler.getNegotiationLogger());
+      this.grpcHandler = grpcHandler;
+      this.channelPool = channelPool;
+      this.localIdentity = localIdentity;
+      this.hostname = hostname;
+      checkNotNull(service, "service should not be null.");
+      this.service = service;
+    }
+
+    @Override
+    protected void handlerAdded0(ChannelHandlerContext ctx) {
+      // Buffer all reads until the TLS Handler is added.
+      BufferReadsHandler bufferReads = new BufferReadsHandler();
+      ctx.pipeline().addBefore(ctx.name(), /* name= */ null, bufferReads);
+
+      Channel ch = channelPool.getChannel();
+      S2AServiceGrpc.S2AServiceStub stub = S2AServiceGrpc.newStub(ch);
+      S2AStub s2aStub = S2AStub.newInstance(stub);
+
+      ListenableFuture<SslContext> sslContextFuture =
+          service.submit(() -> SslContextFactory.createForClient(s2aStub, hostname, localIdentity));
+      Futures.addCallback(
+          sslContextFuture,
+          new FutureCallback<SslContext>() {
+            @Override
+            public void onSuccess(SslContext sslContext) {
+              ChannelHandler handler =
+                  InternalProtocolNegotiators.tls(sslContext).newHandler(grpcHandler);
+
+              // Remove the bufferReads handler and delegate the rest of the handshake to the TLS
+              // handler.
+              ctx.pipeline().addAfter(ctx.name(), /* name= */ null, handler);
+              fireProtocolNegotiationEvent(ctx);
+              ctx.pipeline().remove(bufferReads);
+            }
+
+            @Override
+            public void onFailure(Throwable t) {
+              ctx.fireExceptionCaught(t);
+            }
+          },
+          service);
+    }
+  }
+
+  private S2AProtocolNegotiatorFactory() {}
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
new file mode 100644
index 00000000000..8249ca59d09
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
@@ -0,0 +1,221 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Verify.verify;
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import com.google.common.annotations.VisibleForTesting;
+import io.grpc.stub.StreamObserver;
+import java.io.IOException;
+import java.util.Optional;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.annotation.concurrent.NotThreadSafe;
+
+/** Reads and writes messages to and from the S2A. */
+@NotThreadSafe
+class S2AStub implements AutoCloseable {
+  private static final Logger logger = Logger.getLogger(S2AStub.class.getName());
+  private static final long HANDSHAKE_RPC_DEADLINE_SECS = 20;
+  private final StreamObserver<SessionResp> reader = new Reader();
+  private final BlockingQueue<Result> responses = new ArrayBlockingQueue<>(10);
+  private S2AServiceGrpc.S2AServiceStub serviceStub;
+  private StreamObserver<SessionReq> writer;
+  private boolean doneReading = false;
+  private boolean doneWriting = false;
+
+  static S2AStub newInstance(S2AServiceGrpc.S2AServiceStub serviceStub) {
+    checkNotNull(serviceStub);
+    return new S2AStub(serviceStub);
+  }
+
+  @VisibleForTesting
+  static S2AStub newInstanceForTesting(StreamObserver<SessionReq> writer) {
+    checkNotNull(writer);
+    return new S2AStub(writer);
+  }
+
+  private S2AStub(S2AServiceGrpc.S2AServiceStub serviceStub) {
+    this.serviceStub = serviceStub;
+  }
+
+  private S2AStub(StreamObserver<SessionReq> writer) {
+    this.writer = writer;
+  }
+
+  @VisibleForTesting
+  StreamObserver<SessionResp> getReader() {
+    return reader;
+  }
+
+  @VisibleForTesting
+  BlockingQueue<Result> getResponses() {
+    return responses;
+  }
+
+  /**
+   * Sends a request and returns the response. Caller must wait until this method executes prior to
+   * calling it again. If this method throws {@code ConnectionClosedException}, then it should not
+   * be called again, and both {@code reader} and {@code writer} are closed.
+   *
+   * @param req the {@code SessionReq} message to be sent to the S2A server.
+   * @return the {@code SessionResp} message received from the S2A server.
+   * @throws ConnectionClosedException if {@code reader} or {@code writer} calls their {@code
+   *     onCompleted} method.
+   * @throws IOException if an unexpected response is received, or if the {@code reader} or {@code
+   *     writer} calls their {@code onError} method.
+   */
+  public SessionResp send(SessionReq req) throws IOException, InterruptedException {
+    if (doneWriting && doneReading) {
+      logger.log(Level.INFO, "Stream to the S2A is closed.");
+      throw new ConnectionClosedException("Stream to the S2A is closed.");
+    }
+    createWriterIfNull();
+    if (!responses.isEmpty()) {
+      IOException exception = null;
+      SessionResp resp = null;
+      try {
+        resp = responses.take().getResultOrThrow();
+      } catch (IOException e) {
+        exception = e;
+      }
+      responses.clear();
+      if (exception != null) {
+        throw new IOException(
+            "Received an unexpected response from a host at the S2A's address. The S2A might be"
+                + " unavailable."
+                + exception.getMessage());
+      }
+      return resp;
+    }
+    try {
+      writer.onNext(req);
+    } catch (RuntimeException e) {
+      writer.onError(e);
+      responses.offer(Result.createWithThrowable(e));
+    }
+    try {
+      return responses.take().getResultOrThrow();
+    } catch (ConnectionClosedException e) {
+      // A ConnectionClosedException is thrown by getResultOrThrow when reader calls its
+      // onCompleted method. The close method is called to also close the writer, and then the
+      // ConnectionClosedException is re-thrown in order to indicate to the caller that send
+      // should not be called again.
+      close();
+      throw e;
+    }
+  }
+
+  @Override
+  public void close() {
+    if (doneWriting && doneReading) {
+      return;
+    }
+    verify(!doneWriting);
+    doneReading = true;
+    doneWriting = true;
+    if (writer != null) {
+      writer.onCompleted();
+    }
+  }
+
+  /** Create a new writer if the writer is null. */
+  private void createWriterIfNull() {
+    if (writer == null) {
+      writer =
+          serviceStub
+              .withWaitForReady()
+              .withDeadlineAfter(HANDSHAKE_RPC_DEADLINE_SECS, SECONDS)
+              .setUpSession(reader);
+    }
+  }
+
+  private class Reader implements StreamObserver<SessionResp> {
+    /**
+     * Places a {@code SessionResp} message in the {@code responses} queue, or an {@code
+     * IOException} if reading is complete.
+     *
+     * @param resp the {@code SessionResp} message received from the S2A handshaker module.
+     */
+    @Override
+    public void onNext(SessionResp resp) {
+      verify(!doneReading);
+      responses.offer(Result.createWithResponse(resp));
+    }
+
+    /**
+     * Places a {@code Throwable} in the {@code responses} queue.
+     *
+     * @param t the {@code Throwable} caught when reading the stream to the S2A handshaker module.
+     */
+    @Override
+    public void onError(Throwable t) {
+      responses.offer(Result.createWithThrowable(t));
+    }
+
+    /**
+     * Sets {@code doneReading} to true, and places a {@code ConnectionClosedException} in the
+     * {@code responses} queue.
+     */
+    @Override
+    public void onCompleted() {
+      logger.log(Level.INFO, "Reading from the S2A is complete.");
+      doneReading = true;
+      responses.offer(
+          Result.createWithThrowable(
+              new ConnectionClosedException("Reading from the S2A is complete.")));
+    }
+  }
+
+  private static final class Result {
+    private final Optional<SessionResp> response;
+    private final Optional<Throwable> throwable;
+
+    static Result createWithResponse(SessionResp response) {
+      return new Result(Optional.of(response), Optional.empty());
+    }
+
+    static Result createWithThrowable(Throwable throwable) {
+      return new Result(Optional.empty(), Optional.of(throwable));
+    }
+
+    private Result(Optional<SessionResp> response, Optional<Throwable> throwable) {
+      checkArgument(response.isPresent() != throwable.isPresent());
+      this.response = response;
+      this.throwable = throwable;
+    }
+
+    /** Throws {@code throwable} if present, and returns {@code response} otherwise. */
+    SessionResp getResultOrThrow() throws IOException {
+      if (throwable.isPresent()) {
+        if (throwable.get() instanceof ConnectionClosedException) {
+          ConnectionClosedException exception = (ConnectionClosedException) throwable.get();
+          throw exception;
+        } else {
+          throw new IOException(throwable.get());
+        }
+      }
+      verify(response.isPresent());
+      return response.get();
+    }
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java
new file mode 100644
index 00000000000..fb113bb29cc
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.collect.ImmutableList;
+import com.google.protobuf.ByteString;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
+import java.io.IOException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+import javax.annotation.concurrent.NotThreadSafe;
+import javax.net.ssl.X509TrustManager;
+import org.checkerframework.checker.nullness.qual.Nullable;
+
+/** Offloads verification of the peer certificate chain to S2A. */
+@NotThreadSafe
+final class S2ATrustManager implements X509TrustManager {
+  private final Optional<S2AIdentity> localIdentity;
+  private final S2AStub stub;
+  private final String hostname;
+
+  static S2ATrustManager createForClient(
+      S2AStub stub, String hostname, Optional<S2AIdentity> localIdentity) {
+    checkNotNull(stub);
+    checkNotNull(hostname);
+    return new S2ATrustManager(stub, hostname, localIdentity);
+  }
+
+  private S2ATrustManager(S2AStub stub, String hostname, Optional<S2AIdentity> localIdentity) {
+    this.stub = stub;
+    this.hostname = hostname;
+    this.localIdentity = localIdentity;
+  }
+
+  /**
+   * Validates the given certificate chain provided by the peer.
+   *
+   * @param chain the peer certificate chain
+   * @param authType the authentication type based on the client certificate
+   * @throws IllegalArgumentException if null or zero-length chain is passed in for the chain
+   *     parameter.
+   * @throws CertificateException if the certificate chain is not trusted by this TrustManager.
+   */
+  @Override
+  public void checkClientTrusted(X509Certificate[] chain, String authType)
+      throws CertificateException {
+    checkPeerTrusted(chain, /* isCheckingClientCertificateChain= */ true);
+  }
+
+  /**
+   * Validates the given certificate chain provided by the peer.
+   *
+   * @param chain the peer certificate chain
+   * @param authType the authentication type based on the client certificate
+   * @throws IllegalArgumentException if null or zero-length chain is passed in for the chain
+   *     parameter.
+   * @throws CertificateException if the certificate chain is not trusted by this TrustManager.
+   */
+  @Override
+  public void checkServerTrusted(X509Certificate[] chain, String authType)
+      throws CertificateException {
+    checkPeerTrusted(chain, /* isCheckingClientCertificateChain= */ false);
+  }
+
+  /**
+   * Returns null because the accepted issuers are held in S2A and this class receives decision made
+   * from S2A on the fly about which to use to verify a given chain.
+   *
+   * @return null.
+   */
+  @Override
+  public X509Certificate @Nullable [] getAcceptedIssuers() {
+    return null;
+  }
+
+  private void checkPeerTrusted(X509Certificate[] chain, boolean isCheckingClientCertificateChain)
+      throws CertificateException {
+    checkNotNull(chain);
+    checkArgument(chain.length > 0, "Certificate chain has zero certificates.");
+
+    ValidatePeerCertificateChainReq.Builder validatePeerCertificateChainReq =
+        ValidatePeerCertificateChainReq.newBuilder().setMode(VerificationMode.UNSPECIFIED);
+    if (isCheckingClientCertificateChain) {
+      validatePeerCertificateChainReq.setClientPeer(
+          ValidatePeerCertificateChainReq.ClientPeer.newBuilder()
+              .addAllCertificateChain(certificateChainToDerChain(chain)));
+    } else {
+      validatePeerCertificateChainReq.setServerPeer(
+          ValidatePeerCertificateChainReq.ServerPeer.newBuilder()
+              .addAllCertificateChain(certificateChainToDerChain(chain))
+              .setServerHostname(hostname));
+    }
+
+    SessionReq.Builder reqBuilder =
+        SessionReq.newBuilder().setValidatePeerCertificateChainReq(validatePeerCertificateChainReq);
+    if (localIdentity.isPresent()) {
+      reqBuilder.setLocalIdentity(localIdentity.get().getIdentity());
+    }
+
+    SessionResp resp;
+    try {
+      resp = stub.send(reqBuilder.build());
+    } catch (IOException | InterruptedException e) {
+      throw new CertificateException("Failed to send request to S2A.", e);
+    }
+    if (resp.hasStatus() && resp.getStatus().getCode() != 0) {
+      throw new CertificateException(
+          String.format(
+              "Error occurred in response from S2A, error code: %d, error message: %s.",
+              resp.getStatus().getCode(), resp.getStatus().getDetails()));
+    }
+
+    if (!resp.hasValidatePeerCertificateChainResp()) {
+      throw new CertificateException("No valid response received from S2A.");
+    }
+
+    ValidatePeerCertificateChainResp validationResult = resp.getValidatePeerCertificateChainResp();
+    if (validationResult.getValidationResult()
+        != ValidatePeerCertificateChainResp.ValidationResult.SUCCESS) {
+      throw new CertificateException(validationResult.getValidationDetails());
+    }
+  }
+
+  private static ImmutableList<ByteString> certificateChainToDerChain(X509Certificate[] chain)
+      throws CertificateEncodingException {
+    ImmutableList.Builder<ByteString> derChain = ImmutableList.<ByteString>builder();
+    for (X509Certificate certificate : chain) {
+      derChain.add(ByteString.copyFrom(certificate.getEncoded()));
+    }
+    return derChain.build();
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java b/s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java
new file mode 100644
index 00000000000..1ac5887ebc4
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import com.google.common.collect.ImmutableSet;
+import io.grpc.netty.GrpcSslContexts;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.netty.handler.ssl.OpenSslContextOption;
+import io.netty.handler.ssl.OpenSslSessionContext;
+import io.netty.handler.ssl.OpenSslX509KeyManagerFactory;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLSessionContext;
+
+/** Creates {@link SslContext} objects with TLS configurations from S2A server. */
+final class SslContextFactory {
+
+  /**
+   * Creates {@link SslContext} objects for client with TLS configurations from S2A server.
+   *
+   * @param stub the {@link S2AStub} to talk to the S2A server.
+   * @param targetName the {@link String} of the server that this client makes connection to.
+   * @param localIdentity the {@link S2AIdentity} that should be used when talking to S2A server.
+   *     Will use default identity if empty.
+   * @return a {@link SslContext} object.
+   * @throws NullPointerException if either {@code stub} or {@code targetName} is null.
+   * @throws IOException if an unexpected response from S2A server is received.
+   * @throws InterruptedException if {@code stub} is closed.
+   */
+  static SslContext createForClient(
+      S2AStub stub, String targetName, Optional<S2AIdentity> localIdentity)
+      throws IOException,
+          InterruptedException,
+          CertificateException,
+          KeyStoreException,
+          NoSuchAlgorithmException,
+          UnrecoverableKeyException,
+          GeneralSecurityException {
+    checkNotNull(stub, "stub should not be null.");
+    checkNotNull(targetName, "targetName should not be null on client side.");
+    GetTlsConfigurationResp.ClientTlsConfiguration clientTlsConfiguration;
+    try {
+      clientTlsConfiguration = getClientTlsConfigurationFromS2A(stub, localIdentity);
+    } catch (IOException | InterruptedException e) {
+      throw new GeneralSecurityException("Failed to get client TLS configuration from S2A.", e);
+    }
+
+    // Use the default value for timeout.
+    // Use the smallest possible value for cache size.
+    // The Provider is by default OPENSSL. No need to manually set it.
+    SslContextBuilder sslContextBuilder =
+        GrpcSslContexts.configure(SslContextBuilder.forClient())
+            .sessionCacheSize(1)
+            .sessionTimeout(0);
+
+    configureSslContextWithClientTlsConfiguration(clientTlsConfiguration, sslContextBuilder);
+    sslContextBuilder.trustManager(
+        S2ATrustManager.createForClient(stub, targetName, localIdentity));
+    sslContextBuilder.option(
+        OpenSslContextOption.PRIVATE_KEY_METHOD, S2APrivateKeyMethod.create(stub, localIdentity));
+
+    SslContext sslContext = sslContextBuilder.build();
+    SSLSessionContext sslSessionContext = sslContext.sessionContext();
+    if (sslSessionContext instanceof OpenSslSessionContext) {
+      OpenSslSessionContext openSslSessionContext = (OpenSslSessionContext) sslSessionContext;
+      openSslSessionContext.setSessionCacheEnabled(false);
+    }
+
+    return sslContext;
+  }
+
+  private static GetTlsConfigurationResp.ClientTlsConfiguration getClientTlsConfigurationFromS2A(
+      S2AStub stub, Optional<S2AIdentity> localIdentity) throws IOException, InterruptedException {
+    checkNotNull(stub, "stub should not be null.");
+    SessionReq.Builder reqBuilder = SessionReq.newBuilder();
+    if (localIdentity.isPresent()) {
+      reqBuilder.setLocalIdentity(localIdentity.get().getIdentity());
+    }
+    Optional<AuthenticationMechanism> authMechanism =
+        GetAuthenticationMechanisms.getAuthMechanism(localIdentity);
+    if (authMechanism.isPresent()) {
+      reqBuilder.addAuthenticationMechanisms(authMechanism.get());
+    }
+    SessionResp resp =
+        stub.send(
+            reqBuilder
+                .setGetTlsConfigurationReq(
+                    GetTlsConfigurationReq.newBuilder()
+                        .setConnectionSide(ConnectionSide.CONNECTION_SIDE_CLIENT))
+                .build());
+    if (resp.hasStatus() && resp.getStatus().getCode() != 0) {
+      throw new S2AConnectionException(
+          String.format(
+              "response from S2A server has ean error %d with error message %s.",
+              resp.getStatus().getCode(), resp.getStatus().getDetails()));
+    }
+    if (!resp.getGetTlsConfigurationResp().hasClientTlsConfiguration()) {
+      throw new S2AConnectionException(
+          "Response from S2A server does NOT contain ClientTlsConfiguration.");
+    }
+    return resp.getGetTlsConfigurationResp().getClientTlsConfiguration();
+  }
+
+  private static void configureSslContextWithClientTlsConfiguration(
+      GetTlsConfigurationResp.ClientTlsConfiguration clientTlsConfiguration,
+      SslContextBuilder sslContextBuilder)
+      throws CertificateException,
+          IOException,
+          KeyStoreException,
+          NoSuchAlgorithmException,
+          UnrecoverableKeyException {
+    sslContextBuilder.keyManager(createKeylessManager(clientTlsConfiguration));
+    ImmutableSet<String> tlsVersions =
+        ProtoUtil.buildTlsProtocolVersionSet(
+            clientTlsConfiguration.getMinTlsVersion(), clientTlsConfiguration.getMaxTlsVersion());
+    if (tlsVersions.isEmpty()) {
+      throw new S2AConnectionException("Set of TLS versions received from S2A server is empty.");
+    }
+    sslContextBuilder.protocols(tlsVersions);
+  }
+
+  private static KeyManager createKeylessManager(
+      GetTlsConfigurationResp.ClientTlsConfiguration clientTlsConfiguration)
+      throws CertificateException,
+          IOException,
+          KeyStoreException,
+          NoSuchAlgorithmException,
+          UnrecoverableKeyException {
+    X509Certificate[] certificates =
+        new X509Certificate[clientTlsConfiguration.getCertificateChainCount()];
+    for (int i = 0; i < clientTlsConfiguration.getCertificateChainCount(); ++i) {
+      certificates[i] = convertStringToX509Cert(clientTlsConfiguration.getCertificateChain(i));
+    }
+    KeyManager[] keyManagers =
+        OpenSslX509KeyManagerFactory.newKeyless(certificates).getKeyManagers();
+    if (keyManagers == null || keyManagers.length == 0) {
+      throw new IllegalStateException("No key managers created.");
+    }
+    return keyManagers[0];
+  }
+
+  private static X509Certificate convertStringToX509Cert(String certificate)
+      throws CertificateException {
+    return (X509Certificate)
+        CertificateFactory.getInstance("X509")
+            .generateCertificate(new ByteArrayInputStream(certificate.getBytes(UTF_8)));
+  }
+
+  private SslContextFactory() {}
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java
new file mode 100644
index 00000000000..94549d11c87
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker.tokenmanager;
+
+import io.grpc.s2a.handshaker.S2AIdentity;
+import java.lang.reflect.Method;
+import java.util.Optional;
+import javax.annotation.concurrent.ThreadSafe;
+
+/** Manages access tokens for authenticating to the S2A. */
+@ThreadSafe
+public final class AccessTokenManager {
+  private final TokenFetcher tokenFetcher;
+
+  /** Creates an {@code AccessTokenManager} based on the environment where the application runs. */
+  @SuppressWarnings("RethrowReflectiveOperationExceptionAsLinkageError")
+  public static Optional<AccessTokenManager> create() {
+    Optional<?> tokenFetcher;
+    try {
+      Class<?> singleTokenFetcherClass =
+          Class.forName("io.grpc.s2a.handshaker.tokenmanager.SingleTokenFetcher");
+      Method createTokenFetcher = singleTokenFetcherClass.getMethod("create");
+      tokenFetcher = (Optional) createTokenFetcher.invoke(null);
+    } catch (ClassNotFoundException e) {
+      tokenFetcher = Optional.empty();
+    } catch (ReflectiveOperationException e) {
+      throw new AssertionError(e);
+    }
+    return tokenFetcher.isPresent()
+        ? Optional.of(new AccessTokenManager((TokenFetcher) tokenFetcher.get()))
+        : Optional.empty();
+  }
+
+  private AccessTokenManager(TokenFetcher tokenFetcher) {
+    this.tokenFetcher = tokenFetcher;
+  }
+
+  /** Returns an access token when no identity is specified. */
+  public String getDefaultToken() {
+    return tokenFetcher.getDefaultToken();
+  }
+
+  /** Returns an access token for the given identity. */
+  public String getToken(S2AIdentity identity) {
+    return tokenFetcher.getToken(identity);
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java
new file mode 100644
index 00000000000..c3dffd2b715
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker.tokenmanager;
+
+import com.google.common.annotations.VisibleForTesting;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import java.util.Optional;
+
+/** Fetches a single access token via an environment variable. */
+@SuppressWarnings("NonFinalStaticField")
+public final class SingleTokenFetcher implements TokenFetcher {
+  private static final String ENVIRONMENT_VARIABLE = "S2A_ACCESS_TOKEN";
+  private static String accessToken = System.getenv(ENVIRONMENT_VARIABLE);
+
+  private final String token;
+
+  /**
+   * Creates a {@code SingleTokenFetcher} from {@code ENVIRONMENT_VARIABLE}, and returns an empty
+   * {@code Optional} instance if the token could not be fetched.
+   */
+  public static Optional<TokenFetcher> create() {
+    return Optional.ofNullable(accessToken).map(SingleTokenFetcher::new);
+  }
+
+  @VisibleForTesting
+  public static void setAccessToken(String token) {
+    accessToken = token;
+  }
+
+  private SingleTokenFetcher(String token) {
+    this.token = token;
+  }
+
+  @Override
+  public String getDefaultToken() {
+    return token;
+  }
+
+  @Override
+  public String getToken(S2AIdentity identity) {
+    return token;
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java
new file mode 100644
index 00000000000..9eeddaad844
--- /dev/null
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker.tokenmanager;
+
+import io.grpc.s2a.handshaker.S2AIdentity;
+
+/** Fetches tokens used to authenticate to S2A. */
+interface TokenFetcher {
+  /** Returns an access token when no identity is specified. */
+  String getDefaultToken();
+
+  /** Returns an access token for the given identity. */  
+  String getToken(S2AIdentity identity);
+}
\ No newline at end of file
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/common.proto b/s2a/src/main/proto/grpc/gcp/s2a/common.proto
new file mode 100644
index 00000000000..749739553dd
--- /dev/null
+++ b/s2a/src/main/proto/grpc/gcp/s2a/common.proto
@@ -0,0 +1,82 @@
+// Copyright 2024 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/s2a/common.proto
+
+syntax = "proto3";
+
+package grpc.gcp.s2a;
+
+option java_multiple_files = true;
+option java_outer_classname = "CommonProto";
+option java_package = "io.grpc.s2a.handshaker";
+
+// The TLS 1.0-1.2 ciphersuites that the application can negotiate when using
+// S2A.
+enum Ciphersuite {
+  CIPHERSUITE_UNSPECIFIED = 0;
+  CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 1;
+  CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 2;
+  CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 3;
+  CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 4;
+  CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 5;
+  CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 6;
+}
+
+// The TLS versions supported by S2A's handshaker module.
+enum TLSVersion {
+  TLS_VERSION_UNSPECIFIED = 0;
+  TLS_VERSION_1_0 = 1;
+  TLS_VERSION_1_1 = 2;
+  TLS_VERSION_1_2 = 3;
+  TLS_VERSION_1_3 = 4;
+}
+
+// The side in the TLS connection.
+enum ConnectionSide {
+  CONNECTION_SIDE_UNSPECIFIED = 0;
+  CONNECTION_SIDE_CLIENT = 1;
+  CONNECTION_SIDE_SERVER = 2;
+}
+
+// The ALPN protocols that the application can negotiate during a TLS handshake.
+enum AlpnProtocol {
+  ALPN_PROTOCOL_UNSPECIFIED = 0;
+  ALPN_PROTOCOL_GRPC = 1;
+  ALPN_PROTOCOL_HTTP2 = 2;
+  ALPN_PROTOCOL_HTTP1_1 = 3;
+}
+
+message Identity {
+  oneof identity_oneof {
+    // The SPIFFE ID of a connection endpoint.
+    string spiffe_id = 1;
+
+    // The hostname of a connection endpoint.
+    string hostname = 2;
+
+    // The UID of a connection endpoint.
+    string uid = 4;
+
+    // The username of a connection endpoint.
+    string username = 5;
+
+    // The GCP ID of a connection endpoint.
+    string gcp_id = 6;
+  }
+
+  // Additional identity-specific attributes.
+  map<string, string> attributes = 3;
+}
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto b/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
new file mode 100644
index 00000000000..8a85e348c24
--- /dev/null
+++ b/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
@@ -0,0 +1,369 @@
+// Copyright 2024 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/s2a/s2a.proto
+
+syntax = "proto3";
+
+package grpc.gcp.s2a;
+
+import "grpc/gcp/s2a/common.proto";
+import "grpc/gcp/s2a/s2a_context.proto";
+
+option java_multiple_files = true;
+option java_outer_classname = "S2AProto";
+option java_package = "io.grpc.s2a.handshaker";
+
+enum SignatureAlgorithm {
+  S2A_SSL_SIGN_UNSPECIFIED = 0;
+  // RSA Public-Key Cryptography Standards #1.
+  S2A_SSL_SIGN_RSA_PKCS1_SHA256 = 1;
+  S2A_SSL_SIGN_RSA_PKCS1_SHA384 = 2;
+  S2A_SSL_SIGN_RSA_PKCS1_SHA512 = 3;
+  // ECDSA.
+  S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 = 4;
+  S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 = 5;
+  S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 = 6;
+  // RSA Probabilistic Signature Scheme.
+  S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 = 7;
+  S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 = 8;
+  S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 = 9;
+  // ED25519.
+  S2A_SSL_SIGN_ED25519 = 10;
+}
+
+message AlpnPolicy {
+  // If true, the application MUST perform ALPN negotiation.
+  bool enable_alpn_negotiation = 1;
+
+  // The ordered list of ALPN protocols that specify how the application SHOULD
+  // negotiate ALPN during the TLS handshake.
+  //
+  // The application MAY ignore any ALPN protocols in this list that are not
+  // supported by the application.
+  repeated AlpnProtocol alpn_protocols = 2;
+}
+
+message AuthenticationMechanism {
+  // Applications may specify an identity associated to an authentication
+  // mechanism. Otherwise, S2A assumes that the authentication mechanism is
+  // associated with the default identity. If the default identity cannot be
+  // determined, the request is rejected.
+  Identity identity = 1;
+
+  oneof mechanism_oneof {
+    // A token that the application uses to authenticate itself to S2A.
+    string token = 2;
+  }
+}
+
+message Status {
+  // The status code that is specific to the application and the implementation
+  // of S2A, e.g., gRPC status code.
+  uint32 code = 1;
+
+  // The status details.
+  string details = 2;
+}
+
+message GetTlsConfigurationReq {
+  // The role of the application in the TLS connection.
+  ConnectionSide connection_side = 1;
+
+  // The server name indication (SNI) extension, which MAY be populated when a
+  // server is offloading to S2A. The SNI is used to determine the server
+  // identity if the local identity in the request is empty.
+  string sni = 2;
+}
+
+message GetTlsConfigurationResp {
+  // Next ID: 8
+  message ClientTlsConfiguration {
+    reserved 4, 5;
+
+    // The certificate chain that the client MUST use for the TLS handshake.
+    // It's a list of PEM-encoded certificates, ordered from leaf to root,
+    // excluding the root.
+    repeated string certificate_chain = 1;
+
+    // The minimum TLS version number that the client MUST use for the TLS
+    // handshake. If this field is not provided, the client MUST use the default
+    // minimum version of the client's TLS library.
+    TLSVersion min_tls_version = 2;
+
+    // The maximum TLS version number that the client MUST use for the TLS
+    // handshake. If this field is not provided, the client MUST use the default
+    // maximum version of the client's TLS library.
+    TLSVersion max_tls_version = 3;
+
+    // The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+    // negotiate in the TLS handshake.
+    repeated Ciphersuite ciphersuites = 6;
+
+    // The policy that dictates how the client negotiates ALPN during the TLS
+    // handshake.
+    AlpnPolicy alpn_policy = 7;
+  }
+
+  // Next ID: 12
+  message ServerTlsConfiguration {
+    reserved 4, 5;
+
+    enum RequestClientCertificate {
+      UNSPECIFIED = 0;
+      DONT_REQUEST_CLIENT_CERTIFICATE = 1;
+      REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 2;
+      REQUEST_CLIENT_CERTIFICATE_AND_VERIFY = 3;
+      REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 4;
+      REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY = 5;
+    }
+
+    // The certificate chain that the server MUST use for the TLS handshake.
+    // It's a list of PEM-encoded certificates, ordered from leaf to root,
+    // excluding the root.
+    repeated string certificate_chain = 1;
+
+    // The minimum TLS version number that the server MUST use for the TLS
+    // handshake. If this field is not provided, the server MUST use the default
+    // minimum version of the server's TLS library.
+    TLSVersion min_tls_version = 2;
+
+    // The maximum TLS version number that the server MUST use for the TLS
+    // handshake. If this field is not provided, the server MUST use the default
+    // maximum version of the server's TLS library.
+    TLSVersion max_tls_version = 3;
+
+    // The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+    // negotiate in the TLS handshake.
+    repeated Ciphersuite ciphersuites = 10;
+
+    // Whether to enable TLS resumption.
+    bool tls_resumption_enabled = 6;
+
+    // Whether the server MUST request a client certificate (i.e. to negotiate
+    // TLS vs. mTLS).
+    RequestClientCertificate request_client_certificate = 7;
+
+    // Returns the maximum number of extra bytes that
+    // |OffloadResumptionKeyOperation| can add to the number of unencrypted
+    // bytes to form the encrypted bytes.
+    uint32 max_overhead_of_ticket_aead = 9;
+
+    // The policy that dictates how the server negotiates ALPN during the TLS
+    // handshake.
+    AlpnPolicy alpn_policy = 11;
+  }
+
+  oneof tls_configuration {
+    ClientTlsConfiguration client_tls_configuration = 1;
+    ServerTlsConfiguration server_tls_configuration = 2;
+  }
+}
+
+message OffloadPrivateKeyOperationReq {
+  enum PrivateKeyOperation {
+    UNSPECIFIED = 0;
+    // When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of
+    // the TLS handshake must be signed to prove possession of the private key.
+    //
+    // See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3.
+    SIGN = 1;
+    // When performing a TLS 1.2 handshake using an RSA algorithm, the key
+    // exchange algorithm involves the client generating a premaster secret,
+    // encrypting it using the server's public key, and sending this encrypted
+    // blob to the server in a ClientKeyExchange message.
+    //
+    // See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1.
+    DECRYPT = 2;
+  }
+
+  // The operation the private key is used for.
+  PrivateKeyOperation operation = 1;
+
+  // The signature algorithm to be used for signing operations.
+  SignatureAlgorithm signature_algorithm = 2;
+
+  // The input bytes to be signed or decrypted.
+  oneof in_bytes {
+    // Raw bytes to be hashed and signed, or decrypted.
+    bytes raw_bytes = 4;
+    // A SHA256 hash to be signed. Must be 32 bytes.
+    bytes sha256_digest = 5;
+    // A SHA384 hash to be signed. Must be 48 bytes.
+    bytes sha384_digest = 6;
+    // A SHA512 hash to be signed. Must be 64 bytes.
+    bytes sha512_digest = 7;
+  }
+}
+
+message OffloadPrivateKeyOperationResp {
+  // The signed or decrypted output bytes.
+  bytes out_bytes = 1;
+}
+
+message OffloadResumptionKeyOperationReq {
+  enum ResumptionKeyOperation {
+    UNSPECIFIED = 0;
+    ENCRYPT = 1;
+    DECRYPT = 2;
+  }
+
+  // The operation the resumption key is used for.
+  ResumptionKeyOperation operation = 1;
+
+  // The bytes to be encrypted or decrypted.
+  bytes in_bytes = 2;
+}
+
+message OffloadResumptionKeyOperationResp {
+  // The encrypted or decrypted bytes.
+  bytes out_bytes = 1;
+}
+
+message ValidatePeerCertificateChainReq {
+  enum VerificationMode {
+    // The default verification mode supported by S2A.
+    UNSPECIFIED = 0;
+    // The SPIFFE verification mode selects the set of trusted certificates to
+    // use for path building based on the SPIFFE trust domain in the peer's leaf
+    // certificate.
+    SPIFFE = 1;
+    // The connect-to-Google verification mode uses the trust bundle for
+    // connecting to Google, e.g. *.mtls.googleapis.com endpoints.
+    CONNECT_TO_GOOGLE = 2;
+  }
+
+  message ClientPeer {
+    // The certificate chain to be verified. The chain MUST be a list of
+    // DER-encoded certificates, ordered from leaf to root, excluding the root.
+    repeated bytes certificate_chain = 1;
+  }
+
+  message ServerPeer {
+    // The certificate chain to be verified. The chain MUST be a list of
+    // DER-encoded certificates, ordered from leaf to root, excluding the root.
+    repeated bytes certificate_chain = 1;
+
+    // The expected hostname of the server.
+    string server_hostname = 2;
+
+    // The UnrestrictedClientPolicy specified by the user.
+    bytes serialized_unrestricted_client_policy = 3;
+  }
+
+  // The verification mode that S2A MUST use to validate the peer certificate
+  // chain.
+  VerificationMode mode = 1;
+
+  oneof peer_oneof {
+    ClientPeer client_peer = 2;
+    ServerPeer server_peer = 3;
+  }
+}
+
+message ValidatePeerCertificateChainResp {
+  enum ValidationResult {
+    UNSPECIFIED = 0;
+    SUCCESS = 1;
+    FAILURE = 2;
+  }
+
+  // The result of validating the peer certificate chain.
+  ValidationResult validation_result = 1;
+
+  // The validation details. This field is only populated when the validation
+  // result is NOT SUCCESS.
+  string validation_details = 2;
+
+  // The S2A context contains information from the peer certificate chain.
+  //
+  // The S2A context MAY be populated even if validation of the peer certificate
+  // chain fails.
+  S2AContext context = 3;
+}
+
+message SessionReq {
+  // The identity corresponding to the TLS configurations that MUST be used for
+  // the TLS handshake.
+  //
+  // If a managed identity already exists, the local identity and authentication
+  // mechanisms are ignored. If a managed identity doesn't exist and the local
+  // identity is not populated, S2A will try to deduce the managed identity to
+  // use from the SNI extension. If that also fails, S2A uses the default
+  // identity (if one exists).
+  Identity local_identity = 1;
+
+  // The authentication mechanisms that the application wishes to use to
+  // authenticate to S2A, ordered by preference. S2A will always use the first
+  // authentication mechanism that matches the managed identity.
+  repeated AuthenticationMechanism authentication_mechanisms = 2;
+
+  oneof req_oneof {
+    // Requests the certificate chain and TLS configuration corresponding to the
+    // local identity, which the application MUST use to negotiate the TLS
+    // handshake.
+    GetTlsConfigurationReq get_tls_configuration_req = 3;
+
+    // Signs or decrypts the input bytes using a private key corresponding to
+    // the local identity in the request.
+    //
+    // WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+    // S2Av2 by a server during a TLS 1.2 handshake.
+    OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4;
+
+    // Encrypts or decrypts the input bytes using a resumption key corresponding
+    // to the local identity in the request.
+    OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5;
+
+    // Verifies the peer's certificate chain using
+    // (a) trust bundles corresponding to the local identity in the request, and
+    // (b) the verification mode in the request.
+    ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6;
+  }
+}
+
+message SessionResp {
+  // Status of the session response.
+  //
+  // The status field is populated so that if an error occurs when making an
+  // individual request, then communication with the S2A may continue. If an
+  // error is returned directly (e.g. at the gRPC layer), then it may result
+  // that the bidirectional stream being closed.
+  Status status = 1;
+
+  oneof resp_oneof {
+    // Contains the certificate chain and TLS configurations corresponding to
+    // the local identity.
+    GetTlsConfigurationResp get_tls_configuration_resp = 2;
+
+    // Contains the signed or encrypted output bytes using the private key
+    // corresponding to the local identity.
+    OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3;
+
+    // Contains the encrypted or decrypted output bytes using the resumption key
+    // corresponding to the local identity.
+    OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4;
+
+    // Contains the validation result, peer identity and fingerprints of peer
+    // certificates.
+    ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5;
+  }
+}
+
+service S2AService {
+  // SetUpSession is a bidirectional stream used by applications to offload
+  // operations from the TLS handshake.
+  rpc SetUpSession(stream SessionReq) returns (stream SessionResp) {}
+}
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto b/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto
new file mode 100644
index 00000000000..edaeaf22669
--- /dev/null
+++ b/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto
@@ -0,0 +1,62 @@
+// Copyright 2024 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/s2a/s2a_context.proto
+
+syntax = "proto3";
+
+package grpc.gcp.s2a;
+
+import "grpc/gcp/s2a/common.proto";
+
+option java_multiple_files = true;
+option java_outer_classname = "S2AContextProto";
+option java_package = "io.grpc.s2a.handshaker";
+
+message S2AContext {
+  // The SPIFFE ID from the peer leaf certificate, if present.
+  //
+  // This field is only populated if the leaf certificate is a valid SPIFFE
+  // SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+  // SPIFFE ID.
+  string leaf_cert_spiffe_id = 1;
+
+  // The URIs that are present in the SubjectAltName extension of the peer leaf
+  // certificate.
+  //
+  // Note that the extracted URIs are not validated and may not be properly
+  // formatted.
+  repeated string leaf_cert_uris = 2;
+
+  // The DNSNames that are present in the SubjectAltName extension of the peer
+  // leaf certificate.
+  repeated string leaf_cert_dnsnames = 3;
+
+  // The (ordered) list of fingerprints in the certificate chain used to verify
+  // the given leaf certificate. The order MUST be from leaf certificate
+  // fingerprint to root certificate fingerprint.
+  //
+  // A fingerprint is the base-64 encoding of the SHA256 hash of the
+  // DER-encoding of a certificate. The list MAY be populated even if the peer
+  // certificate chain was NOT validated successfully.
+  repeated string peer_certificate_chain_fingerprints = 4;
+
+  // The local identity used during session setup.
+  Identity local_identity = 5;
+
+  // The SHA256 hash of the DER-encoding of the local leaf certificate used in
+  // the handshake.
+  bytes local_leaf_cert_fingerprint = 6;
+}
diff --git a/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java
new file mode 100644
index 00000000000..5ccc522292e
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class MtlsToS2AChannelCredentialsTest {
+  @Test
+  public void createBuilder_nullAddress_throwsException() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ null,
+                /* privateKeyPath= */ "src/test/resources/client_key.pem",
+                /* certChainPath= */ "src/test/resources/client_cert.pem",
+                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
+  }
+
+  @Test
+  public void createBuilder_nullPrivateKeyPath_throwsException() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ "s2a_address",
+                /* privateKeyPath= */ null,
+                /* certChainPath= */ "src/test/resources/client_cert.pem",
+                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
+  }
+
+  @Test
+  public void createBuilder_nullCertChainPath_throwsException() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ "s2a_address",
+                /* privateKeyPath= */ "src/test/resources/client_key.pem",
+                /* certChainPath= */ null,
+                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
+  }
+
+  @Test
+  public void createBuilder_nullTrustBundlePath_throwsException() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ "s2a_address",
+                /* privateKeyPath= */ "src/test/resources/client_key.pem",
+                /* certChainPath= */ "src/test/resources/client_cert.pem",
+                /* trustBundlePath= */ null));
+  }
+
+  @Test
+  public void createBuilder_emptyAddress_throwsException() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ "",
+                /* privateKeyPath= */ "src/test/resources/client_key.pem",
+                /* certChainPath= */ "src/test/resources/client_cert.pem",
+                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
+  }
+
+  @Test
+  public void createBuilder_emptyPrivateKeyPath_throwsException() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ "s2a_address",
+                /* privateKeyPath= */ "",
+                /* certChainPath= */ "src/test/resources/client_cert.pem",
+                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
+  }
+
+  @Test
+  public void createBuilder_emptyCertChainPath_throwsException() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ "s2a_address",
+                /* privateKeyPath= */ "src/test/resources/client_key.pem",
+                /* certChainPath= */ "",
+                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
+  }
+
+  @Test
+  public void createBuilder_emptyTrustBundlePath_throwsException() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () ->
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ "s2a_address",
+                /* privateKeyPath= */ "src/test/resources/client_key.pem",
+                /* certChainPath= */ "src/test/resources/client_cert.pem",
+                /* trustBundlePath= */ ""));
+  }
+
+  @Test
+  public void build_s2AChannelCredentials_success() throws Exception {
+    assertThat(
+            MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ "s2a_address",
+                /* privateKeyPath= */ "src/test/resources/client_key.pem",
+                /* certChainPath= */ "src/test/resources/client_cert.pem",
+                /* trustBundlePath= */ "src/test/resources/root_cert.pem")
+                .build())
+        .isInstanceOf(S2AChannelCredentials.Builder.class);
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
new file mode 100644
index 00000000000..a6133ed0af8
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import io.grpc.ChannelCredentials;
+import io.grpc.TlsChannelCredentials;
+import java.io.File;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@code S2AChannelCredentials}. */
+@RunWith(JUnit4.class)
+public final class S2AChannelCredentialsTest {
+  @Test
+  public void createBuilder_nullArgument_throwsException() throws Exception {
+    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.createBuilder(null));
+  }
+
+  @Test
+  public void createBuilder_emptyAddress_throwsException() throws Exception {
+    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.createBuilder(""));
+  }
+
+  @Test
+  public void setLocalSpiffeId_nullArgument_throwsException() throws Exception {
+    assertThrows(
+        NullPointerException.class,
+        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalSpiffeId(null));
+  }
+
+  @Test
+  public void setLocalHostname_nullArgument_throwsException() throws Exception {
+    assertThrows(
+        NullPointerException.class,
+        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalHostname(null));
+  }
+
+  @Test
+  public void setLocalUid_nullArgument_throwsException() throws Exception {
+    assertThrows(
+        NullPointerException.class,
+        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalUid(null));
+  }
+
+  @Test
+  public void build_withLocalSpiffeId_succeeds() throws Exception {
+    assertThat(
+            S2AChannelCredentials.createBuilder("s2a_address")
+                .setLocalSpiffeId("spiffe://test")
+                .build())
+        .isNotNull();
+  }
+
+  @Test
+  public void build_withLocalHostname_succeeds() throws Exception {
+    assertThat(
+            S2AChannelCredentials.createBuilder("s2a_address")
+                .setLocalHostname("local_hostname")
+                .build())
+        .isNotNull();
+  }
+
+  @Test
+  public void build_withLocalUid_succeeds() throws Exception {
+    assertThat(S2AChannelCredentials.createBuilder("s2a_address").setLocalUid("local_uid").build())
+        .isNotNull();
+  }
+
+  @Test
+  public void build_withNoLocalIdentity_succeeds() throws Exception {
+    assertThat(S2AChannelCredentials.createBuilder("s2a_address").build())
+        .isNotNull();
+  }
+  
+  @Test
+  public void build_withTlsChannelCredentials_succeeds() throws Exception {
+    assertThat(
+            S2AChannelCredentials.createBuilder("s2a_address")
+                .setLocalSpiffeId("spiffe://test")
+                .setS2AChannelCredentials(getTlsChannelCredentials())
+                .build())
+        .isNotNull();
+  }
+
+  private static ChannelCredentials getTlsChannelCredentials() throws Exception {
+    File clientCert = new File("src/test/resources/client_cert.pem");
+    File clientKey = new File("src/test/resources/client_key.pem");
+    File rootCert = new File("src/test/resources/root_cert.pem");
+    return TlsChannelCredentials.newBuilder()
+        .keyManager(clientCert, clientKey)
+        .trustManager(rootCert)
+        .build();
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java b/s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java
new file mode 100644
index 00000000000..260129f8f56
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.channel;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+import static org.mockito.Mockito.mock;
+
+import io.grpc.Channel;
+import io.grpc.internal.ObjectPool;
+import org.checkerframework.checker.nullness.qual.Nullable;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link S2AGrpcChannelPool}. */
+@RunWith(JUnit4.class)
+public final class S2AGrpcChannelPoolTest {
+  @Test
+  public void getChannel_success() throws Exception {
+    FakeChannelPool fakeChannelPool = new FakeChannelPool();
+    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool);
+
+    Channel channel = s2aChannelPool.getChannel();
+
+    assertThat(channel).isNotNull();
+    assertThat(fakeChannelPool.isChannelCached()).isTrue();
+    assertThat(s2aChannelPool.getChannel()).isEqualTo(channel);
+  }
+
+  @Test
+  public void returnToPool_success() throws Exception {
+    FakeChannelPool fakeChannelPool = new FakeChannelPool();
+    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool);
+
+    s2aChannelPool.returnToPool(s2aChannelPool.getChannel());
+
+    assertThat(fakeChannelPool.isChannelCached()).isFalse();
+  }
+
+  @Test
+  public void returnToPool_channelStillCachedBecauseMultipleChannelsRetrieved() throws Exception {
+    FakeChannelPool fakeChannelPool = new FakeChannelPool();
+    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool);
+
+    s2aChannelPool.getChannel();
+    s2aChannelPool.returnToPool(s2aChannelPool.getChannel());
+
+    assertThat(fakeChannelPool.isChannelCached()).isTrue();
+  }
+
+  @Test
+  public void returnToPool_failureBecauseChannelWasNotFromPool() throws Exception {
+    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(new FakeChannelPool());
+
+    IllegalArgumentException expected =
+        assertThrows(
+            IllegalArgumentException.class,
+            () -> s2aChannelPool.returnToPool(mock(Channel.class)));
+    assertThat(expected)
+        .hasMessageThat()
+        .isEqualTo(
+            "Cannot return the channel to channel pool because the channel was not obtained from"
+                + " channel pool.");
+  }
+
+  @Test
+  public void close_success() throws Exception {
+    FakeChannelPool fakeChannelPool = new FakeChannelPool();
+    try (S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool)) {
+      s2aChannelPool.getChannel();
+    }
+
+    assertThat(fakeChannelPool.isChannelCached()).isFalse();
+  }
+
+  @Test
+  public void close_poolIsUnusable() throws Exception {
+    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(new FakeChannelPool());
+    s2aChannelPool.close();
+
+    IllegalStateException expected =
+        assertThrows(IllegalStateException.class, s2aChannelPool::getChannel);
+
+    assertThat(expected).hasMessageThat().isEqualTo("Channel pool is not open.");
+  }
+
+  private static class FakeChannelPool implements ObjectPool<Channel> {
+    private final Channel mockChannel = mock(Channel.class);
+    private @Nullable Channel cachedChannel = null;
+
+    @Override
+    public Channel getObject() {
+      if (cachedChannel == null) {
+        cachedChannel = mockChannel;
+      }
+      return cachedChannel;
+    }
+
+    @Override
+    public Channel returnObject(Object object) {
+      assertThat(object).isSameInstanceAs(mockChannel);
+      cachedChannel = null;
+      return null;
+    }
+
+    public boolean isChannelCached() {
+      return (cachedChannel != null);
+    }
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
new file mode 100644
index 00000000000..57288be1b6f
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
@@ -0,0 +1,390 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.channel;
+
+import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
+import static java.util.concurrent.TimeUnit.SECONDS;
+import static org.junit.Assert.assertThrows;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
+import io.grpc.CallOptions;
+import io.grpc.Channel;
+import io.grpc.ChannelCredentials;
+import io.grpc.ClientCall;
+import io.grpc.ManagedChannel;
+import io.grpc.MethodDescriptor;
+import io.grpc.Server;
+import io.grpc.ServerBuilder;
+import io.grpc.ServerCredentials;
+import io.grpc.StatusRuntimeException;
+import io.grpc.TlsChannelCredentials;
+import io.grpc.TlsServerCredentials;
+import io.grpc.benchmarks.Utils;
+import io.grpc.internal.SharedResourceHolder.Resource;
+import io.grpc.netty.NettyServerBuilder;
+import io.grpc.s2a.channel.S2AHandshakerServiceChannel.EventLoopHoldingChannel;
+import io.grpc.stub.StreamObserver;
+import io.grpc.testing.GrpcCleanupRule;
+import io.grpc.testing.protobuf.SimpleRequest;
+import io.grpc.testing.protobuf.SimpleResponse;
+import io.grpc.testing.protobuf.SimpleServiceGrpc;
+import io.netty.channel.EventLoopGroup;
+import java.io.File;
+import java.time.Duration;
+import java.util.Optional;
+import java.util.concurrent.TimeUnit;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link S2AHandshakerServiceChannel}. */
+@RunWith(JUnit4.class)
+public final class S2AHandshakerServiceChannelTest {
+  @ClassRule public static final GrpcCleanupRule grpcCleanup = new GrpcCleanupRule();
+  private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10);
+  private final EventLoopGroup mockEventLoopGroup = mock(EventLoopGroup.class);
+  private Server mtlsServer;
+  private Server plaintextServer;
+
+  @Before
+  public void setUp() throws Exception {
+    mtlsServer = createMtlsServer();
+    plaintextServer = createPlaintextServer();
+    mtlsServer.start();
+    plaintextServer.start();
+  }
+
+  /**
+   * Creates a {@code Resource<Channel>} and verifies that it produces a {@code ChannelResource}
+   * instance by using its {@code toString()} method.
+   */
+  @Test
+  public void getChannelResource_success() {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + plaintextServer.getPort(),
+            /* s2aChannelCredentials= */ Optional.empty());
+    assertThat(resource.toString()).isEqualTo("grpc-s2a-channel");
+  }
+
+  /** Same as getChannelResource_success, but use mTLS. */
+  @Test
+  public void getChannelResource_mtlsSuccess() throws Exception {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
+    assertThat(resource.toString()).isEqualTo("grpc-s2a-channel");
+  }
+
+  /**
+   * Creates two {@code Resoure<Channel>}s for the same target address and verifies that they are
+   * equal.
+   */
+  @Test
+  public void getChannelResource_twoEqualChannels() {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + plaintextServer.getPort(),
+            /* s2aChannelCredentials= */ Optional.empty());
+    Resource<Channel> resourceTwo =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + plaintextServer.getPort(),
+            /* s2aChannelCredentials= */ Optional.empty());
+    assertThat(resource).isEqualTo(resourceTwo);
+  }
+
+  /** Same as getChannelResource_twoEqualChannels, but use mTLS. */
+  @Test
+  public void getChannelResource_mtlsTwoEqualChannels() throws Exception {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
+    Resource<Channel> resourceTwo =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
+    assertThat(resource).isEqualTo(resourceTwo);
+  }
+
+  /**
+   * Creates two {@code Resoure<Channel>}s for different target addresses and verifies that they are
+   * distinct.
+   */
+  @Test
+  public void getChannelResource_twoDistinctChannels() {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + plaintextServer.getPort(),
+            /* s2aChannelCredentials= */ Optional.empty());
+    Resource<Channel> resourceTwo =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + Utils.pickUnusedPort(), /* s2aChannelCredentials= */ Optional.empty());
+    assertThat(resourceTwo).isNotEqualTo(resource);
+  }
+
+  /** Same as getChannelResource_twoDistinctChannels, but use mTLS. */
+  @Test
+  public void getChannelResource_mtlsTwoDistinctChannels() throws Exception {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
+    Resource<Channel> resourceTwo =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + Utils.pickUnusedPort(), getTlsChannelCredentials());
+    assertThat(resourceTwo).isNotEqualTo(resource);
+  }
+
+  /**
+   * Uses a {@code Resource<Channel>} to create a channel, closes the channel, and verifies that the
+   * channel is closed by attempting to make a simple RPC.
+   */
+  @Test
+  public void close_success() {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + plaintextServer.getPort(),
+            /* s2aChannelCredentials= */ Optional.empty());
+    Channel channel = resource.create();
+    resource.close(channel);
+    StatusRuntimeException expected =
+        assertThrows(
+            StatusRuntimeException.class,
+            () ->
+                SimpleServiceGrpc.newBlockingStub(channel)
+                    .unaryRpc(SimpleRequest.getDefaultInstance()));
+    assertThat(expected).hasMessageThat().isEqualTo("UNAVAILABLE: Channel shutdown invoked");
+  }
+
+  /** Same as close_success, but use mTLS. */
+  @Test
+  public void close_mtlsSuccess() throws Exception {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
+    Channel channel = resource.create();
+    resource.close(channel);
+    StatusRuntimeException expected =
+        assertThrows(
+            StatusRuntimeException.class,
+            () ->
+                SimpleServiceGrpc.newBlockingStub(channel)
+                    .unaryRpc(SimpleRequest.getDefaultInstance()));
+    assertThat(expected).hasMessageThat().isEqualTo("UNAVAILABLE: Channel shutdown invoked");
+  }
+
+  /**
+   * Verifies that an {@code EventLoopHoldingChannel}'s {@code newCall} method can be used to
+   * perform a simple RPC.
+   */
+  @Test
+  public void newCall_performSimpleRpcSuccess() {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + plaintextServer.getPort(),
+            /* s2aChannelCredentials= */ Optional.empty());
+    Channel channel = resource.create();
+    assertThat(channel).isInstanceOf(EventLoopHoldingChannel.class);
+    assertThat(
+            SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance()))
+        .isEqualToDefaultInstance();
+  }
+
+  /** Same as newCall_performSimpleRpcSuccess, but use mTLS. */
+  @Test
+  public void newCall_mtlsPerformSimpleRpcSuccess() throws Exception {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
+    Channel channel = resource.create();
+    assertThat(channel).isInstanceOf(EventLoopHoldingChannel.class);
+    assertThat(
+            SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance()))
+        .isEqualToDefaultInstance();
+  }
+
+  /** Creates a {@code EventLoopHoldingChannel} instance and verifies its authority. */
+  @Test
+  public void authority_success() throws Exception {
+    ManagedChannel channel = new FakeManagedChannel(true);
+    EventLoopHoldingChannel eventLoopHoldingChannel =
+        EventLoopHoldingChannel.create(channel, mockEventLoopGroup);
+    assertThat(eventLoopHoldingChannel.authority()).isEqualTo("FakeManagedChannel");
+  }
+
+  /**
+   * Creates and closes a {@code EventLoopHoldingChannel} when its {@code ManagedChannel} terminates
+   * successfully.
+   */
+  @Test
+  public void close_withDelegateTerminatedSuccess() throws Exception {
+    ManagedChannel channel = new FakeManagedChannel(true);
+    EventLoopHoldingChannel eventLoopHoldingChannel =
+        EventLoopHoldingChannel.create(channel, mockEventLoopGroup);
+    eventLoopHoldingChannel.close();
+    assertThat(channel.isShutdown()).isTrue();
+    verify(mockEventLoopGroup, times(1))
+        .shutdownGracefully(0, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
+  }
+
+  /**
+   * Creates and closes a {@code EventLoopHoldingChannel} when its {@code ManagedChannel} does not
+   * terminate successfully.
+   */
+  @Test
+  public void close_withDelegateTerminatedFailure() throws Exception {
+    ManagedChannel channel = new FakeManagedChannel(false);
+    EventLoopHoldingChannel eventLoopHoldingChannel =
+        EventLoopHoldingChannel.create(channel, mockEventLoopGroup);
+    eventLoopHoldingChannel.close();
+    assertThat(channel.isShutdown()).isTrue();
+    verify(mockEventLoopGroup, times(1))
+        .shutdownGracefully(1, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
+  }
+
+  /**
+   * Creates and closes a {@code EventLoopHoldingChannel}, creates a new channel from the same
+   * resource, and verifies that this second channel is useable.
+   */
+  @Test
+  public void create_succeedsAfterCloseIsCalledOnce() throws Exception {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + plaintextServer.getPort(),
+            /* s2aChannelCredentials= */ Optional.empty());
+    Channel channelOne = resource.create();
+    resource.close(channelOne);
+
+    Channel channelTwo = resource.create();
+    assertThat(channelTwo).isInstanceOf(EventLoopHoldingChannel.class);
+    assertThat(
+            SimpleServiceGrpc.newBlockingStub(channelTwo)
+                .unaryRpc(SimpleRequest.getDefaultInstance()))
+        .isEqualToDefaultInstance();
+    resource.close(channelTwo);
+  }
+
+  /** Same as create_succeedsAfterCloseIsCalledOnce, but use mTLS. */
+  @Test
+  public void create_mtlsSucceedsAfterCloseIsCalledOnce() throws Exception {
+    Resource<Channel> resource =
+        S2AHandshakerServiceChannel.getChannelResource(
+            "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
+    Channel channelOne = resource.create();
+    resource.close(channelOne);
+
+    Channel channelTwo = resource.create();
+    assertThat(channelTwo).isInstanceOf(EventLoopHoldingChannel.class);
+    assertThat(
+            SimpleServiceGrpc.newBlockingStub(channelTwo)
+                .unaryRpc(SimpleRequest.getDefaultInstance()))
+        .isEqualToDefaultInstance();
+    resource.close(channelTwo);
+  }
+
+  private static Server createMtlsServer() throws Exception {
+    SimpleServiceImpl service = new SimpleServiceImpl();
+    File serverCert = new File("src/test/resources/server_cert.pem");
+    File serverKey = new File("src/test/resources/server_key.pem");
+    File rootCert = new File("src/test/resources/root_cert.pem");
+    ServerCredentials creds =
+        TlsServerCredentials.newBuilder()
+            .keyManager(serverCert, serverKey)
+            .trustManager(rootCert)
+            .clientAuth(TlsServerCredentials.ClientAuth.REQUIRE)
+            .build();
+    return grpcCleanup.register(
+        NettyServerBuilder.forPort(Utils.pickUnusedPort(), creds).addService(service).build());
+  }
+
+  private static Server createPlaintextServer() {
+    SimpleServiceImpl service = new SimpleServiceImpl();
+    return grpcCleanup.register(
+        ServerBuilder.forPort(Utils.pickUnusedPort()).addService(service).build());
+  }
+
+  private static Optional<ChannelCredentials> getTlsChannelCredentials() throws Exception {
+    File clientCert = new File("src/test/resources/client_cert.pem");
+    File clientKey = new File("src/test/resources/client_key.pem");
+    File rootCert = new File("src/test/resources/root_cert.pem");
+    return Optional.of(
+        TlsChannelCredentials.newBuilder()
+            .keyManager(clientCert, clientKey)
+            .trustManager(rootCert)
+            .build());
+  }
+
+  private static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase {
+    @Override
+    public void unaryRpc(SimpleRequest request, StreamObserver<SimpleResponse> streamObserver) {
+      streamObserver.onNext(SimpleResponse.getDefaultInstance());
+      streamObserver.onCompleted();
+    }
+  }
+
+  private static class FakeManagedChannel extends ManagedChannel {
+    private final boolean isDelegateTerminatedSuccess;
+    private boolean isShutdown = false;
+
+    FakeManagedChannel(boolean isDelegateTerminatedSuccess) {
+      this.isDelegateTerminatedSuccess = isDelegateTerminatedSuccess;
+    }
+
+    @Override
+    public String authority() {
+      return "FakeManagedChannel";
+    }
+
+    @Override
+    public <ReqT, RespT> ClientCall<ReqT, RespT> newCall(
+        MethodDescriptor<ReqT, RespT> methodDescriptor, CallOptions options) {
+      throw new UnsupportedOperationException("This method should not be called.");
+    }
+
+    @Override
+    public ManagedChannel shutdown() {
+      throw new UnsupportedOperationException("This method should not be called.");
+    }
+
+    @Override
+    public boolean isShutdown() {
+      return isShutdown;
+    }
+
+    @Override
+    public boolean isTerminated() {
+      throw new UnsupportedOperationException("This method should not be called.");
+    }
+
+    @Override
+    public ManagedChannel shutdownNow() {
+      isShutdown = true;
+      return null;
+    }
+
+    @Override
+    public boolean awaitTermination(long timeout, TimeUnit unit) throws InterruptedException {
+      if (isDelegateTerminatedSuccess) {
+        return true;
+      }
+      throw new InterruptedException("Await termination was interrupted.");
+    }
+  }
+}
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java
new file mode 100644
index 00000000000..66f636ada22
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import io.grpc.stub.StreamObserver;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.logging.Logger;
+
+/** A fake S2Av2 server that should be used for testing only. */
+public final class FakeS2AServer extends S2AServiceGrpc.S2AServiceImplBase {
+  private static final Logger logger = Logger.getLogger(FakeS2AServer.class.getName());
+
+  private final FakeWriter writer;
+
+  public FakeS2AServer() throws InvalidKeySpecException, NoSuchAlgorithmException {
+    this.writer = new FakeWriter();
+    this.writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS).initializePrivateKey();
+  }
+
+  @Override
+  public StreamObserver<SessionReq> setUpSession(StreamObserver<SessionResp> responseObserver) {
+    return new StreamObserver<SessionReq>() {
+      @Override
+      public void onNext(SessionReq req) {
+        logger.info("Received a request from client.");
+        responseObserver.onNext(writer.handleResponse(req));
+      }
+
+      @Override
+      public void onError(Throwable t) {
+        responseObserver.onError(t);
+      }
+
+      @Override
+      public void onCompleted() {
+        responseObserver.onCompleted();
+      }
+    };
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java
new file mode 100644
index 00000000000..e200d119867
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import com.google.common.collect.ImmutableList;
+import com.google.protobuf.ByteString;
+import io.grpc.Grpc;
+import io.grpc.InsecureChannelCredentials;
+import io.grpc.ManagedChannel;
+import io.grpc.Server;
+import io.grpc.ServerBuilder;
+import io.grpc.benchmarks.Utils;
+import io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
+import io.grpc.stub.StreamObserver;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.logging.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link FakeS2AServer}. */
+@RunWith(JUnit4.class)
+public final class FakeS2AServerTest {
+  private static final Logger logger = Logger.getLogger(FakeS2AServerTest.class.getName());
+
+  private static final ImmutableList<ByteString> FAKE_CERT_DER_CHAIN =
+      ImmutableList.of(
+          ByteString.copyFrom(
+              new byte[] {'f', 'a', 'k', 'e', '-', 'd', 'e', 'r', '-', 'c', 'h', 'a', 'i', 'n'}));
+  private int port;
+  private String serverAddress;
+  private SessionResp response = null;
+  private Server fakeS2AServer;
+
+  @Before
+  public void setUp() throws Exception {
+    port = Utils.pickUnusedPort();
+    fakeS2AServer = ServerBuilder.forPort(port).addService(new FakeS2AServer()).build();
+    fakeS2AServer.start();
+    serverAddress = String.format("localhost:%d", port);
+  }
+
+  @After
+  public void tearDown() {
+    fakeS2AServer.shutdown();
+  }
+
+  @Test
+  public void callS2AServerOnce_getTlsConfiguration_returnsValidResult()
+      throws InterruptedException {
+    ExecutorService executor = Executors.newSingleThreadExecutor();
+    logger.info("Client connecting to: " + serverAddress);
+    ManagedChannel channel =
+        Grpc.newChannelBuilder(serverAddress, InsecureChannelCredentials.create())
+            .executor(executor)
+            .build();
+
+    try {
+      S2AServiceGrpc.S2AServiceStub asyncStub = S2AServiceGrpc.newStub(channel);
+      StreamObserver<SessionReq> requestObserver =
+          asyncStub.setUpSession(
+              new StreamObserver<SessionResp>() {
+                @Override
+                public void onNext(SessionResp resp) {
+                  response = resp;
+                }
+
+                @Override
+                public void onError(Throwable t) {
+                  throw new RuntimeException(t);
+                }
+
+                @Override
+                public void onCompleted() {}
+              });
+      try {
+        requestObserver.onNext(
+            SessionReq.newBuilder()
+                .setGetTlsConfigurationReq(
+                    GetTlsConfigurationReq.newBuilder()
+                        .setConnectionSide(ConnectionSide.CONNECTION_SIDE_CLIENT))
+                .build());
+      } catch (RuntimeException e) {
+        // Cancel the RPC.
+        requestObserver.onError(e);
+        throw e;
+      }
+      // Mark the end of requests.
+      requestObserver.onCompleted();
+      // Wait for receiving to happen.
+    } finally {
+      channel.shutdown();
+      channel.awaitTermination(1, SECONDS);
+      executor.shutdown();
+      executor.awaitTermination(1, SECONDS);
+    }
+
+    SessionResp expected =
+        SessionResp.newBuilder()
+            .setGetTlsConfigurationResp(
+                GetTlsConfigurationResp.newBuilder()
+                    .setClientTlsConfiguration(
+                        GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                            .addCertificateChain(FakeWriter.LEAF_CERT)
+                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_2)
+                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_1)
+                            .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3)
+                            .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
+            .build();
+    assertThat(response).ignoringRepeatedFieldOrder().isEqualTo(expected);
+  }
+
+  @Test
+  public void callS2AServerOnce_validatePeerCertifiate_returnsValidResult()
+      throws InterruptedException {
+    ExecutorService executor = Executors.newSingleThreadExecutor();
+    logger.info("Client connecting to: " + serverAddress);
+    ManagedChannel channel =
+        Grpc.newChannelBuilder(serverAddress, InsecureChannelCredentials.create())
+            .executor(executor)
+            .build();
+
+    try {
+      S2AServiceGrpc.S2AServiceStub asyncStub = S2AServiceGrpc.newStub(channel);
+      StreamObserver<SessionReq> requestObserver =
+          asyncStub.setUpSession(
+              new StreamObserver<SessionResp>() {
+                @Override
+                public void onNext(SessionResp resp) {
+                  response = resp;
+                }
+
+                @Override
+                public void onError(Throwable t) {
+                  throw new RuntimeException(t);
+                }
+
+                @Override
+                public void onCompleted() {}
+              });
+      try {
+        requestObserver.onNext(
+            SessionReq.newBuilder()
+                .setValidatePeerCertificateChainReq(
+                    ValidatePeerCertificateChainReq.newBuilder()
+                        .setMode(VerificationMode.UNSPECIFIED)
+                        .setClientPeer(
+                            ValidatePeerCertificateChainReq.ClientPeer.newBuilder()
+                                .addAllCertificateChain(FAKE_CERT_DER_CHAIN)))
+                .build());
+      } catch (RuntimeException e) {
+        // Cancel the RPC.
+        requestObserver.onError(e);
+        throw e;
+      }
+      // Mark the end of requests.
+      requestObserver.onCompleted();
+      // Wait for receiving to happen.
+    } finally {
+      channel.shutdown();
+      channel.awaitTermination(1, SECONDS);
+      executor.shutdown();
+      executor.awaitTermination(1, SECONDS);
+    }
+
+    SessionResp expected =
+        SessionResp.newBuilder()
+            .setValidatePeerCertificateChainResp(
+                ValidatePeerCertificateChainResp.newBuilder()
+                    .setValidationResult(ValidatePeerCertificateChainResp.ValidationResult.SUCCESS))
+            .build();
+    assertThat(response).ignoringRepeatedFieldOrder().isEqualTo(expected);
+  }
+
+  @Test
+  public void callS2AServerRepeatedly_returnsValidResult() throws InterruptedException {
+    final int numberOfRequests = 10;
+    ExecutorService executor = Executors.newSingleThreadExecutor();
+    logger.info("Client connecting to: " + serverAddress);
+    ManagedChannel channel =
+        Grpc.newChannelBuilder(serverAddress, InsecureChannelCredentials.create())
+            .executor(executor)
+            .build();
+
+    try {
+      S2AServiceGrpc.S2AServiceStub asyncStub = S2AServiceGrpc.newStub(channel);
+      CountDownLatch finishLatch = new CountDownLatch(1);
+      StreamObserver<SessionReq> requestObserver =
+          asyncStub.setUpSession(
+              new StreamObserver<SessionResp>() {
+                private int expectedNumberOfReplies = numberOfRequests;
+
+                @Override
+                public void onNext(SessionResp reply) {
+                  System.out.println("Received a message from the S2AService service.");
+                  expectedNumberOfReplies -= 1;
+                }
+
+                @Override
+                public void onError(Throwable t) {
+                  finishLatch.countDown();
+                  if (expectedNumberOfReplies != 0) {
+                    throw new RuntimeException(t);
+                  }
+                }
+                
+                @Override
+                public void onCompleted() {
+                  finishLatch.countDown();
+                  if (expectedNumberOfReplies != 0) {
+                    throw new RuntimeException();
+                  }
+                }
+              });
+      try {
+        for (int i = 0; i < numberOfRequests; i++) {
+          requestObserver.onNext(SessionReq.getDefaultInstance());
+        }
+      } catch (RuntimeException e) {
+        // Cancel the RPC.
+        requestObserver.onError(e);
+        throw e;
+      }
+      // Mark the end of requests.
+      requestObserver.onCompleted();
+      // Wait for receiving to happen.
+      if (!finishLatch.await(10, SECONDS)) {
+        throw new RuntimeException();
+      }
+    } finally {
+      channel.shutdown();
+      channel.awaitTermination(1, SECONDS);
+      executor.shutdown();
+      executor.awaitTermination(1, SECONDS);
+    }
+  }
+
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java
new file mode 100644
index 00000000000..45961b81b7b
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java
@@ -0,0 +1,363 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_1_2;
+import static io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_1_3;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.errorprone.annotations.CanIgnoreReturnValue;
+import com.google.protobuf.ByteString;
+import io.grpc.stub.StreamObserver;
+import java.io.IOException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+
+/** A fake Writer Class to mock the behavior of S2A server. */
+final class FakeWriter implements StreamObserver<SessionReq> {
+  /** Fake behavior of S2A service. */
+  enum Behavior {
+    OK_STATUS,
+    EMPTY_RESPONSE,
+    ERROR_STATUS,
+    ERROR_RESPONSE,
+    COMPLETE_STATUS,
+    BAD_TLS_VERSION_RESPONSE,
+  }
+
+  enum VerificationResult {
+    UNSPECIFIED,
+    SUCCESS,
+    FAILURE
+  }
+
+  public static final String LEAF_CERT =
+      "-----BEGIN CERTIFICATE-----\n"
+          + "MIICkDCCAjagAwIBAgIUSAtcrPhNNs1zxv51lIfGOVtkw6QwCgYIKoZIzj0EAwIw\n"
+          + "QTEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxFDAS\n"
+          + "BgorBgEEAdZ5AggBDAQyMDIyMCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIz\n"
+          + "NjA0WjARMQ8wDQYDVQQDDAZ1bnVzZWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n"
+          + "AAQGFlJpLxJMh4HuUm0DKjnUF7larH3tJvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jz\n"
+          + "U98eDRXG5f4VjnX98DDHE4Ido4IBODCCATQwDgYDVR0PAQH/BAQDAgeAMCAGA1Ud\n"
+          + "JQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMIGxBgNV\n"
+          + "HREBAf8EgaYwgaOGSnNwaWZmZTovL3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJp\n"
+          + "dHktcmVhbG0ucHJvZC5nb29nbGUuY29tL3JvbGUvbGVhZi1yb2xlgjNzaWduZXIt\n"
+          + "cm9sZS5jb250ZXh0LnNlY3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2eCIGZx\n"
+          + "ZG4tb2YtdGhlLW5vZGUucHJvZC5nb29nbGUuY29tMB0GA1UdDgQWBBSWSd5Fw6dI\n"
+          + "TGpt0m1Uxwf0iKqebzAfBgNVHSMEGDAWgBRm5agVVdpWfRZKM7u6OMuzHhqPcDAK\n"
+          + "BggqhkjOPQQDAgNIADBFAiB0sjRPSYy2eFq8Y0vQ8QN4AZ2NMajskvxnlifu7O4U\n"
+          + "RwIhANTh5Fkyx2nMYFfyl+W45dY8ODTw3HnlZ4b51hTAdkWl\n"
+          + "-----END CERTIFICATE-----";
+  public static final String INTERMEDIATE_CERT_2 =
+      "-----BEGIN CERTIFICATE-----\n"
+          + "MIICQjCCAeigAwIBAgIUKxXRDlnWXefNV5lj5CwhDuXEq7MwCgYIKoZIzj0EAwIw\n"
+          + "OzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxDjAM\n"
+          + "BgNVBAMMBTEyMzQ1MCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIzNjA0WjBB\n"
+          + "MRcwFQYDVQQKDA5zZWN1cml0eS1yZWFsbTEQMA4GA1UECwwHY29udGV4dDEUMBIG\n"
+          + "CisGAQQB1nkCCAEMBDIwMjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT/Zu7x\n"
+          + "UYVyg+T/vg2H+y4I6t36Kc4qxD0eqqZjRLYBVKkUQHxBqc14t0DpoROMYQCNd4DF\n"
+          + "pcxv/9m6DaJbRk6Ao4HBMIG+MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG\n"
+          + "AQH/AgEBMFgGA1UdHgEB/wROMEygSjA1gjNzaWduZXItcm9sZS5jb250ZXh0LnNl\n"
+          + "Y3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2cwEYIPcHJvZC5nb29nbGUuY29t\n"
+          + "MB0GA1UdDgQWBBRm5agVVdpWfRZKM7u6OMuzHhqPcDAfBgNVHSMEGDAWgBQcjNAh\n"
+          + "SCHTj+BW8KrzSSLo2ASEgjAKBggqhkjOPQQDAgNIADBFAiEA6KyGd9VxXDZceMZG\n"
+          + "IsbC40rtunFjLYI0mjZw9RcRWx8CIHCIiIHxafnDaCi+VB99NZfzAdu37g6pJptB\n"
+          + "gjIY71MO\n"
+          + "-----END CERTIFICATE-----";
+  public static final String INTERMEDIATE_CERT_1 =
+      "-----BEGIN CERTIFICATE-----\n"
+          + "MIICODCCAd6gAwIBAgIUXtZECORWRSKnS9rRTJYkiALUXswwCgYIKoZIzj0EAwIw\n"
+          + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n"
+          + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDsxFzAV\n"
+          + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMRAwDgYDVQQLDAdjb250ZXh0MQ4wDAYDVQQD\n"
+          + "DAUxMjM0NTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAycVTZrjockbpD59f1a\n"
+          + "4l1SNL7nSyXz66Guz4eDveQqLmaMBg7vpACfO4CtiAGnolHEffuRtSkdM434m5En\n"
+          + "bXCjgcEwgb4wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwWAYD\n"
+          + "VR0eAQH/BE4wTKBKMDWCM3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJpdHktcmVh\n"
+          + "bG0ucHJvZC5zcGlmZmUuZ29vZzARgg9wcm9kLmdvb2dsZS5jb20wHQYDVR0OBBYE\n"
+          + "FByM0CFIIdOP4FbwqvNJIujYBISCMB8GA1UdIwQYMBaAFMX+vebuj/lYfYEC23IA\n"
+          + "8HoIW0HsMAoGCCqGSM49BAMCA0gAMEUCIQCfxeXEBd7UPmeImT16SseCRu/6cHxl\n"
+          + "kTDsq9sKZ+eXBAIgA+oViAVOUhUQO1/6Mjlczg8NmMy2vNtG4V/7g9dMMVU=\n"
+          + "-----END CERTIFICATE-----";
+
+  private static final String PRIVATE_KEY =
+      "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqA2U0ld1OOHLMXWf"
+          + "uyN4GSaqhhudEIaKkll3rdIq0M+hRANCAAQGFlJpLxJMh4HuUm0DKjnUF7larH3t"
+          + "JvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jzU98eDRXG5f4VjnX98DDHE4Id";
+  private static final ImmutableMap<SignatureAlgorithm, String>
+      ALGORITHM_TO_SIGNATURE_INSTANCE_IDENTIFIER =
+          ImmutableMap.of(
+              SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256,
+              "SHA256withECDSA",
+              SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384,
+              "SHA384withECDSA",
+              SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512,
+              "SHA512withECDSA");
+
+  private boolean fakeWriterClosed = false;
+  private Behavior behavior = Behavior.OK_STATUS;
+  private StreamObserver<SessionResp> reader;
+  private VerificationResult verificationResult = VerificationResult.UNSPECIFIED;
+  private String failureReason;
+  private PrivateKey privateKey;
+
+  @CanIgnoreReturnValue
+  FakeWriter setReader(StreamObserver<SessionResp> reader) {
+    this.reader = reader;
+    return this;
+  }
+
+  @CanIgnoreReturnValue
+  FakeWriter setBehavior(Behavior behavior) {
+    this.behavior = behavior;
+    return this;
+  }
+
+  @CanIgnoreReturnValue
+  FakeWriter setVerificationResult(VerificationResult verificationResult) {
+    this.verificationResult = verificationResult;
+    return this;
+  }
+
+  @CanIgnoreReturnValue
+  FakeWriter setFailureReason(String failureReason) {
+    this.failureReason = failureReason;
+    return this;
+  }
+
+  @CanIgnoreReturnValue
+  FakeWriter initializePrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException {
+    privateKey =
+        KeyFactory.getInstance("EC")
+            .generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(PRIVATE_KEY)));
+    return this;
+  }
+
+  @CanIgnoreReturnValue
+  FakeWriter resetPrivateKey() {
+    privateKey = null;
+    return this;
+  }
+
+  void sendUnexpectedResponse() {
+    reader.onNext(SessionResp.getDefaultInstance());
+  }
+
+  void sendIoError() {
+    reader.onError(new IOException("Intended ERROR from FakeWriter."));
+  }
+
+  void sendGetTlsConfigResp() {
+    reader.onNext(
+        SessionResp.newBuilder()
+            .setGetTlsConfigurationResp(
+                GetTlsConfigurationResp.newBuilder()
+                    .setClientTlsConfiguration(
+                        GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                            .addCertificateChain(LEAF_CERT)
+                            .addCertificateChain(INTERMEDIATE_CERT_2)
+                            .addCertificateChain(INTERMEDIATE_CERT_1)
+                            .setMinTlsVersion(TLS_VERSION_1_3)
+                            .setMaxTlsVersion(TLS_VERSION_1_3)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
+            .build());
+  }
+
+  boolean isFakeWriterClosed() {
+    return fakeWriterClosed;
+  }
+
+  @Override
+  public void onNext(SessionReq sessionReq) {
+    switch (behavior) {
+      case OK_STATUS:
+        reader.onNext(handleResponse(sessionReq));
+        break;
+      case EMPTY_RESPONSE:
+        reader.onNext(SessionResp.getDefaultInstance());
+        break;
+      case ERROR_STATUS:
+        reader.onNext(
+            SessionResp.newBuilder()
+                .setStatus(
+                    Status.newBuilder()
+                        .setCode(1)
+                        .setDetails("Intended ERROR Status from FakeWriter."))
+                .build());
+        break;
+      case ERROR_RESPONSE:
+        reader.onError(new S2AConnectionException("Intended ERROR from FakeWriter."));
+        break;
+      case COMPLETE_STATUS:
+        reader.onCompleted();
+        break;
+      case BAD_TLS_VERSION_RESPONSE:
+        reader.onNext(
+            SessionResp.newBuilder()
+                .setGetTlsConfigurationResp(
+                    GetTlsConfigurationResp.newBuilder()
+                        .setClientTlsConfiguration(
+                            GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                                .addCertificateChain(LEAF_CERT)
+                                .addCertificateChain(INTERMEDIATE_CERT_2)
+                                .addCertificateChain(INTERMEDIATE_CERT_1)
+                                .setMinTlsVersion(TLS_VERSION_1_3)
+                                .setMaxTlsVersion(TLS_VERSION_1_2)))
+                .build());
+        break;
+      default:
+        reader.onNext(handleResponse(sessionReq));
+    }
+  }
+
+  SessionResp handleResponse(SessionReq sessionReq) {
+    if (sessionReq.hasGetTlsConfigurationReq()) {
+      return handleGetTlsConfigurationReq(sessionReq.getGetTlsConfigurationReq());
+    }
+
+    if (sessionReq.hasValidatePeerCertificateChainReq()) {
+      return handleValidatePeerCertificateChainReq(sessionReq.getValidatePeerCertificateChainReq());
+    }
+
+    if (sessionReq.hasOffloadPrivateKeyOperationReq()) {
+      return handleOffloadPrivateKeyOperationReq(sessionReq.getOffloadPrivateKeyOperationReq());
+    }
+
+    return SessionResp.newBuilder()
+        .setStatus(
+            Status.newBuilder().setCode(255).setDetails("No supported operation designated."))
+        .build();
+  }
+
+  private SessionResp handleGetTlsConfigurationReq(GetTlsConfigurationReq req) {
+    if (!req.getConnectionSide().equals(ConnectionSide.CONNECTION_SIDE_CLIENT)) {
+      return SessionResp.newBuilder()
+          .setStatus(
+              Status.newBuilder()
+                  .setCode(255)
+                  .setDetails("No TLS configuration for the server side."))
+          .build();
+    }
+    return SessionResp.newBuilder()
+        .setGetTlsConfigurationResp(
+            GetTlsConfigurationResp.newBuilder()
+                .setClientTlsConfiguration(
+                    GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                        .addCertificateChain(LEAF_CERT)
+                        .addCertificateChain(INTERMEDIATE_CERT_2)
+                        .addCertificateChain(INTERMEDIATE_CERT_1)
+                        .setMinTlsVersion(TLS_VERSION_1_3)
+                        .setMaxTlsVersion(TLS_VERSION_1_3)
+                        .addCiphersuites(
+                            Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                        .addCiphersuites(
+                            Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                        .addCiphersuites(
+                            Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
+        .build();
+  }
+
+  private SessionResp handleValidatePeerCertificateChainReq(ValidatePeerCertificateChainReq req) {
+    if (verifyValidatePeerCertificateChainReq(req)
+        && verificationResult == VerificationResult.SUCCESS) {
+      return SessionResp.newBuilder()
+          .setValidatePeerCertificateChainResp(
+              ValidatePeerCertificateChainResp.newBuilder()
+                  .setValidationResult(ValidatePeerCertificateChainResp.ValidationResult.SUCCESS))
+          .build();
+    }
+    return SessionResp.newBuilder()
+        .setValidatePeerCertificateChainResp(
+            ValidatePeerCertificateChainResp.newBuilder()
+                .setValidationResult(
+                    verificationResult == VerificationResult.FAILURE
+                        ? ValidatePeerCertificateChainResp.ValidationResult.FAILURE
+                        : ValidatePeerCertificateChainResp.ValidationResult.UNSPECIFIED)
+                .setValidationDetails(failureReason))
+        .build();
+  }
+
+  private boolean verifyValidatePeerCertificateChainReq(ValidatePeerCertificateChainReq req) {
+    if (req.getMode() != ValidatePeerCertificateChainReq.VerificationMode.UNSPECIFIED) {
+      return false;
+    }
+    if (req.getClientPeer().getCertificateChainCount() > 0) {
+      return true;
+    }
+    if (req.getServerPeer().getCertificateChainCount() > 0
+        && !req.getServerPeer().getServerHostname().isEmpty()) {
+      return true;
+    }
+    return false;
+  }
+
+  private SessionResp handleOffloadPrivateKeyOperationReq(OffloadPrivateKeyOperationReq req) {
+    if (privateKey == null) {
+      return SessionResp.newBuilder()
+          .setStatus(Status.newBuilder().setCode(255).setDetails("No Private Key available."))
+          .build();
+    }
+    String signatureIdentifier =
+        ALGORITHM_TO_SIGNATURE_INSTANCE_IDENTIFIER.get(req.getSignatureAlgorithm());
+    if (signatureIdentifier == null) {
+      return SessionResp.newBuilder()
+          .setStatus(
+              Status.newBuilder()
+                  .setCode(255)
+                  .setDetails("Only ECDSA key algorithms are supported."))
+          .build();
+    }
+
+    byte[] signature;
+    try {
+      Signature sig = Signature.getInstance(signatureIdentifier);
+      sig.initSign(privateKey);
+      sig.update(req.getRawBytes().toByteArray());
+      signature = sig.sign();
+    } catch (Exception e) {
+      return SessionResp.newBuilder()
+          .setStatus(Status.newBuilder().setCode(255).setDetails(e.getMessage()))
+          .build();
+    }
+
+    return SessionResp.newBuilder()
+        .setOffloadPrivateKeyOperationResp(
+            OffloadPrivateKeyOperationResp.newBuilder().setOutBytes(ByteString.copyFrom(signature)))
+        .build();
+  }
+
+  @Override
+  public void onError(Throwable t) {
+    throw new UnsupportedOperationException("onError is not supported by FakeWriter.");
+  }
+
+  @Override
+  public void onCompleted() {
+    fakeWriterClosed = true;
+    reader.onCompleted();
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java
new file mode 100644
index 00000000000..884e1ec88eb
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import com.google.common.truth.Expect;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.handshaker.tokenmanager.SingleTokenFetcher;
+import java.util.Optional;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+ 
+/** Unit tests for {@link GetAuthenticationMechanisms}. */
+@RunWith(JUnit4.class)
+public final class GetAuthenticationMechanismsTest {
+  @Rule public final Expect expect = Expect.create();
+  private static final String TOKEN = "access_token";
+
+  @BeforeClass
+  public static void setUpClass() {
+    // Set the token that the client will use to authenticate to the S2A.
+    SingleTokenFetcher.setAccessToken(TOKEN);
+  }
+
+  @Test
+  public void getAuthMechanisms_emptyIdentity_success() {
+    expect
+        .that(GetAuthenticationMechanisms.getAuthMechanism(Optional.empty()))
+        .isEqualTo(
+            Optional.of(AuthenticationMechanism.newBuilder().setToken("access_token").build()));
+  }
+
+  @Test
+  public void getAuthMechanisms_nonEmptyIdentity_success() {
+    S2AIdentity fakeIdentity = S2AIdentity.fromSpiffeId("fake-spiffe-id");
+    expect
+        .that(GetAuthenticationMechanisms.getAuthMechanism(Optional.of(fakeIdentity)))
+        .isEqualTo(
+            Optional.of(
+                AuthenticationMechanism.newBuilder()
+                    .setIdentity(fakeIdentity.getIdentity())
+                    .setToken("access_token")
+                    .build()));
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
new file mode 100644
index 00000000000..859771a4afa
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
@@ -0,0 +1,320 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.truth.Truth.assertThat;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import io.grpc.ChannelCredentials;
+import io.grpc.Grpc;
+import io.grpc.ManagedChannel;
+import io.grpc.Server;
+import io.grpc.ServerBuilder;
+import io.grpc.ServerCredentials;
+import io.grpc.TlsServerCredentials;
+import io.grpc.benchmarks.Utils;
+import io.grpc.netty.GrpcSslContexts;
+import io.grpc.netty.NettyServerBuilder;
+import io.grpc.s2a.MtlsToS2AChannelCredentials;
+import io.grpc.s2a.S2AChannelCredentials;
+import io.grpc.s2a.handshaker.FakeS2AServer;
+import io.grpc.stub.StreamObserver;
+import io.grpc.testing.protobuf.SimpleRequest;
+import io.grpc.testing.protobuf.SimpleResponse;
+import io.grpc.testing.protobuf.SimpleServiceGrpc;
+import io.netty.handler.ssl.ClientAuth;
+import io.netty.handler.ssl.OpenSslSessionContext;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSessionContext;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class IntegrationTest {
+  private static final Logger logger = Logger.getLogger(FakeS2AServer.class.getName());
+
+  private static final String CERT_CHAIN =
+      "-----BEGIN CERTIFICATE-----\n"
+        + "MIICkDCCAjagAwIBAgIUSAtcrPhNNs1zxv51lIfGOVtkw6QwCgYIKoZIzj0EAwIw\n"
+        + "QTEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxFDAS\n"
+        + "BgorBgEEAdZ5AggBDAQyMDIyMCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIz\n"
+        + "NjA0WjARMQ8wDQYDVQQDDAZ1bnVzZWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n"
+        + "AAQGFlJpLxJMh4HuUm0DKjnUF7larH3tJvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jz\n"
+        + "U98eDRXG5f4VjnX98DDHE4Ido4IBODCCATQwDgYDVR0PAQH/BAQDAgeAMCAGA1Ud\n"
+        + "JQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMIGxBgNV\n"
+        + "HREBAf8EgaYwgaOGSnNwaWZmZTovL3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJp\n"
+        + "dHktcmVhbG0ucHJvZC5nb29nbGUuY29tL3JvbGUvbGVhZi1yb2xlgjNzaWduZXIt\n"
+        + "cm9sZS5jb250ZXh0LnNlY3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2eCIGZx\n"
+        + "ZG4tb2YtdGhlLW5vZGUucHJvZC5nb29nbGUuY29tMB0GA1UdDgQWBBSWSd5Fw6dI\n"
+        + "TGpt0m1Uxwf0iKqebzAfBgNVHSMEGDAWgBRm5agVVdpWfRZKM7u6OMuzHhqPcDAK\n"
+        + "BggqhkjOPQQDAgNIADBFAiB0sjRPSYy2eFq8Y0vQ8QN4AZ2NMajskvxnlifu7O4U\n"
+        + "RwIhANTh5Fkyx2nMYFfyl+W45dY8ODTw3HnlZ4b51hTAdkWl\n"
+        + "-----END CERTIFICATE-----\n"
+        + "-----BEGIN CERTIFICATE-----\n"
+        + "MIICQjCCAeigAwIBAgIUKxXRDlnWXefNV5lj5CwhDuXEq7MwCgYIKoZIzj0EAwIw\n"
+        + "OzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxDjAM\n"
+        + "BgNVBAMMBTEyMzQ1MCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIzNjA0WjBB\n"
+        + "MRcwFQYDVQQKDA5zZWN1cml0eS1yZWFsbTEQMA4GA1UECwwHY29udGV4dDEUMBIG\n"
+        + "CisGAQQB1nkCCAEMBDIwMjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT/Zu7x\n"
+        + "UYVyg+T/vg2H+y4I6t36Kc4qxD0eqqZjRLYBVKkUQHxBqc14t0DpoROMYQCNd4DF\n"
+        + "pcxv/9m6DaJbRk6Ao4HBMIG+MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG\n"
+        + "AQH/AgEBMFgGA1UdHgEB/wROMEygSjA1gjNzaWduZXItcm9sZS5jb250ZXh0LnNl\n"
+        + "Y3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2cwEYIPcHJvZC5nb29nbGUuY29t\n"
+        + "MB0GA1UdDgQWBBRm5agVVdpWfRZKM7u6OMuzHhqPcDAfBgNVHSMEGDAWgBQcjNAh\n"
+        + "SCHTj+BW8KrzSSLo2ASEgjAKBggqhkjOPQQDAgNIADBFAiEA6KyGd9VxXDZceMZG\n"
+        + "IsbC40rtunFjLYI0mjZw9RcRWx8CIHCIiIHxafnDaCi+VB99NZfzAdu37g6pJptB\n"
+        + "gjIY71MO\n"
+        + "-----END CERTIFICATE-----\n"
+        + "-----BEGIN CERTIFICATE-----\n"
+        + "MIICODCCAd6gAwIBAgIUXtZECORWRSKnS9rRTJYkiALUXswwCgYIKoZIzj0EAwIw\n"
+        + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n"
+        + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDsxFzAV\n"
+        + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMRAwDgYDVQQLDAdjb250ZXh0MQ4wDAYDVQQD\n"
+        + "DAUxMjM0NTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAycVTZrjockbpD59f1a\n"
+        + "4l1SNL7nSyXz66Guz4eDveQqLmaMBg7vpACfO4CtiAGnolHEffuRtSkdM434m5En\n"
+        + "bXCjgcEwgb4wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwWAYD\n"
+        + "VR0eAQH/BE4wTKBKMDWCM3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJpdHktcmVh\n"
+        + "bG0ucHJvZC5zcGlmZmUuZ29vZzARgg9wcm9kLmdvb2dsZS5jb20wHQYDVR0OBBYE\n"
+        + "FByM0CFIIdOP4FbwqvNJIujYBISCMB8GA1UdIwQYMBaAFMX+vebuj/lYfYEC23IA\n"
+        + "8HoIW0HsMAoGCCqGSM49BAMCA0gAMEUCIQCfxeXEBd7UPmeImT16SseCRu/6cHxl\n"
+        + "kTDsq9sKZ+eXBAIgA+oViAVOUhUQO1/6Mjlczg8NmMy2vNtG4V/7g9dMMVU=\n"
+        + "-----END CERTIFICATE-----";
+  private static final String ROOT_PEM =
+      "-----BEGIN CERTIFICATE-----\n"
+        + "MIIBtTCCAVqgAwIBAgIUbAe+8OocndQXRBCElLBxBSdfdV8wCgYIKoZIzj0EAwIw\n"
+        + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n"
+        + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDcxFzAV\n"
+        + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMQ0wCwYDVQQLDARyb290MQ0wCwYDVQQDDAQx\n"
+        + "MjM0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaMY2tBW5r1t0+vhayz0ZoGMF\n"
+        + "boX/ZmmCmIh0iTWg4madvwNOh74CMVVvDUlXZcuVqZ3vVIX/a7PTFVqUwQlKW6NC\n"
+        + "MEAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMX+\n"
+        + "vebuj/lYfYEC23IA8HoIW0HsMAoGCCqGSM49BAMCA0kAMEYCIQDETd27nsUTXKWY\n"
+        + "CiOno78O09gK95NoTkPU5e2chJYMqAIhALYFAyh7PU5xgFQsN9hiqgsHUc5/pmBG\n"
+        + "BGjJ1iz8rWGJ\n"
+        + "-----END CERTIFICATE-----";
+  private static final String PRIVATE_KEY =
+      "-----BEGIN PRIVATE KEY-----\n"
+        + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqA2U0ld1OOHLMXWf\n"
+        + "uyN4GSaqhhudEIaKkll3rdIq0M+hRANCAAQGFlJpLxJMh4HuUm0DKjnUF7larH3t\n"
+        + "JvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jzU98eDRXG5f4VjnX98DDHE4Id\n"
+        + "-----END PRIVATE KEY-----";
+
+  private String s2aAddress;
+  private int s2aPort;
+  private Server s2aServer;
+  private String s2aDelayAddress;
+  private int s2aDelayPort;
+  private Server s2aDelayServer;
+  private String mtlsS2AAddress;
+  private int mtlsS2APort;
+  private Server mtlsS2AServer;
+  private int serverPort;
+  private String serverAddress;
+  private Server server;
+
+  @Before
+  public void setUp() throws Exception {
+    s2aPort = Utils.pickUnusedPort();
+    s2aAddress = "localhost:" + s2aPort;
+    s2aServer = ServerBuilder.forPort(s2aPort).addService(new FakeS2AServer()).build();
+    logger.info("S2A service listening on localhost:" + s2aPort);
+    s2aServer.start();
+
+    mtlsS2APort = Utils.pickUnusedPort();
+    mtlsS2AAddress = "localhost:" + mtlsS2APort;
+    File s2aCert = new File("src/test/resources/server_cert.pem");
+    File s2aKey = new File("src/test/resources/server_key.pem");
+    File rootCert = new File("src/test/resources/root_cert.pem");
+    ServerCredentials s2aCreds =
+        TlsServerCredentials.newBuilder()
+            .keyManager(s2aCert, s2aKey)
+            .trustManager(rootCert)
+            .clientAuth(TlsServerCredentials.ClientAuth.REQUIRE)
+            .build();
+    mtlsS2AServer =
+        NettyServerBuilder.forPort(mtlsS2APort, s2aCreds).addService(new FakeS2AServer()).build();
+    logger.info("mTLS S2A service listening on localhost:" + mtlsS2APort);
+    mtlsS2AServer.start();
+
+    s2aDelayPort = Utils.pickUnusedPort();
+    s2aDelayAddress = "localhost:" + s2aDelayPort;
+    s2aDelayServer = ServerBuilder.forPort(s2aDelayPort).addService(new FakeS2AServer()).build();
+
+    serverPort = Utils.pickUnusedPort();
+    serverAddress = "localhost:" + serverPort;
+    server =
+        NettyServerBuilder.forPort(serverPort)
+            .addService(new SimpleServiceImpl())
+            .sslContext(buildSslContext())
+            .build();
+    logger.info("Simple Service listening on localhost:" + serverPort);
+    server.start();
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    server.awaitTermination(10, SECONDS);
+    server.shutdown();
+    s2aServer.awaitTermination(10, SECONDS);
+    s2aServer.shutdown();
+    s2aDelayServer.awaitTermination(10, SECONDS);
+    s2aDelayServer.shutdown();
+    mtlsS2AServer.awaitTermination(10, SECONDS);
+    mtlsS2AServer.shutdown();
+  }
+
+  @Test
+  public void clientCommunicateUsingS2ACredentials_succeeds() throws Exception {
+    ExecutorService executor = Executors.newSingleThreadExecutor();
+    ChannelCredentials credentials =
+        S2AChannelCredentials.createBuilder(s2aAddress).setLocalSpiffeId("test-spiffe-id").build();
+    ManagedChannel channel =
+        Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build();
+
+    assertThat(doUnaryRpc(executor, channel)).isTrue();
+  }
+
+  @Test
+  public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throws Exception {
+    ExecutorService executor = Executors.newSingleThreadExecutor();
+    ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aAddress).build();
+    ManagedChannel channel =
+        Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build();
+
+    assertThat(doUnaryRpc(executor, channel)).isTrue();
+  }
+
+  @Test
+  public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Exception {
+    ExecutorService executor = Executors.newSingleThreadExecutor();
+    ChannelCredentials credentials =
+        MtlsToS2AChannelCredentials.createBuilder(
+                /* s2aAddress= */ mtlsS2AAddress,
+                /* privateKeyPath= */ "src/test/resources/client_key.pem",
+                /* certChainPath= */ "src/test/resources/client_cert.pem",
+                /* trustBundlePath= */ "src/test/resources/root_cert.pem")
+            .build()
+            .setLocalSpiffeId("test-spiffe-id")
+            .build();
+    ManagedChannel channel =
+        Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build();
+
+    assertThat(doUnaryRpc(executor, channel)).isTrue();
+  }
+
+  @Test
+  public void clientCommunicateUsingS2ACredentials_s2AdelayStart_succeeds() throws Exception {
+    DoUnaryRpc doUnaryRpc = new DoUnaryRpc();
+    doUnaryRpc.start();
+    Thread.sleep(2000);
+    s2aDelayServer.start();
+    doUnaryRpc.join();
+  }
+
+  private class DoUnaryRpc extends Thread {
+    @Override
+    public void run() {
+      ExecutorService executor = Executors.newSingleThreadExecutor();
+      ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aDelayAddress).build();
+      ManagedChannel channel =
+          Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build();
+      boolean result = false;
+      try {
+        result = doUnaryRpc(executor, channel);
+      } catch (InterruptedException e) {
+        logger.log(Level.SEVERE, "Failed to do unary rpc", e);
+        result = false;
+      }
+      assertThat(result).isTrue();
+    }
+  }
+
+  public static boolean doUnaryRpc(ExecutorService executor, ManagedChannel channel)
+      throws InterruptedException {
+    try {
+      SimpleServiceGrpc.SimpleServiceBlockingStub stub =
+          SimpleServiceGrpc.newBlockingStub(channel);
+      SimpleResponse resp = stub.unaryRpc(SimpleRequest.newBuilder()
+                                                       .setRequestMessage("S2A team")
+                                                       .build());
+      if (!resp.getResponseMessage().equals("Hello, S2A team!")) {
+        logger.info(
+            "Received unexpected message from the Simple Service: " + resp.getResponseMessage());
+        throw new RuntimeException();
+      } else {
+        System.out.println(
+            "We received this message from the Simple Service: " + resp.getResponseMessage());
+        return true;
+      }
+    } finally {
+      channel.shutdown();
+      channel.awaitTermination(1, SECONDS);
+      executor.shutdown();
+      executor.awaitTermination(1, SECONDS);
+    }
+  }
+
+  private static SslContext buildSslContext() throws SSLException {
+    SslContextBuilder sslServerContextBuilder =
+        SslContextBuilder.forServer(
+            new ByteArrayInputStream(CERT_CHAIN.getBytes(UTF_8)),
+            new ByteArrayInputStream(PRIVATE_KEY.getBytes(UTF_8)));
+    SslContext sslServerContext =
+        GrpcSslContexts.configure(sslServerContextBuilder, SslProvider.OPENSSL)
+            .protocols("TLSv1.3", "TLSv1.2")
+            .trustManager(new ByteArrayInputStream(ROOT_PEM.getBytes(UTF_8)))
+            .clientAuth(ClientAuth.REQUIRE)
+            .build();
+
+    // Enable TLS resumption. This requires using the OpenSSL provider, since the JDK provider does
+    // not allow a server to send session tickets.
+    SSLSessionContext sslSessionContext = sslServerContext.sessionContext();
+    if (!(sslSessionContext instanceof OpenSslSessionContext)) {
+      throw new SSLException("sslSessionContext does not use OpenSSL.");
+    }
+    OpenSslSessionContext openSslSessionContext = (OpenSslSessionContext) sslSessionContext;
+    // Calling {@code setTicketKeys} without specifying any keys means that the SSL libraries will
+    // handle the generation of the resumption master secret.
+    openSslSessionContext.setTicketKeys();
+
+    return sslServerContext;
+  }
+
+  public static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase {
+    @Override
+    public void unaryRpc(SimpleRequest request, StreamObserver<SimpleResponse> observer) {
+      observer.onNext(
+          SimpleResponse.newBuilder()
+                      .setResponseMessage("Hello, " + request.getRequestMessage() + "!")
+                      .build());
+      observer.onCompleted();
+    }
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java
new file mode 100644
index 00000000000..6d134b43f7a
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static org.junit.Assert.assertThrows;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.truth.Expect;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link ProtoUtil}. */
+@RunWith(JUnit4.class)
+public final class ProtoUtilTest {
+  @Rule public final Expect expect = Expect.create();
+
+  @Test
+  public void convertCiphersuite_success() {
+    expect
+        .that(
+            ProtoUtil.convertCiphersuite(
+                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256))
+        .isEqualTo("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
+    expect
+        .that(
+            ProtoUtil.convertCiphersuite(
+                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384))
+        .isEqualTo("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
+    expect
+        .that(
+            ProtoUtil.convertCiphersuite(
+                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256))
+        .isEqualTo("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
+    expect
+        .that(
+            ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256))
+        .isEqualTo("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
+    expect
+        .that(
+            ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
+        .isEqualTo("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
+    expect
+        .that(
+            ProtoUtil.convertCiphersuite(
+                Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256))
+        .isEqualTo("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
+  }
+
+  @Test
+  public void convertCiphersuite_withUnspecifiedCiphersuite_fails() {
+    AssertionError expected =
+        assertThrows(
+            AssertionError.class,
+            () -> ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_UNSPECIFIED));
+    expect.that(expected).hasMessageThat().isEqualTo("Ciphersuite 0 is not supported.");
+  }
+
+  @Test
+  public void convertTlsProtocolVersion_success() {
+    expect
+        .that(ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_1_3))
+        .isEqualTo("TLSv1.3");
+    expect
+        .that(ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_1_2))
+        .isEqualTo("TLSv1.2");
+    expect
+        .that(ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_1_1))
+        .isEqualTo("TLSv1.1");
+    expect.that(ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_1_0)).isEqualTo("TLSv1");
+  }
+
+  @Test
+  public void convertTlsProtocolVersion_withUnknownTlsVersion_fails() {
+    AssertionError expected =
+        assertThrows(
+            AssertionError.class,
+            () -> ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_UNSPECIFIED));
+    expect.that(expected).hasMessageThat().isEqualTo("TLS version 0 is not supported.");
+  }
+
+  @Test
+  public void buildTlsProtocolVersionSet_success() {
+    expect
+        .that(
+            ProtoUtil.buildTlsProtocolVersionSet(
+                TLSVersion.TLS_VERSION_1_0, TLSVersion.TLS_VERSION_1_3))
+        .isEqualTo(ImmutableSet.of("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"));
+    expect
+        .that(
+            ProtoUtil.buildTlsProtocolVersionSet(
+                TLSVersion.TLS_VERSION_1_2, TLSVersion.TLS_VERSION_1_2))
+        .isEqualTo(ImmutableSet.of("TLSv1.2"));
+    expect
+        .that(
+            ProtoUtil.buildTlsProtocolVersionSet(
+                TLSVersion.TLS_VERSION_1_3, TLSVersion.TLS_VERSION_1_3))
+        .isEqualTo(ImmutableSet.of("TLSv1.3"));
+    expect
+        .that(
+            ProtoUtil.buildTlsProtocolVersionSet(
+                TLSVersion.TLS_VERSION_1_3, TLSVersion.TLS_VERSION_1_2))
+        .isEmpty();
+  }
+
+  @Test
+  public void buildTlsProtocolVersionSet_failure() {
+    AssertionError expected =
+        assertThrows(
+            AssertionError.class,
+            () ->
+                ProtoUtil.buildTlsProtocolVersionSet(
+                    TLSVersion.TLS_VERSION_UNSPECIFIED, TLSVersion.TLS_VERSION_1_3));
+    expect.that(expected).hasMessageThat().isEqualTo("TLS version 0 is not supported.");
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java
new file mode 100644
index 00000000000..8252aa245d7
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java
@@ -0,0 +1,308 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.truth.Truth.assertThat;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.junit.Assert.assertThrows;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import com.google.common.truth.Expect;
+import com.google.protobuf.ByteString;
+import io.grpc.netty.GrpcSslContexts;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.netty.handler.ssl.OpenSslPrivateKeyMethod;
+import io.netty.handler.ssl.SslContextBuilder;
+import java.io.ByteArrayInputStream;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class S2APrivateKeyMethodTest {
+  @Rule public final Expect expect = Expect.create();
+  private static final byte[] DATA_TO_SIGN = "random bytes for signing.".getBytes(UTF_8);
+
+  private S2AStub stub;
+  private FakeWriter writer;
+  private S2APrivateKeyMethod keyMethod;
+
+  private static PublicKey extractPublicKeyFromPem(String pem) throws Exception {
+    X509Certificate cert =
+        (X509Certificate)
+            CertificateFactory.getInstance("X.509")
+                .generateCertificate(new ByteArrayInputStream(pem.getBytes(UTF_8)));
+    return cert.getPublicKey();
+  }
+
+  private static boolean verifySignature(
+      byte[] dataToSign, byte[] signature, String signatureAlgorithm) throws Exception {
+    Signature sig = Signature.getInstance(signatureAlgorithm);
+    sig.initVerify(extractPublicKeyFromPem(FakeWriter.LEAF_CERT));
+    sig.update(dataToSign);
+    return sig.verify(signature);
+  }
+
+  @Before
+  public void setUp() {
+    // This is line is to ensure that JNI correctly links the necessary objects. Without this, we
+    // get `java.lang.UnsatisfiedLinkError` on
+    // `io.netty.internal.tcnative.NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha1()`
+    GrpcSslContexts.configure(SslContextBuilder.forClient());
+
+    writer = new FakeWriter();
+    stub = S2AStub.newInstanceForTesting(writer);
+    writer.setReader(stub.getReader());
+    keyMethod = S2APrivateKeyMethod.create(stub, /* localIdentity= */ Optional.empty());
+  }
+
+  @Test
+  public void signatureAlgorithmConversion_success() {
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA256);
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA384))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA384);
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA512))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA512);
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256);
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384);
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512);
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA256))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256);
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA384))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384);
+    expect
+        .that(
+            S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(
+                OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA512))
+        .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512);
+  }
+
+  @Test
+  public void signatureAlgorithmConversion_unsupportedOperation() {
+    UnsupportedOperationException e =
+        assertThrows(
+            UnsupportedOperationException.class,
+            () -> S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(-1));
+
+    assertThat(e).hasMessageThat().contains("Signature Algorithm -1 is not supported.");
+  }
+
+  @Test
+  public void createOnNullStub_returnsNullPointerException() {
+    assertThrows(
+        NullPointerException.class,
+        () -> S2APrivateKeyMethod.create(/* stub= */ null, /* localIdentity= */ Optional.empty()));
+  }
+
+  @Test
+  public void decrypt_unsupportedOperation() {
+    UnsupportedOperationException e =
+        assertThrows(
+            UnsupportedOperationException.class,
+            () -> keyMethod.decrypt(/* engine= */ null, DATA_TO_SIGN));
+
+    assertThat(e).hasMessageThat().contains("decrypt is not supported.");
+  }
+
+  @Test
+  public void fakelocalIdentity_signWithSha256_success() throws Exception {
+    S2AIdentity fakeIdentity = S2AIdentity.fromSpiffeId("fake-spiffe-id");
+    S2AStub mockStub = mock(S2AStub.class);
+    OpenSslPrivateKeyMethod keyMethodWithFakeIdentity =
+        S2APrivateKeyMethod.create(mockStub, Optional.of(fakeIdentity));
+    SessionReq req =
+        SessionReq.newBuilder()
+            .setLocalIdentity(fakeIdentity.getIdentity())
+            .setOffloadPrivateKeyOperationReq(
+                OffloadPrivateKeyOperationReq.newBuilder()
+                    .setOperation(OffloadPrivateKeyOperationReq.PrivateKeyOperation.SIGN)
+                    .setSignatureAlgorithm(SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256)
+                    .setRawBytes(ByteString.copyFrom(DATA_TO_SIGN)))
+            .build();
+    byte[] expectedOutbytes = "fake out bytes".getBytes(UTF_8);
+    when(mockStub.send(req))
+        .thenReturn(
+            SessionResp.newBuilder()
+                .setOffloadPrivateKeyOperationResp(
+                    OffloadPrivateKeyOperationResp.newBuilder()
+                        .setOutBytes(ByteString.copyFrom(expectedOutbytes)))
+                .build());
+
+    byte[] signature =
+        keyMethodWithFakeIdentity.sign(
+            /* engine= */ null,
+            OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256,
+            DATA_TO_SIGN);
+    verify(mockStub).send(req);
+    assertThat(signature).isEqualTo(expectedOutbytes);
+  }
+
+  @Test
+  public void signWithSha256_success() throws Exception {
+    writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS);
+
+    byte[] signature =
+        keyMethod.sign(
+            /* engine= */ null,
+            OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256,
+            DATA_TO_SIGN);
+
+    assertThat(signature).isNotEmpty();
+    assertThat(verifySignature(DATA_TO_SIGN, signature, "SHA256withECDSA")).isTrue();
+  }
+
+  @Test
+  public void signWithSha384_success() throws Exception {
+    writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS);
+
+    byte[] signature =
+        keyMethod.sign(
+            /* engine= */ null,
+            OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384,
+            DATA_TO_SIGN);
+
+    assertThat(signature).isNotEmpty();
+    assertThat(verifySignature(DATA_TO_SIGN, signature, "SHA384withECDSA")).isTrue();
+  }
+
+  @Test
+  public void signWithSha512_success() throws Exception {
+    writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS);
+
+    byte[] signature =
+        keyMethod.sign(
+            /* engine= */ null,
+            OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512,
+            DATA_TO_SIGN);
+
+    assertThat(signature).isNotEmpty();
+    assertThat(verifySignature(DATA_TO_SIGN, signature, "SHA512withECDSA")).isTrue();
+  }
+
+  @Test
+  public void sign_noKeyAvailable() throws Exception {
+    writer.resetPrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS);
+
+    S2AConnectionException e =
+        assertThrows(
+            S2AConnectionException.class,
+            () ->
+                keyMethod.sign(
+                    /* engine= */ null,
+                    OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256,
+                    DATA_TO_SIGN));
+
+    assertThat(e)
+        .hasMessageThat()
+        .contains(
+            "Error occurred in response from S2A, error code: 255, error message: \"No Private Key"
+                + " available.\".");
+  }
+
+  @Test
+  public void sign_algorithmNotSupported() throws Exception {
+    writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS);
+
+    S2AConnectionException e =
+        assertThrows(
+            S2AConnectionException.class,
+            () ->
+                keyMethod.sign(
+                    /* engine= */ null,
+                    OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256,
+                    DATA_TO_SIGN));
+
+    assertThat(e)
+        .hasMessageThat()
+        .contains(
+            "Error occurred in response from S2A, error code: 255, error message: \"Only ECDSA key"
+                + " algorithms are supported.\".");
+  }
+
+  @Test
+  public void sign_getsErrorResponse() throws Exception {
+    writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.ERROR_STATUS);
+
+    S2AConnectionException e =
+        assertThrows(
+            S2AConnectionException.class,
+            () ->
+                keyMethod.sign(
+                    /* engine= */ null,
+                    OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256,
+                    DATA_TO_SIGN));
+
+    assertThat(e)
+        .hasMessageThat()
+        .contains(
+            "Error occurred in response from S2A, error code: 1, error message: \"Intended ERROR"
+                + " Status from FakeWriter.\".");
+  }
+
+  @Test
+  public void sign_getsEmptyResponse() throws Exception {
+    writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.EMPTY_RESPONSE);
+
+    S2AConnectionException e =
+        assertThrows(
+            S2AConnectionException.class,
+            () ->
+                keyMethod.sign(
+                    /* engine= */ null,
+                    OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256,
+                    DATA_TO_SIGN));
+
+    assertThat(e).hasMessageThat().contains("No valid response received from S2A.");
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
new file mode 100644
index 00000000000..f130e52aac7
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
@@ -0,0 +1,284 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
+import com.google.common.testing.NullPointerTester;
+import com.google.common.testing.NullPointerTester.Visibility;
+import io.grpc.Channel;
+import io.grpc.Grpc;
+import io.grpc.InsecureChannelCredentials;
+import io.grpc.ManagedChannel;
+import io.grpc.Server;
+import io.grpc.ServerBuilder;
+import io.grpc.benchmarks.Utils;
+import io.grpc.internal.ObjectPool;
+import io.grpc.internal.SharedResourcePool;
+import io.grpc.internal.TestUtils.NoopChannelLogger;
+import io.grpc.netty.GrpcHttp2ConnectionHandler;
+import io.grpc.netty.InternalProtocolNegotiator;
+import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
+import io.grpc.s2a.channel.S2AChannelPool;
+import io.grpc.s2a.channel.S2AGrpcChannelPool;
+import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory.S2AProtocolNegotiator;
+import io.grpc.stub.StreamObserver;
+import io.netty.channel.ChannelDuplexHandler;
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelPromise;
+import io.netty.channel.embedded.EmbeddedChannel;
+import io.netty.handler.codec.http2.Http2ConnectionDecoder;
+import io.netty.handler.codec.http2.Http2ConnectionEncoder;
+import io.netty.handler.codec.http2.Http2Settings;
+import io.netty.util.AsciiString;
+import java.util.Optional;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import org.checkerframework.checker.nullness.qual.Nullable;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link S2AProtocolNegotiatorFactory}. */
+@RunWith(JUnit4.class)
+public class S2AProtocolNegotiatorFactoryTest {
+  private static final S2AIdentity LOCAL_IDENTITY = S2AIdentity.fromSpiffeId("local identity");
+  private final ChannelHandlerContext mockChannelHandlerContext = mock(ChannelHandlerContext.class);
+  private GrpcHttp2ConnectionHandler fakeConnectionHandler;
+  private String authority;
+  private int port;
+  private Server fakeS2AServer;
+  private ObjectPool<Channel> channelPool;
+
+  @Before
+  public void setUp() throws Exception {
+    port = Utils.pickUnusedPort();
+    fakeS2AServer = ServerBuilder.forPort(port).addService(new S2AServiceImpl()).build();
+    fakeS2AServer.start();
+    channelPool = new FakeChannelPool();
+    authority = "localhost:" + port;
+    fakeConnectionHandler = FakeConnectionHandler.create(authority);
+  }
+
+  @After
+  public void tearDown() {
+    fakeS2AServer.shutdown();
+  }
+
+  @Test
+  public void handlerRemoved_success() throws Exception {
+    S2AProtocolNegotiatorFactory.BufferReadsHandler handler1 =
+        new S2AProtocolNegotiatorFactory.BufferReadsHandler();
+    S2AProtocolNegotiatorFactory.BufferReadsHandler handler2 =
+        new S2AProtocolNegotiatorFactory.BufferReadsHandler();
+    EmbeddedChannel channel = new EmbeddedChannel(handler1, handler2);
+    channel.writeInbound("message1");
+    channel.writeInbound("message2");
+    channel.writeInbound("message3");
+    assertThat(handler1.getReads()).hasSize(3);
+    assertThat(handler2.getReads()).isEmpty();
+    channel.pipeline().remove(handler1);
+    assertThat(handler2.getReads()).hasSize(3);
+  }
+
+  @Test
+  public void createProtocolNegotiatorFactory_nullArgument() throws Exception {
+    NullPointerTester tester = new NullPointerTester().setDefault(Optional.class, Optional.empty());
+
+    tester.testStaticMethods(S2AProtocolNegotiatorFactory.class, Visibility.PUBLIC);
+  }
+
+  @Test
+  public void createProtocolNegotiator_nullArgument() throws Exception {
+    S2AChannelPool pool =
+        S2AGrpcChannelPool.create(
+            SharedResourcePool.forResource(
+                S2AHandshakerServiceChannel.getChannelResource(
+                    "localhost:8080", /* s2aChannelCredentials= */ Optional.empty())));
+
+    NullPointerTester tester =
+        new NullPointerTester()
+            .setDefault(S2AChannelPool.class, pool)
+            .setDefault(Optional.class, Optional.empty());
+
+    tester.testStaticMethods(S2AProtocolNegotiator.class, Visibility.PACKAGE);
+  }
+
+  @Test
+  public void createProtocolNegotiatorFactory_getsDefaultPort_succeeds() throws Exception {
+    InternalProtocolNegotiator.ClientFactory clientFactory =
+        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool);
+
+    assertThat(clientFactory.getDefaultPort()).isEqualTo(S2AProtocolNegotiatorFactory.DEFAULT_PORT);
+  }
+
+  @Test
+  public void s2aProtocolNegotiator_getHostNameOnNull_returnsNull() throws Exception {
+    assertThat(S2AProtocolNegotiatorFactory.S2AProtocolNegotiator.getHostNameFromAuthority(null))
+        .isNull();
+  }
+
+  @Test
+  public void s2aProtocolNegotiator_getHostNameOnValidAuthority_returnsValidHostname()
+      throws Exception {
+    assertThat(
+            S2AProtocolNegotiatorFactory.S2AProtocolNegotiator.getHostNameFromAuthority(
+                "hostname:80"))
+        .isEqualTo("hostname");
+  }
+
+  @Test
+  public void createProtocolNegotiatorFactory_buildsAnS2AProtocolNegotiatorOnClientSide_succeeds()
+      throws Exception {
+    InternalProtocolNegotiator.ClientFactory clientFactory =
+        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool);
+
+    ProtocolNegotiator clientNegotiator = clientFactory.newNegotiator();
+
+    assertThat(clientNegotiator).isInstanceOf(S2AProtocolNegotiator.class);
+    assertThat(clientNegotiator.scheme()).isEqualTo(AsciiString.of("https"));
+  }
+
+  @Test
+  public void closeProtocolNegotiator_verifyProtocolNegotiatorIsClosedOnClientSide()
+      throws Exception {
+    InternalProtocolNegotiator.ClientFactory clientFactory =
+        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool);
+    ProtocolNegotiator clientNegotiator = clientFactory.newNegotiator();
+
+    clientNegotiator.close();
+
+    assertThat(((FakeChannelPool) channelPool).isChannelCached()).isFalse();
+  }
+
+  @Test
+  public void createChannelHandler_addHandlerToMockContext() throws Exception {
+    ExecutorService executor = Executors.newSingleThreadExecutor();
+    ManagedChannel channel =
+        Grpc.newChannelBuilder(authority, InsecureChannelCredentials.create())
+            .executor(executor)
+            .build();
+    FakeS2AChannelPool fakeChannelPool = new FakeS2AChannelPool(channel);
+    ProtocolNegotiator clientNegotiator =
+        S2AProtocolNegotiatorFactory.S2AProtocolNegotiator.createForClient(
+            fakeChannelPool, LOCAL_IDENTITY);
+
+    ChannelHandler channelHandler = clientNegotiator.newHandler(fakeConnectionHandler);
+
+    ((ChannelDuplexHandler) channelHandler).userEventTriggered(mockChannelHandlerContext, "event");
+    verify(mockChannelHandlerContext).fireUserEventTriggered("event");
+  }
+
+  /** A {@link S2AChannelPool} that returns the given channel. */
+  private static class FakeS2AChannelPool implements S2AChannelPool {
+    private final Channel channel;
+
+    FakeS2AChannelPool(Channel channel) {
+      this.channel = channel;
+    }
+
+    @Override
+    public Channel getChannel() {
+      return channel;
+    }
+
+    @Override
+    public void returnToPool(Channel channel) {}
+
+    @Override
+    public void close() {}
+  }
+
+  /** A {@code GrpcHttp2ConnectionHandler} that does nothing. */
+  private static class FakeConnectionHandler extends GrpcHttp2ConnectionHandler {
+    private static final Http2ConnectionDecoder DECODER = mock(Http2ConnectionDecoder.class);
+    private static final Http2ConnectionEncoder ENCODER = mock(Http2ConnectionEncoder.class);
+    private static final Http2Settings SETTINGS = new Http2Settings();
+    private final String authority;
+
+    static FakeConnectionHandler create(String authority) {
+      return new FakeConnectionHandler(null, DECODER, ENCODER, SETTINGS, authority);
+    }
+
+    private FakeConnectionHandler(
+        ChannelPromise channelUnused,
+        Http2ConnectionDecoder decoder,
+        Http2ConnectionEncoder encoder,
+        Http2Settings initialSettings,
+        String authority) {
+      super(channelUnused, decoder, encoder, initialSettings, new NoopChannelLogger());
+      this.authority = authority;
+    }
+
+    @Override
+    public String getAuthority() {
+      return authority;
+    }
+  }
+
+  /** An S2A server that handles GetTlsConfiguration request. */
+  private static class S2AServiceImpl extends S2AServiceGrpc.S2AServiceImplBase {
+    static final FakeWriter writer = new FakeWriter();
+
+    @Override
+    public StreamObserver<SessionReq> setUpSession(StreamObserver<SessionResp> responseObserver) {
+      return new StreamObserver<SessionReq>() {
+        @Override
+        public void onNext(SessionReq req) {
+          responseObserver.onNext(writer.handleResponse(req));
+        }
+
+        @Override
+        public void onError(Throwable t) {}
+
+        @Override
+        public void onCompleted() {}
+      };
+    }
+  }
+
+  private static class FakeChannelPool implements ObjectPool<Channel> {
+    private final Channel mockChannel = mock(Channel.class);
+    private @Nullable Channel cachedChannel = null;
+
+    @Override
+    public Channel getObject() {
+      if (cachedChannel == null) {
+        cachedChannel = mockChannel;
+      }
+      return cachedChannel;
+    }
+
+    @Override
+    public Channel returnObject(Object object) {
+      assertThat(object).isSameInstanceAs(mockChannel);
+      cachedChannel = null;
+      return null;
+    }
+
+    public boolean isChannelCached() {
+      return (cachedChannel != null);
+    }
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
new file mode 100644
index 00000000000..bb90be12b6a
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
@@ -0,0 +1,260 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import com.google.common.truth.Expect;
+import io.grpc.internal.SharedResourcePool;
+import io.grpc.s2a.channel.S2AChannelPool;
+import io.grpc.s2a.channel.S2AGrpcChannelPool;
+import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
+import io.grpc.stub.StreamObserver;
+import java.io.IOException;
+import java.util.Optional;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link S2AStub}. */
+@RunWith(JUnit4.class)
+public class S2AStubTest {
+  @Rule public final Expect expect = Expect.create();
+  private static final String S2A_ADDRESS = "localhost:8080";
+  private S2AStub stub;
+  private FakeWriter writer;
+
+  @Before
+  public void setUp() {
+    writer = new FakeWriter();
+    stub = S2AStub.newInstanceForTesting(writer);
+    writer.setReader(stub.getReader());
+  }
+
+  @Test
+  public void send_receiveOkStatus() throws Exception {
+    S2AChannelPool channelPool =
+        S2AGrpcChannelPool.create(
+            SharedResourcePool.forResource(
+                S2AHandshakerServiceChannel.getChannelResource(
+                    S2A_ADDRESS, /* s2aChannelCredentials= */ Optional.empty())));
+    S2AServiceGrpc.S2AServiceStub serviceStub = S2AServiceGrpc.newStub(channelPool.getChannel());
+    S2AStub newStub = S2AStub.newInstance(serviceStub);
+
+    IOException expected =
+        assertThrows(IOException.class, () -> newStub.send(SessionReq.getDefaultInstance()));
+
+    assertThat(expected).hasMessageThat().contains("DEADLINE_EXCEEDED");
+  }
+
+  @Test
+  public void send_clientTlsConfiguration_receiveOkStatus() throws Exception {
+    SessionReq req =
+        SessionReq.newBuilder()
+            .setGetTlsConfigurationReq(
+                GetTlsConfigurationReq.newBuilder()
+                    .setConnectionSide(ConnectionSide.CONNECTION_SIDE_CLIENT))
+            .build();
+
+    SessionResp resp = stub.send(req);
+
+    SessionResp expected =
+        SessionResp.newBuilder()
+            .setGetTlsConfigurationResp(
+                GetTlsConfigurationResp.newBuilder()
+                    .setClientTlsConfiguration(
+                        GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                            .addCertificateChain(FakeWriter.LEAF_CERT)
+                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_2)
+                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_1)
+                            .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3)
+                            .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
+            .build();
+    assertThat(resp).ignoringRepeatedFieldOrder().isEqualTo(expected);
+  }
+
+  @Test
+  public void send_serverTlsConfiguration_receiveErrorStatus() throws Exception {
+    SessionReq req =
+        SessionReq.newBuilder()
+            .setGetTlsConfigurationReq(
+                GetTlsConfigurationReq.newBuilder()
+                    .setConnectionSide(ConnectionSide.CONNECTION_SIDE_SERVER))
+            .build();
+
+    SessionResp resp = stub.send(req);
+
+    SessionResp expected =
+        SessionResp.newBuilder()
+            .setStatus(
+                Status.newBuilder()
+                    .setCode(255)
+                    .setDetails("No TLS configuration for the server side."))
+            .build();
+    assertThat(resp).isEqualTo(expected);
+  }
+
+  @Test
+  public void send_receiveErrorStatus() throws Exception {
+    writer.setBehavior(FakeWriter.Behavior.ERROR_STATUS);
+
+    SessionResp resp = stub.send(SessionReq.getDefaultInstance());
+
+    SessionResp expected =
+        SessionResp.newBuilder()
+            .setStatus(
+                Status.newBuilder().setCode(1).setDetails("Intended ERROR Status from FakeWriter."))
+            .build();
+    assertThat(resp).isEqualTo(expected);
+  }
+
+  @Test
+  public void send_receiveErrorResponse() throws InterruptedException {
+    writer.setBehavior(FakeWriter.Behavior.ERROR_RESPONSE);
+
+    IOException expected =
+        assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance()));
+
+    expect.that(expected).hasCauseThat().isInstanceOf(RuntimeException.class);
+    expect.that(expected).hasMessageThat().contains("Intended ERROR from FakeWriter.");
+  }
+
+  @Test
+  public void send_receiveCompleteStatus() throws Exception {
+    writer.setBehavior(FakeWriter.Behavior.COMPLETE_STATUS);
+
+    ConnectionClosedException expected =
+        assertThrows(
+            ConnectionClosedException.class, () -> stub.send(SessionReq.getDefaultInstance()));
+
+    assertThat(expected).hasMessageThat().contains("Reading from the S2A is complete.");
+  }
+
+  @Test
+  public void send_receiveUnexpectedResponse() throws Exception {
+    writer.sendIoError();
+
+    IOException expected =
+        assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance()));
+
+    assertThat(expected)
+        .hasMessageThat()
+        .contains(
+            "Received an unexpected response from a host at the S2A's address. The S2A might be"
+                + " unavailable.");
+  }
+
+  @Test
+  public void send_receiveManyUnexpectedResponse_expectResponsesEmpty() throws Exception {
+    writer.sendIoError();
+    writer.sendIoError();
+    writer.sendIoError();
+
+    IOException expected =
+        assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance()));
+
+    assertThat(expected)
+        .hasMessageThat()
+        .contains(
+            "Received an unexpected response from a host at the S2A's address. The S2A might be"
+                + " unavailable.");
+
+    assertThat(stub.getResponses()).isEmpty();
+  }
+
+  @Test
+  public void send_receiveDelayedResponse() throws Exception {
+    writer.sendGetTlsConfigResp();
+    SessionResp resp = stub.send(SessionReq.getDefaultInstance());
+    SessionResp expected =
+        SessionResp.newBuilder()
+            .setGetTlsConfigurationResp(
+                GetTlsConfigurationResp.newBuilder()
+                    .setClientTlsConfiguration(
+                        GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                            .addCertificateChain(FakeWriter.LEAF_CERT)
+                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_2)
+                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_1)
+                            .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3)
+                            .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
+            .build();
+    assertThat(resp).ignoringRepeatedFieldOrder().isEqualTo(expected);
+  }
+
+  @Test
+  public void send_afterEarlyClose_receivesClosedException() throws InterruptedException {
+    stub.close();
+    expect.that(writer.isFakeWriterClosed()).isTrue();
+
+    ConnectionClosedException expected =
+        assertThrows(
+            ConnectionClosedException.class, () -> stub.send(SessionReq.getDefaultInstance()));
+
+    assertThat(expected).hasMessageThat().contains("Stream to the S2A is closed.");
+  }
+
+  @Test
+  public void send_failToWrite() throws Exception {
+    FailWriter failWriter = new FailWriter();
+    stub = S2AStub.newInstanceForTesting(failWriter);
+
+    IOException expected =
+        assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance()));
+
+    expect.that(expected).hasCauseThat().isInstanceOf(S2AConnectionException.class);
+    expect
+        .that(expected)
+        .hasCauseThat()
+        .hasMessageThat()
+        .isEqualTo("Could not send request to S2A.");
+  }
+
+  /** Fails whenever a write is attempted. */
+  private static class FailWriter implements StreamObserver<SessionReq> {
+    @Override
+    public void onNext(SessionReq req) {
+      assertThat(req).isNotNull();
+      throw new S2AConnectionException("Could not send request to S2A.");
+    }
+
+    @Override
+    public void onError(Throwable t) {
+      assertThat(t).isInstanceOf(S2AConnectionException.class);
+    }
+
+    @Override
+    public void onCompleted() {
+      throw new UnsupportedOperationException();
+    }
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java
new file mode 100644
index 00000000000..384e1aba5cc
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java
@@ -0,0 +1,262 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import io.grpc.s2a.handshaker.S2AIdentity;
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Base64;
+import java.util.Optional;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class S2ATrustManagerTest {
+  private S2AStub stub;
+  private FakeWriter writer;
+  private static final String FAKE_HOSTNAME = "Fake-Hostname";
+  private static final String CLIENT_CERT_PEM =
+      "MIICKjCCAc+gAwIBAgIUC2GShcVO+5Zkml+7VO3OQ+B2c7EwCgYIKoZIzj0EAwIw"
+          + "HzEdMBsGA1UEAwwUcm9vdGNlcnQuZXhhbXBsZS5jb20wIBcNMjMwMTI2MTk0OTUx"
+          + "WhgPMjA1MDA2MTMxOTQ5NTFaMB8xHTAbBgNVBAMMFGxlYWZjZXJ0LmV4YW1wbGUu"
+          + "Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeciYZgFAZjxyzTrklCRIWpad"
+          + "8wkyCZQzJSf0IfNn9NKtfzL2V/blteULO0o9Da8e2Avaj+XCKfFTc7salMo/waOB"
+          + "5jCB4zAOBgNVHQ8BAf8EBAMCB4AwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsG"
+          + "AQUFBwMBMAwGA1UdEwEB/wQCMAAwYQYDVR0RBFowWIYic3BpZmZlOi8vZm9vLnBy"
+          + "b2QuZ29vZ2xlLmNvbS9wMS9wMoIUZm9vLnByb2Quc3BpZmZlLmdvb2eCHG1hY2hp"
+          + "bmUtbmFtZS5wcm9kLmdvb2dsZS5jb20wHQYDVR0OBBYEFETY6Cu/aW924nfvUrOs"
+          + "yXCC1hrpMB8GA1UdIwQYMBaAFJLkXGlTYKISiGd+K/Ijh4IOEpHBMAoGCCqGSM49"
+          + "BAMCA0kAMEYCIQCZDW472c1/4jEOHES/88X7NTqsYnLtIpTjp5PZ62z3sAIhAN1J"
+          + "vxvbxt9ySdFO+cW7oLBEkCwUicBhxJi5VfQeQypT";
+
+  @Before
+  public void setUp() {
+    writer = new FakeWriter();
+    stub = S2AStub.newInstanceForTesting(writer);
+    writer.setReader(stub.getReader());
+  }
+
+  @Test
+  public void createForClient_withNullStub_throwsError() {
+    NullPointerException expected =
+        assertThrows(
+            NullPointerException.class,
+            () ->
+                S2ATrustManager.createForClient(
+                    /* stub= */ null, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()));
+
+    assertThat(expected).hasMessageThat().isNull();
+  }
+
+  @Test
+  public void createForClient_withNullHostname_throwsError() {
+    NullPointerException expected =
+        assertThrows(
+            NullPointerException.class,
+            () ->
+                S2ATrustManager.createForClient(
+                    stub, /* hostname= */ null, /* localIdentity= */ Optional.empty()));
+
+    assertThat(expected).hasMessageThat().isNull();
+  }
+
+  @Test
+  public void getAcceptedIssuers_returnsExpectedNullResult() {
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    assertThat(trustManager.getAcceptedIssuers()).isNull();
+  }
+
+  @Test
+  public void checkClientTrusted_withEmptyCertificateChain_throwsException()
+      throws CertificateException {
+    writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    IllegalArgumentException expected =
+        assertThrows(
+            IllegalArgumentException.class,
+            () -> trustManager.checkClientTrusted(new X509Certificate[] {}, /* authType= */ ""));
+
+    assertThat(expected).hasMessageThat().contains("Certificate chain has zero certificates.");
+  }
+
+  @Test
+  public void checkServerTrusted_withEmptyCertificateChain_throwsException()
+      throws CertificateException {
+    writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    IllegalArgumentException expected =
+        assertThrows(
+            IllegalArgumentException.class,
+            () -> trustManager.checkServerTrusted(new X509Certificate[] {}, /* authType= */ ""));
+
+    assertThat(expected).hasMessageThat().contains("Certificate chain has zero certificates.");
+  }
+
+  @Test
+  public void checkClientTrusted_getsSuccessResponse() throws CertificateException {
+    writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    // Expect no exception.
+    trustManager.checkClientTrusted(getCerts(), /* authType= */ "");
+  }
+
+  @Test
+  public void checkClientTrusted_withLocalIdentity_getsSuccessResponse()
+      throws CertificateException {
+    writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(
+            stub, FAKE_HOSTNAME, Optional.of(S2AIdentity.fromSpiffeId("fake-spiffe-id")));
+
+    // Expect no exception.
+    trustManager.checkClientTrusted(getCerts(), /* authType= */ "");
+  }
+
+  @Test
+  public void checkServerTrusted_getsSuccessResponse() throws CertificateException {
+    writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    // Expect no exception.
+    trustManager.checkServerTrusted(getCerts(), /* authType= */ "");
+  }
+
+  @Test
+  public void checkServerTrusted_withLocalIdentity_getsSuccessResponse()
+      throws CertificateException {
+    writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(
+            stub, FAKE_HOSTNAME, Optional.of(S2AIdentity.fromSpiffeId("fake-spiffe-id")));
+
+    // Expect no exception.
+    trustManager.checkServerTrusted(getCerts(), /* authType= */ "");
+  }
+
+  @Test
+  public void checkClientTrusted_getsIntendedFailureResponse() throws CertificateException {
+    writer
+        .setVerificationResult(FakeWriter.VerificationResult.FAILURE)
+        .setFailureReason("Intended failure.");
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    CertificateException expected =
+        assertThrows(
+            CertificateException.class,
+            () -> trustManager.checkClientTrusted(getCerts(), /* authType= */ ""));
+
+    assertThat(expected).hasMessageThat().contains("Intended failure.");
+  }
+
+  @Test
+  public void checkClientTrusted_getsIntendedFailureStatusInResponse() throws CertificateException {
+    writer.setBehavior(FakeWriter.Behavior.ERROR_STATUS);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    CertificateException expected =
+        assertThrows(
+            CertificateException.class,
+            () -> trustManager.checkClientTrusted(getCerts(), /* authType= */ ""));
+
+    assertThat(expected).hasMessageThat().contains("Error occurred in response from S2A");
+  }
+
+  @Test
+  public void checkClientTrusted_getsIntendedFailureFromServer() throws CertificateException {
+    writer.setBehavior(FakeWriter.Behavior.ERROR_RESPONSE);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    CertificateException expected =
+        assertThrows(
+            CertificateException.class,
+            () -> trustManager.checkClientTrusted(getCerts(), /* authType= */ ""));
+
+    assertThat(expected).hasMessageThat().isEqualTo("Failed to send request to S2A.");
+  }
+
+  @Test
+  public void checkServerTrusted_getsIntendedFailureResponse() throws CertificateException {
+    writer
+        .setVerificationResult(FakeWriter.VerificationResult.FAILURE)
+        .setFailureReason("Intended failure.");
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    CertificateException expected =
+        assertThrows(
+            CertificateException.class,
+            () -> trustManager.checkServerTrusted(getCerts(), /* authType= */ ""));
+
+    assertThat(expected).hasMessageThat().contains("Intended failure.");
+  }
+
+  @Test
+  public void checkServerTrusted_getsIntendedFailureStatusInResponse() throws CertificateException {
+    writer.setBehavior(FakeWriter.Behavior.ERROR_STATUS);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    CertificateException expected =
+        assertThrows(
+            CertificateException.class,
+            () -> trustManager.checkServerTrusted(getCerts(), /* authType= */ ""));
+
+    assertThat(expected).hasMessageThat().contains("Error occurred in response from S2A");
+  }
+
+  @Test
+  public void checkServerTrusted_getsIntendedFailureFromServer() throws CertificateException {
+    writer.setBehavior(FakeWriter.Behavior.ERROR_RESPONSE);
+    S2ATrustManager trustManager =
+        S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty());
+
+    CertificateException expected =
+        assertThrows(
+            CertificateException.class,
+            () -> trustManager.checkServerTrusted(getCerts(), /* authType= */ ""));
+
+    assertThat(expected).hasMessageThat().isEqualTo("Failed to send request to S2A.");
+  }
+
+  private X509Certificate[] getCerts() throws CertificateException {
+    byte[] decoded = Base64.getDecoder().decode(CLIENT_CERT_PEM);
+    return new X509Certificate[] {
+      (X509Certificate)
+          CertificateFactory.getInstance("X.509")
+              .generateCertificate(new ByteArrayInputStream(decoded))
+    };
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java
new file mode 100644
index 00000000000..a2a66a7b563
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import com.google.common.truth.Expect;
+import io.grpc.s2a.handshaker.S2AIdentity;
+import io.netty.handler.ssl.OpenSslSessionContext;
+import io.netty.handler.ssl.SslContext;
+import java.security.GeneralSecurityException;
+import java.util.Optional;
+import javax.net.ssl.SSLSessionContext;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link SslContextFactory}. */
+@RunWith(JUnit4.class)
+public final class SslContextFactoryTest {
+  @Rule public final Expect expect = Expect.create();
+  private static final String FAKE_TARGET_NAME = "fake_target_name";
+  private S2AStub stub;
+  private FakeWriter writer;
+
+  @Before
+  public void setUp() {
+    writer = new FakeWriter();
+    stub = S2AStub.newInstanceForTesting(writer);
+    writer.setReader(stub.getReader());
+  }
+
+  @Test
+  public void createForClient_returnsValidSslContext() throws Exception {
+    SslContext sslContext =
+        SslContextFactory.createForClient(
+            stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty());
+
+    expect.that(sslContext).isNotNull();
+    expect.that(sslContext.sessionCacheSize()).isEqualTo(1);
+    expect.that(sslContext.sessionTimeout()).isEqualTo(300);
+    expect.that(sslContext.isClient()).isTrue();
+    expect.that(sslContext.applicationProtocolNegotiator().protocols()).containsExactly("h2");
+    SSLSessionContext sslSessionContext = sslContext.sessionContext();
+    if (sslSessionContext instanceof OpenSslSessionContext) {
+      OpenSslSessionContext openSslSessionContext = (OpenSslSessionContext) sslSessionContext;
+      expect.that(openSslSessionContext.isSessionCacheEnabled()).isFalse();
+    }
+  }
+
+  @Test
+  public void createForClient_withLocalIdentity_returnsValidSslContext() throws Exception {
+    SslContext sslContext =
+        SslContextFactory.createForClient(
+            stub, FAKE_TARGET_NAME, Optional.of(S2AIdentity.fromSpiffeId("fake-spiffe-id")));
+
+    expect.that(sslContext).isNotNull();
+    expect.that(sslContext.sessionCacheSize()).isEqualTo(1);
+    expect.that(sslContext.sessionTimeout()).isEqualTo(300);
+    expect.that(sslContext.isClient()).isTrue();
+    expect.that(sslContext.applicationProtocolNegotiator().protocols()).containsExactly("h2");
+    SSLSessionContext sslSessionContext = sslContext.sessionContext();
+    if (sslSessionContext instanceof OpenSslSessionContext) {
+      OpenSslSessionContext openSslSessionContext = (OpenSslSessionContext) sslSessionContext;
+      expect.that(openSslSessionContext.isSessionCacheEnabled()).isFalse();
+    }
+  }
+
+  @Test
+  public void createForClient_returnsEmptyResponse_error() throws Exception {
+    writer.setBehavior(FakeWriter.Behavior.EMPTY_RESPONSE);
+
+    S2AConnectionException expected =
+        assertThrows(
+            S2AConnectionException.class,
+            () ->
+                SslContextFactory.createForClient(
+                    stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty()));
+
+    assertThat(expected)
+        .hasMessageThat()
+        .contains("Response from S2A server does NOT contain ClientTlsConfiguration.");
+  }
+
+  @Test
+  public void createForClient_returnsErrorStatus_error() throws Exception {
+    writer.setBehavior(FakeWriter.Behavior.ERROR_STATUS);
+
+    S2AConnectionException expected =
+        assertThrows(
+            S2AConnectionException.class,
+            () ->
+                SslContextFactory.createForClient(
+                    stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty()));
+
+    assertThat(expected).hasMessageThat().contains("Intended ERROR Status from FakeWriter.");
+  }
+
+  @Test
+  public void createForClient_getsErrorFromServer_throwsError() throws Exception {
+    writer.sendIoError();
+
+    GeneralSecurityException expected =
+        assertThrows(
+            GeneralSecurityException.class,
+            () ->
+                SslContextFactory.createForClient(
+                    stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty()));
+
+    assertThat(expected)
+        .hasMessageThat()
+        .contains("Failed to get client TLS configuration from S2A.");
+  }
+
+  @Test
+  public void createForClient_getsBadTlsVersionsFromServer_throwsError() throws Exception {
+    writer.setBehavior(FakeWriter.Behavior.BAD_TLS_VERSION_RESPONSE);
+
+    S2AConnectionException expected =
+        assertThrows(
+            S2AConnectionException.class,
+            () ->
+                SslContextFactory.createForClient(
+                    stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty()));
+
+    assertThat(expected)
+        .hasMessageThat()
+        .contains("Set of TLS versions received from S2A server is empty.");
+  }
+
+  @Test
+  public void createForClient_nullStub_throwsError() throws Exception {
+    writer.sendUnexpectedResponse();
+
+    NullPointerException expected =
+        assertThrows(
+            NullPointerException.class,
+            () ->
+                SslContextFactory.createForClient(
+                    /* stub= */ null, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty()));
+
+    assertThat(expected).hasMessageThat().isEqualTo("stub should not be null.");
+  }
+
+  @Test
+  public void createForClient_nullTargetName_throwsError() throws Exception {
+    writer.sendUnexpectedResponse();
+
+    NullPointerException expected =
+        assertThrows(
+            NullPointerException.class,
+            () ->
+                SslContextFactory.createForClient(
+                    stub, /* targetName= */ null, /* localIdentity= */ Optional.empty()));
+
+    assertThat(expected)
+        .hasMessageThat()
+        .isEqualTo("targetName should not be null on client side.");
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
new file mode 100644
index 00000000000..80adba07f20
--- /dev/null
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.s2a.handshaker.tokenmanager;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import io.grpc.s2a.handshaker.S2AIdentity;
+import java.util.Optional;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class SingleTokenAccessTokenManagerTest {
+  private static final S2AIdentity IDENTITY = S2AIdentity.fromSpiffeId("spiffe_id");
+  private static final String TOKEN = "token";
+
+  @Before
+  public void setUp() {
+    SingleTokenFetcher.setAccessToken(null);
+  }
+
+  @Test
+  public void getDefaultToken_success() throws Exception {
+    SingleTokenFetcher.setAccessToken(TOKEN);
+    Optional<AccessTokenManager> manager = AccessTokenManager.create();
+    assertThat(manager).isPresent();
+    assertThat(manager.get().getDefaultToken()).isEqualTo(TOKEN);
+  }
+
+  @Test
+  public void getToken_success() throws Exception {
+    SingleTokenFetcher.setAccessToken(TOKEN);
+    Optional<AccessTokenManager> manager = AccessTokenManager.create();
+    assertThat(manager).isPresent();
+    assertThat(manager.get().getToken(IDENTITY)).isEqualTo(TOKEN);
+  }
+
+  @Test
+  public void getToken_noEnvironmentVariable() throws Exception {
+    assertThat(SingleTokenFetcher.create()).isEmpty();
+  }
+
+  @Test
+  public void create_success() throws Exception {
+    SingleTokenFetcher.setAccessToken(TOKEN);
+    Optional<AccessTokenManager> manager = AccessTokenManager.create();
+    assertThat(manager).isPresent();
+    assertThat(manager.get().getToken(IDENTITY)).isEqualTo(TOKEN);
+  }
+
+  @Test
+  public void create_noEnvironmentVariable() throws Exception {
+    assertThat(AccessTokenManager.create()).isEmpty();
+  }
+}
\ No newline at end of file
diff --git a/s2a/src/test/resources/README.md b/s2a/src/test/resources/README.md
new file mode 100644
index 00000000000..726b921a615
--- /dev/null
+++ b/s2a/src/test/resources/README.md
@@ -0,0 +1,32 @@
+# Generating certificates and keys for testing mTLS-S2A
+
+Content from: https://github.com/google/s2a-go/blob/main/testdata/README.md
+
+Create root CA
+
+```
+openssl req -x509 -sha256 -days 7305 -newkey rsa:2048 -keyout root_key.pem -out
+root_cert.pem
+```
+
+Generate private keys for server and client
+
+```
+openssl genrsa -out server_key.pem 2048
+openssl genrsa -out client_key.pem 2048
+```
+
+Generate CSRs for server and client (set Common Name to localhost, leave all
+other fields blank)
+
+```
+openssl req -key server_key.pem -new -out server.csr -config config.cnf
+openssl req -key client_key.pem -new -out client.csr -config config.cnf
+```
+
+Sign CSRs for server and client
+
+```
+openssl x509 -req -CA root_cert.pem -CAkey root_key.pem -in server.csr -out server_cert.pem -days 7305 -extfile config.cnf -extensions req_ext
+openssl x509 -req -CA root_cert.pem -CAkey root_key.pem -in client.csr -out client_cert.pem -days 7305
+```
\ No newline at end of file
diff --git a/s2a/src/test/resources/client.csr b/s2a/src/test/resources/client.csr
new file mode 100644
index 00000000000..664f5a4cf86
--- /dev/null
+++ b/s2a/src/test/resources/client.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIChzCCAW8CAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAoSS3KtFgiXX4vAUNscFGIB/r2OOMgiZMKHz72dN0
+5kSxwdpQxpMIhwEoe0lhHNfOiuE7/r6VbGG9RGGIcQcoSonc3InPRfpnzfj9KohJ
+i8pYkLL9EwElAEl9sWnvVKTza8jTApDP2Z/fntBEsWAMsLPpuRZT6tgN1sXe4vNG
+4wufJSxuImyCVAx1fkZjRkYEKOtm1osnEDng4R0WXZ6S+q5lYzYPk1wxgbjdZu2U
+fWxP6V63SphV0NFXTx0E401j2h258cIqTVj8lRX6dfl9gO0d43Rd+hSU7R4iXGEw
+arixuH9g5H745AFf9H52twHPcNP9cEKBljBpSV5z3MvTkQIDAQABoC4wLAYJKoZI
+hvcNAQkOMR8wHTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3
+DQEBCwUAA4IBAQCQHim3aIpGJs5u6JhEA07Rwm8YKyVALDEklhsHILlFhdNr2uV7
+S+3bHV79mDGjxNWvFcgK5h5ENkT60tXbhbie1gYmFT0RMCYHDsL09NGTh8G9Bbdl
+UKeA9DMhRSYzE7Ks3Lo1dJvX7OAEI0qV77dGpQknufYpmHiBXuqtB9I0SpYi1c4O
+9IUn/NY0yiYFPsIEsVRz/1dK97wazusLnijaMwNNhUc9bJwTyujhlr+b8ioPyADG
+e+GDF97d0nQ8806DOJF4GTRKwaXD+R5zN5t4ULhZ7ERqLNeE9EnWRe4CvSGvBoNA
+hIVeYaLd761Z9ZKvOnsgCr8qvMDilDFY6OfB
+-----END CERTIFICATE REQUEST-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/client_cert.pem b/s2a/src/test/resources/client_cert.pem
new file mode 100644
index 00000000000..b72f6991c91
--- /dev/null
+++ b/s2a/src/test/resources/client_cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9DCCAdwCFB+cDXee2sIHjdlBhdNpTo+G2XAjMA0GCSqGSIb3DQEBCwUAMFkx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzEw
+MTcyMzA5MDNaFw00MzEwMTcyMzA5MDNaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKEktyrRYIl1+LwFDbHBRiAf
+69jjjIImTCh8+9nTdOZEscHaUMaTCIcBKHtJYRzXzorhO/6+lWxhvURhiHEHKEqJ
+3NyJz0X6Z834/SqISYvKWJCy/RMBJQBJfbFp71Sk82vI0wKQz9mf357QRLFgDLCz
+6bkWU+rYDdbF3uLzRuMLnyUsbiJsglQMdX5GY0ZGBCjrZtaLJxA54OEdFl2ekvqu
+ZWM2D5NcMYG43WbtlH1sT+let0qYVdDRV08dBONNY9odufHCKk1Y/JUV+nX5fYDt
+HeN0XfoUlO0eIlxhMGq4sbh/YOR++OQBX/R+drcBz3DT/XBCgZYwaUlec9zL05EC
+AwEAATANBgkqhkiG9w0BAQsFAAOCAQEARorc1t2OJnwm1lxhf2KpTpNvNOI9FJak
+iSHz/MxhMdu4BG/dQHkKkWoVC6W2Kaimx4OImBwRlGEmGf4P0bXOLSTOumk2k1np
+ZUbw7Z2cJzvBmT2BLoHRXcBvbFIBW5DJUSHR37eXEKP57BeD+Og4/3XhNzehSpTX
+DRd2Ix/D39JjYA462nqPHQP8HDMf6+0BFmvf9ZRYmFucccYQRCUCKDqb8+wGf9W6
+tKNRE6qPG2jpAQ9qkgO7XuucbLvpywt5xj+yDRbOIq43l40mHaz4lRp697oaxjP8
+HSVcMydW3cluoW3AVInNIaqbM1dr6931MllK62DKipFtmCycq/56XA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/client_key.pem b/s2a/src/test/resources/client_key.pem
new file mode 100644
index 00000000000..dd3e2ff78f1
--- /dev/null
+++ b/s2a/src/test/resources/client_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChJLcq0WCJdfi8
+BQ2xwUYgH+vY44yCJkwofPvZ03TmRLHB2lDGkwiHASh7SWEc186K4Tv+vpVsYb1E
+YYhxByhKidzcic9F+mfN+P0qiEmLyliQsv0TASUASX2xae9UpPNryNMCkM/Zn9+e
+0ESxYAyws+m5FlPq2A3Wxd7i80bjC58lLG4ibIJUDHV+RmNGRgQo62bWiycQOeDh
+HRZdnpL6rmVjNg+TXDGBuN1m7ZR9bE/pXrdKmFXQ0VdPHQTjTWPaHbnxwipNWPyV
+Ffp1+X2A7R3jdF36FJTtHiJcYTBquLG4f2DkfvjkAV/0fna3Ac9w0/1wQoGWMGlJ
+XnPcy9ORAgMBAAECggEALAUqoGDIHWUDyOEch5WDwZzWwc4PgTJTFbBm4G96fLkB
+UjKAZG6gIrk3RM6b39Q4UQoMaJ/Jk+zzVi3Kpw3MfOhCVGC1JamtF8BP8IGAjdZ9
+8TFkHv/uCrEIzCFjRt00vhoDQq0qiom4/dppGYdikBbl3zDxRbM1vJkbNSY+FCGW
+dA0uJ5XdMLR6lPeB5odqjUggnfUgPCOLdV/F+HkSM9NP1bzmHLiKznzwFsfat139
+7LdzJwNN5IX4Io6cxsxNlrX/NNvPkKdGv07Z6FYxWROyKCunjh48xFcQg0ltoRuq
+R9P8/LwS8GYrcc1uC/uBc0e6VgM9D9fsvh+8SQtf3QKBgQDXX+z2GnsFoEs7xv9U
+qN0HEX4jOkihZvFu43layUmeCeE8wlEctJ0TsM5Bd7FMoUG6e5/btwhsAIYW89Xn
+l/R8OzxR6Kh952Dce4DAULuIeopiw7ASJwTZtO9lWhxw0hjM1hxXTG+xxOqQvsRX
+c+d+vtvdIqyJ4ELfzg9kUtkdpwKBgQC/ig3cmej7dQdRAMn0YAwgwhuLkCqVFh4y
+WIlqyPPejKf8RXubqgtaSYx/T7apP87SMMSfSLaUdrYAGjST6k+tG5cmwutPIbw/
+osL7U3hcIhjX3hfHgI69Ojcpplbd5yqTxZHpxIs6iAQCEqNuasLXIDMouqNhGF1D
+YssD6qxcBwKBgQCdZqWvVrsB6ZwSG+UO4jpmqAofhMD/9FQOToCqMOF0dpP966WL
+7RO/CEA06FzTPCblOuQhlyq4g8l7jMiPcSZkhIYY9oftO+Q2Pqxh4J6tp6DrfUh4
+e7u3v9wVnj2a1nD5gqFDy8D1kow7LLAhmbtdje7xNh4SxasaFWZ6U3IJkQKBgGS1
+F5i3q9IatCAZBBZjMb0/kfANevYsTPA3sPjec6q91c1EUzuDarisFx0RMn9Gt124
+mokNWEIzMHpZTO/AsOfZq92LeuF+YVYsI8y1FIGMw/csJOCWbXZ812gkt2OxGafc
+p118I6BAx6q3VgrGQ2+M1JlDmIeCofa+SPPkPX+dAoGBAJrOgEJ+oyEaX/YR1g+f
+33pWoPQbRCG7T4+Y0oetCCWIcMg1/IUvGUCGmRDxj5dMqB+a0vJtviQN9rjpSuNS
+0EVw79AJkIjHhi6KDOfAuyBvzGhxpqxGufnQ2GU0QL65NxQfd290xkxikN0ZGtuB
+SDgZoJxMOGYwf8EX5i9h27Db
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/config.cnf b/s2a/src/test/resources/config.cnf
new file mode 100644
index 00000000000..38d9a9ccdb0
--- /dev/null
+++ b/s2a/src/test/resources/config.cnf
@@ -0,0 +1,17 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+
+[req_distinguished_name]
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name (full name)
+localityName                    = Locality Name (eg, city)
+organizationalUnitName          = Organizational Unit Name (eg, section)
+commonName                      = Common Name (eg, your name or your server\'s hostname)
+emailAddress                    = Email Address
+
+[req_ext]
+subjectAltName = @alt_names
+
+[alt_names]
+IP.1 = ::
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_cert.pem b/s2a/src/test/resources/root_cert.pem
new file mode 100644
index 00000000000..737e601691c
--- /dev/null
+++ b/s2a/src/test/resources/root_cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIUb7RsINwsFgKf0Q0RuzfOgp48j6UwDQYJKoZIhvcNAQEL
+BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X
+DTIzMTAxNzIzMDczOFoXDTQzMTAxNzIzMDczOFowWTELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAkIFnQLuhzYnm3rvmi/U7zMgEP2Tqgb3VC00frSXEV6olZcLgyC9g
+0DAGdt9l9lP90DQTG5KCOtoW2BTqM/aaVpR0OaDFOCy90FIj6YyZLZ9w2PQxQcxS
+GQHyEvWszTkNxeDyG1mPTj+Go8JLKqdvLg/9GUgPg6stxyAZwYhyUTGuEM4bv0sn
+b3vmHRmIGJ/w6aLtd7nK8LkNHa3WVrbvRGHrzdMHfpzF/M/5fAk8GfRYugo39knf
+VLKGyQCXNI8Y1iHGEmPqQZIFPTjBL6caIlbEV0VHlxoSOGB6JVxcllxAEvd6abqX
+RJVJPQzzGfEnMNYp9SiZQ9bvDRUsUkWyYwIDAQABo1MwUTAdBgNVHQ4EFgQUAZMN
+F9JAGHbA3jGOeu6bWFvSdWkwHwYDVR0jBBgwFoAUAZMNF9JAGHbA3jGOeu6bWFvS
+dWkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAicBli36ISJFu
+lrJqOHVqTeNP6go0I35VGnP44nEEP5cBvRD3XntBFEk5D3mSNNOGt+2ncxom8VR9
+FsLuTfHAipXePJI6MSxFuBPea8V/YPBs3npk5f1FRvJ5vEgtzFvBjsKmp1dS9hH0
+KUWtWcsAkO2Anc/LVc0xxSidL8NjzYoEFqiki0TNNwCJjmd9XwnBLHW38sEb/pgy
+KTyRpOyG3Zg2UDjBHiXPBrmIvVFLB6+LrPNvfr1k4HjIgVY539ZXUvVMDKytMrDY
+h63EMDn4kkPpxXlufgWGybjN5D51OylyWBZLe+L1DQyWEg0Vd7GwPzb6p7bmI7MP
+pooqbgbDpQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_key.pem b/s2a/src/test/resources/root_key.pem
new file mode 100644
index 00000000000..aae992426d7
--- /dev/null
+++ b/s2a/src/test/resources/root_key.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInmQVkXP3TFcCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGeCAVH1pefxBIIEyD3Nj1Dy19oy
+fogU+z8YBLXuSCx8s3zncYPF9nYlegGSSo0ace/WxfPu8AEPus1P2MxlxfcCQ1A+
+5+vMihtEpgpTg9R4RlLAWs45jz4AduGiwqW05+W5zgDn6g7p7HIL0+M5FxKRkAW0
+KEH4Jy8Vc1XQxkhOm1Q4NLI8PT94rcBDE9Od03sdrW/hQgaOFz5AWOlT5jF1uUOz
+glF1RQQxfJygTB6qlPTC3BAaiAnWij3NOg5L5vvUhjLa7iOZOhRQBRkf4YtHsM+2
+rFy8Z7MeHOvrqFf8LXosNy3JreQW036rLGR0Xh5myATkNrEwA8df37AgLUmwqyfz
+hjZefPW77LgMAXlaN8s345AGikOX8yQKEFzPV/Nag32p6t4oiRRcUUfdB4wzKi6T
+mzZ6lKcGR3qqL4V6lJSV3I2fmgkYZnUwymolyu+1+CVYDLuE53TBi5dRXwgOghi7
+npw7PqqQCian8yxHF9c1rYukD0ov0/y8ratjOu9XoJG2/wWQJNvDkAyc3mSJf+3y
+6Wtu1qhLszU8pZOGW0fK6bGyHSp+wkoah/vRzB0+yFjvuMIG6py2ZDQeqhqS3ZV2
+nZHHjj0tZ45Wbdf4k17ujEK34pFXluPH//zADnd6ym2W0t6x+jtqR5tYu3poORQg
+jFgpudkn2RUSq8N/gIiHDwblYBxU2dmyzEVudv1zNgVSHyetGLxsFoNB7Prn89rJ
+u24a/xtuCyC2pshWo3KiL74hkkCsC8rLbEAAbADheb35b+Ca3JnMwgyUHbHL6Hqf
+EiVIgm14lB/1uz651X58Boo6tDFkgrxEtGDUIZm8yk2n0tGflp7BtYbMCw+7gqhb
+XN4hlhFDcCJm8peXcyCtGajOnBuNO9JJDNYor6QjptaIpQBFb7/0rc7kyO12BIUv
+F9mrCHF18Hd/9AtUO93+tyDAnL64Jqq9tUv8dOVtIfbcHXZSYHf24l0XAiKByb8y
+9NQLUZkIuF4aUZVHV8ZBDdHNqjzqVglKQlGHdw1XBexSal5pC9HvknOmWBgl0aza
+flzeTRPX7TPrMJDE5lgSy58czGpvZzhFYwOp6cwpfjNsiqdzD78Zs0xsRbNg519s
+d+cLmbiU3plWCoYCuDb68eZRRzT+o41+QJG2PoMCpzPw5wMLl6HuW7HXMRFpZKJc
+tPKpeTIzb8hjhA+TwVIVpTPHvvQehtTUQD2mRujdvNM6PF8tnuC3F3sB3PTjeeJg
+uzfEfs3BynRTIj/gX6y87gzwsrwWIEN6U0cCbQ6J1EcgdQCiH8vbhIgfd4DkLgLN
+Kkif+fI/HgBOqaiwSw3sHmWgB6PllVQOKH6qAiejTHR/UUvJTPvgKJFLunmBiF12
+N1bRge1sSXE1eLKVdi+dP1j0o6RxhaRrbX7ie3y/wYHwCJnb8h08DEprgCqoswFs
+SuNKmvlibBHAsnOdhyCTOd9I5n8XzAUUp6mT+C5WDfl7qfYvh6IHFlSrhZ9aS9b6
+RY873cnphKbqU5d7Cr8Ufx4b4SgS+hEnuP8y5IToLQ3BONGQH2lu7nmd89wjW0uo
+IMRXybwf/5FnKhEy8Aw+pD6AxiXC3DZVTKl3SHmjkYBDvNElsJVgygVTKgbOa1Z+
+ovIK/D7QV7Nv3uVortH8XA==
+-----END ENCRYPTED PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/server.csr b/s2a/src/test/resources/server.csr
new file mode 100644
index 00000000000..1657b191133
--- /dev/null
+++ b/s2a/src/test/resources/server.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIChzCCAW8CAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAlPThqu8tfJ4hQKRiUw/vNPfo2L2LQU8NlrRL7rvV
+71E345LGK1h/hM3MHp5VgEvaaIibb0hSNv/TYz3HVCQyNuPlcmkHZTJ9mB0icilU
+rYWdM0LPIg46iThmIQVhMiNfpMKQLDLQ7o3Jktjm32OxnQdtYSV+7NFnw8/0pB4j
+iaiBYfZIMeGzEJIOFG8GSNJG0pfCI71DyLRonIcb2XzfeDPHeWSF7lbIoMGAuKIE
+2mXpwHmAjTMJzIShSgLqCvmbz7wR3ZeVMknXcgcqMmagGphy8SjizIWC5KRbrnRq
+F22Ouxdat6scIevRXGp5nYawFYdpK9qo+82gEouVX3dtSQIDAQABoC4wLAYJKoZI
+hvcNAQkOMR8wHTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3
+DQEBCwUAA4IBAQB2qU354OlNVunhZhiOFNwabovxLcgKoQz+GtJ2EzsMEza+NPvV
+dttPxXzqL/U+gDghvGzSYGuh2yMfTTPO+XtZKpvMUmIWonN5jItbFwSTaWcoE8Qs
+zFZokRuFJ9dy017u642mpdf6neUzjbfCjWs8+3jyFzWlkrMF3RlSTxPuksWjhXsX
+dxxLNu8YWcsYRB3fODHqrlBNuDn+9kb9z8to+yq76MA0HtdDkjd/dfgghiTDJhqm
+IcwhBXufwQUrOP4YiuiwM0mo7Xlhw65gnSmRcwR9ha98SV2zG5kiRYE+m+94bDbd
+kGBRfhpQSzh1w09cVzmLgzkfxRShEB+bb9Ss
+-----END CERTIFICATE REQUEST-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/server_cert.pem b/s2a/src/test/resources/server_cert.pem
new file mode 100644
index 00000000000..10a98cf5c21
--- /dev/null
+++ b/s2a/src/test/resources/server_cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIUMZkgD5gtoa39H9jdI/ijVkyxC/swDQYJKoZIhvcNAQEL
+BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X
+DTIzMTAxNzIzMDg1M1oXDTQzMTAxNzIzMDg1M1owFDESMBAGA1UEAwwJbG9jYWxo
+b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPThqu8tfJ4hQKRi
+Uw/vNPfo2L2LQU8NlrRL7rvV71E345LGK1h/hM3MHp5VgEvaaIibb0hSNv/TYz3H
+VCQyNuPlcmkHZTJ9mB0icilUrYWdM0LPIg46iThmIQVhMiNfpMKQLDLQ7o3Jktjm
+32OxnQdtYSV+7NFnw8/0pB4jiaiBYfZIMeGzEJIOFG8GSNJG0pfCI71DyLRonIcb
+2XzfeDPHeWSF7lbIoMGAuKIE2mXpwHmAjTMJzIShSgLqCvmbz7wR3ZeVMknXcgcq
+MmagGphy8SjizIWC5KRbrnRqF22Ouxdat6scIevRXGp5nYawFYdpK9qo+82gEouV
+X3dtSQIDAQABo18wXTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMB0GA1Ud
+DgQWBBTKJU+NK7Q6ZPccSigRCMBCBgjkaDAfBgNVHSMEGDAWgBQBkw0X0kAYdsDe
+MY567ptYW9J1aTANBgkqhkiG9w0BAQsFAAOCAQEAXuCs6MGVoND8TaJ6qaDmqtpy
+wKEW2hsGclI9yv5cMS0XCVTkmKYnIoijtqv6Pdh8PfhIx5oJqJC8Ml16w4Iou4+6
+kKF0DdzdQyiM0OlNCgLYPiR4rh0ZCAFFCvOsDum1g+b9JTFZGooK4TMd9thwms4D
+SqpP5v1NWf/ZLH5TYnp2CkPzBxDlnMJZphuWtPHL+78TbgQuQaKu2nMLBGBJqtFi
+HDOGxckgZuwBsy0c+aC/ZwaV7FdMP42kxUZduCEx8+BDSGwPoEpz6pwVIkjiyYAm
+3O8FUeEPzYzwpkANIbbEIDWV6FVH9IahKRRkE+bL3BqoQkv8SMciEA5zWsPrbA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/server_key.pem b/s2a/src/test/resources/server_key.pem
new file mode 100644
index 00000000000..44f087dee94
--- /dev/null
+++ b/s2a/src/test/resources/server_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCU9OGq7y18niFA
+pGJTD+809+jYvYtBTw2WtEvuu9XvUTfjksYrWH+EzcwenlWAS9poiJtvSFI2/9Nj
+PcdUJDI24+VyaQdlMn2YHSJyKVSthZ0zQs8iDjqJOGYhBWEyI1+kwpAsMtDujcmS
+2ObfY7GdB21hJX7s0WfDz/SkHiOJqIFh9kgx4bMQkg4UbwZI0kbSl8IjvUPItGic
+hxvZfN94M8d5ZIXuVsigwYC4ogTaZenAeYCNMwnMhKFKAuoK+ZvPvBHdl5UySddy
+ByoyZqAamHLxKOLMhYLkpFuudGoXbY67F1q3qxwh69FcanmdhrAVh2kr2qj7zaAS
+i5Vfd21JAgMBAAECggEACTBuN4hXywdKT92UP0GNZTwh/jT7QUUqNnDa+lhWI1Rk
+WUK1vPjRrRSxEfZ8mdSUHbzHsf7JK6FungGyqUsuWdqHTh6SmTibLOYnONm54paK
+kx38/0HXdJ2pF0Jos5ohDV3/XOqpnv3aQJfm7kMNMv3BTqvsf5mPiDHtCq7dTGGj
+rGiLc0zirKZq79C6YSB1UMB01BsDl2ScflK8b3osT18uYx/BOdjLT4yZWQsU/nbB
+OeF+ziWTTUAVjodGeTf+NYG7cFN/9N9PdSnAwuw8Nche3xZKbHTh2I578Zd4bsDX
+H+hoMN862nzOXEvD6KyLB8xDdnEZ+p+njeDROJVmgQKBgQDQhzQEl/co1LYc5IDO
+mynhCOtKJeRWBLhYEPIuaSY3qF+lrOWzqyOUNppWDx+HeKOq70X1Q+ETeSXtbaL1
+qHBkNcApQ2lStcpkR9whcVbr9NIWC8y8UQxyerEK3x3l0bZ99dfJ/z6lbxdS7prc
+Hhxy6pUj8Q8AgpTZA8HfQUF1EQKBgQC23ek24kTVvWeWX2C/82H1Yfia6ITL7WHz
+3aEJaZaO5JD3KmOSZgY88Ob3pkDTRYjFZND5zSB7PnM68gpo/OEDla6ZYtfwBWCX
+q4QhFtv2obehobmDk+URVfvlOcBikoEP1i8oy7WdZ5CgC4gNKkkD15l68W+g5IIG
+2ZOA97yUuQKBgDAzoI2TRxmUGciR9UhMy6Bt/F12ZtKPYsFQoXqi6aeh7wIP9kTS
+wXWoLYLJGiOpekOv7X7lQujKbz7zweCBIAG5/wJKx9TLms4VYkgEt+/w9oMMFTZO
+kc8Al14I9xNBp6p0In5Z1vRMupp79yX8e90AZpsZRLt8c8W6PZ1Kq0PRAoGBAKmD
+7LzD46t/eJccs0M9CoG94Ac5pGCmHTdDLBTdnIO5vehhkwwTJ5U2e+T2aQFwY+kY
+G+B1FrconQj3dk78nFoGV2Q5DJOjaHcwt7s0xZNLNj7O/HnMj3wSiP9lGcJGrP1R
+P0ZCEIlph9fU2LnbiPPW2J/vT9uF+EMBTosvG9GBAoGAEVaDLLXOHj+oh1i6YY7s
+0qokN2CdeKY4gG7iKjuDFb0r/l6R9uFvpUwJMhLEkF5SPQMyrzKFdnTpw3n/jnRa
+AWG6GoV+D7LES+lHP5TXKKijbnHJdFjW8PtfDXHCJ6uGG91vH0TMMp1LqhcvGfTv
+lcNGXkk6gUNSecxBC1uJfKE=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/settings.gradle b/settings.gradle
index 61972e30b6c..03eca809226 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -65,6 +65,7 @@ include ":grpc-benchmarks"
 include ":grpc-services"
 include ":grpc-servlet"
 include ":grpc-servlet-jakarta"
+include ":grpc-s2a"
 include ":grpc-xds"
 include ":grpc-bom"
 include ":grpc-rls"
@@ -100,6 +101,7 @@ project(':grpc-benchmarks').projectDir = "$rootDir/benchmarks" as File
 project(':grpc-services').projectDir = "$rootDir/services" as File
 project(':grpc-servlet').projectDir = "$rootDir/servlet" as File
 project(':grpc-servlet-jakarta').projectDir = "$rootDir/servlet/jakarta" as File
+project(':grpc-s2a').projectDir = "$rootDir/s2a" as File
 project(':grpc-xds').projectDir = "$rootDir/xds" as File
 project(':grpc-bom').projectDir = "$rootDir/bom" as File
 project(':grpc-rls').projectDir = "$rootDir/rls" as File

From 3a6be9ca1e9c8efed109b97546730852b2ab134b Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Mon, 16 Sep 2024 16:32:52 +0530
Subject: [PATCH 004/591] Detect transport executors with no remaining threads
 (#11503)

Detect misconfigured transport executors with too few threads that could further throttle the transport.

Fixes #11271
---
 .../io/grpc/okhttp/OkHttpClientTransport.java | 33 +++++++++++++++++++
 .../okhttp/OkHttpClientTransportTest.java     | 22 +++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index 29d3dbc1cdf..2f6b836dc3a 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -83,9 +83,13 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Random;
+import java.util.concurrent.BrokenBarrierException;
 import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.CyclicBarrier;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -499,8 +503,15 @@ public Runnable start(Listener listener) {
       outboundFlow = new OutboundFlowController(this, frameWriter);
     }
     final CountDownLatch latch = new CountDownLatch(1);
+    final CountDownLatch latchForExtraThread = new CountDownLatch(1);
+    // The transport needs up to two threads to function once started,
+    // but only needs one during handshaking. Start another thread during handshaking
+    // to make sure there's still a free thread available. If the number of threads is exhausted,
+    // it is better to kill the transport than for all the transports to hang unable to send.
+    CyclicBarrier barrier = new CyclicBarrier(2);
     // Connecting in the serializingExecutor, so that some stream operations like synStream
     // will be executed after connected.
+
     serializingExecutor.execute(new Runnable() {
       @Override
       public void run() {
@@ -510,8 +521,14 @@ public void run() {
         // initial preface.
         try {
           latch.await();
+          barrier.await(1000, TimeUnit.MILLISECONDS);
         } catch (InterruptedException e) {
           Thread.currentThread().interrupt();
+        } catch (TimeoutException | BrokenBarrierException e) {
+          startGoAway(0, ErrorCode.INTERNAL_ERROR, Status.UNAVAILABLE
+              .withDescription("Timed out waiting for second handshake thread. "
+                + "The transport executor pool may have run out of threads"));
+          return;
         }
         // Use closed source on failure so that the reader immediately shuts down.
         BufferedSource source = Okio.buffer(new Source() {
@@ -575,6 +592,7 @@ sslSocketFactory, hostnameVerifier, sock, getOverridenHost(), getOverridenPort()
           return;
         } finally {
           clientFrameHandler = new ClientFrameHandler(variant.newReader(source, true));
+          latchForExtraThread.countDown();
         }
         synchronized (lock) {
           socket = Preconditions.checkNotNull(sock, "socket");
@@ -584,6 +602,21 @@ sslSocketFactory, hostnameVerifier, sock, getOverridenHost(), getOverridenPort()
         }
       }
     });
+
+    executor.execute(new Runnable() {
+      @Override
+      public void run() {
+        try {
+          barrier.await(1000, TimeUnit.MILLISECONDS);
+          latchForExtraThread.await();
+        } catch (BrokenBarrierException | TimeoutException e) {
+          // Something bad happened, maybe too few threads available!
+          // This will be handled in the handshake thread.
+        } catch (InterruptedException e) {
+          Thread.currentThread().interrupt();
+        }
+      }
+    });
     // Schedule to send connection preface & settings before any other write.
     try {
       sendConnectionPrefaceAndSettings();
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
index 987cc09203e..daf5073992e 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
@@ -247,6 +247,28 @@ public void testToString() throws Exception {
     assertTrue("Unexpected: " + s, s.contains(address.toString()));
   }
 
+  @Test
+  public void testTransportExecutorWithTooFewThreads() throws Exception {
+    ExecutorService fixedPoolExecutor = Executors.newFixedThreadPool(1);
+    channelBuilder.transportExecutor(fixedPoolExecutor);
+    InetSocketAddress address = InetSocketAddress.createUnresolved("hostname", 31415);
+    clientTransport = new OkHttpClientTransport(
+        channelBuilder.buildTransportFactory(),
+        address,
+        "hostname",
+        null,
+        EAG_ATTRS,
+        NO_PROXY,
+        tooManyPingsRunnable);
+    clientTransport.start(transportListener);
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(statusCaptor.capture());
+    Status capturedStatus = statusCaptor.getValue();
+    assertEquals("Timed out waiting for second handshake thread. "
+        + "The transport executor pool may have run out of threads",
+        capturedStatus.getDescription());
+  }
+
   /**
    * Test logging is functioning correctly for client received Http/2 frames. Not intended to test
    * actual frame content being logged.

From 5bec9096a2318f7b29022b8c91ea7168f0ddc177 Mon Sep 17 00:00:00 2001
From: yifeizhuang <yifeizhuang@gmail.com>
Date: Mon, 16 Sep 2024 14:43:27 -0700
Subject: [PATCH 005/591] Otel server context interceptor (#11500)

Add opentelemetry tracing API, guarded by environmental variable(disabled by default).
Use server interceptor to explicitly propagate span to the application thread.
---
 opentelemetry/build.gradle                    |   6 +-
 .../grpc/opentelemetry/GrpcOpenTelemetry.java |  26 +++
 .../InternalGrpcOpenTelemetry.java            |   4 +
 .../OpenTelemetryTracingModule.java           |  93 ++++++++-
 .../opentelemetry/GrpcOpenTelemetryTest.java  |  55 ++++++
 .../OpenTelemetryTracingModuleTest.java       | 181 +++++++++++++++++-
 6 files changed, 357 insertions(+), 8 deletions(-)

diff --git a/opentelemetry/build.gradle b/opentelemetry/build.gradle
index 509960e5dbc..00d913c280d 100644
--- a/opentelemetry/build.gradle
+++ b/opentelemetry/build.gradle
@@ -14,8 +14,10 @@ dependencies {
             libraries.opentelemetry.api,
             libraries.auto.value.annotations
 
-    testImplementation testFixtures(project(':grpc-core')),
-            project(':grpc-testing'),
+    testImplementation project(':grpc-testing'),
+            project(':grpc-inprocess'),
+            testFixtures(project(':grpc-core')),
+            testFixtures(project(':grpc-api')),
             libraries.opentelemetry.sdk.testing,
             libraries.assertj.core // opentelemetry.sdk.testing uses compileOnly for assertj
 
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
index 03183ef4920..6b257a18a6c 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
@@ -33,10 +33,12 @@
 import io.grpc.ManagedChannelBuilder;
 import io.grpc.MetricSink;
 import io.grpc.ServerBuilder;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
 import io.opentelemetry.api.OpenTelemetry;
 import io.opentelemetry.api.metrics.Meter;
 import io.opentelemetry.api.metrics.MeterProvider;
+import io.opentelemetry.api.trace.Tracer;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -61,6 +63,10 @@ public Stopwatch get() {
     }
   };
 
+  @VisibleForTesting
+  static boolean ENABLE_OTEL_TRACING = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_ENABLE_OTEL_TRACING",
+      false);
+
   private final OpenTelemetry openTelemetrySdk;
   private final MeterProvider meterProvider;
   private final Meter meter;
@@ -68,6 +74,7 @@ public Stopwatch get() {
   private final boolean disableDefault;
   private final OpenTelemetryMetricsResource resource;
   private final OpenTelemetryMetricsModule openTelemetryMetricsModule;
+  private final OpenTelemetryTracingModule openTelemetryTracingModule;
   private final List<String> optionalLabels;
   private final MetricSink sink;
 
@@ -88,6 +95,7 @@ private GrpcOpenTelemetry(Builder builder) {
     this.optionalLabels = ImmutableList.copyOf(builder.optionalLabels);
     this.openTelemetryMetricsModule = new OpenTelemetryMetricsModule(
         STOPWATCH_SUPPLIER, resource, optionalLabels, builder.plugins);
+    this.openTelemetryTracingModule = new OpenTelemetryTracingModule(openTelemetrySdk);
     this.sink = new OpenTelemetryMetricSink(meter, enableMetrics, disableDefault, optionalLabels);
   }
 
@@ -125,6 +133,11 @@ MetricSink getSink() {
     return sink;
   }
 
+  @VisibleForTesting
+  Tracer getTracer() {
+    return this.openTelemetryTracingModule.getTracer();
+  }
+
   /**
    * Registers GrpcOpenTelemetry globally, applying its configuration to all subsequently created
    * gRPC channels and servers.
@@ -152,6 +165,9 @@ public void configureChannelBuilder(ManagedChannelBuilder<?> builder) {
     InternalManagedChannelBuilder.addMetricSink(builder, sink);
     InternalManagedChannelBuilder.interceptWithTarget(
         builder, openTelemetryMetricsModule::getClientInterceptor);
+    if (ENABLE_OTEL_TRACING) {
+      builder.intercept(openTelemetryTracingModule.getClientInterceptor());
+    }
   }
 
   /**
@@ -161,6 +177,11 @@ public void configureChannelBuilder(ManagedChannelBuilder<?> builder) {
    */
   public void configureServerBuilder(ServerBuilder<?> serverBuilder) {
     serverBuilder.addStreamTracerFactory(openTelemetryMetricsModule.getServerTracerFactory());
+    if (ENABLE_OTEL_TRACING) {
+      serverBuilder.addStreamTracerFactory(
+          openTelemetryTracingModule.getServerTracerFactory());
+      serverBuilder.intercept(openTelemetryTracingModule.getServerSpanPropagationInterceptor());
+    }
   }
 
   @VisibleForTesting
@@ -342,6 +363,11 @@ public Builder disableAllMetrics() {
       return this;
     }
 
+    Builder enableTracing(boolean enable) {
+      ENABLE_OTEL_TRACING = enable;
+      return this;
+    }
+
     /**
      * Returns a new {@link GrpcOpenTelemetry} built with the configuration of this {@link
      * Builder}.
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/InternalGrpcOpenTelemetry.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/InternalGrpcOpenTelemetry.java
index 5d5543dddda..ea1e7ab803f 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/InternalGrpcOpenTelemetry.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/InternalGrpcOpenTelemetry.java
@@ -29,4 +29,8 @@ public static void builderPlugin(
       GrpcOpenTelemetry.Builder builder, InternalOpenTelemetryPlugin plugin) {
     builder.plugin(plugin);
   }
+
+  public static void enableTracing(GrpcOpenTelemetry.Builder builder, boolean enable) {
+    builder.enableTracing(enable);
+  }
 }
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
index 11659c87708..6f2d3268ae0 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.ClientStreamTracer.NAME_RESOLUTION_DELAYED;
+import static io.grpc.internal.GrpcUtil.IMPLEMENTATION_VERSION;
 
 import com.google.common.annotations.VisibleForTesting;
 import io.grpc.Attributes;
@@ -28,15 +29,21 @@
 import io.grpc.ClientStreamTracer;
 import io.grpc.ForwardingClientCall.SimpleForwardingClientCall;
 import io.grpc.ForwardingClientCallListener.SimpleForwardingClientCallListener;
+import io.grpc.ForwardingServerCallListener;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.ServerCall;
+import io.grpc.ServerCallHandler;
+import io.grpc.ServerInterceptor;
 import io.grpc.ServerStreamTracer;
+import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
 import io.opentelemetry.api.OpenTelemetry;
 import io.opentelemetry.api.common.AttributesBuilder;
 import io.opentelemetry.api.trace.Span;
 import io.opentelemetry.api.trace.StatusCode;
 import io.opentelemetry.api.trace.Tracer;
 import io.opentelemetry.context.Context;
+import io.opentelemetry.context.Scope;
 import io.opentelemetry.context.propagation.ContextPropagators;
 import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
 import java.util.logging.Level;
@@ -50,7 +57,7 @@ final class OpenTelemetryTracingModule {
   private static final Logger logger = Logger.getLogger(OpenTelemetryTracingModule.class.getName());
 
   @VisibleForTesting
-  static final String OTEL_TRACING_SCOPE_NAME = "grpc-java";
+  final io.grpc.Context.Key<Span> otelSpan = io.grpc.Context.key("opentelemetry-span-key");
   @Nullable
   private static final AtomicIntegerFieldUpdater<CallAttemptsTracerFactory> callEndedUpdater;
   @Nullable
@@ -83,13 +90,23 @@ final class OpenTelemetryTracingModule {
   private final MetadataGetter metadataGetter = MetadataGetter.getInstance();
   private final MetadataSetter metadataSetter = MetadataSetter.getInstance();
   private final TracingClientInterceptor clientInterceptor = new TracingClientInterceptor();
+  private final ServerInterceptor serverSpanPropagationInterceptor =
+      new TracingServerSpanPropagationInterceptor();
   private final ServerTracerFactory serverTracerFactory = new ServerTracerFactory();
 
   OpenTelemetryTracingModule(OpenTelemetry openTelemetry) {
-    this.otelTracer = checkNotNull(openTelemetry.getTracer(OTEL_TRACING_SCOPE_NAME), "otelTracer");
+    this.otelTracer = checkNotNull(openTelemetry.getTracerProvider(), "tracerProvider")
+        .tracerBuilder(OpenTelemetryConstants.INSTRUMENTATION_SCOPE)
+        .setInstrumentationVersion(IMPLEMENTATION_VERSION)
+        .build();
     this.contextPropagators = checkNotNull(openTelemetry.getPropagators(), "contextPropagators");
   }
 
+  @VisibleForTesting
+  Tracer getTracer() {
+    return otelTracer;
+  }
+
   /**
    * Creates a {@link CallAttemptsTracerFactory} for a new call.
    */
@@ -112,6 +129,10 @@ ClientInterceptor getClientInterceptor() {
     return clientInterceptor;
   }
 
+  ServerInterceptor getServerSpanPropagationInterceptor() {
+    return serverSpanPropagationInterceptor;
+  }
+
   @VisibleForTesting
   final class CallAttemptsTracerFactory extends ClientStreamTracer.Factory {
     volatile int callEnded;
@@ -252,6 +273,11 @@ public void streamClosed(io.grpc.Status status) {
       endSpanWithStatus(span, status);
     }
 
+    @Override
+    public io.grpc.Context filterContext(io.grpc.Context context) {
+      return context.withValue(otelSpan, span);
+    }
+
     @Override
     public void outboundMessageSent(
         int seqNo, long optionalWireSize, long optionalUncompressedSize) {
@@ -293,6 +319,69 @@ public ServerStreamTracer newServerStreamTracer(String fullMethodName, Metadata
     }
   }
 
+  @VisibleForTesting
+  final class TracingServerSpanPropagationInterceptor implements ServerInterceptor {
+    @Override
+    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> call,
+        Metadata headers, ServerCallHandler<ReqT, RespT> next) {
+      Span span = otelSpan.get(io.grpc.Context.current());
+      if (span == null) {
+        logger.log(Level.FINE, "Server span not found. ServerTracerFactory for server "
+            + "tracing must be set.");
+        return next.startCall(call, headers);
+      }
+      Context serverCallContext = Context.current().with(span);
+      try (Scope scope = serverCallContext.makeCurrent()) {
+        return new ContextServerCallListener<>(next.startCall(call, headers), serverCallContext);
+      }
+    }
+  }
+
+  private static class ContextServerCallListener<ReqT> extends
+      ForwardingServerCallListener.SimpleForwardingServerCallListener<ReqT> {
+    private final Context context;
+
+    protected ContextServerCallListener(ServerCall.Listener<ReqT> delegate, Context context) {
+      super(delegate);
+      this.context = checkNotNull(context, "context");
+    }
+
+    @Override
+    public void onMessage(ReqT message) {
+      try (Scope scope = context.makeCurrent()) {
+        delegate().onMessage(message);
+      }
+    }
+
+    @Override
+    public void onHalfClose() {
+      try (Scope scope = context.makeCurrent()) {
+        delegate().onHalfClose();
+      }
+    }
+
+    @Override
+    public void onCancel() {
+      try (Scope scope = context.makeCurrent()) {
+        delegate().onCancel();
+      }
+    }
+
+    @Override
+    public void onComplete() {
+      try (Scope scope = context.makeCurrent()) {
+        delegate().onComplete();
+      }
+    }
+
+    @Override
+    public void onReady() {
+      try (Scope scope = context.makeCurrent()) {
+        delegate().onReady();
+      }
+    }
+  }
+
   @VisibleForTesting
   final class TracingClientInterceptor implements ClientInterceptor {
 
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
index e4a0fa46e8b..1ae7b755a48 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
@@ -17,15 +17,26 @@
 package io.grpc.opentelemetry;
 
 import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 import com.google.common.collect.ImmutableList;
+import io.grpc.ClientInterceptor;
+import io.grpc.ManagedChannelBuilder;
 import io.grpc.MetricSink;
+import io.grpc.ServerBuilder;
 import io.grpc.internal.GrpcUtil;
 import io.opentelemetry.api.OpenTelemetry;
 import io.opentelemetry.sdk.OpenTelemetrySdk;
 import io.opentelemetry.sdk.metrics.SdkMeterProvider;
 import io.opentelemetry.sdk.testing.exporter.InMemoryMetricReader;
+import io.opentelemetry.sdk.trace.SdkTracerProvider;
 import java.util.Arrays;
+import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -35,7 +46,19 @@ public class GrpcOpenTelemetryTest {
   private final InMemoryMetricReader inMemoryMetricReader = InMemoryMetricReader.create();
   private final SdkMeterProvider meterProvider =
       SdkMeterProvider.builder().registerMetricReader(inMemoryMetricReader).build();
+  private final SdkTracerProvider tracerProvider = SdkTracerProvider.builder().build();
   private final OpenTelemetry noopOpenTelemetry = OpenTelemetry.noop();
+  private boolean originalEnableOtelTracing;
+
+  @Before
+  public void setup() {
+    originalEnableOtelTracing = GrpcOpenTelemetry.ENABLE_OTEL_TRACING;
+  }
+
+  @After
+  public void tearDown() {
+    GrpcOpenTelemetry.ENABLE_OTEL_TRACING = originalEnableOtelTracing;
+  }
 
   @Test
   public void build() {
@@ -56,6 +79,31 @@ public void build() {
     assertThat(openTelemetryModule.getOptionalLabels()).isEqualTo(ImmutableList.of("version"));
   }
 
+  @Test
+  public void buildTracer() {
+    OpenTelemetrySdk sdk =
+        OpenTelemetrySdk.builder().setTracerProvider(tracerProvider).build();
+
+    GrpcOpenTelemetry grpcOpenTelemetry = GrpcOpenTelemetry.newBuilder()
+        .enableTracing(true)
+        .sdk(sdk).build();
+
+    assertThat(grpcOpenTelemetry.getOpenTelemetryInstance()).isSameInstanceAs(sdk);
+    assertThat(grpcOpenTelemetry.getTracer()).isSameInstanceAs(
+        tracerProvider.tracerBuilder("grpc-java")
+            .setInstrumentationVersion(GrpcUtil.IMPLEMENTATION_VERSION)
+            .build());
+    ServerBuilder<?> mockServerBuiler = mock(ServerBuilder.class);
+    grpcOpenTelemetry.configureServerBuilder(mockServerBuiler);
+    verify(mockServerBuiler, times(2)).addStreamTracerFactory(any());
+    verify(mockServerBuiler).intercept(any());
+    verifyNoMoreInteractions(mockServerBuiler);
+
+    ManagedChannelBuilder<?> mockChannelBuilder = mock(ManagedChannelBuilder.class);
+    grpcOpenTelemetry.configureChannelBuilder(mockChannelBuilder);
+    verify(mockChannelBuilder).intercept(any(ClientInterceptor.class));
+  }
+
   @Test
   public void builderDefaults() {
     GrpcOpenTelemetry module = GrpcOpenTelemetry.newBuilder().build();
@@ -73,6 +121,13 @@ public void builderDefaults() {
     assertThat(module.getEnableMetrics()).isEmpty();
     assertThat(module.getOptionalLabels()).isEmpty();
     assertThat(module.getSink()).isInstanceOf(MetricSink.class);
+
+    assertThat(module.getTracer()).isSameInstanceAs(noopOpenTelemetry
+        .getTracerProvider()
+        .tracerBuilder("grpc-java")
+        .setInstrumentationVersion(GrpcUtil.IMPLEMENTATION_VERSION)
+        .build()
+    );
   }
 
   @Test
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
index 68cba17e802..89e79d55d25 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
@@ -17,13 +17,14 @@
 package io.grpc.opentelemetry;
 
 import static io.grpc.ClientStreamTracer.NAME_RESOLUTION_DELAYED;
-import static io.grpc.opentelemetry.OpenTelemetryTracingModule.OTEL_TRACING_SCOPE_NAME;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -38,14 +39,23 @@
 import io.grpc.ClientInterceptor;
 import io.grpc.ClientInterceptors;
 import io.grpc.ClientStreamTracer;
+import io.grpc.ManagedChannel;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.NoopServerCall;
+import io.grpc.Server;
 import io.grpc.ServerCall;
 import io.grpc.ServerCallHandler;
+import io.grpc.ServerInterceptor;
+import io.grpc.ServerInterceptors;
 import io.grpc.ServerServiceDefinition;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
+import io.grpc.inprocess.InProcessChannelBuilder;
+import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.opentelemetry.OpenTelemetryTracingModule.CallAttemptsTracerFactory;
+import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
+import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.testing.GrpcServerRule;
 import io.opentelemetry.api.OpenTelemetry;
 import io.opentelemetry.api.trace.Span;
@@ -54,6 +64,8 @@
 import io.opentelemetry.api.trace.StatusCode;
 import io.opentelemetry.api.trace.TraceId;
 import io.opentelemetry.api.trace.Tracer;
+import io.opentelemetry.api.trace.TracerBuilder;
+import io.opentelemetry.api.trace.TracerProvider;
 import io.opentelemetry.context.Context;
 import io.opentelemetry.context.Scope;
 import io.opentelemetry.context.propagation.ContextPropagators;
@@ -130,6 +142,8 @@ public String parse(InputStream stream) {
   public final OpenTelemetryRule openTelemetryRule = OpenTelemetryRule.create();
   @Rule
   public final GrpcServerRule grpcServerRule = new GrpcServerRule().directExecutor();
+  @Rule
+  public final GrpcCleanupRule grpcCleanupRule = new GrpcCleanupRule();
   private Tracer tracerRule;
   @Mock
   private Tracer mockTracer;
@@ -156,8 +170,15 @@ public String parse(InputStream stream) {
 
   @Before
   public void setUp() {
-    tracerRule = openTelemetryRule.getOpenTelemetry().getTracer(OTEL_TRACING_SCOPE_NAME);
-    when(mockOpenTelemetry.getTracer(OTEL_TRACING_SCOPE_NAME)).thenReturn(mockTracer);
+    tracerRule = openTelemetryRule.getOpenTelemetry().getTracer(
+        OpenTelemetryConstants.INSTRUMENTATION_SCOPE);
+    TracerProvider mockTracerProvider = mock(TracerProvider.class);
+    when(mockOpenTelemetry.getTracerProvider()).thenReturn(mockTracerProvider);
+    TracerBuilder mockTracerBuilder = mock(TracerBuilder.class);
+    when(mockTracerProvider.tracerBuilder(OpenTelemetryConstants.INSTRUMENTATION_SCOPE))
+        .thenReturn(mockTracerBuilder);
+    when(mockTracerBuilder.setInstrumentationVersion(any())).thenReturn(mockTracerBuilder);
+    when(mockTracerBuilder.build()).thenReturn(mockTracer);
     when(mockOpenTelemetry.getPropagators()).thenReturn(ContextPropagators.create(mockPropagator));
     when(mockSpanBuilder.startSpan()).thenReturn(mockAttemptSpan);
     when(mockSpanBuilder.setParent(any())).thenReturn(mockSpanBuilder);
@@ -451,7 +472,8 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
 
   @Test
   public void clientStreamNeverCreatedStillRecordTracing() {
-    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(mockOpenTelemetry);
+    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(
+        openTelemetryRule.getOpenTelemetry());
     CallAttemptsTracerFactory callTracer =
         tracingModule.newClientCallTracer(mockClientSpan, method);
 
@@ -570,6 +592,157 @@ public void grpcTraceBinPropagator() {
         Span.fromContext(contextArgumentCaptor.getValue()).getSpanContext());
   }
 
+  @Test
+  public void testServerParentSpanPropagation() throws Exception {
+    final AtomicReference<Span> applicationSpan = new AtomicReference<>();
+    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(
+        openTelemetryRule.getOpenTelemetry());
+    ServerServiceDefinition serviceDefinition =
+        ServerServiceDefinition.builder("package1.service2").addMethod(
+            method, new ServerCallHandler<String, String>() {
+              @Override
+              public ServerCall.Listener<String> startCall(
+                  ServerCall<String, String> call, Metadata headers) {
+                applicationSpan.set(Span.fromContext(Context.current()));
+                call.sendHeaders(new Metadata());
+                call.sendMessage("Hello");
+                call.close(
+                    Status.PERMISSION_DENIED.withDescription("No you don't"), new Metadata());
+                return mockServerCallListener;
+              }
+            }).build();
+
+    Server server = InProcessServerBuilder.forName("test-server-span")
+        .addService(
+            ServerInterceptors.intercept(serviceDefinition,
+                tracingModule.getServerSpanPropagationInterceptor()))
+        .addStreamTracerFactory(tracingModule.getServerTracerFactory())
+        .directExecutor().build().start();
+    grpcCleanupRule.register(server);
+
+    ManagedChannel channel = InProcessChannelBuilder.forName("test-server-span")
+        .directExecutor().build();
+    grpcCleanupRule.register(channel);
+
+    Span parentSpan = tracerRule.spanBuilder("test-parent-span").startSpan();
+    try (Scope scope = Context.current().with(parentSpan).makeCurrent()) {
+      Channel interceptedChannel =
+          ClientInterceptors.intercept(
+              channel, tracingModule.getClientInterceptor());
+      ClientCall<String, String> call = interceptedChannel.newCall(method, CALL_OPTIONS);
+      Metadata headers = new Metadata();
+      call.start(mockClientCallListener, headers);
+
+      // End the call
+      call.halfClose();
+      call.request(1);
+      parentSpan.end();
+    }
+
+    verify(mockClientCallListener).onClose(statusCaptor.capture(), any(Metadata.class));
+    Status rpcStatus = statusCaptor.getValue();
+    assertEquals(rpcStatus.getCode(), Status.Code.PERMISSION_DENIED);
+    assertEquals(rpcStatus.getDescription(), "No you don't");
+    assertEquals(applicationSpan.get().getSpanContext().getTraceId(),
+        parentSpan.getSpanContext().getTraceId());
+
+    List<SpanData> spans = openTelemetryRule.getSpans();
+    assertEquals(spans.size(), 4);
+    SpanData clientSpan = spans.get(2);
+    SpanData attemptSpan = spans.get(1);
+
+    assertEquals(clientSpan.getName(), "Sent.package1.service2.method3");
+    assertTrue(clientSpan.hasEnded());
+    assertEquals(clientSpan.getStatus().getStatusCode(), StatusCode.ERROR);
+    assertEquals(clientSpan.getStatus().getDescription(), "PERMISSION_DENIED: No you don't");
+
+    assertEquals(attemptSpan.getName(), "Attempt.package1.service2.method3");
+    assertTrue(attemptSpan.hasEnded());
+    assertEquals(attemptSpan.getStatus().getStatusCode(), StatusCode.ERROR);
+    assertEquals(attemptSpan.getStatus().getDescription(), "PERMISSION_DENIED: No you don't");
+
+    SpanData serverSpan = spans.get(0);
+    assertEquals(serverSpan.getName(), "Recv.package1.service2.method3");
+    assertTrue(serverSpan.hasEnded());
+    assertEquals(serverSpan.getStatus().getStatusCode(), StatusCode.ERROR);
+    assertEquals(serverSpan.getStatus().getDescription(), "PERMISSION_DENIED: No you don't");
+  }
+
+  @Test
+  public void serverSpanPropagationInterceptor() throws Exception {
+    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(
+        openTelemetryRule.getOpenTelemetry());
+    Server server = InProcessServerBuilder.forName("test-span-propagation-interceptor")
+        .directExecutor().build().start();
+    grpcCleanupRule.register(server);
+    final AtomicReference<Span> callbackSpan = new AtomicReference<>();
+    ServerCall.Listener<Integer> getContextListener = new ServerCall.Listener<Integer>() {
+      @Override
+      public void onMessage(Integer message) {
+        callbackSpan.set(Span.fromContext(Context.current()));
+      }
+
+      @Override
+      public void onHalfClose() {
+        callbackSpan.set(Span.fromContext(Context.current()));
+      }
+
+      @Override
+      public void onCancel() {
+        callbackSpan.set(Span.fromContext(Context.current()));
+      }
+
+      @Override
+      public void onComplete() {
+        callbackSpan.set(Span.fromContext(Context.current()));
+      }
+    };
+    ServerInterceptor interceptor = tracingModule.getServerSpanPropagationInterceptor();
+    @SuppressWarnings("unchecked")
+    ServerCallHandler<Integer, Integer> handler = mock(ServerCallHandler.class);
+    when(handler.startCall(any(), any())).thenReturn(getContextListener);
+    ServerCall<Integer, Integer> call = new NoopServerCall<>();
+    Metadata metadata = new Metadata();
+    ServerCall.Listener<Integer> listener = interceptor.interceptCall(call, metadata, handler);
+    verify(handler).startCall(same(call), same(metadata));
+    listener.onMessage(1);
+    assertEquals(callbackSpan.get(), Span.getInvalid());
+    listener.onReady();
+    assertEquals(callbackSpan.get(), Span.getInvalid());
+    listener.onCancel();
+    assertEquals(callbackSpan.get(), Span.getInvalid());
+    listener.onHalfClose();
+    assertEquals(callbackSpan.get(), Span.getInvalid());
+    listener.onComplete();
+    assertEquals(callbackSpan.get(), Span.getInvalid());
+
+    Span parentSpan = tracerRule.spanBuilder("parent-span").startSpan();
+    io.grpc.Context context = io.grpc.Context.current().withValue(
+        tracingModule.otelSpan, parentSpan);
+    io.grpc.Context previous = context.attach();
+    try {
+      listener = interceptor.interceptCall(call, metadata, handler);
+      verify(handler, times(2)).startCall(same(call), same(metadata));
+      listener.onMessage(1);
+      assertEquals(callbackSpan.get().getSpanContext().getTraceId(),
+          parentSpan.getSpanContext().getTraceId());
+      listener.onReady();
+      assertEquals(callbackSpan.get().getSpanContext().getTraceId(),
+          parentSpan.getSpanContext().getTraceId());
+      listener.onCancel();
+      assertEquals(callbackSpan.get().getSpanContext().getTraceId(),
+          parentSpan.getSpanContext().getTraceId());
+      listener.onHalfClose();
+      assertEquals(callbackSpan.get().getSpanContext().getTraceId(),
+          parentSpan.getSpanContext().getTraceId());
+      listener.onComplete();
+      assertEquals(callbackSpan.get().getSpanContext().getTraceId(),
+          parentSpan.getSpanContext().getTraceId());
+    } finally {
+      context.detach(previous);
+    }
+  }
+
   @Test
   public void generateTraceSpanName() {
     assertEquals(

From ce33df4a6f646621ef03f4ba6a6d76bd0bae67e6 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 16 Sep 2024 14:54:08 -0700
Subject: [PATCH 006/591] s2a: Use new-style syntax for plugins and remove
 unused deps

There may be more unused deps, but #11527 makes it far too painful for
me to bother to clean it up more.
---
 s2a/build.gradle | 42 ++----------------------------------------
 1 file changed, 2 insertions(+), 40 deletions(-)

diff --git a/s2a/build.gradle b/s2a/build.gradle
index 403ac93552f..234f983fd5c 100644
--- a/s2a/build.gradle
+++ b/s2a/build.gradle
@@ -1,22 +1,15 @@
-buildscript {
-  dependencies {
-    classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0'
-  }
-}
-
 plugins {
     id "java-library"
     id "maven-publish"
 
     id "com.github.johnrengelman.shadow"
+    id "com.google.osdetector"
     id "com.google.protobuf"
     id "ru.vyarus.animalsniffer"
 }
 
 description = "gRPC: S2A"
 
-apply plugin: "com.google.osdetector"
-
 dependencies {
 
     api project(':grpc-api')
@@ -24,7 +17,6 @@ dependencies {
             project(':grpc-protobuf'),
             project(':grpc-core'),
             libraries.protobuf.java,
-            libraries.conscrypt,
             libraries.guava.jre // JRE required by protobuf-java-util from grpclb
     def nettyDependency = implementation project(':grpc-netty')
     compileOnly libraries.javax.annotation
@@ -36,12 +28,7 @@ dependencies {
             project(':grpc-testing'),
             project(':grpc-testing-proto'),
             testFixtures(project(':grpc-core')),
-            libraries.guava,
-            libraries.junit,
-            libraries.mockito.core,
-            libraries.truth,
-            libraries.conscrypt,
-            libraries.netty.transport.epoll
+            libraries.guava
 
     testImplementation 'com.google.truth:truth:1.4.2'
     testImplementation 'com.google.truth.extensions:truth-proto-extension:1.4.2' 
@@ -74,35 +61,10 @@ dependencies {
             classifier = "windows-x86_64"
         }
     }
-    testRuntimeOnly (libraries.netty.transport.epoll) {
-        artifact {
-            classifier = "linux-x86_64"
-        }
-    }
 
     signature libraries.signature.java
 }
 
-tasks.named("compileJava") {
-    dependsOn(tasks.named("generateProto"))
-    //dependsOn(tasks.named("syncGeneratedSourcesmain"))
-}
-
-
-tasks.named("sourcesJar") {
-    dependsOn(tasks.named("generateProto"))
-    //dependsOn(tasks.named("syncGeneratedSourcesmain"))
-}
-
-sourceSets {
-  main {
-    //java.srcDirs += "src/generated/main/java"
-    //java.srcDirs += "src/generated/main/grpc"
-  }
-}
-//println sourceSets.main.java.srcDirs
-//println sourceSets.test.resources.srcDirs
-
 configureProtoCompilation()
 
 tasks.named("javadoc").configure {

From bdc0530e1db16d98702da348796ef4e71c301b13 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Tue, 17 Sep 2024 11:12:27 -0700
Subject: [PATCH 007/591] Fix slow tests that took 40 seconds to get through
 tearDown. (#11530)

---
 .../java/io/grpc/s2a/handshaker/IntegrationTest.java     | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
index 859771a4afa..d9224f69b91 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
@@ -180,14 +180,15 @@ public void setUp() throws Exception {
 
   @After
   public void tearDown() throws Exception {
-    server.awaitTermination(10, SECONDS);
     server.shutdown();
-    s2aServer.awaitTermination(10, SECONDS);
     s2aServer.shutdown();
-    s2aDelayServer.awaitTermination(10, SECONDS);
     s2aDelayServer.shutdown();
-    mtlsS2AServer.awaitTermination(10, SECONDS);
     mtlsS2AServer.shutdown();
+
+    server.awaitTermination(10, SECONDS);
+    s2aServer.awaitTermination(10, SECONDS);
+    s2aDelayServer.awaitTermination(10, SECONDS);
+    mtlsS2AServer.awaitTermination(10, SECONDS);
   }
 
   @Test

From 9b0c19e698f0aa28b10f1c6513b5fb51b3e21954 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 16 Sep 2024 18:16:07 -0700
Subject: [PATCH 008/591] s2a: Cleanups to IntegrationTest

Move unused and unimportant fields to local variables. pickUnusedPort()
is inherently racy, so avoid using it when unnecessary. The channel's
default executor is fine to use, but if you don't like it
directExecutor() would be an option too. But blocking stub doesn't even
use the executor for unary RPCs. Thread.join() does not propagate
exceptions from the Thread; it just waits for the thread to exit.
---
 .../grpc/s2a/handshaker/IntegrationTest.java  | 86 ++++++-------------
 1 file changed, 27 insertions(+), 59 deletions(-)

diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
index d9224f69b91..19dda7a19e4 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
@@ -44,9 +44,7 @@
 import io.netty.handler.ssl.SslProvider;
 import java.io.ByteArrayInputStream;
 import java.io.File;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.logging.Level;
+import java.util.concurrent.FutureTask;
 import java.util.logging.Logger;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSessionContext;
@@ -127,28 +125,21 @@ public final class IntegrationTest {
         + "-----END PRIVATE KEY-----";
 
   private String s2aAddress;
-  private int s2aPort;
   private Server s2aServer;
   private String s2aDelayAddress;
-  private int s2aDelayPort;
   private Server s2aDelayServer;
   private String mtlsS2AAddress;
-  private int mtlsS2APort;
   private Server mtlsS2AServer;
-  private int serverPort;
   private String serverAddress;
   private Server server;
 
   @Before
   public void setUp() throws Exception {
-    s2aPort = Utils.pickUnusedPort();
+    s2aServer = ServerBuilder.forPort(0).addService(new FakeS2AServer()).build().start();
+    int s2aPort = s2aServer.getPort();
     s2aAddress = "localhost:" + s2aPort;
-    s2aServer = ServerBuilder.forPort(s2aPort).addService(new FakeS2AServer()).build();
     logger.info("S2A service listening on localhost:" + s2aPort);
-    s2aServer.start();
 
-    mtlsS2APort = Utils.pickUnusedPort();
-    mtlsS2AAddress = "localhost:" + mtlsS2APort;
     File s2aCert = new File("src/test/resources/server_cert.pem");
     File s2aKey = new File("src/test/resources/server_key.pem");
     File rootCert = new File("src/test/resources/root_cert.pem");
@@ -158,24 +149,25 @@ public void setUp() throws Exception {
             .trustManager(rootCert)
             .clientAuth(TlsServerCredentials.ClientAuth.REQUIRE)
             .build();
-    mtlsS2AServer =
-        NettyServerBuilder.forPort(mtlsS2APort, s2aCreds).addService(new FakeS2AServer()).build();
-    logger.info("mTLS S2A service listening on localhost:" + mtlsS2APort);
+    mtlsS2AServer = NettyServerBuilder.forPort(0, s2aCreds).addService(new FakeS2AServer()).build();
     mtlsS2AServer.start();
+    int mtlsS2APort = mtlsS2AServer.getPort();
+    mtlsS2AAddress = "localhost:" + mtlsS2APort;
+    logger.info("mTLS S2A service listening on localhost:" + mtlsS2APort);
 
-    s2aDelayPort = Utils.pickUnusedPort();
+    int s2aDelayPort = Utils.pickUnusedPort();
     s2aDelayAddress = "localhost:" + s2aDelayPort;
     s2aDelayServer = ServerBuilder.forPort(s2aDelayPort).addService(new FakeS2AServer()).build();
 
-    serverPort = Utils.pickUnusedPort();
-    serverAddress = "localhost:" + serverPort;
     server =
-        NettyServerBuilder.forPort(serverPort)
+        NettyServerBuilder.forPort(0)
             .addService(new SimpleServiceImpl())
             .sslContext(buildSslContext())
-            .build();
+            .build()
+            .start();
+    int serverPort = server.getPort();
+    serverAddress = "localhost:" + serverPort;
     logger.info("Simple Service listening on localhost:" + serverPort);
-    server.start();
   }
 
   @After
@@ -193,28 +185,23 @@ public void tearDown() throws Exception {
 
   @Test
   public void clientCommunicateUsingS2ACredentials_succeeds() throws Exception {
-    ExecutorService executor = Executors.newSingleThreadExecutor();
     ChannelCredentials credentials =
         S2AChannelCredentials.createBuilder(s2aAddress).setLocalSpiffeId("test-spiffe-id").build();
-    ManagedChannel channel =
-        Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build();
+    ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
-    assertThat(doUnaryRpc(executor, channel)).isTrue();
+    assertThat(doUnaryRpc(channel)).isTrue();
   }
 
   @Test
   public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throws Exception {
-    ExecutorService executor = Executors.newSingleThreadExecutor();
     ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aAddress).build();
-    ManagedChannel channel =
-        Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build();
+    ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
-    assertThat(doUnaryRpc(executor, channel)).isTrue();
+    assertThat(doUnaryRpc(channel)).isTrue();
   }
 
   @Test
   public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Exception {
-    ExecutorService executor = Executors.newSingleThreadExecutor();
     ChannelCredentials credentials =
         MtlsToS2AChannelCredentials.createBuilder(
                 /* s2aAddress= */ mtlsS2AAddress,
@@ -224,41 +211,24 @@ public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Excepti
             .build()
             .setLocalSpiffeId("test-spiffe-id")
             .build();
-    ManagedChannel channel =
-        Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build();
+    ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
-    assertThat(doUnaryRpc(executor, channel)).isTrue();
+    assertThat(doUnaryRpc(channel)).isTrue();
   }
 
   @Test
   public void clientCommunicateUsingS2ACredentials_s2AdelayStart_succeeds() throws Exception {
-    DoUnaryRpc doUnaryRpc = new DoUnaryRpc();
-    doUnaryRpc.start();
+    ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aDelayAddress).build();
+    ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
+
+    FutureTask<Boolean> rpc = new FutureTask<>(() -> doUnaryRpc(channel));
+    new Thread(rpc).start();
     Thread.sleep(2000);
     s2aDelayServer.start();
-    doUnaryRpc.join();
-  }
-
-  private class DoUnaryRpc extends Thread {
-    @Override
-    public void run() {
-      ExecutorService executor = Executors.newSingleThreadExecutor();
-      ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aDelayAddress).build();
-      ManagedChannel channel =
-          Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build();
-      boolean result = false;
-      try {
-        result = doUnaryRpc(executor, channel);
-      } catch (InterruptedException e) {
-        logger.log(Level.SEVERE, "Failed to do unary rpc", e);
-        result = false;
-      }
-      assertThat(result).isTrue();
-    }
+    assertThat(rpc.get()).isTrue();
   }
 
-  public static boolean doUnaryRpc(ExecutorService executor, ManagedChannel channel)
-      throws InterruptedException {
+  public static boolean doUnaryRpc(ManagedChannel channel) throws InterruptedException {
     try {
       SimpleServiceGrpc.SimpleServiceBlockingStub stub =
           SimpleServiceGrpc.newBlockingStub(channel);
@@ -277,8 +247,6 @@ public static boolean doUnaryRpc(ExecutorService executor, ManagedChannel channe
     } finally {
       channel.shutdown();
       channel.awaitTermination(1, SECONDS);
-      executor.shutdown();
-      executor.awaitTermination(1, SECONDS);
     }
   }
 
@@ -318,4 +286,4 @@ public void unaryRpc(SimpleRequest request, StreamObserver<SimpleResponse> obser
       observer.onCompleted();
     }
   }
-}
\ No newline at end of file
+}

From 782a44ad62f84d19291b0771b56b431e6e723752 Mon Sep 17 00:00:00 2001
From: yifeizhuang <yifeizhuang@gmail.com>
Date: Thu, 19 Sep 2024 09:52:38 -0700
Subject: [PATCH 009/591] Implement ContextStorageOverride for opentelemetry
 context bridge (#11523)

---
 contextstorage/build.gradle                   |  28 ++++
 .../grpc/override/ContextStorageOverride.java |  46 ++++++
 .../override/OpenTelemetryContextStorage.java |  72 +++++++++
 .../OpenTelemetryContextStorageTest.java      | 144 ++++++++++++++++++
 settings.gradle                               |   2 +
 5 files changed, 292 insertions(+)
 create mode 100644 contextstorage/build.gradle
 create mode 100644 contextstorage/src/main/java/io/grpc/override/ContextStorageOverride.java
 create mode 100644 contextstorage/src/main/java/io/grpc/override/OpenTelemetryContextStorage.java
 create mode 100644 contextstorage/src/test/java/io/grpc/override/OpenTelemetryContextStorageTest.java

diff --git a/contextstorage/build.gradle b/contextstorage/build.gradle
new file mode 100644
index 00000000000..10c7f3a3a86
--- /dev/null
+++ b/contextstorage/build.gradle
@@ -0,0 +1,28 @@
+plugins {
+    id "java-library"
+    // until we are confident we like the name
+    //id "maven-publish"
+
+    id "ru.vyarus.animalsniffer"
+}
+
+description = 'gRPC: ContextStorageOverride'
+
+dependencies {
+    api project(':grpc-api')
+    implementation libraries.opentelemetry.api
+
+    testImplementation libraries.junit,
+            libraries.opentelemetry.sdk.testing,
+            libraries.assertj.core
+    testImplementation 'junit:junit:4.13.1'// opentelemetry.sdk.testing uses compileOnly for assertj
+
+    signature libraries.signature.java
+    signature libraries.signature.android
+}
+
+tasks.named("jar").configure {
+    manifest {
+        attributes('Automatic-Module-Name': 'io.grpc.override')
+    }
+}
diff --git a/contextstorage/src/main/java/io/grpc/override/ContextStorageOverride.java b/contextstorage/src/main/java/io/grpc/override/ContextStorageOverride.java
new file mode 100644
index 00000000000..41b24765de0
--- /dev/null
+++ b/contextstorage/src/main/java/io/grpc/override/ContextStorageOverride.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.override;
+
+import io.grpc.Context;
+
+/**
+ * Including this class in your dependencies will override the default gRPC context storage using
+ * reflection. It is a bridge between {@link io.grpc.Context} and
+ * {@link io.opentelemetry.context.Context}, i.e. propagating io.grpc.context.Context also
+ * propagates io.opentelemetry.context, and propagating io.opentelemetry.context will also propagate
+ * io.grpc.context.
+ */
+public final class ContextStorageOverride extends Context.Storage {
+
+  private final Context.Storage delegate = new OpenTelemetryContextStorage();
+
+  @Override
+  public Context doAttach(Context toAttach) {
+    return delegate.doAttach(toAttach);
+  }
+
+  @Override
+  public void detach(Context toDetach, Context toRestore) {
+    delegate.detach(toDetach, toRestore);
+  }
+
+  @Override
+  public Context current() {
+    return delegate.current();
+  }
+}
diff --git a/contextstorage/src/main/java/io/grpc/override/OpenTelemetryContextStorage.java b/contextstorage/src/main/java/io/grpc/override/OpenTelemetryContextStorage.java
new file mode 100644
index 00000000000..01356e9f406
--- /dev/null
+++ b/contextstorage/src/main/java/io/grpc/override/OpenTelemetryContextStorage.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.override;
+
+import io.grpc.Context;
+import io.opentelemetry.context.ContextKey;
+import io.opentelemetry.context.Scope;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * A Context.Storage implementation that attaches io.grpc.context to OpenTelemetry's context and
+ * io.opentelemetry.context is also saved in the io.grpc.context.
+ * Bridge between {@link io.grpc.Context} and {@link io.opentelemetry.context.Context}.
+ */
+final class OpenTelemetryContextStorage extends Context.Storage {
+  private static final Logger logger = Logger.getLogger(
+      OpenTelemetryContextStorage.class.getName());
+
+  private static final io.grpc.Context.Key<io.opentelemetry.context.Context> OTEL_CONTEXT_OVER_GRPC
+      = io.grpc.Context.key("otel-context-over-grpc");
+  private static final Context.Key<Scope> OTEL_SCOPE = Context.key("otel-scope");
+  private static final ContextKey<io.grpc.Context> GRPC_CONTEXT_OVER_OTEL =
+      ContextKey.named("grpc-context-over-otel");
+
+  @Override
+  @SuppressWarnings("MustBeClosedChecker")
+  public Context doAttach(Context toAttach) {
+    io.grpc.Context previous = current();
+    io.opentelemetry.context.Context otelContext = OTEL_CONTEXT_OVER_GRPC.get(toAttach);
+    if (otelContext == null) {
+      otelContext = io.opentelemetry.context.Context.current();
+    }
+    Scope scope = otelContext.with(GRPC_CONTEXT_OVER_OTEL, toAttach).makeCurrent();
+    return previous.withValue(OTEL_SCOPE, scope);
+  }
+
+  @Override
+  public void detach(Context toDetach, Context toRestore) {
+    Scope scope = OTEL_SCOPE.get(toRestore);
+    if (scope == null) {
+      logger.log(
+          Level.SEVERE, "Detaching context which was not attached.");
+    } else {
+      scope.close();
+    }
+  }
+
+  @Override
+  public Context current() {
+    io.opentelemetry.context.Context otelCurrent = io.opentelemetry.context.Context.current();
+    io.grpc.Context grpcCurrent = otelCurrent.get(GRPC_CONTEXT_OVER_OTEL);
+    if (grpcCurrent == null) {
+      grpcCurrent = Context.ROOT;
+    }
+    return grpcCurrent.withValue(OTEL_CONTEXT_OVER_GRPC, otelCurrent);
+  }
+}
diff --git a/contextstorage/src/test/java/io/grpc/override/OpenTelemetryContextStorageTest.java b/contextstorage/src/test/java/io/grpc/override/OpenTelemetryContextStorageTest.java
new file mode 100644
index 00000000000..3c628964342
--- /dev/null
+++ b/contextstorage/src/test/java/io/grpc/override/OpenTelemetryContextStorageTest.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.override;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
+import com.google.common.util.concurrent.SettableFuture;
+import io.opentelemetry.api.trace.Span;
+import io.opentelemetry.api.trace.Tracer;
+import io.opentelemetry.context.Context;
+import io.opentelemetry.context.ContextKey;
+import io.opentelemetry.context.Scope;
+import io.opentelemetry.sdk.testing.junit4.OpenTelemetryRule;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class OpenTelemetryContextStorageTest {
+  @Rule
+  public final OpenTelemetryRule openTelemetryRule = OpenTelemetryRule.create();
+  private Tracer tracerRule = openTelemetryRule.getOpenTelemetry().getTracer(
+      "context-storage-test");
+  private final io.grpc.Context.Key<String> username = io.grpc.Context.key("username");
+  private final ContextKey<String> password = ContextKey.named("password");
+
+  @Test
+  public void grpcContextPropagation() throws Exception {
+    final Span parentSpan = tracerRule.spanBuilder("test-context").startSpan();
+    final SettableFuture<Span> spanPropagated = SettableFuture.create();
+    final SettableFuture<String> grpcContextPropagated = SettableFuture.create();
+    final SettableFuture<Span> spanDetached = SettableFuture.create();
+    final SettableFuture<String> grpcContextDetached = SettableFuture.create();
+
+    io.grpc.Context grpcContext;
+    try (Scope scope = Context.current().with(parentSpan).makeCurrent()) {
+      grpcContext = io.grpc.Context.current().withValue(username, "jeff");
+    }
+    new Thread(new Runnable() {
+      @Override
+      public void run() {
+        io.grpc.Context previous = grpcContext.attach();
+        try {
+          grpcContextPropagated.set(username.get(io.grpc.Context.current()));
+          spanPropagated.set(Span.fromContext(io.opentelemetry.context.Context.current()));
+        } finally {
+          grpcContext.detach(previous);
+          spanDetached.set(Span.fromContext(io.opentelemetry.context.Context.current()));
+          grpcContextDetached.set(username.get(io.grpc.Context.current()));
+        }
+      }
+    }).start();
+    Assert.assertEquals(spanPropagated.get(5, TimeUnit.SECONDS), parentSpan);
+    Assert.assertEquals(grpcContextPropagated.get(5, TimeUnit.SECONDS), "jeff");
+    Assert.assertEquals(spanDetached.get(5, TimeUnit.SECONDS), Span.getInvalid());
+    Assert.assertNull(grpcContextDetached.get(5, TimeUnit.SECONDS));
+  }
+
+  @Test
+  public void otelContextPropagation() throws Exception {
+    final SettableFuture<String> grpcPropagated = SettableFuture.create();
+    final AtomicReference<String> otelPropagation = new AtomicReference<>();
+
+    io.grpc.Context grpcContext = io.grpc.Context.current().withValue(username, "jeff");
+    io.grpc.Context previous = grpcContext.attach();
+    Context original = Context.current().with(password, "valentine");
+    try {
+      new Thread(
+          () -> {
+            try (Scope scope = original.makeCurrent()) {
+              otelPropagation.set(Context.current().get(password));
+              grpcPropagated.set(username.get(io.grpc.Context.current()));
+            }
+          }
+      ).start();
+    } finally {
+      grpcContext.detach(previous);
+    }
+    Assert.assertEquals(grpcPropagated.get(5, TimeUnit.SECONDS), "jeff");
+    Assert.assertEquals(otelPropagation.get(), "valentine");
+  }
+
+  @Test
+  public void grpcOtelMix() {
+    io.grpc.Context grpcContext = io.grpc.Context.current().withValue(username, "jeff");
+    Context otelContext = Context.current().with(password, "valentine");
+    Assert.assertNull(username.get(io.grpc.Context.current()));
+    Assert.assertNull(Context.current().get(password));
+    io.grpc.Context previous = grpcContext.attach();
+    try {
+      assertEquals(username.get(io.grpc.Context.current()), "jeff");
+      try (Scope scope = otelContext.makeCurrent()) {
+        Assert.assertEquals(Context.current().get(password), "valentine");
+        assertNull(username.get(io.grpc.Context.current()));
+
+        io.grpc.Context grpcContext2 = io.grpc.Context.current().withValue(username, "frank");
+        io.grpc.Context previous2 = grpcContext2.attach();
+        try {
+          assertEquals(username.get(io.grpc.Context.current()), "frank");
+          Assert.assertEquals(Context.current().get(password), "valentine");
+        } finally {
+          grpcContext2.detach(previous2);
+        }
+        assertNull(username.get(io.grpc.Context.current()));
+        Assert.assertEquals(Context.current().get(password), "valentine");
+      }
+    } finally {
+      grpcContext.detach(previous);
+    }
+    Assert.assertNull(username.get(io.grpc.Context.current()));
+    Assert.assertNull(Context.current().get(password));
+  }
+
+  @Test
+  public void grpcContextDetachError() {
+    io.grpc.Context grpcContext = io.grpc.Context.current().withValue(username, "jeff");
+    io.grpc.Context previous = grpcContext.attach();
+    try {
+      previous.detach(grpcContext);
+      assertEquals(username.get(io.grpc.Context.current()), "jeff");
+    } finally {
+      grpcContext.detach(previous);
+    }
+  }
+}
diff --git a/settings.gradle b/settings.gradle
index 03eca809226..b661e0f52db 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -77,6 +77,7 @@ include ":grpc-istio-interop-testing"
 include ":grpc-inprocess"
 include ":grpc-util"
 include ":grpc-opentelemetry"
+include ":grpc-opentelemetry-context-storage-override"
 
 project(':grpc-api').projectDir = "$rootDir/api" as File
 project(':grpc-core').projectDir = "$rootDir/core" as File
@@ -113,6 +114,7 @@ project(':grpc-istio-interop-testing').projectDir = "$rootDir/istio-interop-test
 project(':grpc-inprocess').projectDir = "$rootDir/inprocess" as File
 project(':grpc-util').projectDir = "$rootDir/util" as File
 project(':grpc-opentelemetry').projectDir = "$rootDir/opentelemetry" as File
+project(':grpc-opentelemetry-context-storage-override').projectDir = "$rootDir/contextstorage" as File
 
 if (settings.hasProperty('skipCodegen') && skipCodegen.toBoolean()) {
     println '*** Skipping the build of codegen and compilation of proto files because skipCodegen=true'

From e75a044107bc8701b2e328b7ec633c982fb3a844 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Fri, 20 Sep 2024 12:32:54 -0700
Subject: [PATCH 010/591] s2a,netty: S2AHandshakerServiceChannel doesn't use
 custom event loop. (#11539)

* S2AHandshakerServiceChannel doesn't use custom event loop.

* use executorPool.

* log when channel not shutdown.

* use a cached threadpool.

* update non-executor version.
---
 .../netty/InternalProtocolNegotiators.java    | 18 ++++++-
 .../channel/S2AHandshakerServiceChannel.java  | 50 +++++++------------
 .../S2AProtocolNegotiatorFactory.java         |  7 ++-
 .../S2AHandshakerServiceChannelTest.java      | 46 +++++++----------
 4 files changed, 56 insertions(+), 65 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
index 0d309828c6d..b9c6a77982a 100644
--- a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
@@ -17,12 +17,14 @@
 package io.grpc.netty;
 
 import io.grpc.ChannelLogger;
+import io.grpc.internal.ObjectPool;
 import io.grpc.netty.ProtocolNegotiators.ClientTlsHandler;
 import io.grpc.netty.ProtocolNegotiators.GrpcNegotiationHandler;
 import io.grpc.netty.ProtocolNegotiators.WaitUntilActiveHandler;
 import io.netty.channel.ChannelHandler;
 import io.netty.handler.ssl.SslContext;
 import io.netty.util.AsciiString;
+import java.util.concurrent.Executor;
 
 /**
  * Internal accessor for {@link ProtocolNegotiators}.
@@ -35,9 +37,12 @@ private InternalProtocolNegotiators() {}
    * Returns a {@link ProtocolNegotiator} that ensures the pipeline is set up so that TLS will
    * be negotiated, the {@code handler} is added and writes to the {@link io.netty.channel.Channel}
    * may happen immediately, even before the TLS Handshake is complete.
+   * @param executorPool a dedicated {@link Executor} pool for time-consuming TLS tasks
    */
-  public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslContext) {
-    final io.grpc.netty.ProtocolNegotiator negotiator = ProtocolNegotiators.tls(sslContext);
+  public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslContext,
+          ObjectPool<? extends Executor> executorPool) {
+    final io.grpc.netty.ProtocolNegotiator negotiator = ProtocolNegotiators.tls(sslContext,
+        executorPool);
     final class TlsNegotiator implements InternalProtocolNegotiator.ProtocolNegotiator {
 
       @Override
@@ -58,6 +63,15 @@ public void close() {
     
     return new TlsNegotiator();
   }
+  
+  /**
+   * Returns a {@link ProtocolNegotiator} that ensures the pipeline is set up so that TLS will
+   * be negotiated, the {@code handler} is added and writes to the {@link io.netty.channel.Channel}
+   * may happen immediately, even before the TLS Handshake is complete.
+   */
+  public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslContext) {
+    return tls(sslContext, null);
+  }
 
   /**
    * Returns a {@link ProtocolNegotiator} that ensures the pipeline is set up so that TLS will be
diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
index 75ec7347bb5..90956907bfe 100644
--- a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
+++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
@@ -29,13 +29,11 @@
 import io.grpc.MethodDescriptor;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyChannelBuilder;
-import io.netty.channel.EventLoopGroup;
-import io.netty.channel.nio.NioEventLoopGroup;
-import io.netty.channel.socket.nio.NioSocketChannel;
-import io.netty.util.concurrent.DefaultThreadFactory;
 import java.time.Duration;
 import java.util.Optional;
 import java.util.concurrent.ConcurrentMap;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
@@ -61,7 +59,6 @@
 public final class S2AHandshakerServiceChannel {
   private static final ConcurrentMap<String, Resource<Channel>> SHARED_RESOURCE_CHANNELS =
       Maps.newConcurrentMap();
-  private static final Duration DELEGATE_TERMINATION_TIMEOUT = Duration.ofSeconds(2);
   private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10);
 
   /**
@@ -95,41 +92,34 @@ public ChannelResource(String targetAddress, Optional<ChannelCredentials> channe
     }
 
     /**
-     * Creates a {@code EventLoopHoldingChannel} instance to the service running at {@code
-     * targetAddress}. This channel uses a dedicated thread pool for its {@code EventLoopGroup}
-     * instance to avoid blocking.
+     * Creates a {@code HandshakerServiceChannel} instance to the service running at {@code
+     * targetAddress}.
      */
     @Override
     public Channel create() {
-      EventLoopGroup eventLoopGroup =
-          new NioEventLoopGroup(1, new DefaultThreadFactory("S2A channel pool", true));
       ManagedChannel channel = null;
       if (channelCredentials.isPresent()) {
         // Create a secure channel.
         channel =
             NettyChannelBuilder.forTarget(targetAddress, channelCredentials.get())
-                .channelType(NioSocketChannel.class)
                 .directExecutor()
-                .eventLoopGroup(eventLoopGroup)
                 .build();
       } else {
         // Create a plaintext channel.
         channel =
             NettyChannelBuilder.forTarget(targetAddress)
-                .channelType(NioSocketChannel.class)
                 .directExecutor()
-                .eventLoopGroup(eventLoopGroup)
                 .usePlaintext()
                 .build();
       }
-      return EventLoopHoldingChannel.create(channel, eventLoopGroup);
+      return HandshakerServiceChannel.create(channel);
     }
 
-    /** Destroys a {@code EventLoopHoldingChannel} instance. */
+    /** Destroys a {@code HandshakerServiceChannel} instance. */
     @Override
     public void close(Channel instanceChannel) {
       checkNotNull(instanceChannel);
-      EventLoopHoldingChannel channel = (EventLoopHoldingChannel) instanceChannel;
+      HandshakerServiceChannel channel = (HandshakerServiceChannel) instanceChannel;
       channel.close();
     }
 
@@ -140,23 +130,21 @@ public String toString() {
   }
 
   /**
-   * Manages a channel using a {@link ManagedChannel} instance that belong to the {@code
-   * EventLoopGroup} thread pool.
+   * Manages a channel using a {@link ManagedChannel} instance.
    */
   @VisibleForTesting
-  static class EventLoopHoldingChannel extends Channel {
+  static class HandshakerServiceChannel extends Channel {
+    private static final Logger logger =
+          Logger.getLogger(S2AHandshakerServiceChannel.class.getName());
     private final ManagedChannel delegate;
-    private final EventLoopGroup eventLoopGroup;
 
-    static EventLoopHoldingChannel create(ManagedChannel delegate, EventLoopGroup eventLoopGroup) {
+    static HandshakerServiceChannel create(ManagedChannel delegate) {
       checkNotNull(delegate);
-      checkNotNull(eventLoopGroup);
-      return new EventLoopHoldingChannel(delegate, eventLoopGroup);
+      return new HandshakerServiceChannel(delegate);
     }
 
-    private EventLoopHoldingChannel(ManagedChannel delegate, EventLoopGroup eventLoopGroup) {
+    private HandshakerServiceChannel(ManagedChannel delegate) {
       this.delegate = delegate;
-      this.eventLoopGroup = eventLoopGroup;
     }
 
     /**
@@ -178,16 +166,12 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> newCall(
     @SuppressWarnings("FutureReturnValueIgnored")
     public void close() {
       delegate.shutdownNow();
-      boolean isDelegateTerminated;
       try {
-        isDelegateTerminated =
-            delegate.awaitTermination(DELEGATE_TERMINATION_TIMEOUT.getSeconds(), SECONDS);
+        delegate.awaitTermination(CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
       } catch (InterruptedException e) {
-        isDelegateTerminated = false;
+        Thread.currentThread().interrupt();
+        logger.log(Level.WARNING, "Channel to S2A was not shutdown.");
       }
-      long quietPeriodSeconds = isDelegateTerminated ? 0 : 1;
-      eventLoopGroup.shutdownGracefully(
-          quietPeriodSeconds, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
     }
   }
 
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java
index 25d1e325ea8..14bdc05238d 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java
@@ -29,7 +29,9 @@
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.errorprone.annotations.ThreadSafe;
 import io.grpc.Channel;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ObjectPool;
+import io.grpc.internal.SharedResourcePool;
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
 import io.grpc.netty.InternalProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
@@ -227,7 +229,10 @@ protected void handlerAdded0(ChannelHandlerContext ctx) {
             @Override
             public void onSuccess(SslContext sslContext) {
               ChannelHandler handler =
-                  InternalProtocolNegotiators.tls(sslContext).newHandler(grpcHandler);
+                  InternalProtocolNegotiators.tls(
+                          sslContext,
+                          SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR))
+                      .newHandler(grpcHandler);
 
               // Remove the bufferReads handler and delegate the rest of the handshake to the TLS
               // handler.
diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
index 57288be1b6f..dc5909442bf 100644
--- a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
@@ -18,11 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
-import static java.util.concurrent.TimeUnit.SECONDS;
 import static org.junit.Assert.assertThrows;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
 
 import io.grpc.CallOptions;
 import io.grpc.Channel;
@@ -39,15 +35,13 @@
 import io.grpc.benchmarks.Utils;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyServerBuilder;
-import io.grpc.s2a.channel.S2AHandshakerServiceChannel.EventLoopHoldingChannel;
+import io.grpc.s2a.channel.S2AHandshakerServiceChannel.HandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.testing.protobuf.SimpleRequest;
 import io.grpc.testing.protobuf.SimpleResponse;
 import io.grpc.testing.protobuf.SimpleServiceGrpc;
-import io.netty.channel.EventLoopGroup;
 import java.io.File;
-import java.time.Duration;
 import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 import org.junit.Before;
@@ -60,8 +54,6 @@
 @RunWith(JUnit4.class)
 public final class S2AHandshakerServiceChannelTest {
   @ClassRule public static final GrpcCleanupRule grpcCleanup = new GrpcCleanupRule();
-  private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10);
-  private final EventLoopGroup mockEventLoopGroup = mock(EventLoopGroup.class);
   private Server mtlsServer;
   private Server plaintextServer;
 
@@ -191,7 +183,7 @@ public void close_mtlsSuccess() throws Exception {
   }
 
   /**
-   * Verifies that an {@code EventLoopHoldingChannel}'s {@code newCall} method can be used to
+   * Verifies that an {@code HandshakerServiceChannel}'s {@code newCall} method can be used to
    * perform a simple RPC.
    */
   @Test
@@ -201,7 +193,7 @@ public void newCall_performSimpleRpcSuccess() {
             "localhost:" + plaintextServer.getPort(),
             /* s2aChannelCredentials= */ Optional.empty());
     Channel channel = resource.create();
-    assertThat(channel).isInstanceOf(EventLoopHoldingChannel.class);
+    assertThat(channel).isInstanceOf(HandshakerServiceChannel.class);
     assertThat(
             SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance()))
         .isEqualToDefaultInstance();
@@ -214,53 +206,49 @@ public void newCall_mtlsPerformSimpleRpcSuccess() throws Exception {
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
     Channel channel = resource.create();
-    assertThat(channel).isInstanceOf(EventLoopHoldingChannel.class);
+    assertThat(channel).isInstanceOf(HandshakerServiceChannel.class);
     assertThat(
             SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance()))
         .isEqualToDefaultInstance();
   }
 
-  /** Creates a {@code EventLoopHoldingChannel} instance and verifies its authority. */
+  /** Creates a {@code HandshakerServiceChannel} instance and verifies its authority. */
   @Test
   public void authority_success() throws Exception {
     ManagedChannel channel = new FakeManagedChannel(true);
-    EventLoopHoldingChannel eventLoopHoldingChannel =
-        EventLoopHoldingChannel.create(channel, mockEventLoopGroup);
+    HandshakerServiceChannel eventLoopHoldingChannel =
+        HandshakerServiceChannel.create(channel);
     assertThat(eventLoopHoldingChannel.authority()).isEqualTo("FakeManagedChannel");
   }
 
   /**
-   * Creates and closes a {@code EventLoopHoldingChannel} when its {@code ManagedChannel} terminates
-   * successfully.
+   * Creates and closes a {@code HandshakerServiceChannel} when its {@code ManagedChannel}
+   * terminates successfully.
    */
   @Test
   public void close_withDelegateTerminatedSuccess() throws Exception {
     ManagedChannel channel = new FakeManagedChannel(true);
-    EventLoopHoldingChannel eventLoopHoldingChannel =
-        EventLoopHoldingChannel.create(channel, mockEventLoopGroup);
+    HandshakerServiceChannel eventLoopHoldingChannel =
+        HandshakerServiceChannel.create(channel);
     eventLoopHoldingChannel.close();
     assertThat(channel.isShutdown()).isTrue();
-    verify(mockEventLoopGroup, times(1))
-        .shutdownGracefully(0, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
   }
 
   /**
-   * Creates and closes a {@code EventLoopHoldingChannel} when its {@code ManagedChannel} does not
+   * Creates and closes a {@code HandshakerServiceChannel} when its {@code ManagedChannel} does not
    * terminate successfully.
    */
   @Test
   public void close_withDelegateTerminatedFailure() throws Exception {
     ManagedChannel channel = new FakeManagedChannel(false);
-    EventLoopHoldingChannel eventLoopHoldingChannel =
-        EventLoopHoldingChannel.create(channel, mockEventLoopGroup);
+    HandshakerServiceChannel eventLoopHoldingChannel =
+        HandshakerServiceChannel.create(channel);
     eventLoopHoldingChannel.close();
     assertThat(channel.isShutdown()).isTrue();
-    verify(mockEventLoopGroup, times(1))
-        .shutdownGracefully(1, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
   }
 
   /**
-   * Creates and closes a {@code EventLoopHoldingChannel}, creates a new channel from the same
+   * Creates and closes a {@code HandshakerServiceChannel}, creates a new channel from the same
    * resource, and verifies that this second channel is useable.
    */
   @Test
@@ -273,7 +261,7 @@ public void create_succeedsAfterCloseIsCalledOnce() throws Exception {
     resource.close(channelOne);
 
     Channel channelTwo = resource.create();
-    assertThat(channelTwo).isInstanceOf(EventLoopHoldingChannel.class);
+    assertThat(channelTwo).isInstanceOf(HandshakerServiceChannel.class);
     assertThat(
             SimpleServiceGrpc.newBlockingStub(channelTwo)
                 .unaryRpc(SimpleRequest.getDefaultInstance()))
@@ -291,7 +279,7 @@ public void create_mtlsSucceedsAfterCloseIsCalledOnce() throws Exception {
     resource.close(channelOne);
 
     Channel channelTwo = resource.create();
-    assertThat(channelTwo).isInstanceOf(EventLoopHoldingChannel.class);
+    assertThat(channelTwo).isInstanceOf(HandshakerServiceChannel.class);
     assertThat(
             SimpleServiceGrpc.newBlockingStub(channelTwo)
                 .unaryRpc(SimpleRequest.getDefaultInstance()))

From d8f73e04566fa588889ca1a422e276d71724643c Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Fri, 20 Sep 2024 15:53:14 -0700
Subject: [PATCH 011/591] s2a: Address comments on PR#11113 (#11534)

* Mark S2A public APIs as experimental.

* Rename S2AChannelCredentials createBuilder API to newBuilder.

* Remove usage of AdvancedTls.

* Use InsecureChannelCredentials.create instead of Optional.

* Invoke Thread.currentThread().interrupt() in a InterruptedException block.
---
 .../grpc/s2a/MtlsToS2AChannelCredentials.java | 21 ++++--------
 .../io/grpc/s2a/S2AChannelCredentials.java    | 12 ++++---
 .../channel/S2AHandshakerServiceChannel.java  | 27 +++++----------
 .../grpc/s2a/handshaker/S2ATrustManager.java  |  3 ++
 .../s2a/MtlsToS2AChannelCredentialsTest.java  | 34 +++++++++----------
 .../grpc/s2a/S2AChannelCredentialsTest.java   | 24 ++++++-------
 .../S2AHandshakerServiceChannelTest.java      | 25 +++++++-------
 .../grpc/s2a/handshaker/IntegrationTest.java  |  8 ++---
 .../S2AProtocolNegotiatorFactoryTest.java     |  2 +-
 .../io/grpc/s2a/handshaker/S2AStubTest.java   |  4 +--
 10 files changed, 73 insertions(+), 87 deletions(-)

diff --git a/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
index 56f612502bf..e8eb01628ed 100644
--- a/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
+++ b/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
@@ -21,17 +21,16 @@
 import static com.google.common.base.Strings.isNullOrEmpty;
 
 import io.grpc.ChannelCredentials;
+import io.grpc.ExperimentalApi;
 import io.grpc.TlsChannelCredentials;
-import io.grpc.util.AdvancedTlsX509KeyManager;
-import io.grpc.util.AdvancedTlsX509TrustManager;
 import java.io.File;
 import java.io.IOException;
-import java.security.GeneralSecurityException;
 
 /**
  * Configures an {@code S2AChannelCredentials.Builder} instance with credentials used to establish a
  * connection with the S2A to support talking to the S2A over mTLS.
  */
+@ExperimentalApi("https://github.com/grpc/grpc-java/issues/11533")
 public final class MtlsToS2AChannelCredentials {
   /**
    * Creates a {@code S2AChannelCredentials.Builder} builder, that talks to the S2A over mTLS.
@@ -42,7 +41,7 @@ public final class MtlsToS2AChannelCredentials {
    * @param trustBundlePath the path to the trust bundle PEM.
    * @return a {@code MtlsToS2AChannelCredentials.Builder} instance.
    */
-  public static Builder createBuilder(
+  public static Builder newBuilder(
       String s2aAddress, String privateKeyPath, String certChainPath, String trustBundlePath) {
     checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
     checkArgument(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty.");
@@ -66,7 +65,7 @@ public static final class Builder {
       this.trustBundlePath = trustBundlePath;
     }
 
-    public S2AChannelCredentials.Builder build() throws GeneralSecurityException, IOException {
+    public S2AChannelCredentials.Builder build() throws IOException {
       checkState(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
       checkState(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty.");
       checkState(!isNullOrEmpty(certChainPath), "certChainPath must not be null or empty.");
@@ -75,19 +74,13 @@ public S2AChannelCredentials.Builder build() throws GeneralSecurityException, IO
       File certChainFile = new File(certChainPath);
       File trustBundleFile = new File(trustBundlePath);
 
-      AdvancedTlsX509KeyManager keyManager = new AdvancedTlsX509KeyManager();
-      keyManager.updateIdentityCredentials(certChainFile, privateKeyFile);
-
-      AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build();
-      trustManager.updateTrustCredentials(trustBundleFile);
-
       ChannelCredentials channelToS2ACredentials =
           TlsChannelCredentials.newBuilder()
-              .keyManager(keyManager)
-              .trustManager(trustManager)
+              .keyManager(certChainFile, privateKeyFile)
+              .trustManager(trustBundleFile)
               .build();
 
-      return S2AChannelCredentials.createBuilder(s2aAddress)
+      return S2AChannelCredentials.newBuilder(s2aAddress)
           .setS2AChannelCredentials(channelToS2ACredentials);
     }
   }
diff --git a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
index 8a5f1f51350..ba0f6d72de1 100644
--- a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
+++ b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
@@ -24,6 +24,8 @@
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
+import io.grpc.ExperimentalApi;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.internal.ObjectPool;
 import io.grpc.internal.SharedResourcePool;
 import io.grpc.netty.InternalNettyChannelCredentials;
@@ -31,7 +33,6 @@
 import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.handshaker.S2AIdentity;
 import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory;
-import java.util.Optional;
 import javax.annotation.concurrent.NotThreadSafe;
 import org.checkerframework.checker.nullness.qual.Nullable;
 
@@ -39,6 +40,7 @@
  * Configures gRPC to use S2A for transport security when establishing a secure channel. Only for
  * use on the client side of a gRPC connection.
  */
+@ExperimentalApi("https://github.com/grpc/grpc-java/issues/11533")
 public final class S2AChannelCredentials {
   /**
    * Creates a channel credentials builder for establishing an S2A-secured connection.
@@ -46,7 +48,7 @@ public final class S2AChannelCredentials {
    * @param s2aAddress the address of the S2A server used to secure the connection.
    * @return a {@code S2AChannelCredentials.Builder} instance.
    */
-  public static Builder createBuilder(String s2aAddress) {
+  public static Builder newBuilder(String s2aAddress) {
     checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
     return new Builder(s2aAddress);
   }
@@ -56,13 +58,13 @@ public static Builder createBuilder(String s2aAddress) {
   public static final class Builder {
     private final String s2aAddress;
     private ObjectPool<Channel> s2aChannelPool;
-    private Optional<ChannelCredentials> s2aChannelCredentials;
+    private ChannelCredentials s2aChannelCredentials;
     private @Nullable S2AIdentity localIdentity = null;
 
     Builder(String s2aAddress) {
       this.s2aAddress = s2aAddress;
       this.s2aChannelPool = null;
-      this.s2aChannelCredentials = Optional.empty();
+      this.s2aChannelCredentials = InsecureChannelCredentials.create();
     }
 
     /**
@@ -107,7 +109,7 @@ public Builder setLocalUid(String localUid) {
     /** Sets the credentials to be used when connecting to the S2A. */
     @CanIgnoreReturnValue
     public Builder setS2AChannelCredentials(ChannelCredentials s2aChannelCredentials) {
-      this.s2aChannelCredentials = Optional.of(s2aChannelCredentials);
+      this.s2aChannelCredentials = s2aChannelCredentials;
       return this;
     }
 
diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
index 90956907bfe..443ea553e52 100644
--- a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
+++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
@@ -30,7 +30,6 @@
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyChannelBuilder;
 import java.time.Duration;
-import java.util.Optional;
 import java.util.concurrent.ConcurrentMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -71,8 +70,9 @@ public final class S2AHandshakerServiceChannel {
    *     running at {@code s2aAddress}.
    */
   public static Resource<Channel> getChannelResource(
-      String s2aAddress, Optional<ChannelCredentials> s2aChannelCredentials) {
+      String s2aAddress, ChannelCredentials s2aChannelCredentials) {
     checkNotNull(s2aAddress);
+    checkNotNull(s2aChannelCredentials);
     return SHARED_RESOURCE_CHANNELS.computeIfAbsent(
         s2aAddress, channelResource -> new ChannelResource(s2aAddress, s2aChannelCredentials));
   }
@@ -84,9 +84,9 @@ public static Resource<Channel> getChannelResource(
    */
   private static class ChannelResource implements Resource<Channel> {
     private final String targetAddress;
-    private final Optional<ChannelCredentials> channelCredentials;
+    private final ChannelCredentials channelCredentials;
 
-    public ChannelResource(String targetAddress, Optional<ChannelCredentials> channelCredentials) {
+    public ChannelResource(String targetAddress, ChannelCredentials channelCredentials) {
       this.targetAddress = targetAddress;
       this.channelCredentials = channelCredentials;
     }
@@ -97,21 +97,10 @@ public ChannelResource(String targetAddress, Optional<ChannelCredentials> channe
      */
     @Override
     public Channel create() {
-      ManagedChannel channel = null;
-      if (channelCredentials.isPresent()) {
-        // Create a secure channel.
-        channel =
-            NettyChannelBuilder.forTarget(targetAddress, channelCredentials.get())
-                .directExecutor()
-                .build();
-      } else {
-        // Create a plaintext channel.
-        channel =
-            NettyChannelBuilder.forTarget(targetAddress)
-                .directExecutor()
-                .usePlaintext()
-                .build();
-      }
+      ManagedChannel channel =
+          NettyChannelBuilder.forTarget(targetAddress, channelCredentials)
+              .directExecutor()
+              .build();
       return HandshakerServiceChannel.create(channel);
     }
 
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java
index fb113bb29cc..aafbb94c047 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java
@@ -121,6 +121,9 @@ private void checkPeerTrusted(X509Certificate[] chain, boolean isCheckingClientC
     try {
       resp = stub.send(reqBuilder.build());
     } catch (IOException | InterruptedException e) {
+      if (e instanceof InterruptedException) {
+        Thread.currentThread().interrupt();
+      }
       throw new CertificateException("Failed to send request to S2A.", e);
     }
     if (resp.hasStatus() && resp.getStatus().getCode() != 0) {
diff --git a/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java
index 5ccc522292e..0fc4ecb3268 100644
--- a/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java
@@ -26,11 +26,11 @@
 @RunWith(JUnit4.class)
 public final class MtlsToS2AChannelCredentialsTest {
   @Test
-  public void createBuilder_nullAddress_throwsException() throws Exception {
+  public void newBuilder_nullAddress_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ null,
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -38,11 +38,11 @@ public void createBuilder_nullAddress_throwsException() throws Exception {
   }
 
   @Test
-  public void createBuilder_nullPrivateKeyPath_throwsException() throws Exception {
+  public void newBuilder_nullPrivateKeyPath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ null,
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -50,11 +50,11 @@ public void createBuilder_nullPrivateKeyPath_throwsException() throws Exception
   }
 
   @Test
-  public void createBuilder_nullCertChainPath_throwsException() throws Exception {
+  public void newBuilder_nullCertChainPath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ null,
@@ -62,11 +62,11 @@ public void createBuilder_nullCertChainPath_throwsException() throws Exception {
   }
 
   @Test
-  public void createBuilder_nullTrustBundlePath_throwsException() throws Exception {
+  public void newBuilder_nullTrustBundlePath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -74,11 +74,11 @@ public void createBuilder_nullTrustBundlePath_throwsException() throws Exception
   }
 
   @Test
-  public void createBuilder_emptyAddress_throwsException() throws Exception {
+  public void newBuilder_emptyAddress_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -86,11 +86,11 @@ public void createBuilder_emptyAddress_throwsException() throws Exception {
   }
 
   @Test
-  public void createBuilder_emptyPrivateKeyPath_throwsException() throws Exception {
+  public void newBuilder_emptyPrivateKeyPath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -98,11 +98,11 @@ public void createBuilder_emptyPrivateKeyPath_throwsException() throws Exception
   }
 
   @Test
-  public void createBuilder_emptyCertChainPath_throwsException() throws Exception {
+  public void newBuilder_emptyCertChainPath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "",
@@ -110,11 +110,11 @@ public void createBuilder_emptyCertChainPath_throwsException() throws Exception
   }
 
   @Test
-  public void createBuilder_emptyTrustBundlePath_throwsException() throws Exception {
+  public void newBuilder_emptyTrustBundlePath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -124,7 +124,7 @@ public void createBuilder_emptyTrustBundlePath_throwsException() throws Exceptio
   @Test
   public void build_s2AChannelCredentials_success() throws Exception {
     assertThat(
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
diff --git a/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
index a6133ed0af8..e766aa3f145 100644
--- a/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
@@ -30,40 +30,40 @@
 @RunWith(JUnit4.class)
 public final class S2AChannelCredentialsTest {
   @Test
-  public void createBuilder_nullArgument_throwsException() throws Exception {
-    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.createBuilder(null));
+  public void newBuilder_nullArgument_throwsException() throws Exception {
+    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.newBuilder(null));
   }
 
   @Test
-  public void createBuilder_emptyAddress_throwsException() throws Exception {
-    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.createBuilder(""));
+  public void newBuilder_emptyAddress_throwsException() throws Exception {
+    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.newBuilder(""));
   }
 
   @Test
   public void setLocalSpiffeId_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalSpiffeId(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalSpiffeId(null));
   }
 
   @Test
   public void setLocalHostname_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalHostname(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalHostname(null));
   }
 
   @Test
   public void setLocalUid_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalUid(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalUid(null));
   }
 
   @Test
   public void build_withLocalSpiffeId_succeeds() throws Exception {
     assertThat(
-            S2AChannelCredentials.createBuilder("s2a_address")
+            S2AChannelCredentials.newBuilder("s2a_address")
                 .setLocalSpiffeId("spiffe://test")
                 .build())
         .isNotNull();
@@ -72,7 +72,7 @@ public void build_withLocalSpiffeId_succeeds() throws Exception {
   @Test
   public void build_withLocalHostname_succeeds() throws Exception {
     assertThat(
-            S2AChannelCredentials.createBuilder("s2a_address")
+            S2AChannelCredentials.newBuilder("s2a_address")
                 .setLocalHostname("local_hostname")
                 .build())
         .isNotNull();
@@ -80,20 +80,20 @@ public void build_withLocalHostname_succeeds() throws Exception {
 
   @Test
   public void build_withLocalUid_succeeds() throws Exception {
-    assertThat(S2AChannelCredentials.createBuilder("s2a_address").setLocalUid("local_uid").build())
+    assertThat(S2AChannelCredentials.newBuilder("s2a_address").setLocalUid("local_uid").build())
         .isNotNull();
   }
 
   @Test
   public void build_withNoLocalIdentity_succeeds() throws Exception {
-    assertThat(S2AChannelCredentials.createBuilder("s2a_address").build())
+    assertThat(S2AChannelCredentials.newBuilder("s2a_address").build())
         .isNotNull();
   }
   
   @Test
   public void build_withTlsChannelCredentials_succeeds() throws Exception {
     assertThat(
-            S2AChannelCredentials.createBuilder("s2a_address")
+            S2AChannelCredentials.newBuilder("s2a_address")
                 .setLocalSpiffeId("spiffe://test")
                 .setS2AChannelCredentials(getTlsChannelCredentials())
                 .build())
diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
index dc5909442bf..7845e7c3bcb 100644
--- a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
@@ -24,6 +24,7 @@
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
 import io.grpc.ClientCall;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.ManagedChannel;
 import io.grpc.MethodDescriptor;
 import io.grpc.Server;
@@ -42,7 +43,6 @@
 import io.grpc.testing.protobuf.SimpleResponse;
 import io.grpc.testing.protobuf.SimpleServiceGrpc;
 import java.io.File;
-import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 import org.junit.Before;
 import org.junit.ClassRule;
@@ -74,7 +74,7 @@ public void getChannelResource_success() {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     assertThat(resource.toString()).isEqualTo("grpc-s2a-channel");
   }
 
@@ -96,11 +96,11 @@ public void getChannelResource_twoEqualChannels() {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Resource<Channel> resourceTwo =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     assertThat(resource).isEqualTo(resourceTwo);
   }
 
@@ -125,10 +125,10 @@ public void getChannelResource_twoDistinctChannels() {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Resource<Channel> resourceTwo =
         S2AHandshakerServiceChannel.getChannelResource(
-            "localhost:" + Utils.pickUnusedPort(), /* s2aChannelCredentials= */ Optional.empty());
+            "localhost:" + Utils.pickUnusedPort(), InsecureChannelCredentials.create());
     assertThat(resourceTwo).isNotEqualTo(resource);
   }
 
@@ -153,7 +153,7 @@ public void close_success() {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Channel channel = resource.create();
     resource.close(channel);
     StatusRuntimeException expected =
@@ -191,7 +191,7 @@ public void newCall_performSimpleRpcSuccess() {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Channel channel = resource.create();
     assertThat(channel).isInstanceOf(HandshakerServiceChannel.class);
     assertThat(
@@ -256,7 +256,7 @@ public void create_succeedsAfterCloseIsCalledOnce() throws Exception {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Channel channelOne = resource.create();
     resource.close(channelOne);
 
@@ -308,15 +308,14 @@ private static Server createPlaintextServer() {
         ServerBuilder.forPort(Utils.pickUnusedPort()).addService(service).build());
   }
 
-  private static Optional<ChannelCredentials> getTlsChannelCredentials() throws Exception {
+  private static ChannelCredentials getTlsChannelCredentials() throws Exception {
     File clientCert = new File("src/test/resources/client_cert.pem");
     File clientKey = new File("src/test/resources/client_key.pem");
     File rootCert = new File("src/test/resources/root_cert.pem");
-    return Optional.of(
-        TlsChannelCredentials.newBuilder()
+    return TlsChannelCredentials.newBuilder()
             .keyManager(clientCert, clientKey)
             .trustManager(rootCert)
-            .build());
+            .build();
   }
 
   private static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase {
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
index 19dda7a19e4..bae58f2f9ec 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
@@ -186,7 +186,7 @@ public void tearDown() throws Exception {
   @Test
   public void clientCommunicateUsingS2ACredentials_succeeds() throws Exception {
     ChannelCredentials credentials =
-        S2AChannelCredentials.createBuilder(s2aAddress).setLocalSpiffeId("test-spiffe-id").build();
+        S2AChannelCredentials.newBuilder(s2aAddress).setLocalSpiffeId("test-spiffe-id").build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     assertThat(doUnaryRpc(channel)).isTrue();
@@ -194,7 +194,7 @@ public void clientCommunicateUsingS2ACredentials_succeeds() throws Exception {
 
   @Test
   public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throws Exception {
-    ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aAddress).build();
+    ChannelCredentials credentials = S2AChannelCredentials.newBuilder(s2aAddress).build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     assertThat(doUnaryRpc(channel)).isTrue();
@@ -203,7 +203,7 @@ public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throw
   @Test
   public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Exception {
     ChannelCredentials credentials =
-        MtlsToS2AChannelCredentials.createBuilder(
+        MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ mtlsS2AAddress,
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -218,7 +218,7 @@ public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Excepti
 
   @Test
   public void clientCommunicateUsingS2ACredentials_s2AdelayStart_succeeds() throws Exception {
-    ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aDelayAddress).build();
+    ChannelCredentials credentials = S2AChannelCredentials.newBuilder(s2aDelayAddress).build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     FutureTask<Boolean> rpc = new FutureTask<>(() -> doUnaryRpc(channel));
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
index f130e52aac7..404910e8be0 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
@@ -115,7 +115,7 @@ public void createProtocolNegotiator_nullArgument() throws Exception {
         S2AGrpcChannelPool.create(
             SharedResourcePool.forResource(
                 S2AHandshakerServiceChannel.getChannelResource(
-                    "localhost:8080", /* s2aChannelCredentials= */ Optional.empty())));
+                    "localhost:8080", InsecureChannelCredentials.create())));
 
     NullPointerTester tester =
         new NullPointerTester()
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
index bb90be12b6a..47fd154d949 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
@@ -21,13 +21,13 @@
 import static org.junit.Assert.assertThrows;
 
 import com.google.common.truth.Expect;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.internal.SharedResourcePool;
 import io.grpc.s2a.channel.S2AChannelPool;
 import io.grpc.s2a.channel.S2AGrpcChannelPool;
 import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
-import java.util.Optional;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -55,7 +55,7 @@ public void send_receiveOkStatus() throws Exception {
         S2AGrpcChannelPool.create(
             SharedResourcePool.forResource(
                 S2AHandshakerServiceChannel.getChannelResource(
-                    S2A_ADDRESS, /* s2aChannelCredentials= */ Optional.empty())));
+                    S2A_ADDRESS, InsecureChannelCredentials.create())));
     S2AServiceGrpc.S2AServiceStub serviceStub = S2AServiceGrpc.newStub(channelPool.getChannel());
     S2AStub newStub = S2AStub.newInstance(serviceStub);
 

From 99be6e9852817fa5b85e0634984020d766e50d1f Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 23 Sep 2024 20:37:09 -0700
Subject: [PATCH 012/591] Address Android 11's package visibility rules.
 (#11551)

---
 .../android-binderchannel-status-codes.md     | 24 ++++++++++++++-----
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/documentation/android-binderchannel-status-codes.md b/documentation/android-binderchannel-status-codes.md
index dda0220bf8a..28bdd8907c1 100644
--- a/documentation/android-binderchannel-status-codes.md
+++ b/documentation/android-binderchannel-status-codes.md
@@ -23,15 +23,23 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>1
+   <td>0
    </td>
-   <td>Server app not installed
+   <td><a href="https://developer.android.com/training/package-visibility">Server app not visible</a>.
+   </td>
+   <td rowspan="6" >bindService() returns false
+   </td>
+   <td rowspan="9" ><p>UNIMPLEMENTED<p>“The operation is not implemented or is not supported / enabled in this service.”
+   </td>
+   <td>Give up - This is an error in the client manifest.
    </td>
-   <td rowspan="5" >bindService() returns false
+  </tr>
+  <tr>
+   <td>1
    </td>
-   <td rowspan="8" ><p>UNIMPLEMENTED<p>“The operation is not implemented or is not supported / enabled in this service.”
+   <td>Server app not installed
    </td>
-   <td rowspan="9" >Direct the user to install/reinstall the server app.
+   <td rowspan="8" >Direct the user to install/reinstall the server app.
    </td>
   </tr>
   <tr>
@@ -90,6 +98,8 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    <td rowspan="5" ><p>PERMISSION_DENIED<p>
 “The caller does not have permission to execute the specified operation …”
    </td>
+   <td>Direct the user to update the server app in the hopes that a newer version fixes this error in its manifest.
+   </td>
   </tr>
   <tr>
    <td>10
@@ -315,6 +325,7 @@ According to a review of the AOSP source code, there are in fact several cases:
 1. The target package is not installed
 2. The target package is installed but does not declare the target Service in its manifest.
 3. The target package requests dangerous permissions but targets sdk &lt;= M and therefore requires a permissions review, but the caller is not running in the foreground and so it would be inappropriate to launch the review UI.
+4. The target package is not visible to the client due to [Android 11 package visibility rules](https://developer.android.com/training/package-visibility).
 
 Status code mapping: **UNIMPLEMENTED**
 
@@ -322,6 +333,7 @@ Status code mapping: **UNIMPLEMENTED**
 
 Unfortunately `UNIMPLEMENTED` doesn’t capture (3) but none of the other canonical status codes do either and we expect this case to be extremely rare.
 
+(4) is intentially indistinguishable from (1) by Android design so we can't handle it differently. However, as a client manifest error, it's not something reasonable apps would handle at runtime anyway.
 
 ### bindService() throws SecurityException
 
@@ -382,4 +394,4 @@ Android’s Parcel class exposes a mechanism for marshalling certain types of `R
 
 The calling Activity or Service Context might be destroyed with a gRPC request in flight. Apps should cease operations when the Context hosting it goes away and this includes cancelling any outstanding RPCs.  
 
-Status code mapping: **CANCELLED**
\ No newline at end of file
+Status code mapping: **CANCELLED**

From 2ff837ab6007baf41c75a04dc31bcdbb96fa1a3c Mon Sep 17 00:00:00 2001
From: "Mark S. Lewis" <Mark.S.Lewis@outlook.com>
Date: Fri, 20 Sep 2024 16:14:59 +0100
Subject: [PATCH 013/591] Update protobuf-java to address CVE-2024-7254

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
---
 examples/build.gradle                               | 2 +-
 examples/example-alts/build.gradle                  | 2 +-
 examples/example-debug/build.gradle                 | 2 +-
 examples/example-debug/pom.xml                      | 2 +-
 examples/example-dualstack/build.gradle             | 2 +-
 examples/example-dualstack/pom.xml                  | 2 +-
 examples/example-gauth/build.gradle                 | 2 +-
 examples/example-gauth/pom.xml                      | 2 +-
 examples/example-gcp-csm-observability/build.gradle | 2 +-
 examples/example-gcp-observability/build.gradle     | 2 +-
 examples/example-hostname/build.gradle              | 2 +-
 examples/example-hostname/pom.xml                   | 2 +-
 examples/example-jwt-auth/build.gradle              | 2 +-
 examples/example-jwt-auth/pom.xml                   | 4 ++--
 examples/example-oauth/build.gradle                 | 2 +-
 examples/example-oauth/pom.xml                      | 4 ++--
 examples/example-opentelemetry/build.gradle         | 2 +-
 examples/example-orca/build.gradle                  | 2 +-
 examples/example-reflection/build.gradle            | 2 +-
 examples/example-servlet/build.gradle               | 2 +-
 examples/example-tls/build.gradle                   | 2 +-
 examples/example-tls/pom.xml                        | 2 +-
 examples/example-xds/build.gradle                   | 2 +-
 examples/pom.xml                                    | 4 ++--
 gradle/libs.versions.toml                           | 2 +-
 25 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/examples/build.gradle b/examples/build.gradle
index c10b4eef46a..24f6d2b04f8 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
 dependencies {
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 0d7d959de93..6b1f0ded169 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -25,7 +25,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     // grpc-alts transitively depends on grpc-netty-shaded, grpc-protobuf, and grpc-stub
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 5565747cb19..97bca5f91b6 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -26,7 +26,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 064d989c04c..dc399a78c9d 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 554b5f758d9..0c45e6de7cf 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -26,7 +26,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index dfd650cdfa4..a8e32b347e5 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 47e812fde15..86edd557206 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -25,7 +25,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index d2cba1a7959..89478a2dfa6 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.3</protobuf.version>
+    <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index a392018ba25..179ab3a74d9 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -26,7 +26,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
 
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index dcb8d420020..1a6f4719460 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -26,7 +26,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index df8b0fde121..17817e2a374 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index c6d39887bac..991174af382 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index f996282bbb0..c31486095f3 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
 dependencies {
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index c84f9893980..10330d955ed 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -14,8 +14,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.3</protobuf.version>
-    <protoc.version>3.25.3</protoc.version>
+    <protobuf.version>3.25.5</protobuf.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 7f600c2bc53..fe21efcf0db 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
 dependencies {
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index fa2eaa41e36..072bd957dcf 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -14,8 +14,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.3</protobuf.version>
-    <protoc.version>3.25.3</protoc.version>
+    <protobuf.version>3.25.5</protobuf.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 21264ffcc17..f08f9d492a5 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -25,7 +25,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
 
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index d087a532aff..4ca9343f887 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -19,7 +19,7 @@ java {
 }
 
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index d7d5c50b7e6..e1efc8ee050 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -19,7 +19,7 @@ java {
 }
 
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 995e2d0979b..ebd14674578 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -17,7 +17,7 @@ java {
 }
 
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}",
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 8aad6b62bcb..8a16a902b72 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -25,7 +25,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index e1d569a628c..972976ecdf1 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index 8339db77e0c..a3e23a19601 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/pom.xml b/examples/pom.xml
index 247df4a73ce..554c70a35ce 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -13,8 +13,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.3</protobuf.version>
-    <protoc.version>3.25.3</protoc.version>
+    <protobuf.version>3.25.5</protobuf.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 488ead9ad86..8d7fb3766e0 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -6,7 +6,7 @@ nettytcnative = '2.0.65.Final'
 opencensus = "0.31.1"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
-protobuf = "3.25.3"
+protobuf = "3.25.5"
 
 [libraries]
 android-annotations = "com.google.android:annotations:4.1.1.4"

From c92453fb14ef21674cd00194ec28bfa186f2eef2 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 24 Sep 2024 15:40:40 -0700
Subject: [PATCH 014/591] s2a: Disabling publishing until it is ready for users

---
 s2a/build.gradle | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/s2a/build.gradle b/s2a/build.gradle
index 234f983fd5c..af2c879a753 100644
--- a/s2a/build.gradle
+++ b/s2a/build.gradle
@@ -1,6 +1,5 @@
 plugins {
     id "java-library"
-    id "maven-publish"
 
     id "com.github.johnrengelman.shadow"
     id "com.google.osdetector"
@@ -90,6 +89,7 @@ tasks.named("shadowJar").configure {
     relocate 'io.netty', 'io.grpc.netty.shaded.io.netty'
 }
 
+plugins.withId('maven-publish') {
 publishing {
     publications {
         maven(MavenPublication) {
@@ -111,3 +111,4 @@ publishing {
         }
     }
 }
+}

From 3e8ef8cf0ced8f910b4a0d2ce04f8771d1219bdd Mon Sep 17 00:00:00 2001
From: Vindhya Ningegowda <DNVindhya@users.noreply.github.com>
Date: Tue, 24 Sep 2024 16:18:34 -0700
Subject: [PATCH 015/591] xds: Check for validity of xdsClient in
 ClusterImplLbHelper (#11553)

* Added null check for xdsClient in onSubChannelState. This avoids NPE
for xdsClient when LB is shutdown and onSubChannelState is called later
as part of listener callback. As shutdown is racy and eventually consistent,
this check would avoid calculating locality after LB is shutdown.
---
 xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 0ea2c7dd75f..3b30b8fa036 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -236,7 +236,8 @@ public void start(SubchannelStateListener listener) {
           delegate().start(new SubchannelStateListener() {
             @Override
             public void onSubchannelState(ConnectivityStateInfo newState) {
-              if (newState.getState().equals(ConnectivityState.READY)) {
+              // Do nothing if LB has been shutdown
+              if (xdsClient != null && newState.getState().equals(ConnectivityState.READY)) {
                 // Get locality based on the connected address attributes
                 ClusterLocality updatedClusterLocality = createClusterLocalityFromAttributes(
                     subchannel.getConnectedAddressAttributes());

From 5dbca0e80c03003fb72272f35bbc988f9175654b Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 25 Sep 2024 09:17:26 -0700
Subject: [PATCH 016/591] xds: Improve ClusterImpl's FakeSubchannel to verify
 state changes

The main goal was to make sure subchannels went CONNECTING only after a
connection was requested (since the test doesn't transition to
CONNECTING from TF). That helps guarantee that the test is using the
expected subchannel.

The missing ClusterImplLB.requestConnection() doesn't actually matter
much, as cluster manager doesn't propagate connection requests.
---
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |  7 ++++
 .../grpc/xds/ClusterImplLoadBalancerTest.java | 33 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 3b30b8fa036..2a9435aa72f 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -163,6 +163,13 @@ public void handleNameResolutionError(Status error) {
     }
   }
 
+  @Override
+  public void requestConnection() {
+    if (childSwitchLb != null) {
+      childSwitchLb.requestConnection();
+    }
+  }
+
   @Override
   public void shutdown() {
     if (dropStats != null) {
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index aaaed9554f4..c627d60a010 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.Truth.assertWithMessage;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -280,6 +281,7 @@ public void pick_addsLocalityLabel() {
     FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
     leafBalancer.createSubChannel();
     FakeSubchannel fakeSubchannel = helper.subchannels.poll();
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
     fakeSubchannel.setConnectedEagIndex(0);
     fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
     assertThat(currentState).isEqualTo(ConnectivityState.READY);
@@ -309,6 +311,7 @@ public void recordLoadStats() {
     FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
     Subchannel subchannel = leafBalancer.createSubChannel();
     FakeSubchannel fakeSubchannel = helper.subchannels.poll();
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
     fakeSubchannel.setConnectedEagIndex(0);
     fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
     assertThat(currentState).isEqualTo(ConnectivityState.READY);
@@ -407,6 +410,7 @@ public void pickFirstLoadReport_onUpdateAddress() {
     // Leaf balancer is created by Pick First. Get FakeSubchannel created to update attributes
     // A real subchannel would get these attributes from the connected address's EAG locality.
     FakeSubchannel fakeSubchannel = helper.subchannels.poll();
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
     fakeSubchannel.setConnectedEagIndex(0);
     fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
     assertThat(currentState).isEqualTo(ConnectivityState.READY);
@@ -490,6 +494,7 @@ public void dropRpcsWithRespectToLbConfigDropCategories() {
         .isEqualTo(endpoint.getAddresses());
     leafBalancer.createSubChannel();
     FakeSubchannel fakeSubchannel = helper.subchannels.poll();
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
     fakeSubchannel.setConnectedEagIndex(0);
     fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
 
@@ -571,6 +576,7 @@ private void subtest_maxConcurrentRequests_appliedByLbConfig(boolean enableCircu
         .isEqualTo(endpoint.getAddresses());
     leafBalancer.createSubChannel();
     FakeSubchannel fakeSubchannel = helper.subchannels.poll();
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
     fakeSubchannel.setConnectedEagIndex(0);
     fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
     assertThat(currentState).isEqualTo(ConnectivityState.READY);
@@ -665,6 +671,7 @@ private void subtest_maxConcurrentRequests_appliedWithDefaultValue(
         .isEqualTo(endpoint.getAddresses());
     leafBalancer.createSubChannel();
     FakeSubchannel fakeSubchannel = helper.subchannels.poll();
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
     fakeSubchannel.setConnectedEagIndex(0);
     fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
     assertThat(currentState).isEqualTo(ConnectivityState.READY);
@@ -943,6 +950,7 @@ Subchannel createSubChannel() {
               new FixedResultPicker(PickResult.withSubchannel(subchannel)));
         }
       });
+      subchannel.requestConnection();
       return subchannel;
     }
   }
@@ -989,6 +997,8 @@ private static final class FakeSubchannel extends Subchannel {
     private final Attributes attrs;
     private SubchannelStateListener listener;
     private Attributes connectedAttributes;
+    private ConnectivityStateInfo state = ConnectivityStateInfo.forNonError(ConnectivityState.IDLE);
+    private boolean connectionRequested;
 
     private FakeSubchannel(List<EquivalentAddressGroup> eags, Attributes attrs) {
       this.eags = eags;
@@ -1006,6 +1016,9 @@ public void shutdown() {
 
     @Override
     public void requestConnection() {
+      if (state.getState() == ConnectivityState.IDLE) {
+        this.connectionRequested = true;
+      }
     }
 
     @Override
@@ -1028,6 +1041,26 @@ public Attributes getConnectedAddressAttributes() {
     }
 
     public void updateState(ConnectivityStateInfo newState) {
+      switch (newState.getState()) {
+        case IDLE:
+          assertThat(state.getState()).isEqualTo(ConnectivityState.READY);
+          break;
+        case CONNECTING:
+          assertThat(state.getState())
+              .isIn(Arrays.asList(ConnectivityState.IDLE, ConnectivityState.TRANSIENT_FAILURE));
+          if (state.getState() == ConnectivityState.IDLE) {
+            assertWithMessage("Connection requested").that(this.connectionRequested).isTrue();
+            this.connectionRequested = false;
+          }
+          break;
+        case READY:
+        case TRANSIENT_FAILURE:
+          assertThat(state.getState()).isEqualTo(ConnectivityState.CONNECTING);
+          break;
+        default:
+          break;
+      }
+      this.state = newState;
       listener.onSubchannelState(newState);
     }
 

From 64e3801538624c81741798298cc2af759955d1d1 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 26 Sep 2024 21:04:57 +0530
Subject: [PATCH 017/591] Update RELEASING.md (#11559)

1. Removing $ when looking for the commit 'Start of  development cycle...' because it produces empty result with the $. It seems how the squash was done may influence whether $ will work or not.

2. Added an explicit git push instruction at step 5 of tagging and what base branch to use, since it will cause conflict with the default base branch used of master.
---
 RELEASING.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/RELEASING.md b/RELEASING.md
index bb1b77d0557..0add8991746 100644
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -65,7 +65,7 @@ would be used to create all `v1.7` tags (e.g. `v1.7.0`, `v1.7.1`).
    ```bash
    git fetch upstream
    git checkout -b v$MAJOR.$MINOR.x \
-     $(git log --pretty=format:%H --grep "^Start $MAJOR.$((MINOR+1)).0 development cycle$" upstream/master)^
+     $(git log --pretty=format:%H --grep "^Start $MAJOR.$((MINOR+1)).0 development cycle" upstream/master)^
    git push upstream v$MAJOR.$MINOR.x
    ```
 5. Continue with Google-internal steps at go/grpc-java/releasing, but stop
@@ -132,7 +132,9 @@ Tagging the Release
      compiler/src/test{,Lite}/golden/Test{,Deprecated}Service.java.txt
    ./gradlew build
    git commit -a -m "Bump version to $MAJOR.$MINOR.$((PATCH+1))-SNAPSHOT"
+   git push -u origin release-v$MAJOR.$MINOR.$PATCH
    ```
+   Raise a PR and set the base branch of the PR to v$MAJOR.$MINOR.x of the upstream grpc-java repo.
 6. Go through PR review and push the release tag and updated release branch to
    GitHub (DO NOT click the merge button on the GitHub page):
 

From 1c069375ceaa86f613769505b9c234c43ca6fffc Mon Sep 17 00:00:00 2001
From: erm-g <110920239+erm-g@users.noreply.github.com>
Date: Thu, 26 Sep 2024 12:01:11 -0400
Subject: [PATCH 018/591] core: SpiffeId parser (#11490)

SpiffeId parser compliant with [official spec](https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE-ID.md)
---
 .../java/io/grpc/internal/SpiffeUtil.java     | 122 +++++++++++
 .../java/io/grpc/internal/SpiffeUtilTest.java | 196 ++++++++++++++++++
 2 files changed, 318 insertions(+)
 create mode 100644 core/src/main/java/io/grpc/internal/SpiffeUtil.java
 create mode 100644 core/src/test/java/io/grpc/internal/SpiffeUtilTest.java

diff --git a/core/src/main/java/io/grpc/internal/SpiffeUtil.java b/core/src/main/java/io/grpc/internal/SpiffeUtil.java
new file mode 100644
index 00000000000..bddce3d035e
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/SpiffeUtil.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.base.Splitter;
+import java.util.Locale;
+
+/**
+ * Helper utility to work with SPIFFE URIs.
+ * @see <a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md">Standard</a>
+ */
+public final class SpiffeUtil {
+
+  private static final String PREFIX = "spiffe://";
+
+  private SpiffeUtil() {}
+
+  /**
+   * Parses a URI string, applies validation rules described in SPIFFE standard, and, in case of
+   * success, returns parsed TrustDomain and Path.
+   *
+   * @param uri a String representing a SPIFFE ID
+   */
+  public static SpiffeId parse(String uri) {
+    doInitialUriValidation(uri);
+    checkArgument(uri.toLowerCase(Locale.US).startsWith(PREFIX), "Spiffe Id must start with "
+        + PREFIX);
+    String domainAndPath = uri.substring(PREFIX.length());
+    String trustDomain;
+    String path;
+    if (!domainAndPath.contains("/")) {
+      trustDomain = domainAndPath;
+      path =  "";
+    } else {
+      String[] parts = domainAndPath.split("/", 2);
+      trustDomain = parts[0];
+      path = parts[1];
+      checkArgument(!path.isEmpty(), "Path must not include a trailing '/'");
+    }
+    validateTrustDomain(trustDomain);
+    validatePath(path);
+    if (!path.isEmpty()) {
+      path = "/" + path;
+    }
+    return new SpiffeId(trustDomain, path);
+  }
+
+  private static void doInitialUriValidation(String uri) {
+    checkArgument(checkNotNull(uri, "uri").length() > 0, "Spiffe Id can't be empty");
+    checkArgument(uri.length() <= 2048, "Spiffe Id maximum length is 2048 characters");
+    checkArgument(!uri.contains("#"), "Spiffe Id must not contain query fragments");
+    checkArgument(!uri.contains("?"), "Spiffe Id must not contain query parameters");
+  }
+
+  private static void validateTrustDomain(String trustDomain) {
+    checkArgument(!trustDomain.isEmpty(), "Trust Domain can't be empty");
+    checkArgument(trustDomain.length() < 256, "Trust Domain maximum length is 255 characters");
+    checkArgument(trustDomain.matches("[a-z0-9._-]+"),
+        "Trust Domain must contain only letters, numbers, dots, dashes, and underscores"
+            + " ([a-z0-9.-_])");
+  }
+
+  private static void validatePath(String path) {
+    if (path.isEmpty()) {
+      return;
+    }
+    checkArgument(!path.endsWith("/"), "Path must not include a trailing '/'");
+    for (String segment : Splitter.on("/").split(path)) {
+      validatePathSegment(segment);
+    }
+  }
+
+  private static void validatePathSegment(String pathSegment) {
+    checkArgument(!pathSegment.isEmpty(), "Individual path segments must not be empty");
+    checkArgument(!(pathSegment.equals(".") || pathSegment.equals("..")),
+        "Individual path segments must not be relative path modifiers (i.e. ., ..)");
+    checkArgument(pathSegment.matches("[a-zA-Z0-9._-]+"),
+        "Individual path segments must contain only letters, numbers, dots, dashes, and underscores"
+            + " ([a-zA-Z0-9.-_])");
+  }
+
+  /**
+   * Represents a SPIFFE ID as defined in the SPIFFE standard.
+   * @see <a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md">Standard</a>
+   */
+  public static class SpiffeId {
+
+    private final String trustDomain;
+    private final String path;
+
+    private SpiffeId(String trustDomain, String path) {
+      this.trustDomain = trustDomain;
+      this.path = path;
+    }
+
+    public String getTrustDomain() {
+      return trustDomain;
+    }
+
+    public String getPath() {
+      return path;
+    }
+  }
+
+}
diff --git a/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java b/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
new file mode 100644
index 00000000000..c3a98ce33e0
--- /dev/null
+++ b/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+
+import java.util.Arrays;
+import java.util.Collection;
+import org.junit.Test;
+import org.junit.experimental.runners.Enclosed;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
+
+
+@RunWith(Enclosed.class)
+public class SpiffeUtilTest {
+
+  @RunWith(Parameterized.class)
+  public static class ParseSuccessTest {
+    @Parameter
+    public String uri;
+
+    @Parameter(1)
+    public String trustDomain;
+
+    @Parameter(2)
+    public String path;
+
+    @Test
+    public void parseSuccessTest() {
+      SpiffeUtil.SpiffeId spiffeId = SpiffeUtil.parse(uri);
+      assertEquals(trustDomain, spiffeId.getTrustDomain());
+      assertEquals(path, spiffeId.getPath());
+    }
+
+    @Parameters(name = "spiffeId={0}")
+    public static Collection<String[]> data() {
+      return Arrays.asList(new String[][] {
+          {"spiffe://example.com", "example.com", ""},
+          {"spiffe://example.com/us", "example.com", "/us"},
+          {"spIFfe://qa-staging.final_check.example.com/us", "qa-staging.final_check.example.com",
+              "/us"},
+          {"spiffe://example.com/country/us/state/FL/city/Miami", "example.com",
+              "/country/us/state/FL/city/Miami"},
+          {"SPIFFE://example.com/Czech.Republic/region0.1/city_of-Prague", "example.com",
+              "/Czech.Republic/region0.1/city_of-Prague"},
+          {"spiffe://trust-domain-name/path", "trust-domain-name", "/path"},
+          {"spiffe://staging.example.com/payments/mysql", "staging.example.com", "/payments/mysql"},
+          {"spiffe://staging.example.com/payments/web-fe", "staging.example.com",
+              "/payments/web-fe"},
+          {"spiffe://k8s-west.example.com/ns/staging/sa/default", "k8s-west.example.com",
+              "/ns/staging/sa/default"},
+          {"spiffe://example.com/9eebccd2-12bf-40a6-b262-65fe0487d453", "example.com",
+              "/9eebccd2-12bf-40a6-b262-65fe0487d453"},
+          {"spiffe://trustdomain/.a..", "trustdomain", "/.a.."},
+          {"spiffe://trustdomain/...", "trustdomain", "/..."},
+          {"spiffe://trustdomain/abcdefghijklmnopqrstuvwxyz", "trustdomain",
+              "/abcdefghijklmnopqrstuvwxyz"},
+          {"spiffe://trustdomain/abc0123.-_", "trustdomain", "/abc0123.-_"},
+          {"spiffe://trustdomain/0123456789", "trustdomain", "/0123456789"},
+          {"spiffe://trustdomain0123456789/path", "trustdomain0123456789", "/path"},
+      });
+    }
+  }
+
+  @RunWith(Parameterized.class)
+  public static class ParseFailureTest {
+    @Parameter
+    public String uri;
+
+    @Test
+    public void parseFailureTest() {
+      assertThrows(IllegalArgumentException.class, () -> SpiffeUtil.parse(uri));
+    }
+
+    @Parameters(name = "spiffeId={0}")
+    public static Collection<String> data() {
+      return Arrays.asList(
+          "spiffe:///",
+          "spiffe://example!com",
+          "spiffe://exampleя.com/workload-1",
+          "spiffe://example.com/us/florida/miamiя",
+          "spiffe:/trustdomain/path",
+          "spiffe:///path",
+          "spiffe://trust%20domain/path",
+          "spiffe://user@trustdomain/path",
+          "spiffe:// /",
+          "",
+          "http://trustdomain/path",
+          "//trustdomain/path",
+          "://trustdomain/path",
+          "piffe://trustdomain/path",
+          "://",
+          "://trustdomain",
+          "spiff",
+          "spiffe",
+          "spiffe:////",
+          "spiffe://trust.domain/../path"
+          );
+    }
+  }
+
+  public static class ExceptionMessageTest {
+
+    @Test
+    public void spiffeUriFormatTest() {
+      NullPointerException npe = assertThrows(NullPointerException.class, () ->
+          SpiffeUtil.parse(null));
+      assertEquals("uri", npe.getMessage());
+
+      IllegalArgumentException iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("https://example.com"));
+      assertEquals("Spiffe Id must start with spiffe://", iae.getMessage());
+
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://example.com/workload#1"));
+      assertEquals("Spiffe Id must not contain query fragments", iae.getMessage());
+
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://example.com/workload-1?t=1"));
+      assertEquals("Spiffe Id must not contain query parameters", iae.getMessage());
+    }
+
+    @Test
+    public void spiffeTrustDomainFormatTest() {
+      IllegalArgumentException iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://"));
+      assertEquals("Trust Domain can't be empty", iae.getMessage());
+
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://eXample.com"));
+      assertEquals(
+          "Trust Domain must contain only letters, numbers, dots, dashes, and underscores "
+              + "([a-z0-9.-_])",
+          iae.getMessage());
+
+      StringBuilder longTrustDomain = new StringBuilder("spiffe://pi.eu.");
+      for (int i = 0; i < 50; i++) {
+        longTrustDomain.append("pi.eu");
+      }
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse(longTrustDomain.toString()));
+      assertEquals("Trust Domain maximum length is 255 characters", iae.getMessage());
+
+      StringBuilder longSpiffe = new StringBuilder(String.format("spiffe://mydomain%scom/", "%21"));
+      for (int i = 0; i < 405; i++) {
+        longSpiffe.append("qwert");
+      }
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse(longSpiffe.toString()));
+      assertEquals("Spiffe Id maximum length is 2048 characters", iae.getMessage());
+    }
+
+    @Test
+    public void spiffePathFormatTest() {
+      IllegalArgumentException iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://example.com//"));
+      assertEquals("Path must not include a trailing '/'", iae.getMessage());
+
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://example.com/"));
+      assertEquals("Path must not include a trailing '/'", iae.getMessage());
+
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://example.com/us//miami"));
+      assertEquals("Individual path segments must not be empty", iae.getMessage());
+
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://example.com/us/."));
+      assertEquals("Individual path segments must not be relative path modifiers (i.e. ., ..)",
+          iae.getMessage());
+
+      iae = assertThrows(IllegalArgumentException.class, () ->
+          SpiffeUtil.parse("spiffe://example.com/us!"));
+      assertEquals("Individual path segments must contain only letters, numbers, dots, dashes, and "
+          + "underscores ([a-zA-Z0-9.-_])", iae.getMessage());
+    }
+  }
+}
\ No newline at end of file

From 9faa0f4eb0bbac31228938d25a15b69401dcde33 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 25 Sep 2024 09:22:07 -0700
Subject: [PATCH 019/591] xds: Update ClusterImpl test to work with PFLeafLB

---
 .../grpc/xds/ClusterImplLoadBalancerTest.java  | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index c627d60a010..7eba43ce278 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -53,6 +53,7 @@
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.ObjectPool;
+import io.grpc.internal.PickFirstLoadBalancerProvider;
 import io.grpc.internal.PickSubchannelArgsImpl;
 import io.grpc.protobuf.ProtoUtils;
 import io.grpc.testing.TestMethodDescriptors;
@@ -384,9 +385,7 @@ public void recordLoadStats() {
     assertThat(clusterStats.upstreamLocalityStatsList()).isEmpty();  // no longer reported
   }
 
-  // TODO(dnvindhya): This test has been added as a fix to verify
-  // https://github.com/grpc/grpc-java/issues/11434.
-  // Once we update PickFirstLeafLoadBalancer as default LoadBalancer, update the test.
+  // Verifies https://github.com/grpc/grpc-java/issues/11434.
   @Test
   public void pickFirstLoadReport_onUpdateAddress() {
     Locality locality1 =
@@ -435,8 +434,17 @@ public void pickFirstLoadReport_onUpdateAddress() {
     fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
 
     // Faksubchannel mimics update address and returns different locality
-    fakeSubchannel.setConnectedEagIndex(1);
-    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+    if (PickFirstLoadBalancerProvider.isEnabledNewPickFirst()) {
+      fakeSubchannel.updateState(ConnectivityStateInfo.forTransientFailure(
+          Status.UNAVAILABLE.withDescription("Try second address instead")));
+      fakeSubchannel = helper.subchannels.poll();
+      fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
+      fakeSubchannel.setConnectedEagIndex(0);
+      fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+    } else {
+      fakeSubchannel.setConnectedEagIndex(1);
+      fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+    }
     result = currentPicker.pickSubchannel(pickSubchannelArgs);
     assertThat(result.getStatus().isOk()).isTrue();
     ClientStreamTracer streamTracer2 = result.getStreamTracerFactory().newClientStreamTracer(

From fa18fec36e8b8dda00bb2ca005938cea26180e24 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Fri, 27 Sep 2024 08:47:56 -0700
Subject: [PATCH 020/591] s2a: Address minor comments on PR#11113 (#11540)

* Use StandardCharsets in FakeS2AServerTest.
* Use add instead of offer in S2AStub.
* remove dead code in ProtoUtil.java.
* Mark convertTlsProtocolVersion as VisibleForTesting.
* S2AStub doesn't return responses at front of queue.
* Remove global SHARED_RESOURCE_CHANNELS.
* Don't suppress RethrowReflectiveOperationExceptionAsLinkageError.
* Update javadoc.
* Make clear which certs are used in tests + add how to regenerate.
---
 .../channel/S2AHandshakerServiceChannel.java  |  14 +-
 .../io/grpc/s2a/handshaker/ProtoUtil.java     |  28 +--
 .../java/io/grpc/s2a/handshaker/S2AStub.java  |  15 +-
 .../tokenmanager/AccessTokenManager.java      |   3 +-
 .../S2AHandshakerServiceChannelTest.java      |  12 +-
 .../io/grpc/s2a/handshaker/FakeS2AServer.java |   7 +-
 .../s2a/handshaker/FakeS2AServerTest.java     |  18 +-
 .../io/grpc/s2a/handshaker/FakeWriter.java    | 165 ++++++++----------
 .../grpc/s2a/handshaker/IntegrationTest.java  |  80 +--------
 .../io/grpc/s2a/handshaker/ProtoUtilTest.java |  41 -----
 .../handshaker/S2APrivateKeyMethodTest.java   |   5 +-
 .../S2AProtocolNegotiatorFactoryTest.java     |   7 +-
 .../io/grpc/s2a/handshaker/S2AStubTest.java   |  38 ++--
 s2a/src/test/resources/README.md              |  37 ++++
 s2a/src/test/resources/cert_chain_ec.pem      |  36 ++++
 s2a/src/test/resources/int_cert1_.cnf         |  14 ++
 s2a/src/test/resources/int_cert1_ec.pem       |  12 ++
 s2a/src/test/resources/int_cert2.cnf          |  14 ++
 s2a/src/test/resources/int_cert2_ec.pem       |  12 ++
 s2a/src/test/resources/int_key1_ec.pem        |   5 +
 s2a/src/test/resources/int_key2_ec.pem        |   5 +
 s2a/src/test/resources/leaf.cnf               |  14 ++
 s2a/src/test/resources/leaf_cert_ec.pem       |  12 ++
 s2a/src/test/resources/leaf_key_ec.pem        |   5 +
 s2a/src/test/resources/root_cert_ec.pem       |  12 ++
 s2a/src/test/resources/root_ec.cnf            |  14 ++
 s2a/src/test/resources/root_key_ec.pem        |   5 +
 27 files changed, 345 insertions(+), 285 deletions(-)
 create mode 100644 s2a/src/test/resources/cert_chain_ec.pem
 create mode 100644 s2a/src/test/resources/int_cert1_.cnf
 create mode 100644 s2a/src/test/resources/int_cert1_ec.pem
 create mode 100644 s2a/src/test/resources/int_cert2.cnf
 create mode 100644 s2a/src/test/resources/int_cert2_ec.pem
 create mode 100644 s2a/src/test/resources/int_key1_ec.pem
 create mode 100644 s2a/src/test/resources/int_key2_ec.pem
 create mode 100644 s2a/src/test/resources/leaf.cnf
 create mode 100644 s2a/src/test/resources/leaf_cert_ec.pem
 create mode 100644 s2a/src/test/resources/leaf_key_ec.pem
 create mode 100644 s2a/src/test/resources/root_cert_ec.pem
 create mode 100644 s2a/src/test/resources/root_ec.cnf
 create mode 100644 s2a/src/test/resources/root_key_ec.pem

diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
index 443ea553e52..9d6950ce041 100644
--- a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
+++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
@@ -20,7 +20,6 @@
 import static java.util.concurrent.TimeUnit.SECONDS;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Maps;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
@@ -30,16 +29,15 @@
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyChannelBuilder;
 import java.time.Duration;
-import java.util.concurrent.ConcurrentMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
- * Provides APIs for managing gRPC channels to S2A servers. Each channel is local and plaintext. If
- * credentials are provided, they are used to secure the channel.
+ * Provides APIs for managing gRPC channels to an S2A server. Each channel is local and plaintext.
+ * If credentials are provided, they are used to secure the channel.
  *
- * <p>This is done as follows: for each S2A server, provides an implementation of gRPC's {@link
+ * <p>This is done as follows: for an S2A server, provides an implementation of gRPC's {@link
  * SharedResourceHolder.Resource} interface called a {@code Resource<Channel>}. A {@code
  * Resource<Channel>} is a factory for creating gRPC channels to the S2A server at a given address,
  * and a channel must be returned to the {@code Resource<Channel>} when it is no longer needed.
@@ -56,8 +54,6 @@
  */
 @ThreadSafe
 public final class S2AHandshakerServiceChannel {
-  private static final ConcurrentMap<String, Resource<Channel>> SHARED_RESOURCE_CHANNELS =
-      Maps.newConcurrentMap();
   private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10);
 
   /**
@@ -72,9 +68,7 @@ public final class S2AHandshakerServiceChannel {
   public static Resource<Channel> getChannelResource(
       String s2aAddress, ChannelCredentials s2aChannelCredentials) {
     checkNotNull(s2aAddress);
-    checkNotNull(s2aChannelCredentials);
-    return SHARED_RESOURCE_CHANNELS.computeIfAbsent(
-        s2aAddress, channelResource -> new ChannelResource(s2aAddress, s2aChannelCredentials));
+    return new ChannelResource(s2aAddress, s2aChannelCredentials);
   }
 
   /**
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java b/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java
index 59e3931d9e6..129cc2d60f1 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java
@@ -16,36 +16,11 @@
 
 package io.grpc.s2a.handshaker;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableSet;
 
 /** Converts proto messages to Netty strings. */
 final class ProtoUtil {
-  /**
-   * Converts {@link Ciphersuite} to its {@link String} representation.
-   *
-   * @param ciphersuite the {@link Ciphersuite} to be converted.
-   * @return a {@link String} representing the ciphersuite.
-   * @throws AssertionError if the {@link Ciphersuite} is not one of the supported ciphersuites.
-   */
-  static String convertCiphersuite(Ciphersuite ciphersuite) {
-    switch (ciphersuite) {
-      case CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
-        return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
-      case CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
-        return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
-      case CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
-        return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
-      case CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
-        return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
-      case CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
-        return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
-      case CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
-        return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
-      default:
-        throw new AssertionError(
-            String.format("Ciphersuite %d is not supported.", ciphersuite.getNumber()));
-    }
-  }
 
   /**
    * Converts a {@link TLSVersion} object to its {@link String} representation.
@@ -54,6 +29,7 @@ static String convertCiphersuite(Ciphersuite ciphersuite) {
    * @return a {@link String} representation of the TLS version.
    * @throws AssertionError if the {@code tlsVersion} is not one of the supported TLS versions.
    */
+  @VisibleForTesting
   static String convertTlsProtocolVersion(TLSVersion tlsVersion) {
     switch (tlsVersion) {
       case TLS_VERSION_1_3:
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
index 8249ca59d09..bf9b866ef93 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
@@ -84,6 +84,7 @@ BlockingQueue<Result> getResponses() {
    * @throws IOException if an unexpected response is received, or if the {@code reader} or {@code
    *     writer} calls their {@code onError} method.
    */
+  @SuppressWarnings("CheckReturnValue")
   public SessionResp send(SessionReq req) throws IOException, InterruptedException {
     if (doneWriting && doneReading) {
       logger.log(Level.INFO, "Stream to the S2A is closed.");
@@ -92,9 +93,8 @@ public SessionResp send(SessionReq req) throws IOException, InterruptedException
     createWriterIfNull();
     if (!responses.isEmpty()) {
       IOException exception = null;
-      SessionResp resp = null;
       try {
-        resp = responses.take().getResultOrThrow();
+        responses.take().getResultOrThrow();
       } catch (IOException e) {
         exception = e;
       }
@@ -104,14 +104,15 @@ public SessionResp send(SessionReq req) throws IOException, InterruptedException
             "Received an unexpected response from a host at the S2A's address. The S2A might be"
                 + " unavailable."
                 + exception.getMessage());
+      } else {
+        throw new IOException("Received an unexpected response from a host at the S2A's address.");
       }
-      return resp;
     }
     try {
       writer.onNext(req);
     } catch (RuntimeException e) {
       writer.onError(e);
-      responses.offer(Result.createWithThrowable(e));
+      responses.add(Result.createWithThrowable(e));
     }
     try {
       return responses.take().getResultOrThrow();
@@ -159,7 +160,7 @@ private class Reader implements StreamObserver<SessionResp> {
     @Override
     public void onNext(SessionResp resp) {
       verify(!doneReading);
-      responses.offer(Result.createWithResponse(resp));
+      responses.add(Result.createWithResponse(resp));
     }
 
     /**
@@ -169,7 +170,7 @@ public void onNext(SessionResp resp) {
      */
     @Override
     public void onError(Throwable t) {
-      responses.offer(Result.createWithThrowable(t));
+      responses.add(Result.createWithThrowable(t));
     }
 
     /**
@@ -180,7 +181,7 @@ public void onError(Throwable t) {
     public void onCompleted() {
       logger.log(Level.INFO, "Reading from the S2A is complete.");
       doneReading = true;
-      responses.offer(
+      responses.add(
           Result.createWithThrowable(
               new ConnectionClosedException("Reading from the S2A is complete.")));
     }
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java
index 94549d11c87..da75cf0d4dd 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java
@@ -27,7 +27,6 @@ public final class AccessTokenManager {
   private final TokenFetcher tokenFetcher;
 
   /** Creates an {@code AccessTokenManager} based on the environment where the application runs. */
-  @SuppressWarnings("RethrowReflectiveOperationExceptionAsLinkageError")
   public static Optional<AccessTokenManager> create() {
     Optional<?> tokenFetcher;
     try {
@@ -38,7 +37,7 @@ public static Optional<AccessTokenManager> create() {
     } catch (ClassNotFoundException e) {
       tokenFetcher = Optional.empty();
     } catch (ReflectiveOperationException e) {
-      throw new AssertionError(e);
+      throw new LinkageError(e.getMessage(), e);
     }
     return tokenFetcher.isPresent()
         ? Optional.of(new AccessTokenManager((TokenFetcher) tokenFetcher.get()))
diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
index 7845e7c3bcb..7281adb9794 100644
--- a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
@@ -89,10 +89,10 @@ public void getChannelResource_mtlsSuccess() throws Exception {
 
   /**
    * Creates two {@code Resoure<Channel>}s for the same target address and verifies that they are
-   * equal.
+   * distinct.
    */
   @Test
-  public void getChannelResource_twoEqualChannels() {
+  public void getChannelResource_twoUnEqualChannels() {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
@@ -101,19 +101,19 @@ public void getChannelResource_twoEqualChannels() {
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
             InsecureChannelCredentials.create());
-    assertThat(resource).isEqualTo(resourceTwo);
+    assertThat(resource).isNotEqualTo(resourceTwo);
   }
 
-  /** Same as getChannelResource_twoEqualChannels, but use mTLS. */
+  /** Same as getChannelResource_twoUnEqualChannels, but use mTLS. */
   @Test
-  public void getChannelResource_mtlsTwoEqualChannels() throws Exception {
+  public void getChannelResource_mtlsTwoUnEqualChannels() throws Exception {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
     Resource<Channel> resourceTwo =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
-    assertThat(resource).isEqualTo(resourceTwo);
+    assertThat(resource).isNotEqualTo(resourceTwo);
   }
 
   /**
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java
index 66f636ada22..d630f57d90d 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java
@@ -17,6 +17,7 @@
 package io.grpc.s2a.handshaker;
 
 import io.grpc.stub.StreamObserver;
+import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.util.logging.Logger;
@@ -38,7 +39,11 @@ public StreamObserver<SessionReq> setUpSession(StreamObserver<SessionResp> respo
       @Override
       public void onNext(SessionReq req) {
         logger.info("Received a request from client.");
-        responseObserver.onNext(writer.handleResponse(req));
+        try {
+          responseObserver.onNext(writer.handleResponse(req));
+        } catch (IOException e) {
+          responseObserver.onError(e);
+        }
       }
 
       @Override
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java
index e200d119867..a8868744f80 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java
@@ -29,6 +29,9 @@
 import io.grpc.benchmarks.Utils;
 import io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
 import io.grpc.stub.StreamObserver;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -45,9 +48,7 @@ public final class FakeS2AServerTest {
   private static final Logger logger = Logger.getLogger(FakeS2AServerTest.class.getName());
 
   private static final ImmutableList<ByteString> FAKE_CERT_DER_CHAIN =
-      ImmutableList.of(
-          ByteString.copyFrom(
-              new byte[] {'f', 'a', 'k', 'e', '-', 'd', 'e', 'r', '-', 'c', 'h', 'a', 'i', 'n'}));
+      ImmutableList.of(ByteString.copyFrom("fake-der-chain".getBytes(StandardCharsets.US_ASCII)));
   private int port;
   private String serverAddress;
   private SessionResp response = null;
@@ -68,7 +69,7 @@ public void tearDown() {
 
   @Test
   public void callS2AServerOnce_getTlsConfiguration_returnsValidResult()
-      throws InterruptedException {
+      throws InterruptedException, IOException {
     ExecutorService executor = Executors.newSingleThreadExecutor();
     logger.info("Client connecting to: " + serverAddress);
     ManagedChannel channel =
@@ -122,9 +123,12 @@ public void onCompleted() {}
                 GetTlsConfigurationResp.newBuilder()
                     .setClientTlsConfiguration(
                         GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                            .addCertificateChain(FakeWriter.LEAF_CERT)
-                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_2)
-                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_1)
+                            .addCertificateChain(new String(Files.readAllBytes(
+                              FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
+                            .addCertificateChain(new String(Files.readAllBytes(
+                              FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
+                            .addCertificateChain(new String(Files.readAllBytes(
+                              FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
                             .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3)
                             .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3)
                             .addCiphersuites(
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java
index 45961b81b7b..b0e84fdf962 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java
@@ -23,7 +23,10 @@
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import com.google.protobuf.ByteString;
 import io.grpc.stub.StreamObserver;
+import java.io.File;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
@@ -50,59 +53,18 @@ enum VerificationResult {
     FAILURE
   }
 
-  public static final String LEAF_CERT =
-      "-----BEGIN CERTIFICATE-----\n"
-          + "MIICkDCCAjagAwIBAgIUSAtcrPhNNs1zxv51lIfGOVtkw6QwCgYIKoZIzj0EAwIw\n"
-          + "QTEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxFDAS\n"
-          + "BgorBgEEAdZ5AggBDAQyMDIyMCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIz\n"
-          + "NjA0WjARMQ8wDQYDVQQDDAZ1bnVzZWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n"
-          + "AAQGFlJpLxJMh4HuUm0DKjnUF7larH3tJvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jz\n"
-          + "U98eDRXG5f4VjnX98DDHE4Ido4IBODCCATQwDgYDVR0PAQH/BAQDAgeAMCAGA1Ud\n"
-          + "JQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMIGxBgNV\n"
-          + "HREBAf8EgaYwgaOGSnNwaWZmZTovL3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJp\n"
-          + "dHktcmVhbG0ucHJvZC5nb29nbGUuY29tL3JvbGUvbGVhZi1yb2xlgjNzaWduZXIt\n"
-          + "cm9sZS5jb250ZXh0LnNlY3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2eCIGZx\n"
-          + "ZG4tb2YtdGhlLW5vZGUucHJvZC5nb29nbGUuY29tMB0GA1UdDgQWBBSWSd5Fw6dI\n"
-          + "TGpt0m1Uxwf0iKqebzAfBgNVHSMEGDAWgBRm5agVVdpWfRZKM7u6OMuzHhqPcDAK\n"
-          + "BggqhkjOPQQDAgNIADBFAiB0sjRPSYy2eFq8Y0vQ8QN4AZ2NMajskvxnlifu7O4U\n"
-          + "RwIhANTh5Fkyx2nMYFfyl+W45dY8ODTw3HnlZ4b51hTAdkWl\n"
-          + "-----END CERTIFICATE-----";
-  public static final String INTERMEDIATE_CERT_2 =
-      "-----BEGIN CERTIFICATE-----\n"
-          + "MIICQjCCAeigAwIBAgIUKxXRDlnWXefNV5lj5CwhDuXEq7MwCgYIKoZIzj0EAwIw\n"
-          + "OzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxDjAM\n"
-          + "BgNVBAMMBTEyMzQ1MCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIzNjA0WjBB\n"
-          + "MRcwFQYDVQQKDA5zZWN1cml0eS1yZWFsbTEQMA4GA1UECwwHY29udGV4dDEUMBIG\n"
-          + "CisGAQQB1nkCCAEMBDIwMjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT/Zu7x\n"
-          + "UYVyg+T/vg2H+y4I6t36Kc4qxD0eqqZjRLYBVKkUQHxBqc14t0DpoROMYQCNd4DF\n"
-          + "pcxv/9m6DaJbRk6Ao4HBMIG+MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG\n"
-          + "AQH/AgEBMFgGA1UdHgEB/wROMEygSjA1gjNzaWduZXItcm9sZS5jb250ZXh0LnNl\n"
-          + "Y3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2cwEYIPcHJvZC5nb29nbGUuY29t\n"
-          + "MB0GA1UdDgQWBBRm5agVVdpWfRZKM7u6OMuzHhqPcDAfBgNVHSMEGDAWgBQcjNAh\n"
-          + "SCHTj+BW8KrzSSLo2ASEgjAKBggqhkjOPQQDAgNIADBFAiEA6KyGd9VxXDZceMZG\n"
-          + "IsbC40rtunFjLYI0mjZw9RcRWx8CIHCIiIHxafnDaCi+VB99NZfzAdu37g6pJptB\n"
-          + "gjIY71MO\n"
-          + "-----END CERTIFICATE-----";
-  public static final String INTERMEDIATE_CERT_1 =
-      "-----BEGIN CERTIFICATE-----\n"
-          + "MIICODCCAd6gAwIBAgIUXtZECORWRSKnS9rRTJYkiALUXswwCgYIKoZIzj0EAwIw\n"
-          + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n"
-          + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDsxFzAV\n"
-          + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMRAwDgYDVQQLDAdjb250ZXh0MQ4wDAYDVQQD\n"
-          + "DAUxMjM0NTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAycVTZrjockbpD59f1a\n"
-          + "4l1SNL7nSyXz66Guz4eDveQqLmaMBg7vpACfO4CtiAGnolHEffuRtSkdM434m5En\n"
-          + "bXCjgcEwgb4wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwWAYD\n"
-          + "VR0eAQH/BE4wTKBKMDWCM3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJpdHktcmVh\n"
-          + "bG0ucHJvZC5zcGlmZmUuZ29vZzARgg9wcm9kLmdvb2dsZS5jb20wHQYDVR0OBBYE\n"
-          + "FByM0CFIIdOP4FbwqvNJIujYBISCMB8GA1UdIwQYMBaAFMX+vebuj/lYfYEC23IA\n"
-          + "8HoIW0HsMAoGCCqGSM49BAMCA0gAMEUCIQCfxeXEBd7UPmeImT16SseCRu/6cHxl\n"
-          + "kTDsq9sKZ+eXBAIgA+oViAVOUhUQO1/6Mjlczg8NmMy2vNtG4V/7g9dMMVU=\n"
-          + "-----END CERTIFICATE-----";
+  public static final File leafCertFile =
+      new File("src/test/resources/leaf_cert_ec.pem");
+  public static final File cert2File =
+      new File("src/test/resources/int_cert2_ec.pem");
+  public static final File cert1File =
+      new File("src/test/resources/int_cert1_ec.pem");
 
+  // src/test/resources/leaf_key_ec.pem
   private static final String PRIVATE_KEY =
-      "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqA2U0ld1OOHLMXWf"
-          + "uyN4GSaqhhudEIaKkll3rdIq0M+hRANCAAQGFlJpLxJMh4HuUm0DKjnUF7larH3t"
-          + "JvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jzU98eDRXG5f4VjnX98DDHE4Id";
+      "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgR2HBqtWTWu4NLiow"
+          + "ar8vh+9vAmCONE59C+jXNAb9r8ehRANCAATRM8ozcr8PTOVsZNWh+rTmJ6t+rODu"
+          + "g3LwWpUQq9h7AddjGlLrrTNrceOyO7nh9aEk5plKhs/h7PO8+vkEFsEx";
   private static final ImmutableMap<SignatureAlgorithm, String>
       ALGORITHM_TO_SIGNATURE_INSTANCE_IDENTIFIER =
           ImmutableMap.of(
@@ -167,24 +129,32 @@ void sendIoError() {
   }
 
   void sendGetTlsConfigResp() {
-    reader.onNext(
-        SessionResp.newBuilder()
-            .setGetTlsConfigurationResp(
-                GetTlsConfigurationResp.newBuilder()
-                    .setClientTlsConfiguration(
-                        GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                            .addCertificateChain(LEAF_CERT)
-                            .addCertificateChain(INTERMEDIATE_CERT_2)
-                            .addCertificateChain(INTERMEDIATE_CERT_1)
-                            .setMinTlsVersion(TLS_VERSION_1_3)
-                            .setMaxTlsVersion(TLS_VERSION_1_3)
-                            .addCiphersuites(
-                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
-                            .addCiphersuites(
-                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
-                            .addCiphersuites(
-                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
-            .build());
+    try {
+      reader.onNext(
+          SessionResp.newBuilder()
+              .setGetTlsConfigurationResp(
+                  GetTlsConfigurationResp.newBuilder()
+                      .setClientTlsConfiguration(
+                          GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                              .addCertificateChain(new String(Files.readAllBytes(
+                                FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
+                              .addCertificateChain(new String(Files.readAllBytes(
+                                FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
+                              .addCertificateChain(new String(Files.readAllBytes(
+                                FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
+                              .setMinTlsVersion(TLS_VERSION_1_3)
+                              .setMaxTlsVersion(TLS_VERSION_1_3)
+                              .addCiphersuites(
+                                  Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                              .addCiphersuites(
+                                  Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                              .addCiphersuites(
+                                  Ciphersuite
+                                  .CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
+              .build());
+    } catch (IOException e) {
+      reader.onError(e);
+    }
   }
 
   boolean isFakeWriterClosed() {
@@ -195,7 +165,11 @@ boolean isFakeWriterClosed() {
   public void onNext(SessionReq sessionReq) {
     switch (behavior) {
       case OK_STATUS:
-        reader.onNext(handleResponse(sessionReq));
+        try {
+          reader.onNext(handleResponse(sessionReq));
+        } catch (IOException e) {
+          reader.onError(e);
+        }
         break;
       case EMPTY_RESPONSE:
         reader.onNext(SessionResp.getDefaultInstance());
@@ -216,25 +190,36 @@ public void onNext(SessionReq sessionReq) {
         reader.onCompleted();
         break;
       case BAD_TLS_VERSION_RESPONSE:
-        reader.onNext(
-            SessionResp.newBuilder()
-                .setGetTlsConfigurationResp(
-                    GetTlsConfigurationResp.newBuilder()
-                        .setClientTlsConfiguration(
-                            GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                                .addCertificateChain(LEAF_CERT)
-                                .addCertificateChain(INTERMEDIATE_CERT_2)
-                                .addCertificateChain(INTERMEDIATE_CERT_1)
-                                .setMinTlsVersion(TLS_VERSION_1_3)
-                                .setMaxTlsVersion(TLS_VERSION_1_2)))
-                .build());
+        try {
+          reader.onNext(
+              SessionResp.newBuilder()
+                  .setGetTlsConfigurationResp(
+                      GetTlsConfigurationResp.newBuilder()
+                          .setClientTlsConfiguration(
+                              GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                                  .addCertificateChain(new String(Files.readAllBytes(
+                                    FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
+                                  .addCertificateChain(new String(Files.readAllBytes(
+                                    FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
+                                  .addCertificateChain(new String(Files.readAllBytes(
+                                    FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
+                                  .setMinTlsVersion(TLS_VERSION_1_3)
+                                  .setMaxTlsVersion(TLS_VERSION_1_2)))
+                  .build());
+        } catch (IOException e) {
+          reader.onError(e);
+        }
         break;
       default:
-        reader.onNext(handleResponse(sessionReq));
+        try {
+          reader.onNext(handleResponse(sessionReq));
+        } catch (IOException e) {
+          reader.onError(e);
+        }
     }
   }
 
-  SessionResp handleResponse(SessionReq sessionReq) {
+  SessionResp handleResponse(SessionReq sessionReq) throws IOException {
     if (sessionReq.hasGetTlsConfigurationReq()) {
       return handleGetTlsConfigurationReq(sessionReq.getGetTlsConfigurationReq());
     }
@@ -253,7 +238,8 @@ SessionResp handleResponse(SessionReq sessionReq) {
         .build();
   }
 
-  private SessionResp handleGetTlsConfigurationReq(GetTlsConfigurationReq req) {
+  private SessionResp handleGetTlsConfigurationReq(GetTlsConfigurationReq req)
+      throws IOException {
     if (!req.getConnectionSide().equals(ConnectionSide.CONNECTION_SIDE_CLIENT)) {
       return SessionResp.newBuilder()
           .setStatus(
@@ -267,9 +253,12 @@ private SessionResp handleGetTlsConfigurationReq(GetTlsConfigurationReq req) {
             GetTlsConfigurationResp.newBuilder()
                 .setClientTlsConfiguration(
                     GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                        .addCertificateChain(LEAF_CERT)
-                        .addCertificateChain(INTERMEDIATE_CERT_2)
-                        .addCertificateChain(INTERMEDIATE_CERT_1)
+                        .addCertificateChain(new String(Files.readAllBytes(
+                          FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
+                        .addCertificateChain(new String(Files.readAllBytes(
+                          FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
+                        .addCertificateChain(new String(Files.readAllBytes(
+                          FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
                         .setMinTlsVersion(TLS_VERSION_1_3)
                         .setMaxTlsVersion(TLS_VERSION_1_3)
                         .addCiphersuites(
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
index bae58f2f9ec..2a2b1f246ec 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
@@ -17,7 +17,6 @@
 package io.grpc.s2a.handshaker;
 
 import static com.google.common.truth.Truth.assertThat;
-import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.concurrent.TimeUnit.SECONDS;
 
 import io.grpc.ChannelCredentials;
@@ -42,7 +41,6 @@
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslProvider;
-import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.util.concurrent.FutureTask;
 import java.util.logging.Logger;
@@ -58,72 +56,12 @@
 public final class IntegrationTest {
   private static final Logger logger = Logger.getLogger(FakeS2AServer.class.getName());
 
-  private static final String CERT_CHAIN =
-      "-----BEGIN CERTIFICATE-----\n"
-        + "MIICkDCCAjagAwIBAgIUSAtcrPhNNs1zxv51lIfGOVtkw6QwCgYIKoZIzj0EAwIw\n"
-        + "QTEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxFDAS\n"
-        + "BgorBgEEAdZ5AggBDAQyMDIyMCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIz\n"
-        + "NjA0WjARMQ8wDQYDVQQDDAZ1bnVzZWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n"
-        + "AAQGFlJpLxJMh4HuUm0DKjnUF7larH3tJvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jz\n"
-        + "U98eDRXG5f4VjnX98DDHE4Ido4IBODCCATQwDgYDVR0PAQH/BAQDAgeAMCAGA1Ud\n"
-        + "JQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMIGxBgNV\n"
-        + "HREBAf8EgaYwgaOGSnNwaWZmZTovL3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJp\n"
-        + "dHktcmVhbG0ucHJvZC5nb29nbGUuY29tL3JvbGUvbGVhZi1yb2xlgjNzaWduZXIt\n"
-        + "cm9sZS5jb250ZXh0LnNlY3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2eCIGZx\n"
-        + "ZG4tb2YtdGhlLW5vZGUucHJvZC5nb29nbGUuY29tMB0GA1UdDgQWBBSWSd5Fw6dI\n"
-        + "TGpt0m1Uxwf0iKqebzAfBgNVHSMEGDAWgBRm5agVVdpWfRZKM7u6OMuzHhqPcDAK\n"
-        + "BggqhkjOPQQDAgNIADBFAiB0sjRPSYy2eFq8Y0vQ8QN4AZ2NMajskvxnlifu7O4U\n"
-        + "RwIhANTh5Fkyx2nMYFfyl+W45dY8ODTw3HnlZ4b51hTAdkWl\n"
-        + "-----END CERTIFICATE-----\n"
-        + "-----BEGIN CERTIFICATE-----\n"
-        + "MIICQjCCAeigAwIBAgIUKxXRDlnWXefNV5lj5CwhDuXEq7MwCgYIKoZIzj0EAwIw\n"
-        + "OzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxDjAM\n"
-        + "BgNVBAMMBTEyMzQ1MCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIzNjA0WjBB\n"
-        + "MRcwFQYDVQQKDA5zZWN1cml0eS1yZWFsbTEQMA4GA1UECwwHY29udGV4dDEUMBIG\n"
-        + "CisGAQQB1nkCCAEMBDIwMjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT/Zu7x\n"
-        + "UYVyg+T/vg2H+y4I6t36Kc4qxD0eqqZjRLYBVKkUQHxBqc14t0DpoROMYQCNd4DF\n"
-        + "pcxv/9m6DaJbRk6Ao4HBMIG+MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG\n"
-        + "AQH/AgEBMFgGA1UdHgEB/wROMEygSjA1gjNzaWduZXItcm9sZS5jb250ZXh0LnNl\n"
-        + "Y3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2cwEYIPcHJvZC5nb29nbGUuY29t\n"
-        + "MB0GA1UdDgQWBBRm5agVVdpWfRZKM7u6OMuzHhqPcDAfBgNVHSMEGDAWgBQcjNAh\n"
-        + "SCHTj+BW8KrzSSLo2ASEgjAKBggqhkjOPQQDAgNIADBFAiEA6KyGd9VxXDZceMZG\n"
-        + "IsbC40rtunFjLYI0mjZw9RcRWx8CIHCIiIHxafnDaCi+VB99NZfzAdu37g6pJptB\n"
-        + "gjIY71MO\n"
-        + "-----END CERTIFICATE-----\n"
-        + "-----BEGIN CERTIFICATE-----\n"
-        + "MIICODCCAd6gAwIBAgIUXtZECORWRSKnS9rRTJYkiALUXswwCgYIKoZIzj0EAwIw\n"
-        + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n"
-        + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDsxFzAV\n"
-        + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMRAwDgYDVQQLDAdjb250ZXh0MQ4wDAYDVQQD\n"
-        + "DAUxMjM0NTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAycVTZrjockbpD59f1a\n"
-        + "4l1SNL7nSyXz66Guz4eDveQqLmaMBg7vpACfO4CtiAGnolHEffuRtSkdM434m5En\n"
-        + "bXCjgcEwgb4wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwWAYD\n"
-        + "VR0eAQH/BE4wTKBKMDWCM3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJpdHktcmVh\n"
-        + "bG0ucHJvZC5zcGlmZmUuZ29vZzARgg9wcm9kLmdvb2dsZS5jb20wHQYDVR0OBBYE\n"
-        + "FByM0CFIIdOP4FbwqvNJIujYBISCMB8GA1UdIwQYMBaAFMX+vebuj/lYfYEC23IA\n"
-        + "8HoIW0HsMAoGCCqGSM49BAMCA0gAMEUCIQCfxeXEBd7UPmeImT16SseCRu/6cHxl\n"
-        + "kTDsq9sKZ+eXBAIgA+oViAVOUhUQO1/6Mjlczg8NmMy2vNtG4V/7g9dMMVU=\n"
-        + "-----END CERTIFICATE-----";
-  private static final String ROOT_PEM =
-      "-----BEGIN CERTIFICATE-----\n"
-        + "MIIBtTCCAVqgAwIBAgIUbAe+8OocndQXRBCElLBxBSdfdV8wCgYIKoZIzj0EAwIw\n"
-        + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n"
-        + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDcxFzAV\n"
-        + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMQ0wCwYDVQQLDARyb290MQ0wCwYDVQQDDAQx\n"
-        + "MjM0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaMY2tBW5r1t0+vhayz0ZoGMF\n"
-        + "boX/ZmmCmIh0iTWg4madvwNOh74CMVVvDUlXZcuVqZ3vVIX/a7PTFVqUwQlKW6NC\n"
-        + "MEAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMX+\n"
-        + "vebuj/lYfYEC23IA8HoIW0HsMAoGCCqGSM49BAMCA0kAMEYCIQDETd27nsUTXKWY\n"
-        + "CiOno78O09gK95NoTkPU5e2chJYMqAIhALYFAyh7PU5xgFQsN9hiqgsHUc5/pmBG\n"
-        + "BGjJ1iz8rWGJ\n"
-        + "-----END CERTIFICATE-----";
-  private static final String PRIVATE_KEY =
-      "-----BEGIN PRIVATE KEY-----\n"
-        + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqA2U0ld1OOHLMXWf\n"
-        + "uyN4GSaqhhudEIaKkll3rdIq0M+hRANCAAQGFlJpLxJMh4HuUm0DKjnUF7larH3t\n"
-        + "JvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jzU98eDRXG5f4VjnX98DDHE4Id\n"
-        + "-----END PRIVATE KEY-----";
-
+  public static final File privateKeyFile =
+      new File("src/test/resources/leaf_key_ec.pem");
+  public static final File rootCertFile =
+      new File("src/test/resources/root_cert_ec.pem");
+  public static final File certChainFile =
+      new File("src/test/resources/cert_chain_ec.pem");
   private String s2aAddress;
   private Server s2aServer;
   private String s2aDelayAddress;
@@ -252,13 +190,11 @@ public static boolean doUnaryRpc(ManagedChannel channel) throws InterruptedExcep
 
   private static SslContext buildSslContext() throws SSLException {
     SslContextBuilder sslServerContextBuilder =
-        SslContextBuilder.forServer(
-            new ByteArrayInputStream(CERT_CHAIN.getBytes(UTF_8)),
-            new ByteArrayInputStream(PRIVATE_KEY.getBytes(UTF_8)));
+          SslContextBuilder.forServer(certChainFile, privateKeyFile);
     SslContext sslServerContext =
         GrpcSslContexts.configure(sslServerContextBuilder, SslProvider.OPENSSL)
             .protocols("TLSv1.3", "TLSv1.2")
-            .trustManager(new ByteArrayInputStream(ROOT_PEM.getBytes(UTF_8)))
+            .trustManager(rootCertFile)
             .clientAuth(ClientAuth.REQUIRE)
             .build();
 
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java
index 6d134b43f7a..f54063b9e04 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java
@@ -30,47 +30,6 @@
 public final class ProtoUtilTest {
   @Rule public final Expect expect = Expect.create();
 
-  @Test
-  public void convertCiphersuite_success() {
-    expect
-        .that(
-            ProtoUtil.convertCiphersuite(
-                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256))
-        .isEqualTo("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
-    expect
-        .that(
-            ProtoUtil.convertCiphersuite(
-                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384))
-        .isEqualTo("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
-    expect
-        .that(
-            ProtoUtil.convertCiphersuite(
-                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256))
-        .isEqualTo("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
-    expect
-        .that(
-            ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256))
-        .isEqualTo("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
-    expect
-        .that(
-            ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
-        .isEqualTo("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
-    expect
-        .that(
-            ProtoUtil.convertCiphersuite(
-                Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256))
-        .isEqualTo("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
-  }
-
-  @Test
-  public void convertCiphersuite_withUnspecifiedCiphersuite_fails() {
-    AssertionError expected =
-        assertThrows(
-            AssertionError.class,
-            () -> ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_UNSPECIFIED));
-    expect.that(expected).hasMessageThat().isEqualTo("Ciphersuite 0 is not supported.");
-  }
-
   @Test
   public void convertTlsProtocolVersion_success() {
     expect
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java
index 8252aa245d7..fc8d42d09c0 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java
@@ -30,6 +30,8 @@
 import io.netty.handler.ssl.OpenSslPrivateKeyMethod;
 import io.netty.handler.ssl.SslContextBuilder;
 import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.security.PublicKey;
 import java.security.Signature;
 import java.security.cert.CertificateFactory;
@@ -61,7 +63,8 @@ private static PublicKey extractPublicKeyFromPem(String pem) throws Exception {
   private static boolean verifySignature(
       byte[] dataToSign, byte[] signature, String signatureAlgorithm) throws Exception {
     Signature sig = Signature.getInstance(signatureAlgorithm);
-    sig.initVerify(extractPublicKeyFromPem(FakeWriter.LEAF_CERT));
+    sig.initVerify(extractPublicKeyFromPem(new String(
+        Files.readAllBytes(FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8)));
     sig.update(dataToSign);
     return sig.verify(signature);
   }
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
index 404910e8be0..fa6c4fc858d 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
@@ -50,6 +50,7 @@
 import io.netty.handler.codec.http2.Http2ConnectionEncoder;
 import io.netty.handler.codec.http2.Http2Settings;
 import io.netty.util.AsciiString;
+import java.io.IOException;
 import java.util.Optional;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -246,7 +247,11 @@ public StreamObserver<SessionReq> setUpSession(StreamObserver<SessionResp> respo
       return new StreamObserver<SessionReq>() {
         @Override
         public void onNext(SessionReq req) {
-          responseObserver.onNext(writer.handleResponse(req));
+          try {
+            responseObserver.onNext(writer.handleResponse(req));
+          } catch (IOException e) {
+            responseObserver.onError(e);
+          }
         }
 
         @Override
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
index 47fd154d949..a1daf9948a1 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
@@ -28,6 +28,8 @@
 import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -82,9 +84,12 @@ public void send_clientTlsConfiguration_receiveOkStatus() throws Exception {
                 GetTlsConfigurationResp.newBuilder()
                     .setClientTlsConfiguration(
                         GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                            .addCertificateChain(FakeWriter.LEAF_CERT)
-                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_2)
-                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_1)
+                            .addCertificateChain(new String(Files.readAllBytes(
+                              FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
+                            .addCertificateChain(new String(Files.readAllBytes(
+                              FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
+                            .addCertificateChain(new String(Files.readAllBytes(
+                              FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
                             .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3)
                             .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3)
                             .addCiphersuites(
@@ -189,26 +194,13 @@ public void send_receiveManyUnexpectedResponse_expectResponsesEmpty() throws Exc
   @Test
   public void send_receiveDelayedResponse() throws Exception {
     writer.sendGetTlsConfigResp();
-    SessionResp resp = stub.send(SessionReq.getDefaultInstance());
-    SessionResp expected =
-        SessionResp.newBuilder()
-            .setGetTlsConfigurationResp(
-                GetTlsConfigurationResp.newBuilder()
-                    .setClientTlsConfiguration(
-                        GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                            .addCertificateChain(FakeWriter.LEAF_CERT)
-                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_2)
-                            .addCertificateChain(FakeWriter.INTERMEDIATE_CERT_1)
-                            .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3)
-                            .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3)
-                            .addCiphersuites(
-                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
-                            .addCiphersuites(
-                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
-                            .addCiphersuites(
-                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
-            .build();
-    assertThat(resp).ignoringRepeatedFieldOrder().isEqualTo(expected);
+    IOException expectedException =
+        assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance()));
+    assertThat(expectedException)
+        .hasMessageThat()
+        .contains("Received an unexpected response from a host at the S2A's address.");
+
+    assertThat(stub.getResponses()).isEmpty();
   }
 
   @Test
diff --git a/s2a/src/test/resources/README.md b/s2a/src/test/resources/README.md
index 726b921a615..2250ffb1dec 100644
--- a/s2a/src/test/resources/README.md
+++ b/s2a/src/test/resources/README.md
@@ -29,4 +29,41 @@ Sign CSRs for server and client
 ```
 openssl x509 -req -CA root_cert.pem -CAkey root_key.pem -in server.csr -out server_cert.pem -days 7305 -extfile config.cnf -extensions req_ext
 openssl x509 -req -CA root_cert.pem -CAkey root_key.pem -in client.csr -out client_cert.pem -days 7305
+```
+
+Generate self-signed ECDSA root cert
+
+```
+openssl ecparam -name prime256v1 -genkey -noout -out temp.pem
+openssl pkcs8 -topk8 -in temp.pem -out root_key_ec.pem -nocrypt
+rm temp.pem
+openssl req -x509 -days 7305 -new -key root_key_ec.pem -nodes -out root_cert_ec.pem -config root_ec.cnf -extensions 'v3_req'
+```
+
+Generate a chain of ECDSA certs
+
+```
+openssl ecparam -name prime256v1 -genkey -noout -out temp.pem
+openssl pkcs8 -topk8 -in temp.pem -out int_key2_ec.pem -nocrypt
+rm temp.pem
+openssl req -key int_key2_ec.pem -new -out temp.csr -config int_cert2.cnf
+openssl x509 -req -days 7305 -in temp.csr -CA root_cert_ec.pem -CAkey root_key_ec.pem -CAcreateserial -out int_cert2_ec.pem -extfile int_cert2.cnf -extensions 'v3_req'
+
+
+openssl ecparam -name prime256v1 -genkey -noout -out temp.pem
+openssl pkcs8 -topk8 -in temp.pem -out int_key1_ec.pem -nocrypt
+rm temp.pem
+openssl req -key int_key1_ec.pem -new -out temp.csr -config int_cert1.cnf
+openssl x509 -req -days 7305 -in temp.csr -CA int_cert2_ec.pem -CAkey int_key2_ec.pem -CAcreateserial -out int_cert1_ec.pem -extfile int_cert1.cnf -extensions 'v3_req'
+
+
+openssl ecparam -name prime256v1 -genkey -noout -out temp.pem
+openssl pkcs8 -topk8 -in temp.pem -out leaf_key_ec.pem -nocrypt
+rm temp.pem
+openssl req -key leaf_key_ec.pem -new -out temp.csr -config leaf.cnf
+openssl x509 -req -days 7305 -in temp.csr -CA int_cert1_ec.pem -CAkey int_key1_ec.pem -CAcreateserial -out leaf_cert_ec.pem -extfile leaf.cnf -extensions 'v3_req'
+```
+
+```
+cat leaf_cert_ec.pem int_cert1_ec.pem int_cert2_ec.pem > cert_chain_ec.pem
 ```
\ No newline at end of file
diff --git a/s2a/src/test/resources/cert_chain_ec.pem b/s2a/src/test/resources/cert_chain_ec.pem
new file mode 100644
index 00000000000..0e097d39bf2
--- /dev/null
+++ b/s2a/src/test/resources/cert_chain_ec.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIB0jCCAXigAwIBAgIUBV1dftEhhEMTI83L6jpeJn2tuyQwCgYIKoZIzj0EAwIw
+JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
+OTIzMDQwMFoXDTQ0MDkxOTIzMDQwMFowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
+b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0TPKM3K/
+D0zlbGTVofq05ierfqzg7oNy8FqVEKvYewHXYxpS660za3Hjsju54fWhJOaZSobP
+4ezzvPr5BBbBMaOBgzCBgDAOBgNVHQ8BAf8EBAMCB4AwIAYDVR0lAQH/BBYwFAYI
+KwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPvP7dnB
+dg8ZoLB0w62tbvoIRRHPMB8GA1UdIwQYMBaAFHeH+MNh2fgyjNHYP9hLAv9Sl1yD
+MAoGCCqGSM49BAMCA0gAMEUCIBcsImaxeFjxFXCXYNQJnde+rsEOgbeAHrAC0SZQ
+NlB2AiEA4epDhw/o+6BfgDbqlZsNEHkScPrwupnBQGLQlmNJe2c=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB1zCCAX6gAwIBAgIUW4GYHncSLeb7Tmw7FMjX/DesReIwCgYIKoZIzj0EAwIw
+JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
+OTIzMDA0MVoXDTQ0MDkxOTIzMDA0MVowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
+b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAqtg2E+h
+Wfr5dnewqsCLwM0PohkB83Gh7V3i/TPFkNKF/V6pKdz5a3Z8sicG+g7uJX+eyOoD
+43Z8woO7MgJl8aOBiTCBhjAOBgNVHQ8BAf8EBAMCAQYwIAYDVR0lAQH/BBYwFAYI
+KwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE
+FHeH+MNh2fgyjNHYP9hLAv9Sl1yDMB8GA1UdIwQYMBaAFP+PTOryxis9d7HVfqhP
+MyMEgMZOMAoGCCqGSM49BAMCA0cAMEQCIHbzJvxHMIDPBRi1e047K0mqKKBSfViS
+guiDSoQ5g5OuAiBT5ePqDLs4PyrK6XFkiEWoRX8Z5T9y419Go+fpLM+DaA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB1zCCAX6gAwIBAgIUBBKkTrqFxQUist2pK2uj8/DRnKMwCgYIKoZIzj0EAwIw
+JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
+OTIyNTYwNloXDTQ0MDkxOTIyNTYwNlowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
+b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFW7/Te2z
+jS8KlpF8RMMYaZtKf6EZlrZIIo5SO9j6baAKXVna9LmDCrzXnOLIeqOuZq0ODizU
+i4DFALB2yd5BkaOBiTCBhjAOBgNVHQ8BAf8EBAMCAQYwIAYDVR0lAQH/BBYwFAYI
+KwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYE
+FP+PTOryxis9d7HVfqhPMyMEgMZOMB8GA1UdIwQYMBaAFFITbB0BULPtynN9SMki
+lEarWxcKMAoGCCqGSM49BAMCA0cAMEQCIHK4cTTx4Ti7Te9hA9VVtHoMCt5fL4Cl
+XnQR6D5xW4pPAiAQ+CilQdZUhVK5bU6wbrwLgcwf+40ETK/KASId5970rQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_cert1_.cnf b/s2a/src/test/resources/int_cert1_.cnf
new file mode 100644
index 00000000000..8eaf6570da1
--- /dev/null
+++ b/s2a/src/test/resources/int_cert1_.cnf
@@ -0,0 +1,14 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+O = o
+OU = ou
+CN = cn
+
+[v3_req]
+keyUsage = critical, keyCertSign, cRLSign
+extendedKeyUsage = critical, clientAuth, serverAuth
+basicConstraints = critical, CA:true, pathlen: 1
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_cert1_ec.pem b/s2a/src/test/resources/int_cert1_ec.pem
new file mode 100644
index 00000000000..980de5aa900
--- /dev/null
+++ b/s2a/src/test/resources/int_cert1_ec.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1zCCAX6gAwIBAgIUW4GYHncSLeb7Tmw7FMjX/DesReIwCgYIKoZIzj0EAwIw
+JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
+OTIzMDA0MVoXDTQ0MDkxOTIzMDA0MVowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
+b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAqtg2E+h
+Wfr5dnewqsCLwM0PohkB83Gh7V3i/TPFkNKF/V6pKdz5a3Z8sicG+g7uJX+eyOoD
+43Z8woO7MgJl8aOBiTCBhjAOBgNVHQ8BAf8EBAMCAQYwIAYDVR0lAQH/BBYwFAYI
+KwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE
+FHeH+MNh2fgyjNHYP9hLAv9Sl1yDMB8GA1UdIwQYMBaAFP+PTOryxis9d7HVfqhP
+MyMEgMZOMAoGCCqGSM49BAMCA0cAMEQCIHbzJvxHMIDPBRi1e047K0mqKKBSfViS
+guiDSoQ5g5OuAiBT5ePqDLs4PyrK6XFkiEWoRX8Z5T9y419Go+fpLM+DaA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_cert2.cnf b/s2a/src/test/resources/int_cert2.cnf
new file mode 100644
index 00000000000..c6a2559ce10
--- /dev/null
+++ b/s2a/src/test/resources/int_cert2.cnf
@@ -0,0 +1,14 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+O = o
+OU = ou
+CN = cn
+
+[v3_req]
+keyUsage = critical, keyCertSign, cRLSign
+extendedKeyUsage = critical, clientAuth, serverAuth
+basicConstraints = critical, CA:true, pathlen: 2
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_cert2_ec.pem b/s2a/src/test/resources/int_cert2_ec.pem
new file mode 100644
index 00000000000..574fa0195de
--- /dev/null
+++ b/s2a/src/test/resources/int_cert2_ec.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1zCCAX6gAwIBAgIUBBKkTrqFxQUist2pK2uj8/DRnKMwCgYIKoZIzj0EAwIw
+JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
+OTIyNTYwNloXDTQ0MDkxOTIyNTYwNlowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
+b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFW7/Te2z
+jS8KlpF8RMMYaZtKf6EZlrZIIo5SO9j6baAKXVna9LmDCrzXnOLIeqOuZq0ODizU
+i4DFALB2yd5BkaOBiTCBhjAOBgNVHQ8BAf8EBAMCAQYwIAYDVR0lAQH/BBYwFAYI
+KwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYE
+FP+PTOryxis9d7HVfqhPMyMEgMZOMB8GA1UdIwQYMBaAFFITbB0BULPtynN9SMki
+lEarWxcKMAoGCCqGSM49BAMCA0cAMEQCIHK4cTTx4Ti7Te9hA9VVtHoMCt5fL4Cl
+XnQR6D5xW4pPAiAQ+CilQdZUhVK5bU6wbrwLgcwf+40ETK/KASId5970rQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_key1_ec.pem b/s2a/src/test/resources/int_key1_ec.pem
new file mode 100644
index 00000000000..7ff3864746b
--- /dev/null
+++ b/s2a/src/test/resources/int_key1_ec.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLIQUM1HkFM/LWND8
+jCZ4wHXjFZ1ZZmQolahkZB0O1VChRANCAAQCq2DYT6FZ+vl2d7CqwIvAzQ+iGQHz
+caHtXeL9M8WQ0oX9Xqkp3PlrdnyyJwb6Du4lf57I6gPjdnzCg7syAmXx
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_key2_ec.pem b/s2a/src/test/resources/int_key2_ec.pem
new file mode 100644
index 00000000000..7f529ae855f
--- /dev/null
+++ b/s2a/src/test/resources/int_key2_ec.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGfm6kyaAMMrmYGhS
+jxprBwtcZdP6qXlU1cVIO5bOT8qhRANCAAQVbv9N7bONLwqWkXxEwxhpm0p/oRmW
+tkgijlI72PptoApdWdr0uYMKvNec4sh6o65mrQ4OLNSLgMUAsHbJ3kGR
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/leaf.cnf b/s2a/src/test/resources/leaf.cnf
new file mode 100644
index 00000000000..d5b373cbc71
--- /dev/null
+++ b/s2a/src/test/resources/leaf.cnf
@@ -0,0 +1,14 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+O = o
+OU = ou
+CN = cn
+
+[v3_req]
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, clientAuth, serverAuth
+basicConstraints = critical, CA:false
\ No newline at end of file
diff --git a/s2a/src/test/resources/leaf_cert_ec.pem b/s2a/src/test/resources/leaf_cert_ec.pem
new file mode 100644
index 00000000000..39692b95fda
--- /dev/null
+++ b/s2a/src/test/resources/leaf_cert_ec.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB0jCCAXigAwIBAgIUBV1dftEhhEMTI83L6jpeJn2tuyQwCgYIKoZIzj0EAwIw
+JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
+OTIzMDQwMFoXDTQ0MDkxOTIzMDQwMFowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
+b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0TPKM3K/
+D0zlbGTVofq05ierfqzg7oNy8FqVEKvYewHXYxpS660za3Hjsju54fWhJOaZSobP
+4ezzvPr5BBbBMaOBgzCBgDAOBgNVHQ8BAf8EBAMCB4AwIAYDVR0lAQH/BBYwFAYI
+KwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPvP7dnB
+dg8ZoLB0w62tbvoIRRHPMB8GA1UdIwQYMBaAFHeH+MNh2fgyjNHYP9hLAv9Sl1yD
+MAoGCCqGSM49BAMCA0gAMEUCIBcsImaxeFjxFXCXYNQJnde+rsEOgbeAHrAC0SZQ
+NlB2AiEA4epDhw/o+6BfgDbqlZsNEHkScPrwupnBQGLQlmNJe2c=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/leaf_key_ec.pem b/s2a/src/test/resources/leaf_key_ec.pem
new file mode 100644
index 00000000000..d90ad8f4db8
--- /dev/null
+++ b/s2a/src/test/resources/leaf_key_ec.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgR2HBqtWTWu4NLiow
+ar8vh+9vAmCONE59C+jXNAb9r8ehRANCAATRM8ozcr8PTOVsZNWh+rTmJ6t+rODu
+g3LwWpUQq9h7AddjGlLrrTNrceOyO7nh9aEk5plKhs/h7PO8+vkEFsEx
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_cert_ec.pem b/s2a/src/test/resources/root_cert_ec.pem
new file mode 100644
index 00000000000..0dd465e8e90
--- /dev/null
+++ b/s2a/src/test/resources/root_cert_ec.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBrzCCAVWgAwIBAgIUGV+9j5V61CZaa6mbrchDag5miEQwCgYIKoZIzj0EAwIw
+JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
+OTIyNDMwOFoXDTQ0MDkxOTIyNDMwOFowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
+b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDVPIq1ds
+/MX52CX9YU1RdEeM89YP4o3BN8OiP2O4qcuc11k4Qu4Mo4RWeN9OJpNElTQJ0K8n
+/rIvbmw8AIMquaNhMF8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRSE2wdAVCz
+7cpzfUjJIpRGq1sXCjAKBggqhkjOPQQDAgNIADBFAiEA1TEfHWArDnepmtMDQ4wd
+Q3uqPrV2Ye2KMO67/BHEGIQCIFu3JutXYYVU/CinwH89AJW+FJ7zokaPjCDkbiOH
++h+H
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_ec.cnf b/s2a/src/test/resources/root_ec.cnf
new file mode 100644
index 00000000000..bee0b80a166
--- /dev/null
+++ b/s2a/src/test/resources/root_ec.cnf
@@ -0,0 +1,14 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+O = o
+OU = ou
+CN = cn
+
+[v3_req]
+keyUsage = critical, keyCertSign, cRLSign
+extendedKeyUsage = serverAuth, clientAuth
+basicConstraints = critical, CA:true
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_key_ec.pem b/s2a/src/test/resources/root_key_ec.pem
new file mode 100644
index 00000000000..ef5ee1445f9
--- /dev/null
+++ b/s2a/src/test/resources/root_key_ec.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgd5oZmQBOtMF0xfc3
+uRuw5EDhA1thJKKeHfrij9FMkfahRANCAAQNU8irV2z8xfnYJf1hTVF0R4zz1g/i
+jcE3w6I/Y7ipy5zXWThC7gyjhFZ4304mk0SVNAnQryf+si9ubDwAgyq5
+-----END PRIVATE KEY-----
\ No newline at end of file

From d169a5de6fb94e974fd77ebabde52f01bc7aaca0 Mon Sep 17 00:00:00 2001
From: yifeizhuang <yifeizhuang@gmail.com>
Date: Fri, 27 Sep 2024 17:22:38 -0700
Subject: [PATCH 021/591] interop-test: add opentelemetry tracing context
 propagation test (#11538)

---
 interop-testing/build.gradle                  |   1 +
 .../OpenTelemetryContextPropagationTest.java  | 191 ++++++++++++++++++
 2 files changed, 192 insertions(+)
 create mode 100644 interop-testing/src/test/java/io/grpc/testing/integration/OpenTelemetryContextPropagationTest.java

diff --git a/interop-testing/build.gradle b/interop-testing/build.gradle
index a19efb00155..a85aec97adf 100644
--- a/interop-testing/build.gradle
+++ b/interop-testing/build.gradle
@@ -13,6 +13,7 @@ dependencies {
     implementation project(path: ':grpc-alts', configuration: 'shadow'),
             project(':grpc-auth'),
             project(':grpc-census'),
+            project(':grpc-opentelemetry'),
             project(':grpc-gcp-csm-observability'),
             project(':grpc-netty'),
             project(':grpc-okhttp'),
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/OpenTelemetryContextPropagationTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/OpenTelemetryContextPropagationTest.java
new file mode 100644
index 00000000000..3884d977a6e
--- /dev/null
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/OpenTelemetryContextPropagationTest.java
@@ -0,0 +1,191 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.testing.integration;
+
+import static org.junit.Assert.assertEquals;
+
+import io.grpc.ForwardingServerCallListener;
+import io.grpc.InsecureServerCredentials;
+import io.grpc.ManagedChannelBuilder;
+import io.grpc.Metadata;
+import io.grpc.ServerBuilder;
+import io.grpc.ServerCall;
+import io.grpc.ServerCallHandler;
+import io.grpc.ServerInterceptor;
+import io.grpc.netty.InternalNettyChannelBuilder;
+import io.grpc.netty.NettyChannelBuilder;
+import io.grpc.netty.NettyServerBuilder;
+import io.grpc.opentelemetry.GrpcOpenTelemetry;
+import io.grpc.opentelemetry.GrpcTraceBinContextPropagator;
+import io.grpc.opentelemetry.InternalGrpcOpenTelemetry;
+import io.grpc.testing.integration.Messages.SimpleRequest;
+import io.opentelemetry.api.trace.Span;
+import io.opentelemetry.api.trace.Tracer;
+import io.opentelemetry.api.trace.propagation.W3CTraceContextPropagator;
+import io.opentelemetry.context.Context;
+import io.opentelemetry.context.Scope;
+import io.opentelemetry.context.propagation.ContextPropagators;
+import io.opentelemetry.context.propagation.TextMapPropagator;
+import io.opentelemetry.sdk.OpenTelemetrySdk;
+import io.opentelemetry.sdk.trace.SdkTracerProvider;
+import java.util.Arrays;
+import java.util.concurrent.atomic.AtomicReference;
+import org.junit.Assume;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class OpenTelemetryContextPropagationTest extends AbstractInteropTest {
+  private final OpenTelemetrySdk openTelemetrySdk;
+  private final Tracer tracer;
+  private final GrpcOpenTelemetry grpcOpenTelemetry;
+  private final AtomicReference<Span> applicationSpan = new AtomicReference<>();
+  private final boolean censusClient;
+
+  @Parameterized.Parameters(name = "ContextPropagator={0}, CensusClient={1}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {
+        {W3CTraceContextPropagator.getInstance(), false},
+        {GrpcTraceBinContextPropagator.defaultInstance(), false},
+        {GrpcTraceBinContextPropagator.defaultInstance(), true}
+    });
+  }
+
+  public OpenTelemetryContextPropagationTest(TextMapPropagator textMapPropagator,
+                                             boolean isCensusClient) {
+    this.openTelemetrySdk = OpenTelemetrySdk.builder()
+        .setTracerProvider(SdkTracerProvider.builder().build())
+        .setPropagators(ContextPropagators.create(TextMapPropagator.composite(
+            textMapPropagator
+        )))
+        .build();
+    this.tracer = openTelemetrySdk
+        .getTracer("grpc-java-interop-test");
+    GrpcOpenTelemetry.Builder grpcOpentelemetryBuilder = GrpcOpenTelemetry.newBuilder()
+        .sdk(openTelemetrySdk);
+    InternalGrpcOpenTelemetry.enableTracing(grpcOpentelemetryBuilder, true);
+    grpcOpenTelemetry = grpcOpentelemetryBuilder.build();
+    this.censusClient = isCensusClient;
+  }
+
+  @Override
+  protected ServerBuilder<?> getServerBuilder() {
+    NettyServerBuilder builder = NettyServerBuilder.forPort(0, InsecureServerCredentials.create())
+        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE);
+    builder.intercept(new ServerInterceptor() {
+      @Override
+      public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> call,
+          Metadata headers, ServerCallHandler<ReqT, RespT> next) {
+        ServerCall.Listener<ReqT> listener = next.startCall(call, headers);
+        return new ForwardingServerCallListener<ReqT>() {
+          @Override
+          protected ServerCall.Listener<ReqT> delegate() {
+            return listener;
+          }
+
+          @Override
+          public void onMessage(ReqT request) {
+            applicationSpan.set(tracer.spanBuilder("InteropTest.Application.Span").startSpan());
+            delegate().onMessage(request);
+          }
+
+          @Override
+          public void onHalfClose() {
+            maybeCloseSpan(applicationSpan);
+            delegate().onHalfClose();
+          }
+
+          @Override
+          public void onCancel() {
+            maybeCloseSpan(applicationSpan);
+            delegate().onCancel();
+          }
+
+          @Override
+          public void onComplete() {
+            maybeCloseSpan(applicationSpan);
+            delegate().onComplete();
+          }
+        };
+      }
+    });
+    // To ensure proper propagation of remote spans from gRPC to your application, this interceptor
+    // must be after any application interceptors that interact with spans. This allows the tracing
+    // information to be correctly passed along. However, it's fine for application-level onMessage
+    // handlers to access the span.
+    grpcOpenTelemetry.configureServerBuilder(builder);
+    return builder;
+  }
+
+  private void maybeCloseSpan(AtomicReference<Span> applicationSpan) {
+    Span tmp = applicationSpan.get();
+    if (tmp != null) {
+      tmp.end();
+    }
+  }
+
+  @Override
+  protected boolean metricsExpected() {
+    return false;
+  }
+
+  @Override
+  protected ManagedChannelBuilder<?> createChannelBuilder() {
+    NettyChannelBuilder builder = NettyChannelBuilder.forAddress(getListenAddress())
+        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
+        .usePlaintext();
+    if (!censusClient) {
+      // Disabling census-tracing is necessary to avoid trace ID mismatches.
+      // This is because census-tracing overrides the grpc-trace-bin header with
+      // OpenTelemetry's GrpcTraceBinPropagator.
+      InternalNettyChannelBuilder.setTracingEnabled(builder, false);
+      grpcOpenTelemetry.configureChannelBuilder(builder);
+    }
+    return builder;
+  }
+
+  @Test
+  public void otelSpanContextPropagation() {
+    Assume.assumeFalse(censusClient);
+    Span parentSpan = tracer.spanBuilder("Test.interopTest").startSpan();
+    try (Scope scope = Context.current().with(parentSpan).makeCurrent()) {
+      blockingStub.unaryCall(SimpleRequest.getDefaultInstance());
+    }
+    assertEquals(parentSpan.getSpanContext().getTraceId(),
+        applicationSpan.get().getSpanContext().getTraceId());
+  }
+
+  @Test
+  @SuppressWarnings("deprecation")
+  public void censusToOtelGrpcTraceBinPropagator() {
+    Assume.assumeTrue(censusClient);
+    io.opencensus.trace.Tracer censusTracer = io.opencensus.trace.Tracing.getTracer();
+    io.opencensus.trace.Span parentSpan = censusTracer.spanBuilder("Test.interopTest")
+        .startSpan();
+    io.grpc.Context context =  io.opencensus.trace.unsafe.ContextUtils.withValue(
+        io.grpc.Context.current(), parentSpan);
+    io.grpc.Context previous = context.attach();
+    try {
+      blockingStub.unaryCall(SimpleRequest.getDefaultInstance());
+      assertEquals(parentSpan.getContext().getTraceId().toLowerBase16(),
+          applicationSpan.get().getSpanContext().getTraceId());
+    } finally {
+      context.detach(previous);
+    }
+  }
+}

From a908b5e40db86c533a9f3245d14c15fdecf30378 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 27 Sep 2024 07:17:11 -0700
Subject: [PATCH 022/591] android: For UDS, use fake IP instead of localhost

This avoids a DNS lookup, which can be slow and fail.

Fixes #11442
---
 .../src/main/java/io/grpc/android/UdsChannelBuilder.java   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/android/src/main/java/io/grpc/android/UdsChannelBuilder.java b/android/src/main/java/io/grpc/android/UdsChannelBuilder.java
index e2dc7232378..7d41301704c 100644
--- a/android/src/main/java/io/grpc/android/UdsChannelBuilder.java
+++ b/android/src/main/java/io/grpc/android/UdsChannelBuilder.java
@@ -68,12 +68,15 @@ public static ManagedChannelBuilder<?> forPath(String path, Namespace namespace)
       throw new UnsupportedOperationException("OkHttpChannelBuilder not found on the classpath");
     }
     try {
-      // Target 'dns:///localhost' is unused, but necessary as an argument for OkHttpChannelBuilder.
+      // Target 'dns:///127.0.0.1' is unused, but necessary as an argument for OkHttpChannelBuilder.
+      // An IP address is used instead of localhost to avoid a DNS lookup (see #11442). This should
+      // work even if IPv4 is unavailable, as the DNS resolver doesn't need working IPv4 to parse an
+      // IPv4 address. Unavailable IPv4 fails when we connect(), not at resolution time.
       // TLS is unsupported because Conscrypt assumes the platform Socket implementation to improve
       // performance by using the file descriptor directly.
       Object o = OKHTTP_CHANNEL_BUILDER_CLASS
           .getMethod("forTarget", String.class, ChannelCredentials.class)
-          .invoke(null, "dns:///localhost", InsecureChannelCredentials.create());
+          .invoke(null, "dns:///127.0.0.1", InsecureChannelCredentials.create());
       ManagedChannelBuilder<?> builder = OKHTTP_CHANNEL_BUILDER_CLASS.cast(o);
       OKHTTP_CHANNEL_BUILDER_CLASS
           .getMethod("socketFactory", SocketFactory.class)

From 8c3496943c9cd5fdb74e5b6ba964aa9a37b15acf Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sat, 27 Jul 2024 10:53:19 -0700
Subject: [PATCH 023/591] xds: Have ClusterManagerLB use child map for
 preserving children

Instead of doing a dance of supplementing config so the later
createChildAddressesMap() won't delete children, just look at the
existing children and don't delete any that shouldn't be deleted.
---
 .../io/grpc/util/MultiChildLoadBalancer.java  |  9 ++-
 .../grpc/xds/ClusterManagerLoadBalancer.java  | 76 +++++++------------
 2 files changed, 33 insertions(+), 52 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
index 626c2e1104e..b05f4d98c85 100644
--- a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
@@ -79,7 +79,8 @@ protected MultiChildLoadBalancer(Helper helper) {
 
   /**
    * Override to utilize parsing of the policy configuration or alternative helper/lb generation.
-   * Override this if keys are not Endpoints or if child policies have configuration.
+   * Override this if keys are not Endpoints or if child policies have configuration. Null map
+   * values preserve the child without delivering the child an update.
    */
   protected Map<Object, ResolvedAddresses> createChildAddressesMap(
       ResolvedAddresses resolvedAddresses) {
@@ -181,8 +182,10 @@ private void updateChildrenWithResolvedAddresses(
         childLbState = createChildLbState(entry.getKey());
         childLbStates.put(entry.getKey(), childLbState);
       }
-      childLbState.setResolvedAddresses(entry.getValue()); // update child
-      childLbState.lb.handleResolvedAddresses(entry.getValue()); // update child LB
+      if (entry.getValue() != null) {
+        childLbState.setResolvedAddresses(entry.getValue()); // update child
+        childLbState.lb.handleResolvedAddresses(entry.getValue()); // update child LB
+      }
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/ClusterManagerLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterManagerLoadBalancer.java
index c175b847c63..2573a7293d3 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterManagerLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterManagerLoadBalancer.java
@@ -77,57 +77,43 @@ protected ChildLbState createChildLbState(Object key) {
   @Override
   protected Map<Object, ResolvedAddresses> createChildAddressesMap(
       ResolvedAddresses resolvedAddresses) {
+    lastResolvedAddresses = resolvedAddresses;
+
     ClusterManagerConfig config = (ClusterManagerConfig)
         resolvedAddresses.getLoadBalancingPolicyConfig();
     Map<Object, ResolvedAddresses> childAddresses = new HashMap<>();
-    if (config != null) {
-      for (Map.Entry<String, Object> childPolicy : config.childPolicies.entrySet()) {
-        ResolvedAddresses addresses = resolvedAddresses.toBuilder()
-            .setLoadBalancingPolicyConfig(childPolicy.getValue())
-            .build();
-        childAddresses.put(childPolicy.getKey(), addresses);
+
+    // Reactivate children with config; deactivate children without config
+    for (ChildLbState rawState : getChildLbStates()) {
+      ClusterManagerLbState state = (ClusterManagerLbState) rawState;
+      if (config.childPolicies.containsKey(state.getKey())) {
+        // Active child
+        if (state.deletionTimer != null) {
+          state.reactivateChild();
+        }
+      } else {
+        // Inactive child
+        if (state.deletionTimer == null) {
+          state.deactivateChild();
+        }
+        if (state.deletionTimer.isPending()) {
+          childAddresses.put(state.getKey(), null); // Preserve child, without config update
+        }
       }
     }
+
+    for (Map.Entry<String, Object> childPolicy : config.childPolicies.entrySet()) {
+      ResolvedAddresses addresses = resolvedAddresses.toBuilder()
+          .setLoadBalancingPolicyConfig(childPolicy.getValue())
+          .build();
+      childAddresses.put(childPolicy.getKey(), addresses);
+    }
     logger.log(
         XdsLogLevel.INFO,
-        "Received cluster_manager lb config: child names={0}", childAddresses.keySet());
+        "Received cluster_manager lb config: child names={0}", config.childPolicies.keySet());
     return childAddresses;
   }
 
-  /**
-   * This is like the parent except that it doesn't shutdown the removed children since we want that
-   * to be done by the timer.
-   */
-  @Override
-  public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-    if (lastResolvedAddresses != null) {
-      // Handle deactivated children
-      ClusterManagerConfig config = (ClusterManagerConfig)
-          resolvedAddresses.getLoadBalancingPolicyConfig();
-      ClusterManagerConfig lastConfig = (ClusterManagerConfig)
-          lastResolvedAddresses.getLoadBalancingPolicyConfig();
-      Map<String, Object> adjChildPolicies = new HashMap<>(config.childPolicies);
-      for (Entry<String, Object> entry : lastConfig.childPolicies.entrySet()) {
-        ClusterManagerLbState state = (ClusterManagerLbState) getChildLbState(entry.getKey());
-        if (adjChildPolicies.containsKey(entry.getKey())) {
-          if (state.deletionTimer != null) {
-            state.reactivateChild();
-          }
-        } else if (state != null) {
-          adjChildPolicies.put(entry.getKey(), entry.getValue());
-          if (state.deletionTimer == null) {
-            state.deactivateChild();
-          }
-        }
-      }
-      config = new ClusterManagerConfig(adjChildPolicies);
-      resolvedAddresses =
-          resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(config).build();
-    }
-    lastResolvedAddresses = resolvedAddresses;
-    return super.acceptResolvedAddresses(resolvedAddresses);
-  }
-
   /**
    * Using the state of all children will calculate the current connectivity state,
    * update currentConnectivityState, generate a picker and then call
@@ -232,14 +218,6 @@ class DeletionTask implements Runnable {
 
         @Override
         public void run() {
-          ClusterManagerConfig config = (ClusterManagerConfig)
-              lastResolvedAddresses.getLoadBalancingPolicyConfig();
-          Map<String, Object> childPolicies = new HashMap<>(config.childPolicies);
-          Object removed = childPolicies.remove(getKey());
-          assert removed != null;
-          config = new ClusterManagerConfig(childPolicies);
-          lastResolvedAddresses =
-              lastResolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(config).build();
           acceptResolvedAddresses(lastResolvedAddresses);
         }
       }

From 795e2cc3ff25666b5c7d8beed985dbd55fc40804 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sat, 31 Aug 2024 17:53:01 -0700
Subject: [PATCH 024/591] util: Simplify MultiChildLB.getChildLbState()

Tests were converted to use getChildLbStateEag() if the argument was an
EAG, so the instanceof was no longer necessary.
---
 util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java | 6 ------
 .../test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java | 2 +-
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
index b05f4d98c85..330ec9d5357 100644
--- a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
@@ -241,12 +241,6 @@ public final Collection<ChildLbState> getChildLbStates() {
 
   @VisibleForTesting
   public final ChildLbState getChildLbState(Object key) {
-    if (key == null) {
-      return null;
-    }
-    if (key instanceof EquivalentAddressGroup) {
-      key = new Endpoint((EquivalentAddressGroup) key);
-    }
     return childLbStates.get(key);
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
index 659bacd3626..64e18465597 100644
--- a/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
@@ -252,7 +252,7 @@ private List<Subchannel> getSubchannels(LeastRequestLoadBalancer lb) {
 
   private LeastRequestLbState getChildLbState(PickResult pickResult) {
     EquivalentAddressGroup eag = pickResult.getSubchannel().getAddresses();
-    return (LeastRequestLbState) loadBalancer.getChildLbState(eag);
+    return (LeastRequestLbState) loadBalancer.getChildLbStateEag(eag);
   }
 
   @Test

From a140e1bb0cfa662bcdb7823d73320eb8d49046f1 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Mon, 30 Sep 2024 09:49:09 -0700
Subject: [PATCH 025/591] s2a: Combine MtlsToS2ChannelCredentials and
 S2AChannelCredentials. (#11544)

* Combine MtlsToS2ChannelCredentials and S2AChannelCredentials.

* Check if file exists.

* S2AChannelCredentials API requires credentials used for client-s2a channel.

* remove MtlsToS2A library in BUILD.

* Don't check state twice.

* Don't check for file existence in tests.
---
 s2a/BUILD.bazel                               |  13 --
 .../grpc/s2a/MtlsToS2AChannelCredentials.java |  89 ------------
 .../io/grpc/s2a/S2AChannelCredentials.java    |  25 ++--
 .../s2a/MtlsToS2AChannelCredentialsTest.java  | 135 ------------------
 .../grpc/s2a/S2AChannelCredentialsTest.java   |  68 ++++++---
 .../grpc/s2a/handshaker/IntegrationTest.java  |  35 +++--
 6 files changed, 79 insertions(+), 286 deletions(-)
 delete mode 100644 s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
 delete mode 100644 s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java

diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
index 5aeaedbe358..25ce2624f57 100644
--- a/s2a/BUILD.bazel
+++ b/s2a/BUILD.bazel
@@ -117,19 +117,6 @@ java_library(
     ],
 )
 
-java_library(
-    name = "mtls_to_s2av2_credentials",
-    srcs = ["src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java"],
-    visibility = ["//visibility:public"],
-    deps = [
-        ":s2a_channel_pool",
-        ":s2av2_credentials",
-        "//api",
-        "//util",
-        artifact("com.google.guava:guava"),
-    ],
-)
-
 # bazel only accepts proto import with absolute path.
 genrule(
     name = "protobuf_imports",
diff --git a/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
deleted file mode 100644
index e8eb01628ed..00000000000
--- a/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright 2024 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.s2a;
-
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkState;
-import static com.google.common.base.Strings.isNullOrEmpty;
-
-import io.grpc.ChannelCredentials;
-import io.grpc.ExperimentalApi;
-import io.grpc.TlsChannelCredentials;
-import java.io.File;
-import java.io.IOException;
-
-/**
- * Configures an {@code S2AChannelCredentials.Builder} instance with credentials used to establish a
- * connection with the S2A to support talking to the S2A over mTLS.
- */
-@ExperimentalApi("https://github.com/grpc/grpc-java/issues/11533")
-public final class MtlsToS2AChannelCredentials {
-  /**
-   * Creates a {@code S2AChannelCredentials.Builder} builder, that talks to the S2A over mTLS.
-   *
-   * @param s2aAddress the address of the S2A server used to secure the connection.
-   * @param privateKeyPath the path to the private key PEM to use for authenticating to the S2A.
-   * @param certChainPath the path to the cert chain PEM to use for authenticating to the S2A.
-   * @param trustBundlePath the path to the trust bundle PEM.
-   * @return a {@code MtlsToS2AChannelCredentials.Builder} instance.
-   */
-  public static Builder newBuilder(
-      String s2aAddress, String privateKeyPath, String certChainPath, String trustBundlePath) {
-    checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
-    checkArgument(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty.");
-    checkArgument(!isNullOrEmpty(certChainPath), "certChainPath must not be null or empty.");
-    checkArgument(!isNullOrEmpty(trustBundlePath), "trustBundlePath must not be null or empty.");
-    return new Builder(s2aAddress, privateKeyPath, certChainPath, trustBundlePath);
-  }
-
-  /** Builds an {@code MtlsToS2AChannelCredentials} instance. */
-  public static final class Builder {
-    private final String s2aAddress;
-    private final String privateKeyPath;
-    private final String certChainPath;
-    private final String trustBundlePath;
-
-    Builder(
-        String s2aAddress, String privateKeyPath, String certChainPath, String trustBundlePath) {
-      this.s2aAddress = s2aAddress;
-      this.privateKeyPath = privateKeyPath;
-      this.certChainPath = certChainPath;
-      this.trustBundlePath = trustBundlePath;
-    }
-
-    public S2AChannelCredentials.Builder build() throws IOException {
-      checkState(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
-      checkState(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty.");
-      checkState(!isNullOrEmpty(certChainPath), "certChainPath must not be null or empty.");
-      checkState(!isNullOrEmpty(trustBundlePath), "trustBundlePath must not be null or empty.");
-      File privateKeyFile = new File(privateKeyPath);
-      File certChainFile = new File(certChainPath);
-      File trustBundleFile = new File(trustBundlePath);
-
-      ChannelCredentials channelToS2ACredentials =
-          TlsChannelCredentials.newBuilder()
-              .keyManager(certChainFile, privateKeyFile)
-              .trustManager(trustBundleFile)
-              .build();
-
-      return S2AChannelCredentials.newBuilder(s2aAddress)
-          .setS2AChannelCredentials(channelToS2ACredentials);
-    }
-  }
-
-  private MtlsToS2AChannelCredentials() {}
-}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
index ba0f6d72de1..12963a1395c 100644
--- a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
+++ b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
@@ -18,14 +18,12 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.base.Strings.isNullOrEmpty;
 
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
 import io.grpc.ExperimentalApi;
-import io.grpc.InsecureChannelCredentials;
 import io.grpc.internal.ObjectPool;
 import io.grpc.internal.SharedResourcePool;
 import io.grpc.netty.InternalNettyChannelCredentials;
@@ -33,6 +31,7 @@
 import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.handshaker.S2AIdentity;
 import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory;
+import java.io.IOException;
 import javax.annotation.concurrent.NotThreadSafe;
 import org.checkerframework.checker.nullness.qual.Nullable;
 
@@ -46,25 +45,27 @@ public final class S2AChannelCredentials {
    * Creates a channel credentials builder for establishing an S2A-secured connection.
    *
    * @param s2aAddress the address of the S2A server used to secure the connection.
+   * @param s2aChannelCredentials the credentials to be used when connecting to the S2A.
    * @return a {@code S2AChannelCredentials.Builder} instance.
    */
-  public static Builder newBuilder(String s2aAddress) {
+  public static Builder newBuilder(String s2aAddress, ChannelCredentials s2aChannelCredentials) {
     checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
-    return new Builder(s2aAddress);
+    checkNotNull(s2aChannelCredentials, "S2A channel credentials must not be null");
+    return new Builder(s2aAddress, s2aChannelCredentials);
   }
 
   /** Builds an {@code S2AChannelCredentials} instance. */
   @NotThreadSafe
   public static final class Builder {
     private final String s2aAddress;
+    private final ChannelCredentials s2aChannelCredentials;
     private ObjectPool<Channel> s2aChannelPool;
-    private ChannelCredentials s2aChannelCredentials;
     private @Nullable S2AIdentity localIdentity = null;
 
-    Builder(String s2aAddress) {
+    Builder(String s2aAddress, ChannelCredentials s2aChannelCredentials) {
       this.s2aAddress = s2aAddress;
+      this.s2aChannelCredentials = s2aChannelCredentials;
       this.s2aChannelPool = null;
-      this.s2aChannelCredentials = InsecureChannelCredentials.create();
     }
 
     /**
@@ -106,15 +107,7 @@ public Builder setLocalUid(String localUid) {
       return this;
     }
 
-    /** Sets the credentials to be used when connecting to the S2A. */
-    @CanIgnoreReturnValue
-    public Builder setS2AChannelCredentials(ChannelCredentials s2aChannelCredentials) {
-      this.s2aChannelCredentials = s2aChannelCredentials;
-      return this;
-    }
-
-    public ChannelCredentials build() {
-      checkState(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
+    public ChannelCredentials build() throws IOException {
       ObjectPool<Channel> s2aChannelPool =
           SharedResourcePool.forResource(
               S2AHandshakerServiceChannel.getChannelResource(s2aAddress, s2aChannelCredentials));
diff --git a/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java
deleted file mode 100644
index 0fc4ecb3268..00000000000
--- a/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright 2024 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.s2a;
-
-import static com.google.common.truth.Truth.assertThat;
-import static org.junit.Assert.assertThrows;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
-
-@RunWith(JUnit4.class)
-public final class MtlsToS2AChannelCredentialsTest {
-  @Test
-  public void newBuilder_nullAddress_throwsException() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ null,
-                /* privateKeyPath= */ "src/test/resources/client_key.pem",
-                /* certChainPath= */ "src/test/resources/client_cert.pem",
-                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
-  }
-
-  @Test
-  public void newBuilder_nullPrivateKeyPath_throwsException() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ "s2a_address",
-                /* privateKeyPath= */ null,
-                /* certChainPath= */ "src/test/resources/client_cert.pem",
-                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
-  }
-
-  @Test
-  public void newBuilder_nullCertChainPath_throwsException() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ "s2a_address",
-                /* privateKeyPath= */ "src/test/resources/client_key.pem",
-                /* certChainPath= */ null,
-                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
-  }
-
-  @Test
-  public void newBuilder_nullTrustBundlePath_throwsException() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ "s2a_address",
-                /* privateKeyPath= */ "src/test/resources/client_key.pem",
-                /* certChainPath= */ "src/test/resources/client_cert.pem",
-                /* trustBundlePath= */ null));
-  }
-
-  @Test
-  public void newBuilder_emptyAddress_throwsException() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ "",
-                /* privateKeyPath= */ "src/test/resources/client_key.pem",
-                /* certChainPath= */ "src/test/resources/client_cert.pem",
-                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
-  }
-
-  @Test
-  public void newBuilder_emptyPrivateKeyPath_throwsException() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ "s2a_address",
-                /* privateKeyPath= */ "",
-                /* certChainPath= */ "src/test/resources/client_cert.pem",
-                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
-  }
-
-  @Test
-  public void newBuilder_emptyCertChainPath_throwsException() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ "s2a_address",
-                /* privateKeyPath= */ "src/test/resources/client_key.pem",
-                /* certChainPath= */ "",
-                /* trustBundlePath= */ "src/test/resources/root_cert.pem"));
-  }
-
-  @Test
-  public void newBuilder_emptyTrustBundlePath_throwsException() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class,
-        () ->
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ "s2a_address",
-                /* privateKeyPath= */ "src/test/resources/client_key.pem",
-                /* certChainPath= */ "src/test/resources/client_cert.pem",
-                /* trustBundlePath= */ ""));
-  }
-
-  @Test
-  public void build_s2AChannelCredentials_success() throws Exception {
-    assertThat(
-            MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ "s2a_address",
-                /* privateKeyPath= */ "src/test/resources/client_key.pem",
-                /* certChainPath= */ "src/test/resources/client_cert.pem",
-                /* trustBundlePath= */ "src/test/resources/root_cert.pem")
-                .build())
-        .isInstanceOf(S2AChannelCredentials.Builder.class);
-  }
-}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
index e766aa3f145..fd5bfd654f3 100644
--- a/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
@@ -20,6 +20,7 @@
 import static org.junit.Assert.assertThrows;
 
 import io.grpc.ChannelCredentials;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.TlsChannelCredentials;
 import java.io.File;
 import org.junit.Test;
@@ -30,40 +31,51 @@
 @RunWith(JUnit4.class)
 public final class S2AChannelCredentialsTest {
   @Test
-  public void newBuilder_nullArgument_throwsException() throws Exception {
-    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.newBuilder(null));
+  public void newBuilder_nullAddress_throwsException() throws Exception {
+    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.newBuilder(null,
+        InsecureChannelCredentials.create()));
   }
 
   @Test
   public void newBuilder_emptyAddress_throwsException() throws Exception {
-    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.newBuilder(""));
+    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.newBuilder("",
+        InsecureChannelCredentials.create()));
+  }
+
+  @Test
+  public void newBuilder_nullChannelCreds_throwsException() throws Exception {
+    assertThrows(NullPointerException.class, () -> S2AChannelCredentials
+        .newBuilder("s2a_address", null));
   }
 
   @Test
   public void setLocalSpiffeId_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalSpiffeId(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address",
+            InsecureChannelCredentials.create()).setLocalSpiffeId(null));
   }
 
   @Test
   public void setLocalHostname_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalHostname(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address",
+            InsecureChannelCredentials.create()).setLocalHostname(null));
   }
 
   @Test
   public void setLocalUid_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalUid(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address",
+            InsecureChannelCredentials.create()).setLocalUid(null));
   }
 
   @Test
   public void build_withLocalSpiffeId_succeeds() throws Exception {
     assertThat(
-            S2AChannelCredentials.newBuilder("s2a_address")
+            S2AChannelCredentials.newBuilder("s2a_address", InsecureChannelCredentials.create())
                 .setLocalSpiffeId("spiffe://test")
                 .build())
         .isNotNull();
@@ -72,7 +84,7 @@ public void build_withLocalSpiffeId_succeeds() throws Exception {
   @Test
   public void build_withLocalHostname_succeeds() throws Exception {
     assertThat(
-            S2AChannelCredentials.newBuilder("s2a_address")
+            S2AChannelCredentials.newBuilder("s2a_address", InsecureChannelCredentials.create())
                 .setLocalHostname("local_hostname")
                 .build())
         .isNotNull();
@@ -80,33 +92,47 @@ public void build_withLocalHostname_succeeds() throws Exception {
 
   @Test
   public void build_withLocalUid_succeeds() throws Exception {
-    assertThat(S2AChannelCredentials.newBuilder("s2a_address").setLocalUid("local_uid").build())
+    assertThat(S2AChannelCredentials.newBuilder("s2a_address",
+        InsecureChannelCredentials.create()).setLocalUid("local_uid").build())
         .isNotNull();
   }
 
   @Test
   public void build_withNoLocalIdentity_succeeds() throws Exception {
-    assertThat(S2AChannelCredentials.newBuilder("s2a_address").build())
+    assertThat(S2AChannelCredentials.newBuilder("s2a_address",
+        InsecureChannelCredentials.create()).build())
         .isNotNull();
   }
-  
+
   @Test
-  public void build_withTlsChannelCredentials_succeeds() throws Exception {
+  public void build_withUseMtlsToS2ANoLocalIdentity_success() throws Exception {
+    ChannelCredentials s2aChannelCredentials = getTlsChannelCredentials();
     assertThat(
-            S2AChannelCredentials.newBuilder("s2a_address")
-                .setLocalSpiffeId("spiffe://test")
-                .setS2AChannelCredentials(getTlsChannelCredentials())
+            S2AChannelCredentials.newBuilder("s2a_address", s2aChannelCredentials)
+                .build())
+        .isNotNull();
+  }
+
+  @Test
+  public void build_withUseMtlsToS2AWithLocalUid_success() throws Exception {
+    ChannelCredentials s2aChannelCredentials = getTlsChannelCredentials();
+    assertThat(
+            S2AChannelCredentials.newBuilder("s2a_address", s2aChannelCredentials)
+                .setLocalUid("local_uid")
                 .build())
         .isNotNull();
   }
 
   private static ChannelCredentials getTlsChannelCredentials() throws Exception {
-    File clientCert = new File("src/test/resources/client_cert.pem");
-    File clientKey = new File("src/test/resources/client_key.pem");
-    File rootCert = new File("src/test/resources/root_cert.pem");
+    String privateKeyPath = "src/test/resources/client_key.pem";
+    String certChainPath = "src/test/resources/client_cert.pem";
+    String trustBundlePath = "src/test/resources/root_cert.pem";
+    File privateKeyFile = new File(privateKeyPath);
+    File certChainFile = new File(certChainPath);
+    File trustBundleFile = new File(trustBundlePath);
     return TlsChannelCredentials.newBuilder()
-        .keyManager(clientCert, clientKey)
-        .trustManager(rootCert)
-        .build();
+      .keyManager(certChainFile, privateKeyFile)
+      .trustManager(trustBundleFile)
+      .build();
   }
 }
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
index 2a2b1f246ec..0fb9b12cf95 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
@@ -21,15 +21,16 @@
 
 import io.grpc.ChannelCredentials;
 import io.grpc.Grpc;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.ManagedChannel;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.ServerCredentials;
+import io.grpc.TlsChannelCredentials;
 import io.grpc.TlsServerCredentials;
 import io.grpc.benchmarks.Utils;
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.netty.NettyServerBuilder;
-import io.grpc.s2a.MtlsToS2AChannelCredentials;
 import io.grpc.s2a.S2AChannelCredentials;
 import io.grpc.s2a.handshaker.FakeS2AServer;
 import io.grpc.stub.StreamObserver;
@@ -124,7 +125,8 @@ public void tearDown() throws Exception {
   @Test
   public void clientCommunicateUsingS2ACredentials_succeeds() throws Exception {
     ChannelCredentials credentials =
-        S2AChannelCredentials.newBuilder(s2aAddress).setLocalSpiffeId("test-spiffe-id").build();
+        S2AChannelCredentials.newBuilder(s2aAddress, InsecureChannelCredentials.create())
+            .setLocalSpiffeId("test-spiffe-id").build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     assertThat(doUnaryRpc(channel)).isTrue();
@@ -132,7 +134,8 @@ public void clientCommunicateUsingS2ACredentials_succeeds() throws Exception {
 
   @Test
   public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throws Exception {
-    ChannelCredentials credentials = S2AChannelCredentials.newBuilder(s2aAddress).build();
+    ChannelCredentials credentials = S2AChannelCredentials.newBuilder(s2aAddress,
+        InsecureChannelCredentials.create()).build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     assertThat(doUnaryRpc(channel)).isTrue();
@@ -140,15 +143,22 @@ public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throw
 
   @Test
   public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Exception {
+    String privateKeyPath = "src/test/resources/client_key.pem";
+    String certChainPath = "src/test/resources/client_cert.pem";
+    String trustBundlePath = "src/test/resources/root_cert.pem";
+    File privateKeyFile = new File(privateKeyPath);
+    File certChainFile = new File(certChainPath);
+    File trustBundleFile = new File(trustBundlePath);
+    ChannelCredentials s2aChannelCredentials =
+        TlsChannelCredentials.newBuilder()
+          .keyManager(certChainFile, privateKeyFile)
+          .trustManager(trustBundleFile)
+          .build();
+
     ChannelCredentials credentials =
-        MtlsToS2AChannelCredentials.newBuilder(
-                /* s2aAddress= */ mtlsS2AAddress,
-                /* privateKeyPath= */ "src/test/resources/client_key.pem",
-                /* certChainPath= */ "src/test/resources/client_cert.pem",
-                /* trustBundlePath= */ "src/test/resources/root_cert.pem")
-            .build()
-            .setLocalSpiffeId("test-spiffe-id")
-            .build();
+        S2AChannelCredentials.newBuilder(mtlsS2AAddress, s2aChannelCredentials)
+          .setLocalSpiffeId("test-spiffe-id")
+          .build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     assertThat(doUnaryRpc(channel)).isTrue();
@@ -156,7 +166,8 @@ public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Excepti
 
   @Test
   public void clientCommunicateUsingS2ACredentials_s2AdelayStart_succeeds() throws Exception {
-    ChannelCredentials credentials = S2AChannelCredentials.newBuilder(s2aDelayAddress).build();
+    ChannelCredentials credentials = S2AChannelCredentials.newBuilder(s2aDelayAddress,
+        InsecureChannelCredentials.create()).build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     FutureTask<Boolean> rpc = new FutureTask<>(() -> doUnaryRpc(channel));

From 7b4b10930993df70916c6983c56c70a0e71a266f Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Mon, 30 Sep 2024 12:55:42 -0700
Subject: [PATCH 026/591] s2a: remove channelPool from S2AChannelCredentials
 builder. (#11573)

---
 .../java/io/grpc/s2a/S2AChannelCredentials.java    | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
index 12963a1395c..7beecdb3621 100644
--- a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
+++ b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
@@ -31,7 +31,6 @@
 import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.handshaker.S2AIdentity;
 import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory;
-import java.io.IOException;
 import javax.annotation.concurrent.NotThreadSafe;
 import org.checkerframework.checker.nullness.qual.Nullable;
 
@@ -59,13 +58,11 @@ public static Builder newBuilder(String s2aAddress, ChannelCredentials s2aChanne
   public static final class Builder {
     private final String s2aAddress;
     private final ChannelCredentials s2aChannelCredentials;
-    private ObjectPool<Channel> s2aChannelPool;
     private @Nullable S2AIdentity localIdentity = null;
 
     Builder(String s2aAddress, ChannelCredentials s2aChannelCredentials) {
       this.s2aAddress = s2aAddress;
       this.s2aChannelCredentials = s2aChannelCredentials;
-      this.s2aChannelPool = null;
     }
 
     /**
@@ -107,16 +104,15 @@ public Builder setLocalUid(String localUid) {
       return this;
     }
 
-    public ChannelCredentials build() throws IOException {
-      ObjectPool<Channel> s2aChannelPool =
-          SharedResourcePool.forResource(
-              S2AHandshakerServiceChannel.getChannelResource(s2aAddress, s2aChannelCredentials));
-      checkNotNull(s2aChannelPool, "s2aChannelPool");
-      this.s2aChannelPool = s2aChannelPool;
+    public ChannelCredentials build() {
       return InternalNettyChannelCredentials.create(buildProtocolNegotiatorFactory());
     }
 
     InternalProtocolNegotiator.ClientFactory buildProtocolNegotiatorFactory() {
+      ObjectPool<Channel> s2aChannelPool =
+          SharedResourcePool.forResource(
+              S2AHandshakerServiceChannel.getChannelResource(s2aAddress, s2aChannelCredentials));
+      checkNotNull(s2aChannelPool, "s2aChannelPool");
       return S2AProtocolNegotiatorFactory.createClientFactory(localIdentity, s2aChannelPool);
     }
   }

From 50e442fea6bbb84dfb61c8606d05734c4b0866a7 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Mon, 30 Sep 2024 15:05:14 -0700
Subject: [PATCH 027/591] s2a: Include full exception in IOException

---
 s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
index bf9b866ef93..ea4fb033a13 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
+++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
@@ -102,8 +102,7 @@ public SessionResp send(SessionReq req) throws IOException, InterruptedException
       if (exception != null) {
         throw new IOException(
             "Received an unexpected response from a host at the S2A's address. The S2A might be"
-                + " unavailable."
-                + exception.getMessage());
+                + " unavailable.", exception);
       } else {
         throw new IOException("Received an unexpected response from a host at the S2A's address.");
       }

From fa26a8bc5e8f5f465e1d55de922be1b6b936f47f Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 1 Oct 2024 11:21:08 +0530
Subject: [PATCH 028/591] Make address resolution error use the default service
 config (#11577)

Fixes #11040.
---
 .../io/grpc/internal/ManagedChannelImpl.java  | 10 +++-
 .../grpc/internal/ManagedChannelImplTest.java | 53 ++++++++++++++++++-
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 07dcf9ee7bb..7e36086ac94 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -956,7 +956,15 @@ void updateConfigSelector(@Nullable InternalConfigSelector config) {
     // Must run in SynchronizationContext.
     void onConfigError() {
       if (configSelector.get() == INITIAL_PENDING_SELECTOR) {
-        updateConfigSelector(null);
+        // Apply Default Service Config if initial name resolution fails.
+        if (defaultServiceConfig != null) {
+          updateConfigSelector(defaultServiceConfig.getDefaultConfigSelector());
+          lastServiceConfig = defaultServiceConfig;
+          channelLogger.log(ChannelLogLevel.ERROR,
+              "Initial Name Resolution error, using default service config");
+        } else {
+          updateConfigSelector(null);
+        }
       }
     }
 
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 4d42056b689..bea14bcef47 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -84,6 +84,7 @@
 import io.grpc.InternalChannelz;
 import io.grpc.InternalChannelz.ChannelStats;
 import io.grpc.InternalChannelz.ChannelTrace;
+import io.grpc.InternalChannelz.ChannelTrace.Event.Severity;
 import io.grpc.InternalConfigSelector;
 import io.grpc.InternalInstrumented;
 import io.grpc.LoadBalancer;
@@ -123,6 +124,7 @@
 import io.grpc.internal.ManagedChannelImplBuilder.ClientTransportFactoryBuilder;
 import io.grpc.internal.ManagedChannelImplBuilder.FixedPortProvider;
 import io.grpc.internal.ManagedChannelImplBuilder.UnsupportedClientTransportFactoryBuilder;
+import io.grpc.internal.ManagedChannelServiceConfig.MethodInfo;
 import io.grpc.internal.ServiceConfigUtil.PolicySelection;
 import io.grpc.internal.TestUtils.MockClientTransportInfo;
 import io.grpc.stub.ClientCalls;
@@ -1127,6 +1129,55 @@ public void noMoreCallbackAfterLoadBalancerShutdown_configError() throws Interru
     verifyNoMoreInteractions(mockLoadBalancer);
   }
 
+  @Test
+  public void addressResolutionError_noPriorNameResolution_usesDefaultServiceConfig()
+      throws Exception {
+    Map<String, Object> rawServiceConfig =
+        parseConfig("{\"methodConfig\":[{"
+            + "\"name\":[{\"service\":\"service\"}],"
+            + "\"waitForReady\":true}]}");
+    ManagedChannelServiceConfig managedChannelServiceConfig =
+        createManagedChannelServiceConfig(rawServiceConfig, null);
+    FakeNameResolverFactory nameResolverFactory =
+        new FakeNameResolverFactory.Builder(expectedUri)
+            .setServers(Collections.singletonList(new EquivalentAddressGroup(socketAddress)))
+            .setResolvedAtStart(false)
+            .build();
+    nameResolverFactory.nextConfigOrError.set(
+        ConfigOrError.fromConfig(managedChannelServiceConfig));
+    channelBuilder.nameResolverFactory(nameResolverFactory);
+    Map<String, Object> defaultServiceConfig =
+        parseConfig("{\"methodConfig\":[{"
+            + "\"name\":[{\"service\":\"service\"}],"
+            + "\"waitForReady\":true}]}");
+    channelBuilder.defaultServiceConfig(defaultServiceConfig);
+    Status resolutionError = Status.UNAVAILABLE.withDescription("Resolution failed");
+    channelBuilder.maxTraceEvents(10);
+    createChannel();
+    FakeNameResolverFactory.FakeNameResolver resolver = nameResolverFactory.resolvers.get(0);
+
+    resolver.listener.onError(resolutionError);
+
+    InternalConfigSelector configSelector = channel.getConfigSelector();
+    ManagedChannelServiceConfig config =
+        (ManagedChannelServiceConfig) configSelector.selectConfig(null).getConfig();
+    MethodInfo methodConfig = config.getMethodConfig(method);
+    assertThat(methodConfig.waitForReady).isTrue();
+    timer.forwardNanos(1234);
+    assertThat(getStats(channel).channelTrace.events).contains(new ChannelTrace.Event.Builder()
+        .setDescription("Initial Name Resolution error, using default service config")
+        .setSeverity(Severity.CT_ERROR)
+        .setTimestampNanos(0)
+        .build());
+
+    // Check that "lastServiceConfig" variable has been set above: a config resolution with the same
+    // config simply gets ignored and not gets reassigned.
+    resolver.resolved();
+    timer.forwardNanos(1234);
+    assertThat(getStats(channel).channelTrace.events.stream().filter(
+        event -> event.description.equals("Service config changed")).count()).isEqualTo(0);
+  }
+
   @Test
   public void interceptor() throws Exception {
     final AtomicLong atomic = new AtomicLong();
@@ -4595,7 +4646,7 @@ public void notUseDefaultImmediatelyIfEnableLookUp() throws Exception {
     int size = getStats(channel).channelTrace.events.size();
     assertThat(getStats(channel).channelTrace.events.get(size - 1))
         .isNotEqualTo(new ChannelTrace.Event.Builder()
-            .setDescription("Using default service config")
+            .setDescription("timer.forwardNanos(1234);")
             .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
             .setTimestampNanos(timer.getTicker().read())
             .build());

From f9ff5268857410a1e49ec4e603fcd529caf4e628 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 1 Oct 2024 20:39:24 +0530
Subject: [PATCH 029/591] Update README etc to reference 1.67.1

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index cb38ad66394..f56aebfb3ac 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.66.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.66.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.67.1/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.67.1/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.66.0</version>
+  <version>1.67.1</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.66.0</version>
+  <version>1.67.1</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.66.0</version>
+  <version>1.67.1</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.66.0'
-implementation 'io.grpc:grpc-protobuf:1.66.0'
-implementation 'io.grpc:grpc-stub:1.66.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.67.1'
+implementation 'io.grpc:grpc-protobuf:1.67.1'
+implementation 'io.grpc:grpc-stub:1.67.1'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.66.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.66.0'
-implementation 'io.grpc:grpc-stub:1.66.0'
+implementation 'io.grpc:grpc-okhttp:1.67.1'
+implementation 'io.grpc:grpc-protobuf-lite:1.67.1'
+implementation 'io.grpc:grpc-stub:1.67.1'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.66.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.67.1
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://oss.sonatype.org/content/repositories/snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.3:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.66.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.67.1:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.66.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.67.1'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.66.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.67.1'
     }
   }
   generateProtoTasks {

From 927d21541dbc34be245f09c8180358a94ae5c031 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Tue, 1 Oct 2024 08:24:18 -0700
Subject: [PATCH 030/591] s2a: Move s2a implementation to internal package

---
 s2a/BUILD.bazel                               | 28 +++++++-------
 .../handshaker/S2AServiceGrpc.java            | 38 +++++++++----------
 .../io/grpc/s2a/S2AChannelCredentials.java    |  6 +--
 .../channel/S2AChannelPool.java               |  2 +-
 .../channel/S2AGrpcChannelPool.java           |  2 +-
 .../channel/S2AHandshakerServiceChannel.java  |  2 +-
 .../handshaker/ConnectionClosedException.java |  2 +-
 .../GetAuthenticationMechanisms.java          |  6 +--
 .../{ => internal}/handshaker/ProtoUtil.java  |  2 +-
 .../handshaker/S2AConnectionException.java    |  2 +-
 .../handshaker/S2AIdentity.java               |  2 +-
 .../handshaker/S2APrivateKeyMethod.java       |  4 +-
 .../S2AProtocolNegotiatorFactory.java         |  8 ++--
 .../{ => internal}/handshaker/S2AStub.java    |  2 +-
 .../handshaker/S2ATrustManager.java           |  6 +--
 .../handshaker/SslContextFactory.java         |  4 +-
 .../tokenmanager/AccessTokenManager.java      |  6 +--
 .../tokenmanager/SingleTokenFetcher.java      |  4 +-
 .../handshaker/tokenmanager/TokenFetcher.java |  4 +-
 s2a/src/main/proto/grpc/gcp/s2a/common.proto  |  2 +-
 s2a/src/main/proto/grpc/gcp/s2a/s2a.proto     |  2 +-
 .../main/proto/grpc/gcp/s2a/s2a_context.proto |  2 +-
 .../channel/S2AGrpcChannelPoolTest.java       |  2 +-
 .../S2AHandshakerServiceChannelTest.java      |  4 +-
 .../handshaker/FakeS2AServer.java             |  2 +-
 .../handshaker/FakeS2AServerTest.java         |  4 +-
 .../{ => internal}/handshaker/FakeWriter.java |  6 +--
 .../GetAuthenticationMechanismsTest.java      |  6 +--
 .../handshaker/IntegrationTest.java           |  4 +-
 .../handshaker/ProtoUtilTest.java             |  2 +-
 .../handshaker/S2APrivateKeyMethodTest.java   |  4 +-
 .../S2AProtocolNegotiatorFactoryTest.java     | 12 +++---
 .../handshaker/S2AStubTest.java               |  8 ++--
 .../handshaker/S2ATrustManagerTest.java       |  4 +-
 .../handshaker/SslContextFactoryTest.java     |  4 +-
 .../SingleTokenAccessTokenManagerTest.java    |  4 +-
 36 files changed, 101 insertions(+), 101 deletions(-)
 rename s2a/src/generated/main/grpc/io/grpc/s2a/{ => internal}/handshaker/S2AServiceGrpc.java (84%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/channel/S2AChannelPool.java (97%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/channel/S2AGrpcChannelPool.java (98%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/channel/S2AHandshakerServiceChannel.java (99%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/ConnectionClosedException.java (95%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/GetAuthenticationMechanisms.java (92%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/ProtoUtil.java (98%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/S2AConnectionException.java (95%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/S2AIdentity.java (98%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/S2APrivateKeyMethod.java (98%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/S2AProtocolNegotiatorFactory.java (97%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/S2AStub.java (99%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/S2ATrustManager.java (97%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/SslContextFactory.java (98%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/tokenmanager/AccessTokenManager.java (90%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/tokenmanager/SingleTokenFetcher.java (94%)
 rename s2a/src/main/java/io/grpc/s2a/{ => internal}/handshaker/tokenmanager/TokenFetcher.java (89%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/channel/S2AGrpcChannelPoolTest.java (99%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/channel/S2AHandshakerServiceChannelTest.java (99%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/FakeS2AServer.java (97%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/FakeS2AServerTest.java (98%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/FakeWriter.java (98%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/GetAuthenticationMechanismsTest.java (92%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/IntegrationTest.java (98%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/ProtoUtilTest.java (98%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/S2APrivateKeyMethodTest.java (99%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/S2AProtocolNegotiatorFactoryTest.java (96%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/S2AStubTest.java (97%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/S2ATrustManagerTest.java (99%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/SslContextFactoryTest.java (98%)
 rename s2a/src/test/java/io/grpc/s2a/{ => internal}/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java (95%)

diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
index 25ce2624f57..676215e1e1e 100644
--- a/s2a/BUILD.bazel
+++ b/s2a/BUILD.bazel
@@ -5,7 +5,7 @@ load("@rules_jvm_external//:defs.bzl", "artifact")
 java_library(
     name = "s2a_channel_pool",
     srcs = glob([
-        "src/main/java/io/grpc/s2a/channel/*.java",
+        "src/main/java/io/grpc/s2a/internal/channel/*.java",
     ]),
     deps = [
         "//api",
@@ -23,7 +23,7 @@ java_library(
 
 java_library(
     name = "s2a_identity",
-    srcs = ["src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java"],
+    srcs = ["src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java"],
     deps = [
         ":common_java_proto",
         artifact("com.google.errorprone:error_prone_annotations"),
@@ -33,7 +33,7 @@ java_library(
 
 java_library(
     name = "token_fetcher",
-    srcs = ["src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java"],
+    srcs = ["src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/TokenFetcher.java"],
     deps = [
         ":s2a_identity",
     ],
@@ -42,7 +42,7 @@ java_library(
 java_library(
     name = "access_token_manager",
     srcs = [
-        "src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java",
     ],
     deps = [
         ":s2a_identity",
@@ -54,7 +54,7 @@ java_library(
 java_library(
     name = "single_token_fetcher",
     srcs = [
-        "src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java",
     ],
     deps = [
         ":s2a_identity",
@@ -66,15 +66,15 @@ java_library(
 java_library(
     name = "s2a_handshaker",
     srcs = [
-        "src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java",
-        "src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java",
-        "src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java",
-        "src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java",
-        "src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java",
-        "src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java",
-        "src/main/java/io/grpc/s2a/handshaker/S2AStub.java",
-        "src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java",
-        "src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/ConnectionClosedException.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/S2AConnectionException.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java",
+        "src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java",
     ],
     deps = [
         ":access_token_manager",
diff --git a/s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java b/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
similarity index 84%
rename from s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java
rename to s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
index b365954b189..d759128a4c5 100644
--- a/s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java
+++ b/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
@@ -1,4 +1,4 @@
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static io.grpc.MethodDescriptor.generateFullMethodName;
 
@@ -15,29 +15,29 @@ private S2AServiceGrpc() {}
   public static final java.lang.String SERVICE_NAME = "grpc.gcp.s2a.S2AService";
 
   // Static method descriptors that strictly reflect the proto.
-  private static volatile io.grpc.MethodDescriptor<io.grpc.s2a.handshaker.SessionReq,
-      io.grpc.s2a.handshaker.SessionResp> getSetUpSessionMethod;
+  private static volatile io.grpc.MethodDescriptor<io.grpc.s2a.internal.handshaker.SessionReq,
+      io.grpc.s2a.internal.handshaker.SessionResp> getSetUpSessionMethod;
 
   @io.grpc.stub.annotations.RpcMethod(
       fullMethodName = SERVICE_NAME + '/' + "SetUpSession",
-      requestType = io.grpc.s2a.handshaker.SessionReq.class,
-      responseType = io.grpc.s2a.handshaker.SessionResp.class,
+      requestType = io.grpc.s2a.internal.handshaker.SessionReq.class,
+      responseType = io.grpc.s2a.internal.handshaker.SessionResp.class,
       methodType = io.grpc.MethodDescriptor.MethodType.BIDI_STREAMING)
-  public static io.grpc.MethodDescriptor<io.grpc.s2a.handshaker.SessionReq,
-      io.grpc.s2a.handshaker.SessionResp> getSetUpSessionMethod() {
-    io.grpc.MethodDescriptor<io.grpc.s2a.handshaker.SessionReq, io.grpc.s2a.handshaker.SessionResp> getSetUpSessionMethod;
+  public static io.grpc.MethodDescriptor<io.grpc.s2a.internal.handshaker.SessionReq,
+      io.grpc.s2a.internal.handshaker.SessionResp> getSetUpSessionMethod() {
+    io.grpc.MethodDescriptor<io.grpc.s2a.internal.handshaker.SessionReq, io.grpc.s2a.internal.handshaker.SessionResp> getSetUpSessionMethod;
     if ((getSetUpSessionMethod = S2AServiceGrpc.getSetUpSessionMethod) == null) {
       synchronized (S2AServiceGrpc.class) {
         if ((getSetUpSessionMethod = S2AServiceGrpc.getSetUpSessionMethod) == null) {
           S2AServiceGrpc.getSetUpSessionMethod = getSetUpSessionMethod =
-              io.grpc.MethodDescriptor.<io.grpc.s2a.handshaker.SessionReq, io.grpc.s2a.handshaker.SessionResp>newBuilder()
+              io.grpc.MethodDescriptor.<io.grpc.s2a.internal.handshaker.SessionReq, io.grpc.s2a.internal.handshaker.SessionResp>newBuilder()
               .setType(io.grpc.MethodDescriptor.MethodType.BIDI_STREAMING)
               .setFullMethodName(generateFullMethodName(SERVICE_NAME, "SetUpSession"))
               .setSampledToLocalTracing(true)
               .setRequestMarshaller(io.grpc.protobuf.ProtoUtils.marshaller(
-                  io.grpc.s2a.handshaker.SessionReq.getDefaultInstance()))
+                  io.grpc.s2a.internal.handshaker.SessionReq.getDefaultInstance()))
               .setResponseMarshaller(io.grpc.protobuf.ProtoUtils.marshaller(
-                  io.grpc.s2a.handshaker.SessionResp.getDefaultInstance()))
+                  io.grpc.s2a.internal.handshaker.SessionResp.getDefaultInstance()))
               .setSchemaDescriptor(new S2AServiceMethodDescriptorSupplier("SetUpSession"))
               .build();
         }
@@ -100,8 +100,8 @@ public interface AsyncService {
      * operations from the TLS handshake.
      * </pre>
      */
-    default io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionReq> setUpSession(
-        io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionResp> responseObserver) {
+    default io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionReq> setUpSession(
+        io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionResp> responseObserver) {
       return io.grpc.stub.ServerCalls.asyncUnimplementedStreamingCall(getSetUpSessionMethod(), responseObserver);
     }
   }
@@ -139,8 +139,8 @@ protected S2AServiceStub build(
      * operations from the TLS handshake.
      * </pre>
      */
-    public io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionReq> setUpSession(
-        io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionResp> responseObserver) {
+    public io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionReq> setUpSession(
+        io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionResp> responseObserver) {
       return io.grpc.stub.ClientCalls.asyncBidiStreamingCall(
           getChannel().newCall(getSetUpSessionMethod(), getCallOptions()), responseObserver);
     }
@@ -211,7 +211,7 @@ public io.grpc.stub.StreamObserver<Req> invoke(
       switch (methodId) {
         case METHODID_SET_UP_SESSION:
           return (io.grpc.stub.StreamObserver<Req>) serviceImpl.setUpSession(
-              (io.grpc.stub.StreamObserver<io.grpc.s2a.handshaker.SessionResp>) responseObserver);
+              (io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionResp>) responseObserver);
         default:
           throw new AssertionError();
       }
@@ -224,8 +224,8 @@ public static final io.grpc.ServerServiceDefinition bindService(AsyncService ser
           getSetUpSessionMethod(),
           io.grpc.stub.ServerCalls.asyncBidiStreamingCall(
             new MethodHandlers<
-              io.grpc.s2a.handshaker.SessionReq,
-              io.grpc.s2a.handshaker.SessionResp>(
+              io.grpc.s2a.internal.handshaker.SessionReq,
+              io.grpc.s2a.internal.handshaker.SessionResp>(
                 service, METHODID_SET_UP_SESSION)))
         .build();
   }
@@ -236,7 +236,7 @@ private static abstract class S2AServiceBaseDescriptorSupplier
 
     @java.lang.Override
     public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
-      return io.grpc.s2a.handshaker.S2AProto.getDescriptor();
+      return io.grpc.s2a.internal.handshaker.S2AProto.getDescriptor();
     }
 
     @java.lang.Override
diff --git a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
index 7beecdb3621..2e040964dfa 100644
--- a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
+++ b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
@@ -28,9 +28,9 @@
 import io.grpc.internal.SharedResourcePool;
 import io.grpc.netty.InternalNettyChannelCredentials;
 import io.grpc.netty.InternalProtocolNegotiator;
-import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
-import io.grpc.s2a.handshaker.S2AIdentity;
-import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory;
+import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AProtocolNegotiatorFactory;
 import javax.annotation.concurrent.NotThreadSafe;
 import org.checkerframework.checker.nullness.qual.Nullable;
 
diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AChannelPool.java
similarity index 97%
rename from s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java
rename to s2a/src/main/java/io/grpc/s2a/internal/channel/S2AChannelPool.java
index e5caf5e69bd..aaaa0fffd53 100644
--- a/s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AChannelPool.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.channel;
+package io.grpc.s2a.internal.channel;
 
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import io.grpc.Channel;
diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPool.java
similarity index 98%
rename from s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java
rename to s2a/src/main/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPool.java
index 4794cd9ee49..af911185e6c 100644
--- a/s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPool.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.channel;
+package io.grpc.s2a.internal.channel;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
similarity index 99%
rename from s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
rename to s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
index 9d6950ce041..7a2b3e70672 100644
--- a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.channel;
+package io.grpc.s2a.internal.channel;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static java.util.concurrent.TimeUnit.SECONDS;
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ConnectionClosedException.java
similarity index 95%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/ConnectionClosedException.java
index 1a7f86bda91..d6f1aa70f7c 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionClosedException.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ConnectionClosedException.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import java.io.IOException;
 
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
similarity index 92%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
index 56d74a9b766..2d089183f91 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
@@ -14,11 +14,11 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import com.google.errorprone.annotations.Immutable;
-import io.grpc.s2a.handshaker.S2AIdentity;
-import io.grpc.s2a.handshaker.tokenmanager.AccessTokenManager;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.tokenmanager.AccessTokenManager;
 import java.util.Optional;
 
 /** Retrieves the authentication mechanism for a given local identity. */
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
similarity index 98%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
index 129cc2d60f1..1d88d5a2b55 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableSet;
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AConnectionException.java
similarity index 95%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AConnectionException.java
index d976308ad22..9b6c244751b 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AConnectionException.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 /** Exception that denotes a runtime error that was encountered when talking to the S2A server. */
 @SuppressWarnings("serial") // This class is never serialized.
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java
similarity index 98%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java
index c4fed7377ac..0b691248e91 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.java
similarity index 98%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.java
index fb6d5761355..c7262f70ef7 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
@@ -22,7 +22,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
 import com.google.protobuf.ByteString;
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.handler.ssl.OpenSslPrivateKeyMethod;
 import java.io.IOException;
 import java.util.Optional;
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
similarity index 97%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
index 14bdc05238d..cb02d49ce9e 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
@@ -37,9 +37,9 @@
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiators;
 import io.grpc.netty.InternalProtocolNegotiators.ProtocolNegotiationHandler;
-import io.grpc.s2a.channel.S2AChannelPool;
-import io.grpc.s2a.channel.S2AGrpcChannelPool;
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.channel.S2AChannelPool;
+import io.grpc.s2a.internal.channel.S2AGrpcChannelPool;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerAdapter;
 import io.netty.channel.ChannelHandlerContext;
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
similarity index 99%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
index ea4fb033a13..0bfa3b4dac2 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
similarity index 97%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
index aafbb94c047..2f7e5750f88 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
@@ -14,15 +14,15 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.collect.ImmutableList;
 import com.google.protobuf.ByteString;
-import io.grpc.s2a.handshaker.S2AIdentity;
-import io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
 import java.io.IOException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
similarity index 98%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
index 1ac5887ebc4..72ace2c7885 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
@@ -14,14 +14,14 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.google.common.collect.ImmutableSet;
 import io.grpc.netty.GrpcSslContexts;
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.handler.ssl.OpenSslContextOption;
 import io.netty.handler.ssl.OpenSslSessionContext;
 import io.netty.handler.ssl.OpenSslX509KeyManagerFactory;
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java
similarity index 90%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java
index da75cf0d4dd..71e55b29fcd 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java
@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker.tokenmanager;
+package io.grpc.s2a.internal.handshaker.tokenmanager;
 
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import java.lang.reflect.Method;
 import java.util.Optional;
 import javax.annotation.concurrent.ThreadSafe;
@@ -31,7 +31,7 @@ public static Optional<AccessTokenManager> create() {
     Optional<?> tokenFetcher;
     try {
       Class<?> singleTokenFetcherClass =
-          Class.forName("io.grpc.s2a.handshaker.tokenmanager.SingleTokenFetcher");
+          Class.forName("io.grpc.s2a.internal.handshaker.tokenmanager.SingleTokenFetcher");
       Method createTokenFetcher = singleTokenFetcherClass.getMethod("create");
       tokenFetcher = (Optional) createTokenFetcher.invoke(null);
     } catch (ClassNotFoundException e) {
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java
similarity index 94%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java
index c3dffd2b715..a5402af9db2 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java
@@ -14,10 +14,10 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker.tokenmanager;
+package io.grpc.s2a.internal.handshaker.tokenmanager;
 
 import com.google.common.annotations.VisibleForTesting;
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import java.util.Optional;
 
 /** Fetches a single access token via an environment variable. */
diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/TokenFetcher.java
similarity index 89%
rename from s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java
rename to s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/TokenFetcher.java
index 9eeddaad844..6827f095afe 100644
--- a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/TokenFetcher.java
@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker.tokenmanager;
+package io.grpc.s2a.internal.handshaker.tokenmanager;
 
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 
 /** Fetches tokens used to authenticate to S2A. */
 interface TokenFetcher {
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/common.proto b/s2a/src/main/proto/grpc/gcp/s2a/common.proto
index 749739553dd..1b999234669 100644
--- a/s2a/src/main/proto/grpc/gcp/s2a/common.proto
+++ b/s2a/src/main/proto/grpc/gcp/s2a/common.proto
@@ -21,7 +21,7 @@ package grpc.gcp.s2a;
 
 option java_multiple_files = true;
 option java_outer_classname = "CommonProto";
-option java_package = "io.grpc.s2a.handshaker";
+option java_package = "io.grpc.s2a.internal.handshaker";
 
 // The TLS 1.0-1.2 ciphersuites that the application can negotiate when using
 // S2A.
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto b/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
index 8a85e348c24..b3f153943db 100644
--- a/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
+++ b/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
@@ -24,7 +24,7 @@ import "grpc/gcp/s2a/s2a_context.proto";
 
 option java_multiple_files = true;
 option java_outer_classname = "S2AProto";
-option java_package = "io.grpc.s2a.handshaker";
+option java_package = "io.grpc.s2a.internal.handshaker";
 
 enum SignatureAlgorithm {
   S2A_SSL_SIGN_UNSPECIFIED = 0;
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto b/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto
index edaeaf22669..745b4d267d6 100644
--- a/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto
+++ b/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto
@@ -23,7 +23,7 @@ import "grpc/gcp/s2a/common.proto";
 
 option java_multiple_files = true;
 option java_outer_classname = "S2AContextProto";
-option java_package = "io.grpc.s2a.handshaker";
+option java_package = "io.grpc.s2a.internal.handshaker";
 
 message S2AContext {
   // The SPIFFE ID from the peer leaf certificate, if present.
diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPoolTest.java
similarity index 99%
rename from s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPoolTest.java
index 260129f8f56..afae456abb1 100644
--- a/s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPoolTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.channel;
+package io.grpc.s2a.internal.channel;
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertThrows;
diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
similarity index 99%
rename from s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
index 7281adb9794..9e09d10f7da 100644
--- a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.channel;
+package io.grpc.s2a.internal.channel;
 
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
@@ -36,7 +36,7 @@
 import io.grpc.benchmarks.Utils;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyServerBuilder;
-import io.grpc.s2a.channel.S2AHandshakerServiceChannel.HandshakerServiceChannel;
+import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel.HandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.testing.protobuf.SimpleRequest;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
similarity index 97%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
index d630f57d90d..a1745d209d7 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
similarity index 98%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
index a8868744f80..e61f8eea1a1 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
 import static java.util.concurrent.TimeUnit.SECONDS;
@@ -27,7 +27,7 @@
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.benchmarks.Utils;
-import io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
+import io.grpc.s2a.internal.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
similarity index 98%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
index b0e84fdf962..6466a08eca9 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
@@ -14,10 +14,10 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
-import static io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_1_2;
-import static io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_1_3;
+import static io.grpc.s2a.internal.handshaker.TLSVersion.TLS_VERSION_1_2;
+import static io.grpc.s2a.internal.handshaker.TLSVersion.TLS_VERSION_1_3;
 
 import com.google.common.collect.ImmutableMap;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
similarity index 92%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
index 884e1ec88eb..4c00b0746fc 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
@@ -14,11 +14,11 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import com.google.common.truth.Expect;
-import io.grpc.s2a.handshaker.S2AIdentity;
-import io.grpc.s2a.handshaker.tokenmanager.SingleTokenFetcher;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.tokenmanager.SingleTokenFetcher;
 import java.util.Optional;
 import org.junit.BeforeClass;
 import org.junit.Rule;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
similarity index 98%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
index 0fb9b12cf95..e1ad3d278c3 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.truth.Truth.assertThat;
 import static java.util.concurrent.TimeUnit.SECONDS;
@@ -32,7 +32,7 @@
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.netty.NettyServerBuilder;
 import io.grpc.s2a.S2AChannelCredentials;
-import io.grpc.s2a.handshaker.FakeS2AServer;
+import io.grpc.s2a.internal.handshaker.FakeS2AServer;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.protobuf.SimpleRequest;
 import io.grpc.testing.protobuf.SimpleResponse;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
similarity index 98%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
index f54063b9e04..b685d0bc755 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static org.junit.Assert.assertThrows;
 
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
similarity index 99%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
index fc8d42d09c0..c885783be99 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.truth.Truth.assertThat;
 import static java.nio.charset.StandardCharsets.UTF_8;
@@ -26,7 +26,7 @@
 import com.google.common.truth.Expect;
 import com.google.protobuf.ByteString;
 import io.grpc.netty.GrpcSslContexts;
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.handler.ssl.OpenSslPrivateKeyMethod;
 import io.netty.handler.ssl.SslContextBuilder;
 import java.io.ByteArrayInputStream;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
similarity index 96%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
index fa6c4fc858d..d469b07df0f 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.mockito.Mockito.mock;
@@ -35,11 +35,11 @@
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
 import io.grpc.netty.InternalProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
-import io.grpc.s2a.channel.S2AChannelPool;
-import io.grpc.s2a.channel.S2AGrpcChannelPool;
-import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
-import io.grpc.s2a.handshaker.S2AIdentity;
-import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory.S2AProtocolNegotiator;
+import io.grpc.s2a.internal.channel.S2AChannelPool;
+import io.grpc.s2a.internal.channel.S2AGrpcChannelPool;
+import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AProtocolNegotiatorFactory.S2AProtocolNegotiator;
 import io.grpc.stub.StreamObserver;
 import io.netty.channel.ChannelDuplexHandler;
 import io.netty.channel.ChannelHandler;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
similarity index 97%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
index a1daf9948a1..2e3bfc02879 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
@@ -23,9 +23,9 @@
 import com.google.common.truth.Expect;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.internal.SharedResourcePool;
-import io.grpc.s2a.channel.S2AChannelPool;
-import io.grpc.s2a.channel.S2AGrpcChannelPool;
-import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
+import io.grpc.s2a.internal.channel.S2AChannelPool;
+import io.grpc.s2a.internal.channel.S2AGrpcChannelPool;
+import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2ATrustManagerTest.java
similarity index 99%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2ATrustManagerTest.java
index 384e1aba5cc..198001838aa 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2ATrustManagerTest.java
@@ -14,12 +14,12 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertThrows;
 
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import java.io.ByteArrayInputStream;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/SslContextFactoryTest.java
similarity index 98%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/SslContextFactoryTest.java
index a2a66a7b563..fc3cfb5e441 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/SslContextFactoryTest.java
@@ -14,13 +14,13 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker;
+package io.grpc.s2a.internal.handshaker;
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertThrows;
 
 import com.google.common.truth.Expect;
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.handler.ssl.OpenSslSessionContext;
 import io.netty.handler.ssl.SslContext;
 import java.security.GeneralSecurityException;
diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
similarity index 95%
rename from s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
rename to s2a/src/test/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
index 80adba07f20..5bf2ce05259 100644
--- a/s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
@@ -14,11 +14,11 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.handshaker.tokenmanager;
+package io.grpc.s2a.internal.handshaker.tokenmanager;
 
 import static com.google.common.truth.Truth.assertThat;
 
-import io.grpc.s2a.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import java.util.Optional;
 import org.junit.Before;
 import org.junit.Test;

From 9ab35a761bf4bc9d39ade5fd15b1e29fb31f061c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 2 Oct 2024 11:03:44 -0700
Subject: [PATCH 031/591] util: Store only a list of children in MultiChildLB

A map of children is still needed, but is created temporarily on update.
The order of children is currently preserved, but we could use regular
HashMaps if that is not useful.
---
 .../io/grpc/util/MultiChildLoadBalancer.java  | 61 ++++++++++---------
 1 file changed, 32 insertions(+), 29 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
index 330ec9d5357..3e56f41d038 100644
--- a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
@@ -24,7 +24,8 @@
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.ImmutableList;
+import com.google.common.base.Objects;
+import com.google.common.collect.Maps;
 import io.grpc.Attributes;
 import io.grpc.ConnectivityState;
 import io.grpc.EquivalentAddressGroup;
@@ -37,12 +38,9 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.HashSet;
-import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -55,7 +53,8 @@
 public abstract class MultiChildLoadBalancer extends LoadBalancer {
 
   private static final Logger logger = Logger.getLogger(MultiChildLoadBalancer.class.getName());
-  private final Map<Object, ChildLbState> childLbStates = new LinkedHashMap<>();
+  // Modify by replacing the list to release memory when no longer used.
+  private List<ChildLbState> childLbStates = new ArrayList<>(0);
   private final Helper helper;
   // Set to true if currently in the process of handling resolved addresses.
   protected boolean resolvingAddresses;
@@ -84,7 +83,8 @@ protected MultiChildLoadBalancer(Helper helper) {
    */
   protected Map<Object, ResolvedAddresses> createChildAddressesMap(
       ResolvedAddresses resolvedAddresses) {
-    Map<Object, ResolvedAddresses> childAddresses = new HashMap<>();
+    Map<Object, ResolvedAddresses> childAddresses =
+        Maps.newLinkedHashMapWithExpectedSize(resolvedAddresses.getAddresses().size());
     for (EquivalentAddressGroup eag : resolvedAddresses.getAddresses()) {
       ResolvedAddresses addresses = resolvedAddresses.toBuilder()
           .setAddresses(Collections.singletonList(eag))
@@ -144,7 +144,7 @@ public void handleNameResolutionError(Status error) {
   @Override
   public void shutdown() {
     logger.log(Level.FINE, "Shutdown");
-    for (ChildLbState state : childLbStates.values()) {
+    for (ChildLbState state : childLbStates) {
       state.shutdown();
     }
     childLbStates.clear();
@@ -169,39 +169,37 @@ protected final AcceptResolvedAddrRetVal acceptResolvedAddressesInternal(
       return new AcceptResolvedAddrRetVal(unavailableStatus, null);
     }
 
-    updateChildrenWithResolvedAddresses(newChildAddresses);
-
-    return new AcceptResolvedAddrRetVal(Status.OK, getRemovedChildren(newChildAddresses.keySet()));
+    List<ChildLbState> removed = updateChildrenWithResolvedAddresses(newChildAddresses);
+    return new AcceptResolvedAddrRetVal(Status.OK, removed);
   }
 
-  private void updateChildrenWithResolvedAddresses(
+  /** Returns removed children. */
+  private List<ChildLbState> updateChildrenWithResolvedAddresses(
       Map<Object, ResolvedAddresses> newChildAddresses) {
+    // Create a map with the old values
+    Map<Object, ChildLbState> oldStatesMap =
+        Maps.newLinkedHashMapWithExpectedSize(childLbStates.size());
+    for (ChildLbState state : childLbStates) {
+      oldStatesMap.put(state.getKey(), state);
+    }
+
+    // Move ChildLbStates from the map to a new list (preserving the new map's order)
+    List<ChildLbState> newChildLbStates = new ArrayList<>(newChildAddresses.size());
     for (Map.Entry<Object, ResolvedAddresses> entry : newChildAddresses.entrySet()) {
-      ChildLbState childLbState = childLbStates.get(entry.getKey());
+      ChildLbState childLbState = oldStatesMap.remove(entry.getKey());
       if (childLbState == null) {
         childLbState = createChildLbState(entry.getKey());
-        childLbStates.put(entry.getKey(), childLbState);
       }
+      newChildLbStates.add(childLbState);
       if (entry.getValue() != null) {
         childLbState.setResolvedAddresses(entry.getValue()); // update child
         childLbState.lb.handleResolvedAddresses(entry.getValue()); // update child LB
       }
     }
-  }
 
-  /**
-   * Identifies which children have been removed (are not part of the newChildKeys).
-   */
-  private List<ChildLbState> getRemovedChildren(Set<Object> newChildKeys) {
-    List<ChildLbState> removedChildren = new ArrayList<>();
-    // Do removals
-    for (Object key : ImmutableList.copyOf(childLbStates.keySet())) {
-      if (!newChildKeys.contains(key)) {
-        ChildLbState childLbState = childLbStates.remove(key);
-        removedChildren.add(childLbState);
-      }
-    }
-    return removedChildren;
+    childLbStates = newChildLbStates;
+    // Remaining entries in map are orphaned
+    return new ArrayList<>(oldStatesMap.values());
   }
 
   protected final void shutdownRemoved(List<ChildLbState> removedChildren) {
@@ -236,12 +234,17 @@ protected final Helper getHelper() {
 
   @VisibleForTesting
   public final Collection<ChildLbState> getChildLbStates() {
-    return childLbStates.values();
+    return childLbStates;
   }
 
   @VisibleForTesting
   public final ChildLbState getChildLbState(Object key) {
-    return childLbStates.get(key);
+    for (ChildLbState state : childLbStates) {
+      if (Objects.equal(state.getKey(), key)) {
+        return state;
+      }
+    }
+    return null;
   }
 
   @VisibleForTesting

From b8a0ba44af57475e43e4747607ce78a56ff08340 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Wed, 2 Oct 2024 12:55:21 -0700
Subject: [PATCH 032/591] s2a: clean up usage of certs (#11583)

* use CertificateUtils.

* Different names for each ec cert.

* Generate rsa certs with ::1 IP + delete CSRs.

* try.
---
 .../internal/handshaker/FakeS2AServer.java    |  2 +-
 .../s2a/internal/handshaker/FakeWriter.java   | 27 ++++----
 s2a/src/test/resources/cert_chain_ec.pem      | 63 ++++++++++---------
 s2a/src/test/resources/client.csr             | 16 -----
 s2a/src/test/resources/client_cert.pem        | 34 +++++-----
 s2a/src/test/resources/client_key.pem         | 52 +++++++--------
 s2a/src/test/resources/config.cnf             |  2 +-
 s2a/src/test/resources/int_cert1_.cnf         |  6 +-
 s2a/src/test/resources/int_cert1_ec.pem       | 21 ++++---
 s2a/src/test/resources/int_cert2.cnf          |  6 +-
 s2a/src/test/resources/int_cert2_ec.pem       | 21 ++++---
 s2a/src/test/resources/int_key1_ec.pem        |  6 +-
 s2a/src/test/resources/int_key2_ec.pem        |  6 +-
 s2a/src/test/resources/leaf.cnf               |  6 +-
 s2a/src/test/resources/leaf_cert_ec.pem       | 21 ++++---
 s2a/src/test/resources/leaf_key_ec.pem        |  6 +-
 s2a/src/test/resources/root_cert.pem          | 32 +++++-----
 s2a/src/test/resources/root_cert_ec.pem       | 20 +++---
 s2a/src/test/resources/root_ec.cnf            |  6 +-
 s2a/src/test/resources/root_key.pem           | 56 ++++++++---------
 s2a/src/test/resources/root_key_ec.pem        |  6 +-
 s2a/src/test/resources/server.csr             | 16 -----
 s2a/src/test/resources/server_cert.pem        | 32 +++++-----
 s2a/src/test/resources/server_key.pem         | 52 +++++++--------
 24 files changed, 246 insertions(+), 269 deletions(-)
 delete mode 100644 s2a/src/test/resources/client.csr
 delete mode 100644 s2a/src/test/resources/server.csr

diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
index a1745d209d7..2d19dd122ec 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
@@ -28,7 +28,7 @@ public final class FakeS2AServer extends S2AServiceGrpc.S2AServiceImplBase {
 
   private final FakeWriter writer;
 
-  public FakeS2AServer() throws InvalidKeySpecException, NoSuchAlgorithmException {
+  public FakeS2AServer() throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
     this.writer = new FakeWriter();
     this.writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS).initializePrivateKey();
   }
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
index 6466a08eca9..4455e77b1e2 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
@@ -23,17 +23,18 @@
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import com.google.protobuf.ByteString;
 import io.grpc.stub.StreamObserver;
+import io.grpc.util.CertificateUtils;
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
-import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.Signature;
 import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Base64;
 
 /** A fake Writer Class to mock the behavior of S2A server. */
 final class FakeWriter implements StreamObserver<SessionReq> {
@@ -59,12 +60,8 @@ enum VerificationResult {
       new File("src/test/resources/int_cert2_ec.pem");
   public static final File cert1File =
       new File("src/test/resources/int_cert1_ec.pem");
-
-  // src/test/resources/leaf_key_ec.pem
-  private static final String PRIVATE_KEY =
-      "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgR2HBqtWTWu4NLiow"
-          + "ar8vh+9vAmCONE59C+jXNAb9r8ehRANCAATRM8ozcr8PTOVsZNWh+rTmJ6t+rODu"
-          + "g3LwWpUQq9h7AddjGlLrrTNrceOyO7nh9aEk5plKhs/h7PO8+vkEFsEx";
+  public static final File keyFile = 
+      new File("src/test/resources/leaf_key_ec.pem");
   private static final ImmutableMap<SignatureAlgorithm, String>
       ALGORITHM_TO_SIGNATURE_INSTANCE_IDENTIFIER =
           ImmutableMap.of(
@@ -107,10 +104,14 @@ FakeWriter setFailureReason(String failureReason) {
   }
 
   @CanIgnoreReturnValue
-  FakeWriter initializePrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException {
-    privateKey =
-        KeyFactory.getInstance("EC")
-            .generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(PRIVATE_KEY)));
+  FakeWriter initializePrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException,
+                    IOException, FileNotFoundException, UnsupportedEncodingException {
+    FileInputStream keyInputStream = new FileInputStream(keyFile);
+    try {
+      privateKey = CertificateUtils.getPrivateKey(keyInputStream);
+    } finally {
+      keyInputStream.close();
+    }
     return this;
   }
 
diff --git a/s2a/src/test/resources/cert_chain_ec.pem b/s2a/src/test/resources/cert_chain_ec.pem
index 0e097d39bf2..a249904286c 100644
--- a/s2a/src/test/resources/cert_chain_ec.pem
+++ b/s2a/src/test/resources/cert_chain_ec.pem
@@ -1,36 +1,39 @@
 -----BEGIN CERTIFICATE-----
-MIIB0jCCAXigAwIBAgIUBV1dftEhhEMTI83L6jpeJn2tuyQwCgYIKoZIzj0EAwIw
-JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
-OTIzMDQwMFoXDTQ0MDkxOTIzMDQwMFowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
-b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0TPKM3K/
-D0zlbGTVofq05ierfqzg7oNy8FqVEKvYewHXYxpS660za3Hjsju54fWhJOaZSobP
-4ezzvPr5BBbBMaOBgzCBgDAOBgNVHQ8BAf8EBAMCB4AwIAYDVR0lAQH/BBYwFAYI
-KwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPvP7dnB
-dg8ZoLB0w62tbvoIRRHPMB8GA1UdIwQYMBaAFHeH+MNh2fgyjNHYP9hLAv9Sl1yD
-MAoGCCqGSM49BAMCA0gAMEUCIBcsImaxeFjxFXCXYNQJnde+rsEOgbeAHrAC0SZQ
-NlB2AiEA4epDhw/o+6BfgDbqlZsNEHkScPrwupnBQGLQlmNJe2c=
+MIIB6jCCAZCgAwIBAgIUA98F2JkYZAyz9BdIkBK3P8Df7OUwCgYIKoZIzj0EAwIw
+MjEOMAwGA1UECgwFaW50MU8xDzANBgNVBAsMBmludDFPVTEPMA0GA1UEAwwGaW50
+MUNOMB4XDTI0MTAwMTIxNDIwMFoXDTQ0MTAwMTIxNDIwMFowMjEOMAwGA1UECgwF
+bGVhZk8xDzANBgNVBAsMBmxlYWZPVTEPMA0GA1UEAwwGbGVhZkNOMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEtpTTzt2VDTP6gO4uUIpg8sB63Ff4T4YPMoIGrrn3
+tU3f9j0Ysa5/xblM0LkwRImcrKKchYDiNm1wHkWo+qDImaOBgzCBgDAOBgNVHQ8B
+Af8EBAMCB4AwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1Ud
+EwEB/wQCMAAwHQYDVR0OBBYEFGzFBt/E6vDJRcH+Izy4MQ9AHycqMB8GA1UdIwQY
+MBaAFBYs72Jv682/xzG3Tm8hItIFis//MAoGCCqGSM49BAMCA0gAMEUCIHUcqPTB
+mQ4kXE0WoOUC8ZmzvthvfKjCNe0YogcjZgwWAiEAvapmWoQIO4qie25Ae9sYRCPq
+5xAHztAquk5HLfwabow=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIB1zCCAX6gAwIBAgIUW4GYHncSLeb7Tmw7FMjX/DesReIwCgYIKoZIzj0EAwIw
-JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
-OTIzMDA0MVoXDTQ0MDkxOTIzMDA0MVowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
-b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAqtg2E+h
-Wfr5dnewqsCLwM0PohkB83Gh7V3i/TPFkNKF/V6pKdz5a3Z8sicG+g7uJX+eyOoD
-43Z8woO7MgJl8aOBiTCBhjAOBgNVHQ8BAf8EBAMCAQYwIAYDVR0lAQH/BBYwFAYI
-KwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE
-FHeH+MNh2fgyjNHYP9hLAv9Sl1yDMB8GA1UdIwQYMBaAFP+PTOryxis9d7HVfqhP
-MyMEgMZOMAoGCCqGSM49BAMCA0cAMEQCIHbzJvxHMIDPBRi1e047K0mqKKBSfViS
-guiDSoQ5g5OuAiBT5ePqDLs4PyrK6XFkiEWoRX8Z5T9y419Go+fpLM+DaA==
+MIIB8TCCAZagAwIBAgIUEXwpznJIlU+ELO7Qgb4UUGpfbj8wCgYIKoZIzj0EAwIw
+MjEOMAwGA1UECgwFaW50Mk8xDzANBgNVBAsMBmludDJPVTEPMA0GA1UEAwwGaW50
+MkNOMB4XDTI0MTAwMTIxNDIwMFoXDTQ0MTAwMTIxNDIwMFowMjEOMAwGA1UECgwF
+aW50MU8xDzANBgNVBAsMBmludDFPVTEPMA0GA1UEAwwGaW50MUNOMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEoenicrtL6ezEW2yLSXADscDJQ/fdbr+vJEU/aieV
+wA2EnPbrdpvQZaz+pXtuZzBLZY50XI9y33E+/PvBFtZob6OBiTCBhjAOBgNVHQ8B
+Af8EBAMCAQYwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1Ud
+EwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFBYs72Jv682/xzG3Tm8hItIFis//MB8G
+A1UdIwQYMBaAFPhN6eGgVc36Kc50rREZhMdBIkgGMAoGCCqGSM49BAMCA0kAMEYC
+IQDiPcbihg1iDi0m9CUn96IbWOTh1X75RfVJYcR3Q5T78AIhAK/fxZauDeWPzk2r
+2/ohCQOZFHtAi9VRpr/TqNi3SaYt
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIB1zCCAX6gAwIBAgIUBBKkTrqFxQUist2pK2uj8/DRnKMwCgYIKoZIzj0EAwIw
-JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
-OTIyNTYwNloXDTQ0MDkxOTIyNTYwNlowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
-b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFW7/Te2z
-jS8KlpF8RMMYaZtKf6EZlrZIIo5SO9j6baAKXVna9LmDCrzXnOLIeqOuZq0ODizU
-i4DFALB2yd5BkaOBiTCBhjAOBgNVHQ8BAf8EBAMCAQYwIAYDVR0lAQH/BBYwFAYI
-KwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYE
-FP+PTOryxis9d7HVfqhPMyMEgMZOMB8GA1UdIwQYMBaAFFITbB0BULPtynN9SMki
-lEarWxcKMAoGCCqGSM49BAMCA0cAMEQCIHK4cTTx4Ti7Te9hA9VVtHoMCt5fL4Cl
-XnQR6D5xW4pPAiAQ+CilQdZUhVK5bU6wbrwLgcwf+40ETK/KASId5970rQ==
+MIIB8DCCAZagAwIBAgIUNOH4wQEoKHvaQ9Xgd36vh5TnhfUwCgYIKoZIzj0EAwIw
+MjEOMAwGA1UECgwFcm9vdE8xDzANBgNVBAsMBnJvb3RPVTEPMA0GA1UEAwwGcm9v
+dENOMB4XDTI0MTAwMTIxNDIwMFoXDTQ0MTAwMTIxNDIwMFowMjEOMAwGA1UECgwF
+aW50Mk8xDzANBgNVBAsMBmludDJPVTEPMA0GA1UEAwwGaW50MkNOMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAE44B/G4pzAvLpIUaPp8XNRtXuw8jeLgE40NjQMuqq
+3jNs6ID/fv/jiRggLMXL3Tii1CisM4BRjg56/Owky1Fyv6OBiTCBhjAOBgNVHQ8B
+Af8EBAMCAQYwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1Ud
+EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPhN6eGgVc36Kc50rREZhMdBIkgGMB8G
+A1UdIwQYMBaAFNHNBlllqi9koRtf7EBHjRMwVgWsMAoGCCqGSM49BAMCA0gAMEUC
+IBd4bvqVeYSSUEGF1wB0KlYxn1L0Ub/LjgIUUQFAEwahAiEAgeArX63bnlI7u3dq
+v/FGilvcLP3P3AvRozpHJiIZ860=
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/client.csr b/s2a/src/test/resources/client.csr
deleted file mode 100644
index 664f5a4cf86..00000000000
--- a/s2a/src/test/resources/client.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIChzCCAW8CAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAoSS3KtFgiXX4vAUNscFGIB/r2OOMgiZMKHz72dN0
-5kSxwdpQxpMIhwEoe0lhHNfOiuE7/r6VbGG9RGGIcQcoSonc3InPRfpnzfj9KohJ
-i8pYkLL9EwElAEl9sWnvVKTza8jTApDP2Z/fntBEsWAMsLPpuRZT6tgN1sXe4vNG
-4wufJSxuImyCVAx1fkZjRkYEKOtm1osnEDng4R0WXZ6S+q5lYzYPk1wxgbjdZu2U
-fWxP6V63SphV0NFXTx0E401j2h258cIqTVj8lRX6dfl9gO0d43Rd+hSU7R4iXGEw
-arixuH9g5H745AFf9H52twHPcNP9cEKBljBpSV5z3MvTkQIDAQABoC4wLAYJKoZI
-hvcNAQkOMR8wHTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3
-DQEBCwUAA4IBAQCQHim3aIpGJs5u6JhEA07Rwm8YKyVALDEklhsHILlFhdNr2uV7
-S+3bHV79mDGjxNWvFcgK5h5ENkT60tXbhbie1gYmFT0RMCYHDsL09NGTh8G9Bbdl
-UKeA9DMhRSYzE7Ks3Lo1dJvX7OAEI0qV77dGpQknufYpmHiBXuqtB9I0SpYi1c4O
-9IUn/NY0yiYFPsIEsVRz/1dK97wazusLnijaMwNNhUc9bJwTyujhlr+b8ioPyADG
-e+GDF97d0nQ8806DOJF4GTRKwaXD+R5zN5t4ULhZ7ERqLNeE9EnWRe4CvSGvBoNA
-hIVeYaLd761Z9ZKvOnsgCr8qvMDilDFY6OfB
------END CERTIFICATE REQUEST-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/client_cert.pem b/s2a/src/test/resources/client_cert.pem
index b72f6991c91..837f8bb5019 100644
--- a/s2a/src/test/resources/client_cert.pem
+++ b/s2a/src/test/resources/client_cert.pem
@@ -1,18 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIC9DCCAdwCFB+cDXee2sIHjdlBhdNpTo+G2XAjMA0GCSqGSIb3DQEBCwUAMFkx
-CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
-cm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzEw
-MTcyMzA5MDNaFw00MzEwMTcyMzA5MDNaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKEktyrRYIl1+LwFDbHBRiAf
-69jjjIImTCh8+9nTdOZEscHaUMaTCIcBKHtJYRzXzorhO/6+lWxhvURhiHEHKEqJ
-3NyJz0X6Z834/SqISYvKWJCy/RMBJQBJfbFp71Sk82vI0wKQz9mf357QRLFgDLCz
-6bkWU+rYDdbF3uLzRuMLnyUsbiJsglQMdX5GY0ZGBCjrZtaLJxA54OEdFl2ekvqu
-ZWM2D5NcMYG43WbtlH1sT+let0qYVdDRV08dBONNY9odufHCKk1Y/JUV+nX5fYDt
-HeN0XfoUlO0eIlxhMGq4sbh/YOR++OQBX/R+drcBz3DT/XBCgZYwaUlec9zL05EC
-AwEAATANBgkqhkiG9w0BAQsFAAOCAQEARorc1t2OJnwm1lxhf2KpTpNvNOI9FJak
-iSHz/MxhMdu4BG/dQHkKkWoVC6W2Kaimx4OImBwRlGEmGf4P0bXOLSTOumk2k1np
-ZUbw7Z2cJzvBmT2BLoHRXcBvbFIBW5DJUSHR37eXEKP57BeD+Og4/3XhNzehSpTX
-DRd2Ix/D39JjYA462nqPHQP8HDMf6+0BFmvf9ZRYmFucccYQRCUCKDqb8+wGf9W6
-tKNRE6qPG2jpAQ9qkgO7XuucbLvpywt5xj+yDRbOIq43l40mHaz4lRp697oaxjP8
-HSVcMydW3cluoW3AVInNIaqbM1dr6931MllK62DKipFtmCycq/56XA==
+MIIDPTCCAiWgAwIBAgIUaarddwSWeE4jDC9kwxEr446ehqUwDQYJKoZIhvcNAQEL
+BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X
+DTI0MTAwMTIxNTk1NFoXDTQ0MTAwMTIxNTk1NFowFDESMBAGA1UEAwwJbG9jYWxo
+b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlNsldt7yAU4KRuS
+2D2/FjNIE1US5olBm4HteTr++41WaELZJqNLRPPp052jEQU3aKSYNGZvUUO6buu7
+eFpz2SBNUVMyvmzzocjVAyyf4NQvDazYHWOb+/YCeUppTRWriz4V5sn47qJTQ8cd
+CGrTFeLHxUjx4nh/OiqVXP/KnF3EqPEuqph0ky7+GirnJgPRe+C5ERuGkJye8dmP
+yWGA2lSS6MeDe7JZTAMi08bAn7BuNpeBkOzz1msGGI9PnUanUs7GOPWTDdcQAVY8
+KMvHCuGaNMGpb4rOR2mm8LlbAbpTPz8Pkw4QtMCLkgsrz2CzXpVwnLsU7nDXJAIO
+B155lQIDAQABo0IwQDAdBgNVHQ4EFgQUSZEyIHLzkIw7AwkBaUjYfIrGVR4wHwYD
+VR0jBBgwFoAUcq3dtxAVA410YWyM0B4e+4umbiwwDQYJKoZIhvcNAQELBQADggEB
+AAz0bZ4ayrZLhA45xn0yvdpdqiCtiWikCRtxgE7VXHg/ziZJVMpBpAhbIGO5tIyd
+lttnRXHwz5DUwKiba4/bCEFe229BshQEql5qaqcbGbFfSly11WeqqnwR1N7c8Gpv
+pD9sVrx22seN0rTUk87MY/S7mzCxHqAx35zm/LTW3pWcgCTMKFHy4Gt4mpTnXkNA
+WkhP2OhW5RLiu6Whi0BEdb2TGG1+ctamgijKXb+gJeef5ehlHXG8eU862KF5UlEA
+NeQKBm/PpQxOMe0NdpatjN8QRoczku0Itiodng+OZ1o+2iSNG988uFRb3CUSnjtE
+R/HL6ULAFzo59EpIYxruU/w=
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/client_key.pem b/s2a/src/test/resources/client_key.pem
index dd3e2ff78f1..38b93eb65c4 100644
--- a/s2a/src/test/resources/client_key.pem
+++ b/s2a/src/test/resources/client_key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChJLcq0WCJdfi8
-BQ2xwUYgH+vY44yCJkwofPvZ03TmRLHB2lDGkwiHASh7SWEc186K4Tv+vpVsYb1E
-YYhxByhKidzcic9F+mfN+P0qiEmLyliQsv0TASUASX2xae9UpPNryNMCkM/Zn9+e
-0ESxYAyws+m5FlPq2A3Wxd7i80bjC58lLG4ibIJUDHV+RmNGRgQo62bWiycQOeDh
-HRZdnpL6rmVjNg+TXDGBuN1m7ZR9bE/pXrdKmFXQ0VdPHQTjTWPaHbnxwipNWPyV
-Ffp1+X2A7R3jdF36FJTtHiJcYTBquLG4f2DkfvjkAV/0fna3Ac9w0/1wQoGWMGlJ
-XnPcy9ORAgMBAAECggEALAUqoGDIHWUDyOEch5WDwZzWwc4PgTJTFbBm4G96fLkB
-UjKAZG6gIrk3RM6b39Q4UQoMaJ/Jk+zzVi3Kpw3MfOhCVGC1JamtF8BP8IGAjdZ9
-8TFkHv/uCrEIzCFjRt00vhoDQq0qiom4/dppGYdikBbl3zDxRbM1vJkbNSY+FCGW
-dA0uJ5XdMLR6lPeB5odqjUggnfUgPCOLdV/F+HkSM9NP1bzmHLiKznzwFsfat139
-7LdzJwNN5IX4Io6cxsxNlrX/NNvPkKdGv07Z6FYxWROyKCunjh48xFcQg0ltoRuq
-R9P8/LwS8GYrcc1uC/uBc0e6VgM9D9fsvh+8SQtf3QKBgQDXX+z2GnsFoEs7xv9U
-qN0HEX4jOkihZvFu43layUmeCeE8wlEctJ0TsM5Bd7FMoUG6e5/btwhsAIYW89Xn
-l/R8OzxR6Kh952Dce4DAULuIeopiw7ASJwTZtO9lWhxw0hjM1hxXTG+xxOqQvsRX
-c+d+vtvdIqyJ4ELfzg9kUtkdpwKBgQC/ig3cmej7dQdRAMn0YAwgwhuLkCqVFh4y
-WIlqyPPejKf8RXubqgtaSYx/T7apP87SMMSfSLaUdrYAGjST6k+tG5cmwutPIbw/
-osL7U3hcIhjX3hfHgI69Ojcpplbd5yqTxZHpxIs6iAQCEqNuasLXIDMouqNhGF1D
-YssD6qxcBwKBgQCdZqWvVrsB6ZwSG+UO4jpmqAofhMD/9FQOToCqMOF0dpP966WL
-7RO/CEA06FzTPCblOuQhlyq4g8l7jMiPcSZkhIYY9oftO+Q2Pqxh4J6tp6DrfUh4
-e7u3v9wVnj2a1nD5gqFDy8D1kow7LLAhmbtdje7xNh4SxasaFWZ6U3IJkQKBgGS1
-F5i3q9IatCAZBBZjMb0/kfANevYsTPA3sPjec6q91c1EUzuDarisFx0RMn9Gt124
-mokNWEIzMHpZTO/AsOfZq92LeuF+YVYsI8y1FIGMw/csJOCWbXZ812gkt2OxGafc
-p118I6BAx6q3VgrGQ2+M1JlDmIeCofa+SPPkPX+dAoGBAJrOgEJ+oyEaX/YR1g+f
-33pWoPQbRCG7T4+Y0oetCCWIcMg1/IUvGUCGmRDxj5dMqB+a0vJtviQN9rjpSuNS
-0EVw79AJkIjHhi6KDOfAuyBvzGhxpqxGufnQ2GU0QL65NxQfd290xkxikN0ZGtuB
-SDgZoJxMOGYwf8EX5i9h27Db
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGU2yV23vIBTgp
+G5LYPb8WM0gTVRLmiUGbge15Ov77jVZoQtkmo0tE8+nTnaMRBTdopJg0Zm9RQ7pu
+67t4WnPZIE1RUzK+bPOhyNUDLJ/g1C8NrNgdY5v79gJ5SmlNFauLPhXmyfjuolND
+xx0IatMV4sfFSPHieH86KpVc/8qcXcSo8S6qmHSTLv4aKucmA9F74LkRG4aQnJ7x
+2Y/JYYDaVJLox4N7sllMAyLTxsCfsG42l4GQ7PPWawYYj0+dRqdSzsY49ZMN1xAB
+Vjwoy8cK4Zo0walvis5HaabwuVsBulM/Pw+TDhC0wIuSCyvPYLNelXCcuxTucNck
+Ag4HXnmVAgMBAAECggEAKuW9jXaBgiS63o1jyFkmvWcPNntG0M2sfrXuRzQfFgse
+vwOCk8xrSflWQNsOe+58ayp6746ekl3LdBWSIbiy6SqG/sm3pp/LXNmjVYHv/QH4
+QYV643R5t1ihdVnGiBFhXwdpVleme/tpdjYZzgnJKak5W69o/nrgzhSK5ShAy2xM
+j0XXbgdqG+4JxPb5BZmjHHfXAXUfgSORMdfArkbgFBRc9wL/6JVTXjeAMy5WX9qe
+5UQsSOYkwc9P2snifC/jdIhjHQOkkx59O0FgukJEFZPoagVG1duWQbnNDr7QVHCJ
+jV6dg9tIT4SXD3uPSPbgNGlRUseIakCzrhHARJuA2wKBgQD/h8zoh0KaqKyViCYw
+XKOFpm1pAFnp2GiDOblxNubNFAXEWnC+FlkvO/z1s0zVuYELUqfxcYMSXJFEVelK
+rfjZtoC5oxqWGqLo9iCj7pa8t+ipulYcLt2SWc7eZPD4T4lzeEf1Qz77aKcz34sa
+dv9lzQkDvhR/Mv1VeEGFHiq2VwKBgQDGsLcTGH5Yxs//LRSY8TigBkQEDrH5NvXu
+2jtAzZhy1Yhsoa5eiZkhnnzM6+n05ovfZLcy6s7dnwP1Y+C79vs+DKMBsodtDG5z
+YpsB0VrXYa6P6pCqkcz0Bz9xdo5sOhAK3AKnX6jd29XBDdeYsw/lxHLG24wProTD
+cCYFqtaj8wKBgQCaqKT68DL9zK14a8lBaDCIyexaqx3AjXzkP+Hfhi03XrEG4P5v
+7rLYBeTbCUSt7vMN2V9QoTWFvYUm6SCkVJvTmcRblz6WL1T+z0l+LwAJBP7LC77m
+m+77j2PH8yxt/iXhP6G97o+GNxdMLDbTM8bs5KZaH4fkXQY73uc5HMMZTQKBgEZS
+7blYhf+t/ph2wD+RwVUCYrh86wkmJs2veCFro3WhlnO8lhbn5Mc9bTaqmVgQ8ZjT
+8POYoDdYvPHxs+1TcYF4v4kuQziZmc5FLE/sZZauADb38tQsXrpQhmgGakpsEpmF
+XXsYJJDB6lo2KATn+8x7R5SSyHQUdPEnlI2U9ft5AoGBAJw0NJiM1EzRS8xq0DmO
+AvQaPjo01o2hH6wghws8gDQwrj0eHraHgVi7zo0VkaHJbO7ahKPudset3N7owJhA
+CUAPPRtv5wn0amAyNz77f1dz4Gys3AkcchflqhbEaQpzKYx4kX0adclur4WJ/DVm
+P7DI977SHCVB4FVMbXMEkBjN
 -----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/config.cnf b/s2a/src/test/resources/config.cnf
index 38d9a9ccdb0..5f9a7710e92 100644
--- a/s2a/src/test/resources/config.cnf
+++ b/s2a/src/test/resources/config.cnf
@@ -14,4 +14,4 @@ emailAddress                    = Email Address
 subjectAltName = @alt_names
 
 [alt_names]
-IP.1 = ::
\ No newline at end of file
+IP.1 = ::1
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_cert1_.cnf b/s2a/src/test/resources/int_cert1_.cnf
index 8eaf6570da1..ba5a0f66a5e 100644
--- a/s2a/src/test/resources/int_cert1_.cnf
+++ b/s2a/src/test/resources/int_cert1_.cnf
@@ -4,9 +4,9 @@ req_extensions = v3_req
 prompt = no
 
 [req_distinguished_name]
-O = o
-OU = ou
-CN = cn
+O = int1O
+OU = int1OU
+CN = int1CN
 
 [v3_req]
 keyUsage = critical, keyCertSign, cRLSign
diff --git a/s2a/src/test/resources/int_cert1_ec.pem b/s2a/src/test/resources/int_cert1_ec.pem
index 980de5aa900..de83c2aba79 100644
--- a/s2a/src/test/resources/int_cert1_ec.pem
+++ b/s2a/src/test/resources/int_cert1_ec.pem
@@ -1,12 +1,13 @@
 -----BEGIN CERTIFICATE-----
-MIIB1zCCAX6gAwIBAgIUW4GYHncSLeb7Tmw7FMjX/DesReIwCgYIKoZIzj0EAwIw
-JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
-OTIzMDA0MVoXDTQ0MDkxOTIzMDA0MVowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
-b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAqtg2E+h
-Wfr5dnewqsCLwM0PohkB83Gh7V3i/TPFkNKF/V6pKdz5a3Z8sicG+g7uJX+eyOoD
-43Z8woO7MgJl8aOBiTCBhjAOBgNVHQ8BAf8EBAMCAQYwIAYDVR0lAQH/BBYwFAYI
-KwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE
-FHeH+MNh2fgyjNHYP9hLAv9Sl1yDMB8GA1UdIwQYMBaAFP+PTOryxis9d7HVfqhP
-MyMEgMZOMAoGCCqGSM49BAMCA0cAMEQCIHbzJvxHMIDPBRi1e047K0mqKKBSfViS
-guiDSoQ5g5OuAiBT5ePqDLs4PyrK6XFkiEWoRX8Z5T9y419Go+fpLM+DaA==
+MIIB8TCCAZagAwIBAgIUEXwpznJIlU+ELO7Qgb4UUGpfbj8wCgYIKoZIzj0EAwIw
+MjEOMAwGA1UECgwFaW50Mk8xDzANBgNVBAsMBmludDJPVTEPMA0GA1UEAwwGaW50
+MkNOMB4XDTI0MTAwMTIxNDIwMFoXDTQ0MTAwMTIxNDIwMFowMjEOMAwGA1UECgwF
+aW50MU8xDzANBgNVBAsMBmludDFPVTEPMA0GA1UEAwwGaW50MUNOMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEoenicrtL6ezEW2yLSXADscDJQ/fdbr+vJEU/aieV
+wA2EnPbrdpvQZaz+pXtuZzBLZY50XI9y33E+/PvBFtZob6OBiTCBhjAOBgNVHQ8B
+Af8EBAMCAQYwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1Ud
+EwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFBYs72Jv682/xzG3Tm8hItIFis//MB8G
+A1UdIwQYMBaAFPhN6eGgVc36Kc50rREZhMdBIkgGMAoGCCqGSM49BAMCA0kAMEYC
+IQDiPcbihg1iDi0m9CUn96IbWOTh1X75RfVJYcR3Q5T78AIhAK/fxZauDeWPzk2r
+2/ohCQOZFHtAi9VRpr/TqNi3SaYt
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_cert2.cnf b/s2a/src/test/resources/int_cert2.cnf
index c6a2559ce10..f48524effb2 100644
--- a/s2a/src/test/resources/int_cert2.cnf
+++ b/s2a/src/test/resources/int_cert2.cnf
@@ -4,9 +4,9 @@ req_extensions = v3_req
 prompt = no
 
 [req_distinguished_name]
-O = o
-OU = ou
-CN = cn
+O = int2O
+OU = int2OU
+CN = int2CN
 
 [v3_req]
 keyUsage = critical, keyCertSign, cRLSign
diff --git a/s2a/src/test/resources/int_cert2_ec.pem b/s2a/src/test/resources/int_cert2_ec.pem
index 574fa0195de..4f502fda808 100644
--- a/s2a/src/test/resources/int_cert2_ec.pem
+++ b/s2a/src/test/resources/int_cert2_ec.pem
@@ -1,12 +1,13 @@
 -----BEGIN CERTIFICATE-----
-MIIB1zCCAX6gAwIBAgIUBBKkTrqFxQUist2pK2uj8/DRnKMwCgYIKoZIzj0EAwIw
-JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
-OTIyNTYwNloXDTQ0MDkxOTIyNTYwNlowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
-b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFW7/Te2z
-jS8KlpF8RMMYaZtKf6EZlrZIIo5SO9j6baAKXVna9LmDCrzXnOLIeqOuZq0ODizU
-i4DFALB2yd5BkaOBiTCBhjAOBgNVHQ8BAf8EBAMCAQYwIAYDVR0lAQH/BBYwFAYI
-KwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYE
-FP+PTOryxis9d7HVfqhPMyMEgMZOMB8GA1UdIwQYMBaAFFITbB0BULPtynN9SMki
-lEarWxcKMAoGCCqGSM49BAMCA0cAMEQCIHK4cTTx4Ti7Te9hA9VVtHoMCt5fL4Cl
-XnQR6D5xW4pPAiAQ+CilQdZUhVK5bU6wbrwLgcwf+40ETK/KASId5970rQ==
+MIIB8DCCAZagAwIBAgIUNOH4wQEoKHvaQ9Xgd36vh5TnhfUwCgYIKoZIzj0EAwIw
+MjEOMAwGA1UECgwFcm9vdE8xDzANBgNVBAsMBnJvb3RPVTEPMA0GA1UEAwwGcm9v
+dENOMB4XDTI0MTAwMTIxNDIwMFoXDTQ0MTAwMTIxNDIwMFowMjEOMAwGA1UECgwF
+aW50Mk8xDzANBgNVBAsMBmludDJPVTEPMA0GA1UEAwwGaW50MkNOMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAE44B/G4pzAvLpIUaPp8XNRtXuw8jeLgE40NjQMuqq
+3jNs6ID/fv/jiRggLMXL3Tii1CisM4BRjg56/Owky1Fyv6OBiTCBhjAOBgNVHQ8B
+Af8EBAMCAQYwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1Ud
+EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPhN6eGgVc36Kc50rREZhMdBIkgGMB8G
+A1UdIwQYMBaAFNHNBlllqi9koRtf7EBHjRMwVgWsMAoGCCqGSM49BAMCA0gAMEUC
+IBd4bvqVeYSSUEGF1wB0KlYxn1L0Ub/LjgIUUQFAEwahAiEAgeArX63bnlI7u3dq
+v/FGilvcLP3P3AvRozpHJiIZ860=
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_key1_ec.pem b/s2a/src/test/resources/int_key1_ec.pem
index 7ff3864746b..909c119b60c 100644
--- a/s2a/src/test/resources/int_key1_ec.pem
+++ b/s2a/src/test/resources/int_key1_ec.pem
@@ -1,5 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLIQUM1HkFM/LWND8
-jCZ4wHXjFZ1ZZmQolahkZB0O1VChRANCAAQCq2DYT6FZ+vl2d7CqwIvAzQ+iGQHz
-caHtXeL9M8WQ0oX9Xqkp3PlrdnyyJwb6Du4lf57I6gPjdnzCg7syAmXx
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgnYGMzs4siZ7Fy3mI
+rmsqBdP6We4Zt+ndtOYEGaZDj06hRANCAASh6eJyu0vp7MRbbItJcAOxwMlD991u
+v68kRT9qJ5XADYSc9ut2m9BlrP6le25nMEtljnRcj3LfcT78+8EW1mhv
 -----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/int_key2_ec.pem b/s2a/src/test/resources/int_key2_ec.pem
index 7f529ae855f..520300d2560 100644
--- a/s2a/src/test/resources/int_key2_ec.pem
+++ b/s2a/src/test/resources/int_key2_ec.pem
@@ -1,5 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGfm6kyaAMMrmYGhS
-jxprBwtcZdP6qXlU1cVIO5bOT8qhRANCAAQVbv9N7bONLwqWkXxEwxhpm0p/oRmW
-tkgijlI72PptoApdWdr0uYMKvNec4sh6o65mrQ4OLNSLgMUAsHbJ3kGR
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgzLSoAcENXIiQfBS7
+meBDCohT1rofhWSfD0m55qi8V3WhRANCAATjgH8binMC8ukhRo+nxc1G1e7DyN4u
+ATjQ2NAy6qreM2zogP9+/+OJGCAsxcvdOKLUKKwzgFGODnr87CTLUXK/
 -----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/leaf.cnf b/s2a/src/test/resources/leaf.cnf
index d5b373cbc71..c21cee5568f 100644
--- a/s2a/src/test/resources/leaf.cnf
+++ b/s2a/src/test/resources/leaf.cnf
@@ -4,9 +4,9 @@ req_extensions = v3_req
 prompt = no
 
 [req_distinguished_name]
-O = o
-OU = ou
-CN = cn
+O = leafO
+OU = leafOU
+CN = leafCN
 
 [v3_req]
 keyUsage = critical, digitalSignature
diff --git a/s2a/src/test/resources/leaf_cert_ec.pem b/s2a/src/test/resources/leaf_cert_ec.pem
index 39692b95fda..ca48b821f60 100644
--- a/s2a/src/test/resources/leaf_cert_ec.pem
+++ b/s2a/src/test/resources/leaf_cert_ec.pem
@@ -1,12 +1,13 @@
 -----BEGIN CERTIFICATE-----
-MIIB0jCCAXigAwIBAgIUBV1dftEhhEMTI83L6jpeJn2tuyQwCgYIKoZIzj0EAwIw
-JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
-OTIzMDQwMFoXDTQ0MDkxOTIzMDQwMFowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
-b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0TPKM3K/
-D0zlbGTVofq05ierfqzg7oNy8FqVEKvYewHXYxpS660za3Hjsju54fWhJOaZSobP
-4ezzvPr5BBbBMaOBgzCBgDAOBgNVHQ8BAf8EBAMCB4AwIAYDVR0lAQH/BBYwFAYI
-KwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPvP7dnB
-dg8ZoLB0w62tbvoIRRHPMB8GA1UdIwQYMBaAFHeH+MNh2fgyjNHYP9hLAv9Sl1yD
-MAoGCCqGSM49BAMCA0gAMEUCIBcsImaxeFjxFXCXYNQJnde+rsEOgbeAHrAC0SZQ
-NlB2AiEA4epDhw/o+6BfgDbqlZsNEHkScPrwupnBQGLQlmNJe2c=
+MIIB6jCCAZCgAwIBAgIUA98F2JkYZAyz9BdIkBK3P8Df7OUwCgYIKoZIzj0EAwIw
+MjEOMAwGA1UECgwFaW50MU8xDzANBgNVBAsMBmludDFPVTEPMA0GA1UEAwwGaW50
+MUNOMB4XDTI0MTAwMTIxNDIwMFoXDTQ0MTAwMTIxNDIwMFowMjEOMAwGA1UECgwF
+bGVhZk8xDzANBgNVBAsMBmxlYWZPVTEPMA0GA1UEAwwGbGVhZkNOMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEtpTTzt2VDTP6gO4uUIpg8sB63Ff4T4YPMoIGrrn3
+tU3f9j0Ysa5/xblM0LkwRImcrKKchYDiNm1wHkWo+qDImaOBgzCBgDAOBgNVHQ8B
+Af8EBAMCB4AwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1Ud
+EwEB/wQCMAAwHQYDVR0OBBYEFGzFBt/E6vDJRcH+Izy4MQ9AHycqMB8GA1UdIwQY
+MBaAFBYs72Jv682/xzG3Tm8hItIFis//MAoGCCqGSM49BAMCA0gAMEUCIHUcqPTB
+mQ4kXE0WoOUC8ZmzvthvfKjCNe0YogcjZgwWAiEAvapmWoQIO4qie25Ae9sYRCPq
+5xAHztAquk5HLfwabow=
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/leaf_key_ec.pem b/s2a/src/test/resources/leaf_key_ec.pem
index d90ad8f4db8..b92b90ba1da 100644
--- a/s2a/src/test/resources/leaf_key_ec.pem
+++ b/s2a/src/test/resources/leaf_key_ec.pem
@@ -1,5 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgR2HBqtWTWu4NLiow
-ar8vh+9vAmCONE59C+jXNAb9r8ehRANCAATRM8ozcr8PTOVsZNWh+rTmJ6t+rODu
-g3LwWpUQq9h7AddjGlLrrTNrceOyO7nh9aEk5plKhs/h7PO8+vkEFsEx
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgkvnGZBh3uIYfZiau
+/0qN0YcQXlwwVVUh8EybjvKUlX2hRANCAAS2lNPO3ZUNM/qA7i5QimDywHrcV/hP
+hg8yggauufe1Td/2PRixrn/FuUzQuTBEiZysopyFgOI2bXAeRaj6oMiZ
 -----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_cert.pem b/s2a/src/test/resources/root_cert.pem
index 737e601691c..ccd0a46bc23 100644
--- a/s2a/src/test/resources/root_cert.pem
+++ b/s2a/src/test/resources/root_cert.pem
@@ -1,22 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIDkzCCAnugAwIBAgIUb7RsINwsFgKf0Q0RuzfOgp48j6UwDQYJKoZIhvcNAQEL
+MIIDkzCCAnugAwIBAgIUWemeXZdfqcqkP8/Eyj74oTJtoNQwDQYJKoZIhvcNAQEL
 BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
 GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X
-DTIzMTAxNzIzMDczOFoXDTQzMTAxNzIzMDczOFowWTELMAkGA1UEBhMCQVUxEzAR
+DTI0MTAwMTIxNTkxMVoXDTQ0MTAwMTIxNTkxMVowWTELMAkGA1UEBhMCQVUxEzAR
 BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
 IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAkIFnQLuhzYnm3rvmi/U7zMgEP2Tqgb3VC00frSXEV6olZcLgyC9g
-0DAGdt9l9lP90DQTG5KCOtoW2BTqM/aaVpR0OaDFOCy90FIj6YyZLZ9w2PQxQcxS
-GQHyEvWszTkNxeDyG1mPTj+Go8JLKqdvLg/9GUgPg6stxyAZwYhyUTGuEM4bv0sn
-b3vmHRmIGJ/w6aLtd7nK8LkNHa3WVrbvRGHrzdMHfpzF/M/5fAk8GfRYugo39knf
-VLKGyQCXNI8Y1iHGEmPqQZIFPTjBL6caIlbEV0VHlxoSOGB6JVxcllxAEvd6abqX
-RJVJPQzzGfEnMNYp9SiZQ9bvDRUsUkWyYwIDAQABo1MwUTAdBgNVHQ4EFgQUAZMN
-F9JAGHbA3jGOeu6bWFvSdWkwHwYDVR0jBBgwFoAUAZMNF9JAGHbA3jGOeu6bWFvS
-dWkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAicBli36ISJFu
-lrJqOHVqTeNP6go0I35VGnP44nEEP5cBvRD3XntBFEk5D3mSNNOGt+2ncxom8VR9
-FsLuTfHAipXePJI6MSxFuBPea8V/YPBs3npk5f1FRvJ5vEgtzFvBjsKmp1dS9hH0
-KUWtWcsAkO2Anc/LVc0xxSidL8NjzYoEFqiki0TNNwCJjmd9XwnBLHW38sEb/pgy
-KTyRpOyG3Zg2UDjBHiXPBrmIvVFLB6+LrPNvfr1k4HjIgVY539ZXUvVMDKytMrDY
-h63EMDn4kkPpxXlufgWGybjN5D51OylyWBZLe+L1DQyWEg0Vd7GwPzb6p7bmI7MP
-pooqbgbDpQ==
+MIIBCgKCAQEAt3A04hy5lljv86Nu0LLQZ2hA+fcImHjt1p1Mxgcta/5oxfVLcerE
+ZH+DAQLDtWzp9Up/vI57MM419GIL8Iszk7hnZRS/HWJ+2jewZJtz4i/g15dLr6+1
+uabMdPOWos60BwcLMxKEe6lJO1mV4z9d4NH4mAuMIHyM+ty0Klp9MfeDJtYEh0+z
+AxJUHCixDTsnKJro7My7A3ZT7bvaMfXxS7XN6qlRgBfiCmXo/GKTFfmfBW/EZGkG
+XOCxE2D79wYNhC41Q/ix0kwjEeOj2vgGFoiyblSdHdzvRXzsoQTEiZSM8lJDR2IT
+ZbpgbBlknMU6efNWlS8P5damB9ZWXg3x4wIDAQABo1MwUTAdBgNVHQ4EFgQUcq3d
+txAVA410YWyM0B4e+4umbiwwHwYDVR0jBBgwFoAUcq3dtxAVA410YWyM0B4e+4um
+biwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApZvaI9y7vjX/
+RRdvwf2Db9KlTE9nuVQ3AsrmG9Ml0p2X6U5aTetxdYBo2PuaaYHheF03JOH8zjpL
+UfFzvbi52DPbfFAaDw/6NIAenXlg492leNvUFNjGGRyJO9R5/aDfv40/fT3Em5G5
+DnR8SeGQ9tI1t6xBBT+d+/MilSiEKVu8IIF/p0SwvEyR4pKo6wFVZR0ZiIj2v/FZ
+P5Qk0Xhb+slpmaR3Wtx/mPl9Wb3kpPD4CAwhWDqFkKJql9/n9FvMjdwlCQKQGB26
+ZDXY3C0UTdktK5biNWRgAUVJEWBX6Q2amrxQHIn2d9RJ8uxCME/KBAntK+VxZE78
+w0JOvQ4Dpw==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_cert_ec.pem b/s2a/src/test/resources/root_cert_ec.pem
index 0dd465e8e90..3d20dcfe83c 100644
--- a/s2a/src/test/resources/root_cert_ec.pem
+++ b/s2a/src/test/resources/root_cert_ec.pem
@@ -1,12 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIBrzCCAVWgAwIBAgIUGV+9j5V61CZaa6mbrchDag5miEQwCgYIKoZIzj0EAwIw
-JjEKMAgGA1UECgwBbzELMAkGA1UECwwCb3UxCzAJBgNVBAMMAmNuMB4XDTI0MDkx
-OTIyNDMwOFoXDTQ0MDkxOTIyNDMwOFowJjEKMAgGA1UECgwBbzELMAkGA1UECwwC
-b3UxCzAJBgNVBAMMAmNuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDVPIq1ds
-/MX52CX9YU1RdEeM89YP4o3BN8OiP2O4qcuc11k4Qu4Mo4RWeN9OJpNElTQJ0K8n
-/rIvbmw8AIMquaNhMF8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRSE2wdAVCz
-7cpzfUjJIpRGq1sXCjAKBggqhkjOPQQDAgNIADBFAiEA1TEfHWArDnepmtMDQ4wd
-Q3uqPrV2Ye2KMO67/BHEGIQCIFu3JutXYYVU/CinwH89AJW+FJ7zokaPjCDkbiOH
-+h+H
+MIIBxzCCAW2gAwIBAgIUN+H7Td9dhyvMrrzZhanevAfCN34wCgYIKoZIzj0EAwIw
+MjEOMAwGA1UECgwFcm9vdE8xDzANBgNVBAsMBnJvb3RPVTEPMA0GA1UEAwwGcm9v
+dENOMB4XDTI0MTAwMTIxNDIwMFoXDTQ0MTAwMTIxNDIwMFowMjEOMAwGA1UECgwF
+cm9vdE8xDzANBgNVBAsMBnJvb3RPVTEPMA0GA1UEAwwGcm9vdENOMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEGnS2gVv6Bs0GtuUAOebR9E0fqaj3zi9mD97B/dgi
+MLENhtVPJQzeePv6Ccap+73O0BINRNOl8tlHX0YaXDeEHKNhMF8wDgYDVR0PAQH/
+BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBTRzQZZZaovZKEbX+xAR40TMFYFrDAKBggqhkjOPQQD
+AgNIADBFAiEAgnIyLs7FsZNsJjFgYzlaut4h23RxrpUYVCVZt/+x1Q0CIG3U6WGz
+YaEyKoCtBHH9cAy76+pP/NU2f7/QuHU9Vymd
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_ec.cnf b/s2a/src/test/resources/root_ec.cnf
index bee0b80a166..d736865c831 100644
--- a/s2a/src/test/resources/root_ec.cnf
+++ b/s2a/src/test/resources/root_ec.cnf
@@ -4,9 +4,9 @@ req_extensions = v3_req
 prompt = no
 
 [req_distinguished_name]
-O = o
-OU = ou
-CN = cn
+O = rootO
+OU = rootOU
+CN = rootCN
 
 [v3_req]
 keyUsage = critical, keyCertSign, cRLSign
diff --git a/s2a/src/test/resources/root_key.pem b/s2a/src/test/resources/root_key.pem
index aae992426d7..34d0ffa61eb 100644
--- a/s2a/src/test/resources/root_key.pem
+++ b/s2a/src/test/resources/root_key.pem
@@ -1,30 +1,30 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInmQVkXP3TFcCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGeCAVH1pefxBIIEyD3Nj1Dy19oy
-fogU+z8YBLXuSCx8s3zncYPF9nYlegGSSo0ace/WxfPu8AEPus1P2MxlxfcCQ1A+
-5+vMihtEpgpTg9R4RlLAWs45jz4AduGiwqW05+W5zgDn6g7p7HIL0+M5FxKRkAW0
-KEH4Jy8Vc1XQxkhOm1Q4NLI8PT94rcBDE9Od03sdrW/hQgaOFz5AWOlT5jF1uUOz
-glF1RQQxfJygTB6qlPTC3BAaiAnWij3NOg5L5vvUhjLa7iOZOhRQBRkf4YtHsM+2
-rFy8Z7MeHOvrqFf8LXosNy3JreQW036rLGR0Xh5myATkNrEwA8df37AgLUmwqyfz
-hjZefPW77LgMAXlaN8s345AGikOX8yQKEFzPV/Nag32p6t4oiRRcUUfdB4wzKi6T
-mzZ6lKcGR3qqL4V6lJSV3I2fmgkYZnUwymolyu+1+CVYDLuE53TBi5dRXwgOghi7
-npw7PqqQCian8yxHF9c1rYukD0ov0/y8ratjOu9XoJG2/wWQJNvDkAyc3mSJf+3y
-6Wtu1qhLszU8pZOGW0fK6bGyHSp+wkoah/vRzB0+yFjvuMIG6py2ZDQeqhqS3ZV2
-nZHHjj0tZ45Wbdf4k17ujEK34pFXluPH//zADnd6ym2W0t6x+jtqR5tYu3poORQg
-jFgpudkn2RUSq8N/gIiHDwblYBxU2dmyzEVudv1zNgVSHyetGLxsFoNB7Prn89rJ
-u24a/xtuCyC2pshWo3KiL74hkkCsC8rLbEAAbADheb35b+Ca3JnMwgyUHbHL6Hqf
-EiVIgm14lB/1uz651X58Boo6tDFkgrxEtGDUIZm8yk2n0tGflp7BtYbMCw+7gqhb
-XN4hlhFDcCJm8peXcyCtGajOnBuNO9JJDNYor6QjptaIpQBFb7/0rc7kyO12BIUv
-F9mrCHF18Hd/9AtUO93+tyDAnL64Jqq9tUv8dOVtIfbcHXZSYHf24l0XAiKByb8y
-9NQLUZkIuF4aUZVHV8ZBDdHNqjzqVglKQlGHdw1XBexSal5pC9HvknOmWBgl0aza
-flzeTRPX7TPrMJDE5lgSy58czGpvZzhFYwOp6cwpfjNsiqdzD78Zs0xsRbNg519s
-d+cLmbiU3plWCoYCuDb68eZRRzT+o41+QJG2PoMCpzPw5wMLl6HuW7HXMRFpZKJc
-tPKpeTIzb8hjhA+TwVIVpTPHvvQehtTUQD2mRujdvNM6PF8tnuC3F3sB3PTjeeJg
-uzfEfs3BynRTIj/gX6y87gzwsrwWIEN6U0cCbQ6J1EcgdQCiH8vbhIgfd4DkLgLN
-Kkif+fI/HgBOqaiwSw3sHmWgB6PllVQOKH6qAiejTHR/UUvJTPvgKJFLunmBiF12
-N1bRge1sSXE1eLKVdi+dP1j0o6RxhaRrbX7ie3y/wYHwCJnb8h08DEprgCqoswFs
-SuNKmvlibBHAsnOdhyCTOd9I5n8XzAUUp6mT+C5WDfl7qfYvh6IHFlSrhZ9aS9b6
-RY873cnphKbqU5d7Cr8Ufx4b4SgS+hEnuP8y5IToLQ3BONGQH2lu7nmd89wjW0uo
-IMRXybwf/5FnKhEy8Aw+pD6AxiXC3DZVTKl3SHmjkYBDvNElsJVgygVTKgbOa1Z+
-ovIK/D7QV7Nv3uVortH8XA==
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQJXNe391O3gaNbKLw
+o60XrQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI4pf69+BBF8IEggTI
+JuQ3p67U9k/NWMuYXaR9a6lv24YZ1qR6ieL5B6keCaCDVoQMb5V22O0vBqCVePgr
+EG0yWIeeAsARMzAxE7Lnil6abSe7tij+LjEI9F7mV/1QSFt03PLVI+e7OcKNI+Nr
+6vISEi8CaddekP8JDRhPMpgdWderZvogo3REpJ8GNIUddQzu1e3ZgDtOPquqcgqb
+MH/HuPE3vjj4/l6ZpX+6DZKIvzjwtBQ4PMzSWLumzmYLItd3kz7UryN+9hKluSZp
+D2KB24aUIQFbDxe2DMTi5c0QIiyzjwkv081ecNJOy2gYX3uiucr8/Ax3o21RNZtI
+oKCmSPVEfYdrkdfkwuSOioVTbWBZBcSZo3L2bmCkSXTuheGurEw/TtQWXBgew0Bn
+UQjEJgZy96PVsQeu3t+NRCacARQi4vfv7PVHlQW8fcfcC6CeNw7VIZ8aS7supqym
+RJxzMY9ZnLwO9cgybXLYgosVZnvI7nOokJPfO1+KqBK01C1Sgc3tg8czKhRuztHu
+qDO0GCZ7l+9/ku/WIy/5NiatNvRo5dMAOGxsSrjI9a7+EmenoIfd8/KREVX19D+R
+gZRALVATHq83rF6BdsyTwya1QUr/J24EIlkOc4HbCBm5WxA2ZjNdDBZ+KhivYaS7
+l1qrbkFOhmBD9kYRbseBrxlzKUWJMGhOpw3xebut3HngLqyezLcjsXQuF3Iau5Hl
+9QFcmSdLj2ZlNlQvmfNJX/r6a/K2LigruXCbvHWMqVsHd7XZdWJ/8wjm2AL97iON
+mYFLP+ScfYom9qrF41jNkUKZiLk/ppvSHyWBAqbze+R9Zfpcf8ArCwuAL/JlEMzv
+YkBv1DWKfzJpZHYX695MxrpS3C8m0IyXNxktBL3KTVvwZaIhSNBlNS3fdb9m8toR
+Tz/LS8jseWpZ5D552/+KAa0Skhav3ZFpxmAS8BEyE/nI9Dwg9niYcZLWORWHAQPp
+jraG0BkE7bn5No/k7E4rjFb+2N+36QxVacJI3neC8bQXVHP0BVUvrabOWFPnGivl
+Ok91Eo8q5PUAsd15ZnKjTHzlD7zv7fF6ncBgj3P4L2Xrs6P34JOZEd4wixEUZYeC
+Xe+SZrFyUr6CcNC45C6R3hDYqmrz0GK1ikkis3XcKT+C5flBYb9NRx8G9wyCuS6H
+oHl0Rfbpc47wQTuajicMVO2El7syMPUAxjo3EfMzvjm7uCXLTHnXRnRt3Y5AkPGa
+0kFE9Vm00PReRfQ7qbSUiOOHYa9NIsw1l2ZI+knP9XbY2HikELOpjgucrMxZF+ms
+zit5YGD3NGZi5xcHZFZTs9L8kaJccXn5DtjA30eEiFzKqMtMKnwlrbSL55I1JXim
+co1RLpRK2KQmtJHo1br3RH6jP7fePYzgDceDds5HKWz22pYFcVtlx4DeYH5vjdEp
+i3yNQZ32jD2HYhgCK325QLP5S2UYmUOPWd4sEiwZMBPpPOlt0TqCdFKYgS2GHlSN
+IYVBYelPUYsz9Kg0TFtLMZLNUmwsXJ+jqnLVtmFyoV6IIvbSCqQ9jxTbZQKxThK8
+A1G+nXBO41ZW8eQZUGx8CzbCj2JvtVThgErSRqAuYbvlUt7EI4Ac8veZC8rJIG0Q
+ADkueb978o4OI6vpOdTYCmdTIoHWlpup
 -----END ENCRYPTED PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/root_key_ec.pem b/s2a/src/test/resources/root_key_ec.pem
index ef5ee1445f9..5560a66d414 100644
--- a/s2a/src/test/resources/root_key_ec.pem
+++ b/s2a/src/test/resources/root_key_ec.pem
@@ -1,5 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgd5oZmQBOtMF0xfc3
-uRuw5EDhA1thJKKeHfrij9FMkfahRANCAAQNU8irV2z8xfnYJf1hTVF0R4zz1g/i
-jcE3w6I/Y7ipy5zXWThC7gyjhFZ4304mk0SVNAnQryf+si9ubDwAgyq5
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgjfTyzPIlKV0zANQP
+2s1C2FhbenE34QEsf83wjpuQrZWhRANCAAQadLaBW/oGzQa25QA55tH0TR+pqPfO
+L2YP3sH92CIwsQ2G1U8lDN54+/oJxqn7vc7QEg1E06Xy2UdfRhpcN4Qc
 -----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/server.csr b/s2a/src/test/resources/server.csr
deleted file mode 100644
index 1657b191133..00000000000
--- a/s2a/src/test/resources/server.csr
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIChzCCAW8CAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAlPThqu8tfJ4hQKRiUw/vNPfo2L2LQU8NlrRL7rvV
-71E345LGK1h/hM3MHp5VgEvaaIibb0hSNv/TYz3HVCQyNuPlcmkHZTJ9mB0icilU
-rYWdM0LPIg46iThmIQVhMiNfpMKQLDLQ7o3Jktjm32OxnQdtYSV+7NFnw8/0pB4j
-iaiBYfZIMeGzEJIOFG8GSNJG0pfCI71DyLRonIcb2XzfeDPHeWSF7lbIoMGAuKIE
-2mXpwHmAjTMJzIShSgLqCvmbz7wR3ZeVMknXcgcqMmagGphy8SjizIWC5KRbrnRq
-F22Ouxdat6scIevRXGp5nYawFYdpK9qo+82gEouVX3dtSQIDAQABoC4wLAYJKoZI
-hvcNAQkOMR8wHTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3
-DQEBCwUAA4IBAQB2qU354OlNVunhZhiOFNwabovxLcgKoQz+GtJ2EzsMEza+NPvV
-dttPxXzqL/U+gDghvGzSYGuh2yMfTTPO+XtZKpvMUmIWonN5jItbFwSTaWcoE8Qs
-zFZokRuFJ9dy017u642mpdf6neUzjbfCjWs8+3jyFzWlkrMF3RlSTxPuksWjhXsX
-dxxLNu8YWcsYRB3fODHqrlBNuDn+9kb9z8to+yq76MA0HtdDkjd/dfgghiTDJhqm
-IcwhBXufwQUrOP4YiuiwM0mo7Xlhw65gnSmRcwR9ha98SV2zG5kiRYE+m+94bDbd
-kGBRfhpQSzh1w09cVzmLgzkfxRShEB+bb9Ss
------END CERTIFICATE REQUEST-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/server_cert.pem b/s2a/src/test/resources/server_cert.pem
index 10a98cf5c21..909b83aa903 100644
--- a/s2a/src/test/resources/server_cert.pem
+++ b/s2a/src/test/resources/server_cert.pem
@@ -1,20 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIDWjCCAkKgAwIBAgIUMZkgD5gtoa39H9jdI/ijVkyxC/swDQYJKoZIhvcNAQEL
+MIIDWjCCAkKgAwIBAgIUAeWzyzIEetYf+ZWHj9NzH1JkLYkwDQYJKoZIhvcNAQEL
 BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
 GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X
-DTIzMTAxNzIzMDg1M1oXDTQzMTAxNzIzMDg1M1owFDESMBAGA1UEAwwJbG9jYWxo
-b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPThqu8tfJ4hQKRi
-Uw/vNPfo2L2LQU8NlrRL7rvV71E345LGK1h/hM3MHp5VgEvaaIibb0hSNv/TYz3H
-VCQyNuPlcmkHZTJ9mB0icilUrYWdM0LPIg46iThmIQVhMiNfpMKQLDLQ7o3Jktjm
-32OxnQdtYSV+7NFnw8/0pB4jiaiBYfZIMeGzEJIOFG8GSNJG0pfCI71DyLRonIcb
-2XzfeDPHeWSF7lbIoMGAuKIE2mXpwHmAjTMJzIShSgLqCvmbz7wR3ZeVMknXcgcq
-MmagGphy8SjizIWC5KRbrnRqF22Ouxdat6scIevRXGp5nYawFYdpK9qo+82gEouV
-X3dtSQIDAQABo18wXTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMB0GA1Ud
-DgQWBBTKJU+NK7Q6ZPccSigRCMBCBgjkaDAfBgNVHSMEGDAWgBQBkw0X0kAYdsDe
-MY567ptYW9J1aTANBgkqhkiG9w0BAQsFAAOCAQEAXuCs6MGVoND8TaJ6qaDmqtpy
-wKEW2hsGclI9yv5cMS0XCVTkmKYnIoijtqv6Pdh8PfhIx5oJqJC8Ml16w4Iou4+6
-kKF0DdzdQyiM0OlNCgLYPiR4rh0ZCAFFCvOsDum1g+b9JTFZGooK4TMd9thwms4D
-SqpP5v1NWf/ZLH5TYnp2CkPzBxDlnMJZphuWtPHL+78TbgQuQaKu2nMLBGBJqtFi
-HDOGxckgZuwBsy0c+aC/ZwaV7FdMP42kxUZduCEx8+BDSGwPoEpz6pwVIkjiyYAm
-3O8FUeEPzYzwpkANIbbEIDWV6FVH9IahKRRkE+bL3BqoQkv8SMciEA5zWsPrbA==
+DTI0MTAwMTIxNTk0NloXDTQ0MTAwMTIxNTk0NlowFDESMBAGA1UEAwwJbG9jYWxo
+b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qnW7Pb06MgRNLzt
+icv/ydl8W/lpPRjrJJb04/TtXbJ1hjnp7i796TfNGrJgHqEZnaR8q83lO0L38B2X
+sJ04b3R+y+6HhH8+MbHejM7ybrTZRNQXip/Kxu4QLHBTQEsplycWLf42/R3cIk/X
+vgxq5NsCsbk4xI4xwlcqC8FM1AHU0VrKxzHWVhZEM+/KovBAr/hRYln9CukeKjOf
+UiVq58uuDAlJRC3yH2Rd/sqCDELvqRv17J6eYx2nJ3mSN5aBa0FwVjg6vr5Obddj
+AWWIkgrlAr+a+OraxOrWElFfChBSvr/qHdJFWHeCdq/SAhow5uRhC69ScJf+7lrX
+hsj1sQIDAQABo18wXTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAABMB0GA1Ud
+DgQWBBRdDRg6GuDj8Sujmz4/rqfP0jZHbTAfBgNVHSMEGDAWgBRyrd23EBUDjXRh
+bIzQHh77i6ZuLDANBgkqhkiG9w0BAQsFAAOCAQEAAEUS27+6p88CWYemMOY0iu0e
+mp4YqG0XQSilbSnxrqnJb3N8pR3Yh6JJKnblQ6xdexfzrXlBA/v7nx+f8e9HS2QZ
+KLtEIaEvNKL51JdOS6ebEzLVvhk98r2kpKM3wpT++/18HPlPK5W3rMQNsLOyAdvP
+UX6TakhIfflRjz1DYXQ1ERvJOFw2HEmw6K6r2VwBhZKfwwzxmAHpVwniWXGbgyRF
+79hG6rO1tv1K5LHAPIRs0h2Lh/VPxm2XiaNkdGyarUy5/NM+GoHErgxOBmYltn5Q
+vAlZrgF2/mSXcUb7EHoXvoC9L4M7U/dRQD4Q1fQRJ/KjrhbDAC3gfZ4zorKoaQ==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/s2a/src/test/resources/server_key.pem b/s2a/src/test/resources/server_key.pem
index 44f087dee94..edc37cb3855 100644
--- a/s2a/src/test/resources/server_key.pem
+++ b/s2a/src/test/resources/server_key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCU9OGq7y18niFA
-pGJTD+809+jYvYtBTw2WtEvuu9XvUTfjksYrWH+EzcwenlWAS9poiJtvSFI2/9Nj
-PcdUJDI24+VyaQdlMn2YHSJyKVSthZ0zQs8iDjqJOGYhBWEyI1+kwpAsMtDujcmS
-2ObfY7GdB21hJX7s0WfDz/SkHiOJqIFh9kgx4bMQkg4UbwZI0kbSl8IjvUPItGic
-hxvZfN94M8d5ZIXuVsigwYC4ogTaZenAeYCNMwnMhKFKAuoK+ZvPvBHdl5UySddy
-ByoyZqAamHLxKOLMhYLkpFuudGoXbY67F1q3qxwh69FcanmdhrAVh2kr2qj7zaAS
-i5Vfd21JAgMBAAECggEACTBuN4hXywdKT92UP0GNZTwh/jT7QUUqNnDa+lhWI1Rk
-WUK1vPjRrRSxEfZ8mdSUHbzHsf7JK6FungGyqUsuWdqHTh6SmTibLOYnONm54paK
-kx38/0HXdJ2pF0Jos5ohDV3/XOqpnv3aQJfm7kMNMv3BTqvsf5mPiDHtCq7dTGGj
-rGiLc0zirKZq79C6YSB1UMB01BsDl2ScflK8b3osT18uYx/BOdjLT4yZWQsU/nbB
-OeF+ziWTTUAVjodGeTf+NYG7cFN/9N9PdSnAwuw8Nche3xZKbHTh2I578Zd4bsDX
-H+hoMN862nzOXEvD6KyLB8xDdnEZ+p+njeDROJVmgQKBgQDQhzQEl/co1LYc5IDO
-mynhCOtKJeRWBLhYEPIuaSY3qF+lrOWzqyOUNppWDx+HeKOq70X1Q+ETeSXtbaL1
-qHBkNcApQ2lStcpkR9whcVbr9NIWC8y8UQxyerEK3x3l0bZ99dfJ/z6lbxdS7prc
-Hhxy6pUj8Q8AgpTZA8HfQUF1EQKBgQC23ek24kTVvWeWX2C/82H1Yfia6ITL7WHz
-3aEJaZaO5JD3KmOSZgY88Ob3pkDTRYjFZND5zSB7PnM68gpo/OEDla6ZYtfwBWCX
-q4QhFtv2obehobmDk+URVfvlOcBikoEP1i8oy7WdZ5CgC4gNKkkD15l68W+g5IIG
-2ZOA97yUuQKBgDAzoI2TRxmUGciR9UhMy6Bt/F12ZtKPYsFQoXqi6aeh7wIP9kTS
-wXWoLYLJGiOpekOv7X7lQujKbz7zweCBIAG5/wJKx9TLms4VYkgEt+/w9oMMFTZO
-kc8Al14I9xNBp6p0In5Z1vRMupp79yX8e90AZpsZRLt8c8W6PZ1Kq0PRAoGBAKmD
-7LzD46t/eJccs0M9CoG94Ac5pGCmHTdDLBTdnIO5vehhkwwTJ5U2e+T2aQFwY+kY
-G+B1FrconQj3dk78nFoGV2Q5DJOjaHcwt7s0xZNLNj7O/HnMj3wSiP9lGcJGrP1R
-P0ZCEIlph9fU2LnbiPPW2J/vT9uF+EMBTosvG9GBAoGAEVaDLLXOHj+oh1i6YY7s
-0qokN2CdeKY4gG7iKjuDFb0r/l6R9uFvpUwJMhLEkF5SPQMyrzKFdnTpw3n/jnRa
-AWG6GoV+D7LES+lHP5TXKKijbnHJdFjW8PtfDXHCJ6uGG91vH0TMMp1LqhcvGfTv
-lcNGXkk6gUNSecxBC1uJfKE=
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDWqdbs9vToyBE0
+vO2Jy//J2Xxb+Wk9GOsklvTj9O1dsnWGOenuLv3pN80asmAeoRmdpHyrzeU7Qvfw
+HZewnThvdH7L7oeEfz4xsd6MzvJutNlE1BeKn8rG7hAscFNASymXJxYt/jb9Hdwi
+T9e+DGrk2wKxuTjEjjHCVyoLwUzUAdTRWsrHMdZWFkQz78qi8ECv+FFiWf0K6R4q
+M59SJWrny64MCUlELfIfZF3+yoIMQu+pG/Xsnp5jHacneZI3loFrQXBWODq+vk5t
+12MBZYiSCuUCv5r46trE6tYSUV8KEFK+v+od0kVYd4J2r9ICGjDm5GELr1Jwl/7u
+WteGyPWxAgMBAAECggEAFEAgcOlZME6TZPS/ueSfRET6mNieB2/+2sxM3OZhsBmi
+QZ/cBCa1uFcVx8N1Et6iwn7ebfy199G4/xNjmHs0dDs6rPVbHnI8hUag1oq9TxlL
+d9VERUUOxZZ2uyJ7kBCnI0XCL2OQf29eMXRzx093lBBfIDH3e39ojUtYwZQiMcuw
+EPry0k4fVhymhKg9Wnmt5lMg4Mdc1TpPfmNFuTR0PZ1nAaVQglvH66qNKGVoWEhZ
+paNLaKC4H2Jfa1AfAWl6Efy5JDMOfHF0ww0cDUrTzAeQ7jEh0UGyL1lX8W6kKRDa
+0quUqxOJz9aQ8cyd27s2OQMlRtbXi/jhhVp7WLIrWQKBgQD9gKG5CgBO/L8nIj5o
+EhHFhtfjEhdeXTAlenmxoBxUN7Pwkc2OvhNef7+T0+euwl50ieopWLoRxLZ2yY8l
+E2b2+7EM6/8/wgt1bCVh5NCWrE63tLCx+wdht1oqciDXvuv5bJTf73sipgDTYYSV
+gE+DHXq96mxVJXo1TLtQQpXMVQKBgQDYx0AbO0KP2TTNY5ChqVwthaETHjWs6z9p
+U5WRgNYeXbUKg3l7JJk6zq72ZIBeqEr3d9mJqrk6HFKTh4c+LyjKyLjmY5wkmfHh
+s6s1lCEgEoXKT3Fa+DxlsXltyxrJLzuf1h276jeL5bB6BmJNKLODcEoCx/ubrwOj
+prdUSWqf7QKBgQCO/sg7AJE7/QY2pPJe8hJkQbP1unbEG/zUp0mOEKrqNqGhyh0R
+r9ZtL9J5KMc/pRRy2Hjl6c7LxxLF3tyIJXGnUEKG73iEFokwK1jK569hzsB4j8w8
+GUYIsMyDtO0hxeiGQeGYkBX9bXZ5xkBrtH0lkLNz/ZAuV32gIzBmDalCIQKBgDGT
+f+m6Z8KWHilKt+0A2n/eq7O/mO7u7hWcc/xOxqkzLRA2eTXcbN6yHfljiqgbPOnT
+kwCU9r9/crMir59dEasutHqcFT2Zp2PCv0kFk33OPqLCAF6ZntZy/B5L8NhJ4Qzw
+3uP28LUh1nZRt3GF+Wf56jMwoS49nEt0+UBhee0RAoGAS9YsJkbjBg2p3Gxvo5c0
+IjfZdcyS2ndTjXv+hFvkjMw0ULFT3dqpk+0asaCh5nrDUbVQyan+D8LgwSwNZy89
+e99bl//oliv/Om7lVFCKtBOhe+fIWHlrR0e2bemsQi/pgTURjYFuvjhR50dcKx96
+jLHvG4mTfStHaJ1gKGWvgWA=
 -----END PRIVATE KEY-----
\ No newline at end of file

From 959060a824945c835fde434fcfe3a9789e3f81e5 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Wed, 2 Oct 2024 16:01:23 -0700
Subject: [PATCH 033/591] s2a: Address comments on S2A channel + stub (#11584)

* delete HandshakerServiceChannel.

* remove usage of S2AGrpcChannelPool + avoid creating Channel ref per conn.
---
 .../s2a/internal/channel/S2AChannelPool.java  |  43 ------
 .../internal/channel/S2AGrpcChannelPool.java  | 109 ---------------
 .../channel/S2AHandshakerServiceChannel.java  |  72 +++-------
 .../S2AProtocolNegotiatorFactory.java         |  31 +++--
 .../channel/S2AGrpcChannelPoolTest.java       | 125 ------------------
 .../S2AHandshakerServiceChannelTest.java      | 125 +-----------------
 .../S2AProtocolNegotiatorFactoryTest.java     |  41 +-----
 .../s2a/internal/handshaker/S2AStubTest.java  |  15 +--
 8 files changed, 44 insertions(+), 517 deletions(-)
 delete mode 100644 s2a/src/main/java/io/grpc/s2a/internal/channel/S2AChannelPool.java
 delete mode 100644 s2a/src/main/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPool.java
 delete mode 100644 s2a/src/test/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPoolTest.java

diff --git a/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AChannelPool.java b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AChannelPool.java
deleted file mode 100644
index aaaa0fffd53..00000000000
--- a/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AChannelPool.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2024 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.s2a.internal.channel;
-
-import com.google.errorprone.annotations.CanIgnoreReturnValue;
-import io.grpc.Channel;
-import javax.annotation.concurrent.ThreadSafe;
-
-/** Manages a channel pool to be used for communication with the S2A. */
-@ThreadSafe
-public interface S2AChannelPool extends AutoCloseable {
-  /**
-   * Retrieves an open channel to the S2A from the channel pool.
-   *
-   * @throws IllegalStateException if no channel is available.
-   */
-  @CanIgnoreReturnValue
-  Channel getChannel();
-
-  /** Returns a channel to the channel pool. */
-  void returnToPool(Channel channel);
-
-  /**
-   * Returns all channels to the channel pool and closes the pool so that no new channels can be
-   * retrieved from the pool.
-   */
-  @Override
-  void close();
-}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPool.java b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPool.java
deleted file mode 100644
index af911185e6c..00000000000
--- a/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPool.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright 2024 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.s2a.internal.channel;
-
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Preconditions.checkState;
-
-import com.google.errorprone.annotations.concurrent.GuardedBy;
-import io.grpc.Channel;
-import io.grpc.internal.ObjectPool;
-import javax.annotation.concurrent.ThreadSafe;
-import org.checkerframework.checker.nullness.qual.Nullable;
-
-/**
- * Manages a gRPC channel pool and a cached gRPC channel to be used for communication with the S2A.
- */
-@ThreadSafe
-public final class S2AGrpcChannelPool implements S2AChannelPool {
-  private static final int MAX_NUMBER_USERS_OF_CACHED_CHANNEL = 100000;
-  private final ObjectPool<Channel> channelPool;
-
-  @GuardedBy("this")
-  private @Nullable Channel cachedChannel;
-
-  @GuardedBy("this")
-  private int numberOfUsersOfCachedChannel = 0;
-
-  private enum State {
-    OPEN,
-    CLOSED,
-  }
-  
-  ;
-
-  @GuardedBy("this")
-  private State state = State.OPEN;
-
-  public static S2AChannelPool create(ObjectPool<Channel> channelPool) {
-    checkNotNull(channelPool, "Channel pool should not be null.");
-    return new S2AGrpcChannelPool(channelPool);
-  }
-
-  private S2AGrpcChannelPool(ObjectPool<Channel> channelPool) {
-    this.channelPool = channelPool;
-  }
-
-  /**
-   * Retrieves a channel from {@code channelPool} if {@code channel} is null, and returns {@code
-   * channel} otherwise.
-   *
-   * @return a {@link Channel} obtained from the channel pool.
-   */
-  @Override
-  public synchronized Channel getChannel() {
-    checkState(state.equals(State.OPEN), "Channel pool is not open.");
-    checkState(
-        numberOfUsersOfCachedChannel < MAX_NUMBER_USERS_OF_CACHED_CHANNEL,
-        "Max number of channels have been retrieved from the channel pool.");
-    if (cachedChannel == null) {
-      cachedChannel = channelPool.getObject();
-    }
-    numberOfUsersOfCachedChannel += 1;
-    return cachedChannel;
-  }
-
-  /**
-   * Returns {@code channel} to {@code channelPool}.
-   *
-   * <p>The caller must ensure that {@code channel} was retrieved from this channel pool.
-   */
-  @Override
-  public synchronized void returnToPool(Channel channel) {
-    checkState(state.equals(State.OPEN), "Channel pool is not open.");
-    checkArgument(
-        cachedChannel != null && numberOfUsersOfCachedChannel > 0 && cachedChannel.equals(channel),
-        "Cannot return the channel to channel pool because the channel was not obtained from"
-            + " channel pool.");
-    numberOfUsersOfCachedChannel -= 1;
-    if (numberOfUsersOfCachedChannel == 0) {
-      channelPool.returnObject(channel);
-      cachedChannel = null;
-    }
-  }
-
-  @Override
-  public synchronized void close() {
-    state = State.CLOSED;
-    numberOfUsersOfCachedChannel = 0;
-    if (cachedChannel != null) {
-      channelPool.returnObject(cachedChannel);
-      cachedChannel = null;
-    }
-  }
-}
\ No newline at end of file
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
index 7a2b3e70672..b1ba88d1886 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
@@ -19,13 +19,9 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static java.util.concurrent.TimeUnit.SECONDS;
 
-import com.google.common.annotations.VisibleForTesting;
-import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
-import io.grpc.ClientCall;
 import io.grpc.ManagedChannel;
-import io.grpc.MethodDescriptor;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyChannelBuilder;
 import java.time.Duration;
@@ -55,6 +51,8 @@
 @ThreadSafe
 public final class S2AHandshakerServiceChannel {
   private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10);
+  private static final Logger logger =
+          Logger.getLogger(S2AHandshakerServiceChannel.class.getName());
 
   /**
    * Returns a {@link SharedResourceHolder.Resource} instance for managing channels to an S2A server
@@ -86,75 +84,35 @@ public ChannelResource(String targetAddress, ChannelCredentials channelCredentia
     }
 
     /**
-     * Creates a {@code HandshakerServiceChannel} instance to the service running at {@code
+     * Creates a {@code ManagedChannel} instance to the service running at {@code
      * targetAddress}.
      */
     @Override
     public Channel create() {
-      ManagedChannel channel =
-          NettyChannelBuilder.forTarget(targetAddress, channelCredentials)
+      return NettyChannelBuilder.forTarget(targetAddress, channelCredentials)
               .directExecutor()
+              .idleTimeout(5, SECONDS)
               .build();
-      return HandshakerServiceChannel.create(channel);
     }
 
-    /** Destroys a {@code HandshakerServiceChannel} instance. */
+    /** Destroys a {@code ManagedChannel} instance. */
     @Override
     public void close(Channel instanceChannel) {
       checkNotNull(instanceChannel);
-      HandshakerServiceChannel channel = (HandshakerServiceChannel) instanceChannel;
-      channel.close();
-    }
-
-    @Override
-    public String toString() {
-      return "grpc-s2a-channel";
-    }
-  }
-
-  /**
-   * Manages a channel using a {@link ManagedChannel} instance.
-   */
-  @VisibleForTesting
-  static class HandshakerServiceChannel extends Channel {
-    private static final Logger logger =
-          Logger.getLogger(S2AHandshakerServiceChannel.class.getName());
-    private final ManagedChannel delegate;
-
-    static HandshakerServiceChannel create(ManagedChannel delegate) {
-      checkNotNull(delegate);
-      return new HandshakerServiceChannel(delegate);
-    }
-
-    private HandshakerServiceChannel(ManagedChannel delegate) {
-      this.delegate = delegate;
-    }
-
-    /**
-     * Returns the address of the service to which the {@code delegate} channel connects, which is
-     * typically of the form {@code host:port}.
-     */
-    @Override
-    public String authority() {
-      return delegate.authority();
-    }
-
-    /** Creates a {@link ClientCall} that invokes the operations in {@link MethodDescriptor}. */
-    @Override
-    public <ReqT, RespT> ClientCall<ReqT, RespT> newCall(
-        MethodDescriptor<ReqT, RespT> methodDescriptor, CallOptions options) {
-      return delegate.newCall(methodDescriptor, options);
-    }
-
-    @SuppressWarnings("FutureReturnValueIgnored")
-    public void close() {
-      delegate.shutdownNow();
+      ManagedChannel channel = (ManagedChannel) instanceChannel;
+      channel.shutdownNow();
       try {
-        delegate.awaitTermination(CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
+        channel.awaitTermination(CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
       } catch (InterruptedException e) {
         Thread.currentThread().interrupt();
         logger.log(Level.WARNING, "Channel to S2A was not shutdown.");
       }
+
+    }
+
+    @Override
+    public String toString() {
+      return "grpc-s2a-channel";
     }
   }
 
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
index cb02d49ce9e..188faf63435 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
@@ -37,8 +37,6 @@
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiators;
 import io.grpc.netty.InternalProtocolNegotiators.ProtocolNegotiationHandler;
-import io.grpc.s2a.internal.channel.S2AChannelPool;
-import io.grpc.s2a.internal.channel.S2AGrpcChannelPool;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerAdapter;
@@ -70,17 +68,16 @@ public final class S2AProtocolNegotiatorFactory {
   public static InternalProtocolNegotiator.ClientFactory createClientFactory(
       @Nullable S2AIdentity localIdentity, ObjectPool<Channel> s2aChannelPool) {
     checkNotNull(s2aChannelPool, "S2A channel pool should not be null.");
-    S2AChannelPool channelPool = S2AGrpcChannelPool.create(s2aChannelPool);
-    return new S2AClientProtocolNegotiatorFactory(localIdentity, channelPool);
+    return new S2AClientProtocolNegotiatorFactory(localIdentity, s2aChannelPool);
   }
 
   static final class S2AClientProtocolNegotiatorFactory
       implements InternalProtocolNegotiator.ClientFactory {
     private final @Nullable S2AIdentity localIdentity;
-    private final S2AChannelPool channelPool;
+    private final ObjectPool<Channel> channelPool;
 
     S2AClientProtocolNegotiatorFactory(
-        @Nullable S2AIdentity localIdentity, S2AChannelPool channelPool) {
+        @Nullable S2AIdentity localIdentity, ObjectPool<Channel> channelPool) {
       this.localIdentity = localIdentity;
       this.channelPool = channelPool;
     }
@@ -100,13 +97,14 @@ public int getDefaultPort() {
   @VisibleForTesting
   static final class S2AProtocolNegotiator implements ProtocolNegotiator {
 
-    private final S2AChannelPool channelPool;
+    private final ObjectPool<Channel> channelPool;
+    private final Channel channel;
     private final Optional<S2AIdentity> localIdentity;
     private final ListeningExecutorService service =
         MoreExecutors.listeningDecorator(Executors.newFixedThreadPool(1));
 
     static S2AProtocolNegotiator createForClient(
-        S2AChannelPool channelPool, @Nullable S2AIdentity localIdentity) {
+        ObjectPool<Channel> channelPool, @Nullable S2AIdentity localIdentity) {
       checkNotNull(channelPool, "Channel pool should not be null.");
       if (localIdentity == null) {
         return new S2AProtocolNegotiator(channelPool, Optional.empty());
@@ -123,9 +121,11 @@ static S2AProtocolNegotiator createForClient(
       return HostAndPort.fromString(authority).getHost();
     }
 
-    private S2AProtocolNegotiator(S2AChannelPool channelPool, Optional<S2AIdentity> localIdentity) {
+    private S2AProtocolNegotiator(ObjectPool<Channel> channelPool,
+        Optional<S2AIdentity> localIdentity) {
       this.channelPool = channelPool;
       this.localIdentity = localIdentity;
+      this.channel = channelPool.getObject();
     }
 
     @Override
@@ -139,13 +139,13 @@ public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       String hostname = getHostNameFromAuthority(grpcHandler.getAuthority());
       checkArgument(!isNullOrEmpty(hostname), "hostname should not be null or empty.");
       return new S2AProtocolNegotiationHandler(
-        grpcHandler, channelPool, localIdentity, hostname, service);
+        grpcHandler, channel, localIdentity, hostname, service);
     }
 
     @Override
     public void close() {
       service.shutdown();
-      channelPool.close();
+      channelPool.returnObject(channel);
     }
   }
 
@@ -180,7 +180,7 @@ public void handlerRemoved(ChannelHandlerContext ctx) throws Exception {
   }
 
   private static final class S2AProtocolNegotiationHandler extends ProtocolNegotiationHandler {
-    private final S2AChannelPool channelPool;
+    private final Channel channel;
     private final Optional<S2AIdentity> localIdentity;
     private final String hostname;
     private final GrpcHttp2ConnectionHandler grpcHandler;
@@ -188,7 +188,7 @@ private static final class S2AProtocolNegotiationHandler extends ProtocolNegotia
 
     private S2AProtocolNegotiationHandler(
         GrpcHttp2ConnectionHandler grpcHandler,
-        S2AChannelPool channelPool,
+        Channel channel,
         Optional<S2AIdentity> localIdentity,
         String hostname,
         ListeningExecutorService service) {
@@ -204,7 +204,7 @@ public void handlerAdded(ChannelHandlerContext ctx) {
           },
           grpcHandler.getNegotiationLogger());
       this.grpcHandler = grpcHandler;
-      this.channelPool = channelPool;
+      this.channel = channel;
       this.localIdentity = localIdentity;
       this.hostname = hostname;
       checkNotNull(service, "service should not be null.");
@@ -217,8 +217,7 @@ protected void handlerAdded0(ChannelHandlerContext ctx) {
       BufferReadsHandler bufferReads = new BufferReadsHandler();
       ctx.pipeline().addBefore(ctx.name(), /* name= */ null, bufferReads);
 
-      Channel ch = channelPool.getChannel();
-      S2AServiceGrpc.S2AServiceStub stub = S2AServiceGrpc.newStub(ch);
+      S2AServiceGrpc.S2AServiceStub stub = S2AServiceGrpc.newStub(channel);
       S2AStub s2aStub = S2AStub.newInstance(stub);
 
       ListenableFuture<SslContext> sslContextFuture =
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPoolTest.java b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPoolTest.java
deleted file mode 100644
index afae456abb1..00000000000
--- a/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AGrpcChannelPoolTest.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright 2024 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.s2a.internal.channel;
-
-import static com.google.common.truth.Truth.assertThat;
-import static org.junit.Assert.assertThrows;
-import static org.mockito.Mockito.mock;
-
-import io.grpc.Channel;
-import io.grpc.internal.ObjectPool;
-import org.checkerframework.checker.nullness.qual.Nullable;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
-
-/** Unit tests for {@link S2AGrpcChannelPool}. */
-@RunWith(JUnit4.class)
-public final class S2AGrpcChannelPoolTest {
-  @Test
-  public void getChannel_success() throws Exception {
-    FakeChannelPool fakeChannelPool = new FakeChannelPool();
-    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool);
-
-    Channel channel = s2aChannelPool.getChannel();
-
-    assertThat(channel).isNotNull();
-    assertThat(fakeChannelPool.isChannelCached()).isTrue();
-    assertThat(s2aChannelPool.getChannel()).isEqualTo(channel);
-  }
-
-  @Test
-  public void returnToPool_success() throws Exception {
-    FakeChannelPool fakeChannelPool = new FakeChannelPool();
-    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool);
-
-    s2aChannelPool.returnToPool(s2aChannelPool.getChannel());
-
-    assertThat(fakeChannelPool.isChannelCached()).isFalse();
-  }
-
-  @Test
-  public void returnToPool_channelStillCachedBecauseMultipleChannelsRetrieved() throws Exception {
-    FakeChannelPool fakeChannelPool = new FakeChannelPool();
-    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool);
-
-    s2aChannelPool.getChannel();
-    s2aChannelPool.returnToPool(s2aChannelPool.getChannel());
-
-    assertThat(fakeChannelPool.isChannelCached()).isTrue();
-  }
-
-  @Test
-  public void returnToPool_failureBecauseChannelWasNotFromPool() throws Exception {
-    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(new FakeChannelPool());
-
-    IllegalArgumentException expected =
-        assertThrows(
-            IllegalArgumentException.class,
-            () -> s2aChannelPool.returnToPool(mock(Channel.class)));
-    assertThat(expected)
-        .hasMessageThat()
-        .isEqualTo(
-            "Cannot return the channel to channel pool because the channel was not obtained from"
-                + " channel pool.");
-  }
-
-  @Test
-  public void close_success() throws Exception {
-    FakeChannelPool fakeChannelPool = new FakeChannelPool();
-    try (S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool)) {
-      s2aChannelPool.getChannel();
-    }
-
-    assertThat(fakeChannelPool.isChannelCached()).isFalse();
-  }
-
-  @Test
-  public void close_poolIsUnusable() throws Exception {
-    S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(new FakeChannelPool());
-    s2aChannelPool.close();
-
-    IllegalStateException expected =
-        assertThrows(IllegalStateException.class, s2aChannelPool::getChannel);
-
-    assertThat(expected).hasMessageThat().isEqualTo("Channel pool is not open.");
-  }
-
-  private static class FakeChannelPool implements ObjectPool<Channel> {
-    private final Channel mockChannel = mock(Channel.class);
-    private @Nullable Channel cachedChannel = null;
-
-    @Override
-    public Channel getObject() {
-      if (cachedChannel == null) {
-        cachedChannel = mockChannel;
-      }
-      return cachedChannel;
-    }
-
-    @Override
-    public Channel returnObject(Object object) {
-      assertThat(object).isSameInstanceAs(mockChannel);
-      cachedChannel = null;
-      return null;
-    }
-
-    public boolean isChannelCached() {
-      return (cachedChannel != null);
-    }
-  }
-}
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
index 9e09d10f7da..16409721ff5 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
@@ -20,13 +20,10 @@
 import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
 import static org.junit.Assert.assertThrows;
 
-import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
-import io.grpc.ClientCall;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.ManagedChannel;
-import io.grpc.MethodDescriptor;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.ServerCredentials;
@@ -36,14 +33,12 @@
 import io.grpc.benchmarks.Utils;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyServerBuilder;
-import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel.HandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.testing.protobuf.SimpleRequest;
 import io.grpc.testing.protobuf.SimpleResponse;
 import io.grpc.testing.protobuf.SimpleServiceGrpc;
 import java.io.File;
-import java.util.concurrent.TimeUnit;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Test;
@@ -183,72 +178,7 @@ public void close_mtlsSuccess() throws Exception {
   }
 
   /**
-   * Verifies that an {@code HandshakerServiceChannel}'s {@code newCall} method can be used to
-   * perform a simple RPC.
-   */
-  @Test
-  public void newCall_performSimpleRpcSuccess() {
-    Resource<Channel> resource =
-        S2AHandshakerServiceChannel.getChannelResource(
-            "localhost:" + plaintextServer.getPort(),
-            InsecureChannelCredentials.create());
-    Channel channel = resource.create();
-    assertThat(channel).isInstanceOf(HandshakerServiceChannel.class);
-    assertThat(
-            SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance()))
-        .isEqualToDefaultInstance();
-  }
-
-  /** Same as newCall_performSimpleRpcSuccess, but use mTLS. */
-  @Test
-  public void newCall_mtlsPerformSimpleRpcSuccess() throws Exception {
-    Resource<Channel> resource =
-        S2AHandshakerServiceChannel.getChannelResource(
-            "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
-    Channel channel = resource.create();
-    assertThat(channel).isInstanceOf(HandshakerServiceChannel.class);
-    assertThat(
-            SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance()))
-        .isEqualToDefaultInstance();
-  }
-
-  /** Creates a {@code HandshakerServiceChannel} instance and verifies its authority. */
-  @Test
-  public void authority_success() throws Exception {
-    ManagedChannel channel = new FakeManagedChannel(true);
-    HandshakerServiceChannel eventLoopHoldingChannel =
-        HandshakerServiceChannel.create(channel);
-    assertThat(eventLoopHoldingChannel.authority()).isEqualTo("FakeManagedChannel");
-  }
-
-  /**
-   * Creates and closes a {@code HandshakerServiceChannel} when its {@code ManagedChannel}
-   * terminates successfully.
-   */
-  @Test
-  public void close_withDelegateTerminatedSuccess() throws Exception {
-    ManagedChannel channel = new FakeManagedChannel(true);
-    HandshakerServiceChannel eventLoopHoldingChannel =
-        HandshakerServiceChannel.create(channel);
-    eventLoopHoldingChannel.close();
-    assertThat(channel.isShutdown()).isTrue();
-  }
-
-  /**
-   * Creates and closes a {@code HandshakerServiceChannel} when its {@code ManagedChannel} does not
-   * terminate successfully.
-   */
-  @Test
-  public void close_withDelegateTerminatedFailure() throws Exception {
-    ManagedChannel channel = new FakeManagedChannel(false);
-    HandshakerServiceChannel eventLoopHoldingChannel =
-        HandshakerServiceChannel.create(channel);
-    eventLoopHoldingChannel.close();
-    assertThat(channel.isShutdown()).isTrue();
-  }
-
-  /**
-   * Creates and closes a {@code HandshakerServiceChannel}, creates a new channel from the same
+   * Creates and closes a {@code ManagedChannel}, creates a new channel from the same
    * resource, and verifies that this second channel is useable.
    */
   @Test
@@ -261,7 +191,7 @@ public void create_succeedsAfterCloseIsCalledOnce() throws Exception {
     resource.close(channelOne);
 
     Channel channelTwo = resource.create();
-    assertThat(channelTwo).isInstanceOf(HandshakerServiceChannel.class);
+    assertThat(channelTwo).isInstanceOf(ManagedChannel.class);
     assertThat(
             SimpleServiceGrpc.newBlockingStub(channelTwo)
                 .unaryRpc(SimpleRequest.getDefaultInstance()))
@@ -279,7 +209,7 @@ public void create_mtlsSucceedsAfterCloseIsCalledOnce() throws Exception {
     resource.close(channelOne);
 
     Channel channelTwo = resource.create();
-    assertThat(channelTwo).isInstanceOf(HandshakerServiceChannel.class);
+    assertThat(channelTwo).isInstanceOf(ManagedChannel.class);
     assertThat(
             SimpleServiceGrpc.newBlockingStub(channelTwo)
                 .unaryRpc(SimpleRequest.getDefaultInstance()))
@@ -325,53 +255,4 @@ public void unaryRpc(SimpleRequest request, StreamObserver<SimpleResponse> strea
       streamObserver.onCompleted();
     }
   }
-
-  private static class FakeManagedChannel extends ManagedChannel {
-    private final boolean isDelegateTerminatedSuccess;
-    private boolean isShutdown = false;
-
-    FakeManagedChannel(boolean isDelegateTerminatedSuccess) {
-      this.isDelegateTerminatedSuccess = isDelegateTerminatedSuccess;
-    }
-
-    @Override
-    public String authority() {
-      return "FakeManagedChannel";
-    }
-
-    @Override
-    public <ReqT, RespT> ClientCall<ReqT, RespT> newCall(
-        MethodDescriptor<ReqT, RespT> methodDescriptor, CallOptions options) {
-      throw new UnsupportedOperationException("This method should not be called.");
-    }
-
-    @Override
-    public ManagedChannel shutdown() {
-      throw new UnsupportedOperationException("This method should not be called.");
-    }
-
-    @Override
-    public boolean isShutdown() {
-      return isShutdown;
-    }
-
-    @Override
-    public boolean isTerminated() {
-      throw new UnsupportedOperationException("This method should not be called.");
-    }
-
-    @Override
-    public ManagedChannel shutdownNow() {
-      isShutdown = true;
-      return null;
-    }
-
-    @Override
-    public boolean awaitTermination(long timeout, TimeUnit unit) throws InterruptedException {
-      if (isDelegateTerminatedSuccess) {
-        return true;
-      }
-      throw new InterruptedException("Await termination was interrupted.");
-    }
-  }
 }
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
index d469b07df0f..48c512c4e5c 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
@@ -23,9 +23,7 @@
 import com.google.common.testing.NullPointerTester;
 import com.google.common.testing.NullPointerTester.Visibility;
 import io.grpc.Channel;
-import io.grpc.Grpc;
 import io.grpc.InsecureChannelCredentials;
-import io.grpc.ManagedChannel;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.benchmarks.Utils;
@@ -35,8 +33,6 @@
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
 import io.grpc.netty.InternalProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
-import io.grpc.s2a.internal.channel.S2AChannelPool;
-import io.grpc.s2a.internal.channel.S2AGrpcChannelPool;
 import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.grpc.s2a.internal.handshaker.S2AProtocolNegotiatorFactory.S2AProtocolNegotiator;
@@ -52,8 +48,6 @@
 import io.netty.util.AsciiString;
 import java.io.IOException;
 import java.util.Optional;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
 import org.checkerframework.checker.nullness.qual.Nullable;
 import org.junit.After;
 import org.junit.Before;
@@ -112,15 +106,14 @@ public void createProtocolNegotiatorFactory_nullArgument() throws Exception {
 
   @Test
   public void createProtocolNegotiator_nullArgument() throws Exception {
-    S2AChannelPool pool =
-        S2AGrpcChannelPool.create(
+    ObjectPool<Channel> pool =
             SharedResourcePool.forResource(
                 S2AHandshakerServiceChannel.getChannelResource(
-                    "localhost:8080", InsecureChannelCredentials.create())));
+                    "localhost:8080", InsecureChannelCredentials.create()));
 
     NullPointerTester tester =
         new NullPointerTester()
-            .setDefault(S2AChannelPool.class, pool)
+            .setDefault(ObjectPool.class, pool)
             .setDefault(Optional.class, Optional.empty());
 
     tester.testStaticMethods(S2AProtocolNegotiator.class, Visibility.PACKAGE);
@@ -175,15 +168,9 @@ public void closeProtocolNegotiator_verifyProtocolNegotiatorIsClosedOnClientSide
 
   @Test
   public void createChannelHandler_addHandlerToMockContext() throws Exception {
-    ExecutorService executor = Executors.newSingleThreadExecutor();
-    ManagedChannel channel =
-        Grpc.newChannelBuilder(authority, InsecureChannelCredentials.create())
-            .executor(executor)
-            .build();
-    FakeS2AChannelPool fakeChannelPool = new FakeS2AChannelPool(channel);
     ProtocolNegotiator clientNegotiator =
         S2AProtocolNegotiatorFactory.S2AProtocolNegotiator.createForClient(
-            fakeChannelPool, LOCAL_IDENTITY);
+            channelPool, LOCAL_IDENTITY);
 
     ChannelHandler channelHandler = clientNegotiator.newHandler(fakeConnectionHandler);
 
@@ -191,26 +178,6 @@ public void createChannelHandler_addHandlerToMockContext() throws Exception {
     verify(mockChannelHandlerContext).fireUserEventTriggered("event");
   }
 
-  /** A {@link S2AChannelPool} that returns the given channel. */
-  private static class FakeS2AChannelPool implements S2AChannelPool {
-    private final Channel channel;
-
-    FakeS2AChannelPool(Channel channel) {
-      this.channel = channel;
-    }
-
-    @Override
-    public Channel getChannel() {
-      return channel;
-    }
-
-    @Override
-    public void returnToPool(Channel channel) {}
-
-    @Override
-    public void close() {}
-  }
-
   /** A {@code GrpcHttp2ConnectionHandler} that does nothing. */
   private static class FakeConnectionHandler extends GrpcHttp2ConnectionHandler {
     private static final Http2ConnectionDecoder DECODER = mock(Http2ConnectionDecoder.class);
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
index 2e3bfc02879..bf99ef3f944 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
@@ -21,10 +21,10 @@
 import static org.junit.Assert.assertThrows;
 
 import com.google.common.truth.Expect;
+import io.grpc.Channel;
 import io.grpc.InsecureChannelCredentials;
+import io.grpc.internal.ObjectPool;
 import io.grpc.internal.SharedResourcePool;
-import io.grpc.s2a.internal.channel.S2AChannelPool;
-import io.grpc.s2a.internal.channel.S2AGrpcChannelPool;
 import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
@@ -53,12 +53,11 @@ public void setUp() {
 
   @Test
   public void send_receiveOkStatus() throws Exception {
-    S2AChannelPool channelPool =
-        S2AGrpcChannelPool.create(
-            SharedResourcePool.forResource(
-                S2AHandshakerServiceChannel.getChannelResource(
-                    S2A_ADDRESS, InsecureChannelCredentials.create())));
-    S2AServiceGrpc.S2AServiceStub serviceStub = S2AServiceGrpc.newStub(channelPool.getChannel());
+    ObjectPool<Channel> channelPool =
+        SharedResourcePool.forResource(
+            S2AHandshakerServiceChannel.getChannelResource(
+                S2A_ADDRESS, InsecureChannelCredentials.create()));
+    S2AServiceGrpc.S2AServiceStub serviceStub = S2AServiceGrpc.newStub(channelPool.getObject());
     S2AStub newStub = S2AStub.newInstance(serviceStub);
 
     IOException expected =

From 6f3542297c2fb46a38cab65d510fc2ce76200045 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 27 Sep 2024 07:06:17 -0700
Subject: [PATCH 034/591] okhttp: Don't warn about missing Conscrypt

When running on the JDK, it is quite normal for Conscrypt not to be
present. We'll end up using the JDK 9 ALPN API and everything will be
fine. On Android, it would be extremely rare for someone to completely
remove the default Android security providers, so the warning was almost
never going to trigger on that platform anyway.
---
 .../okhttp/main/java/io/grpc/okhttp/internal/Platform.java     | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/okhttp/third_party/okhttp/main/java/io/grpc/okhttp/internal/Platform.java b/okhttp/third_party/okhttp/main/java/io/grpc/okhttp/internal/Platform.java
index 6ed3bc50b81..29ea8055b26 100644
--- a/okhttp/third_party/okhttp/main/java/io/grpc/okhttp/internal/Platform.java
+++ b/okhttp/third_party/okhttp/main/java/io/grpc/okhttp/internal/Platform.java
@@ -283,7 +283,7 @@ private static boolean isAtLeastAndroid41() {
 
   /**
    * Select the first recognized security provider according to the preference order returned by
-   * {@link Security#getProviders}. If a recognized provider is not found then warn but continue.
+   * {@link Security#getProviders}.
    */
   private static Provider getAndroidSecurityProvider() {
     Provider[] providers = Security.getProviders();
@@ -295,7 +295,6 @@ private static Provider getAndroidSecurityProvider() {
         }
       }
     }
-    logger.log(Level.WARNING, "Unable to find Conscrypt");
     return null;
   }
 

From 9bb06af9633ea7e0cd4e90eadb037abaa423f2fd Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Wed, 2 Oct 2024 17:03:47 -0700
Subject: [PATCH 035/591] Change PickFirstLeafLoadBalancer to only have 1
 subchannel at a time (#11520)

* Change PickFirstLeafLoadBalancer to only have 1 subchannel at a time if environment variable GRPC_SERIALIZE_RETRIES == true.

Cache serializingRetries value so that it doesn't have to look up the flag every time.

Clear the correct task when READY in processSubchannelState and move the logic to cancelScheduledTasks

Cleanup based on PR review

remove unneeded checks for shutdown.

* Fix previously broken tests

* Shutdown previous subchannel when run off end of index.

* Provide option to disable subchannel retries to let PFLeafLB take control of retries.

* InternalSubchannel internally goes to IDLE when sees TF when reconnect is disabled.
Remove an extra index.increment in LeafLB
---
 api/src/main/java/io/grpc/LoadBalancer.java   |   6 +
 .../io/grpc/internal/InternalSubchannel.java  |  30 ++--
 .../io/grpc/internal/ManagedChannelImpl.java  |   4 +-
 .../internal/PickFirstLeafLoadBalancer.java   |  96 +++++++++++--
 .../grpc/internal/InternalSubchannelTest.java |  65 ++++++++-
 .../PickFirstLeafLoadBalancerTest.java        | 134 ++++++++++++++----
 .../io/grpc/xds/RingHashLoadBalancerTest.java |  10 +-
 7 files changed, 292 insertions(+), 53 deletions(-)

diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index 0fbce5fa5be..6d74006b396 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -121,6 +121,12 @@ public abstract class LoadBalancer {
       HEALTH_CONSUMER_LISTENER_ARG_KEY =
       LoadBalancer.CreateSubchannelArgs.Key.create("internal:health-check-consumer-listener");
 
+  @Internal
+  public static final LoadBalancer.CreateSubchannelArgs.Key<Boolean>
+      DISABLE_SUBCHANNEL_RECONNECT_KEY =
+      LoadBalancer.CreateSubchannelArgs.Key.createWithDefault(
+          "internal:disable-subchannel-reconnect", Boolean.FALSE);
+
   @Internal
   public static final Attributes.Key<Boolean>
       HAS_HEALTH_PRODUCER_LISTENER_KEY =
diff --git a/core/src/main/java/io/grpc/internal/InternalSubchannel.java b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
index 70e42e2f5f1..27a80f7c191 100644
--- a/core/src/main/java/io/grpc/internal/InternalSubchannel.java
+++ b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
@@ -45,6 +45,7 @@
 import io.grpc.InternalInstrumented;
 import io.grpc.InternalLogId;
 import io.grpc.InternalWithLogId;
+import io.grpc.LoadBalancer;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.Status;
@@ -77,6 +78,7 @@ final class InternalSubchannel implements InternalInstrumented<ChannelStats>, Tr
   private final CallTracer callsTracer;
   private final ChannelTracer channelTracer;
   private final ChannelLogger channelLogger;
+  private final boolean reconnectDisabled;
 
   private final List<ClientTransportFilter> transportFilters;
 
@@ -159,13 +161,15 @@ protected void handleNotInUse() {
 
   private volatile Attributes connectedAddressAttributes;
 
-  InternalSubchannel(List<EquivalentAddressGroup> addressGroups, String authority, String userAgent,
-      BackoffPolicy.Provider backoffPolicyProvider,
-      ClientTransportFactory transportFactory, ScheduledExecutorService scheduledExecutor,
-      Supplier<Stopwatch> stopwatchSupplier, SynchronizationContext syncContext, Callback callback,
-      InternalChannelz channelz, CallTracer callsTracer, ChannelTracer channelTracer,
-      InternalLogId logId, ChannelLogger channelLogger,
-      List<ClientTransportFilter> transportFilters) {
+  InternalSubchannel(LoadBalancer.CreateSubchannelArgs args, String authority, String userAgent,
+                     BackoffPolicy.Provider backoffPolicyProvider,
+                     ClientTransportFactory transportFactory,
+                     ScheduledExecutorService scheduledExecutor,
+                     Supplier<Stopwatch> stopwatchSupplier, SynchronizationContext syncContext,
+                     Callback callback, InternalChannelz channelz, CallTracer callsTracer,
+                     ChannelTracer channelTracer, InternalLogId logId,
+                     ChannelLogger channelLogger, List<ClientTransportFilter> transportFilters) {
+    List<EquivalentAddressGroup> addressGroups = args.getAddresses();
     Preconditions.checkNotNull(addressGroups, "addressGroups");
     Preconditions.checkArgument(!addressGroups.isEmpty(), "addressGroups is empty");
     checkListHasNoNulls(addressGroups, "addressGroups contains null entry");
@@ -187,6 +191,7 @@ protected void handleNotInUse() {
     this.logId = Preconditions.checkNotNull(logId, "logId");
     this.channelLogger = Preconditions.checkNotNull(channelLogger, "channelLogger");
     this.transportFilters = transportFilters;
+    this.reconnectDisabled = args.getOption(LoadBalancer.DISABLE_SUBCHANNEL_RECONNECT_KEY);
   }
 
   ChannelLogger getChannelLogger() {
@@ -289,6 +294,11 @@ public void run() {
     }
 
     gotoState(ConnectivityStateInfo.forTransientFailure(status));
+
+    if (reconnectDisabled) {
+      return;
+    }
+
     if (reconnectPolicy == null) {
       reconnectPolicy = backoffPolicyProvider.get();
     }
@@ -337,7 +347,11 @@ private void gotoState(final ConnectivityStateInfo newState) {
     if (state.getState() != newState.getState()) {
       Preconditions.checkState(state.getState() != SHUTDOWN,
           "Cannot transition out of SHUTDOWN to " + newState);
-      state = newState;
+      if (reconnectDisabled && newState.getState() == TRANSIENT_FAILURE) {
+        state = ConnectivityStateInfo.forNonError(IDLE);
+      } else {
+        state = newState;
+      }
       callback.onStateChange(InternalSubchannel.this, newState);
     }
   }
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 7e36086ac94..36d79f4011b 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -1483,7 +1483,7 @@ void onStateChange(InternalSubchannel is, ConnectivityStateInfo newState) {
       }
 
       final InternalSubchannel internalSubchannel = new InternalSubchannel(
-          addressGroup,
+          CreateSubchannelArgs.newBuilder().setAddresses(addressGroup).build(),
           authority, userAgent, backoffPolicyProvider, oobTransportFactory,
           oobTransportFactory.getScheduledExecutorService(), stopwatchSupplier, syncContext,
           // All callback methods are run from syncContext
@@ -1915,7 +1915,7 @@ void onNotInUse(InternalSubchannel is) {
       }
 
       final InternalSubchannel internalSubchannel = new InternalSubchannel(
-          args.getAddresses(),
+          args,
           authority(),
           userAgent,
           backoffPolicyProvider,
diff --git a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
index bfa462e16e1..6f4794fdd46 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
@@ -64,17 +64,26 @@ final class PickFirstLeafLoadBalancer extends LoadBalancer {
   private int numTf = 0;
   private boolean firstPass = true;
   @Nullable
-  private ScheduledHandle scheduleConnectionTask;
+  private ScheduledHandle scheduleConnectionTask = null;
   private ConnectivityState rawConnectivityState = IDLE;
   private ConnectivityState concludedState = IDLE;
-  private final boolean enableHappyEyeballs =
-      PickFirstLoadBalancerProvider.isEnabledHappyEyeballs();
+  private final boolean enableHappyEyeballs = !isSerializingRetries()
+      && PickFirstLoadBalancerProvider.isEnabledHappyEyeballs();
   private boolean notAPetiolePolicy = true; // means not under a petiole policy
+  private final BackoffPolicy.Provider bkoffPolProvider = new ExponentialBackoffPolicy.Provider();
+  private BackoffPolicy reconnectPolicy;
+  @Nullable
+  private ScheduledHandle reconnectTask = null;
+  private final boolean serializingRetries = isSerializingRetries();
 
   PickFirstLeafLoadBalancer(Helper helper) {
     this.helper = checkNotNull(helper, "helper");
   }
 
+  static boolean isSerializingRetries() {
+    return GrpcUtil.getFlag("GRPC_SERIALIZE_RETRIES", false);
+  }
+
   @Override
   public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     if (rawConnectivityState == SHUTDOWN) {
@@ -225,9 +234,10 @@ void processSubchannelState(SubchannelData subchannelData, ConnectivityStateInfo
       return;
     }
 
-    if (newState == IDLE) {
+    if (newState == IDLE && subchannelData.state == READY) {
       helper.refreshNameResolution();
     }
+
     // If we are transitioning from a TRANSIENT_FAILURE to CONNECTING or IDLE we ignore this state
     // transition and still keep the LB in TRANSIENT_FAILURE state. This is referred to as "sticky
     // transient failure". Only a subchannel state change to READY will get the LB out of
@@ -277,6 +287,8 @@ void processSubchannelState(SubchannelData subchannelData, ConnectivityStateInfo
           if (addressIndex.increment()) {
             cancelScheduleTask();
             requestConnection(); // is recursive so might hit the end of the addresses
+          } else {
+            scheduleBackoff();
           }
         }
 
@@ -304,6 +316,39 @@ void processSubchannelState(SubchannelData subchannelData, ConnectivityStateInfo
     }
   }
 
+  /**
+   * Only called after all addresses attempted and failed (TRANSIENT_FAILURE).
+   */
+  private void scheduleBackoff() {
+    if (!serializingRetries) {
+      return;
+    }
+
+    class EndOfCurrentBackoff implements Runnable {
+      @Override
+      public void run() {
+        reconnectTask = null;
+        addressIndex.reset();
+        requestConnection();
+      }
+    }
+
+    // Just allow the previous one to trigger when ready if we're already in backoff
+    if (reconnectTask != null) {
+      return;
+    }
+
+    if (reconnectPolicy == null) {
+      reconnectPolicy = bkoffPolProvider.get();
+    }
+    long delayNanos = reconnectPolicy.nextBackoffNanos();
+    reconnectTask = helper.getSynchronizationContext().schedule(
+        new EndOfCurrentBackoff(),
+        delayNanos,
+        TimeUnit.NANOSECONDS,
+        helper.getScheduledExecutorService());
+  }
+
   private void updateHealthCheckedState(SubchannelData subchannelData) {
     if (subchannelData.state != READY) {
       return;
@@ -337,6 +382,11 @@ public void shutdown() {
     rawConnectivityState = SHUTDOWN;
     concludedState = SHUTDOWN;
     cancelScheduleTask();
+    if (reconnectTask != null) {
+      reconnectTask.cancel();
+      reconnectTask = null;
+    }
+    reconnectPolicy = null;
 
     for (SubchannelData subchannelData : subchannels.values()) {
       subchannelData.getSubchannel().shutdown();
@@ -350,6 +400,12 @@ public void shutdown() {
   * that all other subchannels must be shutdown.
   */
   private void shutdownRemaining(SubchannelData activeSubchannelData) {
+    if (reconnectTask != null) {
+      reconnectTask.cancel();
+      reconnectTask = null;
+    }
+    reconnectPolicy = null;
+
     cancelScheduleTask();
     for (SubchannelData subchannelData : subchannels.values()) {
       if (!subchannelData.getSubchannel().equals(activeSubchannelData.subchannel)) {
@@ -391,8 +447,17 @@ public void requestConnection() {
         scheduleNextConnection();
         break;
       case TRANSIENT_FAILURE:
-        addressIndex.increment();
-        requestConnection();
+        if (!serializingRetries) {
+          addressIndex.increment();
+          requestConnection();
+        } else {
+          if (!addressIndex.isValid()) {
+            scheduleBackoff();
+          } else {
+            subchannelData.subchannel.requestConnection();
+            subchannelData.updateState(CONNECTING);
+          }
+        }
         break;
       default:
         // Wait for current subchannel to change state
@@ -438,9 +503,10 @@ private SubchannelData createNewSubchannel(SocketAddress addr, Attributes attrs)
     HealthListener hcListener = new HealthListener();
     final Subchannel subchannel = helper.createSubchannel(
         CreateSubchannelArgs.newBuilder()
-        .setAddresses(Lists.newArrayList(
-            new EquivalentAddressGroup(addr, attrs)))
-        .addOption(HEALTH_CONSUMER_LISTENER_ARG_KEY, hcListener)
+            .setAddresses(Lists.newArrayList(
+                new EquivalentAddressGroup(addr, attrs)))
+            .addOption(HEALTH_CONSUMER_LISTENER_ARG_KEY, hcListener)
+            .addOption(LoadBalancer.DISABLE_SUBCHANNEL_RECONNECT_KEY, serializingRetries)
             .build());
     if (subchannel == null) {
       log.warning("Was not able to create subchannel for " + addr);
@@ -458,7 +524,7 @@ private SubchannelData createNewSubchannel(SocketAddress addr, Attributes attrs)
   }
 
   private boolean isPassComplete() {
-    if (addressIndex.isValid() || subchannels.size() < addressIndex.size()) {
+    if (subchannels.size() < addressIndex.size()) {
       return false;
     }
     for (SubchannelData sc : subchannels.values()) {
@@ -646,6 +712,16 @@ public int size() {
     }
   }
 
+  @VisibleForTesting
+  int getGroupIndex() {
+    return addressIndex.groupIndex;
+  }
+
+  @VisibleForTesting
+  boolean isIndexValid() {
+    return addressIndex.isValid();
+  }
+
   private static final class SubchannelData {
     private final Subchannel subchannel;
     private ConnectivityState state;
diff --git a/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java b/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
index e4d9f27ed46..b75fd43a743 100644
--- a/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
+++ b/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
@@ -46,6 +46,7 @@
 import io.grpc.InternalChannelz;
 import io.grpc.InternalLogId;
 import io.grpc.InternalWithLogId;
+import io.grpc.LoadBalancer;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.InternalSubchannel.CallTracingTransport;
@@ -309,10 +310,57 @@ public void constructor_eagListWithNull_throws() {
     verify(mockBackoffPolicy2, times(backoff2Consulted)).nextBackoffNanos();
   }
 
+  @Test public void twoAddressesReconnectDisabled() {
+    SocketAddress addr1 = mock(SocketAddress.class);
+    SocketAddress addr2 = mock(SocketAddress.class);
+    createInternalSubchannel(true,
+        new EquivalentAddressGroup(Arrays.asList(addr1, addr2)));
+    assertEquals(IDLE, internalSubchannel.getState());
+
+    assertNull(internalSubchannel.obtainActiveTransport());
+    assertExactCallbackInvokes("onStateChange:CONNECTING");
+    assertEquals(CONNECTING, internalSubchannel.getState());
+    verify(mockTransportFactory).newClientTransport(eq(addr1), any(), any());
+    // Let this one fail without success
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    // Still in CONNECTING
+    assertNull(internalSubchannel.obtainActiveTransport());
+    assertNoCallbackInvoke();
+    assertEquals(CONNECTING, internalSubchannel.getState());
+
+    // Second attempt will start immediately. Still no back-off policy.
+    verify(mockBackoffPolicyProvider, times(0)).get();
+    verify(mockTransportFactory, times(1))
+        .newClientTransport(
+            eq(addr2),
+            eq(createClientTransportOptions()),
+            isA(TransportLogger.class));
+    assertNull(internalSubchannel.obtainActiveTransport());
+    // Fail this one too
+    assertNoCallbackInvoke();
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    // All addresses have failed, but we aren't controlling retries.
+    assertEquals(IDLE, internalSubchannel.getState());
+    assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
+    // Backoff reset and first back-off interval begins
+    verify(mockBackoffPolicy1, never()).nextBackoffNanos();
+    verify(mockBackoffPolicyProvider, never()).get();
+    assertTrue("Nothing should have been scheduled", fakeClock.getPendingTasks().isEmpty());
+
+    // Should follow orders and create an active transport.
+    internalSubchannel.obtainActiveTransport();
+    assertExactCallbackInvokes("onStateChange:CONNECTING");
+    assertEquals(CONNECTING, internalSubchannel.getState());
+
+    // Shouldn't have anything scheduled, so shouldn't do anything
+    assertTrue("Nothing should have been scheduled 2", fakeClock.getPendingTasks().isEmpty());
+  }
+
   @Test public void twoAddressesReconnect() {
     SocketAddress addr1 = mock(SocketAddress.class);
     SocketAddress addr2 = mock(SocketAddress.class);
-    createInternalSubchannel(addr1, addr2);
+    createInternalSubchannel(false,
+        new EquivalentAddressGroup(Arrays.asList(addr1, addr2)));
     assertEquals(IDLE, internalSubchannel.getState());
     // Invocation counters
     int transportsAddr1 = 0;
@@ -1377,11 +1425,24 @@ private void createInternalSubchannel(SocketAddress ... addrs) {
   }
 
   private void createInternalSubchannel(EquivalentAddressGroup ... addrs) {
+    createInternalSubchannel(false, addrs);
+  }
+
+  private void createInternalSubchannel(boolean reconnectDisabled,
+                                        EquivalentAddressGroup ... addrs) {
     List<EquivalentAddressGroup> addressGroups = Arrays.asList(addrs);
     InternalLogId logId = InternalLogId.allocate("Subchannel", /*details=*/ AUTHORITY);
     ChannelTracer subchannelTracer = new ChannelTracer(logId, 10,
         fakeClock.getTimeProvider().currentTimeNanos(), "Subchannel");
-    internalSubchannel = new InternalSubchannel(addressGroups, AUTHORITY, USER_AGENT,
+    LoadBalancer.CreateSubchannelArgs.Builder argBuilder =
+        LoadBalancer.CreateSubchannelArgs.newBuilder().setAddresses(addressGroups);
+    if (reconnectDisabled) {
+      argBuilder.addOption(LoadBalancer.DISABLE_SUBCHANNEL_RECONNECT_KEY, reconnectDisabled);
+    }
+    LoadBalancer.CreateSubchannelArgs createSubchannelArgs = argBuilder.build();
+    internalSubchannel = new InternalSubchannel(
+        createSubchannelArgs,
+        AUTHORITY, USER_AGENT,
         mockBackoffPolicyProvider, mockTransportFactory, fakeClock.getScheduledExecutorService(),
         fakeClock.getStopwatchSupplier(), syncContext, mockInternalSubchannelCallback,
         channelz, CallTracer.getDefaultFactory().create(),
diff --git a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
index 63915bddc99..f0031a6ae62 100644
--- a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
+++ b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
@@ -27,10 +27,12 @@
 import static io.grpc.LoadBalancer.HEALTH_CONSUMER_LISTENER_ARG_KEY;
 import static io.grpc.LoadBalancer.IS_PETIOLE_POLICY;
 import static io.grpc.internal.PickFirstLeafLoadBalancer.CONNECTION_DELAY_INTERVAL_MS;
+import static io.grpc.internal.PickFirstLeafLoadBalancer.isSerializingRetries;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assume.assumeTrue;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -73,7 +75,6 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import org.junit.After;
-import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -92,14 +93,22 @@
 public class PickFirstLeafLoadBalancerTest {
   public static final Status CONNECTION_ERROR =
       Status.UNAVAILABLE.withDescription("Simulated connection error");
-
-  @Parameterized.Parameters(name = "{0}")
-  public static List<Boolean> enableHappyEyeballs() {
-    return Arrays.asList(true, false);
+  public static final String GRPC_SERIALIZE_RETRIES = "GRPC_SERIALIZE_RETRIES";
+
+  @Parameterized.Parameters(name = "{0}-{1}")
+  public static List<Object[]> data() {
+    return Arrays.asList(new Object[][] {
+        {false, false},
+        {false, true},
+        {true, false}});
   }
 
-  @Parameterized.Parameter
+  @Parameterized.Parameter(value = 0)
+  public boolean serializeRetries;
+
+  @Parameterized.Parameter(value = 1)
   public boolean enableHappyEyeballs;
+
   private PickFirstLeafLoadBalancer loadBalancer;
   private final List<EquivalentAddressGroup> servers = Lists.newArrayList();
   private static final Attributes.Key<String> FOO = Attributes.Key.create("foo");
@@ -137,13 +146,22 @@ public void uncaughtException(Thread t, Throwable e) {
   private PickSubchannelArgs mockArgs;
 
   private String originalHappyEyeballsEnabledValue;
+  private String originalSerializeRetriesValue;
+
+  private long backoffMillis;
 
   @Before
   public void setUp() {
+    assumeTrue(!serializeRetries || !enableHappyEyeballs); // they are not compatible
+
+    backoffMillis = TimeUnit.SECONDS.toMillis(1);
+    originalSerializeRetriesValue = System.getProperty(GRPC_SERIALIZE_RETRIES);
+    System.setProperty(GRPC_SERIALIZE_RETRIES, Boolean.toString(serializeRetries));
+
     originalHappyEyeballsEnabledValue =
         System.getProperty(PickFirstLoadBalancerProvider.GRPC_PF_USE_HAPPY_EYEBALLS);
     System.setProperty(PickFirstLoadBalancerProvider.GRPC_PF_USE_HAPPY_EYEBALLS,
-        enableHappyEyeballs ? "true" : "false");
+        Boolean.toString(enableHappyEyeballs));
 
     for (int i = 1; i <= 5; i++) {
       SocketAddress addr = new FakeSocketAddress("server" + i);
@@ -176,6 +194,11 @@ public void setUp() {
 
   @After
   public void tearDown() {
+    if (originalSerializeRetriesValue == null) {
+      System.clearProperty(GRPC_SERIALIZE_RETRIES);
+    } else {
+      System.setProperty(GRPC_SERIALIZE_RETRIES, originalSerializeRetriesValue);
+    }
     if (originalHappyEyeballsEnabledValue == null) {
       System.clearProperty(PickFirstLoadBalancerProvider.GRPC_PF_USE_HAPPY_EYEBALLS);
     } else {
@@ -498,6 +521,9 @@ public void healthCheckFlow() {
     inOrder.verify(mockHelper).updateBalancingState(eq(READY), pickerCaptor.capture());
     assertThat(pickerCaptor.getValue().pickSubchannel(mockArgs)
         .getSubchannel()).isSameInstanceAs(mockSubchannel1);
+    verify(mockHelper, atLeast(0)).getSynchronizationContext();
+    verify(mockHelper, atLeast(0)).getScheduledExecutorService();
+    verifyNoMoreInteractions(mockHelper);
 
     healthListener2.onSubchannelState(ConnectivityStateInfo.forNonError(READY));
     verifyNoMoreInteractions(mockHelper);
@@ -520,20 +546,7 @@ public void pickAfterStateChangeAfterResolution() {
     inOrder.verify(mockSubchannel1).start(stateListenerCaptor.capture());
     stateListeners[0] = stateListenerCaptor.getValue();
 
-    if (enableHappyEyeballs) {
-      forwardTimeByConnectionDelay();
-      inOrder.verify(mockSubchannel2).start(stateListenerCaptor.capture());
-      stateListeners[1] = stateListenerCaptor.getValue();
-      forwardTimeByConnectionDelay();
-      inOrder.verify(mockSubchannel3).start(stateListenerCaptor.capture());
-      stateListeners[2] = stateListenerCaptor.getValue();
-      forwardTimeByConnectionDelay();
-      inOrder.verify(mockSubchannel4).start(stateListenerCaptor.capture());
-      stateListeners[3] = stateListenerCaptor.getValue();
-    }
-
-    reset(mockHelper);
-
+    stateListeners[0].onSubchannelState(ConnectivityStateInfo.forNonError(READY));
     stateListeners[0].onSubchannelState(ConnectivityStateInfo.forNonError(IDLE));
     inOrder.verify(mockHelper).refreshNameResolution();
     inOrder.verify(mockHelper).updateBalancingState(eq(IDLE), pickerCaptor.capture());
@@ -543,11 +556,23 @@ public void pickAfterStateChangeAfterResolution() {
     stateListeners[0].onSubchannelState(ConnectivityStateInfo.forNonError(CONNECTING));
 
     Status error = Status.UNAVAILABLE.withDescription("boom!");
+    reset(mockHelper);
 
     if (enableHappyEyeballs) {
-      for (SubchannelStateListener listener : stateListeners) {
-        listener.onSubchannelState(ConnectivityStateInfo.forTransientFailure(error));
-      }
+      stateListeners[0].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error));
+      forwardTimeByConnectionDelay();
+      inOrder.verify(mockSubchannel2).start(stateListenerCaptor.capture());
+      stateListeners[1] = stateListenerCaptor.getValue();
+      stateListeners[1].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error));
+      forwardTimeByConnectionDelay();
+      inOrder.verify(mockSubchannel3).start(stateListenerCaptor.capture());
+      stateListeners[2] = stateListenerCaptor.getValue();
+      stateListeners[2].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error));
+      forwardTimeByConnectionDelay();
+      inOrder.verify(mockSubchannel4).start(stateListenerCaptor.capture());
+      stateListeners[3] = stateListenerCaptor.getValue();
+      stateListeners[3].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error));
+      forwardTimeByConnectionDelay();
     } else {
       stateListeners[0].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error));
       for (int i = 1; i < stateListeners.length; i++) {
@@ -589,6 +614,8 @@ public void pickAfterResolutionAfterTransientValue() {
 
     // Transition from TRANSIENT_ERROR to CONNECTING should also be ignored.
     stateListener.onSubchannelState(ConnectivityStateInfo.forNonError(CONNECTING));
+    verify(mockHelper, atLeast(0)).getSynchronizationContext();
+    verify(mockHelper, atLeast(0)).getScheduledExecutorService();
     verifyNoMoreInteractions(mockHelper);
     assertEquals(error, pickerCaptor.getValue().pickSubchannel(mockArgs).getStatus());
   }
@@ -619,6 +646,8 @@ public void pickWithDupAddressesUpDownUp() {
 
     // Transition from TRANSIENT_ERROR to CONNECTING should also be ignored.
     stateListener.onSubchannelState(ConnectivityStateInfo.forNonError(CONNECTING));
+    verify(mockHelper, atLeast(0)).getSynchronizationContext();
+    verify(mockHelper, atLeast(0)).getScheduledExecutorService();
     verifyNoMoreInteractions(mockHelper);
     assertEquals(error, pickerCaptor.getValue().pickSubchannel(mockArgs).getStatus());
 
@@ -651,6 +680,8 @@ public void pickWithDupEagsUpDownUp() {
 
     // Transition from TRANSIENT_ERROR to CONNECTING should also be ignored.
     stateListener.onSubchannelState(ConnectivityStateInfo.forNonError(CONNECTING));
+    verify(mockHelper, atLeast(0)).getSynchronizationContext();
+    verify(mockHelper, atLeast(0)).getScheduledExecutorService();
     verifyNoMoreInteractions(mockHelper);
     assertEquals(error, pickerCaptor.getValue().pickSubchannel(mockArgs).getStatus());
 
@@ -1518,6 +1549,8 @@ public void updateAddresses_intersecting_ready() {
 
   @Test
   public void updateAddresses_intersecting_transient_failure() {
+    assumeTrue(!isSerializingRetries());
+
     // Starting first connection attempt
     InOrder inOrder = inOrder(mockHelper, mockSubchannel1, mockSubchannel2,
         mockSubchannel3, mockSubchannel4); // captor: captures
@@ -1782,6 +1815,8 @@ public void updateAddresses_identical_ready() {
 
   @Test
   public void updateAddresses_identical_transient_failure() {
+    assumeTrue(!isSerializingRetries());
+
     InOrder inOrder = inOrder(mockHelper, mockSubchannel1, mockSubchannel2,
         mockSubchannel3, mockSubchannel4);
     // Creating first set of endpoints/addresses
@@ -2295,7 +2330,7 @@ public void ready_then_transient_failure_again() {
 
   @Test
   public void happy_eyeballs_trigger_connection_delay() {
-    Assume.assumeTrue(enableHappyEyeballs); // This test is only for happy eyeballs
+    assumeTrue(enableHappyEyeballs); // This test is only for happy eyeballs
     // Starting first connection attempt
     InOrder inOrder = inOrder(mockHelper, mockSubchannel1,
         mockSubchannel2, mockSubchannel3, mockSubchannel4);
@@ -2340,7 +2375,7 @@ public void happy_eyeballs_trigger_connection_delay() {
 
   @Test
   public void happy_eyeballs_connection_results_happen_after_get_to_end() {
-    Assume.assumeTrue(enableHappyEyeballs); // This test is only for happy eyeballs
+    assumeTrue(enableHappyEyeballs); // This test is only for happy eyeballs
 
     InOrder inOrder = inOrder(mockHelper, mockSubchannel1, mockSubchannel2, mockSubchannel3);
     Status error = Status.UNAUTHENTICATED.withDescription("simulated failure");
@@ -2393,7 +2428,7 @@ public void happy_eyeballs_connection_results_happen_after_get_to_end() {
 
   @Test
   public void happy_eyeballs_pick_pushes_index_over_end() {
-    Assume.assumeTrue(enableHappyEyeballs); // This test is only for happy eyeballs
+    assumeTrue(enableHappyEyeballs); // This test is only for happy eyeballs
 
     InOrder inOrder = inOrder(mockHelper, mockSubchannel1, mockSubchannel2, mockSubchannel3,
         mockSubchannel2n2, mockSubchannel3n2);
@@ -2471,7 +2506,7 @@ public void happy_eyeballs_pick_pushes_index_over_end() {
 
   @Test
   public void happy_eyeballs_fail_then_trigger_connection_delay() {
-    Assume.assumeTrue(enableHappyEyeballs); // This test is only for happy eyeballs
+    assumeTrue(enableHappyEyeballs); // This test is only for happy eyeballs
     // Starting first connection attempt
     InOrder inOrder = inOrder(mockHelper, mockSubchannel1, mockSubchannel2, mockSubchannel3);
     assertEquals(IDLE, loadBalancer.getConcludedConnectivityState());
@@ -2550,6 +2585,44 @@ public void advance_index_then_request_connection() {
     loadBalancer.requestConnection(); // should be handled without throwing exception
   }
 
+  @Test
+  public void serialized_retries_two_passes() {
+    assumeTrue(serializeRetries); // This test is only for serialized retries
+
+    InOrder inOrder = inOrder(mockHelper, mockSubchannel1, mockSubchannel2, mockSubchannel3);
+    Status error = Status.UNAUTHENTICATED.withDescription("simulated failure");
+
+    List<EquivalentAddressGroup> addrs =
+        Lists.newArrayList(servers.get(0), servers.get(1), servers.get(2));
+    Subchannel[] subchannels = new Subchannel[]{mockSubchannel1, mockSubchannel2, mockSubchannel3};
+    SubchannelStateListener[] listeners = new SubchannelStateListener[subchannels.length];
+    loadBalancer.acceptResolvedAddresses(
+        ResolvedAddresses.newBuilder().setAddresses(addrs).build());
+    forwardTimeByConnectionDelay(2);
+    for (int i = 0; i < subchannels.length; i++) {
+      inOrder.verify(subchannels[i]).start(stateListenerCaptor.capture());
+      inOrder.verify(subchannels[i]).requestConnection();
+      listeners[i] = stateListenerCaptor.getValue();
+      listeners[i].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error));
+    }
+    assertEquals(TRANSIENT_FAILURE, loadBalancer.getConcludedConnectivityState());
+    assertFalse("Index should be at end", loadBalancer.isIndexValid());
+
+    forwardTimeByBackoffDelay(); // should trigger retry
+    for (int i = 0; i < subchannels.length; i++) {
+      inOrder.verify(subchannels[i]).requestConnection();
+      listeners[i].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error)); // cascade
+    }
+    inOrder.verify(subchannels[0], never()).requestConnection(); // should wait for backoff delay
+
+    forwardTimeByBackoffDelay(); // should trigger retry again
+    for (int i = 0; i < subchannels.length; i++) {
+      inOrder.verify(subchannels[i]).requestConnection();
+      assertEquals(i, loadBalancer.getGroupIndex());
+      listeners[i].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error)); // cascade
+    }
+  }
+
   @Test
   public void index_looping() {
     Attributes.Key<String> key = Attributes.Key.create("some-key");
@@ -2689,6 +2762,11 @@ private void forwardTimeByConnectionDelay(int times) {
     }
   }
 
+  private void forwardTimeByBackoffDelay() {
+    backoffMillis = (long) (backoffMillis * 1.8); // backoff factor default is 1.6 with Jitter .2
+    fakeClock.forwardTime(backoffMillis, TimeUnit.MILLISECONDS);
+  }
+
   private void acceptXSubchannels(int num) {
     List<EquivalentAddressGroup> newServers = new ArrayList<>();
     for (int i = 0; i < num; i++) {
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
index 047ba71bbe0..dd7de3691a7 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
@@ -150,7 +150,8 @@ public void subchannelLazyConnectUntilPicked() {
     assertThat(result.getStatus().isOk()).isTrue();
     assertThat(result.getSubchannel()).isNull();
     Subchannel subchannel = Iterables.getOnlyElement(subchannels.values());
-    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledHappyEyeballs() ? 1 : 2;
+    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledNewPickFirst()
+                            && !PickFirstLoadBalancerProvider.isEnabledHappyEyeballs() ? 1 : 2;
     verify(subchannel, times(expectedTimes)).requestConnection();
     verify(helper).updateBalancingState(eq(CONNECTING), any(SubchannelPicker.class));
     verify(helper).createSubchannel(any(CreateSubchannelArgs.class));
@@ -184,7 +185,8 @@ public void subchannelNotAutoReconnectAfterReenteringIdle() {
     pickerCaptor.getValue().pickSubchannel(args);
     Subchannel subchannel = subchannels.get(Collections.singletonList(childLbState.getEag()));
     InOrder inOrder = Mockito.inOrder(helper, subchannel);
-    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledHappyEyeballs() ? 1 : 2;
+    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledHappyEyeballs()
+                            || !PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 2 : 1;
     inOrder.verify(subchannel, times(expectedTimes)).requestConnection();
     deliverSubchannelState(subchannel, CSI_READY);
     inOrder.verify(helper).updateBalancingState(eq(READY), any(SubchannelPicker.class));
@@ -443,8 +445,10 @@ public void skipFailingHosts_pickNextNonFailingHost() {
     PickResult result = pickerCaptor.getValue().pickSubchannel(args);
     assertThat(result.getStatus().isOk()).isTrue();
     assertThat(result.getSubchannel()).isNull();  // buffer request
-    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledHappyEyeballs() ? 1 : 2;
     // verify kicked off connection to server2
+    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledHappyEyeballs()
+                            || !PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 2 : 1;
+
     verify(getSubChannel(servers.get(1)), times(expectedTimes)).requestConnection();
     assertThat(subchannels.size()).isEqualTo(2);  // no excessive connection
 

From 35f0d56894d50c0105ab60eb121fe8363c386333 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Thu, 3 Oct 2024 14:45:01 -0700
Subject: [PATCH 036/591] s2a: don't use reflection to load token manager
 (#11590)

---
 s2a/BUILD.bazel                               | 31 +++----------------
 .../tokenmanager/AccessTokenManager.java      | 15 ++-------
 2 files changed, 7 insertions(+), 39 deletions(-)

diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
index 676215e1e1e..283828a9f7e 100644
--- a/s2a/BUILD.bazel
+++ b/s2a/BUILD.bazel
@@ -32,33 +32,13 @@ java_library(
 )
 
 java_library(
-    name = "token_fetcher",
-    srcs = ["src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/TokenFetcher.java"],
-    deps = [
-        ":s2a_identity",
-    ],
-)
-
-java_library(
-    name = "access_token_manager",
-    srcs = [
-        "src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java",
-    ],
+    name = "token_manager",
+    srcs = glob([
+        "src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/*.java",
+    ]),
     deps = [
         ":s2a_identity",
-        ":token_fetcher",
         artifact("com.google.code.findbugs:jsr305"),
-    ],
-)
-
-java_library(
-    name = "single_token_fetcher",
-    srcs = [
-        "src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java",
-    ],
-    deps = [
-        ":s2a_identity",
-        ":token_fetcher",
         artifact("com.google.guava:guava"),
     ],
 )
@@ -77,13 +57,12 @@ java_library(
         "src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java",
     ],
     deps = [
-        ":access_token_manager",
+        ":token_manager",
         ":common_java_proto",
         ":s2a_channel_pool",
         ":s2a_identity",
         ":s2a_java_proto",
         ":s2a_java_grpc_proto",
-        ":single_token_fetcher",
         "//api",
         "//core:internal",
         "//netty",
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java
index 71e55b29fcd..65fca46bbb2 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/AccessTokenManager.java
@@ -17,7 +17,6 @@
 package io.grpc.s2a.internal.handshaker.tokenmanager;
 
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
-import java.lang.reflect.Method;
 import java.util.Optional;
 import javax.annotation.concurrent.ThreadSafe;
 
@@ -28,19 +27,9 @@ public final class AccessTokenManager {
 
   /** Creates an {@code AccessTokenManager} based on the environment where the application runs. */
   public static Optional<AccessTokenManager> create() {
-    Optional<?> tokenFetcher;
-    try {
-      Class<?> singleTokenFetcherClass =
-          Class.forName("io.grpc.s2a.internal.handshaker.tokenmanager.SingleTokenFetcher");
-      Method createTokenFetcher = singleTokenFetcherClass.getMethod("create");
-      tokenFetcher = (Optional) createTokenFetcher.invoke(null);
-    } catch (ClassNotFoundException e) {
-      tokenFetcher = Optional.empty();
-    } catch (ReflectiveOperationException e) {
-      throw new LinkageError(e.getMessage(), e);
-    }
+    Optional<TokenFetcher> tokenFetcher = SingleTokenFetcher.create();
     return tokenFetcher.isPresent()
-        ? Optional.of(new AccessTokenManager((TokenFetcher) tokenFetcher.get()))
+        ? Optional.of(new AccessTokenManager(tokenFetcher.get()))
         : Optional.empty();
   }
 

From 94a0a0d1c7af25aaf46f6f36353afc16e45f6b2b Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Fri, 4 Oct 2024 11:42:25 +0530
Subject: [PATCH 037/591] example-gauth: Use application default creds instead
 of file argument (#11595)

Also removed unnecessary refreshAccessToken() and fixed the reference to README.md.

Fixes #5677
---
 examples/example-gauth/README.md              | 21 +++++++--------
 .../examples/googleAuth/GoogleAuthClient.java | 26 +++++++++----------
 2 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/examples/example-gauth/README.md b/examples/example-gauth/README.md
index 622c14cb57b..b49d346a9be 100644
--- a/examples/example-gauth/README.md
+++ b/examples/example-gauth/README.md
@@ -43,13 +43,13 @@ gcloud pubsub topics create Topic1
 5. You will now need to set up [authentication](https://cloud.google.com/docs/authentication/) and a
 [service account](https://cloud.google.com/docs/authentication/#service_accounts) in order to access
 Pub/Sub via gRPC APIs as described [here](https://cloud.google.com/iam/docs/creating-managing-service-accounts).
-Assign the [role](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts) `Project -> Owner`
+(**Note:** This step is unnecessary on Google platforms (Google App Engine / Google Cloud Shell / Google Compute Engine) as it will
+automatically use the in-built Google credentials). Assign the [role](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts) `Project -> Owner`
 and for Key type select JSON. Once you click `Create`, a JSON file containing your key is downloaded to
 your computer. Note down the path of this file or copy this file to the computer and file system where
 you will be running the example application as described later. Assume this JSON file is available at
-`/path/to/JSON/file`. You can also use the `gcloud` shell commands to
-[create the service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts#iam-service-accounts-create-gcloud)
-and [the JSON file](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-gcloud).
+`/path/to/JSON/file` Set the value of the environment variable GOOGLE_APPLICATION_CREDENTIALS to this file path. You can also use the `gcloud` shell commands to
+[create the service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts#iam-service-accounts-create-gcloud).
 
 #### To build the examples
 
@@ -62,19 +62,18 @@ $ ../gradlew installDist
 
 
 #### How to run the example:
-`google-auth-client` requires two command line arguments for the location of the JSON file and the project ID:
+`google-auth-client` requires one command line argument for the project ID:
 
  ```text
-USAGE: GoogleAuthClient <path-to-JSON-file> <project-ID>
+USAGE: GoogleAuthClient <project-ID>
 ```
 
-The first argument <path-to-JSON-file> is the location of the JSON file you created in step 5 above.
-The second argument <project-ID> is the project ID in the form "projects/xyz123" where "xyz123" is
+The first argument <project-ID> is the project ID in the form "projects/xyz123" where "xyz123" is
 the project ID of the project you created (or used) in step 2 above.
 
  ```bash
 # Run the client
-./build/install/example-gauth/bin/google-auth-client /path/to/JSON/file projects/xyz123
+./build/install/example-gauth/bin/google-auth-client projects/xyz123
 ```
  That's it! The client will show the list of Pub/Sub topics for the project as follows:
 
@@ -93,7 +92,7 @@ the project ID of the project you created (or used) in step 2 above.
  ```
  $ mvn verify
  $ # Run the client
- $ mvn exec:java -Dexec.mainClass=io.grpc.examples.googleAuth.GoogleAuthClient -Dexec.args="/path/to/JSON/file projects/xyz123"
+ $ mvn exec:java -Dexec.mainClass=io.grpc.examples.googleAuth.GoogleAuthClient -Dexec.args="projects/xyz123"
  ```
 
  ## Bazel
@@ -101,5 +100,5 @@ the project ID of the project you created (or used) in step 2 above.
  ```
  $ bazel build :google-auth-client
  $ # Run the client
- $ ../bazel-bin/google-auth-client /path/to/JSON/file projects/xyz123
+ $ ../bazel-bin/google-auth-client projects/xyz123
  ```
\ No newline at end of file
diff --git a/examples/example-gauth/src/main/java/io/grpc/examples/googleAuth/GoogleAuthClient.java b/examples/example-gauth/src/main/java/io/grpc/examples/googleAuth/GoogleAuthClient.java
index 4d3dd044376..eb0d9feedfc 100644
--- a/examples/example-gauth/src/main/java/io/grpc/examples/googleAuth/GoogleAuthClient.java
+++ b/examples/example-gauth/src/main/java/io/grpc/examples/googleAuth/GoogleAuthClient.java
@@ -33,7 +33,7 @@
 
 /**
  * Example to illustrate use of Google credentials as described in
- * @see <a href="../../../../../../GOOGLE_AUTH_EXAMPLE.md">Google Auth Example README</a>
+ * @see <a href="../../../../../../README.md">Google Auth Example README</a>
  *
  * Also @see <a href="https://cloud.google.com/pubsub/docs/reference/rpc/">Google Cloud Pubsub via gRPC</a>
  */
@@ -52,7 +52,7 @@ public class GoogleAuthClient {
    *
    * @param host  host to connect to - typically "pubsub.googleapis.com"
    * @param port  port to connect to - typically 443 - the TLS port
-   * @param callCredentials  the Google call credentials created from a JSON file
+   * @param callCredentials  the Google call credentials
    */
   public GoogleAuthClient(String host, int port, CallCredentials callCredentials) {
     // Google API invocation requires a secure channel. Channels are secure by default (SSL/TLS)
@@ -63,7 +63,7 @@ public GoogleAuthClient(String host, int port, CallCredentials callCredentials)
    * Construct our gRPC client that connects to the pubsub server using an existing channel.
    *
    * @param channel    channel that has been built already
-   * @param callCredentials  the Google call credentials created from a JSON file
+   * @param callCredentials  the Google call credentials
    */
   GoogleAuthClient(ManagedChannel channel, CallCredentials callCredentials) {
     this.channel = channel;
@@ -101,32 +101,30 @@ public void getTopics(String projectID) {
 
   /**
    * The app requires 2 arguments as described in
-   * @see <a href="../../../../../../GOOGLE_AUTH_EXAMPLE.md">Google Auth Example README</a>
+   * @see <a href="../../../../../../README.md">Google Auth Example README</a>
    *
-   * arg0 = location of the JSON file for the service account you created in the GCP console
-   * arg1 = project name in the form "projects/balmy-cirrus-225307" where "balmy-cirrus-225307" is
+   * arg0 = project name in the form "projects/balmy-cirrus-225307" where "balmy-cirrus-225307" is
    *        the project ID for the project you created.
    *
+   * On non-Google platforms, the GOOGLE_APPLICATION_CREDENTIALS env variable should be set to the
+   * location of the JSON file for the service account you created in the GCP console.
    */
   public static void main(String[] args) throws Exception {
-    if (args.length < 2) {
-      logger.severe("Usage: please pass 2 arguments:\n" +
-                    "arg0 = location of the JSON file for the service account you created in the GCP console\n" +
-                    "arg1 = project name in the form \"projects/xyz\" where \"xyz\" is the project ID of the project you created.\n");
+    if (args.length < 1) {
+      logger.severe("Usage: please pass 1 argument:\n" +
+                    "arg0 = project name in the form \"projects/xyz\" where \"xyz\" is the project ID of the project you created.\n");
       System.exit(1);
     }
-    GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream(args[0]));
+    GoogleCredentials credentials = GoogleCredentials.getApplicationDefault();
 
     // We need to create appropriate scope as per https://cloud.google.com/storage/docs/authentication#oauth-scopes
     credentials = credentials.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
 
-    // credentials must be refreshed before the access token is available
-    credentials.refreshAccessToken();
     GoogleAuthClient client =
             new GoogleAuthClient("pubsub.googleapis.com", 443, MoreCallCredentials.from(credentials));
 
     try {
-      client.getTopics(args[1]);
+      client.getTopics(args[0]);
     } finally {
       client.shutdown();
     }

From 1ded8aff814d4064902337f264acec8b5cde419c Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Mon, 7 Oct 2024 17:55:56 +0530
Subject: [PATCH 038/591] On result2 resolution result have addresses or error
 (#11330)

Combined success / error status passed via ResolutionResult to the NameResolver.Listener2 interface's onResult2 method - Addresses in the success case or address resolution error in the failure case now get set in ResolutionResult::addressesOrError by the internal name resolvers.
---
 api/src/main/java/io/grpc/NameResolver.java   |  71 +++++++----
 api/src/main/java/io/grpc/StatusOr.java       | 102 ++++++++++++++++
 .../test/java/io/grpc/NameResolverTest.java   | 110 ++++++++++++++++++
 api/src/test/java/io/grpc/StatusOrTest.java   |  81 +++++++++++++
 build.gradle                                  |   1 +
 .../io/grpc/internal/DnsNameResolver.java     |  22 +++-
 .../io/grpc/internal/ManagedChannelImpl.java  |  28 +++--
 .../internal/ManagedChannelImplBuilder.java   |   7 +-
 .../io/grpc/internal/DnsNameResolverTest.java |  65 ++++++++---
 .../ManagedChannelImplIdlenessTest.java       |   3 +-
 .../grpc/internal/ManagedChannelImplTest.java |  36 ++++--
 .../grpc/grpclb/GrpclbNameResolverTest.java   |  19 ++-
 .../java/io/grpc/netty/UdsNameResolver.java   |   8 +-
 .../grpc/netty/UdsNameResolverProvider.java   |   2 +-
 .../netty/UdsNameResolverProviderTest.java    |  41 +++++--
 .../io/grpc/netty/UdsNameResolverTest.java    |  29 ++++-
 .../testing/FakeNameResolverProvider.java     |   6 +-
 .../xds/ClusterResolverLoadBalancerTest.java  |   4 +-
 .../java/io/grpc/xds/XdsNameResolverTest.java |  10 +-
 .../grpc/xds/XdsSecurityClientServerTest.java |   4 +-
 20 files changed, 541 insertions(+), 108 deletions(-)
 create mode 100644 api/src/main/java/io/grpc/StatusOr.java
 create mode 100644 api/src/test/java/io/grpc/StatusOrTest.java

diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index bfb9c2a43a1..b9590ab5d5a 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -20,13 +20,13 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.base.MoreObjects;
+import com.google.common.base.MoreObjects.ToStringHelper;
 import com.google.common.base.Objects;
 import com.google.errorprone.annotations.InlineMe;
 import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.net.URI;
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
@@ -95,7 +95,8 @@ public void onError(Status error) {
 
           @Override
           public void onResult(ResolutionResult resolutionResult) {
-            listener.onAddresses(resolutionResult.getAddresses(), resolutionResult.getAttributes());
+            listener.onAddresses(resolutionResult.getAddressesOrError().getValue(),
+                resolutionResult.getAttributes());
           }
       });
     }
@@ -218,19 +219,21 @@ public abstract static class Listener2 implements Listener {
     @Override
     @Deprecated
     @InlineMe(
-        replacement = "this.onResult(ResolutionResult.newBuilder().setAddresses(servers)"
-            + ".setAttributes(attributes).build())",
-        imports = "io.grpc.NameResolver.ResolutionResult")
+        replacement = "this.onResult2(ResolutionResult.newBuilder().setAddressesOrError("
+            + "StatusOr.fromValue(servers)).setAttributes(attributes).build())",
+        imports = {"io.grpc.NameResolver.ResolutionResult", "io.grpc.StatusOr"})
     public final void onAddresses(
         List<EquivalentAddressGroup> servers, @ResolutionResultAttr Attributes attributes) {
       // TODO(jihuncho) need to promote Listener2 if we want to use ConfigOrError
-      onResult(
-          ResolutionResult.newBuilder().setAddresses(servers).setAttributes(attributes).build());
+      onResult2(
+          ResolutionResult.newBuilder().setAddressesOrError(
+              StatusOr.fromValue(servers)).setAttributes(attributes).build());
     }
 
     /**
      * Handles updates on resolved addresses and attributes.  If
-     * {@link ResolutionResult#getAddresses()} is empty, {@link #onError(Status)} will be called.
+     * {@link ResolutionResult#getAddressesOrError()} is empty, {@link #onError(Status)} will be
+     * called.
      *
      * @param resolutionResult the resolved server addresses, attributes, and Service Config.
      * @since 1.21.0
@@ -584,17 +587,17 @@ public abstract static class ServiceConfigParser {
    */
   @ExperimentalApi("https://github.com/grpc/grpc-java/issues/1770")
   public static final class ResolutionResult {
-    private final List<EquivalentAddressGroup> addresses;
+    private final StatusOr<List<EquivalentAddressGroup>> addressesOrError;
     @ResolutionResultAttr
     private final Attributes attributes;
     @Nullable
     private final ConfigOrError serviceConfig;
 
     ResolutionResult(
-        List<EquivalentAddressGroup> addresses,
+        StatusOr<List<EquivalentAddressGroup>> addressesOrError,
         @ResolutionResultAttr Attributes attributes,
         ConfigOrError serviceConfig) {
-      this.addresses = Collections.unmodifiableList(new ArrayList<>(addresses));
+      this.addressesOrError = addressesOrError;
       this.attributes = checkNotNull(attributes, "attributes");
       this.serviceConfig = serviceConfig;
     }
@@ -615,7 +618,7 @@ public static Builder newBuilder() {
      */
     public Builder toBuilder() {
       return newBuilder()
-          .setAddresses(addresses)
+          .setAddressesOrError(addressesOrError)
           .setAttributes(attributes)
           .setServiceConfig(serviceConfig);
     }
@@ -624,9 +627,20 @@ public Builder toBuilder() {
      * Gets the addresses resolved by name resolution.
      *
      * @since 1.21.0
+     * @deprecated Will be superseded by getAddressesOrError
      */
+    @Deprecated
     public List<EquivalentAddressGroup> getAddresses() {
-      return addresses;
+      return addressesOrError.getValue();
+    }
+
+    /**
+     * Gets the addresses resolved by name resolution or the error in doing so.
+     *
+     * @since 1.65.0
+     */
+    public StatusOr<List<EquivalentAddressGroup>> getAddressesOrError() {
+      return addressesOrError;
     }
 
     /**
@@ -652,11 +666,11 @@ public ConfigOrError getServiceConfig() {
 
     @Override
     public String toString() {
-      return MoreObjects.toStringHelper(this)
-          .add("addresses", addresses)
-          .add("attributes", attributes)
-          .add("serviceConfig", serviceConfig)
-          .toString();
+      ToStringHelper stringHelper = MoreObjects.toStringHelper(this);
+      stringHelper.add("addressesOrError", addressesOrError.toString());
+      stringHelper.add("attributes", attributes);
+      stringHelper.add("serviceConfigOrError", serviceConfig);
+      return stringHelper.toString();
     }
 
     /**
@@ -668,7 +682,7 @@ public boolean equals(Object obj) {
         return false;
       }
       ResolutionResult that = (ResolutionResult) obj;
-      return Objects.equal(this.addresses, that.addresses)
+      return Objects.equal(this.addressesOrError, that.addressesOrError)
           && Objects.equal(this.attributes, that.attributes)
           && Objects.equal(this.serviceConfig, that.serviceConfig);
     }
@@ -678,7 +692,7 @@ public boolean equals(Object obj) {
      */
     @Override
     public int hashCode() {
-      return Objects.hashCode(addresses, attributes, serviceConfig);
+      return Objects.hashCode(addressesOrError, attributes, serviceConfig);
     }
 
     /**
@@ -688,7 +702,8 @@ public int hashCode() {
      */
     @ExperimentalApi("https://github.com/grpc/grpc-java/issues/1770")
     public static final class Builder {
-      private List<EquivalentAddressGroup> addresses = Collections.emptyList();
+      private StatusOr<List<EquivalentAddressGroup>> addresses =
+          StatusOr.fromValue(Collections.emptyList());
       private Attributes attributes = Attributes.EMPTY;
       @Nullable
       private ConfigOrError serviceConfig;
@@ -700,9 +715,21 @@ public static final class Builder {
        * Sets the addresses resolved by name resolution.  This field is required.
        *
        * @since 1.21.0
+       * @deprecated Will be superseded by setAddressesOrError
        */
+      @Deprecated
       public Builder setAddresses(List<EquivalentAddressGroup> addresses) {
-        this.addresses = addresses;
+        setAddressesOrError(StatusOr.fromValue(addresses));
+        return this;
+      }
+
+      /**
+       * Sets the addresses resolved by name resolution or the error in doing so. This field is
+       * required.
+       * @param addresses Resolved addresses or an error in resolving addresses
+       */
+      public Builder setAddressesOrError(StatusOr<List<EquivalentAddressGroup>> addresses) {
+        this.addresses = checkNotNull(addresses, "StatusOr addresses cannot be null.");
         return this;
       }
 
diff --git a/api/src/main/java/io/grpc/StatusOr.java b/api/src/main/java/io/grpc/StatusOr.java
new file mode 100644
index 00000000000..8a88d9e62d0
--- /dev/null
+++ b/api/src/main/java/io/grpc/StatusOr.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.base.MoreObjects;
+import com.google.common.base.MoreObjects.ToStringHelper;
+import com.google.common.base.Objects;
+import javax.annotation.Nullable;
+
+/** Either a Status or a value. */
+@ExperimentalApi("https://github.com/grpc/grpc-java/issues/11563")
+public class StatusOr<T> {
+  private StatusOr(Status status, T value) {
+    this.status = status;
+    this.value = value;
+  }
+
+  /** Construct from a value. */
+  public static <T> StatusOr<T> fromValue(@Nullable T value) {
+    StatusOr<T> result = new StatusOr<T>(null, value);
+    return result;
+  }
+
+  /** Construct from a non-Ok status. */
+  public static <T> StatusOr<T> fromStatus(Status status) {
+    StatusOr<T> result = new StatusOr<T>(checkNotNull(status, "status"), null);
+    checkArgument(!status.isOk(), "cannot use OK status: %s", status);
+    return result;
+  }
+
+  /** Returns whether there is a value. */
+  public boolean hasValue() {
+    return status == null;
+  }
+
+  /**
+   * Returns the value if set or throws exception if there is no value set. This method is meant
+   * to be called after checking the return value of hasValue() first.
+   */
+  public @Nullable T getValue() {
+    if (status != null) {
+      throw new IllegalStateException("No value present.");
+    }
+    return value;
+  }
+
+  /** Returns the status. If there is a value (which can be null), returns OK. */
+  public Status getStatus() {
+    return status == null ? Status.OK : status;
+  }
+
+  @Override
+  public boolean equals(Object other) {
+    if (!(other instanceof StatusOr)) {
+      return false;
+    }
+    StatusOr<?> otherStatus = (StatusOr<?>) other;
+    if (hasValue() != otherStatus.hasValue()) {
+      return false;
+    }
+    if (hasValue()) {
+      return Objects.equal(value, otherStatus.value);
+    }
+    return Objects.equal(status, otherStatus.status);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hashCode(status, value);
+  }
+
+  @Override
+  public String toString() {
+    ToStringHelper stringHelper = MoreObjects.toStringHelper(this);
+    if (status == null) {
+      stringHelper.add("value", value);
+    } else {
+      stringHelper.add("error", status);
+    }
+    return stringHelper.toString();
+  }
+
+  private final Status status;
+  private final T value;
+}
diff --git a/api/src/test/java/io/grpc/NameResolverTest.java b/api/src/test/java/io/grpc/NameResolverTest.java
index f825de354af..1bc32ee7b1d 100644
--- a/api/src/test/java/io/grpc/NameResolverTest.java
+++ b/api/src/test/java/io/grpc/NameResolverTest.java
@@ -17,20 +17,43 @@
 package io.grpc;
 
 import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 
+import com.google.common.base.Objects;
+import io.grpc.NameResolver.ConfigOrError;
+import io.grpc.NameResolver.Listener2;
+import io.grpc.NameResolver.ResolutionResult;
 import io.grpc.NameResolver.ServiceConfigParser;
 import java.lang.Thread.UncaughtExceptionHandler;
+import java.net.SocketAddress;
+import java.util.Collections;
+import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
+import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
 
 /** Unit tests for the inner classes in {@link NameResolver}. */
 @RunWith(JUnit4.class)
 public class NameResolverTest {
+  private static final List<EquivalentAddressGroup> ADDRESSES =
+      Collections.singletonList(
+          new EquivalentAddressGroup(new FakeSocketAddress("fake-address-1"), Attributes.EMPTY));
+  private static final Attributes.Key<String> YOLO_KEY = Attributes.Key.create("yolo");
+  private static Attributes ATTRIBUTES = Attributes.newBuilder()
+      .set(YOLO_KEY, "To be, or not to be?").build();
+  private static ConfigOrError CONFIG = ConfigOrError.fromConfig("foo");
+
+  @Rule
+  public final MockitoRule mocks = MockitoJUnit.rule();
   private final int defaultPort = 293;
   private final ProxyDetector proxyDetector = mock(ProxyDetector.class);
   private final SynchronizationContext syncContext =
@@ -41,6 +64,7 @@ public class NameResolverTest {
   private final ChannelLogger channelLogger = mock(ChannelLogger.class);
   private final Executor executor = Executors.newSingleThreadExecutor();
   private final String overrideAuthority = "grpc.io";
+  @Mock NameResolver.Listener mockListener;
 
   @Test
   public void args() {
@@ -80,4 +104,90 @@ private NameResolver.Args createArgs() {
         .setOverrideAuthority(overrideAuthority)
         .build();
   }
+
+  @Test
+  @SuppressWarnings("deprecation")
+  public void startOnOldListener_wrapperListener2UsedToStart() {
+    final Listener2[] listener2 = new Listener2[1];
+    NameResolver nameResolver = new NameResolver() {
+      @Override
+      public String getServiceAuthority() {
+        return null;
+      }
+
+      @Override
+      public void shutdown() {}
+
+      @Override
+      public void start(Listener2 listener2Arg) {
+        listener2[0] = listener2Arg;
+      }
+    };
+    nameResolver.start(mockListener);
+
+    listener2[0].onResult(ResolutionResult.newBuilder().setAddresses(ADDRESSES)
+        .setAttributes(ATTRIBUTES).build());
+    verify(mockListener).onAddresses(eq(ADDRESSES), eq(ATTRIBUTES));
+    listener2[0].onError(Status.CANCELLED);
+    verify(mockListener).onError(Status.CANCELLED);
+  }
+
+  @Test
+  @SuppressWarnings({"deprecation", "InlineMeInliner"})
+  public void listener2AddressesToListener2ResolutionResultConversion() {
+    final ResolutionResult[] resolutionResult = new ResolutionResult[1];
+    NameResolver.Listener2 listener2 = new Listener2() {
+      @Override
+      public void onResult(ResolutionResult resolutionResultArg) {
+        resolutionResult[0] = resolutionResultArg;
+      }
+
+      @Override
+      public void onError(Status error) {}
+    };
+
+    listener2.onAddresses(ADDRESSES, ATTRIBUTES);
+
+    assertThat(resolutionResult[0].getAddressesOrError().getValue()).isEqualTo(ADDRESSES);
+    assertThat(resolutionResult[0].getAttributes()).isEqualTo(ATTRIBUTES);
+  }
+
+  @Test
+  public void resolutionResult_toString_addressesAttributesAndConfig() {
+    ResolutionResult resolutionResult = ResolutionResult.newBuilder()
+        .setAddressesOrError(StatusOr.fromValue(ADDRESSES))
+        .setAttributes(ATTRIBUTES)
+        .setServiceConfig(CONFIG)
+        .build();
+
+    assertThat(resolutionResult.toString()).isEqualTo(
+        "ResolutionResult{addressesOrError=StatusOr{value="
+            + "[[[FakeSocketAddress-fake-address-1]/{}]]}, attributes={yolo=To be, or not to be?}, "
+            + "serviceConfigOrError=ConfigOrError{config=foo}}");
+  }
+
+  @Test
+  public void resolutionResult_hashCode() {
+    ResolutionResult resolutionResult = ResolutionResult.newBuilder()
+        .setAddressesOrError(StatusOr.fromValue(ADDRESSES))
+        .setAttributes(ATTRIBUTES)
+        .setServiceConfig(CONFIG)
+        .build();
+
+    assertThat(resolutionResult.hashCode()).isEqualTo(
+        Objects.hashCode(StatusOr.fromValue(ADDRESSES), ATTRIBUTES, CONFIG));
+  }
+
+  private static class FakeSocketAddress extends SocketAddress {
+    final String name;
+
+    FakeSocketAddress(String name) {
+      this.name = name;
+    }
+
+    @Override
+    public String toString() {
+      return "FakeSocketAddress-" + name;
+    }
+  }
 }
diff --git a/api/src/test/java/io/grpc/StatusOrTest.java b/api/src/test/java/io/grpc/StatusOrTest.java
new file mode 100644
index 00000000000..f63a314a2bb
--- /dev/null
+++ b/api/src/test/java/io/grpc/StatusOrTest.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2015 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import static com.google.common.truth.Truth.assertThat;
+import static junit.framework.TestCase.fail;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link StatusOr}. **/
+@RunWith(JUnit4.class)
+public class StatusOrTest {
+
+  @Test
+  public void getValue_throwsIfNoValuePresent() {
+    try {
+      StatusOr.fromStatus(Status.ABORTED).getValue();
+
+      fail("Expected exception.");
+    } catch (IllegalStateException expected) { }
+  }
+
+  @Test
+  @SuppressWarnings("TruthIncompatibleType")
+  public void equals_differentValueTypes() {
+    assertThat(StatusOr.fromValue(1)).isNotEqualTo(StatusOr.fromValue("1"));
+  }
+
+  @Test
+  public void equals_differentValues() {
+    assertThat(StatusOr.fromValue(1)).isNotEqualTo(StatusOr.fromValue(2));
+  }
+
+  @Test
+  public void equals_sameValues() {
+    assertThat(StatusOr.fromValue(1)).isEqualTo(StatusOr.fromValue(1));
+  }
+
+  @Test
+  public void equals_differentStatuses() {
+    assertThat(StatusOr.fromStatus(Status.ABORTED)).isNotEqualTo(
+        StatusOr.fromStatus(Status.CANCELLED));
+  }
+
+  @Test
+  public void equals_sameStatuses() {
+    assertThat(StatusOr.fromStatus(Status.ABORTED)).isEqualTo(StatusOr.fromStatus(Status.ABORTED));
+  }
+
+  @Test
+  public void toString_value() {
+    assertThat(StatusOr.fromValue(1).toString()).isEqualTo("StatusOr{value=1}");
+  }
+
+  @Test
+  public void toString_nullValue() {
+    assertThat(StatusOr.fromValue(null).toString()).isEqualTo("StatusOr{value=null}");
+  }
+
+  @Test
+  public void toString_errorStatus() {
+    assertThat(StatusOr.fromStatus(Status.ABORTED).toString()).isEqualTo(
+        "StatusOr{error=Status{code=ABORTED, description=null, cause=null}}");
+  }
+}
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
index 740f534e136..6afe010de4d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -500,3 +500,4 @@ configurations {
 }
 
 tasks.register('checkForUpdates', CheckForUpdatesTask, project.configurations.checkForUpdates, "libs")
+
diff --git a/core/src/main/java/io/grpc/internal/DnsNameResolver.java b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
index df51d6f2c5c..b59de833d7c 100644
--- a/core/src/main/java/io/grpc/internal/DnsNameResolver.java
+++ b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
@@ -32,6 +32,7 @@
 import io.grpc.ProxiedSocketAddress;
 import io.grpc.ProxyDetector;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import java.io.IOException;
@@ -59,7 +60,7 @@
  * A DNS-based {@link NameResolver}.
  *
  * <p>Each {@code A} or {@code AAAA} record emits an {@link EquivalentAddressGroup} in the list
- * passed to {@link NameResolver.Listener2#onResult(ResolutionResult)}.
+ * passed to {@link NameResolver.Listener2#onResult2(ResolutionResult)}.
  *
  * @see DnsNameResolverProvider
  */
@@ -313,15 +314,20 @@ public void run() {
           if (logger.isLoggable(Level.FINER)) {
             logger.finer("Using proxy address " + proxiedAddr);
           }
-          resolutionResultBuilder.setAddresses(Collections.singletonList(proxiedAddr));
+          resolutionResultBuilder.setAddressesOrError(
+              StatusOr.fromValue(Collections.singletonList(proxiedAddr)));
         } else {
           result = doResolve(false);
           if (result.error != null) {
-            savedListener.onError(result.error);
+            InternalResolutionResult finalResult = result;
+            syncContext.execute(() ->
+                savedListener.onResult2(ResolutionResult.newBuilder()
+                    .setAddressesOrError(StatusOr.fromStatus(finalResult.error))
+                    .build()));
             return;
           }
           if (result.addresses != null) {
-            resolutionResultBuilder.setAddresses(result.addresses);
+            resolutionResultBuilder.setAddressesOrError(StatusOr.fromValue(result.addresses));
           }
           if (result.config != null) {
             resolutionResultBuilder.setServiceConfig(result.config);
@@ -334,8 +340,12 @@ public void run() {
           savedListener.onResult2(resolutionResultBuilder.build());
         });
       } catch (IOException e) {
-        savedListener.onError(
-            Status.UNAVAILABLE.withDescription("Unable to resolve host " + host).withCause(e));
+        syncContext.execute(() ->
+            savedListener.onResult2(ResolutionResult.newBuilder()
+                .setAddressesOrError(
+                    StatusOr.fromStatus(
+                        Status.UNAVAILABLE.withDescription(
+                            "Unable to resolve host " + host).withCause(e))).build()));
       } finally {
         final boolean succeed = result != null && result.error == null;
         syncContext.execute(new Runnable() {
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 36d79f4011b..cda4299acec 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -81,6 +81,7 @@
 import io.grpc.NameResolverRegistry;
 import io.grpc.ProxyDetector;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.SynchronizationContext.ScheduledHandle;
 import io.grpc.internal.AutoConfiguredLoadBalancerFactory.AutoConfiguredLoadBalancer;
@@ -1701,7 +1702,13 @@ public Status onResult2(final ResolutionResult resolutionResult) {
         return Status.OK;
       }
 
-      List<EquivalentAddressGroup> servers = resolutionResult.getAddresses();
+      StatusOr<List<EquivalentAddressGroup>> serversOrError =
+          resolutionResult.getAddressesOrError();
+      if (!serversOrError.hasValue()) {
+        handleErrorInSyncContext(serversOrError.getStatus());
+        return serversOrError.getStatus();
+      }
+      List<EquivalentAddressGroup> servers = serversOrError.getValue();
       channelLogger.log(
           ChannelLogLevel.DEBUG,
           "Resolved address: {0}, config={1}",
@@ -1709,10 +1716,10 @@ public Status onResult2(final ResolutionResult resolutionResult) {
           resolutionResult.getAttributes());
 
       if (lastResolutionState != ResolutionState.SUCCESS) {
-        channelLogger.log(ChannelLogLevel.INFO, "Address resolved: {0}", servers);
+        channelLogger.log(ChannelLogLevel.INFO, "Address resolved: {0}",
+            servers);
         lastResolutionState = ResolutionState.SUCCESS;
       }
-
       ConfigOrError configOrError = resolutionResult.getServiceConfig();
       InternalConfigSelector resolvedConfigSelector =
           resolutionResult.getAttributes().get(InternalConfigSelector.KEY);
@@ -1788,7 +1795,7 @@ public Status onResult2(final ResolutionResult resolutionResult) {
         }
 
         try {
-          // TODO(creamsoup): when `servers` is empty and lastResolutionStateCopy == SUCCESS
+          // TODO(creamsoup): when `serversOrError` is empty and lastResolutionStateCopy == SUCCESS
           //  and lbNeedAddress, it shouldn't call the handleServiceConfigUpdate. But,
           //  lbNeedAddress is not deterministic
           serviceConfigUpdated = true;
@@ -1814,12 +1821,13 @@ public Status onResult2(final ResolutionResult resolutionResult) {
         }
         Attributes attributes = attrBuilder.build();
 
-        return helper.lb.tryAcceptResolvedAddresses(
-            ResolvedAddresses.newBuilder()
-                .setAddresses(servers)
-                .setAttributes(attributes)
-                .setLoadBalancingPolicyConfig(effectiveServiceConfig.getLoadBalancingConfig())
-                .build());
+        ResolvedAddresses.Builder resolvedAddresses = ResolvedAddresses.newBuilder()
+            .setAddresses(serversOrError.getValue())
+            .setAttributes(attributes)
+            .setLoadBalancingPolicyConfig(effectiveServiceConfig.getLoadBalancingConfig());
+        Status addressAcceptanceStatus = helper.lb.tryAcceptResolvedAddresses(
+            resolvedAddresses.build());
+        return addressAcceptanceStatus;
       }
       return Status.OK;
     }
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
index 7da9125087e..48a255472e1 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
@@ -45,6 +45,7 @@
 import io.grpc.NameResolverProvider;
 import io.grpc.NameResolverRegistry;
 import io.grpc.ProxyDetector;
+import io.grpc.StatusOr;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.SocketAddress;
@@ -877,9 +878,11 @@ public String getServiceAuthority() {
 
         @Override
         public void start(Listener2 listener) {
-          listener.onResult(
+          listener.onResult2(
               ResolutionResult.newBuilder()
-                  .setAddresses(Collections.singletonList(new EquivalentAddressGroup(address)))
+                  .setAddressesOrError(
+                      StatusOr.fromValue(
+                          Collections.singletonList(new EquivalentAddressGroup(address))))
                   .setAttributes(Attributes.EMPTY)
                   .build());
         }
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
index 0512171f4e7..be304ad326b 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
@@ -24,6 +24,7 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.mock;
@@ -152,12 +153,11 @@ public void close(Executor instance) {}
   private NameResolver.Listener2 mockListener;
   @Captor
   private ArgumentCaptor<ResolutionResult> resultCaptor;
-  @Captor
-  private ArgumentCaptor<Status> errorCaptor;
   @Nullable
   private String networkaddressCacheTtlPropertyValue;
   @Mock
   private RecordFetcher recordFetcher;
+  @Mock private ProxyDetector mockProxyDetector;
 
   private RetryingNameResolver newResolver(String name, int defaultPort) {
     return newResolver(
@@ -570,7 +570,7 @@ public List<InetAddress> resolveAddress(String host) throws Exception {
     ArgumentCaptor<ResolutionResult> ac = ArgumentCaptor.forClass(ResolutionResult.class);
     verify(mockListener).onResult2(ac.capture());
     verifyNoMoreInteractions(mockListener);
-    assertThat(ac.getValue().getAddresses()).isEmpty();
+    assertThat(ac.getValue().getAddressesOrError().getValue()).isEmpty();
     assertThat(ac.getValue().getServiceConfig()).isNull();
     verify(mockResourceResolver, never()).resolveSrv(anyString());
 
@@ -578,6 +578,39 @@ public List<InetAddress> resolveAddress(String host) throws Exception {
     assertEquals(0, fakeExecutor.numPendingTasks());
   }
 
+  @Test
+  public void resolve_addressResolutionError() throws Exception {
+    DnsNameResolver.enableTxt = true;
+    when(mockProxyDetector.proxyFor(any(SocketAddress.class))).thenThrow(new IOException());
+    RetryingNameResolver resolver = newResolver(
+        "addr.fake:1234", 443, mockProxyDetector, Stopwatch.createUnstarted());
+    DnsNameResolver dnsResolver = (DnsNameResolver) resolver.getRetriedNameResolver();
+    dnsResolver.setAddressResolver(new AddressResolver() {
+      @Override
+      public List<InetAddress> resolveAddress(String host) throws Exception {
+        return Collections.emptyList();
+      }
+    });
+    ResourceResolver mockResourceResolver = mock(ResourceResolver.class);
+    when(mockResourceResolver.resolveTxt(anyString()))
+        .thenReturn(Collections.<String>emptyList());
+
+    dnsResolver.setResourceResolver(mockResourceResolver);
+
+    resolver.start(mockListener);
+    assertThat(fakeExecutor.runDueTasks()).isEqualTo(1);
+
+    ArgumentCaptor<ResolutionResult> ac = ArgumentCaptor.forClass(ResolutionResult.class);
+    verify(mockListener).onResult2(ac.capture());
+    verifyNoMoreInteractions(mockListener);
+    assertThat(ac.getValue().getAddressesOrError().getStatus().getCode()).isEqualTo(
+        Status.UNAVAILABLE.getCode());
+    assertThat(ac.getValue().getAddressesOrError().getStatus().getDescription()).isEqualTo(
+        "Unable to resolve host addr.fake");
+    assertThat(ac.getValue().getAddressesOrError().getStatus().getCause())
+        .isInstanceOf(IOException.class);
+  }
+
   // Load balancer rejects the empty addresses.
   @Test
   public void resolve_emptyResult_notAccepted() throws Exception {
@@ -604,7 +637,7 @@ public List<InetAddress> resolveAddress(String host) throws Exception {
     ArgumentCaptor<ResolutionResult> ac = ArgumentCaptor.forClass(ResolutionResult.class);
     verify(mockListener).onResult2(ac.capture());
     verifyNoMoreInteractions(mockListener);
-    assertThat(ac.getValue().getAddresses()).isEmpty();
+    assertThat(ac.getValue().getAddressesOrError().getValue()).isEmpty();
     assertThat(ac.getValue().getServiceConfig()).isNull();
     verify(mockResourceResolver, never()).resolveSrv(anyString());
 
@@ -632,7 +665,7 @@ public void resolve_nullResourceResolver() throws Exception {
     ResolutionResult result = resultCaptor.getValue();
     InetSocketAddress resolvedBackendAddr =
         (InetSocketAddress) Iterables.getOnlyElement(
-            Iterables.getOnlyElement(result.getAddresses()).getAddresses());
+            Iterables.getOnlyElement(result.getAddressesOrError().getValue()).getAddresses());
     assertThat(resolvedBackendAddr.getAddress()).isEqualTo(backendAddr);
     verify(mockAddressResolver).resolveAddress(name);
     assertThat(result.getServiceConfig()).isNull();
@@ -647,6 +680,7 @@ public void resolve_nullResourceResolver_addressFailure() throws Exception {
     AddressResolver mockAddressResolver = mock(AddressResolver.class);
     when(mockAddressResolver.resolveAddress(anyString()))
         .thenThrow(new IOException("no addr"));
+    when(mockListener.onResult2(isA(ResolutionResult.class))).thenReturn(Status.UNAVAILABLE);
     String name = "foo.googleapis.com";
 
     RetryingNameResolver resolver = newResolver(name, 81);
@@ -655,8 +689,8 @@ public void resolve_nullResourceResolver_addressFailure() throws Exception {
     dnsResolver.setResourceResolver(null);
     resolver.start(mockListener);
     assertEquals(1, fakeExecutor.runDueTasks());
-    verify(mockListener).onError(errorCaptor.capture());
-    Status errorStatus = errorCaptor.getValue();
+    verify(mockListener).onResult2(resultCaptor.capture());
+    Status errorStatus = resultCaptor.getValue().getAddressesOrError().getStatus();
     assertThat(errorStatus.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(errorStatus.getCause()).hasMessageThat().contains("no addr");
 
@@ -704,7 +738,7 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
     ResolutionResult result = resultCaptor.getValue();
     InetSocketAddress resolvedBackendAddr =
         (InetSocketAddress) Iterables.getOnlyElement(
-            Iterables.getOnlyElement(result.getAddresses()).getAddresses());
+            Iterables.getOnlyElement(result.getAddressesOrError().getValue()).getAddresses());
     assertThat(resolvedBackendAddr.getAddress()).isEqualTo(backendAddr);
     assertThat(result.getServiceConfig().getConfig()).isNotNull();
     verify(mockAddressResolver).resolveAddress(name);
@@ -720,6 +754,7 @@ public void resolve_addressFailure_neverLookUpServiceConfig() throws Exception {
     AddressResolver mockAddressResolver = mock(AddressResolver.class);
     when(mockAddressResolver.resolveAddress(anyString()))
         .thenThrow(new IOException("no addr"));
+    when(mockListener.onResult2(isA(ResolutionResult.class))).thenReturn(Status.UNAVAILABLE);
     String name = "foo.googleapis.com";
 
     ResourceResolver mockResourceResolver = mock(ResourceResolver.class);
@@ -729,8 +764,8 @@ public void resolve_addressFailure_neverLookUpServiceConfig() throws Exception {
     dnsResolver.setResourceResolver(mockResourceResolver);
     resolver.start(mockListener);
     assertEquals(1, fakeExecutor.runDueTasks());
-    verify(mockListener).onError(errorCaptor.capture());
-    Status errorStatus = errorCaptor.getValue();
+    verify(mockListener).onResult2(resultCaptor.capture());
+    Status errorStatus = resultCaptor.getValue().getAddressesOrError().getStatus();
     assertThat(errorStatus.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(errorStatus.getCause()).hasMessageThat().contains("no addr");
     verify(mockResourceResolver, never()).resolveTxt(anyString());
@@ -762,7 +797,7 @@ public void resolve_serviceConfigLookupFails_nullServiceConfig() throws Exceptio
     ResolutionResult result = resultCaptor.getValue();
     InetSocketAddress resolvedBackendAddr =
         (InetSocketAddress) Iterables.getOnlyElement(
-            Iterables.getOnlyElement(result.getAddresses()).getAddresses());
+            Iterables.getOnlyElement(result.getAddressesOrError().getValue()).getAddresses());
     assertThat(resolvedBackendAddr.getAddress()).isEqualTo(backendAddr);
     verify(mockAddressResolver).resolveAddress(name);
     assertThat(result.getServiceConfig()).isNull();
@@ -794,7 +829,7 @@ public void resolve_serviceConfigMalformed_serviceConfigError() throws Exception
     ResolutionResult result = resultCaptor.getValue();
     InetSocketAddress resolvedBackendAddr =
         (InetSocketAddress) Iterables.getOnlyElement(
-            Iterables.getOnlyElement(result.getAddresses()).getAddresses());
+            Iterables.getOnlyElement(result.getAddressesOrError().getValue()).getAddresses());
     assertThat(resolvedBackendAddr.getAddress()).isEqualTo(backendAddr);
     verify(mockAddressResolver).resolveAddress(name);
     assertThat(result.getServiceConfig()).isNotNull();
@@ -859,7 +894,7 @@ public HttpConnectProxiedSocketAddress proxyFor(SocketAddress targetAddress) {
     assertEquals(1, fakeExecutor.runDueTasks());
 
     verify(mockListener).onResult2(resultCaptor.capture());
-    List<EquivalentAddressGroup> result = resultCaptor.getValue().getAddresses();
+    List<EquivalentAddressGroup> result = resultCaptor.getValue().getAddressesOrError().getValue();
     assertThat(result).hasSize(1);
     EquivalentAddressGroup eag = result.get(0);
     assertThat(eag.getAddresses()).hasSize(1);
@@ -1299,9 +1334,9 @@ private List<InetAddress> createAddressList(int n) throws UnknownHostException {
 
   private static void assertAnswerMatches(
       List<InetAddress> addrs, int port, ResolutionResult resolutionResult) {
-    assertThat(resolutionResult.getAddresses()).hasSize(addrs.size());
+    assertThat(resolutionResult.getAddressesOrError().getValue()).hasSize(addrs.size());
     for (int i = 0; i < addrs.size(); i++) {
-      EquivalentAddressGroup addrGroup = resolutionResult.getAddresses().get(i);
+      EquivalentAddressGroup addrGroup = resolutionResult.getAddressesOrError().getValue().get(i);
       InetSocketAddress socketAddr =
           (InetSocketAddress) Iterables.getOnlyElement(addrGroup.getAddresses());
       assertEquals("Addr " + i, port, socketAddr.getPort());
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplIdlenessTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplIdlenessTest.java
index 90008c1be30..293d0e70961 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplIdlenessTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplIdlenessTest.java
@@ -63,6 +63,7 @@
 import io.grpc.NameResolver.ResolutionResult;
 import io.grpc.NameResolverProvider;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.StringMarshaller;
 import io.grpc.internal.FakeClock.ScheduledTask;
 import io.grpc.internal.ManagedChannelImplBuilder.UnsupportedClientTransportFactoryBuilder;
@@ -615,7 +616,7 @@ private void deliverResolutionResult() {
     // the NameResolver.
     ResolutionResult resolutionResult =
         ResolutionResult.newBuilder()
-            .setAddresses(servers)
+            .setAddressesOrError(StatusOr.fromValue(servers))
             .setAttributes(Attributes.EMPTY)
             .build();
     nameResolverListenerCaptor.getValue().onResult(resolutionResult);
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index bea14bcef47..16700096827 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -116,6 +116,7 @@
 import io.grpc.ServerMethodDefinition;
 import io.grpc.Status;
 import io.grpc.Status.Code;
+import io.grpc.StatusOr;
 import io.grpc.StringMarshaller;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
@@ -1056,7 +1057,7 @@ public void noMoreCallbackAfterLoadBalancerShutdown() {
     verifyNoMoreInteractions(mockLoadBalancer);
   }
 
-  @Test
+  @Test  
   public void noMoreCallbackAfterLoadBalancerShutdown_configError() throws InterruptedException {
     FakeNameResolverFactory nameResolverFactory =
         new FakeNameResolverFactory.Builder(expectedUri)
@@ -1095,7 +1096,10 @@ public void noMoreCallbackAfterLoadBalancerShutdown_configError() throws Interru
     verify(stateListener2).onSubchannelState(stateInfoCaptor.capture());
     assertSame(CONNECTING, stateInfoCaptor.getValue().getState());
 
-    resolver.listener.onError(resolutionError);
+    channel.syncContext.execute(() ->
+        resolver.listener.onResult2(
+            ResolutionResult.newBuilder()
+                .setAddressesOrError(StatusOr.fromStatus(resolutionError)).build()));
     verify(mockLoadBalancer).handleNameResolutionError(resolutionError);
 
     verifyNoMoreInteractions(mockLoadBalancer);
@@ -1117,13 +1121,10 @@ public void noMoreCallbackAfterLoadBalancerShutdown_configError() throws Interru
     verifyNoMoreInteractions(stateListener1, stateListener2);
 
     // No more callback should be delivered to LoadBalancer after it's shut down
-    resolver.listener.onResult(
-        ResolutionResult.newBuilder()
-            .setAddresses(new ArrayList<>())
-            .setServiceConfig(
-                ConfigOrError.fromError(Status.UNAVAILABLE.withDescription("Resolution failed")))
-            .build());
-    Thread.sleep(1100);
+    channel.syncContext.execute(() ->
+        resolver.listener.onResult2(
+            ResolutionResult.newBuilder()
+                .setAddressesOrError(StatusOr.fromStatus(resolutionError)).build()));
     assertThat(timer.getPendingTasks()).isEmpty();
     resolver.resolved();
     verifyNoMoreInteractions(mockLoadBalancer);
@@ -3286,11 +3287,19 @@ public void channelTracing_nameResolvedEvent_zeorAndNonzeroBackends_usesListener
     assertThat(getStats(channel).channelTrace.events).hasSize(prevSize);
 
     prevSize = getStats(channel).channelTrace.events.size();
-    nameResolverFactory.resolvers.get(0).listener.onError(Status.INTERNAL);
+    channel.syncContext.execute(() ->
+        nameResolverFactory.resolvers.get(0).listener.onResult2(
+            ResolutionResult.newBuilder()
+              .setAddressesOrError(
+                  StatusOr.fromStatus(Status.INTERNAL)).build()));
     assertThat(getStats(channel).channelTrace.events).hasSize(prevSize + 1);
 
     prevSize = getStats(channel).channelTrace.events.size();
-    nameResolverFactory.resolvers.get(0).listener.onError(Status.INTERNAL);
+    channel.syncContext.execute(() ->
+        nameResolverFactory.resolvers.get(0).listener.onResult2(
+            ResolutionResult.newBuilder()
+                .setAddressesOrError(
+                    StatusOr.fromStatus(Status.INTERNAL)).build()));
     assertThat(getStats(channel).channelTrace.events).hasSize(prevSize);
 
     prevSize = getStats(channel).channelTrace.events.size();
@@ -4919,7 +4928,10 @@ final class FakeNameResolver extends NameResolver {
 
       void resolved() {
         if (error != null) {
-          listener.onError(error);
+          syncContext.execute(() ->
+              listener.onResult2(
+                  ResolutionResult.newBuilder()
+                      .setAddressesOrError(StatusOr.fromStatus(error)).build()));
           return;
         }
         ResolutionResult.Builder builder =
diff --git a/grpclb/src/test/java/io/grpc/grpclb/GrpclbNameResolverTest.java b/grpclb/src/test/java/io/grpc/grpclb/GrpclbNameResolverTest.java
index c195a78e6f4..1aa11ecf9af 100644
--- a/grpclb/src/test/java/io/grpc/grpclb/GrpclbNameResolverTest.java
+++ b/grpclb/src/test/java/io/grpc/grpclb/GrpclbNameResolverTest.java
@@ -96,7 +96,6 @@ public void close(Executor instance) {}
   }
 
   @Captor private ArgumentCaptor<ResolutionResult> resultCaptor;
-  @Captor private ArgumentCaptor<Status> errorCaptor;
   @Mock private ServiceConfigParser serviceConfigParser;
   @Mock private NameResolver.Listener2 mockListener;
 
@@ -154,7 +153,7 @@ public List<SrvRecord> resolveSrv(String host) throws Exception {
 
     verify(mockListener).onResult2(resultCaptor.capture());
     ResolutionResult result = resultCaptor.getValue();
-    assertThat(result.getAddresses()).isEmpty();
+    assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertThat(result.getAttributes()).isEqualTo(Attributes.EMPTY);
     assertThat(result.getServiceConfig()).isNull();
   }
@@ -196,7 +195,7 @@ public ConfigOrError answer(InvocationOnMock invocation) {
     ResolutionResult result = resultCaptor.getValue();
     InetSocketAddress resolvedBackendAddr =
         (InetSocketAddress) Iterables.getOnlyElement(
-            Iterables.getOnlyElement(result.getAddresses()).getAddresses());
+            Iterables.getOnlyElement(result.getAddressesOrError().getValue()).getAddresses());
     assertThat(resolvedBackendAddr.getAddress()).isEqualTo(backendAddr);
     EquivalentAddressGroup resolvedBalancerAddr =
         Iterables.getOnlyElement(result.getAttributes().get(GrpclbConstants.ATTR_LB_ADDRS));
@@ -227,7 +226,7 @@ public void resolve_nullResourceResolver() throws Exception {
     assertThat(fakeClock.runDueTasks()).isEqualTo(1);
     verify(mockListener).onResult2(resultCaptor.capture());
     ResolutionResult result = resultCaptor.getValue();
-    assertThat(result.getAddresses())
+    assertThat(result.getAddressesOrError().getValue())
         .containsExactly(
             new EquivalentAddressGroup(new InetSocketAddress(backendAddr, DEFAULT_PORT)));
     assertThat(result.getAttributes()).isEqualTo(Attributes.EMPTY);
@@ -245,8 +244,8 @@ public void resolve_nullResourceResolver_addressFailure() throws Exception {
 
     resolver.start(mockListener);
     assertThat(fakeClock.runDueTasks()).isEqualTo(1);
-    verify(mockListener).onError(errorCaptor.capture());
-    Status errorStatus = errorCaptor.getValue();
+    verify(mockListener).onResult2(resultCaptor.capture());
+    Status errorStatus = resultCaptor.getValue().getAddressesOrError().getStatus();
     assertThat(errorStatus.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(errorStatus.getCause()).hasMessageThat().contains("no addr");
   }
@@ -274,7 +273,7 @@ public void resolve_addressFailure_stillLookUpBalancersAndServiceConfig() throws
     assertThat(fakeClock.runDueTasks()).isEqualTo(1);
     verify(mockListener).onResult2(resultCaptor.capture());
     ResolutionResult result = resultCaptor.getValue();
-    assertThat(result.getAddresses()).isEmpty();
+    assertThat(result.getAddressesOrError().getValue()).isEmpty();
     EquivalentAddressGroup resolvedBalancerAddr =
         Iterables.getOnlyElement(result.getAttributes().get(GrpclbConstants.ATTR_LB_ADDRS));
     assertThat(resolvedBalancerAddr.getAttributes().get(GrpclbConstants.ATTR_LB_ADDR_AUTHORITY))
@@ -311,7 +310,7 @@ public void resolveAll_balancerLookupFails_stillLookUpServiceConfig() throws Exc
 
     InetSocketAddress resolvedBackendAddr =
         (InetSocketAddress) Iterables.getOnlyElement(
-            Iterables.getOnlyElement(result.getAddresses()).getAddresses());
+            Iterables.getOnlyElement(result.getAddressesOrError().getValue()).getAddresses());
     assertThat(resolvedBackendAddr.getAddress()).isEqualTo(backendAddr);
     assertThat(result.getAttributes().get(GrpclbConstants.ATTR_LB_ADDRS)).isNull();
     verify(mockAddressResolver).resolveAddress(hostName);
@@ -335,8 +334,8 @@ public void resolve_addressAndBalancersLookupFail_neverLookupServiceConfig() thr
 
     resolver.start(mockListener);
     assertThat(fakeClock.runDueTasks()).isEqualTo(1);
-    verify(mockListener).onError(errorCaptor.capture());
-    Status errorStatus = errorCaptor.getValue();
+    verify(mockListener).onResult2(resultCaptor.capture());
+    Status errorStatus = resultCaptor.getValue().getAddressesOrError().getStatus();
     assertThat(errorStatus.getCode()).isEqualTo(Code.UNAVAILABLE);
     verify(mockAddressResolver).resolveAddress(hostName);
     verify(mockResourceResolver, never()).resolveTxt("_grpc_config." + hostName);
diff --git a/netty/src/main/java/io/grpc/netty/UdsNameResolver.java b/netty/src/main/java/io/grpc/netty/UdsNameResolver.java
index 8fa8ea06250..de14dc8b460 100644
--- a/netty/src/main/java/io/grpc/netty/UdsNameResolver.java
+++ b/netty/src/main/java/io/grpc/netty/UdsNameResolver.java
@@ -22,16 +22,16 @@
 import com.google.common.base.Preconditions;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.NameResolver;
+import io.grpc.StatusOr;
 import io.netty.channel.unix.DomainSocketAddress;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 
 final class UdsNameResolver extends NameResolver {
   private NameResolver.Listener2 listener;
   private final String authority;
 
-  UdsNameResolver(String authority, String targetPath) {
+  UdsNameResolver(String authority, String targetPath, Args args) {
     checkArgument(authority == null, "non-null authority not supported");
     this.authority = targetPath;
   }
@@ -57,8 +57,8 @@ private void resolve() {
     ResolutionResult.Builder resolutionResultBuilder = ResolutionResult.newBuilder();
     List<EquivalentAddressGroup> servers = new ArrayList<>(1);
     servers.add(new EquivalentAddressGroup(new DomainSocketAddress(authority)));
-    resolutionResultBuilder.setAddresses(Collections.unmodifiableList(servers));
-    listener.onResult(resolutionResultBuilder.build());
+    resolutionResultBuilder.setAddressesOrError(StatusOr.fromValue(servers));
+    listener.onResult2(resolutionResultBuilder.build());
   }
 
   @Override
diff --git a/netty/src/main/java/io/grpc/netty/UdsNameResolverProvider.java b/netty/src/main/java/io/grpc/netty/UdsNameResolverProvider.java
index 9f594193b4c..fe6300057fd 100644
--- a/netty/src/main/java/io/grpc/netty/UdsNameResolverProvider.java
+++ b/netty/src/main/java/io/grpc/netty/UdsNameResolverProvider.java
@@ -34,7 +34,7 @@ public final class UdsNameResolverProvider extends NameResolverProvider {
   @Override
   public UdsNameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
     if (SCHEME.equals(targetUri.getScheme())) {
-      return new UdsNameResolver(targetUri.getAuthority(), getTargetPathFromUri(targetUri));
+      return new UdsNameResolver(targetUri.getAuthority(), getTargetPathFromUri(targetUri), args);
     } else {
       return null;
     }
diff --git a/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java b/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
index 6a329c8fc68..9dacf00cfad 100644
--- a/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
+++ b/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
@@ -18,10 +18,16 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
+import io.grpc.ChannelLogger;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.NameResolver;
+import io.grpc.NameResolver.ServiceConfigParser;
+import io.grpc.SynchronizationContext;
+import io.grpc.internal.FakeClock;
+import io.grpc.internal.GrpcUtil;
 import io.netty.channel.unix.DomainSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
@@ -39,7 +45,7 @@
 /** Unit tests for {@link UdsNameResolverProvider}. */
 @RunWith(JUnit4.class)
 public class UdsNameResolverProviderTest {
-
+  private static final int DEFAULT_PORT = 887;
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
 
@@ -51,16 +57,29 @@ public class UdsNameResolverProviderTest {
 
   UdsNameResolverProvider udsNameResolverProvider = new UdsNameResolverProvider();
 
+  private final SynchronizationContext syncContext = new SynchronizationContext(
+      (t, e) -> {
+        throw new AssertionError(e);
+      });
+  private final FakeClock fakeExecutor = new FakeClock();
+  private final NameResolver.Args args = NameResolver.Args.newBuilder()
+      .setDefaultPort(DEFAULT_PORT)
+      .setProxyDetector(GrpcUtil.DEFAULT_PROXY_DETECTOR)
+      .setSynchronizationContext(syncContext)
+      .setServiceConfigParser(mock(ServiceConfigParser.class))
+      .setChannelLogger(mock(ChannelLogger.class))
+      .setScheduledExecutorService(fakeExecutor.getScheduledExecutorService())
+      .build();
 
   @Test
   public void testUnixRelativePath() {
     UdsNameResolver udsNameResolver =
-        udsNameResolverProvider.newNameResolver(URI.create("unix:sock.sock"), null);
+        udsNameResolverProvider.newNameResolver(URI.create("unix:sock.sock"), args);
     assertThat(udsNameResolver).isNotNull();
     udsNameResolver.start(mockListener);
-    verify(mockListener).onResult(resultCaptor.capture());
+    verify(mockListener).onResult2(resultCaptor.capture());
     NameResolver.ResolutionResult result = resultCaptor.getValue();
-    List<EquivalentAddressGroup> list = result.getAddresses();
+    List<EquivalentAddressGroup> list = result.getAddressesOrError().getValue();
     assertThat(list).isNotNull();
     assertThat(list).hasSize(1);
     EquivalentAddressGroup eag = list.get(0);
@@ -75,12 +94,12 @@ public void testUnixRelativePath() {
   @Test
   public void testUnixAbsolutePath() {
     UdsNameResolver udsNameResolver =
-        udsNameResolverProvider.newNameResolver(URI.create("unix:/sock.sock"), null);
+        udsNameResolverProvider.newNameResolver(URI.create("unix:/sock.sock"), args);
     assertThat(udsNameResolver).isNotNull();
     udsNameResolver.start(mockListener);
-    verify(mockListener).onResult(resultCaptor.capture());
+    verify(mockListener).onResult2(resultCaptor.capture());
     NameResolver.ResolutionResult result = resultCaptor.getValue();
-    List<EquivalentAddressGroup> list = result.getAddresses();
+    List<EquivalentAddressGroup> list = result.getAddressesOrError().getValue();
     assertThat(list).isNotNull();
     assertThat(list).hasSize(1);
     EquivalentAddressGroup eag = list.get(0);
@@ -95,12 +114,12 @@ public void testUnixAbsolutePath() {
   @Test
   public void testUnixAbsoluteAlternatePath() {
     UdsNameResolver udsNameResolver =
-        udsNameResolverProvider.newNameResolver(URI.create("unix:///sock.sock"), null);
+        udsNameResolverProvider.newNameResolver(URI.create("unix:///sock.sock"), args);
     assertThat(udsNameResolver).isNotNull();
     udsNameResolver.start(mockListener);
-    verify(mockListener).onResult(resultCaptor.capture());
+    verify(mockListener).onResult2(resultCaptor.capture());
     NameResolver.ResolutionResult result = resultCaptor.getValue();
-    List<EquivalentAddressGroup> list = result.getAddresses();
+    List<EquivalentAddressGroup> list = result.getAddressesOrError().getValue();
     assertThat(list).isNotNull();
     assertThat(list).hasSize(1);
     EquivalentAddressGroup eag = list.get(0);
@@ -115,7 +134,7 @@ public void testUnixAbsoluteAlternatePath() {
   @Test
   public void testUnixPathWithAuthority() {
     try {
-      udsNameResolverProvider.newNameResolver(URI.create("unix://localhost/sock.sock"), null);
+      udsNameResolverProvider.newNameResolver(URI.create("unix://localhost/sock.sock"), args);
       fail("exception expected");
     } catch (IllegalArgumentException e) {
       assertThat(e).hasMessageThat().isEqualTo("non-null authority not supported");
diff --git a/netty/src/test/java/io/grpc/netty/UdsNameResolverTest.java b/netty/src/test/java/io/grpc/netty/UdsNameResolverTest.java
index 8eb010e23e5..22790a41c77 100644
--- a/netty/src/test/java/io/grpc/netty/UdsNameResolverTest.java
+++ b/netty/src/test/java/io/grpc/netty/UdsNameResolverTest.java
@@ -18,10 +18,16 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
+import io.grpc.ChannelLogger;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.NameResolver;
+import io.grpc.NameResolver.ServiceConfigParser;
+import io.grpc.SynchronizationContext;
+import io.grpc.internal.FakeClock;
+import io.grpc.internal.GrpcUtil;
 import io.netty.channel.unix.DomainSocketAddress;
 import java.net.SocketAddress;
 import java.util.List;
@@ -41,7 +47,20 @@ public class UdsNameResolverTest {
 
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
-
+  private static final int DEFAULT_PORT = 887;
+  private final FakeClock fakeExecutor = new FakeClock();
+  private final SynchronizationContext syncContext = new SynchronizationContext(
+      (t, e) -> {
+        throw new AssertionError(e);
+      });
+  private final NameResolver.Args args = NameResolver.Args.newBuilder()
+      .setDefaultPort(DEFAULT_PORT)
+      .setProxyDetector(GrpcUtil.DEFAULT_PROXY_DETECTOR)
+      .setSynchronizationContext(syncContext)
+      .setServiceConfigParser(mock(ServiceConfigParser.class))
+      .setChannelLogger(mock(ChannelLogger.class))
+      .setScheduledExecutorService(fakeExecutor.getScheduledExecutorService())
+      .build();
   @Mock
   private NameResolver.Listener2 mockListener;
 
@@ -52,11 +71,11 @@ public class UdsNameResolverTest {
 
   @Test
   public void testValidTargetPath() {
-    udsNameResolver = new UdsNameResolver(null, "sock.sock");
+    udsNameResolver = new UdsNameResolver(null, "sock.sock", args);
     udsNameResolver.start(mockListener);
-    verify(mockListener).onResult(resultCaptor.capture());
+    verify(mockListener).onResult2(resultCaptor.capture());
     NameResolver.ResolutionResult result = resultCaptor.getValue();
-    List<EquivalentAddressGroup> list = result.getAddresses();
+    List<EquivalentAddressGroup> list = result.getAddressesOrError().getValue();
     assertThat(list).isNotNull();
     assertThat(list).hasSize(1);
     EquivalentAddressGroup eag = list.get(0);
@@ -72,7 +91,7 @@ public void testValidTargetPath() {
   @Test
   public void testNonNullAuthority() {
     try {
-      udsNameResolver = new UdsNameResolver("authority", "sock.sock");
+      udsNameResolver = new UdsNameResolver("authority", "sock.sock", args);
       fail("exception expected");
     } catch (IllegalArgumentException e) {
       assertThat(e).hasMessageThat().isEqualTo("non-null authority not supported");
diff --git a/testing/src/main/java/io/grpc/internal/testing/FakeNameResolverProvider.java b/testing/src/main/java/io/grpc/internal/testing/FakeNameResolverProvider.java
index 4664dbcc436..c77f7f8945a 100644
--- a/testing/src/main/java/io/grpc/internal/testing/FakeNameResolverProvider.java
+++ b/testing/src/main/java/io/grpc/internal/testing/FakeNameResolverProvider.java
@@ -21,6 +21,7 @@
 import io.grpc.NameResolver;
 import io.grpc.NameResolverProvider;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import java.net.SocketAddress;
 import java.net.URI;
 import java.util.Collection;
@@ -81,9 +82,10 @@ public void start(Listener2 listener) {
       if (shutdown) {
         listener.onError(Status.FAILED_PRECONDITION.withDescription("Resolver is shutdown"));
       } else {
-        listener.onResult(
+        listener.onResult2(
             ResolutionResult.newBuilder()
-                .setAddresses(ImmutableList.of(new EquivalentAddressGroup(address)))
+                .setAddressesOrError(
+                    StatusOr.fromValue(ImmutableList.of(new EquivalentAddressGroup(address))))
                 .build());
       }
     }
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index d3c6bc8f9a0..0ecd77b12cb 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -52,6 +52,7 @@
 import io.grpc.NameResolverRegistry;
 import io.grpc.Status;
 import io.grpc.Status.Code;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.BackoffPolicy;
 import io.grpc.internal.FakeClock;
@@ -1306,7 +1307,8 @@ public void shutdown() {
     }
 
     private void deliverEndpointAddresses(List<EquivalentAddressGroup> addresses) {
-      listener.onResult(ResolutionResult.newBuilder().setAddresses(addresses).build());
+      listener.onResult(ResolutionResult.newBuilder()
+          .setAddressesOrError(StatusOr.fromValue(addresses)).build());
     }
 
     private void deliverError(Status error) {
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 24c2a43b83a..76b92cd8c03 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -737,7 +737,7 @@ public void resolved_simpleCallFailedToRoute_routeWithNonForwardingAction() {
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
-    assertThat(result.getAddresses()).isEmpty();
+    assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster2),
         (Map<String, ?>) result.getServiceConfig().getConfig());
@@ -1071,7 +1071,7 @@ public void resolved_simpleCallSucceeds_routeToWeightedCluster() {
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
-    assertThat(result.getAddresses()).isEmpty();
+    assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2), (Map<String, ?>) result.getServiceConfig().getConfig());
     assertThat(result.getAttributes().get(InternalXdsAttributes.XDS_CLIENT_POOL)).isNotNull();
@@ -1100,7 +1100,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
-    assertThat(result.getAddresses()).isEmpty();
+    assertThat(result.getAddressesOrError().getValue()).isEmpty();
     @SuppressWarnings("unchecked")
     Map<String, ?> resultServiceConfig = (Map<String, ?>) result.getServiceConfig().getConfig();
     List<Map<String, ?>> rawLbConfigs =
@@ -1181,7 +1181,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
   private void assertEmptyResolutionResult(String resource) {
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
-    assertThat(result.getAddresses()).isEmpty();
+    assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertThat((Map<String, ?>) result.getServiceConfig().getConfig()).isEmpty();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     Result configResult = configSelector.selectConfig(
@@ -1260,7 +1260,7 @@ private InternalConfigSelector resolveToClusters() {
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
-    assertThat(result.getAddresses()).isEmpty();
+    assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2), (Map<String, ?>) result.getServiceConfig().getConfig());
     assertThat(result.getAttributes().get(InternalXdsAttributes.XDS_CLIENT_POOL)).isNotNull();
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index 2c349eec4af..c6b8e7515b2 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -43,6 +43,7 @@
 import io.grpc.Server;
 import io.grpc.ServerCredentials;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.StatusRuntimeException;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.GrpcCleanupRule;
@@ -520,7 +521,8 @@ public void refresh() {
       }
 
       void resolved() {
-        ResolutionResult.Builder builder = ResolutionResult.newBuilder().setAddresses(servers);
+        ResolutionResult.Builder builder = ResolutionResult.newBuilder()
+            .setAddressesOrError(StatusOr.fromValue(servers));
         listener.onResult(builder.build());
       }
 

From 2aae68e11726e35576d78f8e568f9e389ed330bc Mon Sep 17 00:00:00 2001
From: yifeizhuang <yifeizhuang@gmail.com>
Date: Mon, 7 Oct 2024 10:44:27 -0700
Subject: [PATCH 039/591] report uncompressed message size when it does not
 need compression (#11598)

---
 .../io/grpc/internal/MessageDeframer.java     |  3 +-
 .../io/grpc/internal/MessageDeframerTest.java | 33 +++++++++++--------
 .../OpenTelemetryTracingModule.java           |  1 -
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/MessageDeframer.java b/core/src/main/java/io/grpc/internal/MessageDeframer.java
index c8b250c2143..13a01efec0a 100644
--- a/core/src/main/java/io/grpc/internal/MessageDeframer.java
+++ b/core/src/main/java/io/grpc/internal/MessageDeframer.java
@@ -406,7 +406,8 @@ private void processBody() {
     // There is no reliable way to get the uncompressed size per message when it's compressed,
     // because the uncompressed bytes are provided through an InputStream whose total size is
     // unknown until all bytes are read, and we don't know when it happens.
-    statsTraceCtx.inboundMessageRead(currentMessageSeqNo, inboundBodyWireSize, -1);
+    statsTraceCtx.inboundMessageRead(currentMessageSeqNo, inboundBodyWireSize,
+        (compressedFlag || fullStreamDecompressor != null) ? -1 : inboundBodyWireSize);
     inboundBodyWireSize = 0;
     InputStream stream = compressedFlag ? getCompressedBody() : getUncompressedBody();
     nextFrame.touch();
diff --git a/core/src/test/java/io/grpc/internal/MessageDeframerTest.java b/core/src/test/java/io/grpc/internal/MessageDeframerTest.java
index 1ec1ccb2082..8f1b908e999 100644
--- a/core/src/test/java/io/grpc/internal/MessageDeframerTest.java
+++ b/core/src/test/java/io/grpc/internal/MessageDeframerTest.java
@@ -133,7 +133,7 @@ public void simplePayload() {
       assertEquals(Bytes.asList(new byte[]{3, 14}), bytes(producer.getValue().next()));
       verify(listener, atLeastOnce()).bytesRead(anyInt());
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock, 2, 2);
+      checkStats(tracer, transportTracer.getStats(), fakeClock, useGzipInflatingBuffer, 2, 2);
     }
 
     @Test
@@ -148,7 +148,7 @@ public void smallCombinedPayloads() {
       verify(listener, atLeastOnce()).bytesRead(anyInt());
       assertEquals(Bytes.asList(new byte[]{14, 15}), bytes(streams.get(1).next()));
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock, 1, 1, 2, 2);
+      checkStats(tracer, transportTracer.getStats(), fakeClock, useGzipInflatingBuffer, 1, 1, 2, 2);
     }
 
     @Test
@@ -162,7 +162,7 @@ public void endOfStreamWithPayloadShouldNotifyEndOfStream() {
       verify(listener).deframerClosed(false);
       verify(listener, atLeastOnce()).bytesRead(anyInt());
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock, 1, 1);
+      checkStats(tracer, transportTracer.getStats(), fakeClock,  useGzipInflatingBuffer, 1, 1);
     }
 
     @Test
@@ -177,7 +177,7 @@ public void endOfStreamShouldNotifyEndOfStream() {
       }
       verify(listener).deframerClosed(false);
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock);
+      checkStats(tracer, transportTracer.getStats(), fakeClock, false);
     }
 
     @Test
@@ -189,7 +189,7 @@ public void endOfStreamWithPartialMessageShouldNotifyDeframerClosedWithPartialMe
       verify(listener, atLeastOnce()).bytesRead(anyInt());
       verify(listener).deframerClosed(true);
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock);
+      checkStats(tracer, transportTracer.getStats(), fakeClock, false);
     }
 
     @Test
@@ -206,7 +206,7 @@ public void endOfStreamWithInvalidGzipBlockShouldNotifyDeframerClosedWithPartial
       deframer.closeWhenComplete();
       verify(listener).deframerClosed(true);
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock);
+      checkStats(tracer, transportTracer.getStats(), fakeClock, false);
     }
 
     @Test
@@ -228,10 +228,11 @@ public void payloadSplitBetweenBuffers() {
             tracer,
             transportTracer.getStats(),
             fakeClock,
+            true,
             7 /* msg size */ + 2 /* second buffer adds two bytes of overhead in deflate block */,
             7);
       } else {
-        checkStats(tracer, transportTracer.getStats(), fakeClock, 7, 7);
+        checkStats(tracer, transportTracer.getStats(), fakeClock, false, 7, 7);
       }
     }
 
@@ -248,7 +249,7 @@ public void frameHeaderSplitBetweenBuffers() {
       assertEquals(Bytes.asList(new byte[]{3}), bytes(producer.getValue().next()));
       verify(listener, atLeastOnce()).bytesRead(anyInt());
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock, 1, 1);
+      checkStats(tracer, transportTracer.getStats(), fakeClock, useGzipInflatingBuffer, 1, 1);
     }
 
     @Test
@@ -259,7 +260,7 @@ public void emptyPayload() {
       assertEquals(Bytes.asList(), bytes(producer.getValue().next()));
       verify(listener, atLeastOnce()).bytesRead(anyInt());
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock, 0, 0);
+      checkStats(tracer, transportTracer.getStats(), fakeClock, useGzipInflatingBuffer, 0, 0);
     }
 
     @Test
@@ -273,9 +274,10 @@ public void largerFrameSize() {
       verify(listener, atLeastOnce()).bytesRead(anyInt());
       verifyNoMoreInteractions(listener);
       if (useGzipInflatingBuffer) {
-        checkStats(tracer, transportTracer.getStats(), fakeClock, 8 /* compressed size */, 1000);
+        checkStats(tracer, transportTracer.getStats(), fakeClock,true,
+            8 /* compressed size */, 1000);
       } else {
-        checkStats(tracer, transportTracer.getStats(), fakeClock, 1000, 1000);
+        checkStats(tracer, transportTracer.getStats(), fakeClock, false, 1000, 1000);
       }
     }
 
@@ -292,7 +294,7 @@ public void endOfStreamCallbackShouldWaitForMessageDelivery() {
       verify(listener).deframerClosed(false);
       verify(listener, atLeastOnce()).bytesRead(anyInt());
       verifyNoMoreInteractions(listener);
-      checkStats(tracer, transportTracer.getStats(), fakeClock, 1, 1);
+      checkStats(tracer, transportTracer.getStats(), fakeClock, useGzipInflatingBuffer, 1, 1);
     }
 
     @Test
@@ -308,6 +310,7 @@ public void compressed() {
       verify(listener).messagesAvailable(producer.capture());
       assertEquals(Bytes.asList(new byte[1000]), bytes(producer.getValue().next()));
       verify(listener, atLeastOnce()).bytesRead(anyInt());
+      checkStats(tracer, transportTracer.getStats(), fakeClock, true, 29, 1000);
       verifyNoMoreInteractions(listener);
     }
 
@@ -502,7 +505,8 @@ public void sizeEnforcingInputStream_markReset() throws IOException {
    * @param sizes in the format {wire0, uncompressed0, wire1, uncompressed1, ...}
    */
   private static void checkStats(
-      TestBaseStreamTracer tracer, TransportStats transportStats, FakeClock clock, long... sizes) {
+      TestBaseStreamTracer tracer, TransportStats transportStats, FakeClock clock,
+      boolean compressed, long... sizes) {
     assertEquals(0, sizes.length % 2);
     int count = sizes.length / 2;
     long expectedWireSize = 0;
@@ -510,7 +514,8 @@ private static void checkStats(
     for (int i = 0; i < count; i++) {
       assertEquals("inboundMessage(" + i + ")", tracer.nextInboundEvent());
       assertEquals(
-          String.format(Locale.US, "inboundMessageRead(%d, %d, -1)", i, sizes[i * 2]),
+          String.format(Locale.US, "inboundMessageRead(%d, %d, %d)", i, sizes[i * 2],
+              compressed ? -1 : sizes[i * 2 + 1]),
           tracer.nextInboundEvent());
       expectedWireSize += sizes[i * 2];
       expectedUncompressedSize += sizes[i * 2 + 1];
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
index 6f2d3268ae0..838ee0797a7 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
@@ -217,7 +217,6 @@ public void outboundMessageSent(
     @Override
     public void inboundMessageRead(
         int seqNo, long optionalWireSize, long optionalUncompressedSize) {
-      //TODO(yifeizhuang): needs support from message deframer.
       if (optionalWireSize != optionalUncompressedSize) {
         recordInboundCompressedMessage(span, seqNo, optionalWireSize);
       }

From 0a3c03446c35cab44d86e5aa4c5e53892a308947 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Tue, 8 Oct 2024 10:56:43 -0700
Subject: [PATCH 040/591] s2a: Correct type of exception thrown (#11588)

* throw IllegalArgumentException in ProtoUtil.

* throw exception in TrustManager in more standard way.

* handle IllegalArgumentException in SslContextFactory.

* Don't throw error on unknown TLS version.
---
 .../grpc/s2a/internal/handshaker/ProtoUtil.java  | 11 ++++++++---
 .../s2a/internal/handshaker/S2ATrustManager.java |  8 ++++----
 .../internal/handshaker/SslContextFactory.java   |  6 ++++--
 .../s2a/internal/handshaker/ProtoUtilTest.java   | 16 +++++++---------
 .../handshaker/SslContextFactoryTest.java        |  2 +-
 5 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
index 1d88d5a2b55..1f24727a083 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
@@ -27,7 +27,8 @@ final class ProtoUtil {
    *
    * @param tlsVersion the {@link TLSVersion} object to be converted.
    * @return a {@link String} representation of the TLS version.
-   * @throws AssertionError if the {@code tlsVersion} is not one of the supported TLS versions.
+   * @throws IllegalArgumentException if the {@code tlsVersion} is not one of
+   *     the supported TLS versions.
    */
   @VisibleForTesting
   static String convertTlsProtocolVersion(TLSVersion tlsVersion) {
@@ -41,7 +42,7 @@ static String convertTlsProtocolVersion(TLSVersion tlsVersion) {
       case TLS_VERSION_1_0:
         return "TLSv1";
       default:
-        throw new AssertionError(
+        throw new IllegalArgumentException(
             String.format("TLS version %d is not supported.", tlsVersion.getNumber()));
     }
   }
@@ -62,7 +63,11 @@ static ImmutableSet<String> buildTlsProtocolVersionSet(
       }
       if (versionNumber >= minTlsVersion.getNumber()
           && versionNumber <= maxTlsVersion.getNumber()) {
-        tlsVersions.add(convertTlsProtocolVersion(tlsVersion));
+        try {
+          tlsVersions.add(convertTlsProtocolVersion(tlsVersion));
+        } catch (IllegalArgumentException e) {
+          continue;
+        }
       }
     }
     return tlsVersions.build();
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
index 2f7e5750f88..406545b30bf 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
@@ -120,10 +120,10 @@ private void checkPeerTrusted(X509Certificate[] chain, boolean isCheckingClientC
     SessionResp resp;
     try {
       resp = stub.send(reqBuilder.build());
-    } catch (IOException | InterruptedException e) {
-      if (e instanceof InterruptedException) {
-        Thread.currentThread().interrupt();
-      }
+    } catch (IOException e) {
+      throw new CertificateException("Failed to send request to S2A.", e);
+    } catch (InterruptedException e) {
+      Thread.currentThread().interrupt();
       throw new CertificateException("Failed to send request to S2A.", e);
     }
     if (resp.hasStatus() && resp.getStatus().getCode() != 0) {
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
index 72ace2c7885..3e5481daa9e 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
@@ -138,11 +138,13 @@ private static void configureSslContextWithClientTlsConfiguration(
           NoSuchAlgorithmException,
           UnrecoverableKeyException {
     sslContextBuilder.keyManager(createKeylessManager(clientTlsConfiguration));
-    ImmutableSet<String> tlsVersions =
+    ImmutableSet<String> tlsVersions;
+    tlsVersions =
         ProtoUtil.buildTlsProtocolVersionSet(
             clientTlsConfiguration.getMinTlsVersion(), clientTlsConfiguration.getMaxTlsVersion());
     if (tlsVersions.isEmpty()) {
-      throw new S2AConnectionException("Set of TLS versions received from S2A server is empty.");
+      throw new S2AConnectionException("Set of TLS versions received from S2A server is"
+        + " empty or not supported.");
     }
     sslContextBuilder.protocols(tlsVersions);
   }
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
index b685d0bc755..f60aa1a189b 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
@@ -46,9 +46,9 @@ public void convertTlsProtocolVersion_success() {
 
   @Test
   public void convertTlsProtocolVersion_withUnknownTlsVersion_fails() {
-    AssertionError expected =
+    IllegalArgumentException expected =
         assertThrows(
-            AssertionError.class,
+            IllegalArgumentException.class,
             () -> ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_UNSPECIFIED));
     expect.that(expected).hasMessageThat().isEqualTo("TLS version 0 is not supported.");
   }
@@ -79,12 +79,10 @@ public void buildTlsProtocolVersionSet_success() {
 
   @Test
   public void buildTlsProtocolVersionSet_failure() {
-    AssertionError expected =
-        assertThrows(
-            AssertionError.class,
-            () ->
-                ProtoUtil.buildTlsProtocolVersionSet(
-                    TLSVersion.TLS_VERSION_UNSPECIFIED, TLSVersion.TLS_VERSION_1_3));
-    expect.that(expected).hasMessageThat().isEqualTo("TLS version 0 is not supported.");
+    expect
+        .that(
+            ProtoUtil.buildTlsProtocolVersionSet(
+                    TLSVersion.TLS_VERSION_UNSPECIFIED, TLSVersion.TLS_VERSION_1_3))
+        .isEqualTo(ImmutableSet.of("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"));
   }
 }
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/SslContextFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/SslContextFactoryTest.java
index fc3cfb5e441..17b834abf2a 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/SslContextFactoryTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/SslContextFactoryTest.java
@@ -142,7 +142,7 @@ public void createForClient_getsBadTlsVersionsFromServer_throwsError() throws Ex
 
     assertThat(expected)
         .hasMessageThat()
-        .contains("Set of TLS versions received from S2A server is empty.");
+        .contains("Set of TLS versions received from S2A server is empty or not supported.");
   }
 
   @Test

From 9d252c2466127081ab8a28ea1127240ccca16741 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Tue, 8 Oct 2024 10:57:32 -0700
Subject: [PATCH 041/591] Don't use Utils.pickUnusedPort. (#11601)

---
 .../channel/S2AHandshakerServiceChannelTest.java         | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
index 16409721ff5..46f705d2f77 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
@@ -30,7 +30,6 @@
 import io.grpc.StatusRuntimeException;
 import io.grpc.TlsChannelCredentials;
 import io.grpc.TlsServerCredentials;
-import io.grpc.benchmarks.Utils;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyServerBuilder;
 import io.grpc.stub.StreamObserver;
@@ -123,7 +122,7 @@ public void getChannelResource_twoDistinctChannels() {
             InsecureChannelCredentials.create());
     Resource<Channel> resourceTwo =
         S2AHandshakerServiceChannel.getChannelResource(
-            "localhost:" + Utils.pickUnusedPort(), InsecureChannelCredentials.create());
+            "localhost:" + plaintextServer.getPort() + 1, InsecureChannelCredentials.create());
     assertThat(resourceTwo).isNotEqualTo(resource);
   }
 
@@ -135,7 +134,7 @@ public void getChannelResource_mtlsTwoDistinctChannels() throws Exception {
             "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials());
     Resource<Channel> resourceTwo =
         S2AHandshakerServiceChannel.getChannelResource(
-            "localhost:" + Utils.pickUnusedPort(), getTlsChannelCredentials());
+            "localhost:" + mtlsServer.getPort() + 1, getTlsChannelCredentials());
     assertThat(resourceTwo).isNotEqualTo(resource);
   }
 
@@ -229,13 +228,13 @@ private static Server createMtlsServer() throws Exception {
             .clientAuth(TlsServerCredentials.ClientAuth.REQUIRE)
             .build();
     return grpcCleanup.register(
-        NettyServerBuilder.forPort(Utils.pickUnusedPort(), creds).addService(service).build());
+        NettyServerBuilder.forPort(0, creds).addService(service).build());
   }
 
   private static Server createPlaintextServer() {
     SimpleServiceImpl service = new SimpleServiceImpl();
     return grpcCleanup.register(
-        ServerBuilder.forPort(Utils.pickUnusedPort()).addService(service).build());
+        ServerBuilder.forPort(0).addService(service).build());
   }
 
   private static ChannelCredentials getTlsChannelCredentials() throws Exception {

From e59ae5fad0efa8702260790eb74c76643a8e4018 Mon Sep 17 00:00:00 2001
From: yifeizhuang <yifeizhuang@gmail.com>
Date: Tue, 8 Oct 2024 17:00:33 -0700
Subject: [PATCH 042/591] rename grpc-context-override-opentelemetry and
 publish artifact (#11599)

---
 contextstorage/build.gradle | 3 +--
 settings.gradle             | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/contextstorage/build.gradle b/contextstorage/build.gradle
index 10c7f3a3a86..39ea003d462 100644
--- a/contextstorage/build.gradle
+++ b/contextstorage/build.gradle
@@ -1,7 +1,6 @@
 plugins {
     id "java-library"
-    // until we are confident we like the name
-    //id "maven-publish"
+    id "maven-publish"
 
     id "ru.vyarus.animalsniffer"
 }
diff --git a/settings.gradle b/settings.gradle
index b661e0f52db..b451242f7c1 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -77,7 +77,7 @@ include ":grpc-istio-interop-testing"
 include ":grpc-inprocess"
 include ":grpc-util"
 include ":grpc-opentelemetry"
-include ":grpc-opentelemetry-context-storage-override"
+include ":grpc-context-override-opentelemetry"
 
 project(':grpc-api').projectDir = "$rootDir/api" as File
 project(':grpc-core').projectDir = "$rootDir/core" as File
@@ -114,7 +114,7 @@ project(':grpc-istio-interop-testing').projectDir = "$rootDir/istio-interop-test
 project(':grpc-inprocess').projectDir = "$rootDir/inprocess" as File
 project(':grpc-util').projectDir = "$rootDir/util" as File
 project(':grpc-opentelemetry').projectDir = "$rootDir/opentelemetry" as File
-project(':grpc-opentelemetry-context-storage-override').projectDir = "$rootDir/contextstorage" as File
+project(':grpc-context-override-opentelemetry').projectDir = "$rootDir/contextstorage" as File
 
 if (settings.hasProperty('skipCodegen') && skipCodegen.toBoolean()) {
     println '*** Skipping the build of codegen and compilation of proto files because skipCodegen=true'

From 2e9c3e19fbd50000ed964acc70f6fe814841db40 Mon Sep 17 00:00:00 2001
From: Vindhya Ningegowda <DNVindhya@users.noreply.github.com>
Date: Tue, 8 Oct 2024 17:28:14 -0700
Subject: [PATCH 043/591] xds: Update error handling for ADS stream close and
 failure scenarios (#11596)

When an ADS stream in closed with a non-OK status after receiving a response, new status will be updated to OK status. This makes the fail behavior consistent with gRFC A57.
---
 .../grpc/xds/client/ControlPlaneClient.java   | 45 +++++++++------
 .../io/grpc/xds/client/XdsClientImpl.java     | 12 ++--
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 55 +++++++++++++++----
 3 files changed, 81 insertions(+), 31 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index 3074d1120ad..5ac979277c4 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -16,7 +16,6 @@
 
 package io.grpc.xds.client;
 
-import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 
@@ -60,7 +59,6 @@
  */
 final class ControlPlaneClient {
 
-  public static final String CLOSED_BY_SERVER = "Closed by server";
   private final SynchronizationContext syncContext;
   private final InternalLogId logId;
   private final XdsLogger logger;
@@ -358,11 +356,7 @@ public void run() {
     @Override
     public void onStatusReceived(final Status status) {
       syncContext.execute(() -> {
-        if (status.isOk()) {
-          handleRpcStreamClosed(Status.UNAVAILABLE.withDescription(CLOSED_BY_SERVER));
-        } else {
-          handleRpcStreamClosed(status);
-        }
+        handleRpcStreamClosed(status);
       });
     }
 
@@ -381,7 +375,7 @@ final void handleRpcResponse(XdsResourceType<?> type, String versionInfo, List<A
       processingTracker.onComplete();
     }
 
-    private void handleRpcStreamClosed(Status error) {
+    private void handleRpcStreamClosed(Status status) {
       if (closed) {
         return;
       }
@@ -399,15 +393,34 @@ private void handleRpcStreamClosed(Status error) {
       rpcRetryTimer = syncContext.schedule(
           new RpcRetryTask(), delayNanos, TimeUnit.NANOSECONDS, timeService);
 
-      checkArgument(!error.isOk(), "unexpected OK status");
-      String errorMsg = error.getDescription() != null
-          && error.getDescription().equals(CLOSED_BY_SERVER)
-              ? "ADS stream closed with status {0}: {1}. Cause: {2}"
-              : "ADS stream failed with status {0}: {1}. Cause: {2}";
-      logger.log(
-          XdsLogLevel.ERROR, errorMsg, error.getCode(), error.getDescription(), error.getCause());
+      Status newStatus = status;
+      if (responseReceived) {
+        // A closed ADS stream after a successful response is not considered an error. Servers may
+        // close streams for various reasons during normal operation, such as load balancing or
+        // underlying connection hitting its max connection age limit  (see gRFC A9).
+        if (!status.isOk()) {
+          newStatus = Status.OK;
+          logger.log( XdsLogLevel.DEBUG, "ADS stream closed with error {0}: {1}. However, a "
+              + "response was received, so this will not be treated as an error. Cause: {2}",
+              status.getCode(), status.getDescription(), status.getCause());
+        } else {
+          logger.log(XdsLogLevel.DEBUG,
+              "ADS stream closed by server after a response was received");
+        }
+      } else {
+        // If the ADS stream is closed without ever having received a response from the server, then
+        // the XdsClient should consider that a connectivity error (see gRFC A57).
+        if (status.isOk()) {
+          newStatus = Status.UNAVAILABLE.withDescription(
+              "ADS stream closed with OK before receiving a response");
+        }
+        logger.log(
+            XdsLogLevel.ERROR, "ADS stream failed with status {0}: {1}. Cause: {2}",
+            newStatus.getCode(), newStatus.getDescription(), newStatus.getCause());
+      }
+
       closed = true;
-      xdsResponseHandler.handleStreamClosed(error);
+      xdsResponseHandler.handleStreamClosed(newStatus);
       cleanUp();
 
       logger.log(XdsLogLevel.INFO, "Retry ADS stream in {0} ns", delayNanos);
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 79147cd9862..e2380b9ed73 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -142,11 +142,13 @@ public void handleResourceResponse(
   public void handleStreamClosed(Status error) {
     syncContext.throwIfNotInThisSynchronizationContext();
     cleanUpResourceTimers();
-    for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap :
-        resourceSubscribers.values()) {
-      for (ResourceSubscriber<? extends ResourceUpdate> subscriber : subscriberMap.values()) {
-        if (!subscriber.hasResult()) {
-          subscriber.onError(error, null);
+    if (!error.isOk()) {
+      for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap :
+          resourceSubscribers.values()) {
+        for (ResourceSubscriber<? extends ResourceUpdate> subscriber : subscriberMap.values()) {
+          if (!subscriber.hasResult()) {
+            subscriber.onError(error, null);
+          }
         }
       }
     }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index d41630cdb4a..a9fda599183 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -3331,6 +3331,43 @@ public void useIndependentRpcContext() {
     }
   }
 
+  @Test
+  public void streamClosedWithNoResponse() {
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE, ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE,
+        rdsResourceWatcher);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    // Management server closes the RPC stream before sending any response.
+    call.sendCompleted();
+    verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
+        .onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
+        "ADS stream closed with OK before receiving a response");
+    verify(rdsResourceWatcher).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
+        "ADS stream closed with OK before receiving a response");
+  }
+
+  @Test
+  public void streamClosedAfterSendingResponses() {
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE, ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE,
+        rdsResourceWatcher);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    ScheduledTask ldsResourceTimeout =
+        Iterables.getOnlyElement(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
+    ScheduledTask rdsResourceTimeout =
+        Iterables.getOnlyElement(fakeClock.getPendingTasks(RDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
+    call.sendResponse(LDS, testListenerRds, VERSION_1, "0000");
+    assertThat(ldsResourceTimeout.isCancelled()).isTrue();
+    call.sendResponse(RDS, testRouteConfig, VERSION_1, "0000");
+    assertThat(rdsResourceTimeout.isCancelled()).isTrue();
+    // Management server closes the RPC stream after sending responses.
+    call.sendCompleted();
+    verify(ldsResourceWatcher, never()).onError(errorCaptor.capture());
+    verify(rdsResourceWatcher, never()).onError(errorCaptor.capture());
+  }
+
   @Test
   public void streamClosedAndRetryWithBackoff() {
     InOrder inOrder = Mockito.inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
@@ -3408,10 +3445,10 @@ public void streamClosedAndRetryWithBackoff() {
     call.sendError(Status.DEADLINE_EXCEEDED.asException());
     verify(ldsResourceWatcher, times(2)).onError(errorCaptor.capture());
     verify(rdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verify(cdsResourceWatcher, times(3)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.DEADLINE_EXCEEDED, "");
-    verify(edsResourceWatcher, times(3)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.DEADLINE_EXCEEDED, "");
+    verify(cdsResourceWatcher, times(2)).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    verify(edsResourceWatcher, times(2)).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
 
     // Reset backoff sequence and retry after backoff.
     inOrder.verify(backoffPolicyProvider).get();
@@ -3430,9 +3467,9 @@ public void streamClosedAndRetryWithBackoff() {
     call.sendError(Status.UNAVAILABLE.asException());
     verify(ldsResourceWatcher, times(2)).onError(errorCaptor.capture());
     verify(rdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verify(cdsResourceWatcher, times(4)).onError(errorCaptor.capture());
+    verify(cdsResourceWatcher, times(3)).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
-    verify(edsResourceWatcher, times(4)).onError(errorCaptor.capture());
+    verify(edsResourceWatcher, times(3)).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
 
     // Retry after backoff.
@@ -3516,10 +3553,8 @@ public void streamClosedAndRetryRestartsResourceInitialFetchTimerForUnresolvedRe
     assertThat(edsResourceTimeout.isCancelled()).isTrue();
     verify(ldsResourceWatcher, never()).onError(errorCaptor.capture());
     verify(rdsResourceWatcher, never()).onError(errorCaptor.capture());
-    verify(cdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
-    verify(edsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
+    verify(cdsResourceWatcher, never()).onError(errorCaptor.capture());
+    verify(edsResourceWatcher, never()).onError(errorCaptor.capture());
 
     fakeClock.forwardNanos(10L);
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).hasSize(0);

From 2129078deeef481767f85bc134cfc3d2b28ac4e9 Mon Sep 17 00:00:00 2001
From: yifeizhuang <yifeizhuang@gmail.com>
Date: Tue, 8 Oct 2024 17:44:40 -0700
Subject: [PATCH 044/591] core: fix test flakiness in retriableStream hedging
 deadlock test (#11606)

---
 core/src/test/java/io/grpc/internal/RetriableStreamTest.java | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/core/src/test/java/io/grpc/internal/RetriableStreamTest.java b/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
index 21ec46668fc..658ed70a135 100644
--- a/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
@@ -2592,9 +2592,7 @@ public void run() {
               .closed(Status.fromCode(NON_FATAL_STATUS_CODE_1), REFUSED, new Metadata());
         } finally {
           transport2Lock.unlock();
-          if (transport1Lock.tryLock()) {
-            transport1Lock.unlock();
-          }
+          transport1Lock.unlock();
         }
       }
     }, "Thread-transport2");

From d628396ec7b84286d49e172cf1ced07101c0f177 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Thu, 10 Oct 2024 16:31:18 -0700
Subject: [PATCH 045/591] s2a: Add S2AStub cleanup handler. (#11600)

* Add S2AStub cleanup handler.

* Give TLS and Cleanup handlers name + update comment.

* Don't add TLS handler twice.

* Don't remove explicitly, since done by fireProtocolNegotiationEvent.

* plumb S2AStub close to handshake end + add integration test.

* close stub when TLS negotiation fails.
---
 .../netty/InternalProtocolNegotiators.java    | 11 ++--
 .../io/grpc/netty/NettyChannelBuilder.java    |  3 +-
 .../io/grpc/netty/ProtocolNegotiators.java    | 27 ++++++--
 .../grpc/netty/NettyClientTransportTest.java  |  4 +-
 .../grpc/netty/ProtocolNegotiatorsTest.java   | 12 ++--
 .../io/grpc/s2a/S2AChannelCredentials.java    | 14 +++-
 .../S2AProtocolNegotiatorFactory.java         | 66 +++++++++++++------
 .../grpc/s2a/internal/handshaker/S2AStub.java |  8 ++-
 .../internal/handshaker/IntegrationTest.java  | 23 +++++++
 .../S2AProtocolNegotiatorFactoryTest.java     |  8 +--
 10 files changed, 134 insertions(+), 42 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
index b9c6a77982a..8aeb44d0fc2 100644
--- a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
@@ -24,6 +24,7 @@
 import io.netty.channel.ChannelHandler;
 import io.netty.handler.ssl.SslContext;
 import io.netty.util.AsciiString;
+import java.util.Optional;
 import java.util.concurrent.Executor;
 
 /**
@@ -40,9 +41,10 @@ private InternalProtocolNegotiators() {}
    * @param executorPool a dedicated {@link Executor} pool for time-consuming TLS tasks
    */
   public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslContext,
-          ObjectPool<? extends Executor> executorPool) {
+          ObjectPool<? extends Executor> executorPool,
+          Optional<Runnable> handshakeCompleteRunnable) {
     final io.grpc.netty.ProtocolNegotiator negotiator = ProtocolNegotiators.tls(sslContext,
-        executorPool);
+        executorPool, handshakeCompleteRunnable);
     final class TlsNegotiator implements InternalProtocolNegotiator.ProtocolNegotiator {
 
       @Override
@@ -70,7 +72,7 @@ public void close() {
    * may happen immediately, even before the TLS Handshake is complete.
    */
   public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslContext) {
-    return tls(sslContext, null);
+    return tls(sslContext, null, Optional.empty());
   }
 
   /**
@@ -167,7 +169,8 @@ public static ChannelHandler grpcNegotiationHandler(GrpcHttp2ConnectionHandler n
   public static ChannelHandler clientTlsHandler(
       ChannelHandler next, SslContext sslContext, String authority,
       ChannelLogger negotiationLogger) {
-    return new ClientTlsHandler(next, sslContext, authority, null, negotiationLogger);
+    return new ClientTlsHandler(next, sslContext, authority, null, negotiationLogger,
+        Optional.empty());
   }
 
   public static class ProtocolNegotiationHandler
diff --git a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
index 305ad128454..d1d9810b485 100644
--- a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
@@ -63,6 +63,7 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Optional;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
@@ -604,7 +605,7 @@ static ProtocolNegotiator createProtocolNegotiatorByType(
       case PLAINTEXT_UPGRADE:
         return ProtocolNegotiators.plaintextUpgrade();
       case TLS:
-        return ProtocolNegotiators.tls(sslContext, executorPool);
+        return ProtocolNegotiators.tls(sslContext, executorPool, Optional.empty());
       default:
         throw new IllegalArgumentException("Unsupported negotiationType: " + negotiationType);
     }
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
index 80df5d0e3c7..84370ac8153 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -72,6 +72,7 @@
 import java.nio.channels.ClosedChannelException;
 import java.util.Arrays;
 import java.util.EnumSet;
+import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
@@ -543,16 +544,18 @@ protected void userEventTriggered0(ChannelHandlerContext ctx, Object evt) throws
   static final class ClientTlsProtocolNegotiator implements ProtocolNegotiator {
 
     public ClientTlsProtocolNegotiator(SslContext sslContext,
-        ObjectPool<? extends Executor> executorPool) {
+        ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable) {
       this.sslContext = checkNotNull(sslContext, "sslContext");
       this.executorPool = executorPool;
       if (this.executorPool != null) {
         this.executor = this.executorPool.getObject();
       }
+      this.handshakeCompleteRunnable = handshakeCompleteRunnable;
     }
 
     private final SslContext sslContext;
     private final ObjectPool<? extends Executor> executorPool;
+    private final Optional<Runnable> handshakeCompleteRunnable;
     private Executor executor;
 
     @Override
@@ -565,7 +568,7 @@ public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       ChannelHandler gnh = new GrpcNegotiationHandler(grpcHandler);
       ChannelLogger negotiationLogger = grpcHandler.getNegotiationLogger();
       ChannelHandler cth = new ClientTlsHandler(gnh, sslContext, grpcHandler.getAuthority(),
-          this.executor, negotiationLogger);
+          this.executor, negotiationLogger, handshakeCompleteRunnable);
       return new WaitUntilActiveHandler(cth, negotiationLogger);
     }
 
@@ -583,15 +586,18 @@ static final class ClientTlsHandler extends ProtocolNegotiationHandler {
     private final String host;
     private final int port;
     private Executor executor;
+    private final Optional<Runnable> handshakeCompleteRunnable;
 
     ClientTlsHandler(ChannelHandler next, SslContext sslContext, String authority,
-        Executor executor, ChannelLogger negotiationLogger) {
+        Executor executor, ChannelLogger negotiationLogger,
+        Optional<Runnable> handshakeCompleteRunnable) {
       super(next, negotiationLogger);
       this.sslContext = checkNotNull(sslContext, "sslContext");
       HostPort hostPort = parseAuthority(authority);
       this.host = hostPort.host;
       this.port = hostPort.port;
       this.executor = executor;
+      this.handshakeCompleteRunnable = handshakeCompleteRunnable;
     }
 
     @Override
@@ -620,6 +626,9 @@ protected void userEventTriggered0(ChannelHandlerContext ctx, Object evt) throws
             Exception ex =
                 unavailableException("Failed ALPN negotiation: Unable to find compatible protocol");
             logSslEngineDetails(Level.FINE, ctx, "TLS negotiation failed.", ex);
+            if (handshakeCompleteRunnable.isPresent()) {
+              handshakeCompleteRunnable.get().run();
+            }
             ctx.fireExceptionCaught(ex);
           }
         } else {
@@ -634,6 +643,9 @@ protected void userEventTriggered0(ChannelHandlerContext ctx, Object evt) throws
                 .withCause(t)
                 .asRuntimeException();
           }
+          if (handshakeCompleteRunnable.isPresent()) {
+            handshakeCompleteRunnable.get().run();
+          }
           ctx.fireExceptionCaught(t);
         }
       } else {
@@ -649,6 +661,9 @@ private void propagateTlsComplete(ChannelHandlerContext ctx, SSLSession session)
           .set(Grpc.TRANSPORT_ATTR_SSL_SESSION, session)
           .build();
       replaceProtocolNegotiationEvent(existingPne.withAttributes(attrs).withSecurity(security));
+      if (handshakeCompleteRunnable.isPresent()) {
+        handshakeCompleteRunnable.get().run();
+      }
       fireProtocolNegotiationEvent(ctx);
     }
   }
@@ -683,8 +698,8 @@ static HostPort parseAuthority(String authority) {
    * @param executorPool a dedicated {@link Executor} pool for time-consuming TLS tasks
    */
   public static ProtocolNegotiator tls(SslContext sslContext,
-      ObjectPool<? extends Executor> executorPool) {
-    return new ClientTlsProtocolNegotiator(sslContext, executorPool);
+      ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable) {
+    return new ClientTlsProtocolNegotiator(sslContext, executorPool, handshakeCompleteRunnable);
   }
 
   /**
@@ -693,7 +708,7 @@ public static ProtocolNegotiator tls(SslContext sslContext,
    * may happen immediately, even before the TLS Handshake is complete.
    */
   public static ProtocolNegotiator tls(SslContext sslContext) {
-    return tls(sslContext, null);
+    return tls(sslContext, null, Optional.empty());
   }
 
   public static ProtocolNegotiator.ClientFactory tlsClientFactory(SslContext sslContext) {
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index 9777bb0926c..7cb269b7d62 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -105,6 +105,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.TimeUnit;
@@ -766,7 +767,8 @@ public void tlsNegotiationServerExecutorShouldSucceed() throws Exception {
         .trustManager(caCert)
         .keyManager(clientCert, clientKey)
         .build();
-    ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, clientExecutorPool);
+    ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, clientExecutorPool,
+        Optional.empty());
     // after starting the client, the Executor in the client pool should be used
     assertEquals(true, clientExecutorPool.isInUse());
     final NettyClientTransport transport = newTransport(negotiator);
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 6939d835892..2ccdb2de543 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -120,6 +120,7 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Optional;
 import java.util.Queue;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
@@ -876,7 +877,7 @@ public String applicationProtocol() {
     DefaultEventLoopGroup elg = new DefaultEventLoopGroup(1);
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger);
+        "authority", elg, noopLogger, Optional.empty());
     pipeline.addLast(handler);
     pipeline.replace(SslHandler.class, null, goodSslHandler);
     pipeline.fireUserEventTriggered(ProtocolNegotiationEvent.DEFAULT);
@@ -914,7 +915,7 @@ public String applicationProtocol() {
         .applicationProtocolConfig(apn).build();
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger);
+        "authority", elg, noopLogger, Optional.empty());
     pipeline.addLast(handler);
     pipeline.replace(SslHandler.class, null, goodSslHandler);
     pipeline.fireUserEventTriggered(ProtocolNegotiationEvent.DEFAULT);
@@ -938,7 +939,7 @@ public String applicationProtocol() {
     DefaultEventLoopGroup elg = new DefaultEventLoopGroup(1);
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger);
+        "authority", elg, noopLogger, Optional.empty());
     pipeline.addLast(handler);
 
     final AtomicReference<Throwable> error = new AtomicReference<>();
@@ -966,7 +967,7 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
   @Test
   public void clientTlsHandler_closeDuringNegotiation() throws Exception {
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", null, noopLogger);
+        "authority", null, noopLogger, Optional.empty());
     pipeline.addLast(new WriteBufferingAndExceptionHandler(handler));
     ChannelFuture pendingWrite = channel.writeAndFlush(NettyClientHandler.NOOP_MESSAGE);
 
@@ -1228,7 +1229,8 @@ public void clientTlsHandler_firesNegotiation() throws Exception {
       serverSslContext = GrpcSslContexts.forServer(server1Chain, server1Key).build();
     }
     FakeGrpcHttp2ConnectionHandler gh = FakeGrpcHttp2ConnectionHandler.newHandler();
-    ClientTlsProtocolNegotiator pn = new ClientTlsProtocolNegotiator(clientSslContext, null);
+    ClientTlsProtocolNegotiator pn = new ClientTlsProtocolNegotiator(clientSslContext,
+        null, Optional.empty());
     WriteBufferingAndExceptionHandler clientWbaeh =
         new WriteBufferingAndExceptionHandler(pn.newHandler(gh));
 
diff --git a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
index 2e040964dfa..2cbdf7e4c5f 100644
--- a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
+++ b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
@@ -31,6 +31,7 @@
 import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.grpc.s2a.internal.handshaker.S2AProtocolNegotiatorFactory;
+import io.grpc.s2a.internal.handshaker.S2AStub;
 import javax.annotation.concurrent.NotThreadSafe;
 import org.checkerframework.checker.nullness.qual.Nullable;
 
@@ -59,6 +60,7 @@ public static final class Builder {
     private final String s2aAddress;
     private final ChannelCredentials s2aChannelCredentials;
     private @Nullable S2AIdentity localIdentity = null;
+    private @Nullable S2AStub stub = null;
 
     Builder(String s2aAddress, ChannelCredentials s2aChannelCredentials) {
       this.s2aAddress = s2aAddress;
@@ -104,6 +106,16 @@ public Builder setLocalUid(String localUid) {
       return this;
     }
 
+    /**
+     * Sets the stub to use to communicate with S2A. This is only used for testing that the
+     * stream to S2A gets closed.
+     */
+    public Builder setStub(S2AStub stub) {
+      checkNotNull(stub);
+      this.stub = stub;
+      return this;
+    }
+
     public ChannelCredentials build() {
       return InternalNettyChannelCredentials.create(buildProtocolNegotiatorFactory());
     }
@@ -113,7 +125,7 @@ InternalProtocolNegotiator.ClientFactory buildProtocolNegotiatorFactory() {
           SharedResourcePool.forResource(
               S2AHandshakerServiceChannel.getChannelResource(s2aAddress, s2aChannelCredentials));
       checkNotNull(s2aChannelPool, "s2aChannelPool");
-      return S2AProtocolNegotiatorFactory.createClientFactory(localIdentity, s2aChannelPool);
+      return S2AProtocolNegotiatorFactory.createClientFactory(localIdentity, s2aChannelPool, stub);
     }
   }
 
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
index 188faf63435..7ad9de991cf 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
@@ -63,28 +63,35 @@ public final class S2AProtocolNegotiatorFactory {
    * @param localIdentity the identity of the client; if none is provided, the S2A will use the
    *     client's default identity.
    * @param s2aChannelPool a pool of shared channels that can be used to connect to the S2A.
+   * @param stub the stub to use to communicate with S2A. If none is provided the channelPool
+   *     will be used to create the stub. This is exposed for verifying the stream to S2A gets
+   *     closed in tests.
    * @return a factory for creating a client-side protocol negotiator.
    */
   public static InternalProtocolNegotiator.ClientFactory createClientFactory(
-      @Nullable S2AIdentity localIdentity, ObjectPool<Channel> s2aChannelPool) {
+      @Nullable S2AIdentity localIdentity, ObjectPool<Channel> s2aChannelPool,
+      @Nullable S2AStub stub) {
     checkNotNull(s2aChannelPool, "S2A channel pool should not be null.");
-    return new S2AClientProtocolNegotiatorFactory(localIdentity, s2aChannelPool);
+    return new S2AClientProtocolNegotiatorFactory(localIdentity, s2aChannelPool, stub);
   }
 
   static final class S2AClientProtocolNegotiatorFactory
       implements InternalProtocolNegotiator.ClientFactory {
     private final @Nullable S2AIdentity localIdentity;
     private final ObjectPool<Channel> channelPool;
+    private final @Nullable S2AStub stub;
 
     S2AClientProtocolNegotiatorFactory(
-        @Nullable S2AIdentity localIdentity, ObjectPool<Channel> channelPool) {
+        @Nullable S2AIdentity localIdentity, ObjectPool<Channel> channelPool,
+        @Nullable S2AStub stub) {
       this.localIdentity = localIdentity;
       this.channelPool = channelPool;
+      this.stub = stub;
     }
 
     @Override
     public ProtocolNegotiator newNegotiator() {
-      return S2AProtocolNegotiator.createForClient(channelPool, localIdentity);
+      return S2AProtocolNegotiator.createForClient(channelPool, localIdentity, stub);
     }
 
     @Override
@@ -98,18 +105,20 @@ public int getDefaultPort() {
   static final class S2AProtocolNegotiator implements ProtocolNegotiator {
 
     private final ObjectPool<Channel> channelPool;
-    private final Channel channel;
+    private @Nullable Channel channel = null;
     private final Optional<S2AIdentity> localIdentity;
+    private final @Nullable S2AStub stub;
     private final ListeningExecutorService service =
         MoreExecutors.listeningDecorator(Executors.newFixedThreadPool(1));
 
     static S2AProtocolNegotiator createForClient(
-        ObjectPool<Channel> channelPool, @Nullable S2AIdentity localIdentity) {
+        ObjectPool<Channel> channelPool, @Nullable S2AIdentity localIdentity,
+        @Nullable S2AStub stub) {
       checkNotNull(channelPool, "Channel pool should not be null.");
       if (localIdentity == null) {
-        return new S2AProtocolNegotiator(channelPool, Optional.empty());
+        return new S2AProtocolNegotiator(channelPool, Optional.empty(), stub);
       } else {
-        return new S2AProtocolNegotiator(channelPool, Optional.of(localIdentity));
+        return new S2AProtocolNegotiator(channelPool, Optional.of(localIdentity), stub);
       }
     }
 
@@ -122,10 +131,13 @@ static S2AProtocolNegotiator createForClient(
     }
 
     private S2AProtocolNegotiator(ObjectPool<Channel> channelPool,
-        Optional<S2AIdentity> localIdentity) {
+        Optional<S2AIdentity> localIdentity, @Nullable S2AStub stub) {
       this.channelPool = channelPool;
       this.localIdentity = localIdentity;
-      this.channel = channelPool.getObject();
+      this.stub = stub;
+      if (this.stub == null) {
+        this.channel = channelPool.getObject();
+      }
     }
 
     @Override
@@ -139,13 +151,15 @@ public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       String hostname = getHostNameFromAuthority(grpcHandler.getAuthority());
       checkArgument(!isNullOrEmpty(hostname), "hostname should not be null or empty.");
       return new S2AProtocolNegotiationHandler(
-        grpcHandler, channel, localIdentity, hostname, service);
+        grpcHandler, channel, localIdentity, hostname, service, stub);
     }
 
     @Override
     public void close() {
       service.shutdown();
-      channelPool.returnObject(channel);
+      if (channel != null) {
+        channelPool.returnObject(channel);
+      }
     }
   }
 
@@ -180,18 +194,20 @@ public void handlerRemoved(ChannelHandlerContext ctx) throws Exception {
   }
 
   private static final class S2AProtocolNegotiationHandler extends ProtocolNegotiationHandler {
-    private final Channel channel;
+    private final @Nullable Channel channel;
     private final Optional<S2AIdentity> localIdentity;
     private final String hostname;
     private final GrpcHttp2ConnectionHandler grpcHandler;
     private final ListeningExecutorService service;
+    private final @Nullable S2AStub stub;
 
     private S2AProtocolNegotiationHandler(
         GrpcHttp2ConnectionHandler grpcHandler,
         Channel channel,
         Optional<S2AIdentity> localIdentity,
         String hostname,
-        ListeningExecutorService service) {
+        ListeningExecutorService service,
+        @Nullable S2AStub stub) {
       super(
           // superclass (InternalProtocolNegotiators.ProtocolNegotiationHandler) expects 'next'
           // handler but we don't have a next handler _yet_. So we "disable" superclass's behavior
@@ -209,6 +225,7 @@ public void handlerAdded(ChannelHandlerContext ctx) {
       this.hostname = hostname;
       checkNotNull(service, "service should not be null.");
       this.service = service;
+      this.stub = stub;
     }
 
     @Override
@@ -217,8 +234,13 @@ protected void handlerAdded0(ChannelHandlerContext ctx) {
       BufferReadsHandler bufferReads = new BufferReadsHandler();
       ctx.pipeline().addBefore(ctx.name(), /* name= */ null, bufferReads);
 
-      S2AServiceGrpc.S2AServiceStub stub = S2AServiceGrpc.newStub(channel);
-      S2AStub s2aStub = S2AStub.newInstance(stub);
+      S2AStub s2aStub;
+      if (this.stub == null) {
+        checkNotNull(channel, "Channel to S2A should not be null");
+        s2aStub = S2AStub.newInstance(S2AServiceGrpc.newStub(channel));
+      } else {
+        s2aStub = this.stub;
+      }
 
       ListenableFuture<SslContext> sslContextFuture =
           service.submit(() -> SslContextFactory.createForClient(s2aStub, hostname, localIdentity));
@@ -230,11 +252,17 @@ public void onSuccess(SslContext sslContext) {
               ChannelHandler handler =
                   InternalProtocolNegotiators.tls(
                           sslContext,
-                          SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR))
+                          SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR),
+                          Optional.of(new Runnable() {
+                            @Override
+                            public void run() {
+                              s2aStub.close();
+                            }
+                          }))
                       .newHandler(grpcHandler);
 
-              // Remove the bufferReads handler and delegate the rest of the handshake to the TLS
-              // handler.
+              // Delegate the rest of the handshake to the TLS handler. and remove the 
+              // bufferReads handler.
               ctx.pipeline().addAfter(ctx.name(), /* name= */ null, handler);
               fireProtocolNegotiationEvent(ctx);
               ctx.pipeline().remove(bufferReads);
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
index 0bfa3b4dac2..c5ac8f96d96 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
@@ -33,7 +33,7 @@
 
 /** Reads and writes messages to and from the S2A. */
 @NotThreadSafe
-class S2AStub implements AutoCloseable {
+public class S2AStub implements AutoCloseable {
   private static final Logger logger = Logger.getLogger(S2AStub.class.getName());
   private static final long HANDSHAKE_RPC_DEADLINE_SECS = 20;
   private final StreamObserver<SessionResp> reader = new Reader();
@@ -42,6 +42,7 @@ class S2AStub implements AutoCloseable {
   private StreamObserver<SessionReq> writer;
   private boolean doneReading = false;
   private boolean doneWriting = false;
+  private boolean isClosed = false;
 
   static S2AStub newInstance(S2AServiceGrpc.S2AServiceStub serviceStub) {
     checkNotNull(serviceStub);
@@ -136,6 +137,11 @@ public void close() {
     if (writer != null) {
       writer.onCompleted();
     }
+    isClosed = true;
+  }
+
+  public boolean isClosed() {
+    return isClosed;
   }
 
   /** Create a new writer if the writer is null. */
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
index e1ad3d278c3..d842fde8dea 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.truth.Truth.assertThat;
 import static java.util.concurrent.TimeUnit.SECONDS;
 
+import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
 import io.grpc.Grpc;
 import io.grpc.InsecureChannelCredentials;
@@ -29,9 +30,12 @@
 import io.grpc.TlsChannelCredentials;
 import io.grpc.TlsServerCredentials;
 import io.grpc.benchmarks.Utils;
+import io.grpc.internal.ObjectPool;
+import io.grpc.internal.SharedResourcePool;
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.netty.NettyServerBuilder;
 import io.grpc.s2a.S2AChannelCredentials;
+import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.internal.handshaker.FakeS2AServer;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.protobuf.SimpleRequest;
@@ -141,6 +145,25 @@ public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throw
     assertThat(doUnaryRpc(channel)).isTrue();
   }
 
+  @Test
+  public void clientCommunicateUsingS2ACredentialsSucceeds_verifyStreamToS2AClosed()
+      throws Exception {
+    ObjectPool<Channel> s2aChannelPool =
+          SharedResourcePool.forResource(
+              S2AHandshakerServiceChannel.getChannelResource(s2aAddress,
+              InsecureChannelCredentials.create()));
+    Channel ch = s2aChannelPool.getObject();
+    S2AStub stub = S2AStub.newInstance(S2AServiceGrpc.newStub(ch));
+    ChannelCredentials credentials =
+        S2AChannelCredentials.newBuilder(s2aAddress, InsecureChannelCredentials.create())
+            .setLocalSpiffeId("test-spiffe-id").setStub(stub).build();
+    ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
+
+    s2aChannelPool.returnObject(ch);
+    assertThat(doUnaryRpc(channel)).isTrue();
+    assertThat(stub.isClosed()).isTrue();
+  }
+
   @Test
   public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Exception {
     String privateKeyPath = "src/test/resources/client_key.pem";
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
index 48c512c4e5c..e537687c287 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
@@ -122,7 +122,7 @@ public void createProtocolNegotiator_nullArgument() throws Exception {
   @Test
   public void createProtocolNegotiatorFactory_getsDefaultPort_succeeds() throws Exception {
     InternalProtocolNegotiator.ClientFactory clientFactory =
-        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool);
+        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool, null);
 
     assertThat(clientFactory.getDefaultPort()).isEqualTo(S2AProtocolNegotiatorFactory.DEFAULT_PORT);
   }
@@ -146,7 +146,7 @@ public void s2aProtocolNegotiator_getHostNameOnValidAuthority_returnsValidHostna
   public void createProtocolNegotiatorFactory_buildsAnS2AProtocolNegotiatorOnClientSide_succeeds()
       throws Exception {
     InternalProtocolNegotiator.ClientFactory clientFactory =
-        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool);
+        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool, null);
 
     ProtocolNegotiator clientNegotiator = clientFactory.newNegotiator();
 
@@ -158,7 +158,7 @@ public void createProtocolNegotiatorFactory_buildsAnS2AProtocolNegotiatorOnClien
   public void closeProtocolNegotiator_verifyProtocolNegotiatorIsClosedOnClientSide()
       throws Exception {
     InternalProtocolNegotiator.ClientFactory clientFactory =
-        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool);
+        S2AProtocolNegotiatorFactory.createClientFactory(LOCAL_IDENTITY, channelPool, null);
     ProtocolNegotiator clientNegotiator = clientFactory.newNegotiator();
 
     clientNegotiator.close();
@@ -170,7 +170,7 @@ public void closeProtocolNegotiator_verifyProtocolNegotiatorIsClosedOnClientSide
   public void createChannelHandler_addHandlerToMockContext() throws Exception {
     ProtocolNegotiator clientNegotiator =
         S2AProtocolNegotiatorFactory.S2AProtocolNegotiator.createForClient(
-            channelPool, LOCAL_IDENTITY);
+            channelPool, LOCAL_IDENTITY, null);
 
     ChannelHandler channelHandler = clientNegotiator.newHandler(fakeConnectionHandler);
 

From a01a9e2340a6c86ffc48db44c88b02d8ac57c184 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Thu, 10 Oct 2024 16:32:10 -0700
Subject: [PATCH 046/591] Enable publishing. (#11581)

---
 s2a/build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/s2a/build.gradle b/s2a/build.gradle
index af2c879a753..900283d9a07 100644
--- a/s2a/build.gradle
+++ b/s2a/build.gradle
@@ -1,5 +1,6 @@
 plugins {
     id "java-library"
+    id "maven-publish"
 
     id "com.github.johnrengelman.shadow"
     id "com.google.osdetector"

From ca43d78f588354f37a4226c881a081095657aaf4 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 11 Oct 2024 10:28:51 +0530
Subject: [PATCH 047/591] inprocess: Support tracing message sizes (#11406)

---
 .../io/grpc/census/CensusModulesTest.java     |  9 +-
 .../grpc/internal/AbstractTransportTest.java  | 92 ++++++-------------
 .../inprocess/InProcessChannelBuilder.java    | 30 ++++--
 .../io/grpc/inprocess/InProcessTransport.java | 60 ++++++++++--
 .../io/grpc/inprocess/InternalInProcess.java  |  2 +-
 .../AnonymousInProcessTransportTest.java      |  2 +-
 .../inprocess/InProcessTransportTest.java     | 88 +++++++++++++++---
 .../StandaloneInProcessTransportTest.java     |  7 --
 .../OpenTelemetryMetricsModuleTest.java       |  9 +-
 .../OpenTelemetryTracingModuleTest.java       | 11 ++-
 10 files changed, 207 insertions(+), 103 deletions(-)

diff --git a/census/src/test/java/io/grpc/census/CensusModulesTest.java b/census/src/test/java/io/grpc/census/CensusModulesTest.java
index 6ccaf78314f..9e0b4d935d3 100644
--- a/census/src/test/java/io/grpc/census/CensusModulesTest.java
+++ b/census/src/test/java/io/grpc/census/CensusModulesTest.java
@@ -56,6 +56,7 @@
 import io.grpc.ClientInterceptors;
 import io.grpc.ClientStreamTracer;
 import io.grpc.Context;
+import io.grpc.KnownLength;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.ServerCall;
@@ -99,6 +100,7 @@
 import io.opencensus.trace.Tracer;
 import io.opencensus.trace.propagation.BinaryFormat;
 import io.opencensus.trace.propagation.SpanContextParseException;
+import java.io.IOException;
 import java.io.InputStream;
 import java.util.HashSet;
 import java.util.List;
@@ -136,7 +138,7 @@ public class CensusModulesTest {
       ClientStreamTracer.StreamInfo.newBuilder()
           .setCallOptions(CallOptions.DEFAULT.withOption(NAME_RESOLUTION_DELAYED, 10L)).build();
 
-  private static class StringInputStream extends InputStream {
+  private static class StringInputStream extends InputStream implements KnownLength {
     final String string;
 
     StringInputStream(String string) {
@@ -149,6 +151,11 @@ public int read() {
       // passed to the InProcess server and consumed by MARSHALLER.parse().
       throw new UnsupportedOperationException("Should not be called");
     }
+
+    @Override
+    public int available() throws IOException {
+      return string == null ? 0 : string.length();
+    }
   }
 
   private static final MethodDescriptor.Marshaller<String> MARSHALLER =
diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index 62cbdc4f67b..75ea2678709 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -136,13 +136,6 @@ protected abstract InternalServer newServer(
    */
   protected abstract String testAuthority(InternalServer server);
 
-  /**
-   * Returns true (which is default) if the transport reports message sizes to StreamTracers.
-   */
-  protected boolean sizesReported() {
-    return true;
-  }
-
   protected final Attributes eagAttrs() {
     return EAG_ATTRS;
   }
@@ -163,9 +156,9 @@ public void log(ChannelLogLevel level, String messageFormat, Object... args) {}
    * tests in an indeterminate state.
    */
   protected InternalServer server;
-  private ServerTransport serverTransport;
-  private ManagedClientTransport client;
-  private MethodDescriptor<String, String> methodDescriptor =
+  protected ServerTransport serverTransport;
+  protected ManagedClientTransport client;
+  protected MethodDescriptor<String, String> methodDescriptor =
       MethodDescriptor.<String, String>newBuilder()
           .setType(MethodDescriptor.MethodType.UNKNOWN)
           .setFullMethodName("service/method")
@@ -182,22 +175,22 @@ public void log(ChannelLogLevel level, String messageFormat, Object... args) {}
       "tracer-key", Metadata.ASCII_STRING_MARSHALLER);
   private final String tracerKeyValue = "tracer-key-value";
 
-  private ManagedClientTransport.Listener mockClientTransportListener
+  protected ManagedClientTransport.Listener mockClientTransportListener
       = mock(ManagedClientTransport.Listener.class);
-  private MockServerListener serverListener = new MockServerListener();
+  protected MockServerListener serverListener = new MockServerListener();
   private ArgumentCaptor<Throwable> throwableCaptor = ArgumentCaptor.forClass(Throwable.class);
-  private final TestClientStreamTracer clientStreamTracer1 = new TestHeaderClientStreamTracer();
+  protected final TestClientStreamTracer clientStreamTracer1 = new TestHeaderClientStreamTracer();
   private final TestClientStreamTracer clientStreamTracer2 = new TestHeaderClientStreamTracer();
-  private final ClientStreamTracer[] tracers = new ClientStreamTracer[] {
+  protected final ClientStreamTracer[] tracers = new ClientStreamTracer[] {
       clientStreamTracer1, clientStreamTracer2
   };
   private final ClientStreamTracer[] noopTracers = new ClientStreamTracer[] {
     new ClientStreamTracer() {}
   };
 
-  private final TestServerStreamTracer serverStreamTracer1 = new TestServerStreamTracer();
+  protected final TestServerStreamTracer serverStreamTracer1 = new TestServerStreamTracer();
   private final TestServerStreamTracer serverStreamTracer2 = new TestServerStreamTracer();
-  private final ServerStreamTracer.Factory serverStreamTracerFactory = mock(
+  protected final ServerStreamTracer.Factory serverStreamTracerFactory = mock(
       ServerStreamTracer.Factory.class,
       delegatesTo(new ServerStreamTracer.Factory() {
           final ArrayDeque<TestServerStreamTracer> tracers =
@@ -857,26 +850,16 @@ public void basicStream() throws Exception {
     message.close();
     assertThat(clientStreamTracer1.nextOutboundEvent())
         .matches("outboundMessageSent\\(0, -?[0-9]+, -?[0-9]+\\)");
-    if (sizesReported()) {
-      assertThat(clientStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
-      assertThat(clientStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
-    } else {
-      assertThat(clientStreamTracer1.getOutboundWireSize()).isEqualTo(0L);
-      assertThat(clientStreamTracer1.getOutboundUncompressedSize()).isEqualTo(0L);
-    }
+    assertThat(clientStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
+    assertThat(clientStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
     assertThat(serverStreamTracer1.nextInboundEvent()).isEqualTo("inboundMessage(0)");
     assertNull("no additional message expected", serverStreamListener.messageQueue.poll());
 
     clientStream.halfClose();
     assertTrue(serverStreamListener.awaitHalfClosed(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
-    if (sizesReported()) {
-      assertThat(serverStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
-      assertThat(serverStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
-    } else {
-      assertThat(serverStreamTracer1.getInboundWireSize()).isEqualTo(0L);
-      assertThat(serverStreamTracer1.getInboundUncompressedSize()).isEqualTo(0L);
-    }
+    assertThat(serverStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
+    assertThat(serverStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
     assertThat(serverStreamTracer1.nextInboundEvent())
         .matches("inboundMessageRead\\(0, -?[0-9]+, -?[0-9]+\\)");
 
@@ -907,25 +890,15 @@ public void basicStream() throws Exception {
     assertNotNull("message expected", message);
     assertThat(serverStreamTracer1.nextOutboundEvent())
         .matches("outboundMessageSent\\(0, -?[0-9]+, -?[0-9]+\\)");
-    if (sizesReported()) {
-      assertThat(serverStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
-      assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
-    } else {
-      assertThat(serverStreamTracer1.getOutboundWireSize()).isEqualTo(0L);
-      assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isEqualTo(0L);
-    }
+    assertThat(serverStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
+    assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
     assertTrue(clientStreamTracer1.getInboundHeaders());
     assertThat(clientStreamTracer1.nextInboundEvent()).isEqualTo("inboundMessage(0)");
     assertEquals("Hi. Who are you?", methodDescriptor.parseResponse(message));
     assertThat(clientStreamTracer1.nextInboundEvent())
         .matches("inboundMessageRead\\(0, -?[0-9]+, -?[0-9]+\\)");
-    if (sizesReported()) {
-      assertThat(clientStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
-      assertThat(clientStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
-    } else {
-      assertThat(clientStreamTracer1.getInboundWireSize()).isEqualTo(0L);
-      assertThat(clientStreamTracer1.getInboundUncompressedSize()).isEqualTo(0L);
-    }
+    assertThat(clientStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
+    assertThat(clientStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
 
     message.close();
     assertNull("no additional message expected", clientStreamListener.messageQueue.poll());
@@ -1285,17 +1258,10 @@ public void onReady() {
     serverStream.close(Status.OK, new Metadata());
     assertTrue(clientStreamTracer1.getOutboundHeaders());
     assertTrue(clientStreamTracer1.getInboundHeaders());
-    if (sizesReported()) {
-      assertThat(clientStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
-      assertThat(clientStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
-      assertThat(serverStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
-      assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
-    } else {
-      assertThat(clientStreamTracer1.getInboundWireSize()).isEqualTo(0L);
-      assertThat(clientStreamTracer1.getInboundUncompressedSize()).isEqualTo(0L);
-      assertThat(serverStreamTracer1.getOutboundWireSize()).isEqualTo(0L);
-      assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isEqualTo(0L);
-    }
+    assertThat(clientStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
+    assertThat(clientStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
+    assertThat(serverStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
+    assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
     assertNull(clientStreamTracer1.getInboundTrailers());
     assertSame(status, clientStreamTracer1.getStatus());
     // There is a race between client cancelling and server closing.  The final status seen by the
@@ -2184,7 +2150,7 @@ private static void runIfNotNull(Runnable runnable) {
     }
   }
 
-  private static void startTransport(
+  protected static void startTransport(
       ManagedClientTransport clientTransport,
       ManagedClientTransport.Listener listener) {
     runIfNotNull(clientTransport.start(listener));
@@ -2202,7 +2168,7 @@ public void streamCreated(Attributes transportAttrs, Metadata metadata) {
     }
   }
 
-  private static class MockServerListener implements ServerListener {
+  public static class MockServerListener implements ServerListener {
     public final BlockingQueue<MockServerTransportListener> listeners
         = new LinkedBlockingQueue<>();
     private final SettableFuture<?> shutdown = SettableFuture.create();
@@ -2233,7 +2199,7 @@ public MockServerTransportListener takeListenerOrFail(long timeout, TimeUnit uni
     }
   }
 
-  private static class MockServerTransportListener implements ServerTransportListener {
+  public static class MockServerTransportListener implements ServerTransportListener {
     public final ServerTransport transport;
     public final BlockingQueue<StreamCreation> streams = new LinkedBlockingQueue<>();
     private final SettableFuture<?> terminated = SettableFuture.create();
@@ -2281,8 +2247,8 @@ public StreamCreation takeStreamOrFail(long timeout, TimeUnit unit)
     }
   }
 
-  private static class ServerStreamListenerBase implements ServerStreamListener {
-    private final BlockingQueue<InputStream> messageQueue = new LinkedBlockingQueue<>();
+  public static class ServerStreamListenerBase implements ServerStreamListener {
+    public final BlockingQueue<InputStream> messageQueue = new LinkedBlockingQueue<>();
     // Would have used Void instead of Object, but null elements are not allowed
     private final BlockingQueue<Object> readyQueue = new LinkedBlockingQueue<>();
     private final CountDownLatch halfClosedLatch = new CountDownLatch(1);
@@ -2341,8 +2307,8 @@ public void closed(Status status) {
     }
   }
 
-  private static class ClientStreamListenerBase implements ClientStreamListener {
-    private final BlockingQueue<InputStream> messageQueue = new LinkedBlockingQueue<>();
+  public static class ClientStreamListenerBase implements ClientStreamListener {
+    public final BlockingQueue<InputStream> messageQueue = new LinkedBlockingQueue<>();
     // Would have used Void instead of Object, but null elements are not allowed
     private final BlockingQueue<Object> readyQueue = new LinkedBlockingQueue<>();
     private final SettableFuture<Metadata> headers = SettableFuture.create();
@@ -2399,7 +2365,7 @@ public void closed(Status status, RpcProgress rpcProgress, Metadata trailers) {
     }
   }
 
-  private static class StreamCreation {
+  public static class StreamCreation {
     public final ServerStream stream;
     public final String method;
     public final Metadata headers;
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java
index c000b66b2a2..4e711a94004 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java
@@ -94,6 +94,7 @@ public static InProcessChannelBuilder forAddress(String name, int port) {
   private ScheduledExecutorService scheduledExecutorService;
   private int maxInboundMetadataSize = Integer.MAX_VALUE;
   private boolean transportIncludeStatusCause = false;
+  private long assumedMessageSize = -1;
 
   private InProcessChannelBuilder(@Nullable SocketAddress directAddress, @Nullable String target) {
 
@@ -117,10 +118,6 @@ public ClientTransportFactory buildClientTransportFactory() {
     managedChannelImplBuilder.setStatsRecordStartedRpcs(false);
     managedChannelImplBuilder.setStatsRecordFinishedRpcs(false);
     managedChannelImplBuilder.setStatsRecordRetryMetrics(false);
-
-    // By default, In-process transport should not be retriable as that leaks memory.  Since
-    // there is no wire, bytes aren't calculated so buffer limit isn't respected
-    managedChannelImplBuilder.disableRetry();
   }
 
   @Internal
@@ -225,9 +222,24 @@ public InProcessChannelBuilder propagateCauseWithStatus(boolean enable) {
     return this;
   }
 
+  /**
+   * Assumes RPC messages are the specified size. This avoids serializing
+   * messages for metrics and retry memory tracking. This can dramatically
+   * improve performance when accurate message sizes are not needed and if
+   * nothing else needs the serialized message.
+   * @param assumedMessageSize length of InProcess transport's messageSize.
+   * @return this
+   * @throws IllegalArgumentException if assumedMessageSize is negative.
+   */
+  public InProcessChannelBuilder assumedMessageSize(long assumedMessageSize) {
+    checkArgument(assumedMessageSize >= 0, "assumedMessageSize must be >= 0");
+    this.assumedMessageSize = assumedMessageSize;
+    return this;
+  }
+
   ClientTransportFactory buildTransportFactory() {
-    return new InProcessClientTransportFactory(
-        scheduledExecutorService, maxInboundMetadataSize, transportIncludeStatusCause);
+    return new InProcessClientTransportFactory(scheduledExecutorService,
+            maxInboundMetadataSize, transportIncludeStatusCause, assumedMessageSize);
   }
 
   void setStatsEnabled(boolean value) {
@@ -243,15 +255,17 @@ static final class InProcessClientTransportFactory implements ClientTransportFac
     private final int maxInboundMetadataSize;
     private boolean closed;
     private final boolean includeCauseWithStatus;
+    private long assumedMessageSize;
 
     private InProcessClientTransportFactory(
         @Nullable ScheduledExecutorService scheduledExecutorService,
-        int maxInboundMetadataSize, boolean includeCauseWithStatus) {
+        int maxInboundMetadataSize, boolean includeCauseWithStatus, long assumedMessageSize) {
       useSharedTimer = scheduledExecutorService == null;
       timerService = useSharedTimer
           ? SharedResourceHolder.get(GrpcUtil.TIMER_SERVICE) : scheduledExecutorService;
       this.maxInboundMetadataSize = maxInboundMetadataSize;
       this.includeCauseWithStatus = includeCauseWithStatus;
+      this.assumedMessageSize = assumedMessageSize;
     }
 
     @Override
@@ -263,7 +277,7 @@ public ConnectionClientTransport newClientTransport(
       // TODO(carl-mastrangelo): Pass channelLogger in.
       return new InProcessTransport(
           addr, maxInboundMetadataSize, options.getAuthority(), options.getUserAgent(),
-          options.getEagAttributes(), includeCauseWithStatus);
+          options.getEagAttributes(), includeCauseWithStatus, assumedMessageSize);
     }
 
     @Override
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index ae8ad143d2c..ae597e34af0 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -22,6 +22,7 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Optional;
+import com.google.common.io.ByteStreams;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
 import io.grpc.Attributes;
@@ -35,6 +36,7 @@
 import io.grpc.InternalChannelz.SocketStats;
 import io.grpc.InternalLogId;
 import io.grpc.InternalMetadata;
+import io.grpc.KnownLength;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.SecurityLevel;
@@ -59,6 +61,7 @@
 import io.grpc.internal.ServerTransportListener;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.StreamListener;
+import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.net.SocketAddress;
 import java.util.ArrayDeque;
@@ -95,6 +98,8 @@ final class InProcessTransport implements ServerTransport, ConnectionClientTrans
   private ServerTransportListener serverTransportListener;
   private Attributes serverStreamAttributes;
   private ManagedClientTransport.Listener clientTransportListener;
+  // The size is assumed from the sender's side.
+  private final long assumedMessageSize;
   @GuardedBy("this")
   private boolean shutdown;
   @GuardedBy("this")
@@ -135,8 +140,8 @@ protected void handleNotInUse() {
       };
 
   private InProcessTransport(SocketAddress address, int maxInboundMetadataSize, String authority,
-      String userAgent, Attributes eagAttrs,
-      Optional<ServerListener> optionalServerListener, boolean includeCauseWithStatus) {
+      String userAgent, Attributes eagAttrs, Optional<ServerListener> optionalServerListener,
+      boolean includeCauseWithStatus, long assumedMessageSize) {
     this.address = address;
     this.clientMaxInboundMetadataSize = maxInboundMetadataSize;
     this.authority = authority;
@@ -151,22 +156,23 @@ private InProcessTransport(SocketAddress address, int maxInboundMetadataSize, St
     this.optionalServerListener = optionalServerListener;
     logId = InternalLogId.allocate(getClass(), address.toString());
     this.includeCauseWithStatus = includeCauseWithStatus;
+    this.assumedMessageSize = assumedMessageSize;
   }
 
   public InProcessTransport(
       SocketAddress address, int maxInboundMetadataSize, String authority, String userAgent,
-      Attributes eagAttrs, boolean includeCauseWithStatus) {
+      Attributes eagAttrs, boolean includeCauseWithStatus, long assumedMessageSize) {
     this(address, maxInboundMetadataSize, authority, userAgent, eagAttrs,
-        Optional.<ServerListener>absent(), includeCauseWithStatus);
+        Optional.<ServerListener>absent(), includeCauseWithStatus, assumedMessageSize);
   }
 
   InProcessTransport(
       String name, int maxInboundMetadataSize, String authority, String userAgent,
       Attributes eagAttrs, ObjectPool<ScheduledExecutorService> serverSchedulerPool,
       List<ServerStreamTracer.Factory> serverStreamTracerFactories,
-      ServerListener serverListener, boolean includeCauseWithStatus) {
+      ServerListener serverListener, boolean includeCauseWithStatus, long assumedMessageSize) {
     this(new InProcessSocketAddress(name), maxInboundMetadataSize, authority, userAgent, eagAttrs,
-        Optional.of(serverListener), includeCauseWithStatus);
+        Optional.of(serverListener), includeCauseWithStatus, assumedMessageSize);
     this.serverMaxInboundMetadataSize = maxInboundMetadataSize;
     this.serverSchedulerPool = serverSchedulerPool;
     this.serverStreamTracerFactories = serverStreamTracerFactories;
@@ -507,6 +513,22 @@ private void clientCancelled(Status status) {
 
       @Override
       public void writeMessage(InputStream message) {
+        long messageLength;
+        try {
+          if (assumedMessageSize != -1) {
+            messageLength = assumedMessageSize;
+          } else if (message instanceof KnownLength || message instanceof ByteArrayInputStream) {
+            messageLength = message.available();
+          } else {
+            InputStream oldMessage = message;
+            byte[] payload = ByteStreams.toByteArray(message);
+            messageLength = payload.length;
+            message = new ByteArrayInputStream(payload);
+            oldMessage.close();
+          }
+        } catch (Exception e) {
+          throw new RuntimeException("Error processing the message length", e);
+        }
         synchronized (this) {
           if (closed) {
             return;
@@ -515,6 +537,11 @@ public void writeMessage(InputStream message) {
           statsTraceCtx.outboundMessageSent(outboundSeqNo, -1, -1);
           clientStream.statsTraceCtx.inboundMessage(outboundSeqNo);
           clientStream.statsTraceCtx.inboundMessageRead(outboundSeqNo, -1, -1);
+          statsTraceCtx.outboundUncompressedSize(messageLength);
+          statsTraceCtx.outboundWireSize(messageLength);
+          // messageLength should be same at receiver's end as no actual wire is involved.
+          clientStream.statsTraceCtx.inboundUncompressedSize(messageLength);
+          clientStream.statsTraceCtx.inboundWireSize(messageLength);
           outboundSeqNo++;
           StreamListener.MessageProducer producer = new SingleMessageProducer(message);
           if (clientRequested > 0) {
@@ -778,6 +805,22 @@ private void serverClosed(Status serverListenerStatus, Status serverTracerStatus
 
       @Override
       public void writeMessage(InputStream message) {
+        long messageLength;
+        try {
+          if (assumedMessageSize != -1) {
+            messageLength = assumedMessageSize;
+          } else if (message instanceof KnownLength || message instanceof ByteArrayInputStream) {
+            messageLength = message.available();
+          } else {
+            InputStream oldMessage = message;
+            byte[] payload = ByteStreams.toByteArray(message);
+            messageLength = payload.length;
+            message = new ByteArrayInputStream(payload);
+            oldMessage.close();
+          }
+        } catch (Exception e) {
+          throw new RuntimeException("Error processing the message length", e);
+        }
         synchronized (this) {
           if (closed) {
             return;
@@ -786,6 +829,11 @@ public void writeMessage(InputStream message) {
           statsTraceCtx.outboundMessageSent(outboundSeqNo, -1, -1);
           serverStream.statsTraceCtx.inboundMessage(outboundSeqNo);
           serverStream.statsTraceCtx.inboundMessageRead(outboundSeqNo, -1, -1);
+          statsTraceCtx.outboundUncompressedSize(messageLength);
+          statsTraceCtx.outboundWireSize(messageLength);
+          // messageLength should be same at receiver's end as no actual wire is involved.
+          serverStream.statsTraceCtx.inboundUncompressedSize(messageLength);
+          serverStream.statsTraceCtx.inboundWireSize(messageLength);
           outboundSeqNo++;
           StreamListener.MessageProducer producer = new SingleMessageProducer(message);
           if (serverRequested > 0) {
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InternalInProcess.java b/inprocess/src/main/java/io/grpc/inprocess/InternalInProcess.java
index 680373533c8..9e08c2523fb 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InternalInProcess.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InternalInProcess.java
@@ -62,6 +62,6 @@ public static ConnectionClientTransport createInProcessTransport(
         serverSchedulerPool,
         serverStreamTracerFactories,
         serverListener,
-        includeCauseWithStatus);
+        includeCauseWithStatus, -1);
   }
 }
diff --git a/inprocess/src/test/java/io/grpc/inprocess/AnonymousInProcessTransportTest.java b/inprocess/src/test/java/io/grpc/inprocess/AnonymousInProcessTransportTest.java
index a78a604eac3..7bf884c9ff9 100644
--- a/inprocess/src/test/java/io/grpc/inprocess/AnonymousInProcessTransportTest.java
+++ b/inprocess/src/test/java/io/grpc/inprocess/AnonymousInProcessTransportTest.java
@@ -52,6 +52,6 @@ protected InternalServer newServer(
   protected ManagedClientTransport newClientTransport(InternalServer server) {
     return new InProcessTransport(
         address, GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
-        testAuthority(server), USER_AGENT, eagAttrs(), false);
+        testAuthority(server), USER_AGENT, eagAttrs(), false, -1);
   }
 }
diff --git a/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java b/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
index 420a9c4a8e7..87d7467c11f 100644
--- a/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
+++ b/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
@@ -17,6 +17,7 @@
 package io.grpc.inprocess;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import io.grpc.CallOptions;
@@ -34,15 +35,21 @@
 import io.grpc.Status.Code;
 import io.grpc.StatusRuntimeException;
 import io.grpc.internal.AbstractTransportTest;
+import io.grpc.internal.ClientStream;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.ManagedClientTransport;
+import io.grpc.internal.ServerStream;
+import io.grpc.internal.testing.TestStreamTracer;
 import io.grpc.stub.ClientCalls;
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.testing.TestMethodDescriptors;
+import java.io.InputStream;
+import java.util.Arrays;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
+import org.junit.Assert;
 import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
@@ -55,10 +62,18 @@ public class InProcessTransportTest extends AbstractTransportTest {
   private static final String TRANSPORT_NAME = "perfect-for-testing";
   private static final String AUTHORITY = "a-testing-authority";
   protected static final String USER_AGENT = "a-testing-user-agent";
+  private static final int TIMEOUT_MS = 5000;
+  private static final long TEST_MESSAGE_LENGTH = 100;
 
   @Rule
   public final GrpcCleanupRule grpcCleanupRule = new GrpcCleanupRule();
 
+  @Override
+  protected InternalServer newServer(
+      int port, List<ServerStreamTracer.Factory> streamTracerFactories) {
+    return newServer(streamTracerFactories);
+  }
+
   @Override
   protected InternalServer newServer(
       List<ServerStreamTracer.Factory> streamTracerFactories) {
@@ -68,12 +83,6 @@ protected InternalServer newServer(
     return new InProcessServer(builder, streamTracerFactories);
   }
 
-  @Override
-  protected InternalServer newServer(
-      int port, List<ServerStreamTracer.Factory> streamTracerFactories) {
-    return newServer(streamTracerFactories);
-  }
-
   @Override
   protected String testAuthority(InternalServer server) {
     return AUTHORITY;
@@ -83,14 +92,13 @@ protected String testAuthority(InternalServer server) {
   protected ManagedClientTransport newClientTransport(InternalServer server) {
     return new InProcessTransport(
         new InProcessSocketAddress(TRANSPORT_NAME), GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
-        testAuthority(server), USER_AGENT, eagAttrs(), false);
+        testAuthority(server), USER_AGENT, eagAttrs(), false, -1);
   }
 
-  @Override
-  protected boolean sizesReported() {
-    // TODO(zhangkun83): InProcessTransport doesn't record metrics for now
-    // (https://github.com/grpc/grpc-java/issues/2284)
-    return false;
+  private ManagedClientTransport newClientTransportWithAssumedMessageSize(InternalServer server) {
+    return new InProcessTransport(
+        new InProcessSocketAddress(TRANSPORT_NAME), GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+        testAuthority(server), USER_AGENT, eagAttrs(), false, TEST_MESSAGE_LENGTH);
   }
 
   @Test
@@ -170,11 +178,65 @@ public Listener<Void> startCall(ServerCall<Void, Void> call, Metadata headers) {
                     .build();
     ClientCall<Void,Void> call = channel.newCall(nonMatchMethod, CallOptions.DEFAULT);
     try {
-      ClientCalls.futureUnaryCall(call, null).get(5, TimeUnit.SECONDS);
+      ClientCalls.futureUnaryCall(call, null).get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
       fail("Call should fail.");
     } catch (ExecutionException ex) {
       StatusRuntimeException s = (StatusRuntimeException)ex.getCause();
       assertEquals(Code.UNIMPLEMENTED, s.getStatus().getCode());
     }
   }
+
+  @Test
+  public void basicStreamInProcess() throws Exception {
+    InProcessServerBuilder builder = InProcessServerBuilder
+        .forName(TRANSPORT_NAME)
+        .maxInboundMetadataSize(GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE);
+    server = new InProcessServer(builder, Arrays.asList(serverStreamTracerFactory));
+    server.start(serverListener);
+    client = newClientTransportWithAssumedMessageSize(server);
+    startTransport(client, mockClientTransportListener);
+    MockServerTransportListener serverTransportListener
+        = serverListener.takeListenerOrFail(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    serverTransport = serverTransportListener.transport;
+    // Set up client stream
+    ClientStream clientStream = client.newStream(
+        methodDescriptor, new Metadata(), CallOptions.DEFAULT, tracers);
+    ClientStreamListenerBase clientStreamListener = new ClientStreamListenerBase();
+    clientStream.start(clientStreamListener);
+    StreamCreation serverStreamCreation
+        = serverTransportListener.takeStreamOrFail(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    ServerStream serverStream = serverStreamCreation.stream;
+    ServerStreamListenerBase serverStreamListener = serverStreamCreation.listener;
+    serverStream.request(1);
+    assertTrue(clientStream.isReady());
+    // Send message from client to server
+    clientStream.writeMessage(methodDescriptor.streamRequest("Hello from client"));
+    clientStream.flush();
+    // Verify server received the message and check its size
+    InputStream message =
+        serverStreamListener.messageQueue.poll(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertEquals("Hello from client", methodDescriptor.parseRequest(message));
+    message.close();
+    clientStream.halfClose();
+    assertAssumedMessageSize(clientStreamTracer1, serverStreamTracer1);
+
+    clientStream.request(1);
+    assertTrue(serverStream.isReady());
+    serverStream.writeMessage(methodDescriptor.streamResponse("Hi from server"));
+    serverStream.flush();
+    message = clientStreamListener.messageQueue.poll(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertEquals("Hi from server", methodDescriptor.parseResponse(message));
+    assertAssumedMessageSize(serverStreamTracer1, clientStreamTracer1);
+    message.close();
+    Status status = Status.OK.withDescription("That was normal");
+    serverStream.close(status, new Metadata());
+  }
+
+  private void assertAssumedMessageSize(
+      TestStreamTracer streamTracerSender, TestStreamTracer streamTracerReceiver) {
+    Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerSender.getOutboundWireSize());
+    Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerSender.getOutboundUncompressedSize());
+    Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerReceiver.getInboundWireSize());
+    Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerReceiver.getInboundUncompressedSize());
+  }
 }
diff --git a/inprocess/src/test/java/io/grpc/inprocess/StandaloneInProcessTransportTest.java b/inprocess/src/test/java/io/grpc/inprocess/StandaloneInProcessTransportTest.java
index b1d80d53b8b..b26a5d8498d 100644
--- a/inprocess/src/test/java/io/grpc/inprocess/StandaloneInProcessTransportTest.java
+++ b/inprocess/src/test/java/io/grpc/inprocess/StandaloneInProcessTransportTest.java
@@ -83,13 +83,6 @@ protected ManagedClientTransport newClientTransport(InternalServer server) {
         false);
   }
 
-  @Override
-  protected boolean sizesReported() {
-    // TODO(zhangkun83): InProcessTransport doesn't record metrics for now
-    // (https://github.com/grpc/grpc-java/issues/2284)
-    return false;
-  }
-
   @Test
   @Ignore
   @Override
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
index 6128323154d..6003599668b 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
@@ -37,6 +37,7 @@
 import io.grpc.ClientInterceptor;
 import io.grpc.ClientInterceptors;
 import io.grpc.ClientStreamTracer;
+import io.grpc.KnownLength;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.ServerCall;
@@ -53,6 +54,7 @@
 import io.opentelemetry.api.metrics.Meter;
 import io.opentelemetry.sdk.common.InstrumentationScopeInfo;
 import io.opentelemetry.sdk.testing.junit4.OpenTelemetryRule;
+import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
 import java.util.Map;
@@ -107,7 +109,7 @@ public class OpenTelemetryMetricsModuleTest {
       { 0L, 1024L, 2048L, 4096L, 16384L, 65536L, 262144L, 1048576L, 4194304L, 16777216L,
       67108864L, 268435456L, 1073741824L, 4294967296L };
 
-  private static final class StringInputStream extends InputStream {
+  private static final class StringInputStream extends InputStream implements KnownLength {
     final String string;
 
     StringInputStream(String string) {
@@ -118,6 +120,11 @@ private static final class StringInputStream extends InputStream {
     public int read() {
       throw new UnsupportedOperationException("should not be called");
     }
+
+    @Override
+    public int available() throws IOException {
+      return string == null ? 0 : string.length();
+    }
   }
 
   private static final MethodDescriptor.Marshaller<String> MARSHALLER =
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
index 89e79d55d25..b4486bcf2e4 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
@@ -39,6 +39,7 @@
 import io.grpc.ClientInterceptor;
 import io.grpc.ClientInterceptors;
 import io.grpc.ClientStreamTracer;
+import io.grpc.KnownLength;
 import io.grpc.ManagedChannel;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
@@ -73,6 +74,7 @@
 import io.opentelemetry.sdk.testing.junit4.OpenTelemetryRule;
 import io.opentelemetry.sdk.trace.data.EventData;
 import io.opentelemetry.sdk.trace.data.SpanData;
+import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
 import java.util.List;
@@ -102,7 +104,7 @@ public class OpenTelemetryTracingModuleTest {
   private static final CallOptions CALL_OPTIONS =
       CallOptions.DEFAULT.withOption(CUSTOM_OPTION, "customvalue");
 
-  private static class StringInputStream extends InputStream {
+  private static class StringInputStream extends InputStream implements KnownLength {
     final String string;
 
     StringInputStream(String string) {
@@ -111,10 +113,15 @@ private static class StringInputStream extends InputStream {
 
     @Override
     public int read() {
-      // InProcessTransport doesn't actually read bytes from the InputStream.  The InputStream is
+      // InProcessTransport doesn't actually read bytes from the InputStream. The InputStream is
       // passed to the InProcess server and consumed by MARSHALLER.parse().
       throw new UnsupportedOperationException("Should not be called");
     }
+
+    @Override
+    public int available() throws IOException {
+      return string == null ? 0 : string.length();
+    }
   }
 
   private static final MethodDescriptor.Marshaller<String> MARSHALLER =

From 36e29abf4168646b4e3866061c00b5cbea6fcead Mon Sep 17 00:00:00 2001
From: jiangyuan <469391363@qq.com>
Date: Tue, 15 Oct 2024 03:33:06 +0800
Subject: [PATCH 048/591] fix XdsTestServer/TestServiceServer listenAddresses
 conflict (#11612)

---
 .../grpc/testing/integration/TestServiceServer.java | 12 ++++++++----
 .../io/grpc/testing/integration/XdsTestServer.java  | 13 ++++++++-----
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java
index 01cccf98044..fc4cdf9178f 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceServer.java
@@ -180,18 +180,22 @@ void start() throws Exception {
         break;
       case IPV4:
         SocketAddress v4Address = Util.getV4Address(port);
+        InetSocketAddress localV4Address = new InetSocketAddress("127.0.0.1", port);
         serverBuilder =
-            NettyServerBuilder.forAddress(new InetSocketAddress("127.0.0.1", port), serverCreds);
-        if (v4Address == null) {
+            NettyServerBuilder.forAddress(localV4Address, serverCreds);
+        if (v4Address != null && !v4Address.equals(localV4Address)) {
           ((NettyServerBuilder) serverBuilder).addListenAddress(v4Address);
         }
         break;
       case IPV6:
         List<SocketAddress> v6Addresses = Util.getV6Addresses(port);
+        InetSocketAddress localV6Address = new InetSocketAddress("::1", port);
         serverBuilder =
-            NettyServerBuilder.forAddress(new InetSocketAddress("::1", port), serverCreds);
+            NettyServerBuilder.forAddress(localV6Address, serverCreds);
         for (SocketAddress address : v6Addresses) {
-          ((NettyServerBuilder)serverBuilder).addListenAddress(address);
+          if (!address.equals(localV6Address)) {
+            ((NettyServerBuilder) serverBuilder).addListenAddress(address);
+          }
         }
         break;
       default:
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
index 8c61f2eb2ad..2f1625d1581 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
@@ -242,18 +242,21 @@ void start() throws Exception {
           break;
         case IPV4:
           SocketAddress v4Address = Util.getV4Address(port);
+          InetSocketAddress localV4Address = new InetSocketAddress("127.0.0.1", port);
           serverBuilder = NettyServerBuilder.forAddress(
-              new InetSocketAddress("127.0.0.1", port), insecureServerCreds);
-          if (v4Address != null) {
+                  localV4Address, insecureServerCreds);
+          if (v4Address != null && !v4Address.equals(localV4Address) ) {
             ((NettyServerBuilder) serverBuilder).addListenAddress(v4Address);
           }
           break;
         case IPV6:
           List<SocketAddress> v6Addresses = Util.getV6Addresses(port);
-          serverBuilder = NettyServerBuilder.forAddress(
-                  new InetSocketAddress("::1", port), insecureServerCreds);
+          InetSocketAddress localV6Address = new InetSocketAddress("::1", port);
+          serverBuilder = NettyServerBuilder.forAddress(localV6Address, insecureServerCreds);
           for (SocketAddress address : v6Addresses) {
-            ((NettyServerBuilder)serverBuilder).addListenAddress(address);
+            if (!address.equals(localV6Address)) {
+              ((NettyServerBuilder) serverBuilder).addListenAddress(address);
+            }
           }
           break;
         default:

From 99f86835ed8a1c960d532e58b5fd51ec1bb99825 Mon Sep 17 00:00:00 2001
From: Naveen Prasanna V <80662475+NaveenPrasannaV@users.noreply.github.com>
Date: Wed, 16 Oct 2024 21:53:22 +0530
Subject: [PATCH 049/591] stub: Ignore unary response on server if status is
 not OK

Fixes #5969
---
 .../main/java/io/grpc/stub/ServerCalls.java   | 24 +++++++--
 .../java/io/grpc/stub/ServerCallsTest.java    | 54 +++++++++++++++++++
 2 files changed, 74 insertions(+), 4 deletions(-)

diff --git a/stub/src/main/java/io/grpc/stub/ServerCalls.java b/stub/src/main/java/io/grpc/stub/ServerCalls.java
index 7990a5b34c0..6c444551530 100644
--- a/stub/src/main/java/io/grpc/stub/ServerCalls.java
+++ b/stub/src/main/java/io/grpc/stub/ServerCalls.java
@@ -335,6 +335,7 @@ private static final class ServerCallStreamObserverImpl<ReqT, RespT>
     private boolean aborted = false;
     private boolean completed = false;
     private Runnable onCloseHandler;
+    private RespT unaryResponse;
 
     // Non private to avoid synthetic class
     ServerCallStreamObserverImpl(ServerCall<ReqT, RespT> call, boolean serverStreamingOrBidi) {
@@ -373,15 +374,22 @@ public void onNext(RespT response) {
       }
       checkState(!aborted, "Stream was terminated by error, no further calls are allowed");
       checkState(!completed, "Stream is already completed, no further calls are allowed");
-      if (!sentHeaders) {
-        call.sendHeaders(new Metadata());
-        sentHeaders = true;
+      if (serverStreamingOrBidi) {
+        if (!sentHeaders) {
+          call.sendHeaders(new Metadata());
+          sentHeaders = true;
+        }
+        call.sendMessage(response);
+      } else {
+        unaryResponse = response;
       }
-      call.sendMessage(response);
     }
 
     @Override
     public void onError(Throwable t) {
+      if (!serverStreamingOrBidi) {
+        unaryResponse = null;
+      }
       Metadata metadata = Status.trailersFromThrowable(t);
       if (metadata == null) {
         metadata = new Metadata();
@@ -392,6 +400,14 @@ public void onError(Throwable t) {
 
     @Override
     public void onCompleted() {
+      if (!serverStreamingOrBidi && unaryResponse != null) {
+        if (!sentHeaders) {
+          call.sendHeaders(new Metadata());
+          sentHeaders = true;
+        }
+        call.sendMessage(unaryResponse);
+        unaryResponse = null;
+      }
       call.close(Status.OK, new Metadata());
       completed = true;
     }
diff --git a/stub/src/test/java/io/grpc/stub/ServerCallsTest.java b/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
index 1e51ac10110..8d65be19e20 100644
--- a/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
+++ b/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
@@ -33,6 +33,7 @@
 import io.grpc.ServerServiceDefinition;
 import io.grpc.ServiceDescriptor;
 import io.grpc.Status;
+import io.grpc.Status.Code;
 import io.grpc.StatusRuntimeException;
 import io.grpc.inprocess.InProcessChannelBuilder;
 import io.grpc.inprocess.InProcessServerBuilder;
@@ -620,6 +621,59 @@ public void onClose(Status status, Metadata trailers) {
     assertArrayEquals(new int[]{0, 1, 1, 2, 2, 2}, receivedMessages);
   }
 
+  @Test
+  public void serverUnaryResponseMsgWithOkStatus() {
+    ServerCallHandler<Integer, Integer> serverCallHandler =
+        ServerCalls.asyncUnaryCall(
+            new ServerCalls.UnaryMethod<Integer, Integer>() {
+              @Override
+              public void invoke(Integer request, StreamObserver<Integer> responseObserver) {
+                responseObserver.onNext(request);
+                responseObserver.onCompleted();
+              }
+            });
+    ServerCall.Listener<Integer> callListener =
+        serverCallHandler.startCall(serverCall, new Metadata());
+    serverCall.isReady = true;
+    serverCall.isCancelled = false;
+    callListener.onReady();
+    callListener.onMessage(1);
+    callListener.onHalfClose();
+
+    assertThat(serverCall.status.getCode()).isEqualTo(Code.OK);
+    assertThat(serverCall.responses).containsExactly(1);
+  }
+
+  @Test
+  public void serverUnaryResponseMsgWithNotOkStatus() {
+    ServerCallHandler<Integer, Integer> serverCallHandler =
+        ServerCalls.asyncUnaryCall(
+            new ServerCalls.UnaryMethod<Integer, Integer>() {
+              @Override
+              public void invoke(Integer request, StreamObserver<Integer> responseObserver) {
+                responseObserver.onNext(request);
+                responseObserver.onError(
+                    Status.INTERNAL
+                        .withDescription("Response message is null for unary call")
+                        .asRuntimeException());
+              }
+            });
+
+    ServerCall.Listener<Integer> callListener =
+        serverCallHandler.startCall(serverCall, new Metadata());
+
+    serverCall.isReady = true;
+    serverCall.isCancelled = false;
+    callListener.onReady();
+    callListener.onMessage(1);
+    callListener.onHalfClose();
+
+    assertThat(serverCall.status.getCode()).isEqualTo(Code.INTERNAL);
+    assertThat(serverCall.status.getDescription())
+        .isEqualTo("Response message is null for unary call");
+    assertThat(serverCall.responses).isEmpty();
+  }
+
   public static class IntegerMarshaller implements MethodDescriptor.Marshaller<Integer> {
     @Override
     public InputStream stream(Integer value) {

From b692b9d26ebd5fc9df711ce9412bba8956b07969 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 15 Oct 2024 12:50:38 -0700
Subject: [PATCH 050/591] core: Handle NR/LB exceptions when panicking

If a panic is followed a panic, we'd ignore the second. But if an
exception happens while entering panic mode we may fail to update the
picker with the first error. This is "fine" from a correctness
standpoint; all bets are off when panicking and we've already logged the
first error. But failing RPCs can often be more easily seen than just
the log.

Noticed because of http://yaqs/8493785598685872128
---
 .../io/grpc/internal/ManagedChannelImpl.java  | 34 ++++++-------------
 1 file changed, 10 insertions(+), 24 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index cda4299acec..b89a126517f 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -779,30 +779,16 @@ void panic(final Throwable t) {
       return;
     }
     panicMode = true;
-    cancelIdleTimer(/* permanent= */ true);
-    shutdownNameResolverAndLoadBalancer(false);
-    final class PanicSubchannelPicker extends SubchannelPicker {
-      private final PickResult panicPickResult =
-          PickResult.withDrop(
-              Status.INTERNAL.withDescription("Panic! This is a bug!").withCause(t));
-
-      @Override
-      public PickResult pickSubchannel(PickSubchannelArgs args) {
-        return panicPickResult;
-      }
-
-      @Override
-      public String toString() {
-        return MoreObjects.toStringHelper(PanicSubchannelPicker.class)
-            .add("panicPickResult", panicPickResult)
-            .toString();
-      }
+    try {
+      cancelIdleTimer(/* permanent= */ true);
+      shutdownNameResolverAndLoadBalancer(false);
+    } finally {
+      updateSubchannelPicker(new LoadBalancer.FixedResultPicker(PickResult.withDrop(
+          Status.INTERNAL.withDescription("Panic! This is a bug!").withCause(t))));
+      realChannel.updateConfigSelector(null);
+      channelLogger.log(ChannelLogLevel.ERROR, "PANIC! Entering TRANSIENT_FAILURE");
+      channelStateManager.gotoState(TRANSIENT_FAILURE);
     }
-
-    updateSubchannelPicker(new PanicSubchannelPicker());
-    realChannel.updateConfigSelector(null);
-    channelLogger.log(ChannelLogLevel.ERROR, "PANIC! Entering TRANSIENT_FAILURE");
-    channelStateManager.gotoState(TRANSIENT_FAILURE);
   }
 
   @VisibleForTesting
@@ -1404,7 +1390,7 @@ public void updateBalancingState(
       final class UpdateBalancingState implements Runnable {
         @Override
         public void run() {
-          if (LbHelperImpl.this != lbHelper) {
+          if (LbHelperImpl.this != lbHelper || panicMode) {
             return;
           }
           updateSubchannelPicker(newPicker);

From 84d30afad6fb966ab9b59fff0b381cc57129d958 Mon Sep 17 00:00:00 2001
From: Vindhya Ningegowda <DNVindhya@users.noreply.github.com>
Date: Wed, 16 Oct 2024 16:12:27 -0700
Subject: [PATCH 051/591] Get  mesh_id local label from "CSM_MESH_ID"
 environment variable, rather than parsing from bootstrap file (#11621)

---
 .../csm/observability/MetadataExchanger.java  | 37 +----------
 .../observability/CsmObservabilityTest.java   | 65 +++++--------------
 .../observability/MetadataExchangerTest.java  | 59 ++---------------
 3 files changed, 27 insertions(+), 134 deletions(-)

diff --git a/gcp-csm-observability/src/main/java/io/grpc/gcp/csm/observability/MetadataExchanger.java b/gcp-csm-observability/src/main/java/io/grpc/gcp/csm/observability/MetadataExchanger.java
index bf76c2532bc..5f05d52c7e7 100644
--- a/gcp-csm-observability/src/main/java/io/grpc/gcp/csm/observability/MetadataExchanger.java
+++ b/gcp-csm-observability/src/main/java/io/grpc/gcp/csm/observability/MetadataExchanger.java
@@ -16,7 +16,6 @@
 
 package io.grpc.gcp.csm.observability;
 
-import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.common.io.BaseEncoding;
 import com.google.protobuf.Struct;
@@ -29,12 +28,9 @@
 import io.grpc.ServerCallHandler;
 import io.grpc.ServerInterceptor;
 import io.grpc.Status;
-import io.grpc.internal.JsonParser;
-import io.grpc.internal.JsonUtil;
 import io.grpc.opentelemetry.InternalOpenTelemetryPlugin;
 import io.grpc.protobuf.ProtoUtils;
 import io.grpc.xds.ClusterImplLoadBalancerProvider;
-import io.grpc.xds.InternalGrpcBootstrapperImpl;
 import io.opentelemetry.api.common.AttributeKey;
 import io.opentelemetry.api.common.Attributes;
 import io.opentelemetry.api.common.AttributesBuilder;
@@ -43,8 +39,6 @@
 import java.net.URI;
 import java.util.Map;
 import java.util.function.Consumer;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 
 /**
  * OpenTelemetryPlugin implementing metadata-based workload property exchange for both client and
@@ -52,7 +46,6 @@
  * and remote details to metrics.
  */
 final class MetadataExchanger implements InternalOpenTelemetryPlugin {
-  private static final Logger logger = Logger.getLogger(MetadataExchanger.class.getName());
 
   private static final AttributeKey<String> CLOUD_PLATFORM =
       AttributeKey.stringKey("cloud.platform");
@@ -89,11 +82,10 @@ final class MetadataExchanger implements InternalOpenTelemetryPlugin {
   public MetadataExchanger() {
     this(
         addOtelResourceAttributes(new GCPResourceProvider().getAttributes()),
-        System::getenv,
-        InternalGrpcBootstrapperImpl::getJsonContent);
+        System::getenv);
   }
 
-  MetadataExchanger(Attributes platformAttributes, Lookup env, Supplier<String> xdsBootstrap) {
+  MetadataExchanger(Attributes platformAttributes, Lookup env) {
     String type = platformAttributes.get(CLOUD_PLATFORM);
     String canonicalService = env.get("CSM_CANONICAL_SERVICE_NAME");
     Struct.Builder struct = Struct.newBuilder();
@@ -121,7 +113,7 @@ public MetadataExchanger() {
     localMetadata = BaseEncoding.base64().encode(struct.build().toByteArray());
 
     localAttributes = Attributes.builder()
-        .put("csm.mesh_id", nullIsUnknown(getMeshId(xdsBootstrap)))
+        .put("csm.mesh_id", nullIsUnknown(env.get("CSM_MESH_ID")))
         .put("csm.workload_canonical_service", nullIsUnknown(canonicalService))
         .build();
   }
@@ -162,29 +154,6 @@ private static Attributes addOtelResourceAttributes(Attributes platformAttribute
     return builder.build();
   }
 
-  @VisibleForTesting
-  static String getMeshId(Supplier<String> xdsBootstrap) {
-    try {
-      @SuppressWarnings("unchecked")
-      Map<String, ?> rawBootstrap = (Map<String, ?>) JsonParser.parse(xdsBootstrap.get());
-      Map<String, ?> node = JsonUtil.getObject(rawBootstrap, "node");
-      String id = JsonUtil.getString(node, "id");
-      Preconditions.checkNotNull(id, "id");
-      String[] parts = id.split("/", 6);
-      if (!(parts.length == 6
-          && parts[0].equals("projects")
-          && parts[2].equals("networks")
-          && parts[3].startsWith("mesh:")
-          && parts[4].equals("nodes"))) {
-        throw new Exception("node id didn't match mesh format: " + id);
-      }
-      return parts[3].substring("mesh:".length());
-    } catch (Exception e) {
-      logger.log(Level.INFO, "Failed to determine mesh ID for CSM", e);
-      return null;
-    }
-  }
-
   private void addLabels(AttributesBuilder to, Struct struct) {
     to.putAll(localAttributes);
     Map<String, Value> remote = struct.getFieldsMap();
diff --git a/gcp-csm-observability/src/test/java/io/grpc/gcp/csm/observability/CsmObservabilityTest.java b/gcp-csm-observability/src/test/java/io/grpc/gcp/csm/observability/CsmObservabilityTest.java
index 878bf30ce34..aba2c43c44f 100644
--- a/gcp-csm-observability/src/test/java/io/grpc/gcp/csm/observability/CsmObservabilityTest.java
+++ b/gcp-csm-observability/src/test/java/io/grpc/gcp/csm/observability/CsmObservabilityTest.java
@@ -77,17 +77,14 @@ public void tearDown() {
 
   @Test
   public void unknownDataExchange() throws Exception {
-    String xdsBootstrap = "";
     MetadataExchanger clientExchanger = new MetadataExchanger(
         Attributes.builder().build(),
-        ImmutableMap.<String, String>of()::get,
-        () -> xdsBootstrap);
+        ImmutableMap.<String, String>of()::get);
     CsmObservability.Builder clientCsmBuilder = new CsmObservability.Builder(clientExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
     MetadataExchanger serverExchanger = new MetadataExchanger(
         Attributes.builder().build(),
-        ImmutableMap.<String, String>of()::get,
-        () -> xdsBootstrap);
+        ImmutableMap.<String, String>of()::get);
     CsmObservability.Builder serverCsmBuilder = new CsmObservability.Builder(serverExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
 
@@ -140,11 +137,9 @@ public void unknownDataExchange() throws Exception {
 
   @Test
   public void nonCsmServer() throws Exception {
-    String xdsBootstrap = "";
     MetadataExchanger clientExchanger = new MetadataExchanger(
         Attributes.builder().build(),
-        ImmutableMap.<String, String>of()::get,
-        () -> xdsBootstrap);
+        ImmutableMap.<String, String>of()::get);
     CsmObservability.Builder clientCsmBuilder = new CsmObservability.Builder(clientExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
 
@@ -205,19 +200,16 @@ public void nonCsmServer() throws Exception {
 
   @Test
   public void nonCsmClient() throws Exception {
-    String xdsBootstrap = "";
     MetadataExchanger clientExchanger = new MetadataExchanger(
         Attributes.builder()
             .put(stringKey("cloud.platform"), "gcp_kubernetes_engine")
             .build(),
-        ImmutableMap.<String, String>of()::get,
-        () -> xdsBootstrap);
+        ImmutableMap.<String, String>of()::get);
     CsmObservability.Builder clientCsmBuilder = new CsmObservability.Builder(clientExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
     MetadataExchanger serverExchanger = new MetadataExchanger(
         Attributes.builder().build(),
-        ImmutableMap.<String, String>of()::get,
-        () -> xdsBootstrap);
+        ImmutableMap.<String, String>of()::get);
     CsmObservability.Builder serverCsmBuilder = new CsmObservability.Builder(serverExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
 
@@ -262,11 +254,6 @@ public void nonCsmClient() throws Exception {
 
   @Test
   public void k8sExchange() throws Exception {
-    // Purposefully use a different project ID in the bootstrap than the resource, as the mesh could
-    // be in a different project than the running account.
-    String clientBootstrap = "{\"node\": {"
-        + "\"id\": \"projects/12/networks/mesh:mymesh/nodes/a6420022-cbc5-4e10-808c-507e3fc95f2e\""
-        + "}}";
     MetadataExchanger clientExchanger = new MetadataExchanger(
         Attributes.builder()
             .put(stringKey("cloud.platform"), "gcp_kubernetes_engine")
@@ -277,13 +264,10 @@ public void k8sExchange() throws Exception {
             .build(),
         ImmutableMap.of(
             "CSM_CANONICAL_SERVICE_NAME", "canon-service-is-a-client",
-            "CSM_WORKLOAD_NAME", "best-client")::get,
-        () -> clientBootstrap);
+            "CSM_WORKLOAD_NAME", "best-client",
+            "CSM_MESH_ID", "mymesh")::get);
     CsmObservability.Builder clientCsmBuilder = new CsmObservability.Builder(clientExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
-    String serverBootstrap = "{\"node\": {"
-        + "\"id\": \"projects/34/networks/mesh:meshhh/nodes/4969ef19-24b6-44c0-baf3-86d188ff5967\""
-        + "}}";
     MetadataExchanger serverExchanger = new MetadataExchanger(
         Attributes.builder()
             .put(stringKey("cloud.platform"), "gcp_kubernetes_engine")
@@ -295,8 +279,8 @@ public void k8sExchange() throws Exception {
             .build(),
         ImmutableMap.of(
             "CSM_CANONICAL_SERVICE_NAME", "server-has-a-single-name",
-            "CSM_WORKLOAD_NAME", "fast-server")::get,
-        () -> serverBootstrap);
+            "CSM_WORKLOAD_NAME", "fast-server",
+            "CSM_MESH_ID", "meshhh")::get);
     CsmObservability.Builder serverCsmBuilder = new CsmObservability.Builder(serverExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
 
@@ -366,11 +350,6 @@ public void k8sExchange() throws Exception {
 
   @Test
   public void gceExchange() throws Exception {
-    // Purposefully use a different project ID in the bootstrap than the resource, as the mesh could
-    // be in a different project than the running account.
-    String clientBootstrap = "{\"node\": {"
-        + "\"id\": \"projects/12/networks/mesh:mymesh/nodes/a6420022-cbc5-4e10-808c-507e3fc95f2e\""
-        + "}}";
     MetadataExchanger clientExchanger = new MetadataExchanger(
         Attributes.builder()
             .put(stringKey("cloud.platform"), "gcp_compute_engine")
@@ -379,13 +358,10 @@ public void gceExchange() throws Exception {
             .build(),
         ImmutableMap.of(
             "CSM_CANONICAL_SERVICE_NAME", "canon-service-is-a-client",
-            "CSM_WORKLOAD_NAME", "best-client")::get,
-        () -> clientBootstrap);
+            "CSM_WORKLOAD_NAME", "best-client",
+            "CSM_MESH_ID", "mymesh")::get);
     CsmObservability.Builder clientCsmBuilder = new CsmObservability.Builder(clientExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
-    String serverBootstrap = "{\"node\": {"
-        + "\"id\": \"projects/34/networks/mesh:meshhh/nodes/4969ef19-24b6-44c0-baf3-86d188ff5967\""
-        + "}}";
     MetadataExchanger serverExchanger = new MetadataExchanger(
         Attributes.builder()
             .put(stringKey("cloud.platform"), "gcp_compute_engine")
@@ -395,8 +371,8 @@ public void gceExchange() throws Exception {
             .build(),
         ImmutableMap.of(
             "CSM_CANONICAL_SERVICE_NAME", "server-has-a-single-name",
-            "CSM_WORKLOAD_NAME", "fast-server")::get,
-        () -> serverBootstrap);
+            "CSM_WORKLOAD_NAME", "fast-server",
+            "CSM_MESH_ID", "meshhh")::get);
     CsmObservability.Builder serverCsmBuilder = new CsmObservability.Builder(serverExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
 
@@ -456,9 +432,6 @@ public void gceExchange() throws Exception {
 
   @Test
   public void trailersOnly() throws Exception {
-    String clientBootstrap = "{\"node\": {"
-        + "\"id\": \"projects/12/networks/mesh:mymesh/nodes/a6420022-cbc5-4e10-808c-507e3fc95f2e\""
-        + "}}";
     MetadataExchanger clientExchanger = new MetadataExchanger(
         Attributes.builder()
             .put(stringKey("cloud.platform"), "gcp_compute_engine")
@@ -467,13 +440,11 @@ public void trailersOnly() throws Exception {
             .build(),
         ImmutableMap.of(
             "CSM_CANONICAL_SERVICE_NAME", "canon-service-is-a-client",
-            "CSM_WORKLOAD_NAME", "best-client")::get,
-        () -> clientBootstrap);
+            "CSM_WORKLOAD_NAME", "best-client",
+            "CSM_MESH_ID", "mymesh")::get);
     CsmObservability.Builder clientCsmBuilder = new CsmObservability.Builder(clientExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
-    String serverBootstrap = "{\"node\": {"
-        + "\"id\": \"projects/34/networks/mesh:meshhh/nodes/4969ef19-24b6-44c0-baf3-86d188ff5967\""
-        + "}}";
+
     MetadataExchanger serverExchanger = new MetadataExchanger(
         Attributes.builder()
             .put(stringKey("cloud.platform"), "gcp_compute_engine")
@@ -483,8 +454,8 @@ public void trailersOnly() throws Exception {
             .build(),
         ImmutableMap.of(
             "CSM_CANONICAL_SERVICE_NAME", "server-has-a-single-name",
-            "CSM_WORKLOAD_NAME", "fast-server")::get,
-        () -> serverBootstrap);
+            "CSM_WORKLOAD_NAME", "fast-server",
+            "CSM_MESH_ID", "meshhh")::get);
     CsmObservability.Builder serverCsmBuilder = new CsmObservability.Builder(serverExchanger)
         .sdk(openTelemetryTesting.getOpenTelemetry());
 
diff --git a/gcp-csm-observability/src/test/java/io/grpc/gcp/csm/observability/MetadataExchangerTest.java b/gcp-csm-observability/src/test/java/io/grpc/gcp/csm/observability/MetadataExchangerTest.java
index 20665e502f7..cc3472be182 100644
--- a/gcp-csm-observability/src/test/java/io/grpc/gcp/csm/observability/MetadataExchangerTest.java
+++ b/gcp-csm-observability/src/test/java/io/grpc/gcp/csm/observability/MetadataExchangerTest.java
@@ -33,56 +33,11 @@
 /** Tests for {@link MetadataExchanger}. */
 @RunWith(JUnit4.class)
 public final class MetadataExchangerTest {
-  @Test
-  public void getMeshId_findsMeshId() {
-    assertThat(MetadataExchanger.getMeshId(() ->
-        "{\"node\":{\"id\":\"projects/12/networks/mesh:mine/nodes/uu-id\"}}"))
-        .isEqualTo("mine");
-    assertThat(MetadataExchanger.getMeshId(() ->
-          "{\"node\":{\"id\":\"projects/1234567890/networks/mesh:mine/nodes/uu-id\", "
-          + "\"unknown\": \"\"}, \"unknown\": \"\"}"))
-        .isEqualTo("mine");
-  }
-
-  @Test
-  public void getMeshId_returnsNullOnBadMeshId() {
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "[\"node\"]"))
-        .isNull();
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"node\":[\"id\"]}}"))
-        .isNull();
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"node\":{\"id\":[\"projects/12/networks/mesh:mine/nodes/uu-id\"]}}"))
-        .isNull();
-
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"NODE\":{\"id\":\"projects/12/networks/mesh:mine/nodes/uu-id\"}}"))
-        .isNull();
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"node\":{\"ID\":\"projects/12/networks/mesh:mine/nodes/uu-id\"}}"))
-        .isNull();
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"node\":{\"id\":\"projects/12/networks/mesh:mine\"}}"))
-        .isNull();
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"node\":{\"id\":\"PROJECTS/12/networks/mesh:mine/nodes/uu-id\"}}"))
-        .isNull();
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"node\":{\"id\":\"projects/12/NETWORKS/mesh:mine/nodes/uu-id\"}}"))
-        .isNull();
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"node\":{\"id\":\"projects/12/networks/MESH:mine/nodes/uu-id\"}}"))
-        .isNull();
-    assertThat(MetadataExchanger.getMeshId(
-            () -> "{\"node\":{\"id\":\"projects/12/networks/mesh:mine/NODES/uu-id\"}}"))
-        .isNull();
-  }
 
   @Test
   public void enablePluginForChannel_matches() {
     MetadataExchanger exchanger =
-        new MetadataExchanger(Attributes.builder().build(), (name) -> null, () -> "");
+        new MetadataExchanger(Attributes.builder().build(), (name) -> null);
     assertThat(exchanger.enablePluginForChannel("xds:///testing")).isTrue();
     assertThat(exchanger.enablePluginForChannel("xds:/testing")).isTrue();
     assertThat(exchanger.enablePluginForChannel(
@@ -92,7 +47,7 @@ public void enablePluginForChannel_matches() {
   @Test
   public void enablePluginForChannel_doesNotMatch() {
     MetadataExchanger exchanger =
-        new MetadataExchanger(Attributes.builder().build(), (name) -> null, () -> "");
+        new MetadataExchanger(Attributes.builder().build(), (name) -> null);
     assertThat(exchanger.enablePluginForChannel("dns:///localhost")).isFalse();
     assertThat(exchanger.enablePluginForChannel("xds:///[]")).isFalse();
     assertThat(exchanger.enablePluginForChannel("xds://my-xds-server/testing")).isFalse();
@@ -101,7 +56,7 @@ public void enablePluginForChannel_doesNotMatch() {
   @Test
   public void addLabels_receivedWrongType() {
     MetadataExchanger exchanger =
-        new MetadataExchanger(Attributes.builder().build(), (name) -> null, () -> "");
+        new MetadataExchanger(Attributes.builder().build(), (name) -> null);
     Metadata metadata = new Metadata();
     metadata.put(Metadata.Key.of("x-envoy-peer-metadata", Metadata.ASCII_STRING_MARSHALLER),
         BaseEncoding.base64().encode(Struct.newBuilder()
@@ -122,7 +77,7 @@ public void addLabels_receivedWrongType() {
   @Test
   public void addLabelsFromExchange_unknownGcpType() {
     MetadataExchanger exchanger =
-        new MetadataExchanger(Attributes.builder().build(), (name) -> null, () -> "");
+        new MetadataExchanger(Attributes.builder().build(), (name) -> null);
     Metadata metadata = new Metadata();
     metadata.put(Metadata.Key.of("x-envoy-peer-metadata", Metadata.ASCII_STRING_MARSHALLER),
         BaseEncoding.base64().encode(Struct.newBuilder()
@@ -153,8 +108,7 @@ public void addMetadata_k8s() throws Exception {
             .build(),
         ImmutableMap.of(
             "CSM_CANONICAL_SERVICE_NAME", "myservice1",
-            "CSM_WORKLOAD_NAME", "myworkload1")::get,
-        () -> "");
+            "CSM_WORKLOAD_NAME", "myworkload1")::get);
     Metadata metadata = new Metadata();
     exchanger.newClientCallPlugin().addMetadata(metadata);
 
@@ -182,8 +136,7 @@ public void addMetadata_gce() throws Exception {
             .build(),
         ImmutableMap.of(
             "CSM_CANONICAL_SERVICE_NAME", "myservice1",
-            "CSM_WORKLOAD_NAME", "myworkload1")::get,
-        () -> "");
+            "CSM_WORKLOAD_NAME", "myworkload1")::get);
     Metadata metadata = new Metadata();
     exchanger.newClientCallPlugin().addMetadata(metadata);
 

From 23ebf364d46205bfbc1e25d7d1e57e475731ad97 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 8 Oct 2024 13:41:55 -0700
Subject: [PATCH 052/591] inprocess: Delete "standalone" internal transport

This had been used for a time with a combined inprocess+binder server.
However, just having multiple servers worked fine and this is no longer
used/needed.
---
 .../io/grpc/inprocess/InProcessTransport.java |  46 +----
 .../io/grpc/inprocess/InternalInProcess.java  |  67 -------
 .../StandaloneInProcessTransportTest.java     | 164 ------------------
 3 files changed, 9 insertions(+), 268 deletions(-)
 delete mode 100644 inprocess/src/main/java/io/grpc/inprocess/InternalInProcess.java
 delete mode 100644 inprocess/src/test/java/io/grpc/inprocess/StandaloneInProcessTransportTest.java

diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index ae597e34af0..0d173b96711 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -21,7 +21,6 @@
 import static java.lang.Math.max;
 
 import com.google.common.base.MoreObjects;
-import com.google.common.base.Optional;
 import com.google.common.io.ByteStreams;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
@@ -54,7 +53,6 @@
 import io.grpc.internal.ManagedClientTransport;
 import io.grpc.internal.NoopClientStream;
 import io.grpc.internal.ObjectPool;
-import io.grpc.internal.ServerListener;
 import io.grpc.internal.ServerStream;
 import io.grpc.internal.ServerStreamListener;
 import io.grpc.internal.ServerTransport;
@@ -90,7 +88,6 @@ final class InProcessTransport implements ServerTransport, ConnectionClientTrans
   private final int clientMaxInboundMetadataSize;
   private final String authority;
   private final String userAgent;
-  private final Optional<ServerListener> optionalServerListener;
   private int serverMaxInboundMetadataSize;
   private final boolean includeCauseWithStatus;
   private ObjectPool<ScheduledExecutorService> serverSchedulerPool;
@@ -139,8 +136,8 @@ protected void handleNotInUse() {
         }
       };
 
-  private InProcessTransport(SocketAddress address, int maxInboundMetadataSize, String authority,
-      String userAgent, Attributes eagAttrs, Optional<ServerListener> optionalServerListener,
+  public InProcessTransport(SocketAddress address, int maxInboundMetadataSize, String authority,
+      String userAgent, Attributes eagAttrs,
       boolean includeCauseWithStatus, long assumedMessageSize) {
     this.address = address;
     this.clientMaxInboundMetadataSize = maxInboundMetadataSize;
@@ -153,48 +150,23 @@ private InProcessTransport(SocketAddress address, int maxInboundMetadataSize, St
         .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, address)
         .set(Grpc.TRANSPORT_ATTR_LOCAL_ADDR, address)
         .build();
-    this.optionalServerListener = optionalServerListener;
     logId = InternalLogId.allocate(getClass(), address.toString());
     this.includeCauseWithStatus = includeCauseWithStatus;
     this.assumedMessageSize = assumedMessageSize;
   }
 
-  public InProcessTransport(
-      SocketAddress address, int maxInboundMetadataSize, String authority, String userAgent,
-      Attributes eagAttrs, boolean includeCauseWithStatus, long assumedMessageSize) {
-    this(address, maxInboundMetadataSize, authority, userAgent, eagAttrs,
-        Optional.<ServerListener>absent(), includeCauseWithStatus, assumedMessageSize);
-  }
-
-  InProcessTransport(
-      String name, int maxInboundMetadataSize, String authority, String userAgent,
-      Attributes eagAttrs, ObjectPool<ScheduledExecutorService> serverSchedulerPool,
-      List<ServerStreamTracer.Factory> serverStreamTracerFactories,
-      ServerListener serverListener, boolean includeCauseWithStatus, long assumedMessageSize) {
-    this(new InProcessSocketAddress(name), maxInboundMetadataSize, authority, userAgent, eagAttrs,
-        Optional.of(serverListener), includeCauseWithStatus, assumedMessageSize);
-    this.serverMaxInboundMetadataSize = maxInboundMetadataSize;
-    this.serverSchedulerPool = serverSchedulerPool;
-    this.serverStreamTracerFactories = serverStreamTracerFactories;
-  }
-
   @CheckReturnValue
   @Override
   public synchronized Runnable start(ManagedClientTransport.Listener listener) {
     this.clientTransportListener = listener;
-    if (optionalServerListener.isPresent()) {
+    InProcessServer server = InProcessServer.findServer(address);
+    if (server != null) {
+      serverMaxInboundMetadataSize = server.getMaxInboundMetadataSize();
+      serverSchedulerPool = server.getScheduledExecutorServicePool();
       serverScheduler = serverSchedulerPool.getObject();
-      serverTransportListener = optionalServerListener.get().transportCreated(this);
-    } else {
-      InProcessServer server = InProcessServer.findServer(address);
-      if (server != null) {
-        serverMaxInboundMetadataSize = server.getMaxInboundMetadataSize();
-        serverSchedulerPool = server.getScheduledExecutorServicePool();
-        serverScheduler = serverSchedulerPool.getObject();
-        serverStreamTracerFactories = server.getStreamTracerFactories();
-        // Must be semi-initialized; past this point, can begin receiving requests
-        serverTransportListener = server.register(this);
-      }
+      serverStreamTracerFactories = server.getStreamTracerFactories();
+      // Must be semi-initialized; past this point, can begin receiving requests
+      serverTransportListener = server.register(this);
     }
     if (serverTransportListener == null) {
       shutdownStatus = Status.UNAVAILABLE.withDescription("Could not find server: " + address);
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InternalInProcess.java b/inprocess/src/main/java/io/grpc/inprocess/InternalInProcess.java
deleted file mode 100644
index 9e08c2523fb..00000000000
--- a/inprocess/src/main/java/io/grpc/inprocess/InternalInProcess.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright 2020 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.inprocess;
-
-import io.grpc.Attributes;
-import io.grpc.Internal;
-import io.grpc.ServerStreamTracer;
-import io.grpc.internal.ConnectionClientTransport;
-import io.grpc.internal.ObjectPool;
-import io.grpc.internal.ServerListener;
-import java.util.List;
-import java.util.concurrent.ScheduledExecutorService;
-
-/**
- * Internal {@link InProcessTransport} accessor.
- *
- * <p>This is intended for use by io.grpc.internal, and the specifically
- * supported transport packages.
- */
-@Internal
-public final class InternalInProcess {
-
-  private InternalInProcess() {}
-
-  /**
-   * Creates a new InProcessTransport.
-   *
-   * <p>When started, the transport will be registered with the given
-   * {@link ServerListener}.
-   */
-  @Internal
-  public static ConnectionClientTransport createInProcessTransport(
-      String name,
-      int maxInboundMetadataSize,
-      String authority,
-      String userAgent,
-      Attributes eagAttrs,
-      ObjectPool<ScheduledExecutorService> serverSchedulerPool,
-      List<ServerStreamTracer.Factory> serverStreamTracerFactories,
-      ServerListener serverListener,
-      boolean includeCauseWithStatus) {
-    return new InProcessTransport(
-        name,
-        maxInboundMetadataSize,
-        authority,
-        userAgent,
-        eagAttrs,
-        serverSchedulerPool,
-        serverStreamTracerFactories,
-        serverListener,
-        includeCauseWithStatus, -1);
-  }
-}
diff --git a/inprocess/src/test/java/io/grpc/inprocess/StandaloneInProcessTransportTest.java b/inprocess/src/test/java/io/grpc/inprocess/StandaloneInProcessTransportTest.java
deleted file mode 100644
index b26a5d8498d..00000000000
--- a/inprocess/src/test/java/io/grpc/inprocess/StandaloneInProcessTransportTest.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright 2020 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.inprocess;
-
-import io.grpc.InternalChannelz.SocketStats;
-import io.grpc.InternalInstrumented;
-import io.grpc.ServerStreamTracer;
-import io.grpc.internal.AbstractTransportTest;
-import io.grpc.internal.GrpcUtil;
-import io.grpc.internal.InternalServer;
-import io.grpc.internal.ManagedClientTransport;
-import io.grpc.internal.ObjectPool;
-import io.grpc.internal.ServerListener;
-import io.grpc.internal.ServerTransport;
-import io.grpc.internal.ServerTransportListener;
-import io.grpc.internal.SharedResourcePool;
-import java.io.IOException;
-import java.net.SocketAddress;
-import java.util.Collections;
-import java.util.List;
-import java.util.concurrent.ScheduledExecutorService;
-import javax.annotation.Nullable;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
-
-/** Unit tests for {@link InProcessTransport} when used with a separate {@link InternalServer}. */
-@RunWith(JUnit4.class)
-public final class StandaloneInProcessTransportTest extends AbstractTransportTest {
-  private static final String TRANSPORT_NAME = "perfect-for-testing";
-  private static final String AUTHORITY = "a-testing-authority";
-  private static final String USER_AGENT = "a-testing-user-agent";
-
-  private final ObjectPool<ScheduledExecutorService> schedulerPool =
-      SharedResourcePool.forResource(GrpcUtil.TIMER_SERVICE);
-
-  private TestServer currentServer;
-
-  @Override
-  protected InternalServer newServer(
-      List<ServerStreamTracer.Factory> streamTracerFactories) {
-    return new TestServer(streamTracerFactories);
-  }
-
-  @Override
-  protected InternalServer newServer(
-      int port, List<ServerStreamTracer.Factory> streamTracerFactories) {
-    return newServer(streamTracerFactories);
-  }
-
-  @Override
-  protected String testAuthority(InternalServer server) {
-    return AUTHORITY;
-  }
-
-  @Override
-  protected ManagedClientTransport newClientTransport(InternalServer server) {
-    TestServer testServer = (TestServer) server;
-    return InternalInProcess.createInProcessTransport(
-        TRANSPORT_NAME,
-        GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
-        testAuthority(server),
-        USER_AGENT,
-        eagAttrs(),
-        schedulerPool,
-        testServer.streamTracerFactories,
-        testServer.serverListener,
-        false);
-  }
-
-  @Test
-  @Ignore
-  @Override
-  public void socketStats() throws Exception {
-    // test does not apply to in-process
-  }
-
-  /** An internalserver just for this test. */
-  private final class TestServer implements InternalServer {
-
-    final List<ServerStreamTracer.Factory> streamTracerFactories;
-    ServerListener serverListener;
-
-    TestServer(List<ServerStreamTracer.Factory> streamTracerFactories) {
-      this.streamTracerFactories = streamTracerFactories;
-    }
-
-    @Override
-    public void start(ServerListener serverListener) throws IOException {
-      if (currentServer != null) {
-        throw new IOException("Server already present");
-      }
-      currentServer = this;
-      this.serverListener = new ServerListenerWrapper(serverListener);
-    }
-
-    @Override
-    public void shutdown() {
-      currentServer = null;
-      serverListener.serverShutdown();
-    }
-
-    @Override
-    public SocketAddress getListenSocketAddress() {
-      return new SocketAddress() {};
-    }
-
-    @Override
-    public List<SocketAddress> getListenSocketAddresses() {
-      return Collections.singletonList(getListenSocketAddress());
-    }
-
-    @Override
-    @Nullable
-    public InternalInstrumented<SocketStats> getListenSocketStats() {
-      return null;
-    }
-
-    @Override
-    @Nullable
-    public List<InternalInstrumented<SocketStats>> getListenSocketStatsList() {
-      return null;
-    }
-  }
-
-  /** Wraps the server listener to ensure we don't accept new transports after shutdown. */
-  private static final class ServerListenerWrapper implements ServerListener {
-    private final ServerListener delegateListener;
-    private boolean shutdown;
-
-    ServerListenerWrapper(ServerListener delegateListener) {
-      this.delegateListener = delegateListener;
-    }
-
-    @Override
-    public ServerTransportListener transportCreated(ServerTransport transport) {
-      if (shutdown) {
-        return null;
-      }
-      return delegateListener.transportCreated(transport);
-    }
-
-    @Override
-    public void serverShutdown() {
-      shutdown = true;
-      delegateListener.serverShutdown();
-    }
-  }
-}

From 1e0928fb7927bef13e1dbc2b47ef8971d16673cb Mon Sep 17 00:00:00 2001
From: Eng Zer Jun <engzerjun@gmail.com>
Date: Sun, 29 Sep 2024 23:48:41 +0800
Subject: [PATCH 053/591] api: fix javadoc of
 CallCredentials.applyRequestMetadata

It is the `Executor appExecutor` that should be given an asynchronous
task, not `CallCredentials.MetadataApplier applier`.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
---
 api/src/main/java/io/grpc/CallCredentials.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/io/grpc/CallCredentials.java b/api/src/main/java/io/grpc/CallCredentials.java
index 31b68b22dae..eb92a6f15fa 100644
--- a/api/src/main/java/io/grpc/CallCredentials.java
+++ b/api/src/main/java/io/grpc/CallCredentials.java
@@ -43,7 +43,7 @@ public abstract class CallCredentials {
    * <p>It is called for each individual RPC, within the {@link Context} of the call, before the
    * stream is about to be created on a transport. Implementations should not block in this
    * method. If metadata is not immediately available, e.g., needs to be fetched from network, the
-   * implementation may give the {@code applier} to an asynchronous task which will eventually call
+   * implementation may give the {@code appExecutor} an asynchronous task which will eventually call
    * the {@code applier}. The RPC proceeds only after the {@code applier} is called.
    *
    * @param requestInfo request-related information

From 4be69e3f8a9c70ec36234d6373c9854eab6e9027 Mon Sep 17 00:00:00 2001
From: erm-g <110920239+erm-g@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:11:07 -0400
Subject: [PATCH 054/591] core: SpiffeUtil API for extracting Spiffe URI and
 loading TrustBundles (#11575)

Additional API for SpiffeUtil:
 - extract Spiffe URI from certificate chain
 - load Spiffe Trust Bundle from filesystem [json spec][] [JWK spec][]

JsonParser was changed to reject duplicate keys in objects.

[json spec]: https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Trust_Domain_and_Bundle.md
[JWK spec]: https://github.com/spiffe/spiffe/blob/main/standards/X509-SVID.md#61-publishing-spiffe-bundle-elements
---
 .../java/io/grpc/internal/JsonParser.java     |   7 +-
 .../java/io/grpc/internal/SpiffeUtil.java     | 190 +++++++++++++++++-
 .../java/io/grpc/internal/JsonParserTest.java |   9 +-
 .../java/io/grpc/internal/SpiffeUtilTest.java | 172 +++++++++++++++-
 .../io/grpc/internal/spiffebundle.json        | 115 +++++++++++
 .../internal/spiffebundle_corrupted_cert.json |  14 ++
 .../internal/spiffebundle_duplicates.json     |  23 +++
 .../grpc/internal/spiffebundle_malformed.json |   4 +
 .../grpc/internal/spiffebundle_wrong_kid.json |  15 ++
 .../grpc/internal/spiffebundle_wrong_kty.json |  12 ++
 .../spiffebundle_wrong_multi_certs.json       |  67 ++++++
 .../internal/spiffebundle_wrong_root.json     |   6 +
 .../internal/spiffebundle_wrong_seq_type.json |  12 ++
 .../grpc/internal/spiffebundle_wrong_use.json |  13 ++
 .../ObservabilityConfigImplTest.java          |   3 +-
 .../main/resources/certs/spiffe-openssl.cnf   |  12 ++
 .../src/main/resources/certs/spiffe_cert.pem  |  33 +++
 .../certs/spiffe_multi_uri_san_cert.pem       |  25 +++
 18 files changed, 725 insertions(+), 7 deletions(-)
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_corrupted_cert.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_duplicates.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_malformed.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_wrong_kid.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_wrong_kty.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_wrong_multi_certs.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_wrong_root.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_wrong_seq_type.json
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_wrong_use.json
 create mode 100644 testing/src/main/resources/certs/spiffe-openssl.cnf
 create mode 100644 testing/src/main/resources/certs/spiffe_cert.pem
 create mode 100644 testing/src/main/resources/certs/spiffe_multi_uri_san_cert.pem

diff --git a/core/src/main/java/io/grpc/internal/JsonParser.java b/core/src/main/java/io/grpc/internal/JsonParser.java
index 384d29754f0..14f78c09e72 100644
--- a/core/src/main/java/io/grpc/internal/JsonParser.java
+++ b/core/src/main/java/io/grpc/internal/JsonParser.java
@@ -16,6 +16,7 @@
 
 package io.grpc.internal;
 
+import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkState;
 
 import com.google.gson.stream.JsonReader;
@@ -41,7 +42,8 @@ private JsonParser() {}
 
   /**
    * Parses a json string, returning either a {@code Map<String, ?>}, {@code List<?>},
-   * {@code String}, {@code Double}, {@code Boolean}, or {@code null}.
+   * {@code String}, {@code Double}, {@code Boolean}, or {@code null}. Fails if duplicate names
+   * found.
    */
   public static Object parse(String raw) throws IOException {
     JsonReader jr = new JsonReader(new StringReader(raw));
@@ -81,6 +83,7 @@ private static Object parseRecursive(JsonReader jr) throws IOException {
     Map<String, Object> obj = new LinkedHashMap<>();
     while (jr.hasNext()) {
       String name = jr.nextName();
+      checkArgument(!obj.containsKey(name), "Duplicate key found: %s", name);
       Object value = parseRecursive(jr);
       obj.put(name, value);
     }
@@ -105,4 +108,4 @@ private static Void parseJsonNull(JsonReader jr) throws IOException {
     jr.nextNull();
     return null;
   }
-}
+}
\ No newline at end of file
diff --git a/core/src/main/java/io/grpc/internal/SpiffeUtil.java b/core/src/main/java/io/grpc/internal/SpiffeUtil.java
index bddce3d035e..57e201d19ba 100644
--- a/core/src/main/java/io/grpc/internal/SpiffeUtil.java
+++ b/core/src/main/java/io/grpc/internal/SpiffeUtil.java
@@ -19,15 +19,42 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.common.base.Optional;
 import com.google.common.base.Splitter;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
 import java.util.Locale;
+import java.util.Map;
 
 /**
- * Helper utility to work with SPIFFE URIs.
+ * Provides utilities to manage SPIFFE bundles, extract SPIFFE IDs from X.509 certificate chains,
+ * and parse SPIFFE IDs.
  * @see <a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md">Standard</a>
  */
 public final class SpiffeUtil {
 
+  private static final Integer URI_SAN_TYPE = 6;
+  private static final String USE_PARAMETER_VALUE = "x509-svid";
+  private static final String KTY_PARAMETER_VALUE = "RSA";
+  private static final String CERTIFICATE_PREFIX = "-----BEGIN CERTIFICATE-----\n";
+  private static final String CERTIFICATE_SUFFIX = "-----END CERTIFICATE-----";
   private static final String PREFIX = "spiffe://";
 
   private SpiffeUtil() {}
@@ -96,6 +123,137 @@ private static void validatePathSegment(String pathSegment) {
             + " ([a-zA-Z0-9.-_])");
   }
 
+  /**
+   * Returns the SPIFFE ID from the leaf certificate, if present.
+   *
+   * @param certChain certificate chain to extract SPIFFE ID from
+   */
+  public static Optional<SpiffeId> extractSpiffeId(X509Certificate[] certChain)
+      throws CertificateParsingException {
+    checkArgument(checkNotNull(certChain, "certChain").length > 0, "certChain can't be empty");
+    Collection<List<?>> subjectAltNames = certChain[0].getSubjectAlternativeNames();
+    if (subjectAltNames == null) {
+      return Optional.absent();
+    }
+    String uri = null;
+    // Search for the unique URI SAN.
+    for (List<?> altName : subjectAltNames) {
+      if (altName.size() < 2 ) {
+        continue;
+      }
+      if (URI_SAN_TYPE.equals(altName.get(0))) {
+        if (uri != null) {
+          throw new IllegalArgumentException("Multiple URI SAN values found in the leaf cert.");
+        }
+        uri = (String) altName.get(1);
+      }
+    }
+    if (uri == null) {
+      return Optional.absent();
+    }
+    return Optional.of(parse(uri));
+  }
+
+  /**
+   * Loads a SPIFFE trust bundle from a file, parsing it from the JSON format.
+   * In case of success, returns {@link SpiffeBundle}.
+   * If any element of the JSON content is invalid or unsupported, an
+   * {@link IllegalArgumentException} is thrown and the entire Bundle is considered invalid.
+   *
+   * @param trustBundleFile the file path to the JSON file containing the trust bundle
+   * @see <a href="https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Trust_Domain_and_Bundle.md">JSON format</a>
+   * @see <a href="https://github.com/spiffe/spiffe/blob/main/standards/X509-SVID.md#61-publishing-spiffe-bundle-elements">JWK entry format</a>
+   * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#appendix-B">x5c (certificate) parameter</a>
+   */
+  public static SpiffeBundle loadTrustBundleFromFile(String trustBundleFile) throws IOException {
+    Map<String, ?> trustDomainsNode = readTrustDomainsFromFile(trustBundleFile);
+    Map<String, List<X509Certificate>> trustBundleMap = new HashMap<>();
+    Map<String, Long> sequenceNumbers = new HashMap<>();
+    for (String trustDomainName : trustDomainsNode.keySet()) {
+      Map<String, ?> domainNode = JsonUtil.getObject(trustDomainsNode, trustDomainName);
+      if (domainNode.size() == 0) {
+        trustBundleMap.put(trustDomainName, Collections.emptyList());
+        continue;
+      }
+      Long sequenceNumber = JsonUtil.getNumberAsLong(domainNode, "spiffe_sequence");
+      sequenceNumbers.put(trustDomainName, sequenceNumber == null ? -1L : sequenceNumber);
+      List<Map<String, ?>> keysNode = JsonUtil.getListOfObjects(domainNode, "keys");
+      if (keysNode == null || keysNode.size() == 0) {
+        trustBundleMap.put(trustDomainName, Collections.emptyList());
+        continue;
+      }
+      trustBundleMap.put(trustDomainName, extractCert(keysNode, trustDomainName));
+    }
+    return new SpiffeBundle(sequenceNumbers, trustBundleMap);
+  }
+
+  private static Map<String, ?> readTrustDomainsFromFile(String filePath) throws IOException {
+    Path path = Paths.get(checkNotNull(filePath, "trustBundleFile"));
+    String json = new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
+    Object jsonObject = JsonParser.parse(json);
+    if (!(jsonObject instanceof Map)) {
+      throw new IllegalArgumentException(
+          "SPIFFE Trust Bundle should be a JSON object. Found: "
+              + (jsonObject == null ? null : jsonObject.getClass()));
+    }
+    @SuppressWarnings("unchecked")
+    Map<String, ?> root = (Map<String, ?>)jsonObject;
+    Map<String, ?> trustDomainsNode = JsonUtil.getObject(root, "trust_domains");
+    checkNotNull(trustDomainsNode, "Mandatory trust_domains element is missing");
+    checkArgument(trustDomainsNode.size() > 0, "Mandatory trust_domains element is missing");
+    return trustDomainsNode;
+  }
+
+  private static void checkJwkEntry(Map<String, ?> jwkNode, String trustDomainName) {
+    String kty = JsonUtil.getString(jwkNode, "kty");
+    if (kty == null || !kty.equals(KTY_PARAMETER_VALUE)) {
+      throw new IllegalArgumentException(String.format("'kty' parameter must be '%s' but '%s' "
+              + "found. Certificate loading for trust domain '%s' failed.", KTY_PARAMETER_VALUE,
+          kty, trustDomainName));
+    }
+    if (jwkNode.containsKey("kid")) {
+      throw new IllegalArgumentException(String.format("'kid' parameter must not be set. "
+              + "Certificate loading for trust domain '%s' failed.", trustDomainName));
+    }
+    String use = JsonUtil.getString(jwkNode, "use");
+    if (use == null || !use.equals(USE_PARAMETER_VALUE)) {
+      throw new IllegalArgumentException(String.format("'use' parameter must be '%s' but '%s' "
+              + "found. Certificate loading for trust domain '%s' failed.", USE_PARAMETER_VALUE,
+          use, trustDomainName));
+    }
+  }
+
+  private static List<X509Certificate> extractCert(List<Map<String, ?>> keysNode,
+      String trustDomainName) {
+    List<X509Certificate> result = new ArrayList<>();
+    for (Map<String, ?> keyNode : keysNode) {
+      checkJwkEntry(keyNode, trustDomainName);
+      List<String> rawCerts = JsonUtil.getListOfStrings(keyNode, "x5c");
+      if (rawCerts == null) {
+        break;
+      }
+      if (rawCerts.size() != 1) {
+        throw new IllegalArgumentException(String.format("Exactly 1 certificate is expected, but "
+            + "%s found. Certificate loading for trust domain '%s' failed.", rawCerts.size(),
+            trustDomainName));
+      }
+      InputStream stream = new ByteArrayInputStream((CERTIFICATE_PREFIX + rawCerts.get(0) + "\n"
+          + CERTIFICATE_SUFFIX)
+          .getBytes(StandardCharsets.UTF_8));
+      try {
+        Collection<? extends Certificate> certs = CertificateFactory.getInstance("X509")
+            .generateCertificates(stream);
+        X509Certificate[] certsArray = certs.toArray(new X509Certificate[0]);
+        assert certsArray.length == 1;
+        result.add(certsArray[0]);
+      } catch (CertificateException e) {
+        throw new IllegalArgumentException(String.format("Certificate can't be parsed. Certificate "
+            + "loading for trust domain '%s' failed.", trustDomainName), e);
+      }
+    }
+    return result;
+  }
+
   /**
    * Represents a SPIFFE ID as defined in the SPIFFE standard.
    * @see <a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md">Standard</a>
@@ -119,4 +277,34 @@ public String getPath() {
     }
   }
 
+  /**
+   * Represents a SPIFFE trust bundle; that is, a map from trust domain to set of trusted
+   * certificates. Only trust domain's sequence numbers and x509 certificates are supported.
+   * @see <a href="https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Trust_Domain_and_Bundle.md#4-spiffe-bundle-format">Standard</a>
+   */
+  public static final class SpiffeBundle {
+
+    private final ImmutableMap<String, Long> sequenceNumbers;
+
+    private final ImmutableMap<String, ImmutableList<X509Certificate>> bundleMap;
+
+    private SpiffeBundle(Map<String, Long> sequenceNumbers,
+        Map<String, List<X509Certificate>> trustDomainMap) {
+      this.sequenceNumbers = ImmutableMap.copyOf(sequenceNumbers);
+      ImmutableMap.Builder<String, ImmutableList<X509Certificate>> builder = ImmutableMap.builder();
+      for (Map.Entry<String, List<X509Certificate>> entry : trustDomainMap.entrySet()) {
+        builder.put(entry.getKey(), ImmutableList.copyOf(entry.getValue()));
+      }
+      this.bundleMap = builder.build();
+    }
+
+    public ImmutableMap<String, Long> getSequenceNumbers() {
+      return sequenceNumbers;
+    }
+
+    public ImmutableMap<String, ImmutableList<X509Certificate>> getBundleMap() {
+      return bundleMap;
+    }
+  }
+
 }
diff --git a/core/src/test/java/io/grpc/internal/JsonParserTest.java b/core/src/test/java/io/grpc/internal/JsonParserTest.java
index 1e74c753d4d..cfee566fa4a 100644
--- a/core/src/test/java/io/grpc/internal/JsonParserTest.java
+++ b/core/src/test/java/io/grpc/internal/JsonParserTest.java
@@ -123,4 +123,11 @@ public void objectStringName() throws IOException {
 
     assertEquals(expected, JsonParser.parse("{\"hi\": 2}"));
   }
-}
+
+  @Test
+  public void duplicate() throws IOException {
+    thrown.expect(IllegalArgumentException.class);
+
+    JsonParser.parse("{\"hi\": 2, \"hi\": 3}");
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java b/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
index c3a98ce33e0..244539501a6 100644
--- a/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
+++ b/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
@@ -17,12 +17,28 @@
 package io.grpc.internal;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
 
+import com.google.common.base.Optional;
+import io.grpc.internal.SpiffeUtil.SpiffeBundle;
+import io.grpc.internal.SpiffeUtil.SpiffeId;
+import io.grpc.testing.TlsTesting;
+import io.grpc.util.CertificateUtils;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collection;
+import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.runners.Enclosed;
+import org.junit.rules.TemporaryFolder;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import org.junit.runners.Parameterized.Parameter;
@@ -159,7 +175,8 @@ public void spiffeTrustDomainFormatTest() {
           SpiffeUtil.parse(longTrustDomain.toString()));
       assertEquals("Trust Domain maximum length is 255 characters", iae.getMessage());
 
-      StringBuilder longSpiffe = new StringBuilder(String.format("spiffe://mydomain%scom/", "%21"));
+      @SuppressWarnings("OrphanedFormatString")
+      StringBuilder longSpiffe = new StringBuilder("spiffe://mydomain%21com/");
       for (int i = 0; i < 405; i++) {
         longSpiffe.append("qwert");
       }
@@ -193,4 +210,157 @@ public void spiffePathFormatTest() {
           + "underscores ([a-zA-Z0-9.-_])", iae.getMessage());
     }
   }
+
+  public static class CertificateApiTest {
+    private static final String SPIFFE_PEM_FILE = "spiffe_cert.pem";
+    private static final String MULTI_URI_SAN_PEM_FILE = "spiffe_multi_uri_san_cert.pem";
+    private static final String SERVER_0_PEM_FILE = "server0.pem";
+    private static final String TEST_DIRECTORY_PREFIX = "io/grpc/internal/";
+    private static final String SPIFFE_TRUST_BUNDLE = "spiffebundle.json";
+    private static final String SPIFFE_TRUST_BUNDLE_MALFORMED = "spiffebundle_malformed.json";
+    private static final String SPIFFE_TRUST_BUNDLE_CORRUPTED_CERT =
+        "spiffebundle_corrupted_cert.json";
+    private static final String SPIFFE_TRUST_BUNDLE_WRONG_KTY = "spiffebundle_wrong_kty.json";
+    private static final String SPIFFE_TRUST_BUNDLE_WRONG_KID = "spiffebundle_wrong_kid.json";
+    private static final String SPIFFE_TRUST_BUNDLE_WRONG_USE = "spiffebundle_wrong_use.json";
+    private static final String SPIFFE_TRUST_BUNDLE_WRONG_MULTI_CERTS =
+        "spiffebundle_wrong_multi_certs.json";
+    private static final String SPIFFE_TRUST_BUNDLE_DUPLICATES = "spiffebundle_duplicates.json";
+    private static final String SPIFFE_TRUST_BUNDLE_WRONG_ROOT = "spiffebundle_wrong_root.json";
+    private static final String SPIFFE_TRUST_BUNDLE_WRONG_SEQ = "spiffebundle_wrong_seq_type.json";
+    private static final String DOMAIN_ERROR_MESSAGE =
+        " Certificate loading for trust domain 'google.com' failed.";
+
+
+    @Rule public TemporaryFolder tempFolder = new TemporaryFolder();
+
+    private X509Certificate[] spiffeCert;
+    private X509Certificate[] multipleUriSanCert;
+    private X509Certificate[] serverCert0;
+
+    @Before
+    public void setUp() throws Exception {
+      spiffeCert = CertificateUtils.getX509Certificates(TlsTesting.loadCert(SPIFFE_PEM_FILE));
+      multipleUriSanCert = CertificateUtils.getX509Certificates(TlsTesting
+          .loadCert(MULTI_URI_SAN_PEM_FILE));
+      serverCert0 = CertificateUtils.getX509Certificates(TlsTesting.loadCert(SERVER_0_PEM_FILE));
+    }
+
+    private String copyFileToTmp(String fileName) throws Exception {
+      Path tempFilePath = tempFolder.newFile(fileName).toPath();
+      try (InputStream resourceStream = SpiffeUtilTest.class.getClassLoader()
+          .getResourceAsStream(TEST_DIRECTORY_PREFIX + fileName)) {
+        Files.copy(resourceStream, tempFilePath, StandardCopyOption.REPLACE_EXISTING);
+      }
+      return tempFilePath.toString();
+    }
+
+    @Test
+    public void extractSpiffeIdSuccessTest() throws Exception {
+      Optional<SpiffeId> spiffeId = SpiffeUtil.extractSpiffeId(spiffeCert);
+      assertTrue(spiffeId.isPresent());
+      assertEquals("foo.bar.com", spiffeId.get().getTrustDomain());
+      assertEquals("/client/workload/1", spiffeId.get().getPath());
+    }
+
+    @Test
+    public void extractSpiffeIdFailureTest() throws Exception {
+      Optional<SpiffeUtil.SpiffeId> spiffeId = SpiffeUtil.extractSpiffeId(serverCert0);
+      assertFalse(spiffeId.isPresent());
+      IllegalArgumentException iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .extractSpiffeId(multipleUriSanCert));
+      assertEquals("Multiple URI SAN values found in the leaf cert.", iae.getMessage());
+
+    }
+
+    @Test
+    public void extractSpiffeIdFromChainTest() throws Exception {
+      // Check that the SPIFFE ID is extracted only from the leaf cert in the chain (spiffeCert
+      // contains it, but serverCert0 does not).
+      X509Certificate[] leafWithSpiffeChain = new X509Certificate[]{spiffeCert[0], serverCert0[0]};
+      assertTrue(SpiffeUtil.extractSpiffeId(leafWithSpiffeChain).isPresent());
+      X509Certificate[] leafWithoutSpiffeChain =
+          new X509Certificate[]{serverCert0[0], spiffeCert[0]};
+      assertFalse(SpiffeUtil.extractSpiffeId(leafWithoutSpiffeChain).isPresent());
+    }
+
+    @Test
+    public void extractSpiffeIdParameterValidityTest() {
+      NullPointerException npe = assertThrows(NullPointerException.class, () -> SpiffeUtil
+          .extractSpiffeId(null));
+      assertEquals("certChain", npe.getMessage());
+      IllegalArgumentException iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .extractSpiffeId(new X509Certificate[]{}));
+      assertEquals("certChain can't be empty", iae.getMessage());
+    }
+
+    @Test
+    public void loadTrustBundleFromFileSuccessTest() throws Exception {
+      SpiffeBundle tb = SpiffeUtil.loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE));
+      assertEquals(2, tb.getSequenceNumbers().size());
+      assertEquals(12035488L, (long) tb.getSequenceNumbers().get("example.com"));
+      assertEquals(-1L, (long) tb.getSequenceNumbers().get("test.example.com"));
+      assertEquals(3, tb.getBundleMap().size());
+      assertEquals(0, tb.getBundleMap().get("test.google.com.au").size());
+      assertEquals(1, tb.getBundleMap().get("example.com").size());
+      assertEquals(2, tb.getBundleMap().get("test.example.com").size());
+      Optional<SpiffeId> spiffeId = SpiffeUtil.extractSpiffeId(tb.getBundleMap().get("example.com")
+              .toArray(new X509Certificate[0]));
+      assertTrue(spiffeId.isPresent());
+      assertEquals("foo.bar.com", spiffeId.get().getTrustDomain());
+    }
+
+    @Test
+    public void loadTrustBundleFromFileFailureTest() {
+      // Check the exception if JSON root element is different from 'trust_domains'
+      NullPointerException npe = assertThrows(NullPointerException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_WRONG_ROOT)));
+      assertEquals("Mandatory trust_domains element is missing", npe.getMessage());
+      // Check the exception if JSON root element is different from 'trust_domains'
+      ClassCastException cce = assertThrows(ClassCastException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_WRONG_SEQ)));
+      assertTrue(cce.getMessage().contains("Number expected to be long"));
+      // Check the exception if JSON file doesn't contain an object
+      IllegalArgumentException iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_MALFORMED)));
+      assertTrue(iae.getMessage().contains("SPIFFE Trust Bundle should be a JSON object."));
+      // Check the exception if JSON contains duplicates
+      iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_DUPLICATES)));
+      assertEquals("Duplicate key found: google.com", iae.getMessage());
+      // Check the exception if 'x5c' value cannot be parsed
+      iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_CORRUPTED_CERT)));
+      assertEquals("Certificate can't be parsed." + DOMAIN_ERROR_MESSAGE, iae.getMessage());
+      // Check the exception if 'kty' value differs from 'RSA'
+      iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_WRONG_KTY)));
+      assertEquals("'kty' parameter must be 'RSA' but 'null' found." + DOMAIN_ERROR_MESSAGE,
+          iae.getMessage());
+      // Check the exception if 'kid' has a value
+      iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_WRONG_KID)));
+      assertEquals("'kid' parameter must not be set." + DOMAIN_ERROR_MESSAGE, iae.getMessage());
+      // Check the exception if 'use' value differs from 'x509-svid'
+      iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_WRONG_USE)));
+      assertEquals("'use' parameter must be 'x509-svid' but 'i_am_not_x509-svid' found."
+          + DOMAIN_ERROR_MESSAGE, iae.getMessage());
+      // Check the exception if multiple certs are provided for 'x5c'
+      iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_WRONG_MULTI_CERTS)));
+      assertEquals("Exactly 1 certificate is expected, but 2 found." + DOMAIN_ERROR_MESSAGE,
+          iae.getMessage());
+    }
+
+    @Test
+    public void loadTrustBundleFromFileParameterValidityTest() {
+      NullPointerException npe = assertThrows(NullPointerException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile(null));
+      assertEquals("trustBundleFile", npe.getMessage());
+      NoSuchFileException nsfe = assertThrows(NoSuchFileException.class, () -> SpiffeUtil
+          .loadTrustBundleFromFile("i_do_not_exist"));
+      assertEquals("i_do_not_exist", nsfe.getMessage());
+    }
+  }
 }
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle.json b/core/src/test/resources/io/grpc/internal/spiffebundle.json
new file mode 100644
index 00000000000..f968f730d94
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle.json
@@ -0,0 +1,115 @@
+{
+  "trust_domains": {
+    "test.google.com.au": {},
+    "example.com": {
+      "spiffe_sequence": 12035488,
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIFsjCCA5qgAwIBAgIURygVMMzdr+Q7rsUaz189JozyHMwwDQYJKoZIhvcNAQEL
+          BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+          BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy
+          NTJaFw0zMTEyMjExODQyNTJaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM
+          MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu
+          dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ4AqpGetyVSqGUuBJ
+          LVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zEtz/Z
+          G5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpmszuqO
+          a6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3emjg3Z
+          JPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3f1XV
+          m0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQsSW75
+          7PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlrCAfc
+          msHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb740Yc
+          DmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7BvPN
+          zHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5LXRs
+          vvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnrbJkI
+          sK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABo4GHMIGEMB0GA1UdDgQWBBQ2lBp0PiRH
+          HvQ5IRURm8aHsj4RETAfBgNVHSMEGDAWgBQ2lBp0PiRHHvQ5IRURm8aHsj4RETAP
+          BgNVHRMBAf8EBTADAQH/MDEGA1UdEQQqMCiGJnNwaWZmZTovL2Zvby5iYXIuY29t
+          L2NsaWVudC93b3JrbG9hZC8xMA0GCSqGSIb3DQEBCwUAA4ICAQA1mSkgRclAl+E/
+          aS9zJ7t8+Y4n3T24nOKKveSIjxXm/zjhWqVsLYBI6kglWtih2+PELvU8JdPqNZK3
+          4Kl0Q6FWpVSGDdWN1i6NyORt2ocggL3ke3iXxRk3UpUKJmqwz81VhA2KUHnMlyE0
+          IufFfZNwNWWHBv13uJfRbjeQpKPhU+yf4DeXrsWcvrZlGvAET+mcplafUzCp7Iv+
+          PcISJtUerbxbVtuHVeZCLlgDXWkLAWJN8rf0dIG4x060LJ+j6j9uRVhb9sZn1HJV
+          +j4XdIYm1VKilluhOtNwP2d3Ox/JuTBxf7hFHXZPfMagQE5k5PzmxRaCAEMJ1l2D
+          vUbZw+shJfSNoWcBo2qadnUaWT3BmmJRBDh7ZReib/RQ1Rd4ygOyzP3E0vkV4/gq
+          yjLdApXh5PZP8KLQZ+1JN/sdWt7VfIt9wYOpkIqujdll51ESHzwQeAK9WVCB4UvV
+          z6zdhItB9CRbXPreWC+wCB1xDovIzFKOVsLs5+Gqs1m7VinG2LxbDqaKyo/FB0Hx
+          x0acBNzezLWoDwXYQrN0T0S4pnqhKD1CYPpdArBkNezUYAjS725FkApuK+mnBX3U
+          0msBffEaUEOkcyar1EW2m/33vpetD/k3eQQkmvQf4Hbiu9AF+9cNDm/hMuXEw5EX
+          GA91fn0891b5eEW8BJHXX0jri0aN8g=="],
+          "n": "<base64urlUint-encoded value>",
+          "e": "AQAB"
+        }
+      ]
+    },
+    "test.example.com": {
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIFsjCCA5qgAwIBAgIURygVMMzdr+Q7rsUaz189JozyHMwwDQYJKoZIhvcNAQEL
+          BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+          BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy
+          NTJaFw0zMTEyMjExODQyNTJaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM
+          MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu
+          dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ4AqpGetyVSqGUuBJ
+          LVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zEtz/Z
+          G5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpmszuqO
+          a6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3emjg3Z
+          JPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3f1XV
+          m0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQsSW75
+          7PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlrCAfc
+          msHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb740Yc
+          DmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7BvPN
+          zHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5LXRs
+          vvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnrbJkI
+          sK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABo4GHMIGEMB0GA1UdDgQWBBQ2lBp0PiRH
+          HvQ5IRURm8aHsj4RETAfBgNVHSMEGDAWgBQ2lBp0PiRHHvQ5IRURm8aHsj4RETAP
+          BgNVHRMBAf8EBTADAQH/MDEGA1UdEQQqMCiGJnNwaWZmZTovL2Zvby5iYXIuY29t
+          L2NsaWVudC93b3JrbG9hZC8xMA0GCSqGSIb3DQEBCwUAA4ICAQA1mSkgRclAl+E/
+          aS9zJ7t8+Y4n3T24nOKKveSIjxXm/zjhWqVsLYBI6kglWtih2+PELvU8JdPqNZK3
+          4Kl0Q6FWpVSGDdWN1i6NyORt2ocggL3ke3iXxRk3UpUKJmqwz81VhA2KUHnMlyE0
+          IufFfZNwNWWHBv13uJfRbjeQpKPhU+yf4DeXrsWcvrZlGvAET+mcplafUzCp7Iv+
+          PcISJtUerbxbVtuHVeZCLlgDXWkLAWJN8rf0dIG4x060LJ+j6j9uRVhb9sZn1HJV
+          +j4XdIYm1VKilluhOtNwP2d3Ox/JuTBxf7hFHXZPfMagQE5k5PzmxRaCAEMJ1l2D
+          vUbZw+shJfSNoWcBo2qadnUaWT3BmmJRBDh7ZReib/RQ1Rd4ygOyzP3E0vkV4/gq
+          yjLdApXh5PZP8KLQZ+1JN/sdWt7VfIt9wYOpkIqujdll51ESHzwQeAK9WVCB4UvV
+          z6zdhItB9CRbXPreWC+wCB1xDovIzFKOVsLs5+Gqs1m7VinG2LxbDqaKyo/FB0Hx
+          x0acBNzezLWoDwXYQrN0T0S4pnqhKD1CYPpdArBkNezUYAjS725FkApuK+mnBX3U
+          0msBffEaUEOkcyar1EW2m/33vpetD/k3eQQkmvQf4Hbiu9AF+9cNDm/hMuXEw5EX
+          GA91fn0891b5eEW8BJHXX0jri0aN8g=="],
+          "n": "<base64urlUint-encoded value>",
+          "e": "AQAB"
+        },
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIELTCCAxWgAwIBAgIUVXGlXjNENtOZbI12epjgIhMaShEwDQYJKoZIhvcNAQEL
+          BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+          GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTI0
+          MDkxNzE2MTk0NFoXDTM0MDkxNTE2MTk0NFowTjELMAkGA1UEBhMCVVMxCzAJBgNV
+          BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFTATBgNVBAMMDHRl
+          c3QtY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOcTjjcS
+          SfG/EGrr6G+f+3T2GXyHHfroQFi9mZUz80L7uKBdECOImID+YhoK8vcxLQjPmEEv
+          FIYgJT5amugDcYIgUhMjBx/8RPJaP/nGmBngAqsuuNCaZfyaHBRqN8XdS/AwmsI5
+          Wo+nru0+0/7aQFdqqtd2+e9dHjUWwgHxXvMgC4hkHpsdCGIZWVzWyBliwTYQYb1Y
+          yYe1LzqqQA5OMbZfKOY9MYDCEYOliRiunOn30iIOHj9V5qLzWGfSyxCRuvLRdEP8
+          iDeNweHbdaKuI80nQmxuBdRIspE9k5sD1WA4vLZpeg3zggxp4rfLL5zBJgb/33D3
+          d9Rkm14xfDPihhkCAwEAAaOB+jCB9zBZBgNVHREEUjBQhiZzcGlmZmU6Ly9mb28u
+          YmFyLmNvbS9jbGllbnQvd29ya2xvYWQvMYYmc3BpZmZlOi8vZm9vLmJhci5jb20v
+          Y2xpZW50L3dvcmtsb2FkLzIwHQYDVR0OBBYEFG9GkBgdBg/p0U9/lXv8zIJ+2c2N
+          MHsGA1UdIwR0MHKhWqRYMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
+          YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
+          BnRlc3RjYYIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQELBQADggEB
+          AJ4Cbxv+02SpUgkEu4hP/1+8DtSBXUxNxI0VG4e3Ap2+Rhjm3YiFeS/UeaZhNrrw
+          UEjkSTPFODyXR7wI7UO9OO1StyD6CMkp3SEvevU5JsZtGL6mTiTLTi3Qkywa91Bt
+          GlyZdVMghA1bBJLBMwiD5VT5noqoJBD7hDy6v9yNmt1Sw2iYBJPqI3Gnf5bMjR3s
+          UICaxmFyqaMCZsPkfJh0DmZpInGJys3m4QqGz6ZE2DWgcSr1r/ML7/5bSPjjr8j4
+          WFFSqFR3dMu8CbGnfZTCTXa4GTX/rARXbAO67Z/oJbJBK7VKayskL+PzKuohb9ox
+          jGL772hQMbwtFCOFXu5VP0s="]
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_corrupted_cert.json b/core/src/test/resources/io/grpc/internal/spiffebundle_corrupted_cert.json
new file mode 100644
index 00000000000..9ca51733ff3
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_corrupted_cert.json
@@ -0,0 +1,14 @@
+{
+  "trust_domains": {
+    "google.com": {
+      "spiffe_sequence": 123,
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["UNPARSABLE_CERTIFICATE"]
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_duplicates.json b/core/src/test/resources/io/grpc/internal/spiffebundle_duplicates.json
new file mode 100644
index 00000000000..3f015bd1568
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_duplicates.json
@@ -0,0 +1,23 @@
+{
+  "trust_domains": {
+    "google.com": {
+      "spiffe_sequence": 123,
+      "keys": [
+        {
+          "x5c": "VALUE_DOESN'T_MATTER"
+        }
+      ]
+    },
+    "google.com": {
+      "spiffe_sequence": 123,
+      "keys": [
+        {
+          "use": "x509-svid",
+          "kid": "some_value",
+          "x5c": "VALUE_DOESN'T_MATTER"
+        }
+      ]
+    },
+    "test.google.com.au": {}
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_malformed.json b/core/src/test/resources/io/grpc/internal/spiffebundle_malformed.json
new file mode 100644
index 00000000000..a2488eeb3cd
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_malformed.json
@@ -0,0 +1,4 @@
+[
+  "test.google.com",
+  "test.google.com.au"
+]
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_kid.json b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_kid.json
new file mode 100644
index 00000000000..f93af634a54
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_kid.json
@@ -0,0 +1,15 @@
+{
+  "trust_domains": {
+    "google.com": {
+      "spiffe_sequence": 123,
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "kid": "some_value",
+          "x5c": "VALUE_DOESN'T_MATTER"
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_kty.json b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_kty.json
new file mode 100644
index 00000000000..384da03fd6f
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_kty.json
@@ -0,0 +1,12 @@
+{
+  "trust_domains": {
+    "google.com": {
+      "spiffe_sequence": 123,
+      "keys": [
+        {
+          "x5c": "VALUE_DOESN'T_MATTER"
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_multi_certs.json b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_multi_certs.json
new file mode 100644
index 00000000000..5e85635bb02
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_multi_certs.json
@@ -0,0 +1,67 @@
+{
+  "trust_domains": {
+    "google.com": {
+      "spiffe_sequence": 123,
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIFsjCCA5qgAwIBAgIURygVMMzdr+Q7rsUaz189JozyHMwwDQYJKoZIhvcNAQEL
+            BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+            BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy
+            NTJaFw0zMTEyMjExODQyNTJaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM
+            MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu
+            dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ4AqpGetyVSqGUuBJ
+            LVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zEtz/Z
+            G5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpmszuqO
+            a6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3emjg3Z
+            JPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3f1XV
+            m0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQsSW75
+            7PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlrCAfc
+            msHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb740Yc
+            DmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7BvPN
+            zHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5LXRs
+            vvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnrbJkI
+            sK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABo4GHMIGEMB0GA1UdDgQWBBQ2lBp0PiRH
+            HvQ5IRURm8aHsj4RETAfBgNVHSMEGDAWgBQ2lBp0PiRHHvQ5IRURm8aHsj4RETAP
+            BgNVHRMBAf8EBTADAQH/MDEGA1UdEQQqMCiGJnNwaWZmZTovL2Zvby5iYXIuY29t
+            L2NsaWVudC93b3JrbG9hZC8xMA0GCSqGSIb3DQEBCwUAA4ICAQA1mSkgRclAl+E/
+            aS9zJ7t8+Y4n3T24nOKKveSIjxXm/zjhWqVsLYBI6kglWtih2+PELvU8JdPqNZK3
+            4Kl0Q6FWpVSGDdWN1i6NyORt2ocggL3ke3iXxRk3UpUKJmqwz81VhA2KUHnMlyE0
+            IufFfZNwNWWHBv13uJfRbjeQpKPhU+yf4DeXrsWcvrZlGvAET+mcplafUzCp7Iv+
+            PcISJtUerbxbVtuHVeZCLlgDXWkLAWJN8rf0dIG4x060LJ+j6j9uRVhb9sZn1HJV
+            +j4XdIYm1VKilluhOtNwP2d3Ox/JuTBxf7hFHXZPfMagQE5k5PzmxRaCAEMJ1l2D
+            vUbZw+shJfSNoWcBo2qadnUaWT3BmmJRBDh7ZReib/RQ1Rd4ygOyzP3E0vkV4/gq
+            yjLdApXh5PZP8KLQZ+1JN/sdWt7VfIt9wYOpkIqujdll51ESHzwQeAK9WVCB4UvV
+            z6zdhItB9CRbXPreWC+wCB1xDovIzFKOVsLs5+Gqs1m7VinG2LxbDqaKyo/FB0Hx
+            x0acBNzezLWoDwXYQrN0T0S4pnqhKD1CYPpdArBkNezUYAjS725FkApuK+mnBX3U
+            0msBffEaUEOkcyar1EW2m/33vpetD/k3eQQkmvQf4Hbiu9AF+9cNDm/hMuXEw5EX
+            GA91fn0891b5eEW8BJHXX0jri0aN8g==",
+            "MIIELTCCAxWgAwIBAgIUVXGlXjNENtOZbI12epjgIhMaShEwDQYJKoZIhvcNAQEL
+            BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+            GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTI0
+            MDkxNzE2MTk0NFoXDTM0MDkxNTE2MTk0NFowTjELMAkGA1UEBhMCVVMxCzAJBgNV
+            BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFTATBgNVBAMMDHRl
+            c3QtY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOcTjjcS
+            SfG/EGrr6G+f+3T2GXyHHfroQFi9mZUz80L7uKBdECOImID+YhoK8vcxLQjPmEEv
+            FIYgJT5amugDcYIgUhMjBx/8RPJaP/nGmBngAqsuuNCaZfyaHBRqN8XdS/AwmsI5
+            Wo+nru0+0/7aQFdqqtd2+e9dHjUWwgHxXvMgC4hkHpsdCGIZWVzWyBliwTYQYb1Y
+            yYe1LzqqQA5OMbZfKOY9MYDCEYOliRiunOn30iIOHj9V5qLzWGfSyxCRuvLRdEP8
+            iDeNweHbdaKuI80nQmxuBdRIspE9k5sD1WA4vLZpeg3zggxp4rfLL5zBJgb/33D3
+            d9Rkm14xfDPihhkCAwEAAaOB+jCB9zBZBgNVHREEUjBQhiZzcGlmZmU6Ly9mb28u
+            YmFyLmNvbS9jbGllbnQvd29ya2xvYWQvMYYmc3BpZmZlOi8vZm9vLmJhci5jb20v
+            Y2xpZW50L3dvcmtsb2FkLzIwHQYDVR0OBBYEFG9GkBgdBg/p0U9/lXv8zIJ+2c2N
+            MHsGA1UdIwR0MHKhWqRYMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
+            YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
+            BnRlc3RjYYIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQELBQADggEB
+            AJ4Cbxv+02SpUgkEu4hP/1+8DtSBXUxNxI0VG4e3Ap2+Rhjm3YiFeS/UeaZhNrrw
+            UEjkSTPFODyXR7wI7UO9OO1StyD6CMkp3SEvevU5JsZtGL6mTiTLTi3Qkywa91Bt
+            GlyZdVMghA1bBJLBMwiD5VT5noqoJBD7hDy6v9yNmt1Sw2iYBJPqI3Gnf5bMjR3s
+            UICaxmFyqaMCZsPkfJh0DmZpInGJys3m4QqGz6ZE2DWgcSr1r/ML7/5bSPjjr8j4
+            WFFSqFR3dMu8CbGnfZTCTXa4GTX/rARXbAO67Z/oJbJBK7VKayskL+PzKuohb9ox
+            jGL772hQMbwtFCOFXu5VP0s="]
+            }
+          ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_root.json b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_root.json
new file mode 100644
index 00000000000..90d2847dc05
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_root.json
@@ -0,0 +1,6 @@
+{
+  "trustDomains": {
+    "test.google.com": {},
+    "test.google.com.au": {}
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_seq_type.json b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_seq_type.json
new file mode 100644
index 00000000000..4e0aeacc89f
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_seq_type.json
@@ -0,0 +1,12 @@
+{
+  "trust_domains": {
+    "google.com": {
+      "spiffe_sequence": 123.5,
+      "keys": [
+        {
+          "x5c": "VALUE_DOESN'T_MATTER"
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_use.json b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_use.json
new file mode 100644
index 00000000000..166be04846c
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_wrong_use.json
@@ -0,0 +1,13 @@
+{
+  "trust_domains": {
+    "google.com": {
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "i_am_not_x509-svid",
+          "x5c": "VALUE_DOESN'T_MATTER"
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/gcp-observability/src/test/java/io/grpc/gcp/observability/ObservabilityConfigImplTest.java b/gcp-observability/src/test/java/io/grpc/gcp/observability/ObservabilityConfigImplTest.java
index a9e0d6e2235..f409a149bf1 100644
--- a/gcp-observability/src/test/java/io/grpc/gcp/observability/ObservabilityConfigImplTest.java
+++ b/gcp-observability/src/test/java/io/grpc/gcp/observability/ObservabilityConfigImplTest.java
@@ -108,8 +108,7 @@ public class ObservabilityConfigImplTest {
 
   private static final String PROJECT_ID = "{\n"
       + "    \"project_id\": \"grpc-testing\",\n"
-      + "    \"cloud_logging\": {},\n"
-      + "    \"project_id\": \"grpc-testing\"\n"
+      + "    \"cloud_logging\": {}\n"
       + "}";
 
   private static final String EMPTY_CONFIG = "{}";
diff --git a/testing/src/main/resources/certs/spiffe-openssl.cnf b/testing/src/main/resources/certs/spiffe-openssl.cnf
new file mode 100644
index 00000000000..40c473da7e5
--- /dev/null
+++ b/testing/src/main/resources/certs/spiffe-openssl.cnf
@@ -0,0 +1,12 @@
+[spiffe_client]
+subjectAltName = @alt_names
+
+[spiffe_client_multi]
+subjectAltName = @alt_names_multi
+
+[alt_names]
+URI = spiffe://foo.bar.com/client/workload/1
+
+[alt_names_multi]
+URI.1 = spiffe://foo.bar.com/client/workload/1
+URI.2 = spiffe://foo.bar.com/client/workload/2
\ No newline at end of file
diff --git a/testing/src/main/resources/certs/spiffe_cert.pem b/testing/src/main/resources/certs/spiffe_cert.pem
new file mode 100644
index 00000000000..bc070042f69
--- /dev/null
+++ b/testing/src/main/resources/certs/spiffe_cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsjCCA5qgAwIBAgIURygVMMzdr+Q7rsUaz189JozyHMwwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy
+NTJaFw0zMTEyMjExODQyNTJaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM
+MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu
+dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ4AqpGetyVSqGUuBJ
+LVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zEtz/Z
+G5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpmszuqO
+a6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3emjg3Z
+JPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3f1XV
+m0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQsSW75
+7PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlrCAfc
+msHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb740Yc
+DmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7BvPN
+zHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5LXRs
+vvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnrbJkI
+sK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABo4GHMIGEMB0GA1UdDgQWBBQ2lBp0PiRH
+HvQ5IRURm8aHsj4RETAfBgNVHSMEGDAWgBQ2lBp0PiRHHvQ5IRURm8aHsj4RETAP
+BgNVHRMBAf8EBTADAQH/MDEGA1UdEQQqMCiGJnNwaWZmZTovL2Zvby5iYXIuY29t
+L2NsaWVudC93b3JrbG9hZC8xMA0GCSqGSIb3DQEBCwUAA4ICAQA1mSkgRclAl+E/
+aS9zJ7t8+Y4n3T24nOKKveSIjxXm/zjhWqVsLYBI6kglWtih2+PELvU8JdPqNZK3
+4Kl0Q6FWpVSGDdWN1i6NyORt2ocggL3ke3iXxRk3UpUKJmqwz81VhA2KUHnMlyE0
+IufFfZNwNWWHBv13uJfRbjeQpKPhU+yf4DeXrsWcvrZlGvAET+mcplafUzCp7Iv+
+PcISJtUerbxbVtuHVeZCLlgDXWkLAWJN8rf0dIG4x060LJ+j6j9uRVhb9sZn1HJV
++j4XdIYm1VKilluhOtNwP2d3Ox/JuTBxf7hFHXZPfMagQE5k5PzmxRaCAEMJ1l2D
+vUbZw+shJfSNoWcBo2qadnUaWT3BmmJRBDh7ZReib/RQ1Rd4ygOyzP3E0vkV4/gq
+yjLdApXh5PZP8KLQZ+1JN/sdWt7VfIt9wYOpkIqujdll51ESHzwQeAK9WVCB4UvV
+z6zdhItB9CRbXPreWC+wCB1xDovIzFKOVsLs5+Gqs1m7VinG2LxbDqaKyo/FB0Hx
+x0acBNzezLWoDwXYQrN0T0S4pnqhKD1CYPpdArBkNezUYAjS725FkApuK+mnBX3U
+0msBffEaUEOkcyar1EW2m/33vpetD/k3eQQkmvQf4Hbiu9AF+9cNDm/hMuXEw5EX
+GA91fn0891b5eEW8BJHXX0jri0aN8g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/testing/src/main/resources/certs/spiffe_multi_uri_san_cert.pem b/testing/src/main/resources/certs/spiffe_multi_uri_san_cert.pem
new file mode 100644
index 00000000000..eb5c879abf8
--- /dev/null
+++ b/testing/src/main/resources/certs/spiffe_multi_uri_san_cert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIELTCCAxWgAwIBAgIUVXGlXjNENtOZbI12epjgIhMaShEwDQYJKoZIhvcNAQEL
+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTI0
+MDkxNzE2MTk0NFoXDTM0MDkxNTE2MTk0NFowTjELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFTATBgNVBAMMDHRl
+c3QtY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOcTjjcS
+SfG/EGrr6G+f+3T2GXyHHfroQFi9mZUz80L7uKBdECOImID+YhoK8vcxLQjPmEEv
+FIYgJT5amugDcYIgUhMjBx/8RPJaP/nGmBngAqsuuNCaZfyaHBRqN8XdS/AwmsI5
+Wo+nru0+0/7aQFdqqtd2+e9dHjUWwgHxXvMgC4hkHpsdCGIZWVzWyBliwTYQYb1Y
+yYe1LzqqQA5OMbZfKOY9MYDCEYOliRiunOn30iIOHj9V5qLzWGfSyxCRuvLRdEP8
+iDeNweHbdaKuI80nQmxuBdRIspE9k5sD1WA4vLZpeg3zggxp4rfLL5zBJgb/33D3
+d9Rkm14xfDPihhkCAwEAAaOB+jCB9zBZBgNVHREEUjBQhiZzcGlmZmU6Ly9mb28u
+YmFyLmNvbS9jbGllbnQvd29ya2xvYWQvMYYmc3BpZmZlOi8vZm9vLmJhci5jb20v
+Y2xpZW50L3dvcmtsb2FkLzIwHQYDVR0OBBYEFG9GkBgdBg/p0U9/lXv8zIJ+2c2N
+MHsGA1UdIwR0MHKhWqRYMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
+YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
+BnRlc3RjYYIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQELBQADggEB
+AJ4Cbxv+02SpUgkEu4hP/1+8DtSBXUxNxI0VG4e3Ap2+Rhjm3YiFeS/UeaZhNrrw
+UEjkSTPFODyXR7wI7UO9OO1StyD6CMkp3SEvevU5JsZtGL6mTiTLTi3Qkywa91Bt
+GlyZdVMghA1bBJLBMwiD5VT5noqoJBD7hDy6v9yNmt1Sw2iYBJPqI3Gnf5bMjR3s
+UICaxmFyqaMCZsPkfJh0DmZpInGJys3m4QqGz6ZE2DWgcSr1r/ML7/5bSPjjr8j4
+WFFSqFR3dMu8CbGnfZTCTXa4GTX/rARXbAO67Z/oJbJBK7VKayskL+PzKuohb9ox
+jGL772hQMbwtFCOFXu5VP0s=
+-----END CERTIFICATE-----
\ No newline at end of file

From 00c8bc78dd5a338a1b5b1476dd8ea86b4290a8bf Mon Sep 17 00:00:00 2001
From: Lucas Mirelmann <lgalfaso@gmail.com>
Date: Fri, 18 Oct 2024 07:59:35 +0200
Subject: [PATCH 055/591] Minor grammar fix in Javadoc (#11609)

---
 api/src/main/java/io/grpc/StatusRuntimeException.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/io/grpc/StatusRuntimeException.java b/api/src/main/java/io/grpc/StatusRuntimeException.java
index 70c4d10f0b2..9465e4c38cd 100644
--- a/api/src/main/java/io/grpc/StatusRuntimeException.java
+++ b/api/src/main/java/io/grpc/StatusRuntimeException.java
@@ -30,7 +30,7 @@ public class StatusRuntimeException extends RuntimeException {
   private final Metadata trailers;
 
   /**
-   * Constructs the exception with both a status. See also {@link Status#asRuntimeException()}.
+   * Constructs the exception with a status. See also {@link Status#asRuntimeException()}.
    *
    * @since 1.0.0
    */

From 62f409810d48bbae9fdd111217e7b2b85d377e60 Mon Sep 17 00:00:00 2001
From: hlx502 <73785906+hlx502@users.noreply.github.com>
Date: Wed, 23 Oct 2024 03:17:39 +0800
Subject: [PATCH 056/591] netty: Avoid TCP_USER_TIMEOUT warning when not using
 epoll (#11564)

In NettyClientTransport, the TCP_USER_TIMEOUT attribute can be set only
if the channel is of the AbstractEpollStreamChannel.

Fixes #11517
---
 .../io/grpc/netty/NettyClientTransport.java   | 21 ++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
index a82470cacb4..426f3c0d583 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
@@ -241,13 +241,6 @@ public Runnable start(Listener transportListener) {
     b.channelFactory(channelFactory);
     // For non-socket based channel, the option will be ignored.
     b.option(SO_KEEPALIVE, true);
-    // For non-epoll based channel, the option will be ignored.
-    if (keepAliveTimeNanos != KEEPALIVE_TIME_NANOS_DISABLED) {
-      ChannelOption<Integer> tcpUserTimeout = Utils.maybeGetTcpUserTimeoutOption();
-      if (tcpUserTimeout != null) {
-        b.option(tcpUserTimeout, (int) TimeUnit.NANOSECONDS.toMillis(keepAliveTimeoutNanos));
-      }
-    }
     for (Map.Entry<ChannelOption<?>, ?> entry : channelOptions.entrySet()) {
       // Every entry in the map is obtained from
       // NettyChannelBuilder#withOption(ChannelOption<T> option, T value)
@@ -286,6 +279,20 @@ public void run() {
       };
     }
     channel = regFuture.channel();
+    // For non-epoll based channel, the option will be ignored.
+    try {
+      if (keepAliveTimeNanos != KEEPALIVE_TIME_NANOS_DISABLED
+              && Class.forName("io.netty.channel.epoll.AbstractEpollChannel").isInstance(channel)) {
+        ChannelOption<Integer> tcpUserTimeout = Utils.maybeGetTcpUserTimeoutOption();
+        if (tcpUserTimeout != null) {
+          int tcpUserTimeoutMs = (int) TimeUnit.NANOSECONDS.toMillis(keepAliveTimeoutNanos);
+          channel.config().setOption(tcpUserTimeout, tcpUserTimeoutMs);
+        }
+      }
+    } catch (ClassNotFoundException ignored) {
+      // JVM did not load AbstractEpollChannel, so the current channel will not be of epoll type,
+      // so there is no need to set TCP_USER_TIMEOUT
+    }
     // Start the write queue as soon as the channel is constructed
     handler.startWriteQueue(channel);
     // This write will have no effect, yet it will only complete once the negotiationHandler

From b65cbf508195fb86b3642b75185c2b150c700e31 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 24 Oct 2024 01:22:41 +0530
Subject: [PATCH 057/591] inprocess: Support tracing message sizes guarded by
 flag (#11629)

---
 .../grpc/internal/AbstractTransportTest.java  | 45 +++++++---
 .../inprocess/InProcessChannelBuilder.java    |  4 +
 .../io/grpc/inprocess/InProcessTransport.java | 88 +++++++++++--------
 .../inprocess/InProcessTransportTest.java     | 10 ++-
 4 files changed, 92 insertions(+), 55 deletions(-)

diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index 75ea2678709..69d8e65955e 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -96,6 +96,9 @@ public abstract class AbstractTransportTest {
 
   private static final int TIMEOUT_MS = 5000;
 
+  protected static final String GRPC_EXPERIMENTAL_SUPPORT_TRACING_MESSAGE_SIZES =
+      "GRPC_EXPERIMENTAL_SUPPORT_TRACING_MESSAGE_SIZES";
+
   private static final Attributes.Key<String> ADDITIONAL_TRANSPORT_ATTR_KEY =
       Attributes.Key.create("additional-attr");
 
@@ -238,6 +241,13 @@ protected void advanceClock(long offset, TimeUnit unit) {
     throw new UnsupportedOperationException();
   }
 
+  /**
+   * Returns true if env var is set.
+   */
+  protected static boolean isEnabledSupportTracingMessageSizes() {
+    return GrpcUtil.getFlag(GRPC_EXPERIMENTAL_SUPPORT_TRACING_MESSAGE_SIZES, false);
+  }
+
   /**
    * Returns the current time, for tests that rely on the clock.
    */
@@ -850,16 +860,21 @@ public void basicStream() throws Exception {
     message.close();
     assertThat(clientStreamTracer1.nextOutboundEvent())
         .matches("outboundMessageSent\\(0, -?[0-9]+, -?[0-9]+\\)");
-    assertThat(clientStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
-    assertThat(clientStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
+    if (isEnabledSupportTracingMessageSizes()) {
+      assertThat(clientStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
+      assertThat(clientStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
+    }
+
     assertThat(serverStreamTracer1.nextInboundEvent()).isEqualTo("inboundMessage(0)");
     assertNull("no additional message expected", serverStreamListener.messageQueue.poll());
 
     clientStream.halfClose();
     assertTrue(serverStreamListener.awaitHalfClosed(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
-    assertThat(serverStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
-    assertThat(serverStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
+    if (isEnabledSupportTracingMessageSizes()) {
+      assertThat(serverStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
+      assertThat(serverStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
+    }
     assertThat(serverStreamTracer1.nextInboundEvent())
         .matches("inboundMessageRead\\(0, -?[0-9]+, -?[0-9]+\\)");
 
@@ -890,15 +905,19 @@ public void basicStream() throws Exception {
     assertNotNull("message expected", message);
     assertThat(serverStreamTracer1.nextOutboundEvent())
         .matches("outboundMessageSent\\(0, -?[0-9]+, -?[0-9]+\\)");
-    assertThat(serverStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
-    assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
+    if (isEnabledSupportTracingMessageSizes()) {
+      assertThat(serverStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
+      assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
+    }
     assertTrue(clientStreamTracer1.getInboundHeaders());
     assertThat(clientStreamTracer1.nextInboundEvent()).isEqualTo("inboundMessage(0)");
     assertEquals("Hi. Who are you?", methodDescriptor.parseResponse(message));
     assertThat(clientStreamTracer1.nextInboundEvent())
         .matches("inboundMessageRead\\(0, -?[0-9]+, -?[0-9]+\\)");
-    assertThat(clientStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
-    assertThat(clientStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
+    if (isEnabledSupportTracingMessageSizes()) {
+      assertThat(clientStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
+      assertThat(clientStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
+    }
 
     message.close();
     assertNull("no additional message expected", clientStreamListener.messageQueue.poll());
@@ -1258,10 +1277,12 @@ public void onReady() {
     serverStream.close(Status.OK, new Metadata());
     assertTrue(clientStreamTracer1.getOutboundHeaders());
     assertTrue(clientStreamTracer1.getInboundHeaders());
-    assertThat(clientStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
-    assertThat(clientStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
-    assertThat(serverStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
-    assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
+    if (isEnabledSupportTracingMessageSizes()) {
+      assertThat(clientStreamTracer1.getInboundWireSize()).isGreaterThan(0L);
+      assertThat(clientStreamTracer1.getInboundUncompressedSize()).isGreaterThan(0L);
+      assertThat(serverStreamTracer1.getOutboundWireSize()).isGreaterThan(0L);
+      assertThat(serverStreamTracer1.getOutboundUncompressedSize()).isGreaterThan(0L);
+    }
     assertNull(clientStreamTracer1.getInboundTrailers());
     assertSame(status, clientStreamTracer1.getStatus());
     // There is a race between client cancelling and server closing.  The final status seen by the
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java
index 4e711a94004..9b33b3d3618 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.inprocess.InProcessTransport.isEnabledSupportTracingMessageSizes;
 
 import com.google.errorprone.annotations.DoNotCall;
 import io.grpc.ChannelCredentials;
@@ -118,6 +119,9 @@ public ClientTransportFactory buildClientTransportFactory() {
     managedChannelImplBuilder.setStatsRecordStartedRpcs(false);
     managedChannelImplBuilder.setStatsRecordFinishedRpcs(false);
     managedChannelImplBuilder.setStatsRecordRetryMetrics(false);
+    if (!isEnabledSupportTracingMessageSizes) {
+      managedChannelImplBuilder.disableRetry();
+    }
   }
 
   @Internal
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index 0d173b96711..4212d96e9fb 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -82,6 +82,8 @@
 @ThreadSafe
 final class InProcessTransport implements ServerTransport, ConnectionClientTransport {
   private static final Logger log = Logger.getLogger(InProcessTransport.class.getName());
+  static boolean isEnabledSupportTracingMessageSizes =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_SUPPORT_TRACING_MESSAGE_SIZES", false);
 
   private final InternalLogId logId;
   private final SocketAddress address;
@@ -485,22 +487,25 @@ private void clientCancelled(Status status) {
 
       @Override
       public void writeMessage(InputStream message) {
-        long messageLength;
-        try {
-          if (assumedMessageSize != -1) {
-            messageLength = assumedMessageSize;
-          } else if (message instanceof KnownLength || message instanceof ByteArrayInputStream) {
-            messageLength = message.available();
-          } else {
-            InputStream oldMessage = message;
-            byte[] payload = ByteStreams.toByteArray(message);
-            messageLength = payload.length;
-            message = new ByteArrayInputStream(payload);
-            oldMessage.close();
+        long messageLength = 0;
+        if (isEnabledSupportTracingMessageSizes) {
+          try {
+            if (assumedMessageSize != -1) {
+              messageLength = assumedMessageSize;
+            } else if (message instanceof KnownLength || message instanceof ByteArrayInputStream) {
+              messageLength = message.available();
+            } else {
+              InputStream oldMessage = message;
+              byte[] payload = ByteStreams.toByteArray(message);
+              messageLength = payload.length;
+              message = new ByteArrayInputStream(payload);
+              oldMessage.close();
+            }
+          } catch (Exception e) {
+            throw new RuntimeException("Error processing the message length", e);
           }
-        } catch (Exception e) {
-          throw new RuntimeException("Error processing the message length", e);
         }
+
         synchronized (this) {
           if (closed) {
             return;
@@ -509,11 +514,13 @@ public void writeMessage(InputStream message) {
           statsTraceCtx.outboundMessageSent(outboundSeqNo, -1, -1);
           clientStream.statsTraceCtx.inboundMessage(outboundSeqNo);
           clientStream.statsTraceCtx.inboundMessageRead(outboundSeqNo, -1, -1);
-          statsTraceCtx.outboundUncompressedSize(messageLength);
-          statsTraceCtx.outboundWireSize(messageLength);
-          // messageLength should be same at receiver's end as no actual wire is involved.
-          clientStream.statsTraceCtx.inboundUncompressedSize(messageLength);
-          clientStream.statsTraceCtx.inboundWireSize(messageLength);
+          if (isEnabledSupportTracingMessageSizes) {
+            statsTraceCtx.outboundUncompressedSize(messageLength);
+            statsTraceCtx.outboundWireSize(messageLength);
+            // messageLength should be same at receiver's end as no actual wire is involved.
+            clientStream.statsTraceCtx.inboundUncompressedSize(messageLength);
+            clientStream.statsTraceCtx.inboundWireSize(messageLength);
+          }
           outboundSeqNo++;
           StreamListener.MessageProducer producer = new SingleMessageProducer(message);
           if (clientRequested > 0) {
@@ -523,7 +530,6 @@ public void writeMessage(InputStream message) {
             clientReceiveQueue.add(producer);
           }
         }
-
         syncContext.drain();
       }
 
@@ -777,21 +783,23 @@ private void serverClosed(Status serverListenerStatus, Status serverTracerStatus
 
       @Override
       public void writeMessage(InputStream message) {
-        long messageLength;
-        try {
-          if (assumedMessageSize != -1) {
-            messageLength = assumedMessageSize;
-          } else if (message instanceof KnownLength || message instanceof ByteArrayInputStream) {
-            messageLength = message.available();
-          } else {
-            InputStream oldMessage = message;
-            byte[] payload = ByteStreams.toByteArray(message);
-            messageLength = payload.length;
-            message = new ByteArrayInputStream(payload);
-            oldMessage.close();
+        long messageLength = 0;
+        if (isEnabledSupportTracingMessageSizes) {
+          try {
+            if (assumedMessageSize != -1) {
+              messageLength = assumedMessageSize;
+            } else if (message instanceof KnownLength || message instanceof ByteArrayInputStream) {
+              messageLength = message.available();
+            } else {
+              InputStream oldMessage = message;
+              byte[] payload = ByteStreams.toByteArray(message);
+              messageLength = payload.length;
+              message = new ByteArrayInputStream(payload);
+              oldMessage.close();
+            }
+          } catch (Exception e) {
+            throw new RuntimeException("Error processing the message length", e);
           }
-        } catch (Exception e) {
-          throw new RuntimeException("Error processing the message length", e);
         }
         synchronized (this) {
           if (closed) {
@@ -801,11 +809,13 @@ public void writeMessage(InputStream message) {
           statsTraceCtx.outboundMessageSent(outboundSeqNo, -1, -1);
           serverStream.statsTraceCtx.inboundMessage(outboundSeqNo);
           serverStream.statsTraceCtx.inboundMessageRead(outboundSeqNo, -1, -1);
-          statsTraceCtx.outboundUncompressedSize(messageLength);
-          statsTraceCtx.outboundWireSize(messageLength);
-          // messageLength should be same at receiver's end as no actual wire is involved.
-          serverStream.statsTraceCtx.inboundUncompressedSize(messageLength);
-          serverStream.statsTraceCtx.inboundWireSize(messageLength);
+          if (isEnabledSupportTracingMessageSizes) {
+            statsTraceCtx.outboundUncompressedSize(messageLength);
+            statsTraceCtx.outboundWireSize(messageLength);
+            // messageLength should be same at receiver's end as no actual wire is involved.
+            serverStream.statsTraceCtx.inboundUncompressedSize(messageLength);
+            serverStream.statsTraceCtx.inboundWireSize(messageLength);
+          }
           outboundSeqNo++;
           StreamListener.MessageProducer producer = new SingleMessageProducer(message);
           if (serverRequested > 0) {
diff --git a/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java b/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
index 87d7467c11f..3ed8dd24ca9 100644
--- a/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
+++ b/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
@@ -234,9 +234,11 @@ public void basicStreamInProcess() throws Exception {
 
   private void assertAssumedMessageSize(
       TestStreamTracer streamTracerSender, TestStreamTracer streamTracerReceiver) {
-    Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerSender.getOutboundWireSize());
-    Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerSender.getOutboundUncompressedSize());
-    Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerReceiver.getInboundWireSize());
-    Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerReceiver.getInboundUncompressedSize());
+    if (isEnabledSupportTracingMessageSizes()) {
+      Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerSender.getOutboundWireSize());
+      Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerSender.getOutboundUncompressedSize());
+      Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerReceiver.getInboundWireSize());
+      Assert.assertEquals(TEST_MESSAGE_LENGTH, streamTracerReceiver.getInboundUncompressedSize());
+    }
   }
 }

From 46c1b387fa547038dbfb2f6ecd236ed3e4b757e3 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 24 Oct 2024 10:52:44 -0700
Subject: [PATCH 058/591] Update binderDied() error description to spell out
 the possibilities for those unfamiliar with Android internals. (#11628)

Callers are frequently confused by this message and waste time looking for problems in the client when the root cause is simply a server crash. See b/371447460 for more context.
---
 .../src/main/java/io/grpc/binder/internal/BinderTransport.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 81eecf975bf..8c428fac98c 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -299,7 +299,7 @@ protected boolean setOutgoingBinder(OneWayBinderProxy binder) {
 
   @Override
   public synchronized void binderDied() {
-    shutdownInternal(Status.UNAVAILABLE.withDescription("binderDied"), true);
+    shutdownInternal(Status.UNAVAILABLE.withDescription("Peer process crashed, exited or was killed (binderDied)"), true);
   }
 
   @GuardedBy("this")

From 31dad6af4996170a55f1bd0a99f0d892e6bbcd84 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 24 Oct 2024 10:07:53 -0700
Subject: [PATCH 059/591] Start 1.69.0 development cycle

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 81fa8795e68..f58d2daa40a 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.68.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.69.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 6afe010de4d..f647acdb382 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.68.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.69.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 04a7f2406b3..adfe415c845 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.68.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.69.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index d69abad7cbb..438d067ac0d 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.68.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.69.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index a1fe34c2edc..f519b502c1f 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.68.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.69.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 60bed40f349..e7b65724a5b 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,5 +1,5 @@
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.66.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.69.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 6b5b966e7f6..271d29cfb4b 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,12 +54,12 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 4edbcb14612..e51176cc4f6 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index 4a08f40e4ee..3209937ba70 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index 9f41994e3c2..1fdf43d1f3f 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,8 +53,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index 24f6d2b04f8..83877cbb8d9 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 6b1f0ded169..e0d565a41f2 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -24,7 +24,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 97bca5f91b6..7926d53138b 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -25,7 +25,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index dc399a78c9d..d08ec7787eb 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.68.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 0c45e6de7cf..ca9ad9a60b8 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -25,7 +25,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index a8e32b347e5..94691b1d1d2 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.68.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 86edd557206..98841c20ef9 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -24,7 +24,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 89478a2dfa6..6a1b11d5e20 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.68.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 179ab3a74d9..7a72ebcdcd9 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -25,7 +25,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 1a6f4719460..3365b844895 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -25,7 +25,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 17817e2a374..7ade8da565a 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index 991174af382..baebfc6fc50 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.68.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index c31486095f3..0e14f369ebe 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 10330d955ed..d20358f9266 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.68.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index fe21efcf0db..ee46d69cdaf 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 072bd957dcf..fe48c0db6ee 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.68.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index f08f9d492a5..ccdcf93ebfd 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -24,7 +24,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 4ca9343f887..43df71e5ed7 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -18,7 +18,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index e1efc8ee050..769e9bddee8 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -18,7 +18,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index ebd14674578..e4a5128898f 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 8a16a902b72..1eb51182309 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -24,7 +24,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index 972976ecdf1..de32a5f9807 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.68.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index a3e23a19601..a77e71b253c 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 554c70a35ce..475747a5b5e 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.68.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->

From ba8ab796e78e420d2d81b6dd479434a1bc548584 Mon Sep 17 00:00:00 2001
From: Luwei Ge <rockingspore@gmail.com>
Date: Thu, 24 Oct 2024 15:18:53 -0700
Subject: [PATCH 060/591] alts: support altsCallCredentials in
 GoogleDefaultChannelCredentials (#11634)

---
 .../java/io/grpc/alts/AltsContextUtil.java    |  18 ++-
 .../io/grpc/alts/DualCallCredentials.java     |  46 ++++++++
 .../alts/GoogleDefaultChannelCredentials.java |  34 ++++--
 .../io/grpc/alts/DualCallCredentialsTest.java | 109 ++++++++++++++++++
 4 files changed, 191 insertions(+), 16 deletions(-)
 create mode 100644 alts/src/main/java/io/grpc/alts/DualCallCredentials.java
 create mode 100644 alts/src/test/java/io/grpc/alts/DualCallCredentialsTest.java

diff --git a/alts/src/main/java/io/grpc/alts/AltsContextUtil.java b/alts/src/main/java/io/grpc/alts/AltsContextUtil.java
index 91b06756dc3..5f2ce353761 100644
--- a/alts/src/main/java/io/grpc/alts/AltsContextUtil.java
+++ b/alts/src/main/java/io/grpc/alts/AltsContextUtil.java
@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-
 package io.grpc.alts;
 
+import io.grpc.Attributes;
 import io.grpc.ExperimentalApi;
 import io.grpc.ServerCall;
 import io.grpc.alts.internal.AltsInternalContext;
@@ -35,7 +35,7 @@ private AltsContextUtil() {}
    * @return the created {@link AltsContext}
    * @throws IllegalArgumentException if the {@link ServerCall} has no ALTS information.
    */
-  public static AltsContext createFrom(ServerCall<?,?> call) {
+  public static AltsContext createFrom(ServerCall<?, ?> call) {
     Object authContext = call.getAttributes().get(AltsProtocolNegotiator.AUTH_CONTEXT_KEY);
     if (!(authContext instanceof AltsInternalContext)) {
       throw new IllegalArgumentException("No ALTS context information found");
@@ -49,8 +49,18 @@ public static AltsContext createFrom(ServerCall<?,?> call) {
    * @param call the {@link ServerCall} to check
    * @return true, if the {@link ServerCall} contains ALTS information and false otherwise.
    */
-  public static boolean check(ServerCall<?,?> call) {
-    Object authContext = call.getAttributes().get(AltsProtocolNegotiator.AUTH_CONTEXT_KEY);
+  public static boolean check(ServerCall<?, ?> call) {
+    return check(call.getAttributes());
+  }
+
+  /**
+   * Checks if the {@link Attributes} contains ALTS information.
+   *
+   * @param attributes the {@link Attributes} to check
+   * @return true, if the {@link Attributes} contains ALTS information and false otherwise.
+   */
+  public static boolean check(Attributes attributes) {
+    Object authContext = attributes.get(AltsProtocolNegotiator.AUTH_CONTEXT_KEY);
     return authContext instanceof AltsInternalContext;
   }
 }
diff --git a/alts/src/main/java/io/grpc/alts/DualCallCredentials.java b/alts/src/main/java/io/grpc/alts/DualCallCredentials.java
new file mode 100644
index 00000000000..08104712e65
--- /dev/null
+++ b/alts/src/main/java/io/grpc/alts/DualCallCredentials.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.alts;
+
+import io.grpc.CallCredentials;
+import java.util.concurrent.Executor;
+
+/**
+ * {@code CallCredentials} that will pick the right credentials based on whether the established
+ * connection is ALTS or TLS.
+ */
+final class DualCallCredentials extends CallCredentials {
+  private final CallCredentials tlsCallCredentials;
+  private final CallCredentials altsCallCredentials;
+
+  public DualCallCredentials(CallCredentials tlsCallCreds, CallCredentials altsCallCreds) {
+    tlsCallCredentials = tlsCallCreds;
+    altsCallCredentials = altsCallCreds;
+  }
+
+  @Override
+  public void applyRequestMetadata(
+      CallCredentials.RequestInfo requestInfo,
+      Executor appExecutor,
+      CallCredentials.MetadataApplier applier) {
+    if (AltsContextUtil.check(requestInfo.getTransportAttrs())) {
+      altsCallCredentials.applyRequestMetadata(requestInfo, appExecutor, applier);
+    } else {
+      tlsCallCredentials.applyRequestMetadata(requestInfo, appExecutor, applier);
+    }
+  }
+}
diff --git a/alts/src/main/java/io/grpc/alts/GoogleDefaultChannelCredentials.java b/alts/src/main/java/io/grpc/alts/GoogleDefaultChannelCredentials.java
index d9c2ddaaed7..1b5880120a4 100644
--- a/alts/src/main/java/io/grpc/alts/GoogleDefaultChannelCredentials.java
+++ b/alts/src/main/java/io/grpc/alts/GoogleDefaultChannelCredentials.java
@@ -63,6 +63,7 @@ public static Builder newBuilder() {
    */
   public static final class Builder {
     private CallCredentials callCredentials;
+    private CallCredentials altsCallCredentials;
 
     private Builder() {}
 
@@ -72,23 +73,32 @@ public Builder callCredentials(CallCredentials callCreds) {
       return this;
     }
 
+    /** Constructs GoogleDefaultChannelCredentials with an ALTS-specific call credential. */
+    public Builder altsCallCredentials(CallCredentials callCreds) {
+      altsCallCredentials = callCreds;
+      return this;
+    }
+
     /** Builds a GoogleDefaultChannelCredentials instance. */
     public ChannelCredentials build() {
       ChannelCredentials nettyCredentials =
           InternalNettyChannelCredentials.create(createClientFactory());
-      if (callCredentials != null) {
-        return CompositeChannelCredentials.create(nettyCredentials, callCredentials);
-      }
-      CallCredentials callCreds;
-      try {
-        callCreds = MoreCallCredentials.from(GoogleCredentials.getApplicationDefault());
-      } catch (IOException e) {
-        callCreds =
-            new FailingCallCredentials(
-                Status.UNAUTHENTICATED
-                    .withDescription("Failed to get Google default credentials")
-                    .withCause(e));
+      CallCredentials tlsCallCreds = callCredentials;
+      if (tlsCallCreds == null) {
+        try {
+          tlsCallCreds = MoreCallCredentials.from(GoogleCredentials.getApplicationDefault());
+        } catch (IOException e) {
+          tlsCallCreds =
+              new FailingCallCredentials(
+                  Status.UNAUTHENTICATED
+                      .withDescription("Failed to get Google default credentials")
+                      .withCause(e));
+        }
       }
+      CallCredentials callCreds =
+          altsCallCredentials == null
+              ? tlsCallCreds
+              : new DualCallCredentials(tlsCallCreds, altsCallCredentials);
       return CompositeChannelCredentials.create(nettyCredentials, callCreds);
     }
 
diff --git a/alts/src/test/java/io/grpc/alts/DualCallCredentialsTest.java b/alts/src/test/java/io/grpc/alts/DualCallCredentialsTest.java
new file mode 100644
index 00000000000..29646191be1
--- /dev/null
+++ b/alts/src/test/java/io/grpc/alts/DualCallCredentialsTest.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.alts;
+
+import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
+import io.grpc.Attributes;
+import io.grpc.CallCredentials;
+import io.grpc.CallCredentials.RequestInfo;
+import io.grpc.MethodDescriptor;
+import io.grpc.SecurityLevel;
+import io.grpc.alts.internal.AltsInternalContext;
+import io.grpc.alts.internal.AltsProtocolNegotiator;
+import io.grpc.testing.TestMethodDescriptors;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+
+/** Unit tests for {@link DualCallCredentials}. */
+@RunWith(JUnit4.class)
+public class DualCallCredentialsTest {
+
+  @Rule public final MockitoRule mocks = MockitoJUnit.rule();
+
+  @Mock CallCredentials tlsCallCredentials;
+
+  @Mock CallCredentials altsCallCredentials;
+
+  private static final String AUTHORITY = "testauthority";
+  private static final SecurityLevel SECURITY_LEVEL = SecurityLevel.PRIVACY_AND_INTEGRITY;
+
+  @Test
+  public void invokeTlsCallCredentials() {
+    DualCallCredentials callCredentials =
+        new DualCallCredentials(tlsCallCredentials, altsCallCredentials);
+    RequestInfo requestInfo = new RequestInfoImpl(false);
+    callCredentials.applyRequestMetadata(requestInfo, null, null);
+
+    verify(altsCallCredentials, never()).applyRequestMetadata(any(), any(), any());
+    verify(tlsCallCredentials, times(1)).applyRequestMetadata(requestInfo, null, null);
+  }
+
+  @Test
+  public void invokeAltsCallCredentials() {
+    DualCallCredentials callCredentials =
+        new DualCallCredentials(tlsCallCredentials, altsCallCredentials);
+    RequestInfo requestInfo = new RequestInfoImpl(true);
+    callCredentials.applyRequestMetadata(requestInfo, null, null);
+
+    verify(altsCallCredentials, times(1)).applyRequestMetadata(requestInfo, null, null);
+    verify(tlsCallCredentials, never()).applyRequestMetadata(any(), any(), any());
+  }
+
+  private static final class RequestInfoImpl extends CallCredentials.RequestInfo {
+    private Attributes attrs;
+
+    RequestInfoImpl(boolean hasAltsContext) {
+      attrs =
+          hasAltsContext
+              ? Attributes.newBuilder()
+                  .set(
+                      AltsProtocolNegotiator.AUTH_CONTEXT_KEY,
+                      AltsInternalContext.getDefaultInstance())
+                  .build()
+              : Attributes.EMPTY;
+    }
+
+    @Override
+    public MethodDescriptor<?, ?> getMethodDescriptor() {
+      return TestMethodDescriptors.voidMethod();
+    }
+
+    @Override
+    public SecurityLevel getSecurityLevel() {
+      return SECURITY_LEVEL;
+    }
+
+    @Override
+    public String getAuthority() {
+      return AUTHORITY;
+    }
+
+    @Override
+    public Attributes getTransportAttrs() {
+      return attrs;
+    }
+  }
+}

From 370e7ce27c815034e6b028953c0d9e734fb0390f Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 24 Oct 2024 23:39:22 -0700
Subject: [PATCH 061/591] Revert "stub: Ignore unary response on server if
 status is not OK" (#11636)

This reverts commit 99f86835ed8a1c960d532e58b5fd51ec1bb99825.

The change doesn't handle `null` messages, which don't happen with
protobuf, but can happen with other marshallers, especially in tests.
See cl/689445172

This will reopen #5969.
---
 .../main/java/io/grpc/stub/ServerCalls.java   | 24 ++-------
 .../java/io/grpc/stub/ServerCallsTest.java    | 54 -------------------
 2 files changed, 4 insertions(+), 74 deletions(-)

diff --git a/stub/src/main/java/io/grpc/stub/ServerCalls.java b/stub/src/main/java/io/grpc/stub/ServerCalls.java
index 6c444551530..7990a5b34c0 100644
--- a/stub/src/main/java/io/grpc/stub/ServerCalls.java
+++ b/stub/src/main/java/io/grpc/stub/ServerCalls.java
@@ -335,7 +335,6 @@ private static final class ServerCallStreamObserverImpl<ReqT, RespT>
     private boolean aborted = false;
     private boolean completed = false;
     private Runnable onCloseHandler;
-    private RespT unaryResponse;
 
     // Non private to avoid synthetic class
     ServerCallStreamObserverImpl(ServerCall<ReqT, RespT> call, boolean serverStreamingOrBidi) {
@@ -374,22 +373,15 @@ public void onNext(RespT response) {
       }
       checkState(!aborted, "Stream was terminated by error, no further calls are allowed");
       checkState(!completed, "Stream is already completed, no further calls are allowed");
-      if (serverStreamingOrBidi) {
-        if (!sentHeaders) {
-          call.sendHeaders(new Metadata());
-          sentHeaders = true;
-        }
-        call.sendMessage(response);
-      } else {
-        unaryResponse = response;
+      if (!sentHeaders) {
+        call.sendHeaders(new Metadata());
+        sentHeaders = true;
       }
+      call.sendMessage(response);
     }
 
     @Override
     public void onError(Throwable t) {
-      if (!serverStreamingOrBidi) {
-        unaryResponse = null;
-      }
       Metadata metadata = Status.trailersFromThrowable(t);
       if (metadata == null) {
         metadata = new Metadata();
@@ -400,14 +392,6 @@ public void onError(Throwable t) {
 
     @Override
     public void onCompleted() {
-      if (!serverStreamingOrBidi && unaryResponse != null) {
-        if (!sentHeaders) {
-          call.sendHeaders(new Metadata());
-          sentHeaders = true;
-        }
-        call.sendMessage(unaryResponse);
-        unaryResponse = null;
-      }
       call.close(Status.OK, new Metadata());
       completed = true;
     }
diff --git a/stub/src/test/java/io/grpc/stub/ServerCallsTest.java b/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
index 8d65be19e20..1e51ac10110 100644
--- a/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
+++ b/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
@@ -33,7 +33,6 @@
 import io.grpc.ServerServiceDefinition;
 import io.grpc.ServiceDescriptor;
 import io.grpc.Status;
-import io.grpc.Status.Code;
 import io.grpc.StatusRuntimeException;
 import io.grpc.inprocess.InProcessChannelBuilder;
 import io.grpc.inprocess.InProcessServerBuilder;
@@ -621,59 +620,6 @@ public void onClose(Status status, Metadata trailers) {
     assertArrayEquals(new int[]{0, 1, 1, 2, 2, 2}, receivedMessages);
   }
 
-  @Test
-  public void serverUnaryResponseMsgWithOkStatus() {
-    ServerCallHandler<Integer, Integer> serverCallHandler =
-        ServerCalls.asyncUnaryCall(
-            new ServerCalls.UnaryMethod<Integer, Integer>() {
-              @Override
-              public void invoke(Integer request, StreamObserver<Integer> responseObserver) {
-                responseObserver.onNext(request);
-                responseObserver.onCompleted();
-              }
-            });
-    ServerCall.Listener<Integer> callListener =
-        serverCallHandler.startCall(serverCall, new Metadata());
-    serverCall.isReady = true;
-    serverCall.isCancelled = false;
-    callListener.onReady();
-    callListener.onMessage(1);
-    callListener.onHalfClose();
-
-    assertThat(serverCall.status.getCode()).isEqualTo(Code.OK);
-    assertThat(serverCall.responses).containsExactly(1);
-  }
-
-  @Test
-  public void serverUnaryResponseMsgWithNotOkStatus() {
-    ServerCallHandler<Integer, Integer> serverCallHandler =
-        ServerCalls.asyncUnaryCall(
-            new ServerCalls.UnaryMethod<Integer, Integer>() {
-              @Override
-              public void invoke(Integer request, StreamObserver<Integer> responseObserver) {
-                responseObserver.onNext(request);
-                responseObserver.onError(
-                    Status.INTERNAL
-                        .withDescription("Response message is null for unary call")
-                        .asRuntimeException());
-              }
-            });
-
-    ServerCall.Listener<Integer> callListener =
-        serverCallHandler.startCall(serverCall, new Metadata());
-
-    serverCall.isReady = true;
-    serverCall.isCancelled = false;
-    callListener.onReady();
-    callListener.onMessage(1);
-    callListener.onHalfClose();
-
-    assertThat(serverCall.status.getCode()).isEqualTo(Code.INTERNAL);
-    assertThat(serverCall.status.getDescription())
-        .isEqualTo("Response message is null for unary call");
-    assertThat(serverCall.responses).isEmpty();
-  }
-
   public static class IntegerMarshaller implements MethodDescriptor.Marshaller<Integer> {
     @Override
     public InputStream stream(Integer value) {

From 0b2c17d0da84e92fbb104bd46ccb2f61860db04b Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 25 Oct 2024 14:36:27 +0530
Subject: [PATCH 062/591] Xds: Implement using system root trust CA for TLS
 server authentication (#11470)

Allow using system root certs for server cert validation rather than CA root certs provided by the control plane when the validation context provided by the control plane specifies so.
---
 .../io/grpc/xds/EnvoyServerProtoData.java     |  10 +-
 .../java/io/grpc/xds/XdsClusterResource.java  |  11 +-
 .../ClientSslContextProviderFactory.java      |  18 +--
 .../security/CommonTlsContextUtil.java        |  13 +-
 .../CertProviderClientSslContextProvider.java |  19 +--
 ...oviderClientSslContextProviderFactory.java |  21 ++-
 .../CertProviderSslContextProvider.java       |   9 +-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |  93 +++++++++++-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   |   3 +-
 .../grpc/xds/XdsSecurityClientServerTest.java | 143 +++++++++++++++++-
 .../ClientSslContextProviderFactoryTest.java  |  18 ---
 .../security/CommonTlsContextTestsUtil.java   |  44 +++---
 ...tProviderClientSslContextProviderTest.java |  26 +++-
 13 files changed, 342 insertions(+), 86 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
index 978e6663cbe..4a6213277e7 100644
--- a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
+++ b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
@@ -16,6 +16,8 @@
 
 package io.grpc.xds;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 import com.google.auto.value.AutoValue;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
@@ -41,13 +43,13 @@ private EnvoyServerProtoData() {
   }
 
   public abstract static class BaseTlsContext {
-    @Nullable protected final CommonTlsContext commonTlsContext;
+    protected final CommonTlsContext commonTlsContext;
 
-    protected BaseTlsContext(@Nullable CommonTlsContext commonTlsContext) {
-      this.commonTlsContext = commonTlsContext;
+    protected BaseTlsContext(CommonTlsContext commonTlsContext) {
+      this.commonTlsContext = checkNotNull(commonTlsContext, "commonTlsContext cannot be null.");
     }
 
-    @Nullable public CommonTlsContext getCommonTlsContext() {
+    public CommonTlsContext getCommonTlsContext() {
       return commonTlsContext;
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index c6340156d49..c7789f3d7dd 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -39,6 +39,7 @@
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ServiceConfigUtil;
 import io.grpc.internal.ServiceConfigUtil.LbConfig;
 import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
@@ -46,6 +47,7 @@
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.client.XdsClient.ResourceUpdate;
 import io.grpc.xds.client.XdsResourceType;
+import io.grpc.xds.internal.security.CommonTlsContextUtil;
 import java.util.List;
 import java.util.Locale;
 import java.util.Set;
@@ -57,6 +59,9 @@ class XdsClusterResource extends XdsResourceType<CdsUpdate> {
       !Strings.isNullOrEmpty(System.getenv("GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST"))
           ? Boolean.parseBoolean(System.getenv("GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST"))
           : Boolean.parseBoolean(System.getProperty("io.grpc.xds.experimentalEnableLeastRequest"));
+  @VisibleForTesting
+  public static boolean enableSystemRootCerts =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS", false);
 
   @VisibleForTesting
   static final String AGGREGATE_CLUSTER_TYPE_NAME = "envoy.clusters.aggregate";
@@ -430,9 +435,11 @@ static void validateCommonTlsContext(
     }
     String rootCaInstanceName = getRootCertInstanceName(commonTlsContext);
     if (rootCaInstanceName == null) {
-      if (!server) {
+      if (!server && (!enableSystemRootCerts
+          || !CommonTlsContextUtil.isUsingSystemRootCerts(commonTlsContext))) {
         throw new ResourceInvalidException(
-            "ca_certificate_provider_instance is required in upstream-tls-context");
+            "ca_certificate_provider_instance or system_root_certs is required in "
+                + "upstream-tls-context");
       }
     } else {
       if (certProviderInstances == null || !certProviderInstances.contains(rootCaInstanceName)) {
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java
index 90202b4820a..37d289c1c47 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java
@@ -16,8 +16,6 @@
 
 package io.grpc.xds.internal.security;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory;
@@ -44,17 +42,9 @@ final class ClientSslContextProviderFactory
   /** Creates an SslContextProvider from the given UpstreamTlsContext. */
   @Override
   public SslContextProvider create(UpstreamTlsContext upstreamTlsContext) {
-    checkNotNull(upstreamTlsContext, "upstreamTlsContext");
-    checkNotNull(
-        upstreamTlsContext.getCommonTlsContext(),
-        "upstreamTlsContext should have CommonTlsContext");
-    if (CommonTlsContextUtil.hasCertProviderInstance(
-        upstreamTlsContext.getCommonTlsContext())) {
-      return certProviderClientSslContextProviderFactory.getProvider(
-          upstreamTlsContext,
-          bootstrapInfo.node().toEnvoyProtoNode(),
-          bootstrapInfo.certProviders());
-    }
-    throw new UnsupportedOperationException("Unsupported configurations in UpstreamTlsContext!");
+    return certProviderClientSslContextProviderFactory.getProvider(
+        upstreamTlsContext,
+        bootstrapInfo.node().toEnvoyProtoNode(),
+        bootstrapInfo.certProviders());
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java b/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
index d3003b4a792..e5a8c115361 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
@@ -25,7 +25,7 @@ public final class CommonTlsContextUtil {
 
   private CommonTlsContextUtil() {}
 
-  static boolean hasCertProviderInstance(CommonTlsContext commonTlsContext) {
+  public static boolean hasCertProviderInstance(CommonTlsContext commonTlsContext) {
     if (commonTlsContext == null) {
       return false;
     }
@@ -65,4 +65,15 @@ public static CommonTlsContext.CertificateProviderInstance convert(
         .setInstanceName(pluginInstance.getInstanceName())
         .setCertificateName(pluginInstance.getCertificateName()).build();
   }
+
+  public static boolean isUsingSystemRootCerts(CommonTlsContext commonTlsContext) {
+    if (commonTlsContext.hasCombinedValidationContext()) {
+      return commonTlsContext.getCombinedValidationContext().getDefaultValidationContext()
+          .hasSystemRootCerts();
+    }
+    if (commonTlsContext.hasValidationContext()) {
+      return commonTlsContext.getValidationContext().hasSystemRootCerts();
+    }
+    return false;
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
index d4080101c1a..8aa74b2b50f 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
@@ -16,8 +16,6 @@
 
 package io.grpc.xds.internal.security.certprovider;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 import io.envoyproxy.envoy.config.core.v3.Node;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
@@ -46,7 +44,7 @@ final class CertProviderClientSslContextProvider extends CertProviderSslContextP
         node,
         certProviders,
         certInstance,
-        checkNotNull(rootCertInstance, "Client SSL requires rootCertInstance"),
+        rootCertInstance,
         staticCertValidationContext,
         upstreamTlsContext,
         certificateProviderStore);
@@ -56,12 +54,15 @@ final class CertProviderClientSslContextProvider extends CertProviderSslContextP
   protected final SslContextBuilder getSslContextBuilder(
           CertificateValidationContext certificateValidationContextdationContext)
       throws CertStoreException {
-    SslContextBuilder sslContextBuilder =
-        GrpcSslContexts.forClient()
-            .trustManager(
-                new XdsTrustManagerFactory(
-                    savedTrustedRoots.toArray(new X509Certificate[0]),
-                    certificateValidationContextdationContext));
+    SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
+    // Null rootCertInstance implies hasSystemRootCerts because of the check in
+    // CertProviderClientSslContextProviderFactory.
+    if (rootCertInstance != null) {
+      sslContextBuilder.trustManager(
+          new XdsTrustManagerFactory(
+              savedTrustedRoots.toArray(new X509Certificate[0]),
+              certificateValidationContextdationContext));
+    }
     if (isMtls()) {
       sslContextBuilder.keyManager(savedKey, savedCertChain);
     }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java
index 21782741c2c..6205c1c3a63 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java
@@ -25,6 +25,7 @@
 import io.grpc.Internal;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.client.Bootstrapper.CertificateProviderInfo;
+import io.grpc.xds.internal.security.CommonTlsContextUtil;
 import io.grpc.xds.internal.security.SslContextProvider;
 import java.util.Map;
 import javax.annotation.Nullable;
@@ -64,13 +65,17 @@ public SslContextProvider getProvider(
         = CertProviderSslContextProvider.getRootCertProviderInstance(commonTlsContext);
     CommonTlsContext.CertificateProviderInstance certInstance
         = CertProviderSslContextProvider.getCertProviderInstance(commonTlsContext);
-    return new CertProviderClientSslContextProvider(
-        node,
-        certProviders,
-        certInstance,
-        rootCertInstance,
-        staticCertValidationContext,
-        upstreamTlsContext,
-        certificateProviderStore);
+    if (CommonTlsContextUtil.hasCertProviderInstance(upstreamTlsContext.getCommonTlsContext())
+        || CommonTlsContextUtil.isUsingSystemRootCerts(upstreamTlsContext.getCommonTlsContext())) {
+      return new CertProviderClientSslContextProvider(
+          node,
+          certProviders,
+          certInstance,
+          rootCertInstance,
+          staticCertValidationContext,
+          upstreamTlsContext,
+          certificateProviderStore);
+    }
+    throw new UnsupportedOperationException("Unsupported configurations in UpstreamTlsContext!");
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
index 6570c619913..b68f705fedb 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
@@ -37,10 +37,11 @@ abstract class CertProviderSslContextProvider extends DynamicSslContextProvider
   @Nullable private final CertificateProviderStore.Handle certHandle;
   @Nullable private final CertificateProviderStore.Handle rootCertHandle;
   @Nullable private final CertificateProviderInstance certInstance;
-  @Nullable private final CertificateProviderInstance rootCertInstance;
+  @Nullable protected final CertificateProviderInstance rootCertInstance;
   @Nullable protected PrivateKey savedKey;
   @Nullable protected List<X509Certificate> savedCertChain;
   @Nullable protected List<X509Certificate> savedTrustedRoots;
+  private final boolean isUsingSystemRootCerts;
 
   protected CertProviderSslContextProvider(
       Node node,
@@ -83,6 +84,8 @@ protected CertProviderSslContextProvider(
     } else {
       rootCertHandle = null;
     }
+    this.isUsingSystemRootCerts = rootCertInstance == null
+        && CommonTlsContextUtil.isUsingSystemRootCerts(tlsContext.getCommonTlsContext());
   }
 
   private static CertificateProviderInfo getCertProviderConfig(
@@ -151,7 +154,7 @@ public final void updateTrustedRoots(List<X509Certificate> trustedRoots) {
 
   private void updateSslContextWhenReady() {
     if (isMtls()) {
-      if (savedKey != null && savedTrustedRoots != null) {
+      if (savedKey != null && (savedTrustedRoots != null || isUsingSystemRootCerts)) {
         updateSslContext();
         clearKeysAndCerts();
       }
@@ -175,7 +178,7 @@ private void clearKeysAndCerts() {
   }
 
   protected final boolean isMtls() {
-    return certInstance != null && rootCertInstance != null;
+    return certInstance != null && (rootCertInstance != null || isUsingSystemRootCerts);
   }
 
   protected final boolean isClientSideTls() {
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 3c159ba7055..a23e7177c29 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -173,11 +173,13 @@ public class GrpcXdsClientImplDataTest {
   private final FilterRegistry filterRegistry = FilterRegistry.getDefaultRegistry();
   private boolean originalEnableRouteLookup;
   private boolean originalEnableLeastRequest;
+  private boolean originalEnableUseSystemRootCerts;
 
   @Before
   public void setUp() {
     originalEnableRouteLookup = XdsRouteConfigureResource.enableRouteLookup;
     originalEnableLeastRequest = XdsClusterResource.enableLeastRequest;
+    originalEnableUseSystemRootCerts = XdsClusterResource.enableSystemRootCerts;
     assertThat(originalEnableLeastRequest).isFalse();
   }
 
@@ -185,6 +187,7 @@ public void setUp() {
   public void tearDown() {
     XdsRouteConfigureResource.enableRouteLookup = originalEnableRouteLookup;
     XdsClusterResource.enableLeastRequest = originalEnableLeastRequest;
+    XdsClusterResource.enableSystemRootCerts = originalEnableUseSystemRootCerts;
   }
 
   @Test
@@ -2503,7 +2506,8 @@ public void validateCommonTlsContext_validationContext() throws ResourceInvalidE
             .setValidationContext(CertificateValidationContext.getDefaultInstance())
             .build();
     thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("ca_certificate_provider_instance is required in upstream-tls-context");
+    thrown.expectMessage("ca_certificate_provider_instance or system_root_certs is required "
+        + "in upstream-tls-context");
     XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
   }
 
@@ -2613,6 +2617,87 @@ public void validateCommonTlsContext_validationContextProviderInstance()
         .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("name1", "name2"), false);
   }
 
+  @Test
+  public void
+      validateCommonTlsContext_combinedValidationContextSystemRootCerts_envVarNotSet_throws() {
+    XdsClusterResource.enableSystemRootCerts = false;
+    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
+        .setCombinedValidationContext(
+            CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
+                .setDefaultValidationContext(
+                    CertificateValidationContext.newBuilder()
+                        .setSystemRootCerts(
+                            CertificateValidationContext.SystemRootCerts.newBuilder().build())
+                        .build()
+                )
+                .build())
+        .build();
+    try {
+      XdsClusterResource
+          .validateCommonTlsContext(commonTlsContext, ImmutableSet.of(), false);
+      fail("Expected exception");
+    } catch (ResourceInvalidException ex) {
+      assertThat(ex.getMessage()).isEqualTo(
+          "ca_certificate_provider_instance or system_root_certs is required in"
+              + " upstream-tls-context");
+    }
+  }
+
+  @Test
+  public void validateCommonTlsContext_combinedValidationContextSystemRootCerts()
+      throws ResourceInvalidException {
+    XdsClusterResource.enableSystemRootCerts = true;
+    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
+        .setCombinedValidationContext(
+            CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
+                .setDefaultValidationContext(
+                    CertificateValidationContext.newBuilder()
+                        .setSystemRootCerts(
+                            CertificateValidationContext.SystemRootCerts.newBuilder().build())
+                        .build()
+                )
+                .build())
+        .build();
+    XdsClusterResource
+        .validateCommonTlsContext(commonTlsContext, ImmutableSet.of(), false);
+  }
+
+  @Test
+  public void validateCommonTlsContext_validationContextSystemRootCerts_envVarNotSet_throws() {
+    XdsClusterResource.enableSystemRootCerts = false;
+    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
+        .setValidationContext(
+            CertificateValidationContext.newBuilder()
+                .setSystemRootCerts(
+                    CertificateValidationContext.SystemRootCerts.newBuilder().build())
+                .build())
+        .build();
+    try {
+      XdsClusterResource
+          .validateCommonTlsContext(commonTlsContext, ImmutableSet.of(), false);
+      fail("Expected exception");
+    } catch (ResourceInvalidException ex) {
+      assertThat(ex.getMessage()).isEqualTo(
+          "ca_certificate_provider_instance or system_root_certs is required in "
+              + "upstream-tls-context");
+    }
+  }
+
+  @Test
+  public void validateCommonTlsContext_validationContextSystemRootCerts()
+      throws ResourceInvalidException {
+    XdsClusterResource.enableSystemRootCerts = true;
+    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
+        .setValidationContext(
+            CertificateValidationContext.newBuilder()
+                .setSystemRootCerts(
+                    CertificateValidationContext.SystemRootCerts.newBuilder().build())
+                .build())
+        .build();
+    XdsClusterResource
+        .validateCommonTlsContext(commonTlsContext, ImmutableSet.of(), false);
+  }
+
   @Test
   @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_validationContextProviderInstance_absentInBootstrapFile()
@@ -2674,7 +2759,8 @@ public void validateCommonTlsContext_combinedValidationContext_isRequiredForClie
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .build();
     thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("ca_certificate_provider_instance is required in upstream-tls-context");
+    thrown.expectMessage("ca_certificate_provider_instance or system_root_certs is required "
+        + "in upstream-tls-context");
     XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
   }
 
@@ -2687,7 +2773,8 @@ public void validateCommonTlsContext_combinedValidationContextWithoutCertProvide
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage(
-        "ca_certificate_provider_instance is required in upstream-tls-context");
+        "ca_certificate_provider_instance or system_root_certs is required in "
+            + "upstream-tls-context");
     XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index a9fda599183..f516dc87e98 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -2217,7 +2217,8 @@ public void cdsResponseErrorHandling_badUpstreamTlsContext() {
     String errorMsg =  "CDS response Cluster 'cluster.googleapis.com' validation error: "
             + "Cluster cluster.googleapis.com: malformed UpstreamTlsContext: "
             + "io.grpc.xds.client.XdsResourceType$ResourceInvalidException: "
-            + "ca_certificate_provider_instance is required in upstream-tls-context";
+            + "ca_certificate_provider_instance or system_root_certs is required in "
+            + "upstream-tls-context";
     call.verifyRequestNack(CDS, CDS_RESOURCE, "", "0000", NODE, ImmutableList.of(errorMsg));
     verify(cdsResourceWatcher).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index c6b8e7515b2..f56a7c367bb 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -31,6 +31,7 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.SettableFuture;
+import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.Grpc;
@@ -67,10 +68,21 @@
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import io.grpc.xds.internal.security.TlsContextManagerImpl;
 import io.netty.handler.ssl.NotSslRecordException;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.net.Inet4Address;
 import java.net.InetSocketAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -104,7 +116,7 @@ public class XdsSecurityClientServerTest {
   private static final String OVERRIDE_AUTHORITY = "foo.test.google.fr";
 
   @After
-  public void tearDown() {
+  public void tearDown() throws IOException {
     if (fakeNameResolverFactory != null) {
       NameResolverRegistry.getDefaultRegistry().deregister(fakeNameResolverFactory);
     }
@@ -147,6 +159,99 @@ public void tlsClientServer_noClientAuthentication() throws Exception {
     assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
   }
 
+  /**
+   * Use system root ca cert for TLS channel - no mTLS.
+   * Uses common_tls_context.combined_validation_context in upstream_tls_context.
+   */
+  @Test
+  public void tlsClientServer_useSystemRootCerts_useCombinedValidationContext() throws Exception {
+    Path trustStoreFilePath = getCacertFilePathForTestCa();
+    try {
+      setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
+      DownstreamTlsContext downstreamTlsContext =
+          setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+      buildServerWithTlsContext(downstreamTlsContext);
+
+      UpstreamTlsContext upstreamTlsContext =
+          setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, true);
+
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+          getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+      assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
+    } finally {
+      Files.deleteIfExists(trustStoreFilePath);
+      clearTrustStoreSystemProperties();
+    }
+  }
+
+  /**
+   * Use system root ca cert for TLS channel - no mTLS.
+   * Uses common_tls_context.validation_context in upstream_tls_context.
+   */
+  @Test
+  public void tlsClientServer_useSystemRootCerts_validationContext() throws Exception {
+    Path trustStoreFilePath = getCacertFilePathForTestCa().toAbsolutePath();
+    try {
+      setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
+      DownstreamTlsContext downstreamTlsContext =
+          setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+      buildServerWithTlsContext(downstreamTlsContext);
+
+      UpstreamTlsContext upstreamTlsContext =
+          setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, false);
+
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+          getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+      assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
+    } finally {
+      Files.deleteIfExists(trustStoreFilePath.toAbsolutePath());
+      clearTrustStoreSystemProperties();
+    }
+  }
+
+  /**
+   * Use system root ca cert for TLS channel - mTLS.
+   * Uses common_tls_context.combined_validation_context in upstream_tls_context.
+   */
+  @Test
+  public void tlsClientServer_useSystemRootCerts_requireClientAuth() throws Exception {
+    Path trustStoreFilePath = getCacertFilePathForTestCa().toAbsolutePath();
+    try {
+      setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
+      DownstreamTlsContext downstreamTlsContext =
+          setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+      buildServerWithTlsContext(downstreamTlsContext);
+
+      UpstreamTlsContext upstreamTlsContext =
+          setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, true);
+
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+          getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+      assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
+    } finally {
+      Files.deleteIfExists(trustStoreFilePath.toAbsolutePath());
+      clearTrustStoreSystemProperties();
+    }
+  }
+
+  private Path getCacertFilePathForTestCa()
+      throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
+    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+    keystore.load(null, null);
+    InputStream caCertStream = getClass().getResource("/certs/ca.pem").openStream();
+    keystore.setCertificateEntry("testca", CertificateFactory.getInstance("X.509")
+        .generateCertificate(caCertStream));
+    caCertStream.close();
+    File trustStoreFile = File.createTempFile("testca-truststore", "jks");
+    FileOutputStream out = new FileOutputStream(trustStoreFile);
+    keystore.store(out, "changeit".toCharArray());
+    out.close();
+    return trustStoreFile.toPath();
+  }
+
   @Test
   public void requireClientAuth_noClientCert_expectException()
       throws Exception {
@@ -323,6 +428,30 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContext(String cli
         .buildUpstreamTlsContext("google_cloud_private_spiffe-client", hasIdentityCert);
   }
 
+  private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(
+      String clientKeyFile,
+      String clientPemFile,
+      boolean useCombinedValidationContext) {
+    bootstrapInfoForClient = CommonBootstrapperTestUtils
+        .buildBootstrapInfo("google_cloud_private_spiffe-client", clientKeyFile, clientPemFile,
+            CA_PEM_FILE, null, null, null, null);
+    if (useCombinedValidationContext) {
+      return CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(
+          "google_cloud_private_spiffe-client", "ROOT", null,
+          null, null,
+          CertificateValidationContext.newBuilder()
+              .setSystemRootCerts(
+                  CertificateValidationContext.SystemRootCerts.newBuilder().build())
+              .build());
+    }
+    return CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(
+        "google_cloud_private_spiffe-client", "ROOT", null,
+        null, null, CertificateValidationContext.newBuilder()
+            .setSystemRootCerts(
+                CertificateValidationContext.SystemRootCerts.newBuilder().build())
+            .build());
+  }
+
   private void buildServerWithTlsContext(DownstreamTlsContext downstreamTlsContext)
       throws Exception {
     buildServerWithTlsContext(downstreamTlsContext, InsecureServerCredentials.create());
@@ -450,6 +579,18 @@ public void run() {
     return settableFuture;
   }
 
+  private void setTrustStoreSystemProperties(String trustStoreFilePath) {
+    System.setProperty("javax.net.ssl.trustStore", trustStoreFilePath);
+    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+    System.setProperty("javax.net.ssl.trustStoreType", "JKS");
+  }
+
+  private void clearTrustStoreSystemProperties() {
+    System.clearProperty("javax.net.ssl.trustStore");
+    System.clearProperty("javax.net.ssl.trustStorePassword");
+    System.clearProperty("javax.net.ssl.trustStoreType");
+  }
+
   private static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase {
 
     @Override
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
index 4de881c710e..23e30883307 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
@@ -38,8 +38,6 @@
 import io.grpc.xds.internal.security.certprovider.CertificateProviderRegistry;
 import io.grpc.xds.internal.security.certprovider.CertificateProviderStore;
 import io.grpc.xds.internal.security.certprovider.TestCertificateProvider;
-import java.io.IOException;
-import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -285,22 +283,6 @@ public void createNewCertProviderClientSslContextProvider_onlyRootCert() {
     verifyWatcher(sslContextProvider, watcherCaptor[0]);
   }
 
-  @Test
-  public void createNullCommonTlsContext_exception() throws IOException {
-    clientSslContextProviderFactory =
-            new ClientSslContextProviderFactory(
-                    null, certProviderClientSslContextProviderFactory);
-    UpstreamTlsContext upstreamTlsContext = new UpstreamTlsContext(null);
-    try {
-      clientSslContextProviderFactory.create(upstreamTlsContext);
-      Assert.fail("no exception thrown");
-    } catch (NullPointerException expected) {
-      assertThat(expected)
-              .hasMessageThat()
-              .isEqualTo("upstreamTlsContext should have CommonTlsContext");
-    }
-  }
-
   static void createAndRegisterProviderProvider(
       CertificateProviderRegistry certificateProviderRegistry,
       final CertificateProvider.DistributorWatcher[] watcherCaptor,
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
index 8a04a3d02a7..db82a8682e0 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
@@ -250,22 +250,28 @@ private static CommonTlsContext.Builder addCertificateValidationContext(
       String rootInstanceName,
       String rootCertName,
       CertificateValidationContext staticCertValidationContext) {
+    CertificateProviderInstance providerInstance = null;
     if (rootInstanceName != null) {
-      CertificateProviderInstance providerInstance =
-          CertificateProviderInstance.newBuilder()
-              .setInstanceName(rootInstanceName)
-              .setCertificateName(rootCertName)
-              .build();
-      if (staticCertValidationContext != null) {
-        CombinedCertificateValidationContext combined =
-            CombinedCertificateValidationContext.newBuilder()
-                .setDefaultValidationContext(staticCertValidationContext)
-                .setValidationContextCertificateProviderInstance(providerInstance)
-                .build();
-        return builder.setCombinedValidationContext(combined);
-      }
+      providerInstance = CertificateProviderInstance.newBuilder()
+          .setInstanceName(rootInstanceName)
+          .setCertificateName(rootCertName)
+          .build();
+    }
+    if (providerInstance != null) {
       builder = builder.setValidationContextCertificateProviderInstance(providerInstance);
     }
+    CombinedCertificateValidationContext.Builder combined =
+        CombinedCertificateValidationContext.newBuilder();
+    if (providerInstance != null) {
+      combined = combined.setValidationContextCertificateProviderInstance(providerInstance);
+    }
+    if (staticCertValidationContext != null) {
+      combined = combined.setDefaultValidationContext(staticCertValidationContext);
+    }
+    if (combined.hasValidationContextCertificateProviderInstance()
+        || combined.hasDefaultValidationContext()) {
+      builder = builder.setCombinedValidationContext(combined.build());
+    }
     return builder;
   }
 
@@ -274,19 +280,19 @@ private static CommonTlsContext.Builder addNewCertificateValidationContext(
           String rootInstanceName,
           String rootCertName,
           CertificateValidationContext staticCertValidationContext) {
+    CertificateValidationContext.Builder validationContextBuilder =
+        staticCertValidationContext != null ? staticCertValidationContext.toBuilder()
+            : CertificateValidationContext.newBuilder();
     if (rootInstanceName != null) {
       CertificateProviderPluginInstance providerInstance =
           CertificateProviderPluginInstance.newBuilder()
               .setInstanceName(rootInstanceName)
               .setCertificateName(rootCertName)
               .build();
-      CertificateValidationContext.Builder validationContextBuilder =
-          staticCertValidationContext != null ? staticCertValidationContext.toBuilder()
-              : CertificateValidationContext.newBuilder();
-      return builder.setValidationContext(
-          validationContextBuilder.setCaCertificateProviderInstance(providerInstance));
+      validationContextBuilder = validationContextBuilder.setCaCertificateProviderInstance(
+          providerInstance);
     }
-    return builder;
+    return builder.setValidationContext(validationContextBuilder);
   }
 
   /** Helper method to build UpstreamTlsContext for CertProvider tests. */
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
index 5925c5f03b1..7c300c88297 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
@@ -338,7 +338,8 @@ public void testProviderForClient_sslContextException_onError() throws Exception
   }
 
   @Test
-  public void testProviderForClient_rootInstanceNull_expectError() throws Exception {
+  public void testProviderForClient_rootInstanceNull_and_notUsingSystemRootCerts_expectError()
+      throws Exception {
     final CertificateProvider.DistributorWatcher[] watcherCaptor =
         new CertificateProvider.DistributorWatcher[1];
     TestCertificateProvider.createAndRegisterProviderProvider(
@@ -351,11 +352,30 @@ public void testProviderForClient_rootInstanceNull_expectError() throws Exceptio
           /* alpnProtocols= */ null,
           /* staticCertValidationContext= */ null);
       fail("exception expected");
-    } catch (NullPointerException expected) {
-      assertThat(expected).hasMessageThat().contains("Client SSL requires rootCertInstance");
+    } catch (UnsupportedOperationException expected) {
+      assertThat(expected).hasMessageThat().contains("Unsupported configurations in "
+          + "UpstreamTlsContext!");
     }
   }
 
+  @Test
+  public void testProviderForClient_rootInstanceNull_but_isUsingSystemRootCerts_valid()
+      throws Exception {
+    final CertificateProvider.DistributorWatcher[] watcherCaptor =
+        new CertificateProvider.DistributorWatcher[1];
+    TestCertificateProvider.createAndRegisterProviderProvider(
+        certificateProviderRegistry, watcherCaptor, "testca", 0);
+    getSslContextProvider(
+        /* certInstanceName= */ null,
+        /* rootInstanceName= */ null,
+        CommonBootstrapperTestUtils.getTestBootstrapInfo(),
+        /* alpnProtocols= */ null,
+        CertificateValidationContext.newBuilder()
+            .setSystemRootCerts(
+                CertificateValidationContext.SystemRootCerts.newBuilder().build())
+            .build());
+  }
+
   static class QueuedExecutor implements Executor {
     /** A list of Runnables to be run in order. */
     @VisibleForTesting final Queue<Runnable> runQueue = new ConcurrentLinkedQueue<>();

From fe350cfd506b426107f413818974cb1d1f23d13c Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 25 Oct 2024 14:41:03 -0700
Subject: [PATCH 063/591] Update error codes doc for new "Safer Intent" rules.
 (#11639)

---
 .../android-binderchannel-status-codes.md     | 72 ++++++++++---------
 1 file changed, 40 insertions(+), 32 deletions(-)

diff --git a/documentation/android-binderchannel-status-codes.md b/documentation/android-binderchannel-status-codes.md
index 28bdd8907c1..fae4ef406af 100644
--- a/documentation/android-binderchannel-status-codes.md
+++ b/documentation/android-binderchannel-status-codes.md
@@ -27,9 +27,9 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
    <td><a href="https://developer.android.com/training/package-visibility">Server app not visible</a>.
    </td>
-   <td rowspan="6" >bindService() returns false
+   <td rowspan="7" >bindService() returns false
    </td>
-   <td rowspan="9" ><p>UNIMPLEMENTED<p>“The operation is not implemented or is not supported / enabled in this service.”
+   <td rowspan="10" ><p>UNIMPLEMENTED<p>“The operation is not implemented or is not supported / enabled in this service.”
    </td>
    <td>Give up - This is an error in the client manifest.
    </td>
@@ -37,7 +37,8 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
   <tr>
    <td>1
    </td>
-   <td>Server app not installed
+   <td>
+   <a href="https://developer.android.com/about/versions/15/behavior-changes-15#safer-intents">Safer Intents</a> violation.
    </td>
    <td rowspan="8" >Direct the user to install/reinstall the server app.
    </td>
@@ -45,37 +46,43 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
   <tr>
    <td>2
    </td>
-   <td>Old version of the server app doesn’t declare the target android.app.Service in its manifest.
+   <td>Server app not installed
    </td>
   </tr>
   <tr>
    <td>3
    </td>
-   <td>Target android.app.Service is disabled
+   <td>Old version of the server app doesn’t declare the target android.app.Service in its manifest.
    </td>
   </tr>
   <tr>
    <td>4
    </td>
-   <td>The whole server app is disabled
+   <td>Target android.app.Service is disabled
    </td>
   </tr>
   <tr>
    <td>5
    </td>
-   <td>Server app predates <a href="https://developer.android.com/guide/topics/permissions/overview">the Android M permissions model</a> and the user must review and approve some newly requested permissions before it can run.
+   <td>The whole server app is disabled
    </td>
   </tr>
   <tr>
    <td>6
    </td>
+   <td>Server app predates <a href="https://developer.android.com/guide/topics/permissions/overview">the Android M permissions model</a> and the user must review and approve some newly requested permissions before it can run.
+   </td>
+  </tr>
+  <tr>
+   <td>7
+   </td>
    <td>Target android.app.Service doesn’t recognize grpc binding Intent (old version of server app?)
    </td>
    <td>onNullBinding() ServiceConnection callback
    </td>
   </tr>
   <tr>
-   <td>7
+   <td>8
    </td>
    <td>Method not found on the io.grpc.Server (old version of server app?)
    </td>
@@ -83,13 +90,13 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>8
+   <td>9
    </td>
    <td>Request cardinality violation (old version of server app expects unary rather than streaming, say)
    </td>
   </tr>
   <tr>
-   <td>9
+   <td>10
    </td>
    <td>Old version of the server app exposes target android.app.Service but doesn’t android:export it.
    </td>
@@ -102,7 +109,7 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>10
+   <td>11
    </td>
    <td>Target android.app.Service requires an &lt;android:permission&gt; that client doesn’t hold. 
    </td>
@@ -110,7 +117,7 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>11
+   <td>12
    </td>
    <td>Violations of the security policy for miscellaneous Android features like android:isolatedProcess, android:externalService, android:singleUser, instant apps, BIND_TREAT_LIKE_ACTIVITY, etc, 
    </td>
@@ -118,7 +125,7 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>12
+   <td>13
    </td>
    <td>Calling Android UID not allowed by ServerSecurityPolicy 
    </td>
@@ -126,13 +133,13 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>13
+   <td>14
    </td>
    <td>Server Android UID not allowed by client’s SecurityPolicy
    </td>
   </tr>
   <tr>
-   <td rowspan="3" >14
+   <td rowspan="3" >15
    </td>
    <td rowspan="3" >Server process crashed or killed with request in flight.
    </td>
@@ -154,7 +161,7 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>15
+   <td>16
    </td>
    <td>Server app is currently being upgraded to a new version
    </td>
@@ -162,13 +169,13 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>16
+   <td>17
    </td>
    <td>The whole server app or the target android.app.Service was disabled
    </td>
   </tr>
   <tr>
-   <td>17
+   <td>18
    </td>
    <td>Binder transaction buffer overflow
    </td>
@@ -176,7 +183,7 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>18
+   <td>19
    </td>
    <td>Source Context for bindService() is destroyed with a request in flight
    </td>
@@ -188,11 +195,11 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
    <td rowspan="2" >Give up for now.
 <p>
-(Re. 18: The caller can try  again later when the user opens the source Activity or restarts the source Service) 
+(Re. 19: The caller can try again later when the user opens the source Activity or restarts the source Service) 
    </td>
   </tr>
   <tr>
-   <td>19
+   <td>20
    </td>
    <td>Client application cancelled the request
    </td>
@@ -200,7 +207,7 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td rowspan="2" >19
+   <td rowspan="2" >21
    </td>
    <td rowspan="2" >Bug in Android itself or the way the io.grpc.binder transport uses it.
    </td>
@@ -218,7 +225,7 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>20
+   <td>22
    </td>
    <td>Flow-control protocol violation
    </td>
@@ -226,7 +233,7 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>21
+   <td>23
    </td>
    <td>Can’t parse request/response proto
    </td>
@@ -236,27 +243,27 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
 
 ### Ambiguity
 
-We say a status code is ambiguous if it maps to two error cases that reasonable clients want to handle differently. For instance, a client may have good reasons to handle error cases 9 and 10 above differently. But they can’t do so based on status code alone because those error cases map to the same one. 
+We say a status code is ambiguous if it maps to two error cases that reasonable clients want to handle differently. For instance, a client may have good reasons to handle error cases 10 and 11 above differently. But they can’t do so based on status code alone because those error cases map to the same one. 
 
-In contrast, for example, even though error case 18 and 19 both map to the status code (`CANCELLED`), they are not ambiguous because we see no reason that clients would want to distinguish them. In both cases, clients will simply give up on the request.
+In contrast, for example, even though error case 19 and 20 both map to the status code (`CANCELLED`), they are not ambiguous because we see no reason that clients would want to distinguish them. In both cases, clients will simply give up on the request.
 
 
 #### Ambiguity of PERMISSION_DENIED and Mitigations
 
 The mapping above has only one apparently ambiguous status code: `PERMISSION_DENIED`. However, this isn’t so bad because of the following:
 
-The use of `<android:permission>`s for inter-app IPC access control (error case 10) is uncommon. Instead, we recommend that server apps only allow IPC from a limited set of client apps known in advance and identified by signature.
+The use of `<android:permission>`s for inter-app IPC access control (error case 11) is uncommon. Instead, we recommend that server apps only allow IPC from a limited set of client apps known in advance and identified by signature.
 
-However, there may be gRPC server apps that want to use custom &lt;android:permission&gt;’s to let the end user decide which arbitrary other apps can make use of its gRPC services. In that case, clients should preempt error case 10 simply by [checking whether they hold the required permissions](https://developer.android.com/training/permissions/requesting) before sending a request.
+However, there may be gRPC server apps that want to use custom &lt;android:permission&gt;’s to let the end user decide which arbitrary other apps can make use of its gRPC services. In that case, clients should preempt error case 11 simply by [checking whether they hold the required permissions](https://developer.android.com/training/permissions/requesting) before sending a request.
 
-Server apps can avoid error case 9 by never reusing an android.app.Service as a gRPC host if it has ever been android:exported=false in some previous app version. Instead they should simply create a new android.app.Service for this purpose.
+Server apps can avoid error case 10 by never reusing an android.app.Service as a gRPC host if it has ever been android:exported=false in some previous app version. Instead they should simply create a new android.app.Service for this purpose.
 
-Only error cases 11 - 13 remain, making `PERMISSION_DENIED` unambiguous for the purpose of error handling. Reasonable client apps can handle it in a generic way by displaying an error message and/or proceeding with degraded functionality.
+Only error cases 12 - 14 remain, making `PERMISSION_DENIED` unambiguous for the purpose of error handling. Reasonable client apps can handle it in a generic way by displaying an error message and/or proceeding with degraded functionality.
 
 
 #### Non-Ambiguity of UNIMPLEMENTED
 
-The `UNIMPLEMENTED` status code corresponds to quite a few different problems with the server app: It’s either not installed, too old, or disabled in whole or in part. Despite the diversity of underlying error cases, we believe most client apps will and should handle `UNIMPLEMENTED` in the same way: by sending the user to the app store to (re)install the server app. Reinstalling might be overkill for the disabled cases but most end users don't know what it means to enable/disable an app and there’s neither enough space in a UI dialog nor enough reader attention to explain it. Reinstalling is something users likely already understand and very likely to cure problems 1-8.
+The `UNIMPLEMENTED` status code corresponds to quite a few different problems with the server app: It’s either not installed, too old, misconfigured, or disabled in whole or in part. Despite the diversity of underlying error cases, we believe most client apps will and should handle `UNIMPLEMENTED` in the same way: by sending the user to the app store to (re)install the server app. Reinstalling might be overkill for the disabled cases but most end users don't know what it means to enable/disable an app and there’s neither enough space in a UI dialog nor enough reader attention to explain it. Reinstalling is something users likely already understand and likely to cure problems 0-9 (once a fixed version of the server is available).
 
 
 ## Detailed Discussion of Binder Failure Modes
@@ -326,6 +333,7 @@ According to a review of the AOSP source code, there are in fact several cases:
 2. The target package is installed but does not declare the target Service in its manifest.
 3. The target package requests dangerous permissions but targets sdk &lt;= M and therefore requires a permissions review, but the caller is not running in the foreground and so it would be inappropriate to launch the review UI.
 4. The target package is not visible to the client due to [Android 11 package visibility rules](https://developer.android.com/training/package-visibility).
+5. One of the new [Safer Intents](https://developer.android.com/about/versions/15/behavior-changes-15#safer-intents) rules is violated. Most commonly, the bind `Intent` specifies a `ComponentName` explicitly but doesn't match any of its &lt;intent-filter&gt;s. 
 
 Status code mapping: **UNIMPLEMENTED**
 
@@ -333,7 +341,7 @@ Status code mapping: **UNIMPLEMENTED**
 
 Unfortunately `UNIMPLEMENTED` doesn’t capture (3) but none of the other canonical status codes do either and we expect this case to be extremely rare.
 
-(4) is intentially indistinguishable from (1) by Android design so we can't handle it differently. However, as a client manifest error, it's not something reasonable apps would handle at runtime anyway.
+(4) and (5) are intentially indistinguishable from (1) by Android design so we can't handle them differently. However, as an error in its own manifest, (4) isn't something a reasonable client would handle at runtime anyway. (5) is an error in the server manifest and so, just like the other cases, the best practice for handling it is to send the user to the app store in the hope that the server can be updated with a fix.
 
 ### bindService() throws SecurityException
 

From 735b3f3fe6c6b9d8fc6019e8c89f81c065d9b0d6 Mon Sep 17 00:00:00 2001
From: Ran <ran-su@users.noreply.github.com>
Date: Mon, 28 Oct 2024 10:25:17 -0700
Subject: [PATCH 064/591] netty: add soft Metadata size limit enforcement.
 (#11603)

---
 .../io/grpc/netty/AbstractNettyHandler.java   |   9 +-
 .../io/grpc/netty/NettyChannelBuilder.java    | 130 +++++--
 .../io/grpc/netty/NettyClientHandler.java     |  48 ++-
 .../io/grpc/netty/NettyClientTransport.java   |  58 ++--
 .../main/java/io/grpc/netty/NettyServer.java  |  58 ++--
 .../io/grpc/netty/NettyServerBuilder.java     |  69 +++-
 .../io/grpc/netty/NettyServerHandler.java     |  37 +-
 .../io/grpc/netty/NettyServerTransport.java   |   4 +
 netty/src/main/java/io/grpc/netty/Utils.java  |  60 +++-
 .../io/grpc/netty/NettyClientHandlerTest.java |  33 ++
 .../grpc/netty/NettyClientTransportTest.java  | 137 ++++++--
 .../io/grpc/netty/NettyServerBuilderTest.java |  16 +
 .../io/grpc/netty/NettyServerHandlerTest.java |   2 +
 .../java/io/grpc/netty/NettyServerTest.java   | 325 ++++++++++--------
 14 files changed, 722 insertions(+), 264 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java b/netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java
index 7f088509c04..6743b4fd5f7 100644
--- a/netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java
+++ b/netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java
@@ -42,7 +42,8 @@ abstract class AbstractNettyHandler extends GrpcHttp2ConnectionHandler {
 
   private final int initialConnectionWindow;
   private final FlowControlPinger flowControlPing;
-
+  protected final int maxHeaderListSize;
+  protected final int softLimitHeaderListSize;
   private boolean autoTuneFlowControlOn;
   private ChannelHandlerContext ctx;
   private boolean initialWindowSent = false;
@@ -58,7 +59,9 @@ abstract class AbstractNettyHandler extends GrpcHttp2ConnectionHandler {
       ChannelLogger negotiationLogger,
       boolean autoFlowControl,
       PingLimiter pingLimiter,
-      Ticker ticker) {
+      Ticker ticker,
+      int maxHeaderListSize,
+      int softLimitHeaderListSize) {
     super(channelUnused, decoder, encoder, initialSettings, negotiationLogger);
 
     // During a graceful shutdown, wait until all streams are closed.
@@ -73,6 +76,8 @@ abstract class AbstractNettyHandler extends GrpcHttp2ConnectionHandler {
     }
     this.flowControlPing = new FlowControlPinger(pingLimiter);
     this.ticker = checkNotNull(ticker, "ticker");
+    this.maxHeaderListSize = maxHeaderListSize;
+    this.softLimitHeaderListSize = softLimitHeaderListSize;
   }
 
   @Override
diff --git a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
index d1d9810b485..fe226ec2ba9 100644
--- a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
@@ -104,6 +104,7 @@ public final class NettyChannelBuilder extends ForwardingChannelBuilder2<NettyCh
   private boolean autoFlowControl = DEFAULT_AUTO_FLOW_CONTROL;
   private int flowControlWindow = DEFAULT_FLOW_CONTROL_WINDOW;
   private int maxHeaderListSize = GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE;
+  private int softLimitHeaderListSize = GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE;
   private int maxInboundMessageSize = GrpcUtil.DEFAULT_MAX_MESSAGE_SIZE;
   private long keepAliveTimeNanos = KEEPALIVE_TIME_NANOS_DISABLED;
   private long keepAliveTimeoutNanos = DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
@@ -452,6 +453,40 @@ public NettyChannelBuilder maxHeaderListSize(int maxHeaderListSize) {
   public NettyChannelBuilder maxInboundMetadataSize(int bytes) {
     checkArgument(bytes > 0, "maxInboundMetadataSize must be > 0");
     this.maxHeaderListSize = bytes;
+    // Clear the soft limit setting, by setting soft limit to maxInboundMetadataSize. The
+    // maxInboundMetadataSize will take precedence be applied before soft limit check.
+    this.softLimitHeaderListSize = bytes;
+    return this;
+  }
+
+  /**
+   * Sets the size of metadata that clients are advised to not exceed. When a metadata with size
+   * larger than the soft limit is encountered there will be a probability the RPC will fail. The
+   * chance of failing increases as the metadata size approaches the hard limit.
+   * {@code Integer.MAX_VALUE} disables the enforcement. The default is implementation-dependent,
+   * but is not generally less than 8 KiB and may be unlimited.
+   *
+   * <p>This is cumulative size of the metadata. The precise calculation is
+   * implementation-dependent, but implementations are encouraged to follow the calculation used
+   * for
+   * <a href="http://httpwg.org/specs/rfc7540.html#rfc.section.6.5.2">HTTP/2's
+   * SETTINGS_MAX_HEADER_LIST_SIZE</a>. It sums the bytes from each entry's key and value, plus 32
+   * bytes of overhead per entry.
+   *
+   * @param soft the soft size limit of received metadata
+   * @param max the hard size limit of received metadata
+   * @return this
+   * @throws IllegalArgumentException if soft and/or max is non-positive, or max smaller than
+   *     soft
+   * @since 1.68.0
+   */
+  @CanIgnoreReturnValue
+  public NettyChannelBuilder maxInboundMetadataSize(int soft, int max) {
+    checkArgument(soft > 0, "softLimitHeaderListSize must be > 0");
+    checkArgument(max > soft,
+        "maxInboundMetadataSize must be greater than softLimitHeaderListSize");
+    this.softLimitHeaderListSize = soft;
+    this.maxHeaderListSize = max;
     return this;
   }
 
@@ -573,10 +608,22 @@ ClientTransportFactory buildTransportFactory() {
 
     ProtocolNegotiator negotiator = protocolNegotiatorFactory.newNegotiator();
     return new NettyTransportFactory(
-        negotiator, channelFactory, channelOptions,
-        eventLoopGroupPool, autoFlowControl, flowControlWindow, maxInboundMessageSize,
-        maxHeaderListSize, keepAliveTimeNanos, keepAliveTimeoutNanos, keepAliveWithoutCalls,
-        transportTracerFactory, localSocketPicker, useGetForSafeMethods, transportSocketType);
+        negotiator,
+        channelFactory,
+        channelOptions,
+        eventLoopGroupPool,
+        autoFlowControl,
+        flowControlWindow,
+        maxInboundMessageSize,
+        maxHeaderListSize,
+        softLimitHeaderListSize,
+        keepAliveTimeNanos,
+        keepAliveTimeoutNanos,
+        keepAliveWithoutCalls,
+        transportTracerFactory,
+        localSocketPicker,
+        useGetForSafeMethods,
+        transportSocketType);
   }
 
   @VisibleForTesting
@@ -710,6 +757,7 @@ private static final class NettyTransportFactory implements ClientTransportFacto
     private final int flowControlWindow;
     private final int maxMessageSize;
     private final int maxHeaderListSize;
+    private final int softLimitHeaderListSize;
     private final long keepAliveTimeNanos;
     private final AtomicBackoff keepAliveBackoff;
     private final long keepAliveTimeoutNanos;
@@ -724,11 +772,20 @@ private static final class NettyTransportFactory implements ClientTransportFacto
     NettyTransportFactory(
         ProtocolNegotiator protocolNegotiator,
         ChannelFactory<? extends Channel> channelFactory,
-        Map<ChannelOption<?>, ?> channelOptions, ObjectPool<? extends EventLoopGroup> groupPool,
-        boolean autoFlowControl, int flowControlWindow, int maxMessageSize, int maxHeaderListSize,
-        long keepAliveTimeNanos, long keepAliveTimeoutNanos, boolean keepAliveWithoutCalls,
-        TransportTracer.Factory transportTracerFactory, LocalSocketPicker localSocketPicker,
-        boolean useGetForSafeMethods, Class<? extends SocketAddress> transportSocketType) {
+        Map<ChannelOption<?>, ?> channelOptions,
+        ObjectPool<? extends EventLoopGroup> groupPool,
+        boolean autoFlowControl,
+        int flowControlWindow,
+        int maxMessageSize,
+        int maxHeaderListSize,
+        int softLimitHeaderListSize,
+        long keepAliveTimeNanos,
+        long keepAliveTimeoutNanos,
+        boolean keepAliveWithoutCalls,
+        TransportTracer.Factory transportTracerFactory,
+        LocalSocketPicker localSocketPicker,
+        boolean useGetForSafeMethods,
+        Class<? extends SocketAddress> transportSocketType) {
       this.protocolNegotiator = checkNotNull(protocolNegotiator, "protocolNegotiator");
       this.channelFactory = channelFactory;
       this.channelOptions = new HashMap<ChannelOption<?>, Object>(channelOptions);
@@ -738,6 +795,7 @@ private static final class NettyTransportFactory implements ClientTransportFacto
       this.flowControlWindow = flowControlWindow;
       this.maxMessageSize = maxMessageSize;
       this.maxHeaderListSize = maxHeaderListSize;
+      this.softLimitHeaderListSize = softLimitHeaderListSize;
       this.keepAliveTimeNanos = keepAliveTimeNanos;
       this.keepAliveBackoff = new AtomicBackoff("keepalive time nanos", keepAliveTimeNanos);
       this.keepAliveTimeoutNanos = keepAliveTimeoutNanos;
@@ -774,13 +832,30 @@ public void run() {
       };
 
       // TODO(carl-mastrangelo): Pass channelLogger in.
-      NettyClientTransport transport = new NettyClientTransport(
-          serverAddress, channelFactory, channelOptions, group,
-          localNegotiator, autoFlowControl, flowControlWindow,
-          maxMessageSize, maxHeaderListSize, keepAliveTimeNanosState.get(), keepAliveTimeoutNanos,
-          keepAliveWithoutCalls, options.getAuthority(), options.getUserAgent(),
-          tooManyPingsRunnable, transportTracerFactory.create(), options.getEagAttributes(),
-          localSocketPicker, channelLogger, useGetForSafeMethods, Ticker.systemTicker());
+      NettyClientTransport transport =
+          new NettyClientTransport(
+              serverAddress,
+              channelFactory,
+              channelOptions,
+              group,
+              localNegotiator,
+              autoFlowControl,
+              flowControlWindow,
+              maxMessageSize,
+              maxHeaderListSize,
+              softLimitHeaderListSize,
+              keepAliveTimeNanosState.get(),
+              keepAliveTimeoutNanos,
+              keepAliveWithoutCalls,
+              options.getAuthority(),
+              options.getUserAgent(),
+              tooManyPingsRunnable,
+              transportTracerFactory.create(),
+              options.getEagAttributes(),
+              localSocketPicker,
+              channelLogger,
+              useGetForSafeMethods,
+              Ticker.systemTicker());
       return transport;
     }
 
@@ -796,11 +871,24 @@ public SwapChannelCredentialsResult swapChannelCredentials(ChannelCredentials ch
       if (result.error != null) {
         return null;
       }
-      ClientTransportFactory factory = new NettyTransportFactory(
-          result.negotiator.newNegotiator(), channelFactory, channelOptions, groupPool,
-          autoFlowControl, flowControlWindow, maxMessageSize, maxHeaderListSize, keepAliveTimeNanos,
-          keepAliveTimeoutNanos, keepAliveWithoutCalls, transportTracerFactory,  localSocketPicker,
-          useGetForSafeMethods, transportSocketType);
+      ClientTransportFactory factory =
+          new NettyTransportFactory(
+              result.negotiator.newNegotiator(),
+              channelFactory,
+              channelOptions,
+              groupPool,
+              autoFlowControl,
+              flowControlWindow,
+              maxMessageSize,
+              maxHeaderListSize,
+              softLimitHeaderListSize,
+              keepAliveTimeNanos,
+              keepAliveTimeoutNanos,
+              keepAliveWithoutCalls,
+              transportTracerFactory,
+              localSocketPicker,
+              useGetForSafeMethods,
+              transportSocketType);
       return new SwapChannelCredentialsResult(factory, result.callCredentials);
     }
 
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
index eb4dbf8cc66..194decb1120 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -142,6 +142,7 @@ static NettyClientHandler newHandler(
       boolean autoFlowControl,
       int flowControlWindow,
       int maxHeaderListSize,
+      int softLimitHeaderListSize,
       Supplier<Stopwatch> stopwatchFactory,
       Runnable tooManyPingsRunnable,
       TransportTracer transportTracer,
@@ -171,6 +172,7 @@ static NettyClientHandler newHandler(
         autoFlowControl,
         flowControlWindow,
         maxHeaderListSize,
+        softLimitHeaderListSize,
         stopwatchFactory,
         tooManyPingsRunnable,
         transportTracer,
@@ -190,6 +192,7 @@ static NettyClientHandler newHandler(
       boolean autoFlowControl,
       int flowControlWindow,
       int maxHeaderListSize,
+      int softLimitHeaderListSize,
       Supplier<Stopwatch> stopwatchFactory,
       Runnable tooManyPingsRunnable,
       TransportTracer transportTracer,
@@ -202,6 +205,8 @@ static NettyClientHandler newHandler(
     Preconditions.checkNotNull(lifecycleManager, "lifecycleManager");
     Preconditions.checkArgument(flowControlWindow > 0, "flowControlWindow must be positive");
     Preconditions.checkArgument(maxHeaderListSize > 0, "maxHeaderListSize must be positive");
+    Preconditions.checkArgument(softLimitHeaderListSize > 0,
+        "softLimitHeaderListSize must be positive");
     Preconditions.checkNotNull(stopwatchFactory, "stopwatchFactory");
     Preconditions.checkNotNull(tooManyPingsRunnable, "tooManyPingsRunnable");
     Preconditions.checkNotNull(eagAttributes, "eagAttributes");
@@ -247,7 +252,9 @@ static NettyClientHandler newHandler(
         authority,
         autoFlowControl,
         pingCounter,
-        ticker);
+        ticker,
+        maxHeaderListSize,
+        softLimitHeaderListSize);
   }
 
   private NettyClientHandler(
@@ -264,9 +271,20 @@ private NettyClientHandler(
       String authority,
       boolean autoFlowControl,
       PingLimiter pingLimiter,
-      Ticker ticker) {
-    super(/* channelUnused= */ null, decoder, encoder, settings,
-        negotiationLogger, autoFlowControl, pingLimiter, ticker);
+      Ticker ticker,
+      int maxHeaderListSize,
+      int softLimitHeaderListSize) {
+    super(
+        /* channelUnused= */ null,
+        decoder,
+        encoder,
+        settings,
+        negotiationLogger,
+        autoFlowControl,
+        pingLimiter,
+        ticker,
+        maxHeaderListSize,
+        softLimitHeaderListSize);
     this.lifecycleManager = lifecycleManager;
     this.keepAliveManager = keepAliveManager;
     this.stopwatchFactory = stopwatchFactory;
@@ -380,6 +398,28 @@ private void onHeadersRead(int streamId, Http2Headers headers, boolean endStream
     if (streamId != Http2CodecUtil.HTTP_UPGRADE_STREAM_ID) {
       NettyClientStream.TransportState stream = clientStream(requireHttp2Stream(streamId));
       PerfMark.event("NettyClientHandler.onHeadersRead", stream.tag());
+      // check metadata size vs soft limit
+      int h2HeadersSize = Utils.getH2HeadersSize(headers);
+      boolean shouldFail =
+          Utils.shouldRejectOnMetadataSizeSoftLimitExceeded(
+              h2HeadersSize, softLimitHeaderListSize, maxHeaderListSize);
+      if (shouldFail && endStream) {
+        stream.transportReportStatus(Status.RESOURCE_EXHAUSTED
+            .withDescription(
+                String.format(
+                    "Server Status + Trailers of size %d exceeded Metadata size soft limit: %d",
+                    h2HeadersSize,
+                    softLimitHeaderListSize)), true, new Metadata());
+        return;
+      } else if (shouldFail) {
+        stream.transportReportStatus(Status.RESOURCE_EXHAUSTED
+            .withDescription(
+                String.format(
+                    "Server Headers of size %d exceeded Metadata size soft limit: %d",
+                    h2HeadersSize,
+                    softLimitHeaderListSize)), true, new Metadata());
+        return;
+      }
       stream.transportHeadersReceived(headers, endStream);
     }
 
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
index 426f3c0d583..54d1641a7ed 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
@@ -83,6 +83,7 @@ class NettyClientTransport implements ConnectionClientTransport {
   private final int flowControlWindow;
   private final int maxMessageSize;
   private final int maxHeaderListSize;
+  private final int softLimitHeaderListSize;
   private KeepAliveManager keepAliveManager;
   private final long keepAliveTimeNanos;
   private final long keepAliveTimeoutNanos;
@@ -106,15 +107,28 @@ class NettyClientTransport implements ConnectionClientTransport {
   private final Ticker ticker;
 
   NettyClientTransport(
-      SocketAddress address, ChannelFactory<? extends Channel> channelFactory,
-      Map<ChannelOption<?>, ?> channelOptions, EventLoopGroup group,
-      ProtocolNegotiator negotiator, boolean autoFlowControl, int flowControlWindow,
-      int maxMessageSize, int maxHeaderListSize,
-      long keepAliveTimeNanos, long keepAliveTimeoutNanos,
-      boolean keepAliveWithoutCalls, String authority, @Nullable String userAgent,
-      Runnable tooManyPingsRunnable, TransportTracer transportTracer, Attributes eagAttributes,
-      LocalSocketPicker localSocketPicker, ChannelLogger channelLogger,
-      boolean useGetForSafeMethods, Ticker ticker) {
+      SocketAddress address,
+      ChannelFactory<? extends Channel> channelFactory,
+      Map<ChannelOption<?>, ?> channelOptions,
+      EventLoopGroup group,
+      ProtocolNegotiator negotiator,
+      boolean autoFlowControl,
+      int flowControlWindow,
+      int maxMessageSize,
+      int maxHeaderListSize,
+      int softLimitHeaderListSize,
+      long keepAliveTimeNanos,
+      long keepAliveTimeoutNanos,
+      boolean keepAliveWithoutCalls,
+      String authority,
+      @Nullable String userAgent,
+      Runnable tooManyPingsRunnable,
+      TransportTracer transportTracer,
+      Attributes eagAttributes,
+      LocalSocketPicker localSocketPicker,
+      ChannelLogger channelLogger,
+      boolean useGetForSafeMethods,
+      Ticker ticker) {
 
     this.negotiator = Preconditions.checkNotNull(negotiator, "negotiator");
     this.negotiationScheme = this.negotiator.scheme();
@@ -126,6 +140,7 @@ class NettyClientTransport implements ConnectionClientTransport {
     this.flowControlWindow = flowControlWindow;
     this.maxMessageSize = maxMessageSize;
     this.maxHeaderListSize = maxHeaderListSize;
+    this.softLimitHeaderListSize = softLimitHeaderListSize;
     this.keepAliveTimeNanos = keepAliveTimeNanos;
     this.keepAliveTimeoutNanos = keepAliveTimeoutNanos;
     this.keepAliveWithoutCalls = keepAliveWithoutCalls;
@@ -220,18 +235,19 @@ public Runnable start(Listener transportListener) {
     }
 
     handler = NettyClientHandler.newHandler(
-        lifecycleManager,
-        keepAliveManager,
-        autoFlowControl,
-        flowControlWindow,
-        maxHeaderListSize,
-        GrpcUtil.STOPWATCH_SUPPLIER,
-        tooManyPingsRunnable,
-        transportTracer,
-        eagAttributes,
-        authorityString,
-        channelLogger,
-        ticker);
+            lifecycleManager,
+            keepAliveManager,
+            autoFlowControl,
+            flowControlWindow,
+            maxHeaderListSize,
+            softLimitHeaderListSize,
+            GrpcUtil.STOPWATCH_SUPPLIER,
+            tooManyPingsRunnable,
+            transportTracer,
+            eagAttributes,
+            authorityString,
+            channelLogger,
+            ticker);
 
     ChannelHandler negotiationHandler = negotiator.newHandler(handler);
 
diff --git a/netty/src/main/java/io/grpc/netty/NettyServer.java b/netty/src/main/java/io/grpc/netty/NettyServer.java
index 2960604e5b5..1cf67ea25ca 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServer.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServer.java
@@ -92,6 +92,7 @@ class NettyServer implements InternalServer, InternalWithLogId {
   private final int flowControlWindow;
   private final int maxMessageSize;
   private final int maxHeaderListSize;
+  private final int softLimitHeaderListSize;
   private final long keepAliveTimeInNanos;
   private final long keepAliveTimeoutInNanos;
   private final long maxConnectionIdleInNanos;
@@ -123,9 +124,14 @@ class NettyServer implements InternalServer, InternalWithLogId {
       ProtocolNegotiator protocolNegotiator,
       List<? extends ServerStreamTracer.Factory> streamTracerFactories,
       TransportTracer.Factory transportTracerFactory,
-      int maxStreamsPerConnection, boolean autoFlowControl, int flowControlWindow,
-      int maxMessageSize, int maxHeaderListSize,
-      long keepAliveTimeInNanos, long keepAliveTimeoutInNanos,
+      int maxStreamsPerConnection,
+      boolean autoFlowControl,
+      int flowControlWindow,
+      int maxMessageSize,
+      int maxHeaderListSize,
+      int softLimitHeaderListSize,
+      long keepAliveTimeInNanos,
+      long keepAliveTimeoutInNanos,
       long maxConnectionIdleInNanos,
       long maxConnectionAgeInNanos, long maxConnectionAgeGraceInNanos,
       boolean permitKeepAliveWithoutCalls, long permitKeepAliveTimeInNanos,
@@ -152,6 +158,7 @@ class NettyServer implements InternalServer, InternalWithLogId {
     this.flowControlWindow = flowControlWindow;
     this.maxMessageSize = maxMessageSize;
     this.maxHeaderListSize = maxHeaderListSize;
+    this.softLimitHeaderListSize = softLimitHeaderListSize;
     this.keepAliveTimeInNanos = keepAliveTimeInNanos;
     this.keepAliveTimeoutInNanos = keepAliveTimeoutInNanos;
     this.maxConnectionIdleInNanos = maxConnectionIdleInNanos;
@@ -243,28 +250,29 @@ public void initChannel(Channel ch) {
               (long) ((.9D + Math.random() * .2D) * maxConnectionAgeInNanos);
         }
 
-        NettyServerTransport transport =
-            new NettyServerTransport(
-                ch,
-                channelDone,
-                protocolNegotiator,
-                streamTracerFactories,
-                transportTracerFactory.create(),
-                maxStreamsPerConnection,
-                autoFlowControl,
-                flowControlWindow,
-                maxMessageSize,
-                maxHeaderListSize,
-                keepAliveTimeInNanos,
-                keepAliveTimeoutInNanos,
-                maxConnectionIdleInNanos,
-                maxConnectionAgeInNanos,
-                maxConnectionAgeGraceInNanos,
-                permitKeepAliveWithoutCalls,
-                permitKeepAliveTimeInNanos,
-                maxRstCount,
-                maxRstPeriodNanos,
-                eagAttributes);
+            NettyServerTransport transport =
+                new NettyServerTransport(
+                    ch,
+                    channelDone,
+                    protocolNegotiator,
+                    streamTracerFactories,
+                    transportTracerFactory.create(),
+                    maxStreamsPerConnection,
+                    autoFlowControl,
+                    flowControlWindow,
+                    maxMessageSize,
+                    maxHeaderListSize,
+                    softLimitHeaderListSize,
+                    keepAliveTimeInNanos,
+                    keepAliveTimeoutInNanos,
+                    maxConnectionIdleInNanos,
+                    maxConnectionAgeInNanos,
+                    maxConnectionAgeGraceInNanos,
+                    permitKeepAliveWithoutCalls,
+                    permitKeepAliveTimeInNanos,
+                    maxRstCount,
+                    maxRstPeriodNanos,
+                    eagAttributes);
         ServerTransportListener transportListener;
         // This is to order callbacks on the listener, not to guard access to channel.
         synchronized (NettyServer.this) {
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java
index 3b82b193f61..eb3a6d9b538 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java
@@ -105,6 +105,7 @@ public final class NettyServerBuilder extends ForwardingServerBuilder<NettyServe
   private int flowControlWindow = DEFAULT_FLOW_CONTROL_WINDOW;
   private int maxMessageSize = DEFAULT_MAX_MESSAGE_SIZE;
   private int maxHeaderListSize = GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE;
+  private int softLimitHeaderListSize = GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE;
   private long keepAliveTimeInNanos = DEFAULT_SERVER_KEEPALIVE_TIME_NANOS;
   private long keepAliveTimeoutInNanos = DEFAULT_SERVER_KEEPALIVE_TIMEOUT_NANOS;
   private long maxConnectionIdleInNanos = MAX_CONNECTION_IDLE_NANOS_DISABLED;
@@ -492,6 +493,39 @@ public NettyServerBuilder maxHeaderListSize(int maxHeaderListSize) {
   public NettyServerBuilder maxInboundMetadataSize(int bytes) {
     checkArgument(bytes > 0, "maxInboundMetadataSize must be positive: %s", bytes);
     this.maxHeaderListSize = bytes;
+    // Clear the soft limit setting, by setting soft limit to maxInboundMetadataSize. The
+    // maxInboundMetadataSize will take precedence over soft limit check.
+    this.softLimitHeaderListSize = bytes;
+    return this;
+  }
+
+  /**
+   * Sets the size of metadata that clients are advised to not exceed. When a metadata with size
+   * larger than the soft limit is encountered there will be a probability the RPC will fail. The
+   * chance of failing increases as the metadata size approaches the hard limit.
+   * {@code Integer.MAX_VALUE} disables the enforcement. The default is implementation-dependent,
+   * but is not generally less than 8 KiB and may be unlimited.
+   *
+   * <p>This is cumulative size of the metadata. The precise calculation is
+   * implementation-dependent, but implementations are encouraged to follow the calculation used
+   * for
+   * <a href="http://httpwg.org/specs/rfc7540.html#rfc.section.6.5.2">HTTP/2's
+   * SETTINGS_MAX_HEADER_LIST_SIZE</a>. It sums the bytes from each entry's key and value, plus 32
+   * bytes of overhead per entry.
+   *
+   * @param soft the soft size limit of received metadata
+   * @param max the hard size limit of received metadata
+   * @return this
+   * @throws IllegalArgumentException if soft and/or max is non-positive, or max smaller than soft
+   * @since 1.68.0
+   */
+  @CanIgnoreReturnValue
+  public NettyServerBuilder maxInboundMetadataSize(int soft, int max) {
+    checkArgument(soft > 0, "softLimitHeaderListSize must be positive: %s", soft);
+    checkArgument(max > soft,
+        "maxInboundMetadataSize: %s must be greater than softLimitHeaderListSize: %s", max, soft);
+    this.softLimitHeaderListSize = soft;
+    this.maxHeaderListSize = max;
     return this;
   }
 
@@ -677,14 +711,33 @@ NettyServer buildTransportServers(
         this.serverImplBuilder.getExecutorPool());
 
     return new NettyServer(
-        listenAddresses, channelFactory, channelOptions, childChannelOptions,
-        bossEventLoopGroupPool, workerEventLoopGroupPool, forceHeapBuffer, negotiator,
-        streamTracerFactories, transportTracerFactory, maxConcurrentCallsPerConnection,
-        autoFlowControl, flowControlWindow, maxMessageSize, maxHeaderListSize,
-        keepAliveTimeInNanos, keepAliveTimeoutInNanos,
-        maxConnectionIdleInNanos, maxConnectionAgeInNanos,
-        maxConnectionAgeGraceInNanos, permitKeepAliveWithoutCalls, permitKeepAliveTimeInNanos,
-        maxRstCount, maxRstPeriodNanos, eagAttributes, this.serverImplBuilder.getChannelz());
+        listenAddresses,
+        channelFactory,
+        channelOptions,
+        childChannelOptions,
+        bossEventLoopGroupPool,
+        workerEventLoopGroupPool,
+        forceHeapBuffer,
+        negotiator,
+        streamTracerFactories,
+        transportTracerFactory,
+        maxConcurrentCallsPerConnection,
+        autoFlowControl,
+        flowControlWindow,
+        maxMessageSize,
+        maxHeaderListSize,
+        softLimitHeaderListSize,
+        keepAliveTimeInNanos,
+        keepAliveTimeoutInNanos,
+        maxConnectionIdleInNanos,
+        maxConnectionAgeInNanos,
+        maxConnectionAgeGraceInNanos,
+        permitKeepAliveWithoutCalls,
+        permitKeepAliveTimeInNanos,
+        maxRstCount,
+        maxRstPeriodNanos,
+        eagAttributes,
+        this.serverImplBuilder.getChannelz());
   }
 
   @VisibleForTesting
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
index a6e855a199d..85a4886b766 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
@@ -152,7 +152,6 @@ class NettyServerHandler extends AbstractNettyHandler {
   private int rstCount;
   private long lastRstNanoTime;
 
-
   static NettyServerHandler newHandler(
       ServerTransportListener transportListener,
       ChannelPromise channelUnused,
@@ -162,6 +161,7 @@ static NettyServerHandler newHandler(
       boolean autoFlowControl,
       int flowControlWindow,
       int maxHeaderListSize,
+      int softLimitHeaderListSize,
       int maxMessageSize,
       long keepAliveTimeInNanos,
       long keepAliveTimeoutInNanos,
@@ -192,6 +192,7 @@ static NettyServerHandler newHandler(
         autoFlowControl,
         flowControlWindow,
         maxHeaderListSize,
+        softLimitHeaderListSize,
         maxMessageSize,
         keepAliveTimeInNanos,
         keepAliveTimeoutInNanos,
@@ -217,6 +218,7 @@ static NettyServerHandler newHandler(
       boolean autoFlowControl,
       int flowControlWindow,
       int maxHeaderListSize,
+      int softLimitHeaderListSize,
       int maxMessageSize,
       long keepAliveTimeInNanos,
       long keepAliveTimeoutInNanos,
@@ -234,6 +236,9 @@ static NettyServerHandler newHandler(
         flowControlWindow);
     Preconditions.checkArgument(maxHeaderListSize > 0, "maxHeaderListSize must be positive: %s",
         maxHeaderListSize);
+    Preconditions.checkArgument(
+        softLimitHeaderListSize > 0, "softLimitHeaderListSize must be positive: %s",
+        softLimitHeaderListSize);
     Preconditions.checkArgument(maxMessageSize > 0, "maxMessageSize must be positive: %s",
         maxMessageSize);
 
@@ -273,7 +278,10 @@ static NettyServerHandler newHandler(
         transportTracer,
         decoder, encoder, settings,
         maxMessageSize,
-        keepAliveTimeInNanos, keepAliveTimeoutInNanos,
+        maxHeaderListSize,
+        softLimitHeaderListSize,
+        keepAliveTimeInNanos,
+        keepAliveTimeoutInNanos,
         maxConnectionIdleInNanos,
         maxConnectionAgeInNanos, maxConnectionAgeGraceInNanos,
         keepAliveEnforcer,
@@ -293,6 +301,8 @@ private NettyServerHandler(
       Http2ConnectionEncoder encoder,
       Http2Settings settings,
       int maxMessageSize,
+      int maxHeaderListSize,
+      int softLimitHeaderListSize,
       long keepAliveTimeInNanos,
       long keepAliveTimeoutInNanos,
       long maxConnectionIdleInNanos,
@@ -304,8 +314,17 @@ private NettyServerHandler(
       long maxRstPeriodNanos,
       Attributes eagAttributes,
       Ticker ticker) {
-    super(channelUnused, decoder, encoder, settings, new ServerChannelLogger(),
-        autoFlowControl, null, ticker);
+    super(
+        channelUnused,
+        decoder,
+        encoder,
+        settings,
+        new ServerChannelLogger(),
+        autoFlowControl,
+        null,
+        ticker,
+        maxHeaderListSize,
+        softLimitHeaderListSize);
 
     final MaxConnectionIdleManager maxConnectionIdleManager;
     if (maxConnectionIdleInNanos == MAX_CONNECTION_IDLE_NANOS_DISABLED) {
@@ -470,6 +489,16 @@ private void onHeadersRead(ChannelHandlerContext ctx, int streamId, Http2Headers
         return;
       }
 
+      int h2HeadersSize = Utils.getH2HeadersSize(headers);
+      if (Utils.shouldRejectOnMetadataSizeSoftLimitExceeded(
+              h2HeadersSize, softLimitHeaderListSize, maxHeaderListSize)) {
+        respondWithHttpError(ctx, streamId, 431, Status.Code.RESOURCE_EXHAUSTED, String.format(
+                "Client Headers of size %d exceeded Metadata size soft limit: %d",
+                h2HeadersSize,
+                softLimitHeaderListSize));
+        return;
+      }
+
       if (!teWarningLogged && !TE_TRAILERS.contentEquals(headers.get(TE_HEADER))) {
         logger.warning(String.format("Expected header TE: %s, but %s is received. This means "
                 + "some intermediate proxy may not support trailers",
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerTransport.java b/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
index 9511927a09f..758ffeee5b1 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
@@ -70,6 +70,7 @@ class NettyServerTransport implements ServerTransport {
   private final int flowControlWindow;
   private final int maxMessageSize;
   private final int maxHeaderListSize;
+  private final int softLimitHeaderListSize;
   private final long keepAliveTimeInNanos;
   private final long keepAliveTimeoutInNanos;
   private final long maxConnectionIdleInNanos;
@@ -94,6 +95,7 @@ class NettyServerTransport implements ServerTransport {
       int flowControlWindow,
       int maxMessageSize,
       int maxHeaderListSize,
+      int softLimitHeaderListSize,
       long keepAliveTimeInNanos,
       long keepAliveTimeoutInNanos,
       long maxConnectionIdleInNanos,
@@ -115,6 +117,7 @@ class NettyServerTransport implements ServerTransport {
     this.flowControlWindow = flowControlWindow;
     this.maxMessageSize = maxMessageSize;
     this.maxHeaderListSize = maxHeaderListSize;
+    this.softLimitHeaderListSize = softLimitHeaderListSize;
     this.keepAliveTimeInNanos = keepAliveTimeInNanos;
     this.keepAliveTimeoutInNanos = keepAliveTimeoutInNanos;
     this.maxConnectionIdleInNanos = maxConnectionIdleInNanos;
@@ -275,6 +278,7 @@ private NettyServerHandler createHandler(
         autoFlowControl,
         flowControlWindow,
         maxHeaderListSize,
+        softLimitHeaderListSize,
         maxMessageSize,
         keepAliveTimeInNanos,
         keepAliveTimeoutInNanos,
diff --git a/netty/src/main/java/io/grpc/netty/Utils.java b/netty/src/main/java/io/grpc/netty/Utils.java
index 96f19aab5e3..ba405637af5 100644
--- a/netty/src/main/java/io/grpc/netty/Utils.java
+++ b/netty/src/main/java/io/grpc/netty/Utils.java
@@ -23,6 +23,7 @@
 import static io.netty.channel.ChannelOption.SO_LINGER;
 import static io.netty.channel.ChannelOption.SO_TIMEOUT;
 import static io.netty.util.CharsetUtil.UTF_8;
+import static java.nio.charset.StandardCharsets.US_ASCII;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
@@ -91,7 +92,9 @@ class Utils {
       = new DefaultEventLoopGroupResource(1, "grpc-nio-boss-ELG", EventLoopGroupType.NIO);
   public static final Resource<EventLoopGroup> NIO_WORKER_EVENT_LOOP_GROUP
       = new DefaultEventLoopGroupResource(0, "grpc-nio-worker-ELG", EventLoopGroupType.NIO);
-
+  private static final int HEADER_ENTRY_OVERHEAD = 32;
+  private static final byte[] binaryHeaderSuffixBytes =
+      Metadata.BINARY_HEADER_SUFFIX.getBytes(US_ASCII);
   public static final Resource<EventLoopGroup> DEFAULT_BOSS_EVENT_LOOP_GROUP;
   public static final Resource<EventLoopGroup> DEFAULT_WORKER_EVENT_LOOP_GROUP;
 
@@ -195,6 +198,61 @@ public static Metadata convertHeaders(Http2Headers http2Headers) {
     return InternalMetadata.newMetadata(convertHeadersToArray(http2Headers));
   }
 
+  public static int getH2HeadersSize(Http2Headers http2Headers) {
+    if (http2Headers instanceof GrpcHttp2InboundHeaders) {
+      GrpcHttp2InboundHeaders h = (GrpcHttp2InboundHeaders) http2Headers;
+      int size = 0;
+      for (int i = 0; i < h.numHeaders(); i++) {
+        size += h.namesAndValues()[2 * i].length;
+        size +=
+            maybeAddBinaryHeaderOverhead(h.namesAndValues()[2 * i], h.namesAndValues()[2 * i + 1]);
+        size += HEADER_ENTRY_OVERHEAD;
+      }
+      return size;
+    }
+
+    // the binary header is not decoded yet, no need to add overhead.
+    int size = 0;
+    for (Map.Entry<CharSequence, CharSequence> entry : http2Headers) {
+      size += entry.getKey().length();
+      size += entry.getValue().length();
+      size += HEADER_ENTRY_OVERHEAD;
+    }
+    return size;
+  }
+
+  private static int maybeAddBinaryHeaderOverhead(byte[] name, byte[] value) {
+    if (endsWith(name, binaryHeaderSuffixBytes)) {
+      return value.length * 4 / 3;
+    }
+    return value.length;
+  }
+
+  private static boolean endsWith(byte[] bytes, byte[] suffix) {
+    if (bytes == null || suffix == null || bytes.length < suffix.length) {
+      return false;
+    }
+
+    for (int i = 0; i < suffix.length; i++) {
+      if (bytes[bytes.length - suffix.length + i] != suffix[i]) {
+        return false;
+      }
+    }
+
+    return true;
+  }
+
+  public static boolean shouldRejectOnMetadataSizeSoftLimitExceeded(
+      int h2HeadersSize, int softLimitHeaderListSize, int maxHeaderListSize) {
+    if (h2HeadersSize < softLimitHeaderListSize) {
+      return false;
+    }
+    double failProbability =
+        (double) (h2HeadersSize - softLimitHeaderListSize) / (double) (maxHeaderListSize
+            - softLimitHeaderListSize);
+    return Math.random() < failProbability;
+  }
+
   @CheckReturnValue
   private static byte[][] convertHeadersToArray(Http2Headers http2Headers) {
     // The Netty AsciiString class is really just a wrapper around a byte[] and supports
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index 73988f773cb..6c5dd6b18bc 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -47,6 +47,7 @@
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 import com.google.common.base.Stopwatch;
+import com.google.common.base.Strings;
 import com.google.common.base.Supplier;
 import com.google.common.base.Ticker;
 import com.google.common.collect.ImmutableList;
@@ -122,6 +123,7 @@ public class NettyClientHandlerTest extends NettyHandlerTestBase<NettyClientHand
   private Http2Headers grpcHeaders;
   private long nanoTime; // backs a ticker, for testing ping round-trip time measurement
   private int maxHeaderListSize = Integer.MAX_VALUE;
+  private int softLimitHeaderListSize = Integer.MAX_VALUE;
   private int streamId = STREAM_ID;
   private ClientTransportLifecycleManager lifecycleManager;
   private KeepAliveManager mockKeepAliveManager = null;
@@ -217,6 +219,36 @@ public Void answer(InvocationOnMock invocation) throws Throwable {
     channelRead(serializedSettings);
   }
 
+  @Test
+  @SuppressWarnings("InlineMeInliner")
+  public void sendLargerThanSoftLimitHeaderMayFail() throws Exception {
+    maxHeaderListSize = 8000;
+    softLimitHeaderListSize = 2000;
+    manualSetUp();
+
+    createStream();
+    // total head size of 7999, soft limit = 2000 and max = 8000.
+    // This header has 5999/6000 chance to be rejected.
+    Http2Headers headers = new DefaultHttp2Headers()
+        .scheme(HTTPS)
+        .authority(as("www.fake.com"))
+        .path(as("/fakemethod"))
+        .method(HTTP_METHOD)
+        .add(as("auth"), as("sometoken"))
+        .add(CONTENT_TYPE_HEADER, CONTENT_TYPE_GRPC)
+        .add(TE_HEADER, TE_TRAILERS)
+        .add("large-field", Strings.repeat("a", 7620)); // String.repeat() requires Java 11
+
+    ByteBuf headersFrame = headersFrame(STREAM_ID, headers);
+    channelRead(headersFrame);
+    ArgumentCaptor<Status> statusArgumentCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(streamListener).closed(statusArgumentCaptor.capture(), eq(PROCESSED),
+        any(Metadata.class));
+    assertThat(statusArgumentCaptor.getValue().getCode()).isEqualTo(Status.Code.RESOURCE_EXHAUSTED);
+    assertThat(statusArgumentCaptor.getValue().getDescription()).contains(
+        "exceeded Metadata size soft limit");
+  }
+
   @Test
   public void cancelBufferedStreamShouldChangeClientStreamStatus() throws Exception {
     // Force the stream to be buffered.
@@ -946,6 +978,7 @@ public Stopwatch get() {
         false,
         flowControlWindow,
         maxHeaderListSize,
+        softLimitHeaderListSize,
         stopwatchSupplier,
         tooManyPingsRunnable,
         transportTracer,
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index 7cb269b7d62..b7a3ff13a59 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -205,12 +205,30 @@ public void setSoLingerChannelOption() throws IOException {
     // set SO_LINGER option
     int soLinger = 123;
     channelOptions.put(ChannelOption.SO_LINGER, soLinger);
-    NettyClientTransport transport = new NettyClientTransport(
-        address, new ReflectiveChannelFactory<>(NioSocketChannel.class), channelOptions, group,
-        newNegotiator(), false, DEFAULT_WINDOW_SIZE, DEFAULT_MAX_MESSAGE_SIZE,
-        GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE, KEEPALIVE_TIME_NANOS_DISABLED, 1L, false, authority,
-        null /* user agent */, tooManyPingsRunnable, new TransportTracer(), Attributes.EMPTY,
-        new SocketPicker(), new FakeChannelLogger(), false, Ticker.systemTicker());
+    NettyClientTransport transport =
+        new NettyClientTransport(
+            address,
+            new ReflectiveChannelFactory<>(NioSocketChannel.class),
+            channelOptions,
+            group,
+            newNegotiator(),
+            false,
+            DEFAULT_WINDOW_SIZE,
+            DEFAULT_MAX_MESSAGE_SIZE,
+            GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+            GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+            KEEPALIVE_TIME_NANOS_DISABLED,
+            1L,
+            false,
+            authority,
+            null /* user agent */,
+            tooManyPingsRunnable,
+            new TransportTracer(),
+            Attributes.EMPTY,
+            new SocketPicker(),
+            new FakeChannelLogger(),
+            false,
+            Ticker.systemTicker());
     transports.add(transport);
     callMeMaybe(transport.start(clientTransportListener));
 
@@ -454,13 +472,30 @@ private static class CantConstructChannelError extends Error {}
   public void failingToConstructChannelShouldFailGracefully() throws Exception {
     address = TestUtils.testServerAddress(new InetSocketAddress(12345));
     authority = GrpcUtil.authorityFromHostAndPort(address.getHostString(), address.getPort());
-    NettyClientTransport transport = new NettyClientTransport(
-        address, new ReflectiveChannelFactory<>(CantConstructChannel.class),
-        new HashMap<ChannelOption<?>, Object>(), group,
-        newNegotiator(), false, DEFAULT_WINDOW_SIZE, DEFAULT_MAX_MESSAGE_SIZE,
-        GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE, KEEPALIVE_TIME_NANOS_DISABLED, 1, false, authority,
-        null, tooManyPingsRunnable, new TransportTracer(), Attributes.EMPTY, new SocketPicker(),
-        new FakeChannelLogger(), false, Ticker.systemTicker());
+    NettyClientTransport transport =
+        new NettyClientTransport(
+            address,
+            new ReflectiveChannelFactory<>(CantConstructChannel.class),
+            new HashMap<ChannelOption<?>, Object>(),
+            group,
+            newNegotiator(),
+            false,
+            DEFAULT_WINDOW_SIZE,
+            DEFAULT_MAX_MESSAGE_SIZE,
+            GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+            GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+            KEEPALIVE_TIME_NANOS_DISABLED,
+            1,
+            false,
+            authority,
+            null,
+            tooManyPingsRunnable,
+            new TransportTracer(),
+            Attributes.EMPTY,
+            new SocketPicker(),
+            new FakeChannelLogger(),
+            false,
+            Ticker.systemTicker());
     transports.add(transport);
 
     // Should not throw
@@ -814,13 +849,30 @@ private NettyClientTransport newTransport(ProtocolNegotiator negotiator, int max
     if (!enableKeepAlive) {
       keepAliveTimeNano = KEEPALIVE_TIME_NANOS_DISABLED;
     }
-    NettyClientTransport transport = new NettyClientTransport(
-        address, channelFactory, new HashMap<ChannelOption<?>, Object>(), group,
-        negotiator, false, DEFAULT_WINDOW_SIZE, maxMsgSize, maxHeaderListSize,
-        keepAliveTimeNano, keepAliveTimeoutNano,
-        false, authority, userAgent, tooManyPingsRunnable,
-        new TransportTracer(), eagAttributes, new SocketPicker(), new FakeChannelLogger(), false,
-        Ticker.systemTicker());
+    NettyClientTransport transport =
+        new NettyClientTransport(
+            address,
+            channelFactory,
+            new HashMap<ChannelOption<?>, Object>(),
+            group,
+            negotiator,
+            false,
+            DEFAULT_WINDOW_SIZE,
+            maxMsgSize,
+            maxHeaderListSize,
+            maxHeaderListSize,
+            keepAliveTimeNano,
+            keepAliveTimeoutNano,
+            false,
+            authority,
+            userAgent,
+            tooManyPingsRunnable,
+            new TransportTracer(),
+            eagAttributes,
+            new SocketPicker(),
+            new FakeChannelLogger(),
+            false,
+            Ticker.systemTicker());
     transports.add(transport);
     return transport;
   }
@@ -830,22 +882,35 @@ private void startServer() throws IOException {
   }
 
   private void startServer(int maxStreamsPerConnection, int maxHeaderListSize) throws IOException {
-    server = new NettyServer(
-        TestUtils.testServerAddresses(new InetSocketAddress(0)),
-        new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
-        new HashMap<ChannelOption<?>, Object>(),
-        new HashMap<ChannelOption<?>, Object>(),
-        new FixedObjectPool<>(group), new FixedObjectPool<>(group), false, negotiator,
-        Collections.<ServerStreamTracer.Factory>emptyList(),
-        TransportTracer.getDefaultFactory(),
-        maxStreamsPerConnection,
-        false,
-        DEFAULT_WINDOW_SIZE, DEFAULT_MAX_MESSAGE_SIZE, maxHeaderListSize,
-        DEFAULT_SERVER_KEEPALIVE_TIME_NANOS, DEFAULT_SERVER_KEEPALIVE_TIMEOUT_NANOS,
-        MAX_CONNECTION_IDLE_NANOS_DISABLED,
-        MAX_CONNECTION_AGE_NANOS_DISABLED, MAX_CONNECTION_AGE_GRACE_NANOS_INFINITE, true, 0,
-        MAX_RST_COUNT_DISABLED, 0, Attributes.EMPTY,
-        channelz);
+    server =
+        new NettyServer(
+            TestUtils.testServerAddresses(new InetSocketAddress(0)),
+            new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
+            new HashMap<ChannelOption<?>, Object>(),
+            new HashMap<ChannelOption<?>, Object>(),
+            new FixedObjectPool<>(group),
+            new FixedObjectPool<>(group),
+            false,
+            negotiator,
+            Collections.<ServerStreamTracer.Factory>emptyList(),
+            TransportTracer.getDefaultFactory(),
+            maxStreamsPerConnection,
+            false,
+            DEFAULT_WINDOW_SIZE,
+            DEFAULT_MAX_MESSAGE_SIZE,
+            maxHeaderListSize,
+            maxHeaderListSize,
+            DEFAULT_SERVER_KEEPALIVE_TIME_NANOS,
+            DEFAULT_SERVER_KEEPALIVE_TIMEOUT_NANOS,
+            MAX_CONNECTION_IDLE_NANOS_DISABLED,
+            MAX_CONNECTION_AGE_NANOS_DISABLED,
+            MAX_CONNECTION_AGE_GRACE_NANOS_INFINITE,
+            true,
+            0,
+            MAX_RST_COUNT_DISABLED,
+            0,
+            Attributes.EMPTY,
+            channelz);
     server.start(serverListener);
     address = TestUtils.testServerAddress((InetSocketAddress) server.getListenSocketAddress());
     authority = GrpcUtil.authorityFromHostAndPort(address.getHostString(), address.getPort());
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java b/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
index 6d8192322aa..48af23b78a8 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
@@ -100,6 +100,22 @@ public void failIfMaxInboundMetadataSizeNonPositive() {
     builder.maxInboundMetadataSize(0);
   }
 
+  @Test
+  public void failIfSoftInboundMetadataSizeNonPositive() {
+    thrown.expect(IllegalArgumentException.class);
+    thrown.expectMessage("softLimitHeaderListSize must be positive");
+
+    builder.maxInboundMetadataSize(0, 100);
+  }
+
+  @Test
+  public void failIfMaxInboundMetadataSizeSmallerThanSoft() {
+    thrown.expect(IllegalArgumentException.class);
+    thrown.expectMessage("must be greater than softLimitHeaderListSize");
+
+    builder.maxInboundMetadataSize(100, 80);
+  }
+
   @Test
   public void failIfMaxConnectionIdleNegative() {
     thrown.expect(IllegalArgumentException.class);
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
index 541490847c0..308079ff62f 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
@@ -141,6 +141,7 @@ public class NettyServerHandlerTest extends NettyHandlerTestBase<NettyServerHand
 
   private int maxConcurrentStreams = Integer.MAX_VALUE;
   private int maxHeaderListSize = Integer.MAX_VALUE;
+  private int softLimitHeaderListSize = Integer.MAX_VALUE;
   private boolean permitKeepAliveWithoutCalls = true;
   private long permitKeepAliveTimeInNanos = 0;
   private long maxConnectionIdleInNanos = MAX_CONNECTION_IDLE_NANOS_DISABLED;
@@ -1363,6 +1364,7 @@ protected NettyServerHandler newHandler() {
         autoFlowControl,
         flowControlWindow,
         maxHeaderListSize,
+        softLimitHeaderListSize,
         DEFAULT_MAX_MESSAGE_SIZE,
         keepAliveTimeInNanos,
         keepAliveTimeoutInNanos,
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerTest.java
index 64d31070156..f9bda4c5af1 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerTest.java
@@ -133,29 +133,35 @@ class NoHandlerProtocolNegotiator implements ProtocolNegotiator {
     }
 
     NoHandlerProtocolNegotiator protocolNegotiator = new NoHandlerProtocolNegotiator();
-    NettyServer ns = new NettyServer(
-        Arrays.asList(addr),
-        new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
-        new HashMap<ChannelOption<?>, Object>(),
-        new HashMap<ChannelOption<?>, Object>(),
-        new FixedObjectPool<>(eventLoop),
-        new FixedObjectPool<>(eventLoop),
-        false,
-        protocolNegotiator,
-        Collections.<ServerStreamTracer.Factory>emptyList(),
-        TransportTracer.getDefaultFactory(),
-        1, // ignore
-        false, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, 1, // ignore
-        1, 1, // ignore
-        true, 0, // ignore
-        0, 0, // ignore
-        Attributes.EMPTY,
-        channelz);
+    NettyServer ns =
+        new NettyServer(
+            Arrays.asList(addr),
+            new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
+            new HashMap<ChannelOption<?>, Object>(),
+            new HashMap<ChannelOption<?>, Object>(),
+            new FixedObjectPool<>(eventLoop),
+            new FixedObjectPool<>(eventLoop),
+            false,
+            protocolNegotiator,
+            Collections.<ServerStreamTracer.Factory>emptyList(),
+            TransportTracer.getDefaultFactory(),
+            1, // ignore
+            false, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1,
+            1, // ignore
+            1,
+            1, // ignore
+            true,
+            0, // ignore
+            0,
+            0, // ignore
+            Attributes.EMPTY,
+            channelz);
     final SettableFuture<Void> serverShutdownCalled = SettableFuture.create();
     ns.start(new ServerListener() {
       @Override
@@ -184,29 +190,35 @@ public void multiPortStartStopGet() throws Exception {
     InetSocketAddress addr1 = new InetSocketAddress(0);
     InetSocketAddress addr2 = new InetSocketAddress(0);
 
-    NettyServer ns = new NettyServer(
-        Arrays.asList(addr1, addr2),
-        new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
-        new HashMap<ChannelOption<?>, Object>(),
-        new HashMap<ChannelOption<?>, Object>(),
-        new FixedObjectPool<>(eventLoop),
-        new FixedObjectPool<>(eventLoop),
-        false,
-        ProtocolNegotiators.plaintext(),
-        Collections.<ServerStreamTracer.Factory>emptyList(),
-        TransportTracer.getDefaultFactory(),
-        1, // ignore
-        false, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, 1, // ignore
-        1, 1, // ignore
-        true, 0, // ignore
-        0, 0, // ignore
-        Attributes.EMPTY,
-        channelz);
+    NettyServer ns =
+        new NettyServer(
+            Arrays.asList(addr1, addr2),
+            new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
+            new HashMap<ChannelOption<?>, Object>(),
+            new HashMap<ChannelOption<?>, Object>(),
+            new FixedObjectPool<>(eventLoop),
+            new FixedObjectPool<>(eventLoop),
+            false,
+            ProtocolNegotiators.plaintext(),
+            Collections.<ServerStreamTracer.Factory>emptyList(),
+            TransportTracer.getDefaultFactory(),
+            1, // ignore
+            false, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1,
+            1, // ignore
+            1,
+            1, // ignore
+            true,
+            0, // ignore
+            0,
+            0, // ignore
+            Attributes.EMPTY,
+            channelz);
     final SettableFuture<Void> shutdownCompleted = SettableFuture.create();
     ns.start(new ServerListener() {
       @Override
@@ -258,29 +270,35 @@ public void multiPortConnections() throws Exception {
     InetSocketAddress addr2 = new InetSocketAddress(0);
     final CountDownLatch allPortsConnectedCountDown = new CountDownLatch(2);
 
-    NettyServer ns = new NettyServer(
-        Arrays.asList(addr1, addr2),
-        new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
-        new HashMap<ChannelOption<?>, Object>(),
-        new HashMap<ChannelOption<?>, Object>(),
-        new FixedObjectPool<>(eventLoop),
-        new FixedObjectPool<>(eventLoop),
-        false,
-        ProtocolNegotiators.plaintext(),
-        Collections.<ServerStreamTracer.Factory>emptyList(),
-        TransportTracer.getDefaultFactory(),
-        1, // ignore
-        false, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, 1, // ignore
-        1, 1, // ignore
-        true, 0, // ignore
-        0, 0, // ignore
-        Attributes.EMPTY,
-        channelz);
+    NettyServer ns =
+        new NettyServer(
+            Arrays.asList(addr1, addr2),
+            new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
+            new HashMap<ChannelOption<?>, Object>(),
+            new HashMap<ChannelOption<?>, Object>(),
+            new FixedObjectPool<>(eventLoop),
+            new FixedObjectPool<>(eventLoop),
+            false,
+            ProtocolNegotiators.plaintext(),
+            Collections.<ServerStreamTracer.Factory>emptyList(),
+            TransportTracer.getDefaultFactory(),
+            1, // ignore
+            false, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1,
+            1, // ignore
+            1,
+            1, // ignore
+            true,
+            0, // ignore
+            0,
+            0, // ignore
+            Attributes.EMPTY,
+            channelz);
     final SettableFuture<Void> shutdownCompleted = SettableFuture.create();
     ns.start(new ServerListener() {
       @Override
@@ -320,29 +338,35 @@ public void run() {}
   public void getPort_notStarted() {
     InetSocketAddress addr = new InetSocketAddress(0);
     List<InetSocketAddress> addresses = Collections.singletonList(addr);
-    NettyServer ns = new NettyServer(
-        addresses,
-        new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
-        new HashMap<ChannelOption<?>, Object>(),
-        new HashMap<ChannelOption<?>, Object>(),
-        new FixedObjectPool<>(eventLoop),
-        new FixedObjectPool<>(eventLoop),
-        false,
-        ProtocolNegotiators.plaintext(),
-        Collections.<ServerStreamTracer.Factory>emptyList(),
-        TransportTracer.getDefaultFactory(),
-        1, // ignore
-        false, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, 1, // ignore
-        1, 1, // ignore
-        true, 0, // ignore
-        0, 0, // ignore
-        Attributes.EMPTY,
-        channelz);
+    NettyServer ns =
+        new NettyServer(
+            addresses,
+            new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
+            new HashMap<ChannelOption<?>, Object>(),
+            new HashMap<ChannelOption<?>, Object>(),
+            new FixedObjectPool<>(eventLoop),
+            new FixedObjectPool<>(eventLoop),
+            false,
+            ProtocolNegotiators.plaintext(),
+            Collections.<ServerStreamTracer.Factory>emptyList(),
+            TransportTracer.getDefaultFactory(),
+            1, // ignore
+            false, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1,
+            1, // ignore
+            1,
+            1, // ignore
+            true,
+            0, // ignore
+            0,
+            0, // ignore
+            Attributes.EMPTY,
+            channelz);
 
     assertThat(ns.getListenSocketAddress()).isEqualTo(addr);
     assertThat(ns.getListenSocketAddresses()).isEqualTo(addresses);
@@ -395,29 +419,35 @@ class TestProtocolNegotiator implements ProtocolNegotiator {
         .build();
     TestProtocolNegotiator protocolNegotiator = new TestProtocolNegotiator();
     InetSocketAddress addr = new InetSocketAddress(0);
-    NettyServer ns = new NettyServer(
-        Arrays.asList(addr),
-        new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
-        new HashMap<ChannelOption<?>, Object>(),
-        childChannelOptions,
-        new FixedObjectPool<>(eventLoop),
-        new FixedObjectPool<>(eventLoop),
-        false,
-        protocolNegotiator,
-        Collections.<ServerStreamTracer.Factory>emptyList(),
-        TransportTracer.getDefaultFactory(),
-        1, // ignore
-        false, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, 1, // ignore
-        1, 1, // ignore
-        true, 0, // ignore
-        0, 0, // ignore
-        eagAttributes,
-        channelz);
+    NettyServer ns =
+        new NettyServer(
+            Arrays.asList(addr),
+            new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
+            new HashMap<ChannelOption<?>, Object>(),
+            childChannelOptions,
+            new FixedObjectPool<>(eventLoop),
+            new FixedObjectPool<>(eventLoop),
+            false,
+            protocolNegotiator,
+            Collections.<ServerStreamTracer.Factory>emptyList(),
+            TransportTracer.getDefaultFactory(),
+            1, // ignore
+            false, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1,
+            1, // ignore
+            1,
+            1, // ignore
+            true,
+            0, // ignore
+            0,
+            0, // ignore
+            eagAttributes,
+            channelz);
     ns.start(new ServerListener() {
       @Override
       public ServerTransportListener transportCreated(ServerTransport transport) {
@@ -443,29 +473,35 @@ public void serverShutdown() {}
   @Test
   public void channelzListenSocket() throws Exception {
     InetSocketAddress addr = new InetSocketAddress(0);
-    NettyServer ns = new NettyServer(
-        Arrays.asList(addr),
-        new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
-        new HashMap<ChannelOption<?>, Object>(),
-        new HashMap<ChannelOption<?>, Object>(),
-        new FixedObjectPool<>(eventLoop),
-        new FixedObjectPool<>(eventLoop),
-        false,
-        ProtocolNegotiators.plaintext(),
-        Collections.<ServerStreamTracer.Factory>emptyList(),
-        TransportTracer.getDefaultFactory(),
-        1, // ignore
-        false, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, // ignore
-        1, 1, // ignore
-        1, 1, // ignore
-        true, 0, // ignore
-        0, 0, // ignore
-        Attributes.EMPTY,
-        channelz);
+    NettyServer ns =
+        new NettyServer(
+            Arrays.asList(addr),
+            new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
+            new HashMap<ChannelOption<?>, Object>(),
+            new HashMap<ChannelOption<?>, Object>(),
+            new FixedObjectPool<>(eventLoop),
+            new FixedObjectPool<>(eventLoop),
+            false,
+            ProtocolNegotiators.plaintext(),
+            Collections.<ServerStreamTracer.Factory>emptyList(),
+            TransportTracer.getDefaultFactory(),
+            1, // ignore
+            false, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1, // ignore
+            1,
+            1, // ignore
+            1,
+            1, // ignore
+            true,
+            0, // ignore
+            0,
+            0, // ignore
+            Attributes.EMPTY,
+            channelz);
     final SettableFuture<Void> shutdownCompleted = SettableFuture.create();
     ns.start(new ServerListener() {
       @Override
@@ -603,10 +639,15 @@ private NettyServer getServer(List<SocketAddress> addr, EventLoopGroup ev) {
         1, // ignore
         1, // ignore
         1, // ignore
-        1, 1, // ignore
-        1, 1, // ignore
-        true, 0, // ignore
-        0, 0, // ignore
+        1, // ignore
+        1,
+        1, // ignore
+        1,
+        1, // ignore
+        true,
+        0, // ignore
+        0,
+        0, // ignore
         Attributes.EMPTY,
         channelz);
   }

From 9176b55286c478cc522ec7349311f29fa73d7c18 Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Tue, 29 Oct 2024 10:19:47 +0530
Subject: [PATCH 065/591] core: Make timestamp usage in Channelz use nanos from
 Java.time.Instant when available (#11604)

When java.time.Instant is available use the timestamp from this class in nano precision rather than using System.currentTimeInMillis and converting it to nanos.

Fixes #5494.
---
 .../grpc/internal/ConcurrentTimeProvider.java | 32 +++++++++++
 .../io/grpc/internal/InstantTimeProvider.java | 54 +++++++++++++++++++
 .../java/io/grpc/internal/TimeProvider.java   |  9 +---
 .../internal/TimeProviderResolverFactory.java | 32 +++++++++++
 .../internal/ConcurrentTimeProviderTest.java  | 48 +++++++++++++++++
 .../internal/InstantTimeProviderTest.java     | 50 +++++++++++++++++
 6 files changed, 217 insertions(+), 8 deletions(-)
 create mode 100644 core/src/main/java/io/grpc/internal/ConcurrentTimeProvider.java
 create mode 100644 core/src/main/java/io/grpc/internal/InstantTimeProvider.java
 create mode 100644 core/src/main/java/io/grpc/internal/TimeProviderResolverFactory.java
 create mode 100644 core/src/test/java/io/grpc/internal/ConcurrentTimeProviderTest.java
 create mode 100644 core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java

diff --git a/core/src/main/java/io/grpc/internal/ConcurrentTimeProvider.java b/core/src/main/java/io/grpc/internal/ConcurrentTimeProvider.java
new file mode 100644
index 00000000000..c82a68222b4
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/ConcurrentTimeProvider.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import java.util.concurrent.TimeUnit;
+
+/**
+ * {@link ConcurrentTimeProvider} resolves ConcurrentTimeProvider which implements
+ * {@link TimeProvider}.
+ */
+
+final class ConcurrentTimeProvider implements TimeProvider {
+
+  @Override
+  public long currentTimeNanos() {
+    return TimeUnit.MILLISECONDS.toNanos(System.currentTimeMillis());
+  }
+}
diff --git a/core/src/main/java/io/grpc/internal/InstantTimeProvider.java b/core/src/main/java/io/grpc/internal/InstantTimeProvider.java
new file mode 100644
index 00000000000..38c840d2594
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/InstantTimeProvider.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static com.google.common.math.LongMath.saturatedAdd;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * {@link InstantTimeProvider} resolves InstantTimeProvider which implements {@link TimeProvider}.
+ */
+final class InstantTimeProvider implements TimeProvider {
+  private Method now;
+  private Method getNano;
+  private Method getEpochSecond;
+
+  public InstantTimeProvider(Class<?> instantClass) {
+    try {
+      this.now = instantClass.getMethod("now");
+      this.getNano = instantClass.getMethod("getNano");
+      this.getEpochSecond = instantClass.getMethod("getEpochSecond");
+    } catch (NoSuchMethodException ex) {
+      throw new AssertionError(ex);
+    }
+  }
+
+  @Override
+  public long currentTimeNanos() {
+    try {
+      Object instant = now.invoke(null);
+      int nanos = (int) getNano.invoke(instant);
+      long epochSeconds = (long) getEpochSecond.invoke(instant);
+      return saturatedAdd(TimeUnit.SECONDS.toNanos(epochSeconds), nanos);
+    } catch (IllegalAccessException | InvocationTargetException ex) {
+      throw new RuntimeException(ex);
+    }
+  }
+}
diff --git a/core/src/main/java/io/grpc/internal/TimeProvider.java b/core/src/main/java/io/grpc/internal/TimeProvider.java
index b0ea147ada1..3bd052ab3e0 100644
--- a/core/src/main/java/io/grpc/internal/TimeProvider.java
+++ b/core/src/main/java/io/grpc/internal/TimeProvider.java
@@ -16,8 +16,6 @@
 
 package io.grpc.internal;
 
-import java.util.concurrent.TimeUnit;
-
 /**
  * Time source representing the current system time in nanos. Used to inject a fake clock
  * into unit tests.
@@ -26,10 +24,5 @@ public interface TimeProvider {
   /** Returns the current nano time. */
   long currentTimeNanos();
 
-  TimeProvider SYSTEM_TIME_PROVIDER = new TimeProvider() {
-    @Override
-    public long currentTimeNanos() {
-      return TimeUnit.MILLISECONDS.toNanos(System.currentTimeMillis());
-    }
-  };
+  TimeProvider SYSTEM_TIME_PROVIDER = TimeProviderResolverFactory.resolveTimeProvider();
 }
diff --git a/core/src/main/java/io/grpc/internal/TimeProviderResolverFactory.java b/core/src/main/java/io/grpc/internal/TimeProviderResolverFactory.java
new file mode 100644
index 00000000000..d88d9bb9eb5
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/TimeProviderResolverFactory.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+/**
+ * {@link TimeProviderResolverFactory} resolves Time providers.
+ */
+
+final class TimeProviderResolverFactory {
+  static TimeProvider resolveTimeProvider() {
+    try {
+      Class<?> instantClass = Class.forName("java.time.Instant");
+      return new InstantTimeProvider(instantClass);
+    } catch (ClassNotFoundException ex) {
+      return new ConcurrentTimeProvider();
+    }
+  }
+}
diff --git a/core/src/test/java/io/grpc/internal/ConcurrentTimeProviderTest.java b/core/src/test/java/io/grpc/internal/ConcurrentTimeProviderTest.java
new file mode 100644
index 00000000000..a02cb6a6e42
--- /dev/null
+++ b/core/src/test/java/io/grpc/internal/ConcurrentTimeProviderTest.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import java.time.Instant;
+import java.util.concurrent.TimeUnit;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Unit tests for {@link ConcurrentTimeProvider}.
+ */
+@RunWith(JUnit4.class)
+public class ConcurrentTimeProviderTest {
+  @Test
+  public void testConcurrentCurrentTimeNanos() {
+
+    ConcurrentTimeProvider concurrentTimeProvider = new ConcurrentTimeProvider();
+    // Get the current time from the ConcurrentTimeProvider
+    long actualTimeNanos = concurrentTimeProvider.currentTimeNanos();
+
+    // Get the current time from Instant for comparison
+    Instant instantNow = Instant.now();
+    long expectedTimeNanos = TimeUnit.SECONDS.toNanos(instantNow.getEpochSecond())
+        + instantNow.getNano();
+
+    // Validate the time returned is close to the expected value within a tolerance
+    // (i,e 10 millisecond tolerance in nanoseconds).
+    assertThat(actualTimeNanos).isWithin(10_000_000L).of(expectedTimeNanos);
+  }
+}
diff --git a/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java b/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
new file mode 100644
index 00000000000..ef97d374b10
--- /dev/null
+++ b/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import java.time.Instant;
+import java.util.concurrent.TimeUnit;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Unit tests for {@link InstantTimeProvider}.
+ */
+@RunWith(JUnit4.class)
+public class InstantTimeProviderTest {
+  @Test
+  public void testInstantCurrentTimeNanos() throws Exception {
+
+    InstantTimeProvider instantTimeProvider = new InstantTimeProvider(
+        Class.forName("java.time.Instant"));
+
+    // Get the current time from the InstantTimeProvider
+    long actualTimeNanos = instantTimeProvider.currentTimeNanos();
+
+    // Get the current time from Instant for comparison
+    Instant instantNow = Instant.now();
+    long expectedTimeNanos = TimeUnit.SECONDS.toNanos(instantNow.getEpochSecond())
+          + instantNow.getNano();
+
+    // Validate the time returned is close to the expected value within a tolerance
+    // (i,e 10 millisecond tolerance in nanoseconds).
+    assertThat(actualTimeNanos).isWithin(10_000_000L).of(expectedTimeNanos);
+  }
+}

From a431e3664be54a40dca12d62f81d22656f8d2057 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 28 Oct 2024 14:56:46 -0700
Subject: [PATCH 066/591] binder: Remove unnecessary uses of LooperMode(PAUSED)

PAUSED Looper mode has been the default for many years, maybe around
robolectric 4.5 (9ae9f0b6a6). Explicitly specifying PAUSED Looper mode
is not necessary.

cl/690684542
---
 .../io/grpc/binder/internal/BinderServerTransportTest.java     | 3 ---
 .../test/java/io/grpc/binder/internal/ServiceBindingTest.java  | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
index e56d860c091..d3c13d6c89e 100644
--- a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
@@ -23,7 +23,6 @@
 import static org.mockito.ArgumentMatchers.isNull;
 import static org.mockito.Mockito.when;
 import static org.robolectric.Shadows.shadowOf;
-import static org.robolectric.annotation.LooperMode.Mode.PAUSED;
 
 import android.os.IBinder;
 import android.os.Looper;
@@ -44,14 +43,12 @@
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
 import org.robolectric.RobolectricTestRunner;
-import org.robolectric.annotation.LooperMode;
 
 /**
  * Low-level server-side transport tests for binder channel. Like BinderChannelSmokeTest, this
  * convers edge cases not exercised by AbstractTransportTest, but it deals with the
  * binderTransport.BinderServerTransport directly.
  */
-@LooperMode(PAUSED)
 @RunWith(RobolectricTestRunner.class)
 public final class BinderServerTransportTest {
 
diff --git a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
index b44692f560d..b0ad35e6806 100644
--- a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
@@ -21,7 +21,6 @@
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.fail;
 import static org.robolectric.Shadows.shadowOf;
-import static org.robolectric.annotation.LooperMode.Mode.PAUSED;
 
 import android.app.Application;
 import android.app.admin.DevicePolicyManager;
@@ -48,11 +47,9 @@
 import org.mockito.junit.MockitoRule;
 import org.robolectric.RobolectricTestRunner;
 import org.robolectric.annotation.Config;
-import org.robolectric.annotation.LooperMode;
 import org.robolectric.shadows.ShadowApplication;
 import org.robolectric.shadows.ShadowDevicePolicyManager;
 
-@LooperMode(PAUSED)
 @RunWith(RobolectricTestRunner.class)
 public final class ServiceBindingTest {
 

From 1612536f866645e000ea2d5825eb4560bc1a08c7 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 28 Oct 2024 16:11:16 -0700
Subject: [PATCH 067/591] Update README etc to reference 1.68.1

---
 README.md | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index f56aebfb3ac..97b2bd6d5f9 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.67.1/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.67.1/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.68.1/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.68.1/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.67.1</version>
+  <version>1.68.1</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.67.1</version>
+  <version>1.68.1</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.67.1</version>
+  <version>1.68.1</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.67.1'
-implementation 'io.grpc:grpc-protobuf:1.67.1'
-implementation 'io.grpc:grpc-stub:1.67.1'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.68.1'
+implementation 'io.grpc:grpc-protobuf:1.68.1'
+implementation 'io.grpc:grpc-stub:1.68.1'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.67.1'
-implementation 'io.grpc:grpc-protobuf-lite:1.67.1'
-implementation 'io.grpc:grpc-stub:1.67.1'
+implementation 'io.grpc:grpc-okhttp:1.68.1'
+implementation 'io.grpc:grpc-protobuf-lite:1.68.1'
+implementation 'io.grpc:grpc-stub:1.68.1'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.67.1
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.68.1
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://oss.sonatype.org/content/repositories/snapshots/).
@@ -129,9 +129,9 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <artifactId>protobuf-maven-plugin</artifactId>
       <version>0.6.1</version>
       <configuration>
-        <protocArtifact>com.google.protobuf:protoc:3.25.3:exe:${os.detected.classifier}</protocArtifact>
+        <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.67.1:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.68.1:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -157,11 +157,11 @@ plugins {
 
 protobuf {
   protoc {
-    artifact = "com.google.protobuf:protoc:3.25.3"
+    artifact = "com.google.protobuf:protoc:3.25.5"
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.67.1'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.68.1'
     }
   }
   generateProtoTasks {
@@ -190,11 +190,11 @@ plugins {
 
 protobuf {
   protoc {
-    artifact = "com.google.protobuf:protoc:3.25.3"
+    artifact = "com.google.protobuf:protoc:3.25.5"
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.67.1'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.68.1'
     }
   }
   generateProtoTasks {

From b5ef09c5483d23ccdd7888e879d45f4054ad63f7 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 29 Oct 2024 22:29:03 -0700
Subject: [PATCH 068/591] RELEASING.md: Fix interop_matrix image name (#11653)

---
 RELEASING.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/RELEASING.md b/RELEASING.md
index 0add8991746..120b0ea6ac1 100644
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -167,14 +167,14 @@ Tagging the Release
     generation instructions][gcr-image]. Summary:
     ```bash
     # If you haven't previously configured docker:
-    gcloud auth configure-docker
+    gcloud auth configure-docker us-docker.pkg.dev
 
     # In main grpc repo, add the new version to matrix
     ${EDITOR:-nano -w} tools/interop_matrix/client_matrix.py
     tools/interop_matrix/create_matrix_images.py --git_checkout --release=v$MAJOR.$MINOR.$PATCH \
         --upload_images --language java
-    docker pull gcr.io/grpc-testing/grpc_interop_java:v$MAJOR.$MINOR.$PATCH
-    docker_image=gcr.io/grpc-testing/grpc_interop_java:v$MAJOR.$MINOR.$PATCH \
+    docker pull us-docker.pkg.dev/grpc-testing/testing-images-public/grpc_interop_java:v$MAJOR.$MINOR.$PATCH
+    docker_image=us-docker.pkg.dev/grpc-testing/testing-images-public/grpc_interop_java:v$MAJOR.$MINOR.$PATCH \
         tools/interop_matrix/testcases/java__master
 
     # Commit the changes

From 766b92379b5eac82d64bf2fd913d1e10a6960600 Mon Sep 17 00:00:00 2001
From: SreeramdasLavanya <76050406+SreeramdasLavanya@users.noreply.github.com>
Date: Wed, 30 Oct 2024 13:19:53 +0000
Subject: [PATCH 069/591] api: Add java.time.Duration overloads to CallOptions,
 AbstractStub taking TimeUnit and a time value (#11562)

---
 api/src/main/java/io/grpc/CallOptions.java    |  7 +++
 .../main/java/io/grpc/InternalTimeUtils.java  | 26 ++++++++
 api/src/main/java/io/grpc/LoadBalancer.java   |  2 +-
 .../java/io/grpc/SynchronizationContext.java  | 18 +++++-
 api/src/main/java/io/grpc/TimeUtils.java      | 31 ++++++++++
 .../test/java/io/grpc/CallOptionsTest.java    |  9 +++
 .../io/grpc/SynchronizationContextTest.java   | 48 ++++++++++++++-
 api/src/test/java/io/grpc/TimeUtilsTest.java  | 59 +++++++++++++++++++
 .../main/java/io/grpc/stub/AbstractStub.java  |  7 +++
 .../java/io/grpc/stub/AbstractStubTest.java   | 22 ++++++-
 10 files changed, 224 insertions(+), 5 deletions(-)
 create mode 100644 api/src/main/java/io/grpc/InternalTimeUtils.java
 create mode 100644 api/src/main/java/io/grpc/TimeUtils.java
 create mode 100644 api/src/test/java/io/grpc/TimeUtilsTest.java

diff --git a/api/src/main/java/io/grpc/CallOptions.java b/api/src/main/java/io/grpc/CallOptions.java
index 25c4df386a1..a1b8984c48b 100644
--- a/api/src/main/java/io/grpc/CallOptions.java
+++ b/api/src/main/java/io/grpc/CallOptions.java
@@ -17,9 +17,11 @@
 package io.grpc;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static io.grpc.TimeUtils.convertToNanos;
 
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Preconditions;
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -176,6 +178,11 @@ public CallOptions withDeadlineAfter(long duration, TimeUnit unit) {
     return withDeadline(Deadline.after(duration, unit));
   }
 
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11657")
+  public CallOptions withDeadlineAfter(Duration duration) {
+    return withDeadlineAfter(convertToNanos(duration), TimeUnit.NANOSECONDS);
+  }
+
   /**
    * Returns the deadline or {@code null} if the deadline is not set.
    */
diff --git a/api/src/main/java/io/grpc/InternalTimeUtils.java b/api/src/main/java/io/grpc/InternalTimeUtils.java
new file mode 100644
index 00000000000..ef8022f53c5
--- /dev/null
+++ b/api/src/main/java/io/grpc/InternalTimeUtils.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import java.time.Duration;
+
+@Internal
+public final class InternalTimeUtils {
+  public static long convert(Duration duration) {
+    return TimeUtils.convertToNanos(duration);
+  }
+}
diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index 6d74006b396..52d37f8677d 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -212,7 +212,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
    *
    * @since 1.21.0
    */
-  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/1771")
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11657")
   public static final class ResolvedAddresses {
     private final List<EquivalentAddressGroup> addresses;
     @NameResolver.ResolutionResultAttr
diff --git a/api/src/main/java/io/grpc/SynchronizationContext.java b/api/src/main/java/io/grpc/SynchronizationContext.java
index 5a7677ac15f..94916a1b473 100644
--- a/api/src/main/java/io/grpc/SynchronizationContext.java
+++ b/api/src/main/java/io/grpc/SynchronizationContext.java
@@ -18,8 +18,10 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
+import static io.grpc.TimeUtils.convertToNanos;
 
 import java.lang.Thread.UncaughtExceptionHandler;
+import java.time.Duration;
 import java.util.Queue;
 import java.util.concurrent.ConcurrentLinkedQueue;
 import java.util.concurrent.Executor;
@@ -162,6 +164,12 @@ public String toString() {
     return new ScheduledHandle(runnable, future);
   }
 
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11657")
+  public final ScheduledHandle schedule(
+      final Runnable task, Duration delay, ScheduledExecutorService timerService) {
+    return schedule(task, convertToNanos(delay), TimeUnit.NANOSECONDS, timerService);
+  }
+
   /**
    * Schedules a task to be added and run via {@link #execute} after an initial delay and then
    * repeated after the delay until cancelled.
@@ -193,6 +201,14 @@ public String toString() {
     return new ScheduledHandle(runnable, future);
   }
 
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11657")
+  public final ScheduledHandle scheduleWithFixedDelay(
+      final Runnable task, Duration initialDelay, Duration delay,
+      ScheduledExecutorService timerService) {
+    return scheduleWithFixedDelay(task, convertToNanos(initialDelay), convertToNanos(delay),
+        TimeUnit.NANOSECONDS, timerService);
+  }
+
 
   private static class ManagedRunnable implements Runnable {
     final Runnable task;
@@ -246,4 +262,4 @@ public boolean isPending() {
       return !(runnable.hasStarted || runnable.isCancelled);
     }
   }
-}
+}
\ No newline at end of file
diff --git a/api/src/main/java/io/grpc/TimeUtils.java b/api/src/main/java/io/grpc/TimeUtils.java
new file mode 100644
index 00000000000..c3031f13d94
--- /dev/null
+++ b/api/src/main/java/io/grpc/TimeUtils.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import java.time.Duration;
+
+final class TimeUtils {
+  private TimeUtils() {}
+
+  static long convertToNanos(Duration duration) {
+    try {
+      return duration.toNanos();
+    } catch (ArithmeticException tooBig) {
+      return duration.isNegative() ? Long.MIN_VALUE : Long.MAX_VALUE;
+    }
+  }
+}
diff --git a/api/src/test/java/io/grpc/CallOptionsTest.java b/api/src/test/java/io/grpc/CallOptionsTest.java
index cc90a9799d7..d74c74ccd66 100644
--- a/api/src/test/java/io/grpc/CallOptionsTest.java
+++ b/api/src/test/java/io/grpc/CallOptionsTest.java
@@ -32,6 +32,7 @@
 import com.google.common.base.Objects;
 import io.grpc.ClientStreamTracer.StreamInfo;
 import io.grpc.internal.SerializingExecutor;
+import java.time.Duration;
 import java.util.concurrent.Executor;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -150,6 +151,14 @@ public void withDeadlineAfter() {
     assertAbout(deadline()).that(actual).isWithin(10, MILLISECONDS).of(expected);
   }
 
+  @Test
+  public void withDeadlineAfterDuration() {
+    Deadline actual = CallOptions.DEFAULT.withDeadlineAfter(Duration.ofMinutes(1L)).getDeadline();
+    Deadline expected = Deadline.after(1, MINUTES);
+
+    assertAbout(deadline()).that(actual).isWithin(10, MILLISECONDS).of(expected);
+  }
+
   @Test
   public void toStringMatches_noDeadline_default() {
     String actual = allSet
diff --git a/api/src/test/java/io/grpc/SynchronizationContextTest.java b/api/src/test/java/io/grpc/SynchronizationContextTest.java
index 3d5e7fa42b9..f0797df227e 100644
--- a/api/src/test/java/io/grpc/SynchronizationContextTest.java
+++ b/api/src/test/java/io/grpc/SynchronizationContextTest.java
@@ -27,6 +27,7 @@
 
 import com.google.common.util.concurrent.testing.TestingExecutors;
 import io.grpc.SynchronizationContext.ScheduledHandle;
+import java.time.Duration;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.LinkedBlockingQueue;
@@ -72,7 +73,7 @@ public void uncaughtException(Thread t, Throwable e) {
 
   @Mock
   private Runnable task3;
-  
+
   @After public void tearDown() {
     assertThat(uncaughtErrors).isEmpty();
   }
@@ -246,6 +247,41 @@ public void schedule() {
     verify(task1).run();
   }
 
+  @Test
+  public void scheduleDuration() {
+    MockScheduledExecutorService executorService = new MockScheduledExecutorService();
+    ScheduledHandle handle =
+        syncContext.schedule(task1, Duration.ofSeconds(10), executorService);
+
+    assertThat(executorService.delay)
+        .isEqualTo(executorService.unit.convert(10, TimeUnit.SECONDS));
+    assertThat(handle.isPending()).isTrue();
+    verify(task1, never()).run();
+
+    executorService.command.run();
+
+    assertThat(handle.isPending()).isFalse();
+    verify(task1).run();
+  }
+
+  @Test
+  public void scheduleWithFixedDelayDuration() {
+    MockScheduledExecutorService executorService = new MockScheduledExecutorService();
+    ScheduledHandle handle =
+        syncContext.scheduleWithFixedDelay(task1, Duration.ofSeconds(10),
+            Duration.ofSeconds(10), executorService);
+
+    assertThat(executorService.delay)
+        .isEqualTo(executorService.unit.convert(10, TimeUnit.SECONDS));
+    assertThat(handle.isPending()).isTrue();
+    verify(task1, never()).run();
+
+    executorService.command.run();
+
+    assertThat(handle.isPending()).isFalse();
+    verify(task1).run();
+  }
+
   @Test
   public void scheduleDueImmediately() {
     MockScheduledExecutorService executorService = new MockScheduledExecutorService();
@@ -357,5 +393,13 @@ static class MockScheduledExecutorService extends ForwardingScheduledExecutorSer
       this.unit = unit;
       return future = super.schedule(command, delay, unit);
     }
+
+    @Override public ScheduledFuture<?> scheduleWithFixedDelay(Runnable command, long intialDelay,
+        long delay, TimeUnit unit) {
+      this.command = command;
+      this.delay = delay;
+      this.unit = unit;
+      return future = super.scheduleWithFixedDelay(command, intialDelay, delay, unit);
+    }
   }
-}
+}
\ No newline at end of file
diff --git a/api/src/test/java/io/grpc/TimeUtilsTest.java b/api/src/test/java/io/grpc/TimeUtilsTest.java
new file mode 100644
index 00000000000..4faaa9cbf6d
--- /dev/null
+++ b/api/src/test/java/io/grpc/TimeUtilsTest.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import static org.junit.Assert.assertEquals;
+
+import java.time.Duration;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for {@link TimeUtils}. */
+@RunWith(JUnit4.class)
+public class TimeUtilsTest {
+
+  @Test
+  public void testConvertNormalDuration() {
+    Duration duration = Duration.ofSeconds(10);
+    long expected = 10 * 1_000_000_000L;
+
+    assertEquals(expected, TimeUtils.convertToNanos(duration));
+  }
+
+  @Test
+  public void testConvertNegativeDuration() {
+    Duration duration = Duration.ofSeconds(-3);
+    long expected = -3 * 1_000_000_000L;
+
+    assertEquals(expected, TimeUtils.convertToNanos(duration));
+  }
+
+  @Test
+  public void testConvertTooLargeDuration() {
+    Duration duration = Duration.ofSeconds(Long.MAX_VALUE / 1_000_000_000L + 1);
+
+    assertEquals(Long.MAX_VALUE, TimeUtils.convertToNanos(duration));
+  }
+
+  @Test
+  public void testConvertTooLargeNegativeDuration() {
+    Duration duration = Duration.ofSeconds(Long.MIN_VALUE / 1_000_000_000L - 1);
+
+    assertEquals(Long.MIN_VALUE, TimeUtils.convertToNanos(duration));
+  }
+}
\ No newline at end of file
diff --git a/stub/src/main/java/io/grpc/stub/AbstractStub.java b/stub/src/main/java/io/grpc/stub/AbstractStub.java
index 0b6f86f2acf..06dd55ff466 100644
--- a/stub/src/main/java/io/grpc/stub/AbstractStub.java
+++ b/stub/src/main/java/io/grpc/stub/AbstractStub.java
@@ -17,6 +17,7 @@
 package io.grpc.stub;
 
 import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.InternalTimeUtils.convert;
 
 import io.grpc.CallCredentials;
 import io.grpc.CallOptions;
@@ -26,6 +27,7 @@
 import io.grpc.Deadline;
 import io.grpc.ExperimentalApi;
 import io.grpc.ManagedChannelBuilder;
+import java.time.Duration;
 import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.CheckReturnValue;
@@ -149,6 +151,11 @@ public final S withDeadlineAfter(long duration, TimeUnit unit) {
     return build(channel, callOptions.withDeadlineAfter(duration, unit));
   }
 
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11657")
+  public final S withDeadlineAfter(Duration duration) {
+    return withDeadlineAfter(convert(duration), TimeUnit.NANOSECONDS);
+  }
+
   /**
    * Returns a new stub with the given executor that is to be used instead of the default one
    * specified with {@link ManagedChannelBuilder#executor}. Note that setting this option may not
diff --git a/stub/src/test/java/io/grpc/stub/AbstractStubTest.java b/stub/src/test/java/io/grpc/stub/AbstractStubTest.java
index 9006b8679e4..a167c735160 100644
--- a/stub/src/test/java/io/grpc/stub/AbstractStubTest.java
+++ b/stub/src/test/java/io/grpc/stub/AbstractStubTest.java
@@ -16,12 +16,18 @@
 
 package io.grpc.stub;
 
+import static com.google.common.truth.Truth.assertAbout;
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.testing.DeadlineSubject.deadline;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static java.util.concurrent.TimeUnit.MINUTES;
 
 import io.grpc.CallOptions;
 import io.grpc.Channel;
+import io.grpc.Deadline;
 import io.grpc.stub.AbstractStub.StubFactory;
 import io.grpc.stub.AbstractStubTest.NoopStub;
+import java.time.Duration;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -47,8 +53,22 @@ public NoopStub newStub(Channel channel, CallOptions callOptions) {
         .isNull();
   }
 
-  class NoopStub extends AbstractStub<NoopStub> {
+  @Test
+  public void testDuration() {
+    NoopStub stub = NoopStub.newStub(new StubFactory<NoopStub>() {
+      @Override
+      public NoopStub newStub(Channel channel, CallOptions callOptions) {
+        return create(channel, callOptions);
+      }
+    }, channel, CallOptions.DEFAULT);
+    NoopStub stubInstance = stub.withDeadlineAfter(Duration.ofMinutes(1L));
+    Deadline actual = stubInstance.getCallOptions().getDeadline();
+    Deadline expected = Deadline.after(1, MINUTES);
 
+    assertAbout(deadline()).that(actual).isWithin(10, MILLISECONDS).of(expected);
+  }
+
+  class NoopStub extends AbstractStub<NoopStub> {
     NoopStub(Channel channel, CallOptions options) {
       super(channel, options);
     }

From 3562380da543778b9048e0557e71d59bef288118 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 29 Oct 2024 14:16:45 -0700
Subject: [PATCH 070/591] Upgrade Gradle to 8.10.2 and upgrade plugins

com.github.johnrengelman.shadow is now com.gradleup.shadow (note the
redirect)
https://github.com/johnrengelman/shadow/releases/tag/8.3.0
---
 alts/build.gradle                                 |  2 +-
 authz/build.gradle                                |  2 +-
 build.gradle                                      |  2 +-
 examples/example-hostname/build.gradle            |  2 +-
 examples/gradle/wrapper/gradle-wrapper.properties |  2 +-
 gradle/wrapper/gradle-wrapper.properties          |  2 +-
 netty/shaded/build.gradle                         |  2 +-
 s2a/build.gradle                                  |  2 +-
 settings.gradle                                   | 10 ++++++----
 xds/build.gradle                                  |  2 +-
 10 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/alts/build.gradle b/alts/build.gradle
index 9477e2540af..de93c90546f 100644
--- a/alts/build.gradle
+++ b/alts/build.gradle
@@ -2,8 +2,8 @@ plugins {
     id "java-library"
     id "maven-publish"
 
-    id "com.github.johnrengelman.shadow"
     id "com.google.protobuf"
+    id "com.gradleup.shadow"
     id "ru.vyarus.animalsniffer"
 }
 
diff --git a/authz/build.gradle b/authz/build.gradle
index 491e8f32a74..60c86ca0dba 100644
--- a/authz/build.gradle
+++ b/authz/build.gradle
@@ -2,8 +2,8 @@ plugins {
     id "java-library"
     id "maven-publish"
 
-    id "com.github.johnrengelman.shadow"
     id "com.google.protobuf"
+    id "com.gradleup.shadow"
     id "ru.vyarus.animalsniffer"
 }
 
diff --git a/build.gradle b/build.gradle
index f647acdb382..1013a2a4386 100644
--- a/build.gradle
+++ b/build.gradle
@@ -311,7 +311,7 @@ subprojects {
         }
     }
 
-    plugins.withId("com.github.johnrengelman.shadow") {
+    plugins.withId("com.gradleup.shadow") {
         tasks.named("shadowJar").configure {
             // Do a dance to remove Class-Path. This needs to run after the doFirst() from the
             // shadow plugin that adds Class-Path and before the core jar action. Using doFirst will
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 7ade8da565a..54407994dab 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -3,7 +3,7 @@ plugins {
     id 'java'
 
     id "com.google.protobuf" version "0.9.4"
-    id 'com.google.cloud.tools.jib' version '3.4.3' // For releasing to Docker Hub
+    id 'com.google.cloud.tools.jib' version '3.4.4' // For releasing to Docker Hub
 }
 
 repositories {
diff --git a/examples/gradle/wrapper/gradle-wrapper.properties b/examples/gradle/wrapper/gradle-wrapper.properties
index 0d1842103b1..1e2fbf0d458 100644
--- a/examples/gradle/wrapper/gradle-wrapper.properties
+++ b/examples/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index a4413138c96..df97d72b8b9 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
diff --git a/netty/shaded/build.gradle b/netty/shaded/build.gradle
index a1151ca2427..25682d60b75 100644
--- a/netty/shaded/build.gradle
+++ b/netty/shaded/build.gradle
@@ -9,7 +9,7 @@ plugins {
     id "java"
     id "maven-publish"
 
-    id "com.github.johnrengelman.shadow"
+    id "com.gradleup.shadow"
     id "ru.vyarus.animalsniffer"
 }
 
diff --git a/s2a/build.gradle b/s2a/build.gradle
index 900283d9a07..572c48a0c5b 100644
--- a/s2a/build.gradle
+++ b/s2a/build.gradle
@@ -2,9 +2,9 @@ plugins {
     id "java-library"
     id "maven-publish"
 
-    id "com.github.johnrengelman.shadow"
     id "com.google.osdetector"
     id "com.google.protobuf"
+    id "com.gradleup.shadow"
     id "ru.vyarus.animalsniffer"
 }
 
diff --git a/settings.gradle b/settings.gradle
index b451242f7c1..1d8600cbe8a 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -4,24 +4,26 @@ pluginManagement {
         // 8+ has many changes: https://github.com/grpc/grpc-java/issues/10152
         id "com.android.application" version "7.4.1"
         id "com.android.library" version "7.4.1"
-        // https://github.com/johnrengelman/shadow/releases
-        id "com.github.johnrengelman.shadow" version "8.1.1"
 	// https://github.com/kt3k/coveralls-gradle-plugin/tags
         id "com.github.kt3k.coveralls" version "2.12.2"
 	// https://github.com/GoogleCloudPlatform/appengine-plugins/releases
         id "com.google.cloud.tools.appengine" version "2.8.0"
         // https://github.com/GoogleContainerTools/jib/blob/master/jib-gradle-plugin/CHANGELOG.md
-        id "com.google.cloud.tools.jib" version "3.4.3"
+        id "com.google.cloud.tools.jib" version "3.4.4"
 	// https://github.com/google/osdetector-gradle-plugin/tags
         id "com.google.osdetector" version "1.7.3"
         // https://github.com/google/protobuf-gradle-plugin/releases
         id "com.google.protobuf" version "0.9.4"
+        // https://github.com/GradleUp/shadow/releases
+        // 8.3.2+ requires Java 11+
+        // 8.3.1 breaks apache imports for netty/shaded, fixed in 8.3.2
+        id "com.gradleup.shadow" version "8.3.0"
         // https://github.com/melix/japicmp-gradle-plugin/blob/master/CHANGELOG.txt
         id "me.champeau.gradle.japicmp" version "0.4.2"
         // https://github.com/melix/jmh-gradle-plugin/releases
         id "me.champeau.jmh" version "0.7.2"
         // https://github.com/tbroyer/gradle-errorprone-plugin/releases
-        id "net.ltgt.errorprone" version "4.0.1"
+        id "net.ltgt.errorprone" version "4.1.0"
         // https://github.com/xvik/gradle-animalsniffer-plugin/releases
         id "ru.vyarus.animalsniffer" version "1.7.1"
     }
diff --git a/xds/build.gradle b/xds/build.gradle
index a738145a2a0..e09b42d06a9 100644
--- a/xds/build.gradle
+++ b/xds/build.gradle
@@ -4,8 +4,8 @@ plugins {
     id "java"
     id "maven-publish"
 
-    id "com.github.johnrengelman.shadow"
     id "com.google.protobuf"
+    id "com.gradleup.shadow"
     id "ru.vyarus.animalsniffer"
 }
 

From c167ead85120267a7a85086e5ba2b5c644592250 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Wed, 30 Oct 2024 21:11:41 +0530
Subject: [PATCH 071/591] xds: Per-rpc rewriting of the authority header based
 on the selected route. (#11631)

Implementation of A81.
---
 api/src/main/java/io/grpc/LoadBalancer.java   |  33 ++
 .../grpc/internal/DelayedClientTransport.java |  12 +-
 .../java/io/grpc/internal/DelayedStream.java  |   1 -
 .../internal/DelayedClientTransportTest.java  |  86 +++++
 .../io/grpc/internal/DelayedStreamTest.java   |   6 -
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |  27 +-
 .../grpc/xds/ClusterResolverLoadBalancer.java |  10 +-
 xds/src/main/java/io/grpc/xds/Endpoints.java  |  10 +-
 .../io/grpc/xds/InternalXdsAttributes.java    |   5 +
 .../main/java/io/grpc/xds/VirtualHost.java    |  23 +-
 .../java/io/grpc/xds/XdsEndpointResource.java |   3 +-
 .../java/io/grpc/xds/XdsListenerResource.java |  24 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |   9 +-
 .../grpc/xds/XdsRouteConfigureResource.java   |  36 ++-
 .../java/io/grpc/xds/client/Bootstrapper.java |   9 +-
 .../io/grpc/xds/client/BootstrapperImpl.java  |   5 +-
 .../grpc/xds/ClusterImplLoadBalancerTest.java | 131 +++++++-
 .../xds/ClusterResolverLoadBalancerTest.java  | 125 +++-----
 .../java/io/grpc/xds/ControlPlaneRule.java    |  14 +-
 .../java/io/grpc/xds/CsdsServiceTest.java     |   1 -
 .../test/java/io/grpc/xds/DataPlaneRule.java  |  14 +-
 .../FakeControlPlaneXdsIntegrationTest.java   |  84 +++--
 .../io/grpc/xds/GrpcBootstrapperImplTest.java |  22 ++
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 297 ++++++++++++++----
 .../grpc/xds/GrpcXdsClientImplTestBase.java   |  36 ++-
 .../io/grpc/xds/GrpcXdsClientImplV3Test.java  |   5 +-
 .../java/io/grpc/xds/XdsNameResolverTest.java | 153 ++++++---
 .../io/grpc/xds/XdsServerWrapperTest.java     |   3 +-
 28 files changed, 875 insertions(+), 309 deletions(-)

diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index 52d37f8677d..97ead20ed36 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -552,6 +552,7 @@ public static final class PickResult {
     private final Status status;
     // True if the result is created by withDrop()
     private final boolean drop;
+    @Nullable private final String authorityOverride;
 
     private PickResult(
         @Nullable Subchannel subchannel, @Nullable ClientStreamTracer.Factory streamTracerFactory,
@@ -560,6 +561,17 @@ private PickResult(
       this.streamTracerFactory = streamTracerFactory;
       this.status = checkNotNull(status, "status");
       this.drop = drop;
+      this.authorityOverride = null;
+    }
+
+    private PickResult(
+        @Nullable Subchannel subchannel, @Nullable ClientStreamTracer.Factory streamTracerFactory,
+        Status status, boolean drop, @Nullable String authorityOverride) {
+      this.subchannel = subchannel;
+      this.streamTracerFactory = streamTracerFactory;
+      this.status = checkNotNull(status, "status");
+      this.drop = drop;
+      this.authorityOverride = authorityOverride;
     }
 
     /**
@@ -639,6 +651,19 @@ public static PickResult withSubchannel(
           false);
     }
 
+    /**
+     * Same as {@code withSubchannel(subchannel, streamTracerFactory)} but with an authority name
+     * to override in the host header.
+     */
+    @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11656")
+    public static PickResult withSubchannel(
+        Subchannel subchannel, @Nullable ClientStreamTracer.Factory streamTracerFactory,
+        @Nullable String authorityOverride) {
+      return new PickResult(
+          checkNotNull(subchannel, "subchannel"), streamTracerFactory, Status.OK,
+          false, authorityOverride);
+    }
+
     /**
      * Equivalent to {@code withSubchannel(subchannel, null)}.
      *
@@ -682,6 +707,13 @@ public static PickResult withNoResult() {
       return NO_RESULT;
     }
 
+    /** Returns the authority override if any. */
+    @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11656")
+    @Nullable
+    public String getAuthorityOverride() {
+      return authorityOverride;
+    }
+
     /**
      * The Subchannel if this result was created by {@link #withSubchannel withSubchannel()}, or
      * null otherwise.
@@ -736,6 +768,7 @@ public String toString() {
           .add("streamTracerFactory", streamTracerFactory)
           .add("status", status)
           .add("drop", drop)
+          .add("authority-override", authorityOverride)
           .toString();
     }
 
diff --git a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
index 6eebfdd0fae..ae173f4ac26 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
@@ -131,11 +131,17 @@ public final ClientStream newStream(
         }
         if (state.lastPicker != null) {
           PickResult pickResult = state.lastPicker.pickSubchannel(args);
+          callOptions = args.getCallOptions();
+          // User code provided authority takes precedence over the LB provided one.
+          if (callOptions.getAuthority() == null
+              && pickResult.getAuthorityOverride() != null) {
+            callOptions = callOptions.withAuthority(pickResult.getAuthorityOverride());
+          }
           ClientTransport transport = GrpcUtil.getTransportFromPickResult(pickResult,
               callOptions.isWaitForReady());
           if (transport != null) {
             return transport.newStream(
-                args.getMethodDescriptor(), args.getHeaders(), args.getCallOptions(),
+                args.getMethodDescriptor(), args.getHeaders(), callOptions,
                 tracers);
           }
         }
@@ -281,6 +287,10 @@ final void reprocess(@Nullable SubchannelPicker picker) {
     for (final PendingStream stream : toProcess) {
       PickResult pickResult = picker.pickSubchannel(stream.args);
       CallOptions callOptions = stream.args.getCallOptions();
+      // User code provided authority takes precedence over the LB provided one.
+      if (callOptions.getAuthority() == null && pickResult.getAuthorityOverride() != null) {
+        stream.setAuthority(pickResult.getAuthorityOverride());
+      }
       final ClientTransport transport = GrpcUtil.getTransportFromPickResult(pickResult,
           callOptions.isWaitForReady());
       if (transport != null) {
diff --git a/core/src/main/java/io/grpc/internal/DelayedStream.java b/core/src/main/java/io/grpc/internal/DelayedStream.java
index cc9dd0effc7..c94986a3458 100644
--- a/core/src/main/java/io/grpc/internal/DelayedStream.java
+++ b/core/src/main/java/io/grpc/internal/DelayedStream.java
@@ -208,7 +208,6 @@ private void delayOrExecute(Runnable runnable) {
 
   @Override
   public void setAuthority(final String authority) {
-    checkState(listener == null, "May only be called before start");
     checkNotNull(authority, "authority");
     preStartPendingCalls.add(new Runnable() {
       @Override
diff --git a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
index c7ae8c8b4be..a5160552a9e 100644
--- a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
@@ -502,6 +502,43 @@ public void uncaughtException(Thread t, Throwable e) {
     verify(transportListener).transportTerminated();
   }
 
+  @Test
+  public void reprocess_authorityOverridePresentInCallOptions_authorityOverrideFromLbIsIgnored() {
+    DelayedStream delayedStream = (DelayedStream) delayedTransport.newStream(
+        method, headers, callOptions, tracers);
+    delayedStream.start(mock(ClientStreamListener.class));
+    SubchannelPicker picker = mock(SubchannelPicker.class);
+    PickResult pickResult = PickResult.withSubchannel(
+        mockSubchannel, null, "authority-override-hostname-from-lb");
+    when(picker.pickSubchannel(any(PickSubchannelArgs.class))).thenReturn(pickResult);
+
+    delayedTransport.reprocess(picker);
+    fakeExecutor.runDueTasks();
+
+    verify(mockRealStream, never()).setAuthority("authority-override-hostname-from-lb");
+  }
+
+  @Test
+  public void
+        reprocess_authorityOverrideNotInCallOptions_authorityOverrideFromLbIsSetIntoStream() {
+    DelayedStream delayedStream = (DelayedStream) delayedTransport.newStream(
+        method, headers, callOptions.withAuthority(null), tracers);
+    delayedStream.start(mock(ClientStreamListener.class));
+    SubchannelPicker picker = mock(SubchannelPicker.class);
+    PickResult pickResult = PickResult.withSubchannel(
+        mockSubchannel, null, "authority-override-hostname-from-lb");
+    when(picker.pickSubchannel(any(PickSubchannelArgs.class))).thenReturn(pickResult);
+    when(mockRealTransport.newStream(
+        same(method), same(headers), any(CallOptions.class),
+        ArgumentMatchers.any()))
+        .thenReturn(mockRealStream);
+
+    delayedTransport.reprocess(picker);
+    fakeExecutor.runDueTasks();
+
+    verify(mockRealStream).setAuthority("authority-override-hostname-from-lb");
+  }
+
   @Test
   public void reprocess_NoPendingStream() {
     SubchannelPicker picker = mock(SubchannelPicker.class);
@@ -525,6 +562,55 @@ public void reprocess_NoPendingStream() {
     assertSame(mockRealStream, stream);
   }
 
+  @Test
+  public void newStream_assignsTransport_authorityFromCallOptionsSupersedesAuthorityFromLB() {
+    SubchannelPicker picker = mock(SubchannelPicker.class);
+    AbstractSubchannel subchannel = mock(AbstractSubchannel.class);
+    when(subchannel.getInternalSubchannel()).thenReturn(mockInternalSubchannel);
+    PickResult pickResult = PickResult.withSubchannel(
+        subchannel, null, "authority-override-hostname-from-lb");
+    when(picker.pickSubchannel(any(PickSubchannelArgs.class))).thenReturn(pickResult);
+    ArgumentCaptor<CallOptions> callOptionsArgumentCaptor =
+        ArgumentCaptor.forClass(CallOptions.class);
+    when(mockRealTransport.newStream(
+        any(MethodDescriptor.class), any(Metadata.class), callOptionsArgumentCaptor.capture(),
+        ArgumentMatchers.<ClientStreamTracer[]>any()))
+        .thenReturn(mockRealStream);
+    delayedTransport.reprocess(picker);
+    verifyNoMoreInteractions(picker);
+    verifyNoMoreInteractions(transportListener);
+
+    CallOptions callOptions =
+        CallOptions.DEFAULT.withAuthority("authority-override-hosstname-from-calloptions");
+    delayedTransport.newStream(method, headers, callOptions, tracers);
+    assertThat(callOptionsArgumentCaptor.getValue().getAuthority()).isEqualTo(
+        "authority-override-hosstname-from-calloptions");
+  }
+
+  @Test
+  public void newStream_assignsTransport_authorityFromLB() {
+    SubchannelPicker picker = mock(SubchannelPicker.class);
+    AbstractSubchannel subchannel = mock(AbstractSubchannel.class);
+    when(subchannel.getInternalSubchannel()).thenReturn(mockInternalSubchannel);
+    PickResult pickResult = PickResult.withSubchannel(
+        subchannel, null, "authority-override-hostname-from-lb");
+    when(picker.pickSubchannel(any(PickSubchannelArgs.class))).thenReturn(pickResult);
+    ArgumentCaptor<CallOptions> callOptionsArgumentCaptor =
+        ArgumentCaptor.forClass(CallOptions.class);
+    when(mockRealTransport.newStream(
+        any(MethodDescriptor.class), any(Metadata.class), callOptionsArgumentCaptor.capture(),
+        ArgumentMatchers.<ClientStreamTracer[]>any()))
+        .thenReturn(mockRealStream);
+    delayedTransport.reprocess(picker);
+    verifyNoMoreInteractions(picker);
+    verifyNoMoreInteractions(transportListener);
+
+    CallOptions callOptions = CallOptions.DEFAULT;
+    delayedTransport.newStream(method, headers, callOptions, tracers);
+    assertThat(callOptionsArgumentCaptor.getValue().getAuthority()).isEqualTo(
+        "authority-override-hostname-from-lb");
+  }
+
   @Test
   public void reprocess_newStreamRacesWithReprocess() throws Exception {
     final CyclicBarrier barrier = new CyclicBarrier(2);
diff --git a/core/src/test/java/io/grpc/internal/DelayedStreamTest.java b/core/src/test/java/io/grpc/internal/DelayedStreamTest.java
index e39e8d420a2..a47bea9f4ab 100644
--- a/core/src/test/java/io/grpc/internal/DelayedStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedStreamTest.java
@@ -84,12 +84,6 @@ public void setStream_setAuthority() {
     inOrder.verify(realStream).start(any(ClientStreamListener.class));
   }
 
-  @Test(expected = IllegalStateException.class)
-  public void setAuthority_afterStart() {
-    stream.start(listener);
-    stream.setAuthority("notgonnawork");
-  }
-
   @Test(expected = IllegalStateException.class)
   public void start_afterStart() {
     stream.start(listener);
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 2a9435aa72f..e4bb28a1b6a 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -34,6 +34,7 @@
 import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.internal.ForwardingClientStreamTracer;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ObjectPool;
 import io.grpc.services.MetricReport;
 import io.grpc.util.ForwardingLoadBalancerHelper;
@@ -231,10 +232,16 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
           args.getAddresses().get(0).getAttributes());
       AtomicReference<ClusterLocality> localityAtomicReference = new AtomicReference<>(
           clusterLocality);
-      Attributes attrs = args.getAttributes().toBuilder()
-          .set(ATTR_CLUSTER_LOCALITY, localityAtomicReference)
-          .build();
-      args = args.toBuilder().setAddresses(addresses).setAttributes(attrs).build();
+      Attributes.Builder attrsBuilder = args.getAttributes().toBuilder()
+          .set(ATTR_CLUSTER_LOCALITY, localityAtomicReference);
+      if (GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE", false)) {
+        String hostname = args.getAddresses().get(0).getAttributes()
+            .get(InternalXdsAttributes.ATTR_ADDRESS_NAME);
+        if (hostname != null) {
+          attrsBuilder.set(InternalXdsAttributes.ATTR_ADDRESS_NAME, hostname);
+        }
+      }
+      args = args.toBuilder().setAddresses(addresses).setAttributes(attrsBuilder.build()).build();
       final Subchannel subchannel = delegate().createSubchannel(args);
 
       return new ForwardingSubchannel() {
@@ -389,7 +396,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
                 Status.UNAVAILABLE.withDescription("Dropped: " + dropOverload.category()));
           }
         }
-        final PickResult result = delegate.pickSubchannel(args);
+        PickResult result = delegate.pickSubchannel(args);
         if (result.getStatus().isOk() && result.getSubchannel() != null) {
           if (enableCircuitBreaking) {
             if (inFlights.get() >= maxConcurrentRequests) {
@@ -415,9 +422,17 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
                   stats, inFlights, result.getStreamTracerFactory());
               ClientStreamTracer.Factory orcaTracerFactory = OrcaPerRequestUtil.getInstance()
                   .newOrcaClientStreamTracerFactory(tracerFactory, new OrcaPerRpcListener(stats));
-              return PickResult.withSubchannel(result.getSubchannel(), orcaTracerFactory);
+              result = PickResult.withSubchannel(result.getSubchannel(),
+                  orcaTracerFactory);
             }
           }
+          if (args.getCallOptions().getOption(XdsNameResolver.AUTO_HOST_REWRITE_KEY) != null
+              && args.getCallOptions().getOption(XdsNameResolver.AUTO_HOST_REWRITE_KEY)) {
+            result = PickResult.withSubchannel(result.getSubchannel(),
+                result.getStreamTracerFactory(),
+                result.getSubchannel().getAttributes().get(
+                    InternalXdsAttributes.ATTR_ADDRESS_NAME));
+          }
         }
         return result;
       }
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index 875a6c45020..3ef79699b10 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -428,6 +428,7 @@ public void run() {
                           .set(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT,
                               localityLbInfo.localityWeight())
                           .set(InternalXdsAttributes.ATTR_SERVER_WEIGHT, weight)
+                          .set(InternalXdsAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
                           .build();
                   EquivalentAddressGroup eag = new EquivalentAddressGroup(
                       endpoint.eag().getAddresses(), attr);
@@ -567,7 +568,7 @@ void start() {
           handleEndpointResolutionError();
           return;
         }
-        resolver.start(new NameResolverListener());
+        resolver.start(new NameResolverListener(dnsHostName));
       }
 
       void refresh() {
@@ -606,6 +607,12 @@ public void run() {
       }
 
       private class NameResolverListener extends NameResolver.Listener2 {
+        private final String dnsHostName;
+
+        NameResolverListener(String dnsHostName) {
+          this.dnsHostName = dnsHostName;
+        }
+
         @Override
         public void onResult(final ResolutionResult resolutionResult) {
           class NameResolved implements Runnable {
@@ -625,6 +632,7 @@ public void run() {
                 Attributes attr = eag.getAttributes().toBuilder()
                     .set(InternalXdsAttributes.ATTR_LOCALITY, LOGICAL_DNS_CLUSTER_LOCALITY)
                     .set(InternalXdsAttributes.ATTR_LOCALITY_NAME, localityName)
+                    .set(InternalXdsAttributes.ATTR_ADDRESS_NAME, dnsHostName)
                     .build();
                 eag = new EquivalentAddressGroup(eag.getAddresses(), attr);
                 eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
diff --git a/xds/src/main/java/io/grpc/xds/Endpoints.java b/xds/src/main/java/io/grpc/xds/Endpoints.java
index 8b1715731df..7d7aa3e386d 100644
--- a/xds/src/main/java/io/grpc/xds/Endpoints.java
+++ b/xds/src/main/java/io/grpc/xds/Endpoints.java
@@ -61,17 +61,19 @@ abstract static class LbEndpoint {
     // Whether the endpoint is healthy.
     abstract boolean isHealthy();
 
+    abstract String hostname();
+
     static LbEndpoint create(EquivalentAddressGroup eag, int loadBalancingWeight,
-        boolean isHealthy) {
-      return new AutoValue_Endpoints_LbEndpoint(eag, loadBalancingWeight, isHealthy);
+        boolean isHealthy, String hostname) {
+      return new AutoValue_Endpoints_LbEndpoint(eag, loadBalancingWeight, isHealthy, hostname);
     }
 
     // Only for testing.
     @VisibleForTesting
     static LbEndpoint create(
-        String address, int port, int loadBalancingWeight, boolean isHealthy) {
+        String address, int port, int loadBalancingWeight, boolean isHealthy, String hostname) {
       return LbEndpoint.create(new EquivalentAddressGroup(new InetSocketAddress(address, port)),
-          loadBalancingWeight, isHealthy);
+          loadBalancingWeight, isHealthy, hostname);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/InternalXdsAttributes.java b/xds/src/main/java/io/grpc/xds/InternalXdsAttributes.java
index aaaeb198d21..575bda73f0c 100644
--- a/xds/src/main/java/io/grpc/xds/InternalXdsAttributes.java
+++ b/xds/src/main/java/io/grpc/xds/InternalXdsAttributes.java
@@ -91,6 +91,11 @@ public final class InternalXdsAttributes {
   static final Attributes.Key<Long> ATTR_SERVER_WEIGHT =
       Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.serverWeight");
 
+  /** Name associated with individual address, if available (e.g., DNS name). */
+  @EquivalentAddressGroup.Attr
+  static final Attributes.Key<String> ATTR_ADDRESS_NAME =
+      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.addressName");
+
   /**
    * Filter chain match for network filters.
    */
diff --git a/xds/src/main/java/io/grpc/xds/VirtualHost.java b/xds/src/main/java/io/grpc/xds/VirtualHost.java
index d9f93dd3a07..7dfa0b34a35 100644
--- a/xds/src/main/java/io/grpc/xds/VirtualHost.java
+++ b/xds/src/main/java/io/grpc/xds/VirtualHost.java
@@ -166,29 +166,34 @@ abstract static class RouteAction {
       @Nullable
       abstract RetryPolicy retryPolicy();
 
+      abstract boolean autoHostRewrite();
+
       static RouteAction forCluster(
           String cluster, List<HashPolicy> hashPolicies, @Nullable Long timeoutNano,
-          @Nullable RetryPolicy retryPolicy) {
+          @Nullable RetryPolicy retryPolicy, boolean autoHostRewrite) {
         checkNotNull(cluster, "cluster");
-        return RouteAction.create(hashPolicies, timeoutNano, cluster, null, null, retryPolicy);
+        return RouteAction.create(hashPolicies, timeoutNano, cluster, null, null, retryPolicy,
+            autoHostRewrite);
       }
 
       static RouteAction forWeightedClusters(
           List<ClusterWeight> weightedClusters, List<HashPolicy> hashPolicies,
-          @Nullable Long timeoutNano, @Nullable RetryPolicy retryPolicy) {
+          @Nullable Long timeoutNano, @Nullable RetryPolicy retryPolicy, boolean autoHostRewrite) {
         checkNotNull(weightedClusters, "weightedClusters");
         checkArgument(!weightedClusters.isEmpty(), "empty cluster list");
         return RouteAction.create(
-            hashPolicies, timeoutNano, null, weightedClusters, null, retryPolicy);
+            hashPolicies, timeoutNano, null, weightedClusters, null, retryPolicy, autoHostRewrite);
       }
 
       static RouteAction forClusterSpecifierPlugin(
           NamedPluginConfig namedConfig,
           List<HashPolicy> hashPolicies,
           @Nullable Long timeoutNano,
-          @Nullable RetryPolicy retryPolicy) {
+          @Nullable RetryPolicy retryPolicy,
+          boolean autoHostRewrite) {
         checkNotNull(namedConfig, "namedConfig");
-        return RouteAction.create(hashPolicies, timeoutNano, null, null, namedConfig, retryPolicy);
+        return RouteAction.create(hashPolicies, timeoutNano, null, null, namedConfig, retryPolicy,
+            autoHostRewrite);
       }
 
       private static RouteAction create(
@@ -197,14 +202,16 @@ private static RouteAction create(
           @Nullable String cluster,
           @Nullable List<ClusterWeight> weightedClusters,
           @Nullable NamedPluginConfig namedConfig,
-          @Nullable RetryPolicy retryPolicy) {
+          @Nullable RetryPolicy retryPolicy,
+          boolean autoHostRewrite) {
         return new AutoValue_VirtualHost_Route_RouteAction(
             ImmutableList.copyOf(hashPolicies),
             timeoutNano,
             cluster,
             weightedClusters == null ? null : ImmutableList.copyOf(weightedClusters),
             namedConfig,
-            retryPolicy);
+            retryPolicy,
+            autoHostRewrite);
       }
 
       @AutoValue
diff --git a/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java b/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
index 3ed68ac9b75..6a3cd35bd59 100644
--- a/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
@@ -213,7 +213,8 @@ static StructOrError<LocalityLbEndpoints> parseLocalityLbEndpoints(
               || (endpoint.getHealthStatus() == HealthStatus.UNKNOWN);
       endpoints.add(Endpoints.LbEndpoint.create(
           new EquivalentAddressGroup(addresses),
-          endpoint.getLoadBalancingWeight().getValue(), isHealthy));
+          endpoint.getLoadBalancingWeight().getValue(), isHealthy,
+          endpoint.getEndpoint().getHostname()));
     }
     return StructOrError.fromStruct(Endpoints.LocalityLbEndpoints.create(
         endpoints, proto.getLoadBalancingWeight().getValue(), proto.getPriority()));
diff --git a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
index af77d128ae7..141580af73d 100644
--- a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
@@ -108,13 +108,13 @@ protected LdsUpdate doParse(Args args, Message unpackedMessage)
     Listener listener = (Listener) unpackedMessage;
 
     if (listener.hasApiListener()) {
-      return processClientSideListener(listener);
+      return processClientSideListener(listener, args);
     } else {
       return processServerSideListener(listener, args);
     }
   }
 
-  private LdsUpdate processClientSideListener(Listener listener)
+  private LdsUpdate processClientSideListener(Listener listener, XdsResourceType.Args args)
       throws ResourceInvalidException {
     // Unpack HttpConnectionManager from the Listener.
     HttpConnectionManager hcm;
@@ -127,10 +127,10 @@ private LdsUpdate processClientSideListener(Listener listener)
           "Could not parse HttpConnectionManager config from ApiListener", e);
     }
     return LdsUpdate.forApiListener(
-        parseHttpConnectionManager(hcm, filterRegistry, true /* isForClient */));
+        parseHttpConnectionManager(hcm, filterRegistry, true /* isForClient */, args));
   }
 
-  private LdsUpdate processServerSideListener(Listener proto, Args args)
+  private LdsUpdate processServerSideListener(Listener proto, XdsResourceType.Args args)
       throws ResourceInvalidException {
     Set<String> certProviderInstances = null;
     if (args.getBootstrapInfo() != null && args.getBootstrapInfo().certProviders() != null) {
@@ -138,13 +138,13 @@ private LdsUpdate processServerSideListener(Listener proto, Args args)
     }
     return LdsUpdate.forTcpListener(parseServerSideListener(proto,
         (TlsContextManager) args.getSecurityConfig(),
-        filterRegistry, certProviderInstances));
+        filterRegistry, certProviderInstances, args));
   }
 
   @VisibleForTesting
   static EnvoyServerProtoData.Listener parseServerSideListener(
       Listener proto, TlsContextManager tlsContextManager,
-      FilterRegistry filterRegistry, Set<String> certProviderInstances)
+      FilterRegistry filterRegistry, Set<String> certProviderInstances, XdsResourceType.Args args)
       throws ResourceInvalidException {
     if (!proto.getTrafficDirection().equals(TrafficDirection.INBOUND)
         && !proto.getTrafficDirection().equals(TrafficDirection.UNSPECIFIED)) {
@@ -182,13 +182,13 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
     for (io.envoyproxy.envoy.config.listener.v3.FilterChain fc : proto.getFilterChainsList()) {
       filterChains.add(
           parseFilterChain(fc, tlsContextManager, filterRegistry, uniqueSet,
-              certProviderInstances));
+              certProviderInstances, args));
     }
     FilterChain defaultFilterChain = null;
     if (proto.hasDefaultFilterChain()) {
       defaultFilterChain = parseFilterChain(
           proto.getDefaultFilterChain(), tlsContextManager, filterRegistry,
-          null, certProviderInstances);
+          null, certProviderInstances, args);
     }
 
     return EnvoyServerProtoData.Listener.create(
@@ -199,7 +199,7 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
   static FilterChain parseFilterChain(
       io.envoyproxy.envoy.config.listener.v3.FilterChain proto,
       TlsContextManager tlsContextManager, FilterRegistry filterRegistry,
-      Set<FilterChainMatch> uniqueSet, Set<String> certProviderInstances)
+      Set<FilterChainMatch> uniqueSet, Set<String> certProviderInstances, XdsResourceType.Args args)
       throws ResourceInvalidException {
     if (proto.getFiltersCount() != 1) {
       throw new ResourceInvalidException("FilterChain " + proto.getName()
@@ -226,7 +226,7 @@ static FilterChain parseFilterChain(
           + filter.getName() + " failed to unpack message", e);
     }
     io.grpc.xds.HttpConnectionManager httpConnectionManager = parseHttpConnectionManager(
-        hcmProto, filterRegistry, false /* isForClient */);
+        hcmProto, filterRegistry, false /* isForClient */, args);
 
     EnvoyServerProtoData.DownstreamTlsContext downstreamTlsContext = null;
     if (proto.hasTransportSocket()) {
@@ -458,7 +458,7 @@ private static FilterChainMatch parseFilterChainMatch(
   @VisibleForTesting
   static io.grpc.xds.HttpConnectionManager parseHttpConnectionManager(
       HttpConnectionManager proto, FilterRegistry filterRegistry,
-      boolean isForClient) throws ResourceInvalidException {
+      boolean isForClient, XdsResourceType.Args args) throws ResourceInvalidException {
     if (proto.getXffNumTrustedHops() != 0) {
       throw new ResourceInvalidException(
           "HttpConnectionManager with xff_num_trusted_hops unsupported");
@@ -515,7 +515,7 @@ static io.grpc.xds.HttpConnectionManager parseHttpConnectionManager(
     // Parse inlined RouteConfiguration or RDS.
     if (proto.hasRouteConfig()) {
       List<VirtualHost> virtualHosts = extractVirtualHosts(
-          proto.getRouteConfig(), filterRegistry);
+          proto.getRouteConfig(), filterRegistry, args);
       return io.grpc.xds.HttpConnectionManager.forVirtualHosts(
           maxStreamDuration, virtualHosts, filterConfigs);
     }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index ca73b7d8451..0beb6dc2483 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -96,6 +96,8 @@ final class XdsNameResolver extends NameResolver {
       CallOptions.Key.create("io.grpc.xds.CLUSTER_SELECTION_KEY");
   static final CallOptions.Key<Long> RPC_HASH_KEY =
       CallOptions.Key.create("io.grpc.xds.RPC_HASH_KEY");
+  static final CallOptions.Key<Boolean> AUTO_HOST_REWRITE_KEY =
+      CallOptions.Key.create("io.grpc.xds.AUTO_HOST_REWRITE_KEY");
   @VisibleForTesting
   static boolean enableTimeout =
       Strings.isNullOrEmpty(System.getenv("GRPC_XDS_EXPERIMENTAL_ENABLE_TIMEOUT"))
@@ -217,6 +219,7 @@ public void start(Listener2 listener) {
     ldsResourceName = XdsClient.canonifyResourceName(ldsResourceName);
     callCounterProvider = SharedCallCounterMap.getInstance();
     resolveState = new ResolveState(ldsResourceName);
+
     resolveState.start();
   }
 
@@ -465,14 +468,18 @@ public Result selectConfig(PickSubchannelArgs args) {
       }
       final String finalCluster = cluster;
       final long hash = generateHash(selectedRoute.routeAction().hashPolicies(), headers);
+      Route finalSelectedRoute = selectedRoute;
       class ClusterSelectionInterceptor implements ClientInterceptor {
         @Override
         public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
             final MethodDescriptor<ReqT, RespT> method, CallOptions callOptions,
             final Channel next) {
-          final CallOptions callOptionsForCluster =
+          CallOptions callOptionsForCluster =
               callOptions.withOption(CLUSTER_SELECTION_KEY, finalCluster)
                   .withOption(RPC_HASH_KEY, hash);
+          if (finalSelectedRoute.routeAction().autoHostRewrite()) {
+            callOptionsForCluster = callOptionsForCluster.withOption(AUTO_HOST_REWRITE_KEY, true);
+          }
           return new SimpleForwardingClientCall<ReqT, RespT>(
               next.newCall(method, callOptionsForCluster)) {
             @Override
diff --git a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
index 0a3d1406dac..0e065c6ba9a 100644
--- a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
@@ -68,6 +68,9 @@
 import javax.annotation.Nullable;
 
 class XdsRouteConfigureResource extends XdsResourceType<RdsUpdate> {
+
+  private static final String GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE =
+      "GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE";
   @VisibleForTesting
   static boolean enableRouteLookup = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_RLS_LB", true);
 
@@ -128,17 +131,17 @@ protected RdsUpdate doParse(XdsResourceType.Args args, Message unpackedMessage)
       throw new ResourceInvalidException("Invalid message type: " + unpackedMessage.getClass());
     }
     return processRouteConfiguration(
-        (RouteConfiguration) unpackedMessage, FilterRegistry.getDefaultRegistry());
+        (RouteConfiguration) unpackedMessage, FilterRegistry.getDefaultRegistry(), args);
   }
 
   private static RdsUpdate processRouteConfiguration(
-      RouteConfiguration routeConfig, FilterRegistry filterRegistry)
+      RouteConfiguration routeConfig, FilterRegistry filterRegistry, XdsResourceType.Args args)
       throws ResourceInvalidException {
-    return new RdsUpdate(extractVirtualHosts(routeConfig, filterRegistry));
+    return new RdsUpdate(extractVirtualHosts(routeConfig, filterRegistry, args));
   }
 
   static List<VirtualHost> extractVirtualHosts(
-      RouteConfiguration routeConfig, FilterRegistry filterRegistry)
+      RouteConfiguration routeConfig, FilterRegistry filterRegistry, XdsResourceType.Args args)
       throws ResourceInvalidException {
     Map<String, PluginConfig> pluginConfigMap = new HashMap<>();
     ImmutableSet.Builder<String> optionalPlugins = ImmutableSet.builder();
@@ -164,7 +167,7 @@ static List<VirtualHost> extractVirtualHosts(
         : routeConfig.getVirtualHostsList()) {
       StructOrError<VirtualHost> virtualHost =
           parseVirtualHost(virtualHostProto, filterRegistry, pluginConfigMap,
-              optionalPlugins.build());
+              optionalPlugins.build(), args);
       if (virtualHost.getErrorDetail() != null) {
         throw new ResourceInvalidException(
             "RouteConfiguration contains invalid virtual host: " + virtualHost.getErrorDetail());
@@ -177,12 +180,12 @@ static List<VirtualHost> extractVirtualHosts(
   private static StructOrError<VirtualHost> parseVirtualHost(
       io.envoyproxy.envoy.config.route.v3.VirtualHost proto, FilterRegistry filterRegistry,
        Map<String, PluginConfig> pluginConfigMap,
-      Set<String> optionalPlugins) {
+      Set<String> optionalPlugins, XdsResourceType.Args args) {
     String name = proto.getName();
     List<Route> routes = new ArrayList<>(proto.getRoutesCount());
     for (io.envoyproxy.envoy.config.route.v3.Route routeProto : proto.getRoutesList()) {
       StructOrError<Route> route = parseRoute(
-          routeProto, filterRegistry, pluginConfigMap, optionalPlugins);
+          routeProto, filterRegistry, pluginConfigMap, optionalPlugins, args);
       if (route == null) {
         continue;
       }
@@ -264,7 +267,7 @@ static StructOrError<Map<String, FilterConfig>> parseOverrideFilterConfigs(
   static StructOrError<Route> parseRoute(
       io.envoyproxy.envoy.config.route.v3.Route proto, FilterRegistry filterRegistry,
       Map<String, PluginConfig> pluginConfigMap,
-      Set<String> optionalPlugins) {
+      Set<String> optionalPlugins, XdsResourceType.Args args) {
     StructOrError<RouteMatch> routeMatch = parseRouteMatch(proto.getMatch());
     if (routeMatch == null) {
       return null;
@@ -288,7 +291,7 @@ static StructOrError<Route> parseRoute(
       case ROUTE:
         StructOrError<RouteAction> routeAction =
             parseRouteAction(proto.getRoute(), filterRegistry, pluginConfigMap,
-                optionalPlugins);
+                optionalPlugins, args);
         if (routeAction == null) {
           return null;
         }
@@ -414,7 +417,7 @@ static StructOrError<HeaderMatcher> parseHeaderMatcher(
   static StructOrError<RouteAction> parseRouteAction(
       io.envoyproxy.envoy.config.route.v3.RouteAction proto, FilterRegistry filterRegistry,
       Map<String, PluginConfig> pluginConfigMap,
-      Set<String> optionalPlugins) {
+      Set<String> optionalPlugins, XdsResourceType.Args args) {
     Long timeoutNano = null;
     if (proto.hasMaxStreamDuration()) {
       io.envoyproxy.envoy.config.route.v3.RouteAction.MaxStreamDuration maxStreamDuration
@@ -470,7 +473,9 @@ static StructOrError<RouteAction> parseRouteAction(
     switch (proto.getClusterSpecifierCase()) {
       case CLUSTER:
         return StructOrError.fromStruct(RouteAction.forCluster(
-            proto.getCluster(), hashPolicies, timeoutNano, retryPolicy));
+            proto.getCluster(), hashPolicies, timeoutNano, retryPolicy,
+            GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, false)
+            && args.getServerInfo().isTrustedXdsServer() && proto.getAutoHostRewrite().getValue()));
       case CLUSTER_HEADER:
         return null;
       case WEIGHTED_CLUSTERS:
@@ -502,7 +507,9 @@ static StructOrError<RouteAction> parseRouteAction(
               UnsignedInteger.MAX_VALUE.longValue(), clusterWeightSum));
         }
         return StructOrError.fromStruct(VirtualHost.Route.RouteAction.forWeightedClusters(
-            weightedClusters, hashPolicies, timeoutNano, retryPolicy));
+            weightedClusters, hashPolicies, timeoutNano, retryPolicy,
+            GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, false)
+            && args.getServerInfo().isTrustedXdsServer() && proto.getAutoHostRewrite().getValue()));
       case CLUSTER_SPECIFIER_PLUGIN:
         if (enableRouteLookup) {
           String pluginName = proto.getClusterSpecifierPlugin();
@@ -517,7 +524,10 @@ static StructOrError<RouteAction> parseRouteAction(
           }
           NamedPluginConfig namedPluginConfig = NamedPluginConfig.create(pluginName, pluginConfig);
           return StructOrError.fromStruct(VirtualHost.Route.RouteAction.forClusterSpecifierPlugin(
-              namedPluginConfig, hashPolicies, timeoutNano, retryPolicy));
+              namedPluginConfig, hashPolicies, timeoutNano, retryPolicy,
+              GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, false)
+              && args.getServerInfo().isTrustedXdsServer()
+                  && proto.getAutoHostRewrite().getValue()));
         } else {
           return null;
         }
diff --git a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
index fe0c0050b52..90babd1e8d0 100644
--- a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
+++ b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
@@ -61,16 +61,19 @@ public abstract static class ServerInfo {
 
     public abstract boolean ignoreResourceDeletion();
 
+    public abstract boolean isTrustedXdsServer();
+
     @VisibleForTesting
     public static ServerInfo create(String target, @Nullable Object implSpecificConfig) {
-      return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig, false);
+      return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig, false, false);
     }
 
     @VisibleForTesting
     public static ServerInfo create(
-        String target, Object implSpecificConfig, boolean ignoreResourceDeletion) {
+        String target, Object implSpecificConfig, boolean ignoreResourceDeletion,
+        boolean isTrustedXdsServer) {
       return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
-          ignoreResourceDeletion);
+          ignoreResourceDeletion, isTrustedXdsServer);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index 7ef739c8048..9930417348b 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -50,6 +50,7 @@ public abstract class BootstrapperImpl extends Bootstrapper {
 
   // Server features.
   private static final String SERVER_FEATURE_IGNORE_RESOURCE_DELETION = "ignore_resource_deletion";
+  private static final String SERVER_FEATURE_TRUSTED_XDS_SERVER = "trusted_xds_server";
 
   protected final XdsLogger logger;
 
@@ -240,7 +241,9 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
         ignoreResourceDeletion = serverFeatures.contains(SERVER_FEATURE_IGNORE_RESOURCE_DELETION);
       }
       servers.add(
-          ServerInfo.create(serverUri, implSpecificConfig, ignoreResourceDeletion));
+          ServerInfo.create(serverUri, implSpecificConfig, ignoreResourceDeletion,
+              serverFeatures != null
+                  && serverFeatures.contains(SERVER_FEATURE_TRUSTED_XDS_SERVER)));
     }
     return servers.build();
   }
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index 7eba43ce278..0d18af0b04a 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
+import static io.grpc.xds.XdsNameResolver.AUTO_HOST_REWRITE_KEY;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -36,6 +37,7 @@
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.CreateSubchannelArgs;
+import io.grpc.LoadBalancer.FixedResultPicker;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancer.PickDetailsConsumer;
 import io.grpc.LoadBalancer.PickResult;
@@ -748,6 +750,106 @@ public void endpointAddressesAttachedWithClusterName() {
     }
   }
 
+  @Test
+  public void
+        endpointsWithAuthorityHostname_autoHostRewriteEnabled_pickResultHasAuthorityHostname() {
+    System.setProperty("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE", "true");
+    try {
+      LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
+      WeightedTargetConfig weightedTargetConfig =
+          buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
+      ClusterImplConfig config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO,
+          null, Collections.<DropOverload>emptyList(),
+          GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+              weightedTargetProvider, weightedTargetConfig),
+          null, Collections.emptyMap());
+      EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr1", locality,
+          "authority-host-name");
+      deliverAddressesAndConfig(Arrays.asList(endpoint1), config);
+      assertThat(downstreamBalancers).hasSize(1);  // one leaf balancer
+      FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
+      assertThat(leafBalancer.name).isEqualTo("round_robin");
+
+      // Simulates leaf load balancer creating subchannels.
+      CreateSubchannelArgs args =
+          CreateSubchannelArgs.newBuilder()
+              .setAddresses(leafBalancer.addresses)
+              .build();
+      Subchannel subchannel = leafBalancer.helper.createSubchannel(args);
+      subchannel.start(infoObject -> {
+        if (infoObject.getState() == ConnectivityState.READY) {
+          helper.updateBalancingState(
+              ConnectivityState.READY,
+              new FixedResultPicker(PickResult.withSubchannel(subchannel)));
+        }
+      });
+      assertThat(subchannel.getAttributes().get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(
+          "authority-host-name");
+      for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
+        assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_ADDRESS_NAME))
+            .isEqualTo("authority-host-name");
+      }
+
+      leafBalancer.deliverSubchannelState(subchannel, ConnectivityState.READY);
+      assertThat(currentState).isEqualTo(ConnectivityState.READY);
+      PickDetailsConsumer detailsConsumer = mock(PickDetailsConsumer.class);
+      pickSubchannelArgs = new PickSubchannelArgsImpl(
+          TestMethodDescriptors.voidMethod(), new Metadata(),
+          CallOptions.DEFAULT.withOption(AUTO_HOST_REWRITE_KEY, true), detailsConsumer);
+      PickResult result = currentPicker.pickSubchannel(pickSubchannelArgs);
+      assertThat(result.getAuthorityOverride()).isEqualTo("authority-host-name");
+    } finally {
+      System.clearProperty("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE");
+    }
+  }
+
+  @Test
+  public void
+        endpointWithAuthorityHostname_autoHostRewriteNotEnabled_pickResultNoAuthorityHostname() {
+    LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
+    WeightedTargetConfig weightedTargetConfig =
+        buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
+    ClusterImplConfig config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO,
+        null, Collections.<DropOverload>emptyList(),
+        GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+            weightedTargetProvider, weightedTargetConfig),
+        null, Collections.emptyMap());
+    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr1", locality,
+        "authority-host-name");
+    deliverAddressesAndConfig(Arrays.asList(endpoint1), config);
+    assertThat(downstreamBalancers).hasSize(1);  // one leaf balancer
+    FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
+    assertThat(leafBalancer.name).isEqualTo("round_robin");
+
+    // Simulates leaf load balancer creating subchannels.
+    CreateSubchannelArgs args =
+        CreateSubchannelArgs.newBuilder()
+            .setAddresses(leafBalancer.addresses)
+            .build();
+    Subchannel subchannel = leafBalancer.helper.createSubchannel(args);
+    subchannel.start(infoObject -> {
+      if (infoObject.getState() == ConnectivityState.READY) {
+        helper.updateBalancingState(
+            ConnectivityState.READY,
+            new FixedResultPicker(PickResult.withSubchannel(subchannel)));
+      }
+    });
+    // Sub Channel wrapper args won't have the address name although addresses will.
+    assertThat(subchannel.getAttributes().get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isNull();
+    for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
+      assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_ADDRESS_NAME))
+          .isEqualTo("authority-host-name");
+    }
+
+    leafBalancer.deliverSubchannelState(subchannel, ConnectivityState.READY);
+    assertThat(currentState).isEqualTo(ConnectivityState.READY);
+    PickDetailsConsumer detailsConsumer = mock(PickDetailsConsumer.class);
+    pickSubchannelArgs = new PickSubchannelArgsImpl(
+        TestMethodDescriptors.voidMethod(), new Metadata(), CallOptions.DEFAULT, detailsConsumer);
+    PickResult result = currentPicker.pickSubchannel(pickSubchannelArgs);
+    assertThat(result.getAuthorityOverride()).isNull();
+  }
+
   @Test
   public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
     UpstreamTlsContext upstreamTlsContext =
@@ -848,6 +950,11 @@ private WeightedTargetConfig buildWeightedTargetConfig(Map<Locality, Integer> lo
    * Create a locality-labeled address.
    */
   private static EquivalentAddressGroup makeAddress(final String name, Locality locality) {
+    return makeAddress(name, locality, null);
+  }
+
+  private static EquivalentAddressGroup makeAddress(final String name, Locality locality,
+      String authorityHostname) {
     class FakeSocketAddress extends SocketAddress {
       private final String name;
 
@@ -878,12 +985,15 @@ public String toString() {
       }
     }
 
+    Attributes.Builder attributes = Attributes.newBuilder()
+        .set(InternalXdsAttributes.ATTR_LOCALITY, locality)
+        // Unique but arbitrary string
+        .set(InternalXdsAttributes.ATTR_LOCALITY_NAME, locality.toString());
+    if (authorityHostname != null) {
+      attributes.set(InternalXdsAttributes.ATTR_ADDRESS_NAME, authorityHostname);
+    }
     EquivalentAddressGroup eag = new EquivalentAddressGroup(new FakeSocketAddress(name),
-        Attributes.newBuilder()
-          .set(InternalXdsAttributes.ATTR_LOCALITY, locality)
-          // Unique but arbitrary string
-          .set(InternalXdsAttributes.ATTR_LOCALITY_NAME, locality.toString())
-          .build());
+        attributes.build());
     return AddressFilter.setPathFilter(eag, Collections.singletonList(locality.toString()));
   }
 
@@ -948,6 +1058,16 @@ public void shutdown() {
       downstreamBalancers.remove(this);
     }
 
+    void deliverSubchannelState(final Subchannel subchannel, ConnectivityState state) {
+      SubchannelPicker picker = new SubchannelPicker() {
+        @Override
+        public PickResult pickSubchannel(PickSubchannelArgs args) {
+          return PickResult.withSubchannel(subchannel);
+        }
+      };
+      helper.updateBalancingState(state, picker);
+    }
+
     Subchannel createSubChannel() {
       Subchannel subchannel = helper.createSubchannel(
           CreateSubchannelArgs.newBuilder().setAddresses(addresses).build());
@@ -1078,6 +1198,7 @@ public void setConnectedEagIndex(int eagIndex) {
   }
 
   private final class FakeXdsClient extends XdsClient {
+
     @Override
     public ClusterDropStats addClusterDropStats(
         ServerInfo lrsServerInfo, String clusterName, @Nullable String edsServiceName) {
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 0ecd77b12cb..29c46963da3 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -61,7 +61,6 @@
 import io.grpc.internal.ObjectPool;
 import io.grpc.util.GracefulSwitchLoadBalancer;
 import io.grpc.util.GracefulSwitchLoadBalancerAccessor;
-import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
 import io.grpc.util.OutlierDetectionLoadBalancerProvider;
 import io.grpc.xds.ClusterImplLoadBalancerProvider.ClusterImplConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
@@ -253,13 +252,13 @@ public void edsClustersWithRingHashEndpointLbPolicy() {
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint1, 0 /* loadBalancingWeight */, true),
-                LbEndpoint.create(endpoint2, 0 /* loadBalancingWeight */, true)),
+                LbEndpoint.create(endpoint1, 0 /* loadBalancingWeight */, true, "hostname1"),
+                LbEndpoint.create(endpoint2, 0 /* loadBalancingWeight */, true, "hostname2")),
             10 /* localityWeight */, 1 /* priority */);
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
             Collections.singletonList(
-                LbEndpoint.create(endpoint3, 60 /* loadBalancingWeight */, true)),
+                LbEndpoint.create(endpoint3, 60 /* loadBalancingWeight */, true, "hostname3")),
             50 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
@@ -313,7 +312,7 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true)),
+                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true, "hostname1")),
             100 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
@@ -329,7 +328,7 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
     PriorityChildConfig priorityChildConfig =
         Iterables.getOnlyElement(priorityLbConfig.childConfigs.values());
     assertThat(GracefulSwitchLoadBalancerAccessor.getChildProvider(priorityChildConfig.childConfig)
-          .getPolicyName())
+        .getPolicyName())
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
@@ -347,7 +346,7 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
   }
 
   @Test
-  public void edsClustersWithOutlierDetection() {
+  public void edsClustersEndpointHostname_addedToAddressAttribute() {
     ClusterResolverConfig config = new ClusterResolverConfig(
         Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection), leastRequest);
     deliverLbConfig(config);
@@ -359,76 +358,17 @@ public void edsClustersWithOutlierDetection() {
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true)),
+                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true, "hostname1")),
             100 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
         ImmutableMap.of(locality1, localityLbEndpoints));
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(childBalancer.addresses).hasSize(1);
-    EquivalentAddressGroup addr = childBalancer.addresses.get(0);
-    assertThat(addr.getAddresses()).isEqualTo(endpoint.getAddresses());
-    assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
-    PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
-    assertThat(priorityLbConfig.priorities).containsExactly(CLUSTER1 + "[child1]");
-    PriorityChildConfig priorityChildConfig =
-        Iterables.getOnlyElement(priorityLbConfig.childConfigs.values());
-
-    // The child config for priority should be outlier detection.
-    assertThat(GracefulSwitchLoadBalancerAccessor.getChildProvider(priorityChildConfig.childConfig)
-          .getPolicyName())
-        .isEqualTo("outlier_detection_experimental");
-    OutlierDetectionLoadBalancerConfig outlierDetectionConfig = (OutlierDetectionLoadBalancerConfig)
-        GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
-
-    // The outlier detection config should faithfully represent what came down from xDS.
-    assertThat(outlierDetectionConfig.intervalNanos).isEqualTo(outlierDetection.intervalNanos());
-    assertThat(outlierDetectionConfig.baseEjectionTimeNanos).isEqualTo(
-        outlierDetection.baseEjectionTimeNanos());
-    assertThat(outlierDetectionConfig.baseEjectionTimeNanos).isEqualTo(
-        outlierDetection.baseEjectionTimeNanos());
-    assertThat(outlierDetectionConfig.maxEjectionTimeNanos).isEqualTo(
-        outlierDetection.maxEjectionTimeNanos());
-    assertThat(outlierDetectionConfig.maxEjectionPercent).isEqualTo(
-        outlierDetection.maxEjectionPercent());
-
-    OutlierDetectionLoadBalancerConfig.SuccessRateEjection successRateEjection
-        = outlierDetectionConfig.successRateEjection;
-    assertThat(successRateEjection.stdevFactor).isEqualTo(
-        outlierDetection.successRateEjection().stdevFactor());
-    assertThat(successRateEjection.enforcementPercentage).isEqualTo(
-        outlierDetection.successRateEjection().enforcementPercentage());
-    assertThat(successRateEjection.minimumHosts).isEqualTo(
-        outlierDetection.successRateEjection().minimumHosts());
-    assertThat(successRateEjection.requestVolume).isEqualTo(
-        outlierDetection.successRateEjection().requestVolume());
-
-    OutlierDetectionLoadBalancerConfig.FailurePercentageEjection failurePercentageEjection
-        = outlierDetectionConfig.failurePercentageEjection;
-    assertThat(failurePercentageEjection.threshold).isEqualTo(
-        outlierDetection.failurePercentageEjection().threshold());
-    assertThat(failurePercentageEjection.enforcementPercentage).isEqualTo(
-        outlierDetection.failurePercentageEjection().enforcementPercentage());
-    assertThat(failurePercentageEjection.minimumHosts).isEqualTo(
-        outlierDetection.failurePercentageEjection().minimumHosts());
-    assertThat(failurePercentageEjection.requestVolume).isEqualTo(
-        outlierDetection.failurePercentageEjection().requestVolume());
-
-    // The wrapped configuration should not have been tampered with.
-    ClusterImplConfig clusterImplConfig = (ClusterImplConfig)
-        GracefulSwitchLoadBalancerAccessor.getChildConfig(outlierDetectionConfig.childConfig);
-    assertClusterImplConfig(clusterImplConfig, CLUSTER1, EDS_SERVICE_NAME1, LRS_SERVER_INFO, 100L,
-        tlsContext, Collections.<DropOverload>emptyList(), WRR_LOCALITY_POLICY_NAME);
-    WrrLocalityConfig wrrLocalityConfig = (WrrLocalityConfig)
-        GracefulSwitchLoadBalancerAccessor.getChildConfig(clusterImplConfig.childConfig);
-    LoadBalancerProvider childProvider =
-        GracefulSwitchLoadBalancerAccessor.getChildProvider(wrrLocalityConfig.childConfig);
-    assertThat(childProvider.getPolicyName()).isEqualTo("least_request_experimental");
 
     assertThat(
         childBalancer.addresses.get(0).getAttributes()
-            .get(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT)).isEqualTo(100);
+            .get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo("hostname1");
   }
 
 
@@ -449,16 +389,16 @@ public void onlyEdsClusters_receivedEndpoints() {
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint1, 100, true),
-                LbEndpoint.create(endpoint2, 100, true)),
+                LbEndpoint.create(endpoint1, 100, true, "hostname1"),
+                LbEndpoint.create(endpoint2, 100, true, "hostname1")),
             70 /* localityWeight */, 1 /* priority */);
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true)),
+            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true, "hostname2")),
             10 /* localityWeight */, 1 /* priority */);
     LocalityLbEndpoints localityLbEndpoints3 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint4, 100, true)),
+            Collections.singletonList(LbEndpoint.create(endpoint4, 100, true, "hostname3")),
             20 /* localityWeight */, 2 /* priority */);
     String priority1 = CLUSTER2 + "[child1]";
     String priority2 = CLUSTER2 + "[child2]";
@@ -613,8 +553,8 @@ locality2, createEndpoints(1)
   private LocalityLbEndpoints createEndpoints(int priority) {
     return LocalityLbEndpoints.create(
         Arrays.asList(
-            LbEndpoint.create(makeAddress("endpoint-addr-1"), 100, true),
-            LbEndpoint.create(makeAddress("endpoint-addr-2"), 100, true)),
+            LbEndpoint.create(makeAddress("endpoint-addr-1"), 100, true, "hostname1"),
+            LbEndpoint.create(makeAddress("endpoint-addr-2"), 100, true, "hostname2")),
         70 /* localityWeight */, priority /* priority */);
   }
 
@@ -652,11 +592,11 @@ public void onlyEdsClusters_allResourcesRevoked_shutDownChildLbPolicy() {
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true)),
+            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true, "hostname1")),
             10 /* localityWeight */, 1 /* priority */);
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint2, 100, true)),
+            Collections.singletonList(LbEndpoint.create(endpoint2, 100, true, "hostname2")),
             20 /* localityWeight */, 2 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints1));
@@ -686,8 +626,8 @@ public void handleEdsResource_ignoreUnhealthyEndpoints() {
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint1, 100, false /* isHealthy */),
-                LbEndpoint.create(endpoint2, 100, true /* isHealthy */)),
+                LbEndpoint.create(endpoint1, 100, false /* isHealthy */, "hostname1"),
+                LbEndpoint.create(endpoint2, 100, true /* isHealthy */, "hostname2")),
             10 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
@@ -705,11 +645,13 @@ public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */)),
+            Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
+                "hostname1")),
             10 /* localityWeight */, 1 /* priority */);
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint2, 100, true /* isHealthy */)),
+            Collections.singletonList(LbEndpoint.create(endpoint2, 100, true /* isHealthy */,
+                "hostname2")),
             10 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
@@ -730,11 +672,13 @@ public void handleEdsResource_ignorePrioritiesWithNoHealthyEndpoints() {
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */)),
+            Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
+                "hostname1")),
             10 /* localityWeight */, 1 /* priority */);
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint2, 200, true /* isHealthy */)),
+            Collections.singletonList(LbEndpoint.create(endpoint2, 200, true /* isHealthy */,
+                "hostname2")),
             10 /* localityWeight */, 2 /* priority */);
     String priority2 = CLUSTER1 + "[child2]";
     xdsClient.deliverClusterLoadAssignment(
@@ -753,7 +697,8 @@ public void handleEdsResource_noHealthyEndpoint() {
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint, 100, false /* isHealthy */)),
+            Collections.singletonList(LbEndpoint.create(endpoint, 100, false /* isHealthy */,
+                "hostname1")),
             10 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(EDS_SERVICE_NAME1,
         Collections.singletonMap(locality1, localityLbEndpoints));  // single endpoint, unhealthy
@@ -794,6 +739,11 @@ public void onlyLogicalDnsCluster_endpointsResolved() {
     assertClusterImplConfig(clusterImplConfig, CLUSTER_DNS, null, LRS_SERVER_INFO, 300L, null,
         Collections.<DropOverload>emptyList(), "pick_first");
     assertAddressesEqual(Arrays.asList(endpoint1, endpoint2), childBalancer.addresses);
+    assertThat(childBalancer.addresses.get(0).getAttributes()
+        .get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
+    assertThat(childBalancer.addresses.get(1).getAttributes()
+        .get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
+
   }
 
   @Test
@@ -912,7 +862,7 @@ public void edsClustersAndLogicalDnsCluster_receivedEndpoints() {
     resolver.deliverEndpointAddresses(Arrays.asList(endpoint1, endpoint2));
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true)),
+            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true, "hostname3")),
             10 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
@@ -969,7 +919,7 @@ public void edsResourceRevoked_dnsResolutionError_shutDownChildLbPolicyAndReturn
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint, 100, true)),
+            Collections.singletonList(LbEndpoint.create(endpoint, 100, true, "hostname1")),
             10 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
@@ -1000,7 +950,7 @@ public void resolutionErrorAfterChildLbCreated_propagateErrorIfAllClustersEncoun
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint, 100, true)),
+            Collections.singletonList(LbEndpoint.create(endpoint, 100, true, "hostname1")),
             10 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
@@ -1093,7 +1043,7 @@ public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThroug
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true)),
+            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true, "hostname1")),
             10 /* localityWeight */, 1 /* priority */);
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
@@ -1202,6 +1152,7 @@ public String toString() {
   }
 
   private static final class FakeXdsClient extends XdsClient {
+
     private final Map<String, ResourceWatcher<EdsUpdate>> watchers = new HashMap<>();
 
     @Override
diff --git a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
index 1ddf9620434..69fde29a0a9 100644
--- a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
+++ b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
@@ -22,7 +22,9 @@
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_RDS;
 
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Lists;
 import com.google.protobuf.Any;
+import com.google.protobuf.BoolValue;
 import com.google.protobuf.Message;
 import com.google.protobuf.UInt32Value;
 import io.envoyproxy.envoy.config.cluster.v3.Cluster;
@@ -159,7 +161,7 @@ public Server getServer() {
                 "channel_creds", Collections.singletonList(
                     ImmutableMap.of("type", "insecure")
                 ),
-                "server_features", Collections.singletonList("xds_v3")
+                "server_features", Lists.newArrayList("xds_v3", "trusted_xds_server")
             )
         ),
         "server_listener_resource_name_template", SERVER_LISTENER_TEMPLATE_NO_REPLACEMENT
@@ -197,7 +199,9 @@ static RouteConfiguration buildRouteConfiguration(String authority) {
                 .setMatch(
                     RouteMatch.newBuilder().setPrefix("/").build())
                 .setRoute(
-                    RouteAction.newBuilder().setCluster(CLUSTER_NAME).build()).build()).build();
+                    RouteAction.newBuilder().setCluster(CLUSTER_NAME)
+                        .setAutoHostRewrite(BoolValue.newBuilder().setValue(true).build())
+                        .build()).build()).build();
     return RouteConfiguration.newBuilder().setName(RDS_NAME).addVirtualHosts(virtualHost).build();
   }
 
@@ -223,7 +227,8 @@ static Cluster buildCluster() {
   /**
    * Builds a new default EDS configuration.
    */
-  static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, int port) {
+  static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, String endpointHostname,
+      int port) {
     Address address = Address.newBuilder()
         .setSocketAddress(
             SocketAddress.newBuilder().setAddress(hostName).setPortValue(port).build()).build();
@@ -233,7 +238,8 @@ static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, int por
         .addLbEndpoints(
             LbEndpoint.newBuilder()
                 .setEndpoint(
-                    Endpoint.newBuilder().setAddress(address).build())
+                    Endpoint.newBuilder()
+                        .setAddress(address).setHostname(endpointHostname).build())
                 .setHealthStatus(HealthStatus.HEALTHY)
                 .build()).build();
     return ClusterLoadAssignment.newBuilder()
diff --git a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
index 63b9cda043c..8166027033f 100644
--- a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
+++ b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
@@ -506,7 +506,6 @@ public Collection<String> getSubscribedResources(ServerInfo serverInfo,
     public Map<String, XdsResourceType<?>> getSubscribedResourceTypesWithTypeUrl() {
       return ImmutableMap.of();
     }
-
   }
 
   private static class FakeXdsClientPoolFactory implements XdsClientPoolFactory {
diff --git a/xds/src/test/java/io/grpc/xds/DataPlaneRule.java b/xds/src/test/java/io/grpc/xds/DataPlaneRule.java
index faa79444071..b308419d142 100644
--- a/xds/src/test/java/io/grpc/xds/DataPlaneRule.java
+++ b/xds/src/test/java/io/grpc/xds/DataPlaneRule.java
@@ -48,6 +48,7 @@ public class DataPlaneRule extends TestWatcher {
   private static final Logger logger = Logger.getLogger(DataPlaneRule.class.getName());
 
   private static final String SERVER_HOST_NAME = "test-server";
+  static final String ENDPOINT_HOST_NAME = "endpoint-host-name";
   private static final String SCHEME = "test-xds";
 
   private final ControlPlaneRule controlPlane;
@@ -73,7 +74,8 @@ public Server getServer() {
    */
   public ManagedChannel getManagedChannel() {
     ManagedChannel channel = Grpc.newChannelBuilder(SCHEME + ":///" + SERVER_HOST_NAME,
-        InsecureChannelCredentials.create()).build();
+        InsecureChannelCredentials.create())
+        .build();
     channels.add(channel);
     return channel;
   }
@@ -98,7 +100,7 @@ protected void starting(Description description) {
     InetSocketAddress edsInetSocketAddress = (InetSocketAddress) server.getListenSockets().get(0);
     controlPlane.setEdsConfig(
         ControlPlaneRule.buildClusterLoadAssignment(edsInetSocketAddress.getHostName(),
-            edsInetSocketAddress.getPort()));
+            ENDPOINT_HOST_NAME, edsInetSocketAddress.getPort()));
   }
 
   @Override
@@ -124,10 +126,12 @@ protected void finished(Description description) {
   }
 
   private void startServer(Map<String, ?> bootstrapOverride) throws Exception {
+    final String[] authority = new String[1];
     ServerInterceptor metadataInterceptor = new ServerInterceptor() {
       @Override
       public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> call,
           Metadata requestHeaders, ServerCallHandler<ReqT, RespT> next) {
+        authority[0] = call.getAuthority();
         logger.fine("Received following metadata: " + requestHeaders);
 
         // Make a copy of the headers so that it can be read in a thread-safe manner when copying
@@ -155,8 +159,12 @@ public void close(Status status, Metadata trailers) {
           @Override
           public void unaryRpc(
               SimpleRequest request, StreamObserver<SimpleResponse> responseObserver) {
+            String responseMsg = "Hi, xDS!";
+            if (authority[0] != null) {
+              responseMsg += " Authority= " + authority[0];
+            }
             SimpleResponse response =
-                SimpleResponse.newBuilder().setResponseMessage("Hi, xDS!").build();
+                SimpleResponse.newBuilder().setResponseMessage(responseMsg).build();
             responseObserver.onNext(response);
             responseObserver.onCompleted();
           }
diff --git a/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java b/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
index 30c2403396e..a3106bd20ae 100644
--- a/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
+++ b/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
@@ -18,6 +18,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.xds.DataPlaneRule.ENDPOINT_HOST_NAME;
 import static org.junit.Assert.assertEquals;
 
 import com.github.xds.type.v3.TypedStruct;
@@ -91,11 +92,29 @@ public void pingPong() throws Exception {
     SimpleRequest request = SimpleRequest.newBuilder()
         .build();
     SimpleResponse goldenResponse = SimpleResponse.newBuilder()
-        .setResponseMessage("Hi, xDS!")
+        .setResponseMessage("Hi, xDS! Authority= test-server")
         .build();
     assertEquals(goldenResponse, blockingStub.unaryRpc(request));
   }
 
+  @Test
+  public void pingPong_edsEndpoint_authorityOverride() throws Exception {
+    System.setProperty("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE", "true");
+    try {
+      ManagedChannel channel = dataPlane.getManagedChannel();
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = SimpleServiceGrpc.newBlockingStub(
+          channel);
+      SimpleRequest request = SimpleRequest.newBuilder()
+          .build();
+      SimpleResponse goldenResponse = SimpleResponse.newBuilder()
+          .setResponseMessage("Hi, xDS! Authority= " + ENDPOINT_HOST_NAME)
+          .build();
+      assertEquals(goldenResponse, blockingStub.unaryRpc(request));
+    } finally {
+      System.clearProperty("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE");
+    }
+  }
+
   @Test
   public void pingPong_metadataLoadBalancer() throws Exception {
     MetadataLoadBalancerProvider metadataLbProvider = new MetadataLoadBalancerProvider();
@@ -129,7 +148,7 @@ public void pingPong_metadataLoadBalancer() throws Exception {
       SimpleRequest request = SimpleRequest.newBuilder()
           .build();
       SimpleResponse goldenResponse = SimpleResponse.newBuilder()
-          .setResponseMessage("Hi, xDS!")
+          .setResponseMessage("Hi, xDS! Authority= test-server")
           .build();
       assertEquals(goldenResponse, blockingStub.unaryRpc(request));
 
@@ -183,38 +202,43 @@ public void pingPong_ringHash() {
     SimpleRequest request = SimpleRequest.newBuilder()
         .build();
     SimpleResponse goldenResponse = SimpleResponse.newBuilder()
-        .setResponseMessage("Hi, xDS!")
+        .setResponseMessage("Hi, xDS! Authority= test-server")
         .build();
     assertEquals(goldenResponse, blockingStub.unaryRpc(request));
   }
 
   @Test
-  public void pingPong_logicalDns() {
-    InetSocketAddress serverAddress =
-        (InetSocketAddress) dataPlane.getServer().getListenSockets().get(0);
-    controlPlane.setCdsConfig(
-        ControlPlaneRule.buildCluster().toBuilder()
-            .setType(Cluster.DiscoveryType.LOGICAL_DNS)
-            .setLoadAssignment(
-                ClusterLoadAssignment.newBuilder().addEndpoints(
-                    LocalityLbEndpoints.newBuilder().addLbEndpoints(
-                        LbEndpoint.newBuilder().setEndpoint(
-                            Endpoint.newBuilder().setAddress(
-                                Address.newBuilder().setSocketAddress(
-                                    SocketAddress.newBuilder()
-                                        .setAddress("localhost")
-                                        .setPortValue(serverAddress.getPort()))))))
-                .build())
-            .build());
-
-    ManagedChannel channel = dataPlane.getManagedChannel();
-    SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = SimpleServiceGrpc.newBlockingStub(
-        channel);
-    SimpleRequest request = SimpleRequest.newBuilder()
-        .build();
-    SimpleResponse goldenResponse = SimpleResponse.newBuilder()
-        .setResponseMessage("Hi, xDS!")
-        .build();
-    assertEquals(goldenResponse, blockingStub.unaryRpc(request));
+  public void pingPong_logicalDns_authorityOverride() {
+    System.setProperty("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE", "true");
+    try {
+      InetSocketAddress serverAddress =
+          (InetSocketAddress) dataPlane.getServer().getListenSockets().get(0);
+      controlPlane.setCdsConfig(
+          ControlPlaneRule.buildCluster().toBuilder()
+              .setType(Cluster.DiscoveryType.LOGICAL_DNS)
+              .setLoadAssignment(
+                  ClusterLoadAssignment.newBuilder().addEndpoints(
+                          LocalityLbEndpoints.newBuilder().addLbEndpoints(
+                              LbEndpoint.newBuilder().setEndpoint(
+                                  Endpoint.newBuilder().setAddress(
+                                      Address.newBuilder().setSocketAddress(
+                                          SocketAddress.newBuilder()
+                                              .setAddress("localhost")
+                                              .setPortValue(serverAddress.getPort()))))))
+                      .build())
+              .build());
+
+      ManagedChannel channel = dataPlane.getManagedChannel();
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = SimpleServiceGrpc.newBlockingStub(
+          channel);
+      SimpleRequest request = SimpleRequest.newBuilder()
+          .build();
+      SimpleResponse goldenResponse = SimpleResponse.newBuilder()
+          .setResponseMessage("Hi, xDS! Authority= localhost:" + serverAddress.getPort())
+          .build();
+      assertEquals(goldenResponse, blockingStub.unaryRpc(request));
+    } finally {
+      System.clearProperty("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE");
+    }
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
index 30ea76b54f2..475b6e00a07 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
@@ -627,6 +627,28 @@ public void serverFeatureIgnoreResourceDeletion() throws XdsInitializationExcept
     assertThat(serverInfo.ignoreResourceDeletion()).isTrue();
   }
 
+  @Test
+  public void serverFeatureTrustedXdsServer() throws XdsInitializationException {
+    String rawData = "{\n"
+        + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [\n"
+        + "        {\"type\": \"insecure\"}\n"
+        + "      ],\n"
+        + "      \"server_features\": [\"trusted_xds_server\"]\n"
+        + "    }\n"
+        + "  ]\n"
+        + "}";
+
+    bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
+    BootstrapInfo info = bootstrapper.bootstrap();
+    ServerInfo serverInfo = Iterables.getOnlyElement(info.servers());
+    assertThat(serverInfo.target()).isEqualTo(SERVER_URI);
+    assertThat(serverInfo.implSpecificConfig()).isInstanceOf(InsecureChannelCredentials.class);
+    assertThat(serverInfo.isTrustedXdsServer()).isTrue();
+  }
+
   @Test
   public void serverFeatureIgnoreResourceDeletion_xdsV3() throws XdsInitializationException {
     String rawData = "{\n"
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index a23e7177c29..87e875e75f6 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -166,6 +166,8 @@ public class GrpcXdsClientImplDataTest {
 
   private static final ServerInfo LRS_SERVER_INFO =
       ServerInfo.create("lrs.googleapis.com", InsecureChannelCredentials.create());
+  private static final String GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE =
+      "GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE";
 
   @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
   @Rule
@@ -203,7 +205,7 @@ public void parseRoute_withRouteAction() {
                     .setCluster("cluster-foo"))
             .build();
     StructOrError<Route> struct = XdsRouteConfigureResource.parseRoute(
-        proto, filterRegistry, ImmutableMap.of(), ImmutableSet.of());
+        proto, filterRegistry, ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct())
         .isEqualTo(
@@ -211,7 +213,7 @@ public void parseRoute_withRouteAction() {
                 RouteMatch.create(PathMatcher.fromPath("/service/method", false),
                     Collections.<HeaderMatcher>emptyList(), null),
                 RouteAction.forCluster(
-                    "cluster-foo", Collections.<HashPolicy>emptyList(), null, null),
+                    "cluster-foo", Collections.<HashPolicy>emptyList(), null, null, false),
                 ImmutableMap.<String, FilterConfig>of()));
   }
 
@@ -226,7 +228,7 @@ public void parseRoute_withNonForwardingAction() {
             .setNonForwardingAction(NonForwardingAction.getDefaultInstance())
             .build();
     StructOrError<Route> struct = XdsRouteConfigureResource.parseRoute(
-        proto, filterRegistry, ImmutableMap.of(), ImmutableSet.of());
+        proto, filterRegistry, ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct())
         .isEqualTo(
             Route.forNonForwardingAction(
@@ -245,7 +247,8 @@ public void parseRoute_withUnsupportedActionTypes() {
             .setRedirect(RedirectAction.getDefaultInstance())
             .build();
     res = XdsRouteConfigureResource.parseRoute(
-        redirectRoute, filterRegistry, ImmutableMap.of(), ImmutableSet.of());
+        redirectRoute, filterRegistry, ImmutableMap.of(), ImmutableSet.of(),
+        getXdsResourceTypeArgs(true));
     assertThat(res.getStruct()).isNull();
     assertThat(res.getErrorDetail())
         .isEqualTo("Route [route-blade] with unknown action type: REDIRECT");
@@ -257,7 +260,8 @@ public void parseRoute_withUnsupportedActionTypes() {
             .setDirectResponse(DirectResponseAction.getDefaultInstance())
             .build();
     res = XdsRouteConfigureResource.parseRoute(
-        directResponseRoute, filterRegistry, ImmutableMap.of(), ImmutableSet.of());
+        directResponseRoute, filterRegistry, ImmutableMap.of(), ImmutableSet.of(),
+        getXdsResourceTypeArgs(true));
     assertThat(res.getStruct()).isNull();
     assertThat(res.getErrorDetail())
         .isEqualTo("Route [route-blade] with unknown action type: DIRECT_RESPONSE");
@@ -269,7 +273,8 @@ public void parseRoute_withUnsupportedActionTypes() {
             .setFilterAction(FilterAction.getDefaultInstance())
             .build();
     res = XdsRouteConfigureResource.parseRoute(
-        filterRoute, filterRegistry, ImmutableMap.of(), ImmutableSet.of());
+        filterRoute, filterRegistry, ImmutableMap.of(), ImmutableSet.of(),
+        getXdsResourceTypeArgs(true));
     assertThat(res.getStruct()).isNull();
     assertThat(res.getErrorDetail())
         .isEqualTo("Route [route-blade] with unknown action type: FILTER_ACTION");
@@ -291,7 +296,8 @@ public void parseRoute_skipRouteWithUnsupportedMatcher() {
                     .setCluster("cluster-foo"))
             .build();
     assertThat(XdsRouteConfigureResource.parseRoute(
-            proto, filterRegistry, ImmutableMap.of(), ImmutableSet.of()))
+            proto, filterRegistry, ImmutableMap.of(), ImmutableSet.of(),
+            getXdsResourceTypeArgs(true)))
         .isNull();
   }
 
@@ -308,7 +314,8 @@ public void parseRoute_skipRouteWithUnsupportedAction() {
                     .setClusterHeader("cluster header"))  // cluster_header action not supported
             .build();
     assertThat(XdsRouteConfigureResource.parseRoute(
-            proto, filterRegistry, ImmutableMap.of(), ImmutableSet.of()))
+            proto, filterRegistry, ImmutableMap.of(), ImmutableSet.of(),
+            getXdsResourceTypeArgs(true)))
         .isNull();
   }
 
@@ -518,10 +525,48 @@ public void parseRouteAction_withCluster() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-          ImmutableMap.of(), ImmutableSet.of());
+          ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct().cluster()).isEqualTo("cluster-foo");
     assertThat(struct.getStruct().weightedClusters()).isNull();
+    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
+  }
+
+  @Test
+  public void parseRouteAction_withCluster_autoHostRewriteEnabled() {
+    System.setProperty(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, "true");
+    try {
+      io.envoyproxy.envoy.config.route.v3.RouteAction proto =
+          io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()
+              .setCluster("cluster-foo")
+              .setAutoHostRewrite(BoolValue.of(true))
+              .build();
+      StructOrError<RouteAction> struct =
+          XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
+              ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
+      assertThat(struct.getErrorDetail()).isNull();
+      assertThat(struct.getStruct().cluster()).isEqualTo("cluster-foo");
+      assertThat(struct.getStruct().weightedClusters()).isNull();
+      assertThat(struct.getStruct().autoHostRewrite()).isTrue();
+    } finally {
+      System.clearProperty(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE);
+    }
+  }
+
+  @Test
+  public void parseRouteAction_withCluster_flagDisabled_autoHostRewriteNotEnabled() {
+    io.envoyproxy.envoy.config.route.v3.RouteAction proto =
+        io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()
+            .setCluster("cluster-foo")
+            .setAutoHostRewrite(BoolValue.of(true))
+            .build();
+    StructOrError<RouteAction> struct =
+        XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
+            ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
+    assertThat(struct.getErrorDetail()).isNull();
+    assertThat(struct.getStruct().cluster()).isEqualTo("cluster-foo");
+    assertThat(struct.getStruct().weightedClusters()).isNull();
+    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
   }
 
   @Test
@@ -542,12 +587,74 @@ public void parseRouteAction_withWeightedCluster() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-          ImmutableMap.of(), ImmutableSet.of());
+          ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
+    assertThat(struct.getErrorDetail()).isNull();
+    assertThat(struct.getStruct().cluster()).isNull();
+    assertThat(struct.getStruct().weightedClusters()).containsExactly(
+        ClusterWeight.create("cluster-foo", 30, ImmutableMap.<String, FilterConfig>of()),
+        ClusterWeight.create("cluster-bar", 70, ImmutableMap.<String, FilterConfig>of()));
+    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
+  }
+
+  @Test
+  public void parseRouteAction_withWeightedCluster_autoHostRewriteEnabled() {
+    System.setProperty(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, "true");
+    try {
+      io.envoyproxy.envoy.config.route.v3.RouteAction proto =
+          io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()
+              .setWeightedClusters(
+                  WeightedCluster.newBuilder()
+                      .addClusters(
+                          WeightedCluster.ClusterWeight
+                              .newBuilder()
+                              .setName("cluster-foo")
+                              .setWeight(UInt32Value.newBuilder().setValue(30)))
+                      .addClusters(WeightedCluster.ClusterWeight
+                          .newBuilder()
+                          .setName("cluster-bar")
+                          .setWeight(UInt32Value.newBuilder().setValue(70))))
+              .setAutoHostRewrite(BoolValue.of(true))
+              .build();
+      StructOrError<RouteAction> struct =
+          XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
+              ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
+      assertThat(struct.getErrorDetail()).isNull();
+      assertThat(struct.getStruct().cluster()).isNull();
+      assertThat(struct.getStruct().weightedClusters()).containsExactly(
+          ClusterWeight.create("cluster-foo", 30, ImmutableMap.<String, FilterConfig>of()),
+          ClusterWeight.create("cluster-bar", 70, ImmutableMap.<String, FilterConfig>of()));
+      assertThat(struct.getStruct().autoHostRewrite()).isTrue();
+    } finally {
+      System.clearProperty(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE);
+    }
+  }
+
+  @Test
+  public void parseRouteAction_withWeightedCluster_flagDisabled_autoHostRewriteDisabled() {
+    io.envoyproxy.envoy.config.route.v3.RouteAction proto =
+        io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()
+            .setWeightedClusters(
+                WeightedCluster.newBuilder()
+                    .addClusters(
+                        WeightedCluster.ClusterWeight
+                            .newBuilder()
+                            .setName("cluster-foo")
+                            .setWeight(UInt32Value.newBuilder().setValue(30)))
+                    .addClusters(WeightedCluster.ClusterWeight
+                        .newBuilder()
+                        .setName("cluster-bar")
+                        .setWeight(UInt32Value.newBuilder().setValue(70))))
+            .setAutoHostRewrite(BoolValue.of(true))
+            .build();
+    StructOrError<RouteAction> struct =
+        XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
+            ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct().cluster()).isNull();
     assertThat(struct.getStruct().weightedClusters()).containsExactly(
         ClusterWeight.create("cluster-foo", 30, ImmutableMap.<String, FilterConfig>of()),
         ClusterWeight.create("cluster-bar", 70, ImmutableMap.<String, FilterConfig>of()));
+    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
   }
 
   @Test
@@ -568,7 +675,7 @@ public void parseRouteAction_weightedClusterSum() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-            ImmutableMap.of(), ImmutableSet.of());
+            ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getErrorDetail()).isEqualTo("Sum of cluster weights should be above 0.");
   }
 
@@ -584,7 +691,7 @@ public void parseRouteAction_withTimeoutByGrpcTimeoutHeaderMax() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-            ImmutableMap.of(), ImmutableSet.of());
+            ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct().timeoutNano()).isEqualTo(TimeUnit.SECONDS.toNanos(5L));
   }
 
@@ -599,7 +706,7 @@ public void parseRouteAction_withTimeoutByMaxStreamDuration() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-           ImmutableMap.of(), ImmutableSet.of());
+           ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct().timeoutNano()).isEqualTo(TimeUnit.SECONDS.toNanos(5L));
   }
 
@@ -611,7 +718,7 @@ public void parseRouteAction_withTimeoutUnset() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-          ImmutableMap.of(), ImmutableSet.of());
+          ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct().timeoutNano()).isNull();
   }
 
@@ -633,7 +740,7 @@ public void parseRouteAction_withRetryPolicy() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-          ImmutableMap.of(), ImmutableSet.of());
+          ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     RouteAction.RetryPolicy retryPolicy = struct.getStruct().retryPolicy();
     assertThat(retryPolicy.maxAttempts()).isEqualTo(4);
     assertThat(retryPolicy.initialBackoff()).isEqualTo(Durations.fromMillis(500));
@@ -657,7 +764,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder.build())
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct().retryPolicy()).isNotNull();
     assertThat(struct.getStruct().retryPolicy().retryableStatusCodes()).isEmpty();
 
@@ -670,7 +777,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getErrorDetail()).isEqualTo("No base_interval specified in retry_backoff");
 
     // max_interval unset
@@ -680,7 +787,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     retryPolicy = struct.getStruct().retryPolicy();
     assertThat(retryPolicy.maxBackoff()).isEqualTo(Durations.fromMillis(500 * 10));
 
@@ -691,7 +798,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getErrorDetail())
         .isEqualTo("base_interval in retry_backoff must be positive");
 
@@ -704,7 +811,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getErrorDetail())
         .isEqualTo("max_interval in retry_backoff cannot be less than base_interval");
 
@@ -717,7 +824,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getErrorDetail())
         .isEqualTo("max_interval in retry_backoff cannot be less than base_interval");
 
@@ -730,7 +837,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct().retryPolicy().initialBackoff())
         .isEqualTo(Durations.fromMillis(1));
     assertThat(struct.getStruct().retryPolicy().maxBackoff())
@@ -746,7 +853,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     retryPolicy = struct.getStruct().retryPolicy();
     assertThat(retryPolicy.initialBackoff()).isEqualTo(Durations.fromMillis(25));
     assertThat(retryPolicy.maxBackoff()).isEqualTo(Durations.fromMillis(250));
@@ -765,7 +872,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct().retryPolicy().retryableStatusCodes())
         .containsExactly(Code.CANCELLED);
 
@@ -783,7 +890,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct().retryPolicy().retryableStatusCodes())
         .containsExactly(Code.CANCELLED);
 
@@ -801,7 +908,7 @@ public void parseRouteAction_withRetryPolicy() {
         .setRetryPolicy(builder)
         .build();
     struct = XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-        ImmutableMap.of(), ImmutableSet.of());
+        ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct().retryPolicy().retryableStatusCodes())
         .containsExactly(Code.CANCELLED);
   }
@@ -840,7 +947,7 @@ public void parseRouteAction_withHashPolicies() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-            ImmutableMap.of(), ImmutableSet.of());
+            ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     List<HashPolicy> policies = struct.getStruct().hashPolicies();
     assertThat(policies).hasSize(2);
     assertThat(policies.get(0).type()).isEqualTo(HashPolicy.Type.HEADER);
@@ -860,7 +967,7 @@ public void parseRouteAction_custerSpecifierNotSet() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-            ImmutableMap.of(), ImmutableSet.of());
+            ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct).isNull();
   }
 
@@ -873,10 +980,65 @@ public void parseRouteAction_clusterSpecifier_routeLookupDisabled() {
             .build();
     StructOrError<RouteAction> struct =
         XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
-            ImmutableMap.of(), ImmutableSet.of());
+            ImmutableMap.of(), ImmutableSet.of(), getXdsResourceTypeArgs(true));
     assertThat(struct).isNull();
   }
 
+  @Test
+  public void parseRouteAction_clusterSpecifier() {
+    XdsRouteConfigureResource.enableRouteLookup = true;
+    io.envoyproxy.envoy.config.route.v3.RouteAction proto =
+        io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()
+            .setClusterSpecifierPlugin(CLUSTER_SPECIFIER_PLUGIN.name())
+            .build();
+    StructOrError<RouteAction> struct =
+        XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
+            ImmutableMap.of(CLUSTER_SPECIFIER_PLUGIN.name(), RlsPluginConfig.create(
+                ImmutableMap.of("lookupService", "rls-cbt.googleapis.com"))), ImmutableSet.of(),
+                getXdsResourceTypeArgs(true));
+    assertThat(struct.getStruct()).isNotNull();
+    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
+  }
+
+  @Test
+  public void parseRouteAction_clusterSpecifier_autoHostRewriteEnabled() {
+    System.setProperty(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, "true");
+    try {
+      XdsRouteConfigureResource.enableRouteLookup = true;
+      io.envoyproxy.envoy.config.route.v3.RouteAction proto =
+          io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()
+              .setClusterSpecifierPlugin(CLUSTER_SPECIFIER_PLUGIN.name())
+              .setAutoHostRewrite(BoolValue.of(true))
+              .build();
+      StructOrError<RouteAction> struct =
+          XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
+              ImmutableMap.of(CLUSTER_SPECIFIER_PLUGIN.name(), RlsPluginConfig.create(
+                  ImmutableMap.of("lookupService", "rls-cbt.googleapis.com"))), ImmutableSet.of(),
+              getXdsResourceTypeArgs(true));
+      assertThat(struct.getStruct()).isNotNull();
+      assertThat(struct.getStruct().autoHostRewrite()).isTrue();
+    } finally {
+      System.clearProperty(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE);
+    }
+  }
+
+  @Test
+  public void parseRouteAction_clusterSpecifier_flagDisabled_autoHostRewriteDisabled() {
+    XdsRouteConfigureResource.enableRouteLookup = true;
+    io.envoyproxy.envoy.config.route.v3.RouteAction proto =
+        io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()
+            .setClusterSpecifierPlugin(CLUSTER_SPECIFIER_PLUGIN.name())
+            .setAutoHostRewrite(BoolValue.of(true))
+            .build();
+    StructOrError<RouteAction> struct =
+        XdsRouteConfigureResource.parseRouteAction(proto, filterRegistry,
+            ImmutableMap.of(CLUSTER_SPECIFIER_PLUGIN.name(), RlsPluginConfig.create(
+                ImmutableMap.of("lookupService", "rls-cbt.googleapis.com"))), ImmutableSet.of(),
+            getXdsResourceTypeArgs(true));
+    assertThat(struct.getStruct()).isNotNull();
+    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
+  }
+
   @Test
   public void parseClusterWeight() {
     io.envoyproxy.envoy.config.route.v3.WeightedCluster.ClusterWeight proto =
@@ -911,7 +1073,8 @@ public void parseLocalityLbEndpoints_withHealthyEndpoints() {
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct()).isEqualTo(
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, true)), 100, 1));
+            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, true, "")),
+            100, 1));
   }
 
   @Test
@@ -935,7 +1098,8 @@ public void parseLocalityLbEndpoints_treatUnknownHealthAsHealthy() {
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct()).isEqualTo(
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, true)), 100, 1));
+            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, true, "")), 100,
+            1));
   }
 
   @Test
@@ -959,7 +1123,8 @@ public void parseLocalityLbEndpoints_withUnHealthyEndpoints() {
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct()).isEqualTo(
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, false)), 100, 1));
+            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, false, "")), 100,
+            1));
   }
 
   @Test
@@ -1020,7 +1185,7 @@ public void parseLocalityLbEndpoints_withDualStackEndpoints() {
       EquivalentAddressGroup expectedEag = new EquivalentAddressGroup(socketAddressList);
       assertThat(struct.getStruct()).isEqualTo(
           LocalityLbEndpoints.create(
-              Collections.singletonList(LbEndpoint.create(expectedEag, 20, true)), 100, 1));
+              Collections.singletonList(LbEndpoint.create(expectedEag, 20, true, "")), 100, 1));
     } finally {
       if (originalDualStackProp != null) {
         System.setProperty(GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS, originalDualStackProp);
@@ -1399,7 +1564,7 @@ public void parseHttpConnectionManager_xffNumTrustedHopsUnsupported()
     thrown.expectMessage("HttpConnectionManager with xff_num_trusted_hops unsupported");
     XdsListenerResource.parseHttpConnectionManager(
         hcm, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -1412,7 +1577,7 @@ public void parseHttpConnectionManager_OriginalIpDetectionExtensionsMustEmpty()
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("HttpConnectionManager with original_ip_detection_extensions unsupported");
     XdsListenerResource.parseHttpConnectionManager(
-        hcm, filterRegistry, false);
+        hcm, filterRegistry, false, getXdsResourceTypeArgs(true));
   }
   
   @Test
@@ -1431,7 +1596,7 @@ public void parseHttpConnectionManager_missingRdsAndInlinedRouteConfiguration()
     thrown.expectMessage("HttpConnectionManager neither has inlined route_config nor RDS");
     XdsListenerResource.parseHttpConnectionManager(
         hcm, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -1450,7 +1615,7 @@ public void parseHttpConnectionManager_duplicateHttpFilters() throws ResourceInv
     thrown.expectMessage("HttpConnectionManager contains duplicate HttpFilter: envoy.filter.foo");
     XdsListenerResource.parseHttpConnectionManager(
         hcm, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -1468,7 +1633,7 @@ public void parseHttpConnectionManager_lastNotTerminal() throws ResourceInvalidE
     thrown.expectMessage("The last HttpFilter must be a terminal filter: envoy.filter.bar");
     XdsListenerResource.parseHttpConnectionManager(
             hcm, filterRegistry,
-            true /* does not matter */);
+            true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -1486,7 +1651,7 @@ public void parseHttpConnectionManager_terminalNotLast() throws ResourceInvalidE
     thrown.expectMessage("A terminal HttpFilter must be the last filter: terminal");
     XdsListenerResource.parseHttpConnectionManager(
             hcm, filterRegistry,
-            true);
+            true, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -1502,7 +1667,7 @@ public void parseHttpConnectionManager_unknownFilters() throws ResourceInvalidEx
     thrown.expectMessage("The last HttpFilter must be a terminal filter: envoy.filter.bar");
     XdsListenerResource.parseHttpConnectionManager(
             hcm, filterRegistry,
-            true /* does not matter */);
+            true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -1514,7 +1679,7 @@ public void parseHttpConnectionManager_emptyFilters() throws ResourceInvalidExce
     thrown.expectMessage("Missing HttpFilter in HttpConnectionManager.");
     XdsListenerResource.parseHttpConnectionManager(
             hcm, filterRegistry,
-            true /* does not matter */);
+            true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -1563,7 +1728,7 @@ public void parseHttpConnectionManager_clusterSpecifierPlugin() throws Exception
 
     io.grpc.xds.HttpConnectionManager parsedHcm = XdsListenerResource.parseHttpConnectionManager(
         hcm, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
 
     VirtualHost virtualHost = Iterables.getOnlyElement(parsedHcm.virtualHosts());
     Route parsedRoute = Iterables.getOnlyElement(virtualHost.routes());
@@ -1643,7 +1808,7 @@ public void parseHttpConnectionManager_duplicatePluginName() throws Exception {
 
     XdsListenerResource.parseHttpConnectionManager(
         hcm, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -1695,7 +1860,7 @@ public void parseHttpConnectionManager_pluginNameNotFound() throws Exception {
 
     XdsListenerResource.parseHttpConnectionManager(
         hcm, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
 
@@ -1769,7 +1934,7 @@ public void parseHttpConnectionManager_optionalPlugin() throws ResourceInvalidEx
                 HttpFilter.newBuilder().setName("terminal").setTypedConfig(
                     Any.pack(Router.newBuilder().build())).setIsOptional(true))
             .build(), filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
 
     // Verify that the only route left is the one with the registered RLS plugin `rls-plugin-1`,
     // while the route with unregistered optional `optional-plugin-`1 has been skipped.
@@ -1797,7 +1962,7 @@ public void parseHttpConnectionManager_validateRdsConfigSource() throws Exceptio
             .build();
     XdsListenerResource.parseHttpConnectionManager(
         hcm1, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
 
     HttpConnectionManager hcm2 =
         HttpConnectionManager.newBuilder()
@@ -1811,7 +1976,7 @@ public void parseHttpConnectionManager_validateRdsConfigSource() throws Exceptio
             .build();
     XdsListenerResource.parseHttpConnectionManager(
         hcm2, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
 
     HttpConnectionManager hcm3 =
         HttpConnectionManager.newBuilder()
@@ -1829,7 +1994,7 @@ public void parseHttpConnectionManager_validateRdsConfigSource() throws Exceptio
         "HttpConnectionManager contains invalid RDS: must specify ADS or self ConfigSource");
     XdsListenerResource.parseHttpConnectionManager(
         hcm3, filterRegistry,
-        true /* does not matter */);
+        true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2187,7 +2352,7 @@ public void parseServerSideListener_invalidTrafficDirection() throws ResourceInv
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("Listener listener1 with invalid traffic direction: OUTBOUND");
     XdsListenerResource.parseServerSideListener(
-        listener, null, filterRegistry, null);
+        listener, null, filterRegistry, null, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2197,7 +2362,7 @@ public void parseServerSideListener_noTrafficDirection() throws ResourceInvalidE
             .setName("listener1")
             .build();
     XdsListenerResource.parseServerSideListener(
-        listener, null, filterRegistry, null);
+        listener, null, filterRegistry, null, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2211,7 +2376,7 @@ public void parseServerSideListener_listenerFiltersPresent() throws ResourceInva
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("Listener listener1 cannot have listener_filters");
     XdsListenerResource.parseServerSideListener(
-        listener, null, filterRegistry, null);
+        listener, null, filterRegistry, null, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2225,7 +2390,7 @@ public void parseServerSideListener_useOriginalDst() throws ResourceInvalidExcep
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("Listener listener1 cannot have use_original_dst set to true");
     XdsListenerResource.parseServerSideListener(
-        listener,null, filterRegistry, null);
+        listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2274,7 +2439,7 @@ public void parseServerSideListener_nonUniqueFilterChainMatch() throws ResourceI
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("FilterChainMatch must be unique. Found duplicate:");
     XdsListenerResource.parseServerSideListener(
-        listener, null, filterRegistry, null);
+        listener, null, filterRegistry, null, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2323,7 +2488,7 @@ public void parseServerSideListener_nonUniqueFilterChainMatch_sameFilter()
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("FilterChainMatch must be unique. Found duplicate:");
     XdsListenerResource.parseServerSideListener(
-        listener,null, filterRegistry, null);
+        listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2372,7 +2537,7 @@ public void parseServerSideListener_uniqueFilterChainMatch() throws ResourceInva
             .addAllFilterChains(Arrays.asList(filterChain1, filterChain2))
             .build();
     XdsListenerResource.parseServerSideListener(
-        listener, null, filterRegistry, null);
+        listener, null, filterRegistry, null, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2387,7 +2552,8 @@ public void parseFilterChain_noHcm() throws ResourceInvalidException {
     thrown.expectMessage(
         "FilterChain filter-chain-foo should contain exact one HttpConnectionManager filter");
     XdsListenerResource.parseFilterChain(
-        filterChain, null, filterRegistry, null, null);
+        filterChain, null, filterRegistry, null, null,
+        getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2405,7 +2571,8 @@ public void parseFilterChain_duplicateFilter() throws ResourceInvalidException {
     thrown.expectMessage(
         "FilterChain filter-chain-foo should contain exact one HttpConnectionManager filter");
     XdsListenerResource.parseFilterChain(
-        filterChain, null, filterRegistry, null, null);
+        filterChain, null, filterRegistry, null, null,
+        getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2423,7 +2590,8 @@ public void parseFilterChain_filterMissingTypedConfig() throws ResourceInvalidEx
         "FilterChain filter-chain-foo contains filter envoy.http_connection_manager "
             + "without typed_config");
     XdsListenerResource.parseFilterChain(
-        filterChain, null, filterRegistry, null, null);
+        filterChain, null, filterRegistry, null, null,
+        getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2445,7 +2613,8 @@ public void parseFilterChain_unsupportedFilter() throws ResourceInvalidException
         "FilterChain filter-chain-foo contains filter unsupported with unsupported "
             + "typed_config type unsupported-type-url");
     XdsListenerResource.parseFilterChain(
-        filterChain, null, filterRegistry, null, null);
+        filterChain, null, filterRegistry, null, null,
+        getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2473,10 +2642,10 @@ public void parseFilterChain_noName() throws ResourceInvalidException {
 
     EnvoyServerProtoData.FilterChain parsedFilterChain1 = XdsListenerResource.parseFilterChain(
         filterChain1, null, filterRegistry, null,
-        null);
+        null, getXdsResourceTypeArgs(true));
     EnvoyServerProtoData.FilterChain parsedFilterChain2 = XdsListenerResource.parseFilterChain(
         filterChain2, null, filterRegistry, null,
-        null);
+        null, getXdsResourceTypeArgs(true));
     assertThat(parsedFilterChain1.name()).isEqualTo(parsedFilterChain2.name());
   }
 
@@ -3044,4 +3213,10 @@ private static Filter buildHttpConnectionManagerFilter(HttpFilter... httpFilters
                 "type.googleapis.com"))
         .build();
   }
+
+  private XdsResourceType.Args getXdsResourceTypeArgs(boolean isTrustedServer) {
+    return new XdsResourceType.Args(
+        ServerInfo.create("http://td", "", false, isTrustedServer), "1.0", null, null, null, null
+    );
+  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index f516dc87e98..8ecb40383b1 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -249,7 +249,7 @@ public long currentTimeNanos() {
   // EDS test resources.
   private final Message lbEndpointHealthy =
       mf.buildLocalityLbEndpoints("region1", "zone1", "subzone1",
-          mf.buildLbEndpoint("192.168.0.1", 8080, "healthy", 2), 1, 0);
+          mf.buildLbEndpoint("192.168.0.1", 8080, "healthy", 2, "endpoint-host-name"), 1, 0);
   // Locality with 0 endpoints
   private final Message lbEndpointEmpty =
       mf.buildLocalityLbEndpoints("region3", "zone3", "subzone3",
@@ -257,7 +257,7 @@ public long currentTimeNanos() {
   // Locality with 0-weight endpoint
   private final Message lbEndpointZeroWeight =
       mf.buildLocalityLbEndpoints("region4", "zone4", "subzone4",
-          mf.buildLbEndpoint("192.168.142.5", 80, "unknown", 5), 0, 2);
+          mf.buildLbEndpoint("192.168.142.5", 80, "unknown", 5, "endpoint-host-name"), 0, 2);
   private final Any testClusterLoadAssignment = Any.pack(mf.buildClusterLoadAssignment(EDS_RESOURCE,
       ImmutableList.of(lbEndpointHealthy, lbEndpointEmpty, lbEndpointZeroWeight),
       ImmutableList.of(mf.buildDropOverload("lb", 200), mf.buildDropOverload("throttle", 1000))));
@@ -340,7 +340,8 @@ public XdsTransport create(ServerInfo serverInfo) {
       }
     };
 
-    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion());
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
+        true);
     BootstrapInfo bootstrapInfo =
         Bootstrapper.BootstrapInfo.builder()
             .servers(Collections.singletonList(xdsServerInfo))
@@ -595,7 +596,8 @@ private void validateGoldenClusterLoadAssignment(EdsUpdate edsUpdate) {
         .containsExactly(
             Locality.create("region1", "zone1", "subzone1"),
             LocalityLbEndpoints.create(
-                ImmutableList.of(LbEndpoint.create("192.168.0.1", 8080, 2, true)), 1, 0),
+                ImmutableList.of(LbEndpoint.create("192.168.0.1", 8080, 2, true,
+                    "endpoint-host-name")), 1, 0),
             Locality.create("region3", "zone3", "subzone3"),
             LocalityLbEndpoints.create(ImmutableList.<LbEndpoint>of(), 2, 1));
   }
@@ -1134,7 +1136,7 @@ public void edsResourceUpdated_withXdstpResourceName_withWrongType() {
         edsResourceNameWithWrongType,
         ImmutableList.of(mf.buildLocalityLbEndpoints(
             "region2", "zone2", "subzone2",
-            mf.buildLbEndpoint("172.44.2.2", 8000, "unknown", 3), 2, 0)),
+            mf.buildLbEndpoint("172.44.2.2", 8000, "unknown", 3, "endpoint-host-name"), 2, 0)),
         ImmutableList.of()));
     call.sendResponse(EDS, testEdsConfig, VERSION_1, "0000");
     call.verifyRequestNack(
@@ -3049,7 +3051,7 @@ public void simpleFlowControl() throws Exception {
     // Updated EDS response.
     Any updatedClusterLoadAssignment = Any.pack(mf.buildClusterLoadAssignment(EDS_RESOURCE,
         ImmutableList.of(mf.buildLocalityLbEndpoints("region2", "zone2", "subzone2",
-            mf.buildLbEndpoint("172.44.2.2", 8000, "unknown", 3), 2, 0)),
+            mf.buildLbEndpoint("172.44.2.2", 8000, "unknown", 3, "endpoint-host-name"), 2, 0)),
         ImmutableList.<Message>of()));
     call.sendResponse(EDS, updatedClusterLoadAssignment, VERSION_2, "0001");
     // message not processed due to flow control
@@ -3110,7 +3112,7 @@ public void edsResourceUpdated() {
     // Updated EDS response.
     Any updatedClusterLoadAssignment = Any.pack(mf.buildClusterLoadAssignment(EDS_RESOURCE,
         ImmutableList.of(mf.buildLocalityLbEndpoints("region2", "zone2", "subzone2",
-            mf.buildLbEndpoint("172.44.2.2", 8000, "unknown", 3), 2, 0)),
+            mf.buildLbEndpoint("172.44.2.2", 8000, "unknown", 3, "endpoint-host-name"), 2, 0)),
         ImmutableList.<Message>of()));
     call.sendResponse(EDS, updatedClusterLoadAssignment, VERSION_2, "0001");
 
@@ -3123,7 +3125,7 @@ public void edsResourceUpdated() {
             Locality.create("region2", "zone2", "subzone2"),
             LocalityLbEndpoints.create(
                 ImmutableList.of(
-                    LbEndpoint.create("172.44.2.2", 8000, 3, true)), 2, 0));
+                    LbEndpoint.create("172.44.2.2", 8000, 3, true, "endpoint-host-name")), 2, 0));
     verifyResourceMetadataAcked(EDS, EDS_RESOURCE, updatedClusterLoadAssignment, VERSION_2,
         TIME_INCREMENT * 2);
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 1);
@@ -3139,9 +3141,9 @@ public void edsDuplicateLocalityInTheSamePriority() {
     Any updatedClusterLoadAssignment = Any.pack(mf.buildClusterLoadAssignment(EDS_RESOURCE,
         ImmutableList.of(
             mf.buildLocalityLbEndpoints("region2", "zone2", "subzone2",
-              mf.buildLbEndpoint("172.44.2.2", 8000, "unknown", 3), 2, 1),
+              mf.buildLbEndpoint("172.44.2.2", 8000, "unknown", 3, "endpoint-host-name"), 2, 1),
             mf.buildLocalityLbEndpoints("region2", "zone2", "subzone2",
-                mf.buildLbEndpoint("172.44.2.3", 8080, "healthy", 10), 2, 1)
+                mf.buildLbEndpoint("172.44.2.3", 8080, "healthy", 10, "endpoint-host-name"), 2, 1)
             ),
         ImmutableList.<Message>of()));
     call.sendResponse(EDS, updatedClusterLoadAssignment, "0", "0001");
@@ -3202,7 +3204,8 @@ public void edsResourceDeletedByCds() {
                 mf.buildClusterLoadAssignment(resource,
                     ImmutableList.of(
                         mf.buildLocalityLbEndpoints("region2", "zone2", "subzone2",
-                            mf.buildLbEndpoint("192.168.0.2", 9090, "healthy", 3), 1, 0)),
+                            mf.buildLbEndpoint("192.168.0.2", 9090, "healthy", 3,
+                                "endpoint-host-name"), 1, 0)),
                     ImmutableList.of(mf.buildDropOverload("lb", 100)))));
     call.sendResponse(EDS, clusterLoadAssignments, VERSION_1, "0000");
     verify(edsWatcher).onChanged(edsUpdateCaptor.capture());
@@ -3279,7 +3282,8 @@ public void multipleEdsWatchers() {
         mf.buildClusterLoadAssignment(edsResourceTwo,
             ImmutableList.of(
                 mf.buildLocalityLbEndpoints("region2", "zone2", "subzone2",
-                    mf.buildLbEndpoint("172.44.2.2", 8000, "healthy", 3), 2, 0)),
+                    mf.buildLbEndpoint("172.44.2.2", 8000, "healthy", 3, "endpoint-host-name"),
+                    2, 0)),
             ImmutableList.<Message>of()));
     call.sendResponse(EDS, clusterLoadAssignmentTwo, VERSION_2, "0001");
 
@@ -3292,7 +3296,7 @@ public void multipleEdsWatchers() {
             Locality.create("region2", "zone2", "subzone2"),
             LocalityLbEndpoints.create(
                 ImmutableList.of(
-                    LbEndpoint.create("172.44.2.2", 8000, 3, true)), 2, 0));
+                    LbEndpoint.create("172.44.2.2", 8000, 3, true, "endpoint-host-name")), 2, 0));
     verify(watcher2).onChanged(edsUpdateCaptor.capture());
     edsUpdate = edsUpdateCaptor.getValue();
     assertThat(edsUpdate.clusterName).isEqualTo(edsResourceTwo);
@@ -3302,7 +3306,7 @@ public void multipleEdsWatchers() {
             Locality.create("region2", "zone2", "subzone2"),
             LocalityLbEndpoints.create(
                 ImmutableList.of(
-                    LbEndpoint.create("172.44.2.2", 8000, 3, true)), 2, 0));
+                    LbEndpoint.create("172.44.2.2", 8000, 3, true, "endpoint-host-name")), 2, 0));
     verifyNoMoreInteractions(edsResourceWatcher);
     verifyResourceMetadataAcked(
         EDS, edsResourceTwo, clusterLoadAssignmentTwo, VERSION_2, TIME_INCREMENT * 2);
@@ -3794,7 +3798,7 @@ private XdsClientImpl createXdsClient(String serverUri) {
   private  BootstrapInfo buildBootStrap(String serverUri) {
 
     ServerInfo xdsServerInfo = ServerInfo.create(serverUri, CHANNEL_CREDENTIALS,
-        ignoreResourceDeletion());
+        ignoreResourceDeletion(), true);
 
     return Bootstrapper.BootstrapInfo.builder()
         .servers(Collections.singletonList(xdsServerInfo))
@@ -4013,7 +4017,7 @@ protected Message buildLocalityLbEndpoints(String region, String zone, String su
     }
 
     protected abstract Message buildLbEndpoint(String address, int port, String healthStatus,
-        int lbWeight);
+        int lbWeight, String endpointHostname);
 
     protected abstract Message buildDropOverload(String category, int dropPerMillion);
 
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplV3Test.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplV3Test.java
index 40a9bff514f..af34c7232d0 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplV3Test.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplV3Test.java
@@ -705,7 +705,7 @@ protected Message buildLocalityLbEndpoints(String region, String zone, String su
 
     @Override
     protected Message buildLbEndpoint(String address, int port, String healthStatus,
-        int lbWeight) {
+        int lbWeight, String endpointHostname) {
       HealthStatus status;
       switch (healthStatus) {
         case "unknown":
@@ -733,7 +733,8 @@ protected Message buildLbEndpoint(String address, int port, String healthStatus,
           .setEndpoint(
               Endpoint.newBuilder().setAddress(
                   Address.newBuilder().setSocketAddress(
-                      SocketAddress.newBuilder().setAddress(address).setPortValue(port))))
+                      SocketAddress.newBuilder().setAddress(address).setPortValue(port)))
+                  .setHostname(endpointHostname))
           .setHealthStatus(status)
           .setLoadBalancingWeight(UInt32Value.of(lbWeight))
           .build();
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 76b92cd8c03..f32c198f21f 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -318,13 +318,13 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
     String serviceAuthority = "[::FFFF:129.144.52.38]:80";
     bootstrapInfo = BootstrapInfo.builder()
         .servers(ImmutableList.of(ServerInfo.create(
-            "td.googleapis.com", InsecureChannelCredentials.create(), true)))
+            "td.googleapis.com", InsecureChannelCredentials.create(), true, true)))
         .node(Node.newBuilder().build())
         .authorities(
             ImmutableMap.of(targetAuthority, AuthorityInfo.create(
                 "xdstp://" + targetAuthority + "/envoy.config.listener.v3.Listener/%s?foo=1&bar=2",
                 ImmutableList.of(ServerInfo.create(
-                    "td.googleapis.com", InsecureChannelCredentials.create(), true)))))
+                    "td.googleapis.com", InsecureChannelCredentials.create(), true, true)))))
         .build();
     expectedLdsResourceName = "xdstp://xds.authority.com/envoy.config.listener.v3.Listener/"
         + "%5B::FFFF:129.144.52.38%5D:80?bar=2&foo=1"; // query param canonified
@@ -348,11 +348,11 @@ public void resolving_ldsResourceNotFound() {
   public void resolving_ldsResourceUpdateRdsName() {
     Route route1 = Route.forAction(RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null),
+            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null, false),
         ImmutableMap.of());
     Route route2 = Route.forAction(RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(20L), null),
+            cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(20L), null, false),
         ImmutableMap.of());
     bootstrapInfo = BootstrapInfo.builder()
         .servers(ImmutableList.of(ServerInfo.create(
@@ -418,7 +418,7 @@ public void resolving_rdsResourceNotFound() {
   public void resolving_ldsResourceRevokedAndAddedBack() {
     Route route = Route.forAction(RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null),
+            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null, false),
         ImmutableMap.of());
 
     resolver.start(mockListener);
@@ -457,7 +457,7 @@ public void resolving_ldsResourceRevokedAndAddedBack() {
   public void resolving_rdsResourceRevokedAndAddedBack() {
     Route route = Route.forAction(RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null),
+            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null, false),
         ImmutableMap.of());
 
     resolver.start(mockListener);
@@ -534,7 +534,7 @@ public void resolving_encounterErrorLdsAndRdsWatchers() {
   public void resolving_matchingVirtualHostNotFound_matchingOverrideAuthority() {
     Route route = Route.forAction(RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null),
+            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null, false),
         ImmutableMap.of());
     VirtualHost virtualHost =
         VirtualHost.create("virtualhost", Collections.singletonList("random"),
@@ -557,7 +557,7 @@ public void resolving_matchingVirtualHostNotFound_matchingOverrideAuthority() {
   public void resolving_matchingVirtualHostNotFound_notMatchingOverrideAuthority() {
     Route route = Route.forAction(RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null),
+            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null, false),
         ImmutableMap.of());
     VirtualHost virtualHost =
         VirtualHost.create("virtualhost", Collections.singletonList(AUTHORITY),
@@ -604,11 +604,11 @@ public void resolving_matchingVirtualHostNotFoundInRdsResource() {
   private List<VirtualHost> buildUnmatchedVirtualHosts() {
     Route route1 = Route.forAction(RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null),
+            cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null, false),
         ImmutableMap.of());
     Route route2 = Route.forAction(RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null),
+            cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null, false),
         ImmutableMap.of());
     return Arrays.asList(
         VirtualHost.create("virtualhost-foo", Collections.singletonList("hello.googleapis.com"),
@@ -625,7 +625,7 @@ public void resolved_noTimeout() {
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     Route route = Route.forAction(RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster1, Collections.emptyList(), null, null), // per-route timeout unset
+            cluster1, Collections.emptyList(), null, null, false), // per-route timeout unset
         ImmutableMap.of());
     VirtualHost virtualHost = VirtualHost.create("does not matter",
         Collections.singletonList(AUTHORITY), Collections.singletonList(route),
@@ -643,7 +643,7 @@ public void resolved_fallbackToHttpMaxStreamDurationAsTimeout() {
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     Route route = Route.forAction(RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
         RouteAction.forCluster(
-            cluster1, Collections.emptyList(), null, null), // per-route timeout unset
+            cluster1, Collections.emptyList(), null, null, false), // per-route timeout unset
         ImmutableMap.of());
     VirtualHost virtualHost = VirtualHost.create("does not matter",
         Collections.singletonList(AUTHORITY), Collections.singletonList(route),
@@ -675,7 +675,8 @@ public void retryPolicyInPerMethodConfigGeneratedByResolverIsValid() {
                     cluster1,
                     Collections.emptyList(),
                     null,
-                    retryPolicy),
+                    retryPolicy,
+                    false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
@@ -733,7 +734,7 @@ public void resolved_simpleCallFailedToRoute_routeWithNonForwardingAction() {
             Route.forAction(
                 RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
                 RouteAction.forCluster(cluster2, Collections.emptyList(),
-                    TimeUnit.SECONDS.toNanos(15L), null),
+                    TimeUnit.SECONDS.toNanos(15L), null, false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
@@ -769,7 +770,8 @@ public void resolved_rpcHashingByHeader_withoutSubstitution() {
                     Collections.singletonList(
                         HashPolicy.forHeader(false, "custom-key", null, null)),
                     null,
-                    null),
+                    null,
+                    false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     InternalConfigSelector configSelector =
@@ -801,9 +803,11 @@ public void resolved_rpcHashingByHeader_withSubstitution() {
                 RouteAction.forCluster(
                     cluster1,
                     Collections.singletonList(
-                        HashPolicy.forHeader(false, "custom-key", Pattern.compile("value"), "val")),
+                        HashPolicy.forHeader(false, "custom-key", Pattern.compile("value"),
+                            "val")),
+                    null,
                     null,
-                    null),
+                    false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     InternalConfigSelector configSelector =
@@ -842,7 +846,8 @@ public void resolved_rpcHashingByChannelId() {
                     cluster1,
                     Collections.singletonList(HashPolicy.forChannelId(false)),
                     null,
-                    null),
+                    null,
+                    false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     InternalConfigSelector configSelector =
@@ -878,7 +883,8 @@ public void resolved_rpcHashingByChannelId() {
                     cluster1,
                     Collections.singletonList(HashPolicy.forChannelId(false)),
                     null,
-                    null),
+                    null,
+                    false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     configSelector = resolutionResultCaptor.getValue().getAttributes().get(
@@ -894,6 +900,68 @@ public void resolved_rpcHashingByChannelId() {
     assertThat(hash3).isNotEqualTo(hash1);
   }
 
+  @Test
+  public void resolved_routeActionHasAutoHostRewrite_emitsCallOptionForTheSame() {
+    resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
+        syncContext, scheduler, xdsClientPoolFactory, mockRandom,
+        FilterRegistry.getDefaultRegistry(), null);
+    resolver.start(mockListener);
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+    xdsClient.deliverLdsUpdate(
+        Collections.singletonList(
+            Route.forAction(
+                RouteMatch.withPathExactOnly(
+                    "/" + TestMethodDescriptors.voidMethod().getFullMethodName()),
+                RouteAction.forCluster(
+                    cluster1,
+                    Collections.singletonList(
+                        HashPolicy.forHeader(false, "custom-key", null, null)),
+                    null,
+                    null,
+                    true),
+                ImmutableMap.of())));
+    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    InternalConfigSelector configSelector =
+        resolutionResultCaptor.getValue().getAttributes().get(InternalConfigSelector.KEY);
+
+    // First call, with header "custom-key": "custom-value".
+    startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
+        ImmutableMap.of("custom-key", "custom-value"), CallOptions.DEFAULT);
+
+    assertThat(testCall.callOptions.getOption(XdsNameResolver.AUTO_HOST_REWRITE_KEY)).isTrue();
+  }
+
+  @Test
+  public void resolved_routeActionNoAutoHostRewrite_doesntEmitCallOptionForTheSame() {
+    resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
+        syncContext, scheduler, xdsClientPoolFactory, mockRandom,
+        FilterRegistry.getDefaultRegistry(), null);
+    resolver.start(mockListener);
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+    xdsClient.deliverLdsUpdate(
+        Collections.singletonList(
+            Route.forAction(
+                RouteMatch.withPathExactOnly(
+                    "/" + TestMethodDescriptors.voidMethod().getFullMethodName()),
+                RouteAction.forCluster(
+                    cluster1,
+                    Collections.singletonList(
+                        HashPolicy.forHeader(false, "custom-key", null, null)),
+                    null,
+                    null,
+                    false),
+                ImmutableMap.of())));
+    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    InternalConfigSelector configSelector =
+        resolutionResultCaptor.getValue().getAttributes().get(InternalConfigSelector.KEY);
+
+    // First call, with header "custom-key": "custom-value".
+    startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
+        ImmutableMap.of("custom-key", "custom-value"), CallOptions.DEFAULT);
+
+    assertThat(testCall.callOptions.getOption(XdsNameResolver.AUTO_HOST_REWRITE_KEY)).isNull();
+  }
+
   @SuppressWarnings("unchecked")
   @Test
   public void resolved_resourceUpdateAfterCallStarted() {
@@ -909,13 +977,13 @@ public void resolved_resourceUpdateAfterCallStarted() {
                 RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     "another-cluster", Collections.emptyList(),
-                    TimeUnit.SECONDS.toNanos(20L), null),
+                    TimeUnit.SECONDS.toNanos(20L), null, false),
                 ImmutableMap.of()),
             Route.forAction(
                 RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
-                    null),
+                    null, false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
@@ -949,13 +1017,13 @@ public void resolved_resourceUpdatedBeforeCallStarted() {
                 RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     "another-cluster", Collections.emptyList(),
-                    TimeUnit.SECONDS.toNanos(20L), null),
+                    TimeUnit.SECONDS.toNanos(20L), null, false),
                 ImmutableMap.of()),
             Route.forAction(
                 RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
-                    null),
+                    null, false),
                 ImmutableMap.of())));
     // Two consecutive service config updates: one for removing clcuster1,
     // one for adding "another=cluster".
@@ -985,13 +1053,13 @@ public void resolved_raceBetweenCallAndRepeatedResourceUpdate() {
                 RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     "another-cluster", Collections.emptyList(),
-                    TimeUnit.SECONDS.toNanos(20L), null),
+                    TimeUnit.SECONDS.toNanos(20L), null, false),
                 ImmutableMap.of()),
             Route.forAction(
                 RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster2, Collections.emptyList(),
-                    TimeUnit.SECONDS.toNanos(15L), null),
+                    TimeUnit.SECONDS.toNanos(15L), null, false),
                 ImmutableMap.of())));
 
     verify(mockListener).onResult(resolutionResultCaptor.capture());
@@ -1006,13 +1074,13 @@ public void resolved_raceBetweenCallAndRepeatedResourceUpdate() {
                 RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     "another-cluster", Collections.emptyList(),
-                    TimeUnit.SECONDS.toNanos(15L), null),
+                    TimeUnit.SECONDS.toNanos(15L), null, false),
                 ImmutableMap.of()),
             Route.forAction(
                 RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster2, Collections.emptyList(),
-                    TimeUnit.SECONDS.toNanos(15L), null),
+                    TimeUnit.SECONDS.toNanos(15L), null, false),
                 ImmutableMap.of())));
     verifyNoMoreInteractions(mockListener);  // no cluster added/deleted
     assertCallSelectClusterResult(call1, configSelector, "another-cluster", 15.0);
@@ -1029,7 +1097,7 @@ public void resolved_raceBetweenClusterReleasedAndResourceUpdateAddBackAgain() {
                 RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
-                    null),
+                    null, false),
                 ImmutableMap.of())));
     xdsClient.deliverLdsUpdate(
         Arrays.asList(
@@ -1037,13 +1105,13 @@ public void resolved_raceBetweenClusterReleasedAndResourceUpdateAddBackAgain() {
                 RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
-                    null),
+                    null, false),
                 ImmutableMap.of()),
             Route.forAction(
                 RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
-                    null),
+                    null, false),
                 ImmutableMap.of())));
     testCall.deliverErrorStatus();
     verifyNoMoreInteractions(mockListener);
@@ -1067,7 +1135,7 @@ public void resolved_simpleCallSucceeds_routeToWeightedCluster() {
                             cluster2, 80, ImmutableMap.of())),
                     Collections.emptyList(),
                     TimeUnit.SECONDS.toNanos(20L),
-                    null),
+                    null, false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
@@ -1096,7 +1164,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
                             ImmutableMap.of("lookupService", "rls-cbt.googleapis.com"))),
                     Collections.emptyList(),
                     TimeUnit.SECONDS.toNanos(20L),
-                    null),
+                    null, false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
@@ -1144,7 +1212,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
                     Collections.emptyList(),
                     // changed
                     TimeUnit.SECONDS.toNanos(30L),
-                    null),
+                    null, false),
                 ImmutableMap.of())));
     verify(mockListener, times(2)).onResult(resolutionResultCaptor.capture());
     ResolutionResult result2 = resolutionResultCaptor.getValue();
@@ -1250,13 +1318,13 @@ private InternalConfigSelector resolveToClusters() {
                 RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster1, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
-                    null),
+                    null, false),
                 ImmutableMap.of()),
             Route.forAction(
                 RouteMatch.withPathExactOnly(call2.getFullMethodNameForPath()),
                 RouteAction.forCluster(
                     cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
-                    null),
+                    null, false),
                 ImmutableMap.of())));
     verify(mockListener).onResult(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
@@ -1305,7 +1373,7 @@ public void generateServiceConfig_forClusterManagerLoadBalancingConfig() throws
     Route route1 = Route.forAction(
         RouteMatch.withPathExactOnly("HelloService/hi"),
         RouteAction.forCluster(
-            "cluster-foo", Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null),
+            "cluster-foo", Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L), null, false),
         ImmutableMap.of());
     Route route2 = Route.forAction(
         RouteMatch.withPathExactOnly("HelloService/hello"),
@@ -1315,7 +1383,7 @@ public void generateServiceConfig_forClusterManagerLoadBalancingConfig() throws
                 ClusterWeight.create("cluster-baz", 50, ImmutableMap.of())),
             ImmutableList.of(),
             TimeUnit.SECONDS.toNanos(15L),
-            null),
+            null, false),
         ImmutableMap.of());
     Map<String, ?> rlsConfig = ImmutableMap.of("lookupService", "rls.bigtable.google.com");
     Route route3 = Route.forAction(
@@ -1324,7 +1392,7 @@ public void generateServiceConfig_forClusterManagerLoadBalancingConfig() throws
             NamedPluginConfig.create("plugin-foo", RlsPluginConfig.create(rlsConfig)),
             Collections.emptyList(),
             TimeUnit.SECONDS.toNanos(20L),
-            null),
+            null, false),
         ImmutableMap.of());
 
     resolver.start(mockListener);
@@ -1914,6 +1982,7 @@ private PickSubchannelArgs newPickSubchannelArgs(
 
   private final class FakeXdsClientPoolFactory implements XdsClientPoolFactory {
     Set<String> targets = new HashSet<>();
+    XdsClient xdsClient = new FakeXdsClient();
 
     @Override
     public void setBootstrapOverride(Map<String, ?> bootstrap) {}
@@ -1930,7 +1999,7 @@ public ObjectPool<XdsClient> getOrCreate(String target) throws XdsInitialization
       return new ObjectPool<XdsClient>() {
         @Override
         public XdsClient getObject() {
-          return new FakeXdsClient();
+          return xdsClient;
         }
 
         @Override
@@ -2058,7 +2127,8 @@ void deliverLdsUpdateWithFaultInjection(
               Collections.singletonList(clusterWeight),
               Collections.emptyList(),
               null,
-              null),
+              null,
+              false),
           overrideConfig);
       overrideConfig = virtualHostFaultConfig == null
           ? ImmutableMap.of()
@@ -2125,7 +2195,8 @@ void deliverRdsUpdateWithFaultInjection(
               Collections.singletonList(clusterWeight),
               Collections.emptyList(),
               null,
-              null),
+              null,
+              false),
           overrideConfig);
       overrideConfig = virtualHostFaultConfig == null
           ? ImmutableMap.of()
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
index 55b8812cd17..66ac1475d8e 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
@@ -1035,7 +1035,8 @@ public void run() {
             "/FooService/barMethod",
             "foo.google.com",
             Route.RouteAction.forCluster(
-                "cluster", Collections.<Route.RouteAction.HashPolicy>emptyList(), null, null));
+                "cluster", Collections.<Route.RouteAction.HashPolicy>emptyList(), null, null,
+                false));
     ServerCall<Void, Void> serverCall = mock(ServerCall.class);
     when(serverCall.getAttributes()).thenReturn(
         Attributes.newBuilder()

From ef1fe87373b8436e518d7f74a89b2b3936484eb2 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 31 Oct 2024 11:51:40 +0530
Subject: [PATCH 072/591] okhttp: Use failing "source" for read bytes when
 sending GOAWAY due to insufficient thread pool size

Create `ClientFrameHandler` with failing source to be used in case of failed 2nd thread scheduling. Fixes NPE from https://github.com/grpc/grpc-java/pull/11503.
---
 .../io/grpc/okhttp/OkHttpClientTransport.java | 33 ++++++++++---------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index 2f6b836dc3a..59f824b1a3c 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -515,21 +515,6 @@ public Runnable start(Listener listener) {
     serializingExecutor.execute(new Runnable() {
       @Override
       public void run() {
-        // This is a hack to make sure the connection preface and initial settings to be sent out
-        // without blocking the start. By doing this essentially prevents potential deadlock when
-        // network is not available during startup while another thread holding lock to send the
-        // initial preface.
-        try {
-          latch.await();
-          barrier.await(1000, TimeUnit.MILLISECONDS);
-        } catch (InterruptedException e) {
-          Thread.currentThread().interrupt();
-        } catch (TimeoutException | BrokenBarrierException e) {
-          startGoAway(0, ErrorCode.INTERNAL_ERROR, Status.UNAVAILABLE
-              .withDescription("Timed out waiting for second handshake thread. "
-                + "The transport executor pool may have run out of threads"));
-          return;
-        }
         // Use closed source on failure so that the reader immediately shuts down.
         BufferedSource source = Okio.buffer(new Source() {
           @Override
@@ -549,6 +534,22 @@ public void close() {
         Socket sock;
         SSLSession sslSession = null;
         try {
+          // This is a hack to make sure the connection preface and initial settings to be sent out
+          // without blocking the start. By doing this essentially prevents potential deadlock when
+          // network is not available during startup while another thread holding lock to send the
+          // initial preface.
+          try {
+            latch.await();
+            barrier.await(1000, TimeUnit.MILLISECONDS);
+          } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+          } catch (TimeoutException | BrokenBarrierException e) {
+            startGoAway(0, ErrorCode.INTERNAL_ERROR, Status.UNAVAILABLE
+                .withDescription("Timed out waiting for second handshake thread. "
+                    + "The transport executor pool may have run out of threads"));
+            return;
+          }
+
           if (proxiedAddr == null) {
             sock = socketFactory.createSocket(address.getAddress(), address.getPort());
           } else {
@@ -1459,4 +1460,4 @@ public void alternateService(int streamId, String origin, ByteString protocol, S
       // TODO(madongfly): Deal with alternateService propagation
     }
   }
-}
+}
\ No newline at end of file

From 1993e68b038a3a9003374afc305c59b93532fa76 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 1 Nov 2024 07:50:08 -0700
Subject: [PATCH 073/591] Upgrade depedencies (#11655)

---
 MODULE.bazel                                  | 10 ++--
 api/src/main/java/io/grpc/ClientCall.java     |  2 +-
 api/src/main/java/io/grpc/LoadBalancer.java   | 11 +++-
 .../internal/AbstractServerStreamTest.java    |  4 +-
 .../grpc/internal/AbstractTransportTest.java  |  2 +-
 .../grpc/gcp/observability/LoggingTest.java   |  2 +-
 gradle/libs.versions.toml                     | 58 +++++++++++--------
 .../io/grpc/inprocess/InProcessTransport.java |  2 +-
 .../integration/AbstractInteropTest.java      |  2 +-
 repositories.bzl                              | 10 ++--
 .../java/io/grpc/util/AbstractTestHelper.java |  1 +
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |  2 +-
 12 files changed, 61 insertions(+), 45 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index f58d2daa40a..724f537ee6f 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -8,16 +8,16 @@ module(
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.29.0",
-    "com.google.auth:google-auth-library-credentials:1.23.0",
-    "com.google.auth:google-auth-library-oauth2-http:1.23.0",
+    "com.google.api.grpc:proto-google-common-protos:2.48.0",
+    "com.google.auth:google-auth-library-credentials:1.24.1",
+    "com.google.auth:google-auth-library-oauth2-http:1.24.1",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.11.0",
-    "com.google.errorprone:error_prone_annotations:2.28.0",
+    "com.google.errorprone:error_prone_annotations:2.30.0",
     "com.google.guava:failureaccess:1.0.1",
-    "com.google.guava:guava:33.2.1-android",
+    "com.google.guava:guava:33.3.1-android",
     "com.google.re2j:re2j:1.7",
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
diff --git a/api/src/main/java/io/grpc/ClientCall.java b/api/src/main/java/io/grpc/ClientCall.java
index df9e15001e1..c915c8beaac 100644
--- a/api/src/main/java/io/grpc/ClientCall.java
+++ b/api/src/main/java/io/grpc/ClientCall.java
@@ -67,7 +67,7 @@
  * manner, and notifies gRPC library to receive additional response after one is consumed by
  * a fictional <code>processResponse()</code>.
  *
- * <p><pre>
+ * <pre>
  *   call = channel.newCall(bidiStreamingMethod, callOptions);
  *   listener = new ClientCall.Listener&lt;FooResponse&gt;() {
  *     &#64;Override
diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index 97ead20ed36..d5f44dafa5e 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -1033,8 +1033,8 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
     }
 
     /**
-     * Out-of-band channel for LoadBalancer’s own RPC needs, e.g., talking to an external
-     * load-balancer service.
+     * Create an out-of-band channel for the LoadBalancer’s own RPC needs, e.g., talking to an
+     * external load-balancer service.
      *
      * <p>The LoadBalancer is responsible for closing unused OOB channels, and closing all OOB
      * channels within {@link #shutdown}.
@@ -1044,7 +1044,12 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
     public abstract ManagedChannel createOobChannel(EquivalentAddressGroup eag, String authority);
 
     /**
-     * Accept a list of EAG for multiple authorities: https://github.com/grpc/grpc-java/issues/4618
+     * Create an out-of-band channel for the LoadBalancer's own RPC needs, e.g., talking to an
+     * external load-balancer service. This version of the method allows multiple EAGs, so different
+     * addresses can have different authorities.
+     *
+     * <p>The LoadBalancer is responsible for closing unused OOB channels, and closing all OOB
+     * channels within {@link #shutdown}.
      * */
     public ManagedChannel createOobChannel(List<EquivalentAddressGroup> eag,
         String authority) {
diff --git a/core/src/test/java/io/grpc/internal/AbstractServerStreamTest.java b/core/src/test/java/io/grpc/internal/AbstractServerStreamTest.java
index 66fa92b1cf8..b41d45e972e 100644
--- a/core/src/test/java/io/grpc/internal/AbstractServerStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/AbstractServerStreamTest.java
@@ -85,7 +85,7 @@ public void setUp() {
   }
 
   /**
-   * Test for issue https://github.com/grpc/grpc-java/issues/1795
+   * Test for issue https://github.com/grpc/grpc-java/issues/1795 .
    */
   @Test
   public void frameShouldBeIgnoredAfterDeframerClosed() {
@@ -212,7 +212,7 @@ public void closed(Status status) {
   }
 
   /**
-   * Test for issue https://github.com/grpc/grpc-java/issues/615
+   * Test for issue https://github.com/grpc/grpc-java/issues/615 .
    */
   @Test
   public void completeWithoutClose() {
diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index 69d8e65955e..aea7ff49032 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -269,7 +269,7 @@ protected long fakeCurrentTimeNanos() {
   //     (and maybe exceptions handled)
 
   /**
-   * Test for issue https://github.com/grpc/grpc-java/issues/1682
+   * Test for issue https://github.com/grpc/grpc-java/issues/1682 .
    */
   @Test
   public void frameAfterRstStreamShouldNotBreakClientChannel() throws Exception {
diff --git a/gcp-observability/src/test/java/io/grpc/gcp/observability/LoggingTest.java b/gcp-observability/src/test/java/io/grpc/gcp/observability/LoggingTest.java
index ee711cad097..92e67b01e01 100644
--- a/gcp-observability/src/test/java/io/grpc/gcp/observability/LoggingTest.java
+++ b/gcp-observability/src/test/java/io/grpc/gcp/observability/LoggingTest.java
@@ -73,7 +73,7 @@ public class LoggingTest {
   /**
    * Cloud logging test using global interceptors.
    *
-   * <p> Ignoring test, because it calls external Cloud Logging APIs.
+   * <p>Ignoring test, because it calls external Cloud Logging APIs.
    * To test cloud logging setup locally,
    * 1. Set up Cloud auth credentials
    * 2. Assign permissions to service account to write logs to project specified by
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 8d7fb3766e0..b9f9c5350e1 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -10,45 +10,54 @@ protobuf = "3.25.5"
 
 [libraries]
 android-annotations = "com.google.android:annotations:4.1.1.4"
-androidx-annotation = "androidx.annotation:annotation:1.8.0"
+androidx-annotation = "androidx.annotation:annotation:1.9.0"
 androidx-core = "androidx.core:core:1.13.1"
-androidx-lifecycle-common = "androidx.lifecycle:lifecycle-common:2.8.3"
-androidx-lifecycle-service = "androidx.lifecycle:lifecycle-service:2.8.3"
+androidx-lifecycle-common = "androidx.lifecycle:lifecycle-common:2.8.6"
+androidx-lifecycle-service = "androidx.lifecycle:lifecycle-service:2.8.6"
 androidx-test-core = "androidx.test:core:1.6.1"
 androidx-test-ext-junit = "androidx.test.ext:junit:1.2.1"
 androidx-test-rules = "androidx.test:rules:1.6.1"
 animalsniffer = "org.codehaus.mojo:animal-sniffer:1.24"
 animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.24"
-assertj-core = "org.assertj:assertj-core:3.26.0"
+assertj-core = "org.assertj:assertj-core:3.26.3"
 auto-value = "com.google.auto.value:auto-value:1.11.0"
 auto-value-annotations = "com.google.auto.value:auto-value-annotations:1.11.0"
-checkstyle = "com.puppycrawl.tools:checkstyle:10.17.0"
+checkstyle = "com.puppycrawl.tools:checkstyle:10.19.0"
 commons-math3 = "org.apache.commons:commons-math3:3.6.1"
 conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
 cronet-api = "org.chromium.net:cronet-api:119.6045.31"
 cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
-errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.28.0"
-errorprone-core = "com.google.errorprone:error_prone_core:2.28.0"
-google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.41.0"
-google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.23.0"
-google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.23.0"
+# error-prone 2.31.0+ blocked on https://github.com/grpc/grpc-java/issues/10152
+# It breaks Bazel (ArrayIndexOutOfBoundsException in turbine) and Dexing ("D8:
+# java.lang.NullPointerException"). We can trivially upgrade the Bazel CI to
+# 6.3.0+ (https://github.com/bazelbuild/bazel/issues/18743).
+errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.30.0"
+# error-prone 2.32.0+ require Java 17+
+errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
+google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.48.0"
+# google-auth-library 1.25.0+ requires error_prone_annotations 2.31.0+, which
+# breaks the Android build
+google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.24.1"
+google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.24.1"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
-google-cloud-logging = "com.google.cloud:google-cloud-logging:3.19.0"
+google-cloud-logging = "com.google.cloud:google-cloud-logging:3.20.6"
 gson = "com.google.code.gson:gson:2.11.0"
-guava = "com.google.guava:guava:33.2.1-android"
+guava = "com.google.guava:guava:33.3.1-android"
 guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
-guava-testlib = "com.google.guava:guava-testlib:33.2.1-android"
+guava-testlib = "com.google.guava:guava-testlib:33.3.1-android"
 # JRE version is needed for projects where its a transitive dependency, f.e. gcp-observability.
 # May be different from the -android version.
-guava-jre = "com.google.guava:guava:33.2.1-jre"
+guava-jre = "com.google.guava:guava:33.3.1-jre"
 hdrhistogram = "org.hdrhistogram:HdrHistogram:2.2.2"
+# 6.0.0+ use java.lang.Deprecated forRemoval and since from Java 9
 jakarta-servlet-api = "jakarta.servlet:jakarta.servlet-api:5.0.0"
 javax-annotation = "org.apache.tomcat:annotations-api:6.0.53"
 javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
-jetty-client = "org.eclipse.jetty:jetty-client:10.0.20"
-jetty-http2-server = "org.eclipse.jetty.http2:http2-server:11.0.22"
+# 12.0.0+ require Java 17+
+jetty-client = "org.eclipse.jetty:jetty-client:11.0.24"
+jetty-http2-server = "org.eclipse.jetty.http2:http2-server:11.0.24"
 jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.20"
-jetty-servlet = "org.eclipse.jetty:jetty-servlet:11.0.22"
+jetty-servlet = "org.eclipse.jetty:jetty-servlet:11.0.24"
 jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.20"
 jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
 junit = "junit:junit:4.13.2"
@@ -76,11 +85,11 @@ opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-g
 opencensus-exporter-stats-stackdriver = { module = "io.opencensus:opencensus-exporter-stats-stackdriver", version.ref = "opencensus" }
 opencensus-exporter-trace-stackdriver = { module = "io.opencensus:opencensus-exporter-trace-stackdriver", version.ref = "opencensus" }
 opencensus-impl = { module = "io.opencensus:opencensus-impl", version.ref = "opencensus" }
-opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.40.0"
-opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.40.0-alpha"
-opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.36.0-alpha"
-opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.40.0"
-opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.40.0"
+opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.43.0"
+opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.43.0-alpha"
+opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.40.0-alpha"
+opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.43.0"
+opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.43.0"
 perfmark-api = "io.perfmark:perfmark-api:0.27.0"
 protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobuf" }
 protobuf-java-util = { module = "com.google.protobuf:protobuf-java-util", version.ref = "protobuf" }
@@ -90,11 +99,12 @@ re2j = "com.google.re2j:re2j:1.7"
 robolectric = "org.robolectric:robolectric:4.13"
 signature-android = "net.sf.androidscents.signature:android-api-level-19:4.4.2_r4"
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
-tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.25"
+# 11.0.0+ require Java 17+
+tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.31"
 tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.89"
 truth = "com.google.truth:truth:1.4.4"
 undertow-servlet22 = "io.undertow:undertow-servlet:2.2.32.Final"
-undertow-servlet = "io.undertow:undertow-servlet:2.3.14.Final"
+undertow-servlet = "io.undertow:undertow-servlet:2.3.18.Final"
 
 # Do not update: Pinned to the last version supporting Java 8.
 # See https://checkstyle.sourceforge.io/releasenotes.html#Release_10.1
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index 4212d96e9fb..eacf46ca4a2 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -606,7 +606,7 @@ public void close(Status status, Metadata trailers) {
         notifyClientClose(status, trailers);
       }
 
-      /** clientStream.serverClosed() must be called before this method */
+      /** clientStream.serverClosed() must be called before this method. */
       private void notifyClientClose(Status status, Metadata trailers) {
         Status clientStatus = cleanStatus(status, includeCauseWithStatus);
         synchronized (this) {
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index a581c750028..53d24d74a36 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -133,7 +133,7 @@
 /**
  * Abstract base class for all GRPC transport tests.
  *
- * <p> New tests should avoid using Mockito to support running on AppEngine.</p>
+ * <p>New tests should avoid using Mockito to support running on AppEngine.
  */
 public abstract class AbstractInteropTest {
   private static Logger logger = Logger.getLogger(AbstractInteropTest.class.getName());
diff --git a/repositories.bzl b/repositories.bzl
index f8cf77c8190..375c8872e66 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -12,16 +12,16 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.29.0",
-    "com.google.auth:google-auth-library-credentials:1.23.0",
-    "com.google.auth:google-auth-library-oauth2-http:1.23.0",
+    "com.google.api.grpc:proto-google-common-protos:2.48.0",
+    "com.google.auth:google-auth-library-credentials:1.24.1",
+    "com.google.auth:google-auth-library-oauth2-http:1.24.1",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.11.0",
-    "com.google.errorprone:error_prone_annotations:2.28.0",
+    "com.google.errorprone:error_prone_annotations:2.30.0",
     "com.google.guava:failureaccess:1.0.1",
-    "com.google.guava:guava:33.2.1-android",
+    "com.google.guava:guava:33.3.1-android",
     "com.google.re2j:re2j:1.7",
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
diff --git a/util/src/testFixtures/java/io/grpc/util/AbstractTestHelper.java b/util/src/testFixtures/java/io/grpc/util/AbstractTestHelper.java
index bdeff9d17c5..bbf2d5efe9f 100644
--- a/util/src/testFixtures/java/io/grpc/util/AbstractTestHelper.java
+++ b/util/src/testFixtures/java/io/grpc/util/AbstractTestHelper.java
@@ -55,6 +55,7 @@
  * To use it replace <br>
  * \@mock Helper mockHelper<br>
  * with<br>
+ *
  * <p>Helper mockHelper = mock(Helper.class, delegatesTo(new TestHelper()));</p>
  * <br>
  * TestHelper will need to define accessors for the maps that information is store within as
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 87e875e75f6..b0ef0131a6d 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -3173,7 +3173,7 @@ public void canonifyResourceName() {
 
   /**
    *  Tests compliance with RFC 3986 section 3.3
-   *  https://datatracker.ietf.org/doc/html/rfc3986#section-3.3
+   *  https://datatracker.ietf.org/doc/html/rfc3986#section-3.3 .
    */
   @Test
   public void percentEncodePath()  {

From 88596868a457513844b1ca8ef95fa8eecd2c13b1 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 5 Nov 2024 10:56:33 +0530
Subject: [PATCH 074/591] xds: Envoy proto sync to 2024-10-23 (#11664)

---
 repositories.bzl                              |  6 +-
 xds/third_party/envoy/import.sh               |  2 +-
 .../envoy/config/cluster/v3/cluster.proto     | 36 ++++++-
 .../proto/envoy/config/core/v3/protocol.proto | 50 +++++++---
 .../config/core/v3/socket_cmsg_headers.proto  | 28 ++++++
 .../envoy/config/core/v3/socket_option.proto  | 29 +++++-
 .../config/endpoint/v3/load_report.proto      | 27 +++++-
 .../config/listener/v3/quic_config.proto      | 15 ++-
 .../config/route/v3/route_components.proto    |  6 +-
 .../proto/envoy/config/trace/v3/datadog.proto | 16 ++++
 .../envoy/config/trace/v3/dynamic_ot.proto    |  4 +-
 .../v3/http_connection_manager.proto          | 94 +++++++++++++++----
 .../v3/client_side_weighted_round_robin.proto | 15 ++-
 .../transport_sockets/tls/v3/common.proto     |  4 +-
 .../transport_sockets/tls/v3/tls.proto        | 16 +++-
 15 files changed, 287 insertions(+), 61 deletions(-)
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_cmsg_headers.proto

diff --git a/repositories.bzl b/repositories.bzl
index 375c8872e66..7d01675e9ad 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -141,10 +141,10 @@ def grpc_java_repositories(bzlmod = False):
     if not native.existing_rule("envoy_api"):
         http_archive(
             name = "envoy_api",
-            sha256 = "cb7cd388eaa297320d392c872ceb82571dee71f4b6f1c4546b0c0a399636f523",
-            strip_prefix = "data-plane-api-874e3aa8c3aa5086b6bffa2166e0e0077bb32f71",
+            sha256 = "f439add0cc01f718d53d6feb4d0972ac0d48b3e145c18b53439a3b5148a0cb6e",
+            strip_prefix = "data-plane-api-55f8b2351962d84c84a6534da67da1dd9f671c50",
             urls = [
-                "https://github.com/envoyproxy/data-plane-api/archive/874e3aa8c3aa5086b6bffa2166e0e0077bb32f71.tar.gz",
+                "https://github.com/envoyproxy/data-plane-api/archive/55f8b2351962d84c84a6534da67da1dd9f671c50.tar.gz",
             ],
         )
 
diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh
index 41506c2ed32..8f0271e784e 100755
--- a/xds/third_party/envoy/import.sh
+++ b/xds/third_party/envoy/import.sh
@@ -17,7 +17,7 @@
 
 set -e
 # import VERSION from the google internal copybara_version.txt for Envoy
-VERSION=ab911ac2ff971f805ec822ad4d4ff6b42a61cc7c
+VERSION=742a3b02e3b2a9dfb877a7e378607c6ed0c2aa53
 DOWNLOAD_URL="https://github.com/envoyproxy/envoy/archive/${VERSION}.tar.gz"
 DOWNLOAD_BASE_DIR="envoy-${VERSION}"
 SOURCE_PROTO_BASE_DIR="${DOWNLOAD_BASE_DIR}/api"
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
index 0074e63dff6..0d2d6f1918e 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
@@ -45,7 +45,7 @@ message ClusterCollection {
 }
 
 // Configuration for a single upstream cluster.
-// [#next-free-field: 57]
+// [#next-free-field: 59]
 message Cluster {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster";
 
@@ -754,13 +754,13 @@ message Cluster {
 
   reserved "hosts", "tls_context", "extension_protocol_options";
 
-  // Configuration to use different transport sockets for different endpoints.  The entry of
+  // Configuration to use different transport sockets for different endpoints. The entry of
   // ``envoy.transport_socket_match`` in the :ref:`LbEndpoint.Metadata
   // <envoy_v3_api_field_config.endpoint.v3.LbEndpoint.metadata>` is used to match against the
   // transport sockets as they appear in the list. If a match is not found, the search continues in
   // :ref:`LocalityLbEndpoints.Metadata
-  // <envoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.metadata>`.  The first :ref:`match
-  // <envoy_v3_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` is used.  For example, with
+  // <envoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.metadata>`. The first :ref:`match
+  // <envoy_v3_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` is used. For example, with
   // the following match
   //
   // .. code-block:: yaml
@@ -956,6 +956,17 @@ message Cluster {
   google.protobuf.Duration dns_refresh_rate = 16
       [(validate.rules).duration = {gt {nanos: 1000000}}];
 
+  // DNS jitter can be optionally specified if the cluster type is either
+  // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
+  // or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`.
+  // DNS jitter causes the cluster to refresh DNS entries later by a random amount of time to avoid a
+  // stampede of DNS requests. This value sets the upper bound (exclusive) for the random amount.
+  // There will be no jitter if this value is omitted. For cluster types other than
+  // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
+  // and :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
+  // this setting is ignored.
+  google.protobuf.Duration dns_jitter = 58;
+
   // If the DNS failure refresh rate is specified and the cluster type is either
   // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
   // or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`,
@@ -1151,6 +1162,23 @@ message Cluster {
   // from the LRS stream here.]
   core.v3.ConfigSource lrs_server = 42;
 
+  // A list of metric names from :ref:`ORCA load reports <envoy_v3_api_msg_.xds.data.orca.v3.OrcaLoadReport>` to propagate to LRS.
+  //
+  // If not specified, then ORCA load reports will not be propagated to LRS.
+  //
+  // For map fields in the ORCA proto, the string will be of the form ``<map_field_name>.<map_key>``.
+  // For example, the string ``named_metrics.foo`` will mean to look for the key ``foo`` in the ORCA
+  // :ref:`named_metrics <envoy_v3_api_field_.xds.data.orca.v3.OrcaLoadReport.named_metrics>` field.
+  //
+  // The special map key ``*`` means to report all entries in the map (e.g., ``named_metrics.*`` means to
+  // report all entries in the ORCA named_metrics field). Note that this should be used only with trusted
+  // backends.
+  //
+  // The metric names in LRS will follow the same semantics as this field. In other words, if this field
+  // contains ``named_metrics.foo``, then the LRS load report will include the data with that same string
+  // as the key.
+  repeated string lrs_report_endpoint_metrics = 57;
+
   // If track_timeout_budgets is true, the :ref:`timeout budget histograms
   // <config_cluster_manager_cluster_stats_timeout_budgets>` will be published for each
   // request. These show what percentage of a request's per try and global timeout was used. A value
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
index e2c5863d784..d8ce3cd817c 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
@@ -39,24 +39,21 @@ message QuicKeepAliveSettings {
   //
   // If zero, disable keepalive probing.
   // If absent, use the QUICHE default interval to probe.
-  google.protobuf.Duration max_interval = 1 [(validate.rules).duration = {
-    lte {}
-    gte {seconds: 1}
-  }];
+  google.protobuf.Duration max_interval = 1;
 
   // The interval to send the first few keep-alive probing packets to prevent connection from hitting the idle timeout. Subsequent probes will be sent, each one with an interval exponentially longer than previous one, till it reaches :ref:`max_interval <envoy_v3_api_field_config.core.v3.QuicKeepAliveSettings.max_interval>`. And the probes afterwards will always use :ref:`max_interval <envoy_v3_api_field_config.core.v3.QuicKeepAliveSettings.max_interval>`.
   //
   // The value should be smaller than :ref:`connection idle_timeout <envoy_v3_api_field_config.listener.v3.QuicProtocolOptions.idle_timeout>` to prevent idle timeout and smaller than max_interval to take effect.
   //
-  // If absent or zero, disable keepalive probing for a server connection. For a client connection, if :ref:`max_interval <envoy_v3_api_field_config.core.v3.QuicKeepAliveSettings.max_interval>`  is also zero, do not keepalive, otherwise use max_interval or QUICHE default to probe all the time.
+  // If absent, disable keepalive probing for a server connection. For a client connection, if :ref:`max_interval <envoy_v3_api_field_config.core.v3.QuicKeepAliveSettings.max_interval>` is zero, do not keepalive, otherwise use max_interval or QUICHE default to probe all the time.
   google.protobuf.Duration initial_interval = 2 [(validate.rules).duration = {
     lte {}
-    gte {seconds: 1}
+    gte {nanos: 1000000}
   }];
 }
 
 // QUIC protocol options which apply to both downstream and upstream connections.
-// [#next-free-field: 9]
+// [#next-free-field: 10]
 message QuicProtocolOptions {
   // Maximum number of streams that the client can negotiate per connection. 100
   // if not specified.
@@ -111,6 +108,10 @@ message QuicProtocolOptions {
     lte {seconds: 600}
     gte {seconds: 1}
   }];
+
+  // Maximum packet length for QUIC connections. It refers to the largest size of a QUIC packet that can be transmitted over the connection.
+  // If not specified, one of the `default values in QUICHE <https://github.com/google/quiche/blob/main/quiche/quic/core/quic_constants.h>`_ is used.
+  google.protobuf.UInt64Value max_packet_length = 9;
 }
 
 message UpstreamHttpProtocolOptions {
@@ -205,7 +206,7 @@ message AlternateProtocolsCacheOptions {
   repeated string canonical_suffixes = 5;
 }
 
-// [#next-free-field: 7]
+// [#next-free-field: 8]
 message HttpProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.core.HttpProtocolOptions";
@@ -249,18 +250,37 @@ message HttpProtocolOptions {
   google.protobuf.Duration idle_timeout = 1;
 
   // The maximum duration of a connection. The duration is defined as a period since a connection
-  // was established. If not set, there is no max duration. When max_connection_duration is reached
-  // and if there are no active streams, the connection will be closed. If the connection is a
-  // downstream connection and there are any active streams, the drain sequence will kick-in,
-  // and the connection will be force-closed after the drain period. See :ref:`drain_timeout
+  // was established. If not set, there is no max duration. When max_connection_duration is reached,
+  // the drain sequence will kick-in. The connection will be closed after the drain timeout period
+  // if there are no active streams. See :ref:`drain_timeout
   // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.drain_timeout>`.
   google.protobuf.Duration max_connection_duration = 3;
 
-  // The maximum number of headers. If unconfigured, the default
-  // maximum number of request headers allowed is 100. Requests that exceed this limit will receive
-  // a 431 response for HTTP/1.x and cause a stream reset for HTTP/2.
+  // The maximum number of headers (request headers if configured on HttpConnectionManager,
+  // response headers when configured on a cluster).
+  // If unconfigured, the default maximum number of headers allowed is 100.
+  // The default value for requests can be overridden by setting runtime key ``envoy.reloadable_features.max_request_headers_count``.
+  // The default value for responses can be overridden by setting runtime key ``envoy.reloadable_features.max_response_headers_count``.
+  // Downstream requests that exceed this limit will receive a 431 response for HTTP/1.x and cause a stream
+  // reset for HTTP/2.
+  // Upstream responses that exceed this limit will result in a 503 response.
   google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}];
 
+  // The maximum size of response headers.
+  // If unconfigured, the default is 60 KiB, except for HTTP/1 response headers which have a default
+  // of 80KiB.
+  // The default value can be overridden by setting runtime key ``envoy.reloadable_features.max_response_headers_size_kb``.
+  // Responses that exceed this limit will result in a 503 response.
+  // In Envoy, this setting is only valid when configured on an upstream cluster, not on the
+  // :ref:`HTTP Connection Manager
+  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.common_http_protocol_options>`.
+  //
+  // Note: currently some protocol codecs impose limits on the maximum size of a single header:
+  //   HTTP/2 (when using nghttp2) limits a single header to around 100kb.
+  //   HTTP/3 limits a single header to around 1024kb.
+  google.protobuf.UInt32Value max_response_headers_kb = 7
+      [(validate.rules).uint32 = {lte: 8192 gt: 0}];
+
   // Total duration to keep alive an HTTP request/response stream. If the time limit is reached the stream will be
   // reset independent of any other timeouts. If not specified, this value is not set.
   google.protobuf.Duration max_stream_duration = 4;
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_cmsg_headers.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_cmsg_headers.proto
new file mode 100644
index 00000000000..4c8da0d1e4e
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_cmsg_headers.proto
@@ -0,0 +1,28 @@
+syntax = "proto3";
+
+package envoy.config.core.v3;
+
+import "google/protobuf/wrappers.proto";
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.config.core.v3";
+option java_outer_classname = "SocketCmsgHeadersProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Socket CMSG headers]
+
+// Configuration for socket cmsg headers.
+// See `:ref:CMSG <https://man7.org/linux/man-pages/man3/cmsg.3.html>`_ for further information.
+message SocketCmsgHeaders {
+  // cmsg level. Default is unset.
+  google.protobuf.UInt32Value level = 1;
+
+  // cmsg type. Default is unset.
+  google.protobuf.UInt32Value type = 2;
+
+  // Expected size of cmsg value. Default is zero.
+  uint32 expected_size = 3;
+}
\ No newline at end of file
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_option.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_option.proto
index 44f1ce3890a..ad73d72e490 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_option.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_option.proto
@@ -36,7 +36,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // :ref:`admin's <envoy_v3_api_field_config.bootstrap.v3.Admin.socket_options>` socket_options etc.
 //
 // It should be noted that the name or level may have different values on different platforms.
-// [#next-free-field: 7]
+// [#next-free-field: 8]
 message SocketOption {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketOption";
 
@@ -51,6 +51,29 @@ message SocketOption {
     STATE_LISTENING = 2;
   }
 
+  // The `socket type <https://linux.die.net/man/2/socket>`_ to apply the socket option to.
+  // Only one field should be set. If multiple fields are set, the precedence order will determine
+  // the selected one. If none of the fields is set, the socket option will be applied to all socket types.
+  //
+  // For example:
+  // If :ref:`stream <envoy_v3_api_field_config.core.v3.SocketOption.SocketType.stream>` is set,
+  // it takes precedence over :ref:`datagram <envoy_v3_api_field_config.core.v3.SocketOption.SocketType.datagram>`.
+  message SocketType {
+    // The stream socket type.
+    message Stream {
+    }
+
+    // The datagram socket type.
+    message Datagram {
+    }
+
+    // Apply the socket option to the stream socket type.
+    Stream stream = 1;
+
+    // Apply the socket option to the datagram socket type.
+    Datagram datagram = 2;
+  }
+
   // An optional name to give this socket option for debugging, etc.
   // Uniqueness is not required and no special meaning is assumed.
   string description = 1;
@@ -74,6 +97,10 @@ message SocketOption {
   // The state in which the option will be applied. When used in BindConfig
   // STATE_PREBIND is currently the only valid value.
   SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
+
+  // Apply the socket option to the specified `socket type <https://linux.die.net/man/2/socket>`_.
+  // If not specified, the socket option will be applied to all socket types.
+  SocketType type = 7;
 }
 
 message SocketOptionsOverride {
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto
index fbd1d36d5d0..32bbfe2d3f6 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto
@@ -25,7 +25,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // These are stats Envoy reports to the management server at a frequency defined by
 // :ref:`LoadStatsResponse.load_reporting_interval<envoy_v3_api_field_service.load_stats.v3.LoadStatsResponse.load_reporting_interval>`.
 // Stats per upstream region/zone and optionally per subzone.
-// [#next-free-field: 12]
+// [#next-free-field: 15]
 message UpstreamLocalityStats {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.endpoint.UpstreamLocalityStats";
@@ -75,7 +75,20 @@ message UpstreamLocalityStats {
   // [#not-implemented-hide:]
   uint64 total_fail_connections = 11 [(xds.annotations.v3.field_status).work_in_progress = true];
 
-  // Stats for multi-dimensional load balancing.
+  // CPU utilization stats for multi-dimensional load balancing.
+  // This typically comes from endpoint metrics reported via ORCA.
+  UnnamedEndpointLoadMetricStats cpu_utilization = 12;
+
+  // Memory utilization for multi-dimensional load balancing.
+  // This typically comes from endpoint metrics reported via ORCA.
+  UnnamedEndpointLoadMetricStats mem_utilization = 13;
+
+  // Blended application-defined utilization for multi-dimensional load balancing.
+  // This typically comes from endpoint metrics reported via ORCA.
+  UnnamedEndpointLoadMetricStats application_utilization = 14;
+
+  // Named stats for multi-dimensional load balancing.
+  // These typically come from endpoint metrics reported via ORCA.
   repeated EndpointLoadMetricStats load_metric_stats = 5;
 
   // Endpoint granularity stats information for this locality. This information
@@ -145,6 +158,16 @@ message EndpointLoadMetricStats {
   double total_metric_value = 3;
 }
 
+// Same as EndpointLoadMetricStats, except without the metric_name field.
+message UnnamedEndpointLoadMetricStats {
+  // Number of calls that finished and included this metric.
+  uint64 num_requests_finished_with_metric = 1;
+
+  // Sum of metric values across all calls that finished with this metric for
+  // load_reporting_interval.
+  double total_metric_value = 2;
+}
+
 // Per cluster load stats. Envoy reports these stats a management server in a
 // :ref:`LoadStatsRequest<envoy_v3_api_msg_service.load_stats.v3.LoadStatsRequest>`
 // Next ID: 7
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto
index 3ddebe900ef..6c0a5bd201f 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto
@@ -5,6 +5,7 @@ package envoy.config.listener.v3;
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/protocol.proto";
+import "envoy/config/core/v3/socket_cmsg_headers.proto";
 
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
@@ -24,7 +25,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#protodoc-title: QUIC listener config]
 
 // Configuration specific to the UDP QUIC listener.
-// [#next-free-field: 12]
+// [#next-free-field: 14]
 message QuicProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.listener.QuicProtocolOptions";
@@ -86,4 +87,16 @@ message QuicProtocolOptions {
   // If not specified, no debug visitor will be attached to connections.
   // [#extension-category: envoy.quic.connection_debug_visitor]
   core.v3.TypedExtensionConfig connection_debug_visitor_config = 11;
+
+  // Configure a type of UDP cmsg to pass to listener filters via QuicReceivedPacket.
+  // Both level and type must be specified for cmsg to be saved.
+  // Cmsg may be truncated or omitted if expected size is not set.
+  // If not specified, no cmsg will be saved to QuicReceivedPacket.
+  repeated core.v3.SocketCmsgHeaders save_cmsg_config = 12
+      [(validate.rules).repeated = {max_items: 1}];
+
+  // If true, the listener will reject connection-establishing packets at the
+  // QUIC layer by replying with an empty version negotiation packet to the
+  // client.
+  bool reject_new_connections = 13;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
index 7e2ff33da5c..ce781d100c9 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
@@ -17,7 +17,6 @@ import "google/protobuf/any.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
-import "xds/annotations/v3/status.proto";
 import "xds/type/matcher/v3/matcher.proto";
 
 import "envoy/annotations/deprecation.proto";
@@ -92,13 +91,12 @@ message VirtualHost {
   // The list of routes that will be matched, in order, for incoming requests.
   // The first route that matches will be used.
   // Only one of this and ``matcher`` can be specified.
-  repeated Route routes = 3;
+  repeated Route routes = 3 [(udpa.annotations.field_migrate).oneof_promotion = "route_selection"];
 
-  // [#next-major-version: This should be included in a oneof with routes wrapped in a message.]
   // The match tree to use when resolving route actions for incoming requests. Only one of this and ``routes``
   // can be specified.
   xds.type.matcher.v3.Matcher matcher = 21
-      [(xds.annotations.v3.field_status).work_in_progress = true];
+      [(udpa.annotations.field_migrate).oneof_promotion = "route_selection"];
 
   // Specifies the type of TLS enforcement the virtual host expects. If this option is not
   // specified, there is no TLS requirement for the virtual host.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/datadog.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/datadog.proto
index bed6c8eec36..5359ec74267 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/datadog.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/datadog.proto
@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.config.trace.v3;
 
+import "google/protobuf/duration.proto";
+
 import "udpa/annotations/migrate.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
@@ -16,6 +18,13 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Datadog tracer]
 
+// Configuration for the Remote Configuration feature.
+message DatadogRemoteConfig {
+  // Frequency at which new configuration updates are queried.
+  // If no value is provided, the default value is delegated to the Datadog tracing library.
+  google.protobuf.Duration polling_interval = 1;
+}
+
 // Configuration for the Datadog tracer.
 // [#extension: envoy.tracers.datadog]
 message DatadogConfig {
@@ -31,4 +40,11 @@ message DatadogConfig {
   // Optional hostname to use when sending spans to the collector_cluster. Useful for collectors
   // that require a specific hostname. Defaults to :ref:`collector_cluster <envoy_v3_api_field_config.trace.v3.DatadogConfig.collector_cluster>` above.
   string collector_hostname = 3;
+
+  // Enables and configures remote configuration.
+  // Remote Configuration allows to configure the tracer from Datadog's user interface.
+  // This feature can drastically increase the number of connections to the Datadog Agent.
+  // Each tracer regularly polls for configuration updates, and the number of tracers is the product
+  // of the number of listeners and worker threads.
+  DatadogRemoteConfig remote_config = 4;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/dynamic_ot.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/dynamic_ot.proto
index d2664ef717e..40fe8526a5f 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/dynamic_ot.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/dynamic_ot.proto
@@ -20,10 +20,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Dynamically loadable OpenTracing tracer]
 
-// DynamicOtConfig is used to dynamically load a tracer from a shared library
+// DynamicOtConfig was used to dynamically load a tracer from a shared library
 // that implements the `OpenTracing dynamic loading API
 // <https://github.com/opentracing/opentracing-cpp>`_.
-// [#extension: envoy.tracers.dynamic_ot]
+// [#not-implemented-hide:]
 message DynamicOtConfig {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.trace.v2.DynamicOtConfig";
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
index 9e7274daa53..3b49f132956 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -37,7 +37,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.
 // [#extension: envoy.filters.network.http_connection_manager]
 
-// [#next-free-field: 58]
+// [#next-free-field: 59]
 message HttpConnectionManager {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager";
@@ -58,9 +58,8 @@ message HttpConnectionManager {
     // Prior knowledge is allowed).
     HTTP2 = 2;
 
-    // [#not-implemented-hide:] QUIC implementation is not production ready yet. Use this enum with
-    // caution to prevent accidental execution of QUIC code. I.e. `!= HTTP2` is no longer sufficient
-    // to distinguish HTTP1 and HTTP2 traffic.
+    // The connection manager will assume that the client is speaking HTTP/3.
+    // This needs to be consistent with listener and transport socket config.
     HTTP3 = 3;
   }
 
@@ -447,6 +446,21 @@ message HttpConnectionManager {
   config.core.v3.HttpProtocolOptions common_http_protocol_options = 35
       [(udpa.annotations.security).configure_for_untrusted_downstream = true];
 
+  // If set to true, Envoy will not start a drain timer for downstream HTTP1 connections after
+  // :ref:`common_http_protocol_options.max_connection_duration
+  // <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_connection_duration>` passes.
+  // Instead, Envoy will wait for the next downstream request, add connection:close to the response
+  // headers, then close the connection after the stream ends.
+  //
+  // This behavior is compliant with `RFC 9112 section 9.6 <https://www.rfc-editor.org/rfc/rfc9112#name-tear-down>`_
+  //
+  // If set to false, ``max_connection_duration`` will cause Envoy to enter the normal drain
+  // sequence for HTTP1 with Envoy eventually closing the connection (once there are no active
+  // streams).
+  //
+  // Has no effect if ``max_connection_duration`` is unset. Defaults to false.
+  bool http1_safe_max_connection_duration = 58;
+
   // Additional HTTP/1 settings that are passed to the HTTP/1 codec.
   // [#comment:TODO: The following fields are ignored when the
   // :ref:`header validation configuration <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.typed_header_validation_config>`
@@ -459,7 +473,6 @@ message HttpConnectionManager {
       [(udpa.annotations.security).configure_for_untrusted_downstream = true];
 
   // Additional HTTP/3 settings that are passed directly to the HTTP/3 codec.
-  // [#not-implemented-hide:]
   config.core.v3.Http3ProtocolOptions http3_protocol_options = 44;
 
   // An optional override that the connection manager will write to the server
@@ -480,7 +493,12 @@ message HttpConnectionManager {
 
   // The maximum request headers size for incoming connections.
   // If unconfigured, the default max request headers allowed is 60 KiB.
+  // The default value can be overridden by setting runtime key ``envoy.reloadable_features.max_request_headers_size_kb``.
   // Requests that exceed this limit will receive a 431 response.
+  //
+  // Note: currently some protocol codecs impose limits on the maximum size of a single header:
+  //   HTTP/2 (when using nghttp2) limits a single header to around 100kb.
+  //   HTTP/3 limits a single header to around 1024kb.
   google.protobuf.UInt32Value max_request_headers_kb = 29
       [(validate.rules).uint32 = {lte: 8192 gt: 0}];
 
@@ -547,9 +565,10 @@ message HttpConnectionManager {
   // race with the final GOAWAY frame. During this grace period, Envoy will
   // continue to accept new streams. After the grace period, a final GOAWAY
   // frame is sent and Envoy will start refusing new streams. Draining occurs
-  // both when a connection hits the idle timeout or during general server
-  // draining. The default grace period is 5000 milliseconds (5 seconds) if this
-  // option is not specified.
+  // either when a connection hits the idle timeout, when :ref:`max_connection_duration
+  // <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_connection_duration>`
+  // is reached, or during general server draining. The default grace period is
+  // 5000 milliseconds (5 seconds) if this option is not specified.
   google.protobuf.Duration drain_timeout = 12;
 
   // The delayed close timeout is for downstream connections managed by the HTTP connection manager.
@@ -588,26 +607,33 @@ message HttpConnectionManager {
   // emitted by the connection manager.
   repeated config.accesslog.v3.AccessLog access_log = 13;
 
+  // The interval to flush the above access logs.
+  //
   // .. attention::
-  // This field is deprecated in favor of
-  // :ref:`access_log_flush_interval
-  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.access_log_flush_interval>`.
-  // Note that if both this field and :ref:`access_log_flush_interval
-  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.access_log_flush_interval>`
-  // are specified, the former (deprecated field) is ignored.
+  //
+  //   This field is deprecated in favor of
+  //   :ref:`access_log_flush_interval
+  //   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.access_log_flush_interval>`.
+  //   Note that if both this field and :ref:`access_log_flush_interval
+  //   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.access_log_flush_interval>`
+  //   are specified, the former (deprecated field) is ignored.
   google.protobuf.Duration access_log_flush_interval = 54 [
     deprecated = true,
     (validate.rules).duration = {gte {nanos: 1000000}},
     (envoy.annotations.deprecated_at_minor_version) = "3.0"
   ];
 
+  // If set to true, HCM will flush an access log once when a new HTTP request is received, after the request
+  // headers have been evaluated, and before iterating through the HTTP filter chain.
+  //
   // .. attention::
-  // This field is deprecated in favor of
-  // :ref:`flush_access_log_on_new_request
-  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.flush_access_log_on_new_request>`.
-  // Note that if both this field and :ref:`flush_access_log_on_new_request
-  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.flush_access_log_on_new_request>`
-  // are specified, the former (deprecated field) is ignored.
+  //
+  //   This field is deprecated in favor of
+  //   :ref:`flush_access_log_on_new_request
+  //   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.flush_access_log_on_new_request>`.
+  //   Note that if both this field and :ref:`flush_access_log_on_new_request
+  //   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.flush_access_log_on_new_request>`
+  //   are specified, the former (deprecated field) is ignored.
   bool flush_access_log_on_new_request = 55
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
@@ -663,6 +689,34 @@ message HttpConnectionManager {
   // purposes. If unspecified, only RFC1918 IP addresses will be considered internal.
   // See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more
   // information about internal/external addresses.
+  //
+  // .. warning::
+  //     In the next release, no IP addresses will be considered trusted. If you have tooling such as probes
+  //     on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers)
+  //     you will have to manually include those addresses or CIDR ranges like:
+  //
+  // .. validated-code-block:: yaml
+  //   :type-name: envoy.extensions.filters.network.http_connection_manager.v3.InternalAddressConfig
+  //
+  //   cidr_ranges:
+  //       address_prefix: 10.0.0.0
+  //       prefix_len: 8
+  //   cidr_ranges:
+  //       address_prefix: 192.168.0.0
+  //       prefix_len: 16
+  //   cidr_ranges:
+  //       address_prefix: 172.16.0.0
+  //       prefix_len: 12
+  //   cidr_ranges:
+  //       address_prefix: 127.0.0.1
+  //       prefix_len: 32
+  //   cidr_ranges:
+  //       address_prefix: fd00::
+  //       prefix_len: 8
+  //   cidr_ranges:
+  //       address_prefix: ::1
+  //       prefix_len: 128
+  //
   InternalAddressConfig internal_address_config = 25;
 
   // If set, Envoy will not append the remote address to the
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
index c70360a0946..9520f6dbd43 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
@@ -15,7 +15,7 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/loa
 option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Client-Side Weighted Round Robin Load Balancing Policy]
-// [#not-implemented-hide:]
+// [#extension: envoy.load_balancing_policies.client_side_weighted_round_robin]
 
 // Configuration for the client_side_weighted_round_robin LB policy.
 //
@@ -30,11 +30,12 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // regardless of result. Only failed queries count toward eps. A config
 // parameter error_utilization_penalty controls the penalty to adjust endpoint
 // weights using eps and qps. The weight of a given endpoint is computed as:
-//   qps / (utilization + eps/qps * error_utilization_penalty)
+// ``qps / (utilization + eps/qps * error_utilization_penalty)``.
 //
-// See the :ref:`load balancing architecture overview<arch_overview_load_balancing_types>` for more information.
+// See the :ref:`load balancing architecture
+// overview<arch_overview_load_balancing_types>` for more information.
 //
-// [#next-free-field: 7]
+// [#next-free-field: 8]
 message ClientSideWeightedRoundRobin {
   // Whether to enable out-of-band utilization reporting collection from
   // the endpoints. By default, per-request utilization reporting is used.
@@ -68,4 +69,10 @@ message ClientSideWeightedRoundRobin {
   // calculated as eps/qps. Configuration is rejected if this value is negative.
   // Default is 1.0.
   google.protobuf.FloatValue error_utilization_penalty = 6 [(validate.rules).float = {gte: 0.0}];
+
+  // By default, endpoint weight is computed based on the :ref:`application_utilization <envoy_v3_api_field_.xds.data.orca.v3.OrcaLoadReport.application_utilization>` field reported by the endpoint.
+  // If that field is not set, then utilization will instead be computed by taking the max of the values of the metrics specified here.
+  // For map fields in the ORCA proto, the string will be of the form ``<map_field_name>.<map_key>``. For example, the string ``named_metrics.foo`` will mean to look for the key ``foo`` in the ORCA :ref:`named_metrics <envoy_v3_api_field_.xds.data.orca.v3.OrcaLoadReport.named_metrics>` field.
+  // If none of the specified metrics are present in the load report, then :ref:`cpu_utilization <envoy_v3_api_field_.xds.data.orca.v3.OrcaLoadReport.cpu_utilization>` is used instead.
+  repeated string metric_names_for_computing_utilization = 7;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto
index c1a3f5b33b3..46d86b65856 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto
@@ -290,12 +290,12 @@ message TlsSessionTicketKeys {
 // respect to the TLS handshake.
 // [#not-implemented-hide:]
 message CertificateProviderPluginInstance {
-  // Provider instance name. If not present, defaults to "default".
+  // Provider instance name.
   //
   // Instance names should generally be defined not in terms of the underlying provider
   // implementation (e.g., "file_watcher") but rather in terms of the function of the
   // certificates (e.g., "foo_deployment_identity").
-  string instance_name = 1;
+  string instance_name = 1 [(validate.rules).string = {min_len: 1}];
 
   // Opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify
   // a root-certificate (validation context) or "example.com" to specify a certificate for a
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
index 9d465c97321..c305ff74f42 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
@@ -63,7 +63,7 @@ message UpstreamTlsContext {
   google.protobuf.BoolValue enforce_rsa_key_usage = 5;
 }
 
-// [#next-free-field: 11]
+// [#next-free-field: 12]
 message DownstreamTlsContext {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.auth.DownstreamTlsContext";
@@ -140,6 +140,11 @@ message DownstreamTlsContext {
   // If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
   // Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
   google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
+
+  // By default, Envoy as a server uses its preferred cipher during the handshake.
+  // Setting this to true would allow the downstream client's preferred cipher to be used instead.
+  // Has no effect when using TLSv1_3.
+  bool prefer_client_ciphers = 11;
 }
 
 // TLS key log configuration.
@@ -158,7 +163,7 @@ message TlsKeyLog {
 }
 
 // TLS context shared by both client and server TLS contexts.
-// [#next-free-field: 16]
+// [#next-free-field: 17]
 message CommonTlsContext {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.CommonTlsContext";
 
@@ -269,6 +274,13 @@ message CommonTlsContext {
   // [#not-implemented-hide:]
   CertificateProviderPluginInstance tls_certificate_provider_instance = 14;
 
+  // Custom TLS certificate selector.
+  //
+  // Select TLS certificate based on TLS client hello.
+  // If empty, defaults to native TLS certificate selection behavior:
+  // DNS SANs or Subject Common Name in TLS certificates is extracted as server name pattern to match SNI.
+  config.core.v3.TypedExtensionConfig custom_tls_certificate_selector = 16;
+
   // Certificate provider for fetching TLS certificates.
   // [#not-implemented-hide:]
   CertificateProvider tls_certificate_certificate_provider = 9

From 664f1fcf8ac98f5ff41cdf669b478a88c510ba38 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 5 Nov 2024 07:13:31 -0800
Subject: [PATCH 075/591] xds: Remove Bazel dependency on xds v2

feab4e54 removed xds v2 for the Gradle build. Testing with a deploy.jar,
I see the same 4 MB size reduction (31 -> 27 MB) here.

While an orca dependency is deleted in this commit, it is only a direct
dependency. It remains in the :orca target, so doesn't contribute a size
reduction.
---
 xds/BUILD.bazel | 25 -------------------------
 1 file changed, 25 deletions(-)

diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index 05753a3a320..17700eb33bb 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -27,9 +27,7 @@ java_library(
     ]),
     visibility = ["//visibility:public"],
     deps = [
-        ":envoy_service_discovery_v2_java_grpc",
         ":envoy_service_discovery_v3_java_grpc",
-        ":envoy_service_load_stats_v2_java_grpc",
         ":envoy_service_load_stats_v3_java_grpc",
         ":envoy_service_status_v3_java_grpc",
         ":orca",
@@ -64,20 +62,11 @@ java_proto_library(
     name = "xds_protos_java",
     deps = [
         "@com_github_cncf_xds//udpa/type/v1:pkg",
-        "@com_github_cncf_xds//xds/data/orca/v3:pkg",
-        "@com_github_cncf_xds//xds/service/orca/v3:pkg",
         "@com_github_cncf_xds//xds/type/v3:pkg",
         "@envoy_api//envoy/admin/v3:pkg",
-        "@envoy_api//envoy/api/v2:pkg",
-        "@envoy_api//envoy/api/v2/core:pkg",
-        "@envoy_api//envoy/api/v2/endpoint:pkg",
-        "@envoy_api//envoy/config/cluster/aggregate/v2alpha:pkg",
         "@envoy_api//envoy/config/cluster/v3:pkg",
         "@envoy_api//envoy/config/core/v3:pkg",
         "@envoy_api//envoy/config/endpoint/v3:pkg",
-        "@envoy_api//envoy/config/filter/http/fault/v2:pkg",
-        "@envoy_api//envoy/config/filter/http/router/v2:pkg",
-        "@envoy_api//envoy/config/filter/network/http_connection_manager/v2:pkg",
         "@envoy_api//envoy/config/listener/v3:pkg",
         "@envoy_api//envoy/config/rbac/v3:pkg",
         "@envoy_api//envoy/config/route/v3:pkg",
@@ -94,9 +83,7 @@ java_proto_library(
         "@envoy_api//envoy/extensions/load_balancing_policies/round_robin/v3:pkg",
         "@envoy_api//envoy/extensions/load_balancing_policies/wrr_locality/v3:pkg",
         "@envoy_api//envoy/extensions/transport_sockets/tls/v3:pkg",
-        "@envoy_api//envoy/service/discovery/v2:pkg",
         "@envoy_api//envoy/service/discovery/v3:pkg",
-        "@envoy_api//envoy/service/load_stats/v2:pkg",
         "@envoy_api//envoy/service/load_stats/v3:pkg",
         "@envoy_api//envoy/service/status/v3:pkg",
         "@envoy_api//envoy/type/matcher/v3:pkg",
@@ -104,24 +91,12 @@ java_proto_library(
     ],
 )
 
-java_grpc_library(
-    name = "envoy_service_discovery_v2_java_grpc",
-    srcs = ["@envoy_api//envoy/service/discovery/v2:pkg"],
-    deps = [":xds_protos_java"],
-)
-
 java_grpc_library(
     name = "envoy_service_discovery_v3_java_grpc",
     srcs = ["@envoy_api//envoy/service/discovery/v3:pkg"],
     deps = [":xds_protos_java"],
 )
 
-java_grpc_library(
-    name = "envoy_service_load_stats_v2_java_grpc",
-    srcs = ["@envoy_api//envoy/service/load_stats/v2:pkg"],
-    deps = [":xds_protos_java"],
-)
-
 java_grpc_library(
     name = "envoy_service_load_stats_v3_java_grpc",
     srcs = ["@envoy_api//envoy/service/load_stats/v3:pkg"],

From dae078c0a636fd4b71ca7d20c333dd00b0b0714a Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 5 Nov 2024 23:52:20 +0530
Subject: [PATCH 076/591] api: When forwarding from Listener onAddresses to
 Listener2 continue to use onResult (#11666)

When forwarding from Listener onAddresses to Listener2 continue to use onResult and not onResult2 because the latter requires to be called from within synchronization context and it breaks existing code that didn't need to do so when using the old Listener interface.
---
 api/src/main/java/io/grpc/NameResolver.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index b9590ab5d5a..a1dea016377 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -219,13 +219,15 @@ public abstract static class Listener2 implements Listener {
     @Override
     @Deprecated
     @InlineMe(
-        replacement = "this.onResult2(ResolutionResult.newBuilder().setAddressesOrError("
+        replacement = "this.onResult(ResolutionResult.newBuilder().setAddressesOrError("
             + "StatusOr.fromValue(servers)).setAttributes(attributes).build())",
         imports = {"io.grpc.NameResolver.ResolutionResult", "io.grpc.StatusOr"})
     public final void onAddresses(
         List<EquivalentAddressGroup> servers, @ResolutionResultAttr Attributes attributes) {
       // TODO(jihuncho) need to promote Listener2 if we want to use ConfigOrError
-      onResult2(
+      // Calling onResult and not onResult2 because onResult2 can only be called from a
+      // synchronization context.
+      onResult(
           ResolutionResult.newBuilder().setAddressesOrError(
               StatusOr.fromValue(servers)).setAttributes(attributes).build());
     }

From a5db67d0cb4e0c4835a18860f7cbee1519ca2ca7 Mon Sep 17 00:00:00 2001
From: Colin Alworth <colin@colinalworth.com>
Date: Mon, 28 Oct 2024 11:39:32 -0500
Subject: [PATCH 077/591] Deframe failures should be logged on the server as
 warnings

This brings grpc-servlet in line with the grpc-netty implementation found
in NettyServerStream.TransportState.
---
 .../src/main/java/io/grpc/servlet/ServletServerStream.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
index b7ad6e0decc..5d11abf0f90 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
@@ -154,8 +154,8 @@ public void bytesRead(int numBytes) {
 
     @Override
     public void deframeFailed(Throwable cause) {
-      if (logger.isLoggable(FINE)) {
-        logger.log(FINE, String.format("[{%s}] Exception processing message", logId), cause);
+      if (logger.isLoggable(WARNING)) {
+        logger.log(WARNING, String.format("[{%s}] Exception processing message", logId), cause);
       }
       cancel(Status.fromThrowable(cause));
     }

From 76705c235c1396b0cbbf81a5726b93f199b1f619 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 6 Nov 2024 16:39:00 +0530
Subject: [PATCH 078/591] xds: Implement GcpAuthenticationFilter (#11638)

---
 xds/BUILD.bazel                               |   3 +
 .../io/grpc/xds/GcpAuthenticationFilter.java  | 222 ++++++++++++++++++
 .../grpc/xds/GcpAuthenticationFilterTest.java | 121 ++++++++++
 xds/third_party/envoy/import.sh               |   1 +
 .../filters/http/gcp_authn/v3/gcp_authn.proto |  63 +++++
 5 files changed, 410 insertions(+)
 create mode 100644 xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
 create mode 100644 xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto

diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index 17700eb33bb..b235a79c526 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -35,6 +35,7 @@ java_library(
         "//:auto_value_annotations",
         "//alts",
         "//api",
+        "//auth",
         "//context",
         "//core:internal",
         "//netty",
@@ -45,6 +46,7 @@ java_library(
         "@com_google_googleapis//google/rpc:rpc_java_proto",
         "@com_google_protobuf//:protobuf_java",
         "@com_google_protobuf//:protobuf_java_util",
+        "@maven//:com_google_auth_google_auth_library_oauth2_http",
         artifact("com.google.code.findbugs:jsr305"),
         artifact("com.google.code.gson:gson"),
         artifact("com.google.errorprone:error_prone_annotations"),
@@ -73,6 +75,7 @@ java_proto_library(
         "@envoy_api//envoy/extensions/clusters/aggregate/v3:pkg",
         "@envoy_api//envoy/extensions/filters/common/fault/v3:pkg",
         "@envoy_api//envoy/extensions/filters/http/fault/v3:pkg",
+        "@envoy_api//envoy/extensions/filters/http/gcp_authn/v3:pkg",
         "@envoy_api//envoy/extensions/filters/http/rbac/v3:pkg",
         "@envoy_api//envoy/extensions/filters/http/router/v3:pkg",
         "@envoy_api//envoy/extensions/filters/network/http_connection_manager/v3:pkg",
diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
new file mode 100644
index 00000000000..a14dbe801e7
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2021 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import com.google.auth.oauth2.ComputeEngineCredentials;
+import com.google.auth.oauth2.IdTokenCredentials;
+import com.google.common.primitives.UnsignedLongs;
+import com.google.protobuf.Any;
+import com.google.protobuf.InvalidProtocolBufferException;
+import com.google.protobuf.Message;
+import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig;
+import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.TokenCacheConfig;
+import io.grpc.CallCredentials;
+import io.grpc.CallOptions;
+import io.grpc.Channel;
+import io.grpc.ClientCall;
+import io.grpc.ClientInterceptor;
+import io.grpc.CompositeCallCredentials;
+import io.grpc.LoadBalancer.PickSubchannelArgs;
+import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
+import io.grpc.Status;
+import io.grpc.auth.MoreCallCredentials;
+import io.grpc.xds.Filter.ClientInterceptorBuilder;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.function.Function;
+import javax.annotation.Nullable;
+
+/**
+ * A {@link Filter} that injects a {@link CallCredentials} to handle
+ * authentication for xDS credentials.
+ */
+final class GcpAuthenticationFilter implements Filter, ClientInterceptorBuilder {
+
+  static final String TYPE_URL =
+      "type.googleapis.com/envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig";
+
+  @Override
+  public String[] typeUrls() {
+    return new String[] { TYPE_URL };
+  }
+
+  @Override
+  public ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage) {
+    GcpAuthnFilterConfig gcpAuthnProto;
+    if (!(rawProtoMessage instanceof Any)) {
+      return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
+    }
+    Any anyMessage = (Any) rawProtoMessage;
+
+    try {
+      gcpAuthnProto = anyMessage.unpack(GcpAuthnFilterConfig.class);
+    } catch (InvalidProtocolBufferException e) {
+      return ConfigOrError.fromError("Invalid proto: " + e);
+    }
+
+    long cacheSize = 10;
+    // Validate cache_config
+    TokenCacheConfig cacheConfig = gcpAuthnProto.getCacheConfig();
+    if (cacheConfig != null) {
+      cacheSize = cacheConfig.getCacheSize().getValue();
+      if (cacheSize == 0) {
+        return ConfigOrError.fromError(
+            "cache_config.cache_size must be greater than zero");
+      }
+      // LruCache's size is an int and briefly exceeds its maximum size before evicting entries
+      cacheSize = UnsignedLongs.min(cacheSize, Integer.MAX_VALUE - 1);
+    }
+
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig((int) cacheSize);
+    return ConfigOrError.fromConfig(config);
+  }
+
+  @Override
+  public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(Message rawProtoMessage) {
+    return parseFilterConfig(rawProtoMessage);
+  }
+
+  @Nullable
+  @Override
+  public ClientInterceptor buildClientInterceptor(FilterConfig config,
+      @Nullable FilterConfig overrideConfig, PickSubchannelArgs args,
+      ScheduledExecutorService scheduler) {
+
+    ComputeEngineCredentials credentials = ComputeEngineCredentials.create();
+    LruCache<String, CallCredentials> callCredentialsCache =
+        new LruCache<>(((GcpAuthenticationConfig) config).getCacheSize());
+    return new ClientInterceptor() {
+      @Override
+      public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
+          MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
+
+        /*String clusterName = callOptions.getOption(InternalXdsAttributes.ATTR_CLUSTER_NAME);
+        if (clusterName == null) {
+          return next.newCall(method, callOptions);
+        }*/
+
+        // TODO: Fetch the CDS resource for the cluster.
+        // If the CDS resource is not available, fail the RPC with Status.UNAVAILABLE.
+
+        // TODO: Extract the audience from the CDS resource metadata.
+        // If the audience is not found or is in the wrong format, fail the RPC.
+        String audience = "TEST_AUDIENCE";
+
+        try {
+          CallCredentials existingCallCredentials = callOptions.getCredentials();
+          CallCredentials newCallCredentials =
+              getCallCredentials(callCredentialsCache, audience, credentials);
+          if (existingCallCredentials != null) {
+            callOptions = callOptions.withCallCredentials(
+                new CompositeCallCredentials(existingCallCredentials, newCallCredentials));
+          } else {
+            callOptions = callOptions.withCallCredentials(newCallCredentials);
+          }
+        }
+        catch (Exception e) {
+          // If we fail to attach CallCredentials due to any reason, return a FailingClientCall
+          return new FailingClientCall<>(Status.UNAUTHENTICATED
+              .withDescription("Failed to attach CallCredentials.")
+              .withCause(e));
+        }
+        return next.newCall(method, callOptions);
+      }
+    };
+  }
+
+  private CallCredentials getCallCredentials(LruCache<String, CallCredentials> cache,
+      String audience, ComputeEngineCredentials credentials) {
+
+    synchronized (cache) {
+      return cache.getOrInsert(audience, key -> {
+        IdTokenCredentials creds = IdTokenCredentials.newBuilder()
+            .setIdTokenProvider(credentials)
+            .setTargetAudience(audience)
+            .build();
+        return MoreCallCredentials.from(creds);
+      });
+    }
+  }
+
+  static final class GcpAuthenticationConfig implements FilterConfig {
+
+    private final int cacheSize;
+
+    public GcpAuthenticationConfig(int cacheSize) {
+      this.cacheSize = cacheSize;
+    }
+
+    public int getCacheSize() {
+      return cacheSize;
+    }
+
+    @Override
+    public String typeUrl() {
+      return GcpAuthenticationFilter.TYPE_URL;
+    }
+  }
+
+  /** An implementation of {@link ClientCall} that fails when started. */
+  private static final class FailingClientCall<ReqT, RespT> extends ClientCall<ReqT, RespT> {
+
+    private final Status error;
+
+    public FailingClientCall(Status error) {
+      this.error = error;
+    }
+
+    @Override
+    public void start(ClientCall.Listener<RespT> listener, Metadata headers) {
+      listener.onClose(error, new Metadata());
+    }
+
+    @Override
+    public void request(int numMessages) {}
+
+    @Override
+    public void cancel(String message, Throwable cause) {}
+
+    @Override
+    public void halfClose() {}
+
+    @Override
+    public void sendMessage(ReqT message) {}
+  }
+
+  private static final class LruCache<K, V> {
+
+    private final Map<K, V> cache;
+
+    LruCache(int maxSize) {
+      this.cache = new LinkedHashMap<K, V>(
+          maxSize,
+          0.75f,
+          true) {
+        @Override
+        protected boolean removeEldestEntry(Map.Entry<K, V> eldest) {
+          return size() > maxSize;
+        }
+      };
+    }
+
+    V getOrInsert(K key, Function<K, V> create) {
+      return cache.computeIfAbsent(key, create);
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
new file mode 100644
index 00000000000..ddd244c8551
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.eq;
+
+import com.google.protobuf.Any;
+import com.google.protobuf.Empty;
+import com.google.protobuf.Message;
+import com.google.protobuf.UInt64Value;
+import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig;
+import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.TokenCacheConfig;
+import io.grpc.CallOptions;
+import io.grpc.Channel;
+import io.grpc.ClientInterceptor;
+import io.grpc.MethodDescriptor;
+import io.grpc.testing.TestMethodDescriptors;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+
+@RunWith(JUnit4.class)
+public class GcpAuthenticationFilterTest {
+
+  @Test
+  public void testParseFilterConfig_withValidConfig() {
+    GcpAuthnFilterConfig config = GcpAuthnFilterConfig.newBuilder()
+        .setCacheConfig(TokenCacheConfig.newBuilder().setCacheSize(UInt64Value.of(20)))
+        .build();
+    Any anyMessage = Any.pack(config);
+
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
+    ConfigOrError<? extends Filter.FilterConfig> result = filter.parseFilterConfig(anyMessage);
+
+    assertNotNull(result.config);
+    assertNull(result.errorDetail);
+    assertEquals(20L,
+        ((GcpAuthenticationFilter.GcpAuthenticationConfig) result.config).getCacheSize());
+  }
+
+  @Test
+  public void testParseFilterConfig_withZeroCacheSize() {
+    GcpAuthnFilterConfig config = GcpAuthnFilterConfig.newBuilder()
+        .setCacheConfig(TokenCacheConfig.newBuilder().setCacheSize(UInt64Value.of(0)))
+        .build();
+    Any anyMessage = Any.pack(config);
+
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
+    ConfigOrError<? extends Filter.FilterConfig> result = filter.parseFilterConfig(anyMessage);
+
+    assertNull(result.config);
+    assertNotNull(result.errorDetail);
+    assertTrue(result.errorDetail.contains("cache_config.cache_size must be greater than zero"));
+  }
+
+  @Test
+  public void testParseFilterConfig_withInvalidMessageType() {
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
+    Message invalidMessage = Empty.getDefaultInstance();
+    ConfigOrError<? extends Filter.FilterConfig> result = filter.parseFilterConfig(invalidMessage);
+
+    assertNull(result.config);
+    assertThat(result.errorDetail).contains("Invalid config type");
+  }
+
+  @Test
+  public void testClientInterceptor_createsAndReusesCachedCredentials() {
+    GcpAuthenticationFilter.GcpAuthenticationConfig config =
+        new GcpAuthenticationFilter.GcpAuthenticationConfig(10);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
+
+    // Create interceptor
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+
+    // Mock channel and capture CallOptions
+    Channel mockChannel = Mockito.mock(Channel.class);
+    ArgumentCaptor<CallOptions> callOptionsCaptor = ArgumentCaptor.forClass(CallOptions.class);
+
+    // Execute interception twice to check caching
+    interceptor.interceptCall(methodDescriptor, CallOptions.DEFAULT, mockChannel);
+    interceptor.interceptCall(methodDescriptor, CallOptions.DEFAULT, mockChannel);
+
+    // Capture and verify CallOptions for CallCredentials presence
+    Mockito.verify(mockChannel, Mockito.times(2))
+        .newCall(eq(methodDescriptor), callOptionsCaptor.capture());
+
+    // Retrieve the CallOptions captured from both calls
+    CallOptions firstCapturedOptions = callOptionsCaptor.getAllValues().get(0);
+    CallOptions secondCapturedOptions = callOptionsCaptor.getAllValues().get(1);
+
+    // Ensure that CallCredentials was added
+    assertNotNull(firstCapturedOptions.getCredentials());
+    assertNotNull(secondCapturedOptions.getCredentials());
+
+    // Ensure that the CallCredentials from both calls are the same, indicating caching
+    assertSame(firstCapturedOptions.getCredentials(), secondCapturedOptions.getCredentials());
+  }
+}
diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh
index 8f0271e784e..254abbe271f 100755
--- a/xds/third_party/envoy/import.sh
+++ b/xds/third_party/envoy/import.sh
@@ -75,6 +75,7 @@ envoy/extensions/clusters/aggregate/v3/cluster.proto
 envoy/extensions/filters/common/fault/v3/fault.proto
 envoy/extensions/filters/http/fault/v3/fault.proto
 envoy/extensions/filters/http/rate_limit_quota/v3/rate_limit_quota.proto
+envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
 envoy/extensions/filters/http/rbac/v3/rbac.proto
 envoy/extensions/filters/http/router/v3/router.proto
 envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
new file mode 100644
index 00000000000..05757c23e59
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
@@ -0,0 +1,63 @@
+syntax = "proto3";
+
+package envoy.extensions.filters.http.gcp_authn.v3;
+
+import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/http_uri.proto";
+
+import "google/protobuf/wrappers.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3";
+option java_outer_classname = "GcpAuthnProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/gcp_authn/v3;gcp_authnv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: GCP authentication]
+// GCP authentication :ref:`configuration overview <config_http_filters_gcp_authn>`.
+// [#extension: envoy.filters.http.gcp_authn]
+
+// Filter configuration.
+message GcpAuthnFilterConfig {
+  // The HTTP URI to fetch tokens from GCE Metadata Server(https://cloud.google.com/compute/docs/metadata/overview).
+  // The URL format is "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity?audience=[AUDIENCE]"
+  config.core.v3.HttpUri http_uri = 1 [(validate.rules).message = {required: true}];
+
+  // Retry policy for fetching tokens. This field is optional.
+  config.core.v3.RetryPolicy retry_policy = 2;
+
+  // Token cache configuration. This field is optional.
+  TokenCacheConfig cache_config = 3;
+
+  // Request header location to extract the token. By default (i.e. if this field is not specified), the token
+  // is extracted to the Authorization HTTP header, in the format "Authorization: Bearer <token>".
+  TokenHeader token_header = 4;
+}
+
+// Audience is the URL of the receiving service that performs token authentication.
+// It will be provided to the filter through cluster's typed_filter_metadata.
+message Audience {
+  string url = 1 [(validate.rules).string = {min_len: 1}];
+}
+
+// Token Cache configuration.
+message TokenCacheConfig {
+  // The number of cache entries. The maximum number of entries is INT64_MAX as it is constrained by underlying cache implementation.
+  // Default value 0 (i.e., proto3 defaults) disables the cache by default. Other default values will enable the cache.
+  google.protobuf.UInt64Value cache_size = 1 [(validate.rules).uint64 = {lte: 9223372036854775807}];
+}
+
+message TokenHeader {
+  // The HTTP header's name.
+  string name = 1
+      [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
+
+  // The header's prefix. The format is "value_prefix<token>"
+  // For example, for "Authorization: Bearer <token>", value_prefix="Bearer " with a space at the
+  // end.
+  string value_prefix = 2
+      [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
+}

From d6c80294a736a377a8b39e31c253f918eec5aa1d Mon Sep 17 00:00:00 2001
From: erm-g <110920239+erm-g@users.noreply.github.com>
Date: Fri, 8 Nov 2024 00:03:15 -0500
Subject: [PATCH 079/591] xds: Spiffe Trust Bundle Support (#11627)

Adds verification of SPIFFE based identities using SPIFFE trust bundles.

For in-progress gRFC A87.
---
 testing/src/main/resources/certs/README       |  29 +++
 .../main/resources/certs/client_spiffe.pem    |  25 +++
 .../main/resources/certs/server1_spiffe.pem   |  26 +++
 .../main/resources/certs/spiffe-openssl.cnf   |  18 +-
 .../main/resources/certs/spiffebundle.json    | 101 ++++++++++
 .../main/resources/certs/spiffebundle1.json   |  59 ++++++
 .../CertProviderClientSslContextProvider.java |  12 +-
 .../CertProviderServerSslContextProvider.java |  18 +-
 .../CertProviderSslContextProvider.java       |  13 +-
 .../certprovider/CertificateProvider.java     |  21 ++-
 .../FileWatcherCertificateProvider.java       |  78 +++++---
 ...ileWatcherCertificateProviderProvider.java |  24 ++-
 .../trust/XdsTrustManagerFactory.java         |  42 ++++-
 .../security/trust/XdsX509TrustManager.java   |  54 +++++-
 .../grpc/xds/CommonBootstrapperTestUtils.java |  11 +-
 .../grpc/xds/XdsSecurityClientServerTest.java | 176 ++++++++++++++----
 .../security/CommonTlsContextTestsUtil.java   |   4 +
 .../SecurityProtocolNegotiatorsTest.java      |   8 +-
 .../security/TlsContextManagerTest.java       |   8 +-
 ...atcherCertificateProviderProviderTest.java | 100 +++++++++-
 .../FileWatcherCertificateProviderTest.java   | 119 +++++++++---
 .../trust/XdsTrustManagerFactoryTest.java     |  42 +++++
 .../trust/XdsX509TrustManagerTest.java        |  85 +++++++++
 23 files changed, 953 insertions(+), 120 deletions(-)
 create mode 100644 testing/src/main/resources/certs/client_spiffe.pem
 create mode 100644 testing/src/main/resources/certs/server1_spiffe.pem
 create mode 100644 testing/src/main/resources/certs/spiffebundle.json
 create mode 100644 testing/src/main/resources/certs/spiffebundle1.json

diff --git a/testing/src/main/resources/certs/README b/testing/src/main/resources/certs/README
index 1fa6b733950..13e375784c5 100644
--- a/testing/src/main/resources/certs/README
+++ b/testing/src/main/resources/certs/README
@@ -67,6 +67,35 @@ ecdsa.key is used to test keys with algorithm other than RSA:
 $ openssl ecparam -name secp256k1 -genkey -noout -out ecdsa.pem
 $ openssl pkcs8 -topk8 -in ecdsa.pem -out ecdsa.key -nocrypt
 
+SPIFFE test credentials:
+=======================
+
+The SPIFFE related extensions are listed in spiffe-openssl.cnf config. Both
+client_spiffe.pem and server1_spiffe.pem are generated in the same way with
+original client.pem and server1.pem but with using that config. Here are the
+exact commands (we pass "-subj" as argument in this case):
+----------------------
+$ openssl req -new -key client.key -out spiffe-cert.csr \
+ -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=testclient/ \
+ -config spiffe-openssl.cnf -reqexts spiffe_client_e2e
+$ openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial \
+ -in spiffe-cert.csr -out client_spiffe.pem -extensions spiffe_client_e2e \
+  -extfile spiffe-openssl.cnf -days 3650 -sha256
+$ openssl req -new -key server1.key -out spiffe-cert.csr \
+ -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=*.test.google.com/ \
+ -config spiffe-openssl.cnf -reqexts spiffe_server_e2e
+$ openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial \
+ -in spiffe-cert.csr -out server1_spiffe.pem -extensions spiffe_server_e2e \
+  -extfile spiffe-openssl.cnf -days 3650 -sha256
+
+Additionally, SPIFFE trust bundle map files spiffebundle.json and \
+spiffebundle1.json are manually created for end to end testing. The \
+spiffebundle.json contains "example.com" trust domain (only this entry is used \
+in e2e tests) matching URI SAN of server1_spiffe.pem, and the CA certificate \
+there is ca.pem. The spiffebundle.json file contains "foo.bar.com" trust \
+domain (only this entry is used in e2e tests) matching URI SAN of \
+client_spiffe.pem, and the CA certificate there is also ca.pem.
+
 Clean up:
 ---------
 $ rm *.rsa
diff --git a/testing/src/main/resources/certs/client_spiffe.pem b/testing/src/main/resources/certs/client_spiffe.pem
new file mode 100644
index 00000000000..c70981a4030
--- /dev/null
+++ b/testing/src/main/resources/certs/client_spiffe.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIUVXGlXjNENtOZbI12epjgIhMaShUwDQYJKoZIhvcNAQEL
+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTI0
+MTAyNDE2NDAzN1oXDTM0MTAyMjE2NDAzN1owaDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgMClNvbWUtU3RhdGUxDDAKBgNVBAcMA1NWTDEhMB8GA1UECgwYSW50ZXJuZXQg
+V2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQDDAp0ZXN0Y2xpZW50MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqmEafg11ae9jRW0B/IXYU2S8nGVzpSYZjLK
+yZq459qe6SP/Jk2f9BQvkhlgRmVfhC4h65gl+c32iC6/SLsOxoa91c6Hn4vK+tqy
+7qVTzYv6naso1pNnRAhwvWd/gINysyk8nq11oynL8ilZjNGcRNEV4Q1v0aEG6mbF
+NhioNQdq4VFPCjdIFZip9KyRzsc0VUmHmC2KeWJ+yq7TyXCsqPWlbhK+3RgDc6ch
+epYP52AVnPvUhsJKC3RbyrwAWCTMq2zYR1EH79H82mdD/OnX0xDaw8cwC68xp6nM
+dyk68CY5Gf2kq9bcg9P7V77pERYj8VgSYYx0O9BqkxUGNfUW4QIDAQABo4HlMIHi
+MEQGA1UdEQQ9MDuGOXNwaWZmZTovL2Zvby5iYXIuY29tLzllZWJjY2QyLTEyYmYt
+NDBhNi1iMjYyLTY1ZmUwNDg3ZDQ1MzAdBgNVHQ4EFgQU28U8sUTGNEDyeCrvJDJd
+AALabSMwewYDVR0jBHQwcqFapFgwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNv
+bWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0G
+A1UEAwwGdGVzdGNhghRas/RW8dzL4s/pS5g22Iv2AGEPmjANBgkqhkiG9w0BAQsF
+AAOCAQEAE3LLE8GR283q/aE646SgAfltqpESP38NmYdJMdZgWRxbOqdWabYDfibt
+9r8j+IRvVuuTWuH2eNS5wXJtS1BZ+z24wTLa+a2KjOV12gChP+3N7jhqId4eolSL
+1fjscPY6luZP4Pm3D73lBvIoBvXpDGyrxleiUCEEkKXmTOA8doFvbrcbwm+yUJOP
+VKUKvAzTNztb0BGDzKKU4E2yK5PSyv2n5m2NpzxYYfHoGeVcxvj7nCnSfoX/EWHb
+d8ztJYDg9X0iNcfQXt7PZ+j6VcxfDpGCDxe2rFQoYvlWjhr3xOi/1e5A1zx1Ly07
+m9MB4hntu4e2656ZDWbgOHLpO0q1iQ==
+-----END CERTIFICATE-----
diff --git a/testing/src/main/resources/certs/server1_spiffe.pem b/testing/src/main/resources/certs/server1_spiffe.pem
new file mode 100644
index 00000000000..76cb41d6922
--- /dev/null
+++ b/testing/src/main/resources/certs/server1_spiffe.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgIUVXGlXjNENtOZbI12epjgIhMaShMwDQYJKoZIhvcNAQEL
+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTI0
+MTAyMTAyMTQxNVoXDTM0MTAxOTAyMTQxNVowZTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRUwEwYDVQQKDAxFeGFtcGxl
+LCBDby4xGjAYBgNVBAMMESoudGVzdC5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA5xOONxJJ8b8Qauvob5/7dPYZfIcd+uhAWL2ZlTPz
+Qvu4oF0QI4iYgP5iGgry9zEtCM+YQS8UhiAlPlqa6ANxgiBSEyMHH/xE8lo/+caY
+GeACqy640Jpl/JocFGo3xd1L8DCawjlaj6eu7T7T/tpAV2qq13b5710eNRbCAfFe
+8yALiGQemx0IYhlZXNbIGWLBNhBhvVjJh7UvOqpADk4xtl8o5j0xgMIRg6WJGK6c
+6ffSIg4eP1XmovNYZ9LLEJG68tF0Q/yIN43B4dt1oq4jzSdCbG4F1EiykT2TmwPV
+YDi8tml6DfOCDGnit8svnMEmBv/fcPd31GSbXjF8M+KGGQIDAQABo4IBGTCCARUw
+dwYDVR0RBHAwboIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6b29pLnRlc3QuZ29v
+Z2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQOGJnNwaWZmZTovL2V4YW1w
+bGUuY29tL3dvcmtsb2FkLzllZWJjY2QyMB0GA1UdDgQWBBRvRpAYHQYP6dFPf5V7
+/MyCftnNjTB7BgNVHSMEdDByoVqkWDBWMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
+U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8w
+DQYDVQQDDAZ0ZXN0Y2GCFFqz9Fbx3Mviz+lLmDbYi/YAYQ+aMA0GCSqGSIb3DQEB
+CwUAA4IBAQBJ1bnbBHa1n15vvhpGIzokuiJ+9q/zim63UuVDnkhrQM2N+RQbStGT
+Tis2tNse1bh460dJFm6ArgHWogzx6fQZzgaDeCOAXvrAe4jM9IHr9K7lkq/33CZS
+BDV+jCmm2sRsqSMkKUcX6JhyqWGFHuTDAKJzsEV2MlcswleKlGHDkeelAaxlLzpz
+RHOSQd0N9xAs18lzx95SQEx90PtrBOmvIDDiI5o5z9Oz12Iy1toiksFl4jmknkDD
+5VF3AyCRgN8NPW0uNC8D2vo4L+tgj9U6NPlmMOrjRsEH257LJ1wopAGr+yezkIId
+QQodGSVm5cOuw/K7Ma4nBDjVJkjcdY3t
+-----END CERTIFICATE-----
diff --git a/testing/src/main/resources/certs/spiffe-openssl.cnf b/testing/src/main/resources/certs/spiffe-openssl.cnf
index 40c473da7e5..f03af40a782 100644
--- a/testing/src/main/resources/certs/spiffe-openssl.cnf
+++ b/testing/src/main/resources/certs/spiffe-openssl.cnf
@@ -4,9 +4,25 @@ subjectAltName = @alt_names
 [spiffe_client_multi]
 subjectAltName = @alt_names_multi
 
+[spiffe_server_e2e]
+subjectAltName = @alt_names_server_e2e
+
+[spiffe_client_e2e]
+subjectAltName = @alt_names_client_e2e
+
 [alt_names]
 URI = spiffe://foo.bar.com/client/workload/1
 
 [alt_names_multi]
 URI.1 = spiffe://foo.bar.com/client/workload/1
-URI.2 = spiffe://foo.bar.com/client/workload/2
\ No newline at end of file
+URI.2 = spiffe://foo.bar.com/client/workload/2
+
+[alt_names_server_e2e]
+DNS.1 = *.test.google.fr
+DNS.2 = waterzooi.test.google.be
+DNS.3 = *.test.youtube.com
+IP.1 = "192.168.1.3"
+URI = spiffe://example.com/workload/9eebccd2
+
+[alt_names_client_e2e]
+URI = spiffe://foo.bar.com/9eebccd2-12bf-40a6-b262-65fe0487d453
\ No newline at end of file
diff --git a/testing/src/main/resources/certs/spiffebundle.json b/testing/src/main/resources/certs/spiffebundle.json
new file mode 100644
index 00000000000..5bc8fcfb432
--- /dev/null
+++ b/testing/src/main/resources/certs/spiffebundle.json
@@ -0,0 +1,101 @@
+{
+  "trust_domains": {
+    "example.com": {
+      "spiffe_sequence": 12035488,
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIDWjCCAkKgAwIBAgIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQEL
+          BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+          GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIw
+          MDMxNzE4NTk1MVoXDTMwMDMxNTE4NTk1MVowVjELMAkGA1UEBhMCQVUxEzARBgNV
+          BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+          ZDEPMA0GA1UEAwwGdGVzdGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+          AQEAsGL0oXflF0LzoM+Bh+qUU9yhqzw2w8OOX5mu/iNCyUOBrqaHi7mGHx73GD01
+          diNzCzvlcQqdNIH6NQSL7DTpBjca66jYT9u73vZe2MDrr1nVbuLvfu9850cdxiUO
+          Inv5xf8+sTHG0C+a+VAvMhsLiRjsq+lXKRJyk5zkbbsETybqpxoJ+K7CoSy3yc/k
+          QIY3TipwEtwkKP4hzyo6KiGd/DPexie4nBUInN3bS1BUeNZ5zeaIC2eg3bkeeW7c
+          qT55b+Yen6CxY0TEkzBK6AKt/WUialKMgT0wbTxRZO7kUCH3Sq6e/wXeFdJ+HvdV
+          LPlAg5TnMaNpRdQih/8nRFpsdwIDAQABoyAwHjAMBgNVHRMEBTADAQH/MA4GA1Ud
+          DwEB/wQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAkTrKZjBrJXHps/HrjNCFPb5a
+          THuGPCSsepe1wkKdSp1h4HGRpLoCgcLysCJ5hZhRpHkRihhef+rFHEe60UePQO3S
+          CVTtdJB4CYWpcNyXOdqefrbJW5QNljxgi6Fhvs7JJkBqdXIkWXtFk2eRgOIP2Eo9
+          /OHQHlYnwZFrk6sp4wPyR+A95S0toZBcyDVz7u+hOW0pGK3wviOe9lvRgj/H3Pwt
+          bewb0l+MhRig0/DVHamyVxrDRbqInU1/GTNCwcZkXKYFWSf92U+kIcTth24Q1gcw
+          eZiLl5FfrWokUNytFElXob0V0a5/kbhiLc3yWmvWqHTpqCALbVyF+rKJo2f5Kw=="],
+          "n": "<base64urlUint-encoded value>",
+          "e": "AQAB"
+        }
+      ]
+    },
+    "test.example.com": {
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIFsjCCA5qgAwIBAgIURygVMMzdr+Q7rsUaz189JozyHMwwDQYJKoZIhvcNAQEL
+          BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+          BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy
+          NTJaFw0zMTEyMjExODQyNTJaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM
+          MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu
+          dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ4AqpGetyVSqGUuBJ
+          LVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zEtz/Z
+          G5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpmszuqO
+          a6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3emjg3Z
+          JPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3f1XV
+          m0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQsSW75
+          7PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlrCAfc
+          msHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb740Yc
+          DmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7BvPN
+          zHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5LXRs
+          vvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnrbJkI
+          sK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABo4GHMIGEMB0GA1UdDgQWBBQ2lBp0PiRH
+          HvQ5IRURm8aHsj4RETAfBgNVHSMEGDAWgBQ2lBp0PiRHHvQ5IRURm8aHsj4RETAP
+          BgNVHRMBAf8EBTADAQH/MDEGA1UdEQQqMCiGJnNwaWZmZTovL2Zvby5iYXIuY29t
+          L2NsaWVudC93b3JrbG9hZC8xMA0GCSqGSIb3DQEBCwUAA4ICAQA1mSkgRclAl+E/
+          aS9zJ7t8+Y4n3T24nOKKveSIjxXm/zjhWqVsLYBI6kglWtih2+PELvU8JdPqNZK3
+          4Kl0Q6FWpVSGDdWN1i6NyORt2ocggL3ke3iXxRk3UpUKJmqwz81VhA2KUHnMlyE0
+          IufFfZNwNWWHBv13uJfRbjeQpKPhU+yf4DeXrsWcvrZlGvAET+mcplafUzCp7Iv+
+          PcISJtUerbxbVtuHVeZCLlgDXWkLAWJN8rf0dIG4x060LJ+j6j9uRVhb9sZn1HJV
+          +j4XdIYm1VKilluhOtNwP2d3Ox/JuTBxf7hFHXZPfMagQE5k5PzmxRaCAEMJ1l2D
+          vUbZw+shJfSNoWcBo2qadnUaWT3BmmJRBDh7ZReib/RQ1Rd4ygOyzP3E0vkV4/gq
+          yjLdApXh5PZP8KLQZ+1JN/sdWt7VfIt9wYOpkIqujdll51ESHzwQeAK9WVCB4UvV
+          z6zdhItB9CRbXPreWC+wCB1xDovIzFKOVsLs5+Gqs1m7VinG2LxbDqaKyo/FB0Hx
+          x0acBNzezLWoDwXYQrN0T0S4pnqhKD1CYPpdArBkNezUYAjS725FkApuK+mnBX3U
+          0msBffEaUEOkcyar1EW2m/33vpetD/k3eQQkmvQf4Hbiu9AF+9cNDm/hMuXEw5EX
+          GA91fn0891b5eEW8BJHXX0jri0aN8g=="],
+          "n": "<base64urlUint-encoded value>",
+          "e": "AQAB"
+        },
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIELTCCAxWgAwIBAgIUVXGlXjNENtOZbI12epjgIhMaShEwDQYJKoZIhvcNAQEL
+          BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+          GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTI0
+          MDkxNzE2MTk0NFoXDTM0MDkxNTE2MTk0NFowTjELMAkGA1UEBhMCVVMxCzAJBgNV
+          BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFTATBgNVBAMMDHRl
+          c3QtY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOcTjjcS
+          SfG/EGrr6G+f+3T2GXyHHfroQFi9mZUz80L7uKBdECOImID+YhoK8vcxLQjPmEEv
+          FIYgJT5amugDcYIgUhMjBx/8RPJaP/nGmBngAqsuuNCaZfyaHBRqN8XdS/AwmsI5
+          Wo+nru0+0/7aQFdqqtd2+e9dHjUWwgHxXvMgC4hkHpsdCGIZWVzWyBliwTYQYb1Y
+          yYe1LzqqQA5OMbZfKOY9MYDCEYOliRiunOn30iIOHj9V5qLzWGfSyxCRuvLRdEP8
+          iDeNweHbdaKuI80nQmxuBdRIspE9k5sD1WA4vLZpeg3zggxp4rfLL5zBJgb/33D3
+          d9Rkm14xfDPihhkCAwEAAaOB+jCB9zBZBgNVHREEUjBQhiZzcGlmZmU6Ly9mb28u
+          YmFyLmNvbS9jbGllbnQvd29ya2xvYWQvMYYmc3BpZmZlOi8vZm9vLmJhci5jb20v
+          Y2xpZW50L3dvcmtsb2FkLzIwHQYDVR0OBBYEFG9GkBgdBg/p0U9/lXv8zIJ+2c2N
+          MHsGA1UdIwR0MHKhWqRYMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
+          YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
+          BnRlc3RjYYIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQELBQADggEB
+          AJ4Cbxv+02SpUgkEu4hP/1+8DtSBXUxNxI0VG4e3Ap2+Rhjm3YiFeS/UeaZhNrrw
+          UEjkSTPFODyXR7wI7UO9OO1StyD6CMkp3SEvevU5JsZtGL6mTiTLTi3Qkywa91Bt
+          GlyZdVMghA1bBJLBMwiD5VT5noqoJBD7hDy6v9yNmt1Sw2iYBJPqI3Gnf5bMjR3s
+          UICaxmFyqaMCZsPkfJh0DmZpInGJys3m4QqGz6ZE2DWgcSr1r/ML7/5bSPjjr8j4
+          WFFSqFR3dMu8CbGnfZTCTXa4GTX/rARXbAO67Z/oJbJBK7VKayskL+PzKuohb9ox
+          jGL772hQMbwtFCOFXu5VP0s="]
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/testing/src/main/resources/certs/spiffebundle1.json b/testing/src/main/resources/certs/spiffebundle1.json
new file mode 100644
index 00000000000..f79af09a3e7
--- /dev/null
+++ b/testing/src/main/resources/certs/spiffebundle1.json
@@ -0,0 +1,59 @@
+{
+  "trust_domains": {
+    "example.com": {
+      "spiffe_sequence": 12035488,
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIDWjCCAkKgAwIBAgIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQEL
+          BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+          GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIw
+          MDMxNzE4NTk1MVoXDTMwMDMxNTE4NTk1MVowVjELMAkGA1UEBhMCQVUxEzARBgNV
+          BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+          ZDEPMA0GA1UEAwwGdGVzdGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+          AQEAsGL0oXflF0LzoM+Bh+qUU9yhqzw2w8OOX5mu/iNCyUOBrqaHi7mGHx73GD01
+          diNzCzvlcQqdNIH6NQSL7DTpBjca66jYT9u73vZe2MDrr1nVbuLvfu9850cdxiUO
+          Inv5xf8+sTHG0C+a+VAvMhsLiRjsq+lXKRJyk5zkbbsETybqpxoJ+K7CoSy3yc/k
+          QIY3TipwEtwkKP4hzyo6KiGd/DPexie4nBUInN3bS1BUeNZ5zeaIC2eg3bkeeW7c
+          qT55b+Yen6CxY0TEkzBK6AKt/WUialKMgT0wbTxRZO7kUCH3Sq6e/wXeFdJ+HvdV
+          LPlAg5TnMaNpRdQih/8nRFpsdwIDAQABoyAwHjAMBgNVHRMEBTADAQH/MA4GA1Ud
+          DwEB/wQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAkTrKZjBrJXHps/HrjNCFPb5a
+          THuGPCSsepe1wkKdSp1h4HGRpLoCgcLysCJ5hZhRpHkRihhef+rFHEe60UePQO3S
+          CVTtdJB4CYWpcNyXOdqefrbJW5QNljxgi6Fhvs7JJkBqdXIkWXtFk2eRgOIP2Eo9
+          /OHQHlYnwZFrk6sp4wPyR+A95S0toZBcyDVz7u+hOW0pGK3wviOe9lvRgj/H3Pwt
+          bewb0l+MhRig0/DVHamyVxrDRbqInU1/GTNCwcZkXKYFWSf92U+kIcTth24Q1gcw
+          eZiLl5FfrWokUNytFElXob0V0a5/kbhiLc3yWmvWqHTpqCALbVyF+rKJo2f5Kw=="],
+          "n": "<base64urlUint-encoded value>",
+          "e": "AQAB"
+        }
+      ]
+    },
+    "foo.bar.com": {
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIDWjCCAkKgAwIBAgIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQEL
+            BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+            GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIw
+            MDMxNzE4NTk1MVoXDTMwMDMxNTE4NTk1MVowVjELMAkGA1UEBhMCQVUxEzARBgNV
+            BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+            ZDEPMA0GA1UEAwwGdGVzdGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+            AQEAsGL0oXflF0LzoM+Bh+qUU9yhqzw2w8OOX5mu/iNCyUOBrqaHi7mGHx73GD01
+            diNzCzvlcQqdNIH6NQSL7DTpBjca66jYT9u73vZe2MDrr1nVbuLvfu9850cdxiUO
+            Inv5xf8+sTHG0C+a+VAvMhsLiRjsq+lXKRJyk5zkbbsETybqpxoJ+K7CoSy3yc/k
+            QIY3TipwEtwkKP4hzyo6KiGd/DPexie4nBUInN3bS1BUeNZ5zeaIC2eg3bkeeW7c
+            qT55b+Yen6CxY0TEkzBK6AKt/WUialKMgT0wbTxRZO7kUCH3Sq6e/wXeFdJ+HvdV
+            LPlAg5TnMaNpRdQih/8nRFpsdwIDAQABoyAwHjAMBgNVHRMEBTADAQH/MA4GA1Ud
+            DwEB/wQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAkTrKZjBrJXHps/HrjNCFPb5a
+            THuGPCSsepe1wkKdSp1h4HGRpLoCgcLysCJ5hZhRpHkRihhef+rFHEe60UePQO3S
+            CVTtdJB4CYWpcNyXOdqefrbJW5QNljxgi6Fhvs7JJkBqdXIkWXtFk2eRgOIP2Eo9
+            /OHQHlYnwZFrk6sp4wPyR+A95S0toZBcyDVz7u+hOW0pGK3wviOe9lvRgj/H3Pwt
+            bewb0l+MhRig0/DVHamyVxrDRbqInU1/GTNCwcZkXKYFWSf92U+kIcTth24Q1gcw
+            eZiLl5FfrWokUNytFElXob0V0a5/kbhiLc3yWmvWqHTpqCALbVyF+rKJo2f5Kw=="]
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
index 8aa74b2b50f..d7c2267c48f 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
@@ -58,15 +58,21 @@ protected final SslContextBuilder getSslContextBuilder(
     // Null rootCertInstance implies hasSystemRootCerts because of the check in
     // CertProviderClientSslContextProviderFactory.
     if (rootCertInstance != null) {
-      sslContextBuilder.trustManager(
+      if (savedSpiffeTrustMap != null) {
+        sslContextBuilder = sslContextBuilder.trustManager(
           new XdsTrustManagerFactory(
-              savedTrustedRoots.toArray(new X509Certificate[0]),
+              savedSpiffeTrustMap,
               certificateValidationContextdationContext));
+      } else {
+        sslContextBuilder = sslContextBuilder.trustManager(
+            new XdsTrustManagerFactory(
+                savedTrustedRoots.toArray(new X509Certificate[0]),
+                certificateValidationContextdationContext));
+      }
     }
     if (isMtls()) {
       sslContextBuilder.keyManager(savedKey, savedCertChain);
     }
     return sslContextBuilder;
   }
-
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java
index e43452a53e1..ef65bbfb6f9 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java
@@ -59,13 +59,17 @@ protected final SslContextBuilder getSslContextBuilder(
       CertificateValidationContext certificateValidationContextdationContext)
       throws CertStoreException, CertificateException, IOException {
     SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(savedKey, savedCertChain);
-    setClientAuthValues(
-        sslContextBuilder,
-        isMtls()
-            ? new XdsTrustManagerFactory(
-                savedTrustedRoots.toArray(new X509Certificate[0]),
-                certificateValidationContextdationContext)
-            : null);
+    XdsTrustManagerFactory trustManagerFactory = null;
+    if (isMtls() && savedSpiffeTrustMap != null) {
+      trustManagerFactory = new XdsTrustManagerFactory(
+          savedSpiffeTrustMap,
+          certificateValidationContextdationContext);
+    } else if (isMtls()) {
+      trustManagerFactory = new XdsTrustManagerFactory(
+          savedTrustedRoots.toArray(new X509Certificate[0]),
+          certificateValidationContextdationContext);
+    }
+    setClientAuthValues(sslContextBuilder, trustManagerFactory);
     sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
     return sslContextBuilder;
   }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
index b68f705fedb..f9cd14f2efd 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
@@ -41,6 +41,7 @@ abstract class CertProviderSslContextProvider extends DynamicSslContextProvider
   @Nullable protected PrivateKey savedKey;
   @Nullable protected List<X509Certificate> savedCertChain;
   @Nullable protected List<X509Certificate> savedTrustedRoots;
+  @Nullable protected Map<String, List<X509Certificate>> savedSpiffeTrustMap;
   private final boolean isUsingSystemRootCerts;
 
   protected CertProviderSslContextProvider(
@@ -152,14 +153,21 @@ public final void updateTrustedRoots(List<X509Certificate> trustedRoots) {
     updateSslContextWhenReady();
   }
 
+  @Override
+  public final void updateSpiffeTrustMap(Map<String, List<X509Certificate>> spiffeTrustMap) {
+    savedSpiffeTrustMap = spiffeTrustMap;
+    updateSslContextWhenReady();
+  }
+
   private void updateSslContextWhenReady() {
     if (isMtls()) {
-      if (savedKey != null && (savedTrustedRoots != null || isUsingSystemRootCerts)) {
+      if (savedKey != null
+          && (savedTrustedRoots != null || isUsingSystemRootCerts || savedSpiffeTrustMap != null)) {
         updateSslContext();
         clearKeysAndCerts();
       }
     } else if (isClientSideTls()) {
-      if (savedTrustedRoots != null) {
+      if (savedTrustedRoots != null || savedSpiffeTrustMap != null) {
         updateSslContext();
         clearKeysAndCerts();
       }
@@ -174,6 +182,7 @@ private void updateSslContextWhenReady() {
   private void clearKeysAndCerts() {
     savedKey = null;
     savedTrustedRoots = null;
+    savedSpiffeTrustMap = null;
     savedCertChain = null;
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java
index a0d5d0fc69f..009bb7bf566 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java
@@ -26,6 +26,7 @@
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 /**
@@ -45,6 +46,8 @@ public interface Watcher {
 
     void updateTrustedRoots(List<X509Certificate> trustedRoots);
 
+    void updateSpiffeTrustMap(Map<String, List<X509Certificate>> spiffeTrustMap);
+
     void onError(Status errorStatus);
   }
 
@@ -53,6 +56,7 @@ public static final class DistributorWatcher implements Watcher {
     private PrivateKey privateKey;
     private List<X509Certificate> certChain;
     private List<X509Certificate> trustedRoots;
+    private Map<String, List<X509Certificate>> spiffeTrustMap;
 
     @VisibleForTesting
     final Set<Watcher> downstreamWatchers = new HashSet<>();
@@ -65,6 +69,9 @@ synchronized void addWatcher(Watcher watcher) {
       if (trustedRoots != null) {
         sendLastTrustedRootsUpdate(watcher);
       }
+      if (spiffeTrustMap != null) {
+        sendLastSpiffeTrustMapUpdate(watcher);
+      }
     }
 
     synchronized void removeWatcher(Watcher watcher) {
@@ -83,6 +90,10 @@ private void sendLastTrustedRootsUpdate(Watcher watcher) {
       watcher.updateTrustedRoots(trustedRoots);
     }
 
+    private void sendLastSpiffeTrustMapUpdate(Watcher watcher) {
+      watcher.updateSpiffeTrustMap(spiffeTrustMap);
+    }
+
     @Override
     public synchronized void updateCertificate(PrivateKey key, List<X509Certificate> certChain) {
       checkNotNull(key, "key");
@@ -103,6 +114,14 @@ public synchronized void updateTrustedRoots(List<X509Certificate> trustedRoots)
       }
     }
 
+    @Override
+    public void updateSpiffeTrustMap(Map<String, List<X509Certificate>> spiffeTrustMap) {
+      this.spiffeTrustMap = spiffeTrustMap;
+      for (Watcher watcher : downstreamWatchers) {
+        sendLastSpiffeTrustMapUpdate(watcher);
+      }
+    }
+
     @Override
     public synchronized void onError(Status errorStatus) {
       for (Watcher watcher : downstreamWatchers) {
@@ -147,7 +166,7 @@ protected CertificateProvider(DistributorWatcher watcher, boolean notifyCertUpda
   @Override
   public abstract void close();
 
-  /** Starts the cert refresh and watcher update cycle. */
+  /** Starts the async cert refresh and watcher update cycle. */
   public abstract void start();
 
   private final DistributorWatcher watcher;
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java
index dd945ce850e..304124cc7f2 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java
@@ -16,10 +16,12 @@
 
 package io.grpc.xds.internal.security.certprovider;
 
+import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
 import io.grpc.Status;
+import io.grpc.internal.SpiffeUtil;
 import io.grpc.internal.TimeProvider;
 import io.grpc.xds.internal.security.trust.CertificateUtils;
 import java.io.ByteArrayInputStream;
@@ -30,6 +32,7 @@
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
@@ -47,11 +50,13 @@ final class FileWatcherCertificateProvider extends CertificateProvider implement
   private final Path certFile;
   private final Path keyFile;
   private final Path trustFile;
+  private final Path spiffeTrustMapFile;
   private final long refreshIntervalInSeconds;
   @VisibleForTesting ScheduledFuture<?> scheduledFuture;
   private FileTime lastModifiedTimeCert;
   private FileTime lastModifiedTimeKey;
   private FileTime lastModifiedTimeRoot;
+  private FileTime lastModifiedTimespiffeTrustMap;
   private boolean shutdown;
 
   FileWatcherCertificateProvider(
@@ -60,6 +65,7 @@ final class FileWatcherCertificateProvider extends CertificateProvider implement
       String certFile,
       String keyFile,
       String trustFile,
+      String spiffeTrustMapFile,
       long refreshIntervalInSeconds,
       ScheduledExecutorService scheduledExecutorService,
       TimeProvider timeProvider) {
@@ -69,7 +75,15 @@ final class FileWatcherCertificateProvider extends CertificateProvider implement
     this.timeProvider = checkNotNull(timeProvider, "timeProvider");
     this.certFile = Paths.get(checkNotNull(certFile, "certFile"));
     this.keyFile = Paths.get(checkNotNull(keyFile, "keyFile"));
-    this.trustFile = Paths.get(checkNotNull(trustFile, "trustFile"));
+    checkArgument((trustFile != null || spiffeTrustMapFile != null),
+        "either trustFile or spiffeTrustMapFile must be present");
+    if (spiffeTrustMapFile != null) {
+      this.spiffeTrustMapFile = Paths.get(spiffeTrustMapFile);
+      this.trustFile = null;
+    } else {
+      this.spiffeTrustMapFile = null;
+      this.trustFile = Paths.get(trustFile);
+    }
     this.refreshIntervalInSeconds = refreshIntervalInSeconds;
   }
 
@@ -107,39 +121,48 @@ void checkAndReloadCertificates() {
           byte[] keyFileContents = Files.readAllBytes(keyFile);
           FileTime currentCertTime2 = Files.getLastModifiedTime(certFile);
           FileTime currentKeyTime2 = Files.getLastModifiedTime(keyFile);
-          if (!currentCertTime2.equals(currentCertTime)) {
-            return;
-          }
-          if (!currentKeyTime2.equals(currentKeyTime)) {
-            return;
-          }
-          try (ByteArrayInputStream certStream = new ByteArrayInputStream(certFileContents);
-              ByteArrayInputStream keyStream = new ByteArrayInputStream(keyFileContents)) {
-            PrivateKey privateKey = CertificateUtils.getPrivateKey(keyStream);
-            X509Certificate[] certs = CertificateUtils.toX509Certificates(certStream);
-            getWatcher().updateCertificate(privateKey, Arrays.asList(certs));
+          if (currentCertTime2.equals(currentCertTime) && currentKeyTime2.equals(currentKeyTime)) {
+            try (ByteArrayInputStream certStream = new ByteArrayInputStream(certFileContents);
+                ByteArrayInputStream keyStream = new ByteArrayInputStream(keyFileContents)) {
+              PrivateKey privateKey = CertificateUtils.getPrivateKey(keyStream);
+              X509Certificate[] certs = CertificateUtils.toX509Certificates(certStream);
+              getWatcher().updateCertificate(privateKey, Arrays.asList(certs));
+            }
+            lastModifiedTimeCert = currentCertTime;
+            lastModifiedTimeKey = currentKeyTime;
           }
-          lastModifiedTimeCert = currentCertTime;
-          lastModifiedTimeKey = currentKeyTime;
         }
       } catch (Throwable t) {
         generateErrorIfCurrentCertExpired(t);
       }
       try {
-        FileTime currentRootTime = Files.getLastModifiedTime(trustFile);
-        if (currentRootTime.equals(lastModifiedTimeRoot)) {
-          return;
-        }
-        byte[] rootFileContents = Files.readAllBytes(trustFile);
-        FileTime currentRootTime2 = Files.getLastModifiedTime(trustFile);
-        if (!currentRootTime2.equals(currentRootTime)) {
-          return;
+        if (spiffeTrustMapFile != null) {
+          FileTime currentSpiffeTime = Files.getLastModifiedTime(spiffeTrustMapFile);
+          if (!currentSpiffeTime.equals(lastModifiedTimespiffeTrustMap)) {
+            SpiffeUtil.SpiffeBundle trustBundle = SpiffeUtil
+                .loadTrustBundleFromFile(spiffeTrustMapFile.toString());
+            getWatcher().updateSpiffeTrustMap(new HashMap<>(trustBundle.getBundleMap()));
+            lastModifiedTimespiffeTrustMap = currentSpiffeTime;
+          }
         }
-        try (ByteArrayInputStream rootStream = new ByteArrayInputStream(rootFileContents)) {
-          X509Certificate[] caCerts = CertificateUtils.toX509Certificates(rootStream);
-          getWatcher().updateTrustedRoots(Arrays.asList(caCerts));
+      } catch (Throwable t) {
+        getWatcher().onError(Status.fromThrowable(t));
+      }
+      try {
+        if (trustFile != null) {
+          FileTime currentRootTime = Files.getLastModifiedTime(trustFile);
+          if (!currentRootTime.equals(lastModifiedTimeRoot)) {
+            byte[] rootFileContents = Files.readAllBytes(trustFile);
+            FileTime currentRootTime2 = Files.getLastModifiedTime(trustFile);
+            if (currentRootTime2.equals(currentRootTime)) {
+              try (ByteArrayInputStream rootStream = new ByteArrayInputStream(rootFileContents)) {
+                X509Certificate[] caCerts = CertificateUtils.toX509Certificates(rootStream);
+                getWatcher().updateTrustedRoots(Arrays.asList(caCerts));
+              }
+              lastModifiedTimeRoot = currentRootTime;
+            }
+          }
         }
-        lastModifiedTimeRoot = currentRootTime;
       } catch (Throwable t) {
         getWatcher().onError(Status.fromThrowable(t));
       }
@@ -195,6 +218,7 @@ FileWatcherCertificateProvider create(
               String certFile,
               String keyFile,
               String trustFile,
+              String spiffeTrustMapFile,
               long refreshIntervalInSeconds,
               ScheduledExecutorService scheduledExecutorService,
               TimeProvider timeProvider) {
@@ -204,6 +228,7 @@ FileWatcherCertificateProvider create(
                 certFile,
                 keyFile,
                 trustFile,
+                spiffeTrustMapFile,
                 refreshIntervalInSeconds,
                 scheduledExecutorService,
                 timeProvider);
@@ -220,6 +245,7 @@ abstract FileWatcherCertificateProvider create(
         String certFile,
         String keyFile,
         String trustFile,
+        String spiffeTrustMapFile,
         long refreshIntervalInSeconds,
         ScheduledExecutorService scheduledExecutorService,
         TimeProvider timeProvider);
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java
index c4b140442cb..53864ae33f1 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java
@@ -23,6 +23,7 @@
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 import com.google.protobuf.Duration;
 import com.google.protobuf.util.Durations;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.JsonUtil;
 import io.grpc.internal.TimeProvider;
 import java.text.ParseException;
@@ -33,11 +34,15 @@
 /**
  * Provider of {@link FileWatcherCertificateProvider}s.
  */
-final class FileWatcherCertificateProviderProvider implements CertificateProviderProvider {
+public final class FileWatcherCertificateProviderProvider implements CertificateProviderProvider {
 
+  @VisibleForTesting
+  public static boolean enableSpiffe = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_SPIFFE_TRUST_BUNDLE_MAP",
+      false);
   private static final String CERT_FILE_KEY = "certificate_file";
   private static final String KEY_FILE_KEY = "private_key_file";
   private static final String ROOT_FILE_KEY = "ca_certificate_file";
+  private static final String SPIFFE_TRUST_MAP_FILE_KEY = "spiffe_trust_bundle_map_file";
   private static final String REFRESH_INTERVAL_KEY = "refresh_interval";
 
   @VisibleForTesting static final long REFRESH_INTERVAL_DEFAULT = 600L;
@@ -82,6 +87,7 @@ public CertificateProvider createCertificateProvider(
         configObj.certFile,
         configObj.keyFile,
         configObj.rootFile,
+        configObj.spiffeTrustMapFile,
         configObj.refrehInterval,
         scheduledExecutorServiceFactory.create(),
         timeProvider);
@@ -98,7 +104,20 @@ private static Config validateAndTranslateConfig(Object config) {
     Config configObj = new Config();
     configObj.certFile = checkForNullAndGet(map, CERT_FILE_KEY);
     configObj.keyFile = checkForNullAndGet(map, KEY_FILE_KEY);
-    configObj.rootFile = checkForNullAndGet(map, ROOT_FILE_KEY);
+    if (enableSpiffe) {
+      if (!map.containsKey(ROOT_FILE_KEY) && !map.containsKey(SPIFFE_TRUST_MAP_FILE_KEY)) {
+        throw new NullPointerException(
+            String.format("either '%s' or '%s' is required in the config",
+                ROOT_FILE_KEY, SPIFFE_TRUST_MAP_FILE_KEY));
+      }
+      if (map.containsKey(SPIFFE_TRUST_MAP_FILE_KEY)) {
+        configObj.spiffeTrustMapFile = JsonUtil.getString(map, SPIFFE_TRUST_MAP_FILE_KEY);
+      } else {
+        configObj.rootFile = JsonUtil.getString(map, ROOT_FILE_KEY);
+      }
+    } else {
+      configObj.rootFile = checkForNullAndGet(map, ROOT_FILE_KEY);
+    }
     String refreshIntervalString = JsonUtil.getString(map, REFRESH_INTERVAL_KEY);
     if (refreshIntervalString != null) {
       try {
@@ -139,6 +158,7 @@ static class Config {
     String certFile;
     String keyFile;
     String rootFile;
+    String spiffeTrustMapFile;
     Long refrehInterval;
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java
index c9d83902ec2..8cb44117065 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java
@@ -17,6 +17,7 @@
 package io.grpc.xds.internal.security.trust;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 
 import com.google.common.annotations.VisibleForTesting;
@@ -33,6 +34,9 @@
 import java.security.cert.CertStoreException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.net.ssl.ManagerFactoryParameters;
@@ -63,6 +67,11 @@ public XdsTrustManagerFactory(
     this(certs, staticCertificateValidationContext, true);
   }
 
+  public XdsTrustManagerFactory(Map<String, List<X509Certificate>> spiffeTrustMap,
+      CertificateValidationContext staticCertificateValidationContext) throws CertStoreException {
+    this(spiffeTrustMap, staticCertificateValidationContext, true);
+  }
+
   private XdsTrustManagerFactory(
       X509Certificate[] certs,
       CertificateValidationContext certificateValidationContext,
@@ -76,6 +85,19 @@ private XdsTrustManagerFactory(
     xdsX509TrustManager = createX509TrustManager(certs, certificateValidationContext);
   }
 
+  private XdsTrustManagerFactory(
+      Map<String, List<X509Certificate>> spiffeTrustMap,
+      CertificateValidationContext certificateValidationContext,
+      boolean validationContextIsStatic)
+      throws CertStoreException {
+    if (validationContextIsStatic) {
+      checkArgument(
+          certificateValidationContext == null || !certificateValidationContext.hasTrustedCa(),
+          "only static certificateValidationContext expected");
+      xdsX509TrustManager = createX509TrustManager(spiffeTrustMap, certificateValidationContext);
+    }
+  }
+
   private static X509Certificate[] getTrustedCaFromCertContext(
       CertificateValidationContext certificateValidationContext)
       throws CertificateException, IOException {
@@ -100,6 +122,24 @@ private static X509Certificate[] getTrustedCaFromCertContext(
   @VisibleForTesting
   static XdsX509TrustManager createX509TrustManager(
       X509Certificate[] certs, CertificateValidationContext certContext) throws CertStoreException {
+    return new XdsX509TrustManager(certContext, createTrustManager(certs));
+  }
+
+  @VisibleForTesting
+  static XdsX509TrustManager createX509TrustManager(
+      Map<String, List<X509Certificate>> spiffeTrustMapFile,
+      CertificateValidationContext certContext) throws CertStoreException {
+    checkNotNull(spiffeTrustMapFile, "spiffeTrustMapFile");
+    Map<String, X509ExtendedTrustManager> delegates = new HashMap<>();
+    for (Map.Entry<String, List<X509Certificate>> entry:spiffeTrustMapFile.entrySet()) {
+      delegates.put(entry.getKey(), createTrustManager(
+          entry.getValue().toArray(new X509Certificate[0])));
+    }
+    return new XdsX509TrustManager(certContext, delegates);
+  }
+
+  private static X509ExtendedTrustManager createTrustManager(X509Certificate[] certs)
+      throws CertStoreException {
     TrustManagerFactory tmf = null;
     try {
       tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
@@ -131,7 +171,7 @@ static XdsX509TrustManager createX509TrustManager(
     if (myDelegate == null) {
       throw new CertStoreException("Native X509 TrustManager not found.");
     }
-    return new XdsX509TrustManager(certContext, myDelegate);
+    return myDelegate;
   }
 
   @Override
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
index 6181d70fa51..dcd3f2006a1 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
@@ -19,18 +19,25 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Optional;
 import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
 import com.google.re2j.Pattern;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.type.matcher.v3.RegexMatcher;
 import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
+import io.grpc.internal.SpiffeUtil;
 import java.net.Socket;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
 import javax.annotation.Nullable;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
@@ -51,6 +58,7 @@ final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509
   private static final int ALT_IPA_NAME = 7;
 
   private final X509ExtendedTrustManager delegate;
+  private final Map<String, X509ExtendedTrustManager> spiffeTrustMapDelegates;
   private final CertificateValidationContext certContext;
 
   XdsX509TrustManager(@Nullable CertificateValidationContext certContext,
@@ -58,6 +66,15 @@ final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509
     checkNotNull(delegate, "delegate");
     this.certContext = certContext;
     this.delegate = delegate;
+    this.spiffeTrustMapDelegates = null;
+  }
+
+  XdsX509TrustManager(@Nullable CertificateValidationContext certContext,
+      Map<String, X509ExtendedTrustManager> spiffeTrustMapDelegates) {
+    checkNotNull(spiffeTrustMapDelegates, "spiffeTrustMapDelegates");
+    this.spiffeTrustMapDelegates = ImmutableMap.copyOf(spiffeTrustMapDelegates);
+    this.certContext = certContext;
+    this.delegate = null;
   }
 
   private static boolean verifyDnsNameInPattern(
@@ -204,21 +221,21 @@ void verifySubjectAltNameInChain(X509Certificate[] peerCertChain) throws Certifi
   @Override
   public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
       throws CertificateException {
-    delegate.checkClientTrusted(chain, authType, socket);
+    chooseDelegate(chain).checkClientTrusted(chain, authType, socket);
     verifySubjectAltNameInChain(chain);
   }
 
   @Override
   public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
       throws CertificateException {
-    delegate.checkClientTrusted(chain, authType, sslEngine);
+    chooseDelegate(chain).checkClientTrusted(chain, authType, sslEngine);
     verifySubjectAltNameInChain(chain);
   }
 
   @Override
   public void checkClientTrusted(X509Certificate[] chain, String authType)
       throws CertificateException {
-    delegate.checkClientTrusted(chain, authType);
+    chooseDelegate(chain).checkClientTrusted(chain, authType);
     verifySubjectAltNameInChain(chain);
   }
 
@@ -233,7 +250,7 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, Socket
         sslSocket.setSSLParameters(sslParams);
       }
     }
-    delegate.checkServerTrusted(chain, authType, socket);
+    chooseDelegate(chain).checkServerTrusted(chain, authType, socket);
     verifySubjectAltNameInChain(chain);
   }
 
@@ -245,19 +262,44 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngi
       sslParams.setEndpointIdentificationAlgorithm("");
       sslEngine.setSSLParameters(sslParams);
     }
-    delegate.checkServerTrusted(chain, authType, sslEngine);
+    chooseDelegate(chain).checkServerTrusted(chain, authType, sslEngine);
     verifySubjectAltNameInChain(chain);
   }
 
   @Override
   public void checkServerTrusted(X509Certificate[] chain, String authType)
       throws CertificateException {
-    delegate.checkServerTrusted(chain, authType);
+    chooseDelegate(chain).checkServerTrusted(chain, authType);
     verifySubjectAltNameInChain(chain);
   }
 
+  private X509ExtendedTrustManager chooseDelegate(X509Certificate[] chain)
+      throws CertificateException {
+    if (spiffeTrustMapDelegates != null) {
+      Optional<SpiffeUtil.SpiffeId> spiffeId = SpiffeUtil.extractSpiffeId(chain);
+      if (!spiffeId.isPresent()) {
+        throw new CertificateException("Failed to extract SPIFFE ID from peer leaf certificate");
+      }
+      String trustDomain = spiffeId.get().getTrustDomain();
+      if (!spiffeTrustMapDelegates.containsKey(trustDomain)) {
+        throw new CertificateException(String.format("Spiffe Trust Map doesn't contain trust"
+            + " domain '%s' from peer leaf certificate", trustDomain));
+      }
+      return spiffeTrustMapDelegates.get(trustDomain);
+    } else {
+      return delegate;
+    }
+  }
+
   @Override
   public X509Certificate[] getAcceptedIssuers() {
+    if (spiffeTrustMapDelegates != null) {
+      Set<X509Certificate> result = new HashSet<>();
+      for (X509ExtendedTrustManager tm: spiffeTrustMapDelegates.values()) {
+        result.addAll(Arrays.asList(tm.getAcceptedIssuers()));
+      }
+      return result.toArray(new X509Certificate[0]);
+    }
     return delegate.getAcceptedIssuers();
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/CommonBootstrapperTestUtils.java b/xds/src/test/java/io/grpc/xds/CommonBootstrapperTestUtils.java
index 0b2f3c7136b..6a8eced298c 100644
--- a/xds/src/test/java/io/grpc/xds/CommonBootstrapperTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/CommonBootstrapperTestUtils.java
@@ -88,7 +88,7 @@ public static Bootstrapper.BootstrapInfo buildBootstrapInfo(
       String certInstanceName1, @Nullable String privateKey1,
       @Nullable String cert1,
       @Nullable String trustCa1, String certInstanceName2, String privateKey2, String cert2,
-      String trustCa2) {
+      String trustCa2, @Nullable String spiffeTrustMap) {
     // get temp file for each file
     try {
       if (privateKey1 != null) {
@@ -109,6 +109,9 @@ public static Bootstrapper.BootstrapInfo buildBootstrapInfo(
       if (trustCa2 != null) {
         trustCa2 = CommonTlsContextTestsUtil.getTempFileNameForResourcesFile(trustCa2);
       }
+      if (spiffeTrustMap != null) {
+        spiffeTrustMap = CommonTlsContextTestsUtil.getTempFileNameForResourcesFile(spiffeTrustMap);
+      }
     } catch (IOException ioe) {
       throw new RuntimeException(ioe);
     }
@@ -116,6 +119,9 @@ public static Bootstrapper.BootstrapInfo buildBootstrapInfo(
     config.put("certificate_file", cert1);
     config.put("private_key_file", privateKey1);
     config.put("ca_certificate_file", trustCa1);
+    if (spiffeTrustMap != null) {
+      config.put("spiffe_trust_bundle_map_file", spiffeTrustMap);
+    }
     Bootstrapper.CertificateProviderInfo certificateProviderInfo =
         Bootstrapper.CertificateProviderInfo.create("file_watcher", config);
     HashMap<String, Bootstrapper.CertificateProviderInfo> certProviders =
@@ -126,6 +132,9 @@ public static Bootstrapper.BootstrapInfo buildBootstrapInfo(
       config.put("certificate_file", cert2);
       config.put("private_key_file", privateKey2);
       config.put("ca_certificate_file", trustCa2);
+      if (spiffeTrustMap != null) {
+        config.put("spiffe_trust_bundle_map_file", spiffeTrustMap);
+      }
       certificateProviderInfo =
           Bootstrapper.CertificateProviderInfo.create("file_watcher", config);
       certProviders.put(certInstanceName2, certificateProviderInfo);
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index f56a7c367bb..8e1220fe9d0 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -24,8 +24,12 @@
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_SPIFFE_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_SPIFFE_PEM_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SPIFFE_TRUST_MAP_1_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SPIFFE_TRUST_MAP_FILE;
 import static org.junit.Assert.fail;
 
 import com.google.common.collect.ImmutableList;
@@ -67,6 +71,7 @@
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import io.grpc.xds.internal.security.TlsContextManagerImpl;
+import io.grpc.xds.internal.security.certprovider.FileWatcherCertificateProviderProvider;
 import io.netty.handler.ssl.NotSslRecordException;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -85,6 +90,7 @@
 import java.security.cert.CertificateFactory;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.Executors;
@@ -92,18 +98,25 @@
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
 import org.junit.After;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 
 /**
  * Unit tests for {@link XdsChannelCredentials} and {@link XdsServerBuilder} for plaintext/TLS/mTLS
  * modes.
  */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class XdsSecurityClientServerTest {
 
+  @Parameter
+  public Boolean enableSpiffe;
+  private Boolean originalEnableSpiffe;
+
   @Rule public final GrpcCleanupRule cleanupRule = new GrpcCleanupRule();
   private int port;
   private FakeNameResolverFactory fakeNameResolverFactory;
@@ -115,11 +128,27 @@ public class XdsSecurityClientServerTest {
   private FakeXdsClientPoolFactory fakePoolFactory = new FakeXdsClientPoolFactory(xdsClient);
   private static final String OVERRIDE_AUTHORITY = "foo.test.google.fr";
 
+  @Parameters(name = "enableSpiffe={0}")
+  public static Collection<Boolean> data() {
+    return ImmutableList.of(true, false);
+  }
+
+  @Before
+  public void setUp() throws IOException {
+    saveEnvironment();
+    FileWatcherCertificateProviderProvider.enableSpiffe = enableSpiffe;
+  }
+
+  private void saveEnvironment() {
+    originalEnableSpiffe = FileWatcherCertificateProviderProvider.enableSpiffe;
+  }
+
   @After
   public void tearDown() throws IOException {
     if (fakeNameResolverFactory != null) {
       NameResolverRegistry.getDefaultRegistry().deregister(fakeNameResolverFactory);
     }
+    FileWatcherCertificateProviderProvider.enableSpiffe = originalEnableSpiffe;
   }
 
   @Test
@@ -146,13 +175,13 @@ public void nullFallbackCredentials_expectException() throws Exception {
   @Test
   public void tlsClientServer_noClientAuthentication() throws Exception {
     DownstreamTlsContext downstreamTlsContext =
-        setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+            null, false, false);
     buildServerWithTlsContext(downstreamTlsContext);
 
     // for TLS, client only needs trustCa
     UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
-        CLIENT_KEY_FILE,
-        CLIENT_PEM_FILE, false);
+        CLIENT_KEY_FILE, CLIENT_PEM_FILE, null, false);
 
     SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
         getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -169,7 +198,8 @@ public void tlsClientServer_useSystemRootCerts_useCombinedValidationContext() th
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
       DownstreamTlsContext downstreamTlsContext =
-          setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+          setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+              null, false, false);
       buildServerWithTlsContext(downstreamTlsContext);
 
       UpstreamTlsContext upstreamTlsContext =
@@ -195,7 +225,8 @@ public void tlsClientServer_useSystemRootCerts_validationContext() throws Except
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
       DownstreamTlsContext downstreamTlsContext =
-          setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+          setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+              null, false, false);
       buildServerWithTlsContext(downstreamTlsContext);
 
       UpstreamTlsContext upstreamTlsContext =
@@ -221,7 +252,8 @@ public void tlsClientServer_useSystemRootCerts_requireClientAuth() throws Except
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
       DownstreamTlsContext downstreamTlsContext =
-          setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+          setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+              null, false, false);
       buildServerWithTlsContext(downstreamTlsContext);
 
       UpstreamTlsContext upstreamTlsContext =
@@ -252,17 +284,59 @@ private Path getCacertFilePathForTestCa()
     return trustStoreFile.toPath();
   }
 
+  @Test
+  public void tlsClientServer_Spiffe_noClientAuthentication() throws Exception {
+    DownstreamTlsContext downstreamTlsContext =
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_SPIFFE_PEM_FILE, null, null, null,
+            null, null, false, false);
+    buildServerWithTlsContext(downstreamTlsContext);
+
+    // for TLS, client only needs trustCa, so BAD certs don't matter
+    UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
+        BAD_CLIENT_KEY_FILE, BAD_CLIENT_PEM_FILE, SPIFFE_TRUST_MAP_FILE, false);
+
+    SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+        getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+    assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
+  }
+
+  @Test
+  public void tlsClientServer_Spiffe_noClientAuthentication_wrongServerCert() throws Exception {
+    if (!enableSpiffe) {
+      return;
+    }
+    DownstreamTlsContext downstreamTlsContext =
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+            null, false, false);
+    buildServerWithTlsContext(downstreamTlsContext);
+
+    // for TLS, client only needs trustCa, so BAD certs don't matter
+    UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
+        BAD_CLIENT_KEY_FILE, BAD_CLIENT_PEM_FILE, SPIFFE_TRUST_MAP_FILE, false);
+
+    SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+        getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+    try {
+      unaryRpc("buddy", blockingStub);
+      fail("exception expected");
+    } catch (StatusRuntimeException sre) {
+      assertThat(sre.getStatus().getCode()).isEqualTo(Status.UNAVAILABLE.getCode());
+      assertThat(sre.getCause().getCause().getMessage())
+          .contains("Failed to extract SPIFFE ID from peer leaf certificate");
+    }
+  }
+
   @Test
   public void requireClientAuth_noClientCert_expectException()
       throws Exception {
     DownstreamTlsContext downstreamTlsContext =
-        setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, true, true);
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+            null, true, true);
     buildServerWithTlsContext(downstreamTlsContext);
 
     // for TLS, client only uses trustCa
     UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
-        CLIENT_KEY_FILE,
-        CLIENT_PEM_FILE, false);
+        CLIENT_KEY_FILE, CLIENT_PEM_FILE, null, false);
 
     SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
         getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -284,12 +358,12 @@ public void requireClientAuth_noClientCert_expectException()
   @Test
   public void noClientAuth_sendBadClientCert_passes() throws Exception {
     DownstreamTlsContext downstreamTlsContext =
-        setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+            null, false, false);
     buildServerWithTlsContext(downstreamTlsContext);
 
     UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
-        BAD_CLIENT_KEY_FILE,
-        BAD_CLIENT_PEM_FILE, true);
+        BAD_CLIENT_KEY_FILE, BAD_CLIENT_PEM_FILE, null, true);
 
     SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
         getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -299,8 +373,7 @@ public void noClientAuth_sendBadClientCert_passes() throws Exception {
   @Test
   public void mtls_badClientCert_expectException() throws Exception {
     UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
-        BAD_CLIENT_KEY_FILE,
-        BAD_CLIENT_PEM_FILE, true);
+        BAD_CLIENT_KEY_FILE, BAD_CLIENT_PEM_FILE, null, true);
     try {
       performMtlsTestAndGetListenerWatcher(upstreamTlsContext, null, null, null, null);
       fail("exception expected");
@@ -316,20 +389,58 @@ public void mtls_badClientCert_expectException() throws Exception {
     }
   }
 
-  /** mTLS - client auth enabled - using {@link XdsChannelCredentials} API. */
+  /** mTLS with Spiffe Trust Bundle - client auth enabled - using {@link XdsChannelCredentials}
+   * API. */
+  @Test
+  public void mtlsClientServer_Spiffe_withClientAuthentication_withXdsChannelCreds()
+      throws Exception {
+    DownstreamTlsContext downstreamTlsContext =
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_SPIFFE_PEM_FILE, null, null, null,
+            null, SPIFFE_TRUST_MAP_1_FILE, true, true);
+    buildServerWithTlsContext(downstreamTlsContext);
+
+    UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
+        CLIENT_KEY_FILE, CLIENT_SPIFFE_PEM_FILE, SPIFFE_TRUST_MAP_1_FILE, true);
+
+    SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+        getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+    assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
+  }
+
+  @Test
+  public void mtlsClientServer_Spiffe_badClientCert_expectException()
+      throws Exception {
+    DownstreamTlsContext downstreamTlsContext =
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_SPIFFE_PEM_FILE, null, null, null,
+            null, SPIFFE_TRUST_MAP_1_FILE, true, true);
+    buildServerWithTlsContext(downstreamTlsContext);
+
+    UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
+        CLIENT_KEY_FILE, BAD_CLIENT_PEM_FILE, SPIFFE_TRUST_MAP_1_FILE, true);
+    SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+        getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+    try {
+      assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
+      fail("exception expected");
+    } catch (StatusRuntimeException sre) {
+      assertThat(sre.getStatus().getCode()).isEqualTo(Status.UNAVAILABLE.getCode());
+      assertThat(sre.getMessage()).contains("ssl exception");
+    }
+  }
+
   @Test
   public void mtlsClientServer_withClientAuthentication_withXdsChannelCreds()
       throws Exception {
     UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
-        CLIENT_KEY_FILE,
-        CLIENT_PEM_FILE, true);
+        CLIENT_KEY_FILE, CLIENT_PEM_FILE, null, true);
     performMtlsTestAndGetListenerWatcher(upstreamTlsContext, null, null, null, null);
   }
 
   @Test
   public void tlsServer_plaintextClient_expectException() throws Exception {
     DownstreamTlsContext downstreamTlsContext =
-        setBootstrapInfoAndBuildDownstreamTlsContext(null, null, null, null, false, false);
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+            null, false, false);
     buildServerWithTlsContext(downstreamTlsContext);
 
     SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
@@ -349,8 +460,7 @@ public void plaintextServer_tlsClient_expectException() throws Exception {
 
     // for TLS, client only needs trustCa
     UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
-        CLIENT_KEY_FILE,
-        CLIENT_PEM_FILE, false);
+        CLIENT_KEY_FILE, CLIENT_PEM_FILE, null, false);
 
     SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
         getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -368,8 +478,7 @@ public void plaintextServer_tlsClient_expectException() throws Exception {
   public void mtlsClientServer_changeServerContext_expectException()
       throws Exception {
     UpstreamTlsContext upstreamTlsContext = setBootstrapInfoAndBuildUpstreamTlsContext(
-        CLIENT_KEY_FILE,
-        CLIENT_PEM_FILE, true);
+        CLIENT_KEY_FILE, CLIENT_PEM_FILE, null, true);
 
     performMtlsTestAndGetListenerWatcher(upstreamTlsContext, "cert-instance-name2",
             BAD_SERVER_KEY_FILE, BAD_SERVER_PEM_FILE, CA_PEM_FILE);
@@ -396,8 +505,8 @@ private void performMtlsTestAndGetListenerWatcher(
       String privateKey2, String cert2, String trustCa2)
       throws Exception {
     DownstreamTlsContext downstreamTlsContext =
-        setBootstrapInfoAndBuildDownstreamTlsContext(certInstanceName2, privateKey2, cert2,
-            trustCa2, true, true);
+        setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, certInstanceName2,
+            privateKey2, cert2, trustCa2, null, true, false);
 
     buildServerWithFallbackServerCredentials(
             InsecureServerCredentials.create(), downstreamTlsContext);
@@ -408,22 +517,21 @@ private void performMtlsTestAndGetListenerWatcher(
   }
 
   private DownstreamTlsContext setBootstrapInfoAndBuildDownstreamTlsContext(
-      String certInstanceName2,
-      String privateKey2,
-      String cert2, String trustCa2, boolean hasRootCert, boolean requireClientCertificate) {
+      String cert1, String certInstanceName2, String privateKey2,
+      String cert2, String trustCa2, String spiffeFile,
+      boolean hasRootCert, boolean requireClientCertificate) {
     bootstrapInfoForServer = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE,
-            SERVER_1_PEM_FILE, CA_PEM_FILE, certInstanceName2, privateKey2, cert2, trustCa2);
+            cert1, CA_PEM_FILE, certInstanceName2, privateKey2, cert2, trustCa2, spiffeFile);
     return CommonTlsContextTestsUtil.buildDownstreamTlsContext(
         "google_cloud_private_spiffe-server", hasRootCert, requireClientCertificate);
   }
 
   private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContext(String clientKeyFile,
-      String clientPemFile,
-      boolean hasIdentityCert) {
+      String clientPemFile, String spiffeFile, boolean hasIdentityCert) {
     bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", clientKeyFile, clientPemFile,
-            CA_PEM_FILE, null, null, null, null);
+            CA_PEM_FILE, null, null, null, null, spiffeFile);
     return CommonTlsContextTestsUtil
         .buildUpstreamTlsContext("google_cloud_private_spiffe-client", hasIdentityCert);
   }
@@ -434,7 +542,7 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSys
       boolean useCombinedValidationContext) {
     bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", clientKeyFile, clientPemFile,
-            CA_PEM_FILE, null, null, null, null);
+            CA_PEM_FILE, null, null, null, null, null);
     if (useCombinedValidationContext) {
       return CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(
           "google_cloud_private_spiffe-client", "ROOT", null,
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
index db82a8682e0..a6cf2c52a15 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
@@ -48,10 +48,14 @@ public class CommonTlsContextTestsUtil {
   public static final String SERVER_0_PEM_FILE = "server0.pem";
   public static final String SERVER_0_KEY_FILE = "server0.key";
   public static final String SERVER_1_PEM_FILE = "server1.pem";
+  public static final String SERVER_1_SPIFFE_PEM_FILE = "server1_spiffe.pem";
   public static final String SERVER_1_KEY_FILE = "server1.key";
   public static final String CLIENT_PEM_FILE = "client.pem";
+  public static final String CLIENT_SPIFFE_PEM_FILE = "client_spiffe.pem";
   public static final String CLIENT_KEY_FILE = "client.key";
   public static final String CA_PEM_FILE = "ca.pem";
+  public static final String SPIFFE_TRUST_MAP_FILE = "spiffebundle.json";
+  public static final String SPIFFE_TRUST_MAP_1_FILE = "spiffebundle1.json";
   /** Bad/untrusted server certs. */
   public static final String BAD_SERVER_PEM_FILE = "badserver.pem";
   public static final String BAD_SERVER_KEY_FILE = "badserver.key";
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
index da7f8113dfa..fdfcd369937 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
@@ -149,7 +149,7 @@ public void clientSecurityHandler_addLast()
     CommonCertProviderTestUtils.register(executor);
     Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
-            CA_PEM_FILE, null, null, null, null);
+            CA_PEM_FILE, null, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
             .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
@@ -216,7 +216,7 @@ public SocketAddress remoteAddress() {
     pipeline = channel.pipeline();
     Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE,
-            SERVER_1_PEM_FILE, CA_PEM_FILE, null, null, null, null);
+            SERVER_1_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
     DownstreamTlsContext downstreamTlsContext =
         CommonTlsContextTestsUtil.buildDownstreamTlsContext(
             "google_cloud_private_spiffe-server", true, true);
@@ -361,7 +361,7 @@ public void clientSecurityProtocolNegotiatorNewHandler_fireProtocolNegotiationEv
     CommonCertProviderTestUtils.register(executor);
     Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
-            CA_PEM_FILE, null, null, null, null);
+            CA_PEM_FILE, null, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
             .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
@@ -412,7 +412,7 @@ public void clientSecurityProtocolNegotiatorNewHandler_handleHandlerRemoved() {
     CommonCertProviderTestUtils.register(executor);
     Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
-            CA_PEM_FILE, null, null, null, null);
+            CA_PEM_FILE, null, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
             .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java
index 4d04eeb41e0..29d131cb8d7 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java
@@ -57,7 +57,7 @@ public class TlsContextManagerTest {
   public void createServerSslContextProvider() {
     Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE,
-            SERVER_1_PEM_FILE, CA_PEM_FILE, null, null, null, null);
+            SERVER_1_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
     DownstreamTlsContext downstreamTlsContext =
         CommonTlsContextTestsUtil.buildDownstreamTlsContext(
             "google_cloud_private_spiffe-server", false, false);
@@ -76,7 +76,7 @@ public void createServerSslContextProvider() {
   public void createClientSslContextProvider() {
     Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
-            CA_PEM_FILE, null, null, null, null);
+            CA_PEM_FILE, null, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
             .buildUpstreamTlsContext("google_cloud_private_spiffe-client", false);
@@ -96,7 +96,7 @@ public void createServerSslContextProvider_differentInstance() {
     Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE,
             SERVER_1_PEM_FILE, CA_PEM_FILE, "cert-instance2", SERVER_0_KEY_FILE, SERVER_0_PEM_FILE,
-            CA_PEM_FILE);
+            CA_PEM_FILE, null);
     DownstreamTlsContext downstreamTlsContext =
         CommonTlsContextTestsUtil.buildDownstreamTlsContext(
             "google_cloud_private_spiffe-server", false, false);
@@ -120,7 +120,7 @@ public void createServerSslContextProvider_differentInstance() {
   public void createClientSslContextProvider_differentInstance() {
     Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
-            CA_PEM_FILE, "cert-instance-2", CLIENT_KEY_FILE, CLIENT_PEM_FILE, CA_PEM_FILE);
+            CA_PEM_FILE, "cert-instance-2", CLIENT_KEY_FILE, CLIENT_PEM_FILE, CA_PEM_FILE, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
             .buildUpstreamTlsContext("google_cloud_private_spiffe-client", false);
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java
index a0bdd618004..304a2dd5441 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java
@@ -24,22 +24,28 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
+import com.google.common.collect.ImmutableList;
 import io.grpc.internal.JsonParser;
 import io.grpc.internal.TimeProvider;
 import java.io.IOException;
+import java.util.Collection;
 import java.util.Map;
 import java.util.concurrent.ScheduledExecutorService;
+import org.junit.After;
+import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
 
 /** Unit tests for {@link FileWatcherCertificateProviderProvider}. */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class FileWatcherCertificateProviderProviderTest {
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
 
@@ -48,13 +54,28 @@ public class FileWatcherCertificateProviderProviderTest {
       scheduledExecutorServiceFactory;
   @Mock private TimeProvider timeProvider;
 
+  @Parameter
+  public boolean enableSpiffe;
+  private boolean originalEnableSpiffe;
   private FileWatcherCertificateProviderProvider provider;
 
+  @Parameters(name = "enableSpiffe={0}")
+  public static Collection<Boolean> data() {
+    return ImmutableList.of(true, false);
+  }
+
   @Before
   public void setUp() throws IOException {
     provider =
         new FileWatcherCertificateProviderProvider(
             fileWatcherCertificateProviderFactory, scheduledExecutorServiceFactory, timeProvider);
+    originalEnableSpiffe = FileWatcherCertificateProviderProvider.enableSpiffe;
+    FileWatcherCertificateProviderProvider.enableSpiffe = enableSpiffe;
+  }
+
+  @After
+  public void restoreEnvironment() {
+    FileWatcherCertificateProviderProvider.enableSpiffe = originalEnableSpiffe;
   }
 
   @Test
@@ -85,6 +106,30 @@ public void createProvider_minimalConfig() throws IOException {
             eq("/var/run/gke-spiffe/certs/certificates.pem"),
             eq("/var/run/gke-spiffe/certs/private_key.pem"),
             eq("/var/run/gke-spiffe/certs/ca_certificates.pem"),
+            eq(null),
+            eq(600L),
+            eq(mockService),
+            eq(timeProvider));
+  }
+
+  @Test
+  public void createProvider_minimalSpiffeConfig() throws IOException {
+    Assume.assumeTrue(enableSpiffe);
+    CertificateProvider.DistributorWatcher distWatcher =
+        new CertificateProvider.DistributorWatcher();
+    @SuppressWarnings("unchecked")
+    Map<String, ?> map = (Map<String, ?>) JsonParser.parse(MINIMAL_FILE_WATCHER_WITH_SPIFFE_CONFIG);
+    ScheduledExecutorService mockService = mock(ScheduledExecutorService.class);
+    when(scheduledExecutorServiceFactory.create()).thenReturn(mockService);
+    provider.createCertificateProvider(map, distWatcher, true);
+    verify(fileWatcherCertificateProviderFactory, times(1))
+        .create(
+            eq(distWatcher),
+            eq(true),
+            eq("/var/run/gke-spiffe/certs/certificates.pem"),
+            eq("/var/run/gke-spiffe/certs/private_key.pem"),
+            eq(null),
+            eq("/var/run/gke-spiffe/certs/spiffe_bundle.json"),
             eq(600L),
             eq(mockService),
             eq(timeProvider));
@@ -106,6 +151,30 @@ public void createProvider_fullConfig() throws IOException {
             eq("/var/run/gke-spiffe/certs/certificates2.pem"),
             eq("/var/run/gke-spiffe/certs/private_key3.pem"),
             eq("/var/run/gke-spiffe/certs/ca_certificates4.pem"),
+            eq(null),
+            eq(7890L),
+            eq(mockService),
+            eq(timeProvider));
+  }
+
+  @Test
+  public void createProvider_spiffeConfig() throws IOException {
+    Assume.assumeTrue(enableSpiffe);
+    CertificateProvider.DistributorWatcher distWatcher =
+        new CertificateProvider.DistributorWatcher();
+    @SuppressWarnings("unchecked")
+    Map<String, ?> map = (Map<String, ?>) JsonParser.parse(FULL_FILE_WATCHER_WITH_SPIFFE_CONFIG);
+    ScheduledExecutorService mockService = mock(ScheduledExecutorService.class);
+    when(scheduledExecutorServiceFactory.create()).thenReturn(mockService);
+    provider.createCertificateProvider(map, distWatcher, true);
+    verify(fileWatcherCertificateProviderFactory, times(1))
+        .create(
+            eq(distWatcher),
+            eq(true),
+            eq("/var/run/gke-spiffe/certs/certificates2.pem"),
+            eq("/var/run/gke-spiffe/certs/private_key3.pem"),
+            eq(null),
+            eq("/var/run/gke-spiffe/certs/spiffe_bundle.json"),
             eq(7890L),
             eq(mockService),
             eq(timeProvider));
@@ -157,15 +226,18 @@ public void createProvider_missingKey_expectException() throws IOException {
 
   @Test
   public void createProvider_missingRoot_expectException() throws IOException {
+    String expectedMessage = enableSpiffe ? "either 'ca_certificate_file' or "
+        + "'spiffe_trust_bundle_map_file' is required in the config"
+        : "'ca_certificate_file' is required in the config";
     CertificateProvider.DistributorWatcher distWatcher =
         new CertificateProvider.DistributorWatcher();
     @SuppressWarnings("unchecked")
-    Map<String, ?> map = (Map<String, ?>) JsonParser.parse(MISSING_ROOT_CONFIG);
+    Map<String, ?> map = (Map<String, ?>) JsonParser.parse(MISSING_ROOT_AND_SPIFFE_CONFIG);
     try {
       provider.createCertificateProvider(map, distWatcher, true);
       fail("exception expected");
     } catch (NullPointerException npe) {
-      assertThat(npe).hasMessageThat().isEqualTo("'ca_certificate_file' is required in the config");
+      assertThat(npe).hasMessageThat().isEqualTo(expectedMessage);
     }
   }
 
@@ -176,6 +248,14 @@ public void createProvider_missingRoot_expectException() throws IOException {
           + "        \"ca_certificate_file\": \"/var/run/gke-spiffe/certs/ca_certificates.pem\""
           + "      }";
 
+  private static final String MINIMAL_FILE_WATCHER_WITH_SPIFFE_CONFIG =
+      "{\n"
+          + "        \"certificate_file\": \"/var/run/gke-spiffe/certs/certificates.pem\","
+          + "        \"private_key_file\": \"/var/run/gke-spiffe/certs/private_key.pem\","
+          + "        \"spiffe_trust_bundle_map_file\":"
+          + " \"/var/run/gke-spiffe/certs/spiffe_bundle.json\""
+          + "      }";
+
   private static final String FULL_FILE_WATCHER_CONFIG =
       "{\n"
           + "        \"certificate_file\": \"/var/run/gke-spiffe/certs/certificates2.pem\","
@@ -184,6 +264,16 @@ public void createProvider_missingRoot_expectException() throws IOException {
           + "        \"refresh_interval\": \"7890s\""
           + "      }";
 
+  private static final String FULL_FILE_WATCHER_WITH_SPIFFE_CONFIG =
+      "{\n"
+          + "        \"certificate_file\": \"/var/run/gke-spiffe/certs/certificates2.pem\","
+          + "        \"private_key_file\": \"/var/run/gke-spiffe/certs/private_key3.pem\","
+          + "        \"ca_certificate_file\": \"/var/run/gke-spiffe/certs/ca_certificates4.pem\","
+          + "        \"spiffe_trust_bundle_map_file\":"
+          + " \"/var/run/gke-spiffe/certs/spiffe_bundle.json\","
+          + "        \"refresh_interval\": \"7890s\""
+          + "      }";
+
   private static final String MISSING_CERT_CONFIG =
       "{\n"
           + "        \"private_key_file\": \"/var/run/gke-spiffe/certs/private_key.pem\","
@@ -196,7 +286,7 @@ public void createProvider_missingRoot_expectException() throws IOException {
           + "        \"ca_certificate_file\": \"/var/run/gke-spiffe/certs/ca_certificates.pem\""
           + "      }";
 
-  private static final String MISSING_ROOT_CONFIG =
+  private static final String MISSING_ROOT_AND_SPIFFE_CONFIG =
       "{\n"
           + "        \"certificate_file\": \"/var/run/gke-spiffe/certs/certificates.pem\","
           + "        \"private_key_file\": \"/var/run/gke-spiffe/certs/private_key.pem\""
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java
index 210ec056732..620ee0a7ff7 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java
@@ -23,6 +23,7 @@
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SPIFFE_TRUST_MAP_1_FILE;
 import static java.nio.file.StandardCopyOption.REPLACE_EXISTING;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -47,6 +48,7 @@
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
 import java.util.concurrent.Delayed;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
@@ -73,6 +75,7 @@ public class FileWatcherCertificateProviderTest {
   private static final String CERT_FILE = "cert.pem";
   private static final String KEY_FILE = "key.pem";
   private static final String ROOT_FILE = "root.pem";
+  private static final String SPIFFE_TRUST_MAP_FILE = "spiffebundle.json";
 
   @Mock private CertificateProvider.Watcher mockWatcher;
   @Mock private ScheduledExecutorService timeService;
@@ -84,28 +87,33 @@ public class FileWatcherCertificateProviderTest {
   private String certFile;
   private String keyFile;
   private String rootFile;
+  private String spiffeTrustMapFile;
 
   private FileWatcherCertificateProvider provider;
+  private DistributorWatcher watcher;
 
   @Before
   public void setUp() throws IOException {
-    DistributorWatcher watcher = new DistributorWatcher();
+    watcher = new DistributorWatcher();
     watcher.addWatcher(mockWatcher);
 
     certFile = new File(tempFolder.getRoot(), CERT_FILE).getAbsolutePath();
     keyFile = new File(tempFolder.getRoot(), KEY_FILE).getAbsolutePath();
     rootFile = new File(tempFolder.getRoot(), ROOT_FILE).getAbsolutePath();
+    spiffeTrustMapFile = new File(tempFolder.getRoot(), SPIFFE_TRUST_MAP_FILE).getAbsolutePath();
     provider =
-        new FileWatcherCertificateProvider(
-            watcher, true, certFile, keyFile, rootFile, 600L, timeService, timeProvider);
+        new FileWatcherCertificateProvider(watcher, true, certFile, keyFile, rootFile, null, 600L,
+            timeService, timeProvider);
   }
 
   private void populateTarget(
       String certFileSource,
       String keyFileSource,
       String rootFileSource,
+      String spiffeTrustMapFileSource,
       boolean deleteCurCert,
       boolean deleteCurKey,
+      boolean deleteCurSpiffeTrustMap,
       boolean deleteCurRoot)
       throws IOException {
     if (deleteCurCert) {
@@ -135,6 +143,17 @@ private void populateTarget(
       Files.setLastModifiedTime(
           Paths.get(rootFile), FileTime.fromMillis(timeProvider.currentTimeMillis()));
     }
+    if (deleteCurSpiffeTrustMap) {
+      Files.delete(Paths.get(spiffeTrustMapFile));
+    }
+    if (spiffeTrustMapFileSource != null) {
+      spiffeTrustMapFileSource = CommonTlsContextTestsUtil
+          .getTempFileNameForResourcesFile(spiffeTrustMapFileSource);
+      Files.copy(Paths.get(spiffeTrustMapFileSource),
+          Paths.get(spiffeTrustMapFile), REPLACE_EXISTING);
+      Files.setLastModifiedTime(
+          Paths.get(spiffeTrustMapFile), FileTime.fromMillis(timeProvider.currentTimeMillis()));
+    }
   }
 
   @Test
@@ -144,9 +163,9 @@ public void getCertificateAndCheckUpdates() throws IOException, CertificateExcep
     doReturn(scheduledFuture)
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
-    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, false, false, false);
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, null, false, false, false, false);
     provider.checkAndReloadCertificates();
-    verifyWatcherUpdates(CLIENT_PEM_FILE, CA_PEM_FILE);
+    verifyWatcherUpdates(CLIENT_PEM_FILE, CA_PEM_FILE, null);
     verifyTimeServiceAndScheduledFuture();
 
     reset(mockWatcher, timeService);
@@ -165,7 +184,7 @@ public void allUpdateSecondTime() throws IOException, CertificateException, Inte
     doReturn(scheduledFuture)
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
-    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, false, false, false);
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, null, false, false, false, false);
     provider.checkAndReloadCertificates();
 
     reset(mockWatcher, timeService);
@@ -173,9 +192,10 @@ public void allUpdateSecondTime() throws IOException, CertificateException, Inte
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
     timeProvider.forwardTime(1, TimeUnit.SECONDS);
-    populateTarget(SERVER_0_PEM_FILE, SERVER_0_KEY_FILE, SERVER_1_PEM_FILE, false, false, false);
+    populateTarget(SERVER_0_PEM_FILE, SERVER_0_KEY_FILE, SERVER_1_PEM_FILE, null, false, false,
+        false, false);
     provider.checkAndReloadCertificates();
-    verifyWatcherUpdates(SERVER_0_PEM_FILE, SERVER_1_PEM_FILE);
+    verifyWatcherUpdates(SERVER_0_PEM_FILE, SERVER_1_PEM_FILE, null);
     verifyTimeServiceAndScheduledFuture();
   }
 
@@ -186,12 +206,13 @@ public void closeDoesNotScheduleNext() throws IOException, CertificateException
     doReturn(scheduledFuture)
             .when(timeService)
             .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
-    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, false, false, false);
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, null, false, false, false, false);
     provider.close();
     provider.checkAndReloadCertificates();
     verify(mockWatcher, never())
         .updateCertificate(any(PrivateKey.class), ArgumentMatchers.<X509Certificate>anyList());
     verify(mockWatcher, never()).updateTrustedRoots(ArgumentMatchers.<X509Certificate>anyList());
+    verify(mockWatcher, never()).updateSpiffeTrustMap(ArgumentMatchers.anyMap());
     verify(timeService, never()).schedule(any(Runnable.class), any(Long.TYPE), any(TimeUnit.class));
     verify(timeService, times(1)).shutdownNow();
   }
@@ -204,7 +225,7 @@ public void rootFileUpdateOnly() throws IOException, CertificateException, Inter
     doReturn(scheduledFuture)
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
-    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, false, false, false);
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, null, false, false, false, false);
     provider.checkAndReloadCertificates();
 
     reset(mockWatcher, timeService);
@@ -212,9 +233,9 @@ public void rootFileUpdateOnly() throws IOException, CertificateException, Inter
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
     timeProvider.forwardTime(1, TimeUnit.SECONDS);
-    populateTarget(null, null, SERVER_1_PEM_FILE, false, false, false);
+    populateTarget(null, null, SERVER_1_PEM_FILE, null, false, false, false, false);
     provider.checkAndReloadCertificates();
-    verifyWatcherUpdates(null, SERVER_1_PEM_FILE);
+    verifyWatcherUpdates(null, SERVER_1_PEM_FILE, null);
     verifyTimeServiceAndScheduledFuture();
   }
 
@@ -226,7 +247,7 @@ public void certAndKeyFileUpdateOnly()
     doReturn(scheduledFuture)
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
-    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, false, false, false);
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE, null, false, false, false, false);
     provider.checkAndReloadCertificates();
 
     reset(mockWatcher, timeService);
@@ -234,9 +255,44 @@ public void certAndKeyFileUpdateOnly()
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
     timeProvider.forwardTime(1, TimeUnit.SECONDS);
-    populateTarget(SERVER_0_PEM_FILE, SERVER_0_KEY_FILE, null, false, false, false);
+    populateTarget(SERVER_0_PEM_FILE, SERVER_0_KEY_FILE, null, null, false, false, false, false);
     provider.checkAndReloadCertificates();
-    verifyWatcherUpdates(SERVER_0_PEM_FILE, null);
+    verifyWatcherUpdates(SERVER_0_PEM_FILE, null, null);
+    verifyTimeServiceAndScheduledFuture();
+  }
+
+  @Test
+  public void spiffeTrustMapFileUpdateOnly() throws Exception {
+    provider = new FileWatcherCertificateProvider(watcher, true, certFile, keyFile, null,
+        spiffeTrustMapFile, 600L, timeService, timeProvider);
+    TestScheduledFuture<?> scheduledFuture =
+        new TestScheduledFuture<>();
+    doReturn(scheduledFuture)
+        .when(timeService)
+        .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, null, null, false, false, false, false);
+    provider.checkAndReloadCertificates();
+    verify(mockWatcher, never()).updateSpiffeTrustMap(ArgumentMatchers.anyMap());
+
+    reset(timeService);
+    doReturn(scheduledFuture)
+        .when(timeService)
+        .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
+    timeProvider.forwardTime(1, TimeUnit.SECONDS);
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, null, SPIFFE_TRUST_MAP_FILE, false,
+        false, false, false);
+    provider.checkAndReloadCertificates();
+    verify(mockWatcher, times(1)).updateSpiffeTrustMap(ArgumentMatchers.anyMap());
+
+    reset(timeService);
+    doReturn(scheduledFuture)
+        .when(timeService)
+        .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
+    timeProvider.forwardTime(1, TimeUnit.SECONDS);
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, null, SPIFFE_TRUST_MAP_1_FILE, false,
+        false, false, false);
+    provider.checkAndReloadCertificates();
+    verify(mockWatcher, times(2)).updateSpiffeTrustMap(ArgumentMatchers.anyMap());
     verifyTimeServiceAndScheduledFuture();
   }
 
@@ -247,7 +303,7 @@ public void getCertificate_initialMissingCertFile() throws IOException {
     doReturn(scheduledFuture)
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
-    populateTarget(null, CLIENT_KEY_FILE, CA_PEM_FILE, false, false, false);
+    populateTarget(null, CLIENT_KEY_FILE, CA_PEM_FILE, null, false, false, false, false);
     provider.checkAndReloadCertificates();
     verifyWatcherErrorUpdates(Status.Code.UNKNOWN, NoSuchFileException.class, 0, 1, "cert.pem");
   }
@@ -255,13 +311,14 @@ public void getCertificate_initialMissingCertFile() throws IOException {
   @Test
   public void getCertificate_missingCertFile() throws IOException, InterruptedException {
     commonErrorTest(
-        null, CLIENT_KEY_FILE, CA_PEM_FILE, NoSuchFileException.class, 0, 1, 0, 0, "cert.pem");
+        null, CLIENT_KEY_FILE, CA_PEM_FILE, null, NoSuchFileException.class, 0, 1, 0, 0,
+        "cert.pem");
   }
 
   @Test
   public void getCertificate_missingKeyFile() throws IOException, InterruptedException {
     commonErrorTest(
-        CLIENT_PEM_FILE, null, CA_PEM_FILE, NoSuchFileException.class, 0, 1, 0, 0, "key.pem");
+        CLIENT_PEM_FILE, null, CA_PEM_FILE, null, NoSuchFileException.class, 0, 1, 0, 0, "key.pem");
   }
 
   @Test
@@ -270,6 +327,7 @@ public void getCertificate_badKeyFile() throws IOException, InterruptedException
         CLIENT_PEM_FILE,
         SERVER_0_PEM_FILE,
         CA_PEM_FILE,
+        null,
         java.security.spec.InvalidKeySpecException.class,
         0,
         1,
@@ -285,12 +343,13 @@ public void getCertificate_missingRootFile() throws IOException, InterruptedExce
     doReturn(scheduledFuture)
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
-    populateTarget(SERVER_0_PEM_FILE, SERVER_0_KEY_FILE, SERVER_1_PEM_FILE, false, false, false);
+    populateTarget(SERVER_0_PEM_FILE, SERVER_0_KEY_FILE, SERVER_1_PEM_FILE, null, false, false,
+        false, false);
     provider.checkAndReloadCertificates();
 
     reset(mockWatcher);
     timeProvider.forwardTime(1, TimeUnit.SECONDS);
-    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, null, false, false, true);
+    populateTarget(CLIENT_PEM_FILE, CLIENT_KEY_FILE, null, null, false, false, false, true);
     timeProvider.forwardTime(
         CERT0_EXPIRY_TIME_MILLIS - 610_000L - timeProvider.currentTimeMillis(),
         TimeUnit.MILLISECONDS);
@@ -302,6 +361,7 @@ private void commonErrorTest(
       String certFile,
       String keyFile,
       String rootFile,
+      String spiffeFile,
       Class<?> throwableType,
       int firstUpdateCertCount,
       int firstUpdateRootCount,
@@ -314,13 +374,15 @@ private void commonErrorTest(
     doReturn(scheduledFuture)
         .when(timeService)
         .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
-    populateTarget(SERVER_0_PEM_FILE, SERVER_0_KEY_FILE, SERVER_1_PEM_FILE, false, false, false);
+    populateTarget(SERVER_0_PEM_FILE, SERVER_0_KEY_FILE, SERVER_1_PEM_FILE,
+        SPIFFE_TRUST_MAP_1_FILE, false, false, false, false);
     provider.checkAndReloadCertificates();
 
     reset(mockWatcher);
     timeProvider.forwardTime(1, TimeUnit.SECONDS);
     populateTarget(
-        certFile, keyFile, rootFile, certFile == null, keyFile == null, rootFile == null);
+        certFile, keyFile, rootFile, spiffeFile, certFile == null, keyFile == null,
+        rootFile == null, spiffeFile == null);
     timeProvider.forwardTime(
         CERT0_EXPIRY_TIME_MILLIS - 610_000L - timeProvider.currentTimeMillis(),
         TimeUnit.MILLISECONDS);
@@ -372,7 +434,7 @@ private void verifyTimeServiceAndScheduledFuture() {
     assertThat(provider.scheduledFuture.isCancelled()).isFalse();
   }
 
-  private void verifyWatcherUpdates(String certPemFile, String rootPemFile)
+  private void verifyWatcherUpdates(String certPemFile, String rootPemFile, String spiffeFile)
       throws IOException, CertificateException {
     if (certPemFile != null) {
       @SuppressWarnings("unchecked")
@@ -399,6 +461,17 @@ private void verifyWatcherUpdates(String certPemFile, String rootPemFile)
     } else {
       verify(mockWatcher, never()).updateTrustedRoots(ArgumentMatchers.<X509Certificate>anyList());
     }
+    if (spiffeFile != null) {
+      @SuppressWarnings("unchecked")
+      ArgumentCaptor<Map<String, List<X509Certificate>>> spiffeCaptor =
+          ArgumentCaptor.forClass(Map.class);
+      verify(mockWatcher, times(1)).updateSpiffeTrustMap(spiffeCaptor.capture());
+      Map<String, List<X509Certificate>> trustMap = spiffeCaptor.getValue();
+      assertThat(trustMap).hasSize(2);
+      verify(mockWatcher, never()).onError(any(Status.class));
+    } else {
+      verify(mockWatcher, never()).updateSpiffeTrustMap(ArgumentMatchers.anyMap());
+    }
   }
 
   static class TestScheduledFuture<V> implements ScheduledFuture<V> {
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
index 77749814cf2..db83961cfc3 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
@@ -23,6 +23,8 @@
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
 
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import com.google.protobuf.ByteString;
 import io.envoyproxy.envoy.config.core.v3.DataSource;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
@@ -105,6 +107,46 @@ public void constructor_fromRootCert()
         .isEqualTo(CertificateUtils.toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE))[0]);
   }
 
+  @Test
+  public void constructor_fromSpiffeTrustMap()
+      throws CertificateException, IOException, CertStoreException {
+    X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE);
+    CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1",
+        "san2");
+    // Single domain and single cert
+    XdsTrustManagerFactory factory = new XdsTrustManagerFactory(ImmutableMap
+        .of("example.com", ImmutableList.of(x509Cert)), staticValidationContext);
+    assertThat(factory).isNotNull();
+    TrustManager[] tms = factory.getTrustManagers();
+    assertThat(tms).isNotNull();
+    assertThat(tms).hasLength(1);
+    TrustManager myTm = tms[0];
+    assertThat(myTm).isInstanceOf(XdsX509TrustManager.class);
+    XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) myTm;
+    assertThat(xdsX509TrustManager.getAcceptedIssuers()).isNotNull();
+    assertThat(xdsX509TrustManager.getAcceptedIssuers()).hasLength(1);
+    assertThat(xdsX509TrustManager.getAcceptedIssuers()[0].getIssuerX500Principal().getName())
+        .isEqualTo("CN=testca,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU");
+    // Multiple domains and multiple certs for one of it
+    X509Certificate anotherCert = TestUtils.loadX509Cert(CLIENT_PEM_FILE);
+    factory = new XdsTrustManagerFactory(ImmutableMap
+        .of("example.com", ImmutableList.of(x509Cert),
+            "google.com", ImmutableList.of(x509Cert, anotherCert)), staticValidationContext);
+    assertThat(factory).isNotNull();
+    tms = factory.getTrustManagers();
+    assertThat(tms).isNotNull();
+    assertThat(tms).hasLength(1);
+    myTm = tms[0];
+    assertThat(myTm).isInstanceOf(XdsX509TrustManager.class);
+    xdsX509TrustManager = (XdsX509TrustManager) myTm;
+    assertThat(xdsX509TrustManager.getAcceptedIssuers()).isNotNull();
+    assertThat(xdsX509TrustManager.getAcceptedIssuers()).hasLength(2);
+    assertThat(xdsX509TrustManager.getAcceptedIssuers()[0].getIssuerX500Principal().getName())
+        .isEqualTo("CN=testca,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU");
+    assertThat(xdsX509TrustManager.getAcceptedIssuers()[1].getIssuerX500Principal().getName())
+        .isEqualTo("CN=testca,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU");
+  }
+
   @Test
   public void constructorRootCert_checkServerTrusted()
       throws CertificateException, IOException, CertStoreException {
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
index 9ceb6f706fe..6fa3d2e7d24 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
@@ -20,7 +20,9 @@
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.BAD_SERVER_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_SPIFFE_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_SPIFFE_PEM_FILE;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.CALLS_REAL_METHODS;
 import static org.mockito.Mockito.doReturn;
@@ -30,6 +32,7 @@
 import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.type.matcher.v3.RegexMatcher;
 import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
@@ -38,6 +41,7 @@
 import java.security.cert.CertStoreException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import javax.net.ssl.SSLEngine;
@@ -537,6 +541,71 @@ public void checkServerTrustedSslEngine()
     assertThat(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
   }
 
+  @Test
+  public void checkServerTrustedSslEngineSpiffeTrustMap()
+      throws CertificateException, IOException, CertStoreException {
+    TestSslEngine sslEngine = buildTrustManagerAndGetSslEngine();
+    X509Certificate[] serverCerts =
+        CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_SPIFFE_PEM_FILE));
+    List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
+        .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
+    trustManager = XdsTrustManagerFactory.createX509TrustManager(
+        ImmutableMap.of("example.com", caCerts), null);
+    trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
+    verify(sslEngine, times(1)).getHandshakeSession();
+    assertThat(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
+  }
+
+  @Test
+  public void checkServerTrustedSslEngineSpiffeTrustMap_missing_spiffe_id()
+      throws CertificateException, IOException, CertStoreException {
+    TestSslEngine sslEngine = buildTrustManagerAndGetSslEngine();
+    X509Certificate[] serverCerts =
+        CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
+    List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
+        .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
+    trustManager = XdsTrustManagerFactory.createX509TrustManager(
+        ImmutableMap.of("example.com", caCerts), null);
+    try {
+      trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
+      fail("exception expected");
+    } catch (CertificateException expected) {
+      assertThat(expected).hasMessageThat()
+          .isEqualTo("Failed to extract SPIFFE ID from peer leaf certificate");
+    }
+  }
+
+  @Test
+  public void checkServerTrustedSpiffeSslEngineTrustMap_missing_trust_domain()
+      throws CertificateException, IOException, CertStoreException {
+    TestSslEngine sslEngine = buildTrustManagerAndGetSslEngine();
+    X509Certificate[] serverCerts =
+        CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_SPIFFE_PEM_FILE));
+    List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
+        .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
+    trustManager = XdsTrustManagerFactory.createX509TrustManager(
+        ImmutableMap.of("unknown.com", caCerts), null);
+    try {
+      trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
+      fail("exception expected");
+    } catch (CertificateException expected) {
+      assertThat(expected).hasMessageThat().isEqualTo("Spiffe Trust Map doesn't contain trust"
+          + " domain 'example.com' from peer leaf certificate");
+    }
+  }
+
+  @Test
+  public void checkClientTrustedSpiffeTrustMap()
+      throws CertificateException, IOException, CertStoreException {
+    X509Certificate[] clientCerts =
+        CertificateUtils.toX509Certificates(TlsTesting.loadCert(CLIENT_SPIFFE_PEM_FILE));
+    List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
+        .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
+    trustManager = XdsTrustManagerFactory.createX509TrustManager(
+        ImmutableMap.of("foo.bar.com", caCerts), null);
+    trustManager.checkClientTrusted(clientCerts, "RSA");
+  }
+
   @Test
   public void checkServerTrustedSslEngine_untrustedServer_expectException()
       throws CertificateException, IOException, CertStoreException {
@@ -565,6 +634,22 @@ public void checkServerTrustedSslSocket()
     assertThat(sslSocket.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
   }
 
+  @Test
+  public void checkServerTrustedSslSocketSpiffeTrustMap()
+      throws CertificateException, IOException, CertStoreException {
+    TestSslSocket sslSocket = buildTrustManagerAndGetSslSocket();
+    X509Certificate[] serverCerts =
+        CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_SPIFFE_PEM_FILE));
+    List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
+        .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
+    trustManager = XdsTrustManagerFactory.createX509TrustManager(
+        ImmutableMap.of("example.com", caCerts), null);
+    trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslSocket);
+    verify(sslSocket, times(1)).isConnected();
+    verify(sslSocket, times(1)).getHandshakeSession();
+    assertThat(sslSocket.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
+  }
+
   @Test
   public void checkServerTrustedSslSocket_untrustedServer_expectException()
       throws CertificateException, IOException, CertStoreException {

From 5081e60626d952c4ed60ecf57a85668b7b59064e Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 8 Nov 2024 13:17:24 +0530
Subject: [PATCH 080/591] xds: Replace null check with has value check because
 proto fields can never be null. (#11675)

---
 xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index a14dbe801e7..edd8a09e4ca 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -72,8 +72,8 @@ public ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoM
 
     long cacheSize = 10;
     // Validate cache_config
-    TokenCacheConfig cacheConfig = gcpAuthnProto.getCacheConfig();
-    if (cacheConfig != null) {
+    if (gcpAuthnProto.hasCacheConfig()) {
+      TokenCacheConfig cacheConfig = gcpAuthnProto.getCacheConfig();
       cacheSize = cacheConfig.getCacheSize().getValue();
       if (cacheSize == 0) {
         return ConfigOrError.fromError(

From 546efd79f1cf48aac7e5b6c9426d5fbfd7958fec Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Fri, 8 Nov 2024 10:25:49 -0800
Subject: [PATCH 081/591] s2a: fix flake in FakeS2AServerTest (#11673)

While here:
 * add an awaitTermination to after calling shutdown on server
 * don't use port picker

Fixes #11648
---
 .../handshaker/FakeS2AServerTest.java         | 42 ++++++++++---------
 1 file changed, 23 insertions(+), 19 deletions(-)

diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
index e61f8eea1a1..e1ee878b9cc 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
@@ -20,13 +20,13 @@
 import static java.util.concurrent.TimeUnit.SECONDS;
 
 import com.google.common.collect.ImmutableList;
+import com.google.common.util.concurrent.SettableFuture;
 import com.google.protobuf.ByteString;
 import io.grpc.Grpc;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.ManagedChannel;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
-import io.grpc.benchmarks.Utils;
 import io.grpc.s2a.internal.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
@@ -49,51 +49,52 @@ public final class FakeS2AServerTest {
 
   private static final ImmutableList<ByteString> FAKE_CERT_DER_CHAIN =
       ImmutableList.of(ByteString.copyFrom("fake-der-chain".getBytes(StandardCharsets.US_ASCII)));
-  private int port;
   private String serverAddress;
-  private SessionResp response = null;
   private Server fakeS2AServer;
 
   @Before
   public void setUp() throws Exception {
-    port = Utils.pickUnusedPort();
-    fakeS2AServer = ServerBuilder.forPort(port).addService(new FakeS2AServer()).build();
+    fakeS2AServer = ServerBuilder.forPort(0).addService(new FakeS2AServer()).build();
     fakeS2AServer.start();
-    serverAddress = String.format("localhost:%d", port);
+    serverAddress = String.format("localhost:%d", fakeS2AServer.getPort());
   }
 
   @After
-  public void tearDown() {
+  public void tearDown() throws Exception {
     fakeS2AServer.shutdown();
+    fakeS2AServer.awaitTermination(10, SECONDS);
   }
 
   @Test
   public void callS2AServerOnce_getTlsConfiguration_returnsValidResult()
-      throws InterruptedException, IOException {
+      throws InterruptedException, IOException, java.util.concurrent.ExecutionException {
     ExecutorService executor = Executors.newSingleThreadExecutor();
     logger.info("Client connecting to: " + serverAddress);
     ManagedChannel channel =
         Grpc.newChannelBuilder(serverAddress, InsecureChannelCredentials.create())
             .executor(executor)
             .build();
-
+    SettableFuture<SessionResp> respFuture = SettableFuture.create();
     try {
       S2AServiceGrpc.S2AServiceStub asyncStub = S2AServiceGrpc.newStub(channel);
       StreamObserver<SessionReq> requestObserver =
           asyncStub.setUpSession(
               new StreamObserver<SessionResp>() {
+                SessionResp recvResp;
                 @Override
                 public void onNext(SessionResp resp) {
-                  response = resp;
+                  recvResp = resp;
                 }
 
                 @Override
                 public void onError(Throwable t) {
-                  throw new RuntimeException(t);
+                  respFuture.setException(t);
                 }
 
                 @Override
-                public void onCompleted() {}
+                public void onCompleted() {
+                  respFuture.set(recvResp);
+                }
               });
       try {
         requestObserver.onNext(
@@ -138,36 +139,39 @@ public void onCompleted() {}
                             .addCiphersuites(
                                 Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
             .build();
-    assertThat(response).ignoringRepeatedFieldOrder().isEqualTo(expected);
+    assertThat(respFuture.get()).ignoringRepeatedFieldOrder().isEqualTo(expected);
   }
 
   @Test
   public void callS2AServerOnce_validatePeerCertifiate_returnsValidResult()
-      throws InterruptedException {
+      throws InterruptedException, java.util.concurrent.ExecutionException {
     ExecutorService executor = Executors.newSingleThreadExecutor();
     logger.info("Client connecting to: " + serverAddress);
     ManagedChannel channel =
         Grpc.newChannelBuilder(serverAddress, InsecureChannelCredentials.create())
             .executor(executor)
             .build();
-
+    SettableFuture<SessionResp> respFuture = SettableFuture.create();
     try {
       S2AServiceGrpc.S2AServiceStub asyncStub = S2AServiceGrpc.newStub(channel);
       StreamObserver<SessionReq> requestObserver =
           asyncStub.setUpSession(
               new StreamObserver<SessionResp>() {
+                private SessionResp recvResp;
                 @Override
                 public void onNext(SessionResp resp) {
-                  response = resp;
+                  recvResp = resp;
                 }
 
                 @Override
                 public void onError(Throwable t) {
-                  throw new RuntimeException(t);
+                  respFuture.setException(t);
                 }
 
                 @Override
-                public void onCompleted() {}
+                public void onCompleted() {
+                  respFuture.set(recvResp);
+                }
               });
       try {
         requestObserver.onNext(
@@ -200,7 +204,7 @@ public void onCompleted() {}
                 ValidatePeerCertificateChainResp.newBuilder()
                     .setValidationResult(ValidatePeerCertificateChainResp.ValidationResult.SUCCESS))
             .build();
-    assertThat(response).ignoringRepeatedFieldOrder().isEqualTo(expected);
+    assertThat(respFuture.get()).ignoringRepeatedFieldOrder().isEqualTo(expected);
   }
 
   @Test

From 8237ae270adf6c9e0a56156e40cf3ae1357c6f2c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sun, 10 Nov 2024 13:01:12 -0800
Subject: [PATCH 082/591] util: Remove EAG conveniences from MultiChildLb

This is a step toward removing ResolvedAddresses from ChildLbState,
which isn't actually used by MultiChildLb. Most usages of the EAG usages
can be served more directly without peering into MultiChildLb's
internals or even accessing ChildLbStates, which make the tests less
sensitive to implementation changes. Some changes do leverage the new
behavior of MultiChildLb where it preserves the order of the entries.

This does fix an important bug in shutdown tests. The tests looped over
the ChildLbStates after shutdown, but shutdown deleted all the children
so it looped over an entry collection. Fixing that exposed that
deliverSubchannelState() didn't function after shutdown, as the listener
was removed from the map when the subchannel was shut down. Moving the
listener onto the TestSubchannel allowed having access to the listener
even after shutdown.

A few places in LeastRequestLb lines were just deleted, but that's
because an existing assertion already provided the same check but
without digging into MultiChildLb.
---
 .../io/grpc/util/MultiChildLoadBalancer.java  |  23 ---
 .../grpc/util/MultiChildLoadBalancerTest.java |  32 ++--
 .../grpc/util/RoundRobinLoadBalancerTest.java |  53 ++-----
 .../java/io/grpc/util/AbstractTestHelper.java |  42 ++---
 .../io/grpc/xds/LeastRequestLoadBalancer.java |   9 --
 .../xds/LeastRequestLoadBalancerTest.java     |  66 +++-----
 .../io/grpc/xds/RingHashLoadBalancerTest.java |   7 +-
 .../WeightedRoundRobinLoadBalancerTest.java   | 145 ++++++++----------
 8 files changed, 134 insertions(+), 243 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
index 3e56f41d038..36a480f63c2 100644
--- a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
@@ -24,7 +24,6 @@
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Objects;
 import com.google.common.collect.Maps;
 import io.grpc.Attributes;
 import io.grpc.ConnectivityState;
@@ -237,21 +236,6 @@ public final Collection<ChildLbState> getChildLbStates() {
     return childLbStates;
   }
 
-  @VisibleForTesting
-  public final ChildLbState getChildLbState(Object key) {
-    for (ChildLbState state : childLbStates) {
-      if (Objects.equal(state.getKey(), key)) {
-        return state;
-      }
-    }
-    return null;
-  }
-
-  @VisibleForTesting
-  public final ChildLbState getChildLbStateEag(EquivalentAddressGroup eag) {
-    return getChildLbState(new Endpoint(eag));
-  }
-
   /**
    * Filters out non-ready child load balancers (subchannels).
    */
@@ -337,13 +321,6 @@ protected final void setCurrentPicker(SubchannelPicker newPicker) {
       currentPicker = newPicker;
     }
 
-    public final EquivalentAddressGroup getEag() {
-      if (resolvedAddresses == null || resolvedAddresses.getAddresses().isEmpty()) {
-        return null;
-      }
-      return resolvedAddresses.getAddresses().get(0);
-    }
-
     protected final void setResolvedAddresses(ResolvedAddresses newAddresses) {
       checkNotNull(newAddresses, "Missing address list for child");
       resolvedAddresses = newAddresses;
diff --git a/util/src/test/java/io/grpc/util/MultiChildLoadBalancerTest.java b/util/src/test/java/io/grpc/util/MultiChildLoadBalancerTest.java
index 6bfd6d7a659..c128364dfd3 100644
--- a/util/src/test/java/io/grpc/util/MultiChildLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/MultiChildLoadBalancerTest.java
@@ -52,7 +52,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
-import java.util.stream.Collectors;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -153,8 +152,7 @@ public void pickAfterResolvedUpdatedHosts() {
     LoadBalancer.Subchannel removedSubchannel = getSubchannel(removedEag);
     LoadBalancer.Subchannel oldSubchannel = getSubchannel(oldEag1);
     LoadBalancer.SubchannelStateListener removedListener =
-        testHelperInst.getSubchannelStateListeners()
-            .get(testHelperInst.getRealForMockSubChannel(removedSubchannel));
+        testHelperInst.getSubchannelStateListener(removedSubchannel);
 
     inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
 
@@ -168,8 +166,6 @@ public void pickAfterResolvedUpdatedHosts() {
     verify(removedSubchannel, times(1)).requestConnection();
     verify(oldSubchannel, times(1)).requestConnection();
 
-    assertThat(getChildEags(loadBalancer)).containsExactly(removedEag, oldEag1);
-
     // This time with Attributes
     List<EquivalentAddressGroup> latestServers = Lists.newArrayList(oldEag2, newEag);
 
@@ -186,10 +182,10 @@ public void pickAfterResolvedUpdatedHosts() {
     removedListener.onSubchannelState(ConnectivityStateInfo.forNonError(SHUTDOWN));
     deliverSubchannelState(newSubchannel, ConnectivityStateInfo.forNonError(READY));
 
-    assertThat(getChildEags(loadBalancer)).containsExactly(oldEag2, newEag);
-
     verify(mockHelper, times(3)).createSubchannel(any(LoadBalancer.CreateSubchannelArgs.class));
     inOrder.verify(mockHelper, times(2)).updateBalancingState(eq(READY), pickerCaptor.capture());
+    picker = pickerCaptor.getValue();
+    assertThat(getList(picker)).containsExactly(oldSubchannel, newSubchannel);
 
     AbstractTestHelper.verifyNoMoreMeaningfulInteractions(mockHelper);
   }
@@ -328,12 +324,6 @@ private LoadBalancer.Subchannel getSubchannel(EquivalentAddressGroup eag) {
     return null;
   }
 
-  private static List<Object> getChildEags(MultiChildLoadBalancer loadBalancer) {
-    return loadBalancer.getChildLbStates().stream()
-        .map(ChildLbState::getEag)
-        .collect(Collectors.toList());
-  }
-
   private void deliverSubchannelState(LoadBalancer.Subchannel subchannel,
                                       ConnectivityStateInfo newState) {
     testHelperInst.deliverSubchannelState(subchannel, newState);
@@ -348,13 +338,16 @@ protected TestLb(Helper mockHelper) {
     protected void updateOverallBalancingState() {
       ConnectivityState overallState = null;
       final Map<Object, SubchannelPicker> childPickers = new HashMap<>();
+      final Map<Object, ConnectivityState> childConnStates = new HashMap<>();
       for (ChildLbState childLbState : getChildLbStates()) {
         childPickers.put(childLbState.getKey(), childLbState.getCurrentPicker());
+        childConnStates.put(childLbState.getKey(), childLbState.getCurrentState());
         overallState = aggregateState(overallState, childLbState.getCurrentState());
       }
 
       if (overallState != null) {
-        getHelper().updateBalancingState(overallState, new TestSubchannelPicker(childPickers));
+        getHelper().updateBalancingState(
+            overallState, new TestSubchannelPicker(childPickers, childConnStates));
         currentConnectivityState = overallState;
       }
 
@@ -364,18 +357,17 @@ private class TestSubchannelPicker extends SubchannelPicker {
       Map<Object, SubchannelPicker> childPickerMap;
       Map<Object, ConnectivityState> childStates = new HashMap<>();
 
-      TestSubchannelPicker(Map<Object, SubchannelPicker> childPickers) {
-        childPickerMap = childPickers;
-        for (Object key : childPickerMap.keySet()) {
-          childStates.put(key, getChildLbState(key).getCurrentState());
-        }
+      TestSubchannelPicker(
+          Map<Object, SubchannelPicker> childPickers, Map<Object, ConnectivityState> childStates) {
+        this.childPickerMap = childPickers;
+        this.childStates = childStates;
       }
 
       List<Subchannel>  getReadySubchannels() {
         List<Subchannel> readySubchannels = new ArrayList<>();
         for ( Map.Entry<Object, ConnectivityState> cur : childStates.entrySet()) {
           if (cur.getValue() == READY) {
-            Subchannel s = subchannels.get(Arrays.asList(getChildLbState(cur.getKey()).getEag()));
+            Subchannel s = childPickerMap.get(cur.getKey()).pickSubchannel(null).getSubchannel();
             readySubchannels.add(s);
           }
         }
diff --git a/util/src/test/java/io/grpc/util/RoundRobinLoadBalancerTest.java b/util/src/test/java/io/grpc/util/RoundRobinLoadBalancerTest.java
index 743bbbef796..0201fb578e9 100644
--- a/util/src/test/java/io/grpc/util/RoundRobinLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/RoundRobinLoadBalancerTest.java
@@ -61,7 +61,6 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -207,10 +206,6 @@ public void pickAfterResolvedUpdatedHosts() throws Exception {
       assertThat(childLbState.getResolvedAddresses().getAttributes().get(IS_PETIOLE_POLICY))
           .isTrue();
     }
-    assertThat(loadBalancer.getChildLbStateEag(removedEag).getCurrentPicker().pickSubchannel(null)
-        .getSubchannel()).isEqualTo(removedSubchannel);
-    assertThat(loadBalancer.getChildLbStateEag(oldEag1).getCurrentPicker().pickSubchannel(null)
-        .getSubchannel()).isEqualTo(oldSubchannel);
 
     // This time with Attributes
     List<EquivalentAddressGroup> latestServers = Lists.newArrayList(oldEag2, newEag);
@@ -225,12 +220,6 @@ public void pickAfterResolvedUpdatedHosts() throws Exception {
 
     deliverSubchannelState(newSubchannel, ConnectivityStateInfo.forNonError(READY));
 
-    assertThat(loadBalancer.getChildLbStates().size()).isEqualTo(2);
-    assertThat(loadBalancer.getChildLbStateEag(newEag).getCurrentPicker()
-        .pickSubchannel(null).getSubchannel()).isEqualTo(newSubchannel);
-    assertThat(loadBalancer.getChildLbStateEag(oldEag2).getCurrentPicker()
-        .pickSubchannel(null).getSubchannel()).isEqualTo(oldSubchannel);
-
     verify(mockHelper, times(6)).createSubchannel(any(CreateSubchannelArgs.class));
     inOrder.verify(mockHelper, times(2)).updateBalancingState(eq(READY), pickerCaptor.capture());
 
@@ -243,35 +232,35 @@ public void pickAfterResolvedUpdatedHosts() throws Exception {
   @Test
   public void pickAfterStateChange() throws Exception {
     InOrder inOrder = inOrder(mockHelper);
-    Status addressesAcceptanceStatus = acceptAddresses(servers, Attributes.EMPTY);
+    Status addressesAcceptanceStatus =
+        acceptAddresses(Arrays.asList(servers.get(0)), Attributes.EMPTY);
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
+    inOrder.verify(mockHelper).createSubchannel(any(CreateSubchannelArgs.class));
 
     // TODO figure out if this method testing the right things
 
-    ChildLbState childLbState = loadBalancer.getChildLbStates().iterator().next();
-    Subchannel subchannel = subchannels.get(Arrays.asList(childLbState.getEag()));
+    assertThat(subchannels).hasSize(1);
+    Subchannel subchannel = subchannels.values().iterator().next();
 
     inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), eq(EMPTY_PICKER));
-    assertThat(childLbState.getCurrentState()).isEqualTo(CONNECTING);
 
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
     inOrder.verify(mockHelper).updateBalancingState(eq(READY), pickerCaptor.capture());
     assertThat(pickerCaptor.getValue()).isInstanceOf(ReadyPicker.class);
-    assertThat(childLbState.getCurrentState()).isEqualTo(READY);
 
     Status error = Status.UNKNOWN.withDescription("¯\\_(ツ)_//¯");
     deliverSubchannelState(subchannel,
         ConnectivityStateInfo.forTransientFailure(error));
-    assertThat(childLbState.getCurrentState()).isEqualTo(TRANSIENT_FAILURE);
-    AbstractTestHelper.refreshInvokedAndUpdateBS(inOrder, CONNECTING, mockHelper, pickerCaptor);
-    assertThat(pickerCaptor.getValue()).isEqualTo(EMPTY_PICKER);
+    AbstractTestHelper.refreshInvokedAndUpdateBS(
+        inOrder, TRANSIENT_FAILURE, mockHelper, pickerCaptor);
+    assertThat(pickerCaptor.getValue().pickSubchannel(mockArgs).getStatus()).isEqualTo(error);
 
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(IDLE));
     inOrder.verify(mockHelper).refreshNameResolution();
-    assertThat(childLbState.getCurrentState()).isEqualTo(TRANSIENT_FAILURE);
+    inOrder.verify(mockHelper, never())
+        .updateBalancingState(eq(TRANSIENT_FAILURE), any(SubchannelPicker.class));
 
     verify(subchannel, atLeastOnce()).requestConnection();
-    verify(mockHelper, times(3)).createSubchannel(any(CreateSubchannelArgs.class));
     AbstractTestHelper.verifyNoMoreMeaningfulInteractions(mockHelper);
   }
 
@@ -282,10 +271,10 @@ public void ignoreShutdownSubchannelStateChange() {
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
     inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), eq(EMPTY_PICKER));
 
+    List<Subchannel> savedSubchannels = new ArrayList<>(subchannels.values());
     loadBalancer.shutdown();
-    for (ChildLbState child : loadBalancer.getChildLbStates()) {
-      Subchannel sc = child.getCurrentPicker().pickSubchannel(null).getSubchannel();
-      verify(child).shutdown();
+    for (Subchannel sc : savedSubchannels) {
+      verify(sc).shutdown();
       // When the subchannel is being shut down, a SHUTDOWN connectivity state is delivered
       // back to the subchannel state listener.
       deliverSubchannelState(sc, ConnectivityStateInfo.forNonError(SHUTDOWN));
@@ -300,34 +289,27 @@ public void stayTransientFailureUntilReady() {
     Status addressesAcceptanceStatus = acceptAddresses(servers, Attributes.EMPTY);
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
 
+    inOrder.verify(mockHelper, times(3)).createSubchannel(any(CreateSubchannelArgs.class));
     inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), eq(EMPTY_PICKER));
 
-    Map<ChildLbState, Subchannel> childToSubChannelMap = new HashMap<>();
     // Simulate state transitions for each subchannel individually.
-    for ( ChildLbState child : loadBalancer.getChildLbStates()) {
-      Subchannel sc = subchannels.get(Arrays.asList(child.getEag()));
-      childToSubChannelMap.put(child, sc);
+    for (Subchannel sc : subchannels.values()) {
       Status error = Status.UNKNOWN.withDescription("connection broken");
       deliverSubchannelState(
           sc,
           ConnectivityStateInfo.forTransientFailure(error));
-      assertEquals(TRANSIENT_FAILURE, child.getCurrentState());
       deliverSubchannelState(
           sc,
           ConnectivityStateInfo.forNonError(CONNECTING));
-      assertEquals(TRANSIENT_FAILURE, child.getCurrentState());
     }
     inOrder.verify(mockHelper).updateBalancingState(eq(TRANSIENT_FAILURE), isA(ReadyPicker.class));
     inOrder.verify(mockHelper, atLeast(0)).refreshNameResolution();
     inOrder.verifyNoMoreInteractions();
 
-    ChildLbState child = loadBalancer.getChildLbStates().iterator().next();
-    Subchannel subchannel = childToSubChannelMap.get(child);
+    Subchannel subchannel = subchannels.values().iterator().next();
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
-    assertThat(child.getCurrentState()).isEqualTo(READY);
     inOrder.verify(mockHelper).updateBalancingState(eq(READY), isA(ReadyPicker.class));
 
-    verify(mockHelper, times(3)).createSubchannel(any(CreateSubchannelArgs.class));
     inOrder.verify(mockHelper, atLeast(0)).refreshNameResolution();
     inOrder.verifyNoMoreInteractions();
   }
@@ -342,8 +324,7 @@ public void refreshNameResolutionWhenSubchannelConnectionBroken() {
     inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), eq(EMPTY_PICKER));
 
     // Simulate state transitions for each subchannel individually.
-    for (ChildLbState child : loadBalancer.getChildLbStates()) {
-      Subchannel sc = subchannels.get(Arrays.asList(child.getEag()));
+    for (Subchannel sc : subchannels.values()) {
       verify(sc).requestConnection();
       deliverSubchannelState(sc, ConnectivityStateInfo.forNonError(CONNECTING));
       Status error = Status.UNKNOWN.withDescription("connection broken");
diff --git a/util/src/testFixtures/java/io/grpc/util/AbstractTestHelper.java b/util/src/testFixtures/java/io/grpc/util/AbstractTestHelper.java
index bbf2d5efe9f..837dc68c057 100644
--- a/util/src/testFixtures/java/io/grpc/util/AbstractTestHelper.java
+++ b/util/src/testFixtures/java/io/grpc/util/AbstractTestHelper.java
@@ -16,6 +16,7 @@
 
 package io.grpc.util;
 
+import static com.google.common.base.Preconditions.checkNotNull;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.atLeast;
@@ -23,7 +24,6 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 
-import com.google.common.collect.Maps;
 import io.grpc.Attributes;
 import io.grpc.Channel;
 import io.grpc.ChannelLogger;
@@ -63,10 +63,8 @@
  */
 public abstract class AbstractTestHelper extends ForwardingLoadBalancerHelper {
 
-  private final Map<Subchannel, Subchannel> mockToRealSubChannelMap = new HashMap<>();
+  private final Map<Subchannel, TestSubchannel> mockToRealSubChannelMap = new HashMap<>();
   protected final Map<Subchannel, Subchannel> realToMockSubChannelMap = new HashMap<>();
-  private final Map<Subchannel, SubchannelStateListener> subchannelStateListeners =
-      Maps.newLinkedHashMap();
   private final FakeClock fakeClock;
   private final SynchronizationContext syncContext;
 
@@ -87,22 +85,14 @@ public AbstractTestHelper(FakeClock fakeClock, SynchronizationContext syncContex
     this.syncContext = syncContext;
   }
 
-  public Map<Subchannel, Subchannel> getMockToRealSubChannelMap() {
-    return mockToRealSubChannelMap;
-  }
-
-  public Subchannel getRealForMockSubChannel(Subchannel mock) {
-    Subchannel realSc = getMockToRealSubChannelMap().get(mock);
+  private TestSubchannel getRealForMockSubChannel(Subchannel mock) {
+    TestSubchannel realSc = mockToRealSubChannelMap.get(mock);
     if (realSc == null) {
-      realSc = mock;
+      realSc = (TestSubchannel) mock;
     }
     return realSc;
   }
 
-  public Map<Subchannel, SubchannelStateListener> getSubchannelStateListeners() {
-    return subchannelStateListeners;
-  }
-
   public static final FakeClock.TaskFilter NOT_START_NEXT_CONNECTION =
       new FakeClock.TaskFilter() {
         @Override
@@ -116,15 +106,15 @@ public static int getNumFilteredPendingTasks(FakeClock fakeClock) {
   }
 
   public void deliverSubchannelState(Subchannel subchannel, ConnectivityStateInfo newState) {
-    Subchannel realSc = getMockToRealSubChannelMap().get(subchannel);
-    if (realSc == null) {
-      realSc = subchannel;
-    }
-    SubchannelStateListener listener = getSubchannelStateListeners().get(realSc);
+    getSubchannelStateListener(subchannel).onSubchannelState(newState);
+  }
+
+  public SubchannelStateListener getSubchannelStateListener(Subchannel subchannel) {
+    SubchannelStateListener listener = getRealForMockSubChannel(subchannel).listener;
     if (listener == null) {
-      throw new IllegalArgumentException("subchannel does not have a matching listener");
+      throw new IllegalArgumentException("subchannel has not been started");
     }
-    listener.onSubchannelState(newState);
+    return listener;
   }
 
   @Override
@@ -144,7 +134,7 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
       TestSubchannel delegate = createRealSubchannel(args);
       subchannel = mock(Subchannel.class, delegatesTo(delegate));
       getSubchannelMap().put(args.getAddresses(), subchannel);
-      getMockToRealSubChannelMap().put(subchannel, delegate);
+      mockToRealSubChannelMap.put(subchannel, delegate);
       realToMockSubChannelMap.put(delegate, subchannel);
     }
 
@@ -161,7 +151,7 @@ public void refreshNameResolution() {
   }
 
   public void setChannel(Subchannel subchannel, Channel channel) {
-    ((TestSubchannel)subchannel).channel = channel;
+    getRealForMockSubChannel(subchannel).channel = channel;
   }
 
   @Override
@@ -208,6 +198,7 @@ public static void verifyNoMoreMeaningfulInteractions(Helper helper, InOrder inO
 
   protected class TestSubchannel extends ForwardingSubchannel {
     CreateSubchannelArgs args;
+    SubchannelStateListener listener;
     Channel channel;
 
     public TestSubchannel(CreateSubchannelArgs args) {
@@ -250,12 +241,11 @@ public void updateAddresses(List<EquivalentAddressGroup> addrs) {
 
     @Override
     public void start(SubchannelStateListener listener) {
-      getSubchannelStateListeners().put(this, listener);
+      this.listener = checkNotNull(listener, "listener");
     }
 
     @Override
     public void shutdown() {
-      getSubchannelStateListeners().remove(this);
       for (EquivalentAddressGroup eag : getAllAddresses()) {
         getSubchannelMap().remove(Collections.singletonList(eag));
       }
diff --git a/xds/src/main/java/io/grpc/xds/LeastRequestLoadBalancer.java b/xds/src/main/java/io/grpc/xds/LeastRequestLoadBalancer.java
index 6c13530ff49..dda2ad177e6 100644
--- a/xds/src/main/java/io/grpc/xds/LeastRequestLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/LeastRequestLoadBalancer.java
@@ -32,7 +32,6 @@
 import io.grpc.ClientStreamTracer;
 import io.grpc.ClientStreamTracer.StreamInfo;
 import io.grpc.ConnectivityState;
-import io.grpc.EquivalentAddressGroup;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancerProvider;
 import io.grpc.Metadata;
@@ -155,7 +154,6 @@ private static AtomicInteger getInFlights(ChildLbState childLbState) {
   static final class ReadyPicker extends SubchannelPicker {
     private final List<SubchannelPicker> childPickers; // non-empty
     private final List<AtomicInteger> childInFlights; // 1:1 with childPickers
-    private final List<EquivalentAddressGroup> childEags; // 1:1 with childPickers
     private final int choiceCount;
     private final ThreadSafeRandom random;
     private final int hashCode;
@@ -164,11 +162,9 @@ static final class ReadyPicker extends SubchannelPicker {
       checkArgument(!childLbStates.isEmpty(), "empty list");
       this.childPickers = new ArrayList<>(childLbStates.size());
       this.childInFlights = new ArrayList<>(childLbStates.size());
-      this.childEags = new ArrayList<>(childLbStates.size());
       for (ChildLbState state : childLbStates) {
         childPickers.add(state.getCurrentPicker());
         childInFlights.add(getInFlights(state));
-        childEags.add(state.getEag());
       }
       this.choiceCount = choiceCount;
       this.random = checkNotNull(random, "random");
@@ -224,11 +220,6 @@ List<SubchannelPicker> getChildPickers() {
       return childPickers;
     }
 
-    @VisibleForTesting
-    List<EquivalentAddressGroup> getChildEags() {
-      return childEags;
-    }
-
     @Override
     public int hashCode() {
       return hashCode;
diff --git a/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
index 64e18465597..6fb6507fa4e 100644
--- a/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
@@ -186,8 +186,7 @@ public void pickAfterResolvedUpdatedHosts() throws Exception {
     Subchannel removedSubchannel = getSubchannel(removedEag);
     Subchannel oldSubchannel = getSubchannel(oldEag1);
     SubchannelStateListener removedListener =
-        testHelperInstance.getSubchannelStateListeners()
-            .get(testHelperInstance.getRealForMockSubChannel(removedSubchannel));
+        testHelperInstance.getSubchannelStateListener(removedSubchannel);
 
     inOrder.verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
 
@@ -201,8 +200,6 @@ public void pickAfterResolvedUpdatedHosts() throws Exception {
     verify(removedSubchannel, times(1)).requestConnection();
     verify(oldSubchannel, times(1)).requestConnection();
 
-    assertThat(getChildEags(loadBalancer)).containsExactly(removedEag, oldEag1);
-
     // This time with Attributes
     List<EquivalentAddressGroup> latestServers = Lists.newArrayList(oldEag2, newEag);
 
@@ -219,8 +216,6 @@ public void pickAfterResolvedUpdatedHosts() throws Exception {
     removedListener.onSubchannelState(ConnectivityStateInfo.forNonError(SHUTDOWN));
     deliverSubchannelState(newSubchannel, ConnectivityStateInfo.forNonError(READY));
 
-    assertThat(getChildEags(loadBalancer)).containsExactly(oldEag2, newEag);
-
     verify(helper, times(3)).createSubchannel(any(CreateSubchannelArgs.class));
     inOrder.verify(helper, times(2)).updateBalancingState(eq(READY), pickerCaptor.capture());
 
@@ -233,28 +228,6 @@ private Subchannel getSubchannel(EquivalentAddressGroup removedEag) {
     return subchannels.get(Collections.singletonList(removedEag));
   }
 
-  private Subchannel getSubchannel(ChildLbState childLbState) {
-    return subchannels.get(Collections.singletonList(childLbState.getEag()));
-  }
-
-  private static List<Object> getChildEags(LeastRequestLoadBalancer loadBalancer) {
-    return loadBalancer.getChildLbStates().stream()
-        .map(ChildLbState::getEag)
-        // .map(EquivalentAddressGroup::getAddresses)
-        .collect(Collectors.toList());
-  }
-
-  private List<Subchannel> getSubchannels(LeastRequestLoadBalancer lb) {
-    return lb.getChildLbStates().stream()
-        .map(this::getSubchannel)
-        .collect(Collectors.toList());
-  }
-
-  private LeastRequestLbState getChildLbState(PickResult pickResult) {
-    EquivalentAddressGroup eag = pickResult.getSubchannel().getAddresses();
-    return (LeastRequestLbState) loadBalancer.getChildLbStateEag(eag);
-  }
-
   @Test
   public void pickAfterStateChange() throws Exception {
     InOrder inOrder = inOrder(helper);
@@ -263,7 +236,7 @@ public void pickAfterStateChange() throws Exception {
             .build());
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
     ChildLbState childLbState = loadBalancer.getChildLbStates().iterator().next();
-    Subchannel subchannel = getSubchannel(childLbState);
+    Subchannel subchannel = getSubchannel(servers.get(0));
 
     inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
     assertThat(childLbState.getCurrentState()).isEqualTo(CONNECTING);
@@ -331,8 +304,9 @@ public void ignoreShutdownSubchannelStateChange() {
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
     inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
 
+    List<Subchannel> savedSubchannels = new ArrayList<>(subchannels.values());
     loadBalancer.shutdown();
-    for (Subchannel sc : getSubchannels(loadBalancer)) {
+    for (Subchannel sc : savedSubchannels) {
       verify(sc).shutdown();
       // When the subchannel is being shut down, a SHUTDOWN connectivity state is delivered
       // back to the subchannel state listener.
@@ -353,8 +327,10 @@ public void stayTransientFailureUntilReady() {
     inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
 
     // Simulate state transitions for each subchannel individually.
-    for (ChildLbState childLbState : loadBalancer.getChildLbStates()) {
-      Subchannel sc = getSubchannel(childLbState);
+    List<ChildLbState> children = new ArrayList<>(loadBalancer.getChildLbStates());
+    for (int i = 0; i < children.size(); i++) {
+      ChildLbState childLbState = children.get(i);
+      Subchannel sc = getSubchannel(servers.get(i));
       Status error = Status.UNKNOWN.withDescription("connection broken");
       deliverSubchannelState(sc, ConnectivityStateInfo.forTransientFailure(error));
       deliverSubchannelState(sc, ConnectivityStateInfo.forNonError(CONNECTING));
@@ -369,7 +345,7 @@ public void stayTransientFailureUntilReady() {
     inOrder.verifyNoMoreInteractions();
 
     ChildLbState childLbState = loadBalancer.getChildLbStates().iterator().next();
-    Subchannel subchannel = getSubchannel(childLbState);
+    Subchannel subchannel = getSubchannel(servers.get(0));
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
     assertThat(childLbState.getCurrentState()).isEqualTo(READY);
     inOrder.verify(helper).updateBalancingState(eq(READY), isA(ReadyPicker.class));
@@ -411,7 +387,7 @@ public void refreshNameResolutionWhenSubchannelConnectionBroken() {
     inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
 
     // Simulate state transitions for each subchannel individually.
-    for (Subchannel sc : getSubchannels(loadBalancer)) {
+    for (Subchannel sc : subchannels.values()) {
       verify(sc).requestConnection();
       deliverSubchannelState(sc, ConnectivityStateInfo.forNonError(CONNECTING));
       Status error = Status.UNKNOWN.withDescription("connection broken");
@@ -449,8 +425,8 @@ public void pickerLeastRequest() throws Exception {
           ((LeastRequestLbState) childLbStates.get(i)).getActiveRequests());
     }
 
-    for (ChildLbState cs : childLbStates) {
-      deliverSubchannelState(getSubchannel(cs), ConnectivityStateInfo.forNonError(READY));
+    for (Subchannel sc : subchannels.values()) {
+      deliverSubchannelState(sc, ConnectivityStateInfo.forNonError(READY));
     }
 
     // Capture the active ReadyPicker once all subchannels are READY
@@ -460,37 +436,37 @@ public void pickerLeastRequest() throws Exception {
 
     ReadyPicker picker = (ReadyPicker) pickerCaptor.getValue();
 
-    assertThat(picker.getChildEags())
-        .containsExactlyElementsIn(childLbStates.stream().map(ChildLbState::getEag).toArray());
+    assertThat(picker.getChildPickers()).containsExactlyElementsIn(
+        childLbStates.stream().map(ChildLbState::getCurrentPicker).toArray());
 
     // Make random return 0, then 2 for the sample indexes.
     when(mockRandom.nextInt(childLbStates.size())).thenReturn(0, 2);
     PickResult pickResult1 = picker.pickSubchannel(mockArgs);
     verify(mockRandom, times(choiceCount)).nextInt(childLbStates.size());
-    assertEquals(childLbStates.get(0), getChildLbState(pickResult1));
+    assertThat(pickResult1.getSubchannel()).isEqualTo(getSubchannel(servers.get(0)));
     // This simulates sending the actual RPC on the picked channel
     ClientStreamTracer streamTracer1 =
         pickResult1.getStreamTracerFactory()
             .newClientStreamTracer(StreamInfo.newBuilder().build(), new Metadata());
     streamTracer1.streamCreated(Attributes.EMPTY, new Metadata());
-    assertEquals(1, getChildLbState(pickResult1).getActiveRequests());
+    assertEquals(1, ((LeastRequestLbState) childLbStates.get(0)).getActiveRequests());
 
     // For the second pick it should pick the one with lower inFlight.
     when(mockRandom.nextInt(childLbStates.size())).thenReturn(0, 2);
     PickResult pickResult2 = picker.pickSubchannel(mockArgs);
     // Since this is the second pick we expect the total random samples to be choiceCount * 2
     verify(mockRandom, times(choiceCount * 2)).nextInt(childLbStates.size());
-    assertEquals(childLbStates.get(2), getChildLbState(pickResult2));
+    assertThat(pickResult2.getSubchannel()).isEqualTo(getSubchannel(servers.get(2)));
 
     // For the third pick we unavoidably pick subchannel with index 1.
     when(mockRandom.nextInt(childLbStates.size())).thenReturn(1, 1);
     PickResult pickResult3 = picker.pickSubchannel(mockArgs);
     verify(mockRandom, times(choiceCount * 3)).nextInt(childLbStates.size());
-    assertEquals(childLbStates.get(1), getChildLbState(pickResult3));
+    assertThat(pickResult3.getSubchannel()).isEqualTo(getSubchannel(servers.get(1)));
 
     // Finally ensure a finished RPC decreases inFlight
     streamTracer1.streamClosed(Status.OK);
-    assertEquals(0, getChildLbState(pickResult1).getActiveRequests());
+    assertEquals(0, ((LeastRequestLbState) childLbStates.get(0)).getActiveRequests());
   }
 
   @Test
@@ -648,8 +624,8 @@ public void emptyAddresses() {
 
   private List<Subchannel> getList(SubchannelPicker picker) {
     if (picker instanceof ReadyPicker) {
-      return ((ReadyPicker) picker).getChildEags().stream()
-          .map(this::getSubchannel)
+      return ((ReadyPicker) picker).getChildPickers().stream()
+          .map((p) -> p.pickSubchannel(mockArgs).getSubchannel())
           .collect(Collectors.toList());
     } else {
       return Collections.emptyList();
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
index dd7de3691a7..4afe440c90e 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
@@ -177,13 +177,12 @@ public void subchannelNotAutoReconnectAfterReenteringIdle() {
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
     verify(helper).updateBalancingState(eq(IDLE), pickerCaptor.capture());
 
-    ChildLbState childLbState = loadBalancer.getChildLbStates().iterator().next();
-    assertThat(subchannels.get(Collections.singletonList(childLbState.getEag()))).isNull();
+    assertThat(subchannels).isEmpty();
 
     // Picking subchannel triggers connection.
     PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
     pickerCaptor.getValue().pickSubchannel(args);
-    Subchannel subchannel = subchannels.get(Collections.singletonList(childLbState.getEag()));
+    Subchannel subchannel = subchannels.get(Collections.singletonList(servers.get(0)));
     InOrder inOrder = Mockito.inOrder(helper, subchannel);
     int expectedTimes = PickFirstLoadBalancerProvider.isEnabledHappyEyeballs()
                             || !PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 2 : 1;
@@ -422,7 +421,7 @@ public void skipFailingHosts_pickNextNonFailingHost() {
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
 
     // Create subchannel for the first address
-    loadBalancer.getChildLbStateEag(servers.get(0)).getCurrentPicker()
+    loadBalancer.getChildLbStates().iterator().next().getCurrentPicker()
         .pickSubchannel(getDefaultPickSubchannelArgs(hashFunc.hashVoid()));
     verifyConnection(1);
 
diff --git a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
index 05ad1f56ece..9ab783223d9 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
@@ -40,6 +40,7 @@
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
+import io.grpc.ClientStreamTracer;
 import io.grpc.ConnectivityState;
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.DoubleHistogramMetricInstrument;
@@ -68,6 +69,7 @@
 import io.grpc.internal.PickFirstLoadBalancerProvider;
 import io.grpc.internal.TestUtils;
 import io.grpc.internal.testing.StreamRecorder;
+import io.grpc.protobuf.ProtoUtils;
 import io.grpc.services.InternalCallMetricRecorder;
 import io.grpc.services.MetricReport;
 import io.grpc.stub.ClientCalls;
@@ -130,9 +132,6 @@ public class WeightedRoundRobinLoadBalancerTest {
 
   private final List<EquivalentAddressGroup> servers = Lists.newArrayList();
   private final Map<List<EquivalentAddressGroup>, Subchannel> subchannels = Maps.newLinkedHashMap();
-  private final Map<Subchannel, Subchannel> mockToRealSubChannelMap = new HashMap<>();
-  private final Map<Subchannel, SubchannelStateListener> subchannelStateListeners =
-        Maps.newLinkedHashMap();
 
   private final Queue<ClientCall<OrcaLoadReportRequest, OrcaLoadReport>> oobCalls =
           new ConcurrentLinkedQueue<>();
@@ -188,7 +187,7 @@ public ClientCall<OrcaLoadReportRequest, OrcaLoadReport> answer(
               return clientCall;
             }
           });
-      testHelperInstance.setChannel(mockToRealSubChannelMap.get(sc), channel);
+      testHelperInstance.setChannel(sc, channel);
       subchannels.put(Arrays.asList(eag), sc);
     }
     wrr = new WeightedRoundRobinLoadBalancer(helper, fakeClock.getDeadlineTicker(),
@@ -257,7 +256,7 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
     assertThat(fakeClock.forwardTime(11, TimeUnit.SECONDS)).isEqualTo(expectedTasks);
 
-    assertThat(getAddressesFromPick(weightedPicker)).isEqualTo(weightedChild1.getEag());
+    assertThat(getAddressesFromPick(weightedPicker)).isEqualTo(servers.get(0));
     assertThat(fakeClock.getPendingTasks().size()).isEqualTo(1);
     weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder()
         .setWeightUpdatePeriodNanos(500_000_000L) //.5s
@@ -312,8 +311,7 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
     assertThat(fakeClock.forwardTime(11, TimeUnit.SECONDS)).isEqualTo(expectedTasks);
     PickResult pickResult = weightedPicker.pickSubchannel(mockArgs);
-    assertThat(getAddresses(pickResult))
-        .isEqualTo(weightedChild1.getEag());
+    assertThat(getAddresses(pickResult)).isEqualTo(servers.get(0));
     assertThat(pickResult.getStreamTracerFactory()).isNotNull(); // verify per-request listener
     assertThat(oobCalls.isEmpty()).isTrue();
 
@@ -327,8 +325,7 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
             eq(ConnectivityState.READY), pickerCaptor2.capture());
     weightedPicker = (WeightedRoundRobinPicker) pickerCaptor2.getAllValues().get(2);
     pickResult = weightedPicker.pickSubchannel(mockArgs);
-    assertThat(getAddresses(pickResult))
-        .isEqualTo(weightedChild1.getEag());
+    assertThat(getAddresses(pickResult)).isEqualTo(servers.get(0));
     assertThat(pickResult.getStreamTracerFactory()).isNull();
     OrcaLoadReportRequest golden = OrcaLoadReportRequest.newBuilder().setReportInterval(
             Duration.newBuilder().setSeconds(20).setNanos(30000000).build()).build();
@@ -375,16 +372,16 @@ private void pickByWeight(MetricReport r1, MetricReport r2, MetricReport r3,
       pickCount.put(result, pickCount.getOrDefault(result, 0) + 1);
     }
     assertThat(pickCount.size()).isEqualTo(3);
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()) / 10000.0 - subchannel1PickRatio))
+    assertThat(Math.abs(pickCount.get(servers.get(0)) / 10000.0 - subchannel1PickRatio))
         .isAtMost(0.0002);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()) / 10000.0 - subchannel2PickRatio ))
+    assertThat(Math.abs(pickCount.get(servers.get(1)) / 10000.0 - subchannel2PickRatio ))
         .isAtMost(0.0002);
-    assertThat(Math.abs(pickCount.get(weightedChild3.getEag()) / 10000.0 - subchannel3PickRatio ))
+    assertThat(Math.abs(pickCount.get(servers.get(2)) / 10000.0 - subchannel3PickRatio ))
         .isAtMost(0.0002);
   }
 
   private SubchannelStateListener getSubchannelStateListener(Subchannel mockSubChannel) {
-    return subchannelStateListeners.get(mockToRealSubChannelMap.get(mockSubChannel));
+    return testHelperInstance.getSubchannelStateListener(mockSubChannel);
   }
 
   private static ChildLbState getChild(WeightedRoundRobinPicker picker, int index) {
@@ -578,8 +575,8 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
     }
     assertThat(pickCount.size()).isEqualTo(2);
     // within blackout period, fallback to simple round robin
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()) / 10000.0 - 0.5)).isLessThan(0.002);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()) / 10000.0 - 0.5)).isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(0)) / 10000.0 - 0.5)).isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(1)) / 10000.0 - 0.5)).isLessThan(0.002);
 
     assertThat(fakeClock.forwardTime(5, TimeUnit.SECONDS)).isEqualTo(1);
     pickCount = new HashMap<>();
@@ -589,10 +586,8 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
     }
     assertThat(pickCount.size()).isEqualTo(2);
     // after blackout period
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()) / 10000.0 - 2.0 / 3))
-            .isLessThan(0.002);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()) / 10000.0 - 1.0 / 3))
-            .isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(0)) / 10000.0 - 2.0 / 3)).isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(1)) / 10000.0 - 1.0 / 3)).isLessThan(0.002);
   }
 
   private boolean isEnabledHappyEyeballs() {
@@ -636,8 +631,7 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
     assertThat(fakeClock.forwardTime(11, TimeUnit.SECONDS)).isEqualTo(expectedTasks);
-    assertThat(getAddressesFromPick(weightedPicker))
-        .isEqualTo(weightedChild1.getEag());
+    assertThat(getAddressesFromPick(weightedPicker)).isEqualTo(servers.get(0));
     assertThat(getNumFilteredPendingTasks()).isEqualTo(1);
     weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder()
         .setWeightUpdatePeriodNanos(500_000_000L) //.5s
@@ -655,10 +649,8 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
     //timer fires, new weight updated
     expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
     assertThat(fakeClock.forwardTime(500, TimeUnit.MILLISECONDS)).isEqualTo(expectedTasks);
-    assertThat(getAddressesFromPick(weightedPicker))
-        .isEqualTo(weightedChild2.getEag());
-    assertThat(getAddressesFromPick(weightedPicker))
-        .isEqualTo(weightedChild1.getEag());
+    assertThat(getAddressesFromPick(weightedPicker)).isEqualTo(servers.get(1));
+    assertThat(getAddressesFromPick(weightedPicker)).isEqualTo(servers.get(0));
   }
 
   @Test
@@ -697,10 +689,8 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
       pickCount.put(result, pickCount.getOrDefault(result, 0) + 1);
     }
     assertThat(pickCount.size()).isEqualTo(2);
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()) / 1000.0 - 2.0 / 3))
-            .isLessThan(0.002);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()) / 1000.0 - 1.0 / 3))
-            .isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(0)) / 1000.0 - 2.0 / 3)).isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(1)) / 1000.0 - 1.0 / 3)).isLessThan(0.002);
 
     // weight expired, fallback to simple round robin
     assertThat(fakeClock.forwardTime(300, TimeUnit.SECONDS)).isEqualTo(1);
@@ -710,10 +700,8 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
       pickCount.put(result, pickCount.getOrDefault(result, 0) + 1);
     }
     assertThat(pickCount.size()).isEqualTo(2);
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()) / 1000.0 - 0.5))
-            .isLessThan(0.002);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()) / 1000.0 - 0.5))
-            .isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(0)) / 1000.0 - 0.5)).isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(1)) / 1000.0 - 0.5)).isLessThan(0.002);
   }
 
   @Test
@@ -738,26 +726,17 @@ public void rrFallback() {
         (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(1);
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
     assertThat(fakeClock.forwardTime(10, TimeUnit.SECONDS)).isEqualTo(expectedTasks);
-    WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
-    WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    Map<EquivalentAddressGroup, Integer> qpsByChannel = ImmutableMap.of(weightedChild1.getEag(), 2,
-        weightedChild2.getEag(), 1);
+    Map<EquivalentAddressGroup, Integer> qpsByChannel = ImmutableMap.of(servers.get(0), 2,
+        servers.get(1), 1);
     Map<EquivalentAddressGroup, Integer> pickCount = new HashMap<>();
     for (int i = 0; i < 1000; i++) {
       PickResult pickResult = weightedPicker.pickSubchannel(mockArgs);
       EquivalentAddressGroup addresses = getAddresses(pickResult);
       pickCount.merge(addresses, 1, Integer::sum);
-      assertThat(pickResult.getStreamTracerFactory()).isNotNull();
-      WeightedChildLbState childLbState = (WeightedChildLbState) wrr.getChildLbStateEag(addresses);
-      childLbState.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
-          InternalCallMetricRecorder.createMetricReport(
-              0.1, 0, 0.1, qpsByChannel.get(addresses), 0,
-              new HashMap<>(), new HashMap<>(), new HashMap<>()));
+      reportLoadOnRpc(pickResult, 0.1, 0, 0.1, qpsByChannel.get(addresses), 0);
     }
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()) / 1000.0 - 1.0 / 2))
-        .isAtMost(0.1);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()) / 1000.0 - 1.0 / 2))
-        .isAtMost(0.1);
+    assertThat(Math.abs(pickCount.get(servers.get(0)) / 1000.0 - 1.0 / 2)).isAtMost(0.1);
+    assertThat(Math.abs(pickCount.get(servers.get(1)) / 1000.0 - 1.0 / 2)).isAtMost(0.1);
 
     // Identical to above except forwards time after each pick
     pickCount.clear();
@@ -765,19 +744,12 @@ childLbState.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLo
       PickResult pickResult = weightedPicker.pickSubchannel(mockArgs);
       EquivalentAddressGroup addresses = getAddresses(pickResult);
       pickCount.merge(addresses, 1, Integer::sum);
-      assertThat(pickResult.getStreamTracerFactory()).isNotNull();
-      WeightedChildLbState childLbState = (WeightedChildLbState) wrr.getChildLbStateEag(addresses);
-      childLbState.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
-          InternalCallMetricRecorder.createMetricReport(
-              0.1, 0, 0.1, qpsByChannel.get(addresses), 0,
-              new HashMap<>(), new HashMap<>(), new HashMap<>()));
+      reportLoadOnRpc(pickResult, 0.1, 0, 0.1, qpsByChannel.get(addresses), 0);
       fakeClock.forwardTime(50, TimeUnit.MILLISECONDS);
     }
     assertThat(pickCount.size()).isEqualTo(2);
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()) / 1000.0 - 2.0 / 3))
-        .isAtMost(0.1);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()) / 1000.0 - 1.0 / 3))
-        .isAtMost(0.1);
+    assertThat(Math.abs(pickCount.get(servers.get(0)) / 1000.0 - 2.0 / 3)).isAtMost(0.1);
+    assertThat(Math.abs(pickCount.get(servers.get(1)) / 1000.0 - 1.0 / 3)).isAtMost(0.1);
   }
 
   private static EquivalentAddressGroup getAddresses(PickResult pickResult) {
@@ -809,7 +781,6 @@ public void unknownWeightIsAvgWeight() {
         (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(2);
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    WeightedChildLbState weightedChild3 = (WeightedChildLbState) getChild(weightedPicker, 2);
     weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
@@ -823,13 +794,10 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
       pickCount.merge(result.getAddresses(), 1, Integer::sum);
     }
     assertThat(pickCount.size()).isEqualTo(3);
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()) / 1000.0 - 4.0 / 9))
-            .isLessThan(0.002);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()) / 1000.0 - 2.0 / 9))
-            .isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(0)) / 1000.0 - 4.0 / 9)).isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(1)) / 1000.0 - 2.0 / 9)).isLessThan(0.002);
     // subchannel3's weight is average of subchannel1 and subchannel2
-    assertThat(Math.abs(pickCount.get(weightedChild3.getEag()) / 1000.0 - 3.0 / 9))
-            .isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(2)) / 1000.0 - 3.0 / 9)).isLessThan(0.002);
   }
 
   @Test
@@ -862,8 +830,8 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     CyclicBarrier barrier = new CyclicBarrier(2);
     Map<EquivalentAddressGroup, AtomicInteger> pickCount = new ConcurrentHashMap<>();
-    pickCount.put(weightedChild1.getEag(), new AtomicInteger(0));
-    pickCount.put(weightedChild2.getEag(), new AtomicInteger(0));
+    pickCount.put(servers.get(0), new AtomicInteger(0));
+    pickCount.put(servers.get(1), new AtomicInteger(0));
     new Thread(new Runnable() {
       @Override
       public void run() {
@@ -890,10 +858,8 @@ public void run() {
     barrier.await();
     assertThat(pickCount.size()).isEqualTo(2);
     // after blackout period
-    assertThat(Math.abs(pickCount.get(weightedChild1.getEag()).get() / 2000.0 - 2.0 / 3))
-            .isLessThan(0.002);
-    assertThat(Math.abs(pickCount.get(weightedChild2.getEag()).get() / 2000.0 - 1.0 / 3))
-            .isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(0)).get() / 2000.0 - 2.0 / 3)).isLessThan(0.002);
+    assertThat(Math.abs(pickCount.get(servers.get(1)).get() / 2000.0 - 1.0 / 3)).isLessThan(0.002);
   }
 
   @Test(expected = NullPointerException.class)
@@ -1334,6 +1300,35 @@ private int getNumFilteredPendingTasks() {
     return AbstractTestHelper.getNumFilteredPendingTasks(fakeClock);
   }
 
+  private static final Metadata.Key<OrcaLoadReport> ORCA_LOAD_METRICS_KEY =
+        Metadata.Key.of(
+            "endpoint-load-metrics-bin",
+            ProtoUtils.metadataMarshaller(OrcaLoadReport.getDefaultInstance()));
+  private static final ClientStreamTracer.StreamInfo STREAM_INFO =
+      ClientStreamTracer.StreamInfo.newBuilder().build();
+
+  private static void reportLoadOnRpc(
+      PickResult pickResult,
+      double cpuUtilization,
+      double applicationUtilization,
+      double memoryUtilization,
+      double qps,
+      double eps) {
+    ClientStreamTracer childTracer = pickResult.getStreamTracerFactory()
+        .newClientStreamTracer(STREAM_INFO, new Metadata());
+    Metadata trailer = new Metadata();
+    trailer.put(
+        ORCA_LOAD_METRICS_KEY,
+        OrcaLoadReport.newBuilder()
+          .setCpuUtilization(cpuUtilization)
+          .setApplicationUtilization(applicationUtilization)
+          .setMemUtilization(memoryUtilization)
+          .setRpsFractional(qps)
+          .setEps(eps)
+          .build());
+    childTracer.inboundTrailers(trailer);
+  }
+
   private static final class VerifyingScheduler {
     private final StaticStrideScheduler delegate;
     private final int max;
@@ -1389,16 +1384,6 @@ public Map<List<EquivalentAddressGroup>, Subchannel> getSubchannelMap() {
       return subchannels;
     }
 
-    @Override
-    public Map<Subchannel, Subchannel> getMockToRealSubChannelMap() {
-      return mockToRealSubChannelMap;
-    }
-
-    @Override
-    public Map<Subchannel, SubchannelStateListener> getSubchannelStateListeners() {
-      return subchannelStateListeners;
-    }
-
     @Override
     public MetricRecorder getMetricRecorder() {
       return mockMetricRecorder;

From 921f88ae30e5a4b1d890f3ea7ff709f475a86298 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 12 Nov 2024 12:27:40 +0530
Subject: [PATCH 083/591] services: Deprecate V1alpha (#11681)

---
 documentation/server-reflection-tutorial.md               | 8 ++++----
 .../grpc/examples/debug/HelloWorldDebuggableClient.java   | 2 +-
 .../io/grpc/examples/debug/HostnameDebuggableServer.java  | 2 +-
 .../java/io/grpc/examples/hostname/HostnameServer.java    | 4 ++--
 examples/example-reflection/README.md                     | 2 +-
 .../io/grpc/examples/reflection/ReflectionServer.java     | 4 ++--
 .../grpc/examples/helloworldxds/XdsHelloWorldServer.java  | 4 ++--
 .../java/io/grpc/testing/integration/XdsTestClient.java   | 5 ++++-
 .../java/io/grpc/testing/integration/XdsTestServer.java   | 7 +++++--
 .../io/grpc/protobuf/services/ProtoReflectionService.java | 4 +++-
 .../protobuf/services/ProtoReflectionServiceTest.java     | 4 ++--
 11 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/documentation/server-reflection-tutorial.md b/documentation/server-reflection-tutorial.md
index 5fad5a22333..c4d2e8c4aea 100644
--- a/documentation/server-reflection-tutorial.md
+++ b/documentation/server-reflection-tutorial.md
@@ -10,9 +10,9 @@ proto-based services.
 ## Enable Server Reflection
 
 gRPC-Java Server Reflection is implemented by
-`io.grpc.protobuf.services.ProtoReflectionService` in the `grpc-services`
+`io.grpc.protobuf.services.ProtoReflectionServiceV1` in the `grpc-services`
 package. To enable server reflection, you need to add the
-`ProtoReflectionService` to your gRPC server.
+`ProtoReflectionServiceV1` to your gRPC server.
 
 For example, to enable server reflection in
 `examples/src/main/java/io/grpc/examples/helloworld/HelloWorldServer.java`, we
@@ -35,7 +35,7 @@ need to make the following changes:
  
  import io.grpc.Server;
  import io.grpc.ServerBuilder;
-+import io.grpc.protobuf.services.ProtoReflectionService;
++import io.grpc.protobuf.services.ProtoReflectionServiceV1;
  import io.grpc.stub.StreamObserver;
  import java.io.IOException;
  import java.util.logging.Logger;
@@ -43,7 +43,7 @@ need to make the following changes:
      int port = 50051;
      server = ServerBuilder.forPort(port)
          .addService(new GreeterImpl())
-+        .addService(ProtoReflectionService.newInstance())
++        .addService(ProtoReflectionServiceV1.newInstance())
          .build()
          .start();
      logger.info("Server started, listening on " + port);
diff --git a/examples/example-debug/src/main/java/io/grpc/examples/debug/HelloWorldDebuggableClient.java b/examples/example-debug/src/main/java/io/grpc/examples/debug/HelloWorldDebuggableClient.java
index 61391b60415..ef1340cf259 100644
--- a/examples/example-debug/src/main/java/io/grpc/examples/debug/HelloWorldDebuggableClient.java
+++ b/examples/example-debug/src/main/java/io/grpc/examples/debug/HelloWorldDebuggableClient.java
@@ -27,7 +27,7 @@
 import io.grpc.examples.helloworld.GreeterGrpc;
 import io.grpc.examples.helloworld.HelloReply;
 import io.grpc.examples.helloworld.HelloRequest;
-import io.grpc.protobuf.services.ProtoReflectionService;
+import io.grpc.protobuf.services.ProtoReflectionServiceV1;
 import io.grpc.services.AdminInterface;
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
diff --git a/examples/example-debug/src/main/java/io/grpc/examples/debug/HostnameDebuggableServer.java b/examples/example-debug/src/main/java/io/grpc/examples/debug/HostnameDebuggableServer.java
index 89ffc39b599..5525ba91d9c 100644
--- a/examples/example-debug/src/main/java/io/grpc/examples/debug/HostnameDebuggableServer.java
+++ b/examples/example-debug/src/main/java/io/grpc/examples/debug/HostnameDebuggableServer.java
@@ -21,7 +21,7 @@
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.health.v1.HealthCheckResponse.ServingStatus;
-import io.grpc.protobuf.services.ProtoReflectionService;
+import io.grpc.protobuf.services.ProtoReflectionServiceV1;
 import io.grpc.services.AdminInterface;
 import io.grpc.services.HealthStatusManager;
 import java.io.IOException;
diff --git a/examples/example-hostname/src/main/java/io/grpc/examples/hostname/HostnameServer.java b/examples/example-hostname/src/main/java/io/grpc/examples/hostname/HostnameServer.java
index 3c63296d7fa..ca38c7cdc7b 100644
--- a/examples/example-hostname/src/main/java/io/grpc/examples/hostname/HostnameServer.java
+++ b/examples/example-hostname/src/main/java/io/grpc/examples/hostname/HostnameServer.java
@@ -21,7 +21,7 @@
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.health.v1.HealthCheckResponse.ServingStatus;
-import io.grpc.protobuf.services.ProtoReflectionService;
+import io.grpc.protobuf.services.ProtoReflectionServiceV1;
 import io.grpc.services.HealthStatusManager;
 import java.io.IOException;
 import java.util.concurrent.TimeUnit;
@@ -53,7 +53,7 @@ public static void main(String[] args) throws IOException, InterruptedException
     HealthStatusManager health = new HealthStatusManager();
     final Server server = Grpc.newServerBuilderForPort(port, InsecureServerCredentials.create())
         .addService(new HostnameGreeter(hostname))
-        .addService(ProtoReflectionService.newInstance())
+        .addService(ProtoReflectionServiceV1.newInstance())
         .addService(health.getHealthService())
         .build()
         .start();
diff --git a/examples/example-reflection/README.md b/examples/example-reflection/README.md
index 801a27343db..4bc30e84b3b 100644
--- a/examples/example-reflection/README.md
+++ b/examples/example-reflection/README.md
@@ -1,7 +1,7 @@
 gRPC Reflection Example
 ================
 
-The reflection example has a Hello World server with `ProtoReflectionService` registered. 
+The reflection example has a Hello World server with `ProtoReflectionServiceV1` registered. 
 
 ### Build the example
 
diff --git a/examples/example-reflection/src/main/java/io/grpc/examples/reflection/ReflectionServer.java b/examples/example-reflection/src/main/java/io/grpc/examples/reflection/ReflectionServer.java
index ad702247ba7..8406317aad6 100644
--- a/examples/example-reflection/src/main/java/io/grpc/examples/reflection/ReflectionServer.java
+++ b/examples/example-reflection/src/main/java/io/grpc/examples/reflection/ReflectionServer.java
@@ -7,7 +7,7 @@
 import io.grpc.examples.helloworld.GreeterGrpc;
 import io.grpc.examples.helloworld.HelloReply;
 import io.grpc.examples.helloworld.HelloRequest;
-import io.grpc.protobuf.services.ProtoReflectionService;
+import io.grpc.protobuf.services.ProtoReflectionServiceV1;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
 import java.util.concurrent.TimeUnit;
@@ -26,7 +26,7 @@ private void start() throws IOException {
     int port = 50051;
     server = Grpc.newServerBuilderForPort(port, InsecureServerCredentials.create())
         .addService(new GreeterImpl())
-        .addService(ProtoReflectionService.newInstance()) // add reflection service
+        .addService(ProtoReflectionServiceV1.newInstance()) // add reflection service
         .build()
         .start();
     logger.info("Server started, listening on " + port);
diff --git a/examples/example-xds/src/main/java/io/grpc/examples/helloworldxds/XdsHelloWorldServer.java b/examples/example-xds/src/main/java/io/grpc/examples/helloworldxds/XdsHelloWorldServer.java
index 93317dda23e..c7c67f8d681 100644
--- a/examples/example-xds/src/main/java/io/grpc/examples/helloworldxds/XdsHelloWorldServer.java
+++ b/examples/example-xds/src/main/java/io/grpc/examples/helloworldxds/XdsHelloWorldServer.java
@@ -20,7 +20,7 @@
 import io.grpc.Server;
 import io.grpc.ServerCredentials;
 import io.grpc.health.v1.HealthCheckResponse.ServingStatus;
-import io.grpc.protobuf.services.ProtoReflectionService;
+import io.grpc.protobuf.services.ProtoReflectionServiceV1;
 import io.grpc.services.HealthStatusManager;
 import io.grpc.xds.XdsServerBuilder;
 import io.grpc.xds.XdsServerCredentials;
@@ -66,7 +66,7 @@ public static void main(String[] args) throws IOException, InterruptedException
     final HealthStatusManager health = new HealthStatusManager();
     final Server server = XdsServerBuilder.forPort(port, credentials)
         .addService(new HostnameGreeter(hostname))
-        .addService(ProtoReflectionService.newInstance()) // convenient for command line tools
+        .addService(ProtoReflectionServiceV1.newInstance()) // convenient for command line tools
         .addService(health.getHealthService()) // allow management servers to monitor health
         .build()
         .start();
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestClient.java b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestClient.java
index c697bd9f305..23bc12a6b65 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestClient.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestClient.java
@@ -28,6 +28,7 @@
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.common.util.concurrent.SettableFuture;
 import com.google.protobuf.ByteString;
+import io.grpc.BindableService;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
@@ -273,11 +274,13 @@ private void run() {
           .build();
       csmObservability.registerGlobal();
     }
+    @SuppressWarnings("deprecation")
+    BindableService oldReflectionService = ProtoReflectionService.newInstance();
     statsServer =
         Grpc.newServerBuilderForPort(statsPort, InsecureServerCredentials.create())
             .addService(new XdsStatsImpl())
             .addService(new ConfigureUpdateServiceImpl())
-            .addService(ProtoReflectionService.newInstance())
+            .addService(oldReflectionService)
             .addService(ProtoReflectionServiceV1.newInstance())
             .addServices(AdminInterface.getStandardServices())
             .build();
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
index 2f1625d1581..1bc4ff88981 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
@@ -20,6 +20,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import com.google.protobuf.ByteString;
+import io.grpc.BindableService;
 import io.grpc.ForwardingServerCall.SimpleForwardingServerCall;
 import io.grpc.Grpc;
 import io.grpc.InsecureServerCredentials;
@@ -212,6 +213,8 @@ void start() throws Exception {
       throw new RuntimeException(e);
     }
     health = new HealthStatusManager();
+    @SuppressWarnings("deprecation")
+    BindableService oldReflectionService = ProtoReflectionService.newInstance();
     if (secureMode) {
       if (addressType != Util.AddressType.IPV4_IPV6) {
         throw new IllegalArgumentException("Secure mode only supports IPV4_IPV6 address type");
@@ -220,7 +223,7 @@ void start() throws Exception {
           Grpc.newServerBuilderForPort(maintenancePort, InsecureServerCredentials.create())
               .addService(new XdsUpdateHealthServiceImpl(health))
               .addService(health.getHealthService())
-              .addService(ProtoReflectionService.newInstance())
+              .addService(oldReflectionService)
               .addService(ProtoReflectionServiceV1.newInstance())
               .addServices(AdminInterface.getStandardServices())
               .build();
@@ -272,7 +275,7 @@ void start() throws Exception {
                       new TestServiceImpl(serverId, host), new TestInfoInterceptor(host)))
               .addService(new XdsUpdateHealthServiceImpl(health))
               .addService(health.getHealthService())
-              .addService(ProtoReflectionService.newInstance())
+              .addService(oldReflectionService)
               .addService(ProtoReflectionServiceV1.newInstance())
               .addServices(AdminInterface.getStandardServices())
               .build();
diff --git a/services/src/main/java/io/grpc/protobuf/services/ProtoReflectionService.java b/services/src/main/java/io/grpc/protobuf/services/ProtoReflectionService.java
index 45947ed44ee..07008b682c3 100644
--- a/services/src/main/java/io/grpc/protobuf/services/ProtoReflectionService.java
+++ b/services/src/main/java/io/grpc/protobuf/services/ProtoReflectionService.java
@@ -28,11 +28,11 @@
 
 /**
  * Provides a reflection service for Protobuf services (including the reflection service itself).
- * Uses the deprecated v1alpha proto. New users should use ProtoReflectionServiceV1 instead.
  *
  * <p>Separately tracks mutable and immutable services. Throws an exception if either group of
  * services contains multiple Protobuf files with declarations of the same service, method, type, or
  * extension.
+ * Uses the deprecated v1alpha proto. New users should use {@link ProtoReflectionServiceV1} instead.
  */
 @ExperimentalApi("https://github.com/grpc/grpc-java/issues/2222")
 public final class ProtoReflectionService implements BindableService {
@@ -40,11 +40,13 @@ public final class ProtoReflectionService implements BindableService {
   private ProtoReflectionService() {
   }
 
+  @Deprecated
   public static BindableService newInstance() {
     return new ProtoReflectionService();
   }
 
   @Override
+  @SuppressWarnings("deprecation")
   public ServerServiceDefinition bindService() {
     ServerServiceDefinition serverServiceDefinitionV1 = ProtoReflectionServiceV1.newInstance()
         .bindService();
diff --git a/services/src/test/java/io/grpc/protobuf/services/ProtoReflectionServiceTest.java b/services/src/test/java/io/grpc/protobuf/services/ProtoReflectionServiceTest.java
index c9dd1014141..115dd11b0f1 100644
--- a/services/src/test/java/io/grpc/protobuf/services/ProtoReflectionServiceTest.java
+++ b/services/src/test/java/io/grpc/protobuf/services/ProtoReflectionServiceTest.java
@@ -71,7 +71,8 @@ public class ProtoReflectionServiceTest {
 
   private static final String TEST_HOST = "localhost";
   private MutableHandlerRegistry handlerRegistry = new MutableHandlerRegistry();
-  private BindableService reflectionService;
+  @SuppressWarnings("deprecation")
+  private BindableService reflectionService = ProtoReflectionService.newInstance();
   private ServerServiceDefinition dynamicService =
       new DynamicServiceGrpc.DynamicServiceImplBase() {}.bindService();
   private ServerServiceDefinition anotherDynamicService =
@@ -80,7 +81,6 @@ public class ProtoReflectionServiceTest {
 
   @Before
   public void setUp() throws Exception {
-    reflectionService = ProtoReflectionService.newInstance();
     Server server =
         InProcessServerBuilder.forName("proto-reflection-test")
             .directExecutor()

From b1703345f74fd211f9c5199825f2b8973885ea0a Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 13 Nov 2024 16:50:14 -0800
Subject: [PATCH 084/591] Make channelz work with proto lite (#11685)

Allows android apps to expose internal grpc state for debugging.
---
 .../protobuf/services/ChannelzProtoUtil.java  |  72 ++++++--
 .../services/ChannelzProtoUtilTest.java       | 164 ++++++++++--------
 2 files changed, 149 insertions(+), 87 deletions(-)

diff --git a/services/src/main/java/io/grpc/protobuf/services/ChannelzProtoUtil.java b/services/src/main/java/io/grpc/protobuf/services/ChannelzProtoUtil.java
index cf003b2f881..74448a8c5bf 100644
--- a/services/src/main/java/io/grpc/protobuf/services/ChannelzProtoUtil.java
+++ b/services/src/main/java/io/grpc/protobuf/services/ChannelzProtoUtil.java
@@ -21,6 +21,7 @@
 import com.google.protobuf.Any;
 import com.google.protobuf.ByteString;
 import com.google.protobuf.Int64Value;
+import com.google.protobuf.MessageLite;
 import com.google.protobuf.util.Durations;
 import com.google.protobuf.util.Timestamps;
 import io.grpc.ConnectivityState;
@@ -79,6 +80,8 @@
 
 /**
  * A static utility class for turning internal data structures into protos.
+ *
+ * <p>Works with both regular and lite protos.
  */
 final class ChannelzProtoUtil {
   private static final Logger logger = Logger.getLogger(ChannelzProtoUtil.class.getName());
@@ -254,22 +257,20 @@ static SocketOption toSocketOptionLinger(int lingerSeconds) {
     } else {
       lingerOpt = SocketOptionLinger.getDefaultInstance();
     }
-    return SocketOption
-        .newBuilder()
+    return SocketOption.newBuilder()
         .setName(SO_LINGER)
-        .setAdditional(Any.pack(lingerOpt))
+        .setAdditional(packToAny("SocketOptionLinger", lingerOpt))
         .build();
   }
 
   static SocketOption toSocketOptionTimeout(String name, int timeoutMillis) {
     Preconditions.checkNotNull(name);
-    return SocketOption
-        .newBuilder()
+    return SocketOption.newBuilder()
         .setName(name)
         .setAdditional(
-            Any.pack(
-                SocketOptionTimeout
-                    .newBuilder()
+            packToAny(
+                "SocketOptionTimeout",
+                SocketOptionTimeout.newBuilder()
                     .setDuration(Durations.fromMillis(timeoutMillis))
                     .build()))
         .build();
@@ -307,10 +308,9 @@ static SocketOption toSocketOptionTcpInfo(InternalChannelz.TcpInfo i) {
         .setTcpiAdvmss(i.advmss)
         .setTcpiReordering(i.reordering)
         .build();
-    return SocketOption
-        .newBuilder()
+    return SocketOption.newBuilder()
         .setName(TCP_INFO)
-        .setAdditional(Any.pack(tcpInfo))
+        .setAdditional(packToAny("SocketOptionTcpInfo", tcpInfo))
         .build();
   }
 
@@ -380,10 +380,11 @@ private static ChannelTrace toChannelTrace(InternalChannelz.ChannelTrace channel
   private static List<ChannelTraceEvent> toChannelTraceEvents(List<Event> events) {
     List<ChannelTraceEvent> channelTraceEvents = new ArrayList<>();
     for (Event event : events) {
-      ChannelTraceEvent.Builder builder = ChannelTraceEvent.newBuilder()
-          .setDescription(event.description)
-          .setSeverity(Severity.valueOf(event.severity.name()))
-          .setTimestamp(Timestamps.fromNanos(event.timestampNanos));
+      ChannelTraceEvent.Builder builder =
+          ChannelTraceEvent.newBuilder()
+              .setDescription(event.description)
+              .setSeverity(toSeverity(event.severity))
+              .setTimestamp(Timestamps.fromNanos(event.timestampNanos));
       if (event.channelRef != null) {
         builder.setChannelRef(toChannelRef(event.channelRef));
       }
@@ -395,14 +396,39 @@ private static List<ChannelTraceEvent> toChannelTraceEvents(List<Event> events)
     return Collections.unmodifiableList(channelTraceEvents);
   }
 
+  static Severity toSeverity(Event.Severity severity) {
+    if (severity == null) {
+      return Severity.CT_UNKNOWN;
+    }
+    switch (severity) {
+      case CT_INFO:
+        return Severity.CT_INFO;
+      case CT_ERROR:
+        return Severity.CT_ERROR;
+      case CT_WARNING:
+        return Severity.CT_WARNING;
+      default:
+        return Severity.CT_UNKNOWN;
+    }
+  }
+
   static State toState(ConnectivityState state) {
     if (state == null) {
       return State.UNKNOWN;
     }
-    try {
-      return Enum.valueOf(State.class, state.name());
-    } catch (IllegalArgumentException e) {
-      return State.UNKNOWN;
+    switch (state) {
+      case IDLE:
+        return State.IDLE;
+      case READY:
+        return State.READY;
+      case CONNECTING:
+        return State.CONNECTING;
+      case SHUTDOWN:
+        return State.SHUTDOWN;
+      case TRANSIENT_FAILURE:
+        return State.TRANSIENT_FAILURE;
+      default:
+        return State.UNKNOWN;
     }
   }
 
@@ -468,4 +494,12 @@ private static <T> T getFuture(ListenableFuture<T> future) {
       throw Status.INTERNAL.withCause(e).asRuntimeException();
     }
   }
+
+  // A version of Any.pack() that works with protolite.
+  private static Any packToAny(String typeName, MessageLite value) {
+    return Any.newBuilder()
+        .setTypeUrl("type.googleapis.com/grpc.channelz.v1." + typeName)
+        .setValue(value.toByteString())
+        .build();
+  }
 }
diff --git a/services/src/test/java/io/grpc/protobuf/services/ChannelzProtoUtilTest.java b/services/src/test/java/io/grpc/protobuf/services/ChannelzProtoUtilTest.java
index 0d2e6063d5e..598a8625e58 100644
--- a/services/src/test/java/io/grpc/protobuf/services/ChannelzProtoUtilTest.java
+++ b/services/src/test/java/io/grpc/protobuf/services/ChannelzProtoUtilTest.java
@@ -27,7 +27,7 @@
 import com.google.protobuf.Any;
 import com.google.protobuf.ByteString;
 import com.google.protobuf.Int64Value;
-import com.google.protobuf.Message;
+import com.google.protobuf.MessageLite;
 import com.google.protobuf.util.Durations;
 import com.google.protobuf.util.Timestamps;
 import io.grpc.ConnectivityState;
@@ -154,33 +154,44 @@ public final class ChannelzProtoUtilTest {
       .setData(serverData)
       .build();
 
-  private final SocketOption sockOptLingerDisabled = SocketOption
-      .newBuilder()
-      .setName("SO_LINGER")
-      .setAdditional(
-          Any.pack(SocketOptionLinger.getDefaultInstance()))
-      .build();
-
-  private final SocketOption sockOptlinger10s = SocketOption
-      .newBuilder()
-      .setName("SO_LINGER")
-      .setAdditional(
-          Any.pack(SocketOptionLinger
-              .newBuilder()
-              .setActive(true)
-              .setDuration(Durations.fromSeconds(10))
-              .build()))
-      .build();
-
-  private final SocketOption sockOptTimeout200ms = SocketOption
-      .newBuilder()
-      .setName("SO_TIMEOUT")
-      .setAdditional(
-          Any.pack(SocketOptionTimeout
-          .newBuilder()
-          .setDuration(Durations.fromMillis(200))
-          .build())
-      ).build();
+  private final SocketOption sockOptLingerDisabled =
+      SocketOption.newBuilder()
+          .setName("SO_LINGER")
+          .setAdditional(
+              Any.newBuilder()
+                  .setTypeUrl("type.googleapis.com/grpc.channelz.v1.SocketOptionLinger")
+                  .setValue(SocketOptionLinger.getDefaultInstance().toByteString())
+                  .build())
+          .build();
+
+  private final SocketOption sockOptlinger10s =
+      SocketOption.newBuilder()
+          .setName("SO_LINGER")
+          .setAdditional(
+              Any.newBuilder()
+                  .setTypeUrl("type.googleapis.com/grpc.channelz.v1.SocketOptionLinger")
+                  .setValue(
+                      SocketOptionLinger.newBuilder()
+                          .setActive(true)
+                          .setDuration(Durations.fromSeconds(10))
+                          .build()
+                          .toByteString())
+                  .build())
+          .build();
+
+  private final SocketOption sockOptTimeout200ms =
+      SocketOption.newBuilder()
+          .setName("SO_TIMEOUT")
+          .setAdditional(
+              Any.newBuilder()
+                  .setTypeUrl("type.googleapis.com/grpc.channelz.v1.SocketOptionTimeout")
+                  .setValue(
+                      SocketOptionTimeout.newBuilder()
+                          .setDuration(Durations.fromMillis(200))
+                          .build()
+                          .toByteString())
+                  .build())
+          .build();
 
   private final SocketOption sockOptAdditional = SocketOption
       .newBuilder()
@@ -221,43 +232,46 @@ public final class ChannelzProtoUtilTest {
       .setReordering(728)
       .build();
 
-  private final SocketOption socketOptionTcpInfo = SocketOption
-      .newBuilder()
-      .setName("TCP_INFO")
-      .setAdditional(
-          Any.pack(
-              SocketOptionTcpInfo.newBuilder()
-                  .setTcpiState(70)
-                  .setTcpiCaState(71)
-                  .setTcpiRetransmits(72)
-                  .setTcpiProbes(73)
-                  .setTcpiBackoff(74)
-                  .setTcpiOptions(75)
-                  .setTcpiSndWscale(76)
-                  .setTcpiRcvWscale(77)
-                  .setTcpiRto(78)
-                  .setTcpiAto(79)
-                  .setTcpiSndMss(710)
-                  .setTcpiRcvMss(711)
-                  .setTcpiUnacked(712)
-                  .setTcpiSacked(713)
-                  .setTcpiLost(714)
-                  .setTcpiRetrans(715)
-                  .setTcpiFackets(716)
-                  .setTcpiLastDataSent(717)
-                  .setTcpiLastAckSent(718)
-                  .setTcpiLastDataRecv(719)
-                  .setTcpiLastAckRecv(720)
-                  .setTcpiPmtu(721)
-                  .setTcpiRcvSsthresh(722)
-                  .setTcpiRtt(723)
-                  .setTcpiRttvar(724)
-                  .setTcpiSndSsthresh(725)
-                  .setTcpiSndCwnd(726)
-                  .setTcpiAdvmss(727)
-                  .setTcpiReordering(728)
-                  .build()))
-      .build();
+  private final SocketOption socketOptionTcpInfo =
+      SocketOption.newBuilder()
+          .setName("TCP_INFO")
+          .setAdditional(
+              Any.newBuilder()
+                  .setTypeUrl("type.googleapis.com/grpc.channelz.v1.SocketOptionTcpInfo")
+                  .setValue(
+                      SocketOptionTcpInfo.newBuilder()
+                          .setTcpiState(70)
+                          .setTcpiCaState(71)
+                          .setTcpiRetransmits(72)
+                          .setTcpiProbes(73)
+                          .setTcpiBackoff(74)
+                          .setTcpiOptions(75)
+                          .setTcpiSndWscale(76)
+                          .setTcpiRcvWscale(77)
+                          .setTcpiRto(78)
+                          .setTcpiAto(79)
+                          .setTcpiSndMss(710)
+                          .setTcpiRcvMss(711)
+                          .setTcpiUnacked(712)
+                          .setTcpiSacked(713)
+                          .setTcpiLost(714)
+                          .setTcpiRetrans(715)
+                          .setTcpiFackets(716)
+                          .setTcpiLastDataSent(717)
+                          .setTcpiLastAckSent(718)
+                          .setTcpiLastDataRecv(719)
+                          .setTcpiLastAckRecv(720)
+                          .setTcpiPmtu(721)
+                          .setTcpiRcvSsthresh(722)
+                          .setTcpiRtt(723)
+                          .setTcpiRttvar(724)
+                          .setTcpiSndSsthresh(725)
+                          .setTcpiSndCwnd(726)
+                          .setTcpiAdvmss(727)
+                          .setTcpiReordering(728)
+                          .build()
+                          .toByteString()))
+          .build();
 
   private final TestListenSocket listenSocket = new TestListenSocket();
   private final SocketRef listenSocketRef = SocketRef
@@ -336,6 +350,16 @@ public void toServerRef() {
     assertEquals(serverRef, ChannelzProtoUtil.toServerRef(server));
   }
 
+  @Test
+  public void toSeverity() {
+    for (Severity severity : Severity.values()) {
+      assertEquals(
+          severity.name(),
+          ChannelzProtoUtil.toSeverity(severity).name()); // OK because test isn't proguarded.
+    }
+    assertEquals(ChannelTraceEvent.Severity.CT_UNKNOWN, ChannelzProtoUtil.toSeverity(null));
+  }
+
   @Test
   public void toSocketRef() {
     assertEquals(socketRef, ChannelzProtoUtil.toSocketRef(socket));
@@ -346,7 +370,7 @@ public void toState() {
     for (ConnectivityState connectivityState : ConnectivityState.values()) {
       assertEquals(
           connectivityState.name(),
-          ChannelzProtoUtil.toState(connectivityState).getValueDescriptor().getName());
+          ChannelzProtoUtil.toState(connectivityState).name()); // OK because test isn't proguarded.
     }
     assertEquals(State.UNKNOWN, ChannelzProtoUtil.toState(null));
   }
@@ -475,8 +499,12 @@ public void socketSecurityTls() throws Exception {
   @Test
   public void socketSecurityOther() throws Exception {
     // what is packed here is not important, just pick some proto message
-    Message contents = GetChannelRequest.newBuilder().setChannelId(1).build();
-    Any packed = Any.pack(contents);
+    MessageLite contents = GetChannelRequest.newBuilder().setChannelId(1).build();
+    Any packed =
+        Any.newBuilder()
+            .setTypeUrl("type.googleapis.com/grpc.channelz.v1.GetChannelRequest")
+            .setValue(contents.toByteString())
+            .build();
     socket.security
         = new InternalChannelz.Security(
             new InternalChannelz.OtherSecurity("other_security", packed));

From 4e8f7df589cbe5a192e705ab372f2b27957bf662 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 14 Nov 2024 12:56:24 -0800
Subject: [PATCH 085/591] util: Remove resolvedAddresses from
 MultiChildLb.ChildLbState

It isn't actually used by MultiChildLb, and using the health API gives
us more confidence that health is properly plumbed.
---
 .../PickFirstLoadBalancerProvider.java        |  2 +-
 ...PickFirstLoadBalancerProviderAccessor.java | 28 +++++++
 .../io/grpc/util/MultiChildLoadBalancer.java  | 13 ----
 .../grpc/util/RoundRobinLoadBalancerTest.java | 67 +++++++++++++++--
 .../io/grpc/xds/RingHashLoadBalancerTest.java | 75 ++++++++++++++++++-
 5 files changed, 160 insertions(+), 25 deletions(-)
 create mode 100644 core/src/testFixtures/java/io/grpc/internal/PickFirstLoadBalancerProviderAccessor.java

diff --git a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancerProvider.java b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancerProvider.java
index 92178ccae24..83b3fb7d8e6 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancerProvider.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancerProvider.java
@@ -36,7 +36,7 @@ public final class PickFirstLoadBalancerProvider extends LoadBalancerProvider {
   public static final String GRPC_PF_USE_HAPPY_EYEBALLS = "GRPC_PF_USE_HAPPY_EYEBALLS";
   private static final String SHUFFLE_ADDRESS_LIST_KEY = "shuffleAddressList";
 
-  private static boolean enableNewPickFirst =
+  static boolean enableNewPickFirst =
       GrpcUtil.getFlag("GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST", false);
 
   public static boolean isEnabledHappyEyeballs() {
diff --git a/core/src/testFixtures/java/io/grpc/internal/PickFirstLoadBalancerProviderAccessor.java b/core/src/testFixtures/java/io/grpc/internal/PickFirstLoadBalancerProviderAccessor.java
new file mode 100644
index 00000000000..a6e94df03c2
--- /dev/null
+++ b/core/src/testFixtures/java/io/grpc/internal/PickFirstLoadBalancerProviderAccessor.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+/**
+ * Accessor for PickFirstLoadBalancerProvider, allowing access only during tests.
+ */
+public final class PickFirstLoadBalancerProviderAccessor {
+  private PickFirstLoadBalancerProviderAccessor() {}
+
+  public static void setEnableNewPickFirst(boolean enableNewPickFirst) {
+    PickFirstLoadBalancerProvider.enableNewPickFirst = enableNewPickFirst;
+  }
+}
diff --git a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
index 36a480f63c2..b51d2772d3e 100644
--- a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
@@ -191,7 +191,6 @@ private List<ChildLbState> updateChildrenWithResolvedAddresses(
       }
       newChildLbStates.add(childLbState);
       if (entry.getValue() != null) {
-        childLbState.setResolvedAddresses(entry.getValue()); // update child
         childLbState.lb.handleResolvedAddresses(entry.getValue()); // update child LB
       }
     }
@@ -262,8 +261,6 @@ protected final List<ChildLbState> getReadyChildren() {
    */
   public class ChildLbState {
     private final Object key;
-    private ResolvedAddresses resolvedAddresses;
-
     private final LoadBalancer lb;
     private ConnectivityState currentState;
     private SubchannelPicker currentPicker = new FixedResultPicker(PickResult.withNoResult());
@@ -321,16 +318,6 @@ protected final void setCurrentPicker(SubchannelPicker newPicker) {
       currentPicker = newPicker;
     }
 
-    protected final void setResolvedAddresses(ResolvedAddresses newAddresses) {
-      checkNotNull(newAddresses, "Missing address list for child");
-      resolvedAddresses = newAddresses;
-    }
-
-    @VisibleForTesting
-    public final ResolvedAddresses getResolvedAddresses() {
-      return resolvedAddresses;
-    }
-
     /**
      * ChildLbStateHelper is the glue between ChildLbState and the helpers associated with the
      * petiole policy above and the PickFirstLoadBalancer's helper below.
diff --git a/util/src/test/java/io/grpc/util/RoundRobinLoadBalancerTest.java b/util/src/test/java/io/grpc/util/RoundRobinLoadBalancerTest.java
index 0201fb578e9..18854ca1bb6 100644
--- a/util/src/test/java/io/grpc/util/RoundRobinLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/RoundRobinLoadBalancerTest.java
@@ -22,7 +22,6 @@
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.SHUTDOWN;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
-import static io.grpc.util.MultiChildLoadBalancer.IS_PETIOLE_POLICY;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
@@ -54,13 +53,15 @@
 import io.grpc.LoadBalancer.Subchannel;
 import io.grpc.LoadBalancer.SubchannelPicker;
 import io.grpc.Status;
+import io.grpc.internal.PickFirstLoadBalancerProvider;
+import io.grpc.internal.PickFirstLoadBalancerProviderAccessor;
 import io.grpc.internal.TestUtils;
-import io.grpc.util.MultiChildLoadBalancer.ChildLbState;
 import io.grpc.util.RoundRobinLoadBalancer.ReadyPicker;
 import java.net.SocketAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -104,6 +105,7 @@ public class RoundRobinLoadBalancerTest {
   private ArgumentCaptor<CreateSubchannelArgs> createArgsCaptor;
   private TestHelper testHelperInst = new TestHelper();
   private Helper mockHelper = mock(Helper.class, delegatesTo(testHelperInst));
+  private boolean defaultNewPickFirst = PickFirstLoadBalancerProvider.isEnabledNewPickFirst();
 
   @Mock // This LoadBalancer doesn't use any of the arg fields, as verified in tearDown().
   private PickSubchannelArgs mockArgs;
@@ -126,6 +128,7 @@ private Status acceptAddresses(List<EquivalentAddressGroup> eagList, Attributes
 
   @After
   public void tearDown() throws Exception {
+    PickFirstLoadBalancerProviderAccessor.setEnableNewPickFirst(defaultNewPickFirst);
     verifyNoMoreInteractions(mockArgs);
   }
 
@@ -201,12 +204,6 @@ public void pickAfterResolvedUpdatedHosts() throws Exception {
     verify(removedSubchannel, times(1)).requestConnection();
     verify(oldSubchannel, times(1)).requestConnection();
 
-    assertThat(loadBalancer.getChildLbStates().size()).isEqualTo(2);
-    for (ChildLbState childLbState : loadBalancer.getChildLbStates()) {
-      assertThat(childLbState.getResolvedAddresses().getAttributes().get(IS_PETIOLE_POLICY))
-          .isTrue();
-    }
-
     // This time with Attributes
     List<EquivalentAddressGroup> latestServers = Lists.newArrayList(oldEag2, newEag);
 
@@ -464,6 +461,60 @@ public void subchannelStateIsolation() throws Exception {
     assertThat(pickers.hasNext()).isFalse();
   }
 
+  @Test
+  public void subchannelHealthObserved() throws Exception {
+    // Only the new PF policy observes the new separate listener for health
+    PickFirstLoadBalancerProviderAccessor.setEnableNewPickFirst(true);
+    // PickFirst does most of this work. If the test fails, check IS_PETIOLE_POLICY
+    Map<Subchannel, LoadBalancer.SubchannelStateListener> healthListeners = new HashMap<>();
+    loadBalancer = new RoundRobinLoadBalancer(new ForwardingLoadBalancerHelper() {
+      @Override
+      public Subchannel createSubchannel(CreateSubchannelArgs args) {
+        Subchannel subchannel = super.createSubchannel(args.toBuilder()
+            .setAttributes(args.getAttributes().toBuilder()
+              .set(LoadBalancer.HAS_HEALTH_PRODUCER_LISTENER_KEY, true)
+              .build())
+            .build());
+        healthListeners.put(
+            subchannel, args.getOption(LoadBalancer.HEALTH_CONSUMER_LISTENER_ARG_KEY));
+        return subchannel;
+      }
+
+      @Override
+      protected Helper delegate() {
+        return mockHelper;
+      }
+    });
+
+    InOrder inOrder = inOrder(mockHelper);
+    Status addressesAcceptanceStatus = acceptAddresses(servers, Attributes.EMPTY);
+    assertThat(addressesAcceptanceStatus.isOk()).isTrue();
+    Subchannel subchannel0 = subchannels.get(Arrays.asList(servers.get(0)));
+    Subchannel subchannel1 = subchannels.get(Arrays.asList(servers.get(1)));
+    Subchannel subchannel2 = subchannels.get(Arrays.asList(servers.get(2)));
+
+    // Subchannels go READY, but the LB waits for health
+    for (Subchannel subchannel : subchannels.values()) {
+      deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
+    }
+    inOrder.verify(mockHelper, times(0))
+        .updateBalancingState(eq(READY), any(SubchannelPicker.class));
+
+    // Health results lets subchannels go READY
+    healthListeners.get(subchannel0).onSubchannelState(
+        ConnectivityStateInfo.forTransientFailure(Status.UNAVAILABLE.withDescription("oh no")));
+    healthListeners.get(subchannel1).onSubchannelState(ConnectivityStateInfo.forNonError(READY));
+    healthListeners.get(subchannel2).onSubchannelState(ConnectivityStateInfo.forNonError(READY));
+    inOrder.verify(mockHelper, times(2)).updateBalancingState(eq(READY), pickerCaptor.capture());
+    SubchannelPicker picker = pickerCaptor.getValue();
+    List<Subchannel> picks = Arrays.asList(
+        picker.pickSubchannel(mockArgs).getSubchannel(),
+        picker.pickSubchannel(mockArgs).getSubchannel(),
+        picker.pickSubchannel(mockArgs).getSubchannel(),
+        picker.pickSubchannel(mockArgs).getSubchannel());
+    assertThat(picks).containsExactly(subchannel1, subchannel2, subchannel1, subchannel2);
+  }
+
   @Test
   public void readyPicker_emptyList() {
     // ready picker list must be non-empty
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
index 4afe440c90e..50c2ef1d549 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
@@ -23,7 +23,6 @@
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.SHUTDOWN;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
-import static io.grpc.util.MultiChildLoadBalancer.IS_PETIOLE_POLICY;
 import static io.grpc.xds.RingHashLoadBalancerTest.InitializationFlags.DO_NOT_RESET_HELPER;
 import static io.grpc.xds.RingHashLoadBalancerTest.InitializationFlags.DO_NOT_VERIFY;
 import static io.grpc.xds.RingHashLoadBalancerTest.InitializationFlags.RESET_SUBCHANNEL_MOCKS;
@@ -48,6 +47,7 @@
 import io.grpc.ConnectivityState;
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.EquivalentAddressGroup;
+import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.CreateSubchannelArgs;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancer.PickDetailsConsumer;
@@ -62,9 +62,11 @@
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.PickFirstLoadBalancerProvider;
+import io.grpc.internal.PickFirstLoadBalancerProviderAccessor;
 import io.grpc.internal.PickSubchannelArgsImpl;
 import io.grpc.testing.TestMethodDescriptors;
 import io.grpc.util.AbstractTestHelper;
+import io.grpc.util.ForwardingLoadBalancerHelper;
 import io.grpc.util.MultiChildLoadBalancer.ChildLbState;
 import io.grpc.xds.RingHashLoadBalancer.RingHashConfig;
 import java.lang.Thread.UncaughtExceptionHandler;
@@ -74,8 +76,11 @@
 import java.util.Collections;
 import java.util.Deque;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Random;
+import java.util.Set;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -115,6 +120,7 @@ public void uncaughtException(Thread t, Throwable e) {
   @Captor
   private ArgumentCaptor<SubchannelPicker> pickerCaptor;
   private RingHashLoadBalancer loadBalancer;
+  private boolean defaultNewPickFirst = PickFirstLoadBalancerProvider.isEnabledNewPickFirst();
 
   @Before
   public void setUp() {
@@ -126,6 +132,7 @@ public void setUp() {
 
   @After
   public void tearDown() {
+    PickFirstLoadBalancerProviderAccessor.setEnableNewPickFirst(defaultNewPickFirst);
     loadBalancer.shutdown();
     for (Subchannel subchannel : subchannels.values()) {
       verify(subchannel).shutdown();
@@ -906,6 +913,70 @@ public void duplicateAddresses() {
     assertThat(description).contains("Address: FakeSocketAddress-server2, count: 3");
   }
 
+  @Test
+  public void subchannelHealthObserved() throws Exception {
+    // Only the new PF policy observes the new separate listener for health
+    PickFirstLoadBalancerProviderAccessor.setEnableNewPickFirst(true);
+    // PickFirst does most of this work. If the test fails, check IS_PETIOLE_POLICY
+    Map<Subchannel, LoadBalancer.SubchannelStateListener> healthListeners = new HashMap<>();
+    loadBalancer = new RingHashLoadBalancer(new ForwardingLoadBalancerHelper() {
+      @Override
+      public Subchannel createSubchannel(CreateSubchannelArgs args) {
+        Subchannel subchannel = super.createSubchannel(args.toBuilder()
+            .setAttributes(args.getAttributes().toBuilder()
+              .set(LoadBalancer.HAS_HEALTH_PRODUCER_LISTENER_KEY, true)
+              .build())
+            .build());
+        healthListeners.put(
+            subchannel, args.getOption(LoadBalancer.HEALTH_CONSUMER_LISTENER_ARG_KEY));
+        return subchannel;
+      }
+
+      @Override
+      protected Helper delegate() {
+        return helper;
+      }
+    });
+
+    InOrder inOrder = Mockito.inOrder(helper);
+    List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1);
+    initializeLbSubchannels(new RingHashConfig(10, 100), servers);
+    Subchannel subchannel0 = subchannels.get(Collections.singletonList(servers.get(0)));
+    Subchannel subchannel1 = subchannels.get(Collections.singletonList(servers.get(1)));
+
+    // Subchannels go READY, but the LB waits for health
+    for (Subchannel subchannel : subchannels.values()) {
+      deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
+    }
+    inOrder.verify(helper, times(0)).updateBalancingState(eq(READY), any(SubchannelPicker.class));
+
+    // Health results lets subchannels go READY
+    healthListeners.get(subchannel0).onSubchannelState(ConnectivityStateInfo.forNonError(READY));
+    healthListeners.get(subchannel1).onSubchannelState(ConnectivityStateInfo.forNonError(READY));
+    inOrder.verify(helper, times(2)).updateBalancingState(eq(READY), pickerCaptor.capture());
+    SubchannelPicker picker = pickerCaptor.getValue();
+    Random random = new Random(1);
+    Set<Subchannel> picks = new HashSet<>();
+    for (int i = 0; i < 10; i++) {
+      picks.add(
+          picker.pickSubchannel(getDefaultPickSubchannelArgs(random.nextLong())).getSubchannel());
+    }
+    assertThat(picks).containsExactly(subchannel0, subchannel1);
+
+    // Unhealthy subchannel skipped
+    healthListeners.get(subchannel0).onSubchannelState(
+        ConnectivityStateInfo.forTransientFailure(Status.UNAVAILABLE.withDescription("oh no")));
+    inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
+    picker = pickerCaptor.getValue();
+    random.setSeed(1);
+    picks.clear();
+    for (int i = 0; i < 10; i++) {
+      picks.add(
+          picker.pickSubchannel(getDefaultPickSubchannelArgs(random.nextLong())).getSubchannel());
+    }
+    assertThat(picks).containsExactly(subchannel1);
+  }
+
   private List<Subchannel> initializeLbSubchannels(RingHashConfig config,
       List<EquivalentAddressGroup> servers, InitializationFlags... initFlags) {
 
@@ -950,8 +1021,6 @@ private List<Subchannel> initializeLbSubchannels(RingHashConfig config,
     for (ChildLbState childLbState : loadBalancer.getChildLbStates()) {
       childLbState.getCurrentPicker()
           .pickSubchannel(getDefaultPickSubchannelArgs(hashFunc.hashVoid()));
-      assertThat(childLbState.getResolvedAddresses().getAttributes().get(IS_PETIOLE_POLICY))
-          .isTrue();
     }
 
     if (doVerifies) {

From 1f159d7899915245e6d3bd48b58b71b428a9e37b Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 14 Nov 2024 09:47:26 -0800
Subject: [PATCH 086/591] xds: Fix XdsSecurityClientServerTest
 TrustManagerStore race

When spiffe support was added it caused
tlsClientServer_useSystemRootCerts_validationContext to become flaky.
This is because test execution order was important for whether the race
would occur.

Fixes #11678
---
 .../grpc/xds/XdsSecurityClientServerTest.java | 21 +++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index 8e1220fe9d0..590b6c79a10 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -97,6 +97,7 @@
 import java.util.concurrent.TimeUnit;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.TrustManagerFactory;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -687,16 +688,32 @@ public void run() {
     return settableFuture;
   }
 
-  private void setTrustStoreSystemProperties(String trustStoreFilePath) {
+  private void setTrustStoreSystemProperties(String trustStoreFilePath) throws Exception {
     System.setProperty("javax.net.ssl.trustStore", trustStoreFilePath);
     System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
     System.setProperty("javax.net.ssl.trustStoreType", "JKS");
+    createDefaultTrustManager();
   }
 
-  private void clearTrustStoreSystemProperties() {
+  private void clearTrustStoreSystemProperties() throws Exception {
     System.clearProperty("javax.net.ssl.trustStore");
     System.clearProperty("javax.net.ssl.trustStorePassword");
     System.clearProperty("javax.net.ssl.trustStoreType");
+    createDefaultTrustManager();
+  }
+
+  /**
+   * Workaround the JDK's TrustManagerStore race. TrustManagerStore has a cache for the default
+   * certs based on the system properties. But updating the cache is not thread-safe and can cause a
+   * half-updated cache to appear fully-updated. When both the client and server initialize their
+   * trust store simultaneously, one can see a half-updated value. Creating the trust manager here
+   * fixes the cache while no other threads are running and thus the client and server threads won't
+   * race to update it. See https://github.com/grpc/grpc-java/issues/11678.
+   */
+  private void createDefaultTrustManager() throws Exception {
+    TrustManagerFactory factory =
+        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    factory.init((KeyStore) null);
   }
 
   private static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase {

From 5431bf7e773940c35e97bf627f1a753df0e36be6 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 14 Nov 2024 14:18:40 -0800
Subject: [PATCH 087/591] services: Don't track code coverage of reflection.v1
 gencode

Generated code for v1alpha was ignored, but not v1. Ignoring v1 reduces
lines being checked from 16,145 to 6,303, significantly improving the
overall code coverage and removing noise. This was noticed because there
was a very clear drop at 0aa976c4 visible in the coveralls.io coverage
graph, the point when v1 was introduced.
---
 services/build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/build.gradle b/services/build.gradle
index fade7aef3fb..6daa7b0511d 100644
--- a/services/build.gradle
+++ b/services/build.gradle
@@ -58,6 +58,7 @@ tasks.named("jacocoTestReport").configure {
                 '**/io/grpc/binarylog/v1/**',
                 '**/io/grpc/channelz/v1/**',
                 '**/io/grpc/health/v1/**',
+                '**/io/grpc/reflection/v1/**',
                 '**/io/grpc/reflection/v1alpha/**',
         ])
     }

From 4ae04b7d940afc9a96473aedb06198a53c32f866 Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Mon, 18 Nov 2024 21:12:51 +0530
Subject: [PATCH 088/591] core: increased test tolerance to 1 second

Fixes #11680
---
 .../test/java/io/grpc/internal/InstantTimeProviderTest.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java b/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
index ef97d374b10..46d1891cbb9 100644
--- a/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
+++ b/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
@@ -44,7 +44,7 @@ public void testInstantCurrentTimeNanos() throws Exception {
           + instantNow.getNano();
 
     // Validate the time returned is close to the expected value within a tolerance
-    // (i,e 10 millisecond tolerance in nanoseconds).
-    assertThat(actualTimeNanos).isWithin(10_000_000L).of(expectedTimeNanos);
+    // (i,e 1000 millisecond (1 second) tolerance in nanoseconds).
+    assertThat(actualTimeNanos).isWithin(1000_000_000L).of(expectedTimeNanos);
   }
 }

From 6a92a2a22e0ee192c0c5450c000f0cca2975882e Mon Sep 17 00:00:00 2001
From: zbilun <zbilun@google.com>
Date: Mon, 18 Nov 2024 11:57:02 -0800
Subject: [PATCH 089/591] interop-testing: Add concurrency condition to the
 soak test using existing blocking api

The goal of this PR is to increase the test coverage of the C2P E2E load test by improving the rpc_soak and channel_soak tests to support concurrency.

**rpc_soak:**
The client performs many large_unary RPCs in sequence over the same channel. The test can run in either a concurrent or non-concurrent mode, depending on the number of threads specified (soak_num_threads):
  - Non-Concurrent Mode: When soak_num_threads = 1, all RPCs are performed sequentially on a single thread.
  - Concurrent Mode: When soak_num_threads > 1, the client uses multiple threads to distribute the workload. Each thread performs a portion of the total soak_iterations, executing its own set of RPCs concurrently.

**channel_soak:**
Similar to rpc_soak, but this time each RPC is performed on a new channel. The channel is created just before each RPC and is destroyed just after. Note on Concurrent Execution and Channel Creation: In a concurrent execution setting (i.e., when soak_num_threads > 1), each thread performs a portion of the total soak_iterations and creates and destroys its own channel for each RPC iteration.
- createNewChannel Function: In channel_soak, the createNewChannel function is used by each thread to create a new channel before every RPC. This function ensures that each RPC has a separate channel, preventing race conditions by isolating channels between threads. It shuts down the previous channel (if any) and creates a new one for each iteration, ensuring accurate latency measurement per RPC.

- Thread-specific logs will include the thread_id, helping to track performance across threads, especially when each thread is managing its own channel lifecycle.
---
 .../integration/AbstractInteropTest.java      | 197 +++++++++++++-----
 .../integration/TestServiceClient.java        |  17 +-
 .../integration/XdsFederationTestClient.java  |  67 +++---
 3 files changed, 197 insertions(+), 84 deletions(-)

diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index 53d24d74a36..11fe9832fd9 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -28,6 +28,7 @@
 import static org.junit.Assert.fail;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Function;
 import com.google.common.base.Throwables;
 import com.google.common.collect.ImmutableList;
 import com.google.common.io.ByteStreams;
@@ -1698,9 +1699,28 @@ public Status getStatus() {
     private Status status = Status.OK;
   }
 
+
+  private static class ThreadResults {
+    private int threadFailures = 0;
+    private int iterationsDone = 0;
+    private Histogram latencies = new Histogram(4);
+
+    public int getThreadFailures() {
+      return threadFailures;
+    }
+
+    public int getIterationsDone() {
+      return iterationsDone;
+    }
+
+    public Histogram getLatencies() {
+      return latencies;
+    }
+  }
+
   private SoakIterationResult performOneSoakIteration(
       TestServiceGrpc.TestServiceBlockingStub soakStub, int soakRequestSize, int soakResponseSize)
-      throws Exception {
+      throws InterruptedException {
     long startNs = System.nanoTime();
     Status status = Status.OK;
     try {
@@ -1724,71 +1744,67 @@ private SoakIterationResult performOneSoakIteration(
   }
 
   /**
-    * Runs large unary RPCs in a loop with configurable failure thresholds
-    * and channel creation behavior.
+   * Runs large unary RPCs in a loop with configurable failure thresholds
+   * and channel creation behavior.
    */
   public void performSoakTest(
       String serverUri,
-      boolean resetChannelPerIteration,
       int soakIterations,
       int maxFailures,
       int maxAcceptablePerIterationLatencyMs,
       int minTimeMsBetweenRpcs,
       int overallTimeoutSeconds,
       int soakRequestSize,
-      int soakResponseSize)
-      throws Exception {
-    int iterationsDone = 0;
-    int totalFailures = 0;
-    Histogram latencies = new Histogram(4 /* number of significant value digits */);
+      int soakResponseSize,
+      int numThreads,
+      Function<ManagedChannel, ManagedChannel> createNewChannel)
+      throws InterruptedException {
+    if (soakIterations % numThreads != 0) {
+      throw new IllegalArgumentException("soakIterations must be evenly divisible by numThreads.");
+    }
+    ManagedChannel sharedChannel = createChannel();
     long startNs = System.nanoTime();
-    ManagedChannel soakChannel = createChannel();
-    TestServiceGrpc.TestServiceBlockingStub soakStub = TestServiceGrpc
-        .newBlockingStub(soakChannel)
-        .withInterceptors(recordClientCallInterceptor(clientCallCapture));
-    for (int i = 0; i < soakIterations; i++) {
-      if (System.nanoTime() - startNs >= TimeUnit.SECONDS.toNanos(overallTimeoutSeconds)) {
-        break;
-      }
-      long earliestNextStartNs = System.nanoTime()
-          + TimeUnit.MILLISECONDS.toNanos(minTimeMsBetweenRpcs);
-      if (resetChannelPerIteration) {
-        soakChannel.shutdownNow();
-        soakChannel.awaitTermination(10, TimeUnit.SECONDS);
-        soakChannel = createChannel();
-        soakStub = TestServiceGrpc
-            .newBlockingStub(soakChannel)
-            .withInterceptors(recordClientCallInterceptor(clientCallCapture));
-      }
-      SoakIterationResult result = 
-          performOneSoakIteration(soakStub, soakRequestSize, soakResponseSize);
-      SocketAddress peer = clientCallCapture
-          .get().getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR);
-      StringBuilder logStr = new StringBuilder(
-          String.format(
-              Locale.US,
-              "soak iteration: %d elapsed_ms: %d peer: %s server_uri: %s",
-              i, result.getLatencyMs(), peer != null ? peer.toString() : "null", serverUri));
-      if (!result.getStatus().equals(Status.OK)) {
-        totalFailures++;
-        logStr.append(String.format(" failed: %s", result.getStatus()));
-      } else if (result.getLatencyMs() > maxAcceptablePerIterationLatencyMs) {
-        totalFailures++;
-        logStr.append(
-            " exceeds max acceptable latency: " + maxAcceptablePerIterationLatencyMs);
-      } else {
-        logStr.append(" succeeded");
-      }
-      System.err.println(logStr.toString());
-      iterationsDone++;
-      latencies.recordValue(result.getLatencyMs());
-      long remainingNs = earliestNextStartNs - System.nanoTime();
-      if (remainingNs > 0) {
-        TimeUnit.NANOSECONDS.sleep(remainingNs);
-      }
+    Thread[] threads = new Thread[numThreads];
+    int soakIterationsPerThread = soakIterations / numThreads;
+    List<ThreadResults> threadResultsList = new ArrayList<>(numThreads);
+    for (int i = 0; i < numThreads; i++) {
+      threadResultsList.add(new ThreadResults());
+    }
+    for (int threadInd = 0; threadInd < numThreads; threadInd++) {
+      final int currentThreadInd = threadInd;
+      threads[threadInd] = new Thread(() -> {
+        try {
+          executeSoakTestInThread(
+              soakIterationsPerThread,
+              startNs,
+              minTimeMsBetweenRpcs,
+              soakRequestSize,
+              soakResponseSize,
+              maxAcceptablePerIterationLatencyMs,
+              overallTimeoutSeconds,
+              serverUri,
+              threadResultsList.get(currentThreadInd),
+              sharedChannel,
+              createNewChannel);
+        } catch (InterruptedException e) {
+          Thread.currentThread().interrupt();
+          throw new RuntimeException("Thread interrupted: " + e.getMessage(), e);
+        }
+      });
+      threads[threadInd].start();
+    }
+    for (Thread thread : threads) {
+      thread.join();
+    }
+
+    int totalFailures = 0;
+    int iterationsDone = 0;
+    Histogram latencies = new Histogram(4);
+    for (ThreadResults threadResult :threadResultsList) {
+      totalFailures += threadResult.getThreadFailures();
+      iterationsDone += threadResult.getIterationsDone();
+      latencies.add(threadResult.getLatencies());
     }
-    soakChannel.shutdownNow();
-    soakChannel.awaitTermination(10, TimeUnit.SECONDS);
     System.err.println(
         String.format(
             Locale.US,
@@ -1820,6 +1836,77 @@ public void performSoakTest(
                 + "threshold: %d.",
             serverUri, totalFailures, maxFailures);
     assertTrue(tooManyFailuresErrorMessage, totalFailures <= maxFailures);
+    shutdownChannel(sharedChannel);
+  }
+
+  private void shutdownChannel(ManagedChannel channel) throws InterruptedException {
+    if (channel != null) {
+      channel.shutdownNow();
+      channel.awaitTermination(10, TimeUnit.SECONDS);
+    }
+  }
+
+  protected ManagedChannel createNewChannel(ManagedChannel currentChannel) {
+    try {
+      shutdownChannel(currentChannel);
+      return createChannel();
+    } catch (InterruptedException e) {
+      throw new RuntimeException("Interrupted while creating a new channel", e);
+    }
+  }
+
+  private void executeSoakTestInThread(
+      int soakIterationsPerThread,
+      long startNs,
+      int minTimeMsBetweenRpcs,
+      int soakRequestSize,
+      int soakResponseSize,
+      int maxAcceptablePerIterationLatencyMs,
+      int overallTimeoutSeconds,
+      String serverUri,
+      ThreadResults threadResults,
+      ManagedChannel sharedChannel,
+      Function<ManagedChannel, ManagedChannel> maybeCreateChannel) throws InterruptedException {
+    ManagedChannel currentChannel = sharedChannel;
+    for (int i = 0; i < soakIterationsPerThread; i++) {
+      if (System.nanoTime() - startNs >= TimeUnit.SECONDS.toNanos(overallTimeoutSeconds)) {
+        break;
+      }
+      long earliestNextStartNs = System.nanoTime()
+          + TimeUnit.MILLISECONDS.toNanos(minTimeMsBetweenRpcs);
+
+      currentChannel = maybeCreateChannel.apply(currentChannel);
+      TestServiceGrpc.TestServiceBlockingStub currentStub = TestServiceGrpc
+          .newBlockingStub(currentChannel)
+              .withInterceptors(recordClientCallInterceptor(clientCallCapture));
+      SoakIterationResult result = performOneSoakIteration(currentStub,
+          soakRequestSize, soakResponseSize);
+      SocketAddress peer = clientCallCapture
+          .get().getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR);
+      StringBuilder logStr = new StringBuilder(
+          String.format(
+              Locale.US,
+              "thread id: %d soak iteration: %d elapsed_ms: %d peer: %s server_uri: %s",
+              Thread.currentThread().getId(),
+              i, result.getLatencyMs(), peer != null ? peer.toString() : "null", serverUri));
+      if (!result.getStatus().equals(Status.OK)) {
+        threadResults.threadFailures++;
+        logStr.append(String.format(" failed: %s", result.getStatus()));
+      } else if (result.getLatencyMs() > maxAcceptablePerIterationLatencyMs) {
+        threadResults.threadFailures++;
+        logStr.append(
+            " exceeds max acceptable latency: " + maxAcceptablePerIterationLatencyMs);
+      } else {
+        logStr.append(" succeeded");
+      }
+      System.err.println(logStr.toString());
+      threadResults.iterationsDone++;
+      threadResults.getLatencies().recordValue(result.getLatencyMs());
+      long remainingNs = earliestNextStartNs - System.nanoTime();
+      if (remainingNs > 0) {
+        TimeUnit.NANOSECONDS.sleep(remainingNs);
+      }
+    }
   }
 
   private static void assertSuccess(StreamRecorder<?> recorder) {
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
index e6829be11cb..8ade38cb024 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
@@ -134,6 +134,7 @@ public static void main(String[] args) throws Exception {
       soakIterations * soakPerIterationMaxAcceptableLatencyMs / 1000;
   private int soakRequestSize = 271828;
   private int soakResponseSize = 314159;
+  private int numThreads = 1;
   private String additionalMetadata = "";
   private static LoadBalancerProvider customBackendMetricsLoadBalancerProvider;
 
@@ -214,6 +215,8 @@ void parseArgs(String[] args) throws Exception {
         soakRequestSize = Integer.parseInt(value);
       } else if ("soak_response_size".equals(key)) {
         soakResponseSize = Integer.parseInt(value);
+      }  else if ("soak_num_threads".equals(key)) {
+        numThreads = Integer.parseInt(value);
       } else if ("additional_metadata".equals(key)) {
         additionalMetadata = value;
       } else {
@@ -290,6 +293,9 @@ void parseArgs(String[] args) throws Exception {
           + "\n --soak_response_size "
           + "\n                              The response size in a soak RPC. Default "
             + c.soakResponseSize
+          + "\n --soak_num_threads           The number of threads for concurrent execution of the "
+          + "\n                              soak tests (rpc_soak or channel_soak). Default "
+            + c.numThreads
           + "\n --additional_metadata "
           + "\n                              Additional metadata to send in each request, as a "
           + "\n                              semicolon-separated list of key:value pairs. Default "
@@ -519,30 +525,31 @@ private void runTest(TestCases testCase) throws Exception {
       case RPC_SOAK: {
         tester.performSoakTest(
             serverHost,
-            false /* resetChannelPerIteration */,
             soakIterations,
             soakMaxFailures,
             soakPerIterationMaxAcceptableLatencyMs,
             soakMinTimeMsBetweenRpcs,
             soakOverallTimeoutSeconds,
             soakRequestSize,
-            soakResponseSize);
+            soakResponseSize,
+            numThreads,
+            (currentChannel) -> currentChannel);
         break;
       }
 
       case CHANNEL_SOAK: {
         tester.performSoakTest(
             serverHost,
-            true /* resetChannelPerIteration */,
             soakIterations,
             soakMaxFailures,
             soakPerIterationMaxAcceptableLatencyMs,
             soakMinTimeMsBetweenRpcs,
             soakOverallTimeoutSeconds,
             soakRequestSize,
-            soakResponseSize);
+            soakResponseSize,
+            numThreads,
+            (currentChannel) -> tester.createNewChannel(currentChannel));
         break;
-
       }
 
       case ORCA_PER_RPC: {
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/XdsFederationTestClient.java b/interop-testing/src/main/java/io/grpc/testing/integration/XdsFederationTestClient.java
index f55ccbdefa7..08d845422a5 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/XdsFederationTestClient.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/XdsFederationTestClient.java
@@ -245,29 +245,41 @@ public boolean runSucceeded() {
     /**
      * Run the intended soak test.
      */
-    public void run() {
-      boolean resetChannelPerIteration;
-      switch (testCase) {
-        case "rpc_soak":
-          resetChannelPerIteration = false;
-          break;
-        case "channel_soak":
-          resetChannelPerIteration = true;
-          break;
-        default:
-          throw new RuntimeException("invalid testcase: " + testCase);
-      }
+    public void run() throws InterruptedException {
       try {
-        performSoakTest(
-            serverUri,
-            resetChannelPerIteration,
-            soakIterations,
-            soakMaxFailures,
-            soakPerIterationMaxAcceptableLatencyMs,
-            soakMinTimeMsBetweenRpcs,
-            soakOverallTimeoutSeconds,
-            soakRequestSize,
-            soakResponseSize);
+        switch (testCase) {
+          case "rpc_soak": {
+            performSoakTest(
+                serverUri,
+                soakIterations,
+                soakMaxFailures,
+                soakPerIterationMaxAcceptableLatencyMs,
+                soakMinTimeMsBetweenRpcs,
+                soakOverallTimeoutSeconds,
+                soakRequestSize,
+                soakResponseSize,
+                1,
+                (currentChannel) -> currentChannel);
+          }
+              break;
+          case "channel_soak": {
+            performSoakTest(
+                serverUri,
+                soakIterations,
+                soakMaxFailures,
+                soakPerIterationMaxAcceptableLatencyMs,
+                soakMinTimeMsBetweenRpcs,
+                soakOverallTimeoutSeconds,
+                soakRequestSize,
+                soakResponseSize,
+                1,
+                (currentChannel) -> createNewChannel(currentChannel));
+          }
+            break;
+          default:
+            throw new RuntimeException("invalid testcase: " + testCase);
+        }
+
         logger.info("Test case: " + testCase + " done for server: " + serverUri);
         runSucceeded = true;
       } catch (Exception e) {
@@ -295,11 +307,18 @@ protected ManagedChannelBuilder<?> createChannelBuilder() {
     }
   }
 
-  private void run() throws Exception {
+  private void run() throws InterruptedException {
     logger.info("Begin test case: " + testCase);
     ArrayList<Thread> threads = new ArrayList<>();
     for (InnerClient c : clients) {
-      Thread t = new Thread(c::run);
+      Thread t = new Thread(() -> {
+        try {
+          c.run();
+        } catch (InterruptedException e) {
+          Thread.currentThread().interrupt(); // Properly re-interrupt the thread
+          throw new RuntimeException("Thread was interrupted during execution", e);
+        }
+      });
       t.start();
       threads.add(t);
     }

From e58c998a42d07a8745cfd5ed19f4e211a4400938 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 18 Nov 2024 17:31:01 -0800
Subject: [PATCH 090/591] AndroidComponentAddress includes a target UserHandle
 (#11670)

The target UserHandle is best modeled as part of the SocketAddress not the Channel since it's part of the server's location.

This change allows a NameResolver to select different target users over time within a single Channel.
---
 .../grpc/binder/AndroidComponentAddress.java  | 90 +++++++++++++++++--
 .../io/grpc/binder/BinderChannelBuilder.java  | 20 +++--
 .../BinderClientTransportFactory.java         | 10 +--
 .../grpc/binder/internal/BinderTransport.java |  4 +-
 .../binder/AndroidComponentAddressTest.java   | 77 +++++++++++++++-
 5 files changed, 181 insertions(+), 20 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
index 6c1026e2127..c4c17bb2cef 100644
--- a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
+++ b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
@@ -18,10 +18,14 @@
 
 import static android.content.Intent.URI_ANDROID_APP_SCHEME;
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkState;
 
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
+import android.os.UserHandle;
+import com.google.common.base.Objects;
+import io.grpc.ExperimentalApi;
 import java.net.SocketAddress;
 import javax.annotation.Nullable;
 
@@ -41,18 +45,25 @@
  * fields, namely, an action of {@link ApiConstants#ACTION_BIND}, an empty category set and null
  * type and data URI.
  *
- * <p>The semantics of {@link #equals(Object)} are the same as {@link Intent#filterEquals(Intent)}.
+ * <p>Optionally contains a {@link UserHandle} that must be considered wherever the {@link Intent}
+ * is evaluated.
+ *
+ * <p>{@link #equals(Object)} uses {@link Intent#filterEquals(Intent)} semantics to compare Intents.
  */
 public final class AndroidComponentAddress extends SocketAddress {
   private static final long serialVersionUID = 0L;
 
   private final Intent bindIntent; // "Explicit", having either a component or package restriction.
 
-  protected AndroidComponentAddress(Intent bindIntent) {
+  @Nullable
+  private final UserHandle targetUser; // null means the same user that hosts this process.
+
+  protected AndroidComponentAddress(Intent bindIntent, @Nullable UserHandle targetUser) {
     checkArgument(
         bindIntent.getComponent() != null || bindIntent.getPackage() != null,
         "'bindIntent' must be explicit. Specify either a package or ComponentName.");
     this.bindIntent = bindIntent;
+    this.targetUser = targetUser;
   }
 
   /**
@@ -99,7 +110,7 @@ public static AndroidComponentAddress forRemoteComponent(
    * @throws IllegalArgumentException if 'intent' isn't "explicit"
    */
   public static AndroidComponentAddress forBindIntent(Intent intent) {
-    return new AndroidComponentAddress(intent.cloneFilter());
+    return new AndroidComponentAddress(intent.cloneFilter(), null);
   }
 
   /**
@@ -108,7 +119,7 @@ public static AndroidComponentAddress forBindIntent(Intent intent) {
    */
   public static AndroidComponentAddress forComponent(ComponentName component) {
     return new AndroidComponentAddress(
-        new Intent(ApiConstants.ACTION_BIND).setComponent(component));
+        new Intent(ApiConstants.ACTION_BIND).setComponent(component), null);
   }
 
   /**
@@ -141,6 +152,9 @@ public ComponentName getComponent() {
   /**
    * Returns this address as an explicit {@link Intent} suitable for passing to {@link
    * Context#bindService}.
+   *
+   * <p>NB: The returned Intent does not specify a target Android user. If {@link #getTargetUser()}
+   * is non-null, {@link Context#bindServiceAsUser} should be called instead.
    */
   public Intent asBindIntent() {
     return bindIntent.cloneFilter(); // Intent is mutable so return a copy.
@@ -177,13 +191,77 @@ public int hashCode() {
   public boolean equals(Object obj) {
     if (obj instanceof AndroidComponentAddress) {
       AndroidComponentAddress that = (AndroidComponentAddress) obj;
-      return bindIntent.filterEquals(that.bindIntent);
+      return bindIntent.filterEquals(that.bindIntent)
+          && Objects.equal(this.targetUser, that.targetUser);
     }
     return false;
   }
 
   @Override
   public String toString() {
-    return "AndroidComponentAddress[" + bindIntent + "]";
+    StringBuilder builder = new StringBuilder("AndroidComponentAddress[");
+    if (targetUser != null) {
+      builder.append(targetUser);
+      builder.append("@");
+    }
+    builder.append(bindIntent);
+    builder.append("]");
+    return builder.toString();
+  }
+
+  /**
+   * Identifies the Android user in which the bind Intent will be evaluated.
+   *
+   * <p>Returns the {@link UserHandle}, or null which means that the Android user hosting the
+   * current process will be used.
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
+  @Nullable
+  public UserHandle getTargetUser() {
+    return targetUser;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  /** Fluently builds instances of {@link AndroidComponentAddress}. */
+  public static class Builder {
+    Intent bindIntent;
+    UserHandle targetUser;
+
+    /**
+     * Sets the binding {@link Intent} to one having the "filter matching" fields of 'intent'.
+     *
+     * <p>'intent' must be "explicit", i.e. having either a target component ({@link
+     * Intent#getComponent()}) or package restriction ({@link Intent#getPackage()}).
+     */
+    public Builder setBindIntent(Intent intent) {
+      this.bindIntent = intent.cloneFilter();
+      return this;
+    }
+
+    /**
+     * Sets the binding {@link Intent} to one with the specified 'component' and default values for
+     * all other fields, for convenience.
+     */
+    public Builder setBindIntentFromComponent(ComponentName component) {
+      this.bindIntent = new Intent(ApiConstants.ACTION_BIND).setComponent(component);
+      return this;
+    }
+
+    /** See {@link AndroidComponentAddress#getTargetUser()}. */
+    @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
+    public Builder setTargetUser(@Nullable UserHandle targetUser) {
+      this.targetUser = targetUser;
+      return this;
+    }
+
+    public AndroidComponentAddress build() {
+      // We clone any incoming mutable intent in the setter, not here. AndroidComponentAddress
+      // itself is immutable so multiple instances built from here can safely share 'bindIntent'.
+      checkState(bindIntent != null, "Required property 'bindIntent' unset");
+      return new AndroidComponentAddress(bindIntent, targetUser);
+    }
   }
 }
diff --git a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
index d054c8d8ba6..0b8f0bb4b3f 100644
--- a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
+++ b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
@@ -236,20 +236,28 @@ public BinderChannelBuilder securityPolicy(SecurityPolicy securityPolicy) {
   }
 
   /**
-   * Provides the target {@UserHandle} of the remote Android service.
+   * Specifies the {@link UserHandle} to be searched for the remote Android Service by default.
    *
-   * <p>When targetUserHandle is set, Context.bindServiceAsUser will used and additional Android
-   * permissions will be required. If your usage does not require cross-user communications, please
-   * do not set this field. It is the caller's responsibility to make sure that it holds the
-   * corresponding permissions.
+   * <p>Used only as a fallback if the direct or resolved {@link AndroidComponentAddress} doesn't
+   * specify a {@link UserHandle}. If neither the Channel nor the {@link AndroidComponentAddress}
+   * specifies a target user, the {@link UserHandle} of the current process will be used.
    *
+   * <p>Targeting a Service in a different Android user is uncommon and requires special permissions
+   * normally reserved for system apps. See {@link android.content.Context#bindServiceAsUser} for
+   * details.
+   *
+   * @deprecated This method's name is misleading because it implies an impersonated client identity
+   *     when it's actually specifying part of the server's location. It's also no longer necessary
+   *     since the target user is part of {@link AndroidComponentAddress}. Prefer to specify target
+   *     user in the address instead, either directly or via a {@link io.grpc.NameResolverProvider}.
    * @param targetUserHandle the target user to bind into.
    * @return this
    */
   @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
   @RequiresApi(30)
+  @Deprecated
   public BinderChannelBuilder bindAsUser(UserHandle targetUserHandle) {
-    transportFactoryBuilder.setTargetUserHandle(targetUserHandle);
+    transportFactoryBuilder.setDefaultTargetUserHandle(targetUserHandle);
     return this;
   }
 
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
index 1e2b80b2fdb..3852b21d5c3 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
@@ -50,7 +50,7 @@ public final class BinderClientTransportFactory implements ClientTransportFactor
   final ObjectPool<ScheduledExecutorService> scheduledExecutorPool;
   final ObjectPool<? extends Executor> offloadExecutorPool;
   final SecurityPolicy securityPolicy;
-  @Nullable final UserHandle targetUserHandle;
+  @Nullable final UserHandle defaultTargetUserHandle;
   final BindServiceFlags bindServiceFlags;
   final InboundParcelablePolicy inboundParcelablePolicy;
   final OneWayBinderProxy.Decorator binderDecorator;
@@ -70,7 +70,7 @@ private BinderClientTransportFactory(Builder builder) {
     scheduledExecutorPool = checkNotNull(builder.scheduledExecutorPool);
     offloadExecutorPool = checkNotNull(builder.offloadExecutorPool);
     securityPolicy = checkNotNull(builder.securityPolicy);
-    targetUserHandle = builder.targetUserHandle;
+    defaultTargetUserHandle = builder.defaultTargetUserHandle;
     bindServiceFlags = checkNotNull(builder.bindServiceFlags);
     inboundParcelablePolicy = checkNotNull(builder.inboundParcelablePolicy);
     binderDecorator = checkNotNull(builder.binderDecorator);
@@ -123,7 +123,7 @@ public static final class Builder implements ClientTransportFactoryBuilder {
     ObjectPool<ScheduledExecutorService> scheduledExecutorPool =
         SharedResourcePool.forResource(GrpcUtil.TIMER_SERVICE);
     SecurityPolicy securityPolicy = SecurityPolicies.internalOnly();
-    @Nullable UserHandle targetUserHandle;
+    @Nullable UserHandle defaultTargetUserHandle;
     BindServiceFlags bindServiceFlags = BindServiceFlags.DEFAULTS;
     InboundParcelablePolicy inboundParcelablePolicy = InboundParcelablePolicy.DEFAULT;
     OneWayBinderProxy.Decorator binderDecorator = OneWayBinderProxy.IDENTITY_DECORATOR;
@@ -165,8 +165,8 @@ public Builder setSecurityPolicy(SecurityPolicy securityPolicy) {
       return this;
     }
 
-    public Builder setTargetUserHandle(@Nullable UserHandle targetUserHandle) {
-      this.targetUserHandle = targetUserHandle;
+    public Builder setDefaultTargetUserHandle(@Nullable UserHandle defaultTargetUserHandle) {
+      this.defaultTargetUserHandle = defaultTargetUserHandle;
       return this;
     }
 
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 8c428fac98c..254ad5bb407 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -611,7 +611,9 @@ public BinderClientTransport(
               factory.sourceContext,
               factory.channelCredentials,
               targetAddress.asBindIntent(),
-              factory.targetUserHandle,
+              targetAddress.getTargetUser() != null
+                  ? targetAddress.getTargetUser()
+                  : factory.defaultTargetUserHandle,
               factory.bindServiceFlags.toInteger(),
               this);
     }
diff --git a/binder/src/test/java/io/grpc/binder/AndroidComponentAddressTest.java b/binder/src/test/java/io/grpc/binder/AndroidComponentAddressTest.java
index 6d7e53e5a19..d7d77d7feb1 100644
--- a/binder/src/test/java/io/grpc/binder/AndroidComponentAddressTest.java
+++ b/binder/src/test/java/io/grpc/binder/AndroidComponentAddressTest.java
@@ -18,11 +18,14 @@
 
 import static android.content.Intent.URI_ANDROID_APP_SCHEME;
 import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
 
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.net.Uri;
+import android.os.Parcel;
+import android.os.UserHandle;
 import androidx.test.core.app.ApplicationProvider;
 import com.google.common.testing.EqualsTester;
 import java.net.URISyntaxException;
@@ -83,6 +86,32 @@ public void testAsBindIntent() {
     assertThat(addr.asBindIntent().filterEquals(bindIntent)).isTrue();
   }
 
+  @Test
+  public void testPostCreateIntentMutation() {
+    Intent bindIntent = new Intent().setAction("foo-action").setComponent(hostComponent);
+    AndroidComponentAddress addr = AndroidComponentAddress.forBindIntent(bindIntent);
+    bindIntent.setAction("bar-action");
+    assertThat(addr.asBindIntent().getAction()).isEqualTo("foo-action");
+  }
+
+  @Test
+  public void testPostBuildIntentMutation() {
+    Intent bindIntent = new Intent().setAction("foo-action").setComponent(hostComponent);
+    AndroidComponentAddress addr =
+        AndroidComponentAddress.newBuilder().setBindIntent(bindIntent).build();
+    bindIntent.setAction("bar-action");
+    assertThat(addr.asBindIntent().getAction()).isEqualTo("foo-action");
+  }
+
+  @Test
+  public void testBuilderMissingRequired() {
+    IllegalStateException ise =
+        assertThrows(
+            IllegalStateException.class,
+            () -> AndroidComponentAddress.newBuilder().setTargetUser(newUserHandle(123)).build());
+    assertThat(ise.getMessage()).contains("bindIntent");
+  }
+
   @Test
   @Config(sdk = 30)
   public void testAsAndroidAppUriSdk30() throws URISyntaxException {
@@ -117,13 +146,21 @@ public void testEquality() {
             AndroidComponentAddress.forContext(appContext),
             AndroidComponentAddress.forLocalComponent(appContext, appContext.getClass()),
             AndroidComponentAddress.forRemoteComponent(
-                appContext.getPackageName(), appContext.getClass().getName()))
+                appContext.getPackageName(), appContext.getClass().getName()),
+            AndroidComponentAddress.newBuilder()
+                .setBindIntentFromComponent(hostComponent)
+                .setTargetUser(null)
+                .build())
         .addEqualityGroup(
             AndroidComponentAddress.forRemoteComponent("appy.mcappface", ".McActivity"))
         .addEqualityGroup(AndroidComponentAddress.forLocalComponent(appContext, getClass()))
         .addEqualityGroup(
             AndroidComponentAddress.forBindIntent(
-                new Intent().setAction("custom-action").setComponent(hostComponent)))
+                new Intent().setAction("custom-action").setComponent(hostComponent)),
+            AndroidComponentAddress.newBuilder()
+                .setBindIntent(new Intent().setAction("custom-action").setComponent(hostComponent))
+                .setTargetUser(null)
+                .build())
         .addEqualityGroup(
             AndroidComponentAddress.forBindIntent(
                 new Intent()
@@ -133,6 +170,31 @@ public void testEquality() {
         .testEquals();
   }
 
+  @Test
+  public void testUnequalTargetUsers() {
+    new EqualsTester()
+        .addEqualityGroup(
+            AndroidComponentAddress.newBuilder()
+                .setBindIntentFromComponent(hostComponent)
+                .setTargetUser(newUserHandle(10))
+                .build(),
+            AndroidComponentAddress.newBuilder()
+                .setBindIntentFromComponent(hostComponent)
+                .setTargetUser(newUserHandle(10))
+                .build())
+        .addEqualityGroup(
+            AndroidComponentAddress.newBuilder()
+                .setBindIntentFromComponent(hostComponent)
+                .setTargetUser(newUserHandle(11))
+                .build())
+        .addEqualityGroup(
+            AndroidComponentAddress.newBuilder()
+                .setBindIntentFromComponent(hostComponent)
+                .setTargetUser(null)
+                .build())
+        .testEquals();
+  }
+
   @Test
   @Config(sdk = 30)
   public void testPackageFilterEquality30AndUp() {
@@ -163,4 +225,15 @@ public void testPackageFilterEqualityPre30() {
                     .setComponent(new ComponentName("pkg", "cls"))))
         .testEquals();
   }
+
+  private static UserHandle newUserHandle(int userId) {
+    Parcel parcel = Parcel.obtain();
+    try {
+      parcel.writeInt(userId);
+      parcel.setDataPosition(0);
+      return new UserHandle(parcel);
+    } finally {
+      parcel.recycle();
+    }
+  }
 }

From 32f4cf432a5258af64822e3dadde2778f389c260 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 18 Nov 2024 07:21:06 -0800
Subject: [PATCH 091/591] gae-interop-testing: Upgrade to Java 17

Java 11 is out-of-support on GAE. Unfortunately the docs use the term
"deprecated" as "deleted," not "discouraged." So they talk about it
being deprecated _after_ it is no longer supported.

https://cloud.google.com/appengine/docs/standard/lifecycle/support-schedule#java
https://cloud.google.com/appengine/docs/flexible/lifecycle/support-schedule#java
---
 .../gae-jdk8/src/main/webapp/WEB-INF/appengine-web.xml          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gae-interop-testing/gae-jdk8/src/main/webapp/WEB-INF/appengine-web.xml b/gae-interop-testing/gae-jdk8/src/main/webapp/WEB-INF/appengine-web.xml
index 2fcbe5d8221..715906ada47 100644
--- a/gae-interop-testing/gae-jdk8/src/main/webapp/WEB-INF/appengine-web.xml
+++ b/gae-interop-testing/gae-jdk8/src/main/webapp/WEB-INF/appengine-web.xml
@@ -14,6 +14,6 @@
 <!-- [START config] -->
 <appengine-web-app xmlns='http://appengine.google.com/ns/1.0'>
   <service>java-gae-interop-test</service>
-  <runtime>java11</runtime>
+  <runtime>java17</runtime>
 </appengine-web-app>
 <!-- [END config] -->

From 92de2f34dcbd7efa6f5b74175112d2933253b8b1 Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Sat, 23 Nov 2024 00:50:25 +0530
Subject: [PATCH 092/591] testing: enabled smallLatency test (#11671)

---
 .../src/test/java/io/grpc/testing/integration/ProxyTest.java     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/ProxyTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/ProxyTest.java
index f550d657a12..725e98d0fe3 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/ProxyTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/ProxyTest.java
@@ -62,7 +62,6 @@ public void shutdownTest() throws IOException {
   }
 
   @Test
-  @org.junit.Ignore // flaky. latency commonly too high
   public void smallLatency() throws Exception {
     server = new Server();
     int serverPort = server.init();

From 20d09cee57d3b1445c9903f2eb578d99bcaba81c Mon Sep 17 00:00:00 2001
From: Vindhya Ningegowda <DNVindhya@users.noreply.github.com>
Date: Mon, 25 Nov 2024 16:47:32 -0800
Subject: [PATCH 093/591] xds: Add counter and gauge metrics  (#11661)

Adds the following xDS client metrics defined in [A78](https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md#xdsclient).

Counters
- grpc.xds_client.server_failure
- grpc.xds_client.resource_updates_valid
- grpc.xds_client.resource_updates_invalid

Gauges
- grpc.xds_client.connected
- grpc.xds_client.resources
---
 api/src/main/java/io/grpc/NameResolver.java   |  27 +-
 .../test/java/io/grpc/NameResolverTest.java   |   4 +
 .../io/grpc/internal/ManagedChannelImpl.java  |   5 +-
 .../grpc/internal/ManagedChannelImplTest.java |  25 +
 .../InternalSharedXdsClientPoolProvider.java  |   8 +-
 .../grpc/xds/SharedXdsClientPoolProvider.java |  28 +-
 .../grpc/xds/XdsClientMetricReporterImpl.java | 215 +++++++
 .../io/grpc/xds/XdsClientPoolFactory.java     |   4 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |  14 +-
 .../io/grpc/xds/XdsNameResolverProvider.java  |   3 +-
 .../java/io/grpc/xds/XdsServerWrapper.java    |   5 +-
 .../grpc/xds/client/ControlPlaneClient.java   |  17 +
 .../java/io/grpc/xds/client/XdsClient.java    |  47 +-
 .../io/grpc/xds/client/XdsClientImpl.java     |  68 ++-
 .../xds/client/XdsClientMetricReporter.java   |  48 ++
 .../java/io/grpc/xds/CsdsServiceTest.java     |   4 +-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 573 ++++++++++++++----
 .../xds/SharedXdsClientPoolProviderTest.java  |  17 +-
 .../io/grpc/xds/XdsClientFederationTest.java  |   4 +-
 .../xds/XdsClientMetricReporterImplTest.java  | 394 ++++++++++++
 .../grpc/xds/XdsNameResolverProviderTest.java |   2 +
 .../java/io/grpc/xds/XdsNameResolverTest.java |  49 +-
 .../java/io/grpc/xds/XdsServerTestHelper.java |   4 +-
 23 files changed, 1381 insertions(+), 184 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
 create mode 100644 xds/src/main/java/io/grpc/xds/client/XdsClientMetricReporter.java
 create mode 100644 xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java

diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index a1dea016377..b35601289a3 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -290,6 +290,7 @@ public static final class Args {
     @Nullable private final ChannelLogger channelLogger;
     @Nullable private final Executor executor;
     @Nullable private final String overrideAuthority;
+    @Nullable private final MetricRecorder metricRecorder;
 
     private Args(
         Integer defaultPort,
@@ -299,7 +300,8 @@ private Args(
         @Nullable ScheduledExecutorService scheduledExecutorService,
         @Nullable ChannelLogger channelLogger,
         @Nullable Executor executor,
-        @Nullable String overrideAuthority) {
+        @Nullable String overrideAuthority,
+        @Nullable MetricRecorder metricRecorder) {
       this.defaultPort = checkNotNull(defaultPort, "defaultPort not set");
       this.proxyDetector = checkNotNull(proxyDetector, "proxyDetector not set");
       this.syncContext = checkNotNull(syncContext, "syncContext not set");
@@ -308,6 +310,7 @@ private Args(
       this.channelLogger = channelLogger;
       this.executor = executor;
       this.overrideAuthority = overrideAuthority;
+      this.metricRecorder = metricRecorder;
     }
 
     /**
@@ -405,6 +408,14 @@ public String getOverrideAuthority() {
       return overrideAuthority;
     }
 
+    /**
+     * Returns the {@link MetricRecorder} that the channel uses to record metrics.
+     */
+    @Nullable
+    public MetricRecorder getMetricRecorder() {
+      return metricRecorder;
+    }
+
 
     @Override
     public String toString() {
@@ -417,6 +428,7 @@ public String toString() {
           .add("channelLogger", channelLogger)
           .add("executor", executor)
           .add("overrideAuthority", overrideAuthority)
+          .add("metricRecorder", metricRecorder)
           .toString();
     }
 
@@ -435,6 +447,7 @@ public Builder toBuilder() {
       builder.setChannelLogger(channelLogger);
       builder.setOffloadExecutor(executor);
       builder.setOverrideAuthority(overrideAuthority);
+      builder.setMetricRecorder(metricRecorder);
       return builder;
     }
 
@@ -461,6 +474,7 @@ public static final class Builder {
       private ChannelLogger channelLogger;
       private Executor executor;
       private String overrideAuthority;
+      private MetricRecorder metricRecorder;
 
       Builder() {
       }
@@ -547,6 +561,14 @@ public Builder setOverrideAuthority(String authority) {
         return this;
       }
 
+      /**
+       * See {@link Args#getMetricRecorder()}. This is an optional field.
+       */
+      public Builder setMetricRecorder(MetricRecorder metricRecorder) {
+        this.metricRecorder = metricRecorder;
+        return this;
+      }
+
       /**
        * Builds an {@link Args}.
        *
@@ -556,7 +578,8 @@ public Args build() {
         return
             new Args(
                 defaultPort, proxyDetector, syncContext, serviceConfigParser,
-                scheduledExecutorService, channelLogger, executor, overrideAuthority);
+                scheduledExecutorService, channelLogger, executor, overrideAuthority,
+                metricRecorder);
       }
     }
   }
diff --git a/api/src/test/java/io/grpc/NameResolverTest.java b/api/src/test/java/io/grpc/NameResolverTest.java
index 1bc32ee7b1d..1a7c59f8df5 100644
--- a/api/src/test/java/io/grpc/NameResolverTest.java
+++ b/api/src/test/java/io/grpc/NameResolverTest.java
@@ -64,6 +64,7 @@ public class NameResolverTest {
   private final ChannelLogger channelLogger = mock(ChannelLogger.class);
   private final Executor executor = Executors.newSingleThreadExecutor();
   private final String overrideAuthority = "grpc.io";
+  private final MetricRecorder metricRecorder = new MetricRecorder() {};
   @Mock NameResolver.Listener mockListener;
 
   @Test
@@ -77,6 +78,7 @@ public void args() {
     assertThat(args.getChannelLogger()).isSameInstanceAs(channelLogger);
     assertThat(args.getOffloadExecutor()).isSameInstanceAs(executor);
     assertThat(args.getOverrideAuthority()).isSameInstanceAs(overrideAuthority);
+    assertThat(args.getMetricRecorder()).isSameInstanceAs(metricRecorder);
 
     NameResolver.Args args2 = args.toBuilder().build();
     assertThat(args2.getDefaultPort()).isEqualTo(defaultPort);
@@ -87,6 +89,7 @@ public void args() {
     assertThat(args2.getChannelLogger()).isSameInstanceAs(channelLogger);
     assertThat(args2.getOffloadExecutor()).isSameInstanceAs(executor);
     assertThat(args2.getOverrideAuthority()).isSameInstanceAs(overrideAuthority);
+    assertThat(args.getMetricRecorder()).isSameInstanceAs(metricRecorder);
 
     assertThat(args2).isNotSameInstanceAs(args);
     assertThat(args2).isNotEqualTo(args);
@@ -102,6 +105,7 @@ private NameResolver.Args createArgs() {
         .setChannelLogger(channelLogger)
         .setOffloadExecutor(executor)
         .setOverrideAuthority(overrideAuthority)
+        .setMetricRecorder(metricRecorder)
         .build();
   }
 
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index b89a126517f..88fbf5e2c62 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -589,6 +589,8 @@ ClientStream newSubstream(
             builder.maxHedgedAttempts,
             loadBalancerFactory);
     this.authorityOverride = builder.authorityOverride;
+    this.metricRecorder = new MetricRecorderImpl(builder.metricSinks,
+        MetricInstrumentRegistry.getDefaultRegistry());
     this.nameResolverArgs =
         NameResolver.Args.newBuilder()
             .setDefaultPort(builder.getDefaultPort())
@@ -599,6 +601,7 @@ ClientStream newSubstream(
             .setChannelLogger(channelLogger)
             .setOffloadExecutor(this.offloadExecutorHolder)
             .setOverrideAuthority(this.authorityOverride)
+            .setMetricRecorder(this.metricRecorder)
             .build();
     this.nameResolver = getNameResolver(
         targetUri, authorityOverride, nameResolverProvider, nameResolverArgs);
@@ -671,8 +674,6 @@ public CallTracer create() {
       }
       serviceConfigUpdated = true;
     }
-    this.metricRecorder = new MetricRecorderImpl(builder.metricSinks,
-        MetricInstrumentRegistry.getDefaultRegistry());
   }
 
   @VisibleForTesting
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 16700096827..535086716bd 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -687,6 +687,30 @@ public void metricRecorder_recordsToMetricSink() {
         eq(optionalLabelValues));
   }
 
+  @Test
+  public void metricRecorder_fromNameResolverArgs_recordsToMetricSink() {
+    MetricSink mockSink1 = mock(MetricSink.class);
+    MetricSink mockSink2 = mock(MetricSink.class);
+    channelBuilder.addMetricSink(mockSink1);
+    channelBuilder.addMetricSink(mockSink2);
+    createChannel();
+
+    LongCounterMetricInstrument counter = metricInstrumentRegistry.registerLongCounter(
+        "test_counter", "Time taken by metric recorder", "s",
+        ImmutableList.of("grpc.method"), Collections.emptyList(), false);
+    List<String> requiredLabelValues = ImmutableList.of("testMethod");
+    List<String> optionalLabelValues = Collections.emptyList();
+
+    NameResolver.Args args = helper.getNameResolverArgs();
+    assertThat(args.getMetricRecorder()).isNotNull();
+    args.getMetricRecorder()
+        .addLongCounter(counter, 10, requiredLabelValues, optionalLabelValues);
+    verify(mockSink1).addLongCounter(eq(counter), eq(10L), eq(requiredLabelValues),
+        eq(optionalLabelValues));
+    verify(mockSink2).addLongCounter(eq(counter), eq(10L), eq(requiredLabelValues),
+        eq(optionalLabelValues));
+  }
+
   @Test
   public void shutdownWithNoTransportsEverCreated() {
     channelBuilder.nameResolverFactory(
@@ -2240,6 +2264,7 @@ public void lbHelper_getNameResolverArgs() {
     assertThat(args.getSynchronizationContext())
         .isSameInstanceAs(helper.getSynchronizationContext());
     assertThat(args.getServiceConfigParser()).isNotNull();
+    assertThat(args.getMetricRecorder()).isNotNull();
   }
 
   @Test
diff --git a/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
index 0073cce1a88..85b59fabfa0 100644
--- a/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import io.grpc.Internal;
+import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsInitializationException;
@@ -36,6 +37,11 @@ public static void setDefaultProviderBootstrapOverride(Map<String, ?> bootstrap)
 
   public static ObjectPool<XdsClient> getOrCreate(String target)
       throws XdsInitializationException {
-    return SharedXdsClientPoolProvider.getDefaultProvider().getOrCreate(target);
+    return getOrCreate(target, new MetricRecorder() {});
+  }
+
+  public static ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
+      throws XdsInitializationException {
+    return SharedXdsClientPoolProvider.getDefaultProvider().getOrCreate(target, metricRecorder);
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
index c9195896d82..779349744ff 100644
--- a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
@@ -21,6 +21,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
+import io.grpc.MetricRecorder;
 import io.grpc.internal.ExponentialBackoffPolicy;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ObjectPool;
@@ -51,6 +52,8 @@ final class SharedXdsClientPoolProvider implements XdsClientPoolFactory {
   private static final boolean LOG_XDS_NODE_ID = Boolean.parseBoolean(
       System.getenv("GRPC_LOG_XDS_NODE_ID"));
   private static final Logger log = Logger.getLogger(XdsClientImpl.class.getName());
+  private static final ExponentialBackoffPolicy.Provider BACKOFF_POLICY_PROVIDER =
+      new ExponentialBackoffPolicy.Provider();
 
   private final Bootstrapper bootstrapper;
   private final Object lock = new Object();
@@ -82,7 +85,8 @@ public ObjectPool<XdsClient> get(String target) {
   }
 
   @Override
-  public ObjectPool<XdsClient> getOrCreate(String target) throws XdsInitializationException {
+  public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
+      throws XdsInitializationException {
     ObjectPool<XdsClient> ref = targetToXdsClientMap.get(target);
     if (ref == null) {
       synchronized (lock) {
@@ -98,7 +102,7 @@ public ObjectPool<XdsClient> getOrCreate(String target) throws XdsInitialization
           if (bootstrapInfo.servers().isEmpty()) {
             throw new XdsInitializationException("No xDS server provided");
           }
-          ref = new RefCountedXdsClientObjectPool(bootstrapInfo, target);
+          ref = new RefCountedXdsClientObjectPool(bootstrapInfo, target, metricRecorder);
           targetToXdsClientMap.put(target, ref);
         }
       }
@@ -111,19 +115,17 @@ public ImmutableList<String> getTargets() {
     return ImmutableList.copyOf(targetToXdsClientMap.keySet());
   }
 
-
   private static class SharedXdsClientPoolProviderHolder {
     private static final SharedXdsClientPoolProvider instance = new SharedXdsClientPoolProvider();
   }
 
   @ThreadSafe
   @VisibleForTesting
-  static class RefCountedXdsClientObjectPool implements ObjectPool<XdsClient> {
+  class RefCountedXdsClientObjectPool implements ObjectPool<XdsClient> {
 
-    private static final ExponentialBackoffPolicy.Provider BACKOFF_POLICY_PROVIDER =
-        new ExponentialBackoffPolicy.Provider();
     private final BootstrapInfo bootstrapInfo;
     private final String target; // The target associated with the xDS client.
+    private final MetricRecorder metricRecorder;
     private final Object lock = new Object();
     @GuardedBy("lock")
     private ScheduledExecutorService scheduler;
@@ -131,11 +133,15 @@ static class RefCountedXdsClientObjectPool implements ObjectPool<XdsClient> {
     private XdsClient xdsClient;
     @GuardedBy("lock")
     private int refCount;
+    @GuardedBy("lock")
+    private XdsClientMetricReporterImpl metricReporter;
 
     @VisibleForTesting
-    RefCountedXdsClientObjectPool(BootstrapInfo bootstrapInfo, String target) {
+    RefCountedXdsClientObjectPool(BootstrapInfo bootstrapInfo, String target,
+        MetricRecorder metricRecorder) {
       this.bootstrapInfo = checkNotNull(bootstrapInfo);
       this.target = target;
+      this.metricRecorder = metricRecorder;
     }
 
     @Override
@@ -146,6 +152,7 @@ public XdsClient getObject() {
             log.log(Level.INFO, "xDS node ID: {0}", bootstrapInfo.node().getId());
           }
           scheduler = SharedResourceHolder.get(GrpcUtil.TIMER_SERVICE);
+          metricReporter = new XdsClientMetricReporterImpl(metricRecorder, target);
           xdsClient = new XdsClientImpl(
               DEFAULT_XDS_TRANSPORT_FACTORY,
               bootstrapInfo,
@@ -154,7 +161,9 @@ public XdsClient getObject() {
               GrpcUtil.STOPWATCH_SUPPLIER,
               TimeProvider.SYSTEM_TIME_PROVIDER,
               MessagePrinter.INSTANCE,
-              new TlsContextManagerImpl(bootstrapInfo));
+              new TlsContextManagerImpl(bootstrapInfo),
+              metricReporter);
+          metricReporter.setXdsClient(xdsClient);
         }
         refCount++;
         return xdsClient;
@@ -168,6 +177,9 @@ public XdsClient returnObject(Object object) {
         if (refCount == 0) {
           xdsClient.shutdown();
           xdsClient = null;
+          metricReporter.close();
+          metricReporter = null;
+          targetToXdsClientMap.remove(target);
           scheduler = SharedResourceHolder.release(GrpcUtil.TIMER_SERVICE, scheduler);
         }
         return null;
diff --git a/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java b/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
new file mode 100644
index 00000000000..fa88237a7ea
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
@@ -0,0 +1,215 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.util.concurrent.ListenableFuture;
+import io.grpc.LongCounterMetricInstrument;
+import io.grpc.LongGaugeMetricInstrument;
+import io.grpc.MetricInstrumentRegistry;
+import io.grpc.MetricRecorder;
+import io.grpc.MetricRecorder.BatchCallback;
+import io.grpc.MetricRecorder.BatchRecorder;
+import io.grpc.MetricRecorder.Registration;
+import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsClient.ResourceMetadata;
+import io.grpc.xds.client.XdsClient.ResourceMetadata.ResourceMetadataStatus;
+import io.grpc.xds.client.XdsClient.ServerConnectionCallback;
+import io.grpc.xds.client.XdsClientMetricReporter;
+import io.grpc.xds.client.XdsResourceType;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.annotation.Nullable;
+
+/**
+ * XdsClientMetricReporter implementation.
+ */
+final class XdsClientMetricReporterImpl implements XdsClientMetricReporter {
+
+  private static final Logger logger = Logger.getLogger(
+      XdsClientMetricReporterImpl.class.getName());
+  private static final LongCounterMetricInstrument SERVER_FAILURE_COUNTER;
+  private static final LongCounterMetricInstrument RESOURCE_UPDATES_VALID_COUNTER;
+  private static final LongCounterMetricInstrument RESOURCE_UPDATES_INVALID_COUNTER;
+  private static final LongGaugeMetricInstrument CONNECTED_GAUGE;
+  private static final LongGaugeMetricInstrument RESOURCES_GAUGE;
+
+  private final MetricRecorder metricRecorder;
+  private final String target;
+  @Nullable
+  private Registration gaugeRegistration = null;
+
+  static {
+    MetricInstrumentRegistry metricInstrumentRegistry
+        = MetricInstrumentRegistry.getDefaultRegistry();
+    SERVER_FAILURE_COUNTER = metricInstrumentRegistry.registerLongCounter(
+       "grpc.xds_client.server_failure",
+        "EXPERIMENTAL. A counter of xDS servers going from healthy to unhealthy. A server goes"
+            + " unhealthy when we have a connectivity failure or when the ADS stream fails without"
+            + " seeing a response message, as per gRFC A57.", "{failure}",
+        Arrays.asList("grpc.target", "grpc.xds.server"), Collections.emptyList(), false);
+    RESOURCE_UPDATES_VALID_COUNTER = metricInstrumentRegistry.registerLongCounter(
+        "grpc.xds_client.resource_updates_valid",
+        "EXPERIMENTAL. A counter of resources received that were considered valid. The counter will"
+            + " be incremented even for resources that have not changed.", "{resource}",
+        Arrays.asList("grpc.target", "grpc.xds.server", "grpc.xds.resource_type"),
+        Collections.emptyList(), false);
+    RESOURCE_UPDATES_INVALID_COUNTER = metricInstrumentRegistry.registerLongCounter(
+        "grpc.xds_client.resource_updates_invalid",
+        "EXPERIMENTAL. A counter of resources received that were considered invalid.", "{resource}",
+        Arrays.asList("grpc.target", "grpc.xds.server", "grpc.xds.resource_type"),
+        Collections.emptyList(), false);
+    CONNECTED_GAUGE = metricInstrumentRegistry.registerLongGauge("grpc.xds_client.connected",
+        "EXPERIMENTAL. Whether or not the xDS client currently has a working ADS stream to the xDS"
+            + " server. For a given server, this will be set to 1 when the stream is initially"
+            + " created. It will be set to 0 when we have a connectivity failure or when the ADS"
+            + " stream fails without seeing a response message, as per gRFC A57. Once set to 0, it"
+            + " will be reset to 1 when we receive the first response on an ADS stream.", "{bool}",
+        Arrays.asList("grpc.target", "grpc.xds.server"), Collections.emptyList(), false);
+    RESOURCES_GAUGE = metricInstrumentRegistry.registerLongGauge("grpc.xds_client.resources",
+        "EXPERIMENTAL.  Number of xDS resources.", "{resource}",
+        Arrays.asList("grpc.target", "grpc.xds.authority", "grpc.xds.cache_state",
+            "grpc.xds.resource_type"), Collections.emptyList(), false);
+  }
+
+  XdsClientMetricReporterImpl(MetricRecorder metricRecorder, String target) {
+    this.metricRecorder = metricRecorder;
+    this.target = target;
+  }
+
+  @Override
+  public void reportResourceUpdates(long validResourceCount, long invalidResourceCount,
+      String xdsServer, String resourceType) {
+    metricRecorder.addLongCounter(RESOURCE_UPDATES_VALID_COUNTER, validResourceCount,
+        Arrays.asList(target, xdsServer, resourceType), Collections.emptyList());
+    metricRecorder.addLongCounter(RESOURCE_UPDATES_INVALID_COUNTER, invalidResourceCount,
+        Arrays.asList(target, xdsServer, resourceType), Collections.emptyList());
+  }
+
+  @Override
+  public void reportServerFailure(long serverFailure, String xdsServer) {
+    metricRecorder.addLongCounter(SERVER_FAILURE_COUNTER, serverFailure,
+        Arrays.asList(target, xdsServer), Collections.emptyList());
+  }
+
+  void setXdsClient(XdsClient xdsClient) {
+    assert gaugeRegistration == null;
+    // register gauge here
+    this.gaugeRegistration = metricRecorder.registerBatchCallback(new BatchCallback() {
+      @Override
+      public void accept(BatchRecorder recorder) {
+        reportCallbackMetrics(recorder, xdsClient);
+      }
+    }, CONNECTED_GAUGE, RESOURCES_GAUGE);
+  }
+
+  void close() {
+    if (gaugeRegistration != null) {
+      gaugeRegistration.close();
+      gaugeRegistration = null;
+    }
+  }
+
+  void reportCallbackMetrics(BatchRecorder recorder, XdsClient xdsClient) {
+    MetricReporterCallback callback = new MetricReporterCallback(recorder, target);
+    try {
+      Future<Void> reportServerConnectionsCompleted = xdsClient.reportServerConnections(callback);
+
+      ListenableFuture<Map<XdsResourceType<?>, Map<String, ResourceMetadata>>>
+          getResourceMetadataCompleted = xdsClient.getSubscribedResourcesMetadataSnapshot();
+
+      Map<XdsResourceType<?>, Map<String, ResourceMetadata>> metadataByType =
+          getResourceMetadataCompleted.get(10, TimeUnit.SECONDS);
+
+      computeAndReportResourceCounts(metadataByType, callback);
+
+      // Normally this shouldn't take long, but adding a timeout to avoid indefinite blocking
+      Void unused = reportServerConnectionsCompleted.get(5, TimeUnit.SECONDS);
+    } catch (ExecutionException | TimeoutException | InterruptedException e) {
+      if (e instanceof InterruptedException) {
+        Thread.currentThread().interrupt(); // re-set the current thread's interruption state
+      }
+      logger.log(Level.WARNING, "Failed to report gauge metrics", e);
+    }
+  }
+
+  private void computeAndReportResourceCounts(
+      Map<XdsResourceType<?>, Map<String, ResourceMetadata>> metadataByType,
+      MetricReporterCallback callback) {
+    for (Map.Entry<XdsResourceType<?>, Map<String, ResourceMetadata>> metadataByTypeEntry :
+        metadataByType.entrySet()) {
+      XdsResourceType<?> type = metadataByTypeEntry.getKey();
+
+      Map<String, Long> resourceCountsByState = new HashMap<>();
+      for (ResourceMetadata metadata : metadataByTypeEntry.getValue().values()) {
+        String cacheState = cacheStateFromResourceStatus(metadata.getStatus(), metadata.isCached());
+        resourceCountsByState.compute(cacheState, (k, v) -> (v == null) ? 1 : v + 1);
+      }
+
+      resourceCountsByState.forEach((cacheState, count) ->
+          callback.reportResourceCountGauge(count, cacheState, type.typeUrl()));
+    }
+  }
+
+  private static String cacheStateFromResourceStatus(ResourceMetadataStatus metadataStatus,
+      boolean isResourceCached) {
+    switch (metadataStatus) {
+      case REQUESTED:
+        return "requested";
+      case DOES_NOT_EXIST:
+        return "does_not_exist";
+      case ACKED:
+        return "acked";
+      case NACKED:
+        return isResourceCached ? "nacked_but_cached" : "nacked";
+      default:
+        return "unknown";
+    }
+  }
+
+  @VisibleForTesting
+  static final class MetricReporterCallback implements ServerConnectionCallback {
+    private final BatchRecorder recorder;
+    private final String target;
+
+    MetricReporterCallback(BatchRecorder recorder, String target) {
+      this.recorder = recorder;
+      this.target = target;
+    }
+
+    // TODO(dnvindhya): include the "authority" label once xds.authority is available.
+    void reportResourceCountGauge(long resourceCount, String cacheState,
+        String resourceType) {
+      recorder.recordLongGauge(RESOURCES_GAUGE, resourceCount,
+          Arrays.asList(target, cacheState, resourceType), Collections.emptyList());
+    }
+
+    @Override
+    public void reportServerConnectionGauge(boolean isConnected, String xdsServer) {
+      recorder.recordLongGauge(CONNECTED_GAUGE, isConnected ? 1 : 0,
+          Arrays.asList(target, xdsServer), Collections.emptyList());
+    }
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/XdsClientPoolFactory.java b/xds/src/main/java/io/grpc/xds/XdsClientPoolFactory.java
index 313eb675116..f10d6504d79 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClientPoolFactory.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClientPoolFactory.java
@@ -16,6 +16,7 @@
 
 package io.grpc.xds;
 
+import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsInitializationException;
@@ -29,7 +30,8 @@ interface XdsClientPoolFactory {
   @Nullable
   ObjectPool<XdsClient> get(String target);
 
-  ObjectPool<XdsClient> getOrCreate(String target) throws XdsInitializationException;
+  ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
+      throws XdsInitializationException;
 
   List<String> getTargets();
 }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 0beb6dc2483..c51709c174c 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -41,6 +41,7 @@
 import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.MetricRecorder;
 import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.Status.Code;
@@ -125,6 +126,7 @@ final class XdsNameResolver extends NameResolver {
   private final ConcurrentMap<String, ClusterRefState> clusterRefs = new ConcurrentHashMap<>();
   private final ConfigSelector configSelector = new ConfigSelector();
   private final long randomChannelId;
+  private final MetricRecorder metricRecorder;
 
   private volatile RoutingConfig routingConfig = RoutingConfig.empty;
   private Listener2 listener;
@@ -140,10 +142,12 @@ final class XdsNameResolver extends NameResolver {
       URI targetUri, String name, @Nullable String overrideAuthority,
       ServiceConfigParser serviceConfigParser,
       SynchronizationContext syncContext, ScheduledExecutorService scheduler,
-      @Nullable Map<String, ?> bootstrapOverride) {
+      @Nullable Map<String, ?> bootstrapOverride,
+      MetricRecorder metricRecorder) {
     this(targetUri, targetUri.getAuthority(), name, overrideAuthority, serviceConfigParser,
         syncContext, scheduler, SharedXdsClientPoolProvider.getDefaultProvider(),
-        ThreadSafeRandomImpl.instance, FilterRegistry.getDefaultRegistry(), bootstrapOverride);
+        ThreadSafeRandomImpl.instance, FilterRegistry.getDefaultRegistry(), bootstrapOverride,
+        metricRecorder);
   }
 
   @VisibleForTesting
@@ -152,7 +156,8 @@ final class XdsNameResolver extends NameResolver {
       @Nullable String overrideAuthority, ServiceConfigParser serviceConfigParser,
       SynchronizationContext syncContext, ScheduledExecutorService scheduler,
       XdsClientPoolFactory xdsClientPoolFactory, ThreadSafeRandom random,
-      FilterRegistry filterRegistry, @Nullable Map<String, ?> bootstrapOverride) {
+      FilterRegistry filterRegistry, @Nullable Map<String, ?> bootstrapOverride,
+      MetricRecorder metricRecorder) {
     this.targetAuthority = targetAuthority;
     target = targetUri.toString();
 
@@ -170,6 +175,7 @@ final class XdsNameResolver extends NameResolver {
     this.xdsClientPoolFactory.setBootstrapOverride(bootstrapOverride);
     this.random = checkNotNull(random, "random");
     this.filterRegistry = checkNotNull(filterRegistry, "filterRegistry");
+    this.metricRecorder = metricRecorder;
     randomChannelId = random.nextLong();
     logId = InternalLogId.allocate("xds-resolver", name);
     logger = XdsLogger.withLogId(logId);
@@ -185,7 +191,7 @@ public String getServiceAuthority() {
   public void start(Listener2 listener) {
     this.listener = checkNotNull(listener, "listener");
     try {
-      xdsClientPool = xdsClientPoolFactory.getOrCreate(target);
+      xdsClientPool = xdsClientPoolFactory.getOrCreate(target, metricRecorder);
     } catch (Exception e) {
       listener.onError(
           Status.UNAVAILABLE.withDescription("Failed to initialize xDS").withCause(e));
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
index 8d0e59eaa91..74518331269 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
@@ -81,7 +81,8 @@ public XdsNameResolver newNameResolver(URI targetUri, Args args) {
           targetUri, name, args.getOverrideAuthority(),
           args.getServiceConfigParser(), args.getSynchronizationContext(),
           args.getScheduledExecutorService(),
-          bootstrapOverride);
+          bootstrapOverride,
+          args.getMetricRecorder());
     }
     return null;
   }
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index bd622a71124..8c03e64f185 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -29,6 +29,7 @@
 import io.grpc.InternalServerInterceptors;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.MetricRecorder;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.ServerCall;
@@ -171,7 +172,9 @@ public void run() {
 
   private void internalStart() {
     try {
-      xdsClientPool = xdsClientPoolFactory.getOrCreate("");
+      // TODO(dnvindhya): Add "#server" as "grpc.target" attribute value for
+      // xDS enabled servers.
+      xdsClientPool = xdsClientPoolFactory.getOrCreate("", new MetricRecorder() {});
     } catch (Exception e) {
       StatusException statusException = Status.UNAVAILABLE.withDescription(
               "Failed to initialize xDS").withCause(e).asException();
diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index 5ac979277c4..62076fb8bf1 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -78,6 +78,7 @@ final class ControlPlaneClient {
   private final Map<XdsResourceType<?>, String> versions = new HashMap<>();
 
   private boolean shutdown;
+  private boolean streamClosedNoResponse;
   @Nullable
   private AdsStream adsStream;
   @Nullable
@@ -224,6 +225,19 @@ void readyHandler() {
     xdsClient.startSubscriberTimersIfNeeded(serverInfo);
   }
 
+  /**
+   * Indicates whether there is an active ADS stream.
+   *
+   * <p>Return {@code true} when the {@code AdsStream} is created.
+   * {@code false} when the ADS stream fails without a response. Resets to true
+   * upon receiving the first response on a new ADS stream.
+   */
+  // Must be synchronized
+  boolean hasWorkingAdsStream() {
+    return !streamClosedNoResponse;
+  }
+
+
   /**
    * Establishes the RPC connection by creating a new RPC stream on the given channel for
    * xDS protocol communication.
@@ -332,6 +346,8 @@ public void onRecvMessage(DiscoveryResponse response) {
       syncContext.execute(new Runnable() {
         @Override
         public void run() {
+          // Reset flag as message has been received on a stream
+          streamClosedNoResponse = false;
           XdsResourceType<?> type = fromTypeUrl(response.getTypeUrl());
           if (logger.isLoggable(XdsLogLevel.DEBUG)) {
             logger.log(
@@ -408,6 +424,7 @@ private void handleRpcStreamClosed(Status status) {
               "ADS stream closed by server after a response was received");
         }
       } else {
+        streamClosedNoResponse = true;
         // If the ADS stream is closed without ever having received a response from the server, then
         // the XdsClient should consider that a connectivity error (see gRFC A57).
         if (status.isOk()) {
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index fc7e1777384..06f15005c22 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -36,6 +36,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Executor;
+import java.util.concurrent.Future;
 import java.util.concurrent.atomic.AtomicInteger;
 import javax.annotation.Nullable;
 
@@ -154,44 +155,46 @@ public static final class ResourceMetadata {
     private final String version;
     private final ResourceMetadataStatus status;
     private final long updateTimeNanos;
+    private final boolean cached;
     @Nullable private final Any rawResource;
     @Nullable private final UpdateFailureState errorState;
 
     private ResourceMetadata(
-        ResourceMetadataStatus status, String version, long updateTimeNanos,
+        ResourceMetadataStatus status, String version, long updateTimeNanos, boolean cached,
         @Nullable Any rawResource, @Nullable UpdateFailureState errorState) {
       this.status = checkNotNull(status, "status");
       this.version = checkNotNull(version, "version");
       this.updateTimeNanos = updateTimeNanos;
+      this.cached = cached;
       this.rawResource = rawResource;
       this.errorState = errorState;
     }
 
-    static ResourceMetadata newResourceMetadataUnknown() {
-      return new ResourceMetadata(ResourceMetadataStatus.UNKNOWN, "", 0, null, null);
+    public static ResourceMetadata newResourceMetadataUnknown() {
+      return new ResourceMetadata(ResourceMetadataStatus.UNKNOWN, "", 0, false,null, null);
     }
 
-    static ResourceMetadata newResourceMetadataRequested() {
-      return new ResourceMetadata(ResourceMetadataStatus.REQUESTED, "", 0, null, null);
+    public static ResourceMetadata newResourceMetadataRequested() {
+      return new ResourceMetadata(ResourceMetadataStatus.REQUESTED, "", 0, false, null, null);
     }
 
-    static ResourceMetadata newResourceMetadataDoesNotExist() {
-      return new ResourceMetadata(ResourceMetadataStatus.DOES_NOT_EXIST, "", 0, null, null);
+    public static ResourceMetadata newResourceMetadataDoesNotExist() {
+      return new ResourceMetadata(ResourceMetadataStatus.DOES_NOT_EXIST, "", 0, false, null, null);
     }
 
     public static ResourceMetadata newResourceMetadataAcked(
         Any rawResource, String version, long updateTimeNanos) {
       checkNotNull(rawResource, "rawResource");
       return new ResourceMetadata(
-          ResourceMetadataStatus.ACKED, version, updateTimeNanos, rawResource, null);
+          ResourceMetadataStatus.ACKED, version, updateTimeNanos, true, rawResource, null);
     }
 
-    static ResourceMetadata newResourceMetadataNacked(
+    public static ResourceMetadata newResourceMetadataNacked(
         ResourceMetadata metadata, String failedVersion, long failedUpdateTime,
-        String failedDetails) {
+        String failedDetails, boolean cached) {
       checkNotNull(metadata, "metadata");
       return new ResourceMetadata(ResourceMetadataStatus.NACKED,
-          metadata.getVersion(), metadata.getUpdateTimeNanos(), metadata.getRawResource(),
+          metadata.getVersion(), metadata.getUpdateTimeNanos(), cached, metadata.getRawResource(),
           new UpdateFailureState(failedVersion, failedUpdateTime, failedDetails));
     }
 
@@ -210,6 +213,11 @@ public long getUpdateTimeNanos() {
       return updateTimeNanos;
     }
 
+    /** Returns whether the resource was cached. */
+    public boolean isCached() {
+      return cached;
+    }
+
     /** The last successfully updated xDS resource as it was returned by the server. */
     @Nullable
     public Any getRawResource() {
@@ -378,6 +386,23 @@ public Map<Bootstrapper.ServerInfo, LoadReportClient> getServerLrsClientMap() {
     throw new UnsupportedOperationException();
   }
 
+  /** Callback used to report a gauge metric value for server connections. */
+  public interface ServerConnectionCallback {
+    void reportServerConnectionGauge(boolean isConnected, String xdsServer);
+  }
+
+  /**
+   * Reports whether xDS client has a "working" ADS stream to xDS server. The definition of a
+   * working stream is defined in gRFC A78.
+   *
+   * @see <a
+   *     href="https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md#xdsclient">
+   *     A78-grpc-metrics-wrr-pf-xds.md</a>
+   */
+  public Future<Void> reportServerConnections(ServerConnectionCallback callback) {
+    throw new UnsupportedOperationException();
+  }
+
   static final class ProcessingTracker {
     private final AtomicInteger pendingTask = new AtomicInteger(1);
     private final Executor executor;
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index e2380b9ed73..529ac2747df 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -41,7 +41,6 @@
 import io.grpc.xds.client.Bootstrapper.AuthorityInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.XdsClient.ResourceStore;
-import io.grpc.xds.client.XdsClient.XdsResponseHandler;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
 import java.net.URI;
 import java.util.Collection;
@@ -52,6 +51,7 @@
 import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.Executor;
+import java.util.concurrent.Future;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
@@ -60,7 +60,7 @@
  * XdsClient implementation.
  */
 @Internal
-public final class XdsClientImpl extends XdsClient implements XdsResponseHandler, ResourceStore {
+public final class XdsClientImpl extends XdsClient implements ResourceStore {
 
   // Longest time to wait, since the subscription to some resource, for concluding its absence.
   @VisibleForTesting
@@ -100,6 +100,7 @@ public void uncaughtException(Thread t, Throwable e) {
   private final XdsLogger logger;
   private volatile boolean isShutdown;
   private final MessagePrettyPrinter messagePrinter;
+  private final XdsClientMetricReporter metricReporter;
 
   public XdsClientImpl(
       XdsTransportFactory xdsTransportFactory,
@@ -109,7 +110,8 @@ public XdsClientImpl(
       Supplier<Stopwatch> stopwatchSupplier,
       TimeProvider timeProvider,
       MessagePrettyPrinter messagePrinter,
-      Object securityConfig) {
+      Object securityConfig,
+      XdsClientMetricReporter metricReporter) {
     this.xdsTransportFactory = xdsTransportFactory;
     this.bootstrapInfo = bootstrapInfo;
     this.timeService = timeService;
@@ -118,13 +120,13 @@ public XdsClientImpl(
     this.timeProvider = timeProvider;
     this.messagePrinter = messagePrinter;
     this.securityConfig = securityConfig;
+    this.metricReporter = metricReporter;
     logId = InternalLogId.allocate("xds-client", null);
     logger = XdsLogger.withLogId(logId);
     logger.log(XdsLogLevel.INFO, "Created");
   }
 
-  @Override
-  public void handleResourceResponse(
+  private void handleResourceResponse(
       XdsResourceType<?> xdsResourceType, ServerInfo serverInfo, String versionInfo,
       List<Any> resources, String nonce, ProcessingTracker processingTracker) {
     checkNotNull(xdsResourceType, "xdsResourceType");
@@ -138,11 +140,11 @@ public void handleResourceResponse(
     handleResourceUpdate(args, resources, xdsResourceType, processingTracker);
   }
 
-  @Override
-  public void handleStreamClosed(Status error) {
+  private void handleStreamClosed(Status error, ServerInfo serverInfo) {
     syncContext.throwIfNotInThisSynchronizationContext();
     cleanUpResourceTimers();
     if (!error.isOk()) {
+      metricReporter.reportServerFailure(1L, serverInfo.target());
       for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap :
           resourceSubscribers.values()) {
         for (ResourceSubscriber<? extends ResourceUpdate> subscriber : subscriberMap.values()) {
@@ -154,8 +156,7 @@ public void handleStreamClosed(Status error) {
     }
   }
 
-  @Override
-  public void handleStreamRestarted(ServerInfo serverInfo) {
+  private void handleStreamRestarted(ServerInfo serverInfo) {
     syncContext.throwIfNotInThisSynchronizationContext();
     for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap :
         resourceSubscribers.values()) {
@@ -394,7 +395,27 @@ public ControlPlaneClient getOrCreateControlPlaneClient(ServerInfo serverInfo) {
         xdsTransport,
         serverInfo,
         bootstrapInfo.node(),
-        this,
+        new XdsResponseHandler() {
+
+          @Override
+          public void handleResourceResponse(
+              XdsResourceType<?> resourceType, ServerInfo serverInfo, String versionInfo,
+              List<Any> resources, String nonce, ProcessingTracker processingTracker) {
+            XdsClientImpl.this.handleResourceResponse(resourceType, serverInfo, versionInfo,
+                resources, nonce,
+                processingTracker);
+          }
+
+          @Override
+          public void handleStreamClosed(Status error) {
+            XdsClientImpl.this.handleStreamClosed(error, serverInfo);
+          }
+
+          @Override
+          public void handleStreamRestarted(ServerInfo serverInfo) {
+            XdsClientImpl.this.handleStreamRestarted(serverInfo);
+          }
+        },
         this,
         timeService,
         syncContext,
@@ -448,6 +469,10 @@ private <T extends ResourceUpdate> void handleResourceUpdate(
          xdsResourceType.typeName(), args.versionInfo, args.nonce, result.unpackedResources);
     Map<String, ParsedResource<T>> parsedResources = result.parsedResources;
     Set<String> invalidResources = result.invalidResources;
+    metricReporter.reportResourceUpdates(Long.valueOf(parsedResources.size()),
+        Long.valueOf(invalidResources.size()),
+        args.getServerInfo().target(), xdsResourceType.typeUrl());
+
     List<String> errors = result.errors;
     String errorDetail = null;
     if (errors.isEmpty()) {
@@ -504,9 +529,19 @@ private <T extends ResourceUpdate> void handleResourceUpdate(
     }
   }
 
-  /**
-   * Tracks a single subscribed resource.
-   */
+  @Override
+  public Future<Void> reportServerConnections(ServerConnectionCallback callback) {
+    SettableFuture<Void> future = SettableFuture.create();
+    syncContext.execute(() -> {
+      serverCpClientMap.forEach((serverInfo, controlPlaneClient) ->
+          callback.reportServerConnectionGauge(
+              controlPlaneClient.hasWorkingAdsStream(), serverInfo.target()));
+      future.set(null);
+    });
+    return future;
+  }
+
+  /** Tracks a single subscribed resource. */
   private final class ResourceSubscriber<T extends ResourceUpdate> {
     @Nullable private final ServerInfo serverInfo;
     @Nullable private final ControlPlaneClient controlPlaneClient;
@@ -644,10 +679,10 @@ void onData(ParsedResource<T> parsedResource, String version, long updateTime,
         respTimer.cancel();
         respTimer = null;
       }
-      this.metadata = ResourceMetadata
-          .newResourceMetadataAcked(parsedResource.getRawResource(), version, updateTime);
       ResourceUpdate oldData = this.data;
       this.data = parsedResource.getResourceUpdate();
+      this.metadata = ResourceMetadata
+          .newResourceMetadataAcked(parsedResource.getRawResource(), version, updateTime);
       absent = false;
       if (resourceDeletionIgnored) {
         logger.log(XdsLogLevel.FORCE_INFO, "xds server {0}: server returned new version "
@@ -741,7 +776,8 @@ void onError(Status error, @Nullable ProcessingTracker tracker) {
 
     void onRejected(String rejectedVersion, long rejectedTime, String rejectedDetails) {
       metadata = ResourceMetadata
-          .newResourceMetadataNacked(metadata, rejectedVersion, rejectedTime, rejectedDetails);
+          .newResourceMetadataNacked(metadata, rejectedVersion, rejectedTime, rejectedDetails,
+              data != null);
     }
 
     private void notifyWatcher(ResourceWatcher<T> watcher, T update) {
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientMetricReporter.java b/xds/src/main/java/io/grpc/xds/client/XdsClientMetricReporter.java
new file mode 100644
index 00000000000..a044d501759
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientMetricReporter.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.client;
+
+import io.grpc.Internal;
+
+/**
+ * Interface for reporting metrics from the xDS client.
+ */
+@Internal
+public interface XdsClientMetricReporter {
+
+  /**
+   * Reports number of valid and invalid resources.
+   *
+   * @param validResourceCount Number of resources that were valid.
+   * @param invalidResourceCount Number of resources that were invalid.
+   * @param xdsServer Target URI of the xDS server with which the XdsClient is communicating.
+   * @param resourceType Type of XDS resource (e.g., "envoy.config.listener.v3.Listener").
+   */
+  default void reportResourceUpdates(long validResourceCount, long invalidResourceCount,
+      String xdsServer, String resourceType) {
+  }
+
+  /**
+   * Reports number of xDS servers going from healthy to unhealthy.
+   *
+   * @param serverFailure Number of xDS server failures.
+   * @param xdsServer Target URI of the xDS server with which the XdsClient is communicating.
+   */
+  default void reportServerFailure(long serverFailure, String xdsServer) {
+  }
+
+}
diff --git a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
index 8166027033f..7c6821dc560 100644
--- a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
+++ b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
@@ -39,6 +39,7 @@
 import io.envoyproxy.envoy.type.matcher.v3.NodeMatcher;
 import io.grpc.Deadline;
 import io.grpc.InsecureChannelCredentials;
+import io.grpc.MetricRecorder;
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.StatusRuntimeException;
@@ -553,8 +554,9 @@ public void setBootstrapOverride(Map<String, ?> bootstrap) {
       throw new UnsupportedOperationException("Should not be called");
     }
 
+
     @Override
-    public ObjectPool<XdsClient> getOrCreate(String target) {
+    public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder) {
       throw new UnsupportedOperationException("Should not be called");
     }
   }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 8ecb40383b1..198faea7fdc 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -95,7 +95,9 @@
 import io.grpc.xds.client.XdsClient.ResourceMetadata.UpdateFailureState;
 import io.grpc.xds.client.XdsClient.ResourceUpdate;
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
+import io.grpc.xds.client.XdsClient.ServerConnectionCallback;
 import io.grpc.xds.client.XdsClientImpl;
+import io.grpc.xds.client.XdsClientMetricReporter;
 import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.client.XdsResourceType.ResourceInvalidException;
 import io.grpc.xds.client.XdsTransportFactory;
@@ -112,6 +114,7 @@
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.CyclicBarrier;
 import java.util.concurrent.Executor;
+import java.util.concurrent.Future;
 import java.util.concurrent.LinkedBlockingDeque;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -142,6 +145,7 @@
 // The base class was used to test both xds v2 and v3. V2 is dropped now so the base class is not
 // necessary. Still keep it for future version usage. Remove if too much trouble to maintain.
 public abstract class GrpcXdsClientImplTestBase {
+
   private static final String SERVER_URI = "trafficdirector.googleapis.com";
   private static final String SERVER_URI_CUSTOME_AUTHORITY = "trafficdirector2.googleapis.com";
   private static final String SERVER_URI_EMPTY_AUTHORITY = "trafficdirector3.googleapis.com";
@@ -287,6 +291,10 @@ public long currentTimeNanos() {
   private ResourceWatcher<CdsUpdate> cdsResourceWatcher;
   @Mock
   private ResourceWatcher<EdsUpdate> edsResourceWatcher;
+  @Mock
+  private XdsClientMetricReporter xdsClientMetricReporter;
+  @Mock
+  private ServerConnectionCallback serverConnectionCallback;
 
   private ManagedChannel channel;
   private ManagedChannel channelForCustomAuthority;
@@ -369,7 +377,8 @@ public XdsTransport create(ServerInfo serverInfo) {
             fakeClock.getStopwatchSupplier(),
             timeProvider,
             MessagePrinter.INSTANCE,
-            new TlsContextManagerImpl(bootstrapInfo));
+            new TlsContextManagerImpl(bootstrapInfo),
+            xdsClientMetricReporter);
 
     assertThat(resourceDiscoveryCalls).isEmpty();
     assertThat(loadReportCalls).isEmpty();
@@ -476,10 +485,11 @@ private void verifyResourceMetadataAcked(
   private void verifyResourceMetadataNacked(
       XdsResourceType<?> type, String resourceName, Any rawResource, String versionInfo,
       long updateTime, String failedVersion, long failedUpdateTimeNanos,
-      List<String> failedDetails) {
+      List<String> failedDetails, boolean cached) {
     ResourceMetadata resourceMetadata =
         verifyResourceMetadata(type, resourceName, rawResource, ResourceMetadataStatus.NACKED,
             versionInfo, updateTime, true);
+    assertThat(resourceMetadata.isCached()).isEqualTo(cached);
 
     UpdateFailureState errorState = resourceMetadata.getErrorState();
     assertThat(errorState).isNotNull();
@@ -602,6 +612,48 @@ private void validateGoldenClusterLoadAssignment(EdsUpdate edsUpdate) {
             LocalityLbEndpoints.create(ImmutableList.<LbEndpoint>of(), 2, 1));
   }
 
+  /**
+   * Verifies that the {@link XdsClientMetricReporter#reportResourceUpdates} method has been called
+   * the expected number of times with the expected values for valid resource count, invalid
+   * resource count, and corresponding metric labels.
+   */
+  private void verifyResourceValidInvalidCount(int times, long validResourceCount,
+      long invalidResourceCount, String xdsServerTargetLabel,
+      String resourceType) {
+    verify(xdsClientMetricReporter, times(times)).reportResourceUpdates(
+        eq(validResourceCount),
+        eq(invalidResourceCount),
+        eq(xdsServerTargetLabel),
+        eq(resourceType));
+  }
+
+  private void verifyServerFailureCount(int times, long serverFailureCount, String xdsServer) {
+    verify(xdsClientMetricReporter, times(times)).reportServerFailure(
+        eq(serverFailureCount),
+        eq(xdsServer));
+  }
+
+  /**
+   * Invokes the callback, which will be called by {@link XdsClientMetricReporter} to record
+   * whether XdsClient has a working ADS stream.
+   */
+  private void callback_ReportServerConnection() {
+    try {
+      Future<Void> unused = xdsClient.reportServerConnections(serverConnectionCallback);
+    } catch (Exception e) {
+      if (e instanceof InterruptedException) {
+        Thread.currentThread().interrupt();
+      }
+      throw new AssertionError(e);
+    }
+  }
+
+  private void verifyServerConnection(int times, boolean isConnected, String xdsServer) {
+    verify(serverConnectionCallback, times(times)).reportServerConnectionGauge(
+        eq(isConnected),
+        eq(xdsServer));
+  }
+
   @Test
   public void ldsResourceNotFound() {
     DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
@@ -621,6 +673,7 @@ public void ldsResourceNotFound() {
     verify(ldsResourceWatcher).onResourceDoesNotExist(LDS_RESOURCE);
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataDoesNotExist(LDS, LDS_RESOURCE);
+    // Check metric data.
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
   }
 
@@ -628,7 +681,7 @@ public void ldsResourceNotFound() {
   public void ldsResourceUpdated_withXdstpResourceName_withUnknownAuthority() {
     String ldsResourceName =
         "xdstp://unknown.example.com/envoy.config.listener.v3.Listener/listener1";
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),ldsResourceName,
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), ldsResourceName,
         ldsResourceWatcher);
     verify(ldsResourceWatcher).onError(errorCaptor.capture());
     Status error = errorCaptor.getValue();
@@ -636,7 +689,7 @@ public void ldsResourceUpdated_withXdstpResourceName_withUnknownAuthority() {
     assertThat(error.getDescription()).isEqualTo(
         "Wrong configuration: xds server does not exist for resource " + ldsResourceName);
     assertThat(resourceDiscoveryCalls.poll()).isNull();
-    xdsClient.cancelXdsResourceWatch(XdsListenerResource.getInstance(),ldsResourceName,
+    xdsClient.cancelXdsResourceWatch(XdsListenerResource.getInstance(), ldsResourceName,
         ldsResourceWatcher);
     assertThat(resourceDiscoveryCalls.poll()).isNull();
   }
@@ -682,15 +735,16 @@ public void ldsResponseErrorHandling_someResourcesFailedUnpack() {
   /**
    * Tests a subscribed LDS resource transitioned to and from the invalid state.
    *
-   * @see <a href="https://github.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error">
-   * A40-csds-support.md</a>
+   * @see <a
+   *     href="https://github.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error">
+   *     A40-csds-support.md</a>
    */
   @Test
   public void ldsResponseErrorHandling_subscribedResourceInvalid() {
     List<String> subscribedResourceNames = ImmutableList.of("A", "B", "C");
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),"A", ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),"B", ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),"C", ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "A", ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "B", ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "C", ldsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     assertThat(call).isNotNull();
     verifyResourceMetadataRequested(LDS, "A");
@@ -708,6 +762,8 @@ public void ldsResponseErrorHandling_subscribedResourceInvalid() {
     verifyResourceMetadataAcked(LDS, "A", resourcesV1.get("A"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(LDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(LDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(), LDS.typeUrl());
     call.verifyRequest(LDS, subscribedResourceNames, VERSION_1, "0000", NODE);
 
     // LDS -> {A, B}, version 2
@@ -722,7 +778,9 @@ public void ldsResponseErrorHandling_subscribedResourceInvalid() {
     List<String> errorsV2 = ImmutableList.of("LDS response Listener 'B' validation error: ");
     verifyResourceMetadataAcked(LDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 2);
     verifyResourceMetadataNacked(LDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT,
-        VERSION_2, TIME_INCREMENT * 2, errorsV2);
+        VERSION_2, TIME_INCREMENT * 2, errorsV2, true);
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 1, 1, xdsServerInfo.target(), LDS.typeUrl());
     if (!ignoreResourceDeletion()) {
       verifyResourceMetadataDoesNotExist(LDS, "C");
     } else {
@@ -738,6 +796,8 @@ public void ldsResponseErrorHandling_subscribedResourceInvalid() {
     call.sendResponse(LDS, resourcesV3.values().asList(), VERSION_3, "0002");
     // {A} -> does not exist
     // {B, C} -> ACK, version 3
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 2, 0, xdsServerInfo.target(), LDS.typeUrl());
     if (!ignoreResourceDeletion()) {
       verifyResourceMetadataDoesNotExist(LDS, "A");
     } else {
@@ -753,12 +813,12 @@ public void ldsResponseErrorHandling_subscribedResourceInvalid() {
   @Test
   public void ldsResponseErrorHandling_subscribedResourceInvalid_withRdsSubscription() {
     List<String> subscribedResourceNames = ImmutableList.of("A", "B", "C");
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),"A", ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),"A.1", rdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),"B", ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),"B.1", rdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),"C", ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),"C.1", rdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "A", ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), "A.1", rdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "B", ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), "B.1", rdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "C", ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), "C.1", rdsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     assertThat(call).isNotNull();
     verifyResourceMetadataRequested(LDS, "A");
@@ -776,6 +836,7 @@ public void ldsResponseErrorHandling_subscribedResourceInvalid_withRdsSubscripti
         "C", Any.pack(mf.buildListenerWithApiListenerForRds("C", "C.1")));
     call.sendResponse(LDS, resourcesV1.values().asList(), VERSION_1, "0000");
     // {A, B, C} -> ACK, version 1
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(), LDS.typeUrl());
     verifyResourceMetadataAcked(LDS, "A", resourcesV1.get("A"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(LDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(LDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
@@ -792,6 +853,8 @@ public void ldsResponseErrorHandling_subscribedResourceInvalid_withRdsSubscripti
     verifyResourceMetadataAcked(RDS, "A.1", resourcesV11.get("A.1"), VERSION_1, TIME_INCREMENT * 2);
     verifyResourceMetadataAcked(RDS, "B.1", resourcesV11.get("B.1"), VERSION_1, TIME_INCREMENT * 2);
     verifyResourceMetadataAcked(RDS, "C.1", resourcesV11.get("C.1"), VERSION_1, TIME_INCREMENT * 2);
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(), RDS.typeUrl());
 
     // LDS -> {A, B}, version 2
     // Failed to parse endpoint B
@@ -802,11 +865,13 @@ public void ldsResponseErrorHandling_subscribedResourceInvalid_withRdsSubscripti
     // {A} -> ACK, version 2
     // {B} -> NACK, version 1, rejected version 2, rejected reason: Failed to parse B
     // {C} -> does not exist
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 1, 1, xdsServerInfo.target(), LDS.typeUrl());
     List<String> errorsV2 = ImmutableList.of("LDS response Listener 'B' validation error: ");
     verifyResourceMetadataAcked(LDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 3);
     verifyResourceMetadataNacked(
         LDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT, VERSION_2, TIME_INCREMENT * 3,
-        errorsV2);
+        errorsV2, true);
     if (!ignoreResourceDeletion()) {
       verifyResourceMetadataDoesNotExist(LDS, "C");
     } else {
@@ -860,11 +925,11 @@ public void wrappedLdsResource_preferWrappedName() {
         ldsResourceWatcher);
 
     Any innerResource = Any.pack(mf.buildListenerWithApiListener("random_name" /* name */,
-            mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(VHOST_SIZE))));
+        mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(VHOST_SIZE))));
 
     // Client sends an ACK LDS request.
     call.sendResponse(LDS, mf.buildWrappedResourceWithName(innerResource, LDS_RESOURCE), VERSION_1,
-            "0000");
+        "0000");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
     verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
     verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
@@ -899,7 +964,7 @@ public void cachedLdsResource_data() {
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
 
     ResourceWatcher<LdsUpdate> watcher = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE, watcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, watcher);
     verify(watcher).onChanged(ldsUpdateCaptor.capture());
     verifyGoldenListenerRds(ldsUpdateCaptor.getValue());
     call.verifyNoMoreRequest();
@@ -916,7 +981,7 @@ public void cachedLdsResource_absent() {
     verify(ldsResourceWatcher).onResourceDoesNotExist(LDS_RESOURCE);
     // Add another watcher.
     ResourceWatcher<LdsUpdate> watcher = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE, watcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, watcher);
     verify(watcher).onResourceDoesNotExist(LDS_RESOURCE);
     call.verifyNoMoreRequest();
     verifyResourceMetadataDoesNotExist(LDS, LDS_RESOURCE);
@@ -1048,7 +1113,7 @@ public void ldsResourceUpdated_withXdstpResourceName_withWrongType() {
     call.verifyRequestNack(
         LDS, ldsResourceName, "", "0000", NODE,
         ImmutableList.of(
-            "Unsupported resource name: " +  ldsResourceNameWithWrongType + " for type: LDS"));
+            "Unsupported resource name: " + ldsResourceNameWithWrongType + " for type: LDS"));
   }
 
   @Test
@@ -1074,7 +1139,7 @@ public void rdsResourceUpdated_withXdstpResourceName_withWrongType() {
   public void rdsResourceUpdated_withXdstpResourceName_unknownAuthority() {
     String rdsResourceName =
         "xdstp://unknown.example.com/envoy.config.route.v3.RouteConfiguration/route1";
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),rdsResourceName,
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), rdsResourceName,
         rdsResourceWatcher);
     verify(rdsResourceWatcher).onError(errorCaptor.capture());
     Status error = errorCaptor.getValue();
@@ -1083,7 +1148,7 @@ public void rdsResourceUpdated_withXdstpResourceName_unknownAuthority() {
         "Wrong configuration: xds server does not exist for resource " + rdsResourceName);
     assertThat(resourceDiscoveryCalls.size()).isEqualTo(0);
     xdsClient.cancelXdsResourceWatch(
-        XdsRouteConfigureResource.getInstance(),rdsResourceName, rdsResourceWatcher);
+        XdsRouteConfigureResource.getInstance(), rdsResourceName, rdsResourceWatcher);
     assertThat(resourceDiscoveryCalls.size()).isEqualTo(0);
   }
 
@@ -1109,7 +1174,7 @@ public void cdsResourceUpdated_withXdstpResourceName_withWrongType() {
   @Test
   public void cdsResourceUpdated_withXdstpResourceName_unknownAuthority() {
     String cdsResourceName = "xdstp://unknown.example.com/envoy.config.cluster.v3.Cluster/cluster1";
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),cdsResourceName,
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), cdsResourceName,
         cdsResourceWatcher);
     verify(cdsResourceWatcher).onError(errorCaptor.capture());
     Status error = errorCaptor.getValue();
@@ -1117,7 +1182,7 @@ public void cdsResourceUpdated_withXdstpResourceName_unknownAuthority() {
     assertThat(error.getDescription()).isEqualTo(
         "Wrong configuration: xds server does not exist for resource " + cdsResourceName);
     assertThat(resourceDiscoveryCalls.poll()).isNull();
-    xdsClient.cancelXdsResourceWatch(XdsClusterResource.getInstance(),cdsResourceName,
+    xdsClient.cancelXdsResourceWatch(XdsClusterResource.getInstance(), cdsResourceName,
         cdsResourceWatcher);
     assertThat(resourceDiscoveryCalls.poll()).isNull();
   }
@@ -1254,7 +1319,7 @@ public void ldsResourceDeleted() {
   /**
    * When ignore_resource_deletion server feature is on, xDS client should keep the deleted listener
    * on empty response, and resume the normal work when LDS contains the listener again.
-   * */
+   */
   @Test
   public void ldsResourceDeleted_ignoreResourceDeletion() {
     Assume.assumeTrue(ignoreResourceDeletion());
@@ -1298,9 +1363,9 @@ public void multipleLdsWatchers() {
     String ldsResourceTwo = "bar.googleapis.com";
     ResourceWatcher<LdsUpdate> watcher1 = mock(ResourceWatcher.class);
     ResourceWatcher<LdsUpdate> watcher2 = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE, ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),ldsResourceTwo, watcher1);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),ldsResourceTwo, watcher2);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), ldsResourceTwo, watcher1);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), ldsResourceTwo, watcher2);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     call.verifyRequest(LDS, ImmutableList.of(LDS_RESOURCE, ldsResourceTwo), "", "", NODE);
     // Both LDS resources were requested.
@@ -1340,7 +1405,7 @@ public void rdsResourceNotFound() {
     DiscoveryRpcCall call = startResourceWatcher(XdsRouteConfigureResource.getInstance(),
         RDS_RESOURCE, rdsResourceWatcher);
     Any routeConfig = Any.pack(mf.buildRouteConfiguration("route-bar.googleapis.com",
-            mf.buildOpaqueVirtualHosts(2)));
+        mf.buildOpaqueVirtualHosts(2)));
     call.sendResponse(RDS, routeConfig, VERSION_1, "0000");
 
     // Client sends an ACK RDS request.
@@ -1442,15 +1507,16 @@ public void rdsResponseErrorHandling_nackWeightedSumZero() {
   /**
    * Tests a subscribed RDS resource transitioned to and from the invalid state.
    *
-   * @see <a href="https://github.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error">
-   * A40-csds-support.md</a>
+   * @see <a
+   *     href="https://github.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error">
+   *     A40-csds-support.md</a>
    */
   @Test
   public void rdsResponseErrorHandling_subscribedResourceInvalid() {
     List<String> subscribedResourceNames = ImmutableList.of("A", "B", "C");
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),"A", rdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),"B", rdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),"C", rdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), "A", rdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), "B", rdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), "C", rdsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     assertThat(call).isNotNull();
     verifyResourceMetadataRequested(RDS, "A");
@@ -1469,6 +1535,8 @@ public void rdsResponseErrorHandling_subscribedResourceInvalid() {
     verifyResourceMetadataAcked(RDS, "A", resourcesV1.get("A"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(RDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(RDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(), RDS.typeUrl());
     call.verifyRequest(RDS, subscribedResourceNames, VERSION_1, "0000", NODE);
 
     // RDS -> {A, B}, version 2
@@ -1480,11 +1548,13 @@ public void rdsResponseErrorHandling_subscribedResourceInvalid() {
     // {A} -> ACK, version 2
     // {B} -> NACK, version 1, rejected version 2, rejected reason: Failed to parse B
     // {C} -> ACK, version 1
+    verifyResourceValidInvalidCount(1, 1, 1, xdsServerInfo.target(),
+        RDS.typeUrl());
     List<String> errorsV2 =
         ImmutableList.of("RDS response RouteConfiguration 'B' validation error: ");
     verifyResourceMetadataAcked(RDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 2);
     verifyResourceMetadataNacked(RDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT,
-        VERSION_2, TIME_INCREMENT * 2, errorsV2);
+        VERSION_2, TIME_INCREMENT * 2, errorsV2, true);
     verifyResourceMetadataAcked(RDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
     call.verifyRequestNack(RDS, subscribedResourceNames, VERSION_1, "0001", NODE, errorsV2);
 
@@ -1496,6 +1566,8 @@ public void rdsResponseErrorHandling_subscribedResourceInvalid() {
     call.sendResponse(RDS, resourcesV3.values().asList(), VERSION_3, "0002");
     // {A} -> ACK, version 2
     // {B, C} -> ACK, version 3
+    verifyResourceValidInvalidCount(1, 2, 0, xdsServerInfo.target(),
+        RDS.typeUrl());
     verifyResourceMetadataAcked(RDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 2);
     verifyResourceMetadataAcked(RDS, "B", resourcesV3.get("B"), VERSION_3, TIME_INCREMENT * 3);
     verifyResourceMetadataAcked(RDS, "C", resourcesV3.get("C"), VERSION_3, TIME_INCREMENT * 3);
@@ -1544,7 +1616,7 @@ public void cachedRdsResource_data() {
     call.verifyRequest(RDS, RDS_RESOURCE, VERSION_1, "0000", NODE);
 
     ResourceWatcher<RdsUpdate> watcher = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE, watcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE, watcher);
     verify(watcher).onChanged(rdsUpdateCaptor.capture());
     verifyGoldenRouteConfig(rdsUpdateCaptor.getValue());
     call.verifyNoMoreRequest();
@@ -1561,7 +1633,7 @@ public void cachedRdsResource_absent() {
     verify(rdsResourceWatcher).onResourceDoesNotExist(RDS_RESOURCE);
     // Add another watcher.
     ResourceWatcher<RdsUpdate> watcher = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE, watcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE, watcher);
     verify(watcher).onResourceDoesNotExist(RDS_RESOURCE);
     call.verifyNoMoreRequest();
     verifyResourceMetadataDoesNotExist(RDS, RDS_RESOURCE);
@@ -1592,14 +1664,43 @@ public void rdsResourceUpdated() {
     assertThat(rdsUpdateCaptor.getValue().virtualHosts).hasSize(4);
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, routeConfigUpdated, VERSION_2,
         TIME_INCREMENT * 2);
-    verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
+  }
+
+  @Test
+  public void rdsResourceInvalid() {
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), "A", rdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), "B", rdsResourceWatcher);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    assertThat(call).isNotNull();
+    verifyResourceMetadataRequested(RDS, "A");
+    verifyResourceMetadataRequested(RDS, "B");
+    verifySubscribedResourcesMetadataSizes(0, 0, 2, 0);
+
+    // RDS -> {A, B}, version 1
+    // Failed to parse endpoint B
+    List<Message> vhostsV1 = mf.buildOpaqueVirtualHosts(1);
+    ImmutableMap<String, Any> resourcesV1 = ImmutableMap.of(
+        "A", Any.pack(mf.buildRouteConfiguration("A", vhostsV1)),
+        "B", Any.pack(mf.buildRouteConfigurationInvalid("B")));
+    call.sendResponse(RDS, resourcesV1.values().asList(), VERSION_1, "0000");
+
+    // {A} -> ACK, version 1
+    // {B} -> NACK, version 1, rejected version 1, rejected reason: Failed to parse B
+    List<String> errorsV1 =
+        ImmutableList.of("RDS response RouteConfiguration 'B' validation error: ");
+    verifyResourceMetadataAcked(RDS, "A", resourcesV1.get("A"), VERSION_1, TIME_INCREMENT);
+    verifyResourceMetadataNacked(RDS, "B", null, "", 0,
+        VERSION_1, TIME_INCREMENT, errorsV1, false);
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 1, 1, xdsServerInfo.target(), RDS.typeUrl());
+    verifySubscribedResourcesMetadataSizes(0, 0, 2, 0);
   }
 
   @Test
   public void rdsResourceDeletedByLdsApiListener() {
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE,
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE,
         ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE,
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
         rdsResourceWatcher);
     verifyResourceMetadataRequested(LDS, LDS_RESOURCE);
     verifyResourceMetadataRequested(RDS, RDS_RESOURCE);
@@ -1707,10 +1808,10 @@ public void multipleRdsWatchers() {
     String rdsResourceTwo = "route-bar.googleapis.com";
     ResourceWatcher<RdsUpdate> watcher1 = mock(ResourceWatcher.class);
     ResourceWatcher<RdsUpdate> watcher2 = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE,
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
         rdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),rdsResourceTwo, watcher1);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),rdsResourceTwo, watcher2);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), rdsResourceTwo, watcher1);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), rdsResourceTwo, watcher2);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     call.verifyRequest(RDS, Arrays.asList(RDS_RESOURCE, rdsResourceTwo), "", "", NODE);
     // Both RDS resources were requested.
@@ -1814,15 +1915,16 @@ public void cdsResponseErrorHandling_someResourcesFailedUnpack() {
   /**
    * Tests a subscribed CDS resource transitioned to and from the invalid state.
    *
-   * @see <a href="https://github.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error">
-   * A40-csds-support.md</a>
+   * @see <a
+   *     href="https://github.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error">
+   *     A40-csds-support.md</a>
    */
   @Test
   public void cdsResponseErrorHandling_subscribedResourceInvalid() {
     List<String> subscribedResourceNames = ImmutableList.of("A", "B", "C");
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),"A", cdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),"B", cdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),"C", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "A", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "B", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "C", cdsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     assertThat(call).isNotNull();
     verifyResourceMetadataRequested(CDS, "A");
@@ -1843,6 +1945,8 @@ public void cdsResponseErrorHandling_subscribedResourceInvalid() {
         )));
     call.sendResponse(CDS, resourcesV1.values().asList(), VERSION_1, "0000");
     // {A, B, C} -> ACK, version 1
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(),
+        CDS.typeUrl());
     verifyResourceMetadataAcked(CDS, "A", resourcesV1.get("A"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(CDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(CDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
@@ -1859,10 +1963,12 @@ public void cdsResponseErrorHandling_subscribedResourceInvalid() {
     // {A} -> ACK, version 2
     // {B} -> NACK, version 1, rejected version 2, rejected reason: Failed to parse B
     // {C} -> does not exist
+    verifyResourceValidInvalidCount(1, 1, 1, xdsServerInfo.target(),
+        CDS.typeUrl());
     List<String> errorsV2 = ImmutableList.of("CDS response Cluster 'B' validation error: ");
     verifyResourceMetadataAcked(CDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 2);
     verifyResourceMetadataNacked(CDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT,
-        VERSION_2, TIME_INCREMENT * 2, errorsV2);
+        VERSION_2, TIME_INCREMENT * 2, errorsV2, true);
     if (!ignoreResourceDeletion()) {
       verifyResourceMetadataDoesNotExist(CDS, "C");
     } else {
@@ -1882,6 +1988,8 @@ public void cdsResponseErrorHandling_subscribedResourceInvalid() {
     call.sendResponse(CDS, resourcesV3.values().asList(), VERSION_3, "0002");
     // {A} -> does not exit
     // {B, C} -> ACK, version 3
+    verifyResourceValidInvalidCount(1, 2, 0, xdsServerInfo.target(),
+        CDS.typeUrl());
     if (!ignoreResourceDeletion()) {
       verifyResourceMetadataDoesNotExist(CDS, "A");
     } else {
@@ -1890,18 +1998,19 @@ public void cdsResponseErrorHandling_subscribedResourceInvalid() {
     }
     verifyResourceMetadataAcked(CDS, "B", resourcesV3.get("B"), VERSION_3, TIME_INCREMENT * 3);
     verifyResourceMetadataAcked(CDS, "C", resourcesV3.get("C"), VERSION_3, TIME_INCREMENT * 3);
+
     call.verifyRequest(CDS, subscribedResourceNames, VERSION_3, "0002", NODE);
   }
 
   @Test
   public void cdsResponseErrorHandling_subscribedResourceInvalid_withEdsSubscription() {
     List<String> subscribedResourceNames = ImmutableList.of("A", "B", "C");
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),"A", cdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),"A.1", edsResourceWatcher);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),"B", cdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),"B.1", edsResourceWatcher);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),"C", cdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),"C.1", edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "A", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "A.1", edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "B", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "B.1", edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "C", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "C.1", edsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     assertThat(call).isNotNull();
     verifyResourceMetadataRequested(CDS, "A");
@@ -1925,6 +2034,8 @@ public void cdsResponseErrorHandling_subscribedResourceInvalid_withEdsSubscripti
         )));
     call.sendResponse(CDS, resourcesV1.values().asList(), VERSION_1, "0000");
     // {A, B, C} -> ACK, version 1
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(),
+        CDS.typeUrl());
     verifyResourceMetadataAcked(CDS, "A", resourcesV1.get("A"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(CDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(CDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
@@ -1939,6 +2050,8 @@ public void cdsResponseErrorHandling_subscribedResourceInvalid_withEdsSubscripti
         "C.1", Any.pack(mf.buildClusterLoadAssignment("C.1", endpointsV1, dropOverloads)));
     call.sendResponse(EDS, resourcesV11.values().asList(), VERSION_1, "0000");
     // {A.1, B.1, C.1} -> ACK, version 1
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(),
+        EDS.typeUrl());
     verifyResourceMetadataAcked(EDS, "A.1", resourcesV11.get("A.1"), VERSION_1, TIME_INCREMENT * 2);
     verifyResourceMetadataAcked(EDS, "B.1", resourcesV11.get("B.1"), VERSION_1, TIME_INCREMENT * 2);
     verifyResourceMetadataAcked(EDS, "C.1", resourcesV11.get("C.1"), VERSION_1, TIME_INCREMENT * 2);
@@ -1954,11 +2067,13 @@ public void cdsResponseErrorHandling_subscribedResourceInvalid_withEdsSubscripti
     // {A} -> ACK, version 2
     // {B} -> NACK, version 1, rejected version 2, rejected reason: Failed to parse B
     // {C} -> does not exist
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 1, 1, xdsServerInfo.target(), CDS.typeUrl());
     List<String> errorsV2 = ImmutableList.of("CDS response Cluster 'B' validation error: ");
     verifyResourceMetadataAcked(CDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 3);
     verifyResourceMetadataNacked(
         CDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT, VERSION_2, TIME_INCREMENT * 3,
-        errorsV2);
+        errorsV2, true);
     if (!ignoreResourceDeletion()) {
       verifyResourceMetadataDoesNotExist(CDS, "C");
     } else {
@@ -2144,7 +2259,7 @@ public void cdsResponseWithUpstreamTlsContext() {
             "envoy.transport_sockets.tls", null, null));
     List<Any> clusters = ImmutableList.of(
         Any.pack(mf.buildLogicalDnsCluster("cluster-bar.googleapis.com",
-            "dns-service-bar.googleapis.com", 443, "round_robin", null, null,false, null, null)),
+            "dns-service-bar.googleapis.com", 443, "round_robin", null, null, false, null, null)),
         clusterEds,
         Any.pack(mf.buildEdsCluster("cluster-baz.googleapis.com", null, "round_robin", null, null,
             false, null, "envoy.transport_sockets.tls", null, null)));
@@ -2176,7 +2291,7 @@ public void cdsResponseWithNewUpstreamTlsContext() {
     // Management server sends back CDS response with UpstreamTlsContext.
     Any clusterEds =
         Any.pack(mf.buildEdsCluster(CDS_RESOURCE, "eds-cluster-foo.googleapis.com", "round_robin",
-            null, null,true,
+            null, null, true,
             mf.buildNewUpstreamTlsContext("cert-instance-name", "cert1"),
             "envoy.transport_sockets.tls", null, null));
     List<Any> clusters = ImmutableList.of(
@@ -2217,10 +2332,10 @@ public void cdsResponseErrorHandling_badUpstreamTlsContext() {
 
     // The response NACKed with errors indicating indices of the failed resources.
     String errorMsg =  "CDS response Cluster 'cluster.googleapis.com' validation error: "
-            + "Cluster cluster.googleapis.com: malformed UpstreamTlsContext: "
-            + "io.grpc.xds.client.XdsResourceType$ResourceInvalidException: "
-            + "ca_certificate_provider_instance or system_root_certs is required in "
-            + "upstream-tls-context";
+        + "Cluster cluster.googleapis.com: malformed UpstreamTlsContext: "
+        + "io.grpc.xds.client.XdsResourceType$ResourceInvalidException: "
+        + "ca_certificate_provider_instance or system_root_certs is required in "
+        + "upstream-tls-context";
     call.verifyRequestNack(CDS, CDS_RESOURCE, "", "0000", NODE, ImmutableList.of(errorMsg));
     verify(cdsResourceWatcher).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
@@ -2257,7 +2372,7 @@ public void cdsResponseWithOutlierDetection() {
             "envoy.transport_sockets.tls", null, outlierDetectionXds));
     List<Any> clusters = ImmutableList.of(
         Any.pack(mf.buildLogicalDnsCluster("cluster-bar.googleapis.com",
-            "dns-service-bar.googleapis.com", 443, "round_robin", null, null,false, null, null)),
+            "dns-service-bar.googleapis.com", 443, "round_robin", null, null, false, null, null)),
         clusterEds,
         Any.pack(mf.buildEdsCluster("cluster-baz.googleapis.com", null, "round_robin", null, null,
             false, null, "envoy.transport_sockets.tls", null, outlierDetectionXds)));
@@ -2316,7 +2431,7 @@ public void cdsResponseWithInvalidOutlierDetectionNacks() {
             "envoy.transport_sockets.tls", null, outlierDetectionXds));
     List<Any> clusters = ImmutableList.of(
         Any.pack(mf.buildLogicalDnsCluster("cluster-bar.googleapis.com",
-            "dns-service-bar.googleapis.com", 443, "round_robin", null, null,false, null, null)),
+            "dns-service-bar.googleapis.com", 443, "round_robin", null, null, false, null, null)),
         clusterEds,
         Any.pack(mf.buildEdsCluster("cluster-baz.googleapis.com", null, "round_robin", null, null,
             false, null, "envoy.transport_sockets.tls", null, outlierDetectionXds)));
@@ -2436,8 +2551,7 @@ public void cdsResponseErrorHandling_xdstpWithoutEdsConfig() {
         ));
     final Any okClusterRoundRobin =
         Any.pack(mf.buildEdsCluster(cdsResourceName, "eds-service-bar.googleapis.com",
-            "round_robin", null,null, false, null, "envoy.transport_sockets.tls", null, null));
-
+            "round_robin", null, null, false, null, "envoy.transport_sockets.tls", null, null));
 
     DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(),
         cdsResourceName, cdsResourceWatcher);
@@ -2483,7 +2597,7 @@ public void cachedCdsResource_absent() {
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
     verify(cdsResourceWatcher).onResourceDoesNotExist(CDS_RESOURCE);
     ResourceWatcher<CdsUpdate> watcher = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),CDS_RESOURCE, watcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, watcher);
     verify(watcher).onResourceDoesNotExist(CDS_RESOURCE);
     call.verifyNoMoreRequest();
     verifyResourceMetadataDoesNotExist(CDS, CDS_RESOURCE);
@@ -2620,7 +2734,7 @@ public void cdsResourceDeleted() {
   /**
    * When ignore_resource_deletion server feature is on, xDS client should keep the deleted cluster
    * on empty response, and resume the normal work when CDS contains the cluster again.
-   * */
+   */
   @Test
   public void cdsResourceDeleted_ignoreResourceDeletion() {
     Assume.assumeTrue(ignoreResourceDeletion());
@@ -2666,9 +2780,9 @@ public void multipleCdsWatchers() {
     String cdsResourceTwo = "cluster-bar.googleapis.com";
     ResourceWatcher<CdsUpdate> watcher1 = mock(ResourceWatcher.class);
     ResourceWatcher<CdsUpdate> watcher2 = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),CDS_RESOURCE, cdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),cdsResourceTwo, watcher1);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),cdsResourceTwo, watcher2);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), cdsResourceTwo, watcher1);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), cdsResourceTwo, watcher2);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     call.verifyRequest(CDS, Arrays.asList(CDS_RESOURCE, cdsResourceTwo), "", "", NODE);
     verifyResourceMetadataRequested(CDS, CDS_RESOURCE);
@@ -2774,7 +2888,7 @@ public void edsCleanupNonceAfterUnsubscription() {
     List<Message> dropOverloads = ImmutableList.of();
     List<Message> endpointsV1 = ImmutableList.of(lbEndpointHealthy);
     ImmutableMap<String, Any> resourcesV1 = ImmutableMap.of(
-            "A.1", Any.pack(mf.buildClusterLoadAssignment("A.1", endpointsV1, dropOverloads)));
+        "A.1", Any.pack(mf.buildClusterLoadAssignment("A.1", endpointsV1, dropOverloads)));
     call.sendResponse(EDS, resourcesV1.values().asList(), VERSION_1, "0000");
     // {A.1} -> ACK, version 1
     call.verifyRequest(EDS, "A.1", VERSION_1, "0000", NODE);
@@ -2835,21 +2949,21 @@ public void edsResponseErrorHandling_someResourcesFailedUnpack() {
   /**
    * Tests a subscribed EDS resource transitioned to and from the invalid state.
    *
-   * @see <a href="https://github.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error">
-   * A40-csds-support.md</a>
+   * @see <a
+   *     href="https://github.com/grpc/proposal/blob/master/A40-csds-support.md#ads-parsing-logic-update-continue-after-first-error">
+   *     A40-csds-support.md</a>
    */
   @Test
   public void edsResponseErrorHandling_subscribedResourceInvalid() {
     List<String> subscribedResourceNames = ImmutableList.of("A", "B", "C");
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),"A", edsResourceWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),"B", edsResourceWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),"C", edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "A", edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "B", edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "C", edsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     assertThat(call).isNotNull();
     verifyResourceMetadataRequested(EDS, "A");
     verifyResourceMetadataRequested(EDS, "B");
     verifyResourceMetadataRequested(EDS, "C");
-    verifySubscribedResourcesMetadataSizes(0, 0, 0, 3);
 
     // EDS -> {A, B, C}, version 1
     List<Message> dropOverloads = ImmutableList.of(mf.buildDropOverload("lb", 200));
@@ -2860,6 +2974,7 @@ public void edsResponseErrorHandling_subscribedResourceInvalid() {
         "C", Any.pack(mf.buildClusterLoadAssignment("C", endpointsV1, dropOverloads)));
     call.sendResponse(EDS, resourcesV1.values().asList(), VERSION_1, "0000");
     // {A, B, C} -> ACK, version 1
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(), EDS.typeUrl());
     verifyResourceMetadataAcked(EDS, "A", resourcesV1.get("A"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(EDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(EDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
@@ -2875,11 +2990,13 @@ public void edsResponseErrorHandling_subscribedResourceInvalid() {
     // {A} -> ACK, version 2
     // {B} -> NACK, version 1, rejected version 2, rejected reason: Failed to parse B
     // {C} -> ACK, version 1
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 1, 1, xdsServerInfo.target(), EDS.typeUrl());
     List<String> errorsV2 =
         ImmutableList.of("EDS response ClusterLoadAssignment 'B' validation error: ");
     verifyResourceMetadataAcked(EDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 2);
     verifyResourceMetadataNacked(EDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT,
-        VERSION_2, TIME_INCREMENT * 2, errorsV2);
+        VERSION_2, TIME_INCREMENT * 2, errorsV2, true);
     verifyResourceMetadataAcked(EDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
     call.verifyRequestNack(EDS, subscribedResourceNames, VERSION_1, "0001", NODE, errorsV2);
 
@@ -2892,6 +3009,8 @@ public void edsResponseErrorHandling_subscribedResourceInvalid() {
     call.sendResponse(EDS, resourcesV3.values().asList(), VERSION_3, "0002");
     // {A} -> ACK, version 2
     // {B, C} -> ACK, version 3
+    // Check metric data.
+    verifyResourceValidInvalidCount(1, 2, 0, xdsServerInfo.target(), EDS.typeUrl());
     verifyResourceMetadataAcked(EDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 2);
     verifyResourceMetadataAcked(EDS, "B", resourcesV3.get("B"), VERSION_3, TIME_INCREMENT * 3);
     verifyResourceMetadataAcked(EDS, "C", resourcesV3.get("C"), VERSION_3, TIME_INCREMENT * 3);
@@ -2940,7 +3059,7 @@ public void cachedEdsResource_data() {
     call.verifyRequest(EDS, EDS_RESOURCE, VERSION_1, "0000", NODE);
     // Add another watcher.
     ResourceWatcher<EdsUpdate> watcher = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),EDS_RESOURCE, watcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, watcher);
     verify(watcher).onChanged(edsUpdateCaptor.capture());
     validateGoldenClusterLoadAssignment(edsUpdateCaptor.getValue());
     call.verifyNoMoreRequest();
@@ -2957,7 +3076,7 @@ public void cachedEdsResource_absent() {
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
     verify(edsResourceWatcher).onResourceDoesNotExist(EDS_RESOURCE);
     ResourceWatcher<EdsUpdate> watcher = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),EDS_RESOURCE, watcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, watcher);
     verify(watcher).onResourceDoesNotExist(EDS_RESOURCE);
     call.verifyNoMoreRequest();
     verifyResourceMetadataDoesNotExist(EDS, EDS_RESOURCE);
@@ -3161,10 +3280,10 @@ public void edsResourceDeletedByCds() {
     String resource = "backend-service.googleapis.com";
     ResourceWatcher<CdsUpdate> cdsWatcher = mock(ResourceWatcher.class);
     ResourceWatcher<EdsUpdate> edsWatcher = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),resource, cdsWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),resource, edsWatcher);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),CDS_RESOURCE, cdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),EDS_RESOURCE, edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), resource, cdsWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), resource, edsWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, edsResourceWatcher);
     verifyResourceMetadataRequested(CDS, CDS_RESOURCE);
     verifyResourceMetadataRequested(CDS, resource);
     verifyResourceMetadataRequested(EDS, EDS_RESOURCE);
@@ -3242,7 +3361,6 @@ public void edsResourceDeletedByCds() {
         EDS, resource, clusterLoadAssignments.get(1), VERSION_1, TIME_INCREMENT * 2);  // no change
     verifyResourceMetadataAcked(CDS, resource, clusters.get(0), VERSION_2, TIME_INCREMENT * 3);
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, clusters.get(1), VERSION_2, TIME_INCREMENT * 3);
-    verifySubscribedResourcesMetadataSizes(0, 2, 0, 2);
   }
 
   @Test
@@ -3251,9 +3369,9 @@ public void multipleEdsWatchers() {
     String edsResourceTwo = "cluster-load-assignment-bar.googleapis.com";
     ResourceWatcher<EdsUpdate> watcher1 = mock(ResourceWatcher.class);
     ResourceWatcher<EdsUpdate> watcher2 = mock(ResourceWatcher.class);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),EDS_RESOURCE, edsResourceWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),edsResourceTwo, watcher1);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),edsResourceTwo, watcher2);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), edsResourceTwo, watcher1);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), edsResourceTwo, watcher2);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     call.verifyRequest(EDS, Arrays.asList(EDS_RESOURCE, edsResourceTwo), "", "", NODE);
     verifyResourceMetadataRequested(EDS, EDS_RESOURCE);
@@ -3338,12 +3456,18 @@ public void useIndependentRpcContext() {
 
   @Test
   public void streamClosedWithNoResponse() {
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE, ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE,
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
         rdsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(1, true, xdsServerInfo.target());
     // Management server closes the RPC stream before sending any response.
     call.sendCompleted();
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(1, false, xdsServerInfo.target());
     verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
         .onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
@@ -3355,20 +3479,29 @@ public void streamClosedWithNoResponse() {
 
   @Test
   public void streamClosedAfterSendingResponses() {
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE, ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE,
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
         rdsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(1, true, xdsServerInfo.target());
     ScheduledTask ldsResourceTimeout =
         Iterables.getOnlyElement(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
     ScheduledTask rdsResourceTimeout =
         Iterables.getOnlyElement(fakeClock.getPendingTasks(RDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
     call.sendResponse(LDS, testListenerRds, VERSION_1, "0000");
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(2, true, xdsServerInfo.target());
     assertThat(ldsResourceTimeout.isCancelled()).isTrue();
     call.sendResponse(RDS, testRouteConfig, VERSION_1, "0000");
     assertThat(rdsResourceTimeout.isCancelled()).isTrue();
     // Management server closes the RPC stream after sending responses.
     call.sendCompleted();
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(3, true, xdsServerInfo.target());
     verify(ldsResourceWatcher, never()).onError(errorCaptor.capture());
     verify(rdsResourceWatcher, never()).onError(errorCaptor.capture());
   }
@@ -3376,11 +3509,14 @@ public void streamClosedAfterSendingResponses() {
   @Test
   public void streamClosedAndRetryWithBackoff() {
     InOrder inOrder = Mockito.inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
-    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),LDS_RESOURCE, ldsResourceWatcher);
-    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),RDS_RESOURCE,
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(1, true, xdsServerInfo.target());
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
         rdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsClusterResource.getInstance(),CDS_RESOURCE, cdsResourceWatcher);
-    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),EDS_RESOURCE, edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, edsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     call.verifyRequest(LDS, LDS_RESOURCE, "", "", NODE);
     call.verifyRequest(RDS, RDS_RESOURCE, "", "", NODE);
@@ -3399,6 +3535,10 @@ public void streamClosedAndRetryWithBackoff() {
     verify(edsResourceWatcher).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNKNOWN, "");
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(1, false, xdsServerInfo.target());
+
     // Retry after backoff.
     inOrder.verify(backoffPolicyProvider).get();
     inOrder.verify(backoffPolicy1).nextBackoffNanos();
@@ -3412,6 +3552,10 @@ public void streamClosedAndRetryWithBackoff() {
     call.verifyRequest(CDS, CDS_RESOURCE, "", "", NODE);
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(2, false, xdsServerInfo.target());
+
     // Management server becomes unreachable.
     String errorMsg = "my fault";
     call.sendError(Status.UNAVAILABLE.withDescription(errorMsg).asException());
@@ -3424,6 +3568,10 @@ public void streamClosedAndRetryWithBackoff() {
     verify(edsResourceWatcher, times(2)).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(3, false, xdsServerInfo.target());
+
     // Retry after backoff.
     inOrder.verify(backoffPolicy1).nextBackoffNanos();
     retryTask =
@@ -3441,6 +3589,9 @@ public void streamClosedAndRetryWithBackoff() {
             mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(2)))));
     call.sendResponse(LDS, listeners, "63", "3242");
     call.verifyRequest(LDS, LDS_RESOURCE, "63", "3242", NODE);
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(2, true, xdsServerInfo.target());
 
     List<Any> routeConfigs = ImmutableList.of(
         Any.pack(mf.buildRouteConfiguration(RDS_RESOURCE, mf.buildOpaqueVirtualHosts(2))));
@@ -3455,6 +3606,10 @@ public void streamClosedAndRetryWithBackoff() {
     verify(edsResourceWatcher, times(2)).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(3, true, xdsServerInfo.target());
+
     // Reset backoff sequence and retry after backoff.
     inOrder.verify(backoffPolicyProvider).get();
     inOrder.verify(backoffPolicy2).nextBackoffNanos();
@@ -3477,6 +3632,10 @@ public void streamClosedAndRetryWithBackoff() {
     verify(edsResourceWatcher, times(3)).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(4, false, xdsServerInfo.target());
+
     // Retry after backoff.
     inOrder.verify(backoffPolicy2).nextBackoffNanos();
     retryTask =
@@ -3489,6 +3648,10 @@ public void streamClosedAndRetryWithBackoff() {
     call.verifyRequest(CDS, CDS_RESOURCE, "", "", NODE);
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(5, false, xdsServerInfo.target());
+
     inOrder.verifyNoMoreInteractions();
   }
 
@@ -3499,6 +3662,9 @@ public void streamClosedAndRetryRaceWithAddRemoveWatchers() {
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
         RDS_RESOURCE, rdsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(1, true, xdsServerInfo.target());
     call.sendError(Status.UNAVAILABLE.asException());
     verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
         .onError(errorCaptor.capture());
@@ -3509,6 +3675,10 @@ public void streamClosedAndRetryRaceWithAddRemoveWatchers() {
         Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
     assertThat(retryTask.getDelay(TimeUnit.NANOSECONDS)).isEqualTo(10L);
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(1, false, xdsServerInfo.target());
+
     xdsClient.cancelXdsResourceWatch(XdsListenerResource.getInstance(),
         LDS_RESOURCE, ldsResourceWatcher);
     xdsClient.cancelXdsResourceWatch(XdsRouteConfigureResource.getInstance(),
@@ -3523,11 +3693,19 @@ public void streamClosedAndRetryRaceWithAddRemoveWatchers() {
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
     call.verifyNoMoreRequest();
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(2,false, xdsServerInfo.target());
+
     call.sendResponse(LDS, testListenerRds, VERSION_1, "0000");
     List<Any> routeConfigs = ImmutableList.of(
         Any.pack(mf.buildRouteConfiguration(RDS_RESOURCE, mf.buildOpaqueVirtualHosts(VHOST_SIZE))));
     call.sendResponse(RDS, routeConfigs, VERSION_1, "0000");
 
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(2, true, xdsServerInfo.target());
+
     verifyNoMoreInteractions(ldsResourceWatcher, rdsResourceWatcher);
   }
 
@@ -3539,6 +3717,9 @@ public void streamClosedAndRetryRestartsResourceInitialFetchTimerForUnresolvedRe
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, cdsResourceWatcher);
     xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, edsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(1, true, xdsServerInfo.target());
     ScheduledTask ldsResourceTimeout =
         Iterables.getOnlyElement(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
     ScheduledTask rdsResourceTimeout =
@@ -3549,9 +3730,15 @@ public void streamClosedAndRetryRestartsResourceInitialFetchTimerForUnresolvedRe
         Iterables.getOnlyElement(fakeClock.getPendingTasks(EDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
     call.sendResponse(LDS, testListenerRds, VERSION_1, "0000");
     assertThat(ldsResourceTimeout.isCancelled()).isTrue();
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(2, true, xdsServerInfo.target());
 
     call.sendResponse(RDS, testRouteConfig, VERSION_1, "0000");
     assertThat(rdsResourceTimeout.isCancelled()).isTrue();
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(3, true, xdsServerInfo.target());
 
     call.sendError(Status.UNAVAILABLE.asException());
     assertThat(cdsResourceTimeout.isCancelled()).isTrue();
@@ -3560,6 +3747,9 @@ public void streamClosedAndRetryRestartsResourceInitialFetchTimerForUnresolvedRe
     verify(rdsResourceWatcher, never()).onError(errorCaptor.capture());
     verify(cdsResourceWatcher, never()).onError(errorCaptor.capture());
     verify(edsResourceWatcher, never()).onError(errorCaptor.capture());
+    // Check metric data.
+    callback_ReportServerConnection();
+    verifyServerConnection(4, true, xdsServerInfo.target());
 
     fakeClock.forwardNanos(10L);
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).hasSize(0);
@@ -3578,13 +3768,13 @@ public void reportLoadStatsToServer() {
 
     lrsCall.sendResponse(Collections.singletonList(clusterName), 1000L);
     fakeClock.forwardNanos(1000L);
-    lrsCall.verifyNextReportClusters(Collections.singletonList(new String[] {clusterName, null}));
+    lrsCall.verifyNextReportClusters(Collections.singletonList(new String[]{clusterName, null}));
 
     dropStats.release();
     fakeClock.forwardNanos(1000L);
     // In case of having unreported cluster stats, one last report will be sent after corresponding
     // stats object released.
-    lrsCall.verifyNextReportClusters(Collections.singletonList(new String[] {clusterName, null}));
+    lrsCall.verifyNextReportClusters(Collections.singletonList(new String[]{clusterName, null}));
 
     fakeClock.forwardNanos(1000L);
     // Currently load reporting continues (with empty stats) even if all stats objects have been
@@ -3658,18 +3848,18 @@ public void serverSideListenerNotFound() {
   @Test
   public void serverSideListenerResponseErrorHandling_badDownstreamTlsContext() {
     GrpcXdsClientImplTestBase.DiscoveryRpcCall call =
-            startResourceWatcher(XdsListenerResource.getInstance(), LISTENER_RESOURCE,
-                ldsResourceWatcher);
+        startResourceWatcher(XdsListenerResource.getInstance(), LISTENER_RESOURCE,
+            ldsResourceWatcher);
     Message hcmFilter = mf.buildHttpConnectionManagerFilter(
-            "route-foo.googleapis.com", null,
+        "route-foo.googleapis.com", null,
         Collections.singletonList(mf.buildTerminalFilter()));
     Message downstreamTlsContext = CommonTlsContextTestsUtil.buildTestDownstreamTlsContext(
-            null, null,false);
+        null, null, false);
     Message filterChain = mf.buildFilterChain(
-            Collections.<String>emptyList(), downstreamTlsContext, "envoy.transport_sockets.tls",
+        Collections.<String>emptyList(), downstreamTlsContext, "envoy.transport_sockets.tls",
         hcmFilter);
     Message listener =
-            mf.buildListenerWithFilterChain(LISTENER_RESOURCE, 7000, "0.0.0.0", filterChain);
+        mf.buildListenerWithFilterChain(LISTENER_RESOURCE, 7000, "0.0.0.0", filterChain);
     List<Any> listeners = ImmutableList.of(Any.pack(listener));
     call.sendResponse(LDS, listeners, "0", "0000");
     // The response NACKed with errors indicating indices of the failed resources.
@@ -3690,7 +3880,7 @@ public void serverSideListenerResponseErrorHandling_badTransportSocketName() {
         "route-foo.googleapis.com", null,
         Collections.singletonList(mf.buildTerminalFilter()));
     Message downstreamTlsContext = CommonTlsContextTestsUtil.buildTestDownstreamTlsContext(
-        "cert1", "cert2",false);
+        "cert1", "cert2", false);
     Message filterChain = mf.buildFilterChain(
         Collections.<String>emptyList(), downstreamTlsContext, "envoy.transport_sockets.bad1",
         hcmFilter);
@@ -3721,6 +3911,9 @@ public void sendingToStoppedServer() throws Exception {
       xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE,
           ldsResourceWatcher);
       fakeClock.forwardTime(14, TimeUnit.SECONDS);
+      // Check metric data.
+      callback_ReportServerConnection();
+      verifyServerConnection(1, false, xdsServerInfo.target());
 
       // Restart the server
       xdsServer = cleanupRule.register(
@@ -3735,11 +3928,18 @@ public void sendingToStoppedServer() throws Exception {
       verify(ldsResourceWatcher, never()).onResourceDoesNotExist(LDS_RESOURCE);
       fakeClock.forwardTime(20, TimeUnit.SECONDS); // Trigger rpcRetryTimer
       DiscoveryRpcCall call = resourceDiscoveryCalls.poll(3, TimeUnit.SECONDS);
+      // Check metric data.
+      callback_ReportServerConnection();
+      verifyServerConnection(2, false, xdsServerInfo.target());
       if (call == null) { // The first rpcRetry may have happened before the channel was ready
         fakeClock.forwardTime(50, TimeUnit.SECONDS);
         call = resourceDiscoveryCalls.poll(3, TimeUnit.SECONDS);
       }
 
+      // Check metric data.
+      callback_ReportServerConnection();
+      verifyServerConnection(3, false, xdsServerInfo.target());
+
       // NOTE:  There is a ScheduledExecutorService that may get involved due to the reconnect
       // so you cannot rely on the logic being single threaded.  The timeout() in verifyRequest
       // is therefore necessary to avoid flakiness.
@@ -3751,6 +3951,9 @@ public void sendingToStoppedServer() throws Exception {
       assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
       verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
       verifySubscribedResourcesMetadataSizes(1, 1, 0, 0);
+      // Check metric data.
+      callback_ReportServerConnection();
+      verifyServerConnection(1, true, xdsServerInfo.target());
     } catch (Throwable t) {
       throw t; // This allows putting a breakpoint here for debugging
     }
@@ -3782,6 +3985,152 @@ public void sendToNonexistentServer() throws Exception {
     client.shutdown();
   }
 
+  @Test
+  public void validAndInvalidResourceMetricReport() {
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "A", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "A.1", edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "B", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "B.1", edsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), "C", cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "C.1", edsResourceWatcher);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    assertThat(call).isNotNull();
+
+    // CDS -> {A, B, C}, version 1
+    ImmutableMap<String, Any> resourcesV1 = ImmutableMap.of(
+        "A", Any.pack(mf.buildEdsCluster("A", "A.1", "round_robin", null, null, false, null,
+            "envoy.transport_sockets.tls", null, null
+        )),
+        "B", Any.pack(mf.buildEdsCluster("B", "B.1", "round_robin", null, null, false, null,
+            "envoy.transport_sockets.tls", null, null
+        )),
+        "C", Any.pack(mf.buildEdsCluster("C", "C.1", "round_robin", null, null, false, null,
+            "envoy.transport_sockets.tls", null, null
+        )));
+    call.sendResponse(CDS, resourcesV1.values().asList(), VERSION_1, "0000");
+    // {A, B, C} -> ACK, version 1
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(), CDS.typeUrl());
+
+    // EDS -> {A.1, B.1, C.1}, version 1
+    List<Message> dropOverloads = ImmutableList.of();
+    List<Message> endpointsV1 = ImmutableList.of(lbEndpointHealthy);
+    ImmutableMap<String, Any> resourcesV11 = ImmutableMap.of(
+        "A.1", Any.pack(mf.buildClusterLoadAssignment("A.1", endpointsV1, dropOverloads)),
+        "B.1", Any.pack(mf.buildClusterLoadAssignment("B.1", endpointsV1, dropOverloads)),
+        "C.1", Any.pack(mf.buildClusterLoadAssignment("C.1", endpointsV1, dropOverloads)));
+    call.sendResponse(EDS, resourcesV11.values().asList(), VERSION_1, "0000");
+    // {A.1, B.1, C.1} -> ACK, version 1
+    verifyResourceValidInvalidCount(1, 3, 0, xdsServerInfo.target(), EDS.typeUrl());
+
+    // CDS -> {A, B}, version 2
+    // Failed to parse endpoint B
+    ImmutableMap<String, Any> resourcesV2 = ImmutableMap.of(
+        "A", Any.pack(mf.buildEdsCluster("A", "A.2", "round_robin", null, null, false, null,
+            "envoy.transport_sockets.tls", null, null
+        )),
+        "B", Any.pack(mf.buildClusterInvalid("B")));
+    call.sendResponse(CDS, resourcesV2.values().asList(), VERSION_2, "0001");
+    // {A} -> ACK, version 2
+    // {B} -> NACK, version 1, rejected version 2, rejected reason: Failed to parse B
+    // {C} -> does not exist
+    verifyResourceValidInvalidCount(1, 1, 1, xdsServerInfo.target(), CDS.typeUrl());
+  }
+
+  @Test
+  public void serverFailureMetricReport() {
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
+        rdsResourceWatcher);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    // Management server closes the RPC stream before sending any response.
+    call.sendCompleted();
+    verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
+        .onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
+        "ADS stream closed with OK before receiving a response");
+    verify(rdsResourceWatcher).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
+        "ADS stream closed with OK before receiving a response");
+    verifyServerFailureCount(1, 1, xdsServerInfo.target());
+  }
+
+  @Test
+  public void serverFailureMetricReport_forRetryAndBackoff() {
+    InOrder inOrder = Mockito.inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
+        rdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, cdsResourceWatcher);
+    xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, edsResourceWatcher);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+
+    // Management server closes the RPC stream with an error.
+    call.sendError(Status.UNKNOWN.asException());
+    verifyServerFailureCount(1, 1, xdsServerInfo.target());
+
+    // Retry after backoff.
+    inOrder.verify(backoffPolicyProvider).get();
+    inOrder.verify(backoffPolicy1).nextBackoffNanos();
+    ScheduledTask retryTask =
+        Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
+    assertThat(retryTask.getDelay(TimeUnit.NANOSECONDS)).isEqualTo(10L);
+    fakeClock.forwardNanos(10L);
+    call = resourceDiscoveryCalls.poll();
+
+    // Management server becomes unreachable.
+    String errorMsg = "my fault";
+    call.sendError(Status.UNAVAILABLE.withDescription(errorMsg).asException());
+    verifyServerFailureCount(2, 1, xdsServerInfo.target());
+
+    // Retry after backoff.
+    inOrder.verify(backoffPolicy1).nextBackoffNanos();
+    retryTask =
+        Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
+    assertThat(retryTask.getDelay(TimeUnit.NANOSECONDS)).isEqualTo(100L);
+    fakeClock.forwardNanos(100L);
+    call = resourceDiscoveryCalls.poll();
+
+    List<Any> resources = ImmutableList.of(FAILING_ANY, testListenerRds, FAILING_ANY);
+    call.sendResponse(LDS, resources, "63", "3242");
+
+    List<Any> routeConfigs = ImmutableList.of(FAILING_ANY, testRouteConfig, FAILING_ANY);
+    call.sendResponse(RDS, routeConfigs, "5", "6764");
+
+    call.sendError(Status.DEADLINE_EXCEEDED.asException());
+    // Server Failure metric will not be reported, as stream is closed with an error after receiving
+    // a response
+    verifyServerFailureCount(2, 1, xdsServerInfo.target());
+
+    // Reset backoff sequence and retry after backoff.
+    inOrder.verify(backoffPolicyProvider).get();
+    inOrder.verify(backoffPolicy2).nextBackoffNanos();
+    retryTask =
+        Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
+    assertThat(retryTask.getDelay(TimeUnit.NANOSECONDS)).isEqualTo(20L);
+    fakeClock.forwardNanos(20L);
+    call = resourceDiscoveryCalls.poll();
+
+    // Management server becomes unreachable again.
+    call.sendError(Status.UNAVAILABLE.asException());
+    verifyServerFailureCount(3, 1, xdsServerInfo.target());
+
+    // Retry after backoff.
+    inOrder.verify(backoffPolicy2).nextBackoffNanos();
+    retryTask =
+        Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
+    assertThat(retryTask.getDelay(TimeUnit.NANOSECONDS)).isEqualTo(200L);
+    fakeClock.forwardNanos(200L);
+    call = resourceDiscoveryCalls.poll();
+
+    List<Any> clusters = ImmutableList.of(FAILING_ANY, testClusterRoundRobin);
+    call.sendResponse(CDS, clusters, VERSION_1, "0000");
+    call.sendCompleted();
+    // Server Failure metric will not be reported once again, as stream is closed after receiving a
+    // response
+    verifyServerFailureCount(3, 1, xdsServerInfo.target());
+  }
+
+
   private XdsClientImpl createXdsClient(String serverUri) {
     BootstrapInfo bootstrapInfo = buildBootStrap(serverUri);
     return new XdsClientImpl(
@@ -3792,10 +4141,11 @@ private XdsClientImpl createXdsClient(String serverUri) {
         fakeClock.getStopwatchSupplier(),
         timeProvider,
         MessagePrinter.INSTANCE,
-        new TlsContextManagerImpl(bootstrapInfo));
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
   }
 
-  private  BootstrapInfo buildBootStrap(String serverUri) {
+  private BootstrapInfo buildBootStrap(String serverUri) {
 
     ServerInfo xdsServerInfo = ServerInfo.create(serverUri, CHANNEL_CREDENTIALS,
         ignoreResourceDeletion(), true);
@@ -3902,7 +4252,7 @@ protected void sendResponse(
     }
 
     protected void sendResponse(XdsResourceType<?> type, Any resource, String versionInfo,
-                                String nonce) {
+        String nonce) {
       sendResponse(type, ImmutableList.of(resource), versionInfo, nonce);
     }
 
@@ -3934,6 +4284,7 @@ protected void sendResponse(List<String> clusters, long loadReportIntervalNano)
   }
 
   protected abstract static class MessageFactory {
+
     /** Throws {@link InvalidProtocolBufferException} on {@link Any#unpack(Class)}. */
     protected static final Any FAILING_ANY = Any.newBuilder().setTypeUrl("fake").build();
 
diff --git a/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java b/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
index ee164938b2d..4fb77f0be42 100644
--- a/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
@@ -23,6 +23,7 @@
 import static org.mockito.Mockito.when;
 
 import io.grpc.InsecureChannelCredentials;
+import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.SharedXdsClientPoolProvider.RefCountedXdsClientObjectPool;
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
@@ -51,6 +52,7 @@ public class SharedXdsClientPoolProviderTest {
   @Rule
   public final ExpectedException thrown = ExpectedException.none();
   private final Node node = Node.newBuilder().setId("SharedXdsClientPoolProviderTest").build();
+  private final MetricRecorder metricRecorder = new MetricRecorder() {};
   private static final String DUMMY_TARGET = "dummy";
 
   @Mock
@@ -64,7 +66,7 @@ public void noServer() throws XdsInitializationException {
     SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
     thrown.expect(XdsInitializationException.class);
     thrown.expectMessage("No xDS server provided");
-    provider.getOrCreate(DUMMY_TARGET);
+    provider.getOrCreate(DUMMY_TARGET, metricRecorder);
     assertThat(provider.get(DUMMY_TARGET)).isNull();
   }
 
@@ -77,9 +79,9 @@ public void sharedXdsClientObjectPool() throws XdsInitializationException {
 
     SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
     assertThat(provider.get(DUMMY_TARGET)).isNull();
-    ObjectPool<XdsClient> xdsClientPool = provider.getOrCreate(DUMMY_TARGET);
+    ObjectPool<XdsClient> xdsClientPool = provider.getOrCreate(DUMMY_TARGET, metricRecorder);
     verify(bootstrapper).bootstrap();
-    assertThat(provider.getOrCreate(DUMMY_TARGET)).isSameInstanceAs(xdsClientPool);
+    assertThat(provider.getOrCreate(DUMMY_TARGET, metricRecorder)).isSameInstanceAs(xdsClientPool);
     assertThat(provider.get(DUMMY_TARGET)).isNotNull();
     assertThat(provider.get(DUMMY_TARGET)).isSameInstanceAs(xdsClientPool);
     verifyNoMoreInteractions(bootstrapper);
@@ -90,8 +92,9 @@ public void refCountedXdsClientObjectPool_delayedCreation() {
     ServerInfo server = ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
         BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
+    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
     RefCountedXdsClientObjectPool xdsClientPool =
-        new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET);
+        provider.new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET, metricRecorder);
     assertThat(xdsClientPool.getXdsClientForTest()).isNull();
     XdsClient xdsClient = xdsClientPool.getObject();
     assertThat(xdsClientPool.getXdsClientForTest()).isNotNull();
@@ -103,8 +106,9 @@ public void refCountedXdsClientObjectPool_refCounted() {
     ServerInfo server = ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
         BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
+    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
     RefCountedXdsClientObjectPool xdsClientPool =
-        new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET);
+        provider.new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET, metricRecorder);
     // getObject once
     XdsClient xdsClient = xdsClientPool.getObject();
     assertThat(xdsClient).isNotNull();
@@ -123,8 +127,9 @@ public void refCountedXdsClientObjectPool_getObjectCreatesNewInstanceIfAlreadySh
     ServerInfo server = ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
         BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
+    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
     RefCountedXdsClientObjectPool xdsClientPool =
-        new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET);
+        provider.new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET, metricRecorder);
     XdsClient xdsClient1 = xdsClientPool.getObject();
     assertThat(xdsClientPool.returnObject(xdsClient1)).isNull();
     assertThat(xdsClient1.isShutDown()).isTrue();
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
index 0b8e89de721..b2b713e9a8e 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
@@ -23,6 +23,7 @@
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.Filter.NamedFilterConfig;
 import io.grpc.xds.XdsListenerResource.LdsUpdate;
@@ -73,12 +74,13 @@ public class XdsClientFederationTest {
   private ObjectPool<XdsClient> xdsClientPool;
   private XdsClient xdsClient;
   private static final String DUMMY_TARGET = "dummy";
+  private final MetricRecorder metricRecorder = new MetricRecorder() {};
 
   @Before
   public void setUp() throws XdsInitializationException {
     SharedXdsClientPoolProvider clientPoolProvider = new SharedXdsClientPoolProvider();
     clientPoolProvider.setBootstrapOverride(defaultBootstrapOverride());
-    xdsClientPool = clientPoolProvider.getOrCreate(DUMMY_TARGET);
+    xdsClientPool = clientPoolProvider.getOrCreate(DUMMY_TARGET, metricRecorder);
     xdsClient = xdsClientPool.getObject();
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java b/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java
new file mode 100644
index 00000000000..9ee3f88d921
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java
@@ -0,0 +1,394 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoInteractions;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Lists;
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.SettableFuture;
+import com.google.protobuf.Any;
+import io.envoyproxy.envoy.config.listener.v3.Listener;
+import io.grpc.MetricInstrument;
+import io.grpc.MetricRecorder;
+import io.grpc.MetricRecorder.BatchCallback;
+import io.grpc.MetricRecorder.BatchRecorder;
+import io.grpc.MetricSink;
+import io.grpc.xds.XdsClientMetricReporterImpl.MetricReporterCallback;
+import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsClient.ResourceMetadata;
+import io.grpc.xds.client.XdsClient.ServerConnectionCallback;
+import io.grpc.xds.client.XdsResourceType;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Handler;
+import java.util.logging.Level;
+import java.util.logging.LogRecord;
+import java.util.logging.Logger;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.ArgumentCaptor;
+import org.mockito.ArgumentMatcher;
+import org.mockito.Captor;
+import org.mockito.InOrder;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+
+/**
+ * Unit tests for {@link XdsClientMetricReporterImpl}.
+ */
+@RunWith(JUnit4.class)
+public class XdsClientMetricReporterImplTest {
+
+  private static final String target = "test-target";
+  private static final String server = "trafficdirector.googleapis.com";
+  private static final String resourceTypeUrl =
+      "resourceTypeUrl.googleapis.com/envoy.config.cluster.v3.Cluster";
+
+  @Rule
+  public final MockitoRule mocks = MockitoJUnit.rule();
+
+  @Mock
+  private MetricRecorder mockMetricRecorder;
+  @Mock
+  private XdsClient mockXdsClient;
+  @Mock
+  private BatchRecorder mockBatchRecorder;
+  @Captor
+  private ArgumentCaptor<BatchCallback> gaugeBatchCallbackCaptor;
+
+  private XdsClientMetricReporterImpl reporter;
+
+  @Before
+  public void setUp() {
+    reporter = new XdsClientMetricReporterImpl(mockMetricRecorder, target);
+  }
+
+  @Test
+  public void reportResourceUpdates() {
+    // TODO(dnvindhya): add the "authority" label once available.
+    reporter.reportResourceUpdates(10, 5, server, resourceTypeUrl);
+    verify(mockMetricRecorder).addLongCounter(
+        eqMetricInstrumentName("grpc.xds_client.resource_updates_valid"), eq((long) 10),
+        eq(Lists.newArrayList(target, server, resourceTypeUrl)),
+        eq(Lists.newArrayList()));
+    verify(mockMetricRecorder).addLongCounter(
+        eqMetricInstrumentName("grpc.xds_client.resource_updates_invalid"),
+        eq((long) 5),
+        eq(Lists.newArrayList(target, server, resourceTypeUrl)),
+        eq(Lists.newArrayList()));
+  }
+
+  @Test
+  public void reportServerFailure() {
+    reporter.reportServerFailure(1, server);
+    verify(mockMetricRecorder).addLongCounter(
+        eqMetricInstrumentName("grpc.xds_client.server_failure"), eq((long) 1),
+        eq(Lists.newArrayList(target, server)),
+        eq(Lists.newArrayList()));
+  }
+
+  @Test
+  public void setXdsClient_reportMetrics() throws Exception {
+    SettableFuture<Void> future = SettableFuture.create();
+    future.set(null);
+    when(mockXdsClient.getSubscribedResourcesMetadataSnapshot()).thenReturn(Futures.immediateFuture(
+        ImmutableMap.of()));
+    when(mockXdsClient.reportServerConnections(any(ServerConnectionCallback.class)))
+        .thenReturn(future);
+    reporter.setXdsClient(mockXdsClient);
+    verify(mockMetricRecorder).registerBatchCallback(gaugeBatchCallbackCaptor.capture(),
+        eqMetricInstrumentName("grpc.xds_client.connected"),
+        eqMetricInstrumentName("grpc.xds_client.resources"));
+    gaugeBatchCallbackCaptor.getValue().accept(mockBatchRecorder);
+    verify(mockXdsClient).reportServerConnections(any(ServerConnectionCallback.class));
+  }
+
+  @Test
+  public void setXdsClient_reportCallbackMetrics_resourceCountsFails() {
+    TestlogHandler testLogHandler = new TestlogHandler();
+    Logger logger = Logger.getLogger(XdsClientMetricReporterImpl.class.getName());
+    logger.addHandler(testLogHandler);
+
+    // For reporting resource counts connections, return a normally completed future
+    SettableFuture<Void> future = SettableFuture.create();
+    future.set(null);
+    when(mockXdsClient.getSubscribedResourcesMetadataSnapshot()).thenReturn(Futures.immediateFuture(
+        ImmutableMap.of()));
+
+    // Create a future that will throw an exception
+    SettableFuture<Void> serverConnectionsFeature = SettableFuture.create();
+    serverConnectionsFeature.setException(new Exception("test"));
+    when(mockXdsClient.reportServerConnections(any())).thenReturn(serverConnectionsFeature);
+
+    reporter.setXdsClient(mockXdsClient);
+    verify(mockMetricRecorder)
+        .registerBatchCallback(gaugeBatchCallbackCaptor.capture(), any(), any());
+    gaugeBatchCallbackCaptor.getValue().accept(mockBatchRecorder);
+    // Verify that the xdsClient methods were called
+    // verify(mockXdsClient).reportResourceCounts(any());
+    verify(mockXdsClient).reportServerConnections(any());
+
+    assertThat(testLogHandler.getLogs().size()).isEqualTo(1);
+    assertThat(testLogHandler.getLogs().get(0).getLevel()).isEqualTo(Level.WARNING);
+    assertThat(testLogHandler.getLogs().get(0).getMessage()).isEqualTo(
+        "Failed to report gauge metrics");
+    logger.removeHandler(testLogHandler);
+  }
+
+  @Test
+  public void metricGauges() {
+    SettableFuture<Void> future = SettableFuture.create();
+    future.set(null);
+    when(mockXdsClient.getSubscribedResourcesMetadataSnapshot()).thenReturn(Futures.immediateFuture(
+        ImmutableMap.of()));
+    when(mockXdsClient.reportServerConnections(any(ServerConnectionCallback.class)))
+        .thenReturn(future);
+    reporter.setXdsClient(mockXdsClient);
+    verify(mockMetricRecorder).registerBatchCallback(gaugeBatchCallbackCaptor.capture(),
+        eqMetricInstrumentName("grpc.xds_client.connected"),
+        eqMetricInstrumentName("grpc.xds_client.resources"));
+    BatchCallback gaugeBatchCallback = gaugeBatchCallbackCaptor.getValue();
+    InOrder inOrder = inOrder(mockBatchRecorder);
+    // Trigger the internal call to reportCallbackMetrics()
+    gaugeBatchCallback.accept(mockBatchRecorder);
+
+    ArgumentCaptor<ServerConnectionCallback> serverConnectionCallbackCaptor =
+        ArgumentCaptor.forClass(ServerConnectionCallback.class);
+    // verify(mockXdsClient).reportResourceCounts(resourceCallbackCaptor.capture());
+    verify(mockXdsClient).reportServerConnections(serverConnectionCallbackCaptor.capture());
+
+    // Get the captured callback
+    MetricReporterCallback callback = (MetricReporterCallback)
+        serverConnectionCallbackCaptor.getValue();
+
+    // Verify that reportResourceCounts and reportServerConnections were called
+    // with the captured callback
+    callback.reportResourceCountGauge(10, "acked", resourceTypeUrl);
+    inOrder.verify(mockBatchRecorder)
+        .recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"), eq(10L), any(),
+            any());
+    callback.reportServerConnectionGauge(true, "xdsServer");
+    inOrder.verify(mockBatchRecorder)
+        .recordLongGauge(eqMetricInstrumentName("grpc.xds_client.connected"), eq(1L), any(), any());
+
+    inOrder.verifyNoMoreInteractions();
+  }
+
+  @Test
+  public void metricReporterCallback() {
+    MetricReporterCallback callback =
+        new MetricReporterCallback(mockBatchRecorder, target);
+
+    callback.reportServerConnectionGauge(true, server);
+    verify(mockBatchRecorder, times(1)).recordLongGauge(
+        eqMetricInstrumentName("grpc.xds_client.connected"), eq(1L),
+        eq(Lists.newArrayList(target, server)),
+        eq(Lists.newArrayList()));
+
+    String cacheState = "requested";
+    callback.reportResourceCountGauge(10, cacheState, resourceTypeUrl);
+    verify(mockBatchRecorder, times(1)).recordLongGauge(
+        eqMetricInstrumentName("grpc.xds_client.resources"), eq(10L),
+        eq(Arrays.asList(target, cacheState, resourceTypeUrl)),
+        eq(Collections.emptyList()));
+  }
+
+  @Test
+  public void reportCallbackMetrics_computeAndReportResourceCounts() {
+    Map<XdsResourceType<?>, Map<String, ResourceMetadata>> metadataByType = new HashMap<>();
+    XdsResourceType<?> listenerResource = XdsListenerResource.getInstance();
+    XdsResourceType<?> routeConfigResource = XdsRouteConfigureResource.getInstance();
+    XdsResourceType<?> clusterResource = XdsClusterResource.getInstance();
+
+    Any rawListener =
+        Any.pack(Listener.newBuilder().setName("listener.googleapis.com").build());
+    long nanosLastUpdate = 1577923199_606042047L;
+
+    Map<String, ResourceMetadata> ldsResourceMetadataMap = new HashMap<>();
+    ldsResourceMetadataMap.put("resource1",
+        ResourceMetadata.newResourceMetadataRequested());
+    ResourceMetadata ackedLdsResource = ResourceMetadata.newResourceMetadataAcked(rawListener, "42",
+        nanosLastUpdate);
+    ldsResourceMetadataMap.put("resource2", ackedLdsResource);
+    ldsResourceMetadataMap.put("resource3",
+        ResourceMetadata.newResourceMetadataAcked(rawListener, "43", nanosLastUpdate));
+    ldsResourceMetadataMap.put("resource4",
+        ResourceMetadata.newResourceMetadataNacked(ackedLdsResource, "44", nanosLastUpdate,
+            "nacked after previous ack", true));
+
+    Map<String, ResourceMetadata> rdsResourceMetadataMap = new HashMap<>();
+    ResourceMetadata requestedRdsResourceMetadata = ResourceMetadata.newResourceMetadataRequested();
+    rdsResourceMetadataMap.put("resource5",
+        ResourceMetadata.newResourceMetadataNacked(requestedRdsResourceMetadata, "24",
+            nanosLastUpdate, "nacked after request", false));
+    rdsResourceMetadataMap.put("resource6",
+        ResourceMetadata.newResourceMetadataDoesNotExist());
+
+    Map<String, ResourceMetadata> cdsResourceMetadataMap = new HashMap<>();
+    cdsResourceMetadataMap.put("resource7", ResourceMetadata.newResourceMetadataUnknown());
+
+    metadataByType.put(listenerResource, ldsResourceMetadataMap);
+    metadataByType.put(routeConfigResource, rdsResourceMetadataMap);
+    metadataByType.put(clusterResource, cdsResourceMetadataMap);
+
+    SettableFuture<Void> reportServerConnectionsCompleted = SettableFuture.create();
+    reportServerConnectionsCompleted.set(null);
+    when(mockXdsClient.reportServerConnections(any(MetricReporterCallback.class)))
+        .thenReturn(reportServerConnectionsCompleted);
+
+    ListenableFuture<Map<XdsResourceType<?>, Map<String, ResourceMetadata>>>
+        getResourceMetadataCompleted = Futures.immediateFuture(metadataByType);
+    when(mockXdsClient.getSubscribedResourcesMetadataSnapshot())
+        .thenReturn(getResourceMetadataCompleted);
+
+    reporter.reportCallbackMetrics(mockBatchRecorder, mockXdsClient);
+
+    // LDS resource requested
+    verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
+        eq(1L), eq(Arrays.asList(target, "requested", listenerResource.typeUrl())), any());
+    // LDS resources acked
+    verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
+        eq(2L), eq(Arrays.asList(target, "acked", listenerResource.typeUrl())), any());
+    // LDS resource nacked but cached
+    verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
+        eq(1L), eq(Arrays.asList(target, "nacked_but_cached", listenerResource.typeUrl())), any());
+
+    // RDS resource nacked
+    verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
+        eq(1L), eq(Arrays.asList(target, "nacked", routeConfigResource.typeUrl())), any());
+    // RDS resource does not exist
+    verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
+        eq(1L), eq(Arrays.asList(target, "does_not_exist", routeConfigResource.typeUrl())), any());
+
+    // CDS resource unknown
+    verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
+        eq(1L), eq(Arrays.asList(target, "unknown", clusterResource.typeUrl())), any());
+    verifyNoMoreInteractions(mockBatchRecorder);
+  }
+
+  @Test
+  public void reportCallbackMetrics_computeAndReportResourceCounts_emptyResources() {
+    Map<XdsResourceType<?>, Map<String, ResourceMetadata>> metadataByType = new HashMap<>();
+    XdsResourceType<?> listenerResource = XdsListenerResource.getInstance();
+    metadataByType.put(listenerResource, Collections.emptyMap());
+
+    SettableFuture<Void> reportServerConnectionsCompleted = SettableFuture.create();
+    reportServerConnectionsCompleted.set(null);
+    when(mockXdsClient.reportServerConnections(any(MetricReporterCallback.class)))
+        .thenReturn(reportServerConnectionsCompleted);
+
+    ListenableFuture<Map<XdsResourceType<?>, Map<String, ResourceMetadata>>>
+        getResourceMetadataCompleted = Futures.immediateFuture(metadataByType);
+    when(mockXdsClient.getSubscribedResourcesMetadataSnapshot())
+        .thenReturn(getResourceMetadataCompleted);
+
+    reporter.reportCallbackMetrics(mockBatchRecorder, mockXdsClient);
+
+    // Verify that reportResourceCountGauge is never called
+    verifyNoInteractions(mockBatchRecorder);
+  }
+
+  @Test
+  public void reportCallbackMetrics_computeAndReportResourceCounts_nullMetadata() {
+    TestlogHandler testLogHandler = new TestlogHandler();
+    Logger logger = Logger.getLogger(XdsClientMetricReporterImpl.class.getName());
+    logger.addHandler(testLogHandler);
+
+    SettableFuture<Void> reportServerConnectionsCompleted = SettableFuture.create();
+    reportServerConnectionsCompleted.set(null);
+    when(mockXdsClient.reportServerConnections(any(MetricReporterCallback.class)))
+        .thenReturn(reportServerConnectionsCompleted);
+
+    ListenableFuture<Map<XdsResourceType<?>, Map<String, ResourceMetadata>>>
+        getResourceMetadataCompleted = Futures.immediateFailedFuture(
+            new Exception("Error generating metadata snapshot"));
+    when(mockXdsClient.getSubscribedResourcesMetadataSnapshot())
+        .thenReturn(getResourceMetadataCompleted);
+
+    reporter.reportCallbackMetrics(mockBatchRecorder, mockXdsClient);
+    assertThat(testLogHandler.getLogs().size()).isEqualTo(1);
+    assertThat(testLogHandler.getLogs().get(0).getLevel()).isEqualTo(Level.WARNING);
+    assertThat(testLogHandler.getLogs().get(0).getMessage()).isEqualTo(
+        "Failed to report gauge metrics");
+    logger.removeHandler(testLogHandler);
+  }
+
+  @Test
+  public void close_closesGaugeRegistration() {
+    MetricSink.Registration mockRegistration = mock(MetricSink.Registration.class);
+    when(mockMetricRecorder.registerBatchCallback(any(MetricRecorder.BatchCallback.class),
+        eqMetricInstrumentName("grpc.xds_client.connected"),
+        eqMetricInstrumentName("grpc.xds_client.resources"))).thenReturn(mockRegistration);
+
+    // Sets XdsClient and register the gauges
+    reporter.setXdsClient(mockXdsClient);
+    // Closes registered gauges
+    reporter.close();
+    verify(mockRegistration, times(1)).close();
+  }
+
+  @SuppressWarnings("TypeParameterUnusedInFormals")
+  private <T extends MetricInstrument> T eqMetricInstrumentName(String name) {
+    return argThat(new ArgumentMatcher<T>() {
+      @Override
+      public boolean matches(T instrument) {
+        return instrument.getName().equals(name);
+      }
+    });
+  }
+
+  static class TestlogHandler extends Handler {
+    List<LogRecord> logs = new ArrayList<>();
+
+    @Override
+    public void publish(LogRecord record) {
+      logs.add(record);
+    }
+
+    @Override
+    public void close() {}
+
+    @Override
+    public void flush() {}
+
+    public List<LogRecord> getLogs() {
+      return logs;
+    }
+  }
+
+}
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverProviderTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverProviderTest.java
index a216c3de028..33aae268c60 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverProviderTest.java
@@ -23,6 +23,7 @@
 import com.google.common.collect.ImmutableMap;
 import io.grpc.ChannelLogger;
 import io.grpc.InternalServiceProviders;
+import io.grpc.MetricRecorder;
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.ServiceConfigParser;
 import io.grpc.NameResolverProvider;
@@ -57,6 +58,7 @@ public void uncaughtException(Thread t, Throwable e) {
       .setServiceConfigParser(mock(ServiceConfigParser.class))
       .setScheduledExecutorService(fakeClock.getScheduledExecutorService())
       .setChannelLogger(mock(ChannelLogger.class))
+      .setMetricRecorder(mock(MetricRecorder.class))
       .build();
 
   private XdsNameResolverProvider provider = new XdsNameResolverProvider();
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index f32c198f21f..6f4c1503cee 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -55,6 +55,7 @@
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.MethodDescriptor.MethodType;
+import io.grpc.MetricRecorder;
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.NameResolver.ResolutionResult;
@@ -152,6 +153,7 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
   private final CallInfo call1 = new CallInfo("HelloService", "hi");
   private final CallInfo call2 = new CallInfo("GreetService", "bye");
   private final TestChannel channel = new TestChannel();
+  private final MetricRecorder metricRecorder = new MetricRecorder() {};
   private BootstrapInfo bootstrapInfo = BootstrapInfo.builder()
       .servers(ImmutableList.of(ServerInfo.create(
           "td.googleapis.com", InsecureChannelCredentials.create())))
@@ -187,7 +189,7 @@ public void setUp() {
         RouterFilter.INSTANCE);
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, filterRegistry, null);
+        xdsClientPoolFactory, mockRandom, filterRegistry, null, metricRecorder);
   }
 
   @After
@@ -215,7 +217,8 @@ public ObjectPool<XdsClient> get(String target) {
       }
 
       @Override
-      public ObjectPool<XdsClient> getOrCreate(String target) throws XdsInitializationException {
+      public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
+          throws XdsInitializationException {
         throw new XdsInitializationException("Fail to read bootstrap file");
       }
 
@@ -227,7 +230,8 @@ public List<String> getTargets() {
 
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     verify(mockListener).onError(errorCaptor.capture());
     Status error = errorCaptor.getValue();
@@ -240,7 +244,8 @@ public List<String> getTargets() {
   public void resolving_withTargetAuthorityNotFound() {
     resolver = new XdsNameResolver(targetUri,
         "notfound.google.com", AUTHORITY, null, serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     verify(mockListener).onError(errorCaptor.capture());
     Status error = errorCaptor.getValue();
@@ -262,7 +267,7 @@ public void resolving_noTargetAuthority_templateWithoutXdstp() {
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext,
         scheduler, xdsClientPoolFactory,
-        mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        mockRandom, FilterRegistry.getDefaultRegistry(), null, metricRecorder);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
   }
@@ -282,7 +287,8 @@ public void resolving_noTargetAuthority_templateWithXdstp() {
             + "%5B::FFFF:129.144.52.38%5D:80?id=1";
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
   }
@@ -302,7 +308,8 @@ public void resolving_noTargetAuthority_xdstpWithMultipleSlashes() {
             + "path/to/service?id=1";
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
 
 
     // The Service Authority must be URL encoded, but unlike the LDS resource name.
@@ -330,7 +337,8 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
         + "%5B::FFFF:129.144.52.38%5D:80?bar=2&foo=1"; // query param canonified
     resolver = new XdsNameResolver(targetUri,
         "xds.authority.com", serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
   }
@@ -362,7 +370,8 @@ public void resolving_ldsResourceUpdateRdsName() {
         .build();
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     // use different ldsResourceName and service authority. The virtualhost lookup should use
     // service authority.
     expectedLdsResourceName = "test-" + expectedLdsResourceName;
@@ -543,7 +552,8 @@ public void resolving_matchingVirtualHostNotFound_matchingOverrideAuthority() {
 
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, "random",
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(0L, Arrays.asList(virtualHost));
@@ -566,7 +576,8 @@ public void resolving_matchingVirtualHostNotFound_notMatchingOverrideAuthority()
 
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, "random",
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(0L, Arrays.asList(virtualHost));
@@ -577,7 +588,8 @@ public void resolving_matchingVirtualHostNotFound_notMatchingOverrideAuthority()
   public void resolving_matchingVirtualHostNotFoundForOverrideAuthority() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, AUTHORITY,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(0L, buildUnmatchedVirtualHosts());
@@ -661,7 +673,8 @@ public void retryPolicyInPerMethodConfigGeneratedByResolverIsValid() {
     ServiceConfigParser realParser = new ScParser(
         true, 5, 5, new AutoConfiguredLoadBalancerFactory("pick-first"));
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, realParser, syncContext,
-        scheduler, xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        scheduler, xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     RetryPolicy retryPolicy = RetryPolicy.create(
@@ -871,7 +884,8 @@ public void resolved_rpcHashingByChannelId() {
     when(mockRandom.nextLong()).thenReturn(123L);
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        metricRecorder);
     resolver.start(mockListener);
     xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
@@ -904,7 +918,7 @@ public void resolved_rpcHashingByChannelId() {
   public void resolved_routeActionHasAutoHostRewrite_emitsCallOptionForTheSame() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler, xdsClientPoolFactory, mockRandom,
-        FilterRegistry.getDefaultRegistry(), null);
+        FilterRegistry.getDefaultRegistry(), null, metricRecorder);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
@@ -935,7 +949,7 @@ public void resolved_routeActionHasAutoHostRewrite_emitsCallOptionForTheSame() {
   public void resolved_routeActionNoAutoHostRewrite_doesntEmitCallOptionForTheSame() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler, xdsClientPoolFactory, mockRandom,
-        FilterRegistry.getDefaultRegistry(), null);
+        FilterRegistry.getDefaultRegistry(), null, metricRecorder);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
@@ -1994,7 +2008,8 @@ public ObjectPool<XdsClient> get(String target) {
     }
 
     @Override
-    public ObjectPool<XdsClient> getOrCreate(String target) throws XdsInitializationException {
+    public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
+        throws XdsInitializationException {
       targets.add(target);
       return new ObjectPool<XdsClient>() {
         @Override
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
index 791318c5355..a27c2917712 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
@@ -22,6 +22,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.SettableFuture;
 import io.grpc.InsecureChannelCredentials;
+import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.EnvoyServerProtoData.ConnectionSourceType;
 import io.grpc.xds.EnvoyServerProtoData.FilterChain;
@@ -151,7 +152,8 @@ public ObjectPool<XdsClient> get(String target) {
     }
 
     @Override
-    public ObjectPool<XdsClient> getOrCreate(String target) throws XdsInitializationException {
+    public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
+        throws XdsInitializationException {
       return new ObjectPool<XdsClient>() {
         @Override
         public XdsClient getObject() {

From a79982c7fded85ac6f53896f045e959b6cbd7c43 Mon Sep 17 00:00:00 2001
From: Yash Tibrewal <yashkt@google.com>
Date: Mon, 25 Nov 2024 21:07:52 -0800
Subject: [PATCH 094/591] [CSM] Use xds-enabled server and xds credentials in
 examples (#11706)

---
 examples/example-gcp-csm-observability/build.gradle  |  1 +
 .../csmobservability/CsmObservabilityClient.java     |  7 +++++--
 .../csmobservability/CsmObservabilityServer.java     | 12 ++++++++----
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 7a72ebcdcd9..87bdc32f64f 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -34,6 +34,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-gcp-csm-observability:${grpcVersion}"
+    implementation "io.grpc:grpc-xds:${grpcVersion}"
     implementation "io.opentelemetry:opentelemetry-sdk:${openTelemetryVersion}"
     implementation "io.opentelemetry:opentelemetry-sdk-metrics:${openTelemetryVersion}"
     implementation "io.opentelemetry:opentelemetry-exporter-prometheus:${openTelemetryPrometheusVersion}"
diff --git a/examples/example-gcp-csm-observability/src/main/java/io/grpc/examples/csmobservability/CsmObservabilityClient.java b/examples/example-gcp-csm-observability/src/main/java/io/grpc/examples/csmobservability/CsmObservabilityClient.java
index 7387c18da96..dd0ab7eb546 100644
--- a/examples/example-gcp-csm-observability/src/main/java/io/grpc/examples/csmobservability/CsmObservabilityClient.java
+++ b/examples/example-gcp-csm-observability/src/main/java/io/grpc/examples/csmobservability/CsmObservabilityClient.java
@@ -25,6 +25,7 @@
 import io.grpc.examples.helloworld.HelloReply;
 import io.grpc.examples.helloworld.HelloRequest;
 import io.grpc.gcp.csm.observability.CsmObservability;
+import io.grpc.xds.XdsChannelCredentials;
 import io.opentelemetry.exporter.prometheus.PrometheusHttpServer;
 import io.opentelemetry.sdk.OpenTelemetrySdk;
 import io.opentelemetry.sdk.metrics.SdkMeterProvider;
@@ -127,8 +128,10 @@ public void run() {
     observability.registerGlobal();
 
     // Create a communication channel to the server, known as a Channel.
-    ManagedChannel channel = Grpc.newChannelBuilder(target, InsecureChannelCredentials.create())
-        .build();
+    ManagedChannel channel =
+        Grpc.newChannelBuilder(
+                target, XdsChannelCredentials.create(InsecureChannelCredentials.create()))
+            .build();
     CsmObservabilityClient client = new CsmObservabilityClient(channel);
 
     try {
diff --git a/examples/example-gcp-csm-observability/src/main/java/io/grpc/examples/csmobservability/CsmObservabilityServer.java b/examples/example-gcp-csm-observability/src/main/java/io/grpc/examples/csmobservability/CsmObservabilityServer.java
index 78df71b65a9..589753b1a4c 100644
--- a/examples/example-gcp-csm-observability/src/main/java/io/grpc/examples/csmobservability/CsmObservabilityServer.java
+++ b/examples/example-gcp-csm-observability/src/main/java/io/grpc/examples/csmobservability/CsmObservabilityServer.java
@@ -24,6 +24,8 @@
 import io.grpc.examples.helloworld.HelloRequest;
 import io.grpc.gcp.csm.observability.CsmObservability;
 import io.grpc.stub.StreamObserver;
+import io.grpc.xds.XdsServerBuilder;
+import io.grpc.xds.XdsServerCredentials;
 import io.opentelemetry.exporter.prometheus.PrometheusHttpServer;
 import io.opentelemetry.sdk.OpenTelemetrySdk;
 import io.opentelemetry.sdk.metrics.SdkMeterProvider;
@@ -40,10 +42,12 @@ public class CsmObservabilityServer {
 
   private Server server;
   private void start(int port) throws IOException {
-    server = Grpc.newServerBuilderForPort(port, InsecureServerCredentials.create())
-        .addService(new GreeterImpl())
-        .build()
-        .start();
+    server =
+        XdsServerBuilder.forPort(
+                port, XdsServerCredentials.create(InsecureServerCredentials.create()))
+            .addService(new GreeterImpl())
+            .build()
+            .start();
     logger.info("Server started, listening on " + port);
   }
 

From 29dd9bad3f19f948a8d157449b022b96b5b8d6b6 Mon Sep 17 00:00:00 2001
From: Riya Mehta <riyamehta@google.com>
Date: Mon, 25 Nov 2024 16:30:56 -0800
Subject: [PATCH 095/591] change s2av2_credentials to s2a

---
 s2a/BUILD.bazel | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
index 283828a9f7e..f8fb7f1df5e 100644
--- a/s2a/BUILD.bazel
+++ b/s2a/BUILD.bazel
@@ -79,7 +79,7 @@ java_library(
 )
 
 java_library(
-    name = "s2av2_credentials",
+    name = "s2a",
     srcs = ["src/main/java/io/grpc/s2a/S2AChannelCredentials.java"],
     visibility = ["//visibility:public"],
     deps = [

From 229a010f55cbb729489df195035c08749f9deb2a Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 26 Nov 2024 21:36:50 +0530
Subject: [PATCH 096/591] Start 1.70.0 development cycle (#11708)

* Start 1.70.0 development cycle
---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 724f537ee6f..edb5284a23d 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.69.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.70.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 1013a2a4386..52ca19ab4ba 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.69.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.70.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index adfe415c845..36ff11a160a 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.69.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.70.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 438d067ac0d..69a1b0947b5 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.69.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.70.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index f519b502c1f..8a65c7d6c2b 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.69.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.70.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index e7b65724a5b..72541817979 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,5 +1,5 @@
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.69.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.70.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 271d29cfb4b..d279155b64e 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,12 +54,12 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index e51176cc4f6..d56a447377b 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index 3209937ba70..1dceb21b5c9 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index 1fdf43d1f3f..2bb696027fd 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,8 +53,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index 83877cbb8d9..756a9c47bb1 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index e0d565a41f2..f0dc0bd8850 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -24,7 +24,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 7926d53138b..7cd3b5de38e 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -25,7 +25,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index d08ec7787eb..2239bc03d5a 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index ca9ad9a60b8..875bdfda623 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -25,7 +25,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 94691b1d1d2..3c7f14cacde 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 98841c20ef9..3ff0284c5a1 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -24,7 +24,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 6a1b11d5e20..0aeedccbda3 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 87bdc32f64f..c72f1ba9753 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -25,7 +25,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 3365b844895..5199105baae 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -25,7 +25,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 54407994dab..784b0c71a47 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index baebfc6fc50..b22318f4d53 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 0e14f369ebe..ba7aeb05b19 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index d20358f9266..f90da62fcd8 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index ee46d69cdaf..6e07cbc7447 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index fe48c0db6ee..22d42abf642 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index ccdcf93ebfd..5c1e419c82e 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -24,7 +24,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 43df71e5ed7..babd0c7d18e 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -18,7 +18,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 769e9bddee8..d82f5ecda7e 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -18,7 +18,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index e4a5128898f..50b9d47632c 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 1eb51182309..2d61862700b 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -24,7 +24,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index de32a5f9807..e16ce1018a8 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index a77e71b253c..bb404bdb07c 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 475747a5b5e..04cd792cd3e 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.69.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.69.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->

From 55cef6330f78f6e60419c0ec345328e222fbacb9 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Wed, 27 Nov 2024 10:48:59 -0800
Subject: [PATCH 097/591] s2a: Load resources from classpath instead of from
 disk

---
 .../grpc/s2a/S2AChannelCredentialsTest.java   |  16 +-
 .../S2AHandshakerServiceChannelTest.java      |  16 +-
 .../handshaker/FakeS2AServerTest.java         |  25 +++-
 .../s2a/internal/handshaker/FakeWriter.java   | 141 ++++++++++--------
 .../internal/handshaker/IntegrationTest.java  |  39 +++--
 .../handshaker/S2APrivateKeyMethodTest.java   |  10 +-
 .../s2a/internal/handshaker/S2AStubTest.java  |  26 +++-
 7 files changed, 156 insertions(+), 117 deletions(-)

diff --git a/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
index fd5bfd654f3..3e6eef7f470 100644
--- a/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java
@@ -22,7 +22,7 @@
 import io.grpc.ChannelCredentials;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.TlsChannelCredentials;
-import java.io.File;
+import java.io.InputStream;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -124,15 +124,13 @@ public void build_withUseMtlsToS2AWithLocalUid_success() throws Exception {
   }
 
   private static ChannelCredentials getTlsChannelCredentials() throws Exception {
-    String privateKeyPath = "src/test/resources/client_key.pem";
-    String certChainPath = "src/test/resources/client_cert.pem";
-    String trustBundlePath = "src/test/resources/root_cert.pem";
-    File privateKeyFile = new File(privateKeyPath);
-    File certChainFile = new File(certChainPath);
-    File trustBundleFile = new File(trustBundlePath);
+    ClassLoader classLoader = S2AChannelCredentialsTest.class.getClassLoader();
+    InputStream privateKey = classLoader.getResourceAsStream("client_key.pem");
+    InputStream certChain = classLoader.getResourceAsStream("client_cert.pem");
+    InputStream trustBundle = classLoader.getResourceAsStream("root_cert.pem");
     return TlsChannelCredentials.newBuilder()
-      .keyManager(certChainFile, privateKeyFile)
-      .trustManager(trustBundleFile)
+      .keyManager(certChain, privateKey)
+      .trustManager(trustBundle)
       .build();
   }
 }
\ No newline at end of file
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
index 46f705d2f77..9ba3caaf99e 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannelTest.java
@@ -37,7 +37,7 @@
 import io.grpc.testing.protobuf.SimpleRequest;
 import io.grpc.testing.protobuf.SimpleResponse;
 import io.grpc.testing.protobuf.SimpleServiceGrpc;
-import java.io.File;
+import java.io.InputStream;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Test;
@@ -218,9 +218,10 @@ public void create_mtlsSucceedsAfterCloseIsCalledOnce() throws Exception {
 
   private static Server createMtlsServer() throws Exception {
     SimpleServiceImpl service = new SimpleServiceImpl();
-    File serverCert = new File("src/test/resources/server_cert.pem");
-    File serverKey = new File("src/test/resources/server_key.pem");
-    File rootCert = new File("src/test/resources/root_cert.pem");
+    ClassLoader classLoader = S2AHandshakerServiceChannelTest.class.getClassLoader();
+    InputStream serverCert = classLoader.getResourceAsStream("server_cert.pem");
+    InputStream serverKey = classLoader.getResourceAsStream("server_key.pem");
+    InputStream rootCert = classLoader.getResourceAsStream("root_cert.pem");
     ServerCredentials creds =
         TlsServerCredentials.newBuilder()
             .keyManager(serverCert, serverKey)
@@ -238,9 +239,10 @@ private static Server createPlaintextServer() {
   }
 
   private static ChannelCredentials getTlsChannelCredentials() throws Exception {
-    File clientCert = new File("src/test/resources/client_cert.pem");
-    File clientKey = new File("src/test/resources/client_key.pem");
-    File rootCert = new File("src/test/resources/root_cert.pem");
+    ClassLoader classLoader = S2AHandshakerServiceChannelTest.class.getClassLoader();
+    InputStream clientCert = classLoader.getResourceAsStream("client_cert.pem");
+    InputStream clientKey = classLoader.getResourceAsStream("client_key.pem");
+    InputStream rootCert = classLoader.getResourceAsStream("root_cert.pem");
     return TlsChannelCredentials.newBuilder()
             .keyManager(clientCert, clientKey)
             .trustManager(rootCert)
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
index e1ee878b9cc..fc3bbba9e39 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
@@ -30,8 +30,8 @@
 import io.grpc.s2a.internal.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
+import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -118,18 +118,29 @@ public void onCompleted() {
       executor.awaitTermination(1, SECONDS);
     }
 
+    String leafCertString = "";
+    String cert2String = "";
+    String cert1String = "";
+    ClassLoader classLoader = FakeS2AServerTest.class.getClassLoader();
+    try (
+        InputStream leafCert = classLoader.getResourceAsStream("leaf_cert_ec.pem");
+        InputStream cert2 = classLoader.getResourceAsStream("int_cert2_ec.pem");
+        InputStream cert1 = classLoader.getResourceAsStream("int_cert1_ec.pem");
+    ) {
+      leafCertString = FakeWriter.convertInputStreamToString(leafCert);
+      cert2String = FakeWriter.convertInputStreamToString(cert2);
+      cert1String = FakeWriter.convertInputStreamToString(cert1);
+    }
+
     SessionResp expected =
         SessionResp.newBuilder()
             .setGetTlsConfigurationResp(
                 GetTlsConfigurationResp.newBuilder()
                     .setClientTlsConfiguration(
                         GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                            .addCertificateChain(new String(Files.readAllBytes(
-                              FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
-                            .addCertificateChain(new String(Files.readAllBytes(
-                              FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
-                            .addCertificateChain(new String(Files.readAllBytes(
-                              FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
+                            .addCertificateChain(leafCertString)
+                            .addCertificateChain(cert1String)
+                            .addCertificateChain(cert2String)
                             .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3)
                             .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3)
                             .addCiphersuites(
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
index 4455e77b1e2..0b3ecff3f8e 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
@@ -20,17 +20,17 @@
 import static io.grpc.s2a.internal.handshaker.TLSVersion.TLS_VERSION_1_3;
 
 import com.google.common.collect.ImmutableMap;
+import com.google.common.io.CharStreams;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import com.google.protobuf.ByteString;
 import io.grpc.stub.StreamObserver;
 import io.grpc.util.CertificateUtils;
-import java.io.File;
-import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.io.UnsupportedEncodingException;
 import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.Signature;
@@ -54,14 +54,7 @@ enum VerificationResult {
     FAILURE
   }
 
-  public static final File leafCertFile =
-      new File("src/test/resources/leaf_cert_ec.pem");
-  public static final File cert2File =
-      new File("src/test/resources/int_cert2_ec.pem");
-  public static final File cert1File =
-      new File("src/test/resources/int_cert1_ec.pem");
-  public static final File keyFile = 
-      new File("src/test/resources/leaf_key_ec.pem");
+  private static final ClassLoader classLoader = FakeWriter.class.getClassLoader();
   private static final ImmutableMap<SignatureAlgorithm, String>
       ALGORITHM_TO_SIGNATURE_INSTANCE_IDENTIFIER =
           ImmutableMap.of(
@@ -79,6 +72,10 @@ enum VerificationResult {
   private String failureReason;
   private PrivateKey privateKey;
 
+  public static String convertInputStreamToString(InputStream is) throws IOException {
+    return CharStreams.toString(new InputStreamReader(is, StandardCharsets.UTF_8));
+  }
+
   @CanIgnoreReturnValue
   FakeWriter setReader(StreamObserver<SessionResp> reader) {
     this.reader = reader;
@@ -106,11 +103,10 @@ FakeWriter setFailureReason(String failureReason) {
   @CanIgnoreReturnValue
   FakeWriter initializePrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException,
                     IOException, FileNotFoundException, UnsupportedEncodingException {
-    FileInputStream keyInputStream = new FileInputStream(keyFile);
-    try {
+    try (
+        InputStream keyInputStream = classLoader.getResourceAsStream("leaf_key_ec.pem");
+    ) {
       privateKey = CertificateUtils.getPrivateKey(keyInputStream);
-    } finally {
-      keyInputStream.close();
     }
     return this;
   }
@@ -130,32 +126,39 @@ void sendIoError() {
   }
 
   void sendGetTlsConfigResp() {
-    try {
-      reader.onNext(
-          SessionResp.newBuilder()
-              .setGetTlsConfigurationResp(
-                  GetTlsConfigurationResp.newBuilder()
-                      .setClientTlsConfiguration(
-                          GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                              .addCertificateChain(new String(Files.readAllBytes(
-                                FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
-                              .addCertificateChain(new String(Files.readAllBytes(
-                                FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
-                              .addCertificateChain(new String(Files.readAllBytes(
-                                FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
-                              .setMinTlsVersion(TLS_VERSION_1_3)
-                              .setMaxTlsVersion(TLS_VERSION_1_3)
-                              .addCiphersuites(
-                                  Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
-                              .addCiphersuites(
-                                  Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
-                              .addCiphersuites(
-                                  Ciphersuite
-                                  .CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
-              .build());
+    String leafCertString = "";
+    String cert2String = "";
+    String cert1String = "";
+    try (
+        InputStream leafCert = classLoader.getResourceAsStream("leaf_cert_ec.pem");
+        InputStream cert2 = classLoader.getResourceAsStream("int_cert2_ec.pem");
+        InputStream cert1 = classLoader.getResourceAsStream("int_cert1_ec.pem");
+    ) {
+      leafCertString = FakeWriter.convertInputStreamToString(leafCert);
+      cert2String = FakeWriter.convertInputStreamToString(cert2);
+      cert1String = FakeWriter.convertInputStreamToString(cert1);
     } catch (IOException e) {
       reader.onError(e);
     }
+    reader.onNext(
+        SessionResp.newBuilder()
+            .setGetTlsConfigurationResp(
+                GetTlsConfigurationResp.newBuilder()
+                    .setClientTlsConfiguration(
+                        GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                            .addCertificateChain(leafCertString)
+                            .addCertificateChain(cert1String)
+                            .addCertificateChain(cert2String)
+                            .setMinTlsVersion(TLS_VERSION_1_3)
+                            .setMaxTlsVersion(TLS_VERSION_1_3)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                            .addCiphersuites(
+                                Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                            .addCiphersuites(
+                                Ciphersuite
+                                .CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)))
+            .build());
   }
 
   boolean isFakeWriterClosed() {
@@ -191,25 +194,32 @@ public void onNext(SessionReq sessionReq) {
         reader.onCompleted();
         break;
       case BAD_TLS_VERSION_RESPONSE:
-        try {
-          reader.onNext(
-              SessionResp.newBuilder()
-                  .setGetTlsConfigurationResp(
-                      GetTlsConfigurationResp.newBuilder()
-                          .setClientTlsConfiguration(
-                              GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                                  .addCertificateChain(new String(Files.readAllBytes(
-                                    FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
-                                  .addCertificateChain(new String(Files.readAllBytes(
-                                    FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
-                                  .addCertificateChain(new String(Files.readAllBytes(
-                                    FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
-                                  .setMinTlsVersion(TLS_VERSION_1_3)
-                                  .setMaxTlsVersion(TLS_VERSION_1_2)))
-                  .build());
+        String leafCertString = "";
+        String cert2String = "";
+        String cert1String = "";
+        try (
+            InputStream leafCert = classLoader.getResourceAsStream("leaf_cert_ec.pem");
+            InputStream cert2 = classLoader.getResourceAsStream("int_cert2_ec.pem");
+            InputStream cert1 = classLoader.getResourceAsStream("int_cert1_ec.pem");
+        ) {
+          leafCertString = FakeWriter.convertInputStreamToString(leafCert);
+          cert2String = FakeWriter.convertInputStreamToString(cert2);
+          cert1String = FakeWriter.convertInputStreamToString(cert1);
         } catch (IOException e) {
           reader.onError(e);
         }
+        reader.onNext(
+            SessionResp.newBuilder()
+                .setGetTlsConfigurationResp(
+                    GetTlsConfigurationResp.newBuilder()
+                        .setClientTlsConfiguration(
+                            GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
+                                .addCertificateChain(leafCertString)
+                                .addCertificateChain(cert1String)
+                                .addCertificateChain(cert2String)
+                                .setMinTlsVersion(TLS_VERSION_1_3)
+                                .setMaxTlsVersion(TLS_VERSION_1_2)))
+                .build());
         break;
       default:
         try {
@@ -249,17 +259,28 @@ private SessionResp handleGetTlsConfigurationReq(GetTlsConfigurationReq req)
                   .setDetails("No TLS configuration for the server side."))
           .build();
     }
+    String leafCertString = "";
+    String cert2String = "";
+    String cert1String = "";
+    try (
+        InputStream leafCert = classLoader.getResourceAsStream("leaf_cert_ec.pem");
+        InputStream cert2 = classLoader.getResourceAsStream("int_cert2_ec.pem");
+        InputStream cert1 = classLoader.getResourceAsStream("int_cert1_ec.pem");
+    ) {
+      leafCertString = FakeWriter.convertInputStreamToString(leafCert);
+      cert2String = FakeWriter.convertInputStreamToString(cert2);
+      cert1String = FakeWriter.convertInputStreamToString(cert1);
+    } catch (IOException e) {
+      reader.onError(e);
+    }
     return SessionResp.newBuilder()
         .setGetTlsConfigurationResp(
             GetTlsConfigurationResp.newBuilder()
                 .setClientTlsConfiguration(
                     GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                        .addCertificateChain(new String(Files.readAllBytes(
-                          FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
-                        .addCertificateChain(new String(Files.readAllBytes(
-                          FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
-                        .addCertificateChain(new String(Files.readAllBytes(
-                          FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
+                        .addCertificateChain(leafCertString)
+                        .addCertificateChain(cert1String)
+                        .addCertificateChain(cert2String)
                         .setMinTlsVersion(TLS_VERSION_1_3)
                         .setMaxTlsVersion(TLS_VERSION_1_3)
                         .addCiphersuites(
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
index d842fde8dea..613983d9b39 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
@@ -46,7 +46,7 @@
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslProvider;
-import java.io.File;
+import java.io.InputStream;
 import java.util.concurrent.FutureTask;
 import java.util.logging.Logger;
 import javax.net.ssl.SSLException;
@@ -60,13 +60,6 @@
 @RunWith(JUnit4.class)
 public final class IntegrationTest {
   private static final Logger logger = Logger.getLogger(FakeS2AServer.class.getName());
-
-  public static final File privateKeyFile =
-      new File("src/test/resources/leaf_key_ec.pem");
-  public static final File rootCertFile =
-      new File("src/test/resources/root_cert_ec.pem");
-  public static final File certChainFile =
-      new File("src/test/resources/cert_chain_ec.pem");
   private String s2aAddress;
   private Server s2aServer;
   private String s2aDelayAddress;
@@ -82,10 +75,10 @@ public void setUp() throws Exception {
     int s2aPort = s2aServer.getPort();
     s2aAddress = "localhost:" + s2aPort;
     logger.info("S2A service listening on localhost:" + s2aPort);
-
-    File s2aCert = new File("src/test/resources/server_cert.pem");
-    File s2aKey = new File("src/test/resources/server_key.pem");
-    File rootCert = new File("src/test/resources/root_cert.pem");
+    ClassLoader classLoader = IntegrationTest.class.getClassLoader();
+    InputStream s2aCert = classLoader.getResourceAsStream("server_cert.pem");
+    InputStream s2aKey = classLoader.getResourceAsStream("server_key.pem");
+    InputStream rootCert = classLoader.getResourceAsStream("root_cert.pem");
     ServerCredentials s2aCreds =
         TlsServerCredentials.newBuilder()
             .keyManager(s2aCert, s2aKey)
@@ -166,16 +159,14 @@ public void clientCommunicateUsingS2ACredentialsSucceeds_verifyStreamToS2AClosed
 
   @Test
   public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Exception {
-    String privateKeyPath = "src/test/resources/client_key.pem";
-    String certChainPath = "src/test/resources/client_cert.pem";
-    String trustBundlePath = "src/test/resources/root_cert.pem";
-    File privateKeyFile = new File(privateKeyPath);
-    File certChainFile = new File(certChainPath);
-    File trustBundleFile = new File(trustBundlePath);
+    ClassLoader classLoader = IntegrationTest.class.getClassLoader();
+    InputStream privateKey = classLoader.getResourceAsStream("client_key.pem");
+    InputStream certChain = classLoader.getResourceAsStream("client_cert.pem");
+    InputStream trustBundle = classLoader.getResourceAsStream("root_cert.pem");
     ChannelCredentials s2aChannelCredentials =
         TlsChannelCredentials.newBuilder()
-          .keyManager(certChainFile, privateKeyFile)
-          .trustManager(trustBundleFile)
+          .keyManager(certChain, privateKey)
+          .trustManager(trustBundle)
           .build();
 
     ChannelCredentials credentials =
@@ -223,12 +214,16 @@ public static boolean doUnaryRpc(ManagedChannel channel) throws InterruptedExcep
   }
 
   private static SslContext buildSslContext() throws SSLException {
+    ClassLoader classLoader = IntegrationTest.class.getClassLoader();
+    InputStream privateKey = classLoader.getResourceAsStream("leaf_key_ec.pem");
+    InputStream rootCert = classLoader.getResourceAsStream("root_cert_ec.pem");
+    InputStream certChain = classLoader.getResourceAsStream("cert_chain_ec.pem");
     SslContextBuilder sslServerContextBuilder =
-          SslContextBuilder.forServer(certChainFile, privateKeyFile);
+          SslContextBuilder.forServer(certChain, privateKey);
     SslContext sslServerContext =
         GrpcSslContexts.configure(sslServerContextBuilder, SslProvider.OPENSSL)
             .protocols("TLSv1.3", "TLSv1.2")
-            .trustManager(rootCertFile)
+            .trustManager(rootCert)
             .clientAuth(ClientAuth.REQUIRE)
             .build();
 
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
index c885783be99..1aceb9518c3 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
@@ -30,8 +30,7 @@
 import io.netty.handler.ssl.OpenSslPrivateKeyMethod;
 import io.netty.handler.ssl.SslContextBuilder;
 import java.io.ByteArrayInputStream;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
+import java.io.InputStream;
 import java.security.PublicKey;
 import java.security.Signature;
 import java.security.cert.CertificateFactory;
@@ -63,8 +62,11 @@ private static PublicKey extractPublicKeyFromPem(String pem) throws Exception {
   private static boolean verifySignature(
       byte[] dataToSign, byte[] signature, String signatureAlgorithm) throws Exception {
     Signature sig = Signature.getInstance(signatureAlgorithm);
-    sig.initVerify(extractPublicKeyFromPem(new String(
-        Files.readAllBytes(FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8)));
+    InputStream leafCert =
+        S2APrivateKeyMethodTest.class.getClassLoader().getResourceAsStream("leaf_cert_ec.pem");
+    sig.initVerify(extractPublicKeyFromPem(FakeWriter.convertInputStreamToString(
+        leafCert)));
+    leafCert.close();
     sig.update(dataToSign);
     return sig.verify(signature);
   }
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
index bf99ef3f944..c912faecd48 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
@@ -28,8 +28,7 @@
 import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
+import java.io.InputStream;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -77,18 +76,29 @@ public void send_clientTlsConfiguration_receiveOkStatus() throws Exception {
 
     SessionResp resp = stub.send(req);
 
+    String leafCertString = "";
+    String cert2String = "";
+    String cert1String = "";
+    ClassLoader classLoader = S2AStubTest.class.getClassLoader();
+    try (
+        InputStream leafCert = classLoader.getResourceAsStream("leaf_cert_ec.pem");
+        InputStream cert2 = classLoader.getResourceAsStream("int_cert2_ec.pem");
+        InputStream cert1 = classLoader.getResourceAsStream("int_cert1_ec.pem");
+    ) {
+      leafCertString = FakeWriter.convertInputStreamToString(leafCert);
+      cert2String = FakeWriter.convertInputStreamToString(cert2);
+      cert1String = FakeWriter.convertInputStreamToString(cert1);
+    }
+
     SessionResp expected =
         SessionResp.newBuilder()
             .setGetTlsConfigurationResp(
                 GetTlsConfigurationResp.newBuilder()
                     .setClientTlsConfiguration(
                         GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder()
-                            .addCertificateChain(new String(Files.readAllBytes(
-                              FakeWriter.leafCertFile.toPath()), StandardCharsets.UTF_8))
-                            .addCertificateChain(new String(Files.readAllBytes(
-                              FakeWriter.cert1File.toPath()), StandardCharsets.UTF_8))
-                            .addCertificateChain(new String(Files.readAllBytes(
-                              FakeWriter.cert2File.toPath()), StandardCharsets.UTF_8))
+                            .addCertificateChain(leafCertString)
+                            .addCertificateChain(cert1String)
+                            .addCertificateChain(cert2String)
                             .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3)
                             .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3)
                             .addCiphersuites(

From 0192bece47d25d8052a1cc87ebe630f1494cf890 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 27 Nov 2024 09:40:31 -0800
Subject: [PATCH 098/591] api: DeadlineSubject should include actual on failure

This was noticed because of a CallOptionsTest flake that had a
surprising error:
```
expected                    : 59.983387319
but was                     : 59.983387319
outside tolerance in seconds: 0.01
```
---
 api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java b/api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java
index 5d4e86fac15..94ab8fb9b18 100644
--- a/api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java
+++ b/api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java
@@ -67,7 +67,7 @@ public void of(Deadline expected) {
         if (Math.abs(actualNanos - expectedNanos) > deltaNanos) {
           failWithoutActual(
               fact("expected", expectedNanos / NANOSECONDS_IN_A_SECOND),
-              fact("but was", expectedNanos  / NANOSECONDS_IN_A_SECOND),
+              fact("but was", actualNanos  / NANOSECONDS_IN_A_SECOND),
               fact("outside tolerance in seconds",  deltaNanos  / NANOSECONDS_IN_A_SECOND));
         }
       }

From ebb43a69e7a46202462ec811af6ca51eae98d933 Mon Sep 17 00:00:00 2001
From: Vindhya Ningegowda <DNVindhya@users.noreply.github.com>
Date: Wed, 27 Nov 2024 10:59:54 -0800
Subject: [PATCH 099/591] Add "#server" as dataplane target value for xDS
 enabled gRPC servers. (#11715)

As mentioned in [A71 xDS Fallback]( https://github.com/grpc/proposal/blob/master/A71-xds-fallback.md#update-csds-to-aggregate-configs-from-multiple-xdsclient-instances):
updated dataplane target to "#server" for xDS-enabled gRPC servers.
---
 xds/src/main/java/io/grpc/xds/XdsServerWrapper.java | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index 8c03e64f185..392f4c1a313 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -172,9 +172,7 @@ public void run() {
 
   private void internalStart() {
     try {
-      // TODO(dnvindhya): Add "#server" as "grpc.target" attribute value for
-      // xDS enabled servers.
-      xdsClientPool = xdsClientPoolFactory.getOrCreate("", new MetricRecorder() {});
+      xdsClientPool = xdsClientPoolFactory.getOrCreate("#server", new MetricRecorder() {});
     } catch (Exception e) {
       StatusException statusException = Status.UNAVAILABLE.withDescription(
               "Failed to initialize xDS").withCause(e).asException();

From 7f9c1f39f38647a23f9321fe3ab0f72648055bfa Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 27 Nov 2024 11:37:45 -0800
Subject: [PATCH 100/591] rls: Reduce RLS channel logging

The channel log is shared by many components and is poorly suited to
the noise of per-RPC events. This commit restricts RLS usage of the
logger to no more frequent than cache entry events. This may still be
too frequent, but should substantially improve the signal-to-noise and
we can do further rework as needed.

Many of the log entries were poor because they lacked enough context.
They weren't even clear they were from RLS. The cache entry events now
regularly include the request key in the logs, allowing you to follow
events for specific keys. I would have preferred using the hash code,
but NumberFormat is annoying and toString() may be acceptable given its
convenience.

This commit reverts much of eba699ad. Those logs have not proven to be
helpful as they produce more output than can be reasonably stored.
---
 .../java/io/grpc/rls/CachingRlsLbClient.java  | 59 ++++++-------------
 .../java/io/grpc/rls/RlsLoadBalancer.java     | 10 +---
 2 files changed, 19 insertions(+), 50 deletions(-)

diff --git a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
index d0661ba3be8..3d52187a158 100644
--- a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
+++ b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
@@ -278,9 +278,8 @@ private void periodicClean() {
   @GuardedBy("lock")
   private CachedRouteLookupResponse asyncRlsCall(
       RouteLookupRequest request, @Nullable BackoffPolicy backoffPolicy) {
-    logger.log(ChannelLogLevel.DEBUG, "Making an async call to RLS");
     if (throttler.shouldThrottle()) {
-      logger.log(ChannelLogLevel.DEBUG, "Request is throttled");
+      logger.log(ChannelLogLevel.DEBUG, "[RLS Entry {0}] Throttled RouteLookup", request);
       // Cache updated, but no need to call updateBalancingState because no RPCs were queued waiting
       // on this result
       return CachedRouteLookupResponse.backoffEntry(createBackOffEntry(
@@ -288,27 +287,29 @@ private CachedRouteLookupResponse asyncRlsCall(
     }
     final SettableFuture<RouteLookupResponse> response = SettableFuture.create();
     io.grpc.lookup.v1.RouteLookupRequest routeLookupRequest = REQUEST_CONVERTER.convert(request);
-    logger.log(ChannelLogLevel.DEBUG, "Sending RouteLookupRequest: {0}", routeLookupRequest);
+    logger.log(ChannelLogLevel.DEBUG,
+        "[RLS Entry {0}] Starting RouteLookup: {1}", request, routeLookupRequest);
     rlsStub.withDeadlineAfter(callTimeoutNanos, TimeUnit.NANOSECONDS)
         .routeLookup(
             routeLookupRequest,
             new StreamObserver<io.grpc.lookup.v1.RouteLookupResponse>() {
               @Override
               public void onNext(io.grpc.lookup.v1.RouteLookupResponse value) {
-                logger.log(ChannelLogLevel.DEBUG, "Received RouteLookupResponse: {0}", value);
+                logger.log(ChannelLogLevel.DEBUG,
+                    "[RLS Entry {0}] RouteLookup succeeded: {1}", request, value);
                 response.set(RESPONSE_CONVERTER.reverse().convert(value));
               }
 
               @Override
               public void onError(Throwable t) {
-                logger.log(ChannelLogLevel.DEBUG, "Error looking up route:", t);
+                logger.log(ChannelLogLevel.DEBUG,
+                    "[RLS Entry {0}] RouteLookup failed: {1}", request, t);
                 response.setException(t);
                 throttler.registerBackendResponse(true);
               }
 
               @Override
               public void onCompleted() {
-                logger.log(ChannelLogLevel.DEBUG, "routeLookup call completed");
                 throttler.registerBackendResponse(false);
               }
             });
@@ -323,13 +324,10 @@ public void onCompleted() {
    */
   @CheckReturnValue
   final CachedRouteLookupResponse get(final RouteLookupRequest request) {
-    logger.log(ChannelLogLevel.DEBUG, "Acquiring lock to get cached entry");
     synchronized (lock) {
-      logger.log(ChannelLogLevel.DEBUG, "Acquired lock to get cached entry");
       final CacheEntry cacheEntry;
       cacheEntry = linkedHashLruCache.read(request);
       if (cacheEntry == null) {
-        logger.log(ChannelLogLevel.DEBUG, "No cache entry found, making a new RLS request");
         PendingCacheEntry pendingEntry = pendingCallCache.get(request);
         if (pendingEntry != null) {
           return CachedRouteLookupResponse.pendingResponse(pendingEntry);
@@ -339,15 +337,12 @@ final CachedRouteLookupResponse get(final RouteLookupRequest request) {
 
       if (cacheEntry instanceof DataCacheEntry) {
         // cache hit, initiate async-refresh if entry is staled
-        logger.log(ChannelLogLevel.DEBUG, "Cache hit for the request");
         DataCacheEntry dataEntry = ((DataCacheEntry) cacheEntry);
         if (dataEntry.isStaled(ticker.read())) {
-          logger.log(ChannelLogLevel.DEBUG, "Cache entry is stale");
           dataEntry.maybeRefresh();
         }
         return CachedRouteLookupResponse.dataEntry((DataCacheEntry) cacheEntry);
       }
-      logger.log(ChannelLogLevel.DEBUG, "Cache hit for a backup entry");
       return CachedRouteLookupResponse.backoffEntry((BackoffCacheEntry) cacheEntry);
     }
   }
@@ -409,8 +404,8 @@ private DataCacheEntry createDataEntry(
       RouteLookupRequest request, RouteLookupResponse routeLookupResponse) {
     logger.log(
         ChannelLogLevel.DEBUG,
-        "Transition to data cache: routeLookupResponse={0}",
-        routeLookupResponse);
+        "[RLS Entry {0}] Transition to data cache: routeLookupResponse={1}",
+        request, routeLookupResponse);
     DataCacheEntry entry = new DataCacheEntry(request, routeLookupResponse);
     // Constructor for DataCacheEntry causes updateBalancingState, but the picks can't happen until
     // this cache update because the lock is held
@@ -421,18 +416,19 @@ private DataCacheEntry createDataEntry(
   @GuardedBy("lock")
   private BackoffCacheEntry createBackOffEntry(
       RouteLookupRequest request, Status status, @Nullable BackoffPolicy backoffPolicy) {
-    logger.log(ChannelLogLevel.DEBUG, "Transition to back off: status={0}", status);
     if (backoffPolicy == null) {
       backoffPolicy = backoffProvider.get();
     }
     long delayNanos = backoffPolicy.nextBackoffNanos();
+    logger.log(
+        ChannelLogLevel.DEBUG,
+        "[RLS Entry {0}] Transition to back off: status={1}, delayNanos={2}",
+        request, status, delayNanos);
     BackoffCacheEntry entry = new BackoffCacheEntry(request, status, backoffPolicy);
     // Lock is held, so the task can't execute before the assignment
     entry.scheduledFuture = scheduledExecutorService.schedule(
         () -> refreshBackoffEntry(entry), delayNanos, TimeUnit.NANOSECONDS);
     linkedHashLruCache.cacheAndClean(request, entry);
-    logger.log(ChannelLogLevel.DEBUG, "BackoffCacheEntry created with a delay of {0} nanos",
-        delayNanos);
     return entry;
   }
 
@@ -443,7 +439,8 @@ private void refreshBackoffEntry(BackoffCacheEntry entry) {
         // Future was previously cancelled
         return;
       }
-      logger.log(ChannelLogLevel.DEBUG, "Calling RLS for transition to pending");
+      logger.log(ChannelLogLevel.DEBUG,
+          "[RLS Entry {0}] Calling RLS for transition to pending", entry.request);
       linkedHashLruCache.invalidate(entry.request);
       asyncRlsCall(entry.request, entry.backoffPolicy);
     }
@@ -659,10 +656,10 @@ void maybeRefresh() {
       synchronized (lock) { // Lock is already held, but ErrorProne can't tell
         if (pendingCallCache.containsKey(request)) {
           // pending already requested
-          logger.log(ChannelLogLevel.DEBUG,
-              "A pending refresh request already created, no need to proceed with refresh");
           return;
         }
+        logger.log(ChannelLogLevel.DEBUG,
+            "[RLS Entry {0}] Cache entry is stale, refreshing", request);
         asyncRlsCall(request, /* backoffPolicy= */ null);
       }
     }
@@ -943,13 +940,10 @@ private final class BackoffRefreshListener implements ChildLbStatusListener {
 
     @Override
     public void onStatusChanged(ConnectivityState newState) {
-      logger.log(ChannelLogLevel.DEBUG, "LB status changed to: {0}", newState);
       if (prevState == ConnectivityState.TRANSIENT_FAILURE
           && newState == ConnectivityState.READY) {
         logger.log(ChannelLogLevel.DEBUG, "Transitioning from TRANSIENT_FAILURE to READY");
-        logger.log(ChannelLogLevel.DEBUG, "Acquiring lock force refresh backoff cache entries");
         synchronized (lock) {
-          logger.log(ChannelLogLevel.DEBUG, "Lock acquired for refreshing backoff cache entries");
           for (CacheEntry value : linkedHashLruCache.values()) {
             if (value instanceof BackoffCacheEntry) {
               refreshBackoffEntry((BackoffCacheEntry) value);
@@ -983,31 +977,22 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
       RouteLookupRequest request =
           requestFactory.create(serviceName, methodName, args.getHeaders());
       final CachedRouteLookupResponse response = CachingRlsLbClient.this.get(request);
-      logger.log(ChannelLogLevel.DEBUG,
-          "Got route lookup cache entry for service={0}, method={1}, headers={2}:\n {3}",
-          new Object[]{serviceName, methodName, args.getHeaders(), response});
 
       if (response.getHeaderData() != null && !response.getHeaderData().isEmpty()) {
-        logger.log(ChannelLogLevel.DEBUG, "Updating RLS metadata from the RLS response headers");
         Metadata headers = args.getHeaders();
         headers.discardAll(RLS_DATA_KEY);
         headers.put(RLS_DATA_KEY, response.getHeaderData());
       }
       String defaultTarget = lbPolicyConfig.getRouteLookupConfig().defaultTarget();
-      logger.log(ChannelLogLevel.DEBUG, "defaultTarget = {0}", defaultTarget);
       boolean hasFallback = defaultTarget != null && !defaultTarget.isEmpty();
       if (response.hasData()) {
-        logger.log(ChannelLogLevel.DEBUG, "RLS response has data, proceed with selecting a picker");
         ChildPolicyWrapper childPolicyWrapper = response.getChildPolicyWrapper();
         SubchannelPicker picker =
             (childPolicyWrapper != null) ? childPolicyWrapper.getPicker() : null;
         if (picker == null) {
-          logger.log(ChannelLogLevel.DEBUG,
-              "Child policy wrapper didn't return a picker, returning PickResult with no results");
           return PickResult.withNoResult();
         }
         // Happy path
-        logger.log(ChannelLogLevel.DEBUG, "Returning PickResult");
         PickResult pickResult = picker.pickSubchannel(args);
         if (pickResult.hasResult()) {
           helper.getMetricRecorder().addLongCounter(TARGET_PICKS_COUNTER, 1,
@@ -1017,20 +1002,15 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
         }
         return pickResult;
       } else if (response.hasError()) {
-        logger.log(ChannelLogLevel.DEBUG, "RLS response has errors");
         if (hasFallback) {
-          logger.log(ChannelLogLevel.DEBUG, "Using RLS fallback");
           return useFallback(args);
         }
-        logger.log(ChannelLogLevel.DEBUG, "No RLS fallback, returning PickResult with an error");
         helper.getMetricRecorder().addLongCounter(FAILED_PICKS_COUNTER, 1,
             Arrays.asList(helper.getChannelTarget(), lookupService), Collections.emptyList());
         return PickResult.withError(
             convertRlsServerStatus(response.getStatus(),
                 lbPolicyConfig.getRouteLookupConfig().lookupService()));
       } else {
-        logger.log(ChannelLogLevel.DEBUG,
-            "RLS response had no data, return a PickResult with no data");
         return PickResult.withNoResult();
       }
     }
@@ -1067,13 +1047,11 @@ private String determineMetricsPickResult(PickResult pickResult) {
 
     private void startFallbackChildPolicy() {
       String defaultTarget = lbPolicyConfig.getRouteLookupConfig().defaultTarget();
-      logger.log(ChannelLogLevel.DEBUG, "starting fallback to {0}", defaultTarget);
-      logger.log(ChannelLogLevel.DEBUG, "Acquiring lock to start fallback child policy");
       synchronized (lock) {
-        logger.log(ChannelLogLevel.DEBUG, "Acquired lock for starting fallback child policy");
         if (fallbackChildPolicyWrapper != null) {
           return;
         }
+        logger.log(ChannelLogLevel.DEBUG, "starting fallback to {0}", defaultTarget);
         fallbackChildPolicyWrapper = refCountedChildPolicyWrapperFactory.createOrGet(defaultTarget);
       }
     }
@@ -1081,7 +1059,6 @@ private void startFallbackChildPolicy() {
     // GuardedBy CachingRlsLbClient.lock
     void close() {
       synchronized (lock) { // Lock is already held, but ErrorProne can't tell
-        logger.log(ChannelLogLevel.DEBUG, "Closing RLS picker");
         if (fallbackChildPolicyWrapper != null) {
           refCountedChildPolicyWrapperFactory.release(fallbackChildPolicyWrapper);
         }
diff --git a/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java b/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
index d1e537f1482..81ef8fdb31a 100644
--- a/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
+++ b/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
@@ -50,12 +50,11 @@ final class RlsLoadBalancer extends LoadBalancer {
 
   @Override
   public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-    logger.log(ChannelLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
     LbPolicyConfiguration lbPolicyConfiguration =
         (LbPolicyConfiguration) resolvedAddresses.getLoadBalancingPolicyConfig();
     checkNotNull(lbPolicyConfiguration, "Missing RLS LB config");
     if (!lbPolicyConfiguration.equals(this.lbPolicyConfiguration)) {
-      logger.log(ChannelLogLevel.DEBUG, "A new RLS LB config received");
+      logger.log(ChannelLogLevel.DEBUG, "A new RLS LB config received: {0}", lbPolicyConfiguration);
       boolean needToConnect = this.lbPolicyConfiguration == null
           || !this.lbPolicyConfiguration.getRouteLookupConfig().lookupService().equals(
           lbPolicyConfiguration.getRouteLookupConfig().lookupService());
@@ -80,22 +79,18 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       //  not required.
       this.lbPolicyConfiguration = lbPolicyConfiguration;
     }
-    logger.log(ChannelLogLevel.DEBUG, "RLS LB accepted resolved addresses successfully");
     return Status.OK;
   }
 
   @Override
   public void requestConnection() {
-    logger.log(ChannelLogLevel.DEBUG, "connection requested from RLS LB");
     if (routeLookupClient != null) {
-      logger.log(ChannelLogLevel.DEBUG, "requesting a connection from the routeLookupClient");
       routeLookupClient.requestConnection();
     }
   }
 
   @Override
   public void handleNameResolutionError(final Status error) {
-    logger.log(ChannelLogLevel.DEBUG, "Received resolution error: {0}", error);
     class ErrorPicker extends SubchannelPicker {
       @Override
       public PickResult pickSubchannel(PickSubchannelArgs args) {
@@ -116,14 +111,11 @@ public String toString() {
       routeLookupClient = null;
       lbPolicyConfiguration = null;
     }
-    logger.log(ChannelLogLevel.DEBUG,
-        "Updating balancing state to TRANSIENT_FAILURE with an error picker");
     helper.updateBalancingState(ConnectivityState.TRANSIENT_FAILURE, new ErrorPicker());
   }
 
   @Override
   public void shutdown() {
-    logger.log(ChannelLogLevel.DEBUG, "Rls lb shutdown");
     if (routeLookupClient != null) {
       logger.log(ChannelLogLevel.DEBUG, "closing the routeLookupClient because of RLS LB shutdown");
       routeLookupClient.close();

From f66d7fc54d23fa441d0feb9873952a325346cbc4 Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Tue, 3 Dec 2024 00:39:25 +0530
Subject: [PATCH 101/591] netty: Fix ByteBuf leaks in tests (#11593)

Part of #3353
---
 .../io/grpc/netty/NettyClientHandlerTest.java |  6 ++-
 .../io/grpc/netty/NettyHandlerTestBase.java   | 41 +++++++++++--------
 .../io/grpc/netty/NettyServerHandlerTest.java | 28 +++++--------
 3 files changed, 39 insertions(+), 36 deletions(-)

diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index 6c5dd6b18bc..e5c97e9efd9 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -217,6 +217,7 @@ public Void answer(InvocationOnMock invocation) throws Throwable {
     // Simulate receipt of initial remote settings.
     ByteBuf serializedSettings = serializeSettings(new Http2Settings());
     channelRead(serializedSettings);
+    channel().releaseOutbound();
   }
 
   @Test
@@ -342,11 +343,12 @@ public void sendFrameShouldSucceed() throws Exception {
     createStream();
 
     // Send a frame and verify that it was written.
+    ByteBuf content = content();
     ChannelFuture future
-        = enqueue(new SendGrpcFrameCommand(streamTransportState, content(), true));
+        = enqueue(new SendGrpcFrameCommand(streamTransportState, content, true));
 
     assertTrue(future.isSuccess());
-    verifyWrite().writeData(eq(ctx()), eq(STREAM_ID), eq(content()), eq(0), eq(true),
+    verifyWrite().writeData(eq(ctx()), eq(STREAM_ID), same(content), eq(0), eq(true),
         any(ChannelPromise.class));
     verify(mockKeepAliveManager, times(1)).onTransportActive(); // onStreamActive
     verifyNoMoreInteractions(mockKeepAliveManager);
diff --git a/netty/src/test/java/io/grpc/netty/NettyHandlerTestBase.java b/netty/src/test/java/io/grpc/netty/NettyHandlerTestBase.java
index eef8d30e05a..c971294fbb6 100644
--- a/netty/src/test/java/io/grpc/netty/NettyHandlerTestBase.java
+++ b/netty/src/test/java/io/grpc/netty/NettyHandlerTestBase.java
@@ -38,7 +38,6 @@
 import io.grpc.internal.WritableBuffer;
 import io.netty.buffer.ByteBuf;
 import io.netty.buffer.ByteBufAllocator;
-import io.netty.buffer.ByteBufUtil;
 import io.netty.buffer.CompositeByteBuf;
 import io.netty.buffer.Unpooled;
 import io.netty.buffer.UnpooledByteBufAllocator;
@@ -68,6 +67,7 @@
 import java.nio.ByteBuffer;
 import java.util.concurrent.Delayed;
 import java.util.concurrent.TimeUnit;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -84,7 +84,6 @@
 public abstract class NettyHandlerTestBase<T extends Http2ConnectionHandler> {
 
   protected static final int STREAM_ID = 3;
-  private ByteBuf content;
 
   private EmbeddedChannel channel;
 
@@ -106,18 +105,24 @@ protected void manualSetUp() throws Exception {}
   protected final TransportTracer transportTracer = new TransportTracer();
   protected int flowControlWindow = DEFAULT_WINDOW_SIZE;
   protected boolean autoFlowControl = false;
-
   private final FakeClock fakeClock = new FakeClock();
 
   FakeClock fakeClock() {
     return fakeClock;
   }
 
+  @After
+  public void tearDown() throws Exception {
+    if (channel() != null) {
+      channel().releaseInbound();
+      channel().releaseOutbound();
+    }
+  }
+
   /**
    * Must be called by subclasses to initialize the handler and channel.
    */
   protected final void initChannel(Http2HeadersDecoder headersDecoder) throws Exception {
-    content = Unpooled.copiedBuffer("hello world", UTF_8);
     frameWriter = mock(Http2FrameWriter.class, delegatesTo(new DefaultHttp2FrameWriter()));
     frameReader = new DefaultHttp2FrameReader(headersDecoder);
 
@@ -233,11 +238,11 @@ protected final Http2FrameReader frameReader() {
   }
 
   protected final ByteBuf content() {
-    return content;
+    return Unpooled.copiedBuffer(contentAsArray());
   }
 
   protected final byte[] contentAsArray() {
-    return ByteBufUtil.getBytes(content());
+    return "\000\000\000\000\rhello world".getBytes(UTF_8);
   }
 
   protected final Http2FrameWriter verifyWrite() {
@@ -252,8 +257,8 @@ protected final void channelRead(Object obj) throws Exception {
     channel.writeInbound(obj);
   }
 
-  protected ByteBuf grpcDataFrame(int streamId, boolean endStream, byte[] content) {
-    final ByteBuf compressionFrame = Unpooled.buffer(content.length);
+  protected ByteBuf grpcFrame(byte[] message) {
+    final ByteBuf compressionFrame = Unpooled.buffer(message.length);
     MessageFramer framer = new MessageFramer(
         new MessageFramer.Sink() {
           @Override
@@ -262,23 +267,22 @@ public void deliverFrame(
             if (frame != null) {
               ByteBuf bytebuf = ((NettyWritableBuffer) frame).bytebuf();
               compressionFrame.writeBytes(bytebuf);
+              bytebuf.release();
             }
           }
         },
         new NettyWritableBufferAllocator(ByteBufAllocator.DEFAULT),
         StatsTraceContext.NOOP);
-    framer.writePayload(new ByteArrayInputStream(content));
-    framer.flush();
-    ChannelHandlerContext ctx = newMockContext();
-    new DefaultHttp2FrameWriter().writeData(ctx, streamId, compressionFrame, 0, endStream,
-        newPromise());
-    return captureWrite(ctx);
+    framer.writePayload(new ByteArrayInputStream(message));
+    framer.close();
+    return compressionFrame;
   }
 
-  protected final ByteBuf dataFrame(int streamId, boolean endStream, ByteBuf content) {
-    // Need to retain the content since the frameWriter releases it.
-    content.retain();
+  protected final ByteBuf grpcDataFrame(int streamId, boolean endStream, byte[] content) {
+    return dataFrame(streamId, endStream, grpcFrame(content));
+  }
 
+  protected final ByteBuf dataFrame(int streamId, boolean endStream, ByteBuf content) {
     ChannelHandlerContext ctx = newMockContext();
     new DefaultHttp2FrameWriter().writeData(ctx, streamId, content, 0, endStream, newPromise());
     return captureWrite(ctx);
@@ -410,6 +414,7 @@ public void dataSizeSincePingAccumulates() throws Exception {
     channelRead(dataFrame(3, false, buff.copy()));
 
     assertEquals(length * 3, handler.flowControlPing().getDataSincePing());
+    buff.release();
   }
 
   @Test
@@ -608,12 +613,14 @@ public void bdpPingWindowResizing() throws Exception {
 
   private void readPingAck(long pingData) throws Exception {
     channelRead(pingFrame(true, pingData));
+    channel().releaseOutbound();
   }
 
   private void readXCopies(int copies, byte[] data) throws Exception {
     for (int i = 0; i < copies; i++) {
       channelRead(grpcDataFrame(STREAM_ID, false, data)); // buffer it
       stream().request(1); // consume it
+      channel().releaseOutbound();
     }
   }
 
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
index 308079ff62f..54c1375eef2 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
@@ -43,6 +43,7 @@
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.ArgumentMatchers.same;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.doAnswer;
 import static org.mockito.Mockito.doThrow;
@@ -74,7 +75,6 @@
 import io.grpc.internal.testing.TestServerStreamTracer;
 import io.grpc.netty.GrpcHttp2HeadersUtils.GrpcHttp2ServerHeadersDecoder;
 import io.netty.buffer.ByteBuf;
-import io.netty.buffer.ByteBufUtil;
 import io.netty.channel.ChannelFuture;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPromise;
@@ -120,23 +120,16 @@ public class NettyServerHandlerTest extends NettyHandlerTestBase<NettyServerHand
   public final TestRule globalTimeout = new DisableOnDebug(Timeout.seconds(10));
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
-
   private static final AsciiString HTTP_FAKE_METHOD = AsciiString.of("FAKE");
-
-
   @Mock
   private ServerStreamListener streamListener;
-
   @Mock
   private ServerStreamTracer.Factory streamTracerFactory;
-
   private final ServerTransportListener transportListener =
       mock(ServerTransportListener.class, delegatesTo(new ServerTransportListenerImpl()));
   private final TestServerStreamTracer streamTracer = new TestServerStreamTracer();
-
   private NettyServerStream stream;
   private KeepAliveManager spyKeepAliveManager;
-
   final Queue<InputStream> streamListenerMessageQueue = new LinkedList<>();
 
   private int maxConcurrentStreams = Integer.MAX_VALUE;
@@ -208,6 +201,7 @@ protected void manualSetUp() throws Exception {
     // Simulate receipt of initial remote settings.
     ByteBuf serializedSettings = serializeSettings(new Http2Settings());
     channelRead(serializedSettings);
+    channel().releaseOutbound();
   }
 
   @Test
@@ -229,10 +223,11 @@ public void sendFrameShouldSucceed() throws Exception {
     createStream();
 
     // Send a frame and verify that it was written.
+    ByteBuf content = content();
     ChannelFuture future = enqueue(
-        new SendGrpcFrameCommand(stream.transportState(), content(), false));
+        new SendGrpcFrameCommand(stream.transportState(), content, false));
     assertTrue(future.isSuccess());
-    verifyWrite().writeData(eq(ctx()), eq(STREAM_ID), eq(content()), eq(0), eq(false),
+    verifyWrite().writeData(eq(ctx()), eq(STREAM_ID), same(content), eq(0), eq(false),
         any(ChannelPromise.class));
   }
 
@@ -267,10 +262,11 @@ private void inboundDataShouldForwardToStreamListener(boolean endStream) throws
     // Create a data frame and then trigger the handler to read it.
     ByteBuf frame = grpcDataFrame(STREAM_ID, endStream, contentAsArray());
     channelRead(frame);
+    channel().releaseOutbound();
     verify(streamListener, atLeastOnce())
         .messagesAvailable(any(StreamListener.MessageProducer.class));
     InputStream message = streamListenerMessageQueue.poll();
-    assertArrayEquals(ByteBufUtil.getBytes(content()), ByteStreams.toByteArray(message));
+    assertArrayEquals(contentAsArray(), ByteStreams.toByteArray(message));
     message.close();
     assertNull("no additional message expected", streamListenerMessageQueue.poll());
 
@@ -870,7 +866,7 @@ public void keepAliveEnforcer_sendingDataResetsCounters() throws Exception {
     future.get();
     for (int i = 0; i < 10; i++) {
       future = enqueue(
-          new SendGrpcFrameCommand(stream.transportState(), content().retainedSlice(), false));
+          new SendGrpcFrameCommand(stream.transportState(), content(), false));
       future.get();
       channel().releaseOutbound();
       channelRead(pingFrame(false /* isAck */, 1L));
@@ -1293,6 +1289,7 @@ public void maxRstCount_withinLimit_succeeds() throws Exception {
     maxRstPeriodNanos = TimeUnit.MILLISECONDS.toNanos(100);
     manualSetUp();
     rapidReset(maxRstCount);
+
     assertTrue(channel().isOpen());
   }
 
@@ -1302,6 +1299,7 @@ public void maxRstCount_exceedsLimit_fails() throws Exception {
     maxRstPeriodNanos = TimeUnit.MILLISECONDS.toNanos(100);
     manualSetUp();
     assertThrows(ClosedChannelException.class, () -> rapidReset(maxRstCount + 1));
+
     assertFalse(channel().isOpen());
   }
 
@@ -1344,11 +1342,7 @@ private void createStream() throws Exception {
 
   private ByteBuf emptyGrpcFrame(int streamId, boolean endStream) throws Exception {
     ByteBuf buf = NettyTestUtil.messageFrame("");
-    try {
-      return dataFrame(streamId, endStream, buf);
-    } finally {
-      buf.release();
-    }
+    return dataFrame(streamId, endStream, buf);
   }
 
   @Override

From c080b52f95abfa48eb9ea684a09e38ec3d57a767 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 2 Dec 2024 16:31:04 -0800
Subject: [PATCH 102/591] .github/workflows: Split Bazel into two jobs

The two Bazel versions are completely separate; no need to run them
serially.
---
 .github/workflows/testing.yml | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 8c639cf14ed..d68d85eb0cd 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -77,8 +77,16 @@ jobs:
 
   bazel:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          # Test with and without bzlmod. Bazel 6 doesn't support bzlmod, so use Bazel 7 instead
+          - bazel: 6.0.0
+            bzlmod: false
+          - bazel: 7.0.0
+            bzlmod: true
     env:
-      USE_BAZEL_VERSION: 6.0.0
+      USE_BAZEL_VERSION: ${{ matrix.bazel }}
 
     steps:
     - uses: actions/checkout@v4
@@ -97,19 +105,8 @@ jobs:
         key: ${{ runner.os }}-bazel-${{ env.USE_BAZEL_VERSION }}-${{ hashFiles('WORKSPACE', 'repositories.bzl') }}
 
     - name: Run bazel build
-      run: bazelisk build //... --enable_bzlmod=false
+      run: bazelisk build //... --enable_bzlmod=${{ matrix.bzlmod }}
 
     - name: Run example bazel build
-      run: bazelisk build //... --enable_bzlmod=false
-      working-directory: ./examples
-
-    - name: Run bazel build (bzlmod)
-      env:
-        USE_BAZEL_VERSION: 7.0.0
-      run: bazelisk build //... --enable_bzlmod=true
-
-    - name: Run example bazel build (bzlmod)
-      env:
-        USE_BAZEL_VERSION: 7.0.0
-      run: bazelisk build //... --enable_bzlmod=true
+      run: bazelisk build //... --enable_bzlmod=${{ matrix.bzlmod }}
       working-directory: ./examples

From 65b32e60e0545f2c8404df9e29d985c241d26066 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 5 Dec 2024 23:07:32 +0530
Subject: [PATCH 103/591] okhttp: Fix for ipv6 link local with scope (#11725)

---
 .../main/java/io/grpc/okhttp/OkHttpProtocolNegotiator.java  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpProtocolNegotiator.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpProtocolNegotiator.java
index d09d6cccedd..0706a39d028 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpProtocolNegotiator.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpProtocolNegotiator.java
@@ -19,6 +19,8 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.net.HostAndPort;
+import com.google.common.net.InetAddresses;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.okhttp.internal.OptionalMethod;
 import io.grpc.okhttp.internal.Platform;
@@ -247,7 +249,9 @@ protected void configureTlsExtensions(
           } else {
             SET_USE_SESSION_TICKETS.invokeOptionalWithoutCheckedException(sslSocket, true);
           }
-          if (SET_SERVER_NAMES != null && SNI_HOST_NAME != null) {
+          if (SET_SERVER_NAMES != null
+              && SNI_HOST_NAME != null
+              && !InetAddresses.isInetAddress(HostAndPort.fromString(hostname).getHost())) {
             SET_SERVER_NAMES
                 .invoke(sslParams, Collections.singletonList(SNI_HOST_NAME.newInstance(hostname)));
           } else {

From 99a2696c48250cbc7ba279a2863f4e8df53b05e4 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 9 Dec 2024 13:25:46 -0800
Subject: [PATCH 104/591] s2a: Restore static token state mutated in tests

This is the easy-to-fix state, but GetAuthenticationMechanisms can save
these temporary states used in tests, so more fixes will be necessary.
---
 .../handshaker/tokenmanager/SingleTokenFetcher.java   |  7 ++++++-
 .../handshaker/GetAuthenticationMechanismsTest.java   | 10 +++++++++-
 .../SingleTokenAccessTokenManagerTest.java            | 11 ++++++++++-
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java
index a5402af9db2..28aa0f87ba1 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenFetcher.java
@@ -41,6 +41,11 @@ public static void setAccessToken(String token) {
     accessToken = token;
   }
 
+  @VisibleForTesting
+  public static String getAccessToken() {
+    return accessToken;
+  }
+
   private SingleTokenFetcher(String token) {
     this.token = token;
   }
@@ -54,4 +59,4 @@ public String getDefaultToken() {
   public String getToken(S2AIdentity identity) {
     return token;
   }
-}
\ No newline at end of file
+}
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
index 4c00b0746fc..d17d9ba99e8 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
@@ -20,6 +20,7 @@
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.grpc.s2a.internal.handshaker.tokenmanager.SingleTokenFetcher;
 import java.util.Optional;
+import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
@@ -31,13 +32,20 @@
 public final class GetAuthenticationMechanismsTest {
   @Rule public final Expect expect = Expect.create();
   private static final String TOKEN = "access_token";
+  private static String originalAccessToken;
 
   @BeforeClass
   public static void setUpClass() {
+    originalAccessToken = SingleTokenFetcher.getAccessToken();
     // Set the token that the client will use to authenticate to the S2A.
     SingleTokenFetcher.setAccessToken(TOKEN);
   }
 
+  @AfterClass
+  public static void tearDownClass() {
+    SingleTokenFetcher.setAccessToken(originalAccessToken);
+  }
+
   @Test
   public void getAuthMechanisms_emptyIdentity_success() {
     expect
@@ -58,4 +66,4 @@ public void getAuthMechanisms_nonEmptyIdentity_success() {
                     .setToken("access_token")
                     .build()));
   }
-}
\ No newline at end of file
+}
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
index 5bf2ce05259..9fd33fe9070 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
@@ -20,6 +20,7 @@
 
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import java.util.Optional;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -30,11 +31,19 @@ public final class SingleTokenAccessTokenManagerTest {
   private static final S2AIdentity IDENTITY = S2AIdentity.fromSpiffeId("spiffe_id");
   private static final String TOKEN = "token";
 
+  private String originalAccessToken;
+
   @Before
   public void setUp() {
+    originalAccessToken = SingleTokenFetcher.getAccessToken();
     SingleTokenFetcher.setAccessToken(null);
   }
 
+  @After
+  public void tearDown() {
+    SingleTokenFetcher.setAccessToken(originalAccessToken);
+  }
+
   @Test
   public void getDefaultToken_success() throws Exception {
     SingleTokenFetcher.setAccessToken(TOKEN);
@@ -68,4 +77,4 @@ public void create_success() throws Exception {
   public void create_noEnvironmentVariable() throws Exception {
     assertThat(AccessTokenManager.create()).isEmpty();
   }
-}
\ No newline at end of file
+}

From 210f9c083e7ce6c831b2b65f0ee7f9c1384a88f9 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Mon, 9 Dec 2024 15:42:27 -0800
Subject: [PATCH 105/591] Xds fallback (#11254)

* XDS Client Fallback
---
 .../io/grpc/xds/client/BootstrapperImpl.java  |  13 +
 .../grpc/xds/client/ControlPlaneClient.java   | 226 +++++--
 .../java/io/grpc/xds/client/XdsClient.java    |  37 +-
 .../io/grpc/xds/client/XdsClientImpl.java     | 556 ++++++++++++------
 .../java/io/grpc/xds/ControlPlaneRule.java    | 109 +++-
 .../java/io/grpc/xds/CsdsServiceTest.java     |  15 +-
 .../io/grpc/xds/GrpcBootstrapperImplTest.java |   4 +
 .../grpc/xds/GrpcXdsClientImplTestBase.java   |  59 +-
 .../io/grpc/xds/XdsClientFallbackTest.java    | 522 ++++++++++++++++
 .../grpc/xds/XdsSecurityClientServerTest.java |   1 +
 .../grpc/xds/XdsTestControlPlaneService.java  |   8 +
 .../CommonBootstrapperTestUtils.java          |  84 ++-
 .../ClientSslContextProviderFactoryTest.java  |   2 +-
 .../SecurityProtocolNegotiatorsTest.java      |   2 +-
 .../ServerSslContextProviderFactoryTest.java  |   2 +-
 .../security/TlsContextManagerTest.java       |   2 +-
 ...tProviderClientSslContextProviderTest.java |   2 +-
 ...tProviderServerSslContextProviderTest.java |   2 +-
 18 files changed, 1354 insertions(+), 292 deletions(-)
 create mode 100644 xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
 rename xds/src/test/java/io/grpc/xds/{ => client}/CommonBootstrapperTestUtils.java (65%)

diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index 9930417348b..a48313fd21e 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -41,6 +41,9 @@
 @Internal
 public abstract class BootstrapperImpl extends Bootstrapper {
 
+  public static final String GRPC_EXPERIMENTAL_XDS_FALLBACK =
+      "GRPC_EXPERIMENTAL_XDS_FALLBACK";
+
   // Client features.
   @VisibleForTesting
   public static final String CLIENT_FEATURE_DISABLE_OVERPROVISIONING =
@@ -52,6 +55,9 @@ public abstract class BootstrapperImpl extends Bootstrapper {
   private static final String SERVER_FEATURE_IGNORE_RESOURCE_DELETION = "ignore_resource_deletion";
   private static final String SERVER_FEATURE_TRUSTED_XDS_SERVER = "trusted_xds_server";
 
+  @VisibleForTesting
+  static boolean enableXdsFallback = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_FALLBACK, false);
+
   protected final XdsLogger logger;
 
   protected FileReader reader = LocalFileReader.INSTANCE;
@@ -65,6 +71,7 @@ protected BootstrapperImpl() {
   protected abstract Object getImplSpecificConfig(Map<String, ?> serverConfig, String serverUri)
       throws XdsInitializationException;
 
+
   /**
    * Reads and parses bootstrap config. The config is expected to be in JSON format.
    */
@@ -103,6 +110,9 @@ protected BootstrapInfo.Builder bootstrapBuilder(Map<String, ?> rawData)
       throw new XdsInitializationException("Invalid bootstrap: 'xds_servers' does not exist.");
     }
     List<ServerInfo> servers = parseServerInfos(rawServerConfigs, logger);
+    if (servers.size() > 1 && !enableXdsFallback) {
+      servers = ImmutableList.of(servers.get(0));
+    }
     builder.servers(servers);
 
     Node.Builder nodeBuilder = Node.newBuilder();
@@ -209,6 +219,9 @@ protected BootstrapInfo.Builder bootstrapBuilder(Map<String, ?> rawData)
         if (rawAuthorityServers == null || rawAuthorityServers.isEmpty()) {
           authorityServers = servers;
         } else {
+          if (rawAuthorityServers.size() > 1 && !enableXdsFallback) {
+            rawAuthorityServers = ImmutableList.of(rawAuthorityServers.get(0));
+          }
           authorityServers = parseServerInfos(rawAuthorityServers, logger);
         }
         authorityInfoMapBuilder.put(
diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index 62076fb8bf1..047f8a2e315 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -39,7 +39,6 @@
 import io.grpc.xds.client.XdsClient.ResourceStore;
 import io.grpc.xds.client.XdsClient.XdsResponseHandler;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
-import io.grpc.xds.client.XdsTransportFactory.EventHandler;
 import io.grpc.xds.client.XdsTransportFactory.StreamingCall;
 import io.grpc.xds.client.XdsTransportFactory.XdsTransport;
 import java.util.Collection;
@@ -70,7 +69,6 @@ final class ControlPlaneClient {
   private final BackoffPolicy.Provider backoffPolicyProvider;
   private final Stopwatch stopwatch;
   private final Node bootstrapNode;
-  private final XdsClient xdsClient;
 
   // Last successfully applied version_info for each resource type. Starts with empty string.
   // A version_info is used to update management server with client's most recent knowledge of
@@ -78,14 +76,15 @@ final class ControlPlaneClient {
   private final Map<XdsResourceType<?>, String> versions = new HashMap<>();
 
   private boolean shutdown;
-  private boolean streamClosedNoResponse;
+  private boolean inError;
+
   @Nullable
   private AdsStream adsStream;
   @Nullable
   private BackoffPolicy retryBackoffPolicy;
   @Nullable
   private ScheduledHandle rpcRetryTimer;
-  private MessagePrettyPrinter messagePrinter;
+  private final MessagePrettyPrinter messagePrinter;
 
   /** An entity that manages ADS RPCs over a single channel. */
   ControlPlaneClient(
@@ -99,7 +98,6 @@ final class ControlPlaneClient {
       SynchronizationContext syncContext,
       BackoffPolicy.Provider backoffPolicyProvider,
       Supplier<Stopwatch> stopwatchSupplier,
-      XdsClient xdsClient,
       MessagePrettyPrinter messagePrinter) {
     this.serverInfo = checkNotNull(serverInfo, "serverInfo");
     this.xdsTransport = checkNotNull(xdsTransport, "xdsTransport");
@@ -109,7 +107,6 @@ final class ControlPlaneClient {
     this.timeService = checkNotNull(timeService, "timeService");
     this.syncContext = checkNotNull(syncContext, "syncContext");
     this.backoffPolicyProvider = checkNotNull(backoffPolicyProvider, "backoffPolicyProvider");
-    this.xdsClient = checkNotNull(xdsClient, "xdsClient");
     this.messagePrinter = checkNotNull(messagePrinter, "messagePrinter");
     stopwatch = checkNotNull(stopwatchSupplier, "stopwatchSupplier").get();
     logId = InternalLogId.allocate("xds-client", serverInfo.target());
@@ -139,22 +136,36 @@ public String toString() {
     return logId.toString();
   }
 
+  public ServerInfo getServerInfo() {
+    return serverInfo;
+  }
+
   /**
    * Updates the resource subscription for the given resource type.
    */
   // Must be synchronized.
   void adjustResourceSubscription(XdsResourceType<?> resourceType) {
-    if (isInBackoff()) {
+    if (rpcRetryTimer != null && rpcRetryTimer.isPending()) {
       return;
     }
     if (adsStream == null) {
       startRpcStream();
+      // when the stream becomes ready, it will send the discovery requests
+      return;
+    }
+
+    // We will do the rest of the method as part of the readyHandler when the stream is ready.
+    if (!isConnected()) {
+      return;
     }
+
     Collection<String> resources = resourceStore.getSubscribedResources(serverInfo, resourceType);
     if (resources == null) {
       resources = Collections.emptyList();
     }
     adsStream.sendDiscoveryRequest(resourceType, resources);
+    resourceStore.startMissingResourceTimers(resources, resourceType);
+
     if (resources.isEmpty()) {
       // The resource type no longer has subscribing resources; clean up references to it
       versions.remove(resourceType);
@@ -194,50 +205,44 @@ void nackResponse(XdsResourceType<?> type, String nonce, String errorDetail) {
     adsStream.sendDiscoveryRequest(type, versionInfo, resources, nonce, errorDetail);
   }
 
-  /**
-   * Returns {@code true} if the resource discovery is currently in backoff.
-   */
   // Must be synchronized.
-  boolean isInBackoff() {
-    return rpcRetryTimer != null && rpcRetryTimer.isPending();
+  boolean isReady() {
+    return adsStream != null && adsStream.call != null
+        && adsStream.call.isReady() && !adsStream.closed;
   }
 
-  // Must be synchronized.
-  boolean isReady() {
-    return adsStream != null && adsStream.call != null && adsStream.call.isReady();
+  boolean isConnected() {
+    return adsStream != null && adsStream.sentInitialRequest;
   }
 
   /**
-   * Starts a timer for each requested resource that hasn't been responded to and
-   * has been waiting for the channel to get ready.
+   * Used for identifying whether or not when getting a control plane for authority that this
+   * control plane should be skipped over if there is a fallback.
+   *
+   * <p>Also used by metric to consider this control plane to not be "active".
+   *
+   * <p>A ControlPlaneClient is considered to be in error during the time from when an
+   * {@link AdsStream} closed without having received a response to the time an AdsStream does
+   * receive a response.
    */
-  // Must be synchronized.
-  void readyHandler() {
-    if (!isReady()) {
-      return;
-    }
-
-    if (isInBackoff()) {
-      rpcRetryTimer.cancel();
-      rpcRetryTimer = null;
-    }
-
-    xdsClient.startSubscriberTimersIfNeeded(serverInfo);
+  boolean isInError() {
+    return inError;
   }
 
+
   /**
-   * Indicates whether there is an active ADS stream.
-   *
-   * <p>Return {@code true} when the {@code AdsStream} is created.
-   * {@code false} when the ADS stream fails without a response. Resets to true
-   * upon receiving the first response on a new ADS stream.
+   * Cleans up outstanding rpcRetryTimer if present, since we are communicating.
+   * If we haven't sent the initial discovery request for this RPC stream, we will delegate to
+   * xdsResponseHandler (in practice XdsClientImpl) to do any initialization for a new active
+   * stream such as starting timers.  We then send the initial discovery request.
    */
-  // Must be synchronized
-  boolean hasWorkingAdsStream() {
-    return !streamClosedNoResponse;
+  // Must be synchronized.
+  void readyHandler(boolean shouldSendInitialRequest) {
+    if (shouldSendInitialRequest) {
+      sendDiscoveryRequests();
+    }
   }
 
-
   /**
    * Establishes the RPC connection by creating a new RPC stream on the given channel for
    * xDS protocol communication.
@@ -245,28 +250,51 @@ boolean hasWorkingAdsStream() {
   // Must be synchronized.
   private void startRpcStream() {
     checkState(adsStream == null, "Previous adsStream has not been cleared yet");
+
+    if (rpcRetryTimer != null) {
+      rpcRetryTimer.cancel();
+      rpcRetryTimer = null;
+    }
+
     adsStream = new AdsStream();
+    adsStream.start();
     logger.log(XdsLogLevel.INFO, "ADS stream started");
     stopwatch.reset().start();
   }
 
+  void sendDiscoveryRequests() {
+    if (rpcRetryTimer != null && rpcRetryTimer.isPending()) {
+      return;
+    }
+
+    if (adsStream == null) {
+      startRpcStream();
+      // when the stream becomes ready, it will send the discovery requests
+      return;
+    }
+
+    if (isConnected()) {
+      Set<XdsResourceType<?>> subscribedResourceTypes =
+          new HashSet<>(resourceStore.getSubscribedResourceTypesWithTypeUrl().values());
+
+      for (XdsResourceType<?> type : subscribedResourceTypes) {
+        adjustResourceSubscription(type);
+      }
+    }
+  }
+
   @VisibleForTesting
   public final class RpcRetryTask implements Runnable {
     @Override
     public void run() {
+      logger.log(XdsLogLevel.DEBUG, "Retry timeout. Restart ADS stream {0}", logId);
       if (shutdown) {
         return;
       }
+
       startRpcStream();
-      Set<XdsResourceType<?>> subscribedResourceTypes =
-          new HashSet<>(resourceStore.getSubscribedResourceTypesWithTypeUrl().values());
-      for (XdsResourceType<?> type : subscribedResourceTypes) {
-        Collection<String> resources = resourceStore.getSubscribedResources(serverInfo, type);
-        if (resources != null) {
-          adsStream.sendDiscoveryRequest(type, resources);
-        }
-      }
-      xdsResponseHandler.handleStreamRestarted(serverInfo);
+
+      // handling CPC management is triggered in readyHandler
     }
   }
 
@@ -276,8 +304,9 @@ XdsResourceType<?> fromTypeUrl(String typeUrl) {
     return resourceStore.getSubscribedResourceTypesWithTypeUrl().get(typeUrl);
   }
 
-  private class AdsStream implements EventHandler<DiscoveryResponse> {
+  private class AdsStream implements XdsTransportFactory.EventHandler<DiscoveryResponse> {
     private boolean responseReceived;
+    private boolean sentInitialRequest;
     private boolean closed;
     // Response nonce for the most recently received discovery responses of each resource type.
     // Client initiated requests start response nonce with empty string.
@@ -293,6 +322,9 @@ private class AdsStream implements EventHandler<DiscoveryResponse> {
     private AdsStream() {
       this.call = xdsTransport.createStreamingCall(methodDescriptor.getFullMethodName(),
           methodDescriptor.getRequestMarshaller(), methodDescriptor.getResponseMarshaller());
+    }
+
+    void start() {
       call.start(this);
     }
 
@@ -338,7 +370,19 @@ final void sendDiscoveryRequest(XdsResourceType<?> type, Collection<String> reso
 
     @Override
     public void onReady() {
-      syncContext.execute(ControlPlaneClient.this::readyHandler);
+      syncContext.execute(() -> {
+        if (!isReady()) {
+          logger.log(XdsLogLevel.DEBUG,
+              "ADS stream ready handler called, but not ready {0}", logId);
+          return;
+        }
+
+        logger.log(XdsLogLevel.DEBUG, "ADS stream ready {0}", logId);
+
+        boolean hadSentInitialRequest = sentInitialRequest;
+        sentInitialRequest = true;
+        readyHandler(!hadSentInitialRequest);
+      });
     }
 
     @Override
@@ -346,8 +390,13 @@ public void onRecvMessage(DiscoveryResponse response) {
       syncContext.execute(new Runnable() {
         @Override
         public void run() {
-          // Reset flag as message has been received on a stream
-          streamClosedNoResponse = false;
+          if (closed) {
+            return;
+          }
+          boolean isFirstResponse = !responseReceived;
+          responseReceived = true;
+          inError = false;
+
           XdsResourceType<?> type = fromTypeUrl(response.getTypeUrl());
           if (logger.isLoggable(XdsLogLevel.DEBUG)) {
             logger.log(
@@ -364,7 +413,7 @@ public void run() {
             return;
           }
           handleRpcResponse(type, response.getVersionInfo(), response.getResourcesList(),
-              response.getNonce());
+              response.getNonce(), isFirstResponse);
         }
       });
     }
@@ -377,17 +426,14 @@ public void onStatusReceived(final Status status) {
     }
 
     final void handleRpcResponse(XdsResourceType<?> type, String versionInfo, List<Any> resources,
-                                 String nonce) {
+                                 String nonce, boolean isFirstResponse) {
       checkNotNull(type, "type");
-      if (closed) {
-        return;
-      }
-      responseReceived = true;
+
       respNonces.put(type, nonce);
       ProcessingTracker processingTracker = new ProcessingTracker(
           () -> call.startRecvMessage(), syncContext);
       xdsResponseHandler.handleResourceResponse(type, serverInfo, versionInfo, resources, nonce,
-          processingTracker);
+          isFirstResponse, processingTracker);
       processingTracker.onComplete();
     }
 
@@ -401,13 +447,16 @@ private void handleRpcStreamClosed(Status status) {
         // has never been initialized.
         retryBackoffPolicy = backoffPolicyProvider.get();
       }
+
       // FakeClock in tests isn't thread-safe. Schedule the retry timer before notifying callbacks
       // to avoid TSAN races, since tests may wait until callbacks are called but then would run
       // concurrently with the stopwatch and schedule.
+
       long elapsed = stopwatch.elapsed(TimeUnit.NANOSECONDS);
       long delayNanos = Math.max(0, retryBackoffPolicy.nextBackoffNanos() - elapsed);
-      rpcRetryTimer = syncContext.schedule(
-          new RpcRetryTask(), delayNanos, TimeUnit.NANOSECONDS, timeService);
+
+      rpcRetryTimer =
+          syncContext.schedule(new RpcRetryTask(), delayNanos, TimeUnit.NANOSECONDS, timeService);
 
       Status newStatus = status;
       if (responseReceived) {
@@ -424,9 +473,9 @@ private void handleRpcStreamClosed(Status status) {
               "ADS stream closed by server after a response was received");
         }
       } else {
-        streamClosedNoResponse = true;
         // If the ADS stream is closed without ever having received a response from the server, then
         // the XdsClient should consider that a connectivity error (see gRFC A57).
+        inError = true;
         if (status.isOk()) {
           newStatus = Status.UNAVAILABLE.withDescription(
               "ADS stream closed with OK before receiving a response");
@@ -437,10 +486,8 @@ private void handleRpcStreamClosed(Status status) {
       }
 
       closed = true;
-      xdsResponseHandler.handleStreamClosed(newStatus);
+      xdsResponseHandler.handleStreamClosed(newStatus, !responseReceived);
       cleanUp();
-
-      logger.log(XdsLogLevel.INFO, "Retry ADS stream in {0} ns", delayNanos);
     }
 
     private void close(Exception error) {
@@ -458,4 +505,55 @@ private void cleanUp() {
       }
     }
   }
+
+  @VisibleForTesting
+  static class FailingXdsTransport implements XdsTransport {
+    Status error;
+
+    public FailingXdsTransport(Status error) {
+      this.error = error;
+    }
+
+    @Override
+    public <ReqT, RespT> StreamingCall<ReqT, RespT>
+        createStreamingCall(String fullMethodName,
+                            MethodDescriptor.Marshaller<ReqT> reqMarshaller,
+                            MethodDescriptor.Marshaller<RespT> respMarshaller) {
+      return new FailingXdsStreamingCall<>();
+    }
+
+    @Override
+    public void shutdown() {
+      // no-op
+    }
+
+    private class FailingXdsStreamingCall<ReqT, RespT> implements StreamingCall<ReqT, RespT> {
+
+      @Override
+      public void start(XdsTransportFactory.EventHandler<RespT> eventHandler) {
+        eventHandler.onStatusReceived(error);
+      }
+
+      @Override
+      public void sendMessage(ReqT message) {
+        // no-op
+      }
+
+      @Override
+      public void startRecvMessage() {
+        // no-op
+      }
+
+      @Override
+      public void sendError(Exception e) {
+        // no-op
+      }
+
+      @Override
+      public boolean isReady() {
+        return false;
+      }
+    }
+  }
+
 }
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index 06f15005c22..36f8bd591c7 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -306,14 +306,6 @@ public Object getSecurityConfig() {
     throw new UnsupportedOperationException();
   }
 
-  /**
-   * For all subscriber's for the specified server, if the resource hasn't yet been
-   * resolved then start a timer for it.
-   */
-  protected void startSubscriberTimersIfNeeded(ServerInfo serverInfo) {
-    throw new UnsupportedOperationException();
-  }
-
   /**
    * Returns a {@link ListenableFuture} to the snapshot of the subscribed resources as
    * they are at the moment of the call.
@@ -428,30 +420,39 @@ interface XdsResponseHandler {
     /** Called when a xds response is received. */
     void handleResourceResponse(
         XdsResourceType<?> resourceType, ServerInfo serverInfo, String versionInfo,
-        List<Any> resources, String nonce, ProcessingTracker processingTracker);
+        List<Any> resources, String nonce, boolean isFirstResponse,
+        ProcessingTracker processingTracker);
 
     /** Called when the ADS stream is closed passively. */
     // Must be synchronized.
-    void handleStreamClosed(Status error);
-
-    /** Called when the ADS stream has been recreated. */
-    // Must be synchronized.
-    void handleStreamRestarted(ServerInfo serverInfo);
+    void handleStreamClosed(Status error, boolean shouldTryFallback);
   }
 
   public interface ResourceStore {
+
     /**
-     * Returns the collection of resources currently subscribing to or {@code null} if not
-     * subscribing to any resources for the given type.
+     * Returns the collection of resources currently subscribed to which have an authority matching
+     * one of those for which the ControlPlaneClient associated with the specified ServerInfo is
+     * the active one, or {@code null} if no such resources are currently subscribed to.
      *
      * <p>Note an empty collection indicates subscribing to resources of the given type with
      * wildcard mode.
+     *
+     * @param serverInfo the xds server to get the resources from
+     * @param type       the type of the resources that should be retrieved
      */
     // Must be synchronized.
     @Nullable
-    Collection<String> getSubscribedResources(ServerInfo serverInfo,
-                                              XdsResourceType<? extends ResourceUpdate> type);
+    Collection<String> getSubscribedResources(
+        ServerInfo serverInfo, XdsResourceType<? extends ResourceUpdate> type);
 
     Map<String, XdsResourceType<?>> getSubscribedResourceTypesWithTypeUrl();
+
+    /**
+     * For any of the subscribers to one of the specified resources, if there isn't a result or
+     * an existing timer for the resource, start a timer for the resource.
+     */
+    void startMissingResourceTimers(Collection<String> resourceNames,
+                                    XdsResourceType<?> resourceType);
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 529ac2747df..791ba3cc62d 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -26,8 +26,8 @@
 import com.google.common.base.Joiner;
 import com.google.common.base.Stopwatch;
 import com.google.common.base.Supplier;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
 import com.google.protobuf.Any;
@@ -42,10 +42,13 @@
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.XdsClient.ResourceStore;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
+import java.io.IOException;
 import java.net.URI;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -54,6 +57,7 @@
 import java.util.concurrent.Future;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
 import javax.annotation.Nullable;
 
 /**
@@ -74,21 +78,25 @@ public void uncaughtException(Thread t, Throwable e) {
               XdsLogLevel.ERROR,
               "Uncaught exception in XdsClient SynchronizationContext. Panic!",
               e);
-          // TODO(chengyuanzhang): better error handling.
+          // TODO: better error handling.
           throw new AssertionError(e);
         }
       });
 
-  private final Map<ServerInfo, LoadStatsManager2> loadStatsManagerMap =
-      new HashMap<>();
-  final Map<ServerInfo, LoadReportClient> serverLrsClientMap =
-      new HashMap<>();
-
+  private final Map<ServerInfo, LoadStatsManager2> loadStatsManagerMap = new HashMap<>();
+  final Map<ServerInfo, LoadReportClient> serverLrsClientMap = new HashMap<>();
+  /** Map of authority to its activated control plane client (affected by xds fallback).
+   * The last entry in the list for each value is the "active" CPC for the matching key */
+  private final Map<String, List<ControlPlaneClient>> activatedCpClients = new HashMap<>();
   private final Map<ServerInfo, ControlPlaneClient> serverCpClientMap = new HashMap<>();
+
+  /** Maps resource type to the corresponding map of subscribers (keyed by resource name). */
   private final Map<XdsResourceType<? extends ResourceUpdate>,
       Map<String, ResourceSubscriber<? extends ResourceUpdate>>>
       resourceSubscribers = new HashMap<>();
+  /** Maps typeUrl to the corresponding XdsResourceType. */
   private final Map<String, XdsResourceType<?>> subscribedResourceTypeUrls = new HashMap<>();
+
   private final XdsTransportFactory xdsTransportFactory;
   private final Bootstrapper.BootstrapInfo bootstrapInfo;
   private final ScheduledExecutorService timeService;
@@ -126,48 +134,6 @@ public XdsClientImpl(
     logger.log(XdsLogLevel.INFO, "Created");
   }
 
-  private void handleResourceResponse(
-      XdsResourceType<?> xdsResourceType, ServerInfo serverInfo, String versionInfo,
-      List<Any> resources, String nonce, ProcessingTracker processingTracker) {
-    checkNotNull(xdsResourceType, "xdsResourceType");
-    syncContext.throwIfNotInThisSynchronizationContext();
-    Set<String> toParseResourceNames =
-        xdsResourceType.shouldRetrieveResourceKeysForArgs()
-            ? getResourceKeys(xdsResourceType)
-            : null;
-    XdsResourceType.Args args = new XdsResourceType.Args(serverInfo, versionInfo, nonce,
-        bootstrapInfo, securityConfig, toParseResourceNames);
-    handleResourceUpdate(args, resources, xdsResourceType, processingTracker);
-  }
-
-  private void handleStreamClosed(Status error, ServerInfo serverInfo) {
-    syncContext.throwIfNotInThisSynchronizationContext();
-    cleanUpResourceTimers();
-    if (!error.isOk()) {
-      metricReporter.reportServerFailure(1L, serverInfo.target());
-      for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap :
-          resourceSubscribers.values()) {
-        for (ResourceSubscriber<? extends ResourceUpdate> subscriber : subscriberMap.values()) {
-          if (!subscriber.hasResult()) {
-            subscriber.onError(error, null);
-          }
-        }
-      }
-    }
-  }
-
-  private void handleStreamRestarted(ServerInfo serverInfo) {
-    syncContext.throwIfNotInThisSynchronizationContext();
-    for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap :
-        resourceSubscribers.values()) {
-      for (ResourceSubscriber<? extends ResourceUpdate> subscriber : subscriberMap.values()) {
-        if (subscriber.serverInfo.equals(serverInfo)) {
-          subscriber.restartTimer();
-        }
-      }
-    }
-  }
-
   @Override
   public void shutdown() {
     syncContext.execute(
@@ -184,7 +150,8 @@ public void run() {
             for (final LoadReportClient lrsClient : serverLrsClientMap.values()) {
               lrsClient.stopLoadReporting();
             }
-            cleanUpResourceTimers();
+            cleanUpResourceTimers(null);
+            activatedCpClients.clear();
           }
         });
   }
@@ -199,20 +166,53 @@ public Map<String, XdsResourceType<?>> getSubscribedResourceTypesWithTypeUrl() {
     return Collections.unmodifiableMap(subscribedResourceTypeUrls);
   }
 
+  private ControlPlaneClient getActiveCpc(String authority) {
+    List<ControlPlaneClient> controlPlaneClients = activatedCpClients.get(authority);
+    if (controlPlaneClients == null || controlPlaneClients.isEmpty()) {
+      return null;
+    }
+
+    return controlPlaneClients.get(controlPlaneClients.size() - 1);
+  }
+
   @Nullable
   @Override
-  public Collection<String> getSubscribedResources(ServerInfo serverInfo,
-                                                   XdsResourceType<? extends ResourceUpdate> type) {
+  public Collection<String> getSubscribedResources(
+      ServerInfo serverInfo, XdsResourceType<? extends ResourceUpdate> type) {
+    ControlPlaneClient targetCpc = serverCpClientMap.get(serverInfo);
+    if (targetCpc == null) {
+      return null;
+    }
+
+    // This should include all of the authorities that targetCpc or a fallback from it is serving
+    List<String> authorities = activatedCpClients.entrySet().stream()
+        .filter(entry -> entry.getValue().contains(targetCpc))
+        .map(Map.Entry::getKey)
+        .collect(Collectors.toList());
+
     Map<String, ResourceSubscriber<? extends ResourceUpdate>> resources =
         resourceSubscribers.getOrDefault(type, Collections.emptyMap());
-    ImmutableSet.Builder<String> builder = ImmutableSet.builder();
-    for (String key : resources.keySet()) {
-      if (resources.get(key).serverInfo.equals(serverInfo)) {
-        builder.add(key);
+
+    Collection<String> retVal = resources.entrySet().stream()
+        .filter(entry -> authorities.contains(entry.getValue().authority))
+        .map(Map.Entry::getKey)
+        .collect(Collectors.toList());
+
+    return retVal.isEmpty() ? null : retVal;
+  }
+
+  @Override
+  public void startMissingResourceTimers(Collection<String> resourceNames,
+                                         XdsResourceType<?> resourceType) {
+    Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap =
+        resourceSubscribers.get(resourceType);
+
+    for (String resourceName : resourceNames) {
+      ResourceSubscriber<?> subscriber = subscriberMap.get(resourceName);
+      if (subscriber.respTimer == null && !subscriber.hasResult()) {
+        subscriber.restartTimer();
       }
     }
-    Collection<String> retVal = builder.build();
-    return retVal.isEmpty() ? null : retVal;
   }
 
   // As XdsClient APIs becomes resource agnostic, subscribed resource types are dynamic.
@@ -228,7 +228,7 @@ public void run() {
         // A map from a "resource type" to a map ("resource name": "resource metadata")
         ImmutableMap.Builder<XdsResourceType<?>, Map<String, ResourceMetadata>> metadataSnapshot =
             ImmutableMap.builder();
-        for (XdsResourceType<?> resourceType: resourceSubscribers.keySet()) {
+        for (XdsResourceType<?> resourceType : resourceSubscribers.keySet()) {
           ImmutableMap.Builder<String, ResourceMetadata> metadataMap = ImmutableMap.builder();
           for (Map.Entry<String, ResourceSubscriber<? extends ResourceUpdate>> resourceEntry
               : resourceSubscribers.get(resourceType).entrySet()) {
@@ -249,9 +249,9 @@ public Object getSecurityConfig() {
 
   @Override
   public <T extends ResourceUpdate> void watchXdsResource(XdsResourceType<T> type,
-      String resourceName,
-      ResourceWatcher<T> watcher,
-      Executor watcherExecutor) {
+                                                          String resourceName,
+                                                          ResourceWatcher<T> watcher,
+                                                          Executor watcherExecutor) {
     syncContext.execute(new Runnable() {
       @Override
       @SuppressWarnings("unchecked")
@@ -262,36 +262,125 @@ public void run() {
         }
         ResourceSubscriber<T> subscriber =
             (ResourceSubscriber<T>) resourceSubscribers.get(type).get(resourceName);
+
         if (subscriber == null) {
           logger.log(XdsLogLevel.INFO, "Subscribe {0} resource {1}", type, resourceName);
           subscriber = new ResourceSubscriber<>(type, resourceName);
           resourceSubscribers.get(type).put(resourceName, subscriber);
-          if (subscriber.controlPlaneClient != null) {
-            subscriber.controlPlaneClient.adjustResourceSubscription(type);
+
+          if (subscriber.errorDescription == null) {
+            CpcWithFallbackState cpcToUse = manageControlPlaneClient(subscriber);
+            if (cpcToUse.cpc != null) {
+              cpcToUse.cpc.adjustResourceSubscription(type);
+            }
           }
         }
+
         subscriber.addWatcher(watcher, watcherExecutor);
       }
     });
   }
 
+  /**
+   * Gets a ControlPlaneClient for the subscriber's authority, creating one if necessary.
+   * If there already was an active CPC for this authority, and it is different from the one
+   * identified, then do fallback to the identified one (cpcToUse).
+   *
+   * @return identified CPC or {@code null} (if there are no valid ServerInfos associated with the
+   *     subscriber's authority or CPC's for all are in backoff), and whether did a fallback.
+   */
+  @VisibleForTesting
+  private <T extends ResourceUpdate> CpcWithFallbackState manageControlPlaneClient(
+      ResourceSubscriber<T> subscriber) {
+
+    ControlPlaneClient cpcToUse;
+    boolean didFallback = false;
+    try {
+      cpcToUse = getOrCreateControlPlaneClient(subscriber.authority);
+    } catch (IllegalArgumentException e) {
+      if (subscriber.errorDescription == null) {
+        subscriber.errorDescription = "Bad configuration:  " + e.getMessage();
+      }
+
+      subscriber.onError(
+          Status.INVALID_ARGUMENT.withDescription(subscriber.errorDescription), null);
+      return new CpcWithFallbackState(null, false);
+    } catch (IOException e) {
+      logger.log(XdsLogLevel.DEBUG,
+          "Could not create a control plane client for authority {0}: {1}",
+          subscriber.authority, e.getMessage());
+      return new CpcWithFallbackState(null, false);
+    }
+
+    ControlPlaneClient activeCpClient = getActiveCpc(subscriber.authority);
+    if (cpcToUse != activeCpClient) {
+      addCpcToAuthority(subscriber.authority, cpcToUse); // makes it active
+      if (activeCpClient != null) {
+        didFallback = cpcToUse != null && !cpcToUse.isInError();
+        if (didFallback) {
+          logger.log(XdsLogLevel.INFO, "Falling back to XDS server {0}",
+              cpcToUse.getServerInfo().target());
+        } else {
+          logger.log(XdsLogLevel.WARNING, "No working fallback XDS Servers found from {0}",
+              activeCpClient.getServerInfo().target());
+        }
+      }
+    }
+
+    return new CpcWithFallbackState(cpcToUse, didFallback);
+  }
+
+  private void addCpcToAuthority(String authority, ControlPlaneClient cpcToUse) {
+    List<ControlPlaneClient> controlPlaneClients =
+        activatedCpClients.computeIfAbsent(authority, k -> new ArrayList<>());
+
+    if (controlPlaneClients.contains(cpcToUse)) {
+      return;
+    }
+
+    // if there are any missing CPCs between the last one and cpcToUse, add them + add cpcToUse
+    ImmutableList<ServerInfo> serverInfos = getServerInfos(authority);
+    for (int i = controlPlaneClients.size(); i < serverInfos.size(); i++) {
+      ServerInfo serverInfo = serverInfos.get(i);
+      ControlPlaneClient cpc = serverCpClientMap.get(serverInfo);
+      controlPlaneClients.add(cpc);
+      logger.log(XdsLogLevel.DEBUG, "Adding control plane client {0} to authority {1}",
+          cpc, authority);
+      cpcToUse.sendDiscoveryRequests();
+      if (cpc == cpcToUse) {
+        break;
+      }
+    }
+  }
+
   @Override
   public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T> type,
-      String resourceName,
-      ResourceWatcher<T> watcher) {
+                                                                String resourceName,
+                                                                ResourceWatcher<T> watcher) {
     syncContext.execute(new Runnable() {
       @Override
       @SuppressWarnings("unchecked")
       public void run() {
         ResourceSubscriber<T> subscriber =
             (ResourceSubscriber<T>) resourceSubscribers.get(type).get(resourceName);
+        if (subscriber == null) {
+          logger.log(XdsLogLevel.WARNING, "double cancel of resource watch for {0}:{1}",
+              type.typeName(), resourceName);
+          return;
+        }
         subscriber.removeWatcher(watcher);
         if (!subscriber.isWatched()) {
           subscriber.cancelResourceWatch();
           resourceSubscribers.get(type).remove(resourceName);
-          if (subscriber.controlPlaneClient != null) {
-            subscriber.controlPlaneClient.adjustResourceSubscription(type);
+
+          List<ControlPlaneClient> controlPlaneClients =
+              activatedCpClients.get(subscriber.authority);
+          if (controlPlaneClients != null) {
+            controlPlaneClients.forEach((cpc) -> {
+              cpc.adjustResourceSubscription(type);
+            });
           }
+
           if (resourceSubscribers.get(type).isEmpty()) {
             resourceSubscribers.remove(type);
             subscribedResourceTypeUrls.remove(type.typeUrl());
@@ -344,30 +433,6 @@ public String toString() {
     return logId.toString();
   }
 
-  @Override
-  protected void startSubscriberTimersIfNeeded(ServerInfo serverInfo) {
-    if (isShutDown()) {
-      return;
-    }
-
-    syncContext.execute(new Runnable() {
-      @Override
-      public void run() {
-        if (isShutDown()) {
-          return;
-        }
-
-        for (Map<String, ResourceSubscriber<?>> subscriberMap : resourceSubscribers.values()) {
-          for (ResourceSubscriber<?> subscriber : subscriberMap.values()) {
-            if (subscriber.serverInfo.equals(serverInfo) && subscriber.respTimer == null) {
-              subscriber.restartTimer();
-            }
-          }
-        }
-      }
-    });
-  }
-
   private Set<String> getResourceKeys(XdsResourceType<?> xdsResourceType) {
     if (!resourceSubscribers.containsKey(xdsResourceType)) {
       return null;
@@ -376,53 +441,74 @@ private Set<String> getResourceKeys(XdsResourceType<?> xdsResourceType) {
     return resourceSubscribers.get(xdsResourceType).keySet();
   }
 
-  private void cleanUpResourceTimers() {
+  // cpcForThisStream is null when doing shutdown
+  private void cleanUpResourceTimers(ControlPlaneClient cpcForThisStream) {
+    Collection<String> authoritiesForCpc = getActiveAuthorities(cpcForThisStream);
+
     for (Map<String, ResourceSubscriber<?>> subscriberMap : resourceSubscribers.values()) {
       for (ResourceSubscriber<?> subscriber : subscriberMap.values()) {
-        subscriber.stopTimer();
+        if (cpcForThisStream == null || authoritiesForCpc.contains(subscriber.authority)) {
+          subscriber.stopTimer();
+        }
+      }
+    }
+  }
+
+  private ControlPlaneClient getOrCreateControlPlaneClient(String authority) throws IOException {
+    // Optimize for the common case of a working ads stream already exists for the authority
+    ControlPlaneClient activeCpc = getActiveCpc(authority);
+    if (activeCpc != null && !activeCpc.isInError()) {
+      return activeCpc;
+    }
+
+    ImmutableList<ServerInfo> serverInfos = getServerInfos(authority);
+    if (serverInfos == null) {
+      throw new IllegalArgumentException("No xds servers found for authority " + authority);
+    }
+
+    for (ServerInfo serverInfo : serverInfos) {
+      ControlPlaneClient cpc = getOrCreateControlPlaneClient(serverInfo);
+      if (cpc.isInError()) {
+        continue;
       }
+      return cpc;
     }
+
+    // Everything existed and is in backoff so throw
+    throw new IOException("All xds transports for authority " + authority + " are in backoff");
   }
 
-  public ControlPlaneClient getOrCreateControlPlaneClient(ServerInfo serverInfo) {
+  private ControlPlaneClient getOrCreateControlPlaneClient(ServerInfo serverInfo) {
     syncContext.throwIfNotInThisSynchronizationContext();
     if (serverCpClientMap.containsKey(serverInfo)) {
       return serverCpClientMap.get(serverInfo);
     }
 
-    XdsTransportFactory.XdsTransport xdsTransport = xdsTransportFactory.create(serverInfo);
+    logger.log(XdsLogLevel.DEBUG, "Creating control plane client for {0}", serverInfo.target());
+    XdsTransportFactory.XdsTransport xdsTransport;
+    try {
+      xdsTransport = xdsTransportFactory.create(serverInfo);
+    } catch (Exception e) {
+      String msg = String.format("Failed to create xds transport for %s: %s",
+          serverInfo.target(), e.getMessage());
+      logger.log(XdsLogLevel.WARNING, msg);
+      xdsTransport =
+          new ControlPlaneClient.FailingXdsTransport(Status.UNAVAILABLE.withDescription(msg));
+    }
+
     ControlPlaneClient controlPlaneClient = new ControlPlaneClient(
         xdsTransport,
         serverInfo,
         bootstrapInfo.node(),
-        new XdsResponseHandler() {
-
-          @Override
-          public void handleResourceResponse(
-              XdsResourceType<?> resourceType, ServerInfo serverInfo, String versionInfo,
-              List<Any> resources, String nonce, ProcessingTracker processingTracker) {
-            XdsClientImpl.this.handleResourceResponse(resourceType, serverInfo, versionInfo,
-                resources, nonce,
-                processingTracker);
-          }
-
-          @Override
-          public void handleStreamClosed(Status error) {
-            XdsClientImpl.this.handleStreamClosed(error, serverInfo);
-          }
-
-          @Override
-          public void handleStreamRestarted(ServerInfo serverInfo) {
-            XdsClientImpl.this.handleStreamRestarted(serverInfo);
-          }
-        },
+        new ResponseHandler(serverInfo),
         this,
         timeService,
         syncContext,
         backoffPolicyProvider,
         stopwatchSupplier,
-        this,
-        messagePrinter);
+        messagePrinter
+    );
+
     serverCpClientMap.put(serverInfo, controlPlaneClient);
 
     LoadStatsManager2 loadStatsManager = new LoadStatsManager2(stopwatchSupplier);
@@ -441,32 +527,48 @@ public Map<ServerInfo, LoadReportClient> getServerLrsClientMap() {
     return ImmutableMap.copyOf(serverLrsClientMap);
   }
 
-  @Nullable
-  private ServerInfo getServerInfo(String resource) {
+  private String getAuthority(String resource) {
+    String authority;
     if (resource.startsWith(XDSTP_SCHEME)) {
       URI uri = URI.create(resource);
-      String authority = uri.getAuthority();
+      authority = uri.getAuthority();
       if (authority == null) {
         authority = "";
       }
+    } else {
+      authority = null;
+    }
+
+    return authority;
+  }
+
+  @Nullable
+  private ImmutableList<ServerInfo> getServerInfos(String authority) {
+    if (authority != null) {
       AuthorityInfo authorityInfo = bootstrapInfo.authorities().get(authority);
       if (authorityInfo == null || authorityInfo.xdsServers().isEmpty()) {
         return null;
       }
-      return authorityInfo.xdsServers().get(0);
+      return authorityInfo.xdsServers();
     } else {
-      return bootstrapInfo.servers().get(0); // use first server
+      return bootstrapInfo.servers();
     }
   }
 
   @SuppressWarnings("unchecked")
   private <T extends ResourceUpdate> void handleResourceUpdate(
       XdsResourceType.Args args, List<Any> resources, XdsResourceType<T> xdsResourceType,
-      ProcessingTracker processingTracker) {
+      boolean isFirstResponse, ProcessingTracker processingTracker) {
+    ControlPlaneClient controlPlaneClient = serverCpClientMap.get(args.serverInfo);
+
+    if (isFirstResponse) {
+      shutdownLowerPriorityCpcs(controlPlaneClient);
+    }
+
     ValidatedResourceUpdate<T> result = xdsResourceType.parse(args, resources);
     logger.log(XdsLogger.XdsLogLevel.INFO,
         "Received {0} Response version {1} nonce {2}. Parsed resources: {3}",
-         xdsResourceType.typeName(), args.versionInfo, args.nonce, result.unpackedResources);
+        xdsResourceType.typeName(), args.versionInfo, args.nonce, result.unpackedResources);
     Map<String, ParsedResource<T>> parsedResources = result.parsedResources;
     Set<String> invalidResources = result.invalidResources;
     metricReporter.reportResourceUpdates(Long.valueOf(parsedResources.size()),
@@ -477,14 +579,14 @@ private <T extends ResourceUpdate> void handleResourceUpdate(
     String errorDetail = null;
     if (errors.isEmpty()) {
       checkArgument(invalidResources.isEmpty(), "found invalid resources but missing errors");
-      serverCpClientMap.get(args.serverInfo).ackResponse(xdsResourceType, args.versionInfo,
+      controlPlaneClient.ackResponse(xdsResourceType, args.versionInfo,
           args.nonce);
     } else {
       errorDetail = Joiner.on('\n').join(errors);
       logger.log(XdsLogLevel.WARNING,
           "Failed processing {0} Response version {1} nonce {2}. Errors:\n{3}",
           xdsResourceType.typeName(), args.versionInfo, args.nonce, errorDetail);
-      serverCpClientMap.get(args.serverInfo).nackResponse(xdsResourceType, args.nonce, errorDetail);
+      controlPlaneClient.nackResponse(xdsResourceType, args.nonce, errorDetail);
     }
 
     long updateTime = timeProvider.currentTimeNanos();
@@ -523,8 +625,8 @@ private <T extends ResourceUpdate> void handleResourceUpdate(
       // For State of the World services, notify watchers when their watched resource is missing
       // from the ADS update. Note that we can only do this if the resource update is coming from
       // the same xDS server that the ResourceSubscriber is subscribed to.
-      if (subscriber.serverInfo.equals(args.serverInfo)) {
-        subscriber.onAbsent(processingTracker);
+      if (getActiveCpc(subscriber.authority) == controlPlaneClient) {
+        subscriber.onAbsent(processingTracker, args.serverInfo);
       }
     }
   }
@@ -535,58 +637,89 @@ public Future<Void> reportServerConnections(ServerConnectionCallback callback) {
     syncContext.execute(() -> {
       serverCpClientMap.forEach((serverInfo, controlPlaneClient) ->
           callback.reportServerConnectionGauge(
-              controlPlaneClient.hasWorkingAdsStream(), serverInfo.target()));
+              !controlPlaneClient.isInError(), serverInfo.target()));
       future.set(null);
     });
     return future;
   }
 
+  private void shutdownLowerPriorityCpcs(ControlPlaneClient activatedCpc) {
+    // For each authority, remove any control plane clients, with lower priority than the activated
+    // one, from activatedCpClients storing them all in cpcsToShutdown.
+    Set<ControlPlaneClient> cpcsToShutdown = new HashSet<>();
+    for ( List<ControlPlaneClient> cpcsForAuth : activatedCpClients.values()) {
+      if (cpcsForAuth == null) {
+        continue;
+      }
+      int index = cpcsForAuth.indexOf(activatedCpc);
+      if (index > -1) {
+        cpcsToShutdown.addAll(cpcsForAuth.subList(index + 1, cpcsForAuth.size()));
+        cpcsForAuth.subList(index + 1, cpcsForAuth.size()).clear(); // remove lower priority cpcs
+      }
+    }
+
+    // Shutdown any lower priority control plane clients identified above that aren't still being
+    // used by another authority.  If they are still being used let the XDS server know that we
+    // no longer are interested in subscriptions for authorities we are no longer responsible for.
+    for (ControlPlaneClient cpc : cpcsToShutdown) {
+      if (activatedCpClients.values().stream().noneMatch(list -> list.contains(cpc))) {
+        cpc.shutdown();
+        serverCpClientMap.remove(cpc.getServerInfo());
+      } else {
+        cpc.sendDiscoveryRequests();
+      }
+    }
+  }
+
+
   /** Tracks a single subscribed resource. */
   private final class ResourceSubscriber<T extends ResourceUpdate> {
-    @Nullable private final ServerInfo serverInfo;
-    @Nullable private final ControlPlaneClient controlPlaneClient;
+    @Nullable
+    private final String authority;
     private final XdsResourceType<T> type;
     private final String resource;
     private final Map<ResourceWatcher<T>, Executor> watchers = new HashMap<>();
-    @Nullable private T data;
+    @Nullable
+    private T data;
     private boolean absent;
     // Tracks whether the deletion has been ignored per bootstrap server feature.
     // See https://github.com/grpc/proposal/blob/master/A53-xds-ignore-resource-deletion.md
     private boolean resourceDeletionIgnored;
-    @Nullable private ScheduledHandle respTimer;
-    @Nullable private ResourceMetadata metadata;
-    @Nullable private String errorDescription;
+    @Nullable
+    private ScheduledHandle respTimer;
+    @Nullable
+    private ResourceMetadata metadata;
+    @Nullable
+    private String errorDescription;
 
     ResourceSubscriber(XdsResourceType<T> type, String resource) {
       syncContext.throwIfNotInThisSynchronizationContext();
       this.type = type;
       this.resource = resource;
-      this.serverInfo = getServerInfo(resource);
-      if (serverInfo == null) {
+      this.authority = getAuthority(resource);
+      if (getServerInfos(authority) == null) {
         this.errorDescription = "Wrong configuration: xds server does not exist for resource "
             + resource;
-        this.controlPlaneClient = null;
         return;
       }
+
       // Initialize metadata in UNKNOWN state to cover the case when resource subscriber,
       // is created but not yet requested because the client is in backoff.
       this.metadata = ResourceMetadata.newResourceMetadataUnknown();
+    }
 
-      ControlPlaneClient controlPlaneClient = null;
-      try {
-        controlPlaneClient = getOrCreateControlPlaneClient(serverInfo);
-        if (controlPlaneClient.isInBackoff()) {
-          return;
-        }
-      } catch (IllegalArgumentException e) {
-        controlPlaneClient = null;
-        this.errorDescription = "Bad configuration:  " + e.getMessage();
-        return;
-      } finally {
-        this.controlPlaneClient = controlPlaneClient;
-      }
-
-      restartTimer();
+    @Override
+    public String toString() {
+      return "ResourceSubscriber{"
+          + "resource='" + resource + '\''
+          + ", authority='" + authority + '\''
+          + ", type=" + type
+          + ", watchers=" + watchers.size()
+          + ", data=" + data
+          + ", absent=" + absent
+          + ", resourceDeletionIgnored=" + resourceDeletionIgnored
+          + ", errorDescription='" + errorDescription + '\''
+          + '}';
     }
 
     void addWatcher(ResourceWatcher<T> watcher, Executor watcherExecutor) {
@@ -607,7 +740,7 @@ void addWatcher(ResourceWatcher<T> watcher, Executor watcherExecutor) {
       });
     }
 
-    void removeWatcher(ResourceWatcher<T>  watcher) {
+    void removeWatcher(ResourceWatcher<T> watcher) {
       checkArgument(watchers.containsKey(watcher), "watcher %s not registered", watcher);
       watchers.remove(watcher);
     }
@@ -616,7 +749,9 @@ void restartTimer() {
       if (data != null || absent) {  // resource already resolved
         return;
       }
-      if (!controlPlaneClient.isReady()) { // When client becomes ready, it triggers a restartTimer
+      ControlPlaneClient activeCpc = getActiveCpc(authority);
+      if (activeCpc == null || !activeCpc.isReady()) {
+        // When client becomes ready, it triggers a restartTimer for all relevant subscribers.
         return;
       }
 
@@ -626,7 +761,7 @@ public void run() {
           logger.log(XdsLogLevel.INFO, "{0} resource {1} initial fetch timeout",
               type, resource);
           respTimer = null;
-          onAbsent(null);
+          onAbsent(null, activeCpc.getServerInfo());
         }
 
         @Override
@@ -638,6 +773,9 @@ public String toString() {
       // Initial fetch scheduled or rescheduled, transition metadata state to REQUESTED.
       metadata = ResourceMetadata.newResourceMetadataRequested();
 
+      if (respTimer != null) {
+        respTimer.cancel();
+      }
       respTimer = syncContext.schedule(
           new ResourceNotFound(), INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS,
           timeService);
@@ -661,8 +799,7 @@ void cancelResourceWatch() {
         message += " for which we previously ignored a deletion";
         logLevel = XdsLogLevel.FORCE_INFO;
       }
-      logger.log(logLevel, message, type, resource,
-          serverInfo != null ? serverInfo.target() : "unknown");
+      logger.log(logLevel, message, type, resource, getTarget());
     }
 
     boolean isWatched() {
@@ -687,7 +824,7 @@ void onData(ParsedResource<T> parsedResource, String version, long updateTime,
       if (resourceDeletionIgnored) {
         logger.log(XdsLogLevel.FORCE_INFO, "xds server {0}: server returned new version "
                 + "of resource for which we previously ignored a deletion: type {1} name {2}",
-            serverInfo != null ? serverInfo.target() : "unknown", type, resource);
+            getTarget(), type, resource);
         resourceDeletionIgnored = false;
       }
       if (!Objects.equals(oldData, data)) {
@@ -704,15 +841,21 @@ void onData(ParsedResource<T> parsedResource, String version, long updateTime,
       }
     }
 
-    void onAbsent(@Nullable ProcessingTracker processingTracker) {
+    private String getTarget() {
+      ControlPlaneClient activeCpc = getActiveCpc(authority);
+      return (activeCpc != null)
+             ? activeCpc.getServerInfo().target()
+             : "unknown";
+    }
+
+    void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverInfo) {
       if (respTimer != null && respTimer.isPending()) {  // too early to conclude absence
         return;
       }
 
       // Ignore deletion of State of the World resources when this feature is on,
       // and the resource is reusable.
-      boolean ignoreResourceDeletionEnabled =
-          serverInfo != null && serverInfo.ignoreResourceDeletion();
+      boolean ignoreResourceDeletionEnabled = serverInfo.ignoreResourceDeletion();
       if (ignoreResourceDeletionEnabled && type.isFullStateOfTheWorld() && data != null) {
         if (!resourceDeletionIgnored) {
           logger.log(XdsLogLevel.FORCE_WARNING,
@@ -785,4 +928,89 @@ private void notifyWatcher(ResourceWatcher<T> watcher, T update) {
     }
   }
 
+  private class ResponseHandler implements XdsResponseHandler {
+    final ServerInfo serverInfo;
+
+    ResponseHandler(ServerInfo serverInfo) {
+      this.serverInfo = serverInfo;
+    }
+
+    @Override
+    public void handleResourceResponse(
+        XdsResourceType<?> xdsResourceType, ServerInfo serverInfo, String versionInfo,
+        List<Any> resources, String nonce, boolean isFirstResponse,
+        ProcessingTracker processingTracker) {
+      checkNotNull(xdsResourceType, "xdsResourceType");
+      syncContext.throwIfNotInThisSynchronizationContext();
+      Set<String> toParseResourceNames =
+          xdsResourceType.shouldRetrieveResourceKeysForArgs()
+          ? getResourceKeys(xdsResourceType)
+          : null;
+      XdsResourceType.Args args = new XdsResourceType.Args(serverInfo, versionInfo, nonce,
+          bootstrapInfo, securityConfig, toParseResourceNames);
+      handleResourceUpdate(args, resources, xdsResourceType, isFirstResponse, processingTracker);
+    }
+
+    @Override
+    public void handleStreamClosed(Status status, boolean shouldTryFallback) {
+      syncContext.throwIfNotInThisSynchronizationContext();
+
+      ControlPlaneClient cpcClosed = serverCpClientMap.get(serverInfo);
+      if (cpcClosed == null) {
+        return;
+      }
+
+      cleanUpResourceTimers(cpcClosed);
+
+      if (status.isOk()) {
+        return; // Not considered an error
+      }
+
+      metricReporter.reportServerFailure(1L, serverInfo.target());
+
+      Collection<String> authoritiesForClosedCpc = getActiveAuthorities(cpcClosed);
+      for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap :
+          resourceSubscribers.values()) {
+        for (ResourceSubscriber<? extends ResourceUpdate> subscriber : subscriberMap.values()) {
+          if (subscriber.hasResult() || !authoritiesForClosedCpc.contains(subscriber.authority)) {
+            continue;
+          }
+
+          // try to fallback to lower priority control plane client
+          if (shouldTryFallback && manageControlPlaneClient(subscriber).didFallback) {
+            authoritiesForClosedCpc.remove(subscriber.authority);
+            if (authoritiesForClosedCpc.isEmpty()) {
+              return; // optimization: no need to continue once all authorities have done fallback
+            }
+            continue; // since we did fallback, don't consider it an error
+          }
+
+          subscriber.onError(status, null);
+        }
+      }
+    }
+
+  }
+
+  private static class CpcWithFallbackState {
+    ControlPlaneClient cpc;
+    boolean didFallback;
+
+    private CpcWithFallbackState(ControlPlaneClient cpc, boolean didFallback) {
+      this.cpc = cpc;
+      this.didFallback = didFallback;
+    }
+  }
+
+  private Collection<String> getActiveAuthorities(ControlPlaneClient cpc) {
+    List<String> asList = activatedCpClients.entrySet().stream()
+        .filter(entry -> !entry.getValue().isEmpty()
+            && cpc == entry.getValue().get(entry.getValue().size() - 1))
+        .map(Map.Entry::getKey)
+        .collect(Collectors.toList());
+
+    // Since this is usually used for contains, use a set when the list is large
+    return (asList.size() < 100) ? asList : new HashSet<>(asList);
+  }
+
 }
diff --git a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
index 69fde29a0a9..ac1c4829c74 100644
--- a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
+++ b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
@@ -57,6 +57,7 @@
 import io.grpc.InsecureServerCredentials;
 import io.grpc.NameResolverRegistry;
 import io.grpc.Server;
+import java.io.IOException;
 import java.util.Collections;
 import java.util.Map;
 import java.util.UUID;
@@ -88,9 +89,11 @@ public class ControlPlaneRule extends TestWatcher {
   private XdsTestControlPlaneService controlPlaneService;
   private XdsTestLoadReportingService loadReportingService;
   private XdsNameResolverProvider nameResolverProvider;
+  private int port; // Only change from 0 to actual port used in the server.
 
   public ControlPlaneRule() {
     serverHostName = "test-server";
+    this.port = 0;
   }
 
   public ControlPlaneRule setServerHostName(String serverHostName) {
@@ -117,11 +120,7 @@ public Server getServer() {
     try {
       controlPlaneService = new XdsTestControlPlaneService();
       loadReportingService = new XdsTestLoadReportingService();
-      server = Grpc.newServerBuilderForPort(0, InsecureServerCredentials.create())
-          .addService(controlPlaneService)
-          .addService(loadReportingService)
-          .build()
-          .start();
+      createAndStartXdsServer();
     } catch (Exception e) {
       throw new AssertionError("unable to start the control plane server", e);
     }
@@ -146,6 +145,42 @@ public Server getServer() {
     NameResolverRegistry.getDefaultRegistry().deregister(nameResolverProvider);
   }
 
+  /**
+   * Will shutdown existing server if needed.
+   * Then creates a new server in the same way as {@link #starting(Description)} and starts it.
+   */
+  public void restartXdsServer() {
+
+    if (getServer() != null && !getServer().isTerminated()) {
+      getServer().shutdownNow();
+      try {
+        if (!getServer().awaitTermination(5, TimeUnit.SECONDS)) {
+          logger.log(Level.SEVERE, "Timed out waiting for server shutdown");
+        }
+      } catch (InterruptedException e) {
+        throw new AssertionError("unable to shut down control plane server", e);
+      }
+    }
+
+    try {
+      createAndStartXdsServer();
+    } catch (Exception e) {
+      throw new AssertionError("unable to restart the control plane server", e);
+    }
+  }
+
+  private void createAndStartXdsServer() throws IOException {
+    server = Grpc.newServerBuilderForPort(port, InsecureServerCredentials.create())
+        .addService(controlPlaneService)
+        .addService(loadReportingService)
+        .build()
+        .start();
+
+    if (port == 0) {
+      port = server.getPort();
+    }
+  }
+
   /**
    * For test purpose, use boostrapOverride to programmatically provide bootstrap info.
    */
@@ -175,46 +210,69 @@ void setLdsConfig(Listener serverListener, Listener clientListener) {
   }
 
   void setRdsConfig(RouteConfiguration routeConfiguration) {
-    getService().setXdsConfig(ADS_TYPE_URL_RDS, ImmutableMap.of(RDS_NAME, routeConfiguration));
+    setRdsConfig(RDS_NAME, routeConfiguration);
+  }
+
+  public void setRdsConfig(String rdsName, RouteConfiguration routeConfiguration) {
+    getService().setXdsConfig(ADS_TYPE_URL_RDS, ImmutableMap.of(rdsName, routeConfiguration));
   }
 
   void setCdsConfig(Cluster cluster) {
+    setCdsConfig(CLUSTER_NAME, cluster);
+  }
+
+  void setCdsConfig(String clusterName, Cluster cluster) {
     getService().setXdsConfig(ADS_TYPE_URL_CDS,
-        ImmutableMap.<String, Message>of(CLUSTER_NAME, cluster));
+        ImmutableMap.<String, Message>of(clusterName, cluster));
   }
 
   void setEdsConfig(ClusterLoadAssignment clusterLoadAssignment) {
+    setEdsConfig(EDS_NAME, clusterLoadAssignment);
+  }
+
+  void setEdsConfig(String edsName, ClusterLoadAssignment clusterLoadAssignment) {
     getService().setXdsConfig(ADS_TYPE_URL_EDS,
-        ImmutableMap.<String, Message>of(EDS_NAME, clusterLoadAssignment));
+        ImmutableMap.<String, Message>of(edsName, clusterLoadAssignment));
   }
 
   /**
    * Builds a new default RDS configuration.
    */
   static RouteConfiguration buildRouteConfiguration(String authority) {
-    io.envoyproxy.envoy.config.route.v3.VirtualHost virtualHost = VirtualHost.newBuilder()
+    return buildRouteConfiguration(authority, RDS_NAME, CLUSTER_NAME);
+  }
+
+  static RouteConfiguration buildRouteConfiguration(String authority, String rdsName,
+                                                    String clusterName) {
+    VirtualHost.Builder vhBuilder = VirtualHost.newBuilder()
+        .setName(rdsName)
         .addDomains(authority)
         .addRoutes(
             Route.newBuilder()
                 .setMatch(
                     RouteMatch.newBuilder().setPrefix("/").build())
                 .setRoute(
-                    RouteAction.newBuilder().setCluster(CLUSTER_NAME)
+                    RouteAction.newBuilder().setCluster(clusterName)
                         .setAutoHostRewrite(BoolValue.newBuilder().setValue(true).build())
-                        .build()).build()).build();
-    return RouteConfiguration.newBuilder().setName(RDS_NAME).addVirtualHosts(virtualHost).build();
+                        .build()));
+    VirtualHost virtualHost = vhBuilder.build();
+    return RouteConfiguration.newBuilder().setName(rdsName).addVirtualHosts(virtualHost).build();
   }
 
   /**
    * Builds a new default CDS configuration.
    */
   static Cluster buildCluster() {
+    return buildCluster(CLUSTER_NAME, EDS_NAME);
+  }
+
+  static Cluster buildCluster(String clusterName, String edsName) {
     return Cluster.newBuilder()
-        .setName(CLUSTER_NAME)
+        .setName(clusterName)
         .setType(Cluster.DiscoveryType.EDS)
         .setEdsClusterConfig(
             Cluster.EdsClusterConfig.newBuilder()
-                .setServiceName(EDS_NAME)
+                .setServiceName(edsName)
                 .setEdsConfig(
                     ConfigSource.newBuilder()
                         .setAds(AggregatedConfigSource.newBuilder().build())
@@ -228,7 +286,13 @@ static Cluster buildCluster() {
    * Builds a new default EDS configuration.
    */
   static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, String endpointHostname,
-      int port) {
+                                                          int port) {
+    return buildClusterLoadAssignment(hostName, endpointHostname, port, EDS_NAME);
+  }
+
+  static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, String endpointHostname,
+                                                          int port, String edsName) {
+
     Address address = Address.newBuilder()
         .setSocketAddress(
             SocketAddress.newBuilder().setAddress(hostName).setPortValue(port).build()).build();
@@ -243,7 +307,7 @@ static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, String
                 .setHealthStatus(HealthStatus.HEALTHY)
                 .build()).build();
     return ClusterLoadAssignment.newBuilder()
-        .setClusterName(EDS_NAME)
+        .setClusterName(edsName)
         .addEndpoints(endpoints)
         .build();
   }
@@ -252,8 +316,17 @@ static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, String
    * Builds a new client listener.
    */
   static Listener buildClientListener(String name) {
+    return buildClientListener(name, "terminal-filter");
+  }
+
+
+  static Listener buildClientListener(String name, String identifier) {
+    return buildClientListener(name, identifier, RDS_NAME);
+  }
+
+  static Listener buildClientListener(String name, String identifier, String rdsName) {
     HttpFilter httpFilter = HttpFilter.newBuilder()
-        .setName("terminal-filter")
+        .setName(identifier)
         .setTypedConfig(Any.pack(Router.newBuilder().build()))
         .setIsOptional(true)
         .build();
@@ -262,7 +335,7 @@ static Listener buildClientListener(String name) {
             .HttpConnectionManager.newBuilder()
             .setRds(
                 Rds.newBuilder()
-                    .setRouteConfigName(RDS_NAME)
+                    .setRouteConfigName(rdsName)
                     .setConfigSource(
                         ConfigSource.newBuilder()
                             .setAds(AggregatedConfigSource.getDefaultInstance())))
diff --git a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
index 7c6821dc560..df0687f6706 100644
--- a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
+++ b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
@@ -108,7 +108,7 @@ public void setUp() {
       // because true->false return mutation prevents fetchClientStatus from completing the request.
       csdsStub = ClientStatusDiscoveryServiceGrpc
           .newBlockingStub(grpcServerRule.getChannel())
-          .withDeadline(Deadline.after(3, TimeUnit.SECONDS));
+          .withDeadline(Deadline.after(30, TimeUnit.SECONDS));
       csdsAsyncStub = ClientStatusDiscoveryServiceGrpc.newStub(grpcServerRule.getChannel());
     }
 
@@ -498,11 +498,17 @@ public BootstrapInfo getBootstrapInfo() {
 
     @Nullable
     @Override
-    public Collection<String> getSubscribedResources(ServerInfo serverInfo,
-                  XdsResourceType<? extends ResourceUpdate> type) {
+    public Collection<String> getSubscribedResources(
+        ServerInfo serverInfo, XdsResourceType<? extends ResourceUpdate> type) {
       return null;
     }
 
+    @Override
+    public void startMissingResourceTimers(Collection<String> resourceNames,
+                                           XdsResourceType<?> resourceType) {
+      // do nothing
+    }
+
     @Override
     public Map<String, XdsResourceType<?>> getSubscribedResourceTypesWithTypeUrl() {
       return ImmutableMap.of();
@@ -511,8 +517,7 @@ public Map<String, XdsResourceType<?>> getSubscribedResourceTypesWithTypeUrl() {
 
   private static class FakeXdsClientPoolFactory implements XdsClientPoolFactory {
     private final Map<String, XdsClient> xdsClientMap = new HashMap<>();
-    private boolean isOldStyle
-        ;
+    private boolean isOldStyle;
 
     private FakeXdsClientPoolFactory(@Nullable XdsClient xdsClient) {
       if (xdsClient != null) {
diff --git a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
index 475b6e00a07..d2a9bf3316d 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
@@ -32,6 +32,7 @@
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.BootstrapperImpl;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.client.EnvoyProtoData.Node;
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsInitializationException;
@@ -61,10 +62,12 @@ public class GrpcBootstrapperImplTest {
   private String originalBootstrapPathFromSysProp;
   private String originalBootstrapConfigFromEnvVar;
   private String originalBootstrapConfigFromSysProp;
+  private boolean originalExperimentalXdsFallbackFlag;
 
   @Before
   public void setUp() {
     saveEnvironment();
+    originalExperimentalXdsFallbackFlag = CommonBootstrapperTestUtils.setEnableXdsFallback(true);
     bootstrapper.bootstrapPathFromEnvVar = BOOTSTRAP_FILE_PATH;
   }
 
@@ -81,6 +84,7 @@ public void restoreEnvironment() {
     bootstrapper.bootstrapPathFromSysProp = originalBootstrapPathFromSysProp;
     bootstrapper.bootstrapConfigFromEnvVar = originalBootstrapConfigFromEnvVar;
     bootstrapper.bootstrapConfigFromSysProp = originalBootstrapConfigFromSysProp;
+    CommonBootstrapperTestUtils.setEnableXdsFallback(originalExperimentalXdsFallbackFlag);
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 198faea7fdc..b326eb7d02d 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -3599,42 +3599,52 @@ public void streamClosedAndRetryWithBackoff() {
     call.verifyRequest(RDS, RDS_RESOURCE, "5", "6764", NODE);
 
     call.sendError(Status.DEADLINE_EXCEEDED.asException());
+    fakeClock.forwardNanos(100L);
+    call = resourceDiscoveryCalls.poll();
+    call.sendError(Status.DEADLINE_EXCEEDED.asException());
+
+    // Already received LDS and RDS, so they only error twice.
     verify(ldsResourceWatcher, times(2)).onError(errorCaptor.capture());
     verify(rdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verify(cdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
-    verify(edsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    verify(cdsResourceWatcher, times(3)).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.DEADLINE_EXCEEDED, "");
+    verify(edsResourceWatcher, times(3)).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.DEADLINE_EXCEEDED, "");
 
     // Check metric data.
     callback_ReportServerConnection();
-    verifyServerConnection(3, true, xdsServerInfo.target());
+    verifyServerConnection(2, true, xdsServerInfo.target());
+    verifyServerConnection(4, false, xdsServerInfo.target());
 
     // Reset backoff sequence and retry after backoff.
     inOrder.verify(backoffPolicyProvider).get();
-    inOrder.verify(backoffPolicy2).nextBackoffNanos();
+    inOrder.verify(backoffPolicy2, times(2)).nextBackoffNanos();
     retryTask =
         Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
-    assertThat(retryTask.getDelay(TimeUnit.NANOSECONDS)).isEqualTo(20L);
-    fakeClock.forwardNanos(20L);
+    fakeClock.forwardNanos(retryTask.getDelay(TimeUnit.NANOSECONDS));
     call = resourceDiscoveryCalls.poll();
     call.verifyRequest(LDS, LDS_RESOURCE, "63", "", NODE);
     call.verifyRequest(RDS, RDS_RESOURCE, "5", "", NODE);
     call.verifyRequest(CDS, CDS_RESOURCE, "", "", NODE);
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
 
+    // Check metric data, should be in error since haven't gotten a response.
+    callback_ReportServerConnection();
+    verifyServerConnection(2, true, xdsServerInfo.target());
+    verifyServerConnection(5, false, xdsServerInfo.target());
+
     // Management server becomes unreachable again.
     call.sendError(Status.UNAVAILABLE.asException());
     verify(ldsResourceWatcher, times(2)).onError(errorCaptor.capture());
     verify(rdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verify(cdsResourceWatcher, times(3)).onError(errorCaptor.capture());
+    verify(cdsResourceWatcher, times(4)).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
-    verify(edsResourceWatcher, times(3)).onError(errorCaptor.capture());
+    verify(edsResourceWatcher, times(4)).onError(errorCaptor.capture());
     verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
 
     // Check metric data.
     callback_ReportServerConnection();
-    verifyServerConnection(4, false, xdsServerInfo.target());
+    verifyServerConnection(6, false, xdsServerInfo.target());
 
     // Retry after backoff.
     inOrder.verify(backoffPolicy2).nextBackoffNanos();
@@ -3650,7 +3660,12 @@ public void streamClosedAndRetryWithBackoff() {
 
     // Check metric data.
     callback_ReportServerConnection();
-    verifyServerConnection(5, false, xdsServerInfo.target());
+    verifyServerConnection(7, false, xdsServerInfo.target());
+
+    // Send a response so CPC is considered working
+    call.sendResponse(LDS, listeners, "63", "3242");
+    callback_ReportServerConnection();
+    verifyServerConnection(3, true, xdsServerInfo.target());
 
     inOrder.verifyNoMoreInteractions();
   }
@@ -3750,6 +3765,19 @@ public void streamClosedAndRetryRestartsResourceInitialFetchTimerForUnresolvedRe
     // Check metric data.
     callback_ReportServerConnection();
     verifyServerConnection(4, true, xdsServerInfo.target());
+    verify(cdsResourceWatcher, never()).onError(errorCaptor.capture()); // We had a response
+
+    fakeClock.forwardTime(5, TimeUnit.SECONDS);
+    DiscoveryRpcCall call2 = resourceDiscoveryCalls.poll();
+    call2.sendError(Status.UNAVAILABLE.asException());
+    verify(cdsResourceWatcher).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
+    verify(edsResourceWatcher).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
+
+    fakeClock.forwardTime(5, TimeUnit.SECONDS);
+    DiscoveryRpcCall call3 = resourceDiscoveryCalls.poll();
+    assertThat(call3).isNotNull();
 
     fakeClock.forwardNanos(10L);
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).hasSize(0);
@@ -3962,11 +3990,14 @@ public void sendingToStoppedServer() throws Exception {
   @Test
   public void sendToBadUrl() throws Exception {
     // Setup xdsClient to fail on stream creation
-    XdsClientImpl client = createXdsClient("some. garbage");
+    String garbageUri = "some. garbage";
+    XdsClientImpl client = createXdsClient(garbageUri);
 
     client.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
     fakeClock.forwardTime(20, TimeUnit.SECONDS);
-    verify(ldsResourceWatcher, Mockito.timeout(5000).times(1)).onError(ArgumentMatchers.any());
+    verify(ldsResourceWatcher, Mockito.timeout(5000).atLeastOnce())
+        .onError(errorCaptor.capture());
+    assertThat(errorCaptor.getValue().getDescription()).contains(garbageUri);
     client.shutdown();
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
new file mode 100644
index 00000000000..6df27db0450
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -0,0 +1,522 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.Truth.assertWithMessage;
+import static io.grpc.xds.GrpcXdsTransportFactory.DEFAULT_XDS_TRANSPORT_FACTORY;
+import static org.mockito.AdditionalAnswers.delegatesTo;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.timeout;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import io.grpc.MetricRecorder;
+import io.grpc.Status;
+import io.grpc.internal.ExponentialBackoffPolicy;
+import io.grpc.internal.FakeClock;
+import io.grpc.internal.ObjectPool;
+import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
+import io.grpc.xds.client.LoadReportClient;
+import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsClientImpl;
+import io.grpc.xds.client.XdsClientMetricReporter;
+import io.grpc.xds.client.XdsInitializationException;
+import java.net.InetSocketAddress;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
+import org.mockito.InOrder;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+
+@RunWith(JUnit4.class)
+public class XdsClientFallbackTest {
+  private static final Logger log = Logger.getLogger(XdsClientFallbackTest.class.getName());
+
+  private static final String MAIN_SERVER = "main-server";
+  private static final String FALLBACK_SERVER = "fallback-server";
+  private static final String DUMMY_TARGET = "TEST_TARGET";
+  private static final String RDS_NAME = "route-config.googleapis.com";
+  private static final String FALLBACK_RDS_NAME = "fallback-" + RDS_NAME;
+  private static final String CLUSTER_NAME = "cluster0";
+  private static final String FALLBACK_CLUSTER_NAME = "fallback-" + CLUSTER_NAME;
+  private static final String EDS_NAME = "eds-service-0";
+  private static final String FALLBACK_EDS_NAME = "fallback-" + EDS_NAME;
+  private static final HttpConnectionManager MAIN_HTTP_CONNECTION_MANAGER =
+      HttpConnectionManager.forRdsName(0, RDS_NAME, ImmutableList.of(
+          new Filter.NamedFilterConfig(MAIN_SERVER, RouterFilter.ROUTER_CONFIG)));
+  private static final HttpConnectionManager FALLBACK_HTTP_CONNECTION_MANAGER =
+      HttpConnectionManager.forRdsName(0, RDS_NAME, ImmutableList.of(
+          new Filter.NamedFilterConfig(FALLBACK_SERVER, RouterFilter.ROUTER_CONFIG)));
+  private ObjectPool<XdsClient> xdsClientPool;
+  private XdsClient xdsClient;
+  private boolean originalEnableXdsFallback;
+  private final FakeClock fakeClock = new FakeClock();
+  private final MetricRecorder metricRecorder = new MetricRecorder() {};
+
+  @Mock
+  private XdsClientMetricReporter xdsClientMetricReporter;
+
+  @Captor
+  private ArgumentCaptor<Status> errorCaptor;
+
+
+  private final XdsClient.ResourceWatcher<XdsListenerResource.LdsUpdate> raalLdsWatcher =
+      new XdsClient.ResourceWatcher<XdsListenerResource.LdsUpdate>() {
+
+        @Override
+        public void onChanged(XdsListenerResource.LdsUpdate update) {
+          log.log(Level.FINE, "LDS update: " + update);
+        }
+
+        @Override
+        public void onError(Status error) {
+          log.log(Level.FINE, "LDS update error: " + error.getDescription());
+        }
+
+        @Override
+        public void onResourceDoesNotExist(String resourceName) {
+          log.log(Level.FINE, "LDS resource does not exist: " + resourceName);
+        }
+      };
+
+  @SuppressWarnings("unchecked")
+  private final XdsClient.ResourceWatcher<XdsListenerResource.LdsUpdate> ldsWatcher =
+      mock(XdsClient.ResourceWatcher.class, delegatesTo(raalLdsWatcher));
+  @Mock
+  private XdsClient.ResourceWatcher<XdsListenerResource.LdsUpdate> ldsWatcher2;
+
+  @Mock
+  private XdsClient.ResourceWatcher<XdsRouteConfigureResource.RdsUpdate> rdsWatcher;
+  @Mock
+  private XdsClient.ResourceWatcher<XdsRouteConfigureResource.RdsUpdate> rdsWatcher2;
+  @Mock
+  private XdsClient.ResourceWatcher<XdsRouteConfigureResource.RdsUpdate> rdsWatcher3;
+
+  private final XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> raalCdsWatcher =
+      new XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate>() {
+
+        @Override
+        public void onChanged(XdsClusterResource.CdsUpdate update) {
+          log.log(Level.FINE, "CDS update: " + update);
+        }
+
+        @Override
+        public void onError(Status error) {
+          log.log(Level.FINE, "CDS update error: " + error.getDescription());
+        }
+
+        @Override
+        public void onResourceDoesNotExist(String resourceName) {
+          log.log(Level.FINE, "CDS resource does not exist: " + resourceName);
+        }
+      };
+
+  @SuppressWarnings("unchecked")
+  private final XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> cdsWatcher =
+      mock(XdsClient.ResourceWatcher.class, delegatesTo(raalCdsWatcher));
+  @Mock
+  private XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> cdsWatcher2;
+
+  @Rule(order = 0)
+  public ControlPlaneRule mainXdsServer =
+      new ControlPlaneRule().setServerHostName(MAIN_SERVER);
+
+  @Rule(order = 1)
+  public ControlPlaneRule fallbackServer =
+      new ControlPlaneRule().setServerHostName(MAIN_SERVER);
+
+  @Rule public final MockitoRule mocks = MockitoJUnit.rule();
+
+  @Before
+  public void setUp() throws XdsInitializationException {
+    originalEnableXdsFallback = CommonBootstrapperTestUtils.setEnableXdsFallback(true);
+    if (mainXdsServer == null) {
+      throw new XdsInitializationException("Failed to create ControlPlaneRule for main TD server");
+    }
+    setAdsConfig(mainXdsServer, MAIN_SERVER);
+    setAdsConfig(fallbackServer, FALLBACK_SERVER);
+
+    SharedXdsClientPoolProvider clientPoolProvider = new SharedXdsClientPoolProvider();
+    clientPoolProvider.setBootstrapOverride(defaultBootstrapOverride());
+    xdsClientPool = clientPoolProvider.getOrCreate(DUMMY_TARGET, metricRecorder);
+  }
+
+  @After
+  public void cleanUp() {
+    if (xdsClientPool != null) {
+      xdsClientPool.returnObject(xdsClient);
+    }
+    CommonBootstrapperTestUtils.setEnableXdsFallback(originalEnableXdsFallback);
+  }
+
+  private static void setAdsConfig(ControlPlaneRule controlPlane, String serverName) {
+    InetSocketAddress edsInetSocketAddress =
+        (InetSocketAddress) controlPlane.getServer().getListenSockets().get(0);
+    boolean isMainServer = serverName.equals(MAIN_SERVER);
+    String rdsName = isMainServer
+                     ? RDS_NAME
+                     : FALLBACK_RDS_NAME;
+    String clusterName = isMainServer ? CLUSTER_NAME : FALLBACK_CLUSTER_NAME;
+    String edsName = isMainServer ? EDS_NAME : FALLBACK_EDS_NAME;
+
+    controlPlane.setLdsConfig(ControlPlaneRule.buildServerListener(),
+        ControlPlaneRule.buildClientListener(MAIN_SERVER, serverName));
+
+    controlPlane.setRdsConfig(rdsName,
+        ControlPlaneRule.buildRouteConfiguration(MAIN_SERVER, rdsName, clusterName));
+    controlPlane.setCdsConfig(clusterName, ControlPlaneRule.buildCluster(clusterName, edsName));
+
+    controlPlane.setEdsConfig(edsName,
+        ControlPlaneRule.buildClusterLoadAssignment(edsInetSocketAddress.getHostName(),
+            DataPlaneRule.ENDPOINT_HOST_NAME, edsInetSocketAddress.getPort(), edsName));
+    log.log(Level.FINE,
+        String.format("Set ADS config for %s with address %s", serverName, edsInetSocketAddress));
+  }
+
+  // This is basically a control test to make sure everything is set up correctly.
+  @Test
+  public void everything_okay() {
+    mainXdsServer.restartXdsServer();
+    fallbackServer.restartXdsServer();
+    xdsClient = xdsClientPool.getObject();
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(
+            MAIN_HTTP_CONNECTION_MANAGER));
+
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher);
+    verify(rdsWatcher, timeout(5000)).onChanged(any());
+  }
+
+  @Test
+  public void mainServerDown_fallbackServerUp() {
+    mainXdsServer.getServer().shutdownNow();
+    fallbackServer.restartXdsServer();
+    xdsClient = xdsClientPool.getObject();
+    log.log(Level.FINE, "Fallback port = " + fallbackServer.getServer().getPort());
+
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(
+            FALLBACK_HTTP_CONNECTION_MANAGER));
+  }
+
+  @Test
+  public void useBadAuthority() {
+    xdsClient = xdsClientPool.getObject();
+    InOrder inOrder = inOrder(ldsWatcher, rdsWatcher, rdsWatcher2, rdsWatcher3);
+
+    String badPrefix = "xdstp://authority.xds.bad/envoy.config.listener.v3.Listener/";
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(),
+        badPrefix + "listener.googleapis.com", ldsWatcher);
+    inOrder.verify(ldsWatcher, timeout(5000)).onError(any());
+
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
+        badPrefix + "route-config.googleapis.bad", rdsWatcher);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
+        badPrefix + "route-config2.googleapis.bad", rdsWatcher2);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
+        badPrefix + "route-config3.googleapis.bad", rdsWatcher3);
+    inOrder.verify(rdsWatcher, timeout(5000).times(1)).onError(any());
+    inOrder.verify(rdsWatcher2, timeout(5000).times(1)).onError(any());
+    inOrder.verify(rdsWatcher3, timeout(5000).times(1)).onError(any());
+    verify(rdsWatcher, never()).onChanged(any());
+
+    // even after an error, a valid one will still work
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher2);
+    verify(ldsWatcher2, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+  }
+
+  @Test
+  public void both_down_restart_main() {
+    mainXdsServer.getServer().shutdownNow();
+    fallbackServer.getServer().shutdownNow();
+    xdsClient = xdsClientPool.getObject();
+
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+    verify(ldsWatcher, timeout(5000).atLeastOnce()).onError(any());
+    verify(ldsWatcher, timeout(5000).times(0)).onChanged(any());
+    xdsClient.watchXdsResource(
+        XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher2);
+    verify(rdsWatcher2, timeout(5000).atLeastOnce()).onError(any());
+
+    mainXdsServer.restartXdsServer();
+
+    xdsClient.watchXdsResource(
+        XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher);
+
+    verify(ldsWatcher, timeout(16000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+    verify(rdsWatcher, timeout(5000)).onChanged(any());
+    verify(rdsWatcher2, timeout(5000)).onChanged(any());
+  }
+
+  @Test
+  public void mainDown_fallbackUp_restart_main() {
+    mainXdsServer.getServer().shutdownNow();
+    fallbackServer.restartXdsServer();
+    xdsClient = xdsClientPool.getObject();
+    InOrder inOrder = inOrder(ldsWatcher, rdsWatcher, cdsWatcher, cdsWatcher2);
+
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+    inOrder.verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), FALLBACK_CLUSTER_NAME, cdsWatcher);
+    inOrder.verify(cdsWatcher, timeout(5000)).onChanged(any());
+
+    assertThat(fallbackServer.getService().getSubscriberCounts()
+        .get("type.googleapis.com/envoy.config.listener.v3.Listener")).isEqualTo(1);
+    verifyNoSubscribers(mainXdsServer);
+
+    mainXdsServer.restartXdsServer();
+
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher);
+    inOrder.verify(rdsWatcher, timeout(5000)).onChanged(any());
+    verifyNoSubscribers(fallbackServer);
+
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher2);
+    inOrder.verify(cdsWatcher2, timeout(5000)).onChanged(any());
+
+    verifyNoSubscribers(fallbackServer);
+    assertThat(mainXdsServer.getService().getSubscriberCounts()
+        .get("type.googleapis.com/envoy.config.listener.v3.Listener")).isEqualTo(1);
+  }
+
+  private static void verifyNoSubscribers(ControlPlaneRule rule) {
+    for (Map.Entry<String, Integer> me : rule.getService().getSubscriberCounts().entrySet()) {
+      String type = me.getKey();
+      Integer count = me.getValue();
+      assertWithMessage("Type with non-zero subscribers is: %s", type)
+          .that(count).isEqualTo(0);
+    }
+  }
+
+  // This test takes a long time because of the 16 sec timeout for non-existent resource
+  @Test
+  public void connect_then_mainServerDown_fallbackServerUp() throws InterruptedException {
+    mainXdsServer.restartXdsServer();
+    fallbackServer.restartXdsServer();
+    xdsClient = xdsClientPool.getObject();
+
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher);
+    verify(rdsWatcher, timeout(5000)).onChanged(any());
+
+    mainXdsServer.getServer().shutdownNow();
+    TimeUnit.SECONDS.sleep(5); // TODO(lsafran) Use FakeClock so test runs faster
+
+    // Shouldn't do fallback since all watchers are loaded
+    verify(ldsWatcher, never()).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
+
+    // Should just get from cache
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher2);
+    xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher2);
+    verify(ldsWatcher2, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher, never()).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
+    // Make sure that rdsWatcher wasn't called again
+    verify(rdsWatcher, times(1)).onChanged(any());
+    verify(rdsWatcher2, timeout(5000)).onChanged(any());
+
+    // Asking for something not in cache should force a fallback
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), FALLBACK_CLUSTER_NAME, cdsWatcher);
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher2, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
+    verify(cdsWatcher, timeout(16000)).onChanged(any());
+
+    xdsClient.watchXdsResource(
+        XdsRouteConfigureResource.getInstance(), FALLBACK_RDS_NAME, rdsWatcher3);
+    verify(rdsWatcher3, timeout(5000)).onChanged(any());
+
+    // Test that resource defined in main but not fallback is handled correctly
+    xdsClient.watchXdsResource(
+        XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher2);
+    verify(cdsWatcher2, timeout(16000)).onResourceDoesNotExist(eq(CLUSTER_NAME));
+  }
+
+  @Test
+  public void connect_then_mainServerRestart_fallbackServerdown() {
+    mainXdsServer.restartXdsServer();
+    xdsClient = xdsClientPool.getObject();
+
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+
+    mainXdsServer.getServer().shutdownNow();
+    fallbackServer.getServer().shutdownNow();
+
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher);
+
+    mainXdsServer.restartXdsServer();
+
+    verify(cdsWatcher, timeout(5000)).onChanged(any());
+    verify(ldsWatcher, timeout(5000).atLeastOnce()).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+  }
+
+  @Test
+  public void fallbackFromBadUrlToGoodOne() {
+    // Setup xdsClient to fail on stream creation
+    String garbageUri = "some. garbage";
+
+    String validUri = "localhost:" + mainXdsServer.getServer().getPort();
+    XdsClientImpl client = CommonBootstrapperTestUtils.createXdsClient(
+        Arrays.asList(garbageUri, validUri), DEFAULT_XDS_TRANSPORT_FACTORY, fakeClock,
+        new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
+
+    client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+    fakeClock.forwardTime(20, TimeUnit.SECONDS);
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(
+            MAIN_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher, never()).onError(any());
+
+    client.shutdown();
+  }
+
+  @Test
+  public void testGoodUrlFollowedByBadUrl() {
+    // Setup xdsClient to fail on stream creation
+    String garbageUri = "some. garbage";
+    String validUri = "localhost:" + mainXdsServer.getServer().getPort();
+
+    XdsClientImpl client = CommonBootstrapperTestUtils.createXdsClient(
+        Arrays.asList(validUri, garbageUri), DEFAULT_XDS_TRANSPORT_FACTORY, fakeClock,
+        new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
+
+    client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+    fakeClock.forwardTime(20, TimeUnit.SECONDS);
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(
+            MAIN_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher, never()).onError(any());
+
+    client.shutdown();
+  }
+
+  @Test
+  public void testTwoBadUrl()  {
+    // Setup xdsClient to fail on stream creation
+    String garbageUri1 = "some. garbage";
+    String garbageUri2 = "other garbage";
+
+    XdsClientImpl client = CommonBootstrapperTestUtils.createXdsClient(
+        Arrays.asList(garbageUri1, garbageUri2), DEFAULT_XDS_TRANSPORT_FACTORY, fakeClock,
+        new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
+
+    client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+    fakeClock.forwardTime(20, TimeUnit.SECONDS);
+    verify(ldsWatcher, Mockito.timeout(5000).atLeastOnce()).onError(errorCaptor.capture());
+    assertThat(errorCaptor.getValue().getDescription()).contains(garbageUri2);
+    verify(ldsWatcher, never()).onChanged(any());
+    client.shutdown();
+  }
+
+  private Bootstrapper.ServerInfo getLrsServerInfo(String target) {
+    for (Map.Entry<Bootstrapper.ServerInfo, LoadReportClient> entry
+        : xdsClient.getServerLrsClientMap().entrySet()) {
+      if (entry.getKey().target().equals(target)) {
+        return entry.getKey();
+      }
+    }
+    return null;
+  }
+
+  @Test
+  public void used_then_mainServerRestart_fallbackServerUp() {
+    xdsClient = xdsClientPool.getObject();
+
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
+
+    verify(ldsWatcher, timeout(5000)).onChanged(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+
+    mainXdsServer.restartXdsServer();
+
+    assertThat(getLrsServerInfo("localhost:" + fallbackServer.getServer().getPort())).isNull();
+    assertThat(getLrsServerInfo("localhost:" + mainXdsServer.getServer().getPort())).isNotNull();
+
+    xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher);
+
+    verify(cdsWatcher, timeout(5000)).onChanged(any());
+    assertThat(getLrsServerInfo("localhost:" + fallbackServer.getServer().getPort())).isNull();
+  }
+
+  private Map<String, ?> defaultBootstrapOverride() {
+    return ImmutableMap.of(
+        "node", ImmutableMap.of(
+            "id", UUID.randomUUID().toString(),
+            "cluster", CLUSTER_NAME),
+         "xds_servers", ImmutableList.of(
+            ImmutableMap.of(
+                "server_uri", "localhost:" + mainXdsServer.getServer().getPort(),
+                "channel_creds", Collections.singletonList(
+                    ImmutableMap.of("type", "insecure")
+                ),
+                "server_features", Collections.singletonList("xds_v3")
+            ),
+            ImmutableMap.of(
+                "server_uri", "localhost:" + fallbackServer.getServer().getPort(),
+                "channel_creds", Collections.singletonList(
+                    ImmutableMap.of("type", "insecure")
+                ),
+                "server_features", Collections.singletonList("xds_v3")
+            )
+        ),
+        "fallback-policy", "fallback"
+      );
+  }
+
+}
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index 590b6c79a10..6915ac6c13e 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -67,6 +67,7 @@
 import io.grpc.xds.XdsServerTestHelper.FakeXdsClient;
 import io.grpc.xds.XdsServerTestHelper.FakeXdsClientPoolFactory;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.internal.Matchers.HeaderMatcher;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestControlPlaneService.java b/xds/src/test/java/io/grpc/xds/XdsTestControlPlaneService.java
index cc12e3863ba..98f5fcbfef9 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestControlPlaneService.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestControlPlaneService.java
@@ -202,4 +202,12 @@ private DiscoveryResponse generateResponse(String resourceType, String version,
     }
     return responseBuilder.build();
   }
+
+  public Map<String, Integer> getSubscriberCounts() {
+    Map<String, Integer> subscriberCounts = new HashMap<>();
+    for (String type : subscribers.keySet()) {
+      subscriberCounts.put(type, subscribers.get(type).size());
+    }
+    return subscriberCounts;
+  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/CommonBootstrapperTestUtils.java b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
similarity index 65%
rename from xds/src/test/java/io/grpc/xds/CommonBootstrapperTestUtils.java
rename to xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
index 6a8eced298c..27a0d4ba1d9 100644
--- a/xds/src/test/java/io/grpc/xds/CommonBootstrapperTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
@@ -14,21 +14,46 @@
  * limitations under the License.
  */
 
-package io.grpc.xds;
+package io.grpc.xds.client;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import io.grpc.ChannelCredentials;
+import io.grpc.InsecureChannelCredentials;
+import io.grpc.internal.BackoffPolicy;
+import io.grpc.internal.FakeClock;
 import io.grpc.internal.JsonParser;
-import io.grpc.xds.client.Bootstrapper;
+import io.grpc.internal.TimeProvider;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
-import io.grpc.xds.client.EnvoyProtoData;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
+import io.grpc.xds.internal.security.TlsContextManagerImpl;
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
 
 public class CommonBootstrapperTestUtils {
+  private static final ChannelCredentials CHANNEL_CREDENTIALS = InsecureChannelCredentials.create();
+  private static final String SERVER_URI_CUSTOM_AUTHORITY = "trafficdirector2.googleapis.com";
+  private static final String SERVER_URI_EMPTY_AUTHORITY = "trafficdirector3.googleapis.com";
+
+  private static final long TIME_INCREMENT = TimeUnit.SECONDS.toNanos(1);
+
+  /** Fake time provider increments time TIME_INCREMENT each call. */
+  private static TimeProvider newTimeProvider() {
+    return new TimeProvider() {
+      private long count;
+
+      @Override
+      public long currentTimeNanos() {
+        return ++count * TIME_INCREMENT;
+      }
+    };
+  }
+
   private static final String FILE_WATCHER_CONFIG = "{\"path\": \"/etc/secret/certs\"}";
   private static final String MESHCA_CONFIG =
       "{\n"
@@ -145,4 +170,57 @@ public static Bootstrapper.BootstrapInfo buildBootstrapInfo(
         .certProviders(certProviders)
         .build();
   }
+
+  public static boolean setEnableXdsFallback(boolean target) {
+    boolean oldValue = BootstrapperImpl.enableXdsFallback;
+    BootstrapperImpl.enableXdsFallback = target;
+    return oldValue;
+  }
+
+  public static XdsClientImpl createXdsClient(List<String> serverUris,
+                                              XdsTransportFactory xdsTransportFactory,
+                                              FakeClock fakeClock,
+                                              BackoffPolicy.Provider backoffPolicyProvider,
+                                              MessagePrettyPrinter messagePrinter,
+                                              XdsClientMetricReporter xdsClientMetricReporter) {
+    Bootstrapper.BootstrapInfo bootstrapInfo = buildBootStrap(serverUris);
+    return new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        newTimeProvider(),
+        messagePrinter,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+  }
+
+  public static Bootstrapper.BootstrapInfo buildBootStrap(List<String> serverUris) {
+
+    List<ServerInfo> serverInfos = new ArrayList<>();
+    for (String uri : serverUris) {
+      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true));
+    }
+    EnvoyProtoData.Node node = EnvoyProtoData.Node.newBuilder().setId("node-id").build();
+
+    return Bootstrapper.BootstrapInfo.builder()
+        .servers(serverInfos)
+        .node(node)
+        .authorities(ImmutableMap.of(
+            "authority.xds.com",
+            Bootstrapper.AuthorityInfo.create(
+                "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
+                ImmutableList.of(Bootstrapper.ServerInfo.create(
+                    SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
+            "",
+            Bootstrapper.AuthorityInfo.create(
+                "xdstp:///envoy.config.listener.v3.Listener/%s",
+                ImmutableList.of(Bootstrapper.ServerInfo.create(
+                    SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+        .certProviders(ImmutableMap.of("cert-instance-name",
+            Bootstrapper.CertificateProviderInfo.create("file-watcher", ImmutableMap.of())))
+        .build();
+  }
+
 }
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
index 23e30883307..9c8340123da 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
@@ -28,9 +28,9 @@
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsCertificate;
 import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
-import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.internal.security.certprovider.CertProviderClientSslContextProviderFactory;
 import io.grpc.xds.internal.security.certprovider.CertificateProvider;
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
index fdfcd369937..955c812233a 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
@@ -45,12 +45,12 @@
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiators;
 import io.grpc.netty.ProtocolNegotiationEvent;
-import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.InternalXdsAttributes;
 import io.grpc.xds.TlsContextManager;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSecurityHandler;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSecurityProtocolNegotiator;
 import io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils;
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java
index c455385dae9..cf86b511f1f 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java
@@ -24,10 +24,10 @@
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
-import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.internal.security.certprovider.CertProviderServerSslContextProviderFactory;
 import io.grpc.xds.internal.security.certprovider.CertificateProvider;
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java
index 29d131cb8d7..035096a3528 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java
@@ -30,10 +30,10 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory;
 import org.junit.Rule;
 import org.junit.Test;
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
index 7c300c88297..b0800458d66 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
@@ -33,9 +33,9 @@
 import com.google.common.util.concurrent.MoreExecutors;
 import io.envoyproxy.envoy.config.core.v3.DataSource;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
-import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil.TestCallback;
 import java.util.Queue;
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java
index 82af7d1dc27..423829ff5af 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java
@@ -32,9 +32,9 @@
 import io.envoyproxy.envoy.config.core.v3.DataSource;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
-import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil.TestCallback;
 import io.grpc.xds.internal.security.certprovider.CertProviderClientSslContextProviderTest.QueuedExecutor;

From 6055adca5ad020bd4b2b724d15ebf98c8f3c0084 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 10 Dec 2024 12:53:24 -0800
Subject: [PATCH 106/591] core: Simplify DnsNameResolver by using ObjectPool

ObjectPool is our standard solution for dealing with the
sometimes-shutdown resources. This was implemented by a contributor not
familiar with regular tools.

There are wider changes that can be made here, but I chose to just do a
smaller change because this class is used by GrpclbNameResolver.
---
 .../io/grpc/internal/DnsNameResolver.java     | 26 +++++++++----------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DnsNameResolver.java b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
index b59de833d7c..6f1cf4cd900 100644
--- a/core/src/main/java/io/grpc/internal/DnsNameResolver.java
+++ b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
@@ -134,10 +134,10 @@ public class DnsNameResolver extends NameResolver {
   private final String host;
   private final int port;
 
-  /** Executor that will be used if an Executor is not provide via {@link NameResolver.Args}. */
-  private final Resource<Executor> executorResource;
+  private final ObjectPool<Executor> executorPool;
   private final long cacheTtlNanos;
   private final SynchronizationContext syncContext;
+  private final ServiceConfigParser serviceConfigParser;
 
   // Following fields must be accessed from syncContext
   private final Stopwatch stopwatch;
@@ -145,10 +145,6 @@ public class DnsNameResolver extends NameResolver {
   private boolean shutdown;
   private Executor executor;
 
-  /** True if using an executor resource that should be released after use. */
-  private final boolean usingExecutorResource;
-  private final ServiceConfigParser serviceConfigParser;
-
   private boolean resolving;
 
   // The field must be accessed from syncContext, although the methods on an Listener2 can be called
@@ -165,7 +161,7 @@ protected DnsNameResolver(
     checkNotNull(args, "args");
     // TODO: if a DNS server is provided as nsAuthority, use it.
     // https://www.captechconsulting.com/blogs/accessing-the-dusty-corners-of-dns-with-java
-    this.executorResource = executorResource;
+
     // Must prepend a "//" to the name when constructing a URI, otherwise it will be treated as an
     // opaque URI, thus the authority and host of the resulted URI would be null.
     URI nameUri = URI.create("//" + checkNotNull(name, "name"));
@@ -179,11 +175,15 @@ protected DnsNameResolver(
       port = nameUri.getPort();
     }
     this.proxyDetector = checkNotNull(args.getProxyDetector(), "proxyDetector");
+    Executor offloadExecutor = args.getOffloadExecutor();
+    if (offloadExecutor != null) {
+      this.executorPool = new FixedObjectPool<>(offloadExecutor);
+    } else {
+      this.executorPool = SharedResourcePool.forResource(executorResource);
+    }
     this.cacheTtlNanos = getNetworkAddressCacheTtlNanos(isAndroid);
     this.stopwatch = checkNotNull(stopwatch, "stopwatch");
     this.syncContext = checkNotNull(args.getSynchronizationContext(), "syncContext");
-    this.executor = args.getOffloadExecutor();
-    this.usingExecutorResource = executor == null;
     this.serviceConfigParser = checkNotNull(args.getServiceConfigParser(), "serviceConfigParser");
   }
 
@@ -200,9 +200,7 @@ protected String getHost() {
   @Override
   public void start(Listener2 listener) {
     Preconditions.checkState(this.listener == null, "already started");
-    if (usingExecutorResource) {
-      executor = SharedResourceHolder.get(executorResource);
-    }
+    executor = executorPool.getObject();
     this.listener = checkNotNull(listener, "listener");
     resolve();
   }
@@ -413,8 +411,8 @@ public void shutdown() {
       return;
     }
     shutdown = true;
-    if (executor != null && usingExecutorResource) {
-      executor = SharedResourceHolder.release(executorResource, executor);
+    if (executor != null) {
+      executor = executorPool.returnObject(executor);
     }
   }
 

From f1109e421534108f482ae5022f47fe6cd5a83871 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 10 Dec 2024 15:21:15 -0800
Subject: [PATCH 107/591] examples: Simplify graceful shutdown in Hostname
 example

I've slept since I wrote the original code, so now I see a less
repetitive implementation.
---
 .../grpc/examples/hostname/HostnameServer.java | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/examples/example-hostname/src/main/java/io/grpc/examples/hostname/HostnameServer.java b/examples/example-hostname/src/main/java/io/grpc/examples/hostname/HostnameServer.java
index ca38c7cdc7b..7baa2d4733d 100644
--- a/examples/example-hostname/src/main/java/io/grpc/examples/hostname/HostnameServer.java
+++ b/examples/example-hostname/src/main/java/io/grpc/examples/hostname/HostnameServer.java
@@ -64,17 +64,17 @@ public void run() {
         // Start graceful shutdown
         server.shutdown();
         try {
-          // Wait for RPCs to complete processing
-          if (!server.awaitTermination(30, TimeUnit.SECONDS)) {
-            // That was plenty of time. Let's cancel the remaining RPCs
-            server.shutdownNow();
-            // shutdownNow isn't instantaneous, so give a bit of time to clean resources up
-            // gracefully. Normally this will be well under a second.
-            server.awaitTermination(5, TimeUnit.SECONDS);
-          }
+          // Wait up to 30 seconds for RPCs to complete processing.
+          server.awaitTermination(30, TimeUnit.SECONDS);
         } catch (InterruptedException ex) {
-          server.shutdownNow();
+          Thread.currentThread().interrupt();
         }
+        // Cancel any remaining RPCs. If awaitTermination() returned true above, then there are no
+        // RPCs and the server is already terminated. But it is safe to call even when terminated.
+        server.shutdownNow();
+        // shutdownNow isn't instantaneous, so you want an additional awaitTermination() to give
+        // time to clean resources up gracefully. Normally it will return in well under a second. In
+        // this example, the server.awaitTermination() in main() provides that delay.
       }
     });
     // This would normally be tied to the service's dependencies. For example, if HostnameGreeter

From 486b8ba67f914f7f46f3549b48abe2c1ea2cc5d8 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Wed, 11 Dec 2024 17:48:19 -0800
Subject: [PATCH 108/591] Fix tsan error (#11742)

Eliminate unneeded fakeClock.forwardTime() that was causing the conflict.
---
 xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index 6df27db0450..39379d43aba 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -428,7 +428,7 @@ public void fallbackFromBadUrlToGoodOne() {
 
   @Test
   public void testGoodUrlFollowedByBadUrl() {
-    // Setup xdsClient to fail on stream creation
+    // xdsClient should succeed in stream creation as it doesn't need to use the bad url
     String garbageUri = "some. garbage";
     String validUri = "localhost:" + mainXdsServer.getServer().getPort();
 
@@ -437,7 +437,6 @@ public void testGoodUrlFollowedByBadUrl() {
         new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
 
     client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
-    fakeClock.forwardTime(20, TimeUnit.SECONDS);
     verify(ldsWatcher, timeout(5000)).onChanged(
         XdsListenerResource.LdsUpdate.forApiListener(
             MAIN_HTTP_CONNECTION_MANAGER));

From 3b39a83621626c844b16e64ec6389511903ee075 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Fri, 13 Dec 2024 18:09:30 -0800
Subject: [PATCH 109/591] Add cfg for java psm-interop fallback test (#11743)

---
 buildscripts/kokoro/psm-fallback.cfg | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 buildscripts/kokoro/psm-fallback.cfg

diff --git a/buildscripts/kokoro/psm-fallback.cfg b/buildscripts/kokoro/psm-fallback.cfg
new file mode 100644
index 00000000000..7335d1d9fd9
--- /dev/null
+++ b/buildscripts/kokoro/psm-fallback.cfg
@@ -0,0 +1,17 @@
+# Config file for internal CI
+
+# Location of the continuous shell script in repository.
+build_file: "grpc-java/buildscripts/kokoro/psm-interop-test-java.sh"
+timeout_mins: 120
+
+action {
+  define_artifacts {
+    regex: "artifacts/**/*sponge_log.xml"
+    regex: "artifacts/**/*.log"
+    strip_prefix: "artifacts"
+  }
+}
+env_vars {
+  key: "PSM_TEST_SUITE"
+  value: "fallback"
+}

From e8ff6da2cf57a39a62497e9f317e6976b5bfb98c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 13 Dec 2024 15:54:19 -0800
Subject: [PATCH 110/591] xds: Unexpected types in server_features should be
 ignored

It was clearly defined in gRFC A30. The relevant text was copied as a
comment in the code.

As discovered due to grpc/grpc-go#7932
---
 .../io/grpc/xds/client/BootstrapperImpl.java  |  4 +++-
 .../io/grpc/xds/GrpcBootstrapperImplTest.java | 20 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index a48313fd21e..dffe19f9256 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -248,7 +248,9 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
       Object implSpecificConfig = getImplSpecificConfig(serverConfig, serverUri);
 
       boolean ignoreResourceDeletion = false;
-      List<String> serverFeatures = JsonUtil.getListOfStrings(serverConfig, "server_features");
+      // "For forward compatibility reasons, the client will ignore any entry in the list that it
+      // does not understand, regardless of type."
+      List<?> serverFeatures = JsonUtil.getList(serverConfig, "server_features");
       if (serverFeatures != null) {
         logger.log(XdsLogLevel.INFO, "Server features: {0}", serverFeatures);
         ignoreResourceDeletion = serverFeatures.contains(SERVER_FEATURE_IGNORE_RESOURCE_DELETION);
diff --git a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
index d2a9bf3316d..192d88177eb 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
@@ -676,6 +676,26 @@ public void serverFeatureIgnoreResourceDeletion_xdsV3() throws XdsInitialization
     assertThat(serverInfo.ignoreResourceDeletion()).isTrue();
   }
 
+  @Test
+  public void serverFeatures_ignoresUnknownValues() throws XdsInitializationException {
+    String rawData = "{\n"
+        + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [\n"
+        + "        {\"type\": \"insecure\"}\n"
+        + "      ],\n"
+        + "      \"server_features\": [null, {}, 3, true, \"unexpected\", \"trusted_xds_server\"]\n"
+        + "    }\n"
+        + "  ]\n"
+        + "}";
+
+    bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
+    BootstrapInfo info = bootstrapper.bootstrap();
+    ServerInfo serverInfo = Iterables.getOnlyElement(info.servers());
+    assertThat(serverInfo.isTrustedXdsServer()).isTrue();
+  }
+
   @Test
   public void notFound() {
     bootstrapper.bootstrapPathFromEnvVar = null;

From a0982ca0a156f26457df087b41d00e2c6369dcbe Mon Sep 17 00:00:00 2001
From: ZachChuba <49295341+ZachChuba@users.noreply.github.com>
Date: Mon, 16 Dec 2024 16:31:36 -0500
Subject: [PATCH 111/591] fix security issue with okhttp (#11749)

* Validate that hostname is ascii in OkHostnameVerifier.java
---
 .../okhttp/internal/OkHostnameVerifier.java   | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/okhttp/third_party/okhttp/main/java/io/grpc/okhttp/internal/OkHostnameVerifier.java b/okhttp/third_party/okhttp/main/java/io/grpc/okhttp/internal/OkHostnameVerifier.java
index 34bb56ee2d6..f6efb2d90e7 100644
--- a/okhttp/third_party/okhttp/main/java/io/grpc/okhttp/internal/OkHostnameVerifier.java
+++ b/okhttp/third_party/okhttp/main/java/io/grpc/okhttp/internal/OkHostnameVerifier.java
@@ -29,10 +29,13 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.regex.Pattern;
+import java.nio.charset.StandardCharsets;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSession;
 import javax.security.auth.x500.X500Principal;
+import com.google.common.base.Utf8;
+import com.google.common.base.Ascii;
 
 /**
  * A HostnameVerifier consistent with <a
@@ -63,6 +66,9 @@ private OkHostnameVerifier() {
 
   @Override
   public boolean verify(String host, SSLSession session) {
+    if (!isAscii(host)) {
+      return false;
+    }
     try {
       Certificate[] certificates = session.getPeerCertificates();
       return verify(host, (X509Certificate) certificates[0]);
@@ -71,7 +77,7 @@ public boolean verify(String host, SSLSession session) {
     }
   }
 
-  public boolean verify(String host, X509Certificate certificate) {
+  private boolean verify(String host, X509Certificate certificate) {
     return verifyAsIpAddress(host)
         ? verifyIpAddress(host, certificate)
         : verifyHostName(host, certificate);
@@ -98,7 +104,7 @@ private boolean verifyIpAddress(String ipAddress, X509Certificate certificate) {
    * Returns true if {@code certificate} matches {@code hostName}.
    */
   private boolean verifyHostName(String hostName, X509Certificate certificate) {
-    hostName = hostName.toLowerCase(Locale.US);
+    hostName = Ascii.toLowerCase(hostName);
     boolean hasDns = false;
     List<String> altNames = getSubjectAltNames(certificate, ALT_DNS_NAME);
     for (int i = 0, size = altNames.size(); i < size; i++) {
@@ -198,7 +204,7 @@ private boolean verifyHostName(String hostName, String pattern) {
     }
     // hostName and pattern are now absolute domain names.
 
-    pattern = pattern.toLowerCase(Locale.US);
+    pattern = Ascii.toLowerCase(pattern);
     // hostName and pattern are now in lower case -- domain names are case-insensitive.
 
     if (!pattern.contains("*")) {
@@ -254,4 +260,13 @@ private boolean verifyHostName(String hostName, String pattern) {
     // hostName matches pattern
     return true;
   }
+
+  /**
+   * Returns true if {@code input} is an ASCII string.
+   * @param input the string to check.
+   */
+  private static boolean isAscii(String input) {
+    // Only ASCII characters are 1 byte in UTF-8.
+    return Utf8.encodedLength(input) == input.length();
+  }
 }

From fe752a290e30c575bbb532d114080f149272ca23 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 16 Dec 2024 07:27:37 -0800
Subject: [PATCH 112/591] xds: Move specialized APIs out of XdsResourceType

StructOrError is a more generic API, but we have StatusOr now so we
don't want new usages of StructOrError. Moving StructOrError out of
io.grpc.xds.client will make it easier to delete StructOrError once
we've migrated to StatusOr in the future.

TRANSPORT_SOCKET_NAME_TLS should also move, but it wasn't immediately
clear to me where it should go.
---
 .../main/java/io/grpc/xds/StructOrError.java  | 72 +++++++++++++++++++
 .../java/io/grpc/xds/XdsClusterResource.java  |  2 +
 .../grpc/xds/XdsRouteConfigureResource.java   |  2 +
 .../io/grpc/xds/client/XdsResourceType.java   | 54 --------------
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |  3 +-
 5 files changed, 77 insertions(+), 56 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/StructOrError.java

diff --git a/xds/src/main/java/io/grpc/xds/StructOrError.java b/xds/src/main/java/io/grpc/xds/StructOrError.java
new file mode 100644
index 00000000000..14f008d191e
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/StructOrError.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.annotations.VisibleForTesting;
+import javax.annotation.Nullable;
+
+/** An object or a String error. */
+final class StructOrError<T> {
+
+  /**
+  * Returns a {@link StructOrError} for the successfully converted data object.
+  */
+  public static <T> StructOrError<T> fromStruct(T struct) {
+    return new StructOrError<>(struct);
+  }
+
+  /**
+   * Returns a {@link StructOrError} for the failure to convert the data object.
+   */
+  public static <T> StructOrError<T> fromError(String errorDetail) {
+    return new StructOrError<>(errorDetail);
+  }
+
+  private final String errorDetail;
+  private final T struct;
+
+  private StructOrError(T struct) {
+    this.struct = checkNotNull(struct, "struct");
+    this.errorDetail = null;
+  }
+
+  private StructOrError(String errorDetail) {
+    this.struct = null;
+    this.errorDetail = checkNotNull(errorDetail, "errorDetail");
+  }
+
+  /**
+   * Returns struct if exists, otherwise null.
+   */
+  @VisibleForTesting
+  @Nullable
+  public T getStruct() {
+    return struct;
+  }
+
+  /**
+   * Returns error detail if exists, otherwise null.
+   */
+  @VisibleForTesting
+  @Nullable
+  public String getErrorDetail() {
+    return errorDetail;
+  }
+}
+
diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index c7789f3d7dd..e1645063c48 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -67,6 +67,8 @@ class XdsClusterResource extends XdsResourceType<CdsUpdate> {
   static final String AGGREGATE_CLUSTER_TYPE_NAME = "envoy.clusters.aggregate";
   static final String ADS_TYPE_URL_CDS =
       "type.googleapis.com/envoy.config.cluster.v3.Cluster";
+  private static final String TYPE_URL_CLUSTER_CONFIG =
+      "type.googleapis.com/envoy.extensions.clusters.aggregate.v3.ClusterConfig";
   private static final String TYPE_URL_UPSTREAM_TLS_CONTEXT =
       "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext";
   private static final String TYPE_URL_UPSTREAM_TLS_CONTEXT_V2 =
diff --git a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
index 0e065c6ba9a..587c7a437ad 100644
--- a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
@@ -78,6 +78,8 @@ class XdsRouteConfigureResource extends XdsResourceType<RdsUpdate> {
       "type.googleapis.com/envoy.config.route.v3.RouteConfiguration";
   private static final String TYPE_URL_FILTER_CONFIG =
       "type.googleapis.com/envoy.config.route.v3.FilterConfig";
+  @VisibleForTesting
+  static final String HASH_POLICY_FILTER_STATE_KEY = "io.grpc.channel_id";
   // TODO(zdapeng): need to discuss how to handle unsupported values.
   private static final Set<Status.Code> SUPPORTED_RETRYABLE_CODES =
       Collections.unmodifiableSet(EnumSet.of(
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsResourceType.java b/xds/src/main/java/io/grpc/xds/client/XdsResourceType.java
index 8c3d31604e4..ccb622ff168 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsResourceType.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsResourceType.java
@@ -20,7 +20,6 @@
 import static io.grpc.xds.client.XdsClient.canonifyResourceName;
 import static io.grpc.xds.client.XdsClient.isResourceNameValid;
 
-import com.google.common.annotations.VisibleForTesting;
 import com.google.protobuf.Any;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
@@ -41,11 +40,7 @@ public abstract class XdsResourceType<T extends ResourceUpdate> {
   static final String TYPE_URL_RESOURCE =
       "type.googleapis.com/envoy.service.discovery.v3.Resource";
   protected static final String TRANSPORT_SOCKET_NAME_TLS = "envoy.transport_sockets.tls";
-  @VisibleForTesting
-  public static final String HASH_POLICY_FILTER_STATE_KEY = "io.grpc.channel_id";
 
-  protected static final String TYPE_URL_CLUSTER_CONFIG =
-      "type.googleapis.com/envoy.extensions.clusters.aggregate.v3.ClusterConfig";
   protected static final String TYPE_URL_TYPED_STRUCT_UDPA =
       "type.googleapis.com/udpa.type.v1.TypedStruct";
   protected static final String TYPE_URL_TYPED_STRUCT =
@@ -249,53 +244,4 @@ public ValidatedResourceUpdate(Map<String, ParsedResource<T>> parsedResources,
       this.errors = errors;
     }
   }
-
-  @VisibleForTesting
-  public static final class StructOrError<T> {
-
-    /**
-    * Returns a {@link StructOrError} for the successfully converted data object.
-    */
-    public static <T> StructOrError<T> fromStruct(T struct) {
-      return new StructOrError<>(struct);
-    }
-
-    /**
-     * Returns a {@link StructOrError} for the failure to convert the data object.
-     */
-    public static <T> StructOrError<T> fromError(String errorDetail) {
-      return new StructOrError<>(errorDetail);
-    }
-
-    private final String errorDetail;
-    private final T struct;
-
-    private StructOrError(T struct) {
-      this.struct = checkNotNull(struct, "struct");
-      this.errorDetail = null;
-    }
-
-    private StructOrError(String errorDetail) {
-      this.struct = null;
-      this.errorDetail = checkNotNull(errorDetail, "errorDetail");
-    }
-
-    /**
-     * Returns struct if exists, otherwise null.
-     */
-    @VisibleForTesting
-    @Nullable
-    public T getStruct() {
-      return struct;
-    }
-
-    /**
-     * Returns error detail if exists, otherwise null.
-     */
-    @VisibleForTesting
-    @Nullable
-    public String getErrorDetail() {
-      return errorDetail;
-    }
-  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index b0ef0131a6d..6b905c4e2ba 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -140,7 +140,6 @@
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.client.XdsResourceType.ResourceInvalidException;
-import io.grpc.xds.client.XdsResourceType.StructOrError;
 import io.grpc.xds.internal.Matchers;
 import io.grpc.xds.internal.Matchers.FractionMatcher;
 import io.grpc.xds.internal.Matchers.HeaderMatcher;
@@ -939,7 +938,7 @@ public void parseRouteAction_withHashPolicies() {
                 io.envoyproxy.envoy.config.route.v3.RouteAction.HashPolicy.newBuilder()
                     .setFilterState(
                         FilterState.newBuilder()
-                            .setKey(XdsResourceType.HASH_POLICY_FILTER_STATE_KEY)))
+                            .setKey(XdsRouteConfigureResource.HASH_POLICY_FILTER_STATE_KEY)))
             .addHashPolicy(
                 io.envoyproxy.envoy.config.route.v3.RouteAction.HashPolicy.newBuilder()
                     .setQueryParameter(

From 8a5f7776dba4bc126614c04a52879bccdc11c070 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 16 Dec 2024 15:59:10 -0800
Subject: [PATCH 113/591] .github/workflows: Stop testing Bazel 6

Bazel 8 is now out. We support the two most recent releases.

FWIW, I have compiled with Bazel 8 and didn't experience any problems.
---
 .github/workflows/testing.yml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index d68d85eb0cd..8c934f24f3e 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -79,14 +79,9 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        include:
-          # Test with and without bzlmod. Bazel 6 doesn't support bzlmod, so use Bazel 7 instead
-          - bazel: 6.0.0
-            bzlmod: false
-          - bazel: 7.0.0
-            bzlmod: true
+        bzlmod: [true, false]
     env:
-      USE_BAZEL_VERSION: ${{ matrix.bazel }}
+      USE_BAZEL_VERSION: 7.0.0
 
     steps:
     - uses: actions/checkout@v4

From f8f613984fe1c57171977e948315449e3d013ebc Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Tue, 17 Dec 2024 05:37:22 +0000
Subject: [PATCH 114/591] xds: fixed unsupported unsigned 32 bits issue for
 circuit breaker (#11735)

Added change for circuit breaking by converting signed 32-bit Int to Unsigned 64-bit Long For MaxRequest negative value ( -1)

Fixes #11695
---
 .../java/io/grpc/xds/XdsClusterResource.java  |  2 +-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index e1645063c48..1afe865d10a 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -215,7 +215,7 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
           continue;
         }
         if (threshold.hasMaxRequests()) {
-          maxConcurrentRequests = (long) threshold.getMaxRequests().getValue();
+          maxConcurrentRequests = Integer.toUnsignedLong(threshold.getMaxRequests().getValue());
         }
       }
     }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index b326eb7d02d..f1c114673b5 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -4001,6 +4001,25 @@ public void sendToBadUrl() throws Exception {
     client.shutdown();
   }
 
+  @Test
+  public void circuitBreakingConversionOf32bitIntTo64bitLongForMaxRequestNegativeValue() {
+    DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
+        cdsResourceWatcher);
+    Any clusterCircuitBreakers = Any.pack(
+        mf.buildEdsCluster(CDS_RESOURCE, null, "round_robin", null, null, false, null,
+            "envoy.transport_sockets.tls", mf.buildCircuitBreakers(50, -1), null));
+    call.sendResponse(CDS, clusterCircuitBreakers, VERSION_1, "0000");
+
+    // Client sent an ACK CDS request.
+    call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
+    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
+    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+
+    assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
+    assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.EDS);
+    assertThat(cdsUpdate.maxConcurrentRequests()).isEqualTo(4294967295L);
+  }
+
   @Test
   public void sendToNonexistentServer() throws Exception {
     // Setup xdsClient to fail on stream creation

From 8ea36293780a49d5cbcb3424e27357caa353d73a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 19 Dec 2024 07:54:54 -0800
Subject: [PATCH 115/591] Re-enable animalsniffer, fixing violations

In 61f19d707a I swapped the signatures to use the version catalog. But I
failed to preserve the `@signature` extension and it all seemed to
work... But in fact all the animalsniffer tasks were completing as
SKIPPED as they lacked signatures. The build.gradle changes in this
commit are to fix that while still using version catalog.

But while it was broken violations crept in. Most violations weren't
too important and we're not surprised went unnoticed. For example, Netty
with TLS has long required the Java 8 API
`setEndpointIdentificationAlgorithm()`, so using `Optional` in the same
code path didn't harm anything in particular. I still swapped it to
Guava's `Optional` to avoid overuse of `@IgnoreJRERequirement`.

One important violation has not been fixed and instead I've disabled the
android signature in api/build.gradle for the moment.  The violation is
in StatusException using the `fillInStackTrace` overload of Exception.
This problem [had been noticed][PR11066], but we couldn't figure out
what was going on. AnimalSniffer is now noticing this and agreeing with
the internal linter. There is still a question of why our interop tests
failed to notice this, but given they are no longer running on pre-API
level 24, that may forever be a mystery.

[PR11066]: https://github.com/grpc/grpc-java/pull/11066
---
 alts/build.gradle                             |  6 ++++-
 api/BUILD.bazel                               |  1 +
 api/build.gradle                              | 15 +++++++++--
 api/src/main/java/io/grpc/TimeUtils.java      |  2 ++
 .../test/java/io/grpc/CallOptionsTest.java    |  2 ++
 .../io/grpc/SynchronizationContextTest.java   |  5 +++-
 api/src/test/java/io/grpc/TimeUtilsTest.java  |  4 ++-
 auth/build.gradle                             | 12 +++++++--
 authz/build.gradle                            |  6 ++++-
 benchmarks/build.gradle                       |  6 ++++-
 census/build.gradle                           | 12 +++++++--
 contextstorage/build.gradle                   | 12 +++++++--
 core/build.gradle                             | 12 +++++++--
 .../java/io/grpc/internal/SpiffeUtil.java     |  9 +++----
 .../internal/ConcurrentTimeProviderTest.java  |  7 ++---
 .../internal/InstantTimeProviderTest.java     |  2 ++
 .../grpc/internal/ManagedChannelImplTest.java |  7 +++--
 .../java/io/grpc/internal/SpiffeUtilTest.java | 27 +++++++++++--------
 gae-interop-testing/gae-jdk8/build.gradle     |  6 ++++-
 gcp-csm-observability/build.gradle            |  6 ++++-
 gcp-observability/build.gradle                |  6 ++++-
 gcp-observability/interop/build.gradle        |  6 ++++-
 googleapis/build.gradle                       |  6 ++++-
 grpclb/build.gradle                           |  6 ++++-
 inprocess/build.gradle                        | 12 +++++++--
 interop-testing/build.gradle                  | 12 +++++++--
 .../testing/integration/XdsTestClient.java    |  2 ++
 .../testing/integration/XdsTestServer.java    |  2 ++
 istio-interop-testing/build.gradle            |  6 ++++-
 netty/BUILD.bazel                             |  1 +
 netty/build.gradle                            | 12 +++++++--
 netty/shaded/build.gradle                     | 12 +++++++--
 .../netty/InternalProtocolNegotiators.java    |  6 ++---
 .../io/grpc/netty/NettyChannelBuilder.java    |  4 +--
 .../io/grpc/netty/ProtocolNegotiators.java    |  6 +++--
 .../netty/NettyAdaptiveCumulatorTest.java     |  3 +--
 .../io/grpc/netty/NettyClientStreamTest.java  | 11 +++++---
 .../grpc/netty/NettyClientTransportTest.java  |  4 +--
 .../io/grpc/netty/NettyServerStreamTest.java  | 20 +++++++-------
 .../grpc/netty/ProtocolNegotiatorsTest.java   | 12 ++++-----
 okhttp/build.gradle                           | 12 +++++++--
 opentelemetry/build.gradle                    |  7 +++--
 protobuf-lite/build.gradle                    | 12 +++++++--
 protobuf/build.gradle                         | 12 +++++++--
 rls/build.gradle                              |  6 ++++-
 s2a/build.gradle                              |  6 ++++-
 .../S2AProtocolNegotiatorFactory.java         |  4 +--
 services/build.gradle                         |  6 ++++-
 stub/BUILD.bazel                              |  1 +
 stub/build.gradle                             | 12 +++++++--
 .../main/java/io/grpc/stub/AbstractStub.java  |  2 ++
 .../java/io/grpc/stub/AbstractStubTest.java   |  2 ++
 testing-proto/build.gradle                    |  6 ++++-
 testing/build.gradle                          | 12 +++++++--
 util/build.gradle                             | 12 +++++++--
 .../util/OutlierDetectionLoadBalancer.java    |  6 ++++-
 .../util/AdvancedTlsX509TrustManagerTest.java |  2 ++
 xds/build.gradle                              |  6 ++++-
 58 files changed, 329 insertions(+), 105 deletions(-)

diff --git a/alts/build.gradle b/alts/build.gradle
index de93c90546f..3e472d9cea6 100644
--- a/alts/build.gradle
+++ b/alts/build.gradle
@@ -44,7 +44,11 @@ dependencies {
             classifier = "linux-x86_64"
         }
     }
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 configureProtoCompilation()
diff --git a/api/BUILD.bazel b/api/BUILD.bazel
index 6bf3375e9f0..34e8de95335 100644
--- a/api/BUILD.bazel
+++ b/api/BUILD.bazel
@@ -13,5 +13,6 @@ java_library(
         artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:failureaccess"),  # future transitive dep of Guava. See #5214
         artifact("com.google.guava:guava"),
+        artifact("org.codehaus.mojo:animal-sniffer-annotations"),
     ],
 )
diff --git a/api/build.gradle b/api/build.gradle
index 1d21c7bdcb6..4edfba7c0d8 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -36,6 +36,7 @@ tasks.named("jar").configure {
 dependencies {
     compileOnly sourceSets.context.output
     api libraries.jsr305,
+            libraries.animalsniffer.annotations,
             libraries.errorprone.annotations
     implementation libraries.guava
 
@@ -48,8 +49,18 @@ dependencies {
     testImplementation project(':grpc-testing')
     testImplementation libraries.guava.testlib
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    // TODO: Temporarily disabled until StatusException is fixed.
+    // Context: https://github.com/grpc/grpc-java/pull/11066
+    //signature (libraries.signature.android) {
+    //    artifact {
+    //        extension = "signature"
+    //    }
+    //}
 }
 
 tasks.named("javadoc").configure {
diff --git a/api/src/main/java/io/grpc/TimeUtils.java b/api/src/main/java/io/grpc/TimeUtils.java
index c3031f13d94..c3cdf843d79 100644
--- a/api/src/main/java/io/grpc/TimeUtils.java
+++ b/api/src/main/java/io/grpc/TimeUtils.java
@@ -17,10 +17,12 @@
 package io.grpc;
 
 import java.time.Duration;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 final class TimeUtils {
   private TimeUtils() {}
 
+  @IgnoreJRERequirement
   static long convertToNanos(Duration duration) {
     try {
       return duration.toNanos();
diff --git a/api/src/test/java/io/grpc/CallOptionsTest.java b/api/src/test/java/io/grpc/CallOptionsTest.java
index d74c74ccd66..051c1b2d851 100644
--- a/api/src/test/java/io/grpc/CallOptionsTest.java
+++ b/api/src/test/java/io/grpc/CallOptionsTest.java
@@ -34,6 +34,7 @@
 import io.grpc.internal.SerializingExecutor;
 import java.time.Duration;
 import java.util.concurrent.Executor;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -152,6 +153,7 @@ public void withDeadlineAfter() {
   }
 
   @Test
+  @IgnoreJRERequirement
   public void withDeadlineAfterDuration() {
     Deadline actual = CallOptions.DEFAULT.withDeadlineAfter(Duration.ofMinutes(1L)).getDeadline();
     Deadline expected = Deadline.after(1, MINUTES);
diff --git a/api/src/test/java/io/grpc/SynchronizationContextTest.java b/api/src/test/java/io/grpc/SynchronizationContextTest.java
index f0797df227e..d063c58a978 100644
--- a/api/src/test/java/io/grpc/SynchronizationContextTest.java
+++ b/api/src/test/java/io/grpc/SynchronizationContextTest.java
@@ -36,6 +36,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.Test;
@@ -248,6 +249,7 @@ public void schedule() {
   }
 
   @Test
+  @IgnoreJRERequirement
   public void scheduleDuration() {
     MockScheduledExecutorService executorService = new MockScheduledExecutorService();
     ScheduledHandle handle =
@@ -265,6 +267,7 @@ public void scheduleDuration() {
   }
 
   @Test
+  @IgnoreJRERequirement
   public void scheduleWithFixedDelayDuration() {
     MockScheduledExecutorService executorService = new MockScheduledExecutorService();
     ScheduledHandle handle =
@@ -402,4 +405,4 @@ static class MockScheduledExecutorService extends ForwardingScheduledExecutorSer
       return future = super.scheduleWithFixedDelay(command, intialDelay, delay, unit);
     }
   }
-}
\ No newline at end of file
+}
diff --git a/api/src/test/java/io/grpc/TimeUtilsTest.java b/api/src/test/java/io/grpc/TimeUtilsTest.java
index 4faaa9cbf6d..75c0437ce26 100644
--- a/api/src/test/java/io/grpc/TimeUtilsTest.java
+++ b/api/src/test/java/io/grpc/TimeUtilsTest.java
@@ -19,12 +19,14 @@
 import static org.junit.Assert.assertEquals;
 
 import java.time.Duration;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
 /** Unit tests for {@link TimeUtils}. */
 @RunWith(JUnit4.class)
+@IgnoreJRERequirement
 public class TimeUtilsTest {
 
   @Test
@@ -56,4 +58,4 @@ public void testConvertTooLargeNegativeDuration() {
 
     assertEquals(Long.MIN_VALUE, TimeUtils.convertToNanos(duration));
   }
-}
\ No newline at end of file
+}
diff --git a/auth/build.gradle b/auth/build.gradle
index 78bb720601b..d56802c14ca 100644
--- a/auth/build.gradle
+++ b/auth/build.gradle
@@ -22,6 +22,14 @@ dependencies {
             project(':grpc-core'),
             project(":grpc-context"), // Override google-auth dependency with our newer version
             libraries.google.auth.oauth2Http
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
diff --git a/authz/build.gradle b/authz/build.gradle
index 60c86ca0dba..b72088bfbaa 100644
--- a/authz/build.gradle
+++ b/authz/build.gradle
@@ -26,7 +26,11 @@ dependencies {
     shadow configurations.implementation.getDependencies().minus([xdsDependency])
     shadow project(path: ':grpc-xds', configuration: 'shadow')
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("jar").configure {
diff --git a/benchmarks/build.gradle b/benchmarks/build.gradle
index d00c0d76ebe..bf043106050 100644
--- a/benchmarks/build.gradle
+++ b/benchmarks/build.gradle
@@ -43,7 +43,11 @@ dependencies {
     testImplementation libraries.junit,
             libraries.mockito.core
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 import net.ltgt.gradle.errorprone.CheckSeverity
diff --git a/census/build.gradle b/census/build.gradle
index c1dc53e4c05..0993488ff83 100644
--- a/census/build.gradle
+++ b/census/build.gradle
@@ -27,8 +27,16 @@ dependencies {
             project(':grpc-testing'),
             libraries.opencensus.impl
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("javadoc").configure {
diff --git a/contextstorage/build.gradle b/contextstorage/build.gradle
index 39ea003d462..b1e78ea0e17 100644
--- a/contextstorage/build.gradle
+++ b/contextstorage/build.gradle
@@ -16,8 +16,16 @@ dependencies {
             libraries.assertj.core
     testImplementation 'junit:junit:4.13.1'// opentelemetry.sdk.testing uses compileOnly for assertj
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("jar").configure {
diff --git a/core/build.gradle b/core/build.gradle
index f8a95c37286..2fac9ddba04 100644
--- a/core/build.gradle
+++ b/core/build.gradle
@@ -39,8 +39,16 @@ dependencies {
 
     jmh project(':grpc-testing')
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("javadoc").configure {
diff --git a/core/src/main/java/io/grpc/internal/SpiffeUtil.java b/core/src/main/java/io/grpc/internal/SpiffeUtil.java
index 57e201d19ba..44ef343b6dc 100644
--- a/core/src/main/java/io/grpc/internal/SpiffeUtil.java
+++ b/core/src/main/java/io/grpc/internal/SpiffeUtil.java
@@ -23,13 +23,12 @@
 import com.google.common.base.Splitter;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.io.Files;
 import java.io.ByteArrayInputStream;
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -188,8 +187,8 @@ public static SpiffeBundle loadTrustBundleFromFile(String trustBundleFile) throw
   }
 
   private static Map<String, ?> readTrustDomainsFromFile(String filePath) throws IOException {
-    Path path = Paths.get(checkNotNull(filePath, "trustBundleFile"));
-    String json = new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
+    File file = new File(checkNotNull(filePath, "trustBundleFile"));
+    String json = new String(Files.toByteArray(file), StandardCharsets.UTF_8);
     Object jsonObject = JsonParser.parse(json);
     if (!(jsonObject instanceof Map)) {
       throw new IllegalArgumentException(
diff --git a/core/src/test/java/io/grpc/internal/ConcurrentTimeProviderTest.java b/core/src/test/java/io/grpc/internal/ConcurrentTimeProviderTest.java
index a02cb6a6e42..7983530456c 100644
--- a/core/src/test/java/io/grpc/internal/ConcurrentTimeProviderTest.java
+++ b/core/src/test/java/io/grpc/internal/ConcurrentTimeProviderTest.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.truth.Truth.assertThat;
 
-import java.time.Instant;
 import java.util.concurrent.TimeUnit;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -36,10 +35,8 @@ public void testConcurrentCurrentTimeNanos() {
     // Get the current time from the ConcurrentTimeProvider
     long actualTimeNanos = concurrentTimeProvider.currentTimeNanos();
 
-    // Get the current time from Instant for comparison
-    Instant instantNow = Instant.now();
-    long expectedTimeNanos = TimeUnit.SECONDS.toNanos(instantNow.getEpochSecond())
-        + instantNow.getNano();
+    // Get the current time from System for comparison
+    long expectedTimeNanos = TimeUnit.MILLISECONDS.toNanos(System.currentTimeMillis());
 
     // Validate the time returned is close to the expected value within a tolerance
     // (i,e 10 millisecond tolerance in nanoseconds).
diff --git a/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java b/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
index 46d1891cbb9..ac9a02fa936 100644
--- a/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
+++ b/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
@@ -20,6 +20,7 @@
 
 import java.time.Instant;
 import java.util.concurrent.TimeUnit;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -28,6 +29,7 @@
  * Unit tests for {@link InstantTimeProvider}.
  */
 @RunWith(JUnit4.class)
+@IgnoreJRERequirement
 public class InstantTimeProviderTest {
   @Test
   public void testInstantCurrentTimeNanos() throws Exception {
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 535086716bd..2fe82aea972 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -57,6 +57,7 @@
 import com.google.common.base.Throwables;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Iterables;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.common.util.concurrent.SettableFuture;
@@ -1199,8 +1200,10 @@ public void addressResolutionError_noPriorNameResolution_usesDefaultServiceConfi
     // config simply gets ignored and not gets reassigned.
     resolver.resolved();
     timer.forwardNanos(1234);
-    assertThat(getStats(channel).channelTrace.events.stream().filter(
-        event -> event.description.equals("Service config changed")).count()).isEqualTo(0);
+    assertThat(Iterables.filter(
+          getStats(channel).channelTrace.events,
+          event -> event.description.equals("Service config changed")))
+        .isEmpty();
   }
 
   @Test
diff --git a/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java b/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
index 244539501a6..d5155728936 100644
--- a/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
+++ b/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
@@ -22,15 +22,16 @@
 import static org.junit.Assert.assertTrue;
 
 import com.google.common.base.Optional;
+import com.google.common.io.ByteStreams;
 import io.grpc.internal.SpiffeUtil.SpiffeBundle;
 import io.grpc.internal.SpiffeUtil.SpiffeId;
 import io.grpc.testing.TlsTesting;
 import io.grpc.util.CertificateUtils;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
 import java.io.InputStream;
-import java.nio.file.Files;
-import java.nio.file.NoSuchFileException;
-import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
+import java.io.OutputStream;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collection;
@@ -247,12 +248,14 @@ public void setUp() throws Exception {
     }
 
     private String copyFileToTmp(String fileName) throws Exception {
-      Path tempFilePath = tempFolder.newFile(fileName).toPath();
+      File tempFile = tempFolder.newFile(fileName);
       try (InputStream resourceStream = SpiffeUtilTest.class.getClassLoader()
-          .getResourceAsStream(TEST_DIRECTORY_PREFIX + fileName)) {
-        Files.copy(resourceStream, tempFilePath, StandardCopyOption.REPLACE_EXISTING);
+            .getResourceAsStream(TEST_DIRECTORY_PREFIX + fileName);
+          OutputStream fileStream = new FileOutputStream(tempFile)) {
+        ByteStreams.copy(resourceStream, fileStream);
+        fileStream.flush();
       }
-      return tempFilePath.toString();
+      return tempFile.toString();
     }
 
     @Test
@@ -358,9 +361,11 @@ public void loadTrustBundleFromFileParameterValidityTest() {
       NullPointerException npe = assertThrows(NullPointerException.class, () -> SpiffeUtil
           .loadTrustBundleFromFile(null));
       assertEquals("trustBundleFile", npe.getMessage());
-      NoSuchFileException nsfe = assertThrows(NoSuchFileException.class, () -> SpiffeUtil
+      FileNotFoundException nsfe = assertThrows(FileNotFoundException.class, () -> SpiffeUtil
           .loadTrustBundleFromFile("i_do_not_exist"));
-      assertEquals("i_do_not_exist", nsfe.getMessage());
+      assertTrue(
+          "Did not contain expected substring: " + nsfe.getMessage(),
+          nsfe.getMessage().contains("i_do_not_exist"));
     }
   }
-}
\ No newline at end of file
+}
diff --git a/gae-interop-testing/gae-jdk8/build.gradle b/gae-interop-testing/gae-jdk8/build.gradle
index a09a8e793c0..3ed395198c2 100644
--- a/gae-interop-testing/gae-jdk8/build.gradle
+++ b/gae-interop-testing/gae-jdk8/build.gradle
@@ -53,7 +53,11 @@ dependencies {
     implementation libraries.junit
     implementation libraries.protobuf.java
     runtimeOnly libraries.netty.tcnative, libraries.netty.tcnative.classes
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("compileJava").configure {
diff --git a/gcp-csm-observability/build.gradle b/gcp-csm-observability/build.gradle
index e29a56b1052..bda54ca8146 100644
--- a/gcp-csm-observability/build.gradle
+++ b/gcp-csm-observability/build.gradle
@@ -28,5 +28,9 @@ dependencies {
             libraries.opentelemetry.sdk.testing,
             libraries.assertj.core // opentelemetry.sdk.testing uses compileOnly for this dep
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
diff --git a/gcp-observability/build.gradle b/gcp-observability/build.gradle
index f869bd61a76..c6d6fa28ddc 100644
--- a/gcp-observability/build.gradle
+++ b/gcp-observability/build.gradle
@@ -74,7 +74,11 @@ dependencies {
         exclude group: 'junit', module: 'junit'
     }
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 configureProtoCompilation()
diff --git a/gcp-observability/interop/build.gradle b/gcp-observability/interop/build.gradle
index 4a78c056eac..7e17624995a 100644
--- a/gcp-observability/interop/build.gradle
+++ b/gcp-observability/interop/build.gradle
@@ -10,7 +10,11 @@ dependencies {
     implementation project(':grpc-interop-testing'),
             project(':grpc-gcp-observability')
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 application {
diff --git a/googleapis/build.gradle b/googleapis/build.gradle
index 435e552d47d..3a7a3a2766a 100644
--- a/googleapis/build.gradle
+++ b/googleapis/build.gradle
@@ -21,5 +21,9 @@ dependencies {
                    libraries.guava.jre // JRE required by transitive protobuf-java-util
     testImplementation testFixtures(project(':grpc-core'))
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
diff --git a/grpclb/build.gradle b/grpclb/build.gradle
index 93331053b09..3f67181372b 100644
--- a/grpclb/build.gradle
+++ b/grpclb/build.gradle
@@ -28,7 +28,11 @@ dependencies {
             project(':grpc-inprocess'),
             testFixtures(project(':grpc-core'))
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 configureProtoCompilation()
diff --git a/inprocess/build.gradle b/inprocess/build.gradle
index edc97883b50..075968ccb9a 100644
--- a/inprocess/build.gradle
+++ b/inprocess/build.gradle
@@ -22,8 +22,16 @@ dependencies {
             testFixtures(project(':grpc-core'))
     testImplementation libraries.guava.testlib
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("javadoc").configure {
diff --git a/interop-testing/build.gradle b/interop-testing/build.gradle
index a85aec97adf..97e7c69533a 100644
--- a/interop-testing/build.gradle
+++ b/interop-testing/build.gradle
@@ -53,8 +53,16 @@ dependencies {
             libraries.mockito.core,
             libraries.okhttp
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 configureProtoCompilation()
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestClient.java b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestClient.java
index 23bc12a6b65..89519041a79 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestClient.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestClient.java
@@ -78,6 +78,7 @@
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 /** Client for xDS interop tests. */
 public final class XdsTestClient {
@@ -261,6 +262,7 @@ private static RpcType parseRpc(String rpc) {
     }
   }
 
+  @IgnoreJRERequirement // OpenTelemetry uses Java 8+ APIs
   private void run() {
     if (enableCsmObservability) {
       csmObservability = CsmObservability.newBuilder()
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
index 1bc4ff88981..88f1bf468b6 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/XdsTestServer.java
@@ -57,6 +57,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 /** Interop test server that implements the xDS testing service. */
 public final class XdsTestServer {
@@ -193,6 +194,7 @@ void parseArgs(String[] args) {
   }
 
   @SuppressWarnings("AddressSelection")
+  @IgnoreJRERequirement // OpenTelemetry uses Java 8+ APIs
   void start() throws Exception {
     if (enableCsmObservability) {
       csmObservability = CsmObservability.newBuilder()
diff --git a/istio-interop-testing/build.gradle b/istio-interop-testing/build.gradle
index e2fe228f13b..4550f0ea202 100644
--- a/istio-interop-testing/build.gradle
+++ b/istio-interop-testing/build.gradle
@@ -28,7 +28,11 @@ dependencies {
             libraries.junit,
             libraries.truth
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 sourceSets {
diff --git a/netty/BUILD.bazel b/netty/BUILD.bazel
index 9fe52ea5868..52fdcb19fd8 100644
--- a/netty/BUILD.bazel
+++ b/netty/BUILD.bazel
@@ -27,6 +27,7 @@ java_library(
         artifact("io.netty:netty-transport"),
         artifact("io.netty:netty-transport-native-unix-common"),
         artifact("io.perfmark:perfmark-api"),
+        artifact("org.codehaus.mojo:animal-sniffer-annotations"),
     ],
 )
 
diff --git a/netty/build.gradle b/netty/build.gradle
index 5533038c85b..3662f8ec399 100644
--- a/netty/build.gradle
+++ b/netty/build.gradle
@@ -65,8 +65,16 @@ dependencies {
             classifier = "linux-x86_64"
         }
     }
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 import net.ltgt.gradle.errorprone.CheckSeverity
diff --git a/netty/shaded/build.gradle b/netty/shaded/build.gradle
index 25682d60b75..f805a4f4a1f 100644
--- a/netty/shaded/build.gradle
+++ b/netty/shaded/build.gradle
@@ -65,8 +65,16 @@ dependencies {
     shadow project(':grpc-netty').configurations.runtimeClasspath.allDependencies.matching {
         it.group != 'io.netty'
     }
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("jar").configure {
diff --git a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
index 8aeb44d0fc2..3d1aa83d9ff 100644
--- a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
@@ -16,6 +16,7 @@
 
 package io.grpc.netty;
 
+import com.google.common.base.Optional;
 import io.grpc.ChannelLogger;
 import io.grpc.internal.ObjectPool;
 import io.grpc.netty.ProtocolNegotiators.ClientTlsHandler;
@@ -24,7 +25,6 @@
 import io.netty.channel.ChannelHandler;
 import io.netty.handler.ssl.SslContext;
 import io.netty.util.AsciiString;
-import java.util.Optional;
 import java.util.concurrent.Executor;
 
 /**
@@ -72,7 +72,7 @@ public void close() {
    * may happen immediately, even before the TLS Handshake is complete.
    */
   public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslContext) {
-    return tls(sslContext, null, Optional.empty());
+    return tls(sslContext, null, Optional.absent());
   }
 
   /**
@@ -170,7 +170,7 @@ public static ChannelHandler clientTlsHandler(
       ChannelHandler next, SslContext sslContext, String authority,
       ChannelLogger negotiationLogger) {
     return new ClientTlsHandler(next, sslContext, authority, null, negotiationLogger,
-        Optional.empty());
+        Optional.absent());
   }
 
   public static class ProtocolNegotiationHandler
diff --git a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
index fe226ec2ba9..8b80f7b4e46 100644
--- a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
@@ -23,6 +23,7 @@
 import static io.grpc.internal.GrpcUtil.KEEPALIVE_TIME_NANOS_DISABLED;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Optional;
 import com.google.common.base.Ticker;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import com.google.errorprone.annotations.CheckReturnValue;
@@ -63,7 +64,6 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.Optional;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
@@ -652,7 +652,7 @@ static ProtocolNegotiator createProtocolNegotiatorByType(
       case PLAINTEXT_UPGRADE:
         return ProtocolNegotiators.plaintextUpgrade();
       case TLS:
-        return ProtocolNegotiators.tls(sslContext, executorPool, Optional.empty());
+        return ProtocolNegotiators.tls(sslContext, executorPool, Optional.absent());
       default:
         throw new IllegalArgumentException("Unsupported negotiationType: " + negotiationType);
     }
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
index 84370ac8153..3f4d59bb334 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkState;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Optional;
 import com.google.common.base.Preconditions;
 import com.google.errorprone.annotations.ForOverride;
 import io.grpc.Attributes;
@@ -72,7 +73,6 @@
 import java.nio.channels.ClosedChannelException;
 import java.util.Arrays;
 import java.util.EnumSet;
-import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
@@ -82,6 +82,7 @@
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 /**
  * Common {@link ProtocolNegotiator}s used by gRPC.
@@ -601,6 +602,7 @@ static final class ClientTlsHandler extends ProtocolNegotiationHandler {
     }
 
     @Override
+    @IgnoreJRERequirement
     protected void handlerAdded0(ChannelHandlerContext ctx) {
       SSLEngine sslEngine = sslContext.newEngine(ctx.alloc(), host, port);
       SSLParameters sslParams = sslEngine.getSSLParameters();
@@ -708,7 +710,7 @@ public static ProtocolNegotiator tls(SslContext sslContext,
    * may happen immediately, even before the TLS Handshake is complete.
    */
   public static ProtocolNegotiator tls(SslContext sslContext) {
-    return tls(sslContext, null, Optional.empty());
+    return tls(sslContext, null, Optional.absent());
   }
 
   public static ProtocolNegotiator.ClientFactory tlsClientFactory(SslContext sslContext) {
diff --git a/netty/src/test/java/io/grpc/netty/NettyAdaptiveCumulatorTest.java b/netty/src/test/java/io/grpc/netty/NettyAdaptiveCumulatorTest.java
index 1037dab4712..68dc6dc0c80 100644
--- a/netty/src/test/java/io/grpc/netty/NettyAdaptiveCumulatorTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyAdaptiveCumulatorTest.java
@@ -40,7 +40,6 @@
 import io.netty.buffer.UnpooledByteBufAllocator;
 import java.util.Collection;
 import java.util.List;
-import java.util.stream.Collectors;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -55,7 +54,7 @@
 public class NettyAdaptiveCumulatorTest {
 
   private static Collection<Object[]> cartesianProductParams(List<?>... lists) {
-    return Lists.cartesianProduct(lists).stream().map(List::toArray).collect(Collectors.toList());
+    return Lists.transform(Lists.cartesianProduct(lists), List::toArray);
   }
 
   @RunWith(JUnit4.class)
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientStreamTest.java b/netty/src/test/java/io/grpc/netty/NettyClientStreamTest.java
index 2a5a0df279a..a44a196ac8c 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientStreamTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientStreamTest.java
@@ -46,6 +46,7 @@
 import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableListMultimap;
+import com.google.common.collect.Iterables;
 import com.google.common.io.BaseEncoding;
 import io.grpc.CallOptions;
 import io.grpc.InternalStatus;
@@ -239,11 +240,13 @@ public void writeFrameFutureFailedShouldCancelRpc() {
     // Get the CancelClientStreamCommand written to the queue. Above we verified that there is
     // only one CancelClientStreamCommand enqueued, and is the third enqueued command (create,
     // frame write failure, cancel).
-    CancelClientStreamCommand cancelCommand = Mockito.mockingDetails(writeQueue).getInvocations()
-        // Get enqueue() innovations only
-        .stream().filter(invocation -> invocation.getMethod().getName().equals("enqueue"))
+    CancelClientStreamCommand cancelCommand = Iterables.get(
+        Iterables.filter(
+          Mockito.mockingDetails(writeQueue).getInvocations(),
+          // Get enqueue() innovations only
+          invocation -> invocation.getMethod().getName().equals("enqueue")),
         // Get the third invocation of enqueue()
-        .skip(2).findFirst().get()
+        2)
         // Get the first argument (QueuedCommand command)
         .getArgument(0);
 
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index b7a3ff13a59..8d0d656859f 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -39,6 +39,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 
+import com.google.common.base.Optional;
 import com.google.common.base.Strings;
 import com.google.common.base.Ticker;
 import com.google.common.io.ByteStreams;
@@ -105,7 +106,6 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.TimeUnit;
@@ -803,7 +803,7 @@ public void tlsNegotiationServerExecutorShouldSucceed() throws Exception {
         .keyManager(clientCert, clientKey)
         .build();
     ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, clientExecutorPool,
-        Optional.empty());
+        Optional.absent());
     // after starting the client, the Executor in the client pool should be used
     assertEquals(true, clientExecutorPool.isInUse());
     final NettyClientTransport transport = newTransport(negotiator);
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerStreamTest.java b/netty/src/test/java/io/grpc/netty/NettyServerStreamTest.java
index 452f68341b1..0723e359752 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerStreamTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerStreamTest.java
@@ -38,7 +38,9 @@
 
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableListMultimap;
+import com.google.common.collect.Iterables;
 import com.google.common.collect.ListMultimap;
+import com.google.common.collect.Lists;
 import io.grpc.Attributes;
 import io.grpc.Metadata;
 import io.grpc.Status;
@@ -57,7 +59,6 @@
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Queue;
-import java.util.stream.Collectors;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -217,14 +218,15 @@ private CancelServerStreamCommand findCancelServerStreamCommand() {
     // Ensure there's no CancelServerStreamCommand enqueued with flush=false.
     verify(writeQueue, never()).enqueue(any(CancelServerStreamCommand.class), eq(false));
 
-    List<CancelServerStreamCommand> commands = Mockito.mockingDetails(writeQueue).getInvocations()
-        .stream()
-        // Get enqueue() innovations only.
-        .filter(invocation -> invocation.getMethod().getName().equals("enqueue"))
-        // Find the cancel commands.
-        .filter(invocation -> invocation.getArgument(0) instanceof CancelServerStreamCommand)
-        .map(invocation -> invocation.getArgument(0, CancelServerStreamCommand.class))
-        .collect(Collectors.toList());
+    List<CancelServerStreamCommand> commands = Lists.newArrayList(
+        Iterables.transform(
+          Iterables.filter(
+            Mockito.mockingDetails(writeQueue).getInvocations(),
+            // Get enqueue() innovations only
+            invocation -> invocation.getMethod().getName().equals("enqueue")
+              // Find the cancel commands.
+              && invocation.getArgument(0) instanceof CancelServerStreamCommand),
+          invocation -> invocation.getArgument(0, CancelServerStreamCommand.class)));
 
     assertWithMessage("Expected exactly one CancelClientStreamCommand").that(commands).hasSize(1);
     return commands.get(0);
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 2ccdb2de543..6dff3de2b2a 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -31,6 +31,7 @@
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
+import com.google.common.base.Optional;
 import io.grpc.Attributes;
 import io.grpc.CallCredentials;
 import io.grpc.ChannelCredentials;
@@ -120,7 +121,6 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
-import java.util.Optional;
 import java.util.Queue;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
@@ -877,7 +877,7 @@ public String applicationProtocol() {
     DefaultEventLoopGroup elg = new DefaultEventLoopGroup(1);
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger, Optional.empty());
+        "authority", elg, noopLogger, Optional.absent());
     pipeline.addLast(handler);
     pipeline.replace(SslHandler.class, null, goodSslHandler);
     pipeline.fireUserEventTriggered(ProtocolNegotiationEvent.DEFAULT);
@@ -915,7 +915,7 @@ public String applicationProtocol() {
         .applicationProtocolConfig(apn).build();
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger, Optional.empty());
+        "authority", elg, noopLogger, Optional.absent());
     pipeline.addLast(handler);
     pipeline.replace(SslHandler.class, null, goodSslHandler);
     pipeline.fireUserEventTriggered(ProtocolNegotiationEvent.DEFAULT);
@@ -939,7 +939,7 @@ public String applicationProtocol() {
     DefaultEventLoopGroup elg = new DefaultEventLoopGroup(1);
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger, Optional.empty());
+        "authority", elg, noopLogger, Optional.absent());
     pipeline.addLast(handler);
 
     final AtomicReference<Throwable> error = new AtomicReference<>();
@@ -967,7 +967,7 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
   @Test
   public void clientTlsHandler_closeDuringNegotiation() throws Exception {
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", null, noopLogger, Optional.empty());
+        "authority", null, noopLogger, Optional.absent());
     pipeline.addLast(new WriteBufferingAndExceptionHandler(handler));
     ChannelFuture pendingWrite = channel.writeAndFlush(NettyClientHandler.NOOP_MESSAGE);
 
@@ -1230,7 +1230,7 @@ public void clientTlsHandler_firesNegotiation() throws Exception {
     }
     FakeGrpcHttp2ConnectionHandler gh = FakeGrpcHttp2ConnectionHandler.newHandler();
     ClientTlsProtocolNegotiator pn = new ClientTlsProtocolNegotiator(clientSslContext,
-        null, Optional.empty());
+        null, Optional.absent());
     WriteBufferingAndExceptionHandler clientWbaeh =
         new WriteBufferingAndExceptionHandler(pn.newHandler(gh));
 
diff --git a/okhttp/build.gradle b/okhttp/build.gradle
index 063e4775de1..6c542feec9c 100644
--- a/okhttp/build.gradle
+++ b/okhttp/build.gradle
@@ -31,8 +31,16 @@ dependencies {
             project(':grpc-testing-proto'),
             libraries.netty.codec.http2,
             libraries.okhttp
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 project.sourceSets {
diff --git a/opentelemetry/build.gradle b/opentelemetry/build.gradle
index 00d913c280d..b729f393e4b 100644
--- a/opentelemetry/build.gradle
+++ b/opentelemetry/build.gradle
@@ -23,8 +23,11 @@ dependencies {
 
     annotationProcessor libraries.auto.value
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("jar").configure {
diff --git a/protobuf-lite/build.gradle b/protobuf-lite/build.gradle
index 11a49d4816d..16b622535e8 100644
--- a/protobuf-lite/build.gradle
+++ b/protobuf-lite/build.gradle
@@ -17,8 +17,16 @@ dependencies {
 
     testImplementation project(':grpc-core')
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("jar").configure {
diff --git a/protobuf/build.gradle b/protobuf/build.gradle
index c88ae836e0f..c477e41dceb 100644
--- a/protobuf/build.gradle
+++ b/protobuf/build.gradle
@@ -31,8 +31,16 @@ dependencies {
         exclude group: 'com.google.protobuf', module: 'protobuf-javalite'
     }
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("javadoc").configure {
diff --git a/rls/build.gradle b/rls/build.gradle
index 0629dce64c1..1dbcd91ec3c 100644
--- a/rls/build.gradle
+++ b/rls/build.gradle
@@ -30,7 +30,11 @@ dependencies {
             project(':grpc-testing-proto'),
             testFixtures(project(':grpc-api')),
             testFixtures(project(':grpc-core'))
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("compileJava").configure {
diff --git a/s2a/build.gradle b/s2a/build.gradle
index 572c48a0c5b..6ac193938ca 100644
--- a/s2a/build.gradle
+++ b/s2a/build.gradle
@@ -62,7 +62,11 @@ dependencies {
         }
     }
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 configureProtoCompilation()
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
index 7ad9de991cf..0822399aad6 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
@@ -253,7 +253,7 @@ public void onSuccess(SslContext sslContext) {
                   InternalProtocolNegotiators.tls(
                           sslContext,
                           SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR),
-                          Optional.of(new Runnable() {
+                          com.google.common.base.Optional.of(new Runnable() {
                             @Override
                             public void run() {
                               s2aStub.close();
@@ -278,4 +278,4 @@ public void onFailure(Throwable t) {
   }
 
   private S2AProtocolNegotiatorFactory() {}
-}
\ No newline at end of file
+}
diff --git a/services/build.gradle b/services/build.gradle
index 6daa7b0511d..758f2a5c899 100644
--- a/services/build.gradle
+++ b/services/build.gradle
@@ -39,7 +39,11 @@ dependencies {
             testFixtures(project(':grpc-core')),
             testFixtures(project(':grpc-api'))
     testCompileOnly libraries.javax.annotation
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 configureProtoCompilation()
diff --git a/stub/BUILD.bazel b/stub/BUILD.bazel
index 6d06e01f918..572ea681ef3 100644
--- a/stub/BUILD.bazel
+++ b/stub/BUILD.bazel
@@ -12,6 +12,7 @@ java_library(
         artifact("com.google.code.findbugs:jsr305"),
         artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
+        artifact("org.codehaus.mojo:animal-sniffer-annotations"),
     ],
 )
 
diff --git a/stub/build.gradle b/stub/build.gradle
index 867936f3ea3..a9a7cec5a0e 100644
--- a/stub/build.gradle
+++ b/stub/build.gradle
@@ -22,8 +22,16 @@ dependencies {
             project(':grpc-inprocess'),
             project(':grpc-testing'),
             testFixtures(project(':grpc-api'))
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("javadoc").configure {
diff --git a/stub/src/main/java/io/grpc/stub/AbstractStub.java b/stub/src/main/java/io/grpc/stub/AbstractStub.java
index 06dd55ff466..7b4bbed34a8 100644
--- a/stub/src/main/java/io/grpc/stub/AbstractStub.java
+++ b/stub/src/main/java/io/grpc/stub/AbstractStub.java
@@ -33,6 +33,7 @@
 import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 /**
  * Common base type for stub implementations. Stub configuration is immutable; changing the
@@ -152,6 +153,7 @@ public final S withDeadlineAfter(long duration, TimeUnit unit) {
   }
 
   @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11657")
+  @IgnoreJRERequirement
   public final S withDeadlineAfter(Duration duration) {
     return withDeadlineAfter(convert(duration), TimeUnit.NANOSECONDS);
   }
diff --git a/stub/src/test/java/io/grpc/stub/AbstractStubTest.java b/stub/src/test/java/io/grpc/stub/AbstractStubTest.java
index a167c735160..352a2fb7fe2 100644
--- a/stub/src/test/java/io/grpc/stub/AbstractStubTest.java
+++ b/stub/src/test/java/io/grpc/stub/AbstractStubTest.java
@@ -28,6 +28,7 @@
 import io.grpc.stub.AbstractStub.StubFactory;
 import io.grpc.stub.AbstractStubTest.NoopStub;
 import java.time.Duration;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -54,6 +55,7 @@ public NoopStub newStub(Channel channel, CallOptions callOptions) {
   }
 
   @Test
+  @IgnoreJRERequirement
   public void testDuration() {
     NoopStub stub = NoopStub.newStub(new StubFactory<NoopStub>() {
       @Override
diff --git a/testing-proto/build.gradle b/testing-proto/build.gradle
index e6afce468f0..a34392b26d2 100644
--- a/testing-proto/build.gradle
+++ b/testing-proto/build.gradle
@@ -20,7 +20,11 @@ dependencies {
     compileOnly libraries.javax.annotation
     testImplementation libraries.truth
     testRuntimeOnly libraries.javax.annotation
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 configureProtoCompilation()
diff --git a/testing/build.gradle b/testing/build.gradle
index cc83b7ad620..b92e39279c6 100644
--- a/testing/build.gradle
+++ b/testing/build.gradle
@@ -24,8 +24,16 @@ dependencies {
     testImplementation project(':grpc-testing-proto'),
             testFixtures(project(':grpc-core'))
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("javadoc").configure { exclude 'io/grpc/internal/**' }
diff --git a/util/build.gradle b/util/build.gradle
index 932ca66883e..6fbd6925c00 100644
--- a/util/build.gradle
+++ b/util/build.gradle
@@ -35,8 +35,16 @@ dependencies {
             project(':grpc-testing')
     jmh project(':grpc-testing')
 
-    signature libraries.signature.java
-    signature libraries.signature.android
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 animalsniffer {
diff --git a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
index 1f0290e76d7..928592e5534 100644
--- a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
@@ -685,7 +685,11 @@ void updateTrackerConfigs(OutlierDetectionLoadBalancerConfig config) {
     /** Adds a new tracker for every given address. */
     void putNewTrackers(OutlierDetectionLoadBalancerConfig config,
         Set<Set<SocketAddress>> endpoints) {
-      endpoints.forEach(e -> trackerMap.putIfAbsent(e, new EndpointTracker(config)));
+      for (Set<SocketAddress> endpoint : endpoints) {
+        if (!trackerMap.containsKey(endpoint)) {
+          trackerMap.put(endpoint, new EndpointTracker(config));
+        }
+      }
     }
 
     /** Resets the call counters for all the trackers in the map. */
diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
index 36ef75abeaa..91159d121ad 100644
--- a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
+++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
@@ -44,6 +44,7 @@
 import java.util.logging.LogRecord;
 import java.util.logging.Logger;
 import javax.net.ssl.SSLSocket;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -51,6 +52,7 @@
 
 /** Unit tests for {@link AdvancedTlsX509TrustManager}. */
 @RunWith(JUnit4.class)
+@IgnoreJRERequirement
 public class AdvancedTlsX509TrustManagerTest {
 
   private static final String CA_PEM_FILE = "ca.pem";
diff --git a/xds/build.gradle b/xds/build.gradle
index e09b42d06a9..c51fc2819d7 100644
--- a/xds/build.gradle
+++ b/xds/build.gradle
@@ -81,7 +81,11 @@ dependencies {
     shadow configurations.implementation.getDependencies().minus([nettyDependency])
     shadow project(path: ':grpc-netty-shaded', configuration: 'shadow')
 
-    signature libraries.signature.java
+    signature (libraries.signature.java) {
+        artifact {
+            extension = "signature"
+        }
+    }
     testRuntimeOnly libraries.netty.tcnative,
             libraries.netty.tcnative.classes
     testRuntimeOnly (libraries.netty.tcnative) {

From 7601afc21361c2444f9720a8c5c40db14a1bb659 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 19 Dec 2024 08:19:02 -0800
Subject: [PATCH 116/591] Bump android animalsniffer signature to API 21

This should have been done as part of 2b4f649b
---
 gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index b9f9c5350e1..4d871239cc2 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -97,7 +97,7 @@ protobuf-javalite = { module = "com.google.protobuf:protobuf-javalite", version.
 protobuf-protoc = { module = "com.google.protobuf:protoc", version.ref = "protobuf" }
 re2j = "com.google.re2j:re2j:1.7"
 robolectric = "org.robolectric:robolectric:4.13"
-signature-android = "net.sf.androidscents.signature:android-api-level-19:4.4.2_r4"
+signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r2"
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
 tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.31"

From ef7c2d59c1c9b3b74a5bd10d54f205c0a68016b9 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Thu, 19 Dec 2024 14:46:58 -0800
Subject: [PATCH 117/591] xds: Fix XDS control plane client retry timer backoff
 duration when connection closes after results are received (#11766)

* Fix retry timer backoff duration.

* Reset stopwatch when we had results on AdsStream rather than change the delay calculation logic.
---
 xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java | 1 +
 xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java | 1 +
 2 files changed, 2 insertions(+)

diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index 047f8a2e315..9c7d744816a 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -446,6 +446,7 @@ private void handleRpcStreamClosed(Status status) {
         // Reset the backoff sequence if had received a response, or backoff sequence
         // has never been initialized.
         retryBackoffPolicy = backoffPolicyProvider.get();
+        stopwatch.reset();
       }
 
       // FakeClock in tests isn't thread-safe. Schedule the retry timer before notifying callbacks
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index f1c114673b5..1b0c363d94f 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -3524,6 +3524,7 @@ public void streamClosedAndRetryWithBackoff() {
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
 
     // Management server closes the RPC stream with an error.
+    fakeClock.forwardNanos(1000L); // Make sure retry isn't based on stopwatch 0
     call.sendError(Status.UNKNOWN.asException());
     verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
         .onError(errorCaptor.capture());

From 0b2d44098fba13320ef03d7d4e4f891a9bf944b1 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 19 Dec 2024 23:32:47 -0800
Subject: [PATCH 118/591] Introduce custom NameResolver.Args (#11669)

grpc-binder's upcoming AndroidIntentNameResolver needs to know the target Android user so it can resolve target URIs in the correct place. Unfortunately, Android's built in intent:// URI scheme has no way to specify a user and in fact the android.os.UserHandle object can't reasonably be encoded as a String at all.

We solve this problem by extending NameResolver.Args with the same type-safe and domain-specific Key<T> pattern used by CallOptions, Context and CreateSubchannelArgs. New "custom" arguments could apply to all NameResolvers of a certain URI scheme, to all NameResolvers producing a particular type of java.net.SocketAddress, or even to a specific NameResolver subclass.
---
 .../io/grpc/ForwardingChannelBuilder2.java    |   6 +
 .../java/io/grpc/ManagedChannelBuilder.java   |  17 +++
 api/src/main/java/io/grpc/NameResolver.java   | 125 ++++++++++++++----
 .../test/java/io/grpc/NameResolverTest.java   |  16 ++-
 .../io/grpc/internal/ManagedChannelImpl.java  |   8 +-
 .../internal/ManagedChannelImplBuilder.java   |  21 +++
 .../ManagedChannelImplBuilderTest.java        |  10 ++
 .../grpc/internal/ManagedChannelImplTest.java |   9 +-
 8 files changed, 179 insertions(+), 33 deletions(-)

diff --git a/api/src/main/java/io/grpc/ForwardingChannelBuilder2.java b/api/src/main/java/io/grpc/ForwardingChannelBuilder2.java
index 7f21a57ec80..78fe730d91a 100644
--- a/api/src/main/java/io/grpc/ForwardingChannelBuilder2.java
+++ b/api/src/main/java/io/grpc/ForwardingChannelBuilder2.java
@@ -263,6 +263,12 @@ protected T addMetricSink(MetricSink metricSink) {
     return thisT();
   }
 
+  @Override
+  public <X> T setNameResolverArg(NameResolver.Args.Key<X> key, X value) {
+    delegate().setNameResolverArg(key, value);
+    return thisT();
+  }
+
   /**
    * Returns the {@link ManagedChannel} built by the delegate by default. Overriding method can
    * return different value.
diff --git a/api/src/main/java/io/grpc/ManagedChannelBuilder.java b/api/src/main/java/io/grpc/ManagedChannelBuilder.java
index 6e30d8eae04..df867d09ba1 100644
--- a/api/src/main/java/io/grpc/ManagedChannelBuilder.java
+++ b/api/src/main/java/io/grpc/ManagedChannelBuilder.java
@@ -633,6 +633,23 @@ protected T addMetricSink(MetricSink metricSink) {
     throw new UnsupportedOperationException();
   }
 
+  /**
+   * Provides a "custom" argument for the {@link NameResolver}, if applicable, replacing any 'value'
+   * previously provided for 'key'.
+   *
+   * <p>NB: If the selected {@link NameResolver} does not understand 'key', or target URI resolution
+   * isn't needed at all, your custom argument will be silently ignored.
+   *
+   * <p>See {@link NameResolver.Args#getArg(NameResolver.Args.Key)} for more.
+   *
+   * @param key identifies the argument in a type-safe manner
+   * @param value the argument itself
+   * @return this
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/1770")
+  public <X> T setNameResolverArg(NameResolver.Args.Key<X> key, X value) {
+    throw new UnsupportedOperationException();
+  }
 
   /**
    * Builds a channel using the given parameters.
diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index b35601289a3..e8295365ca8 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -28,11 +28,13 @@
 import java.lang.annotation.RetentionPolicy;
 import java.net.URI;
 import java.util.Collections;
+import java.util.IdentityHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
 import javax.annotation.Nullable;
+import javax.annotation.concurrent.Immutable;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
@@ -276,7 +278,12 @@ public Status onResult2(ResolutionResult resolutionResult) {
   /**
    * Information that a {@link Factory} uses to create a {@link NameResolver}.
    *
-   * <p>Note this class doesn't override neither {@code equals()} nor {@code hashCode()}.
+   * <p>Args applicable to all {@link NameResolver}s are defined here using ordinary setters and
+   * getters. This container can also hold externally-defined "custom" args that aren't so widely
+   * useful or that would be inappropriate dependencies for this low level API. See {@link
+   * Args#getArg} for more.
+   *
+   * <p>Note this class overrides neither {@code equals()} nor {@code hashCode()}.
    *
    * @since 1.21.0
    */
@@ -291,26 +298,20 @@ public static final class Args {
     @Nullable private final Executor executor;
     @Nullable private final String overrideAuthority;
     @Nullable private final MetricRecorder metricRecorder;
+    @Nullable private final IdentityHashMap<Key<?>, Object> customArgs;
 
-    private Args(
-        Integer defaultPort,
-        ProxyDetector proxyDetector,
-        SynchronizationContext syncContext,
-        ServiceConfigParser serviceConfigParser,
-        @Nullable ScheduledExecutorService scheduledExecutorService,
-        @Nullable ChannelLogger channelLogger,
-        @Nullable Executor executor,
-        @Nullable String overrideAuthority,
-        @Nullable MetricRecorder metricRecorder) {
-      this.defaultPort = checkNotNull(defaultPort, "defaultPort not set");
-      this.proxyDetector = checkNotNull(proxyDetector, "proxyDetector not set");
-      this.syncContext = checkNotNull(syncContext, "syncContext not set");
-      this.serviceConfigParser = checkNotNull(serviceConfigParser, "serviceConfigParser not set");
-      this.scheduledExecutorService = scheduledExecutorService;
-      this.channelLogger = channelLogger;
-      this.executor = executor;
-      this.overrideAuthority = overrideAuthority;
-      this.metricRecorder = metricRecorder;
+    private Args(Builder builder) {
+      this.defaultPort = checkNotNull(builder.defaultPort, "defaultPort not set");
+      this.proxyDetector = checkNotNull(builder.proxyDetector, "proxyDetector not set");
+      this.syncContext = checkNotNull(builder.syncContext, "syncContext not set");
+      this.serviceConfigParser =
+          checkNotNull(builder.serviceConfigParser, "serviceConfigParser not set");
+      this.scheduledExecutorService = builder.scheduledExecutorService;
+      this.channelLogger = builder.channelLogger;
+      this.executor = builder.executor;
+      this.overrideAuthority = builder.overrideAuthority;
+      this.metricRecorder = builder.metricRecorder;
+      this.customArgs = cloneCustomArgs(builder.customArgs);
     }
 
     /**
@@ -319,6 +320,7 @@ private Args(
      *
      * @since 1.21.0
      */
+    // <p>TODO: Only meaningful for InetSocketAddress producers. Make this a custom arg?
     public int getDefaultPort() {
       return defaultPort;
     }
@@ -371,6 +373,30 @@ public ServiceConfigParser getServiceConfigParser() {
       return serviceConfigParser;
     }
 
+    /**
+     * Returns the value of a custom arg named 'key', or {@code null} if it's not set.
+     *
+     * <p>While ordinary {@link Args} should be universally useful and meaningful, custom arguments
+     * can apply just to resolvers of a certain URI scheme, just to resolvers producing a particular
+     * type of {@link java.net.SocketAddress}, or even an individual {@link NameResolver} subclass.
+     * Custom args are identified by an instance of {@link Args.Key} which should be a constant
+     * defined in a java package and class appropriate for the argument's scope.
+     *
+     * <p>{@link Args} are normally reserved for information in *support* of name resolution, not
+     * the name to be resolved itself. However, there are rare cases where all or part of the target
+     * name can't be represented by any standard URI scheme or can't be encoded as a String at all.
+     * Custom args, in contrast, can hold arbitrary Java types, making them a useful work around in
+     * these cases.
+     *
+     * <p>Custom args can also be used simply to avoid adding inappropriate deps to the low level
+     * io.grpc package.
+     */
+    @SuppressWarnings("unchecked") // Cast is safe because all put()s go through the setArg() API.
+    @Nullable
+    public <T> T getArg(Key<T> key) {
+      return customArgs != null ? (T) customArgs.get(key) : null;
+    }
+
     /**
      * Returns the {@link ChannelLogger} for the Channel served by this NameResolver.
      *
@@ -424,6 +450,7 @@ public String toString() {
           .add("proxyDetector", proxyDetector)
           .add("syncContext", syncContext)
           .add("serviceConfigParser", serviceConfigParser)
+          .add("customArgs", customArgs)
           .add("scheduledExecutorService", scheduledExecutorService)
           .add("channelLogger", channelLogger)
           .add("executor", executor)
@@ -448,6 +475,7 @@ public Builder toBuilder() {
       builder.setOffloadExecutor(executor);
       builder.setOverrideAuthority(overrideAuthority);
       builder.setMetricRecorder(metricRecorder);
+      builder.customArgs = cloneCustomArgs(customArgs);
       return builder;
     }
 
@@ -475,6 +503,7 @@ public static final class Builder {
       private Executor executor;
       private String overrideAuthority;
       private MetricRecorder metricRecorder;
+      private IdentityHashMap<Key<?>, Object> customArgs;
 
       Builder() {
       }
@@ -561,6 +590,17 @@ public Builder setOverrideAuthority(String authority) {
         return this;
       }
 
+      /** See {@link Args#getArg(Key)}. */
+      public <T> Builder setArg(Key<T> key, T value) {
+        checkNotNull(key, "key");
+        checkNotNull(value, "value");
+        if (customArgs == null) {
+          customArgs = new IdentityHashMap<>();
+        }
+        customArgs.put(key, value);
+        return this;
+      }
+
       /**
        * See {@link Args#getMetricRecorder()}. This is an optional field.
        */
@@ -575,11 +615,40 @@ public Builder setMetricRecorder(MetricRecorder metricRecorder) {
        * @since 1.21.0
        */
       public Args build() {
-        return
-            new Args(
-                defaultPort, proxyDetector, syncContext, serviceConfigParser,
-                scheduledExecutorService, channelLogger, executor, overrideAuthority,
-                metricRecorder);
+        return new Args(this);
+      }
+    }
+
+    /**
+     * Identifies an externally-defined custom argument that can be stored in {@link Args}.
+     *
+     * <p>Uses reference equality so keys should be defined as global constants.
+     *
+     * @param <T> type of values that can be stored under this key
+     */
+    @Immutable
+    @SuppressWarnings("UnusedTypeParameter")
+    public static final class Key<T> {
+      private final String debugString;
+
+      private Key(String debugString) {
+        this.debugString = debugString;
+      }
+
+      @Override
+      public String toString() {
+        return debugString;
+      }
+
+      /**
+       * Creates a new instance of {@link Key}.
+       *
+       * @param debugString a string used to describe the key, used for debugging.
+       * @param <T> Key type
+       * @return a new instance of Key
+       */
+      public static <T> Key<T> create(String debugString) {
+        return new Key<>(debugString);
       }
     }
   }
@@ -877,4 +946,10 @@ public String toString() {
       }
     }
   }
+
+  @Nullable
+  private static IdentityHashMap<Args.Key<?>, Object> cloneCustomArgs(
+          @Nullable IdentityHashMap<Args.Key<?>, Object> customArgs) {
+    return customArgs != null ? new IdentityHashMap<>(customArgs) : null;
+  }
 }
diff --git a/api/src/test/java/io/grpc/NameResolverTest.java b/api/src/test/java/io/grpc/NameResolverTest.java
index 1a7c59f8df5..ae8c080bd5c 100644
--- a/api/src/test/java/io/grpc/NameResolverTest.java
+++ b/api/src/test/java/io/grpc/NameResolverTest.java
@@ -47,9 +47,13 @@ public class NameResolverTest {
   private static final List<EquivalentAddressGroup> ADDRESSES =
       Collections.singletonList(
           new EquivalentAddressGroup(new FakeSocketAddress("fake-address-1"), Attributes.EMPTY));
-  private static final Attributes.Key<String> YOLO_KEY = Attributes.Key.create("yolo");
-  private static Attributes ATTRIBUTES = Attributes.newBuilder()
-      .set(YOLO_KEY, "To be, or not to be?").build();
+  private static final Attributes.Key<String> YOLO_ATTR_KEY = Attributes.Key.create("yolo");
+  private static Attributes ATTRIBUTES =
+      Attributes.newBuilder().set(YOLO_ATTR_KEY, "To be, or not to be?").build();
+  private static final NameResolver.Args.Key<Integer> FOO_ARG_KEY =
+      NameResolver.Args.Key.create("foo");
+  private static final NameResolver.Args.Key<Integer> BAR_ARG_KEY =
+          NameResolver.Args.Key.create("bar");
   private static ConfigOrError CONFIG = ConfigOrError.fromConfig("foo");
 
   @Rule
@@ -65,6 +69,7 @@ public class NameResolverTest {
   private final Executor executor = Executors.newSingleThreadExecutor();
   private final String overrideAuthority = "grpc.io";
   private final MetricRecorder metricRecorder = new MetricRecorder() {};
+  private final int customArgValue = 42;
   @Mock NameResolver.Listener mockListener;
 
   @Test
@@ -79,6 +84,8 @@ public void args() {
     assertThat(args.getOffloadExecutor()).isSameInstanceAs(executor);
     assertThat(args.getOverrideAuthority()).isSameInstanceAs(overrideAuthority);
     assertThat(args.getMetricRecorder()).isSameInstanceAs(metricRecorder);
+    assertThat(args.getArg(FOO_ARG_KEY)).isEqualTo(customArgValue);
+    assertThat(args.getArg(BAR_ARG_KEY)).isNull();
 
     NameResolver.Args args2 = args.toBuilder().build();
     assertThat(args2.getDefaultPort()).isEqualTo(defaultPort);
@@ -90,6 +97,8 @@ public void args() {
     assertThat(args2.getOffloadExecutor()).isSameInstanceAs(executor);
     assertThat(args2.getOverrideAuthority()).isSameInstanceAs(overrideAuthority);
     assertThat(args.getMetricRecorder()).isSameInstanceAs(metricRecorder);
+    assertThat(args.getArg(FOO_ARG_KEY)).isEqualTo(customArgValue);
+    assertThat(args.getArg(BAR_ARG_KEY)).isNull();
 
     assertThat(args2).isNotSameInstanceAs(args);
     assertThat(args2).isNotEqualTo(args);
@@ -106,6 +115,7 @@ private NameResolver.Args createArgs() {
         .setOffloadExecutor(executor)
         .setOverrideAuthority(overrideAuthority)
         .setMetricRecorder(metricRecorder)
+        .setArg(FOO_ARG_KEY, customArgValue)
         .build();
   }
 
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 88fbf5e2c62..5c2871a1373 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -591,8 +591,7 @@ ClientStream newSubstream(
     this.authorityOverride = builder.authorityOverride;
     this.metricRecorder = new MetricRecorderImpl(builder.metricSinks,
         MetricInstrumentRegistry.getDefaultRegistry());
-    this.nameResolverArgs =
-        NameResolver.Args.newBuilder()
+    NameResolver.Args.Builder nameResolverArgsBuilder = NameResolver.Args.newBuilder()
             .setDefaultPort(builder.getDefaultPort())
             .setProxyDetector(proxyDetector)
             .setSynchronizationContext(syncContext)
@@ -601,8 +600,9 @@ ClientStream newSubstream(
             .setChannelLogger(channelLogger)
             .setOffloadExecutor(this.offloadExecutorHolder)
             .setOverrideAuthority(this.authorityOverride)
-            .setMetricRecorder(this.metricRecorder)
-            .build();
+            .setMetricRecorder(this.metricRecorder);
+    builder.copyAllNameResolverCustomArgsTo(nameResolverArgsBuilder);
+    this.nameResolverArgs = nameResolverArgsBuilder.build();
     this.nameResolver = getNameResolver(
         targetUri, authorityOverride, nameResolverProvider, nameResolverArgs);
     this.balancerRpcExecutorPool = checkNotNull(balancerRpcExecutorPool, "balancerRpcExecutorPool");
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
index 48a255472e1..20f7e901ddd 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
@@ -55,6 +55,7 @@
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.IdentityHashMap;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -159,6 +160,8 @@ public static ManagedChannelBuilder<?> forTarget(String target) {
   final ChannelCredentials channelCredentials;
   @Nullable
   final CallCredentials callCredentials;
+  @Nullable
+  IdentityHashMap<NameResolver.Args.Key<?>, Object> nameResolverCustomArgs;
 
   @Nullable
   private final SocketAddress directServerAddress;
@@ -613,6 +616,24 @@ private static List<?> checkListEntryTypes(List<?> list) {
     return Collections.unmodifiableList(parsedList);
   }
 
+  @Override
+  public <X> ManagedChannelImplBuilder setNameResolverArg(NameResolver.Args.Key<X> key, X value) {
+    if (nameResolverCustomArgs == null) {
+      nameResolverCustomArgs = new IdentityHashMap<>();
+    }
+    nameResolverCustomArgs.put(checkNotNull(key, "key"), checkNotNull(value, "value"));
+    return this;
+  }
+
+  @SuppressWarnings("unchecked") // This cast is safe because of setNameResolverArg()'s signature.
+  void copyAllNameResolverCustomArgsTo(NameResolver.Args.Builder dest) {
+    if (nameResolverCustomArgs != null) {
+      for (Map.Entry<NameResolver.Args.Key<?>, Object> entry : nameResolverCustomArgs.entrySet()) {
+        dest.setArg((NameResolver.Args.Key<Object>) entry.getKey(), entry.getValue());
+      }
+    }
+  }
+
   @Override
   public ManagedChannelImplBuilder disableServiceConfigLookUp() {
     this.lookUpServiceConfig = false;
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
index ddef7ef546f..cf131a79d87 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
@@ -764,6 +764,16 @@ public void disableNameResolverServiceConfig() {
     assertThat(builder.lookUpServiceConfig).isFalse();
   }
 
+  @Test
+  public void setNameResolverExtArgs() {
+    assertThat(builder.nameResolverCustomArgs)
+        .isNull();
+
+    NameResolver.Args.Key<Integer> testKey = NameResolver.Args.Key.create("test-key");
+    builder.setNameResolverArg(testKey, 42);
+    assertThat(builder.nameResolverCustomArgs.get(testKey)).isEqualTo(42);
+  }
+
   @Test
   public void metricSinks() {
     MetricSink mocksink = mock(MetricSink.class);
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 2fe82aea972..98900cecf2b 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -205,6 +205,8 @@ public class ManagedChannelImplTest {
       .setServiceConfigParser(mock(NameResolver.ServiceConfigParser.class))
       .setScheduledExecutorService(new FakeClock().getScheduledExecutorService())
       .build();
+  private static final NameResolver.Args.Key<String> TEST_RESOLVER_CUSTOM_ARG_KEY =
+      NameResolver.Args.Key.create("test-key");
 
   private URI expectedUri;
   private final SocketAddress socketAddress =
@@ -4271,13 +4273,18 @@ public String getDefaultScheme() {
           return "fake";
         }
       };
-    channelBuilder.nameResolverFactory(factory).proxyDetector(neverProxy);
+    channelBuilder
+        .nameResolverFactory(factory)
+        .proxyDetector(neverProxy)
+        .setNameResolverArg(TEST_RESOLVER_CUSTOM_ARG_KEY, "test-value");
+
     createChannel();
 
     NameResolver.Args args = capturedArgs.get();
     assertThat(args).isNotNull();
     assertThat(args.getDefaultPort()).isEqualTo(DEFAULT_PORT);
     assertThat(args.getProxyDetector()).isSameInstanceAs(neverProxy);
+    assertThat(args.getArg(TEST_RESOLVER_CUSTOM_ARG_KEY)).isEqualTo("test-value");
 
     verify(offloadExecutor, never()).execute(any(Runnable.class));
     args.getOffloadExecutor()

From 7b29111cd0a4bd605254b0b93bb45da590e1e245 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Sat, 21 Dec 2024 00:45:54 +0530
Subject: [PATCH 119/591] Update README etc to reference 1.69.0

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 97b2bd6d5f9..c6a8f3bdd8a 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.68.1/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.68.1/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.69.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.69.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.68.1</version>
+  <version>1.69.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.68.1</version>
+  <version>1.69.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.68.1</version>
+  <version>1.69.0</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.68.1'
-implementation 'io.grpc:grpc-protobuf:1.68.1'
-implementation 'io.grpc:grpc-stub:1.68.1'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.69.0'
+implementation 'io.grpc:grpc-protobuf:1.69.0'
+implementation 'io.grpc:grpc-stub:1.69.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.68.1'
-implementation 'io.grpc:grpc-protobuf-lite:1.68.1'
-implementation 'io.grpc:grpc-stub:1.68.1'
+implementation 'io.grpc:grpc-okhttp:1.69.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.69.0'
+implementation 'io.grpc:grpc-stub:1.69.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.68.1
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.69.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://oss.sonatype.org/content/repositories/snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.68.1:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.69.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.68.1'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.68.1'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0'
     }
   }
   generateProtoTasks {

From ea8c31c305eac5a6ac9a09de5ea2edb9ed719a31 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Fri, 20 Dec 2024 16:16:17 -0800
Subject: [PATCH 120/591] Bidi Blocking Stub (#10318)

---
 .../alts/internal/HandshakerServiceGrpc.java  |  49 ++
 .../LoadBalancerStatsServiceGrpc.java         |  55 ++
 .../integration/MetricsServiceGrpc.java       |  55 ++
 .../integration/ReconnectServiceGrpc.java     |  49 ++
 .../testing/integration/TestServiceGrpc.java  | 134 +++++
 .../integration/UnimplementedServiceGrpc.java |  46 ++
 .../XdsUpdateClientConfigureServiceGrpc.java  |  45 ++
 .../XdsUpdateHealthServiceGrpc.java           |  49 ++
 .../LoadBalancerStatsServiceGrpc.java         |  55 ++
 .../integration/MetricsServiceGrpc.java       |  55 ++
 .../integration/ReconnectServiceGrpc.java     |  49 ++
 .../testing/integration/TestServiceGrpc.java  | 134 +++++
 .../integration/UnimplementedServiceGrpc.java |  46 ++
 .../XdsUpdateClientConfigureServiceGrpc.java  |  45 ++
 .../XdsUpdateHealthServiceGrpc.java           |  49 ++
 .../proto/BenchmarkServiceGrpc.java           |  96 ++++
 .../proto/ReportQpsScenarioServiceGrpc.java   |  42 ++
 .../benchmarks/proto/WorkerServiceGrpc.java   |  86 +++
 .../src/java_plugin/cpp/java_generator.cpp    | 117 +++-
 .../golden/TestDeprecatedService.java.txt     |  47 ++
 compiler/src/test/golden/TestService.java.txt | 134 +++++
 .../golden/TestDeprecatedService.java.txt     |  47 ++
 .../src/testLite/golden/TestService.java.txt  | 134 +++++
 examples/build.gradle                         |   1 +
 .../manualflowcontrol/BidiBlockingClient.java | 286 ++++++++++
 .../ManualFlowControlServer.java              |   4 +-
 examples/src/main/proto/hello_streaming.proto |   1 +
 .../grpc/io/grpc/lb/v1/LoadBalancerGrpc.java  |  44 ++
 .../LoadBalancerStatsServiceGrpc.java         |  55 ++
 .../integration/MetricsServiceGrpc.java       |  55 ++
 .../integration/ReconnectServiceGrpc.java     |  49 ++
 .../testing/integration/TestServiceGrpc.java  | 134 +++++
 .../integration/UnimplementedServiceGrpc.java |  46 ++
 .../XdsUpdateClientConfigureServiceGrpc.java  |  45 ++
 .../XdsUpdateHealthServiceGrpc.java           |  49 ++
 .../io/istio/test/EchoTestServiceGrpc.java    |  46 ++
 .../lookup/v1/RouteLookupServiceGrpc.java     |  42 ++
 .../internal/handshaker/S2AServiceGrpc.java   |  45 ++
 .../io/grpc/channelz/v1/ChannelzGrpc.java     | 107 ++++
 .../grpc/io/grpc/health/v1/HealthGrpc.java    |  67 +++
 .../reflection/v1/ServerReflectionGrpc.java   |  45 ++
 .../v1alpha/ServerReflectionGrpc.java         |  45 ++
 .../testing/AnotherDynamicServiceGrpc.java    |  45 ++
 .../AnotherReflectableServiceGrpc.java        |  39 ++
 .../testing/DynamicServiceGrpc.java           |  45 ++
 .../testing/ReflectableServiceGrpc.java       |  39 ++
 .../java/io/grpc/stub/BlockingClientCall.java | 352 ++++++++++++
 .../main/java/io/grpc/stub/ClientCalls.java   | 230 +++++++-
 .../io/grpc/stub/BlockingClientCallTest.java  | 520 ++++++++++++++++++
 .../java/io/grpc/stub/ClientCallsTest.java    |   2 +-
 .../testing/protobuf/SimpleServiceGrpc.java   |  81 +++
 .../service/orca/v3/OpenRcaServiceGrpc.java   |  51 ++
 .../v3/AggregatedDiscoveryServiceGrpc.java    |  61 ++
 .../v3/LoadReportingServiceGrpc.java          |  70 +++
 .../v3/RateLimitQuotaServiceGrpc.java         |  48 ++
 .../v3/ClientStatusDiscoveryServiceGrpc.java  |  53 ++
 56 files changed, 4390 insertions(+), 30 deletions(-)
 create mode 100644 examples/src/main/java/io/grpc/examples/manualflowcontrol/BidiBlockingClient.java
 create mode 100644 stub/src/main/java/io/grpc/stub/BlockingClientCall.java
 create mode 100644 stub/src/test/java/io/grpc/stub/BlockingClientCallTest.java

diff --git a/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java b/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
index 2caba4a0544..bfb98ea3e68 100644
--- a/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
+++ b/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
@@ -60,6 +60,21 @@ public HandshakerServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOption
     return HandshakerServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static HandshakerServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<HandshakerServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<HandshakerServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public HandshakerServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new HandshakerServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return HandshakerServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -157,6 +172,40 @@ public io.grpc.stub.StreamObserver<io.grpc.alts.internal.HandshakerReq> doHandsh
   /**
    * A stub to allow clients to do synchronous rpc calls to service HandshakerService.
    */
+  public static final class HandshakerServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<HandshakerServiceBlockingV2Stub> {
+    private HandshakerServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected HandshakerServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new HandshakerServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Handshaker service accepts a stream of handshaker request, returning a
+     * stream of handshaker response. Client is expected to send exactly one
+     * message with either client_start or server_start followed by one or more
+     * messages with next. Each time client sends a request, the handshaker
+     * service expects to respond. Client does not have to wait for service's
+     * response before sending next request.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.alts.internal.HandshakerReq, io.grpc.alts.internal.HandshakerResp>
+        doHandshake() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getDoHandshakeMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service HandshakerService.
+   */
   public static final class HandshakerServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<HandshakerServiceBlockingStub> {
     private HandshakerServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index e030fde13e3..fe8c30ba3c4 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -92,6 +92,21 @@ public LoadBalancerStatsServiceStub newStub(io.grpc.Channel channel, io.grpc.Cal
     return LoadBalancerStatsServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static LoadBalancerStatsServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<LoadBalancerStatsServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<LoadBalancerStatsServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public LoadBalancerStatsServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new LoadBalancerStatsServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return LoadBalancerStatsServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -212,6 +227,46 @@ public void getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadB
    * A service used to obtain stats for verifying LB behavior.
    * </pre>
    */
+  public static final class LoadBalancerStatsServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<LoadBalancerStatsServiceBlockingV2Stub> {
+    private LoadBalancerStatsServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected LoadBalancerStatsServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new LoadBalancerStatsServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Gets the backend distribution for RPCs sent by a test client.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetClientStatsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Gets the accumulated stats for RPCs sent by a test client.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetClientAccumulatedStatsMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service LoadBalancerStatsService.
+   * <pre>
+   * A service used to obtain stats for verifying LB behavior.
+   * </pre>
+   */
   public static final class LoadBalancerStatsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<LoadBalancerStatsServiceBlockingStub> {
     private LoadBalancerStatsServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index e8726d5adc4..57a7db1ec89 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -89,6 +89,21 @@ public MetricsServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions c
     return MetricsServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static MetricsServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<MetricsServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<MetricsServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public MetricsServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new MetricsServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return MetricsServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -199,6 +214,46 @@ public void getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service MetricsService.
    */
+  public static final class MetricsServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingV2Stub> {
+    private MetricsServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected MetricsServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new MetricsServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Returns the values of all the gauges that are currently being maintained by
+     * the service
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.integration.Metrics.GaugeResponse>
+        getAllGauges(io.grpc.testing.integration.Metrics.EmptyMessage request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getGetAllGaugesMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Returns the value of one gauge
+     * </pre>
+     */
+    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetGaugeMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service MetricsService.
+   */
   public static final class MetricsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingStub> {
     private MetricsServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 8ede6407cd0..79f0bdf0fab 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -92,6 +92,21 @@ public ReconnectServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions
     return ReconnectServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ReconnectServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ReconnectServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ReconnectServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public ReconnectServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ReconnectServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ReconnectServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -200,6 +215,40 @@ public void stop(io.grpc.testing.integration.EmptyProtos.Empty request,
    * A service used to control reconnect server.
    * </pre>
    */
+  public static final class ReconnectServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ReconnectServiceBlockingV2Stub> {
+    private ReconnectServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ReconnectServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ReconnectServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getStartMethod(), getCallOptions(), request);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getStopMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service ReconnectService.
+   * <pre>
+   * A service used to control reconnect server.
+   * </pre>
+   */
   public static final class ReconnectServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ReconnectServiceBlockingStub> {
     private ReconnectServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 01e2678a12f..1086974d823 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -273,6 +273,21 @@ public TestServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions call
     return TestServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static TestServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public TestServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new TestServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return TestServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -543,6 +558,125 @@ public void unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty requ
    * performance with various types of payload.
    * </pre>
    */
+  public static final class TestServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingV2Stub> {
+    private TestServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected TestServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new TestServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * One empty request followed by one empty response.
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getEmptyCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response. Response has cache control
+     * headers set such that a caching HTTP proxy (such as GFE) can
+     * satisfy subsequent requests.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCacheableUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by a sequence of responses (streamed download).
+     * The server returns the payload with client desired type and sizes.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        streamingOutputCall(io.grpc.testing.integration.Messages.StreamingOutputCallRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getStreamingOutputCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by one response (streamed upload).
+     * The server returns the aggregated size of client payload as the result.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingInputCallRequest, io.grpc.testing.integration.Messages.StreamingInputCallResponse>
+        streamingInputCall() {
+      return io.grpc.stub.ClientCalls.blockingClientStreamingCall(
+          getChannel(), getStreamingInputCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests with each request served by the server immediately.
+     * As one request could lead to multiple responses, this interface
+     * demonstrates the idea of full duplexing.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingOutputCallRequest, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        fullDuplexCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getFullDuplexCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by a sequence of responses.
+     * The server buffers all the client requests and then serves them in order. A
+     * stream of responses are returned to the client when the server starts with
+     * first request.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingOutputCallRequest, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        halfDuplexCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getHalfDuplexCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * The test server will not implement this method. It will be used
+     * to test the behavior when clients call unimplemented methods.
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * <pre>
+   * A simple service to test the various types of RPCs and experiment with
+   * performance with various types of payload.
+   * </pre>
+   */
   public static final class TestServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingStub> {
     private TestServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index 743d68c3828..be3d1eab13a 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -63,6 +63,21 @@ public UnimplementedServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOpt
     return UnimplementedServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static UnimplementedServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<UnimplementedServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<UnimplementedServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public UnimplementedServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new UnimplementedServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return UnimplementedServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -166,6 +181,37 @@ public void unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty requ
    * that case.
    * </pre>
    */
+  public static final class UnimplementedServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<UnimplementedServiceBlockingV2Stub> {
+    private UnimplementedServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected UnimplementedServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new UnimplementedServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * A call that no server should implement
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service UnimplementedService.
+   * <pre>
+   * A simple service NOT implemented at servers so clients can test for
+   * that case.
+   * </pre>
+   */
   public static final class UnimplementedServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<UnimplementedServiceBlockingStub> {
     private UnimplementedServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 61cfc19d29b..f72a09192f0 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -62,6 +62,21 @@ public XdsUpdateClientConfigureServiceStub newStub(io.grpc.Channel channel, io.g
     return XdsUpdateClientConfigureServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static XdsUpdateClientConfigureServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<XdsUpdateClientConfigureServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<XdsUpdateClientConfigureServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public XdsUpdateClientConfigureServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new XdsUpdateClientConfigureServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return XdsUpdateClientConfigureServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -161,6 +176,36 @@ public void configure(io.grpc.testing.integration.Messages.ClientConfigureReques
    * A service to dynamically update the configuration of an xDS test client.
    * </pre>
    */
+  public static final class XdsUpdateClientConfigureServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<XdsUpdateClientConfigureServiceBlockingV2Stub> {
+    private XdsUpdateClientConfigureServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected XdsUpdateClientConfigureServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new XdsUpdateClientConfigureServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Update the tes client's configuration.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getConfigureMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateClientConfigureService.
+   * <pre>
+   * A service to dynamically update the configuration of an xDS test client.
+   * </pre>
+   */
   public static final class XdsUpdateClientConfigureServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<XdsUpdateClientConfigureServiceBlockingStub> {
     private XdsUpdateClientConfigureServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 6ba9419dedf..3258354cc20 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -92,6 +92,21 @@ public XdsUpdateHealthServiceStub newStub(io.grpc.Channel channel, io.grpc.CallO
     return XdsUpdateHealthServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static XdsUpdateHealthServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<XdsUpdateHealthServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<XdsUpdateHealthServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public XdsUpdateHealthServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new XdsUpdateHealthServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return XdsUpdateHealthServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -200,6 +215,40 @@ public void setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request,
    * A service to remotely control health status of an xDS test server.
    * </pre>
    */
+  public static final class XdsUpdateHealthServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<XdsUpdateHealthServiceBlockingV2Stub> {
+    private XdsUpdateHealthServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected XdsUpdateHealthServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new XdsUpdateHealthServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getSetServingMethod(), getCallOptions(), request);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getSetNotServingMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateHealthService.
+   * <pre>
+   * A service to remotely control health status of an xDS test server.
+   * </pre>
+   */
   public static final class XdsUpdateHealthServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<XdsUpdateHealthServiceBlockingStub> {
     private XdsUpdateHealthServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index e030fde13e3..fe8c30ba3c4 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -92,6 +92,21 @@ public LoadBalancerStatsServiceStub newStub(io.grpc.Channel channel, io.grpc.Cal
     return LoadBalancerStatsServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static LoadBalancerStatsServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<LoadBalancerStatsServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<LoadBalancerStatsServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public LoadBalancerStatsServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new LoadBalancerStatsServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return LoadBalancerStatsServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -212,6 +227,46 @@ public void getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadB
    * A service used to obtain stats for verifying LB behavior.
    * </pre>
    */
+  public static final class LoadBalancerStatsServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<LoadBalancerStatsServiceBlockingV2Stub> {
+    private LoadBalancerStatsServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected LoadBalancerStatsServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new LoadBalancerStatsServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Gets the backend distribution for RPCs sent by a test client.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetClientStatsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Gets the accumulated stats for RPCs sent by a test client.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetClientAccumulatedStatsMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service LoadBalancerStatsService.
+   * <pre>
+   * A service used to obtain stats for verifying LB behavior.
+   * </pre>
+   */
   public static final class LoadBalancerStatsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<LoadBalancerStatsServiceBlockingStub> {
     private LoadBalancerStatsServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index e8726d5adc4..57a7db1ec89 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -89,6 +89,21 @@ public MetricsServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions c
     return MetricsServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static MetricsServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<MetricsServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<MetricsServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public MetricsServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new MetricsServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return MetricsServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -199,6 +214,46 @@ public void getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service MetricsService.
    */
+  public static final class MetricsServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingV2Stub> {
+    private MetricsServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected MetricsServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new MetricsServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Returns the values of all the gauges that are currently being maintained by
+     * the service
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.integration.Metrics.GaugeResponse>
+        getAllGauges(io.grpc.testing.integration.Metrics.EmptyMessage request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getGetAllGaugesMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Returns the value of one gauge
+     * </pre>
+     */
+    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetGaugeMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service MetricsService.
+   */
   public static final class MetricsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingStub> {
     private MetricsServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 8ede6407cd0..79f0bdf0fab 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -92,6 +92,21 @@ public ReconnectServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions
     return ReconnectServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ReconnectServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ReconnectServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ReconnectServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public ReconnectServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ReconnectServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ReconnectServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -200,6 +215,40 @@ public void stop(io.grpc.testing.integration.EmptyProtos.Empty request,
    * A service used to control reconnect server.
    * </pre>
    */
+  public static final class ReconnectServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ReconnectServiceBlockingV2Stub> {
+    private ReconnectServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ReconnectServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ReconnectServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getStartMethod(), getCallOptions(), request);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getStopMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service ReconnectService.
+   * <pre>
+   * A service used to control reconnect server.
+   * </pre>
+   */
   public static final class ReconnectServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ReconnectServiceBlockingStub> {
     private ReconnectServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 01e2678a12f..1086974d823 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -273,6 +273,21 @@ public TestServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions call
     return TestServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static TestServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public TestServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new TestServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return TestServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -543,6 +558,125 @@ public void unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty requ
    * performance with various types of payload.
    * </pre>
    */
+  public static final class TestServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingV2Stub> {
+    private TestServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected TestServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new TestServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * One empty request followed by one empty response.
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getEmptyCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response. Response has cache control
+     * headers set such that a caching HTTP proxy (such as GFE) can
+     * satisfy subsequent requests.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCacheableUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by a sequence of responses (streamed download).
+     * The server returns the payload with client desired type and sizes.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        streamingOutputCall(io.grpc.testing.integration.Messages.StreamingOutputCallRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getStreamingOutputCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by one response (streamed upload).
+     * The server returns the aggregated size of client payload as the result.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingInputCallRequest, io.grpc.testing.integration.Messages.StreamingInputCallResponse>
+        streamingInputCall() {
+      return io.grpc.stub.ClientCalls.blockingClientStreamingCall(
+          getChannel(), getStreamingInputCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests with each request served by the server immediately.
+     * As one request could lead to multiple responses, this interface
+     * demonstrates the idea of full duplexing.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingOutputCallRequest, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        fullDuplexCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getFullDuplexCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by a sequence of responses.
+     * The server buffers all the client requests and then serves them in order. A
+     * stream of responses are returned to the client when the server starts with
+     * first request.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingOutputCallRequest, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        halfDuplexCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getHalfDuplexCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * The test server will not implement this method. It will be used
+     * to test the behavior when clients call unimplemented methods.
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * <pre>
+   * A simple service to test the various types of RPCs and experiment with
+   * performance with various types of payload.
+   * </pre>
+   */
   public static final class TestServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingStub> {
     private TestServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index 743d68c3828..be3d1eab13a 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -63,6 +63,21 @@ public UnimplementedServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOpt
     return UnimplementedServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static UnimplementedServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<UnimplementedServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<UnimplementedServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public UnimplementedServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new UnimplementedServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return UnimplementedServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -166,6 +181,37 @@ public void unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty requ
    * that case.
    * </pre>
    */
+  public static final class UnimplementedServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<UnimplementedServiceBlockingV2Stub> {
+    private UnimplementedServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected UnimplementedServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new UnimplementedServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * A call that no server should implement
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service UnimplementedService.
+   * <pre>
+   * A simple service NOT implemented at servers so clients can test for
+   * that case.
+   * </pre>
+   */
   public static final class UnimplementedServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<UnimplementedServiceBlockingStub> {
     private UnimplementedServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 61cfc19d29b..f72a09192f0 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -62,6 +62,21 @@ public XdsUpdateClientConfigureServiceStub newStub(io.grpc.Channel channel, io.g
     return XdsUpdateClientConfigureServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static XdsUpdateClientConfigureServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<XdsUpdateClientConfigureServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<XdsUpdateClientConfigureServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public XdsUpdateClientConfigureServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new XdsUpdateClientConfigureServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return XdsUpdateClientConfigureServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -161,6 +176,36 @@ public void configure(io.grpc.testing.integration.Messages.ClientConfigureReques
    * A service to dynamically update the configuration of an xDS test client.
    * </pre>
    */
+  public static final class XdsUpdateClientConfigureServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<XdsUpdateClientConfigureServiceBlockingV2Stub> {
+    private XdsUpdateClientConfigureServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected XdsUpdateClientConfigureServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new XdsUpdateClientConfigureServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Update the tes client's configuration.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getConfigureMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateClientConfigureService.
+   * <pre>
+   * A service to dynamically update the configuration of an xDS test client.
+   * </pre>
+   */
   public static final class XdsUpdateClientConfigureServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<XdsUpdateClientConfigureServiceBlockingStub> {
     private XdsUpdateClientConfigureServiceBlockingStub(
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 6ba9419dedf..3258354cc20 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -92,6 +92,21 @@ public XdsUpdateHealthServiceStub newStub(io.grpc.Channel channel, io.grpc.CallO
     return XdsUpdateHealthServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static XdsUpdateHealthServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<XdsUpdateHealthServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<XdsUpdateHealthServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public XdsUpdateHealthServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new XdsUpdateHealthServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return XdsUpdateHealthServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -200,6 +215,40 @@ public void setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request,
    * A service to remotely control health status of an xDS test server.
    * </pre>
    */
+  public static final class XdsUpdateHealthServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<XdsUpdateHealthServiceBlockingV2Stub> {
+    private XdsUpdateHealthServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected XdsUpdateHealthServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new XdsUpdateHealthServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getSetServingMethod(), getCallOptions(), request);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getSetNotServingMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateHealthService.
+   * <pre>
+   * A service to remotely control health status of an xDS test server.
+   * </pre>
+   */
   public static final class XdsUpdateHealthServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<XdsUpdateHealthServiceBlockingStub> {
     private XdsUpdateHealthServiceBlockingStub(
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
index e62c2274ee9..9422ed7b1fa 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
@@ -184,6 +184,21 @@ public BenchmarkServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions
     return BenchmarkServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static BenchmarkServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<BenchmarkServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<BenchmarkServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public BenchmarkServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new BenchmarkServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return BenchmarkServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -367,6 +382,87 @@ public io.grpc.stub.StreamObserver<io.grpc.benchmarks.proto.Messages.SimpleReque
   /**
    * A stub to allow clients to do synchronous rpc calls to service BenchmarkService.
    */
+  public static final class BenchmarkServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<BenchmarkServiceBlockingV2Stub> {
+    private BenchmarkServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected BenchmarkServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new BenchmarkServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response.
+     * The server returns the client payload as-is.
+     * </pre>
+     */
+    public io.grpc.benchmarks.proto.Messages.SimpleResponse unaryCall(io.grpc.benchmarks.proto.Messages.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Repeated sequence of one request followed by one response.
+     * Should be called streaming ping-pong
+     * The server returns the client payload as-is on each response
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.benchmarks.proto.Messages.SimpleRequest, io.grpc.benchmarks.proto.Messages.SimpleResponse>
+        streamingCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getStreamingCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * Single-sided unbounded streaming from client to server
+     * The server returns the client payload as-is once the client does WritesDone
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.benchmarks.proto.Messages.SimpleRequest, io.grpc.benchmarks.proto.Messages.SimpleResponse>
+        streamingFromClient() {
+      return io.grpc.stub.ClientCalls.blockingClientStreamingCall(
+          getChannel(), getStreamingFromClientMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * Single-sided unbounded streaming from server to client
+     * The server repeatedly returns the client payload as-is
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.benchmarks.proto.Messages.SimpleResponse>
+        streamingFromServer(io.grpc.benchmarks.proto.Messages.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getStreamingFromServerMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Two-sided unbounded streaming between server to client
+     * Both sides send the content of their own choice to the other
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.benchmarks.proto.Messages.SimpleRequest, io.grpc.benchmarks.proto.Messages.SimpleResponse>
+        streamingBothWays() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getStreamingBothWaysMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service BenchmarkService.
+   */
   public static final class BenchmarkServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<BenchmarkServiceBlockingStub> {
     private BenchmarkServiceBlockingStub(
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
index b24c3813c19..a7f2fdd3b5e 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
@@ -60,6 +60,21 @@ public ReportQpsScenarioServiceStub newStub(io.grpc.Channel channel, io.grpc.Cal
     return ReportQpsScenarioServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ReportQpsScenarioServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ReportQpsScenarioServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ReportQpsScenarioServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public ReportQpsScenarioServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ReportQpsScenarioServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ReportQpsScenarioServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -147,6 +162,33 @@ public void reportScenario(io.grpc.benchmarks.proto.Control.ScenarioResult reque
   /**
    * A stub to allow clients to do synchronous rpc calls to service ReportQpsScenarioService.
    */
+  public static final class ReportQpsScenarioServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ReportQpsScenarioServiceBlockingV2Stub> {
+    private ReportQpsScenarioServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ReportQpsScenarioServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ReportQpsScenarioServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Report results of a QPS test benchmark scenario.
+     * </pre>
+     */
+    public io.grpc.benchmarks.proto.Control.Void reportScenario(io.grpc.benchmarks.proto.Control.ScenarioResult request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getReportScenarioMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service ReportQpsScenarioService.
+   */
   public static final class ReportQpsScenarioServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ReportQpsScenarioServiceBlockingStub> {
     private ReportQpsScenarioServiceBlockingStub(
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
index 0ee6797c8e3..bf6c115be35 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
@@ -153,6 +153,21 @@ public WorkerServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions ca
     return WorkerServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static WorkerServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<WorkerServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<WorkerServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public WorkerServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new WorkerServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return WorkerServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -323,6 +338,77 @@ public void quitWorker(io.grpc.benchmarks.proto.Control.Void request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service WorkerService.
    */
+  public static final class WorkerServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<WorkerServiceBlockingV2Stub> {
+    private WorkerServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected WorkerServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new WorkerServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Start server with specified workload.
+     * First request sent specifies the ServerConfig followed by ServerStatus
+     * response. After that, a "Mark" can be sent anytime to request the latest
+     * stats. Closing the stream will initiate shutdown of the test server
+     * and once the shutdown has finished, the OK status is sent to terminate
+     * this RPC.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.benchmarks.proto.Control.ServerArgs, io.grpc.benchmarks.proto.Control.ServerStatus>
+        runServer() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getRunServerMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * Start client with specified workload.
+     * First request sent specifies the ClientConfig followed by ClientStatus
+     * response. After that, a "Mark" can be sent anytime to request the latest
+     * stats. Closing the stream will initiate shutdown of the test client
+     * and once the shutdown has finished, the OK status is sent to terminate
+     * this RPC.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.benchmarks.proto.Control.ClientArgs, io.grpc.benchmarks.proto.Control.ClientStatus>
+        runClient() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getRunClientMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * Just return the core count - unary call
+     * </pre>
+     */
+    public io.grpc.benchmarks.proto.Control.CoreResponse coreCount(io.grpc.benchmarks.proto.Control.CoreRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCoreCountMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Quit this worker
+     * </pre>
+     */
+    public io.grpc.benchmarks.proto.Control.Void quitWorker(io.grpc.benchmarks.proto.Control.Void request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getQuitWorkerMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service WorkerService.
+   */
   public static final class WorkerServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<WorkerServiceBlockingStub> {
     private WorkerServiceBlockingStub(
diff --git a/compiler/src/java_plugin/cpp/java_generator.cpp b/compiler/src/java_plugin/cpp/java_generator.cpp
index 8693fad1b66..5d12beb87c6 100644
--- a/compiler/src/java_plugin/cpp/java_generator.cpp
+++ b/compiler/src/java_plugin/cpp/java_generator.cpp
@@ -355,13 +355,15 @@ enum StubType {
   BLOCKING_CLIENT_IMPL = 5,
   FUTURE_CLIENT_IMPL = 6,
   ABSTRACT_CLASS = 7,
-  NONE = 8,
+  BLOCKING_V2_CLIENT_IMPL = 8,
+  NONE = 999,
 };
 
 enum CallType {
   ASYNC_CALL = 0,
   BLOCKING_CALL = 1,
-  FUTURE_CALL = 2
+  FUTURE_CALL = 2,
+  BLOCKING_V2_CALL = 3,
 };
 
 // TODO(nmittler): Remove once protobuf includes javadoc methods in distribution.
@@ -410,6 +412,9 @@ static void GrpcWriteServiceDocComment(Printer* printer,
       printer->Print(vars, " * A stub to allow clients to do asynchronous rpc calls to service $service$.\n");
       break;
     case BLOCKING_CLIENT_IMPL:
+      printer->Print(vars, " * A stub to allow clients to do llimited synchronous rpc calls to service $service$.\n");
+      break;
+    case BLOCKING_V2_CLIENT_IMPL:
       printer->Print(vars, " * A stub to allow clients to do synchronous rpc calls to service $service$.\n");
       break;
     case FUTURE_CLIENT_IMPL:
@@ -555,6 +560,9 @@ static void PrintStubFactory(
     case BLOCKING_CLIENT_IMPL:
       stub_type_name = "Blocking";
       break;
+    case BLOCKING_V2_CLIENT_IMPL:
+      stub_type_name = "BlockingV2";
+      break;
     default:
       GRPC_CODEGEN_FAIL << "Cannot generate StubFactory for StubType: " << type;
   }
@@ -597,6 +605,11 @@ static void PrintStub(
       stub_name += "BlockingStub";
       stub_base_class_name = "AbstractBlockingStub";
       break;
+    case BLOCKING_V2_CLIENT_IMPL:
+      call_type = BLOCKING_V2_CALL;
+      stub_name += "BlockingV2Stub";
+      stub_base_class_name = "AbstractBlockingStub";
+      break;
     case FUTURE_CLIENT_IMPL:
       call_type = FUTURE_CALL;
       stub_name += "FutureStub";
@@ -679,13 +692,17 @@ static void PrintStub(
 
     // Method signature
     p->Print("\n");
-    // TODO(nmittler): Replace with WriteMethodDocComment once included by the protobuf distro.
     GrpcWriteMethodDocComment(p, method);
 
     if (method->options().deprecated()) {
       p->Print(*vars, "@$Deprecated$\n");
     }
 
+    if ((call_type == BLOCKING_CALL && client_streaming && server_streaming)
+       || (call_type == BLOCKING_V2_CALL && (client_streaming || server_streaming))) {
+      p->Print(*vars, "@io.grpc.ExperimentalApi(\"https://github.com/grpc/grpc-java/issues/10918\")\n");
+    }
+
     if (!interface) {
       p->Print("public ");
     } else {
@@ -695,7 +712,12 @@ static void PrintStub(
       case BLOCKING_CALL:
         GRPC_CODEGEN_CHECK(!client_streaming)
             << "Blocking client interface with client streaming is unavailable";
-        if (server_streaming) {
+        if (client_streaming && server_streaming) {
+          p->Print(
+              *vars,
+              "$BlockingClientCall$<$input_type$, $output_type$>\n"
+               "    $lower_method_name$()");
+        } else if (server_streaming) {
           // Server streaming
           p->Print(
               *vars,
@@ -708,6 +730,25 @@ static void PrintStub(
               "$output_type$ $lower_method_name$($input_type$ request)");
         }
         break;
+      case BLOCKING_V2_CALL:
+        if (client_streaming) { // Both Bidi and Client Streaming
+          p->Print(
+              *vars,
+              "$BlockingClientCall$<$input_type$, $output_type$>\n"
+               "    $lower_method_name$()");
+        } else if (server_streaming) {
+          // Server streaming
+          p->Print(
+              *vars,
+              "$BlockingClientCall$<?, $output_type$>\n"
+              "    $lower_method_name$($input_type$ request)");
+       } else {
+          // Simple RPC
+          p->Print(
+              *vars,
+              "$output_type$ $lower_method_name$($input_type$ request)");
+       }
+       break;
       case ASYNC_CALL:
         if (client_streaming) {
           // Bidirectional streaming or client streaming
@@ -753,21 +794,46 @@ static void PrintStub(
             "$method_method_name$(), responseObserver);\n");
       }
     } else if (!interface) {
-      switch (call_type) {
+        switch (call_type) {
         case BLOCKING_CALL:
           GRPC_CODEGEN_CHECK(!client_streaming)
-              << "Blocking client streaming interface is not available";
-          if (server_streaming) {
-            (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingServerStreamingCall";
-            (*vars)["params"] = "request";
-          } else {
-            (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingUnaryCall";
-            (*vars)["params"] = "request";
+              << "Blocking client and bidi streaming interface are not available";
+            if (server_streaming) {
+              (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingServerStreamingCall";
+              (*vars)["params"] = "request";
+            } else {
+              (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingUnaryCall";
+              (*vars)["params"] = "request";
+            }
+            p->Print(
+                *vars,
+                "return $calls_method$(\n"
+                "    getChannel(), $method_method_name$(), getCallOptions(), $params$);\n");
+          break;
+        case BLOCKING_V2_CALL:
+          if (client_streaming) { // client and bidi streaming
+                if (server_streaming) {
+                    (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingBidiStreamingCall";
+                 } else {
+                   (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingClientStreamingCall";
+                 }
+           p->Print(
+                *vars,
+                "return $calls_method$(\n"
+                "    getChannel(), $method_method_name$(), getCallOptions());\n");
+          } else { // server streaming and unary
+               (*vars)["params"] = "request";
+               if (server_streaming) {
+                   (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall";
+                } else {
+                  (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingUnaryCall";
+                }
+
+            p->Print(
+                *vars,
+                "return $calls_method$(\n"
+                "    getChannel(), $method_method_name$(), getCallOptions(), $params$);\n");
           }
-          p->Print(
-              *vars,
-              "return $calls_method$(\n"
-              "    getChannel(), $method_method_name$(), getCallOptions(), $params$);\n");
           break;
         case ASYNC_CALL:
           if (server_streaming) {
@@ -804,7 +870,7 @@ static void PrintStub(
               "return $calls_method$(\n"
               "    getChannel().newCall($method_method_name$(), getCallOptions()), request);\n");
           break;
-      }
+        }
     } else {
       GRPC_CODEGEN_FAIL << "Do not create Stub interfaces";
     }
@@ -1173,6 +1239,21 @@ static void PrintService(const ServiceDescriptor* service,
   p->Outdent();
   p->Print("}\n\n");
 
+  // TODO(nmittler): Replace with WriteDocComment once included by protobuf distro.
+  GrpcWriteDocComment(p, " Creates a new blocking-style stub that supports all types of calls "
+                         "on the service");
+  p->Print(
+      *vars,
+      "public static $service_name$BlockingV2Stub newBlockingV2Stub(\n"
+      "    $Channel$ channel) {\n");
+  p->Indent();
+  PrintStubFactory(service, vars, p, BLOCKING_V2_CLIENT_IMPL);
+  p->Print(
+      *vars,
+      "return $service_name$BlockingV2Stub.newStub(factory, channel);\n");
+  p->Outdent();
+  p->Print("}\n\n");
+
   // TODO(nmittler): Replace with WriteDocComment once included by protobuf distro.
   GrpcWriteDocComment(p, " Creates a new blocking-style stub that supports unary and streaming "
                          "output calls on the service");
@@ -1206,6 +1287,7 @@ static void PrintService(const ServiceDescriptor* service,
   PrintStub(service, vars, p, ASYNC_INTERFACE);
   PrintAbstractClassStub(service, vars, p);
   PrintStub(service, vars, p, ASYNC_CLIENT_IMPL);
+  PrintStub(service, vars, p, BLOCKING_V2_CLIENT_IMPL);
   PrintStub(service, vars, p, BLOCKING_CLIENT_IMPL);
   PrintStub(service, vars, p, FUTURE_CLIENT_IMPL);
 
@@ -1257,6 +1339,7 @@ void GenerateService(const ServiceDescriptor* service,
   vars["RpcMethod"] = "io.grpc.stub.annotations.RpcMethod";
   vars["MethodDescriptor"] = "io.grpc.MethodDescriptor";
   vars["StreamObserver"] = "io.grpc.stub.StreamObserver";
+  vars["BlockingClientCall"] = "io.grpc.stub.BlockingClientCall";
   vars["Iterator"] = "java.util.Iterator";
   vars["GrpcGenerated"] = "io.grpc.stub.annotations.GrpcGenerated";
   vars["ListenableFuture"] =
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 36ff11a160a..c97bc9d44c9 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -64,6 +64,21 @@ public final class TestDeprecatedServiceGrpc {
     return TestDeprecatedServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static TestDeprecatedServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<TestDeprecatedServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<TestDeprecatedServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public TestDeprecatedServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new TestDeprecatedServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return TestDeprecatedServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -169,6 +184,38 @@ public final class TestDeprecatedServiceGrpc {
    * </pre>
    */
   @java.lang.Deprecated
+  public static final class TestDeprecatedServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<TestDeprecatedServiceBlockingV2Stub> {
+    private TestDeprecatedServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected TestDeprecatedServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new TestDeprecatedServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * An RPC method that has been deprecated and should generate with Java's &#64;Deprecated annotation
+     * </pre>
+     */
+    @java.lang.Deprecated
+    public io.grpc.testing.compiler.Test.SimpleResponse deprecatedMethod(io.grpc.testing.compiler.Test.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getDeprecatedMethodMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service TestDeprecatedService.
+   * <pre>
+   * Test service that has been deprecated and should generate with Java's &#64;Deprecated annotation
+   * </pre>
+   */
+  @java.lang.Deprecated
   public static final class TestDeprecatedServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<TestDeprecatedServiceBlockingStub> {
     private TestDeprecatedServiceBlockingStub(
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 69a1b0947b5..229b7dcc252 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -282,6 +282,21 @@ public final class TestServiceGrpc {
     return TestServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static TestServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public TestServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new TestServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return TestServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -546,6 +561,125 @@ public final class TestServiceGrpc {
    * Test service that supports all call types.
    * </pre>
    */
+  public static final class TestServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingV2Stub> {
+    private TestServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected TestServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new TestServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response.
+     * The server returns the client payload as-is.
+     * </pre>
+     */
+    public io.grpc.testing.compiler.Test.SimpleResponse unaryCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by a sequence of responses (streamed download).
+     * The server returns the payload with client desired type and sizes.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.compiler.Test.StreamingOutputCallResponse>
+        streamingOutputCall(io.grpc.testing.compiler.Test.StreamingOutputCallRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getStreamingOutputCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by one response (streamed upload).
+     * The server returns the aggregated size of client payload as the result.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.compiler.Test.StreamingInputCallRequest, io.grpc.testing.compiler.Test.StreamingInputCallResponse>
+        streamingInputCall() {
+      return io.grpc.stub.ClientCalls.blockingClientStreamingCall(
+          getChannel(), getStreamingInputCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests with each request served by the server immediately.
+     * As one request could lead to multiple responses, this interface
+     * demonstrates the idea of full bidirectionality.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.compiler.Test.StreamingOutputCallRequest, io.grpc.testing.compiler.Test.StreamingOutputCallResponse>
+        fullBidiCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getFullBidiCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by a sequence of responses.
+     * The server buffers all the client requests and then serves them in order. A
+     * stream of responses are returned to the client when the server starts with
+     * first request.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.compiler.Test.StreamingOutputCallRequest, io.grpc.testing.compiler.Test.StreamingOutputCallResponse>
+        halfBidiCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getHalfBidiCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * An RPC method whose Java name collides with a keyword, and whose generated
+     * method should have a '_' appended.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.compiler.Test.StreamingInputCallRequest, io.grpc.testing.compiler.Test.StreamingInputCallResponse>
+        import_() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getImportMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A unary call that is Safe.
+     * </pre>
+     */
+    public io.grpc.testing.compiler.Test.SimpleResponse safeCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getSafeCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * A unary call that is Idempotent.
+     * </pre>
+     */
+    public io.grpc.testing.compiler.Test.SimpleResponse idempotentCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getIdempotentCallMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * <pre>
+   * Test service that supports all call types.
+   * </pre>
+   */
   public static final class TestServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingStub> {
     private TestServiceBlockingStub(
diff --git a/compiler/src/testLite/golden/TestDeprecatedService.java.txt b/compiler/src/testLite/golden/TestDeprecatedService.java.txt
index 3a7dba9bbb5..fb0bfb8c38d 100644
--- a/compiler/src/testLite/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/testLite/golden/TestDeprecatedService.java.txt
@@ -60,6 +60,21 @@ public final class TestDeprecatedServiceGrpc {
     return TestDeprecatedServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static TestDeprecatedServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<TestDeprecatedServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<TestDeprecatedServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public TestDeprecatedServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new TestDeprecatedServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return TestDeprecatedServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -165,6 +180,38 @@ public final class TestDeprecatedServiceGrpc {
    * </pre>
    */
   @java.lang.Deprecated
+  public static final class TestDeprecatedServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<TestDeprecatedServiceBlockingV2Stub> {
+    private TestDeprecatedServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected TestDeprecatedServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new TestDeprecatedServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * An RPC method that has been deprecated and should generate with Java's &#64;Deprecated annotation
+     * </pre>
+     */
+    @java.lang.Deprecated
+    public io.grpc.testing.compiler.Test.SimpleResponse deprecatedMethod(io.grpc.testing.compiler.Test.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getDeprecatedMethodMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service TestDeprecatedService.
+   * <pre>
+   * Test service that has been deprecated and should generate with Java's &#64;Deprecated annotation
+   * </pre>
+   */
+  @java.lang.Deprecated
   public static final class TestDeprecatedServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<TestDeprecatedServiceBlockingStub> {
     private TestDeprecatedServiceBlockingStub(
diff --git a/compiler/src/testLite/golden/TestService.java.txt b/compiler/src/testLite/golden/TestService.java.txt
index f86fb50d7dc..75101ddd7b3 100644
--- a/compiler/src/testLite/golden/TestService.java.txt
+++ b/compiler/src/testLite/golden/TestService.java.txt
@@ -271,6 +271,21 @@ public final class TestServiceGrpc {
     return TestServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static TestServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public TestServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new TestServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return TestServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -535,6 +550,125 @@ public final class TestServiceGrpc {
    * Test service that supports all call types.
    * </pre>
    */
+  public static final class TestServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingV2Stub> {
+    private TestServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected TestServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new TestServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response.
+     * The server returns the client payload as-is.
+     * </pre>
+     */
+    public io.grpc.testing.compiler.Test.SimpleResponse unaryCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by a sequence of responses (streamed download).
+     * The server returns the payload with client desired type and sizes.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.compiler.Test.StreamingOutputCallResponse>
+        streamingOutputCall(io.grpc.testing.compiler.Test.StreamingOutputCallRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getStreamingOutputCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by one response (streamed upload).
+     * The server returns the aggregated size of client payload as the result.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.compiler.Test.StreamingInputCallRequest, io.grpc.testing.compiler.Test.StreamingInputCallResponse>
+        streamingInputCall() {
+      return io.grpc.stub.ClientCalls.blockingClientStreamingCall(
+          getChannel(), getStreamingInputCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests with each request served by the server immediately.
+     * As one request could lead to multiple responses, this interface
+     * demonstrates the idea of full bidirectionality.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.compiler.Test.StreamingOutputCallRequest, io.grpc.testing.compiler.Test.StreamingOutputCallResponse>
+        fullBidiCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getFullBidiCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by a sequence of responses.
+     * The server buffers all the client requests and then serves them in order. A
+     * stream of responses are returned to the client when the server starts with
+     * first request.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.compiler.Test.StreamingOutputCallRequest, io.grpc.testing.compiler.Test.StreamingOutputCallResponse>
+        halfBidiCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getHalfBidiCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * An RPC method whose Java name collides with a keyword, and whose generated
+     * method should have a '_' appended.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.compiler.Test.StreamingInputCallRequest, io.grpc.testing.compiler.Test.StreamingInputCallResponse>
+        import_() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getImportMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A unary call that is Safe.
+     * </pre>
+     */
+    public io.grpc.testing.compiler.Test.SimpleResponse safeCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getSafeCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * A unary call that is Idempotent.
+     * </pre>
+     */
+    public io.grpc.testing.compiler.Test.SimpleResponse idempotentCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getIdempotentCallMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * <pre>
+   * Test service that supports all call types.
+   * </pre>
+   */
   public static final class TestServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingStub> {
     private TestServiceBlockingStub(
diff --git a/examples/build.gradle b/examples/build.gradle
index 756a9c47bb1..c50a5ab8eb7 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -109,6 +109,7 @@ createStartScripts('io.grpc.examples.keepalive.KeepAliveClient')
 createStartScripts('io.grpc.examples.keepalive.KeepAliveServer')
 createStartScripts('io.grpc.examples.loadbalance.LoadBalanceClient')
 createStartScripts('io.grpc.examples.loadbalance.LoadBalanceServer')
+createStartScripts('io.grpc.examples.manualflowcontrol.BidiBlockingClient')
 createStartScripts('io.grpc.examples.manualflowcontrol.ManualFlowControlClient')
 createStartScripts('io.grpc.examples.manualflowcontrol.ManualFlowControlServer')
 createStartScripts('io.grpc.examples.multiplex.MultiplexingServer')
diff --git a/examples/src/main/java/io/grpc/examples/manualflowcontrol/BidiBlockingClient.java b/examples/src/main/java/io/grpc/examples/manualflowcontrol/BidiBlockingClient.java
new file mode 100644
index 00000000000..902d46c8cc6
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/manualflowcontrol/BidiBlockingClient.java
@@ -0,0 +1,286 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.examples.manualflowcontrol;
+
+import com.google.protobuf.ByteString;
+import io.grpc.Grpc;
+import io.grpc.InsecureChannelCredentials;
+import io.grpc.ManagedChannel;
+import io.grpc.StatusException;
+import io.grpc.examples.manualflowcontrol.StreamingGreeterGrpc.StreamingGreeterBlockingV2Stub;
+import io.grpc.stub.BlockingClientCall;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import java.util.logging.Logger;
+
+
+/**
+ * A class that tries multiple ways to do blocking bidi streaming
+ * communication with an echo server
+ */
+public class BidiBlockingClient {
+
+  private static final Logger logger = Logger.getLogger(BidiBlockingClient.class.getName());
+
+  /**
+   * Greet server. If provided, the first element of {@code args} is the name to use in the
+   * greeting. The second argument is the target server. You can see the multiplexing in the server
+   * logs.
+   */
+  public static void main(String[] args) throws Exception {
+    System.setProperty("java.util.logging.SimpleFormatter.format", "%1$tH:%1$tM:%1$tS %5$s%6$s%n");
+
+    // Access a service running on the local machine on port 50051
+    String target = "localhost:50051";
+    // Allow passing in the user and target strings as command line arguments
+    if (args.length > 0) {
+      if ("--help".equals(args[0])) {
+        System.err.println("Usage: [target]\n");
+        System.err.println("  target  The server to connect to. Defaults to " + target);
+        System.exit(1);
+      }
+      target = args[0];
+    }
+
+    // Create a communication channel to the server, known as a Channel. Channels are thread-safe
+    // and reusable. It is common to create channels at the beginning of your application and reuse
+    // them until the application shuts down.
+    //
+    // For the example we use plaintext insecure credentials to avoid needing TLS certificates. To
+    // use TLS, use TlsChannelCredentials instead.
+    ManagedChannel channel = Grpc.newChannelBuilder(target, InsecureChannelCredentials.create())
+        .build();
+    StreamingGreeterBlockingV2Stub blockingStub = StreamingGreeterGrpc.newBlockingV2Stub(channel);
+    List<String> echoInput = names();
+    try {
+      long start = System.currentTimeMillis();
+      List<String> twoThreadResult = useTwoThreads(blockingStub, echoInput);
+      long finish = System.currentTimeMillis();
+
+      System.out.println("The echo requests and results were:");
+      printResultMessage("Input", echoInput, 0L);
+      printResultMessage("2 threads", twoThreadResult, finish - start);
+    } finally {
+      // ManagedChannels use resources like threads and TCP connections. To prevent leaking these
+      // resources the channel should be shut down when it will no longer be used. If it may be used
+      // again leave it running.
+      channel.shutdownNow().awaitTermination(5, TimeUnit.SECONDS);
+    }
+  }
+
+  private static void printResultMessage(String type, List<String> result, long millis) {
+    String msg = String.format("%-32s: %2d, %.3f sec", type, result.size(), millis/1000.0);
+    logger.info(msg);
+  }
+
+  private static void logMethodStart(String method) {
+    logger.info("--------------------- Starting to process using method:  " + method);
+  }
+
+  /**
+   *  Create 2 threads, one that writes all values, and one that reads until the stream closes.
+   */
+  private static List<String> useTwoThreads(StreamingGreeterBlockingV2Stub blockingStub,
+      List<String> valuesToWrite) throws InterruptedException {
+    logMethodStart("Two Threads");
+
+    List<String> readValues = new ArrayList<>();
+    final BlockingClientCall<HelloRequest, HelloReply> stream = blockingStub.sayHelloStreaming();
+
+    Thread reader = new Thread(null,
+        new Runnable() {
+          @Override
+          public void run() {
+            int count = 0;
+            try {
+              while (stream.hasNext()) {
+                readValues.add(stream.read().getMessage());
+                if (++count % 10 == 0) {
+                  logger.info("Finished " + count + " reads");
+                }
+              }
+            } catch (InterruptedException e) {
+              Thread.currentThread().interrupt();
+              stream.cancel("Interrupted", e);
+            } catch (StatusException e) {
+              logger.warning("Encountered error while reading: " + e);
+            }
+          }
+        },"reader");
+
+    Thread writer = new Thread(null,
+        new Runnable() {
+      @Override
+      public void run() {
+        ByteString padding = createPadding();
+        int count = 0;
+        Iterator<String> iterator = valuesToWrite.iterator();
+        boolean hadProblem = false;
+        try {
+          while (iterator.hasNext()) {
+            if (!stream.write(HelloRequest.newBuilder().setName(iterator.next()).setPadding(padding)
+                .build())) {
+              logger.warning("Stream closed before writes completed");
+              hadProblem = true;
+              break;
+            }
+            if (++count % 10 == 0) {
+              logger.info("Finished " + count + " writes");
+            }
+          }
+          if (!hadProblem) {
+            logger.info("Completed writes");
+            stream.halfClose();
+          }
+        } catch (InterruptedException e) {
+          Thread.currentThread().interrupt();
+          stream.cancel("Interrupted", e);
+        } catch (StatusException e) {
+          logger.warning("Encountered error while writing: " + e);
+        }
+      }
+    }, "writer");
+
+    writer.start();
+    reader.start();
+    writer.join();
+    reader.join();
+
+    return readValues;
+  }
+
+  private static ByteString createPadding() {
+    int multiple = 50;
+    ByteBuffer data = ByteBuffer.allocate(1024 * multiple);
+
+    for (int i = 0; i < multiple * 1024 / 4; i++) {
+      data.putInt(4 * i, 1111);
+    }
+
+    return ByteString.copyFrom(data);
+  }
+
+
+  private static List<String> names() {
+    return Arrays.asList(
+        "Sophia",
+        "Jackson",
+        "Emma",
+        "Aiden",
+        "Olivia",
+        "Lucas",
+        "Ava",
+        "Liam",
+        "Mia",
+        "Noah",
+        "Isabella",
+        "Ethan",
+        "Riley",
+        "Mason",
+        "Aria",
+        "Caden",
+        "Zoe",
+        "Oliver",
+        "Charlotte",
+        "Elijah",
+        "Lily",
+        "Grayson",
+        "Layla",
+        "Jacob",
+        "Amelia",
+        "Michael",
+        "Emily",
+        "Benjamin",
+        "Madelyn",
+        "Carter",
+        "Aubrey",
+        "James",
+        "Adalyn",
+        "Jayden",
+        "Madison",
+        "Logan",
+        "Chloe",
+        "Alexander",
+        "Harper",
+        "Caleb",
+        "Abigail",
+        "Ryan",
+        "Aaliyah",
+        "Luke",
+        "Avery",
+        "Daniel",
+        "Evelyn",
+        "Jack",
+        "Kaylee",
+        "William",
+        "Ella",
+        "Owen",
+        "Ellie",
+        "Gabriel",
+        "Scarlett",
+        "Matthew",
+        "Arianna",
+        "Connor",
+        "Hailey",
+        "Jayce",
+        "Nora",
+        "Isaac",
+        "Addison",
+        "Sebastian",
+        "Brooklyn",
+        "Henry",
+        "Hannah",
+        "Muhammad",
+        "Mila",
+        "Cameron",
+        "Leah",
+        "Wyatt",
+        "Elizabeth",
+        "Dylan",
+        "Sarah",
+        "Nathan",
+        "Eliana",
+        "Nicholas",
+        "Mackenzie",
+        "Julian",
+        "Peyton",
+        "Eli",
+        "Maria",
+        "Levi",
+        "Grace",
+        "Isaiah",
+        "Adeline",
+        "Landon",
+        "Elena",
+        "David",
+        "Anna",
+        "Christian",
+        "Victoria",
+        "Andrew",
+        "Camilla",
+        "Brayden",
+        "Lillian",
+        "John",
+        "Natalie",
+        "Lincoln"
+    );
+  }
+}
diff --git a/examples/src/main/java/io/grpc/examples/manualflowcontrol/ManualFlowControlServer.java b/examples/src/main/java/io/grpc/examples/manualflowcontrol/ManualFlowControlServer.java
index de8142596ea..3b7f980e08c 100644
--- a/examples/src/main/java/io/grpc/examples/manualflowcontrol/ManualFlowControlServer.java
+++ b/examples/src/main/java/io/grpc/examples/manualflowcontrol/ManualFlowControlServer.java
@@ -72,6 +72,7 @@ public void run() {
 
         // Give gRPC a StreamObserver that can observe and process incoming requests.
         return new StreamObserver<HelloRequest>() {
+          int cnt = 0;
           @Override
           public void onNext(HelloRequest request) {
             // Process the request and send a response or an error.
@@ -81,7 +82,8 @@ public void onNext(HelloRequest request) {
               logger.info("--> " + name);
 
               // Simulate server "work"
-              Thread.sleep(100);
+              int sleepMillis = ++cnt % 20 == 0 ? 2000 : 100;
+              Thread.sleep(sleepMillis);
 
               // Send a response.
               String message = "Hello " + name;
diff --git a/examples/src/main/proto/hello_streaming.proto b/examples/src/main/proto/hello_streaming.proto
index 325b9093b0c..b4f0f5287dd 100644
--- a/examples/src/main/proto/hello_streaming.proto
+++ b/examples/src/main/proto/hello_streaming.proto
@@ -29,6 +29,7 @@ service StreamingGreeter {
 // The request message containing the user's name.
 message HelloRequest {
   string name = 1;
+  bytes padding = 2;
 }
 
 // The response message containing the greetings
diff --git a/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java b/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
index c96c5400aac..80acb5d7bf3 100644
--- a/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
+++ b/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
@@ -60,6 +60,21 @@ public LoadBalancerStub newStub(io.grpc.Channel channel, io.grpc.CallOptions cal
     return LoadBalancerStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static LoadBalancerBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<LoadBalancerBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<LoadBalancerBlockingV2Stub>() {
+        @java.lang.Override
+        public LoadBalancerBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new LoadBalancerBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return LoadBalancerBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -147,6 +162,35 @@ public io.grpc.stub.StreamObserver<io.grpc.lb.v1.LoadBalanceRequest> balanceLoad
   /**
    * A stub to allow clients to do synchronous rpc calls to service LoadBalancer.
    */
+  public static final class LoadBalancerBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<LoadBalancerBlockingV2Stub> {
+    private LoadBalancerBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected LoadBalancerBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new LoadBalancerBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Bidirectional rpc to get a list of servers.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.lb.v1.LoadBalanceRequest, io.grpc.lb.v1.LoadBalanceResponse>
+        balanceLoad() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getBalanceLoadMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service LoadBalancer.
+   */
   public static final class LoadBalancerBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<LoadBalancerBlockingStub> {
     private LoadBalancerBlockingStub(
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index 2f4dc69c0c6..fcdd4491938 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -94,6 +94,21 @@ public LoadBalancerStatsServiceStub newStub(io.grpc.Channel channel, io.grpc.Cal
     return LoadBalancerStatsServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static LoadBalancerStatsServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<LoadBalancerStatsServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<LoadBalancerStatsServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public LoadBalancerStatsServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new LoadBalancerStatsServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return LoadBalancerStatsServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -214,6 +229,46 @@ public void getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadB
    * A service used to obtain stats for verifying LB behavior.
    * </pre>
    */
+  public static final class LoadBalancerStatsServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<LoadBalancerStatsServiceBlockingV2Stub> {
+    private LoadBalancerStatsServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected LoadBalancerStatsServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new LoadBalancerStatsServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Gets the backend distribution for RPCs sent by a test client.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetClientStatsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Gets the accumulated stats for RPCs sent by a test client.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetClientAccumulatedStatsMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service LoadBalancerStatsService.
+   * <pre>
+   * A service used to obtain stats for verifying LB behavior.
+   * </pre>
+   */
   public static final class LoadBalancerStatsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<LoadBalancerStatsServiceBlockingStub> {
     private LoadBalancerStatsServiceBlockingStub(
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 1650365bd52..7084ee53781 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -91,6 +91,21 @@ public MetricsServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions c
     return MetricsServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static MetricsServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<MetricsServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<MetricsServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public MetricsServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new MetricsServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return MetricsServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -201,6 +216,46 @@ public void getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service MetricsService.
    */
+  public static final class MetricsServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingV2Stub> {
+    private MetricsServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected MetricsServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new MetricsServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Returns the values of all the gauges that are currently being maintained by
+     * the service
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.integration.Metrics.GaugeResponse>
+        getAllGauges(io.grpc.testing.integration.Metrics.EmptyMessage request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getGetAllGaugesMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Returns the value of one gauge
+     * </pre>
+     */
+    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetGaugeMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service MetricsService.
+   */
   public static final class MetricsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingStub> {
     private MetricsServiceBlockingStub(
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index d1887ee83c4..68a0faa35c7 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -94,6 +94,21 @@ public ReconnectServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions
     return ReconnectServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ReconnectServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ReconnectServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ReconnectServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public ReconnectServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ReconnectServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ReconnectServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -202,6 +217,40 @@ public void stop(io.grpc.testing.integration.EmptyProtos.Empty request,
    * A service used to control reconnect server.
    * </pre>
    */
+  public static final class ReconnectServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ReconnectServiceBlockingV2Stub> {
+    private ReconnectServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ReconnectServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ReconnectServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getStartMethod(), getCallOptions(), request);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getStopMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service ReconnectService.
+   * <pre>
+   * A service used to control reconnect server.
+   * </pre>
+   */
   public static final class ReconnectServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ReconnectServiceBlockingStub> {
     private ReconnectServiceBlockingStub(
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 08071a3b653..6855b61c63a 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -281,6 +281,21 @@ public TestServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions call
     return TestServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static TestServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<TestServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public TestServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new TestServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return TestServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -551,6 +566,125 @@ public void unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty requ
    * performance with various types of payload.
    * </pre>
    */
+  public static final class TestServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingV2Stub> {
+    private TestServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected TestServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new TestServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * One empty request followed by one empty response.
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getEmptyCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by one response. Response has cache control
+     * headers set such that a caching HTTP proxy (such as GFE) can
+     * satisfy subsequent requests.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCacheableUnaryCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * One request followed by a sequence of responses (streamed download).
+     * The server returns the payload with client desired type and sizes.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        streamingOutputCall(io.grpc.testing.integration.Messages.StreamingOutputCallRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getStreamingOutputCallMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by one response (streamed upload).
+     * The server returns the aggregated size of client payload as the result.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingInputCallRequest, io.grpc.testing.integration.Messages.StreamingInputCallResponse>
+        streamingInputCall() {
+      return io.grpc.stub.ClientCalls.blockingClientStreamingCall(
+          getChannel(), getStreamingInputCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests with each request served by the server immediately.
+     * As one request could lead to multiple responses, this interface
+     * demonstrates the idea of full duplexing.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingOutputCallRequest, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        fullDuplexCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getFullDuplexCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * A sequence of requests followed by a sequence of responses.
+     * The server buffers all the client requests and then serves them in order. A
+     * stream of responses are returned to the client when the server starts with
+     * first request.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.integration.Messages.StreamingOutputCallRequest, io.grpc.testing.integration.Messages.StreamingOutputCallResponse>
+        halfDuplexCall() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getHalfDuplexCallMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * The test server will not implement this method. It will be used
+     * to test the behavior when clients call unimplemented methods.
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * <pre>
+   * A simple service to test the various types of RPCs and experiment with
+   * performance with various types of payload.
+   * </pre>
+   */
   public static final class TestServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<TestServiceBlockingStub> {
     private TestServiceBlockingStub(
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index 9711386185e..cd77c1cfa5c 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -64,6 +64,21 @@ public UnimplementedServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOpt
     return UnimplementedServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static UnimplementedServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<UnimplementedServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<UnimplementedServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public UnimplementedServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new UnimplementedServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return UnimplementedServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -167,6 +182,37 @@ public void unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty requ
    * that case.
    * </pre>
    */
+  public static final class UnimplementedServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<UnimplementedServiceBlockingV2Stub> {
+    private UnimplementedServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected UnimplementedServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new UnimplementedServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * A call that no server should implement
+     * </pre>
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service UnimplementedService.
+   * <pre>
+   * A simple service NOT implemented at servers so clients can test for
+   * that case.
+   * </pre>
+   */
   public static final class UnimplementedServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<UnimplementedServiceBlockingStub> {
     private UnimplementedServiceBlockingStub(
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 164119a29e7..545b69243f1 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -63,6 +63,21 @@ public XdsUpdateClientConfigureServiceStub newStub(io.grpc.Channel channel, io.g
     return XdsUpdateClientConfigureServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static XdsUpdateClientConfigureServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<XdsUpdateClientConfigureServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<XdsUpdateClientConfigureServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public XdsUpdateClientConfigureServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new XdsUpdateClientConfigureServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return XdsUpdateClientConfigureServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -162,6 +177,36 @@ public void configure(io.grpc.testing.integration.Messages.ClientConfigureReques
    * A service to dynamically update the configuration of an xDS test client.
    * </pre>
    */
+  public static final class XdsUpdateClientConfigureServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<XdsUpdateClientConfigureServiceBlockingV2Stub> {
+    private XdsUpdateClientConfigureServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected XdsUpdateClientConfigureServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new XdsUpdateClientConfigureServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Update the tes client's configuration.
+     * </pre>
+     */
+    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getConfigureMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateClientConfigureService.
+   * <pre>
+   * A service to dynamically update the configuration of an xDS test client.
+   * </pre>
+   */
   public static final class XdsUpdateClientConfigureServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<XdsUpdateClientConfigureServiceBlockingStub> {
     private XdsUpdateClientConfigureServiceBlockingStub(
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index dccd23ccbee..7120a9d1c85 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -94,6 +94,21 @@ public XdsUpdateHealthServiceStub newStub(io.grpc.Channel channel, io.grpc.CallO
     return XdsUpdateHealthServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static XdsUpdateHealthServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<XdsUpdateHealthServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<XdsUpdateHealthServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public XdsUpdateHealthServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new XdsUpdateHealthServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return XdsUpdateHealthServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -202,6 +217,40 @@ public void setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request,
    * A service to remotely control health status of an xDS test server.
    * </pre>
    */
+  public static final class XdsUpdateHealthServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<XdsUpdateHealthServiceBlockingV2Stub> {
+    private XdsUpdateHealthServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected XdsUpdateHealthServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new XdsUpdateHealthServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getSetServingMethod(), getCallOptions(), request);
+    }
+
+    /**
+     */
+    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getSetNotServingMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateHealthService.
+   * <pre>
+   * A service to remotely control health status of an xDS test server.
+   * </pre>
+   */
   public static final class XdsUpdateHealthServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<XdsUpdateHealthServiceBlockingStub> {
     private XdsUpdateHealthServiceBlockingStub(
diff --git a/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java b/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
index 1f48c16aed3..5c01afd15c6 100644
--- a/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
+++ b/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
@@ -91,6 +91,21 @@ public EchoTestServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions
     return EchoTestServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static EchoTestServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<EchoTestServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<EchoTestServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public EchoTestServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new EchoTestServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return EchoTestServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -187,6 +202,37 @@ public void forwardEcho(io.istio.test.Echo.ForwardEchoRequest request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service EchoTestService.
    */
+  public static final class EchoTestServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<EchoTestServiceBlockingV2Stub> {
+    private EchoTestServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected EchoTestServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new EchoTestServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.istio.test.Echo.EchoResponse echo(io.istio.test.Echo.EchoRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getEchoMethod(), getCallOptions(), request);
+    }
+
+    /**
+     */
+    public io.istio.test.Echo.ForwardEchoResponse forwardEcho(io.istio.test.Echo.ForwardEchoRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getForwardEchoMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service EchoTestService.
+   */
   public static final class EchoTestServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<EchoTestServiceBlockingStub> {
     private EchoTestServiceBlockingStub(
diff --git a/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java b/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
index d7334b942ff..98768d37611 100644
--- a/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
+++ b/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
@@ -60,6 +60,21 @@ public RouteLookupServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptio
     return RouteLookupServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static RouteLookupServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<RouteLookupServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<RouteLookupServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public RouteLookupServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new RouteLookupServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return RouteLookupServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -147,6 +162,33 @@ public void routeLookup(io.grpc.lookup.v1.RouteLookupRequest request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service RouteLookupService.
    */
+  public static final class RouteLookupServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<RouteLookupServiceBlockingV2Stub> {
+    private RouteLookupServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected RouteLookupServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new RouteLookupServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Lookup returns a target for a single key.
+     * </pre>
+     */
+    public io.grpc.lookup.v1.RouteLookupResponse routeLookup(io.grpc.lookup.v1.RouteLookupRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getRouteLookupMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service RouteLookupService.
+   */
   public static final class RouteLookupServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<RouteLookupServiceBlockingStub> {
     private RouteLookupServiceBlockingStub(
diff --git a/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java b/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
index d759128a4c5..69f1d78f55e 100644
--- a/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
+++ b/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
@@ -60,6 +60,21 @@ public S2AServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callO
     return S2AServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static S2AServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<S2AServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<S2AServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public S2AServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new S2AServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return S2AServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -149,6 +164,36 @@ public io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionReq> s
   /**
    * A stub to allow clients to do synchronous rpc calls to service S2AService.
    */
+  public static final class S2AServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<S2AServiceBlockingV2Stub> {
+    private S2AServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected S2AServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new S2AServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * SetUpSession is a bidirectional stream used by applications to offload
+     * operations from the TLS handshake.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.s2a.internal.handshaker.SessionReq, io.grpc.s2a.internal.handshaker.SessionResp>
+        setUpSession() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getSetUpSessionMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service S2AService.
+   */
   public static final class S2AServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<S2AServiceBlockingStub> {
     private S2AServiceBlockingStub(
diff --git a/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java b/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
index b3c1c285c8f..8d8c0eb2971 100644
--- a/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
@@ -250,6 +250,21 @@ public ChannelzStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOpt
     return ChannelzStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ChannelzBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ChannelzBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ChannelzBlockingV2Stub>() {
+        @java.lang.Override
+        public ChannelzBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ChannelzBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ChannelzBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -481,6 +496,98 @@ public void getSocket(io.grpc.channelz.v1.GetSocketRequest request,
    * information.
    * </pre>
    */
+  public static final class ChannelzBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ChannelzBlockingV2Stub> {
+    private ChannelzBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ChannelzBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ChannelzBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Gets all root channels (i.e. channels the application has directly
+     * created). This does not include subchannels nor non-top level channels.
+     * </pre>
+     */
+    public io.grpc.channelz.v1.GetTopChannelsResponse getTopChannels(io.grpc.channelz.v1.GetTopChannelsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetTopChannelsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Gets all servers that exist in the process.
+     * </pre>
+     */
+    public io.grpc.channelz.v1.GetServersResponse getServers(io.grpc.channelz.v1.GetServersRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetServersMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Returns a single Server, or else a NOT_FOUND code.
+     * </pre>
+     */
+    public io.grpc.channelz.v1.GetServerResponse getServer(io.grpc.channelz.v1.GetServerRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetServerMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Gets all server sockets that exist in the process.
+     * </pre>
+     */
+    public io.grpc.channelz.v1.GetServerSocketsResponse getServerSockets(io.grpc.channelz.v1.GetServerSocketsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetServerSocketsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Returns a single Channel, or else a NOT_FOUND code.
+     * </pre>
+     */
+    public io.grpc.channelz.v1.GetChannelResponse getChannel(io.grpc.channelz.v1.GetChannelRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetChannelMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Returns a single Subchannel, or else a NOT_FOUND code.
+     * </pre>
+     */
+    public io.grpc.channelz.v1.GetSubchannelResponse getSubchannel(io.grpc.channelz.v1.GetSubchannelRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetSubchannelMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Returns a single Socket or else a NOT_FOUND code.
+     * </pre>
+     */
+    public io.grpc.channelz.v1.GetSocketResponse getSocket(io.grpc.channelz.v1.GetSocketRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetSocketMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service Channelz.
+   * <pre>
+   * Channelz is a service exposed by gRPC servers that provides detailed debug
+   * information.
+   * </pre>
+   */
   public static final class ChannelzBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ChannelzBlockingStub> {
     private ChannelzBlockingStub(
diff --git a/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java b/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
index 73ddd4e0d23..d7795a5fdbf 100644
--- a/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
@@ -91,6 +91,21 @@ public HealthStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptio
     return HealthStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static HealthBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<HealthBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<HealthBlockingV2Stub>() {
+        @java.lang.Override
+        public HealthBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new HealthBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return HealthBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -225,6 +240,58 @@ public void watch(io.grpc.health.v1.HealthCheckRequest request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service Health.
    */
+  public static final class HealthBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<HealthBlockingV2Stub> {
+    private HealthBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected HealthBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new HealthBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * If the requested service is unknown, the call will fail with status
+     * NOT_FOUND.
+     * </pre>
+     */
+    public io.grpc.health.v1.HealthCheckResponse check(io.grpc.health.v1.HealthCheckRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCheckMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Performs a watch for the serving status of the requested service.
+     * The server will immediately send back a message indicating the current
+     * serving status.  It will then subsequently send a new message whenever
+     * the service's serving status changes.
+     * If the requested service is unknown when the call is received, the
+     * server will send a message setting the serving status to
+     * SERVICE_UNKNOWN but will *not* terminate the call.  If at some
+     * future point, the serving status of the service becomes known, the
+     * server will send a new message with the service's serving status.
+     * If the call terminates with status UNIMPLEMENTED, then clients
+     * should assume this method is not supported and should not retry the
+     * call.  If the call terminates with any other status (including OK),
+     * clients should retry the call with appropriate exponential backoff.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.health.v1.HealthCheckResponse>
+        watch(io.grpc.health.v1.HealthCheckRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getWatchMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service Health.
+   */
   public static final class HealthBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<HealthBlockingStub> {
     private HealthBlockingStub(
diff --git a/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java b/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
index 4f2dce26486..3089b8302cc 100644
--- a/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
@@ -60,6 +60,21 @@ public ServerReflectionStub newStub(io.grpc.Channel channel, io.grpc.CallOptions
     return ServerReflectionStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ServerReflectionBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ServerReflectionBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ServerReflectionBlockingV2Stub>() {
+        @java.lang.Override
+        public ServerReflectionBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ServerReflectionBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ServerReflectionBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -149,6 +164,36 @@ public io.grpc.stub.StreamObserver<io.grpc.reflection.v1.ServerReflectionRequest
   /**
    * A stub to allow clients to do synchronous rpc calls to service ServerReflection.
    */
+  public static final class ServerReflectionBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ServerReflectionBlockingV2Stub> {
+    private ServerReflectionBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ServerReflectionBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ServerReflectionBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * The reflection service is structured as a bidirectional stream, ensuring
+     * all related requests go to a single server.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.reflection.v1.ServerReflectionRequest, io.grpc.reflection.v1.ServerReflectionResponse>
+        serverReflectionInfo() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getServerReflectionInfoMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service ServerReflection.
+   */
   public static final class ServerReflectionBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ServerReflectionBlockingStub> {
     private ServerReflectionBlockingStub(
diff --git a/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java b/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
index 7119e96d1f3..a0fc1bcf2de 100644
--- a/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
@@ -60,6 +60,21 @@ public ServerReflectionStub newStub(io.grpc.Channel channel, io.grpc.CallOptions
     return ServerReflectionStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ServerReflectionBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ServerReflectionBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ServerReflectionBlockingV2Stub>() {
+        @java.lang.Override
+        public ServerReflectionBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ServerReflectionBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ServerReflectionBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -149,6 +164,36 @@ public io.grpc.stub.StreamObserver<io.grpc.reflection.v1alpha.ServerReflectionRe
   /**
    * A stub to allow clients to do synchronous rpc calls to service ServerReflection.
    */
+  public static final class ServerReflectionBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ServerReflectionBlockingV2Stub> {
+    private ServerReflectionBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ServerReflectionBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ServerReflectionBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * The reflection service is structured as a bidirectional stream, ensuring
+     * all related requests go to a single server.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.reflection.v1alpha.ServerReflectionRequest, io.grpc.reflection.v1alpha.ServerReflectionResponse>
+        serverReflectionInfo() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getServerReflectionInfoMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service ServerReflection.
+   */
   public static final class ServerReflectionBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ServerReflectionBlockingStub> {
     private ServerReflectionBlockingStub(
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
index 088d27b619c..843d1e30135 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
@@ -63,6 +63,21 @@ public AnotherDynamicServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOp
     return AnotherDynamicServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static AnotherDynamicServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<AnotherDynamicServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<AnotherDynamicServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public AnotherDynamicServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new AnotherDynamicServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return AnotherDynamicServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -162,6 +177,36 @@ public void method(io.grpc.reflection.testing.DynamicRequest request,
    * AnotherDynamicService
    * </pre>
    */
+  public static final class AnotherDynamicServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<AnotherDynamicServiceBlockingV2Stub> {
+    private AnotherDynamicServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected AnotherDynamicServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new AnotherDynamicServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * A method
+     * </pre>
+     */
+    public io.grpc.reflection.testing.DynamicReply method(io.grpc.reflection.testing.DynamicRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getMethodMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service AnotherDynamicService.
+   * <pre>
+   * AnotherDynamicService
+   * </pre>
+   */
   public static final class AnotherDynamicServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<AnotherDynamicServiceBlockingStub> {
     private AnotherDynamicServiceBlockingStub(
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
index a84b95b2126..41c7f5468da 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
@@ -60,6 +60,21 @@ public AnotherReflectableServiceStub newStub(io.grpc.Channel channel, io.grpc.Ca
     return AnotherReflectableServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static AnotherReflectableServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<AnotherReflectableServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<AnotherReflectableServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public AnotherReflectableServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new AnotherReflectableServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return AnotherReflectableServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -141,6 +156,30 @@ public void method(io.grpc.reflection.testing.Request request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service AnotherReflectableService.
    */
+  public static final class AnotherReflectableServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<AnotherReflectableServiceBlockingV2Stub> {
+    private AnotherReflectableServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected AnotherReflectableServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new AnotherReflectableServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.grpc.reflection.testing.Reply method(io.grpc.reflection.testing.Request request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getMethodMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service AnotherReflectableService.
+   */
   public static final class AnotherReflectableServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<AnotherReflectableServiceBlockingStub> {
     private AnotherReflectableServiceBlockingStub(
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
index 338b67e684d..4878109dc81 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
@@ -63,6 +63,21 @@ public DynamicServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions c
     return DynamicServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static DynamicServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<DynamicServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<DynamicServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public DynamicServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new DynamicServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return DynamicServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -162,6 +177,36 @@ public void method(io.grpc.reflection.testing.DynamicRequest request,
    * A DynamicService
    * </pre>
    */
+  public static final class DynamicServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<DynamicServiceBlockingV2Stub> {
+    private DynamicServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected DynamicServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new DynamicServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * A method
+     * </pre>
+     */
+    public io.grpc.reflection.testing.DynamicReply method(io.grpc.reflection.testing.DynamicRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getMethodMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service DynamicService.
+   * <pre>
+   * A DynamicService
+   * </pre>
+   */
   public static final class DynamicServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<DynamicServiceBlockingStub> {
     private DynamicServiceBlockingStub(
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
index 0b8954b5eb9..3e6cf5b8030 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
@@ -60,6 +60,21 @@ public ReflectableServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptio
     return ReflectableServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ReflectableServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ReflectableServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ReflectableServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public ReflectableServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ReflectableServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ReflectableServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -141,6 +156,30 @@ public void method(io.grpc.reflection.testing.Request request,
   /**
    * A stub to allow clients to do synchronous rpc calls to service ReflectableService.
    */
+  public static final class ReflectableServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ReflectableServiceBlockingV2Stub> {
+    private ReflectableServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ReflectableServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ReflectableServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    public io.grpc.reflection.testing.Reply method(io.grpc.reflection.testing.Request request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getMethodMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service ReflectableService.
+   */
   public static final class ReflectableServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ReflectableServiceBlockingStub> {
     private ReflectableServiceBlockingStub(
diff --git a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
new file mode 100644
index 00000000000..58881ef0592
--- /dev/null
+++ b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.stub;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Predicate;
+import io.grpc.ClientCall;
+import io.grpc.ExperimentalApi;
+import io.grpc.Metadata;
+import io.grpc.Status;
+import io.grpc.StatusException;
+import io.grpc.stub.ClientCalls.ThreadSafeThreadlessExecutor;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * Represents a bidirectional streaming call from a client.  Allows in a blocking manner, sending
+ * over the stream and receiving from the stream.  Also supports terminating the call.
+ * Wraps a ClientCall and converts from async communication to the sync paradigm used by the
+ * various blocking stream methods in {@link ClientCalls} which are used by the generated stubs.
+ *
+ * <p>Supports separate threads for reads and writes, but only 1 of each
+ *
+ * <p>Read methods consist of:
+ * <ul>
+ *   <li>{@link #read()}
+ *   <li>{@link #read(long timeout, TimeUnit unit)}
+ *   <li>{@link #hasNext()}
+ *   <li>{@link #cancel(String, Throwable)}
+ * </ul>
+ *
+ * <p>Write methods consist of:
+ * <ul>
+ *   <li>{@link #write(Object)}
+ *   <li>{@link #write(Object, long timeout, TimeUnit unit)}
+ *   <li>{@link #halfClose()}
+ * </ul>
+ *
+ * @param <ReqT> Type of the Request Message
+ * @param <RespT> Type of the Response Message
+ */
+@ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+public final class BlockingClientCall<ReqT, RespT> {
+
+  private static final Logger logger = Logger.getLogger(BlockingClientCall.class.getName());
+
+  private final BlockingQueue<RespT> buffer;
+  private final ClientCall<ReqT, RespT> call;
+
+  private final ThreadSafeThreadlessExecutor executor;
+
+  private boolean writeClosed;
+  private volatile Status closedStatus; // null if not closed
+
+  BlockingClientCall(ClientCall<ReqT, RespT> call, ThreadSafeThreadlessExecutor executor) {
+    this.call = call;
+    this.executor = executor;
+    buffer = new ArrayBlockingQueue<>(1);
+  }
+
+  /**
+   * Wait if necessary for a value to be available from the server. If there is an available value
+   * return it immediately, if the stream is closed return a null. Otherwise, wait for a value to be
+   * available or the stream to be closed
+   *
+   * @return value from server or null if stream has been closed
+   * @throws StatusException If the stream has closed in an error state
+   */
+  public RespT read() throws InterruptedException, StatusException {
+    try {
+      return read(true, 0, TimeUnit.NANOSECONDS);
+    } catch (TimeoutException e) {
+      throw new AssertionError("should never happen", e);
+    }
+  }
+
+  /**
+   * Wait with timeout, if necessary, for a value to be available from the server. If there is an
+   * available value, return it immediately.  If the stream is closed return a null. Otherwise, wait
+   * for a value to be available, the stream to be closed or the timeout to expire.
+   *
+   * @param timeout how long to wait before giving up.  Values &lt;= 0 are no wait
+   * @param unit a TimeUnit determining how to interpret the timeout parameter
+   * @return value from server or null (if stream has been closed)
+   * @throws TimeoutException if no read becomes ready before the specified timeout expires
+   * @throws StatusException If the stream has closed in an error state
+   */
+  public RespT read(long timeout, TimeUnit unit) throws InterruptedException, TimeoutException,
+      StatusException {
+    return read(false, timeout, unit);
+  }
+
+  private RespT read(boolean waitForever, long timeout, TimeUnit unit)
+      throws InterruptedException, TimeoutException, StatusException {
+    long start = System.nanoTime();
+    long end = start + unit.toNanos(timeout);
+
+    Predicate<BlockingClientCall<ReqT, RespT>> predicate = BlockingClientCall::skipWaitingForRead;
+    executor.waitAndDrainWithTimeout(waitForever, end, predicate, this);
+    RespT bufferedValue = buffer.poll();
+
+    if (logger.isLoggable(Level.FINER)) {
+      logger.finer("Client Blocking read had value:  " + bufferedValue);
+    }
+
+    Status currentClosedStatus;
+    if (bufferedValue != null) {
+      call.request(1);
+      return bufferedValue;
+    } else if ((currentClosedStatus = closedStatus) == null) {
+      throw new IllegalStateException(
+          "The message disappeared... are you reading from multiple threads?");
+    } else if (!currentClosedStatus.isOk()) {
+      throw currentClosedStatus.asException();
+    } else {
+      return null;
+    }
+  }
+
+  boolean skipWaitingForRead() {
+    return closedStatus != null || !buffer.isEmpty();
+  }
+
+  /**
+   * Wait for a value to be available from the server. If there is an
+   * available value, return true immediately.  If the stream was closed with Status.OK, return
+   * false.  If the stream was closed with an error status, throw a StatusException. Otherwise, wait
+   * for a value to be available or the stream to be closed.
+   *
+   * @return True when there is a value to read.  Return false if stream closed cleanly.
+   * @throws StatusException If the stream was closed in an error state
+   */
+  public boolean hasNext() throws InterruptedException, StatusException {
+    executor.waitAndDrain((x) -> !x.buffer.isEmpty() || x.closedStatus != null, this);
+
+    Status currentClosedStatus = closedStatus;
+    if (currentClosedStatus != null && !currentClosedStatus.isOk()) {
+      throw currentClosedStatus.asException();
+    }
+
+    return !buffer.isEmpty();
+  }
+
+  /**
+   * Send a value to the stream for sending to server, wait if necessary for the grpc stream to be
+   * ready.
+   *
+   * <p>If write is not legal at the time of call, immediately returns false
+   *
+   * <p><br><b>NOTE: </b>This method will return as soon as it passes the request to the grpc stream
+   * layer. It will not block while the message is being sent on the wire and returning true does
+   * not guarantee that the server gets the message.
+   *
+   * <p><br><b>WARNING: </b>Doing only writes without reads can lead to deadlocks.  This is because
+   * flow control, imposed by networks to protect intermediary routers and endpoints that are
+   * operating under resource constraints, requires reads to be done in order to progress writes.
+   * Furthermore, the server closing the stream will only be identified after
+   * the last sent value is read.
+   *
+   * @param request Message to send to the server
+   * @return true if the request is sent to stream, false if skipped
+   * @throws StatusException If the stream has closed in an error state
+   */
+  public boolean write(ReqT request) throws InterruptedException, StatusException {
+    try {
+      return write(true, request, Integer.MAX_VALUE, TimeUnit.DAYS);
+    } catch (TimeoutException e) {
+      throw new RuntimeException(e); // should never happen
+    }
+  }
+
+  /**
+   * Send a value to the stream for sending to server, wait if necessary for the grpc stream to be
+   * ready up to specified timeout.
+   *
+   * <p>If write is not legal at the time of call, immediately returns false
+   *
+   * <p><br><b>NOTE: </b>This method will return as soon as it passes the request to the grpc stream
+   * layer. It will not block while the message is being sent on the wire and returning true does
+   * not guarantee that the server gets the message.
+   *
+   * <p><br><b>WARNING: </b>Doing only writes without reads can lead to deadlocks as a result of
+   * flow control.  Furthermore, the server closing the stream will only be identified after the
+   * last sent value is read.
+   *
+   * @param request Message to send to the server
+   * @param timeout How long to wait before giving up.  Values &lt;= 0 are no wait
+   * @param unit A TimeUnit determining how to interpret the timeout parameter
+   * @return true if the request is sent to stream, false if skipped
+   * @throws TimeoutException if write does not become ready before the specified timeout expires
+   * @throws StatusException If the stream has closed in an error state
+   */
+  public boolean write(ReqT request, long timeout, TimeUnit unit)
+      throws InterruptedException, TimeoutException, StatusException {
+    return write(false, request, timeout, unit);
+  }
+
+  private boolean write(boolean waitForever, ReqT request, long timeout, TimeUnit unit)
+      throws InterruptedException, TimeoutException, StatusException {
+
+    if (writeClosed) {
+      throw new IllegalStateException("Writes cannot be done after calling halfClose or cancel");
+    }
+
+    long end = System.nanoTime() + unit.toNanos(timeout);
+
+    Predicate<BlockingClientCall<ReqT, RespT>> predicate =
+        (x) -> x.call.isReady() || x.closedStatus != null;
+    executor.waitAndDrainWithTimeout(waitForever, end, predicate, this);
+    Status savedClosedStatus = closedStatus;
+    if (savedClosedStatus == null) {
+      call.sendMessage(request);
+      return true;
+    } else if (savedClosedStatus.isOk()) {
+      return false;
+    } else {
+      // Propagate any errors returned from the server
+      throw savedClosedStatus.asException();
+    }
+  }
+
+  void sendSingleRequest(ReqT request) {
+    call.sendMessage(request);
+  }
+
+  /**
+   * Cancel stream and stop any further writes.  Note that some reads that are in flight may still
+   * happen after the cancel.
+   *
+   * @param message if not {@code null}, will appear as the description of the CANCELLED status
+   * @param cause if not {@code null}, will appear as the cause of the CANCELLED status
+   */
+  public void cancel(String message, Throwable cause) {
+    writeClosed = true;
+    call.cancel(message, cause);
+  }
+
+  /**
+   * Indicate that no more writes will be done and the stream will be closed from the client side.
+   *
+   * @see ClientCall#halfClose()
+   */
+  public void halfClose() {
+    if (writeClosed) {
+      throw new IllegalStateException(
+          "halfClose cannot be called after already half closed or cancelled");
+    }
+
+    writeClosed = true;
+    call.halfClose();
+  }
+
+  /**
+   * Status that server sent when closing channel from its side.
+   *
+   * @return null if stream not closed by server, otherwise Status sent by server
+   */
+  @VisibleForTesting
+  Status getClosedStatus() {
+    drainQuietly();
+    return closedStatus;
+  }
+
+  /**
+   * Check for whether some action is ready.
+   *
+   * @return True if legal to write and writeOrRead can run without blocking
+   */
+  @VisibleForTesting
+  boolean isEitherReadOrWriteReady() {
+    return (isWriteLegal() && isWriteReady()) || isReadReady();
+  }
+
+  /**
+   * Check whether there are any values waiting to be read.
+   *
+   * @return true if read will not block
+   */
+  @VisibleForTesting
+  boolean isReadReady() {
+    drainQuietly();
+
+    return !buffer.isEmpty();
+  }
+
+  /**
+   * Check that write hasn't been marked complete and stream is ready to receive a write (so will
+   * not block).
+   *
+   * @return true if legal to write and write will not block
+   */
+  @VisibleForTesting
+  boolean isWriteReady() {
+    drainQuietly();
+
+    return isWriteLegal() && call.isReady();
+  }
+
+  /**
+   * Check whether we'll ever be able to do writes or should terminate.
+   * @return True if writes haven't been closed and the server hasn't closed the stream
+   */
+  private boolean isWriteLegal() {
+    return !writeClosed && closedStatus == null;
+  }
+
+  ClientCall.Listener<RespT> getListener() {
+    return new QueuingListener();
+  }
+
+  private void drainQuietly() {
+    try {
+      executor.drain();
+    } catch (InterruptedException e) {
+      Thread.currentThread().interrupt();
+    }
+  }
+
+  private final class QueuingListener extends ClientCall.Listener<RespT> {
+    @Override
+    public void onMessage(RespT value) {
+      Preconditions.checkState(closedStatus == null, "ClientCall already closed");
+      buffer.add(value);
+    }
+
+    @Override
+    public void onClose(Status status, Metadata trailers) {
+      Preconditions.checkState(closedStatus == null, "ClientCall already closed");
+      closedStatus = status;
+    }
+  }
+
+}
diff --git a/stub/src/main/java/io/grpc/stub/ClientCalls.java b/stub/src/main/java/io/grpc/stub/ClientCalls.java
index 13fb00d3b3e..f307c806489 100644
--- a/stub/src/main/java/io/grpc/stub/ClientCalls.java
+++ b/stub/src/main/java/io/grpc/stub/ClientCalls.java
@@ -22,12 +22,14 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Preconditions;
+import com.google.common.base.Predicate;
 import com.google.common.base.Strings;
 import com.google.common.util.concurrent.AbstractFuture;
 import com.google.common.util.concurrent.ListenableFuture;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
+import io.grpc.ExperimentalApi;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.Status;
@@ -42,9 +44,14 @@
 import java.util.concurrent.Executor;
 import java.util.concurrent.Future;
 import java.util.concurrent.RejectedExecutionException;
+import java.util.concurrent.TimeoutException;
+import java.util.concurrent.locks.Condition;
+import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.LockSupport;
+import java.util.concurrent.locks.ReentrantLock;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
 /**
@@ -184,7 +191,6 @@ public static <ReqT, RespT> RespT blockingUnaryCall(
    *
    * @return an iterator over the response stream.
    */
-  // TODO(louiscryan): Not clear if we want to use this idiom for 'simple' stubs.
   public static <ReqT, RespT> Iterator<RespT> blockingServerStreamingCall(
       ClientCall<ReqT, RespT> call, ReqT req) {
     BlockingResponseStream<RespT> result = new BlockingResponseStream<>(call);
@@ -194,11 +200,12 @@ public static <ReqT, RespT> Iterator<RespT> blockingServerStreamingCall(
 
   /**
    * Executes a server-streaming call returning a blocking {@link Iterator} over the
-   * response stream.  The {@code call} should not be already started.  After calling this method,
-   * {@code call} should no longer be used.
+   * response stream.
    *
    * <p>The returned iterator may throw {@link StatusRuntimeException} on error.
    *
+   * <p>Warning:  the iterator can result in leaks if not completely consumed.
+   *
    * @return an iterator over the response stream.
    */
   public static <ReqT, RespT> Iterator<RespT> blockingServerStreamingCall(
@@ -211,6 +218,82 @@ public static <ReqT, RespT> Iterator<RespT> blockingServerStreamingCall(
     return result;
   }
 
+  /**
+   * Initiates a client streaming call over the specified channel.  It returns an
+   * object which can be used in a blocking manner to retrieve responses..
+   *
+   * <p>The methods {@link BlockingClientCall#hasNext()} and {@link
+   * BlockingClientCall#cancel(String, Throwable)} can be used for more extensive control.
+   *
+   * @return A {@link BlockingClientCall} that has had the request sent and halfClose called
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+  public static <ReqT, RespT> BlockingClientCall<ReqT, RespT> blockingV2ServerStreamingCall(
+      Channel channel, MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, ReqT req) {
+    BlockingClientCall<ReqT, RespT> call =
+        blockingBidiStreamingCall(channel, method, callOptions);
+
+    call.sendSingleRequest(req);
+    call.halfClose();
+    return call;
+  }
+
+  /**
+   * Initiates a server streaming call and sends the specified request to the server.  It returns an
+   * object which can be used in a blocking manner to retrieve values from the server.  After the
+   * last value has been read, the next read call will return null.
+   *
+   * <p>Call {@link BlockingClientCall#read()} for
+   * retrieving values.  A {@code null} will be returned after the server has closed the stream.
+   *
+   * <p>The methods {@link BlockingClientCall#hasNext()} and {@link
+   * BlockingClientCall#cancel(String, Throwable)} can be used for more extensive control.
+   *
+   * <p><br> Example usage:
+   * <pre> {@code  while ((response = call.read()) != null) { ... } } </pre>
+   * or
+   * <pre> {@code
+   *   while (call.hasNext()) {
+   *     response = call.read();
+   *     ...
+   *   }
+   * } </pre>
+   *
+   * <p>Note that this paradigm is different from the original
+   * {@link #blockingServerStreamingCall(Channel, MethodDescriptor, CallOptions, Object)}
+   * which returns an iterator, which would leave the stream open if not completely consumed.
+   *
+   * @return A {@link BlockingClientCall} which can be used by the client to write and receive
+   *     messages over the grpc channel.
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+  public static <ReqT, RespT> BlockingClientCall<ReqT, RespT> blockingClientStreamingCall(
+      Channel channel, MethodDescriptor<ReqT, RespT> method, CallOptions callOptions) {
+    return blockingBidiStreamingCall(channel, method, callOptions);
+  }
+
+  /**
+   * Initiate a bidirectional-streaming {@link ClientCall} and returning a stream object
+   * ({@link BlockingClientCall}) which can be used by the client to send and receive messages over
+   * the grpc channel.
+   *
+   * @return an object representing the call which can be used to read, write and terminate it.
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+  public static <ReqT, RespT> BlockingClientCall<ReqT, RespT> blockingBidiStreamingCall(
+      Channel channel, MethodDescriptor<ReqT, RespT> method, CallOptions callOptions) {
+    ThreadSafeThreadlessExecutor executor = new ThreadSafeThreadlessExecutor();
+    ClientCall<ReqT, RespT> call = channel.newCall(method, callOptions.withExecutor(executor));
+
+    BlockingClientCall<ReqT, RespT> blockingClientCall = new BlockingClientCall<>(call, executor);
+
+    // Get the call started
+    call.start(blockingClientCall.getListener(), new Metadata());
+    call.request(1);
+
+    return blockingClientCall;
+  }
+
   /**
    * Executes a unary call and returns a {@link ListenableFuture} to the response.  The
    * {@code call} should not be already started.  After calling this method, {@code call} should no
@@ -414,7 +497,7 @@ public void disableAutoRequestWithInitial(int request) {
     public void request(int count) {
       if (!streamingResponse && count == 1) {
         // Initially ask for two responses from flow-control so that if a misbehaving server
-        // sends more than one responses, we can catch it and fail it in the listener.
+        // sends more than one response, we can catch it and fail it in the listener.
         call.request(2);
       } else {
         call.request(count);
@@ -637,7 +720,7 @@ public boolean hasNext() {
     public T next() {
       // Eagerly call request(1) so it can be processing the next message while we wait for the
       // current one, which reduces latency for the next message. With MigratingThreadDeframer and
-      // if the data has already been recieved, every other message can be delivered instantly. This
+      // if the data has already been received, every other message can be delivered instantly. This
       // can be run after hasNext(), but just would be slower.
       if (!(last instanceof StatusRuntimeException) && last != this) {
         call.request(1);
@@ -726,6 +809,12 @@ public void waitAndDrain() throws InterruptedException {
       } while ((runnable = poll()) != null);
     }
 
+    private static void throwIfInterrupted() throws InterruptedException {
+      if (Thread.interrupted()) {
+        throw new InterruptedException();
+      }
+    }
+
     /**
      * Called after final call to {@link #waitAndDrain()}, from same thread.
      */
@@ -745,12 +834,6 @@ private static void runQuietly(Runnable runnable) {
       }
     }
 
-    private static void throwIfInterrupted() throws InterruptedException {
-      if (Thread.interrupted()) {
-        throw new InterruptedException();
-      }
-    }
-
     @Override
     public void execute(Runnable runnable) {
       add(runnable);
@@ -763,6 +846,131 @@ public void execute(Runnable runnable) {
     }
   }
 
+  @SuppressWarnings("serial")
+  static final class ThreadSafeThreadlessExecutor extends ConcurrentLinkedQueue<Runnable>
+      implements Executor {
+    private static final Logger log =
+        Logger.getLogger(ThreadSafeThreadlessExecutor.class.getName());
+
+    private final Lock waiterLock = new ReentrantLock();
+    private final Condition waiterCondition = waiterLock.newCondition();
+
+    // Non private to avoid synthetic class
+    ThreadSafeThreadlessExecutor() {}
+
+    /**
+     * Waits until there is a Runnable, then executes it and all queued Runnables after it.
+     */
+    public <T> void waitAndDrain(Predicate<T> predicate, T testTarget) throws InterruptedException {
+      try {
+        waitAndDrainWithTimeout(true, 0, predicate, testTarget);
+      } catch (TimeoutException e) {
+        throw new AssertionError(e); // Should never happen
+      }
+    }
+
+    /**
+     * Waits for up to specified nanoseconds until there is a Runnable, then executes it and all
+     * queued Runnables after it.
+     *
+     * <p>his should always be called in a loop that checks whether the reason we are waiting has
+     * been satisfied.</p>T
+     *
+     * @param waitForever ignore the rest of the arguments and wait until there is a task to run
+     * @param end System.nanoTime() to stop waiting if haven't been woken up yet
+     * @param predicate non-null condition to test for skipping wake or waking up threads
+     * @param testTarget object to pass to predicate
+     */
+    public <T> void waitAndDrainWithTimeout(boolean waitForever, long end,
+                                            @Nonnull Predicate<T> predicate, T testTarget)
+        throws InterruptedException, TimeoutException {
+      throwIfInterrupted();
+      Runnable runnable;
+
+      while (!predicate.apply(testTarget)) {
+        waiterLock.lock();
+        try {
+          while ((runnable = poll()) == null) {
+            if (predicate.apply(testTarget)) {
+              return; // The condition for which we were waiting is now satisfied
+            }
+
+            if (waitForever) {
+              waiterCondition.await();
+            } else {
+              long waitNanos = end - System.nanoTime();
+              if (waitNanos <= 0) {
+                throw new TimeoutException(); // Deadline is expired
+              }
+              waiterCondition.awaitNanos(waitNanos);
+            }
+          }
+        } finally {
+          waiterLock.unlock();
+        }
+
+        do {
+          runQuietly(runnable);
+        } while ((runnable = poll()) != null);
+        // Wake everything up now that we've done something and they can check in their outer loop
+        // if they can continue or need to wait again.
+        signallAll();
+      }
+    }
+
+    /**
+     * Executes all queued Runnables and if there were any wakes up any waiting threads.
+     */
+    public void drain() throws InterruptedException {
+      throwIfInterrupted();
+      Runnable runnable;
+      boolean didWork = false;
+
+      while ((runnable = poll()) != null) {
+        runQuietly(runnable);
+        didWork = true;
+      }
+
+      if (didWork) {
+        signallAll();
+      }
+    }
+
+    private void signallAll() {
+      waiterLock.lock();
+      try {
+        waiterCondition.signalAll();
+      } finally {
+        waiterLock.unlock();
+      }
+    }
+
+    private static void runQuietly(Runnable runnable) {
+      try {
+        runnable.run();
+      } catch (Throwable t) {
+        log.log(Level.WARNING, "Runnable threw exception", t);
+      }
+    }
+
+    private static void throwIfInterrupted() throws InterruptedException {
+      if (Thread.interrupted()) {
+        throw new InterruptedException();
+      }
+    }
+
+    @Override
+    public void execute(Runnable runnable) {
+      waiterLock.lock();
+      try {
+        add(runnable);
+        waiterCondition.signalAll(); // If anything is waiting let it wake up and process this task
+      } finally {
+        waiterLock.unlock();
+      }
+    }
+  }
+
   enum StubType {
     BLOCKING, FUTURE, ASYNC
   }
diff --git a/stub/src/test/java/io/grpc/stub/BlockingClientCallTest.java b/stub/src/test/java/io/grpc/stub/BlockingClientCallTest.java
new file mode 100644
index 00000000000..112b092eaed
--- /dev/null
+++ b/stub/src/test/java/io/grpc/stub/BlockingClientCallTest.java
@@ -0,0 +1,520 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.stub;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import io.grpc.CallOptions;
+import io.grpc.ManagedChannel;
+import io.grpc.MethodDescriptor;
+import io.grpc.MethodDescriptor.MethodType;
+import io.grpc.Server;
+import io.grpc.ServerServiceDefinition;
+import io.grpc.ServiceDescriptor;
+import io.grpc.Status;
+import io.grpc.Status.Code;
+import io.grpc.StatusException;
+import io.grpc.inprocess.InProcessChannelBuilder;
+import io.grpc.inprocess.InProcessServerBuilder;
+import io.grpc.stub.ServerCalls.BidiStreamingMethod;
+import io.grpc.stub.ServerCallsTest.IntegerMarshaller;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.logging.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class BlockingClientCallTest {
+  private static final Logger logger = Logger.getLogger(BlockingClientCallTest.class.getName());
+
+  public static final int DELAY_MILLIS = 2000;
+  public static final long DELAY_NANOS = TimeUnit.MILLISECONDS.toNanos(DELAY_MILLIS);
+  private static final MethodDescriptor<Integer, Integer> BIDI_STREAMING_METHOD =
+      MethodDescriptor.<Integer, Integer>newBuilder()
+          .setType(MethodType.BIDI_STREAMING)
+          .setFullMethodName("some/method")
+          .setRequestMarshaller(new IntegerMarshaller())
+          .setResponseMarshaller(new IntegerMarshaller())
+          .build();
+
+  private Server server;
+
+  private ManagedChannel channel;
+
+  private IntegerTestMethod testMethod;
+  private BlockingClientCall<Integer, Integer> biDiStream;
+
+  @Before
+  public void setUp() throws Exception {
+    testMethod = new IntegerTestMethod();
+
+    ServerServiceDefinition service = ServerServiceDefinition.builder(
+            new ServiceDescriptor("some", BIDI_STREAMING_METHOD))
+        .addMethod(BIDI_STREAMING_METHOD, ServerCalls.asyncBidiStreamingCall(testMethod))
+        .build();
+    long tag = System.nanoTime();
+
+    server = InProcessServerBuilder.forName("go-with-the-flow" + tag).directExecutor()
+        .addService(service).build().start();
+
+    channel = InProcessChannelBuilder.forName("go-with-the-flow" + tag).directExecutor().build();
+  }
+
+  @After
+  public void tearDown() {
+    if (server != null) {
+      server.shutdownNow();
+    }
+    if (channel != null) {
+      channel.shutdownNow();
+    }
+    if (biDiStream != null) {
+      biDiStream.cancel("In teardown", null);
+    }
+  }
+
+  @Test
+  public void sanityTest() throws Exception {
+    Integer req = 2;
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    //  verify activity ready
+    assertTrue(biDiStream.isEitherReadOrWriteReady());
+    assertTrue(biDiStream.isWriteReady());
+
+    // Have server send a value
+    testMethod.sendValueToClient(10);
+
+    // Do a writeOrRead
+    biDiStream.write(req, 3, TimeUnit.SECONDS);
+    assertEquals(Integer.valueOf(10), biDiStream.read(DELAY_MILLIS, TimeUnit.MILLISECONDS));
+
+    // mark complete
+    biDiStream.halfClose();
+    assertNull(biDiStream.read(2, TimeUnit.SECONDS));
+
+    // verify activity !ready and !writeable
+    assertFalse(biDiStream.isEitherReadOrWriteReady());
+    assertFalse(biDiStream.isWriteReady());
+
+    assertEquals(Code.OK, biDiStream.getClosedStatus().getCode());
+  }
+
+  @Test
+  public void testReadSuccess_withoutBlocking() throws Exception {
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    // Have server push a value
+    testMethod.sendValueToClient(11);
+
+    long start = System.nanoTime();
+    Integer value = biDiStream.read(100, TimeUnit.SECONDS);
+    assertNotNull(value);
+    long timeTaken = System.nanoTime() - start;
+    assertThat(timeTaken).isLessThan(TimeUnit.MILLISECONDS.toNanos(100));
+  }
+
+  @Test
+  public void testReadSuccess_withBlocking() throws Exception {
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    try {
+      biDiStream.read(1, TimeUnit.SECONDS);
+      fail("Expected timeout");
+    } catch (TimeoutException t) {
+      // ignore
+    }
+
+    long start = System.nanoTime();
+    delayedAddValue(DELAY_MILLIS, 12);
+    assertNotNull(biDiStream.read(DELAY_MILLIS * 2, TimeUnit.MILLISECONDS));
+    long timeTaken = System.nanoTime() - start;
+    assertThat(timeTaken).isGreaterThan(DELAY_NANOS);
+    assertThat(timeTaken).isLessThan(DELAY_NANOS * 2);
+
+    start = System.nanoTime();
+    Integer[] values = {13, 14, 15, 16};
+    delayedAddValue(DELAY_MILLIS, values);
+    for (Integer value : values) {
+      Integer readValue = biDiStream.read(DELAY_MILLIS * 2, TimeUnit.MILLISECONDS);
+      assertEquals(value, readValue);
+    }
+    timeTaken = System.nanoTime() - start;
+    assertThat(timeTaken).isLessThan(DELAY_NANOS * 2);
+    assertThat(timeTaken).isAtLeast(DELAY_NANOS);
+
+    start = System.nanoTime();
+    delayedVoidMethod(100, testMethod::halfClose);
+    assertNull(biDiStream.read(DELAY_MILLIS * 2, TimeUnit.MILLISECONDS));
+    timeTaken = System.nanoTime() - start;
+    assertThat(timeTaken).isLessThan(DELAY_NANOS);
+  }
+
+  @Test
+  public void testCancel() throws Exception {
+    testMethod.disableAutoRequest();
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    // read terminated
+    long start = System.currentTimeMillis();
+    delayedCancel(biDiStream, "cancel read");
+    try {
+      assertNull(biDiStream.read(2 * DELAY_MILLIS, TimeUnit.MILLISECONDS));
+      fail("No exception thrown by read after cancel");
+    } catch (StatusException e) {
+      assertEquals(Status.CANCELLED.getCode(), e.getStatus().getCode());
+      assertThat(System.currentTimeMillis() - start).isLessThan(2 * DELAY_MILLIS);
+    }
+
+    // write terminated
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+    start = System.currentTimeMillis();
+    delayedCancel(biDiStream, "cancel write");
+
+    // Write interrupted by cancel
+    try {
+      assertFalse(biDiStream.write(30)); // this is interrupted by cancel
+      fail("No exception thrown when write was interrupted by cancel");
+    } catch (StatusException e) {
+      assertEquals(Status.CANCELLED.getCode(), e.getStatus().getCode());
+    }
+
+    // Write after cancel
+    try {
+      start = System.currentTimeMillis();
+      biDiStream.write(30);
+      fail("No exception doing write after cancel");
+    } catch (IllegalStateException e) {
+      assertThat(System.currentTimeMillis() - start).isLessThan(200);
+      assertThat(e.getMessage()).contains("cancel");
+    }
+
+    // new read after cancel immediately throws an exception
+    try {
+      start = System.currentTimeMillis();
+      assertNull(biDiStream.read(2, TimeUnit.SECONDS));
+    } catch (StatusException e) {
+      assertEquals(Status.CANCELLED.getCode(), e.getStatus().getCode());
+      assertThat(System.currentTimeMillis() - start).isLessThan(200);
+    }
+
+  }
+
+  @Test
+  public void testIsActivityReady() throws Exception {
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    // write only ready
+    assertTrue(biDiStream.isEitherReadOrWriteReady());
+    assertTrue(biDiStream.isWriteReady());
+    assertFalse(biDiStream.isReadReady());
+
+    // both ready
+    testMethod.sendValueToClient(40);
+    assertTrue(biDiStream.isEitherReadOrWriteReady());
+    assertTrue(biDiStream.isReadReady());
+    assertTrue(biDiStream.isWriteReady());
+
+    // read only ready
+    biDiStream.halfClose();
+    assertTrue(biDiStream.isEitherReadOrWriteReady());
+    assertTrue(biDiStream.isReadReady());
+    assertFalse(biDiStream.isWriteReady());
+
+    // Neither ready
+    assertNotNull(biDiStream.read(1, TimeUnit.MILLISECONDS));
+    assertFalse(biDiStream.isEitherReadOrWriteReady());
+    assertFalse(biDiStream.isReadReady());
+    assertFalse(biDiStream.isWriteReady());
+  }
+
+  @Test
+  public void testWriteSuccess_withBlocking() throws Exception {
+    testMethod.disableAutoRequest();
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    assertFalse(biDiStream.isWriteReady());
+    delayedWriteEnable(500);
+    assertTrue(biDiStream.write(40));
+
+    delayedWriteEnable(500);
+    assertTrue(biDiStream.write(41, 0, TimeUnit.NANOSECONDS));
+  }
+
+
+  @Test
+  public void testReadNonblocking_whenWriteBlocked() throws Exception {
+    testMethod.disableAutoRequest();
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    // One value waiting
+    testMethod.sendValueToClient(50);
+    long start = System.currentTimeMillis();
+    assertEquals(Integer.valueOf(50), biDiStream.read());
+    assertThat(System.currentTimeMillis() - start).isLessThan(DELAY_MILLIS);
+
+    // Two values waiting
+    start = System.currentTimeMillis();
+    testMethod.sendValuesToClient(51, 52);
+    assertEquals(Integer.valueOf(51), biDiStream.read());
+    assertEquals(Integer.valueOf(52), biDiStream.read());
+    assertThat(System.currentTimeMillis() - start).isLessThan(DELAY_MILLIS);
+  }
+
+  @Test
+  public void testReadsAndWritesInterleaved_withBlocking() throws Exception {
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    Integer[] valuesOut = {1001, 10022, 1003};
+    Integer[] valuesIn = new Integer[valuesOut.length];
+    delayedAddValue(300, valuesOut);
+    int iteration = 0;
+    for (int i = 0; i < valuesOut.length && iteration++ < (20 + valuesOut.length); ) {
+      try {
+        if ((valuesIn[i] = biDiStream.read(50, TimeUnit.MILLISECONDS)) != null) {
+          i++;
+        }
+      } catch (TimeoutException e) {
+        logger.info("Read timed out for " + i);
+      }
+    }
+    assertArrayEquals(valuesOut, valuesIn);
+  }
+
+  @Test
+  public void testReadsAndWritesInterleaved_BlockingWrites() throws Exception {
+    testMethod.disableAutoRequest();
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel, BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    testMethod.sendValuesToClient(10, 11, 12);
+    delayedWriteEnable(500);
+    long start = System.currentTimeMillis();
+    boolean done = false;
+    int count = 0;
+    while (!done) {
+      count++;
+      if (!biDiStream.isWriteReady() && biDiStream.isReadReady()) {
+        biDiStream.read(100, TimeUnit.MILLISECONDS);
+      } else {
+        done = biDiStream.write(100, 1, TimeUnit.SECONDS);
+      }
+    }
+    assertEquals(4, count);
+    assertThat(System.currentTimeMillis() - start).isLessThan(700);
+
+    testMethod.sendValuesToClient(20, 21, 22);
+    delayedWriteEnable(100);
+    while (!biDiStream.isWriteReady()) {
+      Thread.sleep(20);
+    }
+
+    assertTrue(biDiStream.write(1000, 2 * DELAY_MILLIS, TimeUnit.MILLISECONDS));
+
+    assertEquals(Integer.valueOf(20), biDiStream.read(200, TimeUnit.MILLISECONDS));
+    assertEquals(Integer.valueOf(21), biDiStream.read(200, TimeUnit.MILLISECONDS));
+    assertEquals(Integer.valueOf(22), biDiStream.read(200, TimeUnit.MILLISECONDS));
+    try {
+      Integer value = biDiStream.read(200, TimeUnit.MILLISECONDS);
+      fail("Unexpected read success instead of timeout.  Value was: " + value);
+    } catch (TimeoutException ignore) {
+      // ignore since expected
+    }
+  }
+
+  @Test
+  public void testWriteCompleted() throws Exception {
+    testMethod.disableAutoRequest();
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    // Verify pending write released
+    long start = System.currentTimeMillis();
+    delayedVoidMethod(DELAY_MILLIS, biDiStream::halfClose);
+    assertFalse(biDiStream.write(1)); // should block until writeComplete is triggered
+    long end = System.currentTimeMillis();
+    assertThat(end - start).isAtLeast(DELAY_MILLIS);
+
+    // verify new writes throw an illegalStateException
+    try {
+      assertFalse(biDiStream.write(2));
+      fail("write did not throw an exception when called after halfClose");
+    } catch (IllegalStateException e) {
+      assertThat(e.getMessage()).containsMatch("after.*halfClose.*cancel");
+    }
+
+    // verify pending write with timeout released
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+    delayedVoidMethod(DELAY_MILLIS, biDiStream::halfClose);
+    assertFalse(biDiStream.write(3, 2 * DELAY_MILLIS, TimeUnit.MILLISECONDS));
+  }
+
+  @Test
+  public void testClose_withException() throws Exception {
+    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
+        CallOptions.DEFAULT);
+
+    String descr = "too many small numbers";
+    testMethod.sendError(
+        Status.FAILED_PRECONDITION.withDescription(descr).asRuntimeException());
+    Status closedStatus = biDiStream.getClosedStatus();
+    assertEquals(Code.FAILED_PRECONDITION, closedStatus.getCode());
+    assertEquals(descr, closedStatus.getDescription());
+    try {
+      assertFalse(biDiStream.write(1));
+    } catch (StatusException e) {
+      assertThat(e.getMessage()).startsWith("FAILED_PRECONDITION");
+    }
+  }
+
+  private void delayedAddValue(int delayMillis, Integer... values) {
+    new Thread("delayedAddValue " + values.length) {
+      @Override
+      public void run() {
+        try {
+          Thread.sleep(delayMillis);
+          for (Integer cur : values) {
+            testMethod.sendValueToClient(cur);
+          }
+        } catch (InterruptedException e) {
+          throw new RuntimeException(e);
+        }
+      }
+    }.start();
+  }
+
+  public interface Thunk { void apply(); } // supports passing void method w/out args
+
+  private void delayedVoidMethod(int delayMillis, Thunk method) {
+    new Thread("delayedHalfClose") {
+      @Override
+      public void run() {
+        try {
+          Thread.sleep(delayMillis);
+          method.apply();
+        } catch (InterruptedException e) {
+          throw new RuntimeException(e);
+        }
+      }
+    }.start();
+  }
+
+  private void delayedWriteEnable(int delayMillis) {
+    delayedVoidMethod(delayMillis, testMethod::readValueFromClient);
+  }
+
+  private void delayedCancel(BlockingClientCall<Integer, Integer> biDiStream, String message) {
+    new Thread("delayedCancel") {
+      @Override
+      public void run() {
+        try {
+          Thread.sleep(BlockingClientCallTest.DELAY_MILLIS);
+          biDiStream.cancel(message, new RuntimeException("Test requested close"));
+        } catch (InterruptedException e) {
+          throw new RuntimeException(e);
+        }
+      }
+    }.start();
+  }
+
+  private static class IntegerTestMethod implements BidiStreamingMethod<Integer, Integer> {
+    boolean autoRequest = true;
+
+    void disableAutoRequest() {
+      assertNull("Can't disable auto request after invoke has been called", serverCallObserver);
+      autoRequest = false;
+    }
+
+    ServerCallStreamObserver<Integer> serverCallObserver;
+
+    @Override
+    public StreamObserver<Integer> invoke(StreamObserver<Integer> responseObserver) {
+      serverCallObserver = (ServerCallStreamObserver<Integer>) responseObserver;
+      if (!autoRequest) {
+        serverCallObserver.disableAutoRequest();
+      }
+
+      return new StreamObserver<Integer>() {
+        @Override
+        public void onNext(Integer value) {
+          if (!autoRequest) {
+            serverCallObserver.request(1);
+          }
+
+          // For testing ReqResp actions
+          if (value > 1000) {
+            serverCallObserver.onNext(value);
+          }
+        }
+
+        @Override
+        public void onError(Throwable t) {
+          // no-op
+        }
+
+        @Override
+        public void onCompleted() {
+          serverCallObserver.onCompleted();
+        }
+      };
+    }
+
+    void readValueFromClient() {
+      serverCallObserver.request(1);
+    }
+
+    void sendValueToClient(int value) {
+      serverCallObserver.onNext(value);
+    }
+
+    private void sendValuesToClient(int ...values) {
+      for (int cur : values) {
+        sendValueToClient(cur);
+      }
+    }
+
+    void halfClose() {
+      serverCallObserver.onCompleted();
+    }
+
+    void sendError(Throwable t) {
+      serverCallObserver.onError(t);
+    }
+  }
+
+}
diff --git a/stub/src/test/java/io/grpc/stub/ClientCallsTest.java b/stub/src/test/java/io/grpc/stub/ClientCallsTest.java
index f3d101b862a..b711b2a23b5 100644
--- a/stub/src/test/java/io/grpc/stub/ClientCallsTest.java
+++ b/stub/src/test/java/io/grpc/stub/ClientCallsTest.java
@@ -971,8 +971,8 @@ public <ReqT,RespT> ClientCall<ReqT, RespT> interceptCall(
         }
 
         @Override public void halfClose() {
-          Thread.currentThread().interrupt();
           super.halfClose();
+          Thread.currentThread().interrupt();
         }
       };
     }
diff --git a/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java b/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
index 8c58f2c5a2c..fac753a1b32 100644
--- a/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
+++ b/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
@@ -156,6 +156,21 @@ public SimpleServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions ca
     return SimpleServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static SimpleServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<SimpleServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<SimpleServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public SimpleServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new SimpleServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return SimpleServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -318,6 +333,72 @@ public io.grpc.stub.StreamObserver<io.grpc.testing.protobuf.SimpleRequest> bidiS
    * A simple service for test.
    * </pre>
    */
+  public static final class SimpleServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<SimpleServiceBlockingV2Stub> {
+    private SimpleServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected SimpleServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new SimpleServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Simple unary RPC.
+     * </pre>
+     */
+    public io.grpc.testing.protobuf.SimpleResponse unaryRpc(io.grpc.testing.protobuf.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUnaryRpcMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Simple client-to-server streaming RPC.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.protobuf.SimpleRequest, io.grpc.testing.protobuf.SimpleResponse>
+        clientStreamingRpc() {
+      return io.grpc.stub.ClientCalls.blockingClientStreamingCall(
+          getChannel(), getClientStreamingRpcMethod(), getCallOptions());
+    }
+
+    /**
+     * <pre>
+     * Simple server-to-client streaming RPC.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, io.grpc.testing.protobuf.SimpleResponse>
+        serverStreamingRpc(io.grpc.testing.protobuf.SimpleRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getServerStreamingRpcMethod(), getCallOptions(), request);
+    }
+
+    /**
+     * <pre>
+     * Simple bidirectional streaming RPC.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.grpc.testing.protobuf.SimpleRequest, io.grpc.testing.protobuf.SimpleResponse>
+        bidiStreamingRpc() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getBidiStreamingRpcMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service SimpleService.
+   * <pre>
+   * A simple service for test.
+   * </pre>
+   */
   public static final class SimpleServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<SimpleServiceBlockingStub> {
     private SimpleServiceBlockingStub(
diff --git a/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java b/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
index de2c7424fca..bb74f2e0cb2 100644
--- a/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
@@ -70,6 +70,21 @@ public OpenRcaServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions c
     return OpenRcaServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static OpenRcaServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<OpenRcaServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<OpenRcaServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public OpenRcaServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new OpenRcaServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return OpenRcaServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -191,6 +206,42 @@ public void streamCoreMetrics(com.github.xds.service.orca.v3.OrcaLoadReportReque
    * a new call to change backend reporting frequency.
    * </pre>
    */
+  public static final class OpenRcaServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<OpenRcaServiceBlockingV2Stub> {
+    private OpenRcaServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected OpenRcaServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new OpenRcaServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<?, com.github.xds.data.orca.v3.OrcaLoadReport>
+        streamCoreMetrics(com.github.xds.service.orca.v3.OrcaLoadReportRequest request) {
+      return io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall(
+          getChannel(), getStreamCoreMetricsMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service OpenRcaService.
+   * <pre>
+   * Out-of-band (OOB) load reporting service for the additional load reporting
+   * agent that does not sit in the request path. Reports are periodically sampled
+   * with sufficient frequency to provide temporal association with requests.
+   * OOB reporting compensates the limitation of in-band reporting in revealing
+   * costs for backends that do not provide a steady stream of telemetry such as
+   * long running stream operations and zero QPS services. This is a server
+   * streaming service, client needs to terminate current RPC and initiate
+   * a new call to change backend reporting frequency.
+   * </pre>
+   */
   public static final class OpenRcaServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<OpenRcaServiceBlockingStub> {
     private OpenRcaServiceBlockingStub(
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
index e039c2193e8..192b23a3db1 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
@@ -99,6 +99,21 @@ public AggregatedDiscoveryServiceStub newStub(io.grpc.Channel channel, io.grpc.C
     return AggregatedDiscoveryServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static AggregatedDiscoveryServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<AggregatedDiscoveryServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<AggregatedDiscoveryServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public AggregatedDiscoveryServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new AggregatedDiscoveryServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return AggregatedDiscoveryServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -233,6 +248,52 @@ public io.grpc.stub.StreamObserver<io.envoyproxy.envoy.service.discovery.v3.Delt
    * the multiplexed singleton APIs at the Envoy instance and management server.
    * </pre>
    */
+  public static final class AggregatedDiscoveryServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<AggregatedDiscoveryServiceBlockingV2Stub> {
+    private AggregatedDiscoveryServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected AggregatedDiscoveryServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new AggregatedDiscoveryServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * This is a gRPC-only API.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.envoyproxy.envoy.service.discovery.v3.DiscoveryRequest, io.envoyproxy.envoy.service.discovery.v3.DiscoveryResponse>
+        streamAggregatedResources() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getStreamAggregatedResourcesMethod(), getCallOptions());
+    }
+
+    /**
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.envoyproxy.envoy.service.discovery.v3.DeltaDiscoveryRequest, io.envoyproxy.envoy.service.discovery.v3.DeltaDiscoveryResponse>
+        deltaAggregatedResources() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getDeltaAggregatedResourcesMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service AggregatedDiscoveryService.
+   * <pre>
+   * See https://github.com/envoyproxy/envoy-api#apis for a description of the role of
+   * ADS and how it is intended to be used by a management server. ADS requests
+   * have the same structure as their singleton xDS counterparts, but can
+   * multiplex many resource types on a single stream. The type_url in the
+   * DiscoveryRequest/DiscoveryResponse provides sufficient information to recover
+   * the multiplexed singleton APIs at the Envoy instance and management server.
+   * </pre>
+   */
   public static final class AggregatedDiscoveryServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<AggregatedDiscoveryServiceBlockingStub> {
     private AggregatedDiscoveryServiceBlockingStub(
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
index 2adbf02e98a..fbe8dd5a5ec 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
@@ -60,6 +60,21 @@ public LoadReportingServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOpt
     return LoadReportingServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static LoadReportingServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<LoadReportingServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<LoadReportingServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public LoadReportingServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new LoadReportingServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return LoadReportingServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -199,6 +214,61 @@ public io.grpc.stub.StreamObserver<io.envoyproxy.envoy.service.load_stats.v3.Loa
   /**
    * A stub to allow clients to do synchronous rpc calls to service LoadReportingService.
    */
+  public static final class LoadReportingServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<LoadReportingServiceBlockingV2Stub> {
+    private LoadReportingServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected LoadReportingServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new LoadReportingServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Advanced API to allow for multi-dimensional load balancing by remote
+     * server. For receiving LB assignments, the steps are:
+     * 1, The management server is configured with per cluster/zone/load metric
+     *    capacity configuration. The capacity configuration definition is
+     *    outside of the scope of this document.
+     * 2. Envoy issues a standard {Stream,Fetch}Endpoints request for the clusters
+     *    to balance.
+     * Independently, Envoy will initiate a StreamLoadStats bidi stream with a
+     * management server:
+     * 1. Once a connection establishes, the management server publishes a
+     *    LoadStatsResponse for all clusters it is interested in learning load
+     *    stats about.
+     * 2. For each cluster, Envoy load balances incoming traffic to upstream hosts
+     *    based on per-zone weights and/or per-instance weights (if specified)
+     *    based on intra-zone LbPolicy. This information comes from the above
+     *    {Stream,Fetch}Endpoints.
+     * 3. When upstream hosts reply, they optionally add header &lt;define header
+     *    name&gt; with ASCII representation of EndpointLoadMetricStats.
+     * 4. Envoy aggregates load reports over the period of time given to it in
+     *    LoadStatsResponse.load_reporting_interval. This includes aggregation
+     *    stats Envoy maintains by itself (total_requests, rpc_errors etc.) as
+     *    well as load metrics from upstream hosts.
+     * 5. When the timer of load_reporting_interval expires, Envoy sends new
+     *    LoadStatsRequest filled with load reports for each cluster.
+     * 6. The management server uses the load reports from all reported Envoys
+     *    from around the world, computes global assignment and prepares traffic
+     *    assignment destined for each zone Envoys are located in. Goto 2.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.envoyproxy.envoy.service.load_stats.v3.LoadStatsRequest, io.envoyproxy.envoy.service.load_stats.v3.LoadStatsResponse>
+        streamLoadStats() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getStreamLoadStatsMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service LoadReportingService.
+   */
   public static final class LoadReportingServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<LoadReportingServiceBlockingStub> {
     private LoadReportingServiceBlockingStub(
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
index 2cbb7536d4c..fa1d235f082 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
@@ -63,6 +63,21 @@ public RateLimitQuotaServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOp
     return RateLimitQuotaServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static RateLimitQuotaServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<RateLimitQuotaServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<RateLimitQuotaServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public RateLimitQuotaServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new RateLimitQuotaServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return RateLimitQuotaServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -164,6 +179,39 @@ public io.grpc.stub.StreamObserver<io.envoyproxy.envoy.service.rate_limit_quota.
    * Defines the Rate Limit Quota Service (RLQS).
    * </pre>
    */
+  public static final class RateLimitQuotaServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<RateLimitQuotaServiceBlockingV2Stub> {
+    private RateLimitQuotaServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected RateLimitQuotaServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new RateLimitQuotaServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Main communication channel: the data plane sends usage reports to the RLQS server,
+     * and the server asynchronously responding with the assignments.
+     * </pre>
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.envoyproxy.envoy.service.rate_limit_quota.v3.RateLimitQuotaUsageReports, io.envoyproxy.envoy.service.rate_limit_quota.v3.RateLimitQuotaResponse>
+        streamRateLimitQuotas() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getStreamRateLimitQuotasMethod(), getCallOptions());
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service RateLimitQuotaService.
+   * <pre>
+   * Defines the Rate Limit Quota Service (RLQS).
+   * </pre>
+   */
   public static final class RateLimitQuotaServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<RateLimitQuotaServiceBlockingStub> {
     private RateLimitQuotaServiceBlockingStub(
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
index 3f8874248d0..75ce84b77f9 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
@@ -96,6 +96,21 @@ public ClientStatusDiscoveryServiceStub newStub(io.grpc.Channel channel, io.grpc
     return ClientStatusDiscoveryServiceStub.newStub(factory, channel);
   }
 
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static ClientStatusDiscoveryServiceBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ClientStatusDiscoveryServiceBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<ClientStatusDiscoveryServiceBlockingV2Stub>() {
+        @java.lang.Override
+        public ClientStatusDiscoveryServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new ClientStatusDiscoveryServiceBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return ClientStatusDiscoveryServiceBlockingV2Stub.newStub(factory, channel);
+  }
+
   /**
    * Creates a new blocking-style stub that supports unary and streaming output calls on the service
    */
@@ -212,6 +227,44 @@ public void fetchClientStatus(io.envoyproxy.envoy.service.status.v3.ClientStatus
    * also be used to get the current xDS states directly from the client.
    * </pre>
    */
+  public static final class ClientStatusDiscoveryServiceBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<ClientStatusDiscoveryServiceBlockingV2Stub> {
+    private ClientStatusDiscoveryServiceBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ClientStatusDiscoveryServiceBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ClientStatusDiscoveryServiceBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     */
+    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
+    public io.grpc.stub.BlockingClientCall<io.envoyproxy.envoy.service.status.v3.ClientStatusRequest, io.envoyproxy.envoy.service.status.v3.ClientStatusResponse>
+        streamClientStatus() {
+      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
+          getChannel(), getStreamClientStatusMethod(), getCallOptions());
+    }
+
+    /**
+     */
+    public io.envoyproxy.envoy.service.status.v3.ClientStatusResponse fetchClientStatus(io.envoyproxy.envoy.service.status.v3.ClientStatusRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getFetchClientStatusMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do llimited synchronous rpc calls to service ClientStatusDiscoveryService.
+   * <pre>
+   * CSDS is Client Status Discovery Service. It can be used to get the status of
+   * an xDS-compliant client from the management server's point of view. It can
+   * also be used to get the current xDS states directly from the client.
+   * </pre>
+   */
   public static final class ClientStatusDiscoveryServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ClientStatusDiscoveryServiceBlockingStub> {
     private ClientStatusDiscoveryServiceBlockingStub(

From 6516c7387e2cb944784115303f8a36416f53b4a1 Mon Sep 17 00:00:00 2001
From: Vindhya Ningegowda <DNVindhya@users.noreply.github.com>
Date: Fri, 20 Dec 2024 19:50:09 -0800
Subject: [PATCH 121/591] xds: Remove xds authority label from metric
 registration (#11760)

* Remove `grpc.xds.authority` label while registering `grpc.xds_client.resources` gauge, until the label value is available to record.
---
 .../io/grpc/xds/XdsClientMetricReporterImpl.java  |  2 +-
 .../grpc/xds/XdsClientMetricReporterImplTest.java | 15 +++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java b/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
index fa88237a7ea..0b592eb019e 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
@@ -90,7 +90,7 @@ final class XdsClientMetricReporterImpl implements XdsClientMetricReporter {
         Arrays.asList("grpc.target", "grpc.xds.server"), Collections.emptyList(), false);
     RESOURCES_GAUGE = metricInstrumentRegistry.registerLongGauge("grpc.xds_client.resources",
         "EXPERIMENTAL.  Number of xDS resources.", "{resource}",
-        Arrays.asList("grpc.target", "grpc.xds.authority", "grpc.xds.cache_state",
+        Arrays.asList("grpc.target", "grpc.xds.cache_state",
             "grpc.xds.resource_type"), Collections.emptyList(), false);
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java b/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java
index 9ee3f88d921..df5ab87a1c0 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.ArgumentMatchers.eq;
@@ -82,14 +83,14 @@ public class XdsClientMetricReporterImplTest {
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
 
-  @Mock
-  private MetricRecorder mockMetricRecorder;
   @Mock
   private XdsClient mockXdsClient;
-  @Mock
-  private BatchRecorder mockBatchRecorder;
   @Captor
   private ArgumentCaptor<BatchCallback> gaugeBatchCallbackCaptor;
+  private MetricRecorder mockMetricRecorder = mock(MetricRecorder.class,
+      delegatesTo(new MetricRecorderImpl()));
+  private BatchRecorder mockBatchRecorder = mock(BatchRecorder.class,
+      delegatesTo(new BatchRecorderImpl()));
 
   private XdsClientMetricReporterImpl reporter;
 
@@ -372,6 +373,12 @@ public boolean matches(T instrument) {
     });
   }
 
+  static class MetricRecorderImpl implements MetricRecorder {
+  }
+
+  static class BatchRecorderImpl implements BatchRecorder {
+  }
+
   static class TestlogHandler extends Handler {
     List<LogRecord> logs = new ArrayList<>();
 

From ebe2b486777f5aea8a063ca7d7903fdc867244d5 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Sun, 22 Dec 2024 03:09:57 +0200
Subject: [PATCH 122/591] api: StatusRuntimeException without stacktrace -
 Android compatibility (#11072)

This is an alternative to e36f099be9 that avoids the "fillInStaceTrace"
constructor which is only available starting at Android API level 24.
---
 api/build.gradle                              | 12 +++---
 api/src/main/java/io/grpc/InternalStatus.java |  9 ++---
 .../grpc/InternalStatusRuntimeException.java  | 39 +++++++++++++++++++
 .../main/java/io/grpc/StatusException.java    |  7 +---
 .../java/io/grpc/StatusRuntimeException.java  |  7 +---
 .../java/io/grpc/StatusExceptionTest.java     |  8 ----
 .../io/grpc/StatusRuntimeExceptionTest.java   |  2 +-
 .../java/io/grpc/internal/ServerCallImpl.java |  6 +--
 .../java/io/grpc/internal/ServerImpl.java     |  4 +-
 9 files changed, 56 insertions(+), 38 deletions(-)
 create mode 100644 api/src/main/java/io/grpc/InternalStatusRuntimeException.java

diff --git a/api/build.gradle b/api/build.gradle
index 4edfba7c0d8..6a75597ed55 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -54,13 +54,11 @@ dependencies {
             extension = "signature"
         }
     }
-    // TODO: Temporarily disabled until StatusException is fixed.
-    // Context: https://github.com/grpc/grpc-java/pull/11066
-    //signature (libraries.signature.android) {
-    //    artifact {
-    //        extension = "signature"
-    //    }
-    //}
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("javadoc").configure {
diff --git a/api/src/main/java/io/grpc/InternalStatus.java b/api/src/main/java/io/grpc/InternalStatus.java
index b6549bb435f..56df1decf38 100644
--- a/api/src/main/java/io/grpc/InternalStatus.java
+++ b/api/src/main/java/io/grpc/InternalStatus.java
@@ -38,12 +38,11 @@ private InternalStatus() {}
   public static final Metadata.Key<Status> CODE_KEY = Status.CODE_KEY;
 
   /**
-   * Create a new {@link StatusRuntimeException} with the internal option of skipping the filling
-   * of the stack trace.
+   * Create a new {@link StatusRuntimeException} skipping the filling of the stack trace.
    */
   @Internal
-  public static final StatusRuntimeException asRuntimeException(Status status,
-      @Nullable Metadata trailers, boolean fillInStackTrace) {
-    return new StatusRuntimeException(status, trailers, fillInStackTrace);
+  public static StatusRuntimeException asRuntimeExceptionWithoutStacktrace(Status status,
+      @Nullable Metadata trailers) {
+    return new InternalStatusRuntimeException(status, trailers);
   }
 }
diff --git a/api/src/main/java/io/grpc/InternalStatusRuntimeException.java b/api/src/main/java/io/grpc/InternalStatusRuntimeException.java
new file mode 100644
index 00000000000..6090b701f0b
--- /dev/null
+++ b/api/src/main/java/io/grpc/InternalStatusRuntimeException.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2015 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import javax.annotation.Nullable;
+
+/**
+ * StatusRuntimeException without stack trace, implemented as a subclass, as the
+ * {@code String, Throwable, boolean, boolean} constructor is not available in the supported
+ * version of Android.
+ *
+ * @see StatusRuntimeException
+ */
+class InternalStatusRuntimeException extends StatusRuntimeException {
+  private static final long serialVersionUID = 0;
+
+  public InternalStatusRuntimeException(Status status, @Nullable Metadata trailers) {
+    super(status, trailers);
+  }
+
+  @Override
+  public synchronized Throwable fillInStackTrace() {
+    return this;
+  }
+}
diff --git a/api/src/main/java/io/grpc/StatusException.java b/api/src/main/java/io/grpc/StatusException.java
index b719f881132..f9416bf72e3 100644
--- a/api/src/main/java/io/grpc/StatusException.java
+++ b/api/src/main/java/io/grpc/StatusException.java
@@ -44,12 +44,7 @@ public StatusException(Status status) {
    * @since 1.0.0
    */
   public StatusException(Status status, @Nullable Metadata trailers) {
-    this(status, trailers, /*fillInStackTrace=*/ true);
-  }
-
-  StatusException(Status status, @Nullable Metadata trailers, boolean fillInStackTrace) {
-    super(Status.formatThrowableMessage(status), status.getCause(),
-            /* enableSuppression */ true, /* writableStackTrace */fillInStackTrace);
+    super(Status.formatThrowableMessage(status), status.getCause());
     this.status = status;
     this.trailers = trailers;
   }
diff --git a/api/src/main/java/io/grpc/StatusRuntimeException.java b/api/src/main/java/io/grpc/StatusRuntimeException.java
index 9465e4c38cd..dd22d6b2486 100644
--- a/api/src/main/java/io/grpc/StatusRuntimeException.java
+++ b/api/src/main/java/io/grpc/StatusRuntimeException.java
@@ -45,12 +45,7 @@ public StatusRuntimeException(Status status) {
    * @since 1.0.0
    */
   public StatusRuntimeException(Status status, @Nullable Metadata trailers) {
-    this(status, trailers, /*fillInStackTrace=*/ true);
-  }
-
-  StatusRuntimeException(Status status, @Nullable Metadata trailers, boolean fillInStackTrace) {
-    super(Status.formatThrowableMessage(status), status.getCause(),
-            /* enable suppressions */ true, /* writableStackTrace */ fillInStackTrace);
+    super(Status.formatThrowableMessage(status), status.getCause());
     this.status = status;
     this.trailers = trailers;
   }
diff --git a/api/src/test/java/io/grpc/StatusExceptionTest.java b/api/src/test/java/io/grpc/StatusExceptionTest.java
index dd0d12dccda..410cfb2289a 100644
--- a/api/src/test/java/io/grpc/StatusExceptionTest.java
+++ b/api/src/test/java/io/grpc/StatusExceptionTest.java
@@ -28,14 +28,6 @@
 @RunWith(JUnit4.class)
 public class StatusExceptionTest {
 
-  @Test
-  public void internalCtorRemovesStack() {
-    StackTraceElement[] trace =
-        new StatusException(Status.CANCELLED, null, false) {}.getStackTrace();
-
-    assertThat(trace).isEmpty();
-  }
-
   @Test
   public void normalCtorKeepsStack() {
     StackTraceElement[] trace =
diff --git a/api/src/test/java/io/grpc/StatusRuntimeExceptionTest.java b/api/src/test/java/io/grpc/StatusRuntimeExceptionTest.java
index ab20c111254..d965ed86253 100644
--- a/api/src/test/java/io/grpc/StatusRuntimeExceptionTest.java
+++ b/api/src/test/java/io/grpc/StatusRuntimeExceptionTest.java
@@ -31,7 +31,7 @@ public class StatusRuntimeExceptionTest {
   @Test
   public void internalCtorRemovesStack() {
     StackTraceElement[] trace =
-        new StatusRuntimeException(Status.CANCELLED, null, false) {}.getStackTrace();
+        new InternalStatusRuntimeException(Status.CANCELLED, null) {}.getStackTrace();
 
     assertThat(trace).isEmpty();
   }
diff --git a/core/src/main/java/io/grpc/internal/ServerCallImpl.java b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
index dda36258e7c..e224384ce8f 100644
--- a/core/src/main/java/io/grpc/internal/ServerCallImpl.java
+++ b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
@@ -373,10 +373,10 @@ private void closedInternal(Status status) {
         } else {
           call.cancelled = true;
           listener.onCancel();
-          // The status will not have a cause in all failure scenarios but we want to make sure
+          // The status will not have a cause in all failure scenarios, but we want to make sure
           // we always cancel the context with one to keep the context cancelled state consistent.
-          cancelCause = InternalStatus.asRuntimeException(
-              Status.CANCELLED.withDescription("RPC cancelled"), null, false);
+          cancelCause = InternalStatus.asRuntimeExceptionWithoutStacktrace(
+              Status.CANCELLED.withDescription("RPC cancelled"), null);
         }
       } finally {
         // Cancel context after delivering RPC closure notification to allow the application to
diff --git a/core/src/main/java/io/grpc/internal/ServerImpl.java b/core/src/main/java/io/grpc/internal/ServerImpl.java
index cec2a13a301..eceb7d7a738 100644
--- a/core/src/main/java/io/grpc/internal/ServerImpl.java
+++ b/core/src/main/java/io/grpc/internal/ServerImpl.java
@@ -887,8 +887,8 @@ private void closedInternal(final Status status) {
         // failed status has an exception we will create one here if needed.
         Throwable cancelCause = status.getCause();
         if (cancelCause == null) {
-          cancelCause = InternalStatus.asRuntimeException(
-              Status.CANCELLED.withDescription("RPC cancelled"), null, false);
+          cancelCause = InternalStatus.asRuntimeExceptionWithoutStacktrace(
+              Status.CANCELLED.withDescription("RPC cancelled"), null);
         }
 
         // The callExecutor might be busy doing user work. To avoid waiting, use an executor that

From aafab74087405fca3660d167c4dc40e4028c49f0 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 23 Dec 2024 09:38:55 -0800
Subject: [PATCH 123/591] api: Use package-private IgnoreJRERequirement

This avoids the dependency on animalsniffer-annotations. grpc-api, and
particularly grpc-context, are used many low-level places and it is
beneficial for them to be very low dependency. This brings grpc-context
back to zero-dependency.
---
 api/BUILD.bazel                               |  1 -
 api/build.gradle                              |  5 +++-
 .../java/io/grpc/IgnoreJRERequirement.java    | 30 +++++++++++++++++++
 api/src/main/java/io/grpc/TimeUtils.java      |  1 -
 .../test/java/io/grpc/CallOptionsTest.java    |  1 -
 .../io/grpc/SynchronizationContextTest.java   |  1 -
 api/src/test/java/io/grpc/TimeUtilsTest.java  |  1 -
 buildscripts/checkstyle.xml                   |  6 ++++
 netty/build.gradle                            |  1 +
 stub/build.gradle                             |  1 +
 10 files changed, 42 insertions(+), 6 deletions(-)
 create mode 100644 api/src/main/java/io/grpc/IgnoreJRERequirement.java

diff --git a/api/BUILD.bazel b/api/BUILD.bazel
index 34e8de95335..6bf3375e9f0 100644
--- a/api/BUILD.bazel
+++ b/api/BUILD.bazel
@@ -13,6 +13,5 @@ java_library(
         artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:failureaccess"),  # future transitive dep of Guava. See #5214
         artifact("com.google.guava:guava"),
-        artifact("org.codehaus.mojo:animal-sniffer-annotations"),
     ],
 )
diff --git a/api/build.gradle b/api/build.gradle
index 6a75597ed55..dc3eaea3f4e 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -36,7 +36,6 @@ tasks.named("jar").configure {
 dependencies {
     compileOnly sourceSets.context.output
     api libraries.jsr305,
-            libraries.animalsniffer.annotations,
             libraries.errorprone.annotations
     implementation libraries.guava
 
@@ -61,6 +60,10 @@ dependencies {
     }
 }
 
+animalsniffer {
+    annotation = 'io.grpc.IgnoreJRERequirement'
+}
+
 tasks.named("javadoc").configure {
     source sourceSets.context.allSource
     // We want io.grpc.Internal, but not io.grpc.Internal*
diff --git a/api/src/main/java/io/grpc/IgnoreJRERequirement.java b/api/src/main/java/io/grpc/IgnoreJRERequirement.java
new file mode 100644
index 00000000000..2db406c5953
--- /dev/null
+++ b/api/src/main/java/io/grpc/IgnoreJRERequirement.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Target;
+
+/**
+ * Disables Animal Sniffer's signature checking. This is our own package-private version to avoid
+ * dependening on animalsniffer-annotations.
+ *
+ * <p>FIELD is purposefully not supported, as Android wouldn't be able to ignore a field. Instead,
+ * the entire class would need to be avoided on Android.
+ */
+@Target({ElementType.METHOD, ElementType.CONSTRUCTOR, ElementType.TYPE})
+@interface IgnoreJRERequirement {}
diff --git a/api/src/main/java/io/grpc/TimeUtils.java b/api/src/main/java/io/grpc/TimeUtils.java
index c3cdf843d79..01b8c158822 100644
--- a/api/src/main/java/io/grpc/TimeUtils.java
+++ b/api/src/main/java/io/grpc/TimeUtils.java
@@ -17,7 +17,6 @@
 package io.grpc;
 
 import java.time.Duration;
-import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 final class TimeUtils {
   private TimeUtils() {}
diff --git a/api/src/test/java/io/grpc/CallOptionsTest.java b/api/src/test/java/io/grpc/CallOptionsTest.java
index 051c1b2d851..65fb7ff3bf2 100644
--- a/api/src/test/java/io/grpc/CallOptionsTest.java
+++ b/api/src/test/java/io/grpc/CallOptionsTest.java
@@ -34,7 +34,6 @@
 import io.grpc.internal.SerializingExecutor;
 import java.time.Duration;
 import java.util.concurrent.Executor;
-import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
diff --git a/api/src/test/java/io/grpc/SynchronizationContextTest.java b/api/src/test/java/io/grpc/SynchronizationContextTest.java
index d063c58a978..668f5ae4d6d 100644
--- a/api/src/test/java/io/grpc/SynchronizationContextTest.java
+++ b/api/src/test/java/io/grpc/SynchronizationContextTest.java
@@ -36,7 +36,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
-import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.Test;
diff --git a/api/src/test/java/io/grpc/TimeUtilsTest.java b/api/src/test/java/io/grpc/TimeUtilsTest.java
index 75c0437ce26..728b8512cd7 100644
--- a/api/src/test/java/io/grpc/TimeUtilsTest.java
+++ b/api/src/test/java/io/grpc/TimeUtilsTest.java
@@ -19,7 +19,6 @@
 import static org.junit.Assert.assertEquals;
 
 import java.time.Duration;
-import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
diff --git a/buildscripts/checkstyle.xml b/buildscripts/checkstyle.xml
index 035b1dfc900..0ec8ecc79ce 100644
--- a/buildscripts/checkstyle.xml
+++ b/buildscripts/checkstyle.xml
@@ -38,6 +38,12 @@
         <property name="ignorePattern" value="^package.*|^import.*|a href|href|http://|https://|ftp://"/>
     </module>
 
+    <module name="SuppressionSingleFilter">
+        <!-- Prefer using the same name as in Animal Sniffer -->
+        <property name="checks" value="AbbreviationAsWordInName"/>
+        <property name="files" value="IgnoreJRERequirement.java"/>
+    </module>
+
     <module name="TreeWalker">
         <module name="OuterTypeFilename"/>
         <module name="IllegalTokenText">
diff --git a/netty/build.gradle b/netty/build.gradle
index 3662f8ec399..cb97ae10b55 100644
--- a/netty/build.gradle
+++ b/netty/build.gradle
@@ -17,6 +17,7 @@ tasks.named("jar").configure {
 
 dependencies {
     api project(':grpc-api'),
+            libraries.animalsniffer.annotations,
             libraries.netty.codec.http2
     implementation project(':grpc-core'),
             libs.netty.handler.proxy,
diff --git a/stub/build.gradle b/stub/build.gradle
index a9a7cec5a0e..2dabd9e6202 100644
--- a/stub/build.gradle
+++ b/stub/build.gradle
@@ -16,6 +16,7 @@ tasks.named("jar").configure {
 
 dependencies {
     api project(':grpc-api'),
+        libraries.animalsniffer.annotations,
         libraries.guava
     implementation libraries.errorprone.annotations
     testImplementation libraries.truth,

From 805cad3782b83bb8e368f0f6e13ff9c7d347e728 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 23 Dec 2024 09:42:23 -0800
Subject: [PATCH 124/591] bazel: Restore DoNotCall ErrorProne check

In e08b9db20 we added `@DoNotCall` annotations to some call sites, but
Bazel used an older version of ErrorProne that complained at times it
shouldn't. The minimum version of Bazel we test/support is now Bazel 6,
well past Bazel 3.4+.
---
 api/BUILD.bazel  | 1 -
 core/BUILD.bazel | 1 -
 2 files changed, 2 deletions(-)

diff --git a/api/BUILD.bazel b/api/BUILD.bazel
index 6bf3375e9f0..965d14a9eb0 100644
--- a/api/BUILD.bazel
+++ b/api/BUILD.bazel
@@ -6,7 +6,6 @@ java_library(
         "src/main/java/**/*.java",
         "src/context/java/**/*.java",
     ]),
-    javacopts = ["-Xep:DoNotCall:OFF"],  # Remove once requiring Bazel 3.4.0+; allows non-final
     visibility = ["//visibility:public"],
     deps = [
         artifact("com.google.code.findbugs:jsr305"),
diff --git a/core/BUILD.bazel b/core/BUILD.bazel
index 35c20628d0b..6dd5199b5c0 100644
--- a/core/BUILD.bazel
+++ b/core/BUILD.bazel
@@ -17,7 +17,6 @@ java_library(
     srcs = glob([
         "src/main/java/io/grpc/internal/*.java",
     ]),
-    javacopts = ["-Xep:DoNotCall:OFF"],  # Remove once requiring Bazel 3.4.0+; allows non-final
     resources = glob([
         "src/bazel-internal/resources/**",
     ]),

From 1126a8e30b884c66f831e88f89ebf2f10a0e7795 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 23 Dec 2024 13:29:40 -0800
Subject: [PATCH 125/591] binder: A standard API for pointing resolvers at a
 different Android User. (#11775)

---
 .../src/main/java/io/grpc/binder/ApiConstants.java | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/binder/src/main/java/io/grpc/binder/ApiConstants.java b/binder/src/main/java/io/grpc/binder/ApiConstants.java
index 43e94338fdc..292c580c2b8 100644
--- a/binder/src/main/java/io/grpc/binder/ApiConstants.java
+++ b/binder/src/main/java/io/grpc/binder/ApiConstants.java
@@ -17,7 +17,9 @@
 package io.grpc.binder;
 
 import android.content.Intent;
+import android.os.UserHandle;
 import io.grpc.ExperimentalApi;
+import io.grpc.NameResolver;
 
 /** Constant parts of the gRPC binder transport public API. */
 @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022")
@@ -29,4 +31,16 @@ private ApiConstants() {}
    * themselves in a {@link android.app.Service#onBind(Intent)} call.
    */
   public static final String ACTION_BIND = "grpc.io.action.BIND";
+
+  /**
+   * Specifies the Android user in which target URIs should be resolved.
+   *
+   * <p>{@link UserHandle} can't reasonably be encoded in a target URI string. Instead, all
+   * {@link io.grpc.NameResolverProvider}s producing {@link AndroidComponentAddress}es should let
+   * clients address servers in another Android user using this argument.
+   *
+   * <p>See also {@link AndroidComponentAddress#getTargetUser()}.
+   */
+  public static final NameResolver.Args.Key<UserHandle> TARGET_ANDROID_USER =
+      NameResolver.Args.Key.create("target-android-user");
 }

From 5e8abc6774348ef93112a2bad2eddc5069013bf3 Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Tue, 24 Dec 2024 06:48:03 +0000
Subject: [PATCH 126/591] examples: Updated the attachHeaders to
 newAttachHeadersInterceptor in HeaderClientInterceptor (#11759)

---
 .../java/io/grpc/examples/header/HeaderClientInterceptor.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/src/main/java/io/grpc/examples/header/HeaderClientInterceptor.java b/examples/src/main/java/io/grpc/examples/header/HeaderClientInterceptor.java
index b9a73931299..2a60eeda6c4 100644
--- a/examples/src/main/java/io/grpc/examples/header/HeaderClientInterceptor.java
+++ b/examples/src/main/java/io/grpc/examples/header/HeaderClientInterceptor.java
@@ -52,7 +52,7 @@ public void start(Listener<RespT> responseListener, Metadata headers) {
           public void onHeaders(Metadata headers) {
             /**
              * if you don't need receive header from server,
-             * you can use {@link io.grpc.stub.MetadataUtils#attachHeaders}
+             * you can use {@link io.grpc.stub.MetadataUtils#newAttachHeadersInterceptor}
              * directly to send header
              */
             logger.info("header received from server:" + headers);

From 8c261c3f28c7d83e1e976acfc34b62027078252b Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Thu, 26 Dec 2024 15:31:34 -0600
Subject: [PATCH 127/591] Fix typo in deprecated blocking stub javadoc.
 (#11772)

---
 .../main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java  | 2 +-
 .../grpc/testing/integration/LoadBalancerStatsServiceGrpc.java  | 2 +-
 .../grpc/io/grpc/testing/integration/MetricsServiceGrpc.java    | 2 +-
 .../grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java  | 2 +-
 .../debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java | 2 +-
 .../io/grpc/testing/integration/UnimplementedServiceGrpc.java   | 2 +-
 .../integration/XdsUpdateClientConfigureServiceGrpc.java        | 2 +-
 .../io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java | 2 +-
 .../grpc/testing/integration/LoadBalancerStatsServiceGrpc.java  | 2 +-
 .../grpc/io/grpc/testing/integration/MetricsServiceGrpc.java    | 2 +-
 .../grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java  | 2 +-
 .../grpc/io/grpc/testing/integration/TestServiceGrpc.java       | 2 +-
 .../io/grpc/testing/integration/UnimplementedServiceGrpc.java   | 2 +-
 .../integration/XdsUpdateClientConfigureServiceGrpc.java        | 2 +-
 .../io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java | 2 +-
 .../grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java     | 2 +-
 .../io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java  | 2 +-
 .../main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java   | 2 +-
 compiler/src/java_plugin/cpp/java_generator.cpp                 | 2 +-
 compiler/src/test/golden/TestDeprecatedService.java.txt         | 2 +-
 compiler/src/test/golden/TestService.java.txt                   | 2 +-
 compiler/src/testLite/golden/TestDeprecatedService.java.txt     | 2 +-
 compiler/src/testLite/golden/TestService.java.txt               | 2 +-
 .../src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java | 2 +-
 .../grpc/testing/integration/LoadBalancerStatsServiceGrpc.java  | 2 +-
 .../grpc/io/grpc/testing/integration/MetricsServiceGrpc.java    | 2 +-
 .../grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java  | 2 +-
 .../main/grpc/io/grpc/testing/integration/TestServiceGrpc.java  | 2 +-
 .../io/grpc/testing/integration/UnimplementedServiceGrpc.java   | 2 +-
 .../integration/XdsUpdateClientConfigureServiceGrpc.java        | 2 +-
 .../io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java | 2 +-
 .../generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java  | 2 +-
 .../main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java     | 2 +-
 .../grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java    | 2 +-
 .../generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java   | 2 +-
 .../src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java   | 2 +-
 .../main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java   | 2 +-
 .../grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java   | 2 +-
 .../io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java   | 2 +-
 .../grpc/reflection/testing/AnotherReflectableServiceGrpc.java  | 2 +-
 .../grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java     | 2 +-
 .../grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java | 2 +-
 .../main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java   | 2 +-
 .../grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java | 2 +-
 .../service/discovery/v3/AggregatedDiscoveryServiceGrpc.java    | 2 +-
 .../envoy/service/load_stats/v3/LoadReportingServiceGrpc.java   | 2 +-
 .../service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java  | 2 +-
 .../service/status/v3/ClientStatusDiscoveryServiceGrpc.java     | 2 +-
 48 files changed, 48 insertions(+), 48 deletions(-)

diff --git a/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java b/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
index bfb98ea3e68..91e88f331d7 100644
--- a/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
+++ b/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
@@ -204,7 +204,7 @@ protected HandshakerServiceBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service HandshakerService.
+   * A stub to allow clients to do limited synchronous rpc calls to service HandshakerService.
    */
   public static final class HandshakerServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<HandshakerServiceBlockingStub> {
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index fe8c30ba3c4..120033a8051 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -262,7 +262,7 @@ public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service LoadBalancerStatsService.
+   * A stub to allow clients to do limited synchronous rpc calls to service LoadBalancerStatsService.
    * <pre>
    * A service used to obtain stats for verifying LB behavior.
    * </pre>
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 57a7db1ec89..489838ddc6c 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -252,7 +252,7 @@ public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testin
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service MetricsService.
+   * A stub to allow clients to do limited synchronous rpc calls to service MetricsService.
    */
   public static final class MetricsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingStub> {
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 79f0bdf0fab..e0ea29e42e7 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -244,7 +244,7 @@ public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.i
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service ReconnectService.
+   * A stub to allow clients to do limited synchronous rpc calls to service ReconnectService.
    * <pre>
    * A service used to control reconnect server.
    * </pre>
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 1086974d823..a0f44f46473 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -671,7 +671,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.t
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * A stub to allow clients to do limited synchronous rpc calls to service TestService.
    * <pre>
    * A simple service to test the various types of RPCs and experiment with
    * performance with various types of payload.
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index be3d1eab13a..f758c2d0840 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -206,7 +206,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.t
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service UnimplementedService.
+   * A stub to allow clients to do limited synchronous rpc calls to service UnimplementedService.
    * <pre>
    * A simple service NOT implemented at servers so clients can test for
    * that case.
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index f72a09192f0..5fa43e4721a 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -201,7 +201,7 @@ public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateClientConfigureService.
+   * A stub to allow clients to do limited synchronous rpc calls to service XdsUpdateClientConfigureService.
    * <pre>
    * A service to dynamically update the configuration of an xDS test client.
    * </pre>
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 3258354cc20..2492ec0f90b 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -244,7 +244,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testi
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateHealthService.
+   * A stub to allow clients to do limited synchronous rpc calls to service XdsUpdateHealthService.
    * <pre>
    * A service to remotely control health status of an xDS test server.
    * </pre>
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index fe8c30ba3c4..120033a8051 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -262,7 +262,7 @@ public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service LoadBalancerStatsService.
+   * A stub to allow clients to do limited synchronous rpc calls to service LoadBalancerStatsService.
    * <pre>
    * A service used to obtain stats for verifying LB behavior.
    * </pre>
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 57a7db1ec89..489838ddc6c 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -252,7 +252,7 @@ public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testin
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service MetricsService.
+   * A stub to allow clients to do limited synchronous rpc calls to service MetricsService.
    */
   public static final class MetricsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingStub> {
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 79f0bdf0fab..e0ea29e42e7 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -244,7 +244,7 @@ public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.i
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service ReconnectService.
+   * A stub to allow clients to do limited synchronous rpc calls to service ReconnectService.
    * <pre>
    * A service used to control reconnect server.
    * </pre>
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 1086974d823..a0f44f46473 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -671,7 +671,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.t
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * A stub to allow clients to do limited synchronous rpc calls to service TestService.
    * <pre>
    * A simple service to test the various types of RPCs and experiment with
    * performance with various types of payload.
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index be3d1eab13a..f758c2d0840 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -206,7 +206,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.t
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service UnimplementedService.
+   * A stub to allow clients to do limited synchronous rpc calls to service UnimplementedService.
    * <pre>
    * A simple service NOT implemented at servers so clients can test for
    * that case.
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index f72a09192f0..5fa43e4721a 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -201,7 +201,7 @@ public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateClientConfigureService.
+   * A stub to allow clients to do limited synchronous rpc calls to service XdsUpdateClientConfigureService.
    * <pre>
    * A service to dynamically update the configuration of an xDS test client.
    * </pre>
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 3258354cc20..2492ec0f90b 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -244,7 +244,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testi
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateHealthService.
+   * A stub to allow clients to do limited synchronous rpc calls to service XdsUpdateHealthService.
    * <pre>
    * A service to remotely control health status of an xDS test server.
    * </pre>
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
index 9422ed7b1fa..242d4551d6e 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
@@ -461,7 +461,7 @@ public io.grpc.benchmarks.proto.Messages.SimpleResponse unaryCall(io.grpc.benchm
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service BenchmarkService.
+   * A stub to allow clients to do limited synchronous rpc calls to service BenchmarkService.
    */
   public static final class BenchmarkServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<BenchmarkServiceBlockingStub> {
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
index a7f2fdd3b5e..8f466185ea0 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
@@ -187,7 +187,7 @@ public io.grpc.benchmarks.proto.Control.Void reportScenario(io.grpc.benchmarks.p
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service ReportQpsScenarioService.
+   * A stub to allow clients to do limited synchronous rpc calls to service ReportQpsScenarioService.
    */
   public static final class ReportQpsScenarioServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ReportQpsScenarioServiceBlockingStub> {
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
index bf6c115be35..11859482972 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
@@ -407,7 +407,7 @@ public io.grpc.benchmarks.proto.Control.Void quitWorker(io.grpc.benchmarks.proto
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service WorkerService.
+   * A stub to allow clients to do limited synchronous rpc calls to service WorkerService.
    */
   public static final class WorkerServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<WorkerServiceBlockingStub> {
diff --git a/compiler/src/java_plugin/cpp/java_generator.cpp b/compiler/src/java_plugin/cpp/java_generator.cpp
index 5d12beb87c6..df96bb1c1b2 100644
--- a/compiler/src/java_plugin/cpp/java_generator.cpp
+++ b/compiler/src/java_plugin/cpp/java_generator.cpp
@@ -412,7 +412,7 @@ static void GrpcWriteServiceDocComment(Printer* printer,
       printer->Print(vars, " * A stub to allow clients to do asynchronous rpc calls to service $service$.\n");
       break;
     case BLOCKING_CLIENT_IMPL:
-      printer->Print(vars, " * A stub to allow clients to do llimited synchronous rpc calls to service $service$.\n");
+      printer->Print(vars, " * A stub to allow clients to do limited synchronous rpc calls to service $service$.\n");
       break;
     case BLOCKING_V2_CLIENT_IMPL:
       printer->Print(vars, " * A stub to allow clients to do synchronous rpc calls to service $service$.\n");
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index c97bc9d44c9..01af7872648 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -210,7 +210,7 @@ public final class TestDeprecatedServiceGrpc {
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service TestDeprecatedService.
+   * A stub to allow clients to do limited synchronous rpc calls to service TestDeprecatedService.
    * <pre>
    * Test service that has been deprecated and should generate with Java's &#64;Deprecated annotation
    * </pre>
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 229b7dcc252..b82475642b0 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -675,7 +675,7 @@ public final class TestServiceGrpc {
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * A stub to allow clients to do limited synchronous rpc calls to service TestService.
    * <pre>
    * Test service that supports all call types.
    * </pre>
diff --git a/compiler/src/testLite/golden/TestDeprecatedService.java.txt b/compiler/src/testLite/golden/TestDeprecatedService.java.txt
index fb0bfb8c38d..22a57c71523 100644
--- a/compiler/src/testLite/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/testLite/golden/TestDeprecatedService.java.txt
@@ -206,7 +206,7 @@ public final class TestDeprecatedServiceGrpc {
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service TestDeprecatedService.
+   * A stub to allow clients to do limited synchronous rpc calls to service TestDeprecatedService.
    * <pre>
    * Test service that has been deprecated and should generate with Java's &#64;Deprecated annotation
    * </pre>
diff --git a/compiler/src/testLite/golden/TestService.java.txt b/compiler/src/testLite/golden/TestService.java.txt
index 75101ddd7b3..d13d9959a4a 100644
--- a/compiler/src/testLite/golden/TestService.java.txt
+++ b/compiler/src/testLite/golden/TestService.java.txt
@@ -664,7 +664,7 @@ public final class TestServiceGrpc {
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * A stub to allow clients to do limited synchronous rpc calls to service TestService.
    * <pre>
    * Test service that supports all call types.
    * </pre>
diff --git a/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java b/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
index 80acb5d7bf3..2a81dfe4ee5 100644
--- a/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
+++ b/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
@@ -189,7 +189,7 @@ protected LoadBalancerBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service LoadBalancer.
+   * A stub to allow clients to do limited synchronous rpc calls to service LoadBalancer.
    */
   public static final class LoadBalancerBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<LoadBalancerBlockingStub> {
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index fcdd4491938..f060a1308d8 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -264,7 +264,7 @@ public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service LoadBalancerStatsService.
+   * A stub to allow clients to do limited synchronous rpc calls to service LoadBalancerStatsService.
    * <pre>
    * A service used to obtain stats for verifying LB behavior.
    * </pre>
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 7084ee53781..3104f7b263e 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -254,7 +254,7 @@ public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testin
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service MetricsService.
+   * A stub to allow clients to do limited synchronous rpc calls to service MetricsService.
    */
   public static final class MetricsServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<MetricsServiceBlockingStub> {
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 68a0faa35c7..39df95f4d90 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -246,7 +246,7 @@ public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.i
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service ReconnectService.
+   * A stub to allow clients to do limited synchronous rpc calls to service ReconnectService.
    * <pre>
    * A service used to control reconnect server.
    * </pre>
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 6855b61c63a..2b519686d85 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -679,7 +679,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.t
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service TestService.
+   * A stub to allow clients to do limited synchronous rpc calls to service TestService.
    * <pre>
    * A simple service to test the various types of RPCs and experiment with
    * performance with various types of payload.
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index cd77c1cfa5c..400ac6dc4a3 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -207,7 +207,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.t
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service UnimplementedService.
+   * A stub to allow clients to do limited synchronous rpc calls to service UnimplementedService.
    * <pre>
    * A simple service NOT implemented at servers so clients can test for
    * that case.
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 545b69243f1..9cc13780723 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -202,7 +202,7 @@ public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateClientConfigureService.
+   * A stub to allow clients to do limited synchronous rpc calls to service XdsUpdateClientConfigureService.
    * <pre>
    * A service to dynamically update the configuration of an xDS test client.
    * </pre>
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 7120a9d1c85..8243ba713fa 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -246,7 +246,7 @@ public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testi
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service XdsUpdateHealthService.
+   * A stub to allow clients to do limited synchronous rpc calls to service XdsUpdateHealthService.
    * <pre>
    * A service to remotely control health status of an xDS test server.
    * </pre>
diff --git a/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java b/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
index 5c01afd15c6..3cb27ac1067 100644
--- a/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
+++ b/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
@@ -231,7 +231,7 @@ public io.istio.test.Echo.ForwardEchoResponse forwardEcho(io.istio.test.Echo.For
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service EchoTestService.
+   * A stub to allow clients to do limited synchronous rpc calls to service EchoTestService.
    */
   public static final class EchoTestServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<EchoTestServiceBlockingStub> {
diff --git a/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java b/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
index 98768d37611..558a223173c 100644
--- a/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
+++ b/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
@@ -187,7 +187,7 @@ public io.grpc.lookup.v1.RouteLookupResponse routeLookup(io.grpc.lookup.v1.Route
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service RouteLookupService.
+   * A stub to allow clients to do limited synchronous rpc calls to service RouteLookupService.
    */
   public static final class RouteLookupServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<RouteLookupServiceBlockingStub> {
diff --git a/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java b/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
index 69f1d78f55e..95e217ac695 100644
--- a/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
+++ b/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
@@ -192,7 +192,7 @@ protected S2AServiceBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service S2AService.
+   * A stub to allow clients to do limited synchronous rpc calls to service S2AService.
    */
   public static final class S2AServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<S2AServiceBlockingStub> {
diff --git a/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java b/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
index 8d8c0eb2971..7dd74034efe 100644
--- a/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
@@ -582,7 +582,7 @@ public io.grpc.channelz.v1.GetSocketResponse getSocket(io.grpc.channelz.v1.GetSo
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service Channelz.
+   * A stub to allow clients to do limited synchronous rpc calls to service Channelz.
    * <pre>
    * Channelz is a service exposed by gRPC servers that provides detailed debug
    * information.
diff --git a/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java b/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
index d7795a5fdbf..9786392cfe6 100644
--- a/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
@@ -290,7 +290,7 @@ public io.grpc.health.v1.HealthCheckResponse check(io.grpc.health.v1.HealthCheck
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service Health.
+   * A stub to allow clients to do limited synchronous rpc calls to service Health.
    */
   public static final class HealthBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<HealthBlockingStub> {
diff --git a/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java b/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
index 3089b8302cc..19bf6ed90b3 100644
--- a/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
@@ -192,7 +192,7 @@ protected ServerReflectionBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service ServerReflection.
+   * A stub to allow clients to do limited synchronous rpc calls to service ServerReflection.
    */
   public static final class ServerReflectionBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ServerReflectionBlockingStub> {
diff --git a/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java b/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
index a0fc1bcf2de..152a8f7c81d 100644
--- a/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
@@ -192,7 +192,7 @@ protected ServerReflectionBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service ServerReflection.
+   * A stub to allow clients to do limited synchronous rpc calls to service ServerReflection.
    */
   public static final class ServerReflectionBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ServerReflectionBlockingStub> {
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
index 843d1e30135..a53d199ef52 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
@@ -202,7 +202,7 @@ public io.grpc.reflection.testing.DynamicReply method(io.grpc.reflection.testing
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service AnotherDynamicService.
+   * A stub to allow clients to do limited synchronous rpc calls to service AnotherDynamicService.
    * <pre>
    * AnotherDynamicService
    * </pre>
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
index 41c7f5468da..a22138ecb03 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
@@ -178,7 +178,7 @@ public io.grpc.reflection.testing.Reply method(io.grpc.reflection.testing.Reques
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service AnotherReflectableService.
+   * A stub to allow clients to do limited synchronous rpc calls to service AnotherReflectableService.
    */
   public static final class AnotherReflectableServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<AnotherReflectableServiceBlockingStub> {
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
index 4878109dc81..6e9dfac72db 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
@@ -202,7 +202,7 @@ public io.grpc.reflection.testing.DynamicReply method(io.grpc.reflection.testing
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service DynamicService.
+   * A stub to allow clients to do limited synchronous rpc calls to service DynamicService.
    * <pre>
    * A DynamicService
    * </pre>
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
index 3e6cf5b8030..aeefc77aff8 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
@@ -178,7 +178,7 @@ public io.grpc.reflection.testing.Reply method(io.grpc.reflection.testing.Reques
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service ReflectableService.
+   * A stub to allow clients to do limited synchronous rpc calls to service ReflectableService.
    */
   public static final class ReflectableServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<ReflectableServiceBlockingStub> {
diff --git a/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java b/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
index fac753a1b32..8b33691535d 100644
--- a/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
+++ b/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
@@ -394,7 +394,7 @@ public io.grpc.testing.protobuf.SimpleResponse unaryRpc(io.grpc.testing.protobuf
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service SimpleService.
+   * A stub to allow clients to do limited synchronous rpc calls to service SimpleService.
    * <pre>
    * A simple service for test.
    * </pre>
diff --git a/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java b/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
index bb74f2e0cb2..cb129fd31ba 100644
--- a/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
@@ -230,7 +230,7 @@ protected OpenRcaServiceBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service OpenRcaService.
+   * A stub to allow clients to do limited synchronous rpc calls to service OpenRcaService.
    * <pre>
    * Out-of-band (OOB) load reporting service for the additional load reporting
    * agent that does not sit in the request path. Reports are periodically sampled
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
index 192b23a3db1..b93a5df2b71 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
@@ -284,7 +284,7 @@ protected AggregatedDiscoveryServiceBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service AggregatedDiscoveryService.
+   * A stub to allow clients to do limited synchronous rpc calls to service AggregatedDiscoveryService.
    * <pre>
    * See https://github.com/envoyproxy/envoy-api#apis for a description of the role of
    * ADS and how it is intended to be used by a management server. ADS requests
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
index fbe8dd5a5ec..3bce13a7cf5 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
@@ -267,7 +267,7 @@ protected LoadReportingServiceBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service LoadReportingService.
+   * A stub to allow clients to do limited synchronous rpc calls to service LoadReportingService.
    */
   public static final class LoadReportingServiceBlockingStub
       extends io.grpc.stub.AbstractBlockingStub<LoadReportingServiceBlockingStub> {
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
index fa1d235f082..f05d38290dd 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
@@ -207,7 +207,7 @@ protected RateLimitQuotaServiceBlockingV2Stub build(
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service RateLimitQuotaService.
+   * A stub to allow clients to do limited synchronous rpc calls to service RateLimitQuotaService.
    * <pre>
    * Defines the Rate Limit Quota Service (RLQS).
    * </pre>
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
index 75ce84b77f9..1a3240875cc 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
@@ -258,7 +258,7 @@ public io.envoyproxy.envoy.service.status.v3.ClientStatusResponse fetchClientSta
   }
 
   /**
-   * A stub to allow clients to do llimited synchronous rpc calls to service ClientStatusDiscoveryService.
+   * A stub to allow clients to do limited synchronous rpc calls to service ClientStatusDiscoveryService.
    * <pre>
    * CSDS is Client Status Discovery Service. It can be used to get the status of
    * an xDS-compliant client from the management server's point of view. It can

From c96e926e65357d50e338a3e29361bb44664b372b Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 27 Dec 2024 10:41:51 -0800
Subject: [PATCH 128/591] examples: Remove references to
 maven-central.storage-download.googleapis.com

As stated [on its main page][index], it isn't officially supported, so
we shouldn't include it in our examples.

[index]: https://maven-central.storage-download.googleapis.com/index.html
---
 examples/build.gradle                               | 2 --
 examples/example-alts/build.gradle                  | 3 ---
 examples/example-alts/settings.gradle               | 3 ---
 examples/example-debug/build.gradle                 | 2 --
 examples/example-dualstack/build.gradle             | 2 --
 examples/example-dualstack/settings.gradle          | 3 ---
 examples/example-gauth/build.gradle                 | 3 ---
 examples/example-gauth/settings.gradle              | 3 ---
 examples/example-gcp-csm-observability/build.gradle | 3 ---
 examples/example-gcp-observability/build.gradle     | 3 ---
 examples/example-hostname/build.gradle              | 2 --
 examples/example-jwt-auth/build.gradle              | 4 +---
 examples/example-jwt-auth/settings.gradle           | 3 ---
 examples/example-oauth/build.gradle                 | 4 +---
 examples/example-oauth/settings.gradle              | 3 ---
 examples/example-opentelemetry/build.gradle         | 3 ---
 examples/example-orca/build.gradle                  | 2 --
 examples/example-reflection/build.gradle            | 2 --
 examples/example-servlet/build.gradle               | 3 +--
 examples/example-servlet/settings.gradle            | 3 ---
 examples/example-tls/build.gradle                   | 3 ---
 examples/example-tls/settings.gradle                | 3 ---
 examples/example-xds/build.gradle                   | 2 --
 examples/settings.gradle                            | 3 ---
 24 files changed, 3 insertions(+), 64 deletions(-)

diff --git a/examples/build.gradle b/examples/build.gradle
index c50a5ab8eb7..62428d7f81d 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -7,8 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index f0dc0bd8850..2a119c5b80d 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -7,9 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/"
-    }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-alts/settings.gradle b/examples/example-alts/settings.gradle
index 273558dd9cf..c665ff96674 100644
--- a/examples/example-alts/settings.gradle
+++ b/examples/example-alts/settings.gradle
@@ -1,8 +1,5 @@
 pluginManagement {
     repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
-        }
         gradlePluginPortal()
     }
 }
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 7cd3b5de38e..eeabbef9473 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -9,8 +9,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 875bdfda623..1e0879f38c4 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -9,8 +9,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-dualstack/settings.gradle b/examples/example-dualstack/settings.gradle
index 0aae8f7304e..49a762696f7 100644
--- a/examples/example-dualstack/settings.gradle
+++ b/examples/example-dualstack/settings.gradle
@@ -1,8 +1,5 @@
 pluginManagement {
     repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
-        }
         gradlePluginPortal()
     }
 }
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 3ff0284c5a1..844e86b71af 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -7,9 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/"
-    }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-gauth/settings.gradle b/examples/example-gauth/settings.gradle
index 273558dd9cf..c665ff96674 100644
--- a/examples/example-gauth/settings.gradle
+++ b/examples/example-gauth/settings.gradle
@@ -1,8 +1,5 @@
 pluginManagement {
     repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
-        }
         gradlePluginPortal()
     }
 }
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index c72f1ba9753..40dd86e4ba1 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -8,9 +8,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/"
-    }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 5199105baae..8fe78c8b6ee 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -8,9 +8,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/"
-    }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 784b0c71a47..a8d1d994a40 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -7,8 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index ba7aeb05b19..831486ca872 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -7,9 +7,7 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/"
-    }
+    mavenCentral()
     mavenLocal()
 }
 
diff --git a/examples/example-jwt-auth/settings.gradle b/examples/example-jwt-auth/settings.gradle
index 273558dd9cf..c665ff96674 100644
--- a/examples/example-jwt-auth/settings.gradle
+++ b/examples/example-jwt-auth/settings.gradle
@@ -1,8 +1,5 @@
 pluginManagement {
     repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
-        }
         gradlePluginPortal()
     }
 }
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 6e07cbc7447..08d53a247c5 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -7,9 +7,7 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/"
-    }
+    mavenCentral()
     mavenLocal()
 }
 
diff --git a/examples/example-oauth/settings.gradle b/examples/example-oauth/settings.gradle
index 273558dd9cf..c665ff96674 100644
--- a/examples/example-oauth/settings.gradle
+++ b/examples/example-oauth/settings.gradle
@@ -1,8 +1,5 @@
 pluginManagement {
     repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
-        }
         gradlePluginPortal()
     }
 }
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 5c1e419c82e..4c6f4803014 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -7,9 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/"
-    }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index babd0c7d18e..a9fb615446c 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -7,8 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index d82f5ecda7e..2549f5eecc1 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -7,8 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 50b9d47632c..df846ed42be 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -6,8 +6,7 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
+    mavenCentral()
     mavenLocal()
 }
 
diff --git a/examples/example-servlet/settings.gradle b/examples/example-servlet/settings.gradle
index 273558dd9cf..c665ff96674 100644
--- a/examples/example-servlet/settings.gradle
+++ b/examples/example-servlet/settings.gradle
@@ -1,8 +1,5 @@
 pluginManagement {
     repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
-        }
         gradlePluginPortal()
     }
 }
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 2d61862700b..61a9706ebf6 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -7,9 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/"
-    }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/example-tls/settings.gradle b/examples/example-tls/settings.gradle
index 273558dd9cf..c665ff96674 100644
--- a/examples/example-tls/settings.gradle
+++ b/examples/example-tls/settings.gradle
@@ -1,8 +1,5 @@
 pluginManagement {
     repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
-        }
         gradlePluginPortal()
     }
 }
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index bb404bdb07c..a1e2501a7b6 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -7,8 +7,6 @@ plugins {
 }
 
 repositories {
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
     mavenCentral()
     mavenLocal()
 }
diff --git a/examples/settings.gradle b/examples/settings.gradle
index 0473750a54f..dadd24b1c0f 100644
--- a/examples/settings.gradle
+++ b/examples/settings.gradle
@@ -1,8 +1,5 @@
 pluginManagement {
     repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
-        }
         gradlePluginPortal()
     }
 }

From fdb9a5a94fc07109a5b187d3e2adad6c508c8349 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 27 Dec 2024 10:45:42 -0800
Subject: [PATCH 129/591] gae-interop-testing: Remove duplicate repositories

These repositories are already included from the main build.gradle, so
they don't do anything. Much less do they need to be defined twice in
the same file.
---
 gae-interop-testing/gae-jdk8/build.gradle | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/gae-interop-testing/gae-jdk8/build.gradle b/gae-interop-testing/gae-jdk8/build.gradle
index 3ed395198c2..14abbc05a9b 100644
--- a/gae-interop-testing/gae-jdk8/build.gradle
+++ b/gae-interop-testing/gae-jdk8/build.gradle
@@ -14,10 +14,6 @@
 
 buildscript {
     // Configuration for building
-    repositories {
-        maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/" }
-    }
     dependencies {
         classpath 'com.squareup.okhttp:okhttp:2.7.4'
     }
@@ -33,13 +29,6 @@ plugins {
 
 description = 'gRPC: gae interop testing (jdk8)'
 
-repositories {
-    // repositories for Jar's you access in your code
-    mavenLocal()
-    maven { // The google mirror is less flaky than mavenCentral()
-        url "https://maven-central.storage-download.googleapis.com/maven2/" }
-}
-
 dependencies {
     providedCompile group: 'javax.servlet', name: 'servlet-api', version:'2.5'
     runtimeOnly 'com.google.appengine:appengine-api-1.0-sdk:1.9.59'

From b272f634c10ad9415649c0499b2ddc736e3f41d8 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 27 Dec 2024 12:04:58 -0800
Subject: [PATCH 130/591] Disable Gradle Module Metadata resolution

The module metadata in Guava causes the -jre version to be selected even
when you choose the -android version. Gradle did not give any clues that
this was happening, and while
`println(configurations.compileClasspath.resolve())` shows the different
jar in use, most other diagonstics don't. dependencyInsight can show you
this is happening, but only if you know which dependency has a problem
and read Guava's module metadata first to understand the significance of
the results.

You could argue this is a Guava-specific problem. I was able to get
parts of our build working with attributes and resolutionStrategy
configurations mentioned at
https://github.com/google/guava/releases/tag/v32.1.0 , so that only
Guava would be changed. But it was fickle giving poor error messages or
silently swapping back to the -jre version.

Given the weak debuggability, the added complexity, and the lack of
value module metadata is providing us, disabling module metadata for our
entire build seems prudent.

See https://github.com/google/guava/issues/7575
---
 android-interop-testing/build.gradle |  1 -
 android/build.gradle                 |  1 -
 binder/build.gradle                  |  1 -
 build.gradle                         | 21 ++++++++++++++++++---
 cronet/build.gradle                  |  1 -
 gradle/libs.versions.toml            |  2 +-
 6 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index 9b3b021afce..1d39aee1750 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -7,7 +7,6 @@ description = 'gRPC: Android Integration Testing'
 
 repositories {
     google()
-    mavenCentral()
 }
 
 android {
diff --git a/android/build.gradle b/android/build.gradle
index 3b3bfa59b96..3c717da18a3 100644
--- a/android/build.gradle
+++ b/android/build.gradle
@@ -31,7 +31,6 @@ android {
 
 repositories {
     google()
-    mavenCentral()
 }
 
 dependencies {
diff --git a/binder/build.gradle b/binder/build.gradle
index e18361e08b3..3390e02fce7 100644
--- a/binder/build.gradle
+++ b/binder/build.gradle
@@ -32,7 +32,6 @@ android {
 
 repositories {
     google()
-    mavenCentral()
 }
 
 dependencies {
diff --git a/build.gradle b/build.gradle
index 52ca19ab4ba..39d2b6ad289 100644
--- a/build.gradle
+++ b/build.gradle
@@ -25,9 +25,24 @@ subprojects {
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/" }
-        mavenCentral()
-        mavenLocal()
+            url "https://maven-central.storage-download.googleapis.com/maven2/"
+            metadataSources {
+                mavenPom()
+                ignoreGradleMetadataRedirection()
+            }
+        }
+        mavenCentral() {
+            metadataSources {
+                mavenPom()
+                ignoreGradleMetadataRedirection()
+            }
+        }
+        mavenLocal() {
+            metadataSources {
+                mavenPom()
+                ignoreGradleMetadataRedirection()
+            }
+        }
     }
 
     tasks.withType(JavaCompile).configureEach {
diff --git a/cronet/build.gradle b/cronet/build.gradle
index 3252a9d249b..1a327f9f966 100644
--- a/cronet/build.gradle
+++ b/cronet/build.gradle
@@ -8,7 +8,6 @@ description = "gRPC: Cronet Android"
 
 repositories {
     google()
-    mavenCentral()
 }
 
 android {
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 4d871239cc2..43ec3368b76 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -62,7 +62,7 @@ jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.20"
 jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
 junit = "junit:junit:4.13.2"
 # 2.17+ require Java 11+ (not mentioned in release notes)
-lincheck = "org.jetbrains.kotlinx:lincheck:2.16"
+lincheck = "org.jetbrains.kotlinx:lincheck-jvm:2.16"
 # Update notes / 2023-07-19 sergiitk:
 #    Couldn't update to 5.4.0, updated to the last in 4.x line. Version 5.x breaks some tests.
 #    Error log: https://github.com/grpc/grpc-java/pull/10359#issuecomment-1632834435

From bac8b320435f7e78931c7a6d208cb5caab9026ca Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Fri, 3 Jan 2025 10:42:42 -0800
Subject: [PATCH 131/591] Fix equality and hashcode of
 CancelServerStreamCommand. (#11785)

In e036b1b198bfa2eb5fbdd27fc02a5df95ecd939b, CancelServerStreamCommand got another field. But, its hashCode and equals methods were not updated.
---
 .../java/io/grpc/netty/CancelServerStreamCommand.java     | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/CancelServerStreamCommand.java b/netty/src/main/java/io/grpc/netty/CancelServerStreamCommand.java
index d49e3bd672b..a3b29457670 100644
--- a/netty/src/main/java/io/grpc/netty/CancelServerStreamCommand.java
+++ b/netty/src/main/java/io/grpc/netty/CancelServerStreamCommand.java
@@ -69,13 +69,14 @@ public boolean equals(Object o) {
 
     CancelServerStreamCommand that = (CancelServerStreamCommand) o;
 
-    return Objects.equal(this.stream, that.stream)
-        && Objects.equal(this.reason, that.reason);
+    return this.stream.equals(that.stream)
+        && this.reason.equals(that.reason)
+        && this.peerNotify.equals(that.peerNotify);
   }
 
   @Override
   public int hashCode() {
-    return Objects.hashCode(stream, reason);
+    return Objects.hashCode(stream, reason, peerNotify);
   }
 
   @Override
@@ -83,6 +84,7 @@ public String toString() {
     return MoreObjects.toStringHelper(this)
         .add("stream", stream)
         .add("reason", reason)
+        .add("peerNotify", peerNotify)
         .toString();
   }
 

From 9a712c3f77d0cd07d2b933ab4bd261ac29ba7298 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 27 Dec 2024 22:56:48 -0800
Subject: [PATCH 132/591] xds: Make XdsClient.ResourceStore package-private

There's no reason to use the interface outside of
XdsClientImpl/ControlPlaneClient. Since XdsClientImpl implements the
interface directly, its methods are still public. That can be a future
cleanup.
---
 .../java/io/grpc/xds/client/XdsClient.java    |  2 +-
 .../java/io/grpc/xds/CsdsServiceTest.java     | 74 ++++---------------
 2 files changed, 16 insertions(+), 60 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index 36f8bd591c7..1b53f6778c7 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -428,7 +428,7 @@ void handleResourceResponse(
     void handleStreamClosed(Status error, boolean shouldTryFallback);
   }
 
-  public interface ResourceStore {
+  interface ResourceStore {
 
     /**
      * Returns the collection of resources currently subscribed to which have an authority matching
diff --git a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
index df0687f6706..2c0aae24e52 100644
--- a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
+++ b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
@@ -299,7 +299,7 @@ private void verifyResponse(ClientStatusResponse response) {
       assertThat(response.getConfigCount()).isEqualTo(1);
       ClientConfig clientConfig = response.getConfig(0);
       verifyClientConfigNode(clientConfig);
-      verifyClientConfigNoResources(XDS_CLIENT_NO_RESOURCES, clientConfig);
+      assertThat(clientConfig.getGenericXdsConfigsList()).isEmpty();
       assertThat(clientConfig.getClientScope()).isEmpty();
     }
 
@@ -310,7 +310,7 @@ private Collection<String> verifyMultiResponse(ClientStatusResponse response, in
       for (int i = 0; i < numExpected; i++) {
         ClientConfig clientConfig = response.getConfig(i);
         verifyClientConfigNode(clientConfig);
-        verifyClientConfigNoResources(XDS_CLIENT_NO_RESOURCES, clientConfig);
+        assertThat(clientConfig.getGenericXdsConfigsList()).isEmpty();
         clientScopes.add(clientConfig.getClientScope());
       }
 
@@ -382,16 +382,6 @@ public void getClientConfigForXdsClient_subscribedResourcesToGenericXdsConfig()
               .put(EDS, ImmutableMap.of("subscribedResourceName.EDS", METADATA_ACKED_EDS))
               .buildOrThrow();
         }
-
-        @Override
-        public Map<String, XdsResourceType<?>> getSubscribedResourceTypesWithTypeUrl() {
-          return ImmutableMap.of(
-              LDS.typeUrl(), LDS,
-              RDS.typeUrl(), RDS,
-              CDS.typeUrl(), CDS,
-              EDS.typeUrl(), EDS
-          );
-        }
       };
       ClientConfig clientConfig = CsdsService.getClientConfigForXdsClient(fakeXdsClient,
           FAKE_CLIENT_SCOPE);
@@ -403,31 +393,31 @@ public Map<String, XdsResourceType<?>> getSubscribedResourceTypesWithTypeUrl() {
       // is propagated to the correct resource types.
       int xdsConfigCount = clientConfig.getGenericXdsConfigsCount();
       assertThat(xdsConfigCount).isEqualTo(4);
-      Map<XdsResourceType<?>, GenericXdsConfig> configDumps = mapConfigDumps(fakeXdsClient,
-          clientConfig);
-      assertThat(configDumps.keySet()).containsExactly(LDS, RDS, CDS, EDS);
+      Map<String, GenericXdsConfig> configDumps = mapConfigDumps(clientConfig);
+      assertThat(configDumps.keySet())
+          .containsExactly(LDS.typeUrl(), RDS.typeUrl(), CDS.typeUrl(), EDS.typeUrl());
 
       // LDS.
-      GenericXdsConfig genericXdsConfigLds = configDumps.get(LDS);
+      GenericXdsConfig genericXdsConfigLds = configDumps.get(LDS.typeUrl());
       assertThat(genericXdsConfigLds.getName()).isEqualTo("subscribedResourceName.LDS");
       assertThat(genericXdsConfigLds.getClientStatus()).isEqualTo(ClientResourceStatus.ACKED);
       assertThat(genericXdsConfigLds.getVersionInfo()).isEqualTo(VERSION_ACK_LDS);
       assertThat(genericXdsConfigLds.getXdsConfig()).isEqualTo(RAW_LISTENER);
 
       // RDS.
-      GenericXdsConfig genericXdsConfigRds = configDumps.get(RDS);
+      GenericXdsConfig genericXdsConfigRds = configDumps.get(RDS.typeUrl());
       assertThat(genericXdsConfigRds.getClientStatus()).isEqualTo(ClientResourceStatus.ACKED);
       assertThat(genericXdsConfigRds.getVersionInfo()).isEqualTo(VERSION_ACK_RDS);
       assertThat(genericXdsConfigRds.getXdsConfig()).isEqualTo(RAW_ROUTE_CONFIGURATION);
 
       // CDS.
-      GenericXdsConfig genericXdsConfigCds = configDumps.get(CDS);
+      GenericXdsConfig genericXdsConfigCds = configDumps.get(CDS.typeUrl());
       assertThat(genericXdsConfigCds.getClientStatus()).isEqualTo(ClientResourceStatus.ACKED);
       assertThat(genericXdsConfigCds.getVersionInfo()).isEqualTo(VERSION_ACK_CDS);
       assertThat(genericXdsConfigCds.getXdsConfig()).isEqualTo(RAW_CLUSTER);
 
       // RDS.
-      GenericXdsConfig genericXdsConfigEds = configDumps.get(EDS);
+      GenericXdsConfig genericXdsConfigEds = configDumps.get(EDS.typeUrl());
       assertThat(genericXdsConfigEds.getClientStatus()).isEqualTo(ClientResourceStatus.ACKED);
       assertThat(genericXdsConfigEds.getVersionInfo()).isEqualTo(VERSION_ACK_EDS);
       assertThat(genericXdsConfigEds.getXdsConfig()).isEqualTo(RAW_CLUSTER_LOAD_ASSIGNMENT);
@@ -438,23 +428,11 @@ public void getClientConfigForXdsClient_noSubscribedResources() throws Interrupt
       ClientConfig clientConfig =
           CsdsService.getClientConfigForXdsClient(XDS_CLIENT_NO_RESOURCES, FAKE_CLIENT_SCOPE);
       verifyClientConfigNode(clientConfig);
-      verifyClientConfigNoResources(XDS_CLIENT_NO_RESOURCES, clientConfig);
+      assertThat(clientConfig.getGenericXdsConfigsList()).isEmpty();
       assertThat(clientConfig.getClientScope()).isEqualTo(FAKE_CLIENT_SCOPE);
     }
   }
 
-  /**
-   * Assuming {@link MetadataToProtoTests} passes, and metadata converted to corresponding
-   * config dumps correctly, perform a minimal verification of the general shape of ClientConfig.
-   */
-  private static void verifyClientConfigNoResources(FakeXdsClient xdsClient,
-                                                    ClientConfig clientConfig) {
-    int xdsConfigCount = clientConfig.getGenericXdsConfigsCount();
-    assertThat(xdsConfigCount).isEqualTo(0);
-    Map<XdsResourceType<?>, GenericXdsConfig> configDumps = mapConfigDumps(xdsClient, clientConfig);
-    assertThat(configDumps).isEmpty();
-  }
-
   /**
    * Assuming {@link EnvoyProtoDataTest#convertNode} passes, perform a minimal check,
    * just verify the node itself is the one we expect.
@@ -465,21 +443,17 @@ private static void verifyClientConfigNode(ClientConfig clientConfig) {
     assertThat(node).isEqualTo(BOOTSTRAP_NODE.toEnvoyProtoNode());
   }
 
-  private static Map<XdsResourceType<?>, GenericXdsConfig> mapConfigDumps(FakeXdsClient client,
-                                                                          ClientConfig config) {
-    Map<XdsResourceType<?>, GenericXdsConfig> xdsConfigMap = new HashMap<>();
+  private static Map<String, GenericXdsConfig> mapConfigDumps(ClientConfig config) {
+    Map<String, GenericXdsConfig> xdsConfigMap = new HashMap<>();
     List<GenericXdsConfig> xdsConfigList = config.getGenericXdsConfigsList();
     for (GenericXdsConfig genericXdsConfig : xdsConfigList) {
-      XdsResourceType<?> type = client.getSubscribedResourceTypesWithTypeUrl()
-          .get(genericXdsConfig.getTypeUrl());
-      assertThat(type).isNotNull();
-      assertThat(xdsConfigMap).doesNotContainKey(type);
-      xdsConfigMap.put(type, genericXdsConfig);
+      assertThat(xdsConfigMap).doesNotContainKey(genericXdsConfig.getTypeUrl());
+      xdsConfigMap.put(genericXdsConfig.getTypeUrl(), genericXdsConfig);
     }
     return xdsConfigMap;
   }
 
-  private static class FakeXdsClient extends XdsClient implements XdsClient.ResourceStore {
+  private static class FakeXdsClient extends XdsClient {
     protected Map<XdsResourceType<?>, Map<String, ResourceMetadata>>
         getSubscribedResourcesMetadata() {
       return ImmutableMap.of();
@@ -495,24 +469,6 @@ private static class FakeXdsClient extends XdsClient implements XdsClient.Resour
     public BootstrapInfo getBootstrapInfo() {
       return BOOTSTRAP_INFO;
     }
-
-    @Nullable
-    @Override
-    public Collection<String> getSubscribedResources(
-        ServerInfo serverInfo, XdsResourceType<? extends ResourceUpdate> type) {
-      return null;
-    }
-
-    @Override
-    public void startMissingResourceTimers(Collection<String> resourceNames,
-                                           XdsResourceType<?> resourceType) {
-      // do nothing
-    }
-
-    @Override
-    public Map<String, XdsResourceType<?>> getSubscribedResourceTypesWithTypeUrl() {
-      return ImmutableMap.of();
-    }
   }
 
   private static class FakeXdsClientPoolFactory implements XdsClientPoolFactory {

From 1cf1927d1a7024e353f239fe5b5d50cbb49a8bae Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 3 Jan 2025 12:34:47 -0800
Subject: [PATCH 133/591] xds: Preserve nonce when unsubscribing type

This fixes a regression introduced in 19c9b998.

b/374697875
---
 .../java/io/grpc/xds/client/ControlPlaneClient.java    | 10 +++++++---
 .../java/io/grpc/xds/GrpcXdsClientImplTestBase.java    |  5 ++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index 9c7d744816a..878f1686a89 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -167,9 +167,10 @@ void adjustResourceSubscription(XdsResourceType<?> resourceType) {
     resourceStore.startMissingResourceTimers(resources, resourceType);
 
     if (resources.isEmpty()) {
-      // The resource type no longer has subscribing resources; clean up references to it
+      // The resource type no longer has subscribing resources; clean up references to it, except
+      // for nonces. If the resource type becomes used again the control plane can ignore requests
+      // for old/missing nonces. Old type's nonces are dropped when the ADS stream is restarted.
       versions.remove(resourceType);
-      adsStream.respNonces.remove(resourceType);
     }
   }
 
@@ -313,7 +314,10 @@ private class AdsStream implements XdsTransportFactory.EventHandler<DiscoveryRes
     // Nonce in each response is echoed back in the following ACK/NACK request. It is
     // used for management server to identify which response the client is ACKing/NACking.
     // To avoid confusion, client-initiated requests will always use the nonce in
-    // most recently received responses of each resource type.
+    // most recently received responses of each resource type. Nonces are never deleted from the
+    // map; nonces are only discarded once the stream closes because xds_protocol says "the
+    // management server should not send a DiscoveryResponse for any DiscoveryRequest that has a
+    // stale nonce."
     private final Map<XdsResourceType<?>, String> respNonces = new HashMap<>();
     private final StreamingCall<DiscoveryRequest, DiscoveryResponse> call;
     private final MethodDescriptor<DiscoveryRequest, DiscoveryResponse> methodDescriptor =
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 1b0c363d94f..9a80e3c36b6 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -2899,10 +2899,9 @@ public void edsCleanupNonceAfterUnsubscription() {
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 0);
     call.verifyRequest(EDS, Arrays.asList(), VERSION_1, "0000", NODE);
 
-    // When re-subscribing, the version and nonce were properly forgotten, so the request is the
-    // same as the initial request
+    // When re-subscribing, the version was forgotten but not the nonce
     xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "A.1", edsResourceWatcher);
-    call.verifyRequest(EDS, "A.1", "", "", NODE, Mockito.timeout(2000).times(2));
+    call.verifyRequest(EDS, "A.1", "", "0000", NODE, Mockito.timeout(2000));
   }
 
   @Test

From 4a0f707331fc3b23403e1549b8165e4188dddb20 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 3 Jan 2025 14:52:37 -0800
Subject: [PATCH 134/591] xds: Avoid depending on io.grpc.xds.Internal* classes

Internal* classes should generally be accessors that are used outside of
the package/project. Only one attribute was used outside of xds, so
leave only that one attribute in InternalXdsAttributes. One attribute
was used by the internal.security package, so move the definition to the
same package to reduce the circular dependencies.
---
 .../java/io/grpc/xds/CdsLoadBalancer2.java    |   2 +-
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |  19 ++--
 .../grpc/xds/ClusterResolverLoadBalancer.java |  18 ++--
 ...ilterChainMatchingProtocolNegotiators.java |   4 +-
 .../io/grpc/xds/GcpAuthenticationFilter.java  |   2 +-
 .../io/grpc/xds/InternalXdsAttributes.java    |  81 +-------------
 .../io/grpc/xds/RingHashLoadBalancer.java     |   4 +-
 .../io/grpc/xds/WrrLocalityLoadBalancer.java  |   4 +-
 .../main/java/io/grpc/xds/XdsAttributes.java  | 101 ++++++++++++++++++
 .../java/io/grpc/xds/XdsNameResolver.java     |   4 +-
 .../java/io/grpc/xds/XdsServerBuilder.java    |   4 +-
 .../security/SecurityProtocolNegotiators.java |  11 +-
 .../io/grpc/xds/CdsLoadBalancer2Test.java     |   2 +-
 .../grpc/xds/ClusterImplLoadBalancerTest.java |  36 ++++---
 .../xds/ClusterResolverLoadBalancerTest.java  |  30 +++---
 .../io/grpc/xds/RingHashLoadBalancerTest.java |   2 +-
 .../grpc/xds/WrrLocalityLoadBalancerTest.java |   6 +-
 .../java/io/grpc/xds/XdsNameResolverTest.java |  12 +--
 .../grpc/xds/XdsSecurityClientServerTest.java |   3 +-
 .../SecurityProtocolNegotiatorsTest.java      |   3 +-
 20 files changed, 190 insertions(+), 158 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/XdsAttributes.java

diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
index 3f1eb3e7e4f..04b7663fd35 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
@@ -88,7 +88,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     }
     logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
     this.resolvedAddresses = resolvedAddresses;
-    xdsClientPool = resolvedAddresses.getAttributes().get(InternalXdsAttributes.XDS_CLIENT_POOL);
+    xdsClientPool = resolvedAddresses.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL);
     xdsClient = xdsClientPool.getObject();
     CdsConfig config = (CdsConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
     logger.log(XdsLogLevel.INFO, "Config: {0}", config);
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index e4bb28a1b6a..23f89d161e2 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -52,6 +52,7 @@
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
+import io.grpc.xds.internal.security.SecurityProtocolNegotiators;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import io.grpc.xds.orca.OrcaPerRequestUtil;
 import io.grpc.xds.orca.OrcaPerRequestUtil.OrcaPerRequestReportListener;
@@ -114,12 +115,12 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
     Attributes attributes = resolvedAddresses.getAttributes();
     if (xdsClientPool == null) {
-      xdsClientPool = attributes.get(InternalXdsAttributes.XDS_CLIENT_POOL);
+      xdsClientPool = attributes.get(XdsAttributes.XDS_CLIENT_POOL);
       assert xdsClientPool != null;
       xdsClient = xdsClientPool.getObject();
     }
     if (callCounterProvider == null) {
-      callCounterProvider = attributes.get(InternalXdsAttributes.CALL_COUNTER_PROVIDER);
+      callCounterProvider = attributes.get(XdsAttributes.CALL_COUNTER_PROVIDER);
     }
 
     ClusterImplConfig config =
@@ -236,9 +237,9 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
           .set(ATTR_CLUSTER_LOCALITY, localityAtomicReference);
       if (GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE", false)) {
         String hostname = args.getAddresses().get(0).getAttributes()
-            .get(InternalXdsAttributes.ATTR_ADDRESS_NAME);
+            .get(XdsAttributes.ATTR_ADDRESS_NAME);
         if (hostname != null) {
-          attrsBuilder.set(InternalXdsAttributes.ATTR_ADDRESS_NAME, hostname);
+          attrsBuilder.set(XdsAttributes.ATTR_ADDRESS_NAME, hostname);
         }
       }
       args = args.toBuilder().setAddresses(addresses).setAttributes(attrsBuilder.build()).build();
@@ -287,10 +288,10 @@ private List<EquivalentAddressGroup> withAdditionalAttributes(
       List<EquivalentAddressGroup> newAddresses = new ArrayList<>();
       for (EquivalentAddressGroup eag : addresses) {
         Attributes.Builder attrBuilder = eag.getAttributes().toBuilder().set(
-            InternalXdsAttributes.ATTR_CLUSTER_NAME, cluster);
+            XdsAttributes.ATTR_CLUSTER_NAME, cluster);
         if (sslContextProviderSupplier != null) {
           attrBuilder.set(
-              InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
+              SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
               sslContextProviderSupplier);
         }
         newAddresses.add(new EquivalentAddressGroup(eag.getAddresses(), attrBuilder.build()));
@@ -299,8 +300,8 @@ private List<EquivalentAddressGroup> withAdditionalAttributes(
     }
 
     private ClusterLocality createClusterLocalityFromAttributes(Attributes addressAttributes) {
-      Locality locality = addressAttributes.get(InternalXdsAttributes.ATTR_LOCALITY);
-      String localityName = addressAttributes.get(InternalXdsAttributes.ATTR_LOCALITY_NAME);
+      Locality locality = addressAttributes.get(XdsAttributes.ATTR_LOCALITY);
+      String localityName = addressAttributes.get(XdsAttributes.ATTR_LOCALITY_NAME);
 
       // Endpoint addresses resolved by ClusterResolverLoadBalancer should always contain
       // attributes with its locality, including endpoints in LOGICAL_DNS clusters.
@@ -431,7 +432,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
             result = PickResult.withSubchannel(result.getSubchannel(),
                 result.getStreamTracerFactory(),
                 result.getSubchannel().getAttributes().get(
-                    InternalXdsAttributes.ATTR_ADDRESS_NAME));
+                    XdsAttributes.ATTR_ADDRESS_NAME));
           }
         }
         return result;
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index 3ef79699b10..4e08ddc5973 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -119,7 +119,7 @@ final class ClusterResolverLoadBalancer extends LoadBalancer {
   public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
     if (xdsClientPool == null) {
-      xdsClientPool = resolvedAddresses.getAttributes().get(InternalXdsAttributes.XDS_CLIENT_POOL);
+      xdsClientPool = resolvedAddresses.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL);
       xdsClient = xdsClientPool.getObject();
     }
     ClusterResolverConfig config =
@@ -423,12 +423,12 @@ public void run() {
                   String localityName = localityName(locality);
                   Attributes attr =
                       endpoint.eag().getAttributes().toBuilder()
-                          .set(InternalXdsAttributes.ATTR_LOCALITY, locality)
-                          .set(InternalXdsAttributes.ATTR_LOCALITY_NAME, localityName)
-                          .set(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT,
+                          .set(XdsAttributes.ATTR_LOCALITY, locality)
+                          .set(XdsAttributes.ATTR_LOCALITY_NAME, localityName)
+                          .set(XdsAttributes.ATTR_LOCALITY_WEIGHT,
                               localityLbInfo.localityWeight())
-                          .set(InternalXdsAttributes.ATTR_SERVER_WEIGHT, weight)
-                          .set(InternalXdsAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
+                          .set(XdsAttributes.ATTR_SERVER_WEIGHT, weight)
+                          .set(XdsAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
                           .build();
                   EquivalentAddressGroup eag = new EquivalentAddressGroup(
                       endpoint.eag().getAddresses(), attr);
@@ -630,9 +630,9 @@ public void run() {
                 // to handle such it.
                 String localityName = localityName(LOGICAL_DNS_CLUSTER_LOCALITY);
                 Attributes attr = eag.getAttributes().toBuilder()
-                    .set(InternalXdsAttributes.ATTR_LOCALITY, LOGICAL_DNS_CLUSTER_LOCALITY)
-                    .set(InternalXdsAttributes.ATTR_LOCALITY_NAME, localityName)
-                    .set(InternalXdsAttributes.ATTR_ADDRESS_NAME, dnsHostName)
+                    .set(XdsAttributes.ATTR_LOCALITY, LOGICAL_DNS_CLUSTER_LOCALITY)
+                    .set(XdsAttributes.ATTR_LOCALITY_NAME, localityName)
+                    .set(XdsAttributes.ATTR_ADDRESS_NAME, dnsHostName)
                     .build();
                 eag = new EquivalentAddressGroup(eag.getAddresses(), attr);
                 eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
diff --git a/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java
index 37a0e6a8ae0..aaf8d69d2c1 100644
--- a/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java
+++ b/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java
@@ -17,8 +17,8 @@
 package io.grpc.xds;
 
 import static com.google.common.base.Preconditions.checkNotNull;
-import static io.grpc.xds.InternalXdsAttributes.ATTR_DRAIN_GRACE_NANOS;
-import static io.grpc.xds.InternalXdsAttributes.ATTR_FILTER_CHAIN_SELECTOR_MANAGER;
+import static io.grpc.xds.XdsAttributes.ATTR_DRAIN_GRACE_NANOS;
+import static io.grpc.xds.XdsAttributes.ATTR_FILTER_CHAIN_SELECTOR_MANAGER;
 import static io.grpc.xds.XdsServerWrapper.ATTR_SERVER_ROUTING_CONFIG;
 import static io.grpc.xds.internal.security.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
 
diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index edd8a09e4ca..4e242708e1f 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -106,7 +106,7 @@ public ClientInterceptor buildClientInterceptor(FilterConfig config,
       public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
           MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
 
-        /*String clusterName = callOptions.getOption(InternalXdsAttributes.ATTR_CLUSTER_NAME);
+        /*String clusterName = callOptions.getOption(XdsAttributes.ATTR_CLUSTER_NAME);
         if (clusterName == null) {
           return next.newCall(method, callOptions);
         }*/
diff --git a/xds/src/main/java/io/grpc/xds/InternalXdsAttributes.java b/xds/src/main/java/io/grpc/xds/InternalXdsAttributes.java
index 575bda73f0c..ed70e6f5e78 100644
--- a/xds/src/main/java/io/grpc/xds/InternalXdsAttributes.java
+++ b/xds/src/main/java/io/grpc/xds/InternalXdsAttributes.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The gRPC Authors
+ * Copyright 2024 The gRPC Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,96 +18,19 @@
 
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
-import io.grpc.Grpc;
 import io.grpc.Internal;
-import io.grpc.NameResolver;
-import io.grpc.internal.ObjectPool;
-import io.grpc.xds.XdsNameResolverProvider.CallCounterProvider;
-import io.grpc.xds.client.Locality;
-import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.internal.security.SslContextProviderSupplier;
 
 /**
  * Internal attributes used for xDS implementation. Do not use.
  */
 @Internal
 public final class InternalXdsAttributes {
-
-  // TODO(sanjaypujare): move to xds internal package.
-  /** Attribute key for SslContextProviderSupplier (used from client) for a subchannel. */
-  @Grpc.TransportAttr
-  public static final Attributes.Key<SslContextProviderSupplier>
-      ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER =
-          Attributes.Key.create("io.grpc.xds.internal.security.SslContextProviderSupplier");
-
-  /**
-   * Attribute key for passing around the XdsClient object pool across NameResolver/LoadBalancers.
-   */
-  @NameResolver.ResolutionResultAttr
-  static final Attributes.Key<ObjectPool<XdsClient>> XDS_CLIENT_POOL =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.xdsClientPool");
-
-  /**
-   * Attribute key for obtaining the global provider that provides atomics for aggregating
-   * outstanding RPCs sent to each cluster.
-   */
-  @NameResolver.ResolutionResultAttr
-  static final Attributes.Key<CallCounterProvider> CALL_COUNTER_PROVIDER =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.callCounterProvider");
-
-  /**
-   * Map from localities to their weights.
-   */
-  @NameResolver.ResolutionResultAttr
-  static final Attributes.Key<Integer> ATTR_LOCALITY_WEIGHT =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.localityWeight");
-
   /**
    * Name of the cluster that provides this EquivalentAddressGroup.
    */
-  @Internal
   @EquivalentAddressGroup.Attr
   public static final Attributes.Key<String> ATTR_CLUSTER_NAME =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.clusterName");
-
-  /**
-   * The locality that this EquivalentAddressGroup is in.
-   */
-  @EquivalentAddressGroup.Attr
-  static final Attributes.Key<Locality> ATTR_LOCALITY =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.locality");
-
-  /**
-   * The name of the locality that this EquivalentAddressGroup is in.
-   */
-  @EquivalentAddressGroup.Attr
-  static final Attributes.Key<String> ATTR_LOCALITY_NAME =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.localityName");
-
-  /**
-   * Endpoint weight for load balancing purposes.
-   */
-  @EquivalentAddressGroup.Attr
-  static final Attributes.Key<Long> ATTR_SERVER_WEIGHT =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.serverWeight");
-
-  /** Name associated with individual address, if available (e.g., DNS name). */
-  @EquivalentAddressGroup.Attr
-  static final Attributes.Key<String> ATTR_ADDRESS_NAME =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.addressName");
-
-  /**
-   * Filter chain match for network filters.
-   */
-  @Grpc.TransportAttr
-  static final Attributes.Key<FilterChainSelectorManager>
-          ATTR_FILTER_CHAIN_SELECTOR_MANAGER = Attributes.Key.create(
-          "io.grpc.xds.InternalXdsAttributes.filterChainSelectorManager");
-
-  /** Grace time to use when draining. Null for an infinite grace time. */
-  @Grpc.TransportAttr
-  static final Attributes.Key<Long> ATTR_DRAIN_GRACE_NANOS =
-      Attributes.Key.create("io.grpc.xds.InternalXdsAttributes.drainGraceTime");
+      XdsAttributes.ATTR_CLUSTER_NAME;
 
   private InternalXdsAttributes() {}
 }
diff --git a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
index 4f93974b52c..0c4792cb924 100644
--- a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
@@ -102,7 +102,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       Map<EquivalentAddressGroup, Long> serverWeights = new HashMap<>();
       long totalWeight = 0L;
       for (EquivalentAddressGroup eag : addrList) {
-        Long weight = eag.getAttributes().get(InternalXdsAttributes.ATTR_SERVER_WEIGHT);
+        Long weight = eag.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT);
         // Support two ways of server weighing: either multiple instances of the same address
         // or each address contains a per-address weight attribute. If a weight is not provided,
         // each occurrence of the address will be counted a weight value of one.
@@ -241,7 +241,7 @@ private Status validateAddrList(List<EquivalentAddressGroup> addrList) {
 
     long totalWeight = 0;
     for (EquivalentAddressGroup eag : addrList) {
-      Long weight = eag.getAttributes().get(InternalXdsAttributes.ATTR_SERVER_WEIGHT);
+      Long weight = eag.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT);
 
       if (weight == null) {
         weight = 1L;
diff --git a/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
index 46d2443d36a..3e58efa7c23 100644
--- a/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
@@ -74,8 +74,8 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     Map<String, Integer> localityWeights = new HashMap<>();
     for (EquivalentAddressGroup eag : resolvedAddresses.getAddresses()) {
       Attributes eagAttrs = eag.getAttributes();
-      String locality = eagAttrs.get(InternalXdsAttributes.ATTR_LOCALITY_NAME);
-      Integer localityWeight = eagAttrs.get(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT);
+      String locality = eagAttrs.get(XdsAttributes.ATTR_LOCALITY_NAME);
+      Integer localityWeight = eagAttrs.get(XdsAttributes.ATTR_LOCALITY_WEIGHT);
 
       if (locality == null) {
         Status unavailableStatus = Status.UNAVAILABLE.withDescription(
diff --git a/xds/src/main/java/io/grpc/xds/XdsAttributes.java b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
new file mode 100644
index 00000000000..af8139d8ff4
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2019 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import io.grpc.Attributes;
+import io.grpc.EquivalentAddressGroup;
+import io.grpc.Grpc;
+import io.grpc.NameResolver;
+import io.grpc.internal.ObjectPool;
+import io.grpc.xds.XdsNameResolverProvider.CallCounterProvider;
+import io.grpc.xds.client.Locality;
+import io.grpc.xds.client.XdsClient;
+
+/**
+ * Attributes used for xDS implementation.
+ */
+final class XdsAttributes {
+  /**
+   * Attribute key for passing around the XdsClient object pool across NameResolver/LoadBalancers.
+   */
+  @NameResolver.ResolutionResultAttr
+  static final Attributes.Key<ObjectPool<XdsClient>> XDS_CLIENT_POOL =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsClientPool");
+
+  /**
+   * Attribute key for obtaining the global provider that provides atomics for aggregating
+   * outstanding RPCs sent to each cluster.
+   */
+  @NameResolver.ResolutionResultAttr
+  static final Attributes.Key<CallCounterProvider> CALL_COUNTER_PROVIDER =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.callCounterProvider");
+
+  /**
+   * Map from localities to their weights.
+   */
+  @NameResolver.ResolutionResultAttr
+  static final Attributes.Key<Integer> ATTR_LOCALITY_WEIGHT =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.localityWeight");
+
+  /**
+   * Name of the cluster that provides this EquivalentAddressGroup.
+   */
+  @EquivalentAddressGroup.Attr
+  public static final Attributes.Key<String> ATTR_CLUSTER_NAME =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.clusterName");
+
+  /**
+   * The locality that this EquivalentAddressGroup is in.
+   */
+  @EquivalentAddressGroup.Attr
+  static final Attributes.Key<Locality> ATTR_LOCALITY =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.locality");
+
+  /**
+   * The name of the locality that this EquivalentAddressGroup is in.
+   */
+  @EquivalentAddressGroup.Attr
+  static final Attributes.Key<String> ATTR_LOCALITY_NAME =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.localityName");
+
+  /**
+   * Endpoint weight for load balancing purposes.
+   */
+  @EquivalentAddressGroup.Attr
+  static final Attributes.Key<Long> ATTR_SERVER_WEIGHT =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.serverWeight");
+
+  /** Name associated with individual address, if available (e.g., DNS name). */
+  @EquivalentAddressGroup.Attr
+  static final Attributes.Key<String> ATTR_ADDRESS_NAME =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.addressName");
+
+  /**
+   * Filter chain match for network filters.
+   */
+  @Grpc.TransportAttr
+  static final Attributes.Key<FilterChainSelectorManager>
+          ATTR_FILTER_CHAIN_SELECTOR_MANAGER = Attributes.Key.create(
+          "io.grpc.xds.XdsAttributes.filterChainSelectorManager");
+
+  /** Grace time to use when draining. Null for an infinite grace time. */
+  @Grpc.TransportAttr
+  static final Attributes.Key<Long> ATTR_DRAIN_GRACE_NANOS =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.drainGraceTime");
+
+  private XdsAttributes() {}
+}
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index c51709c174c..3c7f4455fde 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -307,8 +307,8 @@ private void updateResolutionResult() {
     ConfigOrError parsedServiceConfig = serviceConfigParser.parseServiceConfig(rawServiceConfig);
     Attributes attrs =
         Attributes.newBuilder()
-            .set(InternalXdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
-            .set(InternalXdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
+            .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+            .set(XdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
             .set(InternalConfigSelector.KEY, configSelector)
             .build();
     ResolutionResult result =
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerBuilder.java b/xds/src/main/java/io/grpc/xds/XdsServerBuilder.java
index b75d5755f6e..928f22c4d5e 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerBuilder.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerBuilder.java
@@ -19,8 +19,8 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
-import static io.grpc.xds.InternalXdsAttributes.ATTR_DRAIN_GRACE_NANOS;
-import static io.grpc.xds.InternalXdsAttributes.ATTR_FILTER_CHAIN_SELECTOR_MANAGER;
+import static io.grpc.xds.XdsAttributes.ATTR_DRAIN_GRACE_NANOS;
+import static io.grpc.xds.XdsAttributes.ATTR_FILTER_CHAIN_SELECTOR_MANAGER;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.errorprone.annotations.DoNotCall;
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
index 00659e53de1..c34fab74032 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
@@ -20,6 +20,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import io.grpc.Attributes;
+import io.grpc.Grpc;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ObjectPool;
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
@@ -28,7 +29,6 @@
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiators;
 import io.grpc.netty.ProtocolNegotiationEvent;
-import io.grpc.xds.InternalXdsAttributes;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerAdapter;
 import io.netty.channel.ChannelHandlerContext;
@@ -63,6 +63,12 @@ private SecurityProtocolNegotiators() {
           ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER =
           Attributes.Key.create("io.grpc.xds.internal.security.server.sslContextProviderSupplier");
 
+  /** Attribute key for SslContextProviderSupplier (used from client) for a subchannel. */
+  @Grpc.TransportAttr
+  public static final Attributes.Key<SslContextProviderSupplier>
+      ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER =
+          Attributes.Key.create("io.grpc.xds.internal.security.SslContextProviderSupplier");
+
   /**
    * Returns a {@link InternalProtocolNegotiator.ClientFactory}.
    *
@@ -130,8 +136,7 @@ public AsciiString scheme() {
     public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       // check if SslContextProviderSupplier was passed via attributes
       SslContextProviderSupplier localSslContextProviderSupplier =
-          grpcHandler.getEagAttributes().get(
-              InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
+          grpcHandler.getEagAttributes().get(ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
       if (localSslContextProviderSupplier == null) {
         checkNotNull(
             fallbackProtocolNegotiator, "No TLS config and no fallbackProtocolNegotiator!");
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index da32332a2a5..82a61e79abf 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -160,7 +160,7 @@ public void setUp() {
             .setAttributes(
                 // Other attributes not used by cluster_resolver LB are omitted.
                 Attributes.newBuilder()
-                    .set(InternalXdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+                    .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
                     .build())
             .setLoadBalancingPolicyConfig(new CdsConfig(CLUSTER))
             .build());
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index 0d18af0b04a..1918ea5724c 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -77,6 +77,7 @@
 import io.grpc.xds.client.Stats.UpstreamLocalityStats;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
+import io.grpc.xds.internal.security.SecurityProtocolNegotiators;
 import io.grpc.xds.internal.security.SslContextProvider;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import java.net.SocketAddress;
@@ -195,7 +196,7 @@ public void handleResolvedAddresses_propagateToChildPolicy() {
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(downstreamBalancers);
     assertThat(Iterables.getOnlyElement(childBalancer.addresses)).isEqualTo(endpoint);
     assertThat(childBalancer.config).isSameInstanceAs(weightedTargetConfig);
-    assertThat(childBalancer.attributes.get(InternalXdsAttributes.XDS_CLIENT_POOL))
+    assertThat(childBalancer.attributes.get(XdsAttributes.XDS_CLIENT_POOL))
         .isSameInstanceAs(xdsClientPool);
   }
 
@@ -533,7 +534,7 @@ public void dropRpcsWithRespectToLbConfigDropCategories() {
             .setAddresses(Collections.singletonList(endpoint))
             .setAttributes(
                 Attributes.newBuilder()
-                    .set(InternalXdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+                    .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
                     .build())
             .setLoadBalancingPolicyConfig(config)
             .build());
@@ -738,14 +739,14 @@ public void endpointAddressesAttachedWithClusterName() {
             .build();
     Subchannel subchannel = leafBalancer.helper.createSubchannel(args);
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-      assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_CLUSTER_NAME))
+      assertThat(eag.getAttributes().get(XdsAttributes.ATTR_CLUSTER_NAME))
           .isEqualTo(CLUSTER);
     }
 
     // An address update should also retain the cluster attribute.
     subchannel.updateAddresses(leafBalancer.addresses);
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-      assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_CLUSTER_NAME))
+      assertThat(eag.getAttributes().get(XdsAttributes.ATTR_CLUSTER_NAME))
           .isEqualTo(CLUSTER);
     }
   }
@@ -783,10 +784,10 @@ public void endpointAddressesAttachedWithClusterName() {
               new FixedResultPicker(PickResult.withSubchannel(subchannel)));
         }
       });
-      assertThat(subchannel.getAttributes().get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(
+      assertThat(subchannel.getAttributes().get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(
           "authority-host-name");
       for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-        assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_ADDRESS_NAME))
+        assertThat(eag.getAttributes().get(XdsAttributes.ATTR_ADDRESS_NAME))
             .isEqualTo("authority-host-name");
       }
 
@@ -835,9 +836,9 @@ public void endpointAddressesAttachedWithClusterName() {
       }
     });
     // Sub Channel wrapper args won't have the address name although addresses will.
-    assertThat(subchannel.getAttributes().get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isNull();
+    assertThat(subchannel.getAttributes().get(XdsAttributes.ATTR_ADDRESS_NAME)).isNull();
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-      assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_ADDRESS_NAME))
+      assertThat(eag.getAttributes().get(XdsAttributes.ATTR_ADDRESS_NAME))
           .isEqualTo("authority-host-name");
     }
 
@@ -877,7 +878,7 @@ public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
     Subchannel subchannel = leafBalancer.helper.createSubchannel(args);
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
       SslContextProviderSupplier supplier =
-          eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
+          eag.getAttributes().get(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
       assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
     }
 
@@ -891,7 +892,8 @@ public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
     assertThat(Iterables.getOnlyElement(downstreamBalancers)).isSameInstanceAs(leafBalancer);
     subchannel = leafBalancer.helper.createSubchannel(args);  // creates new connections
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-      assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER))
+      assertThat(
+            eag.getAttributes().get(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER))
           .isNull();
     }
 
@@ -908,14 +910,14 @@ public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
     subchannel = leafBalancer.helper.createSubchannel(args);  // creates new connections
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
       SslContextProviderSupplier supplier =
-          eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
+          eag.getAttributes().get(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
       assertThat(supplier.isShutdown()).isFalse();
       assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
     }
     loadBalancer.shutdown();
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
       SslContextProviderSupplier supplier =
-              eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
+          eag.getAttributes().get(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
       assertThat(supplier.isShutdown()).isTrue();
     }
     loadBalancer = null;
@@ -928,8 +930,8 @@ private void deliverAddressesAndConfig(List<EquivalentAddressGroup> addresses,
             .setAddresses(addresses)
             .setAttributes(
                 Attributes.newBuilder()
-                    .set(InternalXdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
-                    .set(InternalXdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
+                    .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+                    .set(XdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
                     .build())
             .setLoadBalancingPolicyConfig(config)
             .build());
@@ -986,11 +988,11 @@ public String toString() {
     }
 
     Attributes.Builder attributes = Attributes.newBuilder()
-        .set(InternalXdsAttributes.ATTR_LOCALITY, locality)
+        .set(XdsAttributes.ATTR_LOCALITY, locality)
         // Unique but arbitrary string
-        .set(InternalXdsAttributes.ATTR_LOCALITY_NAME, locality.toString());
+        .set(XdsAttributes.ATTR_LOCALITY_NAME, locality.toString());
     if (authorityHostname != null) {
-      attributes.set(InternalXdsAttributes.ATTR_ADDRESS_NAME, authorityHostname);
+      attributes.set(XdsAttributes.ATTR_ADDRESS_NAME, authorityHostname);
     }
     EquivalentAddressGroup eag = new EquivalentAddressGroup(new FakeSocketAddress(name),
         attributes.build());
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 29c46963da3..9243abba6d3 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -272,13 +272,13 @@ public void edsClustersWithRingHashEndpointLbPolicy() {
     // Endpoints in locality1 have no endpoint-level weight specified, so all endpoints within
     // locality1 are equally weighted.
     assertThat(addr1.getAddresses()).isEqualTo(endpoint1.getAddresses());
-    assertThat(addr1.getAttributes().get(InternalXdsAttributes.ATTR_SERVER_WEIGHT))
+    assertThat(addr1.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(10);
     assertThat(addr2.getAddresses()).isEqualTo(endpoint2.getAddresses());
-    assertThat(addr2.getAttributes().get(InternalXdsAttributes.ATTR_SERVER_WEIGHT))
+    assertThat(addr2.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(10);
     assertThat(addr3.getAddresses()).isEqualTo(endpoint3.getAddresses());
-    assertThat(addr3.getAttributes().get(InternalXdsAttributes.ATTR_SERVER_WEIGHT))
+    assertThat(addr3.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(50 * 60);
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
     PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
@@ -342,7 +342,7 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
 
     assertThat(
         childBalancer.addresses.get(0).getAttributes()
-            .get(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT)).isEqualTo(100);
+            .get(XdsAttributes.ATTR_LOCALITY_WEIGHT)).isEqualTo(100);
   }
 
   @Test
@@ -368,7 +368,7 @@ public void edsClustersEndpointHostname_addedToAddressAttribute() {
 
     assertThat(
         childBalancer.addresses.get(0).getAttributes()
-            .get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo("hostname1");
+            .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo("hostname1");
   }
 
 
@@ -468,16 +468,16 @@ public void onlyEdsClusters_receivedEndpoints() {
     assertThat(childProvider3.getPolicyName()).isEqualTo("round_robin");
 
     for (EquivalentAddressGroup eag : childBalancer.addresses) {
-      if (eag.getAttributes().get(InternalXdsAttributes.ATTR_LOCALITY) == locality1) {
-        assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT))
+      if (eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY) == locality1) {
+        assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY_WEIGHT))
             .isEqualTo(70);
       }
-      if (eag.getAttributes().get(InternalXdsAttributes.ATTR_LOCALITY) == locality2) {
-        assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT))
+      if (eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY) == locality2) {
+        assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY_WEIGHT))
             .isEqualTo(10);
       }
-      if (eag.getAttributes().get(InternalXdsAttributes.ATTR_LOCALITY) == locality3) {
-        assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT))
+      if (eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY) == locality3) {
+        assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY_WEIGHT))
             .isEqualTo(20);
       }
     }
@@ -659,7 +659,7 @@ public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
 
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     for (EquivalentAddressGroup eag : childBalancer.addresses) {
-      assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_LOCALITY)).isEqualTo(locality2);
+      assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY)).isEqualTo(locality2);
     }
   }
 
@@ -740,9 +740,9 @@ public void onlyLogicalDnsCluster_endpointsResolved() {
         Collections.<DropOverload>emptyList(), "pick_first");
     assertAddressesEqual(Arrays.asList(endpoint1, endpoint2), childBalancer.addresses);
     assertThat(childBalancer.addresses.get(0).getAttributes()
-        .get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
+        .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
     assertThat(childBalancer.addresses.get(1).getAttributes()
-        .get(InternalXdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
+        .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
 
   }
 
@@ -1068,7 +1068,7 @@ private void deliverLbConfig(ClusterResolverConfig config) {
             .setAttributes(
                 // Other attributes not used by cluster_resolver LB are omitted.
                 Attributes.newBuilder()
-                    .set(InternalXdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+                    .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
                     .build())
             .setLoadBalancingPolicyConfig(config)
             .build());
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
index 50c2ef1d549..65fc1527b0c 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
@@ -1084,7 +1084,7 @@ private static List<EquivalentAddressGroup> createWeightedServerAddrs(long... we
     for (int i = 0; i < weights.length; i++) {
       SocketAddress addr = new FakeSocketAddress("server" + i);
       Attributes attr = Attributes.newBuilder().set(
-          InternalXdsAttributes.ATTR_SERVER_WEIGHT, weights[i]).build();
+          XdsAttributes.ATTR_SERVER_WEIGHT, weights[i]).build();
       EquivalentAddressGroup eag = new EquivalentAddressGroup(addr, attr);
       addrs.add(eag);
     }
diff --git a/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
index fcf8c826d86..a87d881563c 100644
--- a/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
@@ -185,7 +185,7 @@ public void localityWeightAttributeNotPropagated() {
     verify(mockWeightedTargetLb).handleResolvedAddresses(resolvedAddressesCaptor.capture());
 
     //assertThat(resolvedAddressesCaptor.getValue().getAttributes()
-    //    .get(InternalXdsAttributes.ATTR_LOCALITY_WEIGHTS)).isNull();
+    //    .get(XdsAttributes.ATTR_LOCALITY_WEIGHTS)).isNull();
   }
 
   @Test
@@ -254,9 +254,9 @@ public String toString() {
     }
 
     Attributes.Builder attrBuilder = Attributes.newBuilder()
-        .set(InternalXdsAttributes.ATTR_LOCALITY_NAME, locality);
+        .set(XdsAttributes.ATTR_LOCALITY_NAME, locality);
     if (localityWeight != null) {
-      attrBuilder.set(InternalXdsAttributes.ATTR_LOCALITY_WEIGHT, localityWeight);
+      attrBuilder.set(XdsAttributes.ATTR_LOCALITY_WEIGHT, localityWeight);
     }
 
     EquivalentAddressGroup eag = new EquivalentAddressGroup(new FakeSocketAddress(name),
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 6f4c1503cee..d895cecdb10 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -755,8 +755,8 @@ public void resolved_simpleCallFailedToRoute_routeWithNonForwardingAction() {
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster2),
         (Map<String, ?>) result.getServiceConfig().getConfig());
-    assertThat(result.getAttributes().get(InternalXdsAttributes.XDS_CLIENT_POOL)).isNotNull();
-    assertThat(result.getAttributes().get(InternalXdsAttributes.CALL_COUNTER_PROVIDER)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.CALL_COUNTER_PROVIDER)).isNotNull();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     // Simulates making a call1 RPC.
     Result selectResult = configSelector.selectConfig(
@@ -1156,7 +1156,7 @@ public void resolved_simpleCallSucceeds_routeToWeightedCluster() {
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2), (Map<String, ?>) result.getServiceConfig().getConfig());
-    assertThat(result.getAttributes().get(InternalXdsAttributes.XDS_CLIENT_POOL)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL)).isNotNull();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     assertCallSelectClusterResult(call1, configSelector, cluster2, 20.0);
     assertCallSelectClusterResult(call1, configSelector, cluster1, 20.0);
@@ -1207,7 +1207,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
                 ImmutableList.of(ImmutableMap.of("rls_experimental", expectedRlsLbConfig)))));
     assertThat(clusterManagerLbConfig).isEqualTo(expectedClusterManagerLbConfig);
 
-    assertThat(result.getAttributes().get(InternalXdsAttributes.XDS_CLIENT_POOL)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL)).isNotNull();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     assertCallSelectRlsPluginResult(
         call1, configSelector, "rls-plugin-foo", 20.0);
@@ -1345,8 +1345,8 @@ private InternalConfigSelector resolveToClusters() {
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2), (Map<String, ?>) result.getServiceConfig().getConfig());
-    assertThat(result.getAttributes().get(InternalXdsAttributes.XDS_CLIENT_POOL)).isNotNull();
-    assertThat(result.getAttributes().get(InternalXdsAttributes.CALL_COUNTER_PROVIDER)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.CALL_COUNTER_PROVIDER)).isNotNull();
     return result.getAttributes().get(InternalConfigSelector.KEY);
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index 6915ac6c13e..cd3ef293369 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -70,6 +70,7 @@
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.internal.Matchers.HeaderMatcher;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
+import io.grpc.xds.internal.security.SecurityProtocolNegotiators;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import io.grpc.xds.internal.security.TlsContextManagerImpl;
 import io.grpc.xds.internal.security.certprovider.FileWatcherCertificateProviderProvider;
@@ -653,7 +654,7 @@ private SimpleServiceGrpc.SimpleServiceBlockingStub getBlockingStub(
     Attributes attrs =
         (upstreamTlsContext != null)
             ? Attributes.newBuilder()
-                .set(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
+                .set(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
                     new SslContextProviderSupplier(
                         upstreamTlsContext, tlsContextManagerForClient))
                 .build()
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
index 955c812233a..a0139618f9f 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
@@ -47,7 +47,6 @@
 import io.grpc.netty.ProtocolNegotiationEvent;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
-import io.grpc.xds.InternalXdsAttributes;
 import io.grpc.xds.TlsContextManager;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
@@ -134,7 +133,7 @@ public void clientSecurityProtocolNegotiatorNewHandler_withTlsContextAttribute()
     when(mockHandler.getEagAttributes())
         .thenReturn(
             Attributes.newBuilder()
-                .set(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
+                .set(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
                     new SslContextProviderSupplier(upstreamTlsContext, mockTlsContextManager))
                 .build());
     ChannelHandler newHandler = pn.newHandler(mockHandler);

From 6c12c2bd2438551dc19bd941d158c065eed9e37c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 6 Jan 2025 10:24:42 -0800
Subject: [PATCH 135/591] xds: Remember nonces for unknown types

If the control plane sends a resource type the client doesn't understand
at-the-moment, the control plane will still expect the client to include
the nonce if the client subscribes to the type in the future.

This most easily happens when unsubscribing the last resource of a type.
Which meant 1cf1927d1 was insufficient.
---
 .../main/java/io/grpc/xds/client/ControlPlaneClient.java  | 8 ++++----
 .../test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java  | 5 ++++-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index 878f1686a89..278bf8b80e8 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -309,7 +309,7 @@ private class AdsStream implements XdsTransportFactory.EventHandler<DiscoveryRes
     private boolean responseReceived;
     private boolean sentInitialRequest;
     private boolean closed;
-    // Response nonce for the most recently received discovery responses of each resource type.
+    // Response nonce for the most recently received discovery responses of each resource type URL.
     // Client initiated requests start response nonce with empty string.
     // Nonce in each response is echoed back in the following ACK/NACK request. It is
     // used for management server to identify which response the client is ACKing/NACking.
@@ -318,7 +318,7 @@ private class AdsStream implements XdsTransportFactory.EventHandler<DiscoveryRes
     // map; nonces are only discarded once the stream closes because xds_protocol says "the
     // management server should not send a DiscoveryResponse for any DiscoveryRequest that has a
     // stale nonce."
-    private final Map<XdsResourceType<?>, String> respNonces = new HashMap<>();
+    private final Map<String, String> respNonces = new HashMap<>();
     private final StreamingCall<DiscoveryRequest, DiscoveryResponse> call;
     private final MethodDescriptor<DiscoveryRequest, DiscoveryResponse> methodDescriptor =
         AggregatedDiscoveryServiceGrpc.getStreamAggregatedResourcesMethod();
@@ -369,7 +369,7 @@ void sendDiscoveryRequest(XdsResourceType<?> type, String versionInfo,
     final void sendDiscoveryRequest(XdsResourceType<?> type, Collection<String> resources) {
       logger.log(XdsLogLevel.INFO, "Sending {0} request for resources: {1}", type, resources);
       sendDiscoveryRequest(type, versions.getOrDefault(type, ""), resources,
-          respNonces.getOrDefault(type, ""), null);
+          respNonces.getOrDefault(type.typeUrl(), ""), null);
     }
 
     @Override
@@ -400,6 +400,7 @@ public void run() {
           boolean isFirstResponse = !responseReceived;
           responseReceived = true;
           inError = false;
+          respNonces.put(response.getTypeUrl(), response.getNonce());
 
           XdsResourceType<?> type = fromTypeUrl(response.getTypeUrl());
           if (logger.isLoggable(XdsLogLevel.DEBUG)) {
@@ -433,7 +434,6 @@ final void handleRpcResponse(XdsResourceType<?> type, String versionInfo, List<A
                                  String nonce, boolean isFirstResponse) {
       checkNotNull(type, "type");
 
-      respNonces.put(type, nonce);
       ProcessingTracker processingTracker = new ProcessingTracker(
           () -> call.startRecvMessage(), syncContext);
       xdsResponseHandler.handleResourceResponse(type, serverInfo, versionInfo, resources, nonce,
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 9a80e3c36b6..00fbfe669af 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -2898,10 +2898,13 @@ public void edsCleanupNonceAfterUnsubscription() {
     xdsClient.cancelXdsResourceWatch(XdsEndpointResource.getInstance(), "A.1", edsResourceWatcher);
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 0);
     call.verifyRequest(EDS, Arrays.asList(), VERSION_1, "0000", NODE);
+    // The control plane can send an updated response for the empty subscription list, with a new
+    // nonce.
+    call.sendResponse(EDS, Arrays.asList(), VERSION_1, "0001");
 
     // When re-subscribing, the version was forgotten but not the nonce
     xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), "A.1", edsResourceWatcher);
-    call.verifyRequest(EDS, "A.1", "", "0000", NODE, Mockito.timeout(2000));
+    call.verifyRequest(EDS, "A.1", "", "0001", NODE, Mockito.timeout(2000));
   }
 
   @Test

From 4222f77587a0f740d5d135197cd3209c07d53c3e Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Mon, 6 Jan 2025 13:09:42 -0800
Subject: [PATCH 136/591] xds:Move creating the retry timer in
 handleRpcStreamClosed to as late as possible and call close() (#11776)

* Move creating the retry timer in handleRpcStreamClosed to as late as possible and call `close` so that the `call` is cancelled.
Also add some debug logging.
---
 .../java/io/grpc/internal/AbstractStream.java | 10 +++++++++
 .../grpc/xds/client/ControlPlaneClient.java   | 22 +++++++++----------
 .../io/grpc/xds/client/XdsClientImpl.java     |  5 +++++
 3 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/AbstractStream.java b/core/src/main/java/io/grpc/internal/AbstractStream.java
index 9efc488657b..56f540d623f 100644
--- a/core/src/main/java/io/grpc/internal/AbstractStream.java
+++ b/core/src/main/java/io/grpc/internal/AbstractStream.java
@@ -27,6 +27,8 @@
 import io.perfmark.PerfMark;
 import io.perfmark.TaskCloseable;
 import java.io.InputStream;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import javax.annotation.concurrent.GuardedBy;
 
 /**
@@ -34,6 +36,8 @@
  * application thread.
  */
 public abstract class AbstractStream implements Stream {
+  private static final Logger log = Logger.getLogger(AbstractStream.class.getName());
+
   /** The framer to use for sending messages. */
   protected abstract Framer framer();
 
@@ -371,6 +375,12 @@ private void notifyIfReady() {
       boolean doNotify;
       synchronized (onReadyLock) {
         doNotify = isReady();
+        if (!doNotify && log.isLoggable(Level.FINEST)) {
+          log.log(Level.FINEST,
+              "Stream not ready so skip notifying listener.\n"
+                  + "details: allocated/deallocated:{0}/{3}, sent queued: {1}, ready thresh: {2}",
+              new Object[] {allocated, numSentBytesQueued, onReadyThreshold, deallocated});
+        }
       }
       if (doNotify) {
         listener().onReady();
diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index 278bf8b80e8..d05942914dc 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -453,16 +453,6 @@ private void handleRpcStreamClosed(Status status) {
         stopwatch.reset();
       }
 
-      // FakeClock in tests isn't thread-safe. Schedule the retry timer before notifying callbacks
-      // to avoid TSAN races, since tests may wait until callbacks are called but then would run
-      // concurrently with the stopwatch and schedule.
-
-      long elapsed = stopwatch.elapsed(TimeUnit.NANOSECONDS);
-      long delayNanos = Math.max(0, retryBackoffPolicy.nextBackoffNanos() - elapsed);
-
-      rpcRetryTimer =
-          syncContext.schedule(new RpcRetryTask(), delayNanos, TimeUnit.NANOSECONDS, timeService);
-
       Status newStatus = status;
       if (responseReceived) {
         // A closed ADS stream after a successful response is not considered an error. Servers may
@@ -490,9 +480,17 @@ private void handleRpcStreamClosed(Status status) {
             newStatus.getCode(), newStatus.getDescription(), newStatus.getCause());
       }
 
-      closed = true;
+      close(newStatus.asException());
+
+      // FakeClock in tests isn't thread-safe. Schedule the retry timer before notifying callbacks
+      // to avoid TSAN races, since tests may wait until callbacks are called but then would run
+      // concurrently with the stopwatch and schedule.
+      long elapsed = stopwatch.elapsed(TimeUnit.NANOSECONDS);
+      long delayNanos = Math.max(0, retryBackoffPolicy.nextBackoffNanos() - elapsed);
+      rpcRetryTimer =
+          syncContext.schedule(new RpcRetryTask(), delayNanos, TimeUnit.NANOSECONDS, timeService);
+
       xdsResponseHandler.handleStreamClosed(newStatus, !responseReceived);
-      cleanUp();
     }
 
     private void close(Exception error) {
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 791ba3cc62d..4304d1d9e6f 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -444,6 +444,9 @@ private Set<String> getResourceKeys(XdsResourceType<?> xdsResourceType) {
   // cpcForThisStream is null when doing shutdown
   private void cleanUpResourceTimers(ControlPlaneClient cpcForThisStream) {
     Collection<String> authoritiesForCpc = getActiveAuthorities(cpcForThisStream);
+    String target = cpcForThisStream == null ? "null" : cpcForThisStream.getServerInfo().target();
+    logger.log(XdsLogLevel.DEBUG, "Cleaning up resource timers for CPC {0}, authorities {1}",
+        target, authoritiesForCpc);
 
     for (Map<String, ResourceSubscriber<?>> subscriberMap : resourceSubscribers.values()) {
       for (ResourceSubscriber<?> subscriber : subscriberMap.values()) {
@@ -957,6 +960,8 @@ public void handleStreamClosed(Status status, boolean shouldTryFallback) {
 
       ControlPlaneClient cpcClosed = serverCpClientMap.get(serverInfo);
       if (cpcClosed == null) {
+        logger.log(XdsLogLevel.DEBUG,
+            "Couldn't find closing CPC for {0}, so skipping cleanup and reporting", serverInfo);
         return;
       }
 

From 1edc4d84d44ad08c0db589c5631890375a42eb45 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 7 Jan 2025 10:03:13 +0530
Subject: [PATCH 137/591] xds: Parsing xDS Cluster Metadata (#11741)

---
 .../io/grpc/xds/GcpAuthenticationFilter.java  |  21 +++
 .../java/io/grpc/xds/MetadataRegistry.java    |  71 ++++++++
 .../java/io/grpc/xds/XdsClusterResource.java  |  65 ++++++-
 .../xds/internal/ProtobufJsonConverter.java   |  61 +++++++
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 170 ++++++++++++++++++
 .../internal/ProtobufJsonConverterTest.java   |  83 +++++++++
 6 files changed, 470 insertions(+), 1 deletion(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/MetadataRegistry.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/ProtobufJsonConverter.java
 create mode 100644 xds/src/test/java/io/grpc/xds/internal/ProtobufJsonConverterTest.java

diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index 4e242708e1f..6d05e8ffa95 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -22,6 +22,7 @@
 import com.google.protobuf.Any;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
+import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.Audience;
 import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig;
 import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.TokenCacheConfig;
 import io.grpc.CallCredentials;
@@ -36,6 +37,7 @@
 import io.grpc.Status;
 import io.grpc.auth.MoreCallCredentials;
 import io.grpc.xds.Filter.ClientInterceptorBuilder;
+import io.grpc.xds.MetadataRegistry.MetadataValueParser;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.concurrent.ScheduledExecutorService;
@@ -219,4 +221,23 @@ V getOrInsert(K key, Function<K, V> create) {
       return cache.computeIfAbsent(key, create);
     }
   }
+
+  static class AudienceMetadataParser implements MetadataValueParser {
+
+    @Override
+    public String getTypeUrl() {
+      return "type.googleapis.com/envoy.extensions.filters.http.gcp_authn.v3.Audience";
+    }
+
+    @Override
+    public String parse(Any any) throws InvalidProtocolBufferException {
+      Audience audience = any.unpack(Audience.class);
+      String url = audience.getUrl();
+      if (url.isEmpty()) {
+        throw new InvalidProtocolBufferException(
+            "Audience URL is empty. Metadata value must contain a valid URL.");
+      }
+      return url;
+    }
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/MetadataRegistry.java b/xds/src/main/java/io/grpc/xds/MetadataRegistry.java
new file mode 100644
index 00000000000..8243b6a6f0f
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/MetadataRegistry.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.protobuf.Any;
+import com.google.protobuf.InvalidProtocolBufferException;
+import io.grpc.xds.GcpAuthenticationFilter.AudienceMetadataParser;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Registry for parsing cluster metadata values.
+ *
+ * <p>This class maintains a mapping of type URLs to {@link MetadataValueParser} instances,
+ * allowing for the parsing of different metadata types.
+ */
+final class MetadataRegistry {
+  private static final MetadataRegistry INSTANCE = new MetadataRegistry();
+
+  private final Map<String, MetadataValueParser> supportedParsers = new HashMap<>();
+
+  private MetadataRegistry() {
+    registerParser(new AudienceMetadataParser());
+  }
+
+  static MetadataRegistry getInstance() {
+    return INSTANCE;
+  }
+
+  MetadataValueParser findParser(String typeUrl) {
+    return supportedParsers.get(typeUrl);
+  }
+
+  @VisibleForTesting
+  void registerParser(MetadataValueParser parser) {
+    supportedParsers.put(parser.getTypeUrl(), parser);
+  }
+
+  void removeParser(MetadataValueParser parser) {
+    supportedParsers.remove(parser.getTypeUrl());
+  }
+
+  interface MetadataValueParser {
+
+    String getTypeUrl();
+
+    /**
+     * Parses the given {@link Any} object into a specific metadata value.
+     *
+     * @param any the {@link Any} object to parse.
+     * @return the parsed metadata value.
+     * @throws InvalidProtocolBufferException if the parsing fails.
+     */
+    Object parse(Any any) throws InvalidProtocolBufferException;
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index 1afe865d10a..626d61c1f55 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -25,6 +25,7 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.protobuf.Any;
 import com.google.protobuf.Duration;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
@@ -32,6 +33,7 @@
 import com.google.protobuf.util.Durations;
 import io.envoyproxy.envoy.config.cluster.v3.CircuitBreakers.Thresholds;
 import io.envoyproxy.envoy.config.cluster.v3.Cluster;
+import io.envoyproxy.envoy.config.core.v3.Metadata;
 import io.envoyproxy.envoy.config.core.v3.RoutingPriority;
 import io.envoyproxy.envoy.config.core.v3.SocketAddress;
 import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
@@ -44,12 +46,15 @@
 import io.grpc.internal.ServiceConfigUtil.LbConfig;
 import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
+import io.grpc.xds.MetadataRegistry.MetadataValueParser;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.client.XdsClient.ResourceUpdate;
 import io.grpc.xds.client.XdsResourceType;
+import io.grpc.xds.internal.ProtobufJsonConverter;
 import io.grpc.xds.internal.security.CommonTlsContextUtil;
 import java.util.List;
 import java.util.Locale;
+import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nullable;
 
@@ -171,9 +176,62 @@ static CdsUpdate processCluster(Cluster cluster,
     updateBuilder.filterMetadata(
         ImmutableMap.copyOf(cluster.getMetadata().getFilterMetadataMap()));
 
+    try {
+      ImmutableMap<String, Object> parsedFilterMetadata =
+          parseClusterMetadata(cluster.getMetadata());
+      updateBuilder.parsedMetadata(parsedFilterMetadata);
+    } catch (InvalidProtocolBufferException e) {
+      throw new ResourceInvalidException(
+          "Failed to parse xDS filter metadata for cluster '" + cluster.getName() + "': "
+              + e.getMessage(), e);
+    }
+
     return updateBuilder.build();
   }
 
+  /**
+   * Parses cluster metadata into a structured map.
+   *
+   * <p>Values in {@code typed_filter_metadata} take precedence over
+   * {@code filter_metadata} when keys overlap, following Envoy API behavior. See
+   * <a href="https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/core/v3/base.proto#L217-L259">
+   *   Envoy metadata documentation </a> for details.
+   *
+   * @param metadata the {@link Metadata} containing the fields to parse.
+   * @return an immutable map of parsed metadata.
+   * @throws InvalidProtocolBufferException if parsing {@code typed_filter_metadata} fails.
+   */
+  private static ImmutableMap<String, Object> parseClusterMetadata(Metadata metadata)
+      throws InvalidProtocolBufferException {
+    ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
+
+    MetadataRegistry registry = MetadataRegistry.getInstance();
+    // Process typed_filter_metadata
+    for (Map.Entry<String, Any> entry : metadata.getTypedFilterMetadataMap().entrySet()) {
+      String key = entry.getKey();
+      Any value = entry.getValue();
+      MetadataValueParser parser = registry.findParser(value.getTypeUrl());
+      if (parser != null) {
+        Object parsedValue = parser.parse(value);
+        parsedMetadata.put(key, parsedValue);
+      }
+    }
+    // building once to reuse in the next loop
+    ImmutableMap<String, Object> intermediateParsedMetadata = parsedMetadata.build();
+
+    // Process filter_metadata for remaining keys
+    for (Map.Entry<String, Struct> entry : metadata.getFilterMetadataMap().entrySet()) {
+      String key = entry.getKey();
+      if (!intermediateParsedMetadata.containsKey(key)) {
+        Struct structValue = entry.getValue();
+        Object jsonValue = ProtobufJsonConverter.convertToJson(structValue);
+        parsedMetadata.put(key, jsonValue);
+      }
+    }
+
+    return parsedMetadata.build();
+  }
+
   private static StructOrError<CdsUpdate.Builder> parseAggregateCluster(Cluster cluster) {
     String clusterName = cluster.getName();
     Cluster.CustomClusterType customType = cluster.getClusterType();
@@ -573,13 +631,16 @@ abstract static class CdsUpdate implements ResourceUpdate {
 
     abstract ImmutableMap<String, Struct> filterMetadata();
 
+    abstract ImmutableMap<String, Object> parsedMetadata();
+
     private static Builder newBuilder(String clusterName) {
       return new AutoValue_XdsClusterResource_CdsUpdate.Builder()
           .clusterName(clusterName)
           .minRingSize(0)
           .maxRingSize(0)
           .choiceCount(0)
-          .filterMetadata(ImmutableMap.of());
+          .filterMetadata(ImmutableMap.of())
+          .parsedMetadata(ImmutableMap.of());
     }
 
     static Builder forAggregate(String clusterName, List<String> prioritizedClusterNames) {
@@ -698,6 +759,8 @@ Builder leastRequestLbPolicy(Integer choiceCount) {
 
       protected abstract Builder filterMetadata(ImmutableMap<String, Struct> filterMetadata);
 
+      protected abstract Builder parsedMetadata(ImmutableMap<String, Object> parsedMetadata);
+
       abstract CdsUpdate build();
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/internal/ProtobufJsonConverter.java b/xds/src/main/java/io/grpc/xds/internal/ProtobufJsonConverter.java
new file mode 100644
index 00000000000..964c28c57e0
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/ProtobufJsonConverter.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal;
+
+import com.google.protobuf.Struct;
+import com.google.protobuf.Value;
+import io.grpc.Internal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/**
+ * Converter for Protobuf {@link Struct} to JSON-like {@link Map}.
+ */
+@Internal
+public final class ProtobufJsonConverter {
+  private ProtobufJsonConverter() {}
+
+  public static Map<String, Object> convertToJson(Struct struct) {
+    Map<String, Object> result = new HashMap<>();
+    for (Map.Entry<String, Value> entry : struct.getFieldsMap().entrySet()) {
+      result.put(entry.getKey(), convertValue(entry.getValue()));
+    }
+    return result;
+  }
+
+  private static Object convertValue(Value value) {
+    switch (value.getKindCase()) {
+      case STRUCT_VALUE:
+        return convertToJson(value.getStructValue());
+      case LIST_VALUE:
+        return value.getListValue().getValuesList().stream()
+            .map(ProtobufJsonConverter::convertValue)
+            .collect(Collectors.toList());
+      case NUMBER_VALUE:
+        return value.getNumberValue();
+      case STRING_VALUE:
+        return value.getStringValue();
+      case BOOL_VALUE:
+        return value.getBoolValue();
+      case NULL_VALUE:
+        return null;
+      default:
+        throw new IllegalArgumentException("Unknown Value type: " + value.getKindCase());
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 6b905c4e2ba..654e85143b8 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -50,6 +50,7 @@
 import io.envoyproxy.envoy.config.core.v3.DataSource;
 import io.envoyproxy.envoy.config.core.v3.HttpProtocolOptions;
 import io.envoyproxy.envoy.config.core.v3.Locality;
+import io.envoyproxy.envoy.config.core.v3.Metadata;
 import io.envoyproxy.envoy.config.core.v3.PathConfigSource;
 import io.envoyproxy.envoy.config.core.v3.RuntimeFractionalPercent;
 import io.envoyproxy.envoy.config.core.v3.SelfConfigSource;
@@ -84,6 +85,7 @@
 import io.envoyproxy.envoy.extensions.filters.common.fault.v3.FaultDelay;
 import io.envoyproxy.envoy.extensions.filters.http.fault.v3.FaultAbort;
 import io.envoyproxy.envoy.extensions.filters.http.fault.v3.HTTPFault;
+import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.Audience;
 import io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBACPerRoute;
 import io.envoyproxy.envoy.extensions.filters.http.router.v3.Router;
 import io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager;
@@ -127,6 +129,7 @@
 import io.grpc.xds.Endpoints.LbEndpoint;
 import io.grpc.xds.Endpoints.LocalityLbEndpoints;
 import io.grpc.xds.Filter.FilterConfig;
+import io.grpc.xds.MetadataRegistry.MetadataValueParser;
 import io.grpc.xds.RouteLookupServiceClusterSpecifierPlugin.RlsPluginConfig;
 import io.grpc.xds.VirtualHost.Route;
 import io.grpc.xds.VirtualHost.Route.RouteAction;
@@ -2341,6 +2344,173 @@ public void parseCluster_validateEdsSourceConfig() throws ResourceInvalidExcepti
         LoadBalancerRegistry.getDefaultRegistry());
   }
 
+  @Test
+  public void processCluster_parsesMetadata()
+      throws ResourceInvalidException, InvalidProtocolBufferException {
+    MetadataRegistry metadataRegistry = MetadataRegistry.getInstance();
+
+    MetadataValueParser testParser =
+        new MetadataValueParser() {
+          @Override
+          public String getTypeUrl() {
+            return "type.googleapis.com/test.Type";
+          }
+
+          @Override
+          public Object parse(Any value) {
+            assertThat(value.getValue().toStringUtf8()).isEqualTo("test");
+            return value.getValue().toStringUtf8() + "_processed";
+          }
+        };
+    metadataRegistry.registerParser(testParser);
+
+    Any typedFilterMetadata = Any.newBuilder()
+        .setTypeUrl("type.googleapis.com/test.Type")
+        .setValue(ByteString.copyFromUtf8("test"))
+        .build();
+
+    Struct filterMetadata = Struct.newBuilder()
+        .putFields("key1", Value.newBuilder().setStringValue("value1").build())
+        .putFields("key2", Value.newBuilder().setNumberValue(42).build())
+        .build();
+
+    Metadata metadata = Metadata.newBuilder()
+        .putTypedFilterMetadata("TYPED_FILTER_METADATA", typedFilterMetadata)
+        .putFilterMetadata("FILTER_METADATA", filterMetadata)
+        .build();
+
+    Cluster cluster = Cluster.newBuilder()
+        .setName("cluster-foo.googleapis.com")
+        .setType(DiscoveryType.EDS)
+        .setEdsClusterConfig(
+            EdsClusterConfig.newBuilder()
+                .setEdsConfig(
+                    ConfigSource.newBuilder()
+                        .setAds(AggregatedConfigSource.getDefaultInstance()))
+                .setServiceName("service-foo.googleapis.com"))
+        .setLbPolicy(LbPolicy.ROUND_ROBIN)
+        .setMetadata(metadata)
+        .build();
+
+    CdsUpdate update = XdsClusterResource.processCluster(
+        cluster, null, LRS_SERVER_INFO,
+        LoadBalancerRegistry.getDefaultRegistry());
+
+    ImmutableMap<String, Object> expectedParsedMetadata = ImmutableMap.of(
+        "TYPED_FILTER_METADATA", "test_processed",
+        "FILTER_METADATA", ImmutableMap.of(
+            "key1", "value1",
+            "key2", 42.0));
+    assertThat(update.parsedMetadata()).isEqualTo(expectedParsedMetadata);
+    metadataRegistry.removeParser(testParser);
+  }
+
+  @Test
+  public void processCluster_parsesAudienceMetadata()
+      throws ResourceInvalidException, InvalidProtocolBufferException {
+    MetadataRegistry.getInstance();
+
+    Audience audience = Audience.newBuilder()
+        .setUrl("https://example.com")
+        .build();
+
+    Any audienceMetadata = Any.newBuilder()
+        .setTypeUrl("type.googleapis.com/envoy.extensions.filters.http.gcp_authn.v3.Audience")
+        .setValue(audience.toByteString())
+        .build();
+
+    Struct filterMetadata = Struct.newBuilder()
+        .putFields("key1", Value.newBuilder().setStringValue("value1").build())
+        .putFields("key2", Value.newBuilder().setNumberValue(42).build())
+        .build();
+
+    Metadata metadata = Metadata.newBuilder()
+        .putTypedFilterMetadata("AUDIENCE_METADATA", audienceMetadata)
+        .putFilterMetadata("FILTER_METADATA", filterMetadata)
+        .build();
+
+    Cluster cluster = Cluster.newBuilder()
+        .setName("cluster-foo.googleapis.com")
+        .setType(DiscoveryType.EDS)
+        .setEdsClusterConfig(
+            EdsClusterConfig.newBuilder()
+                .setEdsConfig(
+                    ConfigSource.newBuilder()
+                        .setAds(AggregatedConfigSource.getDefaultInstance()))
+                .setServiceName("service-foo.googleapis.com"))
+        .setLbPolicy(LbPolicy.ROUND_ROBIN)
+        .setMetadata(metadata)
+        .build();
+
+    CdsUpdate update = XdsClusterResource.processCluster(
+        cluster, null, LRS_SERVER_INFO,
+        LoadBalancerRegistry.getDefaultRegistry());
+
+    ImmutableMap<String, Object> expectedParsedMetadata = ImmutableMap.of(
+        "AUDIENCE_METADATA", "https://example.com",
+        "FILTER_METADATA", ImmutableMap.of(
+            "key1", "value1",
+            "key2", 42.0));
+    assertThat(update.parsedMetadata()).isEqualTo(expectedParsedMetadata);
+  }
+
+  @Test
+  public void processCluster_metadataKeyCollision_resolvesToTypedMetadata()
+      throws ResourceInvalidException, InvalidProtocolBufferException {
+    MetadataRegistry metadataRegistry = MetadataRegistry.getInstance();
+
+    MetadataValueParser testParser =
+        new MetadataValueParser() {
+          @Override
+          public String getTypeUrl() {
+            return "type.googleapis.com/test.Type";
+          }
+
+          @Override
+          public Object parse(Any value) {
+            return "typedMetadataValue";
+          }
+        };
+    metadataRegistry.registerParser(testParser);
+
+    Any typedFilterMetadata = Any.newBuilder()
+        .setTypeUrl("type.googleapis.com/test.Type")
+        .setValue(ByteString.copyFromUtf8("test"))
+        .build();
+
+    Struct filterMetadata = Struct.newBuilder()
+        .putFields("key1", Value.newBuilder().setStringValue("filterMetadataValue").build())
+        .build();
+
+    Metadata metadata = Metadata.newBuilder()
+        .putTypedFilterMetadata("key1", typedFilterMetadata)
+        .putFilterMetadata("key1", filterMetadata)
+        .build();
+
+    Cluster cluster = Cluster.newBuilder()
+        .setName("cluster-foo.googleapis.com")
+        .setType(DiscoveryType.EDS)
+        .setEdsClusterConfig(
+            EdsClusterConfig.newBuilder()
+                .setEdsConfig(
+                    ConfigSource.newBuilder()
+                        .setAds(AggregatedConfigSource.getDefaultInstance()))
+                .setServiceName("service-foo.googleapis.com"))
+        .setLbPolicy(LbPolicy.ROUND_ROBIN)
+        .setMetadata(metadata)
+        .build();
+
+    CdsUpdate update = XdsClusterResource.processCluster(
+        cluster, null, LRS_SERVER_INFO,
+        LoadBalancerRegistry.getDefaultRegistry());
+
+    ImmutableMap<String, Object> expectedParsedMetadata = ImmutableMap.of(
+        "key1", "typedMetadataValue");
+    assertThat(update.parsedMetadata()).isEqualTo(expectedParsedMetadata);
+    metadataRegistry.removeParser(testParser);
+  }
+
+
   @Test
   public void parseServerSideListener_invalidTrafficDirection() throws ResourceInvalidException {
     Listener listener =
diff --git a/xds/src/test/java/io/grpc/xds/internal/ProtobufJsonConverterTest.java b/xds/src/test/java/io/grpc/xds/internal/ProtobufJsonConverterTest.java
new file mode 100644
index 00000000000..86f9be4dda8
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/internal/ProtobufJsonConverterTest.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertEquals;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.protobuf.ListValue;
+import com.google.protobuf.Struct;
+import com.google.protobuf.Value;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class ProtobufJsonConverterTest {
+
+  @Test
+  public void testEmptyStruct() {
+    Struct emptyStruct = Struct.newBuilder().build();
+    Map<String, Object> result = ProtobufJsonConverter.convertToJson(emptyStruct);
+    assertThat(result).isEmpty();
+  }
+
+  @Test
+  public void testStructWithValues() {
+    Struct struct = Struct.newBuilder()
+        .putFields("stringKey", Value.newBuilder().setStringValue("stringValue").build())
+        .putFields("numberKey", Value.newBuilder().setNumberValue(123.45).build())
+        .putFields("boolKey", Value.newBuilder().setBoolValue(true).build())
+        .putFields("nullKey", Value.newBuilder().setNullValueValue(0).build())
+        .putFields("structKey", Value.newBuilder()
+            .setStructValue(Struct.newBuilder()
+                .putFields("nestedKey", Value.newBuilder().setStringValue("nestedValue").build())
+                .build())
+            .build())
+        .putFields("listKey", Value.newBuilder()
+            .setListValue(ListValue.newBuilder()
+                .addValues(Value.newBuilder().setNumberValue(1).build())
+                .addValues(Value.newBuilder().setStringValue("two").build())
+                .addValues(Value.newBuilder().setBoolValue(false).build())
+                .build())
+            .build())
+        .build();
+
+    Map<String, Object> result = ProtobufJsonConverter.convertToJson(struct);
+
+    Map<String, Object> goldenResult = new HashMap<>();
+    goldenResult.put("stringKey", "stringValue");
+    goldenResult.put("numberKey", 123.45);
+    goldenResult.put("boolKey", true);
+    goldenResult.put("nullKey", null);
+    goldenResult.put("structKey", ImmutableMap.of("nestedKey", "nestedValue"));
+    goldenResult.put("listKey", Arrays.asList(1.0, "two", false));
+
+    assertEquals(goldenResult, result);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUnknownValueType() {
+    Value unknownValue = Value.newBuilder().build(); // Default instance with no kind case set.
+    ProtobufJsonConverter.convertToJson(
+        Struct.newBuilder().putFields("unknownKey", unknownValue).build());
+  }
+}

From ae109727d37e210292a87a0fccb9fb3b829d8b72 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 7 Jan 2025 14:33:09 +0530
Subject: [PATCH 138/591] Start 1.71.0 development cycle (#11801)

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 33 files changed, 54 insertions(+), 54 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index edb5284a23d..4c7e1b3dca5 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.70.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.71.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 39d2b6ad289..09c78735776 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.70.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.71.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 01af7872648..e696def7b99 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.70.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.71.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index b82475642b0..c052093cbbc 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.70.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.71.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 8a65c7d6c2b..fc420195667 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.70.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.71.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index d279155b64e..7700b2248eb 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,12 +54,12 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index d56a447377b..0fb396bbe39 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index 1dceb21b5c9..1a8209913a2 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index 2bb696027fd..02b17c189f9 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,8 +53,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index 62428d7f81d..d4991f02f43 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 2a119c5b80d..17b2568c7ea 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index eeabbef9473..7701465dee2 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 2239bc03d5a..2976782a5d7 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 1e0879f38c4..a0f29660afc 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 3c7f14cacde..99f98cc5b48 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 844e86b71af..aea626a5193 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 0aeedccbda3..00e7ee0e3ad 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 40dd86e4ba1..5ccb5bb0d3a 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 8fe78c8b6ee..3c7b0587e8f 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index a8d1d994a40..9eb5f38c364 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index b22318f4d53..d7ac43e79ae 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 831486ca872..64ea928456b 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index f90da62fcd8..6c1e172b2e0 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 08d53a247c5..4de1183e0d7 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 22d42abf642..f01b362347a 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 4c6f4803014..2e0cbfbe0b6 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index a9fb615446c..ffa8295f849 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 2549f5eecc1..8c885d9cb99 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index df846ed42be..163276aec10 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 61a9706ebf6..87e37c5a3b1 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index e16ce1018a8..ade33ee8769 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index a1e2501a7b6..ef1bc185816 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.70.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 04cd792cd3e..6370ce7d56a 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.70.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.70.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->

From e61b03cb9f3575dff82b5adf19181b61b3d62f5e Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 7 Jan 2025 08:31:15 -0800
Subject: [PATCH 139/591] netty: Fix getAttributes() data races in
 NettyClientTransportTest

Since approximately the LBv2 API (the current API) was introduced, gRPC
won't use a transport until it is ready. Long ago, transports could be
used before they were ready and these old tests were not waiting for the
negotiator to complete before starting. We need them to wait for the
handshake to complete to avoid a test-only data race in getAttributes()
noticed by TSAN.

Throwing away data frames in the Noop handshaker is necessary to act
like a normal handshaker; they don't allow data frames to pass until the
handshake is complete. Without the handling, it goes through invalid
code paths in NettyClientHandler where a terminated transport becomes
ready, and a similar data race.

```
  Write of size 4 at 0x00008db31e2c by thread T37:
    #0 io.grpc.netty.NettyClientHandler.handleProtocolNegotiationCompleted(Lio/grpc/Attributes;Lio/grpc/InternalChannelz$Security;)V NettyClientHandler.java:517
    #1 io.grpc.netty.ProtocolNegotiators$GrpcNegotiationHandler.userEventTriggered(Lio/netty/channel/ChannelHandlerContext;Ljava/lang/Object;)V ProtocolNegotiators.java:937
    #2 io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(Ljava/lang/Object;)V AbstractChannelHandlerContext.java:398
    #3 io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(Lio/netty/channel/AbstractChannelHandlerContext;Ljava/lang/Object;)V AbstractChannelHandlerContext.java:376
    #4 io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(Ljava/lang/Object;)Lio/netty/channel/ChannelHandlerContext; AbstractChannelHandlerContext.java:368
    #5 io.grpc.netty.ProtocolNegotiators$ProtocolNegotiationHandler.fireProtocolNegotiationEvent(Lio/netty/channel/ChannelHandlerContext;)V ProtocolNegotiators.java:1107
    #6 io.grpc.netty.ProtocolNegotiators$WaitUntilActiveHandler.channelActive(Lio/netty/channel/ChannelHandlerContext;)V ProtocolNegotiators.java:1011
    ...

  Previous read of size 4 at 0x00008db31e2c by thread T4 (mutexes: write M0, write M1, write M2, write M3):
    #0 io.grpc.netty.NettyClientHandler.getAttributes()Lio/grpc/Attributes; NettyClientHandler.java:345
    #1 io.grpc.netty.NettyClientTransport.getAttributes()Lio/grpc/Attributes; NettyClientTransport.java:387
    #2 io.grpc.netty.NettyClientTransport.newStream(Lio/grpc/MethodDescriptor;Lio/grpc/Metadata;Lio/grpc/CallOptions;[Lio/grpc/ClientStreamTracer;)Lio/grpc/internal/ClientStream; NettyClientTransport.java:198
    #3 io.grpc.netty.NettyClientTransportTest$Rpc.<init>(Lio/grpc/netty/NettyClientTransport;Lio/grpc/Metadata;)V NettyClientTransportTest.java:953
    #4 io.grpc.netty.NettyClientTransportTest.huffmanCodingShouldNotBePerformed()V NettyClientTransportTest.java:631
    ...
```

```
  Read of size 4 at 0x00008f983a3c by thread T4 (mutexes: write M0, write M1):
    #0 io.grpc.netty.NettyClientHandler.getAttributes()Lio/grpc/Attributes; NettyClientHandler.java:345
    #1 io.grpc.netty.NettyClientTransport.getAttributes()Lio/grpc/Attributes; NettyClientTransport.java:387
    #2 io.grpc.netty.NettyClientTransport.newStream(Lio/grpc/MethodDescriptor;Lio/grpc/Metadata;Lio/grpc/CallOptions;[Lio/grpc/ClientStreamTracer;)Lio/grpc/internal/ClientStream; NettyClientTransport.java:198
    #3 io.grpc.netty.NettyClientTransportTest$Rpc.<init>(Lio/grpc/netty/NettyClientTransport;Lio/grpc/Metadata;)V NettyClientTransportTest.java:973
    #4 io.grpc.netty.NettyClientTransportTest$Rpc.<init>(Lio/grpc/netty/NettyClientTransport;)V NettyClientTransportTest.java:969
    #5 io.grpc.netty.NettyClientTransportTest.handlerExceptionDuringNegotiatonPropagatesToStatus()V NettyClientTransportTest.java:425
    ...

  Previous write of size 4 at 0x00008f983a3c by thread T56:
    #0 io.grpc.netty.NettyClientHandler$FrameListener.onSettingsRead(Lio/netty/channel/ChannelHandlerContext;Lio/netty/handler/codec/http2/Http2Settings;)V NettyClientHandler.java:960
    ...
```
---
 .../grpc/netty/NettyClientTransportTest.java  | 27 ++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index 8d0d656859f..d0a6456c430 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -37,6 +37,8 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.timeout;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import com.google.common.base.Optional;
@@ -95,6 +97,7 @@
 import io.netty.handler.ssl.ClientAuth;
 import io.netty.handler.ssl.SslContext;
 import io.netty.util.AsciiString;
+import io.netty.util.ReferenceCountUtil;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -187,6 +190,7 @@ public void addDefaultUserAgent() throws Exception {
     startServer();
     NettyClientTransport transport = newTransport(newNegotiator());
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
 
     // Send a single RPC and wait for the response.
     new Rpc(transport).halfClose().waitForResponse();
@@ -244,6 +248,7 @@ public void overrideDefaultUserAgent() throws Exception {
     NettyClientTransport transport = newTransport(newNegotiator(),
         DEFAULT_MAX_MESSAGE_SIZE, GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE, "testUserAgent", true);
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
 
     new Rpc(transport, new Metadata()).halfClose().waitForResponse();
 
@@ -261,6 +266,7 @@ public void maxMessageSizeShouldBeEnforced() throws Throwable {
     NettyClientTransport transport = newTransport(newNegotiator(),
         1, GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE, null, true);
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
 
     try {
       // Send a single RPC and wait for the response.
@@ -287,6 +293,7 @@ public void creatingMultipleTlsTransportsShouldSucceed() throws Exception {
       NettyClientTransport transport = newTransport(negotiator);
       callMeMaybe(transport.start(clientTransportListener));
     }
+    verify(clientTransportListener, timeout(5000).times(2)).transportReady();
 
     // Send a single RPC on each transport.
     final List<Rpc> rpcs = new ArrayList<>(transports.size());
@@ -316,6 +323,7 @@ public void run() {
             failureStatus.asRuntimeException());
       }
     });
+    verify(clientTransportListener, timeout(5000)).transportTerminated();
 
     Rpc rpc = new Rpc(transport).halfClose();
     try {
@@ -349,6 +357,7 @@ public void tlsNegotiationFailurePropagatesToStatus() throws Exception {
     ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext);
     final NettyClientTransport transport = newTransport(negotiator);
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportTerminated();
 
     Rpc rpc = new Rpc(transport).halfClose();
     try {
@@ -378,6 +387,7 @@ public void channelExceptionDuringNegotiatonPropagatesToStatus() throws Exceptio
     callMeMaybe(transport.start(clientTransportListener));
     final Status failureStatus = Status.UNAVAILABLE.withDescription("oh noes!");
     transport.channel().pipeline().fireExceptionCaught(failureStatus.asRuntimeException());
+    verify(clientTransportListener, timeout(5000)).transportTerminated();
 
     Rpc rpc = new Rpc(transport).halfClose();
     try {
@@ -409,6 +419,7 @@ public void run() {
         }
       }
     });
+    verify(clientTransportListener, timeout(5000)).transportTerminated();
 
     Rpc rpc = new Rpc(transport).halfClose();
     try {
@@ -428,6 +439,7 @@ public void bufferedStreamsShouldBeClosedWhenConnectionTerminates() throws Excep
 
     NettyClientTransport transport = newTransport(newNegotiator());
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
 
     // Send a dummy RPC in order to ensure that the updated SETTINGS_MAX_CONCURRENT_STREAMS
     // has been received by the remote endpoint.
@@ -579,6 +591,7 @@ public void maxHeaderListSizeShouldBeEnforcedOnClient() throws Exception {
     NettyClientTransport transport =
         newTransport(newNegotiator(), DEFAULT_MAX_MESSAGE_SIZE, 1, null, true);
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
 
     try {
       // Send a single RPC and wait for the response.
@@ -612,6 +625,7 @@ public void huffmanCodingShouldNotBePerformed() throws Exception {
         longStringOfA);
 
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
 
     AtomicBoolean foundExpectedHeaderBytes = new AtomicBoolean(false);
 
@@ -641,6 +655,7 @@ public void maxHeaderListSizeShouldBeEnforcedOnServer() throws Exception {
 
     NettyClientTransport transport = newTransport(newNegotiator());
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
 
     try {
       // Send a single RPC and wait for the response.
@@ -685,6 +700,7 @@ public void clientStreamGetsAttributes() throws Exception {
     startServer();
     NettyClientTransport transport = newTransport(newNegotiator());
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
     Rpc rpc = new Rpc(transport).halfClose();
     rpc.waitForResponse();
 
@@ -703,6 +719,7 @@ public void keepAliveEnabled() throws Exception {
     NettyClientTransport transport = newTransport(newNegotiator(), DEFAULT_MAX_MESSAGE_SIZE,
         GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE, null /* user agent */, true /* keep alive */);
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
     Rpc rpc = new Rpc(transport).halfClose();
     rpc.waitForResponse();
 
@@ -715,6 +732,7 @@ public void keepAliveDisabled() throws Exception {
     NettyClientTransport transport = newTransport(newNegotiator(), DEFAULT_MAX_MESSAGE_SIZE,
         GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE, null /* user agent */, false /* keep alive */);
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
     Rpc rpc = new Rpc(transport).halfClose();
     rpc.waitForResponse();
 
@@ -808,6 +826,7 @@ public void tlsNegotiationServerExecutorShouldSucceed() throws Exception {
     assertEquals(true, clientExecutorPool.isInUse());
     final NettyClientTransport transport = newTransport(negotiator);
     callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
     Rpc rpc = new Rpc(transport).halfClose();
     rpc.waitForResponse();
     // closing the negotiators should return the executors back to pool, and release the resource
@@ -1098,9 +1117,15 @@ public NoopHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       this.grpcHandler = grpcHandler;
     }
 
+    @Override
+    public void channelRead(ChannelHandlerContext ctx, Object msg) {
+      // Prevent any data being passed to NettyClientHandler
+      ReferenceCountUtil.release(msg);
+    }
+
     @Override
     public void channelRegistered(ChannelHandlerContext ctx) throws Exception {
-      ctx.pipeline().addBefore(ctx.name(), null, grpcHandler);
+      ctx.pipeline().addAfter(ctx.name(), null, grpcHandler);
     }
 
     public void fail(ChannelHandlerContext ctx, Throwable cause) {

From 73721acc0d341acd2a45e6edc040460ddf40ae5f Mon Sep 17 00:00:00 2001
From: Albumen Kevin <jhq0812@gmail.com>
Date: Fri, 10 Jan 2025 03:53:36 +0800
Subject: [PATCH 140/591] Add UnitTest to verify updateTrustCredentials rotate
 (#11798)

* Add lastUpdateTime to avoid read
---
 .../util/AdvancedTlsX509TrustManager.java     |  6 +--
 .../util/AdvancedTlsX509TrustManagerTest.java | 43 ++++++++++++++++++-
 2 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
index 088f4caa000..b4b9b25d1de 100644
--- a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
+++ b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
@@ -265,7 +265,7 @@ public Closeable updateTrustCredentials(File trustCertFile, long period, TimeUni
     }
     final ScheduledFuture<?> future =
         checkNotNull(executor, "executor").scheduleWithFixedDelay(
-            new LoadFilePathExecution(trustCertFile), period, period, unit);
+            new LoadFilePathExecution(trustCertFile, updatedTime), period, period, unit);
     return () -> future.cancel(false);
   }
 
@@ -312,9 +312,9 @@ private class LoadFilePathExecution implements Runnable {
     File file;
     long currentTime;
 
-    public LoadFilePathExecution(File file) {
+    public LoadFilePathExecution(File file, long currentTime) {
       this.file = file;
-      this.currentTime = 0;
+      this.currentTime = currentTime;
     }
 
     @Override
diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
index 91159d121ad..5ad0e85fa36 100644
--- a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
+++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
@@ -24,6 +24,7 @@
 import static org.mockito.Mockito.when;
 
 import com.google.common.collect.Iterables;
+import com.google.common.io.Files;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.testing.TestUtils;
 import io.grpc.testing.TlsTesting;
@@ -57,21 +58,28 @@ public class AdvancedTlsX509TrustManagerTest {
 
   private static final String CA_PEM_FILE = "ca.pem";
   private static final String SERVER_0_PEM_FILE = "server0.pem";
+  private static final String SERVER_1_PEM_FILE = "server1.pem";
   private File caCertFile;
   private File serverCert0File;
+  private File serverCert1File;
 
   private X509Certificate[] caCert;
   private X509Certificate[] serverCert0;
+  private X509Certificate[] serverCert1;
 
+  private FakeClock fakeClock;
   private ScheduledExecutorService executor;
 
   @Before
   public void setUp() throws IOException, GeneralSecurityException {
-    executor = new FakeClock().getScheduledExecutorService();
+    fakeClock = new FakeClock();
+    executor = fakeClock.getScheduledExecutorService();
     caCertFile = TestUtils.loadCert(CA_PEM_FILE);
     caCert = CertificateUtils.getX509Certificates(TlsTesting.loadCert(CA_PEM_FILE));
     serverCert0File = TestUtils.loadCert(SERVER_0_PEM_FILE);
     serverCert0 = CertificateUtils.getX509Certificates(TlsTesting.loadCert(SERVER_0_PEM_FILE));
+    serverCert1File = TestUtils.loadCert(SERVER_1_PEM_FILE);
+    serverCert1 = CertificateUtils.getX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
   }
 
   @Test
@@ -147,6 +155,39 @@ public void clientTrustedWithSocketTest() throws Exception {
     assertEquals("No handshake session", ce.getMessage());
   }
 
+  @Test
+  public void updateTrustCredentials_rotate() throws GeneralSecurityException, IOException {
+    AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build();
+    trustManager.updateTrustCredentials(serverCert0File);
+    assertArrayEquals(serverCert0, trustManager.getAcceptedIssuers());
+
+    trustManager.updateTrustCredentials(serverCert0File, 1, TimeUnit.MINUTES,
+        executor);
+    assertArrayEquals(serverCert0, trustManager.getAcceptedIssuers());
+
+    fakeClock.forwardTime(1, TimeUnit.MINUTES);
+    assertArrayEquals(serverCert0, trustManager.getAcceptedIssuers());
+
+    serverCert0File.setLastModified(serverCert0File.lastModified() - 10);
+
+    fakeClock.forwardTime(1, TimeUnit.MINUTES);
+    assertArrayEquals(serverCert0, trustManager.getAcceptedIssuers());
+
+    long beforeModify = serverCert0File.lastModified();
+    Files.copy(serverCert1File, serverCert0File);
+    serverCert0File.setLastModified(beforeModify);
+
+    // although file content changed, file modification time is not changed
+    fakeClock.forwardTime(1, TimeUnit.MINUTES);
+    assertArrayEquals(serverCert0, trustManager.getAcceptedIssuers());
+
+    serverCert0File.setLastModified(beforeModify + 10);
+
+    // file modification time changed
+    fakeClock.forwardTime(1, TimeUnit.MINUTES);
+    assertArrayEquals(serverCert1, trustManager.getAcceptedIssuers());
+  }
+
   private static class TestHandler extends Handler {
     private final List<LogRecord> records = new ArrayList<>();
 

From 7b5d0692cc70c02ae644deb648410c7e82e7ea45 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 9 Jan 2025 13:45:35 -0800
Subject: [PATCH 141/591] Replace jsr305's CheckReturnValue with Error Prone's
 (#11811)

We should avoid jsr305 and error prone's has the same semantics.

Fixes #8687
---
 api/src/main/java/io/grpc/CallOptions.java                      | 2 +-
 api/src/main/java/io/grpc/MethodDescriptor.java                 | 2 +-
 api/src/main/java/io/grpc/Status.java                           | 2 +-
 api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java  | 2 +-
 binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java    | 2 +-
 binder/src/main/java/io/grpc/binder/SecurityPolicy.java         | 2 +-
 binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java   | 2 +-
 .../src/main/java/io/grpc/binder/UntrustedSecurityPolicies.java | 2 +-
 .../src/main/java/io/grpc/binder/internal/BinderTransport.java  | 2 +-
 .../java/io/grpc/binder/internal/BinderTransportSecurity.java   | 2 +-
 core/src/main/java/io/grpc/internal/ClientTransportFactory.java | 2 +-
 core/src/main/java/io/grpc/internal/DelayedStream.java          | 2 +-
 core/src/main/java/io/grpc/internal/KeepAliveEnforcer.java      | 2 +-
 core/src/main/java/io/grpc/internal/ManagedClientTransport.java | 2 +-
 core/src/main/java/io/grpc/internal/RetriableStream.java        | 2 +-
 core/src/main/java/io/grpc/internal/TransportFrameUtil.java     | 2 +-
 .../src/main/java/io/grpc/inprocess/InProcessTransport.java     | 2 +-
 netty/src/main/java/io/grpc/netty/ProtocolNegotiationEvent.java | 2 +-
 netty/src/main/java/io/grpc/netty/Utils.java                    | 2 +-
 netty/src/main/java/io/grpc/netty/package-info.java             | 2 +-
 okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java   | 2 +-
 okhttp/src/main/java/io/grpc/okhttp/Utils.java                  | 2 +-
 protobuf/BUILD.bazel                                            | 1 +
 .../java/io/grpc/protobuf/ProtoMethodDescriptorSupplier.java    | 2 +-
 rls/BUILD.bazel                                                 | 1 +
 rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java           | 2 +-
 rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java           | 2 +-
 rls/src/main/java/io/grpc/rls/LruCache.java                     | 2 +-
 rls/src/main/java/io/grpc/rls/RlsRequestFactory.java            | 2 +-
 .../java/io/grpc/servlet/AsyncServletOutputStreamWriter.java    | 2 +-
 stub/src/main/java/io/grpc/stub/AbstractAsyncStub.java          | 2 +-
 stub/src/main/java/io/grpc/stub/AbstractBlockingStub.java       | 2 +-
 stub/src/main/java/io/grpc/stub/AbstractFutureStub.java         | 2 +-
 stub/src/main/java/io/grpc/stub/AbstractStub.java               | 2 +-
 .../io/grpc/xds/internal/security/ReferenceCountingMap.java     | 2 +-
 35 files changed, 35 insertions(+), 33 deletions(-)

diff --git a/api/src/main/java/io/grpc/CallOptions.java b/api/src/main/java/io/grpc/CallOptions.java
index a1b8984c48b..800bdfb6c90 100644
--- a/api/src/main/java/io/grpc/CallOptions.java
+++ b/api/src/main/java/io/grpc/CallOptions.java
@@ -21,6 +21,7 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.CheckReturnValue;
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -28,7 +29,6 @@
 import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
diff --git a/api/src/main/java/io/grpc/MethodDescriptor.java b/api/src/main/java/io/grpc/MethodDescriptor.java
index 1bfaccb4201..a02eb840deb 100644
--- a/api/src/main/java/io/grpc/MethodDescriptor.java
+++ b/api/src/main/java/io/grpc/MethodDescriptor.java
@@ -20,9 +20,9 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.CheckReturnValue;
 import java.io.InputStream;
 import java.util.concurrent.atomic.AtomicReferenceArray;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
diff --git a/api/src/main/java/io/grpc/Status.java b/api/src/main/java/io/grpc/Status.java
index 5d7dd30df01..38cd9581f8e 100644
--- a/api/src/main/java/io/grpc/Status.java
+++ b/api/src/main/java/io/grpc/Status.java
@@ -23,6 +23,7 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Objects;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Metadata.TrustedAsciiMarshaller;
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
@@ -30,7 +31,6 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.TreeMap;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
diff --git a/api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java b/api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java
index 94ab8fb9b18..c2b4d8412a7 100644
--- a/api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java
+++ b/api/src/testFixtures/java/io/grpc/testing/DeadlineSubject.java
@@ -24,9 +24,9 @@
 import com.google.common.truth.ComparableSubject;
 import com.google.common.truth.FailureMetadata;
 import com.google.common.truth.Subject;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Deadline;
 import java.util.concurrent.TimeUnit;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 
 /** Propositions for {@link Deadline} subjects. */
diff --git a/binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java b/binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java
index 2a37e6fd517..5b17ad35977 100644
--- a/binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java
+++ b/binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java
@@ -17,11 +17,11 @@
 package io.grpc.binder;
 
 import com.google.common.util.concurrent.ListenableFuture;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.ExperimentalApi;
 import io.grpc.Status;
 import java.util.concurrent.CancellationException;
 import java.util.concurrent.ExecutionException;
-import javax.annotation.CheckReturnValue;
 
 /**
  * Decides whether a given Android UID is authorized to access some resource.
diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicy.java b/binder/src/main/java/io/grpc/binder/SecurityPolicy.java
index e539f17e394..261e5223a0f 100644
--- a/binder/src/main/java/io/grpc/binder/SecurityPolicy.java
+++ b/binder/src/main/java/io/grpc/binder/SecurityPolicy.java
@@ -16,8 +16,8 @@
 
 package io.grpc.binder;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Status;
-import javax.annotation.CheckReturnValue;
 
 /**
  * Decides whether a given Android UID is authorized to access some resource.
diff --git a/binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java b/binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java
index 6a9361c0eaf..4786a5e6cc4 100644
--- a/binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java
+++ b/binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java
@@ -19,10 +19,10 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Status;
 import java.util.HashMap;
 import java.util.Map;
-import javax.annotation.CheckReturnValue;
 
 /**
  * A security policy for a gRPC server.
diff --git a/binder/src/main/java/io/grpc/binder/UntrustedSecurityPolicies.java b/binder/src/main/java/io/grpc/binder/UntrustedSecurityPolicies.java
index 64d8ac1426a..44612a82109 100644
--- a/binder/src/main/java/io/grpc/binder/UntrustedSecurityPolicies.java
+++ b/binder/src/main/java/io/grpc/binder/UntrustedSecurityPolicies.java
@@ -16,9 +16,9 @@
 
 package io.grpc.binder;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.ExperimentalApi;
 import io.grpc.Status;
-import javax.annotation.CheckReturnValue;
 
 /** Static factory methods for creating untrusted security policies. */
 @CheckReturnValue
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 254ad5bb407..0c886a9829c 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -35,6 +35,7 @@
 import com.google.common.util.concurrent.FutureCallback;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
@@ -78,7 +79,6 @@
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java
index 430eee3e041..6f95ef8a83c 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransportSecurity.java
@@ -20,6 +20,7 @@
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.MoreExecutors;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.Internal;
 import io.grpc.Metadata;
@@ -35,7 +36,6 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executor;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 
 /**
diff --git a/core/src/main/java/io/grpc/internal/ClientTransportFactory.java b/core/src/main/java/io/grpc/internal/ClientTransportFactory.java
index d987f9d5068..6c10ced4652 100644
--- a/core/src/main/java/io/grpc/internal/ClientTransportFactory.java
+++ b/core/src/main/java/io/grpc/internal/ClientTransportFactory.java
@@ -18,6 +18,7 @@
 
 import com.google.common.base.Objects;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.CallCredentials;
 import io.grpc.ChannelCredentials;
@@ -27,7 +28,6 @@
 import java.net.SocketAddress;
 import java.util.Collection;
 import java.util.concurrent.ScheduledExecutorService;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 
 /** Pre-configured factory for creating {@link ConnectionClientTransport} instances. */
diff --git a/core/src/main/java/io/grpc/internal/DelayedStream.java b/core/src/main/java/io/grpc/internal/DelayedStream.java
index c94986a3458..5f14f24cfe5 100644
--- a/core/src/main/java/io/grpc/internal/DelayedStream.java
+++ b/core/src/main/java/io/grpc/internal/DelayedStream.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkState;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.Compressor;
 import io.grpc.Deadline;
@@ -30,7 +31,6 @@
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.concurrent.GuardedBy;
 
 /**
diff --git a/core/src/main/java/io/grpc/internal/KeepAliveEnforcer.java b/core/src/main/java/io/grpc/internal/KeepAliveEnforcer.java
index dd539e75a18..6480336470c 100644
--- a/core/src/main/java/io/grpc/internal/KeepAliveEnforcer.java
+++ b/core/src/main/java/io/grpc/internal/KeepAliveEnforcer.java
@@ -18,8 +18,8 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.CheckReturnValue;
 import java.util.concurrent.TimeUnit;
-import javax.annotation.CheckReturnValue;
 
 /** Monitors the client's PING usage to make sure the rate is permitted. */
 public final class KeepAliveEnforcer {
diff --git a/core/src/main/java/io/grpc/internal/ManagedClientTransport.java b/core/src/main/java/io/grpc/internal/ManagedClientTransport.java
index 5f8fe52ef6b..184a4d98955 100644
--- a/core/src/main/java/io/grpc/internal/ManagedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/ManagedClientTransport.java
@@ -16,9 +16,9 @@
 
 package io.grpc.internal;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.Status;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 
diff --git a/core/src/main/java/io/grpc/internal/RetriableStream.java b/core/src/main/java/io/grpc/internal/RetriableStream.java
index ba9424ea25c..7fed77625d3 100644
--- a/core/src/main/java/io/grpc/internal/RetriableStream.java
+++ b/core/src/main/java/io/grpc/internal/RetriableStream.java
@@ -22,6 +22,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Objects;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.ClientStreamTracer;
 import io.grpc.Compressor;
@@ -47,7 +48,6 @@
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicLong;
 import javax.annotation.CheckForNull;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.GuardedBy;
 
diff --git a/core/src/main/java/io/grpc/internal/TransportFrameUtil.java b/core/src/main/java/io/grpc/internal/TransportFrameUtil.java
index f3c32416426..3bd7ee72239 100644
--- a/core/src/main/java/io/grpc/internal/TransportFrameUtil.java
+++ b/core/src/main/java/io/grpc/internal/TransportFrameUtil.java
@@ -19,13 +19,13 @@
 import static java.nio.charset.StandardCharsets.US_ASCII;
 
 import com.google.common.io.BaseEncoding;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.InternalMetadata;
 import io.grpc.Metadata;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.logging.Logger;
-import javax.annotation.CheckReturnValue;
 
 /**
  * Utility functions for transport layer framing.
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index eacf46ca4a2..b5bbbe563df 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -24,6 +24,7 @@
 import com.google.common.io.ByteStreams;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
@@ -74,7 +75,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiationEvent.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiationEvent.java
index 16da79e1af8..8103a2dc79f 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiationEvent.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiationEvent.java
@@ -20,10 +20,10 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Objects;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.Internal;
 import io.grpc.InternalChannelz.Security;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 
 /**
diff --git a/netty/src/main/java/io/grpc/netty/Utils.java b/netty/src/main/java/io/grpc/netty/Utils.java
index ba405637af5..c0981f5b219 100644
--- a/netty/src/main/java/io/grpc/netty/Utils.java
+++ b/netty/src/main/java/io/grpc/netty/Utils.java
@@ -27,6 +27,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.InternalChannelz;
 import io.grpc.InternalMetadata;
 import io.grpc.Metadata;
@@ -68,7 +69,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.net.ssl.SSLException;
 
diff --git a/netty/src/main/java/io/grpc/netty/package-info.java b/netty/src/main/java/io/grpc/netty/package-info.java
index 54595b38573..d1d7b87cf51 100644
--- a/netty/src/main/java/io/grpc/netty/package-info.java
+++ b/netty/src/main/java/io/grpc/netty/package-info.java
@@ -18,5 +18,5 @@
  * The main transport implementation based on <a target="_blank" href="http://netty.io">Netty</a>,
  * for both the client and the server.
  */
-@javax.annotation.CheckReturnValue
+@com.google.errorprone.annotations.CheckReturnValue
 package io.grpc.netty;
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
index 15508110344..f42cb9fb16d 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
@@ -22,6 +22,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.CallCredentials;
 import io.grpc.ChannelCredentials;
 import io.grpc.ChannelLogger;
@@ -72,7 +73,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.net.SocketFactory;
 import javax.net.ssl.HostnameVerifier;
diff --git a/okhttp/src/main/java/io/grpc/okhttp/Utils.java b/okhttp/src/main/java/io/grpc/okhttp/Utils.java
index 2dc5f1e1ec9..4546143cf3b 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/Utils.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/Utils.java
@@ -17,6 +17,7 @@
 package io.grpc.okhttp;
 
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.InternalChannelz;
 import io.grpc.InternalMetadata;
 import io.grpc.Metadata;
@@ -29,7 +30,6 @@
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckReturnValue;
 
 /**
  * Common utility methods for OkHttp transport.
diff --git a/protobuf/BUILD.bazel b/protobuf/BUILD.bazel
index 724c78ca6ee..02a136554d2 100644
--- a/protobuf/BUILD.bazel
+++ b/protobuf/BUILD.bazel
@@ -12,6 +12,7 @@ java_library(
         "@com_google_protobuf//:protobuf_java",
         artifact("com.google.api.grpc:proto-google-common-protos"),
         artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
     ],
 )
diff --git a/protobuf/src/main/java/io/grpc/protobuf/ProtoMethodDescriptorSupplier.java b/protobuf/src/main/java/io/grpc/protobuf/ProtoMethodDescriptorSupplier.java
index e5b2f38e3c0..e7cd3ed336f 100644
--- a/protobuf/src/main/java/io/grpc/protobuf/ProtoMethodDescriptorSupplier.java
+++ b/protobuf/src/main/java/io/grpc/protobuf/ProtoMethodDescriptorSupplier.java
@@ -16,8 +16,8 @@
 
 package io.grpc.protobuf;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import com.google.protobuf.Descriptors.MethodDescriptor;
-import javax.annotation.CheckReturnValue;
 
 /**
  * Provides access to the underlying proto service method descriptor.
diff --git a/rls/BUILD.bazel b/rls/BUILD.bazel
index 10a5e22524a..bfa0c7eee97 100644
--- a/rls/BUILD.bazel
+++ b/rls/BUILD.bazel
@@ -19,6 +19,7 @@ java_library(
         "@io_grpc_grpc_proto//:rls_java_proto",
         artifact("com.google.auto.value:auto-value-annotations"),
         artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
     ],
 )
diff --git a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
index 3d52187a158..9775753ab50 100644
--- a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
+++ b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
@@ -28,6 +28,7 @@
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.ChannelLogger;
 import io.grpc.ChannelLogger.ChannelLogLevel;
 import io.grpc.ConnectivityState;
@@ -73,7 +74,6 @@
 import java.util.concurrent.Future;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
diff --git a/rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java b/rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java
index ba0575efa57..b39b463c762 100644
--- a/rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java
+++ b/rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java
@@ -22,6 +22,7 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Ticker;
+import com.google.errorprone.annotations.CheckReturnValue;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Iterator;
@@ -29,7 +30,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 
 /**
diff --git a/rls/src/main/java/io/grpc/rls/LruCache.java b/rls/src/main/java/io/grpc/rls/LruCache.java
index 1ad5a958289..8fc4ae98472 100644
--- a/rls/src/main/java/io/grpc/rls/LruCache.java
+++ b/rls/src/main/java/io/grpc/rls/LruCache.java
@@ -16,7 +16,7 @@
 
 package io.grpc.rls;
 
-import javax.annotation.CheckReturnValue;
+import com.google.errorprone.annotations.CheckReturnValue;
 import javax.annotation.Nullable;
 
 /** An LruCache is a cache with least recently used eviction. */
diff --git a/rls/src/main/java/io/grpc/rls/RlsRequestFactory.java b/rls/src/main/java/io/grpc/rls/RlsRequestFactory.java
index a6ca0137ff1..e26e49979e1 100644
--- a/rls/src/main/java/io/grpc/rls/RlsRequestFactory.java
+++ b/rls/src/main/java/io/grpc/rls/RlsRequestFactory.java
@@ -20,6 +20,7 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.common.collect.ImmutableMap;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Metadata;
 import io.grpc.rls.RlsProtoData.ExtraKeys;
 import io.grpc.rls.RlsProtoData.GrpcKeyBuilder;
@@ -30,7 +31,6 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import javax.annotation.CheckReturnValue;
 
 /**
  * A RlsRequestFactory creates {@link RouteLookupRequest} using key builder map from {@link
diff --git a/servlet/src/main/java/io/grpc/servlet/AsyncServletOutputStreamWriter.java b/servlet/src/main/java/io/grpc/servlet/AsyncServletOutputStreamWriter.java
index cfd29b1a2fd..8c0c6ec6512 100644
--- a/servlet/src/main/java/io/grpc/servlet/AsyncServletOutputStreamWriter.java
+++ b/servlet/src/main/java/io/grpc/servlet/AsyncServletOutputStreamWriter.java
@@ -22,6 +22,7 @@
 import static java.util.logging.Level.FINEST;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.InternalLogId;
 import io.grpc.servlet.ServletServerStream.ServletTransportState;
 import java.io.IOException;
@@ -34,7 +35,6 @@
 import java.util.function.BooleanSupplier;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.servlet.AsyncContext;
 import javax.servlet.ServletOutputStream;
diff --git a/stub/src/main/java/io/grpc/stub/AbstractAsyncStub.java b/stub/src/main/java/io/grpc/stub/AbstractAsyncStub.java
index c6f912cb3a7..f369eeaf87f 100644
--- a/stub/src/main/java/io/grpc/stub/AbstractAsyncStub.java
+++ b/stub/src/main/java/io/grpc/stub/AbstractAsyncStub.java
@@ -16,10 +16,10 @@
 
 package io.grpc.stub;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.stub.ClientCalls.StubType;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/stub/src/main/java/io/grpc/stub/AbstractBlockingStub.java b/stub/src/main/java/io/grpc/stub/AbstractBlockingStub.java
index 1cb919e67b0..4bdb3c0bb94 100644
--- a/stub/src/main/java/io/grpc/stub/AbstractBlockingStub.java
+++ b/stub/src/main/java/io/grpc/stub/AbstractBlockingStub.java
@@ -16,10 +16,10 @@
 
 package io.grpc.stub;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.stub.ClientCalls.StubType;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/stub/src/main/java/io/grpc/stub/AbstractFutureStub.java b/stub/src/main/java/io/grpc/stub/AbstractFutureStub.java
index 66570bcd6ff..5e37b1e4915 100644
--- a/stub/src/main/java/io/grpc/stub/AbstractFutureStub.java
+++ b/stub/src/main/java/io/grpc/stub/AbstractFutureStub.java
@@ -16,10 +16,10 @@
 
 package io.grpc.stub;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.stub.ClientCalls.StubType;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/stub/src/main/java/io/grpc/stub/AbstractStub.java b/stub/src/main/java/io/grpc/stub/AbstractStub.java
index 7b4bbed34a8..697107760db 100644
--- a/stub/src/main/java/io/grpc/stub/AbstractStub.java
+++ b/stub/src/main/java/io/grpc/stub/AbstractStub.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.InternalTimeUtils.convert;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.CallCredentials;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
@@ -30,7 +31,6 @@
 import java.time.Duration;
 import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/ReferenceCountingMap.java b/xds/src/main/java/io/grpc/xds/internal/security/ReferenceCountingMap.java
index b7f56492fa5..08b8f6a325b 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/ReferenceCountingMap.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/ReferenceCountingMap.java
@@ -20,9 +20,9 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 
+import com.google.errorprone.annotations.CheckReturnValue;
 import java.util.HashMap;
 import java.util.Map;
-import javax.annotation.CheckReturnValue;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**

From 70825adce6a3de06f1f93543a05a010b7c77c4aa Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 9 Jan 2025 13:09:57 -0800
Subject: [PATCH 142/591] Replace jsr305's GuardedBy with Error Prone's

We should avoid jsr305 and error prone's has the same semantics.
---
 alts/BUILD.bazel                                              | 1 +
 alts/src/main/java/io/grpc/alts/internal/AsyncSemaphore.java  | 2 +-
 .../src/main/java/io/grpc/android/AndroidChannelBuilder.java  | 2 +-
 api/src/main/java/io/grpc/ConfiguratorRegistry.java           | 2 +-
 api/src/main/java/io/grpc/ManagedChannelRegistry.java         | 2 +-
 api/src/main/java/io/grpc/MetricInstrumentRegistry.java       | 2 +-
 api/src/main/java/io/grpc/NameResolverRegistry.java           | 2 +-
 api/src/main/java/io/grpc/ServerRegistry.java                 | 2 +-
 binder/src/androidTest/java/io/grpc/binder/HostServices.java  | 2 +-
 .../io/grpc/binder/internal/BinderClientTransportTest.java    | 2 +-
 .../java/io/grpc/binder/internal/ActiveTransportTracker.java  | 2 +-
 .../src/main/java/io/grpc/binder/internal/BinderServer.java   | 2 +-
 .../main/java/io/grpc/binder/internal/BinderTransport.java    | 2 +-
 .../src/main/java/io/grpc/binder/internal/FlowController.java | 2 +-
 binder/src/main/java/io/grpc/binder/internal/Inbound.java     | 2 +-
 binder/src/main/java/io/grpc/binder/internal/Outbound.java    | 2 +-
 binder/src/main/java/io/grpc/binder/internal/PingTracker.java | 2 +-
 .../src/main/java/io/grpc/binder/internal/ServiceBinding.java | 2 +-
 census/BUILD.bazel                                            | 1 +
 census/src/main/java/io/grpc/census/CensusStatsModule.java    | 2 +-
 core/src/main/java/io/grpc/internal/AbstractStream.java       | 2 +-
 .../internal/CallCredentialsApplyingTransportFactory.java     | 2 +-
 core/src/main/java/io/grpc/internal/ChannelTracer.java        | 2 +-
 core/src/main/java/io/grpc/internal/DelayedClientCall.java    | 2 +-
 .../main/java/io/grpc/internal/DelayedClientTransport.java    | 2 +-
 core/src/main/java/io/grpc/internal/DelayedStream.java        | 2 +-
 core/src/main/java/io/grpc/internal/Http2Ping.java            | 2 +-
 core/src/main/java/io/grpc/internal/KeepAliveManager.java     | 2 +-
 core/src/main/java/io/grpc/internal/ManagedChannelImpl.java   | 2 +-
 core/src/main/java/io/grpc/internal/MetadataApplierImpl.java  | 2 +-
 .../main/java/io/grpc/internal/MigratingThreadDeframer.java   | 2 +-
 core/src/main/java/io/grpc/internal/RetriableStream.java      | 2 +-
 core/src/main/java/io/grpc/internal/ServerImpl.java           | 2 +-
 cronet/src/main/java/io/grpc/cronet/CronetClientStream.java   | 2 +-
 .../src/main/java/io/grpc/cronet/CronetClientTransport.java   | 2 +-
 grpclb/BUILD.bazel                                            | 1 +
 .../main/java/io/grpc/grpclb/GrpclbClientLoadRecorder.java    | 2 +-
 .../io/grpc/inprocess/AnonymousInProcessSocketAddress.java    | 2 +-
 .../src/main/java/io/grpc/inprocess/InProcessTransport.java   | 2 +-
 .../java/io/grpc/testing/integration/TestServiceImpl.java     | 2 +-
 okhttp/src/main/java/io/grpc/okhttp/AsyncSink.java            | 2 +-
 okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java   | 2 +-
 .../src/main/java/io/grpc/okhttp/OkHttpClientTransport.java   | 4 ++--
 okhttp/src/main/java/io/grpc/okhttp/OkHttpServerStream.java   | 2 +-
 .../src/main/java/io/grpc/okhttp/OkHttpServerTransport.java   | 2 +-
 .../io/grpc/opentelemetry/OpenTelemetryMetricsModule.java     | 2 +-
 rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java         | 2 +-
 services/BUILD.bazel                                          | 2 ++
 .../java/io/grpc/protobuf/services/HealthServiceImpl.java     | 2 +-
 .../io/grpc/protobuf/services/ProtoReflectionServiceV1.java   | 2 +-
 xds/src/main/java/io/grpc/xds/FilterChainSelectorManager.java | 2 +-
 .../main/java/io/grpc/xds/SharedXdsClientPoolProvider.java    | 2 +-
 xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java     | 2 +-
 53 files changed, 55 insertions(+), 50 deletions(-)

diff --git a/alts/BUILD.bazel b/alts/BUILD.bazel
index 73420e11053..3595064ffa4 100644
--- a/alts/BUILD.bazel
+++ b/alts/BUILD.bazel
@@ -18,6 +18,7 @@ java_library(
         "@com_google_protobuf//:protobuf_java",
         "@com_google_protobuf//:protobuf_java_util",
         artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
         artifact("io.netty:netty-buffer"),
         artifact("io.netty:netty-codec"),
diff --git a/alts/src/main/java/io/grpc/alts/internal/AsyncSemaphore.java b/alts/src/main/java/io/grpc/alts/internal/AsyncSemaphore.java
index 3ccdcfc763a..a8251c7fbd3 100644
--- a/alts/src/main/java/io/grpc/alts/internal/AsyncSemaphore.java
+++ b/alts/src/main/java/io/grpc/alts/internal/AsyncSemaphore.java
@@ -16,12 +16,12 @@
 
 package io.grpc.alts.internal;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.netty.channel.ChannelFuture;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPromise;
 import java.util.LinkedList;
 import java.util.Queue;
-import javax.annotation.concurrent.GuardedBy;
 
 /** Provides a semaphore primitive, without blocking waiting on permits. */
 final class AsyncSemaphore {
diff --git a/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java b/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
index 317b7a50b74..e56ce5fc405 100644
--- a/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
+++ b/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
@@ -28,6 +28,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.errorprone.annotations.InlineMe;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.CallOptions;
 import io.grpc.ClientCall;
 import io.grpc.ConnectivityState;
@@ -41,7 +42,6 @@
 import io.grpc.internal.GrpcUtil;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Builds a {@link ManagedChannel} that, when provided with a {@link Context}, will automatically
diff --git a/api/src/main/java/io/grpc/ConfiguratorRegistry.java b/api/src/main/java/io/grpc/ConfiguratorRegistry.java
index b2efcc1cff4..a0a91609dde 100644
--- a/api/src/main/java/io/grpc/ConfiguratorRegistry.java
+++ b/api/src/main/java/io/grpc/ConfiguratorRegistry.java
@@ -16,10 +16,10 @@
 
 package io.grpc;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * A registry for {@link Configurator} instances.
diff --git a/api/src/main/java/io/grpc/ManagedChannelRegistry.java b/api/src/main/java/io/grpc/ManagedChannelRegistry.java
index 31f874b8094..aed5eca9abf 100644
--- a/api/src/main/java/io/grpc/ManagedChannelRegistry.java
+++ b/api/src/main/java/io/grpc/ManagedChannelRegistry.java
@@ -18,6 +18,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import java.net.SocketAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -30,7 +31,6 @@
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/api/src/main/java/io/grpc/MetricInstrumentRegistry.java b/api/src/main/java/io/grpc/MetricInstrumentRegistry.java
index a61ac058a61..1b33ed17a71 100644
--- a/api/src/main/java/io/grpc/MetricInstrumentRegistry.java
+++ b/api/src/main/java/io/grpc/MetricInstrumentRegistry.java
@@ -21,12 +21,12 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * A registry for globally registered metric instruments.
diff --git a/api/src/main/java/io/grpc/NameResolverRegistry.java b/api/src/main/java/io/grpc/NameResolverRegistry.java
index 23eec23fd6a..2648f8de1aa 100644
--- a/api/src/main/java/io/grpc/NameResolverRegistry.java
+++ b/api/src/main/java/io/grpc/NameResolverRegistry.java
@@ -20,6 +20,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -31,7 +32,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/api/src/main/java/io/grpc/ServerRegistry.java b/api/src/main/java/io/grpc/ServerRegistry.java
index a083e45a000..5b9c8c558e7 100644
--- a/api/src/main/java/io/grpc/ServerRegistry.java
+++ b/api/src/main/java/io/grpc/ServerRegistry.java
@@ -18,6 +18,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
@@ -25,7 +26,6 @@
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/binder/src/androidTest/java/io/grpc/binder/HostServices.java b/binder/src/androidTest/java/io/grpc/binder/HostServices.java
index 4aa46e8254a..5d4a06a27fe 100644
--- a/binder/src/androidTest/java/io/grpc/binder/HostServices.java
+++ b/binder/src/androidTest/java/io/grpc/binder/HostServices.java
@@ -29,6 +29,7 @@
 import androidx.lifecycle.LifecycleService;
 import com.google.auto.value.AutoValue;
 import com.google.common.base.Supplier;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Server;
 import java.io.IOException;
 import java.util.HashMap;
@@ -38,7 +39,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * A test helper class for creating android services to host gRPC servers.
diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
index c84a1fc296f..33c127f97a7 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
@@ -27,6 +27,7 @@
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import com.google.protobuf.Empty;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
@@ -64,7 +65,6 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
diff --git a/binder/src/main/java/io/grpc/binder/internal/ActiveTransportTracker.java b/binder/src/main/java/io/grpc/binder/internal/ActiveTransportTracker.java
index ad410186486..2bfa9fea4cb 100644
--- a/binder/src/main/java/io/grpc/binder/internal/ActiveTransportTracker.java
+++ b/binder/src/main/java/io/grpc/binder/internal/ActiveTransportTracker.java
@@ -2,13 +2,13 @@
 
 import static com.google.common.base.Preconditions.checkState;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.Metadata;
 import io.grpc.internal.ServerListener;
 import io.grpc.internal.ServerStream;
 import io.grpc.internal.ServerTransport;
 import io.grpc.internal.ServerTransportListener;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Tracks which {@link BinderTransport.BinderServerTransport} are currently active and allows
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServer.java b/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
index 0ad54fb74d1..6b8347390b9 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
@@ -25,6 +25,7 @@
 import android.os.Parcel;
 import android.os.RemoteException;
 import com.google.common.collect.ImmutableList;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.Grpc;
 import io.grpc.InternalChannelz.SocketStats;
@@ -48,7 +49,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 0c886a9829c..f61c455edd5 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -36,6 +36,7 @@
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.errorprone.annotations.CheckReturnValue;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
@@ -80,7 +81,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/binder/src/main/java/io/grpc/binder/internal/FlowController.java b/binder/src/main/java/io/grpc/binder/internal/FlowController.java
index 1972ea00e6c..135f363a01e 100644
--- a/binder/src/main/java/io/grpc/binder/internal/FlowController.java
+++ b/binder/src/main/java/io/grpc/binder/internal/FlowController.java
@@ -15,7 +15,7 @@
  */
 package io.grpc.binder.internal;
 
-import javax.annotation.concurrent.GuardedBy;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 
 /** Keeps track of the number of bytes on the wire in a single direction. */
 final class FlowController {
diff --git a/binder/src/main/java/io/grpc/binder/internal/Inbound.java b/binder/src/main/java/io/grpc/binder/internal/Inbound.java
index 19c0e4a0f08..50654297c74 100644
--- a/binder/src/main/java/io/grpc/binder/internal/Inbound.java
+++ b/binder/src/main/java/io/grpc/binder/internal/Inbound.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkState;
 
 import android.os.Parcel;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.Metadata;
 import io.grpc.Status;
@@ -34,7 +35,6 @@
 import java.io.InputStream;
 import java.util.ArrayList;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Handles incoming binder transactions for a single stream, turning those transactions into calls
diff --git a/binder/src/main/java/io/grpc/binder/internal/Outbound.java b/binder/src/main/java/io/grpc/binder/internal/Outbound.java
index e2896be02a1..f395fe1701f 100644
--- a/binder/src/main/java/io/grpc/binder/internal/Outbound.java
+++ b/binder/src/main/java/io/grpc/binder/internal/Outbound.java
@@ -22,6 +22,7 @@
 import static java.lang.Math.max;
 
 import android.os.Parcel;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Deadline;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
@@ -34,7 +35,6 @@
 import java.util.concurrent.ConcurrentLinkedQueue;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Sends the set of outbound transactions for a single BinderStream (rpc).
diff --git a/binder/src/main/java/io/grpc/binder/internal/PingTracker.java b/binder/src/main/java/io/grpc/binder/internal/PingTracker.java
index 33fcb43918f..ab20af4d6ef 100644
--- a/binder/src/main/java/io/grpc/binder/internal/PingTracker.java
+++ b/binder/src/main/java/io/grpc/binder/internal/PingTracker.java
@@ -17,12 +17,12 @@
 package io.grpc.binder.internal;
 
 import com.google.common.base.Ticker;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Status;
 import io.grpc.StatusException;
 import io.grpc.internal.ClientTransport.PingCallback;
 import java.util.concurrent.Executor;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Tracks an ongoing ping request for a client-side binder transport. We only handle a single active
diff --git a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
index 76f1d7aa9f7..ee171140045 100644
--- a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
+++ b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
@@ -28,13 +28,13 @@
 import androidx.annotation.AnyThread;
 import androidx.annotation.MainThread;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Status;
 import io.grpc.binder.BinderChannelCredentials;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/census/BUILD.bazel b/census/BUILD.bazel
index aec16c46af0..36be88fc3d8 100644
--- a/census/BUILD.bazel
+++ b/census/BUILD.bazel
@@ -10,6 +10,7 @@ java_library(
         "//api",
         "//context",
         artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
         artifact("io.opencensus:opencensus-api"),
         artifact("io.opencensus:opencensus-contrib-grpc-metrics"),
diff --git a/census/src/main/java/io/grpc/census/CensusStatsModule.java b/census/src/main/java/io/grpc/census/CensusStatsModule.java
index ad16bef9604..8f571ceb627 100644
--- a/census/src/main/java/io/grpc/census/CensusStatsModule.java
+++ b/census/src/main/java/io/grpc/census/CensusStatsModule.java
@@ -22,6 +22,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Stopwatch;
 import com.google.common.base.Supplier;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
@@ -62,7 +63,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Provides factories for {@link StreamTracer} that records stats to Census.
diff --git a/core/src/main/java/io/grpc/internal/AbstractStream.java b/core/src/main/java/io/grpc/internal/AbstractStream.java
index 56f540d623f..46cdab7ef28 100644
--- a/core/src/main/java/io/grpc/internal/AbstractStream.java
+++ b/core/src/main/java/io/grpc/internal/AbstractStream.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkState;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Codec;
 import io.grpc.Compressor;
 import io.grpc.Decompressor;
@@ -29,7 +30,6 @@
 import java.io.InputStream;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * The stream and stream state as used by the application. Must only be called from the sending
diff --git a/core/src/main/java/io/grpc/internal/CallCredentialsApplyingTransportFactory.java b/core/src/main/java/io/grpc/internal/CallCredentialsApplyingTransportFactory.java
index 42631851974..97a74bda97e 100644
--- a/core/src/main/java/io/grpc/internal/CallCredentialsApplyingTransportFactory.java
+++ b/core/src/main/java/io/grpc/internal/CallCredentialsApplyingTransportFactory.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.MoreObjects.firstNonNull;
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallCredentials;
 import io.grpc.CallCredentials.RequestInfo;
@@ -38,7 +39,6 @@
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.atomic.AtomicInteger;
-import javax.annotation.concurrent.GuardedBy;
 
 final class CallCredentialsApplyingTransportFactory implements ClientTransportFactory {
   private final ClientTransportFactory delegate;
diff --git a/core/src/main/java/io/grpc/internal/ChannelTracer.java b/core/src/main/java/io/grpc/internal/ChannelTracer.java
index 8c8243c9021..a9730a365cc 100644
--- a/core/src/main/java/io/grpc/internal/ChannelTracer.java
+++ b/core/src/main/java/io/grpc/internal/ChannelTracer.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.ChannelLogger;
 import io.grpc.InternalChannelz.ChannelStats;
 import io.grpc.InternalChannelz.ChannelTrace;
@@ -31,7 +32,6 @@
 import java.util.logging.LogRecord;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Tracks a collections of channel tracing events for a channel/subchannel.
diff --git a/core/src/main/java/io/grpc/internal/DelayedClientCall.java b/core/src/main/java/io/grpc/internal/DelayedClientCall.java
index 92034e83f45..f2b0c9a3f06 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientCall.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientCall.java
@@ -22,6 +22,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.ClientCall;
 import io.grpc.Context;
@@ -38,7 +39,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * A call that queues requests before a real call is ready to be delegated to.
diff --git a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
index ae173f4ac26..2ff94b7804a 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
@@ -19,6 +19,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
 import io.grpc.Context;
@@ -39,7 +40,6 @@
 import java.util.concurrent.Executor;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * A client transport that queues requests before a real transport is available. When {@link
diff --git a/core/src/main/java/io/grpc/internal/DelayedStream.java b/core/src/main/java/io/grpc/internal/DelayedStream.java
index 5f14f24cfe5..2ca4630d6a1 100644
--- a/core/src/main/java/io/grpc/internal/DelayedStream.java
+++ b/core/src/main/java/io/grpc/internal/DelayedStream.java
@@ -21,6 +21,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.errorprone.annotations.CheckReturnValue;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.Compressor;
 import io.grpc.Deadline;
@@ -31,7 +32,6 @@
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * A stream that queues requests before the transport is available, and delegates to a real stream
diff --git a/core/src/main/java/io/grpc/internal/Http2Ping.java b/core/src/main/java/io/grpc/internal/Http2Ping.java
index 6104d876373..d96ac3ef214 100644
--- a/core/src/main/java/io/grpc/internal/Http2Ping.java
+++ b/core/src/main/java/io/grpc/internal/Http2Ping.java
@@ -17,6 +17,7 @@
 package io.grpc.internal;
 
 import com.google.common.base.Stopwatch;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.internal.ClientTransport.PingCallback;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -24,7 +25,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Represents an outstanding PING operation on an HTTP/2 channel. This can be used by HTTP/2-based
diff --git a/core/src/main/java/io/grpc/internal/KeepAliveManager.java b/core/src/main/java/io/grpc/internal/KeepAliveManager.java
index 28e2a87276b..aed590c3051 100644
--- a/core/src/main/java/io/grpc/internal/KeepAliveManager.java
+++ b/core/src/main/java/io/grpc/internal/KeepAliveManager.java
@@ -22,11 +22,11 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Stopwatch;
 import com.google.common.util.concurrent.MoreExecutors;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Status;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Manages keepalive pings.
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 5c2871a1373..45819954473 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -32,6 +32,7 @@
 import com.google.common.base.Supplier;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallCredentials;
 import io.grpc.CallOptions;
@@ -117,7 +118,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /** A communication channel for making outgoing RPCs. */
diff --git a/core/src/main/java/io/grpc/internal/MetadataApplierImpl.java b/core/src/main/java/io/grpc/internal/MetadataApplierImpl.java
index 12cab15053f..09a1018c11c 100644
--- a/core/src/main/java/io/grpc/internal/MetadataApplierImpl.java
+++ b/core/src/main/java/io/grpc/internal/MetadataApplierImpl.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.CallCredentials.MetadataApplier;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
@@ -28,7 +29,6 @@
 import io.grpc.MethodDescriptor;
 import io.grpc.Status;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 final class MetadataApplierImpl extends MetadataApplier {
   private final ClientTransport transport;
diff --git a/core/src/main/java/io/grpc/internal/MigratingThreadDeframer.java b/core/src/main/java/io/grpc/internal/MigratingThreadDeframer.java
index c3342556c9f..e4f499ab483 100644
--- a/core/src/main/java/io/grpc/internal/MigratingThreadDeframer.java
+++ b/core/src/main/java/io/grpc/internal/MigratingThreadDeframer.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Decompressor;
 import io.perfmark.Link;
 import io.perfmark.PerfMark;
@@ -26,7 +27,6 @@
 import java.io.InputStream;
 import java.util.ArrayDeque;
 import java.util.Queue;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * A deframer that moves decoding between the transport and app threads based on which is more
diff --git a/core/src/main/java/io/grpc/internal/RetriableStream.java b/core/src/main/java/io/grpc/internal/RetriableStream.java
index 7fed77625d3..85d7bc86584 100644
--- a/core/src/main/java/io/grpc/internal/RetriableStream.java
+++ b/core/src/main/java/io/grpc/internal/RetriableStream.java
@@ -23,6 +23,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Objects;
 import com.google.errorprone.annotations.CheckReturnValue;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.ClientStreamTracer;
 import io.grpc.Compressor;
@@ -49,7 +50,6 @@
 import java.util.concurrent.atomic.AtomicLong;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /** A logical {@link ClientStream} that is retriable. */
 abstract class RetriableStream<ReqT> implements ClientStream {
diff --git a/core/src/main/java/io/grpc/internal/ServerImpl.java b/core/src/main/java/io/grpc/internal/ServerImpl.java
index eceb7d7a738..dc0709e1fb8 100644
--- a/core/src/main/java/io/grpc/internal/ServerImpl.java
+++ b/core/src/main/java/io/grpc/internal/ServerImpl.java
@@ -31,6 +31,7 @@
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.BinaryLog;
 import io.grpc.CompressorRegistry;
@@ -75,7 +76,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Default implementation of {@link io.grpc.Server}, for creation by transports.
diff --git a/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java b/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
index 9ae97652316..95adb65ec40 100644
--- a/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
+++ b/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
@@ -25,6 +25,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.common.io.BaseEncoding;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.InternalMetadata;
@@ -50,7 +51,6 @@
 import java.util.Map;
 import java.util.concurrent.Executor;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import org.chromium.net.BidirectionalStream;
 import org.chromium.net.CronetException;
 import org.chromium.net.UrlResponseInfo;
diff --git a/cronet/src/main/java/io/grpc/cronet/CronetClientTransport.java b/cronet/src/main/java/io/grpc/cronet/CronetClientTransport.java
index b0b18620d0c..465df8b2cc9 100644
--- a/cronet/src/main/java/io/grpc/cronet/CronetClientTransport.java
+++ b/cronet/src/main/java/io/grpc/cronet/CronetClientTransport.java
@@ -19,6 +19,7 @@
 import com.google.common.base.Preconditions;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
@@ -42,7 +43,6 @@
 import java.util.Set;
 import java.util.concurrent.Executor;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * A cronet-based {@link ConnectionClientTransport} implementation.
diff --git a/grpclb/BUILD.bazel b/grpclb/BUILD.bazel
index 2dd24bb52a2..902ae7f47d4 100644
--- a/grpclb/BUILD.bazel
+++ b/grpclb/BUILD.bazel
@@ -20,6 +20,7 @@ java_library(
         "@com_google_protobuf//:protobuf_java_util",
         "@io_grpc_grpc_proto//:grpclb_load_balancer_java_proto",
         artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
     ],
 )
diff --git a/grpclb/src/main/java/io/grpc/grpclb/GrpclbClientLoadRecorder.java b/grpclb/src/main/java/io/grpc/grpclb/GrpclbClientLoadRecorder.java
index d27c485dc13..fe928263ef9 100644
--- a/grpclb/src/main/java/io/grpc/grpclb/GrpclbClientLoadRecorder.java
+++ b/grpclb/src/main/java/io/grpc/grpclb/GrpclbClientLoadRecorder.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import com.google.protobuf.util.Timestamps;
 import io.grpc.ClientStreamTracer;
 import io.grpc.Metadata;
@@ -29,7 +30,6 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicLongFieldUpdater;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/inprocess/src/main/java/io/grpc/inprocess/AnonymousInProcessSocketAddress.java b/inprocess/src/main/java/io/grpc/inprocess/AnonymousInProcessSocketAddress.java
index 5f6486e335d..089a9f12b02 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/AnonymousInProcessSocketAddress.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/AnonymousInProcessSocketAddress.java
@@ -18,11 +18,11 @@
 
 import static com.google.common.base.Preconditions.checkState;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.ExperimentalApi;
 import java.io.IOException;
 import java.net.SocketAddress;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Custom SocketAddress class for {@link InProcessTransport}, for 
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index b5bbbe563df..39ebe6e0ab7 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -25,6 +25,7 @@
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
 import com.google.errorprone.annotations.CheckReturnValue;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
@@ -76,7 +77,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 @ThreadSafe
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceImpl.java b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceImpl.java
index 8fa272122d0..a9ee9382495 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceImpl.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceImpl.java
@@ -18,6 +18,7 @@
 
 import com.google.common.base.Preconditions;
 import com.google.common.collect.Queues;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import com.google.protobuf.ByteString;
 import io.grpc.ForwardingServerCall.SimpleForwardingServerCall;
 import io.grpc.Metadata;
@@ -54,7 +55,6 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.Semaphore;
 import java.util.concurrent.TimeUnit;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Implementation of the business logic for the TestService. Uses an executor to schedule chunks
diff --git a/okhttp/src/main/java/io/grpc/okhttp/AsyncSink.java b/okhttp/src/main/java/io/grpc/okhttp/AsyncSink.java
index 1ac64d7ebb5..01ee23b905c 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/AsyncSink.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/AsyncSink.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.internal.SerializingExecutor;
 import io.grpc.okhttp.ExceptionHandlingFrameWriter.TransportExceptionHandler;
 import io.grpc.okhttp.internal.framed.ErrorCode;
@@ -30,7 +31,6 @@
 import java.io.IOException;
 import java.net.Socket;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import okio.Buffer;
 import okio.Sink;
 import okio.Timeout;
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java
index 9d9fe160715..e33617886cf 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java
@@ -21,6 +21,7 @@
 import static io.grpc.internal.ClientStreamListener.RpcProgress.PROCESSED;
 
 import com.google.common.io.BaseEncoding;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.Metadata;
@@ -37,7 +38,6 @@
 import io.perfmark.Tag;
 import io.perfmark.TaskCloseable;
 import java.util.List;
-import javax.annotation.concurrent.GuardedBy;
 import okio.Buffer;
 
 /**
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index 59f824b1a3c..055d6e08161 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -27,6 +27,7 @@
 import com.google.common.base.Supplier;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
@@ -93,7 +94,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.net.SocketFactory;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLSession;
@@ -1460,4 +1460,4 @@ public void alternateService(int streamId, String origin, ByteString protocol, S
       // TODO(madongfly): Deal with alternateService propagation
     }
   }
-}
\ No newline at end of file
+}
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerStream.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerStream.java
index bcf8837b7eb..d1f1a3f4fe0 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerStream.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerStream.java
@@ -17,6 +17,7 @@
 package io.grpc.okhttp;
 
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.Metadata;
 import io.grpc.Status;
@@ -30,7 +31,6 @@
 import io.perfmark.Tag;
 import io.perfmark.TaskCloseable;
 import java.util.List;
-import javax.annotation.concurrent.GuardedBy;
 import okio.Buffer;
 
 /**
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
index 2da041f571e..cc52bee85eb 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
@@ -22,6 +22,7 @@
 import com.google.common.base.Preconditions;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.InternalChannelz;
 import io.grpc.InternalLogId;
@@ -62,7 +63,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import okio.Buffer;
 import okio.BufferedSource;
 import okio.ByteString;
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
index f631da59d01..b6cf09d9db6 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
@@ -27,6 +27,7 @@
 import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
@@ -54,7 +55,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Provides factories for {@link StreamTracer} that records metrics to OpenTelemetry.
diff --git a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
index 9775753ab50..70833416d5d 100644
--- a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
+++ b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
@@ -29,6 +29,7 @@
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.common.util.concurrent.SettableFuture;
 import com.google.errorprone.annotations.CheckReturnValue;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.ChannelLogger;
 import io.grpc.ChannelLogger.ChannelLogLevel;
 import io.grpc.ConnectivityState;
@@ -75,7 +76,6 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/services/BUILD.bazel b/services/BUILD.bazel
index d20e956ed49..9ac894ffaee 100644
--- a/services/BUILD.bazel
+++ b/services/BUILD.bazel
@@ -121,6 +121,7 @@ java_library(
         "@io_grpc_grpc_proto//:reflection_java_proto",
         "@io_grpc_grpc_proto//:reflection_java_proto_deprecated",
         artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
     ],
 )
@@ -139,6 +140,7 @@ java_library(
         "//stub",
         "@io_grpc_grpc_proto//:health_java_proto",
         artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
     ],
 )
diff --git a/services/src/main/java/io/grpc/protobuf/services/HealthServiceImpl.java b/services/src/main/java/io/grpc/protobuf/services/HealthServiceImpl.java
index 6ce602b9295..2efe4b3951a 100644
--- a/services/src/main/java/io/grpc/protobuf/services/HealthServiceImpl.java
+++ b/services/src/main/java/io/grpc/protobuf/services/HealthServiceImpl.java
@@ -18,6 +18,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.util.concurrent.MoreExecutors;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Context;
 import io.grpc.Context.CancellationListener;
 import io.grpc.Status;
@@ -34,7 +35,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 final class HealthServiceImpl extends HealthGrpc.HealthImplBase {
 
diff --git a/services/src/main/java/io/grpc/protobuf/services/ProtoReflectionServiceV1.java b/services/src/main/java/io/grpc/protobuf/services/ProtoReflectionServiceV1.java
index 578e9bbd409..59e9c33d279 100644
--- a/services/src/main/java/io/grpc/protobuf/services/ProtoReflectionServiceV1.java
+++ b/services/src/main/java/io/grpc/protobuf/services/ProtoReflectionServiceV1.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import com.google.protobuf.Descriptors.Descriptor;
 import com.google.protobuf.Descriptors.FieldDescriptor;
 import com.google.protobuf.Descriptors.FileDescriptor;
@@ -52,7 +53,6 @@
 import java.util.Set;
 import java.util.WeakHashMap;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Provides a reflection service for Protobuf services (including the reflection service itself).
diff --git a/xds/src/main/java/io/grpc/xds/FilterChainSelectorManager.java b/xds/src/main/java/io/grpc/xds/FilterChainSelectorManager.java
index 4295d75f59b..b3cc14c6484 100644
--- a/xds/src/main/java/io/grpc/xds/FilterChainSelectorManager.java
+++ b/xds/src/main/java/io/grpc/xds/FilterChainSelectorManager.java
@@ -18,11 +18,11 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector;
 import java.util.Comparator;
 import java.util.TreeSet;
 import java.util.concurrent.atomic.AtomicLong;
-import javax.annotation.concurrent.GuardedBy;
 
 /**
  * Maintains the current xDS selector and any resources using that selector. When the selector
diff --git a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
index 779349744ff..2bc7be4a014 100644
--- a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
@@ -21,6 +21,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.MetricRecorder;
 import io.grpc.internal.ExponentialBackoffPolicy;
 import io.grpc.internal.GrpcUtil;
@@ -40,7 +41,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
diff --git a/xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java b/xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java
index c33b3cd2f85..9dfefaf1a65 100644
--- a/xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java
+++ b/xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java
@@ -21,6 +21,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.InternalServiceProviders;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -31,7 +32,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**

From 82403b9bfa5577e5086135d793669218a5413d1c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 9 Jan 2025 15:04:25 -0800
Subject: [PATCH 143/591] util: Increase modtime in
 AdvancedTlsX509TrustManagerTest

I noticed an old JDK 8u275 failed on the test because the modification
time's resolution was one second. A newer JDK 8u432 worked fine, so it's
not really a problem for me, but increasing the time difference is
cheap. I used two seconds as that's the resolution available on FAT
(which is unlikely to be TMPDIR, even on Windows).
---
 .../java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
index 5ad0e85fa36..228dbf5ea5b 100644
--- a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
+++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
@@ -168,7 +168,7 @@ public void updateTrustCredentials_rotate() throws GeneralSecurityException, IOE
     fakeClock.forwardTime(1, TimeUnit.MINUTES);
     assertArrayEquals(serverCert0, trustManager.getAcceptedIssuers());
 
-    serverCert0File.setLastModified(serverCert0File.lastModified() - 10);
+    serverCert0File.setLastModified(serverCert0File.lastModified() - 2000);
 
     fakeClock.forwardTime(1, TimeUnit.MINUTES);
     assertArrayEquals(serverCert0, trustManager.getAcceptedIssuers());
@@ -181,7 +181,7 @@ public void updateTrustCredentials_rotate() throws GeneralSecurityException, IOE
     fakeClock.forwardTime(1, TimeUnit.MINUTES);
     assertArrayEquals(serverCert0, trustManager.getAcceptedIssuers());
 
-    serverCert0File.setLastModified(beforeModify + 10);
+    serverCert0File.setLastModified(beforeModify + 2000);
 
     // file modification time changed
     fakeClock.forwardTime(1, TimeUnit.MINUTES);

From d65d3942e6078c75500b034155a58b3fa6d516e8 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 7 Jan 2025 09:57:18 -0800
Subject: [PATCH 144/591] xds: Increase speed of fallback test

These changes reduce connect_then_mainServerDown_fallbackServerUp test
time from 20 seconds to 5 s by faking time for the the does-no-exist
timer.

XdsClientImpl only uses the TimeProvider for CSDS cache details, so any
implementation should be fine. FakeXdsClient provides an implementation,
so might as well use it as it is one less clock to think about.
---
 .../io/grpc/xds/XdsClientFallbackTest.java    | 21 ++++++++---
 .../client/CommonBootstrapperTestUtils.java   | 35 +++++++++----------
 2 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index 39379d43aba..94b49bd94b2 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -335,10 +335,13 @@ private static void verifyNoSubscribers(ControlPlaneRule rule) {
 
   // This test takes a long time because of the 16 sec timeout for non-existent resource
   @Test
-  public void connect_then_mainServerDown_fallbackServerUp() throws InterruptedException {
+  public void connect_then_mainServerDown_fallbackServerUp() throws Exception {
     mainXdsServer.restartXdsServer();
     fallbackServer.restartXdsServer();
-    xdsClient = xdsClientPool.getObject();
+    XdsClientImpl xdsClient = CommonBootstrapperTestUtils.createXdsClient(
+        new GrpcBootstrapperImpl().bootstrap(defaultBootstrapOverride()),
+        DEFAULT_XDS_TRANSPORT_FACTORY, fakeClock, new ExponentialBackoffPolicy.Provider(),
+        MessagePrinter.INSTANCE, xdsClientMetricReporter);
 
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
 
@@ -349,7 +352,12 @@ public void connect_then_mainServerDown_fallbackServerUp() throws InterruptedExc
     verify(rdsWatcher, timeout(5000)).onChanged(any());
 
     mainXdsServer.getServer().shutdownNow();
-    TimeUnit.SECONDS.sleep(5); // TODO(lsafran) Use FakeClock so test runs faster
+    // Sleep for the ADS stream disconnect to be processed and for the retry to fail. Between those
+    // two sleeps we need the fakeClock to progress by 1 second to restart the ADS stream.
+    for (int i = 0; i < 5; i++) {
+      fakeClock.forwardTime(1000, TimeUnit.MILLISECONDS);
+      TimeUnit.SECONDS.sleep(1);
+    }
 
     // Shouldn't do fallback since all watchers are loaded
     verify(ldsWatcher, never()).onChanged(
@@ -372,7 +380,7 @@ public void connect_then_mainServerDown_fallbackServerUp() throws InterruptedExc
         XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
     verify(ldsWatcher2, timeout(5000)).onChanged(
         XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
-    verify(cdsWatcher, timeout(16000)).onChanged(any());
+    verify(cdsWatcher, timeout(5000)).onChanged(any());
 
     xdsClient.watchXdsResource(
         XdsRouteConfigureResource.getInstance(), FALLBACK_RDS_NAME, rdsWatcher3);
@@ -381,7 +389,10 @@ public void connect_then_mainServerDown_fallbackServerUp() throws InterruptedExc
     // Test that resource defined in main but not fallback is handled correctly
     xdsClient.watchXdsResource(
         XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher2);
-    verify(cdsWatcher2, timeout(16000)).onResourceDoesNotExist(eq(CLUSTER_NAME));
+    verify(cdsWatcher2, never()).onResourceDoesNotExist(eq(CLUSTER_NAME));
+    fakeClock.forwardTime(15000, TimeUnit.MILLISECONDS); // Does not exist timer
+    verify(cdsWatcher2, timeout(5000)).onResourceDoesNotExist(eq(CLUSTER_NAME));
+    xdsClient.shutdown();
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
index 27a0d4ba1d9..f3de4549ba9 100644
--- a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
@@ -23,7 +23,6 @@
 import io.grpc.internal.BackoffPolicy;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.JsonParser;
-import io.grpc.internal.TimeProvider;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.TlsContextManagerImpl;
@@ -32,28 +31,12 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
 
 public class CommonBootstrapperTestUtils {
   private static final ChannelCredentials CHANNEL_CREDENTIALS = InsecureChannelCredentials.create();
   private static final String SERVER_URI_CUSTOM_AUTHORITY = "trafficdirector2.googleapis.com";
   private static final String SERVER_URI_EMPTY_AUTHORITY = "trafficdirector3.googleapis.com";
-
-  private static final long TIME_INCREMENT = TimeUnit.SECONDS.toNanos(1);
-
-  /** Fake time provider increments time TIME_INCREMENT each call. */
-  private static TimeProvider newTimeProvider() {
-    return new TimeProvider() {
-      private long count;
-
-      @Override
-      public long currentTimeNanos() {
-        return ++count * TIME_INCREMENT;
-      }
-    };
-  }
-
   private static final String FILE_WATCHER_CONFIG = "{\"path\": \"/etc/secret/certs\"}";
   private static final String MESHCA_CONFIG =
       "{\n"
@@ -183,14 +166,28 @@ public static XdsClientImpl createXdsClient(List<String> serverUris,
                                               BackoffPolicy.Provider backoffPolicyProvider,
                                               MessagePrettyPrinter messagePrinter,
                                               XdsClientMetricReporter xdsClientMetricReporter) {
-    Bootstrapper.BootstrapInfo bootstrapInfo = buildBootStrap(serverUris);
+    return createXdsClient(
+        buildBootStrap(serverUris),
+        xdsTransportFactory,
+        fakeClock,
+        backoffPolicyProvider,
+        messagePrinter,
+        xdsClientMetricReporter);
+  }
+
+  public static XdsClientImpl createXdsClient(Bootstrapper.BootstrapInfo bootstrapInfo,
+                                              XdsTransportFactory xdsTransportFactory,
+                                              FakeClock fakeClock,
+                                              BackoffPolicy.Provider backoffPolicyProvider,
+                                              MessagePrettyPrinter messagePrinter,
+                                              XdsClientMetricReporter xdsClientMetricReporter) {
     return new XdsClientImpl(
         xdsTransportFactory,
         bootstrapInfo,
         fakeClock.getScheduledExecutorService(),
         backoffPolicyProvider,
         fakeClock.getStopwatchSupplier(),
-        newTimeProvider(),
+        fakeClock.getTimeProvider(),
         messagePrinter,
         new TlsContextManagerImpl(bootstrapInfo),
         xdsClientMetricReporter);

From 176f3eed12922bfa460b4604ccb0b8c50f31194f Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Fri, 10 Jan 2025 15:25:15 -0800
Subject: [PATCH 145/591] xds: Enable Xds Client Fallback by default (#11817)

---
 xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index dffe19f9256..c00685f1781 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -56,7 +56,7 @@ public abstract class BootstrapperImpl extends Bootstrapper {
   private static final String SERVER_FEATURE_TRUSTED_XDS_SERVER = "trusted_xds_server";
 
   @VisibleForTesting
-  static boolean enableXdsFallback = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_FALLBACK, false);
+  static boolean enableXdsFallback = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_FALLBACK, true);
 
   protected final XdsLogger logger;
 

From 7162d2d6615eb36814e151bf8e926b68409dbed9 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 10 Jan 2025 15:35:43 -0800
Subject: [PATCH 146/591] xds: Pass grpc.xds.cluster label to tracer

This is in service to gRFC A89. Since the gRFC isn't finalized this
purposefully doesn't really do anything yet. The grpc-opentelemetry
change to use this optional label will be done after the gRFC is merged.
grpc-opentelemetry currently has a hard-coded list (one entry) of labels
that it looks for, and this label will need to be added.

b/356167676
---
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |  1 +
 .../grpc/xds/ClusterImplLoadBalancerTest.java | 33 +++++++++++++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 23f89d161e2..200d3cba0ea 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -385,6 +385,7 @@ private RequestLimitingSubchannelPicker(SubchannelPicker delegate,
       public PickResult pickSubchannel(PickSubchannelArgs args) {
         args.getCallOptions().getOption(ClusterImplLoadBalancerProvider.FILTER_METADATA_CONSUMER)
             .accept(filterMetadata);
+        args.getPickDetailsConsumer().addOptionalLabel("grpc.xds.cluster", cluster);
         for (DropOverload dropOverload : dropPolicies) {
           int rand = random.nextInt(1_000_000);
           if (rand < dropOverload.dropsPerMillion()) {
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index 1918ea5724c..9503442e383 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -271,7 +271,7 @@ public void nameResolutionError_afterChildPolicyInstantiated_propagateToDownstre
   }
 
   @Test
-  public void pick_addsLocalityLabel() {
+  public void pick_addsOptionalLabels() {
     LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
     WeightedTargetConfig weightedTargetConfig =
         buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
@@ -298,6 +298,31 @@ public void pick_addsLocalityLabel() {
     // The value will be determined by the parent policy, so can be different than the value used in
     // makeAddress() for the test.
     verify(detailsConsumer).addOptionalLabel("grpc.lb.locality", locality.toString());
+    verify(detailsConsumer).addOptionalLabel("grpc.xds.cluster", CLUSTER);
+  }
+
+  @Test
+  public void pick_noResult_addsClusterLabel() {
+    LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
+    WeightedTargetConfig weightedTargetConfig =
+        buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
+    ClusterImplConfig config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO,
+        null, Collections.<DropOverload>emptyList(),
+        GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+            weightedTargetProvider, weightedTargetConfig),
+        null, Collections.emptyMap());
+    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
+    deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
+    FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
+    leafBalancer.deliverSubchannelState(PickResult.withNoResult(), ConnectivityState.CONNECTING);
+    assertThat(currentState).isEqualTo(ConnectivityState.CONNECTING);
+
+    PickDetailsConsumer detailsConsumer = mock(PickDetailsConsumer.class);
+    pickSubchannelArgs = new PickSubchannelArgsImpl(
+      TestMethodDescriptors.voidMethod(), new Metadata(), CallOptions.DEFAULT, detailsConsumer);
+    PickResult result = currentPicker.pickSubchannel(pickSubchannelArgs);
+    assertThat(result.getStatus().isOk()).isTrue();
+    verify(detailsConsumer).addOptionalLabel("grpc.xds.cluster", CLUSTER);
   }
 
   @Test
@@ -1061,10 +1086,14 @@ public void shutdown() {
     }
 
     void deliverSubchannelState(final Subchannel subchannel, ConnectivityState state) {
+      deliverSubchannelState(PickResult.withSubchannel(subchannel), state);
+    }
+
+    void deliverSubchannelState(final PickResult result, ConnectivityState state) {
       SubchannelPicker picker = new SubchannelPicker() {
         @Override
         public PickResult pickSubchannel(PickSubchannelArgs args) {
-          return PickResult.withSubchannel(subchannel);
+          return result;
         }
       };
       helper.updateBalancingState(state, picker);

From 228dcf7a011e69cd40b83dc80ab1e6cf507ab512 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Mon, 13 Jan 2025 16:38:16 -0800
Subject: [PATCH 147/591] core: Alternate ipV4 and ipV6 addresses for Happy
 Eyeballs in PickFirstLeafLoadBalancer  (#11624)

* Interweave ipV4 and ipV6 addresses as per gRFC.
---
 .../internal/PickFirstLeafLoadBalancer.java   | 159 +++++++++++++-----
 .../PickFirstLeafLoadBalancerTest.java        |  87 +++++++++-
 2 files changed, 199 insertions(+), 47 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
index 6f4794fdd46..042f9e63630 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
@@ -34,6 +34,8 @@
 import io.grpc.LoadBalancer;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext.ScheduledHandle;
+import java.net.Inet4Address;
+import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -58,17 +60,17 @@ final class PickFirstLeafLoadBalancer extends LoadBalancer {
   private static final Logger log = Logger.getLogger(PickFirstLeafLoadBalancer.class.getName());
   @VisibleForTesting
   static final int CONNECTION_DELAY_INTERVAL_MS = 250;
+  private final boolean enableHappyEyeballs = !isSerializingRetries()
+      && PickFirstLoadBalancerProvider.isEnabledHappyEyeballs();
   private final Helper helper;
   private final Map<SocketAddress, SubchannelData> subchannels = new HashMap<>();
-  private final Index addressIndex = new Index(ImmutableList.of());
+  private final Index addressIndex = new Index(ImmutableList.of(), this.enableHappyEyeballs);
   private int numTf = 0;
   private boolean firstPass = true;
   @Nullable
   private ScheduledHandle scheduleConnectionTask = null;
   private ConnectivityState rawConnectivityState = IDLE;
   private ConnectivityState concludedState = IDLE;
-  private final boolean enableHappyEyeballs = !isSerializingRetries()
-      && PickFirstLoadBalancerProvider.isEnabledHappyEyeballs();
   private boolean notAPetiolePolicy = true; // means not under a petiole policy
   private final BackoffPolicy.Provider bkoffPolProvider = new ExponentialBackoffPolicy.Provider();
   private BackoffPolicy reconnectPolicy;
@@ -610,27 +612,26 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
   }
 
   /**
-   * Index as in 'i', the pointer to an entry. Not a "search index."
+   * This contains both an ordered list of addresses and a pointer(i.e. index) to the current entry.
    * All updates should be done in a synchronization context.
    */
   @VisibleForTesting
   static final class Index {
-    private List<EquivalentAddressGroup> addressGroups;
-    private int size;
-    private int groupIndex;
-    private int addressIndex;
+    private List<UnwrappedEag> orderedAddresses;
+    private int activeElement = 0;
+    private boolean enableHappyEyeballs;
 
-    public Index(List<EquivalentAddressGroup> groups) {
+    Index(List<EquivalentAddressGroup> groups, boolean enableHappyEyeballs) {
+      this.enableHappyEyeballs = enableHappyEyeballs;
       updateGroups(groups);
     }
 
     public boolean isValid() {
-      // Is invalid if empty or has incremented off the end
-      return groupIndex < addressGroups.size();
+      return activeElement < orderedAddresses.size();
     }
 
     public boolean isAtBeginning() {
-      return groupIndex == 0 && addressIndex == 0;
+      return activeElement == 0;
     }
 
     /**
@@ -642,79 +643,150 @@ public boolean increment() {
         return false;
       }
 
-      EquivalentAddressGroup group = addressGroups.get(groupIndex);
-      addressIndex++;
-      if (addressIndex >= group.getAddresses().size()) {
-        groupIndex++;
-        addressIndex = 0;
-        return groupIndex < addressGroups.size();
-      }
+      activeElement++;
 
-      return true;
+      return isValid();
     }
 
     public void reset() {
-      groupIndex = 0;
-      addressIndex = 0;
+      activeElement = 0;
     }
 
     public SocketAddress getCurrentAddress() {
       if (!isValid()) {
         throw new IllegalStateException("Index is past the end of the address group list");
       }
-      return addressGroups.get(groupIndex).getAddresses().get(addressIndex);
+      return orderedAddresses.get(activeElement).address;
     }
 
     public Attributes getCurrentEagAttributes() {
       if (!isValid()) {
         throw new IllegalStateException("Index is off the end of the address group list");
       }
-      return addressGroups.get(groupIndex).getAttributes();
+      return orderedAddresses.get(activeElement).attributes;
     }
 
     public List<EquivalentAddressGroup> getCurrentEagAsList() {
-      return Collections.singletonList(
-          new EquivalentAddressGroup(getCurrentAddress(), getCurrentEagAttributes()));
+      return Collections.singletonList(getCurrentEag());
+    }
+
+    private EquivalentAddressGroup getCurrentEag() {
+      if (!isValid()) {
+        throw new IllegalStateException("Index is past the end of the address group list");
+      }
+      return orderedAddresses.get(activeElement).asEag();
     }
 
     /**
      * Update to new groups, resetting the current index.
      */
     public void updateGroups(List<EquivalentAddressGroup> newGroups) {
-      addressGroups = checkNotNull(newGroups, "newGroups");
+      checkNotNull(newGroups, "newGroups");
+      orderedAddresses = enableHappyEyeballs
+                             ? updateGroupsHE(newGroups)
+                             : updateGroupsNonHE(newGroups);
       reset();
-      int size = 0;
-      for (EquivalentAddressGroup eag : newGroups) {
-        size += eag.getAddresses().size();
-      }
-      this.size = size;
     }
 
     /**
      * Returns false if the needle was not found and the current index was left unchanged.
      */
     public boolean seekTo(SocketAddress needle) {
-      for (int i = 0; i < addressGroups.size(); i++) {
-        EquivalentAddressGroup group = addressGroups.get(i);
-        int j = group.getAddresses().indexOf(needle);
-        if (j == -1) {
-          continue;
+      checkNotNull(needle, "needle");
+      for (int i = 0; i < orderedAddresses.size(); i++) {
+        if (orderedAddresses.get(i).address.equals(needle)) {
+          this.activeElement = i;
+          return true;
         }
-        this.groupIndex = i;
-        this.addressIndex = j;
-        return true;
       }
       return false;
     }
 
     public int size() {
-      return size;
+      return orderedAddresses.size();
+    }
+
+    private List<UnwrappedEag> updateGroupsNonHE(List<EquivalentAddressGroup> newGroups) {
+      List<UnwrappedEag> entries = new ArrayList<>();
+      for (int g = 0; g < newGroups.size(); g++) {
+        EquivalentAddressGroup eag = newGroups.get(g);
+        for (int a = 0; a < eag.getAddresses().size(); a++) {
+          SocketAddress addr = eag.getAddresses().get(a);
+          entries.add(new UnwrappedEag(eag.getAttributes(), addr));
+        }
+      }
+
+      return entries;
+    }
+
+    private List<UnwrappedEag> updateGroupsHE(List<EquivalentAddressGroup> newGroups) {
+      Boolean firstIsV6 = null;
+      List<UnwrappedEag> v4Entries = new ArrayList<>();
+      List<UnwrappedEag> v6Entries = new ArrayList<>();
+      for (int g = 0; g <  newGroups.size(); g++) {
+        EquivalentAddressGroup eag = newGroups.get(g);
+        for (int a = 0; a < eag.getAddresses().size(); a++) {
+          SocketAddress addr = eag.getAddresses().get(a);
+          boolean isIpV4 = addr instanceof InetSocketAddress
+              && ((InetSocketAddress) addr).getAddress() instanceof Inet4Address;
+          if (isIpV4) {
+            if (firstIsV6 == null) {
+              firstIsV6 = false;
+            }
+            v4Entries.add(new UnwrappedEag(eag.getAttributes(), addr));
+          } else {
+            if (firstIsV6 == null) {
+              firstIsV6 = true;
+            }
+            v6Entries.add(new UnwrappedEag(eag.getAttributes(), addr));
+          }
+        }
+      }
+
+      return firstIsV6 != null && firstIsV6
+          ? interleave(v6Entries, v4Entries)
+          : interleave(v4Entries, v6Entries);
+    }
+
+    private List<UnwrappedEag> interleave(List<UnwrappedEag> firstFamily,
+                                          List<UnwrappedEag> secondFamily) {
+      if (firstFamily.isEmpty()) {
+        return secondFamily;
+      }
+      if (secondFamily.isEmpty()) {
+        return firstFamily;
+      }
+
+      List<UnwrappedEag> result = new ArrayList<>(firstFamily.size() + secondFamily.size());
+      for (int i = 0; i < Math.max(firstFamily.size(), secondFamily.size()); i++) {
+        if (i < firstFamily.size()) {
+          result.add(firstFamily.get(i));
+        }
+        if (i < secondFamily.size()) {
+          result.add(secondFamily.get(i));
+        }
+      }
+      return result;
+    }
+
+    private static final class UnwrappedEag {
+      private final Attributes attributes;
+      private final SocketAddress address;
+
+      public UnwrappedEag(Attributes attributes, SocketAddress address) {
+        this.attributes = attributes;
+        this.address = address;
+      }
+
+      private EquivalentAddressGroup asEag() {
+        return new EquivalentAddressGroup(address, attributes);
+      }
     }
   }
 
   @VisibleForTesting
-  int getGroupIndex() {
-    return addressIndex.groupIndex;
+  int getIndexLocation() {
+    return addressIndex.activeElement;
   }
 
   @VisibleForTesting
@@ -778,4 +850,5 @@ public PickFirstLeafLoadBalancerConfig(@Nullable Boolean shuffleAddressList) {
       this.randomSeed = randomSeed;
     }
   }
+
 }
diff --git a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
index f0031a6ae62..61bcb5c05ab 100644
--- a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
+++ b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
@@ -32,6 +32,7 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assume.assumeTrue;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
@@ -67,6 +68,7 @@
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.PickFirstLeafLoadBalancer.PickFirstLeafLoadBalancerConfig;
+import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -2618,7 +2620,7 @@ public void serialized_retries_two_passes() {
     forwardTimeByBackoffDelay(); // should trigger retry again
     for (int i = 0; i < subchannels.length; i++) {
       inOrder.verify(subchannels[i]).requestConnection();
-      assertEquals(i, loadBalancer.getGroupIndex());
+      assertEquals(i, loadBalancer.getIndexLocation());
       listeners[i].onSubchannelState(ConnectivityStateInfo.forTransientFailure(error)); // cascade
     }
   }
@@ -2637,7 +2639,7 @@ public void index_looping() {
     PickFirstLeafLoadBalancer.Index index = new PickFirstLeafLoadBalancer.Index(Arrays.asList(
         new EquivalentAddressGroup(Arrays.asList(addr1, addr2), attr1),
         new EquivalentAddressGroup(Arrays.asList(addr3), attr2),
-        new EquivalentAddressGroup(Arrays.asList(addr4, addr5), attr3)));
+        new EquivalentAddressGroup(Arrays.asList(addr4, addr5), attr3)), enableHappyEyeballs);
     assertThat(index.getCurrentAddress()).isSameInstanceAs(addr1);
     assertThat(index.getCurrentEagAttributes()).isSameInstanceAs(attr1);
     assertThat(index.isAtBeginning()).isTrue();
@@ -2696,7 +2698,7 @@ public void index_updateGroups_resets() {
     SocketAddress addr3 = new FakeSocketAddress("addr3");
     PickFirstLeafLoadBalancer.Index index = new PickFirstLeafLoadBalancer.Index(Arrays.asList(
         new EquivalentAddressGroup(Arrays.asList(addr1)),
-        new EquivalentAddressGroup(Arrays.asList(addr2, addr3))));
+        new EquivalentAddressGroup(Arrays.asList(addr2, addr3))), enableHappyEyeballs);
     index.increment();
     index.increment();
     // We want to make sure both groupIndex and addressIndex are reset
@@ -2713,7 +2715,7 @@ public void index_seekTo() {
     SocketAddress addr3 = new FakeSocketAddress("addr3");
     PickFirstLeafLoadBalancer.Index index = new PickFirstLeafLoadBalancer.Index(Arrays.asList(
         new EquivalentAddressGroup(Arrays.asList(addr1, addr2)),
-        new EquivalentAddressGroup(Arrays.asList(addr3))));
+        new EquivalentAddressGroup(Arrays.asList(addr3))), enableHappyEyeballs);
     assertThat(index.seekTo(addr3)).isTrue();
     assertThat(index.getCurrentAddress()).isSameInstanceAs(addr3);
     assertThat(index.seekTo(addr1)).isTrue();
@@ -2725,6 +2727,83 @@ public void index_seekTo() {
     assertThat(index.getCurrentAddress()).isSameInstanceAs(addr2);
   }
 
+  @Test
+  public void index_interleaving() {
+    InetSocketAddress addr1_6 = new InetSocketAddress("f38:1:1", 1234);
+    InetSocketAddress addr1_4 = new InetSocketAddress("10.1.1.1", 1234);
+    InetSocketAddress addr2_4 = new InetSocketAddress("10.1.1.2", 1234);
+    InetSocketAddress addr3_4 = new InetSocketAddress("10.1.1.3", 1234);
+    InetSocketAddress addr4_4 = new InetSocketAddress("10.1.1.4", 1234);
+    InetSocketAddress addr4_6 = new InetSocketAddress("f38:1:4", 1234);
+
+    Attributes attrs1 = Attributes.newBuilder().build();
+    Attributes attrs2 = Attributes.newBuilder().build();
+    Attributes attrs3 = Attributes.newBuilder().build();
+    Attributes attrs4 = Attributes.newBuilder().build();
+
+    PickFirstLeafLoadBalancer.Index index = new PickFirstLeafLoadBalancer.Index(Arrays.asList(
+        new EquivalentAddressGroup(Arrays.asList(addr1_4, addr1_6), attrs1),
+        new EquivalentAddressGroup(Arrays.asList(addr2_4), attrs2),
+        new EquivalentAddressGroup(Arrays.asList(addr3_4), attrs3),
+        new EquivalentAddressGroup(Arrays.asList(addr4_4, addr4_6), attrs4)), enableHappyEyeballs);
+
+    assertThat(index.getCurrentAddress()).isSameInstanceAs(addr1_4);
+    assertThat(index.getCurrentEagAttributes()).isSameInstanceAs(attrs1);
+    assertThat(index.isAtBeginning()).isTrue();
+
+    index.increment();
+    assertThat(index.isValid()).isTrue();
+    assertThat(index.getCurrentAddress()).isSameInstanceAs(addr1_6);
+    assertThat(index.getCurrentEagAttributes()).isSameInstanceAs(attrs1);
+    assertThat(index.isAtBeginning()).isFalse();
+
+    index.increment();
+    assertThat(index.getCurrentAddress()).isSameInstanceAs(addr2_4);
+    assertThat(index.getCurrentEagAttributes()).isSameInstanceAs(attrs2);
+
+    index.increment();
+    if (enableHappyEyeballs) {
+      assertThat(index.getCurrentAddress()).isSameInstanceAs(addr4_6);
+      assertThat(index.getCurrentEagAttributes()).isSameInstanceAs(attrs4);
+    } else {
+      assertThat(index.getCurrentAddress()).isSameInstanceAs(addr3_4);
+      assertThat(index.getCurrentEagAttributes()).isSameInstanceAs(attrs3);
+    }
+
+    index.increment();
+    if (enableHappyEyeballs) {
+      assertThat(index.getCurrentAddress()).isSameInstanceAs(addr3_4);
+      assertThat(index.getCurrentEagAttributes()).isSameInstanceAs(attrs3);
+    } else {
+      assertThat(index.getCurrentAddress()).isSameInstanceAs(addr4_4);
+      assertThat(index.getCurrentEagAttributes()).isSameInstanceAs(attrs4);
+    }
+
+    // Move to last entry
+    assertThat(index.increment()).isTrue();
+    assertThat(index.isValid()).isTrue();
+    if (enableHappyEyeballs) {
+      assertThat(index.getCurrentAddress()).isSameInstanceAs(addr4_4);
+    } else {
+      assertThat(index.getCurrentAddress()).isSameInstanceAs(addr4_6);
+    }
+
+    // Move off of the end
+    assertThat(index.increment()).isFalse();
+    assertThat(index.isValid()).isFalse();
+    assertThrows(IllegalStateException.class, index::getCurrentAddress);
+
+    // Reset
+    index.reset();
+    assertThat(index.getCurrentAddress()).isSameInstanceAs(addr1_4);
+    assertThat(index.isAtBeginning()).isTrue();
+    assertThat(index.isValid()).isTrue();
+
+    // Seek to an address
+    assertThat(index.seekTo(addr4_4)).isTrue();
+    assertThat(index.getCurrentAddress()).isSameInstanceAs(addr4_4);
+  }
+
   private static class FakeSocketAddress extends SocketAddress {
     final String name;
 

From 87b27b154538eaa3114c7280f02da2c4fdb0c91f Mon Sep 17 00:00:00 2001
From: zbilun <zbilun@google.com>
Date: Mon, 13 Jan 2025 17:57:39 -0800
Subject: [PATCH 148/591] interop-testing: fix peer extraction issue in soak
 test iterations

This PR resolves an issue with peer address extraction in the soak
test.

In current `TestServiceClient` implementation, the same
`clientCallCapture` atomic is shared across threads, leading to
incorrect peer extraction. This fix ensures that each thread uses a
local variable for capturing the client call.
---
 .../io/grpc/testing/integration/AbstractInteropTest.java   | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index 11fe9832fd9..3f2aa048dec 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -1874,14 +1874,15 @@ private void executeSoakTestInThread(
       }
       long earliestNextStartNs = System.nanoTime()
           + TimeUnit.MILLISECONDS.toNanos(minTimeMsBetweenRpcs);
-
+      // recordClientCallInterceptor takes an AtomicReference.
+      AtomicReference<ClientCall<?, ?>> soakThreadClientCallCapture = new AtomicReference<>();
       currentChannel = maybeCreateChannel.apply(currentChannel);
       TestServiceGrpc.TestServiceBlockingStub currentStub = TestServiceGrpc
           .newBlockingStub(currentChannel)
-              .withInterceptors(recordClientCallInterceptor(clientCallCapture));
+              .withInterceptors(recordClientCallInterceptor(soakThreadClientCallCapture));
       SoakIterationResult result = performOneSoakIteration(currentStub,
           soakRequestSize, soakResponseSize);
-      SocketAddress peer = clientCallCapture
+      SocketAddress peer = soakThreadClientCallCapture
           .get().getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR);
       StringBuilder logStr = new StringBuilder(
           String.format(

From 87c7b7a375ac9addbffa581e6d4c28b7203b6dcb Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 14 Jan 2025 07:15:29 -0800
Subject: [PATCH 149/591] interop-testing: Move soak out of AbstractInteropTest

The soak code grew considerably in 6a92a2a22e. Since it isn't a JUnit
test and doesn't resemble the other tests, it doesn't belong in
AbstractInteropTest. AbstractInteropTest has lots of users, including it
being re-compiled for use on Android, so moving it out makes the
remaining code more clear for the more common cases.
---
 android-interop-testing/build.gradle          |   1 -
 .../integration/AbstractInteropTest.java      | 231 --------------
 .../grpc/testing/integration/SoakClient.java  | 295 ++++++++++++++++++
 .../integration/TestServiceClient.java        |  16 +-
 .../integration/XdsFederationTestClient.java  |  56 ++--
 5 files changed, 330 insertions(+), 269 deletions(-)
 create mode 100644 interop-testing/src/main/java/io/grpc/testing/integration/SoakClient.java

diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index 1d39aee1750..4f775d734e9 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -73,7 +73,6 @@ dependencies {
             project(':grpc-protobuf-lite'),
             project(':grpc-stub'),
             project(':grpc-testing'),
-            libraries.hdrhistogram,
             libraries.junit,
             libraries.truth,
             libraries.androidx.test.rules,
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index 3f2aa048dec..88d570e7134 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -28,7 +28,6 @@
 import static org.junit.Assert.fail;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Function;
 import com.google.common.base.Throwables;
 import com.google.common.collect.ImmutableList;
 import com.google.common.io.ByteStreams;
@@ -120,7 +119,6 @@
 import javax.annotation.Nullable;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
-import org.HdrHistogram.Histogram;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Assume;
@@ -1681,235 +1679,6 @@ public void getServerAddressAndLocalAddressFromClient() {
     assertNotNull(obtainLocalClientAddr());
   }
 
-  private static class SoakIterationResult {
-    public SoakIterationResult(long latencyMs, Status status) {
-      this.latencyMs = latencyMs;
-      this.status = status;
-    }
-
-    public long getLatencyMs() {
-      return latencyMs;
-    }
-
-    public Status getStatus() {
-      return status;
-    }
-
-    private long latencyMs = -1;
-    private Status status = Status.OK;
-  }
-
-
-  private static class ThreadResults {
-    private int threadFailures = 0;
-    private int iterationsDone = 0;
-    private Histogram latencies = new Histogram(4);
-
-    public int getThreadFailures() {
-      return threadFailures;
-    }
-
-    public int getIterationsDone() {
-      return iterationsDone;
-    }
-
-    public Histogram getLatencies() {
-      return latencies;
-    }
-  }
-
-  private SoakIterationResult performOneSoakIteration(
-      TestServiceGrpc.TestServiceBlockingStub soakStub, int soakRequestSize, int soakResponseSize)
-      throws InterruptedException {
-    long startNs = System.nanoTime();
-    Status status = Status.OK;
-    try {
-      final SimpleRequest request =
-          SimpleRequest.newBuilder()
-              .setResponseSize(soakResponseSize)
-              .setPayload(
-                  Payload.newBuilder().setBody(ByteString.copyFrom(new byte[soakRequestSize])))
-              .build();
-      final SimpleResponse goldenResponse =
-          SimpleResponse.newBuilder()
-              .setPayload(
-                  Payload.newBuilder().setBody(ByteString.copyFrom(new byte[soakResponseSize])))
-              .build();
-      assertResponse(goldenResponse, soakStub.unaryCall(request));
-    } catch (StatusRuntimeException e) {
-      status = e.getStatus();
-    }
-    long elapsedNs = System.nanoTime() - startNs;
-    return new SoakIterationResult(TimeUnit.NANOSECONDS.toMillis(elapsedNs), status);
-  }
-
-  /**
-   * Runs large unary RPCs in a loop with configurable failure thresholds
-   * and channel creation behavior.
-   */
-  public void performSoakTest(
-      String serverUri,
-      int soakIterations,
-      int maxFailures,
-      int maxAcceptablePerIterationLatencyMs,
-      int minTimeMsBetweenRpcs,
-      int overallTimeoutSeconds,
-      int soakRequestSize,
-      int soakResponseSize,
-      int numThreads,
-      Function<ManagedChannel, ManagedChannel> createNewChannel)
-      throws InterruptedException {
-    if (soakIterations % numThreads != 0) {
-      throw new IllegalArgumentException("soakIterations must be evenly divisible by numThreads.");
-    }
-    ManagedChannel sharedChannel = createChannel();
-    long startNs = System.nanoTime();
-    Thread[] threads = new Thread[numThreads];
-    int soakIterationsPerThread = soakIterations / numThreads;
-    List<ThreadResults> threadResultsList = new ArrayList<>(numThreads);
-    for (int i = 0; i < numThreads; i++) {
-      threadResultsList.add(new ThreadResults());
-    }
-    for (int threadInd = 0; threadInd < numThreads; threadInd++) {
-      final int currentThreadInd = threadInd;
-      threads[threadInd] = new Thread(() -> {
-        try {
-          executeSoakTestInThread(
-              soakIterationsPerThread,
-              startNs,
-              minTimeMsBetweenRpcs,
-              soakRequestSize,
-              soakResponseSize,
-              maxAcceptablePerIterationLatencyMs,
-              overallTimeoutSeconds,
-              serverUri,
-              threadResultsList.get(currentThreadInd),
-              sharedChannel,
-              createNewChannel);
-        } catch (InterruptedException e) {
-          Thread.currentThread().interrupt();
-          throw new RuntimeException("Thread interrupted: " + e.getMessage(), e);
-        }
-      });
-      threads[threadInd].start();
-    }
-    for (Thread thread : threads) {
-      thread.join();
-    }
-
-    int totalFailures = 0;
-    int iterationsDone = 0;
-    Histogram latencies = new Histogram(4);
-    for (ThreadResults threadResult :threadResultsList) {
-      totalFailures += threadResult.getThreadFailures();
-      iterationsDone += threadResult.getIterationsDone();
-      latencies.add(threadResult.getLatencies());
-    }
-    System.err.println(
-        String.format(
-            Locale.US,
-            "(server_uri: %s) soak test ran: %d / %d iterations. total failures: %d. "
-                + "p50: %d ms, p90: %d ms, p100: %d ms",
-            serverUri,
-            iterationsDone,
-            soakIterations,
-            totalFailures,
-            latencies.getValueAtPercentile(50),
-            latencies.getValueAtPercentile(90),
-            latencies.getValueAtPercentile(100)));
-    // check if we timed out
-    String timeoutErrorMessage =
-        String.format(
-            Locale.US,
-            "(server_uri: %s) soak test consumed all %d seconds of time and quit early, "
-                + "only having ran %d out of desired %d iterations.",
-            serverUri,
-            overallTimeoutSeconds,
-            iterationsDone,
-            soakIterations);
-    assertEquals(timeoutErrorMessage, iterationsDone, soakIterations);
-    // check if we had too many failures
-    String tooManyFailuresErrorMessage =
-        String.format(
-            Locale.US,
-            "(server_uri: %s) soak test total failures: %d exceeds max failures "
-                + "threshold: %d.",
-            serverUri, totalFailures, maxFailures);
-    assertTrue(tooManyFailuresErrorMessage, totalFailures <= maxFailures);
-    shutdownChannel(sharedChannel);
-  }
-
-  private void shutdownChannel(ManagedChannel channel) throws InterruptedException {
-    if (channel != null) {
-      channel.shutdownNow();
-      channel.awaitTermination(10, TimeUnit.SECONDS);
-    }
-  }
-
-  protected ManagedChannel createNewChannel(ManagedChannel currentChannel) {
-    try {
-      shutdownChannel(currentChannel);
-      return createChannel();
-    } catch (InterruptedException e) {
-      throw new RuntimeException("Interrupted while creating a new channel", e);
-    }
-  }
-
-  private void executeSoakTestInThread(
-      int soakIterationsPerThread,
-      long startNs,
-      int minTimeMsBetweenRpcs,
-      int soakRequestSize,
-      int soakResponseSize,
-      int maxAcceptablePerIterationLatencyMs,
-      int overallTimeoutSeconds,
-      String serverUri,
-      ThreadResults threadResults,
-      ManagedChannel sharedChannel,
-      Function<ManagedChannel, ManagedChannel> maybeCreateChannel) throws InterruptedException {
-    ManagedChannel currentChannel = sharedChannel;
-    for (int i = 0; i < soakIterationsPerThread; i++) {
-      if (System.nanoTime() - startNs >= TimeUnit.SECONDS.toNanos(overallTimeoutSeconds)) {
-        break;
-      }
-      long earliestNextStartNs = System.nanoTime()
-          + TimeUnit.MILLISECONDS.toNanos(minTimeMsBetweenRpcs);
-      // recordClientCallInterceptor takes an AtomicReference.
-      AtomicReference<ClientCall<?, ?>> soakThreadClientCallCapture = new AtomicReference<>();
-      currentChannel = maybeCreateChannel.apply(currentChannel);
-      TestServiceGrpc.TestServiceBlockingStub currentStub = TestServiceGrpc
-          .newBlockingStub(currentChannel)
-              .withInterceptors(recordClientCallInterceptor(soakThreadClientCallCapture));
-      SoakIterationResult result = performOneSoakIteration(currentStub,
-          soakRequestSize, soakResponseSize);
-      SocketAddress peer = soakThreadClientCallCapture
-          .get().getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR);
-      StringBuilder logStr = new StringBuilder(
-          String.format(
-              Locale.US,
-              "thread id: %d soak iteration: %d elapsed_ms: %d peer: %s server_uri: %s",
-              Thread.currentThread().getId(),
-              i, result.getLatencyMs(), peer != null ? peer.toString() : "null", serverUri));
-      if (!result.getStatus().equals(Status.OK)) {
-        threadResults.threadFailures++;
-        logStr.append(String.format(" failed: %s", result.getStatus()));
-      } else if (result.getLatencyMs() > maxAcceptablePerIterationLatencyMs) {
-        threadResults.threadFailures++;
-        logStr.append(
-            " exceeds max acceptable latency: " + maxAcceptablePerIterationLatencyMs);
-      } else {
-        logStr.append(" succeeded");
-      }
-      System.err.println(logStr.toString());
-      threadResults.iterationsDone++;
-      threadResults.getLatencies().recordValue(result.getLatencyMs());
-      long remainingNs = earliestNextStartNs - System.nanoTime();
-      if (remainingNs > 0) {
-        TimeUnit.NANOSECONDS.sleep(remainingNs);
-      }
-    }
-  }
-
   private static void assertSuccess(StreamRecorder<?> recorder) {
     if (recorder.getError() != null) {
       throw new AssertionError(recorder.getError());
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/SoakClient.java b/interop-testing/src/main/java/io/grpc/testing/integration/SoakClient.java
new file mode 100644
index 00000000000..935586cfbdd
--- /dev/null
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/SoakClient.java
@@ -0,0 +1,295 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.testing.integration;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import com.google.common.base.Function;
+import com.google.protobuf.ByteString;
+import io.grpc.CallOptions;
+import io.grpc.Channel;
+import io.grpc.ClientCall;
+import io.grpc.ClientInterceptor;
+import io.grpc.Grpc;
+import io.grpc.ManagedChannel;
+import io.grpc.MethodDescriptor;
+import io.grpc.Status;
+import io.grpc.StatusRuntimeException;
+import io.grpc.testing.integration.Messages.Payload;
+import io.grpc.testing.integration.Messages.SimpleRequest;
+import io.grpc.testing.integration.Messages.SimpleResponse;
+import java.net.SocketAddress;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+import org.HdrHistogram.Histogram;
+
+/**
+ * Shared implementation for rpc_soak and channel_soak. Unlike the tests in AbstractInteropTest,
+ * these "test cases" are only intended to be run from the command line. They don't fit the regular
+ * test patterns of AbstractInteropTest.
+ * https://github.com/grpc/grpc/blob/master/doc/interop-test-descriptions.md#rpc_soak
+ */
+final class SoakClient {
+  private static class SoakIterationResult {
+    public SoakIterationResult(long latencyMs, Status status) {
+      this.latencyMs = latencyMs;
+      this.status = status;
+    }
+
+    public long getLatencyMs() {
+      return latencyMs;
+    }
+
+    public Status getStatus() {
+      return status;
+    }
+
+    private long latencyMs = -1;
+    private Status status = Status.OK;
+  }
+
+  private static class ThreadResults {
+    private int threadFailures = 0;
+    private int iterationsDone = 0;
+    private Histogram latencies = new Histogram(4);
+
+    public int getThreadFailures() {
+      return threadFailures;
+    }
+
+    public int getIterationsDone() {
+      return iterationsDone;
+    }
+
+    public Histogram getLatencies() {
+      return latencies;
+    }
+  }
+
+  private static SoakIterationResult performOneSoakIteration(
+      TestServiceGrpc.TestServiceBlockingStub soakStub, int soakRequestSize, int soakResponseSize)
+      throws InterruptedException {
+    long startNs = System.nanoTime();
+    Status status = Status.OK;
+    try {
+      final SimpleRequest request =
+          SimpleRequest.newBuilder()
+              .setResponseSize(soakResponseSize)
+              .setPayload(
+                  Payload.newBuilder().setBody(ByteString.copyFrom(new byte[soakRequestSize])))
+              .build();
+      final SimpleResponse goldenResponse =
+          SimpleResponse.newBuilder()
+              .setPayload(
+                  Payload.newBuilder().setBody(ByteString.copyFrom(new byte[soakResponseSize])))
+              .build();
+      assertResponse(goldenResponse, soakStub.unaryCall(request));
+    } catch (StatusRuntimeException e) {
+      status = e.getStatus();
+    }
+    long elapsedNs = System.nanoTime() - startNs;
+    return new SoakIterationResult(TimeUnit.NANOSECONDS.toMillis(elapsedNs), status);
+  }
+
+  /**
+   * Runs large unary RPCs in a loop with configurable failure thresholds
+   * and channel creation behavior.
+   */
+  public static void performSoakTest(
+      String serverUri,
+      int soakIterations,
+      int maxFailures,
+      int maxAcceptablePerIterationLatencyMs,
+      int minTimeMsBetweenRpcs,
+      int overallTimeoutSeconds,
+      int soakRequestSize,
+      int soakResponseSize,
+      int numThreads,
+      ManagedChannel sharedChannel,
+      Function<ManagedChannel, ManagedChannel> maybeCreateChannel)
+      throws InterruptedException {
+    if (soakIterations % numThreads != 0) {
+      throw new IllegalArgumentException("soakIterations must be evenly divisible by numThreads.");
+    }
+    long startNs = System.nanoTime();
+    Thread[] threads = new Thread[numThreads];
+    int soakIterationsPerThread = soakIterations / numThreads;
+    List<ThreadResults> threadResultsList = new ArrayList<>(numThreads);
+    for (int i = 0; i < numThreads; i++) {
+      threadResultsList.add(new ThreadResults());
+    }
+    for (int threadInd = 0; threadInd < numThreads; threadInd++) {
+      final int currentThreadInd = threadInd;
+      threads[threadInd] = new Thread(() -> {
+        try {
+          executeSoakTestInThread(
+              soakIterationsPerThread,
+              startNs,
+              minTimeMsBetweenRpcs,
+              soakRequestSize,
+              soakResponseSize,
+              maxAcceptablePerIterationLatencyMs,
+              overallTimeoutSeconds,
+              serverUri,
+              threadResultsList.get(currentThreadInd),
+              sharedChannel,
+              maybeCreateChannel);
+        } catch (InterruptedException e) {
+          Thread.currentThread().interrupt();
+          throw new RuntimeException("Thread interrupted: " + e.getMessage(), e);
+        }
+      });
+      threads[threadInd].start();
+    }
+    for (Thread thread : threads) {
+      thread.join();
+    }
+
+    int totalFailures = 0;
+    int iterationsDone = 0;
+    Histogram latencies = new Histogram(4);
+    for (ThreadResults threadResult :threadResultsList) {
+      totalFailures += threadResult.getThreadFailures();
+      iterationsDone += threadResult.getIterationsDone();
+      latencies.add(threadResult.getLatencies());
+    }
+    System.err.println(
+        String.format(
+            Locale.US,
+            "(server_uri: %s) soak test ran: %d / %d iterations. total failures: %d. "
+                + "p50: %d ms, p90: %d ms, p100: %d ms",
+            serverUri,
+            iterationsDone,
+            soakIterations,
+            totalFailures,
+            latencies.getValueAtPercentile(50),
+            latencies.getValueAtPercentile(90),
+            latencies.getValueAtPercentile(100)));
+    // check if we timed out
+    String timeoutErrorMessage =
+        String.format(
+            Locale.US,
+            "(server_uri: %s) soak test consumed all %d seconds of time and quit early, "
+                + "only having ran %d out of desired %d iterations.",
+            serverUri,
+            overallTimeoutSeconds,
+            iterationsDone,
+            soakIterations);
+    assertEquals(timeoutErrorMessage, iterationsDone, soakIterations);
+    // check if we had too many failures
+    String tooManyFailuresErrorMessage =
+        String.format(
+            Locale.US,
+            "(server_uri: %s) soak test total failures: %d exceeds max failures "
+                + "threshold: %d.",
+            serverUri, totalFailures, maxFailures);
+    assertTrue(tooManyFailuresErrorMessage, totalFailures <= maxFailures);
+    sharedChannel.shutdownNow();
+    sharedChannel.awaitTermination(10, TimeUnit.SECONDS);
+  }
+
+  private static void executeSoakTestInThread(
+      int soakIterationsPerThread,
+      long startNs,
+      int minTimeMsBetweenRpcs,
+      int soakRequestSize,
+      int soakResponseSize,
+      int maxAcceptablePerIterationLatencyMs,
+      int overallTimeoutSeconds,
+      String serverUri,
+      ThreadResults threadResults,
+      ManagedChannel sharedChannel,
+      Function<ManagedChannel, ManagedChannel> maybeCreateChannel) throws InterruptedException {
+    ManagedChannel currentChannel = sharedChannel;
+    for (int i = 0; i < soakIterationsPerThread; i++) {
+      if (System.nanoTime() - startNs >= TimeUnit.SECONDS.toNanos(overallTimeoutSeconds)) {
+        break;
+      }
+      long earliestNextStartNs = System.nanoTime()
+          + TimeUnit.MILLISECONDS.toNanos(minTimeMsBetweenRpcs);
+      // recordClientCallInterceptor takes an AtomicReference.
+      AtomicReference<ClientCall<?, ?>> soakThreadClientCallCapture = new AtomicReference<>();
+      currentChannel = maybeCreateChannel.apply(currentChannel);
+      TestServiceGrpc.TestServiceBlockingStub currentStub = TestServiceGrpc
+          .newBlockingStub(currentChannel)
+              .withInterceptors(recordClientCallInterceptor(soakThreadClientCallCapture));
+      SoakIterationResult result = performOneSoakIteration(currentStub,
+          soakRequestSize, soakResponseSize);
+      SocketAddress peer = soakThreadClientCallCapture
+          .get().getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR);
+      StringBuilder logStr = new StringBuilder(
+          String.format(
+              Locale.US,
+              "thread id: %d soak iteration: %d elapsed_ms: %d peer: %s server_uri: %s",
+              Thread.currentThread().getId(),
+              i, result.getLatencyMs(), peer != null ? peer.toString() : "null", serverUri));
+      if (!result.getStatus().equals(Status.OK)) {
+        threadResults.threadFailures++;
+        logStr.append(String.format(" failed: %s", result.getStatus()));
+      } else if (result.getLatencyMs() > maxAcceptablePerIterationLatencyMs) {
+        threadResults.threadFailures++;
+        logStr.append(
+            " exceeds max acceptable latency: " + maxAcceptablePerIterationLatencyMs);
+      } else {
+        logStr.append(" succeeded");
+      }
+      System.err.println(logStr.toString());
+      threadResults.iterationsDone++;
+      threadResults.getLatencies().recordValue(result.getLatencyMs());
+      long remainingNs = earliestNextStartNs - System.nanoTime();
+      if (remainingNs > 0) {
+        TimeUnit.NANOSECONDS.sleep(remainingNs);
+      }
+    }
+  }
+
+  private static void assertResponse(SimpleResponse expected, SimpleResponse actual) {
+    assertPayload(expected.getPayload(), actual.getPayload());
+    assertEquals(expected.getUsername(), actual.getUsername());
+    assertEquals(expected.getOauthScope(), actual.getOauthScope());
+  }
+
+  private static void assertPayload(Payload expected, Payload actual) {
+    // Compare non deprecated fields in Payload, to make this test forward compatible.
+    if (expected == null || actual == null) {
+      assertEquals(expected, actual);
+    } else {
+      assertEquals(expected.getBody(), actual.getBody());
+    }
+  }
+
+  /**
+   * Captures the ClientCall. Useful for testing {@link ClientCall#getAttributes()}
+   */
+  private static ClientInterceptor recordClientCallInterceptor(
+      final AtomicReference<ClientCall<?, ?>> clientCallCapture) {
+    return new ClientInterceptor() {
+      @Override
+      public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
+          MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
+        ClientCall<ReqT, RespT> clientCall = next.newCall(method,callOptions);
+        clientCallCapture.set(clientCall);
+        return clientCall;
+      }
+    };
+  }
+
+}
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
index 8ade38cb024..125d876b705 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
@@ -523,7 +523,7 @@ private void runTest(TestCases testCase) throws Exception {
       }
 
       case RPC_SOAK: {
-        tester.performSoakTest(
+        SoakClient.performSoakTest(
             serverHost,
             soakIterations,
             soakMaxFailures,
@@ -533,12 +533,13 @@ private void runTest(TestCases testCase) throws Exception {
             soakRequestSize,
             soakResponseSize,
             numThreads,
+            tester.createChannelBuilder().build(),
             (currentChannel) -> currentChannel);
         break;
       }
 
       case CHANNEL_SOAK: {
-        tester.performSoakTest(
+        SoakClient.performSoakTest(
             serverHost,
             soakIterations,
             soakMaxFailures,
@@ -548,6 +549,7 @@ private void runTest(TestCases testCase) throws Exception {
             soakRequestSize,
             soakResponseSize,
             numThreads,
+            tester.createChannelBuilder().build(),
             (currentChannel) -> tester.createNewChannel(currentChannel));
         break;
       }
@@ -711,6 +713,16 @@ protected ManagedChannelBuilder<?> createChannelBuilder() {
       return okBuilder.intercept(createCensusStatsClientInterceptor());
     }
 
+    ManagedChannel createNewChannel(ManagedChannel currentChannel) {
+      currentChannel.shutdownNow();
+      try {
+        currentChannel.awaitTermination(10, TimeUnit.SECONDS);
+      } catch (InterruptedException e) {
+        throw new RuntimeException("Interrupted while creating a new channel", e);
+      }
+      return createChannel();
+    }
+
     /**
      * Assuming "pick_first" policy is used, tests that all requests are sent to the same server.
      */
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/XdsFederationTestClient.java b/interop-testing/src/main/java/io/grpc/testing/integration/XdsFederationTestClient.java
index 08d845422a5..bba282b7b6f 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/XdsFederationTestClient.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/XdsFederationTestClient.java
@@ -22,9 +22,10 @@
 import io.grpc.ChannelCredentials;
 import io.grpc.Grpc;
 import io.grpc.InsecureChannelCredentials;
-import io.grpc.ManagedChannelBuilder;
+import io.grpc.ManagedChannel;
 import io.grpc.alts.ComputeEngineChannelCredentials;
 import java.util.ArrayList;
+import java.util.concurrent.TimeUnit;
 import java.util.logging.Logger;
 
 /**
@@ -44,26 +45,8 @@ public final class XdsFederationTestClient {
   public static void main(String[] args) throws Exception {
     final XdsFederationTestClient client = new XdsFederationTestClient();
     client.parseArgs(args);
-    Runtime.getRuntime()
-        .addShutdownHook(
-            new Thread() {
-              @Override
-              @SuppressWarnings("CatchAndPrintStackTrace")
-              public void run() {
-                System.out.println("Shutting down");
-                try {
-                  client.tearDown();
-                } catch (RuntimeException e) {
-                  e.printStackTrace();
-                }
-              }
-            });
     client.setUp();
-    try {
-      client.run();
-    } finally {
-      client.tearDown();
-    }
+    client.run();
     System.exit(0);
   }
 
@@ -209,22 +192,13 @@ void setUp() {
     for (int i = 0; i < uris.length; i++) {
       clients.add(new InnerClient(creds[i], uris[i]));
     }
-    for (InnerClient c : clients) {
-      c.setUp();
-    }
-  }
-
-  private synchronized void tearDown() {
-    for (InnerClient c : clients) {
-      c.tearDown();
-    }
   }
 
   /**
    * Wraps a single client stub configuration and executes a
    * soak test case with that configuration.
    */
-  class InnerClient extends AbstractInteropTest {
+  class InnerClient {
     private final String credentialsType;
     private final String serverUri;
     private boolean runSucceeded = false;
@@ -249,7 +223,7 @@ public void run() throws InterruptedException {
       try {
         switch (testCase) {
           case "rpc_soak": {
-            performSoakTest(
+            SoakClient.performSoakTest(
                 serverUri,
                 soakIterations,
                 soakMaxFailures,
@@ -259,11 +233,12 @@ public void run() throws InterruptedException {
                 soakRequestSize,
                 soakResponseSize,
                 1,
+                createChannel(),
                 (currentChannel) -> currentChannel);
           }
               break;
           case "channel_soak": {
-            performSoakTest(
+            SoakClient.performSoakTest(
                 serverUri,
                 soakIterations,
                 soakMaxFailures,
@@ -273,6 +248,7 @@ public void run() throws InterruptedException {
                 soakRequestSize,
                 soakResponseSize,
                 1,
+                createChannel(),
                 (currentChannel) -> createNewChannel(currentChannel));
           }
             break;
@@ -288,8 +264,7 @@ public void run() throws InterruptedException {
       }
     }
 
-    @Override
-    protected ManagedChannelBuilder<?> createChannelBuilder() {
+    ManagedChannel createChannel() {
       ChannelCredentials channelCredentials;
       switch (credentialsType) {
         case "compute_engine_channel_creds":
@@ -303,7 +278,18 @@ protected ManagedChannelBuilder<?> createChannelBuilder() {
       }
       return Grpc.newChannelBuilder(serverUri, channelCredentials)
           .keepAliveTime(3600, SECONDS)
-          .keepAliveTimeout(20, SECONDS);
+          .keepAliveTimeout(20, SECONDS)
+          .build();
+    }
+
+    ManagedChannel createNewChannel(ManagedChannel currentChannel) {
+      currentChannel.shutdownNow();
+      try {
+        currentChannel.awaitTermination(10, TimeUnit.SECONDS);
+      } catch (InterruptedException e) {
+        throw new RuntimeException("Interrupted while creating a new channel", e);
+      }
+      return createChannel();
     }
   }
 

From 4d8aff72dcd7d72b6e316136d4390e86501a125d Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Wed, 15 Jan 2025 10:43:48 -0800
Subject: [PATCH 150/591] stub: Eliminate invalid test cases where different
 threads were calling close from the thread writing. (#11822)

* Eliminate invalid test cases where different threads were calling close from the thread writing.
* Remove multi-thread cancel/write test
---
 .../io/grpc/stub/BlockingClientCallTest.java  | 31 +++----------------
 1 file changed, 5 insertions(+), 26 deletions(-)

diff --git a/stub/src/test/java/io/grpc/stub/BlockingClientCallTest.java b/stub/src/test/java/io/grpc/stub/BlockingClientCallTest.java
index 112b092eaed..e3a4f90e2c2 100644
--- a/stub/src/test/java/io/grpc/stub/BlockingClientCallTest.java
+++ b/stub/src/test/java/io/grpc/stub/BlockingClientCallTest.java
@@ -195,21 +195,12 @@ public void testCancel() throws Exception {
       assertThat(System.currentTimeMillis() - start).isLessThan(2 * DELAY_MILLIS);
     }
 
-    // write terminated
+    // after cancel tests
     biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
         CallOptions.DEFAULT);
-    start = System.currentTimeMillis();
-    delayedCancel(biDiStream, "cancel write");
-
-    // Write interrupted by cancel
-    try {
-      assertFalse(biDiStream.write(30)); // this is interrupted by cancel
-      fail("No exception thrown when write was interrupted by cancel");
-    } catch (StatusException e) {
-      assertEquals(Status.CANCELLED.getCode(), e.getStatus().getCode());
-    }
+    biDiStream.cancel("cancel write", new RuntimeException("Test requested close"));
 
-    // Write after cancel
+    // Write after cancel should throw an exception
     try {
       start = System.currentTimeMillis();
       biDiStream.write(30);
@@ -357,31 +348,19 @@ public void testReadsAndWritesInterleaved_BlockingWrites() throws Exception {
   }
 
   @Test
-  public void testWriteCompleted() throws Exception {
+  public void testWriteAfterCloseThrows() throws Exception {
     testMethod.disableAutoRequest();
     biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
         CallOptions.DEFAULT);
 
-    // Verify pending write released
-    long start = System.currentTimeMillis();
-    delayedVoidMethod(DELAY_MILLIS, biDiStream::halfClose);
-    assertFalse(biDiStream.write(1)); // should block until writeComplete is triggered
-    long end = System.currentTimeMillis();
-    assertThat(end - start).isAtLeast(DELAY_MILLIS);
-
     // verify new writes throw an illegalStateException
+    biDiStream.halfClose();
     try {
       assertFalse(biDiStream.write(2));
       fail("write did not throw an exception when called after halfClose");
     } catch (IllegalStateException e) {
       assertThat(e.getMessage()).containsMatch("after.*halfClose.*cancel");
     }
-
-    // verify pending write with timeout released
-    biDiStream = ClientCalls.blockingBidiStreamingCall(channel,  BIDI_STREAMING_METHOD,
-        CallOptions.DEFAULT);
-    delayedVoidMethod(DELAY_MILLIS, biDiStream::halfClose);
-    assertFalse(biDiStream.write(3, 2 * DELAY_MILLIS, TimeUnit.MILLISECONDS));
   }
 
   @Test

From b44ebce45dd357e8b2ccb28264477a81ea5d9874 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 17 Jan 2025 14:58:52 +0530
Subject: [PATCH 151/591] xds: Envoy proto sync to 2024-11-11 (#11816)

---
 repositories.bzl                              |  6 +-
 .../test/java/io/grpc/xds/RbacFilterTest.java | 11 ++--
 xds/third_party/envoy/import.sh               |  2 +-
 .../proto/envoy/config/core/v3/base.proto     |  1 +
 .../proto/envoy/config/core/v3/protocol.proto |  6 ++
 .../listener/v3/listener_components.proto     | 24 +-------
 .../envoy/config/overload/v3/overload.proto   |  6 ++
 .../proto/envoy/config/rbac/v3/rbac.proto     | 51 +++++++++++++++--
 .../filters/http/gcp_authn/v3/gcp_authn.proto | 28 +++++++++-
 .../v3/http_connection_manager.proto          |  2 +-
 .../transport_sockets/tls/v3/tls.proto        | 22 +++++++-
 .../proto/envoy/type/v3/http_status.proto     | 56 +++++++++++++++++++
 12 files changed, 174 insertions(+), 41 deletions(-)

diff --git a/repositories.bzl b/repositories.bzl
index 7d01675e9ad..3f4cd11c1a6 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -141,10 +141,10 @@ def grpc_java_repositories(bzlmod = False):
     if not native.existing_rule("envoy_api"):
         http_archive(
             name = "envoy_api",
-            sha256 = "f439add0cc01f718d53d6feb4d0972ac0d48b3e145c18b53439a3b5148a0cb6e",
-            strip_prefix = "data-plane-api-55f8b2351962d84c84a6534da67da1dd9f671c50",
+            sha256 = "ecf71817233eba19cc8b4ee14e126ffd5838065d5b5a92b2506258a42ac55199",
+            strip_prefix = "data-plane-api-0bc95493c5e88b7b07e62758d23b39341813a827",
             urls = [
-                "https://github.com/envoyproxy/data-plane-api/archive/55f8b2351962d84c84a6534da67da1dd9f671c50.tar.gz",
+                "https://github.com/envoyproxy/data-plane-api/archive/0bc95493c5e88b7b07e62758d23b39341813a827.tar.gz",
             ],
         )
 
diff --git a/xds/src/test/java/io/grpc/xds/RbacFilterTest.java b/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
index 29af01b222f..013b21e3f45 100644
--- a/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
@@ -219,14 +219,15 @@ public void headerParser_headerName() {
   @SuppressWarnings("unchecked")
   public void compositeRules() {
     MetadataMatcher metadataMatcher = MetadataMatcher.newBuilder().build();
+    @SuppressWarnings("deprecation")
+    Permission permissionMetadata = Permission.newBuilder().setMetadata(metadataMatcher).build();
     List<Permission> permissionList = Arrays.asList(
             Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(
-                    Permission.newBuilder().setMetadata(metadataMatcher).build()
-            ).build()).build());
+                    permissionMetadata).build()).build());
+    @SuppressWarnings("deprecation")
+    Principal principalMetadata = Principal.newBuilder().setMetadata(metadataMatcher).build();
     List<Principal> principalList = Arrays.asList(
-            Principal.newBuilder().setNotId(
-                    Principal.newBuilder().setMetadata(metadataMatcher).build()
-            ).build());
+            Principal.newBuilder().setNotId(principalMetadata).build());
     ConfigOrError<? extends FilterConfig> result = parse(permissionList, principalList);
     assertThat(result.errorDetail).isNull();
     assertThat(result.config).isInstanceOf(RbacConfig.class);
diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh
index 254abbe271f..dbe6f81b1a8 100755
--- a/xds/third_party/envoy/import.sh
+++ b/xds/third_party/envoy/import.sh
@@ -17,7 +17,7 @@
 
 set -e
 # import VERSION from the google internal copybara_version.txt for Envoy
-VERSION=742a3b02e3b2a9dfb877a7e378607c6ed0c2aa53
+VERSION=0b90f64539c88dc3d2a6792dc714e8207bce0c08
 DOWNLOAD_URL="https://github.com/envoyproxy/envoy/archive/${VERSION}.tar.gz"
 DOWNLOAD_BASE_DIR="envoy-${VERSION}"
 SOURCE_PROTO_BASE_DIR="${DOWNLOAD_BASE_DIR}/api"
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto
index df91565d0a7..57f59373395 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto
@@ -453,6 +453,7 @@ message HeaderValueOption {
 message HeaderMap {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderMap";
 
+  // A list of header names and their values.
   repeated HeaderValue headers = 1;
 }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
index d8ce3cd817c..7160cfb641a 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
@@ -123,6 +123,9 @@ message UpstreamHttpProtocolOptions {
   // header when :ref:`override_auto_sni_header <envoy_v3_api_field_config.core.v3.UpstreamHttpProtocolOptions.override_auto_sni_header>`
   // is set, as seen by the :ref:`router filter <config_http_filters_router>`.
   // Does nothing if a filter before the http router filter sets the corresponding metadata.
+  //
+  // See :ref:`SNI configuration <start_quick_start_securing_sni_client>` for details on how this
+  // interacts with other validation options.
   bool auto_sni = 1;
 
   // Automatic validate upstream presented certificate for new upstream connections based on the
@@ -130,6 +133,9 @@ message UpstreamHttpProtocolOptions {
   // is set, as seen by the :ref:`router filter <config_http_filters_router>`.
   // This field is intended to be set with ``auto_sni`` field.
   // Does nothing if a filter before the http router filter sets the corresponding metadata.
+  //
+  // See :ref:`validation configuration <start_quick_start_securing_validation>` for how this interacts with
+  // other validation options.
   bool auto_san_validation = 2;
 
   // An optional alternative to the host/authority header to be used for setting the SNI value.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
index 2adb8bc2c80..33eb349fd06 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
@@ -201,24 +201,9 @@ message FilterChainMatch {
 message FilterChain {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.FilterChain";
 
-  // The configuration for on-demand filter chain. If this field is not empty in FilterChain message,
-  // a filter chain will be built on-demand.
-  // On-demand filter chains help speedup the warming up of listeners since the building and initialization of
-  // an on-demand filter chain will be postponed to the arrival of new connection requests that require this filter chain.
-  // Filter chains that are not often used can be set as on-demand.
-  message OnDemandConfiguration {
-    // The timeout to wait for filter chain placeholders to complete rebuilding.
-    // 1. If this field is set to 0, timeout is disabled.
-    // 2. If not specified, a default timeout of 15s is used.
-    // Rebuilding will wait until dependencies are ready, have failed, or this timeout is reached.
-    // Upon failure or timeout, all connections related to this filter chain will be closed.
-    // Rebuilding will start again on the next new connection.
-    google.protobuf.Duration rebuild_timeout = 1;
-  }
-
-  reserved 2;
+  reserved 2, 8;
 
-  reserved "tls_context";
+  reserved "tls_context", "on_demand_configuration";
 
   // The criteria to use when matching a connection to this filter chain.
   FilterChainMatch filter_chain_match = 1;
@@ -269,11 +254,6 @@ message FilterChain {
   // <envoy_v3_api_field_config.listener.v3.Listener.filter_chain_matcher>`
   // requires that filter chains are uniquely named within a listener.
   string name = 7;
-
-  // [#not-implemented-hide:] The configuration to specify whether the filter chain will be built on-demand.
-  // If this field is not empty, the filter chain will be built on-demand.
-  // Otherwise, the filter chain will be built normally and block listener warming.
-  OnDemandConfiguration on_demand_configuration = 8;
 }
 
 // Listener filter chain match configuration. This is a recursive structure which allows complex
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto b/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto
index d3b8b01a173..1f267c1863d 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto
@@ -103,6 +103,12 @@ message ScaleTimersOverloadActionConfig {
     // This affects the value of
     // :ref:`FilterChain.transport_socket_connect_timeout <envoy_v3_api_field_config.listener.v3.FilterChain.transport_socket_connect_timeout>`.
     TRANSPORT_SOCKET_CONNECT = 3;
+
+    // Adjusts the max connection duration timer for downstream HTTP connections.
+    // This affects the value of
+    // :ref:`HttpConnectionManager.common_http_protocol_options.max_connection_duration
+    // <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_connection_duration>`.
+    HTTP_DOWNSTREAM_CONNECTION_MAX = 4;
   }
 
   message ScaleTimer {
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
index 8d98fd7155d..e33a533e25a 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
@@ -28,6 +28,14 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Role Based Access Control (RBAC)]
 
+enum MetadataSource {
+  // Query :ref:`dynamic metadata <well_known_dynamic_metadata>`
+  DYNAMIC = 0;
+
+  // Query :ref:`route metadata <envoy_v3_api_field_config.route.v3.Route.metadata>`
+  ROUTE = 1;
+}
+
 // Role Based Access Control (RBAC) provides service-level and method-level access control for a
 // service. Requests are allowed or denied based on the ``action`` and whether a matching policy is
 // found. For instance, if the action is ALLOW and a matching policy is found the request should be
@@ -193,8 +201,27 @@ message Policy {
       [(udpa.annotations.field_migrate).oneof_promotion = "expression_specifier"];
 }
 
+// SourcedMetadata enables matching against metadata from different sources in the request processing
+// pipeline. It extends the base MetadataMatcher functionality by allowing specification of where the
+// metadata should be sourced from, rather than only matching against dynamic metadata.
+//
+// The matcher can be configured to look up metadata from:
+// * Dynamic metadata: Runtime metadata added by filters during request processing
+// * Route metadata: Static metadata configured on the route entry
+message SourcedMetadata {
+  // Metadata matcher configuration that defines what metadata to match against. This includes the filter name,
+  // metadata key path, and expected value.
+  type.matcher.v3.MetadataMatcher metadata_matcher = 1
+      [(validate.rules).message = {required: true}];
+
+  // Specifies which metadata source should be used for matching. If not set,
+  // defaults to DYNAMIC (dynamic metadata). Set to ROUTE to match against
+  // static metadata configured on the route entry.
+  MetadataSource metadata_source = 2 [(validate.rules).enum = {defined_only: true}];
+}
+
 // Permission defines an action (or actions) that a principal can take.
-// [#next-free-field: 14]
+// [#next-free-field: 15]
 message Permission {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Permission";
 
@@ -237,8 +264,10 @@ message Permission {
     // A port number range that describes a range of destination ports connecting to.
     type.v3.Int32Range destination_port_range = 11;
 
-    // Metadata that describes additional information about the action.
-    type.matcher.v3.MetadataMatcher metadata = 7;
+    // Metadata that describes additional information about the action. This field is deprecated; please use
+    // :ref:`sourced_metadata<envoy_v3_api_field_config.rbac.v3.Permission.sourced_metadata>` instead.
+    type.matcher.v3.MetadataMatcher metadata = 7
+        [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
     // Negates matching the provided permission. For instance, if the value of
     // ``not_rule`` would match, this permission would not match. Conversely, if
@@ -274,12 +303,16 @@ message Permission {
     // URI template path matching.
     // [#extension-category: envoy.path.match]
     core.v3.TypedExtensionConfig uri_template = 13;
+
+    // Matches against metadata from either dynamic state or route configuration. Preferred over the
+    // ``metadata`` field as it provides more flexibility in metadata source selection.
+    SourcedMetadata sourced_metadata = 14;
   }
 }
 
 // Principal defines an identity or a group of identities for a downstream
 // subject.
-// [#next-free-field: 13]
+// [#next-free-field: 14]
 message Principal {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Principal";
 
@@ -356,8 +389,10 @@ message Principal {
     // A URL path on the incoming HTTP request. Only available for HTTP.
     type.matcher.v3.PathMatcher url_path = 9;
 
-    // Metadata that describes additional information about the principal.
-    type.matcher.v3.MetadataMatcher metadata = 7;
+    // Metadata that describes additional information about the principal. This field is deprecated; please use
+    // :ref:`sourced_metadata<envoy_v3_api_field_config.rbac.v3.Principal.sourced_metadata>` instead.
+    type.matcher.v3.MetadataMatcher metadata = 7
+        [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
     // Identifies the principal using a filter state object.
     type.matcher.v3.FilterStateMatcher filter_state = 12;
@@ -366,6 +401,10 @@ message Principal {
     // ``not_id`` would match, this principal would not match. Conversely, if the
     // value of ``not_id`` would not match, this principal would match.
     Principal not_id = 8;
+
+    // Matches against metadata from either dynamic state or route configuration. Preferred over the
+    // ``metadata`` field as it provides more flexibility in metadata source selection.
+    SourcedMetadata sourced_metadata = 13;
   }
 }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
index 05757c23e59..f4646389f7e 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
@@ -5,8 +5,10 @@ package envoy.extensions.filters.http.gcp_authn.v3;
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/http_uri.proto";
 
+import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/status.proto";
 import "validate/validate.proto";
 
@@ -21,12 +23,21 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#extension: envoy.filters.http.gcp_authn]
 
 // Filter configuration.
+// [#next-free-field: 7]
 message GcpAuthnFilterConfig {
   // The HTTP URI to fetch tokens from GCE Metadata Server(https://cloud.google.com/compute/docs/metadata/overview).
   // The URL format is "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity?audience=[AUDIENCE]"
-  config.core.v3.HttpUri http_uri = 1 [(validate.rules).message = {required: true}];
+  //
+  // This field is deprecated because it does not match the API surface provided by the google auth libraries.
+  // Control planes should not attempt to override the metadata server URI.
+  // The cluster and timeout can be configured using the ``cluster`` and ``timeout`` fields instead.
+  // For backward compatibility, the cluster and timeout configured in this field will be used
+  // if the new ``cluster`` and ``timeout`` fields are not set.
+  config.core.v3.HttpUri http_uri = 1
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
-  // Retry policy for fetching tokens. This field is optional.
+  // Retry policy for fetching tokens.
+  // Not supported by all data planes.
   config.core.v3.RetryPolicy retry_policy = 2;
 
   // Token cache configuration. This field is optional.
@@ -34,7 +45,20 @@ message GcpAuthnFilterConfig {
 
   // Request header location to extract the token. By default (i.e. if this field is not specified), the token
   // is extracted to the Authorization HTTP header, in the format "Authorization: Bearer <token>".
+  // Not supported by all data planes.
   TokenHeader token_header = 4;
+
+  // Cluster to send traffic to the GCE metadata server. Not supported
+  // by all data planes; a data plane may instead have its own mechanism
+  // for contacting the metadata server.
+  string cluster = 5;
+
+  // Timeout for fetching the tokens from the GCE metadata server.
+  // Not supported by all data planes.
+  google.protobuf.Duration timeout = 6 [(validate.rules).duration = {
+    lt {seconds: 4294967296}
+    gte {}
+  }];
 }
 
 // Audience is the URL of the receiving service that performs token authentication.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
index 3b49f132956..5fb9f24cc7c 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -691,7 +691,7 @@ message HttpConnectionManager {
   // information about internal/external addresses.
   //
   // .. warning::
-  //     In the next release, no IP addresses will be considered trusted. If you have tooling such as probes
+  //     As of Envoy 1.33.0 no IP addresses will be considered trusted. If you have tooling such as probes
   //     on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers)
   //     you will have to manually include those addresses or CIDR ranges like:
   //
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
index c305ff74f42..44b8d269324 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
@@ -25,7 +25,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#extension: envoy.transport_sockets.tls]
 // The TLS contexts below provide the transport socket configuration for upstream/downstream TLS.
 
-// [#next-free-field: 6]
+// [#next-free-field: 8]
 message UpstreamTlsContext {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.auth.UpstreamTlsContext";
@@ -42,6 +42,26 @@ message UpstreamTlsContext {
   // SNI string to use when creating TLS backend connections.
   string sni = 2 [(validate.rules).string = {max_bytes: 255}];
 
+  // If true, replaces the SNI for the connection with the hostname of the upstream host, if
+  // the hostname is known due to either a DNS cluster type or the
+  // :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>` is set on
+  // the host.
+  //
+  // See :ref:`SNI configuration <start_quick_start_securing_sni_client>` for details on how this
+  // interacts with other validation options.
+  bool auto_host_sni = 6;
+
+  // If true, replace any Subject Alternative Name validations with a validation for a DNS SAN matching
+  // the SNI value sent. Note that the validation will be against the actual requested SNI, regardless of how it
+  // is configured.
+  //
+  // For the common case where an SNI value is sent and it is expected that the server certificate contains a SAN
+  // matching that SNI value, this option will do the correct SAN validation.
+  //
+  // See :ref:`validation configuration <start_quick_start_securing_validation>` for how this interacts with
+  // other validation options.
+  bool auto_sni_san_validation = 7;
+
   // If true, server-initiated TLS renegotiation will be allowed.
   //
   // .. attention::
diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/v3/http_status.proto b/xds/third_party/envoy/src/main/proto/envoy/type/v3/http_status.proto
index ab03e1b2b72..40d697beefc 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/type/v3/http_status.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/type/v3/http_status.proto
@@ -21,116 +21,172 @@ enum StatusCode {
   // `enum` type.
   Empty = 0;
 
+  // Continue - ``100`` status code.
   Continue = 100;
 
+  // OK - ``200`` status code.
   OK = 200;
 
+  // Created - ``201`` status code.
   Created = 201;
 
+  // Accepted - ``202`` status code.
   Accepted = 202;
 
+  // NonAuthoritativeInformation - ``203`` status code.
   NonAuthoritativeInformation = 203;
 
+  // NoContent - ``204`` status code.
   NoContent = 204;
 
+  // ResetContent - ``205`` status code.
   ResetContent = 205;
 
+  // PartialContent - ``206`` status code.
   PartialContent = 206;
 
+  // MultiStatus - ``207`` status code.
   MultiStatus = 207;
 
+  // AlreadyReported - ``208`` status code.
   AlreadyReported = 208;
 
+  // IMUsed - ``226`` status code.
   IMUsed = 226;
 
+  // MultipleChoices - ``300`` status code.
   MultipleChoices = 300;
 
+  // MovedPermanently - ``301`` status code.
   MovedPermanently = 301;
 
+  // Found - ``302`` status code.
   Found = 302;
 
+  // SeeOther - ``303`` status code.
   SeeOther = 303;
 
+  // NotModified - ``304`` status code.
   NotModified = 304;
 
+  // UseProxy - ``305`` status code.
   UseProxy = 305;
 
+  // TemporaryRedirect - ``307`` status code.
   TemporaryRedirect = 307;
 
+  // PermanentRedirect - ``308`` status code.
   PermanentRedirect = 308;
 
+  // BadRequest - ``400`` status code.
   BadRequest = 400;
 
+  // Unauthorized - ``401`` status code.
   Unauthorized = 401;
 
+  // PaymentRequired - ``402`` status code.
   PaymentRequired = 402;
 
+  // Forbidden - ``403`` status code.
   Forbidden = 403;
 
+  // NotFound - ``404`` status code.
   NotFound = 404;
 
+  // MethodNotAllowed - ``405`` status code.
   MethodNotAllowed = 405;
 
+  // NotAcceptable - ``406`` status code.
   NotAcceptable = 406;
 
+  // ProxyAuthenticationRequired - ``407`` status code.
   ProxyAuthenticationRequired = 407;
 
+  // RequestTimeout - ``408`` status code.
   RequestTimeout = 408;
 
+  // Conflict - ``409`` status code.
   Conflict = 409;
 
+  // Gone - ``410`` status code.
   Gone = 410;
 
+  // LengthRequired - ``411`` status code.
   LengthRequired = 411;
 
+  // PreconditionFailed - ``412`` status code.
   PreconditionFailed = 412;
 
+  // PayloadTooLarge - ``413`` status code.
   PayloadTooLarge = 413;
 
+  // URITooLong - ``414`` status code.
   URITooLong = 414;
 
+  // UnsupportedMediaType - ``415`` status code.
   UnsupportedMediaType = 415;
 
+  // RangeNotSatisfiable - ``416`` status code.
   RangeNotSatisfiable = 416;
 
+  // ExpectationFailed - ``417`` status code.
   ExpectationFailed = 417;
 
+  // MisdirectedRequest - ``421`` status code.
   MisdirectedRequest = 421;
 
+  // UnprocessableEntity - ``422`` status code.
   UnprocessableEntity = 422;
 
+  // Locked - ``423`` status code.
   Locked = 423;
 
+  // FailedDependency - ``424`` status code.
   FailedDependency = 424;
 
+  // UpgradeRequired - ``426`` status code.
   UpgradeRequired = 426;
 
+  // PreconditionRequired - ``428`` status code.
   PreconditionRequired = 428;
 
+  // TooManyRequests - ``429`` status code.
   TooManyRequests = 429;
 
+  // RequestHeaderFieldsTooLarge - ``431`` status code.
   RequestHeaderFieldsTooLarge = 431;
 
+  // InternalServerError - ``500`` status code.
   InternalServerError = 500;
 
+  // NotImplemented - ``501`` status code.
   NotImplemented = 501;
 
+  // BadGateway - ``502`` status code.
   BadGateway = 502;
 
+  // ServiceUnavailable - ``503`` status code.
   ServiceUnavailable = 503;
 
+  // GatewayTimeout - ``504`` status code.
   GatewayTimeout = 504;
 
+  // HTTPVersionNotSupported - ``505`` status code.
   HTTPVersionNotSupported = 505;
 
+  // VariantAlsoNegotiates - ``506`` status code.
   VariantAlsoNegotiates = 506;
 
+  // InsufficientStorage - ``507`` status code.
   InsufficientStorage = 507;
 
+  // LoopDetected - ``508`` status code.
   LoopDetected = 508;
 
+  // NotExtended - ``510`` status code.
   NotExtended = 510;
 
+  // NetworkAuthenticationRequired - ``511`` status code.
   NetworkAuthenticationRequired = 511;
 }
 

From f299ef5e5832898fa29ede31dee1a6085b90c051 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 15 Jan 2025 14:51:45 -0800
Subject: [PATCH 152/591] compiler: Prepare for C++ protobuf using string_view

Protobuf is interested in using absl::string_view instead of const
std::string&. Just copy to std::string as the C++17 build isn't yet
operational and that level of performance doesn't matter.

cl/711732759 b/353571051
---
 .../src/java_plugin/cpp/java_generator.cpp    | 33 ++++++++++---------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/compiler/src/java_plugin/cpp/java_generator.cpp b/compiler/src/java_plugin/cpp/java_generator.cpp
index df96bb1c1b2..8421a4a9207 100644
--- a/compiler/src/java_plugin/cpp/java_generator.cpp
+++ b/compiler/src/java_plugin/cpp/java_generator.cpp
@@ -147,7 +147,7 @@ static std::set<std::string> java_keywords = {
 //   - decapitalize the first letter
 //   - remove embedded underscores & capitalize the following letter
 //  Finally, if the result is a reserved java keyword, append an underscore.
-static std::string MixedLower(const std::string& word) {
+static std::string MixedLower(std::string word) {
   std::string w;
   w += tolower(word[0]);
   bool after_underscore = false;
@@ -169,7 +169,7 @@ static std::string MixedLower(const std::string& word) {
 //   - An underscore is inserted where a lower case letter is followed by an
 //     upper case letter.
 //   - All letters are converted to upper case
-static std::string ToAllUpperCase(const std::string& word) {
+static std::string ToAllUpperCase(std::string word) {
   std::string w;
   for (size_t i = 0; i < word.length(); ++i) {
     w += toupper(word[i]);
@@ -181,19 +181,19 @@ static std::string ToAllUpperCase(const std::string& word) {
 }
 
 static inline std::string LowerMethodName(const MethodDescriptor* method) {
-  return MixedLower(method->name());
+  return MixedLower(std::string(method->name()));
 }
 
 static inline std::string MethodPropertiesFieldName(const MethodDescriptor* method) {
-  return "METHOD_" + ToAllUpperCase(method->name());
+  return "METHOD_" + ToAllUpperCase(std::string(method->name()));
 }
 
 static inline std::string MethodPropertiesGetterName(const MethodDescriptor* method) {
-  return MixedLower("get_" + method->name() + "_method");
+  return MixedLower("get_" + std::string(method->name()) + "_method");
 }
 
 static inline std::string MethodIdFieldName(const MethodDescriptor* method) {
-  return "METHODID_" + ToAllUpperCase(method->name());
+  return "METHODID_" + ToAllUpperCase(std::string(method->name()));
 }
 
 static inline std::string MessageFullJavaName(const Descriptor* desc) {
@@ -406,7 +406,7 @@ static void GrpcWriteServiceDocComment(Printer* printer,
                                        StubType type) {
   printer->Print("/**\n");
 
-  std::map<std::string, std::string> vars = {{"service", service->name()}};
+  std::map<std::string, std::string> vars = {{"service", std::string(service->name())}};
   switch (type) {
     case ASYNC_CLIENT_IMPL:
       printer->Print(vars, " * A stub to allow clients to do asynchronous rpc calls to service $service$.\n");
@@ -520,7 +520,8 @@ static void PrintMethodFields(
         "            .setResponseMarshaller($ProtoUtils$.marshaller(\n"
         "                $output_type$.getDefaultInstance()))\n");
 
-    (*vars)["proto_method_descriptor_supplier"] = service->name() + "MethodDescriptorSupplier";
+    (*vars)["proto_method_descriptor_supplier"]
+        = std::string(service->name()) + "MethodDescriptorSupplier";
     if (flavor == ProtoFlavor::NORMAL) {
       p->Print(
           *vars,
@@ -583,7 +584,7 @@ static void PrintStub(
     const ServiceDescriptor* service,
     std::map<std::string, std::string>* vars,
     Printer* p, StubType type) {
-  const std::string service_name = service->name();
+  std::string service_name = std::string(service->name());
   (*vars)["service_name"] = service_name;
   std::string stub_name = service_name;
   std::string stub_base_class_name = "AbstractStub";
@@ -887,8 +888,7 @@ static void PrintAbstractClassStub(
     const ServiceDescriptor* service,
     std::map<std::string, std::string>* vars,
     Printer* p) {
-  const std::string service_name = service->name();
-  (*vars)["service_name"] = service_name;
+  (*vars)["service_name"] = service->name();
 
   GrpcWriteServiceDocComment(p, service, ABSTRACT_CLASS);
   if (service->options().deprecated()) {
@@ -1022,13 +1022,14 @@ static void PrintGetServiceDescriptorMethod(const ServiceDescriptor* service,
                                    std::map<std::string, std::string>* vars,
                                    Printer* p,
                                    ProtoFlavor flavor) {
-  (*vars)["service_name"] = service->name();
+  std::string service_name = std::string(service->name());
+  (*vars)["service_name"] = service_name;
 
 
   if (flavor == ProtoFlavor::NORMAL) {
-    (*vars)["proto_base_descriptor_supplier"] = service->name() + "BaseDescriptorSupplier";
-    (*vars)["proto_file_descriptor_supplier"] = service->name() + "FileDescriptorSupplier";
-    (*vars)["proto_method_descriptor_supplier"] = service->name() + "MethodDescriptorSupplier";
+    (*vars)["proto_base_descriptor_supplier"] = service_name + "BaseDescriptorSupplier";
+    (*vars)["proto_file_descriptor_supplier"] = service_name + "FileDescriptorSupplier";
+    (*vars)["proto_method_descriptor_supplier"] = service_name + "MethodDescriptorSupplier";
     (*vars)["proto_class_name"] = protobuf::compiler::java::ClassName(service->file());
     p->Print(
         *vars,
@@ -1374,7 +1375,7 @@ std::string ServiceJavaPackage(const FileDescriptor* file) {
 }
 
 std::string ServiceClassName(const ServiceDescriptor* service) {
-  return service->name() + "Grpc";
+  return std::string(service->name()) + "Grpc";
 }
 
 }  // namespace java_grpc_generator

From a0a42fc8e6f3da144052f6a89936ab6e9248a624 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 16 Jan 2025 07:22:23 -0800
Subject: [PATCH 153/591] Update README etc to reference 1.69.1

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index c6a8f3bdd8a..11605e78335 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.69.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.69.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.69.1/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.69.1/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.69.0</version>
+  <version>1.69.1</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.69.0</version>
+  <version>1.69.1</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.69.0</version>
+  <version>1.69.1</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.69.0'
-implementation 'io.grpc:grpc-protobuf:1.69.0'
-implementation 'io.grpc:grpc-stub:1.69.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.69.1'
+implementation 'io.grpc:grpc-protobuf:1.69.1'
+implementation 'io.grpc:grpc-stub:1.69.1'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.69.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.69.0'
-implementation 'io.grpc:grpc-stub:1.69.0'
+implementation 'io.grpc:grpc-okhttp:1.69.1'
+implementation 'io.grpc:grpc-protobuf-lite:1.69.1'
+implementation 'io.grpc:grpc-stub:1.69.1'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.69.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.69.1
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://oss.sonatype.org/content/repositories/snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.69.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.69.1:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.69.1'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.69.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.69.1'
     }
   }
   generateProtoTasks {

From fc86084df5c8c2ea3080554021aa72cea81960b4 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 17 Jan 2025 16:06:36 -0800
Subject: [PATCH 154/591] xds: Rename grpc.xds.cluster to
 grpc.lb.backend_service

The name is being changed to allow the value to be used in more metrics
where xds-specifics are awkward.
---
 xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java    | 2 +-
 .../test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 200d3cba0ea..35afb2bfc21 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -385,7 +385,7 @@ private RequestLimitingSubchannelPicker(SubchannelPicker delegate,
       public PickResult pickSubchannel(PickSubchannelArgs args) {
         args.getCallOptions().getOption(ClusterImplLoadBalancerProvider.FILTER_METADATA_CONSUMER)
             .accept(filterMetadata);
-        args.getPickDetailsConsumer().addOptionalLabel("grpc.xds.cluster", cluster);
+        args.getPickDetailsConsumer().addOptionalLabel("grpc.lb.backend_service", cluster);
         for (DropOverload dropOverload : dropPolicies) {
           int rand = random.nextInt(1_000_000);
           if (rand < dropOverload.dropsPerMillion()) {
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index 9503442e383..b4507523510 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -298,7 +298,7 @@ public void pick_addsOptionalLabels() {
     // The value will be determined by the parent policy, so can be different than the value used in
     // makeAddress() for the test.
     verify(detailsConsumer).addOptionalLabel("grpc.lb.locality", locality.toString());
-    verify(detailsConsumer).addOptionalLabel("grpc.xds.cluster", CLUSTER);
+    verify(detailsConsumer).addOptionalLabel("grpc.lb.backend_service", CLUSTER);
   }
 
   @Test
@@ -322,7 +322,7 @@ public void pick_noResult_addsClusterLabel() {
       TestMethodDescriptors.voidMethod(), new Metadata(), CallOptions.DEFAULT, detailsConsumer);
     PickResult result = currentPicker.pickSubchannel(pickSubchannelArgs);
     assertThat(result.getStatus().isOk()).isTrue();
-    verify(detailsConsumer).addOptionalLabel("grpc.xds.cluster", CLUSTER);
+    verify(detailsConsumer).addOptionalLabel("grpc.lb.backend_service", CLUSTER);
   }
 
   @Test

From 495a8906b297650fe823b5711993a0e73077c335 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 22 Jan 2025 12:10:56 -0800
Subject: [PATCH 155/591] xds: Fix fallback test FakeClock TSAN failure

d65d3942e increased the test speed of
connect_then_mainServerDown_fallbackServerUp by using FakeClock.
However, it introduced a data race because FakeClock is not thread-safe.
This change injects a single thread for gRPC callbacks such that
syncContext is run on a thread under the test's control.

A simpler approach would be to expose syncContext from XdsClientImpl for
testing. However, this test is in a different package and I wanted to
avoid adding a public method.

```
  Read of size 8 at 0x00008dec9d50 by thread T25:
    #0 io.grpc.internal.FakeClock$ScheduledExecutorImpl.schedule(Lio/grpc/internal/FakeClock$ScheduledTask;JLjava/util/concurrent/TimeUnit;)V FakeClock.java:140
    #1 io.grpc.internal.FakeClock$ScheduledExecutorImpl.schedule(Ljava/lang/Runnable;JLjava/util/concurrent/TimeUnit;)Ljava/util/concurrent/ScheduledFuture; FakeClock.java:150
    #2 io.grpc.SynchronizationContext.schedule(Ljava/lang/Runnable;JLjava/util/concurrent/TimeUnit;Ljava/util/concurrent/ScheduledExecutorService;)Lio/grpc/SynchronizationContext$ScheduledHandle; SynchronizationContext.java:153
    #3 io.grpc.xds.client.ControlPlaneClient$AdsStream.handleRpcStreamClosed(Lio/grpc/Status;)V ControlPlaneClient.java:491
    #4 io.grpc.xds.client.ControlPlaneClient$AdsStream.lambda$onStatusReceived$0(Lio/grpc/Status;)V ControlPlaneClient.java:429
    #5 io.grpc.xds.client.ControlPlaneClient$AdsStream$$Lambda+0x00000001004a95d0.run()V ??
    #6 io.grpc.SynchronizationContext.drain()V SynchronizationContext.java:96
    #7 io.grpc.SynchronizationContext.execute(Ljava/lang/Runnable;)V SynchronizationContext.java:128
    #8 io.grpc.xds.client.ControlPlaneClient$AdsStream.onStatusReceived(Lio/grpc/Status;)V ControlPlaneClient.java:428
    #9 io.grpc.xds.GrpcXdsTransportFactory$EventHandlerToCallListenerAdapter.onClose(Lio/grpc/Status;Lio/grpc/Metadata;)V GrpcXdsTransportFactory.java:149
    #10 io.grpc.PartialForwardingClientCallListener.onClose(Lio/grpc/Status;Lio/grpc/Metadata;)V PartialForwardingClientCallListener.java:39
    ...

  Previous write of size 8 at 0x00008dec9d50 by thread T4 (mutexes: write M0, write M1, write M2, write M3):
    #0 io.grpc.internal.FakeClock.forwardTime(JLjava/util/concurrent/TimeUnit;)I FakeClock.java:368
    #1 io.grpc.xds.XdsClientFallbackTest.connect_then_mainServerDown_fallbackServerUp()V XdsClientFallbackTest.java:358
    ...
```
---
 .../io/grpc/xds/XdsClientFallbackTest.java    | 23 +++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index 94b49bd94b2..7cf6280711f 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -31,6 +31,8 @@
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import io.grpc.ChannelCredentials;
+import io.grpc.Grpc;
 import io.grpc.MetricRecorder;
 import io.grpc.Status;
 import io.grpc.internal.ExponentialBackoffPolicy;
@@ -43,11 +45,14 @@
 import io.grpc.xds.client.XdsClientImpl;
 import io.grpc.xds.client.XdsClientMetricReporter;
 import io.grpc.xds.client.XdsInitializationException;
+import io.grpc.xds.client.XdsTransportFactory;
 import java.net.InetSocketAddress;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Map;
 import java.util.UUID;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -338,9 +343,21 @@ private static void verifyNoSubscribers(ControlPlaneRule rule) {
   public void connect_then_mainServerDown_fallbackServerUp() throws Exception {
     mainXdsServer.restartXdsServer();
     fallbackServer.restartXdsServer();
+    ExecutorService executor = Executors.newFixedThreadPool(1);
+    XdsTransportFactory xdsTransportFactory = new XdsTransportFactory() {
+      @Override
+      public XdsTransport create(Bootstrapper.ServerInfo serverInfo) {
+        ChannelCredentials channelCredentials =
+            (ChannelCredentials) serverInfo.implSpecificConfig();
+        return new GrpcXdsTransportFactory.GrpcXdsTransport(
+            Grpc.newChannelBuilder(serverInfo.target(), channelCredentials)
+              .executor(executor)
+              .build());
+      }
+    };
     XdsClientImpl xdsClient = CommonBootstrapperTestUtils.createXdsClient(
         new GrpcBootstrapperImpl().bootstrap(defaultBootstrapOverride()),
-        DEFAULT_XDS_TRANSPORT_FACTORY, fakeClock, new ExponentialBackoffPolicy.Provider(),
+        xdsTransportFactory, fakeClock, new ExponentialBackoffPolicy.Provider(),
         MessagePrinter.INSTANCE, xdsClientMetricReporter);
 
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
@@ -355,7 +372,8 @@ public void connect_then_mainServerDown_fallbackServerUp() throws Exception {
     // Sleep for the ADS stream disconnect to be processed and for the retry to fail. Between those
     // two sleeps we need the fakeClock to progress by 1 second to restart the ADS stream.
     for (int i = 0; i < 5; i++) {
-      fakeClock.forwardTime(1000, TimeUnit.MILLISECONDS);
+      // FakeClock is not thread-safe, and the retry scheduling is concurrent to this test thread
+      executor.submit(() -> fakeClock.forwardTime(1000, TimeUnit.MILLISECONDS)).get();
       TimeUnit.SECONDS.sleep(1);
     }
 
@@ -393,6 +411,7 @@ public void connect_then_mainServerDown_fallbackServerUp() throws Exception {
     fakeClock.forwardTime(15000, TimeUnit.MILLISECONDS); // Does not exist timer
     verify(cdsWatcher2, timeout(5000)).onResourceDoesNotExist(eq(CLUSTER_NAME));
     xdsClient.shutdown();
+    executor.shutdown();
   }
 
   @Test

From 0f5503ebb11ef36dae2d5c75c62c4c1f1b43415d Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 23 Jan 2025 16:10:21 +0000
Subject: [PATCH 156/591] =?UTF-8?q?xds:=20Include=20max=20concurrent=20req?=
 =?UTF-8?q?uest=20limit=20in=20the=20error=20status=20for=20concurre?=
 =?UTF-8?q?=E2=80=A6=20(#11845)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Include max concurrent request limit in the error status for concurrent connections limit exceeded
---
 xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java  | 4 +++-
 .../test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java  | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 35afb2bfc21..fd4f49fbb83 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -59,6 +59,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.atomic.AtomicLong;
@@ -406,7 +407,8 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
                 dropStats.recordDroppedRequest();
               }
               return PickResult.withDrop(Status.UNAVAILABLE.withDescription(
-                  "Cluster max concurrent requests limit exceeded"));
+                  String.format(Locale.US, "Cluster max concurrent requests limit of %d exceeded",
+                      maxConcurrentRequests)));
             }
           }
           final AtomicReference<ClusterLocality> clusterLocality =
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index b4507523510..09a1abb36e0 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -636,7 +636,7 @@ private void subtest_maxConcurrentRequests_appliedByLbConfig(boolean enableCircu
       assertThat(result.getStatus().isOk()).isFalse();
       assertThat(result.getStatus().getCode()).isEqualTo(Code.UNAVAILABLE);
       assertThat(result.getStatus().getDescription())
-          .isEqualTo("Cluster max concurrent requests limit exceeded");
+          .isEqualTo("Cluster max concurrent requests limit of 100 exceeded");
       assertThat(clusterStats.totalDroppedRequests()).isEqualTo(1L);
     } else {
       assertThat(result.getStatus().isOk()).isTrue();
@@ -667,7 +667,7 @@ private void subtest_maxConcurrentRequests_appliedByLbConfig(boolean enableCircu
       assertThat(result.getStatus().isOk()).isFalse();
       assertThat(result.getStatus().getCode()).isEqualTo(Code.UNAVAILABLE);
       assertThat(result.getStatus().getDescription())
-          .isEqualTo("Cluster max concurrent requests limit exceeded");
+          .isEqualTo("Cluster max concurrent requests limit of 101 exceeded");
       assertThat(clusterStats.totalDroppedRequests()).isEqualTo(1L);
     } else {
       assertThat(result.getStatus().isOk()).isTrue();
@@ -731,7 +731,7 @@ private void subtest_maxConcurrentRequests_appliedWithDefaultValue(
       assertThat(result.getStatus().isOk()).isFalse();
       assertThat(result.getStatus().getCode()).isEqualTo(Code.UNAVAILABLE);
       assertThat(result.getStatus().getDescription())
-          .isEqualTo("Cluster max concurrent requests limit exceeded");
+          .isEqualTo("Cluster max concurrent requests limit of 1024 exceeded");
       assertThat(clusterStats.totalDroppedRequests()).isEqualTo(1L);
     } else {
       assertThat(result.getStatus().isOk()).isTrue();

From bf8eb24a30e65f85fa090f0d9b52cc095f0d7644 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 24 Jan 2025 15:21:14 +0530
Subject: [PATCH 157/591] Update README etc to reference 1.70.0 (#11854)

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 11605e78335..c9f68d4ccb9 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.69.1/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.69.1/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.70.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.70.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.69.1</version>
+  <version>1.70.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.69.1</version>
+  <version>1.70.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.69.1</version>
+  <version>1.70.0</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.69.1'
-implementation 'io.grpc:grpc-protobuf:1.69.1'
-implementation 'io.grpc:grpc-stub:1.69.1'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.70.0'
+implementation 'io.grpc:grpc-protobuf:1.70.0'
+implementation 'io.grpc:grpc-stub:1.70.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.69.1'
-implementation 'io.grpc:grpc-protobuf-lite:1.69.1'
-implementation 'io.grpc:grpc-stub:1.69.1'
+implementation 'io.grpc:grpc-okhttp:1.70.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.70.0'
+implementation 'io.grpc:grpc-stub:1.70.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.69.1
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.70.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://oss.sonatype.org/content/repositories/snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.69.1:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.70.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.69.1'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.69.1'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0'
     }
   }
   generateProtoTasks {

From 67351c0c53b1f361b7b15d2b49c9b7e876a85a95 Mon Sep 17 00:00:00 2001
From: Boddu Harshavardhan <harshagoo94@gmail.com>
Date: Fri, 24 Jan 2025 16:50:41 +0530
Subject: [PATCH 158/591] gcp-observability: Optimize
 GcpObservabilityTest.enableObservability execution time (#11783)

---
 .../io/grpc/gcp/observability/GcpObservability.java  | 12 ++++++++++--
 .../grpc/gcp/observability/GcpObservabilityTest.java |  9 ++++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/gcp-observability/src/main/java/io/grpc/gcp/observability/GcpObservability.java b/gcp-observability/src/main/java/io/grpc/gcp/observability/GcpObservability.java
index 497a1eda30f..7fe4e3a8a3c 100644
--- a/gcp-observability/src/main/java/io/grpc/gcp/observability/GcpObservability.java
+++ b/gcp-observability/src/main/java/io/grpc/gcp/observability/GcpObservability.java
@@ -127,6 +127,15 @@ static GcpObservability grpcInit(
   /** Un-initialize/shutdown grpc-observability. */
   @Override
   public void close() {
+    closeWithSleepTime(2 * METRICS_EXPORT_INTERVAL, TimeUnit.SECONDS);
+  }
+
+  /**
+   * Method to close along with sleep time explicitly.
+   *
+   * @param sleepTime sleepTime
+   */
+  void closeWithSleepTime(long sleepTime, TimeUnit timeUnit) {
     synchronized (GcpObservability.class) {
       if (instance == null) {
         throw new IllegalStateException("GcpObservability already closed!");
@@ -135,8 +144,7 @@ public void close() {
       if (config.isEnableCloudMonitoring() || config.isEnableCloudTracing()) {
         try {
           // Sleeping before shutdown to ensure all metrics and traces are flushed
-          Thread.sleep(
-              TimeUnit.MILLISECONDS.convert(2 * METRICS_EXPORT_INTERVAL, TimeUnit.SECONDS));
+          timeUnit.sleep(sleepTime);
         } catch (InterruptedException e) {
           Thread.currentThread().interrupt();
           logger.log(Level.SEVERE, "Caught exception during sleep", e);
diff --git a/gcp-observability/src/test/java/io/grpc/gcp/observability/GcpObservabilityTest.java b/gcp-observability/src/test/java/io/grpc/gcp/observability/GcpObservabilityTest.java
index 40f2fb01490..25467839dd6 100644
--- a/gcp-observability/src/test/java/io/grpc/gcp/observability/GcpObservabilityTest.java
+++ b/gcp-observability/src/test/java/io/grpc/gcp/observability/GcpObservabilityTest.java
@@ -45,6 +45,7 @@
 import io.opencensus.trace.samplers.Samplers;
 import java.io.IOException;
 import java.util.List;
+import java.util.concurrent.TimeUnit;
 import java.util.regex.Pattern;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -196,9 +197,9 @@ public void run() {
           mock(InternalLoggingServerInterceptor.Factory.class);
       when(serverInterceptorFactory.create()).thenReturn(serverInterceptor);
 
-      try (GcpObservability unused =
-          GcpObservability.grpcInit(
-              sink, config, channelInterceptorFactory, serverInterceptorFactory)) {
+      try {
+        GcpObservability gcpObservability = GcpObservability.grpcInit(
+            sink, config, channelInterceptorFactory, serverInterceptorFactory);
         List<?> configurators = InternalConfiguratorRegistry.getConfigurators();
         assertThat(configurators).hasSize(1);
         ObservabilityConfigurator configurator = (ObservabilityConfigurator) configurators.get(0);
@@ -208,9 +209,11 @@ public void run() {
         assertThat(list.get(2)).isInstanceOf(ConditionalClientInterceptor.class);
         assertThat(configurator.serverInterceptors).hasSize(1);
         assertThat(configurator.tracerFactories).hasSize(2);
+        gcpObservability.closeWithSleepTime(3000, TimeUnit.MILLISECONDS);
       } catch (Exception e) {
         fail("Encountered exception: " + e);
       }
+      verify(sink).close();
     }
   }
 

From 87aa6deadfb7d48847ddddcbfbdbb5ca5ee9c459 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Fri, 24 Jan 2025 16:42:56 -0800
Subject: [PATCH 159/591] core:Have acceptResolvedAddresses() do a seek when in
 CONNECTING state and cleanup removed subchannels when a seek was successful
 (#11849)

* Have acceptResolvedAddresses() do a seek when in CONNECTING state and cleanup removed subchannels when a seek was successful.
Move cleanup of removed subchannels into a method so it can be called from 2 places in acceptResolvedAddresses.
Since the seek could mean we never looked at the first address, if we go off the end of the index and haven't looked at the all of the addresses then instead of scheduleBackoff() we reset the index and request a connection.
---
 .../internal/PickFirstLeafLoadBalancer.java   | 59 +++++++++++++------
 .../PickFirstLeafLoadBalancerTest.java        | 14 +++--
 2 files changed, 48 insertions(+), 25 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
index 042f9e63630..bbc144ea775 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
@@ -137,14 +137,15 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     final ImmutableList<EquivalentAddressGroup> newImmutableAddressGroups =
         ImmutableList.<EquivalentAddressGroup>builder().addAll(cleanServers).build();
 
-    if (rawConnectivityState == READY) {
-      // If the previous ready subchannel exists in new address list,
+    if (rawConnectivityState == READY || rawConnectivityState == CONNECTING) {
+      // If the previous ready (or connecting) subchannel exists in new address list,
       // keep this connection and don't create new subchannels
       SocketAddress previousAddress = addressIndex.getCurrentAddress();
       addressIndex.updateGroups(newImmutableAddressGroups);
       if (addressIndex.seekTo(previousAddress)) {
         SubchannelData subchannelData = subchannels.get(previousAddress);
         subchannelData.getSubchannel().updateAddresses(addressIndex.getCurrentEagAsList());
+        shutdownRemovedAddresses(newImmutableAddressGroups);
         return Status.OK;
       }
       // Previous ready subchannel not in the new list of addresses
@@ -152,23 +153,11 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       addressIndex.updateGroups(newImmutableAddressGroups);
     }
 
-    // remove old subchannels that were not in new address list
-    Set<SocketAddress> oldAddrs = new HashSet<>(subchannels.keySet());
-
-    // Flatten the new EAGs addresses
-    Set<SocketAddress> newAddrs = new HashSet<>();
-    for (EquivalentAddressGroup endpoint : newImmutableAddressGroups) {
-      newAddrs.addAll(endpoint.getAddresses());
-    }
-
-    // Shut them down and remove them
-    for (SocketAddress oldAddr : oldAddrs) {
-      if (!newAddrs.contains(oldAddr)) {
-        subchannels.remove(oldAddr).getSubchannel().shutdown();
-      }
-    }
+    // No old addresses means first time through, so we will do an explicit move to CONNECTING
+    // which is what we implicitly started with
+    boolean noOldAddrs = shutdownRemovedAddresses(newImmutableAddressGroups);
 
-    if (oldAddrs.size() == 0) {
+    if (noOldAddrs) {
       // Make tests happy; they don't properly assume starting in CONNECTING
       rawConnectivityState = CONNECTING;
       updateBalancingState(CONNECTING, new Picker(PickResult.withNoResult()));
@@ -188,6 +177,31 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     return Status.OK;
   }
 
+  /**
+   * Compute the difference between the flattened new addresses and the old addresses that had been
+   * made into subchannels and then shutdown the matching subchannels.
+   * @return true if there were no old addresses
+   */
+  private boolean shutdownRemovedAddresses(
+      ImmutableList<EquivalentAddressGroup> newImmutableAddressGroups) {
+
+    Set<SocketAddress> oldAddrs = new HashSet<>(subchannels.keySet());
+
+    // Flatten the new EAGs addresses
+    Set<SocketAddress> newAddrs = new HashSet<>();
+    for (EquivalentAddressGroup endpoint : newImmutableAddressGroups) {
+      newAddrs.addAll(endpoint.getAddresses());
+    }
+
+    // Shut them down and remove them
+    for (SocketAddress oldAddr : oldAddrs) {
+      if (!newAddrs.contains(oldAddr)) {
+        subchannels.remove(oldAddr).getSubchannel().shutdown();
+      }
+    }
+    return oldAddrs.isEmpty();
+  }
+
   private static List<EquivalentAddressGroup> deDupAddresses(List<EquivalentAddressGroup> groups) {
     Set<SocketAddress> seenAddresses = new HashSet<>();
     List<EquivalentAddressGroup> newGroups = new ArrayList<>();
@@ -290,7 +304,14 @@ void processSubchannelState(SubchannelData subchannelData, ConnectivityStateInfo
             cancelScheduleTask();
             requestConnection(); // is recursive so might hit the end of the addresses
           } else {
-            scheduleBackoff();
+            if (subchannels.size() >= addressIndex.size()) {
+              scheduleBackoff();
+            } else {
+              // We must have done a seek to the middle of the list lets start over from the
+              // beginning
+              addressIndex.reset();
+              requestConnection();
+            }
           }
         }
 
diff --git a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
index 61bcb5c05ab..0e902bfdd56 100644
--- a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
+++ b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
@@ -2133,18 +2133,20 @@ public void lastAddressFailingNotTransientFailure() {
     loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder().setAddresses(newServers).setAttributes(affinity).build());
 
-    // Verify that no new subchannels were created or started
+    // Subchannel 2 should be reused since it was trying to connect and is present.
     inOrder.verify(mockSubchannel1).shutdown();
-    inOrder.verify(mockSubchannel3).start(stateListenerCaptor.capture());
-    SubchannelStateListener stateListener3 = stateListenerCaptor.getValue();
-    inOrder.verify(mockSubchannel3).requestConnection();
+    inOrder.verify(mockSubchannel3, never()).start(stateListenerCaptor.capture());
     assertEquals(CONNECTING, loadBalancer.getConcludedConnectivityState());
 
-    // Second address connection attempt is unsuccessful, but should not go into transient failure
+    // Second address connection attempt is unsuccessful, so since at end, but don't have all
+    // subchannels, schedule a backoff for the first address
     stateListener2.onSubchannelState(ConnectivityStateInfo.forTransientFailure(CONNECTION_ERROR));
+    fakeClock.forwardTime(1, TimeUnit.SECONDS);
+    inOrder.verify(mockSubchannel3).start(stateListenerCaptor.capture());
+    SubchannelStateListener stateListener3 = stateListenerCaptor.getValue();
     assertEquals(CONNECTING, loadBalancer.getConcludedConnectivityState());
 
-    // Third address connection attempt is unsuccessful, now we enter transient failure
+    // Third address connection attempt is unsuccessful, now we enter TF, do name resolution
     stateListener3.onSubchannelState(ConnectivityStateInfo.forTransientFailure(CONNECTION_ERROR));
     assertEquals(TRANSIENT_FAILURE, loadBalancer.getConcludedConnectivityState());
 

From 9e8629914fd12e08604ad8a6ae78853118acabe2 Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Tue, 28 Jan 2025 07:32:00 +0000
Subject: [PATCH 160/591] examples: Added README files for all missing Examples
 (#11676)

---
 examples/README.md                            | 126 +++---------------
 .../example-alts/{example-alts => }/README.md |   0
 .../java/io/grpc/examples/advanced/README.md  |  16 +++
 .../io/grpc/examples/cancellation/README.md   |  18 +++
 .../grpc/examples/customloadbalance/README.md |  19 +++
 .../java/io/grpc/examples/deadline/README.md  |  15 +++
 .../io/grpc/examples/errordetails/README.md   |  16 +++
 .../io/grpc/examples/errorhandling/README.md  |  27 ++++
 .../io/grpc/examples/experimental/README.md   |  13 ++
 .../java/io/grpc/examples/grpcproxy/README.md |  22 +++
 .../java/io/grpc/examples/header/README.md    |  16 +++
 .../io/grpc/examples/healthservice/README.md  |  10 ++
 .../java/io/grpc/examples/hedging/README.md   |  59 ++++++++
 .../io/grpc/examples/helloworld/README.md     |   7 +
 .../java/io/grpc/examples/keepalive/README.md |  16 +++
 .../io/grpc/examples/loadbalance/README.md    |  20 +++
 .../java/io/grpc/examples/multiplex/README.md |  20 +++
 .../io/grpc/examples/nameresolve/README.md    |  22 +++
 .../io/grpc/examples/preserialized/README.md  |  18 +++
 .../java/io/grpc/examples/retrying/README.md  |  27 ++++
 .../io/grpc/examples/routeguide/README.md     |  24 ++++
 .../io/grpc/examples/waitforready/README.md   |  29 ++++
 22 files changed, 436 insertions(+), 104 deletions(-)
 rename examples/example-alts/{example-alts => }/README.md (100%)
 create mode 100644 examples/src/main/java/io/grpc/examples/advanced/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/cancellation/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/customloadbalance/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/deadline/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/errordetails/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/errorhandling/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/experimental/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/grpcproxy/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/header/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/healthservice/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/hedging/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/helloworld/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/keepalive/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/loadbalance/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/multiplex/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/nameresolve/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/preserialized/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/retrying/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/routeguide/README.md
 create mode 100644 examples/src/main/java/io/grpc/examples/waitforready/README.md

diff --git a/examples/README.md b/examples/README.md
index b51d560d7bb..a07d1b38a14 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -27,114 +27,32 @@ before trying out the examples.
 
 - [Json serialization](src/main/java/io/grpc/examples/advanced)
 
-- <details>
-  <summary>Hedging</summary>
-
-  The [hedging example](src/main/java/io/grpc/examples/hedging) demonstrates that enabling hedging
-  can reduce tail latency. (Users should note that enabling hedging may introduce other overhead;
-  and in some scenarios, such as when some server resource gets exhausted for a period of time and
-  almost every RPC during that time has high latency or fails, hedging may make things worse.
-  Setting a throttle in the service config is recommended to protect the server from too many
-  inappropriate retry or hedging requests.)
-
-  The server and the client in the example are basically the same as those in the
-  [hello world](src/main/java/io/grpc/examples/helloworld) example, except that the server mimics a
-  long tail of latency, and the client sends 2000 requests and can turn on and off hedging.
-
-  To mimic the latency, the server randomly delays the RPC handling by 2 seconds at 10% chance, 5
-  seconds at 5% chance, and 10 seconds at 1% chance.
-
-  When running the client enabling the following hedging policy
-
-  ```json
-        "hedgingPolicy": {
-          "maxAttempts": 3,
-          "hedgingDelay": "1s"
-        }
-  ```
-  Then the latency summary in the client log is like the following
-
-  ```text
-  Total RPCs sent: 2,000. Total RPCs failed: 0
-  [Hedging enabled]
-  ========================
-  50% latency: 0ms
-  90% latency: 6ms
-  95% latency: 1,003ms
-  99% latency: 2,002ms
-  99.9% latency: 2,011ms
-  Max latency: 5,272ms
-  ========================
-  ```
-
-  See [the section below](#to-build-the-examples) for how to build and run the example. The
-  executables for the server and the client are `hedging-hello-world-server` and
-  `hedging-hello-world-client`.
-
-  To disable hedging, set environment variable `DISABLE_HEDGING_IN_HEDGING_EXAMPLE=true` before
-  running the client. That produces a latency summary in the client log like the following
-
-  ```text
-  Total RPCs sent: 2,000. Total RPCs failed: 0
-  [Hedging disabled]
-  ========================
-  50% latency: 0ms
-  90% latency: 2,002ms
-  95% latency: 5,002ms
-  99% latency: 10,004ms
-  99.9% latency: 10,007ms
-  Max latency: 10,007ms
-  ========================
-  ```
-
-</details>
-
-- <details>
-  <summary>Retrying</summary>
-
-  The [retrying example](src/main/java/io/grpc/examples/retrying) provides a HelloWorld gRPC client &
-  server which demos the effect of client retry policy configured on the [ManagedChannel](
-  ../api/src/main/java/io/grpc/ManagedChannel.java) via [gRPC ServiceConfig](
-  https://github.com/grpc/grpc/blob/master/doc/service_config.md). Retry policy implementation &
-  configuration details are outlined in the [proposal](https://github.com/grpc/proposal/blob/master/A6-client-retries.md).
-
-  This retrying example is very similar to the [hedging example](src/main/java/io/grpc/examples/hedging) in its setup.
-  The [RetryingHelloWorldServer](src/main/java/io/grpc/examples/retrying/RetryingHelloWorldServer.java) responds with
-  a status UNAVAILABLE error response to a specified percentage of requests to simulate server resource exhaustion and
-  general flakiness. The [RetryingHelloWorldClient](src/main/java/io/grpc/examples/retrying/RetryingHelloWorldClient.java) makes
-  a number of sequential requests to the server, several of which will be retried depending on the configured policy in
-  [retrying_service_config.json](src/main/resources/io/grpc/examples/retrying/retrying_service_config.json). Although
-  the requests are blocking unary calls for simplicity, these could easily be changed to future unary calls in order to
-  test the result of request concurrency with retry policy enabled.
-
-  One can experiment with the [RetryingHelloWorldServer](src/main/java/io/grpc/examples/retrying/RetryingHelloWorldServer.java)
-  failure conditions to simulate server throttling, as well as alter policy values in the [retrying_service_config.json](
-  src/main/resources/io/grpc/examples/retrying/retrying_service_config.json) to see their effects. To disable retrying
-  entirely, set environment variable `DISABLE_RETRYING_IN_RETRYING_EXAMPLE=true` before running the client.
-  Disabling the retry policy should produce many more failed gRPC calls as seen in the output log.
-
-  See [the section below](#to-build-the-examples) for how to build and run the example. The
-  executables for the server and the client are `retrying-hello-world-server` and
-  `retrying-hello-world-client`.
-
-</details>
-
-- <details>
-  <summary>Health Service</summary>
-
-  The [health service example](src/main/java/io/grpc/examples/healthservice)
-  provides a HelloWorld gRPC server that doesn't like short names along with a
-  health service.  It also provides a client application which makes HelloWorld 
-  calls and checks the health status.  
-
-  The client application also shows how the round robin load balancer can
-  utilize the health status to avoid making calls to a service that is
-  not actively serving.
-</details>
+- [Hedging example](src/main/java/io/grpc/examples/hedging)
 
+- [Retrying example](src/main/java/io/grpc/examples/retrying)
+
+- [Health Service example](src/main/java/io/grpc/examples/healthservice)
 
 - [Keep Alive](src/main/java/io/grpc/examples/keepalive)
 
+- [Cancellation](src/main/java/io/grpc/examples/cancellation)
+
+- [Custom Load Balance](src/main/java/io/grpc/examples/customloadbalance)
+
+- [Deadline](src/main/java/io/grpc/examples/deadline)
+
+- [Error Details](src/main/java/io/grpc/examples/errordetails)
+
+- [GRPC Proxy](src/main/java/io/grpc/examples/grpcproxy)
+
+- [Load Balance](src/main/java/io/grpc/examples/loadbalance)
+
+- [Multiplex](src/main/java/io/grpc/examples/multiplex)
+
+- [Name Resolve](src/main/java/io/grpc/examples/nameresolve)
+
+- [Pre-Serialized Messages](src/main/java/io/grpc/examples/preserialized)
+
 ### <a name="to-build-the-examples"></a> To build the examples
 
 1. **[Install gRPC Java library SNAPSHOT locally, including code generation plugin](../COMPILING.md) (Only need this step for non-released versions, e.g. master HEAD).**
diff --git a/examples/example-alts/example-alts/README.md b/examples/example-alts/README.md
similarity index 100%
rename from examples/example-alts/example-alts/README.md
rename to examples/example-alts/README.md
diff --git a/examples/src/main/java/io/grpc/examples/advanced/README.md b/examples/src/main/java/io/grpc/examples/advanced/README.md
new file mode 100644
index 00000000000..f5b5c6cc7fc
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/advanced/README.md
@@ -0,0 +1,16 @@
+gRPC JSON Serialization Example
+=====================
+
+gRPC is a modern high-performance framework for building Remote Procedure Call (RPC) systems.
+It commonly uses Protocol Buffers (Protobuf) as its serialization format, which is compact and efficient.
+However, gRPC can also support JSON serialization when needed, typically for interoperability with 
+systems or clients that do not use Protobuf.
+This is an advanced example of how to swap out the serialization logic, Normal users do not need to do this.
+This code is not intended to be a production-ready implementation, since JSON encoding is slow.
+Additionally, JSON serialization as implemented may be not resilient to malicious input.
+
+This advanced example uses Marshaller for JSON which marshals in the Protobuf 3 format described here
+https://developers.google.com/protocol-buffers/docs/proto3#json
+
+If you are considering implementing your own serialization logic, contact the grpc team at
+https://groups.google.com/forum/#!forum/grpc-io
diff --git a/examples/src/main/java/io/grpc/examples/cancellation/README.md b/examples/src/main/java/io/grpc/examples/cancellation/README.md
new file mode 100644
index 00000000000..6b11a17c517
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/cancellation/README.md
@@ -0,0 +1,18 @@
+gRPC Cancellation Example
+=====================
+
+When a gRPC client is no longer interested in the result of an RPC call,
+it may cancel to signal this discontinuation of interest to the server.
+
+Any abort of an ongoing RPC is considered "cancellation" of that RPC.
+The common causes of cancellation are the client explicitly cancelling, the deadline expires, and I/O failures.
+The service is not informed the reason for the cancellation.
+
+There are two APIs for services to be notified of RPC cancellation: io.grpc.Context and ServerCallStreamObserver
+
+Context listeners are called on a different thread, so need to be thread-safe.
+The ServerCallStreamObserver cancellation callback is called like other StreamObserver callbacks, 
+so the application may not need thread-safe handling.
+Both APIs have thread-safe isCancelled() polling methods.
+
+Refer the gRPC documentation for details on Cancellation of RPCs https://grpc.io/docs/guides/cancellation/
diff --git a/examples/src/main/java/io/grpc/examples/customloadbalance/README.md b/examples/src/main/java/io/grpc/examples/customloadbalance/README.md
new file mode 100644
index 00000000000..20dbccb81ac
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/customloadbalance/README.md
@@ -0,0 +1,19 @@
+gRPC Custom Load Balance Example
+=====================
+
+One of the key features of gRPC is load balancing, which allows requests from clients to be distributed across multiple servers. 
+This helps prevent any one server from becoming overloaded and allows the system to scale up by adding more servers.
+
+A gRPC load balancing policy is given a list of server IP addresses by the name resolver. 
+The policy is responsible for maintaining connections (subchannels) to the servers and picking a connection to use when an RPC is sent.
+
+This example gives the details about how we can implement our own custom load balance policy, If the built-in policies does not meet your requirements
+and follow below steps for the same.
+
+ - Register your implementation in the load balancer registry so that it can be referred to from the service config
+ - Parse the JSON configuration object of your implementation. This allows your load balancer to be configured in the service config with any arbitrary JSON you choose to support
+ - Manage what backends to maintain a connection with
+ - Implement a picker that will choose which backend to connect to when an RPC is made. Note that this needs to be a fast operation as it is on the RPC call path
+ - To enable your load balancer, configure it in your service config
+
+Refer the gRPC documentation for more details https://grpc.io/docs/guides/custom-load-balancing/
diff --git a/examples/src/main/java/io/grpc/examples/deadline/README.md b/examples/src/main/java/io/grpc/examples/deadline/README.md
new file mode 100644
index 00000000000..3c7646f1e5f
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/deadline/README.md
@@ -0,0 +1,15 @@
+gRPC Deadline Example
+=====================
+
+A Deadline is used to specify a point in time past which a client is unwilling to wait for a response from a server.
+This simple idea is very important in building robust distributed systems.
+Clients that do not wait around unnecessarily and servers that know when to give up processing requests will improve the resource utilization and latency of your system.
+
+Note that while some language APIs have the concept of a deadline, others use the idea of a timeout. 
+When an API asks for a deadline, you provide a point in time which the call should not go past.
+A timeout is the max duration of time that the call can take. 
+A timeout can be converted to a deadline by adding the timeout to the current time when the application starts a call.
+
+This Example gives usage and implementation of Deadline on Server, Client and Propagation.
+
+Refer the gRPC documentation for more details on Deadlines https://grpc.io/docs/guides/deadlines/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/errordetails/README.md b/examples/src/main/java/io/grpc/examples/errordetails/README.md
new file mode 100644
index 00000000000..8f241ba37a7
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/errordetails/README.md
@@ -0,0 +1,16 @@
+gRPC Error Details Example
+=====================
+
+If a gRPC call completes successfully the server returns an OK status to the client (depending on the language the OK status may or may not be directly used in your code). 
+But what happens if the call isn’t successful?
+
+This Example gives the usage and implementation of how return the error details if gRPC call not successful or fails
+and how to set and read com.google.rpc.Status objects as google.rpc.Status error details.
+
+gRPC allows detailed error information to be encapsulated in protobuf messages, which are sent alongside the status codes.
+
+If an error occurs, gRPC returns one of its error status codes with error message that provides further error details about what happened.
+
+Refer the below links for more details on error details and status codes  
+- https://grpc.io/docs/guides/error/
+- https://github.com/grpc/grpc-java/blob/master/api/src/main/java/io/grpc/Status.java
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/errorhandling/README.md b/examples/src/main/java/io/grpc/examples/errorhandling/README.md
new file mode 100644
index 00000000000..a920e939c86
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/errorhandling/README.md
@@ -0,0 +1,27 @@
+gRPC Error Handling Example
+=====================
+
+Error handling in gRPC is a critical aspect of designing reliable and robust distributed systems. 
+gRPC provides a standardized mechanism for handling errors using status codes, error details, and optional metadata.
+
+This Example gives the usage and implementation of how to handle the Errors/Exceptions in gRPC,
+shows how to extract error information from a failed RPC and setting and reading RPC error details.
+
+If a gRPC call completes successfully the server returns an OK status to the client (depending on the language the OK status may or may not be directly used in your code).
+
+If an error occurs gRPC returns one of its error status codes with error message that provides further error details about what happened.
+
+Error Propagation:
+- When an error occurs on the server, gRPC stops processing the RPC and sends the error (status code, description, and optional details) to the client.
+- On the client side, the error can be handled based on the status code.
+
+Client Side Error Handling: 
+ - The gRPC client typically throws an exception or returns an error object when an RPC fails.
+
+Server Side Error Handling:
+- Servers use the gRPC API to return errors explicitly using the grpc library's status functions.
+
+gRPC uses predefined status codes to represent the outcome of an RPC call. These status codes are part of the Status object that is sent from the server to the client.
+Each status code is accompanied by a human-readable description(Please refer https://github.com/grpc/grpc-java/blob/master/api/src/main/java/io/grpc/Status.java)
+
+Refer the gRPC documentation for more details on Error Handling https://grpc.io/docs/guides/error/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/experimental/README.md b/examples/src/main/java/io/grpc/examples/experimental/README.md
new file mode 100644
index 00000000000..295b0801538
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/experimental/README.md
@@ -0,0 +1,13 @@
+gRPC Compression Example
+=====================
+
+This example shows how clients can specify compression options when performing RPCs, 
+and how to enable compressed(i,e gzip) requests/responses for only particular method and in case of all methods by using the interceptors.
+
+Compression is used to reduce the amount of bandwidth used when communicating between client/server or peers and 
+can be enabled or disabled based on call or message level for all languages.
+
+gRPC allows asymmetrically compressed communication, whereby a response may be compressed differently with the request, 
+or not compressed at all.
+
+Refer the gRPC documentation for more details on Compression https://grpc.io/docs/guides/compression/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/grpcproxy/README.md b/examples/src/main/java/io/grpc/examples/grpcproxy/README.md
new file mode 100644
index 00000000000..cc13dc3d9d0
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/grpcproxy/README.md
@@ -0,0 +1,22 @@
+gRPC Proxy Example
+=====================
+
+A gRPC proxy is a component or tool that acts as an intermediary between gRPC clients and servers, 
+facilitating communication while offering additional capabilities.
+Proxies are used in scenarios where you need to handle tasks like load balancing, routing, monitoring, 
+or providing a bridge between gRPC and other protocols.
+
+GrpcProxy itself can be used unmodified to proxy any service for both unary and streaming.
+It doesn't care what type of messages are being used.
+The Registry class causes it to be called for any inbound RPC, and uses plain bytes for messages which avoids marshalling
+messages and the need for Protobuf schema information.
+
+We can run the Grpc Proxy with Route guide example to see how it works by running the below
+
+Route guide has unary and streaming RPCs which makes it a nice showcase, and we can run each in a separate terminal window.
+
+./build/install/examples/bin/route-guide-server 
+./build/install/examples/bin/grpc-proxy 
+./build/install/examples/bin/route-guide-client localhost:8981
+
+you can verify the proxy is being used by shutting down the proxy and seeing the client fail.
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/header/README.md b/examples/src/main/java/io/grpc/examples/header/README.md
new file mode 100644
index 00000000000..1563a2799cc
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/header/README.md
@@ -0,0 +1,16 @@
+gRPC Custom Header Example
+=====================
+
+This example gives the usage and implementation of how to create and process(send/receive) the custom headers between Client and Server 
+using the interceptors (HeaderServerInterceptor, ClientServerInterceptor) along with Metadata.
+
+Metadata is a side channel that allows clients and servers to provide information to each other that is associated with an RPC.
+gRPC metadata is a key-value pair of data that is sent with initial or final gRPC requests or responses. 
+It is used to provide additional information about the call, such as authentication credentials, 
+tracing information, or custom headers.
+
+gRPC metadata can be used to send custom headers to the server or from the server to the client. 
+This can be used to implement application-specific features, such as load balancing, 
+rate limiting or providing detailed error messages from the server to the client.
+
+Refer the gRPC documentation for more on Metadata/Headers https://grpc.io/docs/guides/metadata/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/healthservice/README.md b/examples/src/main/java/io/grpc/examples/healthservice/README.md
new file mode 100644
index 00000000000..181bd70977f
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/healthservice/README.md
@@ -0,0 +1,10 @@
+gRPC Health Service Example
+=====================
+
+The Health Service example provides a HelloWorld gRPC server that doesn't like short names along with a
+health service. It also provides a client application which makes HelloWorld
+calls and checks the health status.
+
+The client application also shows how the round robin load balancer can
+utilize the health status to avoid making calls to a service that is
+not actively serving.
diff --git a/examples/src/main/java/io/grpc/examples/hedging/README.md b/examples/src/main/java/io/grpc/examples/hedging/README.md
new file mode 100644
index 00000000000..0154e5c2cee
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/hedging/README.md
@@ -0,0 +1,59 @@
+gRPC Hedging Example
+=====================
+
+The Hedging example demonstrates that enabling hedging
+can reduce tail latency. (Users should note that enabling hedging may introduce other overhead;
+and in some scenarios, such as when some server resource gets exhausted for a period of time and
+almost every RPC during that time has high latency or fails, hedging may make things worse.
+Setting a throttle in the service config is recommended to protect the server from too many
+inappropriate retry or hedging requests.)
+
+The server and the client in the example are basically the same as those in the
+[hello world](src/main/java/io/grpc/examples/helloworld) example, except that the server mimics a
+long tail of latency, and the client sends 2000 requests and can turn on and off hedging.
+
+To mimic the latency, the server randomly delays the RPC handling by 2 seconds at 10% chance, 5
+seconds at 5% chance, and 10 seconds at 1% chance.
+
+When running the client enabling the following hedging policy
+
+  ```json
+        "hedgingPolicy": {
+          "maxAttempts": 3,
+          "hedgingDelay": "1s"
+        }
+  ```
+Then the latency summary in the client log is like the following
+
+  ```text
+  Total RPCs sent: 2,000. Total RPCs failed: 0
+  [Hedging enabled]
+  ========================
+  50% latency: 0ms
+  90% latency: 6ms
+  95% latency: 1,003ms
+  99% latency: 2,002ms
+  99.9% latency: 2,011ms
+  Max latency: 5,272ms
+  ========================
+  ```
+
+See [the section below](#to-build-the-examples) for how to build and run the example. The
+executables for the server and the client are `hedging-hello-world-server` and
+`hedging-hello-world-client`.
+
+To disable hedging, set environment variable `DISABLE_HEDGING_IN_HEDGING_EXAMPLE=true` before
+running the client. That produces a latency summary in the client log like the following
+
+  ```text
+  Total RPCs sent: 2,000. Total RPCs failed: 0
+  [Hedging disabled]
+  ========================
+  50% latency: 0ms
+  90% latency: 2,002ms
+  95% latency: 5,002ms
+  99% latency: 10,004ms
+  99.9% latency: 10,007ms
+  Max latency: 10,007ms
+  ========================
+  ```
diff --git a/examples/src/main/java/io/grpc/examples/helloworld/README.md b/examples/src/main/java/io/grpc/examples/helloworld/README.md
new file mode 100644
index 00000000000..5b11d4945c2
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/helloworld/README.md
@@ -0,0 +1,7 @@
+gRPC Hello World Example
+=====================
+This Example gives the details about basic implementation of gRPC Client and Server along with
+how the communication happens between them by sending a greeting message.
+
+Refer the gRPC documentation for more details on helloworld.proto specification, creation of gRPC services and 
+methods along with Execution process https://grpc.io/docs/languages/java/quickstart/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/keepalive/README.md b/examples/src/main/java/io/grpc/examples/keepalive/README.md
new file mode 100644
index 00000000000..7b5b72665e7
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/keepalive/README.md
@@ -0,0 +1,16 @@
+gRPC Keepalive Example
+=====================
+
+This example gives the usage and implementation of the Keepalives methods, configurations in gRPC Client and 
+Server and how the communication happens between them.
+
+HTTP/2 PING-based keepalives are a way to keep an HTTP/2 connection alive even when there is no data being transferred.
+This is done by periodically sending a PING Frames to the other end of the connection.
+HTTP/2 keepalives can improve performance and reliability of HTTP/2 connections, 
+but it is important to configure the keepalive interval carefully.
+
+gRPC sends http2 pings on the transport to detect if the connection is down.
+If the ping is not acknowledged by the other side within a certain period, the connection will be closed.
+Note that pings are only necessary when there's no activity on the connection.
+
+Refer the gRPC documentation for more on Keepalive details and configurations https://grpc.io/docs/guides/keepalive/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/loadbalance/README.md b/examples/src/main/java/io/grpc/examples/loadbalance/README.md
new file mode 100644
index 00000000000..0d19d2f3335
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/loadbalance/README.md
@@ -0,0 +1,20 @@
+gRPC Load Balance Example
+=====================
+
+One of the key features of gRPC is load balancing, which allows requests from clients to be distributed across multiple servers. 
+This helps prevent any one server from becoming overloaded and allows the system to scale up by adding more servers.
+
+A gRPC load balancing policy is given a list of server IP addresses by the name resolver. 
+The policy is responsible for maintaining connections (subchannels) to the servers and picking a connection to use when an RPC is sent.
+
+By default, the pick_first policy will be used. 
+This policy actually does no load balancing but just tries each address it gets from the name resolver and uses the first one it can connect to.
+By updating the gRPC service config you can also switch to using round_robin that connects to every address it gets and rotates through the connected backends for each RPC.
+There are also some other load balancing policies available, but the exact set varies by language.
+
+This example gives the details about how to implement Load Balance in gRPC, If the built-in policies does not meet your requirements
+you can implement your own custom load balance [Custom Load Balance](src/main/java/io/grpc/examples/customloadbalance)
+
+gRPC supports both client side and server side load balancing but by default gRPC uses client side load balancing.
+
+Refer the gRPC documentation for more details on Load Balancing https://grpc.io/blog/grpc-load-balancing/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/multiplex/README.md b/examples/src/main/java/io/grpc/examples/multiplex/README.md
new file mode 100644
index 00000000000..fb24642a41b
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/multiplex/README.md
@@ -0,0 +1,20 @@
+gRPC Multiplex Example
+=====================
+
+gRPC multiplexing refers to the ability of a single gRPC connection to handle multiple independent streams of communication simultaneously. 
+This is part of the HTTP/2 protocol on which gRPC is built. 
+Each gRPC connection supports multiple streams that can carry different RPCs, making it highly efficient for high-throughput, low-latency communication.
+
+In gRPC, sharing resources like channels and servers can improve efficiency and resource utilization.
+
+- Sharing gRPC Channels and Servers
+
+  1. Shared gRPC Channel:
+     - A single gRPC channel can be used by multiple stubs, enabling different service clients to communicate over the same connection.
+     - This minimizes the overhead of establishing and managing multiple connections
+
+  2. Shared gRPC Server:
+     - A single gRPC channel can be used by multiple stubs, enabling different service clients to communicate over the same connection.
+     - This minimizes the overhead of establishing and managing multiple connections    
+
+This example demonstrates how to implement a gRPC server that serves both a GreetingService and an EchoService, and a client that shares a single channel across multiple stubs for both services.
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/nameresolve/README.md b/examples/src/main/java/io/grpc/examples/nameresolve/README.md
new file mode 100644
index 00000000000..36c8d7e2a6b
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/nameresolve/README.md
@@ -0,0 +1,22 @@
+gRPC Name Resolve Example
+=====================
+
+This example explains standard name resolution process and how to implement it using the Name Resolver component.
+
+Name Resolution is fundamentally about Service Discovery.
+Name Resolution refers to the process of converting a name into an address and 
+Name Resolver is the component that implements the Name Resolution process.
+
+When sending gRPC Request, Client must determine the IP address of the Service Name,
+By Default DNS Name Resolution will be used when request received from the gRPC client.
+
+The Name Resolver in gRPC is necessary because clients often don’t know the exact IP address or port of the server 
+they need to connect to.
+
+The client registers an implementation of a **name resolver provider** to a process-global **registry** close to the start of the process. 
+The name resolver provider will be called by the **gRPC library** with a **target strings** intended for the custom name resolver. 
+Given that target string, the name resolver provider will return an instance of a **name resolver**, 
+which will interact with the client connection to direct the request according to the target string.
+
+Refer the gRPC documentation for more on Name Resolution and Custom Name Resolution 
+https://grpc.io/docs/guides/custom-name-resolution/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/preserialized/README.md b/examples/src/main/java/io/grpc/examples/preserialized/README.md
new file mode 100644
index 00000000000..d49b3507d03
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/preserialized/README.md
@@ -0,0 +1,18 @@
+gRPC Pre-Serialized Messages Example
+=====================
+
+This example gives the usage and implementation of pre-serialized request and response messages 
+communication/exchange between grpc client and server by using ByteArrayMarshaller which produces 
+a byte[] instead of decoding into typical POJOs.
+
+This is a performance optimization that can be useful if you read the request/response from on-disk or a database
+where it is already serialized, or if you need to send the same complicated message to many clients and servers.
+The same approach can avoid deserializing requests/responses, to be stored in a database.
+
+It shows how to modify MethodDescriptor to use bytes as the response instead of HelloReply. By
+adjusting toBuilder() you can choose which of the request and response are bytes.
+The generated bindService() uses ServerCalls to make RPC handlers, Since the generated
+bindService() won't expect byte[] in the AsyncService, this uses ServerCalls directly.
+
+Stubs use ClientCalls to send RPCs, Since the generated stub won't have byte[] in its
+method signature, this uses ClientCalls directly.
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/retrying/README.md b/examples/src/main/java/io/grpc/examples/retrying/README.md
new file mode 100644
index 00000000000..bb29ce75e43
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/retrying/README.md
@@ -0,0 +1,27 @@
+gRPC Retrying Example
+=====================
+
+The Retrying example provides a HelloWorld gRPC client &
+server which demos the effect of client retry policy configured on the [ManagedChannel](
+https://github.com/grpc/grpc-java/blob/master/api/src/main/java/io/grpc/ManagedChannel.java) via [gRPC ServiceConfig](
+https://github.com/grpc/grpc/blob/master/doc/service_config.md). Retry policy implementation &
+configuration details are outlined in the [proposal](https://github.com/grpc/proposal/blob/master/A6-client-retries.md).
+
+This retrying example is very similar to the [hedging example](https://github.com/grpc/grpc-java/tree/master/examples/src/main/java/io/grpc/examples/hedging) in its setup.
+The [RetryingHelloWorldServer](src/main/java/io/grpc/examples/retrying/RetryingHelloWorldServer.java) responds with
+a status UNAVAILABLE error response to a specified percentage of requests to simulate server resource exhaustion and
+general flakiness. The [RetryingHelloWorldClient](src/main/java/io/grpc/examples/retrying/RetryingHelloWorldClient.java) makes
+a number of sequential requests to the server, several of which will be retried depending on the configured policy in
+[retrying_service_config.json](https://github.com/grpc/grpc-java/blob/master/examples/src/main/resources/io/grpc/examples/retrying/retrying_service_config.json). Although
+the requests are blocking unary calls for simplicity, these could easily be changed to future unary calls in order to
+test the result of request concurrency with retry policy enabled.
+
+One can experiment with the [RetryingHelloWorldServer](src/main/java/io/grpc/examples/retrying/RetryingHelloWorldServer.java)
+failure conditions to simulate server throttling, as well as alter policy values in the [retrying_service_config.json](
+https://github.com/grpc/grpc-java/blob/master/examples/src/main/resources/io/grpc/examples/retrying/retrying_service_config.json) to see their effects. To disable retrying
+entirely, set environment variable `DISABLE_RETRYING_IN_RETRYING_EXAMPLE=true` before running the client.
+Disabling the retry policy should produce many more failed gRPC calls as seen in the output log.
+
+See [the section](https://github.com/grpc/grpc-java/tree/master/examples#-to-build-the-examples) for how to build and run the example. The
+executables for the server and the client are `retrying-hello-world-server` and
+`retrying-hello-world-client`.
diff --git a/examples/src/main/java/io/grpc/examples/routeguide/README.md b/examples/src/main/java/io/grpc/examples/routeguide/README.md
new file mode 100644
index 00000000000..2528b26410c
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/routeguide/README.md
@@ -0,0 +1,24 @@
+gRPC Route Guide Example
+=====================
+
+This example illustrates how to implement and use a gRPC server and client for a RouteGuide service, 
+which demonstrates all 4 types of gRPC methods (unary, client streaming, server streaming, and bidirectional streaming).
+Additionally, the service loads geographic features from a JSON file [route_guide_db.json](https://github.com/grpc/grpc-java/blob/master/examples/src/main/resources/io/grpc/examples/routeguide/route_guide_db.json) and retrieves features based on latitude and longitude.
+
+The route_guide.proto file defines a gRPC service with 4 types of RPC methods, showcasing different communication patterns between client and server.
+1. Unary RPC
+   - rpc GetFeature(Point) returns (Feature) {}
+2. Server-Side Streaming RPC
+    - rpc ListFeatures(Rectangle) returns (stream Feature) {}
+3. Client-Side Streaming RPC
+    - rpc RecordRoute(stream Point) returns (RouteSummary) {}  
+4. Bidirectional Streaming RPC
+    - rpc RouteChat(stream RouteNote) returns (stream RouteNote) {}    
+
+These RPC methods illustrate the versatility of gRPC in handling various communication patterns, 
+from simple request-response interactions to complex bidirectional streaming scenarios.
+
+For more details, refer to the full route_guide.proto file on GitHub: https://github.com/grpc/grpc-java/blob/master/examples/src/main/proto/route_guide.proto
+
+Refer the gRPC documentation for more details on creation, build and execution of route guide example with explanation
+https://grpc.io/docs/languages/java/basics/
\ No newline at end of file
diff --git a/examples/src/main/java/io/grpc/examples/waitforready/README.md b/examples/src/main/java/io/grpc/examples/waitforready/README.md
new file mode 100644
index 00000000000..1e294b453b6
--- /dev/null
+++ b/examples/src/main/java/io/grpc/examples/waitforready/README.md
@@ -0,0 +1,29 @@
+gRPC Wait-For-Ready Example
+=====================
+
+This example gives the usage and implementation of the Wait-For-Ready feature.
+
+This feature can be activated on a client stub, ensuring that Remote Procedure Calls (RPCs) are held until the server is ready to receive them. 
+By waiting for the server to become available before sending requests, this mechanism enhances reliability, 
+particularly in situations where server availability may be delayed or unpredictable.
+
+When an RPC is initiated and the channel fails to connect to the server, its behavior depends on the Wait-for-Ready option:
+
+- Without Wait-for-Ready (Default Behavior):
+
+  - The RPC will immediately fail if the channel cannot establish a connection, providing prompt feedback about the connectivity issue.
+
+- With Wait-for-Ready:
+  
+  - The RPC will not fail immediately. Instead, it will be queued and will wait until the connection is successfully established.
+    This approach is beneficial for handling temporary network disruptions more gracefully, ensuring the RPC is eventually executed once the connection is ready.
+
+
+Example gives the Simple client that requests a greeting from the HelloWorldServer and defines waitForReady on the stub.
+
+To test this flow need to follow below steps:
+- run this client without a server running(client rpc should hang)
+- start the server (client rpc should complete)
+- run this client again (client rpc should complete nearly immediately)
+
+Refer the gRPC documentation for more on Wait-For-Ready https://grpc.io/docs/guides/wait-for-ready/
\ No newline at end of file

From b3db8c2489af25b0d10b6f45e60fd50771aa93d1 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 28 Jan 2025 16:38:32 -0800
Subject: [PATCH 161/591] xds: Allow FaultFilter's interceptor to be reused

This is the only usage of PickSubchannelArgs when creating a filter's
ClientInterceptor, and a follow-up commit will remove the argument and
actually reuse the interceptors. Other filter's interceptors can
already be reused.

There doesn't seem to be any significant loss of legibility by making
FaultFilter a more ordinary interceptor, but the change does cause the
ForwardingClientCall to be present when faultDelay is configured,
independent of whether the fault delay ends up being triggered.

Reusing interceptors will move more state management out of the RPC path
which will be more relevant with RLQS.
---
 .../main/java/io/grpc/xds/FaultFilter.java    | 154 +++++++++---------
 1 file changed, 81 insertions(+), 73 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/FaultFilter.java b/xds/src/main/java/io/grpc/xds/FaultFilter.java
index d46b3d30f5a..b7f7fa9c226 100644
--- a/xds/src/main/java/io/grpc/xds/FaultFilter.java
+++ b/xds/src/main/java/io/grpc/xds/FaultFilter.java
@@ -190,94 +190,102 @@ public ClientInterceptor buildClientInterceptor(
       config = overrideConfig;
     }
     FaultConfig faultConfig = (FaultConfig) config;
-    Long delayNanos = null;
-    Status abortStatus = null;
-    if (faultConfig.maxActiveFaults() == null
-        || activeFaultCounter.get() < faultConfig.maxActiveFaults()) {
-      Metadata headers = args.getHeaders();
-      if (faultConfig.faultDelay() != null) {
-        delayNanos = determineFaultDelayNanos(faultConfig.faultDelay(), headers);
-      }
-      if (faultConfig.faultAbort() != null) {
-        abortStatus = determineFaultAbortStatus(faultConfig.faultAbort(), headers);
-      }
-    }
-    if (delayNanos == null && abortStatus == null) {
-      return null;
-    }
-    final Long finalDelayNanos = delayNanos;
-    final Status finalAbortStatus = getAbortStatusWithDescription(abortStatus);
 
     final class FaultInjectionInterceptor implements ClientInterceptor {
       @Override
       public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
           final MethodDescriptor<ReqT, RespT> method, final CallOptions callOptions,
           final Channel next) {
-        Executor callExecutor = callOptions.getExecutor();
-        if (callExecutor == null) { // This should never happen in practice because
-          // ManagedChannelImpl.ConfigSelectingClientCall always provides CallOptions with
-          // a callExecutor.
-          // TODO(https://github.com/grpc/grpc-java/issues/7868)
-          callExecutor = MoreExecutors.directExecutor();
+        boolean checkFault = false;
+        if (faultConfig.maxActiveFaults() == null
+            || activeFaultCounter.get() < faultConfig.maxActiveFaults()) {
+          checkFault = faultConfig.faultDelay() != null || faultConfig.faultAbort() != null;
         }
-        if (finalDelayNanos != null) {
-          Supplier<? extends ClientCall<ReqT, RespT>> callSupplier;
-          if (finalAbortStatus != null) {
-            callSupplier = Suppliers.ofInstance(
-                new FailingClientCall<ReqT, RespT>(finalAbortStatus, callExecutor));
-          } else {
-            callSupplier = new Supplier<ClientCall<ReqT, RespT>>() {
-              @Override
-              public ClientCall<ReqT, RespT> get() {
-                return next.newCall(method, callOptions);
-              }
-            };
+        if (!checkFault) {
+          return next.newCall(method, callOptions);
+        }
+        final class DeadlineInsightForwardingCall extends ForwardingClientCall<ReqT, RespT> {
+          private ClientCall<ReqT, RespT> delegate;
+
+          @Override
+          protected ClientCall<ReqT, RespT> delegate() {
+            return delegate;
           }
-          final DelayInjectedCall<ReqT, RespT> delayInjectedCall = new DelayInjectedCall<>(
-              finalDelayNanos, callExecutor, scheduler, callOptions.getDeadline(), callSupplier);
 
-          final class DeadlineInsightForwardingCall extends ForwardingClientCall<ReqT, RespT> {
-            @Override
-            protected ClientCall<ReqT, RespT> delegate() {
-              return delayInjectedCall;
+          @Override
+          public void start(Listener<RespT> listener, Metadata headers) {
+            Executor callExecutor = callOptions.getExecutor();
+            if (callExecutor == null) { // This should never happen in practice because
+              // ManagedChannelImpl.ConfigSelectingClientCall always provides CallOptions with
+              // a callExecutor.
+              // TODO(https://github.com/grpc/grpc-java/issues/7868)
+              callExecutor = MoreExecutors.directExecutor();
             }
 
-            @Override
-            public void start(Listener<RespT> listener, Metadata headers) {
-              Listener<RespT> finalListener =
-                  new SimpleForwardingClientCallListener<RespT>(listener) {
-                    @Override
-                    public void onClose(Status status, Metadata trailers) {
-                      if (status.getCode().equals(Code.DEADLINE_EXCEEDED)) {
-                        // TODO(zdapeng:) check effective deadline locally, and
-                        //   do the following only if the local deadline is exceeded.
-                        //   (If the server sends DEADLINE_EXCEEDED for its own deadline, then the
-                        //   injected delay does not contribute to the error, because the request is
-                        //   only sent out after the delay. There could be a race between local and
-                        //   remote, but it is rather rare.)
-                        String description = String.format(
-                            Locale.US,
-                            "Deadline exceeded after up to %d ns of fault-injected delay",
-                            finalDelayNanos);
-                        if (status.getDescription() != null) {
-                          description = description + ": " + status.getDescription();
-                        }
-                        status = Status.DEADLINE_EXCEEDED
-                            .withDescription(description).withCause(status.getCause());
-                        // Replace trailers to prevent mixing sources of status and trailers.
-                        trailers = new Metadata();
+            Long delayNanos;
+            Status abortStatus = null;
+            if (faultConfig.faultDelay() != null) {
+              delayNanos = determineFaultDelayNanos(faultConfig.faultDelay(), headers);
+            } else {
+              delayNanos = null;
+            }
+            if (faultConfig.faultAbort() != null) {
+              abortStatus = getAbortStatusWithDescription(
+                  determineFaultAbortStatus(faultConfig.faultAbort(), headers));
+            }
+
+            Supplier<? extends ClientCall<ReqT, RespT>> callSupplier;
+            if (abortStatus != null) {
+              callSupplier = Suppliers.ofInstance(
+                  new FailingClientCall<ReqT, RespT>(abortStatus, callExecutor));
+            } else {
+              callSupplier = new Supplier<ClientCall<ReqT, RespT>>() {
+                @Override
+                public ClientCall<ReqT, RespT> get() {
+                  return next.newCall(method, callOptions);
+                }
+              };
+            }
+            if (delayNanos == null) {
+              delegate = callSupplier.get();
+              delegate().start(listener, headers);
+              return;
+            }
+
+            delegate = new DelayInjectedCall<>(
+                delayNanos, callExecutor, scheduler, callOptions.getDeadline(), callSupplier);
+
+            Listener<RespT> finalListener =
+                new SimpleForwardingClientCallListener<RespT>(listener) {
+                  @Override
+                  public void onClose(Status status, Metadata trailers) {
+                    if (status.getCode().equals(Code.DEADLINE_EXCEEDED)) {
+                      // TODO(zdapeng:) check effective deadline locally, and
+                      //   do the following only if the local deadline is exceeded.
+                      //   (If the server sends DEADLINE_EXCEEDED for its own deadline, then the
+                      //   injected delay does not contribute to the error, because the request is
+                      //   only sent out after the delay. There could be a race between local and
+                      //   remote, but it is rather rare.)
+                      String description = String.format(
+                          Locale.US,
+                          "Deadline exceeded after up to %d ns of fault-injected delay",
+                          delayNanos);
+                      if (status.getDescription() != null) {
+                        description = description + ": " + status.getDescription();
                       }
-                      delegate().onClose(status, trailers);
+                      status = Status.DEADLINE_EXCEEDED
+                          .withDescription(description).withCause(status.getCause());
+                      // Replace trailers to prevent mixing sources of status and trailers.
+                      trailers = new Metadata();
                     }
-                  };
-              delegate().start(finalListener, headers);
-            }
+                    delegate().onClose(status, trailers);
+                  }
+                };
+            delegate().start(finalListener, headers);
           }
-
-          return new DeadlineInsightForwardingCall();
-        } else {
-          return new FailingClientCall<>(finalAbortStatus, callExecutor);
         }
+
+        return new DeadlineInsightForwardingCall();
       }
     }
 

From 7153ff8522f4aad9ae12c80984f0d5c56c94a949 Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Thu, 30 Jan 2025 12:52:37 +0530
Subject: [PATCH 162/591] netty: Removed 4096 min buffer size (#11856)

* netty: Removed 4096 min buffer size
---
 .../java/io/grpc/netty/NettyWritableBufferAllocator.java   | 5 +----
 .../io/grpc/netty/NettyWritableBufferAllocatorTest.java    | 7 -------
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/NettyWritableBufferAllocator.java b/netty/src/main/java/io/grpc/netty/NettyWritableBufferAllocator.java
index 9e93ee1155c..40b84717160 100644
--- a/netty/src/main/java/io/grpc/netty/NettyWritableBufferAllocator.java
+++ b/netty/src/main/java/io/grpc/netty/NettyWritableBufferAllocator.java
@@ -33,9 +33,6 @@
  */
 class NettyWritableBufferAllocator implements WritableBufferAllocator {
 
-  // Use 4k as our minimum buffer size.
-  private static final int MIN_BUFFER = 4 * 1024;
-
   // Set the maximum buffer size to 1MB.
   private static final int MAX_BUFFER = 1024 * 1024;
 
@@ -47,7 +44,7 @@ class NettyWritableBufferAllocator implements WritableBufferAllocator {
 
   @Override
   public WritableBuffer allocate(int capacityHint) {
-    capacityHint = Math.min(MAX_BUFFER, Math.max(MIN_BUFFER, capacityHint));
+    capacityHint = Math.min(MAX_BUFFER, capacityHint);
     return new NettyWritableBuffer(allocator.buffer(capacityHint, capacityHint));
   }
 }
diff --git a/netty/src/test/java/io/grpc/netty/NettyWritableBufferAllocatorTest.java b/netty/src/test/java/io/grpc/netty/NettyWritableBufferAllocatorTest.java
index d577ec46b03..0b741ae24b3 100644
--- a/netty/src/test/java/io/grpc/netty/NettyWritableBufferAllocatorTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyWritableBufferAllocatorTest.java
@@ -40,13 +40,6 @@ protected WritableBufferAllocator allocator() {
     return allocator;
   }
 
-  @Test
-  public void testCapacityHasMinimum() {
-    WritableBuffer buffer = allocator().allocate(100);
-    assertEquals(0, buffer.readableBytes());
-    assertEquals(4096, buffer.writableBytes());
-  }
-
   @Test
   public void testCapacityIsExactAboveMinimum() {
     WritableBuffer buffer = allocator().allocate(9000);

From 90aefb26e71fcc8d3f45fa5580dd3131b262db27 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 29 Jan 2025 14:26:35 -0800
Subject: [PATCH 163/591] core: Propagate authority override from LB exactly
 once

Setting the authority is only useful when creating a real stream, as
there will be a following pick otherwise. In addition, DelayedStream
will buffer each call to setAuthority() in a list and we don't want that
memory usage. Note that no LBs are using this feature yet, so users
would not have been exposed to the memory use.

We also needed to setAuthority() when the LB selected a subchannel on
the first pick attempt.
---
 .../grpc/internal/DelayedClientTransport.java | 23 +++++---
 .../internal/DelayedClientTransportTest.java  | 54 +++++++------------
 2 files changed, 36 insertions(+), 41 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
index 2ff94b7804a..f3faa92d4a0 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
@@ -140,9 +140,15 @@ public final ClientStream newStream(
           ClientTransport transport = GrpcUtil.getTransportFromPickResult(pickResult,
               callOptions.isWaitForReady());
           if (transport != null) {
-            return transport.newStream(
+            ClientStream stream = transport.newStream(
                 args.getMethodDescriptor(), args.getHeaders(), callOptions,
                 tracers);
+            // User code provided authority takes precedence over the LB provided one; this will be
+            // overwritten by ClientCallImpl if the application sets an authority override
+            if (pickResult.getAuthorityOverride() != null) {
+              stream.setAuthority(pickResult.getAuthorityOverride());
+            }
+            return stream;
           }
         }
         // This picker's conclusion is "buffer".  If there hasn't been a newer picker set (possible
@@ -287,10 +293,6 @@ final void reprocess(@Nullable SubchannelPicker picker) {
     for (final PendingStream stream : toProcess) {
       PickResult pickResult = picker.pickSubchannel(stream.args);
       CallOptions callOptions = stream.args.getCallOptions();
-      // User code provided authority takes precedence over the LB provided one.
-      if (callOptions.getAuthority() == null && pickResult.getAuthorityOverride() != null) {
-        stream.setAuthority(pickResult.getAuthorityOverride());
-      }
       final ClientTransport transport = GrpcUtil.getTransportFromPickResult(pickResult,
           callOptions.isWaitForReady());
       if (transport != null) {
@@ -301,7 +303,7 @@ final void reprocess(@Nullable SubchannelPicker picker) {
         if (callOptions.getExecutor() != null) {
           executor = callOptions.getExecutor();
         }
-        Runnable runnable = stream.createRealStream(transport);
+        Runnable runnable = stream.createRealStream(transport, pickResult.getAuthorityOverride());
         if (runnable != null) {
           executor.execute(runnable);
         }
@@ -354,7 +356,7 @@ private PendingStream(PickSubchannelArgs args, ClientStreamTracer[] tracers) {
     }
 
     /** Runnable may be null. */
-    private Runnable createRealStream(ClientTransport transport) {
+    private Runnable createRealStream(ClientTransport transport, String authorityOverride) {
       ClientStream realStream;
       Context origContext = context.attach();
       try {
@@ -364,6 +366,13 @@ private Runnable createRealStream(ClientTransport transport) {
       } finally {
         context.detach(origContext);
       }
+      if (authorityOverride != null) {
+        // User code provided authority takes precedence over the LB provided one; this will be
+        // overwritten by an enqueud call from ClientCallImpl if the application sets an authority
+        // override. We must call the real stream directly because stream.start() has likely already
+        // been called on the delayed stream.
+        realStream.setAuthority(authorityOverride);
+      }
       return setStream(realStream);
     }
 
diff --git a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
index a5160552a9e..f65e6abcf1b 100644
--- a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
@@ -503,26 +503,11 @@ public void uncaughtException(Thread t, Throwable e) {
   }
 
   @Test
-  public void reprocess_authorityOverridePresentInCallOptions_authorityOverrideFromLbIsIgnored() {
-    DelayedStream delayedStream = (DelayedStream) delayedTransport.newStream(
-        method, headers, callOptions, tracers);
-    delayedStream.start(mock(ClientStreamListener.class));
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    PickResult pickResult = PickResult.withSubchannel(
-        mockSubchannel, null, "authority-override-hostname-from-lb");
-    when(picker.pickSubchannel(any(PickSubchannelArgs.class))).thenReturn(pickResult);
-
-    delayedTransport.reprocess(picker);
-    fakeExecutor.runDueTasks();
-
-    verify(mockRealStream, never()).setAuthority("authority-override-hostname-from-lb");
-  }
-
-  @Test
-  public void
-        reprocess_authorityOverrideNotInCallOptions_authorityOverrideFromLbIsSetIntoStream() {
+  public void reprocess_authorityOverrideFromLb() {
+    InOrder inOrder = inOrder(mockRealStream);
     DelayedStream delayedStream = (DelayedStream) delayedTransport.newStream(
         method, headers, callOptions.withAuthority(null), tracers);
+    delayedStream.setAuthority("authority-override-from-calloptions");
     delayedStream.start(mock(ClientStreamListener.class));
     SubchannelPicker picker = mock(SubchannelPicker.class);
     PickResult pickResult = PickResult.withSubchannel(
@@ -536,7 +521,10 @@ public void reprocess_authorityOverridePresentInCallOptions_authorityOverrideFro
     delayedTransport.reprocess(picker);
     fakeExecutor.runDueTasks();
 
-    verify(mockRealStream).setAuthority("authority-override-hostname-from-lb");
+    // Must be set before start(), and may be overwritten
+    inOrder.verify(mockRealStream).setAuthority("authority-override-hostname-from-lb");
+    inOrder.verify(mockRealStream).setAuthority("authority-override-from-calloptions");
+    inOrder.verify(mockRealStream).start(any(ClientStreamListener.class));
   }
 
   @Test
@@ -563,28 +551,26 @@ public void reprocess_NoPendingStream() {
   }
 
   @Test
-  public void newStream_assignsTransport_authorityFromCallOptionsSupersedesAuthorityFromLB() {
+  public void newStream_authorityOverrideFromLb() {
+    InOrder inOrder = inOrder(mockRealStream);
     SubchannelPicker picker = mock(SubchannelPicker.class);
-    AbstractSubchannel subchannel = mock(AbstractSubchannel.class);
-    when(subchannel.getInternalSubchannel()).thenReturn(mockInternalSubchannel);
     PickResult pickResult = PickResult.withSubchannel(
-        subchannel, null, "authority-override-hostname-from-lb");
+        mockSubchannel, null, "authority-override-hostname-from-lb");
     when(picker.pickSubchannel(any(PickSubchannelArgs.class))).thenReturn(pickResult);
-    ArgumentCaptor<CallOptions> callOptionsArgumentCaptor =
-        ArgumentCaptor.forClass(CallOptions.class);
     when(mockRealTransport.newStream(
-        any(MethodDescriptor.class), any(Metadata.class), callOptionsArgumentCaptor.capture(),
-        ArgumentMatchers.<ClientStreamTracer[]>any()))
+        any(MethodDescriptor.class), any(Metadata.class), any(CallOptions.class), any()))
         .thenReturn(mockRealStream);
     delayedTransport.reprocess(picker);
-    verifyNoMoreInteractions(picker);
-    verifyNoMoreInteractions(transportListener);
 
-    CallOptions callOptions =
-        CallOptions.DEFAULT.withAuthority("authority-override-hosstname-from-calloptions");
-    delayedTransport.newStream(method, headers, callOptions, tracers);
-    assertThat(callOptionsArgumentCaptor.getValue().getAuthority()).isEqualTo(
-        "authority-override-hosstname-from-calloptions");
+    ClientStream stream = delayedTransport.newStream(method, headers, callOptions, tracers);
+    assertThat(stream).isSameInstanceAs(mockRealStream);
+    stream.setAuthority("authority-override-from-calloptions");
+    stream.start(mock(ClientStreamListener.class));
+
+    // Must be set before start(), and may be overwritten
+    inOrder.verify(mockRealStream).setAuthority("authority-override-hostname-from-lb");
+    inOrder.verify(mockRealStream).setAuthority("authority-override-from-calloptions");
+    inOrder.verify(mockRealStream).start(any(ClientStreamListener.class));
   }
 
   @Test

From c506190b0f1f19c389d9ef797d6c69fb41167850 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 30 Jan 2025 12:43:51 -0800
Subject: [PATCH 164/591] xds: Reuse filter interceptors across RPCs

This moves the interceptor creation from the ConfigSelector to the
resource update handling.

The code structure changes will make adding support for filter
lifecycles (for RLQS) a bit easier. The filter lifecycles will allow
filters to share state across interceptors, and constructing all the
interceptors on a single thread will mean filters wouldn't need to be
thread-safe (but their interceptors would be thread-safe).
---
 .../main/java/io/grpc/xds/FaultFilter.java    |   3 +-
 xds/src/main/java/io/grpc/xds/Filter.java     |   3 +-
 .../io/grpc/xds/GcpAuthenticationFilter.java  |   4 +-
 .../main/java/io/grpc/xds/RouterFilter.java   |   3 +-
 .../java/io/grpc/xds/XdsNameResolver.java     | 201 ++++++++++++------
 .../grpc/xds/GcpAuthenticationFilterTest.java |   2 +-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |   2 -
 7 files changed, 136 insertions(+), 82 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/FaultFilter.java b/xds/src/main/java/io/grpc/xds/FaultFilter.java
index b7f7fa9c226..c66861a9f15 100644
--- a/xds/src/main/java/io/grpc/xds/FaultFilter.java
+++ b/xds/src/main/java/io/grpc/xds/FaultFilter.java
@@ -37,7 +37,6 @@
 import io.grpc.Deadline;
 import io.grpc.ForwardingClientCall;
 import io.grpc.ForwardingClientCallListener.SimpleForwardingClientCallListener;
-import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.Status;
@@ -183,7 +182,7 @@ public ConfigOrError<FaultConfig> parseFilterConfigOverride(Message rawProtoMess
   @Nullable
   @Override
   public ClientInterceptor buildClientInterceptor(
-      FilterConfig config, @Nullable FilterConfig overrideConfig, PickSubchannelArgs args,
+      FilterConfig config, @Nullable FilterConfig overrideConfig,
       final ScheduledExecutorService scheduler) {
     checkNotNull(config, "config");
     if (overrideConfig != null) {
diff --git a/xds/src/main/java/io/grpc/xds/Filter.java b/xds/src/main/java/io/grpc/xds/Filter.java
index 4b2767687f3..29f8cc4e337 100644
--- a/xds/src/main/java/io/grpc/xds/Filter.java
+++ b/xds/src/main/java/io/grpc/xds/Filter.java
@@ -19,7 +19,6 @@
 import com.google.common.base.MoreObjects;
 import com.google.protobuf.Message;
 import io.grpc.ClientInterceptor;
-import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.ServerInterceptor;
 import java.util.Objects;
 import java.util.concurrent.ScheduledExecutorService;
@@ -59,7 +58,7 @@ interface FilterConfig {
   interface ClientInterceptorBuilder {
     @Nullable
     ClientInterceptor buildClientInterceptor(
-        FilterConfig config, @Nullable FilterConfig overrideConfig, PickSubchannelArgs args,
+        FilterConfig config, @Nullable FilterConfig overrideConfig,
         ScheduledExecutorService scheduler);
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index 6d05e8ffa95..f73494d74db 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -31,7 +31,6 @@
 import io.grpc.ClientCall;
 import io.grpc.ClientInterceptor;
 import io.grpc.CompositeCallCredentials;
-import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.Status;
@@ -97,8 +96,7 @@ public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(Message r
   @Nullable
   @Override
   public ClientInterceptor buildClientInterceptor(FilterConfig config,
-      @Nullable FilterConfig overrideConfig, PickSubchannelArgs args,
-      ScheduledExecutorService scheduler) {
+      @Nullable FilterConfig overrideConfig, ScheduledExecutorService scheduler) {
 
     ComputeEngineCredentials credentials = ComputeEngineCredentials.create();
     LruCache<String, CallCredentials> callCredentialsCache =
diff --git a/xds/src/main/java/io/grpc/xds/RouterFilter.java b/xds/src/main/java/io/grpc/xds/RouterFilter.java
index 7f1adf86a6d..8038c1b98ae 100644
--- a/xds/src/main/java/io/grpc/xds/RouterFilter.java
+++ b/xds/src/main/java/io/grpc/xds/RouterFilter.java
@@ -18,7 +18,6 @@
 
 import com.google.protobuf.Message;
 import io.grpc.ClientInterceptor;
-import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.ServerInterceptor;
 import io.grpc.xds.Filter.ClientInterceptorBuilder;
 import io.grpc.xds.Filter.ServerInterceptorBuilder;
@@ -64,7 +63,7 @@ public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(Message r
   @Nullable
   @Override
   public ClientInterceptor buildClientInterceptor(
-      FilterConfig config, @Nullable FilterConfig overrideConfig, PickSubchannelArgs args,
+      FilterConfig config, @Nullable FilterConfig overrideConfig,
       ScheduledExecutorService scheduler) {
     return null;
   }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 3c7f4455fde..5ac53763373 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -59,6 +59,7 @@
 import io.grpc.xds.VirtualHost.Route.RouteAction.ClusterWeight;
 import io.grpc.xds.VirtualHost.Route.RouteAction.HashPolicy;
 import io.grpc.xds.VirtualHost.Route.RouteAction.RetryPolicy;
+import io.grpc.xds.VirtualHost.Route.RouteMatch;
 import io.grpc.xds.XdsNameResolverProvider.CallCounterProvider;
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import io.grpc.xds.client.Bootstrapper.AuthorityInfo;
@@ -384,20 +385,17 @@ private final class ConfigSelector extends InternalConfigSelector {
     @Override
     public Result selectConfig(PickSubchannelArgs args) {
       String cluster = null;
-      Route selectedRoute = null;
+      ClientInterceptor filters = null; // null iff cluster is null
+      RouteData selectedRoute = null;
       RoutingConfig routingCfg;
-      Map<String, FilterConfig> selectedOverrideConfigs;
-      List<ClientInterceptor> filterInterceptors = new ArrayList<>();
       Metadata headers = args.getHeaders();
       do {
         routingCfg = routingConfig;
-        selectedOverrideConfigs = new HashMap<>(routingCfg.virtualHostOverrideConfig);
-        for (Route route : routingCfg.routes) {
+        for (RouteData route : routingCfg.routes) {
           if (RoutingUtils.matchRoute(
-                  route.routeMatch(), "/" + args.getMethodDescriptor().getFullMethodName(),
-              headers, random)) {
+                  route.routeMatch, "/" + args.getMethodDescriptor().getFullMethodName(),
+                  headers, random)) {
             selectedRoute = route;
-            selectedOverrideConfigs.putAll(route.filterConfigOverrides());
             break;
           }
         }
@@ -405,13 +403,14 @@ public Result selectConfig(PickSubchannelArgs args) {
           return Result.forError(
               Status.UNAVAILABLE.withDescription("Could not find xDS route matching RPC"));
         }
-        if (selectedRoute.routeAction() == null) {
+        if (selectedRoute.routeAction == null) {
           return Result.forError(Status.UNAVAILABLE.withDescription(
               "Could not route RPC to Route with non-forwarding action"));
         }
-        RouteAction action = selectedRoute.routeAction();
+        RouteAction action = selectedRoute.routeAction;
         if (action.cluster() != null) {
           cluster = prefixedClusterName(action.cluster());
+          filters = selectedRoute.filterChoices.get(0);
         } else if (action.weightedClusters() != null) {
           long totalWeight = 0;
           for (ClusterWeight weightedCluster : action.weightedClusters()) {
@@ -419,23 +418,25 @@ public Result selectConfig(PickSubchannelArgs args) {
           }
           long select = random.nextLong(totalWeight);
           long accumulator = 0;
-          for (ClusterWeight weightedCluster : action.weightedClusters()) {
+          for (int i = 0; i < action.weightedClusters().size(); i++) {
+            ClusterWeight weightedCluster = action.weightedClusters().get(i);
             accumulator += weightedCluster.weight();
             if (select < accumulator) {
               cluster = prefixedClusterName(weightedCluster.name());
-              selectedOverrideConfigs.putAll(weightedCluster.filterConfigOverrides());
+              filters = selectedRoute.filterChoices.get(i);
               break;
             }
           }
         } else if (action.namedClusterSpecifierPluginConfig() != null) {
           cluster =
               prefixedClusterSpecifierPluginName(action.namedClusterSpecifierPluginConfig().name());
+          filters = selectedRoute.filterChoices.get(0);
         }
       } while (!retainCluster(cluster));
       Long timeoutNanos = null;
       if (enableTimeout) {
         if (selectedRoute != null) {
-          timeoutNanos = selectedRoute.routeAction().timeoutNano();
+          timeoutNanos = selectedRoute.routeAction.timeoutNano();
         }
         if (timeoutNanos == null) {
           timeoutNanos = routingCfg.fallbackTimeoutNano;
@@ -445,7 +446,7 @@ public Result selectConfig(PickSubchannelArgs args) {
         }
       }
       RetryPolicy retryPolicy =
-          selectedRoute == null ? null : selectedRoute.routeAction().retryPolicy();
+          selectedRoute == null ? null : selectedRoute.routeAction.retryPolicy();
       // TODO(chengyuanzhang): avoid service config generation and parsing for each call.
       Map<String, ?> rawServiceConfig =
           generateServiceConfigWithMethodConfig(timeoutNanos, retryPolicy);
@@ -457,24 +458,9 @@ public Result selectConfig(PickSubchannelArgs args) {
             parsedServiceConfig.getError().augmentDescription(
                 "Failed to parse service config (method config)"));
       }
-      if (routingCfg.filterChain != null) {
-        for (NamedFilterConfig namedFilter : routingCfg.filterChain) {
-          FilterConfig filterConfig = namedFilter.filterConfig;
-          Filter filter = filterRegistry.get(filterConfig.typeUrl());
-          if (filter instanceof ClientInterceptorBuilder) {
-            ClientInterceptor interceptor = ((ClientInterceptorBuilder) filter)
-                .buildClientInterceptor(
-                    filterConfig, selectedOverrideConfigs.get(namedFilter.name),
-                    args, scheduler);
-            if (interceptor != null) {
-              filterInterceptors.add(interceptor);
-            }
-          }
-        }
-      }
       final String finalCluster = cluster;
-      final long hash = generateHash(selectedRoute.routeAction().hashPolicies(), headers);
-      Route finalSelectedRoute = selectedRoute;
+      final long hash = generateHash(selectedRoute.routeAction.hashPolicies(), headers);
+      RouteData finalSelectedRoute = selectedRoute;
       class ClusterSelectionInterceptor implements ClientInterceptor {
         @Override
         public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
@@ -483,7 +469,7 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
           CallOptions callOptionsForCluster =
               callOptions.withOption(CLUSTER_SELECTION_KEY, finalCluster)
                   .withOption(RPC_HASH_KEY, hash);
-          if (finalSelectedRoute.routeAction().autoHostRewrite()) {
+          if (finalSelectedRoute.routeAction.autoHostRewrite()) {
             callOptionsForCluster = callOptionsForCluster.withOption(AUTO_HOST_REWRITE_KEY, true);
           }
           return new SimpleForwardingClientCall<ReqT, RespT>(
@@ -514,11 +500,11 @@ public void onClose(Status status, Metadata trailers) {
         }
       }
 
-      filterInterceptors.add(new ClusterSelectionInterceptor());
       return
           Result.newBuilder()
               .setConfig(config)
-              .setInterceptor(combineInterceptors(filterInterceptors))
+              .setInterceptor(combineInterceptors(
+                  ImmutableList.of(filters, new ClusterSelectionInterceptor())))
               .build();
     }
 
@@ -584,8 +570,18 @@ private long generateHash(List<HashPolicy> hashPolicies, Metadata headers) {
     }
   }
 
+  static final class PassthroughClientInterceptor implements ClientInterceptor {
+    @Override
+    public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
+        MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
+      return next.newCall(method, callOptions);
+    }
+  }
+
   private static ClientInterceptor combineInterceptors(final List<ClientInterceptor> interceptors) {
-    checkArgument(!interceptors.isEmpty(), "empty interceptors");
+    if (interceptors.size() == 0) {
+      return new PassthroughClientInterceptor();
+    }
     if (interceptors.size() == 1) {
       return interceptors.get(0);
     }
@@ -722,6 +718,7 @@ private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDura
       }
 
       List<Route> routes = virtualHost.routes();
+      ImmutableList.Builder<RouteData> routesData = ImmutableList.builder();
 
       // Populate all clusters to which requests can be routed to through the virtual host.
       Set<String> clusters = new HashSet<>();
@@ -732,26 +729,34 @@ private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDura
       for (Route route : routes) {
         RouteAction action = route.routeAction();
         String prefixedName;
-        if (action != null) {
-          if (action.cluster() != null) {
-            prefixedName = prefixedClusterName(action.cluster());
+        if (action == null) {
+          routesData.add(new RouteData(route.routeMatch(), null, ImmutableList.of()));
+        } else if (action.cluster() != null) {
+          prefixedName = prefixedClusterName(action.cluster());
+          clusters.add(prefixedName);
+          clusterNameMap.put(prefixedName, action.cluster());
+          ClientInterceptor filters = createFilters(filterConfigs, virtualHost, route, null);
+          routesData.add(new RouteData(route.routeMatch(), route.routeAction(), filters));
+        } else if (action.weightedClusters() != null) {
+          ImmutableList.Builder<ClientInterceptor> filterList = ImmutableList.builder();
+          for (ClusterWeight weightedCluster : action.weightedClusters()) {
+            prefixedName = prefixedClusterName(weightedCluster.name());
             clusters.add(prefixedName);
-            clusterNameMap.put(prefixedName, action.cluster());
-          } else if (action.weightedClusters() != null) {
-            for (ClusterWeight weighedCluster : action.weightedClusters()) {
-              prefixedName = prefixedClusterName(weighedCluster.name());
-              clusters.add(prefixedName);
-              clusterNameMap.put(prefixedName, weighedCluster.name());
-            }
-          } else if (action.namedClusterSpecifierPluginConfig() != null) {
-            PluginConfig pluginConfig = action.namedClusterSpecifierPluginConfig().config();
-            if (pluginConfig instanceof RlsPluginConfig) {
-              prefixedName = prefixedClusterSpecifierPluginName(
-                  action.namedClusterSpecifierPluginConfig().name());
-              clusters.add(prefixedName);
-              rlsPluginConfigMap.put(prefixedName, (RlsPluginConfig) pluginConfig);
-            }
+            clusterNameMap.put(prefixedName, weightedCluster.name());
+            filterList.add(createFilters(filterConfigs, virtualHost, route, weightedCluster));
           }
+          routesData.add(
+              new RouteData(route.routeMatch(), route.routeAction(), filterList.build()));
+        } else if (action.namedClusterSpecifierPluginConfig() != null) {
+          PluginConfig pluginConfig = action.namedClusterSpecifierPluginConfig().config();
+          if (pluginConfig instanceof RlsPluginConfig) {
+            prefixedName = prefixedClusterSpecifierPluginName(
+                action.namedClusterSpecifierPluginConfig().name());
+            clusters.add(prefixedName);
+            rlsPluginConfigMap.put(prefixedName, (RlsPluginConfig) pluginConfig);
+          }
+          ClientInterceptor filters = createFilters(filterConfigs, virtualHost, route, null);
+          routesData.add(new RouteData(route.routeMatch(), route.routeAction(), filters));
         }
       }
 
@@ -796,10 +801,7 @@ private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDura
       }
       // Make newly added clusters selectable by config selector and deleted clusters no longer
       // selectable.
-      routingConfig =
-          new RoutingConfig(
-              httpMaxStreamDurationNano, routes, filterConfigs,
-              virtualHost.filterConfigOverrides());
+      routingConfig = new RoutingConfig(httpMaxStreamDurationNano, routesData.build());
       shouldUpdateResult = false;
       for (String cluster : deletedClusters) {
         int count = clusterRefs.get(cluster).refCount.decrementAndGet();
@@ -813,6 +815,37 @@ private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDura
       }
     }
 
+    private ClientInterceptor createFilters(
+        @Nullable List<NamedFilterConfig> filterConfigs,
+        VirtualHost virtualHost,
+        Route route,
+        @Nullable ClusterWeight weightedCluster) {
+      if (filterConfigs == null) {
+        return new PassthroughClientInterceptor();
+      }
+      Map<String, FilterConfig> selectedOverrideConfigs =
+          new HashMap<>(virtualHost.filterConfigOverrides());
+      selectedOverrideConfigs.putAll(route.filterConfigOverrides());
+      if (weightedCluster != null) {
+        selectedOverrideConfigs.putAll(weightedCluster.filterConfigOverrides());
+      }
+      ImmutableList.Builder<ClientInterceptor> filterInterceptors = ImmutableList.builder();
+      for (NamedFilterConfig namedFilter : filterConfigs) {
+        FilterConfig filterConfig = namedFilter.filterConfig;
+        Filter filter = filterRegistry.get(filterConfig.typeUrl());
+        if (filter instanceof ClientInterceptorBuilder) {
+          ClientInterceptor interceptor = ((ClientInterceptorBuilder) filter)
+              .buildClientInterceptor(
+                  filterConfig, selectedOverrideConfigs.get(namedFilter.name),
+                  scheduler);
+          if (interceptor != null) {
+            filterInterceptors.add(interceptor);
+          }
+        }
+      }
+      return combineInterceptors(filterInterceptors.build());
+    }
+
     private void cleanUpRoutes(String error) {
       if (existingClusters != null) {
         for (String cluster : existingClusters) {
@@ -903,22 +936,50 @@ public void onResourceDoesNotExist(final String resourceName) {
    */
   private static class RoutingConfig {
     private final long fallbackTimeoutNano;
-    final List<Route> routes;
-    // Null if HttpFilter is not supported.
-    @Nullable final List<NamedFilterConfig> filterChain;
-    final Map<String, FilterConfig> virtualHostOverrideConfig;
+    final ImmutableList<RouteData> routes;
 
-    private static RoutingConfig empty = new RoutingConfig(
-        0, Collections.emptyList(), null, Collections.emptyMap());
+    private static RoutingConfig empty = new RoutingConfig(0, ImmutableList.of());
 
-    private RoutingConfig(
-        long fallbackTimeoutNano, List<Route> routes, @Nullable List<NamedFilterConfig> filterChain,
-        Map<String, FilterConfig> virtualHostOverrideConfig) {
+    private RoutingConfig(long fallbackTimeoutNano, ImmutableList<RouteData> routes) {
       this.fallbackTimeoutNano = fallbackTimeoutNano;
-      this.routes = routes;
-      checkArgument(filterChain == null || !filterChain.isEmpty(), "filterChain is empty");
-      this.filterChain = filterChain == null ? null : Collections.unmodifiableList(filterChain);
-      this.virtualHostOverrideConfig = Collections.unmodifiableMap(virtualHostOverrideConfig);
+      this.routes = checkNotNull(routes, "routes");
+    }
+  }
+
+  static final class RouteData {
+    final RouteMatch routeMatch;
+    /** null implies non-forwarding action. */
+    @Nullable
+    final RouteAction routeAction;
+    /**
+     * Only one of these interceptors should be used per-RPC. There are only multiple values in the
+     * list for weighted clusters, in which case the order of the list mirrors the weighted
+     * clusters.
+     */
+    final ImmutableList<ClientInterceptor> filterChoices;
+
+    RouteData(RouteMatch routeMatch, @Nullable RouteAction routeAction, ClientInterceptor filter) {
+      this(routeMatch, routeAction, ImmutableList.of(filter));
+    }
+
+    RouteData(
+        RouteMatch routeMatch,
+        @Nullable RouteAction routeAction,
+        ImmutableList<ClientInterceptor> filterChoices) {
+      this.routeMatch = checkNotNull(routeMatch, "routeMatch");
+      checkArgument(
+          routeAction == null || !filterChoices.isEmpty(),
+          "filter may be empty only for non-forwarding action");
+      this.routeAction = routeAction;
+      if (routeAction != null && routeAction.weightedClusters() != null) {
+        checkArgument(
+            routeAction.weightedClusters().size() == filterChoices.size(),
+            "filter choices must match size of weighted clusters");
+      }
+      for (ClientInterceptor filter : filterChoices) {
+        checkNotNull(filter, "entry in filterChoices is null");
+      }
+      this.filterChoices = checkNotNull(filterChoices, "filterChoices");
     }
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
index ddd244c8551..3ca240ab7c7 100644
--- a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -92,7 +92,7 @@ public void testClientInterceptor_createsAndReusesCachedCredentials() {
     GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
 
     // Create interceptor
-    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null, null);
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
 
     // Mock channel and capture CallOptions
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 654e85143b8..5b9fdda1127 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -113,7 +113,6 @@
 import io.grpc.ClientInterceptor;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.InsecureChannelCredentials;
-import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.Status.Code;
 import io.grpc.internal.JsonUtil;
@@ -1266,7 +1265,6 @@ public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(
     @Override
     public ClientInterceptor buildClientInterceptor(FilterConfig config,
                                                     @Nullable FilterConfig overrideConfig,
-                                                    LoadBalancer.PickSubchannelArgs args,
                                                     ScheduledExecutorService scheduler) {
       return null;
     }

From 04f1cc5845fc52eaf1020c74cea6516d49205df2 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 30 Jan 2025 13:27:02 -0800
Subject: [PATCH 165/591] xds: Make XdsNR.RoutingConfig.empty a constant

The field was made final in 4b52639aa but was soon reverted in 3ebb3e192
because of what I assume was a bad merge conflict resolution. The field
has contained an immutable object since its introduction in d25f5acf1,
so it is pretty likely to remain a constant in the future.
---
 xds/src/main/java/io/grpc/xds/XdsNameResolver.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 5ac53763373..2b4f206aef1 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -129,7 +129,7 @@ final class XdsNameResolver extends NameResolver {
   private final long randomChannelId;
   private final MetricRecorder metricRecorder;
 
-  private volatile RoutingConfig routingConfig = RoutingConfig.empty;
+  private volatile RoutingConfig routingConfig = RoutingConfig.EMPTY;
   private Listener2 listener;
   private ObjectPool<XdsClient> xdsClientPool;
   private XdsClient xdsClient;
@@ -856,7 +856,7 @@ private void cleanUpRoutes(String error) {
         }
         existingClusters = null;
       }
-      routingConfig = RoutingConfig.empty;
+      routingConfig = RoutingConfig.EMPTY;
       // Without addresses the default LB (normally pick_first) should become TRANSIENT_FAILURE, and
       // the config selector handles the error message itself. Once the LB API allows providing
       // failure information for addresses yet still providing a service config, the config seector
@@ -938,7 +938,7 @@ private static class RoutingConfig {
     private final long fallbackTimeoutNano;
     final ImmutableList<RouteData> routes;
 
-    private static RoutingConfig empty = new RoutingConfig(0, ImmutableList.of());
+    private static final RoutingConfig EMPTY = new RoutingConfig(0, ImmutableList.of());
 
     private RoutingConfig(long fallbackTimeoutNano, ImmutableList<RouteData> routes) {
       this.fallbackTimeoutNano = fallbackTimeoutNano;

From b1bc0a9d240c2cc6ccf9cf02543c9d9118132c14 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 30 Jan 2025 11:21:26 -0800
Subject: [PATCH 166/591] alts: Add ClientCall support to AltsContextUtil

This adds a createFrom(Attributes) to mirror the check(Attributes) added
in ba8ab79. It also adds conveniences for ClientCall for both
createFrom() and check(). This allows getting peer information from
ClientCall and CallCredentials.RequestInfo, as was already available
from ServerCall.

The tests were reworked to test the Attribute-based methods and then
only basic tests for client/server.

Fixes #11042
---
 .../java/io/grpc/alts/AltsContextUtil.java    | 37 ++++++++-
 .../io/grpc/alts/AltsContextUtilTest.java     | 77 +++++++++++++++----
 2 files changed, 95 insertions(+), 19 deletions(-)

diff --git a/alts/src/main/java/io/grpc/alts/AltsContextUtil.java b/alts/src/main/java/io/grpc/alts/AltsContextUtil.java
index 5f2ce353761..f45179bbd91 100644
--- a/alts/src/main/java/io/grpc/alts/AltsContextUtil.java
+++ b/alts/src/main/java/io/grpc/alts/AltsContextUtil.java
@@ -17,6 +17,7 @@
 package io.grpc.alts;
 
 import io.grpc.Attributes;
+import io.grpc.ClientCall;
 import io.grpc.ExperimentalApi;
 import io.grpc.ServerCall;
 import io.grpc.alts.internal.AltsInternalContext;
@@ -29,14 +30,36 @@ public final class AltsContextUtil {
   private AltsContextUtil() {}
 
   /**
-   * Creates a {@link AltsContext} from ALTS context information in the {@link ServerCall}.
+   * Creates an {@link AltsContext} from ALTS context information in the {@link ServerCall}.
    *
    * @param call the {@link ServerCall} containing the ALTS information
    * @return the created {@link AltsContext}
    * @throws IllegalArgumentException if the {@link ServerCall} has no ALTS information.
    */
   public static AltsContext createFrom(ServerCall<?, ?> call) {
-    Object authContext = call.getAttributes().get(AltsProtocolNegotiator.AUTH_CONTEXT_KEY);
+    return createFrom(call.getAttributes());
+  }
+
+  /**
+   * Creates an {@link AltsContext} from ALTS context information in the {@link ClientCall}.
+   *
+   * @param call the {@link ClientCall} containing the ALTS information
+   * @return the created {@link AltsContext}
+   * @throws IllegalArgumentException if the {@link ClientCall} has no ALTS information.
+   */
+  public static AltsContext createFrom(ClientCall<?, ?> call) {
+    return createFrom(call.getAttributes());
+  }
+
+  /**
+   * Creates an {@link AltsContext} from ALTS context information in the {@link Attributes}.
+   *
+   * @param attributes the {@link Attributes} containing the ALTS information
+   * @return the created {@link AltsContext}
+   * @throws IllegalArgumentException if the {@link Attributes} has no ALTS information.
+   */
+  public static AltsContext createFrom(Attributes attributes) {
+    Object authContext = attributes.get(AltsProtocolNegotiator.AUTH_CONTEXT_KEY);
     if (!(authContext instanceof AltsInternalContext)) {
       throw new IllegalArgumentException("No ALTS context information found");
     }
@@ -53,6 +76,16 @@ public static boolean check(ServerCall<?, ?> call) {
     return check(call.getAttributes());
   }
 
+  /**
+   * Checks if the {@link ClientCall} contains ALTS information.
+   *
+   * @param call the {@link ClientCall} to check
+   * @return true, if the {@link ClientCall} contains ALTS information and false otherwise.
+   */
+  public static boolean check(ClientCall<?, ?> call) {
+    return check(call.getAttributes());
+  }
+
   /**
    * Checks if the {@link Attributes} contains ALTS information.
    *
diff --git a/alts/src/test/java/io/grpc/alts/AltsContextUtilTest.java b/alts/src/test/java/io/grpc/alts/AltsContextUtilTest.java
index 6fd2d840d45..675fa29fc99 100644
--- a/alts/src/test/java/io/grpc/alts/AltsContextUtilTest.java
+++ b/alts/src/test/java/io/grpc/alts/AltsContextUtilTest.java
@@ -24,6 +24,7 @@
 import static org.mockito.Mockito.when;
 
 import io.grpc.Attributes;
+import io.grpc.ClientCall;
 import io.grpc.ServerCall;
 import io.grpc.alts.AltsContext.SecurityLevel;
 import io.grpc.alts.internal.AltsInternalContext;
@@ -37,27 +38,38 @@
 /** Unit tests for {@link AltsContextUtil}. */
 @RunWith(JUnit4.class)
 public class AltsContextUtilTest {
-
-  private final ServerCall<?,?> call = mock(ServerCall.class);
-
   @Test
   public void check_noAttributeValue() {
-    when(call.getAttributes()).thenReturn(Attributes.newBuilder().build());
+    assertFalse(AltsContextUtil.check(Attributes.newBuilder().build()));
+  }
 
-    assertFalse(AltsContextUtil.check(call));
+  @Test
+  public void check_unexpectedAttributeValueType() {
+    assertFalse(AltsContextUtil.check(Attributes.newBuilder()
+        .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, new Object())
+        .build()));
   }
 
   @Test
-  public void contains_unexpectedAttributeValueType() {
+  public void check_altsInternalContext() {
+    assertTrue(AltsContextUtil.check(Attributes.newBuilder()
+        .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, AltsInternalContext.getDefaultInstance())
+        .build()));
+  }
+
+  @Test
+  public void checkServer_altsInternalContext() {
+    ServerCall<?,?> call = mock(ServerCall.class);
     when(call.getAttributes()).thenReturn(Attributes.newBuilder()
-        .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, new Object())
+        .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, AltsInternalContext.getDefaultInstance())
         .build());
 
-    assertFalse(AltsContextUtil.check(call));
+    assertTrue(AltsContextUtil.check(call));
   }
 
   @Test
-  public void contains_altsInternalContext() {
+  public void checkClient_altsInternalContext() {
+    ClientCall<?,?> call = mock(ClientCall.class);
     when(call.getAttributes()).thenReturn(Attributes.newBuilder()
         .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, AltsInternalContext.getDefaultInstance())
         .build());
@@ -66,26 +78,57 @@ public void contains_altsInternalContext() {
   }
 
   @Test
-  public void from_altsInternalContext() {
+  public void createFrom_altsInternalContext() {
     HandshakerResult handshakerResult =
         HandshakerResult.newBuilder()
             .setPeerIdentity(Identity.newBuilder().setServiceAccount("remote@peer"))
             .setLocalIdentity(Identity.newBuilder().setServiceAccount("local@peer"))
             .build();
-    when(call.getAttributes()).thenReturn(Attributes.newBuilder()
-        .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY,  new AltsInternalContext(handshakerResult))
-        .build());
 
-    AltsContext context = AltsContextUtil.createFrom(call);
+    AltsContext context = AltsContextUtil.createFrom(Attributes.newBuilder()
+        .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, new AltsInternalContext(handshakerResult))
+        .build());
     assertEquals("remote@peer", context.getPeerServiceAccount());
     assertEquals("local@peer", context.getLocalServiceAccount());
     assertEquals(SecurityLevel.INTEGRITY_AND_PRIVACY, context.getSecurityLevel());
   }
 
   @Test(expected = IllegalArgumentException.class)
-  public void from_noAttributeValue() {
-    when(call.getAttributes()).thenReturn(Attributes.newBuilder().build());
+  public void createFrom_noAttributeValue() {
+    AltsContextUtil.createFrom(Attributes.newBuilder().build());
+  }
 
-    AltsContextUtil.createFrom(call);
+  @Test
+  public void createFromServer_altsInternalContext() {
+    HandshakerResult handshakerResult =
+        HandshakerResult.newBuilder()
+            .setPeerIdentity(Identity.newBuilder().setServiceAccount("remote@peer"))
+            .setLocalIdentity(Identity.newBuilder().setServiceAccount("local@peer"))
+            .build();
+
+    ServerCall<?,?> call = mock(ServerCall.class);
+    when(call.getAttributes()).thenReturn(Attributes.newBuilder()
+        .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, new AltsInternalContext(handshakerResult))
+        .build());
+
+    AltsContext context = AltsContextUtil.createFrom(call);
+    assertEquals("remote@peer", context.getPeerServiceAccount());
+  }
+
+  @Test
+  public void createFromClient_altsInternalContext() {
+    HandshakerResult handshakerResult =
+        HandshakerResult.newBuilder()
+            .setPeerIdentity(Identity.newBuilder().setServiceAccount("remote@peer"))
+            .setLocalIdentity(Identity.newBuilder().setServiceAccount("local@peer"))
+            .build();
+
+    ClientCall<?,?> call = mock(ClientCall.class);
+    when(call.getAttributes()).thenReturn(Attributes.newBuilder()
+        .set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, new AltsInternalContext(handshakerResult))
+        .build());
+
+    AltsContext context = AltsContextUtil.createFrom(call);
+    assertEquals("remote@peer", context.getPeerServiceAccount());
   }
 }

From 4a10a381666ff0025057beb9359778f038bab6b9 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Tue, 4 Feb 2025 20:49:30 +0200
Subject: [PATCH 167/591] servlet: remove 4096 min buffer size

Similar to 7153ff8
---
 servlet/src/main/java/io/grpc/servlet/ServletServerStream.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
index 5d11abf0f90..bc367587cc6 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
@@ -168,7 +168,7 @@ private static final class ByteArrayWritableBuffer implements WritableBuffer {
     private int index;
 
     ByteArrayWritableBuffer(int capacityHint) {
-      this.bytes = new byte[min(1024 * 1024,  max(4096, capacityHint))];
+      this.bytes = new byte[min(1024 * 1024, capacityHint)];
       this.capacity = bytes.length;
     }
 

From ea3f644eefc0afb7ab66806e33a6b5189ff8f5f3 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 4 Feb 2025 10:51:13 -0800
Subject: [PATCH 168/591] Replace Kokoro ARM build with GitHub Actions

The Kokoro aarch64 build runs on x86 with an emulator, and has always
been flaky due to the slow execution speed. At present it is continually
failing due to deadline exceededs. GitHub Actions is running on aarch64
hardware, so is much faster (4 minutes vs 30 minutes, without including
the speedup from GitHub Action's caching).
---
 .github/workflows/branch-testing.yml      | 41 ++++++++++++++++++++
 buildscripts/kokoro/linux_aarch64.cfg     | 13 -------
 buildscripts/kokoro/linux_aarch64.sh      | 17 --------
 buildscripts/qemu_helpers/prepare_qemu.sh | 26 -------------
 buildscripts/run_arm64_tests_in_docker.sh | 47 -----------------------
 5 files changed, 41 insertions(+), 103 deletions(-)
 create mode 100644 .github/workflows/branch-testing.yml
 delete mode 100644 buildscripts/kokoro/linux_aarch64.cfg
 delete mode 100755 buildscripts/kokoro/linux_aarch64.sh
 delete mode 100755 buildscripts/qemu_helpers/prepare_qemu.sh
 delete mode 100755 buildscripts/run_arm64_tests_in_docker.sh

diff --git a/.github/workflows/branch-testing.yml b/.github/workflows/branch-testing.yml
new file mode 100644
index 00000000000..ece8ec4cd58
--- /dev/null
+++ b/.github/workflows/branch-testing.yml
@@ -0,0 +1,41 @@
+name: GitHub Actions Branch Testing
+
+on:
+  push:
+    branches:
+    - master
+    - 'v1.*'
+  schedule:
+  - cron: '54 19 * * SUN' # weekly at a "random" time
+
+permissions:
+  contents: read
+
+jobs:
+  arm64:
+    runs-on: ubuntu-24.04-arm
+    strategy:
+      matrix:
+        jre: [17]
+      fail-fast: false # Should swap to true if we grow a large matrix
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-java@v4
+      with:
+        java-version: ${{ matrix.jre }}
+        distribution: 'temurin'
+
+    - name: Gradle cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+
+    - name: Build
+      run: ./gradlew -Dorg.gradle.parallel=true -Dorg.gradle.jvmargs='-Xmx1g' -PskipAndroid=true -PskipCodegen=true -PerrorProne=false test
+
diff --git a/buildscripts/kokoro/linux_aarch64.cfg b/buildscripts/kokoro/linux_aarch64.cfg
deleted file mode 100644
index 325d910c5ea..00000000000
--- a/buildscripts/kokoro/linux_aarch64.cfg
+++ /dev/null
@@ -1,13 +0,0 @@
-# Config file for internal CI
-
-# Location of the continuous shell script in repository.
-build_file: "grpc-java/buildscripts/kokoro/linux_aarch64.sh"
-timeout_mins: 60
-
-action {
-  define_artifacts {
-    regex: "github/grpc-java/**/build/test-results/**/sponge_log.xml"
-    regex: "github/grpc-java/mvn-artifacts/**"
-    regex: "github/grpc-java/artifacts/**"
-  }
-}
diff --git a/buildscripts/kokoro/linux_aarch64.sh b/buildscripts/kokoro/linux_aarch64.sh
deleted file mode 100755
index f4a1292efb5..00000000000
--- a/buildscripts/kokoro/linux_aarch64.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-set -veux -o pipefail
-
-if [[ -f /VERSION ]]; then
-  cat /VERSION
-fi
-
-readonly GRPC_JAVA_DIR="$(cd "$(dirname "$0")"/../.. && pwd)"
-
-. "$GRPC_JAVA_DIR"/buildscripts/kokoro/kokoro.sh
-trap spongify_logs EXIT
-
-cd github/grpc-java
-
-buildscripts/qemu_helpers/prepare_qemu.sh
-
-buildscripts/run_arm64_tests_in_docker.sh
diff --git a/buildscripts/qemu_helpers/prepare_qemu.sh b/buildscripts/qemu_helpers/prepare_qemu.sh
deleted file mode 100755
index be0d733344f..00000000000
--- a/buildscripts/qemu_helpers/prepare_qemu.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# Setup and configure qemu userspace emulator on kokoro worker so that we can seamlessly emulate processes running
-# inside docker containers.
-
-set -ex
-
-# show pre-existing qemu registration
-cat /proc/sys/fs/binfmt_misc/qemu-aarch64 || true
-
-# Kokoro ubuntu1604 workers have already qemu-user and qemu-user-static packages installed, but it's and old version that:
-# * prints warning about some syscalls (e.g "qemu: Unsupported syscall: 278")
-# * doesn't register with binfmt_misc with the persistent ("F") flag we need (see below)
-#
-# To overcome the above limitations, we use the https://github.com/multiarch/qemu-user-static
-# docker image to provide a new enough version of qemu-user-static and register it with
-# the desired binfmt_misc flags. The most important flag we need is "F" (set by "--persistent yes"),
-# which allows the qemu-aarch64-static binary to be loaded eagerly at the time of registration with binfmt_misc.
-# That way, we can emulate aarch64 binaries running inside docker containers transparently, without needing the emulator
-# binary to be accessible from the docker image we're emulating.
-# Note that on newer distributions (such as glinux), simply "apt install qemu-user-static" is sufficient
-# to install qemu-user-static with the right flags.
-docker run --rm --privileged multiarch/qemu-user-static:5.2.0-2 --reset --credential yes --persistent yes
-
-# Print current qemu reqistration to make sure everything is setup correctly.
-cat /proc/sys/fs/binfmt_misc/qemu-aarch64
diff --git a/buildscripts/run_arm64_tests_in_docker.sh b/buildscripts/run_arm64_tests_in_docker.sh
deleted file mode 100755
index 76ef64ac6b6..00000000000
--- a/buildscripts/run_arm64_tests_in_docker.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-set -ex
-
-readonly grpc_java_dir="$(dirname "$(readlink -f "$0")")/.."
-
-if [[ -t 0 ]]; then
-  DOCKER_ARGS="-it"
-else
-  # The input device on kokoro is not a TTY, so -it does not work.
-  DOCKER_ARGS=
-fi
-
-
-cat <<EOF >> "${grpc_java_dir}/gradle.properties"
-skipAndroid=true
-skipCodegen=true
-org.gradle.parallel=true
-org.gradle.jvmargs=-Xmx1024m
-EOF
-
-export JAVA_OPTS="-Duser.home=/grpc-java/.current-user-home -Djava.util.prefs.userRoot=/grpc-java/.current-user-home/.java/.userPrefs"
-
-# build under x64 docker image to save time over building everything under
-# aarch64 emulator. We've already built and tested the protoc binaries
-# so for the rest of the build we will be using "-PskipCodegen=true"
-# avoid further complicating the build.
-docker run $DOCKER_ARGS --rm=true -v "${grpc_java_dir}":/grpc-java -w /grpc-java \
-  --user "$(id -u):$(id -g)" -e JAVA_OPTS \
-  openjdk:11-jdk-slim-buster \
-  ./gradlew build -x test
-
-# Build and run java tests under aarch64 image.
-# To be able to run this docker container on x64 machine, one needs to have
-# qemu-user-static properly registered with binfmt_misc.
-# The most important flag binfmt_misc flag we need is "F" (set by "--persistent yes"),
-# which allows the qemu-aarch64-static binary to be loaded eagerly at the time of registration with binfmt_misc.
-# That way, we can emulate aarch64 binaries running inside docker containers transparently, without needing the emulator
-# binary to be accessible from the docker image we're emulating.
-# Note that on newer distributions (such as glinux), simply "apt install qemu-user-static" is sufficient
-# to install qemu-user-static with the right flags.
-# A note on the "docker run" args used:
-# - run docker container under current user's UID to avoid polluting the workspace
-# - set the user.home property to avoid creating a "?" directory under grpc-java
-docker run $DOCKER_ARGS --rm=true -v "${grpc_java_dir}":/grpc-java -w /grpc-java \
-  --user "$(id -u):$(id -g)" -e JAVA_OPTS \
-  arm64v8/openjdk:11-jdk-slim-buster \
-  ./gradlew build

From 199a7ea3e828fc0fc4ce0de48666b222bb22218d Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 5 Feb 2025 10:37:22 -0800
Subject: [PATCH 169/591] xds: Improve XdsNR's selectConfig() variable handling

The variables from the do-while are no longer initialized to let the
compiler verify that the loop sets each. Unnecessary comparisons to null
are also removed and is more obvious as the variables are never set to
null. Added a minor optimization of computing the RPCs path once instead
of once for each route. The variable declarations were also sorted to
match their initialization order.

This does fix an unlikely bug where if the old code could successfully
matched a route but fail to retain the cluster, then when trying a
second time if the route was _not_ matched it would re-use the prior route
and thus infinite-loop failing to retain that same cluster.

It also adds a missing cast to unsigned long for a uint32 weight. The old
code would detect if the _sum_ was negative, but a weight using 32 bits
would have been negative and never selected.
---
 .../main/java/io/grpc/xds/VirtualHost.java    |  5 +--
 .../java/io/grpc/xds/XdsNameResolver.java     | 34 +++++++++++--------
 .../grpc/xds/XdsRouteConfigureResource.java   |  9 +++--
 3 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/VirtualHost.java b/xds/src/main/java/io/grpc/xds/VirtualHost.java
index 7dfa0b34a35..5cc979984c6 100644
--- a/xds/src/main/java/io/grpc/xds/VirtualHost.java
+++ b/xds/src/main/java/io/grpc/xds/VirtualHost.java
@@ -218,12 +218,13 @@ private static RouteAction create(
       abstract static class ClusterWeight {
         abstract String name();
 
-        abstract int weight();
+        abstract long weight();
 
         abstract ImmutableMap<String, FilterConfig> filterConfigOverrides();
 
         static ClusterWeight create(
-            String name, int weight, Map<String, FilterConfig> filterConfigOverrides) {
+            String name, long weight, Map<String, FilterConfig> filterConfigOverrides) {
+          checkArgument(weight >= 0, "weight must not be negative");
           return new AutoValue_VirtualHost_Route_RouteAction_ClusterWeight(
               name, weight, ImmutableMap.copyOf(filterConfigOverrides));
         }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 2b4f206aef1..21f5d5efce6 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -384,17 +384,17 @@ static boolean matchHostName(String hostName, String pattern) {
   private final class ConfigSelector extends InternalConfigSelector {
     @Override
     public Result selectConfig(PickSubchannelArgs args) {
-      String cluster = null;
-      ClientInterceptor filters = null; // null iff cluster is null
-      RouteData selectedRoute = null;
       RoutingConfig routingCfg;
+      RouteData selectedRoute;
+      String cluster;
+      ClientInterceptor filters;
       Metadata headers = args.getHeaders();
+      String path = "/" + args.getMethodDescriptor().getFullMethodName();
       do {
         routingCfg = routingConfig;
+        selectedRoute = null;
         for (RouteData route : routingCfg.routes) {
-          if (RoutingUtils.matchRoute(
-                  route.routeMatch, "/" + args.getMethodDescriptor().getFullMethodName(),
-                  headers, random)) {
+          if (RoutingUtils.matchRoute(route.routeMatch, path, headers, random)) {
             selectedRoute = route;
             break;
           }
@@ -412,13 +412,14 @@ public Result selectConfig(PickSubchannelArgs args) {
           cluster = prefixedClusterName(action.cluster());
           filters = selectedRoute.filterChoices.get(0);
         } else if (action.weightedClusters() != null) {
+          // XdsRouteConfigureResource verifies the total weight will not be 0 or exceed uint32
           long totalWeight = 0;
           for (ClusterWeight weightedCluster : action.weightedClusters()) {
             totalWeight += weightedCluster.weight();
           }
           long select = random.nextLong(totalWeight);
           long accumulator = 0;
-          for (int i = 0; i < action.weightedClusters().size(); i++) {
+          for (int i = 0; ; i++) {
             ClusterWeight weightedCluster = action.weightedClusters().get(i);
             accumulator += weightedCluster.weight();
             if (select < accumulator) {
@@ -431,13 +432,16 @@ public Result selectConfig(PickSubchannelArgs args) {
           cluster =
               prefixedClusterSpecifierPluginName(action.namedClusterSpecifierPluginConfig().name());
           filters = selectedRoute.filterChoices.get(0);
+        } else {
+          // updateRoutes() discards routes with unknown actions
+          throw new AssertionError();
         }
       } while (!retainCluster(cluster));
+
+      final RouteAction routeAction = selectedRoute.routeAction;
       Long timeoutNanos = null;
       if (enableTimeout) {
-        if (selectedRoute != null) {
-          timeoutNanos = selectedRoute.routeAction.timeoutNano();
-        }
+        timeoutNanos = routeAction.timeoutNano();
         if (timeoutNanos == null) {
           timeoutNanos = routingCfg.fallbackTimeoutNano;
         }
@@ -445,8 +449,7 @@ public Result selectConfig(PickSubchannelArgs args) {
           timeoutNanos = null;
         }
       }
-      RetryPolicy retryPolicy =
-          selectedRoute == null ? null : selectedRoute.routeAction.retryPolicy();
+      RetryPolicy retryPolicy = routeAction.retryPolicy();
       // TODO(chengyuanzhang): avoid service config generation and parsing for each call.
       Map<String, ?> rawServiceConfig =
           generateServiceConfigWithMethodConfig(timeoutNanos, retryPolicy);
@@ -459,8 +462,7 @@ public Result selectConfig(PickSubchannelArgs args) {
                 "Failed to parse service config (method config)"));
       }
       final String finalCluster = cluster;
-      final long hash = generateHash(selectedRoute.routeAction.hashPolicies(), headers);
-      RouteData finalSelectedRoute = selectedRoute;
+      final long hash = generateHash(routeAction.hashPolicies(), headers);
       class ClusterSelectionInterceptor implements ClientInterceptor {
         @Override
         public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
@@ -469,7 +471,7 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
           CallOptions callOptionsForCluster =
               callOptions.withOption(CLUSTER_SELECTION_KEY, finalCluster)
                   .withOption(RPC_HASH_KEY, hash);
-          if (finalSelectedRoute.routeAction.autoHostRewrite()) {
+          if (routeAction.autoHostRewrite()) {
             callOptionsForCluster = callOptionsForCluster.withOption(AUTO_HOST_REWRITE_KEY, true);
           }
           return new SimpleForwardingClientCall<ReqT, RespT>(
@@ -757,6 +759,8 @@ private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDura
           }
           ClientInterceptor filters = createFilters(filterConfigs, virtualHost, route, null);
           routesData.add(new RouteData(route.routeMatch(), route.routeAction(), filters));
+        } else {
+          // Discard route
         }
       }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
index 587c7a437ad..c5ca8d45cb3 100644
--- a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
@@ -496,8 +496,9 @@ static StructOrError<RouteAction> parseRouteAction(
             return StructOrError.fromError("RouteAction contains invalid ClusterWeight: "
                 + clusterWeightOrError.getErrorDetail());
           }
-          clusterWeightSum += clusterWeight.getWeight().getValue();
-          weightedClusters.add(clusterWeightOrError.getStruct());
+          ClusterWeight parsedWeight = clusterWeightOrError.getStruct();
+          clusterWeightSum += parsedWeight.weight();
+          weightedClusters.add(parsedWeight);
         }
         if (clusterWeightSum <= 0) {
           return StructOrError.fromError("Sum of cluster weights should be above 0.");
@@ -609,7 +610,9 @@ static StructOrError<VirtualHost.Route.RouteAction.ClusterWeight> parseClusterWe
               + overrideConfigs.getErrorDetail());
     }
     return StructOrError.fromStruct(VirtualHost.Route.RouteAction.ClusterWeight.create(
-        proto.getName(), proto.getWeight().getValue(), overrideConfigs.getStruct()));
+        proto.getName(),
+        Integer.toUnsignedLong(proto.getWeight().getValue()),
+        overrideConfigs.getStruct()));
   }
 
   @Nullable // null if the plugin is not supported, but it's marked as optional.

From 3142928fa3a530a2fe500bbc6a0873619238f3ee Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Wed, 5 Feb 2025 21:10:39 +0200
Subject: [PATCH 170/591] use gradle java-platform in grpc-bom; Fixes #5530
 (#11875)

* use gradle java-platform in grpc-bom; Fixes #5530

* fix withXml

* explicitly exclude grpc-compiler
---
 bom/build.gradle | 44 ++++++++++++++++++--------------------------
 1 file changed, 18 insertions(+), 26 deletions(-)

diff --git a/bom/build.gradle b/bom/build.gradle
index 1b1f98cff18..f7f3918372f 100644
--- a/bom/build.gradle
+++ b/bom/build.gradle
@@ -1,40 +1,32 @@
 plugins {
+  id 'java-platform'
   id "maven-publish"
 }
 
 description = 'gRPC: BOM'
 
+gradle.projectsEvaluated {
+  def projectsToInclude = rootProject.subprojects.findAll {
+    return it.name != 'grpc-compiler'
+        && it.plugins.hasPlugin('java')
+        && it.plugins.hasPlugin('maven-publish')
+        && it.tasks.findByName('publishMavenPublicationToMavenRepository')?.enabled
+  }
+  dependencies {
+    constraints {
+      projectsToInclude.each { api it }
+    }
+  }
+}
+
 publishing {
   publications {
     maven(MavenPublication) {
-      // remove all other artifacts since BOM doesn't generates any Jar
-      artifacts = []
-
+      from components.javaPlatform
       pom.withXml {
-        // Generate bom using subprojects
-        def internalProjects = [
-          project.name,
-          'grpc-compiler',
-        ]
-
-        def dependencyManagement = asNode().appendNode('dependencyManagement')
-        def dependencies = dependencyManagement.appendNode('dependencies')
-        rootProject.subprojects.each { subproject ->
-          if (internalProjects.contains(subproject.name)) {
-            return
-          }
-          if (!subproject.hasProperty('publishMavenPublicationToMavenRepository')) {
-            return
-          }
-          if (!subproject.publishMavenPublicationToMavenRepository.enabled) {
-            return
-          }
-          def dependencyNode = dependencies.appendNode('dependency')
-          dependencyNode.appendNode('groupId', subproject.group)
-          dependencyNode.appendNode('artifactId', subproject.name)
-          dependencyNode.appendNode('version', subproject.version)
-        }
+        def dependencies = asNode().dependencyManagement.dependencies.last()
         // add protoc gen (produced by grpc-compiler with different artifact name)
+        // not sure how to express "<type>pom</type>" in gradle, kept in XML
         def dependencyNode = dependencies.appendNode('dependency')
         dependencyNode.appendNode('groupId', project.group)
         dependencyNode.appendNode('artifactId', 'protoc-gen-grpc-java')

From 44e92e2c2c72cd9fc03b1fda1d5335ddf8a1b618 Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Thu, 6 Feb 2025 03:48:20 +0530
Subject: [PATCH 171/591] core: updates the backoff range as per the A6
 redefinition (#11858)

* core: updates the backoff range being used from [0, 1] to [0.8, 1.2] as per the A6 redefinition

* adds a flag for experimental jitter

* xds: Allow FaultFilter's interceptor to be reused

This is the only usage of PickSubchannelArgs when creating a filter's
ClientInterceptor, and a follow-up commit will remove the argument and
actually reuse the interceptors. Other filter's interceptors can
already be reused.

There doesn't seem to be any significant loss of legibility by making
FaultFilter a more ordinary interceptor, but the change does cause the
ForwardingClientCall to be present when faultDelay is configured,
independent of whether the fault delay ends up being triggered.

Reusing interceptors will move more state management out of the RPC path
which will be more relevant with RLQS.

* netty: Removed 4096 min buffer size (#11856)

* netty: Removed 4096 min buffer size

* turns the flag in a var for better efficiency

---------

Co-authored-by: Eric Anderson <ejona@google.com>
---
 .../io/grpc/internal/RetriableStream.java     | 11 ++-
 .../grpc/internal/ManagedChannelImplTest.java |  4 +-
 .../io/grpc/internal/RetriableStreamTest.java | 79 +++++++++----------
 .../grpc/testing/integration/RetryTest.java   | 10 +--
 4 files changed, 55 insertions(+), 49 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/RetriableStream.java b/core/src/main/java/io/grpc/internal/RetriableStream.java
index 85d7bc86584..7765408a627 100644
--- a/core/src/main/java/io/grpc/internal/RetriableStream.java
+++ b/core/src/main/java/io/grpc/internal/RetriableStream.java
@@ -846,6 +846,15 @@ public void run() {
     }
   }
 
+  private static final boolean isExperimentalRetryJitterEnabled = GrpcUtil
+          .getFlag("GRPC_EXPERIMENTAL_XDS_RLS_LB", true);
+
+  public static long intervalWithJitter(long intervalNanos) {
+    double inverseJitterFactor = isExperimentalRetryJitterEnabled
+            ? 0.8 * random.nextDouble() + 0.4 : random.nextDouble();
+    return (long) (intervalNanos * inverseJitterFactor);
+  }
+
   private static final class SavedCloseMasterListenerReason {
     private final Status status;
     private final RpcProgress progress;
@@ -1066,7 +1075,7 @@ private RetryPlan makeRetryDecision(Status status, Metadata trailer) {
         if (pushbackMillis == null) {
           if (isRetryableStatusCode) {
             shouldRetry = true;
-            backoffNanos = (long) (nextBackoffIntervalNanos * random.nextDouble());
+            backoffNanos = intervalWithJitter(nextBackoffIntervalNanos);
             nextBackoffIntervalNanos = Math.min(
                 (long) (nextBackoffIntervalNanos * retryPolicy.backoffMultiplier),
                 retryPolicy.maxBackoffNanos);
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 98900cecf2b..21ccf1095df 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -3875,7 +3875,7 @@ public double nextDouble() {
         Status.UNAVAILABLE, PROCESSED, new Metadata());
 
     // in backoff
-    timer.forwardTime(5, TimeUnit.SECONDS);
+    timer.forwardTime(6, TimeUnit.SECONDS);
     assertThat(timer.getPendingTasks()).hasSize(1);
     verify(mockStream2, never()).start(any(ClientStreamListener.class));
 
@@ -3894,7 +3894,7 @@ public double nextDouble() {
     assertEquals("Channel shutdown invoked", statusCaptor.getValue().getDescription());
 
     // backoff ends
-    timer.forwardTime(5, TimeUnit.SECONDS);
+    timer.forwardTime(6, TimeUnit.SECONDS);
     assertThat(timer.getPendingTasks()).isEmpty();
     verify(mockStream2).start(streamListenerCaptor.capture());
     verify(mockLoadBalancer, never()).shutdown();
diff --git a/core/src/test/java/io/grpc/internal/RetriableStreamTest.java b/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
index 658ed70a135..9b1ec343bb7 100644
--- a/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
@@ -147,6 +147,17 @@ public double nextDouble() {
   private final ChannelBufferMeter channelBufferUsed = new ChannelBufferMeter();
   private final FakeClock fakeClock = new FakeClock();
 
+  private static long calculateBackoffWithRetries(int retryCount) {
+    // Calculate the exponential backoff delay with jitter
+    double exponent = retryCount > 0 ? Math.pow(BACKOFF_MULTIPLIER, retryCount) : 1;
+    long delay = (long) (INITIAL_BACKOFF_IN_SECONDS * exponent);
+    return RetriableStream.intervalWithJitter(delay);
+  }
+
+  private static long calculateMaxBackoff() {
+    return RetriableStream.intervalWithJitter(MAX_BACKOFF_IN_SECONDS);
+  }
+
   private final class RecordedRetriableStream extends RetriableStream<String> {
     RecordedRetriableStream(MethodDescriptor<String, ?> method, Metadata headers,
         ChannelBufferMeter channelBufferUsed, long perRpcBufferLimit, long channelBufferLimit,
@@ -307,7 +318,7 @@ public Void answer(InvocationOnMock in) {
     retriableStream.sendMessage("msg1 during backoff1");
     retriableStream.sendMessage("msg2 during backoff1");
 
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM) - 1L, TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0) - 1L, TimeUnit.SECONDS);
     inOrder.verifyNoMoreInteractions();
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
@@ -364,9 +375,7 @@ public Void answer(InvocationOnMock in) {
     retriableStream.sendMessage("msg2 during backoff2");
     retriableStream.sendMessage("msg3 during backoff2");
 
-    fakeClock.forwardTime(
-        (long) (INITIAL_BACKOFF_IN_SECONDS * BACKOFF_MULTIPLIER * FAKE_RANDOM) - 1L,
-        TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(1) - 1L, TimeUnit.SECONDS);
     inOrder.verifyNoMoreInteractions();
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
@@ -459,7 +468,7 @@ public void retry_headersRead_cancel() {
     sublistenerCaptor1.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor2 =
         ArgumentCaptor.forClass(ClientStreamListener.class);
@@ -518,7 +527,7 @@ public void retry_headersRead_closed() {
     doReturn(mockStream2).when(retriableStreamRecorder).newSubstream(1);
     sublistenerCaptor1.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor2 =
         ArgumentCaptor.forClass(ClientStreamListener.class);
@@ -584,7 +593,7 @@ public void retry_cancel_closed() {
     doReturn(mockStream2).when(retriableStreamRecorder).newSubstream(1);
     sublistenerCaptor1.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor2 =
         ArgumentCaptor.forClass(ClientStreamListener.class);
@@ -687,7 +696,7 @@ public void retry_unretriableClosed_cancel() {
     doReturn(mockStream2).when(retriableStreamRecorder).newSubstream(1);
     sublistenerCaptor1.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor2 =
         ArgumentCaptor.forClass(ClientStreamListener.class);
@@ -821,7 +830,7 @@ public boolean isReady() {
     // send more requests during backoff
     retriableStream.request(789);
 
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     inOrder.verify(mockStream2).start(sublistenerCaptor2.get());
     inOrder.verify(mockStream2).request(3);
@@ -875,7 +884,7 @@ public void request(int numMessages) {
     doReturn(mockStream2).when(retriableStreamRecorder).newSubstream(1);
     sublistenerCaptor1.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     inOrder.verify(mockStream2).start(sublistenerCaptor2.capture());
     inOrder.verify(mockStream2).request(3);
@@ -920,7 +929,7 @@ public void start(ClientStreamListener listener) {
     doReturn(mockStream2).when(retriableStreamRecorder).newSubstream(1);
     sublistenerCaptor1.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     inOrder.verify(mockStream2).start(sublistenerCaptor2.capture());
     inOrder.verify(retriableStreamRecorder).postCommit();
@@ -1028,7 +1037,7 @@ public boolean isReady() {
     retriableStream.request(789);
     readiness.add(retriableStream.isReady()); // expected false b/c in backoff
 
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     verify(mockStream2).start(any(ClientStreamListener.class));
     readiness.add(retriableStream.isReady()); // expected true
@@ -1110,7 +1119,7 @@ public void addPrevRetryAttemptsToRespHeaders() {
     doReturn(mockStream2).when(retriableStreamRecorder).newSubstream(1);
     sublistenerCaptor1.getValue().closed(
             Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor2 =
             ArgumentCaptor.forClass(ClientStreamListener.class);
@@ -1160,13 +1169,12 @@ public void start(ClientStreamListener listener) {
     listener1.closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
 
     // send requests during backoff
     retriableStream.request(3);
-    fakeClock.forwardTime(
-        (long) (INITIAL_BACKOFF_IN_SECONDS * BACKOFF_MULTIPLIER * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(1), TimeUnit.SECONDS);
 
     retriableStream.request(1);
     verify(mockStream1, never()).request(anyInt());
@@ -1207,7 +1215,7 @@ public void start(ClientStreamListener listener) {
     // retry
     listener1.closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
 
     verify(mockStream2).start(any(ClientStreamListener.class));
     verify(retriableStreamRecorder).postCommit();
@@ -1260,7 +1268,7 @@ public void perRpcBufferLimitExceededDuringBackoff() {
     bufferSizeTracer.outboundWireSize(2);
     verify(retriableStreamRecorder, never()).postCommit();
 
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
     verify(mockStream2).start(any(ClientStreamListener.class));
     verify(mockStream2).isReady();
 
@@ -1332,7 +1340,7 @@ public void expBackoff_maxBackoff_maxRetryAttempts() {
     sublistenerCaptor1.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM) - 1L, TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0) - 1L, TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertEquals(0, fakeClock.numPendingTasks());
@@ -1347,9 +1355,7 @@ public void expBackoff_maxBackoff_maxRetryAttempts() {
     sublistenerCaptor2.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_2), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime(
-        (long) (INITIAL_BACKOFF_IN_SECONDS * BACKOFF_MULTIPLIER * FAKE_RANDOM) - 1L,
-        TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(1) - 1L, TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertEquals(0, fakeClock.numPendingTasks());
@@ -1364,10 +1370,7 @@ public void expBackoff_maxBackoff_maxRetryAttempts() {
     sublistenerCaptor3.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime(
-        (long) (INITIAL_BACKOFF_IN_SECONDS * BACKOFF_MULTIPLIER * BACKOFF_MULTIPLIER * FAKE_RANDOM)
-            - 1L,
-        TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(2) - 1L, TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertEquals(0, fakeClock.numPendingTasks());
@@ -1382,7 +1385,7 @@ public void expBackoff_maxBackoff_maxRetryAttempts() {
     sublistenerCaptor4.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_2), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (MAX_BACKOFF_IN_SECONDS * FAKE_RANDOM) - 1L, TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateMaxBackoff() - 1L, TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertEquals(0, fakeClock.numPendingTasks());
@@ -1397,7 +1400,7 @@ public void expBackoff_maxBackoff_maxRetryAttempts() {
     sublistenerCaptor5.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_2), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (MAX_BACKOFF_IN_SECONDS * FAKE_RANDOM) - 1L, TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateMaxBackoff() - 1L, TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertEquals(0, fakeClock.numPendingTasks());
@@ -1480,7 +1483,7 @@ public void pushback() {
     sublistenerCaptor3.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM) - 1L, TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0) - 1L, TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertEquals(0, fakeClock.numPendingTasks());
@@ -1495,9 +1498,7 @@ public void pushback() {
     sublistenerCaptor4.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_2), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime(
-        (long) (INITIAL_BACKOFF_IN_SECONDS * BACKOFF_MULTIPLIER * FAKE_RANDOM) - 1L,
-        TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(1) - 1L, TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertEquals(0, fakeClock.numPendingTasks());
@@ -1512,10 +1513,7 @@ public void pushback() {
     sublistenerCaptor5.getValue().closed(
         Status.fromCode(RETRIABLE_STATUS_CODE_2), PROCESSED, new Metadata());
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime(
-        (long) (INITIAL_BACKOFF_IN_SECONDS * BACKOFF_MULTIPLIER * BACKOFF_MULTIPLIER * FAKE_RANDOM)
-            - 1L,
-        TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(2) - 1L, TimeUnit.SECONDS);
     assertEquals(1, fakeClock.numPendingTasks());
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertEquals(0, fakeClock.numPendingTasks());
@@ -1804,7 +1802,7 @@ public void transparentRetry_onlyOnceOnRefused() {
         .closed(Status.fromCode(RETRIABLE_STATUS_CODE_1), REFUSED, new Metadata());
 
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
     inOrder.verify(retriableStreamRecorder).newSubstream(1);
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor3 =
         ArgumentCaptor.forClass(ClientStreamListener.class);
@@ -1907,7 +1905,7 @@ public void normalRetry_thenNoTransparentRetry_butNormalRetry() {
         .closed(Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
 
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
     inOrder.verify(retriableStreamRecorder).newSubstream(1);
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor2 =
         ArgumentCaptor.forClass(ClientStreamListener.class);
@@ -1923,8 +1921,7 @@ public void normalRetry_thenNoTransparentRetry_butNormalRetry() {
         .closed(Status.fromCode(RETRIABLE_STATUS_CODE_1), REFUSED, new Metadata());
 
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime(
-        (long) (INITIAL_BACKOFF_IN_SECONDS * BACKOFF_MULTIPLIER * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(1), TimeUnit.SECONDS);
     inOrder.verify(retriableStreamRecorder).newSubstream(2);
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor3 =
         ArgumentCaptor.forClass(ClientStreamListener.class);
@@ -1960,7 +1957,7 @@ public void normalRetry_thenNoTransparentRetry_andNoMoreRetry() {
         .closed(Status.fromCode(RETRIABLE_STATUS_CODE_1), PROCESSED, new Metadata());
 
     assertEquals(1, fakeClock.numPendingTasks());
-    fakeClock.forwardTime((long) (INITIAL_BACKOFF_IN_SECONDS * FAKE_RANDOM), TimeUnit.SECONDS);
+    fakeClock.forwardTime(calculateBackoffWithRetries(0), TimeUnit.SECONDS);
     inOrder.verify(retriableStreamRecorder).newSubstream(1);
     ArgumentCaptor<ClientStreamListener> sublistenerCaptor2 =
         ArgumentCaptor.forClass(ClientStreamListener.class);
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/RetryTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/RetryTest.java
index edd2a57ab9d..669ce1c69db 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/RetryTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/RetryTest.java
@@ -303,7 +303,7 @@ public void retryUntilBufferLimitExceeded() throws Exception {
     serverCall.close(
         Status.UNAVAILABLE.withDescription("original attempt failed"),
         new Metadata());
-    elapseBackoff(10, SECONDS);
+    elapseBackoff(12, SECONDS);
     // 2nd attempt received
     serverCall = serverCalls.poll(5, SECONDS);
     serverCall.request(2);
@@ -348,7 +348,7 @@ public void statsRecorded() throws Exception {
         Status.UNAVAILABLE.withDescription("original attempt failed"),
         new Metadata());
     assertRpcStatusRecorded(Status.Code.UNAVAILABLE, 1000, 1);
-    elapseBackoff(10, SECONDS);
+    elapseBackoff(12, SECONDS);
     assertRpcStartedRecorded();
     assertOutboundMessageRecorded();
     serverCall = serverCalls.poll(5, SECONDS);
@@ -366,7 +366,7 @@ public void statsRecorded() throws Exception {
     call.request(1);
     assertInboundMessageRecorded();
     assertInboundWireSizeRecorded(1);
-    assertRpcStatusRecorded(Status.Code.OK, 12000, 2);
+    assertRpcStatusRecorded(Status.Code.OK, 14000, 2);
     assertRetryStatsRecorded(1, 0, 0);
   }
 
@@ -418,7 +418,7 @@ public void streamClosed(Status status) {
         Status.UNAVAILABLE.withDescription("original attempt failed"),
         new Metadata());
     assertRpcStatusRecorded(Code.UNAVAILABLE, 5000, 1);
-    elapseBackoff(10, SECONDS);
+    elapseBackoff(12, SECONDS);
     assertRpcStartedRecorded();
     assertOutboundMessageRecorded();
     serverCall = serverCalls.poll(5, SECONDS);
@@ -431,7 +431,7 @@ public void streamClosed(Status status) {
     streamClosedLatch.countDown();
     // The call listener is closed.
     verify(mockCallListener, timeout(5000)).onClose(any(Status.class), any(Metadata.class));
-    assertRpcStatusRecorded(Code.CANCELLED, 17_000, 1);
+    assertRpcStatusRecorded(Code.CANCELLED, 19_000, 1);
     assertRetryStatsRecorded(1, 0, 0);
   }
 

From 90b1c4fe94963fc0263d9b2e9a36470437f763e5 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 7 Feb 2025 14:16:13 +0530
Subject: [PATCH 172/591] protobuf: Stabilize marshallerWithRecursionLimit
 (#11884)

---
 .../src/main/java/io/grpc/protobuf/lite/ProtoLiteUtils.java   | 3 +--
 protobuf/src/main/java/io/grpc/protobuf/ProtoUtils.java       | 4 +---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/protobuf-lite/src/main/java/io/grpc/protobuf/lite/ProtoLiteUtils.java b/protobuf-lite/src/main/java/io/grpc/protobuf/lite/ProtoLiteUtils.java
index 7e33fc67622..ef4b16bd476 100644
--- a/protobuf-lite/src/main/java/io/grpc/protobuf/lite/ProtoLiteUtils.java
+++ b/protobuf-lite/src/main/java/io/grpc/protobuf/lite/ProtoLiteUtils.java
@@ -89,12 +89,11 @@ public static <T extends MessageLite> Marshaller<T> marshaller(T defaultInstance
 
   /**
    * Creates a {@link Marshaller} for protos of the same type as {@code defaultInstance} and a
-   * custom limit for the recursion depth. Any negative number will leave the limit to its default
+   * custom limit for the recursion depth. Any negative number will leave the limit as its default
    * value as defined by the protobuf library.
    *
    * @since 1.56.0
    */
-  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10108")
   public static <T extends MessageLite> Marshaller<T> marshallerWithRecursionLimit(
       T defaultInstance, int recursionLimit) {
     return new MessageMarshaller<>(defaultInstance, recursionLimit);
diff --git a/protobuf/src/main/java/io/grpc/protobuf/ProtoUtils.java b/protobuf/src/main/java/io/grpc/protobuf/ProtoUtils.java
index 933d598996c..d403789eb5f 100644
--- a/protobuf/src/main/java/io/grpc/protobuf/ProtoUtils.java
+++ b/protobuf/src/main/java/io/grpc/protobuf/ProtoUtils.java
@@ -18,7 +18,6 @@
 
 import com.google.protobuf.ExtensionRegistry;
 import com.google.protobuf.Message;
-import io.grpc.ExperimentalApi;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor.Marshaller;
 import io.grpc.protobuf.lite.ProtoLiteUtils;
@@ -58,12 +57,11 @@ public static <T extends Message> Marshaller<T> marshaller(final T defaultInstan
 
   /**
    * Creates a {@link Marshaller} for protos of the same type as {@code defaultInstance} and a
-   * custom limit for the recursion depth. Any negative number will leave the limit to its default
+   * custom limit for the recursion depth. Any negative number will leave the limit as its default
    * value as defined by the protobuf library.
    *
    * @since 1.56.0
    */
-  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10108")
   public static <T extends Message> Marshaller<T> marshallerWithRecursionLimit(T defaultInstance,
       int recursionLimit) {
     return ProtoLiteUtils.marshallerWithRecursionLimit(defaultInstance, recursionLimit);

From 67fc2e156a8cc5aee79906f461d92ef3a772fe27 Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Fri, 7 Feb 2025 16:33:17 -0800
Subject: [PATCH 173/591] Add new classes for eliminating xds config tears
 (#11740)

* Framework definition to support A74
---
 xds/build.gradle                              |   2 +
 xds/src/main/java/io/grpc/xds/XdsConfig.java  | 192 +++++
 .../io/grpc/xds/XdsDependencyManager.java     | 769 +++++++++++++++++
 .../io/grpc/xds/client/XdsClientImpl.java     |   3 +-
 .../java/io/grpc/xds/ControlPlaneRule.java    |  21 +-
 .../io/grpc/xds/XdsClientFallbackTest.java    |   2 +-
 .../io/grpc/xds/XdsDependencyManagerTest.java | 784 ++++++++++++++++++
 .../grpc/xds/XdsTestControlPlaneService.java  |   9 +-
 .../test/java/io/grpc/xds/XdsTestUtils.java   | 423 ++++++++++
 .../client/CommonBootstrapperTestUtils.java   |   6 +
 10 files changed, 2186 insertions(+), 25 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/XdsConfig.java
 create mode 100644 xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
 create mode 100644 xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
 create mode 100644 xds/src/test/java/io/grpc/xds/XdsTestUtils.java

diff --git a/xds/build.gradle b/xds/build.gradle
index c51fc2819d7..cdd4924cab3 100644
--- a/xds/build.gradle
+++ b/xds/build.gradle
@@ -46,6 +46,7 @@ dependencies {
     thirdpartyImplementation project(':grpc-protobuf'),
             project(':grpc-stub')
     compileOnly sourceSets.thirdparty.output
+    testCompileOnly sourceSets.thirdparty.output
     implementation project(':grpc-stub'),
             project(':grpc-core'),
             project(':grpc-util'),
@@ -59,6 +60,7 @@ dependencies {
             libraries.protobuf.java.util
     def nettyDependency = implementation project(':grpc-netty')
 
+    testImplementation project(':grpc-api')
     testImplementation project(':grpc-rls')
     testImplementation project(':grpc-inprocess')
     testImplementation testFixtures(project(':grpc-core')),
diff --git a/xds/src/main/java/io/grpc/xds/XdsConfig.java b/xds/src/main/java/io/grpc/xds/XdsConfig.java
new file mode 100644
index 00000000000..999ee0d4b0c
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/XdsConfig.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.collect.ImmutableMap;
+import io.grpc.StatusOr;
+import io.grpc.xds.XdsClusterResource.CdsUpdate;
+import io.grpc.xds.XdsEndpointResource.EdsUpdate;
+import io.grpc.xds.XdsListenerResource.LdsUpdate;
+import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
+import java.io.Closeable;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Represents the xDS configuration tree for a specified Listener.
+ */
+final class XdsConfig {
+  private final LdsUpdate listener;
+  private final RdsUpdate route;
+  private final VirtualHost virtualHost;
+  private final ImmutableMap<String, StatusOr<XdsClusterConfig>> clusters;
+  private final int hashCode;
+
+  XdsConfig(LdsUpdate listener, RdsUpdate route, Map<String, StatusOr<XdsClusterConfig>> clusters,
+            VirtualHost virtualHost) {
+    this(listener, route, virtualHost, ImmutableMap.copyOf(clusters));
+  }
+
+  public XdsConfig(LdsUpdate listener, RdsUpdate route, VirtualHost virtualHost,
+                   ImmutableMap<String, StatusOr<XdsClusterConfig>> clusters) {
+    this.listener = listener;
+    this.route = route;
+    this.virtualHost = virtualHost;
+    this.clusters = clusters;
+
+    hashCode = Objects.hash(listener, route, virtualHost, clusters);
+  }
+
+  @Override
+  public boolean equals(Object obj) {
+    if (!(obj instanceof XdsConfig)) {
+      return false;
+    }
+
+    XdsConfig o = (XdsConfig) obj;
+
+    return hashCode() == o.hashCode() && Objects.equals(listener, o.listener)
+        && Objects.equals(route, o.route) && Objects.equals(virtualHost, o.virtualHost)
+        && Objects.equals(clusters, o.clusters);
+  }
+
+  @Override
+  public int hashCode() {
+    return hashCode;
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder builder = new StringBuilder();
+    builder.append("XdsConfig{")
+        .append("\n  listener=").append(listener)
+        .append(",\n  route=").append(route)
+        .append(",\n  virtualHost=").append(virtualHost)
+        .append(",\n  clusters=").append(clusters)
+        .append("\n}");
+    return builder.toString();
+  }
+
+  public LdsUpdate getListener() {
+    return listener;
+  }
+
+  public RdsUpdate getRoute() {
+    return route;
+  }
+
+  public VirtualHost getVirtualHost() {
+    return virtualHost;
+  }
+
+  public ImmutableMap<String, StatusOr<XdsClusterConfig>> getClusters() {
+    return clusters;
+  }
+
+  static final class XdsClusterConfig {
+    private final String clusterName;
+    private final CdsUpdate clusterResource;
+    private final StatusOr<EdsUpdate> endpoint; //Will be null for non-EDS clusters
+
+    XdsClusterConfig(String clusterName, CdsUpdate clusterResource,
+                      StatusOr<EdsUpdate> endpoint) {
+      this.clusterName = checkNotNull(clusterName, "clusterName");
+      this.clusterResource = checkNotNull(clusterResource, "clusterResource");
+      this.endpoint = endpoint;
+    }
+
+    @Override
+    public int hashCode() {
+      int endpointHash = (endpoint != null) ? endpoint.hashCode() : 0;
+      return clusterName.hashCode() + clusterResource.hashCode() + endpointHash;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+      if (!(obj instanceof XdsClusterConfig)) {
+        return false;
+      }
+      XdsClusterConfig o = (XdsClusterConfig) obj;
+      return Objects.equals(clusterName, o.clusterName)
+          && Objects.equals(clusterResource, o.clusterResource)
+          && Objects.equals(endpoint, o.endpoint);
+    }
+
+    @Override
+    public String toString() {
+      StringBuilder builder = new StringBuilder();
+      builder.append("XdsClusterConfig{clusterName=").append(clusterName)
+          .append(", clusterResource=").append(clusterResource)
+          .append(", endpoint=").append(endpoint).append("}");
+      return builder.toString();
+    }
+
+    public String getClusterName() {
+      return clusterName;
+    }
+
+    public CdsUpdate getClusterResource() {
+      return clusterResource;
+    }
+
+    public StatusOr<EdsUpdate> getEndpoint() {
+      return endpoint;
+    }
+  }
+
+  static final class XdsConfigBuilder {
+    private LdsUpdate listener;
+    private RdsUpdate route;
+    private Map<String, StatusOr<XdsClusterConfig>> clusters = new HashMap<>();
+    private VirtualHost virtualHost;
+
+    XdsConfigBuilder setListener(LdsUpdate listener) {
+      this.listener = checkNotNull(listener, "listener");
+      return this;
+    }
+
+    XdsConfigBuilder setRoute(RdsUpdate route) {
+      this.route = checkNotNull(route, "route");
+      return this;
+    }
+
+    XdsConfigBuilder addCluster(String name, StatusOr<XdsClusterConfig> clusterConfig) {
+      checkNotNull(name, "name");
+      checkNotNull(clusterConfig, "clusterConfig");
+      clusters.put(name, clusterConfig);
+      return this;
+    }
+
+    XdsConfigBuilder setVirtualHost(VirtualHost virtualHost) {
+      this.virtualHost = checkNotNull(virtualHost, "virtualHost");
+      return this;
+    }
+
+    XdsConfig build() {
+      checkNotNull(listener, "listener");
+      checkNotNull(route, "route");
+      return new XdsConfig(listener, route, clusters, virtualHost);
+    }
+  }
+
+  public interface XdsClusterSubscriptionRegistry {
+    Closeable subscribeToCluster(String clusterName);
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
new file mode 100644
index 00000000000..d2af47bc9db
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -0,0 +1,769 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.xds.client.XdsClient.ResourceUpdate;
+import static io.grpc.xds.client.XdsLogger.XdsLogLevel.DEBUG;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Sets;
+import io.grpc.InternalLogId;
+import io.grpc.Status;
+import io.grpc.StatusOr;
+import io.grpc.SynchronizationContext;
+import io.grpc.xds.VirtualHost.Route.RouteAction.ClusterWeight;
+import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
+import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsClient.ResourceWatcher;
+import io.grpc.xds.client.XdsLogger;
+import io.grpc.xds.client.XdsResourceType;
+import java.io.Closeable;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import javax.annotation.Nullable;
+
+/**
+ * This class acts as a layer of indirection between the XdsClient and the NameResolver. It
+ * maintains the watchers for the xds resources and when an update is received, it either requests
+ * referenced resources or updates the XdsConfig and notifies the XdsConfigWatcher.  Each instance
+ * applies to a single data plane authority.
+ */
+final class XdsDependencyManager implements XdsConfig.XdsClusterSubscriptionRegistry {
+  public static final XdsClusterResource CLUSTER_RESOURCE = XdsClusterResource.getInstance();
+  public static final XdsEndpointResource ENDPOINT_RESOURCE = XdsEndpointResource.getInstance();
+  private static final int MAX_CLUSTER_RECURSION_DEPTH = 16; // Matches C++
+  private final XdsClient xdsClient;
+  private final XdsConfigWatcher xdsConfigWatcher;
+  private final SynchronizationContext syncContext;
+  private final String dataPlaneAuthority;
+
+  private final InternalLogId logId;
+  private final XdsLogger logger;
+  private XdsConfig lastXdsConfig = null;
+  private final Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers = new HashMap<>();
+
+  XdsDependencyManager(XdsClient xdsClient, XdsConfigWatcher xdsConfigWatcher,
+                       SynchronizationContext syncContext, String dataPlaneAuthority,
+                       String listenerName) {
+    logId = InternalLogId.allocate("xds-dependency-manager", listenerName);
+    logger = XdsLogger.withLogId(logId);
+    this.xdsClient = checkNotNull(xdsClient, "xdsClient");
+    this.xdsConfigWatcher = checkNotNull(xdsConfigWatcher, "xdsConfigWatcher");
+    this.syncContext = checkNotNull(syncContext, "syncContext");
+    this.dataPlaneAuthority = checkNotNull(dataPlaneAuthority, "dataPlaneAuthority");
+
+    // start the ball rolling
+    syncContext.execute(() -> addWatcher(new LdsWatcher(listenerName)));
+  }
+
+  public static String  toContextStr(String typeName, String resourceName) {
+    return typeName + " resource: " + resourceName;
+  }
+
+  @Override
+  public Closeable subscribeToCluster(String clusterName) {
+
+    checkNotNull(clusterName, "clusterName");
+    ClusterSubscription subscription = new ClusterSubscription(clusterName);
+
+    syncContext.execute(() -> {
+      addClusterWatcher(clusterName, subscription, 1);
+      maybePublishConfig();
+    });
+
+    return subscription;
+  }
+
+  private <T extends ResourceUpdate> void addWatcher(XdsWatcherBase<T> watcher) {
+    syncContext.throwIfNotInThisSynchronizationContext();
+    XdsResourceType<T> type = watcher.type;
+    String resourceName = watcher.resourceName;
+
+    @SuppressWarnings("unchecked")
+    TypeWatchers<T> typeWatchers = (TypeWatchers<T>)resourceWatchers.get(type);
+    if (typeWatchers == null) {
+      typeWatchers = new TypeWatchers<>(type);
+      resourceWatchers.put(type, typeWatchers);
+    }
+
+    typeWatchers.add(resourceName, watcher);
+    xdsClient.watchXdsResource(type, resourceName, watcher, syncContext);
+  }
+
+  private void cancelCdsWatcher(CdsWatcher watcher, Object parentContext) {
+    if (watcher == null) {
+      return;
+    }
+    watcher.parentContexts.remove(parentContext);
+    if (watcher.parentContexts.isEmpty()) {
+      cancelWatcher(watcher);
+    }
+  }
+
+  private void cancelEdsWatcher(EdsWatcher watcher, CdsWatcher parentContext) {
+    if (watcher == null) {
+      return;
+    }
+    watcher.parentContexts.remove(parentContext);
+    if (watcher.parentContexts.isEmpty()) {
+      cancelWatcher(watcher);
+    }
+  }
+
+
+
+  private <T extends ResourceUpdate> void cancelWatcher(XdsWatcherBase<T> watcher) {
+    syncContext.throwIfNotInThisSynchronizationContext();
+
+    if (watcher == null) {
+      return;
+    }
+
+    if (watcher instanceof CdsWatcher || watcher instanceof EdsWatcher) {
+      throwIfParentContextsNotEmpty(watcher);
+    }
+
+    XdsResourceType<T> type = watcher.type;
+    String resourceName = watcher.resourceName;
+
+    @SuppressWarnings("unchecked")
+    TypeWatchers<T> typeWatchers = (TypeWatchers<T>)resourceWatchers.get(type);
+    if (typeWatchers == null) {
+      logger.log(DEBUG, "Trying to cancel watcher {0}, but type not watched", watcher);
+      return;
+    }
+
+    typeWatchers.watchers.remove(resourceName);
+    xdsClient.cancelXdsResourceWatch(type, resourceName, watcher);
+
+  }
+
+  private static void throwIfParentContextsNotEmpty(XdsWatcherBase<?> watcher) {
+    if (watcher instanceof CdsWatcher) {
+      CdsWatcher cdsWatcher = (CdsWatcher) watcher;
+      if (!cdsWatcher.parentContexts.isEmpty()) {
+        String msg = String.format("CdsWatcher %s has parent contexts %s",
+            cdsWatcher.resourceName(), cdsWatcher.parentContexts.keySet());
+        throw new IllegalStateException(msg);
+      }
+    } else if (watcher instanceof EdsWatcher) {
+      EdsWatcher edsWatcher = (EdsWatcher) watcher;
+      if (!edsWatcher.parentContexts.isEmpty()) {
+        String msg = String.format("CdsWatcher %s has parent contexts %s",
+            edsWatcher.resourceName(), edsWatcher.parentContexts);
+        throw new IllegalStateException(msg);
+      }
+    }
+  }
+
+  public void shutdown() {
+    syncContext.execute(() -> {
+      for (TypeWatchers<?> watchers : resourceWatchers.values()) {
+        shutdownWatchersForType(watchers);
+      }
+      resourceWatchers.clear();
+    });
+  }
+
+  private <T extends ResourceUpdate> void shutdownWatchersForType(TypeWatchers<T> watchers) {
+    for (Map.Entry<String, XdsWatcherBase<T>> watcherEntry : watchers.watchers.entrySet()) {
+      xdsClient.cancelXdsResourceWatch(watchers.resourceType, watcherEntry.getKey(),
+          watcherEntry.getValue());
+    }
+  }
+
+  private void releaseSubscription(ClusterSubscription subscription) {
+    checkNotNull(subscription, "subscription");
+    String clusterName = subscription.getClusterName();
+    syncContext.execute(() -> {
+      XdsWatcherBase<?> cdsWatcher =
+          resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(clusterName);
+      if (cdsWatcher == null) {
+        return; // already released while waiting for the syncContext
+      }
+      cancelClusterWatcherTree((CdsWatcher) cdsWatcher, subscription);
+      maybePublishConfig();
+    });
+  }
+
+  private void cancelClusterWatcherTree(CdsWatcher root, Object parentContext) {
+    checkNotNull(root, "root");
+
+    cancelCdsWatcher(root, parentContext);
+
+    if (!root.hasDataValue() || !root.parentContexts.isEmpty()) {
+      return;
+    }
+
+    XdsClusterResource.CdsUpdate cdsUpdate = root.getData().getValue();
+    switch (cdsUpdate.clusterType()) {
+      case EDS:
+        String edsServiceName = cdsUpdate.edsServiceName();
+        EdsWatcher edsWatcher =
+            (EdsWatcher) resourceWatchers.get(ENDPOINT_RESOURCE).watchers.get(edsServiceName);
+        cancelEdsWatcher(edsWatcher, root);
+        break;
+      case AGGREGATE:
+        for (String cluster : cdsUpdate.prioritizedClusterNames()) {
+          CdsWatcher clusterWatcher =
+              (CdsWatcher) resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(cluster);
+          if (clusterWatcher != null) {
+            cancelClusterWatcherTree(clusterWatcher, root);
+          }
+        }
+        break;
+      case LOGICAL_DNS:
+        // no eds needed
+        break;
+      default:
+        throw new AssertionError("Unknown cluster type: " + cdsUpdate.clusterType());
+    }
+  }
+
+  /**
+   * Check if all resources have results, and if so, generate a new XdsConfig and send it to all
+   * the watchers.
+   */
+  private void maybePublishConfig() {
+    syncContext.throwIfNotInThisSynchronizationContext();
+    boolean waitingOnResource = resourceWatchers.values().stream()
+        .flatMap(typeWatchers -> typeWatchers.watchers.values().stream())
+        .anyMatch(XdsWatcherBase::missingResult);
+    if (waitingOnResource) {
+      return;
+    }
+
+    XdsConfig newConfig = buildConfig();
+    if (Objects.equals(newConfig, lastXdsConfig)) {
+      return;
+    }
+    lastXdsConfig = newConfig;
+    xdsConfigWatcher.onUpdate(lastXdsConfig);
+  }
+
+  @VisibleForTesting
+  XdsConfig buildConfig() {
+    XdsConfig.XdsConfigBuilder builder = new XdsConfig.XdsConfigBuilder();
+
+    // Iterate watchers and build the XdsConfig
+
+    // Will only be 1 listener and 1 route resource
+    VirtualHost activeVirtualHost = getActiveVirtualHost();
+    for (XdsWatcherBase<?> xdsWatcherBase :
+        resourceWatchers.get(XdsListenerResource.getInstance()).watchers.values()) {
+      XdsListenerResource.LdsUpdate ldsUpdate = ((LdsWatcher) xdsWatcherBase).getData().getValue();
+      builder.setListener(ldsUpdate);
+      if (activeVirtualHost == null) {
+        activeVirtualHost = RoutingUtils.findVirtualHostForHostName(
+            ldsUpdate.httpConnectionManager().virtualHosts(), dataPlaneAuthority);
+      }
+
+      if (ldsUpdate.httpConnectionManager() != null
+          && ldsUpdate.httpConnectionManager().virtualHosts() != null) {
+        RdsUpdate rdsUpdate = new RdsUpdate(ldsUpdate.httpConnectionManager().virtualHosts());
+        builder.setRoute(rdsUpdate);
+      }
+    }
+
+    resourceWatchers.get(XdsRouteConfigureResource.getInstance()).watchers.values().stream()
+        .map(watcher -> (RdsWatcher) watcher)
+        .forEach(watcher -> builder.setRoute(watcher.getData().getValue()));
+
+    builder.setVirtualHost(activeVirtualHost);
+
+    Map<String, ? extends XdsWatcherBase<?>> edsWatchers =
+        resourceWatchers.get(ENDPOINT_RESOURCE).watchers;
+    Map<String, ? extends XdsWatcherBase<?>> cdsWatchers =
+        resourceWatchers.get(CLUSTER_RESOURCE).watchers;
+
+    // Iterate CDS watchers
+    for (XdsWatcherBase<?> watcher : cdsWatchers.values()) {
+      CdsWatcher cdsWatcher = (CdsWatcher) watcher;
+      String clusterName = cdsWatcher.resourceName();
+      StatusOr<XdsClusterResource.CdsUpdate> cdsUpdate = cdsWatcher.getData();
+      if (cdsUpdate.hasValue()) {
+        XdsConfig.XdsClusterConfig clusterConfig;
+        String edsName = cdsUpdate.getValue().edsServiceName();
+        EdsWatcher edsWatcher = (EdsWatcher) edsWatchers.get(edsName);
+
+        // Only EDS type clusters have endpoint data
+        StatusOr<XdsEndpointResource.EdsUpdate> data =
+            edsWatcher != null ? edsWatcher.getData() : null;
+        clusterConfig = new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate.getValue(), data);
+        builder.addCluster(clusterName, StatusOr.fromValue(clusterConfig));
+      } else {
+        builder.addCluster(clusterName, StatusOr.fromStatus(cdsUpdate.getStatus()));
+      }
+    }
+
+    return builder.build();
+  }
+
+  @Override
+  public String toString() {
+    return logId.toString();
+  }
+
+  private static class TypeWatchers<T extends ResourceUpdate> {
+    // Key is resource name
+    final Map<String, XdsWatcherBase<T>> watchers = new HashMap<>();
+    final XdsResourceType<T> resourceType;
+
+    TypeWatchers(XdsResourceType<T> resourceType) {
+      this.resourceType = resourceType;
+    }
+
+    public void add(String resourceName, XdsWatcherBase<T> watcher) {
+      watchers.put(resourceName, watcher);
+    }
+  }
+
+  public interface XdsConfigWatcher {
+
+    void onUpdate(XdsConfig config);
+
+    // These 2 methods are invoked when there is an error or
+    // does-not-exist on LDS or RDS only.  The context will be a
+    // human-readable string indicating the scope in which the error
+    // occurred (e.g., the resource type and name).
+    void onError(String resourceContext, Status status);
+
+    void onResourceDoesNotExist(String resourceContext);
+  }
+
+  private class ClusterSubscription implements Closeable {
+    String clusterName;
+
+    public ClusterSubscription(String clusterName) {
+      this.clusterName = clusterName;
+    }
+
+    public String getClusterName() {
+      return clusterName;
+    }
+
+    @Override
+    public void close() throws IOException {
+      releaseSubscription(this);
+    }
+  }
+
+  private abstract static class XdsWatcherBase<T extends ResourceUpdate>
+      implements ResourceWatcher<T> {
+    private final XdsResourceType<T> type;
+    private final String resourceName;
+    @Nullable
+    private StatusOr<T> data;
+
+
+    private XdsWatcherBase(XdsResourceType<T> type, String resourceName) {
+      this.type = checkNotNull(type, "type");
+      this.resourceName = checkNotNull(resourceName, "resourceName");
+    }
+
+    @Override
+    public void onError(Status error) {
+      checkNotNull(error, "error");
+      setDataAsStatus(error);
+    }
+
+    protected void handleDoesNotExist(String resourceName) {
+      checkArgument(this.resourceName.equals(resourceName), "Resource name does not match");
+      setDataAsStatus(Status.UNAVAILABLE.withDescription("No " + toContextString()));
+    }
+
+    boolean missingResult() {
+      return data == null;
+    }
+
+    @Nullable
+    StatusOr<T> getData() {
+      return data;
+    }
+
+    boolean hasDataValue() {
+      return data != null && data.hasValue();
+    }
+
+    String resourceName() {
+      return resourceName;
+    }
+
+    protected void setData(T data) {
+      checkNotNull(data, "data");
+      this.data = StatusOr.fromValue(data);
+    }
+
+    protected void setDataAsStatus(Status status) {
+      checkNotNull(status, "status");
+      this.data = StatusOr.fromStatus(status);
+    }
+
+    String toContextString() {
+      return toContextStr(type.typeName(), resourceName);
+    }
+  }
+
+  private class LdsWatcher extends XdsWatcherBase<XdsListenerResource.LdsUpdate> {
+    String rdsName;
+
+    private LdsWatcher(String resourceName) {
+      super(XdsListenerResource.getInstance(), resourceName);
+    }
+
+    @Override
+    public void onChanged(XdsListenerResource.LdsUpdate update) {
+      checkNotNull(update, "update");
+
+      HttpConnectionManager httpConnectionManager = update.httpConnectionManager();
+      List<VirtualHost> virtualHosts = httpConnectionManager.virtualHosts();
+      String rdsName = httpConnectionManager.rdsName();
+      VirtualHost activeVirtualHost = getActiveVirtualHost();
+
+      boolean changedRdsName = !Objects.equals(rdsName, this.rdsName);
+      if (changedRdsName) {
+        cleanUpRdsWatcher();
+      }
+
+      if (virtualHosts != null) {
+        // No RDS watcher since we are getting RDS updates via LDS
+        updateRoutes(virtualHosts, this, activeVirtualHost, this.rdsName == null);
+        this.rdsName = null;
+      } else if (changedRdsName) {
+        cleanUpRdsWatcher();
+        this.rdsName = rdsName;
+        addWatcher(new RdsWatcher(rdsName));
+        logger.log(XdsLogger.XdsLogLevel.INFO, "Start watching RDS resource {0}", rdsName);
+      }
+
+      setData(update);
+      maybePublishConfig();
+    }
+
+    @Override
+    public void onError(Status error) {
+      super.onError(checkNotNull(error, "error"));
+      xdsConfigWatcher.onError(toContextString(), error);
+    }
+
+    @Override
+    public void onResourceDoesNotExist(String resourceName) {
+      handleDoesNotExist(resourceName);
+      xdsConfigWatcher.onResourceDoesNotExist(toContextString());
+    }
+
+    private void cleanUpRdsWatcher() {
+      RdsWatcher oldRdsWatcher = getRdsWatcher();
+      if (oldRdsWatcher != null) {
+        cancelWatcher(oldRdsWatcher);
+        logger.log(XdsLogger.XdsLogLevel.DEBUG, "Stop watching RDS resource {0}", rdsName);
+
+        // Cleanup clusters (as appropriate) that had the old rds watcher as a parent
+        if (!oldRdsWatcher.hasDataValue() || !oldRdsWatcher.getData().hasValue()
+            || resourceWatchers.get(CLUSTER_RESOURCE) == null) {
+          return;
+        }
+        for (XdsWatcherBase<?> watcher :
+            resourceWatchers.get(CLUSTER_RESOURCE).watchers.values()) {
+          cancelCdsWatcher((CdsWatcher) watcher, oldRdsWatcher);
+        }
+      }
+    }
+
+    private RdsWatcher getRdsWatcher() {
+      TypeWatchers<?> watchers = resourceWatchers.get(XdsRouteConfigureResource.getInstance());
+      if (watchers == null || rdsName == null || watchers.watchers.isEmpty()) {
+        return null;
+      }
+
+      return (RdsWatcher) watchers.watchers.get(rdsName);
+    }
+  }
+
+  private class RdsWatcher extends XdsWatcherBase<RdsUpdate> {
+
+    public RdsWatcher(String resourceName) {
+      super(XdsRouteConfigureResource.getInstance(), checkNotNull(resourceName, "resourceName"));
+    }
+
+    @Override
+    public void onChanged(RdsUpdate update) {
+      checkNotNull(update, "update");
+      RdsUpdate oldData = hasDataValue() ? getData().getValue() : null;
+      VirtualHost oldVirtualHost =
+          (oldData != null)
+          ? RoutingUtils.findVirtualHostForHostName(oldData.virtualHosts, dataPlaneAuthority)
+          : null;
+      setData(update);
+      updateRoutes(update.virtualHosts, this, oldVirtualHost, true);
+      maybePublishConfig();
+    }
+
+    @Override
+    public void onError(Status error) {
+      super.onError(checkNotNull(error, "error"));
+      xdsConfigWatcher.onError(toContextString(), error);
+    }
+
+    @Override
+    public void onResourceDoesNotExist(String resourceName) {
+      handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
+      xdsConfigWatcher.onResourceDoesNotExist(toContextString());
+    }
+
+    ImmutableList<String> getCdsNames() {
+      if (!hasDataValue() || getData().getValue().virtualHosts == null) {
+        return ImmutableList.of();
+      }
+
+      return ImmutableList.copyOf(getClusterNamesFromVirtualHost(getActiveVirtualHost()));
+    }
+  }
+
+  private class CdsWatcher extends XdsWatcherBase<XdsClusterResource.CdsUpdate> {
+    Map<Object, Integer> parentContexts = new HashMap<>();
+
+    CdsWatcher(String resourceName, Object parentContext, int depth) {
+      super(CLUSTER_RESOURCE, checkNotNull(resourceName, "resourceName"));
+      this.parentContexts.put(checkNotNull(parentContext, "parentContext"), depth);
+    }
+
+    @Override
+    public void onChanged(XdsClusterResource.CdsUpdate update) {
+      checkNotNull(update, "update");
+      switch (update.clusterType()) {
+        case EDS:
+          setData(update);
+          if (!addEdsWatcher(update.edsServiceName(), this))  {
+            maybePublishConfig();
+          }
+          break;
+        case LOGICAL_DNS:
+          setData(update);
+          maybePublishConfig();
+          // no eds needed
+          break;
+        case AGGREGATE:
+          Object parentContext = this;
+          int depth = parentContexts.values().stream().max(Integer::compare).orElse(0) + 1;
+          if (depth > MAX_CLUSTER_RECURSION_DEPTH) {
+            logger.log(XdsLogger.XdsLogLevel.WARNING,
+                "Cluster recursion depth limit exceeded for cluster {0}", resourceName());
+            Status error = Status.UNAVAILABLE.withDescription(
+                "aggregate cluster graph exceeds max depth");
+            setDataAsStatus(error);
+          }
+          if (hasDataValue()) {
+            Set<String> oldNames = new HashSet<>(getData().getValue().prioritizedClusterNames());
+            Set<String> newNames = new HashSet<>(update.prioritizedClusterNames());
+
+
+            Set<String> deletedClusters = Sets.difference(oldNames, newNames);
+            deletedClusters.forEach((cluster)
+                -> cancelClusterWatcherTree(getCluster(cluster), parentContext));
+
+            if (depth <= MAX_CLUSTER_RECURSION_DEPTH) {
+              setData(update);
+              Set<String> addedClusters = Sets.difference(newNames, oldNames);
+              addedClusters.forEach((cluster) -> addClusterWatcher(cluster, parentContext, depth));
+
+              if (addedClusters.isEmpty()) {
+                maybePublishConfig();
+              }
+            } else { // data was set to error status above
+              maybePublishConfig();
+            }
+
+          } else if (depth <= MAX_CLUSTER_RECURSION_DEPTH) {
+            setData(update);
+            update.prioritizedClusterNames()
+                .forEach(name -> addClusterWatcher(name, parentContext, depth));
+            maybePublishConfig();
+          }
+          break;
+        default:
+          Status error = Status.UNAVAILABLE.withDescription(
+              "aggregate cluster graph exceeds max depth");
+          setDataAsStatus(error);
+          maybePublishConfig();
+      }
+    }
+
+    @Override
+    public void onResourceDoesNotExist(String resourceName) {
+      handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
+      maybePublishConfig();
+    }
+  }
+
+  // Returns true if the watcher was added, false if it already exists
+  private boolean addEdsWatcher(String edsServiceName, CdsWatcher parentContext) {
+    TypeWatchers<?> typeWatchers = resourceWatchers.get(XdsEndpointResource.getInstance());
+    if (typeWatchers == null || !typeWatchers.watchers.containsKey(edsServiceName)) {
+      addWatcher(new EdsWatcher(edsServiceName, parentContext));
+      return true;
+    }
+
+    EdsWatcher watcher = (EdsWatcher) typeWatchers.watchers.get(edsServiceName);
+    watcher.addParentContext(parentContext); // Is a set, so don't need to check for existence
+    return false;
+  }
+
+  private void addClusterWatcher(String clusterName, Object parentContext, int depth) {
+    TypeWatchers<?> clusterWatchers = resourceWatchers.get(CLUSTER_RESOURCE);
+    if (clusterWatchers != null) {
+      CdsWatcher watcher = (CdsWatcher) clusterWatchers.watchers.get(clusterName);
+      if (watcher != null) {
+        watcher.parentContexts.put(parentContext, depth);
+        return;
+      }
+    }
+
+    addWatcher(new CdsWatcher(clusterName, parentContext, depth));
+  }
+
+  private class EdsWatcher extends XdsWatcherBase<XdsEndpointResource.EdsUpdate> {
+    private final Set<CdsWatcher> parentContexts = new HashSet<>();
+
+    private EdsWatcher(String resourceName, CdsWatcher parentContext) {
+      super(ENDPOINT_RESOURCE, checkNotNull(resourceName, "resourceName"));
+      parentContexts.add(checkNotNull(parentContext, "parentContext"));
+    }
+
+    @Override
+    public void onChanged(XdsEndpointResource.EdsUpdate update) {
+      setData(checkNotNull(update, "update"));
+      maybePublishConfig();
+    }
+
+    @Override
+    public void onResourceDoesNotExist(String resourceName) {
+      handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
+      maybePublishConfig();
+    }
+
+    void addParentContext(CdsWatcher parentContext) {
+      parentContexts.add(checkNotNull(parentContext, "parentContext"));
+    }
+  }
+
+  private void updateRoutes(List<VirtualHost> virtualHosts, Object newParentContext,
+                            VirtualHost oldVirtualHost, boolean sameParentContext) {
+    VirtualHost virtualHost =
+        RoutingUtils.findVirtualHostForHostName(virtualHosts, dataPlaneAuthority);
+    if (virtualHost == null) {
+      String error = "Failed to find virtual host matching hostname: " + dataPlaneAuthority;
+      logger.log(XdsLogger.XdsLogLevel.WARNING, error);
+      cleanUpRoutes();
+      xdsConfigWatcher.onError(
+          "xDS node ID:" + dataPlaneAuthority, Status.UNAVAILABLE.withDescription(error));
+      return;
+    }
+
+    Set<String> newClusters = getClusterNamesFromVirtualHost(virtualHost);
+    Set<String> oldClusters = getClusterNamesFromVirtualHost(oldVirtualHost);
+
+    if (sameParentContext) {
+      // Calculate diffs.
+      Set<String> addedClusters = Sets.difference(newClusters, oldClusters);
+      Set<String> deletedClusters = Sets.difference(oldClusters, newClusters);
+
+      deletedClusters.forEach(watcher ->
+          cancelClusterWatcherTree(getCluster(watcher), newParentContext));
+      addedClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext, 1));
+    } else {
+      newClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext, 1));
+    }
+  }
+
+  private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHost) {
+    if (virtualHost == null) {
+      return Collections.emptySet();
+    }
+
+    // Get all cluster names to which requests can be routed through the virtual host.
+    Set<String> clusters = new HashSet<>();
+    for (VirtualHost.Route route : virtualHost.routes()) {
+      VirtualHost.Route.RouteAction action = route.routeAction();
+      if (action == null) {
+        continue;
+      }
+      if (action.cluster() != null) {
+        clusters.add(action.cluster());
+      } else if (action.weightedClusters() != null) {
+        for (ClusterWeight weighedCluster : action.weightedClusters()) {
+          clusters.add(weighedCluster.name());
+        }
+      }
+    }
+
+    return clusters;
+  }
+
+  @Nullable
+  private VirtualHost getActiveVirtualHost() {
+    TypeWatchers<?> rdsWatchers = resourceWatchers.get(XdsRouteConfigureResource.getInstance());
+    if (rdsWatchers == null) {
+      return null;
+    }
+
+    RdsWatcher activeRdsWatcher =
+        (RdsWatcher) rdsWatchers.watchers.values().stream().findFirst().orElse(null);
+    if (activeRdsWatcher == null || activeRdsWatcher.missingResult()
+        || !activeRdsWatcher.getData().hasValue()) {
+      return null;
+    }
+
+    return RoutingUtils.findVirtualHostForHostName(
+        activeRdsWatcher.getData().getValue().virtualHosts, dataPlaneAuthority);
+  }
+
+  // Must be in SyncContext
+  private void cleanUpRoutes() {
+    // Remove RdsWatcher & CDS Watchers
+    TypeWatchers<?> rdsResourceWatcher =
+        resourceWatchers.get(XdsRouteConfigureResource.getInstance());
+    if (rdsResourceWatcher == null || rdsResourceWatcher.watchers.isEmpty()) {
+      return;
+    }
+
+    XdsWatcherBase<?> watcher = rdsResourceWatcher.watchers.values().stream().findFirst().get();
+    cancelWatcher(watcher);
+
+    // Remove CdsWatchers pointed to by the RdsWatcher
+    RdsWatcher rdsWatcher = (RdsWatcher) watcher;
+    for (String cName : rdsWatcher.getCdsNames()) {
+      CdsWatcher cdsWatcher = getCluster(cName);
+      if (cdsWatcher != null) {
+        cancelClusterWatcherTree(cdsWatcher, rdsWatcher);
+      }
+    }
+  }
+
+  private CdsWatcher getCluster(String clusterName) {
+    return (CdsWatcher) resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(clusterName);
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 4304d1d9e6f..034779ed023 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -582,8 +582,7 @@ private <T extends ResourceUpdate> void handleResourceUpdate(
     String errorDetail = null;
     if (errors.isEmpty()) {
       checkArgument(invalidResources.isEmpty(), "found invalid resources but missing errors");
-      controlPlaneClient.ackResponse(xdsResourceType, args.versionInfo,
-          args.nonce);
+      controlPlaneClient.ackResponse(xdsResourceType, args.versionInfo, args.nonce);
     } else {
       errorDetail = Joiner.on('\n').join(errors);
       logger.log(XdsLogLevel.WARNING,
diff --git a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
index ac1c4829c74..39761912ea5 100644
--- a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
+++ b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
@@ -24,7 +24,6 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import com.google.protobuf.Any;
-import com.google.protobuf.BoolValue;
 import com.google.protobuf.Message;
 import com.google.protobuf.UInt32Value;
 import io.envoyproxy.envoy.config.cluster.v3.Cluster;
@@ -45,7 +44,6 @@
 import io.envoyproxy.envoy.config.listener.v3.Listener;
 import io.envoyproxy.envoy.config.route.v3.NonForwardingAction;
 import io.envoyproxy.envoy.config.route.v3.Route;
-import io.envoyproxy.envoy.config.route.v3.RouteAction;
 import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
 import io.envoyproxy.envoy.config.route.v3.RouteMatch;
 import io.envoyproxy.envoy.config.route.v3.VirtualHost;
@@ -239,24 +237,7 @@ void setEdsConfig(String edsName, ClusterLoadAssignment clusterLoadAssignment) {
    * Builds a new default RDS configuration.
    */
   static RouteConfiguration buildRouteConfiguration(String authority) {
-    return buildRouteConfiguration(authority, RDS_NAME, CLUSTER_NAME);
-  }
-
-  static RouteConfiguration buildRouteConfiguration(String authority, String rdsName,
-                                                    String clusterName) {
-    VirtualHost.Builder vhBuilder = VirtualHost.newBuilder()
-        .setName(rdsName)
-        .addDomains(authority)
-        .addRoutes(
-            Route.newBuilder()
-                .setMatch(
-                    RouteMatch.newBuilder().setPrefix("/").build())
-                .setRoute(
-                    RouteAction.newBuilder().setCluster(clusterName)
-                        .setAutoHostRewrite(BoolValue.newBuilder().setValue(true).build())
-                        .build()));
-    VirtualHost virtualHost = vhBuilder.build();
-    return RouteConfiguration.newBuilder().setName(rdsName).addVirtualHosts(virtualHost).build();
+    return XdsTestUtils.buildRouteConfiguration(authority, RDS_NAME, CLUSTER_NAME);
   }
 
   /**
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index 7cf6280711f..97c2695f209 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -205,7 +205,7 @@ private static void setAdsConfig(ControlPlaneRule controlPlane, String serverNam
         ControlPlaneRule.buildClientListener(MAIN_SERVER, serverName));
 
     controlPlane.setRdsConfig(rdsName,
-        ControlPlaneRule.buildRouteConfiguration(MAIN_SERVER, rdsName, clusterName));
+        XdsTestUtils.buildRouteConfiguration(MAIN_SERVER, rdsName, clusterName));
     controlPlane.setCdsConfig(clusterName, ControlPlaneRule.buildCluster(clusterName, edsName));
 
     controlPlane.setEdsConfig(edsName,
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
new file mode 100644
index 00000000000..96aeb0f41fb
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -0,0 +1,784 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType.AGGREGATE;
+import static io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType.EDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_EDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_LDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_RDS;
+import static io.grpc.xds.XdsTestUtils.CLUSTER_NAME;
+import static io.grpc.xds.XdsTestUtils.ENDPOINT_HOSTNAME;
+import static io.grpc.xds.XdsTestUtils.ENDPOINT_PORT;
+import static io.grpc.xds.XdsTestUtils.RDS_NAME;
+import static io.grpc.xds.XdsTestUtils.getEdsNameForCluster;
+import static io.grpc.xds.client.CommonBootstrapperTestUtils.SERVER_URI;
+import static org.mockito.AdditionalAnswers.delegatesTo;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.timeout;
+import static org.mockito.Mockito.verify;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.protobuf.Message;
+import io.envoyproxy.envoy.config.cluster.v3.Cluster;
+import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
+import io.envoyproxy.envoy.config.listener.v3.Listener;
+import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
+import io.grpc.BindableService;
+import io.grpc.ManagedChannel;
+import io.grpc.Server;
+import io.grpc.Status;
+import io.grpc.StatusOr;
+import io.grpc.SynchronizationContext;
+import io.grpc.inprocess.InProcessChannelBuilder;
+import io.grpc.inprocess.InProcessServerBuilder;
+import io.grpc.internal.ExponentialBackoffPolicy;
+import io.grpc.internal.FakeClock;
+import io.grpc.testing.GrpcCleanupRule;
+import io.grpc.xds.XdsListenerResource.LdsUpdate;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
+import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsClientImpl;
+import io.grpc.xds.client.XdsClientMetricReporter;
+import io.grpc.xds.client.XdsResourceType;
+import io.grpc.xds.client.XdsTransportFactory;
+import java.io.Closeable;
+import java.io.IOException;
+import java.util.ArrayDeque;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Queue;
+import java.util.Set;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.logging.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.ArgumentCaptor;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Captor;
+import org.mockito.InOrder;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+
+/** Unit tests for {@link XdsDependencyManager}. */
+@RunWith(JUnit4.class)
+public class XdsDependencyManagerTest {
+  private static final Logger log = Logger.getLogger(XdsDependencyManagerTest.class.getName());
+  public static final String CLUSTER_TYPE_NAME = XdsClusterResource.getInstance().typeName();
+  public static final String ENDPOINT_TYPE_NAME = XdsEndpointResource.getInstance().typeName();
+
+  @Mock
+  private XdsClientMetricReporter xdsClientMetricReporter;
+
+  private final SynchronizationContext syncContext =
+      new SynchronizationContext(mock(Thread.UncaughtExceptionHandler.class));
+
+  private ManagedChannel channel;
+  private XdsClientImpl xdsClient;
+  private XdsDependencyManager xdsDependencyManager;
+  private TestWatcher xdsConfigWatcher;
+  private Server xdsServer;
+
+  private final FakeClock fakeClock = new FakeClock();
+  private final String serverName = InProcessServerBuilder.generateName();
+  private final Queue<XdsTestUtils.LrsRpcCall> loadReportCalls = new ArrayDeque<>();
+  private final AtomicBoolean adsEnded = new AtomicBoolean(true);
+  private final AtomicBoolean lrsEnded = new AtomicBoolean(true);
+  private final XdsTestControlPlaneService controlPlaneService = new XdsTestControlPlaneService();
+  private final BindableService lrsService =
+      XdsTestUtils.createLrsService(lrsEnded, loadReportCalls);
+
+  @Rule
+  public final GrpcCleanupRule cleanupRule = new GrpcCleanupRule();
+  @Rule
+  public final MockitoRule mocks = MockitoJUnit.rule();
+  private TestWatcher testWatcher;
+  private XdsConfig defaultXdsConfig; // set in setUp()
+
+  @Captor
+  private ArgumentCaptor<XdsConfig> xdsConfigCaptor;
+  @Captor
+  private ArgumentCaptor<Status> statusCaptor;
+
+  @Before
+  public void setUp() throws Exception {
+    xdsServer = cleanupRule.register(InProcessServerBuilder
+        .forName(serverName)
+        .addService(controlPlaneService)
+        .addService(lrsService)
+        .directExecutor()
+        .build()
+        .start());
+
+    XdsTestUtils.setAdsConfig(controlPlaneService, serverName);
+
+    channel = cleanupRule.register(
+        InProcessChannelBuilder.forName(serverName).directExecutor().build());
+    XdsTransportFactory xdsTransportFactory =
+        ignore -> new GrpcXdsTransportFactory.GrpcXdsTransport(channel);
+
+    xdsClient = CommonBootstrapperTestUtils.createXdsClient(
+        Collections.singletonList(SERVER_URI), xdsTransportFactory, fakeClock,
+        new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
+
+    testWatcher = new TestWatcher();
+    xdsConfigWatcher = mock(TestWatcher.class, delegatesTo(testWatcher));
+    defaultXdsConfig = XdsTestUtils.getDefaultXdsConfig(serverName);
+  }
+
+  @After
+  public void tearDown() throws InterruptedException {
+    if (xdsDependencyManager != null) {
+      xdsDependencyManager.shutdown();
+    }
+    xdsClient.shutdown();
+    channel.shutdown();  // channel not owned by XdsClient
+
+    xdsServer.shutdownNow().awaitTermination(5, TimeUnit.SECONDS);
+
+    assertThat(adsEnded.get()).isTrue();
+    assertThat(lrsEnded.get()).isTrue();
+    assertThat(fakeClock.getPendingTasks()).isEmpty();
+  }
+
+  @Test
+  public void verify_basic_config() {
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+    testWatcher.verifyStats(1, 0, 0);
+  }
+
+  @Test
+  public void verify_config_update() {
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+    testWatcher.verifyStats(1, 0, 0);
+    assertThat(testWatcher.lastConfig).isEqualTo(defaultXdsConfig);
+
+    XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS2", "CDS2", "EDS2",
+        ENDPOINT_HOSTNAME + "2", ENDPOINT_PORT + 2);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(ArgumentMatchers.notNull());
+    testWatcher.verifyStats(2, 0, 0);
+    assertThat(testWatcher.lastConfig).isNotEqualTo(defaultXdsConfig);
+  }
+
+  @Test
+  public void verify_simple_aggregate() {
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+
+    List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
+    String rootName = "root_c";
+
+    RouteConfiguration routeConfig =
+        XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, rootName);
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
+
+    XdsTestUtils.setAggregateCdsConfig(controlPlaneService, serverName, rootName, childNames);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+
+    Map<String, StatusOr<XdsConfig.XdsClusterConfig>> lastConfigClusters =
+        testWatcher.lastConfig.getClusters();
+    assertThat(lastConfigClusters).hasSize(childNames.size() + 1);
+    StatusOr<XdsConfig.XdsClusterConfig> rootC = lastConfigClusters.get(rootName);
+    XdsClusterResource.CdsUpdate rootUpdate = rootC.getValue().getClusterResource();
+    assertThat(rootUpdate.clusterType()).isEqualTo(AGGREGATE);
+    assertThat(rootUpdate.prioritizedClusterNames()).isEqualTo(childNames);
+
+    for (String childName : childNames) {
+      assertThat(lastConfigClusters).containsKey(childName);
+      XdsClusterResource.CdsUpdate childResource =
+          lastConfigClusters.get(childName).getValue().getClusterResource();
+      assertThat(childResource.clusterType()).isEqualTo(EDS);
+      assertThat(childResource.edsServiceName()).isEqualTo(getEdsNameForCluster(childName));
+
+      StatusOr<XdsEndpointResource.EdsUpdate> endpoint =
+          lastConfigClusters.get(childName).getValue().getEndpoint();
+      assertThat(endpoint.hasValue()).isTrue();
+      assertThat(endpoint.getValue().clusterName).isEqualTo(getEdsNameForCluster(childName));
+    }
+  }
+
+  @Test
+  public void testComplexRegisteredAggregate() throws IOException {
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+
+    // Do initialization
+    String rootName1 = "root_c";
+    List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
+    XdsTestUtils.addAggregateToExistingConfig(controlPlaneService, rootName1, childNames);
+
+    String rootName2 = "root_2";
+    List<String> childNames2 = Arrays.asList("clusterA", "clusterX");
+    XdsTestUtils.addAggregateToExistingConfig(controlPlaneService, rootName2, childNames2);
+
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+
+    Closeable subscription1 = xdsDependencyManager.subscribeToCluster(rootName1);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+
+    Closeable subscription2 = xdsDependencyManager.subscribeToCluster(rootName2);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    testWatcher.verifyStats(3, 0, 0);
+    ImmutableSet.Builder<String> builder = ImmutableSet.builder();
+    Set<String> expectedClusters = builder.add(rootName1).add(rootName2).add(CLUSTER_NAME)
+        .addAll(childNames).addAll(childNames2).build();
+    assertThat(xdsConfigCaptor.getValue().getClusters().keySet()).isEqualTo(expectedClusters);
+
+    // Close 1 subscription shouldn't affect the other or RDS subscriptions
+    subscription1.close();
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    builder = ImmutableSet.builder();
+    Set<String> expectedClusters2 =
+        builder.add(rootName2).add(CLUSTER_NAME).addAll(childNames2).build();
+    assertThat(xdsConfigCaptor.getValue().getClusters().keySet()).isEqualTo(expectedClusters2);
+
+    subscription2.close();
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+  }
+
+  @Test
+  public void testDelayedSubscription() {
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+
+    String rootName1 = "root_c";
+    List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
+
+    Closeable subscription1 = xdsDependencyManager.subscribeToCluster(rootName1);
+    assertThat(subscription1).isNotNull();
+    fakeClock.forwardTime(16, TimeUnit.SECONDS);
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsConfigCaptor.capture());
+    assertThat(xdsConfigCaptor.getValue().getClusters().get(rootName1).toString()).isEqualTo(
+        StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
+            "No " + toContextStr(CLUSTER_TYPE_NAME, rootName1))).toString());
+
+    XdsTestUtils.addAggregateToExistingConfig(controlPlaneService, rootName1, childNames);
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsConfigCaptor.capture());
+    assertThat(xdsConfigCaptor.getValue().getClusters().get(rootName1).hasValue()).isTrue();
+  }
+
+  @Test
+  public void testMissingCdsAndEds() {
+    // update config so that agg cluster references 2 existing & 1 non-existing cluster
+    List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
+    Cluster cluster = XdsTestUtils.buildAggCluster(CLUSTER_NAME, childNames);
+    Map<String, Message> clusterMap = new HashMap<>();
+    Map<String, Message> edsMap = new HashMap<>();
+
+    clusterMap.put(CLUSTER_NAME, cluster);
+    for (int i = 0; i < childNames.size() - 1; i++) {
+      String edsName = XdsTestUtils.EDS_NAME + i;
+      Cluster child = ControlPlaneRule.buildCluster(childNames.get(i), edsName);
+      clusterMap.put(childNames.get(i), child);
+    }
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+
+    // Update config so that one of the 2 "valid" clusters has an EDS resource, the other does not
+    // and there is an EDS that doesn't have matching clusters
+    ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
+        serverName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, XdsTestUtils.EDS_NAME + 0);
+    edsMap.put(XdsTestUtils.EDS_NAME + 0, clusterLoadAssignment);
+    clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
+        serverName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, "garbageEds");
+    edsMap.put("garbageEds", clusterLoadAssignment);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+
+    fakeClock.forwardTime(16, TimeUnit.SECONDS);
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+
+    List<StatusOr<XdsConfig.XdsClusterConfig>> returnedClusters = new ArrayList<>();
+    for (String childName : childNames) {
+      returnedClusters.add(xdsConfigCaptor.getValue().getClusters().get(childName));
+    }
+
+    // Check that missing cluster reported Status and the other 2 are present
+    Status expectedClusterStatus = Status.UNAVAILABLE.withDescription(
+        "No " + toContextStr(CLUSTER_TYPE_NAME, childNames.get(2)));
+    StatusOr<XdsConfig.XdsClusterConfig> missingCluster = returnedClusters.get(2);
+    assertThat(missingCluster.getStatus().toString()).isEqualTo(expectedClusterStatus.toString());
+    assertThat(returnedClusters.get(0).hasValue()).isTrue();
+    assertThat(returnedClusters.get(1).hasValue()).isTrue();
+
+    // Check that missing EDS reported Status, the other one is present and the garbage EDS is not
+    Status expectedEdsStatus = Status.UNAVAILABLE.withDescription(
+        "No " + toContextStr(ENDPOINT_TYPE_NAME, XdsTestUtils.EDS_NAME + 1));
+    assertThat(returnedClusters.get(0).getValue().getEndpoint().hasValue()).isTrue();
+    assertThat(returnedClusters.get(1).getValue().getEndpoint().hasValue()).isFalse();
+    assertThat(returnedClusters.get(1).getValue().getEndpoint().getStatus().toString())
+        .isEqualTo(expectedEdsStatus.toString());
+
+    verify(xdsConfigWatcher, never()).onResourceDoesNotExist(any());
+    testWatcher.verifyStats(1, 0, 0);
+  }
+
+  @Test
+  public void testMissingLds() {
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, "badLdsName");
+
+    fakeClock.forwardTime(16, TimeUnit.SECONDS);
+    verify(xdsConfigWatcher, timeout(1000)).onResourceDoesNotExist(
+        toContextStr(XdsListenerResource.getInstance().typeName(), "badLdsName"));
+
+    testWatcher.verifyStats(0, 0, 1);
+  }
+
+  @Test
+  public void testMissingRds() {
+    Listener serverListener = ControlPlaneRule.buildServerListener();
+    Listener clientListener =
+        ControlPlaneRule.buildClientListener(serverName, serverName, "badRdsName");
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
+        ImmutableMap.of(XdsTestUtils.SERVER_LISTENER, serverListener, serverName, clientListener));
+
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+
+    fakeClock.forwardTime(16, TimeUnit.SECONDS);
+    verify(xdsConfigWatcher, timeout(1000)).onResourceDoesNotExist(
+        toContextStr(XdsRouteConfigureResource.getInstance().typeName(), "badRdsName"));
+
+    testWatcher.verifyStats(0, 0, 1);
+  }
+
+  @Test
+  public void testUpdateToMissingVirtualHost() {
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    WrappedXdsClient wrappedXdsClient = new WrappedXdsClient(xdsClient, syncContext);
+    xdsDependencyManager = new XdsDependencyManager(
+        wrappedXdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+
+    // Update with a config that has a virtual host that doesn't match the server name
+    wrappedXdsClient.deliverLdsUpdate(0L, buildUnmatchedVirtualHosts());
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onError(any(), statusCaptor.capture());
+    assertThat(statusCaptor.getValue().getDescription())
+        .isEqualTo("Failed to find virtual host matching hostname: " + serverName);
+
+    testWatcher.verifyStats(1, 1, 0);
+
+    wrappedXdsClient.shutdown();
+  }
+
+  private List<io.grpc.xds.VirtualHost> buildUnmatchedVirtualHosts() {
+    io.grpc.xds.VirtualHost.Route route1 =
+        io.grpc.xds.VirtualHost.Route.forAction(
+            io.grpc.xds.VirtualHost.Route.RouteMatch.withPathExactOnly("/GreetService/bye"),
+        io.grpc.xds.VirtualHost.Route.RouteAction.forCluster(
+            "cluster-bar.googleapis.com", Collections.emptyList(),
+            TimeUnit.SECONDS.toNanos(15L), null, false), ImmutableMap.of());
+    io.grpc.xds.VirtualHost.Route route2 =
+        io.grpc.xds.VirtualHost.Route.forAction(
+            io.grpc.xds.VirtualHost.Route.RouteMatch.withPathExactOnly("/HelloService/hi"),
+        io.grpc.xds.VirtualHost.Route.RouteAction.forCluster(
+            "cluster-foo.googleapis.com", Collections.emptyList(),
+            TimeUnit.SECONDS.toNanos(15L), null, false),
+        ImmutableMap.of());
+    return Arrays.asList(
+        io.grpc.xds.VirtualHost.create("virtualhost-foo", Collections.singletonList("hello"
+                + ".googleapis.com"),
+            Collections.singletonList(route1),
+            ImmutableMap.of()),
+        io.grpc.xds.VirtualHost.create("virtualhost-bar", Collections.singletonList("hi"
+                + ".googleapis.com"),
+            Collections.singletonList(route2),
+            ImmutableMap.of()));
+  }
+
+  @Test
+  public void testCorruptLds() {
+    String ldsResourceName =
+        "xdstp://unknown.example.com/envoy.config.listener.v3.Listener/listener1";
+
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, ldsResourceName);
+
+    Status expectedStatus = Status.INVALID_ARGUMENT.withDescription(
+        "Wrong configuration: xds server does not exist for resource " + ldsResourceName);
+    String context = toContextStr(XdsListenerResource.getInstance().typeName(), ldsResourceName);
+    verify(xdsConfigWatcher, timeout(1000))
+        .onError(eq(context), argThat(new XdsTestUtils.StatusMatcher(expectedStatus)));
+
+    fakeClock.forwardTime(16, TimeUnit.SECONDS);
+    testWatcher.verifyStats(0, 1, 0);
+  }
+
+  @Test
+  public void testChangeRdsName_fromLds() {
+    // TODO implement
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    Listener serverListener = ControlPlaneRule.buildServerListener();
+
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+
+    String newRdsName = "newRdsName1";
+
+    Listener clientListener = buildInlineClientListener(newRdsName, CLUSTER_NAME);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
+        ImmutableMap.of(XdsTestUtils.SERVER_LISTENER, serverListener, serverName, clientListener));
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    assertThat(xdsConfigCaptor.getValue()).isNotEqualTo(defaultXdsConfig);
+    assertThat(xdsConfigCaptor.getValue().getVirtualHost().name()).isEqualTo(newRdsName);
+  }
+
+  @Test
+  public void testMultipleParentsInCdsTree() throws IOException {
+    /*
+     * Configure Xds server with the following cluster tree and point RDS to root:
+      2 aggregates under root A & B
+       B has EDS Cluster B1 && shared agg AB1; A has agg A1 && shared agg AB1
+        A1 has shared EDS Cluster A11 && shared agg AB1
+         AB1 has shared EDS Clusters A11 && AB11
+
+      As an alternate visualization, parents are:
+        A -> root, B -> root, A1 -> A, AB1 -> A|B|A1, B1 -> B, A11 -> A1|AB1, AB11 -> AB1
+     */
+    Cluster rootCluster =
+        XdsTestUtils.buildAggCluster("root", Arrays.asList("clusterA", "clusterB"));
+    Cluster clusterA =
+        XdsTestUtils.buildAggCluster("clusterA", Arrays.asList("clusterA1", "clusterAB1"));
+    Cluster clusterB =
+        XdsTestUtils.buildAggCluster("clusterB", Arrays.asList("clusterB1", "clusterAB1"));
+    Cluster clusterA1 =
+        XdsTestUtils.buildAggCluster("clusterA1", Arrays.asList("clusterA11", "clusterAB1"));
+    Cluster clusterAB1 =
+        XdsTestUtils.buildAggCluster("clusterAB1", Arrays.asList("clusterA11", "clusterAB11"));
+
+    Map<String, Message> clusterMap = new HashMap<>();
+    Map<String, Message> edsMap = new HashMap<>();
+
+    clusterMap.put("root", rootCluster);
+    clusterMap.put("clusterA", clusterA);
+    clusterMap.put("clusterB", clusterB);
+    clusterMap.put("clusterA1", clusterA1);
+    clusterMap.put("clusterAB1", clusterAB1);
+
+    XdsTestUtils.addEdsClusters(clusterMap, edsMap, "clusterA11", "clusterAB11", "clusterB1");
+    RouteConfiguration routeConfig =
+        XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "root");
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+
+    // Start the actual test
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    XdsConfig initialConfig = xdsConfigCaptor.getValue();
+
+    // Make sure that adding subscriptions that rds points at doesn't change the config
+    Closeable rootSub = xdsDependencyManager.subscribeToCluster("root");
+    assertThat(xdsDependencyManager.buildConfig()).isEqualTo(initialConfig);
+    Closeable clusterAB11Sub = xdsDependencyManager.subscribeToCluster("clusterAB11");
+    assertThat(xdsDependencyManager.buildConfig()).isEqualTo(initialConfig);
+
+    // Make sure that closing subscriptions that rds points at doesn't change the config
+    rootSub.close();
+    assertThat(xdsDependencyManager.buildConfig()).isEqualTo(initialConfig);
+    clusterAB11Sub.close();
+    assertThat(xdsDependencyManager.buildConfig()).isEqualTo(initialConfig);
+
+    // Make an explicit root subscription and then change RDS to point to A11
+    rootSub = xdsDependencyManager.subscribeToCluster("root");
+    RouteConfiguration newRouteConfig =
+        XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "clusterA11");
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, newRouteConfig));
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    assertThat(xdsConfigCaptor.getValue().getClusters().keySet().size()).isEqualTo(8);
+
+    // Now that it is released, we should only have A11
+    rootSub.close();
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    assertThat(xdsConfigCaptor.getValue().getClusters().keySet()).containsExactly("clusterA11");
+  }
+
+  @Test
+  public void testMultipleCdsReferToSameEds() {
+    // Create the maps and Update the config to have 2 clusters that refer to the same EDS resource
+    String edsName = "sharedEds";
+
+    Cluster rootCluster =
+        XdsTestUtils.buildAggCluster("root", Arrays.asList("clusterA", "clusterB"));
+    Cluster clusterA = ControlPlaneRule.buildCluster("clusterA", edsName);
+    Cluster clusterB = ControlPlaneRule.buildCluster("clusterB", edsName);
+
+    Map<String, Message> clusterMap = new HashMap<>();
+    clusterMap.put("root", rootCluster);
+    clusterMap.put("clusterA", clusterA);
+    clusterMap.put("clusterB", clusterB);
+
+    Map<String, Message> edsMap = new HashMap<>();
+    ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
+        serverName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, edsName);
+    edsMap.put(edsName, clusterLoadAssignment);
+
+    RouteConfiguration routeConfig =
+        XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "root");
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+
+    // Start the actual test
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    XdsConfig initialConfig = xdsConfigCaptor.getValue();
+    assertThat(initialConfig.getClusters().keySet())
+        .containsExactly("root", "clusterA", "clusterB");
+
+    XdsEndpointResource.EdsUpdate edsForA =
+        initialConfig.getClusters().get("clusterA").getValue().getEndpoint().getValue();
+    assertThat(edsForA.clusterName).isEqualTo(edsName);
+    XdsEndpointResource.EdsUpdate edsForB =
+        initialConfig.getClusters().get("clusterB").getValue().getEndpoint().getValue();
+    assertThat(edsForB.clusterName).isEqualTo(edsName);
+    assertThat(edsForA).isEqualTo(edsForB);
+    edsForA.localityLbEndpointsMap.values().forEach(
+        localityLbEndpoints -> assertThat(localityLbEndpoints.endpoints()).hasSize(1));
+  }
+
+  @Test
+  public void testChangeRdsName_FromLds_complexTree() {
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+
+    // Create the same tree as in testMultipleParentsInCdsTree
+    Cluster rootCluster =
+        XdsTestUtils.buildAggCluster("root", Arrays.asList("clusterA", "clusterB"));
+    Cluster clusterA =
+        XdsTestUtils.buildAggCluster("clusterA", Arrays.asList("clusterA1", "clusterAB1"));
+    Cluster clusterB =
+        XdsTestUtils.buildAggCluster("clusterB", Arrays.asList("clusterB1", "clusterAB1"));
+    Cluster clusterA1 =
+        XdsTestUtils.buildAggCluster("clusterA1", Arrays.asList("clusterA11", "clusterAB1"));
+    Cluster clusterAB1 =
+        XdsTestUtils.buildAggCluster("clusterAB1", Arrays.asList("clusterA11", "clusterAB11"));
+
+    Map<String, Message> clusterMap = new HashMap<>();
+    Map<String, Message> edsMap = new HashMap<>();
+
+    clusterMap.put("root", rootCluster);
+    clusterMap.put("clusterA", clusterA);
+    clusterMap.put("clusterB", clusterB);
+    clusterMap.put("clusterA1", clusterA1);
+    clusterMap.put("clusterAB1", clusterAB1);
+
+    XdsTestUtils.addEdsClusters(clusterMap, edsMap, "clusterA11", "clusterAB11", "clusterB1");
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    inOrder.verify(xdsConfigWatcher, atLeastOnce()).onUpdate(any());
+
+    // Do the test
+    String newRdsName = "newRdsName1";
+    Listener clientListener = buildInlineClientListener(newRdsName, "root");
+    Listener serverListener = ControlPlaneRule.buildServerListener();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
+        ImmutableMap.of(XdsTestUtils.SERVER_LISTENER, serverListener, serverName, clientListener));
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    XdsConfig config = xdsConfigCaptor.getValue();
+    assertThat(config.getVirtualHost().name()).isEqualTo(newRdsName);
+    assertThat(config.getClusters().size()).isEqualTo(8);
+  }
+
+  @Test
+  public void testChangeAggCluster() {
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+
+    xdsDependencyManager = new XdsDependencyManager(
+        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    inOrder.verify(xdsConfigWatcher, atLeastOnce()).onUpdate(any());
+
+    // Setup initial config A -> A1 -> (A11, A12)
+    Cluster rootCluster =
+        XdsTestUtils.buildAggCluster("root", Arrays.asList("clusterA"));
+    Cluster clusterA =
+        XdsTestUtils.buildAggCluster("clusterA", Arrays.asList("clusterA1"));
+    Cluster clusterA1 =
+        XdsTestUtils.buildAggCluster("clusterA1", Arrays.asList("clusterA11", "clusterA12"));
+
+    Map<String, Message> clusterMap = new HashMap<>();
+    Map<String, Message> edsMap = new HashMap<>();
+
+    clusterMap.put("root", rootCluster);
+    clusterMap.put("clusterA", clusterA);
+    clusterMap.put("clusterA1", clusterA1);
+
+    XdsTestUtils.addEdsClusters(clusterMap, edsMap, "clusterA11", "clusterA12");
+    Listener clientListener = buildInlineClientListener(RDS_NAME, "root");
+    Listener serverListener = ControlPlaneRule.buildServerListener();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
+        ImmutableMap.of(XdsTestUtils.SERVER_LISTENER, serverListener, serverName, clientListener));
+
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+
+    inOrder.verify(xdsConfigWatcher).onUpdate(any());
+
+    // Update the cluster to A -> A2 -> (A21, A22)
+    Cluster clusterA2 =
+        XdsTestUtils.buildAggCluster("clusterA2", Arrays.asList("clusterA21", "clusterA22"));
+    clusterA =
+        XdsTestUtils.buildAggCluster("clusterA", Arrays.asList("clusterA2"));
+    clusterMap.clear();
+    edsMap.clear();
+    clusterMap.put("root", rootCluster);
+    clusterMap.put("clusterA", clusterA);
+    clusterMap.put("clusterA2", clusterA2);
+    XdsTestUtils.addEdsClusters(clusterMap, edsMap, "clusterA21", "clusterA22");
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+
+    // Verify that the config is updated as expected
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    XdsConfig config = xdsConfigCaptor.getValue();
+    assertThat(config.getClusters().keySet()).containsExactly("root", "clusterA", "clusterA2",
+        "clusterA21", "clusterA22");
+  }
+
+  private Listener buildInlineClientListener(String rdsName, String clusterName) {
+    return XdsTestUtils.buildInlineClientListener(rdsName, clusterName, serverName);
+  }
+
+
+  private static String toContextStr(String type, String resourceName) {
+    return type + " resource: " + resourceName;
+  }
+
+  private static class TestWatcher implements XdsDependencyManager.XdsConfigWatcher {
+    XdsConfig lastConfig;
+    int numUpdates = 0;
+    int numError = 0;
+    int numDoesNotExist = 0;
+
+    @Override
+    public void onUpdate(XdsConfig config) {
+      log.fine("Config changed: " + config);
+      lastConfig = config;
+      numUpdates++;
+    }
+
+    @Override
+    public void onError(String resourceContext, Status status) {
+      log.fine(String.format("Error %s for %s: ", status, resourceContext));
+      numError++;
+    }
+
+    @Override
+    public void onResourceDoesNotExist(String resourceName) {
+      log.fine("Resource does not exist: " + resourceName);
+      numDoesNotExist++;
+    }
+
+    private List<Integer> getStats() {
+      return Arrays.asList(numUpdates, numError, numDoesNotExist);
+    }
+
+    private void verifyStats(int updt, int err, int notExist) {
+      assertThat(getStats()).isEqualTo(Arrays.asList(updt, err, notExist));
+    }
+  }
+
+  private static class WrappedXdsClient extends XdsClient {
+    private final XdsClient delegate;
+    private final SynchronizationContext syncContext;
+    private ResourceWatcher<LdsUpdate> ldsWatcher;
+
+    WrappedXdsClient(XdsClient delegate, SynchronizationContext syncContext) {
+      this.delegate = delegate;
+      this.syncContext = syncContext;
+    }
+
+    @Override
+    public void shutdown() {
+      delegate.shutdown();
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public <T extends ResourceUpdate> void watchXdsResource(
+        XdsResourceType<T> type, String resourceName, ResourceWatcher<T> watcher,
+        Executor executor) {
+      if (type.equals(XdsListenerResource.getInstance())) {
+        ldsWatcher = (ResourceWatcher<LdsUpdate>) watcher;
+      }
+      delegate.watchXdsResource(type, resourceName, watcher, executor);
+    }
+
+
+
+    @Override
+    public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T> type,
+                                                                  String resourceName,
+                                                                  ResourceWatcher<T> watcher) {
+      delegate.cancelXdsResourceWatch(type, resourceName, watcher);
+    }
+
+    void deliverLdsUpdate(long httpMaxStreamDurationNano,
+                          List<io.grpc.xds.VirtualHost> virtualHosts) {
+      syncContext.execute(() -> {
+        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(
+            io.grpc.xds.HttpConnectionManager.forVirtualHosts(
+            httpMaxStreamDurationNano, virtualHosts, null));
+        ldsWatcher.onChanged(ldsUpdate);
+      });
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestControlPlaneService.java b/xds/src/test/java/io/grpc/xds/XdsTestControlPlaneService.java
index 98f5fcbfef9..a54893c9075 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestControlPlaneService.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestControlPlaneService.java
@@ -106,7 +106,7 @@ public <T extends Message> void setXdsConfig(final String type, final Map<String
       public void run() {
         HashMap<String, Message> copyResources =  new HashMap<>(resources);
         xdsResources.put(type, copyResources);
-        String newVersionInfo = String.valueOf(xdsVersions.get(type).getAndDecrement());
+        String newVersionInfo = String.valueOf(xdsVersions.get(type).getAndIncrement());
 
         for (Map.Entry<StreamObserver<DiscoveryResponse>, Set<String>> entry :
             subscribers.get(type).entrySet()) {
@@ -119,6 +119,11 @@ public void run() {
     });
   }
 
+  ImmutableMap<String, Message> getCurrentConfig(String type) {
+    HashMap<String, Message> hashMap = xdsResources.get(type);
+    return (hashMap != null) ? ImmutableMap.copyOf(hashMap) : ImmutableMap.of();
+  }
+
   @Override
   public StreamObserver<DiscoveryRequest> streamAggregatedResources(
       final StreamObserver<DiscoveryResponse> responseObserver) {
@@ -159,7 +164,7 @@ public void run() {
 
             DiscoveryResponse response = generateResponse(resourceType,
                 String.valueOf(xdsVersions.get(resourceType)),
-                String.valueOf(xdsNonces.get(resourceType).get(responseObserver)),
+                String.valueOf(xdsNonces.get(resourceType).get(responseObserver).addAndGet(1)),
                 requestedResourceNames);
             responseObserver.onNext(response);
             subscribers.get(resourceType).put(responseObserver, requestedResourceNames);
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
new file mode 100644
index 00000000000..7f5ec0b27c6
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -0,0 +1,423 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_EDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_LDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_RDS;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
+
+import com.google.common.base.Splitter;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.protobuf.Any;
+import com.google.protobuf.BoolValue;
+import com.google.protobuf.Message;
+import com.google.protobuf.util.Durations;
+import io.envoyproxy.envoy.config.cluster.v3.Cluster;
+import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
+import io.envoyproxy.envoy.config.endpoint.v3.ClusterStats;
+import io.envoyproxy.envoy.config.listener.v3.ApiListener;
+import io.envoyproxy.envoy.config.listener.v3.Listener;
+import io.envoyproxy.envoy.config.route.v3.Route;
+import io.envoyproxy.envoy.config.route.v3.RouteAction;
+import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
+import io.envoyproxy.envoy.config.route.v3.RouteMatch;
+import io.envoyproxy.envoy.extensions.clusters.aggregate.v3.ClusterConfig;
+import io.envoyproxy.envoy.extensions.filters.http.router.v3.Router;
+import io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter;
+import io.envoyproxy.envoy.service.load_stats.v3.LoadReportingServiceGrpc;
+import io.envoyproxy.envoy.service.load_stats.v3.LoadStatsRequest;
+import io.envoyproxy.envoy.service.load_stats.v3.LoadStatsResponse;
+import io.grpc.BindableService;
+import io.grpc.Context;
+import io.grpc.Context.CancellationListener;
+import io.grpc.Status;
+import io.grpc.StatusOr;
+import io.grpc.internal.JsonParser;
+import io.grpc.stub.StreamObserver;
+import io.grpc.xds.Endpoints.LbEndpoint;
+import io.grpc.xds.Endpoints.LocalityLbEndpoints;
+import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.Locality;
+import io.grpc.xds.client.XdsResourceType;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Queue;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.mockito.ArgumentMatcher;
+import org.mockito.InOrder;
+
+public class XdsTestUtils {
+  private static final Logger log = Logger.getLogger(XdsTestUtils.class.getName());
+  static final String RDS_NAME = "route-config.googleapis.com";
+  static final String CLUSTER_NAME = "cluster0";
+  static final String EDS_NAME = "eds-service-0";
+  static final String SERVER_LISTENER = "grpc/server?udpa.resource.listening_address=";
+  static final String HTTP_CONNECTION_MANAGER_TYPE_URL =
+      "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3"
+          + ".HttpConnectionManager";
+  public static final String ENDPOINT_HOSTNAME = "data-host";
+  public static final int ENDPOINT_PORT = 1234;
+
+  static BindableService createLrsService(AtomicBoolean lrsEnded,
+                                          Queue<LrsRpcCall> loadReportCalls) {
+    return new LoadReportingServiceGrpc.LoadReportingServiceImplBase() {
+      @Override
+      public StreamObserver<LoadStatsRequest> streamLoadStats(
+          StreamObserver<LoadStatsResponse> responseObserver) {
+        assertThat(lrsEnded.get()).isTrue();
+        lrsEnded.set(false);
+        @SuppressWarnings("unchecked")
+        StreamObserver<LoadStatsRequest> requestObserver = mock(StreamObserver.class);
+        LrsRpcCall call = new LrsRpcCall(requestObserver, responseObserver);
+        Context.current().addListener(
+            new CancellationListener() {
+              @Override
+              public void cancelled(Context context) {
+                lrsEnded.set(true);
+              }
+            }, MoreExecutors.directExecutor());
+        loadReportCalls.offer(call);
+        return requestObserver;
+      }
+    };
+  }
+
+  static boolean matchErrorDetail(
+      com.google.rpc.Status errorDetail, int expectedCode, List<String> expectedMessages) {
+    if (expectedCode != errorDetail.getCode()) {
+      return false;
+    }
+    List<String> errors = Splitter.on('\n').splitToList(errorDetail.getMessage());
+    if (errors.size() != expectedMessages.size()) {
+      return false;
+    }
+    for (int i = 0; i < errors.size(); i++) {
+      if (!errors.get(i).startsWith(expectedMessages.get(i))) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  static void setAdsConfig(XdsTestControlPlaneService service, String serverName) {
+    setAdsConfig(service, serverName, RDS_NAME, CLUSTER_NAME, EDS_NAME, ENDPOINT_HOSTNAME,
+        ENDPOINT_PORT);
+  }
+
+  static void setAdsConfig(XdsTestControlPlaneService service, String serverName, String rdsName,
+                           String clusterName, String edsName, String endpointHostname,
+                           int endpointPort) {
+
+    Listener serverListener = ControlPlaneRule.buildServerListener();
+    Listener clientListener = ControlPlaneRule.buildClientListener(serverName, serverName, rdsName);
+    service.setXdsConfig(ADS_TYPE_URL_LDS,
+        ImmutableMap.of(SERVER_LISTENER, serverListener, serverName, clientListener));
+
+    RouteConfiguration routeConfig =
+        buildRouteConfiguration(serverName, rdsName, clusterName);
+    service.setXdsConfig(ADS_TYPE_URL_RDS, ImmutableMap.of(rdsName, routeConfig));;
+
+    Cluster cluster = ControlPlaneRule.buildCluster(clusterName, edsName);
+    service.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.<String, Message>of(clusterName, cluster));
+
+    ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
+        serverName, endpointHostname, endpointPort, edsName);
+    service.setXdsConfig(ADS_TYPE_URL_EDS,
+        ImmutableMap.<String, Message>of(edsName, clusterLoadAssignment));
+
+    log.log(Level.FINE, String.format("Set ADS config for %s with address %s:%d",
+        serverName, endpointHostname, endpointPort));
+
+  }
+
+  static String getEdsNameForCluster(String clusterName) {
+    return "eds_" + clusterName;
+  }
+
+  static void setAggregateCdsConfig(XdsTestControlPlaneService service, String serverName,
+                                    String clusterName, List<String> children) {
+    Map<String, Message> clusterMap = new HashMap<>();
+
+    ClusterConfig rootConfig = ClusterConfig.newBuilder().addAllClusters(children).build();
+    Cluster.CustomClusterType type =
+        Cluster.CustomClusterType.newBuilder()
+            .setName(XdsClusterResource.AGGREGATE_CLUSTER_TYPE_NAME)
+            .setTypedConfig(Any.pack(rootConfig))
+            .build();
+    Cluster.Builder builder = Cluster.newBuilder().setName(clusterName).setClusterType(type);
+    builder.setLbPolicy(Cluster.LbPolicy.ROUND_ROBIN);
+    Cluster cluster = builder.build();
+    clusterMap.put(clusterName, cluster);
+
+    for (String child : children) {
+      Cluster childCluster = ControlPlaneRule.buildCluster(child, getEdsNameForCluster(child));
+      clusterMap.put(child, childCluster);
+    }
+
+    service.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+
+    Map<String, Message> edsMap = new HashMap<>();
+    for (String child : children) {
+      ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
+          serverName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, getEdsNameForCluster(child));
+      edsMap.put(getEdsNameForCluster(child), clusterLoadAssignment);
+    }
+    service.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+  }
+
+  static void addAggregateToExistingConfig(XdsTestControlPlaneService service, String rootName,
+                                           List<String> children) {
+    Map<String, Message> clusterMap = new HashMap<>(service.getCurrentConfig(ADS_TYPE_URL_CDS));
+    if (clusterMap.containsKey(rootName)) {
+      throw new IllegalArgumentException("Root cluster " + rootName + " already exists");
+    }
+    ClusterConfig rootConfig = ClusterConfig.newBuilder().addAllClusters(children).build();
+    Cluster.CustomClusterType type =
+        Cluster.CustomClusterType.newBuilder()
+            .setName(XdsClusterResource.AGGREGATE_CLUSTER_TYPE_NAME)
+            .setTypedConfig(Any.pack(rootConfig))
+            .build();
+    Cluster.Builder builder = Cluster.newBuilder().setName(rootName).setClusterType(type);
+    builder.setLbPolicy(Cluster.LbPolicy.ROUND_ROBIN);
+    Cluster cluster = builder.build();
+    clusterMap.put(rootName, cluster);
+
+    for (String child : children) {
+      if (clusterMap.containsKey(child)) {
+        continue;
+      }
+      Cluster childCluster = ControlPlaneRule.buildCluster(child, getEdsNameForCluster(child));
+      clusterMap.put(child, childCluster);
+    }
+
+    service.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+
+    Map<String, Message> edsMap = new HashMap<>(service.getCurrentConfig(ADS_TYPE_URL_EDS));
+    for (String child : children) {
+      if (edsMap.containsKey(getEdsNameForCluster(child))) {
+        continue;
+      }
+      ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
+          child, ENDPOINT_HOSTNAME, ENDPOINT_PORT, getEdsNameForCluster(child));
+      edsMap.put(getEdsNameForCluster(child), clusterLoadAssignment);
+    }
+    service.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+  }
+
+  static XdsConfig getDefaultXdsConfig(String serverHostName)
+      throws XdsResourceType.ResourceInvalidException, IOException {
+    XdsConfig.XdsConfigBuilder builder = new XdsConfig.XdsConfigBuilder();
+
+    Filter.NamedFilterConfig routerFilterConfig = new Filter.NamedFilterConfig(
+        serverHostName, RouterFilter.ROUTER_CONFIG);
+
+    HttpConnectionManager httpConnectionManager = HttpConnectionManager.forRdsName(
+        0L, RDS_NAME, Collections.singletonList(routerFilterConfig));
+    XdsListenerResource.LdsUpdate ldsUpdate =
+        XdsListenerResource.LdsUpdate.forApiListener(httpConnectionManager);
+
+    RouteConfiguration routeConfiguration =
+        buildRouteConfiguration(serverHostName, RDS_NAME, CLUSTER_NAME);
+    Bootstrapper.ServerInfo serverInfo = null;
+    XdsResourceType.Args args = new XdsResourceType.Args(serverInfo, "0", "0", null, null, null);
+    XdsRouteConfigureResource.RdsUpdate rdsUpdate =
+        XdsRouteConfigureResource.getInstance().doParse(args, routeConfiguration);
+
+    // Take advantage of knowing that there is only 1 virtual host in the route configuration
+    assertThat(rdsUpdate.virtualHosts).hasSize(1);
+    VirtualHost virtualHost = rdsUpdate.virtualHosts.get(0);
+
+    // Need to create endpoints to create locality endpoints map to create edsUpdate
+    Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
+    LbEndpoint lbEndpoint =
+        LbEndpoint.create(serverHostName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME);
+    lbEndpointsMap.put(
+        Locality.create("", "", ""),
+        LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0));
+
+    // Need to create EdsUpdate to create CdsUpdate to create XdsClusterConfig for builder
+    XdsEndpointResource.EdsUpdate edsUpdate = new XdsEndpointResource.EdsUpdate(
+        EDS_NAME, lbEndpointsMap, Collections.emptyList());
+    XdsClusterResource.CdsUpdate cdsUpdate = XdsClusterResource.CdsUpdate.forEds(
+        CLUSTER_NAME, EDS_NAME, serverInfo, null, null, null)
+        .lbPolicyConfig(getWrrLbConfigAsMap()).build();
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME, cdsUpdate, StatusOr.fromValue(edsUpdate));
+
+    builder
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(virtualHost)
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig));
+
+    return builder.build();
+  }
+
+  @SuppressWarnings("unchecked")
+  private static ImmutableMap<String, ?> getWrrLbConfigAsMap() throws IOException {
+    String lbConfigStr = "{\"wrr_locality_experimental\" : "
+        + "{ \"childPolicy\" : [{\"round_robin\" : {}}]}}";
+
+    return ImmutableMap.copyOf((Map<String, ?>) JsonParser.parse(lbConfigStr));
+  }
+
+  static RouteConfiguration buildRouteConfiguration(String authority, String rdsName,
+                                                    String clusterName) {
+    io.envoyproxy.envoy.config.route.v3.VirtualHost.Builder vhBuilder =
+        io.envoyproxy.envoy.config.route.v3.VirtualHost.newBuilder()
+            .setName(rdsName)
+            .addDomains(authority)
+            .addRoutes(
+                Route.newBuilder()
+                    .setMatch(
+                        RouteMatch.newBuilder().setPrefix("/").build())
+                    .setRoute(
+                        RouteAction.newBuilder().setCluster(clusterName)
+                            .setAutoHostRewrite(BoolValue.newBuilder().setValue(true).build())
+                            .build()));
+    io.envoyproxy.envoy.config.route.v3.VirtualHost virtualHost = vhBuilder.build();
+    return RouteConfiguration.newBuilder().setName(rdsName).addVirtualHosts(virtualHost).build();
+  }
+
+  static Cluster buildAggCluster(String name, List<String> childNames) {
+    ClusterConfig rootConfig = ClusterConfig.newBuilder().addAllClusters(childNames).build();
+    Cluster.CustomClusterType type =
+        Cluster.CustomClusterType.newBuilder()
+            .setName(XdsClusterResource.AGGREGATE_CLUSTER_TYPE_NAME)
+            .setTypedConfig(Any.pack(rootConfig))
+            .build();
+    Cluster.Builder builder =
+        Cluster.newBuilder().setName(name).setClusterType(type);
+    builder.setLbPolicy(Cluster.LbPolicy.ROUND_ROBIN);
+    Cluster cluster = builder.build();
+    return cluster;
+  }
+
+  static void addEdsClusters(Map<String, Message> clusterMap, Map<String, Message> edsMap,
+                             String... clusterNames) {
+    for (String clusterName : clusterNames) {
+      String edsName = getEdsNameForCluster(clusterName);
+      Cluster cluster = ControlPlaneRule.buildCluster(clusterName, edsName);
+      clusterMap.put(clusterName, cluster);
+
+      ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
+          clusterName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, edsName);
+      edsMap.put(edsName, clusterLoadAssignment);
+    }
+  }
+
+  static Listener buildInlineClientListener(String rdsName, String clusterName, String serverName) {
+    HttpFilter
+        httpFilter = HttpFilter.newBuilder()
+        .setName(serverName)
+        .setTypedConfig(Any.pack(Router.newBuilder().build()))
+        .setIsOptional(true)
+        .build();
+    ApiListener.Builder clientListenerBuilder =
+        ApiListener.newBuilder().setApiListener(Any.pack(
+            io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3
+                .HttpConnectionManager.newBuilder()
+                .setRouteConfig(
+                    buildRouteConfiguration(serverName, rdsName, clusterName))
+                .addAllHttpFilters(Collections.singletonList(httpFilter))
+                .build(),
+            HTTP_CONNECTION_MANAGER_TYPE_URL));
+    return Listener.newBuilder()
+        .setName(serverName)
+        .setApiListener(clientListenerBuilder.build()).build();
+
+  }
+
+  /**
+   * Matches a {@link LoadStatsRequest} containing a collection of {@link ClusterStats} with
+   * the same list of clusterName:clusterServiceName pair.
+   */
+  static class LrsRequestMatcher implements ArgumentMatcher<LoadStatsRequest> {
+    private final List<String> expected;
+
+    private LrsRequestMatcher(List<String[]> clusterNames) {
+      expected = new ArrayList<>();
+      for (String[] pair : clusterNames) {
+        expected.add(pair[0] + ":" + (pair[1] == null ? "" : pair[1]));
+      }
+      Collections.sort(expected);
+    }
+
+    @Override
+    public boolean matches(LoadStatsRequest argument) {
+      List<String> actual = new ArrayList<>();
+      for (ClusterStats clusterStats : argument.getClusterStatsList()) {
+        actual.add(clusterStats.getClusterName() + ":" + clusterStats.getClusterServiceName());
+      }
+      Collections.sort(actual);
+      return actual.equals(expected);
+    }
+  }
+
+  static class LrsRpcCall  {
+    private final StreamObserver<LoadStatsRequest> requestObserver;
+    private final StreamObserver<LoadStatsResponse> responseObserver;
+    private final InOrder inOrder;
+
+    private LrsRpcCall(StreamObserver<LoadStatsRequest> requestObserver,
+                         StreamObserver<LoadStatsResponse> responseObserver) {
+      this.requestObserver = requestObserver;
+      this.responseObserver = responseObserver;
+      inOrder = inOrder(requestObserver);
+    }
+
+    protected void verifyNextReportClusters(List<String[]> clusters) {
+      inOrder.verify(requestObserver).onNext(argThat(new LrsRequestMatcher(clusters)));
+    }
+
+    protected void sendResponse(List<String> clusters, long loadReportIntervalNano) {
+      LoadStatsResponse response =
+          LoadStatsResponse.newBuilder()
+              .addAllClusters(clusters)
+              .setLoadReportingInterval(Durations.fromNanos(loadReportIntervalNano))
+              .build();
+      responseObserver.onNext(response);
+    }
+  }
+
+  static class StatusMatcher implements ArgumentMatcher<Status> {
+    private final Status expectedStatus;
+
+    StatusMatcher(Status expectedStatus) {
+      this.expectedStatus = expectedStatus;
+    }
+
+    @Override
+    public boolean matches(Status status) {
+      return status != null && expectedStatus.getCode().equals(status.getCode())
+          && expectedStatus.getDescription().equals(status.getDescription());
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
index f3de4549ba9..485970741c1 100644
--- a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
@@ -34,9 +34,15 @@
 import javax.annotation.Nullable;
 
 public class CommonBootstrapperTestUtils {
+  public static final String SERVER_URI = "trafficdirector.googleapis.com";
   private static final ChannelCredentials CHANNEL_CREDENTIALS = InsecureChannelCredentials.create();
   private static final String SERVER_URI_CUSTOM_AUTHORITY = "trafficdirector2.googleapis.com";
   private static final String SERVER_URI_EMPTY_AUTHORITY = "trafficdirector3.googleapis.com";
+  public static final String LDS_RESOURCE = "listener.googleapis.com";
+  public static final String RDS_RESOURCE = "route-configuration.googleapis.com";
+  public static final String CDS_RESOURCE = "cluster.googleapis.com";
+  public static final String EDS_RESOURCE = "cluster-load-assignment.googleapis.com";
+
   private static final String FILE_WATCHER_CONFIG = "{\"path\": \"/etc/secret/certs\"}";
   private static final String MESHCA_CONFIG =
       "{\n"

From bd6af59221fa4f0572193b363308c952eee7d884 Mon Sep 17 00:00:00 2001
From: Sergii Tkachenko <sergiitk@google.com>
Date: Mon, 10 Feb 2025 17:14:07 -0800
Subject: [PATCH 174/591] xds: improve code readability of server FilterChain
 parsing

- Improve code flow and variable names
- Reduce nesting
- Add comments between logical blocks
- Add comments explaining some xDS/gRPC nuances
---
 .../java/io/grpc/xds/XdsListenerResource.java | 86 ++++++++++++-------
 .../java/io/grpc/xds/XdsServerWrapper.java    | 77 +++++++++++------
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 36 +++++---
 3 files changed, 127 insertions(+), 72 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
index 141580af73d..a18b093e38f 100644
--- a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
@@ -146,11 +146,11 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
       Listener proto, TlsContextManager tlsContextManager,
       FilterRegistry filterRegistry, Set<String> certProviderInstances, XdsResourceType.Args args)
       throws ResourceInvalidException {
-    if (!proto.getTrafficDirection().equals(TrafficDirection.INBOUND)
-        && !proto.getTrafficDirection().equals(TrafficDirection.UNSPECIFIED)) {
+    TrafficDirection trafficDirection = proto.getTrafficDirection();
+    if (!trafficDirection.equals(TrafficDirection.INBOUND)
+        && !trafficDirection.equals(TrafficDirection.UNSPECIFIED)) {
       throw new ResourceInvalidException(
-          "Listener " + proto.getName() + " with invalid traffic direction: "
-              + proto.getTrafficDirection());
+          "Listener " + proto.getName() + " with invalid traffic direction: " + trafficDirection);
     }
     if (!proto.getListenerFiltersList().isEmpty()) {
       throw new ResourceInvalidException(
@@ -178,16 +178,29 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
     }
 
     ImmutableList.Builder<FilterChain> filterChains = ImmutableList.builder();
-    Set<FilterChainMatch> uniqueSet = new HashSet<>();
+    Set<FilterChainMatch> filterChainMatchSet = new HashSet<>();
+    int i = 0;
     for (io.envoyproxy.envoy.config.listener.v3.FilterChain fc : proto.getFilterChainsList()) {
+      // May be empty. If it's not empty, required to be unique.
+      String filterChainName = fc.getName();
+      if (filterChainName.isEmpty()) {
+        // Generate a name, so we can identify it in the logs.
+        filterChainName = "chain_" + i;
+      }
       filterChains.add(
-          parseFilterChain(fc, tlsContextManager, filterRegistry, uniqueSet,
-              certProviderInstances, args));
+          parseFilterChain(fc, filterChainName, tlsContextManager, filterRegistry,
+              filterChainMatchSet, certProviderInstances, args));
+      i++;
     }
+
     FilterChain defaultFilterChain = null;
     if (proto.hasDefaultFilterChain()) {
+      String defaultFilterChainName = proto.getDefaultFilterChain().getName();
+      if (defaultFilterChainName.isEmpty()) {
+        defaultFilterChainName = "chain_default";
+      }
       defaultFilterChain = parseFilterChain(
-          proto.getDefaultFilterChain(), tlsContextManager, filterRegistry,
+          proto.getDefaultFilterChain(), defaultFilterChainName, tlsContextManager, filterRegistry,
           null, certProviderInstances, args);
     }
 
@@ -198,36 +211,44 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
   @VisibleForTesting
   static FilterChain parseFilterChain(
       io.envoyproxy.envoy.config.listener.v3.FilterChain proto,
-      TlsContextManager tlsContextManager, FilterRegistry filterRegistry,
-      Set<FilterChainMatch> uniqueSet, Set<String> certProviderInstances, XdsResourceType.Args args)
+      String filterChainName,
+      TlsContextManager tlsContextManager,
+      FilterRegistry filterRegistry,
+      // null disables FilterChainMatch uniqueness check, used for defaultFilterChain
+      @Nullable Set<FilterChainMatch> filterChainMatchSet,
+      Set<String> certProviderInstances,
+      XdsResourceType.Args args)
       throws ResourceInvalidException {
+    // FilterChain contains L4 filters, so we ensure it contains only HCM.
     if (proto.getFiltersCount() != 1) {
-      throw new ResourceInvalidException("FilterChain " + proto.getName()
+      throw new ResourceInvalidException("FilterChain " + filterChainName
           + " should contain exact one HttpConnectionManager filter");
     }
-    io.envoyproxy.envoy.config.listener.v3.Filter filter = proto.getFiltersList().get(0);
-    if (!filter.hasTypedConfig()) {
+    io.envoyproxy.envoy.config.listener.v3.Filter l4Filter = proto.getFiltersList().get(0);
+    if (!l4Filter.hasTypedConfig()) {
       throw new ResourceInvalidException(
-          "FilterChain " + proto.getName() + " contains filter " + filter.getName()
+          "FilterChain " + filterChainName + " contains filter " + l4Filter.getName()
               + " without typed_config");
     }
-    Any any = filter.getTypedConfig();
-    // HttpConnectionManager is the only supported network filter at the moment.
+    Any any = l4Filter.getTypedConfig();
     if (!any.getTypeUrl().equals(TYPE_URL_HTTP_CONNECTION_MANAGER)) {
       throw new ResourceInvalidException(
-          "FilterChain " + proto.getName() + " contains filter " + filter.getName()
+          "FilterChain " + filterChainName + " contains filter " + l4Filter.getName()
               + " with unsupported typed_config type " + any.getTypeUrl());
     }
+
+    // Parse HCM.
     HttpConnectionManager hcmProto;
     try {
       hcmProto = any.unpack(HttpConnectionManager.class);
     } catch (InvalidProtocolBufferException e) {
-      throw new ResourceInvalidException("FilterChain " + proto.getName() + " with filter "
-          + filter.getName() + " failed to unpack message", e);
+      throw new ResourceInvalidException("FilterChain " + filterChainName + " with filter "
+          + l4Filter.getName() + " failed to unpack message", e);
     }
     io.grpc.xds.HttpConnectionManager httpConnectionManager = parseHttpConnectionManager(
         hcmProto, filterRegistry, false /* isForClient */, args);
 
+    // Parse Transport Socket.
     EnvoyServerProtoData.DownstreamTlsContext downstreamTlsContext = null;
     if (proto.hasTransportSocket()) {
       if (!TRANSPORT_SOCKET_NAME_TLS.equals(proto.getTransportSocket().getName())) {
@@ -239,7 +260,7 @@ static FilterChain parseFilterChain(
         downstreamTlsContextProto =
             proto.getTransportSocket().getTypedConfig().unpack(DownstreamTlsContext.class);
       } catch (InvalidProtocolBufferException e) {
-        throw new ResourceInvalidException("FilterChain " + proto.getName()
+        throw new ResourceInvalidException("FilterChain " + filterChainName
             + " failed to unpack message", e);
       }
       downstreamTlsContext =
@@ -247,10 +268,15 @@ static FilterChain parseFilterChain(
               validateDownstreamTlsContext(downstreamTlsContextProto, certProviderInstances));
     }
 
+    // Parse FilterChainMatch.
     FilterChainMatch filterChainMatch = parseFilterChainMatch(proto.getFilterChainMatch());
-    checkForUniqueness(uniqueSet, filterChainMatch);
+    // null used to skip this check for defaultFilterChain.
+    if (filterChainMatchSet != null) {
+      validateFilterChainMatchForUniqueness(filterChainMatchSet, filterChainMatch);
+    }
+
     return FilterChain.create(
-        proto.getName(),
+        filterChainName,
         filterChainMatch,
         httpConnectionManager,
         downstreamTlsContext,
@@ -284,15 +310,15 @@ static DownstreamTlsContext validateDownstreamTlsContext(
     return downstreamTlsContext;
   }
 
-  private static void checkForUniqueness(Set<FilterChainMatch> uniqueSet,
+  private static void validateFilterChainMatchForUniqueness(
+      Set<FilterChainMatch> filterChainMatchSet,
       FilterChainMatch filterChainMatch) throws ResourceInvalidException {
-    if (uniqueSet != null) {
-      List<FilterChainMatch> crossProduct = getCrossProduct(filterChainMatch);
-      for (FilterChainMatch cur : crossProduct) {
-        if (!uniqueSet.add(cur)) {
-          throw new ResourceInvalidException("FilterChainMatch must be unique. "
-              + "Found duplicate: " + cur);
-        }
+    // Flattens complex FilterChainMatch into a list of simple FilterChainMatch'es.
+    List<FilterChainMatch> crossProduct = getCrossProduct(filterChainMatch);
+    for (FilterChainMatch cur : crossProduct) {
+      if (!filterChainMatchSet.add(cur)) {
+        throw new ResourceInvalidException("FilterChainMatch must be unique. "
+            + "Found duplicate: " + cur);
       }
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index 392f4c1a313..3a9b98ee321 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -60,7 +60,6 @@
 import java.io.IOException;
 import java.net.SocketAddress;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -459,47 +458,69 @@ private void shutdown() {
     }
 
     private void updateSelector() {
-      Map<FilterChain, AtomicReference<ServerRoutingConfig>> filterChainRouting = new HashMap<>();
+      // This is regenerated in generateRoutingConfig() calls below.
       savedRdsRoutingConfigRef.clear();
+
+      // Prepare server routing config map.
+      ImmutableMap.Builder<FilterChain, AtomicReference<ServerRoutingConfig>> routingConfigs =
+          ImmutableMap.builder();
       for (FilterChain filterChain: filterChains) {
-        filterChainRouting.put(filterChain, generateRoutingConfig(filterChain));
+        routingConfigs.put(filterChain, generateRoutingConfig(filterChain));
       }
-      FilterChainSelector selector = new FilterChainSelector(
-          Collections.unmodifiableMap(filterChainRouting),
-          defaultFilterChain == null ? null : defaultFilterChain.sslContextProviderSupplier(),
-          defaultFilterChain == null ? new AtomicReference<ServerRoutingConfig>() :
-              generateRoutingConfig(defaultFilterChain));
-      List<SslContextProviderSupplier> toRelease = getSuppliersInUse();
+
+      // Prepare the new selector.
+      FilterChainSelector selector;
+      if (defaultFilterChain != null) {
+        selector = new FilterChainSelector(
+            routingConfigs.build(),
+            defaultFilterChain.sslContextProviderSupplier(),
+            generateRoutingConfig(defaultFilterChain));
+      } else {
+        selector = new FilterChainSelector(routingConfigs.build(), null, new AtomicReference<>());
+      }
+
+      // Prepare the list of current selector's resources to close later.
+      List<SslContextProviderSupplier> oldSslSuppliers = getSuppliersInUse();
+
+      // Swap the selectors, initiate a graceful shutdown of the old one.
       logger.log(Level.FINEST, "Updating selector {0}", selector);
       filterChainSelectorManager.updateSelector(selector);
-      for (SslContextProviderSupplier e: toRelease) {
-        e.close();
+
+      // Release old resources.
+      for (SslContextProviderSupplier supplier: oldSslSuppliers) {
+        supplier.close();
       }
+
+      // Now that we have valid Transport Socket config, we can start/restart listening on a port.
       startDelegateServer();
     }
 
     private AtomicReference<ServerRoutingConfig> generateRoutingConfig(FilterChain filterChain) {
       HttpConnectionManager hcm = filterChain.httpConnectionManager();
+      ImmutableMap<Route, ServerInterceptor> interceptors;
+
+      // Inlined routes.
       if (hcm.virtualHosts() != null) {
-        ImmutableMap<Route, ServerInterceptor> interceptors = generatePerRouteInterceptors(
-                hcm.httpFilterConfigs(), hcm.virtualHosts());
-        return new AtomicReference<>(ServerRoutingConfig.create(hcm.virtualHosts(),interceptors));
+        interceptors = generatePerRouteInterceptors(hcm.httpFilterConfigs(), hcm.virtualHosts());
+        return new AtomicReference<>(ServerRoutingConfig.create(hcm.virtualHosts(), interceptors));
+      }
+
+      // Routes from RDS.
+      RouteDiscoveryState rds = routeDiscoveryStates.get(hcm.rdsName());
+      checkNotNull(rds, "rds");
+
+      ServerRoutingConfig routingConfig;
+      ImmutableList<VirtualHost> savedVhosts = rds.savedVirtualHosts;
+      if (savedVhosts != null) {
+        interceptors = generatePerRouteInterceptors(hcm.httpFilterConfigs(), savedVhosts);
+        routingConfig = ServerRoutingConfig.create(savedVhosts, interceptors);
       } else {
-        RouteDiscoveryState rds = routeDiscoveryStates.get(hcm.rdsName());
-        checkNotNull(rds, "rds");
-        AtomicReference<ServerRoutingConfig> serverRoutingConfigRef = new AtomicReference<>();
-        if (rds.savedVirtualHosts != null) {
-          ImmutableMap<Route, ServerInterceptor> interceptors = generatePerRouteInterceptors(
-              hcm.httpFilterConfigs(), rds.savedVirtualHosts);
-          ServerRoutingConfig serverRoutingConfig =
-              ServerRoutingConfig.create(rds.savedVirtualHosts, interceptors);
-          serverRoutingConfigRef.set(serverRoutingConfig);
-        } else {
-          serverRoutingConfigRef.set(ServerRoutingConfig.FAILING_ROUTING_CONFIG);
-        }
-        savedRdsRoutingConfigRef.put(filterChain, serverRoutingConfigRef);
-        return serverRoutingConfigRef;
+        routingConfig = ServerRoutingConfig.FAILING_ROUTING_CONFIG;
       }
+
+      AtomicReference<ServerRoutingConfig> routingConfigRef = new AtomicReference<>(routingConfig);
+      savedRdsRoutingConfigRef.put(filterChain, routingConfigRef);
+      return routingConfigRef;
     }
 
     private ImmutableMap<Route, ServerInterceptor> generatePerRouteInterceptors(
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 5b9fdda1127..314b2094480 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -2719,7 +2719,7 @@ public void parseFilterChain_noHcm() throws ResourceInvalidException {
     thrown.expectMessage(
         "FilterChain filter-chain-foo should contain exact one HttpConnectionManager filter");
     XdsListenerResource.parseFilterChain(
-        filterChain, null, filterRegistry, null, null,
+        filterChain, "filter-chain-foo", null, filterRegistry, null, null,
         getXdsResourceTypeArgs(true));
   }
 
@@ -2738,7 +2738,7 @@ public void parseFilterChain_duplicateFilter() throws ResourceInvalidException {
     thrown.expectMessage(
         "FilterChain filter-chain-foo should contain exact one HttpConnectionManager filter");
     XdsListenerResource.parseFilterChain(
-        filterChain, null, filterRegistry, null, null,
+        filterChain, "filter-chain-foo", null, filterRegistry, null, null,
         getXdsResourceTypeArgs(true));
   }
 
@@ -2757,7 +2757,7 @@ public void parseFilterChain_filterMissingTypedConfig() throws ResourceInvalidEx
         "FilterChain filter-chain-foo contains filter envoy.http_connection_manager "
             + "without typed_config");
     XdsListenerResource.parseFilterChain(
-        filterChain, null, filterRegistry, null, null,
+        filterChain, "filter-chain-foo", null, filterRegistry, null, null,
         getXdsResourceTypeArgs(true));
   }
 
@@ -2780,13 +2780,13 @@ public void parseFilterChain_unsupportedFilter() throws ResourceInvalidException
         "FilterChain filter-chain-foo contains filter unsupported with unsupported "
             + "typed_config type unsupported-type-url");
     XdsListenerResource.parseFilterChain(
-        filterChain, null, filterRegistry, null, null,
+        filterChain, "filter-chain-foo", null, filterRegistry, null, null,
         getXdsResourceTypeArgs(true));
   }
 
   @Test
   public void parseFilterChain_noName() throws ResourceInvalidException {
-    FilterChain filterChain1 =
+    FilterChain filterChain0 =
         FilterChain.newBuilder()
             .setFilterChainMatch(FilterChainMatch.getDefaultInstance())
             .addFilters(buildHttpConnectionManagerFilter(
@@ -2796,9 +2796,11 @@ public void parseFilterChain_noName() throws ResourceInvalidException {
                     .setTypedConfig(Any.pack(Router.newBuilder().build()))
                     .build()))
             .build();
-    FilterChain filterChain2 =
+
+    FilterChain filterChain1 =
         FilterChain.newBuilder()
-            .setFilterChainMatch(FilterChainMatch.getDefaultInstance())
+            .setFilterChainMatch(
+                FilterChainMatch.newBuilder().addAllSourcePorts(Arrays.asList(443, 8080)))
             .addFilters(buildHttpConnectionManagerFilter(
                 HttpFilter.newBuilder()
                     .setName("http-filter-bar")
@@ -2807,13 +2809,19 @@ public void parseFilterChain_noName() throws ResourceInvalidException {
                     .build()))
             .build();
 
-    EnvoyServerProtoData.FilterChain parsedFilterChain1 = XdsListenerResource.parseFilterChain(
-        filterChain1, null, filterRegistry, null,
-        null, getXdsResourceTypeArgs(true));
-    EnvoyServerProtoData.FilterChain parsedFilterChain2 = XdsListenerResource.parseFilterChain(
-        filterChain2, null, filterRegistry, null,
-        null, getXdsResourceTypeArgs(true));
-    assertThat(parsedFilterChain1.name()).isEqualTo(parsedFilterChain2.name());
+    Listener listenerProto =
+        Listener.newBuilder()
+            .setName("listener1")
+            .setTrafficDirection(TrafficDirection.INBOUND)
+            .addAllFilterChains(Arrays.asList(filterChain0, filterChain1))
+            .setDefaultFilterChain(filterChain0)
+            .build();
+    EnvoyServerProtoData.Listener listener = XdsListenerResource.parseServerSideListener(
+        listenerProto, null, filterRegistry, null, getXdsResourceTypeArgs(true));
+
+    assertThat(listener.filterChains().get(0).name()).isEqualTo("chain_0");
+    assertThat(listener.filterChains().get(1).name()).isEqualTo("chain_1");
+    assertThat(listener.defaultFilterChain().name()).isEqualTo("chain_default");
   }
 
   @Test

From dc316f7fd974675a466325b3f4a69ba0d72db53b Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Thu, 30 Jan 2025 09:26:55 -0800
Subject: [PATCH 175/591] Add missing frame release to
 Http2ClientStreamTransportState.

If a data frame is received before headers, processing of the frame is abandoned. The frame must be released in that case.
---
 .../java/io/grpc/internal/Http2ClientStreamTransportState.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/src/main/java/io/grpc/internal/Http2ClientStreamTransportState.java b/core/src/main/java/io/grpc/internal/Http2ClientStreamTransportState.java
index e92bb7a4af1..5560a1abb6d 100644
--- a/core/src/main/java/io/grpc/internal/Http2ClientStreamTransportState.java
+++ b/core/src/main/java/io/grpc/internal/Http2ClientStreamTransportState.java
@@ -140,6 +140,7 @@ protected void transportDataReceived(ReadableBuffer frame, boolean endOfStream)
       }
     } else {
       if (!headersReceived) {
+        frame.close();
         http2ProcessingFailed(
             Status.INTERNAL.withDescription("headers not received before payload"),
             false,

From 302342cfce50361bc1b12a37a3627d34c25dbf88 Mon Sep 17 00:00:00 2001
From: Naveen Prasanna V <80662475+NaveenPrasannaV@users.noreply.github.com>
Date: Tue, 11 Feb 2025 11:38:07 +0530
Subject: [PATCH 176/591] core: logging the error message when onClose() itself
 fails (#11880)

---
 .../java/io/grpc/internal/ClientCallImpl.java |  6 ++++-
 .../io/grpc/internal/ClientCallImplTest.java  | 26 +++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/io/grpc/internal/ClientCallImpl.java b/core/src/main/java/io/grpc/internal/ClientCallImpl.java
index 07f2701d1c1..b9e8dd79f09 100644
--- a/core/src/main/java/io/grpc/internal/ClientCallImpl.java
+++ b/core/src/main/java/io/grpc/internal/ClientCallImpl.java
@@ -561,7 +561,11 @@ public Attributes getAttributes() {
   }
 
   private void closeObserver(Listener<RespT> observer, Status status, Metadata trailers) {
-    observer.onClose(status, trailers);
+    try {
+      observer.onClose(status, trailers);
+    } catch (RuntimeException ex) {
+      log.log(Level.WARNING, "Exception thrown by onClose() in ClientCall", ex);
+    }
   }
 
   @Override
diff --git a/core/src/test/java/io/grpc/internal/ClientCallImplTest.java b/core/src/test/java/io/grpc/internal/ClientCallImplTest.java
index 66d626ec2b6..03e613e13d9 100644
--- a/core/src/test/java/io/grpc/internal/ClientCallImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ClientCallImplTest.java
@@ -1105,6 +1105,32 @@ public void getAttributes() {
     assertEquals(attrs, call.getAttributes());
   }
 
+  @Test
+  public void onCloseExceptionCaughtAndLogged() {
+    DelayedExecutor executor = new DelayedExecutor();
+    ClientCallImpl<Void, Void> call = new ClientCallImpl<>(
+        method,
+        executor,
+        baseCallOptions,
+        clientStreamProvider,
+        deadlineCancellationExecutor,
+        channelCallTracer, configSelector);
+
+    call.start(callListener, new Metadata());
+    verify(stream).start(listenerArgumentCaptor.capture());
+    final ClientStreamListener streamListener = listenerArgumentCaptor.getValue();
+    streamListener.headersRead(new Metadata());
+
+    doThrow(new RuntimeException("Exception thrown by onClose() in ClientCall")).when(callListener)
+        .onClose(any(Status.class), any(Metadata.class));
+
+    Status status = Status.RESOURCE_EXHAUSTED.withDescription("simulated");
+    streamListener.closed(status, PROCESSED, new Metadata());
+    executor.release();
+
+    verify(callListener).onClose(same(status), any(Metadata.class));
+  }
+
   private static final class DelayedExecutor implements Executor {
     private final BlockingQueue<Runnable> commands = new LinkedBlockingQueue<>();
 

From fc8571a0e53fa4d1e63ea2c118c05bbf3b5b32cc Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Wed, 12 Feb 2025 01:08:46 +0530
Subject: [PATCH 177/591] Version upgrades (#11874)

---
 MODULE.bazel                 |  4 ++--
 gradle/libs.versions.toml    | 38 +++++++++++++++++++++---------------
 repositories.bzl             |  4 ++--
 servlet/jakarta/build.gradle | 27 ++++++++++++++++++-------
 4 files changed, 46 insertions(+), 27 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 4c7e1b3dca5..7131affbdff 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -8,7 +8,7 @@ module(
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.48.0",
+    "com.google.api.grpc:proto-google-common-protos:2.51.0",
     "com.google.auth:google-auth-library-credentials:1.24.1",
     "com.google.auth:google-auth-library-oauth2-http:1.24.1",
     "com.google.auto.value:auto-value-annotations:1.11.0",
@@ -18,7 +18,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.errorprone:error_prone_annotations:2.30.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.3.1-android",
-    "com.google.re2j:re2j:1.7",
+    "com.google.re2j:re2j:1.8",
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 43ec3368b76..c1554d6b2e0 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -11,18 +11,20 @@ protobuf = "3.25.5"
 [libraries]
 android-annotations = "com.google.android:annotations:4.1.1.4"
 androidx-annotation = "androidx.annotation:annotation:1.9.0"
+# 1.15.0 requires libraries and applications that depend on it to compile against
+# version 35 or later of the Android APIs.
 androidx-core = "androidx.core:core:1.13.1"
-androidx-lifecycle-common = "androidx.lifecycle:lifecycle-common:2.8.6"
-androidx-lifecycle-service = "androidx.lifecycle:lifecycle-service:2.8.6"
+androidx-lifecycle-common = "androidx.lifecycle:lifecycle-common:2.8.7"
+androidx-lifecycle-service = "androidx.lifecycle:lifecycle-service:2.8.7"
 androidx-test-core = "androidx.test:core:1.6.1"
 androidx-test-ext-junit = "androidx.test.ext:junit:1.2.1"
 androidx-test-rules = "androidx.test:rules:1.6.1"
 animalsniffer = "org.codehaus.mojo:animal-sniffer:1.24"
 animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.24"
-assertj-core = "org.assertj:assertj-core:3.26.3"
+assertj-core = "org.assertj:assertj-core:3.27.3"
 auto-value = "com.google.auto.value:auto-value:1.11.0"
 auto-value-annotations = "com.google.auto.value:auto-value-annotations:1.11.0"
-checkstyle = "com.puppycrawl.tools:checkstyle:10.19.0"
+checkstyle = "com.puppycrawl.tools:checkstyle:10.21.2"
 commons-math3 = "org.apache.commons:commons-math3:3.6.1"
 conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
 cronet-api = "org.chromium.net:cronet-api:119.6045.31"
@@ -34,14 +36,16 @@ cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
 errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.30.0"
 # error-prone 2.32.0+ require Java 17+
 errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
-google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.48.0"
+google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.51.0"
 # google-auth-library 1.25.0+ requires error_prone_annotations 2.31.0+, which
 # breaks the Android build
 google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.24.1"
 google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.24.1"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
-google-cloud-logging = "com.google.cloud:google-cloud-logging:3.20.6"
+google-cloud-logging = "com.google.cloud:google-cloud-logging:3.21.2"
+# 2.12.1 requires error_prone_annotations:2.36.0 but we are stuck with 2.30.0
 gson = "com.google.code.gson:gson:2.11.0"
+# 33.4.0 requires com.google.errorprone:error_prone_annotations:2.36.0 but we are stuck with 2.30.0 (see above)
 guava = "com.google.guava:guava:33.3.1-android"
 guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
 guava-testlib = "com.google.guava:guava-testlib:33.3.1-android"
@@ -51,13 +55,15 @@ guava-jre = "com.google.guava:guava:33.3.1-jre"
 hdrhistogram = "org.hdrhistogram:HdrHistogram:2.2.2"
 # 6.0.0+ use java.lang.Deprecated forRemoval and since from Java 9
 jakarta-servlet-api = "jakarta.servlet:jakarta.servlet-api:5.0.0"
+# Using javax.annotation is fine as it is part of the JDK, we don't want to depend on J2EE
+# where it is relocated to as org.apache.tomcat:tomcat-annotations-api. See issue #9179.
 javax-annotation = "org.apache.tomcat:annotations-api:6.0.53"
 javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
 # 12.0.0+ require Java 17+
 jetty-client = "org.eclipse.jetty:jetty-client:11.0.24"
-jetty-http2-server = "org.eclipse.jetty.http2:http2-server:11.0.24"
+jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.0.16"
 jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.20"
-jetty-servlet = "org.eclipse.jetty:jetty-servlet:11.0.24"
+jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.0.16"
 jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.20"
 jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
 junit = "junit:junit:4.13.2"
@@ -85,18 +91,18 @@ opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-g
 opencensus-exporter-stats-stackdriver = { module = "io.opencensus:opencensus-exporter-stats-stackdriver", version.ref = "opencensus" }
 opencensus-exporter-trace-stackdriver = { module = "io.opencensus:opencensus-exporter-trace-stackdriver", version.ref = "opencensus" }
 opencensus-impl = { module = "io.opencensus:opencensus-impl", version.ref = "opencensus" }
-opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.43.0"
-opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.43.0-alpha"
-opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.40.0-alpha"
-opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.43.0"
-opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.43.0"
+opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.46.0"
+opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.46.0-alpha"
+opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.43.0-alpha"
+opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.46.0"
+opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.46.0"
 perfmark-api = "io.perfmark:perfmark-api:0.27.0"
 protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobuf" }
 protobuf-java-util = { module = "com.google.protobuf:protobuf-java-util", version.ref = "protobuf" }
 protobuf-javalite = { module = "com.google.protobuf:protobuf-javalite", version.ref = "protobuf" }
 protobuf-protoc = { module = "com.google.protobuf:protoc", version.ref = "protobuf" }
-re2j = "com.google.re2j:re2j:1.7"
-robolectric = "org.robolectric:robolectric:4.13"
+re2j = "com.google.re2j:re2j:1.8"
+robolectric = "org.robolectric:robolectric:4.14.1"
 signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r2"
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
@@ -109,5 +115,5 @@ undertow-servlet = "io.undertow:undertow-servlet:2.3.18.Final"
 # Do not update: Pinned to the last version supporting Java 8.
 # See https://checkstyle.sourceforge.io/releasenotes.html#Release_10.1
 checkstylejava8 = "com.puppycrawl.tools:checkstyle:9.3"
-# See https://github.com/google/error-prone/releases/tag/v2.11.0
+# 2.11.0+ requires JDK 11+ (See https://github.com/google/error-prone/releases/tag/v2.11.0)
 errorprone-corejava8 = "com.google.errorprone:error_prone_core:2.10.0"
diff --git a/repositories.bzl b/repositories.bzl
index 3f4cd11c1a6..b431b283a91 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -12,7 +12,7 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.48.0",
+    "com.google.api.grpc:proto-google-common-protos:2.51.0",
     "com.google.auth:google-auth-library-credentials:1.24.1",
     "com.google.auth:google-auth-library-oauth2-http:1.24.1",
     "com.google.auto.value:auto-value-annotations:1.11.0",
@@ -22,7 +22,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.errorprone:error_prone_annotations:2.30.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.3.1-android",
-    "com.google.re2j:re2j:1.7",
+    "com.google.re2j:re2j:1.8",
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
diff --git a/servlet/jakarta/build.gradle b/servlet/jakarta/build.gradle
index 51333856ddf..d1ebc1d4dc1 100644
--- a/servlet/jakarta/build.gradle
+++ b/servlet/jakarta/build.gradle
@@ -8,13 +8,15 @@ description = "gRPC: Jakarta Servlet"
 // Set up classpaths and source directories for different servlet tests
 sourceSets {
 
-    // Only run these tests if java 11+ is being used
-    if (JavaVersion.current().isJava11Compatible()) {
+    // Only run these tests if the required minimum Java version is being used
+    if (JavaVersion.current().isCompatibleWith(JavaVersion.VERSION_17)) {
         jettyTest {
             java {
                 include '**/Jetty*.java'
             }
         }
+    }
+    if (JavaVersion.current().isJava11Compatible()) {
         tomcatTest {
             java {
                 include '**/Tomcat*.java'
@@ -50,6 +52,8 @@ def migrate(String name, String inputDir, SourceSet sourceSet) {
             filter { String line ->
                 line.replace('javax.servlet', 'jakarta.servlet')
                     .replace('io.grpc.servlet', 'io.grpc.servlet.jakarta')
+                    .replace('org.eclipse.jetty.http2.parser', 'org.eclipse.jetty.http2')
+                    .replace('org.eclipse.jetty.servlet', 'org.eclipse.jetty.ee10.servlet')
             }
         }
     }
@@ -57,9 +61,11 @@ def migrate(String name, String inputDir, SourceSet sourceSet) {
 
 migrate('main', '../src/main/java', sourceSets.main)
 
-// Only build sourceSets and classpaths for tests if using Java 11
-if (JavaVersion.current().isJava11Compatible()) {
+// Only build sourceSets and classpaths for tests if using the required minimum Java version
+if (JavaVersion.current().isCompatibleWith(JavaVersion.VERSION_17)) {
     migrate('jettyTest', '../src/jettyTest/java', sourceSets.jettyTest)
+}
+if (JavaVersion.current().isJava11Compatible()) {
     migrate('tomcatTest', '../src/tomcatTest/java', sourceSets.tomcatTest)
     migrate('undertowTest', '../src/undertowTest/java', sourceSets.undertowTest)
 }
@@ -104,12 +110,19 @@ dependencies {
 
 // Set up individual classpaths for each test, to avoid any mismatch,
 // and ensure they are only used when supported by the current jvm
-if (JavaVersion.current().isJava11Compatible()) {
+if (JavaVersion.current().isCompatibleWith(JavaVersion.VERSION_17)) {
     def jetty11Test = tasks.register('jetty11Test', Test) {
         classpath = sourceSets.jettyTest.runtimeClasspath
         testClassesDirs = sourceSets.jettyTest.output.classesDirs
     }
-
+    tasks.named('compileJettyTestJava') { JavaCompile task ->
+        task.options.release.set 9
+    }
+    tasks.named("check").configure {
+        dependsOn jetty11Test
+    }
+}
+if (JavaVersion.current().isJava11Compatible()) {
     def tomcat10Test = tasks.register('tomcat10Test', Test) {
         classpath = sourceSets.tomcatTest.runtimeClasspath
         testClassesDirs = sourceSets.tomcatTest.output.classesDirs
@@ -134,6 +147,6 @@ if (JavaVersion.current().isJava11Compatible()) {
     }
 
     tasks.named("check").configure {
-        dependsOn jetty11Test, tomcat10Test, undertowTest
+        dependsOn tomcat10Test, undertowTest
     }
 }

From ade2dd20382ab47867bd38c3f21fa58930ebb97c Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Tue, 11 Feb 2025 12:38:52 -0800
Subject: [PATCH 178/591] xds: Change XdsClusterConfig to have children field
 instead of endpoint (#11888)

* Change XdsConfig to match spec with a `children` object holding either `a list of leaf cluster names` or `an EdsUpdate`.  Removed intermediate aggregate nodes from `XdsConfig.clusters`.
---
 xds/src/main/java/io/grpc/xds/XdsConfig.java  |  72 ++++++++--
 .../io/grpc/xds/XdsDependencyManager.java     | 135 +++++++++++++++---
 .../io/grpc/xds/XdsDependencyManagerTest.java |  46 +++---
 .../test/java/io/grpc/xds/XdsTestUtils.java   |   3 +-
 4 files changed, 209 insertions(+), 47 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsConfig.java b/xds/src/main/java/io/grpc/xds/XdsConfig.java
index 999ee0d4b0c..7af03caf4be 100644
--- a/xds/src/main/java/io/grpc/xds/XdsConfig.java
+++ b/xds/src/main/java/io/grpc/xds/XdsConfig.java
@@ -26,6 +26,7 @@
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import java.io.Closeable;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
@@ -103,19 +104,17 @@ public ImmutableMap<String, StatusOr<XdsClusterConfig>> getClusters() {
   static final class XdsClusterConfig {
     private final String clusterName;
     private final CdsUpdate clusterResource;
-    private final StatusOr<EdsUpdate> endpoint; //Will be null for non-EDS clusters
+    private final ClusterChild children; // holds details
 
-    XdsClusterConfig(String clusterName, CdsUpdate clusterResource,
-                      StatusOr<EdsUpdate> endpoint) {
+    XdsClusterConfig(String clusterName, CdsUpdate clusterResource, ClusterChild details) {
       this.clusterName = checkNotNull(clusterName, "clusterName");
       this.clusterResource = checkNotNull(clusterResource, "clusterResource");
-      this.endpoint = endpoint;
+      this.children = checkNotNull(details, "details");
     }
 
     @Override
     public int hashCode() {
-      int endpointHash = (endpoint != null) ? endpoint.hashCode() : 0;
-      return clusterName.hashCode() + clusterResource.hashCode() + endpointHash;
+      return clusterName.hashCode() + clusterResource.hashCode() + children.hashCode();
     }
 
     @Override
@@ -126,7 +125,7 @@ public boolean equals(Object obj) {
       XdsClusterConfig o = (XdsClusterConfig) obj;
       return Objects.equals(clusterName, o.clusterName)
           && Objects.equals(clusterResource, o.clusterResource)
-          && Objects.equals(endpoint, o.endpoint);
+          && Objects.equals(children, o.children);
     }
 
     @Override
@@ -134,7 +133,8 @@ public String toString() {
       StringBuilder builder = new StringBuilder();
       builder.append("XdsClusterConfig{clusterName=").append(clusterName)
           .append(", clusterResource=").append(clusterResource)
-          .append(", endpoint=").append(endpoint).append("}");
+          .append(", children={").append(children)
+          .append("}");
       return builder.toString();
     }
 
@@ -146,8 +146,60 @@ public CdsUpdate getClusterResource() {
       return clusterResource;
     }
 
-    public StatusOr<EdsUpdate> getEndpoint() {
-      return endpoint;
+    public ClusterChild getChildren() {
+      return children;
+    }
+
+    interface ClusterChild {}
+
+    /** Endpoint info for EDS and LOGICAL_DNS clusters.  If there was an
+     * error, endpoints will be null and resolution_note will be set.
+     */
+    static final class EndpointConfig implements ClusterChild {
+      private final StatusOr<EdsUpdate> endpoint;
+
+      public EndpointConfig(StatusOr<EdsUpdate> endpoint) {
+        this.endpoint = checkNotNull(endpoint, "endpoint");
+      }
+
+      @Override
+      public int hashCode() {
+        return endpoint.hashCode();
+      }
+
+      @Override
+      public boolean equals(Object obj) {
+        if (!(obj instanceof EndpointConfig)) {
+          return false;
+        }
+        return Objects.equals(endpoint, ((EndpointConfig)obj).endpoint);
+      }
+
+      public StatusOr<EdsUpdate> getEndpoint() {
+        return endpoint;
+      }
+    }
+
+    // The list of leaf clusters for an aggregate cluster.
+    static final class AggregateConfig implements ClusterChild {
+      private final List<String> leafNames;
+
+      public AggregateConfig(List<String> leafNames) {
+        this.leafNames = checkNotNull(leafNames, "leafNames");
+      }
+
+      @Override
+      public int hashCode() {
+        return leafNames.hashCode();
+      }
+
+      @Override
+      public boolean equals(Object obj) {
+        if (!(obj instanceof AggregateConfig)) {
+          return false;
+        }
+        return Objects.equals(leafNames, ((AggregateConfig) obj).leafNames);
+      }
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index d2af47bc9db..a7400950375 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -29,6 +29,9 @@
 import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.xds.VirtualHost.Route.RouteAction.ClusterWeight;
+import io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType;
+import io.grpc.xds.XdsConfig.XdsClusterConfig.AggregateConfig;
+import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
@@ -36,6 +39,7 @@
 import io.grpc.xds.client.XdsResourceType;
 import java.io.Closeable;
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -43,6 +47,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
+import java.util.stream.Collectors;
 import javax.annotation.Nullable;
 
 /**
@@ -299,27 +304,123 @@ XdsConfig buildConfig() {
     Map<String, ? extends XdsWatcherBase<?>> cdsWatchers =
         resourceWatchers.get(CLUSTER_RESOURCE).watchers;
 
-    // Iterate CDS watchers
-    for (XdsWatcherBase<?> watcher : cdsWatchers.values()) {
-      CdsWatcher cdsWatcher = (CdsWatcher) watcher;
-      String clusterName = cdsWatcher.resourceName();
-      StatusOr<XdsClusterResource.CdsUpdate> cdsUpdate = cdsWatcher.getData();
-      if (cdsUpdate.hasValue()) {
-        XdsConfig.XdsClusterConfig clusterConfig;
-        String edsName = cdsUpdate.getValue().edsServiceName();
-        EdsWatcher edsWatcher = (EdsWatcher) edsWatchers.get(edsName);
-
-        // Only EDS type clusters have endpoint data
-        StatusOr<XdsEndpointResource.EdsUpdate> data =
-            edsWatcher != null ? edsWatcher.getData() : null;
-        clusterConfig = new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate.getValue(), data);
-        builder.addCluster(clusterName, StatusOr.fromValue(clusterConfig));
+    // Only care about aggregates from LDS/RDS or subscriptions and the leaf clusters
+    List<String> topLevelClusters =
+        cdsWatchers.values().stream()
+            .filter(XdsDependencyManager::isTopLevelCluster)
+            .map(w -> w.resourceName())
+            .collect(Collectors.toList());
+
+    // Flatten multi-level aggregates into lists of leaf clusters
+    Set<String> leafNames =
+        addTopLevelClustersToBuilder(builder, edsWatchers, cdsWatchers, topLevelClusters);
+
+    addLeavesToBuilder(builder, edsWatchers, leafNames);
+
+    return builder.build();
+  }
+
+  private void addLeavesToBuilder(XdsConfig.XdsConfigBuilder builder,
+                                  Map<String, ? extends XdsWatcherBase<?>> edsWatchers,
+                                  Set<String> leafNames) {
+    for (String clusterName : leafNames) {
+      CdsWatcher cdsWatcher = getCluster(clusterName);
+      StatusOr<XdsClusterResource.CdsUpdate> cdsUpdateOr = cdsWatcher.getData();
+
+      if (cdsUpdateOr.hasValue()) {
+        XdsClusterResource.CdsUpdate cdsUpdate = cdsUpdateOr.getValue();
+        if (cdsUpdate.clusterType() == ClusterType.EDS) {
+          EdsWatcher edsWatcher = (EdsWatcher) edsWatchers.get(cdsUpdate.edsServiceName());
+          if (edsWatcher != null) {
+            EndpointConfig child = new EndpointConfig(edsWatcher.getData());
+            builder.addCluster(clusterName, StatusOr.fromValue(
+                new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
+          } else {
+            builder.addCluster(clusterName, StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
+                "EDS resource not found for cluster " + clusterName)));
+          }
+        } else if (cdsUpdate.clusterType() == ClusterType.LOGICAL_DNS) {
+          // TODO get the resolved endpoint configuration
+          builder.addCluster(clusterName, StatusOr.fromValue(
+              new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, new EndpointConfig(null))));
+        }
       } else {
-        builder.addCluster(clusterName, StatusOr.fromStatus(cdsUpdate.getStatus()));
+        builder.addCluster(clusterName, StatusOr.fromStatus(cdsUpdateOr.getStatus()));
       }
     }
+  }
 
-    return builder.build();
+  // Adds the top-level clusters to the builder and returns the leaf cluster names
+  private Set<String> addTopLevelClustersToBuilder(
+      XdsConfig.XdsConfigBuilder builder, Map<String, ? extends XdsWatcherBase<?>> edsWatchers,
+      Map<String, ? extends XdsWatcherBase<?>> cdsWatchers, List<String> topLevelClusters) {
+
+    Set<String> leafClusterNames = new HashSet<>();
+    for (String clusterName : topLevelClusters) {
+      CdsWatcher cdsWatcher = (CdsWatcher) cdsWatchers.get(clusterName);
+      StatusOr<XdsClusterResource.CdsUpdate> cdsWatcherDataOr = cdsWatcher.getData();
+      if (!cdsWatcher.hasDataValue()) {
+        builder.addCluster(clusterName, StatusOr.fromStatus(cdsWatcherDataOr.getStatus()));
+        continue;
+      }
+
+      XdsClusterResource.CdsUpdate cdsUpdate = cdsWatcherDataOr.getValue();
+      XdsConfig.XdsClusterConfig.ClusterChild child;
+      switch (cdsUpdate.clusterType()) {
+        case AGGREGATE:
+          List<String> leafNames = getLeafNames(cdsUpdate);
+          child = new AggregateConfig(leafNames);
+          leafClusterNames.addAll(leafNames);
+          break;
+        case EDS:
+          EdsWatcher edsWatcher = (EdsWatcher) edsWatchers.get(cdsUpdate.edsServiceName());
+          if (edsWatcher != null) {
+            child = new EndpointConfig(edsWatcher.getData());
+          } else {
+            builder.addCluster(clusterName, StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
+                "EDS resource not found for cluster " + clusterName)));
+            continue;
+          }
+          break;
+        case LOGICAL_DNS:
+          // TODO get the resolved endpoint configuration
+          child = new EndpointConfig(null);
+          break;
+        default:
+          throw new IllegalStateException("Unexpected value: " + cdsUpdate.clusterType());
+      }
+      builder.addCluster(clusterName, StatusOr.fromValue(
+          new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
+    }
+
+    return leafClusterNames;
+  }
+
+  private List<String> getLeafNames(XdsClusterResource.CdsUpdate cdsUpdate) {
+    List<String> childNames = new ArrayList<>();
+
+    for (String cluster : cdsUpdate.prioritizedClusterNames()) {
+      StatusOr<XdsClusterResource.CdsUpdate> data = getCluster(cluster).getData();
+      if (data == null || !data.hasValue() || data.getValue() == null) {
+        childNames.add(cluster);
+        continue;
+      }
+      if (data.getValue().clusterType() == ClusterType.AGGREGATE) {
+        childNames.addAll(getLeafNames(data.getValue()));
+      } else {
+        childNames.add(cluster);
+      }
+    }
+
+    return childNames;
+  }
+
+  private static boolean isTopLevelCluster(XdsWatcherBase<?> cdsWatcher) {
+    if (! (cdsWatcher instanceof CdsWatcher)) {
+      return false;
+    }
+    return ((CdsWatcher)cdsWatcher).parentContexts.values().stream()
+        .anyMatch(depth -> depth == 1);
   }
 
   @Override
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index 96aeb0f41fb..c4b7c6c8ace 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -57,6 +57,8 @@
 import io.grpc.internal.ExponentialBackoffPolicy;
 import io.grpc.internal.FakeClock;
 import io.grpc.testing.GrpcCleanupRule;
+import io.grpc.xds.XdsConfig.XdsClusterConfig;
+import io.grpc.xds.XdsEndpointResource.EdsUpdate;
 import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.client.XdsClient;
@@ -219,28 +221,37 @@ public void verify_simple_aggregate() {
     XdsTestUtils.setAggregateCdsConfig(controlPlaneService, serverName, rootName, childNames);
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
 
-    Map<String, StatusOr<XdsConfig.XdsClusterConfig>> lastConfigClusters =
+    Map<String, StatusOr<XdsClusterConfig>> lastConfigClusters =
         testWatcher.lastConfig.getClusters();
     assertThat(lastConfigClusters).hasSize(childNames.size() + 1);
-    StatusOr<XdsConfig.XdsClusterConfig> rootC = lastConfigClusters.get(rootName);
+    StatusOr<XdsClusterConfig> rootC = lastConfigClusters.get(rootName);
     XdsClusterResource.CdsUpdate rootUpdate = rootC.getValue().getClusterResource();
     assertThat(rootUpdate.clusterType()).isEqualTo(AGGREGATE);
     assertThat(rootUpdate.prioritizedClusterNames()).isEqualTo(childNames);
 
     for (String childName : childNames) {
       assertThat(lastConfigClusters).containsKey(childName);
+      StatusOr<XdsClusterConfig> childConfigOr = lastConfigClusters.get(childName);
       XdsClusterResource.CdsUpdate childResource =
-          lastConfigClusters.get(childName).getValue().getClusterResource();
+          childConfigOr.getValue().getClusterResource();
       assertThat(childResource.clusterType()).isEqualTo(EDS);
       assertThat(childResource.edsServiceName()).isEqualTo(getEdsNameForCluster(childName));
 
-      StatusOr<XdsEndpointResource.EdsUpdate> endpoint =
-          lastConfigClusters.get(childName).getValue().getEndpoint();
+      StatusOr<EdsUpdate> endpoint = getEndpoint(childConfigOr);
       assertThat(endpoint.hasValue()).isTrue();
       assertThat(endpoint.getValue().clusterName).isEqualTo(getEdsNameForCluster(childName));
     }
   }
 
+  private static StatusOr<EdsUpdate> getEndpoint(StatusOr<XdsClusterConfig> childConfigOr) {
+    XdsClusterConfig.ClusterChild clusterChild = childConfigOr.getValue()
+        .getChildren();
+    assertThat(clusterChild).isInstanceOf(XdsClusterConfig.EndpointConfig.class);
+    StatusOr<EdsUpdate> endpoint = ((XdsClusterConfig.EndpointConfig) clusterChild).getEndpoint();
+    assertThat(endpoint).isNotNull();
+    return endpoint;
+  }
+
   @Test
   public void testComplexRegisteredAggregate() throws IOException {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
@@ -289,7 +300,6 @@ public void testDelayedSubscription() {
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
 
     String rootName1 = "root_c";
-    List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
 
     Closeable subscription1 = xdsDependencyManager.subscribeToCluster(rootName1);
     assertThat(subscription1).isNotNull();
@@ -299,6 +309,7 @@ public void testDelayedSubscription() {
         StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
             "No " + toContextStr(CLUSTER_TYPE_NAME, rootName1))).toString());
 
+    List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
     XdsTestUtils.addAggregateToExistingConfig(controlPlaneService, rootName1, childNames);
     inOrder.verify(xdsConfigWatcher).onUpdate(xdsConfigCaptor.capture());
     assertThat(xdsConfigCaptor.getValue().getClusters().get(rootName1).hasValue()).isTrue();
@@ -336,7 +347,7 @@ public void testMissingCdsAndEds() {
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
     verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
 
-    List<StatusOr<XdsConfig.XdsClusterConfig>> returnedClusters = new ArrayList<>();
+    List<StatusOr<XdsClusterConfig>> returnedClusters = new ArrayList<>();
     for (String childName : childNames) {
       returnedClusters.add(xdsConfigCaptor.getValue().getClusters().get(childName));
     }
@@ -344,7 +355,7 @@ public void testMissingCdsAndEds() {
     // Check that missing cluster reported Status and the other 2 are present
     Status expectedClusterStatus = Status.UNAVAILABLE.withDescription(
         "No " + toContextStr(CLUSTER_TYPE_NAME, childNames.get(2)));
-    StatusOr<XdsConfig.XdsClusterConfig> missingCluster = returnedClusters.get(2);
+    StatusOr<XdsClusterConfig> missingCluster = returnedClusters.get(2);
     assertThat(missingCluster.getStatus().toString()).isEqualTo(expectedClusterStatus.toString());
     assertThat(returnedClusters.get(0).hasValue()).isTrue();
     assertThat(returnedClusters.get(1).hasValue()).isTrue();
@@ -352,9 +363,9 @@ public void testMissingCdsAndEds() {
     // Check that missing EDS reported Status, the other one is present and the garbage EDS is not
     Status expectedEdsStatus = Status.UNAVAILABLE.withDescription(
         "No " + toContextStr(ENDPOINT_TYPE_NAME, XdsTestUtils.EDS_NAME + 1));
-    assertThat(returnedClusters.get(0).getValue().getEndpoint().hasValue()).isTrue();
-    assertThat(returnedClusters.get(1).getValue().getEndpoint().hasValue()).isFalse();
-    assertThat(returnedClusters.get(1).getValue().getEndpoint().getStatus().toString())
+    assertThat(getEndpoint(returnedClusters.get(0)).hasValue()).isTrue();
+    assertThat(getEndpoint(returnedClusters.get(1)).hasValue()).isFalse();
+    assertThat(getEndpoint(returnedClusters.get(1)).getStatus().toString())
         .isEqualTo(expectedEdsStatus.toString());
 
     verify(xdsConfigWatcher, never()).onResourceDoesNotExist(any());
@@ -539,7 +550,7 @@ public void testMultipleParentsInCdsTree() throws IOException {
     controlPlaneService.setXdsConfig(
         ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, newRouteConfig));
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    assertThat(xdsConfigCaptor.getValue().getClusters().keySet().size()).isEqualTo(8);
+    assertThat(xdsConfigCaptor.getValue().getClusters().keySet().size()).isEqualTo(4);
 
     // Now that it is released, we should only have A11
     rootSub.close();
@@ -582,11 +593,9 @@ public void testMultipleCdsReferToSameEds() {
     assertThat(initialConfig.getClusters().keySet())
         .containsExactly("root", "clusterA", "clusterB");
 
-    XdsEndpointResource.EdsUpdate edsForA =
-        initialConfig.getClusters().get("clusterA").getValue().getEndpoint().getValue();
+    EdsUpdate edsForA = getEndpoint(initialConfig.getClusters().get("clusterA")).getValue();
     assertThat(edsForA.clusterName).isEqualTo(edsName);
-    XdsEndpointResource.EdsUpdate edsForB =
-        initialConfig.getClusters().get("clusterB").getValue().getEndpoint().getValue();
+    EdsUpdate edsForB = getEndpoint(initialConfig.getClusters().get("clusterB")).getValue();
     assertThat(edsForB.clusterName).isEqualTo(edsName);
     assertThat(edsForA).isEqualTo(edsForB);
     edsForA.localityLbEndpointsMap.values().forEach(
@@ -635,7 +644,7 @@ public void testChangeRdsName_FromLds_complexTree() {
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
     XdsConfig config = xdsConfigCaptor.getValue();
     assertThat(config.getVirtualHost().name()).isEqualTo(newRdsName);
-    assertThat(config.getClusters().size()).isEqualTo(8);
+    assertThat(config.getClusters().size()).isEqualTo(4);
   }
 
   @Test
@@ -689,8 +698,7 @@ public void testChangeAggCluster() {
     // Verify that the config is updated as expected
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
     XdsConfig config = xdsConfigCaptor.getValue();
-    assertThat(config.getClusters().keySet()).containsExactly("root", "clusterA", "clusterA2",
-        "clusterA21", "clusterA22");
+    assertThat(config.getClusters().keySet()).containsExactly("root", "clusterA21", "clusterA22");
   }
 
   private Listener buildInlineClientListener(String rdsName, String clusterName) {
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index 7f5ec0b27c6..ea28734ec6a 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -57,6 +57,7 @@
 import io.grpc.stub.StreamObserver;
 import io.grpc.xds.Endpoints.LbEndpoint;
 import io.grpc.xds.Endpoints.LocalityLbEndpoints;
+import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsResourceType;
@@ -269,7 +270,7 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
         CLUSTER_NAME, EDS_NAME, serverInfo, null, null, null)
         .lbPolicyConfig(getWrrLbConfigAsMap()).build();
     XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
-        CLUSTER_NAME, cdsUpdate, StatusOr.fromValue(edsUpdate));
+        CLUSTER_NAME, cdsUpdate, new EndpointConfig(StatusOr.fromValue(edsUpdate)));
 
     builder
         .setListener(ldsUpdate)

From 764a4e3f08ec91eda231e59cbb1d75e80a2be6aa Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Tue, 11 Feb 2025 14:34:46 -0800
Subject: [PATCH 179/591] xds: Cleanup by moving methods in
 XdsDependencyManager ahead of classes (#11890)

* Move private methods ahead of classes
---
 .../io/grpc/xds/XdsDependencyManager.java     | 248 +++++++++---------
 1 file changed, 123 insertions(+), 125 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index a7400950375..4adfebfe74d 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -138,8 +138,6 @@ private void cancelEdsWatcher(EdsWatcher watcher, CdsWatcher parentContext) {
     }
   }
 
-
-
   private <T extends ResourceUpdate> void cancelWatcher(XdsWatcherBase<T> watcher) {
     syncContext.throwIfNotInThisSynchronizationContext();
 
@@ -428,6 +426,129 @@ public String toString() {
     return logId.toString();
   }
 
+  // Returns true if the watcher was added, false if it already exists
+  private boolean addEdsWatcher(String edsServiceName, CdsWatcher parentContext) {
+    TypeWatchers<?> typeWatchers = resourceWatchers.get(XdsEndpointResource.getInstance());
+    if (typeWatchers == null || !typeWatchers.watchers.containsKey(edsServiceName)) {
+      addWatcher(new EdsWatcher(edsServiceName, parentContext));
+      return true;
+    }
+
+    EdsWatcher watcher = (EdsWatcher) typeWatchers.watchers.get(edsServiceName);
+    watcher.addParentContext(parentContext); // Is a set, so don't need to check for existence
+    return false;
+  }
+
+  private void addClusterWatcher(String clusterName, Object parentContext, int depth) {
+    TypeWatchers<?> clusterWatchers = resourceWatchers.get(CLUSTER_RESOURCE);
+    if (clusterWatchers != null) {
+      CdsWatcher watcher = (CdsWatcher) clusterWatchers.watchers.get(clusterName);
+      if (watcher != null) {
+        watcher.parentContexts.put(parentContext, depth);
+        return;
+      }
+    }
+
+    addWatcher(new CdsWatcher(clusterName, parentContext, depth));
+  }
+
+  private void updateRoutes(List<VirtualHost> virtualHosts, Object newParentContext,
+                            VirtualHost oldVirtualHost, boolean sameParentContext) {
+    VirtualHost virtualHost =
+        RoutingUtils.findVirtualHostForHostName(virtualHosts, dataPlaneAuthority);
+    if (virtualHost == null) {
+      String error = "Failed to find virtual host matching hostname: " + dataPlaneAuthority;
+      logger.log(XdsLogger.XdsLogLevel.WARNING, error);
+      cleanUpRoutes();
+      xdsConfigWatcher.onError(
+          "xDS node ID:" + dataPlaneAuthority, Status.UNAVAILABLE.withDescription(error));
+      return;
+    }
+
+    Set<String> newClusters = getClusterNamesFromVirtualHost(virtualHost);
+    Set<String> oldClusters = getClusterNamesFromVirtualHost(oldVirtualHost);
+
+    if (sameParentContext) {
+      // Calculate diffs.
+      Set<String> addedClusters = Sets.difference(newClusters, oldClusters);
+      Set<String> deletedClusters = Sets.difference(oldClusters, newClusters);
+
+      deletedClusters.forEach(watcher ->
+          cancelClusterWatcherTree(getCluster(watcher), newParentContext));
+      addedClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext, 1));
+    } else {
+      newClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext, 1));
+    }
+  }
+
+  private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHost) {
+    if (virtualHost == null) {
+      return Collections.emptySet();
+    }
+
+    // Get all cluster names to which requests can be routed through the virtual host.
+    Set<String> clusters = new HashSet<>();
+    for (VirtualHost.Route route : virtualHost.routes()) {
+      VirtualHost.Route.RouteAction action = route.routeAction();
+      if (action == null) {
+        continue;
+      }
+      if (action.cluster() != null) {
+        clusters.add(action.cluster());
+      } else if (action.weightedClusters() != null) {
+        for (ClusterWeight weighedCluster : action.weightedClusters()) {
+          clusters.add(weighedCluster.name());
+        }
+      }
+    }
+
+    return clusters;
+  }
+
+  @Nullable
+  private VirtualHost getActiveVirtualHost() {
+    TypeWatchers<?> rdsWatchers = resourceWatchers.get(XdsRouteConfigureResource.getInstance());
+    if (rdsWatchers == null) {
+      return null;
+    }
+
+    RdsWatcher activeRdsWatcher =
+        (RdsWatcher) rdsWatchers.watchers.values().stream().findFirst().orElse(null);
+    if (activeRdsWatcher == null || activeRdsWatcher.missingResult()
+        || !activeRdsWatcher.getData().hasValue()) {
+      return null;
+    }
+
+    return RoutingUtils.findVirtualHostForHostName(
+        activeRdsWatcher.getData().getValue().virtualHosts, dataPlaneAuthority);
+  }
+
+  // Must be in SyncContext
+  private void cleanUpRoutes() {
+    // Remove RdsWatcher & CDS Watchers
+    TypeWatchers<?> rdsResourceWatcher =
+        resourceWatchers.get(XdsRouteConfigureResource.getInstance());
+    if (rdsResourceWatcher == null || rdsResourceWatcher.watchers.isEmpty()) {
+      return;
+    }
+
+    XdsWatcherBase<?> watcher = rdsResourceWatcher.watchers.values().stream().findFirst().get();
+    cancelWatcher(watcher);
+
+    // Remove CdsWatchers pointed to by the RdsWatcher
+    RdsWatcher rdsWatcher = (RdsWatcher) watcher;
+    for (String cName : rdsWatcher.getCdsNames()) {
+      CdsWatcher cdsWatcher = getCluster(cName);
+      if (cdsWatcher != null) {
+        cancelClusterWatcherTree(cdsWatcher, rdsWatcher);
+      }
+    }
+  }
+
+  private CdsWatcher getCluster(String clusterName) {
+    return (CdsWatcher) resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(clusterName);
+  }
+
   private static class TypeWatchers<T extends ResourceUpdate> {
     // Key is resource name
     final Map<String, XdsWatcherBase<T>> watchers = new HashMap<>();
@@ -720,32 +841,6 @@ public void onResourceDoesNotExist(String resourceName) {
     }
   }
 
-  // Returns true if the watcher was added, false if it already exists
-  private boolean addEdsWatcher(String edsServiceName, CdsWatcher parentContext) {
-    TypeWatchers<?> typeWatchers = resourceWatchers.get(XdsEndpointResource.getInstance());
-    if (typeWatchers == null || !typeWatchers.watchers.containsKey(edsServiceName)) {
-      addWatcher(new EdsWatcher(edsServiceName, parentContext));
-      return true;
-    }
-
-    EdsWatcher watcher = (EdsWatcher) typeWatchers.watchers.get(edsServiceName);
-    watcher.addParentContext(parentContext); // Is a set, so don't need to check for existence
-    return false;
-  }
-
-  private void addClusterWatcher(String clusterName, Object parentContext, int depth) {
-    TypeWatchers<?> clusterWatchers = resourceWatchers.get(CLUSTER_RESOURCE);
-    if (clusterWatchers != null) {
-      CdsWatcher watcher = (CdsWatcher) clusterWatchers.watchers.get(clusterName);
-      if (watcher != null) {
-        watcher.parentContexts.put(parentContext, depth);
-        return;
-      }
-    }
-
-    addWatcher(new CdsWatcher(clusterName, parentContext, depth));
-  }
-
   private class EdsWatcher extends XdsWatcherBase<XdsEndpointResource.EdsUpdate> {
     private final Set<CdsWatcher> parentContexts = new HashSet<>();
 
@@ -770,101 +865,4 @@ void addParentContext(CdsWatcher parentContext) {
       parentContexts.add(checkNotNull(parentContext, "parentContext"));
     }
   }
-
-  private void updateRoutes(List<VirtualHost> virtualHosts, Object newParentContext,
-                            VirtualHost oldVirtualHost, boolean sameParentContext) {
-    VirtualHost virtualHost =
-        RoutingUtils.findVirtualHostForHostName(virtualHosts, dataPlaneAuthority);
-    if (virtualHost == null) {
-      String error = "Failed to find virtual host matching hostname: " + dataPlaneAuthority;
-      logger.log(XdsLogger.XdsLogLevel.WARNING, error);
-      cleanUpRoutes();
-      xdsConfigWatcher.onError(
-          "xDS node ID:" + dataPlaneAuthority, Status.UNAVAILABLE.withDescription(error));
-      return;
-    }
-
-    Set<String> newClusters = getClusterNamesFromVirtualHost(virtualHost);
-    Set<String> oldClusters = getClusterNamesFromVirtualHost(oldVirtualHost);
-
-    if (sameParentContext) {
-      // Calculate diffs.
-      Set<String> addedClusters = Sets.difference(newClusters, oldClusters);
-      Set<String> deletedClusters = Sets.difference(oldClusters, newClusters);
-
-      deletedClusters.forEach(watcher ->
-          cancelClusterWatcherTree(getCluster(watcher), newParentContext));
-      addedClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext, 1));
-    } else {
-      newClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext, 1));
-    }
-  }
-
-  private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHost) {
-    if (virtualHost == null) {
-      return Collections.emptySet();
-    }
-
-    // Get all cluster names to which requests can be routed through the virtual host.
-    Set<String> clusters = new HashSet<>();
-    for (VirtualHost.Route route : virtualHost.routes()) {
-      VirtualHost.Route.RouteAction action = route.routeAction();
-      if (action == null) {
-        continue;
-      }
-      if (action.cluster() != null) {
-        clusters.add(action.cluster());
-      } else if (action.weightedClusters() != null) {
-        for (ClusterWeight weighedCluster : action.weightedClusters()) {
-          clusters.add(weighedCluster.name());
-        }
-      }
-    }
-
-    return clusters;
-  }
-
-  @Nullable
-  private VirtualHost getActiveVirtualHost() {
-    TypeWatchers<?> rdsWatchers = resourceWatchers.get(XdsRouteConfigureResource.getInstance());
-    if (rdsWatchers == null) {
-      return null;
-    }
-
-    RdsWatcher activeRdsWatcher =
-        (RdsWatcher) rdsWatchers.watchers.values().stream().findFirst().orElse(null);
-    if (activeRdsWatcher == null || activeRdsWatcher.missingResult()
-        || !activeRdsWatcher.getData().hasValue()) {
-      return null;
-    }
-
-    return RoutingUtils.findVirtualHostForHostName(
-        activeRdsWatcher.getData().getValue().virtualHosts, dataPlaneAuthority);
-  }
-
-  // Must be in SyncContext
-  private void cleanUpRoutes() {
-    // Remove RdsWatcher & CDS Watchers
-    TypeWatchers<?> rdsResourceWatcher =
-        resourceWatchers.get(XdsRouteConfigureResource.getInstance());
-    if (rdsResourceWatcher == null || rdsResourceWatcher.watchers.isEmpty()) {
-      return;
-    }
-
-    XdsWatcherBase<?> watcher = rdsResourceWatcher.watchers.values().stream().findFirst().get();
-    cancelWatcher(watcher);
-
-    // Remove CdsWatchers pointed to by the RdsWatcher
-    RdsWatcher rdsWatcher = (RdsWatcher) watcher;
-    for (String cName : rdsWatcher.getCdsNames()) {
-      CdsWatcher cdsWatcher = getCluster(cName);
-      if (cdsWatcher != null) {
-        cancelClusterWatcherTree(cdsWatcher, rdsWatcher);
-      }
-    }
-  }
-
-  private CdsWatcher getCluster(String clusterName) {
-    return (CdsWatcher) resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(clusterName);
-  }
 }

From 122b6837175c66b728e379f8a826472def34ba18 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 12 Feb 2025 14:54:46 -0800
Subject: [PATCH 180/591] Upgrade netty-tcnative to 2.0.70

---
 MODULE.bazel              | 5 +++--
 SECURITY.md               | 3 ++-
 gradle/libs.versions.toml | 2 +-
 repositories.bzl          | 4 ++--
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 7131affbdff..9c18d918a2c 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -31,8 +31,8 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.netty:netty-handler-proxy:4.1.110.Final",
     "io.netty:netty-handler:4.1.110.Final",
     "io.netty:netty-resolver:4.1.110.Final",
-    "io.netty:netty-tcnative-boringssl-static:2.0.65.Final",
-    "io.netty:netty-tcnative-classes:2.0.65.Final",
+    "io.netty:netty-tcnative-boringssl-static:2.0.70.Final",
+    "io.netty:netty-tcnative-classes:2.0.70.Final",
     "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.110.Final",
     "io.netty:netty-transport-native-unix-common:4.1.110.Final",
     "io.netty:netty-transport:4.1.110.Final",
@@ -48,6 +48,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
 
 bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
+
 # CEL Spec may be removed when cncf/xds MODULE is no longer using protobuf 27.x
 bazel_dep(name = "cel-spec", repo_name = "dev_cel", version = "0.15.0")
 bazel_dep(name = "grpc", repo_name = "com_github_grpc_grpc", version = "1.56.3.bcr.1")
diff --git a/SECURITY.md b/SECURITY.md
index 5c5e3598b29..48d6e0919a1 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -399,7 +399,8 @@ grpc-netty version | netty-handler version | netty-tcnative-boringssl-static ver
 1.57.x-1.58.x      | 4.1.93.Final          | 2.0.61.Final
 1.59.x             | 4.1.97.Final          | 2.0.61.Final
 1.60.x-1.66.x      | 4.1.100.Final         | 2.0.61.Final
-1.67.x             | 4.1.110.Final         | 2.0.65.Final
+1.67.x-1.70.x      | 4.1.110.Final         | 2.0.65.Final
+1.71.x-            | 4.1.110.Final         | 2.0.70.Final
 
 _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_
 
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index c1554d6b2e0..b6b2e5e0e45 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -2,7 +2,7 @@
 netty = '4.1.110.Final'
 # Keep the following references of tcnative version in sync whenever it's updated:
 #   SECURITY.md
-nettytcnative = '2.0.65.Final'
+nettytcnative = '2.0.70.Final'
 opencensus = "0.31.1"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
diff --git a/repositories.bzl b/repositories.bzl
index b431b283a91..a4f5b0de1c6 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -35,8 +35,8 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.netty:netty-handler-proxy:4.1.110.Final",
     "io.netty:netty-handler:4.1.110.Final",
     "io.netty:netty-resolver:4.1.110.Final",
-    "io.netty:netty-tcnative-boringssl-static:2.0.65.Final",
-    "io.netty:netty-tcnative-classes:2.0.65.Final",
+    "io.netty:netty-tcnative-boringssl-static:2.0.70.Final",
+    "io.netty:netty-tcnative-classes:2.0.70.Final",
     "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.110.Final",
     "io.netty:netty-transport-native-unix-common:4.1.110.Final",
     "io.netty:netty-transport:4.1.110.Final",

From 7585b1607dca2ccb3735616a1a05f83b53f814ef Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 14 Feb 2025 11:38:06 +0530
Subject: [PATCH 181/591] core: remember last pick status in no real stream
 (#11851)

---
 .../grpc/internal/DelayedClientTransport.java | 20 +++++++++++++++----
 .../internal/DelayedClientTransportTest.java  | 17 ++++++++++++++++
 2 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
index f3faa92d4a0..8ff755af3eb 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
@@ -129,8 +129,9 @@ public final ClientStream newStream(
         if (state.shutdownStatus != null) {
           return new FailingClientStream(state.shutdownStatus, tracers);
         }
+        PickResult pickResult = null;
         if (state.lastPicker != null) {
-          PickResult pickResult = state.lastPicker.pickSubchannel(args);
+          pickResult = state.lastPicker.pickSubchannel(args);
           callOptions = args.getCallOptions();
           // User code provided authority takes precedence over the LB provided one.
           if (callOptions.getAuthority() == null
@@ -156,7 +157,7 @@ public final ClientStream newStream(
         synchronized (lock) {
           PickerState newerState = pickerState;
           if (state == newerState) {
-            return createPendingStream(args, tracers);
+            return createPendingStream(args, tracers, pickResult);
           }
           state = newerState;
         }
@@ -171,9 +172,12 @@ public final ClientStream newStream(
    * schedule tasks on syncContext.
    */
   @GuardedBy("lock")
-  private PendingStream createPendingStream(
-      PickSubchannelArgs args, ClientStreamTracer[] tracers) {
+  private PendingStream createPendingStream(PickSubchannelArgs args, ClientStreamTracer[] tracers,
+      PickResult pickResult) {
     PendingStream pendingStream = new PendingStream(args, tracers);
+    if (args.getCallOptions().isWaitForReady() && pickResult != null && pickResult.hasResult()) {
+      pendingStream.lastPickStatus = pickResult.getStatus();
+    }
     pendingStreams.add(pendingStream);
     if (getPendingStreamsCount() == 1) {
       syncContext.executeLater(reportTransportInUse);
@@ -293,6 +297,9 @@ final void reprocess(@Nullable SubchannelPicker picker) {
     for (final PendingStream stream : toProcess) {
       PickResult pickResult = picker.pickSubchannel(stream.args);
       CallOptions callOptions = stream.args.getCallOptions();
+      if (callOptions.isWaitForReady() && pickResult.hasResult()) {
+        stream.lastPickStatus = pickResult.getStatus();
+      }
       final ClientTransport transport = GrpcUtil.getTransportFromPickResult(pickResult,
           callOptions.isWaitForReady());
       if (transport != null) {
@@ -349,6 +356,7 @@ private class PendingStream extends DelayedStream {
     private final PickSubchannelArgs args;
     private final Context context = Context.current();
     private final ClientStreamTracer[] tracers;
+    private volatile Status lastPickStatus;
 
     private PendingStream(PickSubchannelArgs args, ClientStreamTracer[] tracers) {
       this.args = args;
@@ -405,6 +413,10 @@ protected void onEarlyCancellation(Status reason) {
     public void appendTimeoutInsight(InsightBuilder insight) {
       if (args.getCallOptions().isWaitForReady()) {
         insight.append("wait_for_ready");
+        Status status = lastPickStatus;
+        if (status != null && !status.isOk()) {
+          insight.appendKeyValue("Last Pick Failure", status);
+        }
       }
       super.appendTimeoutInsight(insight);
     }
diff --git a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
index f65e6abcf1b..902c2835a92 100644
--- a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
@@ -745,6 +745,23 @@ public void pendingStream_appendTimeoutInsight_waitForReady() {
         .matches("\\[wait_for_ready, buffered_nanos=[0-9]+\\, waiting_for_connection]");
   }
 
+  @Test
+  public void pendingStream_appendTimeoutInsight_waitForReady_withLastPickFailure() {
+    ClientStream stream = delayedTransport.newStream(
+        method, headers, callOptions.withWaitForReady(), tracers);
+    stream.start(streamListener);
+    SubchannelPicker picker = mock(SubchannelPicker.class);
+    when(picker.pickSubchannel(any(PickSubchannelArgs.class)))
+        .thenReturn(PickResult.withError(Status.PERMISSION_DENIED));
+    delayedTransport.reprocess(picker);
+    InsightBuilder insight = new InsightBuilder();
+    stream.appendTimeoutInsight(insight);
+    assertThat(insight.toString())
+        .matches("\\[wait_for_ready, "
+            + "Last Pick Failure=Status\\{code=PERMISSION_DENIED, description=null, cause=null\\},"
+            + " buffered_nanos=[0-9]+, waiting_for_connection]");
+  }
+
   private static TransportProvider newTransportProvider(final ClientTransport transport) {
     return new TransportProvider() {
       @Override

From 5a7f350537bbdbba3e3f49de53d298d99b5c1913 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Fri, 14 Feb 2025 15:59:21 +0200
Subject: [PATCH 182/591] optimize number of buffer allocations (#11879)

Currently this improves 2 flows

1. Known length message which length is greater than 1Mb. Previously the
first buffer was 1Mb, and then many buffers of 4096 bytes (from
CodedOutputStream), now subsequent buffers are also up to 1Mb

2. In case of compression, the first write is always 10 bytes buffer
(gzip header), but worth allocating more space
---
 .../java/io/grpc/internal/MessageFramer.java  | 19 +++++++----
 .../testing/integration/CompressionTest.java  | 33 +++++++------------
 .../io/grpc/netty/NettyClientStreamTest.java  |  2 +-
 .../io/grpc/netty/NettyServerStreamTest.java  |  2 +-
 .../okhttp/OkHttpWritableBufferAllocator.java |  8 ++---
 .../OkHttpWritableBufferAllocatorTest.java    |  7 ++--
 6 files changed, 34 insertions(+), 37 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/MessageFramer.java b/core/src/main/java/io/grpc/internal/MessageFramer.java
index 5e75fa2e6fe..8b5ccb864a4 100644
--- a/core/src/main/java/io/grpc/internal/MessageFramer.java
+++ b/core/src/main/java/io/grpc/internal/MessageFramer.java
@@ -75,6 +75,10 @@ void deliverFrame(
   // effectively final.  Can only be set once.
   private int maxOutboundMessageSize = NO_MAX_OUTBOUND_MESSAGE_SIZE;
   private WritableBuffer buffer;
+  /**
+   * if &gt; 0 - the number of bytes to allocate for the current known-length message.
+   */
+  private int knownLengthPendingAllocation;
   private Compressor compressor = Codec.Identity.NONE;
   private boolean messageCompression = true;
   private final OutputStreamAdapter outputStreamAdapter = new OutputStreamAdapter();
@@ -222,9 +226,7 @@ private int writeKnownLengthUncompressed(InputStream message, int messageLength)
     headerScratch.put(UNCOMPRESSED).putInt(messageLength);
     // Allocate the initial buffer chunk based on frame header + payload length.
     // Note that the allocator may allocate a buffer larger or smaller than this length
-    if (buffer == null) {
-      buffer = bufferAllocator.allocate(headerScratch.position() + messageLength);
-    }
+    knownLengthPendingAllocation = HEADER_LENGTH + messageLength;
     writeRaw(headerScratch.array(), 0, headerScratch.position());
     return writeToOutputStream(message, outputStreamAdapter);
   }
@@ -288,8 +290,9 @@ private void writeRaw(byte[] b, int off, int len) {
         commitToSink(false, false);
       }
       if (buffer == null) {
-        // Request a buffer allocation using the message length as a hint.
-        buffer = bufferAllocator.allocate(len);
+        checkState(knownLengthPendingAllocation > 0, "knownLengthPendingAllocation reached 0");
+        buffer = bufferAllocator.allocate(knownLengthPendingAllocation);
+        knownLengthPendingAllocation -= min(knownLengthPendingAllocation, buffer.writableBytes());
       }
       int toWrite = min(len, buffer.writableBytes());
       buffer.write(b, off, toWrite);
@@ -388,6 +391,8 @@ public void write(byte[] b, int off, int len) {
    * {@link OutputStream}.
    */
   private final class BufferChainOutputStream extends OutputStream {
+    private static final int FIRST_BUFFER_SIZE = 4096;
+
     private final List<WritableBuffer> bufferList = new ArrayList<>();
     private WritableBuffer current;
 
@@ -397,7 +402,7 @@ private final class BufferChainOutputStream extends OutputStream {
      * {@link #write(byte[], int, int)}.
      */
     @Override
-    public void write(int b) throws IOException {
+    public void write(int b) {
       if (current != null && current.writableBytes() > 0) {
         current.write((byte)b);
         return;
@@ -410,7 +415,7 @@ public void write(int b) throws IOException {
     public void write(byte[] b, int off, int len) {
       if (current == null) {
         // Request len bytes initially from the allocator, it may give us more.
-        current = bufferAllocator.allocate(len);
+        current = bufferAllocator.allocate(Math.max(FIRST_BUFFER_SIZE, len));
         bufferList.add(current);
       }
       while (len > 0) {
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/CompressionTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/CompressionTest.java
index 208eb40c438..5307c26949b 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/CompressionTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/CompressionTest.java
@@ -24,6 +24,8 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Lists;
 import com.google.protobuf.ByteString;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
@@ -53,8 +55,6 @@
 import io.grpc.testing.integration.TestServiceGrpc.TestServiceBlockingStub;
 import io.grpc.testing.integration.TransportCompressionTest.Fzip;
 import java.nio.charset.Charset;
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.List;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
@@ -146,25 +146,16 @@ public void tearDown() {
    * Parameters for test.
    */
   @Parameters
-  public static Collection<Object[]> params() {
-    boolean[] bools = new boolean[]{false, true};
-    List<Object[]> combos = new ArrayList<>(64);
-    for (boolean enableClientMessageCompression : bools) {
-      for (boolean clientAcceptEncoding : bools) {
-        for (boolean clientEncoding : bools) {
-          for (boolean enableServerMessageCompression : bools) {
-            for (boolean serverAcceptEncoding : bools) {
-              for (boolean serverEncoding : bools) {
-                combos.add(new Object[] {
-                    enableClientMessageCompression, clientAcceptEncoding, clientEncoding,
-                    enableServerMessageCompression, serverAcceptEncoding, serverEncoding});
-              }
-            }
-          }
-        }
-      }
-    }
-    return combos;
+  public static Iterable<Object[]> params() {
+    List<Boolean> bools = Lists.newArrayList(false, true);
+    return Iterables.transform(Lists.cartesianProduct(
+        bools, // enableClientMessageCompression
+        bools, // clientAcceptEncoding
+        bools, // clientEncoding
+        bools, // enableServerMessageCompression
+        bools, // serverAcceptEncoding
+        bools  // serverEncoding
+    ), List::toArray);
   }
 
   @Test
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientStreamTest.java b/netty/src/test/java/io/grpc/netty/NettyClientStreamTest.java
index a44a196ac8c..4dd24c3fd4d 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientStreamTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientStreamTest.java
@@ -233,7 +233,7 @@ public void writeFrameFutureFailedShouldCancelRpc() {
     // Verify that failed SendGrpcFrameCommand results in immediate CancelClientStreamCommand.
     inOrder.verify(writeQueue).enqueue(any(CancelClientStreamCommand.class), eq(true));
     // Verify that any other failures do not produce another CancelClientStreamCommand in the queue.
-    inOrder.verify(writeQueue, atLeast(1)).enqueue(any(SendGrpcFrameCommand.class), eq(false));
+    inOrder.verify(writeQueue, atLeast(0)).enqueue(any(SendGrpcFrameCommand.class), eq(false));
     inOrder.verify(writeQueue).enqueue(any(SendGrpcFrameCommand.class), eq(true));
     inOrder.verifyNoMoreInteractions();
 
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerStreamTest.java b/netty/src/test/java/io/grpc/netty/NettyServerStreamTest.java
index 0723e359752..2f2933ae103 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerStreamTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerStreamTest.java
@@ -158,7 +158,7 @@ public void writeFrameFutureFailedShouldCancelRpc() {
     // Verify that failed SendGrpcFrameCommand results in immediate CancelServerStreamCommand.
     inOrder.verify(writeQueue).enqueue(any(CancelServerStreamCommand.class), eq(true));
     // Verify that any other failures do not produce another CancelServerStreamCommand in the queue.
-    inOrder.verify(writeQueue, atLeast(1)).enqueue(any(SendGrpcFrameCommand.class), eq(false));
+    inOrder.verify(writeQueue, atLeast(0)).enqueue(any(SendGrpcFrameCommand.class), eq(false));
     inOrder.verify(writeQueue).enqueue(any(SendGrpcFrameCommand.class), eq(true));
     inOrder.verifyNoMoreInteractions();
   }
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpWritableBufferAllocator.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpWritableBufferAllocator.java
index 481ada61c96..f5d490818ba 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpWritableBufferAllocator.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpWritableBufferAllocator.java
@@ -19,6 +19,7 @@
 import io.grpc.internal.WritableBuffer;
 import io.grpc.internal.WritableBufferAllocator;
 import okio.Buffer;
+import okio.Segment;
 
 /**
  * The default allocator for {@link OkHttpWritableBuffer}s used by the OkHttp transport. OkHttp
@@ -27,9 +28,6 @@
  */
 class OkHttpWritableBufferAllocator implements WritableBufferAllocator {
 
-  // Use 4k as our minimum buffer size.
-  private static final int MIN_BUFFER = 4096;
-
   // Set the maximum buffer size to 1MB
   private static final int MAX_BUFFER = 1024 * 1024;
 
@@ -45,7 +43,9 @@ class OkHttpWritableBufferAllocator implements WritableBufferAllocator {
    */
   @Override
   public WritableBuffer allocate(int capacityHint) {
-    capacityHint = Math.min(MAX_BUFFER, Math.max(MIN_BUFFER, capacityHint));
+    // okio buffer uses fixed size Segments, round capacityHint up
+    capacityHint = Math.min(MAX_BUFFER,
+        (capacityHint + Segment.SIZE - 1) / Segment.SIZE * Segment.SIZE);
     return new OkHttpWritableBuffer(new Buffer(), capacityHint);
   }
 }
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpWritableBufferAllocatorTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpWritableBufferAllocatorTest.java
index e606b6b9a50..c444e0ee11d 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpWritableBufferAllocatorTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpWritableBufferAllocatorTest.java
@@ -21,6 +21,7 @@
 import io.grpc.internal.WritableBuffer;
 import io.grpc.internal.WritableBufferAllocator;
 import io.grpc.internal.WritableBufferAllocatorTestBase;
+import okio.Segment;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -42,7 +43,7 @@ protected WritableBufferAllocator allocator() {
   public void testCapacity() {
     WritableBuffer buffer = allocator().allocate(4096);
     assertEquals(0, buffer.readableBytes());
-    assertEquals(4096, buffer.writableBytes());
+    assertEquals(Segment.SIZE, buffer.writableBytes());
   }
 
   @Test
@@ -54,8 +55,8 @@ public void testInitialCapacityHasMaximum() {
 
   @Test
   public void testIsExactBelowMaxCapacity() {
-    WritableBuffer buffer = allocator().allocate(4097);
+    WritableBuffer buffer = allocator().allocate(Segment.SIZE + 1);
     assertEquals(0, buffer.readableBytes());
-    assertEquals(4097, buffer.writableBytes());
+    assertEquals(Segment.SIZE * 2, buffer.writableBytes());
   }
 }

From 41dd0c6d7358cc12c83c559c4059f8a8cb86d44e Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Fri, 14 Feb 2025 10:23:54 -0800
Subject: [PATCH 183/591] xds:Cleanup to reduce test flakiness (#11895)

* don't process resourceDoesNotExist for watchers that have been cancelled.

* Change test to use an ArgumentMatcher instead of expecting that only the final result will be sent since depending on timing there may be configs sent for clusters being removed with their entries as errors.
---
 .../io/grpc/xds/XdsDependencyManager.java     | 16 +++++++++++++
 .../io/grpc/xds/XdsDependencyManagerTest.java | 24 ++++++++++++++++---
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 4adfebfe74d..7eff0c549e2 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -149,6 +149,7 @@ private <T extends ResourceUpdate> void cancelWatcher(XdsWatcherBase<T> watcher)
       throwIfParentContextsNotEmpty(watcher);
     }
 
+    watcher.cancelled = true;
     XdsResourceType<T> type = watcher.type;
     String resourceName = watcher.resourceName;
 
@@ -597,6 +598,8 @@ private abstract static class XdsWatcherBase<T extends ResourceUpdate>
       implements ResourceWatcher<T> {
     private final XdsResourceType<T> type;
     private final String resourceName;
+    boolean cancelled;
+
     @Nullable
     private StatusOr<T> data;
 
@@ -693,6 +696,10 @@ public void onError(Status error) {
 
     @Override
     public void onResourceDoesNotExist(String resourceName) {
+      if (cancelled) {
+        return;
+      }
+
       handleDoesNotExist(resourceName);
       xdsConfigWatcher.onResourceDoesNotExist(toContextString());
     }
@@ -752,6 +759,9 @@ public void onError(Status error) {
 
     @Override
     public void onResourceDoesNotExist(String resourceName) {
+      if (cancelled) {
+        return;
+      }
       handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
       xdsConfigWatcher.onResourceDoesNotExist(toContextString());
     }
@@ -836,6 +846,9 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
 
     @Override
     public void onResourceDoesNotExist(String resourceName) {
+      if (cancelled) {
+        return;
+      }
       handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
       maybePublishConfig();
     }
@@ -857,6 +870,9 @@ public void onChanged(XdsEndpointResource.EdsUpdate update) {
 
     @Override
     public void onResourceDoesNotExist(String resourceName) {
+      if (cancelled) {
+        return;
+      }
       handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
       maybePublishConfig();
     }
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index c4b7c6c8ace..f94a94a9446 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -88,6 +88,7 @@
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
+import org.mockito.ArgumentMatcher;
 import org.mockito.ArgumentMatchers;
 import org.mockito.Captor;
 import org.mockito.InOrder;
@@ -696,9 +697,9 @@ public void testChangeAggCluster() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
     // Verify that the config is updated as expected
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    XdsConfig config = xdsConfigCaptor.getValue();
-    assertThat(config.getClusters().keySet()).containsExactly("root", "clusterA21", "clusterA22");
+    ClusterNameMatcher nameMatcher
+        = new ClusterNameMatcher(Arrays.asList("root", "clusterA21", "clusterA22"));
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(argThat(nameMatcher));
   }
 
   private Listener buildInlineClientListener(String rdsName, String clusterName) {
@@ -789,4 +790,21 @@ void deliverLdsUpdate(long httpMaxStreamDurationNano,
       });
     }
   }
+
+  static class ClusterNameMatcher implements ArgumentMatcher<XdsConfig> {
+    private final List<String> expectedNames;
+
+    ClusterNameMatcher(List<String> expectedNames) {
+      this.expectedNames = expectedNames;
+    }
+
+    @Override
+    public boolean matches(XdsConfig xdsConfig) {
+      if (xdsConfig == null || xdsConfig.getClusters() == null) {
+        return false;
+      }
+      return xdsConfig.getClusters().size() == expectedNames.size()
+          && xdsConfig.getClusters().keySet().containsAll(expectedNames);
+    }
+  }
 }

From a5347b2bc4ac6dbe77b916a2a3dcf16199002603 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Fri, 14 Feb 2025 12:55:42 -0800
Subject: [PATCH 184/591] s2a: inject Optional<AccessTokenManager> in tests

---
 .../handshaker/GetAuthenticationMechanisms.java      | 10 ++++++----
 .../s2a/internal/handshaker/SslContextFactory.java   |  3 ++-
 .../handshaker/GetAuthenticationMechanismsTest.java  | 12 ++++++++++--
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
index 2d089183f91..88dfd62675f 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
@@ -24,19 +24,21 @@
 /** Retrieves the authentication mechanism for a given local identity. */
 @Immutable
 final class GetAuthenticationMechanisms {
-  private static final Optional<AccessTokenManager> TOKEN_MANAGER = AccessTokenManager.create();
+  static final Optional<AccessTokenManager> TOKEN_MANAGER = AccessTokenManager.create();
 
   /**
    * Retrieves the authentication mechanism for a given local identity.
    *
    * @param localIdentity the identity for which to fetch a token.
+   * @param tokenManager the token manager to use for fetching tokens.
    * @return an {@link AuthenticationMechanism} for the given local identity.
    */
-  static Optional<AuthenticationMechanism> getAuthMechanism(Optional<S2AIdentity> localIdentity) {
-    if (!TOKEN_MANAGER.isPresent()) {
+  static Optional<AuthenticationMechanism> getAuthMechanism(Optional<S2AIdentity> localIdentity,
+      Optional<AccessTokenManager> tokenManager) {
+    if (!tokenManager.isPresent()) {
       return Optional.empty();
     }
-    AccessTokenManager manager = TOKEN_MANAGER.get();
+    AccessTokenManager manager = tokenManager.get();
     // If no identity is provided, fetch the default access token and DO NOT attach an identity
     // to the request.
     if (!localIdentity.isPresent()) {
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
index 3e5481daa9e..153f4de6918 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
@@ -105,7 +105,8 @@ private static GetTlsConfigurationResp.ClientTlsConfiguration getClientTlsConfig
       reqBuilder.setLocalIdentity(localIdentity.get().getIdentity());
     }
     Optional<AuthenticationMechanism> authMechanism =
-        GetAuthenticationMechanisms.getAuthMechanism(localIdentity);
+        GetAuthenticationMechanisms.getAuthMechanism(localIdentity,
+        GetAuthenticationMechanisms.TOKEN_MANAGER);
     if (authMechanism.isPresent()) {
       reqBuilder.addAuthenticationMechanisms(authMechanism.get());
     }
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
index d17d9ba99e8..d69d84bf459 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
@@ -18,9 +18,11 @@
 
 import com.google.common.truth.Expect;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
+import io.grpc.s2a.internal.handshaker.tokenmanager.AccessTokenManager;
 import io.grpc.s2a.internal.handshaker.tokenmanager.SingleTokenFetcher;
 import java.util.Optional;
 import org.junit.AfterClass;
+import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
@@ -33,6 +35,7 @@ public final class GetAuthenticationMechanismsTest {
   @Rule public final Expect expect = Expect.create();
   private static final String TOKEN = "access_token";
   private static String originalAccessToken;
+  private Optional<AccessTokenManager> tokenManager;
 
   @BeforeClass
   public static void setUpClass() {
@@ -41,6 +44,11 @@ public static void setUpClass() {
     SingleTokenFetcher.setAccessToken(TOKEN);
   }
 
+  @Before
+  public void setUp() {
+    tokenManager = AccessTokenManager.create();
+  }
+
   @AfterClass
   public static void tearDownClass() {
     SingleTokenFetcher.setAccessToken(originalAccessToken);
@@ -49,7 +57,7 @@ public static void tearDownClass() {
   @Test
   public void getAuthMechanisms_emptyIdentity_success() {
     expect
-        .that(GetAuthenticationMechanisms.getAuthMechanism(Optional.empty()))
+        .that(GetAuthenticationMechanisms.getAuthMechanism(Optional.empty(), tokenManager))
         .isEqualTo(
             Optional.of(AuthenticationMechanism.newBuilder().setToken("access_token").build()));
   }
@@ -58,7 +66,7 @@ public void getAuthMechanisms_emptyIdentity_success() {
   public void getAuthMechanisms_nonEmptyIdentity_success() {
     S2AIdentity fakeIdentity = S2AIdentity.fromSpiffeId("fake-spiffe-id");
     expect
-        .that(GetAuthenticationMechanisms.getAuthMechanism(Optional.of(fakeIdentity)))
+        .that(GetAuthenticationMechanisms.getAuthMechanism(Optional.of(fakeIdentity), tokenManager))
         .isEqualTo(
             Optional.of(
                 AuthenticationMechanism.newBuilder()

From 57af63ad0a0203aa87b20bb29bc56cd9215fb2ef Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 14 Feb 2025 11:03:40 -0800
Subject: [PATCH 185/591] kokoro: Increase gradle mem in android-interop

To try to aid failure when building android-interop-testing
```
The Daemon will expire after the build after running out of JVM heap space.
The project memory settings are likely not configured or are configured to an insufficient value.
The daemon will restart for the next build, which may increase subsequent build times.
These settings can be adjusted by setting 'org.gradle.jvmargs' in 'gradle.properties'.
The currently configured max heap space is '512 MiB' and the configured max metaspace is '384 MiB'.
...
Exception in thread "Daemon client event forwarder" java.lang.OutOfMemoryError: Java heap space
...
> Task :grpc-android-interop-testing:mergeDexDebug FAILED
ERROR:D8: java.lang.OutOfMemoryError: Java heap space
com.android.builder.dexing.DexArchiveMergerException: Error while merging dex archives:
```
---
 buildscripts/kokoro/android-interop.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/buildscripts/kokoro/android-interop.sh b/buildscripts/kokoro/android-interop.sh
index 43bad26f1ec..b4adc8bed43 100755
--- a/buildscripts/kokoro/android-interop.sh
+++ b/buildscripts/kokoro/android-interop.sh
@@ -7,7 +7,6 @@ set -exu -o pipefail
 
 cd github/grpc-java
 
-export GRADLE_OPTS=-Xmx512m
 export LDFLAGS=-L/tmp/protobuf/lib
 export CXXFLAGS=-I/tmp/protobuf/include
 export LD_LIBRARY_PATH=/tmp/protobuf/lib
@@ -30,7 +29,7 @@ sudo update-java-alternatives --set java-1.11.0-openjdk-amd64
 # Unset any existing JAVA_HOME env var to stop Gradle from using it
 unset JAVA_HOME
 
-GRADLE_FLAGS="-Pandroid.useAndroidX=true"
+GRADLE_FLAGS="-Pandroid.useAndroidX=true -Dorg.gradle.jvmargs=-Xmx1024m"
 
 ./gradlew $GRADLE_FLAGS :grpc-android-interop-testing:assembleDebug
 ./gradlew $GRADLE_FLAGS :grpc-android-interop-testing:assembleDebugAndroidTest

From c1d703546a8ed4a052769aa78203f44658a3083f Mon Sep 17 00:00:00 2001
From: Larry Safran <lsafran@google.com>
Date: Fri, 14 Feb 2025 14:46:54 -0800
Subject: [PATCH 186/591] okhttp:Use a locally specified value instead of
 Segment.SIZE in okhttp (#11899)

Switched to using 8192 which is the current value of Segment.SIZE and just have a test check that they are equal.

The reason for doing this is that Segment.SIZE is Kotlin internal so shouldn't be used outside of its module.
---
 .../grpc/okhttp/OkHttpWritableBufferAllocator.java |  4 ++--
 .../okhttp/OkHttpWritableBufferAllocatorTest.java  | 14 +++++++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpWritableBufferAllocator.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpWritableBufferAllocator.java
index f5d490818ba..58896a5dbb0 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpWritableBufferAllocator.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpWritableBufferAllocator.java
@@ -19,7 +19,6 @@
 import io.grpc.internal.WritableBuffer;
 import io.grpc.internal.WritableBufferAllocator;
 import okio.Buffer;
-import okio.Segment;
 
 /**
  * The default allocator for {@link OkHttpWritableBuffer}s used by the OkHttp transport. OkHttp
@@ -30,6 +29,7 @@ class OkHttpWritableBufferAllocator implements WritableBufferAllocator {
 
   // Set the maximum buffer size to 1MB
   private static final int MAX_BUFFER = 1024 * 1024;
+  public static final int SEGMENT_SIZE_COPY = 8192; // Should equal Segment.SIZE
 
   /**
    * Construct a new instance.
@@ -45,7 +45,7 @@ class OkHttpWritableBufferAllocator implements WritableBufferAllocator {
   public WritableBuffer allocate(int capacityHint) {
     // okio buffer uses fixed size Segments, round capacityHint up
     capacityHint = Math.min(MAX_BUFFER,
-        (capacityHint + Segment.SIZE - 1) / Segment.SIZE * Segment.SIZE);
+        (capacityHint + SEGMENT_SIZE_COPY - 1) / SEGMENT_SIZE_COPY * SEGMENT_SIZE_COPY);
     return new OkHttpWritableBuffer(new Buffer(), capacityHint);
   }
 }
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpWritableBufferAllocatorTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpWritableBufferAllocatorTest.java
index c444e0ee11d..c19224822a8 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpWritableBufferAllocatorTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpWritableBufferAllocatorTest.java
@@ -16,6 +16,7 @@
 
 package io.grpc.okhttp;
 
+import static io.grpc.okhttp.OkHttpWritableBufferAllocator.SEGMENT_SIZE_COPY;
 import static org.junit.Assert.assertEquals;
 
 import io.grpc.internal.WritableBuffer;
@@ -39,11 +40,12 @@ protected WritableBufferAllocator allocator() {
     return allocator;
   }
 
+  @SuppressWarnings("KotlinInternal")
   @Test
   public void testCapacity() {
     WritableBuffer buffer = allocator().allocate(4096);
     assertEquals(0, buffer.readableBytes());
-    assertEquals(Segment.SIZE, buffer.writableBytes());
+    assertEquals(SEGMENT_SIZE_COPY, buffer.writableBytes());
   }
 
   @Test
@@ -55,8 +57,14 @@ public void testInitialCapacityHasMaximum() {
 
   @Test
   public void testIsExactBelowMaxCapacity() {
-    WritableBuffer buffer = allocator().allocate(Segment.SIZE + 1);
+    WritableBuffer buffer = allocator().allocate(SEGMENT_SIZE_COPY + 1);
     assertEquals(0, buffer.readableBytes());
-    assertEquals(Segment.SIZE * 2, buffer.writableBytes());
+    assertEquals(SEGMENT_SIZE_COPY * 2, buffer.writableBytes());
+  }
+
+  @SuppressWarnings("KotlinInternal")
+  @Test
+  public void testSegmentSizeMatchesKotlin() {
+    assertEquals(Segment.SIZE, SEGMENT_SIZE_COPY);
   }
 }

From 9e54e8e5e93034fbea5db686cdbfbd985d0c6f3a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 14 Feb 2025 13:41:32 -0800
Subject: [PATCH 187/591] servlet: Provide Gradle a filter version number

The version number is simply a unique string per version.
---
 servlet/jakarta/build.gradle | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/servlet/jakarta/build.gradle b/servlet/jakarta/build.gradle
index d1ebc1d4dc1..456b2b75e3e 100644
--- a/servlet/jakarta/build.gradle
+++ b/servlet/jakarta/build.gradle
@@ -47,6 +47,8 @@ def migrate(String name, String inputDir, SourceSet sourceSet) {
     def outputDir = layout.buildDirectory.dir('generated/sources/jakarta-' + name)
     sourceSet.java.srcDir tasks.register('migrateSources' + name.capitalize(), Sync) { task ->
         into(outputDir)
+	// Increment when changing the filter, to inform Gradle it needs to rebuild
+	inputs.property("filter-version", "1")
         from("$inputDir/io/grpc/servlet") {
             into('io/grpc/servlet/jakarta')
             filter { String line ->

From 16d26726cfeb44510c8d9f92b121a9fbe32a6301 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 14 Feb 2025 15:47:19 -0800
Subject: [PATCH 188/591] s2a: Don't allow S2AStub to be set

S2AStub is an internal API and shouldn't be used outside of s2a. It is
still available for tests.

IntegrationTest was moved to io.grpc.s2a. It uses a io.grpc.s2a class,
so shouldn't be in internal.handler
---
 s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java    | 6 ++++--
 .../main/java/io/grpc/s2a/internal/handshaker/S2AStub.java  | 5 +++--
 .../grpc/s2a/{internal/handshaker => }/IntegrationTest.java | 4 +++-
 3 files changed, 10 insertions(+), 5 deletions(-)
 rename s2a/src/test/java/io/grpc/s2a/{internal/handshaker => }/IntegrationTest.java (98%)

diff --git a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
index 2cbdf7e4c5f..4be32475205 100644
--- a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
+++ b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Strings.isNullOrEmpty;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
@@ -110,7 +111,8 @@ public Builder setLocalUid(String localUid) {
      * Sets the stub to use to communicate with S2A. This is only used for testing that the
      * stream to S2A gets closed.
      */
-    public Builder setStub(S2AStub stub) {
+    @VisibleForTesting
+    Builder setStub(S2AStub stub) {
       checkNotNull(stub);
       this.stub = stub;
       return this;
@@ -130,4 +132,4 @@ InternalProtocolNegotiator.ClientFactory buildProtocolNegotiatorFactory() {
   }
 
   private S2AChannelCredentials() {}
-}
\ No newline at end of file
+}
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
index c5ac8f96d96..956ec485229 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
@@ -44,7 +44,8 @@ public class S2AStub implements AutoCloseable {
   private boolean doneWriting = false;
   private boolean isClosed = false;
 
-  static S2AStub newInstance(S2AServiceGrpc.S2AServiceStub serviceStub) {
+  @VisibleForTesting
+  public static S2AStub newInstance(S2AServiceGrpc.S2AServiceStub serviceStub) {
     checkNotNull(serviceStub);
     return new S2AStub(serviceStub);
   }
@@ -224,4 +225,4 @@ SessionResp getResultOrThrow() throws IOException {
       return response.get();
     }
   }
-}
\ No newline at end of file
+}
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java
similarity index 98%
rename from s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
rename to s2a/src/test/java/io/grpc/s2a/IntegrationTest.java
index 613983d9b39..d8d2fdd4d03 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.s2a.internal.handshaker;
+package io.grpc.s2a;
 
 import static com.google.common.truth.Truth.assertThat;
 import static java.util.concurrent.TimeUnit.SECONDS;
@@ -37,6 +37,8 @@
 import io.grpc.s2a.S2AChannelCredentials;
 import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.internal.handshaker.FakeS2AServer;
+import io.grpc.s2a.internal.handshaker.S2AServiceGrpc;
+import io.grpc.s2a.internal.handshaker.S2AStub;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.protobuf.SimpleRequest;
 import io.grpc.testing.protobuf.SimpleResponse;

From 16edf7ac4e21d3bcf516bfde0e018915172dfe7d Mon Sep 17 00:00:00 2001
From: Naveen Prasanna V <80662475+NaveenPrasannaV@users.noreply.github.com>
Date: Tue, 18 Feb 2025 14:40:18 +0530
Subject: [PATCH 189/591] Examples: Updated HelloWorldServer to use Executor
 (#11850)

---
 .../examples/helloworld/HelloWorldServer.java  | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/examples/src/main/java/io/grpc/examples/helloworld/HelloWorldServer.java b/examples/src/main/java/io/grpc/examples/helloworld/HelloWorldServer.java
index 81027587031..0e39581c98f 100644
--- a/examples/src/main/java/io/grpc/examples/helloworld/HelloWorldServer.java
+++ b/examples/src/main/java/io/grpc/examples/helloworld/HelloWorldServer.java
@@ -23,6 +23,8 @@
 import java.io.IOException;
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Logger;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
 
 /**
  * Server that manages startup/shutdown of a {@code Greeter} server.
@@ -31,11 +33,20 @@ public class HelloWorldServer {
   private static final Logger logger = Logger.getLogger(HelloWorldServer.class.getName());
 
   private Server server;
-
   private void start() throws IOException {
     /* The port on which the server should run */
     int port = 50051;
+    /*
+     * By default gRPC uses a global, shared Executor.newCachedThreadPool() for gRPC callbacks into
+     * your application. This is convenient, but can cause an excessive number of threads to be
+     * created if there are many RPCs. It is often better to limit the number of threads your
+     * application uses for processing and let RPCs queue when the CPU is saturated.
+     * The appropriate number of threads varies heavily between applications.
+     * Async application code generally does not need more threads than CPU cores.
+     */
+    ExecutorService executor = Executors.newFixedThreadPool(2);
     server = Grpc.newServerBuilderForPort(port, InsecureServerCredentials.create())
+        .executor(executor)
         .addService(new GreeterImpl())
         .build()
         .start();
@@ -48,7 +59,12 @@ public void run() {
         try {
           HelloWorldServer.this.stop();
         } catch (InterruptedException e) {
+          if (server != null) {
+            server.shutdownNow();
+          }
           e.printStackTrace(System.err);
+        } finally {
+          executor.shutdown();
         }
         System.err.println("*** server shut down");
       }

From a132123c93d1ba46763d852b9057b70f32c86215 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 18 Feb 2025 14:16:02 +0000
Subject: [PATCH 190/591] Start 1.72.0 development cycle (#11907)

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 9c18d918a2c..666fda73202 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.71.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.72.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 09c78735776..93ce60054bc 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.71.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.72.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index e696def7b99..82fe6a81d18 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.71.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.72.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index c052093cbbc..912bd50da12 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.71.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.72.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index fc420195667..937854ac3ff 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.71.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.72.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 72541817979..4d72ae9c395 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,5 +1,5 @@
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.70.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.72.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 7700b2248eb..1f2a17ae6bb 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,12 +54,12 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 0fb396bbe39..09b994a4954 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index 1a8209913a2..bdad129845b 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index 02b17c189f9..f38110a741b 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,8 +53,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index d4991f02f43..e807d09f407 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 17b2568c7ea..e7142f3fb5a 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 7701465dee2..1d07a7cb8ec 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 2976782a5d7..00fdecdb6c4 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index a0f29660afc..b73902095a1 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 99f98cc5b48..28539851934 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index aea626a5193..0ef0dcaefe2 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 00e7ee0e3ad..d2a32578550 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 5ccb5bb0d3a..e16e32e3bc1 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 3c7b0587e8f..1cad10bbb87 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 9eb5f38c364..86aa42f8ed0 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index d7ac43e79ae..6993c40a1ac 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 64ea928456b..ca12c3f7872 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 6c1e172b2e0..7e9a915bfbd 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 4de1183e0d7..6d06f097ccb 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index f01b362347a..a9fea928a34 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 2e0cbfbe0b6..f575d24d19b 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index ffa8295f849..45235fa1e08 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 8c885d9cb99..ad68e891436 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 163276aec10..2176df5afc5 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 87e37c5a3b1..e741bfe1c3f 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index ade33ee8769..de9298cf0e1 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index ef1bc185816..c0159dce258 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.71.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 6370ce7d56a..edc9c4cda14 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.71.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.71.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->

From 713607056e1761b9c17fbdc3c506e5596c48692a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 12 Feb 2025 21:52:19 -0800
Subject: [PATCH 191/591] util: Use acceptResolvedAddresses() for MultiChildLb
 children

A failing Status from acceptResolvedAddresses means something is wrong
with the config, but parts of the config may still have been applied.
Thus there are now two possible flows: errors that should prevent
updateOverallBalancingState() and errors that should have no effect
other than the return code. To manage that, MultChildLb must always be
responsible for calling updateOverallBalancingState().
acceptResolvedAddressesInternal() was inlined to make that error
processing easier. No existing usages actually needed to have logic
between updating the children and regenerating the picker.

RingHashLb already was verifying that the address list was not empty, so
the short-circuiting when acceptResolvedAddressesInternal() returned an
error was impossible to trigger. WrrLb's updateWeightTask() calls the
last picker, so it can run before acceptResolvedAddressesInternal(); the
only part that matters is re-creating the weightUpdateTimer.
---
 .../io/grpc/util/MultiChildLoadBalancer.java  | 74 +++++----------
 .../io/grpc/xds/RingHashLoadBalancer.java     | 90 ++++++++-----------
 .../xds/WeightedRoundRobinLoadBalancer.java   | 28 ++----
 3 files changed, 66 insertions(+), 126 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
index b51d2772d3e..ed338343c11 100644
--- a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
@@ -107,21 +107,22 @@ protected ChildLbState createChildLbState(Object key) {
    */
   @Override
   public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+    logger.log(Level.FINE, "Received resolution result: {0}", resolvedAddresses);
     try {
       resolvingAddresses = true;
 
       // process resolvedAddresses to update children
-      AcceptResolvedAddrRetVal acceptRetVal = acceptResolvedAddressesInternal(resolvedAddresses);
-      if (!acceptRetVal.status.isOk()) {
-        return acceptRetVal.status;
+      Map<Object, ResolvedAddresses> newChildAddresses = createChildAddressesMap(resolvedAddresses);
+
+      // Handle error case
+      if (newChildAddresses.isEmpty()) {
+        Status unavailableStatus = Status.UNAVAILABLE.withDescription(
+            "NameResolver returned no usable address. " + resolvedAddresses);
+        handleNameResolutionError(unavailableStatus);
+        return unavailableStatus;
       }
 
-      // Update the picker and our connectivity state
-      updateOverallBalancingState();
-
-      // shutdown removed children
-      shutdownRemoved(acceptRetVal.removedChildren);
-      return acceptRetVal.status;
+      return updateChildrenWithResolvedAddresses(newChildAddresses);
     } finally {
       resolvingAddresses = false;
     }
@@ -149,31 +150,7 @@ public void shutdown() {
     childLbStates.clear();
   }
 
-  /**
-   *   This does the work to update the child map and calculate which children have been removed.
-   *   You must call {@link #updateOverallBalancingState} to update the picker
-   *   and call {@link #shutdownRemoved(List)} to shutdown the endpoints that have been removed.
-    */
-  protected final AcceptResolvedAddrRetVal acceptResolvedAddressesInternal(
-      ResolvedAddresses resolvedAddresses) {
-    logger.log(Level.FINE, "Received resolution result: {0}", resolvedAddresses);
-
-    Map<Object, ResolvedAddresses> newChildAddresses = createChildAddressesMap(resolvedAddresses);
-
-    // Handle error case
-    if (newChildAddresses.isEmpty()) {
-      Status unavailableStatus = Status.UNAVAILABLE.withDescription(
-          "NameResolver returned no usable address. " + resolvedAddresses);
-      handleNameResolutionError(unavailableStatus);
-      return new AcceptResolvedAddrRetVal(unavailableStatus, null);
-    }
-
-    List<ChildLbState> removed = updateChildrenWithResolvedAddresses(newChildAddresses);
-    return new AcceptResolvedAddrRetVal(Status.OK, removed);
-  }
-
-  /** Returns removed children. */
-  private List<ChildLbState> updateChildrenWithResolvedAddresses(
+  private Status updateChildrenWithResolvedAddresses(
       Map<Object, ResolvedAddresses> newChildAddresses) {
     // Create a map with the old values
     Map<Object, ChildLbState> oldStatesMap =
@@ -183,6 +160,7 @@ private List<ChildLbState> updateChildrenWithResolvedAddresses(
     }
 
     // Move ChildLbStates from the map to a new list (preserving the new map's order)
+    Status status = Status.OK;
     List<ChildLbState> newChildLbStates = new ArrayList<>(newChildAddresses.size());
     for (Map.Entry<Object, ResolvedAddresses> entry : newChildAddresses.entrySet()) {
       ChildLbState childLbState = oldStatesMap.remove(entry.getKey());
@@ -191,21 +169,23 @@ private List<ChildLbState> updateChildrenWithResolvedAddresses(
       }
       newChildLbStates.add(childLbState);
       if (entry.getValue() != null) {
-        childLbState.lb.handleResolvedAddresses(entry.getValue()); // update child LB
+        // update child LB
+        Status newStatus = childLbState.lb.acceptResolvedAddresses(entry.getValue());
+        if (!newStatus.isOk()) {
+          status = newStatus;
+        }
       }
     }
 
     childLbStates = newChildLbStates;
-    // Remaining entries in map are orphaned
-    return new ArrayList<>(oldStatesMap.values());
-  }
+    // Update the picker and our connectivity state
+    updateOverallBalancingState();
 
-  protected final void shutdownRemoved(List<ChildLbState> removedChildren) {
-    // Do shutdowns after updating picker to reduce the chance of failing an RPC by picking a
-    // subchannel that has been shutdown.
-    for (ChildLbState childLbState : removedChildren) {
+    // Remaining entries in map are orphaned
+    for (ChildLbState childLbState : oldStatesMap.values()) {
       childLbState.shutdown();
     }
+    return status;
   }
 
   @Nullable
@@ -406,14 +386,4 @@ public String toString() {
       return addrs.toString();
     }
   }
-
-  protected static class AcceptResolvedAddrRetVal {
-    public final Status status;
-    public final List<ChildLbState> removedChildren;
-
-    public AcceptResolvedAddrRetVal(Status status, List<ChildLbState> removedChildren) {
-      this.status = status;
-      this.removedChildren = removedChildren;
-    }
-  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
index 0c4792cb924..3793482c86b 100644
--- a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
@@ -87,62 +87,46 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       return addressValidityStatus;
     }
 
-    try {
-      resolvingAddresses = true;
-      AcceptResolvedAddrRetVal acceptRetVal = acceptResolvedAddressesInternal(resolvedAddresses);
-      if (!acceptRetVal.status.isOk()) {
-        return acceptRetVal.status;
-      }
-
-      // Now do the ringhash specific logic with weights and building the ring
-      RingHashConfig config = (RingHashConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
-      if (config == null) {
-        throw new IllegalArgumentException("Missing RingHash configuration");
+    // Now do the ringhash specific logic with weights and building the ring
+    RingHashConfig config = (RingHashConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
+    if (config == null) {
+      throw new IllegalArgumentException("Missing RingHash configuration");
+    }
+    Map<EquivalentAddressGroup, Long> serverWeights = new HashMap<>();
+    long totalWeight = 0L;
+    for (EquivalentAddressGroup eag : addrList) {
+      Long weight = eag.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT);
+      // Support two ways of server weighing: either multiple instances of the same address
+      // or each address contains a per-address weight attribute. If a weight is not provided,
+      // each occurrence of the address will be counted a weight value of one.
+      if (weight == null) {
+        weight = 1L;
       }
-      Map<EquivalentAddressGroup, Long> serverWeights = new HashMap<>();
-      long totalWeight = 0L;
-      for (EquivalentAddressGroup eag : addrList) {
-        Long weight = eag.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT);
-        // Support two ways of server weighing: either multiple instances of the same address
-        // or each address contains a per-address weight attribute. If a weight is not provided,
-        // each occurrence of the address will be counted a weight value of one.
-        if (weight == null) {
-          weight = 1L;
-        }
-        totalWeight += weight;
-        EquivalentAddressGroup addrKey = stripAttrs(eag);
-        if (serverWeights.containsKey(addrKey)) {
-          serverWeights.put(addrKey, serverWeights.get(addrKey) + weight);
-        } else {
-          serverWeights.put(addrKey, weight);
-        }
+      totalWeight += weight;
+      EquivalentAddressGroup addrKey = stripAttrs(eag);
+      if (serverWeights.containsKey(addrKey)) {
+        serverWeights.put(addrKey, serverWeights.get(addrKey) + weight);
+      } else {
+        serverWeights.put(addrKey, weight);
       }
-      // Calculate scale
-      long minWeight = Collections.min(serverWeights.values());
-      double normalizedMinWeight = (double) minWeight / totalWeight;
-      // Scale up the number of hashes per host such that the least-weighted host gets a whole
-      // number of hashes on the the ring. Other hosts might not end up with whole numbers, and
-      // that's fine (the ring-building algorithm can handle this). This preserves the original
-      // implementation's behavior: when weights aren't provided, all hosts should get an equal
-      // number of hashes. In the case where this number exceeds the max_ring_size, it's scaled
-      // back down to fit.
-      double scale = Math.min(
-          Math.ceil(normalizedMinWeight * config.minRingSize) / normalizedMinWeight,
-          (double) config.maxRingSize);
-
-      // Build the ring
-      ring = buildRing(serverWeights, totalWeight, scale);
-
-      // Must update channel picker before return so that new RPCs will not be routed to deleted
-      // clusters and resolver can remove them in service config.
-      updateOverallBalancingState();
-
-      shutdownRemoved(acceptRetVal.removedChildren);
-    } finally {
-      this.resolvingAddresses = false;
     }
-
-    return Status.OK;
+    // Calculate scale
+    long minWeight = Collections.min(serverWeights.values());
+    double normalizedMinWeight = (double) minWeight / totalWeight;
+    // Scale up the number of hashes per host such that the least-weighted host gets a whole
+    // number of hashes on the the ring. Other hosts might not end up with whole numbers, and
+    // that's fine (the ring-building algorithm can handle this). This preserves the original
+    // implementation's behavior: when weights aren't provided, all hosts should get an equal
+    // number of hashes. In the case where this number exceeds the max_ring_size, it's scaled
+    // back down to fit.
+    double scale = Math.min(
+        Math.ceil(normalizedMinWeight * config.minRingSize) / normalizedMinWeight,
+        (double) config.maxRingSize);
+
+    // Build the ring
+    ring = buildRing(serverWeights, totalWeight, scale);
+
+    return super.acceptResolvedAddresses(resolvedAddresses);
   }
 
 
diff --git a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
index 73764c63c80..b7b4fd51afe 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
@@ -170,31 +170,17 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     }
     config =
             (WeightedRoundRobinLoadBalancerConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
-    AcceptResolvedAddrRetVal acceptRetVal;
-    try {
-      resolvingAddresses = true;
-      acceptRetVal = acceptResolvedAddressesInternal(resolvedAddresses);
-      if (!acceptRetVal.status.isOk()) {
-        return acceptRetVal.status;
-      }
-
-      if (weightUpdateTimer != null && weightUpdateTimer.isPending()) {
-        weightUpdateTimer.cancel();
-      }
-      updateWeightTask.run();
 
-      createAndApplyOrcaListeners();
+    if (weightUpdateTimer != null && weightUpdateTimer.isPending()) {
+      weightUpdateTimer.cancel();
+    }
+    updateWeightTask.run();
 
-      // Must update channel picker before return so that new RPCs will not be routed to deleted
-      // clusters and resolver can remove them in service config.
-      updateOverallBalancingState();
+    Status status = super.acceptResolvedAddresses(resolvedAddresses);
 
-      shutdownRemoved(acceptRetVal.removedChildren);
-    } finally {
-      resolvingAddresses = false;
-    }
+    createAndApplyOrcaListeners();
 
-    return acceptRetVal.status;
+    return status;
   }
 
   /**

From 2b87b01651fa5d99ab1b1d9cbc4f87af5a1f5d6a Mon Sep 17 00:00:00 2001
From: Sergii Tkachenko <sergiitk@google.com>
Date: Tue, 18 Feb 2025 10:47:01 -0800
Subject: [PATCH 192/591] xds: Change how xDS filters are created by
 introducing Filter.Provider (#11883)

This is the first step towards supporting filter state retention in
Java. The mechanism will be similar to the one described in [A83]
(https://github.com/grpc/proposal/blob/master/A83-xds-gcp-authn-filter.md#filter-call-credentials-cache)
for C-core, and will serve the same purpose. However, the
implementation details are very different due to the different nature
of xDS HTTP filter support in C-core and Java.

In Java, xDS HTTP filters are backed by classes implementing
`io.grpc.xds.Filter`, from here just called "Filters". To support
Filter state retention (next PR), Java's xDS implementation must be
able to create unique Filter instances per:
- Per HCM
  `envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager`
- Per filter name as specified in
  `envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter.name`

This PR **does not** implements Filter state retention, but lays the
groundwork for it by changing how filters are registered and
instantiated. To achieve this, all existing Filter classes had to be
updated to the new instantiation mechanism described below.

Prior to these this PR, Filters had no livecycle. FilterRegistry
provided singleton instances for a given typeUrl. This PR introduces
a new interface `Filter.Provider`, which instantiates Filter classes.
All functionality that doesn't need an instance of a Filter is moved
to the Filter.Provider. This includes parsing filter config proto
into FilterConfig and determining the filter kind
(client-side, server-side, or both).

This PR is limited to refactoring, and there's no changes to the
existing behavior. Note that all Filter Providers still return
singleton Filter instances. However, with this PR, it is now possible
to create Providers that return a new Filter instance each time
`newInstance` is called.
---
 .../main/java/io/grpc/xds/FaultFilter.java    | 170 ++++++++++--------
 xds/src/main/java/io/grpc/xds/Filter.java     |  90 +++++++---
 .../main/java/io/grpc/xds/FilterRegistry.java |  16 +-
 .../io/grpc/xds/GcpAuthenticationFilter.java  |  78 ++++----
 .../java/io/grpc/xds/InternalRbacFilter.java  |   7 +-
 xds/src/main/java/io/grpc/xds/RbacFilter.java | 158 ++++++++--------
 .../main/java/io/grpc/xds/RouterFilter.java   |  65 ++++---
 .../java/io/grpc/xds/XdsListenerResource.java |  29 ++-
 .../java/io/grpc/xds/XdsNameResolver.java     |  31 ++--
 .../grpc/xds/XdsRouteConfigureResource.java   |   6 +-
 .../java/io/grpc/xds/XdsServerWrapper.java    |  66 ++++---
 .../java/io/grpc/xds/FaultFilterTest.java     |  19 +-
 .../grpc/xds/GcpAuthenticationFilterTest.java |  25 +--
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |  78 ++++----
 .../test/java/io/grpc/xds/RbacFilterTest.java |  35 ++--
 .../java/io/grpc/xds/RouterFilterTest.java    |  36 ++++
 .../java/io/grpc/xds/XdsNameResolverTest.java |  19 +-
 .../io/grpc/xds/XdsServerWrapperTest.java     |  61 ++++---
 18 files changed, 579 insertions(+), 410 deletions(-)
 create mode 100644 xds/src/test/java/io/grpc/xds/RouterFilterTest.java

diff --git a/xds/src/main/java/io/grpc/xds/FaultFilter.java b/xds/src/main/java/io/grpc/xds/FaultFilter.java
index c66861a9f15..2012fd36b62 100644
--- a/xds/src/main/java/io/grpc/xds/FaultFilter.java
+++ b/xds/src/main/java/io/grpc/xds/FaultFilter.java
@@ -45,7 +45,6 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.xds.FaultConfig.FaultAbort;
 import io.grpc.xds.FaultConfig.FaultDelay;
-import io.grpc.xds.Filter.ClientInterceptorBuilder;
 import io.grpc.xds.ThreadSafeRandom.ThreadSafeRandomImpl;
 import java.util.Locale;
 import java.util.concurrent.Executor;
@@ -56,10 +55,11 @@
 import javax.annotation.Nullable;
 
 /** HttpFault filter implementation. */
-final class FaultFilter implements Filter, ClientInterceptorBuilder {
+final class FaultFilter implements Filter {
 
-  static final FaultFilter INSTANCE =
+  private static final FaultFilter INSTANCE =
       new FaultFilter(ThreadSafeRandomImpl.instance, new AtomicLong());
+
   @VisibleForTesting
   static final Metadata.Key<String> HEADER_DELAY_KEY =
       Metadata.Key.of("x-envoy-fault-delay-request", Metadata.ASCII_STRING_MARSHALLER);
@@ -87,96 +87,108 @@ final class FaultFilter implements Filter, ClientInterceptorBuilder {
     this.activeFaultCounter = activeFaultCounter;
   }
 
-  @Override
-  public String[] typeUrls() {
-    return new String[] { TYPE_URL };
-  }
-
-  @Override
-  public ConfigOrError<FaultConfig> parseFilterConfig(Message rawProtoMessage) {
-    HTTPFault httpFaultProto;
-    if (!(rawProtoMessage instanceof Any)) {
-      return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
+  static final class Provider implements Filter.Provider {
+    @Override
+    public String[] typeUrls() {
+      return new String[]{TYPE_URL};
     }
-    Any anyMessage = (Any) rawProtoMessage;
-    try {
-      httpFaultProto = anyMessage.unpack(HTTPFault.class);
-    } catch (InvalidProtocolBufferException e) {
-      return ConfigOrError.fromError("Invalid proto: " + e);
+
+    @Override
+    public boolean isClientFilter() {
+      return true;
     }
-    return parseHttpFault(httpFaultProto);
-  }
 
-  private static ConfigOrError<FaultConfig> parseHttpFault(HTTPFault httpFault) {
-    FaultDelay faultDelay = null;
-    FaultAbort faultAbort = null;
-    if (httpFault.hasDelay()) {
-      faultDelay = parseFaultDelay(httpFault.getDelay());
+    @Override
+    public FaultFilter newInstance() {
+      return INSTANCE;
     }
-    if (httpFault.hasAbort()) {
-      ConfigOrError<FaultAbort> faultAbortOrError = parseFaultAbort(httpFault.getAbort());
-      if (faultAbortOrError.errorDetail != null) {
-        return ConfigOrError.fromError(
-            "HttpFault contains invalid FaultAbort: " + faultAbortOrError.errorDetail);
+
+    @Override
+    public ConfigOrError<FaultConfig> parseFilterConfig(Message rawProtoMessage) {
+      HTTPFault httpFaultProto;
+      if (!(rawProtoMessage instanceof Any)) {
+        return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
       }
-      faultAbort = faultAbortOrError.config;
-    }
-    Integer maxActiveFaults = null;
-    if (httpFault.hasMaxActiveFaults()) {
-      maxActiveFaults = httpFault.getMaxActiveFaults().getValue();
-      if (maxActiveFaults < 0) {
-        maxActiveFaults = Integer.MAX_VALUE;
+      Any anyMessage = (Any) rawProtoMessage;
+      try {
+        httpFaultProto = anyMessage.unpack(HTTPFault.class);
+      } catch (InvalidProtocolBufferException e) {
+        return ConfigOrError.fromError("Invalid proto: " + e);
       }
+      return parseHttpFault(httpFaultProto);
     }
-    return ConfigOrError.fromConfig(FaultConfig.create(faultDelay, faultAbort, maxActiveFaults));
-  }
 
-  private static FaultDelay parseFaultDelay(
-      io.envoyproxy.envoy.extensions.filters.common.fault.v3.FaultDelay faultDelay) {
-    FaultConfig.FractionalPercent percent = parsePercent(faultDelay.getPercentage());
-    if (faultDelay.hasHeaderDelay()) {
-      return FaultDelay.forHeader(percent);
+    @Override
+    public ConfigOrError<FaultConfig> parseFilterConfigOverride(Message rawProtoMessage) {
+      return parseFilterConfig(rawProtoMessage);
     }
-    return FaultDelay.forFixedDelay(Durations.toNanos(faultDelay.getFixedDelay()), percent);
-  }
 
-  @VisibleForTesting
-  static ConfigOrError<FaultAbort> parseFaultAbort(
-      io.envoyproxy.envoy.extensions.filters.http.fault.v3.FaultAbort faultAbort) {
-    FaultConfig.FractionalPercent percent = parsePercent(faultAbort.getPercentage());
-    switch (faultAbort.getErrorTypeCase()) {
-      case HEADER_ABORT:
-        return ConfigOrError.fromConfig(FaultAbort.forHeader(percent));
-      case HTTP_STATUS:
-        return ConfigOrError.fromConfig(FaultAbort.forStatus(
-            GrpcUtil.httpStatusToGrpcStatus(faultAbort.getHttpStatus()), percent));
-      case GRPC_STATUS:
-        return ConfigOrError.fromConfig(FaultAbort.forStatus(
-            Status.fromCodeValue(faultAbort.getGrpcStatus()), percent));
-      case ERRORTYPE_NOT_SET:
-      default:
-        return ConfigOrError.fromError(
-            "Unknown error type case: " + faultAbort.getErrorTypeCase());
+    private static ConfigOrError<FaultConfig> parseHttpFault(HTTPFault httpFault) {
+      FaultDelay faultDelay = null;
+      FaultAbort faultAbort = null;
+      if (httpFault.hasDelay()) {
+        faultDelay = parseFaultDelay(httpFault.getDelay());
+      }
+      if (httpFault.hasAbort()) {
+        ConfigOrError<FaultAbort> faultAbortOrError = parseFaultAbort(httpFault.getAbort());
+        if (faultAbortOrError.errorDetail != null) {
+          return ConfigOrError.fromError(
+              "HttpFault contains invalid FaultAbort: " + faultAbortOrError.errorDetail);
+        }
+        faultAbort = faultAbortOrError.config;
+      }
+      Integer maxActiveFaults = null;
+      if (httpFault.hasMaxActiveFaults()) {
+        maxActiveFaults = httpFault.getMaxActiveFaults().getValue();
+        if (maxActiveFaults < 0) {
+          maxActiveFaults = Integer.MAX_VALUE;
+        }
+      }
+      return ConfigOrError.fromConfig(FaultConfig.create(faultDelay, faultAbort, maxActiveFaults));
     }
-  }
 
-  private static FaultConfig.FractionalPercent parsePercent(FractionalPercent proto) {
-    switch (proto.getDenominator()) {
-      case HUNDRED:
-        return FaultConfig.FractionalPercent.perHundred(proto.getNumerator());
-      case TEN_THOUSAND:
-        return FaultConfig.FractionalPercent.perTenThousand(proto.getNumerator());
-      case MILLION:
-        return FaultConfig.FractionalPercent.perMillion(proto.getNumerator());
-      case UNRECOGNIZED:
-      default:
-        throw new IllegalArgumentException("Unknown denominator type: " + proto.getDenominator());
+    private static FaultDelay parseFaultDelay(
+        io.envoyproxy.envoy.extensions.filters.common.fault.v3.FaultDelay faultDelay) {
+      FaultConfig.FractionalPercent percent = parsePercent(faultDelay.getPercentage());
+      if (faultDelay.hasHeaderDelay()) {
+        return FaultDelay.forHeader(percent);
+      }
+      return FaultDelay.forFixedDelay(Durations.toNanos(faultDelay.getFixedDelay()), percent);
     }
-  }
 
-  @Override
-  public ConfigOrError<FaultConfig> parseFilterConfigOverride(Message rawProtoMessage) {
-    return parseFilterConfig(rawProtoMessage);
+    @VisibleForTesting
+    static ConfigOrError<FaultAbort> parseFaultAbort(
+        io.envoyproxy.envoy.extensions.filters.http.fault.v3.FaultAbort faultAbort) {
+      FaultConfig.FractionalPercent percent = parsePercent(faultAbort.getPercentage());
+      switch (faultAbort.getErrorTypeCase()) {
+        case HEADER_ABORT:
+          return ConfigOrError.fromConfig(FaultAbort.forHeader(percent));
+        case HTTP_STATUS:
+          return ConfigOrError.fromConfig(FaultAbort.forStatus(
+              GrpcUtil.httpStatusToGrpcStatus(faultAbort.getHttpStatus()), percent));
+        case GRPC_STATUS:
+          return ConfigOrError.fromConfig(FaultAbort.forStatus(
+              Status.fromCodeValue(faultAbort.getGrpcStatus()), percent));
+        case ERRORTYPE_NOT_SET:
+        default:
+          return ConfigOrError.fromError(
+              "Unknown error type case: " + faultAbort.getErrorTypeCase());
+      }
+    }
+
+    private static FaultConfig.FractionalPercent parsePercent(FractionalPercent proto) {
+      switch (proto.getDenominator()) {
+        case HUNDRED:
+          return FaultConfig.FractionalPercent.perHundred(proto.getNumerator());
+        case TEN_THOUSAND:
+          return FaultConfig.FractionalPercent.perTenThousand(proto.getNumerator());
+        case MILLION:
+          return FaultConfig.FractionalPercent.perMillion(proto.getNumerator());
+        case UNRECOGNIZED:
+        default:
+          throw new IllegalArgumentException("Unknown denominator type: " + proto.getDenominator());
+      }
+    }
   }
 
   @Nullable
diff --git a/xds/src/main/java/io/grpc/xds/Filter.java b/xds/src/main/java/io/grpc/xds/Filter.java
index 29f8cc4e337..ab61ba2b570 100644
--- a/xds/src/main/java/io/grpc/xds/Filter.java
+++ b/xds/src/main/java/io/grpc/xds/Filter.java
@@ -25,48 +25,82 @@
 import javax.annotation.Nullable;
 
 /**
- * Defines the parsing functionality of an HTTP filter. A Filter may optionally implement either
- * {@link ClientInterceptorBuilder} or {@link ServerInterceptorBuilder} or both, indicating it is
- * capable of working on the client side or server side or both, respectively.
+ * Defines the parsing functionality of an HTTP filter.
+ *
+ * <p>A Filter may optionally implement either {@link Filter#buildClientInterceptor} or
+ * {@link Filter#buildServerInterceptor} or both, and return true from corresponding
+ * {@link Provider#isClientFilter()}, {@link Provider#isServerFilter()} to indicate that the filter
+ * is capable of working on the client side or server side or both, respectively.
  */
 interface Filter {
 
-  /**
-   * The proto message types supported by this filter. A filter will be registered by each of its
-   * supported message types.
-   */
-  String[] typeUrls();
+  /** Represents an opaque data structure holding configuration for a filter. */
+  interface FilterConfig {
+    String typeUrl();
+  }
 
   /**
-   * Parses the top-level filter config from raw proto message. The message may be either a {@link
-   * com.google.protobuf.Any} or a {@link com.google.protobuf.Struct}.
+   * Common interface for filter providers.
    */
-  ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage);
+  interface Provider {
+    /**
+     * The proto message types supported by this filter. A filter will be registered by each of its
+     * supported message types.
+     */
+    String[] typeUrls();
 
-  /**
-   * Parses the per-filter override filter config from raw proto message. The message may be either
-   * a {@link com.google.protobuf.Any} or a {@link com.google.protobuf.Struct}.
-   */
-  ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(Message rawProtoMessage);
+    /**
+     * Whether the filter can be installed on the client side.
+     *
+     * <p>Returns true if the filter implements {@link Filter#buildClientInterceptor}.
+     */
+    default boolean isClientFilter() {
+      return false;
+    }
 
-  /** Represents an opaque data structure holding configuration for a filter. */
-  interface FilterConfig {
-    String typeUrl();
+    /**
+     * Whether the filter can be installed into xDS-enabled servers.
+     *
+     * <p>Returns true if the filter implements {@link Filter#buildServerInterceptor}.
+     */
+    default boolean isServerFilter() {
+      return false;
+    }
+
+    /**
+     * Creates a new instance of the filter.
+     *
+     * <p>Returns a filter instance registered with the same typeUrls as the provider,
+     * capable of working with the same FilterConfig type returned by provider's parse functions.
+     */
+    Filter newInstance();
+
+    /**
+     * Parses the top-level filter config from raw proto message. The message may be either a {@link
+     * com.google.protobuf.Any} or a {@link com.google.protobuf.Struct}.
+     */
+    ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage);
+
+    /**
+     * Parses the per-filter override filter config from raw proto message. The message may be
+     * either a {@link com.google.protobuf.Any} or a {@link com.google.protobuf.Struct}.
+     */
+    ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(Message rawProtoMessage);
   }
 
   /** Uses the FilterConfigs produced above to produce an HTTP filter interceptor for clients. */
-  interface ClientInterceptorBuilder {
-    @Nullable
-    ClientInterceptor buildClientInterceptor(
-        FilterConfig config, @Nullable FilterConfig overrideConfig,
-        ScheduledExecutorService scheduler);
+  @Nullable
+  default ClientInterceptor buildClientInterceptor(
+      FilterConfig config, @Nullable FilterConfig overrideConfig,
+      ScheduledExecutorService scheduler) {
+    return null;
   }
 
   /** Uses the FilterConfigs produced above to produce an HTTP filter interceptor for the server. */
-  interface ServerInterceptorBuilder {
-    @Nullable
-    ServerInterceptor buildServerInterceptor(
-        FilterConfig config, @Nullable FilterConfig overrideConfig);
+  @Nullable
+  default ServerInterceptor buildServerInterceptor(
+      FilterConfig config, @Nullable FilterConfig overrideConfig) {
+    return null;
   }
 
   /** Filter config with instance name. */
diff --git a/xds/src/main/java/io/grpc/xds/FilterRegistry.java b/xds/src/main/java/io/grpc/xds/FilterRegistry.java
index 7f1fe82c6c3..426c6d1b3f6 100644
--- a/xds/src/main/java/io/grpc/xds/FilterRegistry.java
+++ b/xds/src/main/java/io/grpc/xds/FilterRegistry.java
@@ -23,21 +23,21 @@
 
 /**
  * A registry for all supported {@link Filter}s. Filters can be queried from the registry
- * by any of the {@link Filter#typeUrls() type URLs}.
+ * by any of the {@link Filter.Provider#typeUrls() type URLs}.
  */
 final class FilterRegistry {
   private static FilterRegistry instance;
 
-  private final Map<String, Filter> supportedFilters = new HashMap<>();
+  private final Map<String, Filter.Provider> supportedFilters = new HashMap<>();
 
   private FilterRegistry() {}
 
   static synchronized FilterRegistry getDefaultRegistry() {
     if (instance == null) {
       instance = newRegistry().register(
-              FaultFilter.INSTANCE,
-              RouterFilter.INSTANCE,
-              RbacFilter.INSTANCE);
+              new FaultFilter.Provider(),
+              new RouterFilter.Provider(),
+              new RbacFilter.Provider());
     }
     return instance;
   }
@@ -48,8 +48,8 @@ static FilterRegistry newRegistry() {
   }
 
   @VisibleForTesting
-  FilterRegistry register(Filter... filters) {
-    for (Filter filter : filters) {
+  FilterRegistry register(Filter.Provider... filters) {
+    for (Filter.Provider filter : filters) {
       for (String typeUrl : filter.typeUrls()) {
         supportedFilters.put(typeUrl, filter);
       }
@@ -58,7 +58,7 @@ FilterRegistry register(Filter... filters) {
   }
 
   @Nullable
-  Filter get(String typeUrl) {
+  Filter.Provider get(String typeUrl) {
     return supportedFilters.get(typeUrl);
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index f73494d74db..7ed617c9843 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -35,7 +35,6 @@
 import io.grpc.MethodDescriptor;
 import io.grpc.Status;
 import io.grpc.auth.MoreCallCredentials;
-import io.grpc.xds.Filter.ClientInterceptorBuilder;
 import io.grpc.xds.MetadataRegistry.MetadataValueParser;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -47,50 +46,63 @@
  * A {@link Filter} that injects a {@link CallCredentials} to handle
  * authentication for xDS credentials.
  */
-final class GcpAuthenticationFilter implements Filter, ClientInterceptorBuilder {
+final class GcpAuthenticationFilter implements Filter {
 
   static final String TYPE_URL =
       "type.googleapis.com/envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig";
 
-  @Override
-  public String[] typeUrls() {
-    return new String[] { TYPE_URL };
-  }
+  static final class Provider implements Filter.Provider {
+    @Override
+    public String[] typeUrls() {
+      return new String[]{TYPE_URL};
+    }
 
-  @Override
-  public ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage) {
-    GcpAuthnFilterConfig gcpAuthnProto;
-    if (!(rawProtoMessage instanceof Any)) {
-      return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
+    @Override
+    public boolean isClientFilter() {
+      return true;
     }
-    Any anyMessage = (Any) rawProtoMessage;
 
-    try {
-      gcpAuthnProto = anyMessage.unpack(GcpAuthnFilterConfig.class);
-    } catch (InvalidProtocolBufferException e) {
-      return ConfigOrError.fromError("Invalid proto: " + e);
+    @Override
+    public GcpAuthenticationFilter newInstance() {
+      return new GcpAuthenticationFilter();
     }
 
-    long cacheSize = 10;
-    // Validate cache_config
-    if (gcpAuthnProto.hasCacheConfig()) {
-      TokenCacheConfig cacheConfig = gcpAuthnProto.getCacheConfig();
-      cacheSize = cacheConfig.getCacheSize().getValue();
-      if (cacheSize == 0) {
-        return ConfigOrError.fromError(
-            "cache_config.cache_size must be greater than zero");
+    @Override
+    public ConfigOrError<GcpAuthenticationConfig> parseFilterConfig(Message rawProtoMessage) {
+      GcpAuthnFilterConfig gcpAuthnProto;
+      if (!(rawProtoMessage instanceof Any)) {
+        return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
       }
-      // LruCache's size is an int and briefly exceeds its maximum size before evicting entries
-      cacheSize = UnsignedLongs.min(cacheSize, Integer.MAX_VALUE - 1);
-    }
+      Any anyMessage = (Any) rawProtoMessage;
 
-    GcpAuthenticationConfig config = new GcpAuthenticationConfig((int) cacheSize);
-    return ConfigOrError.fromConfig(config);
-  }
+      try {
+        gcpAuthnProto = anyMessage.unpack(GcpAuthnFilterConfig.class);
+      } catch (InvalidProtocolBufferException e) {
+        return ConfigOrError.fromError("Invalid proto: " + e);
+      }
 
-  @Override
-  public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(Message rawProtoMessage) {
-    return parseFilterConfig(rawProtoMessage);
+      long cacheSize = 10;
+      // Validate cache_config
+      if (gcpAuthnProto.hasCacheConfig()) {
+        TokenCacheConfig cacheConfig = gcpAuthnProto.getCacheConfig();
+        cacheSize = cacheConfig.getCacheSize().getValue();
+        if (cacheSize == 0) {
+          return ConfigOrError.fromError(
+              "cache_config.cache_size must be greater than zero");
+        }
+        // LruCache's size is an int and briefly exceeds its maximum size before evicting entries
+        cacheSize = UnsignedLongs.min(cacheSize, Integer.MAX_VALUE - 1);
+      }
+
+      GcpAuthenticationConfig config = new GcpAuthenticationConfig((int) cacheSize);
+      return ConfigOrError.fromConfig(config);
+    }
+
+    @Override
+    public ConfigOrError<GcpAuthenticationConfig> parseFilterConfigOverride(
+        Message rawProtoMessage) {
+      return parseFilterConfig(rawProtoMessage);
+    }
   }
 
   @Nullable
diff --git a/xds/src/main/java/io/grpc/xds/InternalRbacFilter.java b/xds/src/main/java/io/grpc/xds/InternalRbacFilter.java
index 54e6c748cd5..cedb3f4c85b 100644
--- a/xds/src/main/java/io/grpc/xds/InternalRbacFilter.java
+++ b/xds/src/main/java/io/grpc/xds/InternalRbacFilter.java
@@ -19,8 +19,6 @@
 import io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC;
 import io.grpc.Internal;
 import io.grpc.ServerInterceptor;
-import io.grpc.xds.RbacConfig;
-import io.grpc.xds.RbacFilter;
 
 /** This class exposes some functionality in RbacFilter to other packages. */
 @Internal
@@ -30,11 +28,12 @@ private InternalRbacFilter() {}
 
   /** Parses RBAC filter config and creates AuthorizationServerInterceptor. */
   public static ServerInterceptor createInterceptor(RBAC rbac) {
-    ConfigOrError<RbacConfig> filterConfig = RbacFilter.parseRbacConfig(rbac);
+    ConfigOrError<RbacConfig> filterConfig = RbacFilter.Provider.parseRbacConfig(rbac);
     if (filterConfig.errorDetail != null) {
       throw new IllegalArgumentException(
         String.format("Failed to parse Rbac policy: %s", filterConfig.errorDetail));
     }
-    return new RbacFilter().buildServerInterceptor(filterConfig.config, null);
+    return new RbacFilter.Provider().newInstance()
+        .buildServerInterceptor(filterConfig.config, null);
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/RbacFilter.java b/xds/src/main/java/io/grpc/xds/RbacFilter.java
index 6a55f7f193e..2bc4eeb846b 100644
--- a/xds/src/main/java/io/grpc/xds/RbacFilter.java
+++ b/xds/src/main/java/io/grpc/xds/RbacFilter.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.common.annotations.VisibleForTesting;
 import com.google.protobuf.Any;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
@@ -34,7 +33,6 @@
 import io.grpc.ServerCallHandler;
 import io.grpc.ServerInterceptor;
 import io.grpc.Status;
-import io.grpc.xds.Filter.ServerInterceptorBuilder;
 import io.grpc.xds.internal.MatcherParser;
 import io.grpc.xds.internal.Matchers;
 import io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine;
@@ -66,10 +64,10 @@
 import javax.annotation.Nullable;
 
 /** RBAC Http filter implementation. */
-final class RbacFilter implements Filter, ServerInterceptorBuilder {
+final class RbacFilter implements Filter {
   private static final Logger logger = Logger.getLogger(RbacFilter.class.getName());
 
-  static final RbacFilter INSTANCE = new RbacFilter();
+  private static final RbacFilter INSTANCE = new RbacFilter();
 
   static final String TYPE_URL =
           "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC";
@@ -77,87 +75,99 @@ final class RbacFilter implements Filter, ServerInterceptorBuilder {
   private static final String TYPE_URL_OVERRIDE_CONFIG =
           "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute";
 
-  RbacFilter() {}
+  private RbacFilter() {}
 
-  @Override
-  public String[] typeUrls() {
-    return new String[] { TYPE_URL, TYPE_URL_OVERRIDE_CONFIG };
-  }
+  static final class Provider implements Filter.Provider {
+    @Override
+    public String[] typeUrls() {
+      return new String[] {TYPE_URL, TYPE_URL_OVERRIDE_CONFIG};
+    }
 
-  @Override
-  public ConfigOrError<RbacConfig> parseFilterConfig(Message rawProtoMessage) {
-    RBAC rbacProto;
-    if (!(rawProtoMessage instanceof Any)) {
-      return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
+    @Override
+    public boolean isServerFilter() {
+      return true;
     }
-    Any anyMessage = (Any) rawProtoMessage;
-    try {
-      rbacProto = anyMessage.unpack(RBAC.class);
-    } catch (InvalidProtocolBufferException e) {
-      return ConfigOrError.fromError("Invalid proto: " + e);
+
+    @Override
+    public RbacFilter newInstance() {
+      return INSTANCE;
     }
-    return parseRbacConfig(rbacProto);
-  }
 
-  @VisibleForTesting
-  static ConfigOrError<RbacConfig> parseRbacConfig(RBAC rbac) {
-    if (!rbac.hasRules()) {
-      return ConfigOrError.fromConfig(RbacConfig.create(null));
+    @Override
+    public ConfigOrError<RbacConfig> parseFilterConfig(Message rawProtoMessage) {
+      RBAC rbacProto;
+      if (!(rawProtoMessage instanceof Any)) {
+        return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
+      }
+      Any anyMessage = (Any) rawProtoMessage;
+      try {
+        rbacProto = anyMessage.unpack(RBAC.class);
+      } catch (InvalidProtocolBufferException e) {
+        return ConfigOrError.fromError("Invalid proto: " + e);
+      }
+      return parseRbacConfig(rbacProto);
     }
-    io.envoyproxy.envoy.config.rbac.v3.RBAC rbacConfig = rbac.getRules();
-    GrpcAuthorizationEngine.Action authAction;
-    switch (rbacConfig.getAction()) {
-      case ALLOW:
-        authAction = GrpcAuthorizationEngine.Action.ALLOW;
-        break;
-      case DENY:
-        authAction = GrpcAuthorizationEngine.Action.DENY;
-        break;
-      case LOG:
+
+    @Override
+    public ConfigOrError<RbacConfig> parseFilterConfigOverride(Message rawProtoMessage) {
+      RBACPerRoute rbacPerRoute;
+      if (!(rawProtoMessage instanceof Any)) {
+        return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
+      }
+      Any anyMessage = (Any) rawProtoMessage;
+      try {
+        rbacPerRoute = anyMessage.unpack(RBACPerRoute.class);
+      } catch (InvalidProtocolBufferException e) {
+        return ConfigOrError.fromError("Invalid proto: " + e);
+      }
+      if (rbacPerRoute.hasRbac()) {
+        return parseRbacConfig(rbacPerRoute.getRbac());
+      } else {
         return ConfigOrError.fromConfig(RbacConfig.create(null));
-      case UNRECOGNIZED:
-      default:
-        return ConfigOrError.fromError("Unknown rbacConfig action type: " + rbacConfig.getAction());
+      }
     }
-    List<GrpcAuthorizationEngine.PolicyMatcher> policyMatchers = new ArrayList<>();
-    List<Entry<String, Policy>> sortedPolicyEntries = rbacConfig.getPoliciesMap().entrySet()
-        .stream()
-        .sorted((a,b) -> a.getKey().compareTo(b.getKey()))
-        .collect(Collectors.toList());
-    for (Map.Entry<String, Policy> entry: sortedPolicyEntries) {
-      try {
-        Policy policy = entry.getValue();
-        if (policy.hasCondition() || policy.hasCheckedCondition()) {
+
+    static ConfigOrError<RbacConfig> parseRbacConfig(RBAC rbac) {
+      if (!rbac.hasRules()) {
+        return ConfigOrError.fromConfig(RbacConfig.create(null));
+      }
+      io.envoyproxy.envoy.config.rbac.v3.RBAC rbacConfig = rbac.getRules();
+      GrpcAuthorizationEngine.Action authAction;
+      switch (rbacConfig.getAction()) {
+        case ALLOW:
+          authAction = GrpcAuthorizationEngine.Action.ALLOW;
+          break;
+        case DENY:
+          authAction = GrpcAuthorizationEngine.Action.DENY;
+          break;
+        case LOG:
+          return ConfigOrError.fromConfig(RbacConfig.create(null));
+        case UNRECOGNIZED:
+        default:
           return ConfigOrError.fromError(
-                  "Policy.condition and Policy.checked_condition must not set: " + entry.getKey());
+              "Unknown rbacConfig action type: " + rbacConfig.getAction());
+      }
+      List<GrpcAuthorizationEngine.PolicyMatcher> policyMatchers = new ArrayList<>();
+      List<Entry<String, Policy>> sortedPolicyEntries = rbacConfig.getPoliciesMap().entrySet()
+          .stream()
+          .sorted((a,b) -> a.getKey().compareTo(b.getKey()))
+          .collect(Collectors.toList());
+      for (Map.Entry<String, Policy> entry: sortedPolicyEntries) {
+        try {
+          Policy policy = entry.getValue();
+          if (policy.hasCondition() || policy.hasCheckedCondition()) {
+            return ConfigOrError.fromError(
+                "Policy.condition and Policy.checked_condition must not set: " + entry.getKey());
+          }
+          policyMatchers.add(PolicyMatcher.create(entry.getKey(),
+              parsePermissionList(policy.getPermissionsList()),
+              parsePrincipalList(policy.getPrincipalsList())));
+        } catch (Exception e) {
+          return ConfigOrError.fromError("Encountered error parsing policy: " + e);
         }
-        policyMatchers.add(PolicyMatcher.create(entry.getKey(),
-                parsePermissionList(policy.getPermissionsList()),
-                parsePrincipalList(policy.getPrincipalsList())));
-      } catch (Exception e) {
-        return ConfigOrError.fromError("Encountered error parsing policy: " + e);
       }
-    }
-    return ConfigOrError.fromConfig(RbacConfig.create(
-        AuthConfig.create(policyMatchers, authAction)));
-  }
-
-  @Override
-  public ConfigOrError<RbacConfig> parseFilterConfigOverride(Message rawProtoMessage) {
-    RBACPerRoute rbacPerRoute;
-    if (!(rawProtoMessage instanceof Any)) {
-      return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
-    }
-    Any anyMessage = (Any) rawProtoMessage;
-    try {
-      rbacPerRoute = anyMessage.unpack(RBACPerRoute.class);
-    } catch (InvalidProtocolBufferException e) {
-      return ConfigOrError.fromError("Invalid proto: " + e);
-    }
-    if (rbacPerRoute.hasRbac()) {
-      return parseRbacConfig(rbacPerRoute.getRbac());
-    } else {
-      return ConfigOrError.fromConfig(RbacConfig.create(null));
+      return ConfigOrError.fromConfig(RbacConfig.create(
+          AuthConfig.create(policyMatchers, authAction)));
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/RouterFilter.java b/xds/src/main/java/io/grpc/xds/RouterFilter.java
index 8038c1b98ae..939bd0b12ab 100644
--- a/xds/src/main/java/io/grpc/xds/RouterFilter.java
+++ b/xds/src/main/java/io/grpc/xds/RouterFilter.java
@@ -17,18 +17,12 @@
 package io.grpc.xds;
 
 import com.google.protobuf.Message;
-import io.grpc.ClientInterceptor;
-import io.grpc.ServerInterceptor;
-import io.grpc.xds.Filter.ClientInterceptorBuilder;
-import io.grpc.xds.Filter.ServerInterceptorBuilder;
-import java.util.concurrent.ScheduledExecutorService;
-import javax.annotation.Nullable;
 
 /**
  * Router filter implementation. Currently this filter does not parse any field in the config.
  */
-enum RouterFilter implements Filter, ClientInterceptorBuilder, ServerInterceptorBuilder {
-  INSTANCE;
+final class RouterFilter implements Filter {
+  private static final RouterFilter INSTANCE = new RouterFilter();
 
   static final String TYPE_URL =
       "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router";
@@ -36,7 +30,7 @@ enum RouterFilter implements Filter, ClientInterceptorBuilder, ServerInterceptor
   static final FilterConfig ROUTER_CONFIG = new FilterConfig() {
     @Override
     public String typeUrl() {
-      return RouterFilter.TYPE_URL;
+      return TYPE_URL;
     }
 
     @Override
@@ -45,33 +39,38 @@ public String toString() {
     }
   };
 
-  @Override
-  public String[] typeUrls() {
-    return new String[] { TYPE_URL };
-  }
+  static final class Provider implements Filter.Provider {
+    @Override
+    public String[] typeUrls() {
+      return new String[]{TYPE_URL};
+    }
 
-  @Override
-  public ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage) {
-    return ConfigOrError.fromConfig(ROUTER_CONFIG);
-  }
+    @Override
+    public boolean isClientFilter() {
+      return true;
+    }
 
-  @Override
-  public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(Message rawProtoMessage) {
-    return ConfigOrError.fromError("Router Filter should not have override config");
-  }
+    @Override
+    public boolean isServerFilter() {
+      return true;
+    }
 
-  @Nullable
-  @Override
-  public ClientInterceptor buildClientInterceptor(
-      FilterConfig config, @Nullable FilterConfig overrideConfig,
-      ScheduledExecutorService scheduler) {
-    return null;
-  }
+    @Override
+    public RouterFilter newInstance() {
+      return INSTANCE;
+    }
 
-  @Nullable
-  @Override
-  public ServerInterceptor buildServerInterceptor(
-      FilterConfig config, @Nullable Filter.FilterConfig overrideConfig) {
-    return null;
+    @Override
+    public ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage) {
+      return ConfigOrError.fromConfig(ROUTER_CONFIG);
+    }
+
+    @Override
+    public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(
+        Message rawProtoMessage) {
+      return ConfigOrError.fromError("Router Filter should not have override config");
+    }
   }
+
+  private RouterFilter() {}
 }
diff --git a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
index a18b093e38f..4b554be1743 100644
--- a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
@@ -575,12 +575,8 @@ static StructOrError<Filter.FilterConfig> parseHttpFilter(
     String filterName = httpFilter.getName();
     boolean isOptional = httpFilter.getIsOptional();
     if (!httpFilter.hasTypedConfig()) {
-      if (isOptional) {
-        return null;
-      } else {
-        return StructOrError.fromError(
-            "HttpFilter [" + filterName + "] is not optional and has no typed config");
-      }
+      return isOptional ? null : StructOrError.fromError(
+          "HttpFilter [" + filterName + "] is not optional and has no typed config");
     }
     Message rawConfig = httpFilter.getTypedConfig();
     String typeUrl = httpFilter.getTypedConfig().getTypeUrl();
@@ -600,18 +596,17 @@ static StructOrError<Filter.FilterConfig> parseHttpFilter(
       return StructOrError.fromError(
           "HttpFilter [" + filterName + "] contains invalid proto: " + e);
     }
-    Filter filter = filterRegistry.get(typeUrl);
-    if ((isForClient && !(filter instanceof Filter.ClientInterceptorBuilder))
-        || (!isForClient && !(filter instanceof Filter.ServerInterceptorBuilder))) {
-      if (isOptional) {
-        return null;
-      } else {
-        return StructOrError.fromError(
-            "HttpFilter [" + filterName + "](" + typeUrl + ") is required but unsupported for "
-                + (isForClient ? "client" : "server"));
-      }
+
+    Filter.Provider provider = filterRegistry.get(typeUrl);
+    if (provider == null
+        || (isForClient && !provider.isClientFilter())
+        || (!isForClient && !provider.isServerFilter())) {
+      // Filter type not supported.
+      return isOptional ? null : StructOrError.fromError(
+          "HttpFilter [" + filterName + "](" + typeUrl + ") is required but unsupported for " + (
+              isForClient ? "client" : "server"));
     }
-    ConfigOrError<? extends FilterConfig> filterConfig = filter.parseFilterConfig(rawConfig);
+    ConfigOrError<? extends FilterConfig> filterConfig = provider.parseFilterConfig(rawConfig);
     if (filterConfig.errorDetail != null) {
       return StructOrError.fromError(
           "Invalid filter config for HttpFilter [" + filterName + "]: " + filterConfig.errorDetail);
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 21f5d5efce6..b7b1ed0bdba 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -49,7 +49,6 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.ClusterSpecifierPlugin.PluginConfig;
-import io.grpc.xds.Filter.ClientInterceptorBuilder;
 import io.grpc.xds.Filter.FilterConfig;
 import io.grpc.xds.Filter.NamedFilterConfig;
 import io.grpc.xds.RouteLookupServiceClusterSpecifierPlugin.RlsPluginConfig;
@@ -827,26 +826,36 @@ private ClientInterceptor createFilters(
       if (filterConfigs == null) {
         return new PassthroughClientInterceptor();
       }
+
       Map<String, FilterConfig> selectedOverrideConfigs =
           new HashMap<>(virtualHost.filterConfigOverrides());
       selectedOverrideConfigs.putAll(route.filterConfigOverrides());
       if (weightedCluster != null) {
         selectedOverrideConfigs.putAll(weightedCluster.filterConfigOverrides());
       }
+
       ImmutableList.Builder<ClientInterceptor> filterInterceptors = ImmutableList.builder();
       for (NamedFilterConfig namedFilter : filterConfigs) {
-        FilterConfig filterConfig = namedFilter.filterConfig;
-        Filter filter = filterRegistry.get(filterConfig.typeUrl());
-        if (filter instanceof ClientInterceptorBuilder) {
-          ClientInterceptor interceptor = ((ClientInterceptorBuilder) filter)
-              .buildClientInterceptor(
-                  filterConfig, selectedOverrideConfigs.get(namedFilter.name),
-                  scheduler);
-          if (interceptor != null) {
-            filterInterceptors.add(interceptor);
-          }
+        FilterConfig config = namedFilter.filterConfig;
+        String name = namedFilter.name;
+        String typeUrl = config.typeUrl();
+
+        Filter.Provider provider = filterRegistry.get(typeUrl);
+        if (provider == null || !provider.isClientFilter()) {
+          continue;
+        }
+
+        Filter filter = provider.newInstance();
+
+        ClientInterceptor interceptor =
+            filter.buildClientInterceptor(config, selectedOverrideConfigs.get(name), scheduler);
+        if (interceptor != null) {
+          filterInterceptors.add(interceptor);
         }
       }
+
+      // Combine interceptors produced by different filters into a single one that executes
+      // them sequentially. The order is preserved.
       return combineInterceptors(filterInterceptors.build());
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
index c5ca8d45cb3..80a77cbb1d4 100644
--- a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
@@ -245,8 +245,8 @@ static StructOrError<Map<String, FilterConfig>> parseOverrideFilterConfigs(
         return StructOrError.fromError(
             "FilterConfig [" + name + "] contains invalid proto: " + e);
       }
-      Filter filter = filterRegistry.get(typeUrl);
-      if (filter == null) {
+      Filter.Provider provider = filterRegistry.get(typeUrl);
+      if (provider == null) {
         if (isOptional) {
           continue;
         }
@@ -254,7 +254,7 @@ static StructOrError<Map<String, FilterConfig>> parseOverrideFilterConfigs(
             "HttpFilter [" + name + "](" + typeUrl + ") is required but unsupported");
       }
       ConfigOrError<? extends Filter.FilterConfig> filterConfig =
-          filter.parseFilterConfigOverride(rawConfig);
+          provider.parseFilterConfigOverride(rawConfig);
       if (filterConfig.errorDetail != null) {
         return StructOrError.fromError(
             "Invalid filter config for HttpFilter [" + name + "]: " + filterConfig.errorDetail);
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index 3a9b98ee321..bbb17d9b616 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -47,7 +47,6 @@
 import io.grpc.xds.EnvoyServerProtoData.FilterChain;
 import io.grpc.xds.Filter.FilterConfig;
 import io.grpc.xds.Filter.NamedFilterConfig;
-import io.grpc.xds.Filter.ServerInterceptorBuilder;
 import io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector;
 import io.grpc.xds.ThreadSafeRandom.ThreadSafeRandomImpl;
 import io.grpc.xds.VirtualHost.Route;
@@ -524,37 +523,56 @@ private AtomicReference<ServerRoutingConfig> generateRoutingConfig(FilterChain f
     }
 
     private ImmutableMap<Route, ServerInterceptor> generatePerRouteInterceptors(
-        List<NamedFilterConfig> namedFilterConfigs, List<VirtualHost> virtualHosts) {
+        @Nullable List<NamedFilterConfig> filterConfigs, List<VirtualHost> virtualHosts) {
+      // This should always be called from the sync context.
+      // Ideally we'd want to throw otherwise, but this breaks the tests now.
+      // syncContext.throwIfNotInThisSynchronizationContext();
+
       ImmutableMap.Builder<Route, ServerInterceptor> perRouteInterceptors =
           new ImmutableMap.Builder<>();
+
       for (VirtualHost virtualHost : virtualHosts) {
         for (Route route : virtualHost.routes()) {
-          List<ServerInterceptor> filterInterceptors = new ArrayList<>();
-          Map<String, FilterConfig> selectedOverrideConfigs =
-              new HashMap<>(virtualHost.filterConfigOverrides());
-          selectedOverrideConfigs.putAll(route.filterConfigOverrides());
-          if (namedFilterConfigs != null) {
-            for (NamedFilterConfig namedFilterConfig : namedFilterConfigs) {
-              FilterConfig filterConfig = namedFilterConfig.filterConfig;
-              Filter filter = filterRegistry.get(filterConfig.typeUrl());
-              if (filter instanceof ServerInterceptorBuilder) {
-                ServerInterceptor interceptor =
-                    ((ServerInterceptorBuilder) filter).buildServerInterceptor(
-                        filterConfig, selectedOverrideConfigs.get(namedFilterConfig.name));
-                if (interceptor != null) {
-                  filterInterceptors.add(interceptor);
-                }
-              } else {
-                logger.log(Level.WARNING, "HttpFilterConfig(type URL: "
-                    + filterConfig.typeUrl() + ") is not supported on server-side. "
-                    + "Probably a bug at ClientXdsClient verification.");
-              }
+          // Short circuit.
+          if (filterConfigs == null) {
+            perRouteInterceptors.put(route, noopInterceptor);
+            continue;
+          }
+
+          // Override vhost filter configs with more specific per-route configs.
+          Map<String, FilterConfig> perRouteOverrides = ImmutableMap.<String, FilterConfig>builder()
+              .putAll(virtualHost.filterConfigOverrides())
+              .putAll(route.filterConfigOverrides())
+              .buildKeepingLast();
+
+          // Interceptors for this vhost/route combo.
+          List<ServerInterceptor> interceptors = new ArrayList<>(filterConfigs.size());
+
+          for (NamedFilterConfig namedFilter : filterConfigs) {
+            FilterConfig config = namedFilter.filterConfig;
+            String name = namedFilter.name;
+            String typeUrl = config.typeUrl();
+
+            Filter.Provider provider = filterRegistry.get(typeUrl);
+            if (provider == null || !provider.isServerFilter()) {
+              logger.warning("HttpFilter[" + name + "]: not supported on server-side: " + typeUrl);
+              continue;
+            }
+
+            Filter filter = provider.newInstance();
+            ServerInterceptor interceptor =
+                filter.buildServerInterceptor(config, perRouteOverrides.get(name));
+            if (interceptor != null) {
+              interceptors.add(interceptor);
             }
           }
-          ServerInterceptor interceptor = combineInterceptors(filterInterceptors);
-          perRouteInterceptors.put(route, interceptor);
+
+          // Combine interceptors produced by different filters into a single one that executes
+          // them sequentially. The order is preserved.
+          perRouteInterceptors.put(route, combineInterceptors(interceptors));
         }
       }
+
       return perRouteInterceptors.buildOrThrow();
     }
 
diff --git a/xds/src/test/java/io/grpc/xds/FaultFilterTest.java b/xds/src/test/java/io/grpc/xds/FaultFilterTest.java
index f85f29ec0a3..8f0a33951b0 100644
--- a/xds/src/test/java/io/grpc/xds/FaultFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/FaultFilterTest.java
@@ -33,16 +33,23 @@
 /** Tests for {@link FaultFilter}. */
 @RunWith(JUnit4.class)
 public class FaultFilterTest {
+  private static final FaultFilter.Provider FILTER_PROVIDER = new FaultFilter.Provider();
+
+  @Test
+  public void filterType_clientOnly() {
+    assertThat(FILTER_PROVIDER.isClientFilter()).isTrue();
+    assertThat(FILTER_PROVIDER.isServerFilter()).isFalse();
+  }
 
   @Test
   public void parseFaultAbort_convertHttpStatus() {
     Any rawConfig = Any.pack(
         HTTPFault.newBuilder().setAbort(FaultAbort.newBuilder().setHttpStatus(404)).build());
-    FaultConfig faultConfig = FaultFilter.INSTANCE.parseFilterConfig(rawConfig).config;
+    FaultConfig faultConfig = FILTER_PROVIDER.parseFilterConfig(rawConfig).config;
     assertThat(faultConfig.faultAbort().status().getCode())
         .isEqualTo(GrpcUtil.httpStatusToGrpcStatus(404).getCode());
-    FaultConfig faultConfigOverride =
-        FaultFilter.INSTANCE.parseFilterConfigOverride(rawConfig).config;
+
+    FaultConfig faultConfigOverride = FILTER_PROVIDER.parseFilterConfigOverride(rawConfig).config;
     assertThat(faultConfigOverride.faultAbort().status().getCode())
         .isEqualTo(GrpcUtil.httpStatusToGrpcStatus(404).getCode());
   }
@@ -54,7 +61,7 @@ public void parseFaultAbort_withHeaderAbort() {
             .setPercentage(FractionalPercent.newBuilder()
                 .setNumerator(20).setDenominator(DenominatorType.HUNDRED))
             .setHeaderAbort(HeaderAbort.getDefaultInstance()).build();
-    FaultConfig.FaultAbort faultAbort = FaultFilter.parseFaultAbort(proto).config;
+    FaultConfig.FaultAbort faultAbort = FaultFilter.Provider.parseFaultAbort(proto).config;
     assertThat(faultAbort.headerAbort()).isTrue();
     assertThat(faultAbort.percent().numerator()).isEqualTo(20);
     assertThat(faultAbort.percent().denominatorType())
@@ -68,7 +75,7 @@ public void parseFaultAbort_withHttpStatus() {
             .setPercentage(FractionalPercent.newBuilder()
                 .setNumerator(100).setDenominator(DenominatorType.TEN_THOUSAND))
             .setHttpStatus(400).build();
-    FaultConfig.FaultAbort res = FaultFilter.parseFaultAbort(proto).config;
+    FaultConfig.FaultAbort res = FaultFilter.Provider.parseFaultAbort(proto).config;
     assertThat(res.percent().numerator()).isEqualTo(100);
     assertThat(res.percent().denominatorType())
         .isEqualTo(FaultConfig.FractionalPercent.DenominatorType.TEN_THOUSAND);
@@ -82,7 +89,7 @@ public void parseFaultAbort_withGrpcStatus() {
             .setPercentage(FractionalPercent.newBuilder()
                 .setNumerator(600).setDenominator(DenominatorType.MILLION))
             .setGrpcStatus(Code.DEADLINE_EXCEEDED.value()).build();
-    FaultConfig.FaultAbort faultAbort = FaultFilter.parseFaultAbort(proto).config;
+    FaultConfig.FaultAbort faultAbort = FaultFilter.Provider.parseFaultAbort(proto).config;
     assertThat(faultAbort.percent().numerator()).isEqualTo(600);
     assertThat(faultAbort.percent().denominatorType())
         .isEqualTo(FaultConfig.FractionalPercent.DenominatorType.MILLION);
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
index 3ca240ab7c7..52efaf9bd7b 100644
--- a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -35,6 +35,7 @@
 import io.grpc.ClientInterceptor;
 import io.grpc.MethodDescriptor;
 import io.grpc.testing.TestMethodDescriptors;
+import io.grpc.xds.GcpAuthenticationFilter.GcpAuthenticationConfig;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -43,6 +44,14 @@
 
 @RunWith(JUnit4.class)
 public class GcpAuthenticationFilterTest {
+  private static final GcpAuthenticationFilter.Provider FILTER_PROVIDER =
+      new GcpAuthenticationFilter.Provider();
+
+  @Test
+  public void filterType_clientOnly() {
+    assertThat(FILTER_PROVIDER.isClientFilter()).isTrue();
+    assertThat(FILTER_PROVIDER.isServerFilter()).isFalse();
+  }
 
   @Test
   public void testParseFilterConfig_withValidConfig() {
@@ -51,13 +60,11 @@ public void testParseFilterConfig_withValidConfig() {
         .build();
     Any anyMessage = Any.pack(config);
 
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
-    ConfigOrError<? extends Filter.FilterConfig> result = filter.parseFilterConfig(anyMessage);
+    ConfigOrError<GcpAuthenticationConfig> result = FILTER_PROVIDER.parseFilterConfig(anyMessage);
 
     assertNotNull(result.config);
     assertNull(result.errorDetail);
-    assertEquals(20L,
-        ((GcpAuthenticationFilter.GcpAuthenticationConfig) result.config).getCacheSize());
+    assertEquals(20L, result.config.getCacheSize());
   }
 
   @Test
@@ -67,8 +74,7 @@ public void testParseFilterConfig_withZeroCacheSize() {
         .build();
     Any anyMessage = Any.pack(config);
 
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
-    ConfigOrError<? extends Filter.FilterConfig> result = filter.parseFilterConfig(anyMessage);
+    ConfigOrError<GcpAuthenticationConfig> result = FILTER_PROVIDER.parseFilterConfig(anyMessage);
 
     assertNull(result.config);
     assertNotNull(result.errorDetail);
@@ -77,9 +83,9 @@ public void testParseFilterConfig_withZeroCacheSize() {
 
   @Test
   public void testParseFilterConfig_withInvalidMessageType() {
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
     Message invalidMessage = Empty.getDefaultInstance();
-    ConfigOrError<? extends Filter.FilterConfig> result = filter.parseFilterConfig(invalidMessage);
+    ConfigOrError<GcpAuthenticationConfig> result =
+        FILTER_PROVIDER.parseFilterConfig(invalidMessage);
 
     assertNull(result.config);
     assertThat(result.errorDetail).contains("Invalid config type");
@@ -87,8 +93,7 @@ public void testParseFilterConfig_withInvalidMessageType() {
 
   @Test
   public void testClientInterceptor_createsAndReusesCachedCredentials() {
-    GcpAuthenticationFilter.GcpAuthenticationConfig config =
-        new GcpAuthenticationFilter.GcpAuthenticationConfig(10);
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
     GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
 
     // Create interceptor
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 314b2094480..610d147ccf9 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -110,7 +110,6 @@
 import io.envoyproxy.envoy.type.v3.FractionalPercent;
 import io.envoyproxy.envoy.type.v3.FractionalPercent.DenominatorType;
 import io.envoyproxy.envoy.type.v3.Int64Range;
-import io.grpc.ClientInterceptor;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.LoadBalancerRegistry;
@@ -150,9 +149,7 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
-import javax.annotation.Nullable;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -165,6 +162,10 @@
 @RunWith(JUnit4.class)
 public class GrpcXdsClientImplDataTest {
 
+  private static final FaultFilter.Provider FAULT_FILTER_PROVIDER = new FaultFilter.Provider();
+  private static final RbacFilter.Provider RBAC_FILTER_PROVIDER = new RbacFilter.Provider();
+  private static final RouterFilter.Provider ROUTER_FILTER_PROVIDER = new RouterFilter.Provider();
+
   private static final ServerInfo LRS_SERVER_INFO =
       ServerInfo.create("lrs.googleapis.com", InsecureChannelCredentials.create());
   private static final String GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE =
@@ -1243,36 +1244,39 @@ public String typeUrl() {
     }
   }
 
-  private static class TestFilter implements io.grpc.xds.Filter,
-      io.grpc.xds.Filter.ClientInterceptorBuilder {
-    @Override
-    public String[] typeUrls() {
-      return new String[]{"test-url"};
-    }
+  private static class TestFilter implements io.grpc.xds.Filter {
 
-    @Override
-    public ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage) {
-      return ConfigOrError.fromConfig(new SimpleFilterConfig(rawProtoMessage));
-    }
+    static final class Provider implements io.grpc.xds.Filter.Provider {
+      @Override
+      public String[] typeUrls() {
+        return new String[]{"test-url"};
+      }
 
-    @Override
-    public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(
-        Message rawProtoMessage) {
-      return ConfigOrError.fromConfig(new SimpleFilterConfig(rawProtoMessage));
-    }
+      @Override
+      public boolean isClientFilter() {
+        return true;
+      }
 
-    @Nullable
-    @Override
-    public ClientInterceptor buildClientInterceptor(FilterConfig config,
-                                                    @Nullable FilterConfig overrideConfig,
-                                                    ScheduledExecutorService scheduler) {
-      return null;
+      @Override
+      public TestFilter newInstance() {
+        return new TestFilter();
+      }
+
+      @Override
+      public ConfigOrError<SimpleFilterConfig> parseFilterConfig(Message rawProtoMessage) {
+        return ConfigOrError.fromConfig(new SimpleFilterConfig(rawProtoMessage));
+      }
+
+      @Override
+      public ConfigOrError<SimpleFilterConfig> parseFilterConfigOverride(Message rawProtoMessage) {
+        return ConfigOrError.fromConfig(new SimpleFilterConfig(rawProtoMessage));
+      }
     }
   }
 
   @Test
   public void parseHttpFilter_typedStructMigration() {
-    filterRegistry.register(new TestFilter());
+    filterRegistry.register(new TestFilter.Provider());
     Struct rawStruct = Struct.newBuilder()
         .putFields("name", Value.newBuilder().setStringValue("default").build())
         .build();
@@ -1301,7 +1305,7 @@ public void parseHttpFilter_typedStructMigration() {
 
   @Test
   public void parseOverrideHttpFilter_typedStructMigration() {
-    filterRegistry.register(new TestFilter());
+    filterRegistry.register(new TestFilter.Provider());
     Struct rawStruct0 = Struct.newBuilder()
         .putFields("name", Value.newBuilder().setStringValue("default0").build())
         .build();
@@ -1342,7 +1346,7 @@ public void parseHttpFilter_unsupportedAndRequired() {
 
   @Test
   public void parseHttpFilter_routerFilterForClient() {
-    filterRegistry.register(RouterFilter.INSTANCE);
+    filterRegistry.register(ROUTER_FILTER_PROVIDER);
     HttpFilter httpFilter =
         HttpFilter.newBuilder()
             .setIsOptional(false)
@@ -1356,7 +1360,7 @@ public void parseHttpFilter_routerFilterForClient() {
 
   @Test
   public void parseHttpFilter_routerFilterForServer() {
-    filterRegistry.register(RouterFilter.INSTANCE);
+    filterRegistry.register(ROUTER_FILTER_PROVIDER);
     HttpFilter httpFilter =
         HttpFilter.newBuilder()
             .setIsOptional(false)
@@ -1370,7 +1374,7 @@ public void parseHttpFilter_routerFilterForServer() {
 
   @Test
   public void parseHttpFilter_faultConfigForClient() {
-    filterRegistry.register(FaultFilter.INSTANCE);
+    filterRegistry.register(FAULT_FILTER_PROVIDER);
     HttpFilter httpFilter =
         HttpFilter.newBuilder()
             .setIsOptional(false)
@@ -1397,7 +1401,7 @@ public void parseHttpFilter_faultConfigForClient() {
 
   @Test
   public void parseHttpFilter_faultConfigUnsupportedForServer() {
-    filterRegistry.register(FaultFilter.INSTANCE);
+    filterRegistry.register(FAULT_FILTER_PROVIDER);
     HttpFilter httpFilter =
         HttpFilter.newBuilder()
             .setIsOptional(false)
@@ -1426,7 +1430,7 @@ public void parseHttpFilter_faultConfigUnsupportedForServer() {
 
   @Test
   public void parseHttpFilter_rbacConfigForServer() {
-    filterRegistry.register(RbacFilter.INSTANCE);
+    filterRegistry.register(RBAC_FILTER_PROVIDER);
     HttpFilter httpFilter =
         HttpFilter.newBuilder()
             .setIsOptional(false)
@@ -1453,7 +1457,7 @@ public void parseHttpFilter_rbacConfigForServer() {
 
   @Test
   public void parseHttpFilter_rbacConfigUnsupportedForClient() {
-    filterRegistry.register(RbacFilter.INSTANCE);
+    filterRegistry.register(RBAC_FILTER_PROVIDER);
     HttpFilter httpFilter =
         HttpFilter.newBuilder()
             .setIsOptional(false)
@@ -1482,7 +1486,7 @@ public void parseHttpFilter_rbacConfigUnsupportedForClient() {
 
   @Test
   public void parseOverrideRbacFilterConfig() {
-    filterRegistry.register(RbacFilter.INSTANCE);
+    filterRegistry.register(RBAC_FILTER_PROVIDER);
     RBACPerRoute rbacPerRoute =
         RBACPerRoute.newBuilder()
             .setRbac(
@@ -1508,7 +1512,7 @@ public void parseOverrideRbacFilterConfig() {
 
   @Test
   public void parseOverrideFilterConfigs_unsupportedButOptional() {
-    filterRegistry.register(FaultFilter.INSTANCE);
+    filterRegistry.register(FAULT_FILTER_PROVIDER);
     HTTPFault httpFault = HTTPFault.newBuilder()
         .setDelay(FaultDelay.newBuilder().setFixedDelay(Durations.fromNanos(3000)))
         .build();
@@ -1528,7 +1532,7 @@ public void parseOverrideFilterConfigs_unsupportedButOptional() {
 
   @Test
   public void parseOverrideFilterConfigs_unsupportedAndRequired() {
-    filterRegistry.register(FaultFilter.INSTANCE);
+    filterRegistry.register(FAULT_FILTER_PROVIDER);
     HTTPFault httpFault = HTTPFault.newBuilder()
         .setDelay(FaultDelay.newBuilder().setFixedDelay(Durations.fromNanos(3000)))
         .build();
@@ -1620,7 +1624,7 @@ public void parseHttpConnectionManager_duplicateHttpFilters() throws ResourceInv
 
   @Test
   public void parseHttpConnectionManager_lastNotTerminal() throws ResourceInvalidException {
-    filterRegistry.register(FaultFilter.INSTANCE);
+    filterRegistry.register(FAULT_FILTER_PROVIDER);
     HttpConnectionManager hcm =
           HttpConnectionManager.newBuilder()
               .addHttpFilters(
@@ -1638,7 +1642,7 @@ public void parseHttpConnectionManager_lastNotTerminal() throws ResourceInvalidE
 
   @Test
   public void parseHttpConnectionManager_terminalNotLast() throws ResourceInvalidException {
-    filterRegistry.register(RouterFilter.INSTANCE);
+    filterRegistry.register(ROUTER_FILTER_PROVIDER);
     HttpConnectionManager hcm =
             HttpConnectionManager.newBuilder()
                     .addHttpFilters(
diff --git a/xds/src/test/java/io/grpc/xds/RbacFilterTest.java b/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
index 013b21e3f45..7f195693d84 100644
--- a/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
@@ -78,6 +78,13 @@ public class RbacFilterTest {
   private static final String PATH = "auth";
   private static final StringMatcher STRING_MATCHER =
           StringMatcher.newBuilder().setExact("/" + PATH).setIgnoreCase(true).build();
+  private static final RbacFilter.Provider FILTER_PROVIDER = new RbacFilter.Provider();
+
+  @Test
+  public void filterType_serverOnly() {
+    assertThat(FILTER_PROVIDER.isClientFilter()).isFalse();
+    assertThat(FILTER_PROVIDER.isServerFilter()).isTrue();
+  }
 
   @Test
   @SuppressWarnings({"unchecked", "deprecation"})
@@ -252,7 +259,7 @@ public void testAuthorizationInterceptor() {
             OrMatcher.create(AlwaysTrueMatcher.INSTANCE));
     AuthConfig authconfig = AuthConfig.create(Collections.singletonList(policyMatcher),
             GrpcAuthorizationEngine.Action.ALLOW);
-    new RbacFilter().buildServerInterceptor(RbacConfig.create(authconfig), null)
+    FILTER_PROVIDER.newInstance().buildServerInterceptor(RbacConfig.create(authconfig), null)
             .interceptCall(mockServerCall, new Metadata(), mockHandler);
     verify(mockHandler, never()).startCall(eq(mockServerCall), any(Metadata.class));
     ArgumentCaptor<Status> captor = ArgumentCaptor.forClass(Status.class);
@@ -264,7 +271,7 @@ public void testAuthorizationInterceptor() {
 
     authconfig = AuthConfig.create(Collections.singletonList(policyMatcher),
             GrpcAuthorizationEngine.Action.DENY);
-    new RbacFilter().buildServerInterceptor(RbacConfig.create(authconfig), null)
+    FILTER_PROVIDER.newInstance().buildServerInterceptor(RbacConfig.create(authconfig), null)
             .interceptCall(mockServerCall, new Metadata(), mockHandler);
     verify(mockHandler).startCall(eq(mockServerCall), any(Metadata.class));
   }
@@ -290,7 +297,7 @@ public void handleException() {
                     .putPolicies("policy-name",
                             Policy.newBuilder().setCondition(Expr.newBuilder().build()).build())
                     .build()).build();
-    result = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
+    result = FILTER_PROVIDER.parseFilterConfig(Any.pack(rawProto));
     assertThat(result.errorDetail).isNotNull();
   }
 
@@ -312,10 +319,10 @@ public void overrideConfig() {
     RbacConfig original = RbacConfig.create(authconfig);
 
     RBACPerRoute rbacPerRoute = RBACPerRoute.newBuilder().build();
-    RbacConfig override =
-            new RbacFilter().parseFilterConfigOverride(Any.pack(rbacPerRoute)).config;
+    RbacConfig override = FILTER_PROVIDER.parseFilterConfigOverride(Any.pack(rbacPerRoute)).config;
     assertThat(override).isEqualTo(RbacConfig.create(null));
-    ServerInterceptor interceptor = new RbacFilter().buildServerInterceptor(original, override);
+    ServerInterceptor interceptor =
+        FILTER_PROVIDER.newInstance().buildServerInterceptor(original, override);
     assertThat(interceptor).isNull();
 
     policyMatcher = PolicyMatcher.create("policy-matcher-override",
@@ -325,7 +332,7 @@ public void overrideConfig() {
             GrpcAuthorizationEngine.Action.ALLOW);
     override = RbacConfig.create(authconfig);
 
-    new RbacFilter().buildServerInterceptor(original, override)
+    FILTER_PROVIDER.newInstance().buildServerInterceptor(original, override)
             .interceptCall(mockServerCall, new Metadata(), mockHandler);
     verify(mockHandler).startCall(eq(mockServerCall), any(Metadata.class));
     verify(mockServerCall).getAttributes();
@@ -337,22 +344,22 @@ public void ignoredConfig() {
     Message rawProto = io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC.newBuilder()
             .setRules(RBAC.newBuilder().setAction(Action.LOG)
                     .putPolicies("policy-name", Policy.newBuilder().build()).build()).build();
-    ConfigOrError<RbacConfig> result = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
+    ConfigOrError<RbacConfig> result = FILTER_PROVIDER.parseFilterConfig(Any.pack(rawProto));
     assertThat(result.config).isEqualTo(RbacConfig.create(null));
   }
 
   @Test
   public void testOrderIndependenceOfPolicies() {
     Message rawProto = buildComplexRbac(ImmutableList.of(1, 2, 3, 4, 5, 6), true);
-    ConfigOrError<RbacConfig> ascFirst = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
+    ConfigOrError<RbacConfig> ascFirst = FILTER_PROVIDER.parseFilterConfig(Any.pack(rawProto));
 
     rawProto = buildComplexRbac(ImmutableList.of(1, 2, 3, 4, 5, 6), false);
-    ConfigOrError<RbacConfig> ascLast = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
+    ConfigOrError<RbacConfig> ascLast = FILTER_PROVIDER.parseFilterConfig(Any.pack(rawProto));
 
     assertThat(ascFirst.config).isEqualTo(ascLast.config);
 
     rawProto = buildComplexRbac(ImmutableList.of(6, 5, 4, 3, 2, 1), true);
-    ConfigOrError<RbacConfig> decFirst = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
+    ConfigOrError<RbacConfig> decFirst = FILTER_PROVIDER.parseFilterConfig(Any.pack(rawProto));
 
     assertThat(ascFirst.config).isEqualTo(decFirst.config);
   }
@@ -374,14 +381,14 @@ private MethodDescriptor.Builder<Void, Void> method() {
   private ConfigOrError<RbacConfig> parse(List<Permission> permissionList,
                                                       List<Principal> principalList) {
 
-    return RbacFilter.parseRbacConfig(buildRbac(permissionList, principalList));
+    return RbacFilter.Provider.parseRbacConfig(buildRbac(permissionList, principalList));
   }
 
   private ConfigOrError<RbacConfig> parseRaw(List<Permission> permissionList,
                                                       List<Principal> principalList) {
     Message rawProto = buildRbac(permissionList, principalList);
     Any proto = Any.pack(rawProto);
-    return new RbacFilter().parseFilterConfig(proto);
+    return FILTER_PROVIDER.parseFilterConfig(proto);
   }
 
   private io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC buildRbac(
@@ -449,6 +456,6 @@ private ConfigOrError<RbacConfig> parseOverride(List<Permission> permissionList,
     RBACPerRoute rbacPerRoute = RBACPerRoute.newBuilder().setRbac(
             buildRbac(permissionList, principalList)).build();
     Any proto = Any.pack(rbacPerRoute);
-    return new RbacFilter().parseFilterConfigOverride(proto);
+    return FILTER_PROVIDER.parseFilterConfigOverride(proto);
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/RouterFilterTest.java b/xds/src/test/java/io/grpc/xds/RouterFilterTest.java
new file mode 100644
index 00000000000..30fd8a6dc38
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/RouterFilterTest.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Tests for {@link RouterFilter}. */
+@RunWith(JUnit4.class)
+public class RouterFilterTest {
+  private static final RouterFilter.Provider FILTER_PROVIDER = new RouterFilter.Provider();
+
+  @Test
+  public void filterType_clientAndServer() {
+    assertThat(FILTER_PROVIDER.isClientFilter()).isTrue();
+    assertThat(FILTER_PROVIDER.isServerFilter()).isTrue();
+  }
+
+}
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index d895cecdb10..f7309051f92 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -22,10 +22,12 @@
 import static io.grpc.xds.FaultFilter.HEADER_ABORT_PERCENTAGE_KEY;
 import static io.grpc.xds.FaultFilter.HEADER_DELAY_KEY;
 import static io.grpc.xds.FaultFilter.HEADER_DELAY_PERCENTAGE_KEY;
+import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.reset;
@@ -130,6 +132,9 @@ public class XdsNameResolverTest {
   private static final String RDS_RESOURCE_NAME = "route-configuration.googleapis.com";
   private static final String FAULT_FILTER_INSTANCE_NAME = "envoy.fault";
   private static final String ROUTER_FILTER_INSTANCE_NAME = "envoy.router";
+  private static final FaultFilter.Provider FAULT_FILTER_PROVIDER = new FaultFilter.Provider();
+  private static final RouterFilter.Provider ROUTER_FILTER_PROVIDER = new RouterFilter.Provider();
+
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
   private final SynchronizationContext syncContext = new SynchronizationContext(
@@ -184,9 +189,19 @@ public void setUp() {
 
     originalEnableTimeout = XdsNameResolver.enableTimeout;
     XdsNameResolver.enableTimeout = true;
+
+    // Replace FaultFilter.Provider with the one returning FaultFilter injected with mockRandom.
+    Filter.Provider faultFilterProvider =
+        mock(Filter.Provider.class, delegatesTo(FAULT_FILTER_PROVIDER));
+    // Lenient: suppress [MockitoHint] Unused warning, only used in resolved_fault* tests.
+    lenient()
+        .doReturn(new FaultFilter(mockRandom, new AtomicLong()))
+        .when(faultFilterProvider).newInstance();
+
     FilterRegistry filterRegistry = FilterRegistry.newRegistry().register(
-        new FaultFilter(mockRandom, new AtomicLong()),
-        RouterFilter.INSTANCE);
+        ROUTER_FILTER_PROVIDER,
+        faultFilterProvider);
+
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, filterRegistry, null, metricRecorder);
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
index 66ac1475d8e..41f005ba583 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
@@ -31,7 +31,6 @@
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
-import static org.mockito.Mockito.withSettings;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
@@ -53,7 +52,6 @@
 import io.grpc.xds.EnvoyServerProtoData.FilterChain;
 import io.grpc.xds.Filter.FilterConfig;
 import io.grpc.xds.Filter.NamedFilterConfig;
-import io.grpc.xds.Filter.ServerInterceptorBuilder;
 import io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector;
 import io.grpc.xds.VirtualHost.Route;
 import io.grpc.xds.VirtualHost.Route.RouteMatch;
@@ -957,9 +955,11 @@ public void run() {
             new AtomicReference<>(routingConfig)).build());
     when(serverCall.getAuthority()).thenReturn("not-match.google.com");
 
-    Filter filter = mock(Filter.class);
-    when(filter.typeUrls()).thenReturn(new String[]{"filter-type-url"});
-    filterRegistry.register(filter);
+    Filter.Provider filterProvider = mock(Filter.Provider.class);
+    when(filterProvider.typeUrls()).thenReturn(new String[]{"filter-type-url"});
+    when(filterProvider.isServerFilter()).thenReturn(true);
+    filterRegistry.register(filterProvider);
+
     ServerCallHandler<Void, Void> next = mock(ServerCallHandler.class);
     interceptor.interceptCall(serverCall, new Metadata(), next);
     verify(next, never()).startCall(any(ServerCall.class), any(Metadata.class));
@@ -998,9 +998,11 @@ public void run() {
     when(serverCall.getMethodDescriptor()).thenReturn(createMethod("NotMatchMethod"));
     when(serverCall.getAuthority()).thenReturn("foo.google.com");
 
-    Filter filter = mock(Filter.class);
-    when(filter.typeUrls()).thenReturn(new String[]{"filter-type-url"});
-    filterRegistry.register(filter);
+    Filter.Provider filterProvider = mock(Filter.Provider.class);
+    when(filterProvider.typeUrls()).thenReturn(new String[]{"filter-type-url"});
+    when(filterProvider.isServerFilter()).thenReturn(true);
+    filterRegistry.register(filterProvider);
+
     ServerCallHandler<Void, Void> next = mock(ServerCallHandler.class);
     interceptor.interceptCall(serverCall, new Metadata(), next);
     verify(next, never()).startCall(any(ServerCall.class), any(Metadata.class));
@@ -1044,9 +1046,11 @@ public void run() {
     when(serverCall.getMethodDescriptor()).thenReturn(createMethod("FooService/barMethod"));
     when(serverCall.getAuthority()).thenReturn("foo.google.com");
 
-    Filter filter = mock(Filter.class);
-    when(filter.typeUrls()).thenReturn(new String[]{"filter-type-url"});
-    filterRegistry.register(filter);
+    Filter.Provider filterProvider = mock(Filter.Provider.class);
+    when(filterProvider.typeUrls()).thenReturn(new String[]{"filter-type-url"});
+    when(filterProvider.isServerFilter()).thenReturn(true);
+    filterRegistry.register(filterProvider);
+
     ServerCallHandler<Void, Void> next = mock(ServerCallHandler.class);
     interceptor.interceptCall(serverCall, new Metadata(), next);
     verify(next, never()).startCall(any(ServerCall.class), any(Metadata.class));
@@ -1113,10 +1117,14 @@ public void run() {
         RouteMatch.create(
             PathMatcher.fromPath("/FooService/barMethod", true),
             Collections.<HeaderMatcher>emptyList(), null);
-    Filter filter = mock(Filter.class, withSettings()
-        .extraInterfaces(ServerInterceptorBuilder.class));
-    when(filter.typeUrls()).thenReturn(new String[]{"filter-type-url"});
-    filterRegistry.register(filter);
+
+    Filter filter = mock(Filter.class);
+    Filter.Provider filterProvider = mock(Filter.Provider.class);
+    when(filterProvider.typeUrls()).thenReturn(new String[]{"filter-type-url"});
+    when(filterProvider.isServerFilter()).thenReturn(true);
+    when(filterProvider.newInstance()).thenReturn(filter);
+    filterRegistry.register(filterProvider);
+
     FilterConfig f0 = mock(FilterConfig.class);
     FilterConfig f0Override = mock(FilterConfig.class);
     when(f0.typeUrl()).thenReturn("filter-type-url");
@@ -1137,10 +1145,8 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
         return next.startCall(call, headers);
       }
     };
-    when(((ServerInterceptorBuilder)filter).buildServerInterceptor(f0, null))
-        .thenReturn(interceptor0);
-    when(((ServerInterceptorBuilder)filter).buildServerInterceptor(f0, f0Override))
-        .thenReturn(interceptor1);
+    when(filter.buildServerInterceptor(f0, null)).thenReturn(interceptor0);
+    when(filter.buildServerInterceptor(f0, f0Override)).thenReturn(interceptor1);
     Route route = Route.forAction(routeMatch, null,
         ImmutableMap.<String, FilterConfig>of());
     VirtualHost virtualHost  = VirtualHost.create(
@@ -1185,10 +1191,13 @@ public void run() {
     });
     xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
 
-    Filter filter = mock(Filter.class, withSettings()
-        .extraInterfaces(ServerInterceptorBuilder.class));
-    when(filter.typeUrls()).thenReturn(new String[]{"filter-type-url"});
-    filterRegistry.register(filter);
+    Filter filter = mock(Filter.class);
+    Filter.Provider filterProvider = mock(Filter.Provider.class);
+    when(filterProvider.typeUrls()).thenReturn(new String[]{"filter-type-url"});
+    when(filterProvider.isServerFilter()).thenReturn(true);
+    when(filterProvider.newInstance()).thenReturn(filter);
+    filterRegistry.register(filterProvider);
+
     FilterConfig f0 = mock(FilterConfig.class);
     FilterConfig f0Override = mock(FilterConfig.class);
     when(f0.typeUrl()).thenReturn("filter-type-url");
@@ -1209,10 +1218,8 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
         return next.startCall(call, headers);
       }
     };
-    when(((ServerInterceptorBuilder)filter).buildServerInterceptor(f0, null))
-        .thenReturn(interceptor0);
-    when(((ServerInterceptorBuilder)filter).buildServerInterceptor(f0, f0Override))
-        .thenReturn(interceptor1);
+    when(filter.buildServerInterceptor(f0, null)).thenReturn(interceptor0);
+    when(filter.buildServerInterceptor(f0, f0Override)).thenReturn(interceptor1);
     RouteMatch routeMatch =
         RouteMatch.create(
             PathMatcher.fromPath("/FooService/barMethod", true),

From 60f6ea7b8eec1692fc877ec82dd67d6bb888f706 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Wed, 19 Feb 2025 11:55:54 +0000
Subject: [PATCH 193/591] Upgrade gradle and gradle plugin versions. (#11906)

Upgrading to Gradle 8.11.
Gradle 8.12 requires newer versions of Windows (gradle/gradle#31939) that we can look into later.
---
 gradle/wrapper/gradle-wrapper.properties | 2 +-
 settings.gradle                          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index df97d72b8b9..94113f200e6 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
diff --git a/settings.gradle b/settings.gradle
index 1d8600cbe8a..96cc173635d 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -25,7 +25,7 @@ pluginManagement {
         // https://github.com/tbroyer/gradle-errorprone-plugin/releases
         id "net.ltgt.errorprone" version "4.1.0"
         // https://github.com/xvik/gradle-animalsniffer-plugin/releases
-        id "ru.vyarus.animalsniffer" version "1.7.1"
+        id "ru.vyarus.animalsniffer" version "2.0.0"
     }
     resolutionStrategy {
         eachPlugin {

From 68d79b51307d371eeb76cd45a88558f72a7c7f4d Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Wed, 19 Feb 2025 16:59:50 -0800
Subject: [PATCH 194/591] s2a: Use protos published under
 com.google.s2a.proto.v2. (#11908)

---
 MODULE.bazel                                  |   1 +
 buildscripts/sync-protos.sh                   |   2 +-
 gradle/libs.versions.toml                     |   1 +
 repositories.bzl                              |   1 +
 s2a/BUILD.bazel                               |  73 +---
 s2a/build.gradle                              |   1 +
 .../internal/handshaker/S2AServiceGrpc.java   | 330 ----------------
 .../GetAuthenticationMechanisms.java          |   1 +
 .../s2a/internal/handshaker/ProtoUtil.java    |   1 +
 .../s2a/internal/handshaker/S2AIdentity.java  |   1 +
 .../handshaker/S2APrivateKeyMethod.java       |   4 +
 .../S2AProtocolNegotiatorFactory.java         |   1 +
 .../grpc/s2a/internal/handshaker/S2AStub.java |   3 +
 .../internal/handshaker/S2ATrustManager.java  |   6 +-
 .../handshaker/SslContextFactory.java         |   6 +
 s2a/src/main/proto/grpc/gcp/s2a/common.proto  |  82 ----
 s2a/src/main/proto/grpc/gcp/s2a/s2a.proto     | 369 ------------------
 .../main/proto/grpc/gcp/s2a/s2a_context.proto |  62 ---
 .../java/io/grpc/s2a/IntegrationTest.java     |   2 +-
 .../internal/handshaker/FakeS2AServer.java    |   3 +
 .../handshaker/FakeS2AServerTest.java         |  12 +-
 .../s2a/internal/handshaker/FakeWriter.java   |  16 +-
 .../GetAuthenticationMechanismsTest.java      |   1 +
 .../internal/handshaker/ProtoUtilTest.java    |   1 +
 .../handshaker/S2APrivateKeyMethodTest.java   |   5 +
 .../S2AProtocolNegotiatorFactoryTest.java     |   3 +
 .../s2a/internal/handshaker/S2AStubTest.java  |   9 +
 27 files changed, 78 insertions(+), 919 deletions(-)
 delete mode 100644 s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
 delete mode 100644 s2a/src/main/proto/grpc/gcp/s2a/common.proto
 delete mode 100644 s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
 delete mode 100644 s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto

diff --git a/MODULE.bazel b/MODULE.bazel
index 666fda73202..88f3a524060 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -19,6 +19,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.3.1-android",
     "com.google.re2j:re2j:1.8",
+    "com.google.s2a.proto.v2:s2a-proto:0.1.1",
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
diff --git a/buildscripts/sync-protos.sh b/buildscripts/sync-protos.sh
index 628b1688d4c..5f01be2e5c9 100755
--- a/buildscripts/sync-protos.sh
+++ b/buildscripts/sync-protos.sh
@@ -8,7 +8,7 @@ curl -Ls https://github.com/grpc/grpc-proto/archive/master.tar.gz | tar xz -C "$
 base="$tmpdir/grpc-proto-master"
 
 # Copy protos in 'src/main/proto' from grpc-proto for these projects
-for project in alts grpclb services s2a rls interop-testing; do
+for project in alts grpclb services rls interop-testing; do
   while read -r proto; do
     [ -f "$base/$proto" ] && cp "$base/$proto" "$project/src/main/proto/$proto"
     echo "$proto"
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index b6b2e5e0e45..2ea4c8b5fa1 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -103,6 +103,7 @@ protobuf-javalite = { module = "com.google.protobuf:protobuf-javalite", version.
 protobuf-protoc = { module = "com.google.protobuf:protoc", version.ref = "protobuf" }
 re2j = "com.google.re2j:re2j:1.8"
 robolectric = "org.robolectric:robolectric:4.14.1"
+s2a-proto = "com.google.s2a.proto.v2:s2a-proto:0.1.1"
 signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r2"
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
diff --git a/repositories.bzl b/repositories.bzl
index a4f5b0de1c6..d55ff07e7e6 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -23,6 +23,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.3.1-android",
     "com.google.re2j:re2j:1.8",
+    "com.google.s2a.proto.v2:s2a-proto:0.1.1",
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
index f8fb7f1df5e..807103bde4e 100644
--- a/s2a/BUILD.bazel
+++ b/s2a/BUILD.bazel
@@ -1,5 +1,3 @@
-load("@rules_proto//proto:defs.bzl", "proto_library")
-load("//:java_grpc_library.bzl", "java_grpc_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
@@ -25,9 +23,9 @@ java_library(
     name = "s2a_identity",
     srcs = ["src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java"],
     deps = [
-        ":common_java_proto",
         artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
+        artifact("com.google.s2a.proto.v2:s2a-proto"),
     ],
 )
 
@@ -58,11 +56,8 @@ java_library(
     ],
     deps = [
         ":token_manager",
-        ":common_java_proto",
         ":s2a_channel_pool",
         ":s2a_identity",
-        ":s2a_java_proto",
-        ":s2a_java_grpc_proto",
         "//api",
         "//core:internal",
         "//netty",
@@ -70,6 +65,7 @@ java_library(
         artifact("com.google.code.findbugs:jsr305"),
         artifact("com.google.errorprone:error_prone_annotations"),
         artifact("com.google.guava:guava"),
+        artifact("com.google.s2a.proto.v2:s2a-proto"),
         artifact("org.checkerframework:checker-qual"),
         "@com_google_protobuf//:protobuf_java",
         artifact("io.netty:netty-common"),
@@ -94,67 +90,4 @@ java_library(
         artifact("com.google.guava:guava"), 
         artifact("org.checkerframework:checker-qual"), 
     ],
-)
-
-# bazel only accepts proto import with absolute path.
-genrule(
-    name = "protobuf_imports",
-    srcs = glob(["src/main/proto/grpc/gcp/s2a/*.proto"]),
-    outs = [
-        "protobuf_out/grpc/gcp/s2a/s2a.proto",
-        "protobuf_out/grpc/gcp/s2a/s2a_context.proto",
-        "protobuf_out/grpc/gcp/s2a/common.proto",
-    ],
-    cmd = "for fname in $(SRCS); do " +
-          "sed 's,import \",import \"s2a/protobuf_out/,g' $$fname > " +
-          "$(@D)/protobuf_out/grpc/gcp/s2a/$$(basename $$fname); done",
-)
-
-proto_library(
-    name = "common_proto",
-    srcs = [
-        "protobuf_out/grpc/gcp/s2a/common.proto",
-    ],
-)
-
-proto_library(
-    name = "s2a_context_proto",
-    srcs = [
-        "protobuf_out/grpc/gcp/s2a/s2a_context.proto",
-    ],
-    deps = [
-        ":common_proto",
-    ],
-)
-
-proto_library(
-    name = "s2a_proto",
-    srcs = [
-        "protobuf_out/grpc/gcp/s2a/s2a.proto",
-    ],
-    deps = [
-        ":common_proto",
-        ":s2a_context_proto",
-    ],
-)
-
-java_proto_library(
-    name = "s2a_java_proto",
-    deps = [":s2a_proto"],
-)
-
-java_proto_library(
-    name = "s2a_context_java_proto",
-    deps = [":s2a_context_proto"],
-)
-
-java_proto_library(
-    name = "common_java_proto",
-    deps = [":common_proto"],
-)
-
-java_grpc_library(
-    name = "s2a_java_grpc_proto",
-    srcs = [":s2a_proto"],
-    deps = [":s2a_java_proto"],
-)
+)
\ No newline at end of file
diff --git a/s2a/build.gradle b/s2a/build.gradle
index 6ac193938ca..1e48e2bb297 100644
--- a/s2a/build.gradle
+++ b/s2a/build.gradle
@@ -11,6 +11,7 @@ plugins {
 description = "gRPC: S2A"
 
 dependencies {
+    implementation libraries.s2a.proto
 
     api project(':grpc-api')
     implementation project(':grpc-stub'),
diff --git a/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java b/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
deleted file mode 100644
index 95e217ac695..00000000000
--- a/s2a/src/generated/main/grpc/io/grpc/s2a/internal/handshaker/S2AServiceGrpc.java
+++ /dev/null
@@ -1,330 +0,0 @@
-package io.grpc.s2a.internal.handshaker;
-
-import static io.grpc.MethodDescriptor.generateFullMethodName;
-
-/**
- */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/gcp/s2a/s2a.proto")
-@io.grpc.stub.annotations.GrpcGenerated
-public final class S2AServiceGrpc {
-
-  private S2AServiceGrpc() {}
-
-  public static final java.lang.String SERVICE_NAME = "grpc.gcp.s2a.S2AService";
-
-  // Static method descriptors that strictly reflect the proto.
-  private static volatile io.grpc.MethodDescriptor<io.grpc.s2a.internal.handshaker.SessionReq,
-      io.grpc.s2a.internal.handshaker.SessionResp> getSetUpSessionMethod;
-
-  @io.grpc.stub.annotations.RpcMethod(
-      fullMethodName = SERVICE_NAME + '/' + "SetUpSession",
-      requestType = io.grpc.s2a.internal.handshaker.SessionReq.class,
-      responseType = io.grpc.s2a.internal.handshaker.SessionResp.class,
-      methodType = io.grpc.MethodDescriptor.MethodType.BIDI_STREAMING)
-  public static io.grpc.MethodDescriptor<io.grpc.s2a.internal.handshaker.SessionReq,
-      io.grpc.s2a.internal.handshaker.SessionResp> getSetUpSessionMethod() {
-    io.grpc.MethodDescriptor<io.grpc.s2a.internal.handshaker.SessionReq, io.grpc.s2a.internal.handshaker.SessionResp> getSetUpSessionMethod;
-    if ((getSetUpSessionMethod = S2AServiceGrpc.getSetUpSessionMethod) == null) {
-      synchronized (S2AServiceGrpc.class) {
-        if ((getSetUpSessionMethod = S2AServiceGrpc.getSetUpSessionMethod) == null) {
-          S2AServiceGrpc.getSetUpSessionMethod = getSetUpSessionMethod =
-              io.grpc.MethodDescriptor.<io.grpc.s2a.internal.handshaker.SessionReq, io.grpc.s2a.internal.handshaker.SessionResp>newBuilder()
-              .setType(io.grpc.MethodDescriptor.MethodType.BIDI_STREAMING)
-              .setFullMethodName(generateFullMethodName(SERVICE_NAME, "SetUpSession"))
-              .setSampledToLocalTracing(true)
-              .setRequestMarshaller(io.grpc.protobuf.ProtoUtils.marshaller(
-                  io.grpc.s2a.internal.handshaker.SessionReq.getDefaultInstance()))
-              .setResponseMarshaller(io.grpc.protobuf.ProtoUtils.marshaller(
-                  io.grpc.s2a.internal.handshaker.SessionResp.getDefaultInstance()))
-              .setSchemaDescriptor(new S2AServiceMethodDescriptorSupplier("SetUpSession"))
-              .build();
-        }
-      }
-    }
-    return getSetUpSessionMethod;
-  }
-
-  /**
-   * Creates a new async stub that supports all call types for the service
-   */
-  public static S2AServiceStub newStub(io.grpc.Channel channel) {
-    io.grpc.stub.AbstractStub.StubFactory<S2AServiceStub> factory =
-      new io.grpc.stub.AbstractStub.StubFactory<S2AServiceStub>() {
-        @java.lang.Override
-        public S2AServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-          return new S2AServiceStub(channel, callOptions);
-        }
-      };
-    return S2AServiceStub.newStub(factory, channel);
-  }
-
-  /**
-   * Creates a new blocking-style stub that supports all types of calls on the service
-   */
-  public static S2AServiceBlockingV2Stub newBlockingV2Stub(
-      io.grpc.Channel channel) {
-    io.grpc.stub.AbstractStub.StubFactory<S2AServiceBlockingV2Stub> factory =
-      new io.grpc.stub.AbstractStub.StubFactory<S2AServiceBlockingV2Stub>() {
-        @java.lang.Override
-        public S2AServiceBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-          return new S2AServiceBlockingV2Stub(channel, callOptions);
-        }
-      };
-    return S2AServiceBlockingV2Stub.newStub(factory, channel);
-  }
-
-  /**
-   * Creates a new blocking-style stub that supports unary and streaming output calls on the service
-   */
-  public static S2AServiceBlockingStub newBlockingStub(
-      io.grpc.Channel channel) {
-    io.grpc.stub.AbstractStub.StubFactory<S2AServiceBlockingStub> factory =
-      new io.grpc.stub.AbstractStub.StubFactory<S2AServiceBlockingStub>() {
-        @java.lang.Override
-        public S2AServiceBlockingStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-          return new S2AServiceBlockingStub(channel, callOptions);
-        }
-      };
-    return S2AServiceBlockingStub.newStub(factory, channel);
-  }
-
-  /**
-   * Creates a new ListenableFuture-style stub that supports unary calls on the service
-   */
-  public static S2AServiceFutureStub newFutureStub(
-      io.grpc.Channel channel) {
-    io.grpc.stub.AbstractStub.StubFactory<S2AServiceFutureStub> factory =
-      new io.grpc.stub.AbstractStub.StubFactory<S2AServiceFutureStub>() {
-        @java.lang.Override
-        public S2AServiceFutureStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-          return new S2AServiceFutureStub(channel, callOptions);
-        }
-      };
-    return S2AServiceFutureStub.newStub(factory, channel);
-  }
-
-  /**
-   */
-  public interface AsyncService {
-
-    /**
-     * <pre>
-     * SetUpSession is a bidirectional stream used by applications to offload
-     * operations from the TLS handshake.
-     * </pre>
-     */
-    default io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionReq> setUpSession(
-        io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionResp> responseObserver) {
-      return io.grpc.stub.ServerCalls.asyncUnimplementedStreamingCall(getSetUpSessionMethod(), responseObserver);
-    }
-  }
-
-  /**
-   * Base class for the server implementation of the service S2AService.
-   */
-  public static abstract class S2AServiceImplBase
-      implements io.grpc.BindableService, AsyncService {
-
-    @java.lang.Override public final io.grpc.ServerServiceDefinition bindService() {
-      return S2AServiceGrpc.bindService(this);
-    }
-  }
-
-  /**
-   * A stub to allow clients to do asynchronous rpc calls to service S2AService.
-   */
-  public static final class S2AServiceStub
-      extends io.grpc.stub.AbstractAsyncStub<S2AServiceStub> {
-    private S2AServiceStub(
-        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-      super(channel, callOptions);
-    }
-
-    @java.lang.Override
-    protected S2AServiceStub build(
-        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-      return new S2AServiceStub(channel, callOptions);
-    }
-
-    /**
-     * <pre>
-     * SetUpSession is a bidirectional stream used by applications to offload
-     * operations from the TLS handshake.
-     * </pre>
-     */
-    public io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionReq> setUpSession(
-        io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionResp> responseObserver) {
-      return io.grpc.stub.ClientCalls.asyncBidiStreamingCall(
-          getChannel().newCall(getSetUpSessionMethod(), getCallOptions()), responseObserver);
-    }
-  }
-
-  /**
-   * A stub to allow clients to do synchronous rpc calls to service S2AService.
-   */
-  public static final class S2AServiceBlockingV2Stub
-      extends io.grpc.stub.AbstractBlockingStub<S2AServiceBlockingV2Stub> {
-    private S2AServiceBlockingV2Stub(
-        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-      super(channel, callOptions);
-    }
-
-    @java.lang.Override
-    protected S2AServiceBlockingV2Stub build(
-        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-      return new S2AServiceBlockingV2Stub(channel, callOptions);
-    }
-
-    /**
-     * <pre>
-     * SetUpSession is a bidirectional stream used by applications to offload
-     * operations from the TLS handshake.
-     * </pre>
-     */
-    @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/10918")
-    public io.grpc.stub.BlockingClientCall<io.grpc.s2a.internal.handshaker.SessionReq, io.grpc.s2a.internal.handshaker.SessionResp>
-        setUpSession() {
-      return io.grpc.stub.ClientCalls.blockingBidiStreamingCall(
-          getChannel(), getSetUpSessionMethod(), getCallOptions());
-    }
-  }
-
-  /**
-   * A stub to allow clients to do limited synchronous rpc calls to service S2AService.
-   */
-  public static final class S2AServiceBlockingStub
-      extends io.grpc.stub.AbstractBlockingStub<S2AServiceBlockingStub> {
-    private S2AServiceBlockingStub(
-        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-      super(channel, callOptions);
-    }
-
-    @java.lang.Override
-    protected S2AServiceBlockingStub build(
-        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-      return new S2AServiceBlockingStub(channel, callOptions);
-    }
-  }
-
-  /**
-   * A stub to allow clients to do ListenableFuture-style rpc calls to service S2AService.
-   */
-  public static final class S2AServiceFutureStub
-      extends io.grpc.stub.AbstractFutureStub<S2AServiceFutureStub> {
-    private S2AServiceFutureStub(
-        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-      super(channel, callOptions);
-    }
-
-    @java.lang.Override
-    protected S2AServiceFutureStub build(
-        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
-      return new S2AServiceFutureStub(channel, callOptions);
-    }
-  }
-
-  private static final int METHODID_SET_UP_SESSION = 0;
-
-  private static final class MethodHandlers<Req, Resp> implements
-      io.grpc.stub.ServerCalls.UnaryMethod<Req, Resp>,
-      io.grpc.stub.ServerCalls.ServerStreamingMethod<Req, Resp>,
-      io.grpc.stub.ServerCalls.ClientStreamingMethod<Req, Resp>,
-      io.grpc.stub.ServerCalls.BidiStreamingMethod<Req, Resp> {
-    private final AsyncService serviceImpl;
-    private final int methodId;
-
-    MethodHandlers(AsyncService serviceImpl, int methodId) {
-      this.serviceImpl = serviceImpl;
-      this.methodId = methodId;
-    }
-
-    @java.lang.Override
-    @java.lang.SuppressWarnings("unchecked")
-    public void invoke(Req request, io.grpc.stub.StreamObserver<Resp> responseObserver) {
-      switch (methodId) {
-        default:
-          throw new AssertionError();
-      }
-    }
-
-    @java.lang.Override
-    @java.lang.SuppressWarnings("unchecked")
-    public io.grpc.stub.StreamObserver<Req> invoke(
-        io.grpc.stub.StreamObserver<Resp> responseObserver) {
-      switch (methodId) {
-        case METHODID_SET_UP_SESSION:
-          return (io.grpc.stub.StreamObserver<Req>) serviceImpl.setUpSession(
-              (io.grpc.stub.StreamObserver<io.grpc.s2a.internal.handshaker.SessionResp>) responseObserver);
-        default:
-          throw new AssertionError();
-      }
-    }
-  }
-
-  public static final io.grpc.ServerServiceDefinition bindService(AsyncService service) {
-    return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor())
-        .addMethod(
-          getSetUpSessionMethod(),
-          io.grpc.stub.ServerCalls.asyncBidiStreamingCall(
-            new MethodHandlers<
-              io.grpc.s2a.internal.handshaker.SessionReq,
-              io.grpc.s2a.internal.handshaker.SessionResp>(
-                service, METHODID_SET_UP_SESSION)))
-        .build();
-  }
-
-  private static abstract class S2AServiceBaseDescriptorSupplier
-      implements io.grpc.protobuf.ProtoFileDescriptorSupplier, io.grpc.protobuf.ProtoServiceDescriptorSupplier {
-    S2AServiceBaseDescriptorSupplier() {}
-
-    @java.lang.Override
-    public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
-      return io.grpc.s2a.internal.handshaker.S2AProto.getDescriptor();
-    }
-
-    @java.lang.Override
-    public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() {
-      return getFileDescriptor().findServiceByName("S2AService");
-    }
-  }
-
-  private static final class S2AServiceFileDescriptorSupplier
-      extends S2AServiceBaseDescriptorSupplier {
-    S2AServiceFileDescriptorSupplier() {}
-  }
-
-  private static final class S2AServiceMethodDescriptorSupplier
-      extends S2AServiceBaseDescriptorSupplier
-      implements io.grpc.protobuf.ProtoMethodDescriptorSupplier {
-    private final java.lang.String methodName;
-
-    S2AServiceMethodDescriptorSupplier(java.lang.String methodName) {
-      this.methodName = methodName;
-    }
-
-    @java.lang.Override
-    public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() {
-      return getServiceDescriptor().findMethodByName(methodName);
-    }
-  }
-
-  private static volatile io.grpc.ServiceDescriptor serviceDescriptor;
-
-  public static io.grpc.ServiceDescriptor getServiceDescriptor() {
-    io.grpc.ServiceDescriptor result = serviceDescriptor;
-    if (result == null) {
-      synchronized (S2AServiceGrpc.class) {
-        result = serviceDescriptor;
-        if (result == null) {
-          serviceDescriptor = result = io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME)
-              .setSchemaDescriptor(new S2AServiceFileDescriptorSupplier())
-              .addMethod(getSetUpSessionMethod())
-              .build();
-        }
-      }
-    }
-    return result;
-  }
-}
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
index 88dfd62675f..cf632418e66 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanisms.java
@@ -17,6 +17,7 @@
 package io.grpc.s2a.internal.handshaker;
 
 import com.google.errorprone.annotations.Immutable;
+import com.google.s2a.proto.v2.AuthenticationMechanism;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.grpc.s2a.internal.handshaker.tokenmanager.AccessTokenManager;
 import java.util.Optional;
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
index 1f24727a083..0526ec154f9 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/ProtoUtil.java
@@ -18,6 +18,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableSet;
+import com.google.s2a.proto.v2.TLSVersion;
 
 /** Converts proto messages to Netty strings. */
 final class ProtoUtil {
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java
index 0b691248e91..f4d6b88ce45 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AIdentity.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.errorprone.annotations.ThreadSafe;
+import com.google.s2a.proto.v2.Identity;
 
 /**
  * Stores an identity in such a way that it can be sent to the S2A handshaker service. The identity
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.java
index c7262f70ef7..1a5c37eb989 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.java
@@ -22,6 +22,10 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
 import com.google.protobuf.ByteString;
+import com.google.s2a.proto.v2.OffloadPrivateKeyOperationReq;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
+import com.google.s2a.proto.v2.SignatureAlgorithm;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.handler.ssl.OpenSslPrivateKeyMethod;
 import java.io.IOException;
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
index 0822399aad6..03976cc7d7b 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
@@ -28,6 +28,7 @@
 import com.google.common.util.concurrent.ListeningExecutorService;
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.errorprone.annotations.ThreadSafe;
+import com.google.s2a.proto.v2.S2AServiceGrpc;
 import io.grpc.Channel;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ObjectPool;
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
index 956ec485229..fe2ec388fe4 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
@@ -22,6 +22,9 @@
 import static java.util.concurrent.TimeUnit.SECONDS;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.s2a.proto.v2.S2AServiceGrpc;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
 import java.util.Optional;
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
index 406545b30bf..a7ffafd01f2 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2ATrustManager.java
@@ -21,8 +21,12 @@
 
 import com.google.common.collect.ImmutableList;
 import com.google.protobuf.ByteString;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
+import com.google.s2a.proto.v2.ValidatePeerCertificateChainReq;
+import com.google.s2a.proto.v2.ValidatePeerCertificateChainReq.VerificationMode;
+import com.google.s2a.proto.v2.ValidatePeerCertificateChainResp;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
-import io.grpc.s2a.internal.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
 import java.io.IOException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
index 153f4de6918..2dfde16cf2f 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
@@ -20,6 +20,12 @@
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.google.common.collect.ImmutableSet;
+import com.google.s2a.proto.v2.AuthenticationMechanism;
+import com.google.s2a.proto.v2.ConnectionSide;
+import com.google.s2a.proto.v2.GetTlsConfigurationReq;
+import com.google.s2a.proto.v2.GetTlsConfigurationResp;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.handler.ssl.OpenSslContextOption;
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/common.proto b/s2a/src/main/proto/grpc/gcp/s2a/common.proto
deleted file mode 100644
index 1b999234669..00000000000
--- a/s2a/src/main/proto/grpc/gcp/s2a/common.proto
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright 2024 The gRPC Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// The canonical version of this proto can be found at
-// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/s2a/common.proto
-
-syntax = "proto3";
-
-package grpc.gcp.s2a;
-
-option java_multiple_files = true;
-option java_outer_classname = "CommonProto";
-option java_package = "io.grpc.s2a.internal.handshaker";
-
-// The TLS 1.0-1.2 ciphersuites that the application can negotiate when using
-// S2A.
-enum Ciphersuite {
-  CIPHERSUITE_UNSPECIFIED = 0;
-  CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 1;
-  CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 2;
-  CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 3;
-  CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 4;
-  CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 5;
-  CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 6;
-}
-
-// The TLS versions supported by S2A's handshaker module.
-enum TLSVersion {
-  TLS_VERSION_UNSPECIFIED = 0;
-  TLS_VERSION_1_0 = 1;
-  TLS_VERSION_1_1 = 2;
-  TLS_VERSION_1_2 = 3;
-  TLS_VERSION_1_3 = 4;
-}
-
-// The side in the TLS connection.
-enum ConnectionSide {
-  CONNECTION_SIDE_UNSPECIFIED = 0;
-  CONNECTION_SIDE_CLIENT = 1;
-  CONNECTION_SIDE_SERVER = 2;
-}
-
-// The ALPN protocols that the application can negotiate during a TLS handshake.
-enum AlpnProtocol {
-  ALPN_PROTOCOL_UNSPECIFIED = 0;
-  ALPN_PROTOCOL_GRPC = 1;
-  ALPN_PROTOCOL_HTTP2 = 2;
-  ALPN_PROTOCOL_HTTP1_1 = 3;
-}
-
-message Identity {
-  oneof identity_oneof {
-    // The SPIFFE ID of a connection endpoint.
-    string spiffe_id = 1;
-
-    // The hostname of a connection endpoint.
-    string hostname = 2;
-
-    // The UID of a connection endpoint.
-    string uid = 4;
-
-    // The username of a connection endpoint.
-    string username = 5;
-
-    // The GCP ID of a connection endpoint.
-    string gcp_id = 6;
-  }
-
-  // Additional identity-specific attributes.
-  map<string, string> attributes = 3;
-}
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto b/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
deleted file mode 100644
index b3f153943db..00000000000
--- a/s2a/src/main/proto/grpc/gcp/s2a/s2a.proto
+++ /dev/null
@@ -1,369 +0,0 @@
-// Copyright 2024 The gRPC Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// The canonical version of this proto can be found at
-// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/s2a/s2a.proto
-
-syntax = "proto3";
-
-package grpc.gcp.s2a;
-
-import "grpc/gcp/s2a/common.proto";
-import "grpc/gcp/s2a/s2a_context.proto";
-
-option java_multiple_files = true;
-option java_outer_classname = "S2AProto";
-option java_package = "io.grpc.s2a.internal.handshaker";
-
-enum SignatureAlgorithm {
-  S2A_SSL_SIGN_UNSPECIFIED = 0;
-  // RSA Public-Key Cryptography Standards #1.
-  S2A_SSL_SIGN_RSA_PKCS1_SHA256 = 1;
-  S2A_SSL_SIGN_RSA_PKCS1_SHA384 = 2;
-  S2A_SSL_SIGN_RSA_PKCS1_SHA512 = 3;
-  // ECDSA.
-  S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 = 4;
-  S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 = 5;
-  S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 = 6;
-  // RSA Probabilistic Signature Scheme.
-  S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 = 7;
-  S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 = 8;
-  S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 = 9;
-  // ED25519.
-  S2A_SSL_SIGN_ED25519 = 10;
-}
-
-message AlpnPolicy {
-  // If true, the application MUST perform ALPN negotiation.
-  bool enable_alpn_negotiation = 1;
-
-  // The ordered list of ALPN protocols that specify how the application SHOULD
-  // negotiate ALPN during the TLS handshake.
-  //
-  // The application MAY ignore any ALPN protocols in this list that are not
-  // supported by the application.
-  repeated AlpnProtocol alpn_protocols = 2;
-}
-
-message AuthenticationMechanism {
-  // Applications may specify an identity associated to an authentication
-  // mechanism. Otherwise, S2A assumes that the authentication mechanism is
-  // associated with the default identity. If the default identity cannot be
-  // determined, the request is rejected.
-  Identity identity = 1;
-
-  oneof mechanism_oneof {
-    // A token that the application uses to authenticate itself to S2A.
-    string token = 2;
-  }
-}
-
-message Status {
-  // The status code that is specific to the application and the implementation
-  // of S2A, e.g., gRPC status code.
-  uint32 code = 1;
-
-  // The status details.
-  string details = 2;
-}
-
-message GetTlsConfigurationReq {
-  // The role of the application in the TLS connection.
-  ConnectionSide connection_side = 1;
-
-  // The server name indication (SNI) extension, which MAY be populated when a
-  // server is offloading to S2A. The SNI is used to determine the server
-  // identity if the local identity in the request is empty.
-  string sni = 2;
-}
-
-message GetTlsConfigurationResp {
-  // Next ID: 8
-  message ClientTlsConfiguration {
-    reserved 4, 5;
-
-    // The certificate chain that the client MUST use for the TLS handshake.
-    // It's a list of PEM-encoded certificates, ordered from leaf to root,
-    // excluding the root.
-    repeated string certificate_chain = 1;
-
-    // The minimum TLS version number that the client MUST use for the TLS
-    // handshake. If this field is not provided, the client MUST use the default
-    // minimum version of the client's TLS library.
-    TLSVersion min_tls_version = 2;
-
-    // The maximum TLS version number that the client MUST use for the TLS
-    // handshake. If this field is not provided, the client MUST use the default
-    // maximum version of the client's TLS library.
-    TLSVersion max_tls_version = 3;
-
-    // The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
-    // negotiate in the TLS handshake.
-    repeated Ciphersuite ciphersuites = 6;
-
-    // The policy that dictates how the client negotiates ALPN during the TLS
-    // handshake.
-    AlpnPolicy alpn_policy = 7;
-  }
-
-  // Next ID: 12
-  message ServerTlsConfiguration {
-    reserved 4, 5;
-
-    enum RequestClientCertificate {
-      UNSPECIFIED = 0;
-      DONT_REQUEST_CLIENT_CERTIFICATE = 1;
-      REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 2;
-      REQUEST_CLIENT_CERTIFICATE_AND_VERIFY = 3;
-      REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 4;
-      REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY = 5;
-    }
-
-    // The certificate chain that the server MUST use for the TLS handshake.
-    // It's a list of PEM-encoded certificates, ordered from leaf to root,
-    // excluding the root.
-    repeated string certificate_chain = 1;
-
-    // The minimum TLS version number that the server MUST use for the TLS
-    // handshake. If this field is not provided, the server MUST use the default
-    // minimum version of the server's TLS library.
-    TLSVersion min_tls_version = 2;
-
-    // The maximum TLS version number that the server MUST use for the TLS
-    // handshake. If this field is not provided, the server MUST use the default
-    // maximum version of the server's TLS library.
-    TLSVersion max_tls_version = 3;
-
-    // The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
-    // negotiate in the TLS handshake.
-    repeated Ciphersuite ciphersuites = 10;
-
-    // Whether to enable TLS resumption.
-    bool tls_resumption_enabled = 6;
-
-    // Whether the server MUST request a client certificate (i.e. to negotiate
-    // TLS vs. mTLS).
-    RequestClientCertificate request_client_certificate = 7;
-
-    // Returns the maximum number of extra bytes that
-    // |OffloadResumptionKeyOperation| can add to the number of unencrypted
-    // bytes to form the encrypted bytes.
-    uint32 max_overhead_of_ticket_aead = 9;
-
-    // The policy that dictates how the server negotiates ALPN during the TLS
-    // handshake.
-    AlpnPolicy alpn_policy = 11;
-  }
-
-  oneof tls_configuration {
-    ClientTlsConfiguration client_tls_configuration = 1;
-    ServerTlsConfiguration server_tls_configuration = 2;
-  }
-}
-
-message OffloadPrivateKeyOperationReq {
-  enum PrivateKeyOperation {
-    UNSPECIFIED = 0;
-    // When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of
-    // the TLS handshake must be signed to prove possession of the private key.
-    //
-    // See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3.
-    SIGN = 1;
-    // When performing a TLS 1.2 handshake using an RSA algorithm, the key
-    // exchange algorithm involves the client generating a premaster secret,
-    // encrypting it using the server's public key, and sending this encrypted
-    // blob to the server in a ClientKeyExchange message.
-    //
-    // See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1.
-    DECRYPT = 2;
-  }
-
-  // The operation the private key is used for.
-  PrivateKeyOperation operation = 1;
-
-  // The signature algorithm to be used for signing operations.
-  SignatureAlgorithm signature_algorithm = 2;
-
-  // The input bytes to be signed or decrypted.
-  oneof in_bytes {
-    // Raw bytes to be hashed and signed, or decrypted.
-    bytes raw_bytes = 4;
-    // A SHA256 hash to be signed. Must be 32 bytes.
-    bytes sha256_digest = 5;
-    // A SHA384 hash to be signed. Must be 48 bytes.
-    bytes sha384_digest = 6;
-    // A SHA512 hash to be signed. Must be 64 bytes.
-    bytes sha512_digest = 7;
-  }
-}
-
-message OffloadPrivateKeyOperationResp {
-  // The signed or decrypted output bytes.
-  bytes out_bytes = 1;
-}
-
-message OffloadResumptionKeyOperationReq {
-  enum ResumptionKeyOperation {
-    UNSPECIFIED = 0;
-    ENCRYPT = 1;
-    DECRYPT = 2;
-  }
-
-  // The operation the resumption key is used for.
-  ResumptionKeyOperation operation = 1;
-
-  // The bytes to be encrypted or decrypted.
-  bytes in_bytes = 2;
-}
-
-message OffloadResumptionKeyOperationResp {
-  // The encrypted or decrypted bytes.
-  bytes out_bytes = 1;
-}
-
-message ValidatePeerCertificateChainReq {
-  enum VerificationMode {
-    // The default verification mode supported by S2A.
-    UNSPECIFIED = 0;
-    // The SPIFFE verification mode selects the set of trusted certificates to
-    // use for path building based on the SPIFFE trust domain in the peer's leaf
-    // certificate.
-    SPIFFE = 1;
-    // The connect-to-Google verification mode uses the trust bundle for
-    // connecting to Google, e.g. *.mtls.googleapis.com endpoints.
-    CONNECT_TO_GOOGLE = 2;
-  }
-
-  message ClientPeer {
-    // The certificate chain to be verified. The chain MUST be a list of
-    // DER-encoded certificates, ordered from leaf to root, excluding the root.
-    repeated bytes certificate_chain = 1;
-  }
-
-  message ServerPeer {
-    // The certificate chain to be verified. The chain MUST be a list of
-    // DER-encoded certificates, ordered from leaf to root, excluding the root.
-    repeated bytes certificate_chain = 1;
-
-    // The expected hostname of the server.
-    string server_hostname = 2;
-
-    // The UnrestrictedClientPolicy specified by the user.
-    bytes serialized_unrestricted_client_policy = 3;
-  }
-
-  // The verification mode that S2A MUST use to validate the peer certificate
-  // chain.
-  VerificationMode mode = 1;
-
-  oneof peer_oneof {
-    ClientPeer client_peer = 2;
-    ServerPeer server_peer = 3;
-  }
-}
-
-message ValidatePeerCertificateChainResp {
-  enum ValidationResult {
-    UNSPECIFIED = 0;
-    SUCCESS = 1;
-    FAILURE = 2;
-  }
-
-  // The result of validating the peer certificate chain.
-  ValidationResult validation_result = 1;
-
-  // The validation details. This field is only populated when the validation
-  // result is NOT SUCCESS.
-  string validation_details = 2;
-
-  // The S2A context contains information from the peer certificate chain.
-  //
-  // The S2A context MAY be populated even if validation of the peer certificate
-  // chain fails.
-  S2AContext context = 3;
-}
-
-message SessionReq {
-  // The identity corresponding to the TLS configurations that MUST be used for
-  // the TLS handshake.
-  //
-  // If a managed identity already exists, the local identity and authentication
-  // mechanisms are ignored. If a managed identity doesn't exist and the local
-  // identity is not populated, S2A will try to deduce the managed identity to
-  // use from the SNI extension. If that also fails, S2A uses the default
-  // identity (if one exists).
-  Identity local_identity = 1;
-
-  // The authentication mechanisms that the application wishes to use to
-  // authenticate to S2A, ordered by preference. S2A will always use the first
-  // authentication mechanism that matches the managed identity.
-  repeated AuthenticationMechanism authentication_mechanisms = 2;
-
-  oneof req_oneof {
-    // Requests the certificate chain and TLS configuration corresponding to the
-    // local identity, which the application MUST use to negotiate the TLS
-    // handshake.
-    GetTlsConfigurationReq get_tls_configuration_req = 3;
-
-    // Signs or decrypts the input bytes using a private key corresponding to
-    // the local identity in the request.
-    //
-    // WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
-    // S2Av2 by a server during a TLS 1.2 handshake.
-    OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4;
-
-    // Encrypts or decrypts the input bytes using a resumption key corresponding
-    // to the local identity in the request.
-    OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5;
-
-    // Verifies the peer's certificate chain using
-    // (a) trust bundles corresponding to the local identity in the request, and
-    // (b) the verification mode in the request.
-    ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6;
-  }
-}
-
-message SessionResp {
-  // Status of the session response.
-  //
-  // The status field is populated so that if an error occurs when making an
-  // individual request, then communication with the S2A may continue. If an
-  // error is returned directly (e.g. at the gRPC layer), then it may result
-  // that the bidirectional stream being closed.
-  Status status = 1;
-
-  oneof resp_oneof {
-    // Contains the certificate chain and TLS configurations corresponding to
-    // the local identity.
-    GetTlsConfigurationResp get_tls_configuration_resp = 2;
-
-    // Contains the signed or encrypted output bytes using the private key
-    // corresponding to the local identity.
-    OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3;
-
-    // Contains the encrypted or decrypted output bytes using the resumption key
-    // corresponding to the local identity.
-    OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4;
-
-    // Contains the validation result, peer identity and fingerprints of peer
-    // certificates.
-    ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5;
-  }
-}
-
-service S2AService {
-  // SetUpSession is a bidirectional stream used by applications to offload
-  // operations from the TLS handshake.
-  rpc SetUpSession(stream SessionReq) returns (stream SessionResp) {}
-}
diff --git a/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto b/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto
deleted file mode 100644
index 745b4d267d6..00000000000
--- a/s2a/src/main/proto/grpc/gcp/s2a/s2a_context.proto
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2024 The gRPC Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// The canonical version of this proto can be found at
-// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/s2a/s2a_context.proto
-
-syntax = "proto3";
-
-package grpc.gcp.s2a;
-
-import "grpc/gcp/s2a/common.proto";
-
-option java_multiple_files = true;
-option java_outer_classname = "S2AContextProto";
-option java_package = "io.grpc.s2a.internal.handshaker";
-
-message S2AContext {
-  // The SPIFFE ID from the peer leaf certificate, if present.
-  //
-  // This field is only populated if the leaf certificate is a valid SPIFFE
-  // SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
-  // SPIFFE ID.
-  string leaf_cert_spiffe_id = 1;
-
-  // The URIs that are present in the SubjectAltName extension of the peer leaf
-  // certificate.
-  //
-  // Note that the extracted URIs are not validated and may not be properly
-  // formatted.
-  repeated string leaf_cert_uris = 2;
-
-  // The DNSNames that are present in the SubjectAltName extension of the peer
-  // leaf certificate.
-  repeated string leaf_cert_dnsnames = 3;
-
-  // The (ordered) list of fingerprints in the certificate chain used to verify
-  // the given leaf certificate. The order MUST be from leaf certificate
-  // fingerprint to root certificate fingerprint.
-  //
-  // A fingerprint is the base-64 encoding of the SHA256 hash of the
-  // DER-encoding of a certificate. The list MAY be populated even if the peer
-  // certificate chain was NOT validated successfully.
-  repeated string peer_certificate_chain_fingerprints = 4;
-
-  // The local identity used during session setup.
-  Identity local_identity = 5;
-
-  // The SHA256 hash of the DER-encoding of the local leaf certificate used in
-  // the handshake.
-  bytes local_leaf_cert_fingerprint = 6;
-}
diff --git a/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java
index d8d2fdd4d03..1d3568808c6 100644
--- a/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.truth.Truth.assertThat;
 import static java.util.concurrent.TimeUnit.SECONDS;
 
+import com.google.s2a.proto.v2.S2AServiceGrpc;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
 import io.grpc.Grpc;
@@ -37,7 +38,6 @@
 import io.grpc.s2a.S2AChannelCredentials;
 import io.grpc.s2a.internal.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.internal.handshaker.FakeS2AServer;
-import io.grpc.s2a.internal.handshaker.S2AServiceGrpc;
 import io.grpc.s2a.internal.handshaker.S2AStub;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.protobuf.SimpleRequest;
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
index 2d19dd122ec..322397c93be 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServer.java
@@ -16,6 +16,9 @@
 
 package io.grpc.s2a.internal.handshaker;
 
+import com.google.s2a.proto.v2.S2AServiceGrpc;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
index fc3bbba9e39..d8374a8a382 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
@@ -22,12 +22,22 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.util.concurrent.SettableFuture;
 import com.google.protobuf.ByteString;
+import com.google.s2a.proto.v2.Ciphersuite;
+import com.google.s2a.proto.v2.ConnectionSide;
+import com.google.s2a.proto.v2.GetTlsConfigurationReq;
+import com.google.s2a.proto.v2.GetTlsConfigurationResp;
+import com.google.s2a.proto.v2.S2AServiceGrpc;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
+import com.google.s2a.proto.v2.TLSVersion;
+import com.google.s2a.proto.v2.ValidatePeerCertificateChainReq;
+import com.google.s2a.proto.v2.ValidatePeerCertificateChainReq.VerificationMode;
+import com.google.s2a.proto.v2.ValidatePeerCertificateChainResp;
 import io.grpc.Grpc;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.ManagedChannel;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
-import io.grpc.s2a.internal.handshaker.ValidatePeerCertificateChainReq.VerificationMode;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
 import java.io.InputStream;
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
index 0b3ecff3f8e..0b398638f92 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeWriter.java
@@ -16,13 +16,25 @@
 
 package io.grpc.s2a.internal.handshaker;
 
-import static io.grpc.s2a.internal.handshaker.TLSVersion.TLS_VERSION_1_2;
-import static io.grpc.s2a.internal.handshaker.TLSVersion.TLS_VERSION_1_3;
+import static com.google.s2a.proto.v2.TLSVersion.TLS_VERSION_1_2;
+import static com.google.s2a.proto.v2.TLSVersion.TLS_VERSION_1_3;
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.io.CharStreams;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import com.google.protobuf.ByteString;
+import com.google.s2a.proto.v2.Ciphersuite;
+import com.google.s2a.proto.v2.ConnectionSide;
+import com.google.s2a.proto.v2.GetTlsConfigurationReq;
+import com.google.s2a.proto.v2.GetTlsConfigurationResp;
+import com.google.s2a.proto.v2.OffloadPrivateKeyOperationReq;
+import com.google.s2a.proto.v2.OffloadPrivateKeyOperationResp;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
+import com.google.s2a.proto.v2.SignatureAlgorithm;
+import com.google.s2a.proto.v2.Status;
+import com.google.s2a.proto.v2.ValidatePeerCertificateChainReq;
+import com.google.s2a.proto.v2.ValidatePeerCertificateChainResp;
 import io.grpc.stub.StreamObserver;
 import io.grpc.util.CertificateUtils;
 import java.io.FileNotFoundException;
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
index d69d84bf459..c1c629366aa 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/GetAuthenticationMechanismsTest.java
@@ -17,6 +17,7 @@
 package io.grpc.s2a.internal.handshaker;
 
 import com.google.common.truth.Expect;
+import com.google.s2a.proto.v2.AuthenticationMechanism;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.grpc.s2a.internal.handshaker.tokenmanager.AccessTokenManager;
 import io.grpc.s2a.internal.handshaker.tokenmanager.SingleTokenFetcher;
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
index f60aa1a189b..28dbf0e4d88 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/ProtoUtilTest.java
@@ -20,6 +20,7 @@
 
 import com.google.common.collect.ImmutableSet;
 import com.google.common.truth.Expect;
+import com.google.s2a.proto.v2.TLSVersion;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
index 1aceb9518c3..8f71496cab8 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2APrivateKeyMethodTest.java
@@ -25,6 +25,11 @@
 
 import com.google.common.truth.Expect;
 import com.google.protobuf.ByteString;
+import com.google.s2a.proto.v2.OffloadPrivateKeyOperationReq;
+import com.google.s2a.proto.v2.OffloadPrivateKeyOperationResp;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
+import com.google.s2a.proto.v2.SignatureAlgorithm;
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.handler.ssl.OpenSslPrivateKeyMethod;
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
index e537687c287..7e776f16da2 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactoryTest.java
@@ -22,6 +22,9 @@
 
 import com.google.common.testing.NullPointerTester;
 import com.google.common.testing.NullPointerTester.Visibility;
+import com.google.s2a.proto.v2.S2AServiceGrpc;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
 import io.grpc.Channel;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.Server;
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
index c912faecd48..713984c361d 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
@@ -21,6 +21,15 @@
 import static org.junit.Assert.assertThrows;
 
 import com.google.common.truth.Expect;
+import com.google.s2a.proto.v2.Ciphersuite;
+import com.google.s2a.proto.v2.ConnectionSide;
+import com.google.s2a.proto.v2.GetTlsConfigurationReq;
+import com.google.s2a.proto.v2.GetTlsConfigurationResp;
+import com.google.s2a.proto.v2.S2AServiceGrpc;
+import com.google.s2a.proto.v2.SessionReq;
+import com.google.s2a.proto.v2.SessionResp;
+import com.google.s2a.proto.v2.Status;
+import com.google.s2a.proto.v2.TLSVersion;
 import io.grpc.Channel;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.internal.ObjectPool;

From 892144dcac18a1cedbdc4cddecefb41193a965fc Mon Sep 17 00:00:00 2001
From: Daniel Liu <danielztliu@google.com>
Date: Wed, 19 Feb 2025 20:25:33 -0800
Subject: [PATCH 195/591] xds: explicitly set request hash key for the ring
 hash LB policy

Implements [gRFC A76: explicitly setting the request hash key for the
ring hash LB policy][A76]
* Explictly setting the request hash key is guarded by the
  `GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY` environment
  variable until API stabilized.

Tested:
* Verified end-to-end by spinning up multiple gRPC servers and a gRPC
  client that injects a custom service (load balancing) config with
  `ring_hash_experimental` and a custom `request_hash_header` (with
  NO associated value in the metadata headers) which generates a random
  hash for each request to the ring hash LB. Verified picks/RPCs are
  split evenly/uniformly across all backends.
* Ran affected unit tests with thread sanitizer and 1000 iterations to
  prevent data races.

[A76]: https://github.com/grpc/proposal/blob/master/A76-ring-hash-improvements.md#explicitly-setting-the-request-hash-key
---
 .../io/grpc/xds/RingHashLoadBalancer.java     | 131 ++++++++---
 .../xds/RingHashLoadBalancerProvider.java     |  11 +-
 .../xds/ClusterResolverLoadBalancerTest.java  |   2 +-
 .../xds/RingHashLoadBalancerProviderTest.java |  62 ++++++
 .../io/grpc/xds/RingHashLoadBalancerTest.java | 206 ++++++++++++++++--
 5 files changed, 357 insertions(+), 55 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
index 3793482c86b..4f314e5391a 100644
--- a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
@@ -25,6 +25,8 @@
 import static io.grpc.ConnectivityState.SHUTDOWN;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Joiner;
 import com.google.common.base.MoreObjects;
 import com.google.common.collect.HashMultiset;
 import com.google.common.collect.Multiset;
@@ -34,9 +36,11 @@
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.InternalLogId;
 import io.grpc.LoadBalancer;
+import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
 import io.grpc.util.MultiChildLoadBalancer;
+import io.grpc.xds.ThreadSafeRandom.ThreadSafeRandomImpl;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
 import java.net.SocketAddress;
@@ -69,13 +73,21 @@ final class RingHashLoadBalancer extends MultiChildLoadBalancer {
       new LazyLoadBalancer.Factory(pickFirstLbProvider);
   private final XdsLogger logger;
   private final SynchronizationContext syncContext;
+  private final ThreadSafeRandom random;
   private List<RingEntry> ring;
+  @Nullable private Metadata.Key<String> requestHashHeaderKey;
 
   RingHashLoadBalancer(Helper helper) {
+    this(helper, ThreadSafeRandomImpl.instance);
+  }
+
+  @VisibleForTesting
+  RingHashLoadBalancer(Helper helper, ThreadSafeRandom random) {
     super(helper);
     syncContext = checkNotNull(helper.getSynchronizationContext(), "syncContext");
     logger = XdsLogger.withLogId(InternalLogId.allocate("ring_hash_lb", helper.getAuthority()));
     logger.log(XdsLogLevel.INFO, "Created");
+    this.random = checkNotNull(random, "random");
   }
 
   @Override
@@ -92,6 +104,10 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     if (config == null) {
       throw new IllegalArgumentException("Missing RingHash configuration");
     }
+    requestHashHeaderKey =
+        config.requestHashHeader.isEmpty()
+            ? null
+            : Metadata.Key.of(config.requestHashHeader, Metadata.ASCII_STRING_MARSHALLER);
     Map<EquivalentAddressGroup, Long> serverWeights = new HashMap<>();
     long totalWeight = 0L;
     for (EquivalentAddressGroup eag : addrList) {
@@ -197,7 +213,8 @@ protected void updateOverallBalancingState() {
       overallState = TRANSIENT_FAILURE;
     }
 
-    RingHashPicker picker = new RingHashPicker(syncContext, ring, getChildLbStates());
+    RingHashPicker picker =
+        new RingHashPicker(syncContext, ring, getChildLbStates(), requestHashHeaderKey, random);
     getHelper().updateBalancingState(overallState, picker);
     this.currentConnectivityState = overallState;
   }
@@ -325,21 +342,32 @@ private static final class RingHashPicker extends SubchannelPicker {
     // TODO(chengyuanzhang): can be more performance-friendly with
     //  IdentityHashMap<Subchannel, ConnectivityStateInfo> and RingEntry contains Subchannel.
     private final Map<Endpoint, SubchannelView> pickableSubchannels;  // read-only
+    @Nullable private final Metadata.Key<String> requestHashHeaderKey;
+    private final ThreadSafeRandom random;
+    private final boolean hasEndpointInConnectingState;
 
     private RingHashPicker(
         SynchronizationContext syncContext, List<RingEntry> ring,
-        Collection<ChildLbState> children) {
+        Collection<ChildLbState> children, Metadata.Key<String> requestHashHeaderKey,
+        ThreadSafeRandom random) {
       this.syncContext = syncContext;
       this.ring = ring;
+      this.requestHashHeaderKey = requestHashHeaderKey;
+      this.random = random;
       pickableSubchannels = new HashMap<>(children.size());
+      boolean hasConnectingState = false;
       for (ChildLbState childLbState : children) {
         pickableSubchannels.put((Endpoint)childLbState.getKey(),
             new SubchannelView(childLbState, childLbState.getCurrentState()));
+        if (childLbState.getCurrentState() == CONNECTING) {
+          hasConnectingState = true;
+        }
       }
+      this.hasEndpointInConnectingState = hasConnectingState;
     }
 
     // Find the ring entry with hash next to (clockwise) the RPC's hash (binary search).
-    private int getTargetIndex(Long requestHash) {
+    private int getTargetIndex(long requestHash) {
       if (ring.size() <= 1) {
         return 0;
       }
@@ -365,38 +393,77 @@ private int getTargetIndex(Long requestHash) {
 
     @Override
     public PickResult pickSubchannel(PickSubchannelArgs args) {
-      Long requestHash = args.getCallOptions().getOption(XdsNameResolver.RPC_HASH_KEY);
-      if (requestHash == null) {
-        return PickResult.withError(RPC_HASH_NOT_FOUND);
+      // Determine request hash.
+      boolean usingRandomHash = false;
+      long requestHash;
+      if (requestHashHeaderKey == null) {
+        // Set by the xDS config selector.
+        Long rpcHashFromCallOptions = args.getCallOptions().getOption(XdsNameResolver.RPC_HASH_KEY);
+        if (rpcHashFromCallOptions == null) {
+          return PickResult.withError(RPC_HASH_NOT_FOUND);
+        }
+        requestHash = rpcHashFromCallOptions;
+      } else {
+        Iterable<String> headerValues = args.getHeaders().getAll(requestHashHeaderKey);
+        if (headerValues != null) {
+          requestHash = hashFunc.hashAsciiString(Joiner.on(",").join(headerValues));
+        } else {
+          requestHash = random.nextLong();
+          usingRandomHash = true;
+        }
       }
 
       int targetIndex = getTargetIndex(requestHash);
 
-      // Per gRFC A61, because of sticky-TF with PickFirst's auto reconnect on TF, we ignore
-      // all TF subchannels and find the first ring entry in READY, CONNECTING or IDLE.  If
-      // CONNECTING or IDLE we return a pick with no results.  Additionally, if that entry is in
-      // IDLE, we initiate a connection.
-      for (int i = 0; i < ring.size(); i++) {
-        int index = (targetIndex + i) % ring.size();
-        SubchannelView subchannelView = pickableSubchannels.get(ring.get(index).addrKey);
-        ChildLbState childLbState = subchannelView.childLbState;
-
-        if (subchannelView.connectivityState  == READY) {
-          return childLbState.getCurrentPicker().pickSubchannel(args);
+      if (!usingRandomHash) {
+        // Per gRFC A61, because of sticky-TF with PickFirst's auto reconnect on TF, we ignore
+        // all TF subchannels and find the first ring entry in READY, CONNECTING or IDLE.  If
+        // CONNECTING or IDLE we return a pick with no results.  Additionally, if that entry is in
+        // IDLE, we initiate a connection.
+        for (int i = 0; i < ring.size(); i++) {
+          int index = (targetIndex + i) % ring.size();
+          SubchannelView subchannelView = pickableSubchannels.get(ring.get(index).addrKey);
+          ChildLbState childLbState = subchannelView.childLbState;
+
+          if (subchannelView.connectivityState  == READY) {
+            return childLbState.getCurrentPicker().pickSubchannel(args);
+          }
+
+          // RPCs can be buffered if the next subchannel is pending (per A62). Otherwise, RPCs
+          // are failed unless there is a READY connection.
+          if (subchannelView.connectivityState == CONNECTING) {
+            return PickResult.withNoResult();
+          }
+
+          if (subchannelView.connectivityState == IDLE) {
+            syncContext.execute(() -> {
+              childLbState.getLb().requestConnection();
+            });
+
+            return PickResult.withNoResult(); // Indicates that this should be retried after backoff
+          }
         }
-
-        // RPCs can be buffered if the next subchannel is pending (per A62). Otherwise, RPCs
-        // are failed unless there is a READY connection.
-        if (subchannelView.connectivityState == CONNECTING) {
-          return PickResult.withNoResult();
+      } else {
+        // Using a random hash. Find and use the first READY ring entry, triggering at most one
+        // entry to attempt connection.
+        boolean requestedConnection = hasEndpointInConnectingState;
+        for (int i = 0; i < ring.size(); i++) {
+          int index = (targetIndex + i) % ring.size();
+          SubchannelView subchannelView = pickableSubchannels.get(ring.get(index).addrKey);
+          ChildLbState childLbState = subchannelView.childLbState;
+          if (subchannelView.connectivityState == READY) {
+            return childLbState.getCurrentPicker().pickSubchannel(args);
+          }
+          if (!requestedConnection && subchannelView.connectivityState == IDLE) {
+            syncContext.execute(
+                () -> {
+                  childLbState.getLb().requestConnection();
+                });
+            requestedConnection = true;
+          }
         }
-
-        if (subchannelView.connectivityState == IDLE) {
-          syncContext.execute(() -> {
-            childLbState.getLb().requestConnection();
-          });
-
-          return PickResult.withNoResult(); // Indicates that this should be retried after backoff
+        if (requestedConnection) {
+          return PickResult.withNoResult();
         }
       }
 
@@ -444,13 +511,16 @@ public int compareTo(RingEntry entry) {
   static final class RingHashConfig {
     final long minRingSize;
     final long maxRingSize;
+    final String requestHashHeader;
 
-    RingHashConfig(long minRingSize, long maxRingSize) {
+    RingHashConfig(long minRingSize, long maxRingSize, String requestHashHeader) {
       checkArgument(minRingSize > 0, "minRingSize <= 0");
       checkArgument(maxRingSize > 0, "maxRingSize <= 0");
       checkArgument(minRingSize <= maxRingSize, "minRingSize > maxRingSize");
+      checkNotNull(requestHashHeader);
       this.minRingSize = minRingSize;
       this.maxRingSize = maxRingSize;
+      this.requestHashHeader = requestHashHeader;
     }
 
     @Override
@@ -458,6 +528,7 @@ public String toString() {
       return MoreObjects.toStringHelper(this)
           .add("minRingSize", minRingSize)
           .add("maxRingSize", maxRingSize)
+          .add("requestHashHeader", requestHashHeader)
           .toString();
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancerProvider.java
index dad79384569..035ff76c585 100644
--- a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancerProvider.java
@@ -24,6 +24,7 @@
 import io.grpc.LoadBalancerProvider;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.JsonUtil;
 import io.grpc.xds.RingHashLoadBalancer.RingHashConfig;
 import io.grpc.xds.RingHashOptions;
@@ -81,6 +82,10 @@ private ConfigOrError parseLoadBalancingPolicyConfigInternal(
       Map<String, ?> rawLoadBalancingPolicyConfig) {
     Long minRingSize = JsonUtil.getNumberAsLong(rawLoadBalancingPolicyConfig, "minRingSize");
     Long maxRingSize = JsonUtil.getNumberAsLong(rawLoadBalancingPolicyConfig, "maxRingSize");
+    String requestHashHeader = "";
+    if (GrpcUtil.getFlag("GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY", false)) {
+      requestHashHeader = JsonUtil.getString(rawLoadBalancingPolicyConfig, "requestHashHeader");
+    }
     long maxRingSizeCap = RingHashOptions.getRingSizeCap();
     if (minRingSize == null) {
       minRingSize = DEFAULT_MIN_RING_SIZE;
@@ -88,6 +93,9 @@ private ConfigOrError parseLoadBalancingPolicyConfigInternal(
     if (maxRingSize == null) {
       maxRingSize = DEFAULT_MAX_RING_SIZE;
     }
+    if (requestHashHeader == null) {
+      requestHashHeader = "";
+    }
     if (minRingSize > maxRingSizeCap) {
       minRingSize = maxRingSizeCap;
     }
@@ -98,6 +106,7 @@ private ConfigOrError parseLoadBalancingPolicyConfigInternal(
       return ConfigOrError.fromError(Status.UNAVAILABLE.withDescription(
           "Invalid 'mingRingSize'/'maxRingSize'"));
     }
-    return ConfigOrError.fromConfig(new RingHashConfig(minRingSize, maxRingSize));
+    return ConfigOrError.fromConfig(
+        new RingHashConfig(minRingSize, maxRingSize, requestHashHeader));
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 9243abba6d3..28898c0930f 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -163,7 +163,7 @@ public void uncaughtException(Thread t, Throwable e) {
           GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
               new FakeLoadBalancerProvider("round_robin"), null)));
   private final Object ringHash = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-      new FakeLoadBalancerProvider("ring_hash_experimental"), new RingHashConfig(10L, 100L));
+      new FakeLoadBalancerProvider("ring_hash_experimental"), new RingHashConfig(10L, 100L, ""));
   private final Object leastRequest = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
       new FakeLoadBalancerProvider("wrr_locality_experimental"), new WrrLocalityConfig(
           GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerProviderTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerProviderTest.java
index 87615a125c0..3036db5b09f 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerProviderTest.java
@@ -42,6 +42,8 @@
 @RunWith(JUnit4.class)
 public class RingHashLoadBalancerProviderTest {
   private static final String AUTHORITY = "foo.googleapis.com";
+  private static final String GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY =
+      "GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY";
 
   private final SynchronizationContext syncContext = new SynchronizationContext(
       new UncaughtExceptionHandler() {
@@ -81,6 +83,7 @@ public void parseLoadBalancingConfig_valid() throws IOException {
     RingHashConfig config = (RingHashConfig) configOrError.getConfig();
     assertThat(config.minRingSize).isEqualTo(10L);
     assertThat(config.maxRingSize).isEqualTo(100L);
+    assertThat(config.requestHashHeader).isEmpty();
   }
 
   @Test
@@ -92,6 +95,7 @@ public void parseLoadBalancingConfig_missingRingSize_useDefaults() throws IOExce
     RingHashConfig config = (RingHashConfig) configOrError.getConfig();
     assertThat(config.minRingSize).isEqualTo(RingHashLoadBalancerProvider.DEFAULT_MIN_RING_SIZE);
     assertThat(config.maxRingSize).isEqualTo(RingHashLoadBalancerProvider.DEFAULT_MAX_RING_SIZE);
+    assertThat(config.requestHashHeader).isEmpty();
   }
 
   @Test
@@ -127,6 +131,7 @@ public void parseLoadBalancingConfig_ringTooLargeUsesCap() throws IOException {
     RingHashConfig config = (RingHashConfig) configOrError.getConfig();
     assertThat(config.minRingSize).isEqualTo(10);
     assertThat(config.maxRingSize).isEqualTo(RingHashOptions.DEFAULT_RING_SIZE_CAP);
+    assertThat(config.requestHashHeader).isEmpty();
   }
 
   @Test
@@ -142,6 +147,7 @@ public void parseLoadBalancingConfig_ringCapCanBeRaised() throws IOException {
     RingHashConfig config = (RingHashConfig) configOrError.getConfig();
     assertThat(config.minRingSize).isEqualTo(RingHashOptions.MAX_RING_SIZE_CAP);
     assertThat(config.maxRingSize).isEqualTo(RingHashOptions.MAX_RING_SIZE_CAP);
+    assertThat(config.requestHashHeader).isEmpty();
     // Reset to avoid affecting subsequent test cases
     RingHashOptions.setRingSizeCap(RingHashOptions.DEFAULT_RING_SIZE_CAP);
   }
@@ -159,6 +165,7 @@ public void parseLoadBalancingConfig_ringCapIsClampedTo8M() throws IOException {
     RingHashConfig config = (RingHashConfig) configOrError.getConfig();
     assertThat(config.minRingSize).isEqualTo(RingHashOptions.MAX_RING_SIZE_CAP);
     assertThat(config.maxRingSize).isEqualTo(RingHashOptions.MAX_RING_SIZE_CAP);
+    assertThat(config.requestHashHeader).isEmpty();
     // Reset to avoid affecting subsequent test cases
     RingHashOptions.setRingSizeCap(RingHashOptions.DEFAULT_RING_SIZE_CAP);
   }
@@ -176,6 +183,7 @@ public void parseLoadBalancingConfig_ringCapCanBeLowered() throws IOException {
     RingHashConfig config = (RingHashConfig) configOrError.getConfig();
     assertThat(config.minRingSize).isEqualTo(1);
     assertThat(config.maxRingSize).isEqualTo(1);
+    assertThat(config.requestHashHeader).isEmpty();
     // Reset to avoid affecting subsequent test cases
     RingHashOptions.setRingSizeCap(RingHashOptions.DEFAULT_RING_SIZE_CAP);
   }
@@ -193,6 +201,7 @@ public void parseLoadBalancingConfig_ringCapLowerLimitIs1() throws IOException {
     RingHashConfig config = (RingHashConfig) configOrError.getConfig();
     assertThat(config.minRingSize).isEqualTo(1);
     assertThat(config.maxRingSize).isEqualTo(1);
+    assertThat(config.requestHashHeader).isEmpty();
     // Reset to avoid affecting subsequent test cases
     RingHashOptions.setRingSizeCap(RingHashOptions.DEFAULT_RING_SIZE_CAP);
   }
@@ -219,6 +228,59 @@ public void parseLoadBalancingConfig_minRingSizeGreaterThanMaxRingSize() throws
         .isEqualTo("Invalid 'mingRingSize'/'maxRingSize'");
   }
 
+  @Test
+  public void parseLoadBalancingConfig_requestHashHeaderIgnoredWhenEnvVarNotSet()
+      throws IOException {
+    String lbConfig =
+        "{\"minRingSize\" : 10, \"maxRingSize\" : 100, \"requestHashHeader\" : \"dummy-hash\"}";
+    ConfigOrError configOrError =
+        provider.parseLoadBalancingPolicyConfig(parseJsonObject(lbConfig));
+    assertThat(configOrError.getConfig()).isNotNull();
+    RingHashConfig config = (RingHashConfig) configOrError.getConfig();
+    assertThat(config.minRingSize).isEqualTo(10L);
+    assertThat(config.maxRingSize).isEqualTo(100L);
+    assertThat(config.requestHashHeader).isEmpty();
+  }
+
+  @Test
+  public void parseLoadBalancingConfig_requestHashHeaderSetWhenEnvVarSet() throws IOException {
+    System.setProperty(GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY, "true");
+    try {
+      String lbConfig =
+          "{\"minRingSize\" : 10, \"maxRingSize\" : 100, \"requestHashHeader\" : \"dummy-hash\"}";
+      ConfigOrError configOrError =
+          provider.parseLoadBalancingPolicyConfig(parseJsonObject(lbConfig));
+      assertThat(configOrError.getConfig()).isNotNull();
+      RingHashConfig config = (RingHashConfig) configOrError.getConfig();
+      assertThat(config.minRingSize).isEqualTo(10L);
+      assertThat(config.maxRingSize).isEqualTo(100L);
+      assertThat(config.requestHashHeader).isEqualTo("dummy-hash");
+      assertThat(config.toString()).contains("minRingSize=10");
+      assertThat(config.toString()).contains("maxRingSize=100");
+      assertThat(config.toString()).contains("requestHashHeader=dummy-hash");
+    } finally {
+      System.clearProperty(GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY);
+    }
+  }
+
+  @Test
+  public void parseLoadBalancingConfig_requestHashHeaderUnsetWhenEnvVarSet_useDefaults()
+      throws IOException {
+    System.setProperty(GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY, "true");
+    try {
+      String lbConfig = "{\"minRingSize\" : 10, \"maxRingSize\" : 100}";
+      ConfigOrError configOrError =
+          provider.parseLoadBalancingPolicyConfig(parseJsonObject(lbConfig));
+      assertThat(configOrError.getConfig()).isNotNull();
+      RingHashConfig config = (RingHashConfig) configOrError.getConfig();
+      assertThat(config.minRingSize).isEqualTo(10L);
+      assertThat(config.maxRingSize).isEqualTo(100L);
+      assertThat(config.requestHashHeader).isEmpty();
+    } finally {
+      System.clearProperty(GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY);
+    }
+  }
+
   @SuppressWarnings("unchecked")
   private static Map<String, ?> parseJsonObject(String json) throws IOException {
     return (Map<String, ?>) JsonParser.parse(json);
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
index 65fc1527b0c..f27cb772d03 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
@@ -98,6 +98,9 @@
 @RunWith(JUnit4.class)
 public class RingHashLoadBalancerTest {
   private static final String AUTHORITY = "foo.googleapis.com";
+  private static final String CUSTOM_REQUEST_HASH_HEADER = "custom-request-hash-header";
+  private static final Metadata.Key<String> CUSTOM_METADATA_KEY =
+      Metadata.Key.of(CUSTOM_REQUEST_HASH_HEADER, Metadata.ASCII_STRING_MARSHALLER);
   private static final Attributes.Key<String> CUSTOM_KEY = Attributes.Key.create("custom-key");
   private static final ConnectivityStateInfo CSI_CONNECTING =
       ConnectivityStateInfo.forNonError(CONNECTING);
@@ -142,7 +145,7 @@ public void tearDown() {
 
   @Test
   public void subchannelLazyConnectUntilPicked() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1);  // one server
     Status addressesAcceptanceStatus = loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
@@ -176,7 +179,7 @@ public void subchannelLazyConnectUntilPicked() {
 
   @Test
   public void subchannelNotAutoReconnectAfterReenteringIdle() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1);  // one server
     Status addressesAcceptanceStatus = loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
@@ -207,7 +210,7 @@ public void subchannelNotAutoReconnectAfterReenteringIdle() {
 
   @Test
   public void aggregateSubchannelStates_connectingReadyIdleFailure() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1);
     InOrder inOrder = Mockito.inOrder(helper);
 
@@ -266,7 +269,7 @@ private void verifyConnection(int times) {
 
   @Test
   public void aggregateSubchannelStates_allSubchannelsInTransientFailure() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1, 1);
 
     List<Subchannel> subChannelList = initializeLbSubchannels(config, servers, STAY_IN_CONNECTING);
@@ -324,7 +327,7 @@ private void refreshInvokedAndUpdateBS(InOrder inOrder, ConnectivityState state)
 
   @Test
   public void ignoreShutdownSubchannelStateChange() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
     initializeLbSubchannels(config, servers);
 
@@ -340,7 +343,7 @@ public void ignoreShutdownSubchannelStateChange() {
 
   @Test
   public void deterministicPickWithHostsPartiallyRemoved() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1, 1, 1);
     initializeLbSubchannels(config, servers);
     InOrder inOrder = Mockito.inOrder(helper);
@@ -380,7 +383,7 @@ public void deterministicPickWithHostsPartiallyRemoved() {
 
   @Test
   public void deterministicPickWithNewHostsAdded() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1);  // server0 and server1
     initializeLbSubchannels(config, servers, DO_NOT_VERIFY, DO_NOT_RESET_HELPER);
 
@@ -412,6 +415,139 @@ public void deterministicPickWithNewHostsAdded() {
     inOrder.verifyNoMoreInteractions();
   }
 
+  @Test
+  public void deterministicPickWithRequestHashHeader_oneHeaderValue() {
+    // Map each server address to exactly one ring entry.
+    RingHashConfig config = new RingHashConfig(3, 3, CUSTOM_REQUEST_HASH_HEADER);
+    List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
+    initializeLbSubchannels(config, servers);
+    InOrder inOrder = Mockito.inOrder(helper);
+
+    // Bring all subchannels to READY.
+    for (Subchannel subchannel : subchannels.values()) {
+      deliverSubchannelState(subchannel, CSI_READY);
+      inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
+    }
+
+    // Pick subchannel with custom request hash header where the rpc hash hits server1.
+    Metadata headers = new Metadata();
+    headers.put(CUSTOM_METADATA_KEY, "FakeSocketAddress-server1_0");
+    PickSubchannelArgs args =
+        new PickSubchannelArgsImpl(
+            TestMethodDescriptors.voidMethod(),
+            headers,
+            CallOptions.DEFAULT,
+            new PickDetailsConsumer() {});
+    SubchannelPicker picker = pickerCaptor.getValue();
+    PickResult result = picker.pickSubchannel(args);
+    assertThat(result.getStatus().isOk()).isTrue();
+    assertThat(result.getSubchannel().getAddresses()).isEqualTo(servers.get(1));
+  }
+
+  @Test
+  public void deterministicPickWithRequestHashHeader_multipleHeaderValues() {
+    // Map each server address to exactly one ring entry.
+    RingHashConfig config = new RingHashConfig(3, 3, CUSTOM_REQUEST_HASH_HEADER);
+    List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
+    initializeLbSubchannels(config, servers);
+    InOrder inOrder = Mockito.inOrder(helper);
+
+    // Bring all subchannels to READY.
+    for (Subchannel subchannel : subchannels.values()) {
+      deliverSubchannelState(subchannel, CSI_READY);
+      inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
+    }
+
+    // Pick subchannel with custom request hash header with multiple values for the same key where
+    // the rpc hash hits server1.
+    Metadata headers = new Metadata();
+    headers.put(CUSTOM_METADATA_KEY, "FakeSocketAddress-server0_0");
+    headers.put(CUSTOM_METADATA_KEY, "FakeSocketAddress-server1_0");
+    PickSubchannelArgs args =
+        new PickSubchannelArgsImpl(
+            TestMethodDescriptors.voidMethod(),
+            headers,
+            CallOptions.DEFAULT,
+            new PickDetailsConsumer() {});
+    SubchannelPicker picker = pickerCaptor.getValue();
+    PickResult result = picker.pickSubchannel(args);
+    assertThat(result.getStatus().isOk()).isTrue();
+    assertThat(result.getSubchannel().getAddresses()).isEqualTo(servers.get(1));
+  }
+
+  @Test
+  public void pickWithRandomHash_allSubchannelsReady() {
+    loadBalancer = new RingHashLoadBalancer(helper, new FakeRandom());
+    // Map each server address to exactly one ring entry.
+    RingHashConfig config = new RingHashConfig(2, 2, "dummy-random-hash");
+    List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1);
+    initializeLbSubchannels(config, servers);
+    InOrder inOrder = Mockito.inOrder(helper);
+
+    // Bring all subchannels to READY.
+    Map<EquivalentAddressGroup, Integer> pickCounts = new HashMap<>();
+    for (Subchannel subchannel : subchannels.values()) {
+      deliverSubchannelState(subchannel, CSI_READY);
+      pickCounts.put(subchannel.getAddresses(), 0);
+      inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
+    }
+
+    // Pick subchannel 100 times with random hash.
+    SubchannelPicker picker = pickerCaptor.getValue();
+    PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
+    for (int i = 0; i < 100; ++i) {
+      Subchannel pickedSubchannel = picker.pickSubchannel(args).getSubchannel();
+      EquivalentAddressGroup addr = pickedSubchannel.getAddresses();
+      pickCounts.put(addr, pickCounts.get(addr) + 1);
+    }
+
+    // Verify the distribution is uniform where server0 and server1 are exactly picked 50 times.
+    assertThat(pickCounts.get(servers.get(0))).isEqualTo(50);
+    assertThat(pickCounts.get(servers.get(1))).isEqualTo(50);
+  }
+
+  @Test
+  public void pickWithRandomHash_atLeastOneSubchannelConnecting() {
+    // Map each server address to exactly one ring entry.
+    RingHashConfig config = new RingHashConfig(3, 3, "dummy-random-hash");
+    List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
+    initializeLbSubchannels(config, servers);
+
+    // Bring one subchannel to CONNECTING.
+    deliverSubchannelState(getSubChannel(servers.get(0)), CSI_CONNECTING);
+    verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
+
+    // Pick subchannel with random hash does not trigger connection.
+    SubchannelPicker picker = pickerCaptor.getValue();
+    PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
+    PickResult result = picker.pickSubchannel(args);
+    assertThat(result.getStatus().isOk()).isTrue();
+    assertThat(result.getSubchannel()).isNull(); // buffer request
+    verifyConnection(0);
+  }
+
+  @Test
+  public void pickWithRandomHash_firstSubchannelInTransientFailure_remainingSubchannelsIdle() {
+    // Map each server address to exactly one ring entry.
+    RingHashConfig config = new RingHashConfig(3, 3, "dummy-random-hash");
+    List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
+    initializeLbSubchannels(config, servers);
+
+    // Bring one subchannel to TRANSIENT_FAILURE.
+    deliverSubchannelUnreachable(getSubChannel(servers.get(0)));
+    verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
+    verifyConnection(0);
+
+    // Pick subchannel with random hash does trigger connection by walking the ring
+    // and choosing the first (at most one) IDLE subchannel along the way.
+    SubchannelPicker picker = pickerCaptor.getValue();
+    PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
+    PickResult result = picker.pickSubchannel(args);
+    assertThat(result.getStatus().isOk()).isTrue();
+    assertThat(result.getSubchannel()).isNull(); // buffer request
+    verifyConnection(1);
+  }
+
   private Subchannel getSubChannel(EquivalentAddressGroup eag) {
     return subchannels.get(Collections.singletonList(eag));
   }
@@ -419,7 +555,7 @@ private Subchannel getSubChannel(EquivalentAddressGroup eag) {
   @Test
   public void skipFailingHosts_pickNextNonFailingHost() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
     Status addressesAcceptanceStatus =
         loadBalancer.acceptResolvedAddresses(
@@ -489,7 +625,7 @@ private PickSubchannelArgs getDefaultPickSubchannelArgsForServer(int serverid) {
   @Test
   public void skipFailingHosts_firstTwoHostsFailed_pickNextFirstReady() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
 
     initializeLbSubchannels(config, servers);
@@ -555,7 +691,7 @@ public void skipFailingHosts_firstTwoHostsFailed_pickNextFirstReady() {
   @Test
   public void removingAddressShutdownSubchannel() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> svs1 = createWeightedServerAddrs(1, 1, 1);
     List<Subchannel> subchannels1 = initializeLbSubchannels(config, svs1, STAY_IN_CONNECTING);
 
@@ -572,7 +708,7 @@ public void removingAddressShutdownSubchannel() {
   @Test
   public void allSubchannelsInTransientFailure() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
     initializeLbSubchannels(config, servers);
 
@@ -599,7 +735,7 @@ public void allSubchannelsInTransientFailure() {
   @Test
   public void firstSubchannelIdle() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
     initializeLbSubchannels(config, servers);
 
@@ -620,7 +756,7 @@ public void firstSubchannelIdle() {
   @Test
   public void firstSubchannelConnecting() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
     initializeLbSubchannels(config, servers);
 
@@ -644,7 +780,7 @@ private Subchannel getSubchannel(List<EquivalentAddressGroup> servers, int serve
   @Test
   public void firstSubchannelFailure() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
 
     List<Subchannel> subchannelList =
@@ -675,7 +811,7 @@ public void firstSubchannelFailure() {
   @Test
   public void secondSubchannelConnecting() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
 
     initializeLbSubchannels(config, servers);
@@ -706,7 +842,7 @@ public void secondSubchannelConnecting() {
   @Test
   public void secondSubchannelFailure() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
 
     initializeLbSubchannels(config, servers);
@@ -733,7 +869,7 @@ public void secondSubchannelFailure() {
   @Test
   public void thirdSubchannelConnecting() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
 
     initializeLbSubchannels(config, servers);
@@ -762,7 +898,7 @@ public void thirdSubchannelConnecting() {
   @Test
   public void stickyTransientFailure() {
     // Map each server address to exactly one ring entry.
-    RingHashConfig config = new RingHashConfig(3, 3);
+    RingHashConfig config = new RingHashConfig(3, 3, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
 
     initializeLbSubchannels(config, servers);
@@ -791,7 +927,7 @@ public void stickyTransientFailure() {
 
   @Test
   public void largeWeights() {
-    RingHashConfig config = new RingHashConfig(10000, 100000);  // large ring
+    RingHashConfig config = new RingHashConfig(10000, 100000, "");  // large ring
     List<EquivalentAddressGroup> servers =
         createWeightedServerAddrs(Integer.MAX_VALUE, 10, 100); // MAX:10:100
 
@@ -829,7 +965,7 @@ public void largeWeights() {
 
   @Test
   public void hostSelectionProportionalToWeights() {
-    RingHashConfig config = new RingHashConfig(10000, 100000);  // large ring
+    RingHashConfig config = new RingHashConfig(10000, 100000, "");  // large ring
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 10, 100); // 1:10:100
 
     initializeLbSubchannels(config, servers);
@@ -872,7 +1008,7 @@ public void nameResolutionErrorWithNoActiveSubchannels() {
 
   @Test
   public void nameResolutionErrorWithActiveSubchannels() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1);
 
     initializeLbSubchannels(config, servers, DO_NOT_VERIFY, DO_NOT_RESET_HELPER);
@@ -894,7 +1030,7 @@ public void nameResolutionErrorWithActiveSubchannels() {
 
   @Test
   public void duplicateAddresses() {
-    RingHashConfig config = new RingHashConfig(10, 100);
+    RingHashConfig config = new RingHashConfig(10, 100, "");
     List<EquivalentAddressGroup> servers = createRepeatedServerAddrs(1, 2, 3);
 
     initializeLbSubchannels(config, servers, DO_NOT_VERIFY);
@@ -940,7 +1076,7 @@ protected Helper delegate() {
 
     InOrder inOrder = Mockito.inOrder(helper);
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1);
-    initializeLbSubchannels(new RingHashConfig(10, 100), servers);
+    initializeLbSubchannels(new RingHashConfig(10, 100, ""), servers);
     Subchannel subchannel0 = subchannels.get(Collections.singletonList(servers.get(0)));
     Subchannel subchannel1 = subchannels.get(Collections.singletonList(servers.get(1)));
 
@@ -1167,6 +1303,30 @@ public void requestConnection() {
     }
   }
 
+  private static final class FakeRandom implements ThreadSafeRandom {
+    int counter = 0;
+
+    @Override
+    public int nextInt(int bound) {
+      throw new UnsupportedOperationException("Should not be called");
+    }
+
+    @Override
+    public long nextLong() {
+      ++counter;
+      if (counter % 2 == 0) {
+        return XxHash64.INSTANCE.hashAsciiString("FakeSocketAddress-server0_0");
+      } else {
+        return XxHash64.INSTANCE.hashAsciiString("FakeSocketAddress-server1_0");
+      }
+    }
+
+    @Override
+    public long nextLong(long bound) {
+      throw new UnsupportedOperationException("Should not be called");
+    }
+  }
+
   enum InitializationFlags {
     DO_NOT_VERIFY,
     RESET_SUBCHANNEL_MOCKS,

From f207be39a98e1bd773ec6613f6eb6014fcb254c5 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 20 Feb 2025 13:03:10 -0800
Subject: [PATCH 196/591] util: Remove GracefulSwitchLb.switchTo()

It was deprecated in 85e0a01ec, so has been deprecated for six
releases/over six months.
---
 .../grpc/util/GracefulSwitchLoadBalancer.java |  39 +-
 .../util/GracefulSwitchLoadBalancerTest.java  | 447 ------------------
 2 files changed, 2 insertions(+), 484 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
index a63a641b037..72c41886ad4 100644
--- a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
@@ -44,28 +44,14 @@
  * generally created by calling {@link #parseLoadBalancingPolicyConfig(List)} from a
  * {@link io.grpc.LoadBalancerProvider#parseLoadBalancingPolicyConfig
  * provider's parseLoadBalancingPolicyConfig()} implementation.
- *
- * <p>Alternatively, the balancer may {@link #switchTo(LoadBalancer.Factory) switch to} a policy
- * prior to {@link
- * LoadBalancer#handleResolvedAddresses(ResolvedAddresses) handling resolved addresses} for the
- * first time. This causes graceful switch to ignore the service config and pass through the
- * resolved addresses directly to the child policy.
  */
 @ExperimentalApi("https://github.com/grpc/grpc-java/issues/5999")
 @NotThreadSafe // Must be accessed in SynchronizationContext
 public final class GracefulSwitchLoadBalancer extends ForwardingLoadBalancer {
   private final LoadBalancer defaultBalancer = new LoadBalancer() {
     @Override
-    public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-      //  Most LB policies using this class will receive child policy configuration within the
-      //  service config, so they are naturally calling switchTo() just before
-      //  handleResolvedAddresses(), within their own handleResolvedAddresses(). If switchTo() is
-      //  not called immediately after construction that does open up potential for bugs in the
-      //  parent policies, where they fail to call switchTo(). So we will use the exception to try
-      //  to notice those bugs quickly, as it will fail very loudly.
-      throw new IllegalStateException(
-          "GracefulSwitchLoadBalancer must switch to a load balancing policy before handling"
-              + " ResolvedAddresses");
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+      throw new AssertionError("real LB is called instead");
     }
 
     @Override
@@ -104,7 +90,6 @@ public String toString() {
   private LoadBalancer pendingLb = defaultBalancer;
   private ConnectivityState pendingState;
   private SubchannelPicker pendingPicker;
-  private boolean switchToCalled;
 
   private boolean currentLbIsReady;
 
@@ -114,10 +99,6 @@ public GracefulSwitchLoadBalancer(Helper helper) {
 
   @Override
   public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-    if (switchToCalled) {
-      delegate().handleResolvedAddresses(resolvedAddresses);
-      return;
-    }
     Config config = (Config) resolvedAddresses.getLoadBalancingPolicyConfig();
     switchToInternal(config.childFactory);
     delegate().handleResolvedAddresses(
@@ -128,9 +109,6 @@ public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
 
   @Override
   public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-    if (switchToCalled) {
-      return delegate().acceptResolvedAddresses(resolvedAddresses);
-    }
     Config config = (Config) resolvedAddresses.getLoadBalancingPolicyConfig();
     switchToInternal(config.childFactory);
     return delegate().acceptResolvedAddresses(
@@ -139,19 +117,6 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
           .build());
   }
 
-  /**
-   * Gracefully switch to a new policy defined by the given factory, if the given factory isn't
-   * equal to the current one.
-   *
-   * @deprecated Use {@code parseLoadBalancingPolicyConfig()} and pass the configuration to
-   *     {@link io.grpc.LoadBalancer.ResolvedAddresses.Builder#setLoadBalancingPolicyConfig}
-   */
-  @Deprecated
-  public void switchTo(LoadBalancer.Factory newBalancerFactory) {
-    switchToCalled = true;
-    switchToInternal(newBalancerFactory);
-  }
-
   private void switchToInternal(LoadBalancer.Factory newBalancerFactory) {
     checkNotNull(newBalancerFactory, "newBalancerFactory");
 
diff --git a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
index f31443ace7b..9a4f569c144 100644
--- a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
@@ -83,453 +83,6 @@ public class GracefulSwitchLoadBalancerTest {
     new FakeLoadBalancerProvider("lb_policy_3"),
   };
 
-  // OLD TESTS
-
-  @Test
-  @Deprecated
-  public void switchTo_canHandleEmptyAddressListFromNameResolutionForwardedToLatestPolicy() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    assertThat(gracefulSwitchLb.canHandleEmptyAddressListFromNameResolution()).isFalse();
-    when(lb0.canHandleEmptyAddressListFromNameResolution()).thenReturn(true);
-    assertThat(gracefulSwitchLb.canHandleEmptyAddressListFromNameResolution()).isTrue();
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-
-    assertThat(gracefulSwitchLb.canHandleEmptyAddressListFromNameResolution()).isFalse();
-
-    when(lb1.canHandleEmptyAddressListFromNameResolution()).thenReturn(true);
-    assertThat(gracefulSwitchLb.canHandleEmptyAddressListFromNameResolution()).isTrue();
-
-    gracefulSwitchLb.switchTo(lbPolicies[2]);
-    LoadBalancer lb2 = balancers.get(lbPolicies[2]);
-
-    assertThat(gracefulSwitchLb.canHandleEmptyAddressListFromNameResolution()).isFalse();
-
-    when(lb2.canHandleEmptyAddressListFromNameResolution()).thenReturn(true);
-    assertThat(gracefulSwitchLb.canHandleEmptyAddressListFromNameResolution()).isTrue();
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_handleResolvedAddressesAndNameResolutionErrorForwardedToLatestPolicy() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    ResolvedAddresses addresses = newFakeAddresses();
-    gracefulSwitchLb.handleResolvedAddresses(addresses);
-    verify(lb0).handleResolvedAddresses(addresses);
-    gracefulSwitchLb.handleNameResolutionError(Status.DATA_LOSS);
-    verify(lb0).handleNameResolutionError(Status.DATA_LOSS);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-    addresses = newFakeAddresses();
-    gracefulSwitchLb.handleResolvedAddresses(addresses);
-    verify(lb0, never()).handleResolvedAddresses(addresses);
-    verify(lb1).handleResolvedAddresses(addresses);
-    gracefulSwitchLb.handleNameResolutionError(Status.ALREADY_EXISTS);
-    verify(lb0, never()).handleNameResolutionError(Status.ALREADY_EXISTS);
-    verify(lb1).handleNameResolutionError(Status.ALREADY_EXISTS);
-
-    gracefulSwitchLb.switchTo(lbPolicies[2]);
-    verify(lb1).shutdown();
-    LoadBalancer lb2 = balancers.get(lbPolicies[2]);
-    addresses = newFakeAddresses();
-    gracefulSwitchLb.handleResolvedAddresses(addresses);
-    verify(lb0, never()).handleResolvedAddresses(addresses);
-    verify(lb1, never()).handleResolvedAddresses(addresses);
-    verify(lb2).handleResolvedAddresses(addresses);
-    gracefulSwitchLb.handleNameResolutionError(Status.CANCELLED);
-    verify(lb0, never()).handleNameResolutionError(Status.CANCELLED);
-    verify(lb1, never()).handleNameResolutionError(Status.CANCELLED);
-    verify(lb2).handleNameResolutionError(Status.CANCELLED);
-
-    verifyNoMoreInteractions(lb0, lb1, lb2);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_acceptResolvedAddressesAndNameResolutionErrorForwardedToLatestPolicy() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    ResolvedAddresses addresses = newFakeAddresses();
-    gracefulSwitchLb.acceptResolvedAddresses(addresses);
-    verify(lb0).acceptResolvedAddresses(addresses);
-    gracefulSwitchLb.handleNameResolutionError(Status.DATA_LOSS);
-    verify(lb0).handleNameResolutionError(Status.DATA_LOSS);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-    addresses = newFakeAddresses();
-    gracefulSwitchLb.acceptResolvedAddresses(addresses);
-    verify(lb0, never()).acceptResolvedAddresses(addresses);
-    verify(lb1).acceptResolvedAddresses(addresses);
-    gracefulSwitchLb.handleNameResolutionError(Status.ALREADY_EXISTS);
-    verify(lb0, never()).handleNameResolutionError(Status.ALREADY_EXISTS);
-    verify(lb1).handleNameResolutionError(Status.ALREADY_EXISTS);
-
-    gracefulSwitchLb.switchTo(lbPolicies[2]);
-    verify(lb1).shutdown();
-    LoadBalancer lb2 = balancers.get(lbPolicies[2]);
-    addresses = newFakeAddresses();
-    gracefulSwitchLb.acceptResolvedAddresses(addresses);
-    verify(lb0, never()).acceptResolvedAddresses(addresses);
-    verify(lb1, never()).acceptResolvedAddresses(addresses);
-    verify(lb2).acceptResolvedAddresses(addresses);
-    gracefulSwitchLb.handleNameResolutionError(Status.CANCELLED);
-    verify(lb0, never()).handleNameResolutionError(Status.CANCELLED);
-    verify(lb1, never()).handleNameResolutionError(Status.CANCELLED);
-    verify(lb2).handleNameResolutionError(Status.CANCELLED);
-
-    verifyNoMoreInteractions(lb0, lb1, lb2);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_shutdownTriggeredWhenSwitchAndForwardedWhenSwitchLbShutdown() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-    verify(lb1, never()).shutdown();
-
-    gracefulSwitchLb.switchTo(lbPolicies[2]);
-    verify(lb1).shutdown();
-    LoadBalancer lb2 = balancers.get(lbPolicies[2]);
-    verify(lb0, never()).shutdown();
-    helpers.get(lb2).updateBalancingState(READY, mock(SubchannelPicker.class));
-    verify(lb0).shutdown();
-
-    gracefulSwitchLb.switchTo(lbPolicies[3]);
-    LoadBalancer lb3 = balancers.get(lbPolicies[3]);
-    verify(lb2, never()).shutdown();
-    verify(lb3, never()).shutdown();
-
-    gracefulSwitchLb.shutdown();
-    verify(lb2).shutdown();
-    verify(lb3).shutdown();
-
-    verifyNoMoreInteractions(lb0, lb1, lb2, lb3);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_requestConnectionForwardedToLatestPolicies() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    gracefulSwitchLb.requestConnection();
-    verify(lb0).requestConnection();
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-    gracefulSwitchLb.requestConnection();
-    verify(lb1).requestConnection();
-
-    gracefulSwitchLb.switchTo(lbPolicies[2]);
-    verify(lb1).shutdown();
-    LoadBalancer lb2 = balancers.get(lbPolicies[2]);
-    gracefulSwitchLb.requestConnection();
-    verify(lb2).requestConnection();
-
-    // lb2 reports READY
-    helpers.get(lb2).updateBalancingState(READY, mock(SubchannelPicker.class));
-    verify(lb0).shutdown();
-
-    gracefulSwitchLb.requestConnection();
-    verify(lb2, times(2)).requestConnection();
-
-    gracefulSwitchLb.switchTo(lbPolicies[3]);
-    LoadBalancer lb3 = balancers.get(lbPolicies[3]);
-    gracefulSwitchLb.requestConnection();
-    verify(lb3).requestConnection();
-
-    verifyNoMoreInteractions(lb0, lb1, lb2, lb3);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_createSubchannelForwarded() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    CreateSubchannelArgs createSubchannelArgs = newFakeCreateSubchannelArgs();
-    helper0.createSubchannel(createSubchannelArgs);
-    verify(mockHelper).createSubchannel(createSubchannelArgs);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-    Helper helper1 = helpers.get(lb1);
-    createSubchannelArgs = newFakeCreateSubchannelArgs();
-    helper1.createSubchannel(createSubchannelArgs);
-    verify(mockHelper).createSubchannel(createSubchannelArgs);
-
-    createSubchannelArgs = newFakeCreateSubchannelArgs();
-    helper0.createSubchannel(createSubchannelArgs);
-    verify(mockHelper).createSubchannel(createSubchannelArgs);
-
-    verifyNoMoreInteractions(lb0, lb1);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_updateBalancingStateIsGraceful() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-    verify(mockHelper).updateBalancingState(READY, picker);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-    Helper helper1 = helpers.get(lb1);
-    picker = mock(SubchannelPicker.class);
-    helper1.updateBalancingState(CONNECTING, picker);
-    verify(mockHelper, never()).updateBalancingState(CONNECTING, picker);
-
-    gracefulSwitchLb.switchTo(lbPolicies[2]);
-    verify(lb1).shutdown();
-    LoadBalancer lb2 = balancers.get(lbPolicies[2]);
-    Helper helper2 = helpers.get(lb2);
-    picker = mock(SubchannelPicker.class);
-    helper2.updateBalancingState(CONNECTING, picker);
-    verify(mockHelper, never()).updateBalancingState(CONNECTING, picker);
-
-    // lb2 reports READY
-    SubchannelPicker picker2 = mock(SubchannelPicker.class);
-    helper2.updateBalancingState(READY, picker2);
-    verify(lb0).shutdown();
-    verify(mockHelper).updateBalancingState(READY, picker2);
-
-    gracefulSwitchLb.switchTo(lbPolicies[3]);
-    LoadBalancer lb3 = balancers.get(lbPolicies[3]);
-    Helper helper3 = helpers.get(lb3);
-    SubchannelPicker picker3 = mock(SubchannelPicker.class);
-    helper3.updateBalancingState(CONNECTING, picker3);
-    verify(mockHelper, never()).updateBalancingState(CONNECTING, picker3);
-
-    // lb2 out of READY
-    picker2 = mock(SubchannelPicker.class);
-    helper2.updateBalancingState(CONNECTING, picker2);
-    verify(mockHelper, never()).updateBalancingState(CONNECTING, picker2);
-    verify(mockHelper).updateBalancingState(CONNECTING, picker3);
-    verify(lb2).shutdown();
-
-    picker3 = mock(SubchannelPicker.class);
-    helper3.updateBalancingState(CONNECTING, picker3);
-    verify(mockHelper).updateBalancingState(CONNECTING, picker3);
-
-    verifyNoMoreInteractions(lb0, lb1, lb2, lb3);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_switchWhileOldPolicyIsNotReady() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-    picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(CONNECTING, picker);
-
-    verify(lb0, never()).shutdown();
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    verify(lb0).shutdown();
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-
-    Helper helper1 = helpers.get(lb1);
-    picker = mock(SubchannelPicker.class);
-    helper1.updateBalancingState(CONNECTING, picker);
-    verify(mockHelper).updateBalancingState(CONNECTING, picker);
-
-    verify(lb1, never()).shutdown();
-    gracefulSwitchLb.switchTo(lbPolicies[2]);
-    verify(lb1).shutdown();
-    LoadBalancer lb2 = balancers.get(lbPolicies[2]);
-
-    verifyNoMoreInteractions(lb0, lb1, lb2);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_switchWhileOldPolicyGoesFromReadyToNotReady() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    verify(lb0, never()).shutdown();
-
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-    Helper helper1 = helpers.get(lb1);
-    SubchannelPicker picker1 = mock(SubchannelPicker.class);
-    helper1.updateBalancingState(CONNECTING, picker1);
-    verify(mockHelper, never()).updateBalancingState(CONNECTING, picker1);
-
-    picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(CONNECTING, picker);
-    verify(lb0).shutdown();
-    verify(mockHelper, never()).updateBalancingState(CONNECTING, picker);
-    verify(mockHelper).updateBalancingState(CONNECTING, picker1);
-
-    picker1 = mock(SubchannelPicker.class);
-    helper1.updateBalancingState(READY, picker1);
-    verify(mockHelper).updateBalancingState(READY, picker1);
-
-    verifyNoMoreInteractions(lb0, lb1);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_switchWhileOldPolicyGoesFromReadyToNotReadyWhileNewPolicyStillIdle() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    InOrder inOrder = inOrder(lb0, mockHelper);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    verify(lb0, never()).shutdown();
-
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-    Helper helper1 = helpers.get(lb1);
-
-    picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(CONNECTING, picker);
-
-    verify(mockHelper, never()).updateBalancingState(CONNECTING, picker);
-    inOrder.verify(mockHelper).updateBalancingState(CONNECTING, BUFFER_PICKER);
-    inOrder.verify(lb0).shutdown(); // shutdown after update
-
-    picker = mock(SubchannelPicker.class);
-    helper1.updateBalancingState(CONNECTING, picker);
-    inOrder.verify(mockHelper).updateBalancingState(CONNECTING, picker);
-
-    inOrder.verifyNoMoreInteractions();
-    verifyNoMoreInteractions(lb1);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_newPolicyNameTheSameAsPendingPolicy_shouldHaveNoEffect() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    assertThat(balancers.get(lbPolicies[1])).isSameInstanceAs(lb1);
-
-    verifyNoMoreInteractions(lb0, lb1);
-  }
-
-  @Test
-  @Deprecated
-  public void switchTo_newPolicyNameTheSameAsCurrentPolicy_shouldShutdownPendingLb() {
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    LoadBalancer lb0 = balancers.get(lbPolicies[0]);
-
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    assertThat(balancers.get(lbPolicies[0])).isSameInstanceAs(lb0);
-
-    Helper helper0 = helpers.get(lb0);
-    SubchannelPicker picker = mock(SubchannelPicker.class);
-    helper0.updateBalancingState(READY, picker);
-
-    gracefulSwitchLb.switchTo(lbPolicies[1]);
-    LoadBalancer lb1 = balancers.get(lbPolicies[1]);
-
-    gracefulSwitchLb.switchTo(lbPolicies[0]);
-    verify(lb1).shutdown();
-    assertThat(balancers.get(lbPolicies[0])).isSameInstanceAs(lb0);
-
-    verifyNoMoreInteractions(lb0, lb1);
-  }
-
-
-  @Test
-  @Deprecated
-  public void switchTo_newLbFactoryEqualToOldOneShouldHaveNoEffect() {
-    final List<LoadBalancer> balancers = new ArrayList<>();
-
-    final class LoadBalancerFactoryWithId extends LoadBalancer.Factory {
-      final int id;
-
-      LoadBalancerFactoryWithId(int id) {
-        this.id = id;
-      }
-
-      @Override
-      public LoadBalancer newLoadBalancer(Helper helper) {
-        LoadBalancer balancer = mock(LoadBalancer.class);
-        balancers.add(balancer);
-        return balancer;
-      }
-
-      @Override
-      public boolean equals(Object o) {
-        if (!(o instanceof LoadBalancerFactoryWithId)) {
-          return false;
-        }
-        LoadBalancerFactoryWithId that = (LoadBalancerFactoryWithId) o;
-        return id == that.id;
-      }
-
-      @Override
-      public int hashCode() {
-        return id;
-      }
-    }
-
-    gracefulSwitchLb.switchTo(new LoadBalancerFactoryWithId(0));
-    assertThat(balancers).hasSize(1);
-    LoadBalancer lb0 = balancers.get(0);
-
-    gracefulSwitchLb.switchTo(new LoadBalancerFactoryWithId(0));
-    assertThat(balancers).hasSize(1);
-
-    gracefulSwitchLb.switchTo(new LoadBalancerFactoryWithId(1));
-    assertThat(balancers).hasSize(2);
-    LoadBalancer lb1 = balancers.get(1);
-    verify(lb0).shutdown();
-
-    verifyNoMoreInteractions(lb0, lb1);
-  }
-
-  // END OF OLD TESTS
-
   @Test
   public void transientFailureOnInitialResolutionError() {
     gracefulSwitchLb.handleNameResolutionError(Status.DATA_LOSS);

From 110c1ff0d66b9420f735ca8d738ed60483e0aa01 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 20 Feb 2025 15:13:53 -0800
Subject: [PATCH 197/591] xds: Use acceptResolvedAddresses() for PriorityLb
 children

PriorityLb should propagate config problems up to the name resolver so
it can refresh.
---
 .../io/grpc/xds/PriorityLoadBalancer.java     |  41 ++--
 .../io/grpc/xds/PriorityLoadBalancerTest.java | 199 ++++++++++++++++--
 2 files changed, 207 insertions(+), 33 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java b/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
index 259ae7406c1..845c167a643 100644
--- a/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
@@ -91,6 +91,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     checkNotNull(config, "missing priority lb config");
     priorityNames = config.priorities;
     priorityConfigs = config.childConfigs;
+    Status status = Status.OK;
     Set<String> prioritySet = new HashSet<>(config.priorities);
     ArrayList<String> childKeys = new ArrayList<>(children.keySet());
     for (String priority : childKeys) {
@@ -105,12 +106,18 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     for (String priority : priorityNames) {
       ChildLbState childLbState = children.get(priority);
       if (childLbState != null) {
-        childLbState.updateResolvedAddresses();
+        Status newStatus = childLbState.updateResolvedAddresses();
+        if (!newStatus.isOk()) {
+          status = newStatus;
+        }
       }
     }
     handlingResolvedAddresses = false;
-    tryNextPriority();
-    return Status.OK;
+    Status newStatus = tryNextPriority();
+    if (!newStatus.isOk()) {
+      status = newStatus;
+    }
+    return status;
   }
 
   @Override
@@ -140,7 +147,7 @@ public void shutdown() {
     children.clear();
   }
 
-  private void tryNextPriority() {
+  private Status tryNextPriority() {
     for (int i = 0; i < priorityNames.size(); i++) {
       String priority = priorityNames.get(i);
       if (!children.containsKey(priority)) {
@@ -151,8 +158,7 @@ private void tryNextPriority() {
         // Calling the child's updateResolvedAddresses() can result in tryNextPriority() being
         // called recursively. We need to be sure to be done with processing here before it is
         // called.
-        child.updateResolvedAddresses();
-        return; // Give priority i time to connect.
+        return child.updateResolvedAddresses(); // Give priority i time to connect.
       }
       ChildLbState child = children.get(priority);
       child.reactivate();
@@ -165,16 +171,16 @@ private void tryNextPriority() {
             children.get(p).deactivate();
           }
         }
-        return;
+        return Status.OK;
       }
       if (child.failOverTimer != null && child.failOverTimer.isPending()) {
         updateOverallState(priority, child.connectivityState, child.picker);
-        return; // Give priority i time to connect.
+        return Status.OK; // Give priority i time to connect.
       }
       if (priority.equals(currentPriority) && child.connectivityState != TRANSIENT_FAILURE) {
         // If the current priority is not changed into TRANSIENT_FAILURE, keep using it.
         updateOverallState(priority, child.connectivityState, child.picker);
-        return;
+        return Status.OK;
       }
     }
     // TODO(zdapeng): Include error details of each priority.
@@ -182,6 +188,7 @@ private void tryNextPriority() {
     String lastPriority = priorityNames.get(priorityNames.size() - 1);
     SubchannelPicker errorPicker = children.get(lastPriority).picker;
     updateOverallState(lastPriority, TRANSIENT_FAILURE, errorPicker);
+    return Status.OK;
   }
 
   private void updateOverallState(
@@ -228,7 +235,11 @@ public void run() {
             Status.UNAVAILABLE.withDescription("Connection timeout for priority " + priority)));
         logger.log(XdsLogLevel.DEBUG, "Priority {0} failed over to next", priority);
         currentPriority = null; // reset currentPriority to guarantee failover happen
-        tryNextPriority();
+        Status status = tryNextPriority();
+        if (!status.isOk()) {
+          // A child had a problem with the addresses/config. Request it to be refreshed
+          helper.refreshNameResolution();
+        }
       }
     }
 
@@ -279,10 +290,10 @@ void tearDown() {
      * resolvedAddresses}, or when priority lb receives a new resolved addresses while the child
      * already exists.
      */
-    void updateResolvedAddresses() {
+    Status updateResolvedAddresses() {
       PriorityLbConfig config =
           (PriorityLbConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
-      lb.handleResolvedAddresses(
+      return lb.acceptResolvedAddresses(
           resolvedAddresses.toBuilder()
               .setAddresses(AddressFilter.filter(resolvedAddresses.getAddresses(), priority))
               .setLoadBalancingPolicyConfig(config.childConfigs.get(priority).childConfig)
@@ -331,7 +342,11 @@ public void updateBalancingState(final ConnectivityState newState,
         // If we are currently handling newly resolved addresses, let's not try to reconfigure as
         // the address handling process will take care of that to provide an atomic config update.
         if (!handlingResolvedAddresses) {
-          tryNextPriority();
+          Status status = tryNextPriority();
+          if (!status.isOk()) {
+            // A child had a problem with the addresses/config. Request it to be refreshed
+            helper.refreshNameResolution();
+          }
         }
       }
 
diff --git a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
index fafcd4d674a..9823501dcd9 100644
--- a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
@@ -33,6 +33,7 @@
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
@@ -97,6 +98,8 @@ public void uncaughtException(Thread t, Throwable e) {
         public LoadBalancer newLoadBalancer(Helper helper) {
           fooHelpers.add(helper);
           LoadBalancer childBalancer = mock(LoadBalancer.class);
+          when(childBalancer.acceptResolvedAddresses(any(ResolvedAddresses.class)))
+              .thenReturn(Status.OK);
           fooBalancers.add(childBalancer);
           return childBalancer;
         }
@@ -107,6 +110,8 @@ public LoadBalancer newLoadBalancer(Helper helper) {
         @Override
         public LoadBalancer newLoadBalancer(Helper helper) {
           LoadBalancer childBalancer = mock(LoadBalancer.class);
+          when(childBalancer.acceptResolvedAddresses(any(ResolvedAddresses.class)))
+              .thenReturn(Status.OK);
           barBalancers.add(childBalancer);
           return childBalancer;
         }
@@ -141,7 +146,7 @@ public void tearDown() {
   }
 
   @Test
-  public void handleResolvedAddresses() {
+  public void acceptResolvedAddresses() {
     SocketAddress socketAddress = new InetSocketAddress(8080);
     EquivalentAddressGroup eag = new EquivalentAddressGroup(socketAddress);
     eag = AddressFilter.setPathFilter(eag, ImmutableList.of("p1"));
@@ -162,16 +167,17 @@ public void handleResolvedAddresses() {
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1,
                 "p2", priorityChildConfig2),
             ImmutableList.of("p0", "p1", "p2"));
-    priorityLb.handleResolvedAddresses(
+    Status status = priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(addresses)
             .setAttributes(attributes)
             .setLoadBalancingPolicyConfig(priorityLbConfig)
             .build());
+    assertThat(status.getCode()).isEqualTo(Status.Code.OK);
     assertThat(fooBalancers).hasSize(1);
     assertThat(barBalancers).isEmpty();
     LoadBalancer fooBalancer0 = Iterables.getOnlyElement(fooBalancers);
-    verify(fooBalancer0).handleResolvedAddresses(resolvedAddressesCaptor.capture());
+    verify(fooBalancer0).acceptResolvedAddresses(resolvedAddressesCaptor.capture());
     ResolvedAddresses addressesReceived = resolvedAddressesCaptor.getValue();
     assertThat(addressesReceived.getAddresses()).isEmpty();
     assertThat(addressesReceived.getAttributes()).isEqualTo(attributes);
@@ -182,7 +188,7 @@ public void handleResolvedAddresses() {
     assertThat(fooBalancers).hasSize(1);
     assertThat(barBalancers).hasSize(1);
     LoadBalancer barBalancer0 = Iterables.getOnlyElement(barBalancers);
-    verify(barBalancer0).handleResolvedAddresses(resolvedAddressesCaptor.capture());
+    verify(barBalancer0).acceptResolvedAddresses(resolvedAddressesCaptor.capture());
     addressesReceived = resolvedAddressesCaptor.getValue();
     assertThat(Iterables.getOnlyElement(addressesReceived.getAddresses()).getAddresses())
         .containsExactly(socketAddress);
@@ -194,7 +200,7 @@ public void handleResolvedAddresses() {
     assertThat(fooBalancers).hasSize(2);
     assertThat(barBalancers).hasSize(1);
     LoadBalancer fooBalancer1 = Iterables.getLast(fooBalancers);
-    verify(fooBalancer1).handleResolvedAddresses(resolvedAddressesCaptor.capture());
+    verify(fooBalancer1).acceptResolvedAddresses(resolvedAddressesCaptor.capture());
     addressesReceived = resolvedAddressesCaptor.getValue();
     assertThat(addressesReceived.getAddresses()).isEmpty();
     assertThat(addressesReceived.getAttributes()).isEqualTo(attributes);
@@ -211,14 +217,15 @@ public void handleResolvedAddresses() {
             ImmutableMap.of("p1",
                 new PriorityChildConfig(newChildConfig(barLbProvider, newBarConfig), true)),
             ImmutableList.of("p1"));
-    priorityLb.handleResolvedAddresses(
+    status = priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(newAddresses)
             .setLoadBalancingPolicyConfig(newPriorityLbConfig)
             .build());
+    assertThat(status.getCode()).isEqualTo(Status.Code.OK);
     assertThat(fooBalancers).hasSize(2);
     assertThat(barBalancers).hasSize(1);
-    verify(barBalancer0, times(2)).handleResolvedAddresses(resolvedAddressesCaptor.capture());
+    verify(barBalancer0, times(2)).acceptResolvedAddresses(resolvedAddressesCaptor.capture());
     addressesReceived = resolvedAddressesCaptor.getValue();
     assertThat(Iterables.getOnlyElement(addressesReceived.getAddresses()).getAddresses())
         .containsExactly(newSocketAddress);
@@ -232,6 +239,60 @@ public void handleResolvedAddresses() {
     verify(barBalancer0, never()).shutdown();
   }
 
+  @Test
+  public void acceptResolvedAddresses_propagatesChildFailures() {
+    LoadBalancerProvider lbProvider = new CannedLoadBalancer.Provider();
+    CannedLoadBalancer.Config internalTf = new CannedLoadBalancer.Config(
+        Status.INTERNAL, TRANSIENT_FAILURE);
+    CannedLoadBalancer.Config okTf = new CannedLoadBalancer.Config(Status.OK, TRANSIENT_FAILURE);
+    ResolvedAddresses resolvedAddresses = ResolvedAddresses.newBuilder()
+        .setAddresses(ImmutableList.of())
+        .setAttributes(Attributes.EMPTY)
+        .build();
+
+    // tryNewPriority() propagates status
+    Status status = priorityLb.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder()
+          .setLoadBalancingPolicyConfig(new PriorityLbConfig(
+            ImmutableMap.of(
+                "p0", newPriorityChildConfig(lbProvider, internalTf, true)),
+            ImmutableList.of("p0")))
+          .build());
+    assertThat(status.getCode()).isNotEqualTo(Status.Code.OK);
+
+    // Updating a child propagates status
+    status = priorityLb.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder()
+          .setLoadBalancingPolicyConfig(new PriorityLbConfig(
+            ImmutableMap.of(
+                "p0", newPriorityChildConfig(lbProvider, internalTf, true)),
+            ImmutableList.of("p0")))
+          .build());
+    assertThat(status.getCode()).isNotEqualTo(Status.Code.OK);
+
+    // A single pre-existing child failure propagates
+    status = priorityLb.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder()
+          .setLoadBalancingPolicyConfig(new PriorityLbConfig(
+            ImmutableMap.of(
+                "p0", newPriorityChildConfig(lbProvider, okTf, true),
+                "p1", newPriorityChildConfig(lbProvider, okTf, true),
+                "p2", newPriorityChildConfig(lbProvider, okTf, true)),
+            ImmutableList.of("p0", "p1", "p2")))
+          .build());
+    assertThat(status.getCode()).isEqualTo(Status.Code.OK);
+    status = priorityLb.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder()
+          .setLoadBalancingPolicyConfig(new PriorityLbConfig(
+            ImmutableMap.of(
+                "p0", newPriorityChildConfig(lbProvider, okTf, true),
+                "p1", newPriorityChildConfig(lbProvider, internalTf, true),
+                "p2", newPriorityChildConfig(lbProvider, okTf, true)),
+            ImmutableList.of("p0", "p1", "p2")))
+          .build());
+    assertThat(status.getCode()).isNotEqualTo(Status.Code.OK);
+  }
+
   @Test
   public void handleNameResolutionError() {
     Object fooConfig0 = new Object();
@@ -243,7 +304,7 @@ public void handleNameResolutionError() {
 
     PriorityLbConfig priorityLbConfig =
         new PriorityLbConfig(ImmutableMap.of("p0", priorityChildConfig0), ImmutableList.of("p0"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -255,7 +316,7 @@ public void handleNameResolutionError() {
 
     priorityLbConfig =
         new PriorityLbConfig(ImmutableMap.of("p1", priorityChildConfig1), ImmutableList.of("p1"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -286,7 +347,7 @@ public void typicalPriorityFailOverFlow() {
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1,
                 "p2", priorityChildConfig2, "p3", priorityChildConfig3),
             ImmutableList.of("p0", "p1", "p2", "p3"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -419,7 +480,7 @@ public void idleToConnectingDoesNotTriggerFailOver() {
         new PriorityLbConfig(
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1),
             ImmutableList.of("p0", "p1"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -455,7 +516,7 @@ public void connectingResetFailOverIfSeenReadyOrIdleSinceTransientFailure() {
         new PriorityLbConfig(
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1),
             ImmutableList.of("p0", "p1"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -497,7 +558,7 @@ public void readyToConnectDoesNotFailOverButUpdatesPicker() {
         new PriorityLbConfig(
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1),
             ImmutableList.of("p0", "p1"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -530,7 +591,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
 
     // resolution update without priority change does not trigger failover
     Attributes.Key<String> fooKey = Attributes.Key.create("fooKey");
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -559,7 +620,7 @@ public void typicalPriorityFailOverFlowWithIdleUpdate() {
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1,
                 "p2", priorityChildConfig2, "p3", priorityChildConfig3),
             ImmutableList.of("p0", "p1", "p2", "p3"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -652,6 +713,55 @@ public void typicalPriorityFailOverFlowWithIdleUpdate() {
     verify(balancer3).shutdown();
   }
 
+  @Test
+  public void failover_propagatesChildFailures() {
+    LoadBalancerProvider lbProvider = new CannedLoadBalancer.Provider();
+    ResolvedAddresses resolvedAddresses = ResolvedAddresses.newBuilder()
+        .setAddresses(ImmutableList.of())
+        .setAttributes(Attributes.EMPTY)
+        .build();
+
+    Status status = priorityLb.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder()
+          .setLoadBalancingPolicyConfig(new PriorityLbConfig(
+            ImmutableMap.of(
+                "p0", newPriorityChildConfig(
+                    lbProvider, new CannedLoadBalancer.Config(Status.OK, TRANSIENT_FAILURE), true),
+                "p1", newPriorityChildConfig(
+                    lbProvider, new CannedLoadBalancer.Config(Status.INTERNAL, CONNECTING), true)),
+            ImmutableList.of("p0", "p1")))
+          .build());
+    // Since P1's activation wasn't noticed by the result status, it triggered name resolution
+    assertThat(status.getCode()).isEqualTo(Status.Code.OK);
+    verify(helper).refreshNameResolution();
+  }
+
+  @Test
+  public void failoverTimer_propagatesChildFailures() {
+    LoadBalancerProvider lbProvider = new CannedLoadBalancer.Provider();
+    ResolvedAddresses resolvedAddresses = ResolvedAddresses.newBuilder()
+        .setAddresses(ImmutableList.of())
+        .setAttributes(Attributes.EMPTY)
+        .build();
+
+    Status status = priorityLb.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder()
+          .setLoadBalancingPolicyConfig(new PriorityLbConfig(
+            ImmutableMap.of(
+                "p0", newPriorityChildConfig(
+                    lbProvider, new CannedLoadBalancer.Config(Status.OK, CONNECTING), true),
+                "p1", newPriorityChildConfig(
+                    lbProvider, new CannedLoadBalancer.Config(Status.INTERNAL, CONNECTING), true)),
+            ImmutableList.of("p0", "p1")))
+          .build());
+    assertThat(status.getCode()).isEqualTo(Status.Code.OK);
+
+    // P1's activation will refresh name resolution
+    verify(helper, never()).refreshNameResolution();
+    fakeClock.forwardTime(10, TimeUnit.SECONDS);
+    verify(helper).refreshNameResolution();
+  }
+
   @Test
   public void bypassReresolutionRequestsIfConfiged() {
     PriorityChildConfig priorityChildConfig0 =
@@ -662,7 +772,7 @@ public void bypassReresolutionRequestsIfConfiged() {
         new PriorityLbConfig(
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1),
             ImmutableList.of("p0", "p1"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -690,7 +800,7 @@ public void raceBetweenShutdownAndChildLbBalancingStateUpdate() {
         new PriorityLbConfig(
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1),
             ImmutableList.of("p0", "p1"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -717,7 +827,7 @@ public void noDuplicateOverallBalancingStateUpdate() {
         new PriorityLbConfig(
             ImmutableMap.of("p0", priorityChildConfig0),
             ImmutableList.of("p0"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -727,7 +837,7 @@ public void noDuplicateOverallBalancingStateUpdate() {
         new PriorityLbConfig(
             ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1),
             ImmutableList.of("p0", "p1"));
-    priorityLb.handleResolvedAddresses(
+    priorityLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
@@ -769,6 +879,11 @@ private Object newChildConfig(LoadBalancerProvider provider, Object config) {
     return GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(provider, config);
   }
 
+  private PriorityChildConfig newPriorityChildConfig(
+      LoadBalancerProvider provider, Object config, boolean ignoreRefresh) {
+    return new PriorityChildConfig(newChildConfig(provider, config), ignoreRefresh);
+  }
+
   private static class FakeLoadBalancerProvider extends LoadBalancerProvider {
 
     @Override
@@ -801,9 +916,10 @@ static class FakeLoadBalancer extends LoadBalancer {
     }
 
     @Override
-    public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       helper.updateBalancingState(
           TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(Status.INTERNAL)));
+      return Status.OK;
     }
 
     @Override
@@ -814,4 +930,47 @@ public void handleNameResolutionError(Status error) {
     public void shutdown() {
     }
   }
+
+  static final class CannedLoadBalancer extends LoadBalancer {
+    private final Helper helper;
+
+    private CannedLoadBalancer(Helper helper) {
+      this.helper = helper;
+    }
+
+    @Override
+    public Status acceptResolvedAddresses(ResolvedAddresses addresses) {
+      Config config = (Config) addresses.getLoadBalancingPolicyConfig();
+      helper.updateBalancingState(
+          config.state, new FixedResultPicker(PickResult.withError(Status.INTERNAL)));
+      return config.resolvedAddressesResult;
+    }
+
+    @Override
+    public void handleNameResolutionError(Status status) {}
+
+    @Override
+    public void shutdown() {}
+
+    static final class Provider extends StandardLoadBalancerProvider {
+      public Provider() {
+        super("echo");
+      }
+
+      @Override
+      public LoadBalancer newLoadBalancer(Helper helper) {
+        return new CannedLoadBalancer(helper);
+      }
+    }
+
+    static final class Config {
+      final Status resolvedAddressesResult;
+      final ConnectivityState state;
+
+      public Config(Status resolvedAddressesResult, ConnectivityState state) {
+        this.resolvedAddressesResult = resolvedAddressesResult;
+        this.state = state;
+      }
+    }
+  }
 }

From 57124d6b29d180de2ab7f21baeb4a2246e490c1a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 20 Feb 2025 15:48:12 -0800
Subject: [PATCH 198/591] Use acceptResolvedAddresses() in easy cases

We want to move away from handleResolvedAddresses(). These are "easy" in
that they need no logic. LBs extending ForwardingLoadBalancer had the
method duplicated from handleResolvedAddresses() and swapped away from
`super` because ForwardingLoadBalancer only forwards
handleResolvedAddresses() reliably today. Duplicating small methods was
less bug-prone than dealing with ForwardingLoadBalancer.
---
 .../RpcBehaviorLoadBalancerProvider.java      |  7 ++
 .../RpcBehaviorLoadBalancerProviderTest.java  |  9 ++
 .../HealthCheckingLoadBalancerFactory.java    | 13 ++-
 ...HealthCheckingLoadBalancerFactoryTest.java | 97 ++++++++++---------
 .../util/OutlierDetectionLoadBalancer.java    |  3 +-
 .../OutlierDetectionLoadBalancerTest.java     |  2 +-
 .../io/grpc/xds/WrrLocalityLoadBalancer.java  |  4 +-
 .../java/io/grpc/xds/orca/OrcaOobUtil.java    |  2 +-
 .../xds/ClusterManagerLoadBalancerTest.java   |  2 +-
 .../xds/MetadataLoadBalancerProvider.java     |  8 ++
 .../grpc/xds/WrrLocalityLoadBalancerTest.java | 10 +-
 11 files changed, 95 insertions(+), 62 deletions(-)

diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProvider.java b/interop-testing/src/main/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProvider.java
index 83c416765ec..65f1c46892b 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProvider.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProvider.java
@@ -116,6 +116,13 @@ public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
           ((RpcBehaviorConfig) resolvedAddresses.getLoadBalancingPolicyConfig()).rpcBehavior);
       delegateLb.handleResolvedAddresses(resolvedAddresses);
     }
+
+    @Override
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+      helper.setRpcBehavior(
+          ((RpcBehaviorConfig) resolvedAddresses.getLoadBalancingPolicyConfig()).rpcBehavior);
+      return delegateLb.acceptResolvedAddresses(resolvedAddresses);
+    }
   }
 
   /**
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProviderTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProviderTest.java
index 02ede46bcdd..f17ea059211 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProviderTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProviderTest.java
@@ -87,6 +87,15 @@ public void handleResolvedAddressesDelegated() {
     verify(mockDelegateLb).handleResolvedAddresses(resolvedAddresses);
   }
 
+  @Test
+  public void acceptResolvedAddressesDelegated() {
+    RpcBehaviorLoadBalancer lb = new RpcBehaviorLoadBalancer(new RpcBehaviorHelper(mockHelper),
+        mockDelegateLb);
+    ResolvedAddresses resolvedAddresses = buildResolvedAddresses(buildConfig());
+    lb.acceptResolvedAddresses(resolvedAddresses);
+    verify(mockDelegateLb).acceptResolvedAddresses(resolvedAddresses);
+  }
+
   @Test
   public void helperWrapsPicker() {
     RpcBehaviorHelper helper = new RpcBehaviorHelper(mockHelper);
diff --git a/services/src/main/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactory.java b/services/src/main/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactory.java
index cac522caf9e..8cf1458f5dc 100644
--- a/services/src/main/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactory.java
+++ b/services/src/main/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactory.java
@@ -194,7 +194,18 @@ public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
               .get(LoadBalancer.ATTR_HEALTH_CHECKING_CONFIG);
       String serviceName = ServiceConfigUtil.getHealthCheckedServiceName(healthCheckingConfig);
       helper.setHealthCheckedService(serviceName);
-      super.handleResolvedAddresses(resolvedAddresses);
+      delegate.handleResolvedAddresses(resolvedAddresses);
+    }
+
+    @Override
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+      Map<String, ?> healthCheckingConfig =
+          resolvedAddresses
+              .getAttributes()
+              .get(LoadBalancer.ATTR_HEALTH_CHECKING_CONFIG);
+      String serviceName = ServiceConfigUtil.getHealthCheckedServiceName(healthCheckingConfig);
+      helper.setHealthCheckedService(serviceName);
+      return delegate.acceptResolvedAddresses(resolvedAddresses);
     }
 
     @Override
diff --git a/services/src/test/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactoryTest.java b/services/src/test/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactoryTest.java
index 08a33106fb9..a49c426f7e1 100644
--- a/services/src/test/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactoryTest.java
+++ b/services/src/test/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactoryTest.java
@@ -206,15 +206,16 @@ public void setup() throws Exception {
         boolean shutdown;
 
         @Override
-        public void handleResolvedAddresses(final ResolvedAddresses resolvedAddresses) {
+        public Status acceptResolvedAddresses(final ResolvedAddresses resolvedAddresses) {
           syncContext.execute(new Runnable() {
               @Override
               public void run() {
                 if (!shutdown) {
-                  hcLb.handleResolvedAddresses(resolvedAddresses);
+                  hcLb.acceptResolvedAddresses(resolvedAddresses);
                 }
               }
             });
+          return Status.OK;
         }
 
         @Override
@@ -264,9 +265,9 @@ public void typicalWorkflow() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result);
+    hcLbEventDelivery.acceptResolvedAddresses(result);
 
-    verify(origLb).handleResolvedAddresses(result);
+    verify(origLb).acceptResolvedAddresses(result);
     verify(origHelper, atLeast(0)).getSynchronizationContext();
     verify(origHelper, atLeast(0)).getScheduledExecutorService();
     verifyNoMoreInteractions(origHelper);
@@ -404,9 +405,9 @@ public void healthCheckDisabledWhenServiceNotImplemented() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result);
+    hcLbEventDelivery.acceptResolvedAddresses(result);
 
-    verify(origLb).handleResolvedAddresses(result);
+    verify(origLb).acceptResolvedAddresses(result);
     verifyNoMoreInteractions(origLb);
 
     // We create 2 Subchannels. One of them connects to a server that doesn't implement health check
@@ -489,9 +490,9 @@ public void backoffRetriesWhenServerErroneouslyClosesRpcBeforeAnyResponse() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result);
+    hcLbEventDelivery.acceptResolvedAddresses(result);
 
-    verify(origLb).handleResolvedAddresses(result);
+    verify(origLb).acceptResolvedAddresses(result);
     verifyNoMoreInteractions(origLb);
 
     SubchannelStateListener mockHealthListener = mockHealthListeners[0];
@@ -567,9 +568,9 @@ public void serverRespondResetsBackoff() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result);
+    hcLbEventDelivery.acceptResolvedAddresses(result);
 
-    verify(origLb).handleResolvedAddresses(result);
+    verify(origLb).acceptResolvedAddresses(result);
     verifyNoMoreInteractions(origLb);
 
     SubchannelStateListener mockStateListener = mockStateListeners[0];
@@ -667,9 +668,9 @@ public void serviceConfigHasNoHealthCheckingInitiallyButDoesLater() {
         .setAddresses(resolvedAddressList)
         .setAttributes(Attributes.EMPTY)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
 
-    verify(origLb).handleResolvedAddresses(result1);
+    verify(origLb).acceptResolvedAddresses(result1);
     verifyNoMoreInteractions(origLb);
 
     // First, create Subchannels 0
@@ -688,8 +689,8 @@ public void serviceConfigHasNoHealthCheckingInitiallyButDoesLater() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result2);
-    verify(origLb).handleResolvedAddresses(result2);
+    hcLbEventDelivery.acceptResolvedAddresses(result2);
+    verify(origLb).acceptResolvedAddresses(result2);
 
     // Health check started on existing Subchannel
     assertThat(healthImpls[0].calls).hasSize(1);
@@ -711,9 +712,9 @@ public void serviceConfigDisablesHealthCheckWhenRpcActive() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
 
-    verify(origLb).handleResolvedAddresses(result1);
+    verify(origLb).acceptResolvedAddresses(result1);
     verifyNoMoreInteractions(origLb);
 
     Subchannel subchannel = createSubchannel(0, Attributes.EMPTY, maybeGetMockListener());
@@ -738,7 +739,7 @@ public void serviceConfigDisablesHealthCheckWhenRpcActive() {
         .setAddresses(resolvedAddressList)
         .setAttributes(Attributes.EMPTY)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result2);
+    hcLbEventDelivery.acceptResolvedAddresses(result2);
 
     // Health check RPC cancelled.
     assertThat(serverCall.cancelled).isTrue();
@@ -746,7 +747,7 @@ public void serviceConfigDisablesHealthCheckWhenRpcActive() {
     inOrder.verify(getMockListener()).onSubchannelState(
         eq(ConnectivityStateInfo.forNonError(READY)));
 
-    inOrder.verify(origLb).handleResolvedAddresses(result2);
+    inOrder.verify(origLb).acceptResolvedAddresses(result2);
 
     verifyNoMoreInteractions(origLb, mockStateListeners[0]);
     assertThat(healthImpl.calls).isEmpty();
@@ -759,9 +760,9 @@ public void serviceConfigDisablesHealthCheckWhenRetryPending() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result);
+    hcLbEventDelivery.acceptResolvedAddresses(result);
 
-    verify(origLb).handleResolvedAddresses(result);
+    verify(origLb).acceptResolvedAddresses(result);
     verifyNoMoreInteractions(origLb);
 
     SubchannelStateListener mockHealthListener = mockHealthListeners[0];
@@ -793,7 +794,7 @@ public void serviceConfigDisablesHealthCheckWhenRetryPending() {
         .setAddresses(resolvedAddressList)
         .setAttributes(Attributes.EMPTY)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result2);
+    hcLbEventDelivery.acceptResolvedAddresses(result2);
 
     // Retry timer is cancelled
     assertThat(clock.getPendingTasks()).isEmpty();
@@ -805,7 +806,7 @@ public void serviceConfigDisablesHealthCheckWhenRetryPending() {
     inOrder.verify(getMockListener()).onSubchannelState(
         eq(ConnectivityStateInfo.forNonError(READY)));
 
-    inOrder.verify(origLb).handleResolvedAddresses(result2);
+    inOrder.verify(origLb).acceptResolvedAddresses(result2);
 
     verifyNoMoreInteractions(origLb, mockStateListeners[0]);
   }
@@ -817,9 +818,9 @@ public void serviceConfigDisablesHealthCheckWhenRpcInactive() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
 
-    verify(origLb).handleResolvedAddresses(result1);
+    verify(origLb).acceptResolvedAddresses(result1);
     verifyNoMoreInteractions(origLb);
 
     Subchannel subchannel = createSubchannel(0, Attributes.EMPTY, maybeGetMockListener());
@@ -842,9 +843,9 @@ public void serviceConfigDisablesHealthCheckWhenRpcInactive() {
         .setAddresses(resolvedAddressList)
         .setAttributes(Attributes.EMPTY)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result2);
+    hcLbEventDelivery.acceptResolvedAddresses(result2);
 
-    inOrder.verify(origLb).handleResolvedAddresses(result2);
+    inOrder.verify(origLb).acceptResolvedAddresses(result2);
 
     // Underlying subchannel is now ready
     deliverSubchannelState(0, ConnectivityStateInfo.forNonError(READY));
@@ -870,9 +871,9 @@ public void serviceConfigChangesServiceNameWhenRpcActive() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
 
-    verify(origLb).handleResolvedAddresses(result1);
+    verify(origLb).acceptResolvedAddresses(result1);
     verifyNoMoreInteractions(origLb);
 
     SubchannelStateListener mockHealthListener = mockHealthListeners[0];
@@ -900,9 +901,9 @@ public void serviceConfigChangesServiceNameWhenRpcActive() {
         eq(ConnectivityStateInfo.forNonError(READY)));
 
     // Service config returns with the same health check name.
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
     // It's delivered to origLb, but nothing else happens
-    inOrder.verify(origLb).handleResolvedAddresses(result1);
+    inOrder.verify(origLb).acceptResolvedAddresses(result1);
     verifyNoMoreInteractions(origLb, mockListener);
 
     // Service config returns a different health check name.
@@ -911,8 +912,8 @@ public void serviceConfigChangesServiceNameWhenRpcActive() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result2);
-    inOrder.verify(origLb).handleResolvedAddresses(result2);
+    hcLbEventDelivery.acceptResolvedAddresses(result2);
+    inOrder.verify(origLb).acceptResolvedAddresses(result2);
 
     // Current health check RPC cancelled.
     assertThat(serverCall.cancelled).isTrue();
@@ -934,9 +935,9 @@ public void serviceConfigChangesServiceNameWhenRetryPending() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
 
-    verify(origLb).handleResolvedAddresses(result1);
+    verify(origLb).acceptResolvedAddresses(result1);
     verifyNoMoreInteractions(origLb);
 
     SubchannelStateListener mockHealthListener = mockHealthListeners[0];
@@ -969,9 +970,9 @@ public void serviceConfigChangesServiceNameWhenRetryPending() {
 
     // Service config returns with the same health check name.
 
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
     // It's delivered to origLb, but nothing else happens
-    inOrder.verify(origLb).handleResolvedAddresses(result1);
+    inOrder.verify(origLb).acceptResolvedAddresses(result1);
     verifyNoMoreInteractions(origLb, mockListener);
     assertThat(clock.getPendingTasks()).hasSize(1);
     assertThat(healthImpl.calls).isEmpty();
@@ -982,12 +983,12 @@ public void serviceConfigChangesServiceNameWhenRetryPending() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result2);
+    hcLbEventDelivery.acceptResolvedAddresses(result2);
     // Concluded CONNECTING state
     inOrder.verify(getMockListener()).onSubchannelState(
         eq(ConnectivityStateInfo.forNonError(CONNECTING)));
 
-    inOrder.verify(origLb).handleResolvedAddresses(result2);
+    inOrder.verify(origLb).acceptResolvedAddresses(result2);
 
     // Current retry timer cancelled
     assertThat(clock.getPendingTasks()).isEmpty();
@@ -1008,9 +1009,9 @@ public void serviceConfigChangesServiceNameWhenRpcInactive() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
 
-    verify(origLb).handleResolvedAddresses(result1);
+    verify(origLb).acceptResolvedAddresses(result1);
     verifyNoMoreInteractions(origLb);
 
     Subchannel subchannel = createSubchannel(0, Attributes.EMPTY, maybeGetMockListener());
@@ -1031,9 +1032,9 @@ public void serviceConfigChangesServiceNameWhenRpcInactive() {
     inOrder.verifyNoMoreInteractions();
 
     // Service config returns with the same health check name.
-    hcLbEventDelivery.handleResolvedAddresses(result1);
+    hcLbEventDelivery.acceptResolvedAddresses(result1);
     // It's delivered to origLb, but nothing else happens
-    inOrder.verify(origLb).handleResolvedAddresses(result1);
+    inOrder.verify(origLb).acceptResolvedAddresses(result1);
     assertThat(healthImpl.calls).isEmpty();
     verifyNoMoreInteractions(origLb);
 
@@ -1043,9 +1044,9 @@ public void serviceConfigChangesServiceNameWhenRpcInactive() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result2);
+    hcLbEventDelivery.acceptResolvedAddresses(result2);
 
-    inOrder.verify(origLb).handleResolvedAddresses(result2);
+    inOrder.verify(origLb).acceptResolvedAddresses(result2);
 
     // Underlying subchannel is now ready
     deliverSubchannelState(0, ConnectivityStateInfo.forNonError(READY));
@@ -1092,9 +1093,9 @@ public void balancerShutdown() {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result);
+    hcLbEventDelivery.acceptResolvedAddresses(result);
 
-    verify(origLb).handleResolvedAddresses(result);
+    verify(origLb).acceptResolvedAddresses(result);
     verifyNoMoreInteractions(origLb);
     ServerSideCall[] serverCalls = new ServerSideCall[NUM_SUBCHANNELS];
 
@@ -1172,8 +1173,8 @@ public LoadBalancer newLoadBalancer(Helper helper) {
         .setAddresses(resolvedAddressList)
         .setAttributes(resolutionAttrs)
         .build();
-    hcLbEventDelivery.handleResolvedAddresses(result);
-    verify(origLb).handleResolvedAddresses(result);
+    hcLbEventDelivery.acceptResolvedAddresses(result);
+    verify(origLb).acceptResolvedAddresses(result);
     createSubchannel(0, Attributes.EMPTY);
     assertThat(healthImpls[0].calls).isEmpty();
     deliverSubchannelState(0, ConnectivityStateInfo.forNonError(READY));
diff --git a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
index 928592e5534..59b2d38ecd9 100644
--- a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
@@ -171,9 +171,8 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       endpointTrackerMap.cancelTracking();
     }
 
-    switchLb.handleResolvedAddresses(
+    return switchLb.acceptResolvedAddresses(
         resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(config.childConfig).build());
-    return Status.OK;
   }
 
   @Override
diff --git a/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java b/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
index 1b0139affef..d81740e116a 100644
--- a/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
@@ -280,7 +280,7 @@ public void acceptResolvedAddresses() {
     loadBalancer.acceptResolvedAddresses(resolvedAddresses);
 
     // Handling of resolved addresses is delegated
-    verify(mockChildLb).handleResolvedAddresses(
+    verify(mockChildLb).acceptResolvedAddresses(
         resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(childConfig).build());
 
     // There is a single pending task to run the outlier detection algorithm
diff --git a/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
index 3e58efa7c23..ab1abb1da15 100644
--- a/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
@@ -113,12 +113,10 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     Object switchConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
         lbRegistry.getProvider(WEIGHTED_TARGET_POLICY_NAME),
         new WeightedTargetConfig(weightedPolicySelections));
-    switchLb.handleResolvedAddresses(
+    return switchLb.acceptResolvedAddresses(
         resolvedAddresses.toBuilder()
             .setLoadBalancingPolicyConfig(switchConfig)
             .build());
-
-    return Status.OK;
   }
 
   @Override
diff --git a/xds/src/main/java/io/grpc/xds/orca/OrcaOobUtil.java b/xds/src/main/java/io/grpc/xds/orca/OrcaOobUtil.java
index ba03140d627..9ac06d362fc 100644
--- a/xds/src/main/java/io/grpc/xds/orca/OrcaOobUtil.java
+++ b/xds/src/main/java/io/grpc/xds/orca/OrcaOobUtil.java
@@ -83,7 +83,7 @@ private OrcaOobUtil() {}
    *       class WrrLoadbalancer extends LoadBalancer {
    *         private final Helper originHelper;  // the original Helper
    *
-   *         public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+   *         public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
    *           // listener implements the logic for WRR's usage of backend metrics.
    *           OrcaReportingHelper orcaHelper =
    *               OrcaOobUtil.newOrcaReportingHelper(originHelper);
diff --git a/xds/src/test/java/io/grpc/xds/ClusterManagerLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterManagerLoadBalancerTest.java
index aa0e205dd8f..8856efd685f 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterManagerLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterManagerLoadBalancerTest.java
@@ -118,7 +118,7 @@ public void tearDown() {
   }
 
   @Test
-  public void handleResolvedAddressesUpdatesChannelPicker() {
+  public void acceptResolvedAddressesUpdatesChannelPicker() {
     deliverResolvedAddresses(ImmutableMap.of("childA", "policy_a", "childB", "policy_b"));
 
     verify(helper, atLeastOnce()).updateBalancingState(
diff --git a/xds/src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java b/xds/src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java
index ecc0112a2e0..7b56f59451c 100644
--- a/xds/src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java
+++ b/xds/src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java
@@ -114,6 +114,14 @@ public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       helper.setMetadata(config.metadataKey, config.metadataValue);
       delegateLb.handleResolvedAddresses(resolvedAddresses);
     }
+
+    @Override
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+      MetadataLoadBalancerConfig config
+          = (MetadataLoadBalancerConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
+      helper.setMetadata(config.metadataKey, config.metadataValue);
+      return delegateLb.acceptResolvedAddresses(resolvedAddresses);
+    }
   }
 
   /**
diff --git a/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
index a87d881563c..b6a5d8dbf73 100644
--- a/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
@@ -108,7 +108,7 @@ public void setUp() {
   }
 
   @Test
-  public void handleResolvedAddresses() {
+  public void acceptResolvedAddresses() {
     // A two locality cluster with a mock child LB policy.
     String localityOne = "localityOne";
     String localityTwo = "localityTwo";
@@ -124,7 +124,7 @@ public void handleResolvedAddresses() {
 
     // Assert that the child policy and the locality weights were correctly mapped to a
     // WeightedTargetConfig.
-    verify(mockWeightedTargetLb).handleResolvedAddresses(resolvedAddressesCaptor.capture());
+    verify(mockWeightedTargetLb).acceptResolvedAddresses(resolvedAddressesCaptor.capture());
     Object config = resolvedAddressesCaptor.getValue().getLoadBalancingPolicyConfig();
     assertThat(config).isInstanceOf(WeightedTargetConfig.class);
     WeightedTargetConfig wtConfig = (WeightedTargetConfig) config;
@@ -136,7 +136,7 @@ public void handleResolvedAddresses() {
   }
 
   @Test
-  public void handleResolvedAddresses_noLocalityWeights() {
+  public void acceptResolvedAddresses_noLocalityWeights() {
     // A two locality cluster with a mock child LB policy.
     Object childPolicy = newChildConfig(mockChildProvider, null);
 
@@ -182,7 +182,7 @@ public void localityWeightAttributeNotPropagated() {
 
     // Assert that the child policy and the locality weights were correctly mapped to a
     // WeightedTargetConfig.
-    verify(mockWeightedTargetLb).handleResolvedAddresses(resolvedAddressesCaptor.capture());
+    verify(mockWeightedTargetLb).acceptResolvedAddresses(resolvedAddressesCaptor.capture());
 
     //assertThat(resolvedAddressesCaptor.getValue().getAttributes()
     //    .get(XdsAttributes.ATTR_LOCALITY_WEIGHTS)).isNull();
@@ -213,7 +213,7 @@ private Object newChildConfig(LoadBalancerProvider provider, Object config) {
   }
 
   private void deliverAddresses(WrrLocalityConfig config, List<EquivalentAddressGroup> addresses) {
-    loadBalancer.handleResolvedAddresses(
+    loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder().setAddresses(addresses).setLoadBalancingPolicyConfig(config)
             .build());
   }

From cdab410b816f65f0aec683dda5b96f37f9fd567e Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Mon, 24 Feb 2025 14:58:11 +0000
Subject: [PATCH 199/591] netty: Per-rpc authority verification against peer
 cert subject names (#11724)

Per-rpc verification of authority specified via call options or set by the LB API against peer cert's subject names.
---
 .../io/grpc/internal/AuthorityVerifier.java   |  24 ++
 .../io/grpc/internal/CertificateUtils.java    |  66 ++++
 .../java/io/grpc/internal/GrpcAttributes.java |   3 +
 .../java/io/grpc/internal/NoopSslSession.java | 132 ++++++++
 .../grpc/netty/GrpcHttp2OutboundHeaders.java  |  10 +
 .../netty/InternalProtocolNegotiators.java    |   4 +-
 .../io/grpc/netty/NettyChannelBuilder.java    |   2 +-
 .../io/grpc/netty/NettyClientHandler.java     |  62 ++++
 .../io/grpc/netty/NettyClientTransport.java   |   1 +
 .../NettySslContextChannelCredentials.java    |   2 +-
 .../java/io/grpc/netty/NoopSslEngine.java     | 151 +++++++++
 .../io/grpc/netty/ProtocolNegotiator.java     |   1 +
 .../io/grpc/netty/ProtocolNegotiators.java    | 194 +++++++++---
 .../io/grpc/netty/X509AuthorityVerifier.java  | 108 +++++++
 .../io/grpc/netty/NettyClientHandlerTest.java | 163 +++++++++-
 .../grpc/netty/NettyClientTransportTest.java  | 292 +++++++++++++++++-
 .../grpc/netty/ProtocolNegotiatorsTest.java   |  67 +++-
 .../io/grpc/okhttp/OkHttpChannelBuilder.java  |  24 +-
 .../grpc/okhttp/OkHttpChannelBuilderTest.java |   5 +-
 19 files changed, 1228 insertions(+), 83 deletions(-)
 create mode 100644 core/src/main/java/io/grpc/internal/AuthorityVerifier.java
 create mode 100644 core/src/main/java/io/grpc/internal/CertificateUtils.java
 create mode 100644 core/src/main/java/io/grpc/internal/NoopSslSession.java
 create mode 100644 netty/src/main/java/io/grpc/netty/NoopSslEngine.java
 create mode 100644 netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java

diff --git a/core/src/main/java/io/grpc/internal/AuthorityVerifier.java b/core/src/main/java/io/grpc/internal/AuthorityVerifier.java
new file mode 100644
index 00000000000..e6164a7dc4d
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/AuthorityVerifier.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import io.grpc.Status;
+
+/** Verifier for the outgoing authority pseudo-header against peer cert. */
+public interface AuthorityVerifier {
+  Status verifyAuthority(String authority);
+}
diff --git a/core/src/main/java/io/grpc/internal/CertificateUtils.java b/core/src/main/java/io/grpc/internal/CertificateUtils.java
new file mode 100644
index 00000000000..cc26cedb274
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/CertificateUtils.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * Contains certificate/key PEM file utility method(s) for internal usage.
+ */
+public final class CertificateUtils {
+  /**
+   * Creates X509TrustManagers using the provided CA certs.
+   */
+  public static TrustManager[] createTrustManager(InputStream rootCerts)
+      throws GeneralSecurityException {
+    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+    try {
+      ks.load(null, null);
+    } catch (IOException ex) {
+      // Shouldn't really happen, as we're not loading any data.
+      throw new GeneralSecurityException(ex);
+    }
+    X509Certificate[] certs = CertificateUtils.getX509Certificates(rootCerts);
+    for (X509Certificate cert : certs) {
+      X500Principal principal = cert.getSubjectX500Principal();
+      ks.setCertificateEntry(principal.getName("RFC2253"), cert);
+    }
+
+    TrustManagerFactory trustManagerFactory =
+        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    trustManagerFactory.init(ks);
+    return trustManagerFactory.getTrustManagers();
+  }
+
+  private static X509Certificate[] getX509Certificates(InputStream inputStream)
+      throws CertificateException {
+    CertificateFactory factory = CertificateFactory.getInstance("X.509");
+    Collection<? extends Certificate> certs = factory.generateCertificates(inputStream);
+    return certs.toArray(new X509Certificate[0]);
+  }
+}
diff --git a/core/src/main/java/io/grpc/internal/GrpcAttributes.java b/core/src/main/java/io/grpc/internal/GrpcAttributes.java
index da43ae14800..f95f9b9dab8 100644
--- a/core/src/main/java/io/grpc/internal/GrpcAttributes.java
+++ b/core/src/main/java/io/grpc/internal/GrpcAttributes.java
@@ -42,5 +42,8 @@ public final class GrpcAttributes {
   public static final Attributes.Key<Attributes> ATTR_CLIENT_EAG_ATTRS =
       Attributes.Key.create("io.grpc.internal.GrpcAttributes.clientEagAttrs");
 
+  public static final Attributes.Key<AuthorityVerifier> ATTR_AUTHORITY_VERIFIER =
+          Attributes.Key.create("io.grpc.internal.GrpcAttributes.authorityVerifier");
+
   private GrpcAttributes() {}
 }
diff --git a/core/src/main/java/io/grpc/internal/NoopSslSession.java b/core/src/main/java/io/grpc/internal/NoopSslSession.java
new file mode 100644
index 00000000000..9a79d281ad5
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/NoopSslSession.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import java.security.Principal;
+import java.security.cert.Certificate;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSessionContext;
+
+/** A no-op ssl session, to facilitate overriding only the required methods in specific
+ * implementations.
+ */
+public class NoopSslSession implements SSLSession {
+  @Override
+  public byte[] getId() {
+    return new byte[0];
+  }
+
+  @Override
+  public SSLSessionContext getSessionContext() {
+    return null;
+  }
+
+  @Override
+  @SuppressWarnings("deprecation")
+  public javax.security.cert.X509Certificate[] getPeerCertificateChain() {
+    throw new UnsupportedOperationException("This method is deprecated and marked for removal. "
+            + "Use the getPeerCertificates() method instead.");
+  }
+
+  @Override
+  public long getCreationTime() {
+    return 0;
+  }
+
+  @Override
+  public long getLastAccessedTime() {
+    return 0;
+  }
+
+  @Override
+  public void invalidate() {
+  }
+
+  @Override
+  public boolean isValid() {
+    return false;
+  }
+
+  @Override
+  public void putValue(String s, Object o) {
+  }
+
+  @Override
+  public Object getValue(String s) {
+    return null;
+  }
+
+  @Override
+  public void removeValue(String s) {
+  }
+
+  @Override
+  public String[] getValueNames() {
+    return new String[0];
+  }
+
+  @Override
+  public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
+    return new Certificate[0];
+  }
+
+  @Override
+  public Certificate[] getLocalCertificates() {
+    return new Certificate[0];
+  }
+
+  @Override
+  public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
+    return null;
+  }
+
+  @Override
+  public Principal getLocalPrincipal() {
+    return null;
+  }
+
+  @Override
+  public String getCipherSuite() {
+    return null;
+  }
+
+  @Override
+  public String getProtocol() {
+    return null;
+  }
+
+  @Override
+  public String getPeerHost() {
+    return null;
+  }
+
+  @Override
+  public int getPeerPort() {
+    return 0;
+  }
+
+  @Override
+  public int getPacketBufferSize() {
+    return 0;
+  }
+
+  @Override
+  public int getApplicationBufferSize() {
+    return 0;
+  }
+}
diff --git a/netty/src/main/java/io/grpc/netty/GrpcHttp2OutboundHeaders.java b/netty/src/main/java/io/grpc/netty/GrpcHttp2OutboundHeaders.java
index 0489e135813..aabcd4fbaaa 100644
--- a/netty/src/main/java/io/grpc/netty/GrpcHttp2OutboundHeaders.java
+++ b/netty/src/main/java/io/grpc/netty/GrpcHttp2OutboundHeaders.java
@@ -66,6 +66,16 @@ private GrpcHttp2OutboundHeaders(AsciiString[] preHeaders, byte[][] serializedMe
     this.preHeaders = preHeaders;
   }
 
+  @Override
+  public CharSequence authority() {
+    for (int i = 0; i < preHeaders.length / 2; i++) {
+      if (preHeaders[i * 2].equals(Http2Headers.PseudoHeaderName.AUTHORITY.value())) {
+        return preHeaders[i * 2 + 1];
+      }
+    }
+    return null;
+  }
+
   @Override
   @SuppressWarnings("ReferenceEquality") // STATUS.value() never changes.
   public CharSequence status() {
diff --git a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
index 3d1aa83d9ff..039ea6c4f24 100644
--- a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
@@ -44,7 +44,7 @@ public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslCo
           ObjectPool<? extends Executor> executorPool,
           Optional<Runnable> handshakeCompleteRunnable) {
     final io.grpc.netty.ProtocolNegotiator negotiator = ProtocolNegotiators.tls(sslContext,
-        executorPool, handshakeCompleteRunnable);
+        executorPool, handshakeCompleteRunnable, null);
     final class TlsNegotiator implements InternalProtocolNegotiator.ProtocolNegotiator {
 
       @Override
@@ -170,7 +170,7 @@ public static ChannelHandler clientTlsHandler(
       ChannelHandler next, SslContext sslContext, String authority,
       ChannelLogger negotiationLogger) {
     return new ClientTlsHandler(next, sslContext, authority, null, negotiationLogger,
-        Optional.absent());
+        Optional.absent(), null, null);
   }
 
   public static class ProtocolNegotiationHandler
diff --git a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
index 8b80f7b4e46..46566eaca1a 100644
--- a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
@@ -652,7 +652,7 @@ static ProtocolNegotiator createProtocolNegotiatorByType(
       case PLAINTEXT_UPGRADE:
         return ProtocolNegotiators.plaintextUpgrade();
       case TLS:
-        return ProtocolNegotiators.tls(sslContext, executorPool, Optional.absent());
+        return ProtocolNegotiators.tls(sslContext, executorPool, Optional.absent(), null);
       default:
         throw new IllegalArgumentException("Unsupported negotiationType: " + negotiationType);
     }
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
index 194decb1120..5a93dbc982b 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -28,6 +28,7 @@
 import io.grpc.Attributes;
 import io.grpc.ChannelLogger;
 import io.grpc.InternalChannelz;
+import io.grpc.InternalStatus;
 import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.StatusException;
@@ -83,6 +84,8 @@
 import io.perfmark.Tag;
 import io.perfmark.TaskCloseable;
 import java.nio.channels.ClosedChannelException;
+import java.util.LinkedHashMap;
+import java.util.Map;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -94,6 +97,8 @@
  */
 class NettyClientHandler extends AbstractNettyHandler {
   private static final Logger logger = Logger.getLogger(NettyClientHandler.class.getName());
+  static boolean enablePerRpcAuthorityCheck =
+      GrpcUtil.getFlag("GRPC_ENABLE_PER_RPC_AUTHORITY_CHECK", false);
 
   /**
    * A message that simply passes through the channel without any real processing. It is useful to
@@ -128,6 +133,13 @@ protected void handleNotInUse() {
           lifecycleManager.notifyInUse(false);
         }
       };
+  private final Map<String, Status> peerVerificationResults =
+      new LinkedHashMap<String, Status>() {
+        @Override
+        protected boolean removeEldestEntry(Map.Entry<String, Status> eldest) {
+          return size() > 100;
+        }
+      };
 
   private WriteQueue clientWriteQueue;
   private Http2Ping ping;
@@ -591,6 +603,56 @@ private void createStream(CreateStreamCommand command, ChannelPromise promise)
       return;
     }
 
+    CharSequence authorityHeader = command.headers().authority();
+    if (authorityHeader == null) {
+      Status authorityVerificationStatus = Status.UNAVAILABLE.withDescription(
+              "Missing authority header");
+      command.stream().setNonExistent();
+      command.stream().transportReportStatus(
+              Status.UNAVAILABLE, RpcProgress.PROCESSED, true, new Metadata());
+      promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+              authorityVerificationStatus, null));
+      return;
+    }
+    // No need to verify authority for the rpc outgoing header if it is same as the authority
+    // for the transport
+    if (!authority.contentEquals(authorityHeader)) {
+      Status authorityVerificationStatus = peerVerificationResults.get(
+              authorityHeader.toString());
+      if (authorityVerificationStatus == null) {
+        if (attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER) == null) {
+          authorityVerificationStatus = Status.UNAVAILABLE.withDescription(
+                  "Authority verifier not found to verify authority");
+          command.stream().setNonExistent();
+          command.stream().transportReportStatus(
+                  authorityVerificationStatus, RpcProgress.PROCESSED, true, new Metadata());
+          promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                  authorityVerificationStatus, null));
+          return;
+        }
+        authorityVerificationStatus = attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER)
+                .verifyAuthority(authorityHeader.toString());
+        peerVerificationResults.put(authorityHeader.toString(), authorityVerificationStatus);
+        if (!authorityVerificationStatus.isOk() && !enablePerRpcAuthorityCheck) {
+          logger.log(Level.WARNING, String.format("%s.%s",
+                          authorityVerificationStatus.getDescription(),
+                          enablePerRpcAuthorityCheck
+                                  ? "" : " This will be an error in the future."),
+                  InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                          authorityVerificationStatus, null));
+        }
+      }
+      if (!authorityVerificationStatus.isOk()) {
+        if (enablePerRpcAuthorityCheck) {
+          command.stream().setNonExistent();
+          command.stream().transportReportStatus(
+                  authorityVerificationStatus, RpcProgress.PROCESSED, true, new Metadata());
+          promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                  authorityVerificationStatus, null));
+          return;
+        }
+      }
+    }
     // Get the stream ID for the new stream.
     int streamId;
     try {
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
index 54d1641a7ed..86d8991ba95 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
@@ -106,6 +106,7 @@ class NettyClientTransport implements ConnectionClientTransport {
   private final boolean useGetForSafeMethods;
   private final Ticker ticker;
 
+
   NettyClientTransport(
       SocketAddress address,
       ChannelFactory<? extends Channel> channelFactory,
diff --git a/netty/src/main/java/io/grpc/netty/NettySslContextChannelCredentials.java b/netty/src/main/java/io/grpc/netty/NettySslContextChannelCredentials.java
index ede511b68f6..3d3fdc67e8e 100644
--- a/netty/src/main/java/io/grpc/netty/NettySslContextChannelCredentials.java
+++ b/netty/src/main/java/io/grpc/netty/NettySslContextChannelCredentials.java
@@ -34,6 +34,6 @@ public static ChannelCredentials create(SslContext sslContext) {
     Preconditions.checkArgument(sslContext.isClient(),
         "Server SSL context can not be used for client channel");
     GrpcSslContexts.ensureAlpnAndH2Enabled(sslContext.applicationProtocolNegotiator());
-    return NettyChannelCredentials.create(ProtocolNegotiators.tlsClientFactory(sslContext));
+    return NettyChannelCredentials.create(ProtocolNegotiators.tlsClientFactory(sslContext, null));
   }
 }
diff --git a/netty/src/main/java/io/grpc/netty/NoopSslEngine.java b/netty/src/main/java/io/grpc/netty/NoopSslEngine.java
new file mode 100644
index 00000000000..7e14dbf0e79
--- /dev/null
+++ b/netty/src/main/java/io/grpc/netty/NoopSslEngine.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.netty;
+
+import java.nio.ByteBuffer;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+
+/**
+ * A no-op implementation of SslEngine, to facilitate overriding only the required methods in
+ * specific implementations.
+ */
+class NoopSslEngine extends SSLEngine {
+  @Override
+  public SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int length, ByteBuffer dst)
+          throws SSLException {
+    return null;
+  }
+
+  @Override
+  public SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts, int offset, int length)
+          throws SSLException {
+    return null;
+  }
+
+  @Override
+  public Runnable getDelegatedTask() {
+    return null;
+  }
+
+  @Override
+  public void closeInbound() throws SSLException {
+
+  }
+
+  @Override
+  public boolean isInboundDone() {
+    return false;
+  }
+
+  @Override
+  public void closeOutbound() {
+
+  }
+
+  @Override
+  public boolean isOutboundDone() {
+    return false;
+  }
+
+  @Override
+  public String[] getSupportedCipherSuites() {
+    return new String[0];
+  }
+
+  @Override
+  public String[] getEnabledCipherSuites() {
+    return new String[0];
+  }
+
+  @Override
+  public void setEnabledCipherSuites(String[] suites) {
+
+  }
+
+  @Override
+  public String[] getSupportedProtocols() {
+    return new String[0];
+  }
+
+  @Override
+  public String[] getEnabledProtocols() {
+    return new String[0];
+  }
+
+  @Override
+  public void setEnabledProtocols(String[] protocols) {
+
+  }
+
+  @Override
+  public SSLSession getSession() {
+    return null;
+  }
+
+  @Override
+  public void beginHandshake() throws SSLException {
+
+  }
+
+  @Override
+  public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
+    return null;
+  }
+
+  @Override
+  public void setUseClientMode(boolean mode) {
+
+  }
+
+  @Override
+  public boolean getUseClientMode() {
+    return false;
+  }
+
+  @Override
+  public void setNeedClientAuth(boolean need) {
+
+  }
+
+  @Override
+  public boolean getNeedClientAuth() {
+    return false;
+  }
+
+  @Override
+  public void setWantClientAuth(boolean want) {
+
+  }
+
+  @Override
+  public boolean getWantClientAuth() {
+    return false;
+  }
+
+  @Override
+  public void setEnableSessionCreation(boolean flag) {
+
+  }
+
+  @Override
+  public boolean getEnableSessionCreation() {
+    return false;
+  }
+}
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiator.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiator.java
index 8a2c6f104b2..4332fdf2919 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiator.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiator.java
@@ -63,4 +63,5 @@ interface ServerFactory {
      */
     ProtocolNegotiator newNegotiator(ObjectPool<? extends Executor> offloadExecutorPool);
   }
+
 }
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
index 3f4d59bb334..77308c76ace 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -16,7 +16,6 @@
 
 package io.grpc.netty;
 
-import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 
 import com.google.common.annotations.VisibleForTesting;
@@ -42,8 +41,10 @@
 import io.grpc.Status;
 import io.grpc.TlsChannelCredentials;
 import io.grpc.TlsServerCredentials;
+import io.grpc.internal.CertificateUtils;
 import io.grpc.internal.GrpcAttributes;
 import io.grpc.internal.GrpcUtil;
+import io.grpc.internal.NoopSslSession;
 import io.grpc.internal.ObjectPool;
 import io.netty.channel.ChannelDuplexHandler;
 import io.netty.channel.ChannelFutureListener;
@@ -71,8 +72,11 @@
 import java.net.SocketAddress;
 import java.net.URI;
 import java.nio.channels.ClosedChannelException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
 import java.util.Arrays;
 import java.util.EnumSet;
+import java.util.List;
 import java.util.Set;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
@@ -82,6 +86,9 @@
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 /**
@@ -95,7 +102,15 @@ final class ProtocolNegotiators {
   private static final EnumSet<TlsServerCredentials.Feature> understoodServerTlsFeatures =
       EnumSet.of(
           TlsServerCredentials.Feature.MTLS, TlsServerCredentials.Feature.CUSTOM_MANAGERS);
+  private static Class<?> x509ExtendedTrustManagerClass;
 
+  static {
+    try {
+      x509ExtendedTrustManagerClass = Class.forName("javax.net.ssl.X509ExtendedTrustManager");
+    } catch (ClassNotFoundException e) {
+      // Will disallow per-rpc authority override via call option.
+    }
+  }
 
   private ProtocolNegotiators() {
   }
@@ -118,14 +133,32 @@ public static FromChannelCredentialsResult from(ChannelCredentials creds) {
             new ByteArrayInputStream(tlsCreds.getPrivateKey()),
             tlsCreds.getPrivateKeyPassword());
       }
-      if (tlsCreds.getTrustManagers() != null) {
-        builder.trustManager(new FixedTrustManagerFactory(tlsCreds.getTrustManagers()));
-      } else if (tlsCreds.getRootCertificates() != null) {
-        builder.trustManager(new ByteArrayInputStream(tlsCreds.getRootCertificates()));
-      } // else use system default
       try {
-        return FromChannelCredentialsResult.negotiator(tlsClientFactory(builder.build()));
-      } catch (SSLException ex) {
+        List<TrustManager> trustManagers;
+        if (tlsCreds.getTrustManagers() != null) {
+          trustManagers = tlsCreds.getTrustManagers();
+        } else if (tlsCreds.getRootCertificates() != null) {
+          trustManagers = Arrays.asList(CertificateUtils.createTrustManager(
+                  new ByteArrayInputStream(tlsCreds.getRootCertificates())));
+        } else { // else use system default
+          TrustManagerFactory tmf = TrustManagerFactory.getInstance(
+              TrustManagerFactory.getDefaultAlgorithm());
+          tmf.init((KeyStore) null);
+          trustManagers = Arrays.asList(tmf.getTrustManagers());
+        }
+        builder.trustManager(new FixedTrustManagerFactory(trustManagers));
+        TrustManager x509ExtendedTrustManager = null;
+        if (x509ExtendedTrustManagerClass != null) {
+          for (TrustManager trustManager : trustManagers) {
+            if (x509ExtendedTrustManagerClass.isInstance(trustManager)) {
+              x509ExtendedTrustManager = trustManager;
+              break;
+            }
+          }
+        }
+        return FromChannelCredentialsResult.negotiator(tlsClientFactory(builder.build(),
+                (X509TrustManager) x509ExtendedTrustManager));
+      } catch (SSLException | GeneralSecurityException ex) {
         log.log(Level.FINE, "Exception building SslContext", ex);
         return FromChannelCredentialsResult.error(
             "Unable to create SslContext: " + ex.getMessage());
@@ -411,8 +444,8 @@ static final class ServerTlsHandler extends ChannelInboundHandlerAdapter {
     ServerTlsHandler(ChannelHandler next,
         SslContext sslContext,
         final ObjectPool<? extends Executor> executorPool) {
-      this.sslContext = checkNotNull(sslContext, "sslContext");
-      this.next = checkNotNull(next, "next");
+      this.sslContext = Preconditions.checkNotNull(sslContext, "sslContext");
+      this.next = Preconditions.checkNotNull(next, "next");
       if (executorPool != null) {
         this.executor = executorPool.getObject();
       }
@@ -469,8 +502,8 @@ private void fireProtocolNegotiationEvent(ChannelHandlerContext ctx, SSLSession
   public static ProtocolNegotiator httpProxy(final SocketAddress proxyAddress,
       final @Nullable String proxyUsername, final @Nullable String proxyPassword,
       final ProtocolNegotiator negotiator) {
-    checkNotNull(negotiator, "negotiator");
-    checkNotNull(proxyAddress, "proxyAddress");
+    Preconditions.checkNotNull(negotiator, "negotiator");
+    Preconditions.checkNotNull(proxyAddress, "proxyAddress");
     final AsciiString scheme = negotiator.scheme();
     class ProxyNegotiator implements ProtocolNegotiator {
       @Override
@@ -516,7 +549,7 @@ public ProxyProtocolNegotiationHandler(
         ChannelHandler next,
         ChannelLogger negotiationLogger) {
       super(next, negotiationLogger);
-      this.address = checkNotNull(address, "address");
+      this.address = Preconditions.checkNotNull(address, "address");
       this.userName = userName;
       this.password = password;
     }
@@ -545,18 +578,21 @@ protected void userEventTriggered0(ChannelHandlerContext ctx, Object evt) throws
   static final class ClientTlsProtocolNegotiator implements ProtocolNegotiator {
 
     public ClientTlsProtocolNegotiator(SslContext sslContext,
-        ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable) {
-      this.sslContext = checkNotNull(sslContext, "sslContext");
+        ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable,
+        X509TrustManager x509ExtendedTrustManager) {
+      this.sslContext = Preconditions.checkNotNull(sslContext, "sslContext");
       this.executorPool = executorPool;
       if (this.executorPool != null) {
         this.executor = this.executorPool.getObject();
       }
       this.handshakeCompleteRunnable = handshakeCompleteRunnable;
+      this.x509ExtendedTrustManager = x509ExtendedTrustManager;
     }
 
     private final SslContext sslContext;
     private final ObjectPool<? extends Executor> executorPool;
     private final Optional<Runnable> handshakeCompleteRunnable;
+    private final X509TrustManager x509ExtendedTrustManager;
     private Executor executor;
 
     @Override
@@ -569,7 +605,8 @@ public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       ChannelHandler gnh = new GrpcNegotiationHandler(grpcHandler);
       ChannelLogger negotiationLogger = grpcHandler.getNegotiationLogger();
       ChannelHandler cth = new ClientTlsHandler(gnh, sslContext, grpcHandler.getAuthority(),
-          this.executor, negotiationLogger, handshakeCompleteRunnable);
+          this.executor, negotiationLogger, handshakeCompleteRunnable, this,
+              x509ExtendedTrustManager);
       return new WaitUntilActiveHandler(cth, negotiationLogger);
     }
 
@@ -579,6 +616,11 @@ public void close() {
         this.executorPool.returnObject(this.executor);
       }
     }
+
+    @VisibleForTesting
+    boolean hasX509ExtendedTrustManager() {
+      return x509ExtendedTrustManager != null;
+    }
   }
 
   static final class ClientTlsHandler extends ProtocolNegotiationHandler {
@@ -588,23 +630,28 @@ static final class ClientTlsHandler extends ProtocolNegotiationHandler {
     private final int port;
     private Executor executor;
     private final Optional<Runnable> handshakeCompleteRunnable;
+    private final X509TrustManager x509ExtendedTrustManager;
+    private SSLEngine sslEngine;
 
     ClientTlsHandler(ChannelHandler next, SslContext sslContext, String authority,
         Executor executor, ChannelLogger negotiationLogger,
-        Optional<Runnable> handshakeCompleteRunnable) {
+        Optional<Runnable> handshakeCompleteRunnable,
+        ClientTlsProtocolNegotiator clientTlsProtocolNegotiator,
+         X509TrustManager x509ExtendedTrustManager) {
       super(next, negotiationLogger);
-      this.sslContext = checkNotNull(sslContext, "sslContext");
+      this.sslContext = Preconditions.checkNotNull(sslContext, "sslContext");
       HostPort hostPort = parseAuthority(authority);
       this.host = hostPort.host;
       this.port = hostPort.port;
       this.executor = executor;
       this.handshakeCompleteRunnable = handshakeCompleteRunnable;
+      this.x509ExtendedTrustManager = x509ExtendedTrustManager;
     }
 
     @Override
     @IgnoreJRERequirement
     protected void handlerAdded0(ChannelHandlerContext ctx) {
-      SSLEngine sslEngine = sslContext.newEngine(ctx.alloc(), host, port);
+      sslEngine = sslContext.newEngine(ctx.alloc(), host, port);
       SSLParameters sslParams = sslEngine.getSSLParameters();
       sslParams.setEndpointIdentificationAlgorithm("HTTPS");
       sslEngine.setSSLParameters(sslParams);
@@ -661,6 +708,8 @@ private void propagateTlsComplete(ChannelHandlerContext ctx, SSLSession session)
       Attributes attrs = existingPne.getAttributes().toBuilder()
           .set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY)
           .set(Grpc.TRANSPORT_ATTR_SSL_SESSION, session)
+          .set(GrpcAttributes.ATTR_AUTHORITY_VERIFIER, new X509AuthorityVerifier(
+              sslEngine, x509ExtendedTrustManager))
           .build();
       replaceProtocolNegotiationEvent(existingPne.withAttributes(attrs).withSecurity(security));
       if (handshakeCompleteRunnable.isPresent()) {
@@ -700,8 +749,10 @@ static HostPort parseAuthority(String authority) {
    * @param executorPool a dedicated {@link Executor} pool for time-consuming TLS tasks
    */
   public static ProtocolNegotiator tls(SslContext sslContext,
-      ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable) {
-    return new ClientTlsProtocolNegotiator(sslContext, executorPool, handshakeCompleteRunnable);
+      ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable,
+      X509TrustManager x509ExtendedTrustManager) {
+    return new ClientTlsProtocolNegotiator(sslContext, executorPool, handshakeCompleteRunnable,
+        x509ExtendedTrustManager);
   }
 
   /**
@@ -709,25 +760,30 @@ public static ProtocolNegotiator tls(SslContext sslContext,
    * be negotiated, the {@code handler} is added and writes to the {@link io.netty.channel.Channel}
    * may happen immediately, even before the TLS Handshake is complete.
    */
-  public static ProtocolNegotiator tls(SslContext sslContext) {
-    return tls(sslContext, null, Optional.absent());
+  public static ProtocolNegotiator tls(SslContext sslContext,
+      X509TrustManager x509ExtendedTrustManager) {
+    return tls(sslContext, null, Optional.absent(), x509ExtendedTrustManager);
   }
 
-  public static ProtocolNegotiator.ClientFactory tlsClientFactory(SslContext sslContext) {
-    return new TlsProtocolNegotiatorClientFactory(sslContext);
+  public static ProtocolNegotiator.ClientFactory tlsClientFactory(SslContext sslContext,
+      X509TrustManager x509ExtendedTrustManager) {
+    return new TlsProtocolNegotiatorClientFactory(sslContext, x509ExtendedTrustManager);
   }
 
   @VisibleForTesting
   static final class TlsProtocolNegotiatorClientFactory
       implements ProtocolNegotiator.ClientFactory {
     private final SslContext sslContext;
+    private final X509TrustManager x509ExtendedTrustManager;
 
-    public TlsProtocolNegotiatorClientFactory(SslContext sslContext) {
+    public TlsProtocolNegotiatorClientFactory(SslContext sslContext,
+                                              X509TrustManager x509ExtendedTrustManager) {
       this.sslContext = Preconditions.checkNotNull(sslContext, "sslContext");
+      this.x509ExtendedTrustManager = x509ExtendedTrustManager;
     }
 
     @Override public ProtocolNegotiator newNegotiator() {
-      return tls(sslContext);
+      return tls(sslContext, x509ExtendedTrustManager);
     }
 
     @Override public int getDefaultPort() {
@@ -780,7 +836,9 @@ public AsciiString scheme() {
     public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       ChannelHandler upgradeHandler =
           new Http2UpgradeAndGrpcHandler(grpcHandler.getAuthority(), grpcHandler);
-      return new WaitUntilActiveHandler(upgradeHandler, grpcHandler.getNegotiationLogger());
+      ChannelHandler plaintextHandler =
+          new PlaintextHandler(upgradeHandler, grpcHandler.getNegotiationLogger());
+      return new WaitUntilActiveHandler(plaintextHandler, grpcHandler.getNegotiationLogger());
     }
 
     @Override
@@ -801,8 +859,8 @@ static final class Http2UpgradeAndGrpcHandler extends ChannelInboundHandlerAdapt
     private ProtocolNegotiationEvent pne;
 
     Http2UpgradeAndGrpcHandler(String authority, GrpcHttp2ConnectionHandler next) {
-      this.authority = checkNotNull(authority, "authority");
-      this.next = checkNotNull(next, "next");
+      this.authority = Preconditions.checkNotNull(authority, "authority");
+      this.next = Preconditions.checkNotNull(next, "next");
       this.negotiationLogger = next.getNegotiationLogger();
     }
 
@@ -846,9 +904,9 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exc
   }
 
   /**
-   * Returns a {@link ChannelHandler} that ensures that the {@code handler} is added to the
-   * pipeline writes to the {@link io.netty.channel.Channel} may happen immediately, even before it
-   * is active.
+   * Returns a {@link io.netty.channel.ChannelHandler} that ensures that the {@code handler} is
+   * added to the pipeline writes to the {@link io.netty.channel.Channel} may happen immediately,
+   * even before it is active.
    */
   public static ProtocolNegotiator plaintext() {
     return new PlaintextProtocolNegotiator();
@@ -926,7 +984,7 @@ static final class GrpcNegotiationHandler extends ChannelInboundHandlerAdapter {
     private final GrpcHttp2ConnectionHandler next;
 
     public GrpcNegotiationHandler(GrpcHttp2ConnectionHandler next) {
-      this.next = checkNotNull(next, "next");
+      this.next = Preconditions.checkNotNull(next, "next");
     }
 
     @Override
@@ -977,7 +1035,9 @@ static final class PlaintextProtocolNegotiator implements ProtocolNegotiator {
     @Override
     public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       ChannelHandler grpcNegotiationHandler = new GrpcNegotiationHandler(grpcHandler);
-      ChannelHandler activeHandler = new WaitUntilActiveHandler(grpcNegotiationHandler,
+      ChannelHandler plaintextHandler =
+          new PlaintextHandler(grpcNegotiationHandler, grpcHandler.getNegotiationLogger());
+      ChannelHandler activeHandler = new WaitUntilActiveHandler(plaintextHandler,
           grpcHandler.getNegotiationLogger());
       return activeHandler;
     }
@@ -991,6 +1051,22 @@ public AsciiString scheme() {
     }
   }
 
+  static final class PlaintextHandler extends ProtocolNegotiationHandler {
+    PlaintextHandler(ChannelHandler next, ChannelLogger negotiationLogger) {
+      super(next, negotiationLogger);
+    }
+
+    @Override
+    protected void protocolNegotiationEventTriggered(ChannelHandlerContext ctx) {
+      ProtocolNegotiationEvent existingPne = getProtocolNegotiationEvent();
+      Attributes attrs = existingPne.getAttributes().toBuilder()
+              .set(GrpcAttributes.ATTR_AUTHORITY_VERIFIER, (authority) -> Status.OK)
+              .build();
+      replaceProtocolNegotiationEvent(existingPne.withAttributes(attrs));
+      fireProtocolNegotiationEvent(ctx);
+    }
+  }
+
   /**
    * Waits for the channel to be active, and then installs the next Handler.  Using this allows
    * subsequent handlers to assume the channel is active and ready to send.  Additionally, this a
@@ -1048,15 +1124,15 @@ static class ProtocolNegotiationHandler extends ChannelDuplexHandler {
 
     protected ProtocolNegotiationHandler(ChannelHandler next, String negotiatorName,
         ChannelLogger negotiationLogger) {
-      this.next = checkNotNull(next, "next");
+      this.next = Preconditions.checkNotNull(next, "next");
       this.negotiatorName = negotiatorName;
-      this.negotiationLogger = checkNotNull(negotiationLogger, "negotiationLogger");
+      this.negotiationLogger = Preconditions.checkNotNull(negotiationLogger, "negotiationLogger");
     }
 
     protected ProtocolNegotiationHandler(ChannelHandler next, ChannelLogger negotiationLogger) {
-      this.next = checkNotNull(next, "next");
+      this.next = Preconditions.checkNotNull(next, "next");
       this.negotiatorName = getClass().getSimpleName().replace("Handler", "");
-      this.negotiationLogger = checkNotNull(negotiationLogger, "negotiationLogger");
+      this.negotiationLogger = Preconditions.checkNotNull(negotiationLogger, "negotiationLogger");
     }
 
     @Override
@@ -1097,7 +1173,7 @@ protected final ProtocolNegotiationEvent getProtocolNegotiationEvent() {
 
     protected final void replaceProtocolNegotiationEvent(ProtocolNegotiationEvent pne) {
       checkState(this.pne != null, "previous protocol negotiation event hasn't triggered");
-      this.pne = checkNotNull(pne);
+      this.pne = Preconditions.checkNotNull(pne);
     }
 
     protected final void fireProtocolNegotiationEvent(ChannelHandlerContext ctx) {
@@ -1107,4 +1183,42 @@ protected final void fireProtocolNegotiationEvent(ChannelHandlerContext ctx) {
       ctx.fireUserEventTriggered(pne);
     }
   }
+
+  static final class SslEngineWrapper extends NoopSslEngine {
+    private final SSLEngine sslEngine;
+    private final String peerHost;
+
+    SslEngineWrapper(SSLEngine sslEngine, String peerHost) {
+      this.sslEngine = sslEngine;
+      this.peerHost = peerHost;
+    }
+
+    @Override
+    public String getPeerHost() {
+      return peerHost;
+    }
+
+    @Override
+    public SSLSession getHandshakeSession() {
+      return new FakeSslSession(peerHost);
+    }
+
+    @Override
+    public SSLParameters getSSLParameters() {
+      return sslEngine.getSSLParameters();
+    }
+  }
+
+  static final class FakeSslSession extends NoopSslSession {
+    private final String peerHost;
+
+    FakeSslSession(String peerHost) {
+      this.peerHost = peerHost;
+    }
+
+    @Override
+    public String getPeerHost() {
+      return peerHost;
+    }
+  }
 }
diff --git a/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java b/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java
new file mode 100644
index 00000000000..8a8d426662f
--- /dev/null
+++ b/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.netty;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import io.grpc.Status;
+import io.grpc.internal.AuthorityVerifier;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.annotation.Nonnull;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.X509TrustManager;
+
+final class X509AuthorityVerifier implements AuthorityVerifier {
+  private final SSLEngine sslEngine;
+  private final X509TrustManager x509ExtendedTrustManager;
+
+  private static final Method checkServerTrustedMethod;
+
+  static {
+    Method method = null;
+    try {
+      Class<?> x509ExtendedTrustManagerClass =
+              Class.forName("javax.net.ssl.X509ExtendedTrustManager");
+      method = x509ExtendedTrustManagerClass.getMethod("checkServerTrusted",
+              X509Certificate[].class, String.class, SSLEngine.class);
+    } catch (ClassNotFoundException e) {
+      // Per-rpc authority overriding via call options will be disallowed.
+    } catch (NoSuchMethodException e) {
+      // Should never happen since X509ExtendedTrustManager was introduced in Android API level 24
+      // along with checkServerTrusted.
+    }
+    checkServerTrustedMethod = method;
+  }
+
+  public X509AuthorityVerifier(SSLEngine sslEngine, X509TrustManager x509ExtendedTrustManager) {
+    this.sslEngine = checkNotNull(sslEngine, "sslEngine");
+    this.x509ExtendedTrustManager = x509ExtendedTrustManager;
+  }
+
+  @Override
+  public Status verifyAuthority(@Nonnull String authority) {
+    if (x509ExtendedTrustManager == null) {
+      return Status.UNAVAILABLE.withDescription(
+              "Can't allow authority override in rpc when X509ExtendedTrustManager"
+                      + " is not available");
+    }
+    Status peerVerificationStatus;
+    try {
+      // Because the authority pseudo-header can contain a port number:
+      // https://www.rfc-editor.org/rfc/rfc7540#section-8.1.2.3
+      verifyAuthorityAllowedForPeerCert(removeAnyPortNumber(authority));
+      peerVerificationStatus = Status.OK;
+    } catch (SSLPeerUnverifiedException | CertificateException | InvocationTargetException
+             | IllegalAccessException | IllegalStateException e) {
+      peerVerificationStatus = Status.UNAVAILABLE.withDescription(
+              String.format("Peer hostname verification during rpc failed for authority '%s'",
+                      authority)).withCause(e);
+    }
+    return peerVerificationStatus;
+  }
+
+  private String removeAnyPortNumber(String authority) {
+    int closingSquareBracketIndex = authority.lastIndexOf(']');
+    int portNumberSeperatorColonIndex = authority.lastIndexOf(':');
+    if (portNumberSeperatorColonIndex > closingSquareBracketIndex) {
+      return authority.substring(0, portNumberSeperatorColonIndex);
+    }
+    return authority;
+  }
+
+  private void verifyAuthorityAllowedForPeerCert(String authority)
+          throws SSLPeerUnverifiedException, CertificateException, InvocationTargetException,
+          IllegalAccessException {
+    SSLEngine sslEngineWrapper = new ProtocolNegotiators.SslEngineWrapper(sslEngine, authority);
+    // The typecasting of Certificate to X509Certificate should work because this method will only
+    // be called when using TLS and thus X509.
+    Certificate[] peerCertificates = sslEngine.getSession().getPeerCertificates();
+    X509Certificate[] x509PeerCertificates = new X509Certificate[peerCertificates.length];
+    for (int i = 0; i < peerCertificates.length; i++) {
+      x509PeerCertificates[i] = (X509Certificate) peerCertificates[i];
+    }
+    if (checkServerTrustedMethod == null) {
+      throw new IllegalStateException("checkServerTrustedMethod not found");
+    }
+    checkServerTrustedMethod.invoke(
+            x509ExtendedTrustManager, x509PeerCertificates, "RSA", sslEngineWrapper);
+  }
+}
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index e5c97e9efd9..945c6c1267a 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -36,6 +36,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.same;
@@ -64,6 +65,7 @@
 import io.grpc.internal.ClientStreamListener.RpcProgress;
 import io.grpc.internal.ClientTransport;
 import io.grpc.internal.ClientTransport.PingCallback;
+import io.grpc.internal.GrpcAttributes;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.KeepAliveManager;
 import io.grpc.internal.ManagedClientTransport;
@@ -90,10 +92,12 @@
 import io.netty.handler.codec.http2.Http2Stream;
 import io.netty.util.AsciiString;
 import java.io.InputStream;
+import java.security.cert.CertificateException;
 import java.text.MessageFormat;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Queue;
+import java.util.concurrent.ExecutionException;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Handler;
@@ -189,7 +193,11 @@ public Void answer(InvocationOnMock invocation) throws Throwable {
           })
         .when(streamListener)
         .messagesAvailable(ArgumentMatchers.<StreamListener.MessageProducer>any());
-
+    doAnswer((attributes) -> Attributes.newBuilder().set(
+            GrpcAttributes.ATTR_AUTHORITY_VERIFIER,
+            (authority) -> Status.OK).build())
+          .when(listener)
+          .filterTransport(ArgumentMatchers.any(Attributes.class));
     lifecycleManager = new ClientTransportLifecycleManager(listener);
     // This mocks the keepalive manager only for there's in which we verify it. For other tests
     // it'll be null which will be testing if we behave correctly when it's not present.
@@ -919,6 +927,159 @@ public void exceptionCaughtShouldCloseConnection() throws Exception {
     assertFalse(channel().isOpen());
   }
 
+  @Test
+  public void missingAuthorityHeader_streamCreationShouldFail() throws Exception {
+    Http2Headers grpcHeadersWithoutAuthority = new DefaultHttp2Headers()
+            .scheme(HTTPS)
+            .path(as("/fakemethod"))
+            .method(HTTP_METHOD)
+            .add(as("auth"), as("sometoken"))
+            .add(CONTENT_TYPE_HEADER, CONTENT_TYPE_GRPC)
+            .add(TE_HEADER, TE_TRAILERS);
+    ChannelFuture channelFuture = enqueue(newCreateStreamCommand(
+            grpcHeadersWithoutAuthority, streamTransportState));
+    try {
+      channelFuture.get();
+      fail("Expected stream creation failure");
+    } catch (ExecutionException e) {
+      assertThat(e.getCause().getMessage()).isEqualTo("UNAVAILABLE: Missing authority header");
+    }
+  }
+
+  @Test
+  public void missingAuthorityVerifierInAttributes_streamCreationShouldFail() throws Exception {
+    doAnswer(new Answer<Void>() {
+      @Override
+      public Void answer(InvocationOnMock invocation) throws Throwable {
+        StreamListener.MessageProducer producer =
+                (StreamListener.MessageProducer) invocation.getArguments()[0];
+        InputStream message;
+        while ((message = producer.next()) != null) {
+          streamListenerMessageQueue.add(message);
+        }
+        return null;
+      }
+    })
+        .when(streamListener)
+        .messagesAvailable(ArgumentMatchers.<StreamListener.MessageProducer>any());
+    doAnswer((attributes) -> Attributes.EMPTY)
+        .when(listener)
+        .filterTransport(ArgumentMatchers.any(Attributes.class));
+    lifecycleManager = new ClientTransportLifecycleManager(listener);
+    // This mocks the keepalive manager only for there's in which we verify it. For other tests
+    // it'll be null which will be testing if we behave correctly when it's not present.
+    if (setKeepaliveManagerFor.contains(testNameRule.getMethodName())) {
+      mockKeepAliveManager = mock(KeepAliveManager.class);
+    }
+
+    initChannel(new GrpcHttp2ClientHeadersDecoder(GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE));
+    streamTransportState = new TransportStateImpl(
+            handler(),
+            channel().eventLoop(),
+            DEFAULT_MAX_MESSAGE_SIZE,
+            transportTracer);
+    streamTransportState.setListener(streamListener);
+
+    grpcHeaders = new DefaultHttp2Headers()
+            .scheme(HTTPS)
+            .authority(as("www.fake.com"))
+            .path(as("/fakemethod"))
+            .method(HTTP_METHOD)
+            .add(as("auth"), as("sometoken"))
+            .add(CONTENT_TYPE_HEADER, CONTENT_TYPE_GRPC)
+            .add(TE_HEADER, TE_TRAILERS);
+
+    // Simulate receipt of initial remote settings.
+    ByteBuf serializedSettings = serializeSettings(new Http2Settings());
+    channelRead(serializedSettings);
+    channel().releaseOutbound();
+
+    ChannelFuture channelFuture = createStream();
+    try {
+      channelFuture.get();
+      fail("Expected stream creation failure");
+    } catch (ExecutionException e) {
+      assertThat(e.getCause().getMessage()).isEqualTo(
+              "UNAVAILABLE: Authority verifier not found to verify authority");
+    }
+  }
+
+  @Test
+  public void authorityVerificationSuccess_streamCreationSucceeds() throws Exception {
+    NettyClientHandler.enablePerRpcAuthorityCheck = true;
+    try {
+      ChannelFuture channelFuture = createStream();
+      channelFuture.get();
+    } finally {
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void authorityVerificationFailure_streamCreationFails() throws Exception {
+    NettyClientHandler.enablePerRpcAuthorityCheck = true;
+    try {
+      doAnswer(new Answer<Void>() {
+        @Override
+        public Void answer(InvocationOnMock invocation) throws Throwable {
+          StreamListener.MessageProducer producer =
+                  (StreamListener.MessageProducer) invocation.getArguments()[0];
+          InputStream message;
+          while ((message = producer.next()) != null) {
+            streamListenerMessageQueue.add(message);
+          }
+          return null;
+        }
+      })
+          .when(streamListener)
+          .messagesAvailable(ArgumentMatchers.<StreamListener.MessageProducer>any());
+      doAnswer((attributes) -> Attributes.newBuilder().set(
+          GrpcAttributes.ATTR_AUTHORITY_VERIFIER,
+          (authority) -> Status.UNAVAILABLE.withCause(
+                  new CertificateException("Peer verification failed"))).build())
+          .when(listener)
+          .filterTransport(ArgumentMatchers.any(Attributes.class));
+      lifecycleManager = new ClientTransportLifecycleManager(listener);
+      // This mocks the keepalive manager only for there's in which we verify it. For other tests
+      // it'll be null which will be testing if we behave correctly when it's not present.
+      if (setKeepaliveManagerFor.contains(testNameRule.getMethodName())) {
+        mockKeepAliveManager = mock(KeepAliveManager.class);
+      }
+
+      initChannel(new GrpcHttp2ClientHeadersDecoder(GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE));
+      streamTransportState = new TransportStateImpl(
+              handler(),
+              channel().eventLoop(),
+              DEFAULT_MAX_MESSAGE_SIZE,
+              transportTracer);
+      streamTransportState.setListener(streamListener);
+
+      grpcHeaders = new DefaultHttp2Headers()
+              .scheme(HTTPS)
+              .authority(as("www.fake.com"))
+              .path(as("/fakemethod"))
+              .method(HTTP_METHOD)
+              .add(as("auth"), as("sometoken"))
+              .add(CONTENT_TYPE_HEADER, CONTENT_TYPE_GRPC)
+              .add(TE_HEADER, TE_TRAILERS);
+
+      // Simulate receipt of initial remote settings.
+      ByteBuf serializedSettings = serializeSettings(new Http2Settings());
+      channelRead(serializedSettings);
+      channel().releaseOutbound();
+
+      ChannelFuture channelFuture = createStream();
+      try {
+        channelFuture.get();
+        fail("Expected stream creation failure");
+      } catch (ExecutionException e) {
+        assertThat(e.getMessage()).isEqualTo("io.grpc.InternalStatusRuntimeException: UNAVAILABLE");
+      }
+    } finally {
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
   @Override
   protected void makeStream() throws Exception {
     createStream();
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index d0a6456c430..9b3b2e386d3 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -59,6 +59,7 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.StatusException;
+import io.grpc.TlsChannelCredentials;
 import io.grpc.internal.ClientStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientTransport;
@@ -76,6 +77,7 @@
 import io.grpc.netty.NettyChannelBuilder.LocalSocketPicker;
 import io.grpc.netty.NettyTestUtil.TrackingObjectPoolForTest;
 import io.grpc.testing.TlsTesting;
+import io.grpc.util.CertificateUtils;
 import io.netty.buffer.ByteBuf;
 import io.netty.channel.Channel;
 import io.netty.channel.ChannelConfig;
@@ -101,9 +103,14 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -115,8 +122,15 @@
 import java.util.concurrent.TimeoutException;
 import java.util.concurrent.atomic.AtomicBoolean;
 import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;
+import javax.security.auth.x500.X500Principal;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -131,6 +145,7 @@
  * Tests for {@link NettyClientTransport}.
  */
 @RunWith(JUnit4.class)
+@IgnoreJRERequirement
 public class NettyClientTransportTest {
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
 
@@ -203,7 +218,7 @@ public void addDefaultUserAgent() throws Exception {
   }
 
   @Test
-  public void setSoLingerChannelOption() throws IOException {
+  public void setSoLingerChannelOption() throws IOException, GeneralSecurityException {
     startServer();
     Map<ChannelOption<?>, Object> channelOptions = new HashMap<>();
     // set SO_LINGER option
@@ -354,7 +369,7 @@ public void tlsNegotiationFailurePropagatesToStatus() throws Exception {
         .trustManager(caCert)
         .keyManager(clientCert, clientKey)
         .build();
-    ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext);
+    ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, null);
     final NettyClientTransport transport = newTransport(negotiator);
     callMeMaybe(transport.start(clientTransportListener));
     verify(clientTransportListener, timeout(5000)).transportTerminated();
@@ -821,7 +836,7 @@ public void tlsNegotiationServerExecutorShouldSucceed() throws Exception {
         .keyManager(clientCert, clientKey)
         .build();
     ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, clientExecutorPool,
-        Optional.absent());
+        Optional.absent(), null);
     // after starting the client, the Executor in the client pool should be used
     assertEquals(true, clientExecutorPool.isInUse());
     final NettyClientTransport transport = newTransport(negotiator);
@@ -836,6 +851,179 @@ public void tlsNegotiationServerExecutorShouldSucceed() throws Exception {
     assertEquals(false, serverExecutorPool.isInUse());
   }
 
+  /**
+   * This test tests the case of TlsCredentials passed to ProtocolNegotiators not having an instance
+   * of X509ExtendedTrustManager (this is not testable in ProtocolNegotiatorsTest without creating
+   * accessors for the internal state of negotiator whether it has a X509ExtendedTrustManager,
+   * hence the need to test it in this class instead). To establish a successful handshake we create
+   * a fake X509TrustManager not implementing X509ExtendedTrustManager but wraps the real
+   * X509ExtendedTrustManager.
+   */
+  @Test
+  public void authorityOverrideInCallOptions_noX509ExtendedTrustManager_newStreamCreationFails()
+          throws IOException, InterruptedException, GeneralSecurityException, ExecutionException,
+          TimeoutException {
+    NettyClientHandler.enablePerRpcAuthorityCheck = true;
+    try {
+      startServer();
+      InputStream caCert = TlsTesting.loadCert("ca.pem");
+      X509TrustManager x509ExtendedTrustManager =
+              (X509TrustManager) getX509ExtendedTrustManager(caCert);
+      ProtocolNegotiators.FromChannelCredentialsResult result =
+              ProtocolNegotiators.from(TlsChannelCredentials.newBuilder()
+                      .trustManager(new FakeTrustManager(x509ExtendedTrustManager)).build());
+      NettyClientTransport transport = newTransport(result.negotiator.newNegotiator());
+      SettableFuture<Void> connected = SettableFuture.create();
+      FakeClientTransportListener fakeClientTransportListener =
+              new FakeClientTransportListener(connected);
+      callMeMaybe(transport.start(fakeClientTransportListener));
+      connected.get(10, TimeUnit.SECONDS);
+      assertThat(fakeClientTransportListener.isConnected()).isTrue();
+
+      Rpc rpc = new Rpc(transport, new Metadata(), "foo.test.google.in");
+      try {
+        rpc.waitForClose();
+        fail("Expected exception in starting stream");
+      } catch (ExecutionException ex) {
+        Status status = ((StatusException) ex.getCause()).getStatus();
+        assertThat(status.getDescription()).isEqualTo("Can't allow authority override in rpc "
+                + "when X509ExtendedTrustManager is not available");
+        assertThat(status.getCode()).isEqualTo(Code.UNAVAILABLE);
+      }
+    } finally {
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void authorityOverrideInCallOptions_doesntMatchServerPeerHost_newStreamCreationFails()
+          throws IOException, InterruptedException, GeneralSecurityException, ExecutionException,
+          TimeoutException {
+    NettyClientHandler.enablePerRpcAuthorityCheck = true;
+    try {
+      startServer();
+      NettyClientTransport transport = newTransport(newNegotiator());
+      SettableFuture<Void> connected = SettableFuture.create();
+      FakeClientTransportListener fakeClientTransportListener =
+              new FakeClientTransportListener(connected);
+      callMeMaybe(transport.start(fakeClientTransportListener));
+      connected.get(10, TimeUnit.SECONDS);
+      assertThat(fakeClientTransportListener.isConnected()).isTrue();
+
+      Rpc rpc = new Rpc(transport, new Metadata(), "foo.test.google.in");
+      try {
+        rpc.waitForClose();
+        fail("Expected exception in starting stream");
+      } catch (ExecutionException ex) {
+        Status status = ((StatusException) ex.getCause()).getStatus();
+        assertThat(status.getDescription()).isEqualTo("Peer hostname verification during rpc "
+                + "failed for authority 'foo.test.google.in'");
+        assertThat(status.getCode()).isEqualTo(Code.UNAVAILABLE);
+        assertThat(((InvocationTargetException) ex.getCause().getCause()).getTargetException())
+                .isInstanceOf(CertificateException.class);
+        assertThat(((InvocationTargetException) ex.getCause().getCause()).getTargetException()
+                .getMessage()).isEqualTo(
+                "No subject alternative DNS name matching foo.test.google.in found.");
+      }
+    } finally {
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void authorityOverrideInCallOptions_matchesServerPeerHost_newStreamCreationSucceeds()
+          throws IOException, InterruptedException, GeneralSecurityException, ExecutionException,
+          TimeoutException {
+    NettyClientHandler.enablePerRpcAuthorityCheck = true;
+    try {
+      startServer();
+      NettyClientTransport transport = newTransport(newNegotiator());
+      SettableFuture<Void> connected = SettableFuture.create();
+      FakeClientTransportListener fakeClientTransportListener =
+              new FakeClientTransportListener(connected);
+      callMeMaybe(transport.start(fakeClientTransportListener));
+      connected.get(10, TimeUnit.SECONDS);
+      assertThat(fakeClientTransportListener.isConnected()).isTrue();
+
+      new Rpc(transport, new Metadata(), "foo.test.google.fr").waitForResponse();
+    } finally {
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;;
+    }
+  }
+
+  // Without removing the port number part that {@link X509AuthorityVerifier} does, there will be a
+  // java.security.cert.CertificateException: Illegal given domain name: foo.test.google.fr:12345
+  @Test
+  public void authorityOverrideInCallOptions_portNumberInAuthority_isStrippedForPeerVerification()
+      throws IOException, InterruptedException, GeneralSecurityException, ExecutionException,
+      TimeoutException {
+    NettyClientHandler.enablePerRpcAuthorityCheck = true;
+    try {
+      startServer();
+      NettyClientTransport transport = newTransport(newNegotiator());
+      SettableFuture<Void> connected = SettableFuture.create();
+      FakeClientTransportListener fakeClientTransportListener =
+          new FakeClientTransportListener(connected);
+      callMeMaybe(transport.start(fakeClientTransportListener));
+      connected.get(10, TimeUnit.SECONDS);
+      assertThat(fakeClientTransportListener.isConnected()).isTrue();
+
+      new Rpc(transport, new Metadata(), "foo.test.google.fr:12345").waitForResponse();
+    } finally {
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;;
+    }
+  }
+
+  @Test
+  public void authorityOverrideInCallOptions_portNumberAndIpv6_isStrippedForPeerVerification()
+      throws IOException, InterruptedException, GeneralSecurityException, ExecutionException,
+      TimeoutException {
+    NettyClientHandler.enablePerRpcAuthorityCheck = true;
+    try {
+      startServer();
+      NettyClientTransport transport = newTransport(newNegotiator());
+      SettableFuture<Void> connected = SettableFuture.create();
+      FakeClientTransportListener fakeClientTransportListener =
+          new FakeClientTransportListener(connected);
+      callMeMaybe(transport.start(fakeClientTransportListener));
+      connected.get(10, TimeUnit.SECONDS);
+      assertThat(fakeClientTransportListener.isConnected()).isTrue();
+
+      new Rpc(transport, new Metadata(), "[2001:db8:3333:4444:5555:6666:1.2.3.4]:12345")
+          .waitForResponse();
+    } catch (ExecutionException ex) {
+      Status status = ((StatusException) ex.getCause()).getStatus();
+      assertThat(status.getDescription()).isEqualTo("Peer hostname verification during rpc "
+          + "failed for authority '[2001:db8:3333:4444:5555:6666:1.2.3.4]:12345'");
+      assertThat(status.getCode()).isEqualTo(Code.UNAVAILABLE);
+      assertThat(((InvocationTargetException) ex.getCause().getCause()).getTargetException())
+          .isInstanceOf(CertificateException.class);
+      // Port number is removed by {@link X509AuthorityVerifier}.
+      assertThat(((InvocationTargetException) ex.getCause().getCause()).getTargetException()
+          .getMessage()).isEqualTo(
+          "No subject alternative names matching IP address 2001:db8:3333:4444:5555:6666:1.2.3.4 "
+              + "found");
+    } finally {
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;;
+    }
+  }
+
+  @Test
+  public void authorityOverrideInCallOptions_notMatches_flagDisabled_createsStream()
+          throws IOException, InterruptedException, GeneralSecurityException, ExecutionException,
+          TimeoutException {
+    startServer();
+    NettyClientTransport transport = newTransport(newNegotiator());
+    SettableFuture<Void> connected = SettableFuture.create();
+    FakeClientTransportListener fakeClientTransportListener =
+            new FakeClientTransportListener(connected);
+    callMeMaybe(transport.start(fakeClientTransportListener));
+    connected.get(10, TimeUnit.SECONDS);
+    assertThat(fakeClientTransportListener.isConnected()).isTrue();
+
+    new Rpc(transport, new Metadata(), "foo.test.google.in").waitForResponse();
+  }
+
   private Throwable getRootCause(Throwable t) {
     if (t.getCause() == null) {
       return t;
@@ -843,10 +1031,37 @@ private Throwable getRootCause(Throwable t) {
     return getRootCause(t.getCause());
   }
 
-  private ProtocolNegotiator newNegotiator() throws IOException {
+  private ProtocolNegotiator newNegotiator() throws IOException, GeneralSecurityException {
     InputStream caCert = TlsTesting.loadCert("ca.pem");
     SslContext clientContext = GrpcSslContexts.forClient().trustManager(caCert).build();
-    return ProtocolNegotiators.tls(clientContext);
+    return ProtocolNegotiators.tls(clientContext,
+        (X509TrustManager) getX509ExtendedTrustManager(TlsTesting.loadCert("ca.pem")));
+  }
+
+  private static TrustManager getX509ExtendedTrustManager(InputStream rootCerts)
+      throws GeneralSecurityException {
+    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+    try {
+      ks.load(null, null);
+    } catch (IOException ex) {
+      // Shouldn't really happen, as we're not loading any data.
+      throw new GeneralSecurityException(ex);
+    }
+    X509Certificate[] certs = CertificateUtils.getX509Certificates(rootCerts);
+    for (X509Certificate cert : certs) {
+      X500Principal principal = cert.getSubjectX500Principal();
+      ks.setCertificateEntry(principal.getName("RFC2253"), cert);
+    }
+
+    TrustManagerFactory trustManagerFactory =
+        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    trustManagerFactory.init(ks);
+    for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
+      if (trustManager instanceof X509ExtendedTrustManager) {
+        return trustManager;
+      }
+    }
+    return null;
   }
 
   private NettyClientTransport newTransport(ProtocolNegotiator negotiator) {
@@ -965,13 +1180,20 @@ private static class Rpc {
     final TestClientStreamListener listener = new TestClientStreamListener();
 
     Rpc(NettyClientTransport transport) {
-      this(transport, new Metadata());
+      this(transport, new Metadata(), null);
     }
 
     Rpc(NettyClientTransport transport, Metadata headers) {
+      this(transport, headers, null);
+    }
+
+    Rpc(NettyClientTransport transport, Metadata headers, String authorityOverride) {
       stream = transport.newStream(
           METHOD, headers, CallOptions.DEFAULT,
           new ClientStreamTracer[]{ new ClientStreamTracer() {} });
+      if (authorityOverride != null) {
+        stream.setAuthority(authorityOverride);
+      }
       stream.start(listener);
       stream.request(1);
       stream.writeMessage(new ByteArrayInputStream(MESSAGE.getBytes(UTF_8)));
@@ -1169,4 +1391,62 @@ public void log(ChannelLogLevel level, String message) {}
     @Override
     public void log(ChannelLogLevel level, String messageFormat, Object... args) {}
   }
+
+  static class FakeClientTransportListener implements ManagedClientTransport.Listener {
+    private final SettableFuture<Void> connected;
+
+    @GuardedBy("this")
+    private boolean isConnected = false;
+
+    public FakeClientTransportListener(SettableFuture<Void> connected) {
+      this.connected = connected;
+    }
+
+    @Override
+    public void transportShutdown(Status s) {}
+
+    @Override
+    public void transportTerminated() {}
+
+    @Override
+    public void transportReady() {
+      synchronized (this) {
+        isConnected = true;
+      }
+      connected.set(null);
+    }
+
+    synchronized boolean isConnected() {
+      return isConnected;
+    }
+
+    @Override
+    public void transportInUse(boolean inUse) {}
+  }
+
+  private static class FakeTrustManager implements X509TrustManager {
+
+    private final X509TrustManager delegate;
+
+    public FakeTrustManager(X509TrustManager x509ExtendedTrustManager) {
+      this.delegate = x509ExtendedTrustManager;
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
+        throws CertificateException {
+      delegate.checkClientTrusted(x509Certificates, s);
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
+        throws CertificateException {
+      delegate.checkServerTrusted(x509Certificates, s);
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+      return delegate.getAcceptedIssuers();
+    }
+  }
 }
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 6dff3de2b2a..4829bcc7419 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -112,10 +112,14 @@
 import io.netty.handler.ssl.SslHandler;
 import io.netty.handler.ssl.SslHandshakeCompletionEvent;
 import java.io.File;
+import java.io.IOException;
 import java.io.InputStream;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayDeque;
 import java.util.Arrays;
@@ -222,13 +226,52 @@ public ChannelCredentials withoutBearerTokens() {
   }
 
   @Test
-  public void fromClient_tls() {
+  public void fromClient_tls_trustManager()
+      throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
+    KeyStore certStore = KeyStore.getInstance(KeyStore.getDefaultType());
+    certStore.load(null);
+    TrustManagerFactory trustManagerFactory =
+        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    try (InputStream ca = TlsTesting.loadCert("ca.pem")) {
+      for (X509Certificate cert : CertificateUtils.getX509Certificates(ca)) {
+        certStore.setCertificateEntry(cert.getSubjectX500Principal().getName("RFC2253"), cert);
+      }
+    }
+    trustManagerFactory.init(certStore);
+    ProtocolNegotiators.FromChannelCredentialsResult result =
+        ProtocolNegotiators.from(TlsChannelCredentials.newBuilder()
+            .trustManager(trustManagerFactory.getTrustManagers()).build());
+    assertThat(result.error).isNull();
+    assertThat(result.callCredentials).isNull();
+    assertThat(result.negotiator)
+        .isInstanceOf(ProtocolNegotiators.TlsProtocolNegotiatorClientFactory.class);
+    assertThat(((ClientTlsProtocolNegotiator) result.negotiator.newNegotiator())
+        .hasX509ExtendedTrustManager()).isTrue();
+  }
+
+  @Test
+  public void fromClient_tls_CaCertsInputStream() throws IOException {
+    ProtocolNegotiators.FromChannelCredentialsResult result =
+        ProtocolNegotiators.from(TlsChannelCredentials.newBuilder()
+            .trustManager(TlsTesting.loadCert("ca.pem")).build());
+    assertThat(result.error).isNull();
+    assertThat(result.callCredentials).isNull();
+    assertThat(result.negotiator)
+        .isInstanceOf(ProtocolNegotiators.TlsProtocolNegotiatorClientFactory.class);
+    assertThat(((ClientTlsProtocolNegotiator) result.negotiator.newNegotiator())
+        .hasX509ExtendedTrustManager()).isTrue();
+  }
+
+  @Test
+  public void fromClient_tls_systemDefault() {
     ProtocolNegotiators.FromChannelCredentialsResult result =
         ProtocolNegotiators.from(TlsChannelCredentials.create());
     assertThat(result.error).isNull();
     assertThat(result.callCredentials).isNull();
     assertThat(result.negotiator)
         .isInstanceOf(ProtocolNegotiators.TlsProtocolNegotiatorClientFactory.class);
+    assertThat(((ClientTlsProtocolNegotiator) result.negotiator.newNegotiator())
+        .hasX509ExtendedTrustManager()).isTrue();
   }
 
   @Test
@@ -877,7 +920,8 @@ public String applicationProtocol() {
     DefaultEventLoopGroup elg = new DefaultEventLoopGroup(1);
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger, Optional.absent());
+        "authority", elg, noopLogger, Optional.absent(),
+        getClientTlsProtocolNegotiator(), null);
     pipeline.addLast(handler);
     pipeline.replace(SslHandler.class, null, goodSslHandler);
     pipeline.fireUserEventTriggered(ProtocolNegotiationEvent.DEFAULT);
@@ -915,7 +959,8 @@ public String applicationProtocol() {
         .applicationProtocolConfig(apn).build();
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger, Optional.absent());
+        "authority", elg, noopLogger, Optional.absent(),
+        getClientTlsProtocolNegotiator(), null);
     pipeline.addLast(handler);
     pipeline.replace(SslHandler.class, null, goodSslHandler);
     pipeline.fireUserEventTriggered(ProtocolNegotiationEvent.DEFAULT);
@@ -939,7 +984,8 @@ public String applicationProtocol() {
     DefaultEventLoopGroup elg = new DefaultEventLoopGroup(1);
 
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", elg, noopLogger, Optional.absent());
+        "authority", elg, noopLogger, Optional.absent(),
+        getClientTlsProtocolNegotiator(), null);
     pipeline.addLast(handler);
 
     final AtomicReference<Throwable> error = new AtomicReference<>();
@@ -967,7 +1013,8 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
   @Test
   public void clientTlsHandler_closeDuringNegotiation() throws Exception {
     ClientTlsHandler handler = new ClientTlsHandler(grpcHandler, sslContext,
-        "authority", null, noopLogger, Optional.absent());
+        "authority", null, noopLogger, Optional.absent(),
+        getClientTlsProtocolNegotiator(), null);
     pipeline.addLast(new WriteBufferingAndExceptionHandler(handler));
     ChannelFuture pendingWrite = channel.writeAndFlush(NettyClientHandler.NOOP_MESSAGE);
 
@@ -979,6 +1026,12 @@ public void clientTlsHandler_closeDuringNegotiation() throws Exception {
         .isEqualTo(Status.Code.UNAVAILABLE);
   }
 
+  private ClientTlsProtocolNegotiator getClientTlsProtocolNegotiator() throws SSLException {
+    return new ClientTlsProtocolNegotiator(GrpcSslContexts.forClient().trustManager(
+        TlsTesting.loadCert("ca.pem")).build(),
+        null, Optional.absent(), null);
+  }
+
   @Test
   public void engineLog() {
     ChannelHandler handler = new ServerTlsHandler(grpcHandler, sslContext, null);
@@ -1007,7 +1060,7 @@ public boolean isLoggable(LogRecord record) {
   public void tls_failsOnNullSslContext() {
     thrown.expect(NullPointerException.class);
 
-    Object unused = ProtocolNegotiators.tls(null);
+    Object unused = ProtocolNegotiators.tls(null, null);
   }
 
   @Test
@@ -1230,7 +1283,7 @@ public void clientTlsHandler_firesNegotiation() throws Exception {
     }
     FakeGrpcHttp2ConnectionHandler gh = FakeGrpcHttp2ConnectionHandler.newHandler();
     ClientTlsProtocolNegotiator pn = new ClientTlsProtocolNegotiator(clientSslContext,
-        null, Optional.absent());
+        null, Optional.absent(), null);
     WriteBufferingAndExceptionHandler clientWbaeh =
         new WriteBufferingAndExceptionHandler(pn.newHandler(gh));
 
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
index f42cb9fb16d..7eaaa6fd763 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
@@ -81,8 +81,6 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.security.auth.x500.X500Principal;
 
 /** Convenience class for building channels with the OkHttp transport. */
 @ExperimentalApi("https://github.com/grpc/grpc-java/issues/1785")
@@ -705,32 +703,12 @@ static KeyManager[] createKeyManager(InputStream certChain, InputStream privateK
   static TrustManager[] createTrustManager(byte[] rootCerts) throws GeneralSecurityException {
     InputStream rootCertsStream = new ByteArrayInputStream(rootCerts);
     try {
-      return createTrustManager(rootCertsStream);
+      return io.grpc.internal.CertificateUtils.createTrustManager(rootCertsStream);
     } finally {
       GrpcUtil.closeQuietly(rootCertsStream);
     }
   }
 
-  static TrustManager[] createTrustManager(InputStream rootCerts) throws GeneralSecurityException {
-    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-    try {
-      ks.load(null, null);
-    } catch (IOException ex) {
-      // Shouldn't really happen, as we're not loading any data.
-      throw new GeneralSecurityException(ex);
-    }
-    X509Certificate[] certs = CertificateUtils.getX509Certificates(rootCerts);
-    for (X509Certificate cert : certs) {
-      X500Principal principal = cert.getSubjectX500Principal();
-      ks.setCertificateEntry(principal.getName("RFC2253"), cert);
-    }
-
-    TrustManagerFactory trustManagerFactory =
-        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-    trustManagerFactory.init(ks);
-    return trustManagerFactory.getTrustManagers();
-  }
-
   static Collection<Class<? extends SocketAddress>> getSupportedSocketAddressTypes() {
     return Collections.singleton(InetSocketAddress.class);
   }
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java
index 3670cd057c1..c86e80656e3 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java
@@ -34,6 +34,7 @@
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.ManagedChannel;
 import io.grpc.TlsChannelCredentials;
+import io.grpc.internal.CertificateUtils;
 import io.grpc.internal.ClientTransportFactory;
 import io.grpc.internal.ClientTransportFactory.SwapChannelCredentialsResult;
 import io.grpc.internal.FakeClock;
@@ -212,7 +213,7 @@ public void sslSocketFactoryFrom_tls_mtls() throws Exception {
 
     TrustManager[] trustManagers;
     try (InputStream ca = TlsTesting.loadCert("ca.pem")) {
-      trustManagers = OkHttpChannelBuilder.createTrustManager(ca);
+      trustManagers = CertificateUtils.createTrustManager(ca);
     }
 
     SSLContext serverContext = SSLContext.getInstance("TLS");
@@ -257,7 +258,7 @@ public void sslSocketFactoryFrom_tls_mtls_keyFile() throws Exception {
          InputStream ca = TlsTesting.loadCert("ca.pem")) {
       serverContext.init(
           OkHttpChannelBuilder.createKeyManager(server1Chain, server1Key),
-          OkHttpChannelBuilder.createTrustManager(ca),
+          CertificateUtils.createTrustManager(ca),
           null);
     }
     final SSLServerSocket serverListenSocket =

From 1a2285b52786ee190e4157cf0b005aabb7316f96 Mon Sep 17 00:00:00 2001
From: Sergii Tkachenko <sergiitk@google.com>
Date: Mon, 3 Mar 2025 17:28:36 -0500
Subject: [PATCH 200/591] xds: ensure server interceptors are created in a sync
 context (#11930)

`XdsServerWrapper#generatePerRouteInterceptors` was always intended
to be executed within a sync context. This PR ensures that by calling
`syncContext.throwIfNotInThisSynchronizationContext()`.

This change is needed for upcoming xDS filter state retention because
the new tests in XdsServerWrapperTest flake with this NPE:

> `Cannot invoke "io.grpc.xds.client.XdsClient$ResourceWatcher.onChanged(io.grpc.xds.client.XdsClient$ResourceUpdate)" because "this.ldsWatcher" is null`
---
 .../java/io/grpc/xds/XdsServerWrapper.java    |  4 +-
 .../java/io/grpc/xds/XdsServerTestHelper.java | 83 +++++++++++++++----
 .../io/grpc/xds/XdsServerWrapperTest.java     | 28 +++----
 3 files changed, 79 insertions(+), 36 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index bbb17d9b616..e5b25ae458b 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -524,9 +524,7 @@ private AtomicReference<ServerRoutingConfig> generateRoutingConfig(FilterChain f
 
     private ImmutableMap<Route, ServerInterceptor> generatePerRouteInterceptors(
         @Nullable List<NamedFilterConfig> filterConfigs, List<VirtualHost> virtualHosts) {
-      // This should always be called from the sync context.
-      // Ideally we'd want to throw otherwise, but this breaks the tests now.
-      // syncContext.throwIfNotInThisSynchronizationContext();
+      syncContext.throwIfNotInThisSynchronizationContext();
 
       ImmutableMap.Builder<Route, ServerInterceptor> perRouteInterceptors =
           new ImmutableMap.Builder<>();
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
index a27c2917712..0508b11c205 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
@@ -38,6 +38,7 @@
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.client.XdsResourceType;
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -45,7 +46,10 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
 import javax.annotation.Nullable;
 
 /**
@@ -174,12 +178,18 @@ public List<String> getTargets() {
     }
   }
 
+  // Implementation details:
+  // 1. Use `synchronized` in methods where XdsClientImpl uses its own `syncContext`.
+  // 2. Use `serverExecutor` via `execute()` in methods where XdsClientImpl uses watcher's executor.
   static final class FakeXdsClient extends XdsClient {
-    boolean shutdown;
-    SettableFuture<String> ldsResource = SettableFuture.create();
-    ResourceWatcher<LdsUpdate> ldsWatcher;
-    CountDownLatch rdsCount = new CountDownLatch(1);
+    public static final Duration DEFAULT_TIMEOUT = Duration.ofSeconds(5);
+
+    private boolean shutdown;
+    @Nullable SettableFuture<String> ldsResource = SettableFuture.create();
+    @Nullable ResourceWatcher<LdsUpdate> ldsWatcher;
+    private CountDownLatch rdsCount = new CountDownLatch(1);
     final Map<String, ResourceWatcher<RdsUpdate>> rdsWatchers = new HashMap<>();
+    @Nullable private volatile Executor serverExecutor;
 
     @Override
     public TlsContextManager getSecurityConfig() {
@@ -193,14 +203,20 @@ public BootstrapInfo getBootstrapInfo() {
 
     @Override
     @SuppressWarnings("unchecked")
-    public <T extends ResourceUpdate> void watchXdsResource(XdsResourceType<T> resourceType,
-                                                            String resourceName,
-                                                            ResourceWatcher<T> watcher,
-                                                            Executor syncContext) {
+    public synchronized <T extends ResourceUpdate> void watchXdsResource(
+        XdsResourceType<T> resourceType,
+        String resourceName,
+        ResourceWatcher<T> watcher,
+        Executor executor) {
+      if (serverExecutor != null) {
+        assertThat(executor).isEqualTo(serverExecutor);
+      }
+
       switch (resourceType.typeName()) {
         case "LDS":
           assertThat(ldsWatcher).isNull();
           ldsWatcher = (ResourceWatcher<LdsUpdate>) watcher;
+          serverExecutor = executor;
           ldsResource.set(resourceName);
           break;
         case "RDS":
@@ -213,14 +229,14 @@ public <T extends ResourceUpdate> void watchXdsResource(XdsResourceType<T> resou
     }
 
     @Override
-    public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T> type,
-        String resourceName,
-        ResourceWatcher<T> watcher) {
+    public synchronized <T extends ResourceUpdate>  void cancelXdsResourceWatch(
+        XdsResourceType<T> type, String resourceName, ResourceWatcher<T> watcher) {
       switch (type.typeName()) {
         case "LDS":
           assertThat(ldsWatcher).isNotNull();
           ldsResource = null;
           ldsWatcher = null;
+          serverExecutor = null;
           break;
         case "RDS":
           rdsWatchers.remove(resourceName);
@@ -230,27 +246,58 @@ public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T>
     }
 
     @Override
-    public void shutdown() {
+    public synchronized void shutdown() {
       shutdown = true;
     }
 
     @Override
-    public boolean isShutDown() {
+    public synchronized boolean isShutDown() {
       return shutdown;
     }
 
+    public void awaitRds(Duration timeout) throws InterruptedException, TimeoutException {
+      if (!rdsCount.await(timeout.toMillis(), TimeUnit.MILLISECONDS)) {
+        throw new TimeoutException("Timeout " + timeout + " waiting for RDSs");
+      }
+    }
+
+    public void setExpectedRdsCount(int count) {
+      rdsCount = new CountDownLatch(count);
+    }
+
+    private void execute(Runnable action) {
+      // This method ensures that all watcher updates:
+      // - Happen after the server started watching LDS.
+      // - Are executed within the sync context of the server.
+      //
+      // Note that this doesn't guarantee that any of the RDS watchers are created.
+      // Tests should use setExpectedRdsCount(int) and awaitRds() for that.
+      if (ldsResource == null) {
+        throw new IllegalStateException("xDS resource update after watcher cancel");
+      }
+      try {
+        ldsResource.get(DEFAULT_TIMEOUT.toMillis(), TimeUnit.MILLISECONDS);
+      } catch (ExecutionException | TimeoutException e) {
+        throw new RuntimeException("Can't resolve LDS resource name in " + DEFAULT_TIMEOUT, e);
+      } catch (InterruptedException e) {
+        Thread.currentThread().interrupt();
+        throw new RuntimeException(e);
+      }
+      serverExecutor.execute(action);
+    }
+
     void deliverLdsUpdate(List<FilterChain> filterChains,
                           FilterChain defaultFilterChain) {
-      ldsWatcher.onChanged(LdsUpdate.forTcpListener(Listener.create(
-              "listener", "0.0.0.0:1", ImmutableList.copyOf(filterChains), defaultFilterChain)));
+      deliverLdsUpdate(LdsUpdate.forTcpListener(Listener.create(
+          "listener", "0.0.0.0:1", ImmutableList.copyOf(filterChains), defaultFilterChain)));
     }
 
     void deliverLdsUpdate(LdsUpdate ldsUpdate) {
-      ldsWatcher.onChanged(ldsUpdate);
+      execute(() -> ldsWatcher.onChanged(ldsUpdate));
     }
 
-    void deliverRdsUpdate(String rdsName, List<VirtualHost> virtualHosts) {
-      rdsWatchers.get(rdsName).onChanged(new RdsUpdate(virtualHosts));
+    void deliverRdsUpdate(String resourceName, List<VirtualHost> virtualHosts) {
+      execute(() -> rdsWatchers.get(resourceName).onChanged(new RdsUpdate(virtualHosts)));
     }
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
index 41f005ba583..388052a3dc8 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
@@ -74,7 +74,6 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
-import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
@@ -252,7 +251,7 @@ public void run() {
     FilterChain f0 = createFilterChain("filter-chain-0", hcm_virtual);
     FilterChain f1 = createFilterChain("filter-chain-1", createRds("rds"));
     xdsClient.deliverLdsUpdate(Collections.singletonList(f0), f1);
-    xdsClient.rdsCount.await(5, TimeUnit.SECONDS);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
     xdsClient.deliverRdsUpdate("rds",
             Collections.singletonList(createVirtualHost("virtual-host-1")));
     verify(listener, timeout(5000)).onServing();
@@ -261,7 +260,7 @@ public void run() {
     xdsServerWrapper.shutdown();
     assertThat(xdsServerWrapper.isShutdown()).isTrue();
     assertThat(xdsClient.ldsResource).isNull();
-    assertThat(xdsClient.shutdown).isTrue();
+    assertThat(xdsClient.isShutDown()).isTrue();
     verify(mockServer).shutdown();
     assertThat(f0.sslContextProviderSupplier().isShutdown()).isTrue();
     assertThat(f1.sslContextProviderSupplier().isShutdown()).isTrue();
@@ -303,7 +302,7 @@ public void run() {
     verify(mockServer, never()).start();
     assertThat(xdsServerWrapper.isShutdown()).isTrue();
     assertThat(xdsClient.ldsResource).isNull();
-    assertThat(xdsClient.shutdown).isTrue();
+    assertThat(xdsClient.isShutDown()).isTrue();
     verify(mockServer).shutdown();
     assertThat(f0.sslContextProviderSupplier().isShutdown()).isTrue();
     assertThat(f1.sslContextProviderSupplier().isShutdown()).isTrue();
@@ -342,7 +341,7 @@ public void run() {
     xdsServerWrapper.shutdown();
     assertThat(xdsServerWrapper.isShutdown()).isTrue();
     assertThat(xdsClient.ldsResource).isNull();
-    assertThat(xdsClient.shutdown).isTrue();
+    assertThat(xdsClient.isShutDown()).isTrue();
     verify(mockBuilder, times(1)).build();
     verify(mockServer, times(1)).shutdown();
     xdsServerWrapper.awaitTermination(1, TimeUnit.SECONDS);
@@ -367,7 +366,7 @@ public void run() {
     FilterChain filterChain = createFilterChain("filter-chain-1", createRds("rds"));
     SslContextProviderSupplier sslSupplier = filterChain.sslContextProviderSupplier();
     xdsClient.deliverLdsUpdate(Collections.singletonList(filterChain), null);
-    xdsClient.rdsCount.await(5, TimeUnit.SECONDS);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
     xdsClient.deliverRdsUpdate("rds",
             Collections.singletonList(createVirtualHost("virtual-host-1")));
     try {
@@ -434,7 +433,7 @@ public void run() {
     xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
     FilterChain filterChain = createFilterChain("filter-chain-1", createRds("rds"));
     xdsClient.deliverLdsUpdate(Collections.singletonList(filterChain), null);
-    xdsClient.rdsCount.await(5, TimeUnit.SECONDS);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
     xdsClient.deliverRdsUpdate("rds",
             Collections.singletonList(createVirtualHost("virtual-host-1")));
     try {
@@ -544,7 +543,7 @@ public void run() {
             0L, Collections.singletonList(virtualHost), new ArrayList<NamedFilterConfig>());
     EnvoyServerProtoData.FilterChain f0 = createFilterChain("filter-chain-0", hcmVirtual);
     EnvoyServerProtoData.FilterChain f1 = createFilterChain("filter-chain-1", createRds("r0"));
-    xdsClient.rdsCount = new CountDownLatch(3);
+    xdsClient.setExpectedRdsCount(3);
     xdsClient.deliverLdsUpdate(Arrays.asList(f0, f1), null);
     assertThat(start.isDone()).isFalse();
     assertThat(selectorManager.getSelectorToUpdateSelector()).isNull();
@@ -556,7 +555,7 @@ public void run() {
     xdsClient.deliverLdsUpdate(Arrays.asList(f0, f2), f3);
     verify(mockServer, never()).start();
     verify(listener, never()).onServing();
-    xdsClient.rdsCount.await(5, TimeUnit.SECONDS);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
 
     xdsClient.deliverRdsUpdate("r1",
             Collections.singletonList(createVirtualHost("virtual-host-1")));
@@ -602,12 +601,11 @@ public void run() {
     EnvoyServerProtoData.FilterChain f1 = createFilterChain("filter-chain-1", createRds("r0"));
     EnvoyServerProtoData.FilterChain f2 = createFilterChain("filter-chain-2", createRds("r0"));
 
-    xdsClient.rdsCount = new CountDownLatch(1);
     xdsClient.deliverLdsUpdate(Arrays.asList(f0, f1), f2);
     assertThat(start.isDone()).isFalse();
     assertThat(selectorManager.getSelectorToUpdateSelector()).isNull();
 
-    xdsClient.rdsCount.await(5, TimeUnit.SECONDS);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
     xdsClient.deliverRdsUpdate("r0",
             Collections.singletonList(createVirtualHost("virtual-host-0")));
     start.get(5000, TimeUnit.MILLISECONDS);
@@ -633,9 +631,9 @@ public void run() {
     EnvoyServerProtoData.FilterChain f3 = createFilterChain("filter-chain-3", createRds("r0"));
     EnvoyServerProtoData.FilterChain f4 = createFilterChain("filter-chain-4", createRds("r1"));
     EnvoyServerProtoData.FilterChain f5 = createFilterChain("filter-chain-4", createRds("r1"));
-    xdsClient.rdsCount = new CountDownLatch(1);
+    xdsClient.setExpectedRdsCount(1);
     xdsClient.deliverLdsUpdate(Arrays.asList(f5, f3), f4);
-    xdsClient.rdsCount.await(5, TimeUnit.SECONDS);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
     xdsClient.deliverRdsUpdate("r1",
             Collections.singletonList(createVirtualHost("virtual-host-1")));
     xdsClient.deliverRdsUpdate("r0",
@@ -688,7 +686,7 @@ public void run() {
     EnvoyServerProtoData.FilterChain f0 = createFilterChain("filter-chain-0", hcmVirtual);
     EnvoyServerProtoData.FilterChain f1 = createFilterChain("filter-chain-1", createRds("r0"));
     xdsClient.deliverLdsUpdate(Arrays.asList(f0, f1), null);
-    xdsClient.rdsCount.await();
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
     xdsClient.rdsWatchers.get("r0").onError(Status.CANCELLED);
     start.get(5000, TimeUnit.MILLISECONDS);
     assertThat(selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().size())
@@ -1235,7 +1233,7 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
     VirtualHost virtualHost  = VirtualHost.create(
         "v1", Collections.singletonList("foo.google.com"), Arrays.asList(route),
         ImmutableMap.of("filter-config-name-0", f0Override));
-    xdsClient.rdsCount.await(5, TimeUnit.SECONDS);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
     xdsClient.deliverRdsUpdate("r0", Collections.singletonList(virtualHost));
     start.get(5000, TimeUnit.MILLISECONDS);
     verify(mockServer).start();

From c340f4a2f33812ec723d13bc958d37c991c7d2d4 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 4 Mar 2025 04:32:03 +0000
Subject: [PATCH 201/591] rls: allow maxAge to exceed 5m if staleAge is set
 (#11931)

---
 .../java/io/grpc/rls/RlsProtoConverters.java  |  9 ++-
 .../io/grpc/rls/RlsProtoConvertersTest.java   | 59 +++++++++++++++++++
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/rls/src/main/java/io/grpc/rls/RlsProtoConverters.java b/rls/src/main/java/io/grpc/rls/RlsProtoConverters.java
index cd164f5e2a7..aa5147449c4 100644
--- a/rls/src/main/java/io/grpc/rls/RlsProtoConverters.java
+++ b/rls/src/main/java/io/grpc/rls/RlsProtoConverters.java
@@ -152,10 +152,15 @@ protected RouteLookupConfig doForward(Map<String, ?> json) {
         checkArgument(staleAge == null, "to specify staleAge, must have maxAge");
         maxAge = MAX_AGE_NANOS;
       }
-      if (staleAge == null) {
+      // If staleAge is not set, clamp maxAge to <= 5.
+      if (staleAge == null && maxAge > MAX_AGE_NANOS) {
+        maxAge = MAX_AGE_NANOS;
+      }
+      // Clamp staleAge to <= 5
+      if (staleAge == null || staleAge > MAX_AGE_NANOS) {
         staleAge = MAX_AGE_NANOS;
       }
-      maxAge = Math.min(maxAge, MAX_AGE_NANOS);
+      // Ignore staleAge if greater than maxAge.
       staleAge = Math.min(staleAge, maxAge);
       long cacheSize = orDefault(JsonUtil.getNumberAsLong(json, "cacheSizeBytes"), MAX_CACHE_SIZE);
       checkArgument(cacheSize > 0, "cacheSize must be positive");
diff --git a/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java b/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
index 98b7101fd5e..fc5fdb59f21 100644
--- a/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
@@ -469,6 +469,65 @@ public void convert_jsonRlsConfig_staleAgeGivenWithoutMaxAge() throws IOExceptio
     }
   }
 
+  @Test
+  public void convert_jsonRlsConfig_doNotClampMaxAgeIfStaleAgeIsSet() throws IOException {
+    String jsonStr = "{\n"
+        + "  \"grpcKeybuilders\": [\n"
+        + "    {\n"
+        + "      \"names\": [\n"
+        + "        {\n"
+        + "          \"service\": \"service1\",\n"
+        + "          \"method\": \"create\"\n"
+        + "        }\n"
+        + "      ],\n"
+        + "      \"headers\": [\n"
+        + "        {\n"
+        + "          \"key\": \"user\","
+        + "          \"names\": [\"User\", \"Parent\"],\n"
+        + "          \"optional\": true\n"
+        + "        },\n"
+        + "        {\n"
+        + "          \"key\": \"id\","
+        + "          \"names\": [\"X-Google-Id\"],\n"
+        + "          \"optional\": true\n"
+        + "        }\n"
+        + "      ]\n"
+        + "    }\n"
+        + "  ],\n"
+        + "  \"lookupService\": \"service1\",\n"
+        + "  \"lookupServiceTimeout\": \"2s\",\n"
+        + "  \"maxAge\": \"350s\",\n"
+        + "  \"staleAge\": \"310s\",\n"
+        + "  \"validTargets\": [\"a valid target\"],"
+        + "  \"cacheSizeBytes\": \"1000\",\n"
+        + "  \"defaultTarget\": \"us_east_1.cloudbigtable.googleapis.com\"\n"
+        + "}";
+
+    RouteLookupConfig expectedConfig =
+        RouteLookupConfig.builder()
+            .grpcKeybuilders(ImmutableList.of(
+                GrpcKeyBuilder.create(
+                    ImmutableList.of(Name.create("service1", "create")),
+                    ImmutableList.of(
+                        NameMatcher.create("user", ImmutableList.of("User", "Parent")),
+                        NameMatcher.create("id", ImmutableList.of("X-Google-Id"))),
+                    ExtraKeys.DEFAULT,
+                    ImmutableMap.<String, String>of())))
+            .lookupService("service1")
+            .lookupServiceTimeoutInNanos(TimeUnit.SECONDS.toNanos(2))
+            .maxAgeInNanos(TimeUnit.SECONDS.toNanos(350)) // Should not be clamped
+            .staleAgeInNanos(TimeUnit.SECONDS.toNanos(300)) // Should be clamped to max 300s
+            .cacheSizeBytes(1000)
+            .defaultTarget("us_east_1.cloudbigtable.googleapis.com")
+            .build();
+
+    RouteLookupConfigConverter converter = new RouteLookupConfigConverter();
+    @SuppressWarnings("unchecked")
+    Map<String, ?> parsedJson = (Map<String, ?>) JsonParser.parse(jsonStr);
+    RouteLookupConfig converted = converter.convert(parsedJson);
+    assertThat(converted).isEqualTo(expectedConfig);
+  }
+
   @Test
   public void convert_jsonRlsConfig_keyBuilderWithoutName() throws IOException {
     String jsonStr = "{\n"

From 12197065fec471eccff8f8f83093b91f698acc47 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 6 Mar 2025 08:10:18 +0000
Subject: [PATCH 202/591] xds: xDS-based HTTP CONNECT configuration (#11861)

---
 xds/BUILD.bazel                               |   1 +
 .../java/io/grpc/xds/CdsLoadBalancer2.java    |   4 +-
 .../grpc/xds/ClusterResolverLoadBalancer.java |  46 ++-
 .../ClusterResolverLoadBalancerProvider.java  |   9 +-
 xds/src/main/java/io/grpc/xds/Endpoints.java  |  20 +-
 .../io/grpc/xds/GcpAuthenticationFilter.java  |  12 +-
 .../java/io/grpc/xds/MetadataRegistry.java    |  60 +++-
 .../java/io/grpc/xds/XdsClusterResource.java  | 126 ++++----
 .../java/io/grpc/xds/XdsEndpointResource.java |  74 ++++-
 .../io/grpc/xds/CdsLoadBalancer2Test.java     |  45 +--
 .../xds/ClusterResolverLoadBalancerTest.java  | 305 ++++++++++++------
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 120 ++++++-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   |  16 +-
 .../test/java/io/grpc/xds/XdsTestUtils.java   |   8 +-
 xds/third_party/envoy/import.sh               |   1 +
 .../v3/upstream_http_11_connect.proto         |  38 +++
 16 files changed, 665 insertions(+), 220 deletions(-)
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto

diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index b235a79c526..53fac28b2da 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -85,6 +85,7 @@ java_proto_library(
         "@envoy_api//envoy/extensions/load_balancing_policies/ring_hash/v3:pkg",
         "@envoy_api//envoy/extensions/load_balancing_policies/round_robin/v3:pkg",
         "@envoy_api//envoy/extensions/load_balancing_policies/wrr_locality/v3:pkg",
+        "@envoy_api//envoy/extensions/transport_sockets/http_11_proxy/v3:pkg",
         "@envoy_api//envoy/extensions/transport_sockets/tls/v3:pkg",
         "@envoy_api//envoy/service/discovery/v3:pkg",
         "@envoy_api//envoy/service/load_stats/v3:pkg",
diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
index 04b7663fd35..bb44071a484 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
@@ -243,7 +243,9 @@ private void handleClusterDiscovered() {
       }
 
       ClusterResolverConfig config = new ClusterResolverConfig(
-          Collections.unmodifiableList(instances), configOrError.getConfig());
+          Collections.unmodifiableList(instances),
+          configOrError.getConfig(),
+          root.result.isHttp11ProxyAvailable());
       if (childLb == null) {
         childLb = lbRegistry.getProvider(CLUSTER_RESOLVER_POLICY_NAME).newLoadBalancer(helper);
       }
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index 4e08ddc5973..c92f592ebc8 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -25,6 +25,7 @@
 import com.google.protobuf.Struct;
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
+import io.grpc.HttpConnectProxiedSocketAddress;
 import io.grpc.InternalLogId;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancerProvider;
@@ -59,6 +60,8 @@
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
@@ -430,8 +433,18 @@ public void run() {
                           .set(XdsAttributes.ATTR_SERVER_WEIGHT, weight)
                           .set(XdsAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
                           .build();
-                  EquivalentAddressGroup eag = new EquivalentAddressGroup(
-                      endpoint.eag().getAddresses(), attr);
+
+                  EquivalentAddressGroup eag;
+                  if (config.isHttp11ProxyAvailable()) {
+                    List<SocketAddress> rewrittenAddresses = new ArrayList<>();
+                    for (SocketAddress addr : endpoint.eag().getAddresses()) {
+                      rewrittenAddresses.add(rewriteAddress(
+                          addr, endpoint.endpointMetadata(), localityLbInfo.localityMetadata()));
+                    }
+                    eag = new EquivalentAddressGroup(rewrittenAddresses, attr);
+                  } else {
+                    eag = new EquivalentAddressGroup(endpoint.eag().getAddresses(), attr);
+                  }
                   eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
                   addresses.add(eag);
                 }
@@ -469,6 +482,35 @@ public void run() {
         new EndpointsUpdated().run();
       }
 
+      private SocketAddress rewriteAddress(SocketAddress addr,
+          ImmutableMap<String, Object> endpointMetadata,
+          ImmutableMap<String, Object> localityMetadata) {
+        if (!(addr instanceof InetSocketAddress)) {
+          return addr;
+        }
+
+        SocketAddress proxyAddress;
+        try {
+          proxyAddress = (SocketAddress) endpointMetadata.get(
+              "envoy.http11_proxy_transport_socket.proxy_address");
+          if (proxyAddress == null) {
+            proxyAddress = (SocketAddress) localityMetadata.get(
+                "envoy.http11_proxy_transport_socket.proxy_address");
+          }
+        } catch (ClassCastException e) {
+          return addr;
+        }
+
+        if (proxyAddress == null) {
+          return addr;
+        }
+
+        return HttpConnectProxiedSocketAddress.newBuilder()
+            .setTargetAddress((InetSocketAddress) addr)
+            .setProxyAddress(proxyAddress)
+            .build();
+      }
+
       private List<String> generatePriorityNames(String name,
           Map<Locality, LocalityLbEndpoints> localityLbEndpoints) {
         TreeMap<Integer, List<Locality>> todo = new TreeMap<>();
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
index 2301cb670e0..b5dcb271368 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
@@ -74,10 +74,17 @@ static final class ClusterResolverConfig {
     final List<DiscoveryMechanism> discoveryMechanisms;
     // GracefulSwitch configuration
     final Object lbConfig;
+    private final boolean isHttp11ProxyAvailable;
 
-    ClusterResolverConfig(List<DiscoveryMechanism> discoveryMechanisms, Object lbConfig) {
+    ClusterResolverConfig(List<DiscoveryMechanism> discoveryMechanisms, Object lbConfig,
+        boolean isHttp11ProxyAvailable) {
       this.discoveryMechanisms = checkNotNull(discoveryMechanisms, "discoveryMechanisms");
       this.lbConfig = checkNotNull(lbConfig, "lbConfig");
+      this.isHttp11ProxyAvailable = isHttp11ProxyAvailable;
+    }
+
+    boolean isHttp11ProxyAvailable() {
+      return isHttp11ProxyAvailable;
     }
 
     @Override
diff --git a/xds/src/main/java/io/grpc/xds/Endpoints.java b/xds/src/main/java/io/grpc/xds/Endpoints.java
index 7d7aa3e386d..b0d97d42c11 100644
--- a/xds/src/main/java/io/grpc/xds/Endpoints.java
+++ b/xds/src/main/java/io/grpc/xds/Endpoints.java
@@ -21,6 +21,7 @@
 import com.google.auto.value.AutoValue;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import io.grpc.EquivalentAddressGroup;
 import java.net.InetSocketAddress;
 import java.util.List;
@@ -41,11 +42,13 @@ abstract static class LocalityLbEndpoints {
     // Locality's priority level.
     abstract int priority();
 
+    abstract ImmutableMap<String, Object> localityMetadata();
+
     static LocalityLbEndpoints create(List<LbEndpoint> endpoints, int localityWeight,
-        int priority) {
+        int priority, ImmutableMap<String, Object> localityMetadata) {
       checkArgument(localityWeight > 0, "localityWeight must be greater than 0");
       return new AutoValue_Endpoints_LocalityLbEndpoints(
-          ImmutableList.copyOf(endpoints), localityWeight, priority);
+          ImmutableList.copyOf(endpoints), localityWeight, priority, localityMetadata);
     }
   }
 
@@ -63,17 +66,20 @@ abstract static class LbEndpoint {
 
     abstract String hostname();
 
+    abstract ImmutableMap<String, Object> endpointMetadata();
+
     static LbEndpoint create(EquivalentAddressGroup eag, int loadBalancingWeight,
-        boolean isHealthy, String hostname) {
-      return new AutoValue_Endpoints_LbEndpoint(eag, loadBalancingWeight, isHealthy, hostname);
+        boolean isHealthy, String hostname, ImmutableMap<String, Object> endpointMetadata) {
+      return new AutoValue_Endpoints_LbEndpoint(
+          eag, loadBalancingWeight, isHealthy, hostname, endpointMetadata);
     }
 
     // Only for testing.
     @VisibleForTesting
-    static LbEndpoint create(
-        String address, int port, int loadBalancingWeight, boolean isHealthy, String hostname) {
+    static LbEndpoint create(String address, int port, int loadBalancingWeight, boolean isHealthy,
+        String hostname, ImmutableMap<String, Object> endpointMetadata) {
       return LbEndpoint.create(new EquivalentAddressGroup(new InetSocketAddress(address, port)),
-          loadBalancingWeight, isHealthy, hostname);
+          loadBalancingWeight, isHealthy, hostname, endpointMetadata);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index 7ed617c9843..41687817c47 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -36,6 +36,7 @@
 import io.grpc.Status;
 import io.grpc.auth.MoreCallCredentials;
 import io.grpc.xds.MetadataRegistry.MetadataValueParser;
+import io.grpc.xds.client.XdsResourceType.ResourceInvalidException;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.concurrent.ScheduledExecutorService;
@@ -240,11 +241,16 @@ public String getTypeUrl() {
     }
 
     @Override
-    public String parse(Any any) throws InvalidProtocolBufferException {
-      Audience audience = any.unpack(Audience.class);
+    public String parse(Any any) throws ResourceInvalidException {
+      Audience audience;
+      try {
+        audience = any.unpack(Audience.class);
+      } catch (InvalidProtocolBufferException ex) {
+        throw new ResourceInvalidException("Invalid Resource in address proto", ex);
+      }
       String url = audience.getUrl();
       if (url.isEmpty()) {
-        throw new InvalidProtocolBufferException(
+        throw new ResourceInvalidException(
             "Audience URL is empty. Metadata value must contain a valid URL.");
       }
       return url;
diff --git a/xds/src/main/java/io/grpc/xds/MetadataRegistry.java b/xds/src/main/java/io/grpc/xds/MetadataRegistry.java
index 8243b6a6f0f..b79a61a261a 100644
--- a/xds/src/main/java/io/grpc/xds/MetadataRegistry.java
+++ b/xds/src/main/java/io/grpc/xds/MetadataRegistry.java
@@ -17,9 +17,14 @@
 package io.grpc.xds;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableMap;
 import com.google.protobuf.Any;
-import com.google.protobuf.InvalidProtocolBufferException;
+import com.google.protobuf.Struct;
+import io.envoyproxy.envoy.config.core.v3.Metadata;
 import io.grpc.xds.GcpAuthenticationFilter.AudienceMetadataParser;
+import io.grpc.xds.XdsEndpointResource.AddressMetadataParser;
+import io.grpc.xds.client.XdsResourceType.ResourceInvalidException;
+import io.grpc.xds.internal.ProtobufJsonConverter;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -36,6 +41,7 @@ final class MetadataRegistry {
 
   private MetadataRegistry() {
     registerParser(new AudienceMetadataParser());
+    registerParser(new AddressMetadataParser());
   }
 
   static MetadataRegistry getInstance() {
@@ -55,6 +61,54 @@ void removeParser(MetadataValueParser parser) {
     supportedParsers.remove(parser.getTypeUrl());
   }
 
+  /**
+   * Parses cluster metadata into a structured map.
+   *
+   * <p>Values in {@code typed_filter_metadata} take precedence over
+   * {@code filter_metadata} when keys overlap, following Envoy API behavior. See
+   * <a href="https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/core/v3/base.proto#L217-L259">
+   *   Envoy metadata documentation </a> for details.
+   *
+   * @param metadata the {@link Metadata} containing the fields to parse.
+   * @return an immutable map of parsed metadata.
+   * @throws ResourceInvalidException if parsing {@code typed_filter_metadata} fails.
+   */
+  public ImmutableMap<String, Object> parseMetadata(Metadata metadata)
+      throws ResourceInvalidException {
+    ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
+
+    // Process typed_filter_metadata
+    for (Map.Entry<String, Any> entry : metadata.getTypedFilterMetadataMap().entrySet()) {
+      String key = entry.getKey();
+      Any value = entry.getValue();
+      MetadataValueParser parser = findParser(value.getTypeUrl());
+      if (parser != null) {
+        try {
+          Object parsedValue = parser.parse(value);
+          parsedMetadata.put(key, parsedValue);
+        } catch (ResourceInvalidException e) {
+          throw new ResourceInvalidException(
+              String.format("Failed to parse metadata key: %s, type: %s. Error: %s",
+                  key, value.getTypeUrl(), e.getMessage()), e);
+        }
+      }
+    }
+    // building once to reuse in the next loop
+    ImmutableMap<String, Object> intermediateParsedMetadata = parsedMetadata.build();
+
+    // Process filter_metadata for remaining keys
+    for (Map.Entry<String, Struct> entry : metadata.getFilterMetadataMap().entrySet()) {
+      String key = entry.getKey();
+      if (!intermediateParsedMetadata.containsKey(key)) {
+        Struct structValue = entry.getValue();
+        Object jsonValue = ProtobufJsonConverter.convertToJson(structValue);
+        parsedMetadata.put(key, jsonValue);
+      }
+    }
+
+    return parsedMetadata.build();
+  }
+
   interface MetadataValueParser {
 
     String getTypeUrl();
@@ -64,8 +118,8 @@ interface MetadataValueParser {
      *
      * @param any the {@link Any} object to parse.
      * @return the parsed metadata value.
-     * @throws InvalidProtocolBufferException if the parsing fails.
+     * @throws ResourceInvalidException if the parsing fails.
      */
-    Object parse(Any any) throws InvalidProtocolBufferException;
+    Object parse(Any any) throws ResourceInvalidException;
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index 626d61c1f55..cfc74f3ca70 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -25,7 +25,6 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.protobuf.Any;
 import com.google.protobuf.Duration;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
@@ -33,10 +32,11 @@
 import com.google.protobuf.util.Durations;
 import io.envoyproxy.envoy.config.cluster.v3.CircuitBreakers.Thresholds;
 import io.envoyproxy.envoy.config.cluster.v3.Cluster;
-import io.envoyproxy.envoy.config.core.v3.Metadata;
 import io.envoyproxy.envoy.config.core.v3.RoutingPriority;
 import io.envoyproxy.envoy.config.core.v3.SocketAddress;
+import io.envoyproxy.envoy.config.core.v3.TransportSocket;
 import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
+import io.envoyproxy.envoy.extensions.transport_sockets.http_11_proxy.v3.Http11ProxyUpstreamTransport;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.LoadBalancerRegistry;
@@ -46,15 +46,12 @@
 import io.grpc.internal.ServiceConfigUtil.LbConfig;
 import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
-import io.grpc.xds.MetadataRegistry.MetadataValueParser;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.client.XdsClient.ResourceUpdate;
 import io.grpc.xds.client.XdsResourceType;
-import io.grpc.xds.internal.ProtobufJsonConverter;
 import io.grpc.xds.internal.security.CommonTlsContextUtil;
 import java.util.List;
 import java.util.Locale;
-import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nullable;
 
@@ -67,6 +64,8 @@ class XdsClusterResource extends XdsResourceType<CdsUpdate> {
   @VisibleForTesting
   public static boolean enableSystemRootCerts =
       GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS", false);
+  static boolean isEnabledXdsHttpConnect =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_HTTP_CONNECT", false);
 
   @VisibleForTesting
   static final String AGGREGATE_CLUSTER_TYPE_NAME = "envoy.clusters.aggregate";
@@ -78,6 +77,9 @@ class XdsClusterResource extends XdsResourceType<CdsUpdate> {
       "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext";
   private static final String TYPE_URL_UPSTREAM_TLS_CONTEXT_V2 =
       "type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext";
+  static final String TRANSPORT_SOCKET_NAME_HTTP11_PROXY =
+      "type.googleapis.com/envoy.extensions.transport_sockets.http_11_proxy.v3"
+          + ".Http11ProxyUpstreamTransport";
   private final LoadBalancerRegistry loadBalancerRegistry
       = LoadBalancerRegistry.getDefaultRegistry();
 
@@ -177,10 +179,11 @@ static CdsUpdate processCluster(Cluster cluster,
         ImmutableMap.copyOf(cluster.getMetadata().getFilterMetadataMap()));
 
     try {
+      MetadataRegistry registry = MetadataRegistry.getInstance();
       ImmutableMap<String, Object> parsedFilterMetadata =
-          parseClusterMetadata(cluster.getMetadata());
+          registry.parseMetadata(cluster.getMetadata());
       updateBuilder.parsedMetadata(parsedFilterMetadata);
-    } catch (InvalidProtocolBufferException e) {
+    } catch (ResourceInvalidException e) {
       throw new ResourceInvalidException(
           "Failed to parse xDS filter metadata for cluster '" + cluster.getName() + "': "
               + e.getMessage(), e);
@@ -189,49 +192,6 @@ static CdsUpdate processCluster(Cluster cluster,
     return updateBuilder.build();
   }
 
-  /**
-   * Parses cluster metadata into a structured map.
-   *
-   * <p>Values in {@code typed_filter_metadata} take precedence over
-   * {@code filter_metadata} when keys overlap, following Envoy API behavior. See
-   * <a href="https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/core/v3/base.proto#L217-L259">
-   *   Envoy metadata documentation </a> for details.
-   *
-   * @param metadata the {@link Metadata} containing the fields to parse.
-   * @return an immutable map of parsed metadata.
-   * @throws InvalidProtocolBufferException if parsing {@code typed_filter_metadata} fails.
-   */
-  private static ImmutableMap<String, Object> parseClusterMetadata(Metadata metadata)
-      throws InvalidProtocolBufferException {
-    ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
-
-    MetadataRegistry registry = MetadataRegistry.getInstance();
-    // Process typed_filter_metadata
-    for (Map.Entry<String, Any> entry : metadata.getTypedFilterMetadataMap().entrySet()) {
-      String key = entry.getKey();
-      Any value = entry.getValue();
-      MetadataValueParser parser = registry.findParser(value.getTypeUrl());
-      if (parser != null) {
-        Object parsedValue = parser.parse(value);
-        parsedMetadata.put(key, parsedValue);
-      }
-    }
-    // building once to reuse in the next loop
-    ImmutableMap<String, Object> intermediateParsedMetadata = parsedMetadata.build();
-
-    // Process filter_metadata for remaining keys
-    for (Map.Entry<String, Struct> entry : metadata.getFilterMetadataMap().entrySet()) {
-      String key = entry.getKey();
-      if (!intermediateParsedMetadata.containsKey(key)) {
-        Struct structValue = entry.getValue();
-        Object jsonValue = ProtobufJsonConverter.convertToJson(structValue);
-        parsedMetadata.put(key, jsonValue);
-      }
-    }
-
-    return parsedMetadata.build();
-  }
-
   private static StructOrError<CdsUpdate.Builder> parseAggregateCluster(Cluster cluster) {
     String clusterName = cluster.getName();
     Cluster.CustomClusterType customType = cluster.getClusterType();
@@ -259,6 +219,7 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
     Long maxConcurrentRequests = null;
     UpstreamTlsContext upstreamTlsContext = null;
     OutlierDetection outlierDetection = null;
+    boolean isHttp11ProxyAvailable = false;
     if (cluster.hasLrsServer()) {
       if (!cluster.getLrsServer().hasSelf()) {
         return StructOrError.fromError(
@@ -281,17 +242,43 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
       return StructOrError.fromError("Cluster " + clusterName
           + ": transport-socket-matches not supported.");
     }
-    if (cluster.hasTransportSocket()) {
-      if (!TRANSPORT_SOCKET_NAME_TLS.equals(cluster.getTransportSocket().getName())) {
-        return StructOrError.fromError("transport-socket with name "
-            + cluster.getTransportSocket().getName() + " not supported.");
+    boolean hasTransportSocket = cluster.hasTransportSocket();
+    TransportSocket transportSocket = cluster.getTransportSocket();
+
+    if (hasTransportSocket && !TRANSPORT_SOCKET_NAME_TLS.equals(transportSocket.getName())
+        && !(isEnabledXdsHttpConnect
+        && TRANSPORT_SOCKET_NAME_HTTP11_PROXY.equals(transportSocket.getName()))) {
+      return StructOrError.fromError(
+          "transport-socket with name " + transportSocket.getName() + " not supported.");
+    }
+
+    if (hasTransportSocket && isEnabledXdsHttpConnect
+        && TRANSPORT_SOCKET_NAME_HTTP11_PROXY.equals(transportSocket.getName())) {
+      isHttp11ProxyAvailable = true;
+      try {
+        Http11ProxyUpstreamTransport wrappedTransportSocket = transportSocket
+            .getTypedConfig().unpack(io.envoyproxy.envoy.extensions.transport_sockets
+                .http_11_proxy.v3.Http11ProxyUpstreamTransport.class);
+        hasTransportSocket = wrappedTransportSocket.hasTransportSocket();
+        transportSocket = wrappedTransportSocket.getTransportSocket();
+      } catch (InvalidProtocolBufferException e) {
+        return StructOrError.fromError(
+            "Cluster " + clusterName + ": malformed Http11ProxyUpstreamTransport: " + e);
+      } catch (ClassCastException e) {
+        return StructOrError.fromError(
+            "Cluster " + clusterName
+                + ": invalid transport_socket type in Http11ProxyUpstreamTransport");
       }
+    }
+
+    if (hasTransportSocket && TRANSPORT_SOCKET_NAME_TLS.equals(transportSocket.getName())) {
       try {
         upstreamTlsContext = UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
             validateUpstreamTlsContext(
-                unpackCompatibleType(cluster.getTransportSocket().getTypedConfig(),
-                io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext.class,
-                TYPE_URL_UPSTREAM_TLS_CONTEXT, TYPE_URL_UPSTREAM_TLS_CONTEXT_V2),
+                unpackCompatibleType(transportSocket.getTypedConfig(),
+                    io.envoyproxy.envoy.extensions
+                        .transport_sockets.tls.v3.UpstreamTlsContext.class,
+                    TYPE_URL_UPSTREAM_TLS_CONTEXT, TYPE_URL_UPSTREAM_TLS_CONTEXT_V2),
                 certProviderInstances));
       } catch (InvalidProtocolBufferException | ResourceInvalidException e) {
         return StructOrError.fromError(
@@ -329,9 +316,10 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
         return StructOrError.fromError(
             "EDS service_name must be set when Cluster resource has an xdstp name");
       }
+
       return StructOrError.fromStruct(CdsUpdate.forEds(
           clusterName, edsServiceName, lrsServerInfo, maxConcurrentRequests, upstreamTlsContext,
-          outlierDetection));
+          outlierDetection, isHttp11ProxyAvailable));
     } else if (type.equals(Cluster.DiscoveryType.LOGICAL_DNS)) {
       if (!cluster.hasLoadAssignment()) {
         return StructOrError.fromError(
@@ -366,7 +354,8 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
       String dnsHostName = String.format(
           Locale.US, "%s:%d", socketAddress.getAddress(), socketAddress.getPortValue());
       return StructOrError.fromStruct(CdsUpdate.forLogicalDns(
-          clusterName, dnsHostName, lrsServerInfo, maxConcurrentRequests, upstreamTlsContext));
+          clusterName, dnsHostName, lrsServerInfo, maxConcurrentRequests,
+          upstreamTlsContext, isHttp11ProxyAvailable));
     }
     return StructOrError.fromError(
         "Cluster " + clusterName + ": unsupported built-in discovery type: " + type);
@@ -620,6 +609,8 @@ abstract static class CdsUpdate implements ResourceUpdate {
     @Nullable
     abstract UpstreamTlsContext upstreamTlsContext();
 
+    abstract boolean isHttp11ProxyAvailable();
+
     // List of underlying clusters making of this aggregate cluster.
     // Only valid for AGGREGATE cluster.
     @Nullable
@@ -640,7 +631,8 @@ private static Builder newBuilder(String clusterName) {
           .maxRingSize(0)
           .choiceCount(0)
           .filterMetadata(ImmutableMap.of())
-          .parsedMetadata(ImmutableMap.of());
+          .parsedMetadata(ImmutableMap.of())
+          .isHttp11ProxyAvailable(false);
     }
 
     static Builder forAggregate(String clusterName, List<String> prioritizedClusterNames) {
@@ -653,26 +645,30 @@ static Builder forAggregate(String clusterName, List<String> prioritizedClusterN
     static Builder forEds(String clusterName, @Nullable String edsServiceName,
                           @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
                           @Nullable UpstreamTlsContext upstreamTlsContext,
-                          @Nullable OutlierDetection outlierDetection) {
+                          @Nullable OutlierDetection outlierDetection,
+                          boolean isHttp11ProxyAvailable) {
       return newBuilder(clusterName)
           .clusterType(ClusterType.EDS)
           .edsServiceName(edsServiceName)
           .lrsServerInfo(lrsServerInfo)
           .maxConcurrentRequests(maxConcurrentRequests)
           .upstreamTlsContext(upstreamTlsContext)
-          .outlierDetection(outlierDetection);
+          .outlierDetection(outlierDetection)
+          .isHttp11ProxyAvailable(isHttp11ProxyAvailable);
     }
 
     static Builder forLogicalDns(String clusterName, String dnsHostName,
                                  @Nullable ServerInfo lrsServerInfo,
                                  @Nullable Long maxConcurrentRequests,
-                                 @Nullable UpstreamTlsContext upstreamTlsContext) {
+                                 @Nullable UpstreamTlsContext upstreamTlsContext,
+                                 boolean isHttp11ProxyAvailable) {
       return newBuilder(clusterName)
           .clusterType(ClusterType.LOGICAL_DNS)
           .dnsHostName(dnsHostName)
           .lrsServerInfo(lrsServerInfo)
           .maxConcurrentRequests(maxConcurrentRequests)
-          .upstreamTlsContext(upstreamTlsContext);
+          .upstreamTlsContext(upstreamTlsContext)
+          .isHttp11ProxyAvailable(isHttp11ProxyAvailable);
     }
 
     enum ClusterType {
@@ -749,6 +745,8 @@ Builder leastRequestLbPolicy(Integer choiceCount) {
       // Private, use one of the static factory methods instead.
       protected abstract Builder maxConcurrentRequests(Long maxConcurrentRequests);
 
+      protected abstract Builder isHttp11ProxyAvailable(boolean isHttp11ProxyAvailable);
+
       // Private, use one of the static factory methods instead.
       protected abstract Builder upstreamTlsContext(UpstreamTlsContext upstreamTlsContext);
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java b/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
index 6a3cd35bd59..11111fa51ca 100644
--- a/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
@@ -20,9 +20,14 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.net.InetAddresses;
+import com.google.protobuf.Any;
+import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
 import io.envoyproxy.envoy.config.core.v3.Address;
 import io.envoyproxy.envoy.config.core.v3.HealthStatus;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress;
 import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
 import io.envoyproxy.envoy.config.endpoint.v3.Endpoint;
 import io.envoyproxy.envoy.type.v3.FractionalPercent;
@@ -30,6 +35,7 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.xds.Endpoints.DropOverload;
 import io.grpc.xds.Endpoints.LocalityLbEndpoints;
+import io.grpc.xds.MetadataRegistry.MetadataValueParser;
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsClient.ResourceUpdate;
@@ -185,7 +191,8 @@ private static int getRatePerMillion(FractionalPercent percent) {
   @VisibleForTesting
   @Nullable
   static StructOrError<LocalityLbEndpoints> parseLocalityLbEndpoints(
-      io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints proto) {
+      io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints proto)
+      throws ResourceInvalidException {
     // Filter out localities without or with 0 weight.
     if (!proto.hasLoadBalancingWeight() || proto.getLoadBalancingWeight().getValue() < 1) {
       return null;
@@ -193,6 +200,15 @@ static StructOrError<LocalityLbEndpoints> parseLocalityLbEndpoints(
     if (proto.getPriority() < 0) {
       return StructOrError.fromError("negative priority");
     }
+
+    ImmutableMap<String, Object> localityMetadata;
+    MetadataRegistry registry = MetadataRegistry.getInstance();
+    try {
+      localityMetadata = registry.parseMetadata(proto.getMetadata());
+    } catch (ResourceInvalidException e) {
+      throw new ResourceInvalidException("Failed to parse Locality Endpoint metadata: "
+          + e.getMessage(), e);
+    }
     List<Endpoints.LbEndpoint> endpoints = new ArrayList<>(proto.getLbEndpointsCount());
     for (io.envoyproxy.envoy.config.endpoint.v3.LbEndpoint endpoint : proto.getLbEndpointsList()) {
       // The endpoint field of each lb_endpoints must be set.
@@ -200,6 +216,13 @@ static StructOrError<LocalityLbEndpoints> parseLocalityLbEndpoints(
       if (!endpoint.hasEndpoint() || !endpoint.getEndpoint().hasAddress()) {
         return StructOrError.fromError("LbEndpoint with no endpoint/address");
       }
+      ImmutableMap<String, Object> endpointMetadata;
+      try {
+        endpointMetadata = registry.parseMetadata(endpoint.getMetadata());
+      } catch (ResourceInvalidException e) {
+        throw new ResourceInvalidException("Failed to parse Endpoint metadata: "
+            + e.getMessage(), e);
+      }
       List<java.net.SocketAddress> addresses = new ArrayList<>();
       addresses.add(getInetSocketAddress(endpoint.getEndpoint().getAddress()));
 
@@ -214,10 +237,12 @@ static StructOrError<LocalityLbEndpoints> parseLocalityLbEndpoints(
       endpoints.add(Endpoints.LbEndpoint.create(
           new EquivalentAddressGroup(addresses),
           endpoint.getLoadBalancingWeight().getValue(), isHealthy,
-          endpoint.getEndpoint().getHostname()));
+          endpoint.getEndpoint().getHostname(),
+          endpointMetadata));
     }
     return StructOrError.fromStruct(Endpoints.LocalityLbEndpoints.create(
-        endpoints, proto.getLoadBalancingWeight().getValue(), proto.getPriority()));
+        endpoints, proto.getLoadBalancingWeight().getValue(),
+        proto.getPriority(), localityMetadata));
   }
 
   private static InetSocketAddress getInetSocketAddress(Address address) {
@@ -270,4 +295,47 @@ public String toString() {
               .toString();
     }
   }
+
+  public static class AddressMetadataParser implements MetadataValueParser {
+
+    @Override
+    public String getTypeUrl() {
+      return "type.googleapis.com/envoy.config.core.v3.Address";
+    }
+
+    @Override
+    public java.net.SocketAddress parse(Any any) throws ResourceInvalidException {
+      SocketAddress socketAddress;
+      try {
+        socketAddress = any.unpack(Address.class).getSocketAddress();
+      } catch (InvalidProtocolBufferException ex) {
+        throw new ResourceInvalidException("Invalid Resource in address proto", ex);
+      }
+      validateAddress(socketAddress);
+
+      String ip = socketAddress.getAddress();
+      int port = socketAddress.getPortValue();
+
+      try {
+        return new InetSocketAddress(InetAddresses.forString(ip), port);
+      } catch (IllegalArgumentException e) {
+        throw createException("Invalid IP address or port: " + ip + ":" + port);
+      }
+    }
+
+    private void validateAddress(SocketAddress socketAddress) throws ResourceInvalidException {
+      if (socketAddress.getAddress().isEmpty()) {
+        throw createException("Address field is empty or invalid.");
+      }
+      long port = Integer.toUnsignedLong(socketAddress.getPortValue());
+      if (port > 65535) {
+        throw createException(String.format("Port value %d out of range 1-65535.", port));
+      }
+    }
+
+    private ResourceInvalidException createException(String message) {
+      return new ResourceInvalidException(
+          "Failed to parse envoy.config.core.v3.Address: " + message);
+    }
+  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index 82a61e79abf..479bde76ce5 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -179,7 +179,7 @@ public void tearDown() {
   public void discoverTopLevelEdsCluster() {
     CdsUpdate update =
         CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext,
-                outlierDetection)
+                outlierDetection, false)
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     assertThat(childBalancers).hasSize(1);
@@ -198,7 +198,8 @@ public void discoverTopLevelEdsCluster() {
   @Test
   public void discoverTopLevelLogicalDnsCluster() {
     CdsUpdate update =
-        CdsUpdate.forLogicalDns(CLUSTER, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext)
+        CdsUpdate.forLogicalDns(CLUSTER, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext,
+                false)
             .leastRequestLbPolicy(3).build();
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     assertThat(childBalancers).hasSize(1);
@@ -232,7 +233,7 @@ public void nonAggregateCluster_resourceNotExist_returnErrorPicker() {
   @Test
   public void nonAggregateCluster_resourceUpdate() {
     CdsUpdate update =
-        CdsUpdate.forEds(CLUSTER, null, null, 100L, upstreamTlsContext, outlierDetection)
+        CdsUpdate.forEds(CLUSTER, null, null, 100L, upstreamTlsContext, outlierDetection, false)
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     assertThat(childBalancers).hasSize(1);
@@ -243,7 +244,7 @@ public void nonAggregateCluster_resourceUpdate() {
         100L, upstreamTlsContext, outlierDetection);
 
     update = CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 200L, null,
-        outlierDetection).roundRobinLbPolicy().build();
+        outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     childLbConfig = (ClusterResolverConfig) childBalancer.config;
     instance = Iterables.getOnlyElement(childLbConfig.discoveryMechanisms);
@@ -254,7 +255,8 @@ public void nonAggregateCluster_resourceUpdate() {
   @Test
   public void nonAggregateCluster_resourceRevoked() {
     CdsUpdate update =
-        CdsUpdate.forLogicalDns(CLUSTER, DNS_HOST_NAME, null, 100L, upstreamTlsContext)
+        CdsUpdate.forLogicalDns(CLUSTER, DNS_HOST_NAME, null, 100L, upstreamTlsContext,
+                false)
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     assertThat(childBalancers).hasSize(1);
@@ -298,16 +300,16 @@ public void discoverAggregateCluster() {
         CLUSTER, cluster1, cluster2, cluster3, cluster4);
     assertThat(childBalancers).isEmpty();
     CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection).roundRobinLbPolicy().build();
+        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster3, update3);
     assertThat(childBalancers).isEmpty();
     CdsUpdate update2 =
-        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, null, 100L, null)
+        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, null, 100L, null, false)
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster2, update2);
     assertThat(childBalancers).isEmpty();
     CdsUpdate update4 =
-        CdsUpdate.forEds(cluster4, null, LRS_SERVER_INFO, 300L, null, outlierDetection)
+        CdsUpdate.forEds(cluster4, null, LRS_SERVER_INFO, 300L, null, outlierDetection, false)
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster4, update4);
     assertThat(childBalancers).hasSize(1);  // all non-aggregate clusters discovered
@@ -362,10 +364,11 @@ public void aggregateCluster_descendantClustersRevoked() {
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2);
     CdsUpdate update1 = CdsUpdate.forEds(cluster1, EDS_SERVICE_NAME, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection).roundRobinLbPolicy().build();
+        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster1, update1);
     CdsUpdate update2 =
-        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null)
+        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null,
+                false)
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster2, update2);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
@@ -412,10 +415,11 @@ public void aggregateCluster_rootClusterRevoked() {
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2);
     CdsUpdate update1 = CdsUpdate.forEds(cluster1, EDS_SERVICE_NAME, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection).roundRobinLbPolicy().build();
+        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster1, update1);
     CdsUpdate update2 =
-        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null)
+        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null,
+                false)
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster2, update2);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
@@ -467,7 +471,7 @@ public void aggregateCluster_intermediateClusterChanges() {
     xdsClient.deliverCdsUpdate(cluster2, update2);
     assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster2, cluster3);
     CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection).roundRobinLbPolicy().build();
+        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster3, update3);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
@@ -518,7 +522,7 @@ public void aggregateCluster_withLoops() {
 
     reset(helper);
     CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection).roundRobinLbPolicy().build();
+        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster3, update3);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
@@ -553,7 +557,7 @@ public void aggregateCluster_withLoops_afterEds() {
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster2, update2);
     CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection).roundRobinLbPolicy().build();
+        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster3, update3);
 
     // cluster2 (aggr.) -> [cluster3 (EDS)]
@@ -602,7 +606,7 @@ public void aggregateCluster_duplicateChildren() {
 
     // Define EDS cluster
     CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection).roundRobinLbPolicy().build();
+        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster3, update3);
 
     // cluster4 (agg) -> [cluster3 (EDS)] with dups (3 copies)
@@ -649,7 +653,8 @@ public void aggregateCluster_discoveryErrorAfterChildLbCreated_propagateToChildL
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     CdsUpdate update1 =
-        CdsUpdate.forLogicalDns(cluster1, DNS_HOST_NAME, LRS_SERVER_INFO, 200L, null)
+        CdsUpdate.forLogicalDns(cluster1, DNS_HOST_NAME, LRS_SERVER_INFO, 200L, null,
+                false)
             .roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(cluster1, update1);
     FakeLoadBalancer childLb = Iterables.getOnlyElement(childBalancers);
@@ -676,7 +681,7 @@ public void handleNameResolutionErrorFromUpstream_beforeChildLbCreated_returnErr
   @Test
   public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThrough() {
     CdsUpdate update = CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection).roundRobinLbPolicy().build();
+        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
     xdsClient.deliverCdsUpdate(CLUSTER, update);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.shutdown).isFalse();
@@ -692,7 +697,7 @@ public void unknownLbProvider() {
     try {
       xdsClient.deliverCdsUpdate(CLUSTER,
           CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext,
-                  outlierDetection)
+                  outlierDetection, false)
               .lbPolicyConfig(ImmutableMap.of("unknownLb", ImmutableMap.of("foo", "bar"))).build());
     } catch (Exception e) {
       assertThat(e).hasMessageThat().contains("unknownLb");
@@ -706,7 +711,7 @@ public void invalidLbConfig() {
     try {
       xdsClient.deliverCdsUpdate(CLUSTER,
           CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext,
-                  outlierDetection).lbPolicyConfig(
+                  outlierDetection, false).lbPolicyConfig(
                   ImmutableMap.of("ring_hash_experimental", ImmutableMap.of("minRingSize", "-1")))
               .build());
     } catch (Exception e) {
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 28898c0930f..d0176d7aa38 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -36,6 +36,7 @@
 import io.grpc.ChannelLogger;
 import io.grpc.ConnectivityState;
 import io.grpc.EquivalentAddressGroup;
+import io.grpc.HttpConnectProxiedSocketAddress;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.Helper;
@@ -83,6 +84,7 @@
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
+import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -240,7 +242,7 @@ public void tearDown() {
   @Test
   public void edsClustersWithRingHashEndpointLbPolicy() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanism1), ringHash);
+        Collections.singletonList(edsDiscoveryMechanism1), ringHash, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -252,14 +254,18 @@ public void edsClustersWithRingHashEndpointLbPolicy() {
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint1, 0 /* loadBalancingWeight */, true, "hostname1"),
-                LbEndpoint.create(endpoint2, 0 /* loadBalancingWeight */, true, "hostname2")),
-            10 /* localityWeight */, 1 /* priority */);
+                LbEndpoint.create(endpoint1, 0 /* loadBalancingWeight */,
+                    true, "hostname1", ImmutableMap.of()),
+                LbEndpoint.create(endpoint2, 0 /* loadBalancingWeight */,
+                    true, "hostname2", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
             Collections.singletonList(
-                LbEndpoint.create(endpoint3, 60 /* loadBalancingWeight */, true, "hostname3")),
-            50 /* localityWeight */, 1 /* priority */);
+                LbEndpoint.create(
+                    endpoint3, 60 /* loadBalancingWeight */, true,
+                    "hostname3", ImmutableMap.of())),
+            50 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
         ImmutableMap.of(locality1, localityLbEndpoints1, locality2, localityLbEndpoints2));
@@ -302,7 +308,7 @@ public void edsClustersWithRingHashEndpointLbPolicy() {
   @Test
   public void edsClustersWithLeastRequestEndpointLbPolicy() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanism1), leastRequest);
+        Collections.singletonList(edsDiscoveryMechanism1), leastRequest, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -312,8 +318,9 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true, "hostname1")),
-            100 /* localityWeight */, 1 /* priority */);
+                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
+                    "hostname1", ImmutableMap.of())),
+            100 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
         ImmutableMap.of(locality1, localityLbEndpoints));
@@ -348,7 +355,7 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
   @Test
   public void edsClustersEndpointHostname_addedToAddressAttribute() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection), leastRequest);
+        Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection), leastRequest, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -358,8 +365,9 @@ public void edsClustersEndpointHostname_addedToAddressAttribute() {
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true, "hostname1")),
-            100 /* localityWeight */, 1 /* priority */);
+                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
+                    "hostname1", ImmutableMap.of())),
+            100 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
         ImmutableMap.of(locality1, localityLbEndpoints));
@@ -371,11 +379,104 @@ public void edsClustersEndpointHostname_addedToAddressAttribute() {
             .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo("hostname1");
   }
 
+  @Test
+  public void endpointAddressRewritten_whenProxyMetadataIsInEndpointMetadata() {
+    ClusterResolverConfig config = new ClusterResolverConfig(
+        Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection), leastRequest, true);
+    deliverLbConfig(config);
+    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
+    assertThat(childBalancers).isEmpty();
+
+    EquivalentAddressGroup endpoint =
+        new EquivalentAddressGroup(InetSocketAddress.createUnresolved("127.0.0.1", 8080));
+
+    // Proxy address in endpointMetadata (use FakeSocketAddress directly)
+    SocketAddress proxyAddress = new FakeSocketAddress("127.0.0.2");
+    ImmutableMap<String, Object> endpointMetadata =
+        ImmutableMap.of("envoy.http11_proxy_transport_socket.proxy_address", proxyAddress);
+
+    // No proxy in locality metadata
+    ImmutableMap<String, Object> localityMetadata = ImmutableMap.of();
+
+    LocalityLbEndpoints localityLbEndpoints = LocalityLbEndpoints.create(
+        Arrays.asList(
+            LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
+                "hostname1", endpointMetadata)),
+        100 /* localityWeight */, 1 /* priority */, localityMetadata);
+
+    xdsClient.deliverClusterLoadAssignment(
+        EDS_SERVICE_NAME1,
+        ImmutableMap.of(locality1, localityLbEndpoints));
+
+    assertThat(childBalancers).hasSize(1);
+    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
+
+    // Get the rewritten address
+    SocketAddress rewrittenAddress =
+        childBalancer.addresses.get(0).getAddresses().get(0);
+    assertThat(rewrittenAddress).isInstanceOf(HttpConnectProxiedSocketAddress.class);
+    HttpConnectProxiedSocketAddress proxiedSocket =
+        (HttpConnectProxiedSocketAddress) rewrittenAddress;
+
+    // Assert that the target address is the original address
+    assertThat(proxiedSocket.getTargetAddress())
+        .isEqualTo(endpoint.getAddresses().get(0));
+
+    // Assert that the proxy address is correctly set
+    assertThat(proxiedSocket.getProxyAddress()).isEqualTo(proxyAddress);
+  }
+
+  @Test
+  public void endpointAddressRewritten_whenProxyMetadataIsInLocalityMetadata() {
+    ClusterResolverConfig config = new ClusterResolverConfig(
+        Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection), leastRequest, true);
+    deliverLbConfig(config);
+    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
+    assertThat(childBalancers).isEmpty();
+
+    EquivalentAddressGroup endpoint =
+        new EquivalentAddressGroup(InetSocketAddress.createUnresolved("127.0.0.2", 8080));
+
+    // No proxy in endpointMetadata
+    ImmutableMap<String, Object> endpointMetadata = ImmutableMap.of();
+
+    // Proxy address is now in localityMetadata
+    SocketAddress proxyAddress = new FakeSocketAddress("proxy-addr");
+    ImmutableMap<String, Object> localityMetadata =
+        ImmutableMap.of("envoy.http11_proxy_transport_socket.proxy_address", proxyAddress);
+
+    LocalityLbEndpoints localityLbEndpoints = LocalityLbEndpoints.create(
+        Arrays.asList(
+            LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
+                "hostname2", endpointMetadata)),
+        100 /* localityWeight */, 1 /* priority */, localityMetadata);
+
+    xdsClient.deliverClusterLoadAssignment(
+        EDS_SERVICE_NAME1,
+        ImmutableMap.of(locality1, localityLbEndpoints));
+
+    assertThat(childBalancers).hasSize(1);
+    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
+
+    // Get the rewritten address
+    SocketAddress rewrittenAddress = childBalancer.addresses.get(0).getAddresses().get(0);
+
+    // Assert that the address was rewritten
+    assertThat(rewrittenAddress).isInstanceOf(HttpConnectProxiedSocketAddress.class);
+    HttpConnectProxiedSocketAddress proxiedSocket =
+        (HttpConnectProxiedSocketAddress) rewrittenAddress;
+
+    // Assert that the target address is the original address
+    assertThat(proxiedSocket.getTargetAddress()).isEqualTo(endpoint.getAddresses().get(0));
+
+    // Assert that the proxy address is correctly set from locality metadata
+    assertThat(proxiedSocket.getProxyAddress()).isEqualTo(proxyAddress);
+  }
 
   @Test
   public void onlyEdsClusters_receivedEndpoints() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1, EDS_SERVICE_NAME2);
     assertThat(childBalancers).isEmpty();
@@ -389,17 +490,21 @@ public void onlyEdsClusters_receivedEndpoints() {
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint1, 100, true, "hostname1"),
-                LbEndpoint.create(endpoint2, 100, true, "hostname1")),
-            70 /* localityWeight */, 1 /* priority */);
+                LbEndpoint.create(endpoint1, 100,
+                    true, "hostname1", ImmutableMap.of()),
+                LbEndpoint.create(endpoint2, 100,
+                    true, "hostname1", ImmutableMap.of())),
+            70 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true, "hostname2")),
-            10 /* localityWeight */, 1 /* priority */);
+            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true,
+                "hostname2", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints3 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint4, 100, true, "hostname3")),
-            20 /* localityWeight */, 2 /* priority */);
+            Collections.singletonList(LbEndpoint.create(endpoint4, 100, true,
+                "hostname3", ImmutableMap.of())),
+            20 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
     String priority1 = CLUSTER2 + "[child1]";
     String priority2 = CLUSTER2 + "[child2]";
     String priority3 = CLUSTER1 + "[child1]";
@@ -487,7 +592,7 @@ public void onlyEdsClusters_receivedEndpoints() {
   private void verifyEdsPriorityNames(List<String> want,
                                       Map<Locality, LocalityLbEndpoints>... updates) {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism2), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism2), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME2);
     assertThat(childBalancers).isEmpty();
@@ -553,15 +658,17 @@ locality2, createEndpoints(1)
   private LocalityLbEndpoints createEndpoints(int priority) {
     return LocalityLbEndpoints.create(
         Arrays.asList(
-            LbEndpoint.create(makeAddress("endpoint-addr-1"), 100, true, "hostname1"),
-            LbEndpoint.create(makeAddress("endpoint-addr-2"), 100, true, "hostname2")),
-        70 /* localityWeight */, priority /* priority */);
+            LbEndpoint.create(makeAddress("endpoint-addr-1"), 100,
+                true, "hostname1", ImmutableMap.of()),
+            LbEndpoint.create(makeAddress("endpoint-addr-2"), 100,
+                true, "hostname2", ImmutableMap.of())),
+        70 /* localityWeight */, priority /* priority */, ImmutableMap.of());
   }
 
   @Test
   public void onlyEdsClusters_resourceNeverExist_returnErrorPicker() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1, EDS_SERVICE_NAME2);
     assertThat(childBalancers).isEmpty();
@@ -583,7 +690,7 @@ public void onlyEdsClusters_resourceNeverExist_returnErrorPicker() {
   @Test
   public void onlyEdsClusters_allResourcesRevoked_shutDownChildLbPolicy() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1, EDS_SERVICE_NAME2);
     assertThat(childBalancers).isEmpty();
@@ -592,12 +699,14 @@ public void onlyEdsClusters_allResourcesRevoked_shutDownChildLbPolicy() {
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true, "hostname1")),
-            10 /* localityWeight */, 1 /* priority */);
+            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true,
+                "hostname1", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint2, 100, true, "hostname2")),
-            20 /* localityWeight */, 2 /* priority */);
+            Collections.singletonList(LbEndpoint.create(endpoint2, 100, true,
+                "hostname2", ImmutableMap.of())),
+            20 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints1));
     xdsClient.deliverClusterLoadAssignment(
@@ -618,17 +727,19 @@ public void onlyEdsClusters_allResourcesRevoked_shutDownChildLbPolicy() {
 
   @Test
   public void handleEdsResource_ignoreUnhealthyEndpoints() {
-    ClusterResolverConfig config =
-        new ClusterResolverConfig(Collections.singletonList(edsDiscoveryMechanism1), roundRobin);
+    ClusterResolverConfig config = new ClusterResolverConfig(
+        Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false);
     deliverLbConfig(config);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Arrays.asList(
-                LbEndpoint.create(endpoint1, 100, false /* isHealthy */, "hostname1"),
-                LbEndpoint.create(endpoint2, 100, true /* isHealthy */, "hostname2")),
-            10 /* localityWeight */, 1 /* priority */);
+                LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
+                    "hostname1", ImmutableMap.of()),
+                LbEndpoint.create(endpoint2, 100, true /* isHealthy */,
+                    "hostname2", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
@@ -638,21 +749,21 @@ public void handleEdsResource_ignoreUnhealthyEndpoints() {
 
   @Test
   public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
-    ClusterResolverConfig config =
-        new ClusterResolverConfig(Collections.singletonList(edsDiscoveryMechanism1), roundRobin);
+    ClusterResolverConfig config = new ClusterResolverConfig(
+        Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false);
     deliverLbConfig(config);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
-                "hostname1")),
-            10 /* localityWeight */, 1 /* priority */);
+                "hostname1", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint2, 100, true /* isHealthy */,
-                "hostname2")),
-            10 /* localityWeight */, 1 /* priority */);
+                "hostname2", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
         ImmutableMap.of(locality1, localityLbEndpoints1, locality2, localityLbEndpoints2));
@@ -665,21 +776,21 @@ public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
 
   @Test
   public void handleEdsResource_ignorePrioritiesWithNoHealthyEndpoints() {
-    ClusterResolverConfig config =
-        new ClusterResolverConfig(Collections.singletonList(edsDiscoveryMechanism1), roundRobin);
+    ClusterResolverConfig config = new ClusterResolverConfig(
+        Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false);
     deliverLbConfig(config);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
-                "hostname1")),
-            10 /* localityWeight */, 1 /* priority */);
+                "hostname1", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint2, 200, true /* isHealthy */,
-                "hostname2")),
-            10 /* localityWeight */, 2 /* priority */);
+                "hostname2", ImmutableMap.of())),
+            10 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
     String priority2 = CLUSTER1 + "[child2]";
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
@@ -691,15 +802,15 @@ public void handleEdsResource_ignorePrioritiesWithNoHealthyEndpoints() {
 
   @Test
   public void handleEdsResource_noHealthyEndpoint() {
-    ClusterResolverConfig config =
-        new ClusterResolverConfig(Collections.singletonList(edsDiscoveryMechanism1), roundRobin);
+    ClusterResolverConfig config = new ClusterResolverConfig(
+        Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false);
     deliverLbConfig(config);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint, 100, false /* isHealthy */,
-                "hostname1")),
-            10 /* localityWeight */, 1 /* priority */);
+                "hostname1", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(EDS_SERVICE_NAME1,
         Collections.singletonMap(locality1, localityLbEndpoints));  // single endpoint, unhealthy
 
@@ -716,7 +827,7 @@ public void handleEdsResource_noHealthyEndpoint() {
   @Test
   public void onlyLogicalDnsCluster_endpointsResolved() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin);
+        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
@@ -749,7 +860,7 @@ public void onlyLogicalDnsCluster_endpointsResolved() {
   @Test
   public void onlyLogicalDnsCluster_handleRefreshNameResolution() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin);
+        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
@@ -767,7 +878,7 @@ public void onlyLogicalDnsCluster_resolutionError_backoffAndRefresh() {
     InOrder inOrder = Mockito.inOrder(helper, backoffPolicyProvider,
         backoffPolicy1, backoffPolicy2);
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin);
+        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
@@ -813,7 +924,7 @@ public void onlyLogicalDnsCluster_resolutionError_backoffAndRefresh() {
   public void onlyLogicalDnsCluster_refreshNameResolutionRaceWithResolutionError() {
     InOrder inOrder = Mockito.inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin);
+        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
@@ -851,7 +962,7 @@ public void onlyLogicalDnsCluster_refreshNameResolutionRaceWithResolutionError()
   @Test
   public void edsClustersAndLogicalDnsCluster_receivedEndpoints() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
@@ -862,8 +973,9 @@ public void edsClustersAndLogicalDnsCluster_receivedEndpoints() {
     resolver.deliverEndpointAddresses(Arrays.asList(endpoint1, endpoint2));
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true, "hostname3")),
-            10 /* localityWeight */, 1 /* priority */);
+            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true,
+                "hostname3", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
 
@@ -886,7 +998,7 @@ public void edsClustersAndLogicalDnsCluster_receivedEndpoints() {
   @Test
   public void noEdsResourceExists_useDnsResolutionResults() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
@@ -910,7 +1022,7 @@ public void noEdsResourceExists_useDnsResolutionResults() {
   @Test
   public void edsResourceRevoked_dnsResolutionError_shutDownChildLbPolicyAndReturnErrorPicker() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
@@ -919,8 +1031,9 @@ public void edsResourceRevoked_dnsResolutionError_shutDownChildLbPolicyAndReturn
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint, 100, true, "hostname1")),
-            10 /* localityWeight */, 1 /* priority */);
+            Collections.singletonList(LbEndpoint.create(endpoint, 100, true,
+                "hostname1", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
     resolver.deliverError(Status.UNKNOWN.withDescription("I am lost"));
@@ -941,7 +1054,7 @@ public void edsResourceRevoked_dnsResolutionError_shutDownChildLbPolicyAndReturn
   @Test
   public void resolutionErrorAfterChildLbCreated_propagateErrorIfAllClustersEncounterError() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
@@ -950,8 +1063,9 @@ public void resolutionErrorAfterChildLbCreated_propagateErrorIfAllClustersEncoun
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint, 100, true, "hostname1")),
-            10 /* localityWeight */, 1 /* priority */);
+            Collections.singletonList(LbEndpoint.create(endpoint, 100, true,
+                "hostname1", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
     assertThat(childBalancers).isEmpty();  // not created until all clusters resolved.
@@ -976,7 +1090,7 @@ public void resolutionErrorAfterChildLbCreated_propagateErrorIfAllClustersEncoun
   @Test
   public void resolutionErrorBeforeChildLbCreated_returnErrorPickerIfAllClustersEncounterError() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
@@ -999,7 +1113,7 @@ public void resolutionErrorBeforeChildLbCreated_returnErrorPickerIfAllClustersEn
   @Test
   public void resolutionErrorBeforeChildLbCreated_edsOnly_returnErrorPicker() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -1017,7 +1131,7 @@ public void resolutionErrorBeforeChildLbCreated_edsOnly_returnErrorPicker() {
   @Test
   public void handleNameResolutionErrorFromUpstream_beforeChildLbCreated_returnErrorPicker() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertResolverCreated("/" + DNS_HOST_NAME);
@@ -1033,7 +1147,7 @@ public void handleNameResolutionErrorFromUpstream_beforeChildLbCreated_returnErr
   @Test
   public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThrough() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin);
+        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
@@ -1043,8 +1157,9 @@ public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThroug
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true, "hostname1")),
-            10 /* localityWeight */, 1 /* priority */);
+            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true,
+                "hostname1", ImmutableMap.of())),
+            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
     resolver.deliverEndpointAddresses(Collections.singletonList(endpoint2));
@@ -1118,37 +1233,37 @@ private static void assertAddressesEqual(
   }
 
   private static EquivalentAddressGroup makeAddress(final String name) {
-    class FakeSocketAddress extends SocketAddress {
-      private final String name;
+    return new EquivalentAddressGroup(new FakeSocketAddress(name));
+  }
 
-      private FakeSocketAddress(String name) {
-        this.name = name;
-      }
+  static class FakeSocketAddress extends SocketAddress {
+    private final String name;
 
-      @Override
-      public int hashCode() {
-        return Objects.hash(name);
-      }
+    private FakeSocketAddress(String name) {
+      this.name = name;
+    }
 
-      @Override
-      public boolean equals(Object o) {
-        if (this == o) {
-          return true;
-        }
-        if (!(o instanceof FakeSocketAddress)) {
-          return false;
-        }
-        FakeSocketAddress that = (FakeSocketAddress) o;
-        return Objects.equals(name, that.name);
-      }
+    @Override
+    public int hashCode() {
+      return Objects.hash(name);
+    }
 
-      @Override
-      public String toString() {
-        return name;
+    @Override
+    public boolean equals(Object o) {
+      if (this == o) {
+        return true;
       }
+      if (!(o instanceof FakeSocketAddress)) {
+        return false;
+      }
+      FakeSocketAddress that = (FakeSocketAddress) o;
+      return Objects.equals(name, that.name);
     }
 
-    return new EquivalentAddressGroup(new FakeSocketAddress(name));
+    @Override
+    public String toString() {
+      return name;
+    }
   }
 
   private static final class FakeXdsClient extends XdsClient {
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 610d147ccf9..7fac666f983 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.envoyproxy.envoy.config.route.v3.RouteAction.ClusterSpecifierCase.CLUSTER_SPECIFIER_PLUGIN;
+import static io.grpc.xds.XdsClusterResource.TRANSPORT_SOCKET_NAME_HTTP11_PROXY;
 import static io.grpc.xds.XdsEndpointResource.GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS;
 import static org.junit.Assert.fail;
 
@@ -93,6 +94,7 @@
 import io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3.Rds;
 import io.envoyproxy.envoy.extensions.load_balancing_policies.client_side_weighted_round_robin.v3.ClientSideWeightedRoundRobin;
 import io.envoyproxy.envoy.extensions.load_balancing_policies.wrr_locality.v3.WrrLocality;
+import io.envoyproxy.envoy.extensions.transport_sockets.http_11_proxy.v3.Http11ProxyUpstreamTransport;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
@@ -1055,7 +1057,7 @@ public void parseClusterWeight() {
   }
 
   @Test
-  public void parseLocalityLbEndpoints_withHealthyEndpoints() {
+  public void parseLocalityLbEndpoints_withHealthyEndpoints() throws ResourceInvalidException {
     io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints proto =
         io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints.newBuilder()
             .setLocality(Locality.newBuilder()
@@ -1075,12 +1077,14 @@ public void parseLocalityLbEndpoints_withHealthyEndpoints() {
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct()).isEqualTo(
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, true, "")),
-            100, 1));
+            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888,
+                20, true, "", ImmutableMap.of())),
+            100, 1, ImmutableMap.of()));
   }
 
   @Test
-  public void parseLocalityLbEndpoints_treatUnknownHealthAsHealthy() {
+  public void parseLocalityLbEndpoints_treatUnknownHealthAsHealthy()
+      throws ResourceInvalidException {
     io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints proto =
         io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints.newBuilder()
             .setLocality(Locality.newBuilder()
@@ -1100,12 +1104,13 @@ public void parseLocalityLbEndpoints_treatUnknownHealthAsHealthy() {
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct()).isEqualTo(
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, true, "")), 100,
-            1));
+            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888,
+                20, true, "", ImmutableMap.of())),
+            100, 1, ImmutableMap.of()));
   }
 
   @Test
-  public void parseLocalityLbEndpoints_withUnHealthyEndpoints() {
+  public void parseLocalityLbEndpoints_withUnHealthyEndpoints() throws ResourceInvalidException {
     io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints proto =
         io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints.newBuilder()
             .setLocality(Locality.newBuilder()
@@ -1125,12 +1130,13 @@ public void parseLocalityLbEndpoints_withUnHealthyEndpoints() {
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct()).isEqualTo(
         LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20, false, "")), 100,
-            1));
+            Collections.singletonList(LbEndpoint.create("172.14.14.5", 8888, 20,
+                false, "", ImmutableMap.of())),
+            100, 1, ImmutableMap.of()));
   }
 
   @Test
-  public void parseLocalityLbEndpoints_ignorZeroWeightLocality() {
+  public void parseLocalityLbEndpoints_ignorZeroWeightLocality() throws ResourceInvalidException {
     io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints proto =
         io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints.newBuilder()
             .setLocality(Locality.newBuilder()
@@ -1187,7 +1193,10 @@ public void parseLocalityLbEndpoints_withDualStackEndpoints() {
       EquivalentAddressGroup expectedEag = new EquivalentAddressGroup(socketAddressList);
       assertThat(struct.getStruct()).isEqualTo(
           LocalityLbEndpoints.create(
-              Collections.singletonList(LbEndpoint.create(expectedEag, 20, true, "")), 100, 1));
+              Collections.singletonList(LbEndpoint.create(
+                  expectedEag, 20, true, "", ImmutableMap.of())), 100, 1, ImmutableMap.of()));
+    } catch (ResourceInvalidException e) {
+      throw new RuntimeException(e);
     } finally {
       if (originalDualStackProp != null) {
         System.setProperty(GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS, originalDualStackProp);
@@ -1198,7 +1207,7 @@ public void parseLocalityLbEndpoints_withDualStackEndpoints() {
   }
 
   @Test
-  public void parseLocalityLbEndpoints_invalidPriority() {
+  public void parseLocalityLbEndpoints_invalidPriority() throws ResourceInvalidException {
     io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints proto =
         io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints.newBuilder()
             .setLocality(Locality.newBuilder()
@@ -2456,6 +2465,59 @@ public void processCluster_parsesAudienceMetadata()
     assertThat(update.parsedMetadata()).isEqualTo(expectedParsedMetadata);
   }
 
+  @Test
+  public void processCluster_parsesAddressMetadata() throws Exception {
+
+    // Create an Address message
+    Address address = Address.newBuilder()
+        .setSocketAddress(SocketAddress.newBuilder()
+            .setAddress("192.168.1.1")
+            .setPortValue(8080)
+            .build())
+        .build();
+
+    // Wrap the Address in Any
+    Any addressMetadata = Any.newBuilder()
+        .setTypeUrl("type.googleapis.com/envoy.config.core.v3.Address")
+        .setValue(address.toByteString())
+        .build();
+
+    Struct filterMetadata = Struct.newBuilder()
+        .putFields("key1", Value.newBuilder().setStringValue("value1").build())
+        .putFields("key2", Value.newBuilder().setNumberValue(42).build())
+        .build();
+
+    Metadata metadata = Metadata.newBuilder()
+        .putTypedFilterMetadata("ADDRESS_METADATA", addressMetadata)
+        .putFilterMetadata("FILTER_METADATA", filterMetadata)
+        .build();
+
+    Cluster cluster = Cluster.newBuilder()
+        .setName("cluster-foo.googleapis.com")
+        .setType(DiscoveryType.EDS)
+        .setEdsClusterConfig(
+            EdsClusterConfig.newBuilder()
+                .setEdsConfig(
+                    ConfigSource.newBuilder()
+                        .setAds(AggregatedConfigSource.getDefaultInstance()))
+                .setServiceName("service-foo.googleapis.com"))
+        .setLbPolicy(LbPolicy.ROUND_ROBIN)
+        .setMetadata(metadata)
+        .build();
+
+    CdsUpdate update = XdsClusterResource.processCluster(
+        cluster, null, LRS_SERVER_INFO,
+        LoadBalancerRegistry.getDefaultRegistry());
+
+    ImmutableMap<String, Object> expectedParsedMetadata = ImmutableMap.of(
+        "ADDRESS_METADATA", new InetSocketAddress("192.168.1.1", 8080),
+        "FILTER_METADATA", ImmutableMap.of(
+            "key1", "value1",
+            "key2", 42.0));
+
+    assertThat(update.parsedMetadata()).isEqualTo(expectedParsedMetadata);
+  }
+
   @Test
   public void processCluster_metadataKeyCollision_resolvesToTypedMetadata()
       throws ResourceInvalidException, InvalidProtocolBufferException {
@@ -2512,6 +2574,40 @@ public Object parse(Any value) {
     metadataRegistry.removeParser(testParser);
   }
 
+  @Test
+  public void parseNonAggregateCluster_withHttp11ProxyTransportSocket()
+      throws ResourceInvalidException, InvalidProtocolBufferException {
+    XdsClusterResource.isEnabledXdsHttpConnect = true;
+
+    Http11ProxyUpstreamTransport http11ProxyUpstreamTransport =
+        Http11ProxyUpstreamTransport.newBuilder()
+            .setTransportSocket(TransportSocket.getDefaultInstance())
+            .build();
+
+    TransportSocket transportSocket = TransportSocket.newBuilder()
+        .setName(TRANSPORT_SOCKET_NAME_HTTP11_PROXY)
+        .setTypedConfig(Any.pack(http11ProxyUpstreamTransport))
+        .build();
+
+    Cluster cluster = Cluster.newBuilder()
+        .setName("cluster-http11-proxy.googleapis.com")
+        .setType(DiscoveryType.EDS)
+        .setEdsClusterConfig(
+            EdsClusterConfig.newBuilder()
+                .setEdsConfig(
+                    ConfigSource.newBuilder().setAds(AggregatedConfigSource.getDefaultInstance()))
+                .setServiceName("service-http11-proxy.googleapis.com"))
+        .setLbPolicy(LbPolicy.ROUND_ROBIN)
+        .setTransportSocket(transportSocket)
+        .build();
+
+    CdsUpdate result =
+        XdsClusterResource.processCluster(cluster, null, LRS_SERVER_INFO,
+            LoadBalancerRegistry.getDefaultRegistry());
+
+    assertThat(result).isNotNull();
+    assertThat(result.isHttp11ProxyAvailable()).isTrue();
+  }
 
   @Test
   public void parseServerSideListener_invalidTrafficDirection() throws ResourceInvalidException {
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 00fbfe669af..51c07cb3537 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -607,9 +607,9 @@ private void validateGoldenClusterLoadAssignment(EdsUpdate edsUpdate) {
             Locality.create("region1", "zone1", "subzone1"),
             LocalityLbEndpoints.create(
                 ImmutableList.of(LbEndpoint.create("192.168.0.1", 8080, 2, true,
-                    "endpoint-host-name")), 1, 0),
+                    "endpoint-host-name", ImmutableMap.of())), 1, 0, ImmutableMap.of()),
             Locality.create("region3", "zone3", "subzone3"),
-            LocalityLbEndpoints.create(ImmutableList.<LbEndpoint>of(), 2, 1));
+            LocalityLbEndpoints.create(ImmutableList.<LbEndpoint>of(), 2, 1, ImmutableMap.of()));
   }
 
   /**
@@ -3246,7 +3246,9 @@ public void edsResourceUpdated() {
             Locality.create("region2", "zone2", "subzone2"),
             LocalityLbEndpoints.create(
                 ImmutableList.of(
-                    LbEndpoint.create("172.44.2.2", 8000, 3, true, "endpoint-host-name")), 2, 0));
+                    LbEndpoint.create("172.44.2.2", 8000, 3,
+                        true, "endpoint-host-name", ImmutableMap.of())),
+                2, 0, ImmutableMap.of()));
     verifyResourceMetadataAcked(EDS, EDS_RESOURCE, updatedClusterLoadAssignment, VERSION_2,
         TIME_INCREMENT * 2);
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 1);
@@ -3416,7 +3418,9 @@ public void multipleEdsWatchers() {
             Locality.create("region2", "zone2", "subzone2"),
             LocalityLbEndpoints.create(
                 ImmutableList.of(
-                    LbEndpoint.create("172.44.2.2", 8000, 3, true, "endpoint-host-name")), 2, 0));
+                    LbEndpoint.create("172.44.2.2", 8000, 3,
+                        true, "endpoint-host-name", ImmutableMap.of())),
+                2, 0, ImmutableMap.of()));
     verify(watcher2).onChanged(edsUpdateCaptor.capture());
     edsUpdate = edsUpdateCaptor.getValue();
     assertThat(edsUpdate.clusterName).isEqualTo(edsResourceTwo);
@@ -3426,7 +3430,9 @@ public void multipleEdsWatchers() {
             Locality.create("region2", "zone2", "subzone2"),
             LocalityLbEndpoints.create(
                 ImmutableList.of(
-                    LbEndpoint.create("172.44.2.2", 8000, 3, true, "endpoint-host-name")), 2, 0));
+                    LbEndpoint.create("172.44.2.2", 8000, 3,
+                        true, "endpoint-host-name", ImmutableMap.of())),
+                2, 0, ImmutableMap.of()));
     verifyNoMoreInteractions(edsResourceWatcher);
     verifyResourceMetadataAcked(
         EDS, edsResourceTwo, clusterLoadAssignmentTwo, VERSION_2, TIME_INCREMENT * 2);
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index ea28734ec6a..d0580ae2667 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -257,17 +257,17 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
 
     // Need to create endpoints to create locality endpoints map to create edsUpdate
     Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
-    LbEndpoint lbEndpoint =
-        LbEndpoint.create(serverHostName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME);
+    LbEndpoint lbEndpoint = LbEndpoint.create(
+        serverHostName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
     lbEndpointsMap.put(
         Locality.create("", "", ""),
-        LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0));
+        LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0, ImmutableMap.of()));
 
     // Need to create EdsUpdate to create CdsUpdate to create XdsClusterConfig for builder
     XdsEndpointResource.EdsUpdate edsUpdate = new XdsEndpointResource.EdsUpdate(
         EDS_NAME, lbEndpointsMap, Collections.emptyList());
     XdsClusterResource.CdsUpdate cdsUpdate = XdsClusterResource.CdsUpdate.forEds(
-        CLUSTER_NAME, EDS_NAME, serverInfo, null, null, null)
+        CLUSTER_NAME, EDS_NAME, serverInfo, null, null, null, false)
         .lbPolicyConfig(getWrrLbConfigAsMap()).build();
     XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
         CLUSTER_NAME, cdsUpdate, new EndpointConfig(StatusOr.fromValue(edsUpdate)));
diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh
index dbe6f81b1a8..7a6b33871b3 100755
--- a/xds/third_party/envoy/import.sh
+++ b/xds/third_party/envoy/import.sh
@@ -86,6 +86,7 @@ envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.proto
 envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.proto
 envoy/extensions/load_balancing_policies/round_robin/v3/round_robin.proto
 envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto
+envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
 envoy/extensions/transport_sockets/tls/v3/cert.proto
 envoy/extensions/transport_sockets/tls/v3/common.proto
 envoy/extensions/transport_sockets/tls/v3/secret.proto
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
new file mode 100644
index 00000000000..2c9b5333f41
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
@@ -0,0 +1,38 @@
+syntax = "proto3";
+
+package envoy.extensions.transport_sockets.http_11_proxy.v3;
+
+import "envoy/config/core/v3/base.proto";
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.http_11_proxy.v3";
+option java_outer_classname = "UpstreamHttp11ConnectProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/http_11_proxy/v3;http_11_proxyv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Upstream HTTP/1.1 Proxy]
+// [#extension: envoy.transport_sockets.http_11_proxy]
+
+// HTTP/1.1 proxy transport socket establishes an upstream connection to a proxy address
+// instead of the target host's address. This behavior is triggered when the transport
+// socket is configured and proxy information is provided.
+//
+// Behavior when proxying:
+// =======================
+// When an upstream connection is established, instead of connecting directly to the endpoint
+// address, the client will connect to the specified proxy address, send an HTTP/1.1 ``CONNECT`` request
+// indicating the endpoint address, and process the response. If the response has HTTP status 200,
+// the connection will be passed down to the underlying transport socket.
+//
+// Configuring proxy information:
+// ==============================
+// Set ``typed_filter_metadata`` in :ref:`LbEndpoint.Metadata <envoy_v3_api_field_config.endpoint.v3.lbendpoint.metadata>` or :ref:`LocalityLbEndpoints.Metadata <envoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.metadata>`.
+// using the key ``envoy.http11_proxy_transport_socket.proxy_address`` and the
+// proxy address in ``config::core::v3::Address`` format.
+//
+message Http11ProxyUpstreamTransport {
+  // The underlying transport socket being wrapped. Defaults to plaintext (raw_buffer) if unset.
+  config.core.v3.TransportSocket transport_socket = 1;
+}

From 602aece0810fce6f298eec8d6433777b43f4b30c Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 6 Mar 2025 10:34:53 +0000
Subject: [PATCH 203/591] xds: avoid unnecessary dns lookup (#11932)

---
 .../io/grpc/xds/EnvoyServerProtoData.java     |   5 +-
 .../java/io/grpc/xds/XdsListenerResource.java |  14 ++-
 ...rChainMatchingProtocolNegotiatorsTest.java | 112 +++++++++++-------
 3 files changed, 82 insertions(+), 49 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
index 4a6213277e7..8c37e90855b 100644
--- a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
+++ b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
@@ -27,7 +27,6 @@
 import io.grpc.xds.client.EnvoyProtoData;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import java.net.InetAddress;
-import java.net.UnknownHostException;
 import java.util.Objects;
 import javax.annotation.Nullable;
 
@@ -150,9 +149,9 @@ abstract static class CidrRange {
 
     abstract int prefixLen();
 
-    static CidrRange create(String addressPrefix, int prefixLen) throws UnknownHostException {
+    static CidrRange create(InetAddress addressPrefix, int prefixLen) {
       return new AutoValue_EnvoyServerProtoData_CidrRange(
-          InetAddress.getByName(addressPrefix), prefixLen);
+          addressPrefix, prefixLen);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
index 4b554be1743..2d9743143fc 100644
--- a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
@@ -25,6 +25,7 @@
 import com.google.auto.value.AutoValue;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
+import com.google.common.net.InetAddresses;
 import com.google.protobuf.Any;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
@@ -43,7 +44,6 @@
 import io.grpc.xds.Filter.FilterConfig;
 import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.client.XdsResourceType;
-import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
@@ -446,16 +446,18 @@ private static FilterChainMatch parseFilterChainMatch(
     try {
       for (io.envoyproxy.envoy.config.core.v3.CidrRange range : proto.getPrefixRangesList()) {
         prefixRanges.add(
-            CidrRange.create(range.getAddressPrefix(), range.getPrefixLen().getValue()));
+            CidrRange.create(InetAddresses.forString(range.getAddressPrefix()),
+                range.getPrefixLen().getValue()));
       }
       for (io.envoyproxy.envoy.config.core.v3.CidrRange range
           : proto.getSourcePrefixRangesList()) {
-        sourcePrefixRanges.add(
-            CidrRange.create(range.getAddressPrefix(), range.getPrefixLen().getValue()));
+        sourcePrefixRanges.add(CidrRange.create(
+            InetAddresses.forString(range.getAddressPrefix()), range.getPrefixLen().getValue()));
       }
-    } catch (UnknownHostException e) {
-      throw new ResourceInvalidException("Failed to create CidrRange", e);
+    } catch (IllegalArgumentException ex) {
+      throw new ResourceInvalidException("Failed to create CidrRange", ex);
     }
+
     ConnectionSourceType sourceType;
     switch (proto.getSourceType()) {
       case ANY:
diff --git a/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java
index 685102477cc..c3d006a6003 100644
--- a/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java
@@ -25,6 +25,7 @@
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.net.InetAddresses;
 import com.google.common.util.concurrent.SettableFuture;
 import io.grpc.ServerInterceptor;
 import io.grpc.internal.TestUtils.NoopChannelLogger;
@@ -58,7 +59,6 @@
 import io.netty.handler.codec.http2.Http2Settings;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
-import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -318,7 +318,8 @@ public void destPrefixRangeMatch() throws Exception {
     EnvoyServerProtoData.FilterChainMatch filterChainMatchWithMatch =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.0", 24)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.1.2.0"), 24)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -360,7 +361,8 @@ public void destPrefixRangeMismatch_returnDefaultFilterChain()
     EnvoyServerProtoData.FilterChainMatch filterChainMatchWithMismatch =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.2.2.0", 24)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.2.2.0"), 24)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -403,7 +405,8 @@ public void dest0LengthPrefixRange()
     EnvoyServerProtoData.FilterChainMatch filterChainMatch0Length =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.2.2.0", 0)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.2.2.0"), 0)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -444,7 +447,8 @@ public void destPrefixRange_moreSpecificWins()
     EnvoyServerProtoData.FilterChainMatch filterChainMatchLessSpecific =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.0", 24)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.1.2.0"), 24)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -461,7 +465,8 @@ public void destPrefixRange_moreSpecificWins()
     EnvoyServerProtoData.FilterChainMatch filterChainMatchMoreSpecific =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.2", 31)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.1.2.2"), 31)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -519,7 +524,8 @@ public void destPrefixRange_emptyListLessSpecific()
     EnvoyServerProtoData.FilterChainMatch filterChainMatchMoreSpecific =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("8.0.0.0", 5)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("8.0.0.0"), 5)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -559,7 +565,8 @@ public void destPrefixRangeIpv6_moreSpecificWins()
     EnvoyServerProtoData.FilterChainMatch filterChainMatchLessSpecific =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("FE80:0:0:0:0:0:0:0", 60)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("FE80:0:0:0:0:0:0:0"), 60)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -577,7 +584,8 @@ public void destPrefixRangeIpv6_moreSpecificWins()
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("FE80:0000:0000:0000:0202:0:0:0", 80)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("FE80:0000:0000:0000:0202:0:0:0"), 80)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -620,8 +628,10 @@ public void destPrefixRange_moreSpecificWith2Wins()
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("10.1.2.0", 24),
-                EnvoyServerProtoData.CidrRange.create(LOCAL_IP, 32)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.1.2.0"), 24),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString(LOCAL_IP), 32)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -638,7 +648,8 @@ public void destPrefixRange_moreSpecificWith2Wins()
     EnvoyServerProtoData.FilterChainMatch filterChainMatchLessSpecific =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.2", 31)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.1.2.2"), 31)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -763,8 +774,10 @@ public void sourcePrefixRange_moreSpecificWith2Wins()
             ImmutableList.of(),
             ImmutableList.of(),
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24),
-                EnvoyServerProtoData.CidrRange.create(REMOTE_IP, 32)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.4.2.0"), 24),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString(REMOTE_IP), 32)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(),
             ImmutableList.of(),
@@ -781,7 +794,8 @@ public void sourcePrefixRange_moreSpecificWith2Wins()
             0,
             ImmutableList.of(),
             ImmutableList.of(),
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.2.2", 31)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.4.2.2"), 31)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(),
             ImmutableList.of(),
@@ -811,8 +825,7 @@ filterChainLessSpecific, randomConfig("no-match")),
   }
 
   @Test
-  public void sourcePrefixRange_2Matchers_expectException()
-          throws UnknownHostException {
+  public void sourcePrefixRange_2Matchers_expectException() {
     ChannelHandler next = new ChannelInboundHandlerAdapter() {
       @Override
       public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
@@ -831,8 +844,10 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
             ImmutableList.of(),
             ImmutableList.of(),
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24),
-                EnvoyServerProtoData.CidrRange.create("192.168.10.2", 32)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.4.2.0"), 24),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("192.168.10.2"), 32)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(),
             ImmutableList.of(),
@@ -848,7 +863,8 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
             0,
             ImmutableList.of(),
             ImmutableList.of(),
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.4.2.0"), 24)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(),
             ImmutableList.of(),
@@ -890,8 +906,10 @@ public void sourcePortMatch_exactMatchWinsOverEmptyList() throws Exception {
             ImmutableList.of(),
             ImmutableList.of(),
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24),
-                EnvoyServerProtoData.CidrRange.create("10.4.2.2", 31)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.4.2.0"), 24),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.4.2.2"), 31)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(),
             ImmutableList.of(),
@@ -908,7 +926,8 @@ public void sourcePortMatch_exactMatchWinsOverEmptyList() throws Exception {
             0,
             ImmutableList.of(),
             ImmutableList.of(),
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.2.2", 31)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.4.2.2"), 31)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(7000, 15000),
             ImmutableList.of(),
@@ -966,7 +985,8 @@ public void filterChain_5stepMatch() throws Exception {
             PORT,
             ImmutableList.of(),
             ImmutableList.of(),
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(REMOTE_IP, 32)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString(REMOTE_IP), 32)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(),
             ImmutableList.of(),
@@ -981,9 +1001,11 @@ public void filterChain_5stepMatch() throws Exception {
     EnvoyServerProtoData.FilterChainMatch filterChainMatch2 =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.0", 30)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.1.2.0"), 30)),
             ImmutableList.of(),
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.0.0", 16)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.4.0.0"), 16)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(),
             ImmutableList.of(),
@@ -997,8 +1019,10 @@ public void filterChain_5stepMatch() throws Exception {
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("192.168.2.0", 24),
-                EnvoyServerProtoData.CidrRange.create("10.1.2.0", 30)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("192.168.2.0"), 24),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.1.2.0"), 30)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.SAME_IP_OR_LOOPBACK,
@@ -1015,10 +1039,13 @@ public void filterChain_5stepMatch() throws Exception {
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("10.1.0.0", 16),
-                EnvoyServerProtoData.CidrRange.create("10.1.2.0", 30)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.1.0.0"), 16),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.1.2.0"), 30)),
             ImmutableList.of(),
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.4.2.0"), 24)),
             EnvoyServerProtoData.ConnectionSourceType.EXTERNAL,
             ImmutableList.of(16000, 9000),
             ImmutableList.of(),
@@ -1034,12 +1061,16 @@ public void filterChain_5stepMatch() throws Exception {
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("10.1.0.0", 16),
-                EnvoyServerProtoData.CidrRange.create("10.1.2.0", 30)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.1.0.0"), 16),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.1.2.0"), 30)),
             ImmutableList.of(),
             ImmutableList.of(
-                EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24),
-                EnvoyServerProtoData.CidrRange.create("192.168.2.0", 24)),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("10.4.2.0"), 24),
+                EnvoyServerProtoData.CidrRange.create(
+                    InetAddresses.forString("192.168.2.0"), 24)),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
             ImmutableList.of(15000, 8000),
             ImmutableList.of(),
@@ -1053,7 +1084,8 @@ public void filterChain_5stepMatch() throws Exception {
     EnvoyServerProtoData.FilterChainMatch filterChainMatch6 =
         EnvoyServerProtoData.FilterChainMatch.create(
             0,
-            ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.0", 29)),
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.1.2.0"), 29)),
             ImmutableList.of(),
             ImmutableList.of(),
             EnvoyServerProtoData.ConnectionSourceType.ANY,
@@ -1105,8 +1137,8 @@ public void filterChainMatch_unsupportedMatchers() throws Exception {
     EnvoyServerProtoData.FilterChainMatch filterChainMatch1 =
         EnvoyServerProtoData.FilterChainMatch.create(
             0 /* destinationPort */,
-            ImmutableList.of(
-                    EnvoyServerProtoData.CidrRange.create("10.1.0.0", 16)) /* prefixRange */,
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.1.0.0"), 16)) /* prefixRange */,
             ImmutableList.of("managed-mtls", "h2") /* applicationProtocol */,
             ImmutableList.of() /* sourcePrefixRanges */,
             EnvoyServerProtoData.ConnectionSourceType.ANY /* sourceType */,
@@ -1117,8 +1149,8 @@ public void filterChainMatch_unsupportedMatchers() throws Exception {
     EnvoyServerProtoData.FilterChainMatch filterChainMatch2 =
         EnvoyServerProtoData.FilterChainMatch.create(
             0 /* destinationPort */,
-            ImmutableList.of(
-                    EnvoyServerProtoData.CidrRange.create("10.0.0.0", 8)) /* prefixRange */,
+            ImmutableList.of(EnvoyServerProtoData.CidrRange.create(
+                InetAddresses.forString("10.0.0.0"), 8)) /* prefixRange */,
             ImmutableList.of() /* applicationProtocol */,
             ImmutableList.of() /* sourcePrefixRanges */,
             EnvoyServerProtoData.ConnectionSourceType.ANY /* sourceType */,

From a6a041e4159bf2a8e631877232ca1c4bfacd6b56 Mon Sep 17 00:00:00 2001
From: Sergii Tkachenko <sergiitk@google.com>
Date: Thu, 6 Mar 2025 13:32:08 -0500
Subject: [PATCH 204/591] xds: Support filter state retention

This PR adds support filter state retention in Java. The mechanism
will be similar to the one described in [A83]
(https://github.com/grpc/proposal/blob/master/A83-xds-gcp-authn-filter.md#filter-call-credentials-cache)
for C-core, and will serve the same purpose. However, the
implementation details are very different due to the different nature
of xDS HTTP filter support in C-core and Java.

### Filter instance lifecycle
#### xDS gRPC clients
New filter instances are created per combination of:
1. `XdsNameResolver` instance,
2. Filter name+typeUrl as configured in
   HttpConnectionManager (HCM) http_filters.

Existing client-side filter instances are shutdown:
- A single a filter instance is shutdown when an LDS update contains
  HCM that is missing filter configuration for name+typeUrl
  combination of this instance.
- All filter instances when watched LDS resource is missing from an
  LDS update.
- All filter instances name resolver shutdown.

#### xDS-enabled gRPC servers
New filter instances are created per combination of:
1. Server instance,
2. FilterChain name,
3. Filter name+typeUrl as configured in FilterChain's HCM.http_filters

Filter instances of Default Filter Chain is tracked separately per:
1. Server instance,
2. Filter name+typeUrl in default_filter_chain's HCM.http_filters.

Existing server-side filter instances are shutdown:
- A single a filter instance is shutdown when an LDS update contains
  FilterChain with HCM.http_filters that is missing configuration for
  filter name+typeUrl.
- All filter instances associated with the FilterChain when an LDS
  update no longer contains FilterChain's name.
- All filter instances when watched LDS resource is missing from an
  LDS update.
- All filter instances on server shutdown.

### Related
- Part 1: #11883
---
 .../io/grpc/xds/EnvoyServerProtoData.java     |   2 +-
 xds/src/main/java/io/grpc/xds/Filter.java     |  28 +-
 ...ilterChainMatchingProtocolNegotiators.java |   4 +
 .../java/io/grpc/xds/XdsListenerResource.java |   5 +
 .../java/io/grpc/xds/XdsNameResolver.java     |  71 ++-
 .../java/io/grpc/xds/XdsServerWrapper.java    | 159 +++--
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |  39 ++
 .../test/java/io/grpc/xds/StatefulFilter.java | 174 ++++++
 .../java/io/grpc/xds/XdsNameResolverTest.java | 350 ++++++++++-
 .../java/io/grpc/xds/XdsServerTestHelper.java |  35 +-
 .../io/grpc/xds/XdsServerWrapperTest.java     | 556 +++++++++++++++++-
 11 files changed, 1345 insertions(+), 78 deletions(-)
 create mode 100644 xds/src/test/java/io/grpc/xds/StatefulFilter.java

diff --git a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
index 8c37e90855b..ae5b3c5b1c9 100644
--- a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
+++ b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
@@ -206,7 +206,7 @@ public static FilterChainMatch create(int destinationPort,
   @AutoValue
   abstract static class FilterChain {
 
-    // possibly empty
+    // Must be unique per server instance (except the default chain).
     abstract String name();
 
     // TODO(sanjaypujare): flatten structure by moving FilterChainMatch class members here.
diff --git a/xds/src/main/java/io/grpc/xds/Filter.java b/xds/src/main/java/io/grpc/xds/Filter.java
index ab61ba2b570..aa326b55ad7 100644
--- a/xds/src/main/java/io/grpc/xds/Filter.java
+++ b/xds/src/main/java/io/grpc/xds/Filter.java
@@ -20,6 +20,7 @@
 import com.google.protobuf.Message;
 import io.grpc.ClientInterceptor;
 import io.grpc.ServerInterceptor;
+import java.io.Closeable;
 import java.util.Objects;
 import java.util.concurrent.ScheduledExecutorService;
 import javax.annotation.Nullable;
@@ -32,7 +33,7 @@
  * {@link Provider#isClientFilter()}, {@link Provider#isServerFilter()} to indicate that the filter
  * is capable of working on the client side or server side or both, respectively.
  */
-interface Filter {
+interface Filter extends Closeable {
 
   /** Represents an opaque data structure holding configuration for a filter. */
   interface FilterConfig {
@@ -72,6 +73,19 @@ default boolean isServerFilter() {
      *
      * <p>Returns a filter instance registered with the same typeUrls as the provider,
      * capable of working with the same FilterConfig type returned by provider's parse functions.
+     *
+     * <p>For xDS gRPC clients, new filter instances are created per combination of:
+     * <ol>
+     *   <li><code>XdsNameResolver</code> instance,</li>
+     *   <li>Filter name+typeUrl in HttpConnectionManager (HCM) http_filters.</li>
+     * </ol>
+     *
+     * <p>For xDS-enabled gRPC servers, new filter instances are created per combination of:
+     * <ol>
+     *   <li>Server instance,</li>
+     *   <li>FilterChain name,</li>
+     *   <li>Filter name+typeUrl in FilterChain's HCM.http_filters.</li>
+     * </ol>
      */
     Filter newInstance();
 
@@ -103,6 +117,14 @@ default ServerInterceptor buildServerInterceptor(
     return null;
   }
 
+  /**
+   * Releases filter resources like shared resources and remote connections.
+   *
+   * <p>See {@link Provider#newInstance()} for details on filter instance creation.
+   */
+  @Override
+  default void close() {}
+
   /** Filter config with instance name. */
   final class NamedFilterConfig {
     // filter instance name
@@ -114,6 +136,10 @@ final class NamedFilterConfig {
       this.filterConfig = filterConfig;
     }
 
+    String filterStateKey() {
+      return name + "_" + filterConfig.typeUrl();
+    }
+
     @Override
     public boolean equals(Object o) {
       if (this == o) {
diff --git a/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java
index aaf8d69d2c1..77a66495614 100644
--- a/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java
+++ b/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java
@@ -151,6 +151,10 @@ static final class FilterChainSelector {
         this.defaultRoutingConfig = checkNotNull(defaultRoutingConfig, "defaultRoutingConfig");
       }
 
+      FilterChainSelector(Map<FilterChain, AtomicReference<ServerRoutingConfig>> routingConfigs) {
+        this(routingConfigs, null, new AtomicReference<>());
+      }
+
       @VisibleForTesting
       Map<FilterChain, AtomicReference<ServerRoutingConfig>> getRoutingConfigs() {
         return routingConfigs;
diff --git a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
index 2d9743143fc..ec0cbbf243f 100644
--- a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
@@ -178,6 +178,7 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
     }
 
     ImmutableList.Builder<FilterChain> filterChains = ImmutableList.builder();
+    Set<String> filterChainNames = new HashSet<>();
     Set<FilterChainMatch> filterChainMatchSet = new HashSet<>();
     int i = 0;
     for (io.envoyproxy.envoy.config.listener.v3.FilterChain fc : proto.getFilterChainsList()) {
@@ -187,6 +188,10 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
         // Generate a name, so we can identify it in the logs.
         filterChainName = "chain_" + i;
       }
+      if (!filterChainNames.add(filterChainName)) {
+        throw new ResourceInvalidException("Filter chain names must be unique. "
+            + "Found duplicate: " + filterChainName);
+      }
       filterChains.add(
           parseFilterChain(fc, filterChainName, tlsContextManager, filterRegistry,
               filterChainMatchSet, certProviderInstances, args));
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index b7b1ed0bdba..507808d718b 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -127,6 +127,10 @@ final class XdsNameResolver extends NameResolver {
   private final ConfigSelector configSelector = new ConfigSelector();
   private final long randomChannelId;
   private final MetricRecorder metricRecorder;
+  // Must be accessed in syncContext.
+  // Filter instances are unique per channel, and per filter (name+typeUrl).
+  // NamedFilterConfig.filterStateKey -> filter_instance.
+  private final HashMap<String, Filter> activeFilters = new HashMap<>();
 
   private volatile RoutingConfig routingConfig = RoutingConfig.EMPTY;
   private Listener2 listener;
@@ -658,18 +662,23 @@ public void onChanged(final XdsListenerResource.LdsUpdate update) {
       HttpConnectionManager httpConnectionManager = update.httpConnectionManager();
       List<VirtualHost> virtualHosts = httpConnectionManager.virtualHosts();
       String rdsName = httpConnectionManager.rdsName();
+      ImmutableList<NamedFilterConfig> filterConfigs = httpConnectionManager.httpFilterConfigs();
+      long streamDurationNano = httpConnectionManager.httpMaxStreamDurationNano();
+
+      // Create/update HCM-bound state.
       cleanUpRouteDiscoveryState();
+      updateActiveFilters(filterConfigs);
+
+      // Routes specified directly in LDS.
       if (virtualHosts != null) {
-        updateRoutes(virtualHosts, httpConnectionManager.httpMaxStreamDurationNano(),
-            httpConnectionManager.httpFilterConfigs());
-      } else {
-        routeDiscoveryState = new RouteDiscoveryState(
-            rdsName, httpConnectionManager.httpMaxStreamDurationNano(),
-            httpConnectionManager.httpFilterConfigs());
-        logger.log(XdsLogLevel.INFO, "Start watching RDS resource {0}", rdsName);
-        xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
-            rdsName, routeDiscoveryState, syncContext);
+        updateRoutes(virtualHosts, streamDurationNano, filterConfigs);
+        return;
       }
+      // Routes provided by RDS.
+      routeDiscoveryState = new RouteDiscoveryState(rdsName, streamDurationNano, filterConfigs);
+      logger.log(XdsLogLevel.INFO, "Start watching RDS resource {0}", rdsName);
+      xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
+          rdsName, routeDiscoveryState, syncContext);
     }
 
     @Override
@@ -690,6 +699,7 @@ public void onResourceDoesNotExist(final String resourceName) {
       String error = "LDS resource does not exist: " + resourceName;
       logger.log(XdsLogLevel.INFO, error);
       cleanUpRouteDiscoveryState();
+      updateActiveFilters(null);
       cleanUpRoutes(error);
     }
 
@@ -703,9 +713,35 @@ private void stop() {
       logger.log(XdsLogLevel.INFO, "Stop watching LDS resource {0}", ldsResourceName);
       stopped = true;
       cleanUpRouteDiscoveryState();
+      updateActiveFilters(null);
       xdsClient.cancelXdsResourceWatch(XdsListenerResource.getInstance(), ldsResourceName, this);
     }
 
+    // called in syncContext
+    private void updateActiveFilters(@Nullable List<NamedFilterConfig> filterConfigs) {
+      if (filterConfigs == null) {
+        filterConfigs = ImmutableList.of();
+      }
+      Set<String> filtersToShutdown = new HashSet<>(activeFilters.keySet());
+      for (NamedFilterConfig namedFilter : filterConfigs) {
+        String typeUrl = namedFilter.filterConfig.typeUrl();
+        String filterKey = namedFilter.filterStateKey();
+
+        Filter.Provider provider = filterRegistry.get(typeUrl);
+        checkNotNull(provider, "provider %s", typeUrl);
+        Filter filter = activeFilters.computeIfAbsent(filterKey, k -> provider.newInstance());
+        checkNotNull(filter, "filter %s", filterKey);
+        filtersToShutdown.remove(filterKey);
+      }
+
+      // Shutdown filters not present in current HCM.
+      for (String filterKey : filtersToShutdown) {
+        Filter filterToShutdown = activeFilters.remove(filterKey);
+        checkNotNull(filterToShutdown, "filterToShutdown %s", filterKey);
+        filterToShutdown.close();
+      }
+    }
+
     // called in syncContext
     private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDurationNano,
         @Nullable List<NamedFilterConfig> filterConfigs) {
@@ -836,19 +872,16 @@ private ClientInterceptor createFilters(
 
       ImmutableList.Builder<ClientInterceptor> filterInterceptors = ImmutableList.builder();
       for (NamedFilterConfig namedFilter : filterConfigs) {
-        FilterConfig config = namedFilter.filterConfig;
         String name = namedFilter.name;
-        String typeUrl = config.typeUrl();
-
-        Filter.Provider provider = filterRegistry.get(typeUrl);
-        if (provider == null || !provider.isClientFilter()) {
-          continue;
-        }
-
-        Filter filter = provider.newInstance();
+        FilterConfig config = namedFilter.filterConfig;
+        FilterConfig overrideConfig = selectedOverrideConfigs.get(name);
+        String filterKey = namedFilter.filterStateKey();
 
+        Filter filter = activeFilters.get(filterKey);
+        checkNotNull(filter, "activeFilters.get(%s)", filterKey);
         ClientInterceptor interceptor =
-            filter.buildClientInterceptor(config, selectedOverrideConfigs.get(name), scheduler);
+            filter.buildClientInterceptor(config, overrideConfig, scheduler);
+
         if (interceptor != null) {
           filterInterceptors.add(interceptor);
         }
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index e5b25ae458b..e0185974861 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -113,6 +113,14 @@ public void uncaughtException(Thread t, Throwable e) {
   private DiscoveryState discoveryState;
   private volatile Server delegate;
 
+  // Must be accessed in syncContext.
+  // Filter instances are unique per Server, per FilterChain, and per filter's name+typeUrl.
+  // FilterChain.name -> <NamedFilterConfig.filterStateKey -> filter_instance>.
+  private final HashMap<String, HashMap<String, Filter>> activeFilters = new HashMap<>();
+  // Default filter chain Filter instances are unique per Server, and per filter's name+typeUrl.
+  // NamedFilterConfig.filterStateKey -> filter_instance.
+  private final HashMap<String, Filter> activeFiltersDefaultChain = new HashMap<>();
+
   XdsServerWrapper(
       String listenerAddress,
       ServerBuilder<?> delegateBuilder,
@@ -382,13 +390,18 @@ public void onChanged(final LdsUpdate update) {
         releaseSuppliersInFlight();
         pendingRds.clear();
       }
+
       filterChains = update.listener().filterChains();
       defaultFilterChain = update.listener().defaultFilterChain();
+      // Filters are loaded even if the server isn't serving yet.
+      updateActiveFilters();
+
       List<FilterChain> allFilterChains = filterChains;
       if (defaultFilterChain != null) {
         allFilterChains = new ArrayList<>(filterChains);
         allFilterChains.add(defaultFilterChain);
       }
+
       Set<String> allRds = new HashSet<>();
       for (FilterChain filterChain : allFilterChains) {
         HttpConnectionManager hcm = filterChain.httpConnectionManager();
@@ -406,6 +419,7 @@ public void onChanged(final LdsUpdate update) {
           allRds.add(hcm.rdsName());
         }
       }
+
       for (Map.Entry<String, RouteDiscoveryState> entry: routeDiscoveryStates.entrySet()) {
         if (!allRds.contains(entry.getKey())) {
           xdsClient.cancelXdsResourceWatch(XdsRouteConfigureResource.getInstance(),
@@ -448,6 +462,7 @@ private void shutdown() {
       cleanUpRouteDiscoveryStates();
       logger.log(Level.FINE, "Stop watching LDS resource {0}", resourceName);
       xdsClient.cancelXdsResourceWatch(XdsListenerResource.getInstance(), resourceName, this);
+      shutdownActiveFilters();
       List<SslContextProviderSupplier> toRelease = getSuppliersInUse();
       filterChainSelectorManager.updateSelector(FilterChainSelector.NO_FILTER_CHAIN);
       for (SslContextProviderSupplier s: toRelease) {
@@ -464,7 +479,8 @@ private void updateSelector() {
       ImmutableMap.Builder<FilterChain, AtomicReference<ServerRoutingConfig>> routingConfigs =
           ImmutableMap.builder();
       for (FilterChain filterChain: filterChains) {
-        routingConfigs.put(filterChain, generateRoutingConfig(filterChain));
+        HashMap<String, Filter> chainFilters = activeFilters.get(filterChain.name());
+        routingConfigs.put(filterChain, generateRoutingConfig(filterChain, chainFilters));
       }
 
       // Prepare the new selector.
@@ -473,9 +489,9 @@ private void updateSelector() {
         selector = new FilterChainSelector(
             routingConfigs.build(),
             defaultFilterChain.sslContextProviderSupplier(),
-            generateRoutingConfig(defaultFilterChain));
+            generateRoutingConfig(defaultFilterChain, activeFiltersDefaultChain));
       } else {
-        selector = new FilterChainSelector(routingConfigs.build(), null, new AtomicReference<>());
+        selector = new FilterChainSelector(routingConfigs.build());
       }
 
       // Prepare the list of current selector's resources to close later.
@@ -494,38 +510,105 @@ private void updateSelector() {
       startDelegateServer();
     }
 
-    private AtomicReference<ServerRoutingConfig> generateRoutingConfig(FilterChain filterChain) {
+    // called in syncContext
+    private void updateActiveFilters() {
+      Set<String> removedChains = new HashSet<>(activeFilters.keySet());
+      for (FilterChain filterChain: filterChains) {
+        removedChains.remove(filterChain.name());
+        updateActiveFiltersForChain(
+            activeFilters.computeIfAbsent(filterChain.name(), k -> new HashMap<>()),
+            filterChain.httpConnectionManager().httpFilterConfigs());
+      }
+
+      // Shutdown all filters of chains missing from the LDS.
+      for (String chainToShutdown : removedChains) {
+        HashMap<String, Filter> filtersToShutdown = activeFilters.get(chainToShutdown);
+        checkNotNull(filtersToShutdown, "filtersToShutdown of chain %s", chainToShutdown);
+        updateActiveFiltersForChain(filtersToShutdown, null);
+        activeFilters.remove(chainToShutdown);
+      }
+
+      // Default chain.
+      ImmutableList<NamedFilterConfig> defaultChainConfigs = null;
+      if (defaultFilterChain != null) {
+        defaultChainConfigs = defaultFilterChain.httpConnectionManager().httpFilterConfigs();
+      }
+      updateActiveFiltersForChain(activeFiltersDefaultChain, defaultChainConfigs);
+    }
+
+    // called in syncContext
+    private void shutdownActiveFilters() {
+      for (HashMap<String, Filter> chainFilters : activeFilters.values()) {
+        checkNotNull(chainFilters, "chainFilters");
+        updateActiveFiltersForChain(chainFilters, null);
+      }
+      activeFilters.clear();
+      updateActiveFiltersForChain(activeFiltersDefaultChain, null);
+    }
+
+    // called in syncContext
+    private void updateActiveFiltersForChain(
+        Map<String, Filter> chainFilters, @Nullable List<NamedFilterConfig> filterConfigs) {
+      if (filterConfigs == null) {
+        filterConfigs = ImmutableList.of();
+      }
+
+      Set<String> filtersToShutdown = new HashSet<>(chainFilters.keySet());
+      for (NamedFilterConfig namedFilter : filterConfigs) {
+        String typeUrl = namedFilter.filterConfig.typeUrl();
+        String filterKey = namedFilter.filterStateKey();
+
+        Filter.Provider provider = filterRegistry.get(typeUrl);
+        checkNotNull(provider, "provider %s", typeUrl);
+        Filter filter = chainFilters.computeIfAbsent(filterKey, k -> provider.newInstance());
+        checkNotNull(filter, "filter %s", filterKey);
+        filtersToShutdown.remove(filterKey);
+      }
+
+      // Shutdown filters not present in current HCM.
+      for (String filterKey : filtersToShutdown) {
+        Filter filterToShutdown = chainFilters.remove(filterKey);
+        checkNotNull(filterToShutdown, "filterToShutdown %s", filterKey);
+        filterToShutdown.close();
+      }
+    }
+
+    private AtomicReference<ServerRoutingConfig> generateRoutingConfig(
+        FilterChain filterChain, Map<String, Filter> chainFilters) {
       HttpConnectionManager hcm = filterChain.httpConnectionManager();
-      ImmutableMap<Route, ServerInterceptor> interceptors;
+      ServerRoutingConfig routingConfig;
 
       // Inlined routes.
-      if (hcm.virtualHosts() != null) {
-        interceptors = generatePerRouteInterceptors(hcm.httpFilterConfigs(), hcm.virtualHosts());
-        return new AtomicReference<>(ServerRoutingConfig.create(hcm.virtualHosts(), interceptors));
+      ImmutableList<VirtualHost> vhosts = hcm.virtualHosts();
+      if (vhosts != null) {
+        routingConfig = ServerRoutingConfig.create(vhosts,
+            generatePerRouteInterceptors(hcm.httpFilterConfigs(), vhosts, chainFilters));
+        return new AtomicReference<>(routingConfig);
       }
 
       // Routes from RDS.
       RouteDiscoveryState rds = routeDiscoveryStates.get(hcm.rdsName());
       checkNotNull(rds, "rds");
 
-      ServerRoutingConfig routingConfig;
       ImmutableList<VirtualHost> savedVhosts = rds.savedVirtualHosts;
       if (savedVhosts != null) {
-        interceptors = generatePerRouteInterceptors(hcm.httpFilterConfigs(), savedVhosts);
-        routingConfig = ServerRoutingConfig.create(savedVhosts, interceptors);
+        routingConfig = ServerRoutingConfig.create(savedVhosts,
+            generatePerRouteInterceptors(hcm.httpFilterConfigs(), savedVhosts, chainFilters));
       } else {
         routingConfig = ServerRoutingConfig.FAILING_ROUTING_CONFIG;
       }
-
       AtomicReference<ServerRoutingConfig> routingConfigRef = new AtomicReference<>(routingConfig);
       savedRdsRoutingConfigRef.put(filterChain, routingConfigRef);
       return routingConfigRef;
     }
 
     private ImmutableMap<Route, ServerInterceptor> generatePerRouteInterceptors(
-        @Nullable List<NamedFilterConfig> filterConfigs, List<VirtualHost> virtualHosts) {
+        @Nullable List<NamedFilterConfig> filterConfigs,
+        List<VirtualHost> virtualHosts,
+        Map<String, Filter> chainFilters) {
       syncContext.throwIfNotInThisSynchronizationContext();
 
+      checkNotNull(chainFilters, "chainFilters");
       ImmutableMap.Builder<Route, ServerInterceptor> perRouteInterceptors =
           new ImmutableMap.Builder<>();
 
@@ -545,21 +628,16 @@ private ImmutableMap<Route, ServerInterceptor> generatePerRouteInterceptors(
 
           // Interceptors for this vhost/route combo.
           List<ServerInterceptor> interceptors = new ArrayList<>(filterConfigs.size());
-
           for (NamedFilterConfig namedFilter : filterConfigs) {
-            FilterConfig config = namedFilter.filterConfig;
             String name = namedFilter.name;
-            String typeUrl = config.typeUrl();
+            FilterConfig config = namedFilter.filterConfig;
+            FilterConfig overrideConfig = perRouteOverrides.get(name);
+            String filterKey = namedFilter.filterStateKey();
 
-            Filter.Provider provider = filterRegistry.get(typeUrl);
-            if (provider == null || !provider.isServerFilter()) {
-              logger.warning("HttpFilter[" + name + "]: not supported on server-side: " + typeUrl);
-              continue;
-            }
+            Filter filter = chainFilters.get(filterKey);
+            checkNotNull(filter, "chainFilters.get(%s)", filterKey);
+            ServerInterceptor interceptor = filter.buildServerInterceptor(config, overrideConfig);
 
-            Filter filter = provider.newInstance();
-            ServerInterceptor interceptor =
-                filter.buildServerInterceptor(config, perRouteOverrides.get(name));
             if (interceptor != null) {
               interceptors.add(interceptor);
             }
@@ -597,6 +675,7 @@ public <ReqT, RespT> Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> call,
 
     private void handleConfigNotFound(StatusException exception) {
       cleanUpRouteDiscoveryStates();
+      shutdownActiveFilters();
       List<SslContextProviderSupplier> toRelease = getSuppliersInUse();
       filterChainSelectorManager.updateSelector(FilterChainSelector.NO_FILTER_CHAIN);
       for (SslContextProviderSupplier s: toRelease) {
@@ -718,22 +797,24 @@ public void run() {
 
       private void updateRdsRoutingConfig() {
         for (FilterChain filterChain : savedRdsRoutingConfigRef.keySet()) {
-          if (resourceName.equals(filterChain.httpConnectionManager().rdsName())) {
-            ServerRoutingConfig updatedRoutingConfig;
-            if (savedVirtualHosts == null) {
-              updatedRoutingConfig = ServerRoutingConfig.FAILING_ROUTING_CONFIG;
-            } else {
-              ImmutableMap<Route, ServerInterceptor> updatedInterceptors =
-                  generatePerRouteInterceptors(
-                      filterChain.httpConnectionManager().httpFilterConfigs(),
-                      savedVirtualHosts);
-              updatedRoutingConfig = ServerRoutingConfig.create(savedVirtualHosts,
-                  updatedInterceptors);
-            }
-            logger.log(Level.FINEST, "Updating filter chain {0} rds routing config: {1}",
-                new Object[]{filterChain.name(), updatedRoutingConfig});
-            savedRdsRoutingConfigRef.get(filterChain).set(updatedRoutingConfig);
+          HttpConnectionManager hcm = filterChain.httpConnectionManager();
+          if (!resourceName.equals(hcm.rdsName())) {
+            continue;
+          }
+
+          ServerRoutingConfig updatedRoutingConfig;
+          if (savedVirtualHosts == null) {
+            updatedRoutingConfig = ServerRoutingConfig.FAILING_ROUTING_CONFIG;
+          } else {
+            HashMap<String, Filter> chainFilters = activeFilters.get(filterChain.name());
+            ImmutableMap<Route, ServerInterceptor> interceptors = generatePerRouteInterceptors(
+                hcm.httpFilterConfigs(), savedVirtualHosts, chainFilters);
+            updatedRoutingConfig = ServerRoutingConfig.create(savedVirtualHosts, interceptors);
           }
+
+          logger.log(Level.FINEST, "Updating filter chain {0} rds routing config: {1}",
+              new Object[]{filterChain.name(), updatedRoutingConfig});
+          savedRdsRoutingConfigRef.get(filterChain).set(updatedRoutingConfig);
         }
       }
 
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 7fac666f983..90b83320d63 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -2924,6 +2924,45 @@ public void parseFilterChain_noName() throws ResourceInvalidException {
     assertThat(listener.defaultFilterChain().name()).isEqualTo("chain_default");
   }
 
+  @Test
+  public void parseFilterChain_duplicateName() throws ResourceInvalidException {
+    FilterChain filterChain0 =
+        FilterChain.newBuilder()
+            .setName("filter_chain")
+            .setFilterChainMatch(FilterChainMatch.getDefaultInstance())
+            .addFilters(buildHttpConnectionManagerFilter(
+                HttpFilter.newBuilder()
+                    .setName("http-filter-foo")
+                    .setIsOptional(true)
+                    .setTypedConfig(Any.pack(Router.newBuilder().build()))
+                    .build()))
+            .build();
+
+    FilterChain filterChain1 =
+        FilterChain.newBuilder()
+            .setName("filter_chain")
+            .setFilterChainMatch(
+                FilterChainMatch.newBuilder().addAllSourcePorts(Arrays.asList(443, 8080)))
+            .addFilters(buildHttpConnectionManagerFilter(
+                HttpFilter.newBuilder()
+                    .setName("http-filter-bar")
+                    .setTypedConfig(Any.pack(Router.newBuilder().build()))
+                    .setIsOptional(true)
+                    .build()))
+            .build();
+
+    Listener listenerProto =
+        Listener.newBuilder()
+            .setName("listener1")
+            .setTrafficDirection(TrafficDirection.INBOUND)
+            .addAllFilterChains(Arrays.asList(filterChain0, filterChain1))
+            .build();
+    thrown.expect(ResourceInvalidException.class);
+    thrown.expectMessage("Filter chain names must be unique. Found duplicate: filter_chain");
+    XdsListenerResource.parseServerSideListener(
+        listenerProto, null, filterRegistry, null, getXdsResourceTypeArgs(true));
+  }
+
   @Test
   public void validateCommonTlsContext_tlsParams() throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
diff --git a/xds/src/test/java/io/grpc/xds/StatefulFilter.java b/xds/src/test/java/io/grpc/xds/StatefulFilter.java
new file mode 100644
index 00000000000..162dd380daf
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/StatefulFilter.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.ImmutableList.toImmutableList;
+
+import com.google.common.collect.ImmutableList;
+import com.google.protobuf.Message;
+import io.grpc.ServerInterceptor;
+import java.util.ConcurrentModificationException;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.stream.IntStream;
+import javax.annotation.Nullable;
+
+/**
+ * Unlike most singleton-based filters, each StatefulFilter object has a distinct identity.
+ */
+class StatefulFilter implements Filter {
+
+  static final String DEFAULT_TYPE_URL = "type.googleapis.com/grpc.test.StatefulFilter";
+  private final AtomicBoolean shutdown = new AtomicBoolean();
+
+  final int idx;
+  @Nullable volatile String lastCfg = null;
+
+  public StatefulFilter(int idx) {
+    this.idx = idx;
+  }
+
+  public boolean isShutdown() {
+    return shutdown.get();
+  }
+
+  @Override
+  public void close() {
+    if (!shutdown.compareAndSet(false, true)) {
+      throw new ConcurrentModificationException(
+          "Unexpected: StatefulFilter#close called multiple times");
+    }
+  }
+
+  @Nullable
+  @Override
+  public ServerInterceptor buildServerInterceptor(
+      FilterConfig config,
+      @Nullable FilterConfig overrideConfig) {
+    Config cfg = (Config) config;
+    // TODO(sergiitk): to be replaced when name argument passed to the constructor.
+    lastCfg = cfg.getConfig();
+    return null;
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder().append("StatefulFilter{")
+        .append("idx=").append(idx);
+    if (lastCfg != null) {
+      sb.append(", name=").append(lastCfg);
+    }
+    return sb.append("}").toString();
+  }
+
+  static final class Provider implements Filter.Provider {
+
+    private final String typeUrl;
+    private final ConcurrentMap<Integer, StatefulFilter> instances = new ConcurrentHashMap<>();
+
+    volatile int counter;
+
+    Provider() {
+      this(DEFAULT_TYPE_URL);
+    }
+
+    Provider(String typeUrl) {
+      this.typeUrl = typeUrl;
+    }
+
+    @Override
+    public String[] typeUrls() {
+      return new String[]{ typeUrl };
+    }
+
+    @Override
+    public boolean isClientFilter() {
+      return true;
+    }
+
+    @Override
+    public boolean isServerFilter() {
+      return true;
+    }
+
+    @Override
+    public synchronized StatefulFilter newInstance() {
+      StatefulFilter filter = new StatefulFilter(counter++);
+      instances.put(filter.idx, filter);
+      return filter;
+    }
+
+    public synchronized StatefulFilter getInstance(int idx) {
+      return instances.get(idx);
+    }
+
+    public synchronized ImmutableList<StatefulFilter> getAllInstances() {
+      return IntStream.range(0, counter).mapToObj(this::getInstance).collect(toImmutableList());
+    }
+
+    @SuppressWarnings("UnusedMethod")
+    public synchronized int getCount() {
+      return counter;
+    }
+
+    @Override
+    public ConfigOrError<Config> parseFilterConfig(Message rawProtoMessage) {
+      return ConfigOrError.fromConfig(Config.fromProto(rawProtoMessage, typeUrl));
+    }
+
+    @Override
+    public ConfigOrError<Config> parseFilterConfigOverride(Message rawProtoMessage) {
+      return ConfigOrError.fromConfig(Config.fromProto(rawProtoMessage, typeUrl));
+    }
+  }
+
+
+  static final class Config implements FilterConfig {
+
+    private final String typeUrl;
+    private final String config;
+
+    public Config(String config, String typeUrl) {
+      this.config = config;
+      this.typeUrl = typeUrl;
+    }
+
+    public Config(String config) {
+      this(config, DEFAULT_TYPE_URL);
+    }
+
+    public Config() {
+      this("<BLANK>", DEFAULT_TYPE_URL);
+    }
+
+    public static Config fromProto(Message rawProtoMessage, String typeUrl) {
+      checkNotNull(rawProtoMessage, "rawProtoMessage");
+      return new Config(rawProtoMessage.toString(), typeUrl);
+    }
+
+    public String getConfig() {
+      return config;
+    }
+
+    @Override
+    public String typeUrl() {
+      return typeUrl;
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index f7309051f92..877fa6f88dc 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.Truth.assertWithMessage;
 import static io.grpc.xds.FaultFilter.HEADER_ABORT_GRPC_STATUS_KEY;
 import static io.grpc.xds.FaultFilter.HEADER_ABORT_HTTP_STATUS_KEY;
 import static io.grpc.xds.FaultFilter.HEADER_ABORT_PERCENTAGE_KEY;
@@ -135,6 +136,14 @@ public class XdsNameResolverTest {
   private static final FaultFilter.Provider FAULT_FILTER_PROVIDER = new FaultFilter.Provider();
   private static final RouterFilter.Provider ROUTER_FILTER_PROVIDER = new RouterFilter.Provider();
 
+  // Readability: makes it simpler to distinguish resource parameters.
+  private static final ImmutableMap<String, FilterConfig> NO_FILTER_OVERRIDES = ImmutableMap.of();
+  private static final ImmutableList<HashPolicy> NO_HASH_POLICIES = ImmutableList.of();
+
+  // Stateful instance filter names.
+  private static final String STATEFUL_1 = "test.stateful.filter.1";
+  private static final String STATEFUL_2 = "test.stateful.filter.2";
+
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
   private final SynchronizationContext syncContext = new SynchronizationContext(
@@ -210,6 +219,10 @@ public void setUp() {
   @After
   public void tearDown() {
     XdsNameResolver.enableTimeout = originalEnableTimeout;
+    if (resolver == null) {
+      // Allow tests to test shutdown.
+      return;
+    }
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     resolver.shutdown();
     if (xdsClient != null) {
@@ -1274,6 +1287,316 @@ public void resolved_simpleCallSucceeds_routeToRls() {
         call1, configSelector2, "rls-plugin-foo", 30.0);
   }
 
+  // Begin filter state tests.
+
+  /**
+   * Verifies the lifecycle of HCM filter instances across LDS updates.
+   *
+   * <p>Filter instances:
+   *   1. Must have one unique instance per HCM filter name.
+   *   2. Must be reused when an LDS update with HCM contains a filter with the same name.
+   *   3. Must be shutdown (closed) when an HCM in a LDS update doesn't a filter with the same name.
+   */
+  @Test
+  public void filterState_survivesLds() {
+    StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+    VirtualHost vhost = filterStateTestVhost();
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    // Verify that StatefulFilter with different filter names result in different Filter instances.
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+    assertThat(lds1Filter1).isNotSameInstanceAs(lds1Filter2);
+    // Redundant check just in case StatefulFilter synchronization is broken.
+    assertThat(lds1Filter1.idx).isEqualTo(0);
+    assertThat(lds1Filter2.idx).isEqualTo(1);
+
+    // LDS 2: filter configs with the same names.
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds2Snapshot = statefulFilterProvider.getAllInstances();
+    // Filter names hasn't changed, so expecting no new StatefulFilter instances.
+    assertWithMessage("LDS 2: Expected Filter instances to be reused across LDS updates")
+        .that(lds2Snapshot).isEqualTo(lds1Snapshot);
+
+    // LDS 3: Filter "STATEFUL_2" removed.
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1));
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds3Snapshot = statefulFilterProvider.getAllInstances();
+    // Again, no new StatefulFilter instances should be created.
+    assertWithMessage("LDS 3: Expected Filter instances to be reused across LDS updates")
+        .that(lds3Snapshot).isEqualTo(lds1Snapshot);
+    // Verify the shutdown state.
+    assertThat(lds1Filter1.isShutdown()).isFalse();
+    assertWithMessage("LDS 3: Expected %s to be shut down", lds1Filter2)
+        .that(lds1Filter2.isShutdown()).isTrue();
+
+    // LDS 4: Filter "STATEFUL_2" added back.
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds4Snapshot = statefulFilterProvider.getAllInstances();
+    // Filter "STATEFUL_2" should be treated as any other new filter name in an LDS update:
+    // a new instance should be created.
+    assertWithMessage("LDS 4: Expected a new filter instance for %s", STATEFUL_2)
+        .that(lds4Snapshot).hasSize(3);
+    StatefulFilter lds4Filter2 = lds4Snapshot.get(2);
+    assertThat(lds4Filter2.idx).isEqualTo(2);
+    assertThat(lds4Filter2).isNotSameInstanceAs(lds1Filter2);
+    assertThat(lds4Snapshot).containsAtLeastElementsIn(lds1Snapshot);
+    // Verify the shutdown state.
+    assertThat(lds1Filter1.isShutdown()).isFalse();
+    assertThat(lds1Filter2.isShutdown()).isTrue();
+    assertThat(lds4Filter2.isShutdown()).isFalse();
+  }
+
+  /**
+   * Verifies the lifecycle of HCM filter instances across RDS updates.
+   *
+   * <p>Filter instances:
+   *   1. Must have instantiated by the initial LDS.
+   *   2. Must be reused by all subsequent RDS updates.
+   *   3. Must be not shutdown (closed) by valid RDS updates.
+   */
+  @Test
+  public void filterState_survivesRds() {
+    StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdateForRdsNameWithFilters(RDS_RESOURCE_NAME,
+        filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    // Verify that StatefulFilter with different filter names result in different Filter instances.
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+    assertThat(lds1Filter1).isNotSameInstanceAs(lds1Filter2);
+
+    // RDS 1.
+    VirtualHost vhost1 = filterStateTestVhost();
+    xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, vhost1);
+    assertClusterResolutionResult(call1, cluster1);
+    // Initial RDS update should not generate Filter instances.
+    ImmutableList<StatefulFilter> rds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("RDS 1: Expected Filter instances to be reused across RDS route updates")
+        .that(rds1Snapshot).isEqualTo(lds1Snapshot);
+
+    // RDS 2: exactly the same as RDS 1.
+    xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, vhost1);
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> rds2Snapshot = statefulFilterProvider.getAllInstances();
+    // Neither should any subsequent RDS updates.
+    assertWithMessage("RDS 2: Expected Filter instances to be reused across RDS route updates")
+        .that(rds2Snapshot).isEqualTo(lds1Snapshot);
+
+    // RDS 3: Contains a per-route override for STATEFUL_1.
+    VirtualHost vhost3 = filterStateTestVhost(ImmutableMap.of(
+        STATEFUL_1, new StatefulFilter.Config("RDS3")
+    ));
+    xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, vhost3);
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> rds3Snapshot = statefulFilterProvider.getAllInstances();
+    // As with any other Route update, typed_per_filter_config overrides should not result in
+    // creating new filter instances.
+    assertWithMessage("RDS 3: Expected Filter instances to be reused on per-route filter overrides")
+        .that(rds3Snapshot).isEqualTo(lds1Snapshot);
+  }
+
+  /**
+   * Verifies a special case where an existing filter is has a different typeUrl in a subsequent
+   * LDS update.
+   *
+   * <p>Expectations:
+   *   1. The old filter instance must be shutdown.
+   *   2. A new filter instance must be created for the new filter with different typeUrl.
+   */
+  @Test
+  public void filterState_specialCase_sameNameDifferentTypeUrl() {
+    // Prepare filter registry with StatefulFilter of different typeUrl.
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    String altTypeUrl = "type.googleapis.com/grpc.test.AltStatefulFilter";
+    StatefulFilter.Provider altStatefulFilterProvider = new StatefulFilter.Provider(altTypeUrl);
+    FilterRegistry filterRegistry = FilterRegistry.newRegistry()
+        .register(statefulFilterProvider, altStatefulFilterProvider, ROUTER_FILTER_PROVIDER);
+    resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
+        syncContext, scheduler, xdsClientPoolFactory, mockRandom, filterRegistry, null,
+        metricRecorder);
+    resolver.start(mockListener);
+
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+    VirtualHost vhost = filterStateTestVhost();
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    ImmutableList<StatefulFilter> lds1SnapshotAlt = altStatefulFilterProvider.getAllInstances();
+    // Verify that StatefulFilter with different filter names result in different Filter instances.
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+    assertThat(lds1Filter1).isNotSameInstanceAs(lds1Filter2);
+    // Nothing in the alternative provider.
+    assertThat(lds1SnapshotAlt).isEmpty();
+
+    // LDS 2: Filter STATEFUL_2 present, but with a different typeUrl: altTypeUrl.
+    ImmutableList<NamedFilterConfig> filterConfigs = ImmutableList.of(
+        new NamedFilterConfig(STATEFUL_1, new StatefulFilter.Config(STATEFUL_1)),
+        new NamedFilterConfig(STATEFUL_2, new StatefulFilter.Config(STATEFUL_2, altTypeUrl)),
+        new NamedFilterConfig(ROUTER_FILTER_INSTANCE_NAME, RouterFilter.ROUTER_CONFIG)
+    );
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterConfigs);
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds2Snapshot = statefulFilterProvider.getAllInstances();
+    ImmutableList<StatefulFilter> lds2SnapshotAlt = altStatefulFilterProvider.getAllInstances();
+    // Filter "STATEFUL_2" has different typeUrl, and should be treated as a new filter.
+    // No changes in the snapshot of normal stateful filters.
+    assertWithMessage("LDS 2: expected a new filter instance of different type")
+        .that(lds2Snapshot).isEqualTo(lds1Snapshot);
+    // A new filter instance is created by altStatefulFilterProvider.
+    assertWithMessage("LDS 2: expected a new filter instance for type %s", altTypeUrl)
+        .that(lds2SnapshotAlt).hasSize(1);
+    StatefulFilter lds2Filter2Alt = lds2SnapshotAlt.get(0);
+    assertThat(lds2Filter2Alt).isNotSameInstanceAs(lds1Filter2);
+    // Verify the shutdown state.
+    assertThat(lds1Filter1.isShutdown()).isFalse();
+    assertThat(lds1Filter2.isShutdown()).isTrue();
+    assertThat(lds2Filter2Alt.isShutdown()).isFalse();
+  }
+
+  /**
+   * Verifies that all filter instances are shutdown (closed) on LDS resource not found.
+   */
+  @Test
+  public void filterState_shutdown_onLdsNotFound() {
+    StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+    VirtualHost vhost = filterStateTestVhost();
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+
+    // LDS 2: resource not found.
+    reset(mockListener);
+    xdsClient.deliverLdsResourceNotFound();
+    assertEmptyResolutionResult(expectedLdsResourceName);
+    // Verify shutdown.
+    assertThat(lds1Filter1.isShutdown()).isTrue();
+    assertThat(lds1Filter2.isShutdown()).isTrue();
+  }
+
+  /**
+   * Verifies that all filter instances are shutdown (closed) on LDS ResourceWatcher shutdown.
+   */
+  @Test
+  public void filterState_shutdown_onResolverShutdown() {
+    StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+    VirtualHost vhost = filterStateTestVhost();
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+
+    // Shutdown.
+    resolver.shutdown();
+    resolver = null;  // no need to shutdown again in the teardown.
+    // Verify shutdown.
+    assertThat(lds1Filter1.isShutdown()).isTrue();
+    assertThat(lds1Filter2.isShutdown()).isTrue();
+  }
+
+  /**
+   * Verifies that filter instances are NOT shutdown on RDS_RESOURCE_NAME not found.
+   */
+  @Test
+  public void filterState_shutdown_noShutdownOnRdsNotFound() {
+    StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdateForRdsNameWithFilters(RDS_RESOURCE_NAME,
+        filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+
+    // RDS 1: Standard vhost with a route.
+    xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, filterStateTestVhost());
+    assertClusterResolutionResult(call1, cluster1);
+    assertThat(statefulFilterProvider.getAllInstances()).isEqualTo(lds1Snapshot);
+
+    // RDS 2: RDS_RESOURCE_NAME not found.
+    reset(mockListener);
+    xdsClient.deliverRdsResourceNotFound(RDS_RESOURCE_NAME);
+    assertEmptyResolutionResult(RDS_RESOURCE_NAME);
+    assertThat(lds1Filter1.isShutdown()).isFalse();
+    assertThat(lds1Filter2.isShutdown()).isFalse();
+  }
+
+  private StatefulFilter.Provider filterStateTestSetupResolver() {
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    FilterRegistry filterRegistry = FilterRegistry.newRegistry()
+        .register(statefulFilterProvider, ROUTER_FILTER_PROVIDER);
+    resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
+        syncContext, scheduler, xdsClientPoolFactory, mockRandom, filterRegistry, null,
+        metricRecorder);
+    resolver.start(mockListener);
+    return statefulFilterProvider;
+  }
+
+  private ImmutableList<NamedFilterConfig> filterStateTestConfigs(String... names) {
+    ImmutableList.Builder<NamedFilterConfig> result = ImmutableList.builder();
+    for (String name : names) {
+      result.add(new NamedFilterConfig(name, new StatefulFilter.Config(name)));
+    }
+    result.add(new NamedFilterConfig(ROUTER_FILTER_INSTANCE_NAME, RouterFilter.ROUTER_CONFIG));
+    return result.build();
+  }
+
+  private Route filterStateTestRoute(ImmutableMap<String, FilterConfig> perRouteOverrides) {
+    // Standard basic route for filterState tests.
+    return Route.forAction(
+        RouteMatch.withPathExactOnly(call1.getFullMethodNameForPath()),
+        RouteAction.forCluster(cluster1, NO_HASH_POLICIES, null, null, true),
+        perRouteOverrides);
+  }
+
+  private VirtualHost filterStateTestVhost() {
+    return filterStateTestVhost(NO_FILTER_OVERRIDES);
+  }
+
+  private VirtualHost filterStateTestVhost(ImmutableMap<String, FilterConfig> perRouteOverrides) {
+    return VirtualHost.create(
+        "stateful-vhost",
+        ImmutableList.of(expectedLdsResourceName),
+        ImmutableList.of(filterStateTestRoute(perRouteOverrides)),
+        NO_FILTER_OVERRIDES);
+  }
+
+  // End filter state tests.
+
   @SuppressWarnings("unchecked")
   private void assertEmptyResolutionResult(String resource) {
     verify(mockListener).onResult(resolutionResultCaptor.capture());
@@ -1287,6 +1610,13 @@ private void assertEmptyResolutionResult(String resource) {
     assertThat(configResult.getStatus().getDescription()).contains(resource);
   }
 
+  private void assertClusterResolutionResult(CallInfo call, String expectedCluster) {
+    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    ResolutionResult result = resolutionResultCaptor.getValue();
+    InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
+    assertCallSelectClusterResult(call, configSelector, expectedCluster, null);
+  }
+
   private void assertCallSelectClusterResult(
       CallInfo call, InternalConfigSelector configSelector, String expectedCluster,
       @Nullable Double expectedTimeoutSec) {
@@ -1528,7 +1858,6 @@ public void generateServiceConfig_forPerMethodConfig() throws IOException {
     assertThat(XdsNameResolver.generateServiceConfigWithMethodConfig(null, retryPolicy))
         .isEqualTo(expectedServiceConfig);
 
-
     // timeout and retry
     expectedServiceConfigJson = "{\n"
         + "  \"methodConfig\": [{\n"
@@ -2127,6 +2456,13 @@ void deliverLdsUpdate(final List<Route> routes) {
       });
     }
 
+    void deliverLdsUpdateWithFilters(VirtualHost vhost, List<NamedFilterConfig> filterConfigs) {
+      syncContext.execute(() -> {
+        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            0L, Collections.singletonList(vhost), filterConfigs)));
+      });
+    }
+
     void deliverLdsUpdateWithFaultInjection(
         final String cluster,
         FaultConfig httpFilterFaultConfig,
@@ -2191,9 +2527,15 @@ void deliverLdsUpdateForRdsNameWithFaultInjection(
     }
 
     void deliverLdsUpdateForRdsName(String rdsName) {
+      deliverLdsUpdateForRdsNameWithFilters(rdsName, null);
+    }
+
+    void deliverLdsUpdateForRdsNameWithFilters(
+        String rdsName,
+        @Nullable List<NamedFilterConfig> filterConfigs) {
       syncContext.execute(() -> {
         ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forRdsName(
-            0, rdsName, null)));
+            0, rdsName, filterConfigs)));
       });
     }
 
@@ -2251,6 +2593,10 @@ void deliverRdsUpdate(String resourceName, List<VirtualHost> virtualHosts) {
       });
     }
 
+    void deliverRdsUpdate(String resourceName, VirtualHost virtualHost) {
+      deliverRdsUpdate(resourceName, ImmutableList.of(virtualHost));
+    }
+
     void deliverRdsResourceNotFound(String resourceName) {
       if (!resourceName.equals(rdsResource)) {
         return;
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
index 0508b11c205..ec9f4c54c31 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
@@ -272,32 +272,53 @@ private void execute(Runnable action) {
       //
       // Note that this doesn't guarantee that any of the RDS watchers are created.
       // Tests should use setExpectedRdsCount(int) and awaitRds() for that.
+      awaitLdsResource(DEFAULT_TIMEOUT);
+      serverExecutor.execute(action);
+    }
+
+    private String awaitLdsResource(Duration timeout) {
       if (ldsResource == null) {
         throw new IllegalStateException("xDS resource update after watcher cancel");
       }
       try {
-        ldsResource.get(DEFAULT_TIMEOUT.toMillis(), TimeUnit.MILLISECONDS);
+        return ldsResource.get(timeout.toMillis(), TimeUnit.MILLISECONDS);
       } catch (ExecutionException | TimeoutException e) {
-        throw new RuntimeException("Can't resolve LDS resource name in " + DEFAULT_TIMEOUT, e);
+        throw new RuntimeException("Can't resolve LDS resource name in " + timeout, e);
       } catch (InterruptedException e) {
         Thread.currentThread().interrupt();
         throw new RuntimeException(e);
       }
-      serverExecutor.execute(action);
     }
 
-    void deliverLdsUpdate(List<FilterChain> filterChains,
-                          FilterChain defaultFilterChain) {
+    void deliverLdsUpdate(LdsUpdate ldsUpdate) {
+      execute(() -> ldsWatcher.onChanged(ldsUpdate));
+    }
+
+    void deliverLdsUpdate(
+        List<FilterChain> filterChains,
+        @Nullable FilterChain defaultFilterChain) {
       deliverLdsUpdate(LdsUpdate.forTcpListener(Listener.create(
           "listener", "0.0.0.0:1", ImmutableList.copyOf(filterChains), defaultFilterChain)));
     }
 
-    void deliverLdsUpdate(LdsUpdate ldsUpdate) {
-      execute(() -> ldsWatcher.onChanged(ldsUpdate));
+    void deliverLdsUpdate(FilterChain filterChain, @Nullable FilterChain defaultFilterChain) {
+      deliverLdsUpdate(ImmutableList.of(filterChain), defaultFilterChain);
+    }
+
+    void deliverLdsResourceNotFound() {
+      execute(() -> ldsWatcher.onResourceDoesNotExist(awaitLdsResource(DEFAULT_TIMEOUT)));
     }
 
     void deliverRdsUpdate(String resourceName, List<VirtualHost> virtualHosts) {
       execute(() -> rdsWatchers.get(resourceName).onChanged(new RdsUpdate(virtualHosts)));
     }
+
+    void deliverRdsUpdate(String resourceName, VirtualHost virtualHost) {
+      deliverRdsUpdate(resourceName, ImmutableList.of(virtualHost));
+    }
+
+    void deliverRdsResourceNotFound(String resourceName) {
+      execute(() -> rdsWatchers.get(resourceName).onResourceDoesNotExist(resourceName));
+    }
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
index 388052a3dc8..b866e10c559 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
@@ -18,6 +18,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.Truth.assertWithMessage;
 import static io.grpc.xds.XdsServerWrapper.ATTR_SERVER_ROUTING_CONFIG;
 import static io.grpc.xds.XdsServerWrapper.RETRY_DELAY_NANOS;
 import static org.junit.Assert.fail;
@@ -34,6 +35,7 @@
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.net.InetAddresses;
 import com.google.common.util.concurrent.SettableFuture;
 import io.grpc.Attributes;
 import io.grpc.InsecureChannelCredentials;
@@ -49,10 +51,13 @@
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.FakeClock;
 import io.grpc.testing.TestMethodDescriptors;
+import io.grpc.xds.EnvoyServerProtoData.CidrRange;
 import io.grpc.xds.EnvoyServerProtoData.FilterChain;
+import io.grpc.xds.EnvoyServerProtoData.FilterChainMatch;
 import io.grpc.xds.Filter.FilterConfig;
 import io.grpc.xds.Filter.NamedFilterConfig;
 import io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector;
+import io.grpc.xds.StatefulFilter.Config;
 import io.grpc.xds.VirtualHost.Route;
 import io.grpc.xds.VirtualHost.Route.RouteMatch;
 import io.grpc.xds.VirtualHost.Route.RouteMatch.PathMatcher;
@@ -70,10 +75,12 @@
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import java.io.IOException;
+import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
@@ -93,6 +100,14 @@
 @RunWith(JUnit4.class)
 public class XdsServerWrapperTest {
   private static final int START_WAIT_AFTER_LISTENER_MILLIS = 100;
+  private static final String ROUTER_FILTER_INSTANCE_NAME = "envoy.router";
+  private static final RouterFilter.Provider ROUTER_FILTER_PROVIDER = new RouterFilter.Provider();
+
+  // Readability: makes it simpler to distinguish resource parameters.
+  private static final ImmutableMap<String, FilterConfig> NO_FILTER_OVERRIDES = ImmutableMap.of();
+
+  private static final String STATEFUL_1 = "stateful_1";
+  private static final String STATEFUL_2 = "stateful_2";
 
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
@@ -1268,9 +1283,507 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
         .get(filterChain).get()).isEqualTo(noopConfig);
   }
 
+  // Begin filter state tests.
+
+  @Test
+  public void filterState_survivesLds() {
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    FilterRegistry filterRegistry = filterStateTestFilterRegistry(statefulFilterProvider);
+    SettableFuture<Server> serverStart = filterStateTestStartServer(filterRegistry);
+
+    VirtualHost vhost = filterStateTestVhost();
+
+    // LDS 1.
+    FilterChain lds1FilterChain = createFilterChain("chain_0",
+        createHcm(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2)));
+    xdsClient.deliverLdsUpdate(lds1FilterChain, null);
+    verifyServerStarted(serverStart);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    // Verify that StatefulFilter with different filter names result in different Filter instances.
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+    assertThat(lds1Filter1).isNotSameInstanceAs(lds1Filter2);
+    // Redundant check just in case StatefulFilter synchronization is broken.
+    assertThat(lds1Filter1.idx).isEqualTo(0);
+    assertThat(lds1Filter2.idx).isEqualTo(1);
+
+    // LDS 2: filter configs with the same names.
+    FilterChain lds2FilterChain = createFilterChain("chain_0",
+        createHcm(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2)));
+    xdsClient.deliverLdsUpdate(lds2FilterChain, null);
+    ImmutableList<StatefulFilter> lds2Snapshot = statefulFilterProvider.getAllInstances();
+    // Filter names hasn't changed, so expecting no new StatefulFilter instances.
+    assertWithMessage("LDS 2: Expected Filter instances to be reused across LDS updates")
+        .that(lds2Snapshot).isEqualTo(lds1Snapshot);
+
+    // LDS 3: Filter "STATEFUL_2" removed.
+    FilterChain lds3FilterChain = createFilterChain("chain_0",
+        createHcm(vhost, filterStateTestConfigs(STATEFUL_1)));
+    xdsClient.deliverLdsUpdate(lds3FilterChain, null);
+    ImmutableList<StatefulFilter> lds3Snapshot = statefulFilterProvider.getAllInstances();
+    // Again, no new StatefulFilter instances should be created.
+    assertWithMessage("LDS 3: Expected Filter instances to be reused across LDS updates")
+        .that(lds3Snapshot).isEqualTo(lds1Snapshot);
+    // Verify the shutdown state.
+    assertThat(lds1Filter1.isShutdown()).isFalse();
+    assertWithMessage("LDS 3: Expected %s to be shut down", lds1Filter2)
+        .that(lds1Filter2.isShutdown()).isTrue();
+
+    // LDS 4: Filter "STATEFUL_2" added back.
+    FilterChain lds4FilterChain = createFilterChain("chain_0",
+        createHcm(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2)));
+    xdsClient.deliverLdsUpdate(lds4FilterChain, null);
+    ImmutableList<StatefulFilter> lds4Snapshot = statefulFilterProvider.getAllInstances();
+    // Filter "STATEFUL_2" should be treated as any other new filter name in an LDS update:
+    // a new instance should be created.
+    assertWithMessage("LDS 4: Expected a new filter instance for %s", STATEFUL_2)
+        .that(lds4Snapshot).hasSize(3);
+    StatefulFilter lds4Filter2 = lds4Snapshot.get(2);
+    assertThat(lds4Filter2.idx).isEqualTo(2);
+    assertThat(lds4Filter2).isNotSameInstanceAs(lds1Filter2);
+    assertThat(lds4Snapshot).containsAtLeastElementsIn(lds1Snapshot);
+    // Verify the shutdown state.
+    assertThat(lds1Filter1.isShutdown()).isFalse();
+    assertThat(lds1Filter2.isShutdown()).isTrue();
+    assertThat(lds4Filter2.isShutdown()).isFalse();
+  }
+
+  @Test
+  public void filterState_survivesRds() throws Exception {
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    FilterRegistry filterRegistry = filterStateTestFilterRegistry(statefulFilterProvider);
+    SettableFuture<Server> serverStart = filterStateTestStartServer(filterRegistry);
+
+    String rdsName = "rds.example.com";
+
+    // LDS 1.
+    FilterChain fc1 = createFilterChain("fc1",
+        createHcmForRds(rdsName, filterStateTestConfigs(STATEFUL_1, STATEFUL_2)));
+    xdsClient.deliverLdsUpdate(fc1, null);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
+    verify(listener, never()).onServing();
+    // Server didn't start, but filter instances should have already been created.
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+    assertThat(lds1Filter1).isNotSameInstanceAs(lds1Filter2);
+
+    // RDS 1.
+    VirtualHost vhost1 = filterStateTestVhost();
+    xdsClient.deliverRdsUpdate(rdsName, vhost1);
+    verifyServerStarted(serverStart);
+    assertThat(getSelectorRoutingConfigs()).hasSize(1);
+    assertThat(getSelectorVhosts(fc1)).containsExactly(vhost1);
+    // Initial RDS update should not generate Filter instances.
+    ImmutableList<StatefulFilter> rds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("RDS 1: Expected Filter instances to be reused across RDS route updates")
+        .that(rds1Snapshot).isEqualTo(lds1Snapshot);
+
+    // RDS 2: exactly the same as RDS 1.
+    xdsClient.deliverRdsUpdate(rdsName, vhost1);
+    assertThat(getSelectorRoutingConfigs()).hasSize(1);
+    assertThat(getSelectorVhosts(fc1)).containsExactly(vhost1);
+    ImmutableList<StatefulFilter> rds2Snapshot = statefulFilterProvider.getAllInstances();
+    // Neither should any subsequent RDS updates.
+    assertWithMessage("RDS 2: Expected Filter instances to be reused across RDS route updates")
+        .that(rds2Snapshot).isEqualTo(lds1Snapshot);
+
+    // RDS 3: Contains a per-route override for STATEFUL_1.
+    VirtualHost vhost3 = filterStateTestVhost(vhost1.name(), ImmutableMap.of(
+        STATEFUL_1, new Config("RDS3")
+    ));
+    xdsClient.deliverRdsUpdate(rdsName, vhost3);
+    assertThat(getSelectorRoutingConfigs()).hasSize(1);
+    assertThat(getSelectorVhosts(fc1)).containsExactly(vhost3);
+    ImmutableList<StatefulFilter> rds3Snapshot = statefulFilterProvider.getAllInstances();
+    // As with any other Route update, typed_per_filter_config overrides should not result in
+    // creating new filter instances.
+    assertWithMessage("RDS 3: Expected Filter instances to be reused on per-route filter overrides")
+        .that(rds3Snapshot).isEqualTo(lds1Snapshot);
+  }
+
+  @Test
+  public void filterState_uniquePerFilterChain() {
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    FilterRegistry filterRegistry = filterStateTestFilterRegistry(statefulFilterProvider);
+    SettableFuture<Server> serverStart = filterStateTestStartServer(filterRegistry);
+
+    // Prepare multiple filter chains matchers for testing.
+    FilterChainMatch matcherA = createMatchSrcIp("3fff:a::/32");
+    FilterChainMatch matcherB = createMatchSrcIp("3fff:b::/32");
+
+    // Vhosts won't change too.
+    VirtualHost vhostA = filterStateTestVhost("stateful_vhost_a");
+    VirtualHost vhostB = filterStateTestVhost("stateful_vhost_b");
+
+    // LDS 1.
+    FilterChain lds1ChainA = createFilterChain("chain_a",
+        createHcm(vhostA, filterStateTestConfigs(STATEFUL_1, STATEFUL_2)),
+        matcherA);
+    FilterChain lds1ChainB = createFilterChain("chain_b",
+        createHcm(vhostB, filterStateTestConfigs(STATEFUL_2)),
+        matcherB);
+
+    xdsClient.deliverLdsUpdate(ImmutableList.of(lds1ChainA, lds1ChainB), null);
+    verifyServerStarted(serverStart);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    // Verify that filter with name STATEFUL_2 produced separate instances unique per filter chain.
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(3);
+    // Naming: lds<LDS#>Chain<name>Filter<name#>
+    StatefulFilter lds1ChainAFilter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1ChainAFilter2 = lds1Snapshot.get(1);
+    StatefulFilter lds1ChainBFilter2 = lds1Snapshot.get(2);
+    assertThat(lds1ChainAFilter2).isNotSameInstanceAs(lds1ChainBFilter2);
+
+    // LDS 2: In chain B filter with name STATEFUL_1 is replaced STATEFUL_2.
+    FilterChain lds2ChainA = createFilterChain("chain_a",
+        createHcm(vhostA, filterStateTestConfigs(STATEFUL_1, STATEFUL_2)),
+        matcherA);
+    FilterChain lds2ChainB = createFilterChain("chain_b",
+        createHcm(vhostB, filterStateTestConfigs(STATEFUL_1)),
+        matcherB);
+
+    xdsClient.deliverLdsUpdate(ImmutableList.of(lds2ChainA, lds2ChainB), null);
+    ImmutableList<StatefulFilter> lds2Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 2: expected a distinct instance of filter %s for Chain B", STATEFUL_1)
+        .that(lds2Snapshot).hasSize(4);
+    StatefulFilter lds2ChainBFilter1 = lds2Snapshot.get(3);
+    assertThat(lds2ChainBFilter1).isNotSameInstanceAs(lds1ChainAFilter1);
+    // Confirm correct STATEFUL_2 has been shut down.
+    assertThat(lds1ChainBFilter2.isShutdown()).isTrue();
+    assertThat(lds1ChainAFilter2.isShutdown()).isFalse();
+
+    // LDS 3: Add default chain
+    // Default filter chain is an exception from the uniqueness rule, and we need to make sure
+    // that this is accounted for when we're tracking active filters per unique FilterChain.
+    FilterChain lds3ChainDefault = createFilterChain("chain_default",
+        createHcm(vhostA, filterStateTestConfigs(STATEFUL_1, STATEFUL_2)),
+        matcherA);
+    xdsClient.deliverLdsUpdate(ImmutableList.of(lds2ChainA, lds2ChainB), lds3ChainDefault);
+    ImmutableList<StatefulFilter> lds3Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 3: Expected two new distinct filter instances for default chain")
+        .that(lds3Snapshot).hasSize(6);
+    StatefulFilter lds3ChainDefaultFilter1 = lds3Snapshot.get(4);
+    StatefulFilter lds3ChainDefaultFilter2 = lds3Snapshot.get(5);
+    // STATEFUL_1 in default chain not the same STATEFUL_1 in chain A or B
+    assertThat(lds3ChainDefaultFilter1).isNotSameInstanceAs(lds1ChainAFilter1);
+    assertThat(lds3ChainDefaultFilter1).isNotSameInstanceAs(lds2ChainBFilter1);
+    // STATEFUL_2 in default chain not the same STATEFUL_1 in chain A
+    assertThat(lds3ChainDefaultFilter2).isNotSameInstanceAs(lds1ChainAFilter2);
+  }
+
+  /**
+   * Verifies a special case where an existing filter is has a different typeUrl in a subsequent
+   * LDS update.
+   *
+   * <p>Expectations:
+   *   1. The old filter instance must be shutdown.
+   *   2. A new filter instance must be created for the new filter with different typeUrl.
+   */
+  @Test
+  public void filterState_specialCase_sameNameDifferentTypeUrl() {
+    // Setup the server with filter containing StatefulFilter.Provider for two distict type URLs.
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    String altTypeUrl = "type.googleapis.com/grpc.test.AltStatefulFilter";
+    StatefulFilter.Provider altStatefulFilterProvider = new StatefulFilter.Provider(altTypeUrl);
+    FilterRegistry filterRegistry = FilterRegistry.newRegistry()
+        .register(statefulFilterProvider, altStatefulFilterProvider, ROUTER_FILTER_PROVIDER);
+    SettableFuture<Server> serverStart = filterStateTestStartServer(filterRegistry);
+
+    // Test a normal chain and the default chain, as it's handled separately.
+    VirtualHost vhost = filterStateTestVhost();
+
+    // LDS 1.
+    ImmutableList<NamedFilterConfig> lds1Confgs = filterStateTestConfigs(STATEFUL_1, STATEFUL_2);
+    FilterChain lds1ChainA = createFilterChain("chain_a", createHcm(vhost, lds1Confgs));
+    FilterChain lds1ChainDefault = createFilterChain("chain_default", createHcm(vhost, lds1Confgs));
+    xdsClient.deliverLdsUpdate(lds1ChainA, lds1ChainDefault);
+    verifyServerStarted(serverStart);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(4);
+    // Naming: lds<LDS#>Chain<name>Filter<name#>
+    StatefulFilter lds1ChainAFilter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1ChainAFilter2 = lds1Snapshot.get(1);
+    StatefulFilter lds1ChainDefaultFilter1 = lds1Snapshot.get(2);
+    StatefulFilter lds1ChainDefaultFilter2 = lds1Snapshot.get(3);
+
+    // LDS 2: Filter STATEFUL_2 present, but with a different typeUrl: altTypeUrl.
+    ImmutableList<NamedFilterConfig> lds2Confgs = ImmutableList.of(
+        new NamedFilterConfig(STATEFUL_1, new StatefulFilter.Config(STATEFUL_1)),
+        new NamedFilterConfig(STATEFUL_2, new StatefulFilter.Config(STATEFUL_2, altTypeUrl)),
+        new NamedFilterConfig(ROUTER_FILTER_INSTANCE_NAME, RouterFilter.ROUTER_CONFIG)
+    );
+    FilterChain lds2ChainA = createFilterChain("chain_a", createHcm(vhost, lds2Confgs));
+    FilterChain lds2ChainDefault = createFilterChain("chain_default", createHcm(vhost, lds2Confgs));
+    xdsClient.deliverLdsUpdate(lds2ChainA, lds2ChainDefault);
+    ImmutableList<StatefulFilter> lds2Snapshot = statefulFilterProvider.getAllInstances();
+    ImmutableList<StatefulFilter> lds2SnapshotAlt = altStatefulFilterProvider.getAllInstances();
+    // Filter "STATEFUL_2" has different typeUrl, and should be treated as a new filter.
+    // No changes in the snapshot of normal stateful filters.
+    assertThat(lds2Snapshot).isEqualTo(lds1Snapshot);
+    // Two new filter instances is created by altStatefulFilterProvider for chainA and chainDefault.
+    assertWithMessage("LDS 2: expected new filter instances for type %s", altTypeUrl)
+        .that(lds2SnapshotAlt).hasSize(2);
+    StatefulFilter lds2ChainAFilter2Alt = lds2SnapshotAlt.get(0);
+    StatefulFilter lds2ChainADefault2Alt = lds2SnapshotAlt.get(1);
+    // Confirm two new distict instances of STATEFUL_2 were created.
+    assertThat(lds2ChainAFilter2Alt).isNotSameInstanceAs(lds1ChainAFilter2);
+    assertThat(lds2ChainADefault2Alt).isNotSameInstanceAs(lds1ChainDefaultFilter2);
+    assertThat(lds2ChainAFilter2Alt).isNotSameInstanceAs(lds2ChainADefault2Alt);
+    // Verify the instance of STATEFUL_2 of the old type are shutdown.
+    assertThat(lds1ChainAFilter2.isShutdown()).isTrue();
+    assertThat(lds1ChainDefaultFilter2.isShutdown()).isTrue();
+    // Verify the new instances of STATEFUL_2 and the old instances of STATEFUL_1 are running.
+    assertThat(lds2ChainAFilter2Alt.isShutdown()).isFalse();
+    assertThat(lds2ChainADefault2Alt.isShutdown()).isFalse();
+    assertThat(lds1ChainAFilter1.isShutdown()).isFalse();
+    assertThat(lds1ChainDefaultFilter1.isShutdown()).isFalse();
+  }
+
+  /**
+   * Verifies that all filter instances are shutdown (closed) on LDS resource not found.
+   */
+  @Test
+  public void filterState_shutdown_onLdsNotFound() {
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    FilterRegistry filterRegistry = filterStateTestFilterRegistry(statefulFilterProvider);
+    SettableFuture<Server> serverStart = filterStateTestStartServer(filterRegistry);
+
+    // Test a normal chain and the default chain, as it's handled separately.
+    VirtualHost vhost = filterStateTestVhost();
+    FilterChain chainA = createFilterChain("chain_a",
+        createHcm(vhost, filterStateTestConfigs(STATEFUL_1)));
+    FilterChain chainDefault = createFilterChain("chain_default",
+        createHcm(vhost, filterStateTestConfigs(STATEFUL_2)));
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdate(chainA, chainDefault);
+    verifyServerStarted(serverStart);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Chain<name>Filter<name#>
+    StatefulFilter lds1ChainAFilter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1ChainDefaultFilter2 = lds1Snapshot.get(1);
+
+    // LDS 2: resource not found.
+    xdsClient.deliverLdsResourceNotFound();
+    // Verify shutdown.
+    assertThat(lds1ChainAFilter1.isShutdown()).isTrue();
+    assertThat(lds1ChainDefaultFilter2.isShutdown()).isTrue();
+  }
+
+  /**
+   * Verifies that all filter instances of a filter chain are shutdown when said chain is removed.
+   */
+  @Test
+  public void filterState_shutdown_onChainRemoved() {
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    FilterRegistry filterRegistry = filterStateTestFilterRegistry(statefulFilterProvider);
+    SettableFuture<Server> serverStart = filterStateTestStartServer(filterRegistry);
+
+    ImmutableList<NamedFilterConfig> configs = filterStateTestConfigs(STATEFUL_1, STATEFUL_2);
+    FilterChain chainA = createFilterChain("chain_a",
+        createHcm(filterStateTestVhost("stateful_vhost_a"), configs),
+        createMatchSrcIp("3fff:a::/32"));
+    FilterChain chainB = createFilterChain("chain_b",
+        createHcm(filterStateTestVhost("stateful_vhost_b"), configs),
+        createMatchSrcIp("3fff:b::/32"));
+    FilterChain chainDefault = createFilterChain("chain_default",
+        createHcm(filterStateTestVhost("stateful_vhost_default"), configs),
+        createMatchSrcIp("3fff:defa::/32"));
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdate(ImmutableList.of(chainA, chainB), chainDefault);
+    verifyServerStarted(serverStart);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(6);
+    StatefulFilter chainAFilter1 = lds1Snapshot.get(0);
+    StatefulFilter chainAFilter2 = lds1Snapshot.get(1);
+    StatefulFilter chainBFilter1 = lds1Snapshot.get(2);
+    StatefulFilter chainBFilter2 = lds1Snapshot.get(3);
+    StatefulFilter chainDefaultFilter1 = lds1Snapshot.get(4);
+    StatefulFilter chainDefaultFilter2 = lds1Snapshot.get(5);
+
+    // LDS 2: ChainB and ChainDefault are gone.
+    xdsClient.deliverLdsUpdate(chainA, null);
+    assertThat(statefulFilterProvider.getAllInstances()).isEqualTo(lds1Snapshot);
+    // ChainA filters not shutdown (just in case).
+    assertThat(chainAFilter1.isShutdown()).isFalse();
+    assertThat(chainAFilter2.isShutdown()).isFalse();
+    // ChainB and ChainDefault filters shutdown.
+    assertWithMessage("chainBFilter1").that(chainBFilter1.isShutdown()).isTrue();
+    assertWithMessage("chainBFilter2").that(chainBFilter2.isShutdown()).isTrue();
+    assertWithMessage("chainDefaultFilter1").that(chainDefaultFilter1.isShutdown()).isTrue();
+    assertWithMessage("chainDefaultFilter2").that(chainDefaultFilter2.isShutdown()).isTrue();
+  }
+
+  /**
+   * Verifies that all filter instances are shutdown (closed) on LDS ResourceWatcher shutdown.
+   */
+  @Test
+  public void filterState_shutdown_onServerShutdown() {
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    FilterRegistry filterRegistry = filterStateTestFilterRegistry(statefulFilterProvider);
+    SettableFuture<Server> serverStart = filterStateTestStartServer(filterRegistry);
+
+    // Test a normal chain and the default chain, as it's handled separately.
+    VirtualHost vhost = filterStateTestVhost();
+    FilterChain chainA = createFilterChain("chain_a",
+        createHcm(vhost, filterStateTestConfigs(STATEFUL_1)));
+    FilterChain chainDefault = createFilterChain("chain_default",
+        createHcm(vhost, filterStateTestConfigs(STATEFUL_2)));
+
+    // LDS 1.
+    xdsClient.deliverLdsUpdate(chainA, chainDefault);
+    verifyServerStarted(serverStart);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Chain<name>Filter<name#>
+    StatefulFilter lds1ChainAFilter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1ChainDefaultFilter2 = lds1Snapshot.get(1);
+
+    // Shutdown.
+    xdsServerWrapper.shutdown();
+    assertThat(xdsServerWrapper.isShutdown()).isTrue();
+    assertThat(xdsClient.isShutDown()).isTrue();
+    // Verify shutdown.
+    assertThat(lds1ChainAFilter1.isShutdown()).isTrue();
+    assertThat(lds1ChainDefaultFilter2.isShutdown()).isTrue();
+  }
+
+  /**
+   * Verifies that filter instances are NOT shutdown on RDS_RESOURCE_NAME not found.
+   */
+  @Test
+  public void filterState_shutdown_noShutdownOnRdsNotFound() throws Exception {
+    StatefulFilter.Provider statefulFilterProvider = new StatefulFilter.Provider();
+    FilterRegistry filterRegistry = filterStateTestFilterRegistry(statefulFilterProvider);
+    SettableFuture<Server> serverStart = filterStateTestStartServer(filterRegistry);
+
+    String rdsName = "rds.example.com";
+    // Test a normal chain and the default chain, as it's handled separately.
+    FilterChain chainA = createFilterChain("chain_a",
+        createHcmForRds(rdsName, filterStateTestConfigs(STATEFUL_1)));
+    FilterChain chainDefault = createFilterChain("chain_default",
+        createHcmForRds(rdsName, filterStateTestConfigs(STATEFUL_2)));
+
+    xdsClient.deliverLdsUpdate(chainA, chainDefault);
+    xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
+    verify(listener, never()).onServing();
+    // Server didn't start, but filter instances should have already been created.
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Chain<name>Filter<name#>
+    StatefulFilter lds1ChainAFilter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1ChainDefaultFilter2 = lds1Snapshot.get(1);
+
+    // RDS 1: Standard vhost with a route.
+    xdsClient.deliverRdsUpdate(rdsName, filterStateTestVhost());
+    verifyServerStarted(serverStart);
+    assertThat(statefulFilterProvider.getAllInstances()).isEqualTo(lds1Snapshot);
+
+    // RDS 2: RDS_RESOURCE_NAME not found.
+    xdsClient.deliverRdsResourceNotFound(rdsName);
+    assertThat(lds1ChainAFilter1.isShutdown()).isFalse();
+    assertThat(lds1ChainDefaultFilter2.isShutdown()).isFalse();
+  }
+
+  private FilterRegistry filterStateTestFilterRegistry(
+      StatefulFilter.Provider statefulFilterProvider) {
+    return FilterRegistry.newRegistry().register(statefulFilterProvider, ROUTER_FILTER_PROVIDER);
+  }
+
+  private SettableFuture<Server> filterStateTestStartServer(FilterRegistry filterRegistry) {
+    xdsServerWrapper = new XdsServerWrapper("0.0.0.0:1", mockBuilder, listener,
+        selectorManager, new FakeXdsClientPoolFactory(xdsClient), filterRegistry);
+    SettableFuture<Server> serverStart = SettableFuture.create();
+    scheduleServerStart(xdsServerWrapper, serverStart);
+    return serverStart;
+  }
+
+  private static ImmutableList<NamedFilterConfig> filterStateTestConfigs(String... names) {
+    ImmutableList.Builder<NamedFilterConfig> result = ImmutableList.builder();
+    for (String name : names) {
+      result.add(new NamedFilterConfig(name, new StatefulFilter.Config(name)));
+    }
+    result.add(new NamedFilterConfig(ROUTER_FILTER_INSTANCE_NAME, RouterFilter.ROUTER_CONFIG));
+    return result.build();
+  }
+
+  private static Route filterStateTestRoute(ImmutableMap<String, FilterConfig> perRouteOverrides) {
+    // Standard basic route for filterState tests.
+    return Route.forAction(
+        RouteMatch.withPathExactOnly("/grpc.test.HelloService/SayHello"), null, perRouteOverrides);
+  }
+
+  private static VirtualHost filterStateTestVhost() {
+    return filterStateTestVhost("stateful-vhost", NO_FILTER_OVERRIDES);
+  }
+
+  private static VirtualHost filterStateTestVhost(String name) {
+    return filterStateTestVhost(name, NO_FILTER_OVERRIDES);
+  }
+
+  private static VirtualHost filterStateTestVhost(
+      String name, ImmutableMap<String, FilterConfig> perRouteOverrides) {
+    return VirtualHost.create(
+        name,
+        ImmutableList.of("stateful.test.example.com"),
+        ImmutableList.of(filterStateTestRoute(perRouteOverrides)),
+        NO_FILTER_OVERRIDES);
+  }
+
+  // End filter state tests.
+
+  private void verifyServerStarted(SettableFuture<Server> serverStart) {
+    try {
+      serverStart.get(5, TimeUnit.SECONDS);
+    } catch (InterruptedException | ExecutionException | TimeoutException e) {
+      throw new AssertionError("serverStart future failed to resolve within the timeout", e);
+    }
+    verify(listener).onServing();
+    try {
+      verify(mockServer).start();
+    } catch (IOException e) {
+      throw new AssertionError("mockServer.start() shouldn't throw", e);
+    }
+  }
+
+  private Map<FilterChain, AtomicReference<ServerRoutingConfig>> getSelectorRoutingConfigs() {
+    return selectorManager.getSelectorToUpdateSelector().getRoutingConfigs();
+  }
+
+  private ServerRoutingConfig getSelectorRoutingConfig(FilterChain fc) {
+    return getSelectorRoutingConfigs().get(fc).get();
+  }
+
+  private ImmutableList<VirtualHost> getSelectorVhosts(FilterChain fc) {
+    return getSelectorRoutingConfig(fc).virtualHosts();
+  }
+
+  public static void scheduleServerStart(
+      XdsServerWrapper xdsServerWrapper, SettableFuture<Server> serverStart) {
+    Executors.newSingleThreadExecutor().execute(() -> {
+      try {
+        serverStart.set(xdsServerWrapper.start());
+      } catch (Exception e) {
+        serverStart.setException(e);
+      }
+    });
+  }
+
   private static FilterChain createFilterChain(String name, HttpConnectionManager hcm) {
-    return EnvoyServerProtoData.FilterChain.create(name, createMatch(),
-            hcm, createTls(), mock(TlsContextManager.class));
+    return createFilterChain(name, hcm, createMatch());
+  }
+
+  private static FilterChain createFilterChain(
+      String name, HttpConnectionManager hcm, FilterChainMatch filterChainMatch) {
+    TlsContextManager tlsContextManager = mock(TlsContextManager.class);
+    return FilterChain.create(name, filterChainMatch, hcm, createTls(), tlsContextManager);
   }
 
   private static VirtualHost createVirtualHost(String name) {
@@ -1279,17 +1792,27 @@ private static VirtualHost createVirtualHost(String name) {
             ImmutableMap.<String, FilterConfig>of());
   }
 
-  private static HttpConnectionManager createRds(String name) {
-    return createRds(name, null);
+  private static HttpConnectionManager createHcm(
+      VirtualHost vhost, List<NamedFilterConfig> filterConfigs) {
+    return HttpConnectionManager.forVirtualHosts(0L, ImmutableList.of(vhost), filterConfigs);
+  }
+
+  private static HttpConnectionManager createHcmForRds(
+      String name, List<NamedFilterConfig> filterConfigs) {
+    return HttpConnectionManager.forRdsName(0L, name, filterConfigs);
   }
 
-  private static HttpConnectionManager createRds(String name, FilterConfig filterConfig) {
-    return HttpConnectionManager.forRdsName(0L, name,
-        Arrays.asList(new NamedFilterConfig("named-config-" + name, filterConfig)));
+  private static HttpConnectionManager createRds(String name) {
+    NamedFilterConfig config =
+        new NamedFilterConfig(ROUTER_FILTER_INSTANCE_NAME, RouterFilter.ROUTER_CONFIG);
+    return createHcmForRds(name, ImmutableList.of(config));
   }
 
-  private static EnvoyServerProtoData.FilterChainMatch createMatch() {
-    return EnvoyServerProtoData.FilterChainMatch.create(
+  /**
+   * Returns the least-specific match-all Filter Chain Match.
+   */
+  private static FilterChainMatch createMatch() {
+    return FilterChainMatch.create(
         0,
         ImmutableList.of(),
         ImmutableList.of(),
@@ -1300,6 +1823,21 @@ private static EnvoyServerProtoData.FilterChainMatch createMatch() {
         "");
   }
 
+  private static FilterChainMatch createMatchSrcIp(String srcCidr) {
+    String[] srcParts = srcCidr.split("/", 2);
+    InetAddress ip = InetAddresses.forString(srcParts[0]);
+    Integer subnetMask = Integer.valueOf(srcParts[1], 10);
+    return FilterChainMatch.create(
+        0,
+        ImmutableList.of(),
+        ImmutableList.of(),
+        ImmutableList.of(CidrRange.create(ip, subnetMask)),
+        EnvoyServerProtoData.ConnectionSourceType.ANY,
+        ImmutableList.of(),
+        ImmutableList.of(),
+        "");
+  }
+
   private static ServerRoutingConfig createRoutingConfig(String path, String domain) {
     return createRoutingConfig(path, domain, null);
   }

From ca4819ac6dbd3d99a1f20c1e08625020b8a48994 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 6 Mar 2025 07:57:32 -0800
Subject: [PATCH 205/591] core: Apply ManagedChannelImpl's
 updateBalancingState() immediately

ffcc360ba adjusted updateBalancingState() to require being run within
the sync context. However, it still queued the work into the sync
context, which was unnecessary. This re-entering the sync context
unnecessarily delays the new state from being used.
---
 .../io/grpc/internal/ManagedChannelImpl.java  | 28 ++++++++-----------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 45819954473..dd4d0aef5be 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -1388,24 +1388,18 @@ public void updateBalancingState(
       syncContext.throwIfNotInThisSynchronizationContext();
       checkNotNull(newState, "newState");
       checkNotNull(newPicker, "newPicker");
-      final class UpdateBalancingState implements Runnable {
-        @Override
-        public void run() {
-          if (LbHelperImpl.this != lbHelper || panicMode) {
-            return;
-          }
-          updateSubchannelPicker(newPicker);
-          // It's not appropriate to report SHUTDOWN state from lb.
-          // Ignore the case of newState == SHUTDOWN for now.
-          if (newState != SHUTDOWN) {
-            channelLogger.log(
-                ChannelLogLevel.INFO, "Entering {0} state with picker: {1}", newState, newPicker);
-            channelStateManager.gotoState(newState);
-          }
-        }
-      }
 
-      syncContext.execute(new UpdateBalancingState());
+      if (LbHelperImpl.this != lbHelper || panicMode) {
+        return;
+      }
+      updateSubchannelPicker(newPicker);
+      // It's not appropriate to report SHUTDOWN state from lb.
+      // Ignore the case of newState == SHUTDOWN for now.
+      if (newState != SHUTDOWN) {
+        channelLogger.log(
+            ChannelLogLevel.INFO, "Entering {0} state with picker: {1}", newState, newPicker);
+        channelStateManager.gotoState(newState);
+      }
     }
 
     @Override

From d82613a74cbecb3933ba79d569d13ddf6af71a10 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 7 Mar 2025 10:33:35 -0800
Subject: [PATCH 206/591] xds: Fix cluster selection races when updating config
 selector

Listener2.onResult() doesn't require running in the sync context, so
when called from the sync context it is guaranteed not to do its
processing immediately (instead, it schedules work into the sync
context).

The code was doing an update dance: 1) update service config to add new
cluster, 2) update config selector to use new cluster, 3) update service
config to remove old clusters. But the onResult() wasn't being processed
immediately, so the actual execution order was 2, 1, 3 which has a small
window where RPCs will fail. But onResult2() does run immediately. And
since ca4819ac6, updateBalancingState() updates the picker immediately.

cleanUpRoutes() was also racy because it updated the routingConfig
before swapping to the new config selector, so RPCs could fail saying
there was no route instead of the useful error message. Even with the
opposite order, some RPCs may be executing the while loop of
selectConfig(), trying to acquire a cluster. The code unreffed the
clusters before updating the routingConfig, so those RPCs could go into
a tight loop until the routingConfig was updated. Also, once the
routingConfig was updated to EMPTY those RPCs would similarly
see the wrong error message. To give the correct error message,
selectConfig() must fail such RPCs directly, and once it can do that
there's no need to stop using the config selector in error cases. This
has the benefit of fewer moving parts and more consistent threading
among cases.

The added test was able to detect the race 2% of the time. The slower
the code/machine, the more reliable the test failed. ca4819ac6 along
with this commit reduced it to 0 failures in 1000 runs.

Discovered when investigating b/394850611
---
 .../java/io/grpc/xds/XdsNameResolver.java     |  53 ++++----
 .../FakeControlPlaneXdsIntegrationTest.java   | 118 ++++++++++++++++--
 .../java/io/grpc/xds/XdsNameResolverTest.java |  90 ++++++-------
 3 files changed, 177 insertions(+), 84 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 507808d718b..4b6da6ac8b8 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -132,7 +132,7 @@ final class XdsNameResolver extends NameResolver {
   // NamedFilterConfig.filterStateKey -> filter_instance.
   private final HashMap<String, Filter> activeFilters = new HashMap<>();
 
-  private volatile RoutingConfig routingConfig = RoutingConfig.EMPTY;
+  private volatile RoutingConfig routingConfig;
   private Listener2 listener;
   private ObjectPool<XdsClient> xdsClientPool;
   private XdsClient xdsClient;
@@ -306,7 +306,7 @@ private void updateResolutionResult() {
 
     if (logger.isLoggable(XdsLogLevel.INFO)) {
       logger.log(
-          XdsLogLevel.INFO, "Generated service config:\n{0}", new Gson().toJson(rawServiceConfig));
+          XdsLogLevel.INFO, "Generated service config: {0}", new Gson().toJson(rawServiceConfig));
     }
     ConfigOrError parsedServiceConfig = serviceConfigParser.parseServiceConfig(rawServiceConfig);
     Attributes attrs =
@@ -320,7 +320,7 @@ private void updateResolutionResult() {
             .setAttributes(attrs)
             .setServiceConfig(parsedServiceConfig)
             .build();
-    listener.onResult(result);
+    listener.onResult2(result);
     receivedConfig = true;
   }
 
@@ -395,6 +395,9 @@ public Result selectConfig(PickSubchannelArgs args) {
       String path = "/" + args.getMethodDescriptor().getFullMethodName();
       do {
         routingCfg = routingConfig;
+        if (routingCfg.errorStatus != null) {
+          return Result.forError(routingCfg.errorStatus);
+        }
         selectedRoute = null;
         for (RouteData route : routingCfg.routes) {
           if (RoutingUtils.matchRoute(route.routeMatch, path, headers, random)) {
@@ -626,19 +629,6 @@ private static String prefixedClusterSpecifierPluginName(String pluginName) {
     return "cluster_specifier_plugin:" + pluginName;
   }
 
-  private static final class FailingConfigSelector extends InternalConfigSelector {
-    private final Result result;
-
-    public FailingConfigSelector(Status error) {
-      this.result = Result.forError(error);
-    }
-
-    @Override
-    public Result selectConfig(PickSubchannelArgs args) {
-      return result;
-    }
-  }
-
   private class ResolveState implements ResourceWatcher<XdsListenerResource.LdsUpdate> {
     private final ConfigOrError emptyServiceConfig =
         serviceConfigParser.parseServiceConfig(Collections.<String, Object>emptyMap());
@@ -835,13 +825,13 @@ private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDura
         }
       }
       // Update service config to include newly added clusters.
-      if (shouldUpdateResult) {
+      if (shouldUpdateResult && routingConfig != null) {
         updateResolutionResult();
+        shouldUpdateResult = false;
       }
       // Make newly added clusters selectable by config selector and deleted clusters no longer
       // selectable.
       routingConfig = new RoutingConfig(httpMaxStreamDurationNano, routesData.build());
-      shouldUpdateResult = false;
       for (String cluster : deletedClusters) {
         int count = clusterRefs.get(cluster).refCount.decrementAndGet();
         if (count == 0) {
@@ -893,6 +883,9 @@ private ClientInterceptor createFilters(
     }
 
     private void cleanUpRoutes(String error) {
+      String errorWithNodeId =
+          error + ", xDS node ID: " + xdsClient.getBootstrapInfo().node().getId();
+      routingConfig = new RoutingConfig(Status.UNAVAILABLE.withDescription(errorWithNodeId));
       if (existingClusters != null) {
         for (String cluster : existingClusters) {
           int count = clusterRefs.get(cluster).refCount.decrementAndGet();
@@ -902,17 +895,12 @@ private void cleanUpRoutes(String error) {
         }
         existingClusters = null;
       }
-      routingConfig = RoutingConfig.EMPTY;
+
       // Without addresses the default LB (normally pick_first) should become TRANSIENT_FAILURE, and
-      // the config selector handles the error message itself. Once the LB API allows providing
-      // failure information for addresses yet still providing a service config, the config seector
-      // could be avoided.
-      String errorWithNodeId =
-          error + ", xDS node ID: " + xdsClient.getBootstrapInfo().node().getId();
-      listener.onResult(ResolutionResult.newBuilder()
+      // the config selector handles the error message itself.
+      listener.onResult2(ResolutionResult.newBuilder()
           .setAttributes(Attributes.newBuilder()
-            .set(InternalConfigSelector.KEY,
-              new FailingConfigSelector(Status.UNAVAILABLE.withDescription(errorWithNodeId)))
+            .set(InternalConfigSelector.KEY, configSelector)
             .build())
           .setServiceConfig(emptyServiceConfig)
           .build());
@@ -983,12 +971,19 @@ public void onResourceDoesNotExist(final String resourceName) {
   private static class RoutingConfig {
     private final long fallbackTimeoutNano;
     final ImmutableList<RouteData> routes;
-
-    private static final RoutingConfig EMPTY = new RoutingConfig(0, ImmutableList.of());
+    final Status errorStatus;
 
     private RoutingConfig(long fallbackTimeoutNano, ImmutableList<RouteData> routes) {
       this.fallbackTimeoutNano = fallbackTimeoutNano;
       this.routes = checkNotNull(routes, "routes");
+      this.errorStatus = null;
+    }
+
+    private RoutingConfig(Status errorStatus) {
+      this.fallbackTimeoutNano = 0;
+      this.routes = null;
+      this.errorStatus = checkNotNull(errorStatus, "errorStatus");
+      checkArgument(!errorStatus.isOk(), "errorStatus should not be okay");
     }
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java b/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
index a3106bd20ae..c8f2b8932ef 100644
--- a/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
+++ b/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
@@ -19,9 +19,12 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.DataPlaneRule.ENDPOINT_HOST_NAME;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_EDS;
 import static org.junit.Assert.assertEquals;
 
 import com.github.xds.type.v3.TypedStruct;
+import com.google.common.collect.ImmutableMap;
 import com.google.protobuf.Any;
 import com.google.protobuf.Struct;
 import com.google.protobuf.Value;
@@ -36,11 +39,17 @@
 import io.envoyproxy.envoy.config.endpoint.v3.Endpoint;
 import io.envoyproxy.envoy.config.endpoint.v3.LbEndpoint;
 import io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints;
+import io.envoyproxy.envoy.config.route.v3.Route;
+import io.envoyproxy.envoy.config.route.v3.RouteAction;
+import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
+import io.envoyproxy.envoy.config.route.v3.RouteMatch;
+import io.envoyproxy.envoy.config.route.v3.VirtualHost;
 import io.envoyproxy.envoy.extensions.load_balancing_policies.wrr_locality.v3.WrrLocality;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
 import io.grpc.ClientInterceptor;
+import io.grpc.ClientStreamTracer;
 import io.grpc.ForwardingClientCall.SimpleForwardingClientCall;
 import io.grpc.ForwardingClientCallListener;
 import io.grpc.LoadBalancerRegistry;
@@ -89,8 +98,7 @@ public void pingPong() throws Exception {
     ManagedChannel channel = dataPlane.getManagedChannel();
     SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = SimpleServiceGrpc.newBlockingStub(
         channel);
-    SimpleRequest request = SimpleRequest.newBuilder()
-        .build();
+    SimpleRequest request = SimpleRequest.getDefaultInstance();
     SimpleResponse goldenResponse = SimpleResponse.newBuilder()
         .setResponseMessage("Hi, xDS! Authority= test-server")
         .build();
@@ -104,8 +112,7 @@ public void pingPong_edsEndpoint_authorityOverride() throws Exception {
       ManagedChannel channel = dataPlane.getManagedChannel();
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = SimpleServiceGrpc.newBlockingStub(
           channel);
-      SimpleRequest request = SimpleRequest.newBuilder()
-          .build();
+      SimpleRequest request = SimpleRequest.getDefaultInstance();
       SimpleResponse goldenResponse = SimpleResponse.newBuilder()
           .setResponseMessage("Hi, xDS! Authority= " + ENDPOINT_HOST_NAME)
           .build();
@@ -145,8 +152,7 @@ public void pingPong_metadataLoadBalancer() throws Exception {
       // We add an interceptor to catch the response headers from the server.
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = SimpleServiceGrpc.newBlockingStub(
           dataPlane.getManagedChannel()).withInterceptors(responseHeaderInterceptor);
-      SimpleRequest request = SimpleRequest.newBuilder()
-          .build();
+      SimpleRequest request = SimpleRequest.getDefaultInstance();
       SimpleResponse goldenResponse = SimpleResponse.newBuilder()
           .setResponseMessage("Hi, xDS! Authority= test-server")
           .build();
@@ -160,6 +166,100 @@ public void pingPong_metadataLoadBalancer() throws Exception {
     }
   }
 
+  // Try to trigger "UNAVAILABLE: CDS encountered error: unable to find available subchannel for
+  // cluster cluster:cluster1" race, if XdsNameResolver updates its ConfigSelector before
+  // cluster_manager config.
+  @Test
+  public void changeClusterForRoute() throws Exception {
+    // Start with route to cluster0
+    InetSocketAddress edsInetSocketAddress
+        = (InetSocketAddress) dataPlane.getServer().getListenSockets().get(0);
+    controlPlane.getService().setXdsConfig(
+        ADS_TYPE_URL_EDS,
+        ImmutableMap.of(
+          "eds-service-0",
+          ControlPlaneRule.buildClusterLoadAssignment(
+              edsInetSocketAddress.getHostName(), "", edsInetSocketAddress.getPort(),
+              "eds-service-0"),
+          "eds-service-1",
+          ControlPlaneRule.buildClusterLoadAssignment(
+              edsInetSocketAddress.getHostName(), "", edsInetSocketAddress.getPort(),
+              "eds-service-1")));
+    controlPlane.getService().setXdsConfig(
+        ADS_TYPE_URL_CDS,
+        ImmutableMap.of(
+            "cluster0",
+            ControlPlaneRule.buildCluster("cluster0", "eds-service-0"),
+            "cluster1",
+            ControlPlaneRule.buildCluster("cluster1", "eds-service-1")));
+    controlPlane.setRdsConfig(RouteConfiguration.newBuilder()
+        .setName("route-config.googleapis.com")
+        .addVirtualHosts(VirtualHost.newBuilder()
+          .addDomains("test-server")
+          .addRoutes(Route.newBuilder()
+            .setMatch(RouteMatch.newBuilder().setPrefix("/").build())
+            .setRoute(RouteAction.newBuilder().setCluster("cluster0").build())
+            .build())
+          .build())
+        .build());
+
+    class ClusterClientStreamTracer extends ClientStreamTracer {
+      boolean usedCluster1;
+
+      @Override
+      public void addOptionalLabel(String key, String value) {
+        if ("grpc.lb.backend_service".equals(key)) {
+          usedCluster1 = "cluster1".equals(value);
+        }
+      }
+    }
+
+    ClusterClientStreamTracer tracer = new ClusterClientStreamTracer();
+    ClientStreamTracer.Factory tracerFactory = new ClientStreamTracer.Factory() {
+      @Override
+      public ClientStreamTracer newClientStreamTracer(
+          ClientStreamTracer.StreamInfo info, Metadata headers) {
+        return tracer;
+      }
+    };
+    ClientInterceptor tracerInterceptor = new ClientInterceptor() {
+      @Override
+      public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
+          MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
+        return next.newCall(method, callOptions.withStreamTracerFactory(tracerFactory));
+      }
+    };
+    SimpleServiceGrpc.SimpleServiceBlockingStub stub = SimpleServiceGrpc
+        .newBlockingStub(dataPlane.getManagedChannel())
+        .withInterceptors(tracerInterceptor);
+    SimpleRequest request = SimpleRequest.getDefaultInstance();
+    SimpleResponse goldenResponse = SimpleResponse.newBuilder()
+        .setResponseMessage("Hi, xDS! Authority= test-server")
+        .build();
+    assertThat(stub.unaryRpc(request)).isEqualTo(goldenResponse);
+    assertThat(tracer.usedCluster1).isFalse();
+
+    // Check for errors when swapping route to cluster1
+    controlPlane.setRdsConfig(RouteConfiguration.newBuilder()
+        .setName("route-config.googleapis.com")
+        .addVirtualHosts(VirtualHost.newBuilder()
+          .addDomains("test-server")
+          .addRoutes(Route.newBuilder()
+            .setMatch(RouteMatch.newBuilder().setPrefix("/").build())
+            .setRoute(RouteAction.newBuilder().setCluster("cluster1").build())
+            .build())
+          .build())
+        .build());
+
+    for (int j = 0; j < 10; j++) {
+      stub.unaryRpc(request);
+      if (tracer.usedCluster1) {
+        break;
+      }
+    }
+    assertThat(tracer.usedCluster1).isTrue();
+  }
+
   // Captures response headers from the server.
   private static class ResponseHeaderClientInterceptor implements ClientInterceptor {
     Metadata reponseHeaders;
@@ -199,8 +299,7 @@ public void pingPong_ringHash() {
     ManagedChannel channel = dataPlane.getManagedChannel();
     SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = SimpleServiceGrpc.newBlockingStub(
         channel);
-    SimpleRequest request = SimpleRequest.newBuilder()
-        .build();
+    SimpleRequest request = SimpleRequest.getDefaultInstance();
     SimpleResponse goldenResponse = SimpleResponse.newBuilder()
         .setResponseMessage("Hi, xDS! Authority= test-server")
         .build();
@@ -231,8 +330,7 @@ public void pingPong_logicalDns_authorityOverride() {
       ManagedChannel channel = dataPlane.getManagedChannel();
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub = SimpleServiceGrpc.newBlockingStub(
           channel);
-      SimpleRequest request = SimpleRequest.newBuilder()
-          .build();
+      SimpleRequest request = SimpleRequest.getDefaultInstance();
       SimpleResponse goldenResponse = SimpleResponse.newBuilder()
           .setResponseMessage("Hi, xDS! Authority= localhost:" + serverAddress.getPort())
           .build();
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 877fa6f88dc..4a8193c932d 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -413,7 +413,7 @@ public void resolving_ldsResourceUpdateRdsName() {
             Collections.singletonList(route1),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
@@ -432,7 +432,7 @@ public void resolving_ldsResourceUpdateRdsName() {
     // Two new service config updates triggered:
     //  - with load balancing config being able to select cluster1 and cluster2
     //  - with load balancing config being able to select cluster2 only
-    verify(mockListener, times(2)).onResult(resultCaptor.capture());
+    verify(mockListener, times(2)).onResult2(resultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2),
         (Map<String, ?>) resultCaptor.getAllValues().get(0).getServiceConfig().getConfig());
@@ -467,7 +467,7 @@ public void resolving_ldsResourceRevokedAndAddedBack() {
             Collections.singletonList(route),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
@@ -483,7 +483,7 @@ public void resolving_ldsResourceRevokedAndAddedBack() {
     verifyNoInteractions(mockListener);
     assertThat(xdsClient.rdsResource).isEqualTo(RDS_RESOURCE_NAME);
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
@@ -506,7 +506,7 @@ public void resolving_rdsResourceRevokedAndAddedBack() {
             Collections.singletonList(route),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
@@ -518,7 +518,7 @@ public void resolving_rdsResourceRevokedAndAddedBack() {
     // Simulate management server adds back the previously used RDS resource.
     reset(mockListener);
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
@@ -585,7 +585,7 @@ public void resolving_matchingVirtualHostNotFound_matchingOverrideAuthority() {
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(0L, Arrays.asList(virtualHost));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
@@ -671,7 +671,7 @@ public void resolved_noTimeout() {
         Collections.singletonList(AUTHORITY), Collections.singletonList(route),
         ImmutableMap.of());
     xdsClient.deliverLdsUpdate(0L, Collections.singletonList(virtualHost));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     assertCallSelectClusterResult(call1, configSelector, cluster1, null);
@@ -690,7 +690,7 @@ public void resolved_fallbackToHttpMaxStreamDurationAsTimeout() {
         ImmutableMap.of());
     xdsClient.deliverLdsUpdate(TimeUnit.SECONDS.toNanos(5L),
         Collections.singletonList(virtualHost));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     assertCallSelectClusterResult(call1, configSelector, cluster1, 5.0);
@@ -719,7 +719,7 @@ public void retryPolicyInPerMethodConfigGeneratedByResolverIsValid() {
                     retryPolicy,
                     false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     Result selectResult = configSelector.selectConfig(
@@ -777,7 +777,7 @@ public void resolved_simpleCallFailedToRoute_routeWithNonForwardingAction() {
                 RouteAction.forCluster(cluster2, Collections.emptyList(),
                     TimeUnit.SECONDS.toNanos(15L), null, false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
@@ -814,7 +814,7 @@ public void resolved_rpcHashingByHeader_withoutSubstitution() {
                     null,
                     false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     InternalConfigSelector configSelector =
         resolutionResultCaptor.getValue().getAttributes().get(InternalConfigSelector.KEY);
 
@@ -850,7 +850,7 @@ public void resolved_rpcHashingByHeader_withSubstitution() {
                     null,
                     false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     InternalConfigSelector configSelector =
         resolutionResultCaptor.getValue().getAttributes().get(InternalConfigSelector.KEY);
 
@@ -890,7 +890,7 @@ public void resolved_rpcHashingByChannelId() {
                     null,
                     false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     InternalConfigSelector configSelector =
         resolutionResultCaptor.getValue().getAttributes().get(InternalConfigSelector.KEY);
 
@@ -928,7 +928,7 @@ public void resolved_rpcHashingByChannelId() {
                     null,
                     false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     configSelector = resolutionResultCaptor.getValue().getAttributes().get(
         InternalConfigSelector.KEY);
 
@@ -962,7 +962,7 @@ public void resolved_routeActionHasAutoHostRewrite_emitsCallOptionForTheSame() {
                     null,
                     true),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     InternalConfigSelector configSelector =
         resolutionResultCaptor.getValue().getAttributes().get(InternalConfigSelector.KEY);
 
@@ -993,7 +993,7 @@ public void resolved_routeActionNoAutoHostRewrite_doesntEmitCallOptionForTheSame
                     null,
                     false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     InternalConfigSelector configSelector =
         resolutionResultCaptor.getValue().getAttributes().get(InternalConfigSelector.KEY);
 
@@ -1027,7 +1027,7 @@ public void resolved_resourceUpdateAfterCallStarted() {
                     cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
                     null, false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     // Updated service config still contains cluster1 while it is removed resource. New calls no
     // longer routed to cluster1.
@@ -1039,7 +1039,7 @@ public void resolved_resourceUpdateAfterCallStarted() {
     assertCallSelectClusterResult(call1, configSelector, "another-cluster", 20.0);
 
     firstCall.deliverErrorStatus();  // completes previous call
-    verify(mockListener, times(2)).onResult(resolutionResultCaptor.capture());
+    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster2, "another-cluster"),
@@ -1069,7 +1069,7 @@ public void resolved_resourceUpdatedBeforeCallStarted() {
                 ImmutableMap.of())));
     // Two consecutive service config updates: one for removing clcuster1,
     // one for adding "another=cluster".
-    verify(mockListener, times(2)).onResult(resolutionResultCaptor.capture());
+    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster2, "another-cluster"),
@@ -1104,7 +1104,7 @@ public void resolved_raceBetweenCallAndRepeatedResourceUpdate() {
                     TimeUnit.SECONDS.toNanos(15L), null, false),
                 ImmutableMap.of())));
 
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2, "another-cluster"),
@@ -1179,7 +1179,7 @@ public void resolved_simpleCallSucceeds_routeToWeightedCluster() {
                     TimeUnit.SECONDS.toNanos(20L),
                     null, false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
@@ -1208,7 +1208,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
                     TimeUnit.SECONDS.toNanos(20L),
                     null, false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     @SuppressWarnings("unchecked")
@@ -1256,7 +1256,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
                     TimeUnit.SECONDS.toNanos(30L),
                     null, false),
                 ImmutableMap.of())));
-    verify(mockListener, times(2)).onResult(resolutionResultCaptor.capture());
+    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result2 = resolutionResultCaptor.getValue();
     @SuppressWarnings("unchecked")
     Map<String, ?> resultServiceConfig2 = (Map<String, ?>) result2.getServiceConfig().getConfig();
@@ -1599,7 +1599,7 @@ private VirtualHost filterStateTestVhost(ImmutableMap<String, FilterConfig> perR
 
   @SuppressWarnings("unchecked")
   private void assertEmptyResolutionResult(String resource) {
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertThat((Map<String, ?>) result.getServiceConfig().getConfig()).isEmpty();
@@ -1611,7 +1611,7 @@ private void assertEmptyResolutionResult(String resource) {
   }
 
   private void assertClusterResolutionResult(CallInfo call, String expectedCluster) {
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     assertCallSelectClusterResult(call, configSelector, expectedCluster, null);
@@ -1685,7 +1685,7 @@ private InternalConfigSelector resolveToClusters() {
                     cluster2, Collections.emptyList(), TimeUnit.SECONDS.toNanos(15L),
                     null, false),
                 ImmutableMap.of())));
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
@@ -1763,7 +1763,7 @@ public void generateServiceConfig_forClusterManagerLoadBalancingConfig() throws
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
 
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     String expectedServiceConfigJson =
         "{\n"
             + "  \"loadBalancingConfig\": [{\n"
@@ -1946,7 +1946,7 @@ public void resolved_faultAbortInLdsUpdate() {
         FaultAbort.forHeader(FaultConfig.FractionalPercent.perHundred(70)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     // no header abort key provided in metadata, rpc should succeed
@@ -1985,7 +1985,7 @@ public void resolved_faultAbortInLdsUpdate() {
         FaultAbort.forHeader(FaultConfig.FractionalPercent.perMillion(600_000)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2001,7 +2001,7 @@ public void resolved_faultAbortInLdsUpdate() {
         FaultAbort.forHeader(FaultConfig.FractionalPercent.perMillion(0)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2016,7 +2016,7 @@ public void resolved_faultAbortInLdsUpdate() {
             FaultConfig.FractionalPercent.perMillion(600_000)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2034,7 +2034,7 @@ public void resolved_faultAbortInLdsUpdate() {
             FaultConfig.FractionalPercent.perMillion(400_000)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2052,7 +2052,7 @@ public void resolved_faultDelayInLdsUpdate() {
     FaultConfig httpFilterFaultConfig = FaultConfig.create(
         FaultDelay.forHeader(FaultConfig.FractionalPercent.perHundred(70)), null, null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     // no header delay key provided in metadata, rpc should succeed immediately
@@ -2069,7 +2069,7 @@ public void resolved_faultDelayInLdsUpdate() {
     httpFilterFaultConfig = FaultConfig.create(
         FaultDelay.forHeader(FaultConfig.FractionalPercent.perMillion(600_000)), null, null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2080,7 +2080,7 @@ public void resolved_faultDelayInLdsUpdate() {
     httpFilterFaultConfig = FaultConfig.create(
         FaultDelay.forHeader(FaultConfig.FractionalPercent.perMillion(0)), null, null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2093,7 +2093,7 @@ public void resolved_faultDelayInLdsUpdate() {
         null,
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2106,7 +2106,7 @@ public void resolved_faultDelayInLdsUpdate() {
         null,
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2125,7 +2125,7 @@ public void resolved_faultDelayWithMaxActiveStreamsInLdsUpdate() {
         null,
         /* maxActiveFaults= */ 1);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
 
@@ -2155,7 +2155,7 @@ public void resolved_faultDelayInLdsUpdate_callWithEarlyDeadline() {
         null,
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
 
@@ -2187,7 +2187,7 @@ public void resolved_faultAbortAndDelayInLdsUpdateInLdsUpdate() {
             FaultConfig.FractionalPercent.perMillion(1000_000)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     ClientCall.Listener<Void> observer = startNewCall(TestMethodDescriptors.voidMethod(),
@@ -2216,7 +2216,7 @@ public void resolved_faultConfigOverrideInLdsUpdate() {
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(
         cluster1, httpFilterFaultConfig, virtualHostFaultConfig, null, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     ClientCall.Listener<Void> observer = startNewCall(TestMethodDescriptors.voidMethod(),
@@ -2231,7 +2231,7 @@ public void resolved_faultConfigOverrideInLdsUpdate() {
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(
         cluster1, httpFilterFaultConfig, virtualHostFaultConfig, routeFaultConfig, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2248,7 +2248,7 @@ public void resolved_faultConfigOverrideInLdsUpdate() {
     xdsClient.deliverLdsUpdateWithFaultInjection(
         cluster1, httpFilterFaultConfig, virtualHostFaultConfig, routeFaultConfig,
         weightedClusterFaultConfig);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2277,7 +2277,7 @@ public void resolved_faultConfigOverrideInLdsAndInRdsUpdate() {
         FaultAbort.forStatus(Status.UNKNOWN, FaultConfig.FractionalPercent.perMillion(1000_000)),
         null);
     xdsClient.deliverRdsUpdateWithFaultInjection(RDS_RESOURCE_NAME, null, routeFaultConfig, null);
-    verify(mockListener).onResult(resolutionResultCaptor.capture());
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     ClientCall.Listener<Void> observer = startNewCall(TestMethodDescriptors.voidMethod(),

From f3f054a0a4933aeb726c0d6995bcdb30fc0ea85a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 5 Mar 2025 13:27:48 -0800
Subject: [PATCH 207/591] xds: Log cluster_manager config update before
 applying config

It is confusing/harder to read the logs when the
activations/deactivations because of the config happen before the log
entry describing the new config.
---
 .../main/java/io/grpc/xds/ClusterManagerLoadBalancer.java   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterManagerLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterManagerLoadBalancer.java
index 2573a7293d3..22b5aaa7d73 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterManagerLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterManagerLoadBalancer.java
@@ -81,6 +81,9 @@ protected Map<Object, ResolvedAddresses> createChildAddressesMap(
 
     ClusterManagerConfig config = (ClusterManagerConfig)
         resolvedAddresses.getLoadBalancingPolicyConfig();
+    logger.log(
+        XdsLogLevel.INFO,
+        "Received cluster_manager lb config: child names={0}", config.childPolicies.keySet());
     Map<Object, ResolvedAddresses> childAddresses = new HashMap<>();
 
     // Reactivate children with config; deactivate children without config
@@ -108,9 +111,6 @@ protected Map<Object, ResolvedAddresses> createChildAddressesMap(
           .build();
       childAddresses.put(childPolicy.getKey(), addresses);
     }
-    logger.log(
-        XdsLogLevel.INFO,
-        "Received cluster_manager lb config: child names={0}", config.childPolicies.keySet());
     return childAddresses;
   }
 

From 61a110d9628349a465ccbfe49477cc7525a41d06 Mon Sep 17 00:00:00 2001
From: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Date: Mon, 10 Mar 2025 07:20:20 +0200
Subject: [PATCH 208/591] examples: Update in-process sources in examples
 (#11952)

Update in-process sources location in examples since they have been migrated from core artifacts.
---
 examples/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/README.md b/examples/README.md
index a07d1b38a14..91fde2c045c 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -153,9 +153,9 @@ Example bugs not caught by mocked stub tests include:
 
 For testing a gRPC client, create the client with a real stub
 using an
-[InProcessChannel](../core/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java),
+[InProcessChannel](../inprocess/src/main/java/io/grpc/inprocess/InProcessChannelBuilder.java),
 and test it against an
-[InProcessServer](../core/src/main/java/io/grpc/inprocess/InProcessServerBuilder.java)
+[InProcessServer](../inprocess/src/main/java/io/grpc/inprocess/InProcessServerBuilder.java)
 with a mock/fake service implementation.
 
 For testing a gRPC server, create the server as an InProcessServer,

From 24b9f6ff0d0498a3136fd51c505e699ee1f5a940 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Mon, 10 Mar 2025 07:03:45 +0000
Subject: [PATCH 209/591] Update psm-dualstack.cfg (#11950)

120 minutes has not been sufficient, causing frequent VM timeout errors in the test runs: https://testgrid.corp.google.com/grpc-psm-java#v1.67.x&width=20&graph-metrics=test-duration-minutes&include-filter-by-regex=psm-dualstack$
---
 buildscripts/kokoro/psm-dualstack.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildscripts/kokoro/psm-dualstack.cfg b/buildscripts/kokoro/psm-dualstack.cfg
index 55c906bc4ec..a55d91a95b0 100644
--- a/buildscripts/kokoro/psm-dualstack.cfg
+++ b/buildscripts/kokoro/psm-dualstack.cfg
@@ -2,7 +2,7 @@
 
 # Location of the continuous shell script in repository.
 build_file: "grpc-java/buildscripts/kokoro/psm-interop-test-java.sh"
-timeout_mins: 120
+timeout_mins: 240
 
 action {
   define_artifacts {

From 4933cddd0002d2e2e3387cbd30a54965356664ca Mon Sep 17 00:00:00 2001
From: Arjan Singh Bal <46515553+arjan-bal@users.noreply.github.com>
Date: Tue, 11 Mar 2025 16:05:05 +0530
Subject: [PATCH 210/591] Fix typo in dualstack example (#11916)

---
 examples/example-dualstack/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/example-dualstack/README.md b/examples/example-dualstack/README.md
index 6c191661d1b..5a26886e259 100644
--- a/examples/example-dualstack/README.md
+++ b/examples/example-dualstack/README.md
@@ -2,7 +2,7 @@
 
 The dualstack example uses a custom name resolver that provides both IPv4 and IPv6 localhost
 endpoints for each of 3 server instances. The client will first use the default name resolver and
-load balancers which will only connect tot he first server.  It will then use the 
+load balancers which will only connect to the first server.  It will then use the 
 custom name resolver with round robin to connect to each of the servers in turn.  The 3 instances
 of the server will bind respectively to: both IPv4 and IPv6, IPv4 only, and IPv6 only.
 

From 21915575824a0f88fe468a87843977db0c9ba7fa Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 11 Mar 2025 10:35:39 +0000
Subject: [PATCH 211/591] Update README etc to reference 1.71.0 (#11940)

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index c9f68d4ccb9..756519d0ad0 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.70.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.70.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.71.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.71.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.70.0</version>
+  <version>1.71.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.70.0</version>
+  <version>1.71.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.70.0</version>
+  <version>1.71.0</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.70.0'
-implementation 'io.grpc:grpc-protobuf:1.70.0'
-implementation 'io.grpc:grpc-stub:1.70.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.71.0'
+implementation 'io.grpc:grpc-protobuf:1.71.0'
+implementation 'io.grpc:grpc-stub:1.71.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.70.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.70.0'
-implementation 'io.grpc:grpc-stub:1.70.0'
+implementation 'io.grpc:grpc-okhttp:1.71.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.71.0'
+implementation 'io.grpc:grpc-stub:1.71.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.70.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.71.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://oss.sonatype.org/content/repositories/snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.70.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.71.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.70.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0'
     }
   }
   generateProtoTasks {

From 2f52a00364d5a267df259ecd1c34e7bdd55fbe0f Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 11 Mar 2025 22:39:54 +0530
Subject: [PATCH 212/591] netty: Swap to UniformStreamByteDistributor (#11954)

---
 netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java | 1 +
 netty/src/main/java/io/grpc/netty/NettyClientHandler.java   | 6 +++---
 netty/src/main/java/io/grpc/netty/NettyServerHandler.java   | 6 +++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java b/netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java
index 6743b4fd5f7..c4ec5913cde 100644
--- a/netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java
+++ b/netty/src/main/java/io/grpc/netty/AbstractNettyHandler.java
@@ -50,6 +50,7 @@ abstract class AbstractNettyHandler extends GrpcHttp2ConnectionHandler {
   private final Ticker ticker;
 
   private static final long BDP_MEASUREMENT_PING = 1234;
+  protected static final int MIN_ALLOCATED_CHUNK = 16 * 1024;
 
   AbstractNettyHandler(
       ChannelPromise channelUnused,
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
index 5a93dbc982b..19f1903c0b5 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -78,7 +78,7 @@
 import io.netty.handler.codec.http2.Http2Stream;
 import io.netty.handler.codec.http2.Http2StreamVisitor;
 import io.netty.handler.codec.http2.StreamBufferingEncoder;
-import io.netty.handler.codec.http2.WeightedFairQueueByteDistributor;
+import io.netty.handler.codec.http2.UniformStreamByteDistributor;
 import io.netty.handler.logging.LogLevel;
 import io.perfmark.PerfMark;
 import io.perfmark.Tag;
@@ -169,8 +169,8 @@ static NettyClientHandler newHandler(
         Http2HeadersEncoder.NEVER_SENSITIVE, false, 16, Integer.MAX_VALUE);
     Http2FrameWriter frameWriter = new DefaultHttp2FrameWriter(encoder);
     Http2Connection connection = new DefaultHttp2Connection(false);
-    WeightedFairQueueByteDistributor dist = new WeightedFairQueueByteDistributor(connection);
-    dist.allocationQuantum(16 * 1024); // Make benchmarks fast again.
+    UniformStreamByteDistributor dist = new UniformStreamByteDistributor(connection);
+    dist.minAllocationChunk(MIN_ALLOCATED_CHUNK); // Increased for benchmarks performance.
     DefaultHttp2RemoteFlowController controller =
         new DefaultHttp2RemoteFlowController(connection, dist);
     connection.remote().flowController(controller);
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
index 85a4886b766..668c3b5c90c 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
@@ -87,7 +87,7 @@
 import io.netty.handler.codec.http2.Http2Settings;
 import io.netty.handler.codec.http2.Http2Stream;
 import io.netty.handler.codec.http2.Http2StreamVisitor;
-import io.netty.handler.codec.http2.WeightedFairQueueByteDistributor;
+import io.netty.handler.codec.http2.UniformStreamByteDistributor;
 import io.netty.handler.logging.LogLevel;
 import io.netty.util.AsciiString;
 import io.netty.util.ReferenceCountUtil;
@@ -243,8 +243,8 @@ static NettyServerHandler newHandler(
         maxMessageSize);
 
     final Http2Connection connection = new DefaultHttp2Connection(true);
-    WeightedFairQueueByteDistributor dist = new WeightedFairQueueByteDistributor(connection);
-    dist.allocationQuantum(16 * 1024); // Make benchmarks fast again.
+    UniformStreamByteDistributor dist = new UniformStreamByteDistributor(connection);
+    dist.minAllocationChunk(MIN_ALLOCATED_CHUNK); // Increased for benchmarks performance.
     DefaultHttp2RemoteFlowController controller =
         new DefaultHttp2RemoteFlowController(connection, dist);
     connection.remote().flowController(controller);

From fca1d3cf433beccd0741fc3d1fe1d09e8b1374e7 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Wed, 12 Mar 2025 10:39:49 +0200
Subject: [PATCH 213/591] servlet: set description for CANCELLED status
 (#11927)

---
 .../src/main/java/io/grpc/servlet/ServletServerStream.java    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
index bc367587cc6..5dd20567c08 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
@@ -297,7 +297,9 @@ public void cancel(Status status) {
       }
       transportState.runOnTransportThread(() -> transportState.transportReportStatus(status));
       // There is no way to RST_STREAM with CANCEL code, so write trailers instead
-      close(Status.CANCELLED.withCause(status.asRuntimeException()), new Metadata());
+      close(Status.CANCELLED.withDescription("Servlet stream cancelled")
+              .withCause(status.asRuntimeException()),
+          new Metadata());
       CountDownLatch countDownLatch = new CountDownLatch(1);
       transportState.runOnTransportThread(() -> {
         asyncCtx.complete();

From b69bd64ce798a9d42bec4720a568147a3af5ec51 Mon Sep 17 00:00:00 2001
From: Dennis Shao <67387070+shaod2@users.noreply.github.com>
Date: Mon, 17 Mar 2025 09:16:28 -0400
Subject: [PATCH 214/591] Populate the pb::java feature extension to gprc proto
 plugin (#11885)

Populate the pb::java feature extension to the protoc plugins that require Protobuf Java feature resolution for the  edition.
---
 compiler/src/java_plugin/cpp/java_plugin.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/compiler/src/java_plugin/cpp/java_plugin.cpp b/compiler/src/java_plugin/cpp/java_plugin.cpp
index c3aec58ed8e..6b7cc03d486 100644
--- a/compiler/src/java_plugin/cpp/java_plugin.cpp
+++ b/compiler/src/java_plugin/cpp/java_plugin.cpp
@@ -23,6 +23,9 @@
 
 #include "java_generator.h"
 #include <google/protobuf/compiler/code_generator.h>
+#if GOOGLE_PROTOBUF_VERSION >= 5027000
+#include <google/protobuf/compiler/java/java_features.pb.h>
+#endif
 #include <google/protobuf/compiler/plugin.h>
 #include <google/protobuf/descriptor.h>
 #include <google/protobuf/io/zero_copy_stream.h>
@@ -57,6 +60,10 @@ class JavaGrpcGenerator : public protobuf::compiler::CodeGenerator {
   protobuf::Edition GetMaximumEdition() const override {
     return protobuf::Edition::EDITION_2023;
   }
+  std::vector<const protobuf::FieldDescriptor*> GetFeatureExtensions()
+      const override {
+    return {GetExtensionReflection(pb::java)};
+  }
 #else
   uint64_t GetSupportedFeatures() const override {
     return Feature::FEATURE_PROTO3_OPTIONAL;

From e388ef3975ead0d549947bf75da8cd53d675a632 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 18 Mar 2025 18:43:03 +0530
Subject: [PATCH 215/591] documentation: upgrade to junit 4.13.2 (#11967)

---
 documentation/server-reflection-tutorial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/server-reflection-tutorial.md b/documentation/server-reflection-tutorial.md
index c4d2e8c4aea..f452174738a 100644
--- a/documentation/server-reflection-tutorial.md
+++ b/documentation/server-reflection-tutorial.md
@@ -28,7 +28,7 @@ need to make the following changes:
 +  compile "io.grpc:grpc-services:${grpcVersion}"
    compile "io.grpc:grpc-stub:${grpcVersion}"
  
-   testCompile "junit:junit:4.12"
+   testCompile "junit:junit:4.13.2"
 --- a/examples/src/main/java/io/grpc/examples/helloworld/HelloWorldServer.java
 +++ b/examples/src/main/java/io/grpc/examples/helloworld/HelloWorldServer.java
 @@ -33,6 +33,7 @@ package io.grpc.examples.helloworld;

From e80c19745589730941003ed2f46d29c64ca53bb6 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 18 Mar 2025 14:05:01 -0700
Subject: [PATCH 216/591] xds: Use XdsDependencyManager for XdsNameResolver

Contributes to the gRFC A74 effort.
https://github.com/grpc/proposal/blob/master/A74-xds-config-tears.md

The alternative to using Mockito's ArgumentMatcher is to use Hamcrest.
However, Hamcrest did not impress me. ArgumentMatcher is trivial if you
don't care about the error message.

This fixes a pre-existing issue where ConfigSelector.releaseCluster
could revert the LB config back to using cluster manager after releasing
all RPCs using a cluster have committed.

Co-authored-by: Larry Safran <lsafran@google.com>
---
 .../java/io/grpc/StatusMatcher.java           | 118 +++++
 .../java/io/grpc/StatusOrMatcher.java         |  66 +++
 .../main/java/io/grpc/xds/XdsAttributes.java  |  16 +
 xds/src/main/java/io/grpc/xds/XdsConfig.java  |  16 +-
 .../io/grpc/xds/XdsDependencyManager.java     | 430 +++++++++---------
 .../java/io/grpc/xds/XdsNameResolver.java     | 196 +++-----
 .../io/grpc/xds/XdsNameResolverProvider.java  |   2 +-
 .../io/grpc/xds/XdsDependencyManagerTest.java | 405 ++++++++---------
 .../java/io/grpc/xds/XdsNameResolverTest.java | 252 +++++++---
 .../test/java/io/grpc/xds/XdsTestUtils.java   |  26 +-
 10 files changed, 878 insertions(+), 649 deletions(-)
 create mode 100644 api/src/testFixtures/java/io/grpc/StatusMatcher.java
 create mode 100644 api/src/testFixtures/java/io/grpc/StatusOrMatcher.java

diff --git a/api/src/testFixtures/java/io/grpc/StatusMatcher.java b/api/src/testFixtures/java/io/grpc/StatusMatcher.java
new file mode 100644
index 00000000000..f464b2d709d
--- /dev/null
+++ b/api/src/testFixtures/java/io/grpc/StatusMatcher.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+
+import org.mockito.ArgumentMatcher;
+
+/**
+ * Mockito matcher for {@link Status}.
+ */
+public final class StatusMatcher implements ArgumentMatcher<Status> {
+  public static StatusMatcher statusHasCode(ArgumentMatcher<Status.Code> codeMatcher) {
+    return new StatusMatcher(codeMatcher, null);
+  }
+
+  public static StatusMatcher statusHasCode(Status.Code code) {
+    return statusHasCode(new EqualsMatcher<>(code));
+  }
+
+  private final ArgumentMatcher<Status.Code> codeMatcher;
+  private final ArgumentMatcher<String> descriptionMatcher;
+
+  private StatusMatcher(
+      ArgumentMatcher<Status.Code> codeMatcher,
+      ArgumentMatcher<String> descriptionMatcher) {
+    this.codeMatcher = checkNotNull(codeMatcher, "codeMatcher");
+    this.descriptionMatcher = descriptionMatcher;
+  }
+
+  public StatusMatcher andDescription(ArgumentMatcher<String> descriptionMatcher) {
+    checkState(this.descriptionMatcher == null, "Already has a description matcher");
+    return new StatusMatcher(codeMatcher, descriptionMatcher);
+  }
+
+  public StatusMatcher andDescription(String description) {
+    return andDescription(new EqualsMatcher<>(description));
+  }
+
+  public StatusMatcher andDescriptionContains(String substring) {
+    return andDescription(new StringContainsMatcher(substring));
+  }
+
+  @Override
+  public boolean matches(Status status) {
+    return status != null
+        && codeMatcher.matches(status.getCode())
+        && (descriptionMatcher == null || descriptionMatcher.matches(status.getDescription()));
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder();
+    sb.append("{code=");
+    sb.append(codeMatcher);
+    if (descriptionMatcher != null) {
+      sb.append(", description=");
+      sb.append(descriptionMatcher);
+    }
+    sb.append("}");
+    return sb.toString();
+  }
+
+  // Use instead of lambda for better error message.
+  static final class EqualsMatcher<T> implements ArgumentMatcher<T> {
+    private final T obj;
+
+    EqualsMatcher(T obj) {
+      this.obj = checkNotNull(obj, "obj");
+    }
+
+    @Override
+    public boolean matches(Object other) {
+      return obj.equals(other);
+    }
+
+    @Override
+    public String toString() {
+      return obj.toString();
+    }
+  }
+
+  static final class StringContainsMatcher implements ArgumentMatcher<String> {
+    private final String needle;
+
+    StringContainsMatcher(String needle) {
+      this.needle = checkNotNull(needle, "needle");
+    }
+
+    @Override
+    public boolean matches(String haystack) {
+      if (haystack == null) {
+        return false;
+      }
+      return haystack.contains(needle);
+    }
+
+    @Override
+    public String toString() {
+      return "contains " + needle;
+    }
+  }
+}
diff --git a/api/src/testFixtures/java/io/grpc/StatusOrMatcher.java b/api/src/testFixtures/java/io/grpc/StatusOrMatcher.java
new file mode 100644
index 00000000000..1e70ae97853
--- /dev/null
+++ b/api/src/testFixtures/java/io/grpc/StatusOrMatcher.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import org.mockito.ArgumentMatcher;
+
+/**
+ * Mockito matcher for {@link StatusOr}.
+ */
+public final class StatusOrMatcher<T> implements ArgumentMatcher<StatusOr<T>> {
+  public static <T> StatusOrMatcher<T> hasValue(ArgumentMatcher<T> valueMatcher) {
+    return new StatusOrMatcher<T>(checkNotNull(valueMatcher, "valueMatcher"), null);
+  }
+
+  public static <T> StatusOrMatcher<T> hasStatus(ArgumentMatcher<Status> statusMatcher) {
+    return new StatusOrMatcher<T>(null, checkNotNull(statusMatcher, "statusMatcher"));
+  }
+
+  private final ArgumentMatcher<T> valueMatcher;
+  private final ArgumentMatcher<Status> statusMatcher;
+
+  private StatusOrMatcher(ArgumentMatcher<T> valueMatcher, ArgumentMatcher<Status> statusMatcher) {
+    this.valueMatcher = valueMatcher;
+    this.statusMatcher = statusMatcher;
+  }
+
+  @Override
+  public boolean matches(StatusOr<T> statusOr) {
+    if (statusOr == null) {
+      return false;
+    }
+    if (statusOr.hasValue() != (valueMatcher != null)) {
+      return false;
+    }
+    if (valueMatcher != null) {
+      return valueMatcher.matches(statusOr.getValue());
+    } else {
+      return statusMatcher.matches(statusOr.getStatus());
+    }
+  }
+
+  @Override
+  public String toString() {
+    if (valueMatcher != null) {
+      return "{value=" + valueMatcher + "}";
+    } else {
+      return "{status=" + statusMatcher + "}";
+    }
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/XdsAttributes.java b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
index af8139d8ff4..4a64fdb1453 100644
--- a/xds/src/main/java/io/grpc/xds/XdsAttributes.java
+++ b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
@@ -36,6 +36,22 @@ final class XdsAttributes {
   static final Attributes.Key<ObjectPool<XdsClient>> XDS_CLIENT_POOL =
       Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsClientPool");
 
+  /**
+   * Attribute key for passing around the latest XdsConfig across NameResolver/LoadBalancers.
+   */
+  @NameResolver.ResolutionResultAttr
+  static final Attributes.Key<XdsConfig> XDS_CONFIG =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsConfig");
+
+
+  /**
+   * Attribute key for passing around the XdsDependencyManager across NameResolver/LoadBalancers.
+   */
+  @NameResolver.ResolutionResultAttr
+  static final Attributes.Key<XdsConfig.XdsClusterSubscriptionRegistry>
+      XDS_CLUSTER_SUBSCRIPT_REGISTRY =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsConfig.XdsClusterSubscriptionRegistry");
+
   /**
    * Attribute key for obtaining the global provider that provides atomics for aggregating
    * outstanding RPCs sent to each cluster.
diff --git a/xds/src/main/java/io/grpc/xds/XdsConfig.java b/xds/src/main/java/io/grpc/xds/XdsConfig.java
index 7af03caf4be..ec8f3dc076d 100644
--- a/xds/src/main/java/io/grpc/xds/XdsConfig.java
+++ b/xds/src/main/java/io/grpc/xds/XdsConfig.java
@@ -26,9 +26,9 @@
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import java.io.Closeable;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 
 /**
  * Represents the xDS configuration tree for a specified Listener.
@@ -178,13 +178,22 @@ public boolean equals(Object obj) {
       public StatusOr<EdsUpdate> getEndpoint() {
         return endpoint;
       }
+
+      @Override
+      public String toString() {
+        if (endpoint.hasValue()) {
+          return "EndpointConfig{endpoint=" + endpoint.getValue() + "}";
+        } else {
+          return "EndpointConfig{error=" + endpoint.getStatus() + "}";
+        }
+      }
     }
 
     // The list of leaf clusters for an aggregate cluster.
     static final class AggregateConfig implements ClusterChild {
-      private final List<String> leafNames;
+      private final Set<String> leafNames;
 
-      public AggregateConfig(List<String> leafNames) {
+      public AggregateConfig(Set<String> leafNames) {
         this.leafNames = checkNotNull(leafNames, "leafNames");
       }
 
@@ -234,6 +243,7 @@ XdsConfigBuilder setVirtualHost(VirtualHost virtualHost) {
     XdsConfig build() {
       checkNotNull(listener, "listener");
       checkNotNull(route, "route");
+      checkNotNull(virtualHost, "virtualHost");
       return new XdsConfig(listener, route, clusters, virtualHost);
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 7eff0c549e2..8cd3119727d 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -22,9 +22,9 @@
 import static io.grpc.xds.client.XdsLogger.XdsLogLevel.DEBUG;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Sets;
 import io.grpc.InternalLogId;
+import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
@@ -39,7 +39,6 @@
 import io.grpc.xds.client.XdsResourceType;
 import java.io.Closeable;
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -47,6 +46,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
+import java.util.concurrent.ScheduledExecutorService;
 import java.util.stream.Collectors;
 import javax.annotation.Nullable;
 
@@ -67,25 +67,28 @@ final class XdsDependencyManager implements XdsConfig.XdsClusterSubscriptionRegi
 
   private final InternalLogId logId;
   private final XdsLogger logger;
-  private XdsConfig lastXdsConfig = null;
+  private StatusOr<XdsConfig> lastUpdate = null;
   private final Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers = new HashMap<>();
 
   XdsDependencyManager(XdsClient xdsClient, XdsConfigWatcher xdsConfigWatcher,
                        SynchronizationContext syncContext, String dataPlaneAuthority,
-                       String listenerName) {
+                       String listenerName, NameResolver.Args nameResolverArgs,
+                       ScheduledExecutorService scheduler) {
     logId = InternalLogId.allocate("xds-dependency-manager", listenerName);
     logger = XdsLogger.withLogId(logId);
     this.xdsClient = checkNotNull(xdsClient, "xdsClient");
     this.xdsConfigWatcher = checkNotNull(xdsConfigWatcher, "xdsConfigWatcher");
     this.syncContext = checkNotNull(syncContext, "syncContext");
     this.dataPlaneAuthority = checkNotNull(dataPlaneAuthority, "dataPlaneAuthority");
+    checkNotNull(nameResolverArgs, "nameResolverArgs");
+    checkNotNull(scheduler, "scheduler");
 
     // start the ball rolling
     syncContext.execute(() -> addWatcher(new LdsWatcher(listenerName)));
   }
 
-  public static String  toContextStr(String typeName, String resourceName) {
-    return typeName + " resource: " + resourceName;
+  public static String toContextStr(String typeName, String resourceName) {
+    return typeName + " resource " + resourceName;
   }
 
   @Override
@@ -225,7 +228,7 @@ private void cancelClusterWatcherTree(CdsWatcher root, Object parentContext) {
     XdsClusterResource.CdsUpdate cdsUpdate = root.getData().getValue();
     switch (cdsUpdate.clusterType()) {
       case EDS:
-        String edsServiceName = cdsUpdate.edsServiceName();
+        String edsServiceName = root.getEdsServiceName();
         EdsWatcher edsWatcher =
             (EdsWatcher) resourceWatchers.get(ENDPOINT_RESOURCE).watchers.get(edsServiceName);
         cancelEdsWatcher(edsWatcher, root);
@@ -240,7 +243,7 @@ private void cancelClusterWatcherTree(CdsWatcher root, Object parentContext) {
         }
         break;
       case LOGICAL_DNS:
-        // no eds needed
+        // no eds needed, so everything happens in cancelCdsWatcher()
         break;
       default:
         throw new AssertionError("Unknown cluster type: " + cdsUpdate.clusterType());
@@ -260,54 +263,61 @@ private void maybePublishConfig() {
       return;
     }
 
-    XdsConfig newConfig = buildConfig();
-    if (Objects.equals(newConfig, lastXdsConfig)) {
+    StatusOr<XdsConfig> newUpdate = buildUpdate();
+    if (Objects.equals(newUpdate, lastUpdate)) {
       return;
     }
-    lastXdsConfig = newConfig;
-    xdsConfigWatcher.onUpdate(lastXdsConfig);
+    assert newUpdate.hasValue()
+        || (newUpdate.getStatus().getCode() == Status.Code.UNAVAILABLE
+            || newUpdate.getStatus().getCode() == Status.Code.INTERNAL);
+    lastUpdate = newUpdate;
+    xdsConfigWatcher.onUpdate(lastUpdate);
   }
 
   @VisibleForTesting
-  XdsConfig buildConfig() {
+  StatusOr<XdsConfig> buildUpdate() {
     XdsConfig.XdsConfigBuilder builder = new XdsConfig.XdsConfigBuilder();
 
     // Iterate watchers and build the XdsConfig
 
     // Will only be 1 listener and 1 route resource
-    VirtualHost activeVirtualHost = getActiveVirtualHost();
-    for (XdsWatcherBase<?> xdsWatcherBase :
-        resourceWatchers.get(XdsListenerResource.getInstance()).watchers.values()) {
-      XdsListenerResource.LdsUpdate ldsUpdate = ((LdsWatcher) xdsWatcherBase).getData().getValue();
-      builder.setListener(ldsUpdate);
-      if (activeVirtualHost == null) {
-        activeVirtualHost = RoutingUtils.findVirtualHostForHostName(
-            ldsUpdate.httpConnectionManager().virtualHosts(), dataPlaneAuthority);
-      }
-
-      if (ldsUpdate.httpConnectionManager() != null
-          && ldsUpdate.httpConnectionManager().virtualHosts() != null) {
-        RdsUpdate rdsUpdate = new RdsUpdate(ldsUpdate.httpConnectionManager().virtualHosts());
-        builder.setRoute(rdsUpdate);
+    RdsUpdateSupplier routeSource = null;
+    for (XdsWatcherBase<XdsListenerResource.LdsUpdate> ldsWatcher :
+        getWatchers(XdsListenerResource.getInstance()).values()) {
+      if (!ldsWatcher.getData().hasValue()) {
+        return StatusOr.fromStatus(ldsWatcher.getData().getStatus());
       }
+      XdsListenerResource.LdsUpdate ldsUpdate = ldsWatcher.getData().getValue();
+      builder.setListener(ldsUpdate);
+      routeSource = ((LdsWatcher) ldsWatcher).getRouteSource();
     }
 
-    resourceWatchers.get(XdsRouteConfigureResource.getInstance()).watchers.values().stream()
-        .map(watcher -> (RdsWatcher) watcher)
-        .forEach(watcher -> builder.setRoute(watcher.getData().getValue()));
+    StatusOr<RdsUpdate> statusOrRdsUpdate = routeSource.getRdsUpdate();
+    if (!statusOrRdsUpdate.hasValue()) {
+      return StatusOr.fromStatus(statusOrRdsUpdate.getStatus());
+    }
+    RdsUpdate rdsUpdate = statusOrRdsUpdate.getValue();
+    builder.setRoute(rdsUpdate);
 
+    VirtualHost activeVirtualHost =
+        RoutingUtils.findVirtualHostForHostName(rdsUpdate.virtualHosts, dataPlaneAuthority);
+    if (activeVirtualHost == null) {
+      String error = "Failed to find virtual host matching hostname: " + dataPlaneAuthority;
+      return StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(error));
+    }
     builder.setVirtualHost(activeVirtualHost);
 
-    Map<String, ? extends XdsWatcherBase<?>> edsWatchers =
-        resourceWatchers.get(ENDPOINT_RESOURCE).watchers;
-    Map<String, ? extends XdsWatcherBase<?>> cdsWatchers =
-        resourceWatchers.get(CLUSTER_RESOURCE).watchers;
+    Map<String, XdsWatcherBase<XdsEndpointResource.EdsUpdate>> edsWatchers =
+        getWatchers(ENDPOINT_RESOURCE);
+    Map<String, XdsWatcherBase<XdsClusterResource.CdsUpdate>> cdsWatchers =
+        getWatchers(CLUSTER_RESOURCE);
 
     // Only care about aggregates from LDS/RDS or subscriptions and the leaf clusters
     List<String> topLevelClusters =
         cdsWatchers.values().stream()
             .filter(XdsDependencyManager::isTopLevelCluster)
-            .map(w -> w.resourceName())
+            .map(XdsWatcherBase<?>::resourceName)
+            .distinct()
             .collect(Collectors.toList());
 
     // Flatten multi-level aggregates into lists of leaf clusters
@@ -316,43 +326,60 @@ XdsConfig buildConfig() {
 
     addLeavesToBuilder(builder, edsWatchers, leafNames);
 
-    return builder.build();
+    return StatusOr.fromValue(builder.build());
   }
 
-  private void addLeavesToBuilder(XdsConfig.XdsConfigBuilder builder,
-                                  Map<String, ? extends XdsWatcherBase<?>> edsWatchers,
-                                  Set<String> leafNames) {
+  private <T extends ResourceUpdate> Map<String, XdsWatcherBase<T>> getWatchers(
+      XdsResourceType<T> resourceType) {
+    TypeWatchers<?> typeWatchers = resourceWatchers.get(resourceType);
+    if (typeWatchers == null) {
+      return Collections.emptyMap();
+    }
+    assert typeWatchers.resourceType == resourceType;
+    @SuppressWarnings("unchecked")
+    TypeWatchers<T> tTypeWatchers = (TypeWatchers<T>) typeWatchers;
+    return tTypeWatchers.watchers;
+  }
+
+  private void addLeavesToBuilder(
+      XdsConfig.XdsConfigBuilder builder,
+      Map<String, XdsWatcherBase<XdsEndpointResource.EdsUpdate>> edsWatchers,
+      Set<String> leafNames) {
     for (String clusterName : leafNames) {
       CdsWatcher cdsWatcher = getCluster(clusterName);
       StatusOr<XdsClusterResource.CdsUpdate> cdsUpdateOr = cdsWatcher.getData();
 
-      if (cdsUpdateOr.hasValue()) {
-        XdsClusterResource.CdsUpdate cdsUpdate = cdsUpdateOr.getValue();
-        if (cdsUpdate.clusterType() == ClusterType.EDS) {
-          EdsWatcher edsWatcher = (EdsWatcher) edsWatchers.get(cdsUpdate.edsServiceName());
-          if (edsWatcher != null) {
-            EndpointConfig child = new EndpointConfig(edsWatcher.getData());
-            builder.addCluster(clusterName, StatusOr.fromValue(
-                new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
-          } else {
-            builder.addCluster(clusterName, StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
-                "EDS resource not found for cluster " + clusterName)));
-          }
-        } else if (cdsUpdate.clusterType() == ClusterType.LOGICAL_DNS) {
-          // TODO get the resolved endpoint configuration
-          builder.addCluster(clusterName, StatusOr.fromValue(
-              new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, new EndpointConfig(null))));
-        }
-      } else {
+      if (!cdsUpdateOr.hasValue()) {
         builder.addCluster(clusterName, StatusOr.fromStatus(cdsUpdateOr.getStatus()));
+        continue;
+      }
+
+      XdsClusterResource.CdsUpdate cdsUpdate = cdsUpdateOr.getValue();
+      if (cdsUpdate.clusterType() == ClusterType.EDS) {
+        XdsWatcherBase<XdsEndpointResource.EdsUpdate> edsWatcher =
+            edsWatchers.get(cdsWatcher.getEdsServiceName());
+        EndpointConfig child;
+        if (edsWatcher != null) {
+          child = new EndpointConfig(edsWatcher.getData());
+        } else {
+          child = new EndpointConfig(StatusOr.fromStatus(Status.INTERNAL.withDescription(
+              "EDS resource not found for cluster " + clusterName)));
+        }
+        builder.addCluster(clusterName, StatusOr.fromValue(
+            new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
+      } else if (cdsUpdate.clusterType() == ClusterType.LOGICAL_DNS) {
+        builder.addCluster(clusterName, StatusOr.fromStatus(
+            Status.INTERNAL.withDescription("Logical DNS in dependency manager unsupported")));
       }
     }
   }
 
   // Adds the top-level clusters to the builder and returns the leaf cluster names
   private Set<String> addTopLevelClustersToBuilder(
-      XdsConfig.XdsConfigBuilder builder, Map<String, ? extends XdsWatcherBase<?>> edsWatchers,
-      Map<String, ? extends XdsWatcherBase<?>> cdsWatchers, List<String> topLevelClusters) {
+      XdsConfig.XdsConfigBuilder builder,
+      Map<String, XdsWatcherBase<XdsEndpointResource.EdsUpdate>> edsWatchers,
+      Map<String, XdsWatcherBase<XdsClusterResource.CdsUpdate>> cdsWatchers,
+      List<String> topLevelClusters) {
 
     Set<String> leafClusterNames = new HashSet<>();
     for (String clusterName : topLevelClusters) {
@@ -367,23 +394,25 @@ private Set<String> addTopLevelClustersToBuilder(
       XdsConfig.XdsClusterConfig.ClusterChild child;
       switch (cdsUpdate.clusterType()) {
         case AGGREGATE:
-          List<String> leafNames = getLeafNames(cdsUpdate);
+          Set<String> leafNames = new HashSet<>();
+          addLeafNames(leafNames, cdsUpdate);
           child = new AggregateConfig(leafNames);
           leafClusterNames.addAll(leafNames);
           break;
         case EDS:
-          EdsWatcher edsWatcher = (EdsWatcher) edsWatchers.get(cdsUpdate.edsServiceName());
+          XdsWatcherBase<XdsEndpointResource.EdsUpdate> edsWatcher =
+              edsWatchers.get(cdsWatcher.getEdsServiceName());
           if (edsWatcher != null) {
             child = new EndpointConfig(edsWatcher.getData());
           } else {
-            builder.addCluster(clusterName, StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
+            child = new EndpointConfig(StatusOr.fromStatus(Status.INTERNAL.withDescription(
                 "EDS resource not found for cluster " + clusterName)));
-            continue;
           }
           break;
         case LOGICAL_DNS:
           // TODO get the resolved endpoint configuration
-          child = new EndpointConfig(null);
+          child = new EndpointConfig(StatusOr.fromStatus(
+              Status.INTERNAL.withDescription("Logical DNS in dependency manager unsupported")));
           break;
         default:
           throw new IllegalStateException("Unexpected value: " + cdsUpdate.clusterType());
@@ -395,29 +424,26 @@ private Set<String> addTopLevelClustersToBuilder(
     return leafClusterNames;
   }
 
-  private List<String> getLeafNames(XdsClusterResource.CdsUpdate cdsUpdate) {
-    List<String> childNames = new ArrayList<>();
-
+  private void addLeafNames(Set<String> leafNames, XdsClusterResource.CdsUpdate cdsUpdate) {
     for (String cluster : cdsUpdate.prioritizedClusterNames()) {
+      if (leafNames.contains(cluster)) {
+        continue;
+      }
       StatusOr<XdsClusterResource.CdsUpdate> data = getCluster(cluster).getData();
       if (data == null || !data.hasValue() || data.getValue() == null) {
-        childNames.add(cluster);
+        leafNames.add(cluster);
         continue;
       }
       if (data.getValue().clusterType() == ClusterType.AGGREGATE) {
-        childNames.addAll(getLeafNames(data.getValue()));
+        addLeafNames(leafNames, data.getValue());
       } else {
-        childNames.add(cluster);
+        leafNames.add(cluster);
       }
     }
-
-    return childNames;
   }
 
-  private static boolean isTopLevelCluster(XdsWatcherBase<?> cdsWatcher) {
-    if (! (cdsWatcher instanceof CdsWatcher)) {
-      return false;
-    }
+  private static boolean isTopLevelCluster(
+      XdsWatcherBase<XdsClusterResource.CdsUpdate> cdsWatcher) {
     return ((CdsWatcher)cdsWatcher).parentContexts.values().stream()
         .anyMatch(depth -> depth == 1);
   }
@@ -454,17 +480,11 @@ private void addClusterWatcher(String clusterName, Object parentContext, int dep
   }
 
   private void updateRoutes(List<VirtualHost> virtualHosts, Object newParentContext,
-                            VirtualHost oldVirtualHost, boolean sameParentContext) {
+                            List<VirtualHost> oldVirtualHosts, boolean sameParentContext) {
+    VirtualHost oldVirtualHost =
+        RoutingUtils.findVirtualHostForHostName(oldVirtualHosts, dataPlaneAuthority);
     VirtualHost virtualHost =
         RoutingUtils.findVirtualHostForHostName(virtualHosts, dataPlaneAuthority);
-    if (virtualHost == null) {
-      String error = "Failed to find virtual host matching hostname: " + dataPlaneAuthority;
-      logger.log(XdsLogger.XdsLogLevel.WARNING, error);
-      cleanUpRoutes();
-      xdsConfigWatcher.onError(
-          "xDS node ID:" + dataPlaneAuthority, Status.UNAVAILABLE.withDescription(error));
-      return;
-    }
 
     Set<String> newClusters = getClusterNamesFromVirtualHost(virtualHost);
     Set<String> oldClusters = getClusterNamesFromVirtualHost(oldVirtualHost);
@@ -482,6 +502,10 @@ private void updateRoutes(List<VirtualHost> virtualHosts, Object newParentContex
     }
   }
 
+  private String nodeInfo() {
+    return " nodeID: " + xdsClient.getBootstrapInfo().node().getId();
+  }
+
   private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHost) {
     if (virtualHost == null) {
       return Collections.emptySet();
@@ -506,46 +530,6 @@ private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHos
     return clusters;
   }
 
-  @Nullable
-  private VirtualHost getActiveVirtualHost() {
-    TypeWatchers<?> rdsWatchers = resourceWatchers.get(XdsRouteConfigureResource.getInstance());
-    if (rdsWatchers == null) {
-      return null;
-    }
-
-    RdsWatcher activeRdsWatcher =
-        (RdsWatcher) rdsWatchers.watchers.values().stream().findFirst().orElse(null);
-    if (activeRdsWatcher == null || activeRdsWatcher.missingResult()
-        || !activeRdsWatcher.getData().hasValue()) {
-      return null;
-    }
-
-    return RoutingUtils.findVirtualHostForHostName(
-        activeRdsWatcher.getData().getValue().virtualHosts, dataPlaneAuthority);
-  }
-
-  // Must be in SyncContext
-  private void cleanUpRoutes() {
-    // Remove RdsWatcher & CDS Watchers
-    TypeWatchers<?> rdsResourceWatcher =
-        resourceWatchers.get(XdsRouteConfigureResource.getInstance());
-    if (rdsResourceWatcher == null || rdsResourceWatcher.watchers.isEmpty()) {
-      return;
-    }
-
-    XdsWatcherBase<?> watcher = rdsResourceWatcher.watchers.values().stream().findFirst().get();
-    cancelWatcher(watcher);
-
-    // Remove CdsWatchers pointed to by the RdsWatcher
-    RdsWatcher rdsWatcher = (RdsWatcher) watcher;
-    for (String cName : rdsWatcher.getCdsNames()) {
-      CdsWatcher cdsWatcher = getCluster(cName);
-      if (cdsWatcher != null) {
-        cancelClusterWatcherTree(cdsWatcher, rdsWatcher);
-      }
-    }
-  }
-
   private CdsWatcher getCluster(String clusterName) {
     return (CdsWatcher) resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(clusterName);
   }
@@ -565,16 +549,11 @@ public void add(String resourceName, XdsWatcherBase<T> watcher) {
   }
 
   public interface XdsConfigWatcher {
-
-    void onUpdate(XdsConfig config);
-
-    // These 2 methods are invoked when there is an error or
-    // does-not-exist on LDS or RDS only.  The context will be a
-    // human-readable string indicating the scope in which the error
-    // occurred (e.g., the resource type and name).
-    void onError(String resourceContext, Status status);
-
-    void onResourceDoesNotExist(String resourceContext);
+    /**
+     * An updated XdsConfig or RPC-safe Status. The status code will be either UNAVAILABLE or
+     * INTERNAL.
+     */
+    void onUpdate(StatusOr<XdsConfig> config);
   }
 
   private class ClusterSubscription implements Closeable {
@@ -594,7 +573,7 @@ public void close() throws IOException {
     }
   }
 
-  private abstract static class XdsWatcherBase<T extends ResourceUpdate>
+  private abstract class XdsWatcherBase<T extends ResourceUpdate>
       implements ResourceWatcher<T> {
     private final XdsResourceType<T> type;
     private final String resourceName;
@@ -612,12 +591,25 @@ private XdsWatcherBase(XdsResourceType<T> type, String resourceName) {
     @Override
     public void onError(Status error) {
       checkNotNull(error, "error");
-      setDataAsStatus(error);
+      // Don't update configuration on error, if we've already received configuration
+      if (!hasDataValue()) {
+        setDataAsStatus(Status.UNAVAILABLE.withDescription(
+            String.format("Error retrieving %s: %s: %s",
+              toContextString(), error.getCode(), error.getDescription())));
+        maybePublishConfig();
+      }
     }
 
-    protected void handleDoesNotExist(String resourceName) {
+    @Override
+    public void onResourceDoesNotExist(String resourceName) {
+      if (cancelled) {
+        return;
+      }
+
       checkArgument(this.resourceName.equals(resourceName), "Resource name does not match");
-      setDataAsStatus(Status.UNAVAILABLE.withDescription("No " + toContextString()));
+      setDataAsStatus(Status.UNAVAILABLE.withDescription(
+          toContextString() + " does not exist" + nodeInfo()));
+      maybePublishConfig();
     }
 
     boolean missingResult() {
@@ -647,12 +639,17 @@ protected void setDataAsStatus(Status status) {
       this.data = StatusOr.fromStatus(status);
     }
 
-    String toContextString() {
+    public String toContextString() {
       return toContextStr(type.typeName(), resourceName);
     }
   }
 
-  private class LdsWatcher extends XdsWatcherBase<XdsListenerResource.LdsUpdate> {
+  private interface RdsUpdateSupplier {
+    StatusOr<RdsUpdate> getRdsUpdate();
+  }
+
+  private class LdsWatcher extends XdsWatcherBase<XdsListenerResource.LdsUpdate>
+      implements RdsUpdateSupplier {
     String rdsName;
 
     private LdsWatcher(String resourceName) {
@@ -664,9 +661,20 @@ public void onChanged(XdsListenerResource.LdsUpdate update) {
       checkNotNull(update, "update");
 
       HttpConnectionManager httpConnectionManager = update.httpConnectionManager();
-      List<VirtualHost> virtualHosts = httpConnectionManager.virtualHosts();
-      String rdsName = httpConnectionManager.rdsName();
-      VirtualHost activeVirtualHost = getActiveVirtualHost();
+      List<VirtualHost> virtualHosts;
+      String rdsName;
+      if (httpConnectionManager == null) {
+        // TCP listener. Unsupported config
+        virtualHosts = Collections.emptyList(); // Not null, to not delegate to RDS
+        rdsName = null;
+      } else {
+        virtualHosts = httpConnectionManager.virtualHosts();
+        rdsName = httpConnectionManager.rdsName();
+      }
+      StatusOr<RdsUpdate> activeRdsUpdate = getRouteSource().getRdsUpdate();
+      List<VirtualHost> activeVirtualHosts = activeRdsUpdate.hasValue()
+          ? activeRdsUpdate.getValue().virtualHosts
+          : Collections.emptyList();
 
       boolean changedRdsName = !Objects.equals(rdsName, this.rdsName);
       if (changedRdsName) {
@@ -675,10 +683,9 @@ public void onChanged(XdsListenerResource.LdsUpdate update) {
 
       if (virtualHosts != null) {
         // No RDS watcher since we are getting RDS updates via LDS
-        updateRoutes(virtualHosts, this, activeVirtualHost, this.rdsName == null);
+        updateRoutes(virtualHosts, this, activeVirtualHosts, this.rdsName == null);
         this.rdsName = null;
       } else if (changedRdsName) {
-        cleanUpRdsWatcher();
         this.rdsName = rdsName;
         addWatcher(new RdsWatcher(rdsName));
         logger.log(XdsLogger.XdsLogLevel.INFO, "Start watching RDS resource {0}", rdsName);
@@ -688,20 +695,18 @@ public void onChanged(XdsListenerResource.LdsUpdate update) {
       maybePublishConfig();
     }
 
-    @Override
-    public void onError(Status error) {
-      super.onError(checkNotNull(error, "error"));
-      xdsConfigWatcher.onError(toContextString(), error);
-    }
-
     @Override
     public void onResourceDoesNotExist(String resourceName) {
       if (cancelled) {
         return;
       }
 
-      handleDoesNotExist(resourceName);
-      xdsConfigWatcher.onResourceDoesNotExist(toContextString());
+      checkArgument(resourceName().equals(resourceName), "Resource name does not match");
+      setDataAsStatus(Status.UNAVAILABLE.withDescription(
+          toContextString() + " does not exist" + nodeInfo()));
+      cleanUpRdsWatcher();
+      rdsName = null;
+      maybePublishConfig();
     }
 
     private void cleanUpRdsWatcher() {
@@ -711,8 +716,7 @@ private void cleanUpRdsWatcher() {
         logger.log(XdsLogger.XdsLogLevel.DEBUG, "Stop watching RDS resource {0}", rdsName);
 
         // Cleanup clusters (as appropriate) that had the old rds watcher as a parent
-        if (!oldRdsWatcher.hasDataValue() || !oldRdsWatcher.getData().hasValue()
-            || resourceWatchers.get(CLUSTER_RESOURCE) == null) {
+        if (!oldRdsWatcher.hasDataValue() || resourceWatchers.get(CLUSTER_RESOURCE) == null) {
           return;
         }
         for (XdsWatcherBase<?> watcher :
@@ -723,16 +727,58 @@ private void cleanUpRdsWatcher() {
     }
 
     private RdsWatcher getRdsWatcher() {
+      if (rdsName == null) {
+        return null;
+      }
       TypeWatchers<?> watchers = resourceWatchers.get(XdsRouteConfigureResource.getInstance());
-      if (watchers == null || rdsName == null || watchers.watchers.isEmpty()) {
+      if (watchers == null) {
         return null;
       }
-
       return (RdsWatcher) watchers.watchers.get(rdsName);
     }
+
+    public RdsUpdateSupplier getRouteSource() {
+      if (!hasDataValue()) {
+        return this;
+      }
+      HttpConnectionManager hcm = getData().getValue().httpConnectionManager();
+      if (hcm == null) {
+        return this;
+      }
+      List<VirtualHost> virtualHosts = hcm.virtualHosts();
+      if (virtualHosts != null) {
+        return this;
+      }
+      RdsWatcher rdsWatcher = getRdsWatcher();
+      assert rdsWatcher != null;
+      return rdsWatcher;
+    }
+
+    @Override
+    public StatusOr<RdsUpdate> getRdsUpdate() {
+      if (missingResult()) {
+        return StatusOr.fromStatus(Status.UNAVAILABLE.withDescription("Not yet loaded"));
+      }
+      if (!getData().hasValue()) {
+        return StatusOr.fromStatus(getData().getStatus());
+      }
+      HttpConnectionManager hcm = getData().getValue().httpConnectionManager();
+      if (hcm == null) {
+        return StatusOr.fromStatus(
+            Status.UNAVAILABLE.withDescription("Not an API listener" + nodeInfo()));
+      }
+      List<VirtualHost> virtualHosts = hcm.virtualHosts();
+      if (virtualHosts == null) {
+        // Code shouldn't trigger this case, as it should be calling RdsWatcher instead. This would
+        // be easily implemented with getRdsWatcher().getRdsUpdate(), but getting here is likely a
+        // bug
+        return StatusOr.fromStatus(Status.INTERNAL.withDescription("Routes are in RDS, not LDS"));
+      }
+      return StatusOr.fromValue(new RdsUpdate(virtualHosts));
+    }
   }
 
-  private class RdsWatcher extends XdsWatcherBase<RdsUpdate> {
+  private class RdsWatcher extends XdsWatcherBase<RdsUpdate> implements RdsUpdateSupplier {
 
     public RdsWatcher(String resourceName) {
       super(XdsRouteConfigureResource.getInstance(), checkNotNull(resourceName, "resourceName"));
@@ -741,37 +787,20 @@ public RdsWatcher(String resourceName) {
     @Override
     public void onChanged(RdsUpdate update) {
       checkNotNull(update, "update");
-      RdsUpdate oldData = hasDataValue() ? getData().getValue() : null;
-      VirtualHost oldVirtualHost =
-          (oldData != null)
-          ? RoutingUtils.findVirtualHostForHostName(oldData.virtualHosts, dataPlaneAuthority)
-          : null;
+      List<VirtualHost> oldVirtualHosts = hasDataValue()
+          ? getData().getValue().virtualHosts
+          : Collections.emptyList();
       setData(update);
-      updateRoutes(update.virtualHosts, this, oldVirtualHost, true);
+      updateRoutes(update.virtualHosts, this, oldVirtualHosts, true);
       maybePublishConfig();
     }
 
     @Override
-    public void onError(Status error) {
-      super.onError(checkNotNull(error, "error"));
-      xdsConfigWatcher.onError(toContextString(), error);
-    }
-
-    @Override
-    public void onResourceDoesNotExist(String resourceName) {
-      if (cancelled) {
-        return;
+    public StatusOr<RdsUpdate> getRdsUpdate() {
+      if (missingResult()) {
+        return StatusOr.fromStatus(Status.UNAVAILABLE.withDescription("Not yet loaded"));
       }
-      handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
-      xdsConfigWatcher.onResourceDoesNotExist(toContextString());
-    }
-
-    ImmutableList<String> getCdsNames() {
-      if (!hasDataValue() || getData().getValue().virtualHosts == null) {
-        return ImmutableList.of();
-      }
-
-      return ImmutableList.copyOf(getClusterNamesFromVirtualHost(getActiveVirtualHost()));
+      return getData();
     }
   }
 
@@ -789,7 +818,7 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
       switch (update.clusterType()) {
         case EDS:
           setData(update);
-          if (!addEdsWatcher(update.edsServiceName(), this))  {
+          if (!addEdsWatcher(getEdsServiceName(), this))  {
             maybePublishConfig();
           }
           break;
@@ -805,14 +834,15 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
             logger.log(XdsLogger.XdsLogLevel.WARNING,
                 "Cluster recursion depth limit exceeded for cluster {0}", resourceName());
             Status error = Status.UNAVAILABLE.withDescription(
-                "aggregate cluster graph exceeds max depth");
+                "aggregate cluster graph exceeds max depth at " + resourceName() + nodeInfo());
             setDataAsStatus(error);
           }
           if (hasDataValue()) {
-            Set<String> oldNames = new HashSet<>(getData().getValue().prioritizedClusterNames());
+            Set<String> oldNames = getData().getValue().clusterType() == ClusterType.AGGREGATE
+                ? new HashSet<>(getData().getValue().prioritizedClusterNames())
+                : Collections.emptySet();
             Set<String> newNames = new HashSet<>(update.prioritizedClusterNames());
 
-
             Set<String> deletedClusters = Sets.difference(oldNames, newNames);
             deletedClusters.forEach((cluster)
                 -> cancelClusterWatcherTree(getCluster(cluster), parentContext));
@@ -838,19 +868,20 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
           break;
         default:
           Status error = Status.UNAVAILABLE.withDescription(
-              "aggregate cluster graph exceeds max depth");
+              "aggregate cluster graph exceeds max depth at " + resourceName() + nodeInfo());
           setDataAsStatus(error);
           maybePublishConfig();
       }
     }
 
-    @Override
-    public void onResourceDoesNotExist(String resourceName) {
-      if (cancelled) {
-        return;
+    public String getEdsServiceName() {
+      XdsClusterResource.CdsUpdate cdsUpdate = getData().getValue();
+      assert cdsUpdate.clusterType() == ClusterType.EDS;
+      String edsServiceName = cdsUpdate.edsServiceName();
+      if (edsServiceName == null) {
+        edsServiceName = cdsUpdate.clusterName();
       }
-      handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
-      maybePublishConfig();
+      return edsServiceName;
     }
   }
 
@@ -868,15 +899,6 @@ public void onChanged(XdsEndpointResource.EdsUpdate update) {
       maybePublishConfig();
     }
 
-    @Override
-    public void onResourceDoesNotExist(String resourceName) {
-      if (cancelled) {
-        return;
-      }
-      handleDoesNotExist(checkNotNull(resourceName, "resourceName"));
-      maybePublishConfig();
-    }
-
     void addParentContext(CdsWatcher parentContext) {
       parentContexts.add(checkNotNull(parentContext, "parentContext"));
     }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 4b6da6ac8b8..5c1b3105c45 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -45,6 +45,7 @@
 import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.Status.Code;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ObjectPool;
@@ -60,11 +61,9 @@
 import io.grpc.xds.VirtualHost.Route.RouteAction.RetryPolicy;
 import io.grpc.xds.VirtualHost.Route.RouteMatch;
 import io.grpc.xds.XdsNameResolverProvider.CallCounterProvider;
-import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import io.grpc.xds.client.Bootstrapper.AuthorityInfo;
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
 import java.net.URI;
@@ -127,6 +126,7 @@ final class XdsNameResolver extends NameResolver {
   private final ConfigSelector configSelector = new ConfigSelector();
   private final long randomChannelId;
   private final MetricRecorder metricRecorder;
+  private final Args nameResolverArgs;
   // Must be accessed in syncContext.
   // Filter instances are unique per channel, and per filter (name+typeUrl).
   // NamedFilterConfig.filterStateKey -> filter_instance.
@@ -138,20 +138,17 @@ final class XdsNameResolver extends NameResolver {
   private XdsClient xdsClient;
   private CallCounterProvider callCounterProvider;
   private ResolveState resolveState;
-  // Workaround for https://github.com/grpc/grpc-java/issues/8886 . This should be handled in
-  // XdsClient instead of here.
-  private boolean receivedConfig;
 
   XdsNameResolver(
       URI targetUri, String name, @Nullable String overrideAuthority,
       ServiceConfigParser serviceConfigParser,
       SynchronizationContext syncContext, ScheduledExecutorService scheduler,
       @Nullable Map<String, ?> bootstrapOverride,
-      MetricRecorder metricRecorder) {
+      MetricRecorder metricRecorder, Args nameResolverArgs) {
     this(targetUri, targetUri.getAuthority(), name, overrideAuthority, serviceConfigParser,
         syncContext, scheduler, SharedXdsClientPoolProvider.getDefaultProvider(),
         ThreadSafeRandomImpl.instance, FilterRegistry.getDefaultRegistry(), bootstrapOverride,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
   }
 
   @VisibleForTesting
@@ -161,7 +158,7 @@ final class XdsNameResolver extends NameResolver {
       SynchronizationContext syncContext, ScheduledExecutorService scheduler,
       XdsClientPoolFactory xdsClientPoolFactory, ThreadSafeRandom random,
       FilterRegistry filterRegistry, @Nullable Map<String, ?> bootstrapOverride,
-      MetricRecorder metricRecorder) {
+      MetricRecorder metricRecorder, Args nameResolverArgs) {
     this.targetAuthority = targetAuthority;
     target = targetUri.toString();
 
@@ -180,6 +177,8 @@ final class XdsNameResolver extends NameResolver {
     this.random = checkNotNull(random, "random");
     this.filterRegistry = checkNotNull(filterRegistry, "filterRegistry");
     this.metricRecorder = metricRecorder;
+    this.nameResolverArgs = checkNotNull(nameResolverArgs, "nameResolverArgs");
+
     randomChannelId = random.nextLong();
     logId = InternalLogId.allocate("xds-resolver", name);
     logger = XdsLogger.withLogId(logId);
@@ -228,9 +227,8 @@ public void start(Listener2 listener) {
     }
     ldsResourceName = XdsClient.canonifyResourceName(ldsResourceName);
     callCounterProvider = SharedCallCounterMap.getInstance();
-    resolveState = new ResolveState(ldsResourceName);
 
-    resolveState.start();
+    resolveState = new ResolveState(ldsResourceName); // auto starts
   }
 
   private static String expandPercentS(String template, String replacement) {
@@ -241,7 +239,7 @@ private static String expandPercentS(String template, String replacement) {
   public void shutdown() {
     logger.log(XdsLogLevel.INFO, "Shutdown");
     if (resolveState != null) {
-      resolveState.stop();
+      resolveState.shutdown();
     }
     if (xdsClient != null) {
       xdsClient = xdsClientPool.returnObject(xdsClient);
@@ -290,7 +288,7 @@ XdsClient getXdsClient() {
   }
 
   // called in syncContext
-  private void updateResolutionResult() {
+  private void updateResolutionResult(XdsConfig xdsConfig) {
     syncContext.throwIfNotInThisSynchronizationContext();
 
     ImmutableMap.Builder<String, Object> childPolicy = new ImmutableMap.Builder<>();
@@ -312,6 +310,8 @@ private void updateResolutionResult() {
     Attributes attrs =
         Attributes.newBuilder()
             .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+            .set(XdsAttributes.XDS_CONFIG, xdsConfig)
+            .set(XdsAttributes.XDS_CLUSTER_SUBSCRIPT_REGISTRY, resolveState.xdsDependencyManager)
             .set(XdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
             .set(InternalConfigSelector.KEY, configSelector)
             .build();
@@ -321,7 +321,6 @@ private void updateResolutionResult() {
             .setServiceConfig(parsedServiceConfig)
             .build();
     listener.onResult2(result);
-    receivedConfig = true;
   }
 
   /**
@@ -540,7 +539,11 @@ private void releaseCluster(final String cluster) {
           public void run() {
             if (clusterRefs.get(cluster).refCount.get() == 0) {
               clusterRefs.remove(cluster);
-              updateResolutionResult();
+              if (resolveState.lastConfigOrStatus.hasValue()) {
+                updateResolutionResult(resolveState.lastConfigOrStatus.getValue());
+              } else {
+                resolveState.cleanUpRoutes(resolveState.lastConfigOrStatus.getStatus());
+              }
             }
           }
         });
@@ -629,82 +632,56 @@ private static String prefixedClusterSpecifierPluginName(String pluginName) {
     return "cluster_specifier_plugin:" + pluginName;
   }
 
-  private class ResolveState implements ResourceWatcher<XdsListenerResource.LdsUpdate> {
+  class ResolveState implements XdsDependencyManager.XdsConfigWatcher {
     private final ConfigOrError emptyServiceConfig =
         serviceConfigParser.parseServiceConfig(Collections.<String, Object>emptyMap());
-    private final String ldsResourceName;
+    private final String authority;
+    private final XdsDependencyManager xdsDependencyManager;
     private boolean stopped;
     @Nullable
     private Set<String> existingClusters;  // clusters to which new requests can be routed
-    @Nullable
-    private RouteDiscoveryState routeDiscoveryState;
+    private StatusOr<XdsConfig> lastConfigOrStatus;
 
-    ResolveState(String ldsResourceName) {
-      this.ldsResourceName = ldsResourceName;
+    private ResolveState(String ldsResourceName) {
+      authority = overrideAuthority != null ? overrideAuthority : encodedServiceAuthority;
+      xdsDependencyManager =
+          new XdsDependencyManager(xdsClient, this, syncContext, authority, ldsResourceName,
+              nameResolverArgs, scheduler);
     }
 
-    @Override
-    public void onChanged(final XdsListenerResource.LdsUpdate update) {
+    private void shutdown() {
       if (stopped) {
         return;
       }
-      logger.log(XdsLogLevel.INFO, "Receive LDS resource update: {0}", update);
-      HttpConnectionManager httpConnectionManager = update.httpConnectionManager();
-      List<VirtualHost> virtualHosts = httpConnectionManager.virtualHosts();
-      String rdsName = httpConnectionManager.rdsName();
-      ImmutableList<NamedFilterConfig> filterConfigs = httpConnectionManager.httpFilterConfigs();
-      long streamDurationNano = httpConnectionManager.httpMaxStreamDurationNano();
-
-      // Create/update HCM-bound state.
-      cleanUpRouteDiscoveryState();
-      updateActiveFilters(filterConfigs);
 
-      // Routes specified directly in LDS.
-      if (virtualHosts != null) {
-        updateRoutes(virtualHosts, streamDurationNano, filterConfigs);
-        return;
-      }
-      // Routes provided by RDS.
-      routeDiscoveryState = new RouteDiscoveryState(rdsName, streamDurationNano, filterConfigs);
-      logger.log(XdsLogLevel.INFO, "Start watching RDS resource {0}", rdsName);
-      xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
-          rdsName, routeDiscoveryState, syncContext);
+      stopped = true;
+      xdsDependencyManager.shutdown();
+      updateActiveFilters(null);
     }
 
     @Override
-    public void onError(final Status error) {
-      if (stopped || receivedConfig) {
+    public void onUpdate(StatusOr<XdsConfig> updateOrStatus) {
+      if (stopped) {
         return;
       }
-      listener.onError(Status.UNAVAILABLE.withCause(error.getCause()).withDescription(
-          String.format("Unable to load LDS %s. xDS server returned: %s: %s",
-          ldsResourceName, error.getCode(), error.getDescription())));
-    }
+      logger.log(XdsLogLevel.INFO, "Receive XDS resource update: {0}", updateOrStatus);
 
-    @Override
-    public void onResourceDoesNotExist(final String resourceName) {
-      if (stopped) {
+      lastConfigOrStatus = updateOrStatus;
+      if (!updateOrStatus.hasValue()) {
+        updateActiveFilters(null);
+        cleanUpRoutes(updateOrStatus.getStatus());
         return;
       }
-      String error = "LDS resource does not exist: " + resourceName;
-      logger.log(XdsLogLevel.INFO, error);
-      cleanUpRouteDiscoveryState();
-      updateActiveFilters(null);
-      cleanUpRoutes(error);
-    }
 
-    private void start() {
-      logger.log(XdsLogLevel.INFO, "Start watching LDS resource {0}", ldsResourceName);
-      xdsClient.watchXdsResource(XdsListenerResource.getInstance(),
-          ldsResourceName, this, syncContext);
-    }
+      // Process Route
+      XdsConfig update = updateOrStatus.getValue();
+      HttpConnectionManager httpConnectionManager = update.getListener().httpConnectionManager();
+      VirtualHost virtualHost = update.getVirtualHost();
+      ImmutableList<NamedFilterConfig> filterConfigs = httpConnectionManager.httpFilterConfigs();
+      long streamDurationNano = httpConnectionManager.httpMaxStreamDurationNano();
 
-    private void stop() {
-      logger.log(XdsLogLevel.INFO, "Stop watching LDS resource {0}", ldsResourceName);
-      stopped = true;
-      cleanUpRouteDiscoveryState();
-      updateActiveFilters(null);
-      xdsClient.cancelXdsResourceWatch(XdsListenerResource.getInstance(), ldsResourceName, this);
+      updateActiveFilters(filterConfigs);
+      updateRoutes(update, virtualHost, streamDurationNano, filterConfigs);
     }
 
     // called in syncContext
@@ -732,18 +709,11 @@ private void updateActiveFilters(@Nullable List<NamedFilterConfig> filterConfigs
       }
     }
 
-    // called in syncContext
-    private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDurationNano,
+    private void updateRoutes(
+        XdsConfig xdsConfig,
+        @Nullable VirtualHost virtualHost,
+        long httpMaxStreamDurationNano,
         @Nullable List<NamedFilterConfig> filterConfigs) {
-      String authority = overrideAuthority != null ? overrideAuthority : encodedServiceAuthority;
-      VirtualHost virtualHost = RoutingUtils.findVirtualHostForHostName(virtualHosts, authority);
-      if (virtualHost == null) {
-        String error = "Failed to find virtual host matching hostname: " + authority;
-        logger.log(XdsLogLevel.WARNING, error);
-        cleanUpRoutes(error);
-        return;
-      }
-
       List<Route> routes = virtualHost.routes();
       ImmutableList.Builder<RouteData> routesData = ImmutableList.builder();
 
@@ -826,7 +796,7 @@ private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDura
       }
       // Update service config to include newly added clusters.
       if (shouldUpdateResult && routingConfig != null) {
-        updateResolutionResult();
+        updateResolutionResult(xdsConfig);
         shouldUpdateResult = false;
       }
       // Make newly added clusters selectable by config selector and deleted clusters no longer
@@ -840,7 +810,7 @@ private void updateRoutes(List<VirtualHost> virtualHosts, long httpMaxStreamDura
         }
       }
       if (shouldUpdateResult) {
-        updateResolutionResult();
+        updateResolutionResult(xdsConfig);
       }
     }
 
@@ -882,10 +852,8 @@ private ClientInterceptor createFilters(
       return combineInterceptors(filterInterceptors.build());
     }
 
-    private void cleanUpRoutes(String error) {
-      String errorWithNodeId =
-          error + ", xDS node ID: " + xdsClient.getBootstrapInfo().node().getId();
-      routingConfig = new RoutingConfig(Status.UNAVAILABLE.withDescription(errorWithNodeId));
+    private void cleanUpRoutes(Status error) {
+      routingConfig = new RoutingConfig(error);
       if (existingClusters != null) {
         for (String cluster : existingClusters) {
           int count = clusterRefs.get(cluster).refCount.decrementAndGet();
@@ -904,64 +872,6 @@ private void cleanUpRoutes(String error) {
             .build())
           .setServiceConfig(emptyServiceConfig)
           .build());
-      receivedConfig = true;
-    }
-
-    private void cleanUpRouteDiscoveryState() {
-      if (routeDiscoveryState != null) {
-        String rdsName = routeDiscoveryState.resourceName;
-        logger.log(XdsLogLevel.INFO, "Stop watching RDS resource {0}", rdsName);
-        xdsClient.cancelXdsResourceWatch(XdsRouteConfigureResource.getInstance(), rdsName,
-            routeDiscoveryState);
-        routeDiscoveryState = null;
-      }
-    }
-
-    /**
-     * Discovery state for RouteConfiguration resource. One instance for each Listener resource
-     * update.
-     */
-    private class RouteDiscoveryState implements ResourceWatcher<RdsUpdate> {
-      private final String resourceName;
-      private final long httpMaxStreamDurationNano;
-      @Nullable
-      private final List<NamedFilterConfig> filterConfigs;
-
-      private RouteDiscoveryState(String resourceName, long httpMaxStreamDurationNano,
-          @Nullable List<NamedFilterConfig> filterConfigs) {
-        this.resourceName = resourceName;
-        this.httpMaxStreamDurationNano = httpMaxStreamDurationNano;
-        this.filterConfigs = filterConfigs;
-      }
-
-      @Override
-      public void onChanged(final RdsUpdate update) {
-        if (RouteDiscoveryState.this != routeDiscoveryState) {
-          return;
-        }
-        logger.log(XdsLogLevel.INFO, "Received RDS resource update: {0}", update);
-        updateRoutes(update.virtualHosts, httpMaxStreamDurationNano, filterConfigs);
-      }
-
-      @Override
-      public void onError(final Status error) {
-        if (RouteDiscoveryState.this != routeDiscoveryState || receivedConfig) {
-          return;
-        }
-        listener.onError(Status.UNAVAILABLE.withCause(error.getCause()).withDescription(
-            String.format("Unable to load RDS %s. xDS server returned: %s: %s",
-            resourceName, error.getCode(), error.getDescription())));
-      }
-
-      @Override
-      public void onResourceDoesNotExist(final String resourceName) {
-        if (RouteDiscoveryState.this != routeDiscoveryState) {
-          return;
-        }
-        String error = "RDS resource does not exist: " + resourceName;
-        logger.log(XdsLogLevel.INFO, error);
-        cleanUpRoutes(error);
-      }
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
index 74518331269..eb3887396a0 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
@@ -82,7 +82,7 @@ public XdsNameResolver newNameResolver(URI targetUri, Args args) {
           args.getServiceConfigParser(), args.getSynchronizationContext(),
           args.getScheduledExecutorService(),
           bootstrapOverride,
-          args.getMetricRecorder());
+          args.getMetricRecorder(), args);
     }
     return null;
   }
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index f94a94a9446..2af04a3aedf 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.StatusMatcher.statusHasCode;
 import static io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType.AGGREGATE;
 import static io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType.EDS;
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
@@ -32,7 +33,6 @@
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.argThat;
-import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -47,24 +47,26 @@
 import io.envoyproxy.envoy.config.listener.v3.Listener;
 import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
 import io.grpc.BindableService;
+import io.grpc.ChannelLogger;
 import io.grpc.ManagedChannel;
+import io.grpc.NameResolver;
 import io.grpc.Server;
 import io.grpc.Status;
 import io.grpc.StatusOr;
+import io.grpc.StatusOrMatcher;
 import io.grpc.SynchronizationContext;
 import io.grpc.inprocess.InProcessChannelBuilder;
 import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.ExponentialBackoffPolicy;
 import io.grpc.internal.FakeClock;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.testing.GrpcCleanupRule;
+import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
-import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
-import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClientImpl;
 import io.grpc.xds.client.XdsClientMetricReporter;
-import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.client.XdsTransportFactory;
 import java.io.Closeable;
 import java.io.IOException;
@@ -77,7 +79,7 @@
 import java.util.Map;
 import java.util.Queue;
 import java.util.Set;
-import java.util.concurrent.Executor;
+import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;
@@ -108,7 +110,9 @@ public class XdsDependencyManagerTest {
   private XdsClientMetricReporter xdsClientMetricReporter;
 
   private final SynchronizationContext syncContext =
-      new SynchronizationContext(mock(Thread.UncaughtExceptionHandler.class));
+      new SynchronizationContext((t, e) -> {
+        throw new AssertionError(e);
+      });
 
   private ManagedChannel channel;
   private XdsClientImpl xdsClient;
@@ -133,9 +137,17 @@ public class XdsDependencyManagerTest {
   private XdsConfig defaultXdsConfig; // set in setUp()
 
   @Captor
-  private ArgumentCaptor<XdsConfig> xdsConfigCaptor;
-  @Captor
-  private ArgumentCaptor<Status> statusCaptor;
+  private ArgumentCaptor<StatusOr<XdsConfig>> xdsUpdateCaptor;
+  private final NameResolver.Args nameResolverArgs = NameResolver.Args.newBuilder()
+      .setDefaultPort(8080)
+      .setProxyDetector(GrpcUtil.DEFAULT_PROXY_DETECTOR)
+      .setSynchronizationContext(syncContext)
+      .setServiceConfigParser(mock(NameResolver.ServiceConfigParser.class))
+      .setChannelLogger(mock(ChannelLogger.class))
+      .setScheduledExecutorService(fakeClock.getScheduledExecutorService())
+      .build();
+
+  private final ScheduledExecutorService scheduler = fakeClock.getScheduledExecutorService();
 
   @Before
   public void setUp() throws Exception {
@@ -180,36 +192,36 @@ public void tearDown() throws InterruptedException {
 
   @Test
   public void verify_basic_config() {
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
 
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
-    testWatcher.verifyStats(1, 0, 0);
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
+    testWatcher.verifyStats(1, 0);
   }
 
   @Test
   public void verify_config_update() {
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
 
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
-    testWatcher.verifyStats(1, 0, 0);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
+    testWatcher.verifyStats(1, 0);
     assertThat(testWatcher.lastConfig).isEqualTo(defaultXdsConfig);
 
     XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS2", "CDS2", "EDS2",
         ENDPOINT_HOSTNAME + "2", ENDPOINT_PORT + 2);
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(ArgumentMatchers.notNull());
-    testWatcher.verifyStats(2, 0, 0);
+    testWatcher.verifyStats(2, 0);
     assertThat(testWatcher.lastConfig).isNotEqualTo(defaultXdsConfig);
   }
 
   @Test
   public void verify_simple_aggregate() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
     String rootName = "root_c";
@@ -226,14 +238,14 @@ public void verify_simple_aggregate() {
         testWatcher.lastConfig.getClusters();
     assertThat(lastConfigClusters).hasSize(childNames.size() + 1);
     StatusOr<XdsClusterConfig> rootC = lastConfigClusters.get(rootName);
-    XdsClusterResource.CdsUpdate rootUpdate = rootC.getValue().getClusterResource();
+    CdsUpdate rootUpdate = rootC.getValue().getClusterResource();
     assertThat(rootUpdate.clusterType()).isEqualTo(AGGREGATE);
     assertThat(rootUpdate.prioritizedClusterNames()).isEqualTo(childNames);
 
     for (String childName : childNames) {
       assertThat(lastConfigClusters).containsKey(childName);
       StatusOr<XdsClusterConfig> childConfigOr = lastConfigClusters.get(childName);
-      XdsClusterResource.CdsUpdate childResource =
+      CdsUpdate childResource =
           childConfigOr.getValue().getClusterResource();
       assertThat(childResource.clusterType()).isEqualTo(EDS);
       assertThat(childResource.edsServiceName()).isEqualTo(getEdsNameForCluster(childName));
@@ -266,54 +278,57 @@ public void testComplexRegisteredAggregate() throws IOException {
     List<String> childNames2 = Arrays.asList("clusterA", "clusterX");
     XdsTestUtils.addAggregateToExistingConfig(controlPlaneService, rootName2, childNames2);
 
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
 
     Closeable subscription1 = xdsDependencyManager.subscribeToCluster(rootName1);
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
 
     Closeable subscription2 = xdsDependencyManager.subscribeToCluster(rootName2);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    testWatcher.verifyStats(3, 0, 0);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    testWatcher.verifyStats(3, 0);
     ImmutableSet.Builder<String> builder = ImmutableSet.builder();
     Set<String> expectedClusters = builder.add(rootName1).add(rootName2).add(CLUSTER_NAME)
         .addAll(childNames).addAll(childNames2).build();
-    assertThat(xdsConfigCaptor.getValue().getClusters().keySet()).isEqualTo(expectedClusters);
+    assertThat(xdsUpdateCaptor.getValue().getValue().getClusters().keySet())
+        .isEqualTo(expectedClusters);
 
     // Close 1 subscription shouldn't affect the other or RDS subscriptions
     subscription1.close();
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
     builder = ImmutableSet.builder();
     Set<String> expectedClusters2 =
         builder.add(rootName2).add(CLUSTER_NAME).addAll(childNames2).build();
-    assertThat(xdsConfigCaptor.getValue().getClusters().keySet()).isEqualTo(expectedClusters2);
+    assertThat(xdsUpdateCaptor.getValue().getValue().getClusters().keySet())
+        .isEqualTo(expectedClusters2);
 
     subscription2.close();
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
   }
 
   @Test
   public void testDelayedSubscription() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     String rootName1 = "root_c";
 
     Closeable subscription1 = xdsDependencyManager.subscribeToCluster(rootName1);
     assertThat(subscription1).isNotNull();
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    inOrder.verify(xdsConfigWatcher).onUpdate(xdsConfigCaptor.capture());
-    assertThat(xdsConfigCaptor.getValue().getClusters().get(rootName1).toString()).isEqualTo(
-        StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
-            "No " + toContextStr(CLUSTER_TYPE_NAME, rootName1))).toString());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
+    Status status = xdsUpdateCaptor.getValue().getValue().getClusters().get(rootName1).getStatus();
+    assertThat(status.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(status.getDescription()).contains(rootName1);
 
     List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
     XdsTestUtils.addAggregateToExistingConfig(controlPlaneService, rootName1, childNames);
-    inOrder.verify(xdsConfigWatcher).onUpdate(xdsConfigCaptor.capture());
-    assertThat(xdsConfigCaptor.getValue().getClusters().get(rootName1).hasValue()).isTrue();
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
+    assertThat(xdsUpdateCaptor.getValue().getValue().getClusters().get(rootName1).hasValue())
+        .isTrue();
   }
 
   @Test
@@ -342,109 +357,99 @@ public void testMissingCdsAndEds() {
     edsMap.put("garbageEds", clusterLoadAssignment);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
 
     List<StatusOr<XdsClusterConfig>> returnedClusters = new ArrayList<>();
     for (String childName : childNames) {
-      returnedClusters.add(xdsConfigCaptor.getValue().getClusters().get(childName));
+      returnedClusters.add(xdsUpdateCaptor.getValue().getValue().getClusters().get(childName));
     }
 
     // Check that missing cluster reported Status and the other 2 are present
-    Status expectedClusterStatus = Status.UNAVAILABLE.withDescription(
-        "No " + toContextStr(CLUSTER_TYPE_NAME, childNames.get(2)));
     StatusOr<XdsClusterConfig> missingCluster = returnedClusters.get(2);
-    assertThat(missingCluster.getStatus().toString()).isEqualTo(expectedClusterStatus.toString());
+    assertThat(missingCluster.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(missingCluster.getStatus().getDescription()).contains(childNames.get(2));
     assertThat(returnedClusters.get(0).hasValue()).isTrue();
     assertThat(returnedClusters.get(1).hasValue()).isTrue();
 
     // Check that missing EDS reported Status, the other one is present and the garbage EDS is not
-    Status expectedEdsStatus = Status.UNAVAILABLE.withDescription(
-        "No " + toContextStr(ENDPOINT_TYPE_NAME, XdsTestUtils.EDS_NAME + 1));
     assertThat(getEndpoint(returnedClusters.get(0)).hasValue()).isTrue();
-    assertThat(getEndpoint(returnedClusters.get(1)).hasValue()).isFalse();
-    assertThat(getEndpoint(returnedClusters.get(1)).getStatus().toString())
-        .isEqualTo(expectedEdsStatus.toString());
-
-    verify(xdsConfigWatcher, never()).onResourceDoesNotExist(any());
-    testWatcher.verifyStats(1, 0, 0);
+    assertThat(getEndpoint(returnedClusters.get(1)).getStatus().getCode())
+        .isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(getEndpoint(returnedClusters.get(1)).getStatus().getDescription())
+        .contains(XdsTestUtils.EDS_NAME + 1);
+
+    verify(xdsConfigWatcher, never()).onUpdate(
+        argThat(StatusOrMatcher.hasStatus(statusHasCode(Status.Code.UNAVAILABLE))));
+    testWatcher.verifyStats(1, 0);
   }
 
   @Test
   public void testMissingLds() {
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, "badLdsName");
+    String ldsName = "badLdsName";
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, ldsName, nameResolverArgs, scheduler);
+
+    fakeClock.forwardTime(16, TimeUnit.SECONDS);
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(
+        argThat(StatusOrMatcher.hasStatus(statusHasCode(Status.Code.UNAVAILABLE)
+            .andDescriptionContains(ldsName))));
+
+    testWatcher.verifyStats(0, 1);
+  }
+
+  @Test
+  public void testTcpListenerErrors() {
+    Listener serverListener =
+        ControlPlaneRule.buildServerListener().toBuilder().setName(serverName).build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS, ImmutableMap.of(serverName, serverListener));
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    verify(xdsConfigWatcher, timeout(1000)).onResourceDoesNotExist(
-        toContextStr(XdsListenerResource.getInstance().typeName(), "badLdsName"));
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(
+        argThat(StatusOrMatcher.hasStatus(
+            statusHasCode(Status.Code.UNAVAILABLE).andDescriptionContains("Not an API listener"))));
 
-    testWatcher.verifyStats(0, 0, 1);
+    testWatcher.verifyStats(0, 1);
   }
 
   @Test
   public void testMissingRds() {
-    Listener serverListener = ControlPlaneRule.buildServerListener();
-    Listener clientListener =
-        ControlPlaneRule.buildClientListener(serverName, serverName, "badRdsName");
+    String rdsName = "badRdsName";
+    Listener clientListener = ControlPlaneRule.buildClientListener(serverName, serverName, rdsName);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
-        ImmutableMap.of(XdsTestUtils.SERVER_LISTENER, serverListener, serverName, clientListener));
+        ImmutableMap.of(serverName, clientListener));
 
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    verify(xdsConfigWatcher, timeout(1000)).onResourceDoesNotExist(
-        toContextStr(XdsRouteConfigureResource.getInstance().typeName(), "badRdsName"));
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(
+        argThat(StatusOrMatcher.hasStatus(statusHasCode(Status.Code.UNAVAILABLE)
+            .andDescriptionContains(rdsName))));
 
-    testWatcher.verifyStats(0, 0, 1);
+    testWatcher.verifyStats(0, 1);
   }
 
   @Test
   public void testUpdateToMissingVirtualHost() {
-    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    WrappedXdsClient wrappedXdsClient = new WrappedXdsClient(xdsClient, syncContext);
-    xdsDependencyManager = new XdsDependencyManager(
-        wrappedXdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+    RouteConfiguration routeConfig = XdsTestUtils.buildRouteConfiguration(
+        "wrong-virtual-host", XdsTestUtils.RDS_NAME, XdsTestUtils.CLUSTER_NAME);
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
 
     // Update with a config that has a virtual host that doesn't match the server name
-    wrappedXdsClient.deliverLdsUpdate(0L, buildUnmatchedVirtualHosts());
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onError(any(), statusCaptor.capture());
-    assertThat(statusCaptor.getValue().getDescription())
-        .isEqualTo("Failed to find virtual host matching hostname: " + serverName);
-
-    testWatcher.verifyStats(1, 1, 0);
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    assertThat(xdsUpdateCaptor.getValue().getStatus().getDescription())
+        .contains("Failed to find virtual host matching hostname: " + serverName);
 
-    wrappedXdsClient.shutdown();
-  }
-
-  private List<io.grpc.xds.VirtualHost> buildUnmatchedVirtualHosts() {
-    io.grpc.xds.VirtualHost.Route route1 =
-        io.grpc.xds.VirtualHost.Route.forAction(
-            io.grpc.xds.VirtualHost.Route.RouteMatch.withPathExactOnly("/GreetService/bye"),
-        io.grpc.xds.VirtualHost.Route.RouteAction.forCluster(
-            "cluster-bar.googleapis.com", Collections.emptyList(),
-            TimeUnit.SECONDS.toNanos(15L), null, false), ImmutableMap.of());
-    io.grpc.xds.VirtualHost.Route route2 =
-        io.grpc.xds.VirtualHost.Route.forAction(
-            io.grpc.xds.VirtualHost.Route.RouteMatch.withPathExactOnly("/HelloService/hi"),
-        io.grpc.xds.VirtualHost.Route.RouteAction.forCluster(
-            "cluster-foo.googleapis.com", Collections.emptyList(),
-            TimeUnit.SECONDS.toNanos(15L), null, false),
-        ImmutableMap.of());
-    return Arrays.asList(
-        io.grpc.xds.VirtualHost.create("virtualhost-foo", Collections.singletonList("hello"
-                + ".googleapis.com"),
-            Collections.singletonList(route1),
-            ImmutableMap.of()),
-        io.grpc.xds.VirtualHost.create("virtualhost-bar", Collections.singletonList("hi"
-                + ".googleapis.com"),
-            Collections.singletonList(route2),
-            ImmutableMap.of()));
+    testWatcher.verifyStats(0, 1);
   }
 
   @Test
@@ -452,37 +457,32 @@ public void testCorruptLds() {
     String ldsResourceName =
         "xdstp://unknown.example.com/envoy.config.listener.v3.Listener/listener1";
 
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, ldsResourceName);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, ldsResourceName, nameResolverArgs, scheduler);
 
-    Status expectedStatus = Status.INVALID_ARGUMENT.withDescription(
-        "Wrong configuration: xds server does not exist for resource " + ldsResourceName);
-    String context = toContextStr(XdsListenerResource.getInstance().typeName(), ldsResourceName);
-    verify(xdsConfigWatcher, timeout(1000))
-        .onError(eq(context), argThat(new XdsTestUtils.StatusMatcher(expectedStatus)));
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(
+        argThat(StatusOrMatcher.hasStatus(
+            statusHasCode(Status.Code.UNAVAILABLE).andDescriptionContains(ldsResourceName))));
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    testWatcher.verifyStats(0, 1, 0);
+    testWatcher.verifyStats(0, 1);
   }
 
   @Test
   public void testChangeRdsName_fromLds() {
-    // TODO implement
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    Listener serverListener = ControlPlaneRule.buildServerListener();
-
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(defaultXdsConfig);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     String newRdsName = "newRdsName1";
 
     Listener clientListener = buildInlineClientListener(newRdsName, CLUSTER_NAME);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
-        ImmutableMap.of(XdsTestUtils.SERVER_LISTENER, serverListener, serverName, clientListener));
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    assertThat(xdsConfigCaptor.getValue()).isNotEqualTo(defaultXdsConfig);
-    assertThat(xdsConfigCaptor.getValue().getVirtualHost().name()).isEqualTo(newRdsName);
+        ImmutableMap.of(serverName, clientListener));
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    assertThat(xdsUpdateCaptor.getValue().getValue()).isNotEqualTo(defaultXdsConfig);
+    assertThat(xdsUpdateCaptor.getValue().getValue().getVirtualHost().name()).isEqualTo(newRdsName);
   }
 
   @Test
@@ -527,22 +527,22 @@ public void testMultipleParentsInCdsTree() throws IOException {
 
     // Start the actual test
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    XdsConfig initialConfig = xdsConfigCaptor.getValue();
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    XdsConfig initialConfig = xdsUpdateCaptor.getValue().getValue();
 
     // Make sure that adding subscriptions that rds points at doesn't change the config
     Closeable rootSub = xdsDependencyManager.subscribeToCluster("root");
-    assertThat(xdsDependencyManager.buildConfig()).isEqualTo(initialConfig);
+    assertThat(xdsDependencyManager.buildUpdate().getValue()).isEqualTo(initialConfig);
     Closeable clusterAB11Sub = xdsDependencyManager.subscribeToCluster("clusterAB11");
-    assertThat(xdsDependencyManager.buildConfig()).isEqualTo(initialConfig);
+    assertThat(xdsDependencyManager.buildUpdate().getValue()).isEqualTo(initialConfig);
 
     // Make sure that closing subscriptions that rds points at doesn't change the config
     rootSub.close();
-    assertThat(xdsDependencyManager.buildConfig()).isEqualTo(initialConfig);
+    assertThat(xdsDependencyManager.buildUpdate().getValue()).isEqualTo(initialConfig);
     clusterAB11Sub.close();
-    assertThat(xdsDependencyManager.buildConfig()).isEqualTo(initialConfig);
+    assertThat(xdsDependencyManager.buildUpdate().getValue()).isEqualTo(initialConfig);
 
     // Make an explicit root subscription and then change RDS to point to A11
     rootSub = xdsDependencyManager.subscribeToCluster("root");
@@ -550,13 +550,14 @@ public void testMultipleParentsInCdsTree() throws IOException {
         XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "clusterA11");
     controlPlaneService.setXdsConfig(
         ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, newRouteConfig));
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    assertThat(xdsConfigCaptor.getValue().getClusters().keySet().size()).isEqualTo(4);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    assertThat(xdsUpdateCaptor.getValue().getValue().getClusters().keySet().size()).isEqualTo(4);
 
     // Now that it is released, we should only have A11
     rootSub.close();
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    assertThat(xdsConfigCaptor.getValue().getClusters().keySet()).containsExactly("clusterA11");
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    assertThat(xdsUpdateCaptor.getValue().getValue().getClusters().keySet())
+        .containsExactly("clusterA11");
   }
 
   @Test
@@ -587,10 +588,10 @@ public void testMultipleCdsReferToSameEds() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
     // Start the actual test
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    XdsConfig initialConfig = xdsConfigCaptor.getValue();
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    XdsConfig initialConfig = xdsUpdateCaptor.getValue().getValue();
     assertThat(initialConfig.getClusters().keySet())
         .containsExactly("root", "clusterA", "clusterB");
 
@@ -605,8 +606,8 @@ public void testMultipleCdsReferToSameEds() {
 
   @Test
   public void testChangeRdsName_FromLds_complexTree() {
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
 
     // Create the same tree as in testMultipleParentsInCdsTree
     Cluster rootCluster =
@@ -639,11 +640,10 @@ public void testChangeRdsName_FromLds_complexTree() {
     // Do the test
     String newRdsName = "newRdsName1";
     Listener clientListener = buildInlineClientListener(newRdsName, "root");
-    Listener serverListener = ControlPlaneRule.buildServerListener();
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
-        ImmutableMap.of(XdsTestUtils.SERVER_LISTENER, serverListener, serverName, clientListener));
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsConfigCaptor.capture());
-    XdsConfig config = xdsConfigCaptor.getValue();
+        ImmutableMap.of(serverName, clientListener));
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    XdsConfig config = xdsUpdateCaptor.getValue().getValue();
     assertThat(config.getVirtualHost().name()).isEqualTo(newRdsName);
     assertThat(config.getClusters().size()).isEqualTo(4);
   }
@@ -652,9 +652,9 @@ public void testChangeRdsName_FromLds_complexTree() {
   public void testChangeAggCluster() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
 
-    xdsDependencyManager = new XdsDependencyManager(
-        xdsClient, xdsConfigWatcher, syncContext, serverName, serverName);
-    inOrder.verify(xdsConfigWatcher, atLeastOnce()).onUpdate(any());
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
 
     // Setup initial config A -> A1 -> (A11, A12)
     Cluster rootCluster =
@@ -673,9 +673,8 @@ public void testChangeAggCluster() {
 
     XdsTestUtils.addEdsClusters(clusterMap, edsMap, "clusterA11", "clusterA12");
     Listener clientListener = buildInlineClientListener(RDS_NAME, "root");
-    Listener serverListener = ControlPlaneRule.buildServerListener();
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
-        ImmutableMap.of(XdsTestUtils.SERVER_LISTENER, serverListener, serverName, clientListener));
+        ImmutableMap.of(serverName, clientListener));
 
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
@@ -702,96 +701,50 @@ public void testChangeAggCluster() {
     inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(argThat(nameMatcher));
   }
 
-  private Listener buildInlineClientListener(String rdsName, String clusterName) {
-    return XdsTestUtils.buildInlineClientListener(rdsName, clusterName, serverName);
+  @Test
+  public void testCdsError() throws IOException {
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_CDS, ImmutableMap.of(XdsTestUtils.CLUSTER_NAME,
+          Cluster.newBuilder().setName(XdsTestUtils.CLUSTER_NAME).build()));
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    Status status = xdsUpdateCaptor.getValue().getValue()
+        .getClusters().get(CLUSTER_NAME).getStatus();
+    assertThat(status.getDescription()).contains(XdsTestUtils.CLUSTER_NAME);
   }
 
-
-  private static String toContextStr(String type, String resourceName) {
-    return type + " resource: " + resourceName;
+  private Listener buildInlineClientListener(String rdsName, String clusterName) {
+    return XdsTestUtils.buildInlineClientListener(rdsName, clusterName, serverName);
   }
 
   private static class TestWatcher implements XdsDependencyManager.XdsConfigWatcher {
     XdsConfig lastConfig;
     int numUpdates = 0;
     int numError = 0;
-    int numDoesNotExist = 0;
 
     @Override
-    public void onUpdate(XdsConfig config) {
-      log.fine("Config changed: " + config);
-      lastConfig = config;
-      numUpdates++;
-    }
-
-    @Override
-    public void onError(String resourceContext, Status status) {
-      log.fine(String.format("Error %s for %s: ", status, resourceContext));
-      numError++;
-    }
-
-    @Override
-    public void onResourceDoesNotExist(String resourceName) {
-      log.fine("Resource does not exist: " + resourceName);
-      numDoesNotExist++;
-    }
-
-    private List<Integer> getStats() {
-      return Arrays.asList(numUpdates, numError, numDoesNotExist);
-    }
-
-    private void verifyStats(int updt, int err, int notExist) {
-      assertThat(getStats()).isEqualTo(Arrays.asList(updt, err, notExist));
-    }
-  }
-
-  private static class WrappedXdsClient extends XdsClient {
-    private final XdsClient delegate;
-    private final SynchronizationContext syncContext;
-    private ResourceWatcher<LdsUpdate> ldsWatcher;
-
-    WrappedXdsClient(XdsClient delegate, SynchronizationContext syncContext) {
-      this.delegate = delegate;
-      this.syncContext = syncContext;
-    }
-
-    @Override
-    public void shutdown() {
-      delegate.shutdown();
-    }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public <T extends ResourceUpdate> void watchXdsResource(
-        XdsResourceType<T> type, String resourceName, ResourceWatcher<T> watcher,
-        Executor executor) {
-      if (type.equals(XdsListenerResource.getInstance())) {
-        ldsWatcher = (ResourceWatcher<LdsUpdate>) watcher;
+    public void onUpdate(StatusOr<XdsConfig> update) {
+      log.fine("Config update: " + update);
+      if (update.hasValue()) {
+        lastConfig = update.getValue();
+        numUpdates++;
+      } else {
+        numError++;
       }
-      delegate.watchXdsResource(type, resourceName, watcher, executor);
     }
 
-
-
-    @Override
-    public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T> type,
-                                                                  String resourceName,
-                                                                  ResourceWatcher<T> watcher) {
-      delegate.cancelXdsResourceWatch(type, resourceName, watcher);
+    private List<Integer> getStats() {
+      return Arrays.asList(numUpdates, numError);
     }
 
-    void deliverLdsUpdate(long httpMaxStreamDurationNano,
-                          List<io.grpc.xds.VirtualHost> virtualHosts) {
-      syncContext.execute(() -> {
-        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(
-            io.grpc.xds.HttpConnectionManager.forVirtualHosts(
-            httpMaxStreamDurationNano, virtualHosts, null));
-        ldsWatcher.onChanged(ldsUpdate);
-      });
+    private void verifyStats(int updt, int err) {
+      assertThat(getStats()).isEqualTo(Arrays.asList(updt, err));
     }
   }
 
-  static class ClusterNameMatcher implements ArgumentMatcher<XdsConfig> {
+  static class ClusterNameMatcher implements ArgumentMatcher<StatusOr<XdsConfig>> {
     private final List<String> expectedNames;
 
     ClusterNameMatcher(List<String> expectedNames) {
@@ -799,7 +752,11 @@ static class ClusterNameMatcher implements ArgumentMatcher<XdsConfig> {
     }
 
     @Override
-    public boolean matches(XdsConfig xdsConfig) {
+    public boolean matches(StatusOr<XdsConfig> update) {
+      if (!update.hasValue()) {
+        return false;
+      }
+      XdsConfig xdsConfig = update.getValue();
       if (xdsConfig == null || xdsConfig.getClusters() == null) {
         return false;
       }
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 4a8193c932d..7425e3e31de 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -46,6 +46,7 @@
 import com.google.re2j.Pattern;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
+import io.grpc.ChannelLogger;
 import io.grpc.ClientCall;
 import io.grpc.ClientInterceptor;
 import io.grpc.ClientInterceptors;
@@ -70,6 +71,7 @@
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.AutoConfiguredLoadBalancerFactory;
 import io.grpc.internal.FakeClock;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.JsonParser;
 import io.grpc.internal.JsonUtil;
 import io.grpc.internal.ObjectPool;
@@ -89,6 +91,8 @@
 import io.grpc.xds.VirtualHost.Route.RouteAction.RetryPolicy;
 import io.grpc.xds.VirtualHost.Route.RouteMatch;
 import io.grpc.xds.VirtualHost.Route.RouteMatch.PathMatcher;
+import io.grpc.xds.XdsClusterResource.CdsUpdate;
+import io.grpc.xds.XdsEndpointResource.EdsUpdate;
 import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import io.grpc.xds.client.Bootstrapper.AuthorityInfo;
@@ -104,6 +108,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -187,6 +192,15 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
   private TestCall<?, ?> testCall;
   private boolean originalEnableTimeout;
   private URI targetUri;
+  private final NameResolver.Args nameResolverArgs = NameResolver.Args.newBuilder()
+      .setDefaultPort(8080)
+      .setProxyDetector(GrpcUtil.DEFAULT_PROXY_DETECTOR)
+      .setSynchronizationContext(syncContext)
+      .setServiceConfigParser(mock(NameResolver.ServiceConfigParser.class))
+      .setChannelLogger(mock(ChannelLogger.class))
+      .setScheduledExecutorService(fakeClock.getScheduledExecutorService())
+      .build();
+
 
   @Before
   public void setUp() {
@@ -213,7 +227,7 @@ public void setUp() {
 
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, filterRegistry, null, metricRecorder);
+        xdsClientPoolFactory, mockRandom, filterRegistry, null, metricRecorder, nameResolverArgs);
   }
 
   @After
@@ -259,7 +273,7 @@ public List<String> getTargets() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener).onError(errorCaptor.capture());
     Status error = errorCaptor.getValue();
@@ -273,7 +287,7 @@ public void resolving_withTargetAuthorityNotFound() {
     resolver = new XdsNameResolver(targetUri,
         "notfound.google.com", AUTHORITY, null, serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener).onError(errorCaptor.capture());
     Status error = errorCaptor.getValue();
@@ -295,7 +309,7 @@ public void resolving_noTargetAuthority_templateWithoutXdstp() {
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext,
         scheduler, xdsClientPoolFactory,
-        mockRandom, FilterRegistry.getDefaultRegistry(), null, metricRecorder);
+        mockRandom, FilterRegistry.getDefaultRegistry(), null, metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
   }
@@ -316,7 +330,7 @@ public void resolving_noTargetAuthority_templateWithXdstp() {
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
   }
@@ -337,7 +351,7 @@ public void resolving_noTargetAuthority_xdstpWithMultipleSlashes() {
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
 
 
     // The Service Authority must be URL encoded, but unlike the LDS resource name.
@@ -366,7 +380,7 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
     resolver = new XdsNameResolver(targetUri,
         "xds.authority.com", serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
   }
@@ -399,7 +413,7 @@ public void resolving_ldsResourceUpdateRdsName() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     // use different ldsResourceName and service authority. The virtualhost lookup should use
     // service authority.
     expectedLdsResourceName = "test-" + expectedLdsResourceName;
@@ -413,6 +427,7 @@ public void resolving_ldsResourceUpdateRdsName() {
             Collections.singletonList(route1),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
@@ -429,6 +444,7 @@ public void resolving_ldsResourceUpdateRdsName() {
             Collections.singletonList(route2),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(alternativeRdsResource, Collections.singletonList(virtualHost));
+    createAndDeliverClusterUpdates(xdsClient, cluster2);
     // Two new service config updates triggered:
     //  - with load balancing config being able to select cluster1 and cluster2
     //  - with load balancing config being able to select cluster2 only
@@ -467,6 +483,7 @@ public void resolving_ldsResourceRevokedAndAddedBack() {
             Collections.singletonList(route),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
@@ -483,6 +500,7 @@ public void resolving_ldsResourceRevokedAndAddedBack() {
     verifyNoInteractions(mockListener);
     assertThat(xdsClient.rdsResource).isEqualTo(RDS_RESOURCE_NAME);
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
@@ -506,6 +524,7 @@ public void resolving_rdsResourceRevokedAndAddedBack() {
             Collections.singletonList(route),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
@@ -529,11 +548,15 @@ public void resolving_encounterErrorLdsWatcherOnly() {
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverError(Status.UNAVAILABLE.withDescription("server unreachable"));
-    verify(mockListener).onError(errorCaptor.capture());
-    Status error = errorCaptor.getValue();
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    InternalConfigSelector configSelector = resolutionResultCaptor.getValue()
+        .getAttributes().get(InternalConfigSelector.KEY);
+    Result selectResult = configSelector.selectConfig(
+        newPickSubchannelArgs(call1.methodDescriptor, new Metadata(), CallOptions.DEFAULT));
+    Status error = selectResult.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
-    assertThat(error.getDescription()).isEqualTo("Unable to load LDS " + AUTHORITY
-        + ". xDS server returned: UNAVAILABLE: server unreachable");
+    assertThat(error.getDescription()).contains(AUTHORITY);
+    assertThat(error.getDescription()).contains("UNAVAILABLE: server unreachable");
   }
 
   @Test
@@ -541,11 +564,15 @@ public void resolving_translateErrorLds() {
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverError(Status.NOT_FOUND.withDescription("server unreachable"));
-    verify(mockListener).onError(errorCaptor.capture());
-    Status error = errorCaptor.getValue();
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    InternalConfigSelector configSelector = resolutionResultCaptor.getValue()
+        .getAttributes().get(InternalConfigSelector.KEY);
+    Result selectResult = configSelector.selectConfig(
+        newPickSubchannelArgs(call1.methodDescriptor, new Metadata(), CallOptions.DEFAULT));
+    Status error = selectResult.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
-    assertThat(error.getDescription()).isEqualTo("Unable to load LDS " + AUTHORITY
-        + ". xDS server returned: NOT_FOUND: server unreachable");
+    assertThat(error.getDescription()).contains(AUTHORITY);
+    assertThat(error.getDescription()).contains("NOT_FOUND: server unreachable");
     assertThat(error.getCause()).isNull();
   }
 
@@ -555,15 +582,15 @@ public void resolving_encounterErrorLdsAndRdsWatchers() {
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdateForRdsName(RDS_RESOURCE_NAME);
     xdsClient.deliverError(Status.UNAVAILABLE.withDescription("server unreachable"));
-    verify(mockListener, times(2)).onError(errorCaptor.capture());
-    Status error = errorCaptor.getAllValues().get(0);
-    assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
-    assertThat(error.getDescription()).isEqualTo("Unable to load LDS " + AUTHORITY
-        + ". xDS server returned: UNAVAILABLE: server unreachable");
-    error = errorCaptor.getAllValues().get(1);
+    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    InternalConfigSelector configSelector = resolutionResultCaptor.getValue()
+        .getAttributes().get(InternalConfigSelector.KEY);
+    Result selectResult = configSelector.selectConfig(
+        newPickSubchannelArgs(call1.methodDescriptor, new Metadata(), CallOptions.DEFAULT));
+    Status error = selectResult.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
-    assertThat(error.getDescription()).isEqualTo("Unable to load RDS " + RDS_RESOURCE_NAME
-        + ". xDS server returned: UNAVAILABLE: server unreachable");
+    assertThat(error.getDescription()).contains(RDS_RESOURCE_NAME);
+    assertThat(error.getDescription()).contains("UNAVAILABLE: server unreachable");
   }
 
   @SuppressWarnings("unchecked")
@@ -581,10 +608,11 @@ public void resolving_matchingVirtualHostNotFound_matchingOverrideAuthority() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, "random",
         serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(0L, Arrays.asList(virtualHost));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
@@ -605,10 +633,11 @@ public void resolving_matchingVirtualHostNotFound_notMatchingOverrideAuthority()
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, "random",
         serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
-    xdsClient.deliverLdsUpdate(0L, Arrays.asList(virtualHost));
+    xdsClient.deliverLdsUpdateOnly(0L, Arrays.asList(virtualHost));
+    fakeClock.forwardTime(15, TimeUnit.SECONDS);
     assertEmptyResolutionResult("random");
   }
 
@@ -617,7 +646,7 @@ public void resolving_matchingVirtualHostNotFoundForOverrideAuthority() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, AUTHORITY,
         serviceConfigParser, syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(0L, buildUnmatchedVirtualHosts());
@@ -702,7 +731,7 @@ public void retryPolicyInPerMethodConfigGeneratedByResolverIsValid() {
         true, 5, 5, new AutoConfiguredLoadBalancerFactory("pick-first"));
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, realParser, syncContext,
         scheduler, xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     RetryPolicy retryPolicy = RetryPolicy.create(
@@ -913,7 +942,7 @@ public void resolved_rpcHashingByChannelId() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler,
         xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
@@ -946,7 +975,7 @@ public void resolved_rpcHashingByChannelId() {
   public void resolved_routeActionHasAutoHostRewrite_emitsCallOptionForTheSame() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler, xdsClientPoolFactory, mockRandom,
-        FilterRegistry.getDefaultRegistry(), null, metricRecorder);
+        FilterRegistry.getDefaultRegistry(), null, metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
@@ -977,7 +1006,7 @@ public void resolved_routeActionHasAutoHostRewrite_emitsCallOptionForTheSame() {
   public void resolved_routeActionNoAutoHostRewrite_doesntEmitCallOptionForTheSame() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler, xdsClientPoolFactory, mockRandom,
-        FilterRegistry.getDefaultRegistry(), null, metricRecorder);
+        FilterRegistry.getDefaultRegistry(), null, metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
@@ -1190,6 +1219,20 @@ public void resolved_simpleCallSucceeds_routeToWeightedCluster() {
     assertCallSelectClusterResult(call1, configSelector, cluster1, 20.0);
   }
 
+  /** Creates and delivers both CDS and EDS updates for the given clusters. */
+  private static void createAndDeliverClusterUpdates(
+      FakeXdsClient xdsClient, String... clusterNames) {
+    for (String clusterName : clusterNames) {
+      CdsUpdate.Builder forEds = CdsUpdate
+          .forEds(clusterName, clusterName, null, null, null, null, false)
+              .roundRobinLbPolicy();
+      xdsClient.deliverCdsUpdate(clusterName, forEds.build());
+      EdsUpdate edsUpdate = new EdsUpdate(clusterName,
+          XdsTestUtils.createMinimalLbEndpointsMap("host"), Collections.emptyList());
+      xdsClient.deliverEdsUpdate(clusterName, edsUpdate);
+    }
+  }
+
   @Test
   public void resolved_simpleCallSucceeds_routeToRls() {
     when(mockRandom.nextInt(anyInt())).thenReturn(90, 10);
@@ -1305,6 +1348,7 @@ public void filterState_survivesLds() {
 
     // LDS 1.
     xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     assertClusterResolutionResult(call1, cluster1);
     ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
     // Verify that StatefulFilter with different filter names result in different Filter instances.
@@ -1359,7 +1403,7 @@ public void filterState_survivesLds() {
    * Verifies the lifecycle of HCM filter instances across RDS updates.
    *
    * <p>Filter instances:
-   *   1. Must have instantiated by the initial LDS.
+   *   1. Must have instantiated by the initial LDS/RDS.
    *   2. Must be reused by all subsequent RDS updates.
    *   3. Must be not shutdown (closed) by valid RDS updates.
    */
@@ -1371,22 +1415,19 @@ public void filterState_survivesRds() {
     // LDS 1.
     xdsClient.deliverLdsUpdateForRdsNameWithFilters(RDS_RESOURCE_NAME,
         filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
-    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
-    // Verify that StatefulFilter with different filter names result in different Filter instances.
-    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
-    // Naming: lds<LDS#>Filter<name#>
-    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
-    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
-    assertThat(lds1Filter1).isNotSameInstanceAs(lds1Filter2);
-
     // RDS 1.
     VirtualHost vhost1 = filterStateTestVhost();
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, vhost1);
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     assertClusterResolutionResult(call1, cluster1);
     // Initial RDS update should not generate Filter instances.
     ImmutableList<StatefulFilter> rds1Snapshot = statefulFilterProvider.getAllInstances();
-    assertWithMessage("RDS 1: Expected Filter instances to be reused across RDS route updates")
-        .that(rds1Snapshot).isEqualTo(lds1Snapshot);
+    // Verify that StatefulFilter with different filter names result in different Filter instances.
+    assertWithMessage("RDS 1: expected to create filter instances").that(rds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = rds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = rds1Snapshot.get(1);
+    assertThat(lds1Filter1).isNotSameInstanceAs(lds1Filter2);
 
     // RDS 2: exactly the same as RDS 1.
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, vhost1);
@@ -1394,7 +1435,7 @@ public void filterState_survivesRds() {
     ImmutableList<StatefulFilter> rds2Snapshot = statefulFilterProvider.getAllInstances();
     // Neither should any subsequent RDS updates.
     assertWithMessage("RDS 2: Expected Filter instances to be reused across RDS route updates")
-        .that(rds2Snapshot).isEqualTo(lds1Snapshot);
+        .that(rds2Snapshot).isEqualTo(rds1Snapshot);
 
     // RDS 3: Contains a per-route override for STATEFUL_1.
     VirtualHost vhost3 = filterStateTestVhost(ImmutableMap.of(
@@ -1406,7 +1447,7 @@ public void filterState_survivesRds() {
     // As with any other Route update, typed_per_filter_config overrides should not result in
     // creating new filter instances.
     assertWithMessage("RDS 3: Expected Filter instances to be reused on per-route filter overrides")
-        .that(rds3Snapshot).isEqualTo(lds1Snapshot);
+        .that(rds3Snapshot).isEqualTo(rds1Snapshot);
   }
 
   /**
@@ -1427,7 +1468,7 @@ public void filterState_specialCase_sameNameDifferentTypeUrl() {
         .register(statefulFilterProvider, altStatefulFilterProvider, ROUTER_FILTER_PROVIDER);
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler, xdsClientPoolFactory, mockRandom, filterRegistry, null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
 
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
@@ -1435,6 +1476,7 @@ public void filterState_specialCase_sameNameDifferentTypeUrl() {
 
     // LDS 1.
     xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     assertClusterResolutionResult(call1, cluster1);
     ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
     ImmutableList<StatefulFilter> lds1SnapshotAlt = altStatefulFilterProvider.getAllInstances();
@@ -1483,6 +1525,7 @@ public void filterState_shutdown_onLdsNotFound() {
 
     // LDS 1.
     xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     assertClusterResolutionResult(call1, cluster1);
     ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
     assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
@@ -1510,6 +1553,7 @@ public void filterState_shutdown_onResolverShutdown() {
 
     // LDS 1.
     xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     assertClusterResolutionResult(call1, cluster1);
     ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
     assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
@@ -1526,33 +1570,32 @@ public void filterState_shutdown_onResolverShutdown() {
   }
 
   /**
-   * Verifies that filter instances are NOT shutdown on RDS_RESOURCE_NAME not found.
+   * Verifies that all filter instances are shutdown (closed) on RDS resource not found.
    */
   @Test
-  public void filterState_shutdown_noShutdownOnRdsNotFound() {
+  public void filterState_shutdown_onRdsNotFound() {
     StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
 
     // LDS 1.
     xdsClient.deliverLdsUpdateForRdsNameWithFilters(RDS_RESOURCE_NAME,
         filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
-    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
-    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
-    // Naming: lds<LDS#>Filter<name#>
-    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
-    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
-
     // RDS 1: Standard vhost with a route.
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, filterStateTestVhost());
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     assertClusterResolutionResult(call1, cluster1);
-    assertThat(statefulFilterProvider.getAllInstances()).isEqualTo(lds1Snapshot);
+    ImmutableList<StatefulFilter> rds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("RDS 1: expected to create filter instances").that(rds1Snapshot).hasSize(2);
+    // Naming: lds<LDS#>Filter<name#>
+    StatefulFilter lds1Filter1 = rds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = rds1Snapshot.get(1);
 
     // RDS 2: RDS_RESOURCE_NAME not found.
     reset(mockListener);
     xdsClient.deliverRdsResourceNotFound(RDS_RESOURCE_NAME);
     assertEmptyResolutionResult(RDS_RESOURCE_NAME);
-    assertThat(lds1Filter1.isShutdown()).isFalse();
-    assertThat(lds1Filter2.isShutdown()).isFalse();
+    assertThat(lds1Filter1.isShutdown()).isTrue();
+    assertThat(lds1Filter2.isShutdown()).isTrue();
   }
 
   private StatefulFilter.Provider filterStateTestSetupResolver() {
@@ -1561,7 +1604,7 @@ private StatefulFilter.Provider filterStateTestSetupResolver() {
         .register(statefulFilterProvider, ROUTER_FILTER_PROVIDER);
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler, xdsClientPoolFactory, mockRandom, filterRegistry, null,
-        metricRecorder);
+        metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     return statefulFilterProvider;
   }
@@ -1762,6 +1805,7 @@ public void generateServiceConfig_forClusterManagerLoadBalancingConfig() throws
             ImmutableList.of(route1, route2, route3),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
+    createAndDeliverClusterUpdates(xdsClient, "cluster-foo", "cluster-bar", "cluster-baz");
 
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
     String expectedServiceConfigJson =
@@ -2385,6 +2429,8 @@ private class FakeXdsClient extends XdsClient {
     private String rdsResource;
     private ResourceWatcher<LdsUpdate> ldsWatcher;
     private ResourceWatcher<RdsUpdate> rdsWatcher;
+    private final Map<String, List<ResourceWatcher<CdsUpdate>>> cdsWatchers = new HashMap<>();
+    private final Map<String, List<ResourceWatcher<EdsUpdate>>> edsWatchers = new HashMap<>();
 
     @Override
     public BootstrapInfo getBootstrapInfo() {
@@ -2412,10 +2458,19 @@ public <T extends ResourceUpdate> void watchXdsResource(XdsResourceType<T> resou
           rdsResource = resourceName;
           rdsWatcher = (ResourceWatcher<RdsUpdate>) watcher;
           break;
+        case "CDS":
+          cdsWatchers.computeIfAbsent(resourceName, k -> new ArrayList<>())
+              .add((ResourceWatcher<CdsUpdate>) watcher);
+          break;
+        case "EDS":
+          edsWatchers.computeIfAbsent(resourceName, k -> new ArrayList<>())
+              .add((ResourceWatcher<EdsUpdate>) watcher);
+          break;
         default:
       }
     }
 
+    @SuppressWarnings("unchecked")
     @Override
     public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T> type,
                                                                   String resourceName,
@@ -2434,14 +2489,37 @@ public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T>
           rdsResource = null;
           rdsWatcher = null;
           break;
+        case "CDS":
+          assertThat(cdsWatchers).containsKey(resourceName);
+          assertThat(cdsWatchers.get(resourceName)).contains(watcher);
+          cdsWatchers.get(resourceName).remove((ResourceWatcher<CdsUpdate>) watcher);
+          break;
+        case "EDS":
+          assertThat(edsWatchers).containsKey(resourceName);
+          assertThat(edsWatchers.get(resourceName)).contains(watcher);
+          edsWatchers.get(resourceName).remove((ResourceWatcher<EdsUpdate>) watcher);
+          break;
         default:
       }
     }
 
+    void deliverLdsUpdateOnly(long httpMaxStreamDurationNano, List<VirtualHost> virtualHosts) {
+      syncContext.execute(() -> {
+        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            httpMaxStreamDurationNano, virtualHosts, null)));
+      });
+    }
+
     void deliverLdsUpdate(long httpMaxStreamDurationNano, List<VirtualHost> virtualHosts) {
+      List<String> clusterNames = new ArrayList<>();
+      for (VirtualHost vh : virtualHosts) {
+        clusterNames.addAll(getClusterNames(vh.routes()));
+      }
+
       syncContext.execute(() -> {
         ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
             httpMaxStreamDurationNano, virtualHosts, null)));
+        createAndDeliverClusterUpdates(this, clusterNames.toArray(new String[0]));
       });
     }
 
@@ -2450,9 +2528,14 @@ void deliverLdsUpdate(final List<Route> routes) {
           VirtualHost.create(
               "virtual-host", Collections.singletonList(expectedLdsResourceName), routes,
               ImmutableMap.of());
+      List<String> clusterNames = getClusterNames(routes);
+
       syncContext.execute(() -> {
         ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
             0L, Collections.singletonList(virtualHost), null)));
+        if (!clusterNames.isEmpty()) {
+          createAndDeliverClusterUpdates(this, clusterNames.toArray(new String[0]));
+        }
       });
     }
 
@@ -2508,6 +2591,7 @@ void deliverLdsUpdateWithFaultInjection(
       syncContext.execute(() -> {
         ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
             0L, Collections.singletonList(virtualHost), filterChain)));
+        createAndDeliverClusterUpdates(this, cluster);
       });
     }
 
@@ -2545,6 +2629,29 @@ void deliverLdsResourceNotFound() {
       });
     }
 
+    private List<String> getClusterNames(List<Route> routes) {
+      List<String> clusterNames = new ArrayList<>();
+      for (Route r : routes) {
+        if (r.routeAction() == null) {
+          continue;
+        }
+        String cluster = r.routeAction().cluster();
+        if (cluster != null) {
+          clusterNames.add(cluster);
+        } else {
+          List<ClusterWeight> weightedClusters = r.routeAction().weightedClusters();
+          if (weightedClusters == null) {
+            continue;
+          }
+          for (ClusterWeight wc : weightedClusters) {
+            clusterNames.add(wc.name());
+          }
+        }
+      }
+
+      return clusterNames;
+    }
+
     void deliverRdsUpdateWithFaultInjection(
         String resourceName, @Nullable FaultConfig virtualHostFaultConfig,
         @Nullable FaultConfig routFaultConfig, @Nullable FaultConfig weightedClusterFaultConfig) {
@@ -2581,6 +2688,7 @@ void deliverRdsUpdateWithFaultInjection(
           overrideConfig);
       syncContext.execute(() -> {
         rdsWatcher.onChanged(new RdsUpdate(Collections.singletonList(virtualHost)));
+        createAndDeliverClusterUpdates(this, cluster1);
       });
     }
 
@@ -2606,6 +2714,29 @@ void deliverRdsResourceNotFound(String resourceName) {
       });
     }
 
+    private void deliverCdsUpdate(String clusterName, CdsUpdate update) {
+      if (!cdsWatchers.containsKey(clusterName)) {
+        return;
+      }
+      syncContext.execute(() -> {
+        List<ResourceWatcher<CdsUpdate>> resourceWatchers =
+            ImmutableList.copyOf(cdsWatchers.get(clusterName));
+        resourceWatchers.forEach(w -> w.onChanged(update));
+      });
+    }
+
+    private void deliverEdsUpdate(String name, EdsUpdate update) {
+      syncContext.execute(() -> {
+        if (!edsWatchers.containsKey(name)) {
+          return;
+        }
+        List<ResourceWatcher<EdsUpdate>> resourceWatchers =
+            ImmutableList.copyOf(edsWatchers.get(name));
+        resourceWatchers.forEach(w -> w.onChanged(update));
+      });
+    }
+
+
     void deliverError(final Status error) {
       if (ldsWatcher != null) {
         syncContext.execute(() -> {
@@ -2617,6 +2748,11 @@ void deliverError(final Status error) {
           rdsWatcher.onError(error);
         });
       }
+      syncContext.execute(() -> {
+        cdsWatchers.values().stream()
+            .flatMap(List::stream)
+            .forEach(w -> w.onError(error));
+      });
     }
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index d0580ae2667..9f90777be3d 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -51,7 +51,6 @@
 import io.grpc.BindableService;
 import io.grpc.Context;
 import io.grpc.Context.CancellationListener;
-import io.grpc.Status;
 import io.grpc.StatusOr;
 import io.grpc.internal.JsonParser;
 import io.grpc.stub.StreamObserver;
@@ -281,6 +280,16 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
     return builder.build();
   }
 
+  static Map<Locality, LocalityLbEndpoints> createMinimalLbEndpointsMap(String serverHostName) {
+    Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
+    LbEndpoint lbEndpoint = LbEndpoint.create(
+        serverHostName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
+    lbEndpointsMap.put(
+        Locality.create("", "", ""),
+        LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0, ImmutableMap.of()));
+    return lbEndpointsMap;
+  }
+
   @SuppressWarnings("unchecked")
   private static ImmutableMap<String, ?> getWrrLbConfigAsMap() throws IOException {
     String lbConfigStr = "{\"wrr_locality_experimental\" : "
@@ -353,7 +362,6 @@ static Listener buildInlineClientListener(String rdsName, String clusterName, St
     return Listener.newBuilder()
         .setName(serverName)
         .setApiListener(clientListenerBuilder.build()).build();
-
   }
 
   /**
@@ -407,18 +415,4 @@ protected void sendResponse(List<String> clusters, long loadReportIntervalNano)
       responseObserver.onNext(response);
     }
   }
-
-  static class StatusMatcher implements ArgumentMatcher<Status> {
-    private final Status expectedStatus;
-
-    StatusMatcher(Status expectedStatus) {
-      this.expectedStatus = expectedStatus;
-    }
-
-    @Override
-    public boolean matches(Status status) {
-      return status != null && expectedStatus.getCode().equals(status.getCode())
-          && expectedStatus.getDescription().equals(status.getDescription());
-    }
-  }
 }

From a57c14a51ea0d1551ff2bef54844d6da8ed5c7db Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Wed, 19 Mar 2025 03:57:34 +0000
Subject: [PATCH 217/591] refactor: Stops exception allocation on channel
 shutdown

This fixes #11955.

Stops exception allocation and its propagation on channel shutdown.
---
 .../io/grpc/binder/internal/PingTracker.java  |  2 +-
 .../grpc/binder/internal/PingTrackerTest.java | 10 ++---
 .../io/grpc/internal/ClientTransport.java     |  3 +-
 .../grpc/internal/FailingClientTransport.java |  2 +-
 .../main/java/io/grpc/internal/Http2Ping.java |  9 +++--
 .../io/grpc/internal/KeepAliveManager.java    |  2 +-
 .../grpc/internal/KeepAliveManagerTest.java   |  2 +-
 .../grpc/internal/AbstractTransportTest.java  |  6 +--
 .../io/grpc/inprocess/InProcessTransport.java |  2 +-
 .../ClientTransportLifecycleManager.java      |  5 ---
 .../io/grpc/netty/NettyClientHandler.java     | 37 ++++++++++---------
 .../io/grpc/netty/NettyClientTransport.java   |  4 +-
 .../io/grpc/netty/NettyClientHandlerTest.java |  9 ++---
 .../grpc/netty/NettyClientTransportTest.java  |  4 +-
 .../io/grpc/okhttp/OkHttpClientTransport.java |  6 +--
 .../okhttp/OkHttpClientTransportTest.java     | 19 +++-------
 16 files changed, 56 insertions(+), 66 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/PingTracker.java b/binder/src/main/java/io/grpc/binder/internal/PingTracker.java
index ab20af4d6ef..5a4300443ba 100644
--- a/binder/src/main/java/io/grpc/binder/internal/PingTracker.java
+++ b/binder/src/main/java/io/grpc/binder/internal/PingTracker.java
@@ -99,7 +99,7 @@ private final class Ping {
     private synchronized void fail(Status status) {
       if (!done) {
         done = true;
-        executor.execute(() -> callback.onFailure(status.asException()));
+        executor.execute(() -> callback.onFailure(status));
       }
     }
 
diff --git a/binder/src/test/java/io/grpc/binder/internal/PingTrackerTest.java b/binder/src/test/java/io/grpc/binder/internal/PingTrackerTest.java
index 60e7c163105..c662cafe5fa 100644
--- a/binder/src/test/java/io/grpc/binder/internal/PingTrackerTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/PingTrackerTest.java
@@ -96,7 +96,7 @@ private static final class TestCallback implements ClientTransport.PingCallback
     private int numCallbacks;
     private boolean success;
     private boolean failure;
-    private Throwable failureException;
+    private Status failureStatus;
     private long roundtripTimeNanos;
 
     @Override
@@ -107,10 +107,10 @@ public synchronized void onSuccess(long roundtripTimeNanos) {
     }
 
     @Override
-    public synchronized void onFailure(Throwable failureException) {
+    public synchronized void onFailure(Status failureStatus) {
       numCallbacks += 1;
       failure = true;
-      this.failureException = failureException;
+      this.failureStatus = failureStatus;
     }
 
     public void assertNotCalled() {
@@ -130,13 +130,13 @@ public void assertSuccess(long expectRoundTripTimeNanos) {
     public void assertFailure(Status status) {
       assertThat(numCallbacks).isEqualTo(1);
       assertThat(failure).isTrue();
-      assertThat(((StatusException) failureException).getStatus()).isSameInstanceAs(status);
+      assertThat(failureStatus).isSameInstanceAs(status);
     }
 
     public void assertFailure(Status.Code statusCode) {
       assertThat(numCallbacks).isEqualTo(1);
       assertThat(failure).isTrue();
-      assertThat(((StatusException) failureException).getStatus().getCode()).isEqualTo(statusCode);
+      assertThat(failureStatus.getCode()).isEqualTo(statusCode);
     }
   }
 }
diff --git a/core/src/main/java/io/grpc/internal/ClientTransport.java b/core/src/main/java/io/grpc/internal/ClientTransport.java
index 98041cc6e79..fd0f30b8bf1 100644
--- a/core/src/main/java/io/grpc/internal/ClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/ClientTransport.java
@@ -22,6 +22,7 @@
 import io.grpc.InternalInstrumented;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.Status;
 import java.util.concurrent.Executor;
 import javax.annotation.concurrent.ThreadSafe;
 
@@ -90,6 +91,6 @@ interface PingCallback {
      *
      * @param cause the cause of the ping failure
      */
-    void onFailure(Throwable cause);
+    void onFailure(Status cause);
   }
 }
diff --git a/core/src/main/java/io/grpc/internal/FailingClientTransport.java b/core/src/main/java/io/grpc/internal/FailingClientTransport.java
index 5b31e6e5073..37194c46a29 100644
--- a/core/src/main/java/io/grpc/internal/FailingClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/FailingClientTransport.java
@@ -55,7 +55,7 @@ public ClientStream newStream(
   public void ping(final PingCallback callback, Executor executor) {
     executor.execute(new Runnable() {
         @Override public void run() {
-          callback.onFailure(error.asException());
+          callback.onFailure(error);
         }
       });
   }
diff --git a/core/src/main/java/io/grpc/internal/Http2Ping.java b/core/src/main/java/io/grpc/internal/Http2Ping.java
index d96ac3ef214..e3520295625 100644
--- a/core/src/main/java/io/grpc/internal/Http2Ping.java
+++ b/core/src/main/java/io/grpc/internal/Http2Ping.java
@@ -18,6 +18,7 @@
 
 import com.google.common.base.Stopwatch;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
+import io.grpc.Status;
 import io.grpc.internal.ClientTransport.PingCallback;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -62,7 +63,7 @@ public class Http2Ping {
   /**
    * If non-null, indicates the ping failed.
    */
-  @GuardedBy("this") private Throwable failureCause;
+  @GuardedBy("this") private Status failureCause;
 
   /**
    * The round-trip time for the ping, in nanoseconds. This value is only meaningful when
@@ -144,7 +145,7 @@ public boolean complete() {
    *
    * @param failureCause the cause of failure
    */
-  public void failed(Throwable failureCause) {
+  public void failed(Status failureCause) {
     Map<ClientTransport.PingCallback, Executor> callbacks;
     synchronized (this) {
       if (completed) {
@@ -167,7 +168,7 @@ public void failed(Throwable failureCause) {
    * @param executor the executor used to invoke the callback
    * @param cause the cause of failure
    */
-  public static void notifyFailed(PingCallback callback, Executor executor, Throwable cause) {
+  public static void notifyFailed(PingCallback callback, Executor executor, Status cause) {
     doExecute(executor, asRunnable(callback, cause));
   }
 
@@ -203,7 +204,7 @@ public void run() {
    * failure.
    */
   private static Runnable asRunnable(final ClientTransport.PingCallback callback,
-                                     final Throwable failureCause) {
+                                     final Status failureCause) {
     return new Runnable() {
       @Override
       public void run() {
diff --git a/core/src/main/java/io/grpc/internal/KeepAliveManager.java b/core/src/main/java/io/grpc/internal/KeepAliveManager.java
index aed590c3051..d831a096087 100644
--- a/core/src/main/java/io/grpc/internal/KeepAliveManager.java
+++ b/core/src/main/java/io/grpc/internal/KeepAliveManager.java
@@ -275,7 +275,7 @@ public void ping() {
         public void onSuccess(long roundTripTimeNanos) {}
 
         @Override
-        public void onFailure(Throwable cause) {
+        public void onFailure(Status cause) {
           transport.shutdownNow(Status.UNAVAILABLE.withDescription(
               "Keepalive failed. The connection is likely gone"));
         }
diff --git a/core/src/test/java/io/grpc/internal/KeepAliveManagerTest.java b/core/src/test/java/io/grpc/internal/KeepAliveManagerTest.java
index 411a9fbe9fc..3cf7bfcedfe 100644
--- a/core/src/test/java/io/grpc/internal/KeepAliveManagerTest.java
+++ b/core/src/test/java/io/grpc/internal/KeepAliveManagerTest.java
@@ -127,7 +127,7 @@ public void clientKeepAlivePinger_pingFailure() {
     verify(transport).ping(pingCallbackCaptor.capture(), isA(Executor.class));
     ClientTransport.PingCallback pingCallback = pingCallbackCaptor.getValue();
 
-    pingCallback.onFailure(new Throwable());
+    pingCallback.onFailure(Status.UNAVAILABLE.withDescription("I must write descriptions"));
 
     ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
     verify(transport).shutdownNow(statusCaptor.capture());
diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index aea7ff49032..4a518895db6 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -181,7 +181,7 @@ public void log(ChannelLogLevel level, String messageFormat, Object... args) {}
   protected ManagedClientTransport.Listener mockClientTransportListener
       = mock(ManagedClientTransport.Listener.class);
   protected MockServerListener serverListener = new MockServerListener();
-  private ArgumentCaptor<Throwable> throwableCaptor = ArgumentCaptor.forClass(Throwable.class);
+  private ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
   protected final TestClientStreamTracer clientStreamTracer1 = new TestHeaderClientStreamTracer();
   private final TestClientStreamTracer clientStreamTracer2 = new TestHeaderClientStreamTracer();
   protected final ClientStreamTracer[] tracers = new ClientStreamTracer[] {
@@ -626,8 +626,8 @@ public void ping_afterTermination() throws Exception {
       // Transport doesn't support ping, so this neither passes nor fails.
       assumeTrue(false);
     }
-    verify(mockPingCallback, timeout(TIMEOUT_MS)).onFailure(throwableCaptor.capture());
-    Status status = Status.fromThrowable(throwableCaptor.getValue());
+    verify(mockPingCallback, timeout(TIMEOUT_MS)).onFailure(statusCaptor.capture());
+    Status status = statusCaptor.getValue();
     assertSame(shutdownReason, status);
   }
 
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index 39ebe6e0ab7..e294b4eb63f 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -246,7 +246,7 @@ public synchronized void ping(final PingCallback callback, Executor executor) {
       executor.execute(new Runnable() {
         @Override
         public void run() {
-          callback.onFailure(shutdownStatus.asRuntimeException());
+          callback.onFailure(shutdownStatus);
         }
       });
     } else {
diff --git a/netty/src/main/java/io/grpc/netty/ClientTransportLifecycleManager.java b/netty/src/main/java/io/grpc/netty/ClientTransportLifecycleManager.java
index 34f72ab97bd..b4e53d5568c 100644
--- a/netty/src/main/java/io/grpc/netty/ClientTransportLifecycleManager.java
+++ b/netty/src/main/java/io/grpc/netty/ClientTransportLifecycleManager.java
@@ -30,7 +30,6 @@ final class ClientTransportLifecycleManager {
   /** null iff !transportShutdown. */
   private Status shutdownStatus;
   /** null iff !transportShutdown. */
-  private Throwable shutdownThrowable;
   private boolean transportTerminated;
 
   public ClientTransportLifecycleManager(ManagedClientTransport.Listener listener) {
@@ -72,7 +71,6 @@ public boolean notifyShutdown(Status s) {
       return false;
     }
     shutdownStatus = s;
-    shutdownThrowable = s.asException();
     return true;
   }
 
@@ -97,7 +95,4 @@ public Status getShutdownStatus() {
     return shutdownStatus;
   }
 
-  public Throwable getShutdownThrowable() {
-    return shutdownThrowable;
-  }
 }
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
index 19f1903c0b5..a5fa0f80077 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -499,7 +499,7 @@ public void channelInactive(ChannelHandlerContext ctx) throws Exception {
         streamStatus = lifecycleManager.getShutdownStatus();
       }
       try {
-        cancelPing(lifecycleManager.getShutdownThrowable());
+        cancelPing(lifecycleManager.getShutdownStatus());
         // Report status to the application layer for any open streams
         connection().forEachActiveStream(new Http2StreamVisitor() {
           @Override
@@ -593,13 +593,14 @@ protected boolean isGracefulShutdownComplete() {
    */
   private void createStream(CreateStreamCommand command, ChannelPromise promise)
           throws Exception {
-    if (lifecycleManager.getShutdownThrowable() != null) {
+    if (lifecycleManager.getShutdownStatus() != null) {
       command.stream().setNonExistent();
       // The connection is going away (it is really the GOAWAY case),
       // just terminate the stream now.
       command.stream().transportReportStatus(
           lifecycleManager.getShutdownStatus(), RpcProgress.MISCARRIED, true, new Metadata());
-      promise.setFailure(lifecycleManager.getShutdownThrowable());
+      promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+              lifecycleManager.getShutdownStatus(), null));
       return;
     }
 
@@ -852,19 +853,21 @@ private void sendPingFrameTraced(ChannelHandlerContext ctx, SendPingCommand msg,
       public void operationComplete(ChannelFuture future) throws Exception {
         if (future.isSuccess()) {
           transportTracer.reportKeepAliveSent();
-        } else {
-          Throwable cause = future.cause();
-          if (cause instanceof ClosedChannelException) {
-            cause = lifecycleManager.getShutdownThrowable();
-            if (cause == null) {
-              cause = Status.UNKNOWN.withDescription("Ping failed but for unknown reason.")
-                  .withCause(future.cause()).asException();
-            }
-          }
-          finalPing.failed(cause);
-          if (ping == finalPing) {
-            ping = null;
+          return;
+        }
+        Throwable cause = future.cause();
+        Status status = lifecycleManager.getShutdownStatus();
+        if (cause instanceof ClosedChannelException) {
+          if (status == null) {
+            status = Status.UNKNOWN.withDescription("Ping failed but for unknown reason.")
+                    .withCause(future.cause());
           }
+        } else {
+          status = Utils.statusFromThrowable(cause);
+        }
+        finalPing.failed(status);
+        if (ping == finalPing) {
+          ping = null;
         }
       }
     });
@@ -963,9 +966,9 @@ public boolean visit(Http2Stream stream) throws Http2Exception {
     }
   }
 
-  private void cancelPing(Throwable t) {
+  private void cancelPing(Status s) {
     if (ping != null) {
-      ping.failed(t);
+      ping.failed(s);
       ping = null;
     }
   }
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
index 86d8991ba95..e03989e9906 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
@@ -165,7 +165,7 @@ public void ping(final PingCallback callback, final Executor executor) {
       executor.execute(new Runnable() {
         @Override
         public void run() {
-          callback.onFailure(statusExplainingWhyTheChannelIsNull.asException());
+          callback.onFailure(statusExplainingWhyTheChannelIsNull);
         }
       });
       return;
@@ -177,7 +177,7 @@ public void run() {
       public void operationComplete(ChannelFuture future) throws Exception {
         if (!future.isSuccess()) {
           Status s = statusFromFailedFuture(future);
-          Http2Ping.notifyFailed(callback, executor, s.asException());
+          Http2Ping.notifyFailed(callback, executor, s);
         }
       }
     };
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index 945c6c1267a..f8fbeea9b82 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -59,7 +59,6 @@
 import io.grpc.CallOptions;
 import io.grpc.Metadata;
 import io.grpc.Status;
-import io.grpc.StatusException;
 import io.grpc.internal.AbstractStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientStreamListener.RpcProgress;
@@ -812,9 +811,7 @@ public void ping_failsWhenChannelCloses() throws Exception {
     handler().channelInactive(ctx());
     // ping failed on channel going inactive
     assertEquals(1, callback.invocationCount);
-    assertTrue(callback.failureCause instanceof StatusException);
-    assertEquals(Status.Code.UNAVAILABLE,
-        ((StatusException) callback.failureCause).getStatus().getCode());
+    assertEquals(Status.Code.UNAVAILABLE, callback.failureCause.getCode());
     // A failed ping is still counted
     assertEquals(1, transportTracer.getStats().keepAlivesSent);
   }
@@ -1169,7 +1166,7 @@ private static CreateStreamCommand newCreateStreamCommand(
   private static class PingCallbackImpl implements ClientTransport.PingCallback {
     int invocationCount;
     long roundTripTime;
-    Throwable failureCause;
+    Status failureCause;
 
     @Override
     public void onSuccess(long roundTripTimeNanos) {
@@ -1178,7 +1175,7 @@ public void onSuccess(long roundTripTimeNanos) {
     }
 
     @Override
-    public void onFailure(Throwable cause) {
+    public void onFailure(Status cause) {
       invocationCount++;
       this.failureCause = cause;
     }
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index 9b3b2e386d3..65683dd8396 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -548,8 +548,8 @@ public void onSuccess(long roundTripTimeNanos) {
       }
 
       @Override
-      public void onFailure(Throwable cause) {
-        pingResult.setException(cause);
+      public void onFailure(Status cause) {
+        pingResult.setException(cause.asException());
       }
     };
     transport.ping(pingCallback, clock.getScheduledExecutorService());
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index 055d6e08161..7c107188518 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -1062,12 +1062,12 @@ private void setInUse(OkHttpClientStream stream) {
     }
   }
 
-  private Throwable getPingFailure() {
+  private Status getPingFailure() {
     synchronized (lock) {
       if (goAwayStatus != null) {
-        return goAwayStatus.asException();
+        return goAwayStatus;
       } else {
-        return Status.UNAVAILABLE.withDescription("Connection closed").asException();
+        return Status.UNAVAILABLE.withDescription("Connection closed");
       }
     }
   }
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
index daf5073992e..826dee8e2b4 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
@@ -67,7 +67,6 @@
 import io.grpc.MethodDescriptor.MethodType;
 import io.grpc.Status;
 import io.grpc.Status.Code;
-import io.grpc.StatusException;
 import io.grpc.internal.AbstractStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientTransport;
@@ -1664,16 +1663,14 @@ public void ping_failsWhenTransportShutdown() throws Exception {
     clientTransport.shutdown(SHUTDOWN_REASON);
     // ping failed on channel shutdown
     assertEquals(1, callback.invocationCount);
-    assertTrue(callback.failureCause instanceof StatusException);
-    assertSame(SHUTDOWN_REASON, ((StatusException) callback.failureCause).getStatus());
+    assertSame(SHUTDOWN_REASON, callback.failureCause);
 
     // now that handler is in terminal state, all future pings fail immediately
     callback = new PingCallbackImpl();
     clientTransport.ping(callback, MoreExecutors.directExecutor());
     assertEquals(1, getTransportStats(clientTransport).keepAlivesSent);
     assertEquals(1, callback.invocationCount);
-    assertTrue(callback.failureCause instanceof StatusException);
-    assertSame(SHUTDOWN_REASON, ((StatusException) callback.failureCause).getStatus());
+    assertSame(SHUTDOWN_REASON, callback.failureCause);
     shutdownAndVerify();
   }
 
@@ -1688,18 +1685,14 @@ public void ping_failsIfTransportFails() throws Exception {
     clientTransport.onException(new IOException());
     // ping failed on error
     assertEquals(1, callback.invocationCount);
-    assertTrue(callback.failureCause instanceof StatusException);
-    assertEquals(Status.Code.UNAVAILABLE,
-        ((StatusException) callback.failureCause).getStatus().getCode());
+    assertEquals(Status.Code.UNAVAILABLE, callback.failureCause.getCode());
 
     // now that handler is in terminal state, all future pings fail immediately
     callback = new PingCallbackImpl();
     clientTransport.ping(callback, MoreExecutors.directExecutor());
     assertEquals(1, getTransportStats(clientTransport).keepAlivesSent);
     assertEquals(1, callback.invocationCount);
-    assertTrue(callback.failureCause instanceof StatusException);
-    assertEquals(Status.Code.UNAVAILABLE,
-        ((StatusException) callback.failureCause).getStatus().getCode());
+    assertEquals(Status.Code.UNAVAILABLE, callback.failureCause.getCode());
     shutdownAndVerify();
   }
 
@@ -2385,7 +2378,7 @@ public InputStream getInputStream() {
   static class PingCallbackImpl implements ClientTransport.PingCallback {
     int invocationCount;
     long roundTripTime;
-    Throwable failureCause;
+    Status failureCause;
 
     @Override
     public void onSuccess(long roundTripTimeNanos) {
@@ -2394,7 +2387,7 @@ public void onSuccess(long roundTripTimeNanos) {
     }
 
     @Override
-    public void onFailure(Throwable cause) {
+    public void onFailure(Status cause) {
       invocationCount++;
       this.failureCause = cause;
     }

From bc3c7640588e5bc4ee4175f36a05ba59f67d0415 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 18 Mar 2025 15:17:13 -0700
Subject: [PATCH 218/591] xds: Include XdsConfig as a CallOption

This allows Filters to access the xds configuration for their own
processing. From gRFC A83:

> This data is available via the XdsConfig attribute introduced in A74.
> If the xDS ConfigSelector is not already passing that attribute to the
> filters, it will need to be changed to do so.
---
 xds/src/main/java/io/grpc/xds/XdsNameResolver.java | 14 +++++++++++---
 .../test/java/io/grpc/xds/XdsNameResolverTest.java |  4 ++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 5c1b3105c45..123d3a77172 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -94,6 +94,8 @@ final class XdsNameResolver extends NameResolver {
 
   static final CallOptions.Key<String> CLUSTER_SELECTION_KEY =
       CallOptions.Key.create("io.grpc.xds.CLUSTER_SELECTION_KEY");
+  static final CallOptions.Key<XdsConfig> XDS_CONFIG_CALL_OPTION_KEY =
+      CallOptions.Key.create("io.grpc.xds.XDS_CONFIG_CALL_OPTION_KEY");
   static final CallOptions.Key<Long> RPC_HASH_KEY =
       CallOptions.Key.create("io.grpc.xds.RPC_HASH_KEY");
   static final CallOptions.Key<Boolean> AUTO_HOST_REWRITE_KEY =
@@ -467,6 +469,7 @@ public Result selectConfig(PickSubchannelArgs args) {
                 "Failed to parse service config (method config)"));
       }
       final String finalCluster = cluster;
+      final XdsConfig xdsConfig = routingCfg.xdsConfig;
       final long hash = generateHash(routeAction.hashPolicies(), headers);
       class ClusterSelectionInterceptor implements ClientInterceptor {
         @Override
@@ -475,6 +478,7 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
             final Channel next) {
           CallOptions callOptionsForCluster =
               callOptions.withOption(CLUSTER_SELECTION_KEY, finalCluster)
+                  .withOption(XDS_CONFIG_CALL_OPTION_KEY, xdsConfig)
                   .withOption(RPC_HASH_KEY, hash);
           if (routeAction.autoHostRewrite()) {
             callOptionsForCluster = callOptionsForCluster.withOption(AUTO_HOST_REWRITE_KEY, true);
@@ -801,7 +805,7 @@ private void updateRoutes(
       }
       // Make newly added clusters selectable by config selector and deleted clusters no longer
       // selectable.
-      routingConfig = new RoutingConfig(httpMaxStreamDurationNano, routesData.build());
+      routingConfig = new RoutingConfig(xdsConfig, httpMaxStreamDurationNano, routesData.build());
       for (String cluster : deletedClusters) {
         int count = clusterRefs.get(cluster).refCount.decrementAndGet();
         if (count == 0) {
@@ -879,17 +883,21 @@ private void cleanUpRoutes(Status error) {
    * VirtualHost-level configuration for request routing.
    */
   private static class RoutingConfig {
-    private final long fallbackTimeoutNano;
+    final XdsConfig xdsConfig;
+    final long fallbackTimeoutNano;
     final ImmutableList<RouteData> routes;
     final Status errorStatus;
 
-    private RoutingConfig(long fallbackTimeoutNano, ImmutableList<RouteData> routes) {
+    private RoutingConfig(
+        XdsConfig xdsConfig, long fallbackTimeoutNano, ImmutableList<RouteData> routes) {
+      this.xdsConfig = checkNotNull(xdsConfig, "xdsConfig");
       this.fallbackTimeoutNano = fallbackTimeoutNano;
       this.routes = checkNotNull(routes, "routes");
       this.errorStatus = null;
     }
 
     private RoutingConfig(Status errorStatus) {
+      this.xdsConfig = null;
       this.fallbackTimeoutNano = 0;
       this.routes = null;
       this.errorStatus = checkNotNull(errorStatus, "errorStatus");
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 7425e3e31de..371c4213738 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -1672,6 +1672,10 @@ private void assertCallSelectClusterResult(
     clientCall.start(new NoopClientCallListener<>(), new Metadata());
     assertThat(testCall.callOptions.getOption(XdsNameResolver.CLUSTER_SELECTION_KEY))
         .isEqualTo("cluster:" + expectedCluster);
+    XdsConfig xdsConfig =
+        testCall.callOptions.getOption(XdsNameResolver.XDS_CONFIG_CALL_OPTION_KEY);
+    assertThat(xdsConfig).isNotNull();
+    assertThat(xdsConfig.getClusters()).containsKey(expectedCluster); // Without "cluster:" prefix
     @SuppressWarnings("unchecked")
     Map<String, ?> config = (Map<String, ?>) result.getConfig();
     if (expectedTimeoutSec != null) {

From bb120a8cbb9de63d1514ac8c6a52568d946a60a7 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 5 Mar 2025 13:29:55 -0800
Subject: [PATCH 219/591] xds: Assert XdsNR's cluster ref counting is
 consistent

It is much harder to debug refcounting problems when we ignore
impossible situations. So make such impossible cases complain loudly so
the bug is obvious.
---
 .../main/java/io/grpc/xds/XdsNameResolver.java | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 123d3a77172..bbe36bdd744 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -537,17 +537,21 @@ private boolean retainCluster(String cluster) {
 
     private void releaseCluster(final String cluster) {
       int count = clusterRefs.get(cluster).refCount.decrementAndGet();
+      if (count < 0) {
+        throw new AssertionError();
+      }
       if (count == 0) {
         syncContext.execute(new Runnable() {
           @Override
           public void run() {
-            if (clusterRefs.get(cluster).refCount.get() == 0) {
-              clusterRefs.remove(cluster);
-              if (resolveState.lastConfigOrStatus.hasValue()) {
-                updateResolutionResult(resolveState.lastConfigOrStatus.getValue());
-              } else {
-                resolveState.cleanUpRoutes(resolveState.lastConfigOrStatus.getStatus());
-              }
+            if (clusterRefs.get(cluster).refCount.get() != 0) {
+              throw new AssertionError();
+            }
+            clusterRefs.remove(cluster);
+            if (resolveState.lastConfigOrStatus.hasValue()) {
+              updateResolutionResult(resolveState.lastConfigOrStatus.getValue());
+            } else {
+              resolveState.cleanUpRoutes(resolveState.lastConfigOrStatus.getStatus());
             }
           }
         });

From d2d72cda83256919a49432a792192c9313d171cb Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 20 Mar 2025 22:31:16 -0700
Subject: [PATCH 220/591] xds: Expose filter names to filter instances (#11971)

This is to support gRFC A83 xDS GCP Authentication Filter:
> Otherwise, the filter will look in the CDS resource's metadata for a
> key corresponding to the filter's instance name.
---
 xds/src/main/java/io/grpc/xds/FaultFilter.java         |  2 +-
 xds/src/main/java/io/grpc/xds/Filter.java              |  2 +-
 .../main/java/io/grpc/xds/GcpAuthenticationFilter.java |  2 +-
 xds/src/main/java/io/grpc/xds/InternalRbacFilter.java  |  2 +-
 xds/src/main/java/io/grpc/xds/RbacFilter.java          |  2 +-
 xds/src/main/java/io/grpc/xds/RouterFilter.java        |  2 +-
 xds/src/main/java/io/grpc/xds/XdsNameResolver.java     |  3 ++-
 xds/src/main/java/io/grpc/xds/XdsServerWrapper.java    |  3 ++-
 .../java/io/grpc/xds/GrpcXdsClientImplDataTest.java    |  2 +-
 xds/src/test/java/io/grpc/xds/RbacFilterTest.java      | 10 ++++++----
 xds/src/test/java/io/grpc/xds/StatefulFilter.java      |  2 +-
 xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java |  2 +-
 .../test/java/io/grpc/xds/XdsServerWrapperTest.java    |  4 ++--
 13 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/FaultFilter.java b/xds/src/main/java/io/grpc/xds/FaultFilter.java
index 2012fd36b62..0f3bb5b0557 100644
--- a/xds/src/main/java/io/grpc/xds/FaultFilter.java
+++ b/xds/src/main/java/io/grpc/xds/FaultFilter.java
@@ -99,7 +99,7 @@ public boolean isClientFilter() {
     }
 
     @Override
-    public FaultFilter newInstance() {
+    public FaultFilter newInstance(String name) {
       return INSTANCE;
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/Filter.java b/xds/src/main/java/io/grpc/xds/Filter.java
index aa326b55ad7..416d929becf 100644
--- a/xds/src/main/java/io/grpc/xds/Filter.java
+++ b/xds/src/main/java/io/grpc/xds/Filter.java
@@ -87,7 +87,7 @@ default boolean isServerFilter() {
      *   <li>Filter name+typeUrl in FilterChain's HCM.http_filters.</li>
      * </ol>
      */
-    Filter newInstance();
+    Filter newInstance(String name);
 
     /**
      * Parses the top-level filter config from raw proto message. The message may be either a {@link
diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index 41687817c47..add885c6416 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -64,7 +64,7 @@ public boolean isClientFilter() {
     }
 
     @Override
-    public GcpAuthenticationFilter newInstance() {
+    public GcpAuthenticationFilter newInstance(String name) {
       return new GcpAuthenticationFilter();
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/InternalRbacFilter.java b/xds/src/main/java/io/grpc/xds/InternalRbacFilter.java
index cedb3f4c85b..476adbf9cfd 100644
--- a/xds/src/main/java/io/grpc/xds/InternalRbacFilter.java
+++ b/xds/src/main/java/io/grpc/xds/InternalRbacFilter.java
@@ -33,7 +33,7 @@ public static ServerInterceptor createInterceptor(RBAC rbac) {
       throw new IllegalArgumentException(
         String.format("Failed to parse Rbac policy: %s", filterConfig.errorDetail));
     }
-    return new RbacFilter.Provider().newInstance()
+    return new RbacFilter.Provider().newInstance("internalRbacFilter")
         .buildServerInterceptor(filterConfig.config, null);
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/RbacFilter.java b/xds/src/main/java/io/grpc/xds/RbacFilter.java
index 2bc4eeb846b..d91884735e9 100644
--- a/xds/src/main/java/io/grpc/xds/RbacFilter.java
+++ b/xds/src/main/java/io/grpc/xds/RbacFilter.java
@@ -89,7 +89,7 @@ public boolean isServerFilter() {
     }
 
     @Override
-    public RbacFilter newInstance() {
+    public RbacFilter newInstance(String name) {
       return INSTANCE;
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/RouterFilter.java b/xds/src/main/java/io/grpc/xds/RouterFilter.java
index 939bd0b12ab..504c4213149 100644
--- a/xds/src/main/java/io/grpc/xds/RouterFilter.java
+++ b/xds/src/main/java/io/grpc/xds/RouterFilter.java
@@ -56,7 +56,7 @@ public boolean isServerFilter() {
     }
 
     @Override
-    public RouterFilter newInstance() {
+    public RouterFilter newInstance(String name) {
       return INSTANCE;
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index bbe36bdd744..7704a4a09db 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -704,7 +704,8 @@ private void updateActiveFilters(@Nullable List<NamedFilterConfig> filterConfigs
 
         Filter.Provider provider = filterRegistry.get(typeUrl);
         checkNotNull(provider, "provider %s", typeUrl);
-        Filter filter = activeFilters.computeIfAbsent(filterKey, k -> provider.newInstance());
+        Filter filter = activeFilters.computeIfAbsent(
+            filterKey, k -> provider.newInstance(namedFilter.name));
         checkNotNull(filter, "filter %s", filterKey);
         filtersToShutdown.remove(filterKey);
       }
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index e0185974861..6625bd8178a 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -560,7 +560,8 @@ private void updateActiveFiltersForChain(
 
         Filter.Provider provider = filterRegistry.get(typeUrl);
         checkNotNull(provider, "provider %s", typeUrl);
-        Filter filter = chainFilters.computeIfAbsent(filterKey, k -> provider.newInstance());
+        Filter filter = chainFilters.computeIfAbsent(
+            filterKey, k -> provider.newInstance(namedFilter.name));
         checkNotNull(filter, "filter %s", filterKey);
         filtersToShutdown.remove(filterKey);
       }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 90b83320d63..bfaa17245cf 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -1267,7 +1267,7 @@ public boolean isClientFilter() {
       }
 
       @Override
-      public TestFilter newInstance() {
+      public TestFilter newInstance(String name) {
         return new TestFilter();
       }
 
diff --git a/xds/src/test/java/io/grpc/xds/RbacFilterTest.java b/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
index 7f195693d84..334e159dd1d 100644
--- a/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/RbacFilterTest.java
@@ -80,6 +80,8 @@ public class RbacFilterTest {
           StringMatcher.newBuilder().setExact("/" + PATH).setIgnoreCase(true).build();
   private static final RbacFilter.Provider FILTER_PROVIDER = new RbacFilter.Provider();
 
+  private final String name = "theFilterName";
+
   @Test
   public void filterType_serverOnly() {
     assertThat(FILTER_PROVIDER.isClientFilter()).isFalse();
@@ -259,7 +261,7 @@ public void testAuthorizationInterceptor() {
             OrMatcher.create(AlwaysTrueMatcher.INSTANCE));
     AuthConfig authconfig = AuthConfig.create(Collections.singletonList(policyMatcher),
             GrpcAuthorizationEngine.Action.ALLOW);
-    FILTER_PROVIDER.newInstance().buildServerInterceptor(RbacConfig.create(authconfig), null)
+    FILTER_PROVIDER.newInstance(name).buildServerInterceptor(RbacConfig.create(authconfig), null)
             .interceptCall(mockServerCall, new Metadata(), mockHandler);
     verify(mockHandler, never()).startCall(eq(mockServerCall), any(Metadata.class));
     ArgumentCaptor<Status> captor = ArgumentCaptor.forClass(Status.class);
@@ -271,7 +273,7 @@ public void testAuthorizationInterceptor() {
 
     authconfig = AuthConfig.create(Collections.singletonList(policyMatcher),
             GrpcAuthorizationEngine.Action.DENY);
-    FILTER_PROVIDER.newInstance().buildServerInterceptor(RbacConfig.create(authconfig), null)
+    FILTER_PROVIDER.newInstance(name).buildServerInterceptor(RbacConfig.create(authconfig), null)
             .interceptCall(mockServerCall, new Metadata(), mockHandler);
     verify(mockHandler).startCall(eq(mockServerCall), any(Metadata.class));
   }
@@ -322,7 +324,7 @@ public void overrideConfig() {
     RbacConfig override = FILTER_PROVIDER.parseFilterConfigOverride(Any.pack(rbacPerRoute)).config;
     assertThat(override).isEqualTo(RbacConfig.create(null));
     ServerInterceptor interceptor =
-        FILTER_PROVIDER.newInstance().buildServerInterceptor(original, override);
+        FILTER_PROVIDER.newInstance(name).buildServerInterceptor(original, override);
     assertThat(interceptor).isNull();
 
     policyMatcher = PolicyMatcher.create("policy-matcher-override",
@@ -332,7 +334,7 @@ public void overrideConfig() {
             GrpcAuthorizationEngine.Action.ALLOW);
     override = RbacConfig.create(authconfig);
 
-    FILTER_PROVIDER.newInstance().buildServerInterceptor(original, override)
+    FILTER_PROVIDER.newInstance(name).buildServerInterceptor(original, override)
             .interceptCall(mockServerCall, new Metadata(), mockHandler);
     verify(mockHandler).startCall(eq(mockServerCall), any(Metadata.class));
     verify(mockServerCall).getAttributes();
diff --git a/xds/src/test/java/io/grpc/xds/StatefulFilter.java b/xds/src/test/java/io/grpc/xds/StatefulFilter.java
index 162dd380daf..4ef662c7ccd 100644
--- a/xds/src/test/java/io/grpc/xds/StatefulFilter.java
+++ b/xds/src/test/java/io/grpc/xds/StatefulFilter.java
@@ -108,7 +108,7 @@ public boolean isServerFilter() {
     }
 
     @Override
-    public synchronized StatefulFilter newInstance() {
+    public synchronized StatefulFilter newInstance(String name) {
       StatefulFilter filter = new StatefulFilter(counter++);
       instances.put(filter.idx, filter);
       return filter;
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 371c4213738..622084d4306 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -219,7 +219,7 @@ public void setUp() {
     // Lenient: suppress [MockitoHint] Unused warning, only used in resolved_fault* tests.
     lenient()
         .doReturn(new FaultFilter(mockRandom, new AtomicLong()))
-        .when(faultFilterProvider).newInstance();
+        .when(faultFilterProvider).newInstance(any(String.class));
 
     FilterRegistry filterRegistry = FilterRegistry.newRegistry().register(
         ROUTER_FILTER_PROVIDER,
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
index b866e10c559..e5f0f44cbae 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
@@ -1135,7 +1135,7 @@ public void run() {
     Filter.Provider filterProvider = mock(Filter.Provider.class);
     when(filterProvider.typeUrls()).thenReturn(new String[]{"filter-type-url"});
     when(filterProvider.isServerFilter()).thenReturn(true);
-    when(filterProvider.newInstance()).thenReturn(filter);
+    when(filterProvider.newInstance(any(String.class))).thenReturn(filter);
     filterRegistry.register(filterProvider);
 
     FilterConfig f0 = mock(FilterConfig.class);
@@ -1208,7 +1208,7 @@ public void run() {
     Filter.Provider filterProvider = mock(Filter.Provider.class);
     when(filterProvider.typeUrls()).thenReturn(new String[]{"filter-type-url"});
     when(filterProvider.isServerFilter()).thenReturn(true);
-    when(filterProvider.newInstance()).thenReturn(filter);
+    when(filterProvider.newInstance(any(String.class))).thenReturn(filter);
     filterRegistry.register(filterProvider);
 
     FilterConfig f0 = mock(FilterConfig.class);

From d60e6fc251d0c5c65b9e52e9ce1a84d3ec17c159 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Fri, 21 Mar 2025 09:30:24 +0200
Subject: [PATCH 221/591] Replace usages of deprecated ExpectedException in
 grpc-api and grpc-core (#11962)

---
 api/build.gradle                              |  1 +
 api/src/test/java/io/grpc/MetadataTest.java   | 35 +++++--------
 .../java/io/grpc/MethodDescriptorTest.java    |  6 ---
 .../java/io/grpc/ServerInterceptorsTest.java  | 18 +++----
 .../io/grpc/ServerServiceDefinitionTest.java  | 19 ++-----
 .../java/io/grpc/ServiceDescriptorTest.java   | 51 +++++++++----------
 .../internal/AbstractClientStreamTest.java    | 23 +++------
 .../internal/AbstractServerStreamTest.java    | 30 ++++-------
 .../ConnectivityStateManagerTest.java         |  8 +--
 .../io/grpc/internal/DnsNameResolverTest.java | 28 +++++-----
 .../java/io/grpc/internal/GrpcUtilTest.java   | 23 ++++-----
 .../grpc/internal/InternalSubchannelTest.java | 13 ++---
 .../java/io/grpc/internal/JsonParserTest.java | 51 ++++++-------------
 .../ManagedChannelImplBuilderTest.java        | 33 +++++-------
 .../ManagedChannelServiceConfigTest.java      | 49 +++++++-----------
 .../io/grpc/internal/MessageDeframerTest.java | 32 +++++-------
 .../io/grpc/internal/ServerCallImplTest.java  | 42 ++++++++-------
 .../java/io/grpc/internal/ServerImplTest.java | 16 +++---
 .../grpc/internal/AbstractTransportTest.java  | 10 +---
 19 files changed, 185 insertions(+), 303 deletions(-)

diff --git a/api/build.gradle b/api/build.gradle
index dc3eaea3f4e..415a17f61f8 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -47,6 +47,7 @@ dependencies {
     testImplementation project(':grpc-core')
     testImplementation project(':grpc-testing')
     testImplementation libraries.guava.testlib
+    testImplementation libraries.truth
 
     signature (libraries.signature.java) {
         artifact {
diff --git a/api/src/test/java/io/grpc/MetadataTest.java b/api/src/test/java/io/grpc/MetadataTest.java
index 14ba8ca9b23..a858fff5e5a 100644
--- a/api/src/test/java/io/grpc/MetadataTest.java
+++ b/api/src/test/java/io/grpc/MetadataTest.java
@@ -16,6 +16,7 @@
 
 package io.grpc;
 
+import static com.google.common.truth.Truth.assertThat;
 import static java.nio.charset.StandardCharsets.US_ASCII;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertArrayEquals;
@@ -24,6 +25,7 @@
 import static org.junit.Assert.assertNotSame;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -37,9 +39,7 @@
 import java.util.Arrays;
 import java.util.Iterator;
 import java.util.Locale;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -49,9 +49,6 @@
 @RunWith(JUnit4.class)
 public class MetadataTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
-
   private static final Metadata.BinaryMarshaller<Fish> FISH_MARSHALLER =
       new Metadata.BinaryMarshaller<Fish>() {
         @Override
@@ -65,7 +62,7 @@ public Fish parseBytes(byte[] serialized) {
         }
       };
 
-  private static class FishStreamMarsaller implements Metadata.BinaryStreamMarshaller<Fish> {
+  private static class FishStreamMarshaller implements Metadata.BinaryStreamMarshaller<Fish> {
     @Override
     public InputStream toStream(Fish fish) {
       return new ByteArrayInputStream(FISH_MARSHALLER.toBytes(fish));
@@ -82,7 +79,7 @@ public Fish parseStream(InputStream stream) {
   }
 
   private static final Metadata.BinaryStreamMarshaller<Fish> FISH_STREAM_MARSHALLER =
-      new FishStreamMarsaller();
+      new FishStreamMarshaller();
 
   /** A pattern commonly used to avoid unnecessary serialization of immutable objects. */
   private static final class FakeFishStream extends InputStream {
@@ -121,10 +118,9 @@ public Fish parseStream(InputStream stream) {
 
   @Test
   public void noPseudoHeaders() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid character");
-
-    Metadata.Key.of(":test-bin", FISH_MARSHALLER);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> Metadata.Key.of(":test-bin", FISH_MARSHALLER));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid character ':' in key name ':test-bin'");
   }
 
   @Test
@@ -186,8 +182,7 @@ public void testGetAllNoRemove() {
     Iterator<Fish> i = metadata.getAll(KEY).iterator();
     assertEquals(lance, i.next());
 
-    thrown.expect(UnsupportedOperationException.class);
-    i.remove();
+    assertThrows(UnsupportedOperationException.class, i::remove);
   }
 
   @Test
@@ -271,17 +266,15 @@ public void mergeExpands() {
 
   @Test
   public void shortBinaryKeyName() {
-    thrown.expect(IllegalArgumentException.class);
-
-    Metadata.Key.of("-bin", FISH_MARSHALLER);
+    assertThrows(IllegalArgumentException.class, () -> Metadata.Key.of("-bin", FISH_MARSHALLER));
   }
 
   @Test
   public void invalidSuffixBinaryKeyName() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Binary header is named");
-
-    Metadata.Key.of("nonbinary", FISH_MARSHALLER);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> Metadata.Key.of("nonbinary", FISH_MARSHALLER));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Binary header is named nonbinary. It must end with -bin");
   }
 
   @Test
@@ -415,7 +408,7 @@ public void streamedValueDifferentMarshaller() {
     h.put(KEY_STREAMED, salmon);
 
     // Get using a different marshaller instance.
-    Fish fish = h.get(copyKey(KEY_STREAMED, new FishStreamMarsaller()));
+    Fish fish = h.get(copyKey(KEY_STREAMED, new FishStreamMarshaller()));
     assertEquals(salmon, fish);
   }
 
diff --git a/api/src/test/java/io/grpc/MethodDescriptorTest.java b/api/src/test/java/io/grpc/MethodDescriptorTest.java
index 9431190984b..e068e0c1108 100644
--- a/api/src/test/java/io/grpc/MethodDescriptorTest.java
+++ b/api/src/test/java/io/grpc/MethodDescriptorTest.java
@@ -26,9 +26,7 @@
 import io.grpc.MethodDescriptor.Marshaller;
 import io.grpc.MethodDescriptor.MethodType;
 import io.grpc.testing.TestMethodDescriptors;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -37,10 +35,6 @@
  */
 @RunWith(JUnit4.class)
 public class MethodDescriptorTest {
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
-
   @Test
   public void createMethodDescriptor() {
     MethodDescriptor<String, String> descriptor = MethodDescriptor.<String, String>newBuilder()
diff --git a/api/src/test/java/io/grpc/ServerInterceptorsTest.java b/api/src/test/java/io/grpc/ServerInterceptorsTest.java
index abfb3540fe4..b84b3838afa 100644
--- a/api/src/test/java/io/grpc/ServerInterceptorsTest.java
+++ b/api/src/test/java/io/grpc/ServerInterceptorsTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.collect.Iterables.getOnlyElement;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.same;
@@ -40,7 +41,6 @@
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentMatchers;
@@ -55,10 +55,6 @@ public class ServerInterceptorsTest {
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
-
   @Mock
   private Marshaller<String> requestMarshaller;
 
@@ -111,21 +107,21 @@ public void makeSureExpectedMocksUnused() {
   public void npeForNullServiceDefinition() {
     ServerServiceDefinition serviceDef = null;
     List<ServerInterceptor> interceptors = Arrays.asList();
-    thrown.expect(NullPointerException.class);
-    ServerInterceptors.intercept(serviceDef, interceptors);
+    assertThrows(NullPointerException.class,
+        () -> ServerInterceptors.intercept(serviceDef, interceptors));
   }
 
   @Test
   public void npeForNullInterceptorList() {
-    thrown.expect(NullPointerException.class);
-    ServerInterceptors.intercept(serviceDefinition, (List<ServerInterceptor>) null);
+    assertThrows(NullPointerException.class,
+        () -> ServerInterceptors.intercept(serviceDefinition, (List<ServerInterceptor>) null));
   }
 
   @Test
   public void npeForNullInterceptor() {
     List<ServerInterceptor> interceptors = Arrays.asList((ServerInterceptor) null);
-    thrown.expect(NullPointerException.class);
-    ServerInterceptors.intercept(serviceDefinition, interceptors);
+    assertThrows(NullPointerException.class,
+        () -> ServerInterceptors.intercept(serviceDefinition, interceptors));
   }
 
   @Test
diff --git a/api/src/test/java/io/grpc/ServerServiceDefinitionTest.java b/api/src/test/java/io/grpc/ServerServiceDefinitionTest.java
index 6a84d640d78..9e43302e210 100644
--- a/api/src/test/java/io/grpc/ServerServiceDefinitionTest.java
+++ b/api/src/test/java/io/grpc/ServerServiceDefinitionTest.java
@@ -18,14 +18,13 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.fail;
 
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -52,9 +51,6 @@ public class ServerServiceDefinitionTest {
         = ServerMethodDefinition.create(method1, methodHandler1);
   private ServerMethodDefinition<String, Integer> methodDef2
         = ServerMethodDefinition.create(method2, methodHandler2);
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public ExpectedException thrown = ExpectedException.none();
 
   @Test
   public void noMethods() {
@@ -91,9 +87,7 @@ public void addMethod_duplicateName() {
     ServiceDescriptor sd = new ServiceDescriptor(serviceName, method1);
     ServerServiceDefinition.Builder ssd = ServerServiceDefinition.builder(sd)
         .addMethod(method1, methodHandler1);
-    thrown.expect(IllegalStateException.class);
-    ssd.addMethod(diffMethod1, methodHandler2)
-        .build();
+    assertThrows(IllegalStateException.class, () -> ssd.addMethod(diffMethod1, methodHandler2));
   }
 
   @Test
@@ -101,8 +95,7 @@ public void buildMisaligned_extraMethod() {
     ServiceDescriptor sd = new ServiceDescriptor(serviceName);
     ServerServiceDefinition.Builder ssd = ServerServiceDefinition.builder(sd)
         .addMethod(methodDef1);
-    thrown.expect(IllegalStateException.class);
-    ssd.build();
+    assertThrows(IllegalStateException.class, ssd::build);
   }
 
   @Test
@@ -110,16 +103,14 @@ public void buildMisaligned_diffMethodInstance() {
     ServiceDescriptor sd = new ServiceDescriptor(serviceName, method1);
     ServerServiceDefinition.Builder ssd = ServerServiceDefinition.builder(sd)
         .addMethod(diffMethod1, methodHandler1);
-    thrown.expect(IllegalStateException.class);
-    ssd.build();
+    assertThrows(IllegalStateException.class, ssd::build);
   }
 
   @Test
   public void buildMisaligned_missingMethod() {
     ServiceDescriptor sd = new ServiceDescriptor(serviceName, method1);
     ServerServiceDefinition.Builder ssd = ServerServiceDefinition.builder(sd);
-    thrown.expect(IllegalStateException.class);
-    ssd.build();
+    assertThrows(IllegalStateException.class, ssd::build);
   }
 
   @Test
diff --git a/api/src/test/java/io/grpc/ServiceDescriptorTest.java b/api/src/test/java/io/grpc/ServiceDescriptorTest.java
index a05858680d5..89bdead3632 100644
--- a/api/src/test/java/io/grpc/ServiceDescriptorTest.java
+++ b/api/src/test/java/io/grpc/ServiceDescriptorTest.java
@@ -16,17 +16,18 @@
 
 package io.grpc;
 
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
+import com.google.common.truth.StringSubject;
 import io.grpc.MethodDescriptor.MethodType;
 import io.grpc.testing.TestMethodDescriptors;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -36,32 +37,27 @@
 @RunWith(JUnit4.class)
 public class ServiceDescriptorTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
-
   @Test
   public void failsOnNullName() {
-    thrown.expect(NullPointerException.class);
-    thrown.expectMessage("name");
-
-    new ServiceDescriptor(null, Collections.<MethodDescriptor<?, ?>>emptyList());
+    List<MethodDescriptor<?, ?>> methods = Collections.emptyList();
+    NullPointerException e = assertThrows(NullPointerException.class,
+        () -> new ServiceDescriptor(null, methods));
+    assertThat(e).hasMessageThat().isEqualTo("name");
   }
 
   @Test
   public void failsOnNullMethods() {
-    thrown.expect(NullPointerException.class);
-    thrown.expectMessage("methods");
-
-    new ServiceDescriptor("name", (Collection<MethodDescriptor<?, ?>>) null);
+    NullPointerException e = assertThrows(NullPointerException.class,
+        () -> new ServiceDescriptor("name", (Collection<MethodDescriptor<?, ?>>) null));
+    assertThat(e).hasMessageThat().isEqualTo("methods");
   }
 
   @Test
   public void failsOnNullMethod() {
-    thrown.expect(NullPointerException.class);
-    thrown.expectMessage("method");
-
-    new ServiceDescriptor("name", Collections.<MethodDescriptor<?, ?>>singletonList(null));
+    List<MethodDescriptor<?, ?>> methods = Collections.singletonList(null);
+    NullPointerException e = assertThrows(NullPointerException.class,
+        () -> new ServiceDescriptor("name", methods));
+    assertThat(e).hasMessageThat().isEqualTo("method");
   }
 
   @Test
@@ -69,15 +65,17 @@ public void failsOnNonMatchingNames() {
     List<MethodDescriptor<?, ?>> descriptors = Collections.<MethodDescriptor<?, ?>>singletonList(
         MethodDescriptor.<Void, Void>newBuilder()
           .setType(MethodType.UNARY)
-          .setFullMethodName(MethodDescriptor.generateFullMethodName("wrongservice", "method"))
+          .setFullMethodName(MethodDescriptor.generateFullMethodName("wrongService", "method"))
           .setRequestMarshaller(TestMethodDescriptors.voidMarshaller())
           .setResponseMarshaller(TestMethodDescriptors.voidMarshaller())
           .build());
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("service names");
-
-    new ServiceDescriptor("name", descriptors);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> new ServiceDescriptor("fooService", descriptors));
+    StringSubject error = assertThat(e).hasMessageThat();
+    error.contains("service names");
+    error.contains("fooService");
+    error.contains("wrongService");
   }
 
   @Test
@@ -96,10 +94,9 @@ public void failsOnNonDuplicateNames() {
           .setResponseMarshaller(TestMethodDescriptors.voidMarshaller())
           .build());
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("duplicate");
-
-    new ServiceDescriptor("name", descriptors);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> new ServiceDescriptor("name", descriptors));
+    assertThat(e).hasMessageThat().isEqualTo("duplicate name name/method");
   }
 
   @Test
diff --git a/core/src/test/java/io/grpc/internal/AbstractClientStreamTest.java b/core/src/test/java/io/grpc/internal/AbstractClientStreamTest.java
index ad3b59030d7..18fafe6557d 100644
--- a/core/src/test/java/io/grpc/internal/AbstractClientStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/AbstractClientStreamTest.java
@@ -23,6 +23,7 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.mockito.AdditionalAnswers.delegatesTo;
@@ -57,7 +58,6 @@
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
@@ -76,8 +76,6 @@
 public class AbstractClientStreamTest {
 
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
 
   private final StatsTraceContext statsTraceCtx = StatsTraceContext.NOOP;
   private final TransportTracer transportTracer = new TransportTracer();
@@ -136,9 +134,7 @@ public void cancel_failsOnNull() {
     AbstractClientStream stream =
         new BaseAbstractClientStream(allocator, statsTraceCtx, transportTracer);
     stream.start(listener);
-    thrown.expect(NullPointerException.class);
-
-    stream.cancel(null);
+    assertThrows(NullPointerException.class, () -> stream.cancel(null));
   }
 
   @Test
@@ -164,9 +160,7 @@ public void startFailsOnNullListener() {
     AbstractClientStream stream =
         new BaseAbstractClientStream(allocator, statsTraceCtx, transportTracer);
 
-    thrown.expect(NullPointerException.class);
-
-    stream.start(null);
+    assertThrows(NullPointerException.class, () -> stream.start(null));
   }
 
   @Test
@@ -174,9 +168,7 @@ public void cantCallStartTwice() {
     AbstractClientStream stream =
         new BaseAbstractClientStream(allocator, statsTraceCtx, transportTracer);
     stream.start(mockListener);
-    thrown.expect(IllegalStateException.class);
-
-    stream.start(mockListener);
+    assertThrows(IllegalStateException.class, () -> stream.start(mockListener));
   }
 
   @Test
@@ -188,8 +180,7 @@ public void inboundDataReceived_failsOnNullFrame() {
 
     TransportState state = stream.transportState();
 
-    thrown.expect(NullPointerException.class);
-    state.inboundDataReceived(null);
+    assertThrows(NullPointerException.class, () -> state.inboundDataReceived(null));
   }
 
   @Test
@@ -212,8 +203,8 @@ public void inboundHeadersReceived_failsIfStatusReported() {
 
     TransportState state = stream.transportState();
 
-    thrown.expect(IllegalStateException.class);
-    state.inboundHeadersReceived(new Metadata());
+    Metadata headers = new Metadata();
+    assertThrows(IllegalStateException.class, () -> state.inboundHeadersReceived(headers));
   }
 
   @Test
diff --git a/core/src/test/java/io/grpc/internal/AbstractServerStreamTest.java b/core/src/test/java/io/grpc/internal/AbstractServerStreamTest.java
index b41d45e972e..137ba19bfea 100644
--- a/core/src/test/java/io/grpc/internal/AbstractServerStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/AbstractServerStreamTest.java
@@ -18,6 +18,7 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
@@ -45,9 +46,7 @@
 import java.util.Queue;
 import java.util.concurrent.TimeUnit;
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
@@ -60,9 +59,6 @@ public class AbstractServerStreamTest {
   private static final int TIMEOUT_MS = 1000;
   private static final int MAX_MESSAGE_SIZE = 100;
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
-
   private final WritableBufferAllocator allocator = new WritableBufferAllocator() {
     @Override
     public WritableBuffer allocate(int capacityHint) {
@@ -226,9 +222,9 @@ public void completeWithoutClose() {
   public void setListener_setOnlyOnce() {
     TransportState state = stream.transportState();
     state.setListener(new ServerStreamListenerBase());
-    thrown.expect(IllegalStateException.class);
 
-    state.setListener(new ServerStreamListenerBase());
+    ServerStreamListenerBase listener2 = new ServerStreamListenerBase();
+    assertThrows(IllegalStateException.class, () -> state.setListener(listener2));
   }
 
   @Test
@@ -238,8 +234,7 @@ public void listenerReady_onlyOnce() {
 
     TransportState state = stream.transportState();
 
-    thrown.expect(IllegalStateException.class);
-    state.onStreamAllocated();
+    assertThrows(IllegalStateException.class, state::onStreamAllocated);
   }
 
   @Test
@@ -255,8 +250,7 @@ public void listenerReady_readyCalled() {
   public void setListener_failsOnNull() {
     TransportState state = stream.transportState();
 
-    thrown.expect(NullPointerException.class);
-    state.setListener(null);
+    assertThrows(NullPointerException.class, () -> state.setListener(null));
   }
 
   // TODO(ericgribkoff) This test is only valid if deframeInTransportThread=true, as otherwise the
@@ -284,9 +278,7 @@ public void messagesAvailable(MessageProducer producer) {
 
   @Test
   public void writeHeaders_failsOnNullHeaders() {
-    thrown.expect(NullPointerException.class);
-
-    stream.writeHeaders(null, true);
+    assertThrows(NullPointerException.class, () -> stream.writeHeaders(null, true));
   }
 
   @Test
@@ -336,16 +328,13 @@ public void writeMessage_closesStream() throws Exception {
 
   @Test
   public void close_failsOnNullStatus() {
-    thrown.expect(NullPointerException.class);
-
-    stream.close(null, new Metadata());
+    Metadata trailers = new Metadata();
+    assertThrows(NullPointerException.class, () -> stream.close(null, trailers));
   }
 
   @Test
   public void close_failsOnNullMetadata() {
-    thrown.expect(NullPointerException.class);
-
-    stream.close(Status.INTERNAL, null);
+    assertThrows(NullPointerException.class, () -> stream.close(Status.INTERNAL, null));
   }
 
   @Test
@@ -451,4 +440,3 @@ public int streamId() {
     }
   }
 }
-
diff --git a/core/src/test/java/io/grpc/internal/ConnectivityStateManagerTest.java b/core/src/test/java/io/grpc/internal/ConnectivityStateManagerTest.java
index 2a759a4f386..dfd6ed56a1e 100644
--- a/core/src/test/java/io/grpc/internal/ConnectivityStateManagerTest.java
+++ b/core/src/test/java/io/grpc/internal/ConnectivityStateManagerTest.java
@@ -27,9 +27,7 @@
 import io.grpc.ConnectivityState;
 import java.util.LinkedList;
 import java.util.concurrent.Executor;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -38,10 +36,6 @@
  */
 @RunWith(JUnit4.class)
 public class ConnectivityStateManagerTest {
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
-
   private final FakeClock executor = new FakeClock();
   private final ConnectivityStateManager state = new ConnectivityStateManager();
   private final LinkedList<ConnectivityState> sink = new LinkedList<>();
@@ -75,7 +69,7 @@ public void run() {
     assertEquals(1, sink.size());
     assertEquals(TRANSIENT_FAILURE, sink.poll());
   }
-  
+
   @Test
   public void registerCallbackAfterStateChanged() {
     state.gotoState(CONNECTING);
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
index be304ad326b..130c01d1c04 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
@@ -22,6 +22,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.mockito.ArgumentMatchers.any;
@@ -35,6 +36,7 @@
 import static org.mockito.Mockito.when;
 
 import com.google.common.base.Stopwatch;
+import com.google.common.base.VerifyException;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import com.google.common.net.InetAddresses;
@@ -82,7 +84,6 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.DisableOnDebug;
-import org.junit.rules.ExpectedException;
 import org.junit.rules.TestRule;
 import org.junit.rules.Timeout;
 import org.junit.runner.RunWith;
@@ -99,8 +100,6 @@ public class DnsNameResolverTest {
 
   @Rule public final TestRule globalTimeout = new DisableOnDebug(Timeout.seconds(10));
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
 
   private final Map<String, ?> serviceConfig = new LinkedHashMap<>();
 
@@ -914,9 +913,10 @@ public HttpConnectProxiedSocketAddress proxyFor(SocketAddress targetAddress) {
   public void maybeChooseServiceConfig_failsOnMisspelling() {
     Map<String, Object> bad = new LinkedHashMap<>();
     bad.put("parcentage", 1.0);
-    thrown.expectMessage("Bad key");
-
-    DnsNameResolver.maybeChooseServiceConfig(bad, new Random(), "host");
+    Random random = new Random();
+    VerifyException e = assertThrows(VerifyException.class,
+        () -> DnsNameResolver.maybeChooseServiceConfig(bad, random, "host"));
+    assertThat(e).hasMessageThat().isEqualTo("Bad key: parcentage=1.0");
   }
 
   @Test
@@ -1155,25 +1155,25 @@ public void parseTxtResults_misspelledName() throws Exception {
   }
 
   @Test
-  public void parseTxtResults_badTypeFails() throws Exception {
+  public void parseTxtResults_badTypeFails() {
     List<String> txtRecords = new ArrayList<>();
     txtRecords.add("some_record");
     txtRecords.add("grpc_config={}");
 
-    thrown.expect(ClassCastException.class);
-    thrown.expectMessage("wrong type");
-    DnsNameResolver.parseTxtResults(txtRecords);
+    ClassCastException e = assertThrows(ClassCastException.class,
+        () -> DnsNameResolver.parseTxtResults(txtRecords));
+    assertThat(e).hasMessageThat().isEqualTo("wrong type {}");
   }
 
   @Test
-  public void parseTxtResults_badInnerTypeFails() throws Exception {
+  public void parseTxtResults_badInnerTypeFails() {
     List<String> txtRecords = new ArrayList<>();
     txtRecords.add("some_record");
     txtRecords.add("grpc_config=[\"bogus\"]");
 
-    thrown.expect(ClassCastException.class);
-    thrown.expectMessage("not object");
-    DnsNameResolver.parseTxtResults(txtRecords);
+    ClassCastException e = assertThrows(ClassCastException.class,
+        () -> DnsNameResolver.parseTxtResults(txtRecords));
+    assertThat(e).hasMessageThat().isEqualTo("value bogus for idx 0 in [bogus] is not object");
   }
 
   @Test
diff --git a/core/src/test/java/io/grpc/internal/GrpcUtilTest.java b/core/src/test/java/io/grpc/internal/GrpcUtilTest.java
index 39acb582d28..229c593ef80 100644
--- a/core/src/test/java/io/grpc/internal/GrpcUtilTest.java
+++ b/core/src/test/java/io/grpc/internal/GrpcUtilTest.java
@@ -22,6 +22,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -41,7 +42,6 @@
 import java.util.ArrayList;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
@@ -57,8 +57,6 @@ public class GrpcUtilTest {
       new ClientStreamTracer() {}
   };
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
 
   @Captor
@@ -201,9 +199,7 @@ public void urlAuthorityEscape_unicodeAreNotEncoded() {
 
   @Test
   public void checkAuthority_failsOnNull() {
-    thrown.expect(NullPointerException.class);
-
-    GrpcUtil.checkAuthority(null);
+    assertThrows(NullPointerException.class, () -> GrpcUtil.checkAuthority(null));
   }
 
   @Test
@@ -229,19 +225,18 @@ public void checkAuthority_succeedsOnIpV6() {
 
   @Test
   public void checkAuthority_failsOnInvalidAuthority() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid authority");
-
-    GrpcUtil.checkAuthority("[ : : 1]");
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> GrpcUtil.checkAuthority("[ : : 1]"));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid authority: [ : : 1]");
   }
 
 
   @Test
   public void checkAuthority_userInfoNotAllowed() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Userinfo");
-
-    GrpcUtil.checkAuthority("foo@valid");
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> GrpcUtil.checkAuthority("foo@valid"));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Userinfo must not be present on authority: 'foo@valid'");
   }
 
   @Test
diff --git a/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java b/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
index b75fd43a743..bed722f5f3a 100644
--- a/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
+++ b/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
@@ -27,6 +27,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -65,7 +66,6 @@
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.Mock;
@@ -79,9 +79,6 @@
 public class InternalSubchannelTest {
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
 
   private static final String AUTHORITY = "fakeauthority";
   private static final String USER_AGENT = "mosaic";
@@ -544,8 +541,9 @@ public void constructor_eagListWithNull_throws() {
   public void updateAddresses_emptyEagList_throws() {
     SocketAddress addr = new FakeSocketAddress();
     createInternalSubchannel(addr);
-    thrown.expect(IllegalArgumentException.class);
-    internalSubchannel.updateAddresses(Arrays.<EquivalentAddressGroup>asList());
+    List<EquivalentAddressGroup> newAddressGroups = Collections.emptyList();
+    assertThrows(IllegalArgumentException.class,
+        () -> internalSubchannel.updateAddresses(newAddressGroups));
   }
 
   @Test
@@ -553,8 +551,7 @@ public void updateAddresses_eagListWithNull_throws() {
     SocketAddress addr = new FakeSocketAddress();
     createInternalSubchannel(addr);
     List<EquivalentAddressGroup> eags = Arrays.asList((EquivalentAddressGroup) null);
-    thrown.expect(NullPointerException.class);
-    internalSubchannel.updateAddresses(eags);
+    assertThrows(NullPointerException.class, () -> internalSubchannel.updateAddresses(eags));
   }
 
   @Test public void updateAddresses_intersecting_ready() {
diff --git a/core/src/test/java/io/grpc/internal/JsonParserTest.java b/core/src/test/java/io/grpc/internal/JsonParserTest.java
index cfee566fa4a..a0dd81c20ce 100644
--- a/core/src/test/java/io/grpc/internal/JsonParserTest.java
+++ b/core/src/test/java/io/grpc/internal/JsonParserTest.java
@@ -17,15 +17,14 @@
 package io.grpc.internal;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
 
 import com.google.gson.stream.MalformedJsonException;
 import java.io.EOFException;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -35,10 +34,6 @@
 @RunWith(JUnit4.class)
 public class JsonParserTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
-
   @Test
   public void emptyObject() throws IOException {
     assertEquals(new LinkedHashMap<String, Object>(), JsonParser.parse("{}"));
@@ -75,45 +70,33 @@ public void nullValue() throws IOException {
   }
 
   @Test
-  public void nanFails() throws IOException {
-    thrown.expect(MalformedJsonException.class);
-
-    JsonParser.parse("NaN");
+  public void nanFails() {
+    assertThrows(MalformedJsonException.class, () -> JsonParser.parse("NaN"));
   }
 
   @Test
-  public void objectEarlyEnd() throws IOException {
-    thrown.expect(MalformedJsonException.class);
-
-    JsonParser.parse("{foo:}");
+  public void objectEarlyEnd() {
+    assertThrows(MalformedJsonException.class, () -> JsonParser.parse("{foo:}"));
   }
 
   @Test
-  public void earlyEndArray() throws IOException {
-    thrown.expect(EOFException.class);
-
-    JsonParser.parse("[1, 2, ");
+  public void earlyEndArray() {
+    assertThrows(EOFException.class, () -> JsonParser.parse("[1, 2, "));
   }
 
   @Test
-  public void arrayMissingElement() throws IOException {
-    thrown.expect(MalformedJsonException.class);
-
-    JsonParser.parse("[1, 2, ]");
+  public void arrayMissingElement() {
+    assertThrows(MalformedJsonException.class, () -> JsonParser.parse("[1, 2, ]"));
   }
 
   @Test
-  public void objectMissingElement() throws IOException {
-    thrown.expect(MalformedJsonException.class);
-
-    JsonParser.parse("{1: ");
+  public void objectMissingElement() {
+    assertThrows(MalformedJsonException.class, () -> JsonParser.parse("{1: "));
   }
 
   @Test
-  public void objectNoName() throws IOException {
-    thrown.expect(MalformedJsonException.class);
-
-    JsonParser.parse("{: 1");
+  public void objectNoName() {
+    assertThrows(MalformedJsonException.class, () -> JsonParser.parse("{: 1"));
   }
 
   @Test
@@ -125,9 +108,7 @@ public void objectStringName() throws IOException {
   }
 
   @Test
-  public void duplicate() throws IOException {
-    thrown.expect(IllegalArgumentException.class);
-
-    JsonParser.parse("{\"hi\": 2, \"hi\": 3}");
+  public void duplicate() {
+    assertThrows(IllegalArgumentException.class, () -> JsonParser.parse("{\"hi\": 2, \"hi\": 3}"));
   }
-}
\ No newline at end of file
+}
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
index cf131a79d87..861412653fb 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
@@ -23,6 +23,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.doReturn;
@@ -67,7 +68,6 @@
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.Mock;
@@ -99,8 +99,6 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
       };
 
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
   @Rule public final GrpcCleanupRule grpcCleanupRule = new GrpcCleanupRule();
 
   @Mock private ClientTransportFactory mockClientTransportFactory;
@@ -424,10 +422,9 @@ public void checkAuthority_validAuthorityAllowed() {
 
   @Test
   public void checkAuthority_invalidAuthorityFailed() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid authority");
-
-    builder.checkAuthority(DUMMY_AUTHORITY_INVALID);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.checkAuthority(DUMMY_AUTHORITY_INVALID));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid authority: [ : : 1]");
   }
 
   @Test
@@ -450,11 +447,10 @@ public void enableCheckAuthority_validAuthorityAllowed() {
 
   @Test
   public void disableCheckAuthority_invalidAuthorityFailed() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid authority");
-
     builder.disableCheckAuthority().enableCheckAuthority();
-    builder.checkAuthority(DUMMY_AUTHORITY_INVALID);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.checkAuthority(DUMMY_AUTHORITY_INVALID));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid authority: [ : : 1]");
   }
 
   @Test
@@ -680,14 +676,12 @@ public void perRpcBufferLimit() {
 
   @Test
   public void retryBufferSizeInvalidArg() {
-    thrown.expect(IllegalArgumentException.class);
-    builder.retryBufferSize(0L);
+    assertThrows(IllegalArgumentException.class, () -> builder.retryBufferSize(0L));
   }
 
   @Test
   public void perRpcBufferLimitInvalidArg() {
-    thrown.expect(IllegalArgumentException.class);
-    builder.perRpcBufferLimit(0L);
+    assertThrows(IllegalArgumentException.class, () -> builder.perRpcBufferLimit(0L));
   }
 
   @Test
@@ -710,8 +704,7 @@ public void defaultServiceConfig_nullKey() {
     Map<String, Object> config = new HashMap<>();
     config.put(null, "val");
 
-    thrown.expect(IllegalArgumentException.class);
-    builder.defaultServiceConfig(config);
+    assertThrows(IllegalArgumentException.class, () -> builder.defaultServiceConfig(config));
   }
 
   @Test
@@ -721,8 +714,7 @@ public void defaultServiceConfig_intKey() {
     Map<String, Object> config = new HashMap<>();
     config.put("key", subConfig);
 
-    thrown.expect(IllegalArgumentException.class);
-    builder.defaultServiceConfig(config);
+    assertThrows(IllegalArgumentException.class, () -> builder.defaultServiceConfig(config));
   }
 
   @Test
@@ -730,8 +722,7 @@ public void defaultServiceConfig_intValue() {
     Map<String, Object> config = new HashMap<>();
     config.put("key", 3);
 
-    thrown.expect(IllegalArgumentException.class);
-    builder.defaultServiceConfig(config);
+    assertThrows(IllegalArgumentException.class, () -> builder.defaultServiceConfig(config));
   }
 
   @Test
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelServiceConfigTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelServiceConfigTest.java
index 493714dfd41..fefc37e4fdc 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelServiceConfigTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelServiceConfigTest.java
@@ -20,6 +20,7 @@
 import static io.grpc.MethodDescriptor.MethodType.UNARY;
 import static io.grpc.Status.Code.UNAVAILABLE;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.fail;
 
 import com.google.common.collect.ImmutableList;
@@ -34,19 +35,13 @@
 import io.grpc.testing.TestMethodDescriptors;
 import java.util.Collections;
 import java.util.Map;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
 @RunWith(JUnit4.class)
 public class ManagedChannelServiceConfigTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
-
   @Test
   public void managedChannelServiceConfig_shouldParseHealthCheckingConfig() throws Exception {
     Map<String, ?> rawServiceConfig =
@@ -79,10 +74,9 @@ public void createManagedChannelServiceConfig_failsOnDuplicateMethod() {
     Map<String, ?> methodConfig = ImmutableMap.of("name", ImmutableList.of(name1, name2));
     Map<String, ?> serviceConfig = ImmutableMap.of("methodConfig", ImmutableList.of(methodConfig));
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Duplicate method");
-
-    ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null));
+    assertThat(e).hasMessageThat().isEqualTo("Duplicate method name service/method");
   }
 
   @Test
@@ -92,10 +86,9 @@ public void createManagedChannelServiceConfig_failsOnDuplicateService() {
     Map<String, ?> methodConfig = ImmutableMap.of("name", ImmutableList.of(name1, name2));
     Map<String, ?> serviceConfig = ImmutableMap.of("methodConfig", ImmutableList.of(methodConfig));
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Duplicate service");
-
-    ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null));
+    assertThat(e).hasMessageThat().isEqualTo("Duplicate service service");
   }
 
   @Test
@@ -107,10 +100,9 @@ public void createManagedChannelServiceConfig_failsOnDuplicateServiceMultipleCon
     Map<String, ?> serviceConfig =
         ImmutableMap.of("methodConfig", ImmutableList.of(methodConfig1, methodConfig2));
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Duplicate service");
-
-    ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null));
+    assertThat(e).hasMessageThat().isEqualTo("Duplicate service service");
   }
 
   @Test
@@ -119,10 +111,9 @@ public void createManagedChannelServiceConfig_failsOnMethodNameWithEmptyServiceN
     Map<String, ?> methodConfig = ImmutableMap.of("name", ImmutableList.of(name));
     Map<String, ?> serviceConfig = ImmutableMap.of("methodConfig", ImmutableList.of(methodConfig));
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("missing service name for method method1");
-
-    ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null));
+    assertThat(e).hasMessageThat().isEqualTo("missing service name for method method1");
   }
 
   @Test
@@ -131,10 +122,9 @@ public void createManagedChannelServiceConfig_failsOnMethodNameWithoutServiceNam
     Map<String, ?> methodConfig = ImmutableMap.of("name", ImmutableList.of(name));
     Map<String, ?> serviceConfig = ImmutableMap.of("methodConfig", ImmutableList.of(methodConfig));
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("missing service name for method method1");
-
-    ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null));
+    assertThat(e).hasMessageThat().isEqualTo("missing service name for method method1");
   }
 
   @Test
@@ -143,10 +133,9 @@ public void createManagedChannelServiceConfig_failsOnMissingServiceName() {
     Map<String, ?> methodConfig = ImmutableMap.of("name", ImmutableList.of(name));
     Map<String, ?> serviceConfig = ImmutableMap.of("methodConfig", ImmutableList.of(methodConfig));
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("missing service");
-
-    ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> ManagedChannelServiceConfig.fromServiceConfig(serviceConfig, true, 3, 4, null));
+    assertThat(e).hasMessageThat().isEqualTo("missing service name for method method");
   }
 
   @Test
diff --git a/core/src/test/java/io/grpc/internal/MessageDeframerTest.java b/core/src/test/java/io/grpc/internal/MessageDeframerTest.java
index 8f1b908e999..54758bc096f 100644
--- a/core/src/test/java/io/grpc/internal/MessageDeframerTest.java
+++ b/core/src/test/java/io/grpc/internal/MessageDeframerTest.java
@@ -20,6 +20,7 @@
 import static io.grpc.internal.GrpcUtil.DEFAULT_MAX_MESSAGE_SIZE;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assume.assumeTrue;
 import static org.mockito.ArgumentMatchers.anyInt;
@@ -53,10 +54,8 @@
 import java.util.concurrent.TimeUnit;
 import java.util.zip.GZIPOutputStream;
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.runners.Enclosed;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.junit.runners.Parameterized;
@@ -341,9 +340,6 @@ public Void answer(InvocationOnMock invocation) throws Throwable {
 
   @RunWith(JUnit4.class)
   public static class SizeEnforcingInputStreamTests {
-    @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-    @Rule
-    public final ExpectedException thrown = ExpectedException.none();
 
     private TestBaseStreamTracer tracer = new TestBaseStreamTracer();
     private StatsTraceContext statsTraceCtx = new StatsTraceContext(new StreamTracer[]{tracer});
@@ -381,11 +377,12 @@ public void sizeEnforcingInputStream_readByteAboveLimit() throws IOException {
               new MessageDeframer.SizeEnforcingInputStream(in, 2, statsTraceCtx);
 
       try {
-        thrown.expect(StatusRuntimeException.class);
-        thrown.expectMessage("RESOURCE_EXHAUSTED: Decompressed gRPC message exceeds");
-
-        while (stream.read() != -1) {
-        }
+        StatusRuntimeException e = assertThrows(StatusRuntimeException.class, () -> {
+          while (stream.read() != -1) {
+          }
+        });
+        assertThat(e).hasMessageThat()
+            .isEqualTo("RESOURCE_EXHAUSTED: Decompressed gRPC message exceeds maximum size 2");
       } finally {
         stream.close();
       }
@@ -427,10 +424,10 @@ public void sizeEnforcingInputStream_readAboveLimit() throws IOException {
       byte[] buf = new byte[10];
 
       try {
-        thrown.expect(StatusRuntimeException.class);
-        thrown.expectMessage("RESOURCE_EXHAUSTED: Decompressed gRPC message exceeds");
-
-        stream.read(buf, 0, buf.length);
+        StatusRuntimeException e = assertThrows(StatusRuntimeException.class,
+            () -> stream.read(buf, 0, buf.length));
+        assertThat(e).hasMessageThat()
+            .isEqualTo("RESOURCE_EXHAUSTED: Decompressed gRPC message exceeds maximum size 2");
       } finally {
         stream.close();
       }
@@ -470,10 +467,9 @@ public void sizeEnforcingInputStream_skipAboveLimit() throws IOException {
               new MessageDeframer.SizeEnforcingInputStream(in, 2, statsTraceCtx);
 
       try {
-        thrown.expect(StatusRuntimeException.class);
-        thrown.expectMessage("RESOURCE_EXHAUSTED: Decompressed gRPC message exceeds");
-
-        stream.skip(4);
+        StatusRuntimeException e = assertThrows(StatusRuntimeException.class, () -> stream.skip(4));
+        assertThat(e).hasMessageThat()
+            .isEqualTo("RESOURCE_EXHAUSTED: Decompressed gRPC message exceeds maximum size 2");
       } finally {
         stream.close();
       }
diff --git a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
index 652c94a4640..7394c83eab2 100644
--- a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
@@ -16,12 +16,14 @@
 
 package io.grpc.internal;
 
+import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.internal.GrpcUtil.CONTENT_LENGTH_KEY;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.mockito.ArgumentMatchers.any;
@@ -54,7 +56,6 @@
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
@@ -64,8 +65,6 @@
 
 @RunWith(JUnit4.class)
 public class ServerCallImplTest {
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
 
   @Mock private ServerStream stream;
@@ -175,20 +174,20 @@ public void sendHeader_contentLengthDiscarded() {
   @Test
   public void sendHeader_failsOnSecondCall() {
     call.sendHeaders(new Metadata());
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("sendHeaders has already been called");
-
-    call.sendHeaders(new Metadata());
+    Metadata headers = new Metadata();
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        () -> call.sendHeaders(headers));
+    assertThat(e).hasMessageThat().isEqualTo("sendHeaders has already been called");
   }
 
   @Test
   public void sendHeader_failsOnClosed() {
     call.close(Status.CANCELLED, new Metadata());
 
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("call is closed");
-
-    call.sendHeaders(new Metadata());
+    Metadata headers = new Metadata();
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        () -> call.sendHeaders(headers));
+    assertThat(e).hasMessageThat().isEqualTo("call is closed");
   }
 
   @Test
@@ -204,18 +203,16 @@ public void sendMessage_failsOnClosed() {
     call.sendHeaders(new Metadata());
     call.close(Status.CANCELLED, new Metadata());
 
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("call is closed");
-
-    call.sendMessage(1234L);
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        () -> call.sendMessage(1234L));
+    assertThat(e).hasMessageThat().isEqualTo("call is closed");
   }
 
   @Test
   public void sendMessage_failsIfheadersUnsent() {
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("sendHeaders has not been called");
-
-    call.sendMessage(1234L);
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        () -> call.sendMessage(1234L));
+    assertThat(e).hasMessageThat().isEqualTo("sendHeaders has not been called");
   }
 
   @Test
@@ -490,9 +487,10 @@ public void streamListener_unexpectedRuntimeException() {
 
     InputStream inputStream = UNARY_METHOD.streamRequest(1234L);
 
-    thrown.expect(RuntimeException.class);
-    thrown.expectMessage("unexpected exception");
-    streamListener.messagesAvailable(new SingleMessageProducer(inputStream));
+    SingleMessageProducer producer = new SingleMessageProducer(inputStream);
+    RuntimeException e = assertThrows(RuntimeException.class,
+        () -> streamListener.messagesAvailable(producer));
+    assertThat(e).hasMessageThat().isEqualTo("unexpected exception");
   }
 
   private static class LongMarshaller implements Marshaller<Long> {
diff --git a/core/src/test/java/io/grpc/internal/ServerImplTest.java b/core/src/test/java/io/grpc/internal/ServerImplTest.java
index 3125edca1e6..2ddaba751e4 100644
--- a/core/src/test/java/io/grpc/internal/ServerImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerImplTest.java
@@ -26,6 +26,7 @@
 import static org.junit.Assert.assertNotSame;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.mockito.AdditionalAnswers.delegatesTo;
@@ -104,7 +105,6 @@
 import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
@@ -140,8 +140,6 @@ public boolean shouldAccept(Runnable runnable) {
       };
   private static final String AUTHORITY = "some_authority";
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
 
   @BeforeClass
@@ -1228,7 +1226,7 @@ public void testStreamClose_deadlineExceededTriggersImmediateCancellation() thro
     assertFalse(context.get().isCancelled());
 
     assertEquals(1, timer.forwardNanos(1));
-    
+
     assertTrue(callReference.get().isCancelled());
     assertTrue(context.get().isCancelled());
     assertThat(context.get().cancellationCause()).isNotNull();
@@ -1260,9 +1258,8 @@ public List<InetSocketAddress> getListenSocketAddresses() {
   public void getPortBeforeStartedFails() {
     transportServer = new SimpleServer();
     createServer();
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("started");
-    server.getPort();
+    IllegalStateException e = assertThrows(IllegalStateException.class, () -> server.getPort());
+    assertThat(e).hasMessageThat().isEqualTo("Not started");
   }
 
   @Test
@@ -1271,9 +1268,8 @@ public void getPortAfterTerminationFails() throws Exception {
     createAndStartServer();
     server.shutdown();
     server.awaitTermination();
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("terminated");
-    server.getPort();
+    IllegalStateException e = assertThrows(IllegalStateException.class, () -> server.getPort());
+    assertThat(e).hasMessageThat().isEqualTo("Already terminated");
   }
 
   @Test
diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index 4a518895db6..1f4c2b41f15 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -24,6 +24,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.junit.Assume.assumeTrue;
@@ -76,9 +77,7 @@
 import java.util.concurrent.TimeoutException;
 import org.junit.After;
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
@@ -209,10 +208,6 @@ public ServerStreamTracer newServerStreamTracer(String fullMethodName, Metadata
           }
         }));
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public ExpectedException thrown = ExpectedException.none();
-
   @Before
   public void setUp() {
     server = newServer(Arrays.asList(serverStreamTracerFactory));
@@ -396,8 +391,7 @@ public void serverAlreadyListening() throws Exception {
       port = ((InetSocketAddress) addr).getPort();
     }
     InternalServer server2 = newServer(port, Arrays.asList(serverStreamTracerFactory));
-    thrown.expect(IOException.class);
-    server2.start(new MockServerListener());
+    assertThrows(IOException.class, () -> server2.start(new MockServerListener()));
   }
 
   @Test

From 94f8e936912b1f5d9495a84db5bded15e9773af9 Mon Sep 17 00:00:00 2001
From: yifeizhuang <yifeizhuang@gmail.com>
Date: Fri, 21 Mar 2025 15:19:25 -0700
Subject: [PATCH 222/591] otel tracing: fix span names (#11974)

---
 .../OpenTelemetryTracingModule.java            |  4 ++--
 .../OpenTelemetryTracingModuleTest.java        | 18 +++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
index 838ee0797a7..8c42a189ac2 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
@@ -446,7 +446,7 @@ private void recordOutboundMessageSentEvent(Span span,
     if (optionalWireSize != -1 && optionalWireSize != optionalUncompressedSize) {
       attributesBuilder.put("message-size-compressed", optionalWireSize);
     }
-    span.addEvent("Outbound message sent", attributesBuilder.build());
+    span.addEvent("Outbound message", attributesBuilder.build());
   }
 
   private void recordInboundCompressedMessage(Span span, int seqNo, long optionalWireSize) {
@@ -460,7 +460,7 @@ private void recordInboundMessageSize(Span span, int seqNo, long bytes) {
     AttributesBuilder attributesBuilder = io.opentelemetry.api.common.Attributes.builder();
     attributesBuilder.put("sequence-number", seqNo);
     attributesBuilder.put("message-size", bytes);
-    span.addEvent("Inbound message received", attributesBuilder.build());
+    span.addEvent("Inbound message", attributesBuilder.build());
   }
 
   private String generateErrorStatusDescription(io.grpc.Status status) {
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
index b4486bcf2e4..bca6be94b9f 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
@@ -231,7 +231,7 @@ public void clientBasicTracingMocking() {
     List<String> events = eventNameCaptor.getAllValues();
     List<io.opentelemetry.api.common.Attributes> attributes = attributesCaptor.getAllValues();
     assertEquals(
-        "Outbound message sent" ,
+        "Outbound message" ,
         events.get(0));
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()
@@ -241,7 +241,7 @@ public void clientBasicTracingMocking() {
         attributes.get(0));
 
     assertEquals(
-        "Outbound message sent" ,
+        "Outbound message" ,
         events.get(1));
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()
@@ -313,7 +313,7 @@ public void clientBasicTracingRule() {
     assertTrue(clientSpanEvents.get(0).getAttributes().isEmpty());
 
     assertEquals(
-        "Inbound message received" ,
+        "Inbound message" ,
         clientSpanEvents.get(1).getName());
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()
@@ -323,7 +323,7 @@ public void clientBasicTracingRule() {
         clientSpanEvents.get(1).getAttributes());
 
     assertEquals(
-        "Inbound message received" ,
+        "Inbound message" ,
         clientSpanEvents.get(2).getName());
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()
@@ -342,7 +342,7 @@ public void clientBasicTracingRule() {
     assertTrue(clientSpanEvents.get(0).getAttributes().isEmpty());
 
     assertEquals(
-        "Outbound message sent" ,
+        "Outbound message" ,
         attemptSpanEvents.get(1).getName());
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()
@@ -352,7 +352,7 @@ public void clientBasicTracingRule() {
         attemptSpanEvents.get(1).getAttributes());
 
     assertEquals(
-        "Outbound message sent" ,
+        "Outbound message" ,
         attemptSpanEvents.get(2).getName());
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()
@@ -518,7 +518,7 @@ public void serverBasicTracingNoHeaders() {
     List<EventData> events = spans.get(0).getEvents();
     assertEquals(events.size(), 4);
     assertEquals(
-        "Outbound message sent" ,
+        "Outbound message" ,
         events.get(0).getName());
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()
@@ -529,7 +529,7 @@ public void serverBasicTracingNoHeaders() {
         events.get(0).getAttributes());
 
     assertEquals(
-        "Outbound message sent" ,
+        "Outbound message" ,
         events.get(1).getName());
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()
@@ -549,7 +549,7 @@ public void serverBasicTracingNoHeaders() {
         events.get(2).getAttributes());
 
     assertEquals(
-        "Inbound message received" ,
+        "Inbound message" ,
         events.get(3).getName());
     assertEquals(
         io.opentelemetry.api.common.Attributes.builder()

From 1958e42370d58dc313ed8810f2476ba577e8a7df Mon Sep 17 00:00:00 2001
From: Ashley Zhang <ashley.w.zhang@gmail.com>
Date: Fri, 21 Mar 2025 15:19:40 -0700
Subject: [PATCH 223/591] xds: add support for custom per-target credentials on
 the transport (#11951)

---
 .../io/grpc/xds/GrpcXdsTransportFactory.java  | 54 +++++++++----
 .../InternalSharedXdsClientPoolProvider.java  | 10 ++-
 .../grpc/xds/SharedXdsClientPoolProvider.java | 50 ++++++++----
 .../grpc/xds/GrpcXdsClientImplTestBase.java   |  3 +-
 .../grpc/xds/GrpcXdsTransportFactoryTest.java |  7 +-
 .../io/grpc/xds/LoadReportClientTest.java     | 14 ++--
 .../xds/SharedXdsClientPoolProviderTest.java  | 77 +++++++++++++++++++
 .../io/grpc/xds/XdsClientFallbackTest.java    | 34 +++++---
 8 files changed, 198 insertions(+), 51 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/GrpcXdsTransportFactory.java b/xds/src/main/java/io/grpc/xds/GrpcXdsTransportFactory.java
index 74c28ba2d2d..0da51bf47f7 100644
--- a/xds/src/main/java/io/grpc/xds/GrpcXdsTransportFactory.java
+++ b/xds/src/main/java/io/grpc/xds/GrpcXdsTransportFactory.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
+import io.grpc.CallCredentials;
 import io.grpc.CallOptions;
 import io.grpc.ChannelCredentials;
 import io.grpc.ClientCall;
@@ -34,35 +35,50 @@
 
 final class GrpcXdsTransportFactory implements XdsTransportFactory {
 
-  static final GrpcXdsTransportFactory DEFAULT_XDS_TRANSPORT_FACTORY =
-      new GrpcXdsTransportFactory();
+  private final CallCredentials callCredentials;
+
+  GrpcXdsTransportFactory(CallCredentials callCredentials) {
+    this.callCredentials = callCredentials;
+  }
 
   @Override
   public XdsTransport create(Bootstrapper.ServerInfo serverInfo) {
-    return new GrpcXdsTransport(serverInfo);
+    return new GrpcXdsTransport(serverInfo, callCredentials);
   }
 
   @VisibleForTesting
   public XdsTransport createForTest(ManagedChannel channel) {
-    return new GrpcXdsTransport(channel);
+    return new GrpcXdsTransport(channel, callCredentials);
   }
 
   @VisibleForTesting
   static class GrpcXdsTransport implements XdsTransport {
 
     private final ManagedChannel channel;
+    private final CallCredentials callCredentials;
 
     public GrpcXdsTransport(Bootstrapper.ServerInfo serverInfo) {
+      this(serverInfo, null);
+    }
+
+    @VisibleForTesting
+    public GrpcXdsTransport(ManagedChannel channel) {
+      this(channel, null);
+    }
+
+    public GrpcXdsTransport(Bootstrapper.ServerInfo serverInfo, CallCredentials callCredentials) {
       String target = serverInfo.target();
       ChannelCredentials channelCredentials = (ChannelCredentials) serverInfo.implSpecificConfig();
       this.channel = Grpc.newChannelBuilder(target, channelCredentials)
           .keepAliveTime(5, TimeUnit.MINUTES)
           .build();
+      this.callCredentials = callCredentials;
     }
 
     @VisibleForTesting
-    public GrpcXdsTransport(ManagedChannel channel) {
+    public GrpcXdsTransport(ManagedChannel channel, CallCredentials callCredentials) {
       this.channel = checkNotNull(channel, "channel");
+      this.callCredentials = callCredentials;
     }
 
     @Override
@@ -72,7 +88,8 @@ public <ReqT, RespT> StreamingCall<ReqT, RespT> createStreamingCall(
         MethodDescriptor.Marshaller<RespT> respMarshaller) {
       Context prevContext = Context.ROOT.attach();
       try {
-        return new XdsStreamingCall<>(fullMethodName, reqMarshaller, respMarshaller);
+        return new XdsStreamingCall<>(
+            fullMethodName, reqMarshaller, respMarshaller, callCredentials);
       } finally {
         Context.ROOT.detach(prevContext);
       }
@@ -89,16 +106,21 @@ private class XdsStreamingCall<ReqT, RespT> implements
 
       private final ClientCall<ReqT, RespT> call;
 
-      public XdsStreamingCall(String methodName, MethodDescriptor.Marshaller<ReqT> reqMarshaller,
-                              MethodDescriptor.Marshaller<RespT> respMarshaller) {
-        this.call = channel.newCall(
-            MethodDescriptor.<ReqT, RespT>newBuilder()
-                .setFullMethodName(methodName)
-                .setType(MethodDescriptor.MethodType.BIDI_STREAMING)
-                .setRequestMarshaller(reqMarshaller)
-                .setResponseMarshaller(respMarshaller)
-                .build(),
-            CallOptions.DEFAULT); // TODO(zivy): support waitForReady
+      public XdsStreamingCall(
+          String methodName,
+          MethodDescriptor.Marshaller<ReqT> reqMarshaller,
+          MethodDescriptor.Marshaller<RespT> respMarshaller,
+          CallCredentials callCredentials) {
+        this.call =
+            channel.newCall(
+                MethodDescriptor.<ReqT, RespT>newBuilder()
+                    .setFullMethodName(methodName)
+                    .setType(MethodDescriptor.MethodType.BIDI_STREAMING)
+                    .setRequestMarshaller(reqMarshaller)
+                    .setResponseMarshaller(respMarshaller)
+                    .build(),
+                CallOptions.DEFAULT.withCallCredentials(
+                    callCredentials)); // TODO(zivy): support waitForReady
       }
 
       @Override
diff --git a/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
index 85b59fabfa0..9c98bba93cf 100644
--- a/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
@@ -16,6 +16,7 @@
 
 package io.grpc.xds;
 
+import io.grpc.CallCredentials;
 import io.grpc.Internal;
 import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
@@ -42,6 +43,13 @@ public static ObjectPool<XdsClient> getOrCreate(String target)
 
   public static ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
       throws XdsInitializationException {
-    return SharedXdsClientPoolProvider.getDefaultProvider().getOrCreate(target, metricRecorder);
+    return getOrCreate(target, metricRecorder, null);
+  }
+
+  public static ObjectPool<XdsClient> getOrCreate(
+      String target, MetricRecorder metricRecorder, CallCredentials transportCallCredentials)
+      throws XdsInitializationException {
+    return SharedXdsClientPoolProvider.getDefaultProvider()
+        .getOrCreate(target, metricRecorder, transportCallCredentials);
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
index 2bc7be4a014..5302880d48c 100644
--- a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
@@ -17,11 +17,11 @@
 package io.grpc.xds;
 
 import static com.google.common.base.Preconditions.checkNotNull;
-import static io.grpc.xds.GrpcXdsTransportFactory.DEFAULT_XDS_TRANSPORT_FACTORY;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
+import io.grpc.CallCredentials;
 import io.grpc.MetricRecorder;
 import io.grpc.internal.ExponentialBackoffPolicy;
 import io.grpc.internal.GrpcUtil;
@@ -87,6 +87,12 @@ public ObjectPool<XdsClient> get(String target) {
   @Override
   public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
       throws XdsInitializationException {
+    return getOrCreate(target, metricRecorder, null);
+  }
+
+  public ObjectPool<XdsClient> getOrCreate(
+      String target, MetricRecorder metricRecorder, CallCredentials transportCallCredentials)
+      throws XdsInitializationException {
     ObjectPool<XdsClient> ref = targetToXdsClientMap.get(target);
     if (ref == null) {
       synchronized (lock) {
@@ -102,7 +108,9 @@ public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRec
           if (bootstrapInfo.servers().isEmpty()) {
             throw new XdsInitializationException("No xDS server provided");
           }
-          ref = new RefCountedXdsClientObjectPool(bootstrapInfo, target, metricRecorder);
+          ref =
+              new RefCountedXdsClientObjectPool(
+                  bootstrapInfo, target, metricRecorder, transportCallCredentials);
           targetToXdsClientMap.put(target, ref);
         }
       }
@@ -126,6 +134,7 @@ class RefCountedXdsClientObjectPool implements ObjectPool<XdsClient> {
     private final BootstrapInfo bootstrapInfo;
     private final String target; // The target associated with the xDS client.
     private final MetricRecorder metricRecorder;
+    private final CallCredentials transportCallCredentials;
     private final Object lock = new Object();
     @GuardedBy("lock")
     private ScheduledExecutorService scheduler;
@@ -137,11 +146,21 @@ class RefCountedXdsClientObjectPool implements ObjectPool<XdsClient> {
     private XdsClientMetricReporterImpl metricReporter;
 
     @VisibleForTesting
-    RefCountedXdsClientObjectPool(BootstrapInfo bootstrapInfo, String target,
-        MetricRecorder metricRecorder) {
+    RefCountedXdsClientObjectPool(
+        BootstrapInfo bootstrapInfo, String target, MetricRecorder metricRecorder) {
+      this(bootstrapInfo, target, metricRecorder, null);
+    }
+
+    @VisibleForTesting
+    RefCountedXdsClientObjectPool(
+        BootstrapInfo bootstrapInfo,
+        String target,
+        MetricRecorder metricRecorder,
+        CallCredentials transportCallCredentials) {
       this.bootstrapInfo = checkNotNull(bootstrapInfo);
       this.target = target;
       this.metricRecorder = metricRecorder;
+      this.transportCallCredentials = transportCallCredentials;
     }
 
     @Override
@@ -153,16 +172,19 @@ public XdsClient getObject() {
           }
           scheduler = SharedResourceHolder.get(GrpcUtil.TIMER_SERVICE);
           metricReporter = new XdsClientMetricReporterImpl(metricRecorder, target);
-          xdsClient = new XdsClientImpl(
-              DEFAULT_XDS_TRANSPORT_FACTORY,
-              bootstrapInfo,
-              scheduler,
-              BACKOFF_POLICY_PROVIDER,
-              GrpcUtil.STOPWATCH_SUPPLIER,
-              TimeProvider.SYSTEM_TIME_PROVIDER,
-              MessagePrinter.INSTANCE,
-              new TlsContextManagerImpl(bootstrapInfo),
-              metricReporter);
+          GrpcXdsTransportFactory xdsTransportFactory =
+              new GrpcXdsTransportFactory(transportCallCredentials);
+          xdsClient =
+              new XdsClientImpl(
+                  xdsTransportFactory,
+                  bootstrapInfo,
+                  scheduler,
+                  BACKOFF_POLICY_PROVIDER,
+                  GrpcUtil.STOPWATCH_SUPPLIER,
+                  TimeProvider.SYSTEM_TIME_PROVIDER,
+                  MessagePrinter.INSTANCE,
+                  new TlsContextManagerImpl(bootstrapInfo),
+                  metricReporter);
           metricReporter.setXdsClient(xdsClient);
         }
         refCount++;
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 51c07cb3537..36131464d08 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
-import static io.grpc.xds.GrpcXdsTransportFactory.DEFAULT_XDS_TRANSPORT_FACTORY;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
@@ -4193,7 +4192,7 @@ public void serverFailureMetricReport_forRetryAndBackoff() {
   private XdsClientImpl createXdsClient(String serverUri) {
     BootstrapInfo bootstrapInfo = buildBootStrap(serverUri);
     return new XdsClientImpl(
-        DEFAULT_XDS_TRANSPORT_FACTORY,
+        new GrpcXdsTransportFactory(null),
         bootstrapInfo,
         fakeClock.getScheduledExecutorService(),
         backoffPolicyProvider,
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsTransportFactoryTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsTransportFactoryTest.java
index 703e429fa23..66e0d4b3198 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsTransportFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsTransportFactoryTest.java
@@ -92,9 +92,10 @@ public void onCompleted() {
   @Test
   public void callApis() throws Exception {
     XdsTransportFactory.XdsTransport xdsTransport =
-        GrpcXdsTransportFactory.DEFAULT_XDS_TRANSPORT_FACTORY.create(
-        Bootstrapper.ServerInfo.create("localhost:" + server.getPort(),
-            InsecureChannelCredentials.create()));
+        new GrpcXdsTransportFactory(null)
+            .create(
+                Bootstrapper.ServerInfo.create(
+                    "localhost:" + server.getPort(), InsecureChannelCredentials.create()));
     MethodDescriptor<DiscoveryRequest, DiscoveryResponse> methodDescriptor =
         AggregatedDiscoveryServiceGrpc.getStreamAggregatedResourcesMethod();
     XdsTransportFactory.StreamingCall<DiscoveryRequest, DiscoveryResponse> streamingCall =
diff --git a/xds/src/test/java/io/grpc/xds/LoadReportClientTest.java b/xds/src/test/java/io/grpc/xds/LoadReportClientTest.java
index c11a3a6e0d2..9bdf86132b6 100644
--- a/xds/src/test/java/io/grpc/xds/LoadReportClientTest.java
+++ b/xds/src/test/java/io/grpc/xds/LoadReportClientTest.java
@@ -178,11 +178,15 @@ public void cancelled(Context context) {
     when(backoffPolicy2.nextBackoffNanos())
         .thenReturn(TimeUnit.SECONDS.toNanos(2L), TimeUnit.SECONDS.toNanos(20L));
     addFakeStatsData();
-    lrsClient = new LoadReportClient(loadStatsManager,
-        GrpcXdsTransportFactory.DEFAULT_XDS_TRANSPORT_FACTORY.createForTest(channel),
-        NODE,
-        syncContext, fakeClock.getScheduledExecutorService(), backoffPolicyProvider,
-        fakeClock.getStopwatchSupplier());
+    lrsClient =
+        new LoadReportClient(
+            loadStatsManager,
+            new GrpcXdsTransportFactory(null).createForTest(channel),
+            NODE,
+            syncContext,
+            fakeClock.getScheduledExecutorService(),
+            backoffPolicyProvider,
+            fakeClock.getStopwatchSupplier());
     syncContext.execute(new Runnable() {
       @Override
       public void run() {
diff --git a/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java b/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
index 4fb77f0be42..86e4fc83a8c 100644
--- a/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
@@ -18,20 +18,36 @@
 
 
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.Metadata.ASCII_STRING_MARSHALLER;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 
+import com.google.auth.oauth2.AccessToken;
+import com.google.auth.oauth2.OAuth2Credentials;
+import com.google.common.util.concurrent.SettableFuture;
+import io.grpc.CallCredentials;
+import io.grpc.Grpc;
 import io.grpc.InsecureChannelCredentials;
+import io.grpc.InsecureServerCredentials;
+import io.grpc.Metadata;
 import io.grpc.MetricRecorder;
+import io.grpc.Server;
+import io.grpc.ServerCall;
+import io.grpc.ServerCallHandler;
+import io.grpc.ServerInterceptor;
+import io.grpc.auth.MoreCallCredentials;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.SharedXdsClientPoolProvider.RefCountedXdsClientObjectPool;
+import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.EnvoyProtoData.Node;
 import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.client.XdsInitializationException;
 import java.util.Collections;
+import java.util.concurrent.TimeUnit;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
@@ -54,9 +70,12 @@ public class SharedXdsClientPoolProviderTest {
   private final Node node = Node.newBuilder().setId("SharedXdsClientPoolProviderTest").build();
   private final MetricRecorder metricRecorder = new MetricRecorder() {};
   private static final String DUMMY_TARGET = "dummy";
+  static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY =
+      Metadata.Key.of("Authorization", ASCII_STRING_MARSHALLER);
 
   @Mock
   private GrpcBootstrapperImpl bootstrapper;
+  @Mock private ResourceWatcher<LdsUpdate> ldsResourceWatcher;
 
   @Test
   public void noServer() throws XdsInitializationException {
@@ -138,4 +157,62 @@ public void refCountedXdsClientObjectPool_getObjectCreatesNewInstanceIfAlreadySh
     assertThat(xdsClient2).isNotSameInstanceAs(xdsClient1);
     xdsClientPool.returnObject(xdsClient2);
   }
+
+  private class CallCredsServerInterceptor implements ServerInterceptor {
+    private SettableFuture<String> tokenFuture = SettableFuture.create();
+
+    @Override
+    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
+        ServerCall<ReqT, RespT> serverCall,
+        Metadata metadata,
+        ServerCallHandler<ReqT, RespT> next) {
+      tokenFuture.set(metadata.get(AUTHORIZATION_METADATA_KEY));
+      return next.startCall(serverCall, metadata);
+    }
+
+    public String getTokenWithTimeout(long timeout, TimeUnit unit) throws Exception {
+      return tokenFuture.get(timeout, unit);
+    }
+  }
+
+  @Test
+  public void xdsClient_usesCallCredentials() throws Exception {
+    // Set up fake xDS server
+    XdsTestControlPlaneService fakeXdsService = new XdsTestControlPlaneService();
+    CallCredsServerInterceptor callCredentialsInterceptor = new CallCredsServerInterceptor();
+    Server xdsServer =
+        Grpc.newServerBuilderForPort(0, InsecureServerCredentials.create())
+            .addService(fakeXdsService)
+            .intercept(callCredentialsInterceptor)
+            .build()
+            .start();
+    String xdsServerUri = "localhost:" + xdsServer.getPort();
+
+    // Set up bootstrap & xDS client pool provider
+    ServerInfo server = ServerInfo.create(xdsServerUri, InsecureChannelCredentials.create());
+    BootstrapInfo bootstrapInfo =
+        BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
+    when(bootstrapper.bootstrap()).thenReturn(bootstrapInfo);
+    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
+
+    // Create custom xDS transport CallCredentials
+    CallCredentials sampleCreds =
+        MoreCallCredentials.from(
+            OAuth2Credentials.create(new AccessToken("token", /* expirationTime= */ null)));
+
+    // Create xDS client that uses the CallCredentials on the transport
+    ObjectPool<XdsClient> xdsClientPool =
+        provider.getOrCreate("target", metricRecorder, sampleCreds);
+    XdsClient xdsClient = xdsClientPool.getObject();
+    xdsClient.watchXdsResource(
+        XdsListenerResource.getInstance(), "someLDSresource", ldsResourceWatcher);
+
+    // Wait for xDS server to get the request and verify that it received the CallCredentials
+    assertThat(callCredentialsInterceptor.getTokenWithTimeout(5, TimeUnit.SECONDS))
+        .isEqualTo("Bearer token");
+
+    // Clean up
+    xdsClientPool.returnObject(xdsClient);
+    xdsServer.shutdownNow();
+  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index 97c2695f209..036b9f6f55d 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
-import static io.grpc.xds.GrpcXdsTransportFactory.DEFAULT_XDS_TRANSPORT_FACTORY;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
@@ -442,9 +441,14 @@ public void fallbackFromBadUrlToGoodOne() {
     String garbageUri = "some. garbage";
 
     String validUri = "localhost:" + mainXdsServer.getServer().getPort();
-    XdsClientImpl client = CommonBootstrapperTestUtils.createXdsClient(
-        Arrays.asList(garbageUri, validUri), DEFAULT_XDS_TRANSPORT_FACTORY, fakeClock,
-        new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
+    XdsClientImpl client =
+        CommonBootstrapperTestUtils.createXdsClient(
+            Arrays.asList(garbageUri, validUri),
+            new GrpcXdsTransportFactory(null),
+            fakeClock,
+            new ExponentialBackoffPolicy.Provider(),
+            MessagePrinter.INSTANCE,
+            xdsClientMetricReporter);
 
     client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
     fakeClock.forwardTime(20, TimeUnit.SECONDS);
@@ -462,9 +466,14 @@ public void testGoodUrlFollowedByBadUrl() {
     String garbageUri = "some. garbage";
     String validUri = "localhost:" + mainXdsServer.getServer().getPort();
 
-    XdsClientImpl client = CommonBootstrapperTestUtils.createXdsClient(
-        Arrays.asList(validUri, garbageUri), DEFAULT_XDS_TRANSPORT_FACTORY, fakeClock,
-        new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
+    XdsClientImpl client =
+        CommonBootstrapperTestUtils.createXdsClient(
+            Arrays.asList(validUri, garbageUri),
+            new GrpcXdsTransportFactory(null),
+            fakeClock,
+            new ExponentialBackoffPolicy.Provider(),
+            MessagePrinter.INSTANCE,
+            xdsClientMetricReporter);
 
     client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
     verify(ldsWatcher, timeout(5000)).onChanged(
@@ -481,9 +490,14 @@ public void testTwoBadUrl()  {
     String garbageUri1 = "some. garbage";
     String garbageUri2 = "other garbage";
 
-    XdsClientImpl client = CommonBootstrapperTestUtils.createXdsClient(
-        Arrays.asList(garbageUri1, garbageUri2), DEFAULT_XDS_TRANSPORT_FACTORY, fakeClock,
-        new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
+    XdsClientImpl client =
+        CommonBootstrapperTestUtils.createXdsClient(
+            Arrays.asList(garbageUri1, garbageUri2),
+            new GrpcXdsTransportFactory(null),
+            fakeClock,
+            new ExponentialBackoffPolicy.Provider(),
+            MessagePrinter.INSTANCE,
+            xdsClientMetricReporter);
 
     client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
     fakeClock.forwardTime(20, TimeUnit.SECONDS);

From 3961a923ac553be623d071902ab42a64d1233d08 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 24 Mar 2025 21:32:53 +0000
Subject: [PATCH 224/591] core: Log any exception during panic because of
 exception

panic() calls a good amount of code, so it could get another exception.
The SynchronizationContext is running on an arbitrary thread and we
don't want to propagate this secondary exception up its stack (to be
handled by its UncaughtExceptionHandler); it we wanted that we'd
propagate the original exception.

This second exception will only be seen in the logs; the first exception
was logged and will be used to fail RPCs.

Also related to http://yaqs/8493785598685872128 and b692b9d26
---
 .../src/main/java/io/grpc/internal/ManagedChannelImpl.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index dd4d0aef5be..1b51c2dbb32 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -187,7 +187,12 @@ public void uncaughtException(Thread t, Throwable e) {
               Level.SEVERE,
               "[" + getLogId() + "] Uncaught exception in the SynchronizationContext. Panic!",
               e);
-          panic(e);
+          try {
+            panic(e);
+          } catch (Throwable anotherT) {
+            logger.log(
+                Level.SEVERE, "[" + getLogId() + "] Uncaught exception while panicking", anotherT);
+          }
         }
       });
 

From 350f90e1a30abf884f8fa4f40c4a1e8fca9425df Mon Sep 17 00:00:00 2001
From: jiangyuan <joe469391363@gmail.com>
Date: Tue, 25 Mar 2025 20:12:28 +0800
Subject: [PATCH 225/591] services: Avoid cancellation exceptions when
 notifying watchers that already have their connections cancelled (#11934)

Some clients watching health status can cancel their watch and `HealthService` when trying to notify these watchers were getting CANCELLED exception because there was no cancellation  handler set on the `StreamObserver`. This change sets the cancellation handler that removes the watcher from the set of watcher clients to be notified of the health status.
---
 .../protobuf/services/HealthServiceImpl.java  | 30 ++++++++++++-------
 .../services/HealthStatusManagerTest.java     | 18 +++++++++++
 2 files changed, 38 insertions(+), 10 deletions(-)

diff --git a/services/src/main/java/io/grpc/protobuf/services/HealthServiceImpl.java b/services/src/main/java/io/grpc/protobuf/services/HealthServiceImpl.java
index 2efe4b3951a..5cd294b4fbe 100644
--- a/services/src/main/java/io/grpc/protobuf/services/HealthServiceImpl.java
+++ b/services/src/main/java/io/grpc/protobuf/services/HealthServiceImpl.java
@@ -27,6 +27,7 @@
 import io.grpc.health.v1.HealthCheckResponse;
 import io.grpc.health.v1.HealthCheckResponse.ServingStatus;
 import io.grpc.health.v1.HealthGrpc;
+import io.grpc.stub.ServerCallStreamObserver;
 import io.grpc.stub.StreamObserver;
 import java.util.HashMap;
 import java.util.IdentityHashMap;
@@ -83,6 +84,11 @@ public void watch(HealthCheckRequest request,
       final StreamObserver<HealthCheckResponse> responseObserver) {
     final String service = request.getService();
     synchronized (watchLock) {
+      if (responseObserver instanceof ServerCallStreamObserver) {
+        ((ServerCallStreamObserver) responseObserver).setOnCancelHandler(() -> {
+          removeWatcher(service, responseObserver);
+        });
+      }
       ServingStatus status = statusMap.get(service);
       responseObserver.onNext(getResponseForWatch(status));
       IdentityHashMap<StreamObserver<HealthCheckResponse>, Boolean> serviceWatchers =
@@ -98,21 +104,25 @@ public void watch(HealthCheckRequest request,
           @Override
           // Called when the client has closed the stream
           public void cancelled(Context context) {
-            synchronized (watchLock) {
-              IdentityHashMap<StreamObserver<HealthCheckResponse>, Boolean> serviceWatchers =
-                  watchers.get(service);
-              if (serviceWatchers != null) {
-                serviceWatchers.remove(responseObserver);
-                if (serviceWatchers.isEmpty()) {
-                  watchers.remove(service);
-                }
-              }
-            }
+            removeWatcher(service, responseObserver);
           }
         },
         MoreExecutors.directExecutor());
   }
 
+  void removeWatcher(String service, StreamObserver<HealthCheckResponse> responseObserver) {
+    synchronized (watchLock) {
+      IdentityHashMap<StreamObserver<HealthCheckResponse>, Boolean> serviceWatchers =
+              watchers.get(service);
+      if (serviceWatchers != null) {
+        serviceWatchers.remove(responseObserver);
+        if (serviceWatchers.isEmpty()) {
+          watchers.remove(service);
+        }
+      }
+    }
+  }
+
   void setStatus(String service, ServingStatus status) {
     synchronized (watchLock) {
       if (terminal) {
diff --git a/services/src/test/java/io/grpc/protobuf/services/HealthStatusManagerTest.java b/services/src/test/java/io/grpc/protobuf/services/HealthStatusManagerTest.java
index 87d4ac29be8..b2652e92771 100644
--- a/services/src/test/java/io/grpc/protobuf/services/HealthStatusManagerTest.java
+++ b/services/src/test/java/io/grpc/protobuf/services/HealthStatusManagerTest.java
@@ -18,6 +18,11 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 
 import io.grpc.BindableService;
 import io.grpc.Context;
@@ -28,6 +33,7 @@
 import io.grpc.health.v1.HealthCheckResponse;
 import io.grpc.health.v1.HealthCheckResponse.ServingStatus;
 import io.grpc.health.v1.HealthGrpc;
+import io.grpc.stub.ServerCallStreamObserver;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.GrpcServerRule;
 import java.util.ArrayDeque;
@@ -109,6 +115,18 @@ public void enterTerminalState_watch() throws Exception {
     assertThat(obs.responses).isEmpty();
   }
 
+  @Test
+  @SuppressWarnings("unchecked")
+  public void serverCallStreamObserver_watch() throws Exception {
+    manager.setStatus(SERVICE1, ServingStatus.SERVING);
+    ServerCallStreamObserver<HealthCheckResponse> observer = mock(ServerCallStreamObserver.class);
+    service.watch(HealthCheckRequest.newBuilder().setService(SERVICE1).build(), observer);
+
+    verify(observer, times(1))
+            .onNext(eq(HealthCheckResponse.newBuilder().setStatus(ServingStatus.SERVING).build()));
+    verify(observer, times(1)).setOnCancelHandler(any(Runnable.class));
+  }
+
   @Test
   public void enterTerminalState_ignoreClear() throws Exception {
     manager.setStatus(SERVICE1, ServingStatus.SERVING);

From a332eddc132a90b8c0d5a51c8902b2a06444ab0b Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Wed, 26 Mar 2025 06:13:05 +0000
Subject: [PATCH 226/591] fix: cleans up FileWatcherCertificateProvider in
 XdsSecurityClientServerTest

---
 .../io/grpc/xds/XdsSecurityClientServerTest.java    | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index cd3ef293369..380c0591812 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -130,6 +130,7 @@ public class XdsSecurityClientServerTest {
   private FakeXdsClient xdsClient = new FakeXdsClient();
   private FakeXdsClientPoolFactory fakePoolFactory = new FakeXdsClientPoolFactory(xdsClient);
   private static final String OVERRIDE_AUTHORITY = "foo.test.google.fr";
+  private Attributes sslContextAttributes;
 
   @Parameters(name = "enableSpiffe={0}")
   public static Collection<Boolean> data() {
@@ -152,6 +153,14 @@ public void tearDown() throws IOException {
       NameResolverRegistry.getDefaultRegistry().deregister(fakeNameResolverFactory);
     }
     FileWatcherCertificateProviderProvider.enableSpiffe = originalEnableSpiffe;
+    if (sslContextAttributes != null) {
+      SslContextProviderSupplier sslContextProviderSupplier = sslContextAttributes.get(
+              SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
+      if (sslContextProviderSupplier != null) {
+        sslContextProviderSupplier.close();
+      }
+      sslContextAttributes = null;
+    }
   }
 
   @Test
@@ -651,7 +660,7 @@ private SimpleServiceGrpc.SimpleServiceBlockingStub getBlockingStub(
     InetSocketAddress socketAddress =
         new InetSocketAddress(Inet4Address.getLoopbackAddress(), port);
     tlsContextManagerForClient = new TlsContextManagerImpl(bootstrapInfoForClient);
-    Attributes attrs =
+    sslContextAttributes =
         (upstreamTlsContext != null)
             ? Attributes.newBuilder()
                 .set(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
@@ -660,7 +669,7 @@ private SimpleServiceGrpc.SimpleServiceBlockingStub getBlockingStub(
                 .build()
             : Attributes.EMPTY;
     fakeNameResolverFactory.setServers(
-        ImmutableList.of(new EquivalentAddressGroup(socketAddress, attrs)));
+        ImmutableList.of(new EquivalentAddressGroup(socketAddress, sslContextAttributes)));
     return SimpleServiceGrpc.newBlockingStub(cleanupRule.register(channelBuilder.build()));
   }
 

From 7507a9ec06fc9490c5bb967c3afea953e9d1c98d Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Wed, 26 Mar 2025 10:19:21 +0200
Subject: [PATCH 227/591] core: Use java.time.Time.getNano in
 InstantTimeProvider without reflection (#11977)

Fixes #11975
---
 .../io/grpc/internal/InstantTimeProvider.java | 30 ++++---------------
 .../internal/TimeProviderResolverFactory.java |  4 +--
 .../internal/InstantTimeProviderTest.java     |  3 +-
 3 files changed, 9 insertions(+), 28 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/InstantTimeProvider.java b/core/src/main/java/io/grpc/internal/InstantTimeProvider.java
index 38c840d2594..12996163753 100644
--- a/core/src/main/java/io/grpc/internal/InstantTimeProvider.java
+++ b/core/src/main/java/io/grpc/internal/InstantTimeProvider.java
@@ -18,37 +18,19 @@
 
 import static com.google.common.math.LongMath.saturatedAdd;
 
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
+import java.time.Instant;
 import java.util.concurrent.TimeUnit;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 /**
  * {@link InstantTimeProvider} resolves InstantTimeProvider which implements {@link TimeProvider}.
  */
 final class InstantTimeProvider implements TimeProvider {
-  private Method now;
-  private Method getNano;
-  private Method getEpochSecond;
-
-  public InstantTimeProvider(Class<?> instantClass) {
-    try {
-      this.now = instantClass.getMethod("now");
-      this.getNano = instantClass.getMethod("getNano");
-      this.getEpochSecond = instantClass.getMethod("getEpochSecond");
-    } catch (NoSuchMethodException ex) {
-      throw new AssertionError(ex);
-    }
-  }
-
   @Override
+  @IgnoreJRERequirement
   public long currentTimeNanos() {
-    try {
-      Object instant = now.invoke(null);
-      int nanos = (int) getNano.invoke(instant);
-      long epochSeconds = (long) getEpochSecond.invoke(instant);
-      return saturatedAdd(TimeUnit.SECONDS.toNanos(epochSeconds), nanos);
-    } catch (IllegalAccessException | InvocationTargetException ex) {
-      throw new RuntimeException(ex);
-    }
+    Instant now = Instant.now();
+    long epochSeconds = now.getEpochSecond();
+    return saturatedAdd(TimeUnit.SECONDS.toNanos(epochSeconds), now.getNano());
   }
 }
diff --git a/core/src/main/java/io/grpc/internal/TimeProviderResolverFactory.java b/core/src/main/java/io/grpc/internal/TimeProviderResolverFactory.java
index d88d9bb9eb5..04272034ce9 100644
--- a/core/src/main/java/io/grpc/internal/TimeProviderResolverFactory.java
+++ b/core/src/main/java/io/grpc/internal/TimeProviderResolverFactory.java
@@ -23,8 +23,8 @@
 final class TimeProviderResolverFactory {
   static TimeProvider resolveTimeProvider() {
     try {
-      Class<?> instantClass = Class.forName("java.time.Instant");
-      return new InstantTimeProvider(instantClass);
+      Class.forName("java.time.Instant");
+      return new InstantTimeProvider();
     } catch (ClassNotFoundException ex) {
       return new ConcurrentTimeProvider();
     }
diff --git a/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java b/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
index ac9a02fa936..6702bc421a5 100644
--- a/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
+++ b/core/src/test/java/io/grpc/internal/InstantTimeProviderTest.java
@@ -34,8 +34,7 @@ public class InstantTimeProviderTest {
   @Test
   public void testInstantCurrentTimeNanos() throws Exception {
 
-    InstantTimeProvider instantTimeProvider = new InstantTimeProvider(
-        Class.forName("java.time.Instant"));
+    InstantTimeProvider instantTimeProvider = new InstantTimeProvider();
 
     // Get the current time from the InstantTimeProvider
     long actualTimeNanos = instantTimeProvider.currentTimeNanos();

From 2e260a4bbc4f19669ca8bd91c86425414d48946c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 27 Mar 2025 13:52:30 -0700
Subject: [PATCH 228/591] util: Graceful switch to new LB when leaving
 CONNECTING

Previously it would wait for the new LB to enter READY. However, that
prevents there being an upper-bound on how long the old policy will
continue to be used. The point of graceful switch is to avoid RPCs
seeing increased latency when we swap config. We don't want it to
prevent the system from becoming eventually consistent.
---
 .../grpc/util/GracefulSwitchLoadBalancer.java |  5 ++--
 .../util/GracefulSwitchLoadBalancerTest.java  | 26 +++++++++++++++----
 2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
index 72c41886ad4..e36eec1ff25 100644
--- a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
@@ -38,7 +38,8 @@
 /**
  * A load balancer that gracefully swaps to a new lb policy. If the channel is currently in a state
  * other than READY, the new policy will be swapped into place immediately.  Otherwise, the channel
- * will keep using the old policy until the new policy reports READY or the old policy exits READY.
+ * will keep using the old policy until the new policy leaves CONNECTING or the old policy exits
+ * READY.
  *
  * <p>The child balancer and configuration is specified using service config. Config objects are
  * generally created by calling {@link #parseLoadBalancingPolicyConfig(List)} from a
@@ -147,7 +148,7 @@ public void updateBalancingState(ConnectivityState newState, SubchannelPicker ne
           checkState(currentLbIsReady, "there's pending lb while current lb has been out of READY");
           pendingState = newState;
           pendingPicker = newPicker;
-          if (newState == ConnectivityState.READY) {
+          if (newState != ConnectivityState.CONNECTING) {
             swap();
           }
         } else if (lb == currentLb) {
diff --git a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
index 9a4f569c144..5192d6a2a64 100644
--- a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.ConnectivityState.CONNECTING;
+import static io.grpc.ConnectivityState.IDLE;
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 import static io.grpc.util.GracefulSwitchLoadBalancer.BUFFER_PICKER;
@@ -32,6 +33,7 @@
 import static org.mockito.Mockito.when;
 
 import com.google.common.testing.EqualsTester;
+import io.grpc.ConnectivityState;
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.LoadBalancer;
@@ -363,7 +365,21 @@ public void createSubchannelForwarded() {
   }
 
   @Test
-  public void updateBalancingStateIsGraceful() {
+  public void updateBalancingStateIsGraceful_Ready() {
+    updateBalancingStateIsGraceful(READY);
+  }
+
+  @Test
+  public void updateBalancingStateIsGraceful_TransientFailure() {
+    updateBalancingStateIsGraceful(TRANSIENT_FAILURE);
+  }
+
+  @Test
+  public void updateBalancingStateIsGraceful_Idle() {
+    updateBalancingStateIsGraceful(IDLE);
+  }
+
+  public void updateBalancingStateIsGraceful(ConnectivityState swapsOnState) {
     assertIsOk(gracefulSwitchLb.acceptResolvedAddresses(addressesBuilder()
         .setLoadBalancingPolicyConfig(createConfig(lbPolicies[0], new Object()))
         .build()));
@@ -392,11 +408,11 @@ public void updateBalancingStateIsGraceful() {
     helper2.updateBalancingState(CONNECTING, picker);
     verify(mockHelper, never()).updateBalancingState(CONNECTING, picker);
 
-    // lb2 reports READY
+    // lb2 reports swapsOnState
     SubchannelPicker picker2 = mock(SubchannelPicker.class);
-    helper2.updateBalancingState(READY, picker2);
+    helper2.updateBalancingState(swapsOnState, picker2);
     verify(lb0).shutdown();
-    verify(mockHelper).updateBalancingState(READY, picker2);
+    verify(mockHelper).updateBalancingState(swapsOnState, picker2);
 
     assertIsOk(gracefulSwitchLb.acceptResolvedAddresses(addressesBuilder()
         .setLoadBalancingPolicyConfig(createConfig(lbPolicies[3], new Object()))
@@ -407,7 +423,7 @@ public void updateBalancingStateIsGraceful() {
     helper3.updateBalancingState(CONNECTING, picker3);
     verify(mockHelper, never()).updateBalancingState(CONNECTING, picker3);
 
-    // lb2 out of READY
+    // lb2 out of swapsOnState
     picker2 = mock(SubchannelPicker.class);
     helper2.updateBalancingState(CONNECTING, picker2);
     verify(mockHelper, never()).updateBalancingState(CONNECTING, picker2);

From 2448c8b6b9dd019a782c7e3824030e8b650ff700 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 28 Mar 2025 19:49:36 +0000
Subject: [PATCH 229/591] util: Replace BUFFER_PICKER with FixedResultPicker

I think at some point there were more usages in the tests. But now it
is pretty easy.

PriorityLb.ChildLbState.picker is initialized to
FixedResultPicker(NoResult). So now that GracefulSwitchLb is using the
same picker, equals() is able to de-dup an update.
---
 .../io/grpc/util/GracefulSwitchLoadBalancer.java | 16 +---------------
 .../util/GracefulSwitchLoadBalancerTest.java     |  7 +++++--
 .../io/grpc/xds/PriorityLoadBalancerTest.java    |  9 ++++-----
 3 files changed, 10 insertions(+), 22 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
index e36eec1ff25..1dc4fb6750a 100644
--- a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
@@ -19,7 +19,6 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 
-import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Objects;
 import io.grpc.ConnectivityState;
@@ -66,19 +65,6 @@ public void handleNameResolutionError(final Status error) {
     public void shutdown() {}
   };
 
-  @VisibleForTesting
-  static final SubchannelPicker BUFFER_PICKER = new SubchannelPicker() {
-    @Override
-    public PickResult pickSubchannel(PickSubchannelArgs args) {
-      return PickResult.withNoResult();
-    }
-
-    @Override
-    public String toString() {
-      return "BUFFER_PICKER";
-    }
-  };
-
   private final Helper helper;
 
   // While the new policy is not fully switched on, the pendingLb is handling new updates from name
@@ -128,7 +114,7 @@ private void switchToInternal(LoadBalancer.Factory newBalancerFactory) {
     pendingLb = defaultBalancer;
     pendingBalancerFactory = null;
     pendingState = ConnectivityState.CONNECTING;
-    pendingPicker = BUFFER_PICKER;
+    pendingPicker = new FixedResultPicker(PickResult.withNoResult());
 
     if (newBalancerFactory.equals(currentBalancerFactory)) {
       return;
diff --git a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
index 5192d6a2a64..843e16194c5 100644
--- a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
@@ -21,7 +21,6 @@
 import static io.grpc.ConnectivityState.IDLE;
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
-import static io.grpc.util.GracefulSwitchLoadBalancer.BUFFER_PICKER;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.inOrder;
@@ -521,7 +520,11 @@ public void switchWhileOldPolicyGoesFromReadyToNotReadyWhileNewPolicyStillIdle()
     helper0.updateBalancingState(CONNECTING, picker);
 
     verify(mockHelper, never()).updateBalancingState(CONNECTING, picker);
-    inOrder.verify(mockHelper).updateBalancingState(CONNECTING, BUFFER_PICKER);
+    ArgumentCaptor<SubchannelPicker> pickerCaptor = ArgumentCaptor.forClass(SubchannelPicker.class);
+    inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
+    assertThat(pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class)).hasResult())
+        .isFalse();
+
     inOrder.verify(lb0).shutdown(); // shutdown after update
 
     picker = mock(SubchannelPicker.class);
diff --git a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
index 9823501dcd9..08d4863d194 100644
--- a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
@@ -522,8 +522,7 @@ public void connectingResetFailOverIfSeenReadyOrIdleSinceTransientFailure() {
             .setLoadBalancingPolicyConfig(priorityLbConfig)
             .build());
     // Nothing important about this verify, other than to provide a baseline
-    verify(helper, times(2))
-        .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
+    verify(helper).updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
     assertThat(fooBalancers).hasSize(1);
     assertThat(fooHelpers).hasSize(1);
     Helper helper0 = Iterables.getOnlyElement(fooHelpers);
@@ -539,7 +538,7 @@ public void connectingResetFailOverIfSeenReadyOrIdleSinceTransientFailure() {
     helper0.updateBalancingState(
         CONNECTING,
         EMPTY_PICKER);
-    verify(helper, times(3))
+    verify(helper, times(2))
         .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
 
     // failover happens
@@ -805,7 +804,7 @@ public void raceBetweenShutdownAndChildLbBalancingStateUpdate() {
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(priorityLbConfig)
             .build());
-    verify(helper, times(2)).updateBalancingState(eq(CONNECTING), isA(SubchannelPicker.class));
+    verify(helper).updateBalancingState(eq(CONNECTING), isA(SubchannelPicker.class));
 
     // LB shutdown and subchannel state change can happen simultaneously. If shutdown runs first,
     // any further balancing state update should be ignored.
@@ -843,7 +842,7 @@ public void noDuplicateOverallBalancingStateUpdate() {
             .setLoadBalancingPolicyConfig(priorityLbConfig)
             .build());
 
-    verify(helper, times(6)).updateBalancingState(any(), any());
+    verify(helper, times(4)).updateBalancingState(any(), any());
   }
 
   private void assertLatestConnectivityState(ConnectivityState expectedState) {

From 8f6a16f846d7ffe28609c773dd1630b44cf5b2db Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Tue, 1 Apr 2025 10:57:39 +0000
Subject: [PATCH 230/591] Start 1.73.0 development cycle (#11987)

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 88f3a524060..d69bb1927aa 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.72.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.73.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 93ce60054bc..42e16fbfef9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.72.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.73.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 82fe6a81d18..a870a5a82e1 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.72.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.73.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 912bd50da12..1f62ca26718 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.72.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.73.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 937854ac3ff..15fcdfb6300 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.72.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.73.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 4d72ae9c395..b960555e8c5 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,5 +1,5 @@
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.72.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.73.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 1f2a17ae6bb..670193167fe 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,12 +54,12 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 09b994a4954..81f79c67440 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index bdad129845b..12e6430d2ad 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index f38110a741b..f37e970ed7b 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,8 +53,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index e807d09f407..206fd38e0e3 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index e7142f3fb5a..c7d804973a5 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 1d07a7cb8ec..c2449833cdc 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 00fdecdb6c4..ce46b13c019 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index b73902095a1..7a37c46b536 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 28539851934..4af44beae46 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 0ef0dcaefe2..404cab907de 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index d2a32578550..b8f8d4d930e 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index e16e32e3bc1..dcb1f254263 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 1cad10bbb87..673d3f4461d 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 86aa42f8ed0..a0b9153785e 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index 6993c40a1ac..f0aab1c8edc 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index ca12c3f7872..0d6d095bf1d 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 7e9a915bfbd..cc7171910df 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 6d06f097ccb..9e40c3e33f9 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index a9fea928a34..36cf63dd602 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index f575d24d19b..5f98b32be60 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 45235fa1e08..edb28e1573b 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index ad68e891436..18157b0eed1 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 2176df5afc5..e66fda59e4e 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index e741bfe1c3f..9603e04e417 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index de9298cf0e1..c8b87f54cd0 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index c0159dce258..1e55f182d3a 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.72.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index edc9c4cda14..ff32936f2a2 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.72.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.72.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->

From c28a7e3e0677255c1d389053747654e678300e71 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Wed, 2 Apr 2025 04:40:41 +0000
Subject: [PATCH 231/591] okhttp: Per-rpc call option authority verification
 (#11754)

---
 .../io/grpc/internal/CertificateUtils.java    |  20 +-
 .../java/io/grpc/okhttp/NoopSslSocket.java    | 117 +++++
 .../io/grpc/okhttp/OkHttpChannelBuilder.java  |  18 +-
 .../io/grpc/okhttp/OkHttpClientStream.java    |   2 +-
 .../io/grpc/okhttp/OkHttpClientTransport.java | 271 +++++++++--
 .../io/grpc/okhttp/OkHttpServerBuilder.java   |   3 +-
 .../io/grpc/okhttp/OkHttpTlsUpgrader.java     |   7 +-
 .../grpc/okhttp/OkHttpClientStreamTest.java   |   6 +-
 .../okhttp/OkHttpClientTransportTest.java     | 361 +++++++++++---
 .../src/test/java/io/grpc/okhttp/TlsTest.java | 459 ++++++++++++++++++
 10 files changed, 1141 insertions(+), 123 deletions(-)
 create mode 100644 okhttp/src/main/java/io/grpc/okhttp/NoopSslSocket.java

diff --git a/core/src/main/java/io/grpc/internal/CertificateUtils.java b/core/src/main/java/io/grpc/internal/CertificateUtils.java
index cc26cedb274..91d17de93cb 100644
--- a/core/src/main/java/io/grpc/internal/CertificateUtils.java
+++ b/core/src/main/java/io/grpc/internal/CertificateUtils.java
@@ -16,6 +16,7 @@
 
 package io.grpc.internal;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.GeneralSecurityException;
@@ -36,8 +37,21 @@ public final class CertificateUtils {
   /**
    * Creates X509TrustManagers using the provided CA certs.
    */
-  public static TrustManager[] createTrustManager(InputStream rootCerts)
+  public static TrustManager[] createTrustManager(byte[] rootCerts)
       throws GeneralSecurityException {
+    InputStream rootCertsStream = new ByteArrayInputStream(rootCerts);
+    try {
+      return CertificateUtils.createTrustManager(rootCertsStream);
+    } finally {
+      GrpcUtil.closeQuietly(rootCertsStream);
+    }
+  }
+
+  /**
+   * Creates X509TrustManagers using the provided input stream of CA certs.
+   */
+  public static TrustManager[] createTrustManager(InputStream rootCerts)
+          throws GeneralSecurityException {
     KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
     try {
       ks.load(null, null);
@@ -52,13 +66,13 @@ public static TrustManager[] createTrustManager(InputStream rootCerts)
     }
 
     TrustManagerFactory trustManagerFactory =
-        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
     trustManagerFactory.init(ks);
     return trustManagerFactory.getTrustManagers();
   }
 
   private static X509Certificate[] getX509Certificates(InputStream inputStream)
-      throws CertificateException {
+          throws CertificateException {
     CertificateFactory factory = CertificateFactory.getInstance("X.509");
     Collection<? extends Certificate> certs = factory.generateCertificates(inputStream);
     return certs.toArray(new X509Certificate[0]);
diff --git a/okhttp/src/main/java/io/grpc/okhttp/NoopSslSocket.java b/okhttp/src/main/java/io/grpc/okhttp/NoopSslSocket.java
new file mode 100644
index 00000000000..6e6a6f12a39
--- /dev/null
+++ b/okhttp/src/main/java/io/grpc/okhttp/NoopSslSocket.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.okhttp;
+
+import java.io.IOException;
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+
+/** A no-op ssl socket, to facilitate overriding only the required methods in specific
+ * implementations.
+ */
+class NoopSslSocket extends SSLSocket {
+  @Override
+  public String[] getSupportedCipherSuites() {
+    return new String[0];
+  }
+
+  @Override
+  public String[] getEnabledCipherSuites() {
+    return new String[0];
+  }
+
+  @Override
+  public void setEnabledCipherSuites(String[] suites) {
+
+  }
+
+  @Override
+  public String[] getSupportedProtocols() {
+    return new String[0];
+  }
+
+  @Override
+  public String[] getEnabledProtocols() {
+    return new String[0];
+  }
+
+  @Override
+  public void setEnabledProtocols(String[] protocols) {
+
+  }
+
+  @Override
+  public SSLSession getSession() {
+    return null;
+  }
+
+  @Override
+  public void addHandshakeCompletedListener(HandshakeCompletedListener listener) {
+
+  }
+
+  @Override
+  public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) {
+
+  }
+
+  @Override
+  public void startHandshake() throws IOException {
+
+  }
+
+  @Override
+  public void setUseClientMode(boolean mode) {
+
+  }
+
+  @Override
+  public boolean getUseClientMode() {
+    return false;
+  }
+
+  @Override
+  public void setNeedClientAuth(boolean need) {
+
+  }
+
+  @Override
+  public boolean getNeedClientAuth() {
+    return false;
+  }
+
+  @Override
+  public void setWantClientAuth(boolean want) {
+
+  }
+
+  @Override
+  public boolean getWantClientAuth() {
+    return false;
+  }
+
+  @Override
+  public void setEnableSessionCreation(boolean flag) {
+
+  }
+
+  @Override
+  public boolean getEnableSessionCreation() {
+    return false;
+  }
+}
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
index 7eaaa6fd763..98f764132fe 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
@@ -17,6 +17,7 @@
 package io.grpc.okhttp;
 
 import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.internal.CertificateUtils.createTrustManager;
 import static io.grpc.internal.GrpcUtil.DEFAULT_KEEPALIVE_TIMEOUT_NANOS;
 import static io.grpc.internal.GrpcUtil.KEEPALIVE_TIME_NANOS_DISABLED;
 
@@ -89,6 +90,7 @@ public final class OkHttpChannelBuilder extends ForwardingChannelBuilder2<OkHttp
   public static final int DEFAULT_FLOW_CONTROL_WINDOW = 65535;
 
   private final ManagedChannelImplBuilder managedChannelImplBuilder;
+  private final ChannelCredentials channelCredentials;
   private TransportTracer.Factory transportTracerFactory = TransportTracer.getDefaultFactory();
 
 
@@ -206,6 +208,7 @@ private OkHttpChannelBuilder(String target) {
         new OkHttpChannelTransportFactoryBuilder(),
         new OkHttpChannelDefaultPortProvider());
     this.freezeSecurityConfiguration = false;
+    this.channelCredentials = null;
   }
 
   OkHttpChannelBuilder(
@@ -218,6 +221,7 @@ private OkHttpChannelBuilder(String target) {
     this.sslSocketFactory = factory;
     this.negotiationType = factory == null ? NegotiationType.PLAINTEXT : NegotiationType.TLS;
     this.freezeSecurityConfiguration = true;
+    this.channelCredentials = channelCreds;
   }
 
   private final class OkHttpChannelTransportFactoryBuilder
@@ -534,7 +538,8 @@ OkHttpTransportFactory buildTransportFactory() {
         keepAliveWithoutCalls,
         maxInboundMetadataSize,
         transportTracerFactory,
-        useGetForSafeMethods);
+        useGetForSafeMethods,
+        channelCredentials);
   }
 
   OkHttpChannelBuilder disableCheckAuthority() {
@@ -777,6 +782,7 @@ static final class OkHttpTransportFactory implements ClientTransportFactory {
     private final boolean keepAliveWithoutCalls;
     final int maxInboundMetadataSize;
     final boolean useGetForSafeMethods;
+    private final ChannelCredentials channelCredentials;
     private boolean closed;
 
     private OkHttpTransportFactory(
@@ -794,7 +800,8 @@ private OkHttpTransportFactory(
         boolean keepAliveWithoutCalls,
         int maxInboundMetadataSize,
         TransportTracer.Factory transportTracerFactory,
-        boolean useGetForSafeMethods) {
+        boolean useGetForSafeMethods,
+        ChannelCredentials channelCredentials) {
       this.executorPool = executorPool;
       this.executor = executorPool.getObject();
       this.scheduledExecutorServicePool = scheduledExecutorServicePool;
@@ -812,6 +819,7 @@ private OkHttpTransportFactory(
       this.keepAliveWithoutCalls = keepAliveWithoutCalls;
       this.maxInboundMetadataSize = maxInboundMetadataSize;
       this.useGetForSafeMethods = useGetForSafeMethods;
+      this.channelCredentials = channelCredentials;
 
       this.transportTracerFactory =
           Preconditions.checkNotNull(transportTracerFactory, "transportTracerFactory");
@@ -839,7 +847,8 @@ public void run() {
           options.getUserAgent(),
           options.getEagAttributes(),
           options.getHttpConnectProxiedSocketAddress(),
-          tooManyPingsRunnable);
+          tooManyPingsRunnable,
+          channelCredentials);
       if (enableKeepAlive) {
         transport.enableKeepAlive(
             true, keepAliveTimeNanosState.get(), keepAliveTimeoutNanos, keepAliveWithoutCalls);
@@ -875,7 +884,8 @@ public SwapChannelCredentialsResult swapChannelCredentials(ChannelCredentials ch
           keepAliveWithoutCalls,
           maxInboundMetadataSize,
           transportTracerFactory,
-          useGetForSafeMethods);
+          useGetForSafeMethods,
+          channelCredentials);
       return new SwapChannelCredentialsResult(factory, result.callCredentials);
     }
 
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java
index e33617886cf..8dd55d9f23e 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientStream.java
@@ -409,7 +409,7 @@ private void streamReady(Metadata metadata, String path) {
               transport.isUsingPlaintext());
       // TODO(b/145386688): This access should be guarded by 'this.transport.lock'; instead found:
       // 'this.lock'
-      transport.streamReadyToStart(OkHttpClientStream.this);
+      transport.streamReadyToStart(OkHttpClientStream.this, authority);
     }
 
     Tag tag() {
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index 7c107188518..e76799845c7 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -30,6 +30,7 @@
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
+import io.grpc.ChannelCredentials;
 import io.grpc.ClientStreamTracer;
 import io.grpc.Grpc;
 import io.grpc.HttpConnectProxiedSocketAddress;
@@ -43,6 +44,8 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.StatusException;
+import io.grpc.TlsChannelCredentials;
+import io.grpc.internal.CertificateUtils;
 import io.grpc.internal.ClientStreamListener.RpcProgress;
 import io.grpc.internal.ConnectionClientTransport;
 import io.grpc.internal.GrpcAttributes;
@@ -51,12 +54,15 @@
 import io.grpc.internal.InUseStateAggregator;
 import io.grpc.internal.KeepAliveManager;
 import io.grpc.internal.KeepAliveManager.ClientKeepAlivePinger;
+import io.grpc.internal.NoopSslSession;
 import io.grpc.internal.SerializingExecutor;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.TransportTracer;
 import io.grpc.okhttp.ExceptionHandlingFrameWriter.TransportExceptionHandler;
+import io.grpc.okhttp.OkHttpChannelBuilder.OkHttpTransportFactory;
 import io.grpc.okhttp.internal.ConnectionSpec;
 import io.grpc.okhttp.internal.Credentials;
+import io.grpc.okhttp.internal.OkHostnameVerifier;
 import io.grpc.okhttp.internal.StatusLine;
 import io.grpc.okhttp.internal.framed.ErrorCode;
 import io.grpc.okhttp.internal.framed.FrameReader;
@@ -71,14 +77,21 @@
 import io.perfmark.PerfMark;
 import java.io.EOFException;
 import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.net.URI;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.Deque;
 import java.util.EnumMap;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.LinkedHashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
@@ -96,9 +109,14 @@
 import javax.annotation.Nullable;
 import javax.net.SocketFactory;
 import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 import okio.Buffer;
 import okio.BufferedSink;
 import okio.BufferedSource;
@@ -114,6 +132,12 @@ class OkHttpClientTransport implements ConnectionClientTransport, TransportExcep
       OutboundFlowController.Transport {
   private static final Map<ErrorCode, Status> ERROR_CODE_TO_STATUS = buildErrorCodeToStatusMap();
   private static final Logger log = Logger.getLogger(OkHttpClientTransport.class.getName());
+  private static final String GRPC_ENABLE_PER_RPC_AUTHORITY_CHECK =
+          "GRPC_ENABLE_PER_RPC_AUTHORITY_CHECK";
+  static boolean enablePerRpcAuthorityCheck =
+          GrpcUtil.getFlag(GRPC_ENABLE_PER_RPC_AUTHORITY_CHECK, false);
+  private Socket sock;
+  private SSLSession sslSession;
 
   private static Map<ErrorCode, Status> buildErrorCodeToStatusMap() {
     Map<ErrorCode, Status> errorToStatus = new EnumMap<>(ErrorCode.class);
@@ -144,6 +168,26 @@ private static Map<ErrorCode, Status> buildErrorCodeToStatusMap() {
     return Collections.unmodifiableMap(errorToStatus);
   }
 
+  private static final Class<?> x509ExtendedTrustManagerClass;
+  private static final Method checkServerTrustedMethod;
+
+  static {
+    Class<?> x509ExtendedTrustManagerClass1 = null;
+    Method checkServerTrustedMethod1 = null;
+    try {
+      x509ExtendedTrustManagerClass1 = Class.forName("javax.net.ssl.X509ExtendedTrustManager");
+      checkServerTrustedMethod1 = x509ExtendedTrustManagerClass1.getMethod("checkServerTrusted",
+              X509Certificate[].class, String.class, Socket.class);
+    } catch (ClassNotFoundException e) {
+      // Per-rpc authority override via call options will be disallowed.
+    } catch (NoSuchMethodException e) {
+      // Should never happen since X509ExtendedTrustManager was introduced in Android API level 24
+      // along with checkServerTrusted.
+    }
+    x509ExtendedTrustManagerClass = x509ExtendedTrustManagerClass1;
+    checkServerTrustedMethod = checkServerTrustedMethod1;
+  }
+
   private final InetSocketAddress address;
   private final String defaultAuthority;
   private final String userAgent;
@@ -205,6 +249,19 @@ private static Map<ErrorCode, Status> buildErrorCodeToStatusMap() {
   private final boolean useGetForSafeMethods;
   @GuardedBy("lock")
   private final TransportTracer transportTracer;
+  private final TrustManager x509TrustManager;
+
+  @SuppressWarnings("serial")
+  private static class LruCache<T> extends LinkedHashMap<String, T> {
+    @Override
+    protected boolean removeEldestEntry(Map.Entry<String, T> eldest) {
+      return size() > 100;
+    }
+  }
+
+  @GuardedBy("lock")
+  private final Map<String, Status> authorityVerificationResults = new LruCache<>();
+
   @GuardedBy("lock")
   private final InUseStateAggregator<OkHttpClientStream> inUseState =
       new InUseStateAggregator<OkHttpClientStream>() {
@@ -233,13 +290,14 @@ protected void handleNotInUse() {
   SettableFuture<Void> connectedFuture;
 
   public OkHttpClientTransport(
-      OkHttpChannelBuilder.OkHttpTransportFactory transportFactory,
-      InetSocketAddress address,
-      String authority,
-      @Nullable String userAgent,
-      Attributes eagAttrs,
-      @Nullable HttpConnectProxiedSocketAddress proxiedAddr,
-      Runnable tooManyPingsRunnable) {
+          OkHttpTransportFactory transportFactory,
+          InetSocketAddress address,
+          String authority,
+          @Nullable String userAgent,
+          Attributes eagAttrs,
+          @Nullable HttpConnectProxiedSocketAddress proxiedAddr,
+          Runnable tooManyPingsRunnable,
+          ChannelCredentials channelCredentials) {
     this(
         transportFactory,
         address,
@@ -249,19 +307,21 @@ public OkHttpClientTransport(
         GrpcUtil.STOPWATCH_SUPPLIER,
         new Http2(),
         proxiedAddr,
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        channelCredentials);
   }
 
   private OkHttpClientTransport(
-      OkHttpChannelBuilder.OkHttpTransportFactory transportFactory,
-      InetSocketAddress address,
-      String authority,
-      @Nullable String userAgent,
-      Attributes eagAttrs,
-      Supplier<Stopwatch> stopwatchFactory,
-      Variant variant,
-      @Nullable HttpConnectProxiedSocketAddress proxiedAddr,
-      Runnable tooManyPingsRunnable) {
+          OkHttpTransportFactory transportFactory,
+          InetSocketAddress address,
+          String authority,
+          @Nullable String userAgent,
+          Attributes eagAttrs,
+          Supplier<Stopwatch> stopwatchFactory,
+          Variant variant,
+          @Nullable HttpConnectProxiedSocketAddress proxiedAddr,
+          Runnable tooManyPingsRunnable,
+          ChannelCredentials channelCredentials) {
     this.address = Preconditions.checkNotNull(address, "address");
     this.defaultAuthority = authority;
     this.maxMessageSize = transportFactory.maxMessageSize;
@@ -276,7 +336,8 @@ private OkHttpClientTransport(
     this.socketFactory = transportFactory.socketFactory == null
         ? SocketFactory.getDefault() : transportFactory.socketFactory;
     this.sslSocketFactory = transportFactory.sslSocketFactory;
-    this.hostnameVerifier = transportFactory.hostnameVerifier;
+    this.hostnameVerifier = transportFactory.hostnameVerifier != null
+      ? transportFactory.hostnameVerifier : OkHostnameVerifier.INSTANCE;
     this.connectionSpec = Preconditions.checkNotNull(
         transportFactory.connectionSpec, "connectionSpec");
     this.stopwatchFactory = Preconditions.checkNotNull(stopwatchFactory, "stopwatchFactory");
@@ -292,6 +353,21 @@ private OkHttpClientTransport(
         .set(GrpcAttributes.ATTR_CLIENT_EAG_ATTRS, eagAttrs).build();
     this.useGetForSafeMethods = transportFactory.useGetForSafeMethods;
     initTransportTracer();
+    TrustManager tempX509TrustManager;
+    if (channelCredentials instanceof TlsChannelCredentials
+        && x509ExtendedTrustManagerClass != null) {
+      try {
+        tempX509TrustManager = getTrustManager(
+                (TlsChannelCredentials) channelCredentials);
+      } catch (GeneralSecurityException e) {
+        tempX509TrustManager = null;
+        log.log(Level.WARNING, "Obtaining X509ExtendedTrustManager for the transport failed."
+            + "Per-rpc authority overrides will be disallowed.", e);
+      }
+    } else {
+      tempX509TrustManager = null;
+    }
+    x509TrustManager = tempX509TrustManager;
   }
 
   /**
@@ -300,7 +376,7 @@ private OkHttpClientTransport(
   @SuppressWarnings("AddressSelection") // An IP address always returns one address
   @VisibleForTesting
   OkHttpClientTransport(
-      OkHttpChannelBuilder.OkHttpTransportFactory transportFactory,
+      OkHttpTransportFactory transportFactory,
       String userAgent,
       Supplier<Stopwatch> stopwatchFactory,
       Variant variant,
@@ -316,7 +392,8 @@ private OkHttpClientTransport(
         stopwatchFactory,
         variant,
         null,
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
     this.connectingCallback = connectingCallback;
     this.connectedFuture = Preconditions.checkNotNull(connectedFuture, "connectedFuture");
   }
@@ -396,6 +473,7 @@ public OkHttpClientStream newStream(
     Preconditions.checkNotNull(headers, "headers");
     StatsTraceContext statsTraceContext =
         StatsTraceContext.newClientContext(tracers, getAttributes(), headers);
+
     // FIXME: it is likely wrong to pass the transportTracer here as it'll exit the lock's scope
     synchronized (lock) { // to make @GuardedBy linter happy
       return new OkHttpClientStream(
@@ -416,23 +494,116 @@ public OkHttpClientStream newStream(
     }
   }
 
+  private TrustManager getTrustManager(TlsChannelCredentials tlsCreds)
+      throws GeneralSecurityException {
+    TrustManager[] tm;
+    // Using the same way of creating TrustManager from OkHttpChannelBuilder.sslSocketFactoryFrom()
+    if (tlsCreds.getTrustManagers() != null) {
+      tm = tlsCreds.getTrustManagers().toArray(new TrustManager[0]);
+    } else if (tlsCreds.getRootCertificates() != null) {
+      tm = CertificateUtils.createTrustManager(tlsCreds.getRootCertificates());
+    } else { // else use system default
+      TrustManagerFactory tmf = TrustManagerFactory.getInstance(
+          TrustManagerFactory.getDefaultAlgorithm());
+      tmf.init((KeyStore) null);
+      tm = tmf.getTrustManagers();
+    }
+    for (TrustManager trustManager: tm) {
+      if (trustManager instanceof X509TrustManager) {
+        return trustManager;
+      }
+    }
+    return null;
+  }
+
   @GuardedBy("lock")
-  void streamReadyToStart(OkHttpClientStream clientStream) {
+  void streamReadyToStart(OkHttpClientStream clientStream, String authority) {
     if (goAwayStatus != null) {
       clientStream.transportState().transportReportStatus(
           goAwayStatus, RpcProgress.MISCARRIED, true, new Metadata());
-    } else if (streams.size() >= maxConcurrentStreams) {
-      pendingStreams.add(clientStream);
-      setInUse(clientStream);
     } else {
-      startStream(clientStream);
+      if (socket instanceof SSLSocket && !authority.equals(defaultAuthority)) {
+        Status authorityVerificationResult;
+        if (authorityVerificationResults.containsKey(authority)) {
+          authorityVerificationResult = authorityVerificationResults.get(authority);
+        } else {
+          authorityVerificationResult = verifyAuthority(authority);
+          authorityVerificationResults.put(authority, authorityVerificationResult);
+        }
+        if (!authorityVerificationResult.isOk()) {
+          if (enablePerRpcAuthorityCheck) {
+            clientStream.transportState().transportReportStatus(
+                    authorityVerificationResult, RpcProgress.PROCESSED, true, new Metadata());
+            return;
+          }
+        }
+      }
+      if (streams.size() >= maxConcurrentStreams) {
+        pendingStreams.add(clientStream);
+        setInUse(clientStream);
+      } else {
+        startStream(clientStream);
+      }
     }
   }
 
+  private Status verifyAuthority(String authority) {
+    Status authorityVerificationResult;
+    if (hostnameVerifier.verify(authority, ((SSLSocket) socket).getSession())) {
+      authorityVerificationResult = Status.OK;
+    } else {
+      authorityVerificationResult = Status.UNAVAILABLE.withDescription(String.format(
+              "HostNameVerifier verification failed for authority '%s'",
+              authority));
+    }
+    if (!authorityVerificationResult.isOk() && !enablePerRpcAuthorityCheck) {
+      log.log(Level.WARNING, String.format("HostNameVerifier verification failed for "
+                      + "authority '%s'. This will be an error in the future.",
+              authority));
+    }
+    if (authorityVerificationResult.isOk()) {
+      // The status is trivially assigned in this case, but we are still making use of the
+      // cache to keep track that a warning log had been logged for the authority when
+      // enablePerRpcAuthorityCheck is false. When we permanently enable the feature, the
+      // status won't need to be cached for case when x509TrustManager is null.
+      if (x509TrustManager == null) {
+        authorityVerificationResult = Status.UNAVAILABLE.withDescription(
+                String.format("Could not verify authority '%s' for the rpc with no "
+                                + "X509TrustManager available",
+                        authority));
+      } else if (x509ExtendedTrustManagerClass.isInstance(x509TrustManager)) {
+        try {
+          Certificate[] peerCertificates = sslSession.getPeerCertificates();
+          X509Certificate[] x509PeerCertificates =
+                  new X509Certificate[peerCertificates.length];
+          for (int i = 0; i < peerCertificates.length; i++) {
+            x509PeerCertificates[i] = (X509Certificate) peerCertificates[i];
+          }
+          checkServerTrustedMethod.invoke(x509TrustManager, x509PeerCertificates,
+                  "RSA", new SslSocketWrapper((SSLSocket) socket, authority));
+          authorityVerificationResult = Status.OK;
+        } catch (SSLPeerUnverifiedException | InvocationTargetException
+                 | IllegalAccessException e) {
+          authorityVerificationResult = Status.UNAVAILABLE.withCause(e).withDescription(
+                  "Peer verification failed");
+        }
+        if (authorityVerificationResult.getCause() != null) {
+          log.log(Level.WARNING, authorityVerificationResult.getDescription()
+                          + ". This will be an error in the future.",
+                  authorityVerificationResult.getCause());
+        } else {
+          log.log(Level.WARNING, authorityVerificationResult.getDescription()
+                  + ". This will be an error in the future.");
+        }
+      }
+    }
+    return authorityVerificationResult;
+  }
+
   @SuppressWarnings("GuardedBy")
   @GuardedBy("lock")
   private void startStream(OkHttpClientStream stream) {
-    Preconditions.checkState(
+    checkState(
         stream.transportState().id() == OkHttpClientStream.ABSENT_ID, "StreamId already assigned");
     streams.put(nextStreamId, stream);
     setInUse(stream);
@@ -531,8 +702,6 @@ public Timeout timeout() {
           public void close() {
           }
         });
-        Socket sock;
-        SSLSession sslSession = null;
         try {
           // This is a hack to make sure the connection preface and initial settings to be sent out
           // without blocking the start. By doing this essentially prevents potential deadlock when
@@ -1460,4 +1629,50 @@ public void alternateService(int streamId, String origin, ByteString protocol, S
       // TODO(madongfly): Deal with alternateService propagation
     }
   }
+
+  /**
+   * SSLSocket wrapper that provides a fake SSLSession for handshake session.
+   */
+  static final class SslSocketWrapper extends NoopSslSocket {
+
+    private final SSLSession sslSession;
+    private final SSLSocket sslSocket;
+
+    SslSocketWrapper(SSLSocket sslSocket, String peerHost) {
+      this.sslSocket = sslSocket;
+      this.sslSession = new FakeSslSession(peerHost);
+    }
+
+    @Override
+    public SSLSession getHandshakeSession() {
+      return this.sslSession;
+    }
+
+    @Override
+    public boolean isConnected() {
+      return sslSocket.isConnected();
+    }
+
+    @Override
+    public SSLParameters getSSLParameters() {
+      return sslSocket.getSSLParameters();
+    }
+  }
+
+  /**
+   * Fake SSLSession instance that provides the peer host name to verify for per-rpc check.
+   */
+  static class FakeSslSession extends NoopSslSession {
+
+    private final String peerHost;
+
+    FakeSslSession(String peerHost) {
+      this.peerHost = peerHost;
+    }
+
+    @Override
+    public String getPeerHost() {
+      return peerHost;
+    }
+  }
 }
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerBuilder.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerBuilder.java
index 068474d70bc..8daeed42a8c 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerBuilder.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerBuilder.java
@@ -17,6 +17,7 @@
 package io.grpc.okhttp;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static io.grpc.internal.CertificateUtils.createTrustManager;
 
 import com.google.common.base.Preconditions;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
@@ -425,7 +426,7 @@ static HandshakerSocketFactoryResult handshakerSocketFactoryFrom(ServerCredentia
         tm = tlsCreds.getTrustManagers().toArray(new TrustManager[0]);
       } else if (tlsCreds.getRootCertificates() != null) {
         try {
-          tm = OkHttpChannelBuilder.createTrustManager(tlsCreds.getRootCertificates());
+          tm = createTrustManager(tlsCreds.getRootCertificates());
         } catch (GeneralSecurityException gse) {
           log.log(Level.FINE, "Exception loading root certificates from credential", gse);
           return HandshakerSocketFactoryResult.error(
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpTlsUpgrader.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpTlsUpgrader.java
index 1004dcd93f9..a8b038c91f4 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpTlsUpgrader.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpTlsUpgrader.java
@@ -19,13 +19,13 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import io.grpc.okhttp.internal.ConnectionSpec;
-import io.grpc.okhttp.internal.OkHostnameVerifier;
 import io.grpc.okhttp.internal.Protocol;
 import java.io.IOException;
 import java.net.Socket;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import javax.annotation.Nonnull;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSocket;
@@ -52,7 +52,7 @@ final class OkHttpTlsUpgrader {
    * @throws RuntimeException if the upgrade negotiation failed.
    */
   public static SSLSocket upgrade(SSLSocketFactory sslSocketFactory,
-      HostnameVerifier hostnameVerifier, Socket socket, String host, int port,
+      @Nonnull HostnameVerifier hostnameVerifier, Socket socket, String host, int port,
       ConnectionSpec spec) throws IOException {
     Preconditions.checkNotNull(sslSocketFactory, "sslSocketFactory");
     Preconditions.checkNotNull(socket, "socket");
@@ -67,9 +67,6 @@ public static SSLSocket upgrade(SSLSocketFactory sslSocketFactory,
         "Only " + TLS_PROTOCOLS + " are supported, but negotiated protocol is %s",
         negotiatedProtocol);
 
-    if (hostnameVerifier == null) {
-      hostnameVerifier = OkHostnameVerifier.INSTANCE;
-    }
     if (!hostnameVerifier.verify(canonicalizeHost(host), sslSocket.getSession())) {
       throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host);
     }
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientStreamTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientStreamTest.java
index 1f716705968..1c98d6ee30d 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientStreamTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientStreamTest.java
@@ -20,6 +20,7 @@
 import static io.grpc.internal.ClientStreamListener.RpcProgress.PROCESSED;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.times;
@@ -244,12 +245,13 @@ public void getUnaryRequest() throws IOException {
     // GET streams send headers after halfClose is called.
     verify(mockedFrameWriter, times(0)).synStream(
         eq(false), eq(false), eq(3), eq(0), headersCaptor.capture());
-    verify(transport, times(0)).streamReadyToStart(isA(OkHttpClientStream.class));
+    verify(transport, times(0)).streamReadyToStart(isA(OkHttpClientStream.class),
+            isA(String.class));
 
     byte[] msg = "request".getBytes(Charset.forName("UTF-8"));
     stream.writeMessage(new ByteArrayInputStream(msg));
     stream.halfClose();
-    verify(transport).streamReadyToStart(eq(stream));
+    verify(transport).streamReadyToStart(eq(stream), any(String.class));
     stream.transportState().start(3);
 
     verify(mockedFrameWriter)
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
index 826dee8e2b4..99f430be009 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
@@ -68,6 +68,7 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.internal.AbstractStream;
+import io.grpc.internal.ClientStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientTransport;
 import io.grpc.internal.FakeClock;
@@ -115,6 +116,10 @@
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
 import javax.net.SocketFactory;
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
 import okio.Buffer;
 import okio.BufferedSink;
 import okio.BufferedSource;
@@ -189,16 +194,24 @@ public void tearDown() {
 
   private void initTransport() throws Exception {
     startTransport(
-        DEFAULT_START_STREAM_ID, null, true, null);
+        DEFAULT_START_STREAM_ID, null, true, null, null);
   }
 
   private void initTransport(int startId) throws Exception {
-    startTransport(startId, null, true, null);
+    startTransport(startId, null, true, null, null);
   }
 
   private void startTransport(int startId, @Nullable Runnable connectingCallback,
-      boolean waitingForConnected, String userAgent)
-      throws Exception {
+                              boolean waitingForConnected, String userAgent,
+                              HostnameVerifier hostnameVerifier) throws Exception {
+    startTransport(startId, connectingCallback, waitingForConnected, userAgent, hostnameVerifier,
+            false);
+  }
+
+  private void startTransport(int startId, @Nullable Runnable connectingCallback,
+                              boolean waitingForConnected, String userAgent,
+                              HostnameVerifier hostnameVerifier, boolean useSslSocket)
+          throws Exception {
     connectedFuture = SettableFuture.create();
     final Ticker ticker = new Ticker() {
       @Override
@@ -212,7 +225,11 @@ public Stopwatch get() {
         return Stopwatch.createUnstarted(ticker);
       }
     };
-    channelBuilder.socketFactory(new FakeSocketFactory(socket));
+    channelBuilder.socketFactory(
+            new FakeSocketFactory(useSslSocket ? new MockSslSocket(socket) : socket));
+    if (hostnameVerifier != null) {
+      channelBuilder = channelBuilder.hostnameVerifier(hostnameVerifier);
+    }
     clientTransport = new OkHttpClientTransport(
         channelBuilder.buildTransportFactory(),
         userAgent,
@@ -240,7 +257,8 @@ public void testToString() throws Exception {
         /*userAgent=*/ null,
         EAG_ATTRS,
         NO_PROXY,
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
     String s = clientTransport.toString();
     assertTrue("Unexpected: " + s, s.contains("OkHttpClientTransport"));
     assertTrue("Unexpected: " + s, s.contains(address.toString()));
@@ -258,7 +276,8 @@ public void testTransportExecutorWithTooFewThreads() throws Exception {
         null,
         EAG_ATTRS,
         NO_PROXY,
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
     clientTransport.start(transportListener);
     ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
     verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(statusCaptor.capture());
@@ -299,7 +318,7 @@ public void close() throws SecurityException {
     assertThat(log.getLevel()).isEqualTo(Level.FINE);
 
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -389,7 +408,7 @@ public void maxMessageSizeShouldBeEnforced() throws Exception {
     initTransport();
 
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -442,11 +461,11 @@ public void nextFrameThrowIoException() throws Exception {
     initTransport();
     MockStreamListener listener1 = new MockStreamListener();
     MockStreamListener listener2 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
     stream1.request(1);
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
     stream2.request(1);
@@ -476,7 +495,7 @@ public void nextFrameThrowIoException() throws Exception {
   public void nextFrameThrowsError() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -497,7 +516,7 @@ public void nextFrameThrowsError() throws Exception {
   public void nextFrameReturnFalse() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -515,7 +534,7 @@ public void readMessages() throws Exception {
     final int numMessages = 10;
     final String message = "Hello Client";
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(numMessages);
@@ -567,7 +586,7 @@ public void receivedDataForInvalidStreamShouldKillConnection() throws Exception
   public void invalidInboundHeadersCancelStream() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -592,7 +611,7 @@ public void invalidInboundHeadersCancelStream() throws Exception {
   public void invalidInboundTrailersPropagateToMetadata() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -612,7 +631,7 @@ public void invalidInboundTrailersPropagateToMetadata() throws Exception {
   public void readStatus() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     assertContainStream(3);
@@ -626,7 +645,7 @@ public void readStatus() throws Exception {
   public void receiveReset() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     assertContainStream(3);
@@ -643,7 +662,7 @@ public void receiveReset() throws Exception {
   public void receiveResetNoError() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     assertContainStream(3);
@@ -664,7 +683,7 @@ public void receiveResetNoError() throws Exception {
   public void cancelStream() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     getStream(3).cancel(Status.CANCELLED);
@@ -679,7 +698,7 @@ public void cancelStream() throws Exception {
   public void addDefaultUserAgent() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     Header userAgentHeader = new Header(GrpcUtil.USER_AGENT_KEY.name(),
@@ -696,9 +715,9 @@ public void addDefaultUserAgent() throws Exception {
 
   @Test
   public void overrideDefaultUserAgent() throws Exception {
-    startTransport(3, null, true, "fakeUserAgent");
+    startTransport(3, null, true, "fakeUserAgent", null);
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     List<Header> expectedHeaders = Arrays.asList(HTTP_SCHEME_HEADER, METHOD_HEADER,
@@ -717,7 +736,7 @@ public void overrideDefaultUserAgent() throws Exception {
   public void cancelStreamForDeadlineExceeded() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     getStream(3).cancel(Status.DEADLINE_EXCEEDED);
@@ -731,7 +750,7 @@ public void writeMessage() throws Exception {
     initTransport();
     final String message = "Hello Server";
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     InputStream input = new ByteArrayInputStream(message.getBytes(UTF_8));
@@ -746,6 +765,65 @@ public void writeMessage() throws Exception {
     shutdownAndVerify();
   }
 
+  @Test
+  public void perRpcAuthoritySpecified_verificationSkippedInPlainTextConnection()
+          throws Exception {
+    initTransport();
+    final String message = "Hello Server";
+    MockStreamListener listener = new MockStreamListener();
+    ClientStream stream =
+            clientTransport.newStream(method, new Metadata(),
+                    CallOptions.DEFAULT.withAuthority("some-authority"), tracers);
+    stream.start(listener);
+    InputStream input = new ByteArrayInputStream(message.getBytes(UTF_8));
+    assertEquals(12, input.available());
+    stream.writeMessage(input);
+    stream.flush();
+    verify(frameWriter, timeout(TIME_OUT_MS))
+            .data(eq(false), eq(3), any(Buffer.class), eq(12 + HEADER_LENGTH));
+    Buffer sentFrame = capturedBuffer.poll();
+    assertEquals(createMessageFrame(message), sentFrame);
+    stream.cancel(Status.CANCELLED);
+    shutdownAndVerify();
+  }
+
+  @Test
+  public void perRpcAuthoritySpecified_hostnameVerification_ignoredForNonSslSocket()
+          throws Exception {
+    startTransport(
+            DEFAULT_START_STREAM_ID, null, true, null,
+            (hostname, session) -> false, false);
+    ClientStream unused =
+            clientTransport.newStream(method, new Metadata(),
+                    CallOptions.DEFAULT.withAuthority("some-authority"), tracers);
+    shutdownAndVerify();
+  }
+
+  @Test
+  public void perRpcAuthoritySpecified_hostnameVerification_SslSocket_successCase()
+          throws Exception {
+    startTransport(
+            DEFAULT_START_STREAM_ID, null, true, null,
+            (hostname, session) -> true, true);
+    ClientStream unused =
+            clientTransport.newStream(method, new Metadata(),
+                    CallOptions.DEFAULT.withAuthority("some-authority"), tracers);
+    shutdownAndVerify();
+  }
+
+  @Test
+  public void perRpcAuthoritySpecified_hostnameVerification_SslSocket_flagDisabled()
+          throws Exception {
+    startTransport(
+            DEFAULT_START_STREAM_ID, null, true, null,
+            (hostname, session) -> false, true);
+    ClientStream clientStream =
+            clientTransport.newStream(method, new Metadata(),
+                    CallOptions.DEFAULT.withAuthority("some-authority"), tracers);
+    assertThat(clientStream).isInstanceOf(OkHttpClientStream.class);
+    shutdownAndVerify();
+  }
+
   @Test
   public void transportTracer_windowSizeDefault() throws Exception {
     initTransport();
@@ -772,12 +850,12 @@ public void windowUpdate() throws Exception {
     initTransport();
     MockStreamListener listener1 = new MockStreamListener();
     MockStreamListener listener2 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
     stream1.request(2);
 
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
     stream2.request(2);
@@ -842,7 +920,7 @@ public void windowUpdate() throws Exception {
   public void windowUpdateWithInboundFlowControl() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     int messageLength = INITIAL_WINDOW_SIZE / 2 + 1;
@@ -879,7 +957,7 @@ public void windowUpdateWithInboundFlowControl() throws Exception {
   public void outboundFlowControl() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
 
@@ -925,7 +1003,7 @@ public void outboundFlowControl_smallWindowSize() throws Exception {
     setInitialWindowSize(initialOutboundWindowSize);
 
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
             clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
 
@@ -968,7 +1046,7 @@ public void outboundFlowControl_bigWindowSize() throws Exception {
     frameHandler().windowUpdate(0, 65535);
 
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
             clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
 
@@ -1004,7 +1082,7 @@ public void outboundFlowControl_bigWindowSize() throws Exception {
   public void outboundFlowControlWithInitialWindowSizeChange() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     int messageLength = 20;
@@ -1050,7 +1128,7 @@ public void outboundFlowControlWithInitialWindowSizeChange() throws Exception {
   public void outboundFlowControlWithInitialWindowSizeChangeInMiddleOfStream() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     int messageLength = 20;
@@ -1085,10 +1163,10 @@ public void stopNormally() throws Exception {
     initTransport();
     MockStreamListener listener1 = new MockStreamListener();
     MockStreamListener listener2 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
     assertEquals(2, activeStreamCount());
@@ -1115,11 +1193,11 @@ public void receiveGoAway() throws Exception {
     // start 2 streams.
     MockStreamListener listener1 = new MockStreamListener();
     MockStreamListener listener2 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
     stream1.request(1);
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
     stream2.request(1);
@@ -1142,7 +1220,7 @@ public void receiveGoAway() throws Exception {
 
     // But stream 1 should be able to send.
     final String sentMessage = "Should I also go away?";
-    OkHttpClientStream stream = getStream(3);
+    ClientStream stream = getStream(3);
     InputStream input = new ByteArrayInputStream(sentMessage.getBytes(UTF_8));
     assertEquals(22, input.available());
     stream.writeMessage(input);
@@ -1174,7 +1252,7 @@ public void streamIdExhausted() throws Exception {
     initTransport(startId);
 
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -1210,11 +1288,11 @@ public void pendingStreamSucceed() throws Exception {
     setMaxConcurrentStreams(1);
     final MockStreamListener listener1 = new MockStreamListener();
     final MockStreamListener listener2 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
     // The second stream should be pending.
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
     String sentMessage = "hello";
@@ -1247,7 +1325,7 @@ public void pendingStreamCancelled() throws Exception {
     initTransport();
     setMaxConcurrentStreams(0);
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     waitForStreamPending(1);
@@ -1266,11 +1344,11 @@ public void pendingStreamFailedByGoAway() throws Exception {
     setMaxConcurrentStreams(1);
     final MockStreamListener listener1 = new MockStreamListener();
     final MockStreamListener listener2 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
     // The second stream should be pending.
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
 
@@ -1296,7 +1374,7 @@ public void pendingStreamSucceedAfterShutdown() throws Exception {
     setMaxConcurrentStreams(0);
     final MockStreamListener listener = new MockStreamListener();
     // The second stream should be pending.
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     waitForStreamPending(1);
@@ -1320,15 +1398,15 @@ public void pendingStreamFailedByIdExhausted() throws Exception {
     final MockStreamListener listener2 = new MockStreamListener();
     final MockStreamListener listener3 = new MockStreamListener();
 
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
 
     // The second and third stream should be pending.
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
-    OkHttpClientStream stream3 =
+    ClientStream stream3 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream3.start(listener3);
 
@@ -1352,7 +1430,7 @@ public void pendingStreamFailedByIdExhausted() throws Exception {
   public void receivingWindowExceeded() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -1404,7 +1482,7 @@ public void duplexStreamingHeadersShouldNotBeFlushed() throws Exception {
   private void shouldHeadersBeFlushed(boolean shouldBeFlushed) throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     verify(frameWriter, timeout(TIME_OUT_MS)).synStream(
@@ -1421,7 +1499,7 @@ private void shouldHeadersBeFlushed(boolean shouldBeFlushed) throws Exception {
   public void receiveDataWithoutHeader() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -1444,7 +1522,7 @@ public void receiveDataWithoutHeader() throws Exception {
   public void receiveDataWithoutHeaderAndTrailer() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -1468,7 +1546,7 @@ public void receiveDataWithoutHeaderAndTrailer() throws Exception {
   public void receiveLongEnoughDataWithoutHeaderAndTrailer() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.request(1);
@@ -1490,7 +1568,7 @@ public void receiveLongEnoughDataWithoutHeaderAndTrailer() throws Exception {
   public void receiveDataForUnknownStreamUpdateConnectionWindow() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.cancel(Status.CANCELLED);
@@ -1519,7 +1597,7 @@ public void receiveDataForUnknownStreamUpdateConnectionWindow() throws Exception
   public void receiveWindowUpdateForUnknownStream() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     stream.cancel(Status.CANCELLED);
@@ -1539,7 +1617,7 @@ public void receiveWindowUpdateForUnknownStream() throws Exception {
   public void shouldBeInitiallyReady() throws Exception {
     initTransport();
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     assertTrue(stream.isReady());
@@ -1557,7 +1635,7 @@ public void notifyOnReady() throws Exception {
         AbstractStream.TransportState.DEFAULT_ONREADY_THRESHOLD - HEADER_LENGTH - 1;
     setInitialWindowSize(0);
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     assertTrue(stream.isReady());
@@ -1704,7 +1782,7 @@ public void shutdownDuringConnecting() throws Exception {
         DEFAULT_START_STREAM_ID,
         connectingCallback,
         false,
-        null);
+        null, null);
     clientTransport.shutdown(SHUTDOWN_REASON);
     delayed.set(null);
     shutdownAndVerify();
@@ -1719,7 +1797,8 @@ public void invalidAuthorityPropagates() {
         "userAgent",
         EAG_ATTRS,
         NO_PROXY,
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
 
     String host = clientTransport.getOverridenHost();
     int port = clientTransport.getOverridenPort();
@@ -1737,7 +1816,8 @@ public void unreachableServer() throws Exception {
         "userAgent",
         EAG_ATTRS,
         NO_PROXY,
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
 
     ManagedClientTransport.Listener listener = mock(ManagedClientTransport.Listener.class);
     clientTransport.start(listener);
@@ -1767,7 +1847,8 @@ public void customSocketFactory() throws Exception {
             "userAgent",
             EAG_ATTRS,
             NO_PROXY,
-            tooManyPingsRunnable);
+            tooManyPingsRunnable,
+            null);
 
     ManagedClientTransport.Listener listener = mock(ManagedClientTransport.Listener.class);
     clientTransport.start(listener);
@@ -1792,7 +1873,8 @@ public void proxy_200() throws Exception {
             .setTargetAddress(targetAddress)
             .setProxyAddress(new InetSocketAddress("localhost", serverSocket.getLocalPort()))
             .build(),
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
     clientTransport.start(transportListener);
 
     Socket sock = serverSocket.accept();
@@ -1841,7 +1923,8 @@ public void proxy_500() throws Exception {
             .setTargetAddress(targetAddress)
             .setProxyAddress(new InetSocketAddress("localhost", serverSocket.getLocalPort()))
             .build(),
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
     clientTransport.start(transportListener);
 
     Socket sock = serverSocket.accept();
@@ -1889,7 +1972,8 @@ public void proxy_immediateServerClose() throws Exception {
             .setTargetAddress(targetAddress)
             .setProxyAddress(new InetSocketAddress("localhost", serverSocket.getLocalPort()))
             .build(),
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
     clientTransport.start(transportListener);
 
     Socket sock = serverSocket.accept();
@@ -1920,7 +2004,8 @@ public void proxy_serverHangs() throws Exception {
             .setTargetAddress(targetAddress)
             .setProxyAddress(new InetSocketAddress("localhost", serverSocket.getLocalPort()))
             .build(),
-        tooManyPingsRunnable);
+        tooManyPingsRunnable,
+        null);
     clientTransport.proxySocketTimeout = 10;
     clientTransport.start(transportListener);
 
@@ -1987,13 +2072,13 @@ public void goAway_streamListenerRpcProgress() throws Exception {
     MockStreamListener listener1 = new MockStreamListener();
     MockStreamListener listener2 = new MockStreamListener();
     MockStreamListener listener3 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
-    OkHttpClientStream stream3 =
+    ClientStream stream3 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream3.start(listener3);
     waitForStreamPending(1);
@@ -2027,13 +2112,13 @@ public void reset_streamListenerRpcProgress() throws Exception {
     MockStreamListener listener1 = new MockStreamListener();
     MockStreamListener listener2 = new MockStreamListener();
     MockStreamListener listener3 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
-    OkHttpClientStream stream3 =
+    ClientStream stream3 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream3.start(listener3);
 
@@ -2069,13 +2154,13 @@ public void shutdownNow_streamListenerRpcProgress() throws Exception {
     MockStreamListener listener1 = new MockStreamListener();
     MockStreamListener listener2 = new MockStreamListener();
     MockStreamListener listener3 = new MockStreamListener();
-    OkHttpClientStream stream1 =
+    ClientStream stream1 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream1.start(listener1);
-    OkHttpClientStream stream2 =
+    ClientStream stream2 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream2.start(listener2);
-    OkHttpClientStream stream3 =
+    ClientStream stream3 =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream3.start(listener3);
     waitForStreamPending(1);
@@ -2100,11 +2185,11 @@ public void finishedStreamRemovedFromInUseState() throws Exception {
     initTransport();
     setMaxConcurrentStreams(1);
     final MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
-        clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
+    OkHttpClientStream stream = clientTransport.newStream(
+            method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
-    OkHttpClientStream pendingStream =
-        clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
+    OkHttpClientStream pendingStream = clientTransport.newStream(
+            method, new Metadata(), CallOptions.DEFAULT, tracers);
     pendingStream.start(listener);
     waitForStreamPending(1);
     clientTransport.finishStream(stream.transportState().id(), Status.OK, PROCESSED,
@@ -2144,7 +2229,7 @@ private void waitForStreamPending(int expected) throws Exception {
 
   private void assertNewStreamFail() throws Exception {
     MockStreamListener listener = new MockStreamListener();
-    OkHttpClientStream stream =
+    ClientStream stream =
         clientTransport.newStream(method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(listener);
     listener.waitUntilStreamClosed();
@@ -2375,6 +2460,124 @@ public InputStream getInputStream() {
     }
   }
 
+  private static class MockSslSocket extends SSLSocket {
+    private Socket delegate;
+
+    MockSslSocket(Socket socket) {
+      delegate = socket;
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+      return new String[0];
+    }
+
+    @Override
+    public String[] getEnabledCipherSuites() {
+      return new String[0];
+    }
+
+    @Override
+    public void setEnabledCipherSuites(String[] suites) {
+
+    }
+
+    @Override
+    public String[] getSupportedProtocols() {
+      return new String[0];
+    }
+
+    @Override
+    public String[] getEnabledProtocols() {
+      return new String[0];
+    }
+
+    @Override
+    public void setEnabledProtocols(String[] protocols) {
+
+    }
+
+    @Override
+    public SSLSession getSession() {
+      return null;
+    }
+
+    @Override
+    public void addHandshakeCompletedListener(HandshakeCompletedListener listener) {
+
+    }
+
+    @Override
+    public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) {
+
+    }
+
+    @Override
+    public void startHandshake() throws IOException {
+
+    }
+
+    @Override
+    public void setUseClientMode(boolean mode) {
+
+    }
+
+    @Override
+    public boolean getUseClientMode() {
+      return false;
+    }
+
+    @Override
+    public void setNeedClientAuth(boolean need) {
+
+    }
+
+    @Override
+    public boolean getNeedClientAuth() {
+      return false;
+    }
+
+    @Override
+    public void setWantClientAuth(boolean want) {
+
+    }
+
+    @Override
+    public boolean getWantClientAuth() {
+      return false;
+    }
+
+    @Override
+    public void setEnableSessionCreation(boolean flag) {
+
+    }
+
+    @Override
+    public boolean getEnableSessionCreation() {
+      return false;
+    }
+
+    @Override
+    public synchronized void close() throws IOException {
+      delegate.close();
+    }
+
+    @Override
+    public SocketAddress getLocalSocketAddress() {
+      return delegate.getLocalSocketAddress();
+    }
+
+    @Override
+    public OutputStream getOutputStream() throws IOException {
+      return delegate.getOutputStream();
+    }
+
+    @Override
+    public InputStream getInputStream() throws IOException {
+      return delegate.getInputStream();
+    }
+  }
+
   static class PingCallbackImpl implements ClientTransport.PingCallback {
     int invocationCount;
     long roundTripTime;
diff --git a/okhttp/src/test/java/io/grpc/okhttp/TlsTest.java b/okhttp/src/test/java/io/grpc/okhttp/TlsTest.java
index a21360a89ba..20a2f1a5ca7 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/TlsTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/TlsTest.java
@@ -18,8 +18,10 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
+import static org.junit.Assert.fail;
 
 import com.google.common.base.Throwables;
+import io.grpc.CallOptions;
 import io.grpc.ChannelCredentials;
 import io.grpc.ConnectivityState;
 import io.grpc.ManagedChannel;
@@ -32,18 +34,34 @@
 import io.grpc.TlsServerCredentials;
 import io.grpc.internal.testing.TestUtils;
 import io.grpc.okhttp.internal.Platform;
+import io.grpc.stub.ClientCalls;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.testing.TlsTesting;
 import io.grpc.testing.protobuf.SimpleRequest;
 import io.grpc.testing.protobuf.SimpleResponse;
 import io.grpc.testing.protobuf.SimpleServiceGrpc;
+import io.grpc.util.CertificateUtils;
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Optional;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;
+import javax.security.auth.x500.X500Principal;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Rule;
@@ -53,6 +71,7 @@
 
 /** Verify OkHttp's TLS integration. */
 @RunWith(JUnit4.class)
+@IgnoreJRERequirement
 public class TlsTest {
   @Rule
   public final GrpcCleanupRule grpcCleanupRule = new GrpcCleanupRule();
@@ -92,6 +111,325 @@ public void basicTls_succeeds() throws Exception {
     SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance());
   }
 
+  @Test
+  public void perRpcAuthorityOverride_hostnameVerifier_goodAuthority_succeeds() throws Exception {
+    OkHttpClientTransport.enablePerRpcAuthorityCheck = true;
+    try {
+      ServerCredentials serverCreds;
+      try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+           InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+        serverCreds = TlsServerCredentials.newBuilder()
+                .keyManager(serverCert, serverPrivateKey)
+                .build();
+      }
+      ChannelCredentials channelCreds;
+      try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+        channelCreds = TlsChannelCredentials.newBuilder()
+            .trustManager(caCert)
+            .build();
+      }
+      Server server = grpcCleanupRule.register(server(serverCreds));
+      ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+      ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+              CallOptions.DEFAULT.withAuthority("good.test.google.fr"),
+              SimpleRequest.getDefaultInstance());
+    } finally {
+      OkHttpClientTransport.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void perRpcAuthorityOverride_hostnameVerifier_badAuthority_fails()
+          throws Exception {
+    OkHttpClientTransport.enablePerRpcAuthorityCheck = true;
+    try {
+      ServerCredentials serverCreds;
+      try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+           InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+        serverCreds = TlsServerCredentials.newBuilder()
+                .keyManager(serverCert, serverPrivateKey)
+                .build();
+      }
+      ChannelCredentials channelCreds;
+      try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+        channelCreds = TlsChannelCredentials.newBuilder()
+            .trustManager(caCert)
+            .build();
+      }
+      Server server = grpcCleanupRule.register(server(serverCreds));
+      ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+      try {
+        ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+              CallOptions.DEFAULT.withAuthority("disallowed.name.com"),
+              SimpleRequest.getDefaultInstance());
+        fail("Expected exception for hostname verifier failure.");
+      } catch (StatusRuntimeException ex) {
+        assertThat(ex.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+        assertThat(ex.getStatus().getDescription()).isEqualTo(
+                "HostNameVerifier verification failed for authority 'disallowed.name.com'");
+      }
+    } finally {
+      OkHttpClientTransport.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void perRpcAuthorityOverride_hostnameVerifier_badAuthority_flagDisabled_succeeds()
+          throws Exception {
+    ServerCredentials serverCreds;
+    try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+         InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+      serverCreds = TlsServerCredentials.newBuilder()
+              .keyManager(serverCert, serverPrivateKey)
+              .build();
+    }
+    ChannelCredentials channelCreds;
+    try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+      channelCreds = TlsChannelCredentials.newBuilder()
+          .trustManager(caCert)
+          .build();
+    }
+    Server server = grpcCleanupRule.register(server(serverCreds));
+    ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+    ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+            CallOptions.DEFAULT.withAuthority("disallowed.name.com"),
+            SimpleRequest.getDefaultInstance());
+  }
+
+  @Test
+  public void perRpcAuthorityOverride_noTlsCredentialsUsedToBuildChannel_fails() throws Exception {
+    OkHttpClientTransport.enablePerRpcAuthorityCheck = true;
+    try {
+      ServerCredentials serverCreds;
+      try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+           InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+        serverCreds = TlsServerCredentials.newBuilder()
+                .keyManager(serverCert, serverPrivateKey)
+                .build();
+      }
+      Server server = grpcCleanupRule.register(server(serverCreds));
+      SSLSocketFactory sslSocketFactory = TestUtils.newSslSocketFactoryForCa(
+              Platform.get().getProvider(), TestUtils.loadCert("ca.pem"));
+      ManagedChannel channel = grpcCleanupRule.register(
+              OkHttpChannelBuilder.forAddress("localhost", server.getPort())
+                      .overrideAuthority(TestUtils.TEST_SERVER_HOST)
+                      .directExecutor()
+                      .sslSocketFactory(sslSocketFactory)
+                      .build());
+
+      try {
+        ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+            CallOptions.DEFAULT.withAuthority("bar.test.google.fr"),
+            SimpleRequest.getDefaultInstance());
+        fail("Expected exception for authority verification failure.");
+      } catch (StatusRuntimeException ex) {
+        assertThat(ex.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+        assertThat(ex.getStatus().getDescription()).isEqualTo(
+                "Could not verify authority 'bar.test.google.fr' for the rpc with no "
+                        + "X509TrustManager available");
+      }
+    } finally {
+      OkHttpClientTransport.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void perRpcAuthorityOverride_trustManager_permitted_succeeds() throws Exception {
+    OkHttpClientTransport.enablePerRpcAuthorityCheck = true;
+    try {
+      ServerCredentials serverCreds;
+      try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+           InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+        serverCreds = TlsServerCredentials.newBuilder()
+                .keyManager(serverCert, serverPrivateKey)
+                .build();
+      }
+      ChannelCredentials channelCreds;
+      try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+        X509ExtendedTrustManager regularTrustManager =
+                (X509ExtendedTrustManager) getX509ExtendedTrustManager(caCert).get();
+        channelCreds = TlsChannelCredentials.newBuilder()
+                .trustManager(new HostnameCheckingX509ExtendedTrustManager(regularTrustManager))
+                .build();
+      }
+      Server server = grpcCleanupRule.register(server(serverCreds));
+      ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+      ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+              CallOptions.DEFAULT.withAuthority("good.test.google.fr"),
+              SimpleRequest.getDefaultInstance());
+    } finally {
+      OkHttpClientTransport.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void perRpcAuthorityOverride_trustManager_denied_fails() throws Exception {
+    OkHttpClientTransport.enablePerRpcAuthorityCheck = true;
+    try {
+      ServerCredentials serverCreds;
+      try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+           InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+        serverCreds = TlsServerCredentials.newBuilder()
+                .keyManager(serverCert, serverPrivateKey)
+                .build();
+      }
+      ChannelCredentials channelCreds;
+      try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+        X509ExtendedTrustManager regularTrustManager =
+                (X509ExtendedTrustManager) getX509ExtendedTrustManager(caCert).get();
+        channelCreds = TlsChannelCredentials.newBuilder()
+                .trustManager(new HostnameCheckingX509ExtendedTrustManager(regularTrustManager))
+                .build();
+      }
+      Server server = grpcCleanupRule.register(server(serverCreds));
+      ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+      try {
+        ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+                CallOptions.DEFAULT.withAuthority("bad.test.google.fr"),
+                SimpleRequest.getDefaultInstance());
+        fail("Expected exception for authority verification failure.");
+      } catch (StatusRuntimeException ex) {
+        assertThat(ex.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+        assertThat(ex.getCause().getCause()).isInstanceOf(CertificateException.class);
+      }
+    } finally {
+      OkHttpClientTransport.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void perRpcAuthorityOverride_trustManager_denied_flagDisabled_succeeds()
+          throws Exception {
+    ServerCredentials serverCreds;
+    try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+         InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+      serverCreds = TlsServerCredentials.newBuilder()
+              .keyManager(serverCert, serverPrivateKey)
+              .build();
+    }
+    ChannelCredentials channelCreds;
+    try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+      X509ExtendedTrustManager regularTrustManager =
+              (X509ExtendedTrustManager) getX509ExtendedTrustManager(caCert).get();
+      channelCreds = TlsChannelCredentials.newBuilder()
+              .trustManager(new HostnameCheckingX509ExtendedTrustManager(regularTrustManager))
+              .build();
+    }
+    Server server = grpcCleanupRule.register(server(serverCreds));
+    ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+    ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+            CallOptions.DEFAULT.withAuthority("bad.test.google.fr"),
+            SimpleRequest.getDefaultInstance());
+  }
+
+  /**
+   * This test simulates the absence of X509ExtendedTrustManager while still using the
+   * real trust manager for the connection handshake to happen. When the TrustManager is not an
+   * X509ExtendedTrustManager, the per-rpc check ignores the trust manager. However, the
+   * HostnameVerifier is still used, so only valid authorities are permitted.
+   */
+  @Test
+  public void perRpcAuthorityOverride_notX509ExtendedTrustManager_goodAuthority_succeeds()
+          throws Exception {
+    OkHttpClientTransport.enablePerRpcAuthorityCheck = true;
+    try {
+      ServerCredentials serverCreds;
+      try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+           InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+        serverCreds = TlsServerCredentials.newBuilder()
+                .keyManager(serverCert, serverPrivateKey)
+                .build();
+      }
+      ChannelCredentials channelCreds;
+      try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+        X509TrustManager x509ExtendedTrustManager =
+                (X509TrustManager) getX509ExtendedTrustManager(caCert).get();
+        channelCreds = TlsChannelCredentials.newBuilder()
+                .trustManager(new FakeTrustManager(x509ExtendedTrustManager))
+                .build();
+      }
+      Server server = grpcCleanupRule.register(server(serverCreds));
+      ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+      ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+              CallOptions.DEFAULT.withAuthority("foo.test.google.fr"),
+              SimpleRequest.getDefaultInstance());
+    } finally {
+      OkHttpClientTransport.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void perRpcAuthorityOverride_notX509ExtendedTrustManager_badAuthority_fails()
+          throws Exception {
+    OkHttpClientTransport.enablePerRpcAuthorityCheck = true;
+    try {
+      ServerCredentials serverCreds;
+      try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+           InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+        serverCreds = TlsServerCredentials.newBuilder()
+                .keyManager(serverCert, serverPrivateKey)
+                .build();
+      }
+      ChannelCredentials channelCreds;
+      try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+        X509TrustManager x509ExtendedTrustManager =
+                (X509TrustManager) getX509ExtendedTrustManager(caCert).get();
+        channelCreds = TlsChannelCredentials.newBuilder()
+                .trustManager(new FakeTrustManager(x509ExtendedTrustManager))
+                .build();
+      }
+      Server server = grpcCleanupRule.register(server(serverCreds));
+      ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+      try {
+        ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+                CallOptions.DEFAULT.withAuthority("disallowed.name.com"),
+                SimpleRequest.getDefaultInstance());
+        fail("Expected exception for authority verification failure.");
+      } catch (StatusRuntimeException ex) {
+        assertThat(ex.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+        assertThat(ex.getStatus().getDescription())
+            .isEqualTo("HostNameVerifier verification failed for authority 'disallowed.name.com'");
+      }
+    } finally {
+      OkHttpClientTransport.enablePerRpcAuthorityCheck = false;
+    }
+  }
+
+  @Test
+  public void
+      perRpcAuthorityOverride_notX509ExtendedTrustManager_badAuthority_flagDisabled_succeeds()
+      throws Exception {
+    ServerCredentials serverCreds;
+    try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
+         InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
+      serverCreds = TlsServerCredentials.newBuilder()
+              .keyManager(serverCert, serverPrivateKey)
+              .build();
+    }
+    ChannelCredentials channelCreds;
+    try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
+      X509TrustManager x509ExtendedTrustManager =
+              (X509TrustManager) getX509ExtendedTrustManager(caCert).get();
+      channelCreds = TlsChannelCredentials.newBuilder()
+              .trustManager(new FakeTrustManager(x509ExtendedTrustManager))
+              .build();
+    }
+    Server server = grpcCleanupRule.register(server(serverCreds));
+    ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
+
+    ClientCalls.blockingUnaryCall(channel, SimpleServiceGrpc.getUnaryRpcMethod(),
+            CallOptions.DEFAULT.withAuthority("disallowed.name.com"),
+            SimpleRequest.getDefaultInstance());
+  }
+
   @Test
   public void mtls_succeeds() throws Exception {
     ServerCredentials serverCreds;
@@ -282,6 +620,127 @@ public void hostnameVerifierFails_fails()
     assertThat(status.getCause()).isInstanceOf(SSLPeerUnverifiedException.class);
   }
 
+  /** Used to simulate the case of X509ExtendedTrustManager not present. */
+  private static class FakeTrustManager implements X509TrustManager {
+
+    private final X509TrustManager delegate;
+
+    public FakeTrustManager(X509TrustManager x509ExtendedTrustManager) {
+      this.delegate = x509ExtendedTrustManager;
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
+            throws CertificateException {
+      delegate.checkClientTrusted(x509Certificates, s);
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
+            throws CertificateException {
+      delegate.checkServerTrusted(x509Certificates, s);
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+      return delegate.getAcceptedIssuers();
+    }
+  }
+
+  /**
+   * Checks against a limited set of hostnames. In production, EndpointIdentificationAlgorithm is
+   * unset so the default trust manager will not fail based on the hostname. This class is used to
+   * test user-provided trust managers that may have their own behavior.
+   */
+  private static class HostnameCheckingX509ExtendedTrustManager
+      extends ForwardingX509ExtendedTrustManager {
+    public HostnameCheckingX509ExtendedTrustManager(X509ExtendedTrustManager tm) {
+      super(tm);
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
+        throws CertificateException {
+      String peer = ((SSLSocket) socket).getHandshakeSession().getPeerHost();
+      if (!"foo.test.google.fr".equals(peer) && !"good.test.google.fr".equals(peer)) {
+        throw new CertificateException("Peer verification failed.");
+      }
+      super.checkServerTrusted(chain, authType, socket);
+    }
+  }
+
+  @IgnoreJRERequirement
+  private static class ForwardingX509ExtendedTrustManager extends X509ExtendedTrustManager {
+    private final X509ExtendedTrustManager delegate;
+
+    private ForwardingX509ExtendedTrustManager(X509ExtendedTrustManager delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
+            throws CertificateException {
+      delegate.checkServerTrusted(chain, authType, socket);
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
+            throws CertificateException {
+      delegate.checkServerTrusted(chain, authType, engine);
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType)
+            throws CertificateException {
+      delegate.checkServerTrusted(chain, authType);
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
+            throws CertificateException {
+      delegate.checkClientTrusted(chain, authType, engine);
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType)
+            throws CertificateException {
+      delegate.checkClientTrusted(chain, authType);
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
+            throws CertificateException {
+      delegate.checkClientTrusted(chain, authType, socket);
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+      return delegate.getAcceptedIssuers();
+    }
+  }
+
+  private static Optional<TrustManager> getX509ExtendedTrustManager(InputStream rootCerts)
+          throws GeneralSecurityException {
+    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+    try {
+      ks.load(null, null);
+    } catch (IOException ex) {
+      // Shouldn't really happen, as we're not loading any data.
+      throw new GeneralSecurityException(ex);
+    }
+    X509Certificate[] certs = CertificateUtils.getX509Certificates(rootCerts);
+    for (X509Certificate cert : certs) {
+      X500Principal principal = cert.getSubjectX500Principal();
+      ks.setCertificateEntry(principal.getName("RFC2253"), cert);
+    }
+
+    TrustManagerFactory trustManagerFactory =
+            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    trustManagerFactory.init(ks);
+    return Arrays.stream(trustManagerFactory.getTrustManagers())
+            .filter(trustManager -> trustManager instanceof X509ExtendedTrustManager).findFirst();
+  }
+
   private static Server server(ServerCredentials creds) throws IOException {
     return OkHttpServerBuilder.forPort(0, creds)
         .directExecutor()

From 8ca7c4ef1f961e0540d9d0eccb4e9bf25403f6a4 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 2 Apr 2025 03:52:00 -0700
Subject: [PATCH 232/591] core: Delete stale SuppressWarnings("deprecated") for
 ATTR_LOAD_BALANCING_CONFIG (#11982)

ATTR_LOAD_BALANCING_CONFIG was deleted in bf7a42dbd.
---
 .../io/grpc/internal/AutoConfiguredLoadBalancerFactory.java     | 2 --
 1 file changed, 2 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java b/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
index a382227fd6c..a257637de22 100644
--- a/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
+++ b/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
@@ -40,8 +40,6 @@
 import java.util.Map;
 import javax.annotation.Nullable;
 
-// TODO(creamsoup) fully deprecate LoadBalancer.ATTR_LOAD_BALANCING_CONFIG
-@SuppressWarnings("deprecation")
 public final class AutoConfiguredLoadBalancerFactory {
 
   private final LoadBalancerRegistry registry;

From 908f9f19cdd06bad2214e0b89b5eeb7ce341117f Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 2 Apr 2025 03:54:32 -0700
Subject: [PATCH 233/591] core: Delete the long-deprecated GRPC_PROXY_EXP
 (#11988)

"EXP" stood for experimental and all documentation that referenced it made it clear it was experimental. It's been some years since we started logging a message when it was used to say it will be deleted. There's no time like the present to delete it.
---
 .../io/grpc/internal/ProxyDetectorImpl.java   | 46 +------------------
 .../grpc/internal/ProxyDetectorImplTest.java  | 44 +-----------------
 2 files changed, 4 insertions(+), 86 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ProxyDetectorImpl.java b/core/src/main/java/io/grpc/internal/ProxyDetectorImpl.java
index b3f646d6099..58c7803346f 100644
--- a/core/src/main/java/io/grpc/internal/ProxyDetectorImpl.java
+++ b/core/src/main/java/io/grpc/internal/ProxyDetectorImpl.java
@@ -147,18 +147,9 @@ public ProxySelector get() {
         }
       };
 
-  /**
-   * Experimental environment variable name for enabling proxy support.
-   *
-   * @deprecated Use the standard Java proxy configuration instead with flags such as:
-   *     -Dhttps.proxyHost=HOST -Dhttps.proxyPort=PORT
-   */
-  @Deprecated
-  private static final String GRPC_PROXY_ENV_VAR = "GRPC_PROXY_EXP";
   // Do not hard code a ProxySelector because the global default ProxySelector can change
   private final Supplier<ProxySelector> proxySelector;
   private final AuthenticationProvider authenticationProvider;
-  private final InetSocketAddress overrideProxyAddress;
 
   // We want an HTTPS proxy, which operates on the entire data stream (See IETF rfc2817).
   static final String PROXY_SCHEME = "https";
@@ -168,21 +159,15 @@ public ProxySelector get() {
    * {@link ProxyDetectorImpl.AuthenticationProvider} to detect proxy parameters.
    */
   public ProxyDetectorImpl() {
-    this(DEFAULT_PROXY_SELECTOR, DEFAULT_AUTHENTICATOR, System.getenv(GRPC_PROXY_ENV_VAR));
+    this(DEFAULT_PROXY_SELECTOR, DEFAULT_AUTHENTICATOR);
   }
 
   @VisibleForTesting
   ProxyDetectorImpl(
       Supplier<ProxySelector> proxySelector,
-      AuthenticationProvider authenticationProvider,
-      @Nullable String proxyEnvString) {
+      AuthenticationProvider authenticationProvider) {
     this.proxySelector = checkNotNull(proxySelector);
     this.authenticationProvider = checkNotNull(authenticationProvider);
-    if (proxyEnvString != null) {
-      overrideProxyAddress = overrideProxy(proxyEnvString);
-    } else {
-      overrideProxyAddress = null;
-    }
   }
 
   @Nullable
@@ -191,12 +176,6 @@ public ProxiedSocketAddress proxyFor(SocketAddress targetServerAddress) throws I
     if (!(targetServerAddress instanceof InetSocketAddress)) {
       return null;
     }
-    if (overrideProxyAddress != null) {
-      return HttpConnectProxiedSocketAddress.newBuilder()
-          .setProxyAddress(overrideProxyAddress)
-          .setTargetAddress((InetSocketAddress) targetServerAddress)
-          .build();
-    }
     return detectProxy((InetSocketAddress) targetServerAddress);
   }
 
@@ -272,27 +251,6 @@ private ProxiedSocketAddress detectProxy(InetSocketAddress targetAddr) throws IO
         .build();
   }
 
-  /**
-   * GRPC_PROXY_EXP is deprecated but let's maintain compatibility for now.
-   */
-  private static InetSocketAddress overrideProxy(String proxyHostPort) {
-    if (proxyHostPort == null) {
-      return null;
-    }
-
-    String[] parts = proxyHostPort.split(":", 2);
-    int port = 80;
-    if (parts.length > 1) {
-      port = Integer.parseInt(parts[1]);
-    }
-    log.warning(
-        "Detected GRPC_PROXY_EXP and will honor it, but this feature will "
-            + "be removed in a future release. Use the JVM flags "
-            + "\"-Dhttps.proxyHost=HOST -Dhttps.proxyPort=PORT\" to set the https proxy for "
-            + "this JVM.");
-    return new InetSocketAddress(parts[0], port);
-  }
-
   /**
    * This interface makes unit testing easier by avoiding direct calls to static methods.
    */
diff --git a/core/src/test/java/io/grpc/internal/ProxyDetectorImplTest.java b/core/src/test/java/io/grpc/internal/ProxyDetectorImplTest.java
index 0432a474ac5..771050f119d 100644
--- a/core/src/test/java/io/grpc/internal/ProxyDetectorImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ProxyDetectorImplTest.java
@@ -73,7 +73,7 @@ public ProxySelector get() {
         return proxySelector;
       }
     };
-    proxyDetector = new ProxyDetectorImpl(proxySelectorSupplier, authenticator, null);
+    proxyDetector = new ProxyDetectorImpl(proxySelectorSupplier, authenticator);
     unresolvedProxy = InetSocketAddress.createUnresolved("10.0.0.1", proxyPort);
     proxySocketAddress = HttpConnectProxiedSocketAddress.newBuilder()
         .setTargetAddress(destination)
@@ -82,45 +82,6 @@ public ProxySelector get() {
         .build();
   }
 
-  @Test
-  public void override_hostPort() throws Exception {
-    final String overrideHost = "10.99.99.99";
-    final int overridePort = 1234;
-    final String overrideHostWithPort = overrideHost + ":" + overridePort;
-    ProxyDetectorImpl proxyDetector = new ProxyDetectorImpl(
-        proxySelectorSupplier,
-        authenticator,
-        overrideHostWithPort);
-    ProxiedSocketAddress detected = proxyDetector.proxyFor(destination);
-    assertNotNull(detected);
-    assertEquals(
-        HttpConnectProxiedSocketAddress.newBuilder()
-            .setTargetAddress(destination)
-            .setProxyAddress(
-                new InetSocketAddress(InetAddress.getByName(overrideHost), overridePort))
-            .build(),
-        detected);
-  }
-
-  @Test
-  public void override_hostOnly() throws Exception {
-    final String overrideHostWithoutPort = "10.99.99.99";
-    final int defaultPort = 80;
-    ProxyDetectorImpl proxyDetector = new ProxyDetectorImpl(
-        proxySelectorSupplier,
-        authenticator,
-        overrideHostWithoutPort);
-    ProxiedSocketAddress detected = proxyDetector.proxyFor(destination);
-    assertNotNull(detected);
-    assertEquals(
-        HttpConnectProxiedSocketAddress.newBuilder()
-            .setTargetAddress(destination)
-            .setProxyAddress(
-                new InetSocketAddress(InetAddress.getByName(overrideHostWithoutPort), defaultPort))
-            .build(),
-        detected);
-  }
-
   @Test
   public void returnNullWhenNoProxy() throws Exception {
     when(proxySelector.select(any(URI.class)))
@@ -227,8 +188,7 @@ public ProxySelector get() {
             return null;
           }
         },
-        authenticator,
-        null);
+        authenticator);
     assertNull(proxyDetector.proxyFor(destination));
   }
 }

From 84c7713b2f40a4638a8e5461a4008810615bd11a Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 2 Apr 2025 16:29:55 +0530
Subject: [PATCH 234/591] xds: propagate audience from cluster resource in gcp
 auth filter (#11972)

---
 .../io/grpc/xds/GcpAuthenticationFilter.java  | 108 +++++--
 .../grpc/xds/GcpAuthenticationFilterTest.java | 301 +++++++++++++++++-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |  15 +-
 .../test/java/io/grpc/xds/XdsTestUtils.java   |   2 +-
 4 files changed, 372 insertions(+), 54 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index add885c6416..b5568efe400 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -16,8 +16,13 @@
 
 package io.grpc.xds;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.xds.XdsNameResolver.CLUSTER_SELECTION_KEY;
+import static io.grpc.xds.XdsNameResolver.XDS_CONFIG_CALL_OPTION_KEY;
+
 import com.google.auth.oauth2.ComputeEngineCredentials;
 import com.google.auth.oauth2.IdTokenCredentials;
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.primitives.UnsignedLongs;
 import com.google.protobuf.Any;
 import com.google.protobuf.InvalidProtocolBufferException;
@@ -34,8 +39,11 @@
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.auth.MoreCallCredentials;
+import io.grpc.xds.GcpAuthenticationFilter.AudienceMetadataParser.AudienceWrapper;
 import io.grpc.xds.MetadataRegistry.MetadataValueParser;
+import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.client.XdsResourceType.ResourceInvalidException;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -52,6 +60,13 @@ final class GcpAuthenticationFilter implements Filter {
   static final String TYPE_URL =
       "type.googleapis.com/envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig";
 
+  final String filterInstanceName;
+
+  GcpAuthenticationFilter(String name) {
+    filterInstanceName = checkNotNull(name, "name");
+  }
+
+
   static final class Provider implements Filter.Provider {
     @Override
     public String[] typeUrls() {
@@ -65,7 +80,7 @@ public boolean isClientFilter() {
 
     @Override
     public GcpAuthenticationFilter newInstance(String name) {
-      return new GcpAuthenticationFilter();
+      return new GcpAuthenticationFilter(name);
     }
 
     @Override
@@ -119,34 +134,57 @@ public ClientInterceptor buildClientInterceptor(FilterConfig config,
       public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
           MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
 
-        /*String clusterName = callOptions.getOption(XdsAttributes.ATTR_CLUSTER_NAME);
+        String clusterName = callOptions.getOption(CLUSTER_SELECTION_KEY);
         if (clusterName == null) {
+          return new FailingClientCall<>(
+              Status.UNAVAILABLE.withDescription(
+                  String.format(
+                      "GCP Authn for %s does not contain cluster resource", filterInstanceName)));
+        }
+
+        if (!clusterName.startsWith("cluster:")) {
           return next.newCall(method, callOptions);
-        }*/
-
-        // TODO: Fetch the CDS resource for the cluster.
-        // If the CDS resource is not available, fail the RPC with Status.UNAVAILABLE.
-
-        // TODO: Extract the audience from the CDS resource metadata.
-        // If the audience is not found or is in the wrong format, fail the RPC.
-        String audience = "TEST_AUDIENCE";
-
-        try {
-          CallCredentials existingCallCredentials = callOptions.getCredentials();
-          CallCredentials newCallCredentials =
-              getCallCredentials(callCredentialsCache, audience, credentials);
-          if (existingCallCredentials != null) {
-            callOptions = callOptions.withCallCredentials(
-                new CompositeCallCredentials(existingCallCredentials, newCallCredentials));
-          } else {
-            callOptions = callOptions.withCallCredentials(newCallCredentials);
-          }
         }
-        catch (Exception e) {
-          // If we fail to attach CallCredentials due to any reason, return a FailingClientCall
-          return new FailingClientCall<>(Status.UNAUTHENTICATED
-              .withDescription("Failed to attach CallCredentials.")
-              .withCause(e));
+        XdsConfig xdsConfig = callOptions.getOption(XDS_CONFIG_CALL_OPTION_KEY);
+        if (xdsConfig == null) {
+          return new FailingClientCall<>(
+              Status.UNAVAILABLE.withDescription(
+                  String.format(
+                      "GCP Authn for %s with %s does not contain xds configuration",
+                      filterInstanceName, clusterName)));
+        }
+        StatusOr<XdsClusterConfig> xdsCluster =
+            xdsConfig.getClusters().get(clusterName.substring("cluster:".length()));
+        if (xdsCluster == null) {
+          return new FailingClientCall<>(
+              Status.UNAVAILABLE.withDescription(
+                  String.format(
+                      "GCP Authn for %s with %s - xds cluster config does not contain xds cluster",
+                      filterInstanceName, clusterName)));
+        }
+        if (!xdsCluster.hasValue()) {
+          return new FailingClientCall<>(xdsCluster.getStatus());
+        }
+        Object audienceObj =
+            xdsCluster.getValue().getClusterResource().parsedMetadata().get(filterInstanceName);
+        if (audienceObj == null) {
+          return next.newCall(method, callOptions);
+        }
+        if (!(audienceObj instanceof AudienceWrapper)) {
+          return new FailingClientCall<>(
+              Status.UNAVAILABLE.withDescription(
+                  String.format("GCP Authn found wrong type in %s metadata: %s=%s",
+                      clusterName, filterInstanceName, audienceObj.getClass())));
+        }
+        AudienceWrapper audience = (AudienceWrapper) audienceObj;
+        CallCredentials existingCallCredentials = callOptions.getCredentials();
+        CallCredentials newCallCredentials =
+            getCallCredentials(callCredentialsCache, audience.audience, credentials);
+        if (existingCallCredentials != null) {
+          callOptions = callOptions.withCallCredentials(
+              new CompositeCallCredentials(existingCallCredentials, newCallCredentials));
+        } else {
+          callOptions = callOptions.withCallCredentials(newCallCredentials);
         }
         return next.newCall(method, callOptions);
       }
@@ -186,9 +224,11 @@ public String typeUrl() {
   }
 
   /** An implementation of {@link ClientCall} that fails when started. */
-  private static final class FailingClientCall<ReqT, RespT> extends ClientCall<ReqT, RespT> {
+  @VisibleForTesting
+  static final class FailingClientCall<ReqT, RespT> extends ClientCall<ReqT, RespT> {
 
-    private final Status error;
+    @VisibleForTesting
+    final Status error;
 
     public FailingClientCall(Status error) {
       this.error = error;
@@ -235,13 +275,21 @@ V getOrInsert(K key, Function<K, V> create) {
 
   static class AudienceMetadataParser implements MetadataValueParser {
 
+    static final class AudienceWrapper {
+      final String audience;
+
+      AudienceWrapper(String audience) {
+        this.audience = checkNotNull(audience);
+      }
+    }
+
     @Override
     public String getTypeUrl() {
       return "type.googleapis.com/envoy.extensions.filters.http.gcp_authn.v3.Audience";
     }
 
     @Override
-    public String parse(Any any) throws ResourceInvalidException {
+    public AudienceWrapper parse(Any any) throws ResourceInvalidException {
       Audience audience;
       try {
         audience = any.unpack(Audience.class);
@@ -253,7 +301,7 @@ public String parse(Any any) throws ResourceInvalidException {
         throw new ResourceInvalidException(
             "Audience URL is empty. Metadata value must contain a valid URL.");
       }
-      return url;
+      return new AudienceWrapper(url);
     }
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
index 52efaf9bd7b..a5e142b4094 100644
--- a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -17,25 +17,60 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.xds.XdsNameResolver.CLUSTER_SELECTION_KEY;
+import static io.grpc.xds.XdsNameResolver.XDS_CONFIG_CALL_OPTION_KEY;
+import static io.grpc.xds.XdsTestUtils.CLUSTER_NAME;
+import static io.grpc.xds.XdsTestUtils.EDS_NAME;
+import static io.grpc.xds.XdsTestUtils.ENDPOINT_HOSTNAME;
+import static io.grpc.xds.XdsTestUtils.ENDPOINT_PORT;
+import static io.grpc.xds.XdsTestUtils.RDS_NAME;
+import static io.grpc.xds.XdsTestUtils.buildRouteConfiguration;
+import static io.grpc.xds.XdsTestUtils.getWrrLbConfigAsMap;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import com.google.protobuf.Any;
 import com.google.protobuf.Empty;
 import com.google.protobuf.Message;
 import com.google.protobuf.UInt64Value;
+import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
 import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig;
 import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.TokenCacheConfig;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
+import io.grpc.ClientCall;
 import io.grpc.ClientInterceptor;
 import io.grpc.MethodDescriptor;
+import io.grpc.Status;
+import io.grpc.StatusOr;
+import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.testing.TestMethodDescriptors;
+import io.grpc.xds.Endpoints.LbEndpoint;
+import io.grpc.xds.Endpoints.LocalityLbEndpoints;
+import io.grpc.xds.GcpAuthenticationFilter.AudienceMetadataParser.AudienceWrapper;
+import io.grpc.xds.GcpAuthenticationFilter.FailingClientCall;
 import io.grpc.xds.GcpAuthenticationFilter.GcpAuthenticationConfig;
+import io.grpc.xds.XdsClusterResource.CdsUpdate;
+import io.grpc.xds.XdsConfig.XdsClusterConfig;
+import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
+import io.grpc.xds.XdsEndpointResource.EdsUpdate;
+import io.grpc.xds.XdsListenerResource.LdsUpdate;
+import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
+import io.grpc.xds.client.Locality;
+import io.grpc.xds.client.XdsResourceType;
+import io.grpc.xds.client.XdsResourceType.ResourceInvalidException;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -46,6 +81,17 @@
 public class GcpAuthenticationFilterTest {
   private static final GcpAuthenticationFilter.Provider FILTER_PROVIDER =
       new GcpAuthenticationFilter.Provider();
+  private static final String serverName = InProcessServerBuilder.generateName();
+  private static final LdsUpdate ldsUpdate = getLdsUpdate();
+  private static final EdsUpdate edsUpdate = getEdsUpdate();
+  private static final RdsUpdate rdsUpdate = getRdsUpdate();
+  private static final CdsUpdate cdsUpdate = getCdsUpdate();
+
+  @Test
+  public void testNewFilterInstancesPerFilterName() {
+    assertThat(new GcpAuthenticationFilter("FILTER_INSTANCE_NAME1"))
+        .isNotEqualTo(new GcpAuthenticationFilter("FILTER_INSTANCE_NAME1"));
+  }
 
   @Test
   public void filterType_clientOnly() {
@@ -92,35 +138,258 @@ public void testParseFilterConfig_withInvalidMessageType() {
   }
 
   @Test
-  public void testClientInterceptor_createsAndReusesCachedCredentials() {
+  public void testClientInterceptor_success() throws IOException, ResourceInvalidException {
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME,
+        cdsUpdate,
+        new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    XdsConfig defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter();
-
-    // Create interceptor
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+    Channel mockChannel = Mockito.mock(Channel.class);
+    ArgumentCaptor<CallOptions> callOptionsCaptor = ArgumentCaptor.forClass(CallOptions.class);
+
+    interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
 
-    // Mock channel and capture CallOptions
+    verify(mockChannel).newCall(eq(methodDescriptor), callOptionsCaptor.capture());
+    CallOptions capturedOptions = callOptionsCaptor.getAllValues().get(0);
+    assertNotNull(capturedOptions.getCredentials());
+  }
+
+  @Test
+  public void testClientInterceptor_createsAndReusesCachedCredentials()
+      throws IOException, ResourceInvalidException {
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME,
+        cdsUpdate,
+        new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    XdsConfig defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     Channel mockChannel = Mockito.mock(Channel.class);
     ArgumentCaptor<CallOptions> callOptionsCaptor = ArgumentCaptor.forClass(CallOptions.class);
 
-    // Execute interception twice to check caching
-    interceptor.interceptCall(methodDescriptor, CallOptions.DEFAULT, mockChannel);
-    interceptor.interceptCall(methodDescriptor, CallOptions.DEFAULT, mockChannel);
+    interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+    interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
 
-    // Capture and verify CallOptions for CallCredentials presence
-    Mockito.verify(mockChannel, Mockito.times(2))
+    verify(mockChannel, Mockito.times(2))
         .newCall(eq(methodDescriptor), callOptionsCaptor.capture());
-
-    // Retrieve the CallOptions captured from both calls
     CallOptions firstCapturedOptions = callOptionsCaptor.getAllValues().get(0);
     CallOptions secondCapturedOptions = callOptionsCaptor.getAllValues().get(1);
-
-    // Ensure that CallCredentials was added
     assertNotNull(firstCapturedOptions.getCredentials());
     assertNotNull(secondCapturedOptions.getCredentials());
-
-    // Ensure that the CallCredentials from both calls are the same, indicating caching
     assertSame(firstCapturedOptions.getCredentials(), secondCapturedOptions.getCredentials());
   }
+
+  @Test
+  public void testClientInterceptor_withoutClusterSelectionKey() throws Exception {
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+    Channel mockChannel = mock(Channel.class);
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT;
+
+    ClientCall<Void, Void> call = interceptor.interceptCall(
+        methodDescriptor, callOptionsWithXds, mockChannel);
+
+    assertTrue(call instanceof FailingClientCall);
+    FailingClientCall<Void, Void> clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription()).contains("does not contain cluster resource");
+  }
+
+  @Test
+  public void testClientInterceptor_clusterSelectionKeyWithoutPrefix() throws Exception {
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME,
+        cdsUpdate,
+        new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    XdsConfig defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+    Channel mockChannel = mock(Channel.class);
+
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+    interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+
+    verify(mockChannel).newCall(methodDescriptor, callOptionsWithXds);
+  }
+
+  @Test
+  public void testClientInterceptor_xdsConfigDoesNotExist() throws Exception {
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+    Channel mockChannel = mock(Channel.class);
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0");
+
+    ClientCall<Void, Void> call =
+        interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+
+    assertTrue(call instanceof FailingClientCall);
+    FailingClientCall<Void, Void> clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription()).contains("does not contain xds configuration");
+  }
+
+  @Test
+  public void testClientInterceptor_incorrectClusterName() throws Exception {
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME,
+        cdsUpdate,
+        new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    XdsConfig defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster("custer0", StatusOr.fromValue(clusterConfig)).build();
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+    Channel mockChannel = mock(Channel.class);
+
+    ClientCall<Void, Void> call =
+        interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+
+    assertTrue(call instanceof FailingClientCall);
+    FailingClientCall<Void, Void> clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription()).contains("does not contain xds cluster");
+  }
+
+  @Test
+  public void testClientInterceptor_statusOrError() throws Exception {
+    StatusOr<XdsClusterConfig> errorCluster =
+        StatusOr.fromStatus(Status.NOT_FOUND.withDescription("Cluster resource not found"));
+    XdsConfig defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, errorCluster).build();
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+    Channel mockChannel = mock(Channel.class);
+
+    ClientCall<Void, Void> call =
+        interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+
+    assertTrue(call instanceof FailingClientCall);
+    FailingClientCall<Void, Void> clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription()).contains("Cluster resource not found");
+  }
+
+  @Test
+  public void testClientInterceptor_notAudienceWrapper()
+      throws IOException, ResourceInvalidException {
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME,
+        getCdsUpdateWithIncorrectAudienceWrapper(),
+        new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    XdsConfig defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+    GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+    Channel mockChannel = Mockito.mock(Channel.class);
+
+    ClientCall<Void, Void> call =
+        interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+
+    assertTrue(call instanceof FailingClientCall);
+    FailingClientCall<Void, Void> clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription()).contains("GCP Authn found wrong type");
+  }
+
+  private static LdsUpdate getLdsUpdate() {
+    Filter.NamedFilterConfig routerFilterConfig = new Filter.NamedFilterConfig(
+        serverName, RouterFilter.ROUTER_CONFIG);
+    HttpConnectionManager httpConnectionManager = HttpConnectionManager.forRdsName(
+        0L, RDS_NAME, Collections.singletonList(routerFilterConfig));
+    return XdsListenerResource.LdsUpdate.forApiListener(httpConnectionManager);
+  }
+
+  private static RdsUpdate getRdsUpdate() {
+    RouteConfiguration routeConfiguration =
+        buildRouteConfiguration(serverName, RDS_NAME, CLUSTER_NAME);
+    XdsResourceType.Args args = new XdsResourceType.Args(null, "0", "0", null, null, null);
+    try {
+      return XdsRouteConfigureResource.getInstance().doParse(args, routeConfiguration);
+    } catch (ResourceInvalidException ex) {
+      return null;
+    }
+  }
+
+  private static EdsUpdate getEdsUpdate() {
+    Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
+    LbEndpoint lbEndpoint = LbEndpoint.create(
+        serverName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
+    lbEndpointsMap.put(
+        Locality.create("", "", ""),
+        LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0, ImmutableMap.of()));
+    return new XdsEndpointResource.EdsUpdate(EDS_NAME, lbEndpointsMap, Collections.emptyList());
+  }
+
+  private static CdsUpdate getCdsUpdate() {
+    ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
+    parsedMetadata.put("FILTER_INSTANCE_NAME", new AudienceWrapper("TEST_AUDIENCE"));
+    try {
+      CdsUpdate.Builder cdsUpdate = CdsUpdate.forEds(
+              CLUSTER_NAME, EDS_NAME, null, null, null, null, false)
+          .lbPolicyConfig(getWrrLbConfigAsMap());
+      return cdsUpdate.parsedMetadata(parsedMetadata.build()).build();
+    } catch (IOException ex) {
+      return null;
+    }
+  }
+
+  private static CdsUpdate getCdsUpdateWithIncorrectAudienceWrapper() throws IOException {
+    ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
+    parsedMetadata.put("FILTER_INSTANCE_NAME", "TEST_AUDIENCE");
+    CdsUpdate.Builder cdsUpdate = CdsUpdate.forEds(
+            CLUSTER_NAME, EDS_NAME, null, null, null, null, false)
+        .lbPolicyConfig(getWrrLbConfigAsMap());
+    return cdsUpdate.parsedMetadata(parsedMetadata.build()).build();
+  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index bfaa17245cf..e53ed9047ca 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -129,6 +129,7 @@
 import io.grpc.xds.Endpoints.LbEndpoint;
 import io.grpc.xds.Endpoints.LocalityLbEndpoints;
 import io.grpc.xds.Filter.FilterConfig;
+import io.grpc.xds.GcpAuthenticationFilter.AudienceMetadataParser.AudienceWrapper;
 import io.grpc.xds.MetadataRegistry.MetadataValueParser;
 import io.grpc.xds.RouteLookupServiceClusterSpecifierPlugin.RlsPluginConfig;
 import io.grpc.xds.VirtualHost.Route;
@@ -2417,8 +2418,7 @@ public Object parse(Any value) {
   }
 
   @Test
-  public void processCluster_parsesAudienceMetadata()
-      throws ResourceInvalidException, InvalidProtocolBufferException {
+  public void processCluster_parsesAudienceMetadata() throws Exception {
     MetadataRegistry.getInstance();
 
     Audience audience = Audience.newBuilder()
@@ -2462,7 +2462,10 @@ public void processCluster_parsesAudienceMetadata()
         "FILTER_METADATA", ImmutableMap.of(
             "key1", "value1",
             "key2", 42.0));
-    assertThat(update.parsedMetadata()).isEqualTo(expectedParsedMetadata);
+    assertThat(update.parsedMetadata().get("FILTER_METADATA"))
+        .isEqualTo(expectedParsedMetadata.get("FILTER_METADATA"));
+    assertThat(update.parsedMetadata().get("AUDIENCE_METADATA"))
+        .isInstanceOf(AudienceWrapper.class);
   }
 
   @Test
@@ -2519,8 +2522,7 @@ public void processCluster_parsesAddressMetadata() throws Exception {
   }
 
   @Test
-  public void processCluster_metadataKeyCollision_resolvesToTypedMetadata()
-      throws ResourceInvalidException, InvalidProtocolBufferException {
+  public void processCluster_metadataKeyCollision_resolvesToTypedMetadata() throws Exception {
     MetadataRegistry metadataRegistry = MetadataRegistry.getInstance();
 
     MetadataValueParser testParser =
@@ -2575,8 +2577,7 @@ public Object parse(Any value) {
   }
 
   @Test
-  public void parseNonAggregateCluster_withHttp11ProxyTransportSocket()
-      throws ResourceInvalidException, InvalidProtocolBufferException {
+  public void parseNonAggregateCluster_withHttp11ProxyTransportSocket() throws Exception {
     XdsClusterResource.isEnabledXdsHttpConnect = true;
 
     Http11ProxyUpstreamTransport http11ProxyUpstreamTransport =
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index 9f90777be3d..52953ef5407 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -291,7 +291,7 @@ static Map<Locality, LocalityLbEndpoints> createMinimalLbEndpointsMap(String ser
   }
 
   @SuppressWarnings("unchecked")
-  private static ImmutableMap<String, ?> getWrrLbConfigAsMap() throws IOException {
+  static ImmutableMap<String, ?> getWrrLbConfigAsMap() throws IOException {
     String lbConfigStr = "{\"wrr_locality_experimental\" : "
         + "{ \"childPolicy\" : [{\"round_robin\" : {}}]}}";
 

From c8d1e6e39c26da2eb54386eac6eaf9e1aa8f9b9c Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 3 Apr 2025 11:22:26 +0530
Subject: [PATCH 235/591] xds: listener type validation (#11933)

---
 .../io/grpc/xds/EnvoyServerProtoData.java     |   9 +-
 .../java/io/grpc/xds/XdsListenerResource.java |  13 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |   7 +
 .../java/io/grpc/xds/XdsServerWrapper.java    |  36 ++++-
 .../java/io/grpc/xds/ControlPlaneRule.java    |   4 +
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |  35 +++++
 .../XdsClientWrapperForServerSdsTestMisc.java |   6 +-
 .../grpc/xds/XdsSecurityClientServerTest.java |   7 +-
 .../io/grpc/xds/XdsServerBuilderTest.java     |  12 +-
 .../java/io/grpc/xds/XdsServerTestHelper.java |  20 ++-
 .../io/grpc/xds/XdsServerWrapperTest.java     | 147 +++++++++++++++++-
 11 files changed, 271 insertions(+), 25 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
index ae5b3c5b1c9..fd2a1d2a069 100644
--- a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
+++ b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
@@ -22,6 +22,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 import com.google.protobuf.util.Durations;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress.Protocol;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.Internal;
 import io.grpc.xds.client.EnvoyProtoData;
@@ -248,13 +249,17 @@ abstract static class Listener {
     @Nullable
     abstract FilterChain defaultFilterChain();
 
+    @Nullable
+    abstract Protocol protocol();
+
     static Listener create(
         String name,
         @Nullable String address,
         ImmutableList<FilterChain> filterChains,
-        @Nullable FilterChain defaultFilterChain) {
+        @Nullable FilterChain defaultFilterChain,
+        @Nullable Protocol protocol) {
       return new AutoValue_EnvoyServerProtoData_Listener(name, address, filterChains,
-          defaultFilterChain);
+          defaultFilterChain, protocol);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
index ec0cbbf243f..041b659b4c3 100644
--- a/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsListenerResource.java
@@ -162,13 +162,16 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
     }
 
     String address = null;
+    SocketAddress socketAddress = null;
     if (proto.getAddress().hasSocketAddress()) {
-      SocketAddress socketAddress = proto.getAddress().getSocketAddress();
+      socketAddress = proto.getAddress().getSocketAddress();
       address = socketAddress.getAddress();
+      if (address.isEmpty()) {
+        throw new ResourceInvalidException("Invalid address: Empty address is not allowed.");
+      }
       switch (socketAddress.getPortSpecifierCase()) {
         case NAMED_PORT:
-          address = address + ":" + socketAddress.getNamedPort();
-          break;
+          throw new ResourceInvalidException("NAMED_PORT is not supported in gRPC.");
         case PORT_VALUE:
           address = address + ":" + socketAddress.getPortValue();
           break;
@@ -209,8 +212,8 @@ static EnvoyServerProtoData.Listener parseServerSideListener(
           null, certProviderInstances, args);
     }
 
-    return EnvoyServerProtoData.Listener.create(
-        proto.getName(), address, filterChains.build(), defaultFilterChain);
+    return EnvoyServerProtoData.Listener.create(proto.getName(), address, filterChains.build(),
+        defaultFilterChain, socketAddress == null ? null : socketAddress.getProtocol());
   }
 
   @VisibleForTesting
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 7704a4a09db..a14abf95f41 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -684,6 +684,13 @@ public void onUpdate(StatusOr<XdsConfig> updateOrStatus) {
       // Process Route
       XdsConfig update = updateOrStatus.getValue();
       HttpConnectionManager httpConnectionManager = update.getListener().httpConnectionManager();
+      if (httpConnectionManager == null) {
+        logger.log(XdsLogLevel.INFO, "API Listener: httpConnectionManager does not exist.");
+        updateActiveFilters(null);
+        cleanUpRoutes(updateOrStatus.getStatus());
+        return;
+      }
+
       VirtualHost virtualHost = update.getVirtualHost();
       ImmutableList<NamedFilterConfig> filterConfigs = httpConnectionManager.httpFilterConfigs();
       long streamDurationNano = httpConnectionManager.httpMaxStreamDurationNano();
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index 6625bd8178a..be64b56eef5 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -24,7 +24,10 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.net.HostAndPort;
+import com.google.common.net.InetAddresses;
 import com.google.common.util.concurrent.SettableFuture;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress.Protocol;
 import io.grpc.Attributes;
 import io.grpc.InternalServerInterceptors;
 import io.grpc.Metadata;
@@ -57,6 +60,7 @@
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import java.io.IOException;
+import java.net.InetAddress;
 import java.net.SocketAddress;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -383,7 +387,21 @@ public void onChanged(final LdsUpdate update) {
         return;
       }
       logger.log(Level.FINEST, "Received Lds update {0}", update);
-      checkNotNull(update.listener(), "update");
+      if (update.listener() == null) {
+        onResourceDoesNotExist("Non-API");
+        return;
+      }
+
+      String ldsAddress = update.listener().address();
+      if (ldsAddress == null || update.listener().protocol() != Protocol.TCP
+          || !ipAddressesMatch(ldsAddress)) {
+        handleConfigNotFoundOrMismatch(
+            Status.UNKNOWN.withDescription(
+                String.format(
+                    "Listener address mismatch: expected %s, but got %s.",
+                    listenerAddress, ldsAddress)).asException());
+        return;
+      }
       if (!pendingRds.isEmpty()) {
         // filter chain state has not yet been applied to filterChainSelectorManager and there
         // are two sets of sslContextProviderSuppliers, so we release the old ones.
@@ -432,6 +450,18 @@ public void onChanged(final LdsUpdate update) {
       }
     }
 
+    private boolean ipAddressesMatch(String ldsAddress) {
+      HostAndPort ldsAddressHnP = HostAndPort.fromString(ldsAddress);
+      HostAndPort listenerAddressHnP = HostAndPort.fromString(listenerAddress);
+      if (!ldsAddressHnP.hasPort() || !listenerAddressHnP.hasPort()
+          || ldsAddressHnP.getPort() != listenerAddressHnP.getPort()) {
+        return false;
+      }
+      InetAddress listenerIp = InetAddresses.forString(listenerAddressHnP.getHost());
+      InetAddress ldsIp = InetAddresses.forString(ldsAddressHnP.getHost());
+      return listenerIp.equals(ldsIp);
+    }
+
     @Override
     public void onResourceDoesNotExist(final String resourceName) {
       if (stopped) {
@@ -440,7 +470,7 @@ public void onResourceDoesNotExist(final String resourceName) {
       StatusException statusException = Status.UNAVAILABLE.withDescription(
           String.format("Listener %s unavailable, xDS node ID: %s", resourceName,
               xdsClient.getBootstrapInfo().node().getId())).asException();
-      handleConfigNotFound(statusException);
+      handleConfigNotFoundOrMismatch(statusException);
     }
 
     @Override
@@ -674,7 +704,7 @@ public <ReqT, RespT> Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> call,
       };
     }
 
-    private void handleConfigNotFound(StatusException exception) {
+    private void handleConfigNotFoundOrMismatch(StatusException exception) {
       cleanUpRouteDiscoveryStates();
       shutdownActiveFilters();
       List<SslContextProviderSupplier> toRelease = getSuppliersInUse();
diff --git a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
index 39761912ea5..8c10627d153 100644
--- a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
+++ b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
@@ -366,10 +366,14 @@ static Listener buildServerListener() {
         .setFilterChainMatch(filterChainMatch)
         .addFilters(filter)
         .build();
+    Address address = Address.newBuilder()
+        .setSocketAddress(SocketAddress.newBuilder().setAddress("0.0.0.0").setPortValue(0))
+        .build();
     return Listener.newBuilder()
         .setName(SERVER_LISTENER_TEMPLATE_NO_REPLACEMENT)
         .setTrafficDirection(TrafficDirection.INBOUND)
         .addFilterChains(filterChain)
+        .setAddress(address)
         .build();
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index e53ed9047ca..0ea58c974bb 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -2661,6 +2661,41 @@ public void parseServerSideListener_useOriginalDst() throws ResourceInvalidExcep
         listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
   }
 
+  @Test
+  public void parseServerSideListener_emptyAddress() throws ResourceInvalidException {
+    Listener listener =
+        Listener.newBuilder()
+            .setName("listener1")
+            .setTrafficDirection(TrafficDirection.INBOUND)
+            .setAddress(Address.newBuilder()
+                .setSocketAddress(
+                    SocketAddress.newBuilder()))
+            .build();
+    thrown.expect(ResourceInvalidException.class);
+    thrown.expectMessage("Invalid address: Empty address is not allowed.");
+
+    XdsListenerResource.parseServerSideListener(
+        listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
+  }
+
+  @Test
+  public void parseServerSideListener_namedPort() throws ResourceInvalidException {
+    Listener listener =
+        Listener.newBuilder()
+            .setName("listener1")
+            .setTrafficDirection(TrafficDirection.INBOUND)
+            .setAddress(Address.newBuilder()
+                .setSocketAddress(
+                    SocketAddress.newBuilder()
+                        .setAddress("172.14.14.5").setNamedPort("")))
+            .build();
+    thrown.expect(ResourceInvalidException.class);
+    thrown.expectMessage("NAMED_PORT is not supported in gRPC.");
+
+    XdsListenerResource.parseServerSideListener(
+        listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
+  }
+
   @Test
   public void parseServerSideListener_nonUniqueFilterChainMatch() throws ResourceInvalidException {
     Filter filter1 = buildHttpConnectionManagerFilter(
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
index f3f4d74eb2f..ff97afe6916 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
@@ -32,6 +32,7 @@
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.util.concurrent.SettableFuture;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress.Protocol;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.Status;
@@ -165,9 +166,10 @@ public void run() {
     EnvoyServerProtoData.Listener tcpListener =
         EnvoyServerProtoData.Listener.create(
             "listener1",
-            "10.1.2.3",
+            "0.0.0.0:7000",
             ImmutableList.of(),
-            null);
+            null,
+            Protocol.TCP);
     LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(tcpListener);
     xdsClient.ldsWatcher.onChanged(listenerUpdate);
     verify(listener, timeout(5000)).onServing();
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index 380c0591812..23068d665bf 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -35,6 +35,7 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.SettableFuture;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress.Protocol;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
@@ -497,7 +498,7 @@ public void mtlsClientServer_changeServerContext_expectException()
     DownstreamTlsContext downstreamTlsContext =
         CommonTlsContextTestsUtil.buildDownstreamTlsContext(
             "cert-instance-name2", true, true);
-    EnvoyServerProtoData.Listener listener = buildListener("listener1", "0.0.0.0",
+    EnvoyServerProtoData.Listener listener = buildListener("listener1", "0.0.0.0:0",
             downstreamTlsContext,
             tlsContextManagerForServer);
     xdsClient.deliverLdsUpdate(LdsUpdate.forTcpListener(listener));
@@ -601,7 +602,7 @@ private void buildServer(
     tlsContextManagerForServer = new TlsContextManagerImpl(bootstrapInfoForServer);
     XdsServerWrapper xdsServer = (XdsServerWrapper) builder.build();
     SettableFuture<Throwable> startFuture = startServerAsync(xdsServer);
-    EnvoyServerProtoData.Listener listener = buildListener("listener1", "10.1.2.3",
+    EnvoyServerProtoData.Listener listener = buildListener("listener1", "0.0.0.0:0",
             downstreamTlsContext, tlsContextManagerForServer);
     LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(listener);
     xdsClient.deliverLdsUpdate(listenerUpdate);
@@ -642,7 +643,7 @@ static EnvoyServerProtoData.Listener buildListener(
         "filter-chain-foo", filterChainMatch, httpConnectionManager, tlsContext,
         tlsContextManager);
     EnvoyServerProtoData.Listener listener = EnvoyServerProtoData.Listener.create(
-        name, address, ImmutableList.of(defaultFilterChain), null);
+        name, address, ImmutableList.of(defaultFilterChain), null, Protocol.TCP);
     return listener;
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java b/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
index d28c7d7c607..2c168c65869 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.xds.XdsServerTestHelper.buildTestListener;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.mock;
@@ -26,6 +27,7 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
+import com.google.common.collect.ImmutableList;
 import com.google.common.util.concurrent.SettableFuture;
 import io.grpc.BindableService;
 import io.grpc.InsecureServerCredentials;
@@ -33,6 +35,7 @@
 import io.grpc.Status;
 import io.grpc.StatusException;
 import io.grpc.testing.GrpcCleanupRule;
+import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.XdsServerTestHelper.FakeXdsClient;
 import io.grpc.xds.XdsServerTestHelper.FakeXdsClientPoolFactory;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
@@ -221,10 +224,13 @@ public void xdsServer_startError()
     buildServer(mockXdsServingStatusListener);
     Future<Throwable> future = startServerAsync();
     // create port conflict for start to fail
-    XdsServerTestHelper.generateListenerUpdate(
-        xdsClient,
+    EnvoyServerProtoData.Listener listener = buildTestListener(
+        "listener1", "0.0.0.0:" + port, ImmutableList.of(),
         CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "VA1"),
-            tlsContextManager);
+        null, tlsContextManager);
+    LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(listener);
+    xdsClient.deliverLdsUpdate(listenerUpdate);
+
     Throwable exception = future.get(5, TimeUnit.SECONDS);
     assertThat(exception).isInstanceOf(IOException.class);
     assertThat(exception).hasMessageThat().contains("Failed to bind");
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
index ec9f4c54c31..b0472b4729d 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
@@ -21,6 +21,7 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.SettableFuture;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress.Protocol;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
@@ -74,7 +75,7 @@ public class XdsServerTestHelper {
   static void generateListenerUpdate(FakeXdsClient xdsClient,
                                      EnvoyServerProtoData.DownstreamTlsContext tlsContext,
                                      TlsContextManager tlsContextManager) {
-    EnvoyServerProtoData.Listener listener = buildTestListener("listener1", "10.1.2.3",
+    EnvoyServerProtoData.Listener listener = buildTestListener("listener1", "0.0.0.0:0",
         ImmutableList.of(), tlsContext, null, tlsContextManager);
     LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(listener);
     xdsClient.deliverLdsUpdate(listenerUpdate);
@@ -85,7 +86,8 @@ static void generateListenerUpdate(
       EnvoyServerProtoData.DownstreamTlsContext tlsContext,
       EnvoyServerProtoData.DownstreamTlsContext tlsContextForDefaultFilterChain,
       TlsContextManager tlsContextManager) {
-    EnvoyServerProtoData.Listener listener = buildTestListener("listener1", "10.1.2.3", sourcePorts,
+    EnvoyServerProtoData.Listener listener = buildTestListener(
+        "listener1", "0.0.0.0:7000", sourcePorts,
         tlsContext, tlsContextForDefaultFilterChain, tlsContextManager);
     LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(listener);
     xdsClient.deliverLdsUpdate(listenerUpdate);
@@ -130,7 +132,7 @@ static EnvoyServerProtoData.Listener buildTestListener(
         tlsContextForDefaultFilterChain, tlsContextManager);
     EnvoyServerProtoData.Listener listener =
         EnvoyServerProtoData.Listener.create(
-            name, address, ImmutableList.of(filterChain1), defaultFilterChain);
+            name, address, ImmutableList.of(filterChain1), defaultFilterChain, Protocol.TCP);
     return listener;
   }
 
@@ -290,6 +292,14 @@ private String awaitLdsResource(Duration timeout) {
       }
     }
 
+    void deliverLdsUpdateWithApiListener(long httpMaxStreamDurationNano,
+        List<VirtualHost> virtualHosts) {
+      execute(() -> {
+        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            httpMaxStreamDurationNano, virtualHosts, null)));
+      });
+    }
+
     void deliverLdsUpdate(LdsUpdate ldsUpdate) {
       execute(() -> ldsWatcher.onChanged(ldsUpdate));
     }
@@ -297,8 +307,8 @@ void deliverLdsUpdate(LdsUpdate ldsUpdate) {
     void deliverLdsUpdate(
         List<FilterChain> filterChains,
         @Nullable FilterChain defaultFilterChain) {
-      deliverLdsUpdate(LdsUpdate.forTcpListener(Listener.create(
-          "listener", "0.0.0.0:1", ImmutableList.copyOf(filterChains), defaultFilterChain)));
+      deliverLdsUpdate(LdsUpdate.forTcpListener(Listener.create("listener", "0.0.0.0:1",
+          ImmutableList.copyOf(filterChains), defaultFilterChain, Protocol.TCP)));
     }
 
     void deliverLdsUpdate(FilterChain filterChain, @Nullable FilterChain defaultFilterChain) {
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
index e5f0f44cbae..ce1c6b94a35 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
@@ -37,6 +37,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.net.InetAddresses;
 import com.google.common.util.concurrent.SettableFuture;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress.Protocol;
 import io.grpc.Attributes;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.Metadata;
@@ -54,6 +55,7 @@
 import io.grpc.xds.EnvoyServerProtoData.CidrRange;
 import io.grpc.xds.EnvoyServerProtoData.FilterChain;
 import io.grpc.xds.EnvoyServerProtoData.FilterChainMatch;
+import io.grpc.xds.EnvoyServerProtoData.Listener;
 import io.grpc.xds.Filter.FilterConfig;
 import io.grpc.xds.Filter.NamedFilterConfig;
 import io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector;
@@ -61,6 +63,7 @@
 import io.grpc.xds.VirtualHost.Route;
 import io.grpc.xds.VirtualHost.Route.RouteMatch;
 import io.grpc.xds.VirtualHost.Route.RouteMatch.PathMatcher;
+import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import io.grpc.xds.XdsServerBuilder.XdsServingStatusListener;
 import io.grpc.xds.XdsServerTestHelper.FakeXdsClient;
@@ -538,6 +541,146 @@ public void run() {
     verify(mockServer).start();
   }
 
+  @Test
+  public void onChanged_listenerIsNull()
+      throws ExecutionException, InterruptedException, TimeoutException {
+    xdsServerWrapper = new XdsServerWrapper("10.1.2.3:1", mockBuilder, listener,
+        selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        filterRegistry, executor.getScheduledExecutorService());
+    final SettableFuture<Server> start = SettableFuture.create();
+    Executors.newSingleThreadExecutor().execute(new Runnable() {
+      @Override
+      public void run() {
+        try {
+          start.set(xdsServerWrapper.start());
+        } catch (Exception ex) {
+          start.setException(ex);
+        }
+      }
+    });
+    String ldsResource = xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
+    assertThat(ldsResource).isEqualTo("grpc/server?udpa.resource.listening_address=10.1.2.3:1");
+    VirtualHost virtualHost =
+        VirtualHost.create(
+            "virtual-host", Collections.singletonList("auth"), new ArrayList<Route>(),
+            ImmutableMap.<String, FilterConfig>of());
+
+    xdsClient.deliverLdsUpdateWithApiListener(0L, Arrays.asList(virtualHost));
+
+    verify(listener, timeout(10000)).onNotServing(any());
+  }
+
+  @Test
+  public void onChanged_listenerAddressMissingPort()
+      throws ExecutionException, InterruptedException, TimeoutException {
+    xdsServerWrapper = new XdsServerWrapper("10.1.2.3:1", mockBuilder, listener,
+        selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        filterRegistry, executor.getScheduledExecutorService());
+    final SettableFuture<Server> start = SettableFuture.create();
+    Executors.newSingleThreadExecutor().execute(new Runnable() {
+      @Override
+      public void run() {
+        try {
+          start.set(xdsServerWrapper.start());
+        } catch (Exception ex) {
+          start.setException(ex);
+        }
+      }
+    });
+    String ldsResource = xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
+    assertThat(ldsResource).isEqualTo("grpc/server?udpa.resource.listening_address=10.1.2.3:1");
+    VirtualHost virtualHost =
+        VirtualHost.create(
+            "virtual-host", Collections.singletonList("auth"), new ArrayList<Route>(),
+            ImmutableMap.<String, FilterConfig>of());
+    HttpConnectionManager httpConnectionManager = HttpConnectionManager.forVirtualHosts(
+        0L, Collections.singletonList(virtualHost), new ArrayList<NamedFilterConfig>());
+    EnvoyServerProtoData.FilterChain filterChain = EnvoyServerProtoData.FilterChain.create(
+        "filter-chain-foo", createMatch(), httpConnectionManager, createTls(),
+        mock(TlsContextManager.class));
+    LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(
+        Listener.create("listener", "20.3.4.5:",
+            ImmutableList.copyOf(Collections.singletonList(filterChain)), null, Protocol.TCP));
+
+    xdsClient.deliverLdsUpdate(listenerUpdate);
+
+    verify(listener, timeout(10000)).onNotServing(any());
+  }
+
+  @Test
+  public void onChanged_listenerAddressMismatch()
+      throws ExecutionException, InterruptedException, TimeoutException {
+    xdsServerWrapper = new XdsServerWrapper("10.1.2.3:1", mockBuilder, listener,
+        selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        filterRegistry, executor.getScheduledExecutorService());
+    final SettableFuture<Server> start = SettableFuture.create();
+    Executors.newSingleThreadExecutor().execute(new Runnable() {
+      @Override
+      public void run() {
+        try {
+          start.set(xdsServerWrapper.start());
+        } catch (Exception ex) {
+          start.setException(ex);
+        }
+      }
+    });
+    String ldsResource = xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
+    assertThat(ldsResource).isEqualTo("grpc/server?udpa.resource.listening_address=10.1.2.3:1");
+    VirtualHost virtualHost =
+        VirtualHost.create(
+            "virtual-host", Collections.singletonList("auth"), new ArrayList<Route>(),
+            ImmutableMap.<String, FilterConfig>of());
+    HttpConnectionManager httpConnectionManager = HttpConnectionManager.forVirtualHosts(
+        0L, Collections.singletonList(virtualHost), new ArrayList<NamedFilterConfig>());
+    EnvoyServerProtoData.FilterChain filterChain = EnvoyServerProtoData.FilterChain.create(
+        "filter-chain-foo", createMatch(), httpConnectionManager, createTls(),
+        mock(TlsContextManager.class));
+    LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(
+        Listener.create("listener", "20.3.4.5:1",
+            ImmutableList.copyOf(Collections.singletonList(filterChain)), null, Protocol.TCP));
+
+    xdsClient.deliverLdsUpdate(listenerUpdate);
+
+    verify(listener, timeout(10000)).onNotServing(any());
+  }
+
+  @Test
+  public void onChanged_listenerAddressPortMismatch()
+      throws ExecutionException, InterruptedException, TimeoutException {
+    xdsServerWrapper = new XdsServerWrapper("10.1.2.3:1", mockBuilder, listener,
+        selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        filterRegistry, executor.getScheduledExecutorService());
+    final SettableFuture<Server> start = SettableFuture.create();
+    Executors.newSingleThreadExecutor().execute(new Runnable() {
+      @Override
+      public void run() {
+        try {
+          start.set(xdsServerWrapper.start());
+        } catch (Exception ex) {
+          start.setException(ex);
+        }
+      }
+    });
+    String ldsResource = xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
+    assertThat(ldsResource).isEqualTo("grpc/server?udpa.resource.listening_address=10.1.2.3:1");
+    VirtualHost virtualHost =
+        VirtualHost.create(
+            "virtual-host", Collections.singletonList("auth"), new ArrayList<Route>(),
+            ImmutableMap.<String, FilterConfig>of());
+    HttpConnectionManager httpConnectionManager = HttpConnectionManager.forVirtualHosts(
+        0L, Collections.singletonList(virtualHost), new ArrayList<NamedFilterConfig>());
+    EnvoyServerProtoData.FilterChain filterChain = EnvoyServerProtoData.FilterChain.create(
+        "filter-chain-foo", createMatch(), httpConnectionManager, createTls(),
+        mock(TlsContextManager.class));
+    LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(
+        Listener.create("listener", "10.1.2.3:2",
+            ImmutableList.copyOf(Collections.singletonList(filterChain)), null, Protocol.TCP));
+
+    xdsClient.deliverLdsUpdate(listenerUpdate);
+
+    verify(listener, timeout(10000)).onNotServing(any());
+  }
+
   @Test
   public void discoverState_rds() throws Exception {
     final SettableFuture<Server> start = SettableFuture.create();
@@ -1811,7 +1954,7 @@ private static HttpConnectionManager createRds(String name) {
   /**
    * Returns the least-specific match-all Filter Chain Match.
    */
-  private static FilterChainMatch createMatch() {
+  static FilterChainMatch createMatch() {
     return FilterChainMatch.create(
         0,
         ImmutableList.of(),
@@ -1867,7 +2010,7 @@ private static MethodDescriptor<Void, Void> createMethod(String path) {
             .build();
   }
 
-  private static EnvoyServerProtoData.DownstreamTlsContext createTls() {
+  static EnvoyServerProtoData.DownstreamTlsContext createTls() {
     return CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "VA1");
   }
 }

From d4c46a7f1fe67bad762139a679b3597dd8c1849d Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Fri, 4 Apr 2025 05:53:08 +0000
Subject: [PATCH 236/591] refactor: prevents global stats config freeze in
 ConfiguratorRegistry.getConfigurators() (#11991)

---
 .../java/io/grpc/ConfiguratorRegistry.java    | 19 ++++++++++++++-----
 .../io/grpc/InternalConfiguratorRegistry.java |  4 ++++
 .../io/grpc/ConfiguratorRegistryTest.java     | 14 ++++++--------
 .../ManagedChannelImplBuilderTest.java        |  9 +++------
 .../grpc/internal/ServerImplBuilderTest.java  | 10 +++-------
 5 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/api/src/main/java/io/grpc/ConfiguratorRegistry.java b/api/src/main/java/io/grpc/ConfiguratorRegistry.java
index a0a91609dde..19d6703d308 100644
--- a/api/src/main/java/io/grpc/ConfiguratorRegistry.java
+++ b/api/src/main/java/io/grpc/ConfiguratorRegistry.java
@@ -33,9 +33,9 @@ final class ConfiguratorRegistry {
   @GuardedBy("this")
   private boolean wasConfiguratorsSet;
   @GuardedBy("this")
-  private boolean configFrozen;
-  @GuardedBy("this")
   private List<Configurator> configurators = Collections.emptyList();
+  @GuardedBy("this")
+  private int configuratorsCallCountBeforeSet = 0;
 
   ConfiguratorRegistry() {}
 
@@ -56,11 +56,10 @@ public static synchronized ConfiguratorRegistry getDefaultRegistry() {
    * @throws IllegalStateException if this method is called more than once
    */
   public synchronized void setConfigurators(List<? extends Configurator> configurators) {
-    if (configFrozen) {
+    if (wasConfiguratorsSet) {
       throw new IllegalStateException("Configurators are already set");
     }
     this.configurators = Collections.unmodifiableList(new ArrayList<>(configurators));
-    configFrozen = true;
     wasConfiguratorsSet = true;
   }
 
@@ -68,10 +67,20 @@ public synchronized void setConfigurators(List<? extends Configurator> configura
    * Returns a list of the configurators in this registry.
    */
   public synchronized List<Configurator> getConfigurators() {
-    configFrozen = true;
+    if (!wasConfiguratorsSet) {
+      configuratorsCallCountBeforeSet++;
+    }
     return configurators;
   }
 
+  /**
+   * Returns the number of times getConfigurators() was called before
+   * setConfigurators() was successfully invoked.
+   */
+  public synchronized int getConfiguratorsCallCountBeforeSet() {
+    return configuratorsCallCountBeforeSet;
+  }
+
   public synchronized boolean wasSetConfiguratorsCalled() {
     return wasConfiguratorsSet;
   }
diff --git a/api/src/main/java/io/grpc/InternalConfiguratorRegistry.java b/api/src/main/java/io/grpc/InternalConfiguratorRegistry.java
index b495800ff13..f567dab74c4 100644
--- a/api/src/main/java/io/grpc/InternalConfiguratorRegistry.java
+++ b/api/src/main/java/io/grpc/InternalConfiguratorRegistry.java
@@ -48,4 +48,8 @@ public static void configureServerBuilder(ServerBuilder<?> serverBuilder) {
   public static boolean wasSetConfiguratorsCalled() {
     return ConfiguratorRegistry.getDefaultRegistry().wasSetConfiguratorsCalled();
   }
+
+  public static int getConfiguratorsCallCountBeforeSet() {
+    return ConfiguratorRegistry.getDefaultRegistry().getConfiguratorsCallCountBeforeSet();
+  }
 }
diff --git a/api/src/test/java/io/grpc/ConfiguratorRegistryTest.java b/api/src/test/java/io/grpc/ConfiguratorRegistryTest.java
index e231d13503a..457d5a36e77 100644
--- a/api/src/test/java/io/grpc/ConfiguratorRegistryTest.java
+++ b/api/src/test/java/io/grpc/ConfiguratorRegistryTest.java
@@ -85,14 +85,12 @@ public static final class StaticTestingClassLoaderGetBeforeSet implements Runnab
     @Override
     public void run() {
       assertThat(ConfiguratorRegistry.getDefaultRegistry().getConfigurators()).isEmpty();
-
-      try {
-        ConfiguratorRegistry.getDefaultRegistry()
-            .setConfigurators(Arrays.asList(new NoopConfigurator()));
-        fail("should have failed for invoking set call after get is already called");
-      } catch (IllegalStateException e) {
-        assertThat(e).hasMessageThat().isEqualTo("Configurators are already set");
-      }
+      NoopConfigurator noopConfigurator = new NoopConfigurator();
+      ConfiguratorRegistry.getDefaultRegistry()
+              .setConfigurators(Arrays.asList(noopConfigurator));
+      assertThat(ConfiguratorRegistry.getDefaultRegistry().getConfigurators())
+              .containsExactly(noopConfigurator);
+      assertThat(InternalConfiguratorRegistry.getConfiguratorsCallCountBeforeSet()).isEqualTo(1);
     }
   }
 
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
index 861412653fb..a054e65a6e8 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
@@ -529,12 +529,9 @@ public void run() {
       List<ClientInterceptor> effectiveInterceptors =
           builder.getEffectiveInterceptors("unused:///");
       assertThat(effectiveInterceptors).hasSize(2);
-      try {
-        InternalConfiguratorRegistry.setConfigurators(Collections.emptyList());
-        fail("exception expected");
-      } catch (IllegalStateException e) {
-        assertThat(e).hasMessageThat().contains("Configurators are already set");
-      }
+      InternalConfiguratorRegistry.setConfigurators(Collections.emptyList());
+      assertThat(InternalConfiguratorRegistry.getConfigurators()).isEmpty();
+      assertThat(InternalConfiguratorRegistry.getConfiguratorsCallCountBeforeSet()).isEqualTo(1);
     }
   }
 
diff --git a/core/src/test/java/io/grpc/internal/ServerImplBuilderTest.java b/core/src/test/java/io/grpc/internal/ServerImplBuilderTest.java
index 107591038d6..7ad7f15f358 100644
--- a/core/src/test/java/io/grpc/internal/ServerImplBuilderTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerImplBuilderTest.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
 
 import io.grpc.InternalConfigurator;
 import io.grpc.InternalConfiguratorRegistry;
@@ -145,12 +144,9 @@ public void run() {
               });
       assertThat(builder.getTracerFactories()).hasSize(2);
       assertThat(builder.interceptors).hasSize(0);
-      try {
-        InternalConfiguratorRegistry.setConfigurators(Collections.emptyList());
-        fail("exception expected");
-      } catch (IllegalStateException e) {
-        assertThat(e).hasMessageThat().contains("Configurators are already set");
-      }
+      InternalConfiguratorRegistry.setConfigurators(Collections.emptyList());
+      assertThat(InternalConfiguratorRegistry.getConfigurators()).isEmpty();
+      assertThat(InternalConfiguratorRegistry.getConfiguratorsCallCountBeforeSet()).isEqualTo(1);
     }
   }
 

From 5ca4d852ae5a50ea8d52497996af4a6b278ccd84 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 4 Apr 2025 05:16:37 -0700
Subject: [PATCH 237/591] core: Avoid Set.removeAll() when passing a
 possibly-large List (#11994)

See #11958
---
 .../main/java/io/grpc/internal/DelayedClientTransport.java  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
index 8ff755af3eb..eccd8fadc8c 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
@@ -325,7 +325,11 @@ final void reprocess(@Nullable SubchannelPicker picker) {
       if (!hasPendingStreams()) {
         return;
       }
-      pendingStreams.removeAll(toRemove);
+      // Avoid pendingStreams.removeAll() as it can degrade to calling toRemove.contains() for each
+      // element in pendingStreams.
+      for (PendingStream stream : toRemove) {
+        pendingStreams.remove(stream);
+      }
       // Because delayed transport is long-lived, we take this opportunity to down-size the
       // hashmap.
       if (pendingStreams.isEmpty()) {

From edc2bf7346ea88d8db773535bf62a59dbea4fb20 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Fri, 4 Apr 2025 16:09:35 +0200
Subject: [PATCH 238/591] stub: Utility method
 StreamObservers.nextAndComplete() that does both onNext and onComplete
 (#11778)

---
 .../java/io/grpc/stub/StreamObservers.java    | 23 +++++++++---
 .../io/grpc/stub/StreamObserversTest.java     | 35 +++++++++++++++++++
 2 files changed, 54 insertions(+), 4 deletions(-)
 create mode 100644 stub/src/test/java/io/grpc/stub/StreamObserversTest.java

diff --git a/stub/src/main/java/io/grpc/stub/StreamObservers.java b/stub/src/main/java/io/grpc/stub/StreamObservers.java
index 2cc53ea0aa2..a421d3eca2f 100644
--- a/stub/src/main/java/io/grpc/stub/StreamObservers.java
+++ b/stub/src/main/java/io/grpc/stub/StreamObservers.java
@@ -23,12 +23,21 @@
 /**
  * Utility functions for working with {@link StreamObserver} and it's common subclasses like
  * {@link CallStreamObserver}.
- *
- * @deprecated Of questionable utility and generally not used.
  */
-@Deprecated
-@ExperimentalApi("https://github.com/grpc/grpc-java/issues/4694")
 public final class StreamObservers {
+  // Prevent instantiation
+  private StreamObservers() { }
+
+  /**
+   * Utility method to call {@link StreamObserver#onNext(Object)} and
+   * {@link StreamObserver#onCompleted()} on the specified responseObserver.
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10957")
+  public static <T> void nextAndComplete(StreamObserver<T> responseObserver, T response) {
+    responseObserver.onNext(response);
+    responseObserver.onCompleted();
+  }
+
   /**
    * Copy the values of an {@link Iterator} to the target {@link CallStreamObserver} while properly
    * accounting for outbound flow-control.  After calling this method, {@code target} should no
@@ -40,7 +49,10 @@ public final class StreamObservers {
    *
    * @param source of values expressed as an {@link Iterator}.
    * @param target {@link CallStreamObserver} which accepts values from the source.
+   * @deprecated Of questionable utility and generally not used.
    */
+  @Deprecated
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/4694")
   public static <V> void copyWithFlowControl(final Iterator<V> source,
       final CallStreamObserver<V> target) {
     Preconditions.checkNotNull(source, "source");
@@ -80,7 +92,10 @@ public void run() {
    *
    * @param source of values expressed as an {@link Iterable}.
    * @param target {@link CallStreamObserver} which accepts values from the source.
+   * @deprecated Of questionable utility and generally not used.
    */
+  @Deprecated
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/4694")
   public static <V> void copyWithFlowControl(final Iterable<V> source,
       CallStreamObserver<V> target) {
     Preconditions.checkNotNull(source, "source");
diff --git a/stub/src/test/java/io/grpc/stub/StreamObserversTest.java b/stub/src/test/java/io/grpc/stub/StreamObserversTest.java
new file mode 100644
index 00000000000..86a1aba2e76
--- /dev/null
+++ b/stub/src/test/java/io/grpc/stub/StreamObserversTest.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.stub;
+
+import org.junit.Test;
+import org.mockito.InOrder;
+import org.mockito.Mockito;
+
+public class StreamObserversTest {
+
+  @Test
+  public void nextAndComplete() {
+    @SuppressWarnings("unchecked")
+    StreamObserver<String> observer = Mockito.mock(StreamObserver.class);
+    InOrder inOrder = Mockito.inOrder(observer);
+    StreamObservers.nextAndComplete(observer, "TEST");
+    inOrder.verify(observer).onNext("TEST");
+    inOrder.verify(observer).onCompleted();
+    inOrder.verifyNoMoreInteractions();
+  }
+}

From a13fca2bf2cddd58d917865bc0bb24036c5eb873 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 4 Apr 2025 16:38:29 +0000
Subject: [PATCH 239/591] xds: ClusterResolverLoadBalancer handle update for
 both resolved addresses and errors via ResolutionResult (#11997)

---
 .../grpc/xds/ClusterResolverLoadBalancer.java | 134 +++++++++---------
 .../xds/ClusterResolverLoadBalancerTest.java  |  83 +++++++++--
 2 files changed, 138 insertions(+), 79 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index c92f592ebc8..0fb7cf15909 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -33,6 +33,7 @@
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.ResolutionResult;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.SynchronizationContext.ScheduledHandle;
 import io.grpc.internal.BackoffPolicy;
@@ -657,79 +658,84 @@ private class NameResolverListener extends NameResolver.Listener2 {
 
         @Override
         public void onResult(final ResolutionResult resolutionResult) {
-          class NameResolved implements Runnable {
-            @Override
-            public void run() {
-              if (shutdown) {
-                return;
-              }
-              backoffPolicy = null;  // reset backoff sequence if succeeded
-              // Arbitrary priority notation for all DNS-resolved endpoints.
-              String priorityName = priorityName(name, 0);  // value doesn't matter
-              List<EquivalentAddressGroup> addresses = new ArrayList<>();
-              for (EquivalentAddressGroup eag : resolutionResult.getAddresses()) {
-                // No weight attribute is attached, all endpoint-level LB policy should be able
-                // to handle such it.
-                String localityName = localityName(LOGICAL_DNS_CLUSTER_LOCALITY);
-                Attributes attr = eag.getAttributes().toBuilder()
-                    .set(XdsAttributes.ATTR_LOCALITY, LOGICAL_DNS_CLUSTER_LOCALITY)
-                    .set(XdsAttributes.ATTR_LOCALITY_NAME, localityName)
-                    .set(XdsAttributes.ATTR_ADDRESS_NAME, dnsHostName)
-                    .build();
-                eag = new EquivalentAddressGroup(eag.getAddresses(), attr);
-                eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
-                addresses.add(eag);
-              }
-              PriorityChildConfig priorityChildConfig = generateDnsBasedPriorityChildConfig(
-                  name, lrsServerInfo, maxConcurrentRequests, tlsContext, filterMetadata,
-                  lbRegistry, Collections.<DropOverload>emptyList());
-              status = Status.OK;
-              resolved = true;
-              result = new ClusterResolutionResult(addresses, priorityName, priorityChildConfig);
-              handleEndpointResourceUpdate();
+          syncContext.execute(() -> onResult2(resolutionResult));
+        }
+
+        @Override
+        public Status onResult2(final ResolutionResult resolutionResult) {
+          if (shutdown) {
+            return Status.OK;
+          }
+          // Arbitrary priority notation for all DNS-resolved endpoints.
+          String priorityName = priorityName(name, 0);  // value doesn't matter
+          List<EquivalentAddressGroup> addresses = new ArrayList<>();
+          StatusOr<List<EquivalentAddressGroup>> addressesOrError =
+                  resolutionResult.getAddressesOrError();
+          if (addressesOrError.hasValue()) {
+            backoffPolicy = null;  // reset backoff sequence if succeeded
+            for (EquivalentAddressGroup eag : resolutionResult.getAddresses()) {
+              // No weight attribute is attached, all endpoint-level LB policy should be able
+              // to handle such it.
+              String localityName = localityName(LOGICAL_DNS_CLUSTER_LOCALITY);
+              Attributes attr = eag.getAttributes().toBuilder()
+                      .set(XdsAttributes.ATTR_LOCALITY, LOGICAL_DNS_CLUSTER_LOCALITY)
+                      .set(XdsAttributes.ATTR_LOCALITY_NAME, localityName)
+                      .set(XdsAttributes.ATTR_ADDRESS_NAME, dnsHostName)
+                      .build();
+              eag = new EquivalentAddressGroup(eag.getAddresses(), attr);
+              eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
+              addresses.add(eag);
             }
+            PriorityChildConfig priorityChildConfig = generateDnsBasedPriorityChildConfig(
+                    name, lrsServerInfo, maxConcurrentRequests, tlsContext, filterMetadata,
+                    lbRegistry, Collections.<DropOverload>emptyList());
+            status = Status.OK;
+            resolved = true;
+            result = new ClusterResolutionResult(addresses, priorityName, priorityChildConfig);
+            handleEndpointResourceUpdate();
+            return Status.OK;
+          } else {
+            handleErrorInSyncContext(addressesOrError.getStatus());
+            return addressesOrError.getStatus();
           }
-
-          syncContext.execute(new NameResolved());
         }
 
         @Override
         public void onError(final Status error) {
-          syncContext.execute(new Runnable() {
-            @Override
-            public void run() {
-              if (shutdown) {
-                return;
-              }
-              status = error;
-              // NameResolver.Listener API cannot distinguish between address-not-found and
-              // transient errors. If the error occurs in the first resolution, treat it as
-              // address not found. Otherwise, either there is previously resolved addresses
-              // previously encountered error, propagate the error to downstream/upstream and
-              // let downstream/upstream handle it.
-              if (!resolved) {
-                resolved = true;
-                handleEndpointResourceUpdate();
-              } else {
-                handleEndpointResolutionError();
-              }
-              if (scheduledRefresh != null && scheduledRefresh.isPending()) {
-                return;
-              }
-              if (backoffPolicy == null) {
-                backoffPolicy = backoffPolicyProvider.get();
-              }
-              long delayNanos = backoffPolicy.nextBackoffNanos();
-              logger.log(XdsLogLevel.DEBUG,
+          syncContext.execute(() -> handleErrorInSyncContext(error));
+        }
+
+        private void handleErrorInSyncContext(final Status error) {
+          if (shutdown) {
+            return;
+          }
+          status = error;
+          // NameResolver.Listener API cannot distinguish between address-not-found and
+          // transient errors. If the error occurs in the first resolution, treat it as
+          // address not found. Otherwise, either there is previously resolved addresses
+          // previously encountered error, propagate the error to downstream/upstream and
+          // let downstream/upstream handle it.
+          if (!resolved) {
+            resolved = true;
+            handleEndpointResourceUpdate();
+          } else {
+            handleEndpointResolutionError();
+          }
+          if (scheduledRefresh != null && scheduledRefresh.isPending()) {
+            return;
+          }
+          if (backoffPolicy == null) {
+            backoffPolicy = backoffPolicyProvider.get();
+          }
+          long delayNanos = backoffPolicy.nextBackoffNanos();
+          logger.log(XdsLogLevel.DEBUG,
                   "Logical DNS resolver for cluster {0} encountered name resolution "
-                      + "error: {1}, scheduling DNS resolution backoff for {2} ns",
+                          + "error: {1}, scheduling DNS resolution backoff for {2} ns",
                   name, error, delayNanos);
-              scheduledRefresh =
+          scheduledRefresh =
                   syncContext.schedule(
-                      new DelayedNameResolverRefresh(), delayNanos, TimeUnit.NANOSECONDS,
-                      timeService);
-            }
-          });
+                          new DelayedNameResolverRefresh(), delayNanos, TimeUnit.NANOSECONDS,
+                          timeService);
         }
       }
     }
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index d0176d7aa38..d701f281c01 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -200,6 +200,7 @@ public XdsClient returnObject(Object object) {
   private ArgumentCaptor<SubchannelPicker> pickerCaptor;
   private int xdsClientRefs;
   private ClusterResolverLoadBalancer loadBalancer;
+  private NameResolverProvider fakeNameResolverProvider;
 
   @Before
   public void setUp() throws URISyntaxException {
@@ -216,7 +217,8 @@ public void setUp() throws URISyntaxException {
         .setServiceConfigParser(mock(ServiceConfigParser.class))
         .setChannelLogger(mock(ChannelLogger.class))
         .build();
-    nsRegistry.register(new FakeNameResolverProvider());
+    fakeNameResolverProvider = new FakeNameResolverProvider(false);
+    nsRegistry.register(fakeNameResolverProvider);
     when(helper.getNameResolverRegistry()).thenReturn(nsRegistry);
     when(helper.getNameResolverArgs()).thenReturn(args);
     when(helper.getSynchronizationContext()).thenReturn(syncContext);
@@ -826,6 +828,17 @@ public void handleEdsResource_noHealthyEndpoint() {
 
   @Test
   public void onlyLogicalDnsCluster_endpointsResolved() {
+    do_onlyLogicalDnsCluster_endpointsResolved();
+  }
+
+  @Test
+  public void oldListenerCallback_onlyLogicalDnsCluster_endpointsResolved() {
+    nsRegistry.deregister(fakeNameResolverProvider);
+    nsRegistry.register(new FakeNameResolverProvider(true));
+    do_onlyLogicalDnsCluster_endpointsResolved();
+  }
+
+  void do_onlyLogicalDnsCluster_endpointsResolved() {
     ClusterResolverConfig config = new ClusterResolverConfig(
         Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
@@ -854,7 +867,6 @@ public void onlyLogicalDnsCluster_endpointsResolved() {
         .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
     assertThat(childBalancer.addresses.get(1).getAttributes()
         .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
-
   }
 
   @Test
@@ -874,37 +886,48 @@ public void onlyLogicalDnsCluster_handleRefreshNameResolution() {
   }
 
   @Test
-  public void onlyLogicalDnsCluster_resolutionError_backoffAndRefresh() {
+  public void resolutionError_backoffAndRefresh() {
+    do_onlyLogicalDnsCluster_resolutionError_backoffAndRefresh();
+  }
+
+  @Test
+  public void oldListenerCallback_resolutionError_backoffAndRefresh() {
+    nsRegistry.deregister(fakeNameResolverProvider);
+    nsRegistry.register(new FakeNameResolverProvider(true));
+    do_onlyLogicalDnsCluster_resolutionError_backoffAndRefresh();
+  }
+
+  void do_onlyLogicalDnsCluster_resolutionError_backoffAndRefresh() {
     InOrder inOrder = Mockito.inOrder(helper, backoffPolicyProvider,
-        backoffPolicy1, backoffPolicy2);
+            backoffPolicy1, backoffPolicy2);
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
+            Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
     Status error = Status.UNAVAILABLE.withDescription("cannot reach DNS server");
     resolver.deliverError(error);
     inOrder.verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
+            eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     assertPicker(pickerCaptor.getValue(), error, null);
     assertThat(resolver.refreshCount).isEqualTo(0);
     inOrder.verify(backoffPolicyProvider).get();
     inOrder.verify(backoffPolicy1).nextBackoffNanos();
     assertThat(fakeClock.getPendingTasks()).hasSize(1);
     assertThat(Iterables.getOnlyElement(fakeClock.getPendingTasks()).getDelay(TimeUnit.SECONDS))
-        .isEqualTo(1L);
+            .isEqualTo(1L);
     fakeClock.forwardTime(1L, TimeUnit.SECONDS);
     assertThat(resolver.refreshCount).isEqualTo(1);
 
     error = Status.UNKNOWN.withDescription("I am lost");
     resolver.deliverError(error);
     inOrder.verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
+            eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     inOrder.verify(backoffPolicy1).nextBackoffNanos();
     assertPicker(pickerCaptor.getValue(), error, null);
     assertThat(fakeClock.getPendingTasks()).hasSize(1);
     assertThat(Iterables.getOnlyElement(fakeClock.getPendingTasks()).getDelay(TimeUnit.SECONDS))
-        .isEqualTo(10L);
+            .isEqualTo(10L);
     fakeClock.forwardTime(10L, TimeUnit.SECONDS);
     assertThat(resolver.refreshCount).isEqualTo(2);
 
@@ -914,7 +937,7 @@ public void onlyLogicalDnsCluster_resolutionError_backoffAndRefresh() {
     resolver.deliverEndpointAddresses(Arrays.asList(endpoint1, endpoint2));
     assertThat(childBalancers).hasSize(1);
     assertAddressesEqual(Arrays.asList(endpoint1, endpoint2),
-        Iterables.getOnlyElement(childBalancers).addresses);
+            Iterables.getOnlyElement(childBalancers).addresses);
 
     assertThat(fakeClock.getPendingTasks()).isEmpty();
     inOrder.verifyNoMoreInteractions();
@@ -1319,10 +1342,18 @@ void deliverError(Status error) {
   }
 
   private class FakeNameResolverProvider extends NameResolverProvider {
+    private final boolean useOldListenerCallback;
+
+    private FakeNameResolverProvider(boolean useOldListenerCallback) {
+      this.useOldListenerCallback = useOldListenerCallback;
+    }
+
     @Override
     public NameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
       assertThat(targetUri.getScheme()).isEqualTo("dns");
-      FakeNameResolver resolver = new FakeNameResolver(targetUri);
+      FakeNameResolver resolver = useOldListenerCallback
+              ? new FakeNameResolverUsingOldListenerCallback(targetUri)
+              : new FakeNameResolver(targetUri);
       resolvers.add(resolver);
       return resolver;
     }
@@ -1343,9 +1374,10 @@ protected int priority() {
     }
   }
 
+
   private class FakeNameResolver extends NameResolver {
     private final URI targetUri;
-    private Listener2 listener;
+    protected Listener2 listener;
     private int refreshCount;
 
     private FakeNameResolver(URI targetUri) {
@@ -1372,12 +1404,33 @@ public void shutdown() {
       resolvers.remove(this);
     }
 
-    private void deliverEndpointAddresses(List<EquivalentAddressGroup> addresses) {
+    protected void deliverEndpointAddresses(List<EquivalentAddressGroup> addresses) {
+      syncContext.execute(() -> {
+        Status ret = listener.onResult2(ResolutionResult.newBuilder()
+                .setAddressesOrError(StatusOr.fromValue(addresses)).build());
+        assertThat(ret.getCode()).isEqualTo(Status.Code.OK);
+      });
+    }
+
+    protected void deliverError(Status error) {
+      syncContext.execute(() -> listener.onResult2(ResolutionResult.newBuilder()
+                      .setAddressesOrError(StatusOr.fromStatus(error)).build()));
+    }
+  }
+
+  private class FakeNameResolverUsingOldListenerCallback extends FakeNameResolver {
+    private FakeNameResolverUsingOldListenerCallback(URI targetUri) {
+      super(targetUri);
+    }
+
+    @Override
+    protected void deliverEndpointAddresses(List<EquivalentAddressGroup> addresses) {
       listener.onResult(ResolutionResult.newBuilder()
-          .setAddressesOrError(StatusOr.fromValue(addresses)).build());
+              .setAddressesOrError(StatusOr.fromValue(addresses)).build());
     }
 
-    private void deliverError(Status error) {
+    @Override
+    protected void deliverError(Status error) {
       listener.onError(error);
     }
   }

From aae52de3b8fee34dfc548d36d802cbb07af0c2b6 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 4 Apr 2025 10:58:52 -0700
Subject: [PATCH 240/591] stub: Add RunWith(JUnit4) to support varied
 environments

Some JUnit environments require the RunWith annotation. Notably
Blaze/Bazel needs it.
---
 stub/src/test/java/io/grpc/stub/StreamObserversTest.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/stub/src/test/java/io/grpc/stub/StreamObserversTest.java b/stub/src/test/java/io/grpc/stub/StreamObserversTest.java
index 86a1aba2e76..237dd2e1434 100644
--- a/stub/src/test/java/io/grpc/stub/StreamObserversTest.java
+++ b/stub/src/test/java/io/grpc/stub/StreamObserversTest.java
@@ -17,9 +17,12 @@
 package io.grpc.stub;
 
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
 import org.mockito.InOrder;
 import org.mockito.Mockito;
 
+@RunWith(JUnit4.class)
 public class StreamObserversTest {
 
   @Test

From 54d37839a39defddf59665962e05d863a490cfc9 Mon Sep 17 00:00:00 2001
From: jiangyuan <joe469391363@gmail.com>
Date: Tue, 8 Apr 2025 05:34:57 +0800
Subject: [PATCH 241/591] stub: trailersFromThrowable() metadata should be
 copied (#11979)

If the same exception is passed to multiple RPCs, then the results will
race.

Fixes #11973
---
 .../main/java/io/grpc/stub/ServerCalls.java   |  7 +++--
 .../java/io/grpc/stub/ServerCallsTest.java    | 31 +++++++++++++++++++
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/stub/src/main/java/io/grpc/stub/ServerCalls.java b/stub/src/main/java/io/grpc/stub/ServerCalls.java
index 7990a5b34c0..9f0063713cc 100644
--- a/stub/src/main/java/io/grpc/stub/ServerCalls.java
+++ b/stub/src/main/java/io/grpc/stub/ServerCalls.java
@@ -382,9 +382,10 @@ public void onNext(RespT response) {
 
     @Override
     public void onError(Throwable t) {
-      Metadata metadata = Status.trailersFromThrowable(t);
-      if (metadata == null) {
-        metadata = new Metadata();
+      Metadata metadata = new Metadata();
+      Metadata trailers = Status.trailersFromThrowable(t);
+      if (trailers != null) {
+        metadata.merge(trailers);
       }
       call.close(Status.fromThrowable(t), metadata);
       aborted = true;
diff --git a/stub/src/test/java/io/grpc/stub/ServerCallsTest.java b/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
index 1e51ac10110..6f458facc5e 100644
--- a/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
+++ b/stub/src/test/java/io/grpc/stub/ServerCallsTest.java
@@ -555,6 +555,35 @@ public void invoke(Integer req, StreamObserver<Integer> responseObserver) {
     listener.onHalfClose();
   }
 
+  @Test
+  public void clientSendsOne_serverOnErrorWithTrailers_serverStreaming() {
+    Metadata trailers = new Metadata();
+    Metadata.Key<String> key = Metadata.Key.of("trailers-test-key1",
+            Metadata.ASCII_STRING_MARSHALLER);
+    trailers.put(key, "trailers-test-value1");
+
+    ServerCallRecorder serverCall = new ServerCallRecorder(SERVER_STREAMING_METHOD);
+    ServerCallHandler<Integer, Integer> callHandler = ServerCalls.asyncServerStreamingCall(
+        new ServerCalls.ServerStreamingMethod<Integer, Integer>() {
+          @Override
+          public void invoke(Integer req, StreamObserver<Integer> responseObserver) {
+            responseObserver.onError(
+                    Status.fromCode(Status.Code.INTERNAL)
+                            .asRuntimeException(trailers)
+            );
+          }
+        });
+    ServerCall.Listener<Integer> listener = callHandler.startCall(serverCall, new Metadata());
+    serverCall.isReady = true;
+    serverCall.isCancelled = false;
+    listener.onReady();
+    listener.onMessage(1);
+    listener.onHalfClose();
+    // verify trailers key is set
+    assertTrue(serverCall.trailers.containsKey(key));
+    assertTrue(serverCall.status.equals(Status.INTERNAL));
+  }
+
   @Test
   public void inprocessTransportManualFlow() throws Exception {
     final Semaphore semaphore = new Semaphore(1);
@@ -652,6 +681,7 @@ private static class ServerCallRecorder extends ServerCall<Integer, Integer> {
     private boolean isCancelled;
     private boolean isReady;
     private int onReadyThreshold;
+    private Metadata trailers;
 
     public ServerCallRecorder(MethodDescriptor<Integer, Integer> methodDescriptor) {
       this.methodDescriptor = methodDescriptor;
@@ -674,6 +704,7 @@ public void sendMessage(Integer message) {
     @Override
     public void close(Status status, Metadata trailers) {
       this.status = status;
+      this.trailers = trailers;
     }
 
     @Override

From 2db4852e231f58e8c2faccdf7feea08077a62a87 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 7 Apr 2025 14:26:14 -0700
Subject: [PATCH 242/591] core: Loop over interceptors when computing effective
 interceptors

A post-merge review of 8516cfef9 suggested this change and the comment
had been lost in my inbox.
---
 .../internal/ManagedChannelImplBuilder.java   | 20 +++++++++----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
index 20f7e901ddd..fc3c7891008 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
@@ -737,18 +737,16 @@ public ManagedChannel build() {
   // TODO(zdapeng): FIX IT
   @VisibleForTesting
   List<ClientInterceptor> getEffectiveInterceptors(String computedTarget) {
-    List<ClientInterceptor> effectiveInterceptors = new ArrayList<>(this.interceptors);
-    for (int i = 0; i < effectiveInterceptors.size(); i++) {
-      if (!(effectiveInterceptors.get(i) instanceof InterceptorFactoryWrapper)) {
-        continue;
-      }
-      InterceptorFactory factory =
-          ((InterceptorFactoryWrapper) effectiveInterceptors.get(i)).factory;
-      ClientInterceptor interceptor = factory.newInterceptor(computedTarget);
-      if (interceptor == null) {
-        throw new NullPointerException("Factory returned null interceptor: " + factory);
+    List<ClientInterceptor> effectiveInterceptors = new ArrayList<>(this.interceptors.size());
+    for (ClientInterceptor interceptor : this.interceptors) {
+      if (interceptor instanceof InterceptorFactoryWrapper) {
+        InterceptorFactory factory = ((InterceptorFactoryWrapper) interceptor).factory;
+        interceptor = factory.newInterceptor(computedTarget);
+        if (interceptor == null) {
+          throw new NullPointerException("Factory returned null interceptor: " + factory);
+        }
       }
-      effectiveInterceptors.set(i, interceptor);
+      effectiveInterceptors.add(interceptor);
     }
 
     boolean disableImplicitCensus = InternalConfiguratorRegistry.wasSetConfiguratorsCalled();

From a6aec2769e0ab4a41f6aa6b0771d0614a834dac2 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 8 Apr 2025 09:20:12 -0700
Subject: [PATCH 243/591] auth: Use pre-existing private key in test

Generating a KeyPair is very expensive when running with TSAN, because
TSAN keeps the JVM in interpreted mode. This speeds up the test running
on my desktop from .368s to .151s; faster, but nobody cares. With TSAN,
the speedup is from 150-500s to 4-6s. Within Google the test was timing
out because it was taking so long. While we can increase the timeout,
it seems better to speed up the test in this easy way.
---
 .../GoogleAuthLibraryCallCredentialsTest.java | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java
index 1e8c27bca25..75026fd7c18 100644
--- a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java
+++ b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java
@@ -50,10 +50,12 @@
 import io.grpc.Status;
 import io.grpc.internal.JsonParser;
 import io.grpc.testing.TestMethodDescriptors;
+import io.grpc.testing.TlsTesting;
+import io.grpc.util.CertificateUtils;
 import java.io.IOException;
+import java.io.InputStream;
 import java.net.URI;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -342,7 +344,10 @@ public void serviceUri() throws Exception {
 
   @Test
   public void serviceAccountToJwt() throws Exception {
-    KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+    PrivateKey privateKey;
+    try (InputStream server1Key = TlsTesting.loadCert("server1.key")) {
+      privateKey = CertificateUtils.getPrivateKey(server1Key);
+    }
 
     HttpTransportFactory factory = Mockito.mock(HttpTransportFactory.class);
     Mockito.when(factory.create()).thenThrow(new AssertionError());
@@ -350,7 +355,7 @@ public void serviceAccountToJwt() throws Exception {
     ServiceAccountCredentials credentials =
         ServiceAccountCredentials.newBuilder()
             .setClientEmail("test-email@example.com")
-            .setPrivateKey(pair.getPrivate())
+            .setPrivateKey(privateKey)
             .setPrivateKeyId("test-private-key-id")
             .setHttpTransportFactory(factory)
             .build();
@@ -390,13 +395,16 @@ public void oauthClassesNotInClassPath() throws Exception {
 
   @Test
   public void jwtAccessCredentialsInRequestMetadata() throws Exception {
-    KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+    PrivateKey privateKey;
+    try (InputStream server1Key = TlsTesting.loadCert("server1.key")) {
+      privateKey = CertificateUtils.getPrivateKey(server1Key);
+    }
 
     ServiceAccountCredentials credentials =
         ServiceAccountCredentials.newBuilder()
             .setClientId("test-client")
             .setClientEmail("test-email@example.com")
-            .setPrivateKey(pair.getPrivate())
+            .setPrivateKey(privateKey)
             .setPrivateKeyId("test-private-key-id")
             .setQuotaProjectId("test-quota-project-id")
             .build();

From f79ab2f16f7e037da0e8c9985e917eca552c22cb Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 9 Apr 2025 09:14:44 -0700
Subject: [PATCH 244/591] api: Remove deprecated
 SubchannelPicker.requestConnection()

It has been deprecated since cec9ee368, six years ago. It was replaced
with LoadBalancer.requestConnection().
---
 api/src/main/java/io/grpc/LoadBalancer.java         | 12 ------------
 .../java/io/grpc/internal/ManagedChannelImpl.java   | 13 +------------
 .../io/grpc/internal/ManagedChannelImplTest.java    |  1 -
 xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java |  5 -----
 4 files changed, 1 insertion(+), 30 deletions(-)

diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index d5f44dafa5e..53ba60fdc9c 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -452,18 +452,6 @@ public abstract static class SubchannelPicker {
      * @since 1.3.0
      */
     public abstract PickResult pickSubchannel(PickSubchannelArgs args);
-
-    /**
-     * Tries to establish connections now so that the upcoming RPC may then just pick a ready
-     * connection without having to connect first.
-     *
-     * <p>No-op if unsupported.
-     *
-     * @deprecated override {@link LoadBalancer#requestConnection} instead.
-     * @since 1.11.0
-     */
-    @Deprecated
-    public void requestConnection() {}
   }
 
   /**
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 1b51c2dbb32..c5daba7bfc8 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -228,11 +228,6 @@ public void uncaughtException(Thread t, Throwable e) {
   @Nullable
   private LbHelperImpl lbHelper;
 
-  // Must ONLY be assigned from updateSubchannelPicker(), which is called from syncContext.
-  // null if channel is in idle mode.
-  @Nullable
-  private volatile SubchannelPicker subchannelPicker;
-
   // Must be accessed from the syncContext
   private boolean panicMode;
 
@@ -259,8 +254,7 @@ public void uncaughtException(Thread t, Throwable e) {
   // Channel's shutdown process:
   // 1. shutdown(): stop accepting new calls from applications
   //   1a shutdown <- true
-  //   1b subchannelPicker <- null
-  //   1c delayedTransport.shutdown()
+  //   1b delayedTransport.shutdown()
   // 2. delayedTransport terminated: stop stream-creation functionality
   //   2a terminating <- true
   //   2b loadBalancer.shutdown()
@@ -393,7 +387,6 @@ private void shutdownNameResolverAndLoadBalancer(boolean channelIsActive) {
       lbHelper.lb.shutdown();
       lbHelper = null;
     }
-    subchannelPicker = null;
   }
 
   /**
@@ -804,7 +797,6 @@ boolean isInPanicMode() {
 
   // Called from syncContext
   private void updateSubchannelPicker(SubchannelPicker newPicker) {
-    subchannelPicker = newPicker;
     delayedTransport.reprocess(newPicker);
   }
 
@@ -1228,9 +1220,6 @@ final class RequestConnection implements Runnable {
         @Override
         public void run() {
           exitIdleMode();
-          if (subchannelPicker != null) {
-            subchannelPicker.requestConnection();
-          }
           if (lbHelper != null) {
             lbHelper.lb.requestConnection();
           }
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 21ccf1095df..ac845947f1c 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -2590,7 +2590,6 @@ public void getState_withRequestConnect_IdleWithLbRunning() {
 
     assertEquals(IDLE, channel.getState(true));
     verify(mockLoadBalancerProvider).newLoadBalancer(any(Helper.class));
-    verify(mockPicker).requestConnection();
     verify(mockLoadBalancer).requestConnection();
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java b/xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java
index 87f1b72ca47..8ba1cb28c62 100644
--- a/xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java
@@ -107,11 +107,6 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
         helper.getSynchronizationContext().execute(LazyDelegate.this::activate);
         return PickResult.withNoResult();
       }
-
-      @Override
-      public void requestConnection() {
-        helper.getSynchronizationContext().execute(LazyDelegate.this::requestConnection);
-      }
     }
   }
 

From 65d0bb8a4d9ee111f1eeb02c43321bbb99143151 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 11 Apr 2025 08:25:21 -0700
Subject: [PATCH 245/591] xds: Enable deprecation warnings

The security code referenced fields removed from gRFC A29 before it was
finalized.

Note that this fixes a bug in CommonTlsContextUtil where
CombinedValidationContext was not checked. I believe this was the only
location with such a bug as I audited all non-test usages of
has/getValidationContext() and confirmed they have have a corresponding
has/getCombinedValidationContext().
---
 xds/build.gradle                              |   2 -
 .../grpc/xds/ClusterResolverLoadBalancer.java |   2 +-
 xds/src/main/java/io/grpc/xds/RbacFilter.java |   9 +-
 .../java/io/grpc/xds/XdsClusterResource.java  |  23 +--
 .../grpc/xds/XdsRouteConfigureResource.java   |   3 +-
 .../io/grpc/xds/internal/MatcherParser.java   |  17 +-
 .../security/CommonTlsContextUtil.java        |  21 +--
 .../CertProviderSslContextProvider.java       |  11 --
 .../security/trust/XdsX509TrustManager.java   |   1 +
 ...rChainMatchingProtocolNegotiatorsTest.java |   3 +-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 146 ++++++------------
 .../grpc/xds/GrpcXdsClientImplTestBase.java   |   9 +-
 .../io/grpc/xds/GrpcXdsClientImplV3Test.java  |  12 +-
 .../ClientSslContextProviderFactoryTest.java  |   6 +-
 .../security/CommonTlsContextTestsUtil.java   | 101 +++++-------
 .../CertificateProviderStoreTest.java         |   3 -
 16 files changed, 116 insertions(+), 253 deletions(-)

diff --git a/xds/build.gradle b/xds/build.gradle
index cdd4924cab3..90ba3709d14 100644
--- a/xds/build.gradle
+++ b/xds/build.gradle
@@ -133,8 +133,6 @@ tasks.named("checkstyleThirdparty").configure {
 
 tasks.named("compileJava").configure {
     it.options.compilerArgs += [
-        // TODO: remove
-        "-Xlint:-deprecation",
         // only has AutoValue annotation processor
         "-Xlint:-processing",
     ]
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index 0fb7cf15909..080760303bf 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -673,7 +673,7 @@ public Status onResult2(final ResolutionResult resolutionResult) {
                   resolutionResult.getAddressesOrError();
           if (addressesOrError.hasValue()) {
             backoffPolicy = null;  // reset backoff sequence if succeeded
-            for (EquivalentAddressGroup eag : resolutionResult.getAddresses()) {
+            for (EquivalentAddressGroup eag : addressesOrError.getValue()) {
               // No weight attribute is attached, all endpoint-level LB policy should be able
               // to handle such it.
               String localityName = localityName(LOGICAL_DNS_CLUSTER_LOCALITY);
diff --git a/xds/src/main/java/io/grpc/xds/RbacFilter.java b/xds/src/main/java/io/grpc/xds/RbacFilter.java
index d91884735e9..91df1e68802 100644
--- a/xds/src/main/java/io/grpc/xds/RbacFilter.java
+++ b/xds/src/main/java/io/grpc/xds/RbacFilter.java
@@ -276,8 +276,13 @@ private static Matcher parsePrincipal(Principal principal) {
         return createSourceIpMatcher(principal.getDirectRemoteIp());
       case REMOTE_IP:
         return createSourceIpMatcher(principal.getRemoteIp());
-      case SOURCE_IP:
-        return createSourceIpMatcher(principal.getSourceIp());
+      case SOURCE_IP: {
+        // gRFC A41 has identical handling of source_ip as remote_ip and direct_remote_ip and
+        // pre-dates the deprecation.
+        @SuppressWarnings("deprecation")
+        CidrRange sourceIp = principal.getSourceIp();
+        return createSourceIpMatcher(sourceIp);
+      }
       case HEADER:
         return parseHeaderMatcher(principal.getHeader());
       case NOT_ID:
diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index cfc74f3ca70..0d9274e2869 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -450,15 +450,6 @@ static void validateCommonTlsContext(
       throw new ResourceInvalidException(
           "common-tls-context with validation_context_sds_secret_config is not supported");
     }
-    if (commonTlsContext.hasValidationContextCertificateProvider()) {
-      throw new ResourceInvalidException(
-          "common-tls-context with validation_context_certificate_provider is not supported");
-    }
-    if (commonTlsContext.hasValidationContextCertificateProviderInstance()) {
-      throw new ResourceInvalidException(
-          "common-tls-context with validation_context_certificate_provider_instance is not"
-              + " supported");
-    }
     String certInstanceName = getIdentityCertInstanceName(commonTlsContext);
     if (certInstanceName == null) {
       if (server) {
@@ -473,10 +464,6 @@ static void validateCommonTlsContext(
         throw new ResourceInvalidException(
             "tls_certificate_provider_instance is unset");
       }
-      if (commonTlsContext.hasTlsCertificateCertificateProvider()) {
-        throw new ResourceInvalidException(
-            "tls_certificate_provider_instance is unset");
-      }
     } else if (certProviderInstances == null || !certProviderInstances.contains(certInstanceName)) {
       throw new ResourceInvalidException(
           "CertificateProvider instance name '" + certInstanceName
@@ -505,7 +492,9 @@ static void validateCommonTlsContext(
             .getDefaultValidationContext();
       }
       if (certificateValidationContext != null) {
-        if (certificateValidationContext.getMatchSubjectAltNamesCount() > 0 && server) {
+        @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
+        int matchSubjectAltNamesCount = certificateValidationContext.getMatchSubjectAltNamesCount();
+        if (matchSubjectAltNamesCount > 0 && server) {
           throw new ResourceInvalidException(
               "match_subject_alt_names only allowed in upstream_tls_context");
         }
@@ -536,8 +525,6 @@ static void validateCommonTlsContext(
   private static String getIdentityCertInstanceName(CommonTlsContext commonTlsContext) {
     if (commonTlsContext.hasTlsCertificateProviderInstance()) {
       return commonTlsContext.getTlsCertificateProviderInstance().getInstanceName();
-    } else if (commonTlsContext.hasTlsCertificateCertificateProviderInstance()) {
-      return commonTlsContext.getTlsCertificateCertificateProviderInstance().getInstanceName();
     }
     return null;
   }
@@ -556,10 +543,6 @@ private static String getRootCertInstanceName(CommonTlsContext commonTlsContext)
           .hasCaCertificateProviderInstance()) {
         return combinedCertificateValidationContext.getDefaultValidationContext()
             .getCaCertificateProviderInstance().getInstanceName();
-      } else if (combinedCertificateValidationContext
-          .hasValidationContextCertificateProviderInstance()) {
-        return combinedCertificateValidationContext
-            .getValidationContextCertificateProviderInstance().getInstanceName();
       }
     }
     return null;
diff --git a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
index 80a77cbb1d4..2ee326435c4 100644
--- a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
@@ -451,8 +451,7 @@ static StructOrError<RouteAction> parseRouteAction(
               config.getHeader();
           Pattern regEx = null;
           String regExSubstitute = null;
-          if (headerCfg.hasRegexRewrite() && headerCfg.getRegexRewrite().hasPattern()
-              && headerCfg.getRegexRewrite().getPattern().hasGoogleRe2()) {
+          if (headerCfg.hasRegexRewrite() && headerCfg.getRegexRewrite().hasPattern()) {
             regEx = Pattern.compile(headerCfg.getRegexRewrite().getPattern().getRegex());
             regExSubstitute = headerCfg.getRegexRewrite().getSubstitution();
           }
diff --git a/xds/src/main/java/io/grpc/xds/internal/MatcherParser.java b/xds/src/main/java/io/grpc/xds/internal/MatcherParser.java
index 39b80bbcc03..fb291efc461 100644
--- a/xds/src/main/java/io/grpc/xds/internal/MatcherParser.java
+++ b/xds/src/main/java/io/grpc/xds/internal/MatcherParser.java
@@ -26,9 +26,12 @@ public static Matchers.HeaderMatcher parseHeaderMatcher(
           io.envoyproxy.envoy.config.route.v3.HeaderMatcher proto) {
     switch (proto.getHeaderMatchSpecifierCase()) {
       case EXACT_MATCH:
+        @SuppressWarnings("deprecation") // gRFC A63: support indefinitely
+        String exactMatch = proto.getExactMatch();
         return Matchers.HeaderMatcher.forExactValue(
-                        proto.getName(), proto.getExactMatch(), proto.getInvertMatch());
+                        proto.getName(), exactMatch, proto.getInvertMatch());
       case SAFE_REGEX_MATCH:
+        @SuppressWarnings("deprecation") // gRFC A63: support indefinitely
         String rawPattern = proto.getSafeRegexMatch().getRegex();
         Pattern safeRegExMatch;
         try {
@@ -49,14 +52,20 @@ public static Matchers.HeaderMatcher parseHeaderMatcher(
         return Matchers.HeaderMatcher.forPresent(
               proto.getName(), proto.getPresentMatch(), proto.getInvertMatch());
       case PREFIX_MATCH:
+        @SuppressWarnings("deprecation") // gRFC A63: support indefinitely
+        String prefixMatch = proto.getPrefixMatch();
         return Matchers.HeaderMatcher.forPrefix(
-              proto.getName(), proto.getPrefixMatch(), proto.getInvertMatch());
+              proto.getName(), prefixMatch, proto.getInvertMatch());
       case SUFFIX_MATCH:
+        @SuppressWarnings("deprecation") // gRFC A63: support indefinitely
+        String suffixMatch = proto.getSuffixMatch();
         return Matchers.HeaderMatcher.forSuffix(
-              proto.getName(), proto.getSuffixMatch(), proto.getInvertMatch());
+              proto.getName(), suffixMatch, proto.getInvertMatch());
       case CONTAINS_MATCH:
+        @SuppressWarnings("deprecation") // gRFC A63: support indefinitely
+        String containsMatch = proto.getContainsMatch();
         return Matchers.HeaderMatcher.forContains(
-              proto.getName(), proto.getContainsMatch(), proto.getInvertMatch());
+              proto.getName(), containsMatch, proto.getInvertMatch());
       case STRING_MATCH:
         return Matchers.HeaderMatcher.forString(
           proto.getName(), parseStringMatcher(proto.getStringMatch()), proto.getInvertMatch());
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java b/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
index e5a8c115361..50fa18b64f9 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
@@ -18,7 +18,6 @@
 
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
-import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext;
 
 /** Class for utility functions for {@link CommonTlsContext}. */
 public final class CommonTlsContextUtil {
@@ -29,22 +28,8 @@ public static boolean hasCertProviderInstance(CommonTlsContext commonTlsContext)
     if (commonTlsContext == null) {
       return false;
     }
-    return hasIdentityCertificateProviderInstance(commonTlsContext)
-        || hasCertProviderValidationContext(commonTlsContext);
-  }
-
-  private static boolean hasCertProviderValidationContext(CommonTlsContext commonTlsContext) {
-    if (commonTlsContext.hasCombinedValidationContext()) {
-      CombinedCertificateValidationContext combinedCertificateValidationContext =
-          commonTlsContext.getCombinedValidationContext();
-      return combinedCertificateValidationContext.hasValidationContextCertificateProviderInstance();
-    }
-    return hasValidationProviderInstance(commonTlsContext);
-  }
-
-  private static boolean hasIdentityCertificateProviderInstance(CommonTlsContext commonTlsContext) {
     return commonTlsContext.hasTlsCertificateProviderInstance()
-        || commonTlsContext.hasTlsCertificateCertificateProviderInstance();
+        || hasValidationProviderInstance(commonTlsContext);
   }
 
   private static boolean hasValidationProviderInstance(CommonTlsContext commonTlsContext) {
@@ -52,7 +37,9 @@ private static boolean hasValidationProviderInstance(CommonTlsContext commonTlsC
         .hasCaCertificateProviderInstance()) {
       return true;
     }
-    return commonTlsContext.hasValidationContextCertificateProviderInstance();
+    return commonTlsContext.hasCombinedValidationContext()
+        && commonTlsContext.getCombinedValidationContext().getDefaultValidationContext()
+          .hasCaCertificateProviderInstance();
   }
 
   /**
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
index f9cd14f2efd..801dabeecb7 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
@@ -99,8 +99,6 @@ protected static CertificateProviderInstance getCertProviderInstance(
       CommonTlsContext commonTlsContext) {
     if (commonTlsContext.hasTlsCertificateProviderInstance()) {
       return CommonTlsContextUtil.convert(commonTlsContext.getTlsCertificateProviderInstance());
-    } else if (commonTlsContext.hasTlsCertificateCertificateProviderInstance()) {
-      return commonTlsContext.getTlsCertificateCertificateProviderInstance();
     }
     return null;
   }
@@ -128,15 +126,6 @@ protected static CommonTlsContext.CertificateProviderInstance getRootCertProvide
     if (certValidationContext != null && certValidationContext.hasCaCertificateProviderInstance()) {
       return CommonTlsContextUtil.convert(certValidationContext.getCaCertificateProviderInstance());
     }
-    if (commonTlsContext.hasCombinedValidationContext()) {
-      CommonTlsContext.CombinedCertificateValidationContext combinedValidationContext =
-          commonTlsContext.getCombinedValidationContext();
-      if (combinedValidationContext.hasValidationContextCertificateProviderInstance()) {
-        return combinedValidationContext.getValidationContextCertificateProviderInstance();
-      }
-    } else if (commonTlsContext.hasValidationContextCertificateProviderInstance()) {
-      return commonTlsContext.getValidationContextCertificateProviderInstance();
-    }
     return null;
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
index dcd3f2006a1..1ecfe378d29 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
@@ -207,6 +207,7 @@ void verifySubjectAltNameInChain(X509Certificate[] peerCertChain) throws Certifi
     if (certContext == null) {
       return;
     }
+    @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
     List<StringMatcher> verifyList = certContext.getMatchSubjectAltNamesList();
     if (verifyList.isEmpty()) {
       return;
diff --git a/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java
index c3d006a6003..722f915dbea 100644
--- a/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java
@@ -1125,7 +1125,6 @@ public void filterChain_5stepMatch() throws Exception {
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void filterChainMatch_unsupportedMatchers() throws Exception {
     EnvoyServerProtoData.DownstreamTlsContext tlsContext1 =
             CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "ROOTCA");
@@ -1194,7 +1193,7 @@ public void filterChainMatch_unsupportedMatchers() throws Exception {
     assertThat(sslSet.get()).isEqualTo(defaultFilterChain.sslContextProviderSupplier());
     assertThat(routingSettable.get()).isEqualTo(noopConfig);
     assertThat(sslSet.get().getTlsContext().getCommonTlsContext()
-            .getTlsCertificateCertificateProviderInstance()
+            .getTlsCertificateProviderInstance()
             .getCertificateName()).isEqualTo("CERT3");
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 0ea58c974bb..e5502463db0 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -98,7 +98,6 @@
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
-import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig;
@@ -3042,35 +3041,6 @@ public void validateCommonTlsContext_validationContextSdsSecretConfig()
     XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
   }
 
-  @Test
-  @SuppressWarnings("deprecation")
-  public void validateCommonTlsContext_validationContextCertificateProvider()
-      throws ResourceInvalidException {
-    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
-        .setValidationContextCertificateProvider(
-            CommonTlsContext.CertificateProvider.getDefaultInstance())
-        .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
-        "common-tls-context with validation_context_certificate_provider is not supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
-  }
-
-  @Test
-  @SuppressWarnings("deprecation")
-  public void validateCommonTlsContext_validationContextCertificateProviderInstance()
-      throws ResourceInvalidException {
-    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
-        .setValidationContextCertificateProviderInstance(
-            CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
-        .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
-        "common-tls-context with validation_context_certificate_provider_instance is not "
-            + "supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
-  }
-
   @Test
   public void validateCommonTlsContext_tlsCertificateProviderInstance_isRequiredForServer()
       throws ResourceInvalidException {
@@ -3083,36 +3053,33 @@ public void validateCommonTlsContext_tlsCertificateProviderInstance_isRequiredFo
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_tlsNewCertificateProviderInstance()
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setTlsCertificateProviderInstance(
-            CertificateProviderPluginInstance.newBuilder().setInstanceName("name1").build())
+            CertificateProviderPluginInstance.newBuilder().setInstanceName("name1"))
         .build();
     XdsClusterResource
         .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("name1", "name2"), true);
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_tlsCertificateProviderInstance()
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
-        .setTlsCertificateCertificateProviderInstance(
-            CertificateProviderInstance.newBuilder().setInstanceName("name1").build())
+        .setTlsCertificateProviderInstance(
+            CertificateProviderPluginInstance.newBuilder().setInstanceName("name1"))
         .build();
     XdsClusterResource
         .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("name1", "name2"), true);
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_tlsCertificateProviderInstance_absentInBootstrapFile()
           throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
-        .setTlsCertificateCertificateProviderInstance(
-            CertificateProviderInstance.newBuilder().setInstanceName("bad-name").build())
+        .setTlsCertificateProviderInstance(
+            CertificateProviderPluginInstance.newBuilder().setInstanceName("bad-name"))
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage(
@@ -3122,15 +3089,14 @@ public void validateCommonTlsContext_tlsCertificateProviderInstance_absentInBoot
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_validationContextProviderInstance()
           throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CertificateProviderInstance.newBuilder().setInstanceName("name1").build())
-                .build())
+              .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                .setCaCertificateProviderInstance(CertificateProviderPluginInstance.newBuilder()
+                  .setInstanceName("name1"))))
         .build();
     XdsClusterResource
         .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("name1", "name2"), false);
@@ -3218,15 +3184,14 @@ public void validateCommonTlsContext_validationContextSystemRootCerts()
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_validationContextProviderInstance_absentInBootstrapFile()
           throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CertificateProviderInstance.newBuilder().setInstanceName("bad-name").build())
-                .build())
+              .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                .setCaCertificateProviderInstance(CertificateProviderPluginInstance.newBuilder()
+                  .setInstanceName("bad-name"))))
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage(
@@ -3258,20 +3223,6 @@ public void validateCommonTlsContext_tlsCertificateSdsSecretConfigsCount()
     XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
   }
 
-  @Test
-  @SuppressWarnings("deprecation")
-  public void validateCommonTlsContext_tlsCertificateCertificateProvider()
-      throws ResourceInvalidException {
-    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
-        .setTlsCertificateCertificateProvider(
-            CommonTlsContext.CertificateProvider.getDefaultInstance())
-        .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
-        "tls_certificate_provider_instance is unset");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
-  }
-
   @Test
   public void validateCommonTlsContext_combinedValidationContext_isRequiredForClient()
       throws ResourceInvalidException {
@@ -3304,13 +3255,13 @@ public void validateCommonTlsContext_combinedValContextWithDefaultValContextForS
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CertificateProviderInstance.getDefaultInstance())
                 .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                    .setCaCertificateProviderInstance(
+                        CertificateProviderPluginInstance.getDefaultInstance())
                     .addMatchSubjectAltNames(StringMatcher.newBuilder().setExact("foo.com").build())
                     .build()))
-        .setTlsCertificateCertificateProviderInstance(
-            CertificateProviderInstance.getDefaultInstance())
+        .setTlsCertificateProviderInstance(
+            CertificateProviderPluginInstance.getDefaultInstance())
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("match_subject_alt_names only allowed in upstream_tls_context");
@@ -3318,18 +3269,16 @@ public void validateCommonTlsContext_combinedValContextWithDefaultValContextForS
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_combinedValContextWithDefaultValContextVerifyCertSpki()
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
-                .setDefaultValidationContext(
-                    CertificateValidationContext.newBuilder().addVerifyCertificateSpki("foo")))
-        .setTlsCertificateCertificateProviderInstance(
-            CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
+                .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                    .setCaCertificateProviderInstance(
+                        CertificateProviderPluginInstance.getDefaultInstance())
+                    .addVerifyCertificateSpki("foo")))
+        .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("verify_certificate_spki in default_validation_context is not "
@@ -3338,18 +3287,16 @@ public void validateCommonTlsContext_combinedValContextWithDefaultValContextVeri
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_combinedValContextWithDefaultValContextVerifyCertHash()
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
-                .setDefaultValidationContext(
-                    CertificateValidationContext.newBuilder().addVerifyCertificateHash("foo")))
-        .setTlsCertificateCertificateProviderInstance(
-            CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
+                .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                    .setCaCertificateProviderInstance(
+                        CertificateProviderPluginInstance.getDefaultInstance())
+                    .addVerifyCertificateHash("foo")))
+        .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("verify_certificate_hash in default_validation_context is not "
@@ -3358,18 +3305,17 @@ public void validateCommonTlsContext_combinedValContextWithDefaultValContextVeri
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_combinedValContextDfltValContextRequireSignedCertTimestamp()
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
                 .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                    .setCaCertificateProviderInstance(
+                        CertificateProviderPluginInstance.getDefaultInstance())
                     .setRequireSignedCertificateTimestamp(BoolValue.of(true))))
-        .setTlsCertificateCertificateProviderInstance(
-            CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
+        .setTlsCertificateProviderInstance(
+            CertificateProviderPluginInstance.getDefaultInstance())
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage(
@@ -3379,18 +3325,16 @@ public void validateCommonTlsContext_combinedValContextDfltValContextRequireSign
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_combinedValidationContextWithDefaultValidationContextCrl()
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
                 .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                    .setCaCertificateProviderInstance(
+                        CertificateProviderPluginInstance.getDefaultInstance())
                     .setCrl(DataSource.getDefaultInstance())))
-        .setTlsCertificateCertificateProviderInstance(
-            CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
+        .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("crl in default_validation_context is not supported");
@@ -3398,18 +3342,16 @@ public void validateCommonTlsContext_combinedValidationContextWithDefaultValidat
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateCommonTlsContext_combinedValContextWithDfltValContextCustomValidatorConfig()
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
                 .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                    .setCaCertificateProviderInstance(
+                        CertificateProviderPluginInstance.getDefaultInstance())
                     .setCustomValidatorConfig(TypedExtensionConfig.getDefaultInstance())))
-        .setTlsCertificateCertificateProviderInstance(
-            CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
+        .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
     thrown.expect(ResourceInvalidException.class);
     thrown.expectMessage("custom_validator_config in default_validation_context is not "
@@ -3426,15 +3368,14 @@ public void validateDownstreamTlsContext_noCommonTlsContext() throws ResourceInv
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateDownstreamTlsContext_hasRequireSni() throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CommonTlsContext.CertificateProviderInstance.getDefaultInstance()))
-        .setTlsCertificateCertificateProviderInstance(
-            CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
+                .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                    .setCaCertificateProviderInstance(
+                        CertificateProviderPluginInstance.getDefaultInstance())))
+        .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
     DownstreamTlsContext downstreamTlsContext = DownstreamTlsContext.newBuilder()
         .setCommonTlsContext(commonTlsContext)
@@ -3446,15 +3387,14 @@ public void validateDownstreamTlsContext_hasRequireSni() throws ResourceInvalidE
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void validateDownstreamTlsContext_hasOcspStaplePolicy() throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(
-                    CommonTlsContext.CertificateProviderInstance.getDefaultInstance()))
-        .setTlsCertificateCertificateProviderInstance(
-            CommonTlsContext.CertificateProviderInstance.getDefaultInstance())
+                .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                    .setCaCertificateProviderInstance(
+                        CertificateProviderPluginInstance.getDefaultInstance())))
+        .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
     DownstreamTlsContext downstreamTlsContext = DownstreamTlsContext.newBuilder()
         .setCommonTlsContext(commonTlsContext)
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 36131464d08..369763a21b7 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -47,7 +47,6 @@
 import io.envoyproxy.envoy.config.route.v3.WeightedCluster;
 import io.envoyproxy.envoy.extensions.filters.http.router.v3.Router;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance;
-import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.BindableService;
 import io.grpc.ChannelCredentials;
 import io.grpc.Context;
@@ -2245,7 +2244,6 @@ public void cdsResponseWithCircuitBreakers() {
    * CDS response containing UpstreamTlsContext for a cluster.
    */
   @Test
-  @SuppressWarnings("deprecation")
   public void cdsResponseWithUpstreamTlsContext() {
     DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
         cdsResourceWatcher);
@@ -2269,9 +2267,9 @@ public void cdsResponseWithUpstreamTlsContext() {
     verify(cdsResourceWatcher, times(1))
         .onChanged(cdsUpdateCaptor.capture());
     CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
-    CommonTlsContext.CertificateProviderInstance certificateProviderInstance =
+    CertificateProviderPluginInstance certificateProviderInstance =
         cdsUpdate.upstreamTlsContext().getCommonTlsContext().getCombinedValidationContext()
-            .getValidationContextCertificateProviderInstance();
+            .getDefaultValidationContext().getCaCertificateProviderInstance();
     assertThat(certificateProviderInstance.getInstanceName()).isEqualTo("cert-instance-name");
     assertThat(certificateProviderInstance.getCertificateName()).isEqualTo("cert1");
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, clusterEds, VERSION_1, TIME_INCREMENT);
@@ -2282,7 +2280,6 @@ public void cdsResponseWithUpstreamTlsContext() {
    * CDS response containing new UpstreamTlsContext for a cluster.
    */
   @Test
-  @SuppressWarnings("deprecation")
   public void cdsResponseWithNewUpstreamTlsContext() {
     DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
         cdsResourceWatcher);
@@ -2344,7 +2341,6 @@ public void cdsResponseErrorHandling_badUpstreamTlsContext() {
    * CDS response containing OutlierDetection for a cluster.
    */
   @Test
-  @SuppressWarnings("deprecation")
   public void cdsResponseWithOutlierDetection() {
     DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
         cdsResourceWatcher);
@@ -2413,7 +2409,6 @@ public void cdsResponseWithOutlierDetection() {
    * CDS response containing OutlierDetection for a cluster.
    */
   @Test
-  @SuppressWarnings("deprecation")
   public void cdsResponseWithInvalidOutlierDetectionNacks() {
 
     DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplV3Test.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplV3Test.java
index af34c7232d0..3966fae7f20 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplV3Test.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplV3Test.java
@@ -613,18 +613,15 @@ protected Message buildLeastRequestLbConfig(int choiceCount) {
     }
 
     @Override
-    @SuppressWarnings("deprecation")
     protected Message buildUpstreamTlsContext(String instanceName, String certName) {
       CommonTlsContext.Builder commonTlsContextBuilder = CommonTlsContext.newBuilder();
       if (instanceName != null && certName != null) {
-        CommonTlsContext.CertificateProviderInstance providerInstance =
-            CommonTlsContext.CertificateProviderInstance.newBuilder()
-                .setInstanceName(instanceName)
-                .setCertificateName(certName)
-                .build();
         CommonTlsContext.CombinedCertificateValidationContext combined =
             CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
-                .setValidationContextCertificateProviderInstance(providerInstance)
+                .setDefaultValidationContext(CertificateValidationContext.newBuilder()
+                  .setCaCertificateProviderInstance(CertificateProviderPluginInstance.newBuilder()
+                    .setInstanceName(instanceName)
+                    .setCertificateName(certName)))
                 .build();
         commonTlsContextBuilder.setCombinedValidationContext(combined);
       }
@@ -751,7 +748,6 @@ protected Message buildDropOverload(String category, int dropPerMillion) {
           .build();
     }
 
-    @SuppressWarnings("deprecation")
     @Override
     protected FilterChain buildFilterChain(
         List<String> alpn, Message tlsContext, String transportSocketName,
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
index 9c8340123da..397fe01e0f5 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
@@ -317,7 +317,6 @@ static void verifyWatcher(
         .isSameInstanceAs(sslContextProvider);
   }
 
-  @SuppressWarnings("deprecation")
   static CommonTlsContext.Builder addFilenames(
       CommonTlsContext.Builder builder, String certChain, String privateKey, String trustCa) {
     TlsCertificate tlsCert =
@@ -329,13 +328,10 @@ static CommonTlsContext.Builder addFilenames(
         CertificateValidationContext.newBuilder()
             .setTrustedCa(DataSource.newBuilder().setFilename(trustCa))
             .build();
-    CommonTlsContext.CertificateProviderInstance certificateProviderInstance =
-        builder.getValidationContextCertificateProviderInstance();
     CommonTlsContext.CombinedCertificateValidationContext.Builder combinedBuilder =
         CommonTlsContext.CombinedCertificateValidationContext.newBuilder();
     combinedBuilder
-        .setDefaultValidationContext(certContext)
-        .setValidationContextCertificateProviderInstance(certificateProviderInstance);
+        .setDefaultValidationContext(certContext);
     return builder
         .addTlsCertificates(tlsCert)
         .setCombinedValidationContext(combinedBuilder.build());
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
index a6cf2c52a15..48814dece1d 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
@@ -23,7 +23,6 @@
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
-import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext;
@@ -63,48 +62,26 @@ public class CommonTlsContextTestsUtil {
   public static final String BAD_CLIENT_KEY_FILE = "badclient.key";
 
   /** takes additional values and creates CombinedCertificateValidationContext as needed. */
-  @SuppressWarnings("deprecation")
-  static CommonTlsContext buildCommonTlsContextWithAdditionalValues(
+  private static CommonTlsContext buildCommonTlsContextWithAdditionalValues(
       String certInstanceName, String certName,
       String validationContextCertInstanceName, String validationContextCertName,
       Iterable<StringMatcher> matchSubjectAltNames,
       Iterable<String> alpnNames) {
-
-    CommonTlsContext.Builder builder = CommonTlsContext.newBuilder();
-
-    CertificateProviderInstance certificateProviderInstance = CertificateProviderInstance
-        .newBuilder().setInstanceName(certInstanceName).setCertificateName(certName).build();
-    if (certificateProviderInstance != null) {
-      builder.setTlsCertificateCertificateProviderInstance(certificateProviderInstance);
-    }
-    CertificateProviderInstance validationCertificateProviderInstance =
-        CertificateProviderInstance.newBuilder().setInstanceName(validationContextCertInstanceName)
-            .setCertificateName(validationContextCertName).build();
-    CertificateValidationContext certValidationContext =
-        matchSubjectAltNames == null
-            ? null
-            : CertificateValidationContext.newBuilder()
-                .addAllMatchSubjectAltNames(matchSubjectAltNames)
-                .build();
-    if (validationCertificateProviderInstance != null) {
-      CombinedCertificateValidationContext.Builder combinedBuilder =
-          CombinedCertificateValidationContext.newBuilder()
-              .setValidationContextCertificateProviderInstance(
-                  validationCertificateProviderInstance);
-      if (certValidationContext != null) {
-        combinedBuilder = combinedBuilder.setDefaultValidationContext(certValidationContext);
-      }
-      builder.setCombinedValidationContext(combinedBuilder);
-    } else if (validationCertificateProviderInstance != null) {
-      builder
-          .setValidationContextCertificateProviderInstance(validationCertificateProviderInstance);
-    } else if (certValidationContext != null) {
-      builder.setValidationContext(certValidationContext);
-    }
-    if (alpnNames != null) {
-      builder.addAllAlpnProtocols(alpnNames);
-    }
-    return builder.build();
+    @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
+    CertificateValidationContext.Builder certificateValidationContextBuilder
+        = CertificateValidationContext.newBuilder()
+        .addAllMatchSubjectAltNames(matchSubjectAltNames);
+    return CommonTlsContext.newBuilder()
+        .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.newBuilder()
+          .setInstanceName(certInstanceName)
+          .setCertificateName(certName))
+        .setCombinedValidationContext(CombinedCertificateValidationContext.newBuilder()
+          .setDefaultValidationContext(certificateValidationContextBuilder
+            .setCaCertificateProviderInstance(CertificateProviderPluginInstance.newBuilder()
+              .setInstanceName(validationContextCertInstanceName)
+              .setCertificateName(validationContextCertName))))
+        .addAllAlpnProtocols(alpnNames)
+        .build();
   }
 
   /** Helper method to build DownstreamTlsContext for multiple test classes. */
@@ -152,7 +129,7 @@ public static DownstreamTlsContext buildTestDownstreamTlsContext(
           useSans ? Arrays.asList(
               StringMatcher.newBuilder()
                   .setExact("spiffe://grpc-sds-testing.svc.id.goog/ns/default/sa/bob")
-                  .build()) : null,
+                  .build()) : Arrays.asList(),
           Arrays.asList("managed-tls"));
     }
     return buildDownstreamTlsContext(commonTlsContext, /* requireClientCert= */ false);
@@ -199,7 +176,6 @@ public static X509Certificate getCertFromResourceName(String resourceName)
     }
   }
 
-  @SuppressWarnings("deprecation")
   private static CommonTlsContext buildCommonTlsContextForCertProviderInstance(
       String certInstanceName,
       String certName,
@@ -210,10 +186,10 @@ private static CommonTlsContext buildCommonTlsContextForCertProviderInstance(
     CommonTlsContext.Builder builder = CommonTlsContext.newBuilder();
     if (certInstanceName != null) {
       builder =
-          builder.setTlsCertificateCertificateProviderInstance(
-              CommonTlsContext.CertificateProviderInstance.newBuilder()
-                  .setInstanceName(certInstanceName)
-                  .setCertificateName(certName));
+              builder.setTlsCertificateProviderInstance(
+                      CertificateProviderPluginInstance.newBuilder()
+                              .setInstanceName(certInstanceName)
+                              .setCertificateName(certName));
     }
     builder =
         addCertificateValidationContext(
@@ -248,35 +224,28 @@ private static CommonTlsContext buildNewCommonTlsContextForCertProviderInstance(
     return builder.build();
   }
 
-  @SuppressWarnings("deprecation")
   private static CommonTlsContext.Builder addCertificateValidationContext(
       CommonTlsContext.Builder builder,
       String rootInstanceName,
       String rootCertName,
       CertificateValidationContext staticCertValidationContext) {
-    CertificateProviderInstance providerInstance = null;
-    if (rootInstanceName != null) {
-      providerInstance = CertificateProviderInstance.newBuilder()
-          .setInstanceName(rootInstanceName)
-          .setCertificateName(rootCertName)
-          .build();
-    }
-    if (providerInstance != null) {
-      builder = builder.setValidationContextCertificateProviderInstance(providerInstance);
+    if (staticCertValidationContext == null && rootInstanceName == null) {
+      return builder;
     }
-    CombinedCertificateValidationContext.Builder combined =
-        CombinedCertificateValidationContext.newBuilder();
-    if (providerInstance != null) {
-      combined = combined.setValidationContextCertificateProviderInstance(providerInstance);
-    }
-    if (staticCertValidationContext != null) {
-      combined = combined.setDefaultValidationContext(staticCertValidationContext);
+    CertificateValidationContext.Builder contextBuilder;
+    if (staticCertValidationContext == null) {
+      contextBuilder = CertificateValidationContext.newBuilder();
+    } else {
+      contextBuilder = staticCertValidationContext.toBuilder();
     }
-    if (combined.hasValidationContextCertificateProviderInstance()
-        || combined.hasDefaultValidationContext()) {
-      builder = builder.setCombinedValidationContext(combined.build());
+    if (rootInstanceName != null) {
+      contextBuilder.setCaCertificateProviderInstance(CertificateProviderPluginInstance.newBuilder()
+          .setInstanceName(rootInstanceName)
+          .setCertificateName(rootCertName));
+      builder.setValidationContext(contextBuilder.build());
     }
-    return builder;
+    return builder.setCombinedValidationContext(CombinedCertificateValidationContext.newBuilder()
+        .setDefaultValidationContext(contextBuilder));
   }
 
   private static CommonTlsContext.Builder addNewCertificateValidationContext(
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java
index 8f77de7b5e2..c0bc095eab6 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java
@@ -123,7 +123,6 @@ public void notifyCertUpdatesNotSupported_expectExceptionOnSecondCall() {
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void onePluginSameConfig_sameInstance() {
     registerPlugin("plugin1");
     CertificateProvider.Watcher mockWatcher1 = mock(CertificateProvider.Watcher.class);
@@ -167,7 +166,6 @@ public void onePluginSameConfig_sameInstance() {
   }
 
   @Test
-  @SuppressWarnings("deprecation")
   public void onePluginSameConfig_secondWatcherAfterFirstNotify() {
     registerPlugin("plugin1");
     CertificateProvider.Watcher mockWatcher1 = mock(CertificateProvider.Watcher.class);
@@ -275,7 +273,6 @@ public void twoPlugins_differentInstance() {
         mockWatcher1, handle1, certProviderProvider1, mockWatcher2, handle2, certProviderProvider2);
   }
 
-  @SuppressWarnings("deprecation")
   private static void checkDifferentInstances(
       CertificateProvider.Watcher mockWatcher1,
       CertificateProviderStore.Handle handle1,

From 84bd01454b38815ad4b67ea2ca83708088d498f1 Mon Sep 17 00:00:00 2001
From: Kurt Alfred Kluever <kak@google.com>
Date: Tue, 15 Apr 2025 11:10:10 -0700
Subject: [PATCH 246/591] context: Remove mention of "epoch" from
 Ticker.nanoTime() javadocs, plus other minor touchups

In Java, when people hear "epoch", they think "unix epoch".

cl/747082451
---
 api/src/context/java/io/grpc/Deadline.java | 49 ++++++++--------------
 1 file changed, 17 insertions(+), 32 deletions(-)

diff --git a/api/src/context/java/io/grpc/Deadline.java b/api/src/context/java/io/grpc/Deadline.java
index 62b803267a8..92eeba5ffce 100644
--- a/api/src/context/java/io/grpc/Deadline.java
+++ b/api/src/context/java/io/grpc/Deadline.java
@@ -16,8 +16,10 @@
 
 package io.grpc;
 
-import java.util.Arrays;
+import static java.util.Objects.requireNonNull;
+
 import java.util.Locale;
+import java.util.Objects;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
@@ -33,7 +35,7 @@
  * passed to the various components unambiguously.
  */
 public final class Deadline implements Comparable<Deadline> {
-  private static final SystemTicker SYSTEM_TICKER = new SystemTicker();
+  private static final Ticker SYSTEM_TICKER = new SystemTicker();
   // nanoTime has a range of just under 300 years. Only allow up to 100 years in the past or future
   // to prevent wraparound as long as process runs for less than ~100 years.
   private static final long MAX_OFFSET = TimeUnit.DAYS.toNanos(100 * 365);
@@ -91,7 +93,7 @@ public static Deadline after(long duration, TimeUnit units) {
    * @since 1.24.0
    */
   public static Deadline after(long duration, TimeUnit units, Ticker ticker) {
-    checkNotNull(units, "units");
+    requireNonNull(units, "units");
     return new Deadline(ticker, units.toNanos(duration), true);
   }
 
@@ -191,8 +193,8 @@ public long timeRemaining(TimeUnit unit) {
    * @return {@link ScheduledFuture} which can be used to cancel execution of the task
    */
   public ScheduledFuture<?> runOnExpiration(Runnable task, ScheduledExecutorService scheduler) {
-    checkNotNull(task, "task");
-    checkNotNull(scheduler, "scheduler");
+    requireNonNull(task, "task");
+    requireNonNull(scheduler, "scheduler");
     return scheduler.schedule(task, deadlineNanos - ticker.nanoTime(), TimeUnit.NANOSECONDS);
   }
 
@@ -225,37 +227,27 @@ public String toString() {
   @Override
   public int compareTo(Deadline that) {
     checkTicker(that);
-    long diff = this.deadlineNanos - that.deadlineNanos;
-    if (diff < 0) {
-      return -1;
-    } else if (diff > 0) {
-      return 1;
-    }
-    return 0;
+    return Long.compare(this.deadlineNanos, that.deadlineNanos);
   }
 
   @Override
   public int hashCode() {
-    return Arrays.asList(this.ticker, this.deadlineNanos).hashCode();
+    return Objects.hash(this.ticker, this.deadlineNanos);
   }
 
   @Override
-  public boolean equals(final Object o) {
-    if (o == this) {
+  public boolean equals(final Object object) {
+    if (object == this) {
       return true;
     }
-    if (!(o instanceof Deadline)) {
-      return false;
-    }
-
-    final Deadline other = (Deadline) o;
-    if (this.ticker == null ? other.ticker != null : this.ticker != other.ticker) {
+    if (!(object instanceof Deadline)) {
       return false;
     }
-    if (this.deadlineNanos != other.deadlineNanos) {
+    final Deadline that = (Deadline) object;
+    if (this.ticker == null ? that.ticker != null : this.ticker != that.ticker) {
       return false;
     }
-    return true;
+    return this.deadlineNanos == that.deadlineNanos;
   }
 
   /**
@@ -275,24 +267,17 @@ public boolean equals(final Object o) {
    * @since 1.24.0
    */
   public abstract static class Ticker {
-    /** Returns the number of nanoseconds since this source's epoch. */
+    /** Returns the number of nanoseconds elapsed since this ticker's reference point in time. */
     public abstract long nanoTime();
   }
 
-  private static class SystemTicker extends Ticker {
+  private static final class SystemTicker extends Ticker {
     @Override
     public long nanoTime() {
       return System.nanoTime();
     }
   }
 
-  private static <T> T checkNotNull(T reference, Object errorMessage) {
-    if (reference == null) {
-      throw new NullPointerException(String.valueOf(errorMessage));
-    }
-    return reference;
-  }
-
   private void checkTicker(Deadline other) {
     if (ticker != other.ticker) {
       throw new AssertionError(

From 7a08fdb7f94a43951da6245e100c3535d0ce7879 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 17 Apr 2025 07:26:40 +0530
Subject: [PATCH 247/591] xds: float LRU cache across interceptors (#11992)

---
 .../io/grpc/xds/GcpAuthenticationFilter.java  |  60 ++++---
 .../grpc/xds/GcpAuthenticationFilterTest.java | 146 ++++++++++++++++--
 2 files changed, 175 insertions(+), 31 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index b5568efe400..8ec02f4f809 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -59,15 +59,17 @@ final class GcpAuthenticationFilter implements Filter {
 
   static final String TYPE_URL =
       "type.googleapis.com/envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig";
-
+  private final LruCache<String, CallCredentials> callCredentialsCache;
   final String filterInstanceName;
 
-  GcpAuthenticationFilter(String name) {
+  GcpAuthenticationFilter(String name, int cacheSize) {
     filterInstanceName = checkNotNull(name, "name");
+    this.callCredentialsCache = new LruCache<>(cacheSize);
   }
 
-
   static final class Provider implements Filter.Provider {
+    private final int cacheSize = 10;
+
     @Override
     public String[] typeUrls() {
       return new String[]{TYPE_URL};
@@ -80,7 +82,7 @@ public boolean isClientFilter() {
 
     @Override
     public GcpAuthenticationFilter newInstance(String name) {
-      return new GcpAuthenticationFilter(name);
+      return new GcpAuthenticationFilter(name, cacheSize);
     }
 
     @Override
@@ -101,11 +103,14 @@ public ConfigOrError<GcpAuthenticationConfig> parseFilterConfig(Message rawProto
       // Validate cache_config
       if (gcpAuthnProto.hasCacheConfig()) {
         TokenCacheConfig cacheConfig = gcpAuthnProto.getCacheConfig();
-        cacheSize = cacheConfig.getCacheSize().getValue();
-        if (cacheSize == 0) {
-          return ConfigOrError.fromError(
-              "cache_config.cache_size must be greater than zero");
+        if (cacheConfig.hasCacheSize()) {
+          cacheSize = cacheConfig.getCacheSize().getValue();
+          if (cacheSize == 0) {
+            return ConfigOrError.fromError(
+                "cache_config.cache_size must be greater than zero");
+          }
         }
+
         // LruCache's size is an int and briefly exceeds its maximum size before evicting entries
         cacheSize = UnsignedLongs.min(cacheSize, Integer.MAX_VALUE - 1);
       }
@@ -127,8 +132,9 @@ public ClientInterceptor buildClientInterceptor(FilterConfig config,
       @Nullable FilterConfig overrideConfig, ScheduledExecutorService scheduler) {
 
     ComputeEngineCredentials credentials = ComputeEngineCredentials.create();
-    LruCache<String, CallCredentials> callCredentialsCache =
-        new LruCache<>(((GcpAuthenticationConfig) config).getCacheSize());
+    synchronized (callCredentialsCache) {
+      callCredentialsCache.resizeCache(((GcpAuthenticationConfig) config).getCacheSize());
+    }
     return new ClientInterceptor() {
       @Override
       public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
@@ -254,23 +260,37 @@ public void sendMessage(ReqT message) {}
 
   private static final class LruCache<K, V> {
 
-    private final Map<K, V> cache;
+    private Map<K, V> cache;
+    private int maxSize;
 
     LruCache(int maxSize) {
-      this.cache = new LinkedHashMap<K, V>(
-          maxSize,
-          0.75f,
-          true) {
-        @Override
-        protected boolean removeEldestEntry(Map.Entry<K, V> eldest) {
-          return size() > maxSize;
-        }
-      };
+      this.maxSize = maxSize;
+      this.cache = createEvictingMap(maxSize);
     }
 
     V getOrInsert(K key, Function<K, V> create) {
       return cache.computeIfAbsent(key, create);
     }
+
+    private void resizeCache(int newSize) {
+      if (newSize >= maxSize) {
+        maxSize = newSize;
+        return;
+      }
+      Map<K, V> newCache = createEvictingMap(newSize);
+      maxSize = newSize;
+      newCache.putAll(cache);
+      cache = newCache;
+    }
+
+    private Map<K, V> createEvictingMap(int size) {
+      return new LinkedHashMap<K, V>(size, 0.75f, true) {
+        @Override
+        protected boolean removeEldestEntry(Map.Entry<K, V> eldest) {
+          return size() > LruCache.this.maxSize;
+        }
+      };
+    }
   }
 
   static class AudienceMetadataParser implements MetadataValueParser {
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
index a5e142b4094..d84d8c9d768 100644
--- a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -28,11 +28,13 @@
 import static io.grpc.xds.XdsTestUtils.getWrrLbConfigAsMap;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNotSame;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
 import com.google.common.collect.ImmutableList;
@@ -89,8 +91,8 @@ public class GcpAuthenticationFilterTest {
 
   @Test
   public void testNewFilterInstancesPerFilterName() {
-    assertThat(new GcpAuthenticationFilter("FILTER_INSTANCE_NAME1"))
-        .isNotEqualTo(new GcpAuthenticationFilter("FILTER_INSTANCE_NAME1"));
+    assertThat(new GcpAuthenticationFilter("FILTER_INSTANCE_NAME1", 10))
+        .isNotEqualTo(new GcpAuthenticationFilter("FILTER_INSTANCE_NAME1", 10));
   }
 
   @Test
@@ -152,7 +154,7 @@ public void testClientInterceptor_success() throws IOException, ResourceInvalidE
         .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
         .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 10);
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     Channel mockChannel = Mockito.mock(Channel.class);
@@ -181,7 +183,7 @@ public void testClientInterceptor_createsAndReusesCachedCredentials()
         .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
         .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 10);
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     Channel mockChannel = Mockito.mock(Channel.class);
@@ -190,7 +192,7 @@ public void testClientInterceptor_createsAndReusesCachedCredentials()
     interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
     interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
 
-    verify(mockChannel, Mockito.times(2))
+    verify(mockChannel, times(2))
         .newCall(eq(methodDescriptor), callOptionsCaptor.capture());
     CallOptions firstCapturedOptions = callOptionsCaptor.getAllValues().get(0);
     CallOptions secondCapturedOptions = callOptionsCaptor.getAllValues().get(1);
@@ -202,7 +204,7 @@ public void testClientInterceptor_createsAndReusesCachedCredentials()
   @Test
   public void testClientInterceptor_withoutClusterSelectionKey() throws Exception {
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 10);
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     Channel mockChannel = mock(Channel.class);
@@ -233,7 +235,7 @@ public void testClientInterceptor_clusterSelectionKeyWithoutPrefix() throws Exce
     Channel mockChannel = mock(Channel.class);
 
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 10);
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
@@ -244,7 +246,7 @@ public void testClientInterceptor_clusterSelectionKeyWithoutPrefix() throws Exce
   @Test
   public void testClientInterceptor_xdsConfigDoesNotExist() throws Exception {
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 10);
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     Channel mockChannel = mock(Channel.class);
@@ -274,7 +276,7 @@ public void testClientInterceptor_incorrectClusterName() throws Exception {
         .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster")
         .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 10);
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     Channel mockChannel = mock(Channel.class);
@@ -300,7 +302,7 @@ public void testClientInterceptor_statusOrError() throws Exception {
         .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
         .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 10);
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     Channel mockChannel = mock(Channel.class);
@@ -329,7 +331,7 @@ public void testClientInterceptor_notAudienceWrapper()
         .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
         .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
-    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 10);
     ClientInterceptor interceptor = filter.buildClientInterceptor(config, null, null);
     MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
     Channel mockChannel = Mockito.mock(Channel.class);
@@ -342,6 +344,115 @@ public void testClientInterceptor_notAudienceWrapper()
     assertThat(clientCall.error.getDescription()).contains("GCP Authn found wrong type");
   }
 
+  @Test
+  public void testLruCacheAcrossInterceptors() throws IOException, ResourceInvalidException {
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME, cdsUpdate, new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    XdsConfig defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 2);
+    ClientInterceptor interceptor1
+        = filter.buildClientInterceptor(new GcpAuthenticationConfig(2), null, null);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+    Channel mockChannel = Mockito.mock(Channel.class);
+    ArgumentCaptor<CallOptions> callOptionsCaptor = ArgumentCaptor.forClass(CallOptions.class);
+
+    interceptor1.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+    verify(mockChannel).newCall(eq(methodDescriptor), callOptionsCaptor.capture());
+    CallOptions capturedOptions1 = callOptionsCaptor.getAllValues().get(0);
+    assertNotNull(capturedOptions1.getCredentials());
+    ClientInterceptor interceptor2
+        = filter.buildClientInterceptor(new GcpAuthenticationConfig(1), null, null);
+    interceptor2.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+    verify(mockChannel, times(2))
+        .newCall(eq(methodDescriptor), callOptionsCaptor.capture());
+    CallOptions capturedOptions2 = callOptionsCaptor.getAllValues().get(1);
+    assertNotNull(capturedOptions2.getCredentials());
+
+    assertSame(capturedOptions1.getCredentials(), capturedOptions2.getCredentials());
+  }
+
+  @Test
+  public void testLruCacheEvictionOnResize() throws IOException, ResourceInvalidException {
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME, cdsUpdate, new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    XdsConfig defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+    GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME", 2);
+    MethodDescriptor<Void, Void> methodDescriptor = TestMethodDescriptors.voidMethod();
+
+    ClientInterceptor interceptor1 =
+        filter.buildClientInterceptor(new GcpAuthenticationConfig(2), null, null);
+    Channel mockChannel1 = Mockito.mock(Channel.class);
+    ArgumentCaptor<CallOptions> captor = ArgumentCaptor.forClass(CallOptions.class);
+    interceptor1.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel1);
+    verify(mockChannel1).newCall(eq(methodDescriptor), captor.capture());
+    CallOptions options1 = captor.getValue();
+    // This will recreate the cache with max size of 1 and copy the credential for audience1.
+    ClientInterceptor interceptor2 =
+        filter.buildClientInterceptor(new GcpAuthenticationConfig(1), null, null);
+    Channel mockChannel2 = Mockito.mock(Channel.class);
+    interceptor2.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel2);
+    verify(mockChannel2).newCall(eq(methodDescriptor), captor.capture());
+    CallOptions options2 = captor.getValue();
+
+    assertSame(options1.getCredentials(), options2.getCredentials());
+
+    clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME, getCdsUpdate2(), new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+
+    // This will evict the credential for audience1 and add new credential for audience2
+    ClientInterceptor interceptor3 =
+        filter.buildClientInterceptor(new GcpAuthenticationConfig(1), null, null);
+    Channel mockChannel3 = Mockito.mock(Channel.class);
+    interceptor3.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel3);
+    verify(mockChannel3).newCall(eq(methodDescriptor), captor.capture());
+    CallOptions options3 = captor.getValue();
+
+    assertNotSame(options1.getCredentials(), options3.getCredentials());
+
+    clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME, cdsUpdate, new EndpointConfig(StatusOr.fromValue(edsUpdate)));
+    defaultXdsConfig = new XdsConfig.XdsConfigBuilder()
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(rdsUpdate.virtualHosts.get(0))
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+
+    // This will create new credential for audience1 because it has been evicted
+    ClientInterceptor interceptor4 =
+        filter.buildClientInterceptor(new GcpAuthenticationConfig(1), null, null);
+    Channel mockChannel4 = Mockito.mock(Channel.class);
+    interceptor4.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel4);
+    verify(mockChannel4).newCall(eq(methodDescriptor), captor.capture());
+    CallOptions options4 = captor.getValue();
+
+    assertNotSame(options1.getCredentials(), options4.getCredentials());
+  }
+
   private static LdsUpdate getLdsUpdate() {
     Filter.NamedFilterConfig routerFilterConfig = new Filter.NamedFilterConfig(
         serverName, RouterFilter.ROUTER_CONFIG);
@@ -384,6 +495,19 @@ private static CdsUpdate getCdsUpdate() {
     }
   }
 
+  private static CdsUpdate getCdsUpdate2() {
+    ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
+    parsedMetadata.put("FILTER_INSTANCE_NAME", new AudienceWrapper("NEW_TEST_AUDIENCE"));
+    try {
+      CdsUpdate.Builder cdsUpdate = CdsUpdate.forEds(
+              CLUSTER_NAME, EDS_NAME, null, null, null, null, false)
+          .lbPolicyConfig(getWrrLbConfigAsMap());
+      return cdsUpdate.parsedMetadata(parsedMetadata.build()).build();
+    } catch (IOException ex) {
+      return null;
+    }
+  }
+
   private static CdsUpdate getCdsUpdateWithIncorrectAudienceWrapper() throws IOException {
     ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
     parsedMetadata.put("FILTER_INSTANCE_NAME", "TEST_AUDIENCE");

From 53de8a72ca989ca547c7df67d71ddc3b43f49a8e Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Thu, 17 Apr 2025 12:07:08 +0000
Subject: [PATCH 248/591] Update README etc to reference 1.72.0 (#12025)

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 756519d0ad0..d1b4d516f74 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.71.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.71.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.72.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.72.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.71.0</version>
+  <version>1.72.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.71.0</version>
+  <version>1.72.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.71.0</version>
+  <version>1.72.0</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.71.0'
-implementation 'io.grpc:grpc-protobuf:1.71.0'
-implementation 'io.grpc:grpc-stub:1.71.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.72.0'
+implementation 'io.grpc:grpc-protobuf:1.72.0'
+implementation 'io.grpc:grpc-stub:1.72.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.71.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.71.0'
-implementation 'io.grpc:grpc-stub:1.71.0'
+implementation 'io.grpc:grpc-okhttp:1.72.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.72.0'
+implementation 'io.grpc:grpc-stub:1.72.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.71.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.72.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://oss.sonatype.org/content/repositories/snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.71.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.72.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0'
     }
   }
   generateProtoTasks {

From 9619453799e98f3fb4bbbf999b1d8d09c374d687 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 21 Apr 2025 06:17:43 -0700
Subject: [PATCH 249/591] Implement grpc.lb.backend_service optional label

This completes gRFC A89. 7162d2d66 and fc86084df had already implemented
the LB plumbing for the optional label on RPC metrics. This observes the
value in OpenTelemetry and adds it to WRR metrics as well.

https://github.com/grpc/proposal/blob/master/A89-backend-service-metric-label.md
---
 api/src/main/java/io/grpc/NameResolver.java   |   5 +
 .../OpenTelemetryMetricsModule.java           |  19 ++-
 .../internal/OpenTelemetryConstants.java      |   3 +
 .../OpenTelemetryMetricsModuleTest.java       | 135 ++++++++++++++++++
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |   5 +-
 .../xds/WeightedRoundRobinLoadBalancer.java   |  46 ++++--
 .../grpc/xds/ClusterImplLoadBalancerTest.java |   2 +
 .../WeightedRoundRobinLoadBalancerTest.java   |  18 ++-
 8 files changed, 212 insertions(+), 21 deletions(-)

diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index e8295365ca8..21064d7f115 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -275,6 +275,11 @@ public Status onResult2(ResolutionResult resolutionResult) {
   @Documented
   public @interface ResolutionResultAttr {}
 
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/11989")
+  @ResolutionResultAttr
+  public static final Attributes.Key<String> ATTR_BACKEND_SERVICE =
+      Attributes.Key.create("io.grpc.NameResolver.ATTR_BACKEND_SERVICE");
+
   /**
    * Information that a {@link Factory} uses to create a {@link NameResolver}.
    *
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
index b6cf09d9db6..82ad41e7b20 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
@@ -17,6 +17,7 @@
 package io.grpc.opentelemetry;
 
 import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.BACKEND_SERVICE_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.LOCALITY_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.METHOD_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.STATUS_KEY;
@@ -70,7 +71,6 @@
  */
 final class OpenTelemetryMetricsModule {
   private static final Logger logger = Logger.getLogger(OpenTelemetryMetricsModule.class.getName());
-  private static final String LOCALITY_LABEL_NAME = "grpc.lb.locality";
   public static final ImmutableSet<String> DEFAULT_PER_CALL_METRICS_SET =
       ImmutableSet.of(
           "grpc.client.attempt.started",
@@ -90,6 +90,7 @@ final class OpenTelemetryMetricsModule {
   private final OpenTelemetryMetricsResource resource;
   private final Supplier<Stopwatch> stopwatchSupplier;
   private final boolean localityEnabled;
+  private final boolean backendServiceEnabled;
   private final ImmutableList<OpenTelemetryPlugin> plugins;
 
   OpenTelemetryMetricsModule(Supplier<Stopwatch> stopwatchSupplier,
@@ -97,7 +98,8 @@ final class OpenTelemetryMetricsModule {
       List<OpenTelemetryPlugin> plugins) {
     this.resource = checkNotNull(resource, "resource");
     this.stopwatchSupplier = checkNotNull(stopwatchSupplier, "stopwatchSupplier");
-    this.localityEnabled = optionalLabels.contains(LOCALITY_LABEL_NAME);
+    this.localityEnabled = optionalLabels.contains(LOCALITY_KEY.getKey());
+    this.backendServiceEnabled = optionalLabels.contains(BACKEND_SERVICE_KEY.getKey());
     this.plugins = ImmutableList.copyOf(plugins);
   }
 
@@ -162,6 +164,7 @@ private static final class ClientTracer extends ClientStreamTracer {
     volatile long outboundWireSize;
     volatile long inboundWireSize;
     volatile String locality;
+    volatile String backendService;
     long attemptNanos;
     Code statusCode;
 
@@ -206,9 +209,12 @@ public void inboundWireSize(long bytes) {
 
     @Override
     public void addOptionalLabel(String key, String value) {
-      if (LOCALITY_LABEL_NAME.equals(key)) {
+      if ("grpc.lb.locality".equals(key)) {
         locality = value;
       }
+      if ("grpc.lb.backend_service".equals(key)) {
+        backendService = value;
+      }
     }
 
     @Override
@@ -248,6 +254,13 @@ void recordFinishedAttempt() {
         }
         builder.put(LOCALITY_KEY, savedLocality);
       }
+      if (module.backendServiceEnabled) {
+        String savedBackendService = backendService;
+        if (savedBackendService == null) {
+          savedBackendService = "";
+        }
+        builder.put(BACKEND_SERVICE_KEY, savedBackendService);
+      }
       for (OpenTelemetryPlugin.ClientStreamPlugin plugin : streamPlugins) {
         plugin.addLabels(builder);
       }
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
index 081e376b8c5..5214804d369 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
@@ -33,6 +33,9 @@ public final class OpenTelemetryConstants {
   public static final AttributeKey<String> LOCALITY_KEY =
       AttributeKey.stringKey("grpc.lb.locality");
 
+  public static final AttributeKey<String> BACKEND_SERVICE_KEY =
+      AttributeKey.stringKey("grpc.lb.backend_service");
+
   public static final List<Double> LATENCY_BUCKETS =
       ImmutableList.of(
           0d,     0.00001d, 0.00005d, 0.0001d, 0.0003d, 0.0006d, 0.0008d, 0.001d, 0.002d,
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
index 6003599668b..77f0268ec2f 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
@@ -51,6 +51,7 @@
 import io.grpc.opentelemetry.OpenTelemetryMetricsModule.CallAttemptsTracerFactory;
 import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
 import io.grpc.testing.GrpcServerRule;
+import io.opentelemetry.api.common.AttributeKey;
 import io.opentelemetry.api.metrics.Meter;
 import io.opentelemetry.sdk.common.InstrumentationScopeInfo;
 import io.opentelemetry.sdk.testing.junit4.OpenTelemetryRule;
@@ -1070,6 +1071,140 @@ public void clientLocalityMetrics_missing() {
                             point -> point.hasAttributes(clientAttributes))));
   }
 
+  @Test
+  public void clientBackendServiceMetrics_present() {
+    String target = "target:///";
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetricsMap, disableDefaultMetrics);
+    OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
+        fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.backend_service"),
+        emptyList());
+    OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
+        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+
+    ClientStreamTracer tracer =
+        callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
+    tracer.addOptionalLabel("grpc.lb.foo", "unimportant");
+    tracer.addOptionalLabel("grpc.lb.backend_service", "should-be-overwritten");
+    tracer.addOptionalLabel("grpc.lb.backend_service", "the-moon");
+    tracer.addOptionalLabel("grpc.lb.foo", "thats-no-moon");
+    tracer.streamClosed(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK);
+
+    io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName());
+
+    io.opentelemetry.api.common.Attributes clientAttributes
+        = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName(),
+        STATUS_KEY, Status.Code.OK.toString());
+
+    io.opentelemetry.api.common.Attributes clientAttributesWithBackendService
+        = clientAttributes.toBuilder()
+        .put(AttributeKey.stringKey("grpc.lb.backend_service"), "the-moon")
+        .build();
+
+    assertThat(openTelemetryTesting.getMetrics())
+        .satisfiesExactlyInAnyOrder(
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME)
+                    .hasLongSumSatisfying(
+                        longSum -> longSum.hasPointsSatisfying(
+                            point -> point.hasAttributes(attributes))),
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_ATTEMPT_DURATION_INSTRUMENT_NAME)
+                    .hasHistogramSatisfying(
+                        histogram -> histogram.hasPointsSatisfying(
+                            point -> point.hasAttributes(clientAttributesWithBackendService))),
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_ATTEMPT_SENT_TOTAL_COMPRESSED_MESSAGE_SIZE)
+                    .hasHistogramSatisfying(
+                        histogram -> histogram.hasPointsSatisfying(
+                            point -> point.hasAttributes(clientAttributesWithBackendService))),
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_ATTEMPT_RECV_TOTAL_COMPRESSED_MESSAGE_SIZE)
+                    .hasHistogramSatisfying(
+                        histogram -> histogram.hasPointsSatisfying(
+                            point -> point.hasAttributes(clientAttributesWithBackendService))),
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_CALL_DURATION)
+                    .hasHistogramSatisfying(
+                        histogram -> histogram.hasPointsSatisfying(
+                            point -> point.hasAttributes(clientAttributes))));
+  }
+
+  @Test
+  public void clientBackendServiceMetrics_missing() {
+    String target = "target:///";
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetricsMap, disableDefaultMetrics);
+    OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
+        fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.backend_service"),
+        emptyList());
+    OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
+        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+
+    ClientStreamTracer tracer =
+        callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
+    tracer.streamClosed(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK);
+
+    io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName());
+
+    io.opentelemetry.api.common.Attributes clientAttributes
+        = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName(),
+        STATUS_KEY, Status.Code.OK.toString());
+
+    io.opentelemetry.api.common.Attributes clientAttributesWithBackendService
+        = clientAttributes.toBuilder()
+        .put(AttributeKey.stringKey("grpc.lb.backend_service"), "")
+        .build();
+
+    assertThat(openTelemetryTesting.getMetrics())
+        .satisfiesExactlyInAnyOrder(
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME)
+                    .hasLongSumSatisfying(
+                        longSum -> longSum.hasPointsSatisfying(
+                            point -> point.hasAttributes(attributes))),
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_ATTEMPT_DURATION_INSTRUMENT_NAME)
+                    .hasHistogramSatisfying(
+                        histogram -> histogram.hasPointsSatisfying(
+                            point -> point.hasAttributes(clientAttributesWithBackendService))),
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_ATTEMPT_SENT_TOTAL_COMPRESSED_MESSAGE_SIZE)
+                    .hasHistogramSatisfying(
+                        histogram -> histogram.hasPointsSatisfying(
+                            point -> point.hasAttributes(clientAttributesWithBackendService))),
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_ATTEMPT_RECV_TOTAL_COMPRESSED_MESSAGE_SIZE)
+                    .hasHistogramSatisfying(
+                        histogram -> histogram.hasPointsSatisfying(
+                            point -> point.hasAttributes(clientAttributesWithBackendService))),
+            metric ->
+                assertThat(metric)
+                    .hasName(CLIENT_CALL_DURATION)
+                    .hasHistogramSatisfying(
+                        histogram -> histogram.hasPointsSatisfying(
+                            point -> point.hasAttributes(clientAttributes))));
+  }
+
   @Test
   public void serverBasicMetrics() {
     OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index fd4f49fbb83..034cdee0815 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -32,6 +32,7 @@
 import io.grpc.InternalLogId;
 import io.grpc.LoadBalancer;
 import io.grpc.Metadata;
+import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.internal.ForwardingClientStreamTracer;
 import io.grpc.internal.GrpcUtil;
@@ -150,7 +151,9 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
 
     childSwitchLb.handleResolvedAddresses(
         resolvedAddresses.toBuilder()
-            .setAttributes(attributes)
+            .setAttributes(attributes.toBuilder()
+              .set(NameResolver.ATTR_BACKEND_SERVICE, cluster)
+              .build())
             .setLoadBalancingPolicyConfig(config.childConfig)
             .build());
     return Status.OK;
diff --git a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
index b7b4fd51afe..c3d36f7cdc8 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
@@ -102,32 +102,44 @@ final class WeightedRoundRobinLoadBalancer extends MultiChildLoadBalancer {
   private final long infTime;
   private final Ticker ticker;
   private String locality = "";
+  private String backendService = "";
   private SubchannelPicker currentPicker = new FixedResultPicker(PickResult.withNoResult());
 
   // The metric instruments are only registered once and shared by all instances of this LB.
   static {
     MetricInstrumentRegistry metricInstrumentRegistry
         = MetricInstrumentRegistry.getDefaultRegistry();
-    RR_FALLBACK_COUNTER = metricInstrumentRegistry.registerLongCounter("grpc.lb.wrr.rr_fallback",
+    RR_FALLBACK_COUNTER = metricInstrumentRegistry.registerLongCounter(
+        "grpc.lb.wrr.rr_fallback",
         "EXPERIMENTAL. Number of scheduler updates in which there were not enough endpoints "
             + "with valid weight, which caused the WRR policy to fall back to RR behavior",
-        "{update}", Lists.newArrayList("grpc.target"), Lists.newArrayList("grpc.lb.locality"),
+        "{update}",
+        Lists.newArrayList("grpc.target"),
+        Lists.newArrayList("grpc.lb.locality", "grpc.lb.backend_service"),
         false);
     ENDPOINT_WEIGHT_NOT_YET_USEABLE_COUNTER = metricInstrumentRegistry.registerLongCounter(
-        "grpc.lb.wrr.endpoint_weight_not_yet_usable", "EXPERIMENTAL. Number of endpoints "
-            + "from each scheduler update that don't yet have usable weight information",
-        "{endpoint}", Lists.newArrayList("grpc.target"), Lists.newArrayList("grpc.lb.locality"),
+        "grpc.lb.wrr.endpoint_weight_not_yet_usable",
+        "EXPERIMENTAL. Number of endpoints from each scheduler update that don't yet have usable "
+            + "weight information",
+        "{endpoint}",
+        Lists.newArrayList("grpc.target"),
+        Lists.newArrayList("grpc.lb.locality", "grpc.lb.backend_service"),
         false);
     ENDPOINT_WEIGHT_STALE_COUNTER = metricInstrumentRegistry.registerLongCounter(
         "grpc.lb.wrr.endpoint_weight_stale",
         "EXPERIMENTAL. Number of endpoints from each scheduler update whose latest weight is "
-            + "older than the expiration period", "{endpoint}", Lists.newArrayList("grpc.target"),
-        Lists.newArrayList("grpc.lb.locality"), false);
+            + "older than the expiration period",
+        "{endpoint}",
+        Lists.newArrayList("grpc.target"),
+        Lists.newArrayList("grpc.lb.locality", "grpc.lb.backend_service"),
+        false);
     ENDPOINT_WEIGHTS_HISTOGRAM = metricInstrumentRegistry.registerDoubleHistogram(
         "grpc.lb.wrr.endpoint_weights",
         "EXPERIMENTAL. The histogram buckets will be endpoint weight ranges.",
-        "{weight}", Lists.newArrayList(), Lists.newArrayList("grpc.target"),
-        Lists.newArrayList("grpc.lb.locality"),
+        "{weight}",
+        Lists.newArrayList(),
+        Lists.newArrayList("grpc.target"),
+        Lists.newArrayList("grpc.lb.locality", "grpc.lb.backend_service"),
         false);
   }
 
@@ -168,6 +180,13 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     } else {
       this.locality = "";
     }
+    String backendService
+        = resolvedAddresses.getAttributes().get(NameResolver.ATTR_BACKEND_SERVICE);
+    if (backendService != null) {
+      this.backendService = backendService;
+    } else {
+      this.backendService = "";
+    }
     config =
             (WeightedRoundRobinLoadBalancerConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
 
@@ -232,7 +251,7 @@ private void updateWeight(WeightedRoundRobinPicker picker) {
       helper.getMetricRecorder()
           .recordDoubleHistogram(ENDPOINT_WEIGHTS_HISTOGRAM, newWeight,
               ImmutableList.of(helper.getChannelTarget()),
-              ImmutableList.of(locality));
+              ImmutableList.of(locality, backendService));
       newWeights[i] = newWeight > 0 ? (float) newWeight : 0.0f;
     }
 
@@ -240,18 +259,19 @@ private void updateWeight(WeightedRoundRobinPicker picker) {
       helper.getMetricRecorder()
           .addLongCounter(ENDPOINT_WEIGHT_STALE_COUNTER, staleEndpoints.get(),
               ImmutableList.of(helper.getChannelTarget()),
-              ImmutableList.of(locality));
+              ImmutableList.of(locality, backendService));
     }
     if (notYetUsableEndpoints.get() > 0) {
       helper.getMetricRecorder()
           .addLongCounter(ENDPOINT_WEIGHT_NOT_YET_USEABLE_COUNTER, notYetUsableEndpoints.get(),
-              ImmutableList.of(helper.getChannelTarget()), ImmutableList.of(locality));
+              ImmutableList.of(helper.getChannelTarget()),
+              ImmutableList.of(locality, backendService));
     }
     boolean weightsEffective = picker.updateWeight(newWeights);
     if (!weightsEffective) {
       helper.getMetricRecorder()
           .addLongCounter(RR_FALLBACK_COUNTER, 1, ImmutableList.of(helper.getChannelTarget()),
-              ImmutableList.of(locality));
+              ImmutableList.of(locality, backendService));
     }
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index 09a1abb36e0..7df0630b779 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -50,6 +50,7 @@
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.ManagedChannel;
 import io.grpc.Metadata;
+import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
@@ -198,6 +199,7 @@ public void handleResolvedAddresses_propagateToChildPolicy() {
     assertThat(childBalancer.config).isSameInstanceAs(weightedTargetConfig);
     assertThat(childBalancer.attributes.get(XdsAttributes.XDS_CLIENT_POOL))
         .isSameInstanceAs(xdsClientPool);
+    assertThat(childBalancer.attributes.get(NameResolver.ATTR_BACKEND_SERVICE)).isEqualTo(CLUSTER);
   }
 
   /**
diff --git a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
index 9ab783223d9..bf23c65def4 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
@@ -58,6 +58,7 @@
 import io.grpc.Metadata;
 import io.grpc.MetricRecorder;
 import io.grpc.MetricSink;
+import io.grpc.NameResolver;
 import io.grpc.NoopMetricSink;
 import io.grpc.ServerCall;
 import io.grpc.ServerServiceDefinition;
@@ -161,6 +162,7 @@ public void uncaughtException(Thread t, Throwable e) {
 
   private String channelTarget = "channel-target";
   private String locality = "locality";
+  private String backendService = "the-backend-service";
 
   public WeightedRoundRobinLoadBalancerTest() {
     testHelperInstance = new TestHelper();
@@ -1119,7 +1121,9 @@ public void removingAddressShutsdownSubchannel() {
   public void metrics() {
     // Give WRR some valid addresses to work with.
     Attributes attributesWithLocality = Attributes.newBuilder()
-        .set(WeightedTargetLoadBalancer.CHILD_NAME, locality).build();
+        .set(WeightedTargetLoadBalancer.CHILD_NAME, locality)
+        .set(NameResolver.ATTR_BACKEND_SERVICE, backendService)
+        .build();
     syncContext.execute(() -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder()
         .setAddresses(servers).setLoadBalancingPolicyConfig(weightedConfig)
         .setAttributes(attributesWithLocality).build()));
@@ -1269,7 +1273,7 @@ public void metricWithRealChannel() throws Exception {
         argThat((instr) -> instr.getName().equals("grpc.lb.wrr.rr_fallback")),
         eq(1L),
         eq(Arrays.asList("directaddress:///wrr-metrics")),
-        eq(Arrays.asList("")));
+        eq(Arrays.asList("", "")));
   }
 
   // Verifies that the MetricRecorder has been called to record a long counter value of 1 for the
@@ -1281,7 +1285,10 @@ private void verifyLongCounterRecord(String name, int times, long value) {
           public boolean matches(LongCounterMetricInstrument longCounterInstrument) {
             return longCounterInstrument.getName().equals(name);
           }
-        }), eq(value), eq(Lists.newArrayList(channelTarget)), eq(Lists.newArrayList(locality)));
+        }),
+        eq(value),
+        eq(Lists.newArrayList(channelTarget)),
+        eq(Lists.newArrayList(locality, backendService)));
   }
 
   // Verifies that the MetricRecorder has been called to record a given double histogram value the
@@ -1293,7 +1300,10 @@ private void verifyDoubleHistogramRecord(String name, int times, double value) {
           public boolean matches(DoubleHistogramMetricInstrument doubleHistogramInstrument) {
             return doubleHistogramInstrument.getName().equals(name);
           }
-        }), eq(value), eq(Lists.newArrayList(channelTarget)), eq(Lists.newArrayList(locality)));
+        }),
+        eq(value),
+        eq(Lists.newArrayList(channelTarget)),
+        eq(Lists.newArrayList(locality, backendService)));
   }
 
   private int getNumFilteredPendingTasks() {

From 6cd007d0d0603187224231079107ee79e2b0a539 Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Tue, 22 Apr 2025 09:04:51 +0000
Subject: [PATCH 250/591] xds: add the missing xds.authority metric (#12018)

This completes the [XDS client metrics](https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md#xdsclient) by adding the remaining grpc.xds.authority metric.
---
 .../grpc/xds/XdsClientMetricReporterImpl.java | 36 ++++++++---
 .../java/io/grpc/xds/client/XdsClient.java    | 17 ++++++
 .../io/grpc/xds/client/XdsClientImpl.java     | 19 +-----
 .../xds/XdsClientMetricReporterImplTest.java  | 59 +++++++++++--------
 4 files changed, 80 insertions(+), 51 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java b/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
index 0b592eb019e..5cfba11c065 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClientMetricReporterImpl.java
@@ -90,7 +90,7 @@ final class XdsClientMetricReporterImpl implements XdsClientMetricReporter {
         Arrays.asList("grpc.target", "grpc.xds.server"), Collections.emptyList(), false);
     RESOURCES_GAUGE = metricInstrumentRegistry.registerLongGauge("grpc.xds_client.resources",
         "EXPERIMENTAL.  Number of xDS resources.", "{resource}",
-        Arrays.asList("grpc.target", "grpc.xds.cache_state",
+        Arrays.asList("grpc.target", "grpc.xds.authority", "grpc.xds.cache_state",
             "grpc.xds.resource_type"), Collections.emptyList(), false);
   }
 
@@ -161,15 +161,32 @@ private void computeAndReportResourceCounts(
     for (Map.Entry<XdsResourceType<?>, Map<String, ResourceMetadata>> metadataByTypeEntry :
         metadataByType.entrySet()) {
       XdsResourceType<?> type = metadataByTypeEntry.getKey();
+      Map<String, ResourceMetadata> resources = metadataByTypeEntry.getValue();
 
-      Map<String, Long> resourceCountsByState = new HashMap<>();
-      for (ResourceMetadata metadata : metadataByTypeEntry.getValue().values()) {
+      Map<String, Map<String, Long>> resourceCountsByAuthorityAndState = new HashMap<>();
+      for (Map.Entry<String, ResourceMetadata> resourceEntry : resources.entrySet()) {
+        String resourceName = resourceEntry.getKey();
+        ResourceMetadata metadata = resourceEntry.getValue();
+        String authority = XdsClient.getAuthorityFromResourceName(resourceName);
         String cacheState = cacheStateFromResourceStatus(metadata.getStatus(), metadata.isCached());
-        resourceCountsByState.compute(cacheState, (k, v) -> (v == null) ? 1 : v + 1);
+        resourceCountsByAuthorityAndState
+            .computeIfAbsent(authority, k -> new HashMap<>())
+            .merge(cacheState, 1L, Long::sum);
       }
 
-      resourceCountsByState.forEach((cacheState, count) ->
-          callback.reportResourceCountGauge(count, cacheState, type.typeUrl()));
+      // Report metrics
+      for (Map.Entry<String, Map<String, Long>> authorityEntry
+            : resourceCountsByAuthorityAndState.entrySet()) {
+        String authority = authorityEntry.getKey();
+        Map<String, Long> stateCounts = authorityEntry.getValue();
+
+        for (Map.Entry<String, Long> stateEntry : stateCounts.entrySet()) {
+          String cacheState = stateEntry.getKey();
+          Long count = stateEntry.getValue();
+
+          callback.reportResourceCountGauge(count, authority, cacheState, type.typeUrl());
+        }
+      }
     }
   }
 
@@ -199,11 +216,12 @@ static final class MetricReporterCallback implements ServerConnectionCallback {
       this.target = target;
     }
 
-    // TODO(dnvindhya): include the "authority" label once xds.authority is available.
-    void reportResourceCountGauge(long resourceCount, String cacheState,
+    void reportResourceCountGauge(long resourceCount, String authority, String cacheState,
         String resourceType) {
+      // authority = #old, for non-xdstp resource names
       recorder.recordLongGauge(RESOURCES_GAUGE, resourceCount,
-          Arrays.asList(target, cacheState, resourceType), Collections.emptyList());
+          Arrays.asList(target, authority == null ? "#old" : authority, cacheState, resourceType),
+          Collections.emptyList());
     }
 
     @Override
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index 1b53f6778c7..edbb0b2d74c 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -118,6 +118,23 @@ public static String percentEncodePath(String input) {
     return Joiner.on('/').join(encodedSegs);
   }
 
+  /**
+   * Returns the authority from the resource name.
+   */
+  public static String getAuthorityFromResourceName(String resourceNames) {
+    String authority;
+    if (resourceNames.startsWith(XDSTP_SCHEME)) {
+      URI uri = URI.create(resourceNames);
+      authority = uri.getAuthority();
+      if (authority == null) {
+        authority = "";
+      }
+    } else {
+      authority = null;
+    }
+    return authority;
+  }
+
   public interface ResourceUpdate {}
 
   /**
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 034779ed023..4de8ead7c0a 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
-import static io.grpc.xds.client.Bootstrapper.XDSTP_SCHEME;
 import static io.grpc.xds.client.XdsResourceType.ParsedResource;
 import static io.grpc.xds.client.XdsResourceType.ValidatedResourceUpdate;
 
@@ -43,7 +42,6 @@
 import io.grpc.xds.client.XdsClient.ResourceStore;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
 import java.io.IOException;
-import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -530,21 +528,6 @@ public Map<ServerInfo, LoadReportClient> getServerLrsClientMap() {
     return ImmutableMap.copyOf(serverLrsClientMap);
   }
 
-  private String getAuthority(String resource) {
-    String authority;
-    if (resource.startsWith(XDSTP_SCHEME)) {
-      URI uri = URI.create(resource);
-      authority = uri.getAuthority();
-      if (authority == null) {
-        authority = "";
-      }
-    } else {
-      authority = null;
-    }
-
-    return authority;
-  }
-
   @Nullable
   private ImmutableList<ServerInfo> getServerInfos(String authority) {
     if (authority != null) {
@@ -698,7 +681,7 @@ private final class ResourceSubscriber<T extends ResourceUpdate> {
       syncContext.throwIfNotInThisSynchronizationContext();
       this.type = type;
       this.resource = resource;
-      this.authority = getAuthority(resource);
+      this.authority = getAuthorityFromResourceName(resource);
       if (getServerInfos(authority) == null) {
         this.errorDescription = "Wrong configuration: xds server does not exist for resource "
             + resource;
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java b/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java
index df5ab87a1c0..509a0025b7b 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientMetricReporterImplTest.java
@@ -76,6 +76,7 @@
 public class XdsClientMetricReporterImplTest {
 
   private static final String target = "test-target";
+  private static final String authority = "test-authority";
   private static final String server = "trafficdirector.googleapis.com";
   private static final String resourceTypeUrl =
       "resourceTypeUrl.googleapis.com/envoy.config.cluster.v3.Cluster";
@@ -101,7 +102,6 @@ public void setUp() {
 
   @Test
   public void reportResourceUpdates() {
-    // TODO(dnvindhya): add the "authority" label once available.
     reporter.reportResourceUpdates(10, 5, server, resourceTypeUrl);
     verify(mockMetricRecorder).addLongCounter(
         eqMetricInstrumentName("grpc.xds_client.resource_updates_valid"), eq((long) 10),
@@ -175,8 +175,8 @@ public void setXdsClient_reportCallbackMetrics_resourceCountsFails() {
   public void metricGauges() {
     SettableFuture<Void> future = SettableFuture.create();
     future.set(null);
-    when(mockXdsClient.getSubscribedResourcesMetadataSnapshot()).thenReturn(Futures.immediateFuture(
-        ImmutableMap.of()));
+    when(mockXdsClient.getSubscribedResourcesMetadataSnapshot())
+        .thenReturn(Futures.immediateFuture(ImmutableMap.of()));
     when(mockXdsClient.reportServerConnections(any(ServerConnectionCallback.class)))
         .thenReturn(future);
     reporter.setXdsClient(mockXdsClient);
@@ -199,13 +199,15 @@ public void metricGauges() {
 
     // Verify that reportResourceCounts and reportServerConnections were called
     // with the captured callback
-    callback.reportResourceCountGauge(10, "acked", resourceTypeUrl);
+    callback.reportResourceCountGauge(10, "MrPotatoHead",
+        "acked", resourceTypeUrl);
     inOrder.verify(mockBatchRecorder)
         .recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"), eq(10L), any(),
             any());
     callback.reportServerConnectionGauge(true, "xdsServer");
     inOrder.verify(mockBatchRecorder)
-        .recordLongGauge(eqMetricInstrumentName("grpc.xds_client.connected"), eq(1L), any(), any());
+        .recordLongGauge(eqMetricInstrumentName("grpc.xds_client.connected"),
+            eq(1L), any(), any());
 
     inOrder.verifyNoMoreInteractions();
   }
@@ -222,10 +224,10 @@ public void metricReporterCallback() {
         eq(Lists.newArrayList()));
 
     String cacheState = "requested";
-    callback.reportResourceCountGauge(10, cacheState, resourceTypeUrl);
+    callback.reportResourceCountGauge(10, authority, cacheState, resourceTypeUrl);
     verify(mockBatchRecorder, times(1)).recordLongGauge(
         eqMetricInstrumentName("grpc.xds_client.resources"), eq(10L),
-        eq(Arrays.asList(target, cacheState, resourceTypeUrl)),
+        eq(Arrays.asList(target, authority, cacheState, resourceTypeUrl)),
         eq(Collections.emptyList()));
   }
 
@@ -236,32 +238,31 @@ public void reportCallbackMetrics_computeAndReportResourceCounts() {
     XdsResourceType<?> routeConfigResource = XdsRouteConfigureResource.getInstance();
     XdsResourceType<?> clusterResource = XdsClusterResource.getInstance();
 
-    Any rawListener =
-        Any.pack(Listener.newBuilder().setName("listener.googleapis.com").build());
+    Any rawListener = Any.pack(Listener.newBuilder().setName("listener.googleapis.com").build());
     long nanosLastUpdate = 1577923199_606042047L;
 
     Map<String, ResourceMetadata> ldsResourceMetadataMap = new HashMap<>();
-    ldsResourceMetadataMap.put("resource1",
+    ldsResourceMetadataMap.put("xdstp://authority1",
         ResourceMetadata.newResourceMetadataRequested());
-    ResourceMetadata ackedLdsResource = ResourceMetadata.newResourceMetadataAcked(rawListener, "42",
-        nanosLastUpdate);
+    ResourceMetadata ackedLdsResource =
+        ResourceMetadata.newResourceMetadataAcked(rawListener, "42", nanosLastUpdate);
     ldsResourceMetadataMap.put("resource2", ackedLdsResource);
     ldsResourceMetadataMap.put("resource3",
         ResourceMetadata.newResourceMetadataAcked(rawListener, "43", nanosLastUpdate));
-    ldsResourceMetadataMap.put("resource4",
-        ResourceMetadata.newResourceMetadataNacked(ackedLdsResource, "44", nanosLastUpdate,
-            "nacked after previous ack", true));
+    ldsResourceMetadataMap.put("xdstp:/no_authority",
+        ResourceMetadata.newResourceMetadataNacked(ackedLdsResource, "44",
+            nanosLastUpdate, "nacked after previous ack", true));
 
     Map<String, ResourceMetadata> rdsResourceMetadataMap = new HashMap<>();
     ResourceMetadata requestedRdsResourceMetadata = ResourceMetadata.newResourceMetadataRequested();
-    rdsResourceMetadataMap.put("resource5",
+    rdsResourceMetadataMap.put("xdstp://authority5",
         ResourceMetadata.newResourceMetadataNacked(requestedRdsResourceMetadata, "24",
             nanosLastUpdate, "nacked after request", false));
-    rdsResourceMetadataMap.put("resource6",
+    rdsResourceMetadataMap.put("xdstp://authority6",
         ResourceMetadata.newResourceMetadataDoesNotExist());
 
     Map<String, ResourceMetadata> cdsResourceMetadataMap = new HashMap<>();
-    cdsResourceMetadataMap.put("resource7", ResourceMetadata.newResourceMetadataUnknown());
+    cdsResourceMetadataMap.put("xdstp://authority7", ResourceMetadata.newResourceMetadataUnknown());
 
     metadataByType.put(listenerResource, ldsResourceMetadataMap);
     metadataByType.put(routeConfigResource, rdsResourceMetadataMap);
@@ -281,24 +282,34 @@ public void reportCallbackMetrics_computeAndReportResourceCounts() {
 
     // LDS resource requested
     verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
-        eq(1L), eq(Arrays.asList(target, "requested", listenerResource.typeUrl())), any());
+        eq(1L),
+        eq(Arrays.asList(target, "authority1", "requested", listenerResource.typeUrl())), any());
     // LDS resources acked
+    // authority = #old, for non-xdstp resource names
     verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
-        eq(2L), eq(Arrays.asList(target, "acked", listenerResource.typeUrl())), any());
+        eq(2L),
+        eq(Arrays.asList(target, "#old", "acked", listenerResource.typeUrl())), any());
     // LDS resource nacked but cached
+    // "" for missing authority in the resource name
     verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
-        eq(1L), eq(Arrays.asList(target, "nacked_but_cached", listenerResource.typeUrl())), any());
+        eq(1L),
+        eq(Arrays.asList(target, "", "nacked_but_cached", listenerResource.typeUrl())), any());
 
     // RDS resource nacked
     verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
-        eq(1L), eq(Arrays.asList(target, "nacked", routeConfigResource.typeUrl())), any());
+        eq(1L),
+        eq(Arrays.asList(target, "authority5", "nacked", routeConfigResource.typeUrl())), any());
     // RDS resource does not exist
     verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
-        eq(1L), eq(Arrays.asList(target, "does_not_exist", routeConfigResource.typeUrl())), any());
+        eq(1L),
+        eq(Arrays.asList(target, "authority6", "does_not_exist", routeConfigResource.typeUrl())),
+        any());
 
     // CDS resource unknown
     verify(mockBatchRecorder).recordLongGauge(eqMetricInstrumentName("grpc.xds_client.resources"),
-        eq(1L), eq(Arrays.asList(target, "unknown", clusterResource.typeUrl())), any());
+        eq(1L),
+        eq(Arrays.asList(target, "authority7", "unknown", clusterResource.typeUrl())),
+        any());
     verifyNoMoreInteractions(mockBatchRecorder);
   }
 

From 7952afdd561e6a3f1b9130e753512261476b60f1 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Wed, 23 Apr 2025 13:12:24 +0000
Subject: [PATCH 251/591] Add some documentation to StatusOr.equals regarding
 how underlying statuses are compared, to avoid any confusion, as suggested in
 issue #11949. (#12036)

Add some documentation to StatusOr.equals regarding how underlying statuses are compared, to avoid any confusion, as suggested in issue #11949.
---
 api/src/main/java/io/grpc/StatusOr.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/api/src/main/java/io/grpc/StatusOr.java b/api/src/main/java/io/grpc/StatusOr.java
index 8a88d9e62d0..0f1e9da3c75 100644
--- a/api/src/main/java/io/grpc/StatusOr.java
+++ b/api/src/main/java/io/grpc/StatusOr.java
@@ -66,6 +66,14 @@ public Status getStatus() {
     return status == null ? Status.OK : status;
   }
 
+  /**
+   * Note that StatusOr containing statuses, the equality comparision is delegated to
+   * {@link Status#equals} which just does a reference equality check because equality on
+   * Statuses is not well defined.
+   * Instead, do comparison based on their Code with {@link Status#getCode}.  The description and
+   * cause of the Status are unlikely to be stable, and additional fields may be added to Status
+   * in the future.
+   */
   @Override
   public boolean equals(Object other) {
     if (!(other instanceof StatusOr)) {

From 25199e9df9b7f3f0db664883abb103a6abbfe120 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 23 Apr 2025 09:18:08 -0700
Subject: [PATCH 252/591] xds: XdsDepManager should ignore updates after
 shutdown

This prevents a NPE and subsequent channel panic when trying to build a
config (because there are no watchers, so waitingOnResource==false)
without any listener and route.
```
java.lang.NullPointerException: Cannot invoke "io.grpc.xds.XdsDependencyManager$RdsUpdateSupplier.getRdsUpdate()" because "routeSource" is null
    at io.grpc.xds.XdsDependencyManager.buildUpdate(XdsDependencyManager.java:295)
    at io.grpc.xds.XdsDependencyManager.maybePublishConfig(XdsDependencyManager.java:266)
    at io.grpc.xds.XdsDependencyManager$EdsWatcher.onChanged(XdsDependencyManager.java:899)
    at io.grpc.xds.XdsDependencyManager$EdsWatcher.onChanged(XdsDependencyManager.java:888)
    at io.grpc.xds.client.XdsClientImpl$ResourceSubscriber.notifyWatcher(XdsClientImpl.java:929)
    at io.grpc.xds.client.XdsClientImpl$ResourceSubscriber.lambda$onData$0(XdsClientImpl.java:837)
    at io.grpc.SynchronizationContext.drain(SynchronizationContext.java:96)
```

I think this fully-fixes the problem today, but not tomorrow.
subscribeToCluster() is racy as well, but not yet used.

This was noticed when idleTimeout was firing, with some other code
calling getState(true) to wake the channel back up. That may have made
this panic more visible than it would be otherwise, but that has not
been investigated.

b/412474567
---
 .../io/grpc/xds/XdsDependencyManager.java     |  16 ++
 .../io/grpc/xds/XdsDependencyManagerTest.java | 137 +++++++++++++++++-
 2 files changed, 151 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 8cd3119727d..d804954ecf9 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -199,6 +199,7 @@ private <T extends ResourceUpdate> void shutdownWatchersForType(TypeWatchers<T>
     for (Map.Entry<String, XdsWatcherBase<T>> watcherEntry : watchers.watchers.entrySet()) {
       xdsClient.cancelXdsResourceWatch(watchers.resourceType, watcherEntry.getKey(),
           watcherEntry.getValue());
+      watcherEntry.getValue().cancelled = true;
     }
   }
 
@@ -591,6 +592,9 @@ private XdsWatcherBase(XdsResourceType<T> type, String resourceName) {
     @Override
     public void onError(Status error) {
       checkNotNull(error, "error");
+      if (cancelled) {
+        return;
+      }
       // Don't update configuration on error, if we've already received configuration
       if (!hasDataValue()) {
         setDataAsStatus(Status.UNAVAILABLE.withDescription(
@@ -659,6 +663,9 @@ private LdsWatcher(String resourceName) {
     @Override
     public void onChanged(XdsListenerResource.LdsUpdate update) {
       checkNotNull(update, "update");
+      if (cancelled) {
+        return;
+      }
 
       HttpConnectionManager httpConnectionManager = update.httpConnectionManager();
       List<VirtualHost> virtualHosts;
@@ -787,6 +794,9 @@ public RdsWatcher(String resourceName) {
     @Override
     public void onChanged(RdsUpdate update) {
       checkNotNull(update, "update");
+      if (cancelled) {
+        return;
+      }
       List<VirtualHost> oldVirtualHosts = hasDataValue()
           ? getData().getValue().virtualHosts
           : Collections.emptyList();
@@ -815,6 +825,9 @@ private class CdsWatcher extends XdsWatcherBase<XdsClusterResource.CdsUpdate> {
     @Override
     public void onChanged(XdsClusterResource.CdsUpdate update) {
       checkNotNull(update, "update");
+      if (cancelled) {
+        return;
+      }
       switch (update.clusterType()) {
         case EDS:
           setData(update);
@@ -895,6 +908,9 @@ private EdsWatcher(String resourceName, CdsWatcher parentContext) {
 
     @Override
     public void onChanged(XdsEndpointResource.EdsUpdate update) {
+      if (cancelled) {
+        return;
+      }
       setData(checkNotNull(update, "update"));
       maybePublishConfig();
     }
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index 2af04a3aedf..1f3d8511ecc 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -41,6 +41,7 @@
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
+import com.google.common.util.concurrent.MoreExecutors;
 import com.google.protobuf.Message;
 import io.envoyproxy.envoy.config.cluster.v3.Cluster;
 import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
@@ -65,7 +66,7 @@
 import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
-import io.grpc.xds.client.XdsClientImpl;
+import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClientMetricReporter;
 import io.grpc.xds.client.XdsTransportFactory;
 import java.io.Closeable;
@@ -115,7 +116,7 @@ public class XdsDependencyManagerTest {
       });
 
   private ManagedChannel channel;
-  private XdsClientImpl xdsClient;
+  private XdsClient xdsClient;
   private XdsDependencyManager xdsDependencyManager;
   private TestWatcher xdsConfigWatcher;
   private Server xdsServer;
@@ -715,6 +716,138 @@ public void testCdsError() throws IOException {
     assertThat(status.getDescription()).contains(XdsTestUtils.CLUSTER_NAME);
   }
 
+  @Test
+  public void ldsUpdateAfterShutdown() {
+    XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
+        ENDPOINT_HOSTNAME, ENDPOINT_PORT);
+
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+
+    @SuppressWarnings("unchecked")
+    XdsClient.ResourceWatcher<XdsListenerResource.LdsUpdate> resourceWatcher =
+        mock(XdsClient.ResourceWatcher.class);
+    xdsClient.watchXdsResource(
+        XdsListenerResource.getInstance(),
+        serverName,
+        resourceWatcher,
+        MoreExecutors.directExecutor());
+    verify(resourceWatcher, timeout(5000)).onChanged(any());
+
+    syncContext.execute(() -> {
+      // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
+      // Runnable returns
+      xdsDependencyManager.shutdown();
+
+      XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS2", "CDS", "EDS",
+          ENDPOINT_HOSTNAME, ENDPOINT_PORT);
+      verify(resourceWatcher, timeout(5000).times(2)).onChanged(any());
+      xdsClient.cancelXdsResourceWatch(
+          XdsListenerResource.getInstance(), serverName, resourceWatcher);
+    });
+  }
+
+  @Test
+  public void rdsUpdateAfterShutdown() {
+    XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
+        ENDPOINT_HOSTNAME, ENDPOINT_PORT);
+
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+
+    @SuppressWarnings("unchecked")
+    XdsClient.ResourceWatcher<XdsRouteConfigureResource.RdsUpdate> resourceWatcher =
+        mock(XdsClient.ResourceWatcher.class);
+    xdsClient.watchXdsResource(
+        XdsRouteConfigureResource.getInstance(),
+        "RDS",
+        resourceWatcher,
+        MoreExecutors.directExecutor());
+    verify(resourceWatcher, timeout(5000)).onChanged(any());
+
+    syncContext.execute(() -> {
+      // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
+      // Runnable returns
+      xdsDependencyManager.shutdown();
+
+      XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS2", "EDS",
+          ENDPOINT_HOSTNAME, ENDPOINT_PORT);
+      verify(resourceWatcher, timeout(5000).times(2)).onChanged(any());
+      xdsClient.cancelXdsResourceWatch(
+          XdsRouteConfigureResource.getInstance(), serverName, resourceWatcher);
+    });
+  }
+
+  @Test
+  public void cdsUpdateAfterShutdown() {
+    XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
+        ENDPOINT_HOSTNAME, ENDPOINT_PORT);
+
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+
+    @SuppressWarnings("unchecked")
+    XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> resourceWatcher =
+        mock(XdsClient.ResourceWatcher.class);
+    xdsClient.watchXdsResource(
+        XdsClusterResource.getInstance(),
+        "CDS",
+        resourceWatcher,
+        MoreExecutors.directExecutor());
+    verify(resourceWatcher, timeout(5000)).onChanged(any());
+
+    syncContext.execute(() -> {
+      // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
+      // Runnable returns
+      xdsDependencyManager.shutdown();
+
+      XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS2",
+          ENDPOINT_HOSTNAME, ENDPOINT_PORT);
+      verify(resourceWatcher, timeout(5000).times(2)).onChanged(any());
+      xdsClient.cancelXdsResourceWatch(
+          XdsClusterResource.getInstance(), serverName, resourceWatcher);
+    });
+  }
+
+  @Test
+  public void edsUpdateAfterShutdown() {
+    XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
+        ENDPOINT_HOSTNAME, ENDPOINT_PORT);
+
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+
+    verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+
+    @SuppressWarnings("unchecked")
+    XdsClient.ResourceWatcher<XdsEndpointResource.EdsUpdate> resourceWatcher =
+        mock(XdsClient.ResourceWatcher.class);
+    xdsClient.watchXdsResource(
+        XdsEndpointResource.getInstance(),
+        "EDS",
+        resourceWatcher,
+        MoreExecutors.directExecutor());
+    verify(resourceWatcher, timeout(5000)).onChanged(any());
+
+    syncContext.execute(() -> {
+      // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
+      // Runnable returns
+      xdsDependencyManager.shutdown();
+
+      XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
+          ENDPOINT_HOSTNAME + "2", ENDPOINT_PORT);
+      verify(resourceWatcher, timeout(5000).times(2)).onChanged(any());
+      xdsClient.cancelXdsResourceWatch(
+          XdsEndpointResource.getInstance(), serverName, resourceWatcher);
+    });
+  }
+
   private Listener buildInlineClientListener(String rdsName, String clusterName) {
     return XdsTestUtils.buildInlineClientListener(rdsName, clusterName, serverName);
   }

From 12aaf88d86390b79e95cba3f4768f5a950807bda Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Tue, 6 May 2025 02:02:31 +0900
Subject: [PATCH 253/591] Fix comment's typo (#12045)

---
 api/src/main/java/io/grpc/InternalConfigSelector.java    | 2 +-
 core/src/main/java/io/grpc/internal/RetriableStream.java | 2 +-
 xds/src/main/java/io/grpc/xds/package-info.java          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/main/java/io/grpc/InternalConfigSelector.java b/api/src/main/java/io/grpc/InternalConfigSelector.java
index 38856f440b4..a63009361d4 100644
--- a/api/src/main/java/io/grpc/InternalConfigSelector.java
+++ b/api/src/main/java/io/grpc/InternalConfigSelector.java
@@ -35,7 +35,7 @@ public abstract class InternalConfigSelector {
       = Attributes.Key.create("internal:io.grpc.config-selector");
 
   // Use PickSubchannelArgs for SelectConfigArgs for now. May change over time.
-  /** Selects the config for an PRC. */
+  /** Selects the config for an RPC. */
   public abstract Result selectConfig(LoadBalancer.PickSubchannelArgs args);
 
   public static final class Result {
diff --git a/core/src/main/java/io/grpc/internal/RetriableStream.java b/core/src/main/java/io/grpc/internal/RetriableStream.java
index 7765408a627..6d33c2eb3e7 100644
--- a/core/src/main/java/io/grpc/internal/RetriableStream.java
+++ b/core/src/main/java/io/grpc/internal/RetriableStream.java
@@ -382,7 +382,7 @@ public void runWith(Substream substream) {
     }
   }
 
-  /** Starts the first PRC attempt. */
+  /** Starts the first RPC attempt. */
   @Override
   public final void start(ClientStreamListener listener) {
     masterListener = listener;
diff --git a/xds/src/main/java/io/grpc/xds/package-info.java b/xds/src/main/java/io/grpc/xds/package-info.java
index 74fa88cfe38..9cc15cd5449 100644
--- a/xds/src/main/java/io/grpc/xds/package-info.java
+++ b/xds/src/main/java/io/grpc/xds/package-info.java
@@ -15,7 +15,7 @@
  */
 
 /**
- * Library for gPRC proxyless service mesh using Envoy xDS protocol.
+ * Library for gRPC proxyless service mesh using Envoy xDS protocol.
  *
  * <p>The package currently includes a name resolver plugin and a family of load balancer plugins.
  * A gRPC channel for a target with {@code "xds:"} scheme will load the plugins and a

From be0247f501f5f96ad83b4ab6013ab1e69aba591d Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 5 May 2025 13:16:28 -0700
Subject: [PATCH 254/591] Bump com.google.protobuf gradle plugin to 0.9.5

The plugin now outputs to "generated/sources". The IDE configuration
explicitly adding the folders to the source sets hasn't been needed for
some years.
---
 README.md                                           |  4 ++--
 build.gradle                                        |  2 +-
 compiler/build.gradle                               |  4 ++--
 examples/android/clientcache/build.gradle           |  2 +-
 examples/android/helloworld/build.gradle            |  2 +-
 examples/android/routeguide/build.gradle            |  2 +-
 examples/android/strictmode/build.gradle            |  2 +-
 examples/build.gradle                               | 12 +-----------
 examples/example-alts/build.gradle                  | 12 +-----------
 examples/example-debug/build.gradle                 |  2 +-
 examples/example-dualstack/build.gradle             |  2 +-
 examples/example-gauth/build.gradle                 | 12 +-----------
 examples/example-gcp-csm-observability/build.gradle |  2 +-
 examples/example-gcp-observability/build.gradle     |  2 +-
 examples/example-hostname/build.gradle              |  2 +-
 examples/example-jwt-auth/build.gradle              | 12 +-----------
 examples/example-oauth/build.gradle                 | 12 +-----------
 examples/example-opentelemetry/build.gradle         |  2 +-
 examples/example-orca/build.gradle                  |  2 +-
 examples/example-reflection/build.gradle            |  2 +-
 examples/example-servlet/build.gradle               | 12 +-----------
 examples/example-tls/build.gradle                   | 12 +-----------
 examples/example-xds/build.gradle                   |  2 +-
 protobuf-lite/build.gradle                          |  2 +-
 settings.gradle                                     |  2 +-
 25 files changed, 27 insertions(+), 97 deletions(-)

diff --git a/README.md b/README.md
index d1b4d516f74..30e26bc9955 100644
--- a/README.md
+++ b/README.md
@@ -152,7 +152,7 @@ For non-Android protobuf-based codegen integrated with the Gradle build system,
 you can use [protobuf-gradle-plugin][]:
 ```gradle
 plugins {
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
 }
 
 protobuf {
@@ -185,7 +185,7 @@ use protobuf-gradle-plugin but specify the 'lite' options:
 
 ```gradle
 plugins {
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
 }
 
 protobuf {
diff --git a/build.gradle b/build.gradle
index 42e16fbfef9..0788895cdfa 100644
--- a/build.gradle
+++ b/build.gradle
@@ -151,7 +151,7 @@ subprojects {
                 appendToProperty(
                     it.options.errorprone.excludedPaths,
                     ".*/src/generated/[^/]+/java/.*" +
-                        "|.*/build/generated/source/proto/[^/]+/java/.*",
+                        "|.*/build/generated/sources/proto/[^/]+/java/.*",
                     "|")
             }
         }
diff --git a/compiler/build.gradle b/compiler/build.gradle
index 3c8e9358401..3d31d602642 100644
--- a/compiler/build.gradle
+++ b/compiler/build.gradle
@@ -152,7 +152,7 @@ dependencies {
 }
 
 tasks.named("compileTestJava").configure {
-    options.errorprone.excludedPaths = ".*/build/generated/source/proto/.*"
+    options.errorprone.excludedPaths = ".*/build/generated/sources/proto/.*"
 }
 
 tasks.named("compileTestLiteJava").configure {
@@ -160,7 +160,7 @@ tasks.named("compileTestLiteJava").configure {
     options.compilerArgs += [
         "-Xlint:-cast"
     ]
-    options.errorprone.excludedPaths = ".*/build/generated/source/proto/.*"
+    options.errorprone.excludedPaths = ".*/build/generated/sources/proto/.*"
 }
 
 tasks.named("checkstyleTestLite").configure {
diff --git a/examples/android/clientcache/build.gradle b/examples/android/clientcache/build.gradle
index 67d25905bbc..6db6a9bced1 100644
--- a/examples/android/clientcache/build.gradle
+++ b/examples/android/clientcache/build.gradle
@@ -7,7 +7,7 @@ buildscript {
     }
     dependencies {
         classpath 'com.android.tools.build:gradle:7.4.0'
-        classpath "com.google.protobuf:protobuf-gradle-plugin:0.9.4"
+        classpath "com.google.protobuf:protobuf-gradle-plugin:0.9.5"
 
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files
diff --git a/examples/android/helloworld/build.gradle b/examples/android/helloworld/build.gradle
index 67d25905bbc..6db6a9bced1 100644
--- a/examples/android/helloworld/build.gradle
+++ b/examples/android/helloworld/build.gradle
@@ -7,7 +7,7 @@ buildscript {
     }
     dependencies {
         classpath 'com.android.tools.build:gradle:7.4.0'
-        classpath "com.google.protobuf:protobuf-gradle-plugin:0.9.4"
+        classpath "com.google.protobuf:protobuf-gradle-plugin:0.9.5"
 
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files
diff --git a/examples/android/routeguide/build.gradle b/examples/android/routeguide/build.gradle
index fd058a5d68e..8fc1d293228 100644
--- a/examples/android/routeguide/build.gradle
+++ b/examples/android/routeguide/build.gradle
@@ -7,7 +7,7 @@ buildscript {
     }
     dependencies {
         classpath 'com.android.tools.build:gradle:7.4.0'
-        classpath "com.google.protobuf:protobuf-gradle-plugin:0.9.4"
+        classpath "com.google.protobuf:protobuf-gradle-plugin:0.9.5"
 
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files
diff --git a/examples/android/strictmode/build.gradle b/examples/android/strictmode/build.gradle
index 67d25905bbc..6db6a9bced1 100644
--- a/examples/android/strictmode/build.gradle
+++ b/examples/android/strictmode/build.gradle
@@ -7,7 +7,7 @@ buildscript {
     }
     dependencies {
         classpath 'com.android.tools.build:gradle:7.4.0'
-        classpath "com.google.protobuf:protobuf-gradle-plugin:0.9.4"
+        classpath "com.google.protobuf:protobuf-gradle-plugin:0.9.5"
 
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files
diff --git a/examples/build.gradle b/examples/build.gradle
index 206fd38e0e3..7d0fc0c715a 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
 }
@@ -52,16 +52,6 @@ protobuf {
     }
 }
 
-// Inform IDEs like IntelliJ IDEA, Eclipse or NetBeans about the generated code.
-sourceSets {
-    main {
-        java {
-            srcDirs 'build/generated/source/proto/main/grpc'
-            srcDirs 'build/generated/source/proto/main/java'
-        }
-    }
-}
-
 startScripts.enabled = false
 
 // Creates start scripts for a class name and adds it to the distribution. The
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index c7d804973a5..3b76948b5c7 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
 }
@@ -40,16 +40,6 @@ protobuf {
     }
 }
 
-// Inform IDEs like IntelliJ IDEA, Eclipse or NetBeans about the generated code.
-sourceSets {
-    main {
-        java {
-            srcDirs 'build/generated/source/proto/main/grpc'
-            srcDirs 'build/generated/source/proto/main/java'
-        }
-    }
-}
-
 startScripts.enabled = false
 
 
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index c2449833cdc..69b17859d75 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -2,7 +2,7 @@ plugins {
     id 'application' // Provide convenience executables for trying out the examples.
     id 'java'
 
-    id "com.google.protobuf" version "0.9.4"
+    id "com.google.protobuf" version "0.9.5"
 
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 7a37c46b536..f769894cd9b 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -2,7 +2,7 @@ plugins {
     id 'application' // Provide convenience executables for trying out the examples.
     id 'java'
 
-    id "com.google.protobuf" version "0.9.4"
+    id "com.google.protobuf" version "0.9.5"
 
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 404cab907de..75c64019dde 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
 }
@@ -46,16 +46,6 @@ protobuf {
     }
 }
 
-// Inform IDEs like IntelliJ IDEA, Eclipse or NetBeans about the generated code.
-sourceSets {
-    main {
-        java {
-            srcDirs 'build/generated/source/proto/main/grpc'
-            srcDirs 'build/generated/source/proto/main/java'
-        }
-    }
-}
-
 startScripts.enabled = false
 
 task googleAuthClient(type: CreateStartScripts) {
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index dcb1f254263..aca88c4003e 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
     id 'java'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 673d3f4461d..98c3e478f66 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
     id 'java'
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index a0b9153785e..232146c9e38 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -2,7 +2,7 @@ plugins {
     id 'application' // Provide convenience executables for trying out the examples.
     id 'java'
 
-    id "com.google.protobuf" version "0.9.4"
+    id "com.google.protobuf" version "0.9.5"
     id 'com.google.cloud.tools.jib' version '3.4.4' // For releasing to Docker Hub
 }
 
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 0d6d095bf1d..204dcf90941 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
 }
@@ -51,16 +51,6 @@ protobuf {
     }
 }
 
-// Inform IDEs like IntelliJ IDEA, Eclipse or NetBeans about the generated code.
-sourceSets {
-    main {
-        java {
-            srcDirs 'build/generated/source/proto/main/grpc'
-            srcDirs 'build/generated/source/proto/main/java'
-        }
-    }
-}
-
 startScripts.enabled = false
 
 task hellowWorldJwtAuthServer(type: CreateStartScripts) {
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 9e40c3e33f9..1bffa4272c3 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
 }
@@ -51,16 +51,6 @@ protobuf {
     }
 }
 
-// Inform IDEs like IntelliJ IDEA, Eclipse or NetBeans about the generated code.
-sourceSets {
-    main {
-        java {
-            srcDirs 'build/generated/source/proto/main/grpc'
-            srcDirs 'build/generated/source/proto/main/java'
-        }
-    }
-}
-
 startScripts.enabled = false
 
 task hellowWorldOauthServer(type: CreateStartScripts) {
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 5f98b32be60..715c3b95569 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
 }
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index edb28e1573b..fb3475b1d60 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -1,6 +1,6 @@
 plugins {
     id 'application' // Provide convenience executables for trying out the examples.
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
     id 'java'
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 18157b0eed1..98e1e4a4a39 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -1,6 +1,6 @@
 plugins {
     id 'application' // Provide convenience executables for trying out the examples.
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
     id 'java'
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index e66fda59e4e..dae75299e25 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
     id 'war'
@@ -34,13 +34,3 @@ protobuf {
         all()*.plugins { grpc {} }
     }
 }
-
-// Inform IDEs like IntelliJ IDEA, Eclipse or NetBeans about the generated code.
-sourceSets {
-    main {
-        java {
-            srcDirs 'build/generated/source/proto/main/grpc'
-            srcDirs 'build/generated/source/proto/main/java'
-        }
-    }
-}
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 9603e04e417..c75c9d0f9a0 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -1,7 +1,7 @@
 plugins {
     // Provide convenience executables for trying out the examples.
     id 'application'
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
 }
@@ -41,16 +41,6 @@ protobuf {
     }
 }
 
-// Inform IDEs like IntelliJ IDEA, Eclipse or NetBeans about the generated code.
-sourceSets {
-    main {
-        java {
-            srcDirs 'build/generated/source/proto/main/grpc'
-            srcDirs 'build/generated/source/proto/main/java'
-        }
-    }
-}
-
 startScripts.enabled = false
 
 task helloWorldTlsServer(type: CreateStartScripts) {
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index 1e55f182d3a..ae67659a7fa 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -1,6 +1,6 @@
 plugins {
     id 'application' // Provide convenience executables for trying out the examples.
-    id 'com.google.protobuf' version '0.9.4'
+    id 'com.google.protobuf' version '0.9.5'
     // Generate IntelliJ IDEA's .idea & .iml project files
     id 'idea'
     id 'java'
diff --git a/protobuf-lite/build.gradle b/protobuf-lite/build.gradle
index 16b622535e8..c1e5b51ae35 100644
--- a/protobuf-lite/build.gradle
+++ b/protobuf-lite/build.gradle
@@ -39,7 +39,7 @@ tasks.named("compileTestJava").configure {
     options.compilerArgs += [
         "-Xlint:-cast"
     ]
-    options.errorprone.excludedPaths = ".*/build/generated/source/proto/.*"
+    options.errorprone.excludedPaths = ".*/build/generated/sources/proto/.*"
 }
 
 protobuf {
diff --git a/settings.gradle b/settings.gradle
index 96cc173635d..e30849dbe2b 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -13,7 +13,7 @@ pluginManagement {
 	// https://github.com/google/osdetector-gradle-plugin/tags
         id "com.google.osdetector" version "1.7.3"
         // https://github.com/google/protobuf-gradle-plugin/releases
-        id "com.google.protobuf" version "0.9.4"
+        id "com.google.protobuf" version "0.9.5"
         // https://github.com/GradleUp/shadow/releases
         // 8.3.2+ requires Java 11+
         // 8.3.1 breaks apache imports for netty/shaded, fixed in 8.3.2

From 3f5fdf12663dac0d221e6b9fb4b0dfed7486a6a9 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 6 May 2025 21:44:48 -0700
Subject: [PATCH 255/591] core: Remove unnecessary
 SuppressWarnings("deprecation") (#12052)

---
 core/src/main/java/io/grpc/internal/ManagedChannelImpl.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index c5daba7bfc8..976587a6db9 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -1212,7 +1212,6 @@ private void handleInternalSubchannelState(ConnectivityStateInfo newState) {
   }
 
   @Override
-  @SuppressWarnings("deprecation")
   public ConnectivityState getState(boolean requestConnection) {
     ConnectivityState savedChannelState = channelStateManager.getState();
     if (requestConnection && savedChannelState == IDLE) {
@@ -1558,7 +1557,6 @@ protected ManagedChannelBuilder<?> delegate() {
 
       checkState(!terminated, "Channel is terminated");
 
-      @SuppressWarnings("deprecation")
       ResolvingOobChannelBuilder builder = new ResolvingOobChannelBuilder();
 
       return builder

From 80cc988b3c2ed8961d0df9df0af13e297c522084 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 7 May 2025 23:04:16 -0700
Subject: [PATCH 256/591] xds: Use acceptResolvedAddresses() for WeightedTarget
 children (#12053)

Convert the tests to use acceptResolvedAddresses() as well.
---
 .../grpc/xds/WeightedTargetLoadBalancer.java  |  8 +++--
 .../xds/WeightedTargetLoadBalancerTest.java   | 30 ++++++++++++-------
 2 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancer.java
index 0a11f118057..ce7427e5c2c 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancer.java
@@ -87,8 +87,9 @@ public Status acceptResolvedAddressesInternal(ResolvedAddresses resolvedAddresse
       }
     }
     targets = newTargets;
+    Status status = Status.OK;
     for (String targetName : targets.keySet()) {
-      childBalancers.get(targetName).handleResolvedAddresses(
+      Status newStatus = childBalancers.get(targetName).acceptResolvedAddresses(
           resolvedAddresses.toBuilder()
               .setAddresses(AddressFilter.filter(resolvedAddresses.getAddresses(), targetName))
               .setLoadBalancingPolicyConfig(targets.get(targetName).childConfig)
@@ -96,6 +97,9 @@ public Status acceptResolvedAddressesInternal(ResolvedAddresses resolvedAddresse
                 .set(CHILD_NAME, targetName)
                 .build())
               .build());
+      if (!newStatus.isOk()) {
+        status = newStatus;
+      }
     }
 
     // Cleanup removed targets.
@@ -108,7 +112,7 @@ public Status acceptResolvedAddressesInternal(ResolvedAddresses resolvedAddresse
     childBalancers.keySet().retainAll(targets.keySet());
     childHelpers.keySet().retainAll(targets.keySet());
     updateOverallBalancingState();
-    return Status.OK;
+    return status;
   }
 
   @Override
diff --git a/xds/src/test/java/io/grpc/xds/WeightedTargetLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WeightedTargetLoadBalancerTest.java
index cc6cb98412c..55ff0cd8078 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedTargetLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedTargetLoadBalancerTest.java
@@ -113,6 +113,7 @@ public String getPolicyName() {
     public LoadBalancer newLoadBalancer(Helper helper) {
       childHelpers.add(helper);
       LoadBalancer childBalancer = mock(LoadBalancer.class);
+      when(childBalancer.acceptResolvedAddresses(any())).thenReturn(Status.OK);
       childBalancers.add(childBalancer);
       fooLbCreated++;
       return childBalancer;
@@ -139,6 +140,7 @@ public String getPolicyName() {
     public LoadBalancer newLoadBalancer(Helper helper) {
       childHelpers.add(helper);
       LoadBalancer childBalancer = mock(LoadBalancer.class);
+      when(childBalancer.acceptResolvedAddresses(any())).thenReturn(Status.OK);
       childBalancers.add(childBalancer);
       barLbCreated++;
       return childBalancer;
@@ -180,7 +182,7 @@ public void tearDown() {
   }
 
   @Test
-  public void handleResolvedAddresses() {
+  public void acceptResolvedAddresses() {
     ArgumentCaptor<ResolvedAddresses> resolvedAddressesCaptor =
         ArgumentCaptor.forClass(ResolvedAddresses.class);
     Attributes.Key<Object> fakeKey = Attributes.Key.create("fake_key");
@@ -203,12 +205,13 @@ public void handleResolvedAddresses() {
     eag2 = AddressFilter.setPathFilter(eag2, ImmutableList.of("target2"));
     EquivalentAddressGroup eag3 = new EquivalentAddressGroup(socketAddresses[3]);
     eag3 = AddressFilter.setPathFilter(eag3, ImmutableList.of("target3"));
-    weightedTargetLb.handleResolvedAddresses(
+    Status status = weightedTargetLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.of(eag0, eag1, eag2, eag3))
             .setAttributes(Attributes.newBuilder().set(fakeKey, fakeValue).build())
             .setLoadBalancingPolicyConfig(new WeightedTargetConfig(targets))
             .build());
+    assertThat(status.isOk()).isTrue();
     verify(helper).updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
     assertThat(childBalancers).hasSize(4);
     assertThat(childHelpers).hasSize(4);
@@ -216,7 +219,7 @@ public void handleResolvedAddresses() {
     assertThat(barLbCreated).isEqualTo(2);
 
     for (int i = 0; i < childBalancers.size(); i++) {
-      verify(childBalancers.get(i)).handleResolvedAddresses(resolvedAddressesCaptor.capture());
+      verify(childBalancers.get(i)).acceptResolvedAddresses(resolvedAddressesCaptor.capture());
       ResolvedAddresses resolvedAddresses = resolvedAddressesCaptor.getValue();
       assertThat(resolvedAddresses.getLoadBalancingPolicyConfig()).isEqualTo(configs[i]);
       assertThat(resolvedAddresses.getAttributes().get(fakeKey)).isEqualTo(fakeValue);
@@ -226,6 +229,11 @@ public void handleResolvedAddresses() {
           .containsExactly(socketAddresses[i]);
     }
 
+    // Even when a child return an error from the update, the other children should still receive
+    // their updates.
+    Status acceptReturnStatus = Status.UNAVAILABLE.withDescription("Didn't like something");
+    when(childBalancers.get(2).acceptResolvedAddresses(any())).thenReturn(acceptReturnStatus);
+
     // Update new weighted target config for a typical workflow.
     // target0 removed. target1, target2, target3 changed weight and config. target4 added.
     int[] newWeights = new int[]{11, 22, 33, 44};
@@ -243,11 +251,12 @@ public void handleResolvedAddresses() {
         "target4",
         new WeightedPolicySelection(
             newWeights[3], newChildConfig(fooLbProvider, newConfigs[3])));
-    weightedTargetLb.handleResolvedAddresses(
+    status = weightedTargetLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(new WeightedTargetConfig(newTargets))
             .build());
+    assertThat(status.getCode()).isEqualTo(acceptReturnStatus.getCode());
     verify(helper, atLeast(2))
         .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
     assertThat(childBalancers).hasSize(5);
@@ -258,7 +267,7 @@ public void handleResolvedAddresses() {
     verify(childBalancers.get(0)).shutdown();
     for (int i = 1; i < childBalancers.size(); i++) {
       verify(childBalancers.get(i), atLeastOnce())
-          .handleResolvedAddresses(resolvedAddressesCaptor.capture());
+          .acceptResolvedAddresses(resolvedAddressesCaptor.capture());
       assertThat(resolvedAddressesCaptor.getValue().getLoadBalancingPolicyConfig())
           .isEqualTo(newConfigs[i - 1]);
     }
@@ -286,7 +295,7 @@ public void handleNameResolutionError() {
         "target2", weightedLbConfig2,
         // {foo, 40, config3}
         "target3", weightedLbConfig3);
-    weightedTargetLb.handleResolvedAddresses(
+    weightedTargetLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(new WeightedTargetConfig(targets))
@@ -313,7 +322,7 @@ public void balancingStateUpdatedFromChildBalancers() {
         "target2", weightedLbConfig2,
         // {foo, 40, config3}
         "target3", weightedLbConfig3);
-    weightedTargetLb.handleResolvedAddresses(
+    weightedTargetLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(new WeightedTargetConfig(targets))
@@ -395,7 +404,7 @@ public void raceBetweenShutdownAndChildLbBalancingStateUpdate() {
     Map<String, WeightedPolicySelection> targets = ImmutableMap.of(
         "target0", weightedLbConfig0,
         "target1", weightedLbConfig1);
-    weightedTargetLb.handleResolvedAddresses(
+    weightedTargetLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(new WeightedTargetConfig(targets))
@@ -421,7 +430,7 @@ public void noDuplicateOverallBalancingStateUpdate() {
             weights[0], newChildConfig(fakeLbProvider, configs[0])),
         "target3", new WeightedPolicySelection(
             weights[3], newChildConfig(fakeLbProvider, configs[3])));
-    weightedTargetLb.handleResolvedAddresses(
+    weightedTargetLb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
             .setLoadBalancingPolicyConfig(new WeightedTargetConfig(targets))
@@ -470,9 +479,10 @@ static class FakeLoadBalancer extends LoadBalancer {
     }
 
     @Override
-    public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       helper.updateBalancingState(
           TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(Status.INTERNAL)));
+      return Status.OK;
     }
 
     @Override

From 64fe061ccd0b8e57fdb54b983d58f235d568c55a Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 9 May 2025 14:52:12 -0700
Subject: [PATCH 257/591] Simplify RobolectricBinderSecurityTest (#12058)

- Use INSTRUMENTATION_TEST @LooperMode to avoid custom Executors and idleLoopers() toil.
- No android.app.Service is actually needed with Robolectric.
---
 .../binder/RobolectricBinderSecurityTest.java | 198 +++++-------------
 1 file changed, 57 insertions(+), 141 deletions(-)

diff --git a/binder/src/test/java/io/grpc/binder/RobolectricBinderSecurityTest.java b/binder/src/test/java/io/grpc/binder/RobolectricBinderSecurityTest.java
index ab81fc6b6d0..16f06ad81c9 100644
--- a/binder/src/test/java/io/grpc/binder/RobolectricBinderSecurityTest.java
+++ b/binder/src/test/java/io/grpc/binder/RobolectricBinderSecurityTest.java
@@ -22,11 +22,6 @@
 import static org.robolectric.Shadows.shadowOf;
 
 import android.app.Application;
-import android.content.ComponentName;
-import android.content.Intent;
-import android.os.IBinder;
-import android.os.Looper;
-import androidx.lifecycle.LifecycleService;
 import androidx.test.core.app.ApplicationProvider;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
@@ -42,90 +37,117 @@
 import io.grpc.ServerServiceDefinition;
 import io.grpc.Status;
 import io.grpc.StatusRuntimeException;
-import io.grpc.binder.internal.MainThreadScheduledExecutorService;
 import io.grpc.protobuf.lite.ProtoLiteUtils;
 import io.grpc.stub.ClientCalls;
 import io.grpc.stub.ServerCalls;
 import java.io.IOException;
 import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.ScheduledExecutorService;
-import javax.annotation.Nullable;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.robolectric.Robolectric;
 import org.robolectric.RobolectricTestRunner;
-import org.robolectric.android.controller.ServiceController;
+import org.robolectric.annotation.LooperMode;
+import org.robolectric.annotation.LooperMode.Mode;
 
 @RunWith(RobolectricTestRunner.class)
+@LooperMode(Mode.INSTRUMENTATION_TEST)
 public final class RobolectricBinderSecurityTest {
 
   private static final String SERVICE_NAME = "fake_service";
   private static final String FULL_METHOD_NAME = "fake_service/fake_method";
   private final Application context = ApplicationProvider.getApplicationContext();
-  private ServiceController<SomeService> controller;
-  private SomeService service;
+  private final ArrayBlockingQueue<SettableFuture<Status>> statusesToSet =
+      new ArrayBlockingQueue<>(128);
   private ManagedChannel channel;
+  private Server server;
 
   @Before
   public void setUp() {
-    controller = Robolectric.buildService(SomeService.class);
-    service = controller.create().get();
+    AndroidComponentAddress listenAddress =
+        AndroidComponentAddress.forRemoteComponent(context.getPackageName(), "HostService");
+
+    MethodDescriptor<Empty, Empty> methodDesc = getMethodDescriptor();
+    ServerCallHandler<Empty, Empty> callHandler =
+        ServerCalls.asyncUnaryCall(
+            (req, respObserver) -> {
+              respObserver.onNext(req);
+              respObserver.onCompleted();
+            });
+    ServerMethodDefinition<Empty, Empty> methodDef =
+        ServerMethodDefinition.create(methodDesc, callHandler);
+    ServerServiceDefinition def =
+        ServerServiceDefinition.builder(SERVICE_NAME).addMethod(methodDef).build();
+
+    IBinderReceiver binderReceiver = new IBinderReceiver();
+    server =
+        BinderServerBuilder.forAddress(listenAddress, binderReceiver)
+            .addService(def)
+            .securityPolicy(
+                ServerSecurityPolicy.newBuilder()
+                    .servicePolicy(
+                        SERVICE_NAME,
+                        new AsyncSecurityPolicy() {
+                          @Override
+                          public ListenableFuture<Status> checkAuthorizationAsync(int uid) {
+                            SettableFuture<Status> status = SettableFuture.create();
+                            statusesToSet.add(status);
+                            return status;
+                          }
+                        })
+                    .build())
+            .build();
+    try {
+      server.start();
+    } catch (IOException e) {
+      throw new IllegalStateException(e);
+    }
 
-    AndroidComponentAddress listenAddress = AndroidComponentAddress.forContext(service);
-    ScheduledExecutorService executor = service.getExecutor();
+    shadowOf(context)
+        .setComponentNameAndServiceForBindServiceForIntent(
+            listenAddress.asBindIntent(),
+            listenAddress.getComponent(),
+            checkNotNull(binderReceiver.get()));
     channel =
         BinderChannelBuilder.forAddress(listenAddress, context)
-            .executor(executor)
-            .scheduledExecutorService(executor)
-            .offloadExecutor(executor)
             .build();
-    idleLoopers();
   }
 
   @After
   public void tearDown() {
     channel.shutdownNow();
-    controller.destroy();
+    server.shutdownNow();
   }
 
   @Test
   public void testAsyncServerSecurityPolicy_failed_returnsFailureStatus() throws Exception {
     ListenableFuture<Status> status = makeCall();
-    service.setSecurityPolicyStatusWhenReady(Status.ALREADY_EXISTS);
-    idleLoopers();
+    statusesToSet.take().set(Status.ALREADY_EXISTS);
 
-    assertThat(Futures.getDone(status).getCode()).isEqualTo(Status.Code.ALREADY_EXISTS);
+    assertThat(status.get().getCode()).isEqualTo(Status.Code.ALREADY_EXISTS);
   }
 
   @Test
   public void testAsyncServerSecurityPolicy_failedFuture_failsWithCodeInternal() throws Exception {
     ListenableFuture<Status> status = makeCall();
-    service.setSecurityPolicyFailed(new IllegalStateException("oops"));
-    idleLoopers();
+    statusesToSet.take().setException(new IllegalStateException("oops"));
 
-    assertThat(Futures.getDone(status).getCode()).isEqualTo(Status.Code.INTERNAL);
+    assertThat(status.get().getCode()).isEqualTo(Status.Code.INTERNAL);
   }
 
   @Test
   public void testAsyncServerSecurityPolicy_allowed_returnsOkStatus() throws Exception {
     ListenableFuture<Status> status = makeCall();
-    service.setSecurityPolicyStatusWhenReady(Status.OK);
-    idleLoopers();
+    statusesToSet.take().set(Status.OK);
 
-    assertThat(Futures.getDone(status).getCode()).isEqualTo(Status.Code.OK);
+    assertThat(status.get().getCode()).isEqualTo(Status.Code.OK);
   }
 
   private ListenableFuture<Status> makeCall() {
-    ClientCall<Empty, Empty> call =
-        channel.newCall(
-            getMethodDescriptor(), CallOptions.DEFAULT.withExecutor(service.getExecutor()));
+    ClientCall<Empty, Empty> call = channel.newCall(getMethodDescriptor(), CallOptions.DEFAULT);
     ListenableFuture<Empty> responseFuture =
         ClientCalls.futureUnaryCall(call, Empty.getDefaultInstance());
 
-    idleLoopers();
-
     return Futures.catching(
         Futures.transform(responseFuture, unused -> Status.OK, directExecutor()),
         StatusRuntimeException.class,
@@ -133,10 +155,6 @@ private ListenableFuture<Status> makeCall() {
         directExecutor());
   }
 
-  private static void idleLoopers() {
-    shadowOf(Looper.getMainLooper()).idle();
-  }
-
   private static MethodDescriptor<Empty, Empty> getMethodDescriptor() {
     MethodDescriptor.Marshaller<Empty> marshaller =
         ProtoLiteUtils.marshaller(Empty.getDefaultInstance());
@@ -147,106 +165,4 @@ private static MethodDescriptor<Empty, Empty> getMethodDescriptor() {
         .setSampledToLocalTracing(true)
         .build();
   }
-
-  private static class SomeService extends LifecycleService {
-
-    private final IBinderReceiver binderReceiver = new IBinderReceiver();
-    private final ArrayBlockingQueue<SettableFuture<Status>> statusesToSet =
-        new ArrayBlockingQueue<>(128);
-    private Server server;
-    private final ScheduledExecutorService scheduledExecutorService =
-        new MainThreadScheduledExecutorService();
-
-    @Override
-    public void onCreate() {
-      super.onCreate();
-
-      MethodDescriptor<Empty, Empty> methodDesc = getMethodDescriptor();
-      ServerCallHandler<Empty, Empty> callHandler =
-          ServerCalls.asyncUnaryCall(
-              (req, respObserver) -> {
-                respObserver.onNext(req);
-                respObserver.onCompleted();
-              });
-      ServerMethodDefinition<Empty, Empty> methodDef =
-          ServerMethodDefinition.create(methodDesc, callHandler);
-      ServerServiceDefinition def =
-          ServerServiceDefinition.builder(SERVICE_NAME).addMethod(methodDef).build();
-
-      server =
-          BinderServerBuilder.forAddress(AndroidComponentAddress.forContext(this), binderReceiver)
-              .addService(def)
-              .securityPolicy(
-                  ServerSecurityPolicy.newBuilder()
-                      .servicePolicy(
-                          SERVICE_NAME,
-                          new AsyncSecurityPolicy() {
-                            @Override
-                            public ListenableFuture<Status> checkAuthorizationAsync(int uid) {
-                              return Futures.submitAsync(
-                                  () -> {
-                                    SettableFuture<Status> status = SettableFuture.create();
-                                    statusesToSet.add(status);
-                                    return status;
-                                  },
-                                  getExecutor());
-                            }
-                          })
-                      .build())
-              .executor(getExecutor())
-              .scheduledExecutorService(getExecutor())
-              .build();
-      try {
-        server.start();
-      } catch (IOException e) {
-        throw new IllegalStateException(e);
-      }
-
-      Application context = ApplicationProvider.getApplicationContext();
-      ComponentName componentName = new ComponentName(context, SomeService.class);
-      shadowOf(context)
-          .setComponentNameAndServiceForBindService(
-              componentName, checkNotNull(binderReceiver.get()));
-    }
-
-    /**
-     * Returns an {@link ScheduledExecutorService} under which all of the gRPC computations run. The
-     * execution of any pending tasks on this executor can be triggered via {@link #idleLoopers()}.
-     */
-    ScheduledExecutorService getExecutor() {
-      return scheduledExecutorService;
-    }
-
-    void setSecurityPolicyStatusWhenReady(Status status) {
-      getNextEnqueuedStatus().set(status);
-    }
-
-    void setSecurityPolicyFailed(Exception e) {
-      getNextEnqueuedStatus().setException(e);
-    }
-
-    private SettableFuture<Status> getNextEnqueuedStatus() {
-      @Nullable SettableFuture<Status> future = statusesToSet.poll();
-      while (future == null) {
-        // Keep idling until the future is available.
-        idleLoopers();
-        future = statusesToSet.poll();
-      }
-      return checkNotNull(future);
-    }
-
-    @Override
-    public IBinder onBind(Intent intent) {
-      super.onBind(intent);
-      return checkNotNull(binderReceiver.get());
-    }
-
-    @Override
-    public void onDestroy() {
-      super.onDestroy();
-      server.shutdownNow();
-    }
-
-    /** A future representing a task submitted to a {@link Handler}. */
-  }
 }

From 454f1c5c6acc46e3d93ddf434a4e77943f5f52ec Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 9 May 2025 14:57:59 -0700
Subject: [PATCH 258/591] binder: Create a Robolectric version of
 BinderTransportTest (#12057)

This version runs way faster than BinderTransportTest and doesn't require an actual Android device/emulator. It'll allow future tests to simulate things that are difficult/impossible on real Android, at the price of some realism.
---
 .../RobolectricBinderTransportTest.java       | 137 ++++++++++++++++++
 1 file changed, 137 insertions(+)
 create mode 100644 binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java

diff --git a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
new file mode 100644
index 00000000000..7d336067842
--- /dev/null
+++ b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.binder.internal;
+
+import static org.robolectric.Shadows.shadowOf;
+
+import android.app.Application;
+import android.content.Intent;
+import androidx.test.core.app.ApplicationProvider;
+import io.grpc.ServerStreamTracer;
+import io.grpc.binder.AndroidComponentAddress;
+import io.grpc.internal.AbstractTransportTest;
+import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
+import io.grpc.internal.GrpcUtil;
+import io.grpc.internal.InternalServer;
+import io.grpc.internal.ManagedClientTransport;
+import io.grpc.internal.ObjectPool;
+import io.grpc.internal.SharedResourcePool;
+import java.util.List;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ScheduledExecutorService;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.annotation.LooperMode;
+import org.robolectric.annotation.LooperMode.Mode;
+
+/**
+ * All of the AbstractTransportTest cases applied to {@link BinderTransport} running in a
+ * Robolectric environment.
+ *
+ * <p>Runs much faster than BinderTransportTest and doesn't require an Android device/emulator.
+ * Somewhat less realistic but allows simulating behavior that would be difficult or impossible with
+ * real Android.
+ *
+ * <p>NB: Unlike most robolectric tests, we run in {@link LooperMode.Mode#INSTRUMENTATION_TEST},
+ * meaning test cases don't run on the main thread. This supports the AbstractTransportTest approach
+ * where the test thread frequently blocks waiting for transport state changes to take effect.
+ */
+@RunWith(RobolectricTestRunner.class)
+@LooperMode(Mode.INSTRUMENTATION_TEST)
+public final class RobolectricBinderTransportTest extends AbstractTransportTest {
+
+  private final Application application = ApplicationProvider.getApplicationContext();
+  private final ObjectPool<ScheduledExecutorService> executorServicePool =
+      SharedResourcePool.forResource(GrpcUtil.TIMER_SERVICE);
+  private final ObjectPool<Executor> offloadExecutorPool =
+      SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR);
+  private final ObjectPool<Executor> serverExecutorPool =
+      SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR);
+
+  private int nextServerAddress;
+
+  @Override
+  protected InternalServer newServer(List<ServerStreamTracer.Factory> streamTracerFactories) {
+    AndroidComponentAddress listenAddr = AndroidComponentAddress.forBindIntent(
+        new Intent()
+            .setClassName(application.getPackageName(), "HostService")
+            .setAction("io.grpc.action.BIND." + nextServerAddress++));
+
+    BinderServer binderServer =
+        new BinderServer.Builder()
+            .setListenAddress(listenAddr)
+            .setExecutorPool(serverExecutorPool)
+            .setExecutorServicePool(executorServicePool)
+            .setStreamTracerFactories(streamTracerFactories)
+            .build();
+
+    shadowOf(application)
+        .setComponentNameAndServiceForBindServiceForIntent(
+            listenAddr.asBindIntent(), listenAddr.getComponent(), binderServer.getHostBinder());
+    return binderServer;
+  }
+
+  @Override
+  protected InternalServer newServer(
+      int port, List<ServerStreamTracer.Factory> streamTracerFactories) {
+    if (port > 0) {
+      // TODO: TCP ports have no place in an *abstract* transport test. Replace with SocketAddress.
+      throw new UnsupportedOperationException();
+    }
+    return newServer(streamTracerFactories);
+  }
+
+  @Override
+  protected ManagedClientTransport newClientTransport(InternalServer server) {
+    BinderClientTransportFactory.Builder builder =
+        new BinderClientTransportFactory.Builder()
+            .setSourceContext(application)
+            .setScheduledExecutorPool(executorServicePool)
+            .setOffloadExecutorPool(offloadExecutorPool);
+
+    ClientTransportOptions options = new ClientTransportOptions();
+    options.setEagAttributes(eagAttrs());
+    options.setChannelLogger(transportLogger());
+
+    return new BinderTransport.BinderClientTransport(
+        builder.buildClientTransportFactory(),
+        (AndroidComponentAddress) server.getListenSocketAddress(),
+        options);
+  }
+
+  @Override
+  protected String testAuthority(InternalServer server) {
+    return ((AndroidComponentAddress) server.getListenSocketAddress()).getAuthority();
+  }
+
+  @Test
+  @Ignore("See BinderTransportTest#socketStats.")
+  @Override
+  public void socketStats() {}
+
+  @Test
+  @Ignore("See BinderTransportTest#flowControlPushBack")
+  @Override
+  public void flowControlPushBack() {}
+
+  @Test
+  @Ignore("See BinderTransportTest#serverAlreadyListening")
+  @Override
+  public void serverAlreadyListening() {}
+}

From 6baac45bd238f6a4cdc4275840808c52a9162679 Mon Sep 17 00:00:00 2001
From: vinodhabib <47808007+vinodhabib@users.noreply.github.com>
Date: Mon, 12 May 2025 07:14:14 +0000
Subject: [PATCH 259/591] xds: Fix pretty-print of Cluster with WrrLocality and
 LB policies (#12037)

---
 xds/src/main/java/io/grpc/xds/MessagePrinter.java | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/MessagePrinter.java b/xds/src/main/java/io/grpc/xds/MessagePrinter.java
index 5927bfd517e..db15e961204 100644
--- a/xds/src/main/java/io/grpc/xds/MessagePrinter.java
+++ b/xds/src/main/java/io/grpc/xds/MessagePrinter.java
@@ -16,6 +16,7 @@
 
 package io.grpc.xds;
 
+import com.github.xds.type.v3.TypedStruct;
 import com.google.protobuf.Descriptors.Descriptor;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
@@ -32,6 +33,8 @@
 import io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBACPerRoute;
 import io.envoyproxy.envoy.extensions.filters.http.router.v3.Router;
 import io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager;
+import io.envoyproxy.envoy.extensions.load_balancing_policies.round_robin.v3.RoundRobin;
+import io.envoyproxy.envoy.extensions.load_balancing_policies.wrr_locality.v3.WrrLocality;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext;
 import io.grpc.xds.client.MessagePrettyPrinter;
@@ -65,7 +68,10 @@ private static JsonFormat.Printer newPrinter() {
               .add(RouteConfiguration.getDescriptor())
               .add(Cluster.getDescriptor())
               .add(ClusterConfig.getDescriptor())
-              .add(ClusterLoadAssignment.getDescriptor());
+              .add(ClusterLoadAssignment.getDescriptor())
+              .add(WrrLocality.getDescriptor())
+              .add(TypedStruct.getDescriptor())
+              .add(RoundRobin.getDescriptor());
       try {
         @SuppressWarnings("unchecked")
         Class<? extends Message> routeLookupClusterSpecifierClass =

From 59adeb9d472953f1be9a25dfad91652cdc688624 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 13 May 2025 17:15:36 +0530
Subject: [PATCH 260/591] Start 1.74.0 development cycle (#12061)

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index d69bb1927aa..7fa3eab395d 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.73.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.74.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 0788895cdfa..089c78639b4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.73.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.74.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index a870a5a82e1..712be32132e 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.73.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.74.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 1f62ca26718..e3c759639ec 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.73.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.74.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 15fcdfb6300..1434afa884c 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.73.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.74.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index b960555e8c5..dd0ae167171 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,5 +1,5 @@
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.73.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.74.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 670193167fe..1530cfb01d6 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,12 +54,12 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 81f79c67440..66ef6bd9a14 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index 12e6430d2ad..7c0527237e1 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index f37e970ed7b..a48ad08e4db 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,8 +53,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index 7d0fc0c715a..b6ea92e6c50 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 3b76948b5c7..b66f3d3ab76 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 69b17859d75..ec027796185 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index ce46b13c019..477dfe56a64 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index f769894cd9b..9793567f10c 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 4af44beae46..b556e95d900 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 75c64019dde..037758b14c6 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index b8f8d4d930e..b6e1d64a745 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index aca88c4003e..b6e3d1307ab 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 98c3e478f66..bf4c43627da 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 232146c9e38..050cb9592fb 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index f0aab1c8edc..b6217aad6dd 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 204dcf90941..e2e63521ee4 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index cc7171910df..1b5d4fa6ec7 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 1bffa4272c3..abefaa35bea 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 36cf63dd602..837dcede0b6 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 715c3b95569..d49c52fb32f 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index fb3475b1d60..71baca108b1 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 98e1e4a4a39..5d1c01a2ce0 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index dae75299e25..96f3e12ab93 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index c75c9d0f9a0..44a85d9bfac 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index c8b87f54cd0..c14f88e0f9b 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index ae67659a7fa..66f42841fbf 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.73.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index ff32936f2a2..1584416760e 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.73.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.73.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->

From b08976148634102719c620766d8cc858c6836730 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 14 May 2025 00:53:37 -0700
Subject: [PATCH 261/591] xds: Enable least request by default (#12054)

Enable least request by default.

It has seen good testing by users and behaved as expected.

Fixes #11996
---
 xds/src/main/java/io/grpc/xds/XdsClusterResource.java        | 3 ++-
 xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java | 1 -
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index 0d9274e2869..3f2b2d8fd7e 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -60,7 +60,8 @@ class XdsClusterResource extends XdsResourceType<CdsUpdate> {
   static boolean enableLeastRequest =
       !Strings.isNullOrEmpty(System.getenv("GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST"))
           ? Boolean.parseBoolean(System.getenv("GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST"))
-          : Boolean.parseBoolean(System.getProperty("io.grpc.xds.experimentalEnableLeastRequest"));
+          : Boolean.parseBoolean(
+              System.getProperty("io.grpc.xds.experimentalEnableLeastRequest", "true"));
   @VisibleForTesting
   public static boolean enableSystemRootCerts =
       GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS", false);
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index e5502463db0..dd6f2fd9243 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -186,7 +186,6 @@ public void setUp() {
     originalEnableRouteLookup = XdsRouteConfigureResource.enableRouteLookup;
     originalEnableLeastRequest = XdsClusterResource.enableLeastRequest;
     originalEnableUseSystemRootCerts = XdsClusterResource.enableSystemRootCerts;
-    assertThat(originalEnableLeastRequest).isFalse();
   }
 
   @After

From b88536a17d320065a972858e17e44e1e5c656a0f Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Thu, 15 May 2025 05:29:52 +0000
Subject: [PATCH 262/591] kokoro: add cloud run tests config (#12065)

kokoro: add cloud run tests config
---
 buildscripts/kokoro/psm-cloud-run.cfg | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 buildscripts/kokoro/psm-cloud-run.cfg

diff --git a/buildscripts/kokoro/psm-cloud-run.cfg b/buildscripts/kokoro/psm-cloud-run.cfg
new file mode 100644
index 00000000000..1f2d6da208f
--- /dev/null
+++ b/buildscripts/kokoro/psm-cloud-run.cfg
@@ -0,0 +1,17 @@
+# Config file for internal CI
+
+# Location of the continuous shell script in repository.
+build_file: "grpc-java/buildscripts/kokoro/psm-interop-test-java.sh"
+timeout_mins: 240
+
+action {
+  define_artifacts {
+    regex: "artifacts/**/*sponge_log.xml"
+    regex: "artifacts/**/*.log"
+    strip_prefix: "artifacts"
+  }
+}
+env_vars {
+  key: "PSM_TEST_SUITE"
+  value: "cloud_run"
+}

From 480640dc2ff7851ec6c9a4c7d929e3e383d16563 Mon Sep 17 00:00:00 2001
From: Gregory Cooke <gtcooke94@gmail.com>
Date: Mon, 19 May 2025 11:30:10 -0400
Subject: [PATCH 263/591] alts: add experimental keepalive (#12076)

---
 .../io/grpc/alts/HandshakerServiceChannel.java     | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
index 8e8d175b7af..fa1d4f7fa1c 100644
--- a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
+++ b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
@@ -21,6 +21,7 @@
 import io.grpc.ClientCall;
 import io.grpc.ManagedChannel;
 import io.grpc.MethodDescriptor;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyChannelBuilder;
 import io.netty.channel.EventLoopGroup;
@@ -45,6 +46,9 @@ static Resource<Channel> getHandshakerChannelForTesting(String handshakerAddress
     return new ChannelResource(handshakerAddress);
   }
 
+  private static final boolean EXPERIMENTAL_ALTS_HANDSHAKER_KEEPALIVE_PARAMS =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_ALTS_HANDSHAKER_KEEPALIVE_PARAMS", false);
+
   private static class ChannelResource implements Resource<Channel> {
     private final String target;
 
@@ -57,12 +61,16 @@ public Channel create() {
       /* Use its own event loop thread pool to avoid blocking. */
       EventLoopGroup eventGroup =
           new NioEventLoopGroup(1, new DefaultThreadFactory("handshaker pool", true));
-      ManagedChannel channel = NettyChannelBuilder.forTarget(target)
+      NettyChannelBuilder channelBuilder =
+          NettyChannelBuilder.forTarget(target)
           .channelType(NioSocketChannel.class, InetSocketAddress.class)
           .directExecutor()
           .eventLoopGroup(eventGroup)
-          .usePlaintext()
-          .build();
+          .usePlaintext();
+      if (EXPERIMENTAL_ALTS_HANDSHAKER_KEEPALIVE_PARAMS) {
+        channelBuilder.keepAliveTime(10, TimeUnit.MINUTES).keepAliveTimeout(10, TimeUnit.SECONDS);
+      }
+      ManagedChannel channel = channelBuilder.build();
       return new EventLoopHoldingChannel(channel, eventGroup);
     }
 

From 2fb09578a8a8ca4b0000f6f8be8c3a22460d9019 Mon Sep 17 00:00:00 2001
From: Luwei Ge <lwge@google.com>
Date: Mon, 19 May 2025 12:50:25 -0700
Subject: [PATCH 264/591] xds: enableSpiffe also checks the new env var per
 gRFC-A87

---
 .../certprovider/FileWatcherCertificateProviderProvider.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java
index 53864ae33f1..e4871dc4c84 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java
@@ -36,9 +36,10 @@
  */
 public final class FileWatcherCertificateProviderProvider implements CertificateProviderProvider {
 
+  // TODO(lwge): Remove the old env var check once it's confirmed to be unused.
   @VisibleForTesting
   public static boolean enableSpiffe = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_SPIFFE_TRUST_BUNDLE_MAP",
-      false);
+      false) || GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_MTLS_SPIFFE", false);
   private static final String CERT_FILE_KEY = "certificate_file";
   private static final String KEY_FILE_KEY = "private_key_file";
   private static final String ROOT_FILE_KEY = "ca_certificate_file";

From f8700a13ad1b7624cc370081164bb161a6d89112 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 21 May 2025 10:19:30 -0700
Subject: [PATCH 265/591] compiler: Default to @generated=omit (#12080)

After many years of issue 9179 being open, there's been nothing to show
that we need the javax.annotations.Generated annotation. Most tools use
file paths and a few check for annotations with "Generated" in the name.
ErrorProne has a few that check for javax.annotations.Generated, but
only UnnecessarilyFullyQualified looks like it'd be a problem and it is
disabled by default. We're not getting any more information, no users
have reported issues with `@generated=omit`, and the existing dependency
is annoying users, so just drop it.

Given we will still retain the GrpcGenerated annotation, it seems highly
likely things are already okay. Even if there are problems they would
probably be addressed by adding a io.grpc.stub.annotations.Generated
annotation or small tweaks. In the short-term, (non-Bazel) users can use
`@generated=javax`, but long-term we could consider removing the option
assuming we've resolved any outstanding issues.

We will want to update the examples and the README to remove the
org.apache.tomcat:annotations-api dependency after the next release.

Fixes #9179
---
 BUILD.bazel                                              | 3 ---
 MODULE.bazel                                             | 1 -
 .../io/grpc/alts/internal/HandshakerServiceGrpc.java     | 3 ---
 .../integration/LoadBalancerStatsServiceGrpc.java        | 3 ---
 .../io/grpc/testing/integration/MetricsServiceGrpc.java  | 3 ---
 .../grpc/testing/integration/ReconnectServiceGrpc.java   | 3 ---
 .../io/grpc/testing/integration/TestServiceGrpc.java     | 3 ---
 .../testing/integration/UnimplementedServiceGrpc.java    | 3 ---
 .../integration/XdsUpdateClientConfigureServiceGrpc.java | 3 ---
 .../testing/integration/XdsUpdateHealthServiceGrpc.java  | 3 ---
 .../integration/LoadBalancerStatsServiceGrpc.java        | 3 ---
 .../io/grpc/testing/integration/MetricsServiceGrpc.java  | 3 ---
 .../grpc/testing/integration/ReconnectServiceGrpc.java   | 3 ---
 .../io/grpc/testing/integration/TestServiceGrpc.java     | 3 ---
 .../testing/integration/UnimplementedServiceGrpc.java    | 3 ---
 .../integration/XdsUpdateClientConfigureServiceGrpc.java | 3 ---
 .../testing/integration/XdsUpdateHealthServiceGrpc.java  | 3 ---
 .../io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java   | 3 ---
 .../benchmarks/proto/ReportQpsScenarioServiceGrpc.java   | 3 ---
 .../grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java | 3 ---
 compiler/BUILD.bazel                                     | 2 --
 compiler/build.gradle                                    | 7 +++++--
 compiler/src/java_plugin/cpp/java_plugin.cpp             | 2 +-
 .../main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java        | 3 ---
 .../integration/LoadBalancerStatsServiceGrpc.java        | 3 ---
 .../io/grpc/testing/integration/MetricsServiceGrpc.java  | 3 ---
 .../grpc/testing/integration/ReconnectServiceGrpc.java   | 3 ---
 .../io/grpc/testing/integration/TestServiceGrpc.java     | 3 ---
 .../testing/integration/UnimplementedServiceGrpc.java    | 3 ---
 .../integration/XdsUpdateClientConfigureServiceGrpc.java | 3 ---
 .../testing/integration/XdsUpdateHealthServiceGrpc.java  | 3 ---
 .../main/grpc/io/istio/test/EchoTestServiceGrpc.java     | 3 ---
 repositories.bzl                                         | 1 -
 .../grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java   | 3 ---
 .../main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java      | 3 ---
 .../main/grpc/io/grpc/health/v1/HealthGrpc.java          | 3 ---
 .../grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java | 3 ---
 .../io/grpc/reflection/v1alpha/ServerReflectionGrpc.java | 3 ---
 .../reflection/testing/AnotherDynamicServiceGrpc.java    | 3 ---
 .../testing/AnotherReflectableServiceGrpc.java           | 3 ---
 .../io/grpc/reflection/testing/DynamicServiceGrpc.java   | 3 ---
 .../grpc/reflection/testing/ReflectableServiceGrpc.java  | 3 ---
 stub/BUILD.bazel                                         | 9 ---------
 .../grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java | 3 ---
 .../github/xds/service/orca/v3/OpenRcaServiceGrpc.java   | 3 ---
 .../discovery/v3/AggregatedDiscoveryServiceGrpc.java     | 3 ---
 .../service/load_stats/v3/LoadReportingServiceGrpc.java  | 3 ---
 .../rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java   | 3 ---
 .../status/v3/ClientStatusDiscoveryServiceGrpc.java      | 3 ---
 49 files changed, 6 insertions(+), 145 deletions(-)

diff --git a/BUILD.bazel b/BUILD.bazel
index b6d0838bf87..8350ed9aa39 100644
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -33,7 +33,6 @@ java_library(
         "//api",
         "//protobuf",
         "//stub",
-        "//stub:javax_annotation",
         "@com_google_protobuf//:protobuf_java",
         artifact("com.google.code.findbugs:jsr305"),
         artifact("com.google.guava:guava"),
@@ -47,7 +46,6 @@ java_library(
         "//api",
         "//protobuf-lite",
         "//stub",
-        "//stub:javax_annotation",
         artifact("com.google.code.findbugs:jsr305"),
         artifact("com.google.guava:guava"),
     ],
@@ -67,6 +65,5 @@ java_library(
     visibility = ["//:__subpackages__"],
     exports = [
         artifact("com.google.auto.value:auto-value-annotations"),
-        artifact("org.apache.tomcat:annotations-api"),  # @Generated for Java 9+
     ],
 )
diff --git a/MODULE.bazel b/MODULE.bazel
index 7fa3eab395d..83aa6c1b026 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -41,7 +41,6 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
-    "org.apache.tomcat:annotations-api:6.0.53",
     "org.checkerframework:checker-qual:3.12.0",
     "org.codehaus.mojo:animal-sniffer-annotations:1.24",
 ]
diff --git a/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java b/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
index 91e88f331d7..07e4256eb75 100644
--- a/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
+++ b/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/gcp/handshaker.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class HandshakerServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index 120033a8051..42934e94c5b 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service used to obtain stats for verifying LB behavior.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class LoadBalancerStatsServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 489838ddc6c..6c2166468f6 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/metrics.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class MetricsServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index e0ea29e42e7..07ce250bc4b 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service used to control reconnect server.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ReconnectServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index a0f44f46473..4593215b601 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -8,9 +8,6 @@
  * performance with various types of payload.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index f758c2d0840..d9ef0e6ddd9 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -8,9 +8,6 @@
  * that case.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class UnimplementedServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 5fa43e4721a..8ae0c2f93a4 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service to dynamically update the configuration of an xDS test client.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class XdsUpdateClientConfigureServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 2492ec0f90b..5b950c73c12 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service to remotely control health status of an xDS test server.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class XdsUpdateHealthServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index 120033a8051..42934e94c5b 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service used to obtain stats for verifying LB behavior.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class LoadBalancerStatsServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 489838ddc6c..6c2166468f6 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/metrics.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class MetricsServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index e0ea29e42e7..07ce250bc4b 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service used to control reconnect server.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ReconnectServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index a0f44f46473..4593215b601 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -8,9 +8,6 @@
  * performance with various types of payload.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index f758c2d0840..d9ef0e6ddd9 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -8,9 +8,6 @@
  * that case.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class UnimplementedServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 5fa43e4721a..8ae0c2f93a4 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service to dynamically update the configuration of an xDS test client.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class XdsUpdateClientConfigureServiceGrpc {
 
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 2492ec0f90b..5b950c73c12 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service to remotely control health status of an xDS test server.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class XdsUpdateHealthServiceGrpc {
 
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
index 242d4551d6e..15b9a67918b 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/services.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class BenchmarkServiceGrpc {
 
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
index 8f466185ea0..8fe5f926d99 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/services.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ReportQpsScenarioServiceGrpc {
 
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
index 11859482972..bf9649e8377 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/services.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class WorkerServiceGrpc {
 
diff --git a/compiler/BUILD.bazel b/compiler/BUILD.bazel
index 753f485074e..6f66164f155 100644
--- a/compiler/BUILD.bazel
+++ b/compiler/BUILD.bazel
@@ -22,7 +22,6 @@ java_library(
         "//api",
         "//protobuf",
         "//stub",
-        "//stub:javax_annotation",
         artifact("com.google.code.findbugs:jsr305"),
         artifact("com.google.guava:guava"),
         "@com_google_protobuf//:protobuf_java",
@@ -35,7 +34,6 @@ java_library(
         "//api",
         "//protobuf-lite",
         "//stub",
-        "//stub:javax_annotation",
         artifact("com.google.code.findbugs:jsr305"),
         artifact("com.google.guava:guava"),
     ],
diff --git a/compiler/build.gradle b/compiler/build.gradle
index 3d31d602642..9fee2545f0c 100644
--- a/compiler/build.gradle
+++ b/compiler/build.gradle
@@ -184,7 +184,11 @@ protobuf {
             inputs.file javaPluginPath
         }
         ofSourceSet('test').configureEach {
-            plugins { grpc {} }
+            plugins {
+                grpc {
+                    option '@generated=javax'
+                }
+            }
         }
         ofSourceSet('testLite').configureEach {
             builtins {
@@ -193,7 +197,6 @@ protobuf {
             plugins {
                 grpc {
                     option 'lite'
-                    option '@generated=omit'
                 }
             }
         }
diff --git a/compiler/src/java_plugin/cpp/java_plugin.cpp b/compiler/src/java_plugin/cpp/java_plugin.cpp
index 6b7cc03d486..a595a6a6896 100644
--- a/compiler/src/java_plugin/cpp/java_plugin.cpp
+++ b/compiler/src/java_plugin/cpp/java_plugin.cpp
@@ -80,7 +80,7 @@ class JavaGrpcGenerator : public protobuf::compiler::CodeGenerator {
     java_grpc_generator::ProtoFlavor flavor =
         java_grpc_generator::ProtoFlavor::NORMAL;
     java_grpc_generator::GeneratedAnnotation generated_annotation =
-        java_grpc_generator::GeneratedAnnotation::JAVAX;
+        java_grpc_generator::GeneratedAnnotation::OMIT;
 
     bool disable_version = false;
     for (size_t i = 0; i < options.size(); i++) {
diff --git a/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java b/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
index 2a81dfe4ee5..b730eff7b37 100644
--- a/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
+++ b/grpclb/src/generated/main/grpc/io/grpc/lb/v1/LoadBalancerGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/lb/v1/load_balancer.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class LoadBalancerGrpc {
 
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index f060a1308d8..766d63a51dc 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service used to obtain stats for verifying LB behavior.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class LoadBalancerStatsServiceGrpc {
 
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 3104f7b263e..8693f1086bb 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/metrics.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class MetricsServiceGrpc {
 
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 39df95f4d90..164c92295cc 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service used to control reconnect server.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ReconnectServiceGrpc {
 
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 2b519686d85..b8c220925e1 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -8,9 +8,6 @@
  * performance with various types of payload.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
 
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index 400ac6dc4a3..fe6c7c7d1c6 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -8,9 +8,6 @@
  * that case.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class UnimplementedServiceGrpc {
 
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 9cc13780723..9a628ea1b1a 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service to dynamically update the configuration of an xDS test client.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class XdsUpdateClientConfigureServiceGrpc {
 
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 8243ba713fa..5582c60d9cc 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -7,9 +7,6 @@
  * A service to remotely control health status of an xDS test server.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/testing/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class XdsUpdateHealthServiceGrpc {
 
diff --git a/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java b/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
index 3cb27ac1067..c6947a075d5 100644
--- a/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
+++ b/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: test/echo/proto/echo.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class EchoTestServiceGrpc {
 
diff --git a/repositories.bzl b/repositories.bzl
index d55ff07e7e6..12a8ec7a6f1 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -45,7 +45,6 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
-    "org.apache.tomcat:annotations-api:6.0.53",
     "org.checkerframework:checker-qual:3.12.0",
     "org.codehaus.mojo:animal-sniffer-annotations:1.24",
 ]
diff --git a/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java b/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
index 558a223173c..39e9d0f4144 100644
--- a/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
+++ b/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/lookup/v1/rls.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class RouteLookupServiceGrpc {
 
diff --git a/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java b/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
index 7dd74034efe..f839f11cfe5 100644
--- a/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
@@ -8,9 +8,6 @@
  * information.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/channelz/v1/channelz.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ChannelzGrpc {
 
diff --git a/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java b/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
index 9786392cfe6..feb5932b0d9 100644
--- a/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/health/v1/health.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class HealthGrpc {
 
diff --git a/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java b/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
index 19bf6ed90b3..04f8dea3ace 100644
--- a/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/reflection/v1/ServerReflectionGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/reflection/v1/reflection.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ServerReflectionGrpc {
 
diff --git a/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java b/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
index 152a8f7c81d..3cbb3a1d1b9 100644
--- a/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/reflection/v1alpha/ServerReflectionGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: grpc/reflection/v1alpha/reflection.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ServerReflectionGrpc {
 
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
index a53d199ef52..5b7aaa1e4ec 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
@@ -7,9 +7,6 @@
  * AnotherDynamicService
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: io/grpc/reflection/testing/dynamic_reflection_test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class AnotherDynamicServiceGrpc {
 
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
index a22138ecb03..f8b8d58e621 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: io/grpc/reflection/testing/reflection_test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class AnotherReflectableServiceGrpc {
 
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
index 6e9dfac72db..81e60438518 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
@@ -7,9 +7,6 @@
  * A DynamicService
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: io/grpc/reflection/testing/dynamic_reflection_test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class DynamicServiceGrpc {
 
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
index aeefc77aff8..5f620038b2c 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: io/grpc/reflection/testing/reflection_test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ReflectableServiceGrpc {
 
diff --git a/stub/BUILD.bazel b/stub/BUILD.bazel
index 572ea681ef3..692ebd6059f 100644
--- a/stub/BUILD.bazel
+++ b/stub/BUILD.bazel
@@ -15,12 +15,3 @@ java_library(
         artifact("org.codehaus.mojo:animal-sniffer-annotations"),
     ],
 )
-
-# javax.annotation.Generated is not included in the default root modules in 9,
-# see: http://openjdk.java.net/jeps/320.
-java_library(
-    name = "javax_annotation",
-    neverlink = 1,  # @Generated is source-retention
-    visibility = ["//visibility:public"],
-    exports = [artifact("org.apache.tomcat:annotations-api")],
-)
diff --git a/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java b/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
index 8b33691535d..cccc4eb8f8a 100644
--- a/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
+++ b/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
@@ -7,9 +7,6 @@
  * A simple service for test.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: io/grpc/testing/protobuf/simpleservice.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class SimpleServiceGrpc {
 
diff --git a/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java b/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
index cb129fd31ba..e0e28ad4072 100644
--- a/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/com/github/xds/service/orca/v3/OpenRcaServiceGrpc.java
@@ -14,9 +14,6 @@
  * a new call to change backend reporting frequency.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: xds/service/orca/v3/orca.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class OpenRcaServiceGrpc {
 
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
index b93a5df2b71..94b2fd86b96 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/discovery/v3/AggregatedDiscoveryServiceGrpc.java
@@ -12,9 +12,6 @@
  * the multiplexed singleton APIs at the Envoy instance and management server.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: envoy/service/discovery/v3/ads.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class AggregatedDiscoveryServiceGrpc {
 
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
index 3bce13a7cf5..4f12405be87 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/load_stats/v3/LoadReportingServiceGrpc.java
@@ -4,9 +4,6 @@
 
 /**
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: envoy/service/load_stats/v3/lrs.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class LoadReportingServiceGrpc {
 
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
index f05d38290dd..3f17bb54566 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/rate_limit_quota/v3/RateLimitQuotaServiceGrpc.java
@@ -7,9 +7,6 @@
  * Defines the Rate Limit Quota Service (RLQS).
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: envoy/service/rate_limit_quota/v3/rlqs.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class RateLimitQuotaServiceGrpc {
 
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
index 1a3240875cc..775fa0c1e3e 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
@@ -9,9 +9,6 @@
  * also be used to get the current xDS states directly from the client.
  * </pre>
  */
-@javax.annotation.Generated(
-    value = "by gRPC proto compiler",
-    comments = "Source: envoy/service/status/v3/csds.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class ClientStatusDiscoveryServiceGrpc {
 

From 9d439d4a447e16fb6240abbd223d232f2bc875cf Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 22 May 2025 16:22:41 +0530
Subject: [PATCH 266/591] xds: Add GcpAuthenticationFilter to FilterRegistry
 (#12075)

---
 xds/src/main/java/io/grpc/xds/FilterRegistry.java   |  7 +++++++
 .../java/io/grpc/xds/GcpAuthenticationFilter.java   |  5 +++++
 .../io/grpc/xds/GcpAuthenticationFilterTest.java    |  6 ++++++
 .../java/io/grpc/xds/GrpcXdsClientImplDataTest.java | 13 +++++++++----
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/FilterRegistry.java b/xds/src/main/java/io/grpc/xds/FilterRegistry.java
index 426c6d1b3f6..1fbccea8000 100644
--- a/xds/src/main/java/io/grpc/xds/FilterRegistry.java
+++ b/xds/src/main/java/io/grpc/xds/FilterRegistry.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import com.google.common.annotations.VisibleForTesting;
+import io.grpc.internal.GrpcUtil;
 import java.util.HashMap;
 import java.util.Map;
 import javax.annotation.Nullable;
@@ -32,12 +33,18 @@ final class FilterRegistry {
 
   private FilterRegistry() {}
 
+  static boolean isEnabledGcpAuthnFilter =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_GCP_AUTHENTICATION_FILTER", false);
+
   static synchronized FilterRegistry getDefaultRegistry() {
     if (instance == null) {
       instance = newRegistry().register(
               new FaultFilter.Provider(),
               new RouterFilter.Provider(),
               new RbacFilter.Provider());
+      if (isEnabledGcpAuthnFilter) {
+        instance.register(new GcpAuthenticationFilter.Provider());
+      }
     }
     return instance;
   }
diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index 8ec02f4f809..dc133eaaf1a 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.xds.FilterRegistry.isEnabledGcpAuthnFilter;
 import static io.grpc.xds.XdsNameResolver.CLUSTER_SELECTION_KEY;
 import static io.grpc.xds.XdsNameResolver.XDS_CONFIG_CALL_OPTION_KEY;
 
@@ -312,6 +313,10 @@ public String getTypeUrl() {
     public AudienceWrapper parse(Any any) throws ResourceInvalidException {
       Audience audience;
       try {
+        if (!isEnabledGcpAuthnFilter) {
+          throw new InvalidProtocolBufferException("Environment variable for GCP Authentication "
+              + "Filter is Not Set");
+        }
         audience = any.unpack(Audience.class);
       } catch (InvalidProtocolBufferException ex) {
         throw new ResourceInvalidException("Invalid Resource in address proto", ex);
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
index d84d8c9d768..cebf739d417 100644
--- a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -73,6 +73,7 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
+import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -89,6 +90,11 @@ public class GcpAuthenticationFilterTest {
   private static final RdsUpdate rdsUpdate = getRdsUpdate();
   private static final CdsUpdate cdsUpdate = getCdsUpdate();
 
+  @Before
+  public void setUp() {
+    System.setProperty("GRPC_EXPERIMENTAL_XDS_GCP_AUTHENTICATION_FILTER", "true");
+  }
+
   @Test
   public void testNewFilterInstancesPerFilterName() {
     assertThat(new GcpAuthenticationFilter("FILTER_INSTANCE_NAME1", 10))
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index dd6f2fd9243..48d78e8555e 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -2417,6 +2417,7 @@ public Object parse(Any value) {
 
   @Test
   public void processCluster_parsesAudienceMetadata() throws Exception {
+    FilterRegistry.isEnabledGcpAuthnFilter = true;
     MetadataRegistry.getInstance();
 
     Audience audience = Audience.newBuilder()
@@ -2460,10 +2461,14 @@ public void processCluster_parsesAudienceMetadata() throws Exception {
         "FILTER_METADATA", ImmutableMap.of(
             "key1", "value1",
             "key2", 42.0));
-    assertThat(update.parsedMetadata().get("FILTER_METADATA"))
-        .isEqualTo(expectedParsedMetadata.get("FILTER_METADATA"));
-    assertThat(update.parsedMetadata().get("AUDIENCE_METADATA"))
-        .isInstanceOf(AudienceWrapper.class);
+    try {
+      assertThat(update.parsedMetadata().get("FILTER_METADATA"))
+          .isEqualTo(expectedParsedMetadata.get("FILTER_METADATA"));
+      assertThat(update.parsedMetadata().get("AUDIENCE_METADATA"))
+          .isInstanceOf(AudienceWrapper.class);
+    } finally {
+      FilterRegistry.isEnabledGcpAuthnFilter = false;
+    }
   }
 
   @Test

From 9406d3b2a05dbfb95519cd3a2e43238b48010c05 Mon Sep 17 00:00:00 2001
From: Michael Lumish <mlumish@google.com>
Date: Thu, 22 May 2025 14:49:12 -0700
Subject: [PATCH 267/591] Rename PSM interop fallback test suite to light

---
 buildscripts/kokoro/{psm-fallback.cfg => psm-light.cfg} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename buildscripts/kokoro/{psm-fallback.cfg => psm-light.cfg} (94%)

diff --git a/buildscripts/kokoro/psm-fallback.cfg b/buildscripts/kokoro/psm-light.cfg
similarity index 94%
rename from buildscripts/kokoro/psm-fallback.cfg
rename to buildscripts/kokoro/psm-light.cfg
index 7335d1d9fd9..decd179efa3 100644
--- a/buildscripts/kokoro/psm-fallback.cfg
+++ b/buildscripts/kokoro/psm-light.cfg
@@ -13,5 +13,5 @@ action {
 }
 env_vars {
   key: "PSM_TEST_SUITE"
-  value: "fallback"
+  value: "light"
 }

From 46485c8b62778f1b581019ef19e67dd8de937ca3 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 23 May 2025 06:54:14 +0000
Subject: [PATCH 268/591] Upgrade Protobuf C++ to 22.5 (#11961)

---
 COMPILING.md                                  |  4 +-
 buildscripts/grpc-java-artifacts/Dockerfile   |  6 +-
 .../Dockerfile.multiarch.base                 |  6 ++
 .../Dockerfile.ubuntu2004.base                |  6 ++
 buildscripts/kokoro/android-interop.sh        |  4 +-
 buildscripts/kokoro/android.sh                | 14 ++--
 buildscripts/kokoro/unix.sh                   |  6 +-
 buildscripts/kokoro/windows.cfg               |  2 +-
 buildscripts/kokoro/windows32.bat             | 39 +++++++++--
 buildscripts/kokoro/windows64.bat             | 39 +++++++++--
 buildscripts/make_dependencies.bat            | 41 ++++++++----
 buildscripts/make_dependencies.sh             | 64 +++++++++++++------
 buildscripts/toolchain.cmake                  |  9 +++
 compiler/build.gradle                         | 24 ++++---
 compiler/check-artifact.sh                    |  2 +-
 .../test/java/io/grpc/okhttp/UtilsTest.java   |  6 +-
 16 files changed, 206 insertions(+), 66 deletions(-)
 create mode 100644 buildscripts/toolchain.cmake

diff --git a/COMPILING.md b/COMPILING.md
index de3cbb026c1..b7df1319beb 100644
--- a/COMPILING.md
+++ b/COMPILING.md
@@ -44,11 +44,11 @@ This section is only necessary if you are making changes to the code
 generation. Most users only need to use `skipCodegen=true` as discussed above.
 
 ### Build Protobuf
-The codegen plugin is C++ code and requires protobuf 21.7 or later.
+The codegen plugin is C++ code and requires protobuf 22.5 or later.
 
 For Linux, Mac and MinGW:
 ```
-$ PROTOBUF_VERSION=21.7
+$ PROTOBUF_VERSION=22.5
 $ curl -LO https://github.com/protocolbuffers/protobuf/releases/download/v$PROTOBUF_VERSION/protobuf-all-$PROTOBUF_VERSION.tar.gz
 $ tar xzf protobuf-all-$PROTOBUF_VERSION.tar.gz
 $ cd protobuf-$PROTOBUF_VERSION
diff --git a/buildscripts/grpc-java-artifacts/Dockerfile b/buildscripts/grpc-java-artifacts/Dockerfile
index 736babe9d8e..0cc5634b9df 100644
--- a/buildscripts/grpc-java-artifacts/Dockerfile
+++ b/buildscripts/grpc-java-artifacts/Dockerfile
@@ -27,7 +27,11 @@ RUN mkdir -p "$ANDROID_HOME/cmdline-tools" && \
     mv "$ANDROID_HOME/cmdline-tools/cmdline-tools" "$ANDROID_HOME/cmdline-tools/latest" && \
     yes | "$ANDROID_HOME/cmdline-tools/latest/bin/sdkmanager" --licenses
 
+RUN curl -Ls https://github.com/Kitware/CMake/releases/download/v3.26.3/cmake-3.26.3-linux-x86_64.tar.gz | \
+    tar xz -C /var/local    
+    
 # Install Maven
 RUN curl -Ls https://dlcdn.apache.org/maven/maven-3/3.8.8/binaries/apache-maven-3.8.8-bin.tar.gz | \
     tar xz -C /var/local
-ENV PATH /var/local/apache-maven-3.8.8/bin:$PATH
+ENV PATH /var/local/cmake-3.26.3-linux-x86_64/bin:/var/local/apache-maven-3.8.8/bin:$PATH
+
diff --git a/buildscripts/grpc-java-artifacts/Dockerfile.multiarch.base b/buildscripts/grpc-java-artifacts/Dockerfile.multiarch.base
index 8f7cfae2f52..da2c46904ca 100644
--- a/buildscripts/grpc-java-artifacts/Dockerfile.multiarch.base
+++ b/buildscripts/grpc-java-artifacts/Dockerfile.multiarch.base
@@ -10,5 +10,11 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
         g++-aarch64-linux-gnu \
         g++-powerpc64le-linux-gnu \
         openjdk-8-jdk \
+        pkg-config \
         && \
     rm -rf /var/lib/apt/lists/*
+    
+RUN curl -Ls https://github.com/Kitware/CMake/releases/download/v3.26.3/cmake-3.26.3-linux-x86_64.tar.gz | \
+    tar xz -C /var/local
+ENV PATH /var/local/cmake-3.26.3-linux-x86_64/bin:$PATH
+
diff --git a/buildscripts/grpc-java-artifacts/Dockerfile.ubuntu2004.base b/buildscripts/grpc-java-artifacts/Dockerfile.ubuntu2004.base
index 2d11d76c373..e987fb3e684 100644
--- a/buildscripts/grpc-java-artifacts/Dockerfile.ubuntu2004.base
+++ b/buildscripts/grpc-java-artifacts/Dockerfile.ubuntu2004.base
@@ -9,5 +9,11 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
         curl \
         g++-s390x-linux-gnu \
         openjdk-8-jdk \
+        pkg-config \
         && \
     rm -rf /var/lib/apt/lists/*
+    
+RUN curl -Ls https://github.com/Kitware/CMake/releases/download/v3.26.3/cmake-3.26.3-linux-x86_64.tar.gz | \
+    tar xz -C /var/local
+ENV PATH /var/local/cmake-3.26.3-linux-x86_64/bin:$PATH
+
diff --git a/buildscripts/kokoro/android-interop.sh b/buildscripts/kokoro/android-interop.sh
index b4adc8bed43..f987aea85f6 100755
--- a/buildscripts/kokoro/android-interop.sh
+++ b/buildscripts/kokoro/android-interop.sh
@@ -7,8 +7,8 @@ set -exu -o pipefail
 
 cd github/grpc-java
 
-export LDFLAGS=-L/tmp/protobuf/lib
-export CXXFLAGS=-I/tmp/protobuf/include
+export LDFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --libs protobuf)"
+export CXXFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --cflags protobuf)"
 export LD_LIBRARY_PATH=/tmp/protobuf/lib
 export OS_NAME=$(uname)
 
diff --git a/buildscripts/kokoro/android.sh b/buildscripts/kokoro/android.sh
index 13983e747b7..5af55b2f551 100755
--- a/buildscripts/kokoro/android.sh
+++ b/buildscripts/kokoro/android.sh
@@ -9,9 +9,6 @@ BASE_DIR="$(pwd)"
 
 cd "$BASE_DIR/github/grpc-java"
 
-export LDFLAGS=-L/tmp/protobuf/lib
-export CXXFLAGS=-I/tmp/protobuf/include
-export LD_LIBRARY_PATH=/tmp/protobuf/lib
 export OS_NAME=$(uname)
 
 cat <<EOF >> gradle.properties
@@ -30,10 +27,18 @@ unzip -qd "${ANDROID_HOME}/cmdline-tools" cmdline.zip
 rm cmdline.zip
 mv "${ANDROID_HOME}/cmdline-tools/cmdline-tools" "${ANDROID_HOME}/cmdline-tools/latest"
 (yes || true) | "${ANDROID_HOME}/cmdline-tools/latest/bin/sdkmanager" --licenses
-
+curl -Ls https://github.com/Kitware/CMake/releases/download/v3.26.3/cmake-3.26.3-linux-x86_64.tar.gz | \
+    tar xz -C /tmp
+export PATH=/tmp/cmake-3.26.3-linux-x86_64/bin:$PATH
+    
 # Proto deps
 buildscripts/make_dependencies.sh
 
+sudo apt-get update && sudo apt-get install pkg-config
+export LDFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --libs protobuf)"
+export CXXFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --cflags protobuf)"
+export LD_LIBRARY_PATH=/tmp/protobuf/lib
+
 # Build Android with Java 11, this adds it to the PATH
 sudo update-java-alternatives --set java-1.11.0-openjdk-amd64
 # Unset any existing JAVA_HOME env var to stop Gradle from using it
@@ -98,6 +103,7 @@ cd $BASE_DIR/github/grpc-java
 ./gradlew clean
 git checkout HEAD^
 ./gradlew --stop  # use a new daemon to build the previous commit
+GRADLE_FLAGS="${GRADLE_FLAGS} -PskipCodegen=true" # skip codegen for build from previous commit since it wasn't built with --std=c++14 when making this change
 ./gradlew publishToMavenLocal $GRADLE_FLAGS
 cd examples/android/helloworld/
 ../../gradlew build $GRADLE_FLAGS
diff --git a/buildscripts/kokoro/unix.sh b/buildscripts/kokoro/unix.sh
index 1b88b56ab40..e65825cac01 100755
--- a/buildscripts/kokoro/unix.sh
+++ b/buildscripts/kokoro/unix.sh
@@ -51,9 +51,9 @@ fi
 export GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx1g'"
 
 # Make protobuf discoverable by :grpc-compiler
-export LD_LIBRARY_PATH=/tmp/protobuf/lib
-export LDFLAGS=-L/tmp/protobuf/lib
-export CXXFLAGS="-I/tmp/protobuf/include"
+export LDFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --libs protobuf)"
+export CXXFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --cflags protobuf)"
+export LIBRARY_PATH=/tmp/protobuf/lib
 
 ./gradlew grpc-compiler:clean $GRADLE_FLAGS
 
diff --git a/buildscripts/kokoro/windows.cfg b/buildscripts/kokoro/windows.cfg
index bdfaa38904f..ec0a3c9ae34 100644
--- a/buildscripts/kokoro/windows.cfg
+++ b/buildscripts/kokoro/windows.cfg
@@ -2,7 +2,7 @@
 
 # Location of the continuous shell script in repository.
 build_file: "grpc-java/buildscripts/kokoro/windows.bat"
-timeout_mins: 45
+timeout_mins: 90 
 
 # We always build mvn artifacts.
 action {
diff --git a/buildscripts/kokoro/windows32.bat b/buildscripts/kokoro/windows32.bat
index ffd4d3b99a6..f87899d0ab8 100644
--- a/buildscripts/kokoro/windows32.bat
+++ b/buildscripts/kokoro/windows32.bat
@@ -15,19 +15,21 @@ set ESCWORKSPACE=%WORKSPACE:\=\\%
 
 @rem Clear JAVA_HOME to prevent a different Java version from being used
 set JAVA_HOME=
-set PATH=C:\Program Files\OpenJDK\openjdk-11.0.12_7\bin;%PATH%
 
 mkdir grpc-java-helper32
 cd grpc-java-helper32
-call "%VS140COMNTOOLS%\vsvars32.bat" || exit /b 1
+call "%VS170COMNTOOLS%\..\..\VC\Auxiliary\Build\vcvars32.bat" || exit /b 1
 call "%WORKSPACE%\buildscripts\make_dependencies.bat" || exit /b 1
 
 cd "%WORKSPACE%"
 
 SET TARGET_ARCH=x86_32
 SET FAIL_ON_WARNINGS=true
-SET VC_PROTOBUF_LIBS=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\Release
-SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\include
+SET PROTOBUF_VER=22.5
+SET PKG_CONFIG_PATH=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib\\pkgconfig
+SET VC_PROTOBUF_LIBS=/LIBPATH:%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib
+SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\include
+call :Get_Libs
 SET GRADLE_FLAGS=-PtargetArch=%TARGET_ARCH% -PfailOnWarnings=%FAIL_ON_WARNINGS% -PvcProtobufLibs=%VC_PROTOBUF_LIBS% -PvcProtobufInclude=%VC_PROTOBUF_INCLUDE% -PskipAndroid=true
 SET GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx1g'"
 
@@ -50,3 +52,32 @@ IF NOT %GRADLEEXIT% == 0 (
 cmd.exe /C "%WORKSPACE%\gradlew.bat --stop"
 
 cmd.exe /C "%WORKSPACE%\gradlew.bat  %GRADLE_FLAGS% -Dorg.gradle.parallel=false -PrepositoryDir=%WORKSPACE%\artifacts clean grpc-compiler:build grpc-compiler:publish" || exit /b 1
+
+goto :eof
+:Get_Libs
+SetLocal EnableDelayedExpansion
+set "libs_list="
+for /f "tokens=*" %%a in ('pkg-config --libs protobuf') do (
+  for %%b in (%%a) do (
+    set lib=%%b
+    set libfirst2char=!lib:~0,2!
+    if !libfirst2char!==-l (
+      @rem remove the leading -l
+      set lib=!lib:~2!
+      @rem remove spaces
+      set lib=!lib: =!
+      @rem Because protobuf is specified as libprotobuf and elsewhere
+      if !lib! NEQ protobuf (
+        set lib=!lib!.lib
+        if "!libs_list!"=="" (
+          set libs_list=!lib!
+        ) else (
+          set libs_list=!libs_list!,!lib!
+        )
+      )
+    )
+  )
+)
+EndLocal & set "VC_PROTOBUF_LIBS=%VC_PROTOBUF_LIBS%,%libs_list%" 
+exit /b 0
+
diff --git a/buildscripts/kokoro/windows64.bat b/buildscripts/kokoro/windows64.bat
index 8542f1c0536..0a99f47dd3d 100644
--- a/buildscripts/kokoro/windows64.bat
+++ b/buildscripts/kokoro/windows64.bat
@@ -14,19 +14,21 @@ set ESCWORKSPACE=%WORKSPACE:\=\\%
 
 @rem Clear JAVA_HOME to prevent a different Java version from being used
 set JAVA_HOME=
-set PATH=C:\Program Files\OpenJDK\openjdk-11.0.12_7\bin;%PATH%
 
 mkdir grpc-java-helper64
 cd grpc-java-helper64
-call "%VS140COMNTOOLS%\..\..\VC\bin\amd64\vcvars64.bat" || exit /b 1
+call "%VS170COMNTOOLS%\..\..\VC\Auxiliary\Build\vcvars64.bat" || exit /b 1
 call "%WORKSPACE%\buildscripts\make_dependencies.bat" || exit /b 1
 
 cd "%WORKSPACE%"
 
 SET TARGET_ARCH=x86_64
 SET FAIL_ON_WARNINGS=true
-SET VC_PROTOBUF_LIBS=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\Release
-SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\include
+SET PROTOBUF_VER=22.5
+SET PKG_CONFIG_PATH=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib\\pkgconfig
+SET VC_PROTOBUF_LIBS=/LIBPATH:%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib
+SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\include
+call :Get_Libs
 SET GRADLE_FLAGS=-PtargetArch=%TARGET_ARCH% -PfailOnWarnings=%FAIL_ON_WARNINGS% -PvcProtobufLibs=%VC_PROTOBUF_LIBS% -PvcProtobufInclude=%VC_PROTOBUF_INCLUDE% -PskipAndroid=true
 SET GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx1g'"
 
@@ -34,3 +36,32 @@ SET GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx1g'"
 cmd.exe /C "%WORKSPACE%\gradlew.bat --stop"
 
 cmd.exe /C "%WORKSPACE%\gradlew.bat  %GRADLE_FLAGS% -Dorg.gradle.parallel=false -PrepositoryDir=%WORKSPACE%\artifacts grpc-compiler:clean grpc-compiler:build grpc-compiler:publish" || exit /b 1
+
+goto :eof
+:Get_Libs
+SetLocal EnableDelayedExpansion
+set "libs_list="
+for /f "tokens=*" %%a in ('pkg-config --libs protobuf') do (
+  for %%b in (%%a) do (
+    set lib=%%b
+    set libfirst2char=!lib:~0,2!
+    if !libfirst2char!==-l (
+      @rem remove the leading -l
+      set lib=!lib:~2!
+      @rem remove spaces
+      set lib=!lib: =!
+      @rem Because protobuf is specified as libprotobuf and elsewhere
+      if !lib! NEQ protobuf (
+        set lib=!lib!.lib
+        if "!libs_list!"=="" (
+          set libs_list=!lib!
+        ) else (
+          set libs_list=!libs_list!,!lib!
+        )
+      )
+    )
+  )
+)
+EndLocal & set "VC_PROTOBUF_LIBS=%VC_PROTOBUF_LIBS%,%libs_list%" 
+exit /b 0
+
diff --git a/buildscripts/make_dependencies.bat b/buildscripts/make_dependencies.bat
index 2bbfd394d46..dce08ef7624 100644
--- a/buildscripts/make_dependencies.bat
+++ b/buildscripts/make_dependencies.bat
@@ -1,12 +1,16 @@
-set PROTOBUF_VER=21.7
-set CMAKE_NAME=cmake-3.3.2-win32-x86
+choco install -y pkgconfiglite
+choco install -y openjdk --version=17.0
+set PATH=%PATH%;"c:\Program Files\OpenJDK\jdk-17\bin"
+set PROTOBUF_VER=22.5
+set ABSL_VERSION=20230125.4
+set CMAKE_NAME=cmake-3.26.3-windows-x86_64
 
 if not exist "protobuf-%PROTOBUF_VER%\build\Release\" (
   call :installProto || exit /b 1
 )
 
 echo Compile gRPC-Java with something like:
-echo -PtargetArch=x86_32 -PvcProtobufLibs=%cd%\protobuf-%PROTOBUF_VER%\build\Release -PvcProtobufInclude=%cd%\protobuf-%PROTOBUF_VER%\build\include
+echo -PtargetArch=x86_32 -PvcProtobufLibPath=%cd%\protobuf-%PROTOBUF_VER%\build\protobuf-%PROTOBUF_VER%\lib -PvcProtobufInclude=%cd%\protobuf-%PROTOBUF_VER%\build\protobuf-%PROTOBUF_VER%\include -PvcProtobufLibs=insert-list-of-libs-from-pkg-config-output-here
 goto :eof
 
 
@@ -20,25 +24,35 @@ if not exist "%CMAKE_NAME%" (
 set PATH=%PATH%;%cd%\%CMAKE_NAME%\bin
 :hasCmake
 @rem GitHub requires TLSv1.2, and for whatever reason our powershell doesn't have it enabled
-powershell -command "$ErrorActionPreference = 'stop'; & { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; iwr https://github.com/google/protobuf/archive/v%PROTOBUF_VER%.zip -OutFile protobuf.zip }" || exit /b 1
+powershell -command "$ProgressPreference = 'SilentlyContinue'; $ErrorActionPreference = 'stop'; & { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; iwr https://github.com/google/protobuf/releases/download/v%PROTOBUF_VER%/protobuf-%PROTOBUF_VER%.zip -OutFile protobuf.zip }" || exit /b 1
 powershell -command "$ErrorActionPreference = 'stop'; & { Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('protobuf.zip', '.') }" || exit /b 1
 del protobuf.zip
+powershell -command "$ProgressPreference = 'SilentlyContinue'; $ErrorActionPreference = 'stop'; & { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; iwr https://github.com/abseil/abseil-cpp/archive/refs/tags/%ABSL_VERSION%.zip -OutFile absl.zip }" || exit /b 1
+powershell -command "$ErrorActionPreference = 'stop'; & { Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('absl.zip', '.') }" || exit /b 1
+del absl.zip
+rmdir protobuf-%PROTOBUF_VER%\third_party\abseil-cpp
+move abseil-cpp-%ABSL_VERSION% protobuf-%PROTOBUF_VER%\third_party\abseil-cpp
 mkdir protobuf-%PROTOBUF_VER%\build
 pushd protobuf-%PROTOBUF_VER%\build
 
-@rem Workaround https://github.com/protocolbuffers/protobuf/issues/10174
-powershell -command "(Get-Content ..\cmake\extract_includes.bat.in) -replace '\.\.\\', '' | Out-File -encoding ascii ..\cmake\extract_includes.bat.in"
 @rem cmake does not detect x86_64 from the vcvars64.bat variables.
-@rem If vcvars64.bat has set PLATFORM to X64, then inform cmake to use the Win64 version of VS
-if "%PLATFORM%" == "X64" (
-  @rem Note the space
-  SET CMAKE_VSARCH= Win64
+@rem If vcvars64.bat has set PLATFORM to X64, then inform cmake to use the Win64 version of VS, likewise for x32
+if "%PLATFORM%" == "x64" (
+  SET CMAKE_VSARCH=-A x64
+) else if "%PLATFORM%" == "x86" (
+  @rem -A x86 doesn't work: https://github.com/microsoft/vcpkg/issues/15465
+  SET CMAKE_VSARCH=-DCMAKE_GENERATOR_PLATFORM=WIN32
 ) else (
   SET CMAKE_VSARCH=
 )
-cmake -Dprotobuf_BUILD_TESTS=OFF -G "Visual Studio %VisualStudioVersion:~0,2%%CMAKE_VSARCH%" .. || exit /b 1
-msbuild /maxcpucount /p:Configuration=Release /verbosity:minimal libprotoc.vcxproj || exit /b 1
-call extract_includes.bat || exit /b 1
+for /f "tokens=4 delims=\" %%a in ("%VCINSTALLDIR%") do (
+  SET VC_YEAR=%%a
+)
+for /f "tokens=1 delims=." %%a in ("%VisualStudioVersion%") do (
+  SET visual_studio_major_version=%%a
+)
+cmake -Dprotobuf_BUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=%cd%\protobuf-%PROTOBUF_VER% -DCMAKE_PREFIX_PATH=%cd%\protobuf-%PROTOBUF_VER% -G "Visual Studio %visual_studio_major_version% %VC_YEAR%" %CMAKE_VSARCH% .. || exit /b 1
+cmake --build . --config Release --target install || exit /b 1
 popd
 goto :eof
 
@@ -49,3 +63,4 @@ powershell -command "$ErrorActionPreference = 'stop'; & { iwr https://cmake.org/
 powershell -command "$ErrorActionPreference = 'stop'; & { Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('cmake.zip', '.') }" || exit /b 1
 del cmake.zip
 goto :eof
+
diff --git a/buildscripts/make_dependencies.sh b/buildscripts/make_dependencies.sh
index 3d02a72f4eb..e5d2450afe7 100755
--- a/buildscripts/make_dependencies.sh
+++ b/buildscripts/make_dependencies.sh
@@ -3,13 +3,17 @@
 # Build protoc
 set -evux -o pipefail
 
-PROTOBUF_VERSION=21.7
+PROTOBUF_VERSION=22.5
+ABSL_VERSION=20230125.4
+CMAKE_VERSION=3.26.3
 
 # ARCH is x86_64 bit unless otherwise specified.
 ARCH="${ARCH:-x86_64}"
 DOWNLOAD_DIR=/tmp/source
 INSTALL_DIR="/tmp/protobuf-cache/$PROTOBUF_VERSION/$(uname -s)-$ARCH"
+BUILDSCRIPTS_DIR="$(cd "$(dirname "$0")" && pwd)"
 mkdir -p $DOWNLOAD_DIR
+cd "$DOWNLOAD_DIR"
 
 # Start with a sane default
 NUM_CPU=4
@@ -26,27 +30,46 @@ if [ -f ${INSTALL_DIR}/bin/protoc ]; then
   echo "Not building protobuf. Already built"
 # TODO(ejona): swap to `brew install --devel protobuf` once it is up-to-date
 else
-  if [[ ! -d "$DOWNLOAD_DIR"/protobuf-"${PROTOBUF_VERSION}" ]]; then
-    curl -Ls https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protobuf-all-${PROTOBUF_VERSION}.tar.gz | tar xz -C $DOWNLOAD_DIR
+  if [[ ! -d "protobuf-${PROTOBUF_VERSION}" ]]; then
+    curl -Ls "https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protobuf-${PROTOBUF_VERSION}.tar.gz" | tar xz
+    curl -Ls "https://github.com/abseil/abseil-cpp/archive/refs/tags/${ABSL_VERSION}.tar.gz" | tar xz
+    rmdir "protobuf-$PROTOBUF_VERSION/third_party/abseil-cpp"
+    mv "abseil-cpp-$ABSL_VERSION" "protobuf-$PROTOBUF_VERSION/third_party/abseil-cpp"
   fi
-  pushd $DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}
+  # the same source dir is used for 32 and 64 bit builds, so we need to clean stale data first
+  rm -rf "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
+  mkdir "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
+  pushd "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
   # install here so we don't need sudo
   if [[ "$ARCH" == x86* ]]; then
-    ./configure CFLAGS=-m${ARCH#*_} CXXFLAGS=-m${ARCH#*_} --disable-shared \
-      --prefix="$INSTALL_DIR"
-  elif [[ "$ARCH" == aarch* ]]; then
-    ./configure --disable-shared --host=aarch64-linux-gnu --prefix="$INSTALL_DIR"
-  elif [[ "$ARCH" == ppc* ]]; then
-    ./configure --disable-shared --host=powerpc64le-linux-gnu --prefix="$INSTALL_DIR"
-  elif [[ "$ARCH" == s390* ]]; then
-    ./configure --disable-shared --host=s390x-linux-gnu --prefix="$INSTALL_DIR"
-  elif [[ "$ARCH" == loongarch* ]]; then
-    ./configure --disable-shared --host=loongarch64-unknown-linux-gnu --prefix="$INSTALL_DIR"
+    CFLAGS=-m${ARCH#*_} CXXFLAGS=-m${ARCH#*_} cmake .. \
+      -DCMAKE_CXX_STANDARD=14 -Dprotobuf_BUILD_TESTS=OFF -DBUILD_SHARED_LIBS=OFF \
+      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" -DABSL_INTERNAL_AT_LEAST_CXX17=0 \
+      -B. || exit 1
+  else
+    if [[ "$ARCH" == aarch_64 ]]; then
+      GCC_ARCH=aarch64-linux-gnu
+    elif [[ "$ARCH" == ppcle_64 ]]; then
+      GCC_ARCH=powerpc64le-linux-gnu
+    elif [[ "$ARCH" == s390_64 ]]; then
+      GCC_ARCH=s390x-linux-gnu
+    elif [[ "$ARCH" == loongarch_64 ]]; then
+      GCC_ARCH=loongarch64-unknown-linux-gnu
+    else
+      echo "Unknown architecture: $ARCH"
+      exit 1
+    fi
+    cmake .. \
+      -DCMAKE_CXX_STANDARD=14 -Dprotobuf_BUILD_TESTS=OFF -DBUILD_SHARED_LIBS=OFF \
+      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" -DABSL_INTERNAL_AT_LEAST_CXX17=0 \
+      -Dcrosscompile_ARCH="$GCC_ARCH" \
+      -DCMAKE_TOOLCHAIN_FILE=$BUILDSCRIPTS_DIR/toolchain.cmake \
+      -B. || exit 1
   fi
-  # the same source dir is used for 32 and 64 bit builds, so we need to clean stale data first
-  make clean
-  make V=0 -j$NUM_CPU
-  make install
+  export CMAKE_BUILD_PARALLEL_LEVEL="$NUM_CPU"
+  cmake --build . || exit 1
+  cmake --install . || exit 1
+  [ -d "$INSTALL_DIR/lib64" ] && mv "$INSTALL_DIR/lib64" "$INSTALL_DIR/lib"
   popd
 fi
 
@@ -60,7 +83,8 @@ ln -s "$INSTALL_DIR" /tmp/protobuf
 cat <<EOF
 To compile with the build dependencies:
 
-export LDFLAGS=-L/tmp/protobuf/lib
-export CXXFLAGS=-I/tmp/protobuf/include
+export LDFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --libs protobuf)"
+export CXXFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --cflags protobuf)"
+export LIBRARY_PATH=/tmp/protobuf/lib
 export LD_LIBRARY_PATH=/tmp/protobuf/lib
 EOF
diff --git a/buildscripts/toolchain.cmake b/buildscripts/toolchain.cmake
new file mode 100644
index 00000000000..b71515cebda
--- /dev/null
+++ b/buildscripts/toolchain.cmake
@@ -0,0 +1,9 @@
+set(CMAKE_SYSTEM_NAME Linux)
+
+set(CMAKE_C_COMPILER   "${crosscompile_ARCH}-gcc")
+set(CMAKE_CXX_COMPILER "${crosscompile_ARCH}-g++")
+set(CMAKE_FIND_ROOT_PATH "/usr/${crosscompile_ARCH}/")
+
+set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
+set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
+set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
diff --git a/compiler/build.gradle b/compiler/build.gradle
index 9fee2545f0c..6d832ecd56b 100644
--- a/compiler/build.gradle
+++ b/compiler/build.gradle
@@ -100,19 +100,20 @@ model {
         all {
             if (toolChain in Gcc || toolChain in Clang) {
                 cppCompiler.define("GRPC_VERSION", version)
-                cppCompiler.args "--std=c++0x"
+                cppCompiler.args "--std=c++14"
                 addEnvArgs("CXXFLAGS", cppCompiler.args)
                 addEnvArgs("CPPFLAGS", cppCompiler.args)
                 if (osdetector.os == "osx") {
                     cppCompiler.args "-mmacosx-version-min=10.7", "-stdlib=libc++"
+                    linker.args "-framework", "CoreFoundation"
                     addLibraryIfNotLinked('protoc', linker.args)
                     addLibraryIfNotLinked('protobuf', linker.args)
                 } else if (osdetector.os == "windows") {
                     linker.args "-static", "-lprotoc", "-lprotobuf", "-static-libgcc", "-static-libstdc++",
                             "-s"
-		  } else if (osdetector.arch == "ppcle_64") {
-		      linker.args "-Wl,-Bstatic", "-lprotoc", "-lprotobuf", "-Wl,-Bdynamic", "-lpthread", "-s"
-		  } else {
+                } else if (osdetector.arch == "ppcle_64") {
+                    linker.args "-Wl,-Bstatic", "-lprotoc", "-lprotobuf", "-Wl,-Bdynamic", "-lpthread", "-s"
+                } else {
                     // Link protoc, protobuf, libgcc and libstdc++ statically.
                     // Link other (system) libraries dynamically.
                     // Clang under OSX doesn't support these options.
@@ -126,10 +127,12 @@ model {
                 cppCompiler.args "/EHsc", "/MT"
                 if (rootProject.hasProperty('vcProtobufInclude')) {
                     cppCompiler.args "/I${rootProject.vcProtobufInclude}"
-                }
-                linker.args "libprotobuf.lib", "libprotoc.lib"
+                } 
+                linker.args.add("libprotoc.lib")
+                linker.args.add("libprotobuf.lib")
                 if (rootProject.hasProperty('vcProtobufLibs')) {
-                    linker.args "/LIBPATH:${rootProject.vcProtobufLibs}"
+                    String libsList = rootProject.property('vcProtobufLibs') as String
+                    libsList.split(',').each() { lib -> linker.args.add(lib) }
                 }
             }
         }
@@ -242,9 +245,10 @@ def checkArtifacts = tasks.register("checkArtifacts") {
             if (ret.exitValue != 0) {
                 throw new GradleException("dumpbin exited with " + ret.exitValue)
             }
-            def dlls = os.toString() =~ /Image has the following dependencies:\s+(.*)\s+Summary/
-            if (dlls[0][1] != "KERNEL32.dll") {
-                throw new Exception("unexpected dll deps: " + dlls[0][1]);
+            def dlls_match_results = os.toString() =~ /Image has the following dependencies:([\S\s]*)Summary/
+            def dlls =  dlls_match_results[0][1].trim().split("\\s+").sort()
+            if (dlls != ["KERNEL32.dll", "dbghelp.dll"]) {
+                throw new Exception("unexpected dll deps: " + dlls);
             }
             os.reset()
             ret = exec {
diff --git a/compiler/check-artifact.sh b/compiler/check-artifact.sh
index 4d0c2fa6286..12d7709a2a8 100755
--- a/compiler/check-artifact.sh
+++ b/compiler/check-artifact.sh
@@ -114,7 +114,7 @@ checkDependencies ()
     white_list="KERNEL32\.dll\|msvcrt\.dll\|USER32\.dll"
   elif [[ "$OS" == linux ]]; then
     dump_cmd='objdump -x '"$1"' | grep "NEEDED"'
-    white_list="libpthread\.so\.0\|libstdc++\.so\.6\|libc\.so\.6"
+    white_list="libpthread\.so\.0\|libstdc++\.so\.6\|libc\.so\.6\|librt\.so\.1\|libm\.so\.6"
     if [[ "$ARCH" == x86_32 ]]; then
       white_list="${white_list}\|libm\.so\.6"
     elif [[ "$ARCH" == x86_64 ]]; then
diff --git a/okhttp/src/test/java/io/grpc/okhttp/UtilsTest.java b/okhttp/src/test/java/io/grpc/okhttp/UtilsTest.java
index 895ba7ff7c7..ede8511ee70 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/UtilsTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/UtilsTest.java
@@ -25,6 +25,7 @@
 import io.grpc.okhttp.internal.TlsVersion;
 import java.net.Socket;
 import java.util.List;
+import java.util.Locale;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
@@ -95,6 +96,9 @@ public void getSocketOptions() throws Exception {
     assertEquals("5000", socketOptions.others.get("SO_SNDBUF"));
     assertEquals("true", socketOptions.others.get("SO_KEEPALIVE"));
     assertEquals("true", socketOptions.others.get("SO_OOBINLINE"));
-    assertEquals("8", socketOptions.others.get("IP_TOS"));
+    String osName = System.getProperty("os.name").toLowerCase(Locale.ENGLISH);
+    if (!osName.startsWith("windows")) {
+      assertEquals("8", socketOptions.others.get("IP_TOS"));
+    }
   }
 }

From d124007ff4e4229d0a8d3096d13c7e82aa524d84 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sun, 25 May 2025 20:12:58 -0700
Subject: [PATCH 269/591] kokoro: Don't run grpc codegen in android-interop
 (#12098)

android-interop has been failing to build since 46485c8 because it
didn't have cmake installed and defined LDFLAGS/CXXFLAGS with pkg-config
before make_dependencies.sh had been run.

Android-interop didn't verify the codegen is up-to-date. Building the
codegen was just a relic from when android was its own separate gradle
build. Avoiding codegen means we don't have to compile absl/protobuf and
have a C++ toolchain.
---
 buildscripts/kokoro/android-interop.sh | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/buildscripts/kokoro/android-interop.sh b/buildscripts/kokoro/android-interop.sh
index f987aea85f6..877311daca5 100755
--- a/buildscripts/kokoro/android-interop.sh
+++ b/buildscripts/kokoro/android-interop.sh
@@ -2,16 +2,8 @@
 
 set -exu -o pipefail
 
-# Install gRPC and codegen for the Android interop app
-# (a composite gradle build can't find protoc-gen-grpc-java)
-
 cd github/grpc-java
 
-export LDFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --libs protobuf)"
-export CXXFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --cflags protobuf)"
-export LD_LIBRARY_PATH=/tmp/protobuf/lib
-export OS_NAME=$(uname)
-
 export ANDROID_HOME=/tmp/Android/Sdk
 mkdir -p "${ANDROID_HOME}/cmdline-tools"
 curl -Ls -o cmdline.zip \
@@ -21,15 +13,12 @@ rm cmdline.zip
 mv "${ANDROID_HOME}/cmdline-tools/cmdline-tools" "${ANDROID_HOME}/cmdline-tools/latest"
 (yes || true) | "${ANDROID_HOME}/cmdline-tools/latest/bin/sdkmanager" --licenses
 
-# Proto deps
-buildscripts/make_dependencies.sh
-
 # Build Android with Java 11, this adds it to the PATH
 sudo update-java-alternatives --set java-1.11.0-openjdk-amd64
 # Unset any existing JAVA_HOME env var to stop Gradle from using it
 unset JAVA_HOME
 
-GRADLE_FLAGS="-Pandroid.useAndroidX=true -Dorg.gradle.jvmargs=-Xmx1024m"
+GRADLE_FLAGS="-Pandroid.useAndroidX=true -Dorg.gradle.jvmargs=-Xmx1024m -PskipCodegen=true"
 
 ./gradlew $GRADLE_FLAGS :grpc-android-interop-testing:assembleDebug
 ./gradlew $GRADLE_FLAGS :grpc-android-interop-testing:assembleDebugAndroidTest

From 83538cdae3142be122496fbaa80440f39d715a47 Mon Sep 17 00:00:00 2001
From: Sangamesh <ghulesangu@gmail.com>
Date: Tue, 27 May 2025 17:52:47 +0000
Subject: [PATCH 270/591] cronet: Delete TODO for User-Agent on CronetEngine

gRPC doesn't create the CronetEngine, so even though streaming is
observing the CronetEngine's User-Agent, we don't have control of that.
In addition, CronetEngines are commonly shared between gRPC and normal
HTTP traffic, so we don't actually expect users to set gRPC in engine's
user agent. The existing behavior seems to be working as well as
feasible.

Fixes #11582
---
 cronet/src/main/java/io/grpc/cronet/CronetClientStream.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java b/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
index 95adb65ec40..fcba49a7ae1 100644
--- a/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
+++ b/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
@@ -362,7 +362,6 @@ private static boolean isApplicationHeader(String key) {
   private void setGrpcHeaders(BidirectionalStream.Builder builder) {
     // Psuedo-headers are set by cronet.
     // All non-pseudo headers must come after pseudo headers.
-    // TODO(ericgribkoff): remove this and set it on CronetEngine after crbug.com/588204 gets fixed.
     builder.addHeader(USER_AGENT_KEY.name(), userAgent);
     builder.addHeader(CONTENT_TYPE_KEY.name(), GrpcUtil.CONTENT_TYPE_GRPC);
     builder.addHeader("te", GrpcUtil.TE_TRAILERS);

From 22cf7cf2ac454843b20993fd0b58918563a51a83 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Fri, 30 May 2025 07:25:37 +0200
Subject: [PATCH 271/591] tests: Replace usages of deprecated junit
 ExpectedException with assertThrows (#12103)

---
 .../grpc/netty/NettyChannelBuilderTest.java   |  92 ++--
 .../io/grpc/netty/NettyServerBuilderTest.java | 117 +++--
 .../grpc/netty/ProtocolNegotiatorsTest.java   |  36 +-
 .../grpc/okhttp/OkHttpChannelBuilderTest.java |  32 +-
 .../okhttp/OkHttpProtocolNegotiatorTest.java  |  30 +-
 .../test/java/io/grpc/okhttp/UtilsTest.java   |  14 +-
 .../protobuf/lite/ProtoLiteUtilsTest.java     |  13 +-
 .../io/grpc/testing/GrpcCleanupRuleTest.java  |  21 +-
 .../util/GracefulSwitchLoadBalancerTest.java  |  11 +-
 .../io/grpc/xds/GrpcBootstrapperImplTest.java |  41 +-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 413 +++++++++---------
 .../xds/PriorityLoadBalancerProviderTest.java |  13 +-
 .../xds/SharedXdsClientPoolProviderTest.java  |  11 +-
 .../io/grpc/xds/WeightedRandomPickerTest.java |  19 +-
 14 files changed, 407 insertions(+), 456 deletions(-)

diff --git a/netty/src/test/java/io/grpc/netty/NettyChannelBuilderTest.java b/netty/src/test/java/io/grpc/netty/NettyChannelBuilderTest.java
index 5789d275c07..95d54d13b82 100644
--- a/netty/src/test/java/io/grpc/netty/NettyChannelBuilderTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyChannelBuilderTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
 
@@ -39,17 +40,13 @@
 import java.net.SocketAddress;
 import java.util.concurrent.TimeUnit;
 import javax.net.ssl.SSLException;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
 @RunWith(JUnit4.class)
 public class NettyChannelBuilderTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
   private final SslContext noSslContext = null;
 
   private void shutdown(ManagedChannel mc) throws Exception {
@@ -107,10 +104,9 @@ private void overrideAuthorityIsReadableHelper(NettyChannelBuilder builder,
   public void failOverrideInvalidAuthority() {
     NettyChannelBuilder builder = new NettyChannelBuilder(getTestSocketAddress());
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid authority:");
-
-    builder.overrideAuthority("[invalidauthority");
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.overrideAuthority("[invalidauthority"));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid authority: [invalidauthority");
   }
 
   @Test
@@ -128,20 +124,18 @@ public void enableCheckAuthorityFailOverrideInvalidAuthority() {
     NettyChannelBuilder builder = new NettyChannelBuilder(getTestSocketAddress())
         .disableCheckAuthority()
         .enableCheckAuthority();
-
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid authority:");
-    builder.overrideAuthority("[invalidauthority");
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.overrideAuthority("[invalidauthority"));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid authority: [invalidauthority");
   }
 
   @Test
   public void failInvalidAuthority() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid host or port");
-
     @SuppressWarnings("AddressSelection") // We actually expect zero addresses!
-    Object unused =
-        NettyChannelBuilder.forAddress(new InetSocketAddress("invalid_authority", 1234));
+    InetSocketAddress address = new InetSocketAddress("invalid_authority", 1234);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> NettyChannelBuilder.forAddress(address));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid host or port: invalid_authority 1234");
   }
 
   @Test
@@ -155,10 +149,10 @@ public void failIfSslContextIsNotClient() {
     SslContext sslContext = mock(SslContext.class);
     NettyChannelBuilder builder = new NettyChannelBuilder(getTestSocketAddress());
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Server SSL context can not be used for client channel");
-
-    builder.sslContext(sslContext);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.sslContext(sslContext));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Server SSL context can not be used for client channel");
   }
 
   @Test
@@ -166,10 +160,10 @@ public void failNegotiationTypeWithChannelCredentials_target() {
     NettyChannelBuilder builder = NettyChannelBuilder.forTarget(
         "fakeTarget", InsecureChannelCredentials.create());
 
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("Cannot change security when using ChannelCredentials");
-
-    builder.negotiationType(NegotiationType.TLS);
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        () -> builder.negotiationType(NegotiationType.TLS));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Cannot change security when using ChannelCredentials");
   }
 
   @Test
@@ -177,10 +171,10 @@ public void failNegotiationTypeWithChannelCredentials_socketAddress() {
     NettyChannelBuilder builder = NettyChannelBuilder.forAddress(
         getTestSocketAddress(), InsecureChannelCredentials.create());
 
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("Cannot change security when using ChannelCredentials");
-
-    builder.negotiationType(NegotiationType.TLS);
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        () -> builder.negotiationType(NegotiationType.TLS));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Cannot change security when using ChannelCredentials");
   }
 
   @Test
@@ -205,10 +199,9 @@ public void createProtocolNegotiatorByType_plaintextUpgrade() {
 
   @Test
   public void createProtocolNegotiatorByType_tlsWithNoContext() {
-    thrown.expect(NullPointerException.class);
-    NettyChannelBuilder.createProtocolNegotiatorByType(
-        NegotiationType.TLS,
-        noSslContext, null);
+    assertThrows(NullPointerException.class,
+        () -> NettyChannelBuilder.createProtocolNegotiatorByType(
+            NegotiationType.TLS, noSslContext, null));
   }
 
   @Test
@@ -245,38 +238,40 @@ public void createProtocolNegotiatorByType_tlsWithAuthorityFallback() throws SSL
   public void negativeKeepAliveTime() {
     NettyChannelBuilder builder = NettyChannelBuilder.forTarget("fakeTarget");
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("keepalive time must be positive");
-    builder.keepAliveTime(-1L, TimeUnit.HOURS);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.keepAliveTime(-1L, TimeUnit.HOURS));
+    assertThat(e).hasMessageThat().isEqualTo("keepalive time must be positive");
   }
 
   @Test
   public void negativeKeepAliveTimeout() {
     NettyChannelBuilder builder = NettyChannelBuilder.forTarget("fakeTarget");
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("keepalive timeout must be positive");
-    builder.keepAliveTimeout(-1L, TimeUnit.HOURS);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.keepAliveTimeout(-1L, TimeUnit.HOURS));
+    assertThat(e).hasMessageThat().isEqualTo("keepalive timeout must be positive");
   }
 
   @Test
   public void assertEventLoopAndChannelType_onlyGroupProvided() {
     NettyChannelBuilder builder = NettyChannelBuilder.forTarget("fakeTarget");
     builder.eventLoopGroup(mock(EventLoopGroup.class));
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("Both EventLoopGroup and ChannelType should be provided");
 
-    builder.assertEventLoopAndChannelType();
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        builder::assertEventLoopAndChannelType);
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Both EventLoopGroup and ChannelType should be provided or neither should be");
   }
 
   @Test
   public void assertEventLoopAndChannelType_onlyTypeProvided() {
     NettyChannelBuilder builder = NettyChannelBuilder.forTarget("fakeTarget");
     builder.channelType(LocalChannel.class, LocalAddress.class);
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("Both EventLoopGroup and ChannelType should be provided");
 
-    builder.assertEventLoopAndChannelType();
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        builder::assertEventLoopAndChannelType);
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Both EventLoopGroup and ChannelType should be provided or neither should be");
   }
 
   @Test
@@ -288,10 +283,11 @@ public Channel newChannel() {
         return null;
       }
     });
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage("Both EventLoopGroup and ChannelType should be provided");
 
-    builder.assertEventLoopAndChannelType();
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        builder::assertEventLoopAndChannelType);
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Both EventLoopGroup and ChannelType should be provided or neither should be");
   }
 
   @Test
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java b/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
index 48af23b78a8..797cfa95c0e 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
@@ -16,20 +16,19 @@
 
 package io.grpc.netty;
 
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
-import com.google.common.truth.Truth;
 import io.grpc.ServerStreamTracer;
 import io.netty.channel.EventLoopGroup;
 import io.netty.channel.local.LocalServerChannel;
 import io.netty.handler.ssl.SslContext;
 import java.net.InetSocketAddress;
 import java.util.concurrent.TimeUnit;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -39,9 +38,6 @@
 @RunWith(JUnit4.class)
 public class NettyServerBuilderTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
-
   private NettyServerBuilder builder = NettyServerBuilder.forPort(8080);
 
   @Test
@@ -50,7 +46,7 @@ public void addMultipleListenAddresses() {
     NettyServer server =
         builder.buildTransportServers(ImmutableList.<ServerStreamTracer.Factory>of());
 
-    Truth.assertThat(server.getListenSocketAddresses()).hasSize(2);
+    assertThat(server.getListenSocketAddresses()).hasSize(2);
   }
 
   @Test
@@ -63,121 +59,112 @@ public void failIfSslContextIsNotServer() {
     SslContext sslContext = mock(SslContext.class);
     when(sslContext.isClient()).thenReturn(true);
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Client SSL context can not be used for server");
-    builder.sslContext(sslContext);
+    IllegalArgumentException e = assertThrows(
+        IllegalArgumentException.class, () -> builder.sslContext(sslContext));
+    assertThat(e).hasMessageThat().isEqualTo("Client SSL context can not be used for server");
   }
 
   @Test
   public void failIfKeepAliveTimeNegative() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("keepalive time must be positive");
-
-    builder.keepAliveTime(-10L, TimeUnit.HOURS);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.keepAliveTime(-10L, TimeUnit.HOURS));
+    assertThat(e).hasMessageThat().isEqualTo("keepalive time must be positive：-10");
   }
 
   @Test
   public void failIfKeepAliveTimeoutNegative() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("keepalive timeout must be positive");
-
-    builder.keepAliveTimeout(-10L, TimeUnit.HOURS);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.keepAliveTimeout(-10L, TimeUnit.HOURS));
+    assertThat(e).hasMessageThat().isEqualTo("keepalive timeout must be positive: -10");
   }
 
   @Test
   public void failIfMaxConcurrentCallsPerConnectionNegative() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("max must be positive");
-
-    builder.maxConcurrentCallsPerConnection(0);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.maxConcurrentCallsPerConnection(0));
+    assertThat(e).hasMessageThat().isEqualTo("max must be positive: 0");
   }
 
   @Test
   public void failIfMaxInboundMetadataSizeNonPositive() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("maxInboundMetadataSize must be positive");
-
-    builder.maxInboundMetadataSize(0);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.maxInboundMetadataSize(0));
+    assertThat(e).hasMessageThat().isEqualTo("maxInboundMetadataSize must be positive: 0");
   }
 
   @Test
   public void failIfSoftInboundMetadataSizeNonPositive() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("softLimitHeaderListSize must be positive");
-
-    builder.maxInboundMetadataSize(0, 100);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.maxInboundMetadataSize(0, 100));
+    assertThat(e).hasMessageThat().isEqualTo("softLimitHeaderListSize must be positive: 0");
   }
 
   @Test
   public void failIfMaxInboundMetadataSizeSmallerThanSoft() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("must be greater than softLimitHeaderListSize");
-
-    builder.maxInboundMetadataSize(100, 80);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.maxInboundMetadataSize(100, 80));
+    assertThat(e).hasMessageThat().isEqualTo("maxInboundMetadataSize: 80 "
+        + "must be greater than softLimitHeaderListSize: 100");
   }
 
   @Test
   public void failIfMaxConnectionIdleNegative() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("max connection idle must be positive");
-
-    builder.maxConnectionIdle(-1, TimeUnit.HOURS);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.maxConnectionIdle(-1, TimeUnit.HOURS));
+    assertThat(e).hasMessageThat().isEqualTo("max connection idle must be positive: -1");
   }
 
   @Test
   public void failIfMaxConnectionAgeNegative() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("max connection age must be positive");
-
-    builder.maxConnectionAge(-1, TimeUnit.HOURS);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.maxConnectionAge(-1, TimeUnit.HOURS));
+    assertThat(e).hasMessageThat().isEqualTo("max connection age must be positive: -1");
   }
 
   @Test
   public void failIfMaxConnectionAgeGraceNegative() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("max connection age grace must be non-negative");
-
-    builder.maxConnectionAgeGrace(-1, TimeUnit.HOURS);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.maxConnectionAgeGrace(-1, TimeUnit.HOURS));
+    assertThat(e).hasMessageThat().isEqualTo("max connection age grace must be non-negative: -1");
   }
 
   @Test
   public void failIfPermitKeepAliveTimeNegative() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("permit keepalive time must be non-negative");
-
-    builder.permitKeepAliveTime(-1, TimeUnit.HOURS);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.permitKeepAliveTime(-1, TimeUnit.HOURS));
+    assertThat(e).hasMessageThat().isEqualTo("permit keepalive time must be non-negative: -1");
   }
 
   @Test
   public void assertEventLoopsAndChannelType_onlyBossGroupProvided() {
     EventLoopGroup mockEventLoopGroup = mock(EventLoopGroup.class);
     builder.bossEventLoopGroup(mockEventLoopGroup);
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage(
-        "All of BossEventLoopGroup, WorkerEventLoopGroup and ChannelType should be provided");
-
-    builder.assertEventLoopsAndChannelType();
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        builder::assertEventLoopsAndChannelType);
+    assertThat(e).hasMessageThat().isEqualTo(
+        "All of BossEventLoopGroup, WorkerEventLoopGroup and ChannelType should be provided "
+            + "or neither should be");
   }
 
   @Test
   public void assertEventLoopsAndChannelType_onlyWorkerGroupProvided() {
     EventLoopGroup mockEventLoopGroup = mock(EventLoopGroup.class);
     builder.workerEventLoopGroup(mockEventLoopGroup);
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage(
-        "All of BossEventLoopGroup, WorkerEventLoopGroup and ChannelType should be provided");
-
-    builder.assertEventLoopsAndChannelType();
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        builder::assertEventLoopsAndChannelType);
+    assertThat(e).hasMessageThat().isEqualTo(
+        "All of BossEventLoopGroup, WorkerEventLoopGroup and ChannelType should be provided "
+            + "or neither should be");
   }
 
   @Test
   public void assertEventLoopsAndChannelType_onlyTypeProvided() {
     builder.channelType(LocalServerChannel.class);
-    thrown.expect(IllegalStateException.class);
-    thrown.expectMessage(
-        "All of BossEventLoopGroup, WorkerEventLoopGroup and ChannelType should be provided");
-
-    builder.assertEventLoopsAndChannelType();
+    IllegalStateException e = assertThrows(IllegalStateException.class,
+        builder::assertEventLoopsAndChannelType);
+    assertThat(e).hasMessageThat().isEqualTo(
+        "All of BossEventLoopGroup, WorkerEventLoopGroup and ChannelType should be provided "
+            + "or neither should be");
   }
 
   @Test
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 4829bcc7419..638fe960a32 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -24,6 +24,7 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
@@ -146,7 +147,6 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.DisableOnDebug;
-import org.junit.rules.ExpectedException;
 import org.junit.rules.TestRule;
 import org.junit.rules.Timeout;
 import org.junit.runner.RunWith;
@@ -174,8 +174,6 @@ public static void loadCerts() throws Exception {
 
   private static final int TIMEOUT_SECONDS = 60;
   @Rule public final TestRule globalTimeout = new DisableOnDebug(Timeout.seconds(TIMEOUT_SECONDS));
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
 
   private final EventLoopGroup group = new DefaultEventLoop();
   private Channel chan;
@@ -714,11 +712,10 @@ public void handlerAdded(ChannelHandlerContext ctx) throws Exception {
   }
 
   @Test
-  public void tlsHandler_failsOnNullEngine() throws Exception {
-    thrown.expect(NullPointerException.class);
-    thrown.expectMessage("ssl");
-
-    Object unused = ProtocolNegotiators.serverTls(null);
+  public void tlsHandler_failsOnNullEngine() {
+    NullPointerException e = assertThrows(NullPointerException.class,
+        () -> ProtocolNegotiators.serverTls(null));
+    assertThat(e).hasMessageThat().isEqualTo("sslContext");
   }
 
 
@@ -1058,9 +1055,8 @@ public boolean isLoggable(LogRecord record) {
 
   @Test
   public void tls_failsOnNullSslContext() {
-    thrown.expect(NullPointerException.class);
-
-    Object unused = ProtocolNegotiators.tls(null, null);
+    assertThrows(NullPointerException.class,
+        () -> ProtocolNegotiators.tls(null, null));
   }
 
   @Test
@@ -1090,17 +1086,16 @@ public void tls_invalidHost() throws SSLException {
   }
 
   @Test
-  public void httpProxy_nullAddressNpe() throws Exception {
-    thrown.expect(NullPointerException.class);
-    Object unused =
-        ProtocolNegotiators.httpProxy(null, "user", "pass", ProtocolNegotiators.plaintext());
+  public void httpProxy_nullAddressNpe() {
+    assertThrows(NullPointerException.class,
+        () -> ProtocolNegotiators.httpProxy(null, "user", "pass", ProtocolNegotiators.plaintext()));
   }
 
   @Test
-  public void httpProxy_nullNegotiatorNpe() throws Exception {
-    thrown.expect(NullPointerException.class);
-    Object unused = ProtocolNegotiators.httpProxy(
-        InetSocketAddress.createUnresolved("localhost", 80), "user", "pass", null);
+  public void httpProxy_nullNegotiatorNpe() {
+    assertThrows(NullPointerException.class,
+        () -> ProtocolNegotiators.httpProxy(
+            InetSocketAddress.createUnresolved("localhost", 80), "user", "pass", null));
   }
 
   @Test
@@ -1218,9 +1213,8 @@ public void httpProxy_500() throws Exception {
     assertFalse(negotiationFuture.isDone());
     String response = "HTTP/1.1 500 OMG\r\nContent-Length: 4\r\n\r\noops";
     serverContext.writeAndFlush(bb(response, serverContext.channel())).sync();
-    thrown.expect(ProxyConnectException.class);
     try {
-      negotiationFuture.sync();
+      assertThrows(ProxyConnectException.class, negotiationFuture::sync);
     } finally {
       channel.close();
     }
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java
index c86e80656e3..89d37536b70 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java
@@ -22,6 +22,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.mock;
 
 import com.google.common.util.concurrent.SettableFuture;
@@ -57,7 +58,6 @@
 import javax.security.auth.x500.X500Principal;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -67,8 +67,6 @@
 @RunWith(JUnit4.class)
 public class OkHttpChannelBuilderTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
   @Rule public final GrpcCleanupRule grpcCleanupRule = new GrpcCleanupRule();
 
   @Test
@@ -100,10 +98,9 @@ private void overrideAuthorityIsReadableHelper(OkHttpChannelBuilder builder,
   @Test
   public void failOverrideInvalidAuthority() {
     OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("good", 1234);
-
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid authority:");
-    builder.overrideAuthority("[invalidauthority");
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.overrideAuthority("[invalidauthority"));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid authority: [invalidauthority");
   }
 
   @Test
@@ -119,17 +116,16 @@ public void enableCheckAuthorityFailOverrideInvalidAuthority() {
         .disableCheckAuthority()
         .enableCheckAuthority();
 
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid authority:");
-    builder.overrideAuthority("[invalidauthority");
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.overrideAuthority("[invalidauthority"));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid authority: [invalidauthority");
   }
 
   @Test
   public void failInvalidAuthority() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("Invalid host or port");
-
-    OkHttpChannelBuilder.forAddress("invalid_authority", 1234);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> OkHttpChannelBuilder.forAddress("invalid_authority", 1234));
+    assertThat(e.getMessage()).isEqualTo("Invalid host or port: invalid_authority 1234");
   }
 
   @Test
@@ -396,10 +392,10 @@ public ChannelCredentials withoutBearerTokens() {
 
   @Test
   public void failForUsingClearTextSpecDirectly() {
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("plaintext ConnectionSpec is not accepted");
-
-    OkHttpChannelBuilder.forAddress("host", 1234).connectionSpec(ConnectionSpec.CLEARTEXT);
+    OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("host", 1234);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> builder.connectionSpec(ConnectionSpec.CLEARTEXT));
+    assertThat(e).hasMessageThat().isEqualTo("plaintext ConnectionSpec is not accepted");
   }
 
   @Test
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpProtocolNegotiatorTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpProtocolNegotiatorTest.java
index cc9f30862af..4353dc2597b 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpProtocolNegotiatorTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpProtocolNegotiatorTest.java
@@ -16,10 +16,12 @@
 
 package io.grpc.okhttp;
 
+import static com.google.common.truth.Truth.assertThat;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.mock;
@@ -37,9 +39,7 @@
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentMatchers;
@@ -49,9 +49,6 @@
  */
 @RunWith(JUnit4.class)
 public class OkHttpProtocolNegotiatorTest {
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
-
   private final SSLSocket sock = mock(SSLSocket.class);
   private final Platform platform = mock(Platform.class);
 
@@ -118,21 +115,19 @@ public void negotiate_handshakeFails() throws IOException {
     OkHttpProtocolNegotiator negotiator = OkHttpProtocolNegotiator.get();
     doReturn(parameters).when(sock).getSSLParameters();
     doThrow(new IOException()).when(sock).startHandshake();
-    thrown.expect(IOException.class);
-
-    negotiator.negotiate(sock, "hostname", ImmutableList.of(Protocol.HTTP_2));
+    assertThrows(IOException.class,
+        () -> negotiator.negotiate(sock, "hostname", ImmutableList.of(Protocol.HTTP_2)));
   }
 
   @Test
-  public void negotiate_noSelectedProtocol() throws Exception {
+  public void negotiate_noSelectedProtocol() {
     Platform platform = mock(Platform.class);
 
     OkHttpProtocolNegotiator negotiator = new OkHttpProtocolNegotiator(platform);
 
-    thrown.expect(RuntimeException.class);
-    thrown.expectMessage("TLS ALPN negotiation failed");
-
-    negotiator.negotiate(sock, "hostname", ImmutableList.of(Protocol.HTTP_2));
+    RuntimeException e = assertThrows(RuntimeException.class,
+        () -> negotiator.negotiate(sock, "hostname", ImmutableList.of(Protocol.HTTP_2)));
+    assertThat(e).hasMessageThat().isEqualTo("TLS ALPN negotiation failed with protocols: [h2]");
   }
 
   @Test
@@ -150,7 +145,7 @@ public void negotiate_success() throws Exception {
 
   // Checks that the super class is properly invoked.
   @Test
-  public void negotiate_android_handshakeFails() throws Exception {
+  public void negotiate_android_handshakeFails() {
     when(platform.getTlsExtensionType()).thenReturn(TlsExtensionType.ALPN_AND_NPN);
     AndroidNegotiator negotiator = new AndroidNegotiator(platform);
 
@@ -161,10 +156,9 @@ public void startHandshake() throws IOException {
       }
     };
 
-    thrown.expect(IOException.class);
-    thrown.expectMessage("expected");
-
-    negotiator.negotiate(androidSock, "hostname", ImmutableList.of(Protocol.HTTP_2));
+    IOException e = assertThrows(IOException.class,
+        () -> negotiator.negotiate(androidSock, "hostname", ImmutableList.of(Protocol.HTTP_2)));
+    assertThat(e).hasMessageThat().isEqualTo("expected");
   }
 
   @VisibleForTesting
diff --git a/okhttp/src/test/java/io/grpc/okhttp/UtilsTest.java b/okhttp/src/test/java/io/grpc/okhttp/UtilsTest.java
index ede8511ee70..1c97e027b4a 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/UtilsTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/UtilsTest.java
@@ -16,7 +16,9 @@
 
 package io.grpc.okhttp;
 
+import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
 import io.grpc.InternalChannelz.SocketOptions;
@@ -26,9 +28,7 @@
 import java.net.Socket;
 import java.util.List;
 import java.util.Locale;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -38,16 +38,12 @@
 @RunWith(JUnit4.class)
 public class UtilsTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
-
   @Test
   public void convertSpecRejectsPlaintext() {
     com.squareup.okhttp.ConnectionSpec plaintext = com.squareup.okhttp.ConnectionSpec.CLEARTEXT;
-    thrown.expect(IllegalArgumentException.class);
-    thrown.expectMessage("plaintext ConnectionSpec is not accepted");
-    Utils.convertSpec(plaintext);
+    IllegalArgumentException e = assertThrows(IllegalArgumentException.class,
+        () -> Utils.convertSpec(plaintext));
+    assertThat(e).hasMessageThat().isEqualTo("plaintext ConnectionSpec is not accepted");
   }
 
   @Test
diff --git a/protobuf-lite/src/test/java/io/grpc/protobuf/lite/ProtoLiteUtilsTest.java b/protobuf-lite/src/test/java/io/grpc/protobuf/lite/ProtoLiteUtilsTest.java
index 5c25cb3b309..204264b016d 100644
--- a/protobuf-lite/src/test/java/io/grpc/protobuf/lite/ProtoLiteUtilsTest.java
+++ b/protobuf-lite/src/test/java/io/grpc/protobuf/lite/ProtoLiteUtilsTest.java
@@ -16,6 +16,7 @@
 
 package io.grpc.protobuf.lite;
 
+import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
@@ -43,9 +44,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -53,9 +52,6 @@
 @RunWith(JUnit4.class)
 public class ProtoLiteUtilsTest {
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
-
   private final Marshaller<Type> marshaller = ProtoLiteUtils.marshaller(Type.getDefaultInstance());
   private Type proto = Type.newBuilder().setName("name").build();
 
@@ -214,10 +210,9 @@ public void metadataMarshaller_invalid() {
 
   @Test
   public void extensionRegistry_notNull() {
-    thrown.expect(NullPointerException.class);
-    thrown.expectMessage("newRegistry");
-
-    ProtoLiteUtils.setExtensionRegistry(null);
+    NullPointerException e = assertThrows(NullPointerException.class,
+        () -> ProtoLiteUtils.setExtensionRegistry(null));
+    assertThat(e).hasMessageThat().isEqualTo("newRegistry");
   }
 
   @Test
diff --git a/testing/src/test/java/io/grpc/testing/GrpcCleanupRuleTest.java b/testing/src/test/java/io/grpc/testing/GrpcCleanupRuleTest.java
index a5a6783d53f..8eb3edd3825 100644
--- a/testing/src/test/java/io/grpc/testing/GrpcCleanupRuleTest.java
+++ b/testing/src/test/java/io/grpc/testing/GrpcCleanupRuleTest.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
@@ -35,9 +36,7 @@
 import io.grpc.internal.FakeClock;
 import io.grpc.testing.GrpcCleanupRule.Resource;
 import java.util.concurrent.TimeUnit;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.junit.runners.model.MultipleFailureException;
@@ -51,10 +50,6 @@
 public class GrpcCleanupRuleTest {
   public static final FakeClock fakeClock = new FakeClock();
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public ExpectedException thrown = ExpectedException.none();
-
   @Test
   public void registerChannelReturnSameChannel() {
     ManagedChannel channel = mock(ManagedChannel.class);
@@ -72,10 +67,9 @@ public void registerNullChannelThrowsNpe() {
     ManagedChannel channel = null;
     GrpcCleanupRule grpcCleanup = new GrpcCleanupRule();
 
-    thrown.expect(NullPointerException.class);
-    thrown.expectMessage("channel");
-
-    grpcCleanup.register(channel);
+    NullPointerException e = assertThrows(NullPointerException.class,
+        () -> grpcCleanup.register(channel));
+    assertThat(e).hasMessageThat().isEqualTo("channel");
   }
 
   @Test
@@ -83,10 +77,9 @@ public void registerNullServerThrowsNpe() {
     Server server = null;
     GrpcCleanupRule grpcCleanup = new GrpcCleanupRule();
 
-    thrown.expect(NullPointerException.class);
-    thrown.expectMessage("server");
-
-    grpcCleanup.register(server);
+    NullPointerException e = assertThrows(NullPointerException.class,
+        () -> grpcCleanup.register(server));
+    assertThat(e).hasMessageThat().isEqualTo("server");
   }
 
   @Test
diff --git a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
index 843e16194c5..8f87dab5da6 100644
--- a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
@@ -21,6 +21,7 @@
 import static io.grpc.ConnectivityState.IDLE;
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
+import static org.junit.Assert.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.inOrder;
@@ -53,9 +54,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
@@ -68,10 +67,6 @@
 public class GracefulSwitchLoadBalancerTest {
   private static final Object FAKE_CONFIG = new Object();
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
-
   private final Map<LoadBalancerProvider, LoadBalancer> balancers = new HashMap<>();
   private final Map<LoadBalancer, Helper> helpers = new HashMap<>();
   private final Helper mockHelper = mock(Helper.class);
@@ -102,8 +97,8 @@ public void handleSubchannelState_shouldThrow() {
         .build()));
     Subchannel subchannel = mock(Subchannel.class);
     ConnectivityStateInfo connectivityStateInfo = ConnectivityStateInfo.forNonError(READY);
-    thrown.expect(UnsupportedOperationException.class);
-    gracefulSwitchLb.handleSubchannelState(subchannel, connectivityStateInfo);
+    assertThrows(UnsupportedOperationException.class,
+        () -> gracefulSwitchLb.handleSubchannelState(subchannel, connectivityStateInfo));
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
index 192d88177eb..3f93cc6f191 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyNoInteractions;
@@ -40,10 +41,9 @@
 import java.util.List;
 import java.util.Map;
 import org.junit.After;
+import org.junit.Assert;
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -53,9 +53,6 @@ public class GrpcBootstrapperImplTest {
 
   private static final String BOOTSTRAP_FILE_PATH = "/fake/fs/path/bootstrap.json";
   private static final String SERVER_URI = "trafficdirector.googleapis.com:443";
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
 
   private final GrpcBootstrapperImpl bootstrapper = new GrpcBootstrapperImpl();
   private String originalBootstrapPathFromEnvVar;
@@ -236,7 +233,7 @@ public void parseBootstrap_IgnoreIrrelevantFields() throws XdsInitializationExce
   }
 
   @Test
-  public void parseBootstrap_missingServerChannelCreds() throws XdsInitializationException {
+  public void parseBootstrap_missingServerChannelCreds() {
     String rawData = "{\n"
         + "  \"xds_servers\": [\n"
         + "    {\n"
@@ -246,13 +243,14 @@ public void parseBootstrap_missingServerChannelCreds() throws XdsInitializationE
         + "}";
 
     bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
-    thrown.expect(XdsInitializationException.class);
-    thrown.expectMessage("Invalid bootstrap: server " + SERVER_URI + " 'channel_creds' required");
-    bootstrapper.bootstrap();
+    XdsInitializationException e = Assert.assertThrows(XdsInitializationException.class,
+        bootstrapper::bootstrap);
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Invalid bootstrap: server " + SERVER_URI + " 'channel_creds' required");
   }
 
   @Test
-  public void parseBootstrap_unsupportedServerChannelCreds() throws XdsInitializationException {
+  public void parseBootstrap_unsupportedServerChannelCreds() {
     String rawData = "{\n"
         + "  \"xds_servers\": [\n"
         + "    {\n"
@@ -265,9 +263,10 @@ public void parseBootstrap_unsupportedServerChannelCreds() throws XdsInitializat
         + "}";
 
     bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
-    thrown.expect(XdsInitializationException.class);
-    thrown.expectMessage("Server " + SERVER_URI + ": no supported channel credentials found");
-    bootstrapper.bootstrap();
+    XdsInitializationException e = assertThrows(XdsInitializationException.class,
+        bootstrapper::bootstrap);
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Server " + SERVER_URI + ": no supported channel credentials found");
   }
 
   @Test
@@ -294,7 +293,7 @@ public void parseBootstrap_useFirstSupportedChannelCredentials()
   }
 
   @Test
-  public void parseBootstrap_noXdsServers() throws XdsInitializationException {
+  public void parseBootstrap_noXdsServers() {
     String rawData = "{\n"
         + "  \"node\": {\n"
         + "    \"id\": \"ENVOY_NODE_ID\",\n"
@@ -312,9 +311,10 @@ public void parseBootstrap_noXdsServers() throws XdsInitializationException {
         + "}";
 
     bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
-    thrown.expect(XdsInitializationException.class);
-    thrown.expectMessage("Invalid bootstrap: 'xds_servers' does not exist.");
-    bootstrapper.bootstrap();
+    XdsInitializationException e = assertThrows(XdsInitializationException.class,
+        bootstrapper::bootstrap);
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Invalid bootstrap: 'xds_servers' does not exist.");
   }
 
   @Test
@@ -343,8 +343,9 @@ public void parseBootstrap_serverWithoutServerUri() throws XdsInitializationExce
         + "}";
 
     bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
-    thrown.expectMessage("Invalid bootstrap: missing 'server_uri'");
-    bootstrapper.bootstrap();
+    XdsInitializationException e = assertThrows(XdsInitializationException.class,
+        bootstrapper::bootstrap);
+    assertThat(e).hasMessageThat().isEqualTo("Invalid bootstrap: missing 'server_uri'");
   }
 
   @Test
@@ -870,7 +871,7 @@ public void parseAuthorities() throws Exception {
   }
 
   @Test
-  public void badFederationConfig() throws Exception {
+  public void badFederationConfig() {
     String rawData = "{\n"
         + "  \"authorities\": {\n"
         + "    \"a.com\": {\n"
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 48d78e8555e..e129e2644e9 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -20,6 +20,7 @@
 import static io.envoyproxy.envoy.config.route.v3.RouteAction.ClusterSpecifierCase.CLUSTER_SPECIFIER_PLUGIN;
 import static io.grpc.xds.XdsClusterResource.TRANSPORT_SOCKET_NAME_HTTP11_PROXY;
 import static io.grpc.xds.XdsEndpointResource.GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.fail;
 
 import com.github.udpa.udpa.type.v1.TypedStruct;
@@ -154,9 +155,7 @@
 import java.util.concurrent.TimeUnit;
 import org.junit.After;
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -173,9 +172,6 @@ public class GrpcXdsClientImplDataTest {
   private static final String GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE =
       "GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE";
 
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
   private final FilterRegistry filterRegistry = FilterRegistry.getDefaultRegistry();
   private boolean originalEnableRouteLookup;
   private boolean originalEnableLeastRequest;
@@ -1572,11 +1568,12 @@ public void parseHttpConnectionManager_xffNumTrustedHopsUnsupported()
       throws ResourceInvalidException {
     @SuppressWarnings("deprecation")
     HttpConnectionManager hcm = HttpConnectionManager.newBuilder().setXffNumTrustedHops(2).build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("HttpConnectionManager with xff_num_trusted_hops unsupported");
-    XdsListenerResource.parseHttpConnectionManager(
-        hcm, filterRegistry,
-        true /* does not matter */, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class,
+        () -> XdsListenerResource.parseHttpConnectionManager(
+            hcm, filterRegistry,
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("HttpConnectionManager with xff_num_trusted_hops unsupported");
   }
 
   @Test
@@ -1586,12 +1583,13 @@ public void parseHttpConnectionManager_OriginalIpDetectionExtensionsMustEmpty()
     HttpConnectionManager hcm = HttpConnectionManager.newBuilder()
         .addOriginalIpDetectionExtensions(TypedExtensionConfig.newBuilder().build())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("HttpConnectionManager with original_ip_detection_extensions unsupported");
-    XdsListenerResource.parseHttpConnectionManager(
-        hcm, filterRegistry, false, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
+            hcm, filterRegistry, false, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("HttpConnectionManager with original_ip_detection_extensions unsupported");
   }
-  
+
   @Test
   public void parseHttpConnectionManager_missingRdsAndInlinedRouteConfiguration()
       throws ResourceInvalidException {
@@ -1604,11 +1602,12 @@ public void parseHttpConnectionManager_missingRdsAndInlinedRouteConfiguration()
                 HttpFilter.newBuilder().setName("terminal").setTypedConfig(
                     Any.pack(Router.newBuilder().build())).setIsOptional(true))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("HttpConnectionManager neither has inlined route_config nor RDS");
-    XdsListenerResource.parseHttpConnectionManager(
-        hcm, filterRegistry,
-        true /* does not matter */, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
+            hcm, filterRegistry,
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("HttpConnectionManager neither has inlined route_config nor RDS");
   }
 
   @Test
@@ -1623,11 +1622,12 @@ public void parseHttpConnectionManager_duplicateHttpFilters() throws ResourceInv
                 HttpFilter.newBuilder().setName("terminal").setTypedConfig(
                         Any.pack(Router.newBuilder().build())).setIsOptional(true))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("HttpConnectionManager contains duplicate HttpFilter: envoy.filter.foo");
-    XdsListenerResource.parseHttpConnectionManager(
-        hcm, filterRegistry,
-        true /* does not matter */, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
+            hcm, filterRegistry,
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("HttpConnectionManager contains duplicate HttpFilter: envoy.filter.foo");
   }
 
   @Test
@@ -1641,11 +1641,12 @@ public void parseHttpConnectionManager_lastNotTerminal() throws ResourceInvalidE
                 HttpFilter.newBuilder().setName("envoy.filter.bar").setIsOptional(true)
                     .setTypedConfig(Any.pack(HTTPFault.newBuilder().build())))
                     .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("The last HttpFilter must be a terminal filter: envoy.filter.bar");
-    XdsListenerResource.parseHttpConnectionManager(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
             hcm, filterRegistry,
-            true /* does not matter */, getXdsResourceTypeArgs(true));
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("The last HttpFilter must be a terminal filter: envoy.filter.bar");
   }
 
   @Test
@@ -1659,11 +1660,12 @@ public void parseHttpConnectionManager_terminalNotLast() throws ResourceInvalidE
                     .addHttpFilters(
                             HttpFilter.newBuilder().setName("envoy.filter.foo").setIsOptional(true))
                     .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("A terminal HttpFilter must be the last filter: terminal");
-    XdsListenerResource.parseHttpConnectionManager(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
             hcm, filterRegistry,
-            true, getXdsResourceTypeArgs(true));
+            true, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("A terminal HttpFilter must be the last filter: terminal");
   }
 
   @Test
@@ -1675,11 +1677,12 @@ public void parseHttpConnectionManager_unknownFilters() throws ResourceInvalidEx
                     .addHttpFilters(
                             HttpFilter.newBuilder().setName("envoy.filter.bar").setIsOptional(true))
                     .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("The last HttpFilter must be a terminal filter: envoy.filter.bar");
-    XdsListenerResource.parseHttpConnectionManager(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
             hcm, filterRegistry,
-            true /* does not matter */, getXdsResourceTypeArgs(true));
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("The last HttpFilter must be a terminal filter: envoy.filter.bar");
   }
 
   @Test
@@ -1687,11 +1690,12 @@ public void parseHttpConnectionManager_emptyFilters() throws ResourceInvalidExce
     HttpConnectionManager hcm =
             HttpConnectionManager.newBuilder()
                     .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("Missing HttpFilter in HttpConnectionManager.");
-    XdsListenerResource.parseHttpConnectionManager(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
             hcm, filterRegistry,
-            true /* does not matter */, getXdsResourceTypeArgs(true));
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Missing HttpFilter in HttpConnectionManager.");
   }
 
   @Test
@@ -1815,12 +1819,12 @@ public void parseHttpConnectionManager_duplicatePluginName() throws Exception {
                     Any.pack(Router.newBuilder().build())).setIsOptional(true))
             .build();
 
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("Multiple ClusterSpecifierPlugins with the same name: rls-plugin-1");
-
-    XdsListenerResource.parseHttpConnectionManager(
-        hcm, filterRegistry,
-        true /* does not matter */, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
+            hcm, filterRegistry,
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Multiple ClusterSpecifierPlugins with the same name: rls-plugin-1");
   }
 
   @Test
@@ -1867,12 +1871,12 @@ public void parseHttpConnectionManager_pluginNameNotFound() throws Exception {
                     Any.pack(Router.newBuilder().build())).setIsOptional(true))
             .build();
 
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("ClusterSpecifierPlugin for [invalid-plugin-name] not found");
-
-    XdsListenerResource.parseHttpConnectionManager(
-        hcm, filterRegistry,
-        true /* does not matter */, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
+            hcm, filterRegistry,
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .contains("ClusterSpecifierPlugin for [invalid-plugin-name] not found");
   }
 
 
@@ -2001,12 +2005,12 @@ public void parseHttpConnectionManager_validateRdsConfigSource() throws Exceptio
                 HttpFilter.newBuilder().setName("terminal").setTypedConfig(
                     Any.pack(Router.newBuilder().build())).setIsOptional(true))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseHttpConnectionManager(
+            hcm3, filterRegistry,
+            true /* does not matter */, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat().isEqualTo(
         "HttpConnectionManager contains invalid RDS: must specify ADS or self ConfigSource");
-    XdsListenerResource.parseHttpConnectionManager(
-        hcm3, filterRegistry,
-        true /* does not matter */, getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2096,11 +2100,10 @@ public void parseClusterSpecifierPlugin_unregisteredPlugin() throws Exception {
                 .setTypedConfig(Any.pack(StringValue.of("unregistered"))))
             .build();
 
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsRouteConfigureResource.parseClusterSpecifierPlugin(pluginProto, registry));
+    assertThat(e).hasMessageThat().isEqualTo(
         "Unsupported ClusterSpecifierPlugin type: type.googleapis.com/google.protobuf.StringValue");
-
-    XdsRouteConfigureResource.parseClusterSpecifierPlugin(pluginProto, registry);
   }
 
   @Test
@@ -2297,11 +2300,11 @@ public void parseCluster_transportSocketMatches_exception() throws ResourceInval
             Cluster.TransportSocketMatch.newBuilder().setName("match1").build())
         .build();
 
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.processCluster(cluster, null, LRS_SERVER_INFO,
+            LoadBalancerRegistry.getDefaultRegistry()));
+    assertThat(e).hasMessageThat().isEqualTo(
         "Cluster cluster-foo.googleapis.com: transport-socket-matches not supported.");
-    XdsClusterResource.processCluster(cluster, null, LRS_SERVER_INFO,
-        LoadBalancerRegistry.getDefaultRegistry());
   }
 
   @Test
@@ -2346,12 +2349,12 @@ public void parseCluster_validateEdsSourceConfig() throws ResourceInvalidExcepti
         .setLbPolicy(LbPolicy.ROUND_ROBIN)
         .build();
 
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.processCluster(cluster3, null, LRS_SERVER_INFO,
+            LoadBalancerRegistry.getDefaultRegistry()));
+    assertThat(e).hasMessageThat().isEqualTo(
         "Cluster cluster-foo.googleapis.com: field eds_cluster_config must be set to indicate to"
             + " use EDS over ADS or self ConfigSource");
-    XdsClusterResource.processCluster(cluster3, null, LRS_SERVER_INFO,
-        LoadBalancerRegistry.getDefaultRegistry());
   }
 
   @Test
@@ -2620,10 +2623,11 @@ public void parseServerSideListener_invalidTrafficDirection() throws ResourceInv
             .setName("listener1")
             .setTrafficDirection(TrafficDirection.OUTBOUND)
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("Listener listener1 with invalid traffic direction: OUTBOUND");
-    XdsListenerResource.parseServerSideListener(
-        listener, null, filterRegistry, null, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseServerSideListener(
+            listener, null, filterRegistry, null, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Listener listener1 with invalid traffic direction: OUTBOUND");
   }
 
   @Test
@@ -2644,10 +2648,11 @@ public void parseServerSideListener_listenerFiltersPresent() throws ResourceInva
             .setTrafficDirection(TrafficDirection.INBOUND)
             .addListenerFilters(ListenerFilter.newBuilder().build())
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("Listener listener1 cannot have listener_filters");
-    XdsListenerResource.parseServerSideListener(
-        listener, null, filterRegistry, null, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseServerSideListener(listener, null, filterRegistry, null,
+            getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Listener listener1 cannot have listener_filters");
   }
 
   @Test
@@ -2658,10 +2663,11 @@ public void parseServerSideListener_useOriginalDst() throws ResourceInvalidExcep
             .setTrafficDirection(TrafficDirection.INBOUND)
             .setUseOriginalDst(BoolValue.of(true))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("Listener listener1 cannot have use_original_dst set to true");
-    XdsListenerResource.parseServerSideListener(
-        listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseServerSideListener(listener, null, filterRegistry, null,
+            getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Listener listener1 cannot have use_original_dst set to true");
   }
 
   @Test
@@ -2674,11 +2680,10 @@ public void parseServerSideListener_emptyAddress() throws ResourceInvalidExcepti
                 .setSocketAddress(
                     SocketAddress.newBuilder()))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("Invalid address: Empty address is not allowed.");
-
-    XdsListenerResource.parseServerSideListener(
-        listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseServerSideListener(
+            listener, null, filterRegistry, null, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat().isEqualTo("Invalid address: Empty address is not allowed.");
   }
 
   @Test
@@ -2692,11 +2697,10 @@ public void parseServerSideListener_namedPort() throws ResourceInvalidException
                     SocketAddress.newBuilder()
                         .setAddress("172.14.14.5").setNamedPort("")))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("NAMED_PORT is not supported in gRPC.");
-
-    XdsListenerResource.parseServerSideListener(
-        listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseServerSideListener(
+            listener, null, filterRegistry, null, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat().isEqualTo("NAMED_PORT is not supported in gRPC.");
   }
 
   @Test
@@ -2742,10 +2746,11 @@ public void parseServerSideListener_nonUniqueFilterChainMatch() throws ResourceI
             .setTrafficDirection(TrafficDirection.INBOUND)
             .addAllFilterChains(Arrays.asList(filterChain1, filterChain2))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("FilterChainMatch must be unique. Found duplicate:");
-    XdsListenerResource.parseServerSideListener(
-        listener, null, filterRegistry, null, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseServerSideListener(
+            listener, null, filterRegistry, null, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .startsWith("FilterChainMatch must be unique. Found duplicate:");
   }
 
   @Test
@@ -2791,10 +2796,11 @@ public void parseServerSideListener_nonUniqueFilterChainMatch_sameFilter()
             .setTrafficDirection(TrafficDirection.INBOUND)
             .addAllFilterChains(Arrays.asList(filterChain1, filterChain2))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("FilterChainMatch must be unique. Found duplicate:");
-    XdsListenerResource.parseServerSideListener(
-        listener,null, filterRegistry, null, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseServerSideListener(
+            listener, null, filterRegistry, null, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .startsWith("FilterChainMatch must be unique. Found duplicate:");
   }
 
   @Test
@@ -2854,12 +2860,12 @@ public void parseFilterChain_noHcm() throws ResourceInvalidException {
             .setFilterChainMatch(FilterChainMatch.getDefaultInstance())
             .setTransportSocket(TransportSocket.getDefaultInstance())
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseFilterChain(
+            filterChain, "filter-chain-foo", null, filterRegistry, null, null,
+            getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat().isEqualTo(
         "FilterChain filter-chain-foo should contain exact one HttpConnectionManager filter");
-    XdsListenerResource.parseFilterChain(
-        filterChain, "filter-chain-foo", null, filterRegistry, null, null,
-        getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2873,12 +2879,12 @@ public void parseFilterChain_duplicateFilter() throws ResourceInvalidException {
             .setTransportSocket(TransportSocket.getDefaultInstance())
             .addAllFilters(Arrays.asList(filter, filter))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseFilterChain(
+            filterChain, "filter-chain-foo", null, filterRegistry, null, null,
+            getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat().isEqualTo(
         "FilterChain filter-chain-foo should contain exact one HttpConnectionManager filter");
-    XdsListenerResource.parseFilterChain(
-        filterChain, "filter-chain-foo", null, filterRegistry, null, null,
-        getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2891,13 +2897,13 @@ public void parseFilterChain_filterMissingTypedConfig() throws ResourceInvalidEx
             .setTransportSocket(TransportSocket.getDefaultInstance())
             .addFilters(filter)
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseFilterChain(
+            filterChain, "filter-chain-foo", null, filterRegistry, null, null,
+            getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat().isEqualTo(
         "FilterChain filter-chain-foo contains filter envoy.http_connection_manager "
             + "without typed_config");
-    XdsListenerResource.parseFilterChain(
-        filterChain, "filter-chain-foo", null, filterRegistry, null, null,
-        getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2914,13 +2920,13 @@ public void parseFilterChain_unsupportedFilter() throws ResourceInvalidException
             .setTransportSocket(TransportSocket.getDefaultInstance())
             .addFilters(filter)
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseFilterChain(
+            filterChain, "filter-chain-foo", null, filterRegistry, null, null,
+            getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat().isEqualTo(
         "FilterChain filter-chain-foo contains filter unsupported with unsupported "
             + "typed_config type unsupported-type-url");
-    XdsListenerResource.parseFilterChain(
-        filterChain, "filter-chain-foo", null, filterRegistry, null, null,
-        getXdsResourceTypeArgs(true));
   }
 
   @Test
@@ -2996,53 +3002,55 @@ public void parseFilterChain_duplicateName() throws ResourceInvalidException {
             .setTrafficDirection(TrafficDirection.INBOUND)
             .addAllFilterChains(Arrays.asList(filterChain0, filterChain1))
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("Filter chain names must be unique. Found duplicate: filter_chain");
-    XdsListenerResource.parseServerSideListener(
-        listenerProto, null, filterRegistry, null, getXdsResourceTypeArgs(true));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsListenerResource.parseServerSideListener(
+            listenerProto, null, filterRegistry, null, getXdsResourceTypeArgs(true)));
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Filter chain names must be unique. Found duplicate: filter_chain");
   }
 
   @Test
-  public void validateCommonTlsContext_tlsParams() throws ResourceInvalidException {
+  public void validateCommonTlsContext_tlsParams() {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
             .setTlsParams(TlsParameters.getDefaultInstance())
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("common-tls-context with tls_params is not supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false));
+    assertThat(e).hasMessageThat().isEqualTo("common-tls-context with tls_params is not supported");
   }
 
   @Test
-  public void validateCommonTlsContext_customHandshaker() throws ResourceInvalidException {
+  public void validateCommonTlsContext_customHandshaker() {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
             .setCustomHandshaker(TypedExtensionConfig.getDefaultInstance())
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("common-tls-context with custom_handshaker is not supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "common-tls-context with custom_handshaker is not supported");
   }
 
   @Test
-  public void validateCommonTlsContext_validationContext() throws ResourceInvalidException {
+  public void validateCommonTlsContext_validationContext() {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
             .setValidationContext(CertificateValidationContext.getDefaultInstance())
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("ca_certificate_provider_instance or system_root_certs is required "
-        + "in upstream-tls-context");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "ca_certificate_provider_instance or system_root_certs is required "
+            + "in upstream-tls-context");
   }
 
   @Test
-  public void validateCommonTlsContext_validationContextSdsSecretConfig()
-      throws ResourceInvalidException {
+  public void validateCommonTlsContext_validationContextSdsSecretConfig() {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .setValidationContextSdsSecretConfig(SdsSecretConfig.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false));
+    assertThat(e).hasMessageThat().isEqualTo(
         "common-tls-context with validation_context_sds_secret_config is not supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
   }
 
   @Test
@@ -3050,10 +3058,10 @@ public void validateCommonTlsContext_tlsCertificateProviderInstance_isRequiredFo
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, true));
+    assertThat(e).hasMessageThat().isEqualTo(
         "tls_certificate_provider_instance is required in downstream-tls-context");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, true);
   }
 
   @Test
@@ -3085,11 +3093,11 @@ public void validateCommonTlsContext_tlsCertificateProviderInstance_absentInBoot
         .setTlsCertificateProviderInstance(
             CertificateProviderPluginInstance.newBuilder().setInstanceName("bad-name"))
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext,
+            ImmutableSet.of("name1", "name2"), true));
+    assertThat(e).hasMessageThat().isEqualTo(
         "CertificateProvider instance name 'bad-name' not defined in the bootstrap file.");
-    XdsClusterResource
-        .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("name1", "name2"), true);
   }
 
   @Test
@@ -3197,11 +3205,11 @@ public void validateCommonTlsContext_validationContextProviderInstance_absentInB
                 .setCaCertificateProviderInstance(CertificateProviderPluginInstance.newBuilder()
                   .setInstanceName("bad-name"))))
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext,
+            ImmutableSet.of("name1", "name2"), false));
+    assertThat(e).hasMessageThat().isEqualTo(
         "ca_certificate_provider_instance name 'bad-name' not defined in the bootstrap file.");
-    XdsClusterResource
-        .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("name1", "name2"), false);
   }
 
 
@@ -3210,9 +3218,9 @@ public void validateCommonTlsContext_tlsCertificatesCount() throws ResourceInval
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
             .addTlsCertificates(TlsCertificate.getDefaultInstance())
             .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("tls_certificate_provider_instance is unset");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false));
+    assertThat(e).hasMessageThat().isEqualTo("tls_certificate_provider_instance is unset");
   }
 
   @Test
@@ -3221,10 +3229,10 @@ public void validateCommonTlsContext_tlsCertificateSdsSecretConfigsCount()
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .addTlsCertificateSdsSecretConfigs(SdsSecretConfig.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false));
+    assertThat(e).hasMessageThat().isEqualTo(
         "tls_certificate_provider_instance is unset");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
   }
 
   @Test
@@ -3232,10 +3240,11 @@ public void validateCommonTlsContext_combinedValidationContext_isRequiredForClie
       throws ResourceInvalidException {
     CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("ca_certificate_provider_instance or system_root_certs is required "
-        + "in upstream-tls-context");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "ca_certificate_provider_instance or system_root_certs is required "
+            + "in upstream-tls-context");
   }
 
   @Test
@@ -3245,11 +3254,11 @@ public void validateCommonTlsContext_combinedValidationContextWithoutCertProvide
         .setCombinedValidationContext(
             CommonTlsContext.CombinedCertificateValidationContext.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false));
+    assertThat(e).hasMessageThat().isEqualTo(
         "ca_certificate_provider_instance or system_root_certs is required in "
             + "upstream-tls-context");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, null, false);
   }
 
   @Test
@@ -3267,9 +3276,10 @@ public void validateCommonTlsContext_combinedValContextWithDefaultValContextForS
         .setTlsCertificateProviderInstance(
             CertificateProviderPluginInstance.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("match_subject_alt_names only allowed in upstream_tls_context");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), true);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), true));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "match_subject_alt_names only allowed in upstream_tls_context");
   }
 
   @Test
@@ -3284,10 +3294,10 @@ public void validateCommonTlsContext_combinedValContextWithDefaultValContextVeri
                     .addVerifyCertificateSpki("foo")))
         .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("verify_certificate_spki in default_validation_context is not "
-        + "supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "verify_certificate_spki in default_validation_context is not supported");
   }
 
   @Test
@@ -3302,10 +3312,10 @@ public void validateCommonTlsContext_combinedValContextWithDefaultValContextVeri
                     .addVerifyCertificateHash("foo")))
         .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("verify_certificate_hash in default_validation_context is not "
-        + "supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "verify_certificate_hash in default_validation_context is not supported");
   }
 
   @Test
@@ -3321,11 +3331,11 @@ public void validateCommonTlsContext_combinedValContextDfltValContextRequireSign
         .setTlsCertificateProviderInstance(
             CertificateProviderPluginInstance.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false));
+    assertThat(e).hasMessageThat().isEqualTo(
         "require_signed_certificate_timestamp in default_validation_context is not "
             + "supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false);
   }
 
   @Test
@@ -3340,9 +3350,9 @@ public void validateCommonTlsContext_combinedValidationContextWithDefaultValidat
                     .setCrl(DataSource.getDefaultInstance())))
         .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("crl in default_validation_context is not supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false));
+    assertThat(e).hasMessageThat().isEqualTo("crl in default_validation_context is not supported");
   }
 
   @Test
@@ -3357,18 +3367,19 @@ public void validateCommonTlsContext_combinedValContextWithDfltValContextCustomV
                     .setCustomValidatorConfig(TypedExtensionConfig.getDefaultInstance())))
         .setTlsCertificateProviderInstance(CertificateProviderPluginInstance.getDefaultInstance())
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("custom_validator_config in default_validation_context is not "
-        + "supported");
-    XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsClusterResource.validateCommonTlsContext(commonTlsContext, ImmutableSet.of(""), false));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "custom_validator_config in default_validation_context is not supported");
   }
 
   @Test
   public void validateDownstreamTlsContext_noCommonTlsContext() throws ResourceInvalidException {
     DownstreamTlsContext downstreamTlsContext = DownstreamTlsContext.getDefaultInstance();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("common-tls-context is required in downstream-tls-context");
-    XdsListenerResource.validateDownstreamTlsContext(downstreamTlsContext, null);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsListenerResource.validateDownstreamTlsContext(downstreamTlsContext, null));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "common-tls-context is required in downstream-tls-context");
   }
 
   @Test
@@ -3385,9 +3396,11 @@ public void validateDownstreamTlsContext_hasRequireSni() throws ResourceInvalidE
         .setCommonTlsContext(commonTlsContext)
         .setRequireSni(BoolValue.of(true))
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("downstream-tls-context with require-sni is not supported");
-    XdsListenerResource.validateDownstreamTlsContext(downstreamTlsContext, ImmutableSet.of(""));
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsListenerResource.validateDownstreamTlsContext(downstreamTlsContext,
+            ImmutableSet.of("")));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "downstream-tls-context with require-sni is not supported");
   }
 
   @Test
@@ -3404,18 +3417,20 @@ public void validateDownstreamTlsContext_hasOcspStaplePolicy() throws ResourceIn
         .setCommonTlsContext(commonTlsContext)
         .setOcspStaplePolicy(DownstreamTlsContext.OcspStaplePolicy.STRICT_STAPLING)
         .build();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage(
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+        XdsListenerResource.validateDownstreamTlsContext(downstreamTlsContext,
+            ImmutableSet.of("")));
+    assertThat(e).hasMessageThat().isEqualTo(
         "downstream-tls-context with ocsp_staple_policy value STRICT_STAPLING is not supported");
-    XdsListenerResource.validateDownstreamTlsContext(downstreamTlsContext, ImmutableSet.of(""));
   }
 
   @Test
   public void validateUpstreamTlsContext_noCommonTlsContext() throws ResourceInvalidException {
     UpstreamTlsContext upstreamTlsContext = UpstreamTlsContext.getDefaultInstance();
-    thrown.expect(ResourceInvalidException.class);
-    thrown.expectMessage("common-tls-context is required in upstream-tls-context");
-    XdsClusterResource.validateUpstreamTlsContext(upstreamTlsContext, null);
+    ResourceInvalidException e = assertThrows(ResourceInvalidException.class, () ->
+            XdsClusterResource.validateUpstreamTlsContext(upstreamTlsContext, null));
+    assertThat(e).hasMessageThat().isEqualTo(
+        "common-tls-context is required in upstream-tls-context");
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerProviderTest.java b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerProviderTest.java
index 9f0b5f9578e..37ea24b2aa9 100644
--- a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerProviderTest.java
@@ -16,6 +16,7 @@
 
 package io.grpc.xds;
 
+import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.mock;
 
 import com.google.common.collect.ImmutableList;
@@ -26,17 +27,13 @@
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
 import java.util.List;
 import java.util.Map;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
 /** Tests for {@link PriorityLoadBalancerProvider}. */
 @RunWith(JUnit4.class)
 public class PriorityLoadBalancerProviderTest {
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule public final ExpectedException thrown = ExpectedException.none();
 
   @SuppressWarnings("ExpectedExceptionChecker")
   @Test
@@ -48,8 +45,8 @@ public void priorityLbConfig_emptyPriorities() {
                 newChildConfig(mock(LoadBalancerProvider.class), null), true));
     List<String> priorities = ImmutableList.of();
 
-    thrown.expect(IllegalArgumentException.class);
-    new PriorityLbConfig(childConfigs, priorities);
+    assertThrows(IllegalArgumentException.class,
+        () -> new PriorityLbConfig(childConfigs, priorities));
   }
 
   @SuppressWarnings("ExpectedExceptionChecker")
@@ -62,8 +59,8 @@ public void priorityLbConfig_missingChildConfig() {
                 newChildConfig(mock(LoadBalancerProvider.class), null), true));
     List<String> priorities = ImmutableList.of("p0", "p1");
 
-    thrown.expect(IllegalArgumentException.class);
-    new PriorityLbConfig(childConfigs, priorities);
+    assertThrows(IllegalArgumentException.class,
+        () -> new PriorityLbConfig(childConfigs, priorities));
   }
 
   private Object newChildConfig(LoadBalancerProvider provider, Object config) {
diff --git a/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java b/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
index 86e4fc83a8c..24f1750d5a8 100644
--- a/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
@@ -19,6 +19,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.Metadata.ASCII_STRING_MARSHALLER;
+import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
@@ -50,7 +51,6 @@
 import java.util.concurrent.TimeUnit;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.Mock;
@@ -64,9 +64,6 @@ public class SharedXdsClientPoolProviderTest {
   private static final String SERVER_URI = "trafficdirector.googleapis.com";
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
   private final Node node = Node.newBuilder().setId("SharedXdsClientPoolProviderTest").build();
   private final MetricRecorder metricRecorder = new MetricRecorder() {};
   private static final String DUMMY_TARGET = "dummy";
@@ -83,9 +80,9 @@ public void noServer() throws XdsInitializationException {
         BootstrapInfo.builder().servers(Collections.<ServerInfo>emptyList()).node(node).build();
     when(bootstrapper.bootstrap()).thenReturn(bootstrapInfo);
     SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
-    thrown.expect(XdsInitializationException.class);
-    thrown.expectMessage("No xDS server provided");
-    provider.getOrCreate(DUMMY_TARGET, metricRecorder);
+    XdsInitializationException e = assertThrows(XdsInitializationException.class,
+        () -> provider.getOrCreate(DUMMY_TARGET, metricRecorder));
+    assertThat(e).hasMessageThat().isEqualTo("No xDS server provided");
     assertThat(provider.get(DUMMY_TARGET)).isNull();
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/WeightedRandomPickerTest.java b/xds/src/test/java/io/grpc/xds/WeightedRandomPickerTest.java
index d6240fb09bb..691615762bf 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedRandomPickerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedRandomPickerTest.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.mock;
 
 import io.grpc.LoadBalancer.PickResult;
@@ -30,7 +31,6 @@
 import java.util.List;
 import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.Mock;
@@ -42,9 +42,6 @@
  */
 @RunWith(JUnit4.class)
 public class WeightedRandomPickerTest {
-  @SuppressWarnings("deprecation") // https://github.com/grpc/grpc-java/issues/7467
-  @Rule
-  public final ExpectedException thrown = ExpectedException.none();
 
   @Rule
   public final MockitoRule mockitoRule = MockitoJUnit.rule();
@@ -128,20 +125,18 @@ public long nextLong(long bound) {
   public void emptyList() {
     List<WeightedChildPicker> emptyList = new ArrayList<>();
 
-    thrown.expect(IllegalArgumentException.class);
-    new WeightedRandomPicker(emptyList);
+    assertThrows(IllegalArgumentException.class, () -> new WeightedRandomPicker(emptyList));
   }
 
   @Test
   public void negativeWeight() {
-    thrown.expect(IllegalArgumentException.class);
-    new WeightedChildPicker(-1, childPicker0);
+    assertThrows(IllegalArgumentException.class, () -> new WeightedChildPicker(-1, childPicker0));
   }
 
   @Test
   public void overWeightSingle() {
-    thrown.expect(IllegalArgumentException.class);
-    new WeightedChildPicker(Integer.MAX_VALUE * 3L, childPicker0);
+    assertThrows(IllegalArgumentException.class,
+        () -> new WeightedChildPicker(Integer.MAX_VALUE * 3L, childPicker0));
   }
 
   @Test
@@ -152,8 +147,8 @@ public void overWeightAggregate() {
         new WeightedChildPicker(Integer.MAX_VALUE, childPicker1),
         new WeightedChildPicker(10, childPicker2));
 
-    thrown.expect(IllegalArgumentException.class);
-    new WeightedRandomPicker(weightedChildPickers, fakeRandom);
+    assertThrows(IllegalArgumentException.class,
+        () -> new WeightedRandomPicker(weightedChildPickers, fakeRandom));
   }
 
   @Test

From 142e378cea0aa90aae36fec55f90c30ede95f965 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 30 May 2025 09:00:27 -0700
Subject: [PATCH 272/591] xds: Improve shutdown handling of XdsDepManager

The most important change here is to handle subscribeToCluster() calls
after shutdown(), and preventing the internal state from being heavily
confused as the assumption is there are no watchers after shutdown().

ClusterSubscription.closed isn't strictly necessary, but I don't want
the code to depend on double-deregistration being safe.
maybePublishConfig() isn't being called after shutdown(), but adding the
protection avoids a class of bugs that would cause channel panic.
---
 .../io/grpc/xds/XdsDependencyManager.java     | 29 ++++++++++++++-----
 .../io/grpc/xds/XdsDependencyManagerTest.java | 16 ++++++++++
 2 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index d804954ecf9..1ba4963186e 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -93,13 +93,15 @@ public static String toContextStr(String typeName, String resourceName) {
 
   @Override
   public Closeable subscribeToCluster(String clusterName) {
-
     checkNotNull(clusterName, "clusterName");
     ClusterSubscription subscription = new ClusterSubscription(clusterName);
 
     syncContext.execute(() -> {
+      if (getWatchers(XdsListenerResource.getInstance()).isEmpty()) {
+        subscription.closed = true;
+        return; // shutdown() called
+      }
       addClusterWatcher(clusterName, subscription, 1);
-      maybePublishConfig();
     });
 
     return subscription;
@@ -207,10 +209,14 @@ private void releaseSubscription(ClusterSubscription subscription) {
     checkNotNull(subscription, "subscription");
     String clusterName = subscription.getClusterName();
     syncContext.execute(() -> {
+      if (subscription.closed) {
+        return;
+      }
+      subscription.closed = true;
       XdsWatcherBase<?> cdsWatcher =
           resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(clusterName);
       if (cdsWatcher == null) {
-        return; // already released while waiting for the syncContext
+        return; // shutdown() called
       }
       cancelClusterWatcherTree((CdsWatcher) cdsWatcher, subscription);
       maybePublishConfig();
@@ -257,6 +263,9 @@ private void cancelClusterWatcherTree(CdsWatcher root, Object parentContext) {
    */
   private void maybePublishConfig() {
     syncContext.throwIfNotInThisSynchronizationContext();
+    if (getWatchers(XdsListenerResource.getInstance()).isEmpty()) {
+      return; // shutdown() called
+    }
     boolean waitingOnResource = resourceWatchers.values().stream()
         .flatMap(typeWatchers -> typeWatchers.watchers.values().stream())
         .anyMatch(XdsWatcherBase::missingResult);
@@ -293,6 +302,11 @@ StatusOr<XdsConfig> buildUpdate() {
       routeSource = ((LdsWatcher) ldsWatcher).getRouteSource();
     }
 
+    if (routeSource == null) {
+      return StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
+          "Bug: No route source found for listener " + dataPlaneAuthority));
+    }
+
     StatusOr<RdsUpdate> statusOrRdsUpdate = routeSource.getRdsUpdate();
     if (!statusOrRdsUpdate.hasValue()) {
       return StatusOr.fromStatus(statusOrRdsUpdate.getStatus());
@@ -557,14 +571,15 @@ public interface XdsConfigWatcher {
     void onUpdate(StatusOr<XdsConfig> config);
   }
 
-  private class ClusterSubscription implements Closeable {
-    String clusterName;
+  private final class ClusterSubscription implements Closeable {
+    private final String clusterName;
+    boolean closed; // Accessed from syncContext
 
     public ClusterSubscription(String clusterName) {
-      this.clusterName = clusterName;
+      this.clusterName = checkNotNull(clusterName, "clusterName");
     }
 
-    public String getClusterName() {
+    String getClusterName() {
       return clusterName;
     }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index 1f3d8511ecc..8a24d21f77a 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -848,6 +848,22 @@ public void edsUpdateAfterShutdown() {
     });
   }
 
+  @Test
+  public void subscribeToClusterAfterShutdown() throws Exception {
+    XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
+        ENDPOINT_HOSTNAME, ENDPOINT_PORT);
+
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    inOrder.verify(xdsConfigWatcher).onUpdate(any());
+    xdsDependencyManager.shutdown();
+
+    Closeable subscription = xdsDependencyManager.subscribeToCluster("CDS");
+    inOrder.verify(xdsConfigWatcher, never()).onUpdate(any());
+    subscription.close();
+  }
+
   private Listener buildInlineClientListener(String rdsName, String clusterName) {
     return XdsTestUtils.buildInlineClientListener(rdsName, clusterName, serverName);
   }

From 8044a56ad2d6b3256ca72c21c10261ad77544ffb Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sun, 1 Jun 2025 23:55:27 -0700
Subject: [PATCH 273/591] xds: Remove timeouts from XdsDepManagerTest (#12114)

The tests are using FakeClock and inprocess transport with direct executor, so all operations should run in the test thread.
---
 .../io/grpc/xds/XdsDependencyManagerTest.java | 80 +++++++++----------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index 8a24d21f77a..542471e2734 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -36,7 +36,7 @@
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.timeout;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
 import com.google.common.collect.ImmutableMap;
@@ -196,7 +196,7 @@ public void verify_basic_config() {
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
 
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
+    verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
     testWatcher.verifyStats(1, 0);
   }
 
@@ -206,13 +206,13 @@ public void verify_config_update() {
         serverName, serverName, nameResolverArgs, scheduler);
 
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
+    inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
     testWatcher.verifyStats(1, 0);
     assertThat(testWatcher.lastConfig).isEqualTo(defaultXdsConfig);
 
     XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS2", "CDS2", "EDS2",
         ENDPOINT_HOSTNAME + "2", ENDPOINT_PORT + 2);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(ArgumentMatchers.notNull());
+    inOrder.verify(xdsConfigWatcher).onUpdate(ArgumentMatchers.notNull());
     testWatcher.verifyStats(2, 0);
     assertThat(testWatcher.lastConfig).isNotEqualTo(defaultXdsConfig);
   }
@@ -222,7 +222,7 @@ public void verify_simple_aggregate() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
+    inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
     String rootName = "root_c";
@@ -233,7 +233,7 @@ public void verify_simple_aggregate() {
         ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
 
     XdsTestUtils.setAggregateCdsConfig(controlPlaneService, serverName, rootName, childNames);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+    inOrder.verify(xdsConfigWatcher).onUpdate(any());
 
     Map<String, StatusOr<XdsClusterConfig>> lastConfigClusters =
         testWatcher.lastConfig.getClusters();
@@ -281,13 +281,13 @@ public void testComplexRegisteredAggregate() throws IOException {
 
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+    inOrder.verify(xdsConfigWatcher).onUpdate(any());
 
     Closeable subscription1 = xdsDependencyManager.subscribeToCluster(rootName1);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+    inOrder.verify(xdsConfigWatcher).onUpdate(any());
 
     Closeable subscription2 = xdsDependencyManager.subscribeToCluster(rootName2);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     testWatcher.verifyStats(3, 0);
     ImmutableSet.Builder<String> builder = ImmutableSet.builder();
     Set<String> expectedClusters = builder.add(rootName1).add(rootName2).add(CLUSTER_NAME)
@@ -297,7 +297,7 @@ public void testComplexRegisteredAggregate() throws IOException {
 
     // Close 1 subscription shouldn't affect the other or RDS subscriptions
     subscription1.close();
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     builder = ImmutableSet.builder();
     Set<String> expectedClusters2 =
         builder.add(rootName2).add(CLUSTER_NAME).addAll(childNames2).build();
@@ -305,7 +305,7 @@ public void testComplexRegisteredAggregate() throws IOException {
         .isEqualTo(expectedClusters2);
 
     subscription2.close();
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
+    inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
   }
 
   @Test
@@ -313,7 +313,7 @@ public void testDelayedSubscription() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
+    inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     String rootName1 = "root_c";
 
@@ -362,7 +362,7 @@ public void testMissingCdsAndEds() {
         serverName, serverName, nameResolverArgs, scheduler);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
 
     List<StatusOr<XdsClusterConfig>> returnedClusters = new ArrayList<>();
     for (String childName : childNames) {
@@ -395,7 +395,7 @@ public void testMissingLds() {
         serverName, ldsName, nameResolverArgs, scheduler);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(
+    verify(xdsConfigWatcher).onUpdate(
         argThat(StatusOrMatcher.hasStatus(statusHasCode(Status.Code.UNAVAILABLE)
             .andDescriptionContains(ldsName))));
 
@@ -411,7 +411,7 @@ public void testTcpListenerErrors() {
         serverName, serverName, nameResolverArgs, scheduler);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(
+    verify(xdsConfigWatcher).onUpdate(
         argThat(StatusOrMatcher.hasStatus(
             statusHasCode(Status.Code.UNAVAILABLE).andDescriptionContains("Not an API listener"))));
 
@@ -429,7 +429,7 @@ public void testMissingRds() {
         serverName, serverName, nameResolverArgs, scheduler);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(
+    verify(xdsConfigWatcher).onUpdate(
         argThat(StatusOrMatcher.hasStatus(statusHasCode(Status.Code.UNAVAILABLE)
             .andDescriptionContains(rdsName))));
 
@@ -446,7 +446,7 @@ public void testUpdateToMissingVirtualHost() {
         serverName, serverName, nameResolverArgs, scheduler);
 
     // Update with a config that has a virtual host that doesn't match the server name
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     assertThat(xdsUpdateCaptor.getValue().getStatus().getDescription())
         .contains("Failed to find virtual host matching hostname: " + serverName);
 
@@ -461,7 +461,7 @@ public void testCorruptLds() {
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, ldsResourceName, nameResolverArgs, scheduler);
 
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(
+    verify(xdsConfigWatcher).onUpdate(
         argThat(StatusOrMatcher.hasStatus(
             statusHasCode(Status.Code.UNAVAILABLE).andDescriptionContains(ldsResourceName))));
 
@@ -474,14 +474,14 @@ public void testChangeRdsName_fromLds() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(StatusOr.fromValue(defaultXdsConfig));
+    inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     String newRdsName = "newRdsName1";
 
     Listener clientListener = buildInlineClientListener(newRdsName, CLUSTER_NAME);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
         ImmutableMap.of(serverName, clientListener));
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     assertThat(xdsUpdateCaptor.getValue().getValue()).isNotEqualTo(defaultXdsConfig);
     assertThat(xdsUpdateCaptor.getValue().getValue().getVirtualHost().name()).isEqualTo(newRdsName);
   }
@@ -530,7 +530,7 @@ public void testMultipleParentsInCdsTree() throws IOException {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     XdsConfig initialConfig = xdsUpdateCaptor.getValue().getValue();
 
     // Make sure that adding subscriptions that rds points at doesn't change the config
@@ -551,12 +551,12 @@ public void testMultipleParentsInCdsTree() throws IOException {
         XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "clusterA11");
     controlPlaneService.setXdsConfig(
         ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, newRouteConfig));
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     assertThat(xdsUpdateCaptor.getValue().getValue().getClusters().keySet().size()).isEqualTo(4);
 
     // Now that it is released, we should only have A11
     rootSub.close();
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     assertThat(xdsUpdateCaptor.getValue().getValue().getClusters().keySet())
         .containsExactly("clusterA11");
   }
@@ -591,7 +591,7 @@ public void testMultipleCdsReferToSameEds() {
     // Start the actual test
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     XdsConfig initialConfig = xdsUpdateCaptor.getValue().getValue();
     assertThat(initialConfig.getClusters().keySet())
         .containsExactly("root", "clusterA", "clusterB");
@@ -643,7 +643,7 @@ public void testChangeRdsName_FromLds_complexTree() {
     Listener clientListener = buildInlineClientListener(newRdsName, "root");
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
         ImmutableMap.of(serverName, clientListener));
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     XdsConfig config = xdsUpdateCaptor.getValue().getValue();
     assertThat(config.getVirtualHost().name()).isEqualTo(newRdsName);
     assertThat(config.getClusters().size()).isEqualTo(4);
@@ -655,7 +655,7 @@ public void testChangeAggCluster() {
 
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+    inOrder.verify(xdsConfigWatcher).onUpdate(any());
 
     // Setup initial config A -> A1 -> (A11, A12)
     Cluster rootCluster =
@@ -699,7 +699,7 @@ public void testChangeAggCluster() {
     // Verify that the config is updated as expected
     ClusterNameMatcher nameMatcher
         = new ClusterNameMatcher(Arrays.asList("root", "clusterA21", "clusterA22"));
-    inOrder.verify(xdsConfigWatcher, timeout(1000)).onUpdate(argThat(nameMatcher));
+    inOrder.verify(xdsConfigWatcher).onUpdate(argThat(nameMatcher));
   }
 
   @Test
@@ -710,7 +710,7 @@ public void testCdsError() throws IOException {
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
 
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(xdsUpdateCaptor.capture());
+    verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     Status status = xdsUpdateCaptor.getValue().getValue()
         .getClusters().get(CLUSTER_NAME).getStatus();
     assertThat(status.getDescription()).contains(XdsTestUtils.CLUSTER_NAME);
@@ -724,7 +724,7 @@ public void ldsUpdateAfterShutdown() {
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
 
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+    verify(xdsConfigWatcher).onUpdate(any());
 
     @SuppressWarnings("unchecked")
     XdsClient.ResourceWatcher<XdsListenerResource.LdsUpdate> resourceWatcher =
@@ -734,7 +734,7 @@ public void ldsUpdateAfterShutdown() {
         serverName,
         resourceWatcher,
         MoreExecutors.directExecutor());
-    verify(resourceWatcher, timeout(5000)).onChanged(any());
+    verify(resourceWatcher).onChanged(any());
 
     syncContext.execute(() -> {
       // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
@@ -743,7 +743,7 @@ public void ldsUpdateAfterShutdown() {
 
       XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS2", "CDS", "EDS",
           ENDPOINT_HOSTNAME, ENDPOINT_PORT);
-      verify(resourceWatcher, timeout(5000).times(2)).onChanged(any());
+      verify(resourceWatcher, times(2)).onChanged(any());
       xdsClient.cancelXdsResourceWatch(
           XdsListenerResource.getInstance(), serverName, resourceWatcher);
     });
@@ -757,7 +757,7 @@ public void rdsUpdateAfterShutdown() {
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
 
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+    verify(xdsConfigWatcher).onUpdate(any());
 
     @SuppressWarnings("unchecked")
     XdsClient.ResourceWatcher<XdsRouteConfigureResource.RdsUpdate> resourceWatcher =
@@ -767,7 +767,7 @@ public void rdsUpdateAfterShutdown() {
         "RDS",
         resourceWatcher,
         MoreExecutors.directExecutor());
-    verify(resourceWatcher, timeout(5000)).onChanged(any());
+    verify(resourceWatcher).onChanged(any());
 
     syncContext.execute(() -> {
       // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
@@ -776,7 +776,7 @@ public void rdsUpdateAfterShutdown() {
 
       XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS2", "EDS",
           ENDPOINT_HOSTNAME, ENDPOINT_PORT);
-      verify(resourceWatcher, timeout(5000).times(2)).onChanged(any());
+      verify(resourceWatcher, times(2)).onChanged(any());
       xdsClient.cancelXdsResourceWatch(
           XdsRouteConfigureResource.getInstance(), serverName, resourceWatcher);
     });
@@ -790,7 +790,7 @@ public void cdsUpdateAfterShutdown() {
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
 
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+    verify(xdsConfigWatcher).onUpdate(any());
 
     @SuppressWarnings("unchecked")
     XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> resourceWatcher =
@@ -800,7 +800,7 @@ public void cdsUpdateAfterShutdown() {
         "CDS",
         resourceWatcher,
         MoreExecutors.directExecutor());
-    verify(resourceWatcher, timeout(5000)).onChanged(any());
+    verify(resourceWatcher).onChanged(any());
 
     syncContext.execute(() -> {
       // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
@@ -809,7 +809,7 @@ public void cdsUpdateAfterShutdown() {
 
       XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS2",
           ENDPOINT_HOSTNAME, ENDPOINT_PORT);
-      verify(resourceWatcher, timeout(5000).times(2)).onChanged(any());
+      verify(resourceWatcher, times(2)).onChanged(any());
       xdsClient.cancelXdsResourceWatch(
           XdsClusterResource.getInstance(), serverName, resourceWatcher);
     });
@@ -823,7 +823,7 @@ public void edsUpdateAfterShutdown() {
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
 
-    verify(xdsConfigWatcher, timeout(1000)).onUpdate(any());
+    verify(xdsConfigWatcher).onUpdate(any());
 
     @SuppressWarnings("unchecked")
     XdsClient.ResourceWatcher<XdsEndpointResource.EdsUpdate> resourceWatcher =
@@ -833,7 +833,7 @@ public void edsUpdateAfterShutdown() {
         "EDS",
         resourceWatcher,
         MoreExecutors.directExecutor());
-    verify(resourceWatcher, timeout(5000)).onChanged(any());
+    verify(resourceWatcher).onChanged(any());
 
     syncContext.execute(() -> {
       // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
@@ -842,7 +842,7 @@ public void edsUpdateAfterShutdown() {
 
       XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
           ENDPOINT_HOSTNAME + "2", ENDPOINT_PORT);
-      verify(resourceWatcher, timeout(5000).times(2)).onChanged(any());
+      verify(resourceWatcher, times(2)).onChanged(any());
       xdsClient.cancelXdsResourceWatch(
           XdsEndpointResource.getInstance(), serverName, resourceWatcher);
     });

From 379fbaa380422c24ba0ce6e2f012fe90b33027d8 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Mon, 2 Jun 2025 15:37:11 +0530
Subject: [PATCH 274/591] Update README etc to reference 1.73.0 (#12108)

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 30e26bc9955..012eab498e6 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.72.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.72.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.73.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.73.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.72.0</version>
+  <version>1.73.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.72.0</version>
+  <version>1.73.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.72.0</version>
+  <version>1.73.0</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.72.0'
-implementation 'io.grpc:grpc-protobuf:1.72.0'
-implementation 'io.grpc:grpc-stub:1.72.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.73.0'
+implementation 'io.grpc:grpc-protobuf:1.73.0'
+implementation 'io.grpc:grpc-stub:1.73.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.72.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.72.0'
-implementation 'io.grpc:grpc-stub:1.72.0'
+implementation 'io.grpc:grpc-okhttp:1.73.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.73.0'
+implementation 'io.grpc:grpc-stub:1.73.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.72.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.73.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://oss.sonatype.org/content/repositories/snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.72.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.73.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.72.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0'
     }
   }
   generateProtoTasks {

From 6bad6005924d0e665adcd959109f8b7ad45c3a7c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 2 Jun 2025 06:42:31 -0700
Subject: [PATCH 275/591] xds: Use getWatchers more often in XdsDepManager

This provides better type and missing-map handling. Note that
getWatchers() now implicitly creates the map if it doesn't exist,
instead of just returning an empty map. That makes it a bit easier to
use and more importantly avoids accidents where a bug tries to modify
the immutable map.
---
 .../io/grpc/xds/XdsDependencyManager.java     | 73 +++++++------------
 1 file changed, 25 insertions(+), 48 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 1ba4963186e..0c3e110119c 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -112,14 +112,7 @@ private <T extends ResourceUpdate> void addWatcher(XdsWatcherBase<T> watcher) {
     XdsResourceType<T> type = watcher.type;
     String resourceName = watcher.resourceName;
 
-    @SuppressWarnings("unchecked")
-    TypeWatchers<T> typeWatchers = (TypeWatchers<T>)resourceWatchers.get(type);
-    if (typeWatchers == null) {
-      typeWatchers = new TypeWatchers<>(type);
-      resourceWatchers.put(type, typeWatchers);
-    }
-
-    typeWatchers.add(resourceName, watcher);
+    getWatchers(type).put(resourceName, watcher);
     xdsClient.watchXdsResource(type, resourceName, watcher, syncContext);
   }
 
@@ -158,16 +151,12 @@ private <T extends ResourceUpdate> void cancelWatcher(XdsWatcherBase<T> watcher)
     XdsResourceType<T> type = watcher.type;
     String resourceName = watcher.resourceName;
 
-    @SuppressWarnings("unchecked")
-    TypeWatchers<T> typeWatchers = (TypeWatchers<T>)resourceWatchers.get(type);
-    if (typeWatchers == null) {
-      logger.log(DEBUG, "Trying to cancel watcher {0}, but type not watched", watcher);
+    if (getWatchers(type).remove(resourceName) == null) {
+      logger.log(DEBUG, "Trying to cancel watcher {0}, but it isn't watched", watcher);
       return;
     }
 
-    typeWatchers.watchers.remove(resourceName);
     xdsClient.cancelXdsResourceWatch(type, resourceName, watcher);
-
   }
 
   private static void throwIfParentContextsNotEmpty(XdsWatcherBase<?> watcher) {
@@ -213,8 +202,8 @@ private void releaseSubscription(ClusterSubscription subscription) {
         return;
       }
       subscription.closed = true;
-      XdsWatcherBase<?> cdsWatcher =
-          resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(clusterName);
+      XdsWatcherBase<XdsClusterResource.CdsUpdate> cdsWatcher
+          = getWatchers(CLUSTER_RESOURCE).get(clusterName);
       if (cdsWatcher == null) {
         return; // shutdown() called
       }
@@ -236,14 +225,12 @@ private void cancelClusterWatcherTree(CdsWatcher root, Object parentContext) {
     switch (cdsUpdate.clusterType()) {
       case EDS:
         String edsServiceName = root.getEdsServiceName();
-        EdsWatcher edsWatcher =
-            (EdsWatcher) resourceWatchers.get(ENDPOINT_RESOURCE).watchers.get(edsServiceName);
+        EdsWatcher edsWatcher = (EdsWatcher) getWatchers(ENDPOINT_RESOURCE).get(edsServiceName);
         cancelEdsWatcher(edsWatcher, root);
         break;
       case AGGREGATE:
         for (String cluster : cdsUpdate.prioritizedClusterNames()) {
-          CdsWatcher clusterWatcher =
-              (CdsWatcher) resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(cluster);
+          CdsWatcher clusterWatcher = (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(cluster);
           if (clusterWatcher != null) {
             cancelClusterWatcherTree(clusterWatcher, root);
           }
@@ -348,7 +335,8 @@ private <T extends ResourceUpdate> Map<String, XdsWatcherBase<T>> getWatchers(
       XdsResourceType<T> resourceType) {
     TypeWatchers<?> typeWatchers = resourceWatchers.get(resourceType);
     if (typeWatchers == null) {
-      return Collections.emptyMap();
+      typeWatchers = new TypeWatchers<T>(resourceType);
+      resourceWatchers.put(resourceType, typeWatchers);
     }
     assert typeWatchers.resourceType == resourceType;
     @SuppressWarnings("unchecked")
@@ -470,25 +458,22 @@ public String toString() {
 
   // Returns true if the watcher was added, false if it already exists
   private boolean addEdsWatcher(String edsServiceName, CdsWatcher parentContext) {
-    TypeWatchers<?> typeWatchers = resourceWatchers.get(XdsEndpointResource.getInstance());
-    if (typeWatchers == null || !typeWatchers.watchers.containsKey(edsServiceName)) {
-      addWatcher(new EdsWatcher(edsServiceName, parentContext));
-      return true;
+    EdsWatcher watcher
+        = (EdsWatcher) getWatchers(XdsEndpointResource.getInstance()).get(edsServiceName);
+    if (watcher != null) {
+      watcher.addParentContext(parentContext); // Is a set, so don't need to check for existence
+      return false;
     }
 
-    EdsWatcher watcher = (EdsWatcher) typeWatchers.watchers.get(edsServiceName);
-    watcher.addParentContext(parentContext); // Is a set, so don't need to check for existence
-    return false;
+    addWatcher(new EdsWatcher(edsServiceName, parentContext));
+    return true;
   }
 
   private void addClusterWatcher(String clusterName, Object parentContext, int depth) {
-    TypeWatchers<?> clusterWatchers = resourceWatchers.get(CLUSTER_RESOURCE);
-    if (clusterWatchers != null) {
-      CdsWatcher watcher = (CdsWatcher) clusterWatchers.watchers.get(clusterName);
-      if (watcher != null) {
-        watcher.parentContexts.put(parentContext, depth);
-        return;
-      }
+    CdsWatcher watcher = (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(clusterName);
+    if (watcher != null) {
+      watcher.parentContexts.put(parentContext, depth);
+      return;
     }
 
     addWatcher(new CdsWatcher(clusterName, parentContext, depth));
@@ -546,7 +531,7 @@ private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHos
   }
 
   private CdsWatcher getCluster(String clusterName) {
-    return (CdsWatcher) resourceWatchers.get(CLUSTER_RESOURCE).watchers.get(clusterName);
+    return (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(clusterName);
   }
 
   private static class TypeWatchers<T extends ResourceUpdate> {
@@ -557,10 +542,6 @@ private static class TypeWatchers<T extends ResourceUpdate> {
     TypeWatchers(XdsResourceType<T> resourceType) {
       this.resourceType = resourceType;
     }
-
-    public void add(String resourceName, XdsWatcherBase<T> watcher) {
-      watchers.put(resourceName, watcher);
-    }
   }
 
   public interface XdsConfigWatcher {
@@ -738,11 +719,11 @@ private void cleanUpRdsWatcher() {
         logger.log(XdsLogger.XdsLogLevel.DEBUG, "Stop watching RDS resource {0}", rdsName);
 
         // Cleanup clusters (as appropriate) that had the old rds watcher as a parent
-        if (!oldRdsWatcher.hasDataValue() || resourceWatchers.get(CLUSTER_RESOURCE) == null) {
+        if (!oldRdsWatcher.hasDataValue()) {
           return;
         }
-        for (XdsWatcherBase<?> watcher :
-            resourceWatchers.get(CLUSTER_RESOURCE).watchers.values()) {
+        for (XdsWatcherBase<XdsClusterResource.CdsUpdate> watcher :
+            getWatchers(CLUSTER_RESOURCE).values()) {
           cancelCdsWatcher((CdsWatcher) watcher, oldRdsWatcher);
         }
       }
@@ -752,11 +733,7 @@ private RdsWatcher getRdsWatcher() {
       if (rdsName == null) {
         return null;
       }
-      TypeWatchers<?> watchers = resourceWatchers.get(XdsRouteConfigureResource.getInstance());
-      if (watchers == null) {
-        return null;
-      }
-      return (RdsWatcher) watchers.watchers.get(rdsName);
+      return (RdsWatcher) getWatchers(XdsRouteConfigureResource.getInstance()).get(rdsName);
     }
 
     public RdsUpdateSupplier getRouteSource() {

From 48d08e643eb872647990f6881abe8e5d00b0a307 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 2 Jun 2025 23:22:38 -0700
Subject: [PATCH 276/591] xds: Remove EDS maybePublishConfig() avoidance in
 XdsDepManager (#12121)

The optimization makes the code more complicated. Yes, we know that
maybePublishConfig() will do no work because of an outstanding watch,
but we don't do this for other new watchers created and doing so would
just make the code more bug-prone. This removes a difference in how
different watcher types are handled.
---
 .../io/grpc/xds/XdsDependencyManager.java     | 20 ++++---------------
 1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 0c3e110119c..d786e525c0c 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -456,17 +456,15 @@ public String toString() {
     return logId.toString();
   }
 
-  // Returns true if the watcher was added, false if it already exists
-  private boolean addEdsWatcher(String edsServiceName, CdsWatcher parentContext) {
+  private void addEdsWatcher(String edsServiceName, CdsWatcher parentContext) {
     EdsWatcher watcher
         = (EdsWatcher) getWatchers(XdsEndpointResource.getInstance()).get(edsServiceName);
     if (watcher != null) {
       watcher.addParentContext(parentContext); // Is a set, so don't need to check for existence
-      return false;
+      return;
     }
 
     addWatcher(new EdsWatcher(edsServiceName, parentContext));
-    return true;
   }
 
   private void addClusterWatcher(String clusterName, Object parentContext, int depth) {
@@ -823,13 +821,10 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
       switch (update.clusterType()) {
         case EDS:
           setData(update);
-          if (!addEdsWatcher(getEdsServiceName(), this))  {
-            maybePublishConfig();
-          }
+          addEdsWatcher(getEdsServiceName(), this);
           break;
         case LOGICAL_DNS:
           setData(update);
-          maybePublishConfig();
           // no eds needed
           break;
         case AGGREGATE:
@@ -856,27 +851,20 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
               setData(update);
               Set<String> addedClusters = Sets.difference(newNames, oldNames);
               addedClusters.forEach((cluster) -> addClusterWatcher(cluster, parentContext, depth));
-
-              if (addedClusters.isEmpty()) {
-                maybePublishConfig();
-              }
-            } else { // data was set to error status above
-              maybePublishConfig();
             }
 
           } else if (depth <= MAX_CLUSTER_RECURSION_DEPTH) {
             setData(update);
             update.prioritizedClusterNames()
                 .forEach(name -> addClusterWatcher(name, parentContext, depth));
-            maybePublishConfig();
           }
           break;
         default:
           Status error = Status.UNAVAILABLE.withDescription(
               "aggregate cluster graph exceeds max depth at " + resourceName() + nodeInfo());
           setDataAsStatus(error);
-          maybePublishConfig();
       }
+      maybePublishConfig();
     }
 
     public String getEdsServiceName() {

From efe9ccc22caf88dfa1746e8edb840748e00cbaa4 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 2 Jun 2025 23:32:02 -0700
Subject: [PATCH 277/591] xds: Non-SOTW resources need onError() callbacks, too
 (#12122)

SOTW is unique in that it can become absent after being found. But if we
NACK when initially loading the resource, we don't want to delay, depend
on the resource timeout, and then give a poor error.

This was noticed while adding the EDS restriction that address is not a
hostname and some tests started hanging instead of failing quickly.
---
 .../main/java/io/grpc/xds/client/XdsClientImpl.java   | 11 +++++------
 .../java/io/grpc/xds/GrpcXdsClientImplTestBase.java   |  2 ++
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 4de8ead7c0a..2b25d4db977 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -592,12 +592,6 @@ private <T extends ResourceUpdate> void handleResourceUpdate(
         subscriber.onRejected(args.versionInfo, updateTime, errorDetail);
       }
 
-      // Nothing else to do for incremental ADS resources.
-      if (!xdsResourceType.isFullStateOfTheWorld()) {
-        continue;
-      }
-
-      // Handle State of the World ADS: invalid resources.
       if (invalidResources.contains(resourceName)) {
         // The resource is missing. Reuse the cached resource if possible.
         if (subscriber.data == null) {
@@ -607,6 +601,11 @@ private <T extends ResourceUpdate> void handleResourceUpdate(
         continue;
       }
 
+      // Nothing else to do for incremental ADS resources.
+      if (!xdsResourceType.isFullStateOfTheWorld()) {
+        continue;
+      }
+
       // For State of the World services, notify watchers when their watched resource is missing
       // from the ADS update. Note that we can only do this if the resource update is coming from
       // the same xDS server that the ResourceSubscriber is subscribed to.
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 369763a21b7..006440be6c1 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -3270,6 +3270,8 @@ public void edsDuplicateLocalityInTheSamePriority() {
         + "locality:Locality{region=region2, zone=zone2, subZone=subzone2} for priority:1";
     call.verifyRequestNack(EDS, EDS_RESOURCE, "", "0001", NODE, ImmutableList.of(
         errorMsg));
+    verify(edsResourceWatcher).onError(errorCaptor.capture());
+    assertThat(errorCaptor.getValue().getDescription()).contains(errorMsg);
   }
 
   @Test

From 482dc5c1c3c7ff94f96d1d2d7edc1fe3b166630e Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 5 Jun 2025 03:07:49 -0700
Subject: [PATCH 278/591] xds: Don't allow hostnames in address field (#12123)

* xds: Don't allow hostnames in address field

gRFC A27 specifies they must be IPv4 or IPv6 addresses. Certainly doing
a DNS lookup hidden inside the config object is asking for trouble.

The tests were accidentally doing a lot of failing DNS requests greatly
slowing them down. On my desktop, which made the problem most obvious
with five search paths in /etc/resolv.conf, :grpc-xds:test decreased
from 66s to 29s. The majority of that is XdsDependencyManagerTest which
went from 33s to .1s, as it generated a UUID for the in-process
transport each test and then used it as a hostname, which defeated
Java's DNS (negative) cache. The slowness was noticed because
XdsDependencyManagerTest should have run quickly as a single thread
without I/O, but was particularly slow on my desktop.

The cleanup caused me to audit serverName and the weird places it went.
I think some of them were tricks for XdsClientFallbackTest to squirrel
away something distinguishing, although reusing the serverName is asking
for confusion as is including the tricks in "shared" utilities.
XdsClientFallbackTest does have some non-trivial changes, but this seems
to fix some pre-existing bugs in the tests.

* Add failing hostname unit test
---
 xds/src/main/java/io/grpc/xds/Endpoints.java  |  4 +++-
 .../java/io/grpc/xds/XdsEndpointResource.java | 13 +++++++---
 .../java/io/grpc/xds/ControlPlaneRule.java    | 23 +++++++-----------
 .../grpc/xds/GcpAuthenticationFilterTest.java |  8 +++----
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 24 +++++++++++++++++++
 .../io/grpc/xds/XdsClientFallbackTest.java    |  8 +++----
 .../io/grpc/xds/XdsDependencyManagerTest.java | 14 +++++------
 .../java/io/grpc/xds/XdsNameResolverTest.java |  2 +-
 .../test/java/io/grpc/xds/XdsTestUtils.java   | 20 ++++++++--------
 9 files changed, 71 insertions(+), 45 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/Endpoints.java b/xds/src/main/java/io/grpc/xds/Endpoints.java
index b0d97d42c11..dcb72f3e90d 100644
--- a/xds/src/main/java/io/grpc/xds/Endpoints.java
+++ b/xds/src/main/java/io/grpc/xds/Endpoints.java
@@ -22,6 +22,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.net.InetAddresses;
 import io.grpc.EquivalentAddressGroup;
 import java.net.InetSocketAddress;
 import java.util.List;
@@ -78,7 +79,8 @@ static LbEndpoint create(EquivalentAddressGroup eag, int loadBalancingWeight,
     @VisibleForTesting
     static LbEndpoint create(String address, int port, int loadBalancingWeight, boolean isHealthy,
         String hostname, ImmutableMap<String, Object> endpointMetadata) {
-      return LbEndpoint.create(new EquivalentAddressGroup(new InetSocketAddress(address, port)),
+      return LbEndpoint.create(
+          new EquivalentAddressGroup(new InetSocketAddress(InetAddresses.forString(address), port)),
           loadBalancingWeight, isHealthy, hostname, endpointMetadata);
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java b/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
index 11111fa51ca..9ad75595ea6 100644
--- a/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsEndpointResource.java
@@ -40,6 +40,7 @@
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsClient.ResourceUpdate;
 import io.grpc.xds.client.XdsResourceType;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -245,10 +246,16 @@ static StructOrError<LocalityLbEndpoints> parseLocalityLbEndpoints(
         proto.getPriority(), localityMetadata));
   }
 
-  private static InetSocketAddress getInetSocketAddress(Address address) {
+  private static InetSocketAddress getInetSocketAddress(Address address)
+      throws ResourceInvalidException {
     io.envoyproxy.envoy.config.core.v3.SocketAddress socketAddress = address.getSocketAddress();
-
-    return new InetSocketAddress(socketAddress.getAddress(), socketAddress.getPortValue());
+    InetAddress parsedAddress;
+    try {
+      parsedAddress = InetAddresses.forString(socketAddress.getAddress());
+    } catch (IllegalArgumentException ex) {
+      throw new ResourceInvalidException("Address is not an IP", ex);
+    }
+    return new InetSocketAddress(parsedAddress, socketAddress.getPortValue());
   }
 
   static final class EdsUpdate implements ResourceUpdate {
diff --git a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
index 8c10627d153..11ea957ae35 100644
--- a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
+++ b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
@@ -266,17 +266,17 @@ static Cluster buildCluster(String clusterName, String edsName) {
   /**
    * Builds a new default EDS configuration.
    */
-  static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, String endpointHostname,
-                                                          int port) {
-    return buildClusterLoadAssignment(hostName, endpointHostname, port, EDS_NAME);
+  static ClusterLoadAssignment buildClusterLoadAssignment(
+          String hostAddress, String endpointHostname, int port) {
+    return buildClusterLoadAssignment(hostAddress, endpointHostname, port, EDS_NAME);
   }
 
-  static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, String endpointHostname,
-                                                          int port, String edsName) {
+  static ClusterLoadAssignment buildClusterLoadAssignment(
+          String hostAddress, String endpointHostname, int port, String edsName) {
 
     Address address = Address.newBuilder()
         .setSocketAddress(
-            SocketAddress.newBuilder().setAddress(hostName).setPortValue(port).build()).build();
+            SocketAddress.newBuilder().setAddress(hostAddress).setPortValue(port).build()).build();
     LocalityLbEndpoints endpoints = LocalityLbEndpoints.newBuilder()
         .setLoadBalancingWeight(UInt32Value.of(10))
         .setPriority(0)
@@ -297,17 +297,12 @@ static ClusterLoadAssignment buildClusterLoadAssignment(String hostName, String
    * Builds a new client listener.
    */
   static Listener buildClientListener(String name) {
-    return buildClientListener(name, "terminal-filter");
+    return buildClientListener(name, RDS_NAME);
   }
 
-
-  static Listener buildClientListener(String name, String identifier) {
-    return buildClientListener(name, identifier, RDS_NAME);
-  }
-
-  static Listener buildClientListener(String name, String identifier, String rdsName) {
+  static Listener buildClientListener(String name, String rdsName) {
     HttpFilter httpFilter = HttpFilter.newBuilder()
-        .setName(identifier)
+        .setName("terminal-filter")
         .setTypedConfig(Any.pack(Router.newBuilder().build()))
         .setIsOptional(true)
         .build();
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
index cebf739d417..1d6c97d81e6 100644
--- a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -53,7 +53,6 @@
 import io.grpc.MethodDescriptor;
 import io.grpc.Status;
 import io.grpc.StatusOr;
-import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.testing.TestMethodDescriptors;
 import io.grpc.xds.Endpoints.LbEndpoint;
 import io.grpc.xds.Endpoints.LocalityLbEndpoints;
@@ -84,7 +83,6 @@
 public class GcpAuthenticationFilterTest {
   private static final GcpAuthenticationFilter.Provider FILTER_PROVIDER =
       new GcpAuthenticationFilter.Provider();
-  private static final String serverName = InProcessServerBuilder.generateName();
   private static final LdsUpdate ldsUpdate = getLdsUpdate();
   private static final EdsUpdate edsUpdate = getEdsUpdate();
   private static final RdsUpdate rdsUpdate = getRdsUpdate();
@@ -461,7 +459,7 @@ public void testLruCacheEvictionOnResize() throws IOException, ResourceInvalidEx
 
   private static LdsUpdate getLdsUpdate() {
     Filter.NamedFilterConfig routerFilterConfig = new Filter.NamedFilterConfig(
-        serverName, RouterFilter.ROUTER_CONFIG);
+        "router", RouterFilter.ROUTER_CONFIG);
     HttpConnectionManager httpConnectionManager = HttpConnectionManager.forRdsName(
         0L, RDS_NAME, Collections.singletonList(routerFilterConfig));
     return XdsListenerResource.LdsUpdate.forApiListener(httpConnectionManager);
@@ -469,7 +467,7 @@ private static LdsUpdate getLdsUpdate() {
 
   private static RdsUpdate getRdsUpdate() {
     RouteConfiguration routeConfiguration =
-        buildRouteConfiguration(serverName, RDS_NAME, CLUSTER_NAME);
+        buildRouteConfiguration("my-server", RDS_NAME, CLUSTER_NAME);
     XdsResourceType.Args args = new XdsResourceType.Args(null, "0", "0", null, null, null);
     try {
       return XdsRouteConfigureResource.getInstance().doParse(args, routeConfiguration);
@@ -481,7 +479,7 @@ private static RdsUpdate getRdsUpdate() {
   private static EdsUpdate getEdsUpdate() {
     Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
     LbEndpoint lbEndpoint = LbEndpoint.create(
-        serverName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
+        "127.0.0.5", ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
     lbEndpointsMap.put(
         Locality.create("", "", ""),
         LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0, ImmutableMap.of()));
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index e129e2644e9..6167f491930 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -1077,6 +1077,30 @@ public void parseLocalityLbEndpoints_withHealthyEndpoints() throws ResourceInval
             100, 1, ImmutableMap.of()));
   }
 
+  @Test
+  public void parseLocalityLbEndpoints_onlyPermitIp() {
+    io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints proto =
+        io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints.newBuilder()
+            .setLocality(Locality.newBuilder()
+                .setRegion("region-foo").setZone("zone-foo").setSubZone("subZone-foo"))
+            .setLoadBalancingWeight(UInt32Value.newBuilder().setValue(100))  // locality weight
+            .setPriority(1)
+            .addLbEndpoints(io.envoyproxy.envoy.config.endpoint.v3.LbEndpoint.newBuilder()
+                .setEndpoint(Endpoint.newBuilder()
+                    .setAddress(Address.newBuilder()
+                        .setSocketAddress(
+                            SocketAddress.newBuilder()
+                                .setAddress("example.com").setPortValue(8888))))
+                .setHealthStatus(io.envoyproxy.envoy.config.core.v3.HealthStatus.HEALTHY)
+                .setLoadBalancingWeight(UInt32Value.newBuilder().setValue(20)))  // endpoint weight
+            .build();
+    ResourceInvalidException ex = assertThrows(
+        ResourceInvalidException.class,
+        () -> XdsEndpointResource.parseLocalityLbEndpoints(proto));
+    assertThat(ex.getMessage()).contains("IP");
+    assertThat(ex.getMessage()).contains("example.com");
+  }
+
   @Test
   public void parseLocalityLbEndpoints_treatUnknownHealthAsHealthy()
       throws ResourceInvalidException {
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index 036b9f6f55d..1e7ce6dc2a2 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -84,10 +84,10 @@ public class XdsClientFallbackTest {
   private static final String FALLBACK_EDS_NAME = "fallback-" + EDS_NAME;
   private static final HttpConnectionManager MAIN_HTTP_CONNECTION_MANAGER =
       HttpConnectionManager.forRdsName(0, RDS_NAME, ImmutableList.of(
-          new Filter.NamedFilterConfig(MAIN_SERVER, RouterFilter.ROUTER_CONFIG)));
+          new Filter.NamedFilterConfig("terminal-filter", RouterFilter.ROUTER_CONFIG)));
   private static final HttpConnectionManager FALLBACK_HTTP_CONNECTION_MANAGER =
-      HttpConnectionManager.forRdsName(0, RDS_NAME, ImmutableList.of(
-          new Filter.NamedFilterConfig(FALLBACK_SERVER, RouterFilter.ROUTER_CONFIG)));
+      HttpConnectionManager.forRdsName(0, FALLBACK_RDS_NAME, ImmutableList.of(
+          new Filter.NamedFilterConfig("terminal-filter", RouterFilter.ROUTER_CONFIG)));
   private ObjectPool<XdsClient> xdsClientPool;
   private XdsClient xdsClient;
   private boolean originalEnableXdsFallback;
@@ -201,7 +201,7 @@ private static void setAdsConfig(ControlPlaneRule controlPlane, String serverNam
     String edsName = isMainServer ? EDS_NAME : FALLBACK_EDS_NAME;
 
     controlPlane.setLdsConfig(ControlPlaneRule.buildServerListener(),
-        ControlPlaneRule.buildClientListener(MAIN_SERVER, serverName));
+        ControlPlaneRule.buildClientListener(MAIN_SERVER, rdsName));
 
     controlPlane.setRdsConfig(rdsName,
         XdsTestUtils.buildRouteConfiguration(MAIN_SERVER, rdsName, clusterName));
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index 542471e2734..14f554412a8 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -122,7 +122,7 @@ public class XdsDependencyManagerTest {
   private Server xdsServer;
 
   private final FakeClock fakeClock = new FakeClock();
-  private final String serverName = InProcessServerBuilder.generateName();
+  private final String serverName = "the-service-name";
   private final Queue<XdsTestUtils.LrsRpcCall> loadReportCalls = new ArrayDeque<>();
   private final AtomicBoolean adsEnded = new AtomicBoolean(true);
   private final AtomicBoolean lrsEnded = new AtomicBoolean(true);
@@ -153,7 +153,7 @@ public class XdsDependencyManagerTest {
   @Before
   public void setUp() throws Exception {
     xdsServer = cleanupRule.register(InProcessServerBuilder
-        .forName(serverName)
+        .forName("control-plane")
         .addService(controlPlaneService)
         .addService(lrsService)
         .directExecutor()
@@ -163,7 +163,7 @@ public void setUp() throws Exception {
     XdsTestUtils.setAdsConfig(controlPlaneService, serverName);
 
     channel = cleanupRule.register(
-        InProcessChannelBuilder.forName(serverName).directExecutor().build());
+        InProcessChannelBuilder.forName("control-plane").directExecutor().build());
     XdsTransportFactory xdsTransportFactory =
         ignore -> new GrpcXdsTransportFactory.GrpcXdsTransport(channel);
 
@@ -351,10 +351,10 @@ public void testMissingCdsAndEds() {
     // Update config so that one of the 2 "valid" clusters has an EDS resource, the other does not
     // and there is an EDS that doesn't have matching clusters
     ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
-        serverName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, XdsTestUtils.EDS_NAME + 0);
+        "127.0.1.1", ENDPOINT_HOSTNAME, ENDPOINT_PORT, XdsTestUtils.EDS_NAME + 0);
     edsMap.put(XdsTestUtils.EDS_NAME + 0, clusterLoadAssignment);
     clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
-        serverName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, "garbageEds");
+        "127.0.1.2", ENDPOINT_HOSTNAME, ENDPOINT_PORT, "garbageEds");
     edsMap.put("garbageEds", clusterLoadAssignment);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
@@ -421,7 +421,7 @@ public void testTcpListenerErrors() {
   @Test
   public void testMissingRds() {
     String rdsName = "badRdsName";
-    Listener clientListener = ControlPlaneRule.buildClientListener(serverName, serverName, rdsName);
+    Listener clientListener = ControlPlaneRule.buildClientListener(serverName, rdsName);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
         ImmutableMap.of(serverName, clientListener));
 
@@ -578,7 +578,7 @@ public void testMultipleCdsReferToSameEds() {
 
     Map<String, Message> edsMap = new HashMap<>();
     ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
-        serverName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, edsName);
+        "127.0.1.4", ENDPOINT_HOSTNAME, ENDPOINT_PORT, edsName);
     edsMap.put(edsName, clusterLoadAssignment);
 
     RouteConfiguration routeConfig =
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 622084d4306..ab966ce0025 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -1228,7 +1228,7 @@ private static void createAndDeliverClusterUpdates(
               .roundRobinLbPolicy();
       xdsClient.deliverCdsUpdate(clusterName, forEds.build());
       EdsUpdate edsUpdate = new EdsUpdate(clusterName,
-          XdsTestUtils.createMinimalLbEndpointsMap("host"), Collections.emptyList());
+          XdsTestUtils.createMinimalLbEndpointsMap("127.0.0.3"), Collections.emptyList());
       xdsClient.deliverEdsUpdate(clusterName, edsUpdate);
     }
   }
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index 52953ef5407..ec1ccd7c6d0 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -136,7 +136,7 @@ static void setAdsConfig(XdsTestControlPlaneService service, String serverName,
                            int endpointPort) {
 
     Listener serverListener = ControlPlaneRule.buildServerListener();
-    Listener clientListener = ControlPlaneRule.buildClientListener(serverName, serverName, rdsName);
+    Listener clientListener = ControlPlaneRule.buildClientListener(serverName, rdsName);
     service.setXdsConfig(ADS_TYPE_URL_LDS,
         ImmutableMap.of(SERVER_LISTENER, serverListener, serverName, clientListener));
 
@@ -148,7 +148,7 @@ static void setAdsConfig(XdsTestControlPlaneService service, String serverName,
     service.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.<String, Message>of(clusterName, cluster));
 
     ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
-        serverName, endpointHostname, endpointPort, edsName);
+        "127.0.0.11", endpointHostname, endpointPort, edsName);
     service.setXdsConfig(ADS_TYPE_URL_EDS,
         ImmutableMap.<String, Message>of(edsName, clusterLoadAssignment));
 
@@ -186,7 +186,7 @@ static void setAggregateCdsConfig(XdsTestControlPlaneService service, String ser
     Map<String, Message> edsMap = new HashMap<>();
     for (String child : children) {
       ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
-          serverName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, getEdsNameForCluster(child));
+          "127.0.0.16", ENDPOINT_HOSTNAME, ENDPOINT_PORT, getEdsNameForCluster(child));
       edsMap.put(getEdsNameForCluster(child), clusterLoadAssignment);
     }
     service.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
@@ -225,7 +225,7 @@ static void addAggregateToExistingConfig(XdsTestControlPlaneService service, Str
         continue;
       }
       ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
-          child, ENDPOINT_HOSTNAME, ENDPOINT_PORT, getEdsNameForCluster(child));
+          "127.0.0.15", ENDPOINT_HOSTNAME, ENDPOINT_PORT, getEdsNameForCluster(child));
       edsMap.put(getEdsNameForCluster(child), clusterLoadAssignment);
     }
     service.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
@@ -236,7 +236,7 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
     XdsConfig.XdsConfigBuilder builder = new XdsConfig.XdsConfigBuilder();
 
     Filter.NamedFilterConfig routerFilterConfig = new Filter.NamedFilterConfig(
-        serverHostName, RouterFilter.ROUTER_CONFIG);
+        "terminal-filter", RouterFilter.ROUTER_CONFIG);
 
     HttpConnectionManager httpConnectionManager = HttpConnectionManager.forRdsName(
         0L, RDS_NAME, Collections.singletonList(routerFilterConfig));
@@ -257,7 +257,7 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
     // Need to create endpoints to create locality endpoints map to create edsUpdate
     Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
     LbEndpoint lbEndpoint = LbEndpoint.create(
-        serverHostName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
+        "127.0.0.11", ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
     lbEndpointsMap.put(
         Locality.create("", "", ""),
         LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0, ImmutableMap.of()));
@@ -280,10 +280,10 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
     return builder.build();
   }
 
-  static Map<Locality, LocalityLbEndpoints> createMinimalLbEndpointsMap(String serverHostName) {
+  static Map<Locality, LocalityLbEndpoints> createMinimalLbEndpointsMap(String serverAddress) {
     Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
     LbEndpoint lbEndpoint = LbEndpoint.create(
-        serverHostName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
+        serverAddress, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
     lbEndpointsMap.put(
         Locality.create("", "", ""),
         LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0, ImmutableMap.of()));
@@ -338,7 +338,7 @@ static void addEdsClusters(Map<String, Message> clusterMap, Map<String, Message>
       clusterMap.put(clusterName, cluster);
 
       ClusterLoadAssignment clusterLoadAssignment = ControlPlaneRule.buildClusterLoadAssignment(
-          clusterName, ENDPOINT_HOSTNAME, ENDPOINT_PORT, edsName);
+          "127.0.0.13", ENDPOINT_HOSTNAME, ENDPOINT_PORT, edsName);
       edsMap.put(edsName, clusterLoadAssignment);
     }
   }
@@ -346,7 +346,7 @@ static void addEdsClusters(Map<String, Message> clusterMap, Map<String, Message>
   static Listener buildInlineClientListener(String rdsName, String clusterName, String serverName) {
     HttpFilter
         httpFilter = HttpFilter.newBuilder()
-        .setName(serverName)
+        .setName("terminal-filter")
         .setTypedConfig(Any.pack(Router.newBuilder().build()))
         .setIsOptional(true)
         .build();

From 4c7399910246b4111940faf9c3a277b87e559b8a Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 5 Jun 2025 03:09:51 -0700
Subject: [PATCH 279/591] Move all test helper classes out of
 AbstractTransportTest so they can be used elsewhere (#12125)

---
 .../internal/BinderServerTransportTest.java   |  38 +-
 .../grpc/internal/AbstractTransportTest.java  | 360 ++++--------------
 .../internal/ClientStreamListenerBase.java    | 119 ++++++
 .../io/grpc/internal/MockServerListener.java  |  78 ++++
 .../internal/MockServerTransportListener.java |  93 +++++
 .../internal/ServerStreamListenerBase.java    |  95 +++++
 .../inprocess/InProcessTransportTest.java     |   4 +
 7 files changed, 471 insertions(+), 316 deletions(-)
 create mode 100644 core/src/testFixtures/java/io/grpc/internal/ClientStreamListenerBase.java
 create mode 100644 core/src/testFixtures/java/io/grpc/internal/MockServerListener.java
 create mode 100644 core/src/testFixtures/java/io/grpc/internal/MockServerTransportListener.java
 create mode 100644 core/src/testFixtures/java/io/grpc/internal/ServerStreamListenerBase.java

diff --git a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
index d3c13d6c89e..d47106d1d35 100644
--- a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
@@ -16,7 +16,6 @@
 
 package io.grpc.binder.internal;
 
-import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.truth.Truth.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
@@ -29,11 +28,9 @@
 import android.os.Parcel;
 import com.google.common.collect.ImmutableList;
 import io.grpc.Attributes;
-import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.internal.FixedObjectPool;
-import io.grpc.internal.ServerStream;
-import io.grpc.internal.ServerTransportListener;
+import io.grpc.internal.MockServerTransportListener;
 import java.util.concurrent.ScheduledExecutorService;
 import org.junit.Before;
 import org.junit.Rule;
@@ -55,7 +52,7 @@ public final class BinderServerTransportTest {
   @Rule public MockitoRule mocks = MockitoJUnit.rule();
 
   private final ScheduledExecutorService executorService = new MainThreadScheduledExecutorService();
-  private final TestTransportListener transportListener = new TestTransportListener();
+  private MockServerTransportListener transportListener;
 
   @Mock IBinder mockBinder;
 
@@ -70,6 +67,7 @@ public void setUp() throws Exception {
             ImmutableList.of(),
             OneWayBinderProxy.IDENTITY_DECORATOR,
             mockBinder);
+    transportListener = new MockServerTransportListener(transport);
   }
 
   @Test
@@ -82,34 +80,6 @@ public void testSetupTransactionFailureCausesMultipleShutdowns_b153460678() thro
     transport.shutdownNow(Status.UNKNOWN.withDescription("reasons"));
     shadowOf(Looper.getMainLooper()).idle();
 
-    assertThat(transportListener.terminated).isTrue();
-  }
-
-  private static final class TestTransportListener implements ServerTransportListener {
-
-    public boolean ready;
-    public boolean terminated;
-
-    /**
-     * Called when a new stream was created by the remote client.
-     *
-     * @param stream the newly created stream.
-     * @param method the fully qualified method name being called on the server.
-     * @param headers containing metadata for the call.
-     */
-    @Override
-    public void streamCreated(ServerStream stream, String method, Metadata headers) {}
-
-    @Override
-    public Attributes transportReady(Attributes attributes) {
-      ready = true;
-      return attributes;
-    }
-
-    @Override
-    public void transportTerminated() {
-      checkState(!terminated, "Terminated twice");
-      terminated = true;
-    }
+    assertThat(transportListener.isTerminated()).isTrue();
   }
 }
diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index 1f4c2b41f15..32c3bff74e9 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -58,6 +58,7 @@
 import io.grpc.MethodDescriptor;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
+import io.grpc.internal.MockServerTransportListener.StreamCreation;
 import io.grpc.internal.testing.TestClientStreamTracer;
 import io.grpc.internal.testing.TestServerStreamTracer;
 import java.io.ByteArrayInputStream;
@@ -69,10 +70,8 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.concurrent.BlockingQueue;
-import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
-import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 import org.junit.After;
@@ -296,8 +295,8 @@ public void frameAfterRstStreamShouldNotBreakClientChannel() throws Exception {
     serverStreamCreation.stream.flush();
 
     assertEquals(
-        Status.CANCELLED, clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+        Status.CANCELLED, clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     ClientStreamListener mockClientStreamListener2 = mock(ClientStreamListener.class);
 
@@ -469,7 +468,7 @@ public void openStreamPreventsTermination() throws Exception {
     // the stream still functions.
     serverStream.writeHeaders(new Metadata(), true);
     clientStream.halfClose();
-    assertNotNull(clientStreamListener.headers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitHeaders(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertTrue(serverStreamListener.awaitHalfClosed(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     verify(mockClientTransportListener, never()).transportTerminated();
@@ -511,9 +510,9 @@ public void shutdownNowKillsClientStream() throws Exception {
     assertTrue(serverTransportListener.waitForTermination(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertTrue(serverTransportListener.isTerminated());
 
-    assertEquals(status, clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status serverStatus = serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertEquals(status, clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status serverStatus = serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertFalse(serverStatus.isOk());
     assertTrue(clientStreamTracer1.await(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertNull(clientStreamTracer1.getInboundTrailers());
@@ -550,9 +549,9 @@ public void shutdownNowKillsServerStream() throws Exception {
     assertTrue(serverTransportListener.waitForTermination(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertTrue(serverTransportListener.isTerminated());
 
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertFalse(clientStreamStatus.isOk());
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertTrue(clientStreamTracer1.await(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertNull(clientStreamTracer1.getInboundTrailers());
     assertStatusEquals(clientStreamStatus, clientStreamTracer1.getStatus());
@@ -562,7 +561,7 @@ public void shutdownNowKillsServerStream() throws Exception {
     // Generally will be same status provided to shutdownNow, but InProcessTransport can't
     // differentiate between client and server shutdownNow. The status is not really used on
     // server-side, so we don't care much.
-    assertNotNull(serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
   }
 
   @Test
@@ -643,8 +642,8 @@ public void newStream_duringShutdown() throws Exception {
     ClientStreamListenerBase clientStreamListener2 = new ClientStreamListenerBase();
     stream2.start(clientStreamListener2);
     Status clientStreamStatus2 =
-        clientStreamListener2.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
-    assertNotNull(clientStreamListener2.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+        clientStreamListener2.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertNotNull(clientStreamListener2.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertCodeEquals(Status.UNAVAILABLE, clientStreamStatus2);
     assertNull(clientStreamTracer2.getInboundTrailers());
     assertSame(clientStreamStatus2, clientStreamTracer2.getStatus());
@@ -658,8 +657,8 @@ public void newStream_duringShutdown() throws Exception {
     StreamCreation serverStreamCreation
         = serverTransportListener.takeStreamOrFail(20 * TIMEOUT_MS, TimeUnit.MILLISECONDS);
     serverStreamCreation.stream.close(Status.OK, new Metadata());
-    assertCodeEquals(Status.OK, clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertCodeEquals(Status.OK, clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
   }
 
   @Test
@@ -679,8 +678,8 @@ public void newStream_afterTermination() throws Exception {
     ClientStreamListenerBase clientStreamListener = new ClientStreamListenerBase();
     stream.start(clientStreamListener);
     assertEquals(
-        shutdownReason, clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+        shutdownReason, clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     verify(mockClientTransportListener, never()).transportInUse(anyBoolean());
     assertNull(clientStreamTracer1.getInboundTrailers());
     assertSame(shutdownReason, clientStreamTracer1.getStatus());
@@ -788,6 +787,17 @@ public void transportInUse_clientCancel() throws Exception {
 
   @Test
   public void basicStream() throws Exception {
+    serverListener =
+        new MockServerListener(
+            transport ->
+                new MockServerTransportListener(transport) {
+                  @Override
+                  public Attributes transportReady(Attributes attributes) {
+                    return super.transportReady(attributes).toBuilder()
+                        .set(ADDITIONAL_TRANSPORT_ATTR_KEY, "additional attribute value")
+                        .build();
+                  }
+                });
     InOrder serverInOrder = inOrder(serverStreamTracerFactory);
     server.start(serverListener);
     client = newClientTransport(server);
@@ -881,7 +891,7 @@ public void basicStream() throws Exception {
     Metadata serverHeadersCopy = new Metadata();
     serverHeadersCopy.merge(serverHeaders);
     serverStream.writeHeaders(serverHeaders, true);
-    Metadata headers = clientStreamListener.headers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    Metadata headers = clientStreamListener.awaitHeaders(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertNotNull(headers);
     assertAsciiMetadataValuesEqual(serverHeadersCopy.getAll(asciiKey), headers.getAll(asciiKey));
     assertEquals(
@@ -926,11 +936,11 @@ public void basicStream() throws Exception {
     serverStream.close(status, trailers);
     assertNull(serverStreamTracer1.nextInboundEvent());
     assertNull(serverStreamTracer1.nextOutboundEvent());
-    assertCodeEquals(Status.OK, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertCodeEquals(Status.OK, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertSame(status, serverStreamTracer1.getStatus());
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     Metadata clientStreamTrailers =
-        clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+        clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertSame(clientStreamTrailers, clientStreamTracer1.getInboundTrailers());
     assertSame(clientStreamStatus, clientStreamTracer1.getStatus());
     assertNull(clientStreamTracer1.nextInboundEvent());
@@ -999,14 +1009,14 @@ public void zeroMessageStream() throws Exception {
     assertTrue(serverStreamListener.awaitHalfClosed(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     serverStream.writeHeaders(new Metadata(), true);
-    assertNotNull(clientStreamListener.headers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitHeaders(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     Status status = Status.OK.withDescription("Nice talking to you");
     serverStream.close(status, new Metadata());
-    assertCodeEquals(Status.OK, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertCodeEquals(Status.OK, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     Metadata clientStreamTrailers =
-        clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+        clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertNotNull(clientStreamTrailers);
     assertEquals(status.getCode(), clientStreamStatus.getCode());
     assertEquals(status.getDescription(), clientStreamStatus.getDescription());
@@ -1036,15 +1046,15 @@ public void earlyServerClose_withServerHeaders() throws Exception {
     ServerStreamListenerBase serverStreamListener = serverStreamCreation.listener;
 
     serverStream.writeHeaders(new Metadata(), true);
-    assertNotNull(clientStreamListener.headers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitHeaders(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     Status strippedStatus = Status.OK.withDescription("Hello. Goodbye.");
     Status status = strippedStatus.withCause(new Exception());
     serverStream.close(status, new Metadata());
-    assertCodeEquals(Status.OK, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertCodeEquals(Status.OK, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     Metadata clientStreamTrailers =
-        clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+        clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertNotNull(clientStreamTrailers);
     checkClientStatus(status, clientStreamStatus);
     assertTrue(clientStreamTracer1.getOutboundHeaders());
@@ -1080,10 +1090,10 @@ public void earlyServerClose_noServerHeaders() throws Exception {
     trailers.put(asciiKey, "dupvalue");
     trailers.put(binaryKey, "äbinarytrailers");
     serverStream.close(status, trailers);
-    assertCodeEquals(Status.OK, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertCodeEquals(Status.OK, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     Metadata clientStreamTrailers =
-        clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+        clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     checkClientStatus(status, clientStreamStatus);
     assertEquals(
         Lists.newArrayList(trailers.getAll(asciiKey)),
@@ -1118,10 +1128,10 @@ public void earlyServerClose_serverFailure() throws Exception {
     Status strippedStatus = Status.INTERNAL.withDescription("I'm not listening");
     Status status = strippedStatus.withCause(new Exception());
     serverStream.close(status, new Metadata());
-    assertCodeEquals(Status.OK, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertCodeEquals(Status.OK, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     Metadata clientStreamTrailers =
-        clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+        clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertNotNull(clientStreamTrailers);
     checkClientStatus(status, clientStreamStatus);
     assertTrue(clientStreamTracer1.getOutboundHeaders());
@@ -1161,10 +1171,10 @@ public void closed(
     Status strippedStatus = Status.INTERNAL.withDescription("I'm not listening");
     Status status = strippedStatus.withCause(new Exception());
     serverStream.close(status, new Metadata());
-    assertCodeEquals(Status.OK, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertCodeEquals(Status.OK, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     Metadata clientStreamTrailers =
-        clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+        clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertNotNull(clientStreamTrailers);
     checkClientStatus(status, clientStreamStatus);
     assertTrue(clientStreamTracer1.getOutboundHeaders());
@@ -1192,9 +1202,9 @@ public void clientCancel() throws Exception {
 
     Status status = Status.CANCELLED.withDescription("Nevermind").withCause(new Exception());
     clientStream.cancel(status);
-    assertEquals(status, clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status serverStatus = serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertEquals(status, clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status serverStatus = serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertNotEquals(Status.Code.OK, serverStatus.getCode());
     // Cause should not be transmitted between client and server by default
     assertNull(serverStatus.getCause());
@@ -1306,9 +1316,9 @@ public void serverCancel() throws Exception {
     Status status = Status.DEADLINE_EXCEEDED.withDescription("It was bound to happen")
         .withCause(new Exception());
     serverStream.cancel(status);
-    assertEquals(status, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertEquals(status, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     // Presently we can't sent much back to the client in this case. Verify that is the current
     // behavior for consistency between transports.
     assertCodeEquals(Status.CANCELLED, clientStreamStatus);
@@ -1452,7 +1462,7 @@ public void flowControlPushBack() throws Exception {
     serverStream.close(status, new Metadata());
     doPingPong(serverListener);
     try {
-      clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+      clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
       fail("Expected TimeoutException");
     } catch (TimeoutException expectedException) {
     }
@@ -1460,9 +1470,9 @@ public void flowControlPushBack() throws Exception {
     clientStream.request(1);
     clientReceived += verifyMessageCountAndClose(clientStreamListener.messageQueue, 1);
     assertEquals(serverSent + 6, clientReceived);
-    assertCodeEquals(Status.OK, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertCodeEquals(Status.OK, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertEquals(status.getCode(), clientStreamStatus.getCode());
     assertEquals(status.getDescription(), clientStreamStatus.getDescription());
   }
@@ -1518,9 +1528,9 @@ public void flowControlDoesNotDeadlockLargeMessage() throws Exception {
     serverStream.close(status, new Metadata());
     doPingPong(serverListener);
     clientStream.request(1);
-    assertCodeEquals(Status.OK, serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    Status clientStreamStatus = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertCodeEquals(Status.OK, serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    Status clientStreamStatus = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     assertEquals(status.getCode(), clientStreamStatus.getCode());
     assertEquals(status.getDescription(), clientStreamStatus.getDescription());
   }
@@ -1588,8 +1598,8 @@ public void interactionsAfterServerStreamCloseAreNoops() throws Exception {
     // setup
     clientStream.request(1);
     server.stream.close(Status.INTERNAL, new Metadata());
-    assertNotNull(clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     // Ensure that for a closed ServerStream, interactions are noops
     server.stream.writeHeaders(new Metadata(), true);
@@ -1621,7 +1631,7 @@ public void interactionsAfterClientStreamCancelAreNoops() throws Exception {
     // setup
     server.stream.request(1);
     clientStream.cancel(Status.UNKNOWN);
-    assertNotNull(server.listener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(server.listener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     // Ensure that for a cancelled ClientStream, interactions are noops
     clientStream.writeMessage(methodDescriptor.streamRequest("request"));
@@ -1744,9 +1754,8 @@ public void transportTracer_server_streamEnded_ok() throws Exception {
     clientStream.halfClose();
     serverStream.close(Status.OK, new Metadata());
     // do not validate stats until close() has been called on client
-    assertNotNull(clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-
+    assertNotNull(clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     TransportStats serverAfter = getTransportStats(serverTransportListener.transport);
     assertEquals(1, serverAfter.streamsSucceeded);
@@ -1783,9 +1792,8 @@ public void transportTracer_server_streamEnded_nonOk() throws Exception {
 
     serverStream.close(Status.UNKNOWN, new Metadata());
     // do not validate stats until close() has been called on client
-    assertNotNull(clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-
+    assertNotNull(clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     TransportStats serverAfter = getTransportStats(serverTransportListener.transport);
     assertEquals(1, serverAfter.streamsFailed);
@@ -1823,7 +1831,7 @@ public void transportTracer_client_streamEnded_nonOk() throws Exception {
 
     clientStream.cancel(Status.UNKNOWN);
     // do not validate stats until close() has been called on server
-    assertNotNull(serverStreamCreation.listener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(serverStreamCreation.listener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     TransportStats serverAfter = getTransportStats(serverTransportListener.transport);
     assertEquals(1, serverAfter.streamsFailed);
@@ -1980,7 +1988,7 @@ public void serverChecksInboundMetadataSize() throws Exception {
     // Server shouldn't have created a stream, so nothing to clean up on server-side
 
     // If this times out, the server probably isn't noticing the metadata size
-    Status status = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    Status status = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     List<Status.Code> codeOptions = Arrays.asList(
         Status.Code.UNKNOWN, Status.Code.RESOURCE_EXHAUSTED, Status.Code.INTERNAL);
     if (!codeOptions.contains(status.getCode())) {
@@ -2021,13 +2029,13 @@ public void clientChecksInboundMetadataSize_header() throws Exception {
     serverStreamCreation.stream.writeMessage(methodDescriptor.streamResponse("response"));
     serverStreamCreation.stream.close(Status.OK, new Metadata());
 
-    Status status = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    Status status = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     List<Status.Code> codeOptions = Arrays.asList(
         Status.Code.UNKNOWN, Status.Code.RESOURCE_EXHAUSTED, Status.Code.INTERNAL);
     if (!codeOptions.contains(status.getCode())) {
       fail("Status code was not expected: " + status);
     }
-    assertFalse(clientStreamListener.headers.isDone());
+    assertFalse(clientStreamListener.hasHeaders());
   }
 
   /** This assumes the client limits metadata size to GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE. */
@@ -2066,13 +2074,13 @@ public void clientChecksInboundMetadataSize_trailer() throws Exception {
     serverStreamCreation.stream.writeMessage(methodDescriptor.streamResponse("response"));
     serverStreamCreation.stream.close(Status.OK, tooLargeMetadata);
 
-    Status status = clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    Status status = clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     List<Status.Code> codeOptions = Arrays.asList(
         Status.Code.UNKNOWN, Status.Code.RESOURCE_EXHAUSTED, Status.Code.INTERNAL);
     if (!codeOptions.contains(status.getCode())) {
       fail("Status code was not expected: " + status);
     }
-    Metadata metadata = clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+    Metadata metadata = clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     assertNull(metadata.get(tellTaleKey));
   }
 
@@ -2100,9 +2108,9 @@ methodDescriptor, new Metadata(), callOptions,
     ServerStreamListenerBase serverStreamListener = serverStreamCreation.listener;
 
     serverStream.close(Status.OK, new Metadata());
-    assertNotNull(clientStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(clientStreamListener.trailers.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
-    assertNotNull(serverStreamListener.status.get(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(clientStreamListener.awaitTrailers(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertNotNull(serverStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     client.shutdown(Status.UNAVAILABLE);
   }
 
@@ -2147,7 +2155,7 @@ private static void checkClientStatus(Status expectedStatus, Status clientStream
     assertNull(clientStreamStatus.getCause());
   }
 
-  private static boolean waitForFuture(Future<?> future, long timeout, TimeUnit unit)
+  static boolean waitForFuture(Future<?> future, long timeout, TimeUnit unit)
       throws InterruptedException {
     try {
       future.get(timeout, unit);
@@ -2183,218 +2191,6 @@ public void streamCreated(Attributes transportAttrs, Metadata metadata) {
     }
   }
 
-  public static class MockServerListener implements ServerListener {
-    public final BlockingQueue<MockServerTransportListener> listeners
-        = new LinkedBlockingQueue<>();
-    private final SettableFuture<?> shutdown = SettableFuture.create();
-
-    @Override
-    public ServerTransportListener transportCreated(ServerTransport transport) {
-      MockServerTransportListener listener = new MockServerTransportListener(transport);
-      listeners.add(listener);
-      return listener;
-    }
-
-    @Override
-    public void serverShutdown() {
-      assertTrue(shutdown.set(null));
-    }
-
-    public boolean waitForShutdown(long timeout, TimeUnit unit) throws InterruptedException {
-      return waitForFuture(shutdown, timeout, unit);
-    }
-
-    public MockServerTransportListener takeListenerOrFail(long timeout, TimeUnit unit)
-        throws InterruptedException {
-      MockServerTransportListener listener = listeners.poll(timeout, unit);
-      if (listener == null) {
-        fail("Timed out waiting for server transport");
-      }
-      return listener;
-    }
-  }
-
-  public static class MockServerTransportListener implements ServerTransportListener {
-    public final ServerTransport transport;
-    public final BlockingQueue<StreamCreation> streams = new LinkedBlockingQueue<>();
-    private final SettableFuture<?> terminated = SettableFuture.create();
-
-    public MockServerTransportListener(ServerTransport transport) {
-      this.transport = transport;
-    }
-
-    @Override
-    public void streamCreated(ServerStream stream, String method, Metadata headers) {
-      ServerStreamListenerBase listener = new ServerStreamListenerBase();
-      streams.add(new StreamCreation(stream, method, headers, listener));
-      stream.setListener(listener);
-    }
-
-    @Override
-    public Attributes transportReady(Attributes attributes) {
-      assertFalse(terminated.isDone());
-      return Attributes.newBuilder()
-          .setAll(attributes)
-          .set(ADDITIONAL_TRANSPORT_ATTR_KEY, "additional attribute value")
-          .build();
-    }
-
-    @Override
-    public void transportTerminated() {
-      assertTrue(terminated.set(null));
-    }
-
-    public boolean waitForTermination(long timeout, TimeUnit unit) throws InterruptedException {
-      return waitForFuture(terminated, timeout, unit);
-    }
-
-    public boolean isTerminated() {
-      return terminated.isDone();
-    }
-
-    public StreamCreation takeStreamOrFail(long timeout, TimeUnit unit)
-        throws InterruptedException {
-      StreamCreation stream = streams.poll(timeout, unit);
-      if (stream == null) {
-        fail("Timed out waiting for server stream");
-      }
-      return stream;
-    }
-  }
-
-  public static class ServerStreamListenerBase implements ServerStreamListener {
-    public final BlockingQueue<InputStream> messageQueue = new LinkedBlockingQueue<>();
-    // Would have used Void instead of Object, but null elements are not allowed
-    private final BlockingQueue<Object> readyQueue = new LinkedBlockingQueue<>();
-    private final CountDownLatch halfClosedLatch = new CountDownLatch(1);
-    private final SettableFuture<Status> status = SettableFuture.create();
-
-    private boolean awaitOnReady(int timeout, TimeUnit unit) throws Exception {
-      return readyQueue.poll(timeout, unit) != null;
-    }
-
-    private boolean awaitOnReadyAndDrain(int timeout, TimeUnit unit) throws Exception {
-      if (!awaitOnReady(timeout, unit)) {
-        return false;
-      }
-      // Throw the rest away
-      readyQueue.drainTo(Lists.newArrayList());
-      return true;
-    }
-
-    private boolean awaitHalfClosed(int timeout, TimeUnit unit) throws Exception {
-      return halfClosedLatch.await(timeout, unit);
-    }
-
-    @Override
-    public void messagesAvailable(MessageProducer producer) {
-      if (status.isDone()) {
-        fail("messagesAvailable invoked after closed");
-      }
-      InputStream message;
-      while ((message = producer.next()) != null) {
-        messageQueue.add(message);
-      }
-    }
-
-    @Override
-    public void onReady() {
-      if (status.isDone()) {
-        fail("onReady invoked after closed");
-      }
-      readyQueue.add(new Object());
-    }
-
-    @Override
-    public void halfClosed() {
-      if (status.isDone()) {
-        fail("halfClosed invoked after closed");
-      }
-      halfClosedLatch.countDown();
-    }
-
-    @Override
-    public void closed(Status status) {
-      if (this.status.isDone()) {
-        fail("closed invoked more than once");
-      }
-      this.status.set(status);
-    }
-  }
-
-  public static class ClientStreamListenerBase implements ClientStreamListener {
-    public final BlockingQueue<InputStream> messageQueue = new LinkedBlockingQueue<>();
-    // Would have used Void instead of Object, but null elements are not allowed
-    private final BlockingQueue<Object> readyQueue = new LinkedBlockingQueue<>();
-    private final SettableFuture<Metadata> headers = SettableFuture.create();
-    private final SettableFuture<Metadata> trailers = SettableFuture.create();
-    private final SettableFuture<Status> status = SettableFuture.create();
-
-    private boolean awaitOnReady(int timeout, TimeUnit unit) throws Exception {
-      return readyQueue.poll(timeout, unit) != null;
-    }
-
-    private boolean awaitOnReadyAndDrain(int timeout, TimeUnit unit) throws Exception {
-      if (!awaitOnReady(timeout, unit)) {
-        return false;
-      }
-      // Throw the rest away
-      readyQueue.drainTo(Lists.newArrayList());
-      return true;
-    }
-
-    @Override
-    public void messagesAvailable(MessageProducer producer) {
-      if (status.isDone()) {
-        fail("messagesAvailable invoked after closed");
-      }
-      InputStream message;
-      while ((message = producer.next()) != null) {
-        messageQueue.add(message);
-      }
-    }
-
-    @Override
-    public void onReady() {
-      if (status.isDone()) {
-        fail("onReady invoked after closed");
-      }
-      readyQueue.add(new Object());
-    }
-
-    @Override
-    public void headersRead(Metadata headers) {
-      if (status.isDone()) {
-        fail("headersRead invoked after closed");
-      }
-      this.headers.set(headers);
-    }
-
-    @Override
-    public void closed(Status status, RpcProgress rpcProgress, Metadata trailers) {
-      if (this.status.isDone()) {
-        fail("headersRead invoked after closed");
-      }
-      this.status.set(status);
-      this.trailers.set(trailers);
-    }
-  }
-
-  public static class StreamCreation {
-    public final ServerStream stream;
-    public final String method;
-    public final Metadata headers;
-    public final ServerStreamListenerBase listener;
-
-    public StreamCreation(
-        ServerStream stream, String method, Metadata headers, ServerStreamListenerBase listener) {
-      this.stream = stream;
-      this.method = method;
-      this.headers = headers;
-      this.listener = listener;
-    }
-  }
-
   private static class StringMarshaller implements MethodDescriptor.Marshaller<String> {
     public static final StringMarshaller INSTANCE = new StringMarshaller();
 
diff --git a/core/src/testFixtures/java/io/grpc/internal/ClientStreamListenerBase.java b/core/src/testFixtures/java/io/grpc/internal/ClientStreamListenerBase.java
new file mode 100644
index 00000000000..97186400cb2
--- /dev/null
+++ b/core/src/testFixtures/java/io/grpc/internal/ClientStreamListenerBase.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static org.junit.Assert.fail;
+
+import com.google.common.collect.Lists;
+import com.google.common.util.concurrent.SettableFuture;
+import io.grpc.Metadata;
+import io.grpc.Status;
+import java.io.InputStream;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.TimeUnit;
+
+public class ClientStreamListenerBase implements ClientStreamListener {
+  public final BlockingQueue<InputStream> messageQueue = new LinkedBlockingQueue<>();
+  // Would have used Void instead of Object, but null elements are not allowed
+  private final BlockingQueue<Object> readyQueue = new LinkedBlockingQueue<>();
+  private final SettableFuture<Metadata> headers = SettableFuture.create();
+  private final SettableFuture<Metadata> trailers = SettableFuture.create();
+  private final SettableFuture<Status> status = SettableFuture.create();
+
+  /**
+   * Returns the stream's status or throws {@link java.util.concurrent.TimeoutException} if it isn't
+   * closed before the timeout.
+   */
+  public Status awaitClose(int timeout, TimeUnit unit) throws Exception {
+    return status.get(timeout, unit);
+  }
+
+  /**
+   * Returns response headers from the server or throws {@link
+   * java.util.concurrent.TimeoutException} if they aren't delivered before the timeout.
+   *
+   * <p>Callers must not modify the returned object.
+   */
+  public Metadata awaitHeaders(int timeout, TimeUnit unit) throws Exception {
+    return headers.get(timeout, unit);
+  }
+
+  /**
+   * Returns response trailers from the server or throws {@link
+   * java.util.concurrent.TimeoutException} if they aren't delivered before the timeout.
+   *
+   * <p>Callers must not modify the returned object.
+   */
+  public Metadata awaitTrailers(int timeout, TimeUnit unit) throws Exception {
+    return trailers.get(timeout, unit);
+  }
+
+  public boolean awaitOnReady(int timeout, TimeUnit unit) throws Exception {
+    return readyQueue.poll(timeout, unit) != null;
+  }
+
+  public boolean awaitOnReadyAndDrain(int timeout, TimeUnit unit) throws Exception {
+    if (!awaitOnReady(timeout, unit)) {
+      return false;
+    }
+    // Throw the rest away
+    readyQueue.drainTo(Lists.newArrayList());
+    return true;
+  }
+
+  @Override
+  public void messagesAvailable(MessageProducer producer) {
+    if (status.isDone()) {
+      fail("messagesAvailable invoked after closed");
+    }
+    InputStream message;
+    while ((message = producer.next()) != null) {
+      messageQueue.add(message);
+    }
+  }
+
+  @Override
+  public void onReady() {
+    if (status.isDone()) {
+      fail("onReady invoked after closed");
+    }
+    readyQueue.add(new Object());
+  }
+
+  @Override
+  public void headersRead(Metadata headers) {
+    if (status.isDone()) {
+      fail("headersRead invoked after closed");
+    }
+    this.headers.set(headers);
+  }
+
+  @Override
+  public void closed(Status status, RpcProgress rpcProgress, Metadata trailers) {
+    if (this.status.isDone()) {
+      fail("headersRead invoked after closed");
+    }
+    this.status.set(status);
+    this.trailers.set(trailers);
+  }
+
+  /** Returns true iff response headers have been received from the server. */
+  public boolean hasHeaders() {
+    return headers.isDone();
+  }
+}
diff --git a/core/src/testFixtures/java/io/grpc/internal/MockServerListener.java b/core/src/testFixtures/java/io/grpc/internal/MockServerListener.java
new file mode 100644
index 00000000000..0c33b98cf1c
--- /dev/null
+++ b/core/src/testFixtures/java/io/grpc/internal/MockServerListener.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.common.util.concurrent.SettableFuture;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * A {@link ServerListener} that helps you write blocking unit tests.
+ *
+ * <p>TODO: Rename, since this is not actually a mock:
+ * https://testing.googleblog.com/2013/07/testing-on-toilet-know-your-test-doubles.html
+ */
+public class MockServerListener implements ServerListener {
+  private final BlockingQueue<MockServerTransportListener> listeners = new LinkedBlockingQueue<>();
+  private final SettableFuture<?> shutdown = SettableFuture.create();
+  private final ServerTransportListenerFactory serverTransportListenerFactory;
+
+  /**
+   * Lets you customize the {@link MockServerTransportListener} installed on newly created
+   * {@link ServerTransport}s.
+   */
+  public interface ServerTransportListenerFactory {
+    MockServerTransportListener create(ServerTransport transport);
+  }
+
+  public MockServerListener(ServerTransportListenerFactory serverTransportListenerFactory) {
+    this.serverTransportListenerFactory = serverTransportListenerFactory;
+  }
+
+  public MockServerListener() {
+    this(MockServerTransportListener::new);
+  }
+
+  @Override
+  public ServerTransportListener transportCreated(ServerTransport transport) {
+    MockServerTransportListener listener = serverTransportListenerFactory.create(transport);
+    listeners.add(listener);
+    return listener;
+  }
+
+  @Override
+  public void serverShutdown() {
+    assertTrue(shutdown.set(null));
+  }
+
+  public boolean waitForShutdown(long timeout, TimeUnit unit) throws InterruptedException {
+    return AbstractTransportTest.waitForFuture(shutdown, timeout, unit);
+  }
+
+  public MockServerTransportListener takeListenerOrFail(long timeout, TimeUnit unit)
+      throws InterruptedException {
+    MockServerTransportListener listener = listeners.poll(timeout, unit);
+    if (listener == null) {
+      fail("Timed out waiting for server transport");
+    }
+    return listener;
+  }
+}
diff --git a/core/src/testFixtures/java/io/grpc/internal/MockServerTransportListener.java b/core/src/testFixtures/java/io/grpc/internal/MockServerTransportListener.java
new file mode 100644
index 00000000000..e6c4e2f578e
--- /dev/null
+++ b/core/src/testFixtures/java/io/grpc/internal/MockServerTransportListener.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.common.util.concurrent.SettableFuture;
+import io.grpc.Attributes;
+import io.grpc.Metadata;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * A {@link ServerTransportListener} that helps you write blocking unit tests.
+ *
+ * <p>TODO: Rename, since this is not actually a mock:
+ * https://testing.googleblog.com/2013/07/testing-on-toilet-know-your-test-doubles.html
+ */
+public class MockServerTransportListener implements ServerTransportListener {
+  public final ServerTransport transport;
+  private final BlockingQueue<StreamCreation> streams = new LinkedBlockingQueue<>();
+  private final SettableFuture<?> terminated = SettableFuture.create();
+
+  public MockServerTransportListener(ServerTransport transport) {
+    this.transport = transport;
+  }
+
+  @Override
+  public void streamCreated(ServerStream stream, String method, Metadata headers) {
+    ServerStreamListenerBase listener = new ServerStreamListenerBase();
+    streams.add(new StreamCreation(stream, method, headers, listener));
+    stream.setListener(listener);
+  }
+
+  @Override
+  public Attributes transportReady(Attributes attributes) {
+    assertFalse(terminated.isDone());
+    return attributes;
+  }
+
+  @Override
+  public void transportTerminated() {
+    assertTrue(terminated.set(null));
+  }
+
+  public boolean waitForTermination(long timeout, TimeUnit unit) throws InterruptedException {
+    return AbstractTransportTest.waitForFuture(terminated, timeout, unit);
+  }
+
+  public boolean isTerminated() {
+    return terminated.isDone();
+  }
+
+  public StreamCreation takeStreamOrFail(long timeout, TimeUnit unit) throws InterruptedException {
+    StreamCreation stream = streams.poll(timeout, unit);
+    if (stream == null) {
+      fail("Timed out waiting for server stream");
+    }
+    return stream;
+  }
+
+  public static class StreamCreation {
+    public final ServerStream stream;
+    public final String method;
+    public final Metadata headers;
+    public final ServerStreamListenerBase listener;
+
+    public StreamCreation(
+        ServerStream stream, String method, Metadata headers, ServerStreamListenerBase listener) {
+      this.stream = stream;
+      this.method = method;
+      this.headers = headers;
+      this.listener = listener;
+    }
+  }
+}
diff --git a/core/src/testFixtures/java/io/grpc/internal/ServerStreamListenerBase.java b/core/src/testFixtures/java/io/grpc/internal/ServerStreamListenerBase.java
new file mode 100644
index 00000000000..b4ded80e5b2
--- /dev/null
+++ b/core/src/testFixtures/java/io/grpc/internal/ServerStreamListenerBase.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static org.junit.Assert.fail;
+
+import com.google.common.collect.Lists;
+import com.google.common.util.concurrent.SettableFuture;
+import io.grpc.Status;
+import java.io.InputStream;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * A {@link ServerStreamListener} that helps you write blocking unit tests.
+ */
+public class ServerStreamListenerBase implements ServerStreamListener {
+  public final BlockingQueue<InputStream> messageQueue = new LinkedBlockingQueue<>();
+  // Would have used Void instead of Object, but null elements are not allowed
+  private final BlockingQueue<Object> readyQueue = new LinkedBlockingQueue<>();
+  private final CountDownLatch halfClosedLatch = new CountDownLatch(1);
+  private final SettableFuture<Status> status = SettableFuture.create();
+
+  public boolean awaitOnReady(int timeout, TimeUnit unit) throws Exception {
+    return readyQueue.poll(timeout, unit) != null;
+  }
+
+  public boolean awaitOnReadyAndDrain(int timeout, TimeUnit unit) throws Exception {
+    if (!awaitOnReady(timeout, unit)) {
+      return false;
+    }
+    // Throw the rest away
+    readyQueue.drainTo(Lists.newArrayList());
+    return true;
+  }
+
+  public boolean awaitHalfClosed(int timeout, TimeUnit unit) throws Exception {
+    return halfClosedLatch.await(timeout, unit);
+  }
+
+  public Status awaitClose(int timeout, TimeUnit unit) throws Exception {
+    return status.get(timeout, unit);
+  }
+
+  @Override
+  public void messagesAvailable(MessageProducer producer) {
+    if (status.isDone()) {
+      fail("messagesAvailable invoked after closed");
+    }
+    InputStream message;
+    while ((message = producer.next()) != null) {
+      messageQueue.add(message);
+    }
+  }
+
+  @Override
+  public void onReady() {
+    if (status.isDone()) {
+      fail("onReady invoked after closed");
+    }
+    readyQueue.add(new Object());
+  }
+
+  @Override
+  public void halfClosed() {
+    if (status.isDone()) {
+      fail("halfClosed invoked after closed");
+    }
+    halfClosedLatch.countDown();
+  }
+
+  @Override
+  public void closed(Status status) {
+    if (this.status.isDone()) {
+      fail("closed invoked more than once");
+    }
+    this.status.set(status);
+  }
+}
diff --git a/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java b/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
index 3ed8dd24ca9..d2220e05114 100644
--- a/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
+++ b/inprocess/src/test/java/io/grpc/inprocess/InProcessTransportTest.java
@@ -36,10 +36,14 @@
 import io.grpc.StatusRuntimeException;
 import io.grpc.internal.AbstractTransportTest;
 import io.grpc.internal.ClientStream;
+import io.grpc.internal.ClientStreamListenerBase;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.ManagedClientTransport;
+import io.grpc.internal.MockServerTransportListener;
+import io.grpc.internal.MockServerTransportListener.StreamCreation;
 import io.grpc.internal.ServerStream;
+import io.grpc.internal.ServerStreamListenerBase;
 import io.grpc.internal.testing.TestStreamTracer;
 import io.grpc.stub.ClientCalls;
 import io.grpc.testing.GrpcCleanupRule;

From 4cd78810865fa8703b8a69753cf8d85291e34c6b Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 29 May 2025 13:12:48 -0700
Subject: [PATCH 280/591] xds: Fix XdsDepManager aggregate cluster child
 ordering and loop detection

The children of aggregate clusters have a priority order, so we can't
ever throw them in an ordinary set for later iteration.

This now detects recusion limits only after subscribing, but that
matches our existing behavior in CdsLoadBalancer2. We don't get much
value detecting the limit before subscribing and doing so makes watcher
types more different.

Loops are still a bit broken as they won't be unwatched when orphaned,
as they will form a reference loop. In CdsLoadBalancer2, duplicate
clusters had duplicate watchers so there was single-ownership and
reference cycles couldn't form. Fixing that is a bigger change.

Intermediate aggregate clusters are now included in XdsConfig, just for
simplicity. It doesn't hurt anything whether they are present or
missing. but it required updates to some tests.
---
 xds/src/main/java/io/grpc/xds/XdsConfig.java  |  13 +-
 .../io/grpc/xds/XdsDependencyManager.java     | 230 +++++++-----------
 .../io/grpc/xds/XdsDependencyManagerTest.java |  39 ++-
 3 files changed, 130 insertions(+), 152 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsConfig.java b/xds/src/main/java/io/grpc/xds/XdsConfig.java
index ec8f3dc076d..1f464aa1321 100644
--- a/xds/src/main/java/io/grpc/xds/XdsConfig.java
+++ b/xds/src/main/java/io/grpc/xds/XdsConfig.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import io.grpc.StatusOr;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
@@ -26,9 +27,9 @@
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import java.io.Closeable;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-import java.util.Set;
 
 /**
  * Represents the xDS configuration tree for a specified Listener.
@@ -191,10 +192,14 @@ public String toString() {
 
     // The list of leaf clusters for an aggregate cluster.
     static final class AggregateConfig implements ClusterChild {
-      private final Set<String> leafNames;
+      private final List<String> leafNames;
 
-      public AggregateConfig(Set<String> leafNames) {
-        this.leafNames = checkNotNull(leafNames, "leafNames");
+      public AggregateConfig(List<String> leafNames) {
+        this.leafNames = ImmutableList.copyOf(checkNotNull(leafNames, "leafNames"));
+      }
+
+      public List<String> getLeafNames() {
+        return leafNames;
       }
 
       @Override
diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index d786e525c0c..7bbd0064ed4 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -22,6 +22,7 @@
 import static io.grpc.xds.client.XdsLogger.XdsLogLevel.DEBUG;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Sets;
 import io.grpc.InternalLogId;
 import io.grpc.NameResolver;
@@ -42,12 +43,12 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.ScheduledExecutorService;
-import java.util.stream.Collectors;
 import javax.annotation.Nullable;
 
 /**
@@ -101,7 +102,7 @@ public Closeable subscribeToCluster(String clusterName) {
         subscription.closed = true;
         return; // shutdown() called
       }
-      addClusterWatcher(clusterName, subscription, 1);
+      addClusterWatcher(clusterName, subscription);
     });
 
     return subscription;
@@ -164,7 +165,7 @@ private static void throwIfParentContextsNotEmpty(XdsWatcherBase<?> watcher) {
       CdsWatcher cdsWatcher = (CdsWatcher) watcher;
       if (!cdsWatcher.parentContexts.isEmpty()) {
         String msg = String.format("CdsWatcher %s has parent contexts %s",
-            cdsWatcher.resourceName(), cdsWatcher.parentContexts.keySet());
+            cdsWatcher.resourceName(), cdsWatcher.parentContexts);
         throw new IllegalStateException(msg);
       }
     } else if (watcher instanceof EdsWatcher) {
@@ -309,24 +310,14 @@ StatusOr<XdsConfig> buildUpdate() {
     }
     builder.setVirtualHost(activeVirtualHost);
 
-    Map<String, XdsWatcherBase<XdsEndpointResource.EdsUpdate>> edsWatchers =
-        getWatchers(ENDPOINT_RESOURCE);
-    Map<String, XdsWatcherBase<XdsClusterResource.CdsUpdate>> cdsWatchers =
-        getWatchers(CLUSTER_RESOURCE);
-
-    // Only care about aggregates from LDS/RDS or subscriptions and the leaf clusters
-    List<String> topLevelClusters =
-        cdsWatchers.values().stream()
-            .filter(XdsDependencyManager::isTopLevelCluster)
-            .map(XdsWatcherBase<?>::resourceName)
-            .distinct()
-            .collect(Collectors.toList());
-
-    // Flatten multi-level aggregates into lists of leaf clusters
-    Set<String> leafNames =
-        addTopLevelClustersToBuilder(builder, edsWatchers, cdsWatchers, topLevelClusters);
-
-    addLeavesToBuilder(builder, edsWatchers, leafNames);
+    Map<String, StatusOr<XdsConfig.XdsClusterConfig>> clusters = new HashMap<>();
+    LinkedHashSet<String> ancestors = new LinkedHashSet<>();
+    for (String cluster : getWatchers(CLUSTER_RESOURCE).keySet()) {
+      addConfigForCluster(clusters, cluster, ancestors);
+    }
+    for (Map.Entry<String, StatusOr<XdsConfig.XdsClusterConfig>> me : clusters.entrySet()) {
+      builder.addCluster(me.getKey(), me.getValue());
+    }
 
     return StatusOr.fromValue(builder.build());
   }
@@ -344,111 +335,81 @@ private <T extends ResourceUpdate> Map<String, XdsWatcherBase<T>> getWatchers(
     return tTypeWatchers.watchers;
   }
 
-  private void addLeavesToBuilder(
-      XdsConfig.XdsConfigBuilder builder,
-      Map<String, XdsWatcherBase<XdsEndpointResource.EdsUpdate>> edsWatchers,
-      Set<String> leafNames) {
-    for (String clusterName : leafNames) {
-      CdsWatcher cdsWatcher = getCluster(clusterName);
-      StatusOr<XdsClusterResource.CdsUpdate> cdsUpdateOr = cdsWatcher.getData();
+  private void addConfigForCluster(
+      Map<String, StatusOr<XdsConfig.XdsClusterConfig>> clusters,
+      String clusterName,
+      @SuppressWarnings("NonApiType") // Need order-preserving set for errors
+      LinkedHashSet<String> ancestors) {
+    if (clusters.containsKey(clusterName)) {
+      return;
+    }
+    if (ancestors.contains(clusterName)) {
+      clusters.put(clusterName, StatusOr.fromStatus(
+          Status.INTERNAL.withDescription(
+              "Aggregate cluster cycle detected: " + ancestors)));
+      return;
+    }
+    if (ancestors.size() > MAX_CLUSTER_RECURSION_DEPTH) {
+      clusters.put(clusterName, StatusOr.fromStatus(
+          Status.INTERNAL.withDescription("Recursion limit reached: " + ancestors)));
+      return;
+    }
 
-      if (!cdsUpdateOr.hasValue()) {
-        builder.addCluster(clusterName, StatusOr.fromStatus(cdsUpdateOr.getStatus()));
-        continue;
-      }
+    CdsWatcher cdsWatcher = (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(clusterName);
+    StatusOr<XdsClusterResource.CdsUpdate> cdsWatcherDataOr = cdsWatcher.getData();
+    if (!cdsWatcherDataOr.hasValue()) {
+      clusters.put(clusterName, StatusOr.fromStatus(cdsWatcherDataOr.getStatus()));
+      return;
+    }
 
-      XdsClusterResource.CdsUpdate cdsUpdate = cdsUpdateOr.getValue();
-      if (cdsUpdate.clusterType() == ClusterType.EDS) {
+    XdsClusterResource.CdsUpdate cdsUpdate = cdsWatcherDataOr.getValue();
+    XdsConfig.XdsClusterConfig.ClusterChild child;
+    switch (cdsUpdate.clusterType()) {
+      case AGGREGATE:
+        // Re-inserting a present element into a LinkedHashSet does not reorder the entries, so it
+        // preserves the priority across all aggregate clusters
+        LinkedHashSet<String> leafNames = new LinkedHashSet<String>();
+        ancestors.add(clusterName);
+        for (String childCluster : cdsUpdate.prioritizedClusterNames()) {
+          addConfigForCluster(clusters, childCluster, ancestors);
+          StatusOr<XdsConfig.XdsClusterConfig> config = clusters.get(childCluster);
+          if (!config.hasValue()) {
+            clusters.put(clusterName, StatusOr.fromStatus(Status.INTERNAL.withDescription(
+                "Unable to get leaves for " + clusterName + ": "
+                + config.getStatus().getDescription())));
+            return;
+          }
+          XdsConfig.XdsClusterConfig.ClusterChild children = config.getValue().getChildren();
+          if (children instanceof AggregateConfig) {
+            leafNames.addAll(((AggregateConfig) children).getLeafNames());
+          } else {
+            leafNames.add(childCluster);
+          }
+        }
+        ancestors.remove(clusterName);
+
+        child = new AggregateConfig(ImmutableList.copyOf(leafNames));
+        break;
+      case EDS:
         XdsWatcherBase<XdsEndpointResource.EdsUpdate> edsWatcher =
-            edsWatchers.get(cdsWatcher.getEdsServiceName());
-        EndpointConfig child;
+            getWatchers(ENDPOINT_RESOURCE).get(cdsWatcher.getEdsServiceName());
         if (edsWatcher != null) {
           child = new EndpointConfig(edsWatcher.getData());
         } else {
           child = new EndpointConfig(StatusOr.fromStatus(Status.INTERNAL.withDescription(
               "EDS resource not found for cluster " + clusterName)));
         }
-        builder.addCluster(clusterName, StatusOr.fromValue(
-            new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
-      } else if (cdsUpdate.clusterType() == ClusterType.LOGICAL_DNS) {
-        builder.addCluster(clusterName, StatusOr.fromStatus(
+        break;
+      case LOGICAL_DNS:
+        // TODO get the resolved endpoint configuration
+        child = new EndpointConfig(StatusOr.fromStatus(
             Status.INTERNAL.withDescription("Logical DNS in dependency manager unsupported")));
-      }
-    }
-  }
-
-  // Adds the top-level clusters to the builder and returns the leaf cluster names
-  private Set<String> addTopLevelClustersToBuilder(
-      XdsConfig.XdsConfigBuilder builder,
-      Map<String, XdsWatcherBase<XdsEndpointResource.EdsUpdate>> edsWatchers,
-      Map<String, XdsWatcherBase<XdsClusterResource.CdsUpdate>> cdsWatchers,
-      List<String> topLevelClusters) {
-
-    Set<String> leafClusterNames = new HashSet<>();
-    for (String clusterName : topLevelClusters) {
-      CdsWatcher cdsWatcher = (CdsWatcher) cdsWatchers.get(clusterName);
-      StatusOr<XdsClusterResource.CdsUpdate> cdsWatcherDataOr = cdsWatcher.getData();
-      if (!cdsWatcher.hasDataValue()) {
-        builder.addCluster(clusterName, StatusOr.fromStatus(cdsWatcherDataOr.getStatus()));
-        continue;
-      }
-
-      XdsClusterResource.CdsUpdate cdsUpdate = cdsWatcherDataOr.getValue();
-      XdsConfig.XdsClusterConfig.ClusterChild child;
-      switch (cdsUpdate.clusterType()) {
-        case AGGREGATE:
-          Set<String> leafNames = new HashSet<>();
-          addLeafNames(leafNames, cdsUpdate);
-          child = new AggregateConfig(leafNames);
-          leafClusterNames.addAll(leafNames);
-          break;
-        case EDS:
-          XdsWatcherBase<XdsEndpointResource.EdsUpdate> edsWatcher =
-              edsWatchers.get(cdsWatcher.getEdsServiceName());
-          if (edsWatcher != null) {
-            child = new EndpointConfig(edsWatcher.getData());
-          } else {
-            child = new EndpointConfig(StatusOr.fromStatus(Status.INTERNAL.withDescription(
-                "EDS resource not found for cluster " + clusterName)));
-          }
-          break;
-        case LOGICAL_DNS:
-          // TODO get the resolved endpoint configuration
-          child = new EndpointConfig(StatusOr.fromStatus(
-              Status.INTERNAL.withDescription("Logical DNS in dependency manager unsupported")));
-          break;
-        default:
-          throw new IllegalStateException("Unexpected value: " + cdsUpdate.clusterType());
-      }
-      builder.addCluster(clusterName, StatusOr.fromValue(
-          new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
-    }
-
-    return leafClusterNames;
-  }
-
-  private void addLeafNames(Set<String> leafNames, XdsClusterResource.CdsUpdate cdsUpdate) {
-    for (String cluster : cdsUpdate.prioritizedClusterNames()) {
-      if (leafNames.contains(cluster)) {
-        continue;
-      }
-      StatusOr<XdsClusterResource.CdsUpdate> data = getCluster(cluster).getData();
-      if (data == null || !data.hasValue() || data.getValue() == null) {
-        leafNames.add(cluster);
-        continue;
-      }
-      if (data.getValue().clusterType() == ClusterType.AGGREGATE) {
-        addLeafNames(leafNames, data.getValue());
-      } else {
-        leafNames.add(cluster);
-      }
+        break;
+      default:
+        throw new IllegalStateException("Unexpected value: " + cdsUpdate.clusterType());
     }
-  }
-
-  private static boolean isTopLevelCluster(
-      XdsWatcherBase<XdsClusterResource.CdsUpdate> cdsWatcher) {
-    return ((CdsWatcher)cdsWatcher).parentContexts.values().stream()
-        .anyMatch(depth -> depth == 1);
+    clusters.put(clusterName, StatusOr.fromValue(
+        new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
   }
 
   @Override
@@ -467,14 +428,14 @@ private void addEdsWatcher(String edsServiceName, CdsWatcher parentContext) {
     addWatcher(new EdsWatcher(edsServiceName, parentContext));
   }
 
-  private void addClusterWatcher(String clusterName, Object parentContext, int depth) {
+  private void addClusterWatcher(String clusterName, Object parentContext) {
     CdsWatcher watcher = (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(clusterName);
     if (watcher != null) {
-      watcher.parentContexts.put(parentContext, depth);
+      watcher.parentContexts.add(parentContext);
       return;
     }
 
-    addWatcher(new CdsWatcher(clusterName, parentContext, depth));
+    addWatcher(new CdsWatcher(clusterName, parentContext));
   }
 
   private void updateRoutes(List<VirtualHost> virtualHosts, Object newParentContext,
@@ -494,9 +455,9 @@ private void updateRoutes(List<VirtualHost> virtualHosts, Object newParentContex
 
       deletedClusters.forEach(watcher ->
           cancelClusterWatcherTree(getCluster(watcher), newParentContext));
-      addedClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext, 1));
+      addedClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext));
     } else {
-      newClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext, 1));
+      newClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext));
     }
   }
 
@@ -805,11 +766,11 @@ public StatusOr<RdsUpdate> getRdsUpdate() {
   }
 
   private class CdsWatcher extends XdsWatcherBase<XdsClusterResource.CdsUpdate> {
-    Map<Object, Integer> parentContexts = new HashMap<>();
+    Set<Object> parentContexts = new HashSet<>();
 
-    CdsWatcher(String resourceName, Object parentContext, int depth) {
+    CdsWatcher(String resourceName, Object parentContext) {
       super(CLUSTER_RESOURCE, checkNotNull(resourceName, "resourceName"));
-      this.parentContexts.put(checkNotNull(parentContext, "parentContext"), depth);
+      this.parentContexts.add(checkNotNull(parentContext, "parentContext"));
     }
 
     @Override
@@ -829,14 +790,6 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
           break;
         case AGGREGATE:
           Object parentContext = this;
-          int depth = parentContexts.values().stream().max(Integer::compare).orElse(0) + 1;
-          if (depth > MAX_CLUSTER_RECURSION_DEPTH) {
-            logger.log(XdsLogger.XdsLogLevel.WARNING,
-                "Cluster recursion depth limit exceeded for cluster {0}", resourceName());
-            Status error = Status.UNAVAILABLE.withDescription(
-                "aggregate cluster graph exceeds max depth at " + resourceName() + nodeInfo());
-            setDataAsStatus(error);
-          }
           if (hasDataValue()) {
             Set<String> oldNames = getData().getValue().clusterType() == ClusterType.AGGREGATE
                 ? new HashSet<>(getData().getValue().prioritizedClusterNames())
@@ -847,21 +800,18 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
             deletedClusters.forEach((cluster)
                 -> cancelClusterWatcherTree(getCluster(cluster), parentContext));
 
-            if (depth <= MAX_CLUSTER_RECURSION_DEPTH) {
-              setData(update);
-              Set<String> addedClusters = Sets.difference(newNames, oldNames);
-              addedClusters.forEach((cluster) -> addClusterWatcher(cluster, parentContext, depth));
-            }
-
-          } else if (depth <= MAX_CLUSTER_RECURSION_DEPTH) {
+            setData(update);
+            Set<String> addedClusters = Sets.difference(newNames, oldNames);
+            addedClusters.forEach((cluster) -> addClusterWatcher(cluster, parentContext));
+          } else {
             setData(update);
             update.prioritizedClusterNames()
-                .forEach(name -> addClusterWatcher(name, parentContext, depth));
+                .forEach(name -> addClusterWatcher(name, parentContext));
           }
           break;
         default:
           Status error = Status.UNAVAILABLE.withDescription(
-              "aggregate cluster graph exceeds max depth at " + resourceName() + nodeInfo());
+              "unknown cluster type in " + resourceName() + " " + update.clusterType());
           setDataAsStatus(error);
       }
       maybePublishConfig();
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index 14f554412a8..da960e1e133 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.StatusMatcher.statusHasCode;
-import static io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType.AGGREGATE;
 import static io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType.EDS;
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_EDS;
@@ -239,9 +238,10 @@ public void verify_simple_aggregate() {
         testWatcher.lastConfig.getClusters();
     assertThat(lastConfigClusters).hasSize(childNames.size() + 1);
     StatusOr<XdsClusterConfig> rootC = lastConfigClusters.get(rootName);
-    CdsUpdate rootUpdate = rootC.getValue().getClusterResource();
-    assertThat(rootUpdate.clusterType()).isEqualTo(AGGREGATE);
-    assertThat(rootUpdate.prioritizedClusterNames()).isEqualTo(childNames);
+    assertThat(rootC.getValue().getChildren()).isInstanceOf(XdsClusterConfig.AggregateConfig.class);
+    XdsClusterConfig.AggregateConfig aggConfig =
+        (XdsClusterConfig.AggregateConfig) rootC.getValue().getChildren();
+    assertThat(aggConfig.getLeafNames()).isEqualTo(childNames);
 
     for (String childName : childNames) {
       assertThat(lastConfigClusters).containsKey(childName);
@@ -552,7 +552,7 @@ public void testMultipleParentsInCdsTree() throws IOException {
     controlPlaneService.setXdsConfig(
         ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, newRouteConfig));
     inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
-    assertThat(xdsUpdateCaptor.getValue().getValue().getClusters().keySet().size()).isEqualTo(4);
+    assertThat(xdsUpdateCaptor.getValue().getValue().getClusters()).hasSize(8);
 
     // Now that it is released, we should only have A11
     rootSub.close();
@@ -561,6 +561,29 @@ public void testMultipleParentsInCdsTree() throws IOException {
         .containsExactly("clusterA11");
   }
 
+  @Test
+  public void testCdsCycle() throws Exception {
+    RouteConfiguration routeConfig =
+        XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "clusterA");
+    Map<String, Message> clusterMap = new HashMap<>();
+    Map<String, Message> edsMap = new HashMap<>();
+    clusterMap.put("clusterA", XdsTestUtils.buildAggCluster("clusterA", Arrays.asList("clusterB")));
+    clusterMap.put("clusterB", XdsTestUtils.buildAggCluster("clusterB", Arrays.asList("clusterA")));
+    XdsTestUtils.addEdsClusters(clusterMap, edsMap, "clusterC");
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
+    XdsConfig config = xdsUpdateCaptor.getValue().getValue();
+    assertThat(config.getClusters().get("clusterA").hasValue()).isFalse();
+    assertThat(config.getClusters().get("clusterA").getStatus().getDescription()).contains("cycle");
+  }
+
   @Test
   public void testMultipleCdsReferToSameEds() {
     // Create the maps and Update the config to have 2 clusters that refer to the same EDS resource
@@ -646,7 +669,7 @@ public void testChangeRdsName_FromLds_complexTree() {
     inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     XdsConfig config = xdsUpdateCaptor.getValue().getValue();
     assertThat(config.getVirtualHost().name()).isEqualTo(newRdsName);
-    assertThat(config.getClusters().size()).isEqualTo(4);
+    assertThat(config.getClusters()).hasSize(8);
   }
 
   @Test
@@ -697,8 +720,8 @@ public void testChangeAggCluster() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
     // Verify that the config is updated as expected
-    ClusterNameMatcher nameMatcher
-        = new ClusterNameMatcher(Arrays.asList("root", "clusterA21", "clusterA22"));
+    ClusterNameMatcher nameMatcher = new ClusterNameMatcher(Arrays.asList(
+        "root", "clusterA", "clusterA2", "clusterA21", "clusterA22"));
     inOrder.verify(xdsConfigWatcher).onUpdate(argThat(nameMatcher));
   }
 

From c20642874957778a9ca622a364f70250e65863f0 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 5 Jun 2025 19:07:59 -0700
Subject: [PATCH 281/591] binder: Rationalize @ThreadSafe-ty of
 BinderTransport. (#12130)

- Use @BinderThread to document restrictions on methods and certain fields.
- Make TransactionHandler non-public since only Android should call it.
- Replace an unnecessary AtomicLong with a plain old long.
---
 .../grpc/binder/internal/BinderTransport.java | 28 ++++++++++---------
 .../binder/internal/LeakSafeOneWayBinder.java |  2 ++
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index f61c455edd5..c8900031432 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -29,6 +29,7 @@
 import android.os.Process;
 import android.os.RemoteException;
 import android.os.TransactionTooLargeException;
+import androidx.annotation.BinderThread;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Ticker;
 import com.google.common.base.Verify;
@@ -105,8 +106,7 @@
  * https://github.com/grpc/proposal/blob/master/L73-java-binderchannel/wireformat.md
  */
 @ThreadSafe
-public abstract class BinderTransport
-    implements LeakSafeOneWayBinder.TransactionHandler, IBinder.DeathRecipient {
+public abstract class BinderTransport implements IBinder.DeathRecipient {
 
   private static final Logger logger = Logger.getLogger(BinderTransport.class.getName());
 
@@ -210,9 +210,11 @@ protected enum TransportState {
   private final FlowController flowController;
 
   /** The number of incoming bytes we've received. */
-  private final AtomicLong numIncomingBytes;
+  // Only read/written on @BinderThread.
+  private long numIncomingBytes;
 
   /** The number of incoming bytes we've told our peer we've received. */
+  // Only read/written on @BinderThread.
   private long acknowledgedIncomingBytes;
 
   private BinderTransport(
@@ -225,10 +227,9 @@ private BinderTransport(
     this.attributes = attributes;
     this.logId = logId;
     scheduledExecutorService = executorServicePool.getObject();
-    incomingBinder = new LeakSafeOneWayBinder(this);
+    incomingBinder = new LeakSafeOneWayBinder(this::handleTransaction);
     ongoingCalls = new ConcurrentHashMap<>();
     flowController = new FlowController(TRANSACTION_BYTES_WINDOW);
-    numIncomingBytes = new AtomicLong();
   }
 
   // Override in child class.
@@ -423,8 +424,9 @@ final void sendOutOfBandClose(int callId, Status status) {
     }
   }
 
-  @Override
-  public final boolean handleTransaction(int code, Parcel parcel) {
+  @BinderThread
+  @VisibleForTesting
+  final boolean handleTransaction(int code, Parcel parcel) {
     try {
       return handleTransactionInternal(code, parcel);
     } catch (RuntimeException e) {
@@ -440,6 +442,7 @@ public final boolean handleTransaction(int code, Parcel parcel) {
     }
   }
 
+  @BinderThread
   private boolean handleTransactionInternal(int code, Parcel parcel) {
     if (code < FIRST_CALL_ID) {
       synchronized (this) {
@@ -483,11 +486,12 @@ private boolean handleTransactionInternal(int code, Parcel parcel) {
       if (inbound != null) {
         inbound.handleTransaction(parcel);
       }
-      long nib = numIncomingBytes.addAndGet(size);
-      if ((nib - acknowledgedIncomingBytes) > TRANSACTION_BYTES_WINDOW_FORCE_ACK) {
+      numIncomingBytes += size;
+      if ((numIncomingBytes - acknowledgedIncomingBytes) > TRANSACTION_BYTES_WINDOW_FORCE_ACK) {
         synchronized (this) {
-          sendAcknowledgeBytes(checkNotNull(outgoingBinder));
+          sendAcknowledgeBytes(checkNotNull(outgoingBinder), numIncomingBytes);
         }
+        acknowledgedIncomingBytes = numIncomingBytes;
       }
       return true;
     }
@@ -519,10 +523,8 @@ private final void handlePing(Parcel requestParcel) {
   protected void handlePingResponse(Parcel parcel) {}
 
   @GuardedBy("this")
-  private void sendAcknowledgeBytes(OneWayBinderProxy iBinder) {
+  private void sendAcknowledgeBytes(OneWayBinderProxy iBinder, long n) {
     // Send a transaction to acknowledge reception of incoming data.
-    long n = numIncomingBytes.get();
-    acknowledgedIncomingBytes = n;
     try (ParcelHolder parcel = ParcelHolder.obtain()) {
       parcel.get().writeLong(n);
       iBinder.transact(ACKNOWLEDGE_BYTES, parcel);
diff --git a/binder/src/main/java/io/grpc/binder/internal/LeakSafeOneWayBinder.java b/binder/src/main/java/io/grpc/binder/internal/LeakSafeOneWayBinder.java
index a12a5cb13cc..e7837b520f8 100644
--- a/binder/src/main/java/io/grpc/binder/internal/LeakSafeOneWayBinder.java
+++ b/binder/src/main/java/io/grpc/binder/internal/LeakSafeOneWayBinder.java
@@ -19,6 +19,7 @@
 import android.os.Binder;
 import android.os.IBinder;
 import android.os.Parcel;
+import androidx.annotation.BinderThread;
 import io.grpc.Internal;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -58,6 +59,7 @@ public interface TransactionHandler {
      * @return the value to return from {@link Binder#onTransact}. NB: "oneway" semantics mean this
      *     result will not delivered to the caller of {@link IBinder#transact}
      */
+    @BinderThread
     boolean handleTransaction(int code, Parcel data);
   }
 

From dc192f5c5e3b087fc78eb17ffdc053e203e5e3e4 Mon Sep 17 00:00:00 2001
From: eshitachandwani <59800922+eshitachandwani@users.noreply.github.com>
Date: Fri, 6 Jun 2025 19:24:27 +0530
Subject: [PATCH 282/591] Create SPIFFE tests config (#12133)

---
 buildscripts/kokoro/psm-spiffe.cfg | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 buildscripts/kokoro/psm-spiffe.cfg

diff --git a/buildscripts/kokoro/psm-spiffe.cfg b/buildscripts/kokoro/psm-spiffe.cfg
new file mode 100644
index 00000000000..b04d715fca1
--- /dev/null
+++ b/buildscripts/kokoro/psm-spiffe.cfg
@@ -0,0 +1,17 @@
+# Config file for internal CI
+
+# Location of the continuous shell script in repository.
+build_file: "grpc-java/buildscripts/kokoro/psm-interop-test-java.sh"
+timeout_mins: 240
+
+action {
+  define_artifacts {
+    regex: "artifacts/**/*sponge_log.xml"
+    regex: "artifacts/**/*.log"
+    strip_prefix: "artifacts"
+  }
+}
+env_vars {
+  key: "PSM_TEST_SUITE"
+  value: "spiffe"
+}

From 1fd29bc804d0820a8f72c061bd671811adf85546 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 29 May 2025 17:08:33 -0700
Subject: [PATCH 283/591] xds: Use tracing GC in XdsDepManager

Reference counting doesn't release cycles, so swap to a tracing garbage
collector. This greatly simplifies the code as well, as diffing is no
longer necessary. (If vanilla reference counting was used, diffing
wouldn't have been necessary either as you just increment all the new
objects and decrement the old ones. But that doesn't work when use a set
instead of an integer.)
---
 .../io/grpc/xds/XdsDependencyManager.java     | 364 +++++++-----------
 .../io/grpc/xds/XdsDependencyManagerTest.java |  47 ++-
 .../java/io/grpc/xds/XdsNameResolverTest.java |  65 ++--
 3 files changed, 210 insertions(+), 266 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 7bbd0064ed4..78d4dbb198a 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -19,12 +19,9 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.xds.client.XdsClient.ResourceUpdate;
-import static io.grpc.xds.client.XdsLogger.XdsLogLevel.DEBUG;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Sets;
-import io.grpc.InternalLogId;
 import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.StatusOr;
@@ -36,7 +33,6 @@
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
-import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsResourceType;
 import java.io.Closeable;
 import java.io.IOException;
@@ -61,22 +57,21 @@ final class XdsDependencyManager implements XdsConfig.XdsClusterSubscriptionRegi
   public static final XdsClusterResource CLUSTER_RESOURCE = XdsClusterResource.getInstance();
   public static final XdsEndpointResource ENDPOINT_RESOURCE = XdsEndpointResource.getInstance();
   private static final int MAX_CLUSTER_RECURSION_DEPTH = 16; // Matches C++
+  private final String listenerName;
   private final XdsClient xdsClient;
   private final XdsConfigWatcher xdsConfigWatcher;
   private final SynchronizationContext syncContext;
   private final String dataPlaneAuthority;
 
-  private final InternalLogId logId;
-  private final XdsLogger logger;
   private StatusOr<XdsConfig> lastUpdate = null;
   private final Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers = new HashMap<>();
+  private final Set<ClusterSubscription> subscriptions = new HashSet<>();
 
   XdsDependencyManager(XdsClient xdsClient, XdsConfigWatcher xdsConfigWatcher,
                        SynchronizationContext syncContext, String dataPlaneAuthority,
                        String listenerName, NameResolver.Args nameResolverArgs,
                        ScheduledExecutorService scheduler) {
-    logId = InternalLogId.allocate("xds-dependency-manager", listenerName);
-    logger = XdsLogger.withLogId(logId);
+    this.listenerName = checkNotNull(listenerName, "listenerName");
     this.xdsClient = checkNotNull(xdsClient, "xdsClient");
     this.xdsConfigWatcher = checkNotNull(xdsConfigWatcher, "xdsConfigWatcher");
     this.syncContext = checkNotNull(syncContext, "syncContext");
@@ -102,7 +97,8 @@ public Closeable subscribeToCluster(String clusterName) {
         subscription.closed = true;
         return; // shutdown() called
       }
-      addClusterWatcher(clusterName, subscription);
+      subscriptions.add(subscription);
+      addClusterWatcher(clusterName);
     });
 
     return subscription;
@@ -117,73 +113,13 @@ private <T extends ResourceUpdate> void addWatcher(XdsWatcherBase<T> watcher) {
     xdsClient.watchXdsResource(type, resourceName, watcher, syncContext);
   }
 
-  private void cancelCdsWatcher(CdsWatcher watcher, Object parentContext) {
-    if (watcher == null) {
-      return;
-    }
-    watcher.parentContexts.remove(parentContext);
-    if (watcher.parentContexts.isEmpty()) {
-      cancelWatcher(watcher);
-    }
-  }
-
-  private void cancelEdsWatcher(EdsWatcher watcher, CdsWatcher parentContext) {
-    if (watcher == null) {
-      return;
-    }
-    watcher.parentContexts.remove(parentContext);
-    if (watcher.parentContexts.isEmpty()) {
-      cancelWatcher(watcher);
-    }
-  }
-
-  private <T extends ResourceUpdate> void cancelWatcher(XdsWatcherBase<T> watcher) {
-    syncContext.throwIfNotInThisSynchronizationContext();
-
-    if (watcher == null) {
-      return;
-    }
-
-    if (watcher instanceof CdsWatcher || watcher instanceof EdsWatcher) {
-      throwIfParentContextsNotEmpty(watcher);
-    }
-
-    watcher.cancelled = true;
-    XdsResourceType<T> type = watcher.type;
-    String resourceName = watcher.resourceName;
-
-    if (getWatchers(type).remove(resourceName) == null) {
-      logger.log(DEBUG, "Trying to cancel watcher {0}, but it isn't watched", watcher);
-      return;
-    }
-
-    xdsClient.cancelXdsResourceWatch(type, resourceName, watcher);
-  }
-
-  private static void throwIfParentContextsNotEmpty(XdsWatcherBase<?> watcher) {
-    if (watcher instanceof CdsWatcher) {
-      CdsWatcher cdsWatcher = (CdsWatcher) watcher;
-      if (!cdsWatcher.parentContexts.isEmpty()) {
-        String msg = String.format("CdsWatcher %s has parent contexts %s",
-            cdsWatcher.resourceName(), cdsWatcher.parentContexts);
-        throw new IllegalStateException(msg);
-      }
-    } else if (watcher instanceof EdsWatcher) {
-      EdsWatcher edsWatcher = (EdsWatcher) watcher;
-      if (!edsWatcher.parentContexts.isEmpty()) {
-        String msg = String.format("CdsWatcher %s has parent contexts %s",
-            edsWatcher.resourceName(), edsWatcher.parentContexts);
-        throw new IllegalStateException(msg);
-      }
-    }
-  }
-
   public void shutdown() {
     syncContext.execute(() -> {
       for (TypeWatchers<?> watchers : resourceWatchers.values()) {
         shutdownWatchersForType(watchers);
       }
       resourceWatchers.clear();
+      subscriptions.clear();
     });
   }
 
@@ -197,54 +133,18 @@ private <T extends ResourceUpdate> void shutdownWatchersForType(TypeWatchers<T>
 
   private void releaseSubscription(ClusterSubscription subscription) {
     checkNotNull(subscription, "subscription");
-    String clusterName = subscription.getClusterName();
     syncContext.execute(() -> {
       if (subscription.closed) {
         return;
       }
       subscription.closed = true;
-      XdsWatcherBase<XdsClusterResource.CdsUpdate> cdsWatcher
-          = getWatchers(CLUSTER_RESOURCE).get(clusterName);
-      if (cdsWatcher == null) {
+      if (!subscriptions.remove(subscription)) {
         return; // shutdown() called
       }
-      cancelClusterWatcherTree((CdsWatcher) cdsWatcher, subscription);
       maybePublishConfig();
     });
   }
 
-  private void cancelClusterWatcherTree(CdsWatcher root, Object parentContext) {
-    checkNotNull(root, "root");
-
-    cancelCdsWatcher(root, parentContext);
-
-    if (!root.hasDataValue() || !root.parentContexts.isEmpty()) {
-      return;
-    }
-
-    XdsClusterResource.CdsUpdate cdsUpdate = root.getData().getValue();
-    switch (cdsUpdate.clusterType()) {
-      case EDS:
-        String edsServiceName = root.getEdsServiceName();
-        EdsWatcher edsWatcher = (EdsWatcher) getWatchers(ENDPOINT_RESOURCE).get(edsServiceName);
-        cancelEdsWatcher(edsWatcher, root);
-        break;
-      case AGGREGATE:
-        for (String cluster : cdsUpdate.prioritizedClusterNames()) {
-          CdsWatcher clusterWatcher = (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(cluster);
-          if (clusterWatcher != null) {
-            cancelClusterWatcherTree(clusterWatcher, root);
-          }
-        }
-        break;
-      case LOGICAL_DNS:
-        // no eds needed, so everything happens in cancelCdsWatcher()
-        break;
-      default:
-        throw new AssertionError("Unknown cluster type: " + cdsUpdate.clusterType());
-    }
-  }
-
   /**
    * Check if all resources have results, and if so, generate a new XdsConfig and send it to all
    * the watchers.
@@ -274,27 +174,40 @@ private void maybePublishConfig() {
 
   @VisibleForTesting
   StatusOr<XdsConfig> buildUpdate() {
+    // Create a config and discard any watchers not accessed
+    WatcherTracer tracer = new WatcherTracer(resourceWatchers);
+    StatusOr<XdsConfig> config = buildUpdate(
+        tracer, listenerName, dataPlaneAuthority, subscriptions);
+    tracer.closeUnusedWatchers();
+    return config;
+  }
+
+  private static StatusOr<XdsConfig> buildUpdate(
+      WatcherTracer tracer,
+      String listenerName,
+      String dataPlaneAuthority,
+      Set<ClusterSubscription> subscriptions) {
     XdsConfig.XdsConfigBuilder builder = new XdsConfig.XdsConfigBuilder();
 
     // Iterate watchers and build the XdsConfig
 
-    // Will only be 1 listener and 1 route resource
-    RdsUpdateSupplier routeSource = null;
-    for (XdsWatcherBase<XdsListenerResource.LdsUpdate> ldsWatcher :
-        getWatchers(XdsListenerResource.getInstance()).values()) {
-      if (!ldsWatcher.getData().hasValue()) {
-        return StatusOr.fromStatus(ldsWatcher.getData().getStatus());
-      }
-      XdsListenerResource.LdsUpdate ldsUpdate = ldsWatcher.getData().getValue();
-      builder.setListener(ldsUpdate);
-      routeSource = ((LdsWatcher) ldsWatcher).getRouteSource();
+    XdsWatcherBase<XdsListenerResource.LdsUpdate> ldsWatcher
+        = tracer.getWatcher(XdsListenerResource.getInstance(), listenerName);
+    if (ldsWatcher == null) {
+      return StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
+          "Bug: No listener watcher found for " + listenerName));
     }
+    if (!ldsWatcher.getData().hasValue()) {
+      return StatusOr.fromStatus(ldsWatcher.getData().getStatus());
+    }
+    XdsListenerResource.LdsUpdate ldsUpdate = ldsWatcher.getData().getValue();
+    builder.setListener(ldsUpdate);
 
+    RdsUpdateSupplier routeSource = ((LdsWatcher) ldsWatcher).getRouteSource(tracer);
     if (routeSource == null) {
       return StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
           "Bug: No route source found for listener " + dataPlaneAuthority));
     }
-
     StatusOr<RdsUpdate> statusOrRdsUpdate = routeSource.getRdsUpdate();
     if (!statusOrRdsUpdate.hasValue()) {
       return StatusOr.fromStatus(statusOrRdsUpdate.getStatus());
@@ -312,8 +225,11 @@ StatusOr<XdsConfig> buildUpdate() {
 
     Map<String, StatusOr<XdsConfig.XdsClusterConfig>> clusters = new HashMap<>();
     LinkedHashSet<String> ancestors = new LinkedHashSet<>();
-    for (String cluster : getWatchers(CLUSTER_RESOURCE).keySet()) {
-      addConfigForCluster(clusters, cluster, ancestors);
+    for (String cluster : getClusterNamesFromVirtualHost(activeVirtualHost)) {
+      addConfigForCluster(clusters, cluster, ancestors, tracer);
+    }
+    for (ClusterSubscription subscription : subscriptions) {
+      addConfigForCluster(clusters, subscription.getClusterName(), ancestors, tracer);
     }
     for (Map.Entry<String, StatusOr<XdsConfig.XdsClusterConfig>> me : clusters.entrySet()) {
       builder.addCluster(me.getKey(), me.getValue());
@@ -335,11 +251,12 @@ private <T extends ResourceUpdate> Map<String, XdsWatcherBase<T>> getWatchers(
     return tTypeWatchers.watchers;
   }
 
-  private void addConfigForCluster(
+  private static void addConfigForCluster(
       Map<String, StatusOr<XdsConfig.XdsClusterConfig>> clusters,
       String clusterName,
       @SuppressWarnings("NonApiType") // Need order-preserving set for errors
-      LinkedHashSet<String> ancestors) {
+      LinkedHashSet<String> ancestors,
+      WatcherTracer tracer) {
     if (clusters.containsKey(clusterName)) {
       return;
     }
@@ -355,7 +272,7 @@ private void addConfigForCluster(
       return;
     }
 
-    CdsWatcher cdsWatcher = (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(clusterName);
+    CdsWatcher cdsWatcher = (CdsWatcher) tracer.getWatcher(CLUSTER_RESOURCE, clusterName);
     StatusOr<XdsClusterResource.CdsUpdate> cdsWatcherDataOr = cdsWatcher.getData();
     if (!cdsWatcherDataOr.hasValue()) {
       clusters.put(clusterName, StatusOr.fromStatus(cdsWatcherDataOr.getStatus()));
@@ -371,7 +288,7 @@ private void addConfigForCluster(
         LinkedHashSet<String> leafNames = new LinkedHashSet<String>();
         ancestors.add(clusterName);
         for (String childCluster : cdsUpdate.prioritizedClusterNames()) {
-          addConfigForCluster(clusters, childCluster, ancestors);
+          addConfigForCluster(clusters, childCluster, ancestors, tracer);
           StatusOr<XdsConfig.XdsClusterConfig> config = clusters.get(childCluster);
           if (!config.hasValue()) {
             clusters.put(clusterName, StatusOr.fromStatus(Status.INTERNAL.withDescription(
@@ -392,7 +309,7 @@ private void addConfigForCluster(
         break;
       case EDS:
         XdsWatcherBase<XdsEndpointResource.EdsUpdate> edsWatcher =
-            getWatchers(ENDPOINT_RESOURCE).get(cdsWatcher.getEdsServiceName());
+            tracer.getWatcher(ENDPOINT_RESOURCE, cdsWatcher.getEdsServiceName());
         if (edsWatcher != null) {
           child = new EndpointConfig(edsWatcher.getData());
         } else {
@@ -412,53 +329,35 @@ private void addConfigForCluster(
         new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
   }
 
-  @Override
-  public String toString() {
-    return logId.toString();
+  private void addRdsWatcher(String resourceName) {
+    if (getWatchers(XdsRouteConfigureResource.getInstance()).containsKey(resourceName)) {
+      return;
+    }
+
+    addWatcher(new RdsWatcher(resourceName));
   }
 
-  private void addEdsWatcher(String edsServiceName, CdsWatcher parentContext) {
-    EdsWatcher watcher
-        = (EdsWatcher) getWatchers(XdsEndpointResource.getInstance()).get(edsServiceName);
-    if (watcher != null) {
-      watcher.addParentContext(parentContext); // Is a set, so don't need to check for existence
+  private void addEdsWatcher(String edsServiceName) {
+    if (getWatchers(XdsEndpointResource.getInstance()).containsKey(edsServiceName)) {
       return;
     }
 
-    addWatcher(new EdsWatcher(edsServiceName, parentContext));
+    addWatcher(new EdsWatcher(edsServiceName));
   }
 
-  private void addClusterWatcher(String clusterName, Object parentContext) {
-    CdsWatcher watcher = (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(clusterName);
-    if (watcher != null) {
-      watcher.parentContexts.add(parentContext);
+  private void addClusterWatcher(String clusterName) {
+    if (getWatchers(CLUSTER_RESOURCE).containsKey(clusterName)) {
       return;
     }
 
-    addWatcher(new CdsWatcher(clusterName, parentContext));
+    addWatcher(new CdsWatcher(clusterName));
   }
 
-  private void updateRoutes(List<VirtualHost> virtualHosts, Object newParentContext,
-                            List<VirtualHost> oldVirtualHosts, boolean sameParentContext) {
-    VirtualHost oldVirtualHost =
-        RoutingUtils.findVirtualHostForHostName(oldVirtualHosts, dataPlaneAuthority);
+  private void updateRoutes(List<VirtualHost> virtualHosts) {
     VirtualHost virtualHost =
         RoutingUtils.findVirtualHostForHostName(virtualHosts, dataPlaneAuthority);
-
     Set<String> newClusters = getClusterNamesFromVirtualHost(virtualHost);
-    Set<String> oldClusters = getClusterNamesFromVirtualHost(oldVirtualHost);
-
-    if (sameParentContext) {
-      // Calculate diffs.
-      Set<String> addedClusters = Sets.difference(newClusters, oldClusters);
-      Set<String> deletedClusters = Sets.difference(oldClusters, newClusters);
-
-      deletedClusters.forEach(watcher ->
-          cancelClusterWatcherTree(getCluster(watcher), newParentContext));
-      addedClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext));
-    } else {
-      newClusters.forEach((cluster) -> addClusterWatcher(cluster, newParentContext));
-    }
+    newClusters.forEach((cluster) -> addClusterWatcher(cluster));
   }
 
   private String nodeInfo() {
@@ -489,10 +388,6 @@ private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHos
     return clusters;
   }
 
-  private CdsWatcher getCluster(String clusterName) {
-    return (CdsWatcher) getWatchers(CLUSTER_RESOURCE).get(clusterName);
-  }
-
   private static class TypeWatchers<T extends ResourceUpdate> {
     // Key is resource name
     final Map<String, XdsWatcherBase<T>> watchers = new HashMap<>();
@@ -529,6 +424,64 @@ public void close() throws IOException {
     }
   }
 
+  /** State for tracing garbage collector. */
+  private static final class WatcherTracer {
+    private final Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers;
+    private final Map<XdsResourceType<?>, TypeWatchers<?>> usedWatchers;
+
+    public WatcherTracer(Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers) {
+      this.resourceWatchers = resourceWatchers;
+
+      this.usedWatchers = new HashMap<>();
+      for (XdsResourceType<?> type : resourceWatchers.keySet()) {
+        usedWatchers.put(type, newTypeWatchers(type));
+      }
+    }
+
+    private static <T extends ResourceUpdate> TypeWatchers<T> newTypeWatchers(
+        XdsResourceType<T> type) {
+      return new TypeWatchers<T>(type);
+    }
+
+    public <T extends ResourceUpdate> XdsWatcherBase<T> getWatcher(
+        XdsResourceType<T> resourceType, String name) {
+      TypeWatchers<?> typeWatchers = resourceWatchers.get(resourceType);
+      if (typeWatchers == null) {
+        return null;
+      }
+      assert typeWatchers.resourceType == resourceType;
+      @SuppressWarnings("unchecked")
+      TypeWatchers<T> tTypeWatchers = (TypeWatchers<T>) typeWatchers;
+      XdsWatcherBase<T> watcher = tTypeWatchers.watchers.get(name);
+      if (watcher == null) {
+        return null;
+      }
+      @SuppressWarnings("unchecked")
+      TypeWatchers<T> usedTypeWatchers = (TypeWatchers<T>) usedWatchers.get(resourceType);
+      usedTypeWatchers.watchers.put(name, watcher);
+      return watcher;
+    }
+
+    /** Shut down unused watchers. */
+    public void closeUnusedWatchers() {
+      boolean changed = false; // Help out the GC by preferring old objects
+      for (XdsResourceType<?> type : resourceWatchers.keySet()) {
+        TypeWatchers<?> orig = resourceWatchers.get(type);
+        TypeWatchers<?> used = usedWatchers.get(type);
+        for (String name : orig.watchers.keySet()) {
+          if (used.watchers.containsKey(name)) {
+            continue;
+          }
+          orig.watchers.get(name).close();
+          changed = true;
+        }
+      }
+      if (changed) {
+        resourceWatchers.putAll(usedWatchers);
+      }
+    }
+  }
+
   private abstract class XdsWatcherBase<T extends ResourceUpdate>
       implements ResourceWatcher<T> {
     private final XdsResourceType<T> type;
@@ -571,6 +524,10 @@ public void onResourceDoesNotExist(String resourceName) {
       maybePublishConfig();
     }
 
+    public void close() {
+      xdsClient.cancelXdsResourceWatch(type, resourceName, this);
+    }
+
     boolean missingResult() {
       return data == null;
     }
@@ -633,24 +590,14 @@ public void onChanged(XdsListenerResource.LdsUpdate update) {
         virtualHosts = httpConnectionManager.virtualHosts();
         rdsName = httpConnectionManager.rdsName();
       }
-      StatusOr<RdsUpdate> activeRdsUpdate = getRouteSource().getRdsUpdate();
-      List<VirtualHost> activeVirtualHosts = activeRdsUpdate.hasValue()
-          ? activeRdsUpdate.getValue().virtualHosts
-          : Collections.emptyList();
-
-      boolean changedRdsName = !Objects.equals(rdsName, this.rdsName);
-      if (changedRdsName) {
-        cleanUpRdsWatcher();
-      }
 
       if (virtualHosts != null) {
         // No RDS watcher since we are getting RDS updates via LDS
-        updateRoutes(virtualHosts, this, activeVirtualHosts, this.rdsName == null);
+        updateRoutes(virtualHosts);
         this.rdsName = null;
-      } else if (changedRdsName) {
+      } else {
         this.rdsName = rdsName;
-        addWatcher(new RdsWatcher(rdsName));
-        logger.log(XdsLogger.XdsLogLevel.INFO, "Start watching RDS resource {0}", rdsName);
+        addRdsWatcher(rdsName);
       }
 
       setData(update);
@@ -666,36 +613,18 @@ public void onResourceDoesNotExist(String resourceName) {
       checkArgument(resourceName().equals(resourceName), "Resource name does not match");
       setDataAsStatus(Status.UNAVAILABLE.withDescription(
           toContextString() + " does not exist" + nodeInfo()));
-      cleanUpRdsWatcher();
       rdsName = null;
       maybePublishConfig();
     }
 
-    private void cleanUpRdsWatcher() {
-      RdsWatcher oldRdsWatcher = getRdsWatcher();
-      if (oldRdsWatcher != null) {
-        cancelWatcher(oldRdsWatcher);
-        logger.log(XdsLogger.XdsLogLevel.DEBUG, "Stop watching RDS resource {0}", rdsName);
-
-        // Cleanup clusters (as appropriate) that had the old rds watcher as a parent
-        if (!oldRdsWatcher.hasDataValue()) {
-          return;
-        }
-        for (XdsWatcherBase<XdsClusterResource.CdsUpdate> watcher :
-            getWatchers(CLUSTER_RESOURCE).values()) {
-          cancelCdsWatcher((CdsWatcher) watcher, oldRdsWatcher);
-        }
-      }
-    }
-
-    private RdsWatcher getRdsWatcher() {
+    private RdsWatcher getRdsWatcher(WatcherTracer tracer) {
       if (rdsName == null) {
         return null;
       }
-      return (RdsWatcher) getWatchers(XdsRouteConfigureResource.getInstance()).get(rdsName);
+      return (RdsWatcher) tracer.getWatcher(XdsRouteConfigureResource.getInstance(), rdsName);
     }
 
-    public RdsUpdateSupplier getRouteSource() {
+    public RdsUpdateSupplier getRouteSource(WatcherTracer tracer) {
       if (!hasDataValue()) {
         return this;
       }
@@ -707,7 +636,7 @@ public RdsUpdateSupplier getRouteSource() {
       if (virtualHosts != null) {
         return this;
       }
-      RdsWatcher rdsWatcher = getRdsWatcher();
+      RdsWatcher rdsWatcher = getRdsWatcher(tracer);
       assert rdsWatcher != null;
       return rdsWatcher;
     }
@@ -748,11 +677,8 @@ public void onChanged(RdsUpdate update) {
       if (cancelled) {
         return;
       }
-      List<VirtualHost> oldVirtualHosts = hasDataValue()
-          ? getData().getValue().virtualHosts
-          : Collections.emptyList();
       setData(update);
-      updateRoutes(update.virtualHosts, this, oldVirtualHosts, true);
+      updateRoutes(update.virtualHosts);
       maybePublishConfig();
     }
 
@@ -766,11 +692,8 @@ public StatusOr<RdsUpdate> getRdsUpdate() {
   }
 
   private class CdsWatcher extends XdsWatcherBase<XdsClusterResource.CdsUpdate> {
-    Set<Object> parentContexts = new HashSet<>();
-
-    CdsWatcher(String resourceName, Object parentContext) {
+    CdsWatcher(String resourceName) {
       super(CLUSTER_RESOURCE, checkNotNull(resourceName, "resourceName"));
-      this.parentContexts.add(checkNotNull(parentContext, "parentContext"));
     }
 
     @Override
@@ -782,32 +705,16 @@ public void onChanged(XdsClusterResource.CdsUpdate update) {
       switch (update.clusterType()) {
         case EDS:
           setData(update);
-          addEdsWatcher(getEdsServiceName(), this);
+          addEdsWatcher(getEdsServiceName());
           break;
         case LOGICAL_DNS:
           setData(update);
           // no eds needed
           break;
         case AGGREGATE:
-          Object parentContext = this;
-          if (hasDataValue()) {
-            Set<String> oldNames = getData().getValue().clusterType() == ClusterType.AGGREGATE
-                ? new HashSet<>(getData().getValue().prioritizedClusterNames())
-                : Collections.emptySet();
-            Set<String> newNames = new HashSet<>(update.prioritizedClusterNames());
-
-            Set<String> deletedClusters = Sets.difference(oldNames, newNames);
-            deletedClusters.forEach((cluster)
-                -> cancelClusterWatcherTree(getCluster(cluster), parentContext));
-
-            setData(update);
-            Set<String> addedClusters = Sets.difference(newNames, oldNames);
-            addedClusters.forEach((cluster) -> addClusterWatcher(cluster, parentContext));
-          } else {
-            setData(update);
-            update.prioritizedClusterNames()
-                .forEach(name -> addClusterWatcher(name, parentContext));
-          }
+          setData(update);
+          update.prioritizedClusterNames()
+              .forEach(name -> addClusterWatcher(name));
           break;
         default:
           Status error = Status.UNAVAILABLE.withDescription(
@@ -829,11 +736,8 @@ public String getEdsServiceName() {
   }
 
   private class EdsWatcher extends XdsWatcherBase<XdsEndpointResource.EdsUpdate> {
-    private final Set<CdsWatcher> parentContexts = new HashSet<>();
-
-    private EdsWatcher(String resourceName, CdsWatcher parentContext) {
+    private EdsWatcher(String resourceName) {
       super(ENDPOINT_RESOURCE, checkNotNull(resourceName, "resourceName"));
-      parentContexts.add(checkNotNull(parentContext, "parentContext"));
     }
 
     @Override
@@ -844,9 +748,5 @@ public void onChanged(XdsEndpointResource.EdsUpdate update) {
       setData(checkNotNull(update, "update"));
       maybePublishConfig();
     }
-
-    void addParentContext(CdsWatcher parentContext) {
-      parentContexts.add(checkNotNull(parentContext, "parentContext"));
-    }
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index da960e1e133..aea1ad66d72 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -66,7 +66,9 @@
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsClient.ResourceMetadata;
 import io.grpc.xds.client.XdsClientMetricReporter;
+import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.client.XdsTransportFactory;
 import java.io.Closeable;
 import java.io.IOException;
@@ -562,7 +564,39 @@ public void testMultipleParentsInCdsTree() throws IOException {
   }
 
   @Test
-  public void testCdsCycle() throws Exception {
+  public void testCdsDeleteUnsubscribesChild() throws Exception {
+    RouteConfiguration routeConfig =
+        XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "clusterA");
+    Map<String, Message> clusterMap = new HashMap<>();
+    Map<String, Message> edsMap = new HashMap<>();
+    XdsTestUtils.addEdsClusters(clusterMap, edsMap, "clusterA");
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
+
+    InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+        serverName, serverName, nameResolverArgs, scheduler);
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
+    XdsConfig config = xdsUpdateCaptor.getValue().getValue();
+    assertThat(config.getClusters().get("clusterA").hasValue()).isTrue();
+    Map<XdsResourceType<?>, Map<String, ResourceMetadata>> watches =
+        xdsClient.getSubscribedResourcesMetadataSnapshot().get();
+    assertThat(watches.get(XdsEndpointResource.getInstance()).keySet())
+        .containsExactly("eds_clusterA");
+
+    // Delete cluster
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
+    inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
+    config = xdsUpdateCaptor.getValue().getValue();
+    assertThat(config.getClusters().get("clusterA").hasValue()).isFalse();
+    watches = xdsClient.getSubscribedResourcesMetadataSnapshot().get();
+    assertThat(watches).doesNotContainKey(XdsEndpointResource.getInstance());
+  }
+
+  @Test
+  public void testCdsCycleReclaimed() throws Exception {
     RouteConfiguration routeConfig =
         XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "clusterA");
     Map<String, Message> clusterMap = new HashMap<>();
@@ -575,6 +609,7 @@ public void testCdsCycle() throws Exception {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, clusterMap);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
+    // The cycle is loaded and detected
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
     xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
         serverName, serverName, nameResolverArgs, scheduler);
@@ -582,6 +617,16 @@ public void testCdsCycle() throws Exception {
     XdsConfig config = xdsUpdateCaptor.getValue().getValue();
     assertThat(config.getClusters().get("clusterA").hasValue()).isFalse();
     assertThat(config.getClusters().get("clusterA").getStatus().getDescription()).contains("cycle");
+
+    // Orphan the cycle and it is discarded
+    routeConfig =
+        XdsTestUtils.buildRouteConfiguration(serverName, XdsTestUtils.RDS_NAME, "clusterC");
+    controlPlaneService.setXdsConfig(
+        ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
+    inOrder.verify(xdsConfigWatcher).onUpdate(any());
+    Map<XdsResourceType<?>, Map<String, ResourceMetadata>> watches =
+        xdsClient.getSubscribedResourcesMetadataSnapshot().get();
+    assertThat(watches.get(XdsClusterResource.getInstance()).keySet()).containsExactly("clusterC");
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index ab966ce0025..f5c40fa2117 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -241,7 +241,7 @@ public void tearDown() {
     resolver.shutdown();
     if (xdsClient != null) {
       assertThat(xdsClient.ldsWatcher).isNull();
-      assertThat(xdsClient.rdsWatcher).isNull();
+      assertThat(xdsClient.rdsWatchers).isEmpty();
     }
   }
 
@@ -421,7 +421,7 @@ public void resolving_ldsResourceUpdateRdsName() {
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdateForRdsName(RDS_RESOURCE_NAME);
-    assertThat(xdsClient.rdsResource).isEqualTo(RDS_RESOURCE_NAME);
+    assertThat(xdsClient.rdsWatchers.keySet()).containsExactly(RDS_RESOURCE_NAME);
     VirtualHost virtualHost =
         VirtualHost.create("virtualhost", Collections.singletonList(AUTHORITY),
             Collections.singletonList(route1),
@@ -438,13 +438,14 @@ public void resolving_ldsResourceUpdateRdsName() {
         ArgumentCaptor.forClass(ResolutionResult.class);
     String alternativeRdsResource = "route-configuration-alter.googleapis.com";
     xdsClient.deliverLdsUpdateForRdsName(alternativeRdsResource);
-    assertThat(xdsClient.rdsResource).isEqualTo(alternativeRdsResource);
+    assertThat(xdsClient.rdsWatchers.keySet()).contains(alternativeRdsResource);
     virtualHost =
         VirtualHost.create("virtualhost-alter", Collections.singletonList(AUTHORITY),
             Collections.singletonList(route2),
             ImmutableMap.of());
     xdsClient.deliverRdsUpdate(alternativeRdsResource, Collections.singletonList(virtualHost));
     createAndDeliverClusterUpdates(xdsClient, cluster2);
+    assertThat(xdsClient.rdsWatchers.keySet()).containsExactly(alternativeRdsResource);
     // Two new service config updates triggered:
     //  - with load balancing config being able to select cluster1 and cluster2
     //  - with load balancing config being able to select cluster2 only
@@ -477,7 +478,7 @@ public void resolving_ldsResourceRevokedAndAddedBack() {
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdateForRdsName(RDS_RESOURCE_NAME);
-    assertThat(xdsClient.rdsResource).isEqualTo(RDS_RESOURCE_NAME);
+    assertThat(xdsClient.rdsWatchers.keySet()).containsExactly(RDS_RESOURCE_NAME);
     VirtualHost virtualHost =
         VirtualHost.create("virtualhost", Collections.singletonList(AUTHORITY),
             Collections.singletonList(route),
@@ -491,14 +492,14 @@ public void resolving_ldsResourceRevokedAndAddedBack() {
 
     reset(mockListener);
     xdsClient.deliverLdsResourceNotFound();  // revoke LDS resource
-    assertThat(xdsClient.rdsResource).isNull();  // stop subscribing to stale RDS resource
+    assertThat(xdsClient.rdsWatchers.keySet()).isEmpty();  // stop subscribing to stale RDS resource
     assertEmptyResolutionResult(expectedLdsResourceName);
 
     reset(mockListener);
     xdsClient.deliverLdsUpdateForRdsName(RDS_RESOURCE_NAME);
     // No name resolution result until new RDS resource update is received. Do not use stale config
     verifyNoInteractions(mockListener);
-    assertThat(xdsClient.rdsResource).isEqualTo(RDS_RESOURCE_NAME);
+    assertThat(xdsClient.rdsWatchers.keySet()).containsExactly(RDS_RESOURCE_NAME);
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
     createAndDeliverClusterUpdates(xdsClient, cluster1);
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
@@ -518,7 +519,7 @@ public void resolving_rdsResourceRevokedAndAddedBack() {
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdateForRdsName(RDS_RESOURCE_NAME);
-    assertThat(xdsClient.rdsResource).isEqualTo(RDS_RESOURCE_NAME);
+    assertThat(xdsClient.rdsWatchers.keySet()).containsExactly(RDS_RESOURCE_NAME);
     VirtualHost virtualHost =
         VirtualHost.create("virtualhost", Collections.singletonList(AUTHORITY),
             Collections.singletonList(route),
@@ -537,6 +538,7 @@ public void resolving_rdsResourceRevokedAndAddedBack() {
     // Simulate management server adds back the previously used RDS resource.
     reset(mockListener);
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster1),
@@ -2430,9 +2432,8 @@ public List<String> getTargets() {
   private class FakeXdsClient extends XdsClient {
     // Should never be subscribing to more than one LDS and RDS resource at any point of time.
     private String ldsResource;  // should always be AUTHORITY
-    private String rdsResource;
     private ResourceWatcher<LdsUpdate> ldsWatcher;
-    private ResourceWatcher<RdsUpdate> rdsWatcher;
+    private final Map<String, List<ResourceWatcher<RdsUpdate>>> rdsWatchers = new HashMap<>();
     private final Map<String, List<ResourceWatcher<CdsUpdate>>> cdsWatchers = new HashMap<>();
     private final Map<String, List<ResourceWatcher<EdsUpdate>>> edsWatchers = new HashMap<>();
 
@@ -2457,10 +2458,8 @@ public <T extends ResourceUpdate> void watchXdsResource(XdsResourceType<T> resou
           ldsWatcher = (ResourceWatcher<LdsUpdate>) watcher;
           break;
         case "RDS":
-          assertThat(rdsResource).isNull();
-          assertThat(rdsWatcher).isNull();
-          rdsResource = resourceName;
-          rdsWatcher = (ResourceWatcher<RdsUpdate>) watcher;
+          rdsWatchers.computeIfAbsent(resourceName, k -> new ArrayList<>())
+              .add((ResourceWatcher<RdsUpdate>) watcher);
           break;
         case "CDS":
           cdsWatchers.computeIfAbsent(resourceName, k -> new ArrayList<>())
@@ -2488,10 +2487,12 @@ public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T>
           ldsWatcher = null;
           break;
         case "RDS":
-          assertThat(rdsResource).isNotNull();
-          assertThat(rdsWatcher).isNotNull();
-          rdsResource = null;
-          rdsWatcher = null;
+          assertThat(rdsWatchers).containsKey(resourceName);
+          assertThat(rdsWatchers.get(resourceName)).contains(watcher);
+          rdsWatchers.get(resourceName).remove((ResourceWatcher<RdsUpdate>) watcher);
+          if (rdsWatchers.get(resourceName).isEmpty()) {
+            rdsWatchers.remove(resourceName);
+          }
           break;
         case "CDS":
           assertThat(cdsWatchers).containsKey(resourceName);
@@ -2659,9 +2660,6 @@ private List<String> getClusterNames(List<Route> routes) {
     void deliverRdsUpdateWithFaultInjection(
         String resourceName, @Nullable FaultConfig virtualHostFaultConfig,
         @Nullable FaultConfig routFaultConfig, @Nullable FaultConfig weightedClusterFaultConfig) {
-      if (!resourceName.equals(rdsResource)) {
-        return;
-      }
       ImmutableMap<String, FilterConfig> overrideConfig = weightedClusterFaultConfig == null
           ? ImmutableMap.of()
           : ImmutableMap.of(
@@ -2690,18 +2688,19 @@ void deliverRdsUpdateWithFaultInjection(
           Collections.singletonList(expectedLdsResourceName),
           Collections.singletonList(route),
           overrideConfig);
-      syncContext.execute(() -> {
-        rdsWatcher.onChanged(new RdsUpdate(Collections.singletonList(virtualHost)));
-        createAndDeliverClusterUpdates(this, cluster1);
-      });
+      deliverRdsUpdate(resourceName, virtualHost);
+      createAndDeliverClusterUpdates(this, cluster1);
     }
 
     void deliverRdsUpdate(String resourceName, List<VirtualHost> virtualHosts) {
-      if (!resourceName.equals(rdsResource)) {
+      if (!rdsWatchers.containsKey(resourceName)) {
         return;
       }
       syncContext.execute(() -> {
-        rdsWatcher.onChanged(new RdsUpdate(virtualHosts));
+        RdsUpdate update = new RdsUpdate(virtualHosts);
+        List<ResourceWatcher<RdsUpdate>> resourceWatchers =
+            ImmutableList.copyOf(rdsWatchers.get(resourceName));
+        resourceWatchers.forEach(w -> w.onChanged(update));
       });
     }
 
@@ -2710,11 +2709,13 @@ void deliverRdsUpdate(String resourceName, VirtualHost virtualHost) {
     }
 
     void deliverRdsResourceNotFound(String resourceName) {
-      if (!resourceName.equals(rdsResource)) {
+      if (!rdsWatchers.containsKey(resourceName)) {
         return;
       }
       syncContext.execute(() -> {
-        rdsWatcher.onResourceDoesNotExist(rdsResource);
+        List<ResourceWatcher<RdsUpdate>> resourceWatchers =
+            ImmutableList.copyOf(rdsWatchers.get(resourceName));
+        resourceWatchers.forEach(w -> w.onResourceDoesNotExist(resourceName));
       });
     }
 
@@ -2747,12 +2748,10 @@ void deliverError(final Status error) {
           ldsWatcher.onError(error);
         });
       }
-      if (rdsWatcher != null) {
-        syncContext.execute(() -> {
-          rdsWatcher.onError(error);
-        });
-      }
       syncContext.execute(() -> {
+        rdsWatchers.values().stream()
+            .flatMap(List::stream)
+            .forEach(w -> w.onError(error));
         cdsWatchers.values().stream()
             .flatMap(List::stream)
             .forEach(w -> w.onError(error));

From 4ee662fbcf5cb9b1d3da6b046536890db69e4bc5 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sat, 7 Jun 2025 07:23:09 -0700
Subject: [PATCH 284/591] xds: cancelled=true on watch close in XdsDepManager

1fd29bc80 replaced cancelWatcher() with watcher.close(). But setting
cancelled was missing. Because the config update checks for shutdown,
the cancelled flag no longer avoids exceptions. But it seems best to
continue avoiding any processing after close to avoid surprises.
---
 xds/src/main/java/io/grpc/xds/XdsDependencyManager.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 78d4dbb198a..c0054c16332 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -525,6 +525,7 @@ public void onResourceDoesNotExist(String resourceName) {
     }
 
     public void close() {
+      cancelled = true;
       xdsClient.cancelXdsResourceWatch(type, resourceName, this);
     }
 

From 6afacf589e873e12c53ec7ecb43dfc65ec5ade0e Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sat, 31 May 2025 07:27:15 -0700
Subject: [PATCH 285/591] xds: Don't cache rdsName in XdsDepManager

We can easily compute the rdsName and avoiding the state means we don't
need to override onResourceDoesNotExist() to keep the cache in-sync with
the config.
---
 .../io/grpc/xds/XdsDependencyManager.java     | 34 +++++++------------
 1 file changed, 13 insertions(+), 21 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index c0054c16332..45ae7074d16 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -567,7 +567,6 @@ private interface RdsUpdateSupplier {
 
   private class LdsWatcher extends XdsWatcherBase<XdsListenerResource.LdsUpdate>
       implements RdsUpdateSupplier {
-    String rdsName;
 
     private LdsWatcher(String resourceName) {
       super(XdsListenerResource.getInstance(), resourceName);
@@ -582,22 +581,18 @@ public void onChanged(XdsListenerResource.LdsUpdate update) {
 
       HttpConnectionManager httpConnectionManager = update.httpConnectionManager();
       List<VirtualHost> virtualHosts;
-      String rdsName;
       if (httpConnectionManager == null) {
         // TCP listener. Unsupported config
         virtualHosts = Collections.emptyList(); // Not null, to not delegate to RDS
-        rdsName = null;
       } else {
         virtualHosts = httpConnectionManager.virtualHosts();
-        rdsName = httpConnectionManager.rdsName();
       }
-
       if (virtualHosts != null) {
-        // No RDS watcher since we are getting RDS updates via LDS
         updateRoutes(virtualHosts);
-        this.rdsName = null;
-      } else {
-        this.rdsName = rdsName;
+      }
+
+      String rdsName = getRdsName(update);
+      if (rdsName != null) {
         addRdsWatcher(rdsName);
       }
 
@@ -605,20 +600,17 @@ public void onChanged(XdsListenerResource.LdsUpdate update) {
       maybePublishConfig();
     }
 
-    @Override
-    public void onResourceDoesNotExist(String resourceName) {
-      if (cancelled) {
-        return;
+    private String getRdsName(XdsListenerResource.LdsUpdate update) {
+      HttpConnectionManager httpConnectionManager = update.httpConnectionManager();
+      if (httpConnectionManager == null) {
+        // TCP listener. Unsupported config
+        return null;
       }
-
-      checkArgument(resourceName().equals(resourceName), "Resource name does not match");
-      setDataAsStatus(Status.UNAVAILABLE.withDescription(
-          toContextString() + " does not exist" + nodeInfo()));
-      rdsName = null;
-      maybePublishConfig();
+      return httpConnectionManager.rdsName();
     }
 
-    private RdsWatcher getRdsWatcher(WatcherTracer tracer) {
+    private RdsWatcher getRdsWatcher(XdsListenerResource.LdsUpdate update, WatcherTracer tracer) {
+      String rdsName = getRdsName(update);
       if (rdsName == null) {
         return null;
       }
@@ -637,7 +629,7 @@ public RdsUpdateSupplier getRouteSource(WatcherTracer tracer) {
       if (virtualHosts != null) {
         return this;
       }
-      RdsWatcher rdsWatcher = getRdsWatcher(tracer);
+      RdsWatcher rdsWatcher = getRdsWatcher(getData().getValue(), tracer);
       assert rdsWatcher != null;
       return rdsWatcher;
     }

From a16d6559194d1598197d210a8aa9593e336128b1 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 10 Jun 2025 10:31:03 +0530
Subject: [PATCH 286/591] compiler: generate blocking v2 unary calls that throw
 StatusException (#12126)

---
 .../LoadBalancerStatsServiceGrpc.java         |  8 +++---
 .../integration/MetricsServiceGrpc.java       |  4 +--
 .../integration/ReconnectServiceGrpc.java     |  8 +++---
 .../testing/integration/TestServiceGrpc.java  | 16 +++++------
 .../integration/UnimplementedServiceGrpc.java |  4 +--
 .../XdsUpdateClientConfigureServiceGrpc.java  |  4 +--
 .../XdsUpdateHealthServiceGrpc.java           |  8 +++---
 .../LoadBalancerStatsServiceGrpc.java         |  8 +++---
 .../integration/MetricsServiceGrpc.java       |  4 +--
 .../integration/ReconnectServiceGrpc.java     |  8 +++---
 .../testing/integration/TestServiceGrpc.java  | 16 +++++------
 .../integration/UnimplementedServiceGrpc.java |  4 +--
 .../XdsUpdateClientConfigureServiceGrpc.java  |  4 +--
 .../XdsUpdateHealthServiceGrpc.java           |  8 +++---
 .../proto/BenchmarkServiceGrpc.java           |  4 +--
 .../proto/ReportQpsScenarioServiceGrpc.java   |  4 +--
 .../benchmarks/proto/WorkerServiceGrpc.java   |  8 +++---
 .../src/java_plugin/cpp/java_generator.cpp    |  6 ++--
 .../golden/TestDeprecatedService.java.txt     |  4 +--
 compiler/src/test/golden/TestService.java.txt | 12 ++++----
 .../golden/TestDeprecatedService.java.txt     |  4 +--
 .../src/testLite/golden/TestService.java.txt  | 12 ++++----
 .../LoadBalancerStatsServiceGrpc.java         |  8 +++---
 .../integration/MetricsServiceGrpc.java       |  4 +--
 .../integration/ReconnectServiceGrpc.java     |  8 +++---
 .../testing/integration/TestServiceGrpc.java  | 16 +++++------
 .../integration/UnimplementedServiceGrpc.java |  4 +--
 .../XdsUpdateClientConfigureServiceGrpc.java  |  4 +--
 .../XdsUpdateHealthServiceGrpc.java           |  8 +++---
 .../io/istio/test/EchoTestServiceGrpc.java    |  8 +++---
 .../lookup/v1/RouteLookupServiceGrpc.java     |  4 +--
 .../io/grpc/channelz/v1/ChannelzGrpc.java     | 28 +++++++++----------
 .../grpc/io/grpc/health/v1/HealthGrpc.java    |  4 +--
 .../testing/AnotherDynamicServiceGrpc.java    |  4 +--
 .../AnotherReflectableServiceGrpc.java        |  4 +--
 .../testing/DynamicServiceGrpc.java           |  4 +--
 .../testing/ReflectableServiceGrpc.java       |  4 +--
 .../main/java/io/grpc/stub/ClientCalls.java   | 17 +++++++++++
 .../testing/protobuf/SimpleServiceGrpc.java   |  4 +--
 .../v3/ClientStatusDiscoveryServiceGrpc.java  |  4 +--
 40 files changed, 157 insertions(+), 138 deletions(-)

diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index 42934e94c5b..33b914bb4b3 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -242,8 +242,8 @@ protected LoadBalancerStatsServiceBlockingV2Stub build(
      * Gets the backend distribution for RPCs sent by a test client.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetClientStatsMethod(), getCallOptions(), request);
     }
 
@@ -252,8 +252,8 @@ public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientS
      * Gets the accumulated stats for RPCs sent by a test client.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetClientAccumulatedStatsMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 6c2166468f6..c99abcff7cb 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -242,8 +242,8 @@ protected MetricsServiceBlockingV2Stub build(
      * Returns the value of one gauge
      * </pre>
      */
-    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetGaugeMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 07ce250bc4b..fffcaad2df2 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -227,15 +227,15 @@ protected ReconnectServiceBlockingV2Stub build(
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getStartMethod(), getCallOptions(), request);
     }
 
     /**
      */
-    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getStopMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 4593215b601..1d7805e3a3f 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -573,8 +573,8 @@ protected TestServiceBlockingV2Stub build(
      * One empty request followed by one empty response.
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getEmptyCallMethod(), getCallOptions(), request);
     }
 
@@ -583,8 +583,8 @@ public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.i
      * One request followed by one response.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnaryCallMethod(), getCallOptions(), request);
     }
 
@@ -595,8 +595,8 @@ public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.tes
      * satisfy subsequent requests.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getCacheableUnaryCallMethod(), getCallOptions(), request);
     }
 
@@ -661,8 +661,8 @@ public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io
      * to test the behavior when clients call unimplemented methods.
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index d9ef0e6ddd9..bec9b5a723a 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -196,8 +196,8 @@ protected UnimplementedServiceBlockingV2Stub build(
      * A call that no server should implement
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 8ae0c2f93a4..3453b6c01be 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -191,8 +191,8 @@ protected XdsUpdateClientConfigureServiceBlockingV2Stub build(
      * Update the tes client's configuration.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getConfigureMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 5b950c73c12..fb5f2cdebc7 100644
--- a/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/android-interop-testing/src/generated/debug/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -227,15 +227,15 @@ protected XdsUpdateHealthServiceBlockingV2Stub build(
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getSetServingMethod(), getCallOptions(), request);
     }
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getSetNotServingMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index 42934e94c5b..33b914bb4b3 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -242,8 +242,8 @@ protected LoadBalancerStatsServiceBlockingV2Stub build(
      * Gets the backend distribution for RPCs sent by a test client.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetClientStatsMethod(), getCallOptions(), request);
     }
 
@@ -252,8 +252,8 @@ public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientS
      * Gets the accumulated stats for RPCs sent by a test client.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetClientAccumulatedStatsMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 6c2166468f6..c99abcff7cb 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -242,8 +242,8 @@ protected MetricsServiceBlockingV2Stub build(
      * Returns the value of one gauge
      * </pre>
      */
-    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetGaugeMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 07ce250bc4b..fffcaad2df2 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -227,15 +227,15 @@ protected ReconnectServiceBlockingV2Stub build(
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getStartMethod(), getCallOptions(), request);
     }
 
     /**
      */
-    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getStopMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index 4593215b601..1d7805e3a3f 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -573,8 +573,8 @@ protected TestServiceBlockingV2Stub build(
      * One empty request followed by one empty response.
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getEmptyCallMethod(), getCallOptions(), request);
     }
 
@@ -583,8 +583,8 @@ public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.i
      * One request followed by one response.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnaryCallMethod(), getCallOptions(), request);
     }
 
@@ -595,8 +595,8 @@ public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.tes
      * satisfy subsequent requests.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getCacheableUnaryCallMethod(), getCallOptions(), request);
     }
 
@@ -661,8 +661,8 @@ public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io
      * to test the behavior when clients call unimplemented methods.
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index d9ef0e6ddd9..bec9b5a723a 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -196,8 +196,8 @@ protected UnimplementedServiceBlockingV2Stub build(
      * A call that no server should implement
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 8ae0c2f93a4..3453b6c01be 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -191,8 +191,8 @@ protected XdsUpdateClientConfigureServiceBlockingV2Stub build(
      * Update the tes client's configuration.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getConfigureMethod(), getCallOptions(), request);
     }
   }
diff --git a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 5b950c73c12..fb5f2cdebc7 100644
--- a/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/android-interop-testing/src/generated/release/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -227,15 +227,15 @@ protected XdsUpdateHealthServiceBlockingV2Stub build(
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getSetServingMethod(), getCallOptions(), request);
     }
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getSetNotServingMethod(), getCallOptions(), request);
     }
   }
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
index 15b9a67918b..68e911afc4a 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/BenchmarkServiceGrpc.java
@@ -398,8 +398,8 @@ protected BenchmarkServiceBlockingV2Stub build(
      * The server returns the client payload as-is.
      * </pre>
      */
-    public io.grpc.benchmarks.proto.Messages.SimpleResponse unaryCall(io.grpc.benchmarks.proto.Messages.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.benchmarks.proto.Messages.SimpleResponse unaryCall(io.grpc.benchmarks.proto.Messages.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnaryCallMethod(), getCallOptions(), request);
     }
 
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
index 8fe5f926d99..c5064875bb6 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/ReportQpsScenarioServiceGrpc.java
@@ -177,8 +177,8 @@ protected ReportQpsScenarioServiceBlockingV2Stub build(
      * Report results of a QPS test benchmark scenario.
      * </pre>
      */
-    public io.grpc.benchmarks.proto.Control.Void reportScenario(io.grpc.benchmarks.proto.Control.ScenarioResult request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.benchmarks.proto.Control.Void reportScenario(io.grpc.benchmarks.proto.Control.ScenarioResult request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getReportScenarioMethod(), getCallOptions(), request);
     }
   }
diff --git a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
index bf9649e8377..721b4f9ab19 100644
--- a/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
+++ b/benchmarks/src/generated/main/grpc/io/grpc/benchmarks/proto/WorkerServiceGrpc.java
@@ -387,8 +387,8 @@ protected WorkerServiceBlockingV2Stub build(
      * Just return the core count - unary call
      * </pre>
      */
-    public io.grpc.benchmarks.proto.Control.CoreResponse coreCount(io.grpc.benchmarks.proto.Control.CoreRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.benchmarks.proto.Control.CoreResponse coreCount(io.grpc.benchmarks.proto.Control.CoreRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getCoreCountMethod(), getCallOptions(), request);
     }
 
@@ -397,8 +397,8 @@ public io.grpc.benchmarks.proto.Control.CoreResponse coreCount(io.grpc.benchmark
      * Quit this worker
      * </pre>
      */
-    public io.grpc.benchmarks.proto.Control.Void quitWorker(io.grpc.benchmarks.proto.Control.Void request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.benchmarks.proto.Control.Void quitWorker(io.grpc.benchmarks.proto.Control.Void request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getQuitWorkerMethod(), getCallOptions(), request);
     }
   }
diff --git a/compiler/src/java_plugin/cpp/java_generator.cpp b/compiler/src/java_plugin/cpp/java_generator.cpp
index 8421a4a9207..4cee7999402 100644
--- a/compiler/src/java_plugin/cpp/java_generator.cpp
+++ b/compiler/src/java_plugin/cpp/java_generator.cpp
@@ -745,9 +745,10 @@ static void PrintStub(
               "    $lower_method_name$($input_type$ request)");
        } else {
           // Simple RPC
+          (*vars)["throws_decl"] = " throws io.grpc.StatusException";
           p->Print(
               *vars,
-              "$output_type$ $lower_method_name$($input_type$ request)");
+              "$output_type$ $lower_method_name$($input_type$ request)$throws_decl$");
        }
        break;
       case ASYNC_CALL:
@@ -827,7 +828,8 @@ static void PrintStub(
                if (server_streaming) {
                    (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingV2ServerStreamingCall";
                 } else {
-                  (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingUnaryCall";
+                  (*vars)["calls_method"] = "io.grpc.stub.ClientCalls.blockingV2UnaryCall";
+                  (*vars)["throws_decl"] = " throws io.grpc.StatusException";
                 }
 
             p->Print(
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 712be32132e..548a9e3d806 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -203,8 +203,8 @@ public final class TestDeprecatedServiceGrpc {
      * </pre>
      */
     @java.lang.Deprecated
-    public io.grpc.testing.compiler.Test.SimpleResponse deprecatedMethod(io.grpc.testing.compiler.Test.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.compiler.Test.SimpleResponse deprecatedMethod(io.grpc.testing.compiler.Test.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getDeprecatedMethodMethod(), getCallOptions(), request);
     }
   }
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index e3c759639ec..93551f6d582 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -580,8 +580,8 @@ public final class TestServiceGrpc {
      * The server returns the client payload as-is.
      * </pre>
      */
-    public io.grpc.testing.compiler.Test.SimpleResponse unaryCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.compiler.Test.SimpleResponse unaryCall(io.grpc.testing.compiler.Test.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnaryCallMethod(), getCallOptions(), request);
     }
 
@@ -658,8 +658,8 @@ public final class TestServiceGrpc {
      * A unary call that is Safe.
      * </pre>
      */
-    public io.grpc.testing.compiler.Test.SimpleResponse safeCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.compiler.Test.SimpleResponse safeCall(io.grpc.testing.compiler.Test.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getSafeCallMethod(), getCallOptions(), request);
     }
 
@@ -668,8 +668,8 @@ public final class TestServiceGrpc {
      * A unary call that is Idempotent.
      * </pre>
      */
-    public io.grpc.testing.compiler.Test.SimpleResponse idempotentCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.compiler.Test.SimpleResponse idempotentCall(io.grpc.testing.compiler.Test.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getIdempotentCallMethod(), getCallOptions(), request);
     }
   }
diff --git a/compiler/src/testLite/golden/TestDeprecatedService.java.txt b/compiler/src/testLite/golden/TestDeprecatedService.java.txt
index 22a57c71523..89ea2e698bf 100644
--- a/compiler/src/testLite/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/testLite/golden/TestDeprecatedService.java.txt
@@ -199,8 +199,8 @@ public final class TestDeprecatedServiceGrpc {
      * </pre>
      */
     @java.lang.Deprecated
-    public io.grpc.testing.compiler.Test.SimpleResponse deprecatedMethod(io.grpc.testing.compiler.Test.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.compiler.Test.SimpleResponse deprecatedMethod(io.grpc.testing.compiler.Test.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getDeprecatedMethodMethod(), getCallOptions(), request);
     }
   }
diff --git a/compiler/src/testLite/golden/TestService.java.txt b/compiler/src/testLite/golden/TestService.java.txt
index d13d9959a4a..4e9dfb8d682 100644
--- a/compiler/src/testLite/golden/TestService.java.txt
+++ b/compiler/src/testLite/golden/TestService.java.txt
@@ -569,8 +569,8 @@ public final class TestServiceGrpc {
      * The server returns the client payload as-is.
      * </pre>
      */
-    public io.grpc.testing.compiler.Test.SimpleResponse unaryCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.compiler.Test.SimpleResponse unaryCall(io.grpc.testing.compiler.Test.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnaryCallMethod(), getCallOptions(), request);
     }
 
@@ -647,8 +647,8 @@ public final class TestServiceGrpc {
      * A unary call that is Safe.
      * </pre>
      */
-    public io.grpc.testing.compiler.Test.SimpleResponse safeCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.compiler.Test.SimpleResponse safeCall(io.grpc.testing.compiler.Test.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getSafeCallMethod(), getCallOptions(), request);
     }
 
@@ -657,8 +657,8 @@ public final class TestServiceGrpc {
      * A unary call that is Idempotent.
      * </pre>
      */
-    public io.grpc.testing.compiler.Test.SimpleResponse idempotentCall(io.grpc.testing.compiler.Test.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.compiler.Test.SimpleResponse idempotentCall(io.grpc.testing.compiler.Test.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getIdempotentCallMethod(), getCallOptions(), request);
     }
   }
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
index 766d63a51dc..22c64d12f33 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/LoadBalancerStatsServiceGrpc.java
@@ -244,8 +244,8 @@ protected LoadBalancerStatsServiceBlockingV2Stub build(
      * Gets the backend distribution for RPCs sent by a test client.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientStats(io.grpc.testing.integration.Messages.LoadBalancerStatsRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetClientStatsMethod(), getCallOptions(), request);
     }
 
@@ -254,8 +254,8 @@ public io.grpc.testing.integration.Messages.LoadBalancerStatsResponse getClientS
      * Gets the accumulated stats for RPCs sent by a test client.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsResponse getClientAccumulatedStats(io.grpc.testing.integration.Messages.LoadBalancerAccumulatedStatsRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetClientAccumulatedStatsMethod(), getCallOptions(), request);
     }
   }
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
index 8693f1086bb..980dee010f1 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/MetricsServiceGrpc.java
@@ -244,8 +244,8 @@ protected MetricsServiceBlockingV2Stub build(
      * Returns the value of one gauge
      * </pre>
      */
-    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Metrics.GaugeResponse getGauge(io.grpc.testing.integration.Metrics.GaugeRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetGaugeMethod(), getCallOptions(), request);
     }
   }
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
index 164c92295cc..05d46ce8e95 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/ReconnectServiceGrpc.java
@@ -229,15 +229,15 @@ protected ReconnectServiceBlockingV2Stub build(
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty start(io.grpc.testing.integration.Messages.ReconnectParams request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getStartMethod(), getCallOptions(), request);
     }
 
     /**
      */
-    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.ReconnectInfo stop(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getStopMethod(), getCallOptions(), request);
     }
   }
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
index b8c220925e1..a881c85c150 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/TestServiceGrpc.java
@@ -581,8 +581,8 @@ protected TestServiceBlockingV2Stub build(
      * One empty request followed by one empty response.
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getEmptyCallMethod(), getCallOptions(), request);
     }
 
@@ -591,8 +591,8 @@ public io.grpc.testing.integration.EmptyProtos.Empty emptyCall(io.grpc.testing.i
      * One request followed by one response.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnaryCallMethod(), getCallOptions(), request);
     }
 
@@ -603,8 +603,8 @@ public io.grpc.testing.integration.Messages.SimpleResponse unaryCall(io.grpc.tes
      * satisfy subsequent requests.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io.grpc.testing.integration.Messages.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getCacheableUnaryCallMethod(), getCallOptions(), request);
     }
 
@@ -669,8 +669,8 @@ public io.grpc.testing.integration.Messages.SimpleResponse cacheableUnaryCall(io
      * to test the behavior when clients call unimplemented methods.
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
     }
   }
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
index fe6c7c7d1c6..fdd8d5650ed 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/UnimplementedServiceGrpc.java
@@ -197,8 +197,8 @@ protected UnimplementedServiceBlockingV2Stub build(
      * A call that no server should implement
      * </pre>
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty unimplementedCall(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnimplementedCallMethod(), getCallOptions(), request);
     }
   }
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
index 9a628ea1b1a..6c019efefea 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateClientConfigureServiceGrpc.java
@@ -192,8 +192,8 @@ protected XdsUpdateClientConfigureServiceBlockingV2Stub build(
      * Update the tes client's configuration.
      * </pre>
      */
-    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.Messages.ClientConfigureResponse configure(io.grpc.testing.integration.Messages.ClientConfigureRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getConfigureMethod(), getCallOptions(), request);
     }
   }
diff --git a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
index 5582c60d9cc..5531033ae5c 100644
--- a/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
+++ b/interop-testing/src/generated/main/grpc/io/grpc/testing/integration/XdsUpdateHealthServiceGrpc.java
@@ -229,15 +229,15 @@ protected XdsUpdateHealthServiceBlockingV2Stub build(
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty setServing(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getSetServingMethod(), getCallOptions(), request);
     }
 
     /**
      */
-    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.integration.EmptyProtos.Empty setNotServing(io.grpc.testing.integration.EmptyProtos.Empty request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getSetNotServingMethod(), getCallOptions(), request);
     }
   }
diff --git a/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java b/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
index c6947a075d5..61d20d2f7bb 100644
--- a/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
+++ b/istio-interop-testing/src/generated/main/grpc/io/istio/test/EchoTestServiceGrpc.java
@@ -214,15 +214,15 @@ protected EchoTestServiceBlockingV2Stub build(
 
     /**
      */
-    public io.istio.test.Echo.EchoResponse echo(io.istio.test.Echo.EchoRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.istio.test.Echo.EchoResponse echo(io.istio.test.Echo.EchoRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getEchoMethod(), getCallOptions(), request);
     }
 
     /**
      */
-    public io.istio.test.Echo.ForwardEchoResponse forwardEcho(io.istio.test.Echo.ForwardEchoRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.istio.test.Echo.ForwardEchoResponse forwardEcho(io.istio.test.Echo.ForwardEchoRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getForwardEchoMethod(), getCallOptions(), request);
     }
   }
diff --git a/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java b/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
index 39e9d0f4144..be060e576a4 100644
--- a/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
+++ b/rls/src/generated/main/grpc/io/grpc/lookup/v1/RouteLookupServiceGrpc.java
@@ -177,8 +177,8 @@ protected RouteLookupServiceBlockingV2Stub build(
      * Lookup returns a target for a single key.
      * </pre>
      */
-    public io.grpc.lookup.v1.RouteLookupResponse routeLookup(io.grpc.lookup.v1.RouteLookupRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.lookup.v1.RouteLookupResponse routeLookup(io.grpc.lookup.v1.RouteLookupRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getRouteLookupMethod(), getCallOptions(), request);
     }
   }
diff --git a/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java b/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
index f839f11cfe5..c4ac4076d22 100644
--- a/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/channelz/v1/ChannelzGrpc.java
@@ -512,8 +512,8 @@ protected ChannelzBlockingV2Stub build(
      * created). This does not include subchannels nor non-top level channels.
      * </pre>
      */
-    public io.grpc.channelz.v1.GetTopChannelsResponse getTopChannels(io.grpc.channelz.v1.GetTopChannelsRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.channelz.v1.GetTopChannelsResponse getTopChannels(io.grpc.channelz.v1.GetTopChannelsRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetTopChannelsMethod(), getCallOptions(), request);
     }
 
@@ -522,8 +522,8 @@ public io.grpc.channelz.v1.GetTopChannelsResponse getTopChannels(io.grpc.channel
      * Gets all servers that exist in the process.
      * </pre>
      */
-    public io.grpc.channelz.v1.GetServersResponse getServers(io.grpc.channelz.v1.GetServersRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.channelz.v1.GetServersResponse getServers(io.grpc.channelz.v1.GetServersRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetServersMethod(), getCallOptions(), request);
     }
 
@@ -532,8 +532,8 @@ public io.grpc.channelz.v1.GetServersResponse getServers(io.grpc.channelz.v1.Get
      * Returns a single Server, or else a NOT_FOUND code.
      * </pre>
      */
-    public io.grpc.channelz.v1.GetServerResponse getServer(io.grpc.channelz.v1.GetServerRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.channelz.v1.GetServerResponse getServer(io.grpc.channelz.v1.GetServerRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetServerMethod(), getCallOptions(), request);
     }
 
@@ -542,8 +542,8 @@ public io.grpc.channelz.v1.GetServerResponse getServer(io.grpc.channelz.v1.GetSe
      * Gets all server sockets that exist in the process.
      * </pre>
      */
-    public io.grpc.channelz.v1.GetServerSocketsResponse getServerSockets(io.grpc.channelz.v1.GetServerSocketsRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.channelz.v1.GetServerSocketsResponse getServerSockets(io.grpc.channelz.v1.GetServerSocketsRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetServerSocketsMethod(), getCallOptions(), request);
     }
 
@@ -552,8 +552,8 @@ public io.grpc.channelz.v1.GetServerSocketsResponse getServerSockets(io.grpc.cha
      * Returns a single Channel, or else a NOT_FOUND code.
      * </pre>
      */
-    public io.grpc.channelz.v1.GetChannelResponse getChannel(io.grpc.channelz.v1.GetChannelRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.channelz.v1.GetChannelResponse getChannel(io.grpc.channelz.v1.GetChannelRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetChannelMethod(), getCallOptions(), request);
     }
 
@@ -562,8 +562,8 @@ public io.grpc.channelz.v1.GetChannelResponse getChannel(io.grpc.channelz.v1.Get
      * Returns a single Subchannel, or else a NOT_FOUND code.
      * </pre>
      */
-    public io.grpc.channelz.v1.GetSubchannelResponse getSubchannel(io.grpc.channelz.v1.GetSubchannelRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.channelz.v1.GetSubchannelResponse getSubchannel(io.grpc.channelz.v1.GetSubchannelRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetSubchannelMethod(), getCallOptions(), request);
     }
 
@@ -572,8 +572,8 @@ public io.grpc.channelz.v1.GetSubchannelResponse getSubchannel(io.grpc.channelz.
      * Returns a single Socket or else a NOT_FOUND code.
      * </pre>
      */
-    public io.grpc.channelz.v1.GetSocketResponse getSocket(io.grpc.channelz.v1.GetSocketRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.channelz.v1.GetSocketResponse getSocket(io.grpc.channelz.v1.GetSocketRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getGetSocketMethod(), getCallOptions(), request);
     }
   }
diff --git a/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java b/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
index feb5932b0d9..b8e94ef7d20 100644
--- a/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
+++ b/services/src/generated/main/grpc/io/grpc/health/v1/HealthGrpc.java
@@ -256,8 +256,8 @@ protected HealthBlockingV2Stub build(
      * NOT_FOUND.
      * </pre>
      */
-    public io.grpc.health.v1.HealthCheckResponse check(io.grpc.health.v1.HealthCheckRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.health.v1.HealthCheckResponse check(io.grpc.health.v1.HealthCheckRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getCheckMethod(), getCallOptions(), request);
     }
 
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
index 5b7aaa1e4ec..978af2d887e 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherDynamicServiceGrpc.java
@@ -192,8 +192,8 @@ protected AnotherDynamicServiceBlockingV2Stub build(
      * A method
      * </pre>
      */
-    public io.grpc.reflection.testing.DynamicReply method(io.grpc.reflection.testing.DynamicRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.reflection.testing.DynamicReply method(io.grpc.reflection.testing.DynamicRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getMethodMethod(), getCallOptions(), request);
     }
   }
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
index f8b8d58e621..e688c3d5cca 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/AnotherReflectableServiceGrpc.java
@@ -168,8 +168,8 @@ protected AnotherReflectableServiceBlockingV2Stub build(
 
     /**
      */
-    public io.grpc.reflection.testing.Reply method(io.grpc.reflection.testing.Request request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.reflection.testing.Reply method(io.grpc.reflection.testing.Request request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getMethodMethod(), getCallOptions(), request);
     }
   }
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
index 81e60438518..efef61be151 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/DynamicServiceGrpc.java
@@ -192,8 +192,8 @@ protected DynamicServiceBlockingV2Stub build(
      * A method
      * </pre>
      */
-    public io.grpc.reflection.testing.DynamicReply method(io.grpc.reflection.testing.DynamicRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.reflection.testing.DynamicReply method(io.grpc.reflection.testing.DynamicRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getMethodMethod(), getCallOptions(), request);
     }
   }
diff --git a/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java b/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
index 5f620038b2c..b5d130d6952 100644
--- a/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
+++ b/services/src/generated/test/grpc/io/grpc/reflection/testing/ReflectableServiceGrpc.java
@@ -168,8 +168,8 @@ protected ReflectableServiceBlockingV2Stub build(
 
     /**
      */
-    public io.grpc.reflection.testing.Reply method(io.grpc.reflection.testing.Request request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.reflection.testing.Reply method(io.grpc.reflection.testing.Request request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getMethodMethod(), getCallOptions(), request);
     }
   }
diff --git a/stub/src/main/java/io/grpc/stub/ClientCalls.java b/stub/src/main/java/io/grpc/stub/ClientCalls.java
index f307c806489..e5a94f4d864 100644
--- a/stub/src/main/java/io/grpc/stub/ClientCalls.java
+++ b/stub/src/main/java/io/grpc/stub/ClientCalls.java
@@ -182,6 +182,23 @@ public static <ReqT, RespT> RespT blockingUnaryCall(
     }
   }
 
+  /**
+   * Executes a unary call and blocks on the response,
+   * throws a checked {@link StatusException}.
+   *
+   * @return the single response message.
+   * @throws StatusException on error
+   */
+  public static <ReqT, RespT> RespT blockingV2UnaryCall(
+      Channel channel, MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, ReqT req)
+      throws StatusException {
+    try {
+      return blockingUnaryCall(channel, method, callOptions, req);
+    } catch (StatusRuntimeException e) {
+      throw e.getStatus().asException(e.getTrailers());
+    }
+  }
+
   /**
    * Executes a server-streaming call returning a blocking {@link Iterator} over the
    * response stream.  The {@code call} should not be already started.  After calling this method,
diff --git a/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java b/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
index cccc4eb8f8a..e242fd0f513 100644
--- a/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
+++ b/testing-proto/src/generated/main/grpc/io/grpc/testing/protobuf/SimpleServiceGrpc.java
@@ -348,8 +348,8 @@ protected SimpleServiceBlockingV2Stub build(
      * Simple unary RPC.
      * </pre>
      */
-    public io.grpc.testing.protobuf.SimpleResponse unaryRpc(io.grpc.testing.protobuf.SimpleRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.grpc.testing.protobuf.SimpleResponse unaryRpc(io.grpc.testing.protobuf.SimpleRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getUnaryRpcMethod(), getCallOptions(), request);
     }
 
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
index 775fa0c1e3e..cb166503566 100644
--- a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/status/v3/ClientStatusDiscoveryServiceGrpc.java
@@ -248,8 +248,8 @@ protected ClientStatusDiscoveryServiceBlockingV2Stub build(
 
     /**
      */
-    public io.envoyproxy.envoy.service.status.v3.ClientStatusResponse fetchClientStatus(io.envoyproxy.envoy.service.status.v3.ClientStatusRequest request) {
-      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+    public io.envoyproxy.envoy.service.status.v3.ClientStatusResponse fetchClientStatus(io.envoyproxy.envoy.service.status.v3.ClientStatusRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
           getChannel(), getFetchClientStatusMethod(), getCallOptions(), request);
     }
   }

From 297ab05efeb0565c195518a819dfa851d1c0d62b Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 11 Jun 2025 18:56:13 +0000
Subject: [PATCH 287/591] xds: Convert CdsLb to XdsDepManager

I noticed we deviated from gRFC A37 in some ways. It turned out those
were added to the gRFC later in https://github.com/grpc/proposal/pull/344:
- NACKing empty aggregate clusters
- Failing aggregate cluster when children could not be loaded
- Recusion limit of 16. We had this behavior already, but it was
  ascribed to matching C++

There's disagreement on whether we should actually fail the aggregate
cluster for bad children, so I'm preserving the pre-existing behavior
for now.

The code is now doing a depth-first leaf traversal, not breadth-first.
This was odd to see, but the code was also pretty old, so the reasoning
seems lost to history. Since we haven't seen more than a single level of
aggregate clusters in practice, this wouldn't have been noticed by
users.

XdsDependencyManager.start() was created to guarantee that the callback
could not be called before returning from the constructor. Otherwise
XDS_CLUSTER_SUBSCRIPT_REGISTRY could potentially be null.
---
 .../java/io/grpc/xds/CdsLoadBalancer2.java    |  463 ++------
 .../io/grpc/xds/CdsLoadBalancerProvider.java  |   26 +-
 .../xds/RingHashLoadBalancerProvider.java     |    2 +-
 .../java/io/grpc/xds/XdsClusterResource.java  |    8 +-
 xds/src/main/java/io/grpc/xds/XdsConfig.java  |    8 +-
 .../io/grpc/xds/XdsDependencyManager.java     |   47 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |    9 +-
 .../io/grpc/xds/CdsLoadBalancer2Test.java     | 1035 +++++++----------
 .../grpc/xds/GrpcXdsClientImplTestBase.java   |   17 +
 .../xds/RingHashLoadBalancerProviderTest.java |    8 +-
 .../io/grpc/xds/XdsDependencyManagerTest.java |  112 +-
 .../test/java/io/grpc/xds/XdsTestUtils.java   |   32 +
 12 files changed, 731 insertions(+), 1036 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
index bb44071a484..c50f844d388 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
@@ -21,36 +21,30 @@
 import static io.grpc.xds.XdsLbPolicies.CLUSTER_RESOLVER_POLICY_NAME;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.InternalLogId;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver;
 import io.grpc.Status;
-import io.grpc.SynchronizationContext;
-import io.grpc.internal.ObjectPool;
+import io.grpc.StatusOr;
 import io.grpc.util.GracefulSwitchLoadBalancer;
 import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig.DiscoveryMechanism;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType;
-import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.client.XdsClient.ResourceWatcher;
+import io.grpc.xds.XdsConfig.Subscription;
+import io.grpc.xds.XdsConfig.XdsClusterConfig;
+import io.grpc.xds.XdsConfig.XdsClusterConfig.AggregateConfig;
+import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
-import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
 import java.util.List;
-import java.util.Map;
-import java.util.Queue;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import javax.annotation.Nullable;
 
 /**
  * Load balancer for cds_experimental LB policy. One instance per top-level cluster.
@@ -60,13 +54,11 @@
 final class CdsLoadBalancer2 extends LoadBalancer {
   private final XdsLogger logger;
   private final Helper helper;
-  private final SynchronizationContext syncContext;
   private final LoadBalancerRegistry lbRegistry;
   // Following fields are effectively final.
-  private ObjectPool<XdsClient> xdsClientPool;
-  private XdsClient xdsClient;
-  private CdsLbState cdsLbState;
-  private ResolvedAddresses resolvedAddresses;
+  private String clusterName;
+  private Subscription clusterSubscription;
+  private LoadBalancer childLb;
 
   CdsLoadBalancer2(Helper helper) {
     this(helper, LoadBalancerRegistry.getDefaultRegistry());
@@ -75,7 +67,6 @@ final class CdsLoadBalancer2 extends LoadBalancer {
   @VisibleForTesting
   CdsLoadBalancer2(Helper helper, LoadBalancerRegistry lbRegistry) {
     this.helper = checkNotNull(helper, "helper");
-    this.syncContext = checkNotNull(helper.getSynchronizationContext(), "syncContext");
     this.lbRegistry = checkNotNull(lbRegistry, "lbRegistry");
     logger = XdsLogger.withLogId(InternalLogId.allocate("cds-lb", helper.getAuthority()));
     logger.log(XdsLogLevel.INFO, "Created");
@@ -83,25 +74,115 @@ final class CdsLoadBalancer2 extends LoadBalancer {
 
   @Override
   public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-    if (this.resolvedAddresses != null) {
+    logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
+    if (this.clusterName == null) {
+      CdsConfig config = (CdsConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
+      logger.log(XdsLogLevel.INFO, "Config: {0}", config);
+      if (config.isDynamic) {
+        clusterSubscription = resolvedAddresses.getAttributes()
+            .get(XdsAttributes.XDS_CLUSTER_SUBSCRIPT_REGISTRY)
+            .subscribeToCluster(config.name);
+      }
+      this.clusterName = config.name;
+    }
+    XdsConfig xdsConfig = resolvedAddresses.getAttributes().get(XdsAttributes.XDS_CONFIG);
+    StatusOr<XdsClusterConfig> clusterConfigOr = xdsConfig.getClusters().get(clusterName);
+    if (clusterConfigOr == null) {
+      if (clusterSubscription == null) {
+        // Should be impossible, because XdsDependencyManager wouldn't have generated this
+        return fail(Status.INTERNAL.withDescription(
+            errorPrefix() + "Unable to find non-dynamic root cluster"));
+      }
+      // The dynamic cluster must not have loaded yet
       return Status.OK;
     }
-    logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
-    this.resolvedAddresses = resolvedAddresses;
-    xdsClientPool = resolvedAddresses.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL);
-    xdsClient = xdsClientPool.getObject();
-    CdsConfig config = (CdsConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
-    logger.log(XdsLogLevel.INFO, "Config: {0}", config);
-    cdsLbState = new CdsLbState(config.name);
-    cdsLbState.start();
-    return Status.OK;
+    if (!clusterConfigOr.hasValue()) {
+      return fail(clusterConfigOr.getStatus());
+    }
+    XdsClusterConfig clusterConfig = clusterConfigOr.getValue();
+    List<String> leafNames;
+    if (clusterConfig.getChildren() instanceof AggregateConfig) {
+      leafNames = ((AggregateConfig) clusterConfig.getChildren()).getLeafNames();
+    } else if (clusterConfig.getChildren() instanceof EndpointConfig) {
+      leafNames = ImmutableList.of(clusterName);
+    } else {
+      return fail(Status.INTERNAL.withDescription(
+          errorPrefix() + "Unexpected cluster children type: "
+          + clusterConfig.getChildren().getClass()));
+    }
+    if (leafNames.isEmpty()) {
+      // Should be impossible, because XdsClusterResource validated this
+      return fail(Status.UNAVAILABLE.withDescription(
+          errorPrefix() + "Zero leaf clusters for root cluster " + clusterName));
+    }
+
+    Status noneFoundError = Status.INTERNAL
+        .withDescription(errorPrefix() + "No leaves and no error; this is a bug");
+    List<DiscoveryMechanism> instances = new ArrayList<>();
+    for (String leafName : leafNames) {
+      StatusOr<XdsClusterConfig> leafConfigOr = xdsConfig.getClusters().get(leafName);
+      if (!leafConfigOr.hasValue()) {
+        noneFoundError = leafConfigOr.getStatus();
+        continue;
+      }
+      if (!(leafConfigOr.getValue().getChildren() instanceof EndpointConfig)) {
+        noneFoundError = Status.INTERNAL.withDescription(
+            errorPrefix() + "Unexpected child " + leafName + " cluster children type: "
+            + leafConfigOr.getValue().getChildren().getClass());
+        continue;
+      }
+      CdsUpdate result = leafConfigOr.getValue().getClusterResource();
+      DiscoveryMechanism instance;
+      if (result.clusterType() == ClusterType.EDS) {
+        instance = DiscoveryMechanism.forEds(
+            leafName,
+            result.edsServiceName(),
+            result.lrsServerInfo(),
+            result.maxConcurrentRequests(),
+            result.upstreamTlsContext(),
+            result.filterMetadata(),
+            result.outlierDetection());
+      } else {
+        instance = DiscoveryMechanism.forLogicalDns(
+            leafName,
+            result.dnsHostName(),
+            result.lrsServerInfo(),
+            result.maxConcurrentRequests(),
+            result.upstreamTlsContext(),
+            result.filterMetadata());
+      }
+      instances.add(instance);
+    }
+    if (instances.isEmpty()) {
+      return fail(noneFoundError);
+    }
+
+    // The LB policy config is provided in service_config.proto/JSON format.
+    NameResolver.ConfigOrError configOrError =
+        GracefulSwitchLoadBalancer.parseLoadBalancingPolicyConfig(
+            Arrays.asList(clusterConfig.getClusterResource().lbPolicyConfig()), lbRegistry);
+    if (configOrError.getError() != null) {
+      // Should be impossible, because XdsClusterResource validated this
+      return fail(Status.INTERNAL.withDescription(
+          errorPrefix() + "Unable to parse the LB config: " + configOrError.getError()));
+    }
+
+    ClusterResolverConfig config = new ClusterResolverConfig(
+        Collections.unmodifiableList(instances),
+        configOrError.getConfig(),
+        clusterConfig.getClusterResource().isHttp11ProxyAvailable());
+    if (childLb == null) {
+      childLb = lbRegistry.getProvider(CLUSTER_RESOLVER_POLICY_NAME).newLoadBalancer(helper);
+    }
+    return childLb.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(config).build());
   }
 
   @Override
   public void handleNameResolutionError(Status error) {
     logger.log(XdsLogLevel.WARNING, "Received name resolution error: {0}", error);
-    if (cdsLbState != null && cdsLbState.childLb != null) {
-      cdsLbState.childLb.handleNameResolutionError(error);
+    if (childLb != null) {
+      childLb.handleNameResolutionError(error);
     } else {
       helper.updateBalancingState(
           TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
@@ -111,314 +192,28 @@ public void handleNameResolutionError(Status error) {
   @Override
   public void shutdown() {
     logger.log(XdsLogLevel.INFO, "Shutdown");
-    if (cdsLbState != null) {
-      cdsLbState.shutdown();
+    if (childLb != null) {
+      childLb.shutdown();
+      childLb = null;
     }
-    if (xdsClientPool != null) {
-      xdsClientPool.returnObject(xdsClient);
+    if (clusterSubscription != null) {
+      clusterSubscription.close();
+      clusterSubscription = null;
     }
   }
 
-  /**
-   * The state of a CDS working session of {@link CdsLoadBalancer2}. Created and started when
-   * receiving the CDS LB policy config with the top-level cluster name.
-   */
-  private final class CdsLbState {
-
-    private final ClusterState root;
-    private final Map<String, ClusterState> clusterStates = new ConcurrentHashMap<>();
-    private LoadBalancer childLb;
-
-    private CdsLbState(String rootCluster) {
-      root = new ClusterState(rootCluster);
-    }
-
-    private void start() {
-      root.start();
-    }
-
-    private void shutdown() {
-      root.shutdown();
-      if (childLb != null) {
-        childLb.shutdown();
-      }
+  @CheckReturnValue // don't forget to return up the stack after the fail call
+  private Status fail(Status error) {
+    if (childLb != null) {
+      childLb.shutdown();
+      childLb = null;
     }
+    helper.updateBalancingState(
+        TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
+    return Status.OK; // XdsNameResolver isn't a polling NR, so this value doesn't matter
+  }
 
-    private void handleClusterDiscovered() {
-      List<DiscoveryMechanism> instances = new ArrayList<>();
-
-      // Used for loop detection to break the infinite recursion that loops would cause
-      Map<ClusterState, List<ClusterState>> parentClusters = new HashMap<>();
-      Status loopStatus = null;
-
-      // Level-order traversal.
-      // Collect configurations for all non-aggregate (leaf) clusters.
-      Queue<ClusterState> queue = new ArrayDeque<>();
-      queue.add(root);
-      while (!queue.isEmpty()) {
-        int size = queue.size();
-        for (int i = 0; i < size; i++) {
-          ClusterState clusterState = queue.remove();
-          if (!clusterState.discovered) {
-            return;  // do not proceed until all clusters discovered
-          }
-          if (clusterState.result == null) {  // resource revoked or not exists
-            continue;
-          }
-          if (clusterState.isLeaf) {
-            if (instances.stream().map(inst -> inst.cluster).noneMatch(clusterState.name::equals)) {
-              DiscoveryMechanism instance;
-              if (clusterState.result.clusterType() == ClusterType.EDS) {
-                instance = DiscoveryMechanism.forEds(
-                    clusterState.name, clusterState.result.edsServiceName(),
-                    clusterState.result.lrsServerInfo(),
-                    clusterState.result.maxConcurrentRequests(),
-                    clusterState.result.upstreamTlsContext(),
-                    clusterState.result.filterMetadata(),
-                    clusterState.result.outlierDetection());
-              } else {  // logical DNS
-                instance = DiscoveryMechanism.forLogicalDns(
-                    clusterState.name, clusterState.result.dnsHostName(),
-                    clusterState.result.lrsServerInfo(),
-                    clusterState.result.maxConcurrentRequests(),
-                    clusterState.result.upstreamTlsContext(),
-                    clusterState.result.filterMetadata());
-              }
-              instances.add(instance);
-            }
-          } else {
-            if (clusterState.childClusterStates == null) {
-              continue;
-            }
-            // Do loop detection and break recursion if detected
-            List<String> namesCausingLoops = identifyLoops(clusterState, parentClusters);
-            if (namesCausingLoops.isEmpty()) {
-              queue.addAll(clusterState.childClusterStates.values());
-            } else {
-              // Do cleanup
-              if (childLb != null) {
-                childLb.shutdown();
-                childLb = null;
-              }
-              if (loopStatus != null) {
-                logger.log(XdsLogLevel.WARNING,
-                    "Multiple loops in CDS config.  Old msg:  " + loopStatus.getDescription());
-              }
-              loopStatus = Status.UNAVAILABLE.withDescription(String.format(
-                  "CDS error: circular aggregate clusters directly under %s for "
-                      + "root cluster %s, named %s, xDS node ID: %s",
-                  clusterState.name, root.name, namesCausingLoops,
-                  xdsClient.getBootstrapInfo().node().getId()));
-            }
-          }
-        }
-      }
-
-      if (loopStatus != null) {
-        helper.updateBalancingState(
-            TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(loopStatus)));
-        return;
-      }
-
-      if (instances.isEmpty()) {  // none of non-aggregate clusters exists
-        if (childLb != null) {
-          childLb.shutdown();
-          childLb = null;
-        }
-        Status unavailable = Status.UNAVAILABLE.withDescription(String.format(
-            "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster %s"
-                + " xDS node ID: %s", root.name, xdsClient.getBootstrapInfo().node().getId()));
-        helper.updateBalancingState(
-            TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(unavailable)));
-        return;
-      }
-
-      // The LB policy config is provided in service_config.proto/JSON format.
-      NameResolver.ConfigOrError configOrError =
-          GracefulSwitchLoadBalancer.parseLoadBalancingPolicyConfig(
-              Arrays.asList(root.result.lbPolicyConfig()), lbRegistry);
-      if (configOrError.getError() != null) {
-        throw configOrError.getError().augmentDescription("Unable to parse the LB config")
-            .asRuntimeException();
-      }
-
-      ClusterResolverConfig config = new ClusterResolverConfig(
-          Collections.unmodifiableList(instances),
-          configOrError.getConfig(),
-          root.result.isHttp11ProxyAvailable());
-      if (childLb == null) {
-        childLb = lbRegistry.getProvider(CLUSTER_RESOLVER_POLICY_NAME).newLoadBalancer(helper);
-      }
-      childLb.handleResolvedAddresses(
-          resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(config).build());
-    }
-
-    /**
-     * Returns children that would cause loops and builds up the parentClusters map.
-     **/
-
-    private List<String> identifyLoops(ClusterState clusterState,
-        Map<ClusterState, List<ClusterState>> parentClusters) {
-      Set<String> ancestors = new HashSet<>();
-      ancestors.add(clusterState.name);
-      addAncestors(ancestors, clusterState, parentClusters);
-
-      List<String> namesCausingLoops = new ArrayList<>();
-      for (ClusterState state : clusterState.childClusterStates.values()) {
-        if (ancestors.contains(state.name)) {
-          namesCausingLoops.add(state.name);
-        }
-      }
-
-      // Update parent map with entries from remaining children to clusterState
-      clusterState.childClusterStates.values().stream()
-          .filter(child -> !namesCausingLoops.contains(child.name))
-          .forEach(
-              child -> parentClusters.computeIfAbsent(child, k -> new ArrayList<>())
-                  .add(clusterState));
-
-      return namesCausingLoops;
-    }
-
-    /** Recursively add all parents to the ancestors list. **/
-    private void addAncestors(Set<String> ancestors, ClusterState clusterState,
-        Map<ClusterState, List<ClusterState>> parentClusters) {
-      List<ClusterState> directParents = parentClusters.get(clusterState);
-      if (directParents != null) {
-        directParents.stream().map(c -> c.name).forEach(ancestors::add);
-        directParents.forEach(p -> addAncestors(ancestors, p, parentClusters));
-      }
-    }
-
-    private void handleClusterDiscoveryError(Status error) {
-      String description = error.getDescription() == null ? "" : error.getDescription() + " ";
-      Status errorWithNodeId = error.withDescription(
-              description + "xDS node ID: " + xdsClient.getBootstrapInfo().node().getId());
-      if (childLb != null) {
-        childLb.handleNameResolutionError(errorWithNodeId);
-      } else {
-        helper.updateBalancingState(
-            TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(errorWithNodeId)));
-      }
-    }
-
-    private final class ClusterState implements ResourceWatcher<CdsUpdate> {
-      private final String name;
-      @Nullable
-      private Map<String, ClusterState> childClusterStates;
-      @Nullable
-      private CdsUpdate result;
-      // Following fields are effectively final.
-      private boolean isLeaf;
-      private boolean discovered;
-      private boolean shutdown;
-
-      private ClusterState(String name) {
-        this.name = name;
-      }
-
-      private void start() {
-        shutdown = false;
-        xdsClient.watchXdsResource(XdsClusterResource.getInstance(), name, this, syncContext);
-      }
-
-      void shutdown() {
-        shutdown = true;
-        xdsClient.cancelXdsResourceWatch(XdsClusterResource.getInstance(), name, this);
-        if (childClusterStates != null) {
-          // recursively shut down all descendants
-          childClusterStates.values().stream()
-              .filter(state -> !state.shutdown)
-              .forEach(ClusterState::shutdown);
-        }
-      }
-
-      @Override
-      public void onError(Status error) {
-        Status status = Status.UNAVAILABLE
-            .withDescription(
-                String.format("Unable to load CDS %s. xDS server returned: %s: %s",
-                  name, error.getCode(), error.getDescription()))
-            .withCause(error.getCause());
-        if (shutdown) {
-          return;
-        }
-        // All watchers should receive the same error, so we only propagate it once.
-        if (ClusterState.this == root) {
-          handleClusterDiscoveryError(status);
-        }
-      }
-
-      @Override
-      public void onResourceDoesNotExist(String resourceName) {
-        if (shutdown) {
-          return;
-        }
-        discovered = true;
-        result = null;
-        if (childClusterStates != null) {
-          for (ClusterState state : childClusterStates.values()) {
-            state.shutdown();
-          }
-          childClusterStates = null;
-        }
-        handleClusterDiscovered();
-      }
-
-      @Override
-      public void onChanged(final CdsUpdate update) {
-        if (shutdown) {
-          return;
-        }
-        logger.log(XdsLogLevel.DEBUG, "Received cluster update {0}", update);
-        discovered = true;
-        result = update;
-        if (update.clusterType() == ClusterType.AGGREGATE) {
-          isLeaf = false;
-          logger.log(XdsLogLevel.INFO, "Aggregate cluster {0}, underlying clusters: {1}",
-              update.clusterName(), update.prioritizedClusterNames());
-          Map<String, ClusterState> newChildStates = new LinkedHashMap<>();
-          for (String cluster : update.prioritizedClusterNames()) {
-            if (newChildStates.containsKey(cluster)) {
-              logger.log(XdsLogLevel.WARNING,
-                  String.format("duplicate cluster name %s in aggregate %s is being ignored",
-                      cluster, update.clusterName()));
-              continue;
-            }
-            if (childClusterStates == null || !childClusterStates.containsKey(cluster)) {
-              ClusterState childState;
-              if (clusterStates.containsKey(cluster)) {
-                childState = clusterStates.get(cluster);
-                if (childState.shutdown) {
-                  childState.start();
-                }
-              } else {
-                childState = new ClusterState(cluster);
-                clusterStates.put(cluster, childState);
-                childState.start();
-              }
-              newChildStates.put(cluster, childState);
-            } else {
-              newChildStates.put(cluster, childClusterStates.remove(cluster));
-            }
-          }
-          if (childClusterStates != null) {  // stop subscribing to revoked child clusters
-            for (ClusterState watcher : childClusterStates.values()) {
-              watcher.shutdown();
-            }
-          }
-          childClusterStates = newChildStates;
-        } else if (update.clusterType() == ClusterType.EDS) {
-          isLeaf = true;
-          logger.log(XdsLogLevel.INFO, "EDS cluster {0}, edsServiceName: {1}",
-              update.clusterName(), update.edsServiceName());
-        } else {  // logical DNS
-          isLeaf = true;
-          logger.log(XdsLogLevel.INFO, "Logical DNS cluster {0}", update.clusterName());
-        }
-        handleClusterDiscovered();
-      }
-
-    }
+  private String errorPrefix() {
+    return "CdsLb for " + clusterName + ": ";
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancerProvider.java
index 01bd2ab27f6..9b242822f6c 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancerProvider.java
@@ -36,8 +36,6 @@
 @Internal
 public class CdsLoadBalancerProvider extends LoadBalancerProvider {
 
-  private static final String CLUSTER_KEY = "cluster";
-
   @Override
   public boolean isAvailable() {
     return true;
@@ -70,9 +68,12 @@ public ConfigOrError parseLoadBalancingPolicyConfig(
    */
   static ConfigOrError parseLoadBalancingConfigPolicy(Map<String, ?> rawLoadBalancingPolicyConfig) {
     try {
-      String cluster =
-          JsonUtil.getString(rawLoadBalancingPolicyConfig, CLUSTER_KEY);
-      return ConfigOrError.fromConfig(new CdsConfig(cluster));
+      String cluster = JsonUtil.getString(rawLoadBalancingPolicyConfig, "cluster");
+      Boolean isDynamic = JsonUtil.getBoolean(rawLoadBalancingPolicyConfig, "is_dynamic");
+      if (isDynamic == null) {
+        isDynamic = Boolean.FALSE;
+      }
+      return ConfigOrError.fromConfig(new CdsConfig(cluster, isDynamic));
     } catch (RuntimeException e) {
       return ConfigOrError.fromError(
           Status.UNAVAILABLE.withCause(e).withDescription(
@@ -89,15 +90,28 @@ static final class CdsConfig {
      * Name of cluster to query CDS for.
      */
     final String name;
+    /**
+     * Whether this cluster was dynamically chosen, so the XdsDependencyManager may be unaware of
+     * it without an explicit cluster subscription.
+     */
+    final boolean isDynamic;
 
     CdsConfig(String name) {
+      this(name, false);
+    }
+
+    CdsConfig(String name, boolean isDynamic) {
       checkArgument(name != null && !name.isEmpty(), "name is null or empty");
       this.name = name;
+      this.isDynamic = isDynamic;
     }
 
     @Override
     public String toString() {
-      return MoreObjects.toStringHelper(this).add("name", name).toString();
+      return MoreObjects.toStringHelper(this)
+          .add("name", name)
+          .add("isDynamic", isDynamic)
+          .toString();
     }
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancerProvider.java
index 035ff76c585..bb4f8de5a5f 100644
--- a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancerProvider.java
@@ -104,7 +104,7 @@ private ConfigOrError parseLoadBalancingPolicyConfigInternal(
     }
     if (minRingSize <= 0 || maxRingSize <= 0 || minRingSize > maxRingSize) {
       return ConfigOrError.fromError(Status.UNAVAILABLE.withDescription(
-          "Invalid 'mingRingSize'/'maxRingSize'"));
+          "Invalid 'minRingSize'/'maxRingSize'"));
     }
     return ConfigOrError.fromConfig(
         new RingHashConfig(minRingSize, maxRingSize, requestHashHeader));
diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index 3f2b2d8fd7e..a5220515b6c 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -172,7 +172,9 @@ static CdsUpdate processCluster(Cluster cluster,
         lbConfig.getPolicyName()).parseLoadBalancingPolicyConfig(
         lbConfig.getRawConfigValue());
     if (configOrError.getError() != null) {
-      throw new ResourceInvalidException(structOrError.getErrorDetail());
+      throw new ResourceInvalidException(
+          "Failed to parse lb config for cluster '" + cluster.getName() + "': "
+          + configOrError.getError());
     }
 
     updateBuilder.lbPolicyConfig(lbPolicyConfig);
@@ -209,6 +211,10 @@ private static StructOrError<CdsUpdate.Builder> parseAggregateCluster(Cluster cl
     } catch (InvalidProtocolBufferException e) {
       return StructOrError.fromError("Cluster " + clusterName + ": malformed ClusterConfig: " + e);
     }
+    if (clusterConfig.getClustersList().isEmpty()) {
+      return StructOrError.fromError("Cluster " + clusterName
+          + ": aggregate ClusterConfig.clusters must not be empty");
+    }
     return StructOrError.fromStruct(CdsUpdate.forAggregate(
         clusterName, clusterConfig.getClustersList()));
   }
diff --git a/xds/src/main/java/io/grpc/xds/XdsConfig.java b/xds/src/main/java/io/grpc/xds/XdsConfig.java
index 1f464aa1321..d184f08de55 100644
--- a/xds/src/main/java/io/grpc/xds/XdsConfig.java
+++ b/xds/src/main/java/io/grpc/xds/XdsConfig.java
@@ -254,6 +254,12 @@ XdsConfig build() {
   }
 
   public interface XdsClusterSubscriptionRegistry {
-    Closeable subscribeToCluster(String clusterName);
+    Subscription subscribeToCluster(String clusterName);
+  }
+
+  public interface Subscription extends Closeable {
+    /** Release resources without throwing exceptions. */
+    @Override
+    void close();
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 45ae7074d16..0428852648d 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
 import static io.grpc.xds.client.XdsClient.ResourceUpdate;
 
 import com.google.common.annotations.VisibleForTesting;
@@ -34,8 +35,6 @@
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.client.XdsResourceType;
-import java.io.Closeable;
-import java.io.IOException;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -56,39 +55,43 @@
 final class XdsDependencyManager implements XdsConfig.XdsClusterSubscriptionRegistry {
   public static final XdsClusterResource CLUSTER_RESOURCE = XdsClusterResource.getInstance();
   public static final XdsEndpointResource ENDPOINT_RESOURCE = XdsEndpointResource.getInstance();
-  private static final int MAX_CLUSTER_RECURSION_DEPTH = 16; // Matches C++
+  private static final int MAX_CLUSTER_RECURSION_DEPTH = 16; // Specified by gRFC A37
   private final String listenerName;
   private final XdsClient xdsClient;
-  private final XdsConfigWatcher xdsConfigWatcher;
   private final SynchronizationContext syncContext;
   private final String dataPlaneAuthority;
+  private XdsConfigWatcher xdsConfigWatcher;
 
   private StatusOr<XdsConfig> lastUpdate = null;
   private final Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers = new HashMap<>();
   private final Set<ClusterSubscription> subscriptions = new HashSet<>();
 
-  XdsDependencyManager(XdsClient xdsClient, XdsConfigWatcher xdsConfigWatcher,
+  XdsDependencyManager(XdsClient xdsClient,
                        SynchronizationContext syncContext, String dataPlaneAuthority,
                        String listenerName, NameResolver.Args nameResolverArgs,
                        ScheduledExecutorService scheduler) {
     this.listenerName = checkNotNull(listenerName, "listenerName");
     this.xdsClient = checkNotNull(xdsClient, "xdsClient");
-    this.xdsConfigWatcher = checkNotNull(xdsConfigWatcher, "xdsConfigWatcher");
     this.syncContext = checkNotNull(syncContext, "syncContext");
     this.dataPlaneAuthority = checkNotNull(dataPlaneAuthority, "dataPlaneAuthority");
     checkNotNull(nameResolverArgs, "nameResolverArgs");
     checkNotNull(scheduler, "scheduler");
-
-    // start the ball rolling
-    syncContext.execute(() -> addWatcher(new LdsWatcher(listenerName)));
   }
 
   public static String toContextStr(String typeName, String resourceName) {
     return typeName + " resource " + resourceName;
   }
 
+  public void start(XdsConfigWatcher xdsConfigWatcher) {
+    checkState(this.xdsConfigWatcher == null, "dep manager may not be restarted");
+    this.xdsConfigWatcher = checkNotNull(xdsConfigWatcher, "xdsConfigWatcher");
+    // start the ball rolling
+    syncContext.execute(() -> addWatcher(new LdsWatcher(listenerName)));
+  }
+
   @Override
-  public Closeable subscribeToCluster(String clusterName) {
+  public XdsConfig.Subscription subscribeToCluster(String clusterName) {
+    checkState(this.xdsConfigWatcher != null, "dep manager must first be started");
     checkNotNull(clusterName, "clusterName");
     ClusterSubscription subscription = new ClusterSubscription(clusterName);
 
@@ -291,10 +294,17 @@ private static void addConfigForCluster(
           addConfigForCluster(clusters, childCluster, ancestors, tracer);
           StatusOr<XdsConfig.XdsClusterConfig> config = clusters.get(childCluster);
           if (!config.hasValue()) {
-            clusters.put(clusterName, StatusOr.fromStatus(Status.INTERNAL.withDescription(
-                "Unable to get leaves for " + clusterName + ": "
-                + config.getStatus().getDescription())));
-            return;
+            // gRFC A37 says: If any of a CDS policy's watchers reports that the resource does not
+            // exist the policy should report that it is in TRANSIENT_FAILURE. If any of the
+            // watchers reports a transient ADS stream error, the policy should report that it is in
+            // TRANSIENT_FAILURE if it has never passed a config to its child.
+            //
+            // But there's currently disagreement about whether that is actually what we want, and
+            // that was not originally implemented in gRPC Java. So we're keeping Java's old
+            // behavior for now and only failing the "leaves" (which is a bit arbitrary for a
+            // cycle).
+            leafNames.add(childCluster);
+            continue;
           }
           XdsConfig.XdsClusterConfig.ClusterChild children = config.getValue().getChildren();
           if (children instanceof AggregateConfig) {
@@ -325,6 +335,11 @@ private static void addConfigForCluster(
       default:
         throw new IllegalStateException("Unexpected value: " + cdsUpdate.clusterType());
     }
+    if (clusters.containsKey(clusterName)) {
+      // If a cycle is detected, we'll have detected it while recursing, so now there will be a key
+      // present. We don't want to overwrite it with a non-error value.
+      return;
+    }
     clusters.put(clusterName, StatusOr.fromValue(
         new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
   }
@@ -406,7 +421,7 @@ public interface XdsConfigWatcher {
     void onUpdate(StatusOr<XdsConfig> config);
   }
 
-  private final class ClusterSubscription implements Closeable {
+  private final class ClusterSubscription implements XdsConfig.Subscription {
     private final String clusterName;
     boolean closed; // Accessed from syncContext
 
@@ -419,7 +434,7 @@ String getClusterName() {
     }
 
     @Override
-    public void close() throws IOException {
+    public void close() {
       releaseSubscription(this);
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index a14abf95f41..37a8e19ef3f 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -230,7 +230,8 @@ public void start(Listener2 listener) {
     ldsResourceName = XdsClient.canonifyResourceName(ldsResourceName);
     callCounterProvider = SharedCallCounterMap.getInstance();
 
-    resolveState = new ResolveState(ldsResourceName); // auto starts
+    resolveState = new ResolveState(ldsResourceName);
+    resolveState.start();
   }
 
   private static String expandPercentS(String template, String replacement) {
@@ -653,10 +654,14 @@ class ResolveState implements XdsDependencyManager.XdsConfigWatcher {
     private ResolveState(String ldsResourceName) {
       authority = overrideAuthority != null ? overrideAuthority : encodedServiceAuthority;
       xdsDependencyManager =
-          new XdsDependencyManager(xdsClient, this, syncContext, authority, ldsResourceName,
+          new XdsDependencyManager(xdsClient, syncContext, authority, ldsResourceName,
               nameResolverArgs, scheduler);
     }
 
+    void start() {
+      xdsDependencyManager.start(this);
+    }
+
     private void shutdown() {
       if (stopped) {
         return;
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index 479bde76ce5..f9a09f704a7 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -18,28 +18,50 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.XdsLbPolicies.CLUSTER_RESOLVER_POLICY_NAME;
-import static org.junit.Assert.fail;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_EDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_LDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_RDS;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
-import com.google.common.collect.ImmutableList;
+import com.github.xds.type.v3.TypedStruct;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
+import com.google.protobuf.Any;
+import com.google.protobuf.Struct;
+import com.google.protobuf.UInt32Value;
+import com.google.protobuf.Value;
+import io.envoyproxy.envoy.config.cluster.v3.CircuitBreakers;
+import io.envoyproxy.envoy.config.cluster.v3.Cluster;
+import io.envoyproxy.envoy.config.cluster.v3.LoadBalancingPolicy;
+import io.envoyproxy.envoy.config.cluster.v3.LoadBalancingPolicy.Policy;
+import io.envoyproxy.envoy.config.cluster.v3.OutlierDetection;
+import io.envoyproxy.envoy.config.core.v3.Address;
+import io.envoyproxy.envoy.config.core.v3.AggregatedConfigSource;
+import io.envoyproxy.envoy.config.core.v3.ConfigSource;
+import io.envoyproxy.envoy.config.core.v3.RoutingPriority;
+import io.envoyproxy.envoy.config.core.v3.SelfConfigSource;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress;
+import io.envoyproxy.envoy.config.core.v3.TransportSocket;
+import io.envoyproxy.envoy.config.core.v3.TypedExtensionConfig;
+import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
+import io.envoyproxy.envoy.config.endpoint.v3.Endpoint;
+import io.envoyproxy.envoy.config.endpoint.v3.LbEndpoint;
+import io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints;
+import io.envoyproxy.envoy.extensions.clusters.aggregate.v3.ClusterConfig;
+import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext;
 import io.grpc.Attributes;
+import io.grpc.ChannelLogger;
 import io.grpc.ConnectivityState;
-import io.grpc.EquivalentAddressGroup;
-import io.grpc.InsecureChannelCredentials;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancer.PickResult;
 import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.LoadBalancer.ResolvedAddresses;
-import io.grpc.LoadBalancer.Subchannel;
 import io.grpc.LoadBalancer.SubchannelPicker;
 import io.grpc.LoadBalancerProvider;
 import io.grpc.LoadBalancerRegistry;
@@ -47,31 +69,25 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
-import io.grpc.internal.ObjectPool;
+import io.grpc.inprocess.InProcessChannelBuilder;
+import io.grpc.inprocess.InProcessServerBuilder;
+import io.grpc.internal.FakeClock;
+import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.util.GracefulSwitchLoadBalancerAccessor;
 import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig.DiscoveryMechanism;
-import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
+import io.grpc.xds.EnvoyServerProtoData.FailurePercentageEjection;
 import io.grpc.xds.EnvoyServerProtoData.SuccessRateEjection;
-import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
-import io.grpc.xds.LeastRequestLoadBalancer.LeastRequestConfig;
-import io.grpc.xds.RingHashLoadBalancer.RingHashConfig;
-import io.grpc.xds.XdsClusterResource.CdsUpdate;
-import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
-import io.grpc.xds.client.EnvoyProtoData;
 import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.concurrent.Executor;
-import javax.annotation.Nullable;
+import java.util.concurrent.TimeUnit;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -90,601 +106,446 @@
 @RunWith(JUnit4.class)
 public class CdsLoadBalancer2Test {
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
+  @Rule
+  public final GrpcCleanupRule cleanupRule = new GrpcCleanupRule();
 
+  private static final String SERVER_NAME = "example.com";
   private static final String CLUSTER = "cluster-foo.googleapis.com";
   private static final String EDS_SERVICE_NAME = "backend-service-1.googleapis.com";
-  private static final String DNS_HOST_NAME = "backend-service-dns.googleapis.com:443";
-  private static final ServerInfo LRS_SERVER_INFO =
-      ServerInfo.create("lrs.googleapis.com", InsecureChannelCredentials.create());
-  private static final String SERVER_URI = "trafficdirector.googleapis.com";
-  private static final String NODE_ID =
-      "projects/42/networks/default/nodes/5c85b298-6f5b-4722-b74a-f7d1f0ccf5ad";
-  private static final EnvoyProtoData.Node BOOTSTRAP_NODE =
-      EnvoyProtoData.Node.newBuilder().setId(NODE_ID).build();
-  private static final BootstrapInfo BOOTSTRAP_INFO = BootstrapInfo.builder()
-      .servers(ImmutableList.of(
-          ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create())))
-      .node(BOOTSTRAP_NODE)
+  private static final String NODE_ID = "node-id";
+  private final io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext upstreamTlsContext =
+      CommonTlsContextTestsUtil.buildUpstreamTlsContext("cert-instance-name", true);
+  private static final Cluster EDS_CLUSTER = Cluster.newBuilder()
+      .setName(CLUSTER)
+      .setType(Cluster.DiscoveryType.EDS)
+      .setEdsClusterConfig(Cluster.EdsClusterConfig.newBuilder()
+          .setServiceName(EDS_SERVICE_NAME)
+          .setEdsConfig(ConfigSource.newBuilder()
+            .setAds(AggregatedConfigSource.newBuilder())))
       .build();
-  private final UpstreamTlsContext upstreamTlsContext =
-      CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
-  private final OutlierDetection outlierDetection = OutlierDetection.create(
-      null, null, null, null, SuccessRateEjection.create(null, null, null, null), null);
-
-
-  private static final SynchronizationContext syncContext = new SynchronizationContext(
-      new Thread.UncaughtExceptionHandler() {
-        @Override
-        public void uncaughtException(Thread t, Throwable e) {
-          throw new RuntimeException(e);
-          //throw new AssertionError(e);
-        }
-      });
+
+  private final FakeClock fakeClock = new FakeClock();
   private final LoadBalancerRegistry lbRegistry = new LoadBalancerRegistry();
   private final List<FakeLoadBalancer> childBalancers = new ArrayList<>();
-  private final FakeXdsClient xdsClient = new FakeXdsClient();
-  private final ObjectPool<XdsClient> xdsClientPool = new ObjectPool<XdsClient>() {
-    @Override
-    public XdsClient getObject() {
-      xdsClientRefs++;
-      return xdsClient;
-    }
-
-    @Override
-    public XdsClient returnObject(Object object) {
-      xdsClientRefs--;
-      return null;
-    }
-  };
+  private final XdsTestControlPlaneService controlPlaneService = new XdsTestControlPlaneService();
+  private final XdsClient xdsClient = XdsTestUtils.createXdsClient(
+      Arrays.asList("control-plane.example.com"),
+      serverInfo -> new GrpcXdsTransportFactory.GrpcXdsTransport(
+          InProcessChannelBuilder
+            .forName(serverInfo.target())
+            .directExecutor()
+            .build()),
+      fakeClock);
+  private final ServerInfo lrsServerInfo = xdsClient.getBootstrapInfo().servers().get(0);
+  private XdsDependencyManager xdsDepManager;
 
   @Mock
   private Helper helper;
   @Captor
   private ArgumentCaptor<SubchannelPicker> pickerCaptor;
-  private int xdsClientRefs;
-  private CdsLoadBalancer2  loadBalancer;
+  private CdsLoadBalancer2 loadBalancer;
+  private XdsConfig lastXdsConfig;
 
   @Before
-  public void setUp() {
-    when(helper.getSynchronizationContext()).thenReturn(syncContext);
+  public void setUp() throws Exception {
     lbRegistry.register(new FakeLoadBalancerProvider(CLUSTER_RESOLVER_POLICY_NAME));
     lbRegistry.register(new FakeLoadBalancerProvider("round_robin"));
     lbRegistry.register(
         new FakeLoadBalancerProvider("ring_hash_experimental", new RingHashLoadBalancerProvider()));
     lbRegistry.register(new FakeLoadBalancerProvider("least_request_experimental",
         new LeastRequestLoadBalancerProvider()));
+    lbRegistry.register(new FakeLoadBalancerProvider("wrr_locality_experimental",
+          new WrrLocalityLoadBalancerProvider()));
     loadBalancer = new CdsLoadBalancer2(helper, lbRegistry);
-    loadBalancer.acceptResolvedAddresses(
-        ResolvedAddresses.newBuilder()
-            .setAddresses(Collections.<EquivalentAddressGroup>emptyList())
-            .setAttributes(
-                // Other attributes not used by cluster_resolver LB are omitted.
-                Attributes.newBuilder()
-                    .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
-                    .build())
-            .setLoadBalancingPolicyConfig(new CdsConfig(CLUSTER))
-            .build());
-    assertThat(Iterables.getOnlyElement(xdsClient.watchers.keySet())).isEqualTo(CLUSTER);
+
+    cleanupRule.register(InProcessServerBuilder
+        .forName("control-plane.example.com")
+        .addService(controlPlaneService)
+        .directExecutor()
+        .build()
+        .start());
+
+    SynchronizationContext syncContext = new SynchronizationContext((t, e) -> {
+      throw new AssertionError(e);
+    });
+
+    NameResolver.Args nameResolverArgs = NameResolver.Args.newBuilder()
+        .setDefaultPort(8080)
+        .setProxyDetector((address) -> null)
+        .setSynchronizationContext(syncContext)
+        .setServiceConfigParser(mock(NameResolver.ServiceConfigParser.class))
+        .setChannelLogger(mock(ChannelLogger.class))
+        .setScheduledExecutorService(fakeClock.getScheduledExecutorService())
+        .build();
+
+    xdsDepManager = new XdsDependencyManager(
+        xdsClient,
+        syncContext,
+        SERVER_NAME,
+        SERVER_NAME,
+        nameResolverArgs,
+        fakeClock.getScheduledExecutorService());
+
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS, ImmutableMap.of(
+        SERVER_NAME, ControlPlaneRule.buildClientListener(SERVER_NAME, "my-route")));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_RDS, ImmutableMap.of(
+        "my-route", XdsTestUtils.buildRouteConfiguration(SERVER_NAME, "my-route", CLUSTER)));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, ControlPlaneRule.buildClusterLoadAssignment(
+            "127.0.0.1", "", 1234, EDS_SERVICE_NAME)));
   }
 
   @After
   public void tearDown() {
-    loadBalancer.shutdown();
-    assertThat(xdsClient.watchers).isEmpty();
-    assertThat(xdsClientRefs).isEqualTo(0);
+    if (loadBalancer != null) {
+      shutdownLoadBalancer();
+    }
     assertThat(childBalancers).isEmpty();
+
+    if (xdsDepManager != null) {
+      xdsDepManager.shutdown();
+    }
+    xdsClient.shutdown();
+  }
+
+  private void shutdownLoadBalancer() {
+    LoadBalancer lb = this.loadBalancer;
+    this.loadBalancer = null; // Must avoid calling acceptResolvedAddresses after shutdown
+    lb.shutdown();
   }
 
   @Test
   public void discoverTopLevelEdsCluster() {
-    CdsUpdate update =
-        CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext,
-                outlierDetection, false)
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
+    Cluster cluster = Cluster.newBuilder()
+        .setName(CLUSTER)
+        .setType(Cluster.DiscoveryType.EDS)
+        .setEdsClusterConfig(Cluster.EdsClusterConfig.newBuilder()
+          .setServiceName(EDS_SERVICE_NAME)
+          .setEdsConfig(ConfigSource.newBuilder()
+            .setAds(AggregatedConfigSource.newBuilder())))
+        .setLbPolicy(Cluster.LbPolicy.ROUND_ROBIN)
+        .setLrsServer(ConfigSource.newBuilder()
+          .setSelf(SelfConfigSource.getDefaultInstance()))
+        .setCircuitBreakers(CircuitBreakers.newBuilder()
+            .addThresholds(CircuitBreakers.Thresholds.newBuilder()
+              .setPriority(RoutingPriority.DEFAULT)
+              .setMaxRequests(UInt32Value.newBuilder().setValue(100))))
+        .setTransportSocket(TransportSocket.newBuilder()
+            .setName("envoy.transport_sockets.tls")
+            .setTypedConfig(Any.pack(UpstreamTlsContext.newBuilder()
+                .setCommonTlsContext(upstreamTlsContext.getCommonTlsContext())
+                .build())))
+        .setOutlierDetection(OutlierDetection.getDefaultInstance())
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, cluster));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.name).isEqualTo(CLUSTER_RESOLVER_POLICY_NAME);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(1);
-    DiscoveryMechanism instance = Iterables.getOnlyElement(childLbConfig.discoveryMechanisms);
-    assertDiscoveryMechanism(instance, CLUSTER, DiscoveryMechanism.Type.EDS, EDS_SERVICE_NAME,
-        null, LRS_SERVER_INFO, 100L, upstreamTlsContext, outlierDetection);
+    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
+        Arrays.asList(
+          DiscoveryMechanism.forEds(
+            CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, upstreamTlsContext,
+            Collections.emptyMap(), io.grpc.xds.EnvoyServerProtoData.OutlierDetection.create(
+                null, null, null, null, SuccessRateEjection.create(null, null, null, null),
+                FailurePercentageEjection.create(null, null, null, null)))));
     assertThat(
         GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
-        .isEqualTo("round_robin");
+        .isEqualTo("wrr_locality_experimental");
   }
 
   @Test
   public void discoverTopLevelLogicalDnsCluster() {
-    CdsUpdate update =
-        CdsUpdate.forLogicalDns(CLUSTER, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext,
-                false)
-            .leastRequestLbPolicy(3).build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
+    Cluster cluster = Cluster.newBuilder()
+        .setName(CLUSTER)
+        .setType(Cluster.DiscoveryType.LOGICAL_DNS)
+        .setLoadAssignment(ClusterLoadAssignment.newBuilder()
+          .addEndpoints(LocalityLbEndpoints.newBuilder()
+            .addLbEndpoints(LbEndpoint.newBuilder()
+              .setEndpoint(Endpoint.newBuilder()
+                .setAddress(Address.newBuilder()
+                  .setSocketAddress(SocketAddress.newBuilder()
+                    .setAddress("dns.example.com")
+                    .setPortValue(1111)))))))
+        .setEdsClusterConfig(Cluster.EdsClusterConfig.newBuilder()
+          .setServiceName(EDS_SERVICE_NAME)
+          .setEdsConfig(ConfigSource.newBuilder()
+            .setAds(AggregatedConfigSource.newBuilder())))
+        .setLbPolicy(Cluster.LbPolicy.LEAST_REQUEST)
+        .setLrsServer(ConfigSource.newBuilder()
+          .setSelf(SelfConfigSource.getDefaultInstance()))
+        .setCircuitBreakers(CircuitBreakers.newBuilder()
+            .addThresholds(CircuitBreakers.Thresholds.newBuilder()
+              .setPriority(RoutingPriority.DEFAULT)
+              .setMaxRequests(UInt32Value.newBuilder().setValue(100))))
+        .setTransportSocket(TransportSocket.newBuilder()
+            .setName("envoy.transport_sockets.tls")
+            .setTypedConfig(Any.pack(UpstreamTlsContext.newBuilder()
+                .setCommonTlsContext(upstreamTlsContext.getCommonTlsContext())
+                .build())))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, cluster));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.name).isEqualTo(CLUSTER_RESOLVER_POLICY_NAME);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(1);
-    DiscoveryMechanism instance = Iterables.getOnlyElement(childLbConfig.discoveryMechanisms);
-    assertDiscoveryMechanism(instance, CLUSTER, DiscoveryMechanism.Type.LOGICAL_DNS, null,
-        DNS_HOST_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext, null);
+    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
+        Arrays.asList(
+          DiscoveryMechanism.forLogicalDns(
+            CLUSTER, "dns.example.com:1111", lrsServerInfo, 100L, upstreamTlsContext,
+            Collections.emptyMap())));
     assertThat(
         GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
-        .isEqualTo("least_request_experimental");
-    LeastRequestConfig lrConfig = (LeastRequestConfig)
-        GracefulSwitchLoadBalancerAccessor.getChildConfig(childLbConfig.lbConfig);
-    assertThat(lrConfig.choiceCount).isEqualTo(3);
+        .isEqualTo("wrr_locality_experimental");
   }
 
   @Test
   public void nonAggregateCluster_resourceNotExist_returnErrorPicker() {
-    xdsClient.deliverResourceNotExist(CLUSTER);
+    startXdsDepManager();
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
-            + " xDS node ID: " + NODE_ID);
-    assertPicker(pickerCaptor.getValue(), unavailable, null);
+        "CDS resource " + CLUSTER + " does not exist nodeID: " + NODE_ID);
+    assertPickerStatus(pickerCaptor.getValue(), unavailable);
     assertThat(childBalancers).isEmpty();
   }
 
   @Test
   public void nonAggregateCluster_resourceUpdate() {
-    CdsUpdate update =
-        CdsUpdate.forEds(CLUSTER, null, null, 100L, upstreamTlsContext, outlierDetection, false)
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
+    Cluster cluster = EDS_CLUSTER.toBuilder()
+        .setCircuitBreakers(CircuitBreakers.newBuilder()
+            .addThresholds(CircuitBreakers.Thresholds.newBuilder()
+              .setPriority(RoutingPriority.DEFAULT)
+              .setMaxRequests(UInt32Value.newBuilder().setValue(100))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, cluster));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    DiscoveryMechanism instance = Iterables.getOnlyElement(childLbConfig.discoveryMechanisms);
-    assertDiscoveryMechanism(instance, CLUSTER, DiscoveryMechanism.Type.EDS, null, null, null,
-        100L, upstreamTlsContext, outlierDetection);
-
-    update = CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 200L, null,
-        outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
+    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
+        Arrays.asList(
+          DiscoveryMechanism.forEds(
+            CLUSTER, EDS_SERVICE_NAME, null, 100L, null, Collections.emptyMap(), null)));
+
+    cluster = EDS_CLUSTER.toBuilder()
+        .setCircuitBreakers(CircuitBreakers.newBuilder()
+            .addThresholds(CircuitBreakers.Thresholds.newBuilder()
+              .setPriority(RoutingPriority.DEFAULT)
+              .setMaxRequests(UInt32Value.newBuilder().setValue(200))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, cluster));
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
+    assertThat(childBalancers).hasSize(1);
+    childBalancer = Iterables.getOnlyElement(childBalancers);
     childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    instance = Iterables.getOnlyElement(childLbConfig.discoveryMechanisms);
-    assertDiscoveryMechanism(instance, CLUSTER, DiscoveryMechanism.Type.EDS, EDS_SERVICE_NAME,
-        null, LRS_SERVER_INFO, 200L, null, outlierDetection);
+    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
+        Arrays.asList(
+          DiscoveryMechanism.forEds(
+            CLUSTER, EDS_SERVICE_NAME, null, 200L, null, Collections.emptyMap(), null)));
   }
 
   @Test
   public void nonAggregateCluster_resourceRevoked() {
-    CdsUpdate update =
-        CdsUpdate.forLogicalDns(CLUSTER, DNS_HOST_NAME, null, 100L, upstreamTlsContext,
-                false)
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, EDS_CLUSTER));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    DiscoveryMechanism instance = Iterables.getOnlyElement(childLbConfig.discoveryMechanisms);
-    assertDiscoveryMechanism(instance, CLUSTER, DiscoveryMechanism.Type.LOGICAL_DNS, null,
-        DNS_HOST_NAME, null, 100L, upstreamTlsContext, null);
+    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
+        Arrays.asList(
+          DiscoveryMechanism.forEds(
+            CLUSTER, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null)));
+
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
 
-    xdsClient.deliverResourceNotExist(CLUSTER);
     assertThat(childBalancer.shutdown).isTrue();
     Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
-            + " xDS node ID: " + NODE_ID);
+        "CDS resource " + CLUSTER + " does not exist nodeID: " + NODE_ID);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(pickerCaptor.getValue(), unavailable, null);
+    assertPickerStatus(pickerCaptor.getValue(), unavailable);
     assertThat(childBalancer.shutdown).isTrue();
     assertThat(childBalancers).isEmpty();
   }
 
+  @Test
+  public void dynamicCluster() {
+    String clusterName = "cluster2";
+    Cluster cluster = EDS_CLUSTER.toBuilder()
+        .setName(clusterName)
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        clusterName, cluster,
+        CLUSTER, Cluster.newBuilder().setName(CLUSTER).build()));
+    startXdsDepManager(new CdsConfig(clusterName, /*dynamic=*/ true));
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
+    assertThat(childBalancers).hasSize(1);
+    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
+    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
+    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
+        Arrays.asList(
+          DiscoveryMechanism.forEds(
+            clusterName, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null)));
+
+    assertThat(this.lastXdsConfig.getClusters()).containsKey(clusterName);
+    shutdownLoadBalancer();
+    assertThat(this.lastXdsConfig.getClusters()).doesNotContainKey(clusterName);
+  }
+
   @Test
   public void discoverAggregateCluster() {
     String cluster1 = "cluster-01.googleapis.com";
     String cluster2 = "cluster-02.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1 (aggr.), cluster2 (logical DNS)]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Arrays.asList(cluster1, cluster2))
-            .ringHashLbPolicy(100L, 1000L).build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2);
-    assertThat(childBalancers).isEmpty();
     String cluster3 = "cluster-03.googleapis.com";
     String cluster4 = "cluster-04.googleapis.com";
-    // cluster1 (aggr.) -> [cluster3 (EDS), cluster4 (EDS)]
-    CdsUpdate update1 =
-        CdsUpdate.forAggregate(cluster1, Arrays.asList(cluster3, cluster4))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster1, update1);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(
-        CLUSTER, cluster1, cluster2, cluster3, cluster4);
-    assertThat(childBalancers).isEmpty();
-    CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster3, update3);
-    assertThat(childBalancers).isEmpty();
-    CdsUpdate update2 =
-        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, null, 100L, null, false)
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster2, update2);
-    assertThat(childBalancers).isEmpty();
-    CdsUpdate update4 =
-        CdsUpdate.forEds(cluster4, null, LRS_SERVER_INFO, 300L, null, outlierDetection, false)
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster4, update4);
-    assertThat(childBalancers).hasSize(1);  // all non-aggregate clusters discovered
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        // CLUSTER (aggr.) -> [cluster1 (aggr.), cluster2 (logical DNS), cluster3 (EDS)]
+        CLUSTER, Cluster.newBuilder()
+          .setName(CLUSTER)
+          .setClusterType(Cluster.CustomClusterType.newBuilder()
+            .setName("envoy.clusters.aggregate")
+            .setTypedConfig(Any.pack(ClusterConfig.newBuilder()
+                .addClusters(cluster1)
+                .addClusters(cluster2)
+                .addClusters(cluster3)
+                .build())))
+          .setLbPolicy(Cluster.LbPolicy.RING_HASH)
+          .build(),
+        // cluster1 (aggr.) -> [cluster3 (EDS), cluster4 (EDS)]
+        cluster1, Cluster.newBuilder()
+          .setName(cluster1)
+          .setClusterType(Cluster.CustomClusterType.newBuilder()
+            .setName("envoy.clusters.aggregate")
+            .setTypedConfig(Any.pack(ClusterConfig.newBuilder()
+                .addClusters(cluster3)
+                .addClusters(cluster4)
+                .build())))
+          .build(),
+        cluster2, Cluster.newBuilder()
+          .setName(cluster2)
+          .setType(Cluster.DiscoveryType.LOGICAL_DNS)
+          .setLoadAssignment(ClusterLoadAssignment.newBuilder()
+            .addEndpoints(LocalityLbEndpoints.newBuilder()
+              .addLbEndpoints(LbEndpoint.newBuilder()
+                .setEndpoint(Endpoint.newBuilder()
+                  .setAddress(Address.newBuilder()
+                    .setSocketAddress(SocketAddress.newBuilder()
+                      .setAddress("dns.example.com")
+                      .setPortValue(1111)))))))
+          .build(),
+        cluster3, EDS_CLUSTER.toBuilder()
+            .setName(cluster3)
+            .setCircuitBreakers(CircuitBreakers.newBuilder()
+                .addThresholds(CircuitBreakers.Thresholds.newBuilder()
+                  .setPriority(RoutingPriority.DEFAULT)
+                  .setMaxRequests(UInt32Value.newBuilder().setValue(100))))
+            .build(),
+        cluster4, EDS_CLUSTER.toBuilder().setName(cluster4).build()));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
+    assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.name).isEqualTo(CLUSTER_RESOLVER_POLICY_NAME);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(3);
-    // Clusters on higher level has higher priority: [cluster2, cluster3, cluster4]
-    assertDiscoveryMechanism(childLbConfig.discoveryMechanisms.get(0), cluster2,
-        DiscoveryMechanism.Type.LOGICAL_DNS, null, DNS_HOST_NAME, null, 100L, null, null);
-    assertDiscoveryMechanism(childLbConfig.discoveryMechanisms.get(1), cluster3,
-        DiscoveryMechanism.Type.EDS, EDS_SERVICE_NAME, null, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection);
-    assertDiscoveryMechanism(childLbConfig.discoveryMechanisms.get(2), cluster4,
-        DiscoveryMechanism.Type.EDS, null, null, LRS_SERVER_INFO, 300L, null, outlierDetection);
+    // Clusters are resolved recursively, later duplicates removed: [cluster3, cluster4, cluster2]
+    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
+        Arrays.asList(
+          DiscoveryMechanism.forEds(
+            cluster3, EDS_SERVICE_NAME, null, 100L, null, Collections.emptyMap(), null),
+          DiscoveryMechanism.forEds(
+            cluster4, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null),
+          DiscoveryMechanism.forLogicalDns(
+            cluster2, "dns.example.com:1111", null, null, null, Collections.emptyMap())));
     assertThat(
         GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
         .isEqualTo("ring_hash_experimental");  // dominated by top-level cluster's config
-    RingHashConfig ringHashConfig = (RingHashConfig)
-        GracefulSwitchLoadBalancerAccessor.getChildConfig(childLbConfig.lbConfig);
-    assertThat(ringHashConfig.minRingSize).isEqualTo(100L);
-    assertThat(ringHashConfig.maxRingSize).isEqualTo(1000L);
-  }
-
-  @Test
-  public void aggregateCluster_noNonAggregateClusterExits_returnErrorPicker() {
-    String cluster1 = "cluster-01.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1 (EDS)]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Collections.singletonList(cluster1))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1);
-    xdsClient.deliverResourceNotExist(cluster1);
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
-            + " xDS node ID: " + NODE_ID);
-    assertPicker(pickerCaptor.getValue(), unavailable, null);
-    assertThat(childBalancers).isEmpty();
   }
 
   @Test
-  public void aggregateCluster_descendantClustersRevoked() {
-    String cluster1 = "cluster-01.googleapis.com";
-    String cluster2 = "cluster-02.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1 (EDS), cluster2 (logical DNS)]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Arrays.asList(cluster1, cluster2))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2);
-    CdsUpdate update1 = CdsUpdate.forEds(cluster1, EDS_SERVICE_NAME, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster1, update1);
-    CdsUpdate update2 =
-        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null,
-                false)
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster2, update2);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(2);
-    assertDiscoveryMechanism(childLbConfig.discoveryMechanisms.get(0), cluster1,
-        DiscoveryMechanism.Type.EDS, EDS_SERVICE_NAME, null, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection);
-    assertDiscoveryMechanism(childLbConfig.discoveryMechanisms.get(1), cluster2,
-        DiscoveryMechanism.Type.LOGICAL_DNS, null, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null,
-        null);
-
-    // Revoke cluster1, should still be able to proceed with cluster2.
-    xdsClient.deliverResourceNotExist(cluster1);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2);
-    childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(1);
-    assertDiscoveryMechanism(Iterables.getOnlyElement(childLbConfig.discoveryMechanisms), cluster2,
-        DiscoveryMechanism.Type.LOGICAL_DNS, null, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null,
-        null);
-    verify(helper, never()).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), any(SubchannelPicker.class));
-
-    // All revoked.
-    xdsClient.deliverResourceNotExist(cluster2);
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
-            + " xDS node ID: " + NODE_ID);
-    assertPicker(pickerCaptor.getValue(), unavailable, null);
-    assertThat(childBalancer.shutdown).isTrue();
-    assertThat(childBalancers).isEmpty();
-  }
-
-  @Test
-  public void aggregateCluster_rootClusterRevoked() {
-    String cluster1 = "cluster-01.googleapis.com";
-    String cluster2 = "cluster-02.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1 (EDS), cluster2 (logical DNS)]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Arrays.asList(cluster1, cluster2))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2);
-    CdsUpdate update1 = CdsUpdate.forEds(cluster1, EDS_SERVICE_NAME, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster1, update1);
-    CdsUpdate update2 =
-        CdsUpdate.forLogicalDns(cluster2, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null,
-                false)
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster2, update2);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(2);
-    assertDiscoveryMechanism(childLbConfig.discoveryMechanisms.get(0), cluster1,
-        DiscoveryMechanism.Type.EDS, EDS_SERVICE_NAME, null, LRS_SERVER_INFO, 200L,
-        upstreamTlsContext, outlierDetection);
-    assertDiscoveryMechanism(childLbConfig.discoveryMechanisms.get(1), cluster2,
-        DiscoveryMechanism.Type.LOGICAL_DNS, null, DNS_HOST_NAME, LRS_SERVER_INFO, 100L, null,
-        null);
-
-    xdsClient.deliverResourceNotExist(CLUSTER);
-    assertThat(xdsClient.watchers.keySet())
-        .containsExactly(CLUSTER);  // subscription to all descendant clusters cancelled
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
-            + " xDS node ID: " + NODE_ID);
-    assertPicker(pickerCaptor.getValue(), unavailable, null);
-    assertThat(childBalancer.shutdown).isTrue();
-    assertThat(childBalancers).isEmpty();
-  }
-
-  @Test
-  public void aggregateCluster_intermediateClusterChanges() {
-    String cluster1 = "cluster-01.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Collections.singletonList(cluster1))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1);
-
-    // CLUSTER (aggr.) -> [cluster2 (aggr.)]
-    String cluster2 = "cluster-02.googleapis.com";
-    update =
-        CdsUpdate.forAggregate(CLUSTER, Collections.singletonList(cluster2))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster2);
-
-    // cluster2 (aggr.) -> [cluster3 (EDS)]
-    String cluster3 = "cluster-03.googleapis.com";
-    CdsUpdate update2 =
-        CdsUpdate.forAggregate(cluster2, Collections.singletonList(cluster3))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster2, update2);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster2, cluster3);
-    CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster3, update3);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(1);
-    DiscoveryMechanism instance = Iterables.getOnlyElement(childLbConfig.discoveryMechanisms);
-    assertDiscoveryMechanism(instance, cluster3, DiscoveryMechanism.Type.EDS, EDS_SERVICE_NAME,
-        null, LRS_SERVER_INFO, 100L, upstreamTlsContext, outlierDetection);
-
-    // cluster2 revoked
-    xdsClient.deliverResourceNotExist(cluster2);
-    assertThat(xdsClient.watchers.keySet())
-        .containsExactly(CLUSTER, cluster2);  // cancelled subscription to cluster3
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: found 0 leaf (logical DNS or EDS) clusters for root cluster " + CLUSTER
-            + " xDS node ID: " + NODE_ID);
-    assertPicker(pickerCaptor.getValue(), unavailable, null);
-    assertThat(childBalancer.shutdown).isTrue();
+  public void aggregateCluster_noChildren() {
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        // CLUSTER (aggr.) -> []
+        CLUSTER, Cluster.newBuilder()
+          .setName(CLUSTER)
+          .setClusterType(Cluster.CustomClusterType.newBuilder()
+            .setName("envoy.clusters.aggregate")
+            .setTypedConfig(Any.pack(ClusterConfig.newBuilder()
+                .build())))
+          .build()));
+    startXdsDepManager();
+
+    verify(helper)
+        .updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
+    PickResult result = pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class));
+    Status actualStatus = result.getStatus();
+    assertThat(actualStatus.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(actualStatus.getDescription())
+        .contains("aggregate ClusterConfig.clusters must not be empty");
     assertThat(childBalancers).isEmpty();
   }
 
   @Test
-  public void aggregateCluster_withLoops() {
-    String cluster1 = "cluster-01.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Collections.singletonList(cluster1))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1);
-
-    // CLUSTER (aggr.) -> [cluster2 (aggr.)]
-    String cluster2 = "cluster-02.googleapis.com";
-    update =
-        CdsUpdate.forAggregate(cluster1, Collections.singletonList(cluster2))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster1, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2);
-
-    // cluster2 (aggr.) -> [cluster3 (EDS), cluster1 (parent), cluster2 (self), cluster3 (dup)]
-    String cluster3 = "cluster-03.googleapis.com";
-    CdsUpdate update2 =
-        CdsUpdate.forAggregate(cluster2, Arrays.asList(cluster3, cluster1, cluster2, cluster3))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster2, update2);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2, cluster3);
-
-    reset(helper);
-    CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster3, update3);
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: circular aggregate clusters directly under cluster-02.googleapis.com for root"
-            + " cluster cluster-foo.googleapis.com, named [cluster-01.googleapis.com,"
-            + " cluster-02.googleapis.com], xDS node ID: " + NODE_ID);
-    assertPicker(pickerCaptor.getValue(), unavailable, null);
-  }
-
-  @Test
-  public void aggregateCluster_withLoops_afterEds() {
-    String cluster1 = "cluster-01.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Collections.singletonList(cluster1))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1);
-
-    // CLUSTER (aggr.) -> [cluster2 (aggr.)]
-    String cluster2 = "cluster-02.googleapis.com";
-    update =
-        CdsUpdate.forAggregate(cluster1, Collections.singletonList(cluster2))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster1, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2);
-
-    String cluster3 = "cluster-03.googleapis.com";
-    CdsUpdate update2 =
-        CdsUpdate.forAggregate(cluster2, Arrays.asList(cluster3))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster2, update2);
-    CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster3, update3);
-
-    // cluster2 (aggr.) -> [cluster3 (EDS)]
-    CdsUpdate update2a =
-        CdsUpdate.forAggregate(cluster2, Arrays.asList(cluster3, cluster1, cluster2, cluster3))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster2, update2a);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1, cluster2, cluster3);
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS error: circular aggregate clusters directly under cluster-02.googleapis.com for root"
-            + " cluster cluster-foo.googleapis.com, named [cluster-01.googleapis.com,"
-            + " cluster-02.googleapis.com], xDS node ID: " + NODE_ID);
-    assertPicker(pickerCaptor.getValue(), unavailable, null);
-  }
-
-  @Test
-  public void aggregateCluster_duplicateChildren() {
+  public void aggregateCluster_noNonAggregateClusterExits_returnErrorPicker() {
     String cluster1 = "cluster-01.googleapis.com";
-    String cluster2 = "cluster-02.googleapis.com";
-    String cluster3 = "cluster-03.googleapis.com";
-    String cluster4 = "cluster-04.googleapis.com";
-
-    // CLUSTER (aggr.) -> [cluster1]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Collections.singletonList(cluster1))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1);
-
-    // cluster1 (aggr) -> [cluster3 (EDS), cluster2 (aggr), cluster4 (aggr)]
-    CdsUpdate update1 =
-        CdsUpdate.forAggregate(cluster1, Arrays.asList(cluster3, cluster2, cluster4, cluster3))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster1, update1);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(
-        cluster3, cluster4, cluster2, cluster1, CLUSTER);
-    xdsClient.watchers.values().forEach(list -> assertThat(list.size()).isEqualTo(1));
-
-    // cluster2 (agg) -> [cluster3 (EDS), cluster4 {agg}] with dups
-    CdsUpdate update2 =
-        CdsUpdate.forAggregate(cluster2, Arrays.asList(cluster3, cluster4, cluster3))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster2, update2);
-
-    // Define EDS cluster
-    CdsUpdate update3 = CdsUpdate.forEds(cluster3, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster3, update3);
-
-    // cluster4 (agg) -> [cluster3 (EDS)] with dups (3 copies)
-    CdsUpdate update4 =
-        CdsUpdate.forAggregate(cluster4, Arrays.asList(cluster3, cluster3, cluster3))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster4, update4);
-    xdsClient.watchers.values().forEach(list -> assertThat(list.size()).isEqualTo(1));
-
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(1);
-    DiscoveryMechanism instance = Iterables.getOnlyElement(childLbConfig.discoveryMechanisms);
-    assertDiscoveryMechanism(instance, cluster3, DiscoveryMechanism.Type.EDS, EDS_SERVICE_NAME,
-        null, LRS_SERVER_INFO, 100L, upstreamTlsContext, outlierDetection);
-  }
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        // CLUSTER (aggr.) -> [cluster1 (missing)]
+        CLUSTER, Cluster.newBuilder()
+          .setName(CLUSTER)
+          .setClusterType(Cluster.CustomClusterType.newBuilder()
+            .setName("envoy.clusters.aggregate")
+            .setTypedConfig(Any.pack(ClusterConfig.newBuilder()
+                .addClusters(cluster1)
+                .build())))
+          .setLbPolicy(Cluster.LbPolicy.RING_HASH)
+          .build()));
+    startXdsDepManager();
 
-  @Test
-  public void aggregateCluster_discoveryErrorBeforeChildLbCreated_returnErrorPicker() {
-    String cluster1 = "cluster-01.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Collections.singletonList(cluster1))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(CLUSTER, cluster1);
-    Status error = Status.RESOURCE_EXHAUSTED.withDescription("OOM");
-    xdsClient.deliverError(error);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status expectedError = Status.UNAVAILABLE.withDescription(
-        "Unable to load CDS cluster-foo.googleapis.com. xDS server returned: "
-        + "RESOURCE_EXHAUSTED: OOM xDS node ID: " + NODE_ID);
-    assertPicker(pickerCaptor.getValue(), expectedError, null);
+    Status status = Status.UNAVAILABLE.withDescription(
+        "CDS resource " + cluster1 + " does not exist nodeID: " + NODE_ID);
+    assertPickerStatus(pickerCaptor.getValue(), status);
     assertThat(childBalancers).isEmpty();
   }
 
   @Test
-  public void aggregateCluster_discoveryErrorAfterChildLbCreated_propagateToChildLb() {
-    String cluster1 = "cluster-01.googleapis.com";
-    // CLUSTER (aggr.) -> [cluster1 (logical DNS)]
-    CdsUpdate update =
-        CdsUpdate.forAggregate(CLUSTER, Collections.singletonList(cluster1))
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
-    CdsUpdate update1 =
-        CdsUpdate.forLogicalDns(cluster1, DNS_HOST_NAME, LRS_SERVER_INFO, 200L, null,
-                false)
-            .roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(cluster1, update1);
-    FakeLoadBalancer childLb = Iterables.getOnlyElement(childBalancers);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childLb.config;
-    assertThat(childLbConfig.discoveryMechanisms).hasSize(1);
-
-    Status error = Status.RESOURCE_EXHAUSTED.withDescription("OOM");
-    xdsClient.deliverError(error);
-    assertThat(childLb.upstreamError.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
-    assertThat(childLb.upstreamError.getDescription()).contains("RESOURCE_EXHAUSTED: OOM");
-    assertThat(childLb.shutdown).isFalse();  // child LB may choose to keep working
-  }
-
-  @Test
-  public void handleNameResolutionErrorFromUpstream_beforeChildLbCreated_returnErrorPicker() {
-    Status upstreamError = Status.UNAVAILABLE.withDescription(
-        "unreachable xDS node ID: " + NODE_ID);
-    loadBalancer.handleNameResolutionError(upstreamError);
+  public void handleNameResolutionErrorFromUpstream_beforeChildLbCreated_failingPicker() {
+    Status status = Status.UNAVAILABLE.withDescription("unreachable");
+    loadBalancer.handleNameResolutionError(status);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(pickerCaptor.getValue(), upstreamError, null);
+    assertPickerStatus(pickerCaptor.getValue(), status);
   }
 
   @Test
   public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThrough() {
-    CdsUpdate update = CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L,
-        upstreamTlsContext, outlierDetection, false).roundRobinLbPolicy().build();
-    xdsClient.deliverCdsUpdate(CLUSTER, update);
+    Cluster cluster = Cluster.newBuilder()
+        .setName(CLUSTER)
+        .setType(Cluster.DiscoveryType.EDS)
+        .setEdsClusterConfig(Cluster.EdsClusterConfig.newBuilder()
+          .setServiceName(EDS_SERVICE_NAME)
+          .setEdsConfig(ConfigSource.newBuilder()
+            .setAds(AggregatedConfigSource.newBuilder())))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, cluster));
+    startXdsDepManager();
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.shutdown).isFalse();
+
     loadBalancer.handleNameResolutionError(Status.UNAVAILABLE.withDescription("unreachable"));
     assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(childBalancer.upstreamError.getDescription()).isEqualTo("unreachable");
@@ -694,56 +555,91 @@ public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThroug
 
   @Test
   public void unknownLbProvider() {
-    try {
-      xdsClient.deliverCdsUpdate(CLUSTER,
-          CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext,
-                  outlierDetection, false)
-              .lbPolicyConfig(ImmutableMap.of("unknownLb", ImmutableMap.of("foo", "bar"))).build());
-    } catch (Exception e) {
-      assertThat(e).hasMessageThat().contains("unknownLb");
-      return;
-    }
-    fail("Expected the unknown LB to cause an exception");
+    Cluster cluster = Cluster.newBuilder()
+        .setName(CLUSTER)
+        .setType(Cluster.DiscoveryType.EDS)
+        .setEdsClusterConfig(Cluster.EdsClusterConfig.newBuilder()
+          .setServiceName(EDS_SERVICE_NAME)
+          .setEdsConfig(ConfigSource.newBuilder()
+            .setAds(AggregatedConfigSource.newBuilder())))
+        .setLoadBalancingPolicy(LoadBalancingPolicy.newBuilder()
+            .addPolicies(Policy.newBuilder()
+              .setTypedExtensionConfig(TypedExtensionConfig.newBuilder()
+                .setTypedConfig(Any.pack(TypedStruct.newBuilder()
+                    .setTypeUrl("type.googleapis.com/unknownLb")
+                    .setValue(Struct.getDefaultInstance())
+                    .build())))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, cluster));
+    startXdsDepManager();
+    verify(helper).updateBalancingState(
+        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
+    PickResult result = pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class));
+    Status actualStatus = result.getStatus();
+    assertThat(actualStatus.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(actualStatus.getDescription()).contains("Invalid LoadBalancingPolicy");
   }
 
   @Test
   public void invalidLbConfig() {
-    try {
-      xdsClient.deliverCdsUpdate(CLUSTER,
-          CdsUpdate.forEds(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, 100L, upstreamTlsContext,
-                  outlierDetection, false).lbPolicyConfig(
-                  ImmutableMap.of("ring_hash_experimental", ImmutableMap.of("minRingSize", "-1")))
+    Cluster cluster = Cluster.newBuilder()
+        .setName(CLUSTER)
+        .setType(Cluster.DiscoveryType.EDS)
+        .setEdsClusterConfig(Cluster.EdsClusterConfig.newBuilder()
+          .setServiceName(EDS_SERVICE_NAME)
+          .setEdsConfig(ConfigSource.newBuilder()
+            .setAds(AggregatedConfigSource.newBuilder())))
+        .setLoadBalancingPolicy(LoadBalancingPolicy.newBuilder()
+            .addPolicies(Policy.newBuilder()
+              .setTypedExtensionConfig(TypedExtensionConfig.newBuilder()
+                .setTypedConfig(Any.pack(TypedStruct.newBuilder()
+                    .setTypeUrl("type.googleapis.com/ring_hash_experimental")
+                    .setValue(Struct.newBuilder()
+                      .putFields("minRingSize", Value.newBuilder().setNumberValue(-1).build()))
+                    .build())))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, cluster));
+    startXdsDepManager();
+    verify(helper).updateBalancingState(
+        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
+    PickResult result = pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class));
+    Status actualStatus = result.getStatus();
+    assertThat(actualStatus.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(actualStatus.getDescription()).contains("Invalid 'minRingSize'");
+  }
+
+  private void startXdsDepManager() {
+    startXdsDepManager(new CdsConfig(CLUSTER));
+  }
+
+  private void startXdsDepManager(final CdsConfig cdsConfig) {
+    xdsDepManager.start(
+        xdsConfig -> {
+          if (!xdsConfig.hasValue()) {
+            throw new AssertionError("" + xdsConfig.getStatus());
+          }
+          this.lastXdsConfig = xdsConfig.getValue();
+          if (loadBalancer == null) {
+            return;
+          }
+          loadBalancer.acceptResolvedAddresses(ResolvedAddresses.newBuilder()
+              .setAddresses(Collections.emptyList())
+              .setAttributes(Attributes.newBuilder()
+                .set(XdsAttributes.XDS_CONFIG, xdsConfig.getValue())
+                .set(XdsAttributes.XDS_CLUSTER_SUBSCRIPT_REGISTRY, xdsDepManager)
+                .build())
+              .setLoadBalancingPolicyConfig(cdsConfig)
               .build());
-    } catch (Exception e) {
-      assertThat(e).hasMessageThat().contains("Unable to parse");
-      return;
-    }
-    fail("Expected the invalid config to cause an exception");
+        });
+    // trigger does not exist timer, so broken config is more obvious
+    fakeClock.forwardTime(10, TimeUnit.MINUTES);
   }
 
-  private static void assertPicker(SubchannelPicker picker, Status expectedStatus,
-      @Nullable Subchannel expectedSubchannel)  {
+  private static void assertPickerStatus(SubchannelPicker picker, Status expectedStatus)  {
     PickResult result = picker.pickSubchannel(mock(PickSubchannelArgs.class));
     Status actualStatus = result.getStatus();
     assertThat(actualStatus.getCode()).isEqualTo(expectedStatus.getCode());
     assertThat(actualStatus.getDescription()).isEqualTo(expectedStatus.getDescription());
-    if (actualStatus.isOk()) {
-      assertThat(result.getSubchannel()).isSameInstanceAs(expectedSubchannel);
-    }
-  }
-
-  private static void assertDiscoveryMechanism(DiscoveryMechanism instance, String name,
-      DiscoveryMechanism.Type type, @Nullable String edsServiceName, @Nullable String dnsHostName,
-      @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
-      @Nullable UpstreamTlsContext tlsContext, @Nullable OutlierDetection outlierDetection) {
-    assertThat(instance.cluster).isEqualTo(name);
-    assertThat(instance.type).isEqualTo(type);
-    assertThat(instance.edsServiceName).isEqualTo(edsServiceName);
-    assertThat(instance.dnsHostName).isEqualTo(dnsHostName);
-    assertThat(instance.lrsServerInfo).isEqualTo(lrsServerInfo);
-    assertThat(instance.maxConcurrentRequests).isEqualTo(maxConcurrentRequests);
-    assertThat(instance.tlsContext).isEqualTo(tlsContext);
-    assertThat(instance.outlierDetection).isEqualTo(outlierDetection);
   }
 
   private final class FakeLoadBalancerProvider extends LoadBalancerProvider {
@@ -802,8 +698,9 @@ private final class FakeLoadBalancer extends LoadBalancer {
     }
 
     @Override
-    public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       config = resolvedAddresses.getLoadBalancingPolicyConfig();
+      return Status.OK;
     }
 
     @Override
@@ -817,58 +714,4 @@ public void shutdown() {
       childBalancers.remove(this);
     }
   }
-
-  private static final class FakeXdsClient extends XdsClient {
-    // watchers needs to support any non-cyclic shaped graphs
-    private final Map<String, List<ResourceWatcher<CdsUpdate>>> watchers = new HashMap<>();
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public <T extends ResourceUpdate> void watchXdsResource(XdsResourceType<T> type,
-        String resourceName,
-        ResourceWatcher<T> watcher, Executor syncContext) {
-      assertThat(type.typeName()).isEqualTo("CDS");
-      watchers.computeIfAbsent(resourceName, k -> new ArrayList<>())
-          .add((ResourceWatcher<CdsUpdate>)watcher);
-    }
-
-    @Override
-    public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T> type,
-                                                                  String resourceName,
-                                                                  ResourceWatcher<T> watcher) {
-      assertThat(type.typeName()).isEqualTo("CDS");
-      assertThat(watchers).containsKey(resourceName);
-      List<ResourceWatcher<CdsUpdate>> watcherList = watchers.get(resourceName);
-      assertThat(watcherList.remove(watcher)).isTrue();
-      if (watcherList.isEmpty()) {
-        watchers.remove(resourceName);
-      }
-    }
-
-    @Override
-    public BootstrapInfo getBootstrapInfo() {
-      return BOOTSTRAP_INFO;
-    }
-
-    private void deliverCdsUpdate(String clusterName, CdsUpdate update) {
-      if (watchers.containsKey(clusterName)) {
-        List<ResourceWatcher<CdsUpdate>> resourceWatchers =
-            ImmutableList.copyOf(watchers.get(clusterName));
-        resourceWatchers.forEach(w -> w.onChanged(update));
-      }
-    }
-
-    private void deliverResourceNotExist(String clusterName)  {
-      if (watchers.containsKey(clusterName)) {
-        ImmutableList.copyOf(watchers.get(clusterName))
-            .forEach(w -> w.onResourceDoesNotExist(clusterName));
-      }
-    }
-
-    private void deliverError(Status error) {
-      watchers.values().stream()
-          .flatMap(List::stream)
-          .forEach(w -> w.onError(error));
-    }
-  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 006440be6c1..32361684a6d 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -2211,6 +2211,23 @@ public void cdsResponseWithAggregateCluster() {
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
   }
 
+  @Test
+  public void cdsResponseWithEmptyAggregateCluster() {
+    DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
+        cdsResourceWatcher);
+    List<String> candidates = Arrays.asList();
+    Any clusterAggregate =
+        Any.pack(mf.buildAggregateCluster(CDS_RESOURCE, "round_robin", null, null, candidates));
+    call.sendResponse(CDS, clusterAggregate, VERSION_1, "0000");
+
+    // Client sent an ACK CDS request.
+    String errorMsg = "CDS response Cluster 'cluster.googleapis.com' validation error: "
+        + "Cluster cluster.googleapis.com: aggregate ClusterConfig.clusters must not be empty";
+    call.verifyRequestNack(CDS, CDS_RESOURCE, "", "0000", NODE, ImmutableList.of(errorMsg));
+    verify(cdsResourceWatcher).onError(errorCaptor.capture());
+    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+  }
+
   @Test
   public void cdsResponseWithCircuitBreakers() {
     DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerProviderTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerProviderTest.java
index 3036db5b09f..66c9c5c537e 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerProviderTest.java
@@ -106,7 +106,7 @@ public void parseLoadBalancingConfig_invalid_negativeSize() throws IOException {
     assertThat(configOrError.getError()).isNotNull();
     assertThat(configOrError.getError().getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(configOrError.getError().getDescription())
-        .isEqualTo("Invalid 'mingRingSize'/'maxRingSize'");
+        .isEqualTo("Invalid 'minRingSize'/'maxRingSize'");
   }
 
   @Test
@@ -117,7 +117,7 @@ public void parseLoadBalancingConfig_invalid_minGreaterThanMax() throws IOExcept
     assertThat(configOrError.getError()).isNotNull();
     assertThat(configOrError.getError().getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(configOrError.getError().getDescription())
-        .isEqualTo("Invalid 'mingRingSize'/'maxRingSize'");
+        .isEqualTo("Invalid 'minRingSize'/'maxRingSize'");
   }
 
   @Test
@@ -214,7 +214,7 @@ public void parseLoadBalancingConfig_zeroMinRingSize() throws IOException {
     assertThat(configOrError.getError()).isNotNull();
     assertThat(configOrError.getError().getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(configOrError.getError().getDescription())
-        .isEqualTo("Invalid 'mingRingSize'/'maxRingSize'");
+        .isEqualTo("Invalid 'minRingSize'/'maxRingSize'");
   }
 
   @Test
@@ -225,7 +225,7 @@ public void parseLoadBalancingConfig_minRingSizeGreaterThanMaxRingSize() throws
     assertThat(configOrError.getError()).isNotNull();
     assertThat(configOrError.getError().getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(configOrError.getError().getDescription())
-        .isEqualTo("Invalid 'mingRingSize'/'maxRingSize'");
+        .isEqualTo("Invalid 'minRingSize'/'maxRingSize'");
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index aea1ad66d72..8ac0f8c9d8c 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -28,7 +28,6 @@
 import static io.grpc.xds.XdsTestUtils.ENDPOINT_PORT;
 import static io.grpc.xds.XdsTestUtils.RDS_NAME;
 import static io.grpc.xds.XdsTestUtils.getEdsNameForCluster;
-import static io.grpc.xds.client.CommonBootstrapperTestUtils.SERVER_URI;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.argThat;
@@ -48,28 +47,22 @@
 import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
 import io.grpc.BindableService;
 import io.grpc.ChannelLogger;
-import io.grpc.ManagedChannel;
 import io.grpc.NameResolver;
-import io.grpc.Server;
 import io.grpc.Status;
 import io.grpc.StatusOr;
 import io.grpc.StatusOrMatcher;
 import io.grpc.SynchronizationContext;
 import io.grpc.inprocess.InProcessChannelBuilder;
 import io.grpc.inprocess.InProcessServerBuilder;
-import io.grpc.internal.ExponentialBackoffPolicy;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
-import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClient.ResourceMetadata;
-import io.grpc.xds.client.XdsClientMetricReporter;
 import io.grpc.xds.client.XdsResourceType;
-import io.grpc.xds.client.XdsTransportFactory;
 import java.io.Closeable;
 import java.io.IOException;
 import java.util.ArrayDeque;
@@ -96,7 +89,6 @@
 import org.mockito.ArgumentMatchers;
 import org.mockito.Captor;
 import org.mockito.InOrder;
-import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
@@ -108,21 +100,20 @@ public class XdsDependencyManagerTest {
   public static final String CLUSTER_TYPE_NAME = XdsClusterResource.getInstance().typeName();
   public static final String ENDPOINT_TYPE_NAME = XdsEndpointResource.getInstance().typeName();
 
-  @Mock
-  private XdsClientMetricReporter xdsClientMetricReporter;
-
   private final SynchronizationContext syncContext =
       new SynchronizationContext((t, e) -> {
         throw new AssertionError(e);
       });
+  private final FakeClock fakeClock = new FakeClock();
+
+  private XdsClient xdsClient = XdsTestUtils.createXdsClient(
+      Collections.singletonList("control-plane"),
+      serverInfo -> new GrpcXdsTransportFactory.GrpcXdsTransport(
+          InProcessChannelBuilder.forName(serverInfo.target()).directExecutor().build()),
+      fakeClock);
 
-  private ManagedChannel channel;
-  private XdsClient xdsClient;
-  private XdsDependencyManager xdsDependencyManager;
   private TestWatcher xdsConfigWatcher;
-  private Server xdsServer;
 
-  private final FakeClock fakeClock = new FakeClock();
   private final String serverName = "the-service-name";
   private final Queue<XdsTestUtils.LrsRpcCall> loadReportCalls = new ArrayDeque<>();
   private final AtomicBoolean adsEnded = new AtomicBoolean(true);
@@ -150,10 +141,12 @@ public class XdsDependencyManagerTest {
       .build();
 
   private final ScheduledExecutorService scheduler = fakeClock.getScheduledExecutorService();
+  private XdsDependencyManager xdsDependencyManager = new XdsDependencyManager(
+      xdsClient, syncContext, serverName, serverName, nameResolverArgs, scheduler);
 
   @Before
   public void setUp() throws Exception {
-    xdsServer = cleanupRule.register(InProcessServerBuilder
+    cleanupRule.register(InProcessServerBuilder
         .forName("control-plane")
         .addService(controlPlaneService)
         .addService(lrsService)
@@ -163,15 +156,6 @@ public void setUp() throws Exception {
 
     XdsTestUtils.setAdsConfig(controlPlaneService, serverName);
 
-    channel = cleanupRule.register(
-        InProcessChannelBuilder.forName("control-plane").directExecutor().build());
-    XdsTransportFactory xdsTransportFactory =
-        ignore -> new GrpcXdsTransportFactory.GrpcXdsTransport(channel);
-
-    xdsClient = CommonBootstrapperTestUtils.createXdsClient(
-        Collections.singletonList(SERVER_URI), xdsTransportFactory, fakeClock,
-        new ExponentialBackoffPolicy.Provider(), MessagePrinter.INSTANCE, xdsClientMetricReporter);
-
     testWatcher = new TestWatcher();
     xdsConfigWatcher = mock(TestWatcher.class, delegatesTo(testWatcher));
     defaultXdsConfig = XdsTestUtils.getDefaultXdsConfig(serverName);
@@ -183,9 +167,6 @@ public void tearDown() throws InterruptedException {
       xdsDependencyManager.shutdown();
     }
     xdsClient.shutdown();
-    channel.shutdown();  // channel not owned by XdsClient
-
-    xdsServer.shutdownNow().awaitTermination(5, TimeUnit.SECONDS);
 
     assertThat(adsEnded.get()).isTrue();
     assertThat(lrsEnded.get()).isTrue();
@@ -194,8 +175,7 @@ public void tearDown() throws InterruptedException {
 
   @Test
   public void verify_basic_config() {
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
     testWatcher.verifyStats(1, 0);
@@ -203,8 +183,7 @@ public void verify_basic_config() {
 
   @Test
   public void verify_config_update() {
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
@@ -221,8 +200,7 @@ public void verify_config_update() {
   @Test
   public void verify_simple_aggregate() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     List<String> childNames = Arrays.asList("clusterC", "clusterB", "clusterA");
@@ -281,8 +259,7 @@ public void testComplexRegisteredAggregate() throws IOException {
     List<String> childNames2 = Arrays.asList("clusterA", "clusterX");
     XdsTestUtils.addAggregateToExistingConfig(controlPlaneService, rootName2, childNames2);
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(any());
 
     Closeable subscription1 = xdsDependencyManager.subscribeToCluster(rootName1);
@@ -313,8 +290,7 @@ public void testComplexRegisteredAggregate() throws IOException {
   @Test
   public void testDelayedSubscription() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     String rootName1 = "root_c";
@@ -360,8 +336,7 @@ public void testMissingCdsAndEds() {
     edsMap.put("garbageEds", clusterLoadAssignment);
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
     verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
@@ -393,8 +368,9 @@ public void testMissingCdsAndEds() {
   @Test
   public void testMissingLds() {
     String ldsName = "badLdsName";
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, syncContext,
         serverName, ldsName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
     verify(xdsConfigWatcher).onUpdate(
@@ -409,8 +385,7 @@ public void testTcpListenerErrors() {
     Listener serverListener =
         ControlPlaneRule.buildServerListener().toBuilder().setName(serverName).build();
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS, ImmutableMap.of(serverName, serverListener));
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
     verify(xdsConfigWatcher).onUpdate(
@@ -427,8 +402,7 @@ public void testMissingRds() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS,
         ImmutableMap.of(serverName, clientListener));
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
     verify(xdsConfigWatcher).onUpdate(
@@ -444,8 +418,7 @@ public void testUpdateToMissingVirtualHost() {
         "wrong-virtual-host", XdsTestUtils.RDS_NAME, XdsTestUtils.CLUSTER_NAME);
     controlPlaneService.setXdsConfig(
         ADS_TYPE_URL_RDS, ImmutableMap.of(XdsTestUtils.RDS_NAME, routeConfig));
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     // Update with a config that has a virtual host that doesn't match the server name
     verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
@@ -460,8 +433,9 @@ public void testCorruptLds() {
     String ldsResourceName =
         "xdstp://unknown.example.com/envoy.config.listener.v3.Listener/listener1";
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
+    xdsDependencyManager = new XdsDependencyManager(xdsClient, syncContext,
         serverName, ldsResourceName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     verify(xdsConfigWatcher).onUpdate(
         argThat(StatusOrMatcher.hasStatus(
@@ -474,8 +448,7 @@ public void testCorruptLds() {
   @Test
   public void testChangeRdsName_fromLds() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(StatusOr.fromValue(defaultXdsConfig));
 
     String newRdsName = "newRdsName1";
@@ -530,8 +503,7 @@ public void testMultipleParentsInCdsTree() throws IOException {
 
     // Start the actual test
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     XdsConfig initialConfig = xdsUpdateCaptor.getValue().getValue();
 
@@ -576,8 +548,7 @@ public void testCdsDeleteUnsubscribesChild() throws Exception {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     XdsConfig config = xdsUpdateCaptor.getValue().getValue();
     assertThat(config.getClusters().get("clusterA").hasValue()).isTrue();
@@ -611,12 +582,12 @@ public void testCdsCycleReclaimed() throws Exception {
 
     // The cycle is loaded and detected
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     XdsConfig config = xdsUpdateCaptor.getValue().getValue();
     assertThat(config.getClusters().get("clusterA").hasValue()).isFalse();
     assertThat(config.getClusters().get("clusterA").getStatus().getDescription()).contains("cycle");
+    assertThat(config.getClusters().get("clusterB").hasValue()).isTrue();
 
     // Orphan the cycle and it is discarded
     routeConfig =
@@ -657,8 +628,7 @@ public void testMultipleCdsReferToSameEds() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, edsMap);
 
     // Start the actual test
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     XdsConfig initialConfig = xdsUpdateCaptor.getValue().getValue();
     assertThat(initialConfig.getClusters().keySet())
@@ -675,8 +645,7 @@ public void testMultipleCdsReferToSameEds() {
 
   @Test
   public void testChangeRdsName_FromLds_complexTree() {
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     // Create the same tree as in testMultipleParentsInCdsTree
     Cluster rootCluster =
@@ -721,8 +690,7 @@ public void testChangeRdsName_FromLds_complexTree() {
   public void testChangeAggCluster() {
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(any());
 
     // Setup initial config A -> A1 -> (A11, A12)
@@ -775,8 +743,7 @@ public void testCdsError() throws IOException {
     controlPlaneService.setXdsConfig(
         ADS_TYPE_URL_CDS, ImmutableMap.of(XdsTestUtils.CLUSTER_NAME,
           Cluster.newBuilder().setName(XdsTestUtils.CLUSTER_NAME).build()));
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
     Status status = xdsUpdateCaptor.getValue().getValue()
@@ -789,8 +756,7 @@ public void ldsUpdateAfterShutdown() {
     XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
         ENDPOINT_HOSTNAME, ENDPOINT_PORT);
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     verify(xdsConfigWatcher).onUpdate(any());
 
@@ -822,8 +788,7 @@ public void rdsUpdateAfterShutdown() {
     XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
         ENDPOINT_HOSTNAME, ENDPOINT_PORT);
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     verify(xdsConfigWatcher).onUpdate(any());
 
@@ -855,8 +820,7 @@ public void cdsUpdateAfterShutdown() {
     XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
         ENDPOINT_HOSTNAME, ENDPOINT_PORT);
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     verify(xdsConfigWatcher).onUpdate(any());
 
@@ -888,8 +852,7 @@ public void edsUpdateAfterShutdown() {
     XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
         ENDPOINT_HOSTNAME, ENDPOINT_PORT);
 
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
 
     verify(xdsConfigWatcher).onUpdate(any());
 
@@ -922,8 +885,7 @@ public void subscribeToClusterAfterShutdown() throws Exception {
         ENDPOINT_HOSTNAME, ENDPOINT_PORT);
 
     InOrder inOrder = Mockito.inOrder(xdsConfigWatcher);
-    xdsDependencyManager = new XdsDependencyManager(xdsClient, xdsConfigWatcher, syncContext,
-        serverName, serverName, nameResolverArgs, scheduler);
+    xdsDependencyManager.start(xdsConfigWatcher);
     inOrder.verify(xdsConfigWatcher).onUpdate(any());
     xdsDependencyManager.shutdown();
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index ec1ccd7c6d0..e85058f0f3f 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -52,14 +52,20 @@
 import io.grpc.Context;
 import io.grpc.Context.CancellationListener;
 import io.grpc.StatusOr;
+import io.grpc.internal.ExponentialBackoffPolicy;
+import io.grpc.internal.FakeClock;
 import io.grpc.internal.JsonParser;
 import io.grpc.stub.StreamObserver;
 import io.grpc.xds.Endpoints.LbEndpoint;
 import io.grpc.xds.Endpoints.LocalityLbEndpoints;
 import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.client.Locality;
+import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsClientMetricReporter;
 import io.grpc.xds.client.XdsResourceType;
+import io.grpc.xds.client.XdsTransportFactory;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -364,6 +370,32 @@ static Listener buildInlineClientListener(String rdsName, String clusterName, St
         .setApiListener(clientListenerBuilder.build()).build();
   }
 
+  public static XdsClient createXdsClient(
+      List<String> serverUris,
+      XdsTransportFactory xdsTransportFactory,
+      FakeClock fakeClock) {
+    return createXdsClient(
+        CommonBootstrapperTestUtils.buildBootStrap(serverUris),
+        xdsTransportFactory,
+        fakeClock,
+        new XdsClientMetricReporter() {});
+  }
+
+  /** Calls {@link CommonBootstrapperTestUtils#createXdsClient} with gRPC-specific values. */
+  public static XdsClient createXdsClient(
+      Bootstrapper.BootstrapInfo bootstrapInfo,
+      XdsTransportFactory xdsTransportFactory,
+      FakeClock fakeClock,
+      XdsClientMetricReporter xdsClientMetricReporter) {
+    return CommonBootstrapperTestUtils.createXdsClient(
+          bootstrapInfo,
+          xdsTransportFactory,
+          fakeClock,
+          new ExponentialBackoffPolicy.Provider(),
+          MessagePrinter.INSTANCE,
+          xdsClientMetricReporter);
+  }
+
   /**
    * Matches a {@link LoadStatsRequest} containing a collection of {@link ClusterStats} with
    * the same list of clusterName:clusterServiceName pair.

From 30f6a4db77227a75220d82111e85497d339a3ba4 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 11 Jun 2025 12:19:19 -0700
Subject: [PATCH 288/591] google-java-format a line that was too long (#12147)

---
 .../main/java/io/grpc/binder/internal/BinderTransport.java   | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index c8900031432..4b35137aa54 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -300,7 +300,10 @@ protected boolean setOutgoingBinder(OneWayBinderProxy binder) {
 
   @Override
   public synchronized void binderDied() {
-    shutdownInternal(Status.UNAVAILABLE.withDescription("Peer process crashed, exited or was killed (binderDied)"), true);
+    shutdownInternal(
+        Status.UNAVAILABLE.withDescription(
+            "Peer process crashed, exited or was killed (binderDied)"),
+        true);
   }
 
   @GuardedBy("this")

From 13fe0080448e1fcb7e1dae925bce12c5c1c9071b Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 12 Jun 2025 04:01:19 +0000
Subject: [PATCH 289/591] rls: Refactor estimatedSizeBytes updates (#12145)

Just use a regular method instead of reusing the EvictionListener API.
Fix a few comments as well. Both of these changes were based on review
comments to pre-existing code in #11203.

Contributes to #11243
---
 .../java/io/grpc/rls/LinkedHashLruCache.java  | 39 +++++++------------
 1 file changed, 14 insertions(+), 25 deletions(-)

diff --git a/rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java b/rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java
index b39b463c762..9a961759693 100644
--- a/rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java
+++ b/rls/src/main/java/io/grpc/rls/LinkedHashLruCache.java
@@ -43,7 +43,8 @@ abstract class LinkedHashLruCache<K, V> implements LruCache<K, V> {
 
   private final LinkedHashMap<K, SizedValue> delegate;
   private final Ticker ticker;
-  private final EvictionListener<K, SizedValue> evictionListener;
+  @Nullable
+  private final EvictionListener<K, V> evictionListener;
   private long estimatedSizeBytes;
   private long estimatedMaxSizeBytes;
 
@@ -53,7 +54,7 @@ abstract class LinkedHashLruCache<K, V> implements LruCache<K, V> {
       final Ticker ticker) {
     checkState(estimatedMaxSizeBytes > 0, "max estimated cache size should be positive");
     this.estimatedMaxSizeBytes = estimatedMaxSizeBytes;
-    this.evictionListener = new SizeHandlingEvictionListener(evictionListener);
+    this.evictionListener = evictionListener;
     this.ticker = checkNotNull(ticker, "ticker");
     delegate = new LinkedHashMap<K, SizedValue>(
         // rough estimate or minimum hashmap default
@@ -135,7 +136,7 @@ public final V cache(K key, V value) {
     estimatedSizeBytes += size;
     existing = delegate.put(key, new SizedValue(size, value));
     if (existing != null) {
-      evictionListener.onEviction(key, existing, EvictionType.REPLACED);
+      fireOnEviction(key, existing, EvictionType.REPLACED);
     }
     return existing == null ? null : existing.value;
   }
@@ -174,7 +175,7 @@ private V invalidate(K key, EvictionType cause) {
     checkNotNull(cause, "cause");
     SizedValue existing = delegate.remove(key);
     if (existing != null) {
-      evictionListener.onEviction(key, existing, cause);
+      fireOnEviction(key, existing, cause);
     }
     return existing == null ? null : existing.value;
   }
@@ -185,7 +186,7 @@ public final void invalidateAll() {
     while (iterator.hasNext()) {
       Map.Entry<K, SizedValue> entry = iterator.next();
       if (entry.getValue() != null) {
-        evictionListener.onEviction(entry.getKey(), entry.getValue(), EvictionType.EXPLICIT);
+        fireOnEviction(entry.getKey(), entry.getValue(), EvictionType.EXPLICIT);
       }
       iterator.remove();
     }
@@ -215,14 +216,13 @@ public final List<V> values() {
   protected final boolean fitToLimit() {
     boolean removedAnyUnexpired = false;
     if (estimatedSizeBytes <= estimatedMaxSizeBytes) {
-      // new size is larger no need to do cleanup
       return false;
     }
     // cleanup expired entries
     long now = ticker.read();
     cleanupExpiredEntries(now);
 
-    // cleanup eldest entry until new size limit
+    // cleanup eldest entry until the size of all entries fits within the limit
     Iterator<Map.Entry<K, SizedValue>> lruIter = delegate.entrySet().iterator();
     while (lruIter.hasNext() && estimatedMaxSizeBytes < this.estimatedSizeBytes) {
       Map.Entry<K, SizedValue> entry = lruIter.next();
@@ -230,8 +230,8 @@ protected final boolean fitToLimit() {
         break; // Violates some constraint like minimum age so stop our cleanup
       }
       lruIter.remove();
-      // eviction listener will update the estimatedSizeBytes
-      evictionListener.onEviction(entry.getKey(), entry.getValue(), EvictionType.SIZE);
+      // fireOnEviction will update the estimatedSizeBytes
+      fireOnEviction(entry.getKey(), entry.getValue(), EvictionType.SIZE);
       removedAnyUnexpired = true;
     }
     return removedAnyUnexpired;
@@ -270,7 +270,7 @@ private boolean cleanupExpiredEntries(int maxExpiredEntries, long now) {
       Map.Entry<K, SizedValue> entry = lruIter.next();
       if (isExpired(entry.getKey(), entry.getValue().value, now)) {
         lruIter.remove();
-        evictionListener.onEviction(entry.getKey(), entry.getValue(), EvictionType.EXPIRED);
+        fireOnEviction(entry.getKey(), entry.getValue(), EvictionType.EXPIRED);
         removedAny = true;
         maxExpiredEntries--;
       }
@@ -283,21 +283,10 @@ public final void close() {
     invalidateAll();
   }
 
-  /** A {@link EvictionListener} keeps track of size. */
-  private final class SizeHandlingEvictionListener implements EvictionListener<K, SizedValue> {
-
-    private final EvictionListener<K, V> delegate;
-
-    SizeHandlingEvictionListener(@Nullable EvictionListener<K, V> delegate) {
-      this.delegate = delegate;
-    }
-
-    @Override
-    public void onEviction(K key, SizedValue value, EvictionType cause) {
-      estimatedSizeBytes -= value.size;
-      if (delegate != null) {
-        delegate.onEviction(key, value.value, cause);
-      }
+  private void fireOnEviction(K key, SizedValue value, EvictionType cause) {
+    estimatedSizeBytes -= value.size;
+    if (evictionListener != null) {
+      evictionListener.onEviction(key, value.value, cause);
     }
   }
 

From 6cc2ff1cedc8a64c4494e62f2ea5f25bb129c7fe Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 10 Jun 2025 14:32:26 -0700
Subject: [PATCH 290/591] util: In OutlierDetectionLb, don't box longs if they
 can't be null

Changed the builder pattern to pass the builder to the constructor,
since I was changing almost all the arguments of the constructor anyway.
---
 .../util/OutlierDetectionLoadBalancer.java    | 146 ++++++++----------
 1 file changed, 61 insertions(+), 85 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
index 59b2d38ecd9..bd9faef3f99 100644
--- a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
@@ -142,7 +142,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     // If outlier detection is actually configured, start a timer that will periodically try to
     // detect outliers.
     if (config.outlierDetectionEnabled()) {
-      Long initialDelayNanos;
+      long initialDelayNanos;
 
       if (detectionTimerStartNanos == null) {
         // On the first go we use the configured interval.
@@ -723,7 +723,7 @@ void swapCounters() {
      * that don't have ejected subchannels and uneject ones that have spent the maximum ejection
      * time allowed.
      */
-    void maybeUnejectOutliers(Long detectionTimerStartNanos) {
+    void maybeUnejectOutliers(long detectionTimerStartNanos) {
       for (EndpointTracker tracker : trackerMap.values()) {
         if (!tracker.subchannelsEjected()) {
           tracker.decrementEjectionTimeMultiplier();
@@ -951,64 +951,54 @@ private static boolean hasSingleAddress(List<EquivalentAddressGroup> addressGrou
    */
   public static final class OutlierDetectionLoadBalancerConfig {
 
-    public final Long intervalNanos;
-    public final Long baseEjectionTimeNanos;
-    public final Long maxEjectionTimeNanos;
-    public final Integer maxEjectionPercent;
+    public final long intervalNanos;
+    public final long baseEjectionTimeNanos;
+    public final long maxEjectionTimeNanos;
+    public final int maxEjectionPercent;
     public final SuccessRateEjection successRateEjection;
     public final FailurePercentageEjection failurePercentageEjection;
     public final Object childConfig;
 
-    private OutlierDetectionLoadBalancerConfig(Long intervalNanos,
-        Long baseEjectionTimeNanos,
-        Long maxEjectionTimeNanos,
-        Integer maxEjectionPercent,
-        SuccessRateEjection successRateEjection,
-        FailurePercentageEjection failurePercentageEjection,
-        Object childConfig) {
-      this.intervalNanos = intervalNanos;
-      this.baseEjectionTimeNanos = baseEjectionTimeNanos;
-      this.maxEjectionTimeNanos = maxEjectionTimeNanos;
-      this.maxEjectionPercent = maxEjectionPercent;
-      this.successRateEjection = successRateEjection;
-      this.failurePercentageEjection = failurePercentageEjection;
-      this.childConfig = childConfig;
+    private OutlierDetectionLoadBalancerConfig(Builder builder) {
+      this.intervalNanos = builder.intervalNanos;
+      this.baseEjectionTimeNanos = builder.baseEjectionTimeNanos;
+      this.maxEjectionTimeNanos = builder.maxEjectionTimeNanos;
+      this.maxEjectionPercent = builder.maxEjectionPercent;
+      this.successRateEjection = builder.successRateEjection;
+      this.failurePercentageEjection = builder.failurePercentageEjection;
+      this.childConfig = builder.childConfig;
     }
 
     /** Builds a new {@link OutlierDetectionLoadBalancerConfig}. */
     public static class Builder {
-      Long intervalNanos = 10_000_000_000L; // 10s
-      Long baseEjectionTimeNanos = 30_000_000_000L; // 30s
-      Long maxEjectionTimeNanos = 300_000_000_000L; // 300s
-      Integer maxEjectionPercent = 10;
+      long intervalNanos = 10_000_000_000L; // 10s
+      long baseEjectionTimeNanos = 30_000_000_000L; // 30s
+      long maxEjectionTimeNanos = 300_000_000_000L; // 300s
+      int maxEjectionPercent = 10;
       SuccessRateEjection successRateEjection;
       FailurePercentageEjection failurePercentageEjection;
       Object childConfig;
 
       /** The interval between outlier detection sweeps. */
-      public Builder setIntervalNanos(Long intervalNanos) {
-        checkArgument(intervalNanos != null);
+      public Builder setIntervalNanos(long intervalNanos) {
         this.intervalNanos = intervalNanos;
         return this;
       }
 
       /** The base time an address is ejected for. */
-      public Builder setBaseEjectionTimeNanos(Long baseEjectionTimeNanos) {
-        checkArgument(baseEjectionTimeNanos != null);
+      public Builder setBaseEjectionTimeNanos(long baseEjectionTimeNanos) {
         this.baseEjectionTimeNanos = baseEjectionTimeNanos;
         return this;
       }
 
       /** The longest time an address can be ejected. */
-      public Builder setMaxEjectionTimeNanos(Long maxEjectionTimeNanos) {
-        checkArgument(maxEjectionTimeNanos != null);
+      public Builder setMaxEjectionTimeNanos(long maxEjectionTimeNanos) {
         this.maxEjectionTimeNanos = maxEjectionTimeNanos;
         return this;
       }
 
       /** The algorithm agnostic maximum percentage of addresses that can be ejected. */
-      public Builder setMaxEjectionPercent(Integer maxEjectionPercent) {
-        checkArgument(maxEjectionPercent != null);
+      public Builder setMaxEjectionPercent(int maxEjectionPercent) {
         this.maxEjectionPercent = maxEjectionPercent;
         return this;
       }
@@ -1040,64 +1030,57 @@ public Builder setChildConfig(Object childConfig) {
       /** Builds a new instance of {@link OutlierDetectionLoadBalancerConfig}. */
       public OutlierDetectionLoadBalancerConfig build() {
         checkState(childConfig != null);
-        return new OutlierDetectionLoadBalancerConfig(intervalNanos, baseEjectionTimeNanos,
-            maxEjectionTimeNanos, maxEjectionPercent, successRateEjection,
-            failurePercentageEjection, childConfig);
+        return new OutlierDetectionLoadBalancerConfig(this);
       }
     }
 
     /** The configuration for success rate ejection. */
     public static class SuccessRateEjection {
 
-      public final Integer stdevFactor;
-      public final Integer enforcementPercentage;
-      public final Integer minimumHosts;
-      public final Integer requestVolume;
-
-      SuccessRateEjection(Integer stdevFactor, Integer enforcementPercentage, Integer minimumHosts,
-          Integer requestVolume) {
-        this.stdevFactor = stdevFactor;
-        this.enforcementPercentage = enforcementPercentage;
-        this.minimumHosts = minimumHosts;
-        this.requestVolume = requestVolume;
+      public final int stdevFactor;
+      public final int enforcementPercentage;
+      public final int minimumHosts;
+      public final int requestVolume;
+
+      SuccessRateEjection(Builder builder) {
+        this.stdevFactor = builder.stdevFactor;
+        this.enforcementPercentage = builder.enforcementPercentage;
+        this.minimumHosts = builder.minimumHosts;
+        this.requestVolume = builder.requestVolume;
       }
 
       /** Builds new instances of {@link SuccessRateEjection}. */
       public static final class Builder {
 
-        Integer stdevFactor = 1900;
-        Integer enforcementPercentage = 100;
-        Integer minimumHosts = 5;
-        Integer requestVolume = 100;
+        int stdevFactor = 1900;
+        int enforcementPercentage = 100;
+        int minimumHosts = 5;
+        int requestVolume = 100;
 
         /** The product of this and the standard deviation of success rates determine the ejection
          * threshold.
          */
-        public Builder setStdevFactor(Integer stdevFactor) {
-          checkArgument(stdevFactor != null);
+        public Builder setStdevFactor(int stdevFactor) {
           this.stdevFactor = stdevFactor;
           return this;
         }
 
         /** Only eject this percentage of outliers. */
-        public Builder setEnforcementPercentage(Integer enforcementPercentage) {
-          checkArgument(enforcementPercentage != null);
+        public Builder setEnforcementPercentage(int enforcementPercentage) {
           checkArgument(enforcementPercentage >= 0 && enforcementPercentage <= 100);
           this.enforcementPercentage = enforcementPercentage;
           return this;
         }
 
         /** The minimum amount of hosts needed for success rate ejection. */
-        public Builder setMinimumHosts(Integer minimumHosts) {
-          checkArgument(minimumHosts != null);
+        public Builder setMinimumHosts(int minimumHosts) {
           checkArgument(minimumHosts >= 0);
           this.minimumHosts = minimumHosts;
           return this;
         }
 
         /** The minimum address request volume to be considered for success rate ejection. */
-        public Builder setRequestVolume(Integer requestVolume) {
-          checkArgument(requestVolume != null);
+        public Builder setRequestVolume(int requestVolume) {
           checkArgument(requestVolume >= 0);
           this.requestVolume = requestVolume;
           return this;
@@ -1105,53 +1088,48 @@ public Builder setRequestVolume(Integer requestVolume) {
 
         /** Builds a new instance of {@link SuccessRateEjection}. */
         public SuccessRateEjection build() {
-          return new SuccessRateEjection(stdevFactor, enforcementPercentage, minimumHosts,
-              requestVolume);
+          return new SuccessRateEjection(this);
         }
       }
     }
 
     /** The configuration for failure percentage ejection. */
     public static class FailurePercentageEjection {
-      public final Integer threshold;
-      public final Integer enforcementPercentage;
-      public final Integer minimumHosts;
-      public final Integer requestVolume;
-
-      FailurePercentageEjection(Integer threshold, Integer enforcementPercentage,
-          Integer minimumHosts, Integer requestVolume) {
-        this.threshold = threshold;
-        this.enforcementPercentage = enforcementPercentage;
-        this.minimumHosts = minimumHosts;
-        this.requestVolume = requestVolume;
+      public final int threshold;
+      public final int enforcementPercentage;
+      public final int minimumHosts;
+      public final int requestVolume;
+
+      FailurePercentageEjection(Builder builder) {
+        this.threshold = builder.threshold;
+        this.enforcementPercentage = builder.enforcementPercentage;
+        this.minimumHosts = builder.minimumHosts;
+        this.requestVolume = builder.requestVolume;
       }
 
       /** For building new {@link FailurePercentageEjection} instances. */
       public static class Builder {
-        Integer threshold = 85;
-        Integer enforcementPercentage = 100;
-        Integer minimumHosts = 5;
-        Integer requestVolume = 50;
+        int threshold = 85;
+        int enforcementPercentage = 100;
+        int minimumHosts = 5;
+        int requestVolume = 50;
 
         /** The failure percentage that will result in an address being considered an outlier. */
-        public Builder setThreshold(Integer threshold) {
-          checkArgument(threshold != null);
+        public Builder setThreshold(int threshold) {
           checkArgument(threshold >= 0 && threshold <= 100);
           this.threshold = threshold;
           return this;
         }
 
         /** Only eject this percentage of outliers. */
-        public Builder setEnforcementPercentage(Integer enforcementPercentage) {
-          checkArgument(enforcementPercentage != null);
+        public Builder setEnforcementPercentage(int enforcementPercentage) {
           checkArgument(enforcementPercentage >= 0 && enforcementPercentage <= 100);
           this.enforcementPercentage = enforcementPercentage;
           return this;
         }
 
         /** The minimum amount of host for failure percentage ejection to be enabled. */
-        public Builder setMinimumHosts(Integer minimumHosts) {
-          checkArgument(minimumHosts != null);
+        public Builder setMinimumHosts(int minimumHosts) {
           checkArgument(minimumHosts >= 0);
           this.minimumHosts = minimumHosts;
           return this;
@@ -1161,8 +1139,7 @@ public Builder setMinimumHosts(Integer minimumHosts) {
          * The request volume required for an address to be considered for failure percentage
          * ejection.
          */
-        public Builder setRequestVolume(Integer requestVolume) {
-          checkArgument(requestVolume != null);
+        public Builder setRequestVolume(int requestVolume) {
           checkArgument(requestVolume >= 0);
           this.requestVolume = requestVolume;
           return this;
@@ -1170,8 +1147,7 @@ public Builder setRequestVolume(Integer requestVolume) {
 
         /** Builds a new instance of {@link FailurePercentageEjection}. */
         public FailurePercentageEjection build() {
-          return new FailurePercentageEjection(threshold, enforcementPercentage, minimumHosts,
-              requestVolume);
+          return new FailurePercentageEjection(this);
         }
       }
     }

From 6f69363d90a9ae7471c40044a711be007029c59b Mon Sep 17 00:00:00 2001
From: David Sanderson <32687193+dws@users.noreply.github.com>
Date: Thu, 12 Jun 2025 11:43:23 -0400
Subject: [PATCH 291/591] bazel: Migrate java_grpc_library to use DefaultInfo
 (#12148)

We here address the following obstacles in grpc-java to using Bazel's
--incompatible_disable_target_default_provider_fields flag:

```
ERROR: /private/var/tmp/_bazel_dws/7fd3cd5077fbf76d9e2ae421c39ef7ed/external/googleapis+/google/devtools/build/v1/BUILD.bazel:81:18: in _java_grpc_library rule @@googleapis+//google/devtools/build/v1:build_java_grpc:
Traceback (most recent call last):
        File "/private/var/tmp/_bazel_dws/7fd3cd5077fbf76d9e2ae421c39ef7ed/external/grpc-java+/java_grpc_library.bzl", line 94, column 30, in _java_rpc_library_impl
                args.add(toolchain.plugin.files_to_run.executable, format = "--plugin=protoc-gen-rpc-plugin=%s")
Error: Accessing the default provider in this manner is deprecated and will be removed soon. It may be temporarily re-enabled by setting --incompatible_disable_target_default_provider_fields=false. See https://github.com/bazelbuild/bazel/issues/20183 for details.
ERROR: /private/var/tmp/_bazel_dws/7fd3cd5077fbf76d9e2ae421c39ef7ed/external/googleapis+/google/devtools/build/v1/BUILD.bazel:81:18: Analysis of target '@@googleapis+//google/devtools/build/v1:build_java_grpc' failed
ERROR: Analysis of target '//src:bazel' failed; build aborted: Analysis failed
```
---
 java_grpc_library.bzl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/java_grpc_library.bzl b/java_grpc_library.bzl
index 630ced383f7..e7d133a2769 100644
--- a/java_grpc_library.bzl
+++ b/java_grpc_library.bzl
@@ -91,15 +91,15 @@ def _java_rpc_library_impl(ctx):
     srcjar = ctx.actions.declare_file("%s-proto-gensrc.jar" % ctx.label.name)
 
     args = ctx.actions.args()
-    args.add(toolchain.plugin.files_to_run.executable, format = "--plugin=protoc-gen-rpc-plugin=%s")
+    args.add(toolchain.plugin[DefaultInfo].files_to_run.executable, format = "--plugin=protoc-gen-rpc-plugin=%s")
     args.add("--rpc-plugin_out={0}:{1}".format(toolchain.plugin_arg, srcjar.path))
     args.add_joined("--descriptor_set_in", descriptor_set_in, join_with = ctx.configuration.host_path_separator)
     args.add_all(srcs, map_each = _path_ignoring_repository)
 
     ctx.actions.run(
-        inputs = depset(srcs, transitive = [descriptor_set_in, toolchain.plugin.files]),
+        inputs = depset(srcs, transitive = [descriptor_set_in, toolchain.plugin[DefaultInfo].files]),
         outputs = [srcjar],
-        executable = toolchain.protoc.files_to_run,
+        executable = toolchain.protoc[DefaultInfo].files_to_run,
         arguments = [args],
         use_default_shell_env = True,
         toolchain = None,

From 26bd0eee4705e4ddac0e351fded5a8bd4e49f863 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 13 Jun 2025 12:30:13 +0530
Subject: [PATCH 292/591] core: Use lazy message formatting in checkState
 (#12144)

---
 core/src/main/java/io/grpc/internal/InternalSubchannel.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/io/grpc/internal/InternalSubchannel.java b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
index 27a80f7c191..a27e46eaf60 100644
--- a/core/src/main/java/io/grpc/internal/InternalSubchannel.java
+++ b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
@@ -346,7 +346,7 @@ private void gotoState(final ConnectivityStateInfo newState) {
 
     if (state.getState() != newState.getState()) {
       Preconditions.checkState(state.getState() != SHUTDOWN,
-          "Cannot transition out of SHUTDOWN to " + newState);
+          "Cannot transition out of SHUTDOWN to %s", newState.getState());
       if (reconnectDisabled && newState.getState() == TRANSIENT_FAILURE) {
         state = ConnectivityStateInfo.forNonError(IDLE);
       } else {

From 240f731e00f659b6dd271bfb9941e4ba587e154f Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sat, 31 May 2025 07:44:55 -0700
Subject: [PATCH 293/591] xds: Avoid changing cache when watching children in
 XdsDepManager

The watchers can be completely regular, so the base class can do the
cache management while the subclasses are only concerned with
subscribing to children.
---
 .../io/grpc/xds/XdsDependencyManager.java     | 74 ++++++-------------
 1 file changed, 22 insertions(+), 52 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 0428852648d..c7333b93c11 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -333,7 +333,8 @@ private static void addConfigForCluster(
             Status.INTERNAL.withDescription("Logical DNS in dependency manager unsupported")));
         break;
       default:
-        throw new IllegalStateException("Unexpected value: " + cdsUpdate.clusterType());
+        child = new EndpointConfig(StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
+              "Unknown type in cluster " + clusterName + " " + cdsUpdate.clusterType())));
     }
     if (clusters.containsKey(clusterName)) {
       // If a cycle is detected, we'll have detected it while recursing, so now there will be a key
@@ -520,7 +521,7 @@ public void onError(Status error) {
       }
       // Don't update configuration on error, if we've already received configuration
       if (!hasDataValue()) {
-        setDataAsStatus(Status.UNAVAILABLE.withDescription(
+        this.data = StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
             String.format("Error retrieving %s: %s: %s",
               toContextString(), error.getCode(), error.getDescription())));
         maybePublishConfig();
@@ -534,11 +535,25 @@ public void onResourceDoesNotExist(String resourceName) {
       }
 
       checkArgument(this.resourceName.equals(resourceName), "Resource name does not match");
-      setDataAsStatus(Status.UNAVAILABLE.withDescription(
+      this.data = StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
           toContextString() + " does not exist" + nodeInfo()));
       maybePublishConfig();
     }
 
+    @Override
+    public void onChanged(T update) {
+      checkNotNull(update, "update");
+      if (cancelled) {
+        return;
+      }
+
+      this.data = StatusOr.fromValue(update);
+      subscribeToChildren(update);
+      maybePublishConfig();
+    }
+
+    protected abstract void subscribeToChildren(T update);
+
     public void close() {
       cancelled = true;
       xdsClient.cancelXdsResourceWatch(type, resourceName, this);
@@ -557,20 +572,6 @@ boolean hasDataValue() {
       return data != null && data.hasValue();
     }
 
-    String resourceName() {
-      return resourceName;
-    }
-
-    protected void setData(T data) {
-      checkNotNull(data, "data");
-      this.data = StatusOr.fromValue(data);
-    }
-
-    protected void setDataAsStatus(Status status) {
-      checkNotNull(status, "status");
-      this.data = StatusOr.fromStatus(status);
-    }
-
     public String toContextString() {
       return toContextStr(type.typeName(), resourceName);
     }
@@ -588,12 +589,7 @@ private LdsWatcher(String resourceName) {
     }
 
     @Override
-    public void onChanged(XdsListenerResource.LdsUpdate update) {
-      checkNotNull(update, "update");
-      if (cancelled) {
-        return;
-      }
-
+    public void subscribeToChildren(XdsListenerResource.LdsUpdate update) {
       HttpConnectionManager httpConnectionManager = update.httpConnectionManager();
       List<VirtualHost> virtualHosts;
       if (httpConnectionManager == null) {
@@ -610,9 +606,6 @@ public void onChanged(XdsListenerResource.LdsUpdate update) {
       if (rdsName != null) {
         addRdsWatcher(rdsName);
       }
-
-      setData(update);
-      maybePublishConfig();
     }
 
     private String getRdsName(XdsListenerResource.LdsUpdate update) {
@@ -680,14 +673,8 @@ public RdsWatcher(String resourceName) {
     }
 
     @Override
-    public void onChanged(RdsUpdate update) {
-      checkNotNull(update, "update");
-      if (cancelled) {
-        return;
-      }
-      setData(update);
+    public void subscribeToChildren(RdsUpdate update) {
       updateRoutes(update.virtualHosts);
-      maybePublishConfig();
     }
 
     @Override
@@ -705,31 +692,20 @@ private class CdsWatcher extends XdsWatcherBase<XdsClusterResource.CdsUpdate> {
     }
 
     @Override
-    public void onChanged(XdsClusterResource.CdsUpdate update) {
-      checkNotNull(update, "update");
-      if (cancelled) {
-        return;
-      }
+    public void subscribeToChildren(XdsClusterResource.CdsUpdate update) {
       switch (update.clusterType()) {
         case EDS:
-          setData(update);
           addEdsWatcher(getEdsServiceName());
           break;
         case LOGICAL_DNS:
-          setData(update);
           // no eds needed
           break;
         case AGGREGATE:
-          setData(update);
           update.prioritizedClusterNames()
               .forEach(name -> addClusterWatcher(name));
           break;
         default:
-          Status error = Status.UNAVAILABLE.withDescription(
-              "unknown cluster type in " + resourceName() + " " + update.clusterType());
-          setDataAsStatus(error);
       }
-      maybePublishConfig();
     }
 
     public String getEdsServiceName() {
@@ -749,12 +725,6 @@ private EdsWatcher(String resourceName) {
     }
 
     @Override
-    public void onChanged(XdsEndpointResource.EdsUpdate update) {
-      if (cancelled) {
-        return;
-      }
-      setData(checkNotNull(update, "update"));
-      maybePublishConfig();
-    }
+    public void subscribeToChildren(XdsEndpointResource.EdsUpdate update) {}
   }
 }

From d88ef97a87a6c930f65ab85bca00a9c7c95acf76 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 12 Jun 2025 11:47:05 -0700
Subject: [PATCH 294/591] core: Remove
 RetryingNR.RESOLUTION_RESULT_LISTENER_KEY

It was introduced in fcb5c54e4 because at the time we didn't change the
API to communicate the status. When onResult2() was introduced in
90d0fabb1 this hack stopped being necessary.
---
 .../io/grpc/internal/ManagedChannelImpl.java  | 14 +-----
 .../grpc/internal/RetryingNameResolver.java   | 32 +-------------
 .../grpc/internal/ManagedChannelImplTest.java |  4 --
 .../internal/RetryingNameResolverTest.java    | 43 ++-----------------
 4 files changed, 6 insertions(+), 87 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 976587a6db9..9b756c3165d 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -94,7 +94,6 @@
 import io.grpc.internal.ManagedChannelServiceConfig.ServiceConfigConvertedSelector;
 import io.grpc.internal.RetriableStream.ChannelBufferMeter;
 import io.grpc.internal.RetriableStream.Throttle;
-import io.grpc.internal.RetryingNameResolver.ResolutionResultListener;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -1653,18 +1652,7 @@ final class NameResolverListener extends NameResolver.Listener2 {
 
     @Override
     public void onResult(final ResolutionResult resolutionResult) {
-      final class NamesResolved implements Runnable {
-
-        @Override
-        public void run() {
-          Status status = onResult2(resolutionResult);
-          ResolutionResultListener resolutionResultListener = resolutionResult.getAttributes()
-              .get(RetryingNameResolver.RESOLUTION_RESULT_LISTENER_KEY);
-          resolutionResultListener.resolutionAttempted(status);
-        }
-      }
-
-      syncContext.execute(new NamesResolved());
+      syncContext.execute(() -> onResult2(resolutionResult));
     }
 
     @SuppressWarnings("ReferenceEquality")
diff --git a/core/src/main/java/io/grpc/internal/RetryingNameResolver.java b/core/src/main/java/io/grpc/internal/RetryingNameResolver.java
index 6dcfcd3534a..55fedea932e 100644
--- a/core/src/main/java/io/grpc/internal/RetryingNameResolver.java
+++ b/core/src/main/java/io/grpc/internal/RetryingNameResolver.java
@@ -17,7 +17,6 @@
 package io.grpc.internal;
 
 import com.google.common.annotations.VisibleForTesting;
-import io.grpc.Attributes;
 import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
@@ -34,9 +33,6 @@ final class RetryingNameResolver extends ForwardingNameResolver {
   private final RetryScheduler retryScheduler;
   private final SynchronizationContext syncContext;
 
-  static final Attributes.Key<ResolutionResultListener> RESOLUTION_RESULT_LISTENER_KEY
-      = Attributes.Key.create(
-          "io.grpc.internal.RetryingNameResolver.RESOLUTION_RESULT_LISTENER_KEY");
 
   /**
    * Creates a new {@link RetryingNameResolver}.
@@ -88,18 +84,7 @@ private class RetryingListener extends Listener2 {
 
     @Override
     public void onResult(ResolutionResult resolutionResult) {
-      // If the resolution result listener is already an attribute it indicates that a name resolver
-      // has already been wrapped with this class. This indicates a misconfiguration.
-      if (resolutionResult.getAttributes().get(RESOLUTION_RESULT_LISTENER_KEY) != null) {
-        throw new IllegalStateException(
-            "RetryingNameResolver can only be used once to wrap a NameResolver");
-      }
-
-      // To have retry behavior for name resolvers that haven't migrated to onResult2.
-      delegateListener.onResult(resolutionResult.toBuilder().setAttributes(
-              resolutionResult.getAttributes().toBuilder()
-                  .set(RESOLUTION_RESULT_LISTENER_KEY, new ResolutionResultListener()).build())
-          .build());
+      syncContext.execute(() -> onResult2(resolutionResult));
     }
 
     @Override
@@ -119,19 +104,4 @@ public void onError(Status error) {
       syncContext.execute(() -> retryScheduler.schedule(new DelayedNameResolverRefresh()));
     }
   }
-
-  /**
-   * Simple callback class to store in {@link ResolutionResult} attributes so that
-   * ManagedChannel can indicate if the resolved addresses were accepted. Temporary until
-   * the Listener2.onResult() API can be changed to return a boolean for this purpose.
-   */
-  class ResolutionResultListener {
-    public void resolutionAttempted(Status successStatus) {
-      if (successStatus.isOk()) {
-        retryScheduler.reset();
-      } else {
-        retryScheduler.schedule(new DelayedNameResolverRefresh());
-      }
-    }
-  }
 }
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index ac845947f1c..6dfba7404c6 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -3844,8 +3844,6 @@ public double nextDouble() {
     verify(mockLoadBalancer).acceptResolvedAddresses(resolvedAddressCaptor.capture());
     ResolvedAddresses resolvedAddresses = resolvedAddressCaptor.getValue();
     assertThat(resolvedAddresses.getAddresses()).isEqualTo(nameResolverFactory.servers);
-    assertThat(resolvedAddresses.getAttributes()
-        .get(RetryingNameResolver.RESOLUTION_RESULT_LISTENER_KEY)).isNotNull();
 
     // simulating request connection and then transport ready after resolved address
     Subchannel subchannel =
@@ -3951,8 +3949,6 @@ public void hedgingScheduledThenChannelShutdown_hedgeShouldStillHappen_newCallSh
     verify(mockLoadBalancer).acceptResolvedAddresses(resolvedAddressCaptor.capture());
     ResolvedAddresses resolvedAddresses = resolvedAddressCaptor.getValue();
     assertThat(resolvedAddresses.getAddresses()).isEqualTo(nameResolverFactory.servers);
-    assertThat(resolvedAddresses.getAttributes()
-        .get(RetryingNameResolver.RESOLUTION_RESULT_LISTENER_KEY)).isNotNull();
 
     // simulating request connection and then transport ready after resolved address
     Subchannel subchannel =
diff --git a/core/src/test/java/io/grpc/internal/RetryingNameResolverTest.java b/core/src/test/java/io/grpc/internal/RetryingNameResolverTest.java
index 6347416f0ca..1da93f05fe2 100644
--- a/core/src/test/java/io/grpc/internal/RetryingNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/RetryingNameResolverTest.java
@@ -17,7 +17,6 @@
 package io.grpc.internal;
 
 import static com.google.common.truth.Truth.assertThat;
-import static org.junit.Assert.fail;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -28,7 +27,6 @@
 import io.grpc.NameResolver.ResolutionResult;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
-import io.grpc.internal.RetryingNameResolver.ResolutionResultListener;
 import java.lang.Thread.UncaughtExceptionHandler;
 import org.junit.Before;
 import org.junit.Rule;
@@ -58,8 +56,6 @@ public class RetryingNameResolverTest {
   private RetryScheduler mockRetryScheduler;
   @Captor
   private ArgumentCaptor<Listener2> listenerCaptor;
-  @Captor
-  private ArgumentCaptor<ResolutionResult> onResultCaptor;
   private final SynchronizationContext syncContext = new SynchronizationContext(
       mock(UncaughtExceptionHandler.class));
 
@@ -77,21 +73,14 @@ public void startAndShutdown() {
     retryingNameResolver.shutdown();
   }
 
-  // Make sure the ResolutionResultListener callback is added to the ResolutionResult attributes,
-  // and the retry scheduler is reset since the name resolution was successful.
   @Test
   public void onResult_success() {
+    when(mockListener.onResult2(isA(ResolutionResult.class))).thenReturn(Status.OK);
     retryingNameResolver.start(mockListener);
     verify(mockNameResolver).start(listenerCaptor.capture());
 
     listenerCaptor.getValue().onResult(ResolutionResult.newBuilder().build());
-    verify(mockListener).onResult(onResultCaptor.capture());
-    ResolutionResultListener resolutionResultListener = onResultCaptor.getValue()
-        .getAttributes()
-        .get(RetryingNameResolver.RESOLUTION_RESULT_LISTENER_KEY);
-    assertThat(resolutionResultListener).isNotNull();
 
-    resolutionResultListener.resolutionAttempted(Status.OK);
     verify(mockRetryScheduler).reset();
   }
 
@@ -107,21 +96,15 @@ public void onResult2_sucesss() {
     verify(mockRetryScheduler).reset();
   }
 
-  // Make sure the ResolutionResultListener callback is added to the ResolutionResult attributes,
-  // and that a retry gets scheduled when the resolution results are rejected.
+  // Make sure that a retry gets scheduled when the resolution results are rejected.
   @Test
   public void onResult_failure() {
+    when(mockListener.onResult2(isA(ResolutionResult.class))).thenReturn(Status.UNAVAILABLE);
     retryingNameResolver.start(mockListener);
     verify(mockNameResolver).start(listenerCaptor.capture());
 
     listenerCaptor.getValue().onResult(ResolutionResult.newBuilder().build());
-    verify(mockListener).onResult(onResultCaptor.capture());
-    ResolutionResultListener resolutionResultListener = onResultCaptor.getValue()
-        .getAttributes()
-        .get(RetryingNameResolver.RESOLUTION_RESULT_LISTENER_KEY);
-    assertThat(resolutionResultListener).isNotNull();
 
-    resolutionResultListener.resolutionAttempted(Status.UNAVAILABLE);
     verify(mockRetryScheduler).schedule(isA(Runnable.class));
   }
 
@@ -138,24 +121,6 @@ public void onResult2_failure() {
     verify(mockRetryScheduler).schedule(isA(Runnable.class));
   }
 
-  // Wrapping a NameResolver more than once is a misconfiguration.
-  @Test
-  public void onResult_failure_doubleWrapped() {
-    NameResolver doubleWrappedResolver = new RetryingNameResolver(retryingNameResolver,
-        mockRetryScheduler, syncContext);
-
-    doubleWrappedResolver.start(mockListener);
-    verify(mockNameResolver).start(listenerCaptor.capture());
-
-    try {
-      listenerCaptor.getValue().onResult(ResolutionResult.newBuilder().build());
-    } catch (IllegalStateException e) {
-      assertThat(e).hasMessageThat().contains("can only be used once");
-      return;
-    }
-    fail("An exception should have been thrown for a double wrapped NAmeResolver");
-  }
-
   // A retry should get scheduled when name resolution fails.
   @Test
   public void onError() {
@@ -165,4 +130,4 @@ public void onError() {
     verify(mockListener).onError(Status.DEADLINE_EXCEEDED);
     verify(mockRetryScheduler).schedule(isA(Runnable.class));
   }
-}
\ No newline at end of file
+}

From 8974a306af0bb5334cbe2bf4278cd898e5110668 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 13 Jun 2025 17:52:00 +0000
Subject: [PATCH 295/591] util: Mark OutlierDetectionLb classes final

None of these classes were intended to be extended. Even non-public
classes need final to prevent mocks from doing horrible things.
---
 .../util/OutlierDetectionLoadBalancer.java    | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
index bd9faef3f99..07376af2110 100644
--- a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
@@ -189,7 +189,7 @@ public void shutdown() {
    * This timer will be invoked periodically, according to configuration, and it will look for any
    * outlier subchannels.
    */
-  class DetectionTimer implements Runnable {
+  final class DetectionTimer implements Runnable {
 
     OutlierDetectionLoadBalancerConfig config;
     ChannelLogger logger;
@@ -217,7 +217,7 @@ public void run() {
    * This child helper wraps the provided helper so that it can hand out wrapped {@link
    * OutlierDetectionSubchannel}s and manage the address info map.
    */
-  class ChildHelper extends ForwardingLoadBalancerHelper {
+  final class ChildHelper extends ForwardingLoadBalancerHelper {
 
     private Helper delegate;
 
@@ -259,7 +259,7 @@ public void updateBalancingState(ConnectivityState newState, SubchannelPicker ne
     }
   }
 
-  class OutlierDetectionSubchannel extends ForwardingSubchannel {
+  final class OutlierDetectionSubchannel extends ForwardingSubchannel {
 
     private final Subchannel delegate;
     private EndpointTracker endpointTracker;
@@ -398,7 +398,7 @@ protected Subchannel delegate() {
     /**
      * Wraps the actual listener so that state changes from the actual one can be intercepted.
      */
-    class OutlierDetectionSubchannelStateListener implements SubchannelStateListener {
+    final class OutlierDetectionSubchannelStateListener implements SubchannelStateListener {
 
       private final SubchannelStateListener delegate;
 
@@ -428,7 +428,7 @@ public String toString() {
    * This picker delegates the actual picking logic to a wrapped delegate, but associates a {@link
    * ClientStreamTracer} with each pick to track the results of each subchannel stream.
    */
-  class OutlierDetectionPicker extends SubchannelPicker {
+  final class OutlierDetectionPicker extends SubchannelPicker {
 
     private final SubchannelPicker delegate;
 
@@ -454,7 +454,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
      * Builds instances of a {@link ClientStreamTracer} that increments the call count in the
      * tracker for each closed stream.
      */
-    class ResultCountingClientStreamTracerFactory extends ClientStreamTracer.Factory {
+    final class ResultCountingClientStreamTracerFactory extends ClientStreamTracer.Factory {
 
       private final EndpointTracker tracker;
 
@@ -498,7 +498,7 @@ public void streamClosed(Status status) {
   /**
    * Tracks additional information about the endpoint needed for outlier detection.
    */
-  static class EndpointTracker {
+  static final class EndpointTracker {
 
     private OutlierDetectionLoadBalancerConfig config;
     // Marked as volatile to assure that when the inactive counter is swapped in as the new active
@@ -642,7 +642,7 @@ public boolean maxEjectionTimeElapsed(long currentTimeNanos) {
     }
 
     /** Tracks both successful and failed call counts. */
-    private static class CallCounter {
+    private static final class CallCounter {
       AtomicLong successCount = new AtomicLong();
       AtomicLong failureCount = new AtomicLong();
 
@@ -663,7 +663,7 @@ public String toString() {
   /**
    * Maintains a mapping from endpoint (a set of addresses) to their trackers.
    */
-  static class EndpointTrackerMap extends ForwardingMap<Set<SocketAddress>, EndpointTracker> {
+  static final class EndpointTrackerMap extends ForwardingMap<Set<SocketAddress>, EndpointTracker> {
     private final Map<Set<SocketAddress>, EndpointTracker> trackerMap;
 
     EndpointTrackerMap() {
@@ -784,7 +784,7 @@ static List<OutlierEjectionAlgorithm> forConfig(OutlierDetectionLoadBalancerConf
    * required rate is not fixed, but is based on the mean and standard deviation of the success
    * rates of all of the addresses.
    */
-  static class SuccessRateOutlierEjectionAlgorithm implements OutlierEjectionAlgorithm {
+  static final class SuccessRateOutlierEjectionAlgorithm implements OutlierEjectionAlgorithm {
 
     private final OutlierDetectionLoadBalancerConfig config;
 
@@ -869,7 +869,7 @@ static double standardDeviation(Collection<Double> values, double mean) {
     }
   }
 
-  static class FailurePercentageOutlierEjectionAlgorithm implements OutlierEjectionAlgorithm {
+  static final class FailurePercentageOutlierEjectionAlgorithm implements OutlierEjectionAlgorithm {
 
     private final OutlierDetectionLoadBalancerConfig config;
 
@@ -970,7 +970,7 @@ private OutlierDetectionLoadBalancerConfig(Builder builder) {
     }
 
     /** Builds a new {@link OutlierDetectionLoadBalancerConfig}. */
-    public static class Builder {
+    public static final class Builder {
       long intervalNanos = 10_000_000_000L; // 10s
       long baseEjectionTimeNanos = 30_000_000_000L; // 30s
       long maxEjectionTimeNanos = 300_000_000_000L; // 300s
@@ -1035,7 +1035,7 @@ public OutlierDetectionLoadBalancerConfig build() {
     }
 
     /** The configuration for success rate ejection. */
-    public static class SuccessRateEjection {
+    public static final class SuccessRateEjection {
 
       public final int stdevFactor;
       public final int enforcementPercentage;
@@ -1094,7 +1094,7 @@ public SuccessRateEjection build() {
     }
 
     /** The configuration for failure percentage ejection. */
-    public static class FailurePercentageEjection {
+    public static final class FailurePercentageEjection {
       public final int threshold;
       public final int enforcementPercentage;
       public final int minimumHosts;

From d5b4fb51c2e5ed0fa4dc3fdc979e9bc99c82b86a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 12 Jun 2025 09:47:22 -0700
Subject: [PATCH 296/591] xds: Support tracking non-xds resources in
 XdsDepManager

This will be used for logical dns clusters as part of gRFC A74. Swapping
to EnumMap wasn't really necessary, but was easy given the new type
system.

I can't say I'm particularly happy with the name of the new
TrackedWatcher type, but XdsConfigWatcher prevented using "Watcher"
because it won't implement the new interface, and ResourceWatcher
already exists in XdsClient. So we have TrackedWatcher, WatcherTracer,
TypeWatchers, and TrackedWatcherType.
---
 .../io/grpc/xds/XdsDependencyManager.java     | 164 ++++++++++--------
 1 file changed, 94 insertions(+), 70 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index c7333b93c11..82cfd9ccbdf 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -36,6 +36,7 @@
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.client.XdsResourceType;
 import java.util.Collections;
+import java.util.EnumMap;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
@@ -53,8 +54,19 @@
  * applies to a single data plane authority.
  */
 final class XdsDependencyManager implements XdsConfig.XdsClusterSubscriptionRegistry {
-  public static final XdsClusterResource CLUSTER_RESOURCE = XdsClusterResource.getInstance();
-  public static final XdsEndpointResource ENDPOINT_RESOURCE = XdsEndpointResource.getInstance();
+  private enum TrackedWatcherTypeEnum {
+    LDS, RDS, CDS, EDS
+  }
+
+  private static final TrackedWatcherType<XdsListenerResource.LdsUpdate> LDS_TYPE =
+      new TrackedWatcherType<>(TrackedWatcherTypeEnum.LDS);
+  private static final TrackedWatcherType<RdsUpdate> RDS_TYPE =
+      new TrackedWatcherType<>(TrackedWatcherTypeEnum.RDS);
+  private static final TrackedWatcherType<XdsClusterResource.CdsUpdate> CDS_TYPE =
+      new TrackedWatcherType<>(TrackedWatcherTypeEnum.CDS);
+  private static final TrackedWatcherType<XdsEndpointResource.EdsUpdate> EDS_TYPE =
+      new TrackedWatcherType<>(TrackedWatcherTypeEnum.EDS);
+
   private static final int MAX_CLUSTER_RECURSION_DEPTH = 16; // Specified by gRFC A37
   private final String listenerName;
   private final XdsClient xdsClient;
@@ -63,7 +75,8 @@ final class XdsDependencyManager implements XdsConfig.XdsClusterSubscriptionRegi
   private XdsConfigWatcher xdsConfigWatcher;
 
   private StatusOr<XdsConfig> lastUpdate = null;
-  private final Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers = new HashMap<>();
+  private final Map<TrackedWatcherTypeEnum, TypeWatchers<?>> resourceWatchers =
+      new EnumMap<>(TrackedWatcherTypeEnum.class);
   private final Set<ClusterSubscription> subscriptions = new HashSet<>();
 
   XdsDependencyManager(XdsClient xdsClient,
@@ -86,7 +99,7 @@ public void start(XdsConfigWatcher xdsConfigWatcher) {
     checkState(this.xdsConfigWatcher == null, "dep manager may not be restarted");
     this.xdsConfigWatcher = checkNotNull(xdsConfigWatcher, "xdsConfigWatcher");
     // start the ball rolling
-    syncContext.execute(() -> addWatcher(new LdsWatcher(listenerName)));
+    syncContext.execute(() -> addWatcher(LDS_TYPE, new LdsWatcher(listenerName)));
   }
 
   @Override
@@ -96,7 +109,7 @@ public XdsConfig.Subscription subscribeToCluster(String clusterName) {
     ClusterSubscription subscription = new ClusterSubscription(clusterName);
 
     syncContext.execute(() -> {
-      if (getWatchers(XdsListenerResource.getInstance()).isEmpty()) {
+      if (getWatchers(LDS_TYPE).isEmpty()) {
         subscription.closed = true;
         return; // shutdown() called
       }
@@ -107,33 +120,28 @@ public XdsConfig.Subscription subscribeToCluster(String clusterName) {
     return subscription;
   }
 
-  private <T extends ResourceUpdate> void addWatcher(XdsWatcherBase<T> watcher) {
+  private <T extends ResourceUpdate> void addWatcher(
+      TrackedWatcherType<T> watcherType, XdsWatcherBase<T> watcher) {
     syncContext.throwIfNotInThisSynchronizationContext();
     XdsResourceType<T> type = watcher.type;
     String resourceName = watcher.resourceName;
 
-    getWatchers(type).put(resourceName, watcher);
+    getWatchers(watcherType).put(resourceName, watcher);
     xdsClient.watchXdsResource(type, resourceName, watcher, syncContext);
   }
 
   public void shutdown() {
     syncContext.execute(() -> {
       for (TypeWatchers<?> watchers : resourceWatchers.values()) {
-        shutdownWatchersForType(watchers);
+        for (TrackedWatcher<?> watcher : watchers.watchers.values()) {
+          watcher.close();
+        }
       }
       resourceWatchers.clear();
       subscriptions.clear();
     });
   }
 
-  private <T extends ResourceUpdate> void shutdownWatchersForType(TypeWatchers<T> watchers) {
-    for (Map.Entry<String, XdsWatcherBase<T>> watcherEntry : watchers.watchers.entrySet()) {
-      xdsClient.cancelXdsResourceWatch(watchers.resourceType, watcherEntry.getKey(),
-          watcherEntry.getValue());
-      watcherEntry.getValue().cancelled = true;
-    }
-  }
-
   private void releaseSubscription(ClusterSubscription subscription) {
     checkNotNull(subscription, "subscription");
     syncContext.execute(() -> {
@@ -154,12 +162,12 @@ private void releaseSubscription(ClusterSubscription subscription) {
    */
   private void maybePublishConfig() {
     syncContext.throwIfNotInThisSynchronizationContext();
-    if (getWatchers(XdsListenerResource.getInstance()).isEmpty()) {
+    if (getWatchers(LDS_TYPE).isEmpty()) {
       return; // shutdown() called
     }
     boolean waitingOnResource = resourceWatchers.values().stream()
         .flatMap(typeWatchers -> typeWatchers.watchers.values().stream())
-        .anyMatch(XdsWatcherBase::missingResult);
+        .anyMatch(TrackedWatcher::missingResult);
     if (waitingOnResource) {
       return;
     }
@@ -194,8 +202,8 @@ private static StatusOr<XdsConfig> buildUpdate(
 
     // Iterate watchers and build the XdsConfig
 
-    XdsWatcherBase<XdsListenerResource.LdsUpdate> ldsWatcher
-        = tracer.getWatcher(XdsListenerResource.getInstance(), listenerName);
+    TrackedWatcher<XdsListenerResource.LdsUpdate> ldsWatcher
+        = tracer.getWatcher(LDS_TYPE, listenerName);
     if (ldsWatcher == null) {
       return StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
           "Bug: No listener watcher found for " + listenerName));
@@ -241,14 +249,13 @@ private static StatusOr<XdsConfig> buildUpdate(
     return StatusOr.fromValue(builder.build());
   }
 
-  private <T extends ResourceUpdate> Map<String, XdsWatcherBase<T>> getWatchers(
-      XdsResourceType<T> resourceType) {
-    TypeWatchers<?> typeWatchers = resourceWatchers.get(resourceType);
+  private <T> Map<String, TrackedWatcher<T>> getWatchers(TrackedWatcherType<T> watcherType) {
+    TypeWatchers<?> typeWatchers = resourceWatchers.get(watcherType.typeEnum);
     if (typeWatchers == null) {
-      typeWatchers = new TypeWatchers<T>(resourceType);
-      resourceWatchers.put(resourceType, typeWatchers);
+      typeWatchers = new TypeWatchers<T>(watcherType);
+      resourceWatchers.put(watcherType.typeEnum, typeWatchers);
     }
-    assert typeWatchers.resourceType == resourceType;
+    assert typeWatchers.watcherType == watcherType;
     @SuppressWarnings("unchecked")
     TypeWatchers<T> tTypeWatchers = (TypeWatchers<T>) typeWatchers;
     return tTypeWatchers.watchers;
@@ -275,7 +282,7 @@ private static void addConfigForCluster(
       return;
     }
 
-    CdsWatcher cdsWatcher = (CdsWatcher) tracer.getWatcher(CLUSTER_RESOURCE, clusterName);
+    CdsWatcher cdsWatcher = (CdsWatcher) tracer.getWatcher(CDS_TYPE, clusterName);
     StatusOr<XdsClusterResource.CdsUpdate> cdsWatcherDataOr = cdsWatcher.getData();
     if (!cdsWatcherDataOr.hasValue()) {
       clusters.put(clusterName, StatusOr.fromStatus(cdsWatcherDataOr.getStatus()));
@@ -318,8 +325,8 @@ private static void addConfigForCluster(
         child = new AggregateConfig(ImmutableList.copyOf(leafNames));
         break;
       case EDS:
-        XdsWatcherBase<XdsEndpointResource.EdsUpdate> edsWatcher =
-            tracer.getWatcher(ENDPOINT_RESOURCE, cdsWatcher.getEdsServiceName());
+        TrackedWatcher<XdsEndpointResource.EdsUpdate> edsWatcher =
+            tracer.getWatcher(EDS_TYPE, cdsWatcher.getEdsServiceName());
         if (edsWatcher != null) {
           child = new EndpointConfig(edsWatcher.getData());
         } else {
@@ -346,27 +353,27 @@ private static void addConfigForCluster(
   }
 
   private void addRdsWatcher(String resourceName) {
-    if (getWatchers(XdsRouteConfigureResource.getInstance()).containsKey(resourceName)) {
+    if (getWatchers(RDS_TYPE).containsKey(resourceName)) {
       return;
     }
 
-    addWatcher(new RdsWatcher(resourceName));
+    addWatcher(RDS_TYPE, new RdsWatcher(resourceName));
   }
 
   private void addEdsWatcher(String edsServiceName) {
-    if (getWatchers(XdsEndpointResource.getInstance()).containsKey(edsServiceName)) {
+    if (getWatchers(EDS_TYPE).containsKey(edsServiceName)) {
       return;
     }
 
-    addWatcher(new EdsWatcher(edsServiceName));
+    addWatcher(EDS_TYPE, new EdsWatcher(edsServiceName));
   }
 
   private void addClusterWatcher(String clusterName) {
-    if (getWatchers(CLUSTER_RESOURCE).containsKey(clusterName)) {
+    if (getWatchers(CDS_TYPE).containsKey(clusterName)) {
       return;
     }
 
-    addWatcher(new CdsWatcher(clusterName));
+    addWatcher(CDS_TYPE, new CdsWatcher(clusterName));
   }
 
   private void updateRoutes(List<VirtualHost> virtualHosts) {
@@ -404,13 +411,13 @@ private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHos
     return clusters;
   }
 
-  private static class TypeWatchers<T extends ResourceUpdate> {
+  private static class TypeWatchers<T> {
     // Key is resource name
-    final Map<String, XdsWatcherBase<T>> watchers = new HashMap<>();
-    final XdsResourceType<T> resourceType;
+    final Map<String, TrackedWatcher<T>> watchers = new HashMap<>();
+    final TrackedWatcherType<T> watcherType;
 
-    TypeWatchers(XdsResourceType<T> resourceType) {
-      this.resourceType = resourceType;
+    TypeWatchers(TrackedWatcherType<T> watcherType) {
+      this.watcherType = checkNotNull(watcherType, "watcherType");
     }
   }
 
@@ -442,38 +449,36 @@ public void close() {
 
   /** State for tracing garbage collector. */
   private static final class WatcherTracer {
-    private final Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers;
-    private final Map<XdsResourceType<?>, TypeWatchers<?>> usedWatchers;
+    private final Map<TrackedWatcherTypeEnum, TypeWatchers<?>> resourceWatchers;
+    private final Map<TrackedWatcherTypeEnum, TypeWatchers<?>> usedWatchers;
 
-    public WatcherTracer(Map<XdsResourceType<?>, TypeWatchers<?>> resourceWatchers) {
+    public WatcherTracer(Map<TrackedWatcherTypeEnum, TypeWatchers<?>> resourceWatchers) {
       this.resourceWatchers = resourceWatchers;
 
-      this.usedWatchers = new HashMap<>();
-      for (XdsResourceType<?> type : resourceWatchers.keySet()) {
-        usedWatchers.put(type, newTypeWatchers(type));
+      this.usedWatchers = new EnumMap<>(TrackedWatcherTypeEnum.class);
+      for (Map.Entry<TrackedWatcherTypeEnum, TypeWatchers<?>> me : resourceWatchers.entrySet()) {
+        usedWatchers.put(me.getKey(), newTypeWatchers(me.getValue().watcherType));
       }
     }
 
-    private static <T extends ResourceUpdate> TypeWatchers<T> newTypeWatchers(
-        XdsResourceType<T> type) {
+    private static <T> TypeWatchers<T> newTypeWatchers(TrackedWatcherType<T> type) {
       return new TypeWatchers<T>(type);
     }
 
-    public <T extends ResourceUpdate> XdsWatcherBase<T> getWatcher(
-        XdsResourceType<T> resourceType, String name) {
-      TypeWatchers<?> typeWatchers = resourceWatchers.get(resourceType);
+    public <T> TrackedWatcher<T> getWatcher(TrackedWatcherType<T> watcherType, String name) {
+      TypeWatchers<?> typeWatchers = resourceWatchers.get(watcherType.typeEnum);
       if (typeWatchers == null) {
         return null;
       }
-      assert typeWatchers.resourceType == resourceType;
+      assert typeWatchers.watcherType == watcherType;
       @SuppressWarnings("unchecked")
       TypeWatchers<T> tTypeWatchers = (TypeWatchers<T>) typeWatchers;
-      XdsWatcherBase<T> watcher = tTypeWatchers.watchers.get(name);
+      TrackedWatcher<T> watcher = tTypeWatchers.watchers.get(name);
       if (watcher == null) {
         return null;
       }
       @SuppressWarnings("unchecked")
-      TypeWatchers<T> usedTypeWatchers = (TypeWatchers<T>) usedWatchers.get(resourceType);
+      TypeWatchers<T> usedTypeWatchers = (TypeWatchers<T>) usedWatchers.get(watcherType.typeEnum);
       usedTypeWatchers.watchers.put(name, watcher);
       return watcher;
     }
@@ -481,9 +486,9 @@ public <T extends ResourceUpdate> XdsWatcherBase<T> getWatcher(
     /** Shut down unused watchers. */
     public void closeUnusedWatchers() {
       boolean changed = false; // Help out the GC by preferring old objects
-      for (XdsResourceType<?> type : resourceWatchers.keySet()) {
-        TypeWatchers<?> orig = resourceWatchers.get(type);
-        TypeWatchers<?> used = usedWatchers.get(type);
+      for (TrackedWatcherTypeEnum key : resourceWatchers.keySet()) {
+        TypeWatchers<?> orig = resourceWatchers.get(key);
+        TypeWatchers<?> used = usedWatchers.get(key);
         for (String name : orig.watchers.keySet()) {
           if (used.watchers.containsKey(name)) {
             continue;
@@ -498,8 +503,33 @@ public void closeUnusedWatchers() {
     }
   }
 
+  @SuppressWarnings("UnusedTypeParameter")
+  private static final class TrackedWatcherType<T> {
+    public final TrackedWatcherTypeEnum typeEnum;
+
+    public TrackedWatcherType(TrackedWatcherTypeEnum typeEnum) {
+      this.typeEnum = checkNotNull(typeEnum, "typeEnum");
+    }
+  }
+
+  private interface TrackedWatcher<T> {
+    @Nullable
+    StatusOr<T> getData();
+
+    default boolean missingResult() {
+      return getData() == null;
+    }
+
+    default boolean hasDataValue() {
+      StatusOr<T> data = getData();
+      return data != null && data.hasValue();
+    }
+
+    void close();
+  }
+
   private abstract class XdsWatcherBase<T extends ResourceUpdate>
-      implements ResourceWatcher<T> {
+      implements ResourceWatcher<T>, TrackedWatcher<T> {
     private final XdsResourceType<T> type;
     private final String resourceName;
     boolean cancelled;
@@ -554,24 +584,18 @@ public void onChanged(T update) {
 
     protected abstract void subscribeToChildren(T update);
 
+    @Override
     public void close() {
       cancelled = true;
       xdsClient.cancelXdsResourceWatch(type, resourceName, this);
     }
 
-    boolean missingResult() {
-      return data == null;
-    }
-
+    @Override
     @Nullable
-    StatusOr<T> getData() {
+    public StatusOr<T> getData() {
       return data;
     }
 
-    boolean hasDataValue() {
-      return data != null && data.hasValue();
-    }
-
     public String toContextString() {
       return toContextStr(type.typeName(), resourceName);
     }
@@ -622,7 +646,7 @@ private RdsWatcher getRdsWatcher(XdsListenerResource.LdsUpdate update, WatcherTr
       if (rdsName == null) {
         return null;
       }
-      return (RdsWatcher) tracer.getWatcher(XdsRouteConfigureResource.getInstance(), rdsName);
+      return (RdsWatcher) tracer.getWatcher(RDS_TYPE, rdsName);
     }
 
     public RdsUpdateSupplier getRouteSource(WatcherTracer tracer) {
@@ -688,7 +712,7 @@ public StatusOr<RdsUpdate> getRdsUpdate() {
 
   private class CdsWatcher extends XdsWatcherBase<XdsClusterResource.CdsUpdate> {
     CdsWatcher(String resourceName) {
-      super(CLUSTER_RESOURCE, checkNotNull(resourceName, "resourceName"));
+      super(XdsClusterResource.getInstance(), checkNotNull(resourceName, "resourceName"));
     }
 
     @Override
@@ -721,7 +745,7 @@ public String getEdsServiceName() {
 
   private class EdsWatcher extends XdsWatcherBase<XdsEndpointResource.EdsUpdate> {
     private EdsWatcher(String resourceName) {
-      super(ENDPOINT_RESOURCE, checkNotNull(resourceName, "resourceName"));
+      super(XdsEndpointResource.getInstance(), checkNotNull(resourceName, "resourceName"));
     }
 
     @Override

From 1c430989902856e609ddbff203be1dc4c412ff43 Mon Sep 17 00:00:00 2001
From: vimanikag <viswakarma18rc@gmail.com>
Date: Mon, 16 Jun 2025 14:47:36 +0000
Subject: [PATCH 297/591] util: OutlierDetection should use Ticker, not
 TimeProvider (#12110)

TimeProvider provides wall time. That can move forward and backward as time is adjusted. OutlierDetection is measuring durations, so it should use a monotonic clock.

Fixes #11622
---
 .../io/grpc/util/OutlierDetectionLoadBalancer.java | 14 +++++++-------
 .../util/OutlierDetectionLoadBalancerProvider.java |  4 ++--
 .../util/OutlierDetectionLoadBalancerTest.java     |  2 +-
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
index 07376af2110..d72a85012f2 100644
--- a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
@@ -22,6 +22,7 @@
 import static java.util.concurrent.TimeUnit.NANOSECONDS;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Ticker;
 import com.google.common.collect.ForwardingMap;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
@@ -39,7 +40,6 @@
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
 import io.grpc.SynchronizationContext.ScheduledHandle;
-import io.grpc.internal.TimeProvider;
 import java.net.SocketAddress;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -82,7 +82,7 @@ public final class OutlierDetectionLoadBalancer extends LoadBalancer {
   private final SynchronizationContext syncContext;
   private final Helper childHelper;
   private final GracefulSwitchLoadBalancer switchLb;
-  private TimeProvider timeProvider;
+  private Ticker ticker;
   private final ScheduledExecutorService timeService;
   private ScheduledHandle detectionTimerHandle;
   private Long detectionTimerStartNanos;
@@ -95,14 +95,14 @@ public final class OutlierDetectionLoadBalancer extends LoadBalancer {
   /**
    * Creates a new instance of {@link OutlierDetectionLoadBalancer}.
    */
-  public OutlierDetectionLoadBalancer(Helper helper, TimeProvider timeProvider) {
+  public OutlierDetectionLoadBalancer(Helper helper, Ticker ticker) {
     logger = helper.getChannelLogger();
     childHelper = new ChildHelper(checkNotNull(helper, "helper"));
     switchLb = new GracefulSwitchLoadBalancer(childHelper);
     endpointTrackerMap = new EndpointTrackerMap();
     this.syncContext = checkNotNull(helper.getSynchronizationContext(), "syncContext");
     this.timeService = checkNotNull(helper.getScheduledExecutorService(), "timeService");
-    this.timeProvider = timeProvider;
+    this.ticker = ticker;
     logger.log(ChannelLogLevel.DEBUG, "OutlierDetection lb created.");
   }
 
@@ -151,7 +151,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
         // If a timer has started earlier we cancel it and use the difference between the start
         // time and now as the interval.
         initialDelayNanos = Math.max(0L,
-            config.intervalNanos - (timeProvider.currentTimeNanos() - detectionTimerStartNanos));
+            config.intervalNanos - (ticker.read() - detectionTimerStartNanos));
       }
 
       // If a timer has been previously created we need to cancel it and reset all the call counters
@@ -201,7 +201,7 @@ final class DetectionTimer implements Runnable {
 
     @Override
     public void run() {
-      detectionTimerStartNanos = timeProvider.currentTimeNanos();
+      detectionTimerStartNanos = ticker.read();
 
       endpointTrackerMap.swapCounters();
 
@@ -638,7 +638,7 @@ public boolean maxEjectionTimeElapsed(long currentTimeNanos) {
               config.baseEjectionTimeNanos * ejectionTimeMultiplier,
               maxEjectionDurationSecs);
 
-      return currentTimeNanos > maxEjectionTimeNanos;
+      return currentTimeNanos - maxEjectionTimeNanos > 0;
     }
 
     /** Tracks both successful and failed call counts. */
diff --git a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancerProvider.java b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancerProvider.java
index b35e1144581..c76d68a03de 100644
--- a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancerProvider.java
+++ b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancerProvider.java
@@ -16,6 +16,7 @@
 
 package io.grpc.util;
 
+import com.google.common.base.Ticker;
 import io.grpc.Internal;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.Helper;
@@ -23,7 +24,6 @@
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
 import io.grpc.internal.JsonUtil;
-import io.grpc.internal.TimeProvider;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig.FailurePercentageEjection;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig.SuccessRateEjection;
@@ -34,7 +34,7 @@ public final class OutlierDetectionLoadBalancerProvider extends LoadBalancerProv
 
   @Override
   public LoadBalancer newLoadBalancer(Helper helper) {
-    return new OutlierDetectionLoadBalancer(helper, TimeProvider.SYSTEM_TIME_PROVIDER);
+    return new OutlierDetectionLoadBalancer(helper, Ticker.systemTicker());
   }
 
   @Override
diff --git a/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java b/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
index d81740e116a..c4eb4c7bae5 100644
--- a/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
@@ -227,7 +227,7 @@ public Void answer(InvocationOnMock invocation) throws Throwable {
     when(mockStreamTracerFactory.newClientStreamTracer(any(),
         any())).thenReturn(mockStreamTracer);
 
-    loadBalancer = new OutlierDetectionLoadBalancer(mockHelper, fakeClock.getTimeProvider());
+    loadBalancer = new OutlierDetectionLoadBalancer(mockHelper, fakeClock.getTicker());
   }
 
   @Test

From 2604ce8a551244849f5d22dcefe99a7b2b474117 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 13 Jun 2025 13:26:51 -0700
Subject: [PATCH 298/591] xds: XdsNR should be subscribing to clusters with
 XdsDepManager

This is missing behavior defined in gRFC A74:

> As per gRFC A31, the ConfigSelector gives each RPC a ref to the
> cluster that was selected for it to ensure that the cluster is not
> removed from the xds_cluster_manager LB policy config before the RPC
> is done with its LB picks. These cluster refs will also hold a
> subscription for the cluster from the XdsDependencyManager, so that
> the XdsDependencyManager will not stop watching the cluster resource
> until the cluster is removed from the xds_cluster_manager LB policy
> config.

Without the logic, RPCs can race and see the error:

> INTERNAL: CdsLb for cluster0: Unable to find non-dynamic root cluster

Fixes #12152. This fixes the regression introduced in 297ab05e
---
 .../java/io/grpc/xds/XdsNameResolver.java     | 34 ++++++++++++++-----
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 37a8e19ef3f..25918facf7e 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -548,7 +548,7 @@ public void run() {
             if (clusterRefs.get(cluster).refCount.get() != 0) {
               throw new AssertionError();
             }
-            clusterRefs.remove(cluster);
+            clusterRefs.remove(cluster).close();
             if (resolveState.lastConfigOrStatus.hasValue()) {
               updateResolutionResult(resolveState.lastConfigOrStatus.getValue());
             } else {
@@ -793,9 +793,13 @@ private void updateRoutes(
           clusterRefs.get(cluster).refCount.incrementAndGet();
         } else {
           if (clusterNameMap.containsKey(cluster)) {
+            assert cluster.startsWith("cluster:");
+            XdsConfig.Subscription subscription =
+                xdsDependencyManager.subscribeToCluster(cluster.substring("cluster:".length()));
             clusterRefs.put(
                 cluster,
-                ClusterRefState.forCluster(new AtomicInteger(1), clusterNameMap.get(cluster)));
+                ClusterRefState.forCluster(
+                    new AtomicInteger(1), clusterNameMap.get(cluster), subscription));
           }
           if (rlsPluginConfigMap.containsKey(cluster)) {
             clusterRefs.put(
@@ -826,7 +830,7 @@ private void updateRoutes(
       for (String cluster : deletedClusters) {
         int count = clusterRefs.get(cluster).refCount.decrementAndGet();
         if (count == 0) {
-          clusterRefs.remove(cluster);
+          clusterRefs.remove(cluster).close();
           shouldUpdateResult = true;
         }
       }
@@ -879,7 +883,7 @@ private void cleanUpRoutes(Status error) {
         for (String cluster : existingClusters) {
           int count = clusterRefs.get(cluster).refCount.decrementAndGet();
           if (count == 0) {
-            clusterRefs.remove(cluster);
+            clusterRefs.remove(cluster).close();
           }
         }
         existingClusters = null;
@@ -965,15 +969,18 @@ private static class ClusterRefState {
     final String traditionalCluster;
     @Nullable
     final RlsPluginConfig rlsPluginConfig;
+    @Nullable
+    final XdsConfig.Subscription subscription;
 
     private ClusterRefState(
         AtomicInteger refCount, @Nullable String traditionalCluster,
-        @Nullable RlsPluginConfig rlsPluginConfig) {
+        @Nullable RlsPluginConfig rlsPluginConfig, @Nullable XdsConfig.Subscription subscription) {
       this.refCount = refCount;
       checkArgument(traditionalCluster == null ^ rlsPluginConfig == null,
           "There must be exactly one non-null value in traditionalCluster and pluginConfig");
       this.traditionalCluster = traditionalCluster;
       this.rlsPluginConfig = rlsPluginConfig;
+      this.subscription = subscription;
     }
 
     private Map<String, ?> toLbPolicy() {
@@ -993,12 +1000,21 @@ private ClusterRefState(
       }
     }
 
-    static ClusterRefState forCluster(AtomicInteger refCount, String name) {
-      return new ClusterRefState(refCount, name, null);
+    private void close() {
+      if (subscription != null) {
+        subscription.close();
+      }
+    }
+
+    static ClusterRefState forCluster(
+        AtomicInteger refCount, String name, XdsConfig.Subscription subscription) {
+      return new ClusterRefState(refCount, name, null, checkNotNull(subscription, "subscription"));
     }
 
-    static ClusterRefState forRlsPlugin(AtomicInteger refCount, RlsPluginConfig rlsPluginConfig) {
-      return new ClusterRefState(refCount, null, rlsPluginConfig);
+    static ClusterRefState forRlsPlugin(
+        AtomicInteger refCount,
+        RlsPluginConfig rlsPluginConfig) {
+      return new ClusterRefState(refCount, null, rlsPluginConfig, null);
     }
   }
 }

From f07eb47cac4713feef6711078b827c6082971533 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 17 Jun 2025 14:14:32 +0000
Subject: [PATCH 299/591] util: Deliver addresses in a random order in
 MultiChildLb

This should often not matter much, but in b/412468630 it was cleary
visible that child creation order can skew load for the first batch of
RPCs. This doesn't solve all the cases, as further-away backends will
still be less likely chosen initially and it is ignorant of the LB
policy. But this doesn't impact correctness, is easy, and is one fewer
cases to worry about.
---
 .../io/grpc/util/MultiChildLoadBalancer.java  | 27 ++++++++++++--
 .../grpc/util/MultiChildLoadBalancerTest.java | 36 +++++++++++++++++++
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
index ed338343c11..2a93ef964f7 100644
--- a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
@@ -24,7 +24,9 @@
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.Iterables;
 import com.google.common.collect.Maps;
+import com.google.common.primitives.UnsignedInts;
 import io.grpc.Attributes;
 import io.grpc.ConnectivityState;
 import io.grpc.EquivalentAddressGroup;
@@ -40,6 +42,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Random;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -52,6 +55,7 @@
 public abstract class MultiChildLoadBalancer extends LoadBalancer {
 
   private static final Logger logger = Logger.getLogger(MultiChildLoadBalancer.class.getName());
+  private static final int OFFSET_SEED = new Random().nextInt();
   // Modify by replacing the list to release memory when no longer used.
   private List<ChildLbState> childLbStates = new ArrayList<>(0);
   private final Helper helper;
@@ -168,9 +172,15 @@ private Status updateChildrenWithResolvedAddresses(
         childLbState = createChildLbState(entry.getKey());
       }
       newChildLbStates.add(childLbState);
-      if (entry.getValue() != null) {
+    }
+    // Use a random start position for child updates to weakly "shuffle" connection creation order.
+    // The network will often add noise to the creation order, but this avoids giving earlier
+    // children a consistent head start.
+    for (ChildLbState childLbState : offsetIterable(newChildLbStates, OFFSET_SEED)) {
+      ResolvedAddresses addresses = newChildAddresses.get(childLbState.getKey());
+      if (addresses != null) {
         // update child LB
-        Status newStatus = childLbState.lb.acceptResolvedAddresses(entry.getValue());
+        Status newStatus = childLbState.lb.acceptResolvedAddresses(addresses);
         if (!newStatus.isOk()) {
           status = newStatus;
         }
@@ -188,6 +198,19 @@ private Status updateChildrenWithResolvedAddresses(
     return status;
   }
 
+  @VisibleForTesting
+  static <T> Iterable<T> offsetIterable(Collection<T> c, int seed) {
+    int pos;
+    if (c.isEmpty()) {
+      pos = 0;
+    } else {
+      pos = UnsignedInts.remainder(seed, c.size());
+    }
+    return Iterables.concat(
+        Iterables.skip(c, pos),
+        Iterables.limit(c, pos));
+  }
+
   @Nullable
   protected static ConnectivityState aggregateState(
       @Nullable ConnectivityState overallState, ConnectivityState childState) {
diff --git a/util/src/test/java/io/grpc/util/MultiChildLoadBalancerTest.java b/util/src/test/java/io/grpc/util/MultiChildLoadBalancerTest.java
index c128364dfd3..14dc8518756 100644
--- a/util/src/test/java/io/grpc/util/MultiChildLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/MultiChildLoadBalancerTest.java
@@ -264,6 +264,42 @@ public void testEndpoint_equals() {
         .testEquals();
   }
 
+  @Test
+  public void offsetIterable_positive() {
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(1, 2, 3, 4), 9))
+        .containsExactly(2, 3, 4, 1)
+        .inOrder();
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(1, 2, 3, 4, 5), 9))
+        .containsExactly(5, 1, 2, 3, 4)
+        .inOrder();
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(1, 2, 3), 3))
+        .containsExactly(1, 2, 3)
+        .inOrder();
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(1, 2, 3), 0))
+        .containsExactly(1, 2, 3)
+        .inOrder();
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(1), 123))
+        .containsExactly(1)
+        .inOrder();
+  }
+
+  @Test
+  public void offsetIterable_negative() {
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(1, 2, 3, 4), -1))
+        .containsExactly(4, 1, 2, 3)
+        .inOrder();
+  }
+
+  @Test
+  public void offsetIterable_empty() {
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(), 1))
+        .isEmpty();
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(), 0))
+        .isEmpty();
+    assertThat(MultiChildLoadBalancer.offsetIterable(Arrays.asList(), -1))
+        .isEmpty();
+  }
+
   private String addressesOnlyString(EquivalentAddressGroup eag) {
     if (eag == null) {
       return null;

From d2d8ed8efaa6e10b393188f0b3bd4a0edcb37763 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 12 Jun 2025 15:45:26 -0700
Subject: [PATCH 300/591] xds: Add logical dns cluster support to XdsDepManager

ClusterResolverLb gets the NameResolverRegistry from
LoadBalancer.Helper, so a new API was added in NameResover.Args to
propagate the same object to the name resolver tree.

RetryingNameResolver was exposed to xds. This is expected to be
temporary, as the retrying is being removed from ManagedChannelImpl and
moved into the resolvers. At that point, DnsNameResolverProvider would
wrap DnsNameResolver with a similar API to RetryingNameResolver and xds
would no longer be responsible.
---
 api/src/main/java/io/grpc/NameResolver.java   |  27 +++
 .../io/grpc/internal/ManagedChannelImpl.java  |   9 +-
 .../grpc/internal/RetryingNameResolver.java   |  13 +-
 .../io/grpc/internal/DnsNameResolverTest.java |   9 +-
 .../io/grpc/xds/XdsDependencyManager.java     | 205 +++++++++++++++++-
 .../java/io/grpc/xds/XdsNameResolver.java     |   2 +-
 .../io/grpc/xds/CdsLoadBalancer2Test.java     |   5 +-
 .../io/grpc/xds/XdsDependencyManagerTest.java |  90 +++++++-
 8 files changed, 324 insertions(+), 36 deletions(-)

diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index 21064d7f115..9483f5f3b0a 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -303,6 +303,7 @@ public static final class Args {
     @Nullable private final Executor executor;
     @Nullable private final String overrideAuthority;
     @Nullable private final MetricRecorder metricRecorder;
+    @Nullable private final NameResolverRegistry nameResolverRegistry;
     @Nullable private final IdentityHashMap<Key<?>, Object> customArgs;
 
     private Args(Builder builder) {
@@ -316,6 +317,7 @@ private Args(Builder builder) {
       this.executor = builder.executor;
       this.overrideAuthority = builder.overrideAuthority;
       this.metricRecorder = builder.metricRecorder;
+      this.nameResolverRegistry = builder.nameResolverRegistry;
       this.customArgs = cloneCustomArgs(builder.customArgs);
     }
 
@@ -447,6 +449,18 @@ public MetricRecorder getMetricRecorder() {
       return metricRecorder;
     }
 
+    /**
+     * Returns the {@link NameResolverRegistry} that the Channel uses to look for {@link
+     * NameResolver}s.
+     *
+     * @since 1.74.0
+     */
+    public NameResolverRegistry getNameResolverRegistry() {
+      if (nameResolverRegistry == null) {
+        throw new IllegalStateException("NameResolverRegistry is not set in Builder");
+      }
+      return nameResolverRegistry;
+    }
 
     @Override
     public String toString() {
@@ -461,6 +475,7 @@ public String toString() {
           .add("executor", executor)
           .add("overrideAuthority", overrideAuthority)
           .add("metricRecorder", metricRecorder)
+          .add("nameResolverRegistry", nameResolverRegistry)
           .toString();
     }
 
@@ -480,6 +495,7 @@ public Builder toBuilder() {
       builder.setOffloadExecutor(executor);
       builder.setOverrideAuthority(overrideAuthority);
       builder.setMetricRecorder(metricRecorder);
+      builder.setNameResolverRegistry(nameResolverRegistry);
       builder.customArgs = cloneCustomArgs(customArgs);
       return builder;
     }
@@ -508,6 +524,7 @@ public static final class Builder {
       private Executor executor;
       private String overrideAuthority;
       private MetricRecorder metricRecorder;
+      private NameResolverRegistry nameResolverRegistry;
       private IdentityHashMap<Key<?>, Object> customArgs;
 
       Builder() {
@@ -614,6 +631,16 @@ public Builder setMetricRecorder(MetricRecorder metricRecorder) {
         return this;
       }
 
+      /**
+       * See {@link Args#getNameResolverRegistry}.  This is an optional field.
+       *
+       * @since 1.74.0
+       */
+      public Builder setNameResolverRegistry(NameResolverRegistry registry) {
+        this.nameResolverRegistry = registry;
+        return this;
+      }
+
       /**
        * Builds an {@link Args}.
        *
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 9b756c3165d..e8f106c7775 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -597,7 +597,8 @@ ClientStream newSubstream(
             .setChannelLogger(channelLogger)
             .setOffloadExecutor(this.offloadExecutorHolder)
             .setOverrideAuthority(this.authorityOverride)
-            .setMetricRecorder(this.metricRecorder);
+            .setMetricRecorder(this.metricRecorder)
+            .setNameResolverRegistry(builder.nameResolverRegistry);
     builder.copyAllNameResolverCustomArgsTo(nameResolverArgsBuilder);
     this.nameResolverArgs = nameResolverArgsBuilder.build();
     this.nameResolver = getNameResolver(
@@ -685,11 +686,7 @@ static NameResolver getNameResolver(
     // We wrap the name resolver in a RetryingNameResolver to give it the ability to retry failures.
     // TODO: After a transition period, all NameResolver implementations that need retry should use
     //       RetryingNameResolver directly and this step can be removed.
-    NameResolver usedNameResolver = new RetryingNameResolver(resolver,
-          new BackoffPolicyRetryScheduler(new ExponentialBackoffPolicy.Provider(),
-              nameResolverArgs.getScheduledExecutorService(),
-              nameResolverArgs.getSynchronizationContext()),
-          nameResolverArgs.getSynchronizationContext());
+    NameResolver usedNameResolver = RetryingNameResolver.wrap(resolver, nameResolverArgs);
 
     if (overrideAuthority == null) {
       return usedNameResolver;
diff --git a/core/src/main/java/io/grpc/internal/RetryingNameResolver.java b/core/src/main/java/io/grpc/internal/RetryingNameResolver.java
index 55fedea932e..90827fa8acb 100644
--- a/core/src/main/java/io/grpc/internal/RetryingNameResolver.java
+++ b/core/src/main/java/io/grpc/internal/RetryingNameResolver.java
@@ -27,13 +27,22 @@
  *
  * <p>The {@link NameResolver} used with this
  */
-final class RetryingNameResolver extends ForwardingNameResolver {
+public final class RetryingNameResolver extends ForwardingNameResolver {
+  public static NameResolver wrap(NameResolver retriedNameResolver, Args args) {
+    // For migration, this might become conditional
+    return new RetryingNameResolver(
+        retriedNameResolver,
+        new BackoffPolicyRetryScheduler(
+            new ExponentialBackoffPolicy.Provider(),
+            args.getScheduledExecutorService(),
+            args.getSynchronizationContext()),
+        args.getSynchronizationContext());
+  }
 
   private final NameResolver retriedNameResolver;
   private final RetryScheduler retryScheduler;
   private final SynchronizationContext syncContext;
 
-
   /**
    * Creates a new {@link RetryingNameResolver}.
    *
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
index 130c01d1c04..f5be078f83a 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
@@ -207,14 +207,7 @@ private RetryingNameResolver newResolver(
 
     // In practice the DNS name resolver provider always wraps the resolver in a
     // RetryingNameResolver which adds retry capabilities to it. We use the same setup here.
-    return new RetryingNameResolver(
-        dnsResolver,
-        new BackoffPolicyRetryScheduler(
-            new ExponentialBackoffPolicy.Provider(),
-            fakeExecutor.getScheduledExecutorService(),
-            syncContext
-        ),
-        syncContext);
+    return (RetryingNameResolver) RetryingNameResolver.wrap(dnsResolver, args);
   }
 
   @Before
diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 82cfd9ccbdf..cc419e63a70 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -23,18 +23,27 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import io.grpc.EquivalentAddressGroup;
 import io.grpc.NameResolver;
+import io.grpc.NameResolverProvider;
 import io.grpc.Status;
 import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
+import io.grpc.internal.RetryingNameResolver;
+import io.grpc.xds.Endpoints.LocalityLbEndpoints;
 import io.grpc.xds.VirtualHost.Route.RouteAction.ClusterWeight;
 import io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType;
 import io.grpc.xds.XdsConfig.XdsClusterConfig.AggregateConfig;
 import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
+import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.client.XdsResourceType;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.EnumMap;
 import java.util.HashMap;
@@ -44,7 +53,6 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
-import java.util.concurrent.ScheduledExecutorService;
 import javax.annotation.Nullable;
 
 /**
@@ -55,7 +63,7 @@
  */
 final class XdsDependencyManager implements XdsConfig.XdsClusterSubscriptionRegistry {
   private enum TrackedWatcherTypeEnum {
-    LDS, RDS, CDS, EDS
+    LDS, RDS, CDS, EDS, DNS
   }
 
   private static final TrackedWatcherType<XdsListenerResource.LdsUpdate> LDS_TYPE =
@@ -66,12 +74,19 @@ private enum TrackedWatcherTypeEnum {
       new TrackedWatcherType<>(TrackedWatcherTypeEnum.CDS);
   private static final TrackedWatcherType<XdsEndpointResource.EdsUpdate> EDS_TYPE =
       new TrackedWatcherType<>(TrackedWatcherTypeEnum.EDS);
+  private static final TrackedWatcherType<List<EquivalentAddressGroup>> DNS_TYPE =
+      new TrackedWatcherType<>(TrackedWatcherTypeEnum.DNS);
+
+  // DNS-resolved endpoints do not have the definition of the locality it belongs to, just hardcode
+  // to an empty locality.
+  private static final Locality LOGICAL_DNS_CLUSTER_LOCALITY = Locality.create("", "", "");
 
   private static final int MAX_CLUSTER_RECURSION_DEPTH = 16; // Specified by gRFC A37
   private final String listenerName;
   private final XdsClient xdsClient;
   private final SynchronizationContext syncContext;
   private final String dataPlaneAuthority;
+  private final NameResolver.Args nameResolverArgs;
   private XdsConfigWatcher xdsConfigWatcher;
 
   private StatusOr<XdsConfig> lastUpdate = null;
@@ -79,16 +94,17 @@ private enum TrackedWatcherTypeEnum {
       new EnumMap<>(TrackedWatcherTypeEnum.class);
   private final Set<ClusterSubscription> subscriptions = new HashSet<>();
 
-  XdsDependencyManager(XdsClient xdsClient,
-                       SynchronizationContext syncContext, String dataPlaneAuthority,
-                       String listenerName, NameResolver.Args nameResolverArgs,
-                       ScheduledExecutorService scheduler) {
+  XdsDependencyManager(
+      XdsClient xdsClient,
+      SynchronizationContext syncContext,
+      String dataPlaneAuthority,
+      String listenerName,
+      NameResolver.Args nameResolverArgs) {
     this.listenerName = checkNotNull(listenerName, "listenerName");
     this.xdsClient = checkNotNull(xdsClient, "xdsClient");
     this.syncContext = checkNotNull(syncContext, "syncContext");
     this.dataPlaneAuthority = checkNotNull(dataPlaneAuthority, "dataPlaneAuthority");
-    checkNotNull(nameResolverArgs, "nameResolverArgs");
-    checkNotNull(scheduler, "scheduler");
+    this.nameResolverArgs = checkNotNull(nameResolverArgs, "nameResolverArgs");
   }
 
   public static String toContextStr(String typeName, String resourceName) {
@@ -120,6 +136,18 @@ public XdsConfig.Subscription subscribeToCluster(String clusterName) {
     return subscription;
   }
 
+  /**
+   * For all logical dns clusters refresh their results.
+   */
+  public void requestReresolution() {
+    syncContext.execute(() -> {
+      for (TrackedWatcher<List<EquivalentAddressGroup>> watcher : getWatchers(DNS_TYPE).values()) {
+        DnsWatcher dnsWatcher = (DnsWatcher) watcher;
+        dnsWatcher.refresh();
+      }
+    });
+  }
+
   private <T extends ResourceUpdate> void addWatcher(
       TrackedWatcherType<T> watcherType, XdsWatcherBase<T> watcher) {
     syncContext.throwIfNotInThisSynchronizationContext();
@@ -335,9 +363,9 @@ private static void addConfigForCluster(
         }
         break;
       case LOGICAL_DNS:
-        // TODO get the resolved endpoint configuration
-        child = new EndpointConfig(StatusOr.fromStatus(
-            Status.INTERNAL.withDescription("Logical DNS in dependency manager unsupported")));
+        TrackedWatcher<List<EquivalentAddressGroup>> dnsWatcher =
+            tracer.getWatcher(DNS_TYPE, cdsUpdate.dnsHostName());
+        child = new EndpointConfig(dnsToEdsUpdate(dnsWatcher.getData(), cdsUpdate.dnsHostName()));
         break;
       default:
         child = new EndpointConfig(StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
@@ -352,6 +380,24 @@ private static void addConfigForCluster(
         new XdsConfig.XdsClusterConfig(clusterName, cdsUpdate, child)));
   }
 
+  private static StatusOr<XdsEndpointResource.EdsUpdate> dnsToEdsUpdate(
+      StatusOr<List<EquivalentAddressGroup>> dnsData, String dnsHostName) {
+    if (!dnsData.hasValue()) {
+      return StatusOr.fromStatus(dnsData.getStatus());
+    }
+
+    List<Endpoints.LbEndpoint> endpoints = new ArrayList<>();
+    for (EquivalentAddressGroup eag : dnsData.getValue()) {
+      endpoints.add(Endpoints.LbEndpoint.create(eag, 1, true, dnsHostName, ImmutableMap.of()));
+    }
+    LocalityLbEndpoints lbEndpoints =
+        LocalityLbEndpoints.create(endpoints, 1, 0, ImmutableMap.of());
+    return StatusOr.fromValue(new XdsEndpointResource.EdsUpdate(
+        "fakeEds_logicalDns",
+        Collections.singletonMap(LOGICAL_DNS_CLUSTER_LOCALITY, lbEndpoints),
+        new ArrayList<>()));
+  }
+
   private void addRdsWatcher(String resourceName) {
     if (getWatchers(RDS_TYPE).containsKey(resourceName)) {
       return;
@@ -376,6 +422,17 @@ private void addClusterWatcher(String clusterName) {
     addWatcher(CDS_TYPE, new CdsWatcher(clusterName));
   }
 
+  private void addDnsWatcher(String dnsHostName) {
+    syncContext.throwIfNotInThisSynchronizationContext();
+    if (getWatchers(DNS_TYPE).containsKey(dnsHostName)) {
+      return;
+    }
+
+    DnsWatcher watcher = new DnsWatcher(dnsHostName, nameResolverArgs);
+    getWatchers(DNS_TYPE).put(dnsHostName, watcher);
+    watcher.start();
+  }
+
   private void updateRoutes(List<VirtualHost> virtualHosts) {
     VirtualHost virtualHost =
         RoutingUtils.findVirtualHostForHostName(virtualHosts, dataPlaneAuthority);
@@ -411,6 +468,33 @@ private static Set<String> getClusterNamesFromVirtualHost(VirtualHost virtualHos
     return clusters;
   }
 
+  private static NameResolver createNameResolver(
+      String dnsHostName,
+      NameResolver.Args nameResolverArgs) {
+    URI uri;
+    try {
+      uri = new URI("dns", "", "/" + dnsHostName, null);
+    } catch (URISyntaxException e) {
+      return new FailingNameResolver(
+          Status.INTERNAL.withDescription("Bug, invalid URI creation: " + dnsHostName)
+            .withCause(e));
+    }
+
+    NameResolverProvider provider =
+        nameResolverArgs.getNameResolverRegistry().getProviderForScheme("dns");
+    if (provider == null) {
+      return new FailingNameResolver(
+          Status.INTERNAL.withDescription("Could not find dns name resolver"));
+    }
+
+    NameResolver bareResolver = provider.newNameResolver(uri, nameResolverArgs);
+    if (bareResolver == null) {
+      return new FailingNameResolver(
+          Status.INTERNAL.withDescription("DNS name resolver provider returned null: " + uri));
+    }
+    return RetryingNameResolver.wrap(bareResolver, nameResolverArgs);
+  }
+
   private static class TypeWatchers<T> {
     // Key is resource name
     final Map<String, TrackedWatcher<T>> watchers = new HashMap<>();
@@ -722,7 +806,7 @@ public void subscribeToChildren(XdsClusterResource.CdsUpdate update) {
           addEdsWatcher(getEdsServiceName());
           break;
         case LOGICAL_DNS:
-          // no eds needed
+          addDnsWatcher(update.dnsHostName());
           break;
         case AGGREGATE:
           update.prioritizedClusterNames()
@@ -751,4 +835,101 @@ private EdsWatcher(String resourceName) {
     @Override
     public void subscribeToChildren(XdsEndpointResource.EdsUpdate update) {}
   }
+
+  private final class DnsWatcher implements TrackedWatcher<List<EquivalentAddressGroup>> {
+    private final NameResolver resolver;
+    @Nullable
+    private StatusOr<List<EquivalentAddressGroup>> data;
+    private boolean cancelled;
+
+    public DnsWatcher(String dnsHostName, NameResolver.Args nameResolverArgs) {
+      this.resolver = createNameResolver(dnsHostName, nameResolverArgs);
+    }
+
+    public void start() {
+      resolver.start(new NameResolverListener());
+    }
+
+    public void refresh() {
+      if (cancelled) {
+        return;
+      }
+      resolver.refresh();
+    }
+
+    @Override
+    @Nullable
+    public StatusOr<List<EquivalentAddressGroup>> getData() {
+      return data;
+    }
+
+    @Override
+    public void close() {
+      if (cancelled) {
+        return;
+      }
+      cancelled = true;
+      resolver.shutdown();
+    }
+
+    private class NameResolverListener extends NameResolver.Listener2 {
+      @Override
+      public void onResult(final NameResolver.ResolutionResult resolutionResult) {
+        syncContext.execute(() -> onResult2(resolutionResult));
+      }
+
+      @Override
+      public Status onResult2(final NameResolver.ResolutionResult resolutionResult) {
+        if (cancelled) {
+          return Status.OK;
+        }
+        data = resolutionResult.getAddressesOrError();
+        maybePublishConfig();
+        return resolutionResult.getAddressesOrError().getStatus();
+      }
+
+      @Override
+      public void onError(final Status error) {
+        syncContext.execute(new Runnable() {
+          @Override
+          public void run() {
+            if (cancelled) {
+              return;
+            }
+            // DnsNameResolver cannot distinguish between address-not-found and transient errors.
+            // Assume it is a transient error.
+            // TODO: Once the resolution note API is available, don't throw away the error if
+            // hasDataValue(); pass it as the note instead
+            if (!hasDataValue()) {
+              data = StatusOr.fromStatus(error);
+              maybePublishConfig();
+            }
+          }
+        });
+      }
+    }
+  }
+
+  private static final class FailingNameResolver extends NameResolver {
+    private final Status status;
+
+    public FailingNameResolver(Status status) {
+      checkNotNull(status, "status");
+      checkArgument(!status.isOk(), "Status must not be OK");
+      this.status = status;
+    }
+
+    @Override
+    public void start(Listener2 listener) {
+      listener.onError(status);
+    }
+
+    @Override
+    public String getServiceAuthority() {
+      return "bug-if-you-see-this-authority";
+    }
+
+    @Override
+    public void shutdown() {}
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 25918facf7e..c71e4dc255d 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -655,7 +655,7 @@ private ResolveState(String ldsResourceName) {
       authority = overrideAuthority != null ? overrideAuthority : encodedServiceAuthority;
       xdsDependencyManager =
           new XdsDependencyManager(xdsClient, syncContext, authority, ldsResourceName,
-              nameResolverArgs, scheduler);
+              nameResolverArgs);
     }
 
     void start() {
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index f9a09f704a7..258e2909203 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -66,6 +66,7 @@
 import io.grpc.LoadBalancerProvider;
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver;
+import io.grpc.NameResolverRegistry;
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
@@ -176,6 +177,7 @@ public void setUp() throws Exception {
         .setServiceConfigParser(mock(NameResolver.ServiceConfigParser.class))
         .setChannelLogger(mock(ChannelLogger.class))
         .setScheduledExecutorService(fakeClock.getScheduledExecutorService())
+        .setNameResolverRegistry(new NameResolverRegistry())
         .build();
 
     xdsDepManager = new XdsDependencyManager(
@@ -183,8 +185,7 @@ public void setUp() throws Exception {
         syncContext,
         SERVER_NAME,
         SERVER_NAME,
-        nameResolverArgs,
-        fakeClock.getScheduledExecutorService());
+        nameResolverArgs);
 
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS, ImmutableMap.of(
         SERVER_NAME, ControlPlaneRule.buildClientListener(SERVER_NAME, "my-route")));
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index 8ac0f8c9d8c..5a897de3a72 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -42,12 +42,19 @@
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.protobuf.Message;
 import io.envoyproxy.envoy.config.cluster.v3.Cluster;
+import io.envoyproxy.envoy.config.core.v3.Address;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress;
 import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
+import io.envoyproxy.envoy.config.endpoint.v3.Endpoint;
+import io.envoyproxy.envoy.config.endpoint.v3.LbEndpoint;
+import io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints;
 import io.envoyproxy.envoy.config.listener.v3.Listener;
 import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
 import io.grpc.BindableService;
 import io.grpc.ChannelLogger;
+import io.grpc.EquivalentAddressGroup;
 import io.grpc.NameResolver;
+import io.grpc.NameResolverRegistry;
 import io.grpc.Status;
 import io.grpc.StatusOr;
 import io.grpc.StatusOrMatcher;
@@ -56,10 +63,12 @@
 import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.GrpcUtil;
+import io.grpc.internal.testing.FakeNameResolverProvider;
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
+import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClient.ResourceMetadata;
 import io.grpc.xds.client.XdsResourceType;
@@ -74,7 +83,6 @@
 import java.util.Map;
 import java.util.Queue;
 import java.util.Set;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;
@@ -121,6 +129,7 @@ public class XdsDependencyManagerTest {
   private final XdsTestControlPlaneService controlPlaneService = new XdsTestControlPlaneService();
   private final BindableService lrsService =
       XdsTestUtils.createLrsService(lrsEnded, loadReportCalls);
+  private final NameResolverRegistry nameResolverRegistry = new NameResolverRegistry();
 
   @Rule
   public final GrpcCleanupRule cleanupRule = new GrpcCleanupRule();
@@ -138,11 +147,11 @@ public class XdsDependencyManagerTest {
       .setServiceConfigParser(mock(NameResolver.ServiceConfigParser.class))
       .setChannelLogger(mock(ChannelLogger.class))
       .setScheduledExecutorService(fakeClock.getScheduledExecutorService())
+      .setNameResolverRegistry(nameResolverRegistry)
       .build();
 
-  private final ScheduledExecutorService scheduler = fakeClock.getScheduledExecutorService();
   private XdsDependencyManager xdsDependencyManager = new XdsDependencyManager(
-      xdsClient, syncContext, serverName, serverName, nameResolverArgs, scheduler);
+      xdsClient, syncContext, serverName, serverName, nameResolverArgs);
 
   @Before
   public void setUp() throws Exception {
@@ -369,7 +378,7 @@ public void testMissingCdsAndEds() {
   public void testMissingLds() {
     String ldsName = "badLdsName";
     xdsDependencyManager = new XdsDependencyManager(xdsClient, syncContext,
-        serverName, ldsName, nameResolverArgs, scheduler);
+        serverName, ldsName, nameResolverArgs);
     xdsDependencyManager.start(xdsConfigWatcher);
 
     fakeClock.forwardTime(16, TimeUnit.SECONDS);
@@ -434,7 +443,7 @@ public void testCorruptLds() {
         "xdstp://unknown.example.com/envoy.config.listener.v3.Listener/listener1";
 
     xdsDependencyManager = new XdsDependencyManager(xdsClient, syncContext,
-        serverName, ldsResourceName, nameResolverArgs, scheduler);
+        serverName, ldsResourceName, nameResolverArgs);
     xdsDependencyManager.start(xdsConfigWatcher);
 
     verify(xdsConfigWatcher).onUpdate(
@@ -738,6 +747,75 @@ public void testChangeAggCluster() {
     inOrder.verify(xdsConfigWatcher).onUpdate(argThat(nameMatcher));
   }
 
+  @Test
+  public void testLogicalDns_success() {
+    FakeSocketAddress fakeAddress = new FakeSocketAddress();
+    nameResolverRegistry.register(new FakeNameResolverProvider(
+        "dns:///dns.example.com:1111", fakeAddress));
+    Cluster cluster = Cluster.newBuilder()
+        .setName(CLUSTER_NAME)
+        .setType(Cluster.DiscoveryType.LOGICAL_DNS)
+        .setLoadAssignment(ClusterLoadAssignment.newBuilder()
+          .addEndpoints(LocalityLbEndpoints.newBuilder()
+            .addLbEndpoints(LbEndpoint.newBuilder()
+              .setEndpoint(Endpoint.newBuilder()
+                .setAddress(Address.newBuilder()
+                  .setSocketAddress(SocketAddress.newBuilder()
+                    .setAddress("dns.example.com")
+                    .setPortValue(1111)))))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS,
+        ImmutableMap.of(CLUSTER_NAME, cluster));
+    xdsDependencyManager.start(xdsConfigWatcher);
+
+    verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
+    XdsConfig config = xdsUpdateCaptor.getValue().getValue();
+    XdsClusterConfig.ClusterChild clusterChild =
+        config.getClusters().get(CLUSTER_NAME).getValue().getChildren();
+    assertThat(clusterChild).isInstanceOf(XdsClusterConfig.EndpointConfig.class);
+    StatusOr<EdsUpdate> endpointOr = ((XdsClusterConfig.EndpointConfig) clusterChild).getEndpoint();
+    assertThat(endpointOr.getStatus()).isEqualTo(Status.OK);
+    assertThat(endpointOr.getValue()).isEqualTo(new EdsUpdate(
+        "fakeEds_logicalDns",
+        ImmutableMap.of(
+            Locality.create("", "", ""),
+            Endpoints.LocalityLbEndpoints.create(
+                Arrays.asList(Endpoints.LbEndpoint.create(
+                    new EquivalentAddressGroup(fakeAddress),
+                    1, true, "dns.example.com:1111", ImmutableMap.of())),
+                1, 0, ImmutableMap.of())),
+        Arrays.asList()));
+  }
+
+  @Test
+  public void testLogicalDns_noDnsNr() {
+    Cluster cluster = Cluster.newBuilder()
+        .setName(CLUSTER_NAME)
+        .setType(Cluster.DiscoveryType.LOGICAL_DNS)
+        .setLoadAssignment(ClusterLoadAssignment.newBuilder()
+          .addEndpoints(LocalityLbEndpoints.newBuilder()
+            .addLbEndpoints(LbEndpoint.newBuilder()
+              .setEndpoint(Endpoint.newBuilder()
+                .setAddress(Address.newBuilder()
+                  .setSocketAddress(SocketAddress.newBuilder()
+                    .setAddress("dns.example.com")
+                    .setPortValue(1111)))))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS,
+        ImmutableMap.of(CLUSTER_NAME, cluster));
+    xdsDependencyManager.start(xdsConfigWatcher);
+
+    verify(xdsConfigWatcher).onUpdate(xdsUpdateCaptor.capture());
+    XdsConfig config = xdsUpdateCaptor.getValue().getValue();
+    XdsClusterConfig.ClusterChild clusterChild =
+        config.getClusters().get(CLUSTER_NAME).getValue().getChildren();
+    assertThat(clusterChild).isInstanceOf(XdsClusterConfig.EndpointConfig.class);
+    StatusOr<EdsUpdate> endpointOr = ((XdsClusterConfig.EndpointConfig) clusterChild).getEndpoint();
+    assertThat(endpointOr.getStatus().getCode()).isEqualTo(Status.Code.INTERNAL);
+    assertThat(endpointOr.getStatus().getDescription())
+        .isEqualTo("Could not find dns name resolver");
+  }
+
   @Test
   public void testCdsError() throws IOException {
     controlPlaneService.setXdsConfig(
@@ -943,4 +1021,6 @@ public boolean matches(StatusOr<XdsConfig> update) {
           && xdsConfig.getClusters().keySet().containsAll(expectedNames);
     }
   }
+
+  private static class FakeSocketAddress extends java.net.SocketAddress {}
 }

From 922dc8a999531c91b0fa77386e0609745fae939f Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 17 Jun 2025 22:29:21 -0700
Subject: [PATCH 301/591] Mark a few test helper methods as
 @CanIgnoreReturnValue (#12162)

---
 .../io/grpc/binder/internal/BinderClientTransportTest.java    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
index 33c127f97a7..4a4657e7814 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
@@ -27,6 +27,7 @@
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import com.google.protobuf.Empty;
 import io.grpc.CallOptions;
@@ -154,17 +155,20 @@ private class BinderClientTransportBuilder {
             .setScheduledExecutorPool(executorServicePool)
             .setOffloadExecutorPool(offloadServicePool);
 
+    @CanIgnoreReturnValue
     public BinderClientTransportBuilder setSecurityPolicy(SecurityPolicy securityPolicy) {
       factoryBuilder.setSecurityPolicy(securityPolicy);
       return this;
     }
 
+    @CanIgnoreReturnValue
     public BinderClientTransportBuilder setBinderDecorator(
         OneWayBinderProxy.Decorator binderDecorator) {
       factoryBuilder.setBinderDecorator(binderDecorator);
       return this;
     }
 
+    @CanIgnoreReturnValue
     public BinderClientTransportBuilder setReadyTimeoutMillis(int timeoutMillis) {
       factoryBuilder.setReadyTimeoutMillis(timeoutMillis);
       return this;

From e6e7bcadafccf908e7bb6f847d86759cfa74fbdb Mon Sep 17 00:00:00 2001
From: Kun Zhang <zhangkun83@users.noreply.github.com>
Date: Wed, 18 Jun 2025 14:47:24 -0700
Subject: [PATCH 302/591] binder: stops emulating for 21/22 Lollipop in tests

See cl/769936336 internally
---
 .../test/java/io/grpc/binder/SecurityPoliciesTest.java | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/binder/src/test/java/io/grpc/binder/SecurityPoliciesTest.java b/binder/src/test/java/io/grpc/binder/SecurityPoliciesTest.java
index 84c76a84bf2..71180ed43c5 100644
--- a/binder/src/test/java/io/grpc/binder/SecurityPoliciesTest.java
+++ b/binder/src/test/java/io/grpc/binder/SecurityPoliciesTest.java
@@ -357,7 +357,7 @@ public void testIsDeviceOwner_failsWhenNoPackagesForUid() throws Exception {
   }
 
   @Test
-  @Config(sdk = 21)
+  @Config(sdk = Config.OLDEST_SDK)
   public void testIsProfileOwner_succeedsForProfileOwner() throws Exception {
     PackageInfo info =
         newBuilder().setPackageName(OTHER_UID_PACKAGE_NAME).setSignatures(SIG2).build();
@@ -371,7 +371,7 @@ public void testIsProfileOwner_succeedsForProfileOwner() throws Exception {
   }
 
   @Test
-  @Config(sdk = 21)
+  @Config(sdk = Config.OLDEST_SDK)
   public void testIsProfileOwner_failsForNotProfileOwner() throws Exception {
     PackageInfo info =
         newBuilder().setPackageName(OTHER_UID_PACKAGE_NAME).setSignatures(SIG2).build();
@@ -385,7 +385,7 @@ public void testIsProfileOwner_failsForNotProfileOwner() throws Exception {
   }
 
   @Test
-  @Config(sdk = 21)
+  @Config(sdk = Config.OLDEST_SDK)
   public void testIsProfileOwner_failsWhenNoPackagesForUid() throws Exception {
     policy = SecurityPolicies.isProfileOwner(appContext);
 
@@ -425,7 +425,7 @@ public void testIsProfileOwnerOnOrgOwned_failsForProfileOwnerOnNonOrgOwned() thr
   }
 
   @Test
-  @Config(sdk = 21)
+  @Config(sdk = Config.OLDEST_SDK)
   public void testIsProfileOwnerOnOrgOwned_failsForNotProfileOwner() throws Exception {
     PackageInfo info =
         newBuilder().setPackageName(OTHER_UID_PACKAGE_NAME).setSignatures(SIG2).build();
@@ -439,7 +439,7 @@ public void testIsProfileOwnerOnOrgOwned_failsForNotProfileOwner() throws Except
   }
 
   @Test
-  @Config(sdk = 21)
+  @Config(sdk = Config.OLDEST_SDK)
   public void testIsProfileOwnerOnOrgOwned_failsWhenNoPackagesForUid() throws Exception {
     policy = SecurityPolicies.isProfileOwnerOnOrganizationOwnedDevice(appContext);
 

From 9a6bdc70af8ef015e24a2b963b57c9d9e6f9bf00 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 23 Jun 2025 12:00:25 -0700
Subject: [PATCH 303/591] download maven using archive/permalink url (#12169)

---
 buildscripts/grpc-java-artifacts/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildscripts/grpc-java-artifacts/Dockerfile b/buildscripts/grpc-java-artifacts/Dockerfile
index 0cc5634b9df..54c595cd960 100644
--- a/buildscripts/grpc-java-artifacts/Dockerfile
+++ b/buildscripts/grpc-java-artifacts/Dockerfile
@@ -31,7 +31,7 @@ RUN curl -Ls https://github.com/Kitware/CMake/releases/download/v3.26.3/cmake-3.
     tar xz -C /var/local    
     
 # Install Maven
-RUN curl -Ls https://dlcdn.apache.org/maven/maven-3/3.8.8/binaries/apache-maven-3.8.8-bin.tar.gz | \
+RUN curl -Ls https://archive.apache.org/dist/maven/maven-3/3.8.8/binaries/apache-maven-3.8.8-bin.tar.gz | \
     tar xz -C /var/local
 ENV PATH /var/local/cmake-3.26.3-linux-x86_64/bin:/var/local/apache-maven-3.8.8/bin:$PATH
 

From 30d40a6179c514ab88e8892d9aec4ced0763f60b Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 23 Jun 2025 12:51:40 -0700
Subject: [PATCH 304/591] binder: Cancel checkAuthorization() request if still
 pending upon termination (#12167)

---
 .../internal/BinderClientTransportTest.java   | 63 +++++++-------
 .../grpc/binder/internal/BinderTransport.java |  9 +-
 .../internal/SettableAsyncSecurityPolicy.java | 83 +++++++++++++++++++
 3 files changed, 120 insertions(+), 35 deletions(-)
 create mode 100644 binder/src/testFixtures/java/io/grpc/binder/internal/SettableAsyncSecurityPolicy.java

diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
index 4a4657e7814..2af7210e9a7 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
@@ -17,6 +17,7 @@
 package io.grpc.binder.internal;
 
 import static com.google.common.truth.Truth.assertThat;
+import static java.util.concurrent.TimeUnit.SECONDS;
 
 import android.content.Context;
 import android.os.DeadObjectException;
@@ -24,8 +25,6 @@
 import android.os.RemoteException;
 import androidx.test.core.app.ApplicationProvider;
 import androidx.test.ext.junit.runners.AndroidJUnit4;
-import com.google.common.util.concurrent.Futures;
-import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
@@ -39,13 +38,13 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.binder.AndroidComponentAddress;
-import io.grpc.binder.AsyncSecurityPolicy;
 import io.grpc.binder.BinderServerBuilder;
 import io.grpc.binder.HostServices;
 import io.grpc.binder.SecurityPolicy;
 import io.grpc.binder.internal.OneWayBinderProxies.BlackHoleOneWayBinderProxy;
 import io.grpc.binder.internal.OneWayBinderProxies.BlockingBinderDecorator;
 import io.grpc.binder.internal.OneWayBinderProxies.ThrowingOneWayBinderProxy;
+import io.grpc.binder.internal.SettableAsyncSecurityPolicy.AuthRequest;
 import io.grpc.internal.ClientStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
@@ -64,7 +63,6 @@
 import java.util.concurrent.Executors;
 import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
 import org.junit.After;
 import org.junit.Before;
@@ -193,7 +191,7 @@ public void tearDown() throws Exception {
   private static void shutdownAndTerminate(ExecutorService executorService)
       throws InterruptedException {
     executorService.shutdownNow();
-    if (!executorService.awaitTermination(TIMEOUT_SECONDS, TimeUnit.SECONDS)) {
+    if (!executorService.awaitTermination(TIMEOUT_SECONDS, SECONDS)) {
       throw new AssertionError("executor failed to terminate promptly");
     }
   }
@@ -375,17 +373,23 @@ public void testBlackHoleEndpointConnectTimeout() throws Exception {
 
   @Test
   public void testBlackHoleSecurityPolicyConnectTimeout() throws Exception {
+    SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
     transport =
         new BinderClientTransportBuilder()
-            .setSecurityPolicy(blockingSecurityPolicy)
+            .setSecurityPolicy(securityPolicy)
             .setReadyTimeoutMillis(1_234)
             .build();
     transport.start(transportListener).run();
+    // Take the next authRequest but don't respond to it, in order to trigger the ready timeout.
+    AuthRequest authRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS);
+
     Status transportStatus = transportListener.awaitShutdown();
     assertThat(transportStatus.getCode()).isEqualTo(Code.DEADLINE_EXCEEDED);
     assertThat(transportStatus.getDescription()).contains("1234");
     transportListener.awaitTermination();
-    blockingSecurityPolicy.provideNextCheckAuthorizationResult(Status.OK);
+
+    // If the transport gave up waiting on auth, it should cancel its request.
+    assertThat(authRequest.isCancelled()).isTrue();
   }
 
   @Test
@@ -393,8 +397,8 @@ public void testAsyncSecurityPolicyFailure() throws Exception {
     SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
     transport = new BinderClientTransportBuilder().setSecurityPolicy(securityPolicy).build();
     RuntimeException exception = new NullPointerException();
-    securityPolicy.setAuthorizationException(exception);
     transport.start(transportListener).run();
+    securityPolicy.takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS).setResult(exception);
     Status transportStatus = transportListener.awaitShutdown();
     assertThat(transportStatus.getCode()).isEqualTo(Code.INTERNAL);
     assertThat(transportStatus.getCause()).isEqualTo(exception);
@@ -405,13 +409,27 @@ public void testAsyncSecurityPolicyFailure() throws Exception {
   public void testAsyncSecurityPolicySuccess() throws Exception {
     SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
     transport = new BinderClientTransportBuilder().setSecurityPolicy(securityPolicy).build();
-    securityPolicy.setAuthorizationResult(Status.PERMISSION_DENIED);
     transport.start(transportListener).run();
+    securityPolicy
+        .takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS)
+        .setResult(Status.PERMISSION_DENIED);
     Status transportStatus = transportListener.awaitShutdown();
     assertThat(transportStatus.getCode()).isEqualTo(Code.PERMISSION_DENIED);
     transportListener.awaitTermination();
   }
 
+  @Test
+  public void testAsyncSecurityPolicyCancelledUponExternalTermination() throws Exception {
+    SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
+    transport = new BinderClientTransportBuilder().setSecurityPolicy(securityPolicy).build();
+    transport.start(transportListener).run();
+    AuthRequest authRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS);
+    transport.shutdownNow(Status.UNAVAILABLE); // 'authRequest' remains unanswered!
+    transportListener.awaitShutdown();
+    transportListener.awaitTermination();
+    assertThat(authRequest.isCancelled()).isTrue();
+  }
+
   private static void startAndAwaitReady(
       BinderTransport.BinderClientTransport transport, TestTransportListener transportListener)
       throws Exception {
@@ -433,7 +451,7 @@ public void transportShutdown(Status shutdownStatus) {
     }
 
     public Status awaitShutdown() throws Exception {
-      return shutdownStatus.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
+      return shutdownStatus.get(TIMEOUT_SECONDS, SECONDS);
     }
 
     @Override
@@ -444,7 +462,7 @@ public void transportTerminated() {
     }
 
     public void awaitTermination() throws Exception {
-      isTerminated.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
+      isTerminated.get(TIMEOUT_SECONDS, SECONDS);
     }
 
     @Override
@@ -455,7 +473,7 @@ public void transportReady() {
     }
 
     public void awaitReady() throws Exception {
-      isReady.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
+      isReady.get(TIMEOUT_SECONDS, SECONDS);
     }
 
     @Override
@@ -571,25 +589,4 @@ public Status checkAuthorization(int uid) {
       }
     }
   }
-
-  /** An AsyncSecurityPolicy that lets a test specify the outcome of checkAuthorizationAsync(). */
-  static class SettableAsyncSecurityPolicy extends AsyncSecurityPolicy {
-    private SettableFuture<Status> result = SettableFuture.create();
-
-    public void clearAuthorizationResult() {
-      result = SettableFuture.create();
-    }
-
-    public boolean setAuthorizationResult(Status status) {
-      return result.set(status);
-    }
-
-    public boolean setAuthorizationException(Throwable t) {
-      return result.setException(t);
-    }
-
-    public ListenableFuture<Status> checkAuthorizationAsync(int uid) {
-      return Futures.nonCancellationPropagating(result);
-    }
-  }
 }
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 4b35137aa54..92a58b91cf0 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -582,6 +582,8 @@ public static final class BinderClientTransport extends BinderTransport
 
     @GuardedBy("this")
     private ScheduledFuture<?> readyTimeoutFuture; // != null iff timeout scheduled.
+    @GuardedBy("this")
+    @Nullable private ListenableFuture<Status> authResultFuture; // null before we check auth.
 
     /**
      * Constructs a new transport instance.
@@ -756,6 +758,9 @@ void notifyTerminated() {
         readyTimeoutFuture.cancel(false);
         readyTimeoutFuture = null;
       }
+      if (authResultFuture != null) {
+        authResultFuture.cancel(false);  // No effect if already complete.
+      }
       serviceBinding.unbind();
       clientTransportListener.transportTerminated();
     }
@@ -775,13 +780,13 @@ protected void handleSetupTransport(Parcel parcel) {
           shutdownInternal(
               Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
         } else {
-          ListenableFuture<Status> authFuture =
+          authResultFuture =
               (securityPolicy instanceof AsyncSecurityPolicy)
                   ? ((AsyncSecurityPolicy) securityPolicy).checkAuthorizationAsync(remoteUid)
                   : Futures.submit(
                       () -> securityPolicy.checkAuthorization(remoteUid), offloadExecutor);
           Futures.addCallback(
-              authFuture,
+              authResultFuture,
               new FutureCallback<Status>() {
                 @Override
                 public void onSuccess(Status result) {
diff --git a/binder/src/testFixtures/java/io/grpc/binder/internal/SettableAsyncSecurityPolicy.java b/binder/src/testFixtures/java/io/grpc/binder/internal/SettableAsyncSecurityPolicy.java
new file mode 100644
index 00000000000..2cb22c2fdbf
--- /dev/null
+++ b/binder/src/testFixtures/java/io/grpc/binder/internal/SettableAsyncSecurityPolicy.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.binder.internal;
+
+import static com.google.common.base.Preconditions.checkState;
+
+import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.SettableFuture;
+import io.grpc.Status;
+import io.grpc.binder.AsyncSecurityPolicy;
+import java.util.concurrent.LinkedBlockingDeque;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+/**
+ * An {@link AsyncSecurityPolicy} that lets unit tests verify the exact order of authorization
+ * requests and respond to them one at a time.
+ */
+public class SettableAsyncSecurityPolicy extends AsyncSecurityPolicy {
+  private final LinkedBlockingDeque<AuthRequest> pendingRequests = new LinkedBlockingDeque<>();
+
+  @Override
+  public ListenableFuture<Status> checkAuthorizationAsync(int uid) {
+    AuthRequest request = new AuthRequest(uid);
+    pendingRequests.add(request);
+    return request.resultFuture;
+  }
+
+  /**
+   * Waits for the next "check authorization" request to be made and returns it, throwing in case no
+   * request arrives in time.
+   */
+  public AuthRequest takeNextAuthRequest(long timeout, TimeUnit unit)
+      throws InterruptedException, TimeoutException {
+    AuthRequest nextAuthRequest = pendingRequests.poll(timeout, unit);
+    if (nextAuthRequest == null) {
+      throw new TimeoutException();
+    }
+    return nextAuthRequest;
+  }
+
+  /** Represents a single call to {@link AsyncSecurityPolicy#checkAuthorizationAsync(int)}. */
+  public static class AuthRequest {
+
+    /** The argument passed to {@link AsyncSecurityPolicy#checkAuthorizationAsync(int)}. */
+    public final int uid;
+
+    private final SettableFuture<Status> resultFuture = SettableFuture.create();
+
+    private AuthRequest(int uid) {
+      this.uid = uid;
+    }
+
+    /** Provides this SecurityPolicy's response to this authorization request. */
+    public void setResult(Status result) {
+      checkState(resultFuture.set(result));
+    }
+
+    /** Simulates an exceptional response to this authorization request. */
+    public void setResult(Throwable t) {
+      checkState(resultFuture.setException(t));
+    }
+
+    /** Tests if the future returned for this authorization request was cancelled by the caller. */
+    public boolean isCancelled() {
+      return resultFuture.isCancelled();
+    }
+  }
+}
\ No newline at end of file

From f99b2aaef884da0fbe4ade56df98c8a037e974a3 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 24 Jun 2025 10:12:35 +0530
Subject: [PATCH 305/591] release: Migrate artifacts publishing from legacy
 OSSRH to Central Portal (#12156)

---
 README.md                       |  2 +-
 RELEASING.md                    |  2 +-
 build.gradle                    |  8 ++++----
 buildscripts/sonatype-upload.sh | 17 ++++++++++++++++-
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 012eab498e6..a925d1535f5 100644
--- a/README.md
+++ b/README.md
@@ -102,7 +102,7 @@ For [Bazel](https://bazel.build), you can either
 https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.73.0
 
 Development snapshots are available in [Sonatypes's snapshot
-repository](https://oss.sonatype.org/content/repositories/snapshots/).
+repository](https://central.sonatype.com/repository/maven-snapshots/).
 
 Generated Code
 --------------
diff --git a/RELEASING.md b/RELEASING.md
index 120b0ea6ac1..c57829b8c25 100644
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -160,7 +160,7 @@ Tagging the Release
    repository can then be `released`, which will begin the process of pushing
    the new artifacts to Maven Central (the staging repository will be destroyed
    in the process). You can see the complete process for releasing to Maven
-   Central on the [OSSRH site](https://central.sonatype.org/pages/releasing-the-deployment.html).
+   Central on the [OSSRH site](https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/#deploying).
 
 10. We have containers for each release to detect compatibility regressions with
     old releases. Generate one for the new release by following the [GCR image
diff --git a/build.gradle b/build.gradle
index 089c78639b4..afea703923f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -389,11 +389,11 @@ subprojects {
                         url = new File(rootProject.repositoryDir).toURI()
                     } else {
                         String stagingUrl
+                        String baseUrl = "https://ossrh-staging-api.central.sonatype.com/service/local"
                         if (rootProject.hasProperty('repositoryId')) {
-                            stagingUrl = 'https://oss.sonatype.org/service/local/staging/deployByRepositoryId/' +
-                                    rootProject.repositoryId
+                            stagingUrl = "${baseUrl}/staging/deployByRepositoryId/" + rootProject.repositoryId
                         } else {
-                            stagingUrl = 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
+                            stagingUrl = "${baseUrl}/staging/deploy/maven2/"
                         }
                         credentials {
                             if (rootProject.hasProperty('ossrhUsername') && rootProject.hasProperty('ossrhPassword')) {
@@ -402,7 +402,7 @@ subprojects {
                             }
                         }
                         def releaseUrl = stagingUrl
-                        def snapshotUrl = 'https://oss.sonatype.org/content/repositories/snapshots/'
+                        def snapshotUrl = 'https://central.sonatype.com/repository/maven-snapshots/'
                         url = version.endsWith('SNAPSHOT') ? snapshotUrl : releaseUrl
                     }
                 }
diff --git a/buildscripts/sonatype-upload.sh b/buildscripts/sonatype-upload.sh
index 16637149126..4baa4e46ca0 100755
--- a/buildscripts/sonatype-upload.sh
+++ b/buildscripts/sonatype-upload.sh
@@ -59,7 +59,7 @@ if [ -z "$USERNAME" -o -z "$PASSWORD" ]; then
   exit 1
 fi
 
-STAGING_URL="https://oss.sonatype.org/service/local/staging"
+STAGING_URL="https://ossrh-staging-api.central.sonatype.com/service/local/staging"
 
 # We go through the effort of using deloyByRepositoryId/ because it is
 # _substantially_ faster to upload files than deploy/maven2/. When using
@@ -108,3 +108,18 @@ XML="
 </promoteRequest>"
 curl --fail-with-body -X POST -d "$XML" -u "$USERPASS" -H "Content-Type: application/xml" \
   "$STAGING_URL/profiles/$PROFILE_ID/finish"
+
+# TODO (okshiva): After 2-3 releases make it automatic.
+# After closing the repository on the staging API, we must manually trigger
+# its upload to the main Central Publisher Portal. We set publishing_type=automatic
+# to have it release automatically upon passing validation.
+# echo "Triggering release of repository ${REPOID} to the Central Portal"
+
+# MANUAL_API_URL="https://ossrh-staging-api.central.sonatype.com/service/local/manual"
+
+#curl --fail-with-body -X POST \
+#  -H "Authorization: Bearer ${USERPASS}" \
+#  -H "Content-Type: application/json" \
+#  "${MANUAL_API_URL}/upload/repository/${REPOID}?publishing_type=automatic"
+
+# echo "Release triggered. Monitor progress at https://central.sonatype.com/publishing/deployments"

From d374b26b6891255556ab4476f4ce22871219ae76 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 23 Jun 2025 13:19:55 -0700
Subject: [PATCH 306/591] xds: Disable LOGICAL_DNS in XdsDepMan until used

ClusterResolverLb is still doing DNS itself, so disable it in XdsDepMan
until that migration has finished. EDS is fine in XdsDepman, because
XdsClient will share the result with ClusterResolverLb.
---
 .../java/io/grpc/xds/XdsDependencyManager.java | 18 ++++++++++++++----
 .../io/grpc/xds/XdsDependencyManagerTest.java  |  7 +++++++
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index cc419e63a70..5ed3821b7e4 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -82,6 +82,9 @@ private enum TrackedWatcherTypeEnum {
   private static final Locality LOGICAL_DNS_CLUSTER_LOCALITY = Locality.create("", "", "");
 
   private static final int MAX_CLUSTER_RECURSION_DEPTH = 16; // Specified by gRFC A37
+
+  static boolean enableLogicalDns = false;
+
   private final String listenerName;
   private final XdsClient xdsClient;
   private final SynchronizationContext syncContext;
@@ -363,9 +366,14 @@ private static void addConfigForCluster(
         }
         break;
       case LOGICAL_DNS:
-        TrackedWatcher<List<EquivalentAddressGroup>> dnsWatcher =
-            tracer.getWatcher(DNS_TYPE, cdsUpdate.dnsHostName());
-        child = new EndpointConfig(dnsToEdsUpdate(dnsWatcher.getData(), cdsUpdate.dnsHostName()));
+        if (enableLogicalDns) {
+          TrackedWatcher<List<EquivalentAddressGroup>> dnsWatcher =
+              tracer.getWatcher(DNS_TYPE, cdsUpdate.dnsHostName());
+          child = new EndpointConfig(dnsToEdsUpdate(dnsWatcher.getData(), cdsUpdate.dnsHostName()));
+        } else {
+          child = new EndpointConfig(StatusOr.fromStatus(
+              Status.INTERNAL.withDescription("Logical DNS in dependency manager unsupported")));
+        }
         break;
       default:
         child = new EndpointConfig(StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
@@ -806,7 +814,9 @@ public void subscribeToChildren(XdsClusterResource.CdsUpdate update) {
           addEdsWatcher(getEdsServiceName());
           break;
         case LOGICAL_DNS:
-          addDnsWatcher(update.dnsHostName());
+          if (enableLogicalDns) {
+            addDnsWatcher(update.dnsHostName());
+          }
           break;
         case AGGREGATE:
           update.prioritizedClusterNames()
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index 5a897de3a72..fca7b5220e6 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -152,6 +152,7 @@ public class XdsDependencyManagerTest {
 
   private XdsDependencyManager xdsDependencyManager = new XdsDependencyManager(
       xdsClient, syncContext, serverName, serverName, nameResolverArgs);
+  private boolean savedEnableLogicalDns;
 
   @Before
   public void setUp() throws Exception {
@@ -168,6 +169,8 @@ public void setUp() throws Exception {
     testWatcher = new TestWatcher();
     xdsConfigWatcher = mock(TestWatcher.class, delegatesTo(testWatcher));
     defaultXdsConfig = XdsTestUtils.getDefaultXdsConfig(serverName);
+
+    savedEnableLogicalDns = XdsDependencyManager.enableLogicalDns;
   }
 
   @After
@@ -180,6 +183,8 @@ public void tearDown() throws InterruptedException {
     assertThat(adsEnded.get()).isTrue();
     assertThat(lrsEnded.get()).isTrue();
     assertThat(fakeClock.getPendingTasks()).isEmpty();
+
+    XdsDependencyManager.enableLogicalDns = savedEnableLogicalDns;
   }
 
   @Test
@@ -749,6 +754,7 @@ public void testChangeAggCluster() {
 
   @Test
   public void testLogicalDns_success() {
+    XdsDependencyManager.enableLogicalDns = true;
     FakeSocketAddress fakeAddress = new FakeSocketAddress();
     nameResolverRegistry.register(new FakeNameResolverProvider(
         "dns:///dns.example.com:1111", fakeAddress));
@@ -789,6 +795,7 @@ public void testLogicalDns_success() {
 
   @Test
   public void testLogicalDns_noDnsNr() {
+    XdsDependencyManager.enableLogicalDns = true;
     Cluster cluster = Cluster.newBuilder()
         .setName(CLUSTER_NAME)
         .setType(Cluster.DiscoveryType.LOGICAL_DNS)

From ebc6d3e932cadf0c5b5cfb56e9bcdfe0ce48102d Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 24 Jun 2025 13:18:58 -0700
Subject: [PATCH 307/591] Start 1.75.0 development cycle

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 83aa6c1b026..ed027757e86 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.74.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.75.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index afea703923f..d47687421b0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.74.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.75.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 548a9e3d806..e56beda4b68 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.74.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.75.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 93551f6d582..f43fe748c46 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.74.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.75.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 1434afa884c..65c083f10ef 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.74.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.75.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index dd0ae167171..382e3943eab 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,5 +1,5 @@
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.74.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.75.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 1530cfb01d6..bf6064658b7 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,12 +54,12 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 66ef6bd9a14..e15fec725a3 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index 7c0527237e1..f961edbbcb2 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index a48ad08e4db..6bc1d5d7edb 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,8 +53,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index b6ea92e6c50..253fca272c7 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index b66f3d3ab76..57e531fb564 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index ec027796185..96569ac31b7 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 477dfe56a64..90a8b2975c6 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 9793567f10c..66056756523 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index b556e95d900..7525d06c375 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 037758b14c6..31f9dc41150 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index b6e1d64a745..df716875791 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index b6e3d1307ab..e28e9929137 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index bf4c43627da..3c3efab4c51 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 050cb9592fb..4c9e6662ac3 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index b6217aad6dd..74c97622f9e 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index e2e63521ee4..3013c6c6a72 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 1b5d4fa6ec7..98497ec41be 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index abefaa35bea..ad6e65300d0 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 837dcede0b6..1cea56171cd 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index d49c52fb32f..4f5e9e70a11 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 71baca108b1..926c7b314e3 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 5d1c01a2ce0..66f5374cf3a 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 96f3e12ab93..0d971942bc0 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 44a85d9bfac..ec32a485ef9 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index c14f88e0f9b..99ba741cbf7 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index 66f42841fbf..b2d945b1d5e 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.74.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 1584416760e..57b7a9c6b79 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.74.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.74.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->

From af7efeb9f5db1026822a65f919fcab0bc2cd268c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 24 Jun 2025 13:38:41 -0700
Subject: [PATCH 308/591] core: Rely on ping-pong for flow control testing

The previous code did a ping-pong to make sure the transport had enough
time to process, but then proceeded to sleep 5 seconds. That sleep would
have been needed without the ping-pong, but with the ping-pong we are
confident all events have been drained from the transport. Deleting the
unnecessary sleeps saves 10 seconds, for each of the 9 instances of this
test.
---
 .../java/io/grpc/internal/AbstractTransportTest.java      | 8 ++------
 .../java/io/grpc/internal/ClientStreamListenerBase.java   | 7 +++++++
 .../java/io/grpc/internal/ServerStreamListenerBase.java   | 4 ++++
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index 32c3bff74e9..ea7f1723e64 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -1449,7 +1449,7 @@ public void flowControlPushBack() throws Exception {
     clientStream.flush();
     clientStream.halfClose();
     doPingPong(serverListener);
-    assertFalse(serverStreamListener.awaitHalfClosed(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+    assertFalse(serverStreamListener.isHalfClosed());
 
     serverStream.request(1);
     serverReceived += verifyMessageCountAndClose(serverStreamListener.messageQueue, 1);
@@ -1461,11 +1461,7 @@ public void flowControlPushBack() throws Exception {
     Status status = Status.OK.withDescription("... quite a lengthy discussion");
     serverStream.close(status, new Metadata());
     doPingPong(serverListener);
-    try {
-      clientStreamListener.awaitClose(TIMEOUT_MS, TimeUnit.MILLISECONDS);
-      fail("Expected TimeoutException");
-    } catch (TimeoutException expectedException) {
-    }
+    assertFalse(clientStreamListener.isClosed());
 
     clientStream.request(1);
     clientReceived += verifyMessageCountAndClose(clientStreamListener.messageQueue, 1);
diff --git a/core/src/testFixtures/java/io/grpc/internal/ClientStreamListenerBase.java b/core/src/testFixtures/java/io/grpc/internal/ClientStreamListenerBase.java
index 97186400cb2..3c35cf59225 100644
--- a/core/src/testFixtures/java/io/grpc/internal/ClientStreamListenerBase.java
+++ b/core/src/testFixtures/java/io/grpc/internal/ClientStreamListenerBase.java
@@ -43,6 +43,13 @@ public Status awaitClose(int timeout, TimeUnit unit) throws Exception {
     return status.get(timeout, unit);
   }
 
+  /**
+   * Return {@code true} if {@code #awaitClose} would return immediately with a status.
+   */
+  public boolean isClosed() {
+    return status.isDone();
+  }
+
   /**
    * Returns response headers from the server or throws {@link
    * java.util.concurrent.TimeoutException} if they aren't delivered before the timeout.
diff --git a/core/src/testFixtures/java/io/grpc/internal/ServerStreamListenerBase.java b/core/src/testFixtures/java/io/grpc/internal/ServerStreamListenerBase.java
index b4ded80e5b2..aaa70600542 100644
--- a/core/src/testFixtures/java/io/grpc/internal/ServerStreamListenerBase.java
+++ b/core/src/testFixtures/java/io/grpc/internal/ServerStreamListenerBase.java
@@ -54,6 +54,10 @@ public boolean awaitHalfClosed(int timeout, TimeUnit unit) throws Exception {
     return halfClosedLatch.await(timeout, unit);
   }
 
+  public boolean isHalfClosed() {
+    return halfClosedLatch.getCount() == 0;
+  }
+
   public Status awaitClose(int timeout, TimeUnit unit) throws Exception {
     return status.get(timeout, unit);
   }

From 64322c324394fe5837fd324aae7cde36d229283b Mon Sep 17 00:00:00 2001
From: vimanikag <viswakarma18rc@gmail.com>
Date: Wed, 25 Jun 2025 10:55:00 +0530
Subject: [PATCH 309/591] 11243: RLS cleanups (#12085)

---
 .../io/grpc/rls/LinkedHashLruCacheTest.java   | 89 +++++++++++++++++++
 1 file changed, 89 insertions(+)

diff --git a/rls/src/test/java/io/grpc/rls/LinkedHashLruCacheTest.java b/rls/src/test/java/io/grpc/rls/LinkedHashLruCacheTest.java
index f38b28d8416..23ffe6ec026 100644
--- a/rls/src/test/java/io/grpc/rls/LinkedHashLruCacheTest.java
+++ b/rls/src/test/java/io/grpc/rls/LinkedHashLruCacheTest.java
@@ -25,8 +25,10 @@
 import io.grpc.internal.FakeClock;
 import io.grpc.rls.LruCache.EvictionListener;
 import io.grpc.rls.LruCache.EvictionType;
+import java.util.Arrays;
 import java.util.Objects;
 import java.util.concurrent.TimeUnit;
+import javax.annotation.Nullable;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -266,4 +268,91 @@ public int hashCode() {
       return Objects.hash(value, expireTime);
     }
   }
+
+  @Test
+  public void testFitToLimitWithReSize() {
+
+    Entry entry1 = new Entry("Entry1", ticker.read() + 10, 4);
+    Entry entry2 = new Entry("Entry2", ticker.read() + 20, 1);
+    Entry entry3 = new Entry("Entry3", ticker.read() + 30, 2);
+
+    cache.cache(1, entry1);
+    cache.cache(2, entry2);
+    cache.cache(3, entry3);
+
+    assertThat(cache.estimatedSize()).isEqualTo(2);
+    assertThat(cache.estimatedSizeBytes()).isEqualTo(3);
+    assertThat(cache.estimatedMaxSizeBytes()).isEqualTo(5);
+
+    cache.resize(2);
+    assertThat(cache.estimatedSize()).isEqualTo(1);
+    assertThat(cache.estimatedSizeBytes()).isEqualTo(2);
+    assertThat(cache.estimatedMaxSizeBytes()).isEqualTo(2);
+
+    assertThat(cache.fitToLimit()).isEqualTo(false);
+  }
+
+  @Test
+  public void testFitToLimit() {
+
+    TestFitToLimitEviction localCache = new TestFitToLimitEviction(
+            MAX_SIZE,
+            evictionListener,
+            fakeClock.getTicker()
+    );
+
+    Entry entry1 = new Entry("Entry1", ticker.read() + 10, 4);
+    Entry entry2 = new Entry("Entry2", ticker.read() + 20, 2);
+    Entry entry3 = new Entry("Entry3", ticker.read() + 30, 1);
+
+    localCache.cache(1, entry1);
+    localCache.cache(2, entry2);
+    localCache.cache(3, entry3);
+
+    assertThat(localCache.estimatedSize()).isEqualTo(3);
+    assertThat(localCache.estimatedSizeBytes()).isEqualTo(7);
+    assertThat(localCache.estimatedMaxSizeBytes()).isEqualTo(5);
+
+    localCache.enableEviction();
+
+    assertThat(localCache.fitToLimit()).isEqualTo(true);
+
+    assertThat(localCache.values().contains(entry1)).isFalse();
+    assertThat(localCache.values().containsAll(Arrays.asList(entry2, entry3))).isTrue();
+
+    assertThat(localCache.estimatedSize()).isEqualTo(2);
+    assertThat(localCache.estimatedSizeBytes()).isEqualTo(3);
+    assertThat(localCache.estimatedMaxSizeBytes()).isEqualTo(5);
+  }
+
+  private static class TestFitToLimitEviction extends LinkedHashLruCache<Integer, Entry> {
+
+    private boolean allowEviction = false;
+
+    TestFitToLimitEviction(
+            long estimatedMaxSizeBytes,
+            @Nullable EvictionListener<Integer, Entry> evictionListener,
+            Ticker ticker) {
+      super(estimatedMaxSizeBytes, evictionListener, ticker);
+    }
+
+    @Override
+    protected boolean isExpired(Integer key, Entry value, long nowNanos) {
+      return value.expireTime - nowNanos <= 0;
+    }
+
+    @Override
+    protected int estimateSizeOf(Integer key, Entry value) {
+      return value.size;
+    }
+
+    @Override
+    protected boolean shouldInvalidateEldestEntry(Integer eldestKey, Entry eldestValue, long now) {
+      return allowEviction && super.shouldInvalidateEldestEntry(eldestKey, eldestValue, now);
+    }
+
+    public void enableEviction() {
+      allowEviction = true;
+    }
+  }
 }

From 74aee11389b6d4b6561dce29001f024c5a96e28e Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 26 Jun 2025 17:43:13 -0700
Subject: [PATCH 310/591] Clarify requirements for creating a cross-user
 Channel. (#12181)

The @SystemApi runtime visibility requirement isn't really new. It has always been implicit in the required INTERACT_ACROSS_USERS permission, which (in production) can only be held by system apps.

The SDK_INT >= 30 requirement was also always present, via @RequiresApi() on  BinderChannelBuilder#bindAsUser. This change just updates its replacement APIs (AndroidComponentAddress and TARGET_ANDROID_USER) to require it too.
---
 .../io/grpc/binder/AndroidComponentAddress.java | 17 ++++++++++++++++-
 .../main/java/io/grpc/binder/ApiConstants.java  | 11 +++++++----
 .../io/grpc/binder/BinderChannelBuilder.java    |  6 +++---
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
index c4c17bb2cef..5617a141f93 100644
--- a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
+++ b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
@@ -250,7 +250,22 @@ public Builder setBindIntentFromComponent(ComponentName component) {
       return this;
     }
 
-    /** See {@link AndroidComponentAddress#getTargetUser()}. */
+    /**
+     * Specifies the Android user in which the built Address' bind Intent will be evaluated.
+     *
+     * <p>Connecting to a server in a different Android user is uncommon and requires the client app
+     * have runtime visibility of &#064;SystemApi's and hold certain &#064;SystemApi permissions.
+     * The device must also be running Android SDK version 30 or higher.
+     *
+     * <p>See https://developer.android.com/guide/app-compatibility/restrictions-non-sdk-interfaces
+     * for details on which apps can call the underlying &#064;SystemApi's needed to make this type
+     * of connection.
+     *
+     * <p>One of the "android.permission.INTERACT_ACROSS_XXX" permissions is required. The exact one
+     * depends on the calling user's relationship to the target user, whether client and server are
+     * in the same or different apps, and the version of Android in use. See {@link
+     * Context#bindServiceAsUser}, the essential underlying Android API, for details.
+     */
     @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
     public Builder setTargetUser(@Nullable UserHandle targetUser) {
       this.targetUser = targetUser;
diff --git a/binder/src/main/java/io/grpc/binder/ApiConstants.java b/binder/src/main/java/io/grpc/binder/ApiConstants.java
index 292c580c2b8..05950a9eaec 100644
--- a/binder/src/main/java/io/grpc/binder/ApiConstants.java
+++ b/binder/src/main/java/io/grpc/binder/ApiConstants.java
@@ -35,12 +35,15 @@ private ApiConstants() {}
   /**
    * Specifies the Android user in which target URIs should be resolved.
    *
-   * <p>{@link UserHandle} can't reasonably be encoded in a target URI string. Instead, all
-   * {@link io.grpc.NameResolverProvider}s producing {@link AndroidComponentAddress}es should let
-   * clients address servers in another Android user using this argument.
+   * <p>{@link UserHandle} can't reasonably be encoded in a target URI string. Instead, all {@link
+   * io.grpc.NameResolverProvider}s producing {@link AndroidComponentAddress}es should let clients
+   * address servers in another Android user using this argument.
    *
-   * <p>See also {@link AndroidComponentAddress#getTargetUser()}.
+   * <p>Connecting to a server in a different Android user is uncommon and can only be done by a
+   * "system app" client with special permissions. See {@link
+   * AndroidComponentAddress.Builder#setTargetUser(UserHandle)} for details.
    */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
   public static final NameResolver.Args.Key<UserHandle> TARGET_ANDROID_USER =
       NameResolver.Args.Key.create("target-android-user");
 }
diff --git a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
index 0b8f0bb4b3f..f996ee7cdbf 100644
--- a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
+++ b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
@@ -242,9 +242,9 @@ public BinderChannelBuilder securityPolicy(SecurityPolicy securityPolicy) {
    * specify a {@link UserHandle}. If neither the Channel nor the {@link AndroidComponentAddress}
    * specifies a target user, the {@link UserHandle} of the current process will be used.
    *
-   * <p>Targeting a Service in a different Android user is uncommon and requires special permissions
-   * normally reserved for system apps. See {@link android.content.Context#bindServiceAsUser} for
-   * details.
+   * <p>Connecting to a server in a different Android user is uncommon and can only be done by a
+   * "system app" client with special permissions. See {@link
+   * AndroidComponentAddress.Builder#setTargetUser(UserHandle)} for details.
    *
    * @deprecated This method's name is misleading because it implies an impersonated client identity
    *     when it's actually specifying part of the server's location. It's also no longer necessary

From 2ee4f9b488e42587adbc92ea428062004715d3c6 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 26 Jun 2025 22:28:48 -0700
Subject: [PATCH 311/591] AndroidComponentAddress constructor can be private.
 (#12188)

---
 .../src/main/java/io/grpc/binder/AndroidComponentAddress.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
index 5617a141f93..b390c1f0ccd 100644
--- a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
+++ b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java
@@ -58,7 +58,7 @@ public final class AndroidComponentAddress extends SocketAddress {
   @Nullable
   private final UserHandle targetUser; // null means the same user that hosts this process.
 
-  protected AndroidComponentAddress(Intent bindIntent, @Nullable UserHandle targetUser) {
+  private AndroidComponentAddress(Intent bindIntent, @Nullable UserHandle targetUser) {
     checkArgument(
         bindIntent.getComponent() != null || bindIntent.getPackage() != null,
         "'bindIntent' must be explicit. Specify either a package or ComponentName.");

From ca99a8c478eff08b34c6ddd3035ef37aca9754ee Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Sun, 29 Jun 2025 20:05:03 -0700
Subject: [PATCH 312/591] Fix RLS regressions from XdsDepMan conversion

297ab05ef converted CDS to XdsDependencyManager. This caused three
regressions:

 * CdsLB2 as a RLS child would always fail with "Unable to find
   non-dynamic root cluster" because is_dynamic=true was missing in
   its service config
 * XdsNameResolver only propagated resolution updates when the clusters
   changed, so a CdsUpdate change would be ignored. This caused a hang
   for RLS even with is_dynamic=true. For non-RLS the lack config update
   broke the circuit breaking psm interop test. This would have been
   more severe if ClusterResolverLb had been converted to
   XdsDependenceManager, as it would have ignored EDS updates
 * RLS did not propagate resolution updates, so CdsLB2 even with
   is_dynamic=true the CdsUpdate for the new cluster would never arrive,
   causing a hang

b/428120265
b/427912384
---
 .../java/io/grpc/rls/CachingRlsLbClient.java  |  7 +++
 .../io/grpc/rls/LbPolicyConfiguration.java    | 28 ++++++++--
 .../java/io/grpc/rls/RlsLoadBalancer.java     |  4 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |  6 +-
 .../java/io/grpc/xds/XdsNameResolverTest.java | 56 ++++++++++++-------
 5 files changed, 76 insertions(+), 25 deletions(-)

diff --git a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
index 70833416d5d..7855468ee61 100644
--- a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
+++ b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
@@ -255,6 +255,13 @@ void init() {
     }
   }
 
+  Status acceptResolvedAddressFactory(ResolvedAddressFactory childLbResolvedAddressFactory) {
+    synchronized (lock) {
+      return refCountedChildPolicyWrapperFactory.acceptResolvedAddressFactory(
+          childLbResolvedAddressFactory);
+    }
+  }
+
   /**
    * Convert the status to UNAVAILABLE and enhance the error message.
    * @param status status as provided by server
diff --git a/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java b/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
index 4d6ceed9235..226176d25ff 100644
--- a/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
+++ b/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
@@ -31,6 +31,7 @@
 import io.grpc.LoadBalancerProvider;
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver.ConfigOrError;
+import io.grpc.Status;
 import io.grpc.internal.ObjectPool;
 import io.grpc.rls.ChildLoadBalancerHelper.ChildLoadBalancerHelperProvider;
 import io.grpc.rls.RlsProtoData.RouteLookupConfig;
@@ -211,7 +212,7 @@ static final class RefCountedChildPolicyWrapperFactory {
     private final ChildLoadBalancerHelperProvider childLbHelperProvider;
     private final ChildLbStatusListener childLbStatusListener;
     private final ChildLoadBalancingPolicy childPolicy;
-    private final ResolvedAddressFactory childLbResolvedAddressFactory;
+    private ResolvedAddressFactory childLbResolvedAddressFactory;
 
     public RefCountedChildPolicyWrapperFactory(
         ChildLoadBalancingPolicy childPolicy,
@@ -229,6 +230,19 @@ void init() {
       childLbHelperProvider.init();
     }
 
+    Status acceptResolvedAddressFactory(ResolvedAddressFactory childLbResolvedAddressFactory) {
+      this.childLbResolvedAddressFactory = childLbResolvedAddressFactory;
+      Status status = Status.OK;
+      for (RefCountedChildPolicyWrapper wrapper : childPolicyMap.values()) {
+        Status newStatus =
+            wrapper.childPolicyWrapper.acceptResolvedAddressFactory(childLbResolvedAddressFactory);
+        if (!newStatus.isOk()) {
+          status = newStatus;
+        }
+      }
+      return status;
+    }
+
     ChildPolicyWrapper createOrGet(String target) {
       // TODO(creamsoup) check if the target is valid or not
       RefCountedChildPolicyWrapper pooledChildPolicyWrapper = childPolicyMap.get(target);
@@ -277,6 +291,7 @@ static final class ChildPolicyWrapper {
     private final String target;
     private final ChildPolicyReportingHelper helper;
     private final LoadBalancer lb;
+    private final Object childLbConfig;
     private volatile SubchannelPicker picker;
     private ConnectivityState state;
 
@@ -295,14 +310,14 @@ public ChildPolicyWrapper(
               .parseLoadBalancingPolicyConfig(
                   childPolicy.getEffectiveChildPolicy(target));
       this.lb = lbProvider.newLoadBalancer(helper);
+      this.childLbConfig = lbConfig.getConfig();
       helper.getChannelLogger().log(
-          ChannelLogLevel.DEBUG, "RLS child lb created. config: {0}", lbConfig.getConfig());
+          ChannelLogLevel.DEBUG, "RLS child lb created. config: {0}", childLbConfig);
       helper.getSynchronizationContext().execute(
           new Runnable() {
             @Override
             public void run() {
-              if (!lb.acceptResolvedAddresses(
-                  childLbResolvedAddressFactory.create(lbConfig.getConfig())).isOk()) {
+              if (!acceptResolvedAddressFactory(childLbResolvedAddressFactory).isOk()) {
                 helper.refreshNameResolution();
               }
               lb.requestConnection();
@@ -310,6 +325,11 @@ public void run() {
           });
     }
 
+    Status acceptResolvedAddressFactory(ResolvedAddressFactory childLbResolvedAddressFactory) {
+      helper.getSynchronizationContext().throwIfNotInThisSynchronizationContext();
+      return lb.acceptResolvedAddresses(childLbResolvedAddressFactory.create(childLbConfig));
+    }
+
     String getTarget() {
       return target;
     }
diff --git a/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java b/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
index 81ef8fdb31a..6e59e867e32 100644
--- a/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
+++ b/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
@@ -79,7 +79,9 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       //  not required.
       this.lbPolicyConfiguration = lbPolicyConfiguration;
     }
-    return Status.OK;
+    return routeLookupClient.acceptResolvedAddressFactory(
+        new ChildLbResolvedAddressFactory(
+            resolvedAddresses.getAddresses(), resolvedAddresses.getAttributes()));
   }
 
   @Override
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index c71e4dc255d..58d1ff769fe 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -823,6 +823,9 @@ private void updateRoutes(
       if (shouldUpdateResult && routingConfig != null) {
         updateResolutionResult(xdsConfig);
         shouldUpdateResult = false;
+      } else {
+        // Need to update at least once
+        shouldUpdateResult = true;
       }
       // Make newly added clusters selectable by config selector and deleted clusters no longer
       // selectable.
@@ -993,7 +996,8 @@ private ClusterRefState(
             .put("routeLookupConfig", rlsPluginConfig.config())
             .put(
                 "childPolicy",
-                ImmutableList.of(ImmutableMap.of(XdsLbPolicies.CDS_POLICY_NAME, ImmutableMap.of())))
+                ImmutableList.of(ImmutableMap.of(XdsLbPolicies.CDS_POLICY_NAME, ImmutableMap.of(
+                    "is_dynamic", true))))
             .put("childPolicyConfigTargetFieldName", "cluster")
             .buildOrThrow();
         return ImmutableMap.of("rls_experimental", rlsConfig);
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index f5c40fa2117..7015a43f6ed 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -28,6 +28,7 @@
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.atLeast;
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -449,7 +450,7 @@ public void resolving_ldsResourceUpdateRdsName() {
     // Two new service config updates triggered:
     //  - with load balancing config being able to select cluster1 and cluster2
     //  - with load balancing config being able to select cluster2 only
-    verify(mockListener, times(2)).onResult2(resultCaptor.capture());
+    verify(mockListener, times(3)).onResult2(resultCaptor.capture());
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2),
         (Map<String, ?>) resultCaptor.getAllValues().get(0).getServiceConfig().getConfig());
@@ -1070,7 +1071,9 @@ public void resolved_resourceUpdateAfterCallStarted() {
     assertCallSelectClusterResult(call1, configSelector, "another-cluster", 20.0);
 
     firstCall.deliverErrorStatus();  // completes previous call
-    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
+    // Two updates: one for XdsNameResolver releasing the cluster, and another for
+    // XdsDependencyManager updating the XdsConfig
+    verify(mockListener, times(3)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster2, "another-cluster"),
@@ -1100,7 +1103,7 @@ public void resolved_resourceUpdatedBeforeCallStarted() {
                 ImmutableMap.of())));
     // Two consecutive service config updates: one for removing clcuster1,
     // one for adding "another=cluster".
-    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(3)).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster2, "another-cluster"),
@@ -1155,7 +1158,7 @@ public void resolved_raceBetweenCallAndRepeatedResourceUpdate() {
                     cluster2, Collections.emptyList(),
                     TimeUnit.SECONDS.toNanos(15L), null, false),
                 ImmutableMap.of())));
-    verifyNoMoreInteractions(mockListener);  // no cluster added/deleted
+    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
     assertCallSelectClusterResult(call1, configSelector, "another-cluster", 15.0);
   }
 
@@ -1187,7 +1190,13 @@ public void resolved_raceBetweenClusterReleasedAndResourceUpdateAddBackAgain() {
                     null, false),
                 ImmutableMap.of())));
     testCall.deliverErrorStatus();
-    verifyNoMoreInteractions(mockListener);
+    verify(mockListener, times(3)).onResult2(resolutionResultCaptor.capture());
+    assertServiceConfigForLoadBalancingConfig(
+        Arrays.asList(cluster1, cluster2), resolutionResultCaptor.getAllValues().get(1));
+    assertServiceConfigForLoadBalancingConfig(
+        Arrays.asList(cluster1, cluster2), resolutionResultCaptor.getAllValues().get(2));
+    assertServiceConfigForLoadBalancingConfig(
+        Arrays.asList(cluster1, cluster2), resolutionResultCaptor.getAllValues().get(3));
   }
 
   @SuppressWarnings("unchecked")
@@ -1268,7 +1277,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
         "routeLookupConfig",
         ImmutableMap.of("lookupService", "rls-cbt.googleapis.com"),
         "childPolicy",
-        ImmutableList.of(ImmutableMap.of("cds_experimental", ImmutableMap.of())),
+        ImmutableList.of(ImmutableMap.of("cds_experimental", ImmutableMap.of("is_dynamic", true))),
         "childPolicyConfigTargetFieldName",
         "cluster");
     Map<String, ?> expectedClusterManagerLbConfig = ImmutableMap.of(
@@ -1315,7 +1324,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
         "routeLookupConfig",
         ImmutableMap.of("lookupService", "rls-cbt-2.googleapis.com"),
         "childPolicy",
-        ImmutableList.of(ImmutableMap.of("cds_experimental", ImmutableMap.of())),
+        ImmutableList.of(ImmutableMap.of("cds_experimental", ImmutableMap.of("is_dynamic", true))),
         "childPolicyConfigTargetFieldName",
         "cluster");
     Map<String, ?> expectedClusterManagerLbConfig2 = ImmutableMap.of(
@@ -1656,7 +1665,7 @@ private void assertEmptyResolutionResult(String resource) {
   }
 
   private void assertClusterResolutionResult(CallInfo call, String expectedCluster) {
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, atLeast(1)).onResult2(resolutionResultCaptor.capture());
     ResolutionResult result = resolutionResultCaptor.getValue();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     assertCallSelectClusterResult(call, configSelector, expectedCluster, null);
@@ -1744,6 +1753,13 @@ private InternalConfigSelector resolveToClusters() {
     return result.getAttributes().get(InternalConfigSelector.KEY);
   }
 
+  private static void assertServiceConfigForLoadBalancingConfig(
+      List<String> clusters, ResolutionResult result) {
+    @SuppressWarnings("unchecked")
+    Map<String, ?> config = (Map<String, ?>) result.getServiceConfig().getConfig();
+    assertServiceConfigForLoadBalancingConfig(clusters, config);
+  }
+
   /**
    * Verifies the raw service config contains an xDS load balancing config for the given clusters.
    */
@@ -1847,7 +1863,9 @@ public void generateServiceConfig_forClusterManagerLoadBalancingConfig() throws
             + "                \"lookupService\": \"rls.bigtable.google.com\"\n"
             + "              },\n"
             + "              \"childPolicy\": [\n"
-            + "                {\"cds_experimental\": {}}\n"
+            + "                {\"cds_experimental\": {\n"
+            + "                  \"is_dynamic\": true\n"
+            + "                }}\n"
             + "              ],\n"
             + "              \"childPolicyConfigTargetFieldName\": \"cluster\"\n"
             + "            }\n"
@@ -2035,7 +2053,7 @@ public void resolved_faultAbortInLdsUpdate() {
         FaultAbort.forHeader(FaultConfig.FractionalPercent.perMillion(600_000)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2051,7 +2069,7 @@ public void resolved_faultAbortInLdsUpdate() {
         FaultAbort.forHeader(FaultConfig.FractionalPercent.perMillion(0)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(3)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2066,7 +2084,7 @@ public void resolved_faultAbortInLdsUpdate() {
             FaultConfig.FractionalPercent.perMillion(600_000)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(4)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2084,7 +2102,7 @@ public void resolved_faultAbortInLdsUpdate() {
             FaultConfig.FractionalPercent.perMillion(400_000)),
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(5)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2119,7 +2137,7 @@ public void resolved_faultDelayInLdsUpdate() {
     httpFilterFaultConfig = FaultConfig.create(
         FaultDelay.forHeader(FaultConfig.FractionalPercent.perMillion(600_000)), null, null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2130,7 +2148,7 @@ public void resolved_faultDelayInLdsUpdate() {
     httpFilterFaultConfig = FaultConfig.create(
         FaultDelay.forHeader(FaultConfig.FractionalPercent.perMillion(0)), null, null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(3)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2143,7 +2161,7 @@ public void resolved_faultDelayInLdsUpdate() {
         null,
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(4)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2156,7 +2174,7 @@ public void resolved_faultDelayInLdsUpdate() {
         null,
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(cluster1, httpFilterFaultConfig, null, null, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(5)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2281,7 +2299,7 @@ public void resolved_faultConfigOverrideInLdsUpdate() {
         null);
     xdsClient.deliverLdsUpdateWithFaultInjection(
         cluster1, httpFilterFaultConfig, virtualHostFaultConfig, routeFaultConfig, null);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(2)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,
@@ -2298,7 +2316,7 @@ public void resolved_faultConfigOverrideInLdsUpdate() {
     xdsClient.deliverLdsUpdateWithFaultInjection(
         cluster1, httpFilterFaultConfig, virtualHostFaultConfig, routeFaultConfig,
         weightedClusterFaultConfig);
-    verify(mockListener).onResult2(resolutionResultCaptor.capture());
+    verify(mockListener, times(3)).onResult2(resolutionResultCaptor.capture());
     result = resolutionResultCaptor.getValue();
     configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     observer = startNewCall(TestMethodDescriptors.voidMethod(), configSelector,

From 919370172d65a819bb1e7ccb47f2285b0ccfd17e Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Tue, 1 Jul 2025 15:14:28 +0000
Subject: [PATCH 313/591] census: APIs for stats and tracing (#12050)

---
 .../main/java/io/grpc/census/GrpcCensus.java  | 176 ++++++++++++++++++
 .../io/grpc/internal/ServerImplBuilder.java   |   2 +-
 2 files changed, 177 insertions(+), 1 deletion(-)
 create mode 100644 census/src/main/java/io/grpc/census/GrpcCensus.java

diff --git a/census/src/main/java/io/grpc/census/GrpcCensus.java b/census/src/main/java/io/grpc/census/GrpcCensus.java
new file mode 100644
index 00000000000..c564c349ae4
--- /dev/null
+++ b/census/src/main/java/io/grpc/census/GrpcCensus.java
@@ -0,0 +1,176 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.census;
+
+import com.google.common.base.Stopwatch;
+import com.google.common.base.Supplier;
+import io.grpc.ClientInterceptor;
+import io.grpc.ExperimentalApi;
+import io.grpc.ManagedChannelBuilder;
+import io.grpc.ServerBuilder;
+import io.grpc.ServerStreamTracer;
+import io.opencensus.trace.Tracing;
+
+/**
+ *  The entrypoint for OpenCensus instrumentation functionality in gRPC.
+ *
+ *  <p>GrpcCensus uses {@link io.opencensus.api.OpenCensus} APIs for instrumentation.
+ *
+ */
+@ExperimentalApi("https://github.com/grpc/grpc-java/issues/12178")
+public final class GrpcCensus {
+
+  private final boolean statsEnabled;
+  private final boolean tracingEnabled;
+
+  private GrpcCensus(Builder builder) {
+    this.statsEnabled = builder.statsEnabled;
+    this.tracingEnabled = builder.tracingEnabled;
+  }
+
+  /**
+   * Creates a new builder for {@link GrpcCensus}.
+   */
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  private static final Supplier<Stopwatch> STOPWATCH_SUPPLIER = new Supplier<Stopwatch>() {
+    @Override
+    public Stopwatch get() {
+      return Stopwatch.createUnstarted();
+    }
+  };
+
+  /**
+   * Configures a {@link ServerBuilder} to enable census stats and tracing.
+   *
+   * @param serverBuilder The server builder to configure.
+   * @return The configured server builder.
+   */
+  public <T extends ServerBuilder<T>> T configureServerBuilder(T serverBuilder) {
+    if (statsEnabled) {
+      serverBuilder.addStreamTracerFactory(newServerStatsStreamTracerFactory());
+    }
+    if (tracingEnabled) {
+      serverBuilder.addStreamTracerFactory(newServerTracingStreamTracerFactory());
+    }
+    return serverBuilder;
+  }
+
+  /**
+   * Configures a {@link ManagedChannelBuilder} to enable census stats and tracing.
+   *
+   * @param channelBuilder The channel builder to configure.
+   * @return The configured channel builder.
+   */
+  public <T extends ManagedChannelBuilder<T>> T configureChannelBuilder(T channelBuilder) {
+    if (statsEnabled) {
+      channelBuilder.intercept(newClientStatsInterceptor());
+    }
+    if (tracingEnabled) {
+      channelBuilder.intercept(newClientTracingInterceptor());
+    }
+    return channelBuilder;
+  }
+
+  /**
+   * Returns a {@link ClientInterceptor} with default stats implementation.
+   */
+  private static ClientInterceptor newClientStatsInterceptor() {
+    CensusStatsModule censusStats =
+        new CensusStatsModule(
+            STOPWATCH_SUPPLIER,
+            true,
+            true,
+            true,
+            false,
+            true);
+    return censusStats.getClientInterceptor();
+  }
+
+  /**
+   * Returns a {@link ClientInterceptor} with default tracing implementation.
+   */
+  private static ClientInterceptor newClientTracingInterceptor() {
+    CensusTracingModule censusTracing =
+        new CensusTracingModule(
+            Tracing.getTracer(),
+            Tracing.getPropagationComponent().getBinaryFormat());
+    return censusTracing.getClientInterceptor();
+  }
+
+  /**
+   * Returns a {@link ServerStreamTracer.Factory} with default stats implementation.
+   */
+  private static ServerStreamTracer.Factory newServerStatsStreamTracerFactory() {
+    CensusStatsModule censusStats =
+        new CensusStatsModule(
+            STOPWATCH_SUPPLIER,
+            true,
+            true,
+            true,
+            false,
+            true);
+    return censusStats.getServerTracerFactory();
+  }
+
+  /**
+   * Returns a {@link ServerStreamTracer.Factory} with default tracing implementation.
+   */
+  private static ServerStreamTracer.Factory newServerTracingStreamTracerFactory() {
+    CensusTracingModule censusTracing =
+        new CensusTracingModule(
+            Tracing.getTracer(),
+            Tracing.getPropagationComponent().getBinaryFormat());
+    return censusTracing.getServerTracerFactory();
+  }
+
+  /**
+   * Builder for {@link GrpcCensus}.
+   */
+  public static final class Builder {
+    private boolean statsEnabled = true;
+    private boolean tracingEnabled = true;
+
+    private Builder() {
+    }
+
+    /**
+     * Disables stats collection.
+     */
+    public Builder disableStats() {
+      this.statsEnabled = false;
+      return this;
+    }
+
+    /**
+     * Disables tracing.
+     */
+    public Builder disableTracing() {
+      this.tracingEnabled = false;
+      return this;
+    }
+
+    /**
+     * Builds a new {@link GrpcCensus}.
+     */
+    public GrpcCensus build() {
+      return new GrpcCensus(this);
+    }
+  }
+}
diff --git a/core/src/main/java/io/grpc/internal/ServerImplBuilder.java b/core/src/main/java/io/grpc/internal/ServerImplBuilder.java
index b679baf3a8b..f6566e067db 100644
--- a/core/src/main/java/io/grpc/internal/ServerImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ServerImplBuilder.java
@@ -99,7 +99,7 @@ public static ServerBuilder<?> forPort(int port) {
   ServerCallExecutorSupplier executorSupplier;
 
   /**
-   * An interface to provide to provide transport specific information for the server. This method
+   * An interface to provide transport specific information for the server. This method
    * is meant for Transport implementors and should not be used by normal users.
    */
   public interface ClientTransportServersBuilder {

From 6dfa03c51c0f67bde1db56a7c71cbd538aef6e82 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 3 Jul 2025 06:14:04 +0000
Subject: [PATCH 314/591] core: grpc-timeout should always be positive (#12201)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PROTOCOL-HTTP2.md specifies "TimeoutValue → {positive integer as ASCII
string of at most 8 digits}". Zero is not positive, so it should be
avoided. So make sure timeouts are at least 1 nanosecond instead of 0
nanoseconds.

grpc-go recently began disallowing zero timeouts in
https://github.com/grpc/grpc-go/pull/8290 which caused a regression as
grpc-java can generate such timeouts. Apparently no gRPC implementation
had previously been checking for zero timeouts.

Instead of changing the max(0) to max(1) everywhere, just move the max
handling into TimeoutMarshaller, since every caller of TIMEOUT_KEY was
doing the same max() handling.

Before fd8fd517d (in 2016!), grpc-java actually behaved correctly, as it
failed RPCs with timeouts "<= 0". The commit changed the handling to the
max(0) handling we see now.

b/427338711
---
 .../java/io/grpc/binder/internal/Outbound.java |  4 +---
 .../io/grpc/internal/AbstractClientStream.java |  4 +---
 .../main/java/io/grpc/internal/GrpcUtil.java   | 10 ++++++----
 .../internal/AbstractClientStreamTest.java     | 18 ++++++++++++++++++
 .../java/io/grpc/internal/GrpcUtilTest.java    |  4 ++--
 .../java/io/grpc/internal/ServerImplTest.java  | 13 ++++++++++++-
 .../io/grpc/inprocess/InProcessTransport.java  |  4 +---
 7 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/Outbound.java b/binder/src/main/java/io/grpc/binder/internal/Outbound.java
index f395fe1701f..7db5bf0fbe4 100644
--- a/binder/src/main/java/io/grpc/binder/internal/Outbound.java
+++ b/binder/src/main/java/io/grpc/binder/internal/Outbound.java
@@ -19,7 +19,6 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 import static io.grpc.internal.GrpcUtil.TIMEOUT_KEY;
-import static java.lang.Math.max;
 
 import android.os.Parcel;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
@@ -397,8 +396,7 @@ protected int writeSuffix(Parcel parcel) throws IOException {
     @GuardedBy("this")
     void setDeadline(Deadline deadline) {
       headers.discardAll(TIMEOUT_KEY);
-      long effectiveTimeoutNanos = max(0, deadline.timeRemaining(TimeUnit.NANOSECONDS));
-      headers.put(TIMEOUT_KEY, effectiveTimeoutNanos);
+      headers.put(TIMEOUT_KEY, deadline.timeRemaining(TimeUnit.NANOSECONDS));
     }
   }
 
diff --git a/core/src/main/java/io/grpc/internal/AbstractClientStream.java b/core/src/main/java/io/grpc/internal/AbstractClientStream.java
index bb346657d53..9718f8c5171 100644
--- a/core/src/main/java/io/grpc/internal/AbstractClientStream.java
+++ b/core/src/main/java/io/grpc/internal/AbstractClientStream.java
@@ -21,7 +21,6 @@
 import static io.grpc.internal.GrpcUtil.CONTENT_ENCODING_KEY;
 import static io.grpc.internal.GrpcUtil.MESSAGE_ENCODING_KEY;
 import static io.grpc.internal.GrpcUtil.TIMEOUT_KEY;
-import static java.lang.Math.max;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
@@ -124,8 +123,7 @@ protected AbstractClientStream(
   @Override
   public void setDeadline(Deadline deadline) {
     headers.discardAll(TIMEOUT_KEY);
-    long effectiveTimeout = max(0, deadline.timeRemaining(TimeUnit.NANOSECONDS));
-    headers.put(TIMEOUT_KEY, effectiveTimeout);
+    headers.put(TIMEOUT_KEY, deadline.timeRemaining(TimeUnit.NANOSECONDS));
   }
 
   @Override
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 65c083f10ef..658a6785474 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -651,12 +651,14 @@ public Stopwatch get() {
   static class TimeoutMarshaller implements Metadata.AsciiMarshaller<Long> {
 
     @Override
-    public String toAsciiString(Long timeoutNanos) {
+    public String toAsciiString(Long timeoutNanosObject) {
       long cutoff = 100000000;
+      // Timeout checking is inherently racy. RPCs with timeouts in the past ideally don't even get
+      // here, but if the timeout is expired assume that happened recently and adjust it to the
+      // smallest allowed timeout
+      long timeoutNanos = Math.max(1, timeoutNanosObject);
       TimeUnit unit = TimeUnit.NANOSECONDS;
-      if (timeoutNanos < 0) {
-        throw new IllegalArgumentException("Timeout too small");
-      } else if (timeoutNanos < cutoff) {
+      if (timeoutNanos < cutoff) {
         return timeoutNanos + "n";
       } else if (timeoutNanos < cutoff * 1000L) {
         return unit.toMicros(timeoutNanos) + "u";
diff --git a/core/src/test/java/io/grpc/internal/AbstractClientStreamTest.java b/core/src/test/java/io/grpc/internal/AbstractClientStreamTest.java
index 18fafe6557d..8f14b74035c 100644
--- a/core/src/test/java/io/grpc/internal/AbstractClientStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/AbstractClientStreamTest.java
@@ -465,6 +465,24 @@ allocator, new BaseTransportState(statsTraceCtx, transportTracer), sink, statsTr
         .isGreaterThan(TimeUnit.MILLISECONDS.toNanos(600));
   }
 
+  @Test
+  public void setDeadline_thePastBecomesPositive() {
+    AbstractClientStream.Sink sink = mock(AbstractClientStream.Sink.class);
+    ClientStream stream = new BaseAbstractClientStream(
+        allocator, new BaseTransportState(statsTraceCtx, transportTracer), sink, statsTraceCtx,
+        transportTracer);
+
+    stream.setDeadline(Deadline.after(-1, TimeUnit.NANOSECONDS));
+    stream.start(mockListener);
+
+    ArgumentCaptor<Metadata> headersCaptor = ArgumentCaptor.forClass(Metadata.class);
+    verify(sink).writeHeaders(headersCaptor.capture(), ArgumentMatchers.<byte[]>any());
+
+    Metadata headers = headersCaptor.getValue();
+    assertThat(headers.get(Metadata.Key.of("grpc-timeout", Metadata.ASCII_STRING_MARSHALLER)))
+        .isEqualTo("1n");
+  }
+
   @Test
   public void appendTimeoutInsight() {
     InsightBuilder insight = new InsightBuilder();
diff --git a/core/src/test/java/io/grpc/internal/GrpcUtilTest.java b/core/src/test/java/io/grpc/internal/GrpcUtilTest.java
index 229c593ef80..c243790028c 100644
--- a/core/src/test/java/io/grpc/internal/GrpcUtilTest.java
+++ b/core/src/test/java/io/grpc/internal/GrpcUtilTest.java
@@ -98,8 +98,8 @@ public void timeoutTest() {
     GrpcUtil.TimeoutMarshaller marshaller =
             new GrpcUtil.TimeoutMarshaller();
     // nanos
-    assertEquals("0n", marshaller.toAsciiString(0L));
-    assertEquals(0L, (long) marshaller.parseAsciiString("0n"));
+    assertEquals("1n", marshaller.toAsciiString(1L));
+    assertEquals(1L, (long) marshaller.parseAsciiString("1n"));
 
     assertEquals("99999999n", marshaller.toAsciiString(99999999L));
     assertEquals(99999999L, (long) marshaller.parseAsciiString("99999999n"));
diff --git a/core/src/test/java/io/grpc/internal/ServerImplTest.java b/core/src/test/java/io/grpc/internal/ServerImplTest.java
index 2ddaba751e4..0f18efe078c 100644
--- a/core/src/test/java/io/grpc/internal/ServerImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerImplTest.java
@@ -53,6 +53,7 @@
 import io.grpc.Channel;
 import io.grpc.Compressor;
 import io.grpc.Context;
+import io.grpc.Deadline;
 import io.grpc.Grpc;
 import io.grpc.HandlerRegistry;
 import io.grpc.IntegerMarshaller;
@@ -1146,11 +1147,21 @@ public ServerCall.Listener<String> startCall(
   @Test
   public void testContextExpiredBeforeStreamCreate_StreamCancelNotCalledBeforeSetListener()
       throws Exception {
+    builder.ticker = new Deadline.Ticker() {
+      private long time;
+
+      @Override
+      public long nanoTime() {
+        time += 1000;
+        return time;
+      }
+    };
+
     AtomicBoolean contextCancelled = new AtomicBoolean(false);
     AtomicReference<Context> context = new AtomicReference<>();
     AtomicReference<ServerCall<String, Integer>> callReference = new AtomicReference<>();
 
-    testStreamClose_setup(callReference, context, contextCancelled, 0L);
+    testStreamClose_setup(callReference, context, contextCancelled, 1L);
 
     // This assert that stream.setListener(jumpListener) is called before stream.cancel(), which
     // prevents extremely short deadlines causing NPEs.
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index e294b4eb63f..e31696eb631 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.internal.GrpcUtil.TIMEOUT_KEY;
-import static java.lang.Math.max;
 
 import com.google.common.base.MoreObjects;
 import com.google.common.io.ByteStreams;
@@ -939,8 +938,7 @@ public void setMaxOutboundMessageSize(int maxSize) {}
       @Override
       public void setDeadline(Deadline deadline) {
         headers.discardAll(TIMEOUT_KEY);
-        long effectiveTimeout = max(0, deadline.timeRemaining(TimeUnit.NANOSECONDS));
-        headers.put(TIMEOUT_KEY, effectiveTimeout);
+        headers.put(TIMEOUT_KEY, deadline.timeRemaining(TimeUnit.NANOSECONDS));
       }
 
       @Override

From 94532a6b56076c56fb9278e9195bba1190a9260d Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 10 Jul 2025 14:14:36 -0700
Subject: [PATCH 315/591] binder: Introduce server pre-authorization (#12127)

grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable "keep-alive" and "background activity launch" abuse, even if security policy ultimately decides the connection is unauthorized. Pre-authorization mitigates this kind of abuse by looking up and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.
---
 binder/build.gradle                           |   1 +
 .../internal/BinderClientTransportTest.java   |  85 ++++++++-
 .../java/io/grpc/binder/ApiConstants.java     |  14 ++
 .../io/grpc/binder/BinderChannelBuilder.java  |  29 +++
 .../io/grpc/binder/internal/Bindable.java     |  15 ++
 .../BinderClientTransportFactory.java         |   9 +
 .../grpc/binder/internal/BinderTransport.java |  74 +++++++-
 .../grpc/binder/internal/ServiceBinding.java  |  75 ++++++++
 .../binder/RobolectricBinderSecurityTest.java |  38 +++-
 .../RobolectricBinderTransportTest.java       | 176 ++++++++++++++++--
 .../binder/internal/ServiceBindingTest.java   |  53 +++++-
 .../BinderClientTransportBuilder.java         |  61 ++++++
 .../grpc/internal/AbstractTransportTest.java  |   4 +-
 13 files changed, 598 insertions(+), 36 deletions(-)
 create mode 100644 binder/src/testFixtures/java/io/grpc/binder/internal/BinderClientTransportBuilder.java

diff --git a/binder/build.gradle b/binder/build.gradle
index 3390e02fce7..7ac23750a2a 100644
--- a/binder/build.gradle
+++ b/binder/build.gradle
@@ -72,6 +72,7 @@ dependencies {
     androidTestImplementation testFixtures(project(':grpc-core'))
 
     testFixturesImplementation libraries.guava.testlib
+    testFixturesImplementation testFixtures(project(':grpc-core'))
 }
 
 import net.ltgt.gradle.errorprone.CheckSeverity
diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
index 2af7210e9a7..fe2fd587453 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
@@ -172,6 +172,12 @@ public BinderClientTransportBuilder setReadyTimeoutMillis(int timeoutMillis) {
       return this;
     }
 
+    @CanIgnoreReturnValue
+    public BinderClientTransportBuilder setPreAuthorizeServer(boolean preAuthorizeServer) {
+      factoryBuilder.setPreAuthorizeServers(preAuthorizeServer);
+      return this;
+    }
+
     public BinderTransport.BinderClientTransport build() {
       return factoryBuilder
           .buildClientTransportFactory()
@@ -372,11 +378,12 @@ public void testBlackHoleEndpointConnectTimeout() throws Exception {
   }
 
   @Test
-  public void testBlackHoleSecurityPolicyConnectTimeout() throws Exception {
+  public void testBlackHoleSecurityPolicyAuthTimeout() throws Exception {
     SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
     transport =
         new BinderClientTransportBuilder()
             .setSecurityPolicy(securityPolicy)
+            .setPreAuthorizeServer(false)
             .setReadyTimeoutMillis(1_234)
             .build();
     transport.start(transportListener).run();
@@ -387,15 +394,39 @@ public void testBlackHoleSecurityPolicyConnectTimeout() throws Exception {
     assertThat(transportStatus.getCode()).isEqualTo(Code.DEADLINE_EXCEEDED);
     assertThat(transportStatus.getDescription()).contains("1234");
     transportListener.awaitTermination();
-
     // If the transport gave up waiting on auth, it should cancel its request.
     assertThat(authRequest.isCancelled()).isTrue();
   }
 
   @Test
-  public void testAsyncSecurityPolicyFailure() throws Exception {
+  public void testBlackHoleSecurityPolicyPreAuthTimeout() throws Exception {
     SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
-    transport = new BinderClientTransportBuilder().setSecurityPolicy(securityPolicy).build();
+    transport =
+        new BinderClientTransportBuilder()
+            .setSecurityPolicy(securityPolicy)
+            .setPreAuthorizeServer(true)
+            .setReadyTimeoutMillis(1_234)
+            .build();
+    transport.start(transportListener).run();
+    // Take the next authRequest but don't respond to it, in order to trigger the ready timeout.
+    AuthRequest preAuthRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS);
+
+    Status transportStatus = transportListener.awaitShutdown();
+    assertThat(transportStatus.getCode()).isEqualTo(Code.DEADLINE_EXCEEDED);
+    assertThat(transportStatus.getDescription()).contains("1234");
+    transportListener.awaitTermination();
+    // If the transport gave up waiting on auth, it should cancel its request.
+    assertThat(preAuthRequest.isCancelled()).isTrue();
+  }
+
+  @Test
+  public void testAsyncSecurityPolicyAuthFailure() throws Exception {
+    SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
+    transport =
+        new BinderClientTransportBuilder()
+            .setPreAuthorizeServer(false)
+            .setSecurityPolicy(securityPolicy)
+            .build();
     RuntimeException exception = new NullPointerException();
     transport.start(transportListener).run();
     securityPolicy.takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS).setResult(exception);
@@ -406,15 +437,55 @@ public void testAsyncSecurityPolicyFailure() throws Exception {
   }
 
   @Test
-  public void testAsyncSecurityPolicySuccess() throws Exception {
+  public void testAsyncSecurityPolicyPreAuthFailure() throws Exception {
     SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
-    transport = new BinderClientTransportBuilder().setSecurityPolicy(securityPolicy).build();
+    transport =
+        new BinderClientTransportBuilder()
+            .setPreAuthorizeServer(true)
+            .setSecurityPolicy(securityPolicy)
+            .build();
+    RuntimeException exception = new NullPointerException();
+    transport.start(transportListener).run();
+    securityPolicy.takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS).setResult(exception);
+    Status transportStatus = transportListener.awaitShutdown();
+    assertThat(transportStatus.getCode()).isEqualTo(Code.INTERNAL);
+    assertThat(transportStatus.getCause()).isEqualTo(exception);
+    transportListener.awaitTermination();
+  }
+
+  @Test
+  public void testAsyncSecurityPolicyAuthSuccess() throws Exception {
+    SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
+    transport =
+        new BinderClientTransportBuilder()
+            .setPreAuthorizeServer(false)
+            .setSecurityPolicy(securityPolicy)
+            .build();
+    transport.start(transportListener).run();
+    securityPolicy
+        .takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS)
+        .setResult(Status.PERMISSION_DENIED.withDescription("xyzzy"));
+    Status transportStatus = transportListener.awaitShutdown();
+    assertThat(transportStatus.getCode()).isEqualTo(Code.PERMISSION_DENIED);
+    assertThat(transportStatus.getDescription()).contains("xyzzy");
+    transportListener.awaitTermination();
+  }
+
+  @Test
+  public void testAsyncSecurityPolicyPreAuthSuccess() throws Exception {
+    SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
+    transport =
+        new BinderClientTransportBuilder()
+            .setPreAuthorizeServer(true)
+            .setSecurityPolicy(securityPolicy)
+            .build();
     transport.start(transportListener).run();
     securityPolicy
         .takeNextAuthRequest(TIMEOUT_SECONDS, SECONDS)
-        .setResult(Status.PERMISSION_DENIED);
+        .setResult(Status.PERMISSION_DENIED.withDescription("xyzzy"));
     Status transportStatus = transportListener.awaitShutdown();
     assertThat(transportStatus.getCode()).isEqualTo(Code.PERMISSION_DENIED);
+    assertThat(transportStatus.getDescription()).contains("xyzzy");
     transportListener.awaitTermination();
   }
 
diff --git a/binder/src/main/java/io/grpc/binder/ApiConstants.java b/binder/src/main/java/io/grpc/binder/ApiConstants.java
index 05950a9eaec..462586311c6 100644
--- a/binder/src/main/java/io/grpc/binder/ApiConstants.java
+++ b/binder/src/main/java/io/grpc/binder/ApiConstants.java
@@ -18,6 +18,8 @@
 
 import android.content.Intent;
 import android.os.UserHandle;
+import io.grpc.Attributes;
+import io.grpc.EquivalentAddressGroup;
 import io.grpc.ExperimentalApi;
 import io.grpc.NameResolver;
 
@@ -46,4 +48,16 @@ private ApiConstants() {}
   @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
   public static final NameResolver.Args.Key<UserHandle> TARGET_ANDROID_USER =
       NameResolver.Args.Key.create("target-android-user");
+
+  /**
+   * Lets you override a Channel's pre-auth configuration (see {@link
+   * BinderChannelBuilder#preAuthorizeServers(boolean)}) for a given {@link EquivalentAddressGroup}.
+   *
+   * <p>A {@link NameResolver} that discovers servers from an untrusted source like PackageManager
+   * can use this to force server pre-auth and prevent abuse.
+   */
+  @EquivalentAddressGroup.Attr
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/12191")
+  public static final Attributes.Key<Boolean> PRE_AUTH_SERVER_OVERRIDE =
+      Attributes.Key.create("pre-auth-server-override");
 }
diff --git a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
index f996ee7cdbf..233ec6eac4f 100644
--- a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
+++ b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
@@ -279,6 +279,35 @@ public BinderChannelBuilder strictLifecycleManagement() {
     return this;
   }
 
+  /**
+   * Checks servers against this Channel's {@link SecurityPolicy} *before* binding.
+   *
+   * <p>Android users can be tricked into installing a malicious app with the same package name as a
+   * legitimate server. That's why we don't send calls to a server until it has been authorized by
+   * an appropriate {@link SecurityPolicy}. But merely binding to a malicious server can enable
+   * "keep-alive" and "background activity launch" abuse, even if it's ultimately unauthorized.
+   * Pre-authorization mitigates these threats by performing a preliminary {@link SecurityPolicy}
+   * check against a server app's PackageManager-registered identity without actually creating an
+   * instance of it. This is especially important for security when the server's direct address
+   * isn't known in advance but rather resolved via target URI or discovered by other means.
+   *
+   * <p>Note that, unlike ordinary authorization, pre-authorization is performed against the server
+   * app's UID, not the UID of the process hosting the bound Service. These can be different, most
+   * commonly due to services that set `android:isolatedProcess=true`.
+   *
+   * <p>Pre-authorization is strongly recommended but it remains optional for now because of this
+   * behavior change and the small performance cost.
+   *
+   * <p>The default value of this property is false but it will become true in a future release.
+   * Clients that require a particular behavior should configure it explicitly using this method
+   * rather than relying on the default.
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/12191")
+  public BinderChannelBuilder preAuthorizeServers(boolean preAuthorize) {
+    transportFactoryBuilder.setPreAuthorizeServers(preAuthorize);
+    return this;
+  }
+
   @Override
   public BinderChannelBuilder idleTimeout(long value, TimeUnit unit) {
     checkState(
diff --git a/binder/src/main/java/io/grpc/binder/internal/Bindable.java b/binder/src/main/java/io/grpc/binder/internal/Bindable.java
index 8e1af64b63d..ae0c7284faf 100644
--- a/binder/src/main/java/io/grpc/binder/internal/Bindable.java
+++ b/binder/src/main/java/io/grpc/binder/internal/Bindable.java
@@ -16,10 +16,12 @@
 
 package io.grpc.binder.internal;
 
+import android.content.pm.ServiceInfo;
 import android.os.IBinder;
 import androidx.annotation.AnyThread;
 import androidx.annotation.MainThread;
 import io.grpc.Status;
+import io.grpc.StatusException;
 
 /** An interface for managing a {@code Binder} connection. */
 interface Bindable {
@@ -45,6 +47,19 @@ interface Observer {
     void onUnbound(Status reason);
   }
 
+  /**
+   * Fetches details about the remote Service from PackageManager without binding to it.
+   *
+   * <p>Resolving an untrusted address before binding to it lets you screen out problematic servers
+   * before giving them a chance to run. However, note that the identity/existence of the resolved
+   * Service can change between the time this method returns and the time you actually bind/connect
+   * to it. For example, suppose the target package gets uninstalled or upgraded right after this
+   * method returns. In {@link Observer#onBound}, you should verify that the server you resolved is
+   * the same one you connected to.
+   */
+  @AnyThread
+  ServiceInfo resolve() throws StatusException;
+
   /**
    * Attempt to bind with the remote service.
    *
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
index 3852b21d5c3..ef00f70e35d 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
@@ -55,6 +55,7 @@ public final class BinderClientTransportFactory implements ClientTransportFactor
   final InboundParcelablePolicy inboundParcelablePolicy;
   final OneWayBinderProxy.Decorator binderDecorator;
   final long readyTimeoutMillis;
+  final boolean preAuthorizeServers; // TODO(jdcormie): Default to true.
 
   ScheduledExecutorService executorService;
   Executor offloadExecutor;
@@ -75,6 +76,7 @@ private BinderClientTransportFactory(Builder builder) {
     inboundParcelablePolicy = checkNotNull(builder.inboundParcelablePolicy);
     binderDecorator = checkNotNull(builder.binderDecorator);
     readyTimeoutMillis = builder.readyTimeoutMillis;
+    preAuthorizeServers = builder.preAuthorizeServers;
 
     executorService = scheduledExecutorPool.getObject();
     offloadExecutor = offloadExecutorPool.getObject();
@@ -128,6 +130,7 @@ public static final class Builder implements ClientTransportFactoryBuilder {
     InboundParcelablePolicy inboundParcelablePolicy = InboundParcelablePolicy.DEFAULT;
     OneWayBinderProxy.Decorator binderDecorator = OneWayBinderProxy.IDENTITY_DECORATOR;
     long readyTimeoutMillis = 60_000;
+    boolean preAuthorizeServers;
 
     @Override
     public BinderClientTransportFactory buildClientTransportFactory() {
@@ -216,5 +219,11 @@ public Builder setReadyTimeoutMillis(long readyTimeoutMillis) {
       this.readyTimeoutMillis = readyTimeoutMillis;
       return this;
     }
+
+    /** Whether to check server addresses against the SecurityPolicy *before* binding to them. */
+    public Builder setPreAuthorizeServers(boolean preAuthorizeServers) {
+      this.preAuthorizeServers = preAuthorizeServers;
+      return this;
+    }
   }
 }
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 92a58b91cf0..d87cfb74044 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -19,9 +19,11 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.util.concurrent.Futures.immediateFuture;
+import static io.grpc.binder.ApiConstants.PRE_AUTH_SERVER_OVERRIDE;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 
 import android.content.Context;
+import android.content.pm.ServiceInfo;
 import android.os.Binder;
 import android.os.DeadObjectException;
 import android.os.IBinder;
@@ -78,7 +80,6 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.atomic.AtomicLong;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -574,6 +575,7 @@ public static final class BinderClientTransport extends BinderTransport
 
     private final long readyTimeoutMillis;
     private final PingTracker pingTracker;
+    private final boolean preAuthorizeServer;
 
     @Nullable private ManagedClientTransport.Listener clientTransportListener;
 
@@ -585,6 +587,10 @@ public static final class BinderClientTransport extends BinderTransport
     @GuardedBy("this")
     @Nullable private ListenableFuture<Status> authResultFuture; // null before we check auth.
 
+    @GuardedBy("this")
+    @Nullable
+    private ListenableFuture<Status> preAuthResultFuture; // null before we pre-auth.
+
     /**
      * Constructs a new transport instance.
      *
@@ -609,6 +615,9 @@ public BinderClientTransport(
       this.securityPolicy = factory.securityPolicy;
       this.offloadExecutor = offloadExecutorPool.getObject();
       this.readyTimeoutMillis = factory.readyTimeoutMillis;
+      Boolean preAuthServerOverride = options.getEagAttributes().get(PRE_AUTH_SERVER_OVERRIDE);
+      this.preAuthorizeServer =
+          preAuthServerOverride != null ? preAuthServerOverride : factory.preAuthorizeServers;
       numInUseStreams = new AtomicInteger();
       pingTracker = new PingTracker(Ticker.systemTicker(), (id) -> sendPing(id));
 
@@ -650,7 +659,16 @@ public synchronized Runnable start(ManagedClientTransport.Listener clientTranspo
         synchronized (BinderClientTransport.this) {
           if (inState(TransportState.NOT_STARTED)) {
             setState(TransportState.SETUP);
-            serviceBinding.bind();
+            try {
+              if (preAuthorizeServer) {
+                preAuthorize(serviceBinding.resolve());
+              } else {
+                serviceBinding.bind();
+              }
+            } catch (StatusException e) {
+              shutdownInternal(e.getStatus(), true);
+              return;
+            }
             if (readyTimeoutMillis >= 0) {
               readyTimeoutFuture =
                   getScheduledExecutorService()
@@ -664,6 +682,43 @@ public synchronized Runnable start(ManagedClientTransport.Listener clientTranspo
       };
     }
 
+    @GuardedBy("this")
+    private void preAuthorize(ServiceInfo serviceInfo) {
+      // It's unlikely, but the identity/existence of this Service could change by the time we
+      // actually connect. It doesn't matter though, because:
+      // - If pre-auth fails (but would succeed against the server's new state), the grpc-core layer
+      // will eventually retry using a new transport instance that will see the Service's new state.
+      // - If pre-auth succeeds (but would fail against the server's new state), we might give an
+      // unauthorized server a chance to run, but the connection will still fail by SecurityPolicy
+      // check later in handshake. Pre-auth remains effective at mitigating abuse because malware
+      // can't typically control the exact timing of its installation.
+      preAuthResultFuture = checkServerAuthorizationAsync(serviceInfo.applicationInfo.uid);
+      Futures.addCallback(
+          preAuthResultFuture,
+          new FutureCallback<Status>() {
+            @Override
+            public void onSuccess(Status result) {
+              handlePreAuthResult(result);
+            }
+
+            @Override
+            public void onFailure(Throwable t) {
+              handleAuthResult(t);
+            }
+          },
+          offloadExecutor);
+    }
+
+    private synchronized void handlePreAuthResult(Status authorization) {
+      if (inState(TransportState.SETUP)) {
+        if (!authorization.isOk()) {
+          shutdownInternal(authorization, true);
+        } else {
+          serviceBinding.bind();
+        }
+      }
+    }
+
     private synchronized void onReadyTimeout() {
       if (inState(TransportState.SETUP)) {
         readyTimeoutFuture = null;
@@ -758,6 +813,9 @@ void notifyTerminated() {
         readyTimeoutFuture.cancel(false);
         readyTimeoutFuture = null;
       }
+      if (preAuthResultFuture != null) {
+        preAuthResultFuture.cancel(false); // No effect if already complete.
+      }
       if (authResultFuture != null) {
         authResultFuture.cancel(false);  // No effect if already complete.
       }
@@ -780,11 +838,7 @@ protected void handleSetupTransport(Parcel parcel) {
           shutdownInternal(
               Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
         } else {
-          authResultFuture =
-              (securityPolicy instanceof AsyncSecurityPolicy)
-                  ? ((AsyncSecurityPolicy) securityPolicy).checkAuthorizationAsync(remoteUid)
-                  : Futures.submit(
-                      () -> securityPolicy.checkAuthorization(remoteUid), offloadExecutor);
+          authResultFuture = checkServerAuthorizationAsync(remoteUid);
           Futures.addCallback(
               authResultFuture,
               new FutureCallback<Status>() {
@@ -803,6 +857,12 @@ public void onFailure(Throwable t) {
       }
     }
 
+    private ListenableFuture<Status> checkServerAuthorizationAsync(int remoteUid) {
+      return (securityPolicy instanceof AsyncSecurityPolicy)
+          ? ((AsyncSecurityPolicy) securityPolicy).checkAuthorizationAsync(remoteUid)
+          : Futures.submit(() -> securityPolicy.checkAuthorization(remoteUid), offloadExecutor);
+    }
+
     private synchronized void handleAuthResult(IBinder binder, Status authorization) {
       if (inState(TransportState.SETUP)) {
         if (!authorization.isOk()) {
diff --git a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
index ee171140045..f0cbe9ec56b 100644
--- a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
+++ b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
@@ -23,14 +23,22 @@
 import android.content.Context;
 import android.content.Intent;
 import android.content.ServiceConnection;
+import android.content.pm.PackageManager;
+import android.content.pm.ResolveInfo;
+import android.content.pm.ServiceInfo;
+import android.os.Build;
 import android.os.IBinder;
 import android.os.UserHandle;
 import androidx.annotation.AnyThread;
 import androidx.annotation.MainThread;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.VerifyException;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Status;
+import io.grpc.StatusException;
 import io.grpc.binder.BinderChannelCredentials;
+import java.lang.reflect.Method;
+import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -85,6 +93,8 @@ public String methodName() {
   private final Observer observer;
   private final Executor mainThreadExecutor;
 
+  private static volatile Method queryIntentServicesAsUserMethod;
+
   @GuardedBy("this")
   private State state;
 
@@ -247,6 +257,71 @@ void unbindInternal(Status reason) {
     }
   }
 
+  // Sadly the PackageManager#resolveServiceAsUser() API we need isn't part of the SDK or even a
+  // @SystemApi as of this writing. Modern Android prevents even system apps from calling it, by any
+  // means (https://developer.android.com/guide/app-compatibility/restrictions-non-sdk-interfaces).
+  // So instead we call queryIntentServicesAsUser(), which does more than we need but *is* a
+  // @SystemApi in all the SDK versions where we support cross-user Channels.
+  @Nullable
+  private static ResolveInfo resolveServiceAsUser(
+      PackageManager packageManager, Intent intent, int flags, UserHandle targetUserHandle) {
+    List<ResolveInfo> results =
+        queryIntentServicesAsUser(packageManager, intent, flags, targetUserHandle);
+    // The first query result is "what would be returned by resolveService", per the javadoc.
+    return (results != null && !results.isEmpty()) ? results.get(0) : null;
+  }
+
+  // The cross-user Channel feature requires the client to be a system app so we assume @SystemApi
+  // queryIntentServicesAsUser() is visible to us at runtime. It would be visible at build time too,
+  // if our host system app were written to call it directly. We only have to use reflection here
+  // because grpc-java is a library built outside the Android source tree where the compiler can't
+  // see the "non-SDK" @SystemApis that we need.
+  @Nullable
+  @SuppressWarnings("unchecked") // Safe by PackageManager#queryIntentServicesAsUser spec in AOSP.
+  private static List<ResolveInfo> queryIntentServicesAsUser(
+      PackageManager packageManager, Intent intent, int flags, UserHandle targetUserHandle) {
+    try {
+      if (queryIntentServicesAsUserMethod == null) {
+        synchronized (ServiceBinding.class) {
+          if (queryIntentServicesAsUserMethod == null) {
+            queryIntentServicesAsUserMethod =
+                PackageManager.class.getMethod(
+                    "queryIntentServicesAsUser", Intent.class, int.class, UserHandle.class);
+          }
+        }
+      }
+      return (List<ResolveInfo>)
+          queryIntentServicesAsUserMethod.invoke(packageManager, intent, flags, targetUserHandle);
+    } catch (ReflectiveOperationException e) {
+      throw new VerifyException(e);
+    }
+  }
+
+  @AnyThread
+  @Override
+  public ServiceInfo resolve() throws StatusException {
+    checkState(sourceContext != null);
+    PackageManager packageManager = sourceContext.getPackageManager();
+    int flags = 0;
+    if (Build.VERSION.SDK_INT >= 29) {
+      // Filter out non-'directBootAware' <service>s when 'targetUserHandle' is locked. Here's why:
+      // Callers want 'bindIntent' to #resolve() to the same thing a follow-up call to #bind() will.
+      // But bindService() *always* ignores services that can't presently be created for lack of
+      // 'directBootAware'-ness. This flag explicitly tells resolveService() to act the same way.
+      flags |= PackageManager.MATCH_DIRECT_BOOT_AUTO;
+    }
+    ResolveInfo resolveInfo =
+        targetUserHandle != null
+            ? resolveServiceAsUser(packageManager, bindIntent, flags, targetUserHandle)
+            : packageManager.resolveService(bindIntent, flags);
+    if (resolveInfo == null) {
+      throw Status.UNIMPLEMENTED // Same status code as when bindService() returns false.
+          .withDescription("resolveService(" + bindIntent + " / " + targetUserHandle + ") was null")
+          .asException();
+    }
+    return resolveInfo.serviceInfo;
+  }
+
   @MainThread
   private void clearReferences() {
     sourceContext = null;
diff --git a/binder/src/test/java/io/grpc/binder/RobolectricBinderSecurityTest.java b/binder/src/test/java/io/grpc/binder/RobolectricBinderSecurityTest.java
index 16f06ad81c9..ffd1d89e69c 100644
--- a/binder/src/test/java/io/grpc/binder/RobolectricBinderSecurityTest.java
+++ b/binder/src/test/java/io/grpc/binder/RobolectricBinderSecurityTest.java
@@ -22,7 +22,13 @@
 import static org.robolectric.Shadows.shadowOf;
 
 import android.app.Application;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
+import android.content.pm.ServiceInfo;
 import androidx.test.core.app.ApplicationProvider;
+import androidx.test.core.content.pm.ApplicationInfoBuilder;
+import androidx.test.core.content.pm.PackageInfoBuilder;
+import com.google.common.collect.ImmutableList;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
@@ -46,11 +52,13 @@
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.robolectric.RobolectricTestRunner;
+import org.robolectric.ParameterizedRobolectricTestRunner;
+import org.robolectric.ParameterizedRobolectricTestRunner.Parameter;
+import org.robolectric.ParameterizedRobolectricTestRunner.Parameters;
 import org.robolectric.annotation.LooperMode;
 import org.robolectric.annotation.LooperMode.Mode;
 
-@RunWith(RobolectricTestRunner.class)
+@RunWith(ParameterizedRobolectricTestRunner.class)
 @LooperMode(Mode.INSTRUMENTATION_TEST)
 public final class RobolectricBinderSecurityTest {
 
@@ -62,10 +70,33 @@ public final class RobolectricBinderSecurityTest {
   private ManagedChannel channel;
   private Server server;
 
+  @Parameter public boolean preAuthServersParam;
+
+  @Parameters(name = "preAuthServersParam={0}")
+  public static ImmutableList<Boolean> data() {
+    return ImmutableList.of(true, false);
+  }
+
   @Before
   public void setUp() {
+    ApplicationInfo serverAppInfo =
+        ApplicationInfoBuilder.newBuilder().setPackageName(context.getPackageName()).build();
+    serverAppInfo.uid = android.os.Process.myUid();
+    PackageInfo serverPkgInfo =
+        PackageInfoBuilder.newBuilder()
+            .setPackageName(serverAppInfo.packageName)
+            .setApplicationInfo(serverAppInfo)
+            .build();
+    shadowOf(context.getPackageManager()).installPackage(serverPkgInfo);
+
+    ServiceInfo serviceInfo = new ServiceInfo();
+    serviceInfo.name = "SomeService";
+    serviceInfo.packageName = serverAppInfo.packageName;
+    serviceInfo.applicationInfo = serverAppInfo;
+    shadowOf(context.getPackageManager()).addOrUpdateService(serviceInfo);
+
     AndroidComponentAddress listenAddress =
-        AndroidComponentAddress.forRemoteComponent(context.getPackageName(), "HostService");
+        AndroidComponentAddress.forRemoteComponent(serviceInfo.packageName, serviceInfo.name);
 
     MethodDescriptor<Empty, Empty> methodDesc = getMethodDescriptor();
     ServerCallHandler<Empty, Empty> callHandler =
@@ -110,6 +141,7 @@ public ListenableFuture<Status> checkAuthorizationAsync(int uid) {
             checkNotNull(binderReceiver.get()));
     channel =
         BinderChannelBuilder.forAddress(listenAddress, context)
+            .preAuthorizeServers(preAuthServersParam)
             .build();
   }
 
diff --git a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
index 7d336067842..7275c47d51c 100644
--- a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
@@ -16,13 +16,29 @@
 
 package io.grpc.binder.internal;
 
+import static com.google.common.truth.Truth.assertThat;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.timeout;
+import static org.mockito.Mockito.verify;
 import static org.robolectric.Shadows.shadowOf;
 
 import android.app.Application;
 import android.content.Intent;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
+import android.content.pm.ServiceInfo;
 import androidx.test.core.app.ApplicationProvider;
+import androidx.test.core.content.pm.ApplicationInfoBuilder;
+import androidx.test.core.content.pm.PackageInfoBuilder;
+import com.google.common.collect.ImmutableList;
+import io.grpc.Attributes;
 import io.grpc.ServerStreamTracer;
+import io.grpc.Status;
 import io.grpc.binder.AndroidComponentAddress;
+import io.grpc.binder.ApiConstants;
+import io.grpc.binder.AsyncSecurityPolicy;
+import io.grpc.binder.internal.SettableAsyncSecurityPolicy.AuthRequest;
 import io.grpc.internal.AbstractTransportTest;
 import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
 import io.grpc.internal.GrpcUtil;
@@ -33,12 +49,20 @@
 import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
+import org.junit.Before;
 import org.junit.Ignore;
+import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.robolectric.RobolectricTestRunner;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+import org.robolectric.ParameterizedRobolectricTestRunner;
+import org.robolectric.ParameterizedRobolectricTestRunner.Parameter;
+import org.robolectric.ParameterizedRobolectricTestRunner.Parameters;
 import org.robolectric.annotation.LooperMode;
 import org.robolectric.annotation.LooperMode.Mode;
+import org.robolectric.shadows.ShadowBinder;
 
 /**
  * All of the AbstractTransportTest cases applied to {@link BinderTransport} running in a
@@ -52,7 +76,7 @@
  * meaning test cases don't run on the main thread. This supports the AbstractTransportTest approach
  * where the test thread frequently blocks waiting for transport state changes to take effect.
  */
-@RunWith(RobolectricTestRunner.class)
+@RunWith(ParameterizedRobolectricTestRunner.class)
 @LooperMode(Mode.INSTRUMENTATION_TEST)
 public final class RobolectricBinderTransportTest extends AbstractTransportTest {
 
@@ -64,14 +88,57 @@ public final class RobolectricBinderTransportTest extends AbstractTransportTest
   private final ObjectPool<Executor> serverExecutorPool =
       SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR);
 
+  @Rule public MockitoRule mocks = MockitoJUnit.rule();
+
+  @Mock AsyncSecurityPolicy mockClientSecurityPolicy;
+
+  ApplicationInfo serverAppInfo;
+  PackageInfo serverPkgInfo;
+  ServiceInfo serviceInfo;
+
   private int nextServerAddress;
 
+  @Parameter public boolean preAuthServersParam;
+
+  @Parameters(name = "preAuthServersParam={0}")
+  public static ImmutableList<Boolean> data() {
+    return ImmutableList.of(true, false);
+  }
+
+  @Override
+  public void setUp() {
+    serverAppInfo =
+        ApplicationInfoBuilder.newBuilder().setPackageName("the.server.package").build();
+    serverAppInfo.uid = android.os.Process.myUid();
+    serverPkgInfo =
+        PackageInfoBuilder.newBuilder()
+            .setPackageName(serverAppInfo.packageName)
+            .setApplicationInfo(serverAppInfo)
+            .build();
+    shadowOf(application.getPackageManager()).installPackage(serverPkgInfo);
+
+    serviceInfo = new ServiceInfo();
+    serviceInfo.name = "SomeService";
+    serviceInfo.packageName = serverAppInfo.packageName;
+    serviceInfo.applicationInfo = serverAppInfo;
+    shadowOf(application.getPackageManager()).addOrUpdateService(serviceInfo);
+
+    super.setUp();
+  }
+
+  @Before
+  public void requestRealisticBindServiceBehavior() {
+    shadowOf(application).setBindServiceCallsOnServiceConnectedDirectly(false);
+    shadowOf(application).setUnbindServiceCallsOnServiceDisconnected(false);
+  }
+
   @Override
   protected InternalServer newServer(List<ServerStreamTracer.Factory> streamTracerFactories) {
-    AndroidComponentAddress listenAddr = AndroidComponentAddress.forBindIntent(
-        new Intent()
-            .setClassName(application.getPackageName(), "HostService")
-            .setAction("io.grpc.action.BIND." + nextServerAddress++));
+    AndroidComponentAddress listenAddr =
+        AndroidComponentAddress.forBindIntent(
+            new Intent()
+                .setClassName(serviceInfo.packageName, serviceInfo.name)
+                .setAction("io.grpc.action.BIND." + nextServerAddress++));
 
     BinderServer binderServer =
         new BinderServer.Builder()
@@ -81,6 +148,7 @@ protected InternalServer newServer(List<ServerStreamTracer.Factory> streamTracer
             .setStreamTracerFactories(streamTracerFactories)
             .build();
 
+    shadowOf(application.getPackageManager()).addServiceIfNotPresent(listenAddr.getComponent());
     shadowOf(application)
         .setComponentNameAndServiceForBindServiceForIntent(
             listenAddr.asBindIntent(), listenAddr.getComponent(), binderServer.getHostBinder());
@@ -97,22 +165,30 @@ protected InternalServer newServer(
     return newServer(streamTracerFactories);
   }
 
+  BinderClientTransportFactory.Builder newClientTransportFactoryBuilder() {
+    return new BinderClientTransportFactory.Builder()
+        .setPreAuthorizeServers(preAuthServersParam)
+        .setSourceContext(application)
+        .setScheduledExecutorPool(executorServicePool)
+        .setOffloadExecutorPool(offloadExecutorPool);
+  }
+
+  BinderClientTransportBuilder newClientTransportBuilder() {
+    return new BinderClientTransportBuilder()
+        .setFactory(newClientTransportFactoryBuilder().buildClientTransportFactory())
+        .setServerAddress(server.getListenSocketAddress());
+  }
+
   @Override
   protected ManagedClientTransport newClientTransport(InternalServer server) {
-    BinderClientTransportFactory.Builder builder =
-        new BinderClientTransportFactory.Builder()
-            .setSourceContext(application)
-            .setScheduledExecutorPool(executorServicePool)
-            .setOffloadExecutorPool(offloadExecutorPool);
-
     ClientTransportOptions options = new ClientTransportOptions();
     options.setEagAttributes(eagAttrs());
     options.setChannelLogger(transportLogger());
 
-    return new BinderTransport.BinderClientTransport(
-        builder.buildClientTransportFactory(),
-        (AndroidComponentAddress) server.getListenSocketAddress(),
-        options);
+    return newClientTransportBuilder()
+        .setServerAddress(server.getListenSocketAddress())
+        .setOptions(options)
+        .build();
   }
 
   @Override
@@ -120,6 +196,74 @@ protected String testAuthority(InternalServer server) {
     return ((AndroidComponentAddress) server.getListenSocketAddress()).getAuthority();
   }
 
+  @Test
+  public void clientAuthorizesServerUidsInOrder() throws Exception {
+    // TODO(jdcormie): In real Android, Binder#getCallingUid is thread-local but Robolectric only
+    //  lets us fake value this *globally*. So the ShadowBinder#setCallingUid() here unrealistically
+    //  affects the server's view of the client's uid too. For now this doesn't matter because this
+    //  test never exercises server SecurityPolicy.
+    ShadowBinder.setCallingUid(11111); // UID of the server *process*.
+
+    serverPkgInfo.applicationInfo.uid = 22222; // UID of the server *app*, which can be different.
+    shadowOf(application.getPackageManager()).installPackage(serverPkgInfo);
+    shadowOf(application.getPackageManager()).addOrUpdateService(serviceInfo);
+    server = newServer(ImmutableList.of());
+    server.start(serverListener);
+
+    SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
+    client =
+        newClientTransportBuilder()
+            .setFactory(
+                newClientTransportFactoryBuilder()
+                    .setSecurityPolicy(securityPolicy)
+                    .buildClientTransportFactory())
+            .build();
+    runIfNotNull(client.start(mockClientTransportListener));
+
+    if (preAuthServersParam) {
+      AuthRequest preAuthRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_MS, MILLISECONDS);
+      assertThat(preAuthRequest.uid).isEqualTo(22222);
+      verify(mockClientTransportListener, never()).transportReady();
+      preAuthRequest.setResult(Status.OK);
+    }
+
+    AuthRequest authRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_MS, MILLISECONDS);
+    assertThat(authRequest.uid).isEqualTo(11111);
+    verify(mockClientTransportListener, never()).transportReady();
+    authRequest.setResult(Status.OK);
+
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportReady();
+  }
+
+  @Test
+  public void eagAttributeCanOverrideChannelPreAuthServerSetting() throws Exception {
+    server.start(serverListener);
+    SettableAsyncSecurityPolicy securityPolicy = new SettableAsyncSecurityPolicy();
+    ClientTransportOptions options = new ClientTransportOptions();
+    options.setEagAttributes(
+        Attributes.newBuilder().set(ApiConstants.PRE_AUTH_SERVER_OVERRIDE, true).build());
+    client =
+        newClientTransportBuilder()
+            .setOptions(options)
+            .setFactory(
+                newClientTransportFactoryBuilder()
+                    .setPreAuthorizeServers(preAuthServersParam) // To be overridden.
+                    .setSecurityPolicy(securityPolicy)
+                    .buildClientTransportFactory())
+            .build();
+    runIfNotNull(client.start(mockClientTransportListener));
+
+    AuthRequest preAuthRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_MS, MILLISECONDS);
+    verify(mockClientTransportListener, never()).transportReady();
+    preAuthRequest.setResult(Status.OK);
+
+    AuthRequest authRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_MS, MILLISECONDS);
+    verify(mockClientTransportListener, never()).transportReady();
+    authRequest.setResult(Status.OK);
+
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportReady();
+  }
+
   @Test
   @Ignore("See BinderTransportTest#socketStats.")
   @Override
diff --git a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
index b0ad35e6806..bd51c522d15 100644
--- a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
@@ -19,6 +19,7 @@
 import static android.content.Context.BIND_AUTO_CREATE;
 import static android.os.Looper.getMainLooper;
 import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.fail;
 import static org.robolectric.Shadows.shadowOf;
 
@@ -27,6 +28,7 @@
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
+import android.content.pm.ServiceInfo;
 import android.os.IBinder;
 import android.os.Parcel;
 import android.os.UserHandle;
@@ -34,6 +36,7 @@
 import androidx.test.core.app.ApplicationProvider;
 import io.grpc.Status;
 import io.grpc.Status.Code;
+import io.grpc.StatusException;
 import io.grpc.binder.BinderChannelCredentials;
 import io.grpc.binder.internal.Bindable.Observer;
 import java.util.Arrays;
@@ -59,6 +62,7 @@ public final class ServiceBindingTest {
 
   private Application appContext;
   private ComponentName serviceComponent;
+  private ServiceInfo serviceInfo = new ServiceInfo();
   private ShadowApplication shadowApplication;
   private TestObserver observer;
   private ServiceBinding binding;
@@ -67,13 +71,17 @@ public final class ServiceBindingTest {
   public void setUp() {
     appContext = ApplicationProvider.getApplicationContext();
     serviceComponent = new ComponentName("DUMMY", "SERVICE");
+    serviceInfo.packageName = serviceComponent.getPackageName();
+    serviceInfo.name = serviceComponent.getClassName();
     observer = new TestObserver();
 
     shadowApplication = shadowOf(appContext);
     shadowApplication.setComponentNameAndServiceForBindService(serviceComponent, mockBinder);
+    shadowOf(appContext.getPackageManager()).addOrUpdateService(serviceInfo);
 
     // Don't call onServiceDisconnected() upon unbindService(), just like the real Android doesn't.
     shadowApplication.setUnbindServiceCallsOnServiceDisconnected(false);
+    shadowApplication.setBindServiceCallsOnServiceConnectedDirectly(false);
 
     binding = newBuilder().build();
     shadowOf(getMainLooper()).idle();
@@ -276,6 +284,49 @@ public void testBindWithTargetUserHandle() throws Exception {
     assertThat(binding.isSourceContextCleared()).isFalse();
   }
 
+  @Test
+  public void testResolve() throws Exception {
+    serviceInfo.processName = "x"; // ServiceInfo has no equals() so look for one distinctive field.
+    shadowOf(appContext.getPackageManager()).addOrUpdateService(serviceInfo);
+    ServiceInfo resolvedServiceInfo = binding.resolve();
+    assertThat(resolvedServiceInfo.processName).isEqualTo(serviceInfo.processName);
+  }
+
+  @Test
+  @Config(sdk = 33)
+  public void testResolveWithTargetUserHandle() throws Exception {
+    serviceInfo.processName = "x"; // ServiceInfo has no equals() so look for one distinctive field.
+    // Robolectric just ignores the user arg to resolveServiceAsUser() so this is all we can do.
+    shadowOf(appContext.getPackageManager()).addOrUpdateService(serviceInfo);
+    binding = newBuilder().setTargetUserHandle(generateUserHandle(/* userId= */ 0)).build();
+    ServiceInfo resolvedServiceInfo = binding.resolve();
+    assertThat(resolvedServiceInfo.processName).isEqualTo(serviceInfo.processName);
+  }
+
+  @Test
+  public void testResolveNonExistentServiceThrows() throws Exception {
+    ComponentName doesNotExistService = new ComponentName("does.not.exist", "NoService");
+    binding = newBuilder().setTargetComponent(doesNotExistService).build();
+    StatusException statusException = assertThrows(StatusException.class, binding::resolve);
+    assertThat(statusException.getStatus().getCode()).isEqualTo(Code.UNIMPLEMENTED);
+    assertThat(statusException.getStatus().getDescription()).contains("does.not.exist");
+  }
+
+  @Test
+  @Config(sdk = 33)
+  public void testResolveNonExistentServiceWithTargetUserThrows() throws Exception {
+    ComponentName doesNotExistService = new ComponentName("does.not.exist", "NoService");
+    binding =
+        newBuilder()
+            .setTargetUserHandle(generateUserHandle(/* userId= */ 12345))
+            .setTargetComponent(doesNotExistService)
+            .build();
+    StatusException statusException = assertThrows(StatusException.class, binding::resolve);
+    assertThat(statusException.getStatus().getCode()).isEqualTo(Code.UNIMPLEMENTED);
+    assertThat(statusException.getStatus().getDescription()).contains("does.not.exist");
+    assertThat(statusException.getStatus().getDescription()).contains("12345");
+  }
+
   @Test
   @Config(sdk = 30)
   public void testBindWithDeviceAdmin() throws Exception {
@@ -284,7 +335,7 @@ public void testBindWithDeviceAdmin() throws Exception {
     allowBindDeviceAdminForUser(appContext, adminComponent, /* userId= */ 0);
     binding =
         newBuilder()
-            .setTargetUserHandle(UserHandle.getUserHandleForUid(/* userId= */ 0))
+            .setTargetUserHandle(UserHandle.getUserHandleForUid(/* uid= */ 0))
             .setTargetUserHandle(generateUserHandle(/* userId= */ 0))
             .setChannelCredentials(BinderChannelCredentials.forDevicePolicyAdmin(adminComponent))
             .build();
diff --git a/binder/src/testFixtures/java/io/grpc/binder/internal/BinderClientTransportBuilder.java b/binder/src/testFixtures/java/io/grpc/binder/internal/BinderClientTransportBuilder.java
new file mode 100644
index 00000000000..e98daeec3ed
--- /dev/null
+++ b/binder/src/testFixtures/java/io/grpc/binder/internal/BinderClientTransportBuilder.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.binder.internal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import io.grpc.ChannelLogger;
+import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
+import io.grpc.internal.TestUtils.NoopChannelLogger;
+import java.net.SocketAddress;
+
+/**
+ * Helps unit tests create {@link BinderTransport.BinderClientTransport} instances without having to
+ * mention irrelevant details (go/tott/719).
+ */
+public class BinderClientTransportBuilder {
+  private BinderClientTransportFactory factory;
+  private SocketAddress serverAddress;
+  private ChannelLogger channelLogger = new NoopChannelLogger();
+  private io.grpc.internal.ClientTransportFactory.ClientTransportOptions options =
+      new ClientTransportOptions();
+
+  public BinderClientTransportBuilder setServerAddress(SocketAddress serverAddress) {
+    this.serverAddress = checkNotNull(serverAddress);
+    return this;
+  }
+
+  public BinderClientTransportBuilder setChannelLogger(ChannelLogger channelLogger) {
+    this.channelLogger = checkNotNull(channelLogger);
+    return this;
+  }
+
+  public BinderClientTransportBuilder setOptions(ClientTransportOptions options) {
+    this.options = checkNotNull(options);
+    return this;
+  }
+
+  public BinderClientTransportBuilder setFactory(BinderClientTransportFactory factory) {
+    this.factory = checkNotNull(factory);
+    return this;
+  }
+
+  public BinderTransport.BinderClientTransport build() {
+    return factory.newClientTransport(
+        checkNotNull(serverAddress), checkNotNull(options), checkNotNull(channelLogger));
+  }
+}
diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index ea7f1723e64..c60174b2faf 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -92,7 +92,7 @@ public abstract class AbstractTransportTest {
    */
   public static final int TEST_FLOW_CONTROL_WINDOW = 65 * 1024;
 
-  private static final int TIMEOUT_MS = 5000;
+  protected static final int TIMEOUT_MS = 5000;
 
   protected static final String GRPC_EXPERIMENTAL_SUPPORT_TRACING_MESSAGE_SIZES =
       "GRPC_EXPERIMENTAL_SUPPORT_TRACING_MESSAGE_SIZES";
@@ -2163,7 +2163,7 @@ static boolean waitForFuture(Future<?> future, long timeout, TimeUnit unit)
     return true;
   }
 
-  private static void runIfNotNull(Runnable runnable) {
+  protected static void runIfNotNull(Runnable runnable) {
     if (runnable != null) {
       runnable.run();
     }

From 01bd63d88fbe07f06a7c28854d6db090a554ee94 Mon Sep 17 00:00:00 2001
From: Richard Belleville <gnossen@gmail.com>
Date: Fri, 11 Jul 2025 15:07:00 -0700
Subject: [PATCH 316/591] Remove inactive maintainers (#12187)

---
 MAINTAINERS.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS.md b/MAINTAINERS.md
index f1c07ccd6f2..5048c7c5aca 100644
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -11,8 +11,6 @@ for general contribution guidelines.
 - [ejona86](https://github.com/ejona86), Google LLC
 - [jdcormie](https://github.com/jdcormie), Google LLC
 - [kannanjgithub](https://github.com/kannanjgithub), Google LLC
-- [larry-safran](https://github.com/larry-safran), Google LLC
-- [markb74](https://github.com/markb74), Google LLC
 - [ran-su](https://github.com/ran-su), Google LLC
 - [sergiitk](https://github.com/sergiitk), Google LLC
 - [temawi](https://github.com/temawi), Google LLC
@@ -26,7 +24,9 @@ for general contribution guidelines.
 - [ericgribkoff](https://github.com/ericgribkoff)
 - [jiangtaoli2016](https://github.com/jiangtaoli2016)
 - [jtattermusch](https://github.com/jtattermusch)
+- [larry-safran](https://github.com/larry-safran)
 - [louiscryan](https://github.com/louiscryan)
+- [markb74](https://github.com/markb74)
 - [nicolasnoble](https://github.com/nicolasnoble)
 - [nmittler](https://github.com/nmittler)
 - [sanjaypujare](https://github.com/sanjaypujare)

From 9d191b31b57a0076a806073871be034f6ae4bea3 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 11 Jul 2025 16:28:47 -0700
Subject: [PATCH 317/591] xds: Check isHttp11ProxyAvailable in equals()

This fixes an equals/hashCode bug introduced in 12197065fe.

Discovered when investigating b/430347751
---
 .../ClusterResolverLoadBalancerProvider.java  |  6 +++--
 .../xds/ClusterResolverLoadBalancerTest.java  | 22 +++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
index b5dcb271368..27a884b1f4f 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
@@ -89,7 +89,7 @@ boolean isHttp11ProxyAvailable() {
 
     @Override
     public int hashCode() {
-      return Objects.hash(discoveryMechanisms, lbConfig);
+      return Objects.hash(discoveryMechanisms, lbConfig, isHttp11ProxyAvailable);
     }
 
     @Override
@@ -102,7 +102,8 @@ public boolean equals(Object o) {
       }
       ClusterResolverConfig that = (ClusterResolverConfig) o;
       return discoveryMechanisms.equals(that.discoveryMechanisms)
-          && lbConfig.equals(that.lbConfig);
+          && lbConfig.equals(that.lbConfig)
+          && isHttp11ProxyAvailable == that.isHttp11ProxyAvailable;
     }
 
     @Override
@@ -110,6 +111,7 @@ public String toString() {
       return MoreObjects.toStringHelper(this)
           .add("discoveryMechanisms", discoveryMechanisms)
           .add("lbConfig", lbConfig)
+          .add("isHttp11ProxyAvailable", isHttp11ProxyAvailable)
           .toString();
     }
 
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index d701f281c01..395662cd93c 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -32,6 +32,7 @@
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
+import com.google.common.testing.EqualsTester;
 import io.grpc.Attributes;
 import io.grpc.ChannelLogger;
 import io.grpc.ConnectivityState;
@@ -1199,6 +1200,27 @@ public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThroug
         any(ConnectivityState.class), any(SubchannelPicker.class));
   }
 
+  @Test
+  public void config_equalsTester() {
+    new EqualsTester()
+        .addEqualityGroup(
+            new ClusterResolverConfig(
+                Collections.singletonList(edsDiscoveryMechanism1), leastRequest, false),
+            new ClusterResolverConfig(
+                Collections.singletonList(edsDiscoveryMechanism1), leastRequest, false))
+        .addEqualityGroup(new ClusterResolverConfig(
+            Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false))
+        .addEqualityGroup(new ClusterResolverConfig(
+            Collections.singletonList(edsDiscoveryMechanism1), leastRequest, true))
+        .addEqualityGroup(new ClusterResolverConfig(
+            Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection),
+            leastRequest,
+            false))
+        .addEqualityGroup(new ClusterResolverConfig(
+            Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), leastRequest, false))
+        .testEquals();
+  }
+
   private void deliverLbConfig(ClusterResolverConfig config) {
     loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()

From a8de9f07ab831686da026ec067370a6e0c5489f1 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 11 Jul 2025 16:49:06 -0700
Subject: [PATCH 318/591] xds: Implement equals in RingHashConfig

Lack of equals causes cluster_resolver to consider every update a
different configuration and restart itself.

b/430347751
---
 .../java/io/grpc/xds/RingHashLoadBalancer.java  | 17 +++++++++++++++++
 .../io/grpc/xds/RingHashLoadBalancerTest.java   | 14 ++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
index 4f314e5391a..96ce5b97024 100644
--- a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
@@ -51,6 +51,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Collectors;
 import javax.annotation.Nullable;
@@ -523,6 +524,22 @@ static final class RingHashConfig {
       this.requestHashHeader = requestHashHeader;
     }
 
+    @Override
+    public boolean equals(Object o) {
+      if (!(o instanceof RingHashConfig)) {
+        return false;
+      }
+      RingHashConfig that = (RingHashConfig) o;
+      return this.minRingSize == that.minRingSize
+          && this.maxRingSize == that.maxRingSize
+          && Objects.equals(this.requestHashHeader, that.requestHashHeader);
+    }
+
+    @Override
+    public int hashCode() {
+      return Objects.hash(minRingSize, maxRingSize, requestHashHeader);
+    }
+
     @Override
     public String toString() {
       return MoreObjects.toStringHelper(this)
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
index f27cb772d03..fc5f21156dd 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
@@ -42,6 +42,7 @@
 
 import com.google.common.collect.Iterables;
 import com.google.common.primitives.UnsignedInteger;
+import com.google.common.testing.EqualsTester;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.ConnectivityState;
@@ -1113,6 +1114,19 @@ protected Helper delegate() {
     assertThat(picks).containsExactly(subchannel1);
   }
 
+  @Test
+  public void config_equalsTester() {
+    new EqualsTester()
+        .addEqualityGroup(
+            new RingHashConfig(1, 2, "headerA"),
+            new RingHashConfig(1, 2, "headerA"))
+        .addEqualityGroup(new RingHashConfig(1, 1, "headerA"))
+        .addEqualityGroup(new RingHashConfig(2, 2, "headerA"))
+        .addEqualityGroup(new RingHashConfig(1, 2, "headerB"))
+        .addEqualityGroup(new RingHashConfig(1, 2, ""))
+        .testEquals();
+  }
+
   private List<Subchannel> initializeLbSubchannels(RingHashConfig config,
       List<EquivalentAddressGroup> servers, InitializationFlags... initFlags) {
 

From 5a8326f1c794d273663f4cf442e50424210f15bc Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 15 Jul 2025 15:33:02 +0530
Subject: [PATCH 319/591] xds: add "resource_timer_is_transient_failure" server
 feature (#12063)

---
 .../java/io/grpc/xds/client/Bootstrapper.java |   9 +-
 .../io/grpc/xds/client/BootstrapperImpl.java  |  14 +-
 .../java/io/grpc/xds/client/XdsClient.java    |   6 +-
 .../io/grpc/xds/client/XdsClientImpl.java     |  20 ++-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |   2 +-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 160 +++++++++++++++---
 .../java/io/grpc/xds/XdsNameResolverTest.java |   4 +-
 .../client/CommonBootstrapperTestUtils.java   |   2 +-
 8 files changed, 176 insertions(+), 41 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
index 90babd1e8d0..4fa75f6b335 100644
--- a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
+++ b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
@@ -63,17 +63,20 @@ public abstract static class ServerInfo {
 
     public abstract boolean isTrustedXdsServer();
 
+    public abstract boolean resourceTimerIsTransientError();
+
     @VisibleForTesting
     public static ServerInfo create(String target, @Nullable Object implSpecificConfig) {
-      return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig, false, false);
+      return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
+          false, false, false);
     }
 
     @VisibleForTesting
     public static ServerInfo create(
         String target, Object implSpecificConfig, boolean ignoreResourceDeletion,
-        boolean isTrustedXdsServer) {
+        boolean isTrustedXdsServer, boolean resourceTimerIsTransientError) {
       return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
-          ignoreResourceDeletion, isTrustedXdsServer);
+          ignoreResourceDeletion, isTrustedXdsServer, resourceTimerIsTransientError);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index c00685f1781..423c1a118e8 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -43,6 +43,8 @@ public abstract class BootstrapperImpl extends Bootstrapper {
 
   public static final String GRPC_EXPERIMENTAL_XDS_FALLBACK =
       "GRPC_EXPERIMENTAL_XDS_FALLBACK";
+  public static final String GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING =
+      "GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING";
 
   // Client features.
   @VisibleForTesting
@@ -54,10 +56,16 @@ public abstract class BootstrapperImpl extends Bootstrapper {
   // Server features.
   private static final String SERVER_FEATURE_IGNORE_RESOURCE_DELETION = "ignore_resource_deletion";
   private static final String SERVER_FEATURE_TRUSTED_XDS_SERVER = "trusted_xds_server";
+  private static final String
+      SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR = "resource_timer_is_transient_error";
 
   @VisibleForTesting
   static boolean enableXdsFallback = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_FALLBACK, true);
 
+  @VisibleForTesting
+  public static boolean xdsDataErrorHandlingEnabled
+      = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING, false);
+
   protected final XdsLogger logger;
 
   protected FileReader reader = LocalFileReader.INSTANCE;
@@ -247,6 +255,7 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
 
       Object implSpecificConfig = getImplSpecificConfig(serverConfig, serverUri);
 
+      boolean resourceTimerIsTransientError = false;
       boolean ignoreResourceDeletion = false;
       // "For forward compatibility reasons, the client will ignore any entry in the list that it
       // does not understand, regardless of type."
@@ -254,11 +263,14 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
       if (serverFeatures != null) {
         logger.log(XdsLogLevel.INFO, "Server features: {0}", serverFeatures);
         ignoreResourceDeletion = serverFeatures.contains(SERVER_FEATURE_IGNORE_RESOURCE_DELETION);
+        resourceTimerIsTransientError = xdsDataErrorHandlingEnabled
+            && serverFeatures.contains(SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR);
       }
       servers.add(
           ServerInfo.create(serverUri, implSpecificConfig, ignoreResourceDeletion,
               serverFeatures != null
-                  && serverFeatures.contains(SERVER_FEATURE_TRUSTED_XDS_SERVER)));
+                  && serverFeatures.contains(SERVER_FEATURE_TRUSTED_XDS_SERVER),
+              resourceTimerIsTransientError));
     }
     return servers.build();
   }
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index edbb0b2d74c..e2dd4169bca 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -199,6 +199,10 @@ public static ResourceMetadata newResourceMetadataDoesNotExist() {
       return new ResourceMetadata(ResourceMetadataStatus.DOES_NOT_EXIST, "", 0, false, null, null);
     }
 
+    public static ResourceMetadata newResourceMetadataTimeout() {
+      return new ResourceMetadata(ResourceMetadataStatus.TIMEOUT, "", 0, false, null, null);
+    }
+
     public static ResourceMetadata newResourceMetadataAcked(
         Any rawResource, String version, long updateTimeNanos) {
       checkNotNull(rawResource, "rawResource");
@@ -256,7 +260,7 @@ public UpdateFailureState getErrorState() {
      * config_dump.proto</a>
      */
     public enum ResourceMetadataStatus {
-      UNKNOWN, REQUESTED, DOES_NOT_EXIST, ACKED, NACKED
+      UNKNOWN, REQUESTED, DOES_NOT_EXIST, ACKED, NACKED, TIMEOUT
     }
 
     /**
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 2b25d4db977..d70cfd841ef 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.xds.client.BootstrapperImpl.xdsDataErrorHandlingEnabled;
 import static io.grpc.xds.client.XdsResourceType.ParsedResource;
 import static io.grpc.xds.client.XdsResourceType.ValidatedResourceUpdate;
 
@@ -67,6 +68,7 @@ public final class XdsClientImpl extends XdsClient implements ResourceStore {
   // Longest time to wait, since the subscription to some resource, for concluding its absence.
   @VisibleForTesting
   public static final int INITIAL_RESOURCE_FETCH_TIMEOUT_SEC = 15;
+  public static final int EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC = 30;
 
   private final SynchronizationContext syncContext = new SynchronizationContext(
       new Thread.UncaughtExceptionHandler() {
@@ -738,6 +740,9 @@ void restartTimer() {
         // When client becomes ready, it triggers a restartTimer for all relevant subscribers.
         return;
       }
+      ServerInfo serverInfo = activeCpc.getServerInfo();
+      int timeoutSec = xdsDataErrorHandlingEnabled && serverInfo.resourceTimerIsTransientError()
+          ? EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC : INITIAL_RESOURCE_FETCH_TIMEOUT_SEC;
 
       class ResourceNotFound implements Runnable {
         @Override
@@ -761,8 +766,7 @@ public String toString() {
         respTimer.cancel();
       }
       respTimer = syncContext.schedule(
-          new ResourceNotFound(), INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS,
-          timeService);
+          new ResourceNotFound(), timeoutSec, TimeUnit.SECONDS, timeService);
     }
 
     void stopTimer() {
@@ -840,6 +844,8 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
       // Ignore deletion of State of the World resources when this feature is on,
       // and the resource is reusable.
       boolean ignoreResourceDeletionEnabled = serverInfo.ignoreResourceDeletion();
+      boolean resourceTimerIsTransientError =
+          xdsDataErrorHandlingEnabled && serverInfo.resourceTimerIsTransientError();
       if (ignoreResourceDeletionEnabled && type.isFullStateOfTheWorld() && data != null) {
         if (!resourceDeletionIgnored) {
           logger.log(XdsLogLevel.FORCE_WARNING,
@@ -854,14 +860,20 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
       if (!absent) {
         data = null;
         absent = true;
-        metadata = ResourceMetadata.newResourceMetadataDoesNotExist();
+        metadata = resourceTimerIsTransientError ? ResourceMetadata.newResourceMetadataTimeout() :
+            ResourceMetadata.newResourceMetadataDoesNotExist();
         for (ResourceWatcher<T> watcher : watchers.keySet()) {
           if (processingTracker != null) {
             processingTracker.startTask();
           }
           watchers.get(watcher).execute(() -> {
             try {
-              watcher.onResourceDoesNotExist(resource);
+              if (resourceTimerIsTransientError) {
+                watcher.onError(Status.UNAVAILABLE.withDescription(
+                    "Timed out waiting for resource " + resource + " from xDS server"));
+              } else {
+                watcher.onResourceDoesNotExist(resource);
+              }
             } finally {
               if (processingTracker != null) {
                 processingTracker.onComplete();
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 6167f491930..3650e5d5bb9 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -3549,7 +3549,7 @@ private static Filter buildHttpConnectionManagerFilter(HttpFilter... httpFilters
 
   private XdsResourceType.Args getXdsResourceTypeArgs(boolean isTrustedServer) {
     return new XdsResourceType.Args(
-        ServerInfo.create("http://td", "", false, isTrustedServer), "1.0", null, null, null, null
+        ServerInfo.create("http://td", "", false, isTrustedServer, false), "1.0", null, null, null, null
     );
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 32361684a6d..26b0baec05b 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -85,6 +85,7 @@
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.client.BootstrapperImpl;
 import io.grpc.xds.client.EnvoyProtoData.Node;
 import io.grpc.xds.client.LoadStatsManager2.ClusterDropStats;
 import io.grpc.xds.client.Locality;
@@ -145,7 +146,7 @@
 public abstract class GrpcXdsClientImplTestBase {
 
   private static final String SERVER_URI = "trafficdirector.googleapis.com";
-  private static final String SERVER_URI_CUSTOME_AUTHORITY = "trafficdirector2.googleapis.com";
+  private static final String SERVER_URI_CUSTOM_AUTHORITY = "trafficdirector2.googleapis.com";
   private static final String SERVER_URI_EMPTY_AUTHORITY = "trafficdirector3.googleapis.com";
   private static final String LDS_RESOURCE = "listener.googleapis.com";
   private static final String RDS_RESOURCE = "route-configuration.googleapis.com";
@@ -304,6 +305,30 @@ public long currentTimeNanos() {
   private final BindableService adsService = createAdsService();
   private final BindableService lrsService = createLrsService();
 
+  private XdsTransportFactory xdsTransportFactory = new XdsTransportFactory() {
+    @Override
+    public XdsTransport create(ServerInfo serverInfo) {
+      if (serverInfo.target().equals(SERVER_URI)) {
+        return new GrpcXdsTransport(channel);
+      }
+      if (serverInfo.target().equals(SERVER_URI_CUSTOM_AUTHORITY)) {
+        if (channelForCustomAuthority == null) {
+          channelForCustomAuthority = cleanupRule.register(
+              InProcessChannelBuilder.forName(serverName).directExecutor().build());
+        }
+        return new GrpcXdsTransport(channelForCustomAuthority);
+      }
+      if (serverInfo.target().equals(SERVER_URI_EMPTY_AUTHORITY)) {
+        if (channelForEmptyAuthority == null) {
+          channelForEmptyAuthority = cleanupRule.register(
+              InProcessChannelBuilder.forName(serverName).directExecutor().build());
+        }
+        return new GrpcXdsTransport(channelForEmptyAuthority);
+      }
+      throw new IllegalArgumentException("Can not create channel for " + serverInfo);
+    }
+  };
+
   @Before
   public void setUp() throws IOException {
     when(backoffPolicyProvider.get()).thenReturn(backoffPolicy1, backoffPolicy2);
@@ -322,32 +347,9 @@ public void setUp() throws IOException {
         .start());
     channel =
         cleanupRule.register(InProcessChannelBuilder.forName(serverName).directExecutor().build());
-    XdsTransportFactory xdsTransportFactory = new XdsTransportFactory() {
-      @Override
-      public XdsTransport create(ServerInfo serverInfo) {
-        if (serverInfo.target().equals(SERVER_URI)) {
-          return new GrpcXdsTransport(channel);
-        }
-        if (serverInfo.target().equals(SERVER_URI_CUSTOME_AUTHORITY)) {
-          if (channelForCustomAuthority == null) {
-            channelForCustomAuthority = cleanupRule.register(
-                InProcessChannelBuilder.forName(serverName).directExecutor().build());
-          }
-          return new GrpcXdsTransport(channelForCustomAuthority);
-        }
-        if (serverInfo.target().equals(SERVER_URI_EMPTY_AUTHORITY)) {
-          if (channelForEmptyAuthority == null) {
-            channelForEmptyAuthority = cleanupRule.register(
-                InProcessChannelBuilder.forName(serverName).directExecutor().build());
-          }
-          return new GrpcXdsTransport(channelForEmptyAuthority);
-        }
-        throw new IllegalArgumentException("Can not create channel for " + serverInfo);
-      }
-    };
 
     xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
-        true);
+        true, false);
     BootstrapInfo bootstrapInfo =
         Bootstrapper.BootstrapInfo.builder()
             .servers(Collections.singletonList(xdsServerInfo))
@@ -357,7 +359,7 @@ public XdsTransport create(ServerInfo serverInfo) {
                 AuthorityInfo.create(
                     "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
                     ImmutableList.of(Bootstrapper.ServerInfo.create(
-                        SERVER_URI_CUSTOME_AUTHORITY, CHANNEL_CREDENTIALS))),
+                        SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
                 "",
                 AuthorityInfo.create(
                     "xdstp:///envoy.config.listener.v3.Listener/%s",
@@ -3155,6 +3157,108 @@ public void flowControlAbsent() throws Exception {
     verify(anotherWatcher).onError(any());
   }
 
+  @Test
+  @SuppressWarnings("unchecked")
+  public void resourceTimerIsTransientError_schedulesExtendedTimeout() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    ServerInfo serverInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS,
+        false, true, true);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(serverInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of())
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+    ResourceWatcher<CdsUpdate> watcher = mock(ResourceWatcher.class);
+    String resourceName = "cluster.googleapis.com";
+
+    xdsClient.watchXdsResource(
+        XdsClusterResource.getInstance(),
+        resourceName,
+        watcher,
+        fakeClock.getScheduledExecutorService());
+
+    ScheduledTask task = Iterables.getOnlyElement(
+        fakeClock.getPendingTasks(CDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
+    assertThat(task.getDelay(TimeUnit.SECONDS))
+        .isEqualTo(XdsClientImpl.EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC);
+    fakeClock.runDueTasks();
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
+  @Test
+  @SuppressWarnings("unchecked")
+  public void resourceTimerIsTransientError_callsOnErrorUnavailable() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
+        true, true);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "authority.xds.com",
+                AuthorityInfo.create(
+                    "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of("cert-instance-name",
+                CertificateProviderInfo.create("file-watcher", ImmutableMap.of())))
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+    String timeoutResource = CDS_RESOURCE + "_timeout";
+    ResourceWatcher<CdsUpdate> timeoutWatcher = mock(ResourceWatcher.class);
+
+    xdsClient.watchXdsResource(
+        XdsClusterResource.getInstance(),
+        timeoutResource,
+        timeoutWatcher,
+        fakeClock.getScheduledExecutorService());
+
+    assertThat(resourceDiscoveryCalls).hasSize(1);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    call.verifyRequest(CDS, ImmutableList.of(timeoutResource), "", "", NODE);
+    fakeClock.forwardTime(XdsClientImpl.EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
+    fakeClock.runDueTasks();
+    ArgumentCaptor<Status> errorCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(timeoutWatcher).onError(errorCaptor.capture());
+    Status error = errorCaptor.getValue();
+    assertThat(error.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(error.getDescription()).isEqualTo(
+        "Timed out waiting for resource " + timeoutResource + " from xDS server");
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
   private Answer<Void> blockUpdate(CyclicBarrier barrier) {
     return new Answer<Void>() {
       @Override
@@ -4220,7 +4324,7 @@ private XdsClientImpl createXdsClient(String serverUri) {
   private BootstrapInfo buildBootStrap(String serverUri) {
 
     ServerInfo xdsServerInfo = ServerInfo.create(serverUri, CHANNEL_CREDENTIALS,
-        ignoreResourceDeletion(), true);
+        ignoreResourceDeletion(), true, false);
 
     return Bootstrapper.BootstrapInfo.builder()
         .servers(Collections.singletonList(xdsServerInfo))
@@ -4230,7 +4334,7 @@ private BootstrapInfo buildBootStrap(String serverUri) {
             AuthorityInfo.create(
                 "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
                 ImmutableList.of(Bootstrapper.ServerInfo.create(
-                    SERVER_URI_CUSTOME_AUTHORITY, CHANNEL_CREDENTIALS))),
+                    SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
             "",
             AuthorityInfo.create(
                 "xdstp:///envoy.config.listener.v3.Listener/%s",
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 7015a43f6ed..e2618df18b1 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -368,13 +368,13 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
     String serviceAuthority = "[::FFFF:129.144.52.38]:80";
     bootstrapInfo = BootstrapInfo.builder()
         .servers(ImmutableList.of(ServerInfo.create(
-            "td.googleapis.com", InsecureChannelCredentials.create(), true, true)))
+            "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false)))
         .node(Node.newBuilder().build())
         .authorities(
             ImmutableMap.of(targetAuthority, AuthorityInfo.create(
                 "xdstp://" + targetAuthority + "/envoy.config.listener.v3.Listener/%s?foo=1&bar=2",
                 ImmutableList.of(ServerInfo.create(
-                    "td.googleapis.com", InsecureChannelCredentials.create(), true, true)))))
+                    "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false)))))
         .build();
     expectedLdsResourceName = "xdstp://xds.authority.com/envoy.config.listener.v3.Listener/"
         + "%5B::FFFF:129.144.52.38%5D:80?bar=2&foo=1"; // query param canonified
diff --git a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
index 485970741c1..754e903f8a9 100644
--- a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
@@ -203,7 +203,7 @@ public static Bootstrapper.BootstrapInfo buildBootStrap(List<String> serverUris)
 
     List<ServerInfo> serverInfos = new ArrayList<>();
     for (String uri : serverUris) {
-      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true));
+      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true, false));
     }
     EnvoyProtoData.Node node = EnvoyProtoData.Node.newBuilder().setId("node-id").build();
 

From d352540a02cc3f438caf7527acfa7bec8c03ecf8 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Wed, 16 Jul 2025 09:09:43 +0000
Subject: [PATCH 320/591] api: Add more Javadoc for NameResolver.Listener2
 interface (#12220)

---
 api/src/main/java/io/grpc/NameResolver.java | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index 9483f5f3b0a..2ac4ecae69e 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -239,6 +239,9 @@ public final void onAddresses(
      * {@link ResolutionResult#getAddressesOrError()} is empty, {@link #onError(Status)} will be
      * called.
      *
+     * <p>Newer NameResolver implementations should prefer calling onResult2. This method exists to
+     * facilitate older {@link Listener} implementations to migrate to {@link Listener2}.
+     *
      * @param resolutionResult the resolved server addresses, attributes, and Service Config.
      * @since 1.21.0
      */
@@ -248,6 +251,10 @@ public final void onAddresses(
      * Handles a name resolving error from the resolver. The listener is responsible for eventually
      * invoking {@link NameResolver#refresh()} to re-attempt resolution.
      *
+     * <p>New NameResolver implementations should prefer calling onResult2 which will have the
+     * address resolution error in {@link ResolutionResult}'s addressesOrError. This method exists
+     * to facilitate older implementations using {@link Listener} to migrate to {@link Listener2}.
+     *
      * @param error a non-OK status
      * @since 1.21.0
      */
@@ -255,9 +262,14 @@ public final void onAddresses(
     public abstract void onError(Status error);
 
     /**
-     * Handles updates on resolved addresses and attributes.
+     * Handles updates on resolved addresses and attributes. Must be called from the same
+     * {@link SynchronizationContext} available in {@link NameResolver.Args} that is passed
+     * from the channel.
      *
-     * @param resolutionResult the resolved server addresses, attributes, and Service Config.
+     * @param resolutionResult the resolved server addresses or error in address resolution,
+     *     attributes, and Service Config or error
+     * @return status indicating whether the resolutionResult was accepted by the listener,
+     *     typically the result from a load balancer.
      * @since 1.66
      */
     public Status onResult2(ResolutionResult resolutionResult) {

From d7d70c6905666876d58c3c23cdf110cabdc11b37 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 17 Jul 2025 10:26:12 +0530
Subject: [PATCH 321/591] xds: cncf/xds proto sync to 2025-05-02 (#12225)

---
 repositories.bzl                              |  6 ++---
 xds/third_party/xds/import.sh                 |  3 ++-
 .../xds/src/main/proto/xds/core/v3/cidr.proto | 25 +++++++++++++++++++
 .../xds/data/orca/v3/orca_load_report.proto   |  2 +-
 .../main/proto/xds/type/matcher/v3/cel.proto  |  9 ++-----
 .../xds/type/matcher/v3/http_inputs.proto     |  6 +----
 .../proto/xds/type/matcher/v3/matcher.proto   | 11 +++++---
 .../xds/src/main/proto/xds/type/v3/cel.proto  |  7 ++++++
 8 files changed, 49 insertions(+), 20 deletions(-)
 create mode 100644 xds/third_party/xds/src/main/proto/xds/core/v3/cidr.proto

diff --git a/repositories.bzl b/repositories.bzl
index 12a8ec7a6f1..dd74a48da4b 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -101,10 +101,10 @@ def grpc_java_repositories(bzlmod = False):
     if not native.existing_rule("com_github_cncf_xds"):
         http_archive(
             name = "com_github_cncf_xds",
-            strip_prefix = "xds-024c85f92f20cab567a83acc50934c7f9711d124",
-            sha256 = "5f403aa681711500ca8e62387be3e37d971977db6e88616fc21862a406430649",
+            strip_prefix = "xds-2ac532fd44436293585084f8d94c6bdb17835af0",
+            sha256 = "790c4c83b6950bb602fec221f6a529d9f368cdc8852aae7d2592d0d04b015f37",
             urls = [
-                "https://github.com/cncf/xds/archive/024c85f92f20cab567a83acc50934c7f9711d124.tar.gz",
+                "https://github.com/cncf/xds/archive/2ac532fd44436293585084f8d94c6bdb17835af0.tar.gz",
             ],
         )
     if not bzlmod and not native.existing_rule("com_github_grpc_grpc"):
diff --git a/xds/third_party/xds/import.sh b/xds/third_party/xds/import.sh
index 9e4bf71d52f..7af5c8489d1 100755
--- a/xds/third_party/xds/import.sh
+++ b/xds/third_party/xds/import.sh
@@ -17,7 +17,7 @@
 
 set -e
 # import VERSION from one of the google internal CLs
-VERSION=024c85f92f20cab567a83acc50934c7f9711d124
+VERSION=2ac532fd44436293585084f8d94c6bdb17835af0
 DOWNLOAD_URL="https://github.com/cncf/xds/archive/${VERSION}.tar.gz"
 DOWNLOAD_BASE_DIR="xds-${VERSION}"
 SOURCE_PROTO_BASE_DIR="${DOWNLOAD_BASE_DIR}"
@@ -40,6 +40,7 @@ xds/annotations/v3/versioning.proto
 xds/core/v3/authority.proto
 xds/core/v3/collection_entry.proto
 xds/core/v3/context_params.proto
+xds/core/v3/cidr.proto
 xds/core/v3/extension.proto
 xds/core/v3/resource_locator.proto
 xds/core/v3/resource_name.proto
diff --git a/xds/third_party/xds/src/main/proto/xds/core/v3/cidr.proto b/xds/third_party/xds/src/main/proto/xds/core/v3/cidr.proto
new file mode 100644
index 00000000000..c40dab2f28f
--- /dev/null
+++ b/xds/third_party/xds/src/main/proto/xds/core/v3/cidr.proto
@@ -0,0 +1,25 @@
+syntax = "proto3";
+
+package xds.core.v3;
+
+import "xds/annotations/v3/status.proto";
+import "google/protobuf/wrappers.proto";
+
+import "validate/validate.proto";
+
+option java_outer_classname = "CidrRangeProto";
+option java_multiple_files = true;
+option java_package = "com.github.xds.core.v3";
+option go_package = "github.com/cncf/xds/go/xds/core/v3";
+
+option (xds.annotations.v3.file_status).work_in_progress = true;
+
+// CidrRange specifies an IP Address and a prefix length to construct
+// the subnet mask for a `CIDR <https://tools.ietf.org/html/rfc4632>`_ range.
+message CidrRange {
+  // IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``.
+  string address_prefix = 1 [(validate.rules).string = {min_len: 1}];
+
+  // Length of prefix, e.g. 0, 32. Defaults to 0 when unset.
+  google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}];
+}
diff --git a/xds/third_party/xds/src/main/proto/xds/data/orca/v3/orca_load_report.proto b/xds/third_party/xds/src/main/proto/xds/data/orca/v3/orca_load_report.proto
index 53da75f78ac..1b0847585a4 100644
--- a/xds/third_party/xds/src/main/proto/xds/data/orca/v3/orca_load_report.proto
+++ b/xds/third_party/xds/src/main/proto/xds/data/orca/v3/orca_load_report.proto
@@ -10,7 +10,7 @@ option go_package = "github.com/cncf/xds/go/xds/data/orca/v3";
 import "validate/validate.proto";
 
 // See section `ORCA load report format` of the design document in
-// :ref:`https://github.com/envoyproxy/envoy/issues/6614`.
+// https://github.com/envoyproxy/envoy/issues/6614.
 
 message OrcaLoadReport {
   // CPU utilization expressed as a fraction of available CPU resources. This
diff --git a/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/cel.proto b/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/cel.proto
index b1ad1faa281..a45af9534a0 100644
--- a/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/cel.proto
+++ b/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/cel.proto
@@ -2,9 +2,7 @@ syntax = "proto3";
 
 package xds.type.matcher.v3;
 
-import "xds/annotations/v3/status.proto";
 import "xds/type/v3/cel.proto";
-
 import "validate/validate.proto";
 
 option java_package = "com.github.xds.type.matcher.v3";
@@ -12,8 +10,6 @@ option java_outer_classname = "CelProto";
 option java_multiple_files = true;
 option go_package = "github.com/cncf/xds/go/xds/type/matcher/v3";
 
-option (xds.annotations.v3.file_status).work_in_progress = true;
-
 // [#protodoc-title: Common Expression Language (CEL) matchers]
 
 // Performs a match by evaluating a `Common Expression Language
@@ -24,14 +20,13 @@ option (xds.annotations.v3.file_status).work_in_progress = true;
 //
 //   The match is ``true``, iff the result of the evaluation is a bool AND true.
 //   In all other cases, the match is ``false``, including but not limited to: non-bool types,
-//   ``false``, ``null``,`` int(1)``, etc.
+//   ``false``, ``null``, ``int(1)``, etc.
 //   In case CEL expression raises an error, the result of the evaluation is interpreted "no match".
 //
 // Refer to :ref:`Unified Matcher API <envoy_v3_api_msg_.xds.type.matcher.v3.Matcher>` documentation
 // for usage details.
 //
-// [#comment:TODO(sergiitk): Link HttpAttributesMatchInput + usage example.]
-// [#comment:TODO(sergiitk): When implemented, add the extension tag.]
+// [#comment: envoy.matching.matchers.cel_matcher]
 message CelMatcher {
   // Either parsed or checked representation of the CEL program.
   type.v3.CelExpression expr_match = 1 [(validate.rules).message = {required: true}];
diff --git a/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/http_inputs.proto b/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/http_inputs.proto
index 0dd80cd6f66..5709d64501b 100644
--- a/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/http_inputs.proto
+++ b/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/http_inputs.proto
@@ -2,15 +2,11 @@ syntax = "proto3";
 
 package xds.type.matcher.v3;
 
-import "xds/annotations/v3/status.proto";
-
 option java_package = "com.github.xds.type.matcher.v3";
 option java_outer_classname = "HttpInputsProto";
 option java_multiple_files = true;
 option go_package = "github.com/cncf/xds/go/xds/type/matcher/v3";
 
-option (xds.annotations.v3.file_status).work_in_progress = true;
-
 // [#protodoc-title: Common HTTP Inputs]
 
 // Specifies that matching should be performed on the set of :ref:`HTTP attributes
@@ -22,6 +18,6 @@ option (xds.annotations.v3.file_status).work_in_progress = true;
 // Refer to :ref:`Unified Matcher API <envoy_v3_api_msg_.xds.type.matcher.v3.Matcher>` documentation
 // for usage details.
 //
-// [#comment:TODO(sergiitk): When implemented, add the extension tag.]
+// [#comment: envoy.matching.inputs.cel_data_input]
 message HttpAttributesCelMatchInput {
 }
diff --git a/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/matcher.proto b/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/matcher.proto
index 4966b456bee..cc03ff6e98f 100644
--- a/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/matcher.proto
+++ b/xds/third_party/xds/src/main/proto/xds/type/matcher/v3/matcher.proto
@@ -2,7 +2,6 @@ syntax = "proto3";
 
 package xds.type.matcher.v3;
 
-import "xds/annotations/v3/status.proto";
 import "xds/core/v3/extension.proto";
 import "xds/type/matcher/v3/string.proto";
 
@@ -21,8 +20,6 @@ option go_package = "github.com/cncf/xds/go/xds/type/matcher/v3";
 // As an on_no_match might result in another matching tree being evaluated, this process
 // might repeat several times until the final OnMatch (or no match) is decided.
 message Matcher {
-  option (xds.annotations.v3.message_status).work_in_progress = true;
-
   // What to do if a match is successful.
   message OnMatch {
     oneof on_match {
@@ -38,6 +35,14 @@ message Matcher {
       // Protocol-specific action to take.
       core.v3.TypedExtensionConfig action = 2;
     }
+
+    // If true and the Matcher matches, the action will be taken but the caller
+    // will behave as if the Matcher did not match. A subsequent matcher or
+    // on_no_match action will be used instead.
+    // This field is not supported in all contexts in which the matcher API is
+    // used. If this field is set in a context in which it's not supported,
+    // the resource will be rejected.
+    bool keep_matching = 3;
   }
 
   // A linear list of field matchers.
diff --git a/xds/third_party/xds/src/main/proto/xds/type/v3/cel.proto b/xds/third_party/xds/src/main/proto/xds/type/v3/cel.proto
index df4f81d90d2..043990401c6 100644
--- a/xds/third_party/xds/src/main/proto/xds/type/v3/cel.proto
+++ b/xds/third_party/xds/src/main/proto/xds/type/v3/cel.proto
@@ -47,6 +47,13 @@ message CelExpression {
   //
   // If set, takes precedence over ``cel_expr_parsed``.
   cel.expr.CheckedExpr cel_expr_checked = 4;
+
+  // Unparsed expression in string form. For example, ``request.headers['x-env'] == 'prod'`` will
+  // get ``x-env`` header value and compare it with ``prod``.
+  // Check the `Common Expression Language <https://github.com/google/cel-spec>`_ for more details.
+  //
+  // If set, takes precedence over ``cel_expr_parsed`` and ``cel_expr_checked``.
+  string cel_expr_string = 5;
 }
 
 // Extracts a string by evaluating a `Common Expression Language

From 6935d3a115be45f7ed240fd80087a0a829d966f4 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 17 Jul 2025 11:35:34 +0530
Subject: [PATCH 322/591] Revert "xds: add
 "resource_timer_is_transient_failure" server feature (#12063)" (#12228)

---
 .../java/io/grpc/xds/client/Bootstrapper.java |   9 +-
 .../io/grpc/xds/client/BootstrapperImpl.java  |  14 +-
 .../java/io/grpc/xds/client/XdsClient.java    |   6 +-
 .../io/grpc/xds/client/XdsClientImpl.java     |  20 +--
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |   2 +-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 160 +++---------------
 .../java/io/grpc/xds/XdsNameResolverTest.java |   4 +-
 .../client/CommonBootstrapperTestUtils.java   |   2 +-
 8 files changed, 41 insertions(+), 176 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
index 4fa75f6b335..90babd1e8d0 100644
--- a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
+++ b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
@@ -63,20 +63,17 @@ public abstract static class ServerInfo {
 
     public abstract boolean isTrustedXdsServer();
 
-    public abstract boolean resourceTimerIsTransientError();
-
     @VisibleForTesting
     public static ServerInfo create(String target, @Nullable Object implSpecificConfig) {
-      return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
-          false, false, false);
+      return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig, false, false);
     }
 
     @VisibleForTesting
     public static ServerInfo create(
         String target, Object implSpecificConfig, boolean ignoreResourceDeletion,
-        boolean isTrustedXdsServer, boolean resourceTimerIsTransientError) {
+        boolean isTrustedXdsServer) {
       return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
-          ignoreResourceDeletion, isTrustedXdsServer, resourceTimerIsTransientError);
+          ignoreResourceDeletion, isTrustedXdsServer);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index 423c1a118e8..c00685f1781 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -43,8 +43,6 @@ public abstract class BootstrapperImpl extends Bootstrapper {
 
   public static final String GRPC_EXPERIMENTAL_XDS_FALLBACK =
       "GRPC_EXPERIMENTAL_XDS_FALLBACK";
-  public static final String GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING =
-      "GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING";
 
   // Client features.
   @VisibleForTesting
@@ -56,16 +54,10 @@ public abstract class BootstrapperImpl extends Bootstrapper {
   // Server features.
   private static final String SERVER_FEATURE_IGNORE_RESOURCE_DELETION = "ignore_resource_deletion";
   private static final String SERVER_FEATURE_TRUSTED_XDS_SERVER = "trusted_xds_server";
-  private static final String
-      SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR = "resource_timer_is_transient_error";
 
   @VisibleForTesting
   static boolean enableXdsFallback = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_FALLBACK, true);
 
-  @VisibleForTesting
-  public static boolean xdsDataErrorHandlingEnabled
-      = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING, false);
-
   protected final XdsLogger logger;
 
   protected FileReader reader = LocalFileReader.INSTANCE;
@@ -255,7 +247,6 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
 
       Object implSpecificConfig = getImplSpecificConfig(serverConfig, serverUri);
 
-      boolean resourceTimerIsTransientError = false;
       boolean ignoreResourceDeletion = false;
       // "For forward compatibility reasons, the client will ignore any entry in the list that it
       // does not understand, regardless of type."
@@ -263,14 +254,11 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
       if (serverFeatures != null) {
         logger.log(XdsLogLevel.INFO, "Server features: {0}", serverFeatures);
         ignoreResourceDeletion = serverFeatures.contains(SERVER_FEATURE_IGNORE_RESOURCE_DELETION);
-        resourceTimerIsTransientError = xdsDataErrorHandlingEnabled
-            && serverFeatures.contains(SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR);
       }
       servers.add(
           ServerInfo.create(serverUri, implSpecificConfig, ignoreResourceDeletion,
               serverFeatures != null
-                  && serverFeatures.contains(SERVER_FEATURE_TRUSTED_XDS_SERVER),
-              resourceTimerIsTransientError));
+                  && serverFeatures.contains(SERVER_FEATURE_TRUSTED_XDS_SERVER)));
     }
     return servers.build();
   }
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index e2dd4169bca..edbb0b2d74c 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -199,10 +199,6 @@ public static ResourceMetadata newResourceMetadataDoesNotExist() {
       return new ResourceMetadata(ResourceMetadataStatus.DOES_NOT_EXIST, "", 0, false, null, null);
     }
 
-    public static ResourceMetadata newResourceMetadataTimeout() {
-      return new ResourceMetadata(ResourceMetadataStatus.TIMEOUT, "", 0, false, null, null);
-    }
-
     public static ResourceMetadata newResourceMetadataAcked(
         Any rawResource, String version, long updateTimeNanos) {
       checkNotNull(rawResource, "rawResource");
@@ -260,7 +256,7 @@ public UpdateFailureState getErrorState() {
      * config_dump.proto</a>
      */
     public enum ResourceMetadataStatus {
-      UNKNOWN, REQUESTED, DOES_NOT_EXIST, ACKED, NACKED, TIMEOUT
+      UNKNOWN, REQUESTED, DOES_NOT_EXIST, ACKED, NACKED
     }
 
     /**
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index d70cfd841ef..2b25d4db977 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
-import static io.grpc.xds.client.BootstrapperImpl.xdsDataErrorHandlingEnabled;
 import static io.grpc.xds.client.XdsResourceType.ParsedResource;
 import static io.grpc.xds.client.XdsResourceType.ValidatedResourceUpdate;
 
@@ -68,7 +67,6 @@ public final class XdsClientImpl extends XdsClient implements ResourceStore {
   // Longest time to wait, since the subscription to some resource, for concluding its absence.
   @VisibleForTesting
   public static final int INITIAL_RESOURCE_FETCH_TIMEOUT_SEC = 15;
-  public static final int EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC = 30;
 
   private final SynchronizationContext syncContext = new SynchronizationContext(
       new Thread.UncaughtExceptionHandler() {
@@ -740,9 +738,6 @@ void restartTimer() {
         // When client becomes ready, it triggers a restartTimer for all relevant subscribers.
         return;
       }
-      ServerInfo serverInfo = activeCpc.getServerInfo();
-      int timeoutSec = xdsDataErrorHandlingEnabled && serverInfo.resourceTimerIsTransientError()
-          ? EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC : INITIAL_RESOURCE_FETCH_TIMEOUT_SEC;
 
       class ResourceNotFound implements Runnable {
         @Override
@@ -766,7 +761,8 @@ public String toString() {
         respTimer.cancel();
       }
       respTimer = syncContext.schedule(
-          new ResourceNotFound(), timeoutSec, TimeUnit.SECONDS, timeService);
+          new ResourceNotFound(), INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS,
+          timeService);
     }
 
     void stopTimer() {
@@ -844,8 +840,6 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
       // Ignore deletion of State of the World resources when this feature is on,
       // and the resource is reusable.
       boolean ignoreResourceDeletionEnabled = serverInfo.ignoreResourceDeletion();
-      boolean resourceTimerIsTransientError =
-          xdsDataErrorHandlingEnabled && serverInfo.resourceTimerIsTransientError();
       if (ignoreResourceDeletionEnabled && type.isFullStateOfTheWorld() && data != null) {
         if (!resourceDeletionIgnored) {
           logger.log(XdsLogLevel.FORCE_WARNING,
@@ -860,20 +854,14 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
       if (!absent) {
         data = null;
         absent = true;
-        metadata = resourceTimerIsTransientError ? ResourceMetadata.newResourceMetadataTimeout() :
-            ResourceMetadata.newResourceMetadataDoesNotExist();
+        metadata = ResourceMetadata.newResourceMetadataDoesNotExist();
         for (ResourceWatcher<T> watcher : watchers.keySet()) {
           if (processingTracker != null) {
             processingTracker.startTask();
           }
           watchers.get(watcher).execute(() -> {
             try {
-              if (resourceTimerIsTransientError) {
-                watcher.onError(Status.UNAVAILABLE.withDescription(
-                    "Timed out waiting for resource " + resource + " from xDS server"));
-              } else {
-                watcher.onResourceDoesNotExist(resource);
-              }
+              watcher.onResourceDoesNotExist(resource);
             } finally {
               if (processingTracker != null) {
                 processingTracker.onComplete();
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 3650e5d5bb9..6167f491930 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -3549,7 +3549,7 @@ private static Filter buildHttpConnectionManagerFilter(HttpFilter... httpFilters
 
   private XdsResourceType.Args getXdsResourceTypeArgs(boolean isTrustedServer) {
     return new XdsResourceType.Args(
-        ServerInfo.create("http://td", "", false, isTrustedServer, false), "1.0", null, null, null, null
+        ServerInfo.create("http://td", "", false, isTrustedServer), "1.0", null, null, null, null
     );
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 26b0baec05b..32361684a6d 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -85,7 +85,6 @@
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
-import io.grpc.xds.client.BootstrapperImpl;
 import io.grpc.xds.client.EnvoyProtoData.Node;
 import io.grpc.xds.client.LoadStatsManager2.ClusterDropStats;
 import io.grpc.xds.client.Locality;
@@ -146,7 +145,7 @@
 public abstract class GrpcXdsClientImplTestBase {
 
   private static final String SERVER_URI = "trafficdirector.googleapis.com";
-  private static final String SERVER_URI_CUSTOM_AUTHORITY = "trafficdirector2.googleapis.com";
+  private static final String SERVER_URI_CUSTOME_AUTHORITY = "trafficdirector2.googleapis.com";
   private static final String SERVER_URI_EMPTY_AUTHORITY = "trafficdirector3.googleapis.com";
   private static final String LDS_RESOURCE = "listener.googleapis.com";
   private static final String RDS_RESOURCE = "route-configuration.googleapis.com";
@@ -305,30 +304,6 @@ public long currentTimeNanos() {
   private final BindableService adsService = createAdsService();
   private final BindableService lrsService = createLrsService();
 
-  private XdsTransportFactory xdsTransportFactory = new XdsTransportFactory() {
-    @Override
-    public XdsTransport create(ServerInfo serverInfo) {
-      if (serverInfo.target().equals(SERVER_URI)) {
-        return new GrpcXdsTransport(channel);
-      }
-      if (serverInfo.target().equals(SERVER_URI_CUSTOM_AUTHORITY)) {
-        if (channelForCustomAuthority == null) {
-          channelForCustomAuthority = cleanupRule.register(
-              InProcessChannelBuilder.forName(serverName).directExecutor().build());
-        }
-        return new GrpcXdsTransport(channelForCustomAuthority);
-      }
-      if (serverInfo.target().equals(SERVER_URI_EMPTY_AUTHORITY)) {
-        if (channelForEmptyAuthority == null) {
-          channelForEmptyAuthority = cleanupRule.register(
-              InProcessChannelBuilder.forName(serverName).directExecutor().build());
-        }
-        return new GrpcXdsTransport(channelForEmptyAuthority);
-      }
-      throw new IllegalArgumentException("Can not create channel for " + serverInfo);
-    }
-  };
-
   @Before
   public void setUp() throws IOException {
     when(backoffPolicyProvider.get()).thenReturn(backoffPolicy1, backoffPolicy2);
@@ -347,9 +322,32 @@ public void setUp() throws IOException {
         .start());
     channel =
         cleanupRule.register(InProcessChannelBuilder.forName(serverName).directExecutor().build());
+    XdsTransportFactory xdsTransportFactory = new XdsTransportFactory() {
+      @Override
+      public XdsTransport create(ServerInfo serverInfo) {
+        if (serverInfo.target().equals(SERVER_URI)) {
+          return new GrpcXdsTransport(channel);
+        }
+        if (serverInfo.target().equals(SERVER_URI_CUSTOME_AUTHORITY)) {
+          if (channelForCustomAuthority == null) {
+            channelForCustomAuthority = cleanupRule.register(
+                InProcessChannelBuilder.forName(serverName).directExecutor().build());
+          }
+          return new GrpcXdsTransport(channelForCustomAuthority);
+        }
+        if (serverInfo.target().equals(SERVER_URI_EMPTY_AUTHORITY)) {
+          if (channelForEmptyAuthority == null) {
+            channelForEmptyAuthority = cleanupRule.register(
+                InProcessChannelBuilder.forName(serverName).directExecutor().build());
+          }
+          return new GrpcXdsTransport(channelForEmptyAuthority);
+        }
+        throw new IllegalArgumentException("Can not create channel for " + serverInfo);
+      }
+    };
 
     xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
-        true, false);
+        true);
     BootstrapInfo bootstrapInfo =
         Bootstrapper.BootstrapInfo.builder()
             .servers(Collections.singletonList(xdsServerInfo))
@@ -359,7 +357,7 @@ public void setUp() throws IOException {
                 AuthorityInfo.create(
                     "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
                     ImmutableList.of(Bootstrapper.ServerInfo.create(
-                        SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
+                        SERVER_URI_CUSTOME_AUTHORITY, CHANNEL_CREDENTIALS))),
                 "",
                 AuthorityInfo.create(
                     "xdstp:///envoy.config.listener.v3.Listener/%s",
@@ -3157,108 +3155,6 @@ public void flowControlAbsent() throws Exception {
     verify(anotherWatcher).onError(any());
   }
 
-  @Test
-  @SuppressWarnings("unchecked")
-  public void resourceTimerIsTransientError_schedulesExtendedTimeout() {
-    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
-    ServerInfo serverInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS,
-        false, true, true);
-    BootstrapInfo bootstrapInfo =
-        Bootstrapper.BootstrapInfo.builder()
-            .servers(Collections.singletonList(serverInfo))
-            .node(NODE)
-            .authorities(ImmutableMap.of(
-                "",
-                AuthorityInfo.create(
-                    "xdstp:///envoy.config.listener.v3.Listener/%s",
-                    ImmutableList.of(Bootstrapper.ServerInfo.create(
-                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
-            .certProviders(ImmutableMap.of())
-            .build();
-    xdsClient = new XdsClientImpl(
-        xdsTransportFactory,
-        bootstrapInfo,
-        fakeClock.getScheduledExecutorService(),
-        backoffPolicyProvider,
-        fakeClock.getStopwatchSupplier(),
-        timeProvider,
-        MessagePrinter.INSTANCE,
-        new TlsContextManagerImpl(bootstrapInfo),
-        xdsClientMetricReporter);
-    ResourceWatcher<CdsUpdate> watcher = mock(ResourceWatcher.class);
-    String resourceName = "cluster.googleapis.com";
-
-    xdsClient.watchXdsResource(
-        XdsClusterResource.getInstance(),
-        resourceName,
-        watcher,
-        fakeClock.getScheduledExecutorService());
-
-    ScheduledTask task = Iterables.getOnlyElement(
-        fakeClock.getPendingTasks(CDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
-    assertThat(task.getDelay(TimeUnit.SECONDS))
-        .isEqualTo(XdsClientImpl.EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC);
-    fakeClock.runDueTasks();
-    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
-  }
-
-  @Test
-  @SuppressWarnings("unchecked")
-  public void resourceTimerIsTransientError_callsOnErrorUnavailable() {
-    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
-    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
-        true, true);
-    BootstrapInfo bootstrapInfo =
-        Bootstrapper.BootstrapInfo.builder()
-            .servers(Collections.singletonList(xdsServerInfo))
-            .node(NODE)
-            .authorities(ImmutableMap.of(
-                "authority.xds.com",
-                AuthorityInfo.create(
-                    "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
-                    ImmutableList.of(Bootstrapper.ServerInfo.create(
-                        SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
-                "",
-                AuthorityInfo.create(
-                    "xdstp:///envoy.config.listener.v3.Listener/%s",
-                    ImmutableList.of(Bootstrapper.ServerInfo.create(
-                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
-            .certProviders(ImmutableMap.of("cert-instance-name",
-                CertificateProviderInfo.create("file-watcher", ImmutableMap.of())))
-            .build();
-    xdsClient = new XdsClientImpl(
-        xdsTransportFactory,
-        bootstrapInfo,
-        fakeClock.getScheduledExecutorService(),
-        backoffPolicyProvider,
-        fakeClock.getStopwatchSupplier(),
-        timeProvider,
-        MessagePrinter.INSTANCE,
-        new TlsContextManagerImpl(bootstrapInfo),
-        xdsClientMetricReporter);
-    String timeoutResource = CDS_RESOURCE + "_timeout";
-    ResourceWatcher<CdsUpdate> timeoutWatcher = mock(ResourceWatcher.class);
-
-    xdsClient.watchXdsResource(
-        XdsClusterResource.getInstance(),
-        timeoutResource,
-        timeoutWatcher,
-        fakeClock.getScheduledExecutorService());
-
-    assertThat(resourceDiscoveryCalls).hasSize(1);
-    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
-    call.verifyRequest(CDS, ImmutableList.of(timeoutResource), "", "", NODE);
-    fakeClock.forwardTime(XdsClientImpl.EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    fakeClock.runDueTasks();
-    ArgumentCaptor<Status> errorCaptor = ArgumentCaptor.forClass(Status.class);
-    verify(timeoutWatcher).onError(errorCaptor.capture());
-    Status error = errorCaptor.getValue();
-    assertThat(error.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
-    assertThat(error.getDescription()).isEqualTo(
-        "Timed out waiting for resource " + timeoutResource + " from xDS server");
-    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
-  }
-
   private Answer<Void> blockUpdate(CyclicBarrier barrier) {
     return new Answer<Void>() {
       @Override
@@ -4324,7 +4220,7 @@ private XdsClientImpl createXdsClient(String serverUri) {
   private BootstrapInfo buildBootStrap(String serverUri) {
 
     ServerInfo xdsServerInfo = ServerInfo.create(serverUri, CHANNEL_CREDENTIALS,
-        ignoreResourceDeletion(), true, false);
+        ignoreResourceDeletion(), true);
 
     return Bootstrapper.BootstrapInfo.builder()
         .servers(Collections.singletonList(xdsServerInfo))
@@ -4334,7 +4230,7 @@ private BootstrapInfo buildBootStrap(String serverUri) {
             AuthorityInfo.create(
                 "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
                 ImmutableList.of(Bootstrapper.ServerInfo.create(
-                    SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
+                    SERVER_URI_CUSTOME_AUTHORITY, CHANNEL_CREDENTIALS))),
             "",
             AuthorityInfo.create(
                 "xdstp:///envoy.config.listener.v3.Listener/%s",
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index e2618df18b1..7015a43f6ed 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -368,13 +368,13 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
     String serviceAuthority = "[::FFFF:129.144.52.38]:80";
     bootstrapInfo = BootstrapInfo.builder()
         .servers(ImmutableList.of(ServerInfo.create(
-            "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false)))
+            "td.googleapis.com", InsecureChannelCredentials.create(), true, true)))
         .node(Node.newBuilder().build())
         .authorities(
             ImmutableMap.of(targetAuthority, AuthorityInfo.create(
                 "xdstp://" + targetAuthority + "/envoy.config.listener.v3.Listener/%s?foo=1&bar=2",
                 ImmutableList.of(ServerInfo.create(
-                    "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false)))))
+                    "td.googleapis.com", InsecureChannelCredentials.create(), true, true)))))
         .build();
     expectedLdsResourceName = "xdstp://xds.authority.com/envoy.config.listener.v3.Listener/"
         + "%5B::FFFF:129.144.52.38%5D:80?bar=2&foo=1"; // query param canonified
diff --git a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
index 754e903f8a9..485970741c1 100644
--- a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
@@ -203,7 +203,7 @@ public static Bootstrapper.BootstrapInfo buildBootStrap(List<String> serverUris)
 
     List<ServerInfo> serverInfos = new ArrayList<>();
     for (String uri : serverUris) {
-      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true, false));
+      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true));
     }
     EnvoyProtoData.Node node = EnvoyProtoData.Node.newBuilder().setId("node-id").build();
 

From 1fc4ab0bb203a7934753d4d29d8d4689a1012390 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 16 Jul 2025 14:58:15 -0700
Subject: [PATCH 323/591] LBs should avoid calling LBs after lb.shutdown()

LoadBalancers shouldn't be called after shutdown(), but RingHashLb could
have enqueued work to the SynchronizationContext that executed after
shutdown(). This commit fixes problems discovered when auditing all LBs
usage of the syncContext for that type of problem.

Similarly, PickFirstLb could have requested a new connection after
shutdown(). We want to avoid that sort of thing too.

RingHashLb's test changed from CONNECTING to TRANSIENT_FAILURE to get
the latest picker. Because two subchannels have failed it will be in
TRANSIENT_FAILURE. Previously the test was using an older picker with
out-of-date subchannelView, and the verifyConnection() was too imprecise
to notice it was creating the wrong subchannel.

As discovered in b/430347751, where ClusterImplLb was seeing a new
subchannel being called after the child LB was shutdown (the shutdown
itself had been caused by RingHashConfig not implementing equals() and
was fixed by a8de9f07ab, which caused ClusterResolverLb to replace its
state):

```
java.lang.NullPointerException
	at io.grpc.xds.ClusterImplLoadBalancer$ClusterImplLbHelper.createClusterLocalityFromAttributes(ClusterImplLoadBalancer.java:322)
	at io.grpc.xds.ClusterImplLoadBalancer$ClusterImplLbHelper.createSubchannel(ClusterImplLoadBalancer.java:236)
	at io.grpc.util.ForwardingLoadBalancerHelper.createSubchannel(ForwardingLoadBalancerHelper.java:47)
	at io.grpc.util.ForwardingLoadBalancerHelper.createSubchannel(ForwardingLoadBalancerHelper.java:47)
	at io.grpc.internal.PickFirstLeafLoadBalancer.createNewSubchannel(PickFirstLeafLoadBalancer.java:527)
	at io.grpc.internal.PickFirstLeafLoadBalancer.requestConnection(PickFirstLeafLoadBalancer.java:459)
	at io.grpc.internal.PickFirstLeafLoadBalancer.acceptResolvedAddresses(PickFirstLeafLoadBalancer.java:174)
	at io.grpc.xds.LazyLoadBalancer$LazyDelegate.activate(LazyLoadBalancer.java:64)
	at io.grpc.xds.LazyLoadBalancer$LazyDelegate.requestConnection(LazyLoadBalancer.java:97)
	at io.grpc.util.ForwardingLoadBalancer.requestConnection(ForwardingLoadBalancer.java:61)
	at io.grpc.xds.RingHashLoadBalancer$RingHashPicker.lambda$pickSubchannel$0(RingHashLoadBalancer.java:440)
	at io.grpc.SynchronizationContext.drain(SynchronizationContext.java:96)
	at io.grpc.SynchronizationContext.execute(SynchronizationContext.java:128)
	at io.grpc.xds.client.XdsClientImpl$ResourceSubscriber.onData(XdsClientImpl.java:817)
```
---
 api/src/main/java/io/grpc/LoadBalancer.java   |  4 +
 .../io/grpc/internal/ManagedChannelImpl.java  |  3 +
 .../grpc/internal/PickFirstLoadBalancer.java  | 14 +--
 .../grpc/internal/ManagedChannelImplTest.java | 13 +++
 .../ShufflingPickFirstLoadBalancer.java       | 17 +---
 .../java/io/grpc/xds/LazyLoadBalancer.java    | 15 +++
 .../io/grpc/xds/RingHashLoadBalancer.java     | 13 ++-
 .../io/grpc/xds/LazyLoadBalancerTest.java     | 94 +++++++++++++++++++
 .../io/grpc/xds/RingHashLoadBalancerTest.java |  4 +-
 9 files changed, 145 insertions(+), 32 deletions(-)
 create mode 100644 xds/src/test/java/io/grpc/xds/LazyLoadBalancerTest.java

diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index 53ba60fdc9c..d2fd8409e01 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -1189,6 +1189,10 @@ public void ignoreRefreshNameResolutionCheck() {
      * Returns a {@link SynchronizationContext} that runs tasks in the same Synchronization Context
      * as that the callback methods on the {@link LoadBalancer} interface are run in.
      *
+     * <p>Work added to the synchronization context might not run immediately, so LB implementations
+     * must be careful to ensure that any assumptions still hold when it is executed. In particular,
+     * the LB might have been shut down or subchannels might have changed state.
+     *
      * <p>Pro-tip: in order to call {@link SynchronizationContext#schedule}, you need to provide a
      * {@link ScheduledExecutorService}.  {@link #getScheduledExecutorService} is provided for your
      * convenience.
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index e8f106c7775..16b8adbd347 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -1967,6 +1967,9 @@ public void run() {
     public void requestConnection() {
       syncContext.throwIfNotInThisSynchronizationContext();
       checkState(started, "not started");
+      if (shutdown) {
+        return;
+      }
       subchannel.obtainActiveTransport();
     }
 
diff --git a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
index acef79d3d9f..a23855e67ec 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
@@ -134,7 +134,7 @@ private void processSubchannelState(Subchannel subchannel, ConnectivityStateInfo
     SubchannelPicker picker;
     switch (newState) {
       case IDLE:
-        picker = new RequestConnectionPicker(subchannel);
+        picker = new RequestConnectionPicker();
         break;
       case CONNECTING:
         // It's safe to use RequestConnectionPicker here, so when coming from IDLE we could leave
@@ -197,22 +197,12 @@ public String toString() {
 
   /** Picker that requests connection during the first pick, and returns noResult. */
   private final class RequestConnectionPicker extends SubchannelPicker {
-    private final Subchannel subchannel;
     private final AtomicBoolean connectionRequested = new AtomicBoolean(false);
 
-    RequestConnectionPicker(Subchannel subchannel) {
-      this.subchannel = checkNotNull(subchannel, "subchannel");
-    }
-
     @Override
     public PickResult pickSubchannel(PickSubchannelArgs args) {
       if (connectionRequested.compareAndSet(false, true)) {
-        helper.getSynchronizationContext().execute(new Runnable() {
-            @Override
-            public void run() {
-              subchannel.requestConnection();
-            }
-          });
+        helper.getSynchronizationContext().execute(PickFirstLoadBalancer.this::requestConnection);
       }
       return PickResult.withNoResult();
     }
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 6dfba7404c6..efc582703ba 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -1767,6 +1767,19 @@ public void subchannelsNoConnectionShutdown() {
             any(SocketAddress.class), any(ClientTransportOptions.class), any(ChannelLogger.class));
   }
 
+  @Test
+  public void subchannelsRequestConnectionNoopAfterShutdown() {
+    createChannel();
+    Subchannel sub1 =
+        createSubchannelSafely(helper, addressGroup, Attributes.EMPTY, subchannelStateListener);
+
+    shutdownSafely(helper, sub1);
+    requestConnectionSafely(helper, sub1);
+    verify(mockTransportFactory, never())
+        .newClientTransport(
+            any(SocketAddress.class), any(ClientTransportOptions.class), any(ChannelLogger.class));
+  }
+
   @Test
   public void subchannelsNoConnectionShutdownNow() {
     createChannel();
diff --git a/examples/src/main/java/io/grpc/examples/customloadbalance/ShufflingPickFirstLoadBalancer.java b/examples/src/main/java/io/grpc/examples/customloadbalance/ShufflingPickFirstLoadBalancer.java
index 4cf09170c8d..b49c856c4d0 100644
--- a/examples/src/main/java/io/grpc/examples/customloadbalance/ShufflingPickFirstLoadBalancer.java
+++ b/examples/src/main/java/io/grpc/examples/customloadbalance/ShufflingPickFirstLoadBalancer.java
@@ -122,7 +122,7 @@ private void processSubchannelState(Subchannel subchannel, ConnectivityStateInfo
     SubchannelPicker picker;
     switch (currentState) {
       case IDLE:
-        picker = new RequestConnectionPicker(subchannel);
+        picker = new RequestConnectionPicker();
         break;
       case CONNECTING:
         picker = new Picker(PickResult.withNoResult());
@@ -182,24 +182,15 @@ public String toString() {
    */
   private final class RequestConnectionPicker extends SubchannelPicker {
 
-    private final Subchannel subchannel;
     private final AtomicBoolean connectionRequested = new AtomicBoolean(false);
 
-    RequestConnectionPicker(Subchannel subchannel) {
-      this.subchannel = checkNotNull(subchannel, "subchannel");
-    }
-
     @Override
     public PickResult pickSubchannel(PickSubchannelArgs args) {
       if (connectionRequested.compareAndSet(false, true)) {
-        helper.getSynchronizationContext().execute(new Runnable() {
-          @Override
-          public void run() {
-            subchannel.requestConnection();
-          }
-        });
+        helper.getSynchronizationContext().execute(
+            ShufflingPickFirstLoadBalancer.this::requestConnection);
       }
       return PickResult.withNoResult();
     }
   }
-}
\ No newline at end of file
+}
diff --git a/xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java b/xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java
index 8ba1cb28c62..b5f09c4ea93 100644
--- a/xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/LazyLoadBalancer.java
@@ -99,11 +99,13 @@ public void requestConnection() {
 
     @Override
     public void shutdown() {
+      delegate = new NoopLoadBalancer();
     }
 
     private final class LazyPicker extends SubchannelPicker {
       @Override
       public PickResult pickSubchannel(PickSubchannelArgs args) {
+        // activate() is a no-op after shutdown()
         helper.getSynchronizationContext().execute(LazyDelegate.this::activate);
         return PickResult.withNoResult();
       }
@@ -121,4 +123,17 @@ public Factory(LoadBalancer.Factory delegate) {
       return new LazyLoadBalancer(helper, delegate);
     }
   }
+
+  private static final class NoopLoadBalancer extends LoadBalancer {
+    @Override
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+      return Status.OK;
+    }
+
+    @Override
+    public void handleNameResolutionError(Status error) {}
+
+    @Override
+    public void shutdown() {}
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
index 96ce5b97024..21ee914ff8f 100644
--- a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
@@ -438,7 +438,9 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
 
           if (subchannelView.connectivityState == IDLE) {
             syncContext.execute(() -> {
-              childLbState.getLb().requestConnection();
+              if (childLbState.getCurrentState() == IDLE) {
+                childLbState.getLb().requestConnection();
+              }
             });
 
             return PickResult.withNoResult(); // Indicates that this should be retried after backoff
@@ -456,10 +458,11 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
             return childLbState.getCurrentPicker().pickSubchannel(args);
           }
           if (!requestedConnection && subchannelView.connectivityState == IDLE) {
-            syncContext.execute(
-                () -> {
-                  childLbState.getLb().requestConnection();
-                });
+            syncContext.execute(() -> {
+              if (childLbState.getCurrentState() == IDLE) {
+                childLbState.getLb().requestConnection();
+              }
+            });
             requestedConnection = true;
           }
         }
diff --git a/xds/src/test/java/io/grpc/xds/LazyLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/LazyLoadBalancerTest.java
new file mode 100644
index 00000000000..c79d048c9d3
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/LazyLoadBalancerTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import io.grpc.CallOptions;
+import io.grpc.ConnectivityState;
+import io.grpc.EquivalentAddressGroup;
+import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancer.ResolvedAddresses;
+import io.grpc.LoadBalancer.SubchannelPicker;
+import io.grpc.ManagedChannel;
+import io.grpc.Metadata;
+import io.grpc.SynchronizationContext;
+import io.grpc.internal.PickSubchannelArgsImpl;
+import io.grpc.testing.TestMethodDescriptors;
+import java.util.Arrays;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit test for {@link io.grpc.xds.LazyLoadBalancer}. */
+@RunWith(JUnit4.class)
+public final class LazyLoadBalancerTest {
+  private SynchronizationContext syncContext =
+      new SynchronizationContext((t, e) -> {
+        throw new AssertionError(e);
+      });
+  private LoadBalancer.PickSubchannelArgs args = new PickSubchannelArgsImpl(
+      TestMethodDescriptors.voidMethod(),
+      new Metadata(),
+      CallOptions.DEFAULT,
+      new LoadBalancer.PickDetailsConsumer() {});
+  private FakeHelper helper = new FakeHelper();
+
+  @Test
+  public void pickerIsNoopAfterEarlyShutdown() {
+    LazyLoadBalancer lb = new LazyLoadBalancer(helper, new LoadBalancer.Factory() {
+      @Override
+      public LoadBalancer newLoadBalancer(LoadBalancer.Helper helper) {
+        throw new AssertionError("unexpected");
+      }
+    });
+    lb.acceptResolvedAddresses(ResolvedAddresses.newBuilder()
+        .setAddresses(Arrays.asList())
+        .build());
+    SubchannelPicker picker = helper.picker;
+    assertThat(picker).isNotNull();
+    lb.shutdown();
+
+    picker.pickSubchannel(args);
+  }
+
+  class FakeHelper extends LoadBalancer.Helper {
+    ConnectivityState state;
+    SubchannelPicker picker;
+
+    @Override
+    public ManagedChannel createOobChannel(EquivalentAddressGroup eag, String authority) {
+      throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void updateBalancingState(ConnectivityState newState, SubchannelPicker newPicker) {
+      this.state = newState;
+      this.picker = newPicker;
+    }
+
+    @Override
+    public SynchronizationContext getSynchronizationContext() {
+      return syncContext;
+    }
+
+    @Override
+    public String getAuthority() {
+      return "localhost";
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
index fc5f21156dd..d65cf96c00d 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
@@ -261,7 +261,7 @@ public void aggregateSubchannelStates_connectingReadyIdleFailure() {
   private void verifyConnection(int times) {
     for (int i = 0; i < times; i++) {
       Subchannel connectOnce = connectionRequestedQueue.poll();
-      assertWithMessage("Null connection is at (%s) of (%s)", i, times)
+      assertWithMessage("Expected %s new connections, but found %s", times, i)
           .that(connectOnce).isNotNull();
       clearInvocations(connectOnce);
     }
@@ -648,7 +648,7 @@ public void skipFailingHosts_firstTwoHostsFailed_pickNextFirstReady() {
         getSubchannel(servers, 2),
         ConnectivityStateInfo.forTransientFailure(
             Status.PERMISSION_DENIED.withDescription("permission denied")));
-    verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
+    verify(helper).updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
     verifyConnection(0);
     PickResult result = pickerCaptor.getValue().pickSubchannel(args); // activate last subchannel
     assertThat(result.getStatus().isOk()).isTrue();

From a37d3eb349e048b953633027ed011cda8b68c603 Mon Sep 17 00:00:00 2001
From: George Gensure <werkt0@gmail.com>
Date: Thu, 10 Jul 2025 09:49:54 -0400
Subject: [PATCH 324/591] Guarantee missing stream promise delivery

In observed cases, whether RST_STREAM or another failure from netty or
the server, listeners can fail to be notified when a connection yields a
null stream for the selected streamId. This causes hangs in clients,
despite deadlines, with no obvious resolution.

Tests which relied upon this promise succeeding must now change.
---
 .../io/grpc/netty/NettyClientHandler.java     | 19 ++++++++++++-------
 .../io/grpc/netty/NettyClientHandlerTest.java |  4 ++--
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
index a5fa0f80077..276fa623c38 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -738,14 +738,19 @@ public void operationComplete(ChannelFuture future) throws Exception {
 
                 // Attach the client stream to the HTTP/2 stream object as user data.
                 stream.setHttp2Stream(http2Stream);
+                promise.setSuccess();
+              } else {
+                // Otherwise, the stream has been cancelled and Netty is sending a
+                // RST_STREAM frame which causes it to purge pending writes from the
+                // flow-controller and delete the http2Stream. The stream listener has already
+                // been notified of cancellation so there is nothing to do.
+                //
+                // This process has been observed to fail in some circumstances, leaving listeners
+                // unanswered. Ensure that some exception has been delivered consistent with the
+                // implied RST_STREAM result above.
+                Status status = Status.INTERNAL.withDescription("unknown stream for connection");
+                promise.setFailure(status.asRuntimeException());
               }
-              // Otherwise, the stream has been cancelled and Netty is sending a
-              // RST_STREAM frame which causes it to purge pending writes from the
-              // flow-controller and delete the http2Stream. The stream listener has already
-              // been notified of cancellation so there is nothing to do.
-
-              // Just forward on the success status to the original promise.
-              promise.setSuccess();
             } else {
               Throwable cause = future.cause();
               if (cause instanceof StreamBufferingEncoder.Http2GoAwayException) {
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index f8fbeea9b82..dd4fcb4ea6c 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -268,7 +268,7 @@ public void cancelBufferedStreamShouldChangeClientStreamStatus() throws Exceptio
     // Cancel the stream.
     cancelStream(Status.CANCELLED);
 
-    assertTrue(createFuture.isSuccess());
+    assertFalse(createFuture.isSuccess());
     verify(streamListener).closed(eq(Status.CANCELLED), same(PROCESSED), any(Metadata.class));
   }
 
@@ -311,7 +311,7 @@ public void cancelWhileBufferedShouldSucceed() throws Exception {
     ChannelFuture cancelFuture = cancelStream(Status.CANCELLED);
     assertTrue(cancelFuture.isSuccess());
     assertTrue(createFuture.isDone());
-    assertTrue(createFuture.isSuccess());
+    assertFalse(createFuture.isSuccess());
   }
 
   /**

From 2e96fbf1e851242f8028af2cbc16dbc96e1037ff Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 15 Jul 2025 15:00:24 -0700
Subject: [PATCH 325/591] netty: Associate netty stream eagerly to avoid client
 hang

In #12185, RPCs were randomly hanging. In #12207 this was tracked down
to the headers promise completing successfully, but the netty stream
was null. This was because the headers write hadn't completed but
stream.close() had been called by goingAway().
---
 .../io/grpc/netty/NettyClientHandler.java     | 13 ++++++++++++
 .../io/grpc/netty/NettyClientHandlerTest.java | 20 +++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
index 276fa623c38..d6bb3790433 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -773,6 +773,19 @@ public void operationComplete(ChannelFuture future) throws Exception {
             }
           }
         });
+    // When the HEADERS are not buffered because of MAX_CONCURRENT_STREAMS in
+    // StreamBufferingEncoder, the stream is created immediately even if the bytes of the HEADERS
+    // are delayed because the OS may have too much buffered and isn't accepting the write. The
+    // write promise is also delayed until flush(). However, we need to associate the netty stream
+    // with the transport state so that goingAway() and forcefulClose() and able to notify the
+    // stream of failures.
+    //
+    // This leaves a hole when MAX_CONCURRENT_STREAMS is reached, as http2Stream will be null, but
+    // it is better than nothing.
+    Http2Stream http2Stream = connection().stream(streamId);
+    if (http2Stream != null) {
+      http2Stream.setProperty(streamKey, stream);
+    }
   }
 
   /**
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index dd4fcb4ea6c..5a2605eea5e 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -453,6 +453,26 @@ public void receivedAbruptGoAwayShouldFailRacingQueuedStreamid() throws Exceptio
     assertTrue(future.isDone());
   }
 
+  @Test
+  public void receivedAbruptGoAwayShouldFailRacingQueuedIoStreamid() throws Exception {
+    // Purposefully avoid flush(), since we want the write to not actually complete.
+    // EmbeddedChannel doesn't support flow control, so this is the next closest approximation.
+    ChannelFuture future = channel().write(
+        newCreateStreamCommand(grpcHeaders, streamTransportState));
+    // Read a GOAWAY that indicates our stream can't be sent
+    channelRead(goAwayFrame(0, 0 /* NO_ERROR */, Unpooled.copiedBuffer("this is a test", UTF_8)));
+
+    ArgumentCaptor<Status> captor = ArgumentCaptor.forClass(Status.class);
+    verify(streamListener).closed(captor.capture(), same(REFUSED),
+        ArgumentMatchers.<Metadata>notNull());
+    assertEquals(Status.UNAVAILABLE.getCode(), captor.getValue().getCode());
+    assertEquals(
+        "Abrupt GOAWAY closed sent stream. HTTP/2 error code: NO_ERROR, "
+          + "debug data: this is a test",
+        captor.getValue().getDescription());
+    assertTrue(future.isDone());
+  }
+
   @Test
   public void receivedGoAway_shouldFailBufferedStreamsExceedingMaxConcurrentStreams()
       throws Exception {

From 80217275db3bd3d565a0167812560119d15d0a83 Mon Sep 17 00:00:00 2001
From: Patrick Strawderman <patrick@kilink.net>
Date: Mon, 21 Jul 2025 20:44:08 -0700
Subject: [PATCH 326/591] api: Size Sets and Maps correctly in handling of
 Metadata values to be exchanged during a call (#12229)

Fix HashSet / HashMap initializations to have sufficient capacity allocated based on the number of keys to be inserted, without which it would always lead to a rehash / resize operation.
---
 api/src/main/java/io/grpc/Metadata.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/src/main/java/io/grpc/Metadata.java b/api/src/main/java/io/grpc/Metadata.java
index fba2659776b..8a958d127df 100644
--- a/api/src/main/java/io/grpc/Metadata.java
+++ b/api/src/main/java/io/grpc/Metadata.java
@@ -22,6 +22,8 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
+import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
 import com.google.common.io.BaseEncoding;
 import com.google.common.io.ByteStreams;
 import java.io.ByteArrayInputStream;
@@ -32,8 +34,6 @@
 import java.util.Arrays;
 import java.util.BitSet;
 import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Locale;
@@ -325,7 +325,7 @@ public Set<String> keys() {
     if (isEmpty()) {
       return Collections.emptySet();
     }
-    Set<String> ks = new HashSet<>(size);
+    Set<String> ks = Sets.newHashSetWithExpectedSize(size);
     for (int i = 0; i < size; i++) {
       ks.add(new String(name(i), 0 /* hibyte */));
     }
@@ -526,7 +526,7 @@ public void merge(Metadata other) {
   public void merge(Metadata other, Set<Key<?>> keys) {
     Preconditions.checkNotNull(other, "other");
     // Use ByteBuffer for equals and hashCode.
-    Map<ByteBuffer, Key<?>> asciiKeys = new HashMap<>(keys.size());
+    Map<ByteBuffer, Key<?>> asciiKeys = Maps.newHashMapWithExpectedSize(keys.size());
     for (Key<?> key : keys) {
       asciiKeys.put(ByteBuffer.wrap(key.asciiName()), key);
     }

From 6ff8ecac09aa2a9e84b342d0326eb424a286fb32 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 10 Jul 2025 11:02:48 -0700
Subject: [PATCH 327/591] core: Don't pre-compute DEADLINE_EXCEEDED message for
 delayed calls

The main reason I made a change here was to fix the tense from the
deadline "will be exceeded in" to "was exceeded after". But we really
don't want to be doing the string formatting unless the deadline is
actually exceeded. There were a few more changes to make some variables
effectively final.
---
 .../io/grpc/internal/DelayedClientCall.java   | 46 +++++++++----------
 .../java/io/grpc/xds/XdsNameResolverTest.java |  2 +-
 2 files changed, 23 insertions(+), 25 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DelayedClientCall.java b/core/src/main/java/io/grpc/internal/DelayedClientCall.java
index f2b0c9a3f06..253237c3c7d 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientCall.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientCall.java
@@ -96,15 +96,13 @@ private boolean isAbeforeB(@Nullable Deadline a, @Nullable Deadline b) {
   private ScheduledFuture<?> scheduleDeadlineIfNeeded(
       ScheduledExecutorService scheduler, @Nullable Deadline deadline) {
     Deadline contextDeadline = context.getDeadline();
-    if (deadline == null && contextDeadline == null) {
-      return null;
-    }
-    long remainingNanos = Long.MAX_VALUE;
-    if (deadline != null) {
+    String deadlineName;
+    long remainingNanos;
+    if (deadline != null && isAbeforeB(deadline, contextDeadline)) {
+      deadlineName = "CallOptions";
       remainingNanos = deadline.timeRemaining(NANOSECONDS);
-    }
-
-    if (contextDeadline != null && contextDeadline.timeRemaining(NANOSECONDS) < remainingNanos) {
+    } else if (contextDeadline != null) {
+      deadlineName = "Context";
       remainingNanos = contextDeadline.timeRemaining(NANOSECONDS);
       if (logger.isLoggable(Level.FINE)) {
         StringBuilder builder =
@@ -121,29 +119,29 @@ private ScheduledFuture<?> scheduleDeadlineIfNeeded(
         }
         logger.fine(builder.toString());
       }
-    }
-
-    long seconds = Math.abs(remainingNanos) / TimeUnit.SECONDS.toNanos(1);
-    long nanos = Math.abs(remainingNanos) % TimeUnit.SECONDS.toNanos(1);
-    final StringBuilder buf = new StringBuilder();
-    String deadlineName = isAbeforeB(contextDeadline, deadline) ? "Context" : "CallOptions";
-    if (remainingNanos < 0) {
-      buf.append("ClientCall started after ");
-      buf.append(deadlineName);
-      buf.append(" deadline was exceeded. Deadline has been exceeded for ");
     } else {
-      buf.append("Deadline ");
-      buf.append(deadlineName);
-      buf.append(" will be exceeded in ");
+      return null;
     }
-    buf.append(seconds);
-    buf.append(String.format(Locale.US, ".%09d", nanos));
-    buf.append("s. ");
 
     /* Cancels the call if deadline exceeded prior to the real call being set. */
     class DeadlineExceededRunnable implements Runnable {
       @Override
       public void run() {
+        long seconds = Math.abs(remainingNanos) / TimeUnit.SECONDS.toNanos(1);
+        long nanos = Math.abs(remainingNanos) % TimeUnit.SECONDS.toNanos(1);
+        StringBuilder buf = new StringBuilder();
+        if (remainingNanos < 0) {
+          buf.append("ClientCall started after ");
+          buf.append(deadlineName);
+          buf.append(" deadline was exceeded. Deadline has been exceeded for ");
+        } else {
+          buf.append("Deadline ");
+          buf.append(deadlineName);
+          buf.append(" was exceeded after ");
+        }
+        buf.append(seconds);
+        buf.append(String.format(Locale.US, ".%09d", nanos));
+        buf.append("s");
         cancel(
             Status.DEADLINE_EXCEEDED.withDescription(buf.toString()),
             // We should not cancel the call if the realCall is set because there could be a
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 7015a43f6ed..3fa31aedf6a 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -2239,7 +2239,7 @@ public long nanoTime() {
     assertThat(testCall).isNull();
     verifyRpcDelayedThenAborted(observer, 4000L, Status.DEADLINE_EXCEEDED.withDescription(
         "Deadline exceeded after up to 5000 ns of fault-injected delay:"
-            + " Deadline CallOptions will be exceeded in 0.000004000s. "));
+            + " Deadline CallOptions was exceeded after 0.000004000s"));
   }
 
   @Test

From c4256add4d58b1ac0e0bbc340874483d408f9a9c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 22 Jul 2025 10:00:52 -0700
Subject: [PATCH 328/591] xds: Align PriorityLB child selection with A56

The PriorityLB predates A56. tryNextPriority() now matches
ChoosePriority() from the gRFC.

The biggest change is waiting on CONNECTING children instead of failing
after the failOverTimer fires. The failOverTimer should be used to start
lower priorities more eagerly, but shouldn't cause the overall
connectivity state to become TRANSIENT_FAILURE on its own. The prior
behavior of creating the "Connection timeout for priority" failing
picker was particularly strange, because it didn't update child's
connectivity state. This previous behavior was creating errors because
of the failOverTimer with no way to diagnose what was going wrong.

b/428517222
---
 .../io/grpc/xds/PriorityLoadBalancer.java     | 20 +++++-----
 .../io/grpc/xds/PriorityLoadBalancerTest.java | 38 +++++++++++++------
 2 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java b/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
index 845c167a643..c72cef9f637 100644
--- a/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
@@ -154,7 +154,8 @@ private Status tryNextPriority() {
         ChildLbState child =
             new ChildLbState(priority, priorityConfigs.get(priority).ignoreReresolution);
         children.put(priority, child);
-        updateOverallState(priority, CONNECTING, new FixedResultPicker(PickResult.withNoResult()));
+        // Child is created in CONNECTING with pending failOverTimer
+        updateOverallState(priority, child.connectivityState, child.picker);
         // Calling the child's updateResolvedAddresses() can result in tryNextPriority() being
         // called recursively. We need to be sure to be done with processing here before it is
         // called.
@@ -173,21 +174,23 @@ private Status tryNextPriority() {
         }
         return Status.OK;
       }
-      if (child.failOverTimer != null && child.failOverTimer.isPending()) {
+      if (child.failOverTimer.isPending()) {
         updateOverallState(priority, child.connectivityState, child.picker);
         return Status.OK; // Give priority i time to connect.
       }
-      if (priority.equals(currentPriority) && child.connectivityState != TRANSIENT_FAILURE) {
-        // If the current priority is not changed into TRANSIENT_FAILURE, keep using it.
+    }
+    for (int i = 0; i < priorityNames.size(); i++) {
+      String priority = priorityNames.get(i);
+      ChildLbState child = children.get(priority);
+      if (child.connectivityState.equals(CONNECTING)) {
         updateOverallState(priority, child.connectivityState, child.picker);
         return Status.OK;
       }
     }
-    // TODO(zdapeng): Include error details of each priority.
     logger.log(XdsLogLevel.DEBUG, "All priority failed");
     String lastPriority = priorityNames.get(priorityNames.size() - 1);
-    SubchannelPicker errorPicker = children.get(lastPriority).picker;
-    updateOverallState(lastPriority, TRANSIENT_FAILURE, errorPicker);
+    ChildLbState child = children.get(lastPriority);
+    updateOverallState(lastPriority, child.connectivityState, child.picker);
     return Status.OK;
   }
 
@@ -231,10 +234,7 @@ public void run() {
           // The child is deactivated.
           return;
         }
-        picker = new FixedResultPicker(PickResult.withError(
-            Status.UNAVAILABLE.withDescription("Connection timeout for priority " + priority)));
         logger.log(XdsLogLevel.DEBUG, "Priority {0} failed over to next", priority);
-        currentPriority = null; // reset currentPriority to guarantee failover happen
         Status status = tryNextPriority();
         if (!status.isOk()) {
           // A child had a problem with the addresses/config. Request it to be refreshed
diff --git a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
index 08d4863d194..ab4c00398f0 100644
--- a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
@@ -376,6 +376,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
     assertThat(fooBalancers).hasSize(2);
     assertThat(fooHelpers).hasSize(2);
     LoadBalancer balancer1 = Iterables.getLast(fooBalancers);
+    Helper helper1 = Iterables.getLast(fooHelpers);
 
     // p1 timeout, and fails over to p2
     fakeClock.forwardTime(10, TimeUnit.SECONDS);
@@ -423,14 +424,20 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
     LoadBalancer balancer3 = Iterables.getLast(fooBalancers);
     Helper helper3 = Iterables.getLast(fooHelpers);
 
-    // p3 timeout then the channel should go to TRANSIENT_FAILURE
+    // p3 timeout then the channel should stay in CONNECTING
     fakeClock.forwardTime(10, TimeUnit.SECONDS);
-    assertCurrentPickerReturnsError(Status.Code.UNAVAILABLE, "timeout");
+    assertCurrentPicker(CONNECTING, PickResult.withNoResult());
 
-    // p3 fails then the picker should have error status updated
+    // p3 fails then the picker should still be waiting on p1
     helper3.updateBalancingState(
         TRANSIENT_FAILURE,
         new FixedResultPicker(PickResult.withError(Status.DATA_LOSS.withDescription("foo"))));
+    assertCurrentPicker(CONNECTING, PickResult.withNoResult());
+
+    // p1 fails then the picker should have error status updated to p3
+    helper1.updateBalancingState(
+        TRANSIENT_FAILURE,
+        new FixedResultPicker(PickResult.withError(Status.DATA_LOSS.withDescription("bar"))));
     assertCurrentPickerReturnsError(Status.Code.DATA_LOSS, "foo");
 
     // p2 gets back to READY
@@ -642,6 +649,7 @@ public void typicalPriorityFailOverFlowWithIdleUpdate() {
     assertThat(fooBalancers).hasSize(2);
     assertThat(fooHelpers).hasSize(2);
     LoadBalancer balancer1 = Iterables.getLast(fooBalancers);
+    Helper helper1 = Iterables.getLast(fooHelpers);
 
     // p1 timeout, and fails over to p2
     fakeClock.forwardTime(10, TimeUnit.SECONDS);
@@ -677,14 +685,20 @@ public void typicalPriorityFailOverFlowWithIdleUpdate() {
     LoadBalancer balancer3 = Iterables.getLast(fooBalancers);
     Helper helper3 = Iterables.getLast(fooHelpers);
 
-    // p3 timeout then the channel should go to TRANSIENT_FAILURE
+    // p3 timeout then the channel should stay in CONNECTING
     fakeClock.forwardTime(10, TimeUnit.SECONDS);
-    assertCurrentPickerReturnsError(Status.Code.UNAVAILABLE, "timeout");
+    assertCurrentPicker(CONNECTING, PickResult.withNoResult());
 
-    // p3 fails then the picker should have error status updated
+    // p3 fails then the picker should still be waiting on p1
     helper3.updateBalancingState(
         TRANSIENT_FAILURE,
         new FixedResultPicker(PickResult.withError(Status.DATA_LOSS.withDescription("foo"))));
+    assertCurrentPicker(CONNECTING, PickResult.withNoResult());
+
+    // p1 fails then the picker should have error status updated to p3
+    helper1.updateBalancingState(
+        TRANSIENT_FAILURE,
+        new FixedResultPicker(PickResult.withError(Status.DATA_LOSS.withDescription("bar"))));
     assertCurrentPickerReturnsError(Status.Code.DATA_LOSS, "foo");
 
     // p2 gets back to IDLE
@@ -863,15 +877,17 @@ private void assertCurrentPickerReturnsError(
   }
 
   private void assertCurrentPickerPicksSubchannel(Subchannel expectedSubchannelToPick) {
-    assertLatestConnectivityState(READY);
-    PickResult pickResult = pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class));
-    assertThat(pickResult.getSubchannel()).isEqualTo(expectedSubchannelToPick);
+    assertCurrentPicker(READY, PickResult.withSubchannel(expectedSubchannelToPick));
   }
 
   private void assertCurrentPickerIsBufferPicker() {
-    assertLatestConnectivityState(IDLE);
+    assertCurrentPicker(IDLE, PickResult.withNoResult());
+  }
+
+  private void assertCurrentPicker(ConnectivityState state, PickResult result) {
+    assertLatestConnectivityState(state);
     PickResult pickResult = pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class));
-    assertThat(pickResult).isEqualTo(PickResult.withNoResult());
+    assertThat(pickResult).isEqualTo(result);
   }
 
   private Object newChildConfig(LoadBalancerProvider provider, Object config) {

From 42e1829b3724c0fb20910c0abe70099994856307 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 24 Jul 2025 11:28:32 +0000
Subject: [PATCH 329/591] xds: Do RLS fallback policy eagar start (#12211)

The resource subscription to the fallback target was done only at the time of falling back, which can cause rpcs to fail. This change makes the fallback target to be subscribed and cached earlier, similar to C++ and go gRPC implementations.
---
 .../java/io/grpc/rls/CachingRlsLbClient.java  | 23 ++++-------
 .../io/grpc/rls/CachingRlsLbClientTest.java   | 15 +++++---
 .../java/io/grpc/rls/RlsLoadBalancerTest.java | 38 +++++++++++++++----
 3 files changed, 49 insertions(+), 27 deletions(-)

diff --git a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
index 7855468ee61..cc3ac9f516e 100644
--- a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
+++ b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
@@ -132,6 +132,7 @@ final class CachingRlsLbClient {
   @GuardedBy("lock")
   private final RefCountedChildPolicyWrapperFactory refCountedChildPolicyWrapperFactory;
   private final ChannelLogger logger;
+  private final ChildPolicyWrapper fallbackChildPolicyWrapper;
 
   static {
     MetricInstrumentRegistry metricInstrumentRegistry
@@ -226,6 +227,13 @@ private CachingRlsLbClient(Builder builder) {
             lbPolicyConfig.getLoadBalancingPolicy(), childLbResolvedAddressFactory,
             childLbHelperProvider,
             new BackoffRefreshListener());
+    // TODO(creamsoup) wait until lb is ready
+    String defaultTarget = lbPolicyConfig.getRouteLookupConfig().defaultTarget();
+    if (defaultTarget != null && !defaultTarget.isEmpty()) {
+      fallbackChildPolicyWrapper = refCountedChildPolicyWrapperFactory.createOrGet(defaultTarget);
+    } else {
+      fallbackChildPolicyWrapper = null;
+    }
 
     gaugeRegistration = helper.getMetricRecorder()
         .registerBatchCallback(new BatchCallback() {
@@ -1022,12 +1030,8 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
       }
     }
 
-    private ChildPolicyWrapper fallbackChildPolicyWrapper;
-
     /** Uses Subchannel connected to default target. */
     private PickResult useFallback(PickSubchannelArgs args) {
-      // TODO(creamsoup) wait until lb is ready
-      startFallbackChildPolicy();
       SubchannelPicker picker = fallbackChildPolicyWrapper.getPicker();
       if (picker == null) {
         return PickResult.withNoResult();
@@ -1052,17 +1056,6 @@ private String determineMetricsPickResult(PickResult pickResult) {
       }
     }
 
-    private void startFallbackChildPolicy() {
-      String defaultTarget = lbPolicyConfig.getRouteLookupConfig().defaultTarget();
-      synchronized (lock) {
-        if (fallbackChildPolicyWrapper != null) {
-          return;
-        }
-        logger.log(ChannelLogLevel.DEBUG, "starting fallback to {0}", defaultTarget);
-        fallbackChildPolicyWrapper = refCountedChildPolicyWrapperFactory.createOrGet(defaultTarget);
-      }
-    }
-
     // GuardedBy CachingRlsLbClient.lock
     void close() {
       synchronized (lock) { // Lock is already held, but ErrorProne can't tell
diff --git a/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java b/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
index 7c5df2c96b3..4f086abc4a2 100644
--- a/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
+++ b/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
@@ -191,7 +191,9 @@ public void setUpMockMetricRecorder() {
 
   @After
   public void tearDown() throws Exception {
-    rlsLbClient.close();
+    if (rlsLbClient != null) {
+      rlsLbClient.close();
+    }
     assertWithMessage(
             "On client shut down, RlsLoadBalancer must shut down with all its child loadbalancers.")
         .that(lbProvider.loadBalancers).isEmpty();
@@ -372,12 +374,14 @@ public void get_updatesLbState() throws Exception {
     ArgumentCaptor<SubchannelPicker> pickerCaptor = ArgumentCaptor.forClass(SubchannelPicker.class);
     ArgumentCaptor<ConnectivityState> stateCaptor =
         ArgumentCaptor.forClass(ConnectivityState.class);
-    inOrder.verify(helper, times(2))
+    inOrder.verify(helper, times(3))
         .updateBalancingState(stateCaptor.capture(), pickerCaptor.capture());
 
     assertThat(new HashSet<>(pickerCaptor.getAllValues())).hasSize(1);
+    // TRANSIENT_FAILURE is because the test setup pretends fallback is not available.
     assertThat(stateCaptor.getAllValues())
-        .containsExactly(ConnectivityState.CONNECTING, ConnectivityState.READY);
+        .containsExactly(ConnectivityState.TRANSIENT_FAILURE, ConnectivityState.CONNECTING,
+            ConnectivityState.READY);
     Metadata headers = new Metadata();
     PickResult pickResult = getPickResultForCreate(pickerCaptor, headers);
     assertThat(pickResult.getStatus().isOk()).isTrue();
@@ -439,7 +443,7 @@ public void timeout_not_changing_picked_subchannel() throws Exception {
     ArgumentCaptor<SubchannelPicker> pickerCaptor = ArgumentCaptor.forClass(SubchannelPicker.class);
     ArgumentCaptor<ConnectivityState> stateCaptor =
         ArgumentCaptor.forClass(ConnectivityState.class);
-    verify(helper, times(4)).updateBalancingState(stateCaptor.capture(), pickerCaptor.capture());
+    verify(helper, times(5)).updateBalancingState(stateCaptor.capture(), pickerCaptor.capture());
 
     Metadata headers = new Metadata();
     PickResult pickResult = getPickResultForCreate(pickerCaptor, headers);
@@ -509,7 +513,7 @@ public void get_withAdaptiveThrottler() throws Exception {
     ArgumentCaptor<SubchannelPicker> pickerCaptor = ArgumentCaptor.forClass(SubchannelPicker.class);
     ArgumentCaptor<ConnectivityState> stateCaptor =
         ArgumentCaptor.forClass(ConnectivityState.class);
-    inOrder.verify(helper, times(2))
+    inOrder.verify(helper, times(3))
         .updateBalancingState(stateCaptor.capture(), pickerCaptor.capture());
 
     Metadata headers = new Metadata();
@@ -699,6 +703,7 @@ public void metricGauges() throws ExecutionException, InterruptedException, Time
 
     // Shutdown
     rlsLbClient.close();
+    rlsLbClient = null;
     verify(mockGaugeRegistration).close();
   }
 
diff --git a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
index f3986cb89d5..354466f3caf 100644
--- a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
@@ -201,7 +201,13 @@ public void tearDown() {
 
   @Test
   public void lb_serverStatusCodeConversion() throws Exception {
-    deliverResolvedAddresses();
+    helper.getSynchronizationContext().execute(() -> {
+      try {
+        deliverResolvedAddresses();
+      } catch (Exception e) {
+        throw new RuntimeException(e);
+      }
+    });
     InOrder inOrder = inOrder(helper);
     inOrder.verify(helper)
         .updateBalancingState(eq(ConnectivityState.CONNECTING), pickerCaptor.capture());
@@ -236,7 +242,13 @@ public void lb_serverStatusCodeConversion() throws Exception {
 
   @Test
   public void lb_working_withDefaultTarget_rlsResponding() throws Exception {
-    deliverResolvedAddresses();
+    helper.getSynchronizationContext().execute(() -> {
+      try {
+        deliverResolvedAddresses();
+      } catch (Exception e) {
+        throw new RuntimeException(e);
+      }
+    });
     InOrder inOrder = inOrder(helper);
     inOrder.verify(helper)
         .updateBalancingState(eq(ConnectivityState.CONNECTING), pickerCaptor.capture());
@@ -257,7 +269,7 @@ public void lb_working_withDefaultTarget_rlsResponding() throws Exception {
     inOrder.verifyNoMoreInteractions();
 
     assertThat(res.getStatus().isOk()).isTrue();
-    assertThat(subchannels).hasSize(1);
+    assertThat(subchannels).hasSize(2); // includes fallback sub-channel
     FakeSubchannel searchSubchannel = subchannels.getLast();
     assertThat(subchannelIsReady(searchSubchannel)).isFalse();
 
@@ -277,7 +289,7 @@ public void lb_working_withDefaultTarget_rlsResponding() throws Exception {
     // other rls picker itself is ready due to first channel.
     assertThat(res.getStatus().isOk()).isTrue();
     assertThat(subchannelIsReady(res.getSubchannel())).isFalse();
-    assertThat(subchannels).hasSize(2);
+    assertThat(subchannels).hasSize(3); // includes fallback sub-channel
     FakeSubchannel rescueSubchannel = subchannels.getLast();
 
     // search subchannel is down, rescue subchannel is connecting
@@ -393,7 +405,13 @@ public void lb_working_withoutDefaultTarget_noRlsResponse() throws Exception {
   public void lb_working_withDefaultTarget_noRlsResponse() throws Exception {
     fakeThrottler.nextResult = true;
 
-    deliverResolvedAddresses();
+    helper.getSynchronizationContext().execute(() -> {
+      try {
+        deliverResolvedAddresses();
+      } catch (Exception e) {
+        throw new RuntimeException(e);
+      }
+    });
     InOrder inOrder = inOrder(helper);
     inOrder.verify(helper)
         .updateBalancingState(eq(ConnectivityState.CONNECTING), pickerCaptor.capture());
@@ -535,7 +553,13 @@ public void lb_working_withoutDefaultTarget() throws Exception {
 
   @Test
   public void lb_nameResolutionFailed() throws Exception {
-    deliverResolvedAddresses();
+    helper.getSynchronizationContext().execute(() -> {
+      try {
+        deliverResolvedAddresses();
+      } catch (Exception e) {
+        throw new RuntimeException(e);
+      }
+    });
     InOrder inOrder = inOrder(helper);
     inOrder.verify(helper)
         .updateBalancingState(eq(ConnectivityState.CONNECTING), pickerCaptor.capture());
@@ -545,7 +569,7 @@ public void lb_nameResolutionFailed() throws Exception {
     assertThat(subchannelIsReady(res.getSubchannel())).isFalse();
 
     inOrder.verify(helper).createSubchannel(any(CreateSubchannelArgs.class));
-    assertThat(subchannels).hasSize(1);
+    assertThat(subchannels).hasSize(2); // includes fallback sub-channel
 
     FakeSubchannel searchSubchannel = subchannels.getLast();
     searchSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));

From 8f09b968991ab78d565dc1af7b6d1d07c9386795 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 28 Jul 2025 00:00:39 -0700
Subject: [PATCH 330/591] bazel: Use jarjar to avoid xds deps (#12243)

Avoiding so many deps will allow us to upgrade the protos without being
forced to upgrade to protobuf-java 4.x. It also removes the remaining
non-bzlmod dependencies.

It'd be really easy to get this wrong, so we do two things 1) mirror the
gradle configuration as much as possible, as that sees a lot of testing,
and 2) run the fake control plane with the _results_ of jarjar. There's
lots of classes that we could mess up, but that at least kicks the tires.

XdsTestUtils.buildRouteConfiguration() was moved to ControlPlaneRule to
stop the unnecessary circular dependency between the classes and to
avoid the many dependencies of XdsTestUtils.

I'm totally hacking java_grpc_library to improve the dependency
situation. Long-term, I think we will stop building Java libraries with
Bazel and require users to rely entirely on Maven Central. That seems to
be the direction Bazel is going and it will greatly simplify the
problems we've seen with protobuf having a single repository for many
languages. So while the hack isn't too bad, I hope we won't have to live
with it long-term.
---
 .github/workflows/testing.yml                 |   3 +
 MODULE.bazel                                  |  26 +-
 WORKSPACE                                     |   9 +-
 compiler/BUILD.bazel                          |   1 +
 examples/MODULE.bazel                         |   4 -
 examples/WORKSPACE                            |   9 +-
 java_grpc_library.bzl                         |  27 ++
 repositories.bzl                              |  59 +--
 testing-proto/BUILD.bazel                     |  20 +
 xds/BUILD.bazel                               | 363 ++++++++++++++----
 xds/build.gradle                              |   6 +-
 .../java/io/grpc/xds/ControlPlaneRule.java    |  22 +-
 .../test/java/io/grpc/xds/XdsTestUtils.java   |  19 +-
 13 files changed, 380 insertions(+), 188 deletions(-)
 create mode 100644 testing-proto/BUILD.bazel

diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 8c934f24f3e..0f099cbcac7 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -102,6 +102,9 @@ jobs:
     - name: Run bazel build
       run: bazelisk build //... --enable_bzlmod=${{ matrix.bzlmod }}
 
+    - name: Run bazel test
+      run: bazelisk test //... --enable_bzlmod=${{ matrix.bzlmod }}
+
     - name: Run example bazel build
       run: bazelisk build //... --enable_bzlmod=${{ matrix.bzlmod }}
       working-directory: ./examples
diff --git a/MODULE.bazel b/MODULE.bazel
index ed027757e86..ed7bac31a34 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -46,36 +46,16 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
 ]
 # GRPC_DEPS_END
 
+bazel_dep(name = "bazel_jar_jar", version = "0.1.7")
 bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-
-# CEL Spec may be removed when cncf/xds MODULE is no longer using protobuf 27.x
-bazel_dep(name = "cel-spec", repo_name = "dev_cel", version = "0.15.0")
-bazel_dep(name = "grpc", repo_name = "com_github_grpc_grpc", version = "1.56.3.bcr.1")
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_cc", version = "0.0.9")
 bazel_dep(name = "rules_java", version = "5.3.5")
-bazel_dep(name = "rules_go", repo_name = "io_bazel_rules_go", version = "0.46.0")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
 bazel_dep(name = "rules_proto", version = "5.3.0-21.7")
 
-non_module_deps = use_extension("//:repositories.bzl", "grpc_java_repositories_extension")
-
-use_repo(
-    non_module_deps,
-    "com_github_cncf_xds",
-    "envoy_api",
-)
-
-grpc_repo_deps_ext = use_extension("@com_github_grpc_grpc//bazel:grpc_deps.bzl", "grpc_repo_deps_ext")
-
-use_repo(
-    grpc_repo_deps_ext,
-    "com_envoyproxy_protoc_gen_validate",
-    "opencensus_proto",
-)
-
 maven = use_extension("@rules_jvm_external//:extensions.bzl", "maven")
 
 maven.install(
@@ -202,7 +182,3 @@ maven.override(
     coordinates = "io.grpc:grpc-util",
     target = "@io_grpc_grpc_java//util",
 )
-
-switched_rules = use_extension("@com_google_googleapis//:extensions.bzl", "switched_rules")
-
-switched_rules.use_languages(java = True)
diff --git a/WORKSPACE b/WORKSPACE
index 7bbfbcc5fa3..227ef332757 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -22,20 +22,19 @@ load("//:repositories.bzl", "grpc_java_repositories")
 
 grpc_java_repositories()
 
+load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar_repositories")
+
+jar_jar_repositories()
+
 load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS")
 load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
 
 protobuf_deps()
 
-load("@envoy_api//bazel:repositories.bzl", "api_dependencies")
-
-api_dependencies()
-
 load("@com_google_googleapis//:repository_rules.bzl", "switched_rules_by_language")
 
 switched_rules_by_language(
     name = "com_google_googleapis_imports",
-    java = True,
 )
 
 maven_install(
diff --git a/compiler/BUILD.bazel b/compiler/BUILD.bazel
index 6f66164f155..6d885ef3f69 100644
--- a/compiler/BUILD.bazel
+++ b/compiler/BUILD.bazel
@@ -18,6 +18,7 @@ cc_binary(
 
 java_library(
     name = "java_grpc_library_deps__do_not_reference",
+    visibility = ["//xds:__pkg__"],
     exports = [
         "//api",
         "//protobuf",
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 382e3943eab..ef057544d5c 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -11,10 +11,6 @@ local_path_override(
     path = "..",
 )
 
-switched_rules = use_extension("@com_google_googleapis//:extensions.bzl", "switched_rules")
-
-switched_rules.use_languages(java = True)
-
 maven = use_extension("@rules_jvm_external//:extensions.bzl", "maven")
 
 use_repo(maven, "maven")
diff --git a/examples/WORKSPACE b/examples/WORKSPACE
index 170e06a90c7..66a713a1a01 100644
--- a/examples/WORKSPACE
+++ b/examples/WORKSPACE
@@ -28,6 +28,10 @@ load("@io_grpc_grpc_java//:repositories.bzl", "grpc_java_repositories")
 
 grpc_java_repositories()
 
+load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar_repositories")
+
+jar_jar_repositories()
+
 # Protobuf now requires C++14 or higher, which requires Bazel configuration
 # outside the WORKSPACE. See .bazelrc in this directory.
 load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS")
@@ -35,15 +39,10 @@ load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
 
 protobuf_deps()
 
-load("@envoy_api//bazel:repositories.bzl", "api_dependencies")
-
-api_dependencies()
-
 load("@com_google_googleapis//:repository_rules.bzl", "switched_rules_by_language")
 
 switched_rules_by_language(
     name = "com_google_googleapis_imports",
-    java = True,
 )
 
 maven_install(
diff --git a/java_grpc_library.bzl b/java_grpc_library.bzl
index e7d133a2769..2caa161b268 100644
--- a/java_grpc_library.bzl
+++ b/java_grpc_library.bzl
@@ -147,6 +147,33 @@ _java_grpc_library = rule(
     implementation = _java_rpc_library_impl,
 )
 
+# A copy of _java_grpc_library, except with a neverlink=1 _toolchain
+INTERNAL_java_grpc_library_for_xds = rule(
+    attrs = {
+        "srcs": attr.label_list(
+            mandatory = True,
+            allow_empty = False,
+            providers = [ProtoInfo],
+        ),
+        "deps": attr.label_list(
+            mandatory = True,
+            allow_empty = False,
+            providers = [JavaInfo],
+        ),
+        "_toolchain": attr.label(
+            default = Label("//xds:java_grpc_library_toolchain"),
+        ),
+    },
+    toolchains = ["@bazel_tools//tools/jdk:toolchain_type"],
+    fragments = ["java"],
+    outputs = {
+        "jar": "lib%{name}.jar",
+        "srcjar": "lib%{name}-src.jar",
+    },
+    provides = [JavaInfo],
+    implementation = _java_rpc_library_impl,
+)
+
 _java_lite_grpc_library = rule(
     attrs = {
         "srcs": attr.label_list(
diff --git a/repositories.bzl b/repositories.bzl
index dd74a48da4b..f9991cac243 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -87,38 +87,11 @@ IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS = {
     "io.grpc:grpc-util": "@io_grpc_grpc_java//util",
 }
 
-def grpc_java_repositories(bzlmod = False):
+def grpc_java_repositories():
     """Imports dependencies for grpc-java."""
-    if not bzlmod and not native.existing_rule("dev_cel"):
-        http_archive(
-            name = "dev_cel",
-            strip_prefix = "cel-spec-0.15.0",
-            sha256 = "3ee09eb69dbe77722e9dee23dc48dc2cd9f765869fcf5ffb1226587c81791a0b",
-            urls = [
-                "https://github.com/google/cel-spec/archive/refs/tags/v0.15.0.tar.gz",
-            ],
-        )
-    if not native.existing_rule("com_github_cncf_xds"):
-        http_archive(
-            name = "com_github_cncf_xds",
-            strip_prefix = "xds-2ac532fd44436293585084f8d94c6bdb17835af0",
-            sha256 = "790c4c83b6950bb602fec221f6a529d9f368cdc8852aae7d2592d0d04b015f37",
-            urls = [
-                "https://github.com/cncf/xds/archive/2ac532fd44436293585084f8d94c6bdb17835af0.tar.gz",
-            ],
-        )
-    if not bzlmod and not native.existing_rule("com_github_grpc_grpc"):
-        http_archive(
-            name = "com_github_grpc_grpc",
-            strip_prefix = "grpc-1.46.0",
-            sha256 = "67423a4cd706ce16a88d1549297023f0f9f0d695a96dd684adc21e67b021f9bc",
-            urls = [
-                "https://github.com/grpc/grpc/archive/v1.46.0.tar.gz",
-            ],
-        )
-    if not bzlmod and not native.existing_rule("com_google_protobuf"):
+    if not native.existing_rule("com_google_protobuf"):
         com_google_protobuf()
-    if not bzlmod and not native.existing_rule("com_google_googleapis"):
+    if not native.existing_rule("com_google_googleapis"):
         http_archive(
             name = "com_google_googleapis",
             sha256 = "49930468563dd48283e8301e8d4e71436bf6d27ac27c235224cc1a098710835d",
@@ -127,25 +100,14 @@ def grpc_java_repositories(bzlmod = False):
                 "https://github.com/googleapis/googleapis/archive/ca1372c6d7bcb199638ebfdb40d2b2660bab7b88.tar.gz",
             ],
         )
-    if not bzlmod and not native.existing_rule("io_bazel_rules_go"):
-        http_archive(
-            name = "io_bazel_rules_go",
-            sha256 = "ab21448cef298740765f33a7f5acee0607203e4ea321219f2a4c85a6e0fb0a27",
-            urls = [
-                "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.32.0/rules_go-v0.32.0.zip",
-                "https://github.com/bazelbuild/rules_go/releases/download/v0.32.0/rules_go-v0.32.0.zip",
-            ],
-        )
     if not native.existing_rule("io_grpc_grpc_proto"):
         io_grpc_grpc_proto()
-    if not native.existing_rule("envoy_api"):
+    if not native.existing_rule("bazel_jar_jar"):
         http_archive(
-            name = "envoy_api",
-            sha256 = "ecf71817233eba19cc8b4ee14e126ffd5838065d5b5a92b2506258a42ac55199",
-            strip_prefix = "data-plane-api-0bc95493c5e88b7b07e62758d23b39341813a827",
-            urls = [
-                "https://github.com/envoyproxy/data-plane-api/archive/0bc95493c5e88b7b07e62758d23b39341813a827.tar.gz",
-            ],
+            name = "bazel_jar_jar",
+            sha256 = "3117f913c732142a795551f530d02c9157b9ea895e6b2de0fbb5af54f03040a5",
+            strip_prefix = "bazel_jar_jar-0.1.6",
+            url = "https://github.com/bazeltools/bazel_jar_jar/releases/download/v0.1.6/bazel_jar_jar-v0.1.6.tar.gz",
         )
 
 def com_google_protobuf():
@@ -166,8 +128,3 @@ def io_grpc_grpc_proto():
         strip_prefix = "grpc-proto-4f245d272a28a680606c0739753506880cf33b5f",
         urls = ["https://github.com/grpc/grpc-proto/archive/4f245d272a28a680606c0739753506880cf33b5f.zip"],
     )
-
-def _grpc_java_repositories_extension(_):
-    grpc_java_repositories(bzlmod = True)
-
-grpc_java_repositories_extension = module_extension(implementation = _grpc_java_repositories_extension)
diff --git a/testing-proto/BUILD.bazel b/testing-proto/BUILD.bazel
new file mode 100644
index 00000000000..985dbd9777e
--- /dev/null
+++ b/testing-proto/BUILD.bazel
@@ -0,0 +1,20 @@
+load("//:java_grpc_library.bzl", "java_grpc_library")
+
+proto_library(
+    name = "simpleservice_proto",
+    srcs = ["src/main/proto/io/grpc/testing/protobuf/simpleservice.proto"],
+    strip_import_prefix = "src/main/proto/",
+)
+
+java_proto_library(
+    name = "simpleservice_java_proto",
+    visibility = ["//xds:__pkg__"],
+    deps = [":simpleservice_proto"],
+)
+
+java_grpc_library(
+    name = "simpleservice_java_grpc",
+    srcs = [":simpleservice_proto"],
+    visibility = ["//xds:__pkg__"],
+    deps = [":simpleservice_java_proto"],
+)
diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index 53fac28b2da..203fa2c3d71 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -1,5 +1,6 @@
+load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar")
 load("@rules_jvm_external//:defs.bzl", "artifact")
-load("//:java_grpc_library.bzl", "java_grpc_library")
+load("//:java_grpc_library.bzl", "INTERNAL_java_grpc_library_for_xds", "java_grpc_library", "java_rpc_toolchain")
 
 # Mirrors the dependencies included in the artifact on Maven Central for usage
 # with maven_install's override_targets. Should only be used as a dep for
@@ -13,25 +14,11 @@ java_library(
     ],
 )
 
+# Ordinary deps for :xds
 java_library(
-    name = "xds",
-    srcs = glob(
-        [
-            "src/main/java/**/*.java",
-            "third_party/zero-allocation-hashing/main/java/**/*.java",
-        ],
-        exclude = ["src/main/java/io/grpc/xds/orca/**"],
-    ),
-    resources = glob([
-        "src/main/resources/**",
-    ]),
-    visibility = ["//visibility:public"],
-    deps = [
-        ":envoy_service_discovery_v3_java_grpc",
-        ":envoy_service_load_stats_v3_java_grpc",
-        ":envoy_service_status_v3_java_grpc",
+    name = "xds_deps_depend",
+    exports = [
         ":orca",
-        ":xds_protos_java",
         "//:auto_value_annotations",
         "//alts",
         "//api",
@@ -43,7 +30,6 @@ java_library(
         "//services:metrics_internal",
         "//stub",
         "//util",
-        "@com_google_googleapis//google/rpc:rpc_java_proto",
         "@com_google_protobuf//:protobuf_java",
         "@com_google_protobuf//:protobuf_java_util",
         "@maven//:com_google_auth_google_auth_library_oauth2_http",
@@ -58,70 +44,89 @@ java_library(
         artifact("io.netty:netty-handler"),
         artifact("io.netty:netty-transport"),
     ],
+    runtime_deps = [
+        "//compiler:java_grpc_library_deps__do_not_reference",
+    ],
 )
 
-java_proto_library(
-    name = "xds_protos_java",
-    deps = [
-        "@com_github_cncf_xds//udpa/type/v1:pkg",
-        "@com_github_cncf_xds//xds/type/v3:pkg",
-        "@envoy_api//envoy/admin/v3:pkg",
-        "@envoy_api//envoy/config/cluster/v3:pkg",
-        "@envoy_api//envoy/config/core/v3:pkg",
-        "@envoy_api//envoy/config/endpoint/v3:pkg",
-        "@envoy_api//envoy/config/listener/v3:pkg",
-        "@envoy_api//envoy/config/rbac/v3:pkg",
-        "@envoy_api//envoy/config/route/v3:pkg",
-        "@envoy_api//envoy/extensions/clusters/aggregate/v3:pkg",
-        "@envoy_api//envoy/extensions/filters/common/fault/v3:pkg",
-        "@envoy_api//envoy/extensions/filters/http/fault/v3:pkg",
-        "@envoy_api//envoy/extensions/filters/http/gcp_authn/v3:pkg",
-        "@envoy_api//envoy/extensions/filters/http/rbac/v3:pkg",
-        "@envoy_api//envoy/extensions/filters/http/router/v3:pkg",
-        "@envoy_api//envoy/extensions/filters/network/http_connection_manager/v3:pkg",
-        "@envoy_api//envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3:pkg",
-        "@envoy_api//envoy/extensions/load_balancing_policies/least_request/v3:pkg",
-        "@envoy_api//envoy/extensions/load_balancing_policies/pick_first/v3:pkg",
-        "@envoy_api//envoy/extensions/load_balancing_policies/ring_hash/v3:pkg",
-        "@envoy_api//envoy/extensions/load_balancing_policies/round_robin/v3:pkg",
-        "@envoy_api//envoy/extensions/load_balancing_policies/wrr_locality/v3:pkg",
-        "@envoy_api//envoy/extensions/transport_sockets/http_11_proxy/v3:pkg",
-        "@envoy_api//envoy/extensions/transport_sockets/tls/v3:pkg",
-        "@envoy_api//envoy/service/discovery/v3:pkg",
-        "@envoy_api//envoy/service/load_stats/v3:pkg",
-        "@envoy_api//envoy/service/status/v3:pkg",
-        "@envoy_api//envoy/type/matcher/v3:pkg",
-        "@envoy_api//envoy/type/v3:pkg",
-    ],
+java_library(
+    name = "xds_deps_depend_neverlink",
+    neverlink = 1,
+    exports = [":xds_deps_depend"],
 )
 
-java_grpc_library(
-    name = "envoy_service_discovery_v3_java_grpc",
-    srcs = ["@envoy_api//envoy/service/discovery/v3:pkg"],
-    deps = [":xds_protos_java"],
+# Deps to be combined into the :xds jar itself
+java_library(
+    name = "xds_deps_embed",
+    exports = [
+        ":envoy_java_grpc",
+        ":envoy_java_proto",
+        ":googleapis_rpc_java_proto",
+        ":xds_java_proto",
+    ],
 )
 
-java_grpc_library(
-    name = "envoy_service_load_stats_v3_java_grpc",
-    srcs = ["@envoy_api//envoy/service/load_stats/v3:pkg"],
-    deps = [":xds_protos_java"],
+java_binary(
+    name = "xds_notjarjar",
+    srcs = glob(
+        [
+            "src/main/java/**/*.java",
+            "third_party/zero-allocation-hashing/main/java/**/*.java",
+        ],
+        exclude = ["src/main/java/io/grpc/xds/orca/**"],
+    ),
+    main_class = "unused",
+    resources = glob([
+        "src/main/resources/**",
+    ]),
+    deps = [
+        # Do not add additional dependencies here; add them to one of these two deps instead
+        ":xds_deps_depend_neverlink",
+        ":xds_deps_embed",
+    ],
 )
 
-java_grpc_library(
-    name = "envoy_service_status_v3_java_grpc",
-    srcs = ["@envoy_api//envoy/service/status/v3:pkg"],
-    deps = [":xds_protos_java"],
+JAR_JAR_RULES = [
+    "zap com.google.protobuf.**",  # Drop codegen dep
+    # Keep in sync with build.gradle's shadowJar
+    "rule com.github.udpa.** io.grpc.xds.shaded.com.github.udpa.@1",
+    "rule com.github.xds.** io.grpc.xds.shaded.com.github.xds.@1",
+    "rule com.google.api.expr.** io.grpc.xds.shaded.com.google.api.expr.@1",
+    "rule com.google.security.** io.grpc.xds.shaded.com.google.security.@1",
+    "rule dev.cel.expr.** io.grpc.xds.shaded.dev.cel.expr.@1",
+    "rule envoy.annotations.** io.grpc.xds.shaded.envoy.annotations.@1",
+    "rule io.envoyproxy.** io.grpc.xds.shaded.io.envoyproxy.@1",
+    "rule udpa.annotations.** io.grpc.xds.shaded.udpa.annotations.@1",
+    "rule xds.annotations.** io.grpc.xds.shaded.xds.annotations.@1",
+]
+
+jar_jar(
+    name = "xds_jarjar",
+    inline_rules = JAR_JAR_RULES,
+    input_jar = ":xds_notjarjar_deploy.jar",
 )
 
 java_library(
-    name = "orca",
-    srcs = glob([
-        "src/main/java/io/grpc/xds/orca/*.java",
-    ]),
+    name = "xds",
     visibility = ["//visibility:public"],
+    exports = [":xds_jarjar"],
+    runtime_deps = [":xds_deps_depend"],
+)
+
+java_proto_library(
+    name = "googleapis_rpc_java_proto",
     deps = [
-        ":orca_protos_java",
-        ":xds_service_orca_v3_java_grpc",
+        "@com_google_googleapis//google/rpc:code_proto",
+        "@com_google_googleapis//google/rpc:status_proto",
+    ],
+)
+
+# Ordinary deps for :orca
+java_library(
+    name = "orca_deps_depend",
+    exports = [
+        ":xds_orca_java_grpc",
+        ":xds_orca_java_proto",
         "//api",
         "//context",
         "//core:internal",
@@ -136,16 +141,222 @@ java_library(
     ],
 )
 
+java_library(
+    name = "orca_deps_depend_neverlink",
+    neverlink = 1,
+    exports = [":orca_deps_depend"],
+)
+
+# Deps to be combined into the :orca jar itself
+java_library(
+    name = "orca_deps_embed",
+    exports = [
+        ":xds_orca_java_grpc",
+        ":xds_orca_java_proto",
+    ],
+)
+
+java_binary(
+    name = "orca_notjarjar",
+    srcs = glob([
+        "src/main/java/io/grpc/xds/orca/*.java",
+    ]),
+    main_class = "unused",
+    visibility = ["//visibility:public"],
+    deps = [
+        # Do not add additional dependencies here; add them to one of these two deps instead
+        ":orca_deps_depend_neverlink",
+        ":orca_deps_embed",
+    ],
+)
+
+jar_jar(
+    name = "orca_jarjar",
+    inline_rules = JAR_JAR_RULES,
+    input_jar = ":orca_notjarjar_deploy.jar",
+)
+
+java_library(
+    name = "orca",
+    visibility = ["//visibility:public"],
+    exports = [":orca_jarjar"],
+    runtime_deps = [":orca_deps_depend"],
+)
+
+java_proto_library(
+    name = "orca_java_proto",
+    deps = [":xds_proto"],
+)
+
+java_grpc_library(
+    name = "orca_java_grpc",
+    srcs = [":xds_proto"],
+    deps = [":orca_java_proto"],
+)
+
+proto_library(
+    name = "cel_spec_proto",
+    srcs = glob(["third_party/cel-spec/src/main/proto/**/*.proto"]),
+    strip_import_prefix = "third_party/cel-spec/src/main/proto/",
+    deps = [
+        "@com_google_protobuf//:duration_proto",
+        "@com_google_protobuf//:empty_proto",
+        "@com_google_protobuf//:struct_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
+proto_library(
+    name = "envoy_proto",
+    srcs = glob(["third_party/envoy/src/main/proto/**/*.proto"]),
+    strip_import_prefix = "third_party/envoy/src/main/proto/",
+    deps = [
+        ":googleapis_proto",
+        ":protoc_gen_validate_proto",
+        ":xds_proto",
+        "@com_google_googleapis//google/api:annotations_proto",
+        "@com_google_googleapis//google/rpc:status_proto",
+        "@com_google_protobuf//:any_proto",
+        "@com_google_protobuf//:descriptor_proto",
+        "@com_google_protobuf//:duration_proto",
+        "@com_google_protobuf//:empty_proto",
+        "@com_google_protobuf//:struct_proto",
+        "@com_google_protobuf//:timestamp_proto",
+        "@com_google_protobuf//:wrappers_proto",
+    ],
+)
+
+java_proto_library(
+    name = "envoy_java_proto",
+    deps = [":envoy_proto"],
+)
+
+INTERNAL_java_grpc_library_for_xds(
+    name = "envoy_java_grpc",
+    srcs = [":envoy_proto"],
+    deps = [":envoy_java_proto"],
+)
+
+proto_library(
+    name = "googleapis_proto",
+    srcs = glob(["third_party/googleapis/src/main/proto/**/*.proto"]),
+    strip_import_prefix = "third_party/googleapis/src/main/proto/",
+    deps = [
+        "@com_google_protobuf//:duration_proto",
+        "@com_google_protobuf//:empty_proto",
+        "@com_google_protobuf//:struct_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
+proto_library(
+    name = "protoc_gen_validate_proto",
+    srcs = glob(["third_party/protoc-gen-validate/src/main/proto/**/*.proto"]),
+    strip_import_prefix = "third_party/protoc-gen-validate/src/main/proto/",
+    deps = [
+        "@com_google_protobuf//:descriptor_proto",
+        "@com_google_protobuf//:duration_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
+proto_library(
+    name = "xds_proto",
+    srcs = glob(
+        ["third_party/xds/src/main/proto/**/*.proto"],
+        exclude = [
+            "third_party/xds/src/main/proto/xds/data/orca/v3/*.proto",
+            "third_party/xds/src/main/proto/xds/service/orca/v3/*.proto",
+        ],
+    ),
+    strip_import_prefix = "third_party/xds/src/main/proto/",
+    deps = [
+        ":cel_spec_proto",
+        ":googleapis_proto",
+        ":protoc_gen_validate_proto",
+        "@com_google_protobuf//:any_proto",
+        "@com_google_protobuf//:descriptor_proto",
+        "@com_google_protobuf//:duration_proto",
+        "@com_google_protobuf//:struct_proto",
+        "@com_google_protobuf//:wrappers_proto",
+    ],
+)
+
 java_proto_library(
-    name = "orca_protos_java",
+    name = "xds_java_proto",
+    deps = [":xds_proto"],
+)
+
+proto_library(
+    name = "xds_orca_proto",
+    srcs = glob([
+        "third_party/xds/src/main/proto/xds/data/orca/v3/*.proto",
+        "third_party/xds/src/main/proto/xds/service/orca/v3/*.proto",
+    ]),
+    strip_import_prefix = "third_party/xds/src/main/proto/",
     deps = [
-        "@com_github_cncf_xds//xds/data/orca/v3:pkg",
-        "@com_github_cncf_xds//xds/service/orca/v3:pkg",
+        ":protoc_gen_validate_proto",
+        "@com_google_protobuf//:duration_proto",
     ],
 )
 
+java_proto_library(
+    name = "xds_orca_java_proto",
+    deps = [":xds_orca_proto"],
+)
+
 java_grpc_library(
-    name = "xds_service_orca_v3_java_grpc",
-    srcs = ["@com_github_cncf_xds//xds/service/orca/v3:pkg"],
-    deps = [":orca_protos_java"],
+    name = "xds_orca_java_grpc",
+    srcs = [":xds_orca_proto"],
+    deps = [":xds_orca_java_proto"],
+)
+
+java_rpc_toolchain(
+    name = "java_grpc_library_toolchain",
+    plugin = "//compiler:grpc_java_plugin",
+    runtime = [":java_grpc_library_deps"],
+)
+
+java_library(
+    name = "java_grpc_library_deps",
+    neverlink = 1,
+    exports = ["//compiler:java_grpc_library_deps__do_not_reference"],
+)
+
+java_library(
+    name = "testlib",
+    testonly = 1,
+    srcs = [
+        "src/test/java/io/grpc/xds/ControlPlaneRule.java",
+        "src/test/java/io/grpc/xds/DataPlaneRule.java",
+        "src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java",
+        "src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java",
+        "src/test/java/io/grpc/xds/XdsTestControlPlaneService.java",
+        "src/test/java/io/grpc/xds/XdsTestLoadReportingService.java",
+    ],
+    deps = [
+        ":envoy_java_grpc",
+        ":envoy_java_proto",
+        ":xds",
+        ":xds_java_proto",
+        "//api",
+        "//core:internal",
+        "//stub",
+        "//testing",
+        "//testing-proto:simpleservice_java_grpc",
+        "//testing-proto:simpleservice_java_proto",
+        "//util",
+        "@com_google_protobuf//java/core",
+        "@maven//:com_google_code_findbugs_jsr305",
+        "@maven//:com_google_guava_guava",
+        "@maven//:com_google_truth_truth",
+        "@maven//:junit_junit",
+    ],
+)
+
+java_test(
+    name = "FakeControlPlaneXdsIntegrationTest",
+    size = "small",
+    test_class = "io.grpc.xds.FakeControlPlaneXdsIntegrationTest",
+    runtime_deps = [":testlib"],
 )
diff --git a/xds/build.gradle b/xds/build.gradle
index 90ba3709d14..72dea373097 100644
--- a/xds/build.gradle
+++ b/xds/build.gradle
@@ -17,12 +17,11 @@ sourceSets {
             srcDir "${projectDir}/third_party/zero-allocation-hashing/main/java"
         }
         proto {
+            srcDir 'third_party/cel-spec/src/main/proto'
             srcDir 'third_party/envoy/src/main/proto'
+            srcDir 'third_party/googleapis/src/main/proto'
             srcDir 'third_party/protoc-gen-validate/src/main/proto'
             srcDir 'third_party/xds/src/main/proto'
-            srcDir 'third_party/cel-spec/src/main/proto'
-            srcDir 'third_party/googleapis/src/main/proto'
-            srcDir 'third_party/istio/src/main/proto'
         }
     }
     main {
@@ -186,6 +185,7 @@ tasks.named("shadowJar").configure {
         include(project(':grpc-xds'))
     }
     // Relocated packages commonly need exclusions in jacocoTestReport and javadoc
+    // Keep in sync with BUILD.bazel's JAR_JAR_RULES
     relocate 'com.github.udpa', "${prefixName}.shaded.com.github.udpa"
     relocate 'com.github.xds', "${prefixName}.shaded.com.github.xds"
     relocate 'com.google.api.expr', "${prefixName}.shaded.com.google.api.expr"
diff --git a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
index 11ea957ae35..3665e16b6bf 100644
--- a/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
+++ b/xds/src/test/java/io/grpc/xds/ControlPlaneRule.java
@@ -24,6 +24,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import com.google.protobuf.Any;
+import com.google.protobuf.BoolValue;
 import com.google.protobuf.Message;
 import com.google.protobuf.UInt32Value;
 import io.envoyproxy.envoy.config.cluster.v3.Cluster;
@@ -44,6 +45,7 @@
 import io.envoyproxy.envoy.config.listener.v3.Listener;
 import io.envoyproxy.envoy.config.route.v3.NonForwardingAction;
 import io.envoyproxy.envoy.config.route.v3.Route;
+import io.envoyproxy.envoy.config.route.v3.RouteAction;
 import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
 import io.envoyproxy.envoy.config.route.v3.RouteMatch;
 import io.envoyproxy.envoy.config.route.v3.VirtualHost;
@@ -237,7 +239,25 @@ void setEdsConfig(String edsName, ClusterLoadAssignment clusterLoadAssignment) {
    * Builds a new default RDS configuration.
    */
   static RouteConfiguration buildRouteConfiguration(String authority) {
-    return XdsTestUtils.buildRouteConfiguration(authority, RDS_NAME, CLUSTER_NAME);
+    return buildRouteConfiguration(authority, RDS_NAME, CLUSTER_NAME);
+  }
+
+  static RouteConfiguration buildRouteConfiguration(String authority, String rdsName,
+                                                    String clusterName) {
+    io.envoyproxy.envoy.config.route.v3.VirtualHost.Builder vhBuilder =
+        io.envoyproxy.envoy.config.route.v3.VirtualHost.newBuilder()
+            .setName(rdsName)
+            .addDomains(authority)
+            .addRoutes(
+                Route.newBuilder()
+                    .setMatch(
+                        RouteMatch.newBuilder().setPrefix("/").build())
+                    .setRoute(
+                        RouteAction.newBuilder().setCluster(clusterName)
+                            .setAutoHostRewrite(BoolValue.newBuilder().setValue(true).build())
+                            .build()));
+    io.envoyproxy.envoy.config.route.v3.VirtualHost virtualHost = vhBuilder.build();
+    return RouteConfiguration.newBuilder().setName(rdsName).addVirtualHosts(virtualHost).build();
   }
 
   /**
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index e85058f0f3f..b1818445bea 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -30,7 +30,6 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.protobuf.Any;
-import com.google.protobuf.BoolValue;
 import com.google.protobuf.Message;
 import com.google.protobuf.util.Durations;
 import io.envoyproxy.envoy.config.cluster.v3.Cluster;
@@ -38,10 +37,7 @@
 import io.envoyproxy.envoy.config.endpoint.v3.ClusterStats;
 import io.envoyproxy.envoy.config.listener.v3.ApiListener;
 import io.envoyproxy.envoy.config.listener.v3.Listener;
-import io.envoyproxy.envoy.config.route.v3.Route;
-import io.envoyproxy.envoy.config.route.v3.RouteAction;
 import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
-import io.envoyproxy.envoy.config.route.v3.RouteMatch;
 import io.envoyproxy.envoy.extensions.clusters.aggregate.v3.ClusterConfig;
 import io.envoyproxy.envoy.extensions.filters.http.router.v3.Router;
 import io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter;
@@ -306,20 +302,7 @@ static Map<Locality, LocalityLbEndpoints> createMinimalLbEndpointsMap(String ser
 
   static RouteConfiguration buildRouteConfiguration(String authority, String rdsName,
                                                     String clusterName) {
-    io.envoyproxy.envoy.config.route.v3.VirtualHost.Builder vhBuilder =
-        io.envoyproxy.envoy.config.route.v3.VirtualHost.newBuilder()
-            .setName(rdsName)
-            .addDomains(authority)
-            .addRoutes(
-                Route.newBuilder()
-                    .setMatch(
-                        RouteMatch.newBuilder().setPrefix("/").build())
-                    .setRoute(
-                        RouteAction.newBuilder().setCluster(clusterName)
-                            .setAutoHostRewrite(BoolValue.newBuilder().setValue(true).build())
-                            .build()));
-    io.envoyproxy.envoy.config.route.v3.VirtualHost virtualHost = vhBuilder.build();
-    return RouteConfiguration.newBuilder().setName(rdsName).addVirtualHosts(virtualHost).build();
+    return ControlPlaneRule.buildRouteConfiguration(authority, rdsName, clusterName);
   }
 
   static Cluster buildAggCluster(String name, List<String> childNames) {

From c3ef1ab034c8c3c75d2538d7e1c9b5f99583d8bf Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Mon, 28 Jul 2025 20:56:27 +0530
Subject: [PATCH 331/591] xds: Envoy proto sync to (#12224)

---
 xds/third_party/envoy/import.sh               |   4 +-
 .../envoy/admin/v3/config_dump_shared.proto   |   8 +
 .../envoy/config/accesslog/v3/accesslog.proto |  46 +++--
 .../envoy/config/bootstrap/v3/bootstrap.proto |   4 +-
 .../envoy/config/cluster/v3/cluster.proto     |  46 ++++-
 .../proto/envoy/config/core/v3/address.proto  |  16 +-
 .../proto/envoy/config/core/v3/base.proto     |  49 ++++-
 .../envoy/config/core/v3/health_check.proto   |  12 +-
 .../proto/envoy/config/core/v3/protocol.proto |  68 +++++--
 .../envoy/config/core/v3/proxy_protocol.proto |  40 ++++
 .../config/core/v3/socket_cmsg_headers.proto  |   2 +-
 .../core/v3/substitution_format_string.proto  |  13 +-
 .../endpoint/v3/endpoint_components.proto     |  35 +++-
 .../envoy/config/listener/v3/listener.proto   |  34 +++-
 .../proto/envoy/config/rbac/v3/rbac.proto     |  85 +++++---
 .../config/route/v3/route_components.proto    | 182 ++++++++++++++---
 .../envoy/data/accesslog/v3/accesslog.proto   |  49 ++---
 .../clusters/aggregate/v3/cluster.proto       |  17 ++
 .../filters/http/rbac/v3/rbac.proto           |  55 ++---
 .../filters/http/router/v3/router.proto       |   4 +-
 .../v3/http_connection_manager.proto          | 130 ++++++------
 .../v3/client_side_weighted_round_robin.proto |   7 +
 .../common/v3/common.proto                    |  25 +++
 .../transport_sockets/tls/v3/common.proto     |  44 +++-
 .../transport_sockets/tls/v3/secret.proto     |   7 +-
 .../transport_sockets/tls/v3/tls.proto        | 119 +++++------
 .../service/discovery/v3/discovery.proto      | 191 +++++++++++-------
 .../proto/envoy/service/status/v3/csds.proto  |   5 +
 .../proto/envoy/type/matcher/v3/address.proto |  22 ++
 .../envoy/type/matcher/v3/filter_state.proto  |   4 +
 .../envoy/type/matcher/v3/metadata.proto      |  32 +--
 .../proto/envoy/type/matcher/v3/string.proto  |  22 +-
 .../envoy/type/metadata/v3/metadata.proto     |  32 +--
 .../xds/src/main/proto/xds/core/v3/cidr.proto |   2 +-
 34 files changed, 998 insertions(+), 413 deletions(-)
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/address.proto

diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh
index 7a6b33871b3..ba657612586 100755
--- a/xds/third_party/envoy/import.sh
+++ b/xds/third_party/envoy/import.sh
@@ -17,7 +17,7 @@
 
 set -e
 # import VERSION from the google internal copybara_version.txt for Envoy
-VERSION=0b90f64539c88dc3d2a6792dc714e8207bce0c08
+VERSION=1128a52d227efb8c798478d293fdc05e8075ebcd
 DOWNLOAD_URL="https://github.com/envoyproxy/envoy/archive/${VERSION}.tar.gz"
 DOWNLOAD_BASE_DIR="envoy-${VERSION}"
 SOURCE_PROTO_BASE_DIR="${DOWNLOAD_BASE_DIR}/api"
@@ -46,6 +46,7 @@ envoy/config/core/v3/http_uri.proto
 envoy/config/core/v3/protocol.proto
 envoy/config/core/v3/proxy_protocol.proto
 envoy/config/core/v3/resolver.proto
+envoy/config/core/v3/socket_cmsg_headers.proto
 envoy/config/core/v3/socket_option.proto
 envoy/config/core/v3/substitution_format_string.proto
 envoy/config/core/v3/udp_socket_config.proto
@@ -97,6 +98,7 @@ envoy/service/load_stats/v3/lrs.proto
 envoy/service/rate_limit_quota/v3/rlqs.proto
 envoy/service/status/v3/csds.proto
 envoy/type/http/v3/path_transformation.proto
+envoy/type/matcher/v3/address.proto
 envoy/type/matcher/v3/filter_state.proto
 envoy/type/matcher/v3/http_inputs.proto
 envoy/type/matcher/v3/metadata.proto
diff --git a/xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump_shared.proto b/xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump_shared.proto
index 8de77e18e1f..b34e004d986 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump_shared.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump_shared.proto
@@ -39,6 +39,14 @@ enum ClientResourceStatus {
 
   // Client received this resource and replied with NACK.
   NACKED = 4;
+
+  // Client received an error from the control plane. The attached config
+  // dump is the most recent accepted one. If no config is accepted yet,
+  // the attached config dump will be empty.
+  RECEIVED_ERROR = 5;
+
+  // Client timed out waiting for the resource from the control plane.
+  TIMEOUT = 6;
 }
 
 message UpdateFailureState {
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto
index 5599f8082d3..6753ab6ab52 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto
@@ -152,35 +152,38 @@ message TraceableFilter {
       "envoy.config.filter.accesslog.v2.TraceableFilter";
 }
 
-// Filters for random sampling of requests.
+// Filters requests based on runtime-configurable sampling rates.
 message RuntimeFilter {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.accesslog.v2.RuntimeFilter";
 
-  // Runtime key to get an optional overridden numerator for use in the
-  // ``percent_sampled`` field. If found in runtime, this value will replace the
-  // default numerator.
+  // Specifies a key used to look up a custom sampling rate from the runtime configuration. If a value is found for this
+  // key, it will override the default sampling rate specified in ``percent_sampled``.
   string runtime_key = 1 [(validate.rules).string = {min_len: 1}];
 
-  // The default sampling percentage. If not specified, defaults to 0% with
-  // denominator of 100.
+  // Defines the default sampling percentage when no runtime override is present. If not specified, the default is
+  // **0%** (with a denominator of 100).
   type.v3.FractionalPercent percent_sampled = 2;
 
-  // By default, sampling pivots on the header
-  // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being
-  // present. If :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`
-  // is present, the filter will consistently sample across multiple hosts based
-  // on the runtime key value and the value extracted from
-  // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is
-  // missing, or ``use_independent_randomness`` is set to true, the filter will
-  // randomly sample based on the runtime key value alone.
-  // ``use_independent_randomness`` can be used for logging kill switches within
-  // complex nested :ref:`AndFilter
-  // <envoy_v3_api_msg_config.accesslog.v3.AndFilter>` and :ref:`OrFilter
-  // <envoy_v3_api_msg_config.accesslog.v3.OrFilter>` blocks that are easier to
-  // reason about from a probability perspective (i.e., setting to true will
-  // cause the filter to behave like an independent random variable when
-  // composed within logical operator filters).
+  // Controls how sampling decisions are made.
+  //
+  // - Default behavior (``false``):
+  //
+  //   * Uses the :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` as a consistent sampling pivot.
+  //   * When :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` is present, sampling will be consistent
+  //     across multiple hosts based on both the ``runtime_key`` and
+  //     :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`.
+  //   * Useful for tracking related requests across a distributed system.
+  //
+  // - When set to ``true`` or :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` is missing:
+  //
+  //   * Sampling decisions are made randomly based only on the ``runtime_key``.
+  //   * Useful in complex filter configurations (like nested
+  //     :ref:`AndFilter<envoy_v3_api_msg_config.accesslog.v3.AndFilter>`/
+  //     :ref:`OrFilter<envoy_v3_api_msg_config.accesslog.v3.OrFilter>` blocks) where independent probability
+  //     calculations are desired.
+  //   * Can be used to implement logging kill switches with predictable probability distributions.
+  //
   bool use_independent_randomness = 3;
 }
 
@@ -257,6 +260,7 @@ message ResponseFlagFilter {
         in: "DF"
         in: "DO"
         in: "DR"
+        in: "UDO"
       }
     }
   }];
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
index 94868f13432..bf65f3df45c 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
@@ -57,9 +57,7 @@ message Bootstrap {
     // If a network based configuration source is specified for :ref:`cds_config
     // <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.DynamicResources.cds_config>`, it's necessary
     // to have some initial cluster definitions available to allow Envoy to know
-    // how to speak to the management server. These cluster definitions may not
-    // use :ref:`EDS <arch_overview_dynamic_config_eds>` (i.e. they should be static
-    // IP or DNS-based).
+    // how to speak to the management server.
     repeated cluster.v3.Cluster clusters = 2;
 
     // These static secrets can be used by :ref:`SdsSecretConfig
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
index 0d2d6f1918e..51180b1e855 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
@@ -942,6 +942,7 @@ message Cluster {
   // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on
   // specific options.
   // [#next-major-version: make this a list of typed extensions.]
+  // [#extension-category: envoy.upstream_options]
   map<string, google.protobuf.Any> typed_extension_protocol_options = 36;
 
   // If the DNS refresh rate is specified and the cluster type is either
@@ -953,8 +954,15 @@ message Cluster {
   // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
   // and :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
   // this setting is ignored.
-  google.protobuf.Duration dns_refresh_rate = 16
-      [(validate.rules).duration = {gt {nanos: 1000000}}];
+  // This field is deprecated in favor of using the :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
+  // extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
+  // If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
+  // :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
+  google.protobuf.Duration dns_refresh_rate = 16 [
+    deprecated = true,
+    (validate.rules).duration = {gt {nanos: 1000000}},
+    (envoy.annotations.deprecated_at_minor_version) = "3.0"
+  ];
 
   // DNS jitter can be optionally specified if the cluster type is either
   // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
@@ -965,7 +973,15 @@ message Cluster {
   // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
   // and :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
   // this setting is ignored.
-  google.protobuf.Duration dns_jitter = 58;
+  // This field is deprecated in favor of using the :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
+  // extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
+  // If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
+  // :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
+  google.protobuf.Duration dns_jitter = 58 [
+    deprecated = true,
+    (validate.rules).duration = {gte {}},
+    (envoy.annotations.deprecated_at_minor_version) = "3.0"
+  ];
 
   // If the DNS failure refresh rate is specified and the cluster type is either
   // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
@@ -975,16 +991,31 @@ message Cluster {
   // other than :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` and
   // :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` this setting is
   // ignored.
-  RefreshRate dns_failure_refresh_rate = 44;
+  // This field is deprecated in favor of using the :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
+  // extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
+  // If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
+  // :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
+  RefreshRate dns_failure_refresh_rate = 44
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
   // Optional configuration for setting cluster's DNS refresh rate. If the value is set to true,
   // cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS
   // resolution.
-  bool respect_dns_ttl = 39;
+  // This field is deprecated in favor of using the :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
+  // extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
+  // If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
+  // :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
+  bool respect_dns_ttl = 39
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
   // The DNS IP address resolution policy. If this setting is not specified, the
   // value defaults to
   // :ref:`AUTO<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DnsLookupFamily.AUTO>`.
+  // For logical and strict dns cluster, this field is deprecated in favor of using the
+  // :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
+  // extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
+  // If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
+  // :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
   DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}];
 
   // If DNS resolvers are specified and the cluster type is either
@@ -1024,6 +1055,9 @@ message Cluster {
   // During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists,
   // when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``.
   // When ``typed_dns_resolver_config`` is missing, the default behavior is in place.
+  // Also note that this field is deprecated for logical dns and strict dns clusters and will be ignored when
+  // :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
+  // :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
   // [#extension-category: envoy.network.dns_resolver]
   core.v3.TypedExtensionConfig typed_dns_resolver_config = 55;
 
@@ -1311,7 +1345,7 @@ message TrackClusterStats {
 
   // If request_response_sizes is true, then the :ref:`histograms
   // <config_cluster_manager_cluster_stats_request_response_sizes>`  tracking header and body sizes
-  // of requests and responses will be published.
+  // of requests and responses will be published. Additionally, number of headers in the requests and responses will be tracked.
   bool request_response_sizes = 2;
 
   // If true, some stats will be emitted per-endpoint, similar to the stats in admin ``/clusters``
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
index d8d47882655..56796fc721a 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
@@ -50,7 +50,7 @@ message EnvoyInternalAddress {
   string endpoint_id = 2;
 }
 
-// [#next-free-field: 7]
+// [#next-free-field: 8]
 message SocketAddress {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketAddress";
 
@@ -97,6 +97,20 @@ message SocketAddress {
   // allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into
   // IPv6 space as ``::FFFF:<IPv4-address>``.
   bool ipv4_compat = 6;
+
+  // Filepath that specifies the Linux network namespace this socket will be created in (see ``man 7
+  // network_namespaces``). If this field is set, Envoy will create the socket in the specified
+  // network namespace.
+  //
+  // .. note::
+  //    Setting this parameter requires Envoy to run with the ``CAP_NET_ADMIN`` capability.
+  //
+  // .. note::
+  //    Currently only used for Listener sockets.
+  //
+  // .. attention::
+  //     Network namespaces are only configurable on Linux. Otherwise, this field has no effect.
+  string network_namespace_filepath = 7;
 }
 
 message TcpKeepalive {
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto
index 57f59373395..978f365d5f9 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto
@@ -266,7 +266,7 @@ message RuntimeUInt32 {
   uint32 default_value = 2;
 
   // Runtime key to get value for comparison. This value is used if defined.
-  string runtime_key = 3 [(validate.rules).string = {min_len: 1}];
+  string runtime_key = 3;
 }
 
 // Runtime derived percentage with a default when not specified.
@@ -275,7 +275,7 @@ message RuntimePercent {
   type.v3.Percent default_value = 1;
 
   // Runtime key to get value for comparison. This value is used if defined.
-  string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
+  string runtime_key = 2;
 }
 
 // Runtime derived double with a default when not specified.
@@ -286,7 +286,7 @@ message RuntimeDouble {
   double default_value = 1;
 
   // Runtime key to get value for comparison. This value is used if defined.
-  string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
+  string runtime_key = 2;
 }
 
 // Runtime derived bool with a default when not specified.
@@ -300,15 +300,34 @@ message RuntimeFeatureFlag {
   // Runtime key to get value for comparison. This value is used if defined. The boolean value must
   // be represented via its
   // `canonical JSON encoding <https://developers.google.com/protocol-buffers/docs/proto3#json>`_.
-  string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
+  string runtime_key = 2;
 }
 
+// Please use :ref:`KeyValuePair <envoy_api_msg_config.core.v3.KeyValuePair>` instead.
+// [#not-implemented-hide:]
 message KeyValue {
+  // The key of the key/value pair.
+  string key = 1 [
+    deprecated = true,
+    (validate.rules).string = {min_len: 1 max_bytes: 16384},
+    (envoy.annotations.deprecated_at_minor_version) = "3.0"
+  ];
+
+  // The value of the key/value pair.
+  //
+  // The ``bytes`` type is used. This means if JSON or YAML is used to to represent the
+  // configuration, the value must be base64 encoded. This is unfriendly for users in most
+  // use scenarios of this message.
+  //
+  bytes value = 2 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+}
+
+message KeyValuePair {
   // The key of the key/value pair.
   string key = 1 [(validate.rules).string = {min_len: 1 max_bytes: 16384}];
 
   // The value of the key/value pair.
-  bytes value = 2;
+  google.protobuf.Value value = 2;
 }
 
 // Key/value pair plus option to control append behavior. This is used to specify
@@ -339,8 +358,18 @@ message KeyValueAppend {
     OVERWRITE_IF_EXISTS = 3;
   }
 
-  // Key/value pair entry that this option to append or overwrite.
-  KeyValue entry = 1 [(validate.rules).message = {required: true}];
+  // The single key/value pair record to be appended or overridden. This field must be set.
+  KeyValuePair record = 3;
+
+  // Key/value pair entry that this option to append or overwrite. This field is deprecated
+  // and please use :ref:`record <envoy_v3_api_field_config.core.v3.KeyValueAppend.record>`
+  // as replacement.
+  // [#not-implemented-hide:]
+  KeyValue entry = 1 [
+    deprecated = true,
+    (validate.rules).message = {skip: true},
+    (envoy.annotations.deprecated_at_minor_version) = "3.0"
+  ];
 
   // Describes the action taken to append/overwrite the given value for an existing
   // key or to only add this key if it's absent.
@@ -349,10 +378,12 @@ message KeyValueAppend {
 
 // Key/value pair to append or remove.
 message KeyValueMutation {
-  // Key/value pair to append or overwrite. Only one of ``append`` or ``remove`` can be set.
+  // Key/value pair to append or overwrite. Only one of ``append`` or ``remove`` can be set or
+  // the configuration will be rejected.
   KeyValueAppend append = 1;
 
-  // Key to remove. Only one of ``append`` or ``remove`` can be set.
+  // Key to remove. Only one of ``append`` or ``remove`` can be set or the configuration will be
+  // rejected.
   string remove = 2 [(validate.rules).string = {max_bytes: 16384}];
 }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto
index 821f042bbe6..fd4440d8fa5 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto
@@ -375,13 +375,13 @@ message HealthCheck {
   // The default value for "healthy edge interval" is the same as the default interval.
   google.protobuf.Duration healthy_edge_interval = 16 [(validate.rules).duration = {gt {}}];
 
-  // .. attention::
-  // This field is deprecated in favor of the extension
-  // :ref:`event_logger <envoy_v3_api_field_config.core.v3.HealthCheck.event_logger>` and
-  // :ref:`event_log_path <envoy_v3_api_field_extensions.health_check.event_sinks.file.v3.HealthCheckEventFileSink.event_log_path>`
-  // in the file sink extension.
-  //
   // Specifies the path to the :ref:`health check event log <arch_overview_health_check_logging>`.
+  //
+  // .. attention::
+  //   This field is deprecated in favor of the extension
+  //   :ref:`event_logger <envoy_v3_api_field_config.core.v3.HealthCheck.event_logger>` and
+  //   :ref:`event_log_path <envoy_v3_api_field_extensions.health_check.event_sinks.file.v3.HealthCheckEventFileSink.event_log_path>`
+  //   in the file sink extension.
   string event_log_path = 17
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
index 7160cfb641a..edab4cd79c6 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
@@ -3,6 +3,7 @@ syntax = "proto3";
 package envoy.config.core.v3;
 
 import "envoy/config/core/v3/extension.proto";
+import "envoy/type/matcher/v3/string.proto";
 import "envoy/type/v3/percent.proto";
 
 import "google/protobuf/duration.proto";
@@ -63,8 +64,11 @@ message QuicProtocolOptions {
   // <https://tools.ietf.org/html/draft-ietf-quic-transport-34#section-4.1>`_ size. Valid values range from
   // 1 to 16777216 (2^24, maximum supported by QUICHE) and defaults to 16777216 (16 * 1024 * 1024).
   //
-  // NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. If configured smaller than it, we will use 16384 instead.
-  // QUICHE IETF Quic implementation supports 1 bytes window. We only support increasing the default window size now, so it's also the minimum.
+  // .. note::
+  //
+  //   16384 (2^14) is the minimum window size supported in Google QUIC. If configured smaller than it, we will use
+  //   16384 instead. QUICHE IETF Quic implementation supports 1 bytes window. We only support increasing the default
+  //   window size now, so it's also the minimum.
   //
   // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the
   // QUIC stream send and receive buffers. Once the buffer reaches this pointer, watermark callbacks will fire to
@@ -76,8 +80,11 @@ message QuicProtocolOptions {
   // flow-control. Valid values rage from 1 to 25165824 (24MB, maximum supported by QUICHE) and defaults
   // to 25165824 (24 * 1024 * 1024).
   //
-  // NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. We only support increasing the default
-  // window size now, so it's also the minimum.
+  // .. note::
+  //
+  //   16384 (2^14) is the minimum window size supported in Google QUIC. We only support increasing the default
+  //   window size now, so it's also the minimum.
+  //
   google.protobuf.UInt32Value initial_connection_window_size = 3
       [(validate.rules).uint32 = {lte: 25165824 gte: 1}];
 
@@ -281,9 +288,13 @@ message HttpProtocolOptions {
   // :ref:`HTTP Connection Manager
   // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.common_http_protocol_options>`.
   //
-  // Note: currently some protocol codecs impose limits on the maximum size of a single header:
-  //   HTTP/2 (when using nghttp2) limits a single header to around 100kb.
-  //   HTTP/3 limits a single header to around 1024kb.
+  // .. note::
+  //
+  //   Currently some protocol codecs impose limits on the maximum size of a single header.
+  //
+  //   * HTTP/2 (when using nghttp2) limits a single header to around 100kb.
+  //   * HTTP/3 limits a single header to around 1024kb.
+  //
   google.protobuf.UInt32Value max_response_headers_kb = 7
       [(validate.rules).uint32 = {lte: 8192 gt: 0}];
 
@@ -293,9 +304,15 @@ message HttpProtocolOptions {
 
   // Action to take when a client request with a header name containing underscore characters is received.
   // If this setting is not specified, the value defaults to ALLOW.
-  // Note: upstream responses are not affected by this setting.
-  // Note: this only affects client headers. It does not affect headers added
-  // by Envoy filters and does not have any impact if added to cluster config.
+  //
+  // .. note::
+  //
+  //   Upstream responses are not affected by this setting.
+  //
+  // .. note::
+  //
+  //   This only affects client headers. It does not affect headers added by Envoy filters and does not have any
+  //   impact if added to cluster config.
   HeadersWithUnderscoresAction headers_with_underscores_action = 5;
 
   // Optional maximum requests for both upstream and downstream connections.
@@ -305,7 +322,7 @@ message HttpProtocolOptions {
   google.protobuf.UInt32Value max_requests_per_connection = 6;
 }
 
-// [#next-free-field: 11]
+// [#next-free-field: 12]
 message Http1ProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.core.Http1ProtocolOptions";
@@ -417,6 +434,14 @@ message Http1ProtocolOptions {
   // <envoy_v3_api_field_extensions.http.header_validators.envoy_default.v3.HeaderValidatorConfig.restrict_http_methods>`
   // to reject custom methods.
   bool allow_custom_methods = 10 [(xds.annotations.v3.field_status).work_in_progress = true];
+
+  // Ignore HTTP/1.1 upgrade values matching any of the supplied matchers.
+  //
+  // .. note::
+  //
+  //   ``h2c`` upgrades are always removed for backwards compatibility, regardless of the
+  //   value in this setting.
+  repeated type.matcher.v3.StringMatcher ignore_http_11_upgrade = 11;
 }
 
 message KeepaliveSettings {
@@ -449,7 +474,7 @@ message KeepaliveSettings {
       [(validate.rules).duration = {gte {nanos: 1000000}}];
 }
 
-// [#next-free-field: 17]
+// [#next-free-field: 18]
 message Http2ProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.core.Http2ProtocolOptions";
@@ -495,8 +520,10 @@ message Http2ProtocolOptions {
   // (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to 268435456
   // (256 * 1024 * 1024).
   //
-  // NOTE: 65535 is the initial window size from HTTP/2 spec. We only support increasing the default
-  // window size now, so it's also the minimum.
+  // .. note::
+  //
+  //   65535 is the initial window size from HTTP/2 spec. We only support increasing the default window size now,
+  //   so it's also the minimum.
   //
   // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the
   // HTTP/2 codec buffers. Once the buffer reaches this pointer, watermark callbacks will fire to
@@ -633,6 +660,9 @@ message Http2ProtocolOptions {
   // If unset, HTTP/2 codec is selected based on envoy.reloadable_features.http2_use_oghttp2.
   google.protobuf.BoolValue use_oghttp2_codec = 16
       [(xds.annotations.v3.field_status).work_in_progress = true];
+
+  // Configure the maximum amount of metadata than can be handled per stream. Defaults to 1 MB.
+  google.protobuf.UInt64Value max_metadata_size = 17;
 }
 
 // [#not-implemented-hide:]
@@ -644,7 +674,7 @@ message GrpcProtocolOptions {
 }
 
 // A message which allows using HTTP/3.
-// [#next-free-field: 7]
+// [#next-free-field: 8]
 message Http3ProtocolOptions {
   QuicProtocolOptions quic_protocol_options = 1;
 
@@ -671,6 +701,14 @@ message Http3ProtocolOptions {
   // docs](https://github.com/envoyproxy/envoy/blob/main/source/docs/h2_metadata.md) for more
   // information.
   bool allow_metadata = 6;
+
+  // [#not-implemented-hide:] Hiding until Envoy has full HTTP/3 upstream support.
+  // Still under implementation. DO NOT USE.
+  //
+  // Disables QPACK compression related features for HTTP/3 including:
+  // No huffman encoding, zero dynamic table capacity and no cookie crumbing.
+  // This can be useful for trading off CPU vs bandwidth when an upstream HTTP/3 connection multiplexes multiple downstream connections.
+  bool disable_qpack = 7;
 }
 
 // A message to control transformations to the :scheme header
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto
index 32747dd2288..564e76cb1e5 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto
@@ -32,6 +32,15 @@ message ProxyProtocolPassThroughTLVs {
   repeated uint32 tlv_type = 2 [(validate.rules).repeated = {items {uint32 {lt: 256}}}];
 }
 
+// Represents a single Type-Length-Value (TLV) entry.
+message TlvEntry {
+  // The type of the TLV. Must be a uint8 (0-255) as per the Proxy Protocol v2 specification.
+  uint32 type = 1 [(validate.rules).uint32 = {lt: 256}];
+
+  // The value of the TLV. Must be at least one byte long.
+  bytes value = 2 [(validate.rules).bytes = {min_len: 1}];
+}
+
 message ProxyProtocolConfig {
   enum Version {
     // PROXY protocol version 1. Human readable format.
@@ -47,4 +56,35 @@ message ProxyProtocolConfig {
   // This config controls which TLVs can be passed to upstream if it is Proxy Protocol
   // V2 header. If there is no setting for this field, no TLVs will be passed through.
   ProxyProtocolPassThroughTLVs pass_through_tlvs = 2;
+
+  // This config allows additional TLVs to be included in the upstream PROXY protocol
+  // V2 header. Unlike ``pass_through_tlvs``, which passes TLVs from the downstream request,
+  // ``added_tlvs`` provides an extension mechanism for defining new TLVs that are included
+  // with the upstream request. These TLVs may not be present in the downstream request and
+  // can be defined at either the transport socket level or the host level to provide more
+  // granular control over the TLVs that are included in the upstream request.
+  //
+  // Host-level TLVs are specified in the ``metadata.typed_filter_metadata`` field under the
+  // ``envoy.transport_sockets.proxy_protocol`` namespace.
+  //
+  // .. literalinclude:: /_configs/repo/proxy_protocol.yaml
+  //    :language: yaml
+  //    :lines: 49-57
+  //    :linenos:
+  //    :lineno-start: 49
+  //    :caption: :download:`proxy_protocol.yaml </_configs/repo/proxy_protocol.yaml>`
+  //
+  // **Precedence behavior**:
+  //
+  // - When a TLV is defined at both the host level and the transport socket level, the value
+  //   from the host level configuration takes precedence. This allows users to define default TLVs
+  //   at the transport socket level and override them at the host level.
+  // - Any TLV defined in the ``pass_through_tlvs`` field will be overridden by either the host-level
+  //   or transport socket-level TLV.
+  repeated TlvEntry added_tlvs = 3;
+}
+
+message PerHostConfig {
+  // Enables per-host configuration for Proxy Protocol.
+  repeated TlvEntry added_tlvs = 1;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_cmsg_headers.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_cmsg_headers.proto
index 4c8da0d1e4e..cc3e58e0996 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_cmsg_headers.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_cmsg_headers.proto
@@ -25,4 +25,4 @@ message SocketCmsgHeaders {
 
   // Expected size of cmsg value. Default is zero.
   uint32 expected_size = 3;
-}
\ No newline at end of file
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto
index abe8afa68ae..3edbf5f5f00 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto
@@ -22,7 +22,12 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // Optional configuration options to be used with json_format.
 message JsonFormatOptions {
   // The output JSON string properties will be sorted.
-  bool sort_properties = 1;
+  //
+  // .. note::
+  //   As the properties are always sorted, this option has no effect and is deprecated.
+  //
+  bool sort_properties = 1
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 }
 
 // Configuration to use multiple :ref:`command operators <config_access_log_command_operators>`
@@ -101,6 +106,12 @@ message SubstitutionFormatString {
   // * for ``text_format``, the output of the empty operator is changed from ``-`` to an
   //   empty string, so that empty values are omitted entirely.
   // * for ``json_format`` the keys with null values are omitted in the output structure.
+  //
+  // .. note::
+  //   This option does not work perfectly with ``json_format`` as keys with ``null`` values
+  //   will still be included in the output. See https://github.com/envoyproxy/envoy/issues/37941
+  //   for more details.
+  //
   bool omit_empty_values = 3;
 
   // Specify a ``content_type`` field.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto
index 6673691105e..eacc555df73 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto
@@ -9,6 +9,9 @@ import "envoy/config/core/v3/health_check.proto";
 
 import "google/protobuf/wrappers.proto";
 
+import "xds/core/v3/collection_entry.proto";
+
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
@@ -133,14 +136,24 @@ message LbEndpoint {
   google.protobuf.UInt32Value load_balancing_weight = 4 [(validate.rules).uint32 = {gte: 1}];
 }
 
+// LbEndpoint list collection. Entries are `LbEndpoint` resources or references.
 // [#not-implemented-hide:]
-// A configuration for a LEDS collection.
+message LbEndpointCollection {
+  xds.core.v3.CollectionEntry entries = 1;
+}
+
+// A configuration for an LEDS collection.
 message LedsClusterLocalityConfig {
   // Configuration for the source of LEDS updates for a Locality.
   core.v3.ConfigSource leds_config = 1;
 
-  // The xDS transport protocol glob collection resource name.
-  // The service is only supported in delta xDS (incremental) mode.
+  // The name of the LbEndpoint collection resource.
+  //
+  // If the name ends in ``/*``, it indicates an LbEndpoint glob collection,
+  // which is supported only in the xDS incremental protocol variants.
+  // Otherwise, it indicates an LbEndpointCollection list collection.
+  //
+  // Envoy currently supports only glob collections.
   string leds_collection_name = 2;
 }
 
@@ -165,18 +178,20 @@ message LocalityLbEndpoints {
   core.v3.Metadata metadata = 9;
 
   // The group of endpoints belonging to the locality specified.
-  // [#comment:TODO(adisuissa): Once LEDS is implemented this field needs to be
-  // deprecated and replaced by ``load_balancer_endpoints``.]
+  // This is ignored if :ref:`leds_cluster_locality_config
+  // <envoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.leds_cluster_locality_config>` is set.
   repeated LbEndpoint lb_endpoints = 2;
 
-  // [#not-implemented-hide:]
   oneof lb_config {
-    // The group of endpoints belonging to the locality.
-    // [#comment:TODO(adisuissa): Once LEDS is implemented the ``lb_endpoints`` field
-    // needs to be deprecated.]
-    LbEndpointList load_balancer_endpoints = 7;
+    // [#not-implemented-hide:]
+    // Not implemented and deprecated.
+    LbEndpointList load_balancer_endpoints = 7
+        [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
     // LEDS Configuration for the current locality.
+    // If this is set, the :ref:`lb_endpoints
+    // <envoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.lb_endpoints>`
+    // field is ignored.
     LedsClusterLocalityConfig leds_cluster_locality_config = 8;
   }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto
index 9381d4eb7ac..ff2f79d1137 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto
@@ -5,6 +5,7 @@ package envoy.config.listener.v3;
 import "envoy/config/accesslog/v3/accesslog.proto";
 import "envoy/config/core/v3/address.proto";
 import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/config_source.proto";
 import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/socket_option.proto";
 import "envoy/config/listener/v3/api_listener.proto";
@@ -53,7 +54,7 @@ message ListenerCollection {
   repeated xds.core.v3.CollectionEntry entries = 1;
 }
 
-// [#next-free-field: 36]
+// [#next-free-field: 37]
 message Listener {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener";
 
@@ -115,6 +116,20 @@ message Listener {
   message InternalListenerConfig {
   }
 
+  // Configuration for filter chains discovery.
+  // [#not-implemented-hide:]
+  message FcdsConfig {
+    // Optional name to present to the filter chain discovery service. This may be an arbitrary name with arbitrary
+    // length. If a name is not provided, the listener's name is used. Refer to :ref:`filter_chains <envoy_v3_api_field_config.listener.v3.Listener.name>`.
+    // for details on how listener name is determined if unspecified. In addition, this may be a xdstp:// URL.
+    string name = 1;
+
+    // Configuration for the source of FCDS updates for this listener.
+    // .. note::
+    //   This discovery service only supports ``AGGREGATED_GRPC`` API type.
+    core.v3.ConfigSource config_source = 2;
+  }
+
   reserved 14, 23;
 
   // The unique name by which this listener is known. If no name is provided,
@@ -147,6 +162,12 @@ message Listener {
   // :ref:`FAQ entry <faq_how_to_setup_sni>`.
   repeated FilterChain filter_chains = 3;
 
+  // Discover filter chains configurations by external service. Dynamic discovery of filter chains is allowed
+  // while having statically configured filter chains, however, a filter chain name must be unique within a
+  // listener. If a discovered filter chain matches a name of an existing filter chain, it is discarded.
+  // [#not-implemented-hide:]
+  FcdsConfig fcds_config = 36;
+
   // :ref:`Matcher API <arch_overview_matching_listener>` resolving the filter chain name from the
   // network properties. This matcher is used as a replacement for the filter chain match condition
   // :ref:`filter_chain_match
@@ -247,10 +268,10 @@ message Listener {
   google.protobuf.BoolValue freebind = 11;
 
   // Additional socket options that may not be present in Envoy source code or
-  // precompiled binaries. The socket options can be updated for a listener when
+  // precompiled binaries.
+  // It is not allowed to update the socket options for any existing address if
   // :ref:`enable_reuse_port <envoy_v3_api_field_config.listener.v3.Listener.enable_reuse_port>`
-  // is ``true``. Otherwise, if socket options change during a listener update the update will be rejected
-  // to make it clear that the options were not updated.
+  // is ``false`` to avoid the conflict when creating new sockets for the listener.
   repeated core.v3.SocketOption socket_options = 13;
 
   // Whether the listener should accept TCP Fast Open (TFO) connections.
@@ -352,6 +373,11 @@ message Listener {
   // accepted in later event loop iterations.
   // If no value is provided Envoy will accept all connections pending accept
   // from the kernel.
+  //
+  // .. note::
+  //
+  //  It is recommended to lower this value for better overload management and reduced per-event cost.
+  //  Setting it to 1 is a viable option with no noticeable impact on performance.
   google.protobuf.UInt32Value max_connections_to_accept_per_socket_event = 34
       [(validate.rules).uint32 = {gt: 0}];
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
index e33a533e25a..cdb1267a2c9 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
@@ -206,8 +206,10 @@ message Policy {
 // metadata should be sourced from, rather than only matching against dynamic metadata.
 //
 // The matcher can be configured to look up metadata from:
+//
 // * Dynamic metadata: Runtime metadata added by filters during request processing
 // * Route metadata: Static metadata configured on the route entry
+//
 message SourcedMetadata {
   // Metadata matcher configuration that defines what metadata to match against. This includes the filter name,
   // metadata key path, and expected value.
@@ -246,10 +248,14 @@ message Permission {
     // When any is set, it matches any action.
     bool any = 3 [(validate.rules).bool = {const: true}];
 
-    // A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
-    // available for HTTP request.
-    // Note: the pseudo-header :path includes the query and fragment string. Use the ``url_path``
-    // field if you want to match the URL path without the query and fragment string.
+    // A header (or pseudo-header such as ``:path`` or ``:method``) on the incoming HTTP request. Only available
+    // for HTTP request.
+    //
+    // .. note::
+    //
+    //   The pseudo-header ``:path`` includes the query and fragment string. Use the ``url_path`` field if you
+    //   want to match the URL path without the query and fragment string.
+    //
     route.v3.HeaderMatcher header = 4;
 
     // A URL path on the incoming HTTP request. Only available for HTTP.
@@ -274,8 +280,7 @@ message Permission {
     // the value of ``not_rule`` would not match, this permission would match.
     Permission not_rule = 8;
 
-    // The request server from the client's connection request. This is
-    // typically TLS SNI.
+    // The request server from the client's connection request. This is typically TLS SNI.
     //
     // .. attention::
     //
@@ -292,8 +297,7 @@ message Permission {
     //   * A :ref:`listener filter <arch_overview_listener_filters>` may
     //     overwrite a connection's requested server name within Envoy.
     //
-    // Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to
-    // setup SNI.
+    // Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn how to setup SNI.
     type.matcher.v3.StringMatcher requested_server_name = 9;
 
     // Extension for configuring custom matchers for RBAC.
@@ -312,7 +316,7 @@ message Permission {
 
 // Principal defines an identity or a group of identities for a downstream
 // subject.
-// [#next-free-field: 14]
+// [#next-free-field: 15]
 message Principal {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Principal";
 
@@ -326,6 +330,10 @@ message Principal {
   }
 
   // Authentication attributes for a downstream.
+  // It is recommended to NOT use this type, but instead use
+  // :ref:`MTlsAuthenticated <envoy_v3_api_msg_extensions.rbac.principals.mtls_authenticated.v3.Config>`,
+  // configured via :ref:`custom <envoy_v3_api_field_config.rbac.v3.Principal.custom>`,
+  // which should be used for most use cases due to its improved security.
   message Authenticated {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.config.rbac.v2.Principal.Authenticated";
@@ -334,25 +342,31 @@ message Principal {
 
     // The name of the principal. If set, The URI SAN or DNS SAN in that order
     // is used from the certificate, otherwise the subject field is used. If
-    // unset, it applies to any user that is authenticated.
+    // unset, it applies to any user that is allowed by the downstream TLS configuration.
+    // If :ref:`require_client_certificate <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.require_client_certificate>`
+    // is false or :ref:`trust_chain_verification <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trust_chain_verification>`
+    // is set to :ref:`ACCEPT_UNTRUSTED <envoy_v3_api_enum_value_extensions.transport_sockets.tls.v3.CertificateValidationContext.TrustChainVerification.ACCEPT_UNTRUSTED>`,
+    // then no authentication is required.
     type.matcher.v3.StringMatcher principal_name = 2;
   }
 
   oneof identifier {
     option (validate.required) = true;
 
-    // A set of identifiers that all must match in order to define the
-    // downstream.
+    // A set of identifiers that all must match in order to define the downstream.
     Set and_ids = 1;
 
-    // A set of identifiers at least one must match in order to define the
-    // downstream.
+    // A set of identifiers at least one must match in order to define the downstream.
     Set or_ids = 2;
 
     // When any is set, it matches any downstream.
     bool any = 3 [(validate.rules).bool = {const: true}];
 
     // Authenticated attributes that identify the downstream.
+    // It is recommended to NOT use this field, but instead use
+    // :ref:`MTlsAuthenticated <envoy_v3_api_msg_extensions.rbac.principals.mtls_authenticated.v3.Config>`,
+    // configured via :ref:`custom <envoy_v3_api_field_config.rbac.v3.Principal.custom>`,
+    // which should be used for most use cases due to its improved security.
     Authenticated authenticated = 4;
 
     // A CIDR block that describes the downstream IP.
@@ -366,24 +380,33 @@ message Principal {
         [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
     // A CIDR block that describes the downstream remote/origin address.
-    // Note: This is always the physical peer even if the
-    // :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is
-    // inferred from for example the x-forwarder-for header, proxy protocol,
-    // etc.
+    //
+    // .. note::
+    //
+    //   This is always the physical peer even if the
+    //   :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is inferred from the
+    //   x-forwarder-for header, the proxy protocol, etc.
+    //
     core.v3.CidrRange direct_remote_ip = 10;
 
     // A CIDR block that describes the downstream remote/origin address.
-    // Note: This may not be the physical peer and could be different from the
-    // :ref:`direct_remote_ip
-    // <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the
-    // remote ip is inferred from for example the x-forwarder-for header, proxy
-    // protocol, etc.
+    //
+    // .. note::
+    //
+    //   This may not be the physical peer and could be different from the :ref:`direct_remote_ip
+    //   <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the remote ip is inferred from
+    //   the x-forwarder-for header, the proxy protocol, etc.
+    //
     core.v3.CidrRange remote_ip = 11;
 
-    // A header (or pseudo-header such as :path or :method) on the incoming HTTP
-    // request. Only available for HTTP request. Note: the pseudo-header :path
-    // includes the query and fragment string. Use the ``url_path`` field if you
-    // want to match the URL path without the query and fragment string.
+    // A header (or pseudo-header such as ``:path`` or ``:method``) on the incoming HTTP request. Only available
+    // for HTTP request.
+    //
+    // .. note::
+    //
+    //   The pseudo-header ``:path`` includes the query and fragment string. Use the ``url_path`` field if you
+    //   want to match the URL path without the query and fragment string.
+    //
     route.v3.HeaderMatcher header = 6;
 
     // A URL path on the incoming HTTP request. Only available for HTTP.
@@ -405,6 +428,10 @@ message Principal {
     // Matches against metadata from either dynamic state or route configuration. Preferred over the
     // ``metadata`` field as it provides more flexibility in metadata source selection.
     SourcedMetadata sourced_metadata = 13;
+
+    // Extension for configuring custom principals for RBAC.
+    // [#extension-category: envoy.rbac.principals]
+    core.v3.TypedExtensionConfig custom = 14;
   }
 }
 
@@ -416,7 +443,7 @@ message Action {
   // The action to take if the matcher matches. Every action either allows or denies a request,
   // and can also carry out action-specific operations.
   //
-  // Actions:
+  // **Actions:**
   //
   //  * ``ALLOW``: If the request gets matched on ALLOW, it is permitted.
   //  * ``DENY``: If the request gets matched on DENY, it is not permitted.
@@ -425,7 +452,7 @@ message Action {
   //    ``envoy.common`` will be set to the value ``true``.
   //  * If the request cannot get matched, it will fallback to ``DENY``.
   //
-  // Log behavior:
+  // **Log behavior:**
   //
   //  If the RBAC matcher contains at least one LOG action, the dynamic
   //  metadata key ``access_log_hint`` will be set based on if the request
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
index ce781d100c9..292e5b93558 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
@@ -5,6 +5,7 @@ package envoy.config.route.v3;
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/proxy_protocol.proto";
+import "envoy/type/matcher/v3/filter_state.proto";
 import "envoy/type/matcher/v3/metadata.proto";
 import "envoy/type/matcher/v3/regex.proto";
 import "envoy/type/matcher/v3/string.proto";
@@ -500,6 +501,8 @@ message WeightedCluster {
 // Configuration for a cluster specifier plugin.
 message ClusterSpecifierPlugin {
   // The name of the plugin and its opaque configuration.
+  //
+  // [#extension-category: envoy.router.cluster_specifier_plugin]
   core.v3.TypedExtensionConfig extension = 1 [(validate.rules).message = {required: true}];
 
   // If is_optional is not set or is set to false and the plugin defined by this message is not a
@@ -510,7 +513,7 @@ message ClusterSpecifierPlugin {
   bool is_optional = 2;
 }
 
-// [#next-free-field: 16]
+// [#next-free-field: 17]
 message RouteMatch {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteMatch";
 
@@ -661,6 +664,12 @@ message RouteMatch {
   // If the number of specified dynamic metadata matchers is nonzero, they all must match the
   // dynamic metadata for a match to occur.
   repeated type.matcher.v3.MetadataMatcher dynamic_metadata = 13;
+
+  // Specifies a set of filter state matchers on which the route should match.
+  // The router will check the filter state against all the specified filter state matchers.
+  // If the number of specified filter state matchers is nonzero, they all must match the
+  // filter state for a match to occur.
+  repeated type.matcher.v3.FilterStateMatcher filter_state = 16;
 }
 
 // Cors policy configuration.
@@ -815,7 +824,10 @@ message RouteAction {
     // value, the request will be mirrored.
     core.v3.RuntimeFractionalPercent runtime_fraction = 3;
 
-    // Determines if the trace span should be sampled. Defaults to true.
+    // Specifies whether the trace span for the shadow request should be sampled. If this field is not explicitly set,
+    // the shadow request will inherit the sampling decision of its parent span. This ensures consistency with the trace
+    // sampling policy of the original request and prevents oversampling, especially in scenarios where runtime sampling
+    // is disabled.
     google.protobuf.BoolValue trace_sampled = 4;
 
     // Disables appending the ``-shadow`` suffix to the shadowed ``Host`` header. Defaults to ``false``.
@@ -1149,12 +1161,21 @@ message RouteAction {
   // [#extension-category: envoy.path.rewrite]
   core.v3.TypedExtensionConfig path_rewrite_policy = 41;
 
+  // If one of the host rewrite specifiers is set and the
+  // :ref:`suppress_envoy_headers
+  // <envoy_v3_api_field_extensions.filters.http.router.v3.Router.suppress_envoy_headers>` flag is not
+  // set to true, the router filter will place the original host header value before
+  // rewriting into the :ref:`x-envoy-original-host
+  // <config_http_filters_router_x-envoy-original-host>` header.
+  //
+  // And if the
+  // :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
+  // is set to true, the original host value will also be appended to the
+  // :ref:`config_http_conn_man_headers_x-forwarded-host` header.
+  //
   oneof host_rewrite_specifier {
     // Indicates that during forwarding, the host header will be swapped with
-    // this value. Using this option will append the
-    // :ref:`config_http_conn_man_headers_x-forwarded-host` header if
-    // :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
-    // is set.
+    // this value.
     string host_rewrite_literal = 6
         [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
 
@@ -1164,18 +1185,12 @@ message RouteAction {
     // type ``strict_dns`` or ``logical_dns``,
     // or when :ref:`hostname <envoy_v3_api_field_config.endpoint.v3.Endpoint.hostname>`
     // field is not empty. Setting this to true with other cluster types
-    // has no effect. Using this option will append the
-    // :ref:`config_http_conn_man_headers_x-forwarded-host` header if
-    // :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
-    // is set.
+    // has no effect.
     google.protobuf.BoolValue auto_host_rewrite = 7;
 
     // Indicates that during forwarding, the host header will be swapped with the content of given
     // downstream or :ref:`custom <config_http_conn_man_headers_custom_request_headers>` header.
-    // If header value is empty, host header is left intact. Using this option will append the
-    // :ref:`config_http_conn_man_headers_x-forwarded-host` header if
-    // :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
-    // is set.
+    // If header value is empty, host header is left intact.
     //
     // .. attention::
     //
@@ -1191,10 +1206,6 @@ message RouteAction {
     // Indicates that during forwarding, the host header will be swapped with
     // the result of the regex substitution executed on path value with query and fragment removed.
     // This is useful for transitioning variable content between path segment and subdomain.
-    // Using this option will append the
-    // :ref:`config_http_conn_man_headers_x-forwarded-host` header if
-    // :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
-    // is set.
     //
     // For example with the following config:
     //
@@ -1868,10 +1879,11 @@ message VirtualCluster {
 
 // Global rate limiting :ref:`architecture overview <arch_overview_global_rate_limit>`.
 // Also applies to Local rate limiting :ref:`using descriptors <config_http_filters_local_rate_limit_descriptors>`.
+// [#next-free-field: 7]
 message RateLimit {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit";
 
-  // [#next-free-field: 12]
+  // [#next-free-field: 13]
   message Action {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.api.v2.route.RateLimit.Action";
@@ -1928,9 +1940,48 @@ message RateLimit {
       // The key to use in the descriptor entry.
       string descriptor_key = 2 [(validate.rules).string = {min_len: 1}];
 
-      // If set to true, Envoy skips the descriptor while calling rate limiting service
-      // when header is not present in the request. By default it skips calling the
-      // rate limiting service if this header is not present in the request.
+      // Controls the behavior when the specified header is not present in the request.
+      //
+      // If set to ``false`` (default):
+      //
+      // * Envoy does **NOT** call the rate limiting service for this descriptor.
+      // * Useful if the header is optional and you prefer to skip rate limiting when it's absent.
+      //
+      // If set to ``true``:
+      //
+      // * Envoy calls the rate limiting service but omits this descriptor if the header is missing.
+      // * Useful if you want Envoy to enforce rate limiting even when the header is not present.
+      //
+      bool skip_if_absent = 3;
+    }
+
+    // The following descriptor entry is appended when a query parameter contains a key that matches the
+    // ``query_parameter_name``:
+    //
+    // .. code-block:: cpp
+    //
+    //   ("<descriptor_key>", "<query_parameter_value_queried_from_query_parameter>")
+    message QueryParameters {
+      // The name of the query parameter to use for rate limiting. Value of this query parameter is used to populate
+      // the value of the descriptor entry for the descriptor_key.
+      string query_parameter_name = 1 [(validate.rules).string = {min_len: 1}];
+
+      // The key to use when creating the rate limit descriptor entry. his descriptor key will be used to identify the
+      // rate limit rule in the rate limiting service.
+      string descriptor_key = 2 [(validate.rules).string = {min_len: 1}];
+
+      // Controls the behavior when the specified query parameter is not present in the request.
+      //
+      // If set to ``false`` (default):
+      //
+      // * Envoy does **NOT** call the rate limiting service for this descriptor.
+      // * Useful if the query parameter is optional and you prefer to skip rate limiting when it's absent.
+      //
+      // If set to ``true``:
+      //
+      // * Envoy calls the rate limiting service but omits this descriptor if the query parameter is missing.
+      // * Useful if you want Envoy to enforce rate limiting even when the query parameter is not present.
+      //
       bool skip_if_absent = 3;
     }
 
@@ -2065,9 +2116,19 @@ message RateLimit {
       // Source of metadata
       Source source = 4 [(validate.rules).enum = {defined_only: true}];
 
-      // If set to true, Envoy skips the descriptor while calling rate limiting service
-      // when ``metadata_key`` is empty and ``default_value`` is not set. By default it skips calling the
-      // rate limiting service in that case.
+      // Controls the behavior when the specified ``metadata_key`` is empty and ``default_value`` is not set.
+      //
+      // If set to ``false`` (default):
+      //
+      // * Envoy does **NOT** call the rate limiting service for this descriptor.
+      // * Useful if the metadata is optional and you prefer to skip rate limiting when it's absent.
+      //
+      // If set to ``true``:
+      //
+      // * Envoy calls the rate limiting service but omits this descriptor if the ``metadata_key`` is empty and
+      //   ``default_value`` is missing.
+      // * Useful if you want Envoy to enforce rate limiting even when the metadata is not present.
+      //
       bool skip_if_absent = 5;
     }
 
@@ -2110,6 +2171,9 @@ message RateLimit {
       // Rate limit on request headers.
       RequestHeaders request_headers = 3;
 
+      // Rate limit on query parameters.
+      QueryParameters query_parameters = 12;
+
       // Rate limit on remote address.
       RemoteAddress remote_address = 4;
 
@@ -2168,6 +2232,33 @@ message RateLimit {
     }
   }
 
+  message HitsAddend {
+    // Fixed number of hits to add to the rate limit descriptor.
+    //
+    // One of the ``number`` or ``format`` fields should be set but not both.
+    google.protobuf.UInt64Value number = 1 [(validate.rules).uint64 = {lte: 1000000000}];
+
+    // Substitution format string to extract the number of hits to add to the rate limit descriptor.
+    // The same :ref:`format specifier <config_access_log_format>` as used for
+    // :ref:`HTTP access logging <config_access_log>` applies here.
+    //
+    // .. note::
+    //
+    //   The format string must contains only single valid substitution field. If the format string
+    //   not meets the requirement, the configuration will be rejected.
+    //
+    //   The substitution field should generates a non-negative number or string representation of
+    //   a non-negative number. The value of the non-negative number should be less than or equal
+    //   to 1000000000 like the ``number`` field. If the output of the substitution field not meet
+    //   the requirement, this will be treated as an error and the current descriptor will be ignored.
+    //
+    // For example, the ``%BYTES_RECEIVED%`` format string will be replaced with the number of bytes
+    // received in the request.
+    //
+    // One of the ``number`` or ``format`` fields should be set but not both.
+    string format = 2 [(validate.rules).string = {prefix: "%" suffix: "%" ignore_empty: true}];
+  }
+
   // Refers to the stage set in the filter. The rate limit configuration only
   // applies to filters with the same stage number. The default stage number is
   // 0.
@@ -2175,9 +2266,19 @@ message RateLimit {
   // .. note::
   //
   //   The filter supports a range of 0 - 10 inclusively for stage numbers.
+  //
+  // .. note::
+  //   This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like
+  //   :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` or
+  //   :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, etc.
   google.protobuf.UInt32Value stage = 1 [(validate.rules).uint32 = {lte: 10}];
 
   // The key to be set in runtime to disable this rate limit configuration.
+  //
+  // .. note::
+  //   This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like
+  //   :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` or
+  //   :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, etc.
   string disable_key = 2;
 
   // A list of actions that are to be applied for this rate limit configuration.
@@ -2192,7 +2293,38 @@ message RateLimit {
   // rate limit configuration. If the override value is invalid or cannot be resolved
   // from metadata, no override is provided. See :ref:`rate limit override
   // <config_http_filters_rate_limit_rate_limit_override>` for more information.
+  //
+  // .. note::
+  //   This is not supported if the rate limit action is configured in the ``typed_per_filter_config`` like
+  //   :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` or
+  //   :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, etc.
   Override limit = 4;
+
+  // An optional hits addend to be appended to the descriptor produced by this rate limit
+  // configuration.
+  //
+  // .. note::
+  //   This is only supported if the rate limit action is configured in the ``typed_per_filter_config`` like
+  //   :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>` or
+  //   :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>`, etc.
+  HitsAddend hits_addend = 5;
+
+  // If true, the rate limit request will be applied when the stream completes. The default value is false.
+  // This is useful when the rate limit budget needs to reflect the response context that is not available
+  // on the request path.
+  //
+  // For example, let's say the upstream service calculates the usage statistics and returns them in the response body
+  // and we want to utilize these numbers to apply the rate limit action for the subsequent requests.
+  // Combined with another filter that can set the desired addend based on the response (e.g. Lua filter),
+  // this can be used to subtract the usage statistics from the rate limit budget.
+  //
+  // A rate limit applied on the stream completion is "fire-and-forget" by nature, and rate limit is not enforced by this config.
+  // In other words, the current request won't be blocked when this is true, but the budget will be updated for the subsequent
+  // requests based on the action with this field set to true. Users should ensure that the rate limit is enforced by the actions
+  // applied on the request path, i.e. the ones with this field set to false.
+  //
+  // Currently, this is only supported by the HTTP global rate filter.
+  bool apply_on_stream_done = 6;
 }
 
 // .. attention::
diff --git a/xds/third_party/envoy/src/main/proto/envoy/data/accesslog/v3/accesslog.proto b/xds/third_party/envoy/src/main/proto/envoy/data/accesslog/v3/accesslog.proto
index 2e02f1eb455..da029b7da2e 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/data/accesslog/v3/accesslog.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/data/accesslog/v3/accesslog.proto
@@ -109,14 +109,16 @@ message AccessLogCommon {
   double sample_rate = 1 [(validate.rules).double = {lte: 1.0 gt: 0.0}];
 
   // This field is the remote/origin address on which the request from the user was received.
-  // Note: This may not be the physical peer. E.g, if the remote address is inferred from for
-  // example the x-forwarder-for header, proxy protocol, etc.
+  //
+  // .. note::
+  //   This may not be the actual peer address. For example, it might be derived from headers like ``x-forwarded-for``,
+  //   the proxy protocol, or similar sources.
   config.core.v3.Address downstream_remote_address = 2;
 
   // This field is the local/destination address on which the request from the user was received.
   config.core.v3.Address downstream_local_address = 3;
 
-  // If the connection is secure,S this field will contain TLS properties.
+  // If the connection is secure, this field will contain TLS properties.
   TLSProperties tls_properties = 4;
 
   // The time that Envoy started servicing this request. This is effectively the time that the first
@@ -128,7 +130,7 @@ message AccessLogCommon {
   google.protobuf.Duration time_to_last_rx_byte = 6;
 
   // Interval between the first downstream byte received and the first upstream byte sent. There may
-  // by considerable delta between ``time_to_last_rx_byte`` and this value due to filters.
+  // be considerable delta between ``time_to_last_rx_byte`` and this value due to filters.
   // Additionally, the same caveats apply as documented in ``time_to_last_downstream_tx_byte`` about
   // not accounting for kernel socket buffer time, etc.
   google.protobuf.Duration time_to_first_upstream_tx_byte = 7;
@@ -187,7 +189,7 @@ message AccessLogCommon {
   // If upstream connection failed due to transport socket (e.g. TLS handshake), provides the
   // failure reason from the transport socket. The format of this field depends on the configured
   // upstream transport socket. Common TLS failures are in
-  // :ref:`TLS trouble shooting <arch_overview_ssl_trouble_shooting>`.
+  // :ref:`TLS troubleshooting <arch_overview_ssl_trouble_shooting>`.
   string upstream_transport_failure_reason = 18;
 
   // The name of the route
@@ -204,7 +206,7 @@ message AccessLogCommon {
   map<string, google.protobuf.Any> filter_state_objects = 21;
 
   // A list of custom tags, which annotate logs with additional information.
-  // To configure this value, users should configure
+  // To configure this value, see the documentation for
   // :ref:`custom_tags <envoy_v3_api_field_extensions.access_loggers.grpc.v3.CommonGrpcAccessLogConfig.custom_tags>`.
   map<string, string> custom_tags = 22;
 
@@ -225,40 +227,41 @@ message AccessLogCommon {
   // This could be any format string that could be used to identify one stream.
   string stream_id = 26;
 
-  // If this log entry is final log entry that flushed after the stream completed or
-  // intermediate log entry that flushed periodically during the stream.
-  // There may be multiple intermediate log entries and only one final log entry for each
-  // long-live stream (TCP connection, long-live HTTP2 stream).
-  // And if it is necessary, unique ID or identifier can be added to the log entry
-  // :ref:`stream_id <envoy_v3_api_field_data.accesslog.v3.AccessLogCommon.stream_id>` to
-  // correlate all these intermediate log entries and final log entry.
+  // Indicates whether this log entry is the final entry (flushed after the stream completed) or an intermediate entry
+  // (flushed periodically during the stream).
+  //
+  // For long-lived streams (e.g., TCP connections or long-lived HTTP/2 streams), there may be multiple intermediate
+  // entries and only one final entry.
+  //
+  // If needed, a unique identifier (see :ref:`stream_id <envoy_v3_api_field_data.accesslog.v3.AccessLogCommon.stream_id>`)
+  // can be used to correlate all intermediate and final log entries for the same stream.
   //
   // .. attention::
   //
-  //   This field is deprecated in favor of ``access_log_type`` for better indication of the
-  //   type of the access log record.
+  //   This field is deprecated in favor of ``access_log_type``, which provides a clearer indication of the log entry
+  //   type.
   bool intermediate_log_entry = 27
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
   // If downstream connection in listener failed due to transport socket (e.g. TLS handshake), provides the
   // failure reason from the transport socket. The format of this field depends on the configured downstream
-  // transport socket. Common TLS failures are in :ref:`TLS trouble shooting <arch_overview_ssl_trouble_shooting>`.
+  // transport socket. Common TLS failures are in :ref:`TLS troubleshooting <arch_overview_ssl_trouble_shooting>`.
   string downstream_transport_failure_reason = 28;
 
   // For HTTP: Total number of bytes sent to the downstream by the http stream.
-  // For TCP: Total number of bytes sent to the downstream by the tcp proxy.
+  // For TCP: Total number of bytes sent to the downstream by the :ref:`TCP Proxy <config_network_filters_tcp_proxy>`.
   uint64 downstream_wire_bytes_sent = 29;
 
   // For HTTP: Total number of bytes received from the downstream by the http stream. Envoy over counts sizes of received HTTP/1.1 pipelined requests by adding up bytes of requests in the pipeline to the one currently being processed.
-  // For TCP: Total number of bytes received from the downstream by the tcp proxy.
+  // For TCP: Total number of bytes received from the downstream by the :ref:`TCP Proxy <config_network_filters_tcp_proxy>`.
   uint64 downstream_wire_bytes_received = 30;
 
   // For HTTP: Total number of bytes sent to the upstream by the http stream. This value accumulates during upstream retries.
-  // For TCP: Total number of bytes sent to the upstream by the tcp proxy.
+  // For TCP: Total number of bytes sent to the upstream by the :ref:`TCP Proxy <config_network_filters_tcp_proxy>`.
   uint64 upstream_wire_bytes_sent = 31;
 
   // For HTTP: Total number of bytes received from the upstream by the http stream.
-  // For TCP: Total number of bytes sent to the upstream by the tcp proxy.
+  // For TCP: Total number of bytes sent to the upstream by the :ref:`TCP Proxy <config_network_filters_tcp_proxy>`.
   uint64 upstream_wire_bytes_received = 32;
 
   // The type of the access log, which indicates when the log was recorded.
@@ -297,7 +300,7 @@ message ResponseFlags {
   // Indicates there was no healthy upstream.
   bool no_healthy_upstream = 2;
 
-  // Indicates an there was an upstream request timeout.
+  // Indicates there was an upstream request timeout.
   bool upstream_request_timeout = 3;
 
   // Indicates local codec level reset was sent on the stream.
@@ -358,7 +361,7 @@ message ResponseFlags {
   // Indicates that a filter configuration is not available.
   bool no_filter_config_found = 22;
 
-  // Indicates that request or connection exceeded the downstream connection duration.
+  // Indicates that the request or connection exceeded the downstream connection duration.
   bool duration_timeout = 23;
 
   // Indicates there was an HTTP protocol error in the upstream response.
@@ -480,7 +483,7 @@ message HTTPRequestProperties {
   // do not already have a request ID.
   string request_id = 9;
 
-  // Value of the ``X-Envoy-Original-Path`` request header.
+  // Value of the ``x-envoy-original-path`` request header.
   string original_path = 10;
 
   // Size of the HTTP request headers in bytes.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/clusters/aggregate/v3/cluster.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/clusters/aggregate/v3/cluster.proto
index 4f44ac9cd5c..d23d767f73b 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/clusters/aggregate/v3/cluster.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/clusters/aggregate/v3/cluster.proto
@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.extensions.clusters.aggregate.v3;
 
+import "envoy/config/core/v3/config_source.proto";
+
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
@@ -25,3 +27,18 @@ message ClusterConfig {
   // appear in this list.
   repeated string clusters = 1 [(validate.rules).repeated = {min_items: 1}];
 }
+
+// Configures an aggregate cluster whose
+// :ref:`ClusterConfig <envoy_v3_api_msg_extensions.clusters.aggregate.v3.ClusterConfig>`
+// is to be fetched from a separate xDS resource.
+// [#extension: envoy.clusters.aggregate_resource]
+// [#not-implemented-hide:]
+message AggregateClusterResource {
+  // Configuration source specifier for the ClusterConfig resource.
+  // Only the aggregated protocol variants are supported; if configured
+  // otherwise, the cluster resource will be NACKed.
+  config.core.v3.ConfigSource config_source = 1 [(validate.rules).message = {required: true}];
+
+  // The name of the ClusterConfig resource to subscribe to.
+  string resource_name = 2 [(validate.rules).string = {min_len: 1}];
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto
index 649869a255d..6efd47ac58b 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto
@@ -27,48 +27,53 @@ message RBAC {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.rbac.v2.RBAC";
 
-  // Specify the RBAC rules to be applied globally.
-  // If absent, no enforcing RBAC policy will be applied.
-  // If present and empty, DENY.
-  // If both rules and matcher are configured, rules will be ignored.
+  // The primary RBAC policy which will be applied globally, to all the incoming requests.
+  //
+  // * If absent, no RBAC enforcement occurs.
+  // * If set but empty, all requests are denied.
+  //
+  // .. note::
+  //
+  //   When both ``rules`` and ``matcher`` are configured, ``rules`` will be ignored.
+  //
   config.rbac.v3.RBAC rules = 1
       [(udpa.annotations.field_migrate).oneof_promotion = "rules_specifier"];
 
   // If specified, rules will emit stats with the given prefix.
-  // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
-  // rules.
+  // This is useful for distinguishing metrics when multiple RBAC filters are configured.
   string rules_stat_prefix = 6;
 
-  // The match tree to use when resolving RBAC action for incoming requests. Requests do not
-  // match any matcher will be denied.
-  // If absent, no enforcing RBAC matcher will be applied.
-  // If present and empty, deny all requests.
-  xds.type.matcher.v3.Matcher matcher = 4 [
-    (udpa.annotations.field_migrate).oneof_promotion = "rules_specifier",
-    (xds.annotations.v3.field_status).work_in_progress = true
-  ];
+  // Match tree for evaluating RBAC actions on incoming requests. Requests not matching any matcher will be denied.
+  //
+  // * If absent, no RBAC enforcement occurs.
+  // * If set but empty, all requests are denied.
+  //
+  xds.type.matcher.v3.Matcher matcher = 4
+      [(udpa.annotations.field_migrate).oneof_promotion = "rules_specifier"];
 
-  // Shadow rules are not enforced by the filter (i.e., returning a 403)
-  // but will emit stats and logs and can be used for rule testing.
-  // If absent, no shadow RBAC policy will be applied.
-  // If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
+  // Shadow policy for testing RBAC rules without enforcing them. These rules generate stats and logs but do not deny
+  // requests. If absent, no shadow RBAC policy will be applied.
+  //
+  // .. note::
+  //
+  //   When both ``shadow_rules`` and ``shadow_matcher`` are configured, ``shadow_rules`` will be ignored.
+  //
   config.rbac.v3.RBAC shadow_rules = 2
       [(udpa.annotations.field_migrate).oneof_promotion = "shadow_rules_specifier"];
 
-  // The match tree to use for emitting stats and logs which can be used for rule testing for
-  // incoming requests.
   // If absent, no shadow matcher will be applied.
+  // Match tree for testing RBAC rules through stats and logs without enforcing them.
+  // If absent, no shadow matching occurs.
   xds.type.matcher.v3.Matcher shadow_matcher = 5 [
     (udpa.annotations.field_migrate).oneof_promotion = "shadow_rules_specifier",
     (xds.annotations.v3.field_status).work_in_progress = true
   ];
 
   // If specified, shadow rules will emit stats with the given prefix.
-  // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with
-  // shadow rules.
+  // This is useful for distinguishing metrics when multiple RBAC filters use shadow rules.
   string shadow_rules_stat_prefix = 3;
 
-  // If track_per_rule_stats is true, counters will be published for each rule and shadow rule.
+  // If ``track_per_rule_stats`` is ``true``, counters will be published for each rule and shadow rule.
   bool track_per_rule_stats = 7;
 }
 
@@ -78,7 +83,7 @@ message RBACPerRoute {
 
   reserved 1;
 
-  // Override the global configuration of the filter with this new config.
-  // If absent, the global RBAC policy will be disabled for this route.
+  // Per-route specific RBAC configuration that overrides the global RBAC configuration.
+  // If absent, RBAC policy will be disabled for this route.
   RBAC rbac = 2;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto
index 75bca960da1..d3996a96798 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto
@@ -119,11 +119,11 @@ message Router {
   // for more details.
   bool suppress_grpc_request_failure_code_stats = 7;
 
+  // Optional HTTP filters for the upstream HTTP filter chain.
+  //
   // .. note::
   //   Upstream HTTP filters are currently in alpha.
   //
-  // Optional HTTP filters for the upstream HTTP filter chain.
-  //
   // These filters will be applied for all requests that pass through the router.
   // They will also be applied to shadowed requests.
   // Upstream HTTP filters cannot change route or cluster.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
index 5fb9f24cc7c..e0282af86e6 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -99,33 +99,43 @@ message HttpConnectionManager {
     ALWAYS_FORWARD_ONLY = 4;
   }
 
-  // Determines the action for request that contain %2F, %2f, %5C or %5c sequences in the URI path.
+  // Determines the action for request that contain ``%2F``, ``%2f``, ``%5C`` or ``%5c`` sequences in the URI path.
   // This operation occurs before URL normalization and the merge slashes transformations if they were enabled.
   enum PathWithEscapedSlashesAction {
     // Default behavior specific to implementation (i.e. Envoy) of this configuration option.
     // Envoy, by default, takes the KEEP_UNCHANGED action.
-    // NOTE: the implementation may change the default behavior at-will.
+    //
+    // .. note::
+    //
+    //   The implementation may change the default behavior at-will.
     IMPLEMENTATION_SPECIFIC_DEFAULT = 0;
 
     // Keep escaped slashes.
     KEEP_UNCHANGED = 1;
 
     // Reject client request with the 400 status. gRPC requests will be rejected with the INTERNAL (13) error code.
-    // The "httpN.downstream_rq_failed_path_normalization" counter is incremented for each rejected request.
+    // The ``httpN.downstream_rq_failed_path_normalization`` counter is incremented for each rejected request.
     REJECT_REQUEST = 2;
 
-    // Unescape %2F and %5C sequences and redirect request to the new path if these sequences were present.
+    // Unescape ``%2F`` and ``%5C`` sequences and redirect request to the new path if these sequences were present.
     // Redirect occurs after path normalization and merge slashes transformations if they were configured.
-    // NOTE: gRPC requests will be rejected with the INTERNAL (13) error code.
-    // This option minimizes possibility of path confusion exploits by forcing request with unescaped slashes to
-    // traverse all parties: downstream client, intermediate proxies, Envoy and upstream server.
-    // The "httpN.downstream_rq_redirected_with_normalized_path" counter is incremented for each
-    // redirected request.
+    //
+    // .. note::
+    //
+    //   gRPC requests will be rejected with the INTERNAL (13) error code. This option minimizes possibility of path
+    //   confusion exploits by forcing request with unescaped slashes to traverse all parties: downstream client,
+    //   intermediate proxies, Envoy and upstream server. The ``httpN.downstream_rq_redirected_with_normalized_path``
+    //   counter is incremented for each redirected request.
+    //
     UNESCAPE_AND_REDIRECT = 3;
 
-    // Unescape %2F and %5C sequences.
-    // Note: this option should not be enabled if intermediaries perform path based access control as
-    // it may lead to path confusion vulnerabilities.
+    // Unescape ``%2F`` and ``%5C`` sequences.
+    //
+    // .. note::
+    //
+    //   This option should not be enabled if intermediaries perform path based access control as it may lead to path
+    //   confusion vulnerabilities.
+    //
     UNESCAPE_AND_FORWARD = 4;
   }
 
@@ -185,14 +195,6 @@ message HttpConnectionManager {
 
     // Configuration for an external tracing provider.
     // If not specified, no tracing will be performed.
-    //
-    // .. attention::
-    //   Please be aware that ``envoy.tracers.opencensus`` provider can only be configured once
-    //   in Envoy lifetime.
-    //   Any attempts to reconfigure it or to use different configurations for different HCM filters
-    //   will be rejected.
-    //   Such a constraint is inherent to OpenCensus itself. It cannot be overcome without changes
-    //   on OpenCensus side.
     config.trace.v3.Tracing.Http provider = 9;
 
     // Create separate tracing span for each upstream request if true. And if this flag is set to true,
@@ -266,13 +268,12 @@ message HttpConnectionManager {
   //
   // .. warning::
   //
-  //    The current implementation of upgrade headers does not handle
-  //    multi-valued upgrade headers. Support for multi-valued headers may be
-  //    added in the future if needed.
+  //    The current implementation of upgrade headers does not handle multi-valued upgrade headers. Support for
+  //    multi-valued headers may be added in the future if needed.
   //
   // .. warning::
-  //    The current implementation of upgrade headers does not work with HTTP/2
-  //    upstreams.
+  //    The current implementation of upgrade headers does not work with HTTP/2 upstreams.
+  //
   message UpgradeConfig {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager."
@@ -304,7 +305,10 @@ message HttpConnectionManager {
   // <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`) will apply to the ``:path`` header
   // destined for the upstream.
   //
-  // Note: access logging and tracing will show the original ``:path`` header.
+  // .. note::
+  //
+  //   Access logging and tracing will show the original ``:path`` header.
+  //
   message PathNormalizationOptions {
     // [#not-implemented-hide:] Normalization applies internally before any processing of requests by
     // HTTP filters, routing, and matching *and* will affect the forwarded ``:path`` header. Defaults
@@ -442,23 +446,23 @@ message HttpConnectionManager {
   Tracing tracing = 7;
 
   // Additional settings for HTTP requests handled by the connection manager. These will be
-  // applicable to both HTTP1 and HTTP2 requests.
+  // applicable to both HTTP/1.1 and HTTP/2 requests.
   config.core.v3.HttpProtocolOptions common_http_protocol_options = 35
       [(udpa.annotations.security).configure_for_untrusted_downstream = true];
 
-  // If set to true, Envoy will not start a drain timer for downstream HTTP1 connections after
-  // :ref:`common_http_protocol_options.max_connection_duration
-  // <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_connection_duration>` passes.
-  // Instead, Envoy will wait for the next downstream request, add connection:close to the response
-  // headers, then close the connection after the stream ends.
+  // If set to ``true``, Envoy will not initiate an immediate drain timer for downstream HTTP/1 connections
+  // once :ref:`common_http_protocol_options.max_connection_duration
+  // <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_connection_duration>` is exceeded.
+  // Instead, Envoy will wait until the next downstream request arrives, add a ``connection: close`` header
+  // to the response, and then gracefully close the connection once the stream has completed.
   //
-  // This behavior is compliant with `RFC 9112 section 9.6 <https://www.rfc-editor.org/rfc/rfc9112#name-tear-down>`_
+  // This behavior adheres to `RFC 9112, Section 9.6 <https://www.rfc-editor.org/rfc/rfc9112#name-tear-down>`_.
   //
-  // If set to false, ``max_connection_duration`` will cause Envoy to enter the normal drain
-  // sequence for HTTP1 with Envoy eventually closing the connection (once there are no active
-  // streams).
+  // If set to ``false``, exceeding ``max_connection_duration`` triggers Envoy's default drain behavior for HTTP/1,
+  // where the connection is eventually closed after all active streams finish.
   //
-  // Has no effect if ``max_connection_duration`` is unset. Defaults to false.
+  // This option has no effect if ``max_connection_duration`` is not configured.
+  // Defaults to ``false``.
   bool http1_safe_max_connection_duration = 58;
 
   // Additional HTTP/1 settings that are passed to the HTTP/1 codec.
@@ -496,9 +500,13 @@ message HttpConnectionManager {
   // The default value can be overridden by setting runtime key ``envoy.reloadable_features.max_request_headers_size_kb``.
   // Requests that exceed this limit will receive a 431 response.
   //
-  // Note: currently some protocol codecs impose limits on the maximum size of a single header:
-  //   HTTP/2 (when using nghttp2) limits a single header to around 100kb.
-  //   HTTP/3 limits a single header to around 1024kb.
+  // .. note::
+  //
+  //   Currently some protocol codecs impose limits on the maximum size of a single header.
+  //
+  //   * HTTP/2 (when using nghttp2) limits a single header to around 100kb.
+  //   * HTTP/3 limits a single header to around 1024kb.
+  //
   google.protobuf.UInt32Value max_request_headers_kb = 29
       [(validate.rules).uint32 = {lte: 8192 gt: 0}];
 
@@ -576,31 +584,34 @@ message HttpConnectionManager {
   // during which Envoy will wait for the peer to close (i.e., a TCP FIN/RST is received by Envoy
   // from the downstream connection) prior to Envoy closing the socket associated with that
   // connection.
-  // NOTE: This timeout is enforced even when the socket associated with the downstream connection
-  // is pending a flush of the write buffer. However, any progress made writing data to the socket
-  // will restart the timer associated with this timeout. This means that the total grace period for
-  // a socket in this state will be
-  // <total_time_waiting_for_write_buffer_flushes>+<delayed_close_timeout>.
+  //
+  // .. note::
+  //
+  //   This timeout is enforced even when the socket associated with the downstream connection is pending a flush of
+  //   the write buffer. However, any progress made writing data to the socket will restart the timer associated with
+  //   this timeout. This means that the total grace period for a socket in this state will be
+  //   <total_time_waiting_for_write_buffer_flushes>+<delayed_close_timeout>.
   //
   // Delaying Envoy's connection close and giving the peer the opportunity to initiate the close
   // sequence mitigates a race condition that exists when downstream clients do not drain/process
   // data in a connection's receive buffer after a remote close has been detected via a socket
-  // write(). This race leads to such clients failing to process the response code sent by Envoy,
+  // ``write()``. This race leads to such clients failing to process the response code sent by Envoy,
   // which could result in erroneous downstream processing.
   //
   // If the timeout triggers, Envoy will close the connection's socket.
   //
   // The default timeout is 1000 ms if this option is not specified.
   //
-  // .. NOTE::
+  // .. note::
   //    To be useful in avoiding the race condition described above, this timeout must be set
   //    to *at least* <max round trip time expected between clients and Envoy>+<100ms to account for
   //    a reasonable "worst" case processing time for a full iteration of Envoy's event loop>.
   //
-  // .. WARNING::
-  //    A value of 0 will completely disable delayed close processing. When disabled, the downstream
+  // .. warning::
+  //    A value of ``0`` will completely disable delayed close processing. When disabled, the downstream
   //    connection's socket will be closed immediately after the write flush is completed or will
   //    never close if the write flush does not complete.
+  //
   google.protobuf.Duration delayed_close_timeout = 26;
 
   // Configuration for :ref:`HTTP access logs <arch_overview_access_logs>`
@@ -657,20 +668,19 @@ message HttpConnectionManager {
   // :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.
   uint32 xff_num_trusted_hops = 19;
 
-  // The configuration for the original IP detection extensions.
+  // Configuration for original IP detection extensions.
   //
-  // When configured the extensions will be called along with the request headers
-  // and information about the downstream connection, such as the directly connected address.
-  // Each extension will then use these parameters to decide the request's effective remote address.
-  // If an extension fails to detect the original IP address and isn't configured to reject
-  // the request, the HCM will try the remaining extensions until one succeeds or rejects
-  // the request. If the request isn't rejected nor any extension succeeds, the HCM will
-  // fallback to using the remote address.
+  // When these extensions are configured, Envoy will invoke them with the incoming request headers and
+  // details about the downstream connection, including the directly connected address. Each extension uses
+  // this information to determine the effective remote IP address for the request. If an extension cannot
+  // identify the original IP address and isn't set to reject the request, Envoy will sequentially attempt
+  // the remaining extensions until one successfully determines the IP or explicitly rejects the request.
+  // If all extensions fail without rejection, Envoy defaults to using the directly connected remote address.
   //
-  // .. WARNING::
-  //    Extensions cannot be used in conjunction with :ref:`use_remote_address
+  // .. warning::
+  //    These extensions cannot be configured simultaneously with :ref:`use_remote_address
   //    <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
-  //    nor :ref:`xff_num_trusted_hops
+  //    or :ref:`xff_num_trusted_hops
   //    <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.xff_num_trusted_hops>`.
   //
   // [#extension-category: envoy.http.original_ip_detection]
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
index 9520f6dbd43..f913cb6a257 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
@@ -32,6 +32,13 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // weights using eps and qps. The weight of a given endpoint is computed as:
 // ``qps / (utilization + eps/qps * error_utilization_penalty)``.
 //
+// Note that Envoy will forward the ORCA response headers/trailers from the upstream
+// cluster to the downstream client. This means that if the downstream client is also
+// configured to use ``client_side_weighted_round_robin`` it will load balance against
+// Envoy based on upstream weights. This can happen when Envoy is used as a reverse proxy.
+// To avoid this issue you can configure the :ref:`header_mutation filter  <envoy_v3_api_msg_extensions.filters.http.header_mutation.v3.HeaderMutation>` to remove
+// the ORCA payload from the response headers/trailers.
+//
 // See the :ref:`load balancing architecture
 // overview<arch_overview_load_balancing_types>` for more information.
 //
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto
index 51520690a29..7868fb02b1a 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto
@@ -8,6 +8,7 @@ import "envoy/type/v3/percent.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/status.proto";
 import "validate/validate.proto";
 
@@ -22,7 +23,25 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 message LocalityLbConfig {
   // Configuration for :ref:`zone aware routing
   // <arch_overview_load_balancing_zone_aware_routing>`.
+  // [#next-free-field: 6]
   message ZoneAwareLbConfig {
+    // Configures Envoy to always route requests to the local zone regardless of the
+    // upstream zone structure. In Envoy's default configuration, traffic is distributed proportionally
+    // across all upstream hosts while trying to maximize local routing when possible. The approach
+    // with force_local_zone aims to be more predictable and if there are upstream hosts in the local
+    // zone, they will receive all traffic.
+    // * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`.
+    // * :ref:`Zone aware routing support <arch_overview_load_balancing_zone_aware_routing>`.
+    message ForceLocalZone {
+      // Configures the minimum number of upstream hosts in the local zone required when force_local_zone
+      // is enabled. If the number of upstream hosts in the local zone is less than the specified value,
+      // Envoy will fall back to the default proportional-based distribution across localities.
+      // If not specified, the default is 1.
+      // * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`.
+      // * :ref:`Zone aware routing support <arch_overview_load_balancing_zone_aware_routing>`.
+      google.protobuf.UInt32Value min_size = 1;
+    }
+
     // Configures percentage of requests that will be considered for zone aware routing
     // if zone aware routing is configured. If not specified, the default is 100%.
     // * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`.
@@ -41,6 +60,12 @@ message LocalityLbConfig {
     // requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a
     // failing service.
     bool fail_traffic_on_panic = 3;
+
+    // If set to true, Envoy will force LocalityDirect routing if a local locality exists.
+    bool force_locality_direct_routing = 4
+        [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+    ForceLocalZone force_local_zone = 5;
   }
 
   // Configuration for :ref:`locality weighted load balancing
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto
index 46d86b65856..9bc5fb5d029 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto
@@ -24,7 +24,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Common TLS configuration]
 
-// [#next-free-field: 6]
+// [#next-free-field: 7]
 message TlsParameters {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.TlsParameters";
 
@@ -45,6 +45,23 @@ message TlsParameters {
     TLSv1_3 = 4;
   }
 
+  enum CompliancePolicy {
+    // FIPS_202205 configures a TLS connection to use:
+    //
+    //   * TLS 1.2 or 1.3
+    //   * For TLS 1.2, only ECDHE_[RSA|ECDSA]_WITH_AES_*_GCM_SHA*.
+    //   * For TLS 1.3, only AES-GCM
+    //   * P-256 or P-384 for key agreement.
+    //   * For server signatures, only ``PKCS#1/PSS`` with ``SHA256/384/512``, or ECDSA
+    //     with P-256 or P-384.
+    //
+    // .. attention::
+    //
+    //   Please refer to `BoringSSL policies <https://boringssl.googlesource.com/boringssl/+/refs/tags/0.20240913.0/include/openssl/ssl.h#5608>`_
+    //   for details.
+    FIPS_202205 = 0;
+  }
+
   // Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.
   //
   // TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
@@ -157,6 +174,11 @@ message TlsParameters {
   //   rsa_pkcs1_sha1
   //   ecdsa_sha1
   repeated string signature_algorithms = 5;
+
+  // Compliance policies configure various aspects of the TLS based on the given policy.
+  // The policies are applied last during configuration and may override the other TLS
+  // parameters, or any previous policy.
+  repeated CompliancePolicy compliance_policies = 6 [(validate.rules).repeated = {max_items: 1}];
 }
 
 // BoringSSL private key method configuration. The private key methods are used for external
@@ -232,12 +254,13 @@ message TlsCertificate {
   config.core.v3.WatchedDirectory watched_directory = 7;
 
   // BoringSSL private key method provider. This is an alternative to :ref:`private_key
-  // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
-  // marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
-  // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
-  // :ref:`private_key_provider
-  // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
-  // error.
+  // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field.
+  // When both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
+  // :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields are set,
+  // ``private_key_provider`` takes precedence.
+  // If ``private_key_provider`` is unavailable and :ref:`fallback
+  // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.PrivateKeyProvider.fallback>`
+  // is enabled, ``private_key`` will be used.
   PrivateKeyProvider private_key_provider = 6;
 
   // The password to decrypt the TLS private key. If this field is not set, it is assumed that the
@@ -322,6 +345,13 @@ message SubjectAltNameMatcher {
 
   // Matcher for SAN value.
   //
+  // If the :ref:`san_type <envoy_v3_api_field_extensions.transport_sockets.tls.v3.SubjectAltNameMatcher.san_type>`
+  // is :ref:`DNS <envoy_v3_api_enum_value_extensions.transport_sockets.tls.v3.SubjectAltNameMatcher.SanType.DNS>`
+  // and the matcher type is :ref:`exact <envoy_v3_api_field_type.matcher.v3.StringMatcher.exact>`, DNS wildcards are evaluated
+  // according to the rules in https://www.rfc-editor.org/rfc/rfc6125#section-6.4.3.
+  // For example, ``*.example.com`` would match ``test.example.com`` but not ``example.com`` and not
+  // ``a.b.example.com``.
+  //
   // The string matching for OTHER_NAME SAN values depends on their ASN.1 type:
   //
   //          * OBJECT: Validated against its dotted numeric notation (e.g., "1.2.3.4")
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto
index 83ad364c4bf..94660e2da9f 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto
@@ -22,8 +22,13 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 message GenericSecret {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.GenericSecret";
 
-  // Secret of generic type and is available to filters.
+  // Secret of generic type and is available to filters. It is expected
+  // that only only one of secret and secrets is set.
   config.core.v3.DataSource secret = 1 [(udpa.annotations.sensitive) = true];
+
+  // For cases where multiple associated secrets need to be distributed together. It is expected
+  // that only only one of secret and secrets is set.
+  map<string, config.core.v3.DataSource> secrets = 2 [(udpa.annotations.sensitive) = true];
 }
 
 message SdsSecretConfig {
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
index 44b8d269324..b292b18c45d 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
@@ -34,9 +34,8 @@ message UpstreamTlsContext {
   //
   // .. attention::
   //
-  //   Server certificate verification is not enabled by default. Configure
-  //   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
-  //   verification.
+  //   Server certificate verification is not enabled by default. To enable verification, configure
+  //   :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
   CommonTlsContext common_tls_context = 1;
 
   // SNI string to use when creating TLS backend connections.
@@ -51,14 +50,13 @@ message UpstreamTlsContext {
   // interacts with other validation options.
   bool auto_host_sni = 6;
 
-  // If true, replace any Subject Alternative Name validations with a validation for a DNS SAN matching
-  // the SNI value sent. Note that the validation will be against the actual requested SNI, regardless of how it
-  // is configured.
+  // If true, replaces any Subject Alternative Name (SAN) validations with a validation for a DNS SAN matching
+  // the SNI value sent. The validation uses the actual requested SNI, regardless of how the SNI is configured.
   //
-  // For the common case where an SNI value is sent and it is expected that the server certificate contains a SAN
-  // matching that SNI value, this option will do the correct SAN validation.
+  // For common cases where an SNI value is present and the server certificate should include a corresponding SAN,
+  // this option ensures the SAN is properly validated.
   //
-  // See :ref:`validation configuration <start_quick_start_securing_validation>` for how this interacts with
+  // See the :ref:`validation configuration <start_quick_start_securing_validation>` for how this interacts with
   // other validation options.
   bool auto_sni_san_validation = 7;
 
@@ -70,16 +68,19 @@ message UpstreamTlsContext {
   bool allow_renegotiation = 3;
 
   // Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
-  // for TLSv1.2 and older) to store for the purpose of session resumption.
+  // for TLSv1.2 and older) to be stored for session resumption.
   //
   // Defaults to 1, setting this to 0 disables session resumption.
   google.protobuf.UInt32Value max_session_keys = 4;
 
-  // This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
-  // is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
-  // but it is expected to be changed to true by default in a future release.
-  // ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
-  // configurations that would fail if this option were set to true.
+  // Controls enforcement of the ``keyUsage`` extension in peer certificates. If set to ``true``, the handshake will fail if
+  // the ``keyUsage`` is incompatible with TLS usage.
+  //
+  // .. note::
+  //   The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.
+  //
+  // The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
+  // for configurations that would fail if this option were enabled.
   google.protobuf.BoolValue enforce_rsa_key_usage = 5;
 }
 
@@ -89,24 +90,16 @@ message DownstreamTlsContext {
       "envoy.api.v2.auth.DownstreamTlsContext";
 
   enum OcspStaplePolicy {
-    // OCSP responses are optional. If an OCSP response is absent
-    // or expired, the associated certificate will be used for
-    // connections without an OCSP staple.
+    // OCSP responses are optional. If absent or expired, the certificate is used without stapling.
     LENIENT_STAPLING = 0;
 
-    // OCSP responses are optional. If an OCSP response is absent,
-    // the associated certificate will be used without an
-    // OCSP staple. If a response is provided but is expired,
-    // the associated certificate will not be used for
-    // subsequent connections. If no suitable certificate is found,
-    // the connection is rejected.
+    // OCSP responses are optional. If absent, the certificate is used without stapling. If present but expired,
+    // the certificate is not used for subsequent connections. Connections are rejected if no suitable certificate
+    // is found.
     STRICT_STAPLING = 1;
 
-    // OCSP responses are required. Configuration will fail if
-    // a certificate is provided without an OCSP response. If a
-    // response expires, the associated certificate will not be
-    // used connections. If no suitable certificate is found, the
-    // connection is rejected.
+    // OCSP responses are required. Connections fail if a certificate lacks a valid OCSP response. Expired responses
+    // prevent certificate use in new connections, and connections are rejected if no suitable certificate is available.
     MUST_STAPLE = 2;
   }
 
@@ -139,46 +132,54 @@ message DownstreamTlsContext {
     bool disable_stateless_session_resumption = 7;
   }
 
-  // If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is
-  // relevant only for TLSv1.2 and earlier.)
+  // If ``true``, the TLS server will not maintain a session cache of TLS sessions.
+  //
+  // .. note::
+  //   This applies only to TLSv1.2 and earlier.
+  //
   bool disable_stateful_session_resumption = 10;
 
-  // If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
-  // Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
-  // Only seconds can be specified (fractional seconds are ignored).
+  // Maximum lifetime of TLS sessions. If specified, ``session_timeout`` will change the maximum lifetime
+  // of the TLS session.
+  //
+  // This serves as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
+  // Only whole seconds are considered; fractional seconds are ignored.
   google.protobuf.Duration session_timeout = 6 [(validate.rules).duration = {
     lt {seconds: 4294967296}
     gte {}
   }];
 
-  // Config for whether to use certificates if they do not have
-  // an accompanying OCSP response or if the response expires at runtime.
-  // Defaults to LENIENT_STAPLING
+  // Configuration for handling certificates without an OCSP response or with expired responses.
+  //
+  // Defaults to ``LENIENT_STAPLING``
   OcspStaplePolicy ocsp_staple_policy = 8 [(validate.rules).enum = {defined_only: true}];
 
   // Multiple certificates are allowed in Downstream transport socket to serve different SNI.
-  // If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
-  // Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
+  // This option controls the behavior when no matching certificate is found for the received SNI value,
+  // or no SNI value was sent. If enabled, all certificates will be evaluated for a match for non-SNI criteria
+  // such as key type and OCSP settings. If disabled, the first provided certificate will be used.
+  // Defaults to ``false``. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
   google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
 
-  // By default, Envoy as a server uses its preferred cipher during the handshake.
-  // Setting this to true would allow the downstream client's preferred cipher to be used instead.
-  // Has no effect when using TLSv1_3.
+  // If ``true``, the downstream client's preferred cipher is used during the handshake. If ``false``, Envoy
+  // uses its preferred cipher.
+  //
+  // .. note::
+  //   This has no effect when using TLSv1_3.
+  //
   bool prefer_client_ciphers = 11;
 }
 
 // TLS key log configuration.
 // The key log file format is "format used by NSS for its SSLKEYLOGFILE debugging output" (text taken from openssl man page)
 message TlsKeyLog {
-  // The path to save the TLS key log.
+  // Path to save the TLS key log.
   string path = 1 [(validate.rules).string = {min_len: 1}];
 
-  // The local IP address that will be used to filter the connection which should save the TLS key log
-  // If it is not set, any local IP address  will be matched.
+  // Local IP address ranges to filter connections for TLS key logging. If not set, matches any local IP address.
   repeated config.core.v3.CidrRange local_address_range = 2;
 
-  // The remote IP address that will be used to filter the connection which should save the TLS key log
-  // If it is not set, any remote IP address will be matched.
+  // Remote IP address ranges to filter connections for TLS key logging. If not set, matches any remote IP address.
   repeated config.core.v3.CidrRange remote_address_range = 3;
 }
 
@@ -187,8 +188,8 @@ message TlsKeyLog {
 message CommonTlsContext {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.CommonTlsContext";
 
-  // Config for Certificate provider to get certificates. This provider should allow certificates to be
-  // fetched/refreshed over the network asynchronously with respect to the TLS handshake.
+  // Config for the Certificate Provider to fetch certificates. Certificates are fetched/refreshed asynchronously over
+  // the network relative to the TLS handshake.
   //
   // DEPRECATED: This message is not currently used, but if we ever do need it, we will want to
   // move it out of CommonTlsContext and into common.proto, similar to the existing
@@ -281,7 +282,7 @@ message CommonTlsContext {
   // fetched/refreshed over the network asynchronously with respect to the TLS handshake.
   //
   // The same number and types of certificates as :ref:`tls_certificates <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CommonTlsContext.tls_certificates>`
-  // are valid in the the certificates fetched through this setting.
+  // are valid in the certificates fetched through this setting.
   //
   // If ``tls_certificates`` or ``tls_certificate_provider_instance`` are set, this field
   // is ignored.
@@ -319,13 +320,17 @@ message CommonTlsContext {
     // fetched/refreshed over the network asynchronously with respect to the TLS handshake.
     SdsSecretConfig validation_context_sds_secret_config = 7;
 
-    // Combined certificate validation context holds a default CertificateValidationContext
-    // and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic
-    // and default CertificateValidationContext are merged into a new CertificateValidationContext
-    // for validation. This merge is done by Message::MergeFrom(), so dynamic
-    // CertificateValidationContext overwrites singular fields in default
-    // CertificateValidationContext, and concatenates repeated fields to default
-    // CertificateValidationContext, and logical OR is applied to boolean fields.
+    // Combines the default ``CertificateValidationContext`` with the SDS-provided dynamic context for certificate
+    // validation.
+    //
+    // When the SDS server returns a dynamic ``CertificateValidationContext``, it is merged
+    // with the default context using ``Message::MergeFrom()``. The merging rules are as follows:
+    //
+    // * **Singular Fields:** Dynamic fields override the default singular fields.
+    // * **Repeated Fields:** Dynamic repeated fields are concatenated with the default repeated fields.
+    // * **Boolean Fields:** Boolean fields are combined using a logical OR operation.
+    //
+    // The resulting ``CertificateValidationContext`` is used to perform certificate validation.
     CombinedCertificateValidationContext combined_validation_context = 8;
 
     // Certificate provider for fetching validation context.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto b/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto
index b7270f246de..e1ce827a48f 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto
@@ -41,18 +41,29 @@ message ResourceName {
   DynamicParameterConstraints dynamic_parameter_constraints = 2;
 }
 
+// [#not-implemented-hide:]
+// An error associated with a specific resource name, returned to the
+// client by the server.
+message ResourceError {
+  // The name of the resource.
+  ResourceName resource_name = 1;
+
+  // The error reported for the resource.
+  google.rpc.Status error_detail = 2;
+}
+
 // A DiscoveryRequest requests a set of versioned resources of the same type for
 // a given Envoy node on some API.
 // [#next-free-field: 8]
 message DiscoveryRequest {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DiscoveryRequest";
 
-  // The version_info provided in the request messages will be the version_info
+  // The ``version_info`` provided in the request messages will be the ``version_info``
   // received with the most recent successfully processed response or empty on
   // the first request. It is expected that no new request is sent after a
   // response is received until the Envoy instance is ready to ACK/NACK the new
   // configuration. ACK/NACK takes place by returning the new API config version
-  // as applied or the previous API config version respectively. Each type_url
+  // as applied or the previous API config version respectively. Each ``type_url``
   // (see below) has an independent version associated with it.
   string version_info = 1;
 
@@ -61,10 +72,10 @@ message DiscoveryRequest {
 
   // List of resources to subscribe to, e.g. list of cluster names or a route
   // configuration name. If this is empty, all resources for the API are
-  // returned. LDS/CDS may have empty resource_names, which will cause all
+  // returned. LDS/CDS may have empty ``resource_names``, which will cause all
   // resources for the Envoy instance to be returned. The LDS and CDS responses
   // will then imply a number of resources that need to be fetched via EDS/RDS,
-  // which will be explicitly enumerated in resource_names.
+  // which will be explicitly enumerated in ``resource_names``.
   repeated string resource_names = 3;
 
   // [#not-implemented-hide:]
@@ -72,21 +83,27 @@ message DiscoveryRequest {
   // parameters along with each resource name. Clients that populate this
   // field must be able to handle responses from the server where resources
   // are wrapped in a Resource message.
-  // Note that it is legal for a request to have some resources listed
-  // in ``resource_names`` and others in ``resource_locators``.
+  //
+  // .. note::
+  //   It is legal for a request to have some resources listed
+  //   in ``resource_names`` and others in ``resource_locators``.
+  //
   repeated ResourceLocator resource_locators = 7;
 
   // Type of the resource that is being requested, e.g.
-  // "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment". This is implicit
+  // ``type.googleapis.com/envoy.api.v2.ClusterLoadAssignment``. This is implicit
   // in requests made via singleton xDS APIs such as CDS, LDS, etc. but is
   // required for ADS.
   string type_url = 4;
 
-  // nonce corresponding to DiscoveryResponse being ACK/NACKed. See above
-  // discussion on version_info and the DiscoveryResponse nonce comment. This
-  // may be empty only if 1) this is a non-persistent-stream xDS such as HTTP,
-  // or 2) the client has not yet accepted an update in this xDS stream (unlike
-  // delta, where it is populated only for new explicit ACKs).
+  // nonce corresponding to ``DiscoveryResponse`` being ACK/NACKed. See above
+  // discussion on ``version_info`` and the ``DiscoveryResponse`` nonce comment. This
+  // may be empty only if:
+  //
+  // * This is a non-persistent-stream xDS such as HTTP, or
+  // * The client has not yet accepted an update in this xDS stream (unlike
+  //   delta, where it is populated only for new explicit ACKs).
+  //
   string response_nonce = 5;
 
   // This is populated when the previous :ref:`DiscoveryResponse <envoy_v3_api_msg_service.discovery.v3.DiscoveryResponse>`
@@ -96,7 +113,7 @@ message DiscoveryRequest {
   google.rpc.Status error_detail = 6;
 }
 
-// [#next-free-field: 7]
+// [#next-free-field: 8]
 message DiscoveryResponse {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DiscoveryResponse";
 
@@ -109,35 +126,46 @@ message DiscoveryResponse {
   // [#not-implemented-hide:]
   // Canary is used to support two Envoy command line flags:
   //
-  // * --terminate-on-canary-transition-failure. When set, Envoy is able to
+  // * ``--terminate-on-canary-transition-failure``. When set, Envoy is able to
   //   terminate if it detects that configuration is stuck at canary. Consider
   //   this example sequence of updates:
-  //   - Management server applies a canary config successfully.
-  //   - Management server rolls back to a production config.
-  //   - Envoy rejects the new production config.
+  //
+  //   * Management server applies a canary config successfully.
+  //   * Management server rolls back to a production config.
+  //   * Envoy rejects the new production config.
+  //
   //   Since there is no sensible way to continue receiving configuration
   //   updates, Envoy will then terminate and apply production config from a
   //   clean slate.
-  // * --dry-run-canary. When set, a canary response will never be applied, only
+  //
+  // * ``--dry-run-canary``. When set, a canary response will never be applied, only
   //   validated via a dry run.
+  //
   bool canary = 3;
 
   // Type URL for resources. Identifies the xDS API when muxing over ADS.
-  // Must be consistent with the type_url in the 'resources' repeated Any (if non-empty).
+  // Must be consistent with the ``type_url`` in the 'resources' repeated Any (if non-empty).
   string type_url = 4;
 
   // For gRPC based subscriptions, the nonce provides a way to explicitly ack a
-  // specific DiscoveryResponse in a following DiscoveryRequest. Additional
+  // specific ``DiscoveryResponse`` in a following ``DiscoveryRequest``. Additional
   // messages may have been sent by Envoy to the management server for the
-  // previous version on the stream prior to this DiscoveryResponse, that were
+  // previous version on the stream prior to this ``DiscoveryResponse``, that were
   // unprocessed at response send time. The nonce allows the management server
-  // to ignore any further DiscoveryRequests for the previous version until a
-  // DiscoveryRequest bearing the nonce. The nonce is optional and is not
+  // to ignore any further ``DiscoveryRequests`` for the previous version until a
+  // ``DiscoveryRequest`` bearing the nonce. The nonce is optional and is not
   // required for non-stream based xDS implementations.
   string nonce = 5;
 
   // The control plane instance that sent the response.
   config.core.v3.ControlPlane control_plane = 6;
+
+  // [#not-implemented-hide:]
+  // Errors associated with specific resources. Clients are expected to
+  // remember the most recent error for a given resource across responses;
+  // the error condition is not considered to be cleared until a response is
+  // received that contains the resource in the 'resources' field.
+  repeated ResourceError resource_errors = 7;
 }
 
 // DeltaDiscoveryRequest and DeltaDiscoveryResponse are used in a new gRPC
@@ -153,25 +181,28 @@ message DiscoveryResponse {
 // connected to it.
 //
 // In Delta xDS the nonce field is required and used to pair
-// DeltaDiscoveryResponse to a DeltaDiscoveryRequest ACK or NACK.
-// Optionally, a response message level system_version_info is present for
+// ``DeltaDiscoveryResponse`` to a ``DeltaDiscoveryRequest`` ACK or NACK.
+// Optionally, a response message level ``system_version_info`` is present for
 // debugging purposes only.
 //
-// DeltaDiscoveryRequest plays two independent roles. Any DeltaDiscoveryRequest
-// can be either or both of: [1] informing the server of what resources the
-// client has gained/lost interest in (using resource_names_subscribe and
-// resource_names_unsubscribe), or [2] (N)ACKing an earlier resource update from
-// the server (using response_nonce, with presence of error_detail making it a NACK).
-// Additionally, the first message (for a given type_url) of a reconnected gRPC stream
+// ``DeltaDiscoveryRequest`` plays two independent roles. Any ``DeltaDiscoveryRequest``
+// can be either or both of:
+//
+// * Informing the server of what resources the client has gained/lost interest in
+//   (using ``resource_names_subscribe`` and ``resource_names_unsubscribe``), or
+// * (N)ACKing an earlier resource update from the server (using ``response_nonce``,
+//   with presence of ``error_detail`` making it a NACK).
+//
+// Additionally, the first message (for a given ``type_url``) of a reconnected gRPC stream
 // has a third role: informing the server of the resources (and their versions)
-// that the client already possesses, using the initial_resource_versions field.
+// that the client already possesses, using the ``initial_resource_versions`` field.
 //
 // As with state-of-the-world, when multiple resource types are multiplexed (ADS),
-// all requests/acknowledgments/updates are logically walled off by type_url:
+// all requests/acknowledgments/updates are logically walled off by ``type_url``:
 // a Cluster ACK exists in a completely separate world from a prior Route NACK.
-// In particular, initial_resource_versions being sent at the "start" of every
-// gRPC stream actually entails a message for each type_url, each with its own
-// initial_resource_versions.
+// In particular, ``initial_resource_versions`` being sent at the "start" of every
+// gRPC stream actually entails a message for each ``type_url``, each with its own
+// ``initial_resource_versions``.
 // [#next-free-field: 10]
 message DeltaDiscoveryRequest {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DeltaDiscoveryRequest";
@@ -187,23 +218,24 @@ message DeltaDiscoveryRequest {
 
   // DeltaDiscoveryRequests allow the client to add or remove individual
   // resources to the set of tracked resources in the context of a stream.
-  // All resource names in the resource_names_subscribe list are added to the
-  // set of tracked resources and all resource names in the resource_names_unsubscribe
+  // All resource names in the ``resource_names_subscribe`` list are added to the
+  // set of tracked resources and all resource names in the ``resource_names_unsubscribe``
   // list are removed from the set of tracked resources.
   //
-  // *Unlike* state-of-the-world xDS, an empty resource_names_subscribe or
-  // resource_names_unsubscribe list simply means that no resources are to be
+  // *Unlike* state-of-the-world xDS, an empty ``resource_names_subscribe`` or
+  // ``resource_names_unsubscribe`` list simply means that no resources are to be
   // added or removed to the resource list.
   // *Like* state-of-the-world xDS, the server must send updates for all tracked
   // resources, but can also send updates for resources the client has not subscribed to.
   //
-  // NOTE: the server must respond with all resources listed in resource_names_subscribe,
-  // even if it believes the client has the most recent version of them. The reason:
-  // the client may have dropped them, but then regained interest before it had a chance
-  // to send the unsubscribe message. See DeltaSubscriptionStateTest.RemoveThenAdd.
+  // .. note::
+  //   The server must respond with all resources listed in ``resource_names_subscribe``,
+  //   even if it believes the client has the most recent version of them. The reason:
+  //   the client may have dropped them, but then regained interest before it had a chance
+  //   to send the unsubscribe message. See DeltaSubscriptionStateTest.RemoveThenAdd.
   //
-  // These two fields can be set in any DeltaDiscoveryRequest, including ACKs
-  // and initial_resource_versions.
+  // These two fields can be set in any ``DeltaDiscoveryRequest``, including ACKs
+  // and ``initial_resource_versions``.
   //
   // A list of Resource names to add to the list of tracked resources.
   repeated string resource_names_subscribe = 3;
@@ -214,31 +246,40 @@ message DeltaDiscoveryRequest {
   // [#not-implemented-hide:]
   // Alternative to ``resource_names_subscribe`` field that allows specifying dynamic parameters
   // along with each resource name.
-  // Note that it is legal for a request to have some resources listed
-  // in ``resource_names_subscribe`` and others in ``resource_locators_subscribe``.
+  //
+  // .. note::
+  //   It is legal for a request to have some resources listed
+  //   in ``resource_names_subscribe`` and others in ``resource_locators_subscribe``.
+  //
   repeated ResourceLocator resource_locators_subscribe = 8;
 
   // [#not-implemented-hide:]
   // Alternative to ``resource_names_unsubscribe`` field that allows specifying dynamic parameters
   // along with each resource name.
-  // Note that it is legal for a request to have some resources listed
-  // in ``resource_names_unsubscribe`` and others in ``resource_locators_unsubscribe``.
+  //
+  // .. note::
+  //   It is legal for a request to have some resources listed
+  //   in ``resource_names_unsubscribe`` and others in ``resource_locators_unsubscribe``.
+  //
   repeated ResourceLocator resource_locators_unsubscribe = 9;
 
   // Informs the server of the versions of the resources the xDS client knows of, to enable the
   // client to continue the same logical xDS session even in the face of gRPC stream reconnection.
-  // It will not be populated: [1] in the very first stream of a session, since the client will
-  // not yet have any resources,  [2] in any message after the first in a stream (for a given
-  // type_url), since the server will already be correctly tracking the client's state.
-  // (In ADS, the first message *of each type_url* of a reconnected stream populates this map.)
+  // It will not be populated:
+  //
+  // * In the very first stream of a session, since the client will not yet have any resources.
+  // * In any message after the first in a stream (for a given ``type_url``), since the server will
+  //   already be correctly tracking the client's state.
+  //
+  // (In ADS, the first message ``of each type_url`` of a reconnected stream populates this map.)
   // The map's keys are names of xDS resources known to the xDS client.
   // The map's values are opaque resource versions.
   map<string, string> initial_resource_versions = 5;
 
-  // When the DeltaDiscoveryRequest is a ACK or NACK message in response
-  // to a previous DeltaDiscoveryResponse, the response_nonce must be the
-  // nonce in the DeltaDiscoveryResponse.
-  // Otherwise (unlike in DiscoveryRequest) response_nonce must be omitted.
+  // When the ``DeltaDiscoveryRequest`` is a ACK or NACK message in response
+  // to a previous ``DeltaDiscoveryResponse``, the ``response_nonce`` must be the
+  // nonce in the ``DeltaDiscoveryResponse``.
+  // Otherwise (unlike in ``DiscoveryRequest``) ``response_nonce`` must be omitted.
   string response_nonce = 6;
 
   // This is populated when the previous :ref:`DiscoveryResponse <envoy_v3_api_msg_service.discovery.v3.DiscoveryResponse>`
@@ -247,7 +288,7 @@ message DeltaDiscoveryRequest {
   google.rpc.Status error_detail = 7;
 }
 
-// [#next-free-field: 9]
+// [#next-free-field: 10]
 message DeltaDiscoveryResponse {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.DeltaDiscoveryResponse";
@@ -256,37 +297,46 @@ message DeltaDiscoveryResponse {
   string system_version_info = 1;
 
   // The response resources. These are typed resources, whose types must match
-  // the type_url field.
+  // the ``type_url`` field.
   repeated Resource resources = 2;
 
   // field id 3 IS available!
 
   // Type URL for resources. Identifies the xDS API when muxing over ADS.
-  // Must be consistent with the type_url in the Any within 'resources' if 'resources' is non-empty.
+  // Must be consistent with the ``type_url`` in the Any within 'resources' if 'resources' is non-empty.
   string type_url = 4;
 
-  // Resources names of resources that have be deleted and to be removed from the xDS Client.
+  // Resource names of resources that have been deleted and to be removed from the xDS Client.
   // Removed resources for missing resources can be ignored.
   repeated string removed_resources = 6;
 
-  // Alternative to removed_resources that allows specifying which variant of
+  // Alternative to ``removed_resources`` that allows specifying which variant of
   // a resource is being removed. This variant must be used for any resource
   // for which dynamic parameter constraints were sent to the client.
   repeated ResourceName removed_resource_names = 8;
 
-  // The nonce provides a way for DeltaDiscoveryRequests to uniquely
-  // reference a DeltaDiscoveryResponse when (N)ACKing. The nonce is required.
+  // The nonce provides a way for ``DeltaDiscoveryRequests`` to uniquely
+  // reference a ``DeltaDiscoveryResponse`` when (N)ACKing. The nonce is required.
   string nonce = 5;
 
   // [#not-implemented-hide:]
   // The control plane instance that sent the response.
   config.core.v3.ControlPlane control_plane = 7;
+
+  // [#not-implemented-hide:]
+  // Errors associated with specific resources.
+  //
+  // .. note::
+  //   A resource in this field with a status of NOT_FOUND should be treated the same as
+  //   a resource listed in the ``removed_resources`` or ``removed_resource_names`` fields.
+  //
+  repeated ResourceError resource_errors = 9;
 }
 
 // A set of dynamic parameter constraints associated with a variant of an individual xDS resource.
 // These constraints determine whether the resource matches a subscription based on the set of
 // dynamic parameters in the subscription, as specified in the
-// :ref:`ResourceLocator.dynamic_parameters<envoy_v3_api_field_service.discovery.v3.ResourceLocator.dynamic_parameters>`
+// :ref:`ResourceLocator.dynamic_parameters <envoy_v3_api_field_service.discovery.v3.ResourceLocator.dynamic_parameters>`
 // field. This allows xDS implementations (clients, servers, and caching proxies) to determine
 // which variant of a resource is appropriate for a given client.
 message DynamicParameterConstraints {
@@ -340,8 +390,11 @@ message Resource {
   // [#not-implemented-hide:]
   message CacheControl {
     // If true, xDS proxies may not cache this resource.
-    // Note that this does not apply to clients other than xDS proxies, which must cache resources
-    // for their own use, regardless of the value of this field.
+    //
+    // .. note::
+    //   This does not apply to clients other than xDS proxies, which must cache resources
+    //   for their own use, regardless of the value of this field.
+    //
     bool do_not_cache = 1;
   }
 
@@ -371,7 +424,7 @@ message Resource {
   // configuration for the resource will be removed.
   //
   // The TTL can be refreshed or changed by sending a response that doesn't change the resource
-  // version. In this case the resource field does not need to be populated, which allows for
+  // version. In this case the ``resource`` field does not need to be populated, which allows for
   // light-weight "heartbeat" updates to keep a resource with a TTL alive.
   //
   // The TTL feature is meant to support configurations that should be removed in the event of
diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto b/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto
index 1c51f2bac37..de62fbf9b0f 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto
@@ -72,6 +72,11 @@ enum ClientConfigStatus {
   // config dump is not the NACKed version, but the most recent accepted one. If
   // no config is accepted yet, the attached config dump will be empty.
   CLIENT_NACKED = 3;
+
+  // Client received an error from the control plane. The attached config
+  // dump is the most recent accepted one. If no config is accepted yet,
+  // the attached config dump will be empty.
+  CLIENT_RECEIVED_ERROR = 4;
 }
 
 // Request for client status of clients identified by a list of NodeMatchers.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/address.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/address.proto
new file mode 100644
index 00000000000..8a03a5320af
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/address.proto
@@ -0,0 +1,22 @@
+syntax = "proto3";
+
+package envoy.type.matcher.v3;
+
+import "xds/core/v3/cidr.proto";
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.type.matcher.v3";
+option java_outer_classname = "AddressProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3;matcherv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Address Matcher]
+
+// Match an IP against a repeated CIDR range. This matcher is intended to be
+// used in other matchers, for example in the filter state matcher to match a
+// filter state object as an IP.
+message AddressMatcher {
+  repeated xds.core.v3.CidrRange ranges = 1;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/filter_state.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/filter_state.proto
index f813178ae05..8c38a515ae9 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/filter_state.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/filter_state.proto
@@ -2,6 +2,7 @@ syntax = "proto3";
 
 package envoy.type.matcher.v3;
 
+import "envoy/type/matcher/v3/address.proto";
 import "envoy/type/matcher/v3/string.proto";
 
 import "udpa/annotations/status.proto";
@@ -25,5 +26,8 @@ message FilterStateMatcher {
 
     // Matches the filter state object as a string value.
     StringMatcher string_match = 2;
+
+    // Matches the filter state object as a ip Instance.
+    AddressMatcher address_match = 3;
   }
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto
index d3316e88a88..30abde97c09 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/metadata.proto
@@ -16,11 +16,11 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Metadata matcher]
 
-// MetadataMatcher provides a general interface to check if a given value is matched in
-// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`. It uses `filter` and `path` to retrieve the value
-// from the Metadata and then check if it's matched to the specified value.
+// ``MetadataMatcher`` provides a general interface to check if a given value is matched in
+// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`. It uses ``filter`` and ``path`` to retrieve the value
+// from the ``Metadata`` and then check if it's matched to the specified value.
 //
-// For example, for the following Metadata:
+// For example, for the following ``Metadata``:
 //
 // .. code-block:: yaml
 //
@@ -41,8 +41,8 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 //                      - string_value: m
 //                      - string_value: n
 //
-// The following MetadataMatcher is matched as the path [a, b, c] will retrieve a string value "pro"
-// from the Metadata which is matched to the specified prefix match.
+// The following ``MetadataMatcher`` is matched as the path ``[a, b, c]`` will retrieve a string value ``pro``
+// from the ``Metadata`` which is matched to the specified prefix match.
 //
 // .. code-block:: yaml
 //
@@ -55,7 +55,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 //      string_match:
 //        prefix: pr
 //
-// The following MetadataMatcher is matched as the code will match one of the string values in the
+// The following ``MetadataMatcher`` is matched as the code will match one of the string values in the
 // list at the path [a, t].
 //
 // .. code-block:: yaml
@@ -70,7 +70,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 //          string_match:
 //            exact: m
 //
-// An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to
+// An example use of ``MetadataMatcher`` is specifying additional metadata in ``envoy.filters.http.rbac`` to
 // enforce access control based on dynamic metadata in a request. See :ref:`Permission
 // <envoy_v3_api_msg_config.rbac.v3.Permission>` and :ref:`Principal
 // <envoy_v3_api_msg_config.rbac.v3.Principal>`.
@@ -79,9 +79,11 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 message MetadataMatcher {
   option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.MetadataMatcher";
 
-  // Specifies the segment in a path to retrieve value from Metadata.
-  // Note: Currently it's not supported to retrieve a value from a list in Metadata. This means that
-  // if the segment key refers to a list, it has to be the last segment in a path.
+  // Specifies the segment in a path to retrieve value from ``Metadata``.
+  //
+  // .. note::
+  //   Currently it's not supported to retrieve a value from a list in ``Metadata``. This means that
+  //   if the segment key refers to a list, it has to be the last segment in a path.
   message PathSegment {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.type.matcher.MetadataMatcher.PathSegment";
@@ -89,18 +91,18 @@ message MetadataMatcher {
     oneof segment {
       option (validate.required) = true;
 
-      // If specified, use the key to retrieve the value in a Struct.
+      // If specified, use the key to retrieve the value in a ``Struct``.
       string key = 1 [(validate.rules).string = {min_len: 1}];
     }
   }
 
-  // The filter name to retrieve the Struct from the Metadata.
+  // The filter name to retrieve the ``Struct`` from the ``Metadata``.
   string filter = 1 [(validate.rules).string = {min_len: 1}];
 
-  // The path to retrieve the Value from the Struct.
+  // The path to retrieve the ``Value`` from the ``Struct``.
   repeated PathSegment path = 2 [(validate.rules).repeated = {min_items: 1}];
 
-  // The MetadataMatcher is matched if the value retrieved by path is matched to this value.
+  // The ``MetadataMatcher`` is matched if the value retrieved by path is matched to this value.
   ValueMatcher value = 3 [(validate.rules).message = {required: true}];
 
   // If true, the match result will be inverted.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto
index 10033749acd..56d39565ca5 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto
@@ -38,7 +38,10 @@ message StringMatcher {
     string exact = 1;
 
     // The input string must have the prefix specified here.
-    // Note: empty prefix is not allowed, please use regex instead.
+    //
+    // .. note::
+    //
+    //  Empty prefix match is not allowed, please use ``safe_regex`` instead.
     //
     // Examples:
     //
@@ -46,7 +49,10 @@ message StringMatcher {
     string prefix = 2 [(validate.rules).string = {min_len: 1}];
 
     // The input string must have the suffix specified here.
-    // Note: empty prefix is not allowed, please use regex instead.
+    //
+    // .. note::
+    //
+    //  Empty suffix match is not allowed, please use ``safe_regex`` instead.
     //
     // Examples:
     //
@@ -57,7 +63,10 @@ message StringMatcher {
     RegexMatcher safe_regex = 5 [(validate.rules).message = {required: true}];
 
     // The input string must have the substring specified here.
-    // Note: empty contains match is not allowed, please use regex instead.
+    //
+    // .. note::
+    //
+    //  Empty contains match is not allowed, please use ``safe_regex`` instead.
     //
     // Examples:
     //
@@ -69,9 +78,10 @@ message StringMatcher {
     xds.core.v3.TypedExtensionConfig custom = 8;
   }
 
-  // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. This
-  // has no effect for the safe_regex match.
-  // For example, the matcher ``data`` will match both input string ``Data`` and ``data`` if set to true.
+  // If ``true``, indicates the exact/prefix/suffix/contains matching should be case insensitive. This
+  // has no effect for the ``safe_regex`` match.
+  // For example, the matcher ``data`` will match both input string ``Data`` and ``data`` if this option
+  // is set to ``true``.
   bool ignore_case = 6;
 }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto b/xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto
index 20758577503..d131635bf9f 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto
@@ -14,10 +14,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Metadata]
 
-// MetadataKey provides a general interface using ``key`` and ``path`` to retrieve value from
-// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`.
+// MetadataKey provides a way to retrieve values from
+// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>` using a ``key`` and a ``path``.
 //
-// For example, for the following Metadata:
+// For example, consider the following Metadata:
 //
 // .. code-block:: yaml
 //
@@ -28,7 +28,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 //          xyz:
 //            hello: envoy
 //
-// The following MetadataKey will retrieve a string value "bar" from the Metadata.
+// The following MetadataKey would retrieve the string value "bar" from the Metadata:
 //
 // .. code-block:: yaml
 //
@@ -40,8 +40,8 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 message MetadataKey {
   option (udpa.annotations.versioning).previous_message_type = "envoy.type.metadata.v2.MetadataKey";
 
-  // Specifies the segment in a path to retrieve value from Metadata.
-  // Currently it is only supported to specify the key, i.e. field name, as one segment of a path.
+  // Specifies a segment in a path for retrieving values from Metadata.
+  // Currently, only key-based segments (field names) are supported.
   message PathSegment {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.type.metadata.v2.MetadataKey.PathSegment";
@@ -49,25 +49,27 @@ message MetadataKey {
     oneof segment {
       option (validate.required) = true;
 
-      // If specified, use the key to retrieve the value in a Struct.
+      // If specified, use this key to retrieve the value in a Struct.
       string key = 1 [(validate.rules).string = {min_len: 1}];
     }
   }
 
-  // The key name of Metadata to retrieve the Struct from the metadata.
-  // Typically, it represents a builtin subsystem or custom extension.
+  // The key name of the Metadata from which to retrieve the Struct.
+  // This typically represents a builtin subsystem or custom extension.
   string key = 1 [(validate.rules).string = {min_len: 1}];
 
-  // The path to retrieve the Value from the Struct. It can be a prefix or a full path,
-  // e.g. ``[prop, xyz]`` for a struct or ``[prop, foo]`` for a string in the example,
-  // which depends on the particular scenario.
+  // The path used to retrieve a specific Value from the Struct.
+  // This can be either a prefix or a full path, depending on the use case.
+  // For example, ``[prop, xyz]`` would retrieve a struct or ``[prop, foo]`` would retrieve a string
+  // in the example above.
   //
-  // Note: Due to that only the key type segment is supported, the path can not specify a list
-  // unless the list is the last segment.
+  // .. note::
+  //   Since only key-type segments are supported, a path cannot specify a list
+  //   unless the list is the last segment.
   repeated PathSegment path = 2 [(validate.rules).repeated = {min_items: 1}];
 }
 
-// Describes what kind of metadata.
+// Describes different types of metadata sources.
 message MetadataKind {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.type.metadata.v2.MetadataKind";
diff --git a/xds/third_party/xds/src/main/proto/xds/core/v3/cidr.proto b/xds/third_party/xds/src/main/proto/xds/core/v3/cidr.proto
index c40dab2f28f..b8471bc8078 100644
--- a/xds/third_party/xds/src/main/proto/xds/core/v3/cidr.proto
+++ b/xds/third_party/xds/src/main/proto/xds/core/v3/cidr.proto
@@ -22,4 +22,4 @@ message CidrRange {
 
   // Length of prefix, e.g. 0, 32. Defaults to 0 when unset.
   google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}];
-}
+}
\ No newline at end of file

From 7e982e48a1ee03b509124ea7ad3c4a4464f8a189 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 29 Jul 2025 12:36:39 +0000
Subject: [PATCH 332/591] Xds: Aggregate cluster fixes (A75) (#12186)

Instead of representing an aggregate cluster as a single cluster whose
priorities come from different underlying clusters, represent an aggregate cluster as an instance of a priority LB policy where each child is a cds LB policy for the underlying
cluster.
---
 .../java/io/grpc/xds/CdsLoadBalancer2.java    | 128 +++----
 .../io/grpc/xds/CdsLoadBalancerProvider.java  |  18 +-
 .../grpc/xds/ClusterResolverLoadBalancer.java |  82 ++---
 .../ClusterResolverLoadBalancerProvider.java  |  15 +-
 .../io/grpc/xds/CdsLoadBalancer2Test.java     | 149 +++++---
 .../xds/ClusterResolverLoadBalancerTest.java  | 337 ++++++------------
 6 files changed, 326 insertions(+), 403 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
index c50f844d388..87963476265 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
@@ -18,10 +18,10 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
+import static io.grpc.xds.XdsLbPolicies.CDS_POLICY_NAME;
 import static io.grpc.xds.XdsLbPolicies.CLUSTER_RESOLVER_POLICY_NAME;
+import static io.grpc.xds.XdsLbPolicies.PRIORITY_POLICY_NAME;
 
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.ImmutableList;
 import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.InternalLogId;
 import io.grpc.LoadBalancer;
@@ -33,6 +33,7 @@
 import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig.DiscoveryMechanism;
+import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType;
 import io.grpc.xds.XdsConfig.Subscription;
@@ -41,10 +42,11 @@
 import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 /**
  * Load balancer for cds_experimental LB policy. One instance per top-level cluster.
@@ -55,19 +57,15 @@ final class CdsLoadBalancer2 extends LoadBalancer {
   private final XdsLogger logger;
   private final Helper helper;
   private final LoadBalancerRegistry lbRegistry;
+  private GracefulSwitchLoadBalancer delegate;
   // Following fields are effectively final.
   private String clusterName;
   private Subscription clusterSubscription;
-  private LoadBalancer childLb;
 
-  CdsLoadBalancer2(Helper helper) {
-    this(helper, LoadBalancerRegistry.getDefaultRegistry());
-  }
-
-  @VisibleForTesting
   CdsLoadBalancer2(Helper helper, LoadBalancerRegistry lbRegistry) {
     this.helper = checkNotNull(helper, "helper");
     this.lbRegistry = checkNotNull(lbRegistry, "lbRegistry");
+    this.delegate = new GracefulSwitchLoadBalancer(helper);
     logger = XdsLogger.withLogId(InternalLogId.allocate("cds-lb", helper.getAuthority()));
     logger.log(XdsLogLevel.INFO, "Created");
   }
@@ -91,7 +89,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       if (clusterSubscription == null) {
         // Should be impossible, because XdsDependencyManager wouldn't have generated this
         return fail(Status.INTERNAL.withDescription(
-            errorPrefix() + "Unable to find non-dynamic root cluster"));
+            errorPrefix() + "Unable to find non-dynamic cluster"));
       }
       // The dynamic cluster must not have loaded yet
       return Status.OK;
@@ -100,42 +98,25 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       return fail(clusterConfigOr.getStatus());
     }
     XdsClusterConfig clusterConfig = clusterConfigOr.getValue();
-    List<String> leafNames;
-    if (clusterConfig.getChildren() instanceof AggregateConfig) {
-      leafNames = ((AggregateConfig) clusterConfig.getChildren()).getLeafNames();
-    } else if (clusterConfig.getChildren() instanceof EndpointConfig) {
-      leafNames = ImmutableList.of(clusterName);
-    } else {
-      return fail(Status.INTERNAL.withDescription(
-          errorPrefix() + "Unexpected cluster children type: "
-          + clusterConfig.getChildren().getClass()));
-    }
-    if (leafNames.isEmpty()) {
-      // Should be impossible, because XdsClusterResource validated this
-      return fail(Status.UNAVAILABLE.withDescription(
-          errorPrefix() + "Zero leaf clusters for root cluster " + clusterName));
-    }
 
-    Status noneFoundError = Status.INTERNAL
-        .withDescription(errorPrefix() + "No leaves and no error; this is a bug");
-    List<DiscoveryMechanism> instances = new ArrayList<>();
-    for (String leafName : leafNames) {
-      StatusOr<XdsClusterConfig> leafConfigOr = xdsConfig.getClusters().get(leafName);
-      if (!leafConfigOr.hasValue()) {
-        noneFoundError = leafConfigOr.getStatus();
-        continue;
-      }
-      if (!(leafConfigOr.getValue().getChildren() instanceof EndpointConfig)) {
-        noneFoundError = Status.INTERNAL.withDescription(
-            errorPrefix() + "Unexpected child " + leafName + " cluster children type: "
-            + leafConfigOr.getValue().getChildren().getClass());
-        continue;
+    NameResolver.ConfigOrError configOrError;
+    Object gracefulConfig;
+    if (clusterConfig.getChildren() instanceof EndpointConfig) {
+      // The LB policy config is provided in service_config.proto/JSON format.
+      configOrError =
+              GracefulSwitchLoadBalancer.parseLoadBalancingPolicyConfig(
+                      Arrays.asList(clusterConfig.getClusterResource().lbPolicyConfig()),
+                      lbRegistry);
+      if (configOrError.getError() != null) {
+        // Should be impossible, because XdsClusterResource validated this
+        return fail(Status.INTERNAL.withDescription(
+                errorPrefix() + "Unable to parse the LB config: " + configOrError.getError()));
       }
-      CdsUpdate result = leafConfigOr.getValue().getClusterResource();
+      CdsUpdate result = clusterConfig.getClusterResource();
       DiscoveryMechanism instance;
       if (result.clusterType() == ClusterType.EDS) {
         instance = DiscoveryMechanism.forEds(
-            leafName,
+            clusterName,
             result.edsServiceName(),
             result.lrsServerInfo(),
             result.maxConcurrentRequests(),
@@ -144,45 +125,49 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
             result.outlierDetection());
       } else {
         instance = DiscoveryMechanism.forLogicalDns(
-            leafName,
+            clusterName,
             result.dnsHostName(),
             result.lrsServerInfo(),
             result.maxConcurrentRequests(),
             result.upstreamTlsContext(),
             result.filterMetadata());
       }
-      instances.add(instance);
-    }
-    if (instances.isEmpty()) {
-      return fail(noneFoundError);
-    }
-
-    // The LB policy config is provided in service_config.proto/JSON format.
-    NameResolver.ConfigOrError configOrError =
-        GracefulSwitchLoadBalancer.parseLoadBalancingPolicyConfig(
-            Arrays.asList(clusterConfig.getClusterResource().lbPolicyConfig()), lbRegistry);
-    if (configOrError.getError() != null) {
-      // Should be impossible, because XdsClusterResource validated this
+      gracefulConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+          lbRegistry.getProvider(CLUSTER_RESOLVER_POLICY_NAME),
+          new ClusterResolverConfig(
+              instance,
+              configOrError.getConfig(),
+              clusterConfig.getClusterResource().isHttp11ProxyAvailable()));
+    } else if (clusterConfig.getChildren() instanceof AggregateConfig) {
+      Map<String, PriorityChildConfig> priorityChildConfigs = new HashMap<>();
+      List<String> leafClusters = ((AggregateConfig) clusterConfig.getChildren()).getLeafNames();
+      for (String childCluster: leafClusters) {
+        priorityChildConfigs.put(childCluster,
+                new PriorityChildConfig(
+                        GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+                                lbRegistry.getProvider(CDS_POLICY_NAME),
+                                new CdsConfig(childCluster)),
+                        false));
+      }
+      gracefulConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+          lbRegistry.getProvider(PRIORITY_POLICY_NAME),
+          new PriorityLoadBalancerProvider.PriorityLbConfig(
+              Collections.unmodifiableMap(priorityChildConfigs), leafClusters));
+    } else {
       return fail(Status.INTERNAL.withDescription(
-          errorPrefix() + "Unable to parse the LB config: " + configOrError.getError()));
+              errorPrefix() + "Unexpected cluster children type: "
+                      + clusterConfig.getChildren().getClass()));
     }
 
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.unmodifiableList(instances),
-        configOrError.getConfig(),
-        clusterConfig.getClusterResource().isHttp11ProxyAvailable());
-    if (childLb == null) {
-      childLb = lbRegistry.getProvider(CLUSTER_RESOLVER_POLICY_NAME).newLoadBalancer(helper);
-    }
-    return childLb.acceptResolvedAddresses(
-        resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(config).build());
+    return delegate.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(gracefulConfig).build());
   }
 
   @Override
   public void handleNameResolutionError(Status error) {
     logger.log(XdsLogLevel.WARNING, "Received name resolution error: {0}", error);
-    if (childLb != null) {
-      childLb.handleNameResolutionError(error);
+    if (delegate != null) {
+      delegate.handleNameResolutionError(error);
     } else {
       helper.updateBalancingState(
           TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
@@ -192,10 +177,8 @@ public void handleNameResolutionError(Status error) {
   @Override
   public void shutdown() {
     logger.log(XdsLogLevel.INFO, "Shutdown");
-    if (childLb != null) {
-      childLb.shutdown();
-      childLb = null;
-    }
+    delegate.shutdown();
+    delegate = new GracefulSwitchLoadBalancer(helper);
     if (clusterSubscription != null) {
       clusterSubscription.close();
       clusterSubscription = null;
@@ -204,10 +187,7 @@ public void shutdown() {
 
   @CheckReturnValue // don't forget to return up the stack after the fail call
   private Status fail(Status error) {
-    if (childLb != null) {
-      childLb.shutdown();
-      childLb = null;
-    }
+    delegate.shutdown();
     helper.updateBalancingState(
         TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
     return Status.OK; // XdsNameResolver isn't a polling NR, so this value doesn't matter
diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancerProvider.java
index 9b242822f6c..875af9089ed 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancerProvider.java
@@ -23,6 +23,7 @@
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancerProvider;
+import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
 import io.grpc.internal.JsonUtil;
@@ -51,9 +52,24 @@ public String getPolicyName() {
     return XdsLbPolicies.CDS_POLICY_NAME;
   }
 
+  private final LoadBalancerRegistry loadBalancerRegistry;
+
+  public CdsLoadBalancerProvider() {
+    this.loadBalancerRegistry = null;
+  }
+
+  public CdsLoadBalancerProvider(LoadBalancerRegistry loadBalancerRegistry) {
+    this.loadBalancerRegistry = loadBalancerRegistry;
+  }
+
   @Override
   public LoadBalancer newLoadBalancer(Helper helper) {
-    return new CdsLoadBalancer2(helper);
+    LoadBalancerRegistry loadBalancerRegistry = this.loadBalancerRegistry;
+    if (loadBalancerRegistry == null) {
+      loadBalancerRegistry = LoadBalancerRegistry.getDefaultRegistry();
+    }
+
+    return new CdsLoadBalancer2(helper, loadBalancerRegistry);
   }
 
   @Override
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index 080760303bf..e333c46750c 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -168,8 +168,8 @@ public LoadBalancer newLoadBalancer(Helper helper) {
    */
   private final class ClusterResolverLbState extends LoadBalancer {
     private final Helper helper;
-    private final List<String> clusters = new ArrayList<>();
-    private final Map<String, ClusterState> clusterStates = new HashMap<>();
+    private ClusterState clusterState;
+    private String cluster;
     private Object endpointLbConfig;
     private ResolvedAddresses resolvedAddresses;
     private LoadBalancer childLb;
@@ -185,21 +185,18 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       ClusterResolverConfig config =
           (ClusterResolverConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
       endpointLbConfig = config.lbConfig;
-      for (DiscoveryMechanism instance : config.discoveryMechanisms) {
-        clusters.add(instance.cluster);
-        ClusterState state;
-        if (instance.type == DiscoveryMechanism.Type.EDS) {
-          state = new EdsClusterState(instance.cluster, instance.edsServiceName,
-              instance.lrsServerInfo, instance.maxConcurrentRequests, instance.tlsContext,
-              instance.filterMetadata, instance.outlierDetection);
-        } else {  // logical DNS
-          state = new LogicalDnsClusterState(instance.cluster, instance.dnsHostName,
-              instance.lrsServerInfo, instance.maxConcurrentRequests, instance.tlsContext,
-              instance.filterMetadata);
-        }
-        clusterStates.put(instance.cluster, state);
-        state.start();
-      }
+      DiscoveryMechanism instance = config.discoveryMechanism;
+      cluster = instance.cluster;
+      if (instance.type == DiscoveryMechanism.Type.EDS) {
+        clusterState = new EdsClusterState(instance.cluster, instance.edsServiceName,
+            instance.lrsServerInfo, instance.maxConcurrentRequests, instance.tlsContext,
+            instance.filterMetadata, instance.outlierDetection);
+      } else {  // logical DNS
+        clusterState = new LogicalDnsClusterState(instance.cluster, instance.dnsHostName,
+            instance.lrsServerInfo, instance.maxConcurrentRequests, instance.tlsContext,
+            instance.filterMetadata);
+      }
+      clusterState.start();
       return Status.OK;
     }
 
@@ -215,9 +212,7 @@ public void handleNameResolutionError(Status error) {
 
     @Override
     public void shutdown() {
-      for (ClusterState state : clusterStates.values()) {
-        state.shutdown();
-      }
+      clusterState.shutdown();
       if (childLb != null) {
         childLb.shutdown();
       }
@@ -229,24 +224,21 @@ private void handleEndpointResourceUpdate() {
       List<String> priorities = new ArrayList<>();  // totally ordered priority list
 
       Status endpointNotFound = Status.OK;
-      for (String cluster : clusters) {
-        ClusterState state = clusterStates.get(cluster);
-        // Propagate endpoints to the child LB policy only after all clusters have been resolved.
-        if (!state.resolved && state.status.isOk()) {
-          return;
-        }
-        if (state.result != null) {
-          addresses.addAll(state.result.addresses);
-          priorityChildConfigs.putAll(state.result.priorityChildConfigs);
-          priorities.addAll(state.result.priorities);
-        } else {
-          endpointNotFound = state.status;
-        }
+      // Propagate endpoints to the child LB policy only after all clusters have been resolved.
+      if (!clusterState.resolved && clusterState.status.isOk()) {
+        return;
+      }
+      if (clusterState.result != null) {
+        addresses.addAll(clusterState.result.addresses);
+        priorityChildConfigs.putAll(clusterState.result.priorityChildConfigs);
+        priorities.addAll(clusterState.result.priorities);
+      } else {
+        endpointNotFound = clusterState.status;
       }
       if (addresses.isEmpty()) {
         if (endpointNotFound.isOk()) {
           endpointNotFound = Status.UNAVAILABLE.withDescription(
-              "No usable endpoint from cluster(s): " + clusters);
+              "No usable endpoint from cluster: " + cluster);
         } else {
           endpointNotFound =
               Status.UNAVAILABLE.withCause(endpointNotFound.getCause())
@@ -274,22 +266,12 @@ private void handleEndpointResourceUpdate() {
     }
 
     private void handleEndpointResolutionError() {
-      boolean allInError = true;
-      Status error = null;
-      for (String cluster : clusters) {
-        ClusterState state = clusterStates.get(cluster);
-        if (state.status.isOk()) {
-          allInError = false;
-        } else {
-          error = state.status;
-        }
-      }
-      if (allInError) {
+      if (!clusterState.status.isOk()) {
         if (childLb != null) {
-          childLb.handleNameResolutionError(error);
+          childLb.handleNameResolutionError(clusterState.status);
         } else {
           helper.updateBalancingState(
-              TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
+              TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(clusterState.status)));
         }
       }
     }
@@ -306,10 +288,8 @@ private RefreshableHelper(Helper delegate) {
 
       @Override
       public void refreshNameResolution() {
-        for (ClusterState state : clusterStates.values()) {
-          if (state instanceof LogicalDnsClusterState) {
-            ((LogicalDnsClusterState) state).refresh();
-          }
+        if (clusterState instanceof LogicalDnsClusterState) {
+          ((LogicalDnsClusterState) clusterState).refresh();
         }
       }
 
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
index 27a884b1f4f..48101cd9c54 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
@@ -30,7 +30,6 @@
 import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
-import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import javax.annotation.Nullable;
@@ -70,15 +69,15 @@ public LoadBalancer newLoadBalancer(Helper helper) {
   }
 
   static final class ClusterResolverConfig {
-    // Ordered list of clusters to be resolved.
-    final List<DiscoveryMechanism> discoveryMechanisms;
+    // Cluster to be resolved.
+    final DiscoveryMechanism discoveryMechanism;
     // GracefulSwitch configuration
     final Object lbConfig;
     private final boolean isHttp11ProxyAvailable;
 
-    ClusterResolverConfig(List<DiscoveryMechanism> discoveryMechanisms, Object lbConfig,
+    ClusterResolverConfig(DiscoveryMechanism discoveryMechanism, Object lbConfig,
         boolean isHttp11ProxyAvailable) {
-      this.discoveryMechanisms = checkNotNull(discoveryMechanisms, "discoveryMechanisms");
+      this.discoveryMechanism = checkNotNull(discoveryMechanism, "discoveryMechanism");
       this.lbConfig = checkNotNull(lbConfig, "lbConfig");
       this.isHttp11ProxyAvailable = isHttp11ProxyAvailable;
     }
@@ -89,7 +88,7 @@ boolean isHttp11ProxyAvailable() {
 
     @Override
     public int hashCode() {
-      return Objects.hash(discoveryMechanisms, lbConfig, isHttp11ProxyAvailable);
+      return Objects.hash(discoveryMechanism, lbConfig, isHttp11ProxyAvailable);
     }
 
     @Override
@@ -101,7 +100,7 @@ public boolean equals(Object o) {
         return false;
       }
       ClusterResolverConfig that = (ClusterResolverConfig) o;
-      return discoveryMechanisms.equals(that.discoveryMechanisms)
+      return discoveryMechanism.equals(that.discoveryMechanism)
           && lbConfig.equals(that.lbConfig)
           && isHttp11ProxyAvailable == that.isHttp11ProxyAvailable;
     }
@@ -109,7 +108,7 @@ public boolean equals(Object o) {
     @Override
     public String toString() {
       return MoreObjects.toStringHelper(this)
-          .add("discoveryMechanisms", discoveryMechanisms)
+          .add("discoveryMechanism", discoveryMechanism)
           .add("lbConfig", lbConfig)
           .add("isHttp11ProxyAvailable", isHttp11ProxyAvailable)
           .toString();
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index 258e2909203..2059022c203 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.XdsLbPolicies.CLUSTER_RESOLVER_POLICY_NAME;
+import static io.grpc.xds.XdsLbPolicies.PRIORITY_POLICY_NAME;
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_EDS;
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_LDS;
@@ -27,6 +28,7 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 import com.github.xds.type.v3.TypedStruct;
 import com.google.common.collect.ImmutableMap;
@@ -157,7 +159,9 @@ public void setUp() throws Exception {
         new LeastRequestLoadBalancerProvider()));
     lbRegistry.register(new FakeLoadBalancerProvider("wrr_locality_experimental",
           new WrrLocalityLoadBalancerProvider()));
-    loadBalancer = new CdsLoadBalancer2(helper, lbRegistry);
+    CdsLoadBalancerProvider cdsLoadBalancerProvider = new CdsLoadBalancerProvider(lbRegistry);
+    lbRegistry.register(cdsLoadBalancerProvider);
+    loadBalancer = (CdsLoadBalancer2) cdsLoadBalancerProvider.newLoadBalancer(helper);
 
     cleanupRule.register(InProcessServerBuilder
         .forName("control-plane.example.com")
@@ -169,6 +173,8 @@ public void setUp() throws Exception {
     SynchronizationContext syncContext = new SynchronizationContext((t, e) -> {
       throw new AssertionError(e);
     });
+    when(helper.getSynchronizationContext()).thenReturn(syncContext);
+    when(helper.getScheduledExecutorService()).thenReturn(fakeClock.getScheduledExecutorService());
 
     NameResolver.Args nameResolverArgs = NameResolver.Args.newBuilder()
         .setDefaultPort(8080)
@@ -246,13 +252,12 @@ public void discoverTopLevelEdsCluster() {
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.name).isEqualTo(CLUSTER_RESOLVER_POLICY_NAME);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
-        Arrays.asList(
-          DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, upstreamTlsContext,
-            Collections.emptyMap(), io.grpc.xds.EnvoyServerProtoData.OutlierDetection.create(
-                null, null, null, null, SuccessRateEjection.create(null, null, null, null),
-                FailurePercentageEjection.create(null, null, null, null)))));
+    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
+        DiscoveryMechanism.forEds(
+          CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, upstreamTlsContext,
+          Collections.emptyMap(), io.grpc.xds.EnvoyServerProtoData.OutlierDetection.create(
+              null, null, null, null, SuccessRateEjection.create(null, null, null, null),
+              FailurePercentageEjection.create(null, null, null, null))));
     assertThat(
         GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
         .isEqualTo("wrr_locality_experimental");
@@ -296,11 +301,10 @@ public void discoverTopLevelLogicalDnsCluster() {
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.name).isEqualTo(CLUSTER_RESOLVER_POLICY_NAME);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
-        Arrays.asList(
-          DiscoveryMechanism.forLogicalDns(
-            CLUSTER, "dns.example.com:1111", lrsServerInfo, 100L, upstreamTlsContext,
-            Collections.emptyMap())));
+    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
+        DiscoveryMechanism.forLogicalDns(
+          CLUSTER, "dns.example.com:1111", lrsServerInfo, 100L, upstreamTlsContext,
+          Collections.emptyMap()));
     assertThat(
         GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
         .isEqualTo("wrr_locality_experimental");
@@ -332,10 +336,9 @@ public void nonAggregateCluster_resourceUpdate() {
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
-        Arrays.asList(
+    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
           DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, 100L, null, Collections.emptyMap(), null)));
+            CLUSTER, EDS_SERVICE_NAME, null, 100L, null, Collections.emptyMap(), null));
 
     cluster = EDS_CLUSTER.toBuilder()
         .setCircuitBreakers(CircuitBreakers.newBuilder()
@@ -348,10 +351,9 @@ public void nonAggregateCluster_resourceUpdate() {
     assertThat(childBalancers).hasSize(1);
     childBalancer = Iterables.getOnlyElement(childBalancers);
     childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
-        Arrays.asList(
+    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
           DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, 200L, null, Collections.emptyMap(), null)));
+            CLUSTER, EDS_SERVICE_NAME, null, 200L, null, Collections.emptyMap(), null));
   }
 
   @Test
@@ -363,10 +365,9 @@ public void nonAggregateCluster_resourceRevoked() {
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
-        Arrays.asList(
+    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
           DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null)));
+            CLUSTER, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null));
 
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
 
@@ -395,10 +396,9 @@ public void dynamicCluster() {
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
-        Arrays.asList(
+    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
           DiscoveryMechanism.forEds(
-            clusterName, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null)));
+            clusterName, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null));
 
     assertThat(this.lastXdsConfig.getClusters()).containsKey(clusterName);
     shutdownLoadBalancer();
@@ -406,7 +406,12 @@ public void dynamicCluster() {
   }
 
   @Test
-  public void discoverAggregateCluster() {
+  public void discoverAggregateCluster_createsPriorityLbPolicy() {
+    lbRegistry.register(new FakeLoadBalancerProvider(PRIORITY_POLICY_NAME));
+    CdsLoadBalancerProvider cdsLoadBalancerProvider = new CdsLoadBalancerProvider(lbRegistry);
+    lbRegistry.register(cdsLoadBalancerProvider);
+    loadBalancer = (CdsLoadBalancer2) cdsLoadBalancerProvider.newLoadBalancer(helper);
+
     String cluster1 = "cluster-01.googleapis.com";
     String cluster2 = "cluster-02.googleapis.com";
     String cluster3 = "cluster-03.googleapis.com";
@@ -459,20 +464,77 @@ public void discoverAggregateCluster() {
     verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(childBalancer.name).isEqualTo(CLUSTER_RESOLVER_POLICY_NAME);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    // Clusters are resolved recursively, later duplicates removed: [cluster3, cluster4, cluster2]
-    assertThat(childLbConfig.discoveryMechanisms).isEqualTo(
-        Arrays.asList(
-          DiscoveryMechanism.forEds(
-            cluster3, EDS_SERVICE_NAME, null, 100L, null, Collections.emptyMap(), null),
-          DiscoveryMechanism.forEds(
-            cluster4, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null),
-          DiscoveryMechanism.forLogicalDns(
-            cluster2, "dns.example.com:1111", null, null, null, Collections.emptyMap())));
+    assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
+    PriorityLoadBalancerProvider.PriorityLbConfig childLbConfig =
+            (PriorityLoadBalancerProvider.PriorityLbConfig) childBalancer.config;
+    assertThat(childLbConfig.priorities).hasSize(3);
+    assertThat(childLbConfig.priorities.get(0)).isEqualTo(cluster3);
+    assertThat(childLbConfig.priorities.get(1)).isEqualTo(cluster4);
+    assertThat(childLbConfig.priorities.get(2)).isEqualTo(cluster2);
+    assertThat(childLbConfig.childConfigs).hasSize(3);
+    PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig childConfig3 =
+            childLbConfig.childConfigs.get(cluster3);
     assertThat(
-        GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
-        .isEqualTo("ring_hash_experimental");  // dominated by top-level cluster's config
+        GracefulSwitchLoadBalancerAccessor.getChildProvider(childConfig3.childConfig)
+            .getPolicyName())
+        .isEqualTo("cds_experimental");
+    PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig childConfig4 =
+        childLbConfig.childConfigs.get(cluster4);
+    assertThat(
+        GracefulSwitchLoadBalancerAccessor.getChildProvider(childConfig4.childConfig)
+            .getPolicyName())
+        .isEqualTo("cds_experimental");
+    PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig childConfig2 =
+            childLbConfig.childConfigs.get(cluster2);
+    assertThat(
+        GracefulSwitchLoadBalancerAccessor.getChildProvider(childConfig2.childConfig)
+            .getPolicyName())
+        .isEqualTo("cds_experimental");
+  }
+
+  @Test
+  // Both priorities will get tried using real priority LB policy.
+  public void discoverAggregateCluster_testChildCdsLbPolicyParsing() {
+    lbRegistry.register(new PriorityLoadBalancerProvider());
+    CdsLoadBalancerProvider cdsLoadBalancerProvider = new CdsLoadBalancerProvider(lbRegistry);
+    lbRegistry.register(cdsLoadBalancerProvider);
+    loadBalancer = (CdsLoadBalancer2) cdsLoadBalancerProvider.newLoadBalancer(helper);
+
+    String cluster1 = "cluster-01.googleapis.com";
+    String cluster2 = "cluster-02.googleapis.com";
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        // CLUSTER (aggr.) -> [cluster1 (EDS), cluster2 (EDS)]
+        CLUSTER, Cluster.newBuilder()
+            .setName(CLUSTER)
+            .setClusterType(Cluster.CustomClusterType.newBuilder()
+                .setName("envoy.clusters.aggregate")
+                .setTypedConfig(Any.pack(ClusterConfig.newBuilder()
+                    .addClusters(cluster1)
+                    .addClusters(cluster2)
+                    .build())))
+            .build(),
+        cluster1, EDS_CLUSTER.toBuilder().setName(cluster1).build(),
+        cluster2, EDS_CLUSTER.toBuilder().setName(cluster2).build()));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
+    assertThat(childBalancers).hasSize(2);
+    ClusterResolverConfig cluster1ResolverConfig =
+        (ClusterResolverConfig) childBalancers.get(0).config;
+    assertThat(cluster1ResolverConfig.discoveryMechanism.cluster)
+        .isEqualTo("cluster-01.googleapis.com");
+    assertThat(cluster1ResolverConfig.discoveryMechanism.type)
+        .isEqualTo(DiscoveryMechanism.Type.EDS);
+    assertThat(cluster1ResolverConfig.discoveryMechanism.edsServiceName)
+        .isEqualTo("backend-service-1.googleapis.com");
+    ClusterResolverConfig cluster2ResolverConfig =
+        (ClusterResolverConfig) childBalancers.get(1).config;
+    assertThat(cluster2ResolverConfig.discoveryMechanism.cluster)
+        .isEqualTo("cluster-02.googleapis.com");
+    assertThat(cluster2ResolverConfig.discoveryMechanism.type)
+        .isEqualTo(DiscoveryMechanism.Type.EDS);
+    assertThat(cluster2ResolverConfig.discoveryMechanism.edsServiceName)
+        .isEqualTo("backend-service-1.googleapis.com");
   }
 
   @Test
@@ -500,6 +562,11 @@ public void aggregateCluster_noChildren() {
 
   @Test
   public void aggregateCluster_noNonAggregateClusterExits_returnErrorPicker() {
+    lbRegistry.register(new PriorityLoadBalancerProvider());
+    CdsLoadBalancerProvider cdsLoadBalancerProvider = new CdsLoadBalancerProvider(lbRegistry);
+    lbRegistry.register(cdsLoadBalancerProvider);
+    loadBalancer = (CdsLoadBalancer2) cdsLoadBalancerProvider.newLoadBalancer(helper);
+
     String cluster1 = "cluster-01.googleapis.com";
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
         // CLUSTER (aggr.) -> [cluster1 (missing)]
@@ -550,8 +617,8 @@ public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThroug
     loadBalancer.handleNameResolutionError(Status.UNAVAILABLE.withDescription("unreachable"));
     assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(childBalancer.upstreamError.getDescription()).isEqualTo("unreachable");
-    verify(helper, never()).updateBalancingState(
-        any(ConnectivityState.class), any(SubchannelPicker.class));
+    verify(helper).updateBalancingState(
+        eq(ConnectivityState.CONNECTING), any(SubchannelPicker.class));
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 395662cd93c..982677d24da 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -245,7 +245,7 @@ public void tearDown() {
   @Test
   public void edsClustersWithRingHashEndpointLbPolicy() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanism1), ringHash, false);
+        edsDiscoveryMechanism1, ringHash, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -311,7 +311,7 @@ public void edsClustersWithRingHashEndpointLbPolicy() {
   @Test
   public void edsClustersWithLeastRequestEndpointLbPolicy() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanism1), leastRequest, false);
+        edsDiscoveryMechanism1, leastRequest, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -358,7 +358,7 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
   @Test
   public void edsClustersEndpointHostname_addedToAddressAttribute() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection), leastRequest, false);
+        edsDiscoveryMechanismWithOutlierDetection, leastRequest, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -385,7 +385,7 @@ public void edsClustersEndpointHostname_addedToAddressAttribute() {
   @Test
   public void endpointAddressRewritten_whenProxyMetadataIsInEndpointMetadata() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection), leastRequest, true);
+        edsDiscoveryMechanismWithOutlierDetection, leastRequest, true);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -404,7 +404,7 @@ public void endpointAddressRewritten_whenProxyMetadataIsInEndpointMetadata() {
     LocalityLbEndpoints localityLbEndpoints = LocalityLbEndpoints.create(
         Arrays.asList(
             LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
-                "hostname1", endpointMetadata)),
+        "hostname1", endpointMetadata)),
         100 /* localityWeight */, 1 /* priority */, localityMetadata);
 
     xdsClient.deliverClusterLoadAssignment(
@@ -432,7 +432,7 @@ public void endpointAddressRewritten_whenProxyMetadataIsInEndpointMetadata() {
   @Test
   public void endpointAddressRewritten_whenProxyMetadataIsInLocalityMetadata() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection), leastRequest, true);
+        edsDiscoveryMechanismWithOutlierDetection, leastRequest, true);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
@@ -451,7 +451,7 @@ public void endpointAddressRewritten_whenProxyMetadataIsInLocalityMetadata() {
     LocalityLbEndpoints localityLbEndpoints = LocalityLbEndpoints.create(
         Arrays.asList(
             LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
-                "hostname2", endpointMetadata)),
+        "hostname2", endpointMetadata)),
         100 /* localityWeight */, 1 /* priority */, localityMetadata);
 
     xdsClient.deliverClusterLoadAssignment(
@@ -479,48 +479,36 @@ public void endpointAddressRewritten_whenProxyMetadataIsInLocalityMetadata() {
   @Test
   public void onlyEdsClusters_receivedEndpoints() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin, false);
+        edsDiscoveryMechanism2, roundRobin, false);
     deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1, EDS_SERVICE_NAME2);
+    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME2);
     assertThat(childBalancers).isEmpty();
     // CLUSTER1 has priority 1 (priority3), which has locality 2, which has endpoint3.
     // CLUSTER2 has priority 1 (priority1) and 2 (priority2); priority1 has locality1,
     // which has endpoint1 and endpoint2; priority2 has locality3, which has endpoint4.
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    EquivalentAddressGroup endpoint3 = makeAddress("endpoint-addr-3");
     EquivalentAddressGroup endpoint4 = makeAddress("endpoint-addr-4");
     LocalityLbEndpoints localityLbEndpoints1 =
-        LocalityLbEndpoints.create(
-            Arrays.asList(
-                LbEndpoint.create(endpoint1, 100,
-                    true, "hostname1", ImmutableMap.of()),
-                LbEndpoint.create(endpoint2, 100,
-                    true, "hostname1", ImmutableMap.of())),
-            70 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    LocalityLbEndpoints localityLbEndpoints2 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true,
-                "hostname2", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
+            LocalityLbEndpoints.create(
+                    Arrays.asList(
+                            LbEndpoint.create(endpoint1, 100,
+                                    true, "hostname1", ImmutableMap.of()),
+                            LbEndpoint.create(endpoint2, 100,
+                                    true, "hostname1", ImmutableMap.of())),
+                    70 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints3 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint4, 100, true,
-                "hostname3", ImmutableMap.of())),
+        "hostname3", ImmutableMap.of())),
             20 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
     String priority1 = CLUSTER2 + "[child1]";
     String priority2 = CLUSTER2 + "[child2]";
-    String priority3 = CLUSTER1 + "[child1]";
 
     // CLUSTER2: locality1 with priority 1 and locality3 with priority 2.
     xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME2,
-        ImmutableMap.of(locality1, localityLbEndpoints1, locality3, localityLbEndpoints3));
-    assertThat(childBalancers).isEmpty();  // not created until all clusters resolved
-
-    // CLUSTER1: locality2 with priority 1.
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1, Collections.singletonMap(locality2, localityLbEndpoints2));
+            EDS_SERVICE_NAME2,
+            ImmutableMap.of(locality1, localityLbEndpoints1, locality3, localityLbEndpoints3));
 
     // Endpoints of all clusters have been resolved.
     assertThat(childBalancers).hasSize(1);
@@ -528,12 +516,12 @@ public void onlyEdsClusters_receivedEndpoints() {
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
     PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
     assertThat(priorityLbConfig.priorities)
-        .containsExactly(priority3, priority1, priority2).inOrder();
+        .containsExactly(priority1, priority2).inOrder();
 
     PriorityChildConfig priorityChildConfig1 = priorityLbConfig.childConfigs.get(priority1);
     assertThat(priorityChildConfig1.ignoreReresolution).isTrue();
     assertThat(GracefulSwitchLoadBalancerAccessor.getChildProvider(priorityChildConfig1.childConfig)
-          .getPolicyName())
+        .getPolicyName())
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig1 = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig1.childConfig);
@@ -548,7 +536,7 @@ public void onlyEdsClusters_receivedEndpoints() {
     PriorityChildConfig priorityChildConfig2 = priorityLbConfig.childConfigs.get(priority2);
     assertThat(priorityChildConfig2.ignoreReresolution).isTrue();
     assertThat(GracefulSwitchLoadBalancerAccessor.getChildProvider(priorityChildConfig2.childConfig)
-          .getPolicyName())
+        .getPolicyName())
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig2 = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig2.childConfig);
@@ -560,15 +548,6 @@ public void onlyEdsClusters_receivedEndpoints() {
         GracefulSwitchLoadBalancerAccessor.getChildProvider(wrrLocalityConfig2.childConfig);
     assertThat(childProvider2.getPolicyName()).isEqualTo("round_robin");
 
-    PriorityChildConfig priorityChildConfig3 = priorityLbConfig.childConfigs.get(priority3);
-    assertThat(priorityChildConfig3.ignoreReresolution).isTrue();
-    assertThat(GracefulSwitchLoadBalancerAccessor.getChildProvider(priorityChildConfig3.childConfig)
-          .getPolicyName())
-        .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
-    ClusterImplConfig clusterImplConfig3 = (ClusterImplConfig)
-        GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig3.childConfig);
-    assertClusterImplConfig(clusterImplConfig3, CLUSTER1, EDS_SERVICE_NAME1, LRS_SERVER_INFO, 100L,
-        tlsContext, Collections.<DropOverload>emptyList(), WRR_LOCALITY_POLICY_NAME);
     WrrLocalityConfig wrrLocalityConfig3 = (WrrLocalityConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(clusterImplConfig1.childConfig);
     LoadBalancerProvider childProvider3 =
@@ -595,7 +574,7 @@ public void onlyEdsClusters_receivedEndpoints() {
   private void verifyEdsPriorityNames(List<String> want,
                                       Map<Locality, LocalityLbEndpoints>... updates) {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism2), roundRobin, false);
+        edsDiscoveryMechanism2, roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME2);
     assertThat(childBalancers).isEmpty();
@@ -617,7 +596,7 @@ private void verifyEdsPriorityNames(List<String> want,
   public void edsUpdatePriorityName_twoPriorities() {
     verifyEdsPriorityNames(Arrays.asList(CLUSTER2 + "[child1]", CLUSTER2 + "[child2]"),
         ImmutableMap.of(locality1, createEndpoints(1),
-            locality2, createEndpoints(2)
+                locality2, createEndpoints(2)
         ));
   }
 
@@ -653,8 +632,8 @@ public void edsUpdatePriorityName_mergeTwoPriorities() {
           locality3, createEndpoints(3),
           locality2, createEndpoints(2)),
         ImmutableMap.of(locality1, createEndpoints(2),
-            locality3, createEndpoints(1),
-            locality2, createEndpoints(1)
+          locality3, createEndpoints(1),
+          locality2, createEndpoints(1)
         ));
   }
 
@@ -662,76 +641,64 @@ private LocalityLbEndpoints createEndpoints(int priority) {
     return LocalityLbEndpoints.create(
         Arrays.asList(
             LbEndpoint.create(makeAddress("endpoint-addr-1"), 100,
-                true, "hostname1", ImmutableMap.of()),
+        true, "hostname1", ImmutableMap.of()),
             LbEndpoint.create(makeAddress("endpoint-addr-2"), 100,
-                true, "hostname2", ImmutableMap.of())),
+        true, "hostname2", ImmutableMap.of())),
         70 /* localityWeight */, priority /* priority */, ImmutableMap.of());
   }
 
   @Test
   public void onlyEdsClusters_resourceNeverExist_returnErrorPicker() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1, EDS_SERVICE_NAME2);
+    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
     reset(helper);
     xdsClient.deliverResourceNotFound(EDS_SERVICE_NAME1);
-    verify(helper, never()).updateBalancingState(
-        any(ConnectivityState.class), any(SubchannelPicker.class));  // wait for CLUSTER2's results
 
-    xdsClient.deliverResourceNotFound(EDS_SERVICE_NAME2);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     assertPicker(
         pickerCaptor.getValue(),
         Status.UNAVAILABLE.withDescription(
-            "No usable endpoint from cluster(s): " + Arrays.asList(CLUSTER1, CLUSTER2)),
+                "No usable endpoint from cluster: " + CLUSTER1),
         null);
   }
 
   @Test
-  public void onlyEdsClusters_allResourcesRevoked_shutDownChildLbPolicy() {
+  public void edsCluster_resourcesRevoked_shutDownChildLbPolicy() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1, EDS_SERVICE_NAME2);
+    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
     reset(helper);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint1, 100, true,
-                "hostname1", ImmutableMap.of())),
+        "hostname1", ImmutableMap.of())),
             10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    LocalityLbEndpoints localityLbEndpoints2 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint2, 100, true,
-                "hostname2", ImmutableMap.of())),
-            20 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints1));
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME2, Collections.singletonMap(locality2, localityLbEndpoints2));
     assertThat(childBalancers).hasSize(1);  // child LB policy created
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(((PriorityLbConfig) childBalancer.config).priorities).hasSize(2);
-    assertAddressesEqual(Arrays.asList(endpoint1, endpoint2), childBalancer.addresses);
+    assertThat(((PriorityLbConfig) childBalancer.config).priorities).hasSize(1);
+    assertAddressesEqual(Arrays.asList(endpoint1), childBalancer.addresses);
 
-    xdsClient.deliverResourceNotFound(EDS_SERVICE_NAME2);
     xdsClient.deliverResourceNotFound(EDS_SERVICE_NAME1);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status expectedError = Status.UNAVAILABLE.withDescription(
-        "No usable endpoint from cluster(s): " + Arrays.asList(CLUSTER1, CLUSTER2));
+        "No usable endpoint from cluster: " + CLUSTER1);
     assertPicker(pickerCaptor.getValue(), expectedError, null);
   }
 
   @Test
   public void handleEdsResource_ignoreUnhealthyEndpoints() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
@@ -739,9 +706,9 @@ public void handleEdsResource_ignoreUnhealthyEndpoints() {
         LocalityLbEndpoints.create(
             Arrays.asList(
                 LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
-                    "hostname1", ImmutableMap.of()),
+            "hostname1", ImmutableMap.of()),
                 LbEndpoint.create(endpoint2, 100, true /* isHealthy */,
-                    "hostname2", ImmutableMap.of())),
+            "hostname2", ImmutableMap.of())),
             10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
@@ -753,19 +720,19 @@ public void handleEdsResource_ignoreUnhealthyEndpoints() {
   @Test
   public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
-                "hostname1", ImmutableMap.of())),
+        "hostname1", ImmutableMap.of())),
             10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint2, 100, true /* isHealthy */,
-                "hostname2", ImmutableMap.of())),
+        "hostname2", ImmutableMap.of())),
             10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
@@ -780,20 +747,20 @@ public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
   @Test
   public void handleEdsResource_ignorePrioritiesWithNoHealthyEndpoints() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints1 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
-                "hostname1", ImmutableMap.of())),
+        "hostname1", ImmutableMap.of())),
             10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     LocalityLbEndpoints localityLbEndpoints2 =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint2, 200, true /* isHealthy */,
-                "hostname2", ImmutableMap.of())),
-            10 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
+        "hostname2", ImmutableMap.of())),
+           10 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
     String priority2 = CLUSTER1 + "[child2]";
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1,
@@ -806,7 +773,7 @@ public void handleEdsResource_ignorePrioritiesWithNoHealthyEndpoints() {
   @Test
   public void handleEdsResource_noHealthyEndpoint() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
     LocalityLbEndpoints localityLbEndpoints =
@@ -823,7 +790,7 @@ public void handleEdsResource_noHealthyEndpoint() {
     assertPicker(
         pickerCaptor.getValue(),
         Status.UNAVAILABLE.withDescription(
-            "No usable endpoint from cluster(s): " + Collections.singleton(CLUSTER1)),
+            "No usable endpoint from cluster: " + CLUSTER1),
         null);
   }
 
@@ -841,7 +808,7 @@ public void oldListenerCallback_onlyLogicalDnsCluster_endpointsResolved() {
 
   void do_onlyLogicalDnsCluster_endpointsResolved() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
+        logicalDnsDiscoveryMechanism, roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
@@ -857,7 +824,7 @@ void do_onlyLogicalDnsCluster_endpointsResolved() {
     PriorityChildConfig priorityChildConfig = priorityLbConfig.childConfigs.get(priority);
     assertThat(priorityChildConfig.ignoreReresolution).isFalse();
     assertThat(GracefulSwitchLoadBalancerAccessor.getChildProvider(priorityChildConfig.childConfig)
-          .getPolicyName())
+        .getPolicyName())
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
@@ -873,7 +840,7 @@ void do_onlyLogicalDnsCluster_endpointsResolved() {
   @Test
   public void onlyLogicalDnsCluster_handleRefreshNameResolution() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
+        logicalDnsDiscoveryMechanism, roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
@@ -900,9 +867,9 @@ public void oldListenerCallback_resolutionError_backoffAndRefresh() {
 
   void do_onlyLogicalDnsCluster_resolutionError_backoffAndRefresh() {
     InOrder inOrder = Mockito.inOrder(helper, backoffPolicyProvider,
-            backoffPolicy1, backoffPolicy2);
+        backoffPolicy1, backoffPolicy2);
     ClusterResolverConfig config = new ClusterResolverConfig(
-            Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
+        logicalDnsDiscoveryMechanism, roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
@@ -948,7 +915,7 @@ void do_onlyLogicalDnsCluster_resolutionError_backoffAndRefresh() {
   public void onlyLogicalDnsCluster_refreshNameResolutionRaceWithResolutionError() {
     InOrder inOrder = Mockito.inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Collections.singletonList(logicalDnsDiscoveryMechanism), roundRobin, false);
+        logicalDnsDiscoveryMechanism, roundRobin, false);
     deliverLbConfig(config);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
@@ -984,119 +951,22 @@ public void onlyLogicalDnsCluster_refreshNameResolutionRaceWithResolutionError()
   }
 
   @Test
-  public void edsClustersAndLogicalDnsCluster_receivedEndpoints() {
+  public void resolutionErrorAfterChildLbCreated_propagateError() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
-    assertThat(childBalancers).isEmpty();
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");  // DNS endpoint
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");  // DNS endpoint
-    EquivalentAddressGroup endpoint3 = makeAddress("endpoint-addr-3");  // EDS endpoint
-    resolver.deliverEndpointAddresses(Arrays.asList(endpoint1, endpoint2));
-    LocalityLbEndpoints localityLbEndpoints =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint3, 100, true,
-                "hostname3", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
-
-    assertThat(childBalancers).hasSize(1);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(((PriorityLbConfig) childBalancer.config).priorities)
-        .containsExactly(CLUSTER1 + "[child1]", CLUSTER_DNS + "[child0]").inOrder();
-    assertAddressesEqual(Arrays.asList(endpoint3, endpoint1, endpoint2),
-        childBalancer.addresses);  // ordered by cluster then addresses
-    assertAddressesEqual(AddressFilter.filter(AddressFilter.filter(
-        childBalancer.addresses, CLUSTER1 + "[child1]"),
-          "{region=\"test-region-1\", zone=\"test-zone-1\", sub_zone=\"test-subzone-1\"}"),
-        Collections.singletonList(endpoint3));
-    assertAddressesEqual(AddressFilter.filter(AddressFilter.filter(
-        childBalancer.addresses, CLUSTER_DNS + "[child0]"),
-        "{region=\"\", zone=\"\", sub_zone=\"\"}"),
-        Arrays.asList(endpoint1, endpoint2));
-  }
-
-  @Test
-  public void noEdsResourceExists_useDnsResolutionResults() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    xdsClient.deliverResourceNotFound(EDS_SERVICE_NAME1);
-    verify(helper, never()).updateBalancingState(
-        any(ConnectivityState.class), any(SubchannelPicker.class));  // wait for DNS results
-
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    resolver.deliverEndpointAddresses(Arrays.asList(endpoint1, endpoint2));
-    assertThat(childBalancers).hasSize(1);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    String priority = Iterables.getOnlyElement(
-        ((PriorityLbConfig) childBalancer.config).priorities);
-    assertThat(priority).isEqualTo(CLUSTER_DNS + "[child0]");
-    assertAddressesEqual(Arrays.asList(endpoint1, endpoint2), childBalancer.addresses);
-  }
-
-  @Test
-  public void edsResourceRevoked_dnsResolutionError_shutDownChildLbPolicyAndReturnErrorPicker() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
     reset(helper);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint, 100, true,
-                "hostname1", ImmutableMap.of())),
+        "hostname1", ImmutableMap.of())),
             10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
-    resolver.deliverError(Status.UNKNOWN.withDescription("I am lost"));
-    assertThat(childBalancers).hasSize(1);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(((PriorityLbConfig) childBalancer.config).priorities)
-        .containsExactly(CLUSTER1 + "[child1]");
-    assertAddressesEqual(Collections.singletonList(endpoint), childBalancer.addresses);
-    assertThat(childBalancer.shutdown).isFalse();
-    xdsClient.deliverResourceNotFound(EDS_SERVICE_NAME1);
-    assertThat(childBalancer.shutdown).isTrue();
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(pickerCaptor.getValue(),
-        Status.UNAVAILABLE.withDescription("I am lost"), null);
-  }
+            EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
 
-  @Test
-  public void resolutionErrorAfterChildLbCreated_propagateErrorIfAllClustersEncounterError() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
-    LocalityLbEndpoints localityLbEndpoints =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint, 100, true,
-                "hostname1", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
-    assertThat(childBalancers).isEmpty();  // not created until all clusters resolved.
-
-    resolver.deliverError(Status.UNKNOWN.withDescription("I am lost"));
-
-    // DNS resolution failed, but there are EDS endpoints can be used.
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);  // child LB created
     assertThat(childBalancer.upstreamError).isNull();  // should not propagate error to child LB
@@ -1104,60 +974,53 @@ public void resolutionErrorAfterChildLbCreated_propagateErrorIfAllClustersEncoun
 
     xdsClient.deliverError(Status.RESOURCE_EXHAUSTED.withDescription("out of memory"));
     assertThat(childBalancer.upstreamError).isNotNull();  // last cluster's (DNS) error propagated
-    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNKNOWN);
-    assertThat(childBalancer.upstreamError.getDescription()).isEqualTo("I am lost");
+    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNAVAILABLE);
+    assertThat(childBalancer.upstreamError.getDescription())
+        .isEqualTo("Unable to load EDS backend-service-foo.googleapis.com. xDS server returned: "
+            + "RESOURCE_EXHAUSTED: out of memory");
     assertThat(childBalancer.shutdown).isFalse();
     verify(helper, never()).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), any(SubchannelPicker.class));
   }
 
   @Test
-  public void resolutionErrorBeforeChildLbCreated_returnErrorPickerIfAllClustersEncounterError() {
+  public void resolutionErrorBeforeChildLbCreated_returnErrorPicker() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
     reset(helper);
-    xdsClient.deliverError(Status.UNIMPLEMENTED.withDescription("not found"));
+    xdsClient.deliverError(Status.RESOURCE_EXHAUSTED.withDescription("OOM"));
     assertThat(childBalancers).isEmpty();
-    verify(helper, never()).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), any(SubchannelPicker.class));  // wait for DNS
-    Status dnsError = Status.UNKNOWN.withDescription("I am lost");
-    resolver.deliverError(dnsError);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(
-        pickerCaptor.getValue(),
-        Status.UNAVAILABLE.withDescription(dnsError.getDescription()),
-        null);
+    PickResult result = pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class));
+    Status actualStatus = result.getStatus();
+    assertThat(actualStatus.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(actualStatus.getDescription()).contains("RESOURCE_EXHAUSTED: OOM");
   }
 
   @Test
-  public void resolutionErrorBeforeChildLbCreated_edsOnly_returnErrorPicker() {
+  public void handleNameResolutionErrorFromUpstream_eds_beforeChildLbCreated_returnErrorPicker() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertThat(childBalancers).isEmpty();
     reset(helper);
-    xdsClient.deliverError(Status.RESOURCE_EXHAUSTED.withDescription("OOM"));
-    assertThat(childBalancers).isEmpty();
+    Status upstreamError = Status.UNAVAILABLE.withDescription("unreachable");
+    loadBalancer.handleNameResolutionError(upstreamError);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    PickResult result = pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class));
-    Status actualStatus = result.getStatus();
-    assertThat(actualStatus.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
-    assertThat(actualStatus.getDescription()).contains("RESOURCE_EXHAUSTED: OOM");
+    assertPicker(pickerCaptor.getValue(), upstreamError, null);
   }
 
   @Test
-  public void handleNameResolutionErrorFromUpstream_beforeChildLbCreated_returnErrorPicker() {
+  public void handleNameResolutionErrorFromUpstream_lDns_beforeChildLbCreated_returnErrorPicker() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
+        logicalDnsDiscoveryMechanism, roundRobin, false);
     deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
     assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
     reset(helper);
@@ -1169,16 +1032,14 @@ public void handleNameResolutionErrorFromUpstream_beforeChildLbCreated_returnErr
   }
 
   @Test
-  public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThrough() {
+  public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_eds_fallThrough() {
     ClusterResolverConfig config = new ClusterResolverConfig(
-        Arrays.asList(edsDiscoveryMechanism1, logicalDnsDiscoveryMechanism), roundRobin, false);
+        edsDiscoveryMechanism1, roundRobin, false);
     deliverLbConfig(config);
     assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
     assertThat(childBalancers).isEmpty();
     reset(helper);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     LocalityLbEndpoints localityLbEndpoints =
         LocalityLbEndpoints.create(
             Collections.singletonList(LbEndpoint.create(endpoint1, 100, true,
@@ -1186,12 +1047,34 @@ public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_fallThroug
             10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
     xdsClient.deliverClusterLoadAssignment(
         EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
+    assertThat(childBalancers).hasSize(1);
+    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
+    assertThat(((PriorityLbConfig) childBalancer.config).priorities)
+        .containsExactly(CLUSTER1 + "[child1]");
+    assertAddressesEqual(Arrays.asList(endpoint1), childBalancer.addresses);
+
+    loadBalancer.handleNameResolutionError(Status.UNAVAILABLE.withDescription("unreachable"));
+    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNAVAILABLE);
+    assertThat(childBalancer.upstreamError.getDescription()).isEqualTo("unreachable");
+    verify(helper, never()).updateBalancingState(
+        any(ConnectivityState.class), any(SubchannelPicker.class));
+  }
+
+  @Test
+  public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_logicalDns_fallThrough() {
+    ClusterResolverConfig config = new ClusterResolverConfig(
+        logicalDnsDiscoveryMechanism, roundRobin, false);
+    deliverLbConfig(config);
+    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
+    assertThat(childBalancers).isEmpty();
+    reset(helper);
+    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
     resolver.deliverEndpointAddresses(Collections.singletonList(endpoint2));
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(((PriorityLbConfig) childBalancer.config).priorities)
-        .containsExactly(CLUSTER1 + "[child1]", CLUSTER_DNS + "[child0]");
-    assertAddressesEqual(Arrays.asList(endpoint1, endpoint2), childBalancer.addresses);
+        .containsExactly(CLUSTER_DNS + "[child0]");
+    assertAddressesEqual(Arrays.asList(endpoint2), childBalancer.addresses);
 
     loadBalancer.handleNameResolutionError(Status.UNAVAILABLE.withDescription("unreachable"));
     assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNAVAILABLE);
@@ -1205,19 +1088,17 @@ public void config_equalsTester() {
     new EqualsTester()
         .addEqualityGroup(
             new ClusterResolverConfig(
-                Collections.singletonList(edsDiscoveryMechanism1), leastRequest, false),
+                edsDiscoveryMechanism1, leastRequest, false),
             new ClusterResolverConfig(
-                Collections.singletonList(edsDiscoveryMechanism1), leastRequest, false))
+                edsDiscoveryMechanism1, leastRequest, false))
         .addEqualityGroup(new ClusterResolverConfig(
-            Collections.singletonList(edsDiscoveryMechanism1), roundRobin, false))
+            edsDiscoveryMechanism1, roundRobin, false))
         .addEqualityGroup(new ClusterResolverConfig(
-            Collections.singletonList(edsDiscoveryMechanism1), leastRequest, true))
+            edsDiscoveryMechanism1, leastRequest, true))
         .addEqualityGroup(new ClusterResolverConfig(
-            Collections.singletonList(edsDiscoveryMechanismWithOutlierDetection),
+            edsDiscoveryMechanismWithOutlierDetection,
             leastRequest,
             false))
-        .addEqualityGroup(new ClusterResolverConfig(
-            Arrays.asList(edsDiscoveryMechanism1, edsDiscoveryMechanism2), leastRequest, false))
         .testEquals();
   }
 

From 28f14255ce0da1586abaa281343c190d0117bc58 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 8 Jul 2025 14:22:50 -0700
Subject: [PATCH 333/591] Update README etc to reference 1.74.0

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index a925d1535f5..e57b79e6bf7 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.73.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.73.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.74.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.74.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.73.0</version>
+  <version>1.74.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.73.0</version>
+  <version>1.74.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.73.0</version>
+  <version>1.74.0</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.73.0'
-implementation 'io.grpc:grpc-protobuf:1.73.0'
-implementation 'io.grpc:grpc-stub:1.73.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.74.0'
+implementation 'io.grpc:grpc-protobuf:1.74.0'
+implementation 'io.grpc:grpc-stub:1.74.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.73.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.73.0'
-implementation 'io.grpc:grpc-stub:1.73.0'
+implementation 'io.grpc:grpc-okhttp:1.74.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.74.0'
+implementation 'io.grpc:grpc-stub:1.74.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.73.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.74.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://central.sonatype.com/repository/maven-snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.73.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.74.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.73.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0'
     }
   }
   generateProtoTasks {

From ba0a7329da9f52cb4520d7f8d5676edf197e8cff Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Tue, 29 Jul 2025 09:33:09 -0700
Subject: [PATCH 334/591] stub: simplify BlockingClientCall infinite blocking
 (#12217)

Move deadline computation into overloads with finite timeouts. Blocking calls without timeouts now do not have to read the clock.
---
 .../java/io/grpc/stub/BlockingClientCall.java | 23 ++++++++-----------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
index 58881ef0592..b62bd4322a9 100644
--- a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
+++ b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
@@ -87,7 +87,7 @@ public final class BlockingClientCall<ReqT, RespT> {
    */
   public RespT read() throws InterruptedException, StatusException {
     try {
-      return read(true, 0, TimeUnit.NANOSECONDS);
+      return read(true, 0);
     } catch (TimeoutException e) {
       throw new AssertionError("should never happen", e);
     }
@@ -106,16 +106,14 @@ public RespT read() throws InterruptedException, StatusException {
    */
   public RespT read(long timeout, TimeUnit unit) throws InterruptedException, TimeoutException,
       StatusException {
-    return read(false, timeout, unit);
+    long endNanoTime = System.nanoTime() + unit.toNanos(timeout);
+    return read(false, endNanoTime);
   }
 
-  private RespT read(boolean waitForever, long timeout, TimeUnit unit)
+  private RespT read(boolean waitForever, long endNanoTime)
       throws InterruptedException, TimeoutException, StatusException {
-    long start = System.nanoTime();
-    long end = start + unit.toNanos(timeout);
-
     Predicate<BlockingClientCall<ReqT, RespT>> predicate = BlockingClientCall::skipWaitingForRead;
-    executor.waitAndDrainWithTimeout(waitForever, end, predicate, this);
+    executor.waitAndDrainWithTimeout(waitForever, endNanoTime, predicate, this);
     RespT bufferedValue = buffer.poll();
 
     if (logger.isLoggable(Level.FINER)) {
@@ -182,7 +180,7 @@ public boolean hasNext() throws InterruptedException, StatusException {
    */
   public boolean write(ReqT request) throws InterruptedException, StatusException {
     try {
-      return write(true, request, Integer.MAX_VALUE, TimeUnit.DAYS);
+      return write(true, request, 0);
     } catch (TimeoutException e) {
       throw new RuntimeException(e); // should never happen
     }
@@ -211,21 +209,20 @@ public boolean write(ReqT request) throws InterruptedException, StatusException
    */
   public boolean write(ReqT request, long timeout, TimeUnit unit)
       throws InterruptedException, TimeoutException, StatusException {
-    return write(false, request, timeout, unit);
+    long endNanoTime = System.nanoTime() + unit.toNanos(timeout);
+    return write(false, request, endNanoTime);
   }
 
-  private boolean write(boolean waitForever, ReqT request, long timeout, TimeUnit unit)
+  private boolean write(boolean waitForever, ReqT request, long endNanoTime)
       throws InterruptedException, TimeoutException, StatusException {
 
     if (writeClosed) {
       throw new IllegalStateException("Writes cannot be done after calling halfClose or cancel");
     }
 
-    long end = System.nanoTime() + unit.toNanos(timeout);
-
     Predicate<BlockingClientCall<ReqT, RespT>> predicate =
         (x) -> x.call.isReady() || x.closedStatus != null;
-    executor.waitAndDrainWithTimeout(waitForever, end, predicate, this);
+    executor.waitAndDrainWithTimeout(waitForever, endNanoTime, predicate, this);
     Status savedClosedStatus = closedStatus;
     if (savedClosedStatus == null) {
       call.sendMessage(request);

From 36fe276a5032264e8dca7ef7731add0479395987 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 30 Jul 2025 17:54:45 +0530
Subject: [PATCH 335/591] xds: add "resource_timer_is_transient_failure" server
 feature (#12249)

---
 .../main/java/io/grpc/xds/CsdsService.java    |   2 +
 .../java/io/grpc/xds/client/Bootstrapper.java |   9 +-
 .../io/grpc/xds/client/BootstrapperImpl.java  |  14 +-
 .../java/io/grpc/xds/client/XdsClient.java    |   6 +-
 .../io/grpc/xds/client/XdsClientImpl.java     |  18 +-
 .../java/io/grpc/xds/CsdsServiceTest.java     |   2 +
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |   2 +-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 160 +++++++++++++++---
 .../java/io/grpc/xds/XdsNameResolverTest.java |   4 +-
 .../client/CommonBootstrapperTestUtils.java   |   2 +-
 10 files changed, 178 insertions(+), 41 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/CsdsService.java b/xds/src/main/java/io/grpc/xds/CsdsService.java
index a296beb45d0..8c2fe333c15 100644
--- a/xds/src/main/java/io/grpc/xds/CsdsService.java
+++ b/xds/src/main/java/io/grpc/xds/CsdsService.java
@@ -249,6 +249,8 @@ static ClientResourceStatus metadataStatusToClientStatus(ResourceMetadataStatus
         return ClientResourceStatus.ACKED;
       case NACKED:
         return ClientResourceStatus.NACKED;
+      case TIMEOUT:
+        return ClientResourceStatus.TIMEOUT;
       default:
         throw new AssertionError("Unexpected ResourceMetadataStatus: " + status);
     }
diff --git a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
index 90babd1e8d0..4fa75f6b335 100644
--- a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
+++ b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
@@ -63,17 +63,20 @@ public abstract static class ServerInfo {
 
     public abstract boolean isTrustedXdsServer();
 
+    public abstract boolean resourceTimerIsTransientError();
+
     @VisibleForTesting
     public static ServerInfo create(String target, @Nullable Object implSpecificConfig) {
-      return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig, false, false);
+      return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
+          false, false, false);
     }
 
     @VisibleForTesting
     public static ServerInfo create(
         String target, Object implSpecificConfig, boolean ignoreResourceDeletion,
-        boolean isTrustedXdsServer) {
+        boolean isTrustedXdsServer, boolean resourceTimerIsTransientError) {
       return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
-          ignoreResourceDeletion, isTrustedXdsServer);
+          ignoreResourceDeletion, isTrustedXdsServer, resourceTimerIsTransientError);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index c00685f1781..423c1a118e8 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -43,6 +43,8 @@ public abstract class BootstrapperImpl extends Bootstrapper {
 
   public static final String GRPC_EXPERIMENTAL_XDS_FALLBACK =
       "GRPC_EXPERIMENTAL_XDS_FALLBACK";
+  public static final String GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING =
+      "GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING";
 
   // Client features.
   @VisibleForTesting
@@ -54,10 +56,16 @@ public abstract class BootstrapperImpl extends Bootstrapper {
   // Server features.
   private static final String SERVER_FEATURE_IGNORE_RESOURCE_DELETION = "ignore_resource_deletion";
   private static final String SERVER_FEATURE_TRUSTED_XDS_SERVER = "trusted_xds_server";
+  private static final String
+      SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR = "resource_timer_is_transient_error";
 
   @VisibleForTesting
   static boolean enableXdsFallback = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_FALLBACK, true);
 
+  @VisibleForTesting
+  public static boolean xdsDataErrorHandlingEnabled
+      = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_DATA_ERROR_HANDLING, false);
+
   protected final XdsLogger logger;
 
   protected FileReader reader = LocalFileReader.INSTANCE;
@@ -247,6 +255,7 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
 
       Object implSpecificConfig = getImplSpecificConfig(serverConfig, serverUri);
 
+      boolean resourceTimerIsTransientError = false;
       boolean ignoreResourceDeletion = false;
       // "For forward compatibility reasons, the client will ignore any entry in the list that it
       // does not understand, regardless of type."
@@ -254,11 +263,14 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
       if (serverFeatures != null) {
         logger.log(XdsLogLevel.INFO, "Server features: {0}", serverFeatures);
         ignoreResourceDeletion = serverFeatures.contains(SERVER_FEATURE_IGNORE_RESOURCE_DELETION);
+        resourceTimerIsTransientError = xdsDataErrorHandlingEnabled
+            && serverFeatures.contains(SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR);
       }
       servers.add(
           ServerInfo.create(serverUri, implSpecificConfig, ignoreResourceDeletion,
               serverFeatures != null
-                  && serverFeatures.contains(SERVER_FEATURE_TRUSTED_XDS_SERVER)));
+                  && serverFeatures.contains(SERVER_FEATURE_TRUSTED_XDS_SERVER),
+              resourceTimerIsTransientError));
     }
     return servers.build();
   }
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index edbb0b2d74c..e2dd4169bca 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -199,6 +199,10 @@ public static ResourceMetadata newResourceMetadataDoesNotExist() {
       return new ResourceMetadata(ResourceMetadataStatus.DOES_NOT_EXIST, "", 0, false, null, null);
     }
 
+    public static ResourceMetadata newResourceMetadataTimeout() {
+      return new ResourceMetadata(ResourceMetadataStatus.TIMEOUT, "", 0, false, null, null);
+    }
+
     public static ResourceMetadata newResourceMetadataAcked(
         Any rawResource, String version, long updateTimeNanos) {
       checkNotNull(rawResource, "rawResource");
@@ -256,7 +260,7 @@ public UpdateFailureState getErrorState() {
      * config_dump.proto</a>
      */
     public enum ResourceMetadataStatus {
-      UNKNOWN, REQUESTED, DOES_NOT_EXIST, ACKED, NACKED
+      UNKNOWN, REQUESTED, DOES_NOT_EXIST, ACKED, NACKED, TIMEOUT
     }
 
     /**
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 2b25d4db977..d3384cbbe4e 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -67,6 +67,7 @@ public final class XdsClientImpl extends XdsClient implements ResourceStore {
   // Longest time to wait, since the subscription to some resource, for concluding its absence.
   @VisibleForTesting
   public static final int INITIAL_RESOURCE_FETCH_TIMEOUT_SEC = 15;
+  public static final int EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC = 30;
 
   private final SynchronizationContext syncContext = new SynchronizationContext(
       new Thread.UncaughtExceptionHandler() {
@@ -738,6 +739,9 @@ void restartTimer() {
         // When client becomes ready, it triggers a restartTimer for all relevant subscribers.
         return;
       }
+      ServerInfo serverInfo = activeCpc.getServerInfo();
+      int timeoutSec = serverInfo.resourceTimerIsTransientError()
+          ? EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC : INITIAL_RESOURCE_FETCH_TIMEOUT_SEC;
 
       class ResourceNotFound implements Runnable {
         @Override
@@ -761,8 +765,7 @@ public String toString() {
         respTimer.cancel();
       }
       respTimer = syncContext.schedule(
-          new ResourceNotFound(), INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS,
-          timeService);
+          new ResourceNotFound(), timeoutSec, TimeUnit.SECONDS, timeService);
     }
 
     void stopTimer() {
@@ -854,14 +857,21 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
       if (!absent) {
         data = null;
         absent = true;
-        metadata = ResourceMetadata.newResourceMetadataDoesNotExist();
+        metadata = serverInfo.resourceTimerIsTransientError()
+            ? ResourceMetadata.newResourceMetadataTimeout()
+            : ResourceMetadata.newResourceMetadataDoesNotExist();
         for (ResourceWatcher<T> watcher : watchers.keySet()) {
           if (processingTracker != null) {
             processingTracker.startTask();
           }
           watchers.get(watcher).execute(() -> {
             try {
-              watcher.onResourceDoesNotExist(resource);
+              if (serverInfo.resourceTimerIsTransientError()) {
+                watcher.onError(Status.UNAVAILABLE.withDescription(
+                    "Timed out waiting for resource " + resource + " from xDS server"));
+              } else {
+                watcher.onResourceDoesNotExist(resource);
+              }
             } finally {
               if (processingTracker != null) {
                 processingTracker.onComplete();
diff --git a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
index 2c0aae24e52..573aef7ca1e 100644
--- a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
+++ b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
@@ -366,6 +366,8 @@ public void metadataStatusToClientStatus() {
           .isEqualTo(ClientResourceStatus.ACKED);
       assertThat(CsdsService.metadataStatusToClientStatus(ResourceMetadataStatus.NACKED))
           .isEqualTo(ClientResourceStatus.NACKED);
+      assertThat(CsdsService.metadataStatusToClientStatus(ResourceMetadataStatus.TIMEOUT))
+          .isEqualTo(ClientResourceStatus.TIMEOUT);
     }
 
     @Test
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 6167f491930..3650e5d5bb9 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -3549,7 +3549,7 @@ private static Filter buildHttpConnectionManagerFilter(HttpFilter... httpFilters
 
   private XdsResourceType.Args getXdsResourceTypeArgs(boolean isTrustedServer) {
     return new XdsResourceType.Args(
-        ServerInfo.create("http://td", "", false, isTrustedServer), "1.0", null, null, null, null
+        ServerInfo.create("http://td", "", false, isTrustedServer, false), "1.0", null, null, null, null
     );
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 32361684a6d..89668485b96 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -85,6 +85,7 @@
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.client.BootstrapperImpl;
 import io.grpc.xds.client.EnvoyProtoData.Node;
 import io.grpc.xds.client.LoadStatsManager2.ClusterDropStats;
 import io.grpc.xds.client.Locality;
@@ -145,7 +146,7 @@
 public abstract class GrpcXdsClientImplTestBase {
 
   private static final String SERVER_URI = "trafficdirector.googleapis.com";
-  private static final String SERVER_URI_CUSTOME_AUTHORITY = "trafficdirector2.googleapis.com";
+  private static final String SERVER_URI_CUSTOM_AUTHORITY = "trafficdirector2.googleapis.com";
   private static final String SERVER_URI_EMPTY_AUTHORITY = "trafficdirector3.googleapis.com";
   private static final String LDS_RESOURCE = "listener.googleapis.com";
   private static final String RDS_RESOURCE = "route-configuration.googleapis.com";
@@ -304,6 +305,30 @@ public long currentTimeNanos() {
   private final BindableService adsService = createAdsService();
   private final BindableService lrsService = createLrsService();
 
+  private XdsTransportFactory xdsTransportFactory = new XdsTransportFactory() {
+    @Override
+    public XdsTransport create(ServerInfo serverInfo) {
+      if (serverInfo.target().equals(SERVER_URI)) {
+        return new GrpcXdsTransport(channel);
+      }
+      if (serverInfo.target().equals(SERVER_URI_CUSTOM_AUTHORITY)) {
+        if (channelForCustomAuthority == null) {
+          channelForCustomAuthority = cleanupRule.register(
+              InProcessChannelBuilder.forName(serverName).directExecutor().build());
+        }
+        return new GrpcXdsTransport(channelForCustomAuthority);
+      }
+      if (serverInfo.target().equals(SERVER_URI_EMPTY_AUTHORITY)) {
+        if (channelForEmptyAuthority == null) {
+          channelForEmptyAuthority = cleanupRule.register(
+              InProcessChannelBuilder.forName(serverName).directExecutor().build());
+        }
+        return new GrpcXdsTransport(channelForEmptyAuthority);
+      }
+      throw new IllegalArgumentException("Can not create channel for " + serverInfo);
+    }
+  };
+
   @Before
   public void setUp() throws IOException {
     when(backoffPolicyProvider.get()).thenReturn(backoffPolicy1, backoffPolicy2);
@@ -322,32 +347,9 @@ public void setUp() throws IOException {
         .start());
     channel =
         cleanupRule.register(InProcessChannelBuilder.forName(serverName).directExecutor().build());
-    XdsTransportFactory xdsTransportFactory = new XdsTransportFactory() {
-      @Override
-      public XdsTransport create(ServerInfo serverInfo) {
-        if (serverInfo.target().equals(SERVER_URI)) {
-          return new GrpcXdsTransport(channel);
-        }
-        if (serverInfo.target().equals(SERVER_URI_CUSTOME_AUTHORITY)) {
-          if (channelForCustomAuthority == null) {
-            channelForCustomAuthority = cleanupRule.register(
-                InProcessChannelBuilder.forName(serverName).directExecutor().build());
-          }
-          return new GrpcXdsTransport(channelForCustomAuthority);
-        }
-        if (serverInfo.target().equals(SERVER_URI_EMPTY_AUTHORITY)) {
-          if (channelForEmptyAuthority == null) {
-            channelForEmptyAuthority = cleanupRule.register(
-                InProcessChannelBuilder.forName(serverName).directExecutor().build());
-          }
-          return new GrpcXdsTransport(channelForEmptyAuthority);
-        }
-        throw new IllegalArgumentException("Can not create channel for " + serverInfo);
-      }
-    };
 
     xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
-        true);
+        true, false);
     BootstrapInfo bootstrapInfo =
         Bootstrapper.BootstrapInfo.builder()
             .servers(Collections.singletonList(xdsServerInfo))
@@ -357,7 +359,7 @@ public XdsTransport create(ServerInfo serverInfo) {
                 AuthorityInfo.create(
                     "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
                     ImmutableList.of(Bootstrapper.ServerInfo.create(
-                        SERVER_URI_CUSTOME_AUTHORITY, CHANNEL_CREDENTIALS))),
+                        SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
                 "",
                 AuthorityInfo.create(
                     "xdstp:///envoy.config.listener.v3.Listener/%s",
@@ -3155,6 +3157,108 @@ public void flowControlAbsent() throws Exception {
     verify(anotherWatcher).onError(any());
   }
 
+  @Test
+  public void resourceTimerIsTransientError_schedulesExtendedTimeout() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    ServerInfo serverInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS,
+        false, true, true);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(serverInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of())
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+    @SuppressWarnings("unchecked")
+    ResourceWatcher<CdsUpdate> watcher = mock(ResourceWatcher.class);
+    String resourceName = "cluster.googleapis.com";
+
+    xdsClient.watchXdsResource(
+        XdsClusterResource.getInstance(),
+        resourceName,
+        watcher,
+        fakeClock.getScheduledExecutorService());
+
+    ScheduledTask task = Iterables.getOnlyElement(
+        fakeClock.getPendingTasks(CDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER));
+    assertThat(task.getDelay(TimeUnit.SECONDS))
+        .isEqualTo(XdsClientImpl.EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC);
+    fakeClock.runDueTasks();
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
+  @Test
+  public void resourceTimerIsTransientError_callsOnErrorUnavailable() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
+        true, true);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "authority.xds.com",
+                AuthorityInfo.create(
+                    "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of("cert-instance-name",
+                CertificateProviderInfo.create("file-watcher", ImmutableMap.of())))
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+    String timeoutResource = CDS_RESOURCE + "_timeout";
+    @SuppressWarnings("unchecked")
+    ResourceWatcher<CdsUpdate> timeoutWatcher = mock(ResourceWatcher.class);
+
+    xdsClient.watchXdsResource(
+        XdsClusterResource.getInstance(),
+        timeoutResource,
+        timeoutWatcher,
+        fakeClock.getScheduledExecutorService());
+
+    assertThat(resourceDiscoveryCalls).hasSize(1);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    call.verifyRequest(CDS, ImmutableList.of(timeoutResource), "", "", NODE);
+    fakeClock.forwardTime(XdsClientImpl.EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
+    fakeClock.runDueTasks();
+    ArgumentCaptor<Status> errorCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(timeoutWatcher).onError(errorCaptor.capture());
+    Status error = errorCaptor.getValue();
+    assertThat(error.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(error.getDescription()).isEqualTo(
+        "Timed out waiting for resource " + timeoutResource + " from xDS server");
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
   private Answer<Void> blockUpdate(CyclicBarrier barrier) {
     return new Answer<Void>() {
       @Override
@@ -4220,7 +4324,7 @@ private XdsClientImpl createXdsClient(String serverUri) {
   private BootstrapInfo buildBootStrap(String serverUri) {
 
     ServerInfo xdsServerInfo = ServerInfo.create(serverUri, CHANNEL_CREDENTIALS,
-        ignoreResourceDeletion(), true);
+        ignoreResourceDeletion(), true, false);
 
     return Bootstrapper.BootstrapInfo.builder()
         .servers(Collections.singletonList(xdsServerInfo))
@@ -4230,7 +4334,7 @@ private BootstrapInfo buildBootStrap(String serverUri) {
             AuthorityInfo.create(
                 "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/%s",
                 ImmutableList.of(Bootstrapper.ServerInfo.create(
-                    SERVER_URI_CUSTOME_AUTHORITY, CHANNEL_CREDENTIALS))),
+                    SERVER_URI_CUSTOM_AUTHORITY, CHANNEL_CREDENTIALS))),
             "",
             AuthorityInfo.create(
                 "xdstp:///envoy.config.listener.v3.Listener/%s",
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 3fa31aedf6a..b50bdfce01f 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -368,13 +368,13 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
     String serviceAuthority = "[::FFFF:129.144.52.38]:80";
     bootstrapInfo = BootstrapInfo.builder()
         .servers(ImmutableList.of(ServerInfo.create(
-            "td.googleapis.com", InsecureChannelCredentials.create(), true, true)))
+            "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false)))
         .node(Node.newBuilder().build())
         .authorities(
             ImmutableMap.of(targetAuthority, AuthorityInfo.create(
                 "xdstp://" + targetAuthority + "/envoy.config.listener.v3.Listener/%s?foo=1&bar=2",
                 ImmutableList.of(ServerInfo.create(
-                    "td.googleapis.com", InsecureChannelCredentials.create(), true, true)))))
+                    "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false)))))
         .build();
     expectedLdsResourceName = "xdstp://xds.authority.com/envoy.config.listener.v3.Listener/"
         + "%5B::FFFF:129.144.52.38%5D:80?bar=2&foo=1"; // query param canonified
diff --git a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
index 485970741c1..754e903f8a9 100644
--- a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
@@ -203,7 +203,7 @@ public static Bootstrapper.BootstrapInfo buildBootStrap(List<String> serverUris)
 
     List<ServerInfo> serverInfos = new ArrayList<>();
     for (String uri : serverUris) {
-      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true));
+      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true, false));
     }
     EnvoyProtoData.Node node = EnvoyProtoData.Node.newBuilder().setId("node-id").build();
 

From 6ffcbd927e4bf0f7b08bb42b587cb0e1f6d2ae7c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 29 Jul 2025 13:12:44 -0700
Subject: [PATCH 336/591] Bump Gradle to 8.14.3 and upgrade plugins

The syntax changes adding `=` were to address:
https://docs.gradle.org/8.14.3/userguide/upgrading_version_8.html#groovy_space_assignment_syntax
---
 android-interop-testing/build.gradle     |  4 ++--
 android/build.gradle                     |  4 ++--
 binder/build.gradle                      |  8 ++++----
 build.gradle                             | 10 +++++-----
 census/build.gradle                      |  2 +-
 cronet/build.gradle                      |  2 +-
 gradle/wrapper/gradle-wrapper.properties |  2 +-
 rls/build.gradle                         |  2 +-
 settings.gradle                          |  8 ++++----
 9 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index 4f775d734e9..72b6ac0a302 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -10,7 +10,7 @@ repositories {
 }
 
 android {
-    namespace 'io.grpc.android.integrationtest'
+    namespace = 'io.grpc.android.integrationtest'
     sourceSets {
         main {
             java {
@@ -41,7 +41,7 @@ android {
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
-        multiDexEnabled true
+        multiDexEnabled = true
     }
     buildTypes {
         debug { minifyEnabled false }
diff --git a/android/build.gradle b/android/build.gradle
index 3c717da18a3..723be882982 100644
--- a/android/build.gradle
+++ b/android/build.gradle
@@ -7,7 +7,7 @@ plugins {
 description = 'gRPC: Android'
 
 android {
-    namespace 'io.grpc.android'
+    namespace = 'io.grpc.android'
     compileOptions {
         sourceCompatibility JavaVersion.VERSION_1_8
         targetCompatibility JavaVersion.VERSION_1_8
@@ -20,7 +20,7 @@ android {
         versionName "1.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
     }
-    lintOptions { abortOnError true }
+    lintOptions { abortOnError = true }
     publishing {
         singleVariant('release') {
             withSourcesJar()
diff --git a/binder/build.gradle b/binder/build.gradle
index 7ac23750a2a..dc9df6b04de 100644
--- a/binder/build.gradle
+++ b/binder/build.gradle
@@ -6,7 +6,7 @@ plugins {
 description = 'gRPC BinderChannel'
 
 android {
-    namespace 'io.grpc.binder'
+    namespace = 'io.grpc.binder'
     compileSdkVersion 34
     compileOptions {
         sourceCompatibility 1.8
@@ -18,16 +18,16 @@ android {
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
-        multiDexEnabled true
+        multiDexEnabled = true
     }
-    lintOptions { abortOnError false }
+    lintOptions { abortOnError = false }
     publishing {
         singleVariant('release') {
             withSourcesJar()
             withJavadocJar()
         }
     }
-    testFixtures { enable true }
+    testFixtures { enable = true }
 }
 
 repositories {
diff --git a/build.gradle b/build.gradle
index d47687421b0..bedc8a1bdf1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -25,7 +25,7 @@ subprojects {
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
-            url "https://maven-central.storage-download.googleapis.com/maven2/"
+            url = "https://maven-central.storage-download.googleapis.com/maven2/"
             metadataSources {
                 mavenPom()
                 ignoreGradleMetadataRedirection()
@@ -241,9 +241,9 @@ subprojects {
         tasks.named("test").configure {
             testLogging {
                 exceptionFormat = 'full'
-                showExceptions true
-                showCauses true
-                showStackTraces true
+                showExceptions = true
+                showCauses = true
+                showStackTraces = true
             }
             maxHeapSize = '1500m'
         }
@@ -410,7 +410,7 @@ subprojects {
         }
 
         signing {
-            required false
+            required = false
             sign publishing.publications.maven
         }
 
diff --git a/census/build.gradle b/census/build.gradle
index 0993488ff83..c7cb02c15a0 100644
--- a/census/build.gradle
+++ b/census/build.gradle
@@ -40,7 +40,7 @@ dependencies {
 }
 
 tasks.named("javadoc").configure {
-    failOnError false  // no public or protected classes found to document
+    failOnError = false  // no public or protected classes found to document
     exclude 'io/grpc/census/internal/**'
     exclude 'io/grpc/census/Internal*'
 }
diff --git a/cronet/build.gradle b/cronet/build.gradle
index 1a327f9f966..3cc86201298 100644
--- a/cronet/build.gradle
+++ b/cronet/build.gradle
@@ -11,7 +11,7 @@ repositories {
 }
 
 android {
-    namespace 'io.grpc.cronet'
+    namespace = 'io.grpc.cronet'
     compileSdkVersion 33
     defaultConfig {
         minSdkVersion 21
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 94113f200e6..d4081da476b 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
diff --git a/rls/build.gradle b/rls/build.gradle
index 1dbcd91ec3c..1193ab3d4bc 100644
--- a/rls/build.gradle
+++ b/rls/build.gradle
@@ -50,7 +50,7 @@ tasks.named("compileJava").configure {
 
 tasks.named("javadoc").configure {
     // Do not publish javadoc since currently there is no public API.
-    failOnError false  // no public or protected classes found to document
+    failOnError = false  // no public or protected classes found to document
     exclude 'io/grpc/lookup/v1/**'
     exclude 'io/grpc/rls/*Provider.java'
     exclude 'io/grpc/rls/internal/**'
diff --git a/settings.gradle b/settings.gradle
index e30849dbe2b..22a49f0c3be 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -9,7 +9,7 @@ pluginManagement {
 	// https://github.com/GoogleCloudPlatform/appengine-plugins/releases
         id "com.google.cloud.tools.appengine" version "2.8.0"
         // https://github.com/GoogleContainerTools/jib/blob/master/jib-gradle-plugin/CHANGELOG.md
-        id "com.google.cloud.tools.jib" version "3.4.4"
+        id "com.google.cloud.tools.jib" version "3.4.5"
 	// https://github.com/google/osdetector-gradle-plugin/tags
         id "com.google.osdetector" version "1.7.3"
         // https://github.com/google/protobuf-gradle-plugin/releases
@@ -21,11 +21,11 @@ pluginManagement {
         // https://github.com/melix/japicmp-gradle-plugin/blob/master/CHANGELOG.txt
         id "me.champeau.gradle.japicmp" version "0.4.2"
         // https://github.com/melix/jmh-gradle-plugin/releases
-        id "me.champeau.jmh" version "0.7.2"
+        id "me.champeau.jmh" version "0.7.3"
         // https://github.com/tbroyer/gradle-errorprone-plugin/releases
-        id "net.ltgt.errorprone" version "4.1.0"
+        id "net.ltgt.errorprone" version "4.3.0"
         // https://github.com/xvik/gradle-animalsniffer-plugin/releases
-        id "ru.vyarus.animalsniffer" version "2.0.0"
+        id "ru.vyarus.animalsniffer" version "2.0.1"
     }
     resolutionStrategy {
         eachPlugin {

From d947c80f996a95ee78b69fa78e6085c322dd1a29 Mon Sep 17 00:00:00 2001
From: apolcyn <apolcyn@google.com>
Date: Wed, 30 Jul 2025 09:31:02 -0700
Subject: [PATCH 337/591] interop-testing: make soak test use logger rather
 than writing to stderr directly

---
 .../java/io/grpc/testing/integration/SoakClient.java     | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/SoakClient.java b/interop-testing/src/main/java/io/grpc/testing/integration/SoakClient.java
index 935586cfbdd..e119c826f09 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/SoakClient.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/SoakClient.java
@@ -39,6 +39,7 @@
 import java.util.Locale;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
+import java.util.logging.Logger;
 import org.HdrHistogram.Histogram;
 
 /**
@@ -48,6 +49,8 @@
  * https://github.com/grpc/grpc/blob/master/doc/interop-test-descriptions.md#rpc_soak
  */
 final class SoakClient {
+  private static final Logger logger = Logger.getLogger(SoakClient.class.getName());
+
   private static class SoakIterationResult {
     public SoakIterationResult(long latencyMs, Status status) {
       this.latencyMs = latencyMs;
@@ -171,7 +174,7 @@ public static void performSoakTest(
       iterationsDone += threadResult.getIterationsDone();
       latencies.add(threadResult.getLatencies());
     }
-    System.err.println(
+    logger.info(
         String.format(
             Locale.US,
             "(server_uri: %s) soak test ran: %d / %d iterations. total failures: %d. "
@@ -244,14 +247,16 @@ private static void executeSoakTestInThread(
       if (!result.getStatus().equals(Status.OK)) {
         threadResults.threadFailures++;
         logStr.append(String.format(" failed: %s", result.getStatus()));
+        logger.warning(logStr.toString());
       } else if (result.getLatencyMs() > maxAcceptablePerIterationLatencyMs) {
         threadResults.threadFailures++;
         logStr.append(
             " exceeds max acceptable latency: " + maxAcceptablePerIterationLatencyMs);
+        logger.warning(logStr.toString());
       } else {
         logStr.append(" succeeded");
+        logger.info(logStr.toString());
       }
-      System.err.println(logStr.toString());
       threadResults.iterationsDone++;
       threadResults.getLatencies().recordValue(result.getLatencyMs());
       long remainingNs = earliestNextStartNs - System.nanoTime();

From 8b46ad58c38020b8c1ed5e9a2d7850fd3a9033fb Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 5 Aug 2025 16:30:39 +0000
Subject: [PATCH 338/591] Start 1.76.0 development cycle (#12258)

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index ed7bac31a34..5a2a9a86ea0 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.75.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.76.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index bedc8a1bdf1..50c9df4c5c8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.75.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.76.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index e56beda4b68..22d3491be95 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.75.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.76.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index f43fe748c46..22978149759 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.75.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.76.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 658a6785474..2ad4a01d9e6 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.75.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.76.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index ef057544d5c..5e3e62a74e3 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,5 +1,5 @@
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.75.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.76.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index bf6064658b7..a9716ea1f62 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,12 +54,12 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index e15fec725a3..2fd2d2fa950 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index f961edbbcb2..371e277bdc6 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,8 +52,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index 6bc1d5d7edb..02327041d34 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,8 +53,8 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index 253fca272c7..4f72a279a91 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 57e531fb564..2c51ad88d4f 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 96569ac31b7..b127afad1b1 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 90a8b2975c6..e455d2f82b2 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 66056756523..d4082b44927 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 7525d06c375..3067989f9eb 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 31f9dc41150..5e0c5a279e2 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index df716875791..2f3dbbed7a0 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index e28e9929137..c28ecf835e1 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 3c3efab4c51..87ab50a29eb 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 4c9e6662ac3..65dc8dad198 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index 74c97622f9e..a00b1a48761 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 3013c6c6a72..cc6d5ac8685 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 98497ec41be..cee41f42010 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index ad6e65300d0..e54dfab80d6 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 1cea56171cd..1908a245b90 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 4f5e9e70a11..04c9d2429bc 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 926c7b314e3..6602e6c0d75 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 66f5374cf3a..55d445cfdf4 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 0d971942bc0..881ebd0e885 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index ec32a485ef9..a04add5b0e4 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index 99ba741cbf7..a075d97a549 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index b2d945b1d5e..7393887e110 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.75.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 57b7a9c6b79..baa1ececb6a 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.75.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.75.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.5</protobuf.version>
     <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->

From a40c8cf5a49077b48ec2428c8ddb420b987945af Mon Sep 17 00:00:00 2001
From: camel <camel.young@gmail.com>
Date: Tue, 5 Aug 2025 16:47:45 -0700
Subject: [PATCH 339/591] binder: Let apps call
 SecurityPolicy.checkAuthorization() by PeerUid (#12257)

This allows a server with access to PeerUid to check additional application-layer security policy *after* the call itself is authorized by the transport layer. Cross cutting application-layer checks could be done from a ServerInterceptor (RPC method level policy, say). Checks based on the substance of a request message could be done by the individual RPC method implementations themselves.
---
 .../io/grpc/binder/AsyncSecurityPolicy.java   | 21 +++++++++++++++++++
 .../java/io/grpc/binder/SecurityPolicy.java   | 21 +++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java b/binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java
index 5b17ad35977..9594c644e0c 100644
--- a/binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java
+++ b/binder/src/main/java/io/grpc/binder/AsyncSecurityPolicy.java
@@ -67,4 +67,25 @@ public final Status checkAuthorization(int uid) {
    *     authorized.
    */
   public abstract ListenableFuture<Status> checkAuthorizationAsync(int uid);
+
+  /**
+   * Decides whether the given Android UID is authorized, without providing its raw integer value.
+   *
+   * <p>Calling this is equivalent to calling {@link SecurityPolicy#checkAuthorization(int)}, except
+   * the caller provides a {@link PeerUid} wrapper instead of the raw integer uid (known only to the
+   * transport). This allows a server to check additional application-layer security policy for
+   * itself *after* the call itself is authorized by the transport layer. Cross cutting application-
+   * layer checks could be done from a {@link io.grpc.ServerInterceptor}. Checks based on the
+   * substance of a request message could be done by the individual RPC method implementations
+   * themselves.
+   *
+   * <p>See #checkAuthorizationAsync(int) for details on the semantics. See {@link
+   * PeerUids#newPeerIdentifyingServerInterceptor()} for how to get a {@link PeerUid}.
+   *
+   * @param uid The Android UID to authenticate.
+   * @return A gRPC {@link Status} object, with OK indicating authorized.
+   */
+  public final ListenableFuture<Status> checkAuthorizationAsync(PeerUid uid) {
+    return checkAuthorizationAsync(uid.getUid());
+  }
 }
diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicy.java b/binder/src/main/java/io/grpc/binder/SecurityPolicy.java
index 261e5223a0f..3ad8903407f 100644
--- a/binder/src/main/java/io/grpc/binder/SecurityPolicy.java
+++ b/binder/src/main/java/io/grpc/binder/SecurityPolicy.java
@@ -53,4 +53,25 @@ protected SecurityPolicy() {}
    * @return A gRPC {@link Status} object, with OK indicating authorized.
    */
   public abstract Status checkAuthorization(int uid);
+
+  /**
+   * Decides whether the given Android UID is authorized, without providing its raw integer value.
+   *
+   * <p>Calling this is equivalent to calling {@link SecurityPolicy#checkAuthorization(int)}, except
+   * the caller provides a {@link PeerUid} wrapper instead of the raw integer uid (known only to the
+   * transport). This allows a server to check additional application-layer security policy for
+   * itself *after* the call itself is authorized by the transport layer. Cross cutting application-
+   * layer checks could be done from a {@link io.grpc.ServerInterceptor}. Checks based on the
+   * substance of a request message could be done by the individual RPC method implementations
+   * themselves.
+   *
+   * <p>See #checkAuthorizationAsync(int) for details on the semantics. See {@link
+   * PeerUids#newPeerIdentifyingServerInterceptor()} for how to get a {@link PeerUid}.
+   *
+   * @param uid The Android UID to authenticate.
+   * @return A gRPC {@link Status} object, with OK indicating authorized.
+   */
+  public final Status checkAuthorization(PeerUid uid) {
+    return checkAuthorization(uid.getUid());
+  }
 }

From 7040417eeecb69aa4f012e6ee01da249abbca6d4 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 6 Aug 2025 12:24:33 +0530
Subject: [PATCH 340/591] stub: use the closedTrailers in StatusException
 (#12259)

---
 .../java/io/grpc/stub/BlockingClientCall.java | 53 +++++++++++--------
 1 file changed, 32 insertions(+), 21 deletions(-)

diff --git a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
index b62bd4322a9..2c896c7208a 100644
--- a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
+++ b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
@@ -29,6 +29,7 @@
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -69,7 +70,7 @@ public final class BlockingClientCall<ReqT, RespT> {
   private final ThreadSafeThreadlessExecutor executor;
 
   private boolean writeClosed;
-  private volatile Status closedStatus; // null if not closed
+  private AtomicReference<CloseState> closeState = new AtomicReference<>();
 
   BlockingClientCall(ClientCall<ReqT, RespT> call, ThreadSafeThreadlessExecutor executor) {
     this.call = call;
@@ -120,22 +121,22 @@ private RespT read(boolean waitForever, long endNanoTime)
       logger.finer("Client Blocking read had value:  " + bufferedValue);
     }
 
-    Status currentClosedStatus;
+    CloseState currentCloseState;
     if (bufferedValue != null) {
       call.request(1);
       return bufferedValue;
-    } else if ((currentClosedStatus = closedStatus) == null) {
+    } else if ((currentCloseState = closeState.get()) == null) {
       throw new IllegalStateException(
           "The message disappeared... are you reading from multiple threads?");
-    } else if (!currentClosedStatus.isOk()) {
-      throw currentClosedStatus.asException();
+    } else if (!currentCloseState.status.isOk()) {
+      throw currentCloseState.status.asException(currentCloseState.trailers);
     } else {
       return null;
     }
   }
 
   boolean skipWaitingForRead() {
-    return closedStatus != null || !buffer.isEmpty();
+    return closeState.get() != null || !buffer.isEmpty();
   }
 
   /**
@@ -148,11 +149,11 @@ boolean skipWaitingForRead() {
    * @throws StatusException If the stream was closed in an error state
    */
   public boolean hasNext() throws InterruptedException, StatusException {
-    executor.waitAndDrain((x) -> !x.buffer.isEmpty() || x.closedStatus != null, this);
+    executor.waitAndDrain((x) -> !x.buffer.isEmpty() || x.closeState.get() != null, this);
 
-    Status currentClosedStatus = closedStatus;
-    if (currentClosedStatus != null && !currentClosedStatus.isOk()) {
-      throw currentClosedStatus.asException();
+    CloseState currentCloseState = closeState.get();
+    if (currentCloseState != null && !currentCloseState.status.isOk()) {
+      throw currentCloseState.status.asException(currentCloseState.trailers);
     }
 
     return !buffer.isEmpty();
@@ -221,17 +222,16 @@ private boolean write(boolean waitForever, ReqT request, long endNanoTime)
     }
 
     Predicate<BlockingClientCall<ReqT, RespT>> predicate =
-        (x) -> x.call.isReady() || x.closedStatus != null;
+        (x) -> x.call.isReady() || x.closeState.get() != null;
     executor.waitAndDrainWithTimeout(waitForever, endNanoTime, predicate, this);
-    Status savedClosedStatus = closedStatus;
-    if (savedClosedStatus == null) {
+    CloseState savedCloseState = closeState.get();
+    if (savedCloseState == null || savedCloseState.status == null) {
       call.sendMessage(request);
       return true;
-    } else if (savedClosedStatus.isOk()) {
+    } else if (savedCloseState.status.isOk()) {
       return false;
     } else {
-      // Propagate any errors returned from the server
-      throw savedClosedStatus.asException();
+      throw savedCloseState.status.asException(savedCloseState.trailers);
     }
   }
 
@@ -274,7 +274,8 @@ public void halfClose() {
   @VisibleForTesting
   Status getClosedStatus() {
     drainQuietly();
-    return closedStatus;
+    CloseState state = closeState.get();
+    return (state == null) ? null : state.status;
   }
 
   /**
@@ -317,7 +318,7 @@ boolean isWriteReady() {
    * @return True if writes haven't been closed and the server hasn't closed the stream
    */
   private boolean isWriteLegal() {
-    return !writeClosed && closedStatus == null;
+    return !writeClosed && closeState.get() == null;
   }
 
   ClientCall.Listener<RespT> getListener() {
@@ -335,15 +336,25 @@ private void drainQuietly() {
   private final class QueuingListener extends ClientCall.Listener<RespT> {
     @Override
     public void onMessage(RespT value) {
-      Preconditions.checkState(closedStatus == null, "ClientCall already closed");
+      Preconditions.checkState(closeState.get() == null, "ClientCall already closed");
       buffer.add(value);
     }
 
     @Override
     public void onClose(Status status, Metadata trailers) {
-      Preconditions.checkState(closedStatus == null, "ClientCall already closed");
-      closedStatus = status;
+      CloseState newCloseState = new CloseState(status, trailers);
+      boolean wasSet = closeState.compareAndSet(null, newCloseState);
+      Preconditions.checkState(wasSet, "ClientCall already closed");
     }
   }
 
+  private static final class CloseState {
+    final Status status;
+    final Metadata trailers;
+
+    CloseState(Status status, Metadata trailers) {
+      this.status = Preconditions.checkNotNull(status, "status");
+      this.trailers = trailers;
+    }
+  }
 }

From f30964ab82efab6c92354bea1b9b8f6a9c6dddbe Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 6 Aug 2025 11:01:45 -0700
Subject: [PATCH 341/591] Bump versions of dependencies (#12252)

Notably, protobuf to 3.25.8, opentelemetry to 1.52.0. Protobuf in Bazel
has 25.5 in the BCR and it seems better to align the WORKSPACE
with that version. But we can't actually use 25.5 in BCR because it is
incompatible with Bazel 7.
---
 MODULE.bazel                                  |  7 +++---
 examples/MODULE.bazel                         |  1 -
 examples/build.gradle                         |  2 +-
 examples/example-alts/build.gradle            |  2 +-
 examples/example-debug/build.gradle           |  2 +-
 examples/example-debug/pom.xml                |  2 +-
 examples/example-dualstack/build.gradle       |  2 +-
 examples/example-dualstack/pom.xml            |  2 +-
 examples/example-gauth/build.gradle           |  2 +-
 examples/example-gauth/pom.xml                |  2 +-
 .../build.gradle                              |  6 ++---
 .../example-gcp-observability/build.gradle    |  2 +-
 examples/example-hostname/build.gradle        |  2 +-
 examples/example-hostname/pom.xml             |  2 +-
 examples/example-jwt-auth/build.gradle        |  2 +-
 examples/example-jwt-auth/pom.xml             |  4 ++--
 examples/example-oauth/build.gradle           |  2 +-
 examples/example-oauth/pom.xml                |  4 ++--
 examples/example-opentelemetry/build.gradle   |  6 ++---
 examples/example-orca/build.gradle            |  2 +-
 examples/example-reflection/build.gradle      |  2 +-
 examples/example-servlet/build.gradle         |  2 +-
 examples/example-tls/build.gradle             |  2 +-
 examples/example-tls/pom.xml                  |  2 +-
 examples/example-xds/build.gradle             |  2 +-
 examples/pom.xml                              |  4 ++--
 gradle/libs.versions.toml                     | 24 ++++++++++---------
 repositories.bzl                              | 10 ++++----
 28 files changed, 53 insertions(+), 51 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 5a2a9a86ea0..5a731723c33 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -8,7 +8,7 @@ module(
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.51.0",
+    "com.google.api.grpc:proto-google-common-protos:2.59.2",
     "com.google.auth:google-auth-library-credentials:1.24.1",
     "com.google.auth:google-auth-library-oauth2-http:1.24.1",
     "com.google.auto.value:auto-value-annotations:1.11.0",
@@ -19,7 +19,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.3.1-android",
     "com.google.re2j:re2j:1.8",
-    "com.google.s2a.proto.v2:s2a-proto:0.1.1",
+    "com.google.s2a.proto.v2:s2a-proto:0.1.2",
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
@@ -50,7 +50,8 @@ bazel_dep(name = "bazel_jar_jar", version = "0.1.7")
 bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
-bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
+# Protobuf 25.5+ is incompatible with Bazel 7 with bzlmod
+bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "24.4")
 bazel_dep(name = "rules_cc", version = "0.0.9")
 bazel_dep(name = "rules_java", version = "5.3.5")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 5e3e62a74e3..8bd50810c46 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,4 +1,3 @@
-bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
 bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.76.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
diff --git a/examples/build.gradle b/examples/build.gradle
index 4f72a279a91..507b87df4db 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -22,7 +22,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.5'
+def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
 dependencies {
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 2c51ad88d4f..33ea02a5875 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -22,7 +22,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
+def protocVersion = '3.25.8'
 
 dependencies {
     // grpc-alts transitively depends on grpc-netty-shaded, grpc-protobuf, and grpc-stub
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index b127afad1b1..ed01bbb2636 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.5'
+def protobufVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index e455d2f82b2..90ce766d8a9 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.5</protoc.version>
+    <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index d4082b44927..fa9db23f987 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.5'
+def protobufVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 3067989f9eb..b70a3eca3d8 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.5</protoc.version>
+    <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 5e0c5a279e2..52d945196fa 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -22,7 +22,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.5'
+def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 2f3dbbed7a0..68a98c526a5 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.5</protobuf.version>
+    <protobuf.version>3.25.8</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index c28ecf835e1..816ef9e6742 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -23,9 +23,9 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
-def openTelemetryVersion = '1.40.0'
-def openTelemetryPrometheusVersion = '1.40.0-alpha'
+def protocVersion = '3.25.8'
+def openTelemetryVersion = '1.52.0'
+def openTelemetryPrometheusVersion = '1.52.0-alpha'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 87ab50a29eb..432dceb6730 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -23,7 +23,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
+def protocVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 65dc8dad198..7345d873e4f 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -22,7 +22,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.5'
+def protobufVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index a00b1a48761..00209657e1d 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.5</protoc.version>
+    <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index cc6d5ac8685..b14040ad58f 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -22,7 +22,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.5'
+def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
 dependencies {
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index cee41f42010..8dce2a71032 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -14,8 +14,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.5</protobuf.version>
-    <protoc.version>3.25.5</protoc.version>
+    <protobuf.version>3.25.8</protobuf.version>
+    <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index e54dfab80d6..521d8b082ce 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -22,7 +22,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.5'
+def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
 dependencies {
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 1908a245b90..2907d062053 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -14,8 +14,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.5</protobuf.version>
-    <protoc.version>3.25.5</protoc.version>
+    <protobuf.version>3.25.8</protobuf.version>
+    <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 04c9d2429bc..482f5766bee 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -22,9 +22,9 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
-def openTelemetryVersion = '1.40.0'
-def openTelemetryPrometheusVersion = '1.40.0-alpha'
+def protocVersion = '3.25.8'
+def openTelemetryVersion = '1.52.0'
+def openTelemetryPrometheusVersion = '1.52.0-alpha'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 6602e6c0d75..2716adf7de1 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -17,7 +17,7 @@ java {
 }
 
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
+def protocVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 55d445cfdf4..2b48cb30b5f 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -17,7 +17,7 @@ java {
 }
 
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
+def protocVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 881ebd0e885..bbdb65349ca 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -16,7 +16,7 @@ java {
 }
 
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
+def protocVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}",
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index a04add5b0e4..aeb769a479b 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -22,7 +22,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
+def protocVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index a075d97a549..575400c3608 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.5</protoc.version>
+    <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index 7393887e110..6c78db3513c 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -22,7 +22,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.5'
+def protocVersion = '3.25.8'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/pom.xml b/examples/pom.xml
index baa1ececb6a..f81346c913c 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -13,8 +13,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.5</protobuf.version>
-    <protoc.version>3.25.5</protoc.version>
+    <protobuf.version>3.25.8</protobuf.version>
+    <protoc.version>3.25.8</protoc.version>
     <!-- required for JDK 8 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 2ea4c8b5fa1..9407b2a8774 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -6,14 +6,16 @@ nettytcnative = '2.0.70.Final'
 opencensus = "0.31.1"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
-protobuf = "3.25.5"
+protobuf = "3.25.8"
 
 [libraries]
 android-annotations = "com.google.android:annotations:4.1.1.4"
+# androidx-annotation 1.9.1+ uses Kotlin and requires Android Gradle Plugin 9+
 androidx-annotation = "androidx.annotation:annotation:1.9.0"
 # 1.15.0 requires libraries and applications that depend on it to compile against
 # version 35 or later of the Android APIs.
 androidx-core = "androidx.core:core:1.13.1"
+# androidx-lifecycle 2.9+ requires Java 17
 androidx-lifecycle-common = "androidx.lifecycle:lifecycle-common:2.8.7"
 androidx-lifecycle-service = "androidx.lifecycle:lifecycle-service:2.8.7"
 androidx-test-core = "androidx.test:core:1.6.1"
@@ -36,13 +38,13 @@ cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
 errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.30.0"
 # error-prone 2.32.0+ require Java 17+
 errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
-google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.51.0"
+google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.59.2"
 # google-auth-library 1.25.0+ requires error_prone_annotations 2.31.0+, which
 # breaks the Android build
 google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.24.1"
 google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.24.1"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
-google-cloud-logging = "com.google.cloud:google-cloud-logging:3.21.2"
+google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.1"
 # 2.12.1 requires error_prone_annotations:2.36.0 but we are stuck with 2.30.0
 gson = "com.google.code.gson:gson:2.11.0"
 # 33.4.0 requires com.google.errorprone:error_prone_annotations:2.36.0 but we are stuck with 2.30.0 (see above)
@@ -61,7 +63,7 @@ javax-annotation = "org.apache.tomcat:annotations-api:6.0.53"
 javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
 # 12.0.0+ require Java 17+
 jetty-client = "org.eclipse.jetty:jetty-client:11.0.24"
-jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.0.16"
+jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.0.23"
 jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.20"
 jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.0.16"
 jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.20"
@@ -91,19 +93,19 @@ opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-g
 opencensus-exporter-stats-stackdriver = { module = "io.opencensus:opencensus-exporter-stats-stackdriver", version.ref = "opencensus" }
 opencensus-exporter-trace-stackdriver = { module = "io.opencensus:opencensus-exporter-trace-stackdriver", version.ref = "opencensus" }
 opencensus-impl = { module = "io.opencensus:opencensus-impl", version.ref = "opencensus" }
-opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.46.0"
-opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.46.0-alpha"
-opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.43.0-alpha"
-opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.46.0"
-opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.46.0"
+opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.52.0"
+opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.52.0-alpha"
+opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.48.0-alpha"
+opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.52.0"
+opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.52.0"
 perfmark-api = "io.perfmark:perfmark-api:0.27.0"
 protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobuf" }
 protobuf-java-util = { module = "com.google.protobuf:protobuf-java-util", version.ref = "protobuf" }
 protobuf-javalite = { module = "com.google.protobuf:protobuf-javalite", version.ref = "protobuf" }
 protobuf-protoc = { module = "com.google.protobuf:protoc", version.ref = "protobuf" }
 re2j = "com.google.re2j:re2j:1.8"
-robolectric = "org.robolectric:robolectric:4.14.1"
-s2a-proto = "com.google.s2a.proto.v2:s2a-proto:0.1.1"
+robolectric = "org.robolectric:robolectric:4.15.1"
+s2a-proto = "com.google.s2a.proto.v2:s2a-proto:0.1.2"
 signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r2"
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
diff --git a/repositories.bzl b/repositories.bzl
index f9991cac243..5a760be5a43 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -12,7 +12,7 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.51.0",
+    "com.google.api.grpc:proto-google-common-protos:2.59.2",
     "com.google.auth:google-auth-library-credentials:1.24.1",
     "com.google.auth:google-auth-library-oauth2-http:1.24.1",
     "com.google.auto.value:auto-value-annotations:1.11.0",
@@ -23,7 +23,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.3.1-android",
     "com.google.re2j:re2j:1.8",
-    "com.google.s2a.proto.v2:s2a-proto:0.1.1",
+    "com.google.s2a.proto.v2:s2a-proto:0.1.2",
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
@@ -116,9 +116,9 @@ def com_google_protobuf():
     # This statement defines the @com_google_protobuf repo.
     http_archive(
         name = "com_google_protobuf",
-        sha256 = "9bd87b8280ef720d3240514f884e56a712f2218f0d693b48050c836028940a42",
-        strip_prefix = "protobuf-25.1",
-        urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v25.1/protobuf-25.1.tar.gz"],
+        sha256 = "3cf7d5b17c4ff04fe9f038104e9d0cae6da09b8ce271c13e44f8ac69f51e4e0f",
+        strip_prefix = "protobuf-25.5",
+        urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v25.5/protobuf-25.5.tar.gz"],
     )
 
 def io_grpc_grpc_proto():

From efcdebb904a7768f1c83ac61a3b114234b647cc9 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 7 Aug 2025 08:38:44 -0700
Subject: [PATCH 342/591] Introduce a NameResolver for Android's `intent:` URIs
 (#12248)

Let grpc-binder clients find on-device services by [implicit Intent](https://developer.android.com/guide/components/intents-filters#Types) target URI, lifting the need to hard code a server's package name.
---
 .../java/io/grpc/NameResolverRegistry.java    |   5 +
 binder/src/androidTest/AndroidManifest.xml    |   2 +
 .../grpc/binder/BinderChannelSmokeTest.java   |  19 +-
 .../java/io/grpc/binder/ApiConstants.java     |  12 +
 .../io/grpc/binder/BinderChannelBuilder.java  |   2 +
 .../BinderClientTransportFactory.java         |   4 +
 .../binder/internal/IntentNameResolver.java   | 299 ++++++++++
 .../internal/IntentNameResolverProvider.java  |  77 +++
 .../io/grpc/binder/internal/SystemApis.java   |  60 ++
 .../IntentNameResolverProviderTest.java       | 115 ++++
 .../internal/IntentNameResolverTest.java      | 531 ++++++++++++++++++
 11 files changed, 1117 insertions(+), 9 deletions(-)
 create mode 100644 binder/src/main/java/io/grpc/binder/internal/IntentNameResolver.java
 create mode 100644 binder/src/main/java/io/grpc/binder/internal/IntentNameResolverProvider.java
 create mode 100644 binder/src/main/java/io/grpc/binder/internal/SystemApis.java
 create mode 100644 binder/src/test/java/io/grpc/binder/internal/IntentNameResolverProviderTest.java
 create mode 100644 binder/src/test/java/io/grpc/binder/internal/IntentNameResolverTest.java

diff --git a/api/src/main/java/io/grpc/NameResolverRegistry.java b/api/src/main/java/io/grpc/NameResolverRegistry.java
index 2648f8de1aa..26eb5552b9b 100644
--- a/api/src/main/java/io/grpc/NameResolverRegistry.java
+++ b/api/src/main/java/io/grpc/NameResolverRegistry.java
@@ -166,6 +166,11 @@ static List<Class<?>> getHardCodedClasses() {
     } catch (ClassNotFoundException e) {
       logger.log(Level.FINE, "Unable to find DNS NameResolver", e);
     }
+    try {
+      list.add(Class.forName("io.grpc.binder.internal.IntentNameResolverProvider"));
+    } catch (ClassNotFoundException e) {
+      logger.log(Level.FINE, "Unable to find IntentNameResolverProvider", e);
+    }
     return Collections.unmodifiableList(list);
   }
 
diff --git a/binder/src/androidTest/AndroidManifest.xml b/binder/src/androidTest/AndroidManifest.xml
index b6d71574410..44f21e104d9 100644
--- a/binder/src/androidTest/AndroidManifest.xml
+++ b/binder/src/androidTest/AndroidManifest.xml
@@ -11,11 +11,13 @@
     <service android:name="io.grpc.binder.HostServices$HostService1" android:exported="false">
       <intent-filter>
         <action android:name="action1"/>
+        <data android:scheme="scheme" android:host="authority" android:path="/path"/>
       </intent-filter>
     </service>
     <service android:name="io.grpc.binder.HostServices$HostService2" android:exported="false">
       <intent-filter>
         <action android:name="action2"/>
+        <data android:scheme="scheme" android:host="authority" android:path="/path"/>
       </intent-filter>
     </service>
   </application>
diff --git a/binder/src/androidTest/java/io/grpc/binder/BinderChannelSmokeTest.java b/binder/src/androidTest/java/io/grpc/binder/BinderChannelSmokeTest.java
index 79f7b98f045..e3a8c58bf88 100644
--- a/binder/src/androidTest/java/io/grpc/binder/BinderChannelSmokeTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/BinderChannelSmokeTest.java
@@ -23,6 +23,7 @@
 
 import android.content.Context;
 import android.content.Intent;
+import android.net.Uri;
 import android.os.Parcel;
 import android.os.Parcelable;
 import androidx.test.core.app.ApplicationProvider;
@@ -39,7 +40,6 @@
 import io.grpc.ManagedChannel;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
-import io.grpc.NameResolverRegistry;
 import io.grpc.ServerCall;
 import io.grpc.ServerCall.Listener;
 import io.grpc.ServerCallHandler;
@@ -49,7 +49,6 @@
 import io.grpc.Status.Code;
 import io.grpc.StatusRuntimeException;
 import io.grpc.internal.GrpcUtil;
-import io.grpc.internal.testing.FakeNameResolverProvider;
 import io.grpc.stub.ClientCalls;
 import io.grpc.stub.MetadataUtils;
 import io.grpc.stub.ServerCalls;
@@ -77,7 +76,6 @@ public final class BinderChannelSmokeTest {
 
   private static final int SLIGHTLY_MORE_THAN_ONE_BLOCK = 16 * 1024 + 100;
   private static final String MSG = "Some text which will be repeated many many times";
-  private static final String SERVER_TARGET_URI = "fake://server";
   private static final Metadata.Key<PoisonParcelable> POISON_KEY =
       ParcelableUtils.metadataKey("poison-bin", PoisonParcelable.CREATOR);
 
@@ -99,7 +97,6 @@ public final class BinderChannelSmokeTest {
           .setType(MethodDescriptor.MethodType.BIDI_STREAMING)
           .build();
 
-  FakeNameResolverProvider fakeNameResolverProvider;
   ManagedChannel channel;
   AtomicReference<Metadata> headersCapture = new AtomicReference<>();
   AtomicReference<PeerUid> clientUidCapture = new AtomicReference<>();
@@ -138,8 +135,6 @@ public void setUp() throws Exception {
             PeerUids.newPeerIdentifyingServerInterceptor());
 
     AndroidComponentAddress serverAddress = HostServices.allocateService(appContext);
-    fakeNameResolverProvider = new FakeNameResolverProvider(SERVER_TARGET_URI, serverAddress);
-    NameResolverRegistry.getDefaultRegistry().register(fakeNameResolverProvider);
     HostServices.configureService(
         serverAddress,
         HostServices.serviceParamsBuilder()
@@ -166,7 +161,6 @@ public void setUp() throws Exception {
   @After
   public void tearDown() throws Exception {
     channel.shutdownNow();
-    NameResolverRegistry.getDefaultRegistry().deregister(fakeNameResolverProvider);
     HostServices.awaitServiceShutdown();
   }
 
@@ -235,7 +229,11 @@ public void testStreamingCallOptionHeaders() throws Exception {
 
   @Test
   public void testConnectViaTargetUri() throws Exception {
-    channel = BinderChannelBuilder.forTarget(SERVER_TARGET_URI, appContext).build();
+    // Compare with the <intent-filter> mapping in AndroidManifest.xml.
+    channel =
+        BinderChannelBuilder.forTarget(
+                "intent://authority/path#Intent;action=action1;scheme=scheme;end;", appContext)
+            .build();
     assertThat(doCall("Hello").get()).isEqualTo("Hello");
   }
 
@@ -245,7 +243,10 @@ public void testConnectViaIntentFilter() throws Exception {
     channel =
         BinderChannelBuilder.forAddress(
                 AndroidComponentAddress.forBindIntent(
-                    new Intent().setAction("action1").setPackage(appContext.getPackageName())),
+                    new Intent()
+                        .setAction("action1")
+                        .setData(Uri.parse("scheme://authority/path"))
+                        .setPackage(appContext.getPackageName())),
                 appContext)
             .build();
     assertThat(doCall("Hello").get()).isEqualTo("Hello");
diff --git a/binder/src/main/java/io/grpc/binder/ApiConstants.java b/binder/src/main/java/io/grpc/binder/ApiConstants.java
index 462586311c6..fbf4be6b7ce 100644
--- a/binder/src/main/java/io/grpc/binder/ApiConstants.java
+++ b/binder/src/main/java/io/grpc/binder/ApiConstants.java
@@ -34,6 +34,18 @@ private ApiConstants() {}
    */
   public static final String ACTION_BIND = "grpc.io.action.BIND";
 
+  /**
+   * Gives a {@link NameResolver} access to its Channel's "source" {@link android.content.Context},
+   * the entry point to almost every other Android API.
+   *
+   * <p>This argument is set automatically by {@link BinderChannelBuilder}. Any value passed to
+   * {@link io.grpc.ManagedChannelBuilder#setNameResolverArg} will be ignored.
+   *
+   * <p>See {@link BinderChannelBuilder#forTarget(String, android.content.Context)} for more.
+   */
+  public static final NameResolver.Args.Key<android.content.Context> SOURCE_ANDROID_CONTEXT =
+      NameResolver.Args.Key.create("source-android-context");
+
   /**
    * Specifies the Android user in which target URIs should be resolved.
    *
diff --git a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
index 233ec6eac4f..18928339fbd 100644
--- a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
+++ b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
@@ -321,6 +321,8 @@ public BinderChannelBuilder idleTimeout(long value, TimeUnit unit) {
   public ManagedChannel build() {
     transportFactoryBuilder.setOffloadExecutorPool(
         managedChannelImplBuilder.getOffloadExecutorPool());
+    setNameResolverArg(
+        ApiConstants.SOURCE_ANDROID_CONTEXT, transportFactoryBuilder.getSourceContext());
     return super.build();
   }
 }
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
index ef00f70e35d..85a0ddd35b7 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
@@ -142,6 +142,10 @@ public Builder setSourceContext(Context sourceContext) {
       return this;
     }
 
+    public Context getSourceContext() {
+      return sourceContext;
+    }
+
     public Builder setOffloadExecutorPool(ObjectPool<? extends Executor> offloadExecutorPool) {
       this.offloadExecutorPool = checkNotNull(offloadExecutorPool, "offloadExecutorPool");
       return this;
diff --git a/binder/src/main/java/io/grpc/binder/internal/IntentNameResolver.java b/binder/src/main/java/io/grpc/binder/internal/IntentNameResolver.java
new file mode 100644
index 00000000000..ce3e2a96a42
--- /dev/null
+++ b/binder/src/main/java/io/grpc/binder/internal/IntentNameResolver.java
@@ -0,0 +1,299 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.grpc.binder.internal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+import static io.grpc.binder.internal.SystemApis.createContextAsUser;
+
+import android.annotation.SuppressLint;
+import android.content.BroadcastReceiver;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.content.pm.PackageManager;
+import android.content.pm.ResolveInfo;
+import android.os.Build;
+import android.os.UserHandle;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.util.concurrent.FutureCallback;
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.MoreExecutors;
+import io.grpc.Attributes;
+import io.grpc.EquivalentAddressGroup;
+import io.grpc.NameResolver;
+import io.grpc.Status;
+import io.grpc.StatusException;
+import io.grpc.StatusOr;
+import io.grpc.SynchronizationContext;
+import io.grpc.binder.AndroidComponentAddress;
+import io.grpc.binder.ApiConstants;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.Executor;
+import javax.annotation.Nullable;
+
+/**
+ * A {@link NameResolver} that resolves Android-standard "intent:" target URIs to the list of {@link
+ * AndroidComponentAddress} that match it by manifest intent filter.
+ */
+final class IntentNameResolver extends NameResolver {
+  private final Intent targetIntent; // Never mutated.
+  @Nullable private final UserHandle targetUser; // null means same user that hosts this process.
+  private final Context targetUserContext;
+  private final Executor offloadExecutor;
+  private final Executor sequentialExecutor;
+  private final SynchronizationContext syncContext;
+  private final ServiceConfigParser serviceConfigParser;
+
+  // Accessed only on `sequentialExecutor`
+  @Nullable private PackageChangeReceiver receiver; // != null when registered
+
+  // Accessed only on 'syncContext'.
+  private boolean shutdown;
+  private boolean queryNeeded;
+  @Nullable private Listener2 listener; // != null after start().
+  @Nullable private ListenableFuture<ResolutionResult> queryResultFuture; // != null when querying.
+
+  @EquivalentAddressGroup.Attr
+  private static final Attributes CONSTANT_EAG_ATTRS =
+      Attributes.newBuilder()
+          // Servers discovered in PackageManager are especially untrusted. After all, any app can
+          // declare any intent filter it wants! Require pre-authorization so that unauthorized apps
+          // don't even get a chance to run onCreate()/onBind().
+          .set(ApiConstants.PRE_AUTH_SERVER_OVERRIDE, true)
+          .build();
+
+  IntentNameResolver(Intent targetIntent, Args args) {
+    this.targetIntent = targetIntent;
+    this.targetUser = args.getArg(ApiConstants.TARGET_ANDROID_USER);
+    Context context =
+        checkNotNull(args.getArg(ApiConstants.SOURCE_ANDROID_CONTEXT), "SOURCE_ANDROID_CONTEXT")
+            .getApplicationContext();
+    this.targetUserContext =
+        targetUser != null ? createContextForTargetUserOrThrow(context, targetUser) : context;
+    // This Executor is nominally optional but all grpc-java Channels provide it since 1.25.
+    this.offloadExecutor =
+        checkNotNull(args.getOffloadExecutor(), "NameResolver.Args.getOffloadExecutor()");
+    // Ensures start()'s work runs before resolve()'s' work, and both run before shutdown()'s.
+    this.sequentialExecutor = MoreExecutors.newSequentialExecutor(offloadExecutor);
+    this.syncContext = args.getSynchronizationContext();
+    this.serviceConfigParser = args.getServiceConfigParser();
+  }
+
+  private static Context createContextForTargetUserOrThrow(Context context, UserHandle targetUser) {
+    try {
+      return createContextAsUser(context, targetUser, /* flags= */ 0); // @SystemApi since R.
+    } catch (ReflectiveOperationException e) {
+      throw new IllegalArgumentException(
+          "TARGET_ANDROID_USER NameResolver.Arg requires SDK_INT >= R and @SystemApi visibility");
+    }
+  }
+
+  @Override
+  public void start(Listener2 listener) {
+    checkState(this.listener == null, "Already started!");
+    checkState(!shutdown, "Resolver is shutdown");
+    this.listener = checkNotNull(listener);
+    sequentialExecutor.execute(this::registerReceiver);
+    resolve();
+  }
+
+  @Override
+  public void refresh() {
+    checkState(listener != null, "Not started!");
+    resolve();
+  }
+
+  private void resolve() {
+    syncContext.throwIfNotInThisSynchronizationContext();
+
+    if (shutdown) {
+      return;
+    }
+
+    // We can't block here in 'syncContext' so we offload PackageManager queries to an Executor.
+    // But offloading complicates things a bit because other calls can arrive while we wait for the
+    // results. We keep 'listener' up-to-date with the latest state in PackageManager by doing:
+    // 1. Only one query-and-report-to-listener operation at a time.
+    // 2. At least one query-and-report-to-listener AFTER every PackageManager state change.
+    if (queryResultFuture == null) {
+      queryResultFuture = Futures.submit(this::queryPackageManager, sequentialExecutor);
+      queryResultFuture.addListener(this::onQueryComplete, syncContext);
+    } else {
+      // There's already a query in-flight but (2) says we need at least one more. Our sequential
+      // Executor would be enough to ensure (1) but we also don't want a backlog of work to build up
+      // if things change rapidly. Just make a note to start a new query when this one finishes.
+      queryNeeded = true;
+    }
+  }
+
+  private void onQueryComplete() {
+    syncContext.throwIfNotInThisSynchronizationContext();
+    checkState(queryResultFuture != null);
+    checkState(queryResultFuture.isDone());
+
+    // Capture non-final `listener` here while we're on 'syncContext'.
+    Listener2 listener = checkNotNull(this.listener);
+    Futures.addCallback(
+        queryResultFuture, // Already isDone() so this execute()s immediately.
+        new FutureCallback<ResolutionResult>() {
+          @Override
+          public void onSuccess(ResolutionResult result) {
+            listener.onResult2(result);
+          }
+
+          @Override
+          public void onFailure(Throwable t) {
+            listener.onResult2(
+                ResolutionResult.newBuilder()
+                    .setAddressesOrError(StatusOr.fromStatus(Status.fromThrowable(t)))
+                    .build());
+          }
+        },
+        syncContext); // Already on 'syncContext' but addCallback() is faster than try/get/catch.
+    queryResultFuture = null;
+
+    if (queryNeeded) {
+      // One or more resolve() requests arrived while we were working on the last one. Just one
+      // follow-on query can subsume all of them.
+      queryNeeded = false;
+      resolve();
+    }
+  }
+
+  @Override
+  public String getServiceAuthority() {
+    return "localhost";
+  }
+
+  @Override
+  public void shutdown() {
+    syncContext.throwIfNotInThisSynchronizationContext();
+    if (!shutdown) {
+      shutdown = true;
+      sequentialExecutor.execute(this::maybeUnregisterReceiver);
+    }
+  }
+
+  private ResolutionResult queryPackageManager() throws StatusException {
+    List<ResolveInfo> queryResults = queryIntentServices(targetIntent);
+
+    // Avoid a spurious UnsafeIntentLaunchViolation later. Since S, Android's StrictMode is very
+    // conservative, marking any Intent parsed from a string as suspicious and complaining when you
+    // bind to it. But all this is pointless with grpc-binder, which already goes even further by
+    // not trusting addresses at all! Instead, we rely on SecurityPolicy, which won't allow a
+    // connection to an unauthorized server UID no matter how you got there.
+    Intent prototypeBindIntent = sanitize(targetIntent);
+
+    // Model each matching android.app.Service as an EAG (server) with a single address.
+    List<EquivalentAddressGroup> addresses = new ArrayList<>();
+    for (ResolveInfo resolveInfo : queryResults) {
+      prototypeBindIntent.setComponent(
+          new ComponentName(resolveInfo.serviceInfo.packageName, resolveInfo.serviceInfo.name));
+      addresses.add(
+          new EquivalentAddressGroup(
+              AndroidComponentAddress.newBuilder()
+                  .setBindIntent(prototypeBindIntent) // Makes a copy.
+                  .setTargetUser(targetUser)
+                  .build(),
+              CONSTANT_EAG_ATTRS));
+    }
+
+    return ResolutionResult.newBuilder()
+        .setAddressesOrError(StatusOr.fromValue(addresses))
+        // Empty service config means we get the default 'pick_first' load balancing policy.
+        .setServiceConfig(serviceConfigParser.parseServiceConfig(ImmutableMap.of()))
+        .build();
+  }
+
+  private List<ResolveInfo> queryIntentServices(Intent intent) throws StatusException {
+    int flags = 0;
+    if (Build.VERSION.SDK_INT >= 29) {
+      // Don't match direct-boot-unaware Services that can't presently be created. We'll query again
+      // after the user is unlocked. The MATCH_DIRECT_BOOT_AUTO behavior is actually the default but
+      // being explicit here avoids an android.os.strictmode.ImplicitDirectBootViolation.
+      flags |= PackageManager.MATCH_DIRECT_BOOT_AUTO;
+    }
+
+    List<ResolveInfo> intentServices =
+        targetUserContext.getPackageManager().queryIntentServices(intent, flags);
+    if (intentServices == null || intentServices.isEmpty()) {
+      // Must be the same as when ServiceBinding's call to bindService() returns false.
+      throw Status.UNIMPLEMENTED
+          .withDescription("Service not found for intent " + intent)
+          .asException();
+    }
+    return intentServices;
+  }
+
+  // Returns a new Intent with the same action, data and categories as 'input'.
+  private static Intent sanitize(Intent input) {
+    Intent output = new Intent();
+    output.setAction(input.getAction());
+    output.setData(input.getData());
+
+    Set<String> categories = input.getCategories();
+    if (categories != null) {
+      for (String category : categories) {
+        output.addCategory(category);
+      }
+    }
+    // Don't bother copying extras and flags since AndroidComponentAddress (rightly) ignores them.
+    // Don't bother copying package or ComponentName either, since we're about to set that.
+    return output;
+  }
+
+  final class PackageChangeReceiver extends BroadcastReceiver {
+    @Override
+    public void onReceive(Context context, Intent intent) {
+      // Get off the main thread and into the correct SynchronizationContext.
+      syncContext.executeLater(IntentNameResolver.this::resolve);
+      offloadExecutor.execute(syncContext::drain);
+    }
+  }
+
+  @SuppressLint("UnprotectedReceiver") // All of these are protected system broadcasts.
+  private void registerReceiver() {
+    checkState(receiver == null, "Already registered!");
+    receiver = new PackageChangeReceiver();
+    IntentFilter filter = new IntentFilter();
+    filter.addDataScheme("package");
+    filter.addAction(Intent.ACTION_PACKAGE_ADDED);
+    filter.addAction(Intent.ACTION_PACKAGE_CHANGED);
+    filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
+    filter.addAction(Intent.ACTION_PACKAGE_REPLACED);
+
+    targetUserContext.registerReceiver(receiver, filter);
+
+    if (Build.VERSION.SDK_INT >= 24) {
+      // Clients running in direct boot mode must refresh() when the user is unlocked because
+      // that's when `directBootAware=false` services become visible in queryIntentServices()
+      // results. ACTION_BOOT_COMPLETED would work too but it's delivered with lower priority.
+      targetUserContext.registerReceiver(receiver, new IntentFilter(Intent.ACTION_USER_UNLOCKED));
+    }
+  }
+
+  private void maybeUnregisterReceiver() {
+    if (receiver != null) { // NameResolver API contract appears to allow shutdown without start().
+      targetUserContext.unregisterReceiver(receiver);
+      receiver = null;
+    }
+  }
+}
diff --git a/binder/src/main/java/io/grpc/binder/internal/IntentNameResolverProvider.java b/binder/src/main/java/io/grpc/binder/internal/IntentNameResolverProvider.java
new file mode 100644
index 00000000000..67859045dba
--- /dev/null
+++ b/binder/src/main/java/io/grpc/binder/internal/IntentNameResolverProvider.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.grpc.binder.internal;
+
+import static android.content.Intent.URI_INTENT_SCHEME;
+
+import android.content.Intent;
+import com.google.common.collect.ImmutableSet;
+import io.grpc.NameResolver;
+import io.grpc.NameResolver.Args;
+import io.grpc.NameResolverProvider;
+import io.grpc.binder.AndroidComponentAddress;
+import java.net.SocketAddress;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Objects;
+import javax.annotation.Nullable;
+
+/**
+ * A {@link NameResolverProvider} that handles Android-standard "intent:" target URIs, resolving
+ * them to the list of {@link AndroidComponentAddress} that match by manifest intent filter.
+ */
+public final class IntentNameResolverProvider extends NameResolverProvider {
+
+  static final String ANDROID_INTENT_SCHEME = "intent";
+
+  @Override
+  public String getDefaultScheme() {
+    return ANDROID_INTENT_SCHEME;
+  }
+
+  @Nullable
+  @Override
+  public NameResolver newNameResolver(URI targetUri, final Args args) {
+    if (Objects.equals(targetUri.getScheme(), ANDROID_INTENT_SCHEME)) {
+      return new IntentNameResolver(parseUriArg(targetUri), args);
+    } else {
+      return null;
+    }
+  }
+
+  @Override
+  public boolean isAvailable() {
+    return true;
+  }
+
+  @Override
+  public int priority() {
+    return 3; // Lower than DNS so we don't accidentally become the default scheme for a registry.
+  }
+
+  @Override
+  public ImmutableSet<Class<? extends SocketAddress>> getProducedSocketAddressTypes() {
+    return ImmutableSet.of(AndroidComponentAddress.class);
+  }
+
+  private static Intent parseUriArg(URI targetUri) {
+    try {
+      return Intent.parseUri(targetUri.toString(), URI_INTENT_SCHEME);
+    } catch (URISyntaxException e) {
+      throw new IllegalArgumentException(e);
+    }
+  }
+}
diff --git a/binder/src/main/java/io/grpc/binder/internal/SystemApis.java b/binder/src/main/java/io/grpc/binder/internal/SystemApis.java
new file mode 100644
index 00000000000..a4feec86a11
--- /dev/null
+++ b/binder/src/main/java/io/grpc/binder/internal/SystemApis.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.grpc.binder.internal;
+
+import android.content.Context;
+import android.os.UserHandle;
+import java.lang.reflect.Method;
+
+/**
+ * A collection of static methods that wrap hidden Android "System APIs."
+ *
+ * <p>grpc-java can't call Android methods marked @SystemApi directly, even though many of our users
+ * are "system apps" entitled to do so. Being a library built outside the Android source tree, these
+ * "non-SDK" elements simply don't exist from our compiler's perspective. Instead we resort to
+ * reflection but use the static wrappers found here to keep call sites readable and type safe.
+ *
+ * <p>Modern Android's JRE also limits the visibility of these methods at *runtime*. Only certain
+ * privileged apps installed on the system image app can call them, even using reflection, and this
+ * wrapper doesn't change that. Callers are responsible for ensuring that the host app actually has
+ * the ability to call @SystemApis and all methods throw {@link ReflectiveOperationException} as a
+ * reminder to do that. See
+ * https://developer.android.com/guide/app-compatibility/restrictions-non-sdk-interfaces for more.
+ */
+final class SystemApis {
+  private static volatile Method createContextAsUserMethod;
+
+  // Not to be instantiated.
+  private SystemApis() {}
+
+  /**
+   * Returns a new Context object whose methods act as if they were running in the given user.
+   *
+   * @throws ReflectiveOperationException if SDK_INT < R or host app lacks @SystemApi visibility
+   */
+  public static Context createContextAsUser(Context context, UserHandle userHandle, int flags)
+      throws ReflectiveOperationException {
+    if (createContextAsUserMethod == null) {
+      synchronized (SystemApis.class) {
+        if (createContextAsUserMethod == null) {
+          createContextAsUserMethod =
+              Context.class.getMethod("createContextAsUser", UserHandle.class, int.class);
+        }
+      }
+    }
+    return (Context) createContextAsUserMethod.invoke(context, userHandle, flags);
+  }
+}
diff --git a/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverProviderTest.java b/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverProviderTest.java
new file mode 100644
index 00000000000..aa75ba84b09
--- /dev/null
+++ b/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverProviderTest.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.grpc.binder.internal;
+
+import static android.os.Looper.getMainLooper;
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.robolectric.Shadows.shadowOf;
+
+import android.app.Application;
+import androidx.core.content.ContextCompat;
+import androidx.test.core.app.ApplicationProvider;
+import io.grpc.NameResolver;
+import io.grpc.NameResolver.ResolutionResult;
+import io.grpc.NameResolver.ServiceConfigParser;
+import io.grpc.NameResolverProvider;
+import io.grpc.SynchronizationContext;
+import io.grpc.binder.ApiConstants;
+import java.net.URI;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoTestRule;
+import org.robolectric.RobolectricTestRunner;
+
+/** A test for IntentNameResolverProvider. */
+@RunWith(RobolectricTestRunner.class)
+public final class IntentNameResolverProviderTest {
+
+  private final Application appContext = ApplicationProvider.getApplicationContext();
+  private final SynchronizationContext syncContext = newSynchronizationContext();
+  private final NameResolver.Args args = newNameResolverArgs();
+
+  private NameResolverProvider provider;
+
+  @Rule public MockitoTestRule mockitoTestRule = MockitoJUnit.testRule(this);
+  @Mock public NameResolver.Listener2 mockListener;
+  @Captor public ArgumentCaptor<ResolutionResult> resultCaptor;
+
+  @Before
+  public void setUp() {
+    provider = new IntentNameResolverProvider();
+  }
+
+  @Test
+  public void testProviderScheme_returnsIntentScheme() throws Exception {
+    assertThat(provider.getDefaultScheme())
+        .isEqualTo(IntentNameResolverProvider.ANDROID_INTENT_SCHEME);
+  }
+
+  @Test
+  public void testNoResolverForUnknownScheme_returnsNull() throws Exception {
+    assertThat(provider.newNameResolver(new URI("random://uri"), args)).isNull();
+  }
+
+  @Test
+  public void testResolutionWithBadUri_throwsIllegalArg() throws Exception {
+    assertThrows(
+        IllegalArgumentException.class,
+        () -> provider.newNameResolver(new URI("intent:xxx#Intent;e.x=1;end;"), args));
+  }
+
+  @Test
+  public void testResolverForIntentScheme_returnsResolver() throws Exception {
+    URI uri = new URI("intent://authority/path#Intent;action=action;scheme=scheme;end");
+    NameResolver resolver = provider.newNameResolver(uri, args);
+    assertThat(resolver).isNotNull();
+    assertThat(resolver.getServiceAuthority()).isEqualTo("localhost");
+    syncContext.execute(() -> resolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(resultCaptor.getValue().getAddressesOrError()).isNotNull();
+    syncContext.execute(resolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+  }
+
+  /** Returns a new test-specific {@link NameResolver.Args} instance. */
+  private NameResolver.Args newNameResolverArgs() {
+    return NameResolver.Args.newBuilder()
+        .setDefaultPort(-1)
+        .setProxyDetector((target) -> null) // No proxies here.
+        .setSynchronizationContext(syncContext)
+        .setOffloadExecutor(ContextCompat.getMainExecutor(appContext))
+        .setServiceConfigParser(mock(ServiceConfigParser.class))
+        .setArg(ApiConstants.SOURCE_ANDROID_CONTEXT, appContext)
+        .build();
+  }
+
+  private static SynchronizationContext newSynchronizationContext() {
+    return new SynchronizationContext(
+        (thread, exception) -> {
+          throw new AssertionError(exception);
+        });
+  }
+}
diff --git a/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverTest.java b/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverTest.java
new file mode 100644
index 00000000000..b1bfcd4fd56
--- /dev/null
+++ b/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverTest.java
@@ -0,0 +1,531 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.grpc.binder.internal;
+
+import static android.content.Intent.ACTION_PACKAGE_ADDED;
+import static android.content.Intent.ACTION_PACKAGE_REPLACED;
+import static android.os.Looper.getMainLooper;
+import static android.os.Process.myUserHandle;
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.robolectric.Shadows.shadowOf;
+
+import android.app.Application;
+import android.content.ComponentName;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.content.pm.ServiceInfo;
+import android.net.Uri;
+import android.os.UserHandle;
+import android.os.UserManager;
+import androidx.annotation.NonNull;
+import androidx.core.content.ContextCompat;
+import androidx.test.core.app.ApplicationProvider;
+import com.google.common.collect.ImmutableList;
+import io.grpc.EquivalentAddressGroup;
+import io.grpc.NameResolver;
+import io.grpc.NameResolver.ResolutionResult;
+import io.grpc.NameResolver.ServiceConfigParser;
+import io.grpc.Status;
+import io.grpc.StatusOr;
+import io.grpc.SynchronizationContext;
+import io.grpc.binder.AndroidComponentAddress;
+import io.grpc.binder.ApiConstants;
+import java.lang.Thread.UncaughtExceptionHandler;
+import java.net.SocketAddress;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoTestRule;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.annotation.Config;
+import org.robolectric.shadows.ShadowPackageManager;
+
+/** A test for IntentNameResolverProvider. */
+@RunWith(RobolectricTestRunner.class)
+public final class IntentNameResolverTest {
+
+  private static final ComponentName SOME_COMPONENT_NAME =
+      new ComponentName("com.foo.bar", "SomeComponent");
+  private static final ComponentName ANOTHER_COMPONENT_NAME =
+      new ComponentName("org.blah", "AnotherComponent");
+  private final Application appContext = ApplicationProvider.getApplicationContext();
+  private final SynchronizationContext syncContext = newSynchronizationContext();
+  private final NameResolver.Args args = newNameResolverArgs().build();
+
+  private final ShadowPackageManager shadowPackageManager =
+      shadowOf(appContext.getPackageManager());
+
+  @Rule public MockitoTestRule mockitoTestRule = MockitoJUnit.testRule(this);
+  @Mock public NameResolver.Listener2 mockListener;
+  @Captor public ArgumentCaptor<ResolutionResult> resultCaptor;
+
+  @Test
+  public void testResolverForIntentScheme_returnsResolverWithLocalHostAuthority() throws Exception {
+    NameResolver resolver = newNameResolver(newIntent());
+    assertThat(resolver).isNotNull();
+    assertThat(resolver.getServiceAuthority()).isEqualTo("localhost");
+  }
+
+  @Test
+  public void testResolutionWithoutServicesAvailable_returnsUnimplemented() throws Exception {
+    NameResolver nameResolver = newNameResolver(newIntent());
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(resultCaptor.getValue().getAddressesOrError().getStatus().getCode())
+        .isEqualTo(Status.UNIMPLEMENTED.getCode());
+  }
+
+  @Test
+  public void testResolutionWithMultipleServicesAvailable_returnsAndroidComponentAddresses()
+      throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+
+    // Adds another valid Service
+    shadowPackageManager.addServiceIfNotPresent(ANOTHER_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(ANOTHER_COMPONENT_NAME, serviceIntentFilter);
+
+    NameResolver nameResolver = newNameResolver(intent);
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(
+            toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)),
+            toAddressList(intent.cloneFilter().setComponent(ANOTHER_COMPONENT_NAME)));
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+  }
+
+  @Test
+  public void testExplicitResolutionByComponent_returnsRestrictedResults() throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+    shadowPackageManager.addServiceIfNotPresent(ANOTHER_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(ANOTHER_COMPONENT_NAME, serviceIntentFilter);
+
+    NameResolver nameResolver =
+        newNameResolver(intent.cloneFilter().setComponent(ANOTHER_COMPONENT_NAME));
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(toAddressList(intent.cloneFilter().setComponent(ANOTHER_COMPONENT_NAME)));
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+  }
+
+  @Test
+  public void testExplicitResolutionByPackage_returnsRestrictedResults() throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+    shadowPackageManager.addServiceIfNotPresent(ANOTHER_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(ANOTHER_COMPONENT_NAME, serviceIntentFilter);
+
+    NameResolver nameResolver =
+        newNameResolver(intent.cloneFilter().setPackage(ANOTHER_COMPONENT_NAME.getPackageName()));
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(toAddressList(intent.cloneFilter().setComponent(ANOTHER_COMPONENT_NAME)));
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+  }
+
+  @Test
+  public void testResolution_setsPreAuthEagAttribute() throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+
+    NameResolver nameResolver = newNameResolver(intent);
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)));
+    assertThat(
+            getEagsOrThrow(resultCaptor.getValue()).stream()
+                .map(EquivalentAddressGroup::getAttributes)
+                .collect(toImmutableList())
+                .get(0)
+                .get(ApiConstants.PRE_AUTH_SERVER_OVERRIDE))
+        .isTrue();
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+  }
+
+  @Test
+  public void testServiceRemoved_pushesUpdatedAndroidComponentAddresses() throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+    shadowPackageManager.addServiceIfNotPresent(ANOTHER_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(ANOTHER_COMPONENT_NAME, serviceIntentFilter);
+
+    NameResolver nameResolver = newNameResolver(intent);
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(
+            toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)),
+            toAddressList(intent.cloneFilter().setComponent(ANOTHER_COMPONENT_NAME)));
+
+    shadowPackageManager.removeService(ANOTHER_COMPONENT_NAME);
+    broadcastPackageChange(ACTION_PACKAGE_REPLACED, ANOTHER_COMPONENT_NAME.getPackageName());
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener, times(2)).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)));
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+
+    verifyNoMoreInteractions(mockListener);
+    assertThat(shadowOf(appContext).getRegisteredReceivers()).isEmpty();
+  }
+
+  @Test
+  @Config(sdk = 30)
+  public void testTargetAndroidUser_pushesUpdatedAddresses() throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    NameResolver nameResolver =
+        newNameResolver(
+            intent,
+            newNameResolverArgs().setArg(ApiConstants.TARGET_ANDROID_USER, myUserHandle()).build());
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(resultCaptor.getValue().getAddressesOrError().getStatus().getCode())
+        .isEqualTo(Status.UNIMPLEMENTED.getCode());
+
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+    broadcastPackageChange(ACTION_PACKAGE_ADDED, SOME_COMPONENT_NAME.getPackageName());
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener, times(2)).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(
+            ImmutableList.of(
+                AndroidComponentAddress.newBuilder()
+                    .setTargetUser(myUserHandle())
+                    .setBindIntent(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME))
+                    .build()));
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+
+    verifyNoMoreInteractions(mockListener);
+    assertThat(shadowOf(appContext).getRegisteredReceivers()).isEmpty();
+  }
+
+  @Test
+  @Config(sdk = 29)
+  public void testTargetAndroidUser_notSupported_throwsWithHelpfulMessage() throws Exception {
+    NameResolver.Args args =
+        newNameResolverArgs().setArg(ApiConstants.TARGET_ANDROID_USER, myUserHandle()).build();
+    IllegalArgumentException iae =
+        assertThrows(IllegalArgumentException.class, () -> newNameResolver(newIntent(), args));
+    assertThat(iae.getMessage()).contains("TARGET_ANDROID_USER");
+    assertThat(iae.getMessage()).contains("SDK_INT >= R");
+  }
+
+  @Test
+  @Config(sdk = 29)
+  public void testServiceAppearsUponBootComplete_pushesUpdatedAndroidComponentAddresses()
+      throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    // Suppose this directBootAware=true Service appears in PackageManager before a user unlock.
+    shadowOf(appContext.getSystemService(UserManager.class)).setUserUnlocked(false);
+    ServiceInfo someServiceInfo = shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    someServiceInfo.directBootAware = true;
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+
+    NameResolver nameResolver = newNameResolver(intent);
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)));
+
+    // TODO(b/331618070): Robolectric doesn't yet support ServiceInfo.directBootAware filtering.
+    // Simulate support by waiting for a user unlock to add this !directBootAware Service.
+    ServiceInfo anotherServiceInfo =
+        shadowPackageManager.addServiceIfNotPresent(ANOTHER_COMPONENT_NAME);
+    anotherServiceInfo.directBootAware = false;
+    shadowPackageManager.addIntentFilterForService(ANOTHER_COMPONENT_NAME, serviceIntentFilter);
+
+    shadowOf(appContext.getSystemService(UserManager.class)).setUserUnlocked(true);
+    broadcastUserUnlocked(myUserHandle());
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener, times(2)).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(
+            toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)),
+            toAddressList(intent.cloneFilter().setComponent(ANOTHER_COMPONENT_NAME)));
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+    verifyNoMoreInteractions(mockListener);
+  }
+
+  @Test
+  public void testRefresh_returnsSameAndroidComponentAddresses() throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+    shadowPackageManager.addServiceIfNotPresent(ANOTHER_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(ANOTHER_COMPONENT_NAME, serviceIntentFilter);
+
+    NameResolver nameResolver = newNameResolver(intent);
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(
+            toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)),
+            toAddressList(intent.cloneFilter().setComponent(ANOTHER_COMPONENT_NAME)));
+
+    syncContext.execute(nameResolver::refresh);
+    shadowOf(getMainLooper()).idle();
+    verify(mockListener, never()).onError(any());
+    verify(mockListener, times(2)).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(
+            toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)),
+            toAddressList(intent.cloneFilter().setComponent(ANOTHER_COMPONENT_NAME)));
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+    assertThat(shadowOf(appContext).getRegisteredReceivers()).isEmpty();
+  }
+
+  @Test
+  public void testRefresh_collapsesMultipleRequestsIntoOneLookup() throws Exception {
+    Intent intent = newIntent();
+    IntentFilter serviceIntentFilter = newFilterMatching(intent);
+
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, serviceIntentFilter);
+
+    NameResolver nameResolver = newNameResolver(intent);
+    syncContext.execute(() -> nameResolver.start(mockListener)); // Should kick off the 1st lookup.
+    syncContext.execute(nameResolver::refresh); // Should queue a lookup to run when 1st finishes.
+    syncContext.execute(nameResolver::refresh); // Should be ignored since a lookup is already Q'd.
+    syncContext.execute(nameResolver::refresh); // Also ignored.
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener, never()).onError(any());
+    verify(mockListener, times(2)).onResult2(resultCaptor.capture());
+    assertThat(getAddressesOrThrow(resultCaptor.getValue()))
+        .containsExactly(toAddressList(intent.cloneFilter().setComponent(SOME_COMPONENT_NAME)));
+
+    syncContext.execute(nameResolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+  }
+
+  private void broadcastPackageChange(String action, String pkgName) {
+    Intent broadcast = new Intent();
+    broadcast.setAction(action);
+    broadcast.setData(Uri.parse("package:" + pkgName));
+    appContext.sendBroadcast(broadcast);
+  }
+
+  private void broadcastUserUnlocked(UserHandle userHandle) {
+    Intent unlockedBroadcast = new Intent(Intent.ACTION_USER_UNLOCKED);
+    unlockedBroadcast.putExtra(Intent.EXTRA_USER, userHandle);
+    appContext.sendBroadcast(unlockedBroadcast);
+  }
+
+  @Test
+  public void testResolutionOnResultThrows_onErrorNotCalled() throws Exception {
+    RetainingUncaughtExceptionHandler exceptionHandler = new RetainingUncaughtExceptionHandler();
+    SynchronizationContext syncContext = new SynchronizationContext(exceptionHandler);
+    Intent intent = newIntent();
+    shadowPackageManager.addServiceIfNotPresent(SOME_COMPONENT_NAME);
+    shadowPackageManager.addIntentFilterForService(SOME_COMPONENT_NAME, newFilterMatching(intent));
+
+    @SuppressWarnings("serial")
+    class SomeRuntimeException extends RuntimeException {}
+    doThrow(SomeRuntimeException.class).when(mockListener).onResult2(any());
+
+    NameResolver nameResolver =
+        newNameResolver(
+            intent, newNameResolverArgs().setSynchronizationContext(syncContext).build());
+    syncContext.execute(() -> nameResolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+
+    verify(mockListener).onResult2(any());
+    verify(mockListener, never()).onError(any());
+    assertThat(exceptionHandler.uncaught).hasSize(1);
+    assertThat(exceptionHandler.uncaught.get(0)).isInstanceOf(SomeRuntimeException.class);
+  }
+
+  private static Intent newIntent() {
+    Intent intent = new Intent();
+    intent.setAction("test.action");
+    intent.setData(Uri.parse("grpc:ServiceName"));
+    return intent;
+  }
+
+  private static IntentFilter newFilterMatching(Intent intent) {
+    IntentFilter filter = new IntentFilter();
+    if (intent.getAction() != null) {
+      filter.addAction(intent.getAction());
+    }
+    Uri data = intent.getData();
+    if (data != null) {
+      if (data.getScheme() != null) {
+        filter.addDataScheme(data.getScheme());
+      }
+      if (data.getSchemeSpecificPart() != null) {
+        filter.addDataSchemeSpecificPart(data.getSchemeSpecificPart(), 0);
+      }
+    }
+    Set<String> categories = intent.getCategories();
+    if (categories != null) {
+      for (String category : categories) {
+        filter.addCategory(category);
+      }
+    }
+    return filter;
+  }
+
+  private static List<EquivalentAddressGroup> getEagsOrThrow(ResolutionResult result) {
+    StatusOr<List<EquivalentAddressGroup>> eags = result.getAddressesOrError();
+    if (!eags.hasValue()) {
+      throw eags.getStatus().asRuntimeException();
+    }
+    return eags.getValue();
+  }
+
+  // Extracts just the addresses from 'result's EquivalentAddressGroups.
+  private static ImmutableList<List<SocketAddress>> getAddressesOrThrow(ResolutionResult result) {
+    return getEagsOrThrow(result).stream()
+        .map(EquivalentAddressGroup::getAddresses)
+        .collect(toImmutableList());
+  }
+
+  // Converts given Intents to a list of ACAs, for convenient comparison with getAddressesOrThrow().
+  private static ImmutableList<AndroidComponentAddress> toAddressList(Intent... bindIntents) {
+    ImmutableList.Builder<AndroidComponentAddress> builder = ImmutableList.builder();
+    for (Intent bindIntent : bindIntents) {
+      builder.add(AndroidComponentAddress.forBindIntent(bindIntent));
+    }
+    return builder.build();
+  }
+
+  private NameResolver newNameResolver(Intent targetIntent) {
+    return newNameResolver(targetIntent, args);
+  }
+
+  private NameResolver newNameResolver(Intent targetIntent, NameResolver.Args args) {
+    return new IntentNameResolver(targetIntent, args);
+  }
+
+  /** Returns a new test-specific {@link NameResolver.Args} instance. */
+  private NameResolver.Args.Builder newNameResolverArgs() {
+    return NameResolver.Args.newBuilder()
+        .setDefaultPort(-1)
+        .setProxyDetector((target) -> null) // No proxies here.
+        .setSynchronizationContext(syncContext)
+        .setOffloadExecutor(ContextCompat.getMainExecutor(appContext))
+        .setArg(ApiConstants.SOURCE_ANDROID_CONTEXT, appContext)
+        .setServiceConfigParser(mock(ServiceConfigParser.class));
+  }
+
+  /**
+   * Returns a test {@link SynchronizationContext}.
+   *
+   * <p>Exceptions will cause the test to fail with {@link AssertionError}.
+   */
+  private static SynchronizationContext newSynchronizationContext() {
+    return new SynchronizationContext(
+        (thread, exception) -> {
+          throw new AssertionError(exception);
+        });
+  }
+
+  static final class RetainingUncaughtExceptionHandler implements UncaughtExceptionHandler {
+    final ArrayList<Throwable> uncaught = new ArrayList<>();
+
+    @Override
+    public void uncaughtException(@NonNull Thread t, @NonNull Throwable e) {
+      uncaught.add(e);
+    }
+  }
+}

From 06707f7c38068d9e933f6d03811255f481a0abe9 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 5 Aug 2025 14:46:51 -0700
Subject: [PATCH 343/591] xds: Use a different log name for XdsClientImpl and
 ControlPlaneClient

Seems like a good time to stop hating ourselves, as that seems to be the
only reason to use the same string.
---
 xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index d05942914dc..82a0e2f9220 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -109,7 +109,7 @@ final class ControlPlaneClient {
     this.backoffPolicyProvider = checkNotNull(backoffPolicyProvider, "backoffPolicyProvider");
     this.messagePrinter = checkNotNull(messagePrinter, "messagePrinter");
     stopwatch = checkNotNull(stopwatchSupplier, "stopwatchSupplier").get();
-    logId = InternalLogId.allocate("xds-client", serverInfo.target());
+    logId = InternalLogId.allocate("xds-cp-client", serverInfo.target());
     logger = XdsLogger.withLogId(logId);
     logger.log(XdsLogLevel.INFO, "Created");
   }

From f50726d32e216746642513add28e086094ce5506 Mon Sep 17 00:00:00 2001
From: Sangamesh <ghulesangu@gmail.com>
Date: Tue, 12 Aug 2025 03:48:01 +0530
Subject: [PATCH 344/591] android: Clean up android lint and other warnings
 (#12143)

Worked on clearing the lint warnings (OldTargetApi, ObsoleteSdkInt,
InlinedApi, NewApi)

Fixes #12142
---
 android/build.gradle                          |  2 +-
 .../grpc/android/AndroidChannelBuilder.java   |  2 -
 binder/build.gradle                           |  2 +-
 .../java/io/grpc/binder/SecurityPolicies.java |  2 -
 .../grpc/binder/internal/ServiceBinding.java  | 25 +++++++----
 .../binder/internal/ServiceBindingTest.java   | 45 +++++++++++++++++++
 cronet/build.gradle                           |  2 +-
 lint.xml                                      |  8 ++++
 8 files changed, 73 insertions(+), 15 deletions(-)
 create mode 100644 lint.xml

diff --git a/android/build.gradle b/android/build.gradle
index 723be882982..d0ae3b9c886 100644
--- a/android/build.gradle
+++ b/android/build.gradle
@@ -14,7 +14,7 @@ android {
     }
     compileSdkVersion 34
     defaultConfig {
-        minSdkVersion 21
+        minSdkVersion 22
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"
diff --git a/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java b/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
index e56ce5fc405..54b38bc3bd3 100644
--- a/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
+++ b/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
@@ -217,7 +217,6 @@ private void configureNetworkMonitoring() {
         connectivityManager.registerDefaultNetworkCallback(defaultNetworkCallback);
         unregisterRunnable =
             new Runnable() {
-              @TargetApi(Build.VERSION_CODES.LOLLIPOP)
               @Override
               public void run() {
                 connectivityManager.unregisterNetworkCallback(defaultNetworkCallback);
@@ -231,7 +230,6 @@ public void run() {
         context.registerReceiver(networkReceiver, networkIntentFilter);
         unregisterRunnable =
             new Runnable() {
-              @TargetApi(Build.VERSION_CODES.LOLLIPOP)
               @Override
               public void run() {
                 context.unregisterReceiver(networkReceiver);
diff --git a/binder/build.gradle b/binder/build.gradle
index dc9df6b04de..d1302ddfed0 100644
--- a/binder/build.gradle
+++ b/binder/build.gradle
@@ -13,7 +13,7 @@ android {
         targetCompatibility 1.8
     }
     defaultConfig {
-        minSdkVersion 21
+        minSdkVersion 22
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"
diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java
index 05e8c43da79..c0f6fe81989 100644
--- a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java
+++ b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java
@@ -184,7 +184,6 @@ public Status checkAuthorization(int uid) {
    * Creates {@link SecurityPolicy} which checks if the app is a device owner app. See {@link
    * DevicePolicyManager}.
    */
-  @RequiresApi(18)
   public static io.grpc.binder.SecurityPolicy isDeviceOwner(Context applicationContext) {
     DevicePolicyManager devicePolicyManager =
         (DevicePolicyManager) applicationContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
@@ -199,7 +198,6 @@ public static io.grpc.binder.SecurityPolicy isDeviceOwner(Context applicationCon
    * Creates {@link SecurityPolicy} which checks if the app is a profile owner app. See {@link
    * DevicePolicyManager}.
    */
-  @RequiresApi(21)
   public static SecurityPolicy isProfileOwner(Context applicationContext) {
     DevicePolicyManager devicePolicyManager =
         (DevicePolicyManager) applicationContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
diff --git a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
index f0cbe9ec56b..42d69d27a2e 100644
--- a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
+++ b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
@@ -193,18 +193,27 @@ private static Status bindInternal(
           bindResult = context.bindService(bindIntent, conn, flags);
           break;
         case BIND_SERVICE_AS_USER:
-          bindResult = context.bindServiceAsUser(bindIntent, conn, flags, targetUserHandle);
+          if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+            bindResult = context.bindServiceAsUser(bindIntent, conn, flags, targetUserHandle);
+          } else {
+            return Status.INTERNAL.withDescription("Cross user Channel requires Android R+");
+          }
           break;
         case DEVICE_POLICY_BIND_SEVICE_ADMIN:
           DevicePolicyManager devicePolicyManager =
               (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
-          bindResult =
-              devicePolicyManager.bindDeviceAdminServiceAsUser(
-                  channelCredentials.getDevicePolicyAdminComponentName(),
-                  bindIntent,
-                  conn,
-                  flags,
-                  targetUserHandle);
+          if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+            bindResult =
+                devicePolicyManager.bindDeviceAdminServiceAsUser(
+                    channelCredentials.getDevicePolicyAdminComponentName(),
+                    bindIntent,
+                    conn,
+                    flags,
+                    targetUserHandle);
+          } else {
+            return Status.INTERNAL.withDescription(
+                "Device policy admin binding requires Android R+");
+          }
           break;
       }
       if (!bindResult) {
diff --git a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
index bd51c522d15..2079b0eed2c 100644
--- a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
@@ -29,6 +29,7 @@
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.ServiceInfo;
+import android.os.Build;
 import android.os.IBinder;
 import android.os.Parcel;
 import android.os.UserHandle;
@@ -327,6 +328,50 @@ public void testResolveNonExistentServiceWithTargetUserThrows() throws Exception
     assertThat(statusException.getStatus().getDescription()).contains("12345");
   }
 
+  @Test
+  @Config(sdk = 30)
+  public void testBindService_doesNotThrowInternalErrorWhenSdkAtLeastR() {
+    UserHandle userHandle = generateUserHandle(/* userId= */ 12345);
+    binding = newBuilder().setTargetUserHandle(userHandle).build();
+    binding.bind();
+    shadowOf(getMainLooper()).idle();
+
+    assertThat(Build.VERSION.SDK_INT).isEqualTo(Build.VERSION_CODES.R);
+    assertThat(observer.unboundReason).isNull();
+  }
+
+  @Test
+  @Config(sdk = 28)
+  public void testBindServiceAsUser_returnsErrorWhenSdkBelowR() {
+    UserHandle userHandle = generateUserHandle(/* userId= */ 12345);
+    binding = newBuilder().setTargetUserHandle(userHandle).build();
+    binding.bind();
+    shadowOf(getMainLooper()).idle();
+
+    assertThat(observer.unboundReason.getCode()).isEqualTo(Code.INTERNAL);
+    assertThat(observer.unboundReason.getDescription())
+        .isEqualTo("Cross user Channel requires Android R+");
+  }
+
+  @Test
+  @Config(sdk = 28)
+  public void testDevicePolicyBlind_returnsErrorWhenSdkBelowR() {
+    String deviceAdminClassName = "DevicePolicyAdmin";
+    ComponentName adminComponent = new ComponentName(appContext, deviceAdminClassName);
+    allowBindDeviceAdminForUser(appContext, adminComponent, 10);
+    binding =
+        newBuilder()
+            .setTargetUserHandle(UserHandle.getUserHandleForUid(10))
+            .setChannelCredentials(BinderChannelCredentials.forDevicePolicyAdmin(adminComponent))
+            .build();
+    binding.bind();
+    shadowOf(getMainLooper()).idle();
+
+    assertThat(observer.unboundReason.getCode()).isEqualTo(Code.INTERNAL);
+    assertThat(observer.unboundReason.getDescription())
+        .isEqualTo("Device policy admin binding requires Android R+");
+  }
+
   @Test
   @Config(sdk = 30)
   public void testBindWithDeviceAdmin() throws Exception {
diff --git a/cronet/build.gradle b/cronet/build.gradle
index 3cc86201298..0715b4129bf 100644
--- a/cronet/build.gradle
+++ b/cronet/build.gradle
@@ -14,7 +14,7 @@ android {
     namespace = 'io.grpc.cronet'
     compileSdkVersion 33
     defaultConfig {
-        minSdkVersion 21
+        minSdkVersion 22
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"
diff --git a/lint.xml b/lint.xml
new file mode 100644
index 00000000000..93e2f603108
--- /dev/null
+++ b/lint.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<lint>
+    <!--
+      Suppress temporarily due to AAPT2 failures with SDK 35/36 on AGP 7.x.
+      Remove after AGP upgrade.
+    -->
+    <issue id="OldTargetApi" severity="ignore" />
+</lint>

From 95d16d85c84b7bc587adaa349fa58c8fa80e1503 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 13 Aug 2025 12:59:57 -0700
Subject: [PATCH 345/591] Upgrade to Netty 4.1.124.Final

This implicitly disables NettyAdaptiveCumulator (#11284), which can have a
performance impact. We delayed upgrading Netty to give time to rework
the optimization, but we've gone too long already without upgrading
which causes problems for vulnerability tracking.
---
 MODULE.bazel                                  | 24 +++++++++----------
 SECURITY.md                                   |  3 ++-
 gradle/libs.versions.toml                     |  4 ++--
 .../io/grpc/netty/NettyClientHandlerTest.java |  3 +--
 repositories.bzl                              | 24 +++++++++----------
 5 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 5a731723c33..7d49c4e4b49 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -23,20 +23,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.110.Final",
-    "io.netty:netty-codec-http2:4.1.110.Final",
-    "io.netty:netty-codec-http:4.1.110.Final",
-    "io.netty:netty-codec-socks:4.1.110.Final",
-    "io.netty:netty-codec:4.1.110.Final",
-    "io.netty:netty-common:4.1.110.Final",
-    "io.netty:netty-handler-proxy:4.1.110.Final",
-    "io.netty:netty-handler:4.1.110.Final",
-    "io.netty:netty-resolver:4.1.110.Final",
+    "io.netty:netty-buffer:4.1.124.Final",
+    "io.netty:netty-codec-http2:4.1.124.Final",
+    "io.netty:netty-codec-http:4.1.124.Final",
+    "io.netty:netty-codec-socks:4.1.124.Final",
+    "io.netty:netty-codec:4.1.124.Final",
+    "io.netty:netty-common:4.1.124.Final",
+    "io.netty:netty-handler-proxy:4.1.124.Final",
+    "io.netty:netty-handler:4.1.124.Final",
+    "io.netty:netty-resolver:4.1.124.Final",
     "io.netty:netty-tcnative-boringssl-static:2.0.70.Final",
     "io.netty:netty-tcnative-classes:2.0.70.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.110.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.110.Final",
-    "io.netty:netty-transport:4.1.110.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.124.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.124.Final",
+    "io.netty:netty-transport:4.1.124.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
diff --git a/SECURITY.md b/SECURITY.md
index 48d6e0919a1..cd02fbe3e18 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -400,7 +400,8 @@ grpc-netty version | netty-handler version | netty-tcnative-boringssl-static ver
 1.59.x             | 4.1.97.Final          | 2.0.61.Final
 1.60.x-1.66.x      | 4.1.100.Final         | 2.0.61.Final
 1.67.x-1.70.x      | 4.1.110.Final         | 2.0.65.Final
-1.71.x-            | 4.1.110.Final         | 2.0.70.Final
+1.71.x-1.74.x      | 4.1.110.Final         | 2.0.70.Final
+1.75.x-            | 4.1.124.Final         | 2.0.72.Final
 
 _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_
 
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 9407b2a8774..540657b9ddb 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,8 +1,8 @@
 [versions]
-netty = '4.1.110.Final'
+netty = '4.1.124.Final'
 # Keep the following references of tcnative version in sync whenever it's updated:
 #   SECURITY.md
-nettytcnative = '2.0.70.Final'
+nettytcnative = '2.0.72.Final'
 opencensus = "0.31.1"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index 5a2605eea5e..c5289296ed0 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -28,7 +28,6 @@
 import static io.grpc.netty.Utils.STATUS_OK;
 import static io.grpc.netty.Utils.TE_HEADER;
 import static io.grpc.netty.Utils.TE_TRAILERS;
-import static io.netty.handler.codec.http2.Http2CodecUtil.DEFAULT_PRIORITY_WEIGHT;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
@@ -276,7 +275,7 @@ public void cancelBufferedStreamShouldChangeClientStreamStatus() throws Exceptio
   public void createStreamShouldSucceed() throws Exception {
     createStream();
     verifyWrite().writeHeaders(eq(ctx()), eq(STREAM_ID), eq(grpcHeaders), eq(0),
-        eq(DEFAULT_PRIORITY_WEIGHT), eq(false), eq(0), eq(false), any(ChannelPromise.class));
+        eq(false), any(ChannelPromise.class));
   }
 
   @Test
diff --git a/repositories.bzl b/repositories.bzl
index 5a760be5a43..47609ae7671 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -27,20 +27,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.110.Final",
-    "io.netty:netty-codec-http2:4.1.110.Final",
-    "io.netty:netty-codec-http:4.1.110.Final",
-    "io.netty:netty-codec-socks:4.1.110.Final",
-    "io.netty:netty-codec:4.1.110.Final",
-    "io.netty:netty-common:4.1.110.Final",
-    "io.netty:netty-handler-proxy:4.1.110.Final",
-    "io.netty:netty-handler:4.1.110.Final",
-    "io.netty:netty-resolver:4.1.110.Final",
+    "io.netty:netty-buffer:4.1.124.Final",
+    "io.netty:netty-codec-http2:4.1.124.Final",
+    "io.netty:netty-codec-http:4.1.124.Final",
+    "io.netty:netty-codec-socks:4.1.124.Final",
+    "io.netty:netty-codec:4.1.124.Final",
+    "io.netty:netty-common:4.1.124.Final",
+    "io.netty:netty-handler-proxy:4.1.124.Final",
+    "io.netty:netty-handler:4.1.124.Final",
+    "io.netty:netty-resolver:4.1.124.Final",
     "io.netty:netty-tcnative-boringssl-static:2.0.70.Final",
     "io.netty:netty-tcnative-classes:2.0.70.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.110.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.110.Final",
-    "io.netty:netty-transport:4.1.110.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.124.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.124.Final",
+    "io.netty:netty-transport:4.1.124.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",

From 6462ef9a11980e168c21d90bbc7245c728fd1a7a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 14 Aug 2025 15:26:55 -0700
Subject: [PATCH 346/591] netty: Count sent RST_STREAMs against limit

Http2RstCounterEncoder has to be constructed before
NettyServerHandler/Http2ConnectionHandler so it must be static. Thus the
code/counters were moved into RstStreamCounter which then can be
constructed earlier and shared.

This depends on Netty 4.1.124 for a bug fix to actually call the
encoder:
https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1
---
 .../io/grpc/netty/NettyServerHandler.java     | 126 +++++++++++++-----
 .../io/grpc/netty/NettyServerHandlerTest.java |  44 ++++++
 2 files changed, 135 insertions(+), 35 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
index 668c3b5c90c..48f1aae91a1 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
@@ -60,6 +60,7 @@
 import io.netty.channel.ChannelFutureListener;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPromise;
+import io.netty.handler.codec.http2.DecoratingHttp2ConnectionEncoder;
 import io.netty.handler.codec.http2.DecoratingHttp2FrameWriter;
 import io.netty.handler.codec.http2.DefaultHttp2Connection;
 import io.netty.handler.codec.http2.DefaultHttp2ConnectionDecoder;
@@ -83,6 +84,7 @@
 import io.netty.handler.codec.http2.Http2Headers;
 import io.netty.handler.codec.http2.Http2HeadersDecoder;
 import io.netty.handler.codec.http2.Http2InboundFrameLogger;
+import io.netty.handler.codec.http2.Http2LifecycleManager;
 import io.netty.handler.codec.http2.Http2OutboundFrameLogger;
 import io.netty.handler.codec.http2.Http2Settings;
 import io.netty.handler.codec.http2.Http2Stream;
@@ -125,13 +127,11 @@ class NettyServerHandler extends AbstractNettyHandler {
   private final long keepAliveTimeoutInNanos;
   private final long maxConnectionAgeInNanos;
   private final long maxConnectionAgeGraceInNanos;
-  private final int maxRstCount;
-  private final long maxRstPeriodNanos;
+  private final RstStreamCounter rstStreamCounter;
   private final List<? extends ServerStreamTracer.Factory> streamTracerFactories;
   private final TransportTracer transportTracer;
   private final KeepAliveEnforcer keepAliveEnforcer;
   private final Attributes eagAttributes;
-  private final Ticker ticker;
   /** Incomplete attributes produced by negotiator. */
   private Attributes negotiationAttributes;
   private InternalChannelz.Security securityInfo;
@@ -149,8 +149,6 @@ class NettyServerHandler extends AbstractNettyHandler {
   private ScheduledFuture<?> maxConnectionAgeMonitor;
   @CheckForNull
   private GracefulShutdown gracefulShutdown;
-  private int rstCount;
-  private long lastRstNanoTime;
 
   static NettyServerHandler newHandler(
       ServerTransportListener transportListener,
@@ -251,6 +249,12 @@ static NettyServerHandler newHandler(
     final KeepAliveEnforcer keepAliveEnforcer = new KeepAliveEnforcer(
         permitKeepAliveWithoutCalls, permitKeepAliveTimeInNanos, TimeUnit.NANOSECONDS);
 
+    if (ticker == null) {
+      ticker = Ticker.systemTicker();
+    }
+
+    RstStreamCounter rstStreamCounter
+        = new RstStreamCounter(maxRstCount, maxRstPeriodNanos, ticker);
     // Create the local flow controller configured to auto-refill the connection window.
     connection.local().flowController(
         new DefaultHttp2LocalFlowController(connection, DEFAULT_WINDOW_UPDATE_RATIO, true));
@@ -258,6 +262,7 @@ static NettyServerHandler newHandler(
     Http2ConnectionEncoder encoder =
         new DefaultHttp2ConnectionEncoder(connection, frameWriter);
     encoder = new Http2ControlFrameLimitEncoder(encoder, 10000);
+    encoder = new Http2RstCounterEncoder(encoder, rstStreamCounter);
     Http2ConnectionDecoder decoder = new DefaultHttp2ConnectionDecoder(connection, encoder,
         frameReader);
 
@@ -266,10 +271,6 @@ static NettyServerHandler newHandler(
     settings.maxConcurrentStreams(maxStreams);
     settings.maxHeaderListSize(maxHeaderListSize);
 
-    if (ticker == null) {
-      ticker = Ticker.systemTicker();
-    }
-
     return new NettyServerHandler(
         channelUnused,
         connection,
@@ -286,8 +287,7 @@ static NettyServerHandler newHandler(
         maxConnectionAgeInNanos, maxConnectionAgeGraceInNanos,
         keepAliveEnforcer,
         autoFlowControl,
-        maxRstCount,
-        maxRstPeriodNanos,
+        rstStreamCounter,
         eagAttributes, ticker);
   }
 
@@ -310,8 +310,7 @@ private NettyServerHandler(
       long maxConnectionAgeGraceInNanos,
       final KeepAliveEnforcer keepAliveEnforcer,
       boolean autoFlowControl,
-      int maxRstCount,
-      long maxRstPeriodNanos,
+      RstStreamCounter rstStreamCounter,
       Attributes eagAttributes,
       Ticker ticker) {
     super(
@@ -363,12 +362,9 @@ public void onStreamClosed(Http2Stream stream) {
     this.maxConnectionAgeInNanos = maxConnectionAgeInNanos;
     this.maxConnectionAgeGraceInNanos = maxConnectionAgeGraceInNanos;
     this.keepAliveEnforcer = checkNotNull(keepAliveEnforcer, "keepAliveEnforcer");
-    this.maxRstCount = maxRstCount;
-    this.maxRstPeriodNanos = maxRstPeriodNanos;
+    this.rstStreamCounter = rstStreamCounter;
     this.eagAttributes = checkNotNull(eagAttributes, "eagAttributes");
-    this.ticker = checkNotNull(ticker, "ticker");
 
-    this.lastRstNanoTime = ticker.read();
     streamKey = encoder.connection().newKey();
     this.transportListener = checkNotNull(transportListener, "transportListener");
     this.streamTracerFactories = checkNotNull(streamTracerFactories, "streamTracerFactories");
@@ -575,24 +571,9 @@ private void onDataRead(int streamId, ByteBuf data, int padding, boolean endOfSt
   }
 
   private void onRstStreamRead(int streamId, long errorCode) throws Http2Exception {
-    if (maxRstCount > 0) {
-      long now = ticker.read();
-      if (now - lastRstNanoTime > maxRstPeriodNanos) {
-        lastRstNanoTime = now;
-        rstCount = 1;
-      } else {
-        rstCount++;
-        if (rstCount > maxRstCount) {
-          throw new Http2Exception(Http2Error.ENHANCE_YOUR_CALM, "too_many_rststreams") {
-            @SuppressWarnings("UnsynchronizedOverridesSynchronized") // No memory accesses
-            @Override
-            public Throwable fillInStackTrace() {
-              // Avoid the CPU cycles, since the resets may be a CPU consumption attack
-              return this;
-            }
-          };
-        }
-      }
+    Http2Exception tooManyRstStream = rstStreamCounter.countRstStream();
+    if (tooManyRstStream != null) {
+      throw tooManyRstStream;
     }
 
     try {
@@ -1180,6 +1161,81 @@ public ChannelFuture writeHeaders(ChannelHandlerContext ctx, int streamId, Http2
     }
   }
 
+  private static final class Http2RstCounterEncoder extends DecoratingHttp2ConnectionEncoder {
+    private final RstStreamCounter rstStreamCounter;
+    private Http2LifecycleManager lifecycleManager;
+
+    Http2RstCounterEncoder(Http2ConnectionEncoder encoder, RstStreamCounter rstStreamCounter) {
+      super(encoder);
+      this.rstStreamCounter = rstStreamCounter;
+    }
+
+    @Override
+    public void lifecycleManager(Http2LifecycleManager lifecycleManager) {
+      this.lifecycleManager = lifecycleManager;
+      super.lifecycleManager(lifecycleManager);
+    }
+
+    @Override
+    public ChannelFuture writeRstStream(
+        ChannelHandlerContext ctx, int streamId, long errorCode, ChannelPromise promise) {
+      ChannelFuture future = super.writeRstStream(ctx, streamId, errorCode, promise);
+      // We want to count "induced" RST_STREAM, where the server sent a reset because of a malformed
+      // frame.
+      boolean normalRst
+          = errorCode == Http2Error.NO_ERROR.code() || errorCode == Http2Error.CANCEL.code();
+      if (!normalRst) {
+        Http2Exception tooManyRstStream = rstStreamCounter.countRstStream();
+        if (tooManyRstStream != null) {
+          lifecycleManager.onError(ctx, true, tooManyRstStream);
+          ctx.close();
+        }
+      }
+      return future;
+    }
+  }
+
+  private static final class RstStreamCounter {
+    private final int maxRstCount;
+    private final long maxRstPeriodNanos;
+    private final Ticker ticker;
+    private int rstCount;
+    private long lastRstNanoTime;
+
+    RstStreamCounter(int maxRstCount, long maxRstPeriodNanos, Ticker ticker) {
+      checkArgument(maxRstCount >= 0, "maxRstCount must be non-negative: %s", maxRstCount);
+      this.maxRstCount = maxRstCount;
+      this.maxRstPeriodNanos = maxRstPeriodNanos;
+      this.ticker = checkNotNull(ticker, "ticker");
+      this.lastRstNanoTime = ticker.read();
+    }
+
+    /** Returns non-{@code null} when the connection should be killed by the caller. */
+    private Http2Exception countRstStream() {
+      if (maxRstCount == 0) {
+        return null;
+      }
+      long now = ticker.read();
+      if (now - lastRstNanoTime > maxRstPeriodNanos) {
+        lastRstNanoTime = now;
+        rstCount = 1;
+      } else {
+        rstCount++;
+        if (rstCount > maxRstCount) {
+          return new Http2Exception(Http2Error.ENHANCE_YOUR_CALM, "too_many_rststreams") {
+            @SuppressWarnings("UnsynchronizedOverridesSynchronized") // No memory accesses
+            @Override
+            public Throwable fillInStackTrace() {
+              // Avoid the CPU cycles, since the resets may be a CPU consumption attack
+              return this;
+            }
+          };
+        }
+      }
+      return null;
+    }
+  }
+
   private static class ServerChannelLogger extends ChannelLogger {
     private static final Logger log = Logger.getLogger(ChannelLogger.class.getName());
 
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
index 54c1375eef2..28217937adc 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
@@ -1304,6 +1304,8 @@ public void maxRstCount_exceedsLimit_fails() throws Exception {
   }
 
   private void rapidReset(int burstSize) throws Exception {
+    when(streamTracerFactory.newServerStreamTracer(anyString(), any(Metadata.class)))
+        .thenAnswer((args) -> new TestServerStreamTracer());
     Http2Headers headers = new DefaultHttp2Headers()
         .method(HTTP_METHOD)
         .set(CONTENT_TYPE_HEADER, new AsciiString("application/grpc", UTF_8))
@@ -1323,6 +1325,48 @@ private void rapidReset(int burstSize) throws Exception {
     }
   }
 
+  @Test
+  public void maxRstCountSent_withinLimit_succeeds() throws Exception {
+    maxRstCount = 10;
+    maxRstPeriodNanos = TimeUnit.MILLISECONDS.toNanos(100);
+    manualSetUp();
+    madeYouReset(maxRstCount);
+
+    assertTrue(channel().isOpen());
+  }
+
+  @Test
+  public void maxRstCountSent_exceedsLimit_fails() throws Exception {
+    maxRstCount = 10;
+    maxRstPeriodNanos = TimeUnit.MILLISECONDS.toNanos(100);
+    manualSetUp();
+    assertThrows(ClosedChannelException.class, () -> madeYouReset(maxRstCount + 1));
+
+    assertFalse(channel().isOpen());
+  }
+
+  private void madeYouReset(int burstSize) throws Exception {
+    when(streamTracerFactory.newServerStreamTracer(anyString(), any(Metadata.class)))
+        .thenAnswer((args) -> new TestServerStreamTracer());
+    Http2Headers headers = new DefaultHttp2Headers()
+        .method(HTTP_METHOD)
+        .set(CONTENT_TYPE_HEADER, new AsciiString("application/grpc", UTF_8))
+        .set(TE_HEADER, TE_TRAILERS)
+        .path(new AsciiString("/foo/bar"));
+    int streamId = 1;
+    long rpcTimeNanos = maxRstPeriodNanos / 2 / burstSize;
+    for (int period = 0; period < 3; period++) {
+      for (int i = 0; i < burstSize; i++) {
+        channelRead(headersFrame(streamId, headers));
+        channelRead(windowUpdate(streamId, 0));
+        streamId += 2;
+        fakeClock().forwardNanos(rpcTimeNanos);
+      }
+      while (channel().readOutbound() != null) {}
+      fakeClock().forwardNanos(maxRstPeriodNanos - rpcTimeNanos * burstSize + 1);
+    }
+  }
+
   private void createStream() throws Exception {
     Http2Headers headers = new DefaultHttp2Headers()
         .method(HTTP_METHOD)

From 437e03dc98d98f6a2875daf8ac40b00de9002612 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 19 Aug 2025 00:23:47 -0700
Subject: [PATCH 347/591] xds: Avoid PriorityLb re-enabling timer on duplicate
 CONNECTING (#12289)

Since c4256add4 we no longer fabricate a TRANSIENT_FAILURE update from
children. However, previously that would have set
seenReadyOrIdleSinceTransientFailure = false and prevented future timer
creation. If a LB policy gives extraneous updates with state CONNECTING,
then it was possible to re-create failOverTimer which would then wait
the 10 seconds for the child to finish CONNECTING. We only want to give
the child one opportunity after transitioning out of READY/IDLE.

https://github.com/grpc/proposal/pull/509
---
 .../io/grpc/xds/PriorityLoadBalancer.java     |  3 +-
 .../io/grpc/xds/PriorityLoadBalancerTest.java | 51 +++++++++++++++++++
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java b/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
index c72cef9f637..6e4566de76d 100644
--- a/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/PriorityLoadBalancer.java
@@ -320,13 +320,14 @@ public void updateBalancingState(final ConnectivityState newState,
         if (!children.containsKey(priority)) {
           return;
         }
+        ConnectivityState oldState = connectivityState;
         connectivityState = newState;
         picker = newPicker;
 
         if (deletionTimer != null && deletionTimer.isPending()) {
           return;
         }
-        if (newState.equals(CONNECTING)) {
+        if (newState.equals(CONNECTING) && !oldState.equals(newState)) {
           if (!failOverTimer.isPending() && seenReadyOrIdleSinceTransientFailure) {
             failOverTimer = syncContext.schedule(new FailOverTask(), 10, TimeUnit.SECONDS,
                 executor);
diff --git a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
index ab4c00398f0..beb568be9ce 100644
--- a/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/PriorityLoadBalancerTest.java
@@ -28,6 +28,7 @@
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.clearInvocations;
 import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
@@ -70,6 +71,7 @@
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
+import org.mockito.InOrder;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
@@ -554,6 +556,55 @@ public void connectingResetFailOverIfSeenReadyOrIdleSinceTransientFailure() {
     assertThat(fooHelpers).hasSize(2);
   }
 
+  @Test
+  public void failoverTimerNotRestartedOnDupConnecting() {
+    InOrder inOrder = inOrder(helper);
+    PriorityChildConfig priorityChildConfig0 =
+        new PriorityChildConfig(newChildConfig(fooLbProvider, new Object()), true);
+    PriorityChildConfig priorityChildConfig1 =
+        new PriorityChildConfig(newChildConfig(fooLbProvider, new Object()), true);
+    PriorityLbConfig priorityLbConfig =
+        new PriorityLbConfig(
+            ImmutableMap.of("p0", priorityChildConfig0, "p1", priorityChildConfig1),
+            ImmutableList.of("p0", "p1"));
+    priorityLb.acceptResolvedAddresses(
+        ResolvedAddresses.newBuilder()
+            .setAddresses(ImmutableList.<EquivalentAddressGroup>of())
+            .setLoadBalancingPolicyConfig(priorityLbConfig)
+            .build());
+    // Nothing important about this verify, other than to provide a baseline
+    inOrder.verify(helper)
+        .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
+    assertThat(fooBalancers).hasSize(1);
+    assertThat(fooHelpers).hasSize(1);
+    Helper helper0 = Iterables.getOnlyElement(fooHelpers);
+
+    // Cause seenReadyOrIdleSinceTransientFailure = true
+    helper0.updateBalancingState(IDLE, EMPTY_PICKER);
+    inOrder.verify(helper)
+        .updateBalancingState(eq(IDLE), pickerReturns(PickResult.withNoResult()));
+    helper0.updateBalancingState(CONNECTING, EMPTY_PICKER);
+
+    // p0 keeps repeating CONNECTING, failover happens
+    fakeClock.forwardTime(5, TimeUnit.SECONDS);
+    helper0.updateBalancingState(CONNECTING, EMPTY_PICKER);
+    fakeClock.forwardTime(5, TimeUnit.SECONDS);
+    assertThat(fooBalancers).hasSize(2);
+    assertThat(fooHelpers).hasSize(2);
+    inOrder.verify(helper, times(2))
+        .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
+    Helper helper1 = Iterables.getLast(fooHelpers);
+
+    // p0 keeps repeating CONNECTING, no reset of failover timer
+    helper1.updateBalancingState(IDLE, EMPTY_PICKER); // Stop timer for p1
+    inOrder.verify(helper)
+        .updateBalancingState(eq(IDLE), pickerReturns(PickResult.withNoResult()));
+    helper0.updateBalancingState(CONNECTING, EMPTY_PICKER);
+    fakeClock.forwardTime(10, TimeUnit.SECONDS);
+    inOrder.verify(helper, never())
+        .updateBalancingState(eq(CONNECTING), any());
+  }
+
   @Test
   public void readyToConnectDoesNotFailOverButUpdatesPicker() {
     PriorityChildConfig priorityChildConfig0 =

From 43bef65cf90517a4aa5a35f5e3cec0863f624edc Mon Sep 17 00:00:00 2001
From: Jiri Kaplan <jiri.kaplan@email.cz>
Date: Mon, 28 Jul 2025 16:16:33 +0200
Subject: [PATCH 348/591] netty: Support BCJSSE provider in GrpcSslContexts

---
 netty/src/main/java/io/grpc/netty/GrpcSslContexts.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java b/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java
index 04a290165d7..f1f2c8aed71 100644
--- a/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java
+++ b/netty/src/main/java/io/grpc/netty/GrpcSslContexts.java
@@ -84,6 +84,7 @@ private GrpcSslContexts() {}
   private static final String SUN_PROVIDER_NAME = "SunJSSE";
   private static final String IBM_PROVIDER_NAME = "IBMJSSE2";
   private static final String OPENJSSE_PROVIDER_NAME = "OpenJSSE";
+  private static final String BCJSSE_PROVIDER_NAME = "BCJSSE";
 
   /**
    * Creates an SslContextBuilder with ciphers and APN appropriate for gRPC.
@@ -199,7 +200,8 @@ public static SslContextBuilder configure(SslContextBuilder builder, Provider jd
             jdkProvider.getName() + " selected, but Java 9+ and Jetty NPN/ALPN unavailable");
       }
     } else if (IBM_PROVIDER_NAME.equals(jdkProvider.getName())
-        || OPENJSSE_PROVIDER_NAME.equals(jdkProvider.getName())) {
+        || OPENJSSE_PROVIDER_NAME.equals(jdkProvider.getName())
+        || BCJSSE_PROVIDER_NAME.equals(jdkProvider.getName())) {
       if (JettyTlsUtil.isJava9AlpnAvailable()) {
         apc = ALPN;
       } else {
@@ -255,7 +257,8 @@ private static Provider findJdkProvider() {
           return provider;
         }
       } else if (IBM_PROVIDER_NAME.equals(provider.getName())
-          || OPENJSSE_PROVIDER_NAME.equals(provider.getName())) {
+          || OPENJSSE_PROVIDER_NAME.equals(provider.getName())
+          || BCJSSE_PROVIDER_NAME.equals(provider.getName())) {
         if (JettyTlsUtil.isJava9AlpnAvailable()) {
           return provider;
         }

From 2039266ebc904866523c3151575b530481c0bed6 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 19 Aug 2025 21:41:52 +0530
Subject: [PATCH 349/591] xds: xdsClient caches transient error for new
 watchers (#12262)

---
 .../io/grpc/xds/client/XdsClientImpl.java     | 10 ++++++++++
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 20 +++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index d3384cbbe4e..4c6823f844a 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -676,6 +676,8 @@ private final class ResourceSubscriber<T extends ResourceUpdate> {
     private ResourceMetadata metadata;
     @Nullable
     private String errorDescription;
+    @Nullable
+    private Status lastError;
 
     ResourceSubscriber(XdsResourceType<T> type, String resource) {
       syncContext.throwIfNotInThisSynchronizationContext();
@@ -712,11 +714,16 @@ void addWatcher(ResourceWatcher<T> watcher, Executor watcherExecutor) {
       watchers.put(watcher, watcherExecutor);
       T savedData = data;
       boolean savedAbsent = absent;
+      Status savedError = lastError;
       watcherExecutor.execute(() -> {
         if (errorDescription != null) {
           watcher.onError(Status.INVALID_ARGUMENT.withDescription(errorDescription));
           return;
         }
+        if (savedError != null) {
+          watcher.onError(savedError);
+          return;
+        }
         if (savedData != null) {
           notifyWatcher(watcher, savedData);
         } else if (savedAbsent) {
@@ -808,6 +815,7 @@ void onData(ParsedResource<T> parsedResource, String version, long updateTime,
       this.metadata = ResourceMetadata
           .newResourceMetadataAcked(parsedResource.getRawResource(), version, updateTime);
       absent = false;
+      lastError = null;
       if (resourceDeletionIgnored) {
         logger.log(XdsLogLevel.FORCE_INFO, "xds server {0}: server returned new version "
                 + "of resource for which we previously ignored a deletion: type {1} name {2}",
@@ -857,6 +865,7 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
       if (!absent) {
         data = null;
         absent = true;
+        lastError = null;
         metadata = serverInfo.resourceTimerIsTransientError()
             ? ResourceMetadata.newResourceMetadataTimeout()
             : ResourceMetadata.newResourceMetadataDoesNotExist();
@@ -894,6 +903,7 @@ void onError(Status error, @Nullable ProcessingTracker tracker) {
       Status errorAugmented = Status.fromCode(error.getCode())
           .withDescription(description + "nodeID: " + bootstrapInfo.node().getId())
           .withCause(error.getCause());
+      this.lastError = errorAugmented;
 
       for (ResourceWatcher<T> watcher : watchers.keySet()) {
         if (tracker != null) {
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 89668485b96..19266b0d289 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -285,6 +285,8 @@ public long currentTimeNanos() {
   @Mock
   private ResourceWatcher<LdsUpdate> ldsResourceWatcher;
   @Mock
+  private ResourceWatcher<LdsUpdate> ldsResourceWatcher2;
+  @Mock
   private ResourceWatcher<RdsUpdate> rdsResourceWatcher;
   @Mock
   private ResourceWatcher<CdsUpdate> cdsResourceWatcher;
@@ -694,6 +696,24 @@ public void ldsResourceUpdated_withXdstpResourceName_withUnknownAuthority() {
     assertThat(resourceDiscoveryCalls.poll()).isNull();
   }
 
+  @Test
+  public void ldsResource_onError_cachedForNewWatcher() {
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE,
+        ldsResourceWatcher);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    call.sendCompleted();
+    verify(ldsResourceWatcher).onError(errorCaptor.capture());
+    Status initialError = errorCaptor.getValue();
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE,
+        ldsResourceWatcher2);
+    ArgumentCaptor<Status> secondErrorCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(ldsResourceWatcher2).onError(secondErrorCaptor.capture());
+    Status cachedError = secondErrorCaptor.getValue();
+
+    assertThat(cachedError).isEqualTo(initialError);
+    assertThat(resourceDiscoveryCalls.poll()).isNull();
+  }
+
   @Test
   public void ldsResponseErrorHandling_allResourcesFailedUnpack() {
     DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,

From afdbecb235a4e7d88524e0c4532bfe1a7c097676 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 21 Aug 2025 16:08:58 -0700
Subject: [PATCH 350/591] binder: Move BinderTransport's inner classes to the
 top level (#12303)

BinderTransport.java was getting too long and deeply nested.

This is a pure refactor with no behavior changes.
---
 .../internal/BinderClientTransportTest.java   |   7 +-
 .../binder/internal/BinderTransportTest.java  |   3 +-
 .../internal/ActiveTransportTracker.java      |   4 +-
 .../internal/BinderClientTransport.java       | 441 +++++++++++++++
 .../BinderClientTransportFactory.java         |   4 +-
 .../io/grpc/binder/internal/BinderServer.java |   4 +-
 .../internal/BinderServerTransport.java       | 126 +++++
 .../grpc/binder/internal/BinderTransport.java | 513 +-----------------
 .../java/io/grpc/binder/internal/Inbound.java |   5 +-
 .../internal/BinderServerTransportTest.java   |   4 +-
 .../BinderClientTransportBuilder.java         |   6 +-
 11 files changed, 587 insertions(+), 530 deletions(-)
 create mode 100644 binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
 create mode 100644 binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java

diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
index fe2fd587453..0038a054854 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
@@ -100,7 +100,7 @@ public final class BinderClientTransportTest {
           .build();
 
   AndroidComponentAddress serverAddress;
-  BinderTransport.BinderClientTransport transport;
+  BinderClientTransport transport;
   BlockingSecurityPolicy blockingSecurityPolicy = new BlockingSecurityPolicy();
 
   private final ObjectPool<ScheduledExecutorService> executorServicePool =
@@ -178,7 +178,7 @@ public BinderClientTransportBuilder setPreAuthorizeServer(boolean preAuthorizeSe
       return this;
     }
 
-    public BinderTransport.BinderClientTransport build() {
+    public BinderClientTransport build() {
       return factoryBuilder
           .buildClientTransportFactory()
           .newClientTransport(serverAddress, new ClientTransportOptions(), null);
@@ -502,8 +502,7 @@ public void testAsyncSecurityPolicyCancelledUponExternalTermination() throws Exc
   }
 
   private static void startAndAwaitReady(
-      BinderTransport.BinderClientTransport transport, TestTransportListener transportListener)
-      throws Exception {
+      BinderClientTransport transport, TestTransportListener transportListener) throws Exception {
     transport.start(transportListener).run();
     transportListener.awaitReady();
   }
diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderTransportTest.java
index fc9a383d572..7932cabde89 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderTransportTest.java
@@ -106,8 +106,7 @@ protected ManagedClientTransport newClientTransport(InternalServer server) {
     options.setEagAttributes(eagAttrs());
     options.setChannelLogger(transportLogger());
 
-    return new BinderTransport.BinderClientTransport(
-        builder.buildClientTransportFactory(), addr, options);
+    return new BinderClientTransport(builder.buildClientTransportFactory(), addr, options);
   }
 
   @Test
diff --git a/binder/src/main/java/io/grpc/binder/internal/ActiveTransportTracker.java b/binder/src/main/java/io/grpc/binder/internal/ActiveTransportTracker.java
index 2bfa9fea4cb..01505bfd509 100644
--- a/binder/src/main/java/io/grpc/binder/internal/ActiveTransportTracker.java
+++ b/binder/src/main/java/io/grpc/binder/internal/ActiveTransportTracker.java
@@ -11,8 +11,8 @@
 import io.grpc.internal.ServerTransportListener;
 
 /**
- * Tracks which {@link BinderTransport.BinderServerTransport} are currently active and allows
- * invoking a {@link Runnable} only once all transports are terminated.
+ * Tracks which {@link BinderServerTransport} are currently active and allows invoking a {@link
+ * Runnable} only once all transports are terminated.
  */
 final class ActiveTransportTracker implements ServerListener {
   private final ServerListener delegate;
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
new file mode 100644
index 00000000000..95bd531aa41
--- /dev/null
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -0,0 +1,441 @@
+/*
+ * Copyright 2020 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.grpc.binder.internal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.binder.ApiConstants.PRE_AUTH_SERVER_OVERRIDE;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+
+import android.content.Context;
+import android.content.pm.ServiceInfo;
+import android.os.Binder;
+import android.os.IBinder;
+import android.os.Parcel;
+import android.os.Process;
+import com.google.common.base.Ticker;
+import com.google.common.util.concurrent.FutureCallback;
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
+import com.google.errorprone.annotations.CheckReturnValue;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
+import io.grpc.Attributes;
+import io.grpc.CallOptions;
+import io.grpc.ClientStreamTracer;
+import io.grpc.Grpc;
+import io.grpc.Internal;
+import io.grpc.InternalLogId;
+import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
+import io.grpc.SecurityLevel;
+import io.grpc.Status;
+import io.grpc.StatusException;
+import io.grpc.binder.AndroidComponentAddress;
+import io.grpc.binder.AsyncSecurityPolicy;
+import io.grpc.binder.InboundParcelablePolicy;
+import io.grpc.binder.SecurityPolicy;
+import io.grpc.internal.ClientStream;
+import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
+import io.grpc.internal.ConnectionClientTransport;
+import io.grpc.internal.FailingClientStream;
+import io.grpc.internal.GrpcAttributes;
+import io.grpc.internal.GrpcUtil;
+import io.grpc.internal.ManagedClientTransport;
+import io.grpc.internal.ObjectPool;
+import io.grpc.internal.StatsTraceContext;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.atomic.AtomicInteger;
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.ThreadSafe;
+
+/** Concrete client-side transport implementation. */
+@ThreadSafe
+@Internal
+public final class BinderClientTransport extends BinderTransport
+    implements ConnectionClientTransport, Bindable.Observer {
+
+  private final ObjectPool<? extends Executor> offloadExecutorPool;
+  private final Executor offloadExecutor;
+  private final SecurityPolicy securityPolicy;
+  private final Bindable serviceBinding;
+
+  /** Number of ongoing calls which keep this transport "in-use". */
+  private final AtomicInteger numInUseStreams;
+
+  private final long readyTimeoutMillis;
+  private final PingTracker pingTracker;
+  private final boolean preAuthorizeServer;
+
+  @Nullable private ManagedClientTransport.Listener clientTransportListener;
+
+  @GuardedBy("this")
+  private int latestCallId = FIRST_CALL_ID;
+
+  @GuardedBy("this")
+  private ScheduledFuture<?> readyTimeoutFuture; // != null iff timeout scheduled.
+
+  @GuardedBy("this")
+  @Nullable
+  private ListenableFuture<Status> authResultFuture; // null before we check auth.
+
+  @GuardedBy("this")
+  @Nullable
+  private ListenableFuture<Status> preAuthResultFuture; // null before we pre-auth.
+
+  /**
+   * Constructs a new transport instance.
+   *
+   * @param factory parameters common to all a Channel's transports
+   * @param targetAddress the fully resolved and load-balanced server address
+   * @param options other parameters that can vary as transports come and go within a Channel
+   */
+  public BinderClientTransport(
+      BinderClientTransportFactory factory,
+      AndroidComponentAddress targetAddress,
+      ClientTransportOptions options) {
+    super(
+        factory.scheduledExecutorPool,
+        buildClientAttributes(
+            options.getEagAttributes(),
+            factory.sourceContext,
+            targetAddress,
+            factory.inboundParcelablePolicy),
+        factory.binderDecorator,
+        buildLogId(factory.sourceContext, targetAddress));
+    this.offloadExecutorPool = factory.offloadExecutorPool;
+    this.securityPolicy = factory.securityPolicy;
+    this.offloadExecutor = offloadExecutorPool.getObject();
+    this.readyTimeoutMillis = factory.readyTimeoutMillis;
+    Boolean preAuthServerOverride = options.getEagAttributes().get(PRE_AUTH_SERVER_OVERRIDE);
+    this.preAuthorizeServer =
+        preAuthServerOverride != null ? preAuthServerOverride : factory.preAuthorizeServers;
+    numInUseStreams = new AtomicInteger();
+    pingTracker = new PingTracker(Ticker.systemTicker(), (id) -> sendPing(id));
+
+    serviceBinding =
+        new ServiceBinding(
+            factory.mainThreadExecutor,
+            factory.sourceContext,
+            factory.channelCredentials,
+            targetAddress.asBindIntent(),
+            targetAddress.getTargetUser() != null
+                ? targetAddress.getTargetUser()
+                : factory.defaultTargetUserHandle,
+            factory.bindServiceFlags.toInteger(),
+            this);
+  }
+
+  @Override
+  void releaseExecutors() {
+    super.releaseExecutors();
+    offloadExecutorPool.returnObject(offloadExecutor);
+  }
+
+  @Override
+  public synchronized void onBound(IBinder binder) {
+    sendSetupTransaction(binderDecorator.decorate(OneWayBinderProxy.wrap(binder, offloadExecutor)));
+  }
+
+  @Override
+  public synchronized void onUnbound(Status reason) {
+    shutdownInternal(reason, true);
+  }
+
+  @CheckReturnValue
+  @Override
+  public synchronized Runnable start(Listener clientTransportListener) {
+    this.clientTransportListener = checkNotNull(clientTransportListener);
+    return () -> {
+      synchronized (BinderClientTransport.this) {
+        if (inState(TransportState.NOT_STARTED)) {
+          setState(TransportState.SETUP);
+          try {
+            if (preAuthorizeServer) {
+              preAuthorize(serviceBinding.resolve());
+            } else {
+              serviceBinding.bind();
+            }
+          } catch (StatusException e) {
+            shutdownInternal(e.getStatus(), true);
+            return;
+          }
+          if (readyTimeoutMillis >= 0) {
+            readyTimeoutFuture =
+                getScheduledExecutorService()
+                    .schedule(
+                        BinderClientTransport.this::onReadyTimeout,
+                        readyTimeoutMillis,
+                        MILLISECONDS);
+          }
+        }
+      }
+    };
+  }
+
+  @GuardedBy("this")
+  private void preAuthorize(ServiceInfo serviceInfo) {
+    // It's unlikely, but the identity/existence of this Service could change by the time we
+    // actually connect. It doesn't matter though, because:
+    // - If pre-auth fails (but would succeed against the server's new state), the grpc-core layer
+    // will eventually retry using a new transport instance that will see the Service's new state.
+    // - If pre-auth succeeds (but would fail against the server's new state), we might give an
+    // unauthorized server a chance to run, but the connection will still fail by SecurityPolicy
+    // check later in handshake. Pre-auth remains effective at mitigating abuse because malware
+    // can't typically control the exact timing of its installation.
+    preAuthResultFuture = checkServerAuthorizationAsync(serviceInfo.applicationInfo.uid);
+    Futures.addCallback(
+        preAuthResultFuture,
+        new FutureCallback<Status>() {
+          @Override
+          public void onSuccess(Status result) {
+            handlePreAuthResult(result);
+          }
+
+          @Override
+          public void onFailure(Throwable t) {
+            handleAuthResult(t);
+          }
+        },
+        offloadExecutor);
+  }
+
+  private synchronized void handlePreAuthResult(Status authorization) {
+    if (inState(TransportState.SETUP)) {
+      if (!authorization.isOk()) {
+        shutdownInternal(authorization, true);
+      } else {
+        serviceBinding.bind();
+      }
+    }
+  }
+
+  private synchronized void onReadyTimeout() {
+    if (inState(TransportState.SETUP)) {
+      readyTimeoutFuture = null;
+      shutdownInternal(
+          Status.DEADLINE_EXCEEDED.withDescription(
+              "Connect timeout " + readyTimeoutMillis + "ms lapsed"),
+          true);
+    }
+  }
+
+  @Override
+  public synchronized ClientStream newStream(
+      final MethodDescriptor<?, ?> method,
+      final Metadata headers,
+      final CallOptions callOptions,
+      ClientStreamTracer[] tracers) {
+    if (!inState(TransportState.READY)) {
+      return newFailingClientStream(
+          isShutdown()
+              ? shutdownStatus
+              : Status.INTERNAL.withDescription("newStream() before transportReady()"),
+          attributes,
+          headers,
+          tracers);
+    }
+
+    int callId = latestCallId++;
+    if (latestCallId == LAST_CALL_ID) {
+      latestCallId = FIRST_CALL_ID;
+    }
+    StatsTraceContext statsTraceContext =
+        StatsTraceContext.newClientContext(tracers, attributes, headers);
+    Inbound.ClientInbound inbound =
+        new Inbound.ClientInbound(
+            this, attributes, callId, GrpcUtil.shouldBeCountedForInUse(callOptions));
+    if (ongoingCalls.putIfAbsent(callId, inbound) != null) {
+      Status failure = Status.INTERNAL.withDescription("Clashing call IDs");
+      shutdownInternal(failure, true);
+      return newFailingClientStream(failure, attributes, headers, tracers);
+    } else {
+      if (inbound.countsForInUse() && numInUseStreams.getAndIncrement() == 0) {
+        clientTransportListener.transportInUse(true);
+      }
+      Outbound.ClientOutbound outbound =
+          new Outbound.ClientOutbound(this, callId, method, headers, statsTraceContext);
+      if (method.getType().clientSendsOneMessage()) {
+        return new SingleMessageClientStream(inbound, outbound, attributes);
+      } else {
+        return new MultiMessageClientStream(inbound, outbound, attributes);
+      }
+    }
+  }
+
+  @Override
+  protected void unregisterInbound(Inbound<?> inbound) {
+    if (inbound.countsForInUse() && numInUseStreams.decrementAndGet() == 0) {
+      clientTransportListener.transportInUse(false);
+    }
+    super.unregisterInbound(inbound);
+  }
+
+  @Override
+  public void ping(final PingCallback callback, Executor executor) {
+    pingTracker.startPing(callback, executor);
+  }
+
+  @Override
+  public synchronized void shutdown(Status reason) {
+    checkNotNull(reason, "reason");
+    shutdownInternal(reason, false);
+  }
+
+  @Override
+  public synchronized void shutdownNow(Status reason) {
+    checkNotNull(reason, "reason");
+    shutdownInternal(reason, true);
+  }
+
+  @Override
+  @GuardedBy("this")
+  void notifyShutdown(Status status) {
+    clientTransportListener.transportShutdown(status);
+  }
+
+  @Override
+  @GuardedBy("this")
+  void notifyTerminated() {
+    if (numInUseStreams.getAndSet(0) > 0) {
+      clientTransportListener.transportInUse(false);
+    }
+    if (readyTimeoutFuture != null) {
+      readyTimeoutFuture.cancel(false);
+      readyTimeoutFuture = null;
+    }
+    if (preAuthResultFuture != null) {
+      preAuthResultFuture.cancel(false); // No effect if already complete.
+    }
+    if (authResultFuture != null) {
+      authResultFuture.cancel(false); // No effect if already complete.
+    }
+    serviceBinding.unbind();
+    clientTransportListener.transportTerminated();
+  }
+
+  @Override
+  @GuardedBy("this")
+  protected void handleSetupTransport(Parcel parcel) {
+    int remoteUid = Binder.getCallingUid();
+    attributes = setSecurityAttrs(attributes, remoteUid);
+    if (inState(TransportState.SETUP)) {
+      int version = parcel.readInt();
+      IBinder binder = parcel.readStrongBinder();
+      if (version != WIRE_FORMAT_VERSION) {
+        shutdownInternal(Status.UNAVAILABLE.withDescription("Wire format version mismatch"), true);
+      } else if (binder == null) {
+        shutdownInternal(
+            Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
+      } else {
+        authResultFuture = checkServerAuthorizationAsync(remoteUid);
+        Futures.addCallback(
+            authResultFuture,
+            new FutureCallback<Status>() {
+              @Override
+              public void onSuccess(Status result) {
+                handleAuthResult(binder, result);
+              }
+
+              @Override
+              public void onFailure(Throwable t) {
+                handleAuthResult(t);
+              }
+            },
+            offloadExecutor);
+      }
+    }
+  }
+
+  private ListenableFuture<Status> checkServerAuthorizationAsync(int remoteUid) {
+    return (securityPolicy instanceof AsyncSecurityPolicy)
+        ? ((AsyncSecurityPolicy) securityPolicy).checkAuthorizationAsync(remoteUid)
+        : Futures.submit(() -> securityPolicy.checkAuthorization(remoteUid), offloadExecutor);
+  }
+
+  private synchronized void handleAuthResult(IBinder binder, Status authorization) {
+    if (inState(TransportState.SETUP)) {
+      if (!authorization.isOk()) {
+        shutdownInternal(authorization, true);
+      } else if (!setOutgoingBinder(OneWayBinderProxy.wrap(binder, offloadExecutor))) {
+        shutdownInternal(
+            Status.UNAVAILABLE.withDescription("Failed to observe outgoing binder"), true);
+      } else {
+        // Check state again, since a failure inside setOutgoingBinder (or a callback it
+        // triggers), could have shut us down.
+        if (!isShutdown()) {
+          setState(TransportState.READY);
+          attributes = clientTransportListener.filterTransport(attributes);
+          clientTransportListener.transportReady();
+          if (readyTimeoutFuture != null) {
+            readyTimeoutFuture.cancel(false);
+            readyTimeoutFuture = null;
+          }
+        }
+      }
+    }
+  }
+
+  private synchronized void handleAuthResult(Throwable t) {
+    shutdownInternal(
+        Status.INTERNAL.withDescription("Could not evaluate SecurityPolicy").withCause(t), true);
+  }
+
+  @GuardedBy("this")
+  @Override
+  protected void handlePingResponse(Parcel parcel) {
+    pingTracker.onPingResponse(parcel.readInt());
+  }
+
+  private static ClientStream newFailingClientStream(
+      Status failure, Attributes attributes, Metadata headers, ClientStreamTracer[] tracers) {
+    StatsTraceContext statsTraceContext =
+        StatsTraceContext.newClientContext(tracers, attributes, headers);
+    statsTraceContext.clientOutboundHeaders();
+    return new FailingClientStream(failure, tracers);
+  }
+
+  private static InternalLogId buildLogId(
+      Context sourceContext, AndroidComponentAddress targetAddress) {
+    return InternalLogId.allocate(
+        BinderClientTransport.class,
+        sourceContext.getClass().getSimpleName() + "->" + targetAddress);
+  }
+
+  private static Attributes buildClientAttributes(
+      Attributes eagAttrs,
+      Context sourceContext,
+      AndroidComponentAddress targetAddress,
+      InboundParcelablePolicy inboundParcelablePolicy) {
+    return Attributes.newBuilder()
+        .set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.NONE) // Trust noone for now.
+        .set(GrpcAttributes.ATTR_CLIENT_EAG_ATTRS, eagAttrs)
+        .set(Grpc.TRANSPORT_ATTR_LOCAL_ADDR, AndroidComponentAddress.forContext(sourceContext))
+        .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, targetAddress)
+        .set(INBOUND_PARCELABLE_POLICY, inboundParcelablePolicy)
+        .build();
+  }
+
+  private static Attributes setSecurityAttrs(Attributes attributes, int uid) {
+    return attributes.toBuilder()
+        .set(REMOTE_UID, uid)
+        .set(
+            GrpcAttributes.ATTR_SECURITY_LEVEL,
+            uid == Process.myUid()
+                ? SecurityLevel.PRIVACY_AND_INTEGRITY
+                : SecurityLevel.INTEGRITY) // TODO: Have the SecrityPolicy decide this.
+        .build();
+  }
+}
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
index 85a0ddd35b7..3f51452c90c 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
@@ -83,12 +83,12 @@ private BinderClientTransportFactory(Builder builder) {
   }
 
   @Override
-  public BinderTransport.BinderClientTransport newClientTransport(
+  public BinderClientTransport newClientTransport(
       SocketAddress addr, ClientTransportOptions options, ChannelLogger channelLogger) {
     if (closed) {
       throw new IllegalStateException("The transport factory is closed.");
     }
-    return new BinderTransport.BinderClientTransport(this, (AndroidComponentAddress) addr, options);
+    return new BinderClientTransport(this, (AndroidComponentAddress) addr, options);
   }
 
   @Override
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServer.java b/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
index 6b8347390b9..fca8e3d88e1 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
@@ -178,8 +178,8 @@ public synchronized boolean handleTransaction(int code, Parcel parcel) {
               serverPolicyChecker,
               checkNotNull(executor, "Not started?"));
           // Create a new transport and let our listener know about it.
-          BinderTransport.BinderServerTransport transport =
-              new BinderTransport.BinderServerTransport(
+          BinderServerTransport transport =
+              new BinderServerTransport(
                   executorServicePool,
                   attrsBuilder.build(),
                   streamTracerFactories,
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
new file mode 100644
index 00000000000..1c345249735
--- /dev/null
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2020 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.grpc.binder.internal;
+
+import android.os.IBinder;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
+import io.grpc.Attributes;
+import io.grpc.Grpc;
+import io.grpc.Internal;
+import io.grpc.InternalLogId;
+import io.grpc.Metadata;
+import io.grpc.ServerStreamTracer;
+import io.grpc.Status;
+import io.grpc.internal.ObjectPool;
+import io.grpc.internal.ServerStream;
+import io.grpc.internal.ServerTransport;
+import io.grpc.internal.ServerTransportListener;
+import io.grpc.internal.StatsTraceContext;
+import java.util.List;
+import java.util.concurrent.ScheduledExecutorService;
+import javax.annotation.Nullable;
+
+/** Concrete server-side transport implementation. */
+@Internal
+public final class BinderServerTransport extends BinderTransport implements ServerTransport {
+
+  private final List<ServerStreamTracer.Factory> streamTracerFactories;
+  @Nullable private ServerTransportListener serverTransportListener;
+
+  /**
+   * Constructs a new transport instance.
+   *
+   * @param binderDecorator used to decorate 'callbackBinder', for fault injection.
+   */
+  public BinderServerTransport(
+      ObjectPool<ScheduledExecutorService> executorServicePool,
+      Attributes attributes,
+      List<ServerStreamTracer.Factory> streamTracerFactories,
+      OneWayBinderProxy.Decorator binderDecorator,
+      IBinder callbackBinder) {
+    super(executorServicePool, attributes, binderDecorator, buildLogId(attributes));
+    this.streamTracerFactories = streamTracerFactories;
+    // TODO(jdcormie): Plumb in the Server's executor() and use it here instead.
+    setOutgoingBinder(OneWayBinderProxy.wrap(callbackBinder, getScheduledExecutorService()));
+  }
+
+  public synchronized void setServerTransportListener(
+      ServerTransportListener serverTransportListener) {
+    this.serverTransportListener = serverTransportListener;
+    if (isShutdown()) {
+      setState(TransportState.SHUTDOWN_TERMINATED);
+      notifyTerminated();
+      releaseExecutors();
+    } else {
+      sendSetupTransaction();
+      // Check we're not shutdown again, since a failure inside sendSetupTransaction (or a callback
+      // it triggers), could have shut us down.
+      if (!isShutdown()) {
+        setState(TransportState.READY);
+        attributes = serverTransportListener.transportReady(attributes);
+      }
+    }
+  }
+
+  StatsTraceContext createStatsTraceContext(String methodName, Metadata headers) {
+    return StatsTraceContext.newServerContext(streamTracerFactories, methodName, headers);
+  }
+
+  synchronized Status startStream(ServerStream stream, String methodName, Metadata headers) {
+    if (isShutdown()) {
+      return Status.UNAVAILABLE.withDescription("transport is shutdown");
+    } else {
+      serverTransportListener.streamCreated(stream, methodName, headers);
+      return Status.OK;
+    }
+  }
+
+  @Override
+  @GuardedBy("this")
+  void notifyShutdown(Status status) {
+    // Nothing to do.
+  }
+
+  @Override
+  @GuardedBy("this")
+  void notifyTerminated() {
+    if (serverTransportListener != null) {
+      serverTransportListener.transportTerminated();
+    }
+  }
+
+  @Override
+  public synchronized void shutdown() {
+    shutdownInternal(Status.OK, false);
+  }
+
+  @Override
+  public synchronized void shutdownNow(Status reason) {
+    shutdownInternal(reason, true);
+  }
+
+  @Override
+  @Nullable
+  @GuardedBy("this")
+  protected Inbound<?> createInbound(int callId) {
+    return new Inbound.ServerInbound(this, attributes, callId);
+  }
+
+  private static InternalLogId buildLogId(Attributes attributes) {
+    return InternalLogId.allocate(
+        BinderServerTransport.class, "from " + attributes.get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR));
+  }
+}
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index d87cfb74044..0fe131a0728 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -19,67 +19,32 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.util.concurrent.Futures.immediateFuture;
-import static io.grpc.binder.ApiConstants.PRE_AUTH_SERVER_OVERRIDE;
-import static java.util.concurrent.TimeUnit.MILLISECONDS;
 
-import android.content.Context;
-import android.content.pm.ServiceInfo;
-import android.os.Binder;
 import android.os.DeadObjectException;
 import android.os.IBinder;
 import android.os.Parcel;
-import android.os.Process;
 import android.os.RemoteException;
 import android.os.TransactionTooLargeException;
 import androidx.annotation.BinderThread;
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Ticker;
 import com.google.common.base.Verify;
-import com.google.common.util.concurrent.FutureCallback;
-import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
-import com.google.errorprone.annotations.CheckReturnValue;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
-import io.grpc.CallOptions;
-import io.grpc.ClientStreamTracer;
-import io.grpc.Grpc;
 import io.grpc.Internal;
 import io.grpc.InternalChannelz.SocketStats;
 import io.grpc.InternalLogId;
-import io.grpc.Metadata;
-import io.grpc.MethodDescriptor;
-import io.grpc.SecurityLevel;
-import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.StatusException;
-import io.grpc.binder.AndroidComponentAddress;
-import io.grpc.binder.AsyncSecurityPolicy;
 import io.grpc.binder.InboundParcelablePolicy;
-import io.grpc.binder.SecurityPolicy;
-import io.grpc.internal.ClientStream;
-import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
-import io.grpc.internal.ConnectionClientTransport;
-import io.grpc.internal.FailingClientStream;
-import io.grpc.internal.GrpcAttributes;
-import io.grpc.internal.GrpcUtil;
-import io.grpc.internal.ManagedClientTransport;
 import io.grpc.internal.ObjectPool;
-import io.grpc.internal.ServerStream;
-import io.grpc.internal.ServerTransport;
-import io.grpc.internal.ServerTransportListener;
-import io.grpc.internal.StatsTraceContext;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.LinkedHashSet;
-import java.util.List;
 import java.util.Map;
 import java.util.NoSuchElementException;
 import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.ScheduledFuture;
-import java.util.concurrent.atomic.AtomicInteger;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -169,10 +134,10 @@ public abstract class BinderTransport implements IBinder.DeathRecipient {
   private static final int RESERVED_TRANSACTIONS = 1000;
 
   /** The first call ID we can use. */
-  private static final int FIRST_CALL_ID = IBinder.FIRST_CALL_TRANSACTION + RESERVED_TRANSACTIONS;
+  static final int FIRST_CALL_ID = IBinder.FIRST_CALL_TRANSACTION + RESERVED_TRANSACTIONS;
 
   /** The last call ID we can use. */
-  private static final int LAST_CALL_ID = IBinder.LAST_CALL_TRANSACTION;
+  static final int LAST_CALL_ID = IBinder.LAST_CALL_TRANSACTION;
 
   /** The states of this transport. */
   protected enum TransportState {
@@ -218,7 +183,7 @@ protected enum TransportState {
   // Only read/written on @BinderThread.
   private long acknowledgedIncomingBytes;
 
-  private BinderTransport(
+  protected BinderTransport(
       ObjectPool<ScheduledExecutorService> executorServicePool,
       Attributes attributes,
       OneWayBinderProxy.Decorator binderDecorator,
@@ -559,478 +524,6 @@ final void handleAcknowledgedBytes(long numBytes) {
     }
   }
 
-  /** Concrete client-side transport implementation. */
-  @ThreadSafe
-  @Internal
-  public static final class BinderClientTransport extends BinderTransport
-      implements ConnectionClientTransport, Bindable.Observer {
-
-    private final ObjectPool<? extends Executor> offloadExecutorPool;
-    private final Executor offloadExecutor;
-    private final SecurityPolicy securityPolicy;
-    private final Bindable serviceBinding;
-
-    /** Number of ongoing calls which keep this transport "in-use". */
-    private final AtomicInteger numInUseStreams;
-
-    private final long readyTimeoutMillis;
-    private final PingTracker pingTracker;
-    private final boolean preAuthorizeServer;
-
-    @Nullable private ManagedClientTransport.Listener clientTransportListener;
-
-    @GuardedBy("this")
-    private int latestCallId = FIRST_CALL_ID;
-
-    @GuardedBy("this")
-    private ScheduledFuture<?> readyTimeoutFuture; // != null iff timeout scheduled.
-    @GuardedBy("this")
-    @Nullable private ListenableFuture<Status> authResultFuture; // null before we check auth.
-
-    @GuardedBy("this")
-    @Nullable
-    private ListenableFuture<Status> preAuthResultFuture; // null before we pre-auth.
-
-    /**
-     * Constructs a new transport instance.
-     *
-     * @param factory parameters common to all a Channel's transports
-     * @param targetAddress the fully resolved and load-balanced server address
-     * @param options other parameters that can vary as transports come and go within a Channel
-     */
-    public BinderClientTransport(
-        BinderClientTransportFactory factory,
-        AndroidComponentAddress targetAddress,
-        ClientTransportOptions options) {
-      super(
-          factory.scheduledExecutorPool,
-          buildClientAttributes(
-              options.getEagAttributes(),
-              factory.sourceContext,
-              targetAddress,
-              factory.inboundParcelablePolicy),
-          factory.binderDecorator,
-          buildLogId(factory.sourceContext, targetAddress));
-      this.offloadExecutorPool = factory.offloadExecutorPool;
-      this.securityPolicy = factory.securityPolicy;
-      this.offloadExecutor = offloadExecutorPool.getObject();
-      this.readyTimeoutMillis = factory.readyTimeoutMillis;
-      Boolean preAuthServerOverride = options.getEagAttributes().get(PRE_AUTH_SERVER_OVERRIDE);
-      this.preAuthorizeServer =
-          preAuthServerOverride != null ? preAuthServerOverride : factory.preAuthorizeServers;
-      numInUseStreams = new AtomicInteger();
-      pingTracker = new PingTracker(Ticker.systemTicker(), (id) -> sendPing(id));
-
-      serviceBinding =
-          new ServiceBinding(
-              factory.mainThreadExecutor,
-              factory.sourceContext,
-              factory.channelCredentials,
-              targetAddress.asBindIntent(),
-              targetAddress.getTargetUser() != null
-                  ? targetAddress.getTargetUser()
-                  : factory.defaultTargetUserHandle,
-              factory.bindServiceFlags.toInteger(),
-              this);
-    }
-
-    @Override
-    void releaseExecutors() {
-      super.releaseExecutors();
-      offloadExecutorPool.returnObject(offloadExecutor);
-    }
-
-    @Override
-    public synchronized void onBound(IBinder binder) {
-      sendSetupTransaction(
-          binderDecorator.decorate(OneWayBinderProxy.wrap(binder, offloadExecutor)));
-    }
-
-    @Override
-    public synchronized void onUnbound(Status reason) {
-      shutdownInternal(reason, true);
-    }
-
-    @CheckReturnValue
-    @Override
-    public synchronized Runnable start(ManagedClientTransport.Listener clientTransportListener) {
-      this.clientTransportListener = checkNotNull(clientTransportListener);
-      return () -> {
-        synchronized (BinderClientTransport.this) {
-          if (inState(TransportState.NOT_STARTED)) {
-            setState(TransportState.SETUP);
-            try {
-              if (preAuthorizeServer) {
-                preAuthorize(serviceBinding.resolve());
-              } else {
-                serviceBinding.bind();
-              }
-            } catch (StatusException e) {
-              shutdownInternal(e.getStatus(), true);
-              return;
-            }
-            if (readyTimeoutMillis >= 0) {
-              readyTimeoutFuture =
-                  getScheduledExecutorService()
-                      .schedule(
-                          BinderClientTransport.this::onReadyTimeout,
-                          readyTimeoutMillis,
-                          MILLISECONDS);
-            }
-          }
-        }
-      };
-    }
-
-    @GuardedBy("this")
-    private void preAuthorize(ServiceInfo serviceInfo) {
-      // It's unlikely, but the identity/existence of this Service could change by the time we
-      // actually connect. It doesn't matter though, because:
-      // - If pre-auth fails (but would succeed against the server's new state), the grpc-core layer
-      // will eventually retry using a new transport instance that will see the Service's new state.
-      // - If pre-auth succeeds (but would fail against the server's new state), we might give an
-      // unauthorized server a chance to run, but the connection will still fail by SecurityPolicy
-      // check later in handshake. Pre-auth remains effective at mitigating abuse because malware
-      // can't typically control the exact timing of its installation.
-      preAuthResultFuture = checkServerAuthorizationAsync(serviceInfo.applicationInfo.uid);
-      Futures.addCallback(
-          preAuthResultFuture,
-          new FutureCallback<Status>() {
-            @Override
-            public void onSuccess(Status result) {
-              handlePreAuthResult(result);
-            }
-
-            @Override
-            public void onFailure(Throwable t) {
-              handleAuthResult(t);
-            }
-          },
-          offloadExecutor);
-    }
-
-    private synchronized void handlePreAuthResult(Status authorization) {
-      if (inState(TransportState.SETUP)) {
-        if (!authorization.isOk()) {
-          shutdownInternal(authorization, true);
-        } else {
-          serviceBinding.bind();
-        }
-      }
-    }
-
-    private synchronized void onReadyTimeout() {
-      if (inState(TransportState.SETUP)) {
-        readyTimeoutFuture = null;
-        shutdownInternal(
-            Status.DEADLINE_EXCEEDED.withDescription(
-                "Connect timeout " + readyTimeoutMillis + "ms lapsed"),
-            true);
-      }
-    }
-
-    @Override
-    public synchronized ClientStream newStream(
-        final MethodDescriptor<?, ?> method,
-        final Metadata headers,
-        final CallOptions callOptions,
-        ClientStreamTracer[] tracers) {
-      if (!inState(TransportState.READY)) {
-        return newFailingClientStream(
-            isShutdown()
-                ? shutdownStatus
-                : Status.INTERNAL.withDescription("newStream() before transportReady()"),
-            attributes,
-            headers,
-            tracers);
-      }
-
-      int callId = latestCallId++;
-      if (latestCallId == LAST_CALL_ID) {
-        latestCallId = FIRST_CALL_ID;
-      }
-      StatsTraceContext statsTraceContext =
-          StatsTraceContext.newClientContext(tracers, attributes, headers);
-      Inbound.ClientInbound inbound =
-          new Inbound.ClientInbound(
-              this, attributes, callId, GrpcUtil.shouldBeCountedForInUse(callOptions));
-      if (ongoingCalls.putIfAbsent(callId, inbound) != null) {
-        Status failure = Status.INTERNAL.withDescription("Clashing call IDs");
-        shutdownInternal(failure, true);
-        return newFailingClientStream(failure, attributes, headers, tracers);
-      } else {
-        if (inbound.countsForInUse() && numInUseStreams.getAndIncrement() == 0) {
-          clientTransportListener.transportInUse(true);
-        }
-        Outbound.ClientOutbound outbound =
-            new Outbound.ClientOutbound(this, callId, method, headers, statsTraceContext);
-        if (method.getType().clientSendsOneMessage()) {
-          return new SingleMessageClientStream(inbound, outbound, attributes);
-        } else {
-          return new MultiMessageClientStream(inbound, outbound, attributes);
-        }
-      }
-    }
-
-    @Override
-    protected void unregisterInbound(Inbound<?> inbound) {
-      if (inbound.countsForInUse() && numInUseStreams.decrementAndGet() == 0) {
-        clientTransportListener.transportInUse(false);
-      }
-      super.unregisterInbound(inbound);
-    }
-
-    @Override
-    public void ping(final PingCallback callback, Executor executor) {
-      pingTracker.startPing(callback, executor);
-    }
-
-    @Override
-    public synchronized void shutdown(Status reason) {
-      checkNotNull(reason, "reason");
-      shutdownInternal(reason, false);
-    }
-
-    @Override
-    public synchronized void shutdownNow(Status reason) {
-      checkNotNull(reason, "reason");
-      shutdownInternal(reason, true);
-    }
-
-    @Override
-    @GuardedBy("this")
-    void notifyShutdown(Status status) {
-      clientTransportListener.transportShutdown(status);
-    }
-
-    @Override
-    @GuardedBy("this")
-    void notifyTerminated() {
-      if (numInUseStreams.getAndSet(0) > 0) {
-        clientTransportListener.transportInUse(false);
-      }
-      if (readyTimeoutFuture != null) {
-        readyTimeoutFuture.cancel(false);
-        readyTimeoutFuture = null;
-      }
-      if (preAuthResultFuture != null) {
-        preAuthResultFuture.cancel(false); // No effect if already complete.
-      }
-      if (authResultFuture != null) {
-        authResultFuture.cancel(false);  // No effect if already complete.
-      }
-      serviceBinding.unbind();
-      clientTransportListener.transportTerminated();
-    }
-
-    @Override
-    @GuardedBy("this")
-    protected void handleSetupTransport(Parcel parcel) {
-      int remoteUid = Binder.getCallingUid();
-      attributes = setSecurityAttrs(attributes, remoteUid);
-      if (inState(TransportState.SETUP)) {
-        int version = parcel.readInt();
-        IBinder binder = parcel.readStrongBinder();
-        if (version != WIRE_FORMAT_VERSION) {
-          shutdownInternal(
-              Status.UNAVAILABLE.withDescription("Wire format version mismatch"), true);
-        } else if (binder == null) {
-          shutdownInternal(
-              Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
-        } else {
-          authResultFuture = checkServerAuthorizationAsync(remoteUid);
-          Futures.addCallback(
-              authResultFuture,
-              new FutureCallback<Status>() {
-                @Override
-                public void onSuccess(Status result) {
-                  handleAuthResult(binder, result);
-                }
-
-                @Override
-                public void onFailure(Throwable t) {
-                  handleAuthResult(t);
-                }
-              },
-              offloadExecutor);
-        }
-      }
-    }
-
-    private ListenableFuture<Status> checkServerAuthorizationAsync(int remoteUid) {
-      return (securityPolicy instanceof AsyncSecurityPolicy)
-          ? ((AsyncSecurityPolicy) securityPolicy).checkAuthorizationAsync(remoteUid)
-          : Futures.submit(() -> securityPolicy.checkAuthorization(remoteUid), offloadExecutor);
-    }
-
-    private synchronized void handleAuthResult(IBinder binder, Status authorization) {
-      if (inState(TransportState.SETUP)) {
-        if (!authorization.isOk()) {
-          shutdownInternal(authorization, true);
-        } else if (!setOutgoingBinder(OneWayBinderProxy.wrap(binder, offloadExecutor))) {
-          shutdownInternal(
-              Status.UNAVAILABLE.withDescription("Failed to observe outgoing binder"), true);
-        } else {
-          // Check state again, since a failure inside setOutgoingBinder (or a callback it
-          // triggers), could have shut us down.
-          if (!isShutdown()) {
-            setState(TransportState.READY);
-            attributes = clientTransportListener.filterTransport(attributes);
-            clientTransportListener.transportReady();
-            if (readyTimeoutFuture != null) {
-              readyTimeoutFuture.cancel(false);
-              readyTimeoutFuture = null;
-            }
-          }
-        }
-      }
-    }
-
-    private synchronized void handleAuthResult(Throwable t) {
-      shutdownInternal(
-          Status.INTERNAL.withDescription("Could not evaluate SecurityPolicy").withCause(t), true);
-    }
-
-    @GuardedBy("this")
-    @Override
-    protected void handlePingResponse(Parcel parcel) {
-      pingTracker.onPingResponse(parcel.readInt());
-    }
-
-    private static ClientStream newFailingClientStream(
-        Status failure, Attributes attributes, Metadata headers, ClientStreamTracer[] tracers) {
-      StatsTraceContext statsTraceContext =
-          StatsTraceContext.newClientContext(tracers, attributes, headers);
-      statsTraceContext.clientOutboundHeaders();
-      return new FailingClientStream(failure, tracers);
-    }
-
-    private static InternalLogId buildLogId(
-        Context sourceContext, AndroidComponentAddress targetAddress) {
-      return InternalLogId.allocate(
-          BinderClientTransport.class,
-          sourceContext.getClass().getSimpleName() + "->" + targetAddress);
-    }
-
-    private static Attributes buildClientAttributes(
-        Attributes eagAttrs,
-        Context sourceContext,
-        AndroidComponentAddress targetAddress,
-        InboundParcelablePolicy inboundParcelablePolicy) {
-      return Attributes.newBuilder()
-          .set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.NONE) // Trust noone for now.
-          .set(GrpcAttributes.ATTR_CLIENT_EAG_ATTRS, eagAttrs)
-          .set(Grpc.TRANSPORT_ATTR_LOCAL_ADDR, AndroidComponentAddress.forContext(sourceContext))
-          .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, targetAddress)
-          .set(INBOUND_PARCELABLE_POLICY, inboundParcelablePolicy)
-          .build();
-    }
-
-    private static Attributes setSecurityAttrs(Attributes attributes, int uid) {
-      return attributes.toBuilder()
-          .set(REMOTE_UID, uid)
-          .set(
-              GrpcAttributes.ATTR_SECURITY_LEVEL,
-              uid == Process.myUid()
-                  ? SecurityLevel.PRIVACY_AND_INTEGRITY
-                  : SecurityLevel.INTEGRITY) // TODO: Have the SecrityPolicy decide this.
-          .build();
-    }
-  }
-
-  /** Concrete server-side transport implementation. */
-  @Internal
-  public static final class BinderServerTransport extends BinderTransport
-      implements ServerTransport {
-
-    private final List<ServerStreamTracer.Factory> streamTracerFactories;
-    @Nullable private ServerTransportListener serverTransportListener;
-
-    /**
-     * Constructs a new transport instance.
-     *
-     * @param binderDecorator used to decorate 'callbackBinder', for fault injection.
-     */
-    public BinderServerTransport(
-        ObjectPool<ScheduledExecutorService> executorServicePool,
-        Attributes attributes,
-        List<ServerStreamTracer.Factory> streamTracerFactories,
-        OneWayBinderProxy.Decorator binderDecorator,
-        IBinder callbackBinder) {
-      super(executorServicePool, attributes, binderDecorator, buildLogId(attributes));
-      this.streamTracerFactories = streamTracerFactories;
-      // TODO(jdcormie): Plumb in the Server's executor() and use it here instead.
-      setOutgoingBinder(OneWayBinderProxy.wrap(callbackBinder, getScheduledExecutorService()));
-    }
-
-    public synchronized void setServerTransportListener(
-        ServerTransportListener serverTransportListener) {
-      this.serverTransportListener = serverTransportListener;
-      if (isShutdown()) {
-        setState(TransportState.SHUTDOWN_TERMINATED);
-        notifyTerminated();
-        releaseExecutors();
-      } else {
-        sendSetupTransaction();
-        // Check we're not shutdown again, since a failure inside sendSetupTransaction (or a
-        // callback it triggers), could have shut us down.
-        if (!isShutdown()) {
-          setState(TransportState.READY);
-          attributes = serverTransportListener.transportReady(attributes);
-        }
-      }
-    }
-
-    StatsTraceContext createStatsTraceContext(String methodName, Metadata headers) {
-      return StatsTraceContext.newServerContext(streamTracerFactories, methodName, headers);
-    }
-
-    synchronized Status startStream(ServerStream stream, String methodName, Metadata headers) {
-      if (isShutdown()) {
-        return Status.UNAVAILABLE.withDescription("transport is shutdown");
-      } else {
-        serverTransportListener.streamCreated(stream, methodName, headers);
-        return Status.OK;
-      }
-    }
-
-    @Override
-    @GuardedBy("this")
-    void notifyShutdown(Status status) {
-      // Nothing to do.
-    }
-
-    @Override
-    @GuardedBy("this")
-    void notifyTerminated() {
-      if (serverTransportListener != null) {
-        serverTransportListener.transportTerminated();
-      }
-    }
-
-    @Override
-    public synchronized void shutdown() {
-      shutdownInternal(Status.OK, false);
-    }
-
-    @Override
-    public synchronized void shutdownNow(Status reason) {
-      shutdownInternal(reason, true);
-    }
-
-    @Override
-    @Nullable
-    @GuardedBy("this")
-    protected Inbound<?> createInbound(int callId) {
-      return new Inbound.ServerInbound(this, attributes, callId);
-    }
-
-    private static InternalLogId buildLogId(Attributes attributes) {
-      return InternalLogId.allocate(
-          BinderServerTransport.class, "from " + attributes.get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR));
-    }
-  }
-
   private static void checkTransition(TransportState current, TransportState next) {
     switch (next) {
       case SETUP:
diff --git a/binder/src/main/java/io/grpc/binder/internal/Inbound.java b/binder/src/main/java/io/grpc/binder/internal/Inbound.java
index 50654297c74..9b9dfeef5ce 100644
--- a/binder/src/main/java/io/grpc/binder/internal/Inbound.java
+++ b/binder/src/main/java/io/grpc/binder/internal/Inbound.java
@@ -610,10 +610,9 @@ protected void deliverCloseAbnormal(Status status) {
   // Server-side inbound transactions.
   static final class ServerInbound extends Inbound<ServerStreamListener> {
 
-    private final BinderTransport.BinderServerTransport serverTransport;
+    private final BinderServerTransport serverTransport;
 
-    ServerInbound(
-        BinderTransport.BinderServerTransport transport, Attributes attributes, int callId) {
+    ServerInbound(BinderServerTransport transport, Attributes attributes, int callId) {
       super(transport, attributes, callId);
       this.serverTransport = transport;
     }
diff --git a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
index d47106d1d35..e7e73e6d4b0 100644
--- a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
@@ -56,12 +56,12 @@ public final class BinderServerTransportTest {
 
   @Mock IBinder mockBinder;
 
-  BinderTransport.BinderServerTransport transport;
+  BinderServerTransport transport;
 
   @Before
   public void setUp() throws Exception {
     transport =
-        new BinderTransport.BinderServerTransport(
+        new BinderServerTransport(
             new FixedObjectPool<>(executorService),
             Attributes.EMPTY,
             ImmutableList.of(),
diff --git a/binder/src/testFixtures/java/io/grpc/binder/internal/BinderClientTransportBuilder.java b/binder/src/testFixtures/java/io/grpc/binder/internal/BinderClientTransportBuilder.java
index e98daeec3ed..f732ff64663 100644
--- a/binder/src/testFixtures/java/io/grpc/binder/internal/BinderClientTransportBuilder.java
+++ b/binder/src/testFixtures/java/io/grpc/binder/internal/BinderClientTransportBuilder.java
@@ -24,8 +24,8 @@
 import java.net.SocketAddress;
 
 /**
- * Helps unit tests create {@link BinderTransport.BinderClientTransport} instances without having to
- * mention irrelevant details (go/tott/719).
+ * Helps unit tests create {@link BinderClientTransport} instances without having to mention
+ * irrelevant details (go/tott/719).
  */
 public class BinderClientTransportBuilder {
   private BinderClientTransportFactory factory;
@@ -54,7 +54,7 @@ public BinderClientTransportBuilder setFactory(BinderClientTransportFactory fact
     return this;
   }
 
-  public BinderTransport.BinderClientTransport build() {
+  public BinderClientTransport build() {
     return factory.newClientTransport(
         checkNotNull(serverAddress), checkNotNull(options), checkNotNull(channelLogger));
   }

From 028afbe35252ec2bc028c447381adbf88769ccdf Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 22 Aug 2025 08:07:51 -0700
Subject: [PATCH 351/591] xds: Implement equals in WRRLBConfig

Just an is a8de9f0, lack of equals causes cluster_resolver to consider every update a different configuration and restart itself.

Handling NaN should really be prevented with validation, but it looks like that
would lead to yak shaving at the moment.

b/435208946
---
 .../xds/WeightedRoundRobinLoadBalancer.java   | 27 ++++++++++++++
 .../WeightedRoundRobinLoadBalancerTest.java   | 35 +++++++++++++++++++
 2 files changed, 62 insertions(+)

diff --git a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
index c3d36f7cdc8..6cf3189d587 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
@@ -48,6 +48,7 @@
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Objects;
 import java.util.Random;
 import java.util.Set;
 import java.util.concurrent.ScheduledExecutorService;
@@ -738,6 +739,32 @@ private WeightedRoundRobinLoadBalancerConfig(long blackoutPeriodNanos,
       this.errorUtilizationPenalty = errorUtilizationPenalty;
     }
 
+    @Override
+    public boolean equals(Object o) {
+      if (!(o instanceof WeightedRoundRobinLoadBalancerConfig)) {
+        return false;
+      }
+      WeightedRoundRobinLoadBalancerConfig that = (WeightedRoundRobinLoadBalancerConfig) o;
+      return this.blackoutPeriodNanos == that.blackoutPeriodNanos
+          && this.weightExpirationPeriodNanos == that.weightExpirationPeriodNanos
+          && this.enableOobLoadReport == that.enableOobLoadReport
+          && this.oobReportingPeriodNanos == that.oobReportingPeriodNanos
+          && this.weightUpdatePeriodNanos == that.weightUpdatePeriodNanos
+          // Float.compare considers NaNs equal
+          && Float.compare(this.errorUtilizationPenalty, that.errorUtilizationPenalty) == 0;
+    }
+
+    @Override
+    public int hashCode() {
+      return Objects.hash(
+          blackoutPeriodNanos,
+          weightExpirationPeriodNanos,
+          enableOobLoadReport,
+          oobReportingPeriodNanos,
+          weightUpdatePeriodNanos,
+          errorUtilizationPenalty);
+    }
+
     static final class Builder {
       long blackoutPeriodNanos = 10_000_000_000L; // 10s
       long weightExpirationPeriodNanos = 180_000_000_000L; //3min
diff --git a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
index bf23c65def4..868bc811a70 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
@@ -35,6 +35,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
+import com.google.common.testing.EqualsTester;
 import com.google.protobuf.Duration;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
@@ -215,6 +216,40 @@ public void pickChildLbTF() throws Exception {
     weightedPicker.pickSubchannel(mockArgs);
   }
 
+  @Test
+  public void config_equalsTester() {
+    WeightedRoundRobinLoadBalancerConfig defaults =
+        WeightedRoundRobinLoadBalancerConfig.newBuilder().build();
+    new EqualsTester()
+        .addEqualityGroup(
+            WeightedRoundRobinLoadBalancerConfig.newBuilder().build(),
+            WeightedRoundRobinLoadBalancerConfig.newBuilder().build(),
+            WeightedRoundRobinLoadBalancerConfig.newBuilder()
+              .setBlackoutPeriodNanos(defaults.blackoutPeriodNanos).build())
+        .addEqualityGroup(
+            WeightedRoundRobinLoadBalancerConfig.newBuilder()
+              .setBlackoutPeriodNanos(5).build())
+        .addEqualityGroup(
+            WeightedRoundRobinLoadBalancerConfig.newBuilder()
+              .setWeightExpirationPeriodNanos(5).build())
+        .addEqualityGroup(
+            WeightedRoundRobinLoadBalancerConfig.newBuilder()
+              .setEnableOobLoadReport(true).build())
+        .addEqualityGroup(
+            WeightedRoundRobinLoadBalancerConfig.newBuilder()
+              .setOobReportingPeriodNanos(5).build())
+        .addEqualityGroup(
+            WeightedRoundRobinLoadBalancerConfig.newBuilder()
+              .setWeightUpdatePeriodNanos(5).build())
+        .addEqualityGroup(
+            WeightedRoundRobinLoadBalancerConfig.newBuilder()
+              .setErrorUtilizationPenalty(0.5F).build())
+        .addEqualityGroup(
+            WeightedRoundRobinLoadBalancerConfig.newBuilder()
+              .setErrorUtilizationPenalty(Float.NaN).build())
+        .testEquals();
+  }
+
   @Test
   public void wrrLifeCycle() {
     syncContext.execute(() -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder()

From c7202c0db5065cf9364086850a36115a843bbb97 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Sun, 24 Aug 2025 18:21:52 +0530
Subject: [PATCH 352/591] Bump readme (#12305)

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index e57b79e6bf7..d7e57a9f80c 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.74.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.74.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.75.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.75.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,18 +56,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.74.0</version>
+  <version>1.75.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.74.0</version>
+  <version>1.75.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.74.0</version>
+  <version>1.75.0</version>
 </dependency>
 <dependency> <!-- necessary for Java 9+ -->
   <groupId>org.apache.tomcat</groupId>
@@ -79,18 +79,18 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.74.0'
-implementation 'io.grpc:grpc-protobuf:1.74.0'
-implementation 'io.grpc:grpc-stub:1.74.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.75.0'
+implementation 'io.grpc:grpc-protobuf:1.75.0'
+implementation 'io.grpc:grpc-stub:1.75.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.74.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.74.0'
-implementation 'io.grpc:grpc-stub:1.74.0'
+implementation 'io.grpc:grpc-okhttp:1.75.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.75.0'
+implementation 'io.grpc:grpc-stub:1.75.0'
 compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
@@ -99,7 +99,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.74.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.75.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://central.sonatype.com/repository/maven-snapshots/).
@@ -131,7 +131,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.74.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.75.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -161,7 +161,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0'
     }
   }
   generateProtoTasks {
@@ -194,7 +194,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.74.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0'
     }
   }
   generateProtoTasks {

From f5b111708b2bddb8f0fe65bbc7f8a4edb3d0757f Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Mon, 25 Aug 2025 21:56:56 +0200
Subject: [PATCH 353/591] servlet: fix unpark() of onWritePossible() thread

This should fix #12268
---
 gradle/libs.versions.toml                        |  2 +-
 .../servlet/AsyncServletOutputStreamWriter.java  | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 540657b9ddb..e4eb4f82ddb 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -112,7 +112,7 @@ signature-java = "org.codehaus.mojo.signature:java18:1.0"
 tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.31"
 tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.89"
 truth = "com.google.truth:truth:1.4.4"
-undertow-servlet22 = "io.undertow:undertow-servlet:2.2.32.Final"
+undertow-servlet22 = "io.undertow:undertow-servlet:2.2.37.Final"
 undertow-servlet = "io.undertow:undertow-servlet:2.3.18.Final"
 
 # Do not update: Pinned to the last version supporting Java 8.
diff --git a/servlet/src/main/java/io/grpc/servlet/AsyncServletOutputStreamWriter.java b/servlet/src/main/java/io/grpc/servlet/AsyncServletOutputStreamWriter.java
index 8c0c6ec6512..3c8d3d07571 100644
--- a/servlet/src/main/java/io/grpc/servlet/AsyncServletOutputStreamWriter.java
+++ b/servlet/src/main/java/io/grpc/servlet/AsyncServletOutputStreamWriter.java
@@ -26,9 +26,9 @@
 import io.grpc.InternalLogId;
 import io.grpc.servlet.ServletServerStream.ServletTransportState;
 import java.io.IOException;
-import java.time.Duration;
 import java.util.Queue;
 import java.util.concurrent.ConcurrentLinkedQueue;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.concurrent.locks.LockSupport;
 import java.util.function.BiFunction;
@@ -128,7 +128,7 @@ public void finest(String str, Object... params) {
             log.fine("call completed");
           });
     };
-    this.isReady = () -> outputStream.isReady();
+    this.isReady = outputStream::isReady;
   }
 
   /**
@@ -173,7 +173,9 @@ void complete() {
   /** Called from the container thread {@link javax.servlet.WriteListener#onWritePossible()}. */
   void onWritePossible() throws IOException {
     log.finest("onWritePossible: ENTRY. The servlet output stream becomes ready");
-    assureReadyAndDrainedTurnsFalse();
+    if (writeState.get().readyAndDrained) {
+      assureReadyAndDrainedTurnsFalse();
+    }
     while (isReady.getAsBoolean()) {
       WriteState curState = writeState.get();
 
@@ -200,11 +202,9 @@ private void assureReadyAndDrainedTurnsFalse() {
     // readyAndDrained should have been set to false already.
     // Just in case due to a race condition readyAndDrained is still true at this moment and is
     // being set to false by runOrBuffer() concurrently.
+    parkingThread = Thread.currentThread();
     while (writeState.get().readyAndDrained) {
-      parkingThread = Thread.currentThread();
-      // Try to sleep for an extremely long time to avoid writeState being changed at exactly
-      // the time when sleep time expires (in extreme scenario, such as #9917).
-      LockSupport.parkNanos(Duration.ofHours(1).toNanos()); // should return immediately
+      LockSupport.parkNanos(TimeUnit.MINUTES.toNanos(1)); // should return immediately
     }
     parkingThread = null;
   }
@@ -254,7 +254,7 @@ interface ActionItem {
   @VisibleForTesting // Lincheck test can not run with java.util.logging dependency.
   interface Log {
     default boolean isLoggable(Level level) {
-      return false; 
+      return false;
     }
 
     default void fine(String str, Object...params) {}

From 2ba5c3d2a3655e31d0aa2388fea386f343f70eac Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Mon, 25 Aug 2025 22:05:06 +0200
Subject: [PATCH 354/591] servlet: skip AsyncContext.complete() when already
 completed (#12296)

Currently `AsyncContext.complete()` is called multiple times in some
flows, e.g. when DEADLINE_EXCEEDED, and that results in
IllegalStateException from servlet container (Tomcat).
If counting IllegalStateException from the tests of the servlet module
here - the number of those is reduced significantly, a few cases still
left, would bet addressed separately.
---
 .../java/io/grpc/servlet/ServletAdapter.java  |  4 ++-
 .../io/grpc/servlet/ServletServerStream.java  | 31 ++++++-------------
 2 files changed, 13 insertions(+), 22 deletions(-)

diff --git a/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java b/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
index 5a567916f99..4bfe8949776 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
@@ -215,7 +215,9 @@ private static final class GrpcAsyncListener implements AsyncListener {
     }
 
     @Override
-    public void onComplete(AsyncEvent event) {}
+    public void onComplete(AsyncEvent event) {
+      stream.asyncCompleted = true;
+    }
 
     @Override
     public void onTimeout(AsyncEvent event) {
diff --git a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
index 5dd20567c08..caab5caa8a9 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
@@ -30,7 +30,6 @@
 import io.grpc.InternalLogId;
 import io.grpc.Metadata;
 import io.grpc.Status;
-import io.grpc.Status.Code;
 import io.grpc.internal.AbstractServerStream;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.SerializingExecutor;
@@ -43,8 +42,6 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.TimeUnit;
 import java.util.function.Supplier;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -58,12 +55,15 @@ final class ServletServerStream extends AbstractServerStream {
 
   private final ServletTransportState transportState;
   private final Sink sink = new Sink();
-  private final AsyncContext asyncCtx;
   private final HttpServletResponse resp;
   private final Attributes attributes;
   private final String authority;
   private final InternalLogId logId;
   private final AsyncServletOutputStreamWriter writer;
+  /**
+   * If the async servlet operation has been completed.
+   */
+  volatile boolean asyncCompleted = false;
 
   ServletServerStream(
       AsyncContext asyncCtx,
@@ -78,7 +78,6 @@ final class ServletServerStream extends AbstractServerStream {
     this.attributes = attributes;
     this.authority = authority;
     this.logId = logId;
-    this.asyncCtx = asyncCtx;
     this.resp = (HttpServletResponse) asyncCtx.getResponse();
     this.writer = new AsyncServletOutputStreamWriter(
         asyncCtx, transportState, logId);
@@ -292,24 +291,14 @@ public void writeTrailers(Metadata trailers, boolean headersSent, Status status)
 
     @Override
     public void cancel(Status status) {
-      if (resp.isCommitted() && Code.DEADLINE_EXCEEDED == status.getCode()) {
-        return; // let the servlet timeout, the container will sent RST_STREAM automatically
-      }
       transportState.runOnTransportThread(() -> transportState.transportReportStatus(status));
-      // There is no way to RST_STREAM with CANCEL code, so write trailers instead
-      close(Status.CANCELLED.withDescription("Servlet stream cancelled")
-              .withCause(status.asRuntimeException()),
-          new Metadata());
-      CountDownLatch countDownLatch = new CountDownLatch(1);
-      transportState.runOnTransportThread(() -> {
-        asyncCtx.complete();
-        countDownLatch.countDown();
-      });
-      try {
-        countDownLatch.await(5, TimeUnit.SECONDS);
-      } catch (InterruptedException e) {
-        Thread.currentThread().interrupt();
+      if (asyncCompleted) {
+        logger.fine("ignore cancel as already completed");
+        return;
       }
+      // There is no way to RST_STREAM with CANCEL code, so write trailers instead
+      close(status, new Metadata());
+      // close() calls writeTrailers(), which calls AsyncContext.complete()
     }
   }
 

From 8ac5599b92ea777183eb732d25a3087351d67460 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Tue, 26 Aug 2025 01:25:46 +0200
Subject: [PATCH 355/591] servlet: fix threadingTest and update lincheck
 (#12306)

Seems like previously it was not testing all the flows but only: the
write/flush calls are added to the queue by `runOrBuffer` because
`readyAndDrained` is initially `false`.

So,
* `isReady()` is never called
* `isReadyReturnedFalse` never set to true
* `maybeOnWritePossible()` does nothing

All that makes me think that #9917 is caused by some bugs in older
versions of llincheck, can be closed now.

A more real simulation happens if calling `onWritePossible` first via
`initialOnWritePossible`, and then it has found a race condition in
`AsyncServletOutputStreamWriterConcurrencyTest.isReady()`, if
`maybeOnWritePossible()` is executed before `return isReady`.

Additionally updated lincheck,
* it does not need jvmArgs now
* is compatible with java 8 again
* changed asserts from Truth to junit, as lincheck was trying to use
`com.google.common.truth.Subject.equals(Object)`

It still does not detect #12268, but might be needs more time.
---
 build.gradle                                  |  2 +-
 gradle/libs.versions.toml                     |  3 +-
 servlet/build.gradle                          | 15 ++---
 ...vletOutputStreamWriterConcurrencyTest.java | 64 +++++++++++--------
 4 files changed, 43 insertions(+), 41 deletions(-)

diff --git a/build.gradle b/build.gradle
index 50c9df4c5c8..366edf1b9e5 100644
--- a/build.gradle
+++ b/build.gradle
@@ -238,7 +238,7 @@ subprojects {
 
         // At a test failure, log the stack trace to the console so that we don't
         // have to open the HTML in a browser.
-        tasks.named("test").configure {
+        tasks.withType(Test).configureEach {
             testLogging {
                 exceptionFormat = 'full'
                 showExceptions = true
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index e4eb4f82ddb..a374ba5aa73 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -69,8 +69,7 @@ jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.0.16"
 jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.20"
 jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
 junit = "junit:junit:4.13.2"
-# 2.17+ require Java 11+ (not mentioned in release notes)
-lincheck = "org.jetbrains.kotlinx:lincheck-jvm:2.16"
+lincheck = "org.jetbrains.lincheck:lincheck:3.2"
 # Update notes / 2023-07-19 sergiitk:
 #    Couldn't update to 5.4.0, updated to the last in 4.x line. Version 5.x breaks some tests.
 #    Error log: https://github.com/grpc/grpc-java/pull/10359#issuecomment-1632834435
diff --git a/servlet/build.gradle b/servlet/build.gradle
index fd5abb6f0e5..7f9cd04a57c 100644
--- a/servlet/build.gradle
+++ b/servlet/build.gradle
@@ -43,7 +43,7 @@ dependencies {
     testImplementation libraries.javax.servlet.api
 
     threadingTestImplementation project(':grpc-servlet'),
-        libraries.truth,
+        libraries.junit,
         libraries.javax.servlet.api,
         libraries.lincheck
 
@@ -69,19 +69,12 @@ dependencies {
             libraries.protobuf.java
 }
 
-tasks.named("test").configure {
-    if (JavaVersion.current().isJava9Compatible()) {
-        jvmArgs += [
-                // required for Lincheck
-                '--add-opens=java.base/jdk.internal.misc=ALL-UNNAMED',
-                '--add-exports=java.base/jdk.internal.util=ALL-UNNAMED',
-        ]
-    }
-}
-
 tasks.register('threadingTest', Test) {
     classpath = sourceSets.threadingTest.runtimeClasspath
     testClassesDirs = sourceSets.threadingTest.output.classesDirs
+    jacoco {
+        enabled = false
+    }
 }
 
 tasks.named("assemble").configure {
diff --git a/servlet/src/threadingTest/java/io/grpc/servlet/AsyncServletOutputStreamWriterConcurrencyTest.java b/servlet/src/threadingTest/java/io/grpc/servlet/AsyncServletOutputStreamWriterConcurrencyTest.java
index 61da2bf4c69..ebe1df8c3f3 100644
--- a/servlet/src/threadingTest/java/io/grpc/servlet/AsyncServletOutputStreamWriterConcurrencyTest.java
+++ b/servlet/src/threadingTest/java/io/grpc/servlet/AsyncServletOutputStreamWriterConcurrencyTest.java
@@ -16,23 +16,23 @@
 
 package io.grpc.servlet;
 
-import static com.google.common.truth.Truth.assertWithMessage;
-import static org.jetbrains.kotlinx.lincheck.strategy.managed.ManagedStrategyGuaranteeKt.forClasses;
+import static org.jetbrains.lincheck.datastructures.ManagedStrategyGuaranteeKt.forClasses;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 
 import io.grpc.servlet.AsyncServletOutputStreamWriter.ActionItem;
 import io.grpc.servlet.AsyncServletOutputStreamWriter.Log;
 import java.io.IOException;
 import java.util.concurrent.ConcurrentLinkedQueue;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.BiFunction;
-import org.jetbrains.kotlinx.lincheck.LinChecker;
-import org.jetbrains.kotlinx.lincheck.annotations.OpGroupConfig;
-import org.jetbrains.kotlinx.lincheck.annotations.Operation;
-import org.jetbrains.kotlinx.lincheck.annotations.Param;
-import org.jetbrains.kotlinx.lincheck.paramgen.BooleanGen;
 import org.jetbrains.kotlinx.lincheck.strategy.managed.modelchecking.ModelCheckingCTest;
-import org.jetbrains.kotlinx.lincheck.strategy.managed.modelchecking.ModelCheckingOptions;
-import org.jetbrains.kotlinx.lincheck.verifier.VerifierState;
+import org.jetbrains.lincheck.datastructures.BooleanGen;
+import org.jetbrains.lincheck.datastructures.ModelCheckingOptions;
+import org.jetbrains.lincheck.datastructures.Operation;
+import org.jetbrains.lincheck.datastructures.Param;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -50,17 +50,19 @@
  * operations are linearizable in each interleave scenario.
  */
 @ModelCheckingCTest
-@OpGroupConfig(name = "update", nonParallel = true)
-@OpGroupConfig(name = "write", nonParallel = true)
 @Param(name = "keepReady", gen = BooleanGen.class)
 @RunWith(JUnit4.class)
-public class AsyncServletOutputStreamWriterConcurrencyTest extends VerifierState {
+public class AsyncServletOutputStreamWriterConcurrencyTest {
   private static final int OPERATIONS_PER_THREAD = 6;
 
   private final AsyncServletOutputStreamWriter writer;
   private final boolean[] keepReadyArray = new boolean[OPERATIONS_PER_THREAD];
 
   private volatile boolean isReady;
+  /**
+   * The container initiates the first call shortly after {@code startAsync}.
+   */
+  private final AtomicBoolean initialOnWritePossible = new AtomicBoolean(true);
   // when isReadyReturnedFalse, writer.onWritePossible() will be called.
   private volatile boolean isReadyReturnedFalse;
   private int producerIndex;
@@ -71,17 +73,15 @@ public class AsyncServletOutputStreamWriterConcurrencyTest extends VerifierState
   public AsyncServletOutputStreamWriterConcurrencyTest() {
     BiFunction<byte[], Integer, ActionItem> writeAction =
         (bytes, numBytes) -> () -> {
-          assertWithMessage("write should only be called while isReady() is true")
-              .that(isReady)
-              .isTrue();
+          assertTrue("write should only be called while isReady() is true", isReady);
           // The byte to be written must equal to consumerIndex, otherwise execution order is wrong
-          assertWithMessage("write in wrong order").that(bytes[0]).isEqualTo((byte) consumerIndex);
+          assertEquals("write in wrong order", bytes[0], (byte) consumerIndex);
           bytesWritten++;
           writeOrFlush();
         };
 
     ActionItem flushAction = () -> {
-      assertWithMessage("flush must only be called while isReady() is true").that(isReady).isTrue();
+      assertTrue("flush must only be called while isReady() is true", isReady);
       writeOrFlush();
     };
 
@@ -102,12 +102,13 @@ private void writeOrFlush() {
   }
 
   private boolean isReady() {
-    if (!isReady) {
-      assertWithMessage("isReady() already returned false, onWritePossible() will be invoked")
-          .that(isReadyReturnedFalse).isFalse();
+    boolean copyOfIsReady = isReady;
+    if (!copyOfIsReady) {
+      assertFalse("isReady() already returned false, onWritePossible() will be invoked",
+          isReadyReturnedFalse);
       isReadyReturnedFalse = true;
     }
-    return isReady;
+    return copyOfIsReady;
   }
 
   /**
@@ -118,7 +119,7 @@ private boolean isReady() {
    *                  the ServletOutputStream should become unready if keepReady == false.
    */
   // @com.google.errorprone.annotations.Keep
-  @Operation(group = "write")
+  @Operation(nonParallelGroup = "write")
   public void write(@Param(name = "keepReady") boolean keepReady) throws IOException {
     keepReadyArray[producerIndex] = keepReady;
     writer.writeBytes(new byte[]{(byte) producerIndex}, 1);
@@ -133,7 +134,7 @@ public void write(@Param(name = "keepReady") boolean keepReady) throws IOExcepti
    *                  the ServletOutputStream should become unready if keepReady == false.
    */
   // @com.google.errorprone.annotations.Keep // called by lincheck reflectively
-  @Operation(group = "write")
+  @Operation(nonParallelGroup = "write")
   public void flush(@Param(name = "keepReady") boolean keepReady) throws IOException {
     keepReadyArray[producerIndex] = keepReady;
     writer.flush();
@@ -142,9 +143,12 @@ public void flush(@Param(name = "keepReady") boolean keepReady) throws IOExcepti
 
   /** If the writer is not ready, let it turn ready and call writer.onWritePossible(). */
   // @com.google.errorprone.annotations.Keep // called by lincheck reflectively
-  @Operation(group = "update")
+  @Operation(nonParallelGroup = "update")
   public void maybeOnWritePossible() throws IOException {
-    if (isReadyReturnedFalse) {
+    if (initialOnWritePossible.compareAndSet(true, false)) {
+      isReady = true;
+      writer.onWritePossible();
+    } else if (isReadyReturnedFalse) {
       isReadyReturnedFalse = false;
       isReady = true;
       writer.onWritePossible();
@@ -152,7 +156,13 @@ public void maybeOnWritePossible() throws IOException {
   }
 
   @Override
-  protected Object extractState() {
+  public final boolean equals(Object o) {
+    return o instanceof AsyncServletOutputStreamWriterConcurrencyTest
+        && bytesWritten == ((AsyncServletOutputStreamWriterConcurrencyTest) o).bytesWritten;
+  }
+
+  @Override
+  public int hashCode() {
     return bytesWritten;
   }
 
@@ -169,6 +179,6 @@ public void linCheck() {
                     AtomicReference.class.getName())
                 .allMethods()
                 .treatAsAtomic());
-    LinChecker.check(AsyncServletOutputStreamWriterConcurrencyTest.class, options);
+    options.check(AsyncServletOutputStreamWriterConcurrencyTest.class);
   }
 }

From ca8f4dfa6d76b3fe9dafcea6e43a4428ec5c167d Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 26 Aug 2025 03:27:49 -0700
Subject: [PATCH 356/591] binder: Improve error descriptions for
 ServiceConnection callbacks (#12263)

Non-experts don't really know what these ServiceConnection callback
names mean (eg b/437170499). Use the Status description to explain them
a bit. Compare to https://github.com/grpc/grpc-java/pull/11628
---
 .../grpc/binder/internal/ServiceBinding.java  | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
index 42d69d27a2e..3885afb19a8 100644
--- a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
+++ b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
@@ -356,19 +356,32 @@ public void onServiceConnected(ComponentName className, IBinder binder) {
   @Override
   @MainThread
   public void onServiceDisconnected(ComponentName name) {
-    unbindInternal(Status.UNAVAILABLE.withDescription("onServiceDisconnected: " + name));
+    unbindInternal(
+        Status.UNAVAILABLE.withDescription(
+            "Server process crashed, exited or was killed (onServiceDisconnected): " + name));
   }
 
   @Override
   @MainThread
   public void onNullBinding(ComponentName name) {
-    unbindInternal(Status.UNIMPLEMENTED.withDescription("onNullBinding: " + name));
+    unbindInternal(
+        Status.UNIMPLEMENTED.withDescription(
+            "Remote Service returned null from onBind() for "
+                + bindIntent
+                + " (onNullBinding): "
+                + name));
   }
 
   @Override
   @MainThread
   public void onBindingDied(ComponentName name) {
-    unbindInternal(Status.UNAVAILABLE.withDescription("onBindingDied: " + name));
+    unbindInternal(
+        Status.UNAVAILABLE.withDescription(
+            "Remote Service component "
+                + name.getClassName()
+                + " was disabled, or its package "
+                + name.getPackageName()
+                + " was disabled, force-stopped, replaced or uninstalled (onBindingDied)."));
   }
 
   @VisibleForTesting

From 695014adfd33aa8facb721e358a485d08a23b76f Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 14 Aug 2025 07:23:01 -0700
Subject: [PATCH 357/591] api: Reduce allocations of Attributes.Builder

Modifying existing Attributes was virtually guaranteed to allocate
within build(), just because `base` was not considered for the new map
size. Discard was also allocation-heavy because it often created a new
map. Using a regular copy-on-write approach is enough to avoid the
unnecessary allocations in both cases.

This was noticed in a profile that included xds's
AddressFilter.setPathFilter(), where Attributes.Builder.build()
allocated 6x the memory of Attributes.Builder.data().

b/435208946#comment41
---
 api/src/main/java/io/grpc/Attributes.java | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/api/src/main/java/io/grpc/Attributes.java b/api/src/main/java/io/grpc/Attributes.java
index de00e63554c..c8550d176b4 100644
--- a/api/src/main/java/io/grpc/Attributes.java
+++ b/api/src/main/java/io/grpc/Attributes.java
@@ -215,6 +215,7 @@ public int hashCode() {
    * The helper class to build an Attributes instance.
    */
   public static final class Builder {
+    // Exactly one of base and newdata will be set
     private Attributes base;
     private IdentityHashMap<Key<?>, Object> newdata;
 
@@ -225,8 +226,11 @@ private Builder(Attributes base) {
 
     private IdentityHashMap<Key<?>, Object> data(int size) {
       if (newdata == null) {
-        newdata = new IdentityHashMap<>(size);
+        newdata = new IdentityHashMap<>(base.data.size() + size);
+        newdata.putAll(base.data);
+        base = null;
       }
+      assert base == null;
       return newdata;
     }
 
@@ -243,12 +247,11 @@ public <T> Builder set(Key<T> key, T value) {
      * @return this
      */
     public <T> Builder discard(Key<T> key) {
-      if (base.data.containsKey(key)) {
-        IdentityHashMap<Key<?>, Object> newBaseData = new IdentityHashMap<>(base.data);
-        newBaseData.remove(key);
-        base = new Attributes(newBaseData);
-      }
-      if (newdata != null) {
+      if (base != null) {
+        if (base.data.containsKey(key)) {
+          data(0).remove(key);
+        }
+      } else {
         newdata.remove(key);
       }
       return this;
@@ -264,11 +267,6 @@ public Builder setAll(Attributes other) {
      */
     public Attributes build() {
       if (newdata != null) {
-        for (Map.Entry<Key<?>, Object> entry : base.data.entrySet()) {
-          if (!newdata.containsKey(entry.getKey())) {
-            newdata.put(entry.getKey(), entry.getValue());
-          }
-        }
         base = new Attributes(newdata);
         newdata = null;
       }

From afef4fe097f695db76f59f0d4fedc04eb2c1815b Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Thu, 28 Aug 2025 05:57:10 +0200
Subject: [PATCH 358/591] servlet: extract
 ServletServerStream.serializeHeaders() method (#12299)

---
 .../io/grpc/servlet/ServletServerStream.java     | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
index caab5caa8a9..0182f302698 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletServerStream.java
@@ -42,6 +42,7 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.function.BiConsumer;
 import java.util.function.Supplier;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -122,9 +123,13 @@ private void writeHeadersToServletResponse(Metadata metadata) {
     resp.setStatus(HttpServletResponse.SC_OK);
     resp.setContentType(CONTENT_TYPE_GRPC);
 
+    serializeHeaders(metadata, resp::addHeader);
+  }
+
+  private static void serializeHeaders(Metadata metadata, BiConsumer<String, String> consumer) {
     byte[][] serializedHeaders = TransportFrameUtil.toHttp2Headers(metadata);
     for (int i = 0; i < serializedHeaders.length; i += 2) {
-      resp.addHeader(
+      consumer.accept(
           new String(serializedHeaders[i], StandardCharsets.US_ASCII),
           new String(serializedHeaders[i + 1], StandardCharsets.US_ASCII));
     }
@@ -277,13 +282,8 @@ public void writeTrailers(Metadata trailers, boolean headersSent, Status status)
       if (!headersSent) {
         writeHeadersToServletResponse(trailers);
       } else {
-        byte[][] serializedHeaders = TransportFrameUtil.toHttp2Headers(trailers);
-        for (int i = 0; i < serializedHeaders.length; i += 2) {
-          String key = new String(serializedHeaders[i], StandardCharsets.US_ASCII);
-          String newValue = new String(serializedHeaders[i + 1], StandardCharsets.US_ASCII);
-          trailerSupplier.get().computeIfPresent(key, (k, v) -> v + "," + newValue);
-          trailerSupplier.get().putIfAbsent(key, newValue);
-        }
+        serializeHeaders(trailers,
+            (k, v) -> trailerSupplier.get().merge(k, v, (oldV, newV) -> oldV + "," + newV));
       }
 
       writer.complete();

From c643e68aa1faf7f1aabf8e789030c44323fc4f77 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 28 Aug 2025 01:06:48 -0700
Subject: [PATCH 359/591] binder: REMOTE_UID must hold exactly the uid passed
 to the SecurityPolicy and never change (#12314)

`attributes = setSecurityAttrs(attributes, remoteUid);` should not run
for :
- a malformed SETUP_TRANSPORT transaction
- a rogue SETUP_TRANSPORT transaction that arrives
post-TransportState.SETUP
---
 .../internal/BinderClientTransport.java       |  2 +-
 .../RobolectricBinderTransportTest.java       | 42 ++++++++++++++++++-
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index 95bd531aa41..82c9e17b871 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -330,7 +330,6 @@ void notifyTerminated() {
   @GuardedBy("this")
   protected void handleSetupTransport(Parcel parcel) {
     int remoteUid = Binder.getCallingUid();
-    attributes = setSecurityAttrs(attributes, remoteUid);
     if (inState(TransportState.SETUP)) {
       int version = parcel.readInt();
       IBinder binder = parcel.readStrongBinder();
@@ -340,6 +339,7 @@ protected void handleSetupTransport(Parcel parcel) {
         shutdownInternal(
             Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
       } else {
+        attributes = setSecurityAttrs(attributes, remoteUid);
         authResultFuture = checkServerAuthorizationAsync(remoteUid);
         Futures.addCallback(
             authResultFuture,
diff --git a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
index 7275c47d51c..8f1209f389b 100644
--- a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
@@ -16,7 +16,11 @@
 
 package io.grpc.binder.internal;
 
+import static android.os.Process.myUid;
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.binder.internal.BinderTransport.REMOTE_UID;
+import static io.grpc.binder.internal.BinderTransport.SETUP_TRANSPORT;
+import static io.grpc.binder.internal.BinderTransport.WIRE_FORMAT_VERSION;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.timeout;
@@ -28,6 +32,8 @@
 import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageInfo;
 import android.content.pm.ServiceInfo;
+import android.os.Binder;
+import android.os.Parcel;
 import androidx.test.core.app.ApplicationProvider;
 import androidx.test.core.content.pm.ApplicationInfoBuilder;
 import androidx.test.core.content.pm.PackageInfoBuilder;
@@ -38,9 +44,11 @@
 import io.grpc.binder.AndroidComponentAddress;
 import io.grpc.binder.ApiConstants;
 import io.grpc.binder.AsyncSecurityPolicy;
+import io.grpc.binder.SecurityPolicies;
 import io.grpc.binder.internal.SettableAsyncSecurityPolicy.AuthRequest;
 import io.grpc.internal.AbstractTransportTest;
 import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
+import io.grpc.internal.ConnectionClientTransport;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.ManagedClientTransport;
@@ -109,7 +117,7 @@ public static ImmutableList<Boolean> data() {
   public void setUp() {
     serverAppInfo =
         ApplicationInfoBuilder.newBuilder().setPackageName("the.server.package").build();
-    serverAppInfo.uid = android.os.Process.myUid();
+    serverAppInfo.uid = myUid();
     serverPkgInfo =
         PackageInfoBuilder.newBuilder()
             .setPackageName(serverAppInfo.packageName)
@@ -264,6 +272,38 @@ public void eagAttributeCanOverrideChannelPreAuthServerSetting() throws Exceptio
     verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportReady();
   }
 
+  @Test
+  public void clientIgnoresDuplicateSetupTransaction() throws Exception {
+    server.start(serverListener);
+    client =
+        newClientTransportBuilder()
+            .setFactory(
+                newClientTransportFactoryBuilder()
+                    .setSecurityPolicy(SecurityPolicies.internalOnly())
+                    .buildClientTransportFactory())
+            .build();
+    runIfNotNull(client.start(mockClientTransportListener));
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportReady();
+
+    assertThat(((ConnectionClientTransport) client).getAttributes().get(REMOTE_UID))
+        .isEqualTo(myUid());
+
+    Parcel setupParcel = Parcel.obtain();
+    try {
+      setupParcel.writeInt(WIRE_FORMAT_VERSION);
+      setupParcel.writeStrongBinder(new Binder());
+      setupParcel.setDataPosition(0);
+      ShadowBinder.setCallingUid(1 + myUid());
+      ((BinderClientTransport) client).handleTransaction(SETUP_TRANSPORT, setupParcel);
+    } finally {
+      ShadowBinder.setCallingUid(myUid());
+      setupParcel.recycle();
+    }
+
+    assertThat(((ConnectionClientTransport) client).getAttributes().get(REMOTE_UID))
+            .isEqualTo(myUid());
+  }
+
   @Test
   @Ignore("See BinderTransportTest#socketStats.")
   @Override

From cdd3202a1f04ad496259712f8004201b420cecc8 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 27 Aug 2025 15:22:36 -0700
Subject: [PATCH 360/591] interop-testing: Show full status for interop test
 failures

It's pretty annoying to see a test failure with
"expected:<DEADLINE_EXCEEDED> but was:<INTERNAL>" and not know the
description or throwable cause of the status. Introduce a convenience to
include the full status on unexpected Status.Code. There were two
usages of assertWithMessage() that did give nice errors; those were
converted to this new utility.

It'd be even better to make a StatusSubject, but that'd take more time
and this was easy and still an improvement. This was created because
we're seeing servlet test failures with INTERNAL code, and we need to
see the details.
---
 .../integration/AbstractInteropTest.java      | 43 +++++++++----------
 1 file changed, 21 insertions(+), 22 deletions(-)

diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index 88d570e7134..11455790497 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -483,7 +483,7 @@ public void clientCompressedUnary(boolean probe) throws Exception {
         blockingStub.unaryCall(expectCompressedRequest);
         fail("expected INVALID_ARGUMENT");
       } catch (StatusRuntimeException e) {
-        assertEquals(Status.INVALID_ARGUMENT.getCode(), e.getStatus().getCode());
+        assertCodeEquals(Status.Code.INVALID_ARGUMENT, e.getStatus());
       }
       assertStatsTrace("grpc.testing.TestService/UnaryCall", Status.Code.INVALID_ARGUMENT);
     }
@@ -652,7 +652,7 @@ public void clientCompressedStreaming(boolean probe) throws Exception {
       responseObserver.awaitCompletion(operationTimeoutMillis(), TimeUnit.MILLISECONDS);
       Throwable e = responseObserver.getError();
       assertNotNull("expected INVALID_ARGUMENT", e);
-      assertEquals(Status.INVALID_ARGUMENT.getCode(), Status.fromThrowable(e).getCode());
+      assertCodeEquals(Status.Code.INVALID_ARGUMENT, Status.fromThrowable(e));
     }
 
     // Start a new stream
@@ -801,8 +801,7 @@ public void cancelAfterBegin() throws Exception {
     requestObserver.onError(new RuntimeException());
     responseObserver.awaitCompletion();
     assertEquals(Arrays.<StreamingInputCallResponse>asList(), responseObserver.getValues());
-    assertEquals(Status.Code.CANCELLED,
-        Status.fromThrowable(responseObserver.getError()).getCode());
+    assertCodeEquals(Status.Code.CANCELLED, Status.fromThrowable(responseObserver.getError()));
 
     if (metricsExpected()) {
       MetricsRecord clientStartRecord = clientStatsRecorder.pollRecord(5, TimeUnit.SECONDS);
@@ -839,8 +838,7 @@ public void cancelAfterFirstResponse() throws Exception {
     requestObserver.onError(new RuntimeException());
     responseObserver.awaitCompletion(operationTimeoutMillis(), TimeUnit.MILLISECONDS);
     assertEquals(1, responseObserver.getValues().size());
-    assertEquals(Status.Code.CANCELLED,
-                 Status.fromThrowable(responseObserver.getError()).getCode());
+    assertCodeEquals(Status.Code.CANCELLED, Status.fromThrowable(responseObserver.getError()));
 
     assertStatsTrace("grpc.testing.TestService/FullDuplexCall", Status.Code.CANCELLED);
   }
@@ -1107,7 +1105,7 @@ public void deadlineExceeded() throws Exception {
       stub.streamingOutputCall(request).next();
       fail("Expected deadline to be exceeded");
     } catch (StatusRuntimeException ex) {
-      assertEquals(Status.DEADLINE_EXCEEDED.getCode(), ex.getStatus().getCode());
+      assertCodeEquals(Status.Code.DEADLINE_EXCEEDED, ex.getStatus());
       String desc = ex.getStatus().getDescription();
       assertTrue(desc,
           // There is a race between client and server-side deadline expiration.
@@ -1153,8 +1151,7 @@ public void deadlineExceededServerStreaming() throws Exception {
         .withDeadlineAfter(30, TimeUnit.MILLISECONDS)
         .streamingOutputCall(request, recorder);
     recorder.awaitCompletion();
-    assertEquals(Status.DEADLINE_EXCEEDED.getCode(),
-        Status.fromThrowable(recorder.getError()).getCode());
+    assertCodeEquals(Status.Code.DEADLINE_EXCEEDED, Status.fromThrowable(recorder.getError()));
     if (metricsExpected()) {
       // Stream may not have been created when deadline is exceeded, thus we don't check tracer
       // stats.
@@ -1179,7 +1176,7 @@ public void deadlineInPast() throws Exception {
           .emptyCall(Empty.getDefaultInstance());
       fail("Should have thrown");
     } catch (StatusRuntimeException ex) {
-      assertEquals(Status.Code.DEADLINE_EXCEEDED, ex.getStatus().getCode());
+      assertCodeEquals(Status.Code.DEADLINE_EXCEEDED, ex.getStatus());
       assertThat(ex.getStatus().getDescription())
           .startsWith("ClientCall started after CallOptions deadline was exceeded");
     }
@@ -1212,7 +1209,7 @@ public void deadlineInPast() throws Exception {
           .emptyCall(Empty.getDefaultInstance());
       fail("Should have thrown");
     } catch (StatusRuntimeException ex) {
-      assertEquals(Status.Code.DEADLINE_EXCEEDED, ex.getStatus().getCode());
+      assertCodeEquals(Status.Code.DEADLINE_EXCEEDED, ex.getStatus());
       assertThat(ex.getStatus().getDescription())
           .startsWith("ClientCall started after CallOptions deadline was exceeded");
     }
@@ -1278,8 +1275,7 @@ public void maxInboundSize_tooBig() {
       stub.streamingOutputCall(request).next();
       fail();
     } catch (StatusRuntimeException ex) {
-      Status s = ex.getStatus();
-      assertWithMessage(s.toString()).that(s.getCode()).isEqualTo(Status.Code.RESOURCE_EXHAUSTED);
+      assertCodeEquals(Status.Code.RESOURCE_EXHAUSTED, ex.getStatus());
       assertThat(Throwables.getStackTraceAsString(ex)).contains("exceeds maximum");
     }
   }
@@ -1334,8 +1330,7 @@ public void maxOutboundSize_tooBig() {
       stub.streamingOutputCall(request).next();
       fail();
     } catch (StatusRuntimeException ex) {
-      Status s = ex.getStatus();
-      assertWithMessage(s.toString()).that(s.getCode()).isEqualTo(Status.Code.CANCELLED);
+      assertCodeEquals(Status.Code.CANCELLED, ex.getStatus());
       assertThat(Throwables.getStackTraceAsString(ex)).contains("message too large");
     }
   }
@@ -1557,7 +1552,7 @@ public void statusCodeAndMessage() throws Exception {
       blockingStub.unaryCall(simpleRequest);
       fail();
     } catch (StatusRuntimeException e) {
-      assertEquals(Status.UNKNOWN.getCode(), e.getStatus().getCode());
+      assertCodeEquals(Status.Code.UNKNOWN, e.getStatus());
       assertEquals(errorMessage, e.getStatus().getDescription());
     }
     assertStatsTrace("grpc.testing.TestService/UnaryCall", Status.Code.UNKNOWN);
@@ -1573,7 +1568,7 @@ public void statusCodeAndMessage() throws Exception {
         .isTrue();
     assertThat(responseObserver.getError()).isNotNull();
     Status status = Status.fromThrowable(responseObserver.getError());
-    assertEquals(Status.UNKNOWN.getCode(), status.getCode());
+    assertCodeEquals(Status.Code.UNKNOWN, status);
     assertEquals(errorMessage, status.getDescription());
     assertStatsTrace("grpc.testing.TestService/FullDuplexCall", Status.Code.UNKNOWN);
   }
@@ -1593,7 +1588,7 @@ public void specialStatusMessage() throws Exception {
       blockingStub.unaryCall(simpleRequest);
       fail();
     } catch (StatusRuntimeException e) {
-      assertEquals(Status.UNKNOWN.getCode(), e.getStatus().getCode());
+      assertCodeEquals(Status.Code.UNKNOWN, e.getStatus());
       assertEquals(errorMessage, e.getStatus().getDescription());
     }
     assertStatsTrace("grpc.testing.TestService/UnaryCall", Status.Code.UNKNOWN);
@@ -1606,7 +1601,7 @@ public void unimplementedMethod() {
       blockingStub.unimplementedCall(Empty.getDefaultInstance());
       fail();
     } catch (StatusRuntimeException e) {
-      assertEquals(Status.UNIMPLEMENTED.getCode(), e.getStatus().getCode());
+      assertCodeEquals(Status.Code.UNIMPLEMENTED, e.getStatus());
     }
 
     assertClientStatsTrace("grpc.testing.TestService/UnimplementedCall",
@@ -1622,7 +1617,7 @@ public void unimplementedService() {
       stub.unimplementedCall(Empty.getDefaultInstance());
       fail();
     } catch (StatusRuntimeException e) {
-      assertEquals(Status.UNIMPLEMENTED.getCode(), e.getStatus().getCode());
+      assertCodeEquals(Status.Code.UNIMPLEMENTED, e.getStatus());
     }
 
     assertStatsTrace("grpc.testing.UnimplementedService/UnimplementedCall",
@@ -1652,8 +1647,8 @@ public void timeoutOnSleepingServer() throws Exception {
 
     assertTrue(responseObserver.awaitCompletion(operationTimeoutMillis(), TimeUnit.MILLISECONDS));
     assertEquals(0, responseObserver.getValues().size());
-    assertEquals(Status.DEADLINE_EXCEEDED.getCode(),
-                 Status.fromThrowable(responseObserver.getError()).getCode());
+    assertCodeEquals(
+        Status.Code.DEADLINE_EXCEEDED, Status.fromThrowable(responseObserver.getError()));
 
     if (metricsExpected()) {
       // CensusStreamTracerModule record final status in the interceptor, thus is guaranteed to be
@@ -2035,6 +2030,10 @@ private void assertPayload(Payload expected, Payload actual) {
     }
   }
 
+  private static void assertCodeEquals(Status.Code expected, Status actual) {
+    assertWithMessage("Unexpected status: %s", actual).that(actual.getCode()).isEqualTo(expected);
+  }
+
   /**
    * Captures the request attributes. Useful for testing ServerCalls.
    * {@link ServerCall#getAttributes()}

From ad5c6d557511d27cd07f8d57fb93387323556d4e Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 28 Aug 2025 15:58:39 -0700
Subject: [PATCH 361/591] binder: Replace queryIntentServices() hack with the
 new SystemApis.createContextAsUser()  (#12280)

createContextAsUser() wrapper makes the call to PackageManager's
resolveService() look the same in both the same-user and cross-user
cases. This is how the Android team recommends accessing XXXAsUser() APIs in
general.

We can also remove all the apologies for using reflection since
SystemApis already explains all that.
---
 .../grpc/binder/internal/ServiceBinding.java  | 69 +++++--------------
 .../binder/internal/ServiceBindingTest.java   |  9 +++
 2 files changed, 28 insertions(+), 50 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
index 3885afb19a8..3351736108e 100644
--- a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
+++ b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
@@ -17,6 +17,7 @@
 package io.grpc.binder.internal;
 
 import static com.google.common.base.Preconditions.checkState;
+import static io.grpc.binder.internal.SystemApis.createContextAsUser;
 
 import android.app.admin.DevicePolicyManager;
 import android.content.ComponentName;
@@ -32,13 +33,10 @@
 import androidx.annotation.AnyThread;
 import androidx.annotation.MainThread;
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.VerifyException;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Status;
 import io.grpc.StatusException;
 import io.grpc.binder.BinderChannelCredentials;
-import java.lang.reflect.Method;
-import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -93,8 +91,6 @@ public String methodName() {
   private final Observer observer;
   private final Executor mainThreadExecutor;
 
-  private static volatile Method queryIntentServicesAsUserMethod;
-
   @GuardedBy("this")
   private State state;
 
@@ -194,8 +190,10 @@ private static Status bindInternal(
           break;
         case BIND_SERVICE_AS_USER:
           if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+            // We don't need SystemApis because bindServiceAsUser() is simply public in R+.
             bindResult = context.bindServiceAsUser(bindIntent, conn, flags, targetUserHandle);
           } else {
+            // TODO(#12279): Use SystemApis to make this work pre-R.
             return Status.INTERNAL.withDescription("Cross user Channel requires Android R+");
           }
           break;
@@ -266,51 +264,9 @@ void unbindInternal(Status reason) {
     }
   }
 
-  // Sadly the PackageManager#resolveServiceAsUser() API we need isn't part of the SDK or even a
-  // @SystemApi as of this writing. Modern Android prevents even system apps from calling it, by any
-  // means (https://developer.android.com/guide/app-compatibility/restrictions-non-sdk-interfaces).
-  // So instead we call queryIntentServicesAsUser(), which does more than we need but *is* a
-  // @SystemApi in all the SDK versions where we support cross-user Channels.
-  @Nullable
-  private static ResolveInfo resolveServiceAsUser(
-      PackageManager packageManager, Intent intent, int flags, UserHandle targetUserHandle) {
-    List<ResolveInfo> results =
-        queryIntentServicesAsUser(packageManager, intent, flags, targetUserHandle);
-    // The first query result is "what would be returned by resolveService", per the javadoc.
-    return (results != null && !results.isEmpty()) ? results.get(0) : null;
-  }
-
-  // The cross-user Channel feature requires the client to be a system app so we assume @SystemApi
-  // queryIntentServicesAsUser() is visible to us at runtime. It would be visible at build time too,
-  // if our host system app were written to call it directly. We only have to use reflection here
-  // because grpc-java is a library built outside the Android source tree where the compiler can't
-  // see the "non-SDK" @SystemApis that we need.
-  @Nullable
-  @SuppressWarnings("unchecked") // Safe by PackageManager#queryIntentServicesAsUser spec in AOSP.
-  private static List<ResolveInfo> queryIntentServicesAsUser(
-      PackageManager packageManager, Intent intent, int flags, UserHandle targetUserHandle) {
-    try {
-      if (queryIntentServicesAsUserMethod == null) {
-        synchronized (ServiceBinding.class) {
-          if (queryIntentServicesAsUserMethod == null) {
-            queryIntentServicesAsUserMethod =
-                PackageManager.class.getMethod(
-                    "queryIntentServicesAsUser", Intent.class, int.class, UserHandle.class);
-          }
-        }
-      }
-      return (List<ResolveInfo>)
-          queryIntentServicesAsUserMethod.invoke(packageManager, intent, flags, targetUserHandle);
-    } catch (ReflectiveOperationException e) {
-      throw new VerifyException(e);
-    }
-  }
-
   @AnyThread
   @Override
   public ServiceInfo resolve() throws StatusException {
-    checkState(sourceContext != null);
-    PackageManager packageManager = sourceContext.getPackageManager();
     int flags = 0;
     if (Build.VERSION.SDK_INT >= 29) {
       // Filter out non-'directBootAware' <service>s when 'targetUserHandle' is locked. Here's why:
@@ -320,9 +276,9 @@ public ServiceInfo resolve() throws StatusException {
       flags |= PackageManager.MATCH_DIRECT_BOOT_AUTO;
     }
     ResolveInfo resolveInfo =
-        targetUserHandle != null
-            ? resolveServiceAsUser(packageManager, bindIntent, flags, targetUserHandle)
-            : packageManager.resolveService(bindIntent, flags);
+        getContextForTargetUser("Cross-user pre-auth")
+            .getPackageManager()
+            .resolveService(bindIntent, flags);
     if (resolveInfo == null) {
       throw Status.UNIMPLEMENTED // Same status code as when bindService() returns false.
           .withDescription("resolveService(" + bindIntent + " / " + targetUserHandle + ") was null")
@@ -331,6 +287,19 @@ public ServiceInfo resolve() throws StatusException {
     return resolveInfo.serviceInfo;
   }
 
+  private Context getContextForTargetUser(String purpose) throws StatusException {
+    checkState(sourceContext != null, "Already unbound!");
+    try {
+      return targetUserHandle == null
+          ? sourceContext
+          : createContextAsUser(sourceContext, targetUserHandle, /* flags= */ 0);
+    } catch (ReflectiveOperationException e) {
+      throw Status.INTERNAL
+          .withDescription(purpose + " requires SDK_INT >= R and @SystemApi visibility")
+          .asException();
+    }
+  }
+
   @MainThread
   private void clearReferences() {
     sourceContext = null;
diff --git a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
index 2079b0eed2c..0875881dcc5 100644
--- a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
@@ -304,6 +304,15 @@ public void testResolveWithTargetUserHandle() throws Exception {
     assertThat(resolvedServiceInfo.processName).isEqualTo(serviceInfo.processName);
   }
 
+  @Test
+  @Config(sdk = 29)
+  public void testResolveWithUnsupportedTargetUserHandle() throws Exception {
+    binding = newBuilder().setTargetUserHandle(generateUserHandle(/* userId= */ 0)).build();
+    StatusException statusException = assertThrows(StatusException.class, binding::resolve);
+    assertThat(statusException.getStatus().getCode()).isEqualTo(Code.INTERNAL);
+    assertThat(statusException.getStatus().getDescription()).contains("SDK_INT >= R");
+  }
+
   @Test
   public void testResolveNonExistentServiceThrows() throws Exception {
     ComponentName doesNotExistService = new ComponentName("does.not.exist", "NoService");

From 7322c075ba048f06281149d40084b37b3323e341 Mon Sep 17 00:00:00 2001
From: Lam Gia Thuan <22922064+duckladydinh@users.noreply.github.com>
Date: Thu, 28 Aug 2025 23:07:14 +0000
Subject: [PATCH 362/591] bazel: Use java/proto rules from
 rules_java/rules_proto instead of native rules

It's discouraged in modern Bazel to use native rules and will make it
difficult for modules dependent on grpc-java to fully migrate to new
versions of Bazel (like grpc-kotlin).

For example, try building this repo using:

```bash
$ bazelisk build ... --incompatible_autoload_externally=
```

It will fail.

**IMPORTANT**: Now you still see errors after this commit, but it's
better because the errors come from `@protobuf`, not `@grpc-java`.
---
 BUILD.bazel               | 1 +
 alts/BUILD.bazel          | 1 +
 api/BUILD.bazel           | 1 +
 auth/BUILD.bazel          | 1 +
 census/BUILD.bazel        | 1 +
 compiler/BUILD.bazel      | 1 +
 context/BUILD.bazel       | 1 +
 core/BUILD.bazel          | 1 +
 googleapis/BUILD.bazel    | 1 +
 grpclb/BUILD.bazel        | 1 +
 inprocess/BUILD.bazel     | 1 +
 java_grpc_library.bzl     | 2 +-
 netty/BUILD.bazel         | 1 +
 netty/shaded/BUILD.bazel  | 1 +
 okhttp/BUILD.bazel        | 1 +
 protobuf-lite/BUILD.bazel | 1 +
 protobuf/BUILD.bazel      | 1 +
 rls/BUILD.bazel           | 1 +
 s2a/BUILD.bazel           | 1 +
 services/BUILD.bazel      | 1 +
 stub/BUILD.bazel          | 1 +
 testing-proto/BUILD.bazel | 2 ++
 testing/BUILD.bazel       | 1 +
 util/BUILD.bazel          | 1 +
 xds/BUILD.bazel           | 2 ++
 25 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/BUILD.bazel b/BUILD.bazel
index 8350ed9aa39..fee2c0bd12d 100644
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+load("@rules_java//java:defs.bzl", "java_library", "java_plugin", "java_proto_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load(":java_grpc_library.bzl", "java_grpc_library")
 
diff --git a/alts/BUILD.bazel b/alts/BUILD.bazel
index 3595064ffa4..2d9d3508461 100644
--- a/alts/BUILD.bazel
+++ b/alts/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library", "java_proto_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("@rules_proto//proto:defs.bzl", "proto_library")
 load("//:java_grpc_library.bzl", "java_grpc_library")
diff --git a/api/BUILD.bazel b/api/BUILD.bazel
index 965d14a9eb0..4c5e750b5e4 100644
--- a/api/BUILD.bazel
+++ b/api/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/auth/BUILD.bazel b/auth/BUILD.bazel
index a19562fa7f7..da44243e583 100644
--- a/auth/BUILD.bazel
+++ b/auth/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/census/BUILD.bazel b/census/BUILD.bazel
index 36be88fc3d8..f017eeaf8bd 100644
--- a/census/BUILD.bazel
+++ b/census/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/compiler/BUILD.bazel b/compiler/BUILD.bazel
index 6d885ef3f69..30ff3ce5dff 100644
--- a/compiler/BUILD.bazel
+++ b/compiler/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_cc//cc:defs.bzl", "cc_binary")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "java_rpc_toolchain")
diff --git a/context/BUILD.bazel b/context/BUILD.bazel
index d0c4b04ce00..fad8e2ef881 100644
--- a/context/BUILD.bazel
+++ b/context/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 java_library(
     name = "context",
     visibility = ["//visibility:public"],
diff --git a/core/BUILD.bazel b/core/BUILD.bazel
index 6dd5199b5c0..1a743ff9eda 100644
--- a/core/BUILD.bazel
+++ b/core/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/googleapis/BUILD.bazel b/googleapis/BUILD.bazel
index 9ce4179f7b7..42632e0f99d 100644
--- a/googleapis/BUILD.bazel
+++ b/googleapis/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/grpclb/BUILD.bazel b/grpclb/BUILD.bazel
index 902ae7f47d4..ca9975b7ce6 100644
--- a/grpclb/BUILD.bazel
+++ b/grpclb/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "java_grpc_library")
 
diff --git a/inprocess/BUILD.bazel b/inprocess/BUILD.bazel
index bef38612713..e9c5001c5ec 100644
--- a/inprocess/BUILD.bazel
+++ b/inprocess/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/java_grpc_library.bzl b/java_grpc_library.bzl
index 2caa161b268..aaebfe3f933 100644
--- a/java_grpc_library.bzl
+++ b/java_grpc_library.bzl
@@ -1,5 +1,5 @@
 """Build rule for java_grpc_library."""
-
+load("@rules_proto//proto:defs.bzl", "ProtoInfo")
 load("@rules_java//java:defs.bzl", "JavaInfo", "JavaPluginInfo", "java_common")
 
 _JavaRpcToolchainInfo = provider(
diff --git a/netty/BUILD.bazel b/netty/BUILD.bazel
index 52fdcb19fd8..8253d1f5bff 100644
--- a/netty/BUILD.bazel
+++ b/netty/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/netty/shaded/BUILD.bazel b/netty/shaded/BUILD.bazel
index 6248f406de9..0a93907bd2f 100644
--- a/netty/shaded/BUILD.bazel
+++ b/netty/shaded/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 # Publicly exposed in //netty package. Purposefully does not export any symbols.
diff --git a/okhttp/BUILD.bazel b/okhttp/BUILD.bazel
index 80068c9bb5b..74a9f7a4300 100644
--- a/okhttp/BUILD.bazel
+++ b/okhttp/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/protobuf-lite/BUILD.bazel b/protobuf-lite/BUILD.bazel
index dad794e8b58..97a5e492d80 100644
--- a/protobuf-lite/BUILD.bazel
+++ b/protobuf-lite/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/protobuf/BUILD.bazel b/protobuf/BUILD.bazel
index 02a136554d2..a31f8b6f6f5 100644
--- a/protobuf/BUILD.bazel
+++ b/protobuf/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/rls/BUILD.bazel b/rls/BUILD.bazel
index bfa0c7eee97..70c17a9c8b6 100644
--- a/rls/BUILD.bazel
+++ b/rls/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "java_grpc_library")
 
diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
index 807103bde4e..943ae9ece46 100644
--- a/s2a/BUILD.bazel
+++ b/s2a/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/services/BUILD.bazel b/services/BUILD.bazel
index 9ac894ffaee..ba9d334a5c9 100644
--- a/services/BUILD.bazel
+++ b/services/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "java_grpc_library")
 
diff --git a/stub/BUILD.bazel b/stub/BUILD.bazel
index 692ebd6059f..f9188c27272 100644
--- a/stub/BUILD.bazel
+++ b/stub/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/testing-proto/BUILD.bazel b/testing-proto/BUILD.bazel
index 985dbd9777e..f02957c6fc3 100644
--- a/testing-proto/BUILD.bazel
+++ b/testing-proto/BUILD.bazel
@@ -1,3 +1,5 @@
+load("@rules_java//java:defs.bzl", "java_proto_library")
+load("@rules_proto//proto:defs.bzl", "proto_library")
 load("//:java_grpc_library.bzl", "java_grpc_library")
 
 proto_library(
diff --git a/testing/BUILD.bazel b/testing/BUILD.bazel
index 78f9b840754..d280ab97ee1 100644
--- a/testing/BUILD.bazel
+++ b/testing/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/util/BUILD.bazel b/util/BUILD.bazel
index 8fb00e21d56..32d5a367b95 100644
--- a/util/BUILD.bazel
+++ b/util/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 
 java_library(
diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index 203fa2c3d71..627bfdd62a5 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -1,3 +1,5 @@
+load("@rules_java//java:defs.bzl", "java_binary", "java_library", "java_proto_library", "java_test")
+load("@rules_proto//proto:defs.bzl", "proto_library")
 load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "INTERNAL_java_grpc_library_for_xds", "java_grpc_library", "java_rpc_toolchain")

From 3d5eff99ec7061d56351e098fed1497ebef1992d Mon Sep 17 00:00:00 2001
From: Hongxu Xu <xuhongxu96@gmail.com>
Date: Thu, 28 Aug 2025 19:12:16 -0400
Subject: [PATCH 363/591] bazel: remove unnecessary build deps (#12310)

---
 grpclb/BUILD.bazel | 1 -
 s2a/BUILD.bazel    | 1 -
 xds/BUILD.bazel    | 1 -
 3 files changed, 3 deletions(-)

diff --git a/grpclb/BUILD.bazel b/grpclb/BUILD.bazel
index ca9975b7ce6..4612968ebcd 100644
--- a/grpclb/BUILD.bazel
+++ b/grpclb/BUILD.bazel
@@ -17,7 +17,6 @@ java_library(
         "//context",
         "//core:internal",
         "//stub",
-        "//util",
         "@com_google_protobuf//:protobuf_java_util",
         "@io_grpc_grpc_proto//:grpclb_load_balancer_java_proto",
         artifact("com.google.code.findbugs:jsr305"),
diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
index 943ae9ece46..6f58670534b 100644
--- a/s2a/BUILD.bazel
+++ b/s2a/BUILD.bazel
@@ -57,7 +57,6 @@ java_library(
     ],
     deps = [
         ":token_manager",
-        ":s2a_channel_pool",
         ":s2a_identity",
         "//api",
         "//core:internal",
diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index 627bfdd62a5..66c790a654d 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -344,7 +344,6 @@ java_library(
         "//api",
         "//core:internal",
         "//stub",
-        "//testing",
         "//testing-proto:simpleservice_java_grpc",
         "//testing-proto:simpleservice_java_proto",
         "//util",

From 4f6948f594a5cf5775ef3f2f8f236ac91e3e2ad0 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 29 Aug 2025 12:00:22 +0530
Subject: [PATCH 364/591] Remove org.apache.tomcat:annotations-api from README
 (#12320)

With the default @generated=omit option used by grpc-compiler, it is no longer necessary to have the compile-only dependency on org.apache.tomcat:annotations-api.
---
 README.md | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/README.md b/README.md
index d7e57a9f80c..d696164ee32 100644
--- a/README.md
+++ b/README.md
@@ -69,12 +69,6 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
   <artifactId>grpc-stub</artifactId>
   <version>1.75.0</version>
 </dependency>
-<dependency> <!-- necessary for Java 9+ -->
-  <groupId>org.apache.tomcat</groupId>
-  <artifactId>annotations-api</artifactId>
-  <version>6.0.53</version>
-  <scope>provided</scope>
-</dependency>
 ```
 
 Or for Gradle with non-Android, add to your dependencies:
@@ -82,7 +76,6 @@ Or for Gradle with non-Android, add to your dependencies:
 runtimeOnly 'io.grpc:grpc-netty-shaded:1.75.0'
 implementation 'io.grpc:grpc-protobuf:1.75.0'
 implementation 'io.grpc:grpc-stub:1.75.0'
-compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
@@ -91,7 +84,6 @@ For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 implementation 'io.grpc:grpc-okhttp:1.75.0'
 implementation 'io.grpc:grpc-protobuf-lite:1.75.0'
 implementation 'io.grpc:grpc-stub:1.75.0'
-compileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
 ```
 
 For [Bazel](https://bazel.build), you can either

From d9509b5bb3b9525669346124c7560f1fda5a3638 Mon Sep 17 00:00:00 2001
From: zrlw <zrlw@sina.com>
Date: Sat, 30 Aug 2025 05:01:11 +0800
Subject: [PATCH 365/591] Upgrade guava version to 33.4.8 (#12219)

Guava seems to call a deprecated sun.misc.Unsafe::objectFieldOffset
method which might be removed in a future JDK release.
There are still a few things to do for -android versions, which are
tracked in https://github.com/google/guava/issues/7742,
see details at google/guava#7811

Fixes #12215
---
 MODULE.bazel                                     |  6 +++---
 core/build.gradle                                |  2 +-
 cronet/build.gradle                              |  1 +
 examples/android/clientcache/settings.gradle     | 16 ++++++++++++++++
 examples/android/helloworld/settings.gradle      | 16 ++++++++++++++++
 examples/android/routeguide/settings.gradle      | 16 ++++++++++++++++
 examples/android/strictmode/settings.gradle      | 16 ++++++++++++++++
 examples/example-alts/settings.gradle            | 14 ++++++++++++++
 examples/example-debug/settings.gradle           | 16 ++++++++++++++++
 examples/example-dualstack/settings.gradle       | 14 ++++++++++++++
 examples/example-gauth/settings.gradle           | 14 ++++++++++++++
 .../settings.gradle                              | 16 ++++++++++++++++
 .../example-gcp-observability/settings.gradle    | 16 ++++++++++++++++
 examples/example-hostname/settings.gradle        | 16 ++++++++++++++++
 examples/example-jwt-auth/settings.gradle        | 14 ++++++++++++++
 examples/example-oauth/settings.gradle           | 14 ++++++++++++++
 examples/example-opentelemetry/settings.gradle   | 16 ++++++++++++++++
 examples/example-orca/settings.gradle            | 16 ++++++++++++++++
 examples/example-reflection/settings.gradle      | 16 ++++++++++++++++
 examples/example-servlet/settings.gradle         | 14 ++++++++++++++
 examples/example-tls/settings.gradle             | 14 ++++++++++++++
 examples/example-xds/settings.gradle             | 16 ++++++++++++++++
 examples/settings.gradle                         | 14 ++++++++++++++
 gradle/libs.versions.toml                        | 14 +++++---------
 repositories.bzl                                 |  6 +++---
 s2a/build.gradle                                 |  1 +
 settings.gradle                                  | 13 +++++++++++++
 27 files changed, 331 insertions(+), 16 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 7d49c4e4b49..4465f46e6c5 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -15,9 +15,9 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.11.0",
-    "com.google.errorprone:error_prone_annotations:2.30.0",
+    "com.google.errorprone:error_prone_annotations:2.36.0",
     "com.google.guava:failureaccess:1.0.1",
-    "com.google.guava:guava:33.3.1-android",
+    "com.google.guava:guava:33.4.8-android",
     "com.google.re2j:re2j:1.8",
     "com.google.s2a.proto.v2:s2a-proto:0.1.2",
     "com.google.truth:truth:1.4.2",
@@ -41,7 +41,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
-    "org.checkerframework:checker-qual:3.12.0",
+    "org.checkerframework:checker-qual:3.49.5",
     "org.codehaus.mojo:animal-sniffer-annotations:1.24",
 ]
 # GRPC_DEPS_END
diff --git a/core/build.gradle b/core/build.gradle
index 2fac9ddba04..b320f326b41 100644
--- a/core/build.gradle
+++ b/core/build.gradle
@@ -1,6 +1,6 @@
 buildscript {
     dependencies {
-        classpath 'com.google.guava:guava:30.0-android'
+        classpath 'com.google.guava:guava:33.4.8-android'
     }
 }
 
diff --git a/cronet/build.gradle b/cronet/build.gradle
index 0715b4129bf..d6d773a97e4 100644
--- a/cronet/build.gradle
+++ b/cronet/build.gradle
@@ -46,6 +46,7 @@ dependencies {
             libraries.cronet.api
     implementation project(':grpc-core')
     implementation libraries.guava
+    implementation 'org.checkerframework:checker-qual:3.49.5'
     testImplementation project(':grpc-testing')
 
     testImplementation libraries.cronet.embedded
diff --git a/examples/android/clientcache/settings.gradle b/examples/android/clientcache/settings.gradle
index e7b4def49cb..6208d70e838 100644
--- a/examples/android/clientcache/settings.gradle
+++ b/examples/android/clientcache/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 include ':app'
diff --git a/examples/android/helloworld/settings.gradle b/examples/android/helloworld/settings.gradle
index e7b4def49cb..6208d70e838 100644
--- a/examples/android/helloworld/settings.gradle
+++ b/examples/android/helloworld/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 include ':app'
diff --git a/examples/android/routeguide/settings.gradle b/examples/android/routeguide/settings.gradle
index e7b4def49cb..6208d70e838 100644
--- a/examples/android/routeguide/settings.gradle
+++ b/examples/android/routeguide/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 include ':app'
diff --git a/examples/android/strictmode/settings.gradle b/examples/android/strictmode/settings.gradle
index e7b4def49cb..6208d70e838 100644
--- a/examples/android/strictmode/settings.gradle
+++ b/examples/android/strictmode/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 include ':app'
diff --git a/examples/example-alts/settings.gradle b/examples/example-alts/settings.gradle
index c665ff96674..6bd0f0cdc2d 100644
--- a/examples/example-alts/settings.gradle
+++ b/examples/example-alts/settings.gradle
@@ -1,4 +1,18 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+
     repositories {
         gradlePluginPortal()
     }
diff --git a/examples/example-debug/settings.gradle b/examples/example-debug/settings.gradle
index 3700c983b6c..48c08629ca9 100644
--- a/examples/example-debug/settings.gradle
+++ b/examples/example-debug/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 rootProject.name = 'example-debug'
diff --git a/examples/example-dualstack/settings.gradle b/examples/example-dualstack/settings.gradle
index 49a762696f7..160d5134334 100644
--- a/examples/example-dualstack/settings.gradle
+++ b/examples/example-dualstack/settings.gradle
@@ -1,4 +1,18 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+
     repositories {
         gradlePluginPortal()
     }
diff --git a/examples/example-gauth/settings.gradle b/examples/example-gauth/settings.gradle
index c665ff96674..6bd0f0cdc2d 100644
--- a/examples/example-gauth/settings.gradle
+++ b/examples/example-gauth/settings.gradle
@@ -1,4 +1,18 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+
     repositories {
         gradlePluginPortal()
     }
diff --git a/examples/example-gcp-csm-observability/settings.gradle b/examples/example-gcp-csm-observability/settings.gradle
index 6b7615117d6..44e6f340ede 100644
--- a/examples/example-gcp-csm-observability/settings.gradle
+++ b/examples/example-gcp-csm-observability/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 rootProject.name = 'example-gcp-csm-observability'
diff --git a/examples/example-gcp-observability/settings.gradle b/examples/example-gcp-observability/settings.gradle
index 1e4ba3812eb..39efc20a459 100644
--- a/examples/example-gcp-observability/settings.gradle
+++ b/examples/example-gcp-observability/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 rootProject.name = 'example-gcp-observability'
diff --git a/examples/example-hostname/settings.gradle b/examples/example-hostname/settings.gradle
index aa159eb0946..5bd641b3fc1 100644
--- a/examples/example-hostname/settings.gradle
+++ b/examples/example-hostname/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 rootProject.name = 'hostname'
diff --git a/examples/example-jwt-auth/settings.gradle b/examples/example-jwt-auth/settings.gradle
index c665ff96674..6bd0f0cdc2d 100644
--- a/examples/example-jwt-auth/settings.gradle
+++ b/examples/example-jwt-auth/settings.gradle
@@ -1,4 +1,18 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+
     repositories {
         gradlePluginPortal()
     }
diff --git a/examples/example-oauth/settings.gradle b/examples/example-oauth/settings.gradle
index c665ff96674..6bd0f0cdc2d 100644
--- a/examples/example-oauth/settings.gradle
+++ b/examples/example-oauth/settings.gradle
@@ -1,4 +1,18 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+
     repositories {
         gradlePluginPortal()
     }
diff --git a/examples/example-opentelemetry/settings.gradle b/examples/example-opentelemetry/settings.gradle
index ff7ea3fc2be..26e3bea044b 100644
--- a/examples/example-opentelemetry/settings.gradle
+++ b/examples/example-opentelemetry/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 rootProject.name = 'example-opentelemetry'
diff --git a/examples/example-orca/settings.gradle b/examples/example-orca/settings.gradle
index 3c62dc663ce..12536c0ca8d 100644
--- a/examples/example-orca/settings.gradle
+++ b/examples/example-orca/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 rootProject.name = 'example-orca'
diff --git a/examples/example-reflection/settings.gradle b/examples/example-reflection/settings.gradle
index dccb973085e..28e44b77905 100644
--- a/examples/example-reflection/settings.gradle
+++ b/examples/example-reflection/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 rootProject.name = 'example-reflection'
diff --git a/examples/example-servlet/settings.gradle b/examples/example-servlet/settings.gradle
index c665ff96674..6bd0f0cdc2d 100644
--- a/examples/example-servlet/settings.gradle
+++ b/examples/example-servlet/settings.gradle
@@ -1,4 +1,18 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+
     repositories {
         gradlePluginPortal()
     }
diff --git a/examples/example-tls/settings.gradle b/examples/example-tls/settings.gradle
index c665ff96674..6bd0f0cdc2d 100644
--- a/examples/example-tls/settings.gradle
+++ b/examples/example-tls/settings.gradle
@@ -1,4 +1,18 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+
     repositories {
         gradlePluginPortal()
     }
diff --git a/examples/example-xds/settings.gradle b/examples/example-xds/settings.gradle
index 878f1f23ae3..4197fa6760d 100644
--- a/examples/example-xds/settings.gradle
+++ b/examples/example-xds/settings.gradle
@@ -1 +1,17 @@
+pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+}
+
 rootProject.name = 'example-xds'
diff --git a/examples/settings.gradle b/examples/settings.gradle
index dadd24b1c0f..4d39e8b45ba 100644
--- a/examples/settings.gradle
+++ b/examples/settings.gradle
@@ -1,4 +1,18 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
+
     repositories {
         gradlePluginPortal()
     }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index a374ba5aa73..e66f253fc21 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -31,11 +31,7 @@ commons-math3 = "org.apache.commons:commons-math3:3.6.1"
 conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
 cronet-api = "org.chromium.net:cronet-api:119.6045.31"
 cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
-# error-prone 2.31.0+ blocked on https://github.com/grpc/grpc-java/issues/10152
-# It breaks Bazel (ArrayIndexOutOfBoundsException in turbine) and Dexing ("D8:
-# java.lang.NullPointerException"). We can trivially upgrade the Bazel CI to
-# 6.3.0+ (https://github.com/bazelbuild/bazel/issues/18743).
-errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.30.0"
+errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.36.0"
 # error-prone 2.32.0+ require Java 17+
 errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
 google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.59.2"
@@ -47,13 +43,13 @@ google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.24.1
 google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.1"
 # 2.12.1 requires error_prone_annotations:2.36.0 but we are stuck with 2.30.0
 gson = "com.google.code.gson:gson:2.11.0"
-# 33.4.0 requires com.google.errorprone:error_prone_annotations:2.36.0 but we are stuck with 2.30.0 (see above)
-guava = "com.google.guava:guava:33.3.1-android"
+# 33.4.8 requires com.google.errorprone:error_prone_annotations:2.36.0
+guava = "com.google.guava:guava:33.4.8-android"
 guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
-guava-testlib = "com.google.guava:guava-testlib:33.3.1-android"
+guava-testlib = "com.google.guava:guava-testlib:33.4.8-android"
 # JRE version is needed for projects where its a transitive dependency, f.e. gcp-observability.
 # May be different from the -android version.
-guava-jre = "com.google.guava:guava:33.3.1-jre"
+guava-jre = "com.google.guava:guava:33.4.8-jre"
 hdrhistogram = "org.hdrhistogram:HdrHistogram:2.2.2"
 # 6.0.0+ use java.lang.Deprecated forRemoval and since from Java 9
 jakarta-servlet-api = "jakarta.servlet:jakarta.servlet-api:5.0.0"
diff --git a/repositories.bzl b/repositories.bzl
index 47609ae7671..4b9d0327b66 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -19,9 +19,9 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.11.0",
-    "com.google.errorprone:error_prone_annotations:2.30.0",
+    "com.google.errorprone:error_prone_annotations:2.36.0",
     "com.google.guava:failureaccess:1.0.1",
-    "com.google.guava:guava:33.3.1-android",
+    "com.google.guava:guava:33.4.8-android",
     "com.google.re2j:re2j:1.8",
     "com.google.s2a.proto.v2:s2a-proto:0.1.2",
     "com.google.truth:truth:1.4.2",
@@ -45,7 +45,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
-    "org.checkerframework:checker-qual:3.12.0",
+    "org.checkerframework:checker-qual:3.49.5",
     "org.codehaus.mojo:animal-sniffer-annotations:1.24",
 ]
 # GRPC_DEPS_END
diff --git a/s2a/build.gradle b/s2a/build.gradle
index 1e48e2bb297..012411c19ba 100644
--- a/s2a/build.gradle
+++ b/s2a/build.gradle
@@ -12,6 +12,7 @@ description = "gRPC: S2A"
 
 dependencies {
     implementation libraries.s2a.proto
+    implementation 'org.checkerframework:checker-qual:3.49.5'
 
     api project(':grpc-api')
     implementation project(':grpc-stub'),
diff --git a/settings.gradle b/settings.gradle
index 22a49f0c3be..f4df1105090 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -1,4 +1,17 @@
 pluginManagement {
+    // https://issuetracker.google.com/issues/342522142#comment8
+    // use D8/R8 8.0.44 or 8.1.44 with AGP 7.4 if needed.
+    buildscript {
+        repositories {
+            mavenCentral()
+            maven {
+                url = uri("https://storage.googleapis.com/r8-releases/raw")
+            }
+        }
+        dependencies {
+            classpath("com.android.tools:r8:8.1.44")
+        }
+    }
     plugins {
         // https://developer.android.com/build/releases/gradle-plugin
         // 8+ has many changes: https://github.com/grpc/grpc-java/issues/10152

From 9746bb4bc3dd4c71c4992c35b1e2b93db70f6fcd Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Mon, 1 Sep 2025 13:10:09 +0530
Subject: [PATCH 366/591] allow java21 in jre matrix (#12281)

---
 .github/workflows/testing.yml                 |  2 +-
 .../main/java/io/grpc/StatusException.java    |  2 +
 .../java/io/grpc/StatusRuntimeException.java  |  2 +
 .../grpc/internal/AbstractClientStream.java   |  3 +-
 .../grpc/internal/AbstractServerStream.java   |  3 +-
 .../java/io/grpc/internal/AbstractStream.java |  5 +-
 .../main/java/io/grpc/internal/JsonUtil.java  |  6 +-
 .../AnonymousInProcessSocketAddress.java      |  7 +++
 .../netty/GrpcHttp2ConnectionHandler.java     |  1 +
 .../java/io/grpc/servlet/GrpcServlet.java     |  1 +
 .../io/grpc/util/MultiChildLoadBalancer.java  |  2 +
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 63 +++++++++++--------
 12 files changed, 63 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 0f099cbcac7..4fe75b0be78 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        jre: [8, 11, 17]
+        jre: [8, 11, 17, 21]
       fail-fast: false # Should swap to true if we grow a large matrix
 
     steps:
diff --git a/api/src/main/java/io/grpc/StatusException.java b/api/src/main/java/io/grpc/StatusException.java
index f9416bf72e3..2a235c3aaaf 100644
--- a/api/src/main/java/io/grpc/StatusException.java
+++ b/api/src/main/java/io/grpc/StatusException.java
@@ -25,7 +25,9 @@
  */
 public class StatusException extends Exception {
   private static final long serialVersionUID = -660954903976144640L;
+  @SuppressWarnings("serial")   // https://github.com/grpc/grpc-java/issues/1913
   private final Status status;
+  @SuppressWarnings("serial")
   private final Metadata trailers;
 
   /**
diff --git a/api/src/main/java/io/grpc/StatusRuntimeException.java b/api/src/main/java/io/grpc/StatusRuntimeException.java
index dd22d6b2486..ebcc2f0d671 100644
--- a/api/src/main/java/io/grpc/StatusRuntimeException.java
+++ b/api/src/main/java/io/grpc/StatusRuntimeException.java
@@ -26,7 +26,9 @@
 public class StatusRuntimeException extends RuntimeException {
 
   private static final long serialVersionUID = 1950934672280720624L;
+  @SuppressWarnings("serial")   // https://github.com/grpc/grpc-java/issues/1913
   private final Status status;
+  @SuppressWarnings("serial")
   private final Metadata trailers;
 
   /**
diff --git a/core/src/main/java/io/grpc/internal/AbstractClientStream.java b/core/src/main/java/io/grpc/internal/AbstractClientStream.java
index 9718f8c5171..14fd5888147 100644
--- a/core/src/main/java/io/grpc/internal/AbstractClientStream.java
+++ b/core/src/main/java/io/grpc/internal/AbstractClientStream.java
@@ -101,6 +101,7 @@ void writeFrame(
    */
   private volatile boolean cancelled;
 
+  @SuppressWarnings("this-escape")
   protected AbstractClientStream(
       WritableBufferAllocator bufferAllocator,
       StatsTraceContext statsTraceCtx,
@@ -113,7 +114,7 @@ protected AbstractClientStream(
     this.shouldBeCountedForInUse = GrpcUtil.shouldBeCountedForInUse(callOptions);
     this.useGet = useGet;
     if (!useGet) {
-      framer = new MessageFramer(this, bufferAllocator, statsTraceCtx);
+      this.framer = new MessageFramer(this, bufferAllocator, statsTraceCtx);
       this.headers = headers;
     } else {
       framer = new GetFramer(headers, statsTraceCtx);
diff --git a/core/src/main/java/io/grpc/internal/AbstractServerStream.java b/core/src/main/java/io/grpc/internal/AbstractServerStream.java
index a535330f4b1..c468cba978a 100644
--- a/core/src/main/java/io/grpc/internal/AbstractServerStream.java
+++ b/core/src/main/java/io/grpc/internal/AbstractServerStream.java
@@ -75,10 +75,11 @@ protected interface Sink {
   private boolean outboundClosed;
   private boolean headersSent;
 
+  @SuppressWarnings("this-escape")
   protected AbstractServerStream(
       WritableBufferAllocator bufferAllocator, StatsTraceContext statsTraceCtx) {
     this.statsTraceCtx = Preconditions.checkNotNull(statsTraceCtx, "statsTraceCtx");
-    framer = new MessageFramer(this, bufferAllocator, statsTraceCtx);
+    this.framer = new MessageFramer(this, bufferAllocator, statsTraceCtx);
   }
 
   @Override
diff --git a/core/src/main/java/io/grpc/internal/AbstractStream.java b/core/src/main/java/io/grpc/internal/AbstractStream.java
index 46cdab7ef28..9f5fb035dab 100644
--- a/core/src/main/java/io/grpc/internal/AbstractStream.java
+++ b/core/src/main/java/io/grpc/internal/AbstractStream.java
@@ -163,20 +163,21 @@ public abstract static class TransportState
     @GuardedBy("onReadyLock")
     private int onReadyThreshold;
 
+    @SuppressWarnings("this-escape")
     protected TransportState(
         int maxMessageSize,
         StatsTraceContext statsTraceCtx,
         TransportTracer transportTracer) {
       this.statsTraceCtx = checkNotNull(statsTraceCtx, "statsTraceCtx");
       this.transportTracer = checkNotNull(transportTracer, "transportTracer");
-      rawDeframer = new MessageDeframer(
+      this.rawDeframer = new MessageDeframer(
           this,
           Codec.Identity.NONE,
           maxMessageSize,
           statsTraceCtx,
           transportTracer);
       // TODO(#7168): use MigratingThreadDeframer when enabling retry doesn't break.
-      deframer = rawDeframer;
+      deframer = this.rawDeframer;
       onReadyThreshold = DEFAULT_ONREADY_THRESHOLD;
     }
 
diff --git a/core/src/main/java/io/grpc/internal/JsonUtil.java b/core/src/main/java/io/grpc/internal/JsonUtil.java
index 44cb22abda5..a0d5eef8660 100644
--- a/core/src/main/java/io/grpc/internal/JsonUtil.java
+++ b/core/src/main/java/io/grpc/internal/JsonUtil.java
@@ -356,7 +356,7 @@ private static int parseNanos(String value) throws ParseException {
     return result;
   }
 
-  private static final long NANOS_PER_SECOND = TimeUnit.SECONDS.toNanos(1);
+  private static final int NANOS_PER_SECOND = 1_000_000_000;
 
   /**
    * Copy of {@link com.google.protobuf.util.Durations#normalizedDuration}.
@@ -368,11 +368,11 @@ private static long normalizedDuration(long seconds, int nanos) {
       nanos %= NANOS_PER_SECOND;
     }
     if (seconds > 0 && nanos < 0) {
-      nanos += NANOS_PER_SECOND; // no overflow since nanos is negative (and we're adding)
+      nanos += NANOS_PER_SECOND; // no overflow— nanos is negative (and we're adding)
       seconds--; // no overflow since seconds is positive (and we're decrementing)
     }
     if (seconds < 0 && nanos > 0) {
-      nanos -= NANOS_PER_SECOND; // no overflow since nanos is positive (and we're subtracting)
+      nanos -= NANOS_PER_SECOND; // no overflow— nanos is positive (and we're subtracting)
       seconds++; // no overflow since seconds is negative (and we're incrementing)
     }
     if (!durationIsValid(seconds, nanos)) {
diff --git a/inprocess/src/main/java/io/grpc/inprocess/AnonymousInProcessSocketAddress.java b/inprocess/src/main/java/io/grpc/inprocess/AnonymousInProcessSocketAddress.java
index 089a9f12b02..c458857d70b 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/AnonymousInProcessSocketAddress.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/AnonymousInProcessSocketAddress.java
@@ -21,6 +21,8 @@
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.ExperimentalApi;
 import java.io.IOException;
+import java.io.NotSerializableException;
+import java.io.ObjectOutputStream;
 import java.net.SocketAddress;
 import javax.annotation.Nullable;
 
@@ -34,8 +36,13 @@ public final class AnonymousInProcessSocketAddress extends SocketAddress {
 
   @Nullable
   @GuardedBy("this")
+  @SuppressWarnings("serial")
   private InProcessServer server;
 
+  private void writeObject(ObjectOutputStream out) throws IOException {
+    throw new NotSerializableException("AnonymousInProcessSocketAddress is not serializable");
+  }
+
   /** Creates a new AnonymousInProcessSocketAddress. */
   public AnonymousInProcessSocketAddress() { }
 
diff --git a/netty/src/main/java/io/grpc/netty/GrpcHttp2ConnectionHandler.java b/netty/src/main/java/io/grpc/netty/GrpcHttp2ConnectionHandler.java
index 3b8c595a12e..a463cf01d95 100644
--- a/netty/src/main/java/io/grpc/netty/GrpcHttp2ConnectionHandler.java
+++ b/netty/src/main/java/io/grpc/netty/GrpcHttp2ConnectionHandler.java
@@ -68,6 +68,7 @@ public abstract class GrpcHttp2ConnectionHandler extends Http2ConnectionHandler
     usingPre4_1_111_Netty = identifiedOldVersion;
   }
 
+  @SuppressWarnings("this-escape")
   protected GrpcHttp2ConnectionHandler(
       ChannelPromise channelUnused,
       Http2ConnectionDecoder decoder,
diff --git a/servlet/src/main/java/io/grpc/servlet/GrpcServlet.java b/servlet/src/main/java/io/grpc/servlet/GrpcServlet.java
index f68ed083506..8c1eb858ad1 100644
--- a/servlet/src/main/java/io/grpc/servlet/GrpcServlet.java
+++ b/servlet/src/main/java/io/grpc/servlet/GrpcServlet.java
@@ -37,6 +37,7 @@
 public class GrpcServlet extends HttpServlet {
   private static final long serialVersionUID = 1L;
 
+  @SuppressWarnings("serial")
   private final ServletAdapter servletAdapter;
 
   GrpcServlet(ServletAdapter servletAdapter) {
diff --git a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
index 2a93ef964f7..acc186e3be6 100644
--- a/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/MultiChildLoadBalancer.java
@@ -268,6 +268,8 @@ public class ChildLbState {
     private ConnectivityState currentState;
     private SubchannelPicker currentPicker = new FixedResultPicker(PickResult.withNoResult());
 
+    @SuppressWarnings("this-escape")
+    // TODO(okshiva): Fix 'this-escape' from the constructor before making the API public.
     public ChildLbState(Object key, LoadBalancer.Factory policyFactory) {
       this.key = key;
       this.lb = policyFactory.newLoadBalancer(createChildHelper());
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 19266b0d289..9ff19c6d1b0 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -220,7 +220,7 @@ public boolean shouldAccept(Runnable command) {
   protected final Queue<LrsRpcCall> loadReportCalls = new ArrayDeque<>();
   protected final AtomicBoolean adsEnded = new AtomicBoolean(true);
   protected final AtomicBoolean lrsEnded = new AtomicBoolean(true);
-  private final MessageFactory mf = createMessageFactory();
+  protected MessageFactory mf;
 
   private static final long TIME_INCREMENT = TimeUnit.SECONDS.toNanos(1);
   /** Fake time provider increments time TIME_INCREMENT each call. */
@@ -234,37 +234,22 @@ public long currentTimeNanos() {
 
   private static final int VHOST_SIZE = 2;
   // LDS test resources.
-  private final Any testListenerVhosts = Any.pack(mf.buildListenerWithApiListener(LDS_RESOURCE,
-      mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(VHOST_SIZE))));
-  private final Any testListenerRds =
-      Any.pack(mf.buildListenerWithApiListenerForRds(LDS_RESOURCE, RDS_RESOURCE));
+  private Any testListenerVhosts;
+  private Any testListenerRds;
 
   // RDS test resources.
-  private final Any testRouteConfig =
-      Any.pack(mf.buildRouteConfiguration(RDS_RESOURCE, mf.buildOpaqueVirtualHosts(VHOST_SIZE)));
+  private Any testRouteConfig;
 
   // CDS test resources.
-  private final Any testClusterRoundRobin =
-      Any.pack(mf.buildEdsCluster(CDS_RESOURCE, null, "round_robin", null,
-          null, false, null, "envoy.transport_sockets.tls", null, null
-      ));
+  private Any testClusterRoundRobin;
 
   // EDS test resources.
-  private final Message lbEndpointHealthy =
-      mf.buildLocalityLbEndpoints("region1", "zone1", "subzone1",
-          mf.buildLbEndpoint("192.168.0.1", 8080, "healthy", 2, "endpoint-host-name"), 1, 0);
+  private Message lbEndpointHealthy;
   // Locality with 0 endpoints
-  private final Message lbEndpointEmpty =
-      mf.buildLocalityLbEndpoints("region3", "zone3", "subzone3",
-          ImmutableList.<Message>of(), 2, 1);
+  private Message lbEndpointEmpty;
   // Locality with 0-weight endpoint
-  private final Message lbEndpointZeroWeight =
-      mf.buildLocalityLbEndpoints("region4", "zone4", "subzone4",
-          mf.buildLbEndpoint("192.168.142.5", 80, "unknown", 5, "endpoint-host-name"), 0, 2);
-  private final Any testClusterLoadAssignment = Any.pack(mf.buildClusterLoadAssignment(EDS_RESOURCE,
-      ImmutableList.of(lbEndpointHealthy, lbEndpointEmpty, lbEndpointZeroWeight),
-      ImmutableList.of(mf.buildDropOverload("lb", 200), mf.buildDropOverload("throttle", 1000))));
-
+  private Message lbEndpointZeroWeight;
+  private Any testClusterLoadAssignment;
   @Captor
   private ArgumentCaptor<LdsUpdate> ldsUpdateCaptor;
   @Captor
@@ -304,8 +289,8 @@ public long currentTimeNanos() {
   private boolean originalEnableLeastRequest;
   private Server xdsServer;
   private final String serverName = InProcessServerBuilder.generateName();
-  private final BindableService adsService = createAdsService();
-  private final BindableService lrsService = createLrsService();
+  private BindableService adsService;
+  private BindableService lrsService;
 
   private XdsTransportFactory xdsTransportFactory = new XdsTransportFactory() {
     @Override
@@ -333,6 +318,32 @@ public XdsTransport create(ServerInfo serverInfo) {
 
   @Before
   public void setUp() throws IOException {
+    mf = createMessageFactory();
+    testListenerVhosts = Any.pack(mf.buildListenerWithApiListener(LDS_RESOURCE,
+        mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(VHOST_SIZE))));
+    testListenerRds =
+        Any.pack(mf.buildListenerWithApiListenerForRds(LDS_RESOURCE, RDS_RESOURCE));
+    testRouteConfig =
+        Any.pack(mf.buildRouteConfiguration(RDS_RESOURCE, mf.buildOpaqueVirtualHosts(VHOST_SIZE)));
+    testClusterRoundRobin =
+        Any.pack(mf.buildEdsCluster(CDS_RESOURCE, null, "round_robin", null,
+            null, false, null, "envoy.transport_sockets.tls", null, null
+        ));
+    lbEndpointHealthy =
+        mf.buildLocalityLbEndpoints("region1", "zone1", "subzone1",
+            mf.buildLbEndpoint("192.168.0.1", 8080, "healthy", 2, "endpoint-host-name"), 1, 0);
+    lbEndpointEmpty =
+        mf.buildLocalityLbEndpoints("region3", "zone3", "subzone3",
+            ImmutableList.<Message>of(), 2, 1);
+    lbEndpointZeroWeight =
+        mf.buildLocalityLbEndpoints("region4", "zone4", "subzone4",
+            mf.buildLbEndpoint("192.168.142.5", 80, "unknown", 5, "endpoint-host-name"), 0, 2);
+    testClusterLoadAssignment = Any.pack(mf.buildClusterLoadAssignment(EDS_RESOURCE,
+        ImmutableList.of(lbEndpointHealthy, lbEndpointEmpty, lbEndpointZeroWeight),
+        ImmutableList.of(mf.buildDropOverload("lb", 200), mf.buildDropOverload("throttle", 1000))));
+    adsService = createAdsService();
+    lrsService = createLrsService();
+
     when(backoffPolicyProvider.get()).thenReturn(backoffPolicy1, backoffPolicy2);
     when(backoffPolicy1.nextBackoffNanos()).thenReturn(10L, 100L);
     when(backoffPolicy2.nextBackoffNanos()).thenReturn(20L, 200L);

From b3390227ae0c4e1c01b89d601f8233692f33324f Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 2 Sep 2025 15:12:17 -0700
Subject: [PATCH 367/591] Remove org.apache.tomcat:annotations-api dep

f8700a1 stopped using the dependency in our generated code and removed
the dependency the Bazel build. 4f6948f removed mention of the
dependency in our README. This deletes it from our Gradle build and the
examples.
---
 alts/build.gradle                                   | 1 -
 android-interop-testing/build.gradle                | 2 --
 authz/build.gradle                                  | 1 -
 benchmarks/build.gradle                             | 1 -
 compiler/build.gradle                               | 6 ++----
 examples/android/clientcache/app/build.gradle       | 1 -
 examples/android/helloworld/app/build.gradle        | 1 -
 examples/android/routeguide/app/build.gradle        | 1 -
 examples/android/strictmode/app/build.gradle        | 1 -
 examples/build.gradle                               | 1 -
 examples/example-alts/build.gradle                  | 1 -
 examples/example-debug/build.gradle                 | 1 -
 examples/example-debug/pom.xml                      | 6 ------
 examples/example-dualstack/build.gradle             | 1 -
 examples/example-dualstack/pom.xml                  | 6 ------
 examples/example-gauth/build.gradle                 | 1 -
 examples/example-gauth/pom.xml                      | 6 ------
 examples/example-gcp-csm-observability/build.gradle | 1 -
 examples/example-gcp-observability/build.gradle     | 1 -
 examples/example-hostname/build.gradle              | 1 -
 examples/example-hostname/pom.xml                   | 6 ------
 examples/example-jwt-auth/build.gradle              | 2 --
 examples/example-jwt-auth/pom.xml                   | 6 ------
 examples/example-oauth/build.gradle                 | 2 --
 examples/example-oauth/pom.xml                      | 6 ------
 examples/example-opentelemetry/build.gradle         | 1 -
 examples/example-orca/build.gradle                  | 2 --
 examples/example-reflection/build.gradle            | 2 --
 examples/example-servlet/build.gradle               | 3 +--
 examples/example-tls/build.gradle                   | 1 -
 examples/example-tls/pom.xml                        | 6 ------
 examples/example-xds/build.gradle                   | 1 -
 examples/pom.xml                                    | 6 ------
 gradle/libs.versions.toml                           | 3 ---
 grpclb/build.gradle                                 | 1 -
 interop-testing/build.gradle                        | 1 -
 istio-interop-testing/build.gradle                  | 2 --
 rls/build.gradle                                    | 1 -
 s2a/build.gradle                                    | 1 -
 services/build.gradle                               | 2 --
 servlet/build.gradle                                | 3 +--
 servlet/jakarta/build.gradle                        | 3 +--
 testing-proto/build.gradle                          | 2 --
 xds/build.gradle                                    | 1 -
 44 files changed, 5 insertions(+), 100 deletions(-)

diff --git a/alts/build.gradle b/alts/build.gradle
index 3e472d9cea6..fe2e27784fc 100644
--- a/alts/build.gradle
+++ b/alts/build.gradle
@@ -22,7 +22,6 @@ dependencies {
             libraries.guava.jre, // JRE required by protobuf-java-util from grpclb
             libraries.google.auth.oauth2Http
     def nettyDependency = implementation project(':grpc-netty')
-    compileOnly libraries.javax.annotation
 
     shadow configurations.implementation.getDependencies().minus(nettyDependency)
     shadow project(path: ':grpc-netty-shaded', configuration: 'shadow')
diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index 72b6ac0a302..17551465f05 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -83,8 +83,6 @@ dependencies {
         exclude group: 'com.google.guava'
     }
 
-    compileOnly libraries.javax.annotation
-
     androidTestImplementation 'androidx.test.ext:junit:1.1.3',
             'androidx.test:runner:1.4.0'
 }
diff --git a/authz/build.gradle b/authz/build.gradle
index b72088bfbaa..4b02b01aa29 100644
--- a/authz/build.gradle
+++ b/authz/build.gradle
@@ -15,7 +15,6 @@ dependencies {
             libraries.guava.jre // JRE required by transitive protobuf-java-util
 
     annotationProcessor libraries.auto.value
-    compileOnly libraries.javax.annotation
 
     testImplementation project(':grpc-testing'),
             project(':grpc-testing-proto'),
diff --git a/benchmarks/build.gradle b/benchmarks/build.gradle
index bf043106050..88b26397e78 100644
--- a/benchmarks/build.gradle
+++ b/benchmarks/build.gradle
@@ -38,7 +38,6 @@ dependencies {
             classifier = "linux-x86_64"
         }
     }
-    compileOnly libraries.javax.annotation
 
     testImplementation libraries.junit,
             libraries.mockito.core
diff --git a/compiler/build.gradle b/compiler/build.gradle
index 6d832ecd56b..dbecb889a43 100644
--- a/compiler/build.gradle
+++ b/compiler/build.gradle
@@ -147,11 +147,9 @@ sourceSets {
 
 dependencies {
     testImplementation project(':grpc-protobuf'),
-            project(':grpc-stub'),
-            libraries.javax.annotation
+            project(':grpc-stub')
     testLiteImplementation project(':grpc-protobuf-lite'),
-            project(':grpc-stub'),
-            libraries.javax.annotation
+            project(':grpc-stub')
 }
 
 tasks.named("compileTestJava").configure {
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index a9716ea1f62..8048eba73ab 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -57,7 +57,6 @@ dependencies {
     implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'org.apache.tomcat:annotations-api:6.0.53'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 2fd2d2fa950..69519c8e4ab 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -55,5 +55,4 @@ dependencies {
     implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index 371e277bdc6..a09de35e994 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -55,5 +55,4 @@ dependencies {
     implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index 02327041d34..c0447a42af1 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -56,5 +56,4 @@ dependencies {
     implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
     implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'org.apache.tomcat:annotations-api:6.0.53'
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index 507b87df4db..ddd8e7b3a65 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -29,7 +29,6 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-services:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
 
     // examples/advanced need this for JsonFormat
     implementation "com.google.protobuf:protobuf-java-util:${protobufVersion}"
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 33ea02a5875..9f86adb0aeb 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -27,7 +27,6 @@ def protocVersion = '3.25.8'
 dependencies {
     // grpc-alts transitively depends on grpc-netty-shaded, grpc-protobuf, and grpc-stub
     implementation "io.grpc:grpc-alts:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
 }
 
 protobuf {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index ed01bbb2636..3dc873e179b 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -30,7 +30,6 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-services:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 
     testImplementation 'junit:junit:4.13.2'
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 90ce766d8a9..c4fce2d793b 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -44,12 +44,6 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-stub</artifactId>
     </dependency>
-    <dependency>
-      <groupId>org.apache.tomcat</groupId>
-      <artifactId>annotations-api</artifactId>
-      <version>6.0.53</version>
-      <scope>provided</scope> <!-- not needed at runtime -->
-    </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-netty-shaded</artifactId>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index fa9db23f987..5d8c30b2127 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -31,7 +31,6 @@ dependencies {
     implementation "io.grpc:grpc-netty:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-services:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
 }
 
 protobuf {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index b70a3eca3d8..b65beb84103 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -48,12 +48,6 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-netty</artifactId>
     </dependency>
-    <dependency>
-      <groupId>org.apache.tomcat</groupId>
-      <artifactId>annotations-api</artifactId>
-      <version>6.0.53</version>
-      <scope>provided</scope> <!-- not needed at runtime -->
-    </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-netty-shaded</artifactId>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 52d945196fa..befc2f7c0c7 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -30,7 +30,6 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
     implementation "com.google.auth:google-auth-library-oauth2-http:1.23.0"
     implementation "com.google.api.grpc:grpc-google-cloud-pubsub-v1:0.1.24"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 68a98c526a5..98bbebd114a 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -49,12 +49,6 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-auth</artifactId>
     </dependency>
-    <dependency>
-      <groupId>org.apache.tomcat</groupId>
-      <artifactId>annotations-api</artifactId>
-      <version>6.0.53</version>
-      <scope>provided</scope> <!-- not needed at runtime -->
-    </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-testing</artifactId>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 816ef9e6742..abb2dd8a220 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -35,7 +35,6 @@ dependencies {
     implementation "io.opentelemetry:opentelemetry-sdk:${openTelemetryVersion}"
     implementation "io.opentelemetry:opentelemetry-sdk-metrics:${openTelemetryVersion}"
     implementation "io.opentelemetry:opentelemetry-exporter-prometheus:${openTelemetryPrometheusVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
     runtimeOnly "io.grpc:grpc-xds:${grpcVersion}"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 432dceb6730..08e00294452 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -29,7 +29,6 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-gcp-observability:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
 
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 7345d873e4f..94a85e8f8ab 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -28,7 +28,6 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-services:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 
     testImplementation 'junit:junit:4.13.2'
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index 00209657e1d..e93b36e39d1 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -44,12 +44,6 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-stub</artifactId>
     </dependency>
-    <dependency>
-      <groupId>org.apache.tomcat</groupId>
-      <artifactId>annotations-api</artifactId>
-      <version>6.0.53</version>
-      <scope>provided</scope> <!-- not needed at runtime -->
-    </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-netty-shaded</artifactId>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index b14040ad58f..28df68e4fc7 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -31,8 +31,6 @@ dependencies {
     implementation "io.jsonwebtoken:jjwt:0.9.1"
     implementation "javax.xml.bind:jaxb-api:2.3.1"
 
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
-
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 
     testImplementation "io.grpc:grpc-testing:${grpcVersion}"
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 8dce2a71032..4834cfa09ef 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -57,12 +57,6 @@
       <artifactId>jaxb-api</artifactId>
       <version>2.3.1</version>
     </dependency>
-    <dependency>
-      <groupId>org.apache.tomcat</groupId>
-      <artifactId>annotations-api</artifactId>
-      <version>6.0.53</version>
-      <scope>provided</scope> <!-- not needed at runtime -->
-    </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-testing</artifactId>
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 521d8b082ce..05a450dcc8d 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -31,8 +31,6 @@ dependencies {
     implementation "io.grpc:grpc-auth:${grpcVersion}"
     implementation "com.google.auth:google-auth-library-oauth2-http:1.23.0"
 
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
-
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 
     testImplementation "io.grpc:grpc-testing:${grpcVersion}"
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 2907d062053..a2f61e38467 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -62,12 +62,6 @@
       <artifactId>google-auth-library-oauth2-http</artifactId>
       <version>1.23.0</version>
     </dependency>
-    <dependency>
-      <groupId>org.apache.tomcat</groupId>
-      <artifactId>annotations-api</artifactId>
-      <version>6.0.53</version>
-      <scope>provided</scope> <!-- not needed at runtime -->
-    </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-testing</artifactId>
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 482f5766bee..edcca46480e 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -34,7 +34,6 @@ dependencies {
     implementation "io.opentelemetry:opentelemetry-sdk-metrics:${openTelemetryVersion}"
     implementation "io.opentelemetry:opentelemetry-exporter-logging:${openTelemetryVersion}"
     implementation "io.opentelemetry:opentelemetry-exporter-prometheus:${openTelemetryPrometheusVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
 
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 2716adf7de1..f21c89ee0a4 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -24,8 +24,6 @@ dependencies {
     implementation "io.grpc:grpc-services:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-xds:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
-
 }
 
 protobuf {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 2b48cb30b5f..a5bda680ef4 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -24,8 +24,6 @@ dependencies {
     implementation "io.grpc:grpc-services:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-netty-shaded:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
-
 }
 
 protobuf {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index bbdb65349ca..d0f475f1833 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -23,8 +23,7 @@ dependencies {
             "io.grpc:grpc-servlet:${grpcVersion}",
             "io.grpc:grpc-stub:${grpcVersion}"
 
-    compileOnly "javax.servlet:javax.servlet-api:4.0.1",
-            "org.apache.tomcat:annotations-api:6.0.53"
+    compileOnly "javax.servlet:javax.servlet-api:4.0.1"
 }
 
 protobuf {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index aeb769a479b..0b3914febf3 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -27,7 +27,6 @@ def protocVersion = '3.25.8'
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
 
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index 575400c3608..3932f4c32f4 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -40,12 +40,6 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-stub</artifactId>
     </dependency>
-    <dependency>
-      <groupId>org.apache.tomcat</groupId>
-      <artifactId>annotations-api</artifactId>
-      <version>6.0.53</version>
-      <scope>provided</scope> <!-- not needed at runtime -->
-    </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-netty-shaded</artifactId>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index 6c78db3513c..3914aa3fea0 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -29,7 +29,6 @@ dependencies {
     implementation "io.grpc:grpc-services:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-xds:${grpcVersion}"
-    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
 
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
diff --git a/examples/pom.xml b/examples/pom.xml
index f81346c913c..4da1eb14f90 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -60,12 +60,6 @@
       <artifactId>j2objc-annotations</artifactId>
       <version>3.0.0</version>
     </dependency>
-    <dependency>
-      <groupId>org.apache.tomcat</groupId>
-      <artifactId>annotations-api</artifactId>
-      <version>6.0.53</version>
-      <scope>provided</scope> <!-- not needed at runtime -->
-    </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-testing</artifactId>
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index e66f253fc21..cb5dce02843 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -53,9 +53,6 @@ guava-jre = "com.google.guava:guava:33.4.8-jre"
 hdrhistogram = "org.hdrhistogram:HdrHistogram:2.2.2"
 # 6.0.0+ use java.lang.Deprecated forRemoval and since from Java 9
 jakarta-servlet-api = "jakarta.servlet:jakarta.servlet-api:5.0.0"
-# Using javax.annotation is fine as it is part of the JDK, we don't want to depend on J2EE
-# where it is relocated to as org.apache.tomcat:tomcat-annotations-api. See issue #9179.
-javax-annotation = "org.apache.tomcat:annotations-api:6.0.53"
 javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
 # 12.0.0+ require Java 17+
 jetty-client = "org.eclipse.jetty:jetty-client:11.0.24"
diff --git a/grpclb/build.gradle b/grpclb/build.gradle
index 3f67181372b..f543e0d71fc 100644
--- a/grpclb/build.gradle
+++ b/grpclb/build.gradle
@@ -23,7 +23,6 @@ dependencies {
             libraries.protobuf.java,
             libraries.protobuf.java.util
     runtimeOnly libraries.errorprone.annotations
-    compileOnly libraries.javax.annotation
     testImplementation libraries.truth,
             project(':grpc-inprocess'),
             testFixtures(project(':grpc-core'))
diff --git a/interop-testing/build.gradle b/interop-testing/build.gradle
index 97e7c69533a..5160759460c 100644
--- a/interop-testing/build.gradle
+++ b/interop-testing/build.gradle
@@ -31,7 +31,6 @@ dependencies {
             project(':grpc-stub'),
             project(':grpc-protobuf'),
             libraries.junit
-    compileOnly libraries.javax.annotation
     // TODO(sergiitk): replace with com.google.cloud:google-cloud-logging
     // Used instead of google-cloud-logging because it's failing
     // due to a circular dependency on grpc.
diff --git a/istio-interop-testing/build.gradle b/istio-interop-testing/build.gradle
index 4550f0ea202..083d8fcb9bf 100644
--- a/istio-interop-testing/build.gradle
+++ b/istio-interop-testing/build.gradle
@@ -18,8 +18,6 @@ dependencies {
             project(':grpc-testing'),
             project(':grpc-xds')
 
-    compileOnly libraries.javax.annotation
-
     runtimeOnly libraries.netty.tcnative,
             libraries.netty.tcnative.classes
     testImplementation testFixtures(project(':grpc-api')),
diff --git a/rls/build.gradle b/rls/build.gradle
index 1193ab3d4bc..10b1d5fc371 100644
--- a/rls/build.gradle
+++ b/rls/build.gradle
@@ -22,7 +22,6 @@ dependencies {
             libraries.auto.value.annotations,
             libraries.guava
     annotationProcessor libraries.auto.value
-    compileOnly libraries.javax.annotation
     testImplementation libraries.truth,
             project(':grpc-grpclb'),
             project(':grpc-inprocess'),
diff --git a/s2a/build.gradle b/s2a/build.gradle
index 012411c19ba..c46993ec9c8 100644
--- a/s2a/build.gradle
+++ b/s2a/build.gradle
@@ -21,7 +21,6 @@ dependencies {
             libraries.protobuf.java,
             libraries.guava.jre // JRE required by protobuf-java-util from grpclb
     def nettyDependency = implementation project(':grpc-netty')
-    compileOnly libraries.javax.annotation
 
     shadow configurations.implementation.getDependencies().minus(nettyDependency)
     shadow project(path: ':grpc-netty-shaded', configuration: 'shadow')
diff --git a/services/build.gradle b/services/build.gradle
index 758f2a5c899..c30e1ba53bd 100644
--- a/services/build.gradle
+++ b/services/build.gradle
@@ -32,13 +32,11 @@ dependencies {
 
     runtimeOnly libraries.errorprone.annotations,
             libraries.gson  // to fix checkUpperBoundDeps error here
-    compileOnly libraries.javax.annotation
     testImplementation project(':grpc-testing'),
             project(':grpc-inprocess'),
             libraries.netty.transport.epoll, // for DomainSocketAddress
             testFixtures(project(':grpc-core')),
             testFixtures(project(':grpc-api'))
-    testCompileOnly libraries.javax.annotation
     signature (libraries.signature.java) {
         artifact {
             extension = "signature"
diff --git a/servlet/build.gradle b/servlet/build.gradle
index 7f9cd04a57c..1367a72ab44 100644
--- a/servlet/build.gradle
+++ b/servlet/build.gradle
@@ -34,8 +34,7 @@ tasks.named("jar").configure {
 
 dependencies {
     api project(':grpc-api')
-    compileOnly libraries.javax.servlet.api,
-            libraries.javax.annotation // java 9, 10 needs it
+    compileOnly libraries.javax.servlet.api
 
     implementation project(':grpc-core'),
             libraries.guava
diff --git a/servlet/jakarta/build.gradle b/servlet/jakarta/build.gradle
index 456b2b75e3e..bcd904ccaee 100644
--- a/servlet/jakarta/build.gradle
+++ b/servlet/jakarta/build.gradle
@@ -85,8 +85,7 @@ tasks.named("jar").configure {
 
 dependencies {
     api project(':grpc-api')
-    compileOnly libraries.jakarta.servlet.api,
-            libraries.javax.annotation
+    compileOnly libraries.jakarta.servlet.api
 
     implementation project(':grpc-util'),
             project(':grpc-core'),
diff --git a/testing-proto/build.gradle b/testing-proto/build.gradle
index a34392b26d2..ee602bc5135 100644
--- a/testing-proto/build.gradle
+++ b/testing-proto/build.gradle
@@ -17,9 +17,7 @@ tasks.named("jar").configure {
 dependencies {
     api project(':grpc-protobuf'),
             project(':grpc-stub')
-    compileOnly libraries.javax.annotation
     testImplementation libraries.truth
-    testRuntimeOnly libraries.javax.annotation
     signature (libraries.signature.java) {
         artifact {
             extension = "signature"
diff --git a/xds/build.gradle b/xds/build.gradle
index 72dea373097..8394fe12f6b 100644
--- a/xds/build.gradle
+++ b/xds/build.gradle
@@ -41,7 +41,6 @@ configurations {
 }
 
 dependencies {
-    thirdpartyCompileOnly libraries.javax.annotation
     thirdpartyImplementation project(':grpc-protobuf'),
             project(':grpc-stub')
     compileOnly sourceSets.thirdparty.output

From 01f2862b90631c8114174b0735b24bbb11cbb060 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 28 Aug 2025 16:26:23 -0700
Subject: [PATCH 368/591] xds: Pretty-print Resource in logs

Noticed at b/431017968#comment31
---
 xds/src/main/java/io/grpc/xds/MessagePrinter.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xds/src/main/java/io/grpc/xds/MessagePrinter.java b/xds/src/main/java/io/grpc/xds/MessagePrinter.java
index db15e961204..d6fdaa81dd7 100644
--- a/xds/src/main/java/io/grpc/xds/MessagePrinter.java
+++ b/xds/src/main/java/io/grpc/xds/MessagePrinter.java
@@ -37,6 +37,7 @@
 import io.envoyproxy.envoy.extensions.load_balancing_policies.wrr_locality.v3.WrrLocality;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext;
+import io.envoyproxy.envoy.service.discovery.v3.Resource;
 import io.grpc.xds.client.MessagePrettyPrinter;
 
 /**
@@ -55,6 +56,7 @@ private static class LazyHolder {
     private static JsonFormat.Printer newPrinter() {
       TypeRegistry.Builder registry =
           TypeRegistry.newBuilder()
+              .add(Resource.getDescriptor())
               .add(Listener.getDescriptor())
               .add(HttpConnectionManager.getDescriptor())
               .add(HTTPFault.getDescriptor())

From 5a543726fd47e42f7ac959eb55d77c5bf173238a Mon Sep 17 00:00:00 2001
From: Sangamesh <ghulesangu@gmail.com>
Date: Thu, 4 Sep 2025 11:25:04 +0530
Subject: [PATCH 369/591] android-interop-testing : Fix lint warnings in
 android-interop and binder modules (#12272)

Fixes #6868
---
 .../src/main/AndroidManifest.xml                    |  7 ++++---
 .../android/integrationtest/TesterActivity.java     |  2 +-
 .../src/main/res/layout/activity_tester.xml         |  1 +
 .../src/main/res/values/strings.xml                 |  1 +
 binder/src/main/AndroidManifest.xml                 | 13 +++++++++++--
 lint.xml                                            |  5 +++++
 6 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/android-interop-testing/src/main/AndroidManifest.xml b/android-interop-testing/src/main/AndroidManifest.xml
index 35f3ee33a2b..da7ccef5b1d 100644
--- a/android-interop-testing/src/main/AndroidManifest.xml
+++ b/android-interop-testing/src/main/AndroidManifest.xml
@@ -5,7 +5,9 @@
     <uses-permission android:name="android.permission.INTERNET" />
     <!-- For UDS -->
     <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
-    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
+    <uses-permission
+        android:name="android.permission.WRITE_EXTERNAL_STORAGE"
+        android:maxSdkVersion="28" />
     <uses-sdk tools:overrideLibrary="io.grpc.android"/>
 
     <application
@@ -16,8 +18,7 @@
         android:name="androidx.multidex.MultiDexApplication">
         <activity
             android:name=".TesterActivity"
-            android:exported="true"
-            android:label="@string/app_name" >
+            android:exported="true">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
 
diff --git a/android-interop-testing/src/main/java/io/grpc/android/integrationtest/TesterActivity.java b/android-interop-testing/src/main/java/io/grpc/android/integrationtest/TesterActivity.java
index fb5b35c42d5..17c7e24cbfa 100644
--- a/android-interop-testing/src/main/java/io/grpc/android/integrationtest/TesterActivity.java
+++ b/android-interop-testing/src/main/java/io/grpc/android/integrationtest/TesterActivity.java
@@ -121,7 +121,7 @@ private void startTest(String testCase) {
     ((InputMethodManager) getSystemService(Context.INPUT_METHOD_SERVICE)).hideSoftInputFromWindow(
         hostEdit.getWindowToken(), 0);
     enableButtons(false);
-    resultText.setText("Testing...");
+    resultText.setText(R.string.testing_message);
 
     String host = hostEdit.getText().toString();
     String portStr = portEdit.getText().toString();
diff --git a/android-interop-testing/src/main/res/layout/activity_tester.xml b/android-interop-testing/src/main/res/layout/activity_tester.xml
index e25bd1bb6f6..042da6437c0 100644
--- a/android-interop-testing/src/main/res/layout/activity_tester.xml
+++ b/android-interop-testing/src/main/res/layout/activity_tester.xml
@@ -16,6 +16,7 @@
         android:layout_weight="2"
         android:layout_width="0dp"
         android:layout_height="wrap_content"
+        android:inputType="text"
         android:hint="Enter Host"
         />
     <EditText
diff --git a/android-interop-testing/src/main/res/values/strings.xml b/android-interop-testing/src/main/res/values/strings.xml
index 6d5cb2a79ce..33b28eb9456 100644
--- a/android-interop-testing/src/main/res/values/strings.xml
+++ b/android-interop-testing/src/main/res/values/strings.xml
@@ -1,3 +1,4 @@
 <resources>
     <string name="app_name">gRPC Integration Test</string>
+    <string name="testing_message">Testing…</string>
 </resources>
diff --git a/binder/src/main/AndroidManifest.xml b/binder/src/main/AndroidManifest.xml
index a30cbbdd6fa..239c3b39b38 100644
--- a/binder/src/main/AndroidManifest.xml
+++ b/binder/src/main/AndroidManifest.xml
@@ -1,2 +1,11 @@
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" >
-</manifest>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">
+
+    <queries>
+
+        <intent>
+            <action android:name="android.intent.action.VIEW" />
+        </intent>
+
+    </queries>
+
+</manifest>
\ No newline at end of file
diff --git a/lint.xml b/lint.xml
index 93e2f603108..5b35a8d151b 100644
--- a/lint.xml
+++ b/lint.xml
@@ -5,4 +5,9 @@
       Remove after AGP upgrade.
     -->
     <issue id="OldTargetApi" severity="ignore" />
+
+    <!--
+    Suppress temporarily 'VisibleForTests' warnings - exposed for testing purposes
+    -->
+    <issue id="VisibleForTests" severity="ignore" />
 </lint>

From d4e1b69e781d4132f971c97a1f0893d54cf761b7 Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Mon, 8 Sep 2025 21:55:40 +0000
Subject: [PATCH 370/591] otel: subchannel metrics A94 (#12202)

Implements [A94](https://github.com/grpc/proposal/pull/485/files) except for the exact reason for disconnect_error
---
 .../java/io/grpc/EquivalentAddressGroup.java  |   5 +
 .../LongUpDownCounterMetricInstrument.java    |  32 +++
 .../io/grpc/MetricInstrumentRegistry.java     |  41 ++++
 api/src/main/java/io/grpc/MetricRecorder.java |  25 ++-
 api/src/main/java/io/grpc/MetricSink.java     |  18 +-
 .../io/grpc/internal/InternalSubchannel.java  |  55 ++++-
 .../io/grpc/internal/ManagedChannelImpl.java  |   9 +-
 .../io/grpc/internal/MetricRecorderImpl.java  |  29 ++-
 .../internal/PickFirstLeafLoadBalancer.java   |   2 +-
 .../io/grpc/internal/SubchannelMetrics.java   | 189 ++++++++++++++++++
 .../grpc/internal/InternalSubchannelTest.java | 154 +++++++++++++-
 .../grpc/internal/MetricRecorderImplTest.java |  33 ++-
 .../OpenTelemetryMetricSink.java              |  23 +++
 .../internal/OpenTelemetryConstants.java      |   6 +
 .../OpenTelemetryMetricSinkTest.java          |  68 ++++++-
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |   2 +-
 .../grpc/xds/ClusterResolverLoadBalancer.java |   4 +-
 .../io/grpc/xds/WrrLocalityLoadBalancer.java  |   2 +-
 .../main/java/io/grpc/xds/XdsAttributes.java  |   7 -
 .../grpc/xds/ClusterImplLoadBalancerTest.java |   2 +-
 .../grpc/xds/WrrLocalityLoadBalancerTest.java |   2 +-
 21 files changed, 678 insertions(+), 30 deletions(-)
 create mode 100644 api/src/main/java/io/grpc/LongUpDownCounterMetricInstrument.java
 create mode 100644 core/src/main/java/io/grpc/internal/SubchannelMetrics.java

diff --git a/api/src/main/java/io/grpc/EquivalentAddressGroup.java b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
index 4b3db006684..bf8a864902c 100644
--- a/api/src/main/java/io/grpc/EquivalentAddressGroup.java
+++ b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
@@ -50,6 +50,11 @@ public final class EquivalentAddressGroup {
   @ExperimentalApi("https://github.com/grpc/grpc-java/issues/6138")
   public static final Attributes.Key<String> ATTR_AUTHORITY_OVERRIDE =
       Attributes.Key.create("io.grpc.EquivalentAddressGroup.ATTR_AUTHORITY_OVERRIDE");
+  /**
+   * The name of the locality that this EquivalentAddressGroup is in.
+   */
+  public static final Attributes.Key<String> ATTR_LOCALITY_NAME =
+      Attributes.Key.create("io.grpc.EquivalentAddressGroup.LOCALITY");
   private final List<SocketAddress> addrs;
   private final Attributes attrs;
 
diff --git a/api/src/main/java/io/grpc/LongUpDownCounterMetricInstrument.java b/api/src/main/java/io/grpc/LongUpDownCounterMetricInstrument.java
new file mode 100644
index 00000000000..07e099cde5d
--- /dev/null
+++ b/api/src/main/java/io/grpc/LongUpDownCounterMetricInstrument.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import java.util.List;
+
+/**
+ * Represents a long-valued up down counter metric instrument.
+ */
+@Internal
+public final class LongUpDownCounterMetricInstrument extends PartialMetricInstrument {
+  public LongUpDownCounterMetricInstrument(int index, String name, String description, String unit,
+                                           List<String> requiredLabelKeys,
+                                           List<String> optionalLabelKeys,
+                                           boolean enableByDefault) {
+    super(index, name, description, unit, requiredLabelKeys, optionalLabelKeys, enableByDefault);
+  }
+}
\ No newline at end of file
diff --git a/api/src/main/java/io/grpc/MetricInstrumentRegistry.java b/api/src/main/java/io/grpc/MetricInstrumentRegistry.java
index 1b33ed17a71..ce0f8f1b5cb 100644
--- a/api/src/main/java/io/grpc/MetricInstrumentRegistry.java
+++ b/api/src/main/java/io/grpc/MetricInstrumentRegistry.java
@@ -144,6 +144,47 @@ public LongCounterMetricInstrument registerLongCounter(String name,
     }
   }
 
+  /**
+   * Registers a new Long Up Down Counter metric instrument.
+   *
+   * @param name              the name of the metric
+   * @param description       a description of the metric
+   * @param unit              the unit of measurement for the metric
+   * @param requiredLabelKeys a list of required label keys
+   * @param optionalLabelKeys a list of optional label keys
+   * @param enableByDefault   whether the metric should be enabled by default
+   * @return the newly created LongUpDownCounterMetricInstrument
+   * @throws IllegalStateException if a metric with the same name already exists
+   */
+  public LongUpDownCounterMetricInstrument registerLongUpDownCounter(String name,
+                                                                     String description,
+                                                                     String unit,
+                                                                     List<String> requiredLabelKeys,
+                                                                     List<String> optionalLabelKeys,
+                                                                     boolean enableByDefault) {
+    checkArgument(!Strings.isNullOrEmpty(name), "missing metric name");
+    checkNotNull(description, "description");
+    checkNotNull(unit, "unit");
+    checkNotNull(requiredLabelKeys, "requiredLabelKeys");
+    checkNotNull(optionalLabelKeys, "optionalLabelKeys");
+    synchronized (lock) {
+      if (registeredMetricNames.contains(name)) {
+        throw new IllegalStateException("Metric with name " + name + " already exists");
+      }
+      int index = nextAvailableMetricIndex;
+      if (index + 1 == metricInstruments.length) {
+        resizeMetricInstruments();
+      }
+      LongUpDownCounterMetricInstrument instrument = new LongUpDownCounterMetricInstrument(
+          index, name, description, unit, requiredLabelKeys, optionalLabelKeys,
+          enableByDefault);
+      metricInstruments[index] = instrument;
+      registeredMetricNames.add(name);
+      nextAvailableMetricIndex += 1;
+      return instrument;
+    }
+  }
+
   /**
    * Registers a new Double Histogram metric instrument.
    *
diff --git a/api/src/main/java/io/grpc/MetricRecorder.java b/api/src/main/java/io/grpc/MetricRecorder.java
index d418dcbf590..897c28011cd 100644
--- a/api/src/main/java/io/grpc/MetricRecorder.java
+++ b/api/src/main/java/io/grpc/MetricRecorder.java
@@ -50,7 +50,7 @@ default void addDoubleCounter(DoubleCounterMetricInstrument metricInstrument, do
    * Adds a value for a long valued counter metric instrument.
    *
    * @param metricInstrument The counter metric instrument to add the value against.
-   * @param value The value to add.
+   * @param value The value to add. MUST be non-negative.
    * @param requiredLabelValues A list of required label values for the metric.
    * @param optionalLabelValues A list of additional, optional label values for the metric.
    */
@@ -66,6 +66,29 @@ default void addLongCounter(LongCounterMetricInstrument metricInstrument, long v
         metricInstrument.getOptionalLabelKeys().size());
   }
 
+  /**
+   * Adds a value for a long valued up down counter metric instrument.
+   *
+   * @param metricInstrument    The counter metric instrument to add the value against.
+   * @param value               The value to add. May be positive, negative or zero.
+   * @param requiredLabelValues A list of required label values for the metric.
+   * @param optionalLabelValues A list of additional, optional label values for the metric.
+   */
+  default void addLongUpDownCounter(LongUpDownCounterMetricInstrument metricInstrument,
+                                    long value,
+                                    List<String> requiredLabelValues,
+                                    List<String> optionalLabelValues) {
+    checkArgument(requiredLabelValues != null
+            && requiredLabelValues.size() == metricInstrument.getRequiredLabelKeys().size(),
+        "Incorrect number of required labels provided. Expected: %s",
+        metricInstrument.getRequiredLabelKeys().size());
+    checkArgument(optionalLabelValues != null
+            && optionalLabelValues.size() == metricInstrument.getOptionalLabelKeys().size(),
+        "Incorrect number of optional labels provided. Expected: %s",
+        metricInstrument.getOptionalLabelKeys().size());
+  }
+
+
   /**
    * Records a value for a double-precision histogram metric instrument.
    *
diff --git a/api/src/main/java/io/grpc/MetricSink.java b/api/src/main/java/io/grpc/MetricSink.java
index 0f56b1acb73..ce5d3822520 100644
--- a/api/src/main/java/io/grpc/MetricSink.java
+++ b/api/src/main/java/io/grpc/MetricSink.java
@@ -65,12 +65,26 @@ default void addDoubleCounter(DoubleCounterMetricInstrument metricInstrument, do
    * Adds a value for a long valued counter metric associated with specified metric instrument.
    *
    * @param metricInstrument The counter metric instrument identifies metric measure to add.
-   * @param value The value to record.
+   * @param value The value to record. MUST be non-negative.
    * @param requiredLabelValues A list of required label values for the metric.
    * @param optionalLabelValues A list of additional, optional label values for the metric.
    */
   default void addLongCounter(LongCounterMetricInstrument metricInstrument, long value,
-      List<String> requiredLabelValues, List<String> optionalLabelValues) {
+                              List<String> requiredLabelValues, List<String> optionalLabelValues) {
+  }
+
+  /**
+   * Adds a value for a long valued up down counter metric associated with specified metric
+   * instrument.
+   *
+   * @param metricInstrument    The counter metric instrument identifies metric measure to add.
+   * @param value               The value to record. May be positive, negative or zero.
+   * @param requiredLabelValues A list of required label values for the metric.
+   * @param optionalLabelValues A list of additional, optional label values for the metric.
+   */
+  default void addLongUpDownCounter(LongUpDownCounterMetricInstrument metricInstrument, long value,
+                                    List<String> requiredLabelValues,
+                                    List<String> optionalLabelValues) {
   }
 
   /**
diff --git a/core/src/main/java/io/grpc/internal/InternalSubchannel.java b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
index a27e46eaf60..649843c5c03 100644
--- a/core/src/main/java/io/grpc/internal/InternalSubchannel.java
+++ b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
@@ -48,6 +48,9 @@
 import io.grpc.LoadBalancer;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.MetricRecorder;
+import io.grpc.NameResolver;
+import io.grpc.SecurityLevel;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
 import io.grpc.SynchronizationContext.ScheduledHandle;
@@ -160,6 +163,8 @@ protected void handleNotInUse() {
   private Status shutdownReason;
 
   private volatile Attributes connectedAddressAttributes;
+  private final SubchannelMetrics subchannelMetrics;
+  private final String target;
 
   InternalSubchannel(LoadBalancer.CreateSubchannelArgs args, String authority, String userAgent,
                      BackoffPolicy.Provider backoffPolicyProvider,
@@ -168,7 +173,9 @@ protected void handleNotInUse() {
                      Supplier<Stopwatch> stopwatchSupplier, SynchronizationContext syncContext,
                      Callback callback, InternalChannelz channelz, CallTracer callsTracer,
                      ChannelTracer channelTracer, InternalLogId logId,
-                     ChannelLogger channelLogger, List<ClientTransportFilter> transportFilters) {
+                     ChannelLogger channelLogger, List<ClientTransportFilter> transportFilters,
+                     String target,
+                     MetricRecorder metricRecorder) {
     List<EquivalentAddressGroup> addressGroups = args.getAddresses();
     Preconditions.checkNotNull(addressGroups, "addressGroups");
     Preconditions.checkArgument(!addressGroups.isEmpty(), "addressGroups is empty");
@@ -192,6 +199,8 @@ protected void handleNotInUse() {
     this.channelLogger = Preconditions.checkNotNull(channelLogger, "channelLogger");
     this.transportFilters = transportFilters;
     this.reconnectDisabled = args.getOption(LoadBalancer.DISABLE_SUBCHANNEL_RECONNECT_KEY);
+    this.target = target;
+    this.subchannelMetrics = new SubchannelMetrics(metricRecorder);
   }
 
   ChannelLogger getChannelLogger() {
@@ -593,6 +602,13 @@ public void run() {
             pendingTransport = null;
             connectedAddressAttributes = addressIndex.getCurrentEagAttributes();
             gotoNonErrorState(READY);
+            subchannelMetrics.recordConnectionAttemptSucceeded(/* target= */ target,
+                /* backendService= */ getAttributeOrDefault(
+                    addressIndex.getCurrentEagAttributes(), NameResolver.ATTR_BACKEND_SERVICE),
+                /* locality= */ getAttributeOrDefault(addressIndex.getCurrentEagAttributes(),
+                    EquivalentAddressGroup.ATTR_LOCALITY_NAME),
+                /* securityLevel= */ extractSecurityLevel(addressIndex.getCurrentEagAttributes()
+                    .get(GrpcAttributes.ATTR_SECURITY_LEVEL)));
           }
         }
       });
@@ -618,11 +634,25 @@ public void run() {
             activeTransport = null;
             addressIndex.reset();
             gotoNonErrorState(IDLE);
+            subchannelMetrics.recordDisconnection(/* target= */ target,
+                /* backendService= */ getAttributeOrDefault(addressIndex.getCurrentEagAttributes(),
+                    NameResolver.ATTR_BACKEND_SERVICE),
+                /* locality= */ getAttributeOrDefault(addressIndex.getCurrentEagAttributes(),
+                    EquivalentAddressGroup.ATTR_LOCALITY_NAME),
+                /* disconnectError= */ SubchannelMetrics.DisconnectError.UNKNOWN
+                    .getErrorString(null),
+                /* securityLevel= */ extractSecurityLevel(addressIndex.getCurrentEagAttributes()
+                    .get(GrpcAttributes.ATTR_SECURITY_LEVEL)));
           } else if (pendingTransport == transport) {
+            subchannelMetrics.recordConnectionAttemptFailed(/* target= */ target,
+                /* backendService= */getAttributeOrDefault(addressIndex.getCurrentEagAttributes(),
+                    NameResolver.ATTR_BACKEND_SERVICE),
+                /* locality= */ getAttributeOrDefault(addressIndex.getCurrentEagAttributes(),
+                    EquivalentAddressGroup.ATTR_LOCALITY_NAME));
             Preconditions.checkState(state.getState() == CONNECTING,
                 "Expected state is CONNECTING, actual state is %s", state.getState());
             addressIndex.increment();
-            // Continue reconnect if there are still addresses to try.
+            // Continue to reconnect if there are still addresses to try.
             if (!addressIndex.isValid()) {
               pendingTransport = null;
               addressIndex.reset();
@@ -658,6 +688,27 @@ public void run() {
         }
       });
     }
+
+    private String extractSecurityLevel(SecurityLevel securityLevel) {
+      if (securityLevel == null) {
+        return "none";
+      }
+      switch (securityLevel) {
+        case NONE:
+          return "none";
+        case INTEGRITY:
+          return "integrity_only";
+        case PRIVACY_AND_INTEGRITY:
+          return "privacy_and_integrity";
+        default:
+          throw new IllegalArgumentException("Unknown SecurityLevel: " + securityLevel);
+      }
+    }
+
+    private String getAttributeOrDefault(Attributes attributes, Attributes.Key<String> key) {
+      String value = attributes.get(key);
+      return value == null ? "" : value;
+    }
   }
 
   // All methods are called in syncContext
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 16b8adbd347..78c5181502f 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -415,7 +415,7 @@ void exitIdleMode() {
     LbHelperImpl lbHelper = new LbHelperImpl();
     lbHelper.lb = loadBalancerFactory.newLoadBalancer(lbHelper);
     // Delay setting lbHelper until fully initialized, since loadBalancerFactory is user code and
-    // may throw. We don't want to confuse our state, even if we will enter panic mode.
+    // may throw. We don't want to confuse our state, even if we enter panic mode.
     this.lbHelper = lbHelper;
 
     channelStateManager.gotoState(CONNECTING);
@@ -1464,7 +1464,9 @@ void onStateChange(InternalSubchannel is, ConnectivityStateInfo newState) {
           subchannelTracer,
           subchannelLogId,
           subchannelLogger,
-          transportFilters);
+          transportFilters,
+          target,
+          lbHelper.getMetricRecorder());
       oobChannelTracer.reportEvent(new ChannelTrace.Event.Builder()
           .setDescription("Child Subchannel created")
           .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
@@ -1895,7 +1897,8 @@ void onNotInUse(InternalSubchannel is) {
           subchannelTracer,
           subchannelLogId,
           subchannelLogger,
-          transportFilters);
+          transportFilters, target,
+          lbHelper.getMetricRecorder());
 
       channelTracer.reportEvent(new ChannelTrace.Event.Builder()
           .setDescription("Child Subchannel started")
diff --git a/core/src/main/java/io/grpc/internal/MetricRecorderImpl.java b/core/src/main/java/io/grpc/internal/MetricRecorderImpl.java
index 452b1c5df07..ded9d5ce589 100644
--- a/core/src/main/java/io/grpc/internal/MetricRecorderImpl.java
+++ b/core/src/main/java/io/grpc/internal/MetricRecorderImpl.java
@@ -26,6 +26,7 @@
 import io.grpc.LongCounterMetricInstrument;
 import io.grpc.LongGaugeMetricInstrument;
 import io.grpc.LongHistogramMetricInstrument;
+import io.grpc.LongUpDownCounterMetricInstrument;
 import io.grpc.MetricInstrument;
 import io.grpc.MetricInstrumentRegistry;
 import io.grpc.MetricRecorder;
@@ -82,7 +83,7 @@ public void addDoubleCounter(DoubleCounterMetricInstrument metricInstrument, dou
    * Records a long counter value.
    *
    * @param metricInstrument the {@link LongCounterMetricInstrument} to record.
-   * @param value the value to record.
+   * @param value the value to record. Must be non-negative.
    * @param requiredLabelValues the required label values for the metric.
    * @param optionalLabelValues the optional label values for the metric.
    */
@@ -103,6 +104,32 @@ public void addLongCounter(LongCounterMetricInstrument metricInstrument, long va
     }
   }
 
+  /**
+   * Adds a long up down counter value.
+   *
+   * @param metricInstrument    the {@link io.grpc.LongUpDownCounterMetricInstrument} to record.
+   * @param value               the value to record. May be positive, negative or zero.
+   * @param requiredLabelValues the required label values for the metric.
+   * @param optionalLabelValues the optional label values for the metric.
+   */
+  @Override
+  public void addLongUpDownCounter(LongUpDownCounterMetricInstrument metricInstrument, long value,
+                                   List<String> requiredLabelValues,
+                                   List<String> optionalLabelValues) {
+    MetricRecorder.super.addLongUpDownCounter(metricInstrument, value, requiredLabelValues,
+        optionalLabelValues);
+    for (MetricSink sink : metricSinks) {
+      int measuresSize = sink.getMeasuresSize();
+      if (measuresSize <= metricInstrument.getIndex()) {
+        // Measures may need updating in two cases:
+        // 1. When the sink is initially created with an empty list of measures.
+        // 2. When new metric instruments are registered, requiring the sink to accommodate them.
+        sink.updateMeasures(registry.getMetricInstruments());
+      }
+      sink.addLongUpDownCounter(metricInstrument, value, requiredLabelValues, optionalLabelValues);
+    }
+  }
+
   /**
    * Records a double histogram value.
    *
diff --git a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
index bbc144ea775..ebe329ca591 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
@@ -92,7 +92,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       return Status.FAILED_PRECONDITION.withDescription("Already shut down");
     }
 
-    // Cache whether or not this is a petiole policy, which is based off of an address attribute
+    // Check whether this is a petiole policy, which is based off of an address attribute
     Boolean isPetiolePolicy = resolvedAddresses.getAttributes().get(IS_PETIOLE_POLICY);
     this.notAPetiolePolicy = isPetiolePolicy == null || !isPetiolePolicy;
 
diff --git a/core/src/main/java/io/grpc/internal/SubchannelMetrics.java b/core/src/main/java/io/grpc/internal/SubchannelMetrics.java
new file mode 100644
index 00000000000..8921f13ebe6
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/SubchannelMetrics.java
@@ -0,0 +1,189 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Lists;
+import io.grpc.LongCounterMetricInstrument;
+import io.grpc.LongUpDownCounterMetricInstrument;
+import io.grpc.MetricInstrumentRegistry;
+import io.grpc.MetricRecorder;
+import javax.annotation.Nullable;
+
+final class SubchannelMetrics {
+
+  private static final LongCounterMetricInstrument disconnections;
+  private static final LongCounterMetricInstrument connectionAttemptsSucceeded;
+  private static final LongCounterMetricInstrument connectionAttemptsFailed;
+  private static final LongUpDownCounterMetricInstrument openConnections;
+  private final MetricRecorder metricRecorder;
+
+  public SubchannelMetrics(MetricRecorder metricRecorder) {
+    this.metricRecorder = metricRecorder;
+  }
+
+  static {
+    MetricInstrumentRegistry metricInstrumentRegistry
+        = MetricInstrumentRegistry.getDefaultRegistry();
+    disconnections = metricInstrumentRegistry.registerLongCounter(
+        "grpc.subchannel.disconnections",
+        "EXPERIMENTAL. Number of times the selected subchannel becomes disconnected",
+        "{disconnection}",
+        Lists.newArrayList("grpc.target"),
+        Lists.newArrayList("grpc.lb.backend_service", "grpc.lb.locality", "grpc.disconnect_error"),
+        false
+    );
+
+    connectionAttemptsSucceeded = metricInstrumentRegistry.registerLongCounter(
+        "grpc.subchannel.connection_attempts_succeeded",
+        "EXPERIMENTAL. Number of successful connection attempts",
+        "{attempt}",
+        Lists.newArrayList("grpc.target"),
+        Lists.newArrayList("grpc.lb.backend_service", "grpc.lb.locality"),
+        false
+    );
+
+    connectionAttemptsFailed = metricInstrumentRegistry.registerLongCounter(
+        "grpc.subchannel.connection_attempts_failed",
+        "EXPERIMENTAL. Number of failed connection attempts",
+        "{attempt}",
+        Lists.newArrayList("grpc.target"),
+        Lists.newArrayList("grpc.lb.backend_service", "grpc.lb.locality"),
+        false
+    );
+
+    openConnections = metricInstrumentRegistry.registerLongUpDownCounter(
+        "grpc.subchannel.open_connections",
+        "EXPERIMENTAL. Number of open connections.",
+        "{connection}",
+        Lists.newArrayList("grpc.target"),
+        Lists.newArrayList("grpc.security_level", "grpc.lb.backend_service", "grpc.lb.locality"),
+        false
+    );
+  }
+
+  public void recordConnectionAttemptSucceeded(String target, String backendService,
+                                               String locality, String securityLevel) {
+    metricRecorder
+        .addLongCounter(connectionAttemptsSucceeded, 1,
+            ImmutableList.of(target),
+            ImmutableList.of(backendService, locality));
+    metricRecorder
+        .addLongUpDownCounter(openConnections, 1,
+            ImmutableList.of(target),
+            ImmutableList.of(securityLevel, backendService, locality));
+  }
+
+  public void recordConnectionAttemptFailed(String target, String backendService, String locality) {
+    metricRecorder
+        .addLongCounter(connectionAttemptsFailed, 1,
+            ImmutableList.of(target),
+            ImmutableList.of(backendService, locality));
+  }
+
+  public void recordDisconnection(String target, String backendService, String locality,
+                                  String disconnectError, String securityLevel) {
+    metricRecorder
+        .addLongCounter(disconnections, 1,
+            ImmutableList.of(target),
+            ImmutableList.of(backendService, locality, disconnectError));
+    metricRecorder
+        .addLongUpDownCounter(openConnections, -1,
+            ImmutableList.of(target),
+            ImmutableList.of(securityLevel, backendService, locality));
+  }
+
+  /**
+   * Represents the reason for a subchannel failure.
+   */
+  public enum DisconnectError {
+
+    /**
+     * Represents an HTTP/2 GOAWAY frame. The specific error code
+     * (e.g., "NO_ERROR", "PROTOCOL_ERROR") should be handled separately
+     * as it is a dynamic part of the error.
+     * See RFC 9113 for error codes: https://www.rfc-editor.org/rfc/rfc9113.html#name-error-codes
+     */
+    GOAWAY("goaway"),
+
+    /**
+     * The subchannel was shut down for various reasons like parent channel shutdown,
+     * idleness, or load balancing policy changes.
+     */
+    SUBCHANNEL_SHUTDOWN("subchannel shutdown"),
+
+    /**
+     * Connection was reset (e.g., ECONNRESET, WSAECONNERESET).
+     */
+    CONNECTION_RESET("connection reset"),
+
+    /**
+     * Connection timed out (e.g., ETIMEDOUT, WSAETIMEDOUT), including closures
+     * from gRPC keepalives.
+     */
+    CONNECTION_TIMED_OUT("connection timed out"),
+
+    /**
+     * Connection was aborted (e.g., ECONNABORTED, WSAECONNABORTED).
+     */
+    CONNECTION_ABORTED("connection aborted"),
+
+    /**
+     * Any socket error not covered by other specific disconnect errors.
+     */
+    SOCKET_ERROR("socket error"),
+
+    /**
+     * A catch-all for any other unclassified reason.
+     */
+    UNKNOWN("unknown");
+
+    private final String errorTag;
+
+    /**
+     * Private constructor to associate a description with each enum constant.
+     *
+     * @param errorTag The detailed explanation of the error.
+     */
+    DisconnectError(String errorTag) {
+      this.errorTag = errorTag;
+    }
+
+    /**
+     * Gets the error string suitable for use as a metric tag.
+     *
+     * <p>If the reason is {@code GOAWAY}, this method requires the specific
+     * HTTP/2 error code to create the complete tag (e.g., "goaway PROTOCOL_ERROR").
+     * For all other reasons, the parameter is ignored.</p>
+     *
+     * @param goawayErrorCode The specific HTTP/2 error code. This is only
+     *                        used if the reason is GOAWAY and should not be null in that case.
+     * @return The formatted error string.
+     */
+    public String getErrorString(@Nullable String goawayErrorCode) {
+      if (this == GOAWAY) {
+        if (goawayErrorCode == null || goawayErrorCode.isEmpty()) {
+          // Return the base tag if the code is missing, or consider throwing an exception
+          // throw new IllegalArgumentException("goawayErrorCode is required for GOAWAY reason.");
+          return this.errorTag;
+        }
+        return this.errorTag + " " + goawayErrorCode;
+      }
+      return this.errorTag;
+    }
+  }
+}
diff --git a/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java b/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
index bed722f5f3a..4ac5fbac362 100644
--- a/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
+++ b/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
@@ -29,10 +29,13 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
@@ -48,6 +51,10 @@
 import io.grpc.InternalLogId;
 import io.grpc.InternalWithLogId;
 import io.grpc.LoadBalancer;
+import io.grpc.MetricInstrument;
+import io.grpc.MetricRecorder;
+import io.grpc.NameResolver;
+import io.grpc.SecurityLevel;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.InternalSubchannel.CallTracingTransport;
@@ -68,6 +75,7 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
+import org.mockito.InOrder;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
@@ -81,6 +89,9 @@ public class InternalSubchannelTest {
   public final MockitoRule mocks = MockitoJUnit.rule();
 
   private static final String AUTHORITY = "fakeauthority";
+  private static final String BACKEND_SERVICE = "ice-cream-factory-service";
+  private static final String LOCALITY = "mars-olympus-mons-datacenter";
+  private static final SecurityLevel SECURITY_LEVEL = SecurityLevel.PRIVACY_AND_INTEGRITY;
   private static final String USER_AGENT = "mosaic";
   private static final ConnectivityStateInfo UNAVAILABLE_STATE =
       ConnectivityStateInfo.forTransientFailure(Status.UNAVAILABLE);
@@ -108,6 +119,10 @@ public void uncaughtException(Thread t, Throwable e) {
   @Mock private BackoffPolicy.Provider mockBackoffPolicyProvider;
   @Mock private ClientTransportFactory mockTransportFactory;
 
+  @Mock private BackoffPolicy mockBackoffPolicy;
+  private MetricRecorder mockMetricRecorder = mock(MetricRecorder.class,
+      delegatesTo(new MetricRecorderImpl()));
+
   private final LinkedList<String> callbackInvokes = new LinkedList<>();
   private final InternalSubchannel.Callback mockInternalSubchannelCallback =
       new InternalSubchannel.Callback() {
@@ -1446,7 +1461,136 @@ private void createInternalSubchannel(boolean reconnectDisabled,
         subchannelTracer,
         logId,
         new ChannelLoggerImpl(subchannelTracer, fakeClock.getTimeProvider()),
-          Collections.emptyList());
+        Collections.emptyList(),
+        "",
+        new MetricRecorder() {
+        }
+    );
+  }
+
+  @Test
+  public void subchannelStateChanges_triggersAttemptFailedMetric() {
+    // 1. Setup: Standard subchannel initialization
+    when(mockBackoffPolicyProvider.get()).thenReturn(mockBackoffPolicy);
+    SocketAddress addr = mock(SocketAddress.class);
+    Attributes eagAttributes = Attributes.newBuilder()
+        .set(NameResolver.ATTR_BACKEND_SERVICE, BACKEND_SERVICE)
+        .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, LOCALITY)
+        .set(GrpcAttributes.ATTR_SECURITY_LEVEL, SECURITY_LEVEL)
+        .build();
+    List<EquivalentAddressGroup> addressGroups =
+        Arrays.asList(new EquivalentAddressGroup(Arrays.asList(addr), eagAttributes));
+    InternalLogId logId = InternalLogId.allocate("Subchannel", /*details=*/ AUTHORITY);
+    ChannelTracer subchannelTracer = new ChannelTracer(logId, 10,
+        fakeClock.getTimeProvider().currentTimeNanos(), "Subchannel");
+    LoadBalancer.CreateSubchannelArgs createSubchannelArgs =
+        LoadBalancer.CreateSubchannelArgs.newBuilder().setAddresses(addressGroups).build();
+    internalSubchannel = new InternalSubchannel(
+        createSubchannelArgs, AUTHORITY, USER_AGENT, mockBackoffPolicyProvider,
+        mockTransportFactory, fakeClock.getScheduledExecutorService(),
+        fakeClock.getStopwatchSupplier(), syncContext, mockInternalSubchannelCallback, channelz,
+        CallTracer.getDefaultFactory().create(), subchannelTracer, logId,
+        new ChannelLoggerImpl(subchannelTracer, fakeClock.getTimeProvider()),
+        Collections.emptyList(), AUTHORITY, mockMetricRecorder
+    );
+
+    // --- Action: Simulate the "connecting to failed" transition ---
+    // a. Initiate the connection attempt. The subchannel is now CONNECTING.
+    internalSubchannel.obtainActiveTransport();
+    MockClientTransportInfo transportInfo = transports.poll();
+    assertNotNull("A connection attempt should have been made", transportInfo);
+
+    // b. Fail the transport before it can signal `transportReady()`.
+    transportInfo.listener.transportShutdown(
+        Status.INTERNAL.withDescription("Simulated connect failure"));
+    fakeClock.runDueTasks(); // Process the failure event
+
+    // --- Verification ---
+    // a. Verify that the "connection_attempts_failed" metric was recorded exactly once.
+    verify(mockMetricRecorder).addLongCounter(
+        eqMetricInstrumentName("grpc.subchannel.connection_attempts_failed"),
+        eq(1L),
+        eq(Arrays.asList(AUTHORITY)),
+        eq(Arrays.asList(BACKEND_SERVICE, LOCALITY))
+    );
+
+    // b. Verify no other metrics were recorded. This confirms it wasn't incorrectly
+    //    logged as a success, disconnection, or open connection.
+    verifyNoMoreInteractions(mockMetricRecorder);
+  }
+
+  @Test
+  public void subchannelStateChanges_triggersSuccessAndDisconnectMetrics() {
+    // 1. Mock the backoff policy (needed for subchannel creation)
+    when(mockBackoffPolicyProvider.get()).thenReturn(mockBackoffPolicy);
+
+    // 2. Setup Subchannel with attributes
+    SocketAddress addr = mock(SocketAddress.class);
+    Attributes eagAttributes = Attributes.newBuilder()
+        .set(NameResolver.ATTR_BACKEND_SERVICE, BACKEND_SERVICE)
+        .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, LOCALITY)
+        .set(GrpcAttributes.ATTR_SECURITY_LEVEL, SECURITY_LEVEL)
+        .build();
+    List<EquivalentAddressGroup> addressGroups =
+        Arrays.asList(new EquivalentAddressGroup(Arrays.asList(addr), eagAttributes));
+    createInternalSubchannel(new EquivalentAddressGroup(addr));
+    InternalLogId logId = InternalLogId.allocate("Subchannel", /*details=*/ AUTHORITY);
+    ChannelTracer subchannelTracer = new ChannelTracer(logId, 10,
+        fakeClock.getTimeProvider().currentTimeNanos(), "Subchannel");
+    LoadBalancer.CreateSubchannelArgs createSubchannelArgs =
+        LoadBalancer.CreateSubchannelArgs.newBuilder().setAddresses(addressGroups).build();
+    internalSubchannel = new InternalSubchannel(
+        createSubchannelArgs, AUTHORITY, USER_AGENT, mockBackoffPolicyProvider,
+        mockTransportFactory, fakeClock.getScheduledExecutorService(),
+        fakeClock.getStopwatchSupplier(), syncContext, mockInternalSubchannelCallback, channelz,
+        CallTracer.getDefaultFactory().create(), subchannelTracer, logId,
+        new ChannelLoggerImpl(subchannelTracer, fakeClock.getTimeProvider()),
+        Collections.emptyList(), AUTHORITY, mockMetricRecorder
+    );
+
+    // --- Action: Successful connection ---
+    internalSubchannel.obtainActiveTransport();
+    MockClientTransportInfo transportInfo = transports.poll();
+    assertNotNull(transportInfo);
+    transportInfo.listener.transportReady();
+    fakeClock.runDueTasks(); // Process the successful connection
+
+    // --- Action: Transport is shut down ---
+    transportInfo.listener.transportShutdown(Status.UNAVAILABLE.withDescription("unknown"));
+    fakeClock.runDueTasks(); // Process the shutdown
+
+    // --- Verification ---
+    InOrder inOrder = inOrder(mockMetricRecorder);
+
+    // Verify successful connection metrics
+    inOrder.verify(mockMetricRecorder).addLongCounter(
+        eqMetricInstrumentName("grpc.subchannel.connection_attempts_succeeded"),
+        eq(1L),
+        eq(Arrays.asList(AUTHORITY)),
+        eq(Arrays.asList(BACKEND_SERVICE, LOCALITY))
+    );
+    inOrder.verify(mockMetricRecorder).addLongUpDownCounter(
+        eqMetricInstrumentName("grpc.subchannel.open_connections"),
+        eq(1L),
+        eq(Arrays.asList(AUTHORITY)),
+        eq(Arrays.asList("privacy_and_integrity", BACKEND_SERVICE, LOCALITY))
+    );
+
+    // Verify disconnection metrics
+    inOrder.verify(mockMetricRecorder).addLongCounter(
+        eqMetricInstrumentName("grpc.subchannel.disconnections"),
+        eq(1L),
+        eq(Arrays.asList(AUTHORITY)),
+        eq(Arrays.asList(BACKEND_SERVICE, LOCALITY, "unknown"))
+    );
+    inOrder.verify(mockMetricRecorder).addLongUpDownCounter(
+        eqMetricInstrumentName("grpc.subchannel.open_connections"),
+        eq(-1L),
+        eq(Arrays.asList(AUTHORITY)),
+        eq(Arrays.asList("privacy_and_integrity", BACKEND_SERVICE, LOCALITY))
+    );
+
+    inOrder.verifyNoMoreInteractions();
   }
 
   private void assertNoCallbackInvoke() {
@@ -1459,5 +1603,13 @@ private void assertExactCallbackInvokes(String ... expectedInvokes) {
     callbackInvokes.clear();
   }
 
+  static class MetricRecorderImpl implements MetricRecorder {
+  }
+
+  @SuppressWarnings("TypeParameterUnusedInFormals")
+  private <T extends MetricInstrument> T eqMetricInstrumentName(String name) {
+    return argThat(instrument -> instrument.getName().equals(name));
+  }
+
   private static class FakeSocketAddress extends SocketAddress {}
 }
diff --git a/core/src/test/java/io/grpc/internal/MetricRecorderImplTest.java b/core/src/test/java/io/grpc/internal/MetricRecorderImplTest.java
index 08f34a267f9..33bf9bb41e2 100644
--- a/core/src/test/java/io/grpc/internal/MetricRecorderImplTest.java
+++ b/core/src/test/java/io/grpc/internal/MetricRecorderImplTest.java
@@ -32,6 +32,7 @@
 import io.grpc.LongCounterMetricInstrument;
 import io.grpc.LongGaugeMetricInstrument;
 import io.grpc.LongHistogramMetricInstrument;
+import io.grpc.LongUpDownCounterMetricInstrument;
 import io.grpc.MetricInstrumentRegistry;
 import io.grpc.MetricInstrumentRegistryAccessor;
 import io.grpc.MetricRecorder;
@@ -79,6 +80,9 @@ public class MetricRecorderImplTest {
   private final LongGaugeMetricInstrument longGaugeInstrument =
       registry.registerLongGauge("gauge0", DESCRIPTION, UNIT, REQUIRED_LABEL_KEYS,
           OPTIONAL_LABEL_KEYS, ENABLED);
+  private final LongUpDownCounterMetricInstrument longUpDownCounterInstrument =
+      registry.registerLongUpDownCounter("upDownCounter0", DESCRIPTION, UNIT,
+          REQUIRED_LABEL_KEYS, OPTIONAL_LABEL_KEYS, ENABLED);
   private MetricRecorder recorder;
 
   @Before
@@ -88,7 +92,7 @@ public void setUp() {
 
   @Test
   public void addCounter() {
-    when(mockSink.getMeasuresSize()).thenReturn(4);
+    when(mockSink.getMeasuresSize()).thenReturn(6);
 
     recorder.addDoubleCounter(doubleCounterInstrument, 1.0, REQUIRED_LABEL_VALUES,
         OPTIONAL_LABEL_VALUES);
@@ -100,6 +104,12 @@ public void addCounter() {
     verify(mockSink, times(2)).addLongCounter(eq(longCounterInstrument), eq(1L),
         eq(REQUIRED_LABEL_VALUES), eq(OPTIONAL_LABEL_VALUES));
 
+    recorder.addLongUpDownCounter(longUpDownCounterInstrument, -10, REQUIRED_LABEL_VALUES,
+        OPTIONAL_LABEL_VALUES);
+    verify(mockSink, times(2))
+        .addLongUpDownCounter(eq(longUpDownCounterInstrument), eq(-10L),
+            eq(REQUIRED_LABEL_VALUES), eq(OPTIONAL_LABEL_VALUES));
+
     verify(mockSink, never()).updateMeasures(registry.getMetricInstruments());
   }
 
@@ -190,6 +200,13 @@ public void newRegisteredMetricUpdateMeasures() {
     verify(mockSink, times(2))
         .registerBatchCallback(any(Runnable.class), eq(longGaugeInstrument));
     registration.close();
+
+    // Long UpDown Counter
+    recorder.addLongUpDownCounter(longUpDownCounterInstrument, -10, REQUIRED_LABEL_VALUES,
+        OPTIONAL_LABEL_VALUES);
+    verify(mockSink, times(12)).updateMeasures(anyList());
+    verify(mockSink, times(2)).addLongUpDownCounter(eq(longUpDownCounterInstrument), eq(-10L),
+        eq(REQUIRED_LABEL_VALUES), eq(OPTIONAL_LABEL_VALUES));
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -208,6 +225,13 @@ public void addLongCounterMismatchedRequiredLabelValues() {
         OPTIONAL_LABEL_VALUES);
   }
 
+  @Test(expected = IllegalArgumentException.class)
+  public void addLongUpDownCounterMismatchedRequiredLabelValues() {
+    when(mockSink.getMeasuresSize()).thenReturn(6);
+    recorder.addLongUpDownCounter(longUpDownCounterInstrument, 1, ImmutableList.of(),
+        OPTIONAL_LABEL_VALUES);
+  }
+
   @Test(expected = IllegalArgumentException.class)
   public void recordDoubleHistogramMismatchedRequiredLabelValues() {
     when(mockSink.getMeasuresSize()).thenReturn(4);
@@ -260,6 +284,13 @@ public void addLongCounterMismatchedOptionalLabelValues() {
         ImmutableList.of());
   }
 
+  @Test(expected = IllegalArgumentException.class)
+  public void addLongUpDownCounterMismatchedOptionalLabelValues() {
+    when(mockSink.getMeasuresSize()).thenReturn(6);
+    recorder.addLongUpDownCounter(longUpDownCounterInstrument, 1, REQUIRED_LABEL_VALUES,
+        ImmutableList.of());
+  }
+
   @Test(expected = IllegalArgumentException.class)
   public void recordDoubleHistogramMismatchedOptionalLabelValues() {
     when(mockSink.getMeasuresSize()).thenReturn(4);
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricSink.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricSink.java
index 8f612804436..fd8af7f998f 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricSink.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricSink.java
@@ -27,6 +27,7 @@
 import io.grpc.LongCounterMetricInstrument;
 import io.grpc.LongGaugeMetricInstrument;
 import io.grpc.LongHistogramMetricInstrument;
+import io.grpc.LongUpDownCounterMetricInstrument;
 import io.grpc.MetricInstrument;
 import io.grpc.MetricSink;
 import io.opentelemetry.api.common.Attributes;
@@ -36,6 +37,7 @@
 import io.opentelemetry.api.metrics.DoubleHistogram;
 import io.opentelemetry.api.metrics.LongCounter;
 import io.opentelemetry.api.metrics.LongHistogram;
+import io.opentelemetry.api.metrics.LongUpDownCounter;
 import io.opentelemetry.api.metrics.Meter;
 import io.opentelemetry.api.metrics.ObservableLongMeasurement;
 import io.opentelemetry.api.metrics.ObservableMeasurement;
@@ -117,6 +119,22 @@ public void addLongCounter(LongCounterMetricInstrument metricInstrument, long va
     counter.add(value, attributes);
   }
 
+  @Override
+  public void addLongUpDownCounter(LongUpDownCounterMetricInstrument metricInstrument, long value,
+                                   List<String> requiredLabelValues,
+                                   List<String> optionalLabelValues) {
+    MeasuresData instrumentData = measures.get(metricInstrument.getIndex());
+    if (instrumentData == null) {
+      // Disabled metric
+      return;
+    }
+    Attributes attributes = createAttributes(metricInstrument.getRequiredLabelKeys(),
+        metricInstrument.getOptionalLabelKeys(), requiredLabelValues, optionalLabelValues,
+        instrumentData.getOptionalLabelsBitSet());
+    LongUpDownCounter counter = (LongUpDownCounter) instrumentData.getMeasure();
+    counter.add(value, attributes);
+  }
+
   @Override
   public void recordDoubleHistogram(DoubleHistogramMetricInstrument metricInstrument, double value,
       List<String> requiredLabelValues, List<String> optionalLabelValues) {
@@ -256,6 +274,11 @@ public void updateMeasures(List<MetricInstrument> instruments) {
               .setDescription(description)
               .ofLongs()
               .buildObserver();
+        } else if (instrument instanceof LongUpDownCounterMetricInstrument) {
+          openTelemetryMeasure = openTelemetryMeter.upDownCounterBuilder(name)
+              .setUnit(unit)
+              .setDescription(description)
+              .build();
         } else {
           logger.log(Level.FINE, "Unsupported metric instrument type : {0}", instrument);
           openTelemetryMeasure = null;
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
index 5214804d369..ef21903c8e7 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
@@ -36,6 +36,12 @@ public final class OpenTelemetryConstants {
   public static final AttributeKey<String> BACKEND_SERVICE_KEY =
       AttributeKey.stringKey("grpc.lb.backend_service");
 
+  public static final AttributeKey<String> DISCONNECT_ERROR_KEY =
+      AttributeKey.stringKey("grpc.disconnect_error");
+
+  public static final AttributeKey<String> SECURITY_LEVEL_KEY =
+      AttributeKey.stringKey("grpc.security_level");
+
   public static final List<Double> LATENCY_BUCKETS =
       ImmutableList.of(
           0d,     0.00001d, 0.00005d, 0.0001d, 0.0003d, 0.0006d, 0.0008d, 0.001d, 0.002d,
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricSinkTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricSinkTest.java
index c538da55dcb..cced4de3cb4 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricSinkTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricSinkTest.java
@@ -24,6 +24,7 @@
 import io.grpc.LongCounterMetricInstrument;
 import io.grpc.LongGaugeMetricInstrument;
 import io.grpc.LongHistogramMetricInstrument;
+import io.grpc.LongUpDownCounterMetricInstrument;
 import io.grpc.MetricInstrument;
 import io.grpc.MetricSink;
 import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
@@ -144,16 +145,25 @@ public void addCounter_enabledMetric() {
             "Number of client calls started", "count", Collections.emptyList(),
             Collections.emptyList(),
             true);
+    LongUpDownCounterMetricInstrument longUpDownCounterInstrument =
+        new LongUpDownCounterMetricInstrument(2, "active_carrier_pigeons",
+            "Active Carrier Pigeons", "pigeons",
+            Collections.emptyList(),
+            Collections.emptyList(), true);
+
     // Create sink
     sink = new OpenTelemetryMetricSink(testMeter, enabledMetrics, false, Collections.emptyList());
 
     // Invoke updateMeasures
-    sink.updateMeasures(Arrays.asList(longCounterInstrument, doubleCounterInstrument));
+    sink.updateMeasures(Arrays.asList(longCounterInstrument, doubleCounterInstrument,
+        longUpDownCounterInstrument));
 
     sink.addLongCounter(longCounterInstrument, 123L, Collections.emptyList(),
         Collections.emptyList());
     sink.addDoubleCounter(doubleCounterInstrument, 12.0, Collections.emptyList(),
         Collections.emptyList());
+    sink.addLongUpDownCounter(longUpDownCounterInstrument, -3L, Collections.emptyList(),
+        Collections.emptyList());
 
     assertThat(openTelemetryTesting.getMetrics())
         .satisfiesExactlyInAnyOrder(
@@ -184,7 +194,21 @@ public void addCounter_enabledMetric() {
                                 .hasPointsSatisfying(
                                     point ->
                                         point
-                                            .hasValue(12.0D))));
+                                            .hasValue(12.0D))),
+            metric ->
+                assertThat(metric)
+                    .hasInstrumentationScope(InstrumentationScopeInfo.create(
+                        OpenTelemetryConstants.INSTRUMENTATION_SCOPE))
+                    .hasName("active_carrier_pigeons")
+                    .hasDescription("Active Carrier Pigeons")
+                    .hasUnit("pigeons")
+                    .hasLongSumSatisfying(
+                        longSum ->
+                            longSum
+                                .hasPointsSatisfying(
+                                    point ->
+                                        point
+                                            .hasValue(-3L))));
   }
 
   @Test
@@ -192,18 +216,27 @@ public void addCounter_disabledMetric() {
     // set up sink with disabled metric
     Map<String, Boolean> enabledMetrics = new HashMap<>();
     enabledMetrics.put("client_latency", false);
+    enabledMetrics.put("active_carrier_pigeons", false);
 
     LongCounterMetricInstrument instrument =
         new LongCounterMetricInstrument(0, "client_latency", "Client latency", "s",
             Collections.emptyList(),
             Collections.emptyList(), true);
+    LongUpDownCounterMetricInstrument longUpDownCounterInstrument =
+        new LongUpDownCounterMetricInstrument(1, "active_carrier_pigeons",
+            "Active Carrier Pigeons", "pigeons",
+            Collections.emptyList(),
+            Collections.emptyList(), false);
+
     // Create sink
     sink = new OpenTelemetryMetricSink(testMeter, enabledMetrics, true, Collections.emptyList());
 
     // Invoke updateMeasures
-    sink.updateMeasures(Arrays.asList(instrument));
+    sink.updateMeasures(Arrays.asList(instrument, longUpDownCounterInstrument));
 
     sink.addLongCounter(instrument, 123L, Collections.emptyList(), Collections.emptyList());
+    sink.addLongUpDownCounter(longUpDownCounterInstrument, -13L, Collections.emptyList(),
+        Collections.emptyList());
 
     assertThat(openTelemetryTesting.getMetrics()).isEmpty();
   }
@@ -377,6 +410,7 @@ public void registerBatchCallback_bothEnabledAndDisabled() {
   public void recordLabels() {
     Map<String, Boolean> enabledMetrics = new HashMap<>();
     enabledMetrics.put("client_latency", true);
+    enabledMetrics.put("ghosts_in_the_wire", true);
 
     List<String> optionalLabels = Arrays.asList("optional_label_key_2");
 
@@ -384,16 +418,24 @@ public void recordLabels() {
         new LongCounterMetricInstrument(0, "client_latency", "Client latency", "s",
             ImmutableList.of("required_label_key_1", "required_label_key_2"),
             ImmutableList.of("optional_label_key_1", "optional_label_key_2"), false);
+    LongUpDownCounterMetricInstrument longUpDownCounterInstrument =
+        new LongUpDownCounterMetricInstrument(1, "ghosts_in_the_wire",
+            "Number of Ghosts Haunting the Wire", "{ghosts}",
+            ImmutableList.of("required_label_key_1", "required_label_key_2"),
+            ImmutableList.of("optional_label_key_1", "optional_label_key_2"), false);
 
     // Create sink
     sink = new OpenTelemetryMetricSink(testMeter, enabledMetrics, false, optionalLabels);
 
     // Invoke updateMeasures
-    sink.updateMeasures(Arrays.asList(longCounterInstrument));
+    sink.updateMeasures(Arrays.asList(longCounterInstrument, longUpDownCounterInstrument));
 
     sink.addLongCounter(longCounterInstrument, 123L,
         ImmutableList.of("required_label_value_1", "required_label_value_2"),
         ImmutableList.of("optional_label_value_1", "optional_label_value_2"));
+    sink.addLongUpDownCounter(longUpDownCounterInstrument, -400L,
+        ImmutableList.of("required_label_value_1", "required_label_value_2"),
+        ImmutableList.of("optional_label_value_1", "optional_label_value_2"));
 
     io.opentelemetry.api.common.Attributes expectedAtrributes
         = io.opentelemetry.api.common.Attributes.of(
@@ -417,6 +459,22 @@ public void recordLabels() {
                                     point ->
                                         point
                                             .hasAttributes(expectedAtrributes)
-                                            .hasValue(123L))));
+                                            .hasValue(123L))),
+            metric ->
+                assertThat(metric)
+                    .hasInstrumentationScope(InstrumentationScopeInfo.create(
+                        OpenTelemetryConstants.INSTRUMENTATION_SCOPE))
+                    .hasName("ghosts_in_the_wire")
+                    .hasDescription("Number of Ghosts Haunting the Wire")
+                    .hasUnit("{ghosts}")
+                    .hasLongSumSatisfying(
+                        longSum ->
+                            longSum
+                                .hasPointsSatisfying(
+                                    point ->
+                                        point
+                                            .hasAttributes(expectedAtrributes)
+                                            .hasValue(-400L))));
+
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 034cdee0815..fba66e2e8d7 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -305,7 +305,7 @@ private List<EquivalentAddressGroup> withAdditionalAttributes(
 
     private ClusterLocality createClusterLocalityFromAttributes(Attributes addressAttributes) {
       Locality locality = addressAttributes.get(XdsAttributes.ATTR_LOCALITY);
-      String localityName = addressAttributes.get(XdsAttributes.ATTR_LOCALITY_NAME);
+      String localityName = addressAttributes.get(EquivalentAddressGroup.ATTR_LOCALITY_NAME);
 
       // Endpoint addresses resolved by ClusterResolverLoadBalancer should always contain
       // attributes with its locality, including endpoints in LOGICAL_DNS clusters.
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index e333c46750c..f57cada52e9 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -408,7 +408,7 @@ public void run() {
                   Attributes attr =
                       endpoint.eag().getAttributes().toBuilder()
                           .set(XdsAttributes.ATTR_LOCALITY, locality)
-                          .set(XdsAttributes.ATTR_LOCALITY_NAME, localityName)
+                          .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, localityName)
                           .set(XdsAttributes.ATTR_LOCALITY_WEIGHT,
                               localityLbInfo.localityWeight())
                           .set(XdsAttributes.ATTR_SERVER_WEIGHT, weight)
@@ -659,7 +659,7 @@ public Status onResult2(final ResolutionResult resolutionResult) {
               String localityName = localityName(LOGICAL_DNS_CLUSTER_LOCALITY);
               Attributes attr = eag.getAttributes().toBuilder()
                       .set(XdsAttributes.ATTR_LOCALITY, LOGICAL_DNS_CLUSTER_LOCALITY)
-                      .set(XdsAttributes.ATTR_LOCALITY_NAME, localityName)
+                      .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, localityName)
                       .set(XdsAttributes.ATTR_ADDRESS_NAME, dnsHostName)
                       .build();
               eag = new EquivalentAddressGroup(eag.getAddresses(), attr);
diff --git a/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
index ab1abb1da15..1a12412f923 100644
--- a/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancer.java
@@ -74,7 +74,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     Map<String, Integer> localityWeights = new HashMap<>();
     for (EquivalentAddressGroup eag : resolvedAddresses.getAddresses()) {
       Attributes eagAttrs = eag.getAttributes();
-      String locality = eagAttrs.get(XdsAttributes.ATTR_LOCALITY_NAME);
+      String locality = eagAttrs.get(EquivalentAddressGroup.ATTR_LOCALITY_NAME);
       Integer localityWeight = eagAttrs.get(XdsAttributes.ATTR_LOCALITY_WEIGHT);
 
       if (locality == null) {
diff --git a/xds/src/main/java/io/grpc/xds/XdsAttributes.java b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
index 4a64fdb1453..2e165201e5f 100644
--- a/xds/src/main/java/io/grpc/xds/XdsAttributes.java
+++ b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
@@ -81,13 +81,6 @@ final class XdsAttributes {
   static final Attributes.Key<Locality> ATTR_LOCALITY =
       Attributes.Key.create("io.grpc.xds.XdsAttributes.locality");
 
-  /**
-   * The name of the locality that this EquivalentAddressGroup is in.
-   */
-  @EquivalentAddressGroup.Attr
-  static final Attributes.Key<String> ATTR_LOCALITY_NAME =
-      Attributes.Key.create("io.grpc.xds.XdsAttributes.localityName");
-
   /**
    * Endpoint weight for load balancing purposes.
    */
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index 7df0630b779..c5e3f80f170 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -1017,7 +1017,7 @@ public String toString() {
     Attributes.Builder attributes = Attributes.newBuilder()
         .set(XdsAttributes.ATTR_LOCALITY, locality)
         // Unique but arbitrary string
-        .set(XdsAttributes.ATTR_LOCALITY_NAME, locality.toString());
+        .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, locality.toString());
     if (authorityHostname != null) {
       attributes.set(XdsAttributes.ATTR_ADDRESS_NAME, authorityHostname);
     }
diff --git a/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
index b6a5d8dbf73..584c32738c5 100644
--- a/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WrrLocalityLoadBalancerTest.java
@@ -254,7 +254,7 @@ public String toString() {
     }
 
     Attributes.Builder attrBuilder = Attributes.newBuilder()
-        .set(XdsAttributes.ATTR_LOCALITY_NAME, locality);
+        .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, locality);
     if (localityWeight != null) {
       attrBuilder.set(XdsAttributes.ATTR_LOCALITY_WEIGHT, localityWeight);
     }

From b2a95cae725169870e3fc0869439b488b15a6190 Mon Sep 17 00:00:00 2001
From: jiangyuan <joe469391363@gmail.com>
Date: Wed, 10 Sep 2025 20:09:33 +0800
Subject: [PATCH 371/591] netty, okhttp: Add allow header for response code 405
 (#12334)

Fixes #12329
---
 .../io/grpc/netty/NettyServerHandler.java     | 13 ++++++++++++-
 .../io/grpc/netty/NettyServerHandlerTest.java |  4 +++-
 .../io/grpc/okhttp/OkHttpServerTransport.java | 14 +++++++++++++-
 .../okhttp/OkHttpServerTransportTest.java     | 19 +++++++++++++++----
 4 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
index 48f1aae91a1..69128e0e7a6 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
@@ -60,6 +60,7 @@
 import io.netty.channel.ChannelFutureListener;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPromise;
+import io.netty.handler.codec.http.HttpHeaderNames;
 import io.netty.handler.codec.http2.DecoratingHttp2ConnectionEncoder;
 import io.netty.handler.codec.http2.DecoratingHttp2FrameWriter;
 import io.netty.handler.codec.http2.DefaultHttp2Connection;
@@ -70,6 +71,7 @@
 import io.netty.handler.codec.http2.DefaultHttp2Headers;
 import io.netty.handler.codec.http2.DefaultHttp2LocalFlowController;
 import io.netty.handler.codec.http2.DefaultHttp2RemoteFlowController;
+import io.netty.handler.codec.http2.EmptyHttp2Headers;
 import io.netty.handler.codec.http2.Http2Connection;
 import io.netty.handler.codec.http2.Http2ConnectionAdapter;
 import io.netty.handler.codec.http2.Http2ConnectionDecoder;
@@ -480,8 +482,10 @@ private void onHeadersRead(ChannelHandlerContext ctx, int streamId, Http2Headers
       }
 
       if (!HTTP_METHOD.contentEquals(headers.method())) {
+        Http2Headers extraHeaders = new DefaultHttp2Headers();
+        extraHeaders.add(HttpHeaderNames.ALLOW, HTTP_METHOD);
         respondWithHttpError(ctx, streamId, 405, Status.Code.INTERNAL,
-            String.format("Method '%s' is not supported", headers.method()));
+            String.format("Method '%s' is not supported", headers.method()), extraHeaders);
         return;
       }
 
@@ -869,6 +873,12 @@ public boolean visit(Http2Stream stream) throws Http2Exception {
 
   private void respondWithHttpError(
       ChannelHandlerContext ctx, int streamId, int code, Status.Code statusCode, String msg) {
+    respondWithHttpError(ctx, streamId, code, statusCode, msg, EmptyHttp2Headers.INSTANCE);
+  }
+
+  private void respondWithHttpError(
+      ChannelHandlerContext ctx, int streamId, int code, Status.Code statusCode, String msg,
+      Http2Headers extraHeaders) {
     Metadata metadata = new Metadata();
     metadata.put(InternalStatus.CODE_KEY, statusCode.toStatus());
     metadata.put(InternalStatus.MESSAGE_KEY, msg);
@@ -880,6 +890,7 @@ private void respondWithHttpError(
     for (int i = 0; i < serialized.length; i += 2) {
       headers.add(new AsciiString(serialized[i], false), new AsciiString(serialized[i + 1], false));
     }
+    headers.add(extraHeaders);
     encoder().writeHeaders(ctx, streamId, headers, 0, false, ctx.newPromise());
     ByteBuf msgBuf = ByteBufUtil.writeUtf8(ctx.alloc(), msg);
     encoder().writeData(ctx, streamId, msgBuf, 0, true, ctx.newPromise());
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
index 28217937adc..0d5a9bab176 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
@@ -78,6 +78,7 @@
 import io.netty.channel.ChannelFuture;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPromise;
+import io.netty.handler.codec.http.HttpHeaderNames;
 import io.netty.handler.codec.http2.DefaultHttp2Headers;
 import io.netty.handler.codec.http2.Http2CodecUtil;
 import io.netty.handler.codec.http2.Http2Error;
@@ -542,7 +543,8 @@ public void headersWithInvalidMethodShouldFail() throws Exception {
         .set(InternalStatus.CODE_KEY.name(), String.valueOf(Code.INTERNAL.value()))
         .set(InternalStatus.MESSAGE_KEY.name(), "Method 'FAKE' is not supported")
         .status("" + 405)
-        .set(CONTENT_TYPE_HEADER, "text/plain; charset=utf-8");
+        .set(CONTENT_TYPE_HEADER, "text/plain; charset=utf-8")
+        .set(HttpHeaderNames.ALLOW, HTTP_METHOD);
 
     verifyWrite()
         .writeHeaders(
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
index cc52bee85eb..b744bca3116 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
@@ -20,6 +20,7 @@
 import static io.grpc.okhttp.OkHttpServerBuilder.MAX_CONNECTION_IDLE_NANOS_DISABLED;
 
 import com.google.common.base.Preconditions;
+import com.google.common.collect.Lists;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
@@ -52,6 +53,7 @@
 import java.io.IOException;
 import java.net.Socket;
 import java.net.SocketException;
+import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -91,6 +93,7 @@ final class OkHttpServerTransport implements ServerTransport,
   private static final ByteString TE_TRAILERS = ByteString.encodeUtf8("trailers");
   private static final ByteString CONTENT_TYPE = ByteString.encodeUtf8("content-type");
   private static final ByteString CONTENT_LENGTH = ByteString.encodeUtf8("content-length");
+  private static final ByteString ALLOW = ByteString.encodeUtf8("allow");
 
   private final Config config;
   private final Variant variant = new Http2();
@@ -772,8 +775,9 @@ public void headers(boolean outFinished,
       }
 
       if (!POST_METHOD.equals(httpMethod)) {
+        List<Header> extraHeaders = Lists.newArrayList(new Header(ALLOW, POST_METHOD));
         respondWithHttpError(streamId, inFinished, 405, Status.Code.INTERNAL,
-            "HTTP Method is not supported: " + asciiString(httpMethod));
+            "HTTP Method is not supported: " + asciiString(httpMethod), extraHeaders);
         return;
       }
 
@@ -1066,11 +1070,19 @@ private void streamError(int streamId, ErrorCode errorCode, String reason) {
 
     private void respondWithHttpError(
         int streamId, boolean inFinished, int httpCode, Status.Code statusCode, String msg) {
+      respondWithHttpError(streamId, inFinished, httpCode, statusCode, msg,
+              Collections.emptyList());
+    }
+
+    private void respondWithHttpError(
+        int streamId, boolean inFinished, int httpCode, Status.Code statusCode, String msg,
+        List<Header> extraHeaders) {
       Metadata metadata = new Metadata();
       metadata.put(InternalStatus.CODE_KEY, statusCode.toStatus());
       metadata.put(InternalStatus.MESSAGE_KEY, msg);
       List<Header> headers =
           Headers.createHttpResponseHeaders(httpCode, "text/plain; charset=utf-8", metadata);
+      headers.addAll(extraHeaders);
       Buffer data = new Buffer().writeUtf8(msg);
 
       synchronized (lock) {
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpServerTransportTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpServerTransportTest.java
index d64d314d7d8..4d2744dc9c7 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpServerTransportTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpServerTransportTest.java
@@ -34,6 +34,7 @@
 import static org.mockito.Mockito.timeout;
 import static org.mockito.Mockito.verify;
 
+import com.google.common.collect.Lists;
 import com.google.common.io.ByteStreams;
 import io.grpc.Attributes;
 import io.grpc.InternalChannelz.SocketStats;
@@ -62,6 +63,7 @@
 import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Deque;
 import java.util.List;
 import java.util.concurrent.CountDownLatch;
@@ -919,8 +921,9 @@ public void httpGet_failsWith405() throws Exception {
         CONTENT_TYPE_HEADER,
         TE_HEADER));
     clientFrameWriter.flush();
-
-    verifyHttpError(1, 405, Status.Code.INTERNAL, "HTTP Method is not supported: GET");
+    List<Header> extraHeaders = Lists.newArrayList(new Header("allow", "POST"));
+    verifyHttpError(1, 405, Status.Code.INTERNAL, "HTTP Method is not supported: GET",
+        extraHeaders);
 
     shutdownAndTerminate(/*lastStreamId=*/ 1);
   }
@@ -976,7 +979,8 @@ public void httpErrorsAdhereToFlowControl() throws Exception {
         new Header(":status", "405"),
         new Header("content-type", "text/plain; charset=utf-8"),
         new Header("grpc-status", "" + Status.Code.INTERNAL.value()),
-        new Header("grpc-message", errorDescription));
+        new Header("grpc-message", errorDescription),
+        new Header("allow", "POST"));
     assertThat(clientFrameReader.nextFrame(clientFramesRead)).isTrue();
     verify(clientFramesRead)
         .headers(false, false, 1, -1, responseHeaders, HeadersMode.HTTP_20_HEADERS);
@@ -1398,11 +1402,18 @@ private void pingPong() throws IOException {
 
   private void verifyHttpError(
       int streamId, int httpCode, Status.Code grpcCode, String errorDescription) throws Exception {
-    List<Header> responseHeaders = Arrays.asList(
+    verifyHttpError(streamId, httpCode, grpcCode, errorDescription, Collections.emptyList());
+  }
+
+  private void verifyHttpError(
+      int streamId, int httpCode, Status.Code grpcCode, String errorDescription,
+      List<Header> extraHeaders) throws Exception {
+    List<Header> responseHeaders = Lists.newArrayList(
         new Header(":status", "" + httpCode),
         new Header("content-type", "text/plain; charset=utf-8"),
         new Header("grpc-status", "" + grpcCode.value()),
         new Header("grpc-message", errorDescription));
+    responseHeaders.addAll(extraHeaders);
     assertThat(clientFrameReader.nextFrame(clientFramesRead)).isTrue();
     verify(clientFramesRead)
         .headers(false, false, streamId, -1, responseHeaders, HeadersMode.HTTP_20_HEADERS);

From 7d6ea288a2286af8cac7617810e758c3c9c03f5a Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 11 Sep 2025 08:13:56 -0700
Subject: [PATCH 372/591] Add a basic SocketStats with just the local and
 remote addresses. (#12349)

This will make channelz more useful.
---
 .../grpc/binder/internal/BinderTransport.java | 12 ++++++++-
 .../RobolectricBinderTransportTest.java       | 25 ++++++++++++++++---
 2 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 0fe131a0728..8fde69d8530 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -31,7 +31,9 @@
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
+import io.grpc.Grpc;
 import io.grpc.Internal;
+import io.grpc.InternalChannelz;
 import io.grpc.InternalChannelz.SocketStats;
 import io.grpc.InternalLogId;
 import io.grpc.Status;
@@ -205,7 +207,15 @@ public final ScheduledExecutorService getScheduledExecutorService() {
 
   // Override in child class.
   public final ListenableFuture<SocketStats> getStats() {
-    return immediateFuture(null);
+    Attributes attributes = getAttributes();
+    return immediateFuture(
+        new InternalChannelz.SocketStats(
+            /* data= */ null, // TODO: Keep track of these stats with TransportTracer or similar.
+            /* local= */ attributes.get(Grpc.TRANSPORT_ATTR_LOCAL_ADDR),
+            /* remote= */ attributes.get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR),
+            // TODO: SocketOptions are meaningless for binder but we're still forced to provide one.
+            new InternalChannelz.SocketOptions.Builder().build(),
+            /* security= */ null));
   }
 
   // Override in child class.
diff --git a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
index 8f1209f389b..b1822f2f85e 100644
--- a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
@@ -39,6 +39,7 @@
 import androidx.test.core.content.pm.PackageInfoBuilder;
 import com.google.common.collect.ImmutableList;
 import io.grpc.Attributes;
+import io.grpc.InternalChannelz.SocketStats;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.binder.AndroidComponentAddress;
@@ -52,6 +53,7 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.ManagedClientTransport;
+import io.grpc.internal.MockServerTransportListener;
 import io.grpc.internal.ObjectPool;
 import io.grpc.internal.SharedResourcePool;
 import java.util.List;
@@ -301,13 +303,30 @@ public void clientIgnoresDuplicateSetupTransaction() throws Exception {
     }
 
     assertThat(((ConnectionClientTransport) client).getAttributes().get(REMOTE_UID))
-            .isEqualTo(myUid());
+        .isEqualTo(myUid());
   }
 
   @Test
-  @Ignore("See BinderTransportTest#socketStats.")
   @Override
-  public void socketStats() {}
+  // We don't quite pass the official/abstract version of this test yet because
+  // today's binder client and server transports have different ideas of each others' address.
+  // TODO(#12347): Remove this @Override once this difference is resolved.
+  public void socketStats() throws Exception {
+    server.start(serverListener);
+    ManagedClientTransport client = newClientTransport(server);
+    startTransport(client, mockClientTransportListener);
+
+    SocketStats clientSocketStats = client.getStats().get();
+    assertThat(clientSocketStats.local).isInstanceOf(AndroidComponentAddress.class);
+    assertThat(((AndroidComponentAddress) clientSocketStats.remote).getPackage())
+        .isEqualTo(((AndroidComponentAddress) server.getListenSocketAddress()).getPackage());
+
+    MockServerTransportListener serverTransportListener =
+        serverListener.takeListenerOrFail(TIMEOUT_MS, MILLISECONDS);
+    SocketStats serverSocketStats = serverTransportListener.transport.getStats().get();
+    assertThat(serverSocketStats.local).isEqualTo(server.getListenSocketAddress());
+    assertThat(serverSocketStats.remote).isEqualTo(new BoundClientAddress(myUid()));
+  }
 
   @Test
   @Ignore("See BinderTransportTest#flowControlPushBack")

From e91378cf96ac8dc031ae013eb169022f50bf4229 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 12 Sep 2025 16:23:54 -0700
Subject: [PATCH 373/591] binder: Only accept post-setup transactions from the
 server UID we actually authorize. (#12359)

---
 .../internal/BinderClientTransport.java       |  1 +
 .../grpc/binder/internal/BinderTransport.java | 17 +++++
 .../binder/internal/LeakSafeOneWayBinder.java | 16 ++++-
 .../binder/internal/TransactionUtils.java     | 24 +++++++
 .../RobolectricBinderTransportTest.java       | 47 +++++++++++++
 .../binder/internal/TransactionUtilsTest.java | 70 +++++++++++++++++++
 6 files changed, 174 insertions(+), 1 deletion(-)
 create mode 100644 binder/src/test/java/io/grpc/binder/internal/TransactionUtilsTest.java

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index 82c9e17b871..144ad56eec3 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -339,6 +339,7 @@ protected void handleSetupTransport(Parcel parcel) {
         shutdownInternal(
             Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
       } else {
+        restrictIncomingBinderToCallsFrom(remoteUid);
         attributes = setSecurityAttrs(attributes, remoteUid);
         authResultFuture = checkServerAuthorizationAsync(remoteUid);
         Futures.addCallback(
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 8fde69d8530..6c89c56ffd4 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.util.concurrent.Futures.immediateFuture;
+import static io.grpc.binder.internal.TransactionUtils.newCallerFilteringHandler;
 
 import android.os.DeadObjectException;
 import android.os.IBinder;
@@ -39,6 +40,7 @@
 import io.grpc.Status;
 import io.grpc.StatusException;
 import io.grpc.binder.InboundParcelablePolicy;
+import io.grpc.binder.internal.LeakSafeOneWayBinder.TransactionHandler;
 import io.grpc.internal.ObjectPool;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -155,6 +157,7 @@ protected enum TransportState {
   private final ObjectPool<ScheduledExecutorService> executorServicePool;
   private final ScheduledExecutorService scheduledExecutorService;
   private final InternalLogId logId;
+  @GuardedBy("this")
   private final LeakSafeOneWayBinder incomingBinder;
 
   protected final ConcurrentHashMap<Integer, Inbound<?>> ongoingCalls;
@@ -476,6 +479,15 @@ private boolean handleTransactionInternal(int code, Parcel parcel) {
     }
   }
 
+  @BinderThread
+  @GuardedBy("this")
+  protected void restrictIncomingBinderToCallsFrom(int allowedCallingUid) {
+    TransactionHandler currentHandler = incomingBinder.getHandler();
+    if (currentHandler != null) {
+      incomingBinder.setHandler(newCallerFilteringHandler(allowedCallingUid, currentHandler));
+    }
+  }
+
   @Nullable
   @GuardedBy("this")
   protected Inbound<?> createInbound(int callId) {
@@ -561,6 +573,11 @@ Map<Integer, Inbound<?>> getOngoingCalls() {
     return ongoingCalls;
   }
 
+  @VisibleForTesting
+  LeakSafeOneWayBinder getIncomingBinderForTesting() {
+    return this.incomingBinder;
+  }
+
   private static Status statusFromRemoteException(RemoteException e) {
     if (e instanceof DeadObjectException || e instanceof TransactionTooLargeException) {
       // These are to be expected from time to time and can simply be retried.
diff --git a/binder/src/main/java/io/grpc/binder/internal/LeakSafeOneWayBinder.java b/binder/src/main/java/io/grpc/binder/internal/LeakSafeOneWayBinder.java
index e7837b520f8..c36bc7d5bd3 100644
--- a/binder/src/main/java/io/grpc/binder/internal/LeakSafeOneWayBinder.java
+++ b/binder/src/main/java/io/grpc/binder/internal/LeakSafeOneWayBinder.java
@@ -73,7 +73,21 @@ public void detach() {
     setHandler(null);
   }
 
-  /** Replaces the current {@link TransactionHandler} with `handler`. */
+  /** Returns the current {@link TransactionHandler} or null if already detached. */
+  public @Nullable TransactionHandler getHandler() {
+    return handler;
+  }
+
+  /**
+   * Replaces the current {@link TransactionHandler} with `handler`.
+   *
+   * <p>{@link TransactionHandler} mutations race against incoming transactions except in the
+   * special case where the caller is already handling an incoming transaction on this same {@link
+   * LeakSafeOneWayBinder} instance. In that case, mutations are safe and the provided 'handler' is
+   * guaranteed to be used for the very next transaction. This follows from the one-at-a-time
+   * property of one-way Binder transactions as explained by {@link
+   * TransactionHandler#handleTransaction}.
+   */
   public void setHandler(@Nullable TransactionHandler handler) {
     this.handler = handler;
   }
diff --git a/binder/src/main/java/io/grpc/binder/internal/TransactionUtils.java b/binder/src/main/java/io/grpc/binder/internal/TransactionUtils.java
index c962554d125..2777a78d4ac 100644
--- a/binder/src/main/java/io/grpc/binder/internal/TransactionUtils.java
+++ b/binder/src/main/java/io/grpc/binder/internal/TransactionUtils.java
@@ -16,9 +16,13 @@
 
 package io.grpc.binder.internal;
 
+import android.os.Binder;
 import android.os.Parcel;
 import io.grpc.MethodDescriptor.MethodType;
 import io.grpc.Status;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import io.grpc.binder.internal.LeakSafeOneWayBinder.TransactionHandler;
 import javax.annotation.Nullable;
 
 /** Constants and helpers for managing inbound / outbound transactions. */
@@ -99,4 +103,24 @@ static void fillInFlags(Parcel parcel, int flags) {
     parcel.writeInt(flags);
     parcel.setDataPosition(pos);
   }
+
+  /**
+   * Decorates the given {@link TransactionHandler} with a wrapper that only forwards transactions
+   * from the given `allowedCallingUid`.
+   */
+  static TransactionHandler newCallerFilteringHandler(
+      int allowedCallingUid, TransactionHandler wrapped) {
+    final Logger logger = Logger.getLogger(TransactionUtils.class.getName());
+    return new TransactionHandler() {
+      @Override
+      public boolean handleTransaction(int code, Parcel data) {
+        int callingUid = Binder.getCallingUid();
+        if (callingUid != allowedCallingUid) {
+          logger.log(Level.WARNING, "dropped txn from " + callingUid + " !=" + allowedCallingUid);
+          return false;
+        }
+        return wrapped.handleTransaction(code, data);
+      }
+    };
+  }
 }
diff --git a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
index b1822f2f85e..d3d73f0e9eb 100644
--- a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
@@ -16,12 +16,17 @@
 
 package io.grpc.binder.internal;
 
+import static android.os.IBinder.FLAG_ONEWAY;
 import static android.os.Process.myUid;
 import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.util.concurrent.MoreExecutors.directExecutor;
 import static io.grpc.binder.internal.BinderTransport.REMOTE_UID;
 import static io.grpc.binder.internal.BinderTransport.SETUP_TRANSPORT;
+import static io.grpc.binder.internal.BinderTransport.SHUTDOWN_TRANSPORT;
 import static io.grpc.binder.internal.BinderTransport.WIRE_FORMAT_VERSION;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.timeout;
 import static org.mockito.Mockito.verify;
@@ -48,6 +53,7 @@
 import io.grpc.binder.SecurityPolicies;
 import io.grpc.binder.internal.SettableAsyncSecurityPolicy.AuthRequest;
 import io.grpc.internal.AbstractTransportTest;
+import io.grpc.internal.ClientTransport;
 import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
 import io.grpc.internal.ConnectionClientTransport;
 import io.grpc.internal.GrpcUtil;
@@ -64,6 +70,8 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
@@ -102,6 +110,9 @@ public final class RobolectricBinderTransportTest extends AbstractTransportTest
 
   @Mock AsyncSecurityPolicy mockClientSecurityPolicy;
 
+  @Captor
+  ArgumentCaptor<Status> statusCaptor;
+
   ApplicationInfo serverAppInfo;
   PackageInfo serverPkgInfo;
   ServiceInfo serviceInfo;
@@ -306,6 +317,42 @@ public void clientIgnoresDuplicateSetupTransaction() throws Exception {
         .isEqualTo(myUid());
   }
 
+  @Test
+  public void clientIgnoresTransactionFromNonServerUids() throws Exception {
+    server.start(serverListener);
+    client = newClientTransport(server);
+    startTransport(client, mockClientTransportListener);
+
+    int serverUid = ((ConnectionClientTransport) client).getAttributes().get(REMOTE_UID);
+    int someOtherUid = 1 + serverUid;
+    sendShutdownTransportTransactionAsUid(client, someOtherUid);
+
+    // Demonstrate that the transport is still working and that shutdown transaction was ignored.
+    ClientTransport.PingCallback mockPingCallback = mock(ClientTransport.PingCallback.class);
+    client.ping(mockPingCallback, directExecutor());
+    verify(mockPingCallback, timeout(TIMEOUT_MS)).onSuccess(anyLong());
+
+    // Try again as the expected uid to demonstrate that this wasn't ignored for some other reason.
+    sendShutdownTransportTransactionAsUid(client, serverUid);
+
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS))
+        .transportShutdown(statusCaptor.capture());
+    assertThat(statusCaptor.getValue().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(statusCaptor.getValue().getDescription()).contains("shutdown");
+  }
+
+  static void sendShutdownTransportTransactionAsUid(ClientTransport client, int sendingUid) {
+    int originalUid = Binder.getCallingUid();
+    try {
+      ShadowBinder.setCallingUid(sendingUid);
+      ((BinderClientTransport) client)
+          .getIncomingBinderForTesting()
+          .onTransact(SHUTDOWN_TRANSPORT, null, null, FLAG_ONEWAY);
+    } finally {
+      ShadowBinder.setCallingUid(originalUid);
+    }
+  }
+
   @Test
   @Override
   // We don't quite pass the official/abstract version of this test yet because
diff --git a/binder/src/test/java/io/grpc/binder/internal/TransactionUtilsTest.java b/binder/src/test/java/io/grpc/binder/internal/TransactionUtilsTest.java
new file mode 100644
index 00000000000..44a3ce3ef26
--- /dev/null
+++ b/binder/src/test/java/io/grpc/binder/internal/TransactionUtilsTest.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.binder.internal;
+
+import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.binder.internal.TransactionUtils.newCallerFilteringHandler;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import android.os.Binder;
+import android.os.Parcel;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.shadows.ShadowBinder;
+
+@RunWith(RobolectricTestRunner.class)
+public final class TransactionUtilsTest {
+
+  @Rule public MockitoRule mocks = MockitoJUnit.rule();
+
+  @Mock LeakSafeOneWayBinder.TransactionHandler mockHandler;
+
+  @Test
+  public void shouldIgnoreTransactionFromWrongUid() {
+    Parcel p = Parcel.obtain();
+    int originalUid = Binder.getCallingUid();
+    try {
+      when(mockHandler.handleTransaction(eq(1234), same(p))).thenReturn(true);
+      LeakSafeOneWayBinder.TransactionHandler uid100OnlyHandler =
+          newCallerFilteringHandler(1000, mockHandler);
+
+      ShadowBinder.setCallingUid(9999);
+      boolean result = uid100OnlyHandler.handleTransaction(1234, p);
+      assertThat(result).isFalse();
+      verify(mockHandler, never()).handleTransaction(anyInt(), any());
+
+      ShadowBinder.setCallingUid(1000);
+      result = uid100OnlyHandler.handleTransaction(1234, p);
+      assertThat(result).isTrue();
+      verify(mockHandler).handleTransaction(1234, p);
+    } finally {
+      ShadowBinder.setCallingUid(originalUid);
+      p.recycle();
+    }
+  }
+}

From 866d226c1492db7142a07ec693376b223b95edac Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Sat, 13 Sep 2025 11:54:48 +0530
Subject: [PATCH 374/591] compiler: Mangle generated method names that conflict
 with java.lang.Object methods (#12332)

Generated gRPC method names in the BlockingV2Stub can conflict with
final methods on `java.lang.Object` (e.g., `toString()`, `hashCode()`)
for client-streaming and bidi-streaming RPCs. This occurs because
they are generated with no arguments, leading to a compilation error.
One such case in #12331.

This change introduces a dedicated list of no-argument method names
from java.lang.Object and applies name-mangling (appending an
underscore) only when generating these specific methods in the
v2 blocking stub.

This resolves the compilation failure while ensuring that the behavior
for all other stubs remains unchanged.

Fixes: #12331
---
 .../src/java_plugin/cpp/java_generator.cpp    | 32 +++++++++++++++----
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/compiler/src/java_plugin/cpp/java_generator.cpp b/compiler/src/java_plugin/cpp/java_generator.cpp
index 4cee7999402..659d7ccca47 100644
--- a/compiler/src/java_plugin/cpp/java_generator.cpp
+++ b/compiler/src/java_plugin/cpp/java_generator.cpp
@@ -143,11 +143,24 @@ static std::set<std::string> java_keywords = {
   "false",
 };
 
+// Methods on java.lang.Object that take no arguments.
+static std::set<std::string> java_object_methods = {
+    "clone",
+    "finalize",
+    "getClass",
+    "hashCode",
+    "notify",
+    "notifyAll",
+    "toString",
+    "wait",
+};
+
 // Adjust a method name prefix identifier to follow the JavaBean spec:
 //   - decapitalize the first letter
 //   - remove embedded underscores & capitalize the following letter
-//  Finally, if the result is a reserved java keyword, append an underscore.
-static std::string MixedLower(std::string word) {
+//  Finally, if the result is a reserved java keyword or an Object method,
+// append an underscore.
+static std::string MixedLower(std::string word, bool mangle_object_methods = false) {
   std::string w;
   w += tolower(word[0]);
   bool after_underscore = false;
@@ -159,7 +172,9 @@ static std::string MixedLower(std::string word) {
       after_underscore = false;
     }
   }
-  if (java_keywords.find(w) != java_keywords.end()) {
+  if (java_keywords.find(w) != java_keywords.end() ||
+      (mangle_object_methods &&
+       java_object_methods.find(w) != java_object_methods.end())) {
     return w + "_";
   }
   return w;
@@ -180,8 +195,9 @@ static std::string ToAllUpperCase(std::string word) {
   return w;
 }
 
-static inline std::string LowerMethodName(const MethodDescriptor* method) {
-  return MixedLower(std::string(method->name()));
+static inline std::string LowerMethodName(const MethodDescriptor* method,
+                                          bool mangle_object_methods = false) {
+  return MixedLower(std::string(method->name()), mangle_object_methods);
 }
 
 static inline std::string MethodPropertiesFieldName(const MethodDescriptor* method) {
@@ -676,10 +692,12 @@ static void PrintStub(
     const MethodDescriptor* method = service->method(i);
     (*vars)["input_type"] = MessageFullJavaName(method->input_type());
     (*vars)["output_type"] = MessageFullJavaName(method->output_type());
-    (*vars)["lower_method_name"] = LowerMethodName(method);
-    (*vars)["method_method_name"] = MethodPropertiesGetterName(method);
     bool client_streaming = method->client_streaming();
     bool server_streaming = method->server_streaming();
+    bool mangle_object_methods = (call_type == BLOCKING_V2_CALL && client_streaming)
+      || (call_type == BLOCKING_CALL && client_streaming && server_streaming);
+    (*vars)["lower_method_name"] = LowerMethodName(method, mangle_object_methods);
+    (*vars)["method_method_name"] = MethodPropertiesGetterName(method);
 
     if (call_type == BLOCKING_CALL && client_streaming) {
       // Blocking client interface with client streaming is not available

From fe54dd618d3bd9d5c86236b12f682f87aae5caa4 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Sat, 13 Sep 2025 13:37:32 +0530
Subject: [PATCH 375/591] Add support for macOS aarch64 with universal binary
 (#12319)

---
 buildscripts/kokoro/unix.sh       |  5 +++++
 buildscripts/make_dependencies.sh |  8 +++++++-
 compiler/build.gradle             |  6 ++++++
 compiler/check-artifact.sh        | 20 ++++++++++----------
 4 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/buildscripts/kokoro/unix.sh b/buildscripts/kokoro/unix.sh
index e65825cac01..455d9c07199 100755
--- a/buildscripts/kokoro/unix.sh
+++ b/buildscripts/kokoro/unix.sh
@@ -39,6 +39,11 @@ ARCH="$ARCH" buildscripts/make_dependencies.sh
 # Set properties via flags, do not pollute gradle.properties
 GRADLE_FLAGS="${GRADLE_FLAGS:-}"
 GRADLE_FLAGS+=" -PtargetArch=$ARCH"
+
+# For universal binaries on macOS, signal Gradle to use universal flags.
+if [[ "$(uname -s)" == "Darwin" ]]; then
+  GRADLE_FLAGS+=" -PbuildUniversal=true"
+fi
 GRADLE_FLAGS+=" -Pcheckstyle.ignoreFailures=false"
 GRADLE_FLAGS+=" -PfailOnWarnings=true"
 GRADLE_FLAGS+=" -PerrorProne=true"
diff --git a/buildscripts/make_dependencies.sh b/buildscripts/make_dependencies.sh
index e5d2450afe7..73cb54b7b68 100755
--- a/buildscripts/make_dependencies.sh
+++ b/buildscripts/make_dependencies.sh
@@ -41,7 +41,13 @@ else
   mkdir "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
   pushd "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
   # install here so we don't need sudo
-  if [[ "$ARCH" == x86* ]]; then
+  if [[ "$(uname -s)" == "Darwin" ]]; then
+    cmake .. \
+      -DCMAKE_CXX_STANDARD=14 -Dprotobuf_BUILD_TESTS=OFF -DBUILD_SHARED_LIBS=OFF \
+      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" -DABSL_INTERNAL_AT_LEAST_CXX17=0 \
+      -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" \
+      -B. || exit 1
+  elif [[ "$ARCH" == x86* ]]; then
     CFLAGS=-m${ARCH#*_} CXXFLAGS=-m${ARCH#*_} cmake .. \
       -DCMAKE_CXX_STANDARD=14 -Dprotobuf_BUILD_TESTS=OFF -DBUILD_SHARED_LIBS=OFF \
       -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" -DABSL_INTERNAL_AT_LEAST_CXX17=0 \
diff --git a/compiler/build.gradle b/compiler/build.gradle
index dbecb889a43..c5acccebae7 100644
--- a/compiler/build.gradle
+++ b/compiler/build.gradle
@@ -103,6 +103,12 @@ model {
                 cppCompiler.args "--std=c++14"
                 addEnvArgs("CXXFLAGS", cppCompiler.args)
                 addEnvArgs("CPPFLAGS", cppCompiler.args)
+                if (project.hasProperty('buildUniversal') &&
+                        project.getProperty('buildUniversal').toBoolean() &&
+                        osdetector.os == "osx") {
+                    cppCompiler.args "-arch", "arm64", "-arch", "x86_64"
+                    linker.args "-arch", "arm64", "-arch", "x86_64"
+                }
                 if (osdetector.os == "osx") {
                     cppCompiler.args "-mmacosx-version-min=10.7", "-stdlib=libc++"
                     linker.args "-framework", "CoreFoundation"
diff --git a/compiler/check-artifact.sh b/compiler/check-artifact.sh
index 12d7709a2a8..83b41f50282 100755
--- a/compiler/check-artifact.sh
+++ b/compiler/check-artifact.sh
@@ -86,17 +86,17 @@ checkArch ()
       fi
     fi
   elif [[ "$OS" == osx ]]; then
-    format="$(file -b "$1" | grep -o "[^ ]*$")"
-    echo Format=$format
-    if [[ "$ARCH" == x86_32 ]]; then
-      assertEq "$format" "i386" $LINENO
-    elif [[ "$ARCH" == x86_64 ]]; then
-      assertEq "$format" "x86_64" $LINENO
-    elif [[ "$ARCH" == aarch_64 ]]; then
-	    assertEq "$format" "arm64" $LINENO
-    else
-      fail "Unsupported arch: $ARCH"
+    # For macOS, we now build a universal binary. We check that both
+    # required architectures are present.
+    format="$(lipo -archs "$1")"
+    echo "Architectures found: $format"
+    if ! echo "$format" | grep -q "x86_64"; then
+      fail "Universal binary is missing x86_64 architecture."
+    fi
+    if ! echo "$format" | grep -q "arm64"; then
+      fail "Universal binary is missing arm64 architecture."
     fi
+    echo "Universal binary check successful."
   else
     fail "Unsupported system: $OS"
   fi

From 53d81116c53e4a0102e5ac874291732802d34895 Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Sun, 14 Sep 2025 21:09:17 -0700
Subject: [PATCH 376/591] stub: fix typo in method name (#12356)

---
 stub/src/main/java/io/grpc/stub/ClientCalls.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/stub/src/main/java/io/grpc/stub/ClientCalls.java b/stub/src/main/java/io/grpc/stub/ClientCalls.java
index e5a94f4d864..8cd31ea9cca 100644
--- a/stub/src/main/java/io/grpc/stub/ClientCalls.java
+++ b/stub/src/main/java/io/grpc/stub/ClientCalls.java
@@ -931,7 +931,7 @@ public <T> void waitAndDrainWithTimeout(boolean waitForever, long end,
         } while ((runnable = poll()) != null);
         // Wake everything up now that we've done something and they can check in their outer loop
         // if they can continue or need to wait again.
-        signallAll();
+        signalAll();
       }
     }
 
@@ -949,11 +949,11 @@ public void drain() throws InterruptedException {
       }
 
       if (didWork) {
-        signallAll();
+        signalAll();
       }
     }
 
-    private void signallAll() {
+    private void signalAll() {
       waiterLock.lock();
       try {
         waiterCondition.signalAll();

From c1f3287601696ddd160241132ebb126658b24e59 Mon Sep 17 00:00:00 2001
From: Sangamesh <ghulesangu@gmail.com>
Date: Mon, 15 Sep 2025 18:04:09 +0530
Subject: [PATCH 377/591] util: Fix misleading exception in
 AdvancedTlsX509TrustManager when cert file is missing (#12353)

---
 .../io/grpc/util/AdvancedTlsX509TrustManager.java     |  4 ++++
 .../io/grpc/util/AdvancedTlsX509TrustManagerTest.java | 11 +++++++++++
 2 files changed, 15 insertions(+)

diff --git a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
index b4b9b25d1de..0739fa3d453 100644
--- a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
+++ b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
@@ -339,6 +339,10 @@ public void run() {
   private long readAndUpdate(File trustCertFile, long oldTime)
       throws IOException, GeneralSecurityException {
     long newTime = checkNotNull(trustCertFile, "trustCertFile").lastModified();
+    if (newTime == 0) {
+      throw new IOException(
+          "Certificate file not found or not readable: " + trustCertFile.getAbsolutePath());
+    }
     if (newTime == oldTime) {
       return oldTime;
     }
diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
index 228dbf5ea5b..b9803b03570 100644
--- a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
+++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
@@ -142,6 +142,17 @@ record -> record.getMessage().contains("Default value of "));
     }
   }
 
+  @Test
+  public void missingFile_throwsFileNotFoundException() throws Exception {
+    AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build();
+    File nonExistentFile = new File("missing_cert.pem");
+    Exception thrown =
+        assertThrows(Exception.class, () -> trustManager.updateTrustCredentials(nonExistentFile));
+    assertNotNull(thrown);
+    assertEquals(thrown.getMessage(),
+        "Certificate file not found or not readable: " + nonExistentFile.getAbsolutePath());
+  }
+
   @Test
   public void clientTrustedWithSocketTest() throws Exception {
     AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder()

From 6fae71b740feb6ea6c54436b3105d8f0ac393499 Mon Sep 17 00:00:00 2001
From: Umair Khan <khanumair.79@gmail.com>
Date: Mon, 15 Sep 2025 05:47:47 -0700
Subject: [PATCH 378/591] netty: disable Huffman coding in server response
 headers (#12357)

Follow up to PR #10563

Previously, we disabled Huffman encoding on the `NettyClientHandler` to
improve header encoding performance. This change also ensures
consistency in the header encoding strategy across both client and
server components.
---
 .../io/grpc/netty/NettyServerHandler.java     |  6 +-
 .../grpc/netty/NettyClientTransportTest.java  | 71 +++++++++++++++++--
 2 files changed, 70 insertions(+), 7 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
index 69128e0e7a6..036fde55e2c 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
@@ -69,6 +69,7 @@
 import io.netty.handler.codec.http2.DefaultHttp2FrameReader;
 import io.netty.handler.codec.http2.DefaultHttp2FrameWriter;
 import io.netty.handler.codec.http2.DefaultHttp2Headers;
+import io.netty.handler.codec.http2.DefaultHttp2HeadersEncoder;
 import io.netty.handler.codec.http2.DefaultHttp2LocalFlowController;
 import io.netty.handler.codec.http2.DefaultHttp2RemoteFlowController;
 import io.netty.handler.codec.http2.EmptyHttp2Headers;
@@ -85,6 +86,7 @@
 import io.netty.handler.codec.http2.Http2FrameWriter;
 import io.netty.handler.codec.http2.Http2Headers;
 import io.netty.handler.codec.http2.Http2HeadersDecoder;
+import io.netty.handler.codec.http2.Http2HeadersEncoder;
 import io.netty.handler.codec.http2.Http2InboundFrameLogger;
 import io.netty.handler.codec.http2.Http2LifecycleManager;
 import io.netty.handler.codec.http2.Http2OutboundFrameLogger;
@@ -179,8 +181,10 @@ static NettyServerHandler newHandler(
     Http2HeadersDecoder headersDecoder = new GrpcHttp2ServerHeadersDecoder(maxHeaderListSize);
     Http2FrameReader frameReader = new Http2InboundFrameLogger(
         new DefaultHttp2FrameReader(headersDecoder), frameLogger);
+    Http2HeadersEncoder encoder = new DefaultHttp2HeadersEncoder(
+        Http2HeadersEncoder.NEVER_SENSITIVE, false, 16, Integer.MAX_VALUE);
     Http2FrameWriter frameWriter =
-        new Http2OutboundFrameLogger(new DefaultHttp2FrameWriter(), frameLogger);
+        new Http2OutboundFrameLogger(new DefaultHttp2FrameWriter(encoder), frameLogger);
     return newHandler(
         channelUnused,
         frameReader,
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index 65683dd8396..55abe29e93a 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -151,6 +151,9 @@ public class NettyClientTransportTest {
 
   private static final SslContext SSL_CONTEXT = createSslContext();
 
+  @SuppressWarnings("InlineMeInliner") // Requires Java 11
+  private static final String LONG_STRING_OF_A = Strings.repeat("a", 128);
+
   @Mock
   private ManagedClientTransport.Listener clientTransportListener;
 
@@ -624,9 +627,6 @@ public void maxHeaderListSizeShouldBeEnforcedOnClient() throws Exception {
 
   @Test
   public void huffmanCodingShouldNotBePerformed() throws Exception {
-    @SuppressWarnings("InlineMeInliner") // Requires Java 11
-    String longStringOfA = Strings.repeat("a", 128);
-
     negotiator = ProtocolNegotiators.serverPlaintext();
     startServer();
 
@@ -637,7 +637,7 @@ public void huffmanCodingShouldNotBePerformed() throws Exception {
 
     Metadata headers = new Metadata();
     headers.put(Metadata.Key.of("test", Metadata.ASCII_STRING_MARSHALLER),
-        longStringOfA);
+        LONG_STRING_OF_A);
 
     callMeMaybe(transport.start(clientTransportListener));
     verify(clientTransportListener, timeout(5000)).transportReady();
@@ -649,7 +649,7 @@ public void huffmanCodingShouldNotBePerformed() throws Exception {
       public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)
           throws Exception {
         if (msg instanceof ByteBuf) {
-          if (((ByteBuf) msg).toString(StandardCharsets.UTF_8).contains(longStringOfA)) {
+          if (((ByteBuf) msg).toString(StandardCharsets.UTF_8).contains(LONG_STRING_OF_A)) {
             foundExpectedHeaderBytes.set(true);
           }
         }
@@ -664,6 +664,47 @@ public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)
     }
   }
 
+  @Test
+  public void huffmanCodingShouldNotBePerformedOnServer() throws Exception {
+    negotiator = ProtocolNegotiators.serverPlaintext();
+
+    Metadata responseHeaders = new Metadata();
+    responseHeaders.put(Metadata.Key.of("test", Metadata.ASCII_STRING_MARSHALLER),
+        LONG_STRING_OF_A);
+
+    startServer(new EchoServerListener(responseHeaders));
+
+    NettyClientTransport transport = newTransport(ProtocolNegotiators.plaintext(),
+        DEFAULT_MAX_MESSAGE_SIZE, GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE, null, false,
+        TimeUnit.SECONDS.toNanos(10L), TimeUnit.SECONDS.toNanos(1L),
+        new ReflectiveChannelFactory<>(NioSocketChannel.class), group);
+
+    callMeMaybe(transport.start(clientTransportListener));
+    verify(clientTransportListener, timeout(5000)).transportReady();
+
+    AtomicBoolean foundExpectedHeaderBytes = new AtomicBoolean(false);
+
+    // Add a handler to the client pipeline to inspect server's response
+    transport.channel().pipeline().addFirst(new ChannelDuplexHandler() {
+      @Override
+      public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
+        if (msg instanceof ByteBuf) {
+          String data = ((ByteBuf) msg).toString(StandardCharsets.UTF_8);
+          if (data.contains(LONG_STRING_OF_A)) {
+            foundExpectedHeaderBytes.set(true);
+          }
+        }
+        super.channelRead(ctx, msg);
+      }
+    });
+
+    new Rpc(transport).halfClose().waitForResponse();
+
+    if (!foundExpectedHeaderBytes.get()) {
+      fail("expected to find UTF-8 encoded 'a's in the response header sent by the server");
+    }
+  }
+
   @Test
   public void maxHeaderListSizeShouldBeEnforcedOnServer() throws Exception {
     startServer(100, 1);
@@ -1115,7 +1156,16 @@ private void startServer() throws IOException {
     startServer(100, GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE);
   }
 
+  private void startServer(ServerListener serverListener) throws IOException {
+    startServer(100, GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE, serverListener);
+  }
+
   private void startServer(int maxStreamsPerConnection, int maxHeaderListSize) throws IOException {
+    startServer(maxStreamsPerConnection, maxHeaderListSize, serverListener);
+  }
+
+  private void startServer(int maxStreamsPerConnection, int maxHeaderListSize,
+      ServerListener serverListener) throws IOException {
     server =
         new NettyServer(
             TestUtils.testServerAddresses(new InetSocketAddress(0)),
@@ -1283,6 +1333,15 @@ private final class EchoServerListener implements ServerListener {
     final List<NettyServerTransport> transports = new ArrayList<>();
     final List<EchoServerStreamListener> streamListeners =
             Collections.synchronizedList(new ArrayList<EchoServerStreamListener>());
+    Metadata responseHeaders;
+
+    public EchoServerListener() {
+      this(new Metadata());
+    }
+
+    public EchoServerListener(Metadata responseHeaders) {
+      this.responseHeaders = responseHeaders;
+    }
 
     @Override
     public ServerTransportListener transportCreated(final ServerTransport transport) {
@@ -1292,7 +1351,7 @@ public ServerTransportListener transportCreated(final ServerTransport transport)
         public void streamCreated(ServerStream stream, String method, Metadata headers) {
           EchoServerStreamListener listener = new EchoServerStreamListener(stream, headers);
           stream.setListener(listener);
-          stream.writeHeaders(new Metadata(), true);
+          stream.writeHeaders(responseHeaders, true);
           stream.request(1);
           streamListeners.add(listener);
         }

From 6f21bc2e6ca7224243f8f1ea1a28eb72eba3dd9a Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Tue, 16 Sep 2025 05:47:18 +0200
Subject: [PATCH 379/591] servlet: configurable methodNameResolver (#12333)

Introduces configuring a method name resolver in `ServletServerBuilder` for customizing the servlet context root path for request paths.
---
 .../io/grpc/servlet/JettyTransportTest.java   |  1 +
 .../java/io/grpc/servlet/ServletAdapter.java  |  8 +++++++-
 .../io/grpc/servlet/ServletServerBuilder.java | 19 ++++++++++++++++++-
 .../io/grpc/servlet/TomcatTransportTest.java  |  4 +++-
 .../grpc/servlet/UndertowTransportTest.java   |  4 +++-
 5 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/servlet/src/jettyTest/java/io/grpc/servlet/JettyTransportTest.java b/servlet/src/jettyTest/java/io/grpc/servlet/JettyTransportTest.java
index e9cb391ea08..c896c7a23ea 100644
--- a/servlet/src/jettyTest/java/io/grpc/servlet/JettyTransportTest.java
+++ b/servlet/src/jettyTest/java/io/grpc/servlet/JettyTransportTest.java
@@ -69,6 +69,7 @@ public void start(ServerListener listener) throws IOException {
                 listener.transportCreated(new ServletServerBuilder.ServerTransportImpl(scheduler));
         ServletAdapter adapter =
                 new ServletAdapter(serverTransportListener, streamTracerFactories,
+                        ServletAdapter.DEFAULT_METHOD_NAME_RESOLVER,
                         Integer.MAX_VALUE);
         GrpcServlet grpcServlet = new GrpcServlet(adapter);
 
diff --git a/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java b/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
index 4bfe8949776..e84b9341fd9 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
@@ -45,6 +45,7 @@
 import java.util.Enumeration;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
+import java.util.function.Function;
 import java.util.logging.Logger;
 import javax.servlet.AsyncContext;
 import javax.servlet.AsyncEvent;
@@ -72,18 +73,23 @@
 public final class ServletAdapter {
 
   static final Logger logger = Logger.getLogger(ServletAdapter.class.getName());
+  static final Function<HttpServletRequest, String> DEFAULT_METHOD_NAME_RESOLVER =
+          req -> req.getRequestURI().substring(1); // remove the leading "/"
 
   private final ServerTransportListener transportListener;
   private final List<? extends ServerStreamTracer.Factory> streamTracerFactories;
+  private final Function<HttpServletRequest, String> methodNameResolver;
   private final int maxInboundMessageSize;
   private final Attributes attributes;
 
   ServletAdapter(
       ServerTransportListener transportListener,
       List<? extends ServerStreamTracer.Factory> streamTracerFactories,
+      Function<HttpServletRequest, String> methodNameResolver,
       int maxInboundMessageSize) {
     this.transportListener = transportListener;
     this.streamTracerFactories = streamTracerFactories;
+    this.methodNameResolver = methodNameResolver;
     this.maxInboundMessageSize = maxInboundMessageSize;
     attributes = transportListener.transportReady(Attributes.EMPTY);
   }
@@ -119,7 +125,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOEx
 
     AsyncContext asyncCtx = req.startAsync(req, resp);
 
-    String method = req.getRequestURI().substring(1); // remove the leading "/"
+    String method = methodNameResolver.apply(req);
     Metadata headers = getHeaders(req);
 
     if (logger.isLoggable(FINEST)) {
diff --git a/servlet/src/main/java/io/grpc/servlet/ServletServerBuilder.java b/servlet/src/main/java/io/grpc/servlet/ServletServerBuilder.java
index 72c4383d273..aee25de01ad 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletServerBuilder.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletServerBuilder.java
@@ -49,8 +49,10 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.ScheduledExecutorService;
+import java.util.function.Function;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.NotThreadSafe;
+import javax.servlet.http.HttpServletRequest;
 
 /**
  * Builder to build a gRPC server that can run as a servlet. This is for advanced custom settings.
@@ -64,6 +66,8 @@
 @NotThreadSafe
 public final class ServletServerBuilder extends ForwardingServerBuilder<ServletServerBuilder> {
   List<? extends ServerStreamTracer.Factory> streamTracerFactories;
+  private Function<HttpServletRequest, String> methodNameResolver =
+      ServletAdapter.DEFAULT_METHOD_NAME_RESOLVER;
   int maxInboundMessageSize = DEFAULT_MAX_MESSAGE_SIZE;
 
   private final ServerImplBuilder serverImplBuilder;
@@ -98,7 +102,8 @@ public Server build() {
    * Creates a {@link ServletAdapter}.
    */
   public ServletAdapter buildServletAdapter() {
-    return new ServletAdapter(buildAndStart(), streamTracerFactories, maxInboundMessageSize);
+    return new ServletAdapter(buildAndStart(), streamTracerFactories, methodNameResolver,
+        maxInboundMessageSize);
   }
 
   /**
@@ -176,6 +181,18 @@ public ServletServerBuilder useTransportSecurity(File certChain, File privateKey
     throw new UnsupportedOperationException("TLS should be configured by the servlet container");
   }
 
+  /**
+   * Specifies how to determine gRPC method name from servlet request.
+   *
+   * <p>The default strategy is using {@link HttpServletRequest#getRequestURI()} without the leading
+   * slash.</p>
+   */
+  public ServletServerBuilder methodNameResolver(
+      Function<HttpServletRequest, String> methodResolver) {
+    this.methodNameResolver = checkNotNull(methodResolver);
+    return this;
+  }
+
   @Override
   public ServletServerBuilder maxInboundMessageSize(int bytes) {
     checkArgument(bytes >= 0, "bytes must be >= 0");
diff --git a/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java b/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java
index 262036883a9..2171c6eb2df 100644
--- a/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java
+++ b/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java
@@ -81,7 +81,9 @@ public void start(ServerListener listener) throws IOException {
         ServerTransportListener serverTransportListener =
             listener.transportCreated(new ServerTransportImpl(scheduler));
         ServletAdapter adapter =
-            new ServletAdapter(serverTransportListener, streamTracerFactories, Integer.MAX_VALUE);
+            new ServletAdapter(serverTransportListener, streamTracerFactories,
+                ServletAdapter.DEFAULT_METHOD_NAME_RESOLVER,
+                Integer.MAX_VALUE);
         GrpcServlet grpcServlet = new GrpcServlet(adapter);
 
         tomcatServer = new Tomcat();
diff --git a/servlet/src/undertowTest/java/io/grpc/servlet/UndertowTransportTest.java b/servlet/src/undertowTest/java/io/grpc/servlet/UndertowTransportTest.java
index e14c11985de..ef897c87d70 100644
--- a/servlet/src/undertowTest/java/io/grpc/servlet/UndertowTransportTest.java
+++ b/servlet/src/undertowTest/java/io/grpc/servlet/UndertowTransportTest.java
@@ -100,7 +100,9 @@ public void start(ServerListener listener) throws IOException {
         ServerTransportListener serverTransportListener =
             listener.transportCreated(new ServerTransportImpl(scheduler));
         ServletAdapter adapter =
-            new ServletAdapter(serverTransportListener, streamTracerFactories, Integer.MAX_VALUE);
+            new ServletAdapter(serverTransportListener, streamTracerFactories,
+                ServletAdapter.DEFAULT_METHOD_NAME_RESOLVER,
+                Integer.MAX_VALUE);
         GrpcServlet grpcServlet = new GrpcServlet(adapter);
         InstanceFactory<? extends Servlet> instanceFactory =
             () -> new ImmediateInstanceHandle<>(grpcServlet);

From d163c063b93e20e1ba530bb7e502debc350cfc8e Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Tue, 16 Sep 2025 06:50:11 +0200
Subject: [PATCH 380/591] servlet: add extra 5s to AsyncContext timeout
 (#12321)

Currently there is a race between 2 tasks scheduled to handle request
timeout
* servlet AsyncContext timeout
* gRPC Context

which can cause instability. This change makes the gRPC Context timeout happen first.
---
 .../main/java/io/grpc/servlet/ServletAdapter.java  | 14 ++++++++++----
 .../io/grpc/servlet/ServletServerBuilderTest.java  |  2 +-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java b/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
index e84b9341fd9..668e82425cb 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletAdapter.java
@@ -22,6 +22,7 @@
 import static java.util.logging.Level.FINE;
 import static java.util.logging.Level.FINEST;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.io.BaseEncoding;
 import io.grpc.Attributes;
 import io.grpc.ExperimentalApi;
@@ -134,10 +135,9 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOEx
     }
 
     Long timeoutNanos = headers.get(TIMEOUT_KEY);
-    if (timeoutNanos == null) {
-      timeoutNanos = 0L;
-    }
-    asyncCtx.setTimeout(TimeUnit.NANOSECONDS.toMillis(timeoutNanos));
+    asyncCtx.setTimeout(timeoutNanos != null
+        ? TimeUnit.NANOSECONDS.toMillis(timeoutNanos) + ASYNC_TIMEOUT_SAFETY_MARGIN
+        : 0);
     StatsTraceContext statsTraceCtx =
         StatsTraceContext.newServerContext(streamTracerFactories, method, headers);
 
@@ -164,6 +164,12 @@ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOEx
     asyncCtx.addListener(new GrpcAsyncListener(stream, logId));
   }
 
+  /**
+   * Deadlines are managed via Context, servlet async timeout is not supposed to happen.
+   */
+  @VisibleForTesting
+  static final long ASYNC_TIMEOUT_SAFETY_MARGIN = 5_000;
+
   // This method must use Enumeration and its members, since that is the only way to read headers
   // from the servlet api.
   @SuppressWarnings("JdkObsolete")
diff --git a/servlet/src/test/java/io/grpc/servlet/ServletServerBuilderTest.java b/servlet/src/test/java/io/grpc/servlet/ServletServerBuilderTest.java
index d571cfd45d5..7a8c5b91f25 100644
--- a/servlet/src/test/java/io/grpc/servlet/ServletServerBuilderTest.java
+++ b/servlet/src/test/java/io/grpc/servlet/ServletServerBuilderTest.java
@@ -80,7 +80,7 @@ public void scheduledExecutorService() throws Exception {
     ServletAdapter servletAdapter = serverBuilder.buildServletAdapter();
     servletAdapter.doPost(request, response);
 
-    verify(asyncContext).setTimeout(1);
+    verify(asyncContext).setTimeout(1 + ServletAdapter.ASYNC_TIMEOUT_SAFETY_MARGIN);
 
     // The following just verifies that scheduler is populated to the transport.
     // It doesn't matter what tasks (such as handshake timeout and request deadline) are actually

From ead6a54602d44f1cbecb4152fb9503a0104fd58b Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 16 Sep 2025 15:00:43 +0530
Subject: [PATCH 381/591] binder: Suppress GuardedBy("this") warning for test
 access (#12362)

Co-authored-by: MV Shiva <speakupshiva@gmail.com>
---
 .../src/main/java/io/grpc/binder/internal/BinderTransport.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 6c89c56ffd4..a7ca5b25b24 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -574,6 +574,7 @@ Map<Integer, Inbound<?>> getOngoingCalls() {
   }
 
   @VisibleForTesting
+  @SuppressWarnings("GuardedBy")
   LeakSafeOneWayBinder getIncomingBinderForTesting() {
     return this.incomingBinder;
   }

From 4b5ce99b02a61e9257d7d92a872d279de23223ab Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 17 Sep 2025 09:37:08 -0700
Subject: [PATCH 382/591] binder: Fix synchronization instead of suppressing
 GuardedBy

There's no reason why we shouldn't just have proper synchronization
here, even if only used in tests. We shouldn't get into the habit of
suppressing them.
---
 .../src/main/java/io/grpc/binder/internal/BinderTransport.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index a7ca5b25b24..904b7e83001 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -574,8 +574,7 @@ Map<Integer, Inbound<?>> getOngoingCalls() {
   }
 
   @VisibleForTesting
-  @SuppressWarnings("GuardedBy")
-  LeakSafeOneWayBinder getIncomingBinderForTesting() {
+  synchronized LeakSafeOneWayBinder getIncomingBinderForTesting() {
     return this.incomingBinder;
   }
 

From 0c179e3f9e8c4306578f00ecdab2b37480ea780e Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 18 Sep 2025 11:08:43 -0700
Subject: [PATCH 383/591] xds: Convert ClusterResolverLb to XdsDepManager

No longer need to hard-code pick_first because of gRFC A61.
https://github.com/grpc/proposal/pull/477
---
 .../grpc/xds/ClusterResolverLoadBalancer.java |  834 +++-------
 .../ClusterResolverLoadBalancerProvider.java  |   16 +-
 .../io/grpc/xds/EnvoyServerProtoData.java     |    2 +-
 .../io/grpc/xds/XdsDependencyManager.java     |   10 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |   16 +-
 .../xds/ClusterResolverLoadBalancerTest.java  | 1442 ++++++++---------
 .../java/io/grpc/xds/XdsNameResolverTest.java |   13 +
 7 files changed, 896 insertions(+), 1437 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index f57cada52e9..06fafbb6cf1 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -17,12 +17,9 @@
 package io.grpc.xds;
 
 import static com.google.common.base.Preconditions.checkNotNull;
-import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 import static io.grpc.xds.XdsLbPolicies.PRIORITY_POLICY_NAME;
 
-import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
-import com.google.protobuf.Struct;
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.HttpConnectProxiedSocketAddress;
@@ -30,16 +27,8 @@
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancerProvider;
 import io.grpc.LoadBalancerRegistry;
-import io.grpc.NameResolver;
-import io.grpc.NameResolver.ResolutionResult;
 import io.grpc.Status;
 import io.grpc.StatusOr;
-import io.grpc.SynchronizationContext;
-import io.grpc.SynchronizationContext.ScheduledHandle;
-import io.grpc.internal.BackoffPolicy;
-import io.grpc.internal.ExponentialBackoffPolicy;
-import io.grpc.internal.ObjectPool;
-import io.grpc.util.ForwardingLoadBalancerHelper;
 import io.grpc.util.GracefulSwitchLoadBalancer;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
 import io.grpc.xds.ClusterImplLoadBalancerProvider.ClusterImplConfig;
@@ -51,94 +40,46 @@
 import io.grpc.xds.EnvoyServerProtoData.FailurePercentageEjection;
 import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
 import io.grpc.xds.EnvoyServerProtoData.SuccessRateEjection;
-import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig;
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
+import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
-import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.Locality;
-import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
-import java.net.URI;
-import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
-import java.util.Objects;
 import java.util.Set;
 import java.util.TreeMap;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import javax.annotation.Nullable;
 
 /**
  * Load balancer for cluster_resolver_experimental LB policy. This LB policy is the child LB policy
  * of the cds_experimental LB policy and the parent LB policy of the priority_experimental LB
- * policy in the xDS load balancing hierarchy. This policy resolves endpoints of non-aggregate
+ * policy in the xDS load balancing hierarchy. This policy converts endpoints of non-aggregate
  * clusters (e.g., EDS or Logical DNS) and groups endpoints in priorities and localities to be
  * used in the downstream LB policies for fine-grained load balancing purposes.
  */
 final class ClusterResolverLoadBalancer extends LoadBalancer {
-  // DNS-resolved endpoints do not have the definition of the locality it belongs to, just hardcode
-  // to an empty locality.
-  private static final Locality LOGICAL_DNS_CLUSTER_LOCALITY = Locality.create("", "", "");
   private final XdsLogger logger;
-  private final SynchronizationContext syncContext;
-  private final ScheduledExecutorService timeService;
   private final LoadBalancerRegistry lbRegistry;
-  private final BackoffPolicy.Provider backoffPolicyProvider;
-  private final GracefulSwitchLoadBalancer delegate;
-  private ObjectPool<XdsClient> xdsClientPool;
-  private XdsClient xdsClient;
-  private ClusterResolverConfig config;
-
-  ClusterResolverLoadBalancer(Helper helper) {
-    this(helper, LoadBalancerRegistry.getDefaultRegistry(),
-        new ExponentialBackoffPolicy.Provider());
-  }
+  private final LoadBalancer delegate;
+  private ClusterState clusterState;
 
-  @VisibleForTesting
-  ClusterResolverLoadBalancer(Helper helper, LoadBalancerRegistry lbRegistry,
-      BackoffPolicy.Provider backoffPolicyProvider) {
+  ClusterResolverLoadBalancer(Helper helper, LoadBalancerRegistry lbRegistry) {
+    this.delegate = lbRegistry.getProvider(PRIORITY_POLICY_NAME).newLoadBalancer(helper);
     this.lbRegistry = checkNotNull(lbRegistry, "lbRegistry");
-    this.backoffPolicyProvider = checkNotNull(backoffPolicyProvider, "backoffPolicyProvider");
-    this.syncContext = checkNotNull(helper.getSynchronizationContext(), "syncContext");
-    this.timeService = checkNotNull(helper.getScheduledExecutorService(), "timeService");
-    delegate = new GracefulSwitchLoadBalancer(helper);
     logger = XdsLogger.withLogId(
         InternalLogId.allocate("cluster-resolver-lb", helper.getAuthority()));
     logger.log(XdsLogLevel.INFO, "Created");
   }
 
-  @Override
-  public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-    logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
-    if (xdsClientPool == null) {
-      xdsClientPool = resolvedAddresses.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL);
-      xdsClient = xdsClientPool.getObject();
-    }
-    ClusterResolverConfig config =
-        (ClusterResolverConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
-    if (!Objects.equals(this.config, config)) {
-      logger.log(XdsLogLevel.DEBUG, "Config: {0}", config);
-      this.config = config;
-      Object gracefulConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-          new ClusterResolverLbStateFactory(), config);
-      delegate.handleResolvedAddresses(
-          resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(gracefulConfig).build());
-    }
-    return Status.OK;
-  }
-
   @Override
   public void handleNameResolutionError(Status error) {
     logger.log(XdsLogLevel.WARNING, "Received name resolution error: {0}", error);
@@ -149,575 +90,213 @@ public void handleNameResolutionError(Status error) {
   public void shutdown() {
     logger.log(XdsLogLevel.INFO, "Shutdown");
     delegate.shutdown();
-    if (xdsClientPool != null) {
-      xdsClientPool.returnObject(xdsClient);
-    }
-  }
-
-  private final class ClusterResolverLbStateFactory extends LoadBalancer.Factory {
-    @Override
-    public LoadBalancer newLoadBalancer(Helper helper) {
-      return new ClusterResolverLbState(helper);
-    }
   }
 
-  /**
-   * The state of a cluster_resolver LB working session. A new instance is created whenever
-   * the cluster_resolver LB receives a new config. The old instance is replaced when the
-   * new one is ready to handle new RPCs.
-   */
-  private final class ClusterResolverLbState extends LoadBalancer {
-    private final Helper helper;
-    private ClusterState clusterState;
-    private String cluster;
-    private Object endpointLbConfig;
-    private ResolvedAddresses resolvedAddresses;
-    private LoadBalancer childLb;
-
-    ClusterResolverLbState(Helper helper) {
-      this.helper = new RefreshableHelper(checkNotNull(helper, "helper"));
-      logger.log(XdsLogLevel.DEBUG, "New ClusterResolverLbState");
-    }
-
-    @Override
-    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-      this.resolvedAddresses = resolvedAddresses;
-      ClusterResolverConfig config =
-          (ClusterResolverConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
-      endpointLbConfig = config.lbConfig;
-      DiscoveryMechanism instance = config.discoveryMechanism;
-      cluster = instance.cluster;
-      if (instance.type == DiscoveryMechanism.Type.EDS) {
-        clusterState = new EdsClusterState(instance.cluster, instance.edsServiceName,
-            instance.lrsServerInfo, instance.maxConcurrentRequests, instance.tlsContext,
-            instance.filterMetadata, instance.outlierDetection);
-      } else {  // logical DNS
-        clusterState = new LogicalDnsClusterState(instance.cluster, instance.dnsHostName,
-            instance.lrsServerInfo, instance.maxConcurrentRequests, instance.tlsContext,
-            instance.filterMetadata);
-      }
-      clusterState.start();
-      return Status.OK;
-    }
+  @Override
+  public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+    logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
+    ClusterResolverConfig config =
+        (ClusterResolverConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
+    XdsConfig xdsConfig = resolvedAddresses.getAttributes().get(XdsAttributes.XDS_CONFIG);
 
-    @Override
-    public void handleNameResolutionError(Status error) {
-      if (childLb != null) {
-        childLb.handleNameResolutionError(error);
-      } else {
-        helper.updateBalancingState(
-            TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
-      }
+    DiscoveryMechanism instance = config.discoveryMechanism;
+    String cluster = instance.cluster;
+    if (clusterState == null) {
+      clusterState = new ClusterState();
     }
 
-    @Override
-    public void shutdown() {
-      clusterState.shutdown();
-      if (childLb != null) {
-        childLb.shutdown();
-      }
+    StatusOr<EdsUpdate> edsUpdate = getEdsUpdate(xdsConfig, cluster);
+    StatusOr<ClusterResolutionResult> statusOrResult =
+        clusterState.edsUpdateToResult(config, instance, edsUpdate);
+    if (!statusOrResult.hasValue()) {
+      Status status = Status.UNAVAILABLE
+          .withDescription(statusOrResult.getStatus().getDescription())
+          .withCause(statusOrResult.getStatus().getCause());
+      delegate.handleNameResolutionError(status);
+      return status;
     }
-
-    private void handleEndpointResourceUpdate() {
-      List<EquivalentAddressGroup> addresses = new ArrayList<>();
-      Map<String, PriorityChildConfig> priorityChildConfigs = new HashMap<>();
-      List<String> priorities = new ArrayList<>();  // totally ordered priority list
-
-      Status endpointNotFound = Status.OK;
-      // Propagate endpoints to the child LB policy only after all clusters have been resolved.
-      if (!clusterState.resolved && clusterState.status.isOk()) {
-        return;
-      }
-      if (clusterState.result != null) {
-        addresses.addAll(clusterState.result.addresses);
-        priorityChildConfigs.putAll(clusterState.result.priorityChildConfigs);
-        priorities.addAll(clusterState.result.priorities);
-      } else {
-        endpointNotFound = clusterState.status;
-      }
-      if (addresses.isEmpty()) {
-        if (endpointNotFound.isOk()) {
-          endpointNotFound = Status.UNAVAILABLE.withDescription(
-              "No usable endpoint from cluster: " + cluster);
-        } else {
-          endpointNotFound =
-              Status.UNAVAILABLE.withCause(endpointNotFound.getCause())
-                  .withDescription(endpointNotFound.getDescription());
-        }
-        helper.updateBalancingState(
-            TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(endpointNotFound)));
-        if (childLb != null) {
-          childLb.shutdown();
-          childLb = null;
-        }
-        return;
-      }
-      PriorityLbConfig childConfig =
-          new PriorityLbConfig(Collections.unmodifiableMap(priorityChildConfigs),
-              Collections.unmodifiableList(priorities));
-      if (childLb == null) {
-        childLb = lbRegistry.getProvider(PRIORITY_POLICY_NAME).newLoadBalancer(helper);
-      }
-      childLb.handleResolvedAddresses(
-          resolvedAddresses.toBuilder()
-              .setLoadBalancingPolicyConfig(childConfig)
-              .setAddresses(Collections.unmodifiableList(addresses))
-              .build());
+    ClusterResolutionResult result = statusOrResult.getValue();
+    List<EquivalentAddressGroup> addresses = result.addresses;
+    if (addresses.isEmpty()) {
+      Status status = Status.UNAVAILABLE
+          .withDescription("No usable endpoint from cluster: " + cluster);
+      delegate.handleNameResolutionError(status);
+      return status;
     }
+    PriorityLbConfig childConfig =
+        new PriorityLbConfig(
+            Collections.unmodifiableMap(result.priorityChildConfigs),
+            Collections.unmodifiableList(result.priorities));
+    return delegate.acceptResolvedAddresses(
+        resolvedAddresses.toBuilder()
+            .setLoadBalancingPolicyConfig(childConfig)
+            .setAddresses(Collections.unmodifiableList(addresses))
+            .build());
+  }
 
-    private void handleEndpointResolutionError() {
-      if (!clusterState.status.isOk()) {
-        if (childLb != null) {
-          childLb.handleNameResolutionError(clusterState.status);
-        } else {
-          helper.updateBalancingState(
-              TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(clusterState.status)));
-        }
-      }
+  private static StatusOr<EdsUpdate> getEdsUpdate(XdsConfig xdsConfig, String cluster) {
+    StatusOr<XdsClusterConfig> clusterConfig = xdsConfig.getClusters().get(cluster);
+    if (clusterConfig == null) {
+      return StatusOr.fromStatus(Status.INTERNAL
+          .withDescription("BUG: cluster resolver could not find cluster in xdsConfig"));
     }
-
-    /**
-     * Wires re-resolution requests from downstream LB policies with DNS resolver.
-     */
-    private final class RefreshableHelper extends ForwardingLoadBalancerHelper {
-      private final Helper delegate;
-
-      private RefreshableHelper(Helper delegate) {
-        this.delegate = checkNotNull(delegate, "delegate");
-      }
-
-      @Override
-      public void refreshNameResolution() {
-        if (clusterState instanceof LogicalDnsClusterState) {
-          ((LogicalDnsClusterState) clusterState).refresh();
-        }
-      }
-
-      @Override
-      protected Helper delegate() {
-        return delegate;
-      }
+    if (!clusterConfig.hasValue()) {
+      return StatusOr.fromStatus(clusterConfig.getStatus());
     }
-
-    /**
-     * Resolution state of an underlying cluster.
-     */
-    private abstract class ClusterState {
-      // Name of the cluster to be resolved.
-      protected final String name;
-      @Nullable
-      protected final ServerInfo lrsServerInfo;
-      @Nullable
-      protected final Long maxConcurrentRequests;
-      @Nullable
-      protected final UpstreamTlsContext tlsContext;
-      protected final Map<String, Struct> filterMetadata;
-      @Nullable
-      protected final OutlierDetection outlierDetection;
-      // Resolution status, may contain most recent error encountered.
-      protected Status status = Status.OK;
-      // True if has received resolution result.
-      protected boolean resolved;
-      // Most recently resolved addresses and config, or null if resource not exists.
-      @Nullable
-      protected ClusterResolutionResult result;
-
-      protected boolean shutdown;
-
-      private ClusterState(String name, @Nullable ServerInfo lrsServerInfo,
-          @Nullable Long maxConcurrentRequests, @Nullable UpstreamTlsContext tlsContext,
-          Map<String, Struct> filterMetadata, @Nullable OutlierDetection outlierDetection) {
-        this.name = name;
-        this.lrsServerInfo = lrsServerInfo;
-        this.maxConcurrentRequests = maxConcurrentRequests;
-        this.tlsContext = tlsContext;
-        this.filterMetadata = ImmutableMap.copyOf(filterMetadata);
-        this.outlierDetection = outlierDetection;
-      }
-
-      abstract void start();
-
-      void shutdown() {
-        shutdown = true;
-      }
+    if (!(clusterConfig.getValue().getChildren() instanceof XdsClusterConfig.EndpointConfig)) {
+      return StatusOr.fromStatus(Status.INTERNAL
+          .withDescription("BUG: cluster resolver cluster with children of unknown type"));
     }
+    XdsClusterConfig.EndpointConfig endpointConfig =
+        (XdsClusterConfig.EndpointConfig) clusterConfig.getValue().getChildren();
+    return endpointConfig.getEndpoint();
+  }
 
-    private final class EdsClusterState extends ClusterState implements ResourceWatcher<EdsUpdate> {
-      @Nullable
-      private final String edsServiceName;
-      private Map<Locality, String> localityPriorityNames = Collections.emptyMap();
-      int priorityNameGenId = 1;
-
-      private EdsClusterState(String name, @Nullable String edsServiceName,
-          @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
-          @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata,
-          @Nullable OutlierDetection outlierDetection) {
-        super(name, lrsServerInfo, maxConcurrentRequests, tlsContext, filterMetadata,
-            outlierDetection);
-        this.edsServiceName = edsServiceName;
-      }
-
-      @Override
-      void start() {
-        String resourceName = edsServiceName != null ? edsServiceName : name;
-        logger.log(XdsLogLevel.INFO, "Start watching EDS resource {0}", resourceName);
-        xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),
-            resourceName, this, syncContext);
-      }
-
-      @Override
-      protected void shutdown() {
-        super.shutdown();
-        String resourceName = edsServiceName != null ? edsServiceName : name;
-        logger.log(XdsLogLevel.INFO, "Stop watching EDS resource {0}", resourceName);
-        xdsClient.cancelXdsResourceWatch(XdsEndpointResource.getInstance(), resourceName, this);
-      }
-
-      @Override
-      public void onChanged(final EdsUpdate update) {
-        class EndpointsUpdated implements Runnable {
-          @Override
-          public void run() {
-            if (shutdown) {
-              return;
-            }
-            logger.log(XdsLogLevel.DEBUG, "Received endpoint update {0}", update);
-            if (logger.isLoggable(XdsLogLevel.INFO)) {
-              logger.log(XdsLogLevel.INFO, "Cluster {0}: {1} localities, {2} drop categories",
-                  update.clusterName, update.localityLbEndpointsMap.size(),
-                  update.dropPolicies.size());
+  private final class ClusterState {
+    private Map<Locality, String> localityPriorityNames = Collections.emptyMap();
+    int priorityNameGenId = 1;
+
+    StatusOr<ClusterResolutionResult> edsUpdateToResult(
+        ClusterResolverConfig config, DiscoveryMechanism discovery, StatusOr<EdsUpdate> updateOr) {
+      if (!updateOr.hasValue()) {
+        return StatusOr.fromStatus(updateOr.getStatus());
+      }
+      EdsUpdate update = updateOr.getValue();
+      logger.log(XdsLogLevel.DEBUG, "Received endpoint update {0}", update);
+      if (logger.isLoggable(XdsLogLevel.INFO)) {
+        logger.log(XdsLogLevel.INFO, "Cluster {0}: {1} localities, {2} drop categories",
+            discovery.cluster, update.localityLbEndpointsMap.size(),
+            update.dropPolicies.size());
+      }
+      Map<Locality, LocalityLbEndpoints> localityLbEndpoints =
+          update.localityLbEndpointsMap;
+      List<DropOverload> dropOverloads = update.dropPolicies;
+      List<EquivalentAddressGroup> addresses = new ArrayList<>();
+      Map<String, Map<Locality, Integer>> prioritizedLocalityWeights = new HashMap<>();
+      List<String> sortedPriorityNames =
+          generatePriorityNames(discovery.cluster, localityLbEndpoints);
+      for (Locality locality : localityLbEndpoints.keySet()) {
+        LocalityLbEndpoints localityLbInfo = localityLbEndpoints.get(locality);
+        String priorityName = localityPriorityNames.get(locality);
+        boolean discard = true;
+        for (LbEndpoint endpoint : localityLbInfo.endpoints()) {
+          if (endpoint.isHealthy()) {
+            discard = false;
+            long weight = localityLbInfo.localityWeight();
+            if (endpoint.loadBalancingWeight() != 0) {
+              weight *= endpoint.loadBalancingWeight();
             }
-            Map<Locality, LocalityLbEndpoints> localityLbEndpoints =
-                update.localityLbEndpointsMap;
-            List<DropOverload> dropOverloads = update.dropPolicies;
-            List<EquivalentAddressGroup> addresses = new ArrayList<>();
-            Map<String, Map<Locality, Integer>> prioritizedLocalityWeights = new HashMap<>();
-            List<String> sortedPriorityNames = generatePriorityNames(name, localityLbEndpoints);
-            for (Locality locality : localityLbEndpoints.keySet()) {
-              LocalityLbEndpoints localityLbInfo = localityLbEndpoints.get(locality);
-              String priorityName = localityPriorityNames.get(locality);
-              boolean discard = true;
-              for (LbEndpoint endpoint : localityLbInfo.endpoints()) {
-                if (endpoint.isHealthy()) {
-                  discard = false;
-                  long weight = localityLbInfo.localityWeight();
-                  if (endpoint.loadBalancingWeight() != 0) {
-                    weight *= endpoint.loadBalancingWeight();
-                  }
-                  String localityName = localityName(locality);
-                  Attributes attr =
-                      endpoint.eag().getAttributes().toBuilder()
-                          .set(XdsAttributes.ATTR_LOCALITY, locality)
-                          .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, localityName)
-                          .set(XdsAttributes.ATTR_LOCALITY_WEIGHT,
-                              localityLbInfo.localityWeight())
-                          .set(XdsAttributes.ATTR_SERVER_WEIGHT, weight)
-                          .set(XdsAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
-                          .build();
-
-                  EquivalentAddressGroup eag;
-                  if (config.isHttp11ProxyAvailable()) {
-                    List<SocketAddress> rewrittenAddresses = new ArrayList<>();
-                    for (SocketAddress addr : endpoint.eag().getAddresses()) {
-                      rewrittenAddresses.add(rewriteAddress(
-                          addr, endpoint.endpointMetadata(), localityLbInfo.localityMetadata()));
-                    }
-                    eag = new EquivalentAddressGroup(rewrittenAddresses, attr);
-                  } else {
-                    eag = new EquivalentAddressGroup(endpoint.eag().getAddresses(), attr);
-                  }
-                  eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
-                  addresses.add(eag);
-                }
-              }
-              if (discard) {
-                logger.log(XdsLogLevel.INFO,
-                    "Discard locality {0} with 0 healthy endpoints", locality);
-                continue;
+            String localityName = localityName(locality);
+            Attributes attr =
+                endpoint.eag().getAttributes().toBuilder()
+                    .set(XdsAttributes.ATTR_LOCALITY, locality)
+                    .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, localityName)
+                    .set(XdsAttributes.ATTR_LOCALITY_WEIGHT,
+                        localityLbInfo.localityWeight())
+                    .set(XdsAttributes.ATTR_SERVER_WEIGHT, weight)
+                    .set(XdsAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
+                    .build();
+            EquivalentAddressGroup eag;
+            if (config.isHttp11ProxyAvailable()) {
+              List<SocketAddress> rewrittenAddresses = new ArrayList<>();
+              for (SocketAddress addr : endpoint.eag().getAddresses()) {
+                rewrittenAddresses.add(rewriteAddress(
+                    addr, endpoint.endpointMetadata(), localityLbInfo.localityMetadata()));
               }
-              if (!prioritizedLocalityWeights.containsKey(priorityName)) {
-                prioritizedLocalityWeights.put(priorityName, new HashMap<Locality, Integer>());
-              }
-              prioritizedLocalityWeights.get(priorityName).put(
-                  locality, localityLbInfo.localityWeight());
-            }
-            if (prioritizedLocalityWeights.isEmpty()) {
-              // Will still update the result, as if the cluster resource is revoked.
-              logger.log(XdsLogLevel.INFO,
-                  "Cluster {0} has no usable priority/locality/endpoint", update.clusterName);
+              eag = new EquivalentAddressGroup(rewrittenAddresses, attr);
+            } else {
+              eag = new EquivalentAddressGroup(endpoint.eag().getAddresses(), attr);
             }
-            sortedPriorityNames.retainAll(prioritizedLocalityWeights.keySet());
-            Map<String, PriorityChildConfig> priorityChildConfigs =
-                generateEdsBasedPriorityChildConfigs(
-                    name, edsServiceName, lrsServerInfo, maxConcurrentRequests, tlsContext,
-                    filterMetadata, outlierDetection, endpointLbConfig, lbRegistry,
-                    prioritizedLocalityWeights, dropOverloads);
-            status = Status.OK;
-            resolved = true;
-            result = new ClusterResolutionResult(addresses, priorityChildConfigs,
-                sortedPriorityNames);
-            handleEndpointResourceUpdate();
-          }
-        }
-
-        new EndpointsUpdated().run();
-      }
-
-      private SocketAddress rewriteAddress(SocketAddress addr,
-          ImmutableMap<String, Object> endpointMetadata,
-          ImmutableMap<String, Object> localityMetadata) {
-        if (!(addr instanceof InetSocketAddress)) {
-          return addr;
-        }
-
-        SocketAddress proxyAddress;
-        try {
-          proxyAddress = (SocketAddress) endpointMetadata.get(
-              "envoy.http11_proxy_transport_socket.proxy_address");
-          if (proxyAddress == null) {
-            proxyAddress = (SocketAddress) localityMetadata.get(
-                "envoy.http11_proxy_transport_socket.proxy_address");
+            eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
+            addresses.add(eag);
           }
-        } catch (ClassCastException e) {
-          return addr;
         }
-
-        if (proxyAddress == null) {
-          return addr;
+        if (discard) {
+          logger.log(XdsLogLevel.INFO,
+              "Discard locality {0} with 0 healthy endpoints", locality);
+          continue;
         }
-
-        return HttpConnectProxiedSocketAddress.newBuilder()
-            .setTargetAddress((InetSocketAddress) addr)
-            .setProxyAddress(proxyAddress)
-            .build();
-      }
-
-      private List<String> generatePriorityNames(String name,
-          Map<Locality, LocalityLbEndpoints> localityLbEndpoints) {
-        TreeMap<Integer, List<Locality>> todo = new TreeMap<>();
-        for (Locality locality : localityLbEndpoints.keySet()) {
-          int priority = localityLbEndpoints.get(locality).priority();
-          if (!todo.containsKey(priority)) {
-            todo.put(priority, new ArrayList<>());
-          }
-          todo.get(priority).add(locality);
+        if (!prioritizedLocalityWeights.containsKey(priorityName)) {
+          prioritizedLocalityWeights.put(priorityName, new HashMap<Locality, Integer>());
         }
-        Map<Locality, String> newNames = new HashMap<>();
-        Set<String> usedNames = new HashSet<>();
-        List<String> ret = new ArrayList<>();
-        for (Integer priority: todo.keySet()) {
-          String foundName = "";
-          for (Locality locality : todo.get(priority)) {
-            if (localityPriorityNames.containsKey(locality)
-                && usedNames.add(localityPriorityNames.get(locality))) {
-              foundName = localityPriorityNames.get(locality);
-              break;
-            }
-          }
-          if ("".equals(foundName)) {
-            foundName = String.format(Locale.US, "%s[child%d]", name, priorityNameGenId++);
-          }
-          for (Locality locality : todo.get(priority)) {
-            newNames.put(locality, foundName);
-          }
-          ret.add(foundName);
-        }
-        localityPriorityNames = newNames;
-        return ret;
-      }
-
-      @Override
-      public void onResourceDoesNotExist(final String resourceName) {
-        if (shutdown) {
-          return;
-        }
-        logger.log(XdsLogLevel.INFO, "Resource {0} unavailable", resourceName);
-        status = Status.OK;
-        resolved = true;
-        result = null;  // resource revoked
-        handleEndpointResourceUpdate();
-      }
-
-      @Override
-      public void onError(final Status error) {
-        if (shutdown) {
-          return;
-        }
-        String resourceName = edsServiceName != null ? edsServiceName : name;
-        status = Status.UNAVAILABLE
-            .withDescription(String.format("Unable to load EDS %s. xDS server returned: %s: %s",
-                  resourceName, error.getCode(), error.getDescription()))
-            .withCause(error.getCause());
-        logger.log(XdsLogLevel.WARNING, "Received EDS error: {0}", error);
-        handleEndpointResolutionError();
-      }
+        prioritizedLocalityWeights.get(priorityName).put(
+            locality, localityLbInfo.localityWeight());
+      }
+      if (prioritizedLocalityWeights.isEmpty()) {
+        // Will still update the result, as if the cluster resource is revoked.
+        logger.log(XdsLogLevel.INFO,
+            "Cluster {0} has no usable priority/locality/endpoint", discovery.cluster);
+      }
+      sortedPriorityNames.retainAll(prioritizedLocalityWeights.keySet());
+      Map<String, PriorityChildConfig> priorityChildConfigs =
+          generatePriorityChildConfigs(
+              discovery, config.lbConfig, lbRegistry,
+              prioritizedLocalityWeights, dropOverloads);
+      return StatusOr.fromValue(new ClusterResolutionResult(addresses, priorityChildConfigs,
+          sortedPriorityNames));
     }
 
-    private final class LogicalDnsClusterState extends ClusterState {
-      private final String dnsHostName;
-      private final NameResolver.Factory nameResolverFactory;
-      private final NameResolver.Args nameResolverArgs;
-      private NameResolver resolver;
-      @Nullable
-      private BackoffPolicy backoffPolicy;
-      @Nullable
-      private ScheduledHandle scheduledRefresh;
-
-      private LogicalDnsClusterState(String name, String dnsHostName,
-          @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
-          @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata) {
-        super(name, lrsServerInfo, maxConcurrentRequests, tlsContext, filterMetadata, null);
-        this.dnsHostName = checkNotNull(dnsHostName, "dnsHostName");
-        nameResolverFactory =
-            checkNotNull(helper.getNameResolverRegistry().asFactory(), "nameResolverFactory");
-        nameResolverArgs = checkNotNull(helper.getNameResolverArgs(), "nameResolverArgs");
+    private SocketAddress rewriteAddress(SocketAddress addr,
+        ImmutableMap<String, Object> endpointMetadata,
+        ImmutableMap<String, Object> localityMetadata) {
+      if (!(addr instanceof InetSocketAddress)) {
+        return addr;
       }
 
-      @Override
-      void start() {
-        URI uri;
-        try {
-          uri = new URI("dns", "", "/" + dnsHostName, null);
-        } catch (URISyntaxException e) {
-          status = Status.INTERNAL.withDescription(
-              "Bug, invalid URI creation: " + dnsHostName).withCause(e);
-          handleEndpointResolutionError();
-          return;
-        }
-        resolver = nameResolverFactory.newNameResolver(uri, nameResolverArgs);
-        if (resolver == null) {
-          status = Status.INTERNAL.withDescription("Xds cluster resolver lb for logical DNS "
-              + "cluster [" + name + "] cannot find DNS resolver with uri:" + uri);
-          handleEndpointResolutionError();
-          return;
-        }
-        resolver.start(new NameResolverListener(dnsHostName));
-      }
-
-      void refresh() {
-        if (resolver == null) {
-          return;
-        }
-        cancelBackoff();
-        resolver.refresh();
-      }
-
-      @Override
-      void shutdown() {
-        super.shutdown();
-        if (resolver != null) {
-          resolver.shutdown();
-        }
-        cancelBackoff();
-      }
-
-      private void cancelBackoff() {
-        if (scheduledRefresh != null) {
-          scheduledRefresh.cancel();
-          scheduledRefresh = null;
-          backoffPolicy = null;
+      SocketAddress proxyAddress;
+      try {
+        proxyAddress = (SocketAddress) endpointMetadata.get(
+            "envoy.http11_proxy_transport_socket.proxy_address");
+        if (proxyAddress == null) {
+          proxyAddress = (SocketAddress) localityMetadata.get(
+              "envoy.http11_proxy_transport_socket.proxy_address");
         }
+      } catch (ClassCastException e) {
+        return addr;
       }
 
-      private class DelayedNameResolverRefresh implements Runnable {
-        @Override
-        public void run() {
-          scheduledRefresh = null;
-          if (!shutdown) {
-            resolver.refresh();
-          }
-        }
+      if (proxyAddress == null) {
+        return addr;
       }
 
-      private class NameResolverListener extends NameResolver.Listener2 {
-        private final String dnsHostName;
-
-        NameResolverListener(String dnsHostName) {
-          this.dnsHostName = dnsHostName;
-        }
+      return HttpConnectProxiedSocketAddress.newBuilder()
+          .setTargetAddress((InetSocketAddress) addr)
+          .setProxyAddress(proxyAddress)
+          .build();
+    }
 
-        @Override
-        public void onResult(final ResolutionResult resolutionResult) {
-          syncContext.execute(() -> onResult2(resolutionResult));
+    private List<String> generatePriorityNames(String name,
+        Map<Locality, LocalityLbEndpoints> localityLbEndpoints) {
+      TreeMap<Integer, List<Locality>> todo = new TreeMap<>();
+      for (Locality locality : localityLbEndpoints.keySet()) {
+        int priority = localityLbEndpoints.get(locality).priority();
+        if (!todo.containsKey(priority)) {
+          todo.put(priority, new ArrayList<>());
         }
-
-        @Override
-        public Status onResult2(final ResolutionResult resolutionResult) {
-          if (shutdown) {
-            return Status.OK;
-          }
-          // Arbitrary priority notation for all DNS-resolved endpoints.
-          String priorityName = priorityName(name, 0);  // value doesn't matter
-          List<EquivalentAddressGroup> addresses = new ArrayList<>();
-          StatusOr<List<EquivalentAddressGroup>> addressesOrError =
-                  resolutionResult.getAddressesOrError();
-          if (addressesOrError.hasValue()) {
-            backoffPolicy = null;  // reset backoff sequence if succeeded
-            for (EquivalentAddressGroup eag : addressesOrError.getValue()) {
-              // No weight attribute is attached, all endpoint-level LB policy should be able
-              // to handle such it.
-              String localityName = localityName(LOGICAL_DNS_CLUSTER_LOCALITY);
-              Attributes attr = eag.getAttributes().toBuilder()
-                      .set(XdsAttributes.ATTR_LOCALITY, LOGICAL_DNS_CLUSTER_LOCALITY)
-                      .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, localityName)
-                      .set(XdsAttributes.ATTR_ADDRESS_NAME, dnsHostName)
-                      .build();
-              eag = new EquivalentAddressGroup(eag.getAddresses(), attr);
-              eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
-              addresses.add(eag);
-            }
-            PriorityChildConfig priorityChildConfig = generateDnsBasedPriorityChildConfig(
-                    name, lrsServerInfo, maxConcurrentRequests, tlsContext, filterMetadata,
-                    lbRegistry, Collections.<DropOverload>emptyList());
-            status = Status.OK;
-            resolved = true;
-            result = new ClusterResolutionResult(addresses, priorityName, priorityChildConfig);
-            handleEndpointResourceUpdate();
-            return Status.OK;
-          } else {
-            handleErrorInSyncContext(addressesOrError.getStatus());
-            return addressesOrError.getStatus();
+        todo.get(priority).add(locality);
+      }
+      Map<Locality, String> newNames = new HashMap<>();
+      Set<String> usedNames = new HashSet<>();
+      List<String> ret = new ArrayList<>();
+      for (Integer priority: todo.keySet()) {
+        String foundName = "";
+        for (Locality locality : todo.get(priority)) {
+          if (localityPriorityNames.containsKey(locality)
+              && usedNames.add(localityPriorityNames.get(locality))) {
+            foundName = localityPriorityNames.get(locality);
+            break;
           }
         }
-
-        @Override
-        public void onError(final Status error) {
-          syncContext.execute(() -> handleErrorInSyncContext(error));
+        if ("".equals(foundName)) {
+          foundName = priorityName(name, priorityNameGenId++);
         }
-
-        private void handleErrorInSyncContext(final Status error) {
-          if (shutdown) {
-            return;
-          }
-          status = error;
-          // NameResolver.Listener API cannot distinguish between address-not-found and
-          // transient errors. If the error occurs in the first resolution, treat it as
-          // address not found. Otherwise, either there is previously resolved addresses
-          // previously encountered error, propagate the error to downstream/upstream and
-          // let downstream/upstream handle it.
-          if (!resolved) {
-            resolved = true;
-            handleEndpointResourceUpdate();
-          } else {
-            handleEndpointResolutionError();
-          }
-          if (scheduledRefresh != null && scheduledRefresh.isPending()) {
-            return;
-          }
-          if (backoffPolicy == null) {
-            backoffPolicy = backoffPolicyProvider.get();
-          }
-          long delayNanos = backoffPolicy.nextBackoffNanos();
-          logger.log(XdsLogLevel.DEBUG,
-                  "Logical DNS resolver for cluster {0} encountered name resolution "
-                          + "error: {1}, scheduling DNS resolution backoff for {2} ns",
-                  name, error, delayNanos);
-          scheduledRefresh =
-                  syncContext.schedule(
-                          new DelayedNameResolverRefresh(), delayNanos, TimeUnit.NANOSECONDS,
-                          timeService);
+        for (Locality locality : todo.get(priority)) {
+          newNames.put(locality, foundName);
         }
+        ret.add(foundName);
       }
+      localityPriorityNames = newNames;
+      return ret;
     }
   }
 
@@ -729,12 +308,6 @@ private static class ClusterResolutionResult {
     // List of priority names ordered in descending priorities.
     private final List<String> priorities;
 
-    ClusterResolutionResult(List<EquivalentAddressGroup> addresses, String priority,
-        PriorityChildConfig config) {
-      this(addresses, Collections.singletonMap(priority, config),
-          Collections.singletonList(priority));
-    }
-
     ClusterResolutionResult(List<EquivalentAddressGroup> addresses,
         Map<String, PriorityChildConfig> configs, List<String> priorities) {
       this.addresses = addresses;
@@ -744,46 +317,24 @@ private static class ClusterResolutionResult {
   }
 
   /**
-   * Generates the config to be used in the priority LB policy for the single priority of
-   * logical DNS cluster.
-   *
-   * <p>priority LB -> cluster_impl LB (single hardcoded priority) -> pick_first
-   */
-  private static PriorityChildConfig generateDnsBasedPriorityChildConfig(
-      String cluster, @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
-      @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata,
-      LoadBalancerRegistry lbRegistry, List<DropOverload> dropOverloads) {
-    // Override endpoint-level LB policy with pick_first for logical DNS cluster.
-    Object endpointLbConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-        lbRegistry.getProvider("pick_first"), null);
-    ClusterImplConfig clusterImplConfig =
-        new ClusterImplConfig(cluster, null, lrsServerInfo, maxConcurrentRequests,
-            dropOverloads, endpointLbConfig, tlsContext, filterMetadata);
-    LoadBalancerProvider clusterImplLbProvider =
-        lbRegistry.getProvider(XdsLbPolicies.CLUSTER_IMPL_POLICY_NAME);
-    Object clusterImplPolicy = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-        clusterImplLbProvider, clusterImplConfig);
-    return new PriorityChildConfig(clusterImplPolicy, false /* ignoreReresolution*/);
-  }
-
-  /**
-   * Generates configs to be used in the priority LB policy for priorities in an EDS cluster.
+   * Generates configs to be used in the priority LB policy for priorities in a cluster.
    *
    * <p>priority LB -> cluster_impl LB (one per priority) -> (weighted_target LB
    * -> round_robin / least_request_experimental (one per locality)) / ring_hash_experimental
    */
-  private static Map<String, PriorityChildConfig> generateEdsBasedPriorityChildConfigs(
-      String cluster, @Nullable String edsServiceName, @Nullable ServerInfo lrsServerInfo,
-      @Nullable Long maxConcurrentRequests, @Nullable UpstreamTlsContext tlsContext,
-      Map<String, Struct> filterMetadata,
-      @Nullable OutlierDetection outlierDetection, Object endpointLbConfig,
-      LoadBalancerRegistry lbRegistry, Map<String,
-      Map<Locality, Integer>> prioritizedLocalityWeights, List<DropOverload> dropOverloads) {
+  private static Map<String, PriorityChildConfig> generatePriorityChildConfigs(
+      DiscoveryMechanism discovery,
+      Object endpointLbConfig,
+      LoadBalancerRegistry lbRegistry,
+      Map<String, Map<Locality, Integer>> prioritizedLocalityWeights,
+      List<DropOverload> dropOverloads) {
     Map<String, PriorityChildConfig> configs = new HashMap<>();
     for (String priority : prioritizedLocalityWeights.keySet()) {
       ClusterImplConfig clusterImplConfig =
-          new ClusterImplConfig(cluster, edsServiceName, lrsServerInfo, maxConcurrentRequests,
-              dropOverloads, endpointLbConfig, tlsContext, filterMetadata);
+          new ClusterImplConfig(
+              discovery.cluster, discovery.edsServiceName, discovery.lrsServerInfo,
+              discovery.maxConcurrentRequests, dropOverloads, endpointLbConfig,
+              discovery.tlsContext, discovery.filterMetadata);
       LoadBalancerProvider clusterImplLbProvider =
           lbRegistry.getProvider(XdsLbPolicies.CLUSTER_IMPL_POLICY_NAME);
       Object priorityChildPolicy = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
@@ -791,16 +342,17 @@ private static Map<String, PriorityChildConfig> generateEdsBasedPriorityChildCon
 
       // If outlier detection has been configured we wrap the child policy in the outlier detection
       // load balancer.
-      if (outlierDetection != null) {
+      if (discovery.outlierDetection != null) {
         LoadBalancerProvider outlierDetectionProvider = lbRegistry.getProvider(
             "outlier_detection_experimental");
         priorityChildPolicy = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             outlierDetectionProvider,
-            buildOutlierDetectionLbConfig(outlierDetection, priorityChildPolicy));
+            buildOutlierDetectionLbConfig(discovery.outlierDetection, priorityChildPolicy));
       }
 
+      boolean isEds = discovery.type == DiscoveryMechanism.Type.EDS;
       PriorityChildConfig priorityChildConfig =
-          new PriorityChildConfig(priorityChildPolicy, true /* ignoreReresolution */);
+          new PriorityChildConfig(priorityChildPolicy, isEds /* ignoreReresolution */);
       configs.put(priority, priorityChildConfig);
     }
     return configs;
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
index 48101cd9c54..8cff272fcba 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
@@ -25,6 +25,7 @@
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancerProvider;
+import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
 import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
@@ -41,6 +42,15 @@
  */
 @Internal
 public final class ClusterResolverLoadBalancerProvider extends LoadBalancerProvider {
+  private final LoadBalancerRegistry lbRegistry;
+
+  public ClusterResolverLoadBalancerProvider() {
+    this.lbRegistry = null;
+  }
+
+  ClusterResolverLoadBalancerProvider(LoadBalancerRegistry lbRegistry) {
+    this.lbRegistry = checkNotNull(lbRegistry, "lbRegistry");
+  }
 
   @Override
   public boolean isAvailable() {
@@ -65,7 +75,11 @@ public ConfigOrError parseLoadBalancingPolicyConfig(Map<String, ?> rawLoadBalanc
 
   @Override
   public LoadBalancer newLoadBalancer(Helper helper) {
-    return new ClusterResolverLoadBalancer(helper);
+    LoadBalancerRegistry lbRegistry = this.lbRegistry;
+    if (lbRegistry == null) {
+      lbRegistry = LoadBalancerRegistry.getDefaultRegistry();
+    }
+    return new ClusterResolverLoadBalancer(helper, lbRegistry);
   }
 
   static final class ClusterResolverConfig {
diff --git a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
index fd2a1d2a069..9c2ee641423 100644
--- a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
+++ b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
@@ -328,7 +328,7 @@ static OutlierDetection fromEnvoyOutlierDetection(
         Integer minimumHosts = envoyOutlierDetection.hasSuccessRateMinimumHosts()
             ? envoyOutlierDetection.getSuccessRateMinimumHosts().getValue() : null;
         Integer requestVolume = envoyOutlierDetection.hasSuccessRateRequestVolume()
-            ? envoyOutlierDetection.getSuccessRateMinimumHosts().getValue() : null;
+            ? envoyOutlierDetection.getSuccessRateRequestVolume().getValue() : null;
 
         successRateEjection = SuccessRateEjection.create(stdevFactor, enforcementPercentage,
             minimumHosts, requestVolume);
diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 5ed3821b7e4..21b0ad7dc66 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -41,6 +41,7 @@
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.client.XdsResourceType;
+import java.net.SocketAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
@@ -83,7 +84,7 @@ private enum TrackedWatcherTypeEnum {
 
   private static final int MAX_CLUSTER_RECURSION_DEPTH = 16; // Specified by gRFC A37
 
-  static boolean enableLogicalDns = false;
+  static boolean enableLogicalDns = true;
 
   private final String listenerName;
   private final XdsClient xdsClient;
@@ -394,10 +395,13 @@ private static StatusOr<XdsEndpointResource.EdsUpdate> dnsToEdsUpdate(
       return StatusOr.fromStatus(dnsData.getStatus());
     }
 
-    List<Endpoints.LbEndpoint> endpoints = new ArrayList<>();
+    List<SocketAddress> addresses = new ArrayList<>();
     for (EquivalentAddressGroup eag : dnsData.getValue()) {
-      endpoints.add(Endpoints.LbEndpoint.create(eag, 1, true, dnsHostName, ImmutableMap.of()));
+      addresses.addAll(eag.getAddresses());
     }
+    EquivalentAddressGroup eag = new EquivalentAddressGroup(addresses);
+    List<Endpoints.LbEndpoint> endpoints = ImmutableList.of(
+        Endpoints.LbEndpoint.create(eag, 1, true, dnsHostName, ImmutableMap.of()));
     LocalityLbEndpoints lbEndpoints =
         LocalityLbEndpoints.create(endpoints, 1, 0, ImmutableMap.of());
     return StatusOr.fromValue(new XdsEndpointResource.EdsUpdate(
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 58d1ff769fe..55059dc4a5a 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -234,6 +234,13 @@ public void start(Listener2 listener) {
     resolveState.start();
   }
 
+  @Override
+  public void refresh() {
+    if (resolveState != null) {
+      resolveState.refresh();
+    }
+  }
+
   private static String expandPercentS(String template, String replacement) {
     return template.replace("%s", replacement);
   }
@@ -323,7 +330,10 @@ private void updateResolutionResult(XdsConfig xdsConfig) {
             .setAttributes(attrs)
             .setServiceConfig(parsedServiceConfig)
             .build();
-    listener.onResult2(result);
+    if (!listener.onResult2(result).isOk()) {
+      // TODO: check if this is right
+      resolveState.xdsDependencyManager.requestReresolution();
+    }
   }
 
   /**
@@ -662,6 +672,10 @@ void start() {
       xdsDependencyManager.start(this);
     }
 
+    void refresh() {
+      xdsDependencyManager.requestReresolution();
+    }
+
     private void shutdown() {
       if (stopped) {
         return;
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 982677d24da..be68018792b 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -21,18 +21,41 @@
 import static io.grpc.xds.XdsLbPolicies.PRIORITY_POLICY_NAME;
 import static io.grpc.xds.XdsLbPolicies.WEIGHTED_TARGET_POLICY_NAME;
 import static io.grpc.xds.XdsLbPolicies.WRR_LOCALITY_POLICY_NAME;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_EDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_LDS;
+import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_RDS;
 import static java.util.stream.Collectors.toList;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doAnswer;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import com.google.common.testing.EqualsTester;
+import com.google.protobuf.Any;
+import com.google.protobuf.Duration;
+import com.google.protobuf.UInt32Value;
+import com.google.protobuf.UInt64Value;
+import io.envoyproxy.envoy.config.cluster.v3.Cluster;
+import io.envoyproxy.envoy.config.cluster.v3.OutlierDetection;
+import io.envoyproxy.envoy.config.core.v3.Address;
+import io.envoyproxy.envoy.config.core.v3.AggregatedConfigSource;
+import io.envoyproxy.envoy.config.core.v3.ConfigSource;
+import io.envoyproxy.envoy.config.core.v3.HealthStatus;
+import io.envoyproxy.envoy.config.core.v3.Locality;
+import io.envoyproxy.envoy.config.core.v3.Metadata;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress;
+import io.envoyproxy.envoy.config.core.v3.TransportSocket;
+import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;
+import io.envoyproxy.envoy.config.endpoint.v3.Endpoint;
+import io.envoyproxy.envoy.config.endpoint.v3.LbEndpoint;
+import io.envoyproxy.envoy.config.endpoint.v3.LocalityLbEndpoints;
+import io.envoyproxy.envoy.extensions.transport_sockets.http_11_proxy.v3.Http11ProxyUpstreamTransport;
 import io.grpc.Attributes;
 import io.grpc.ChannelLogger;
 import io.grpc.ConnectivityState;
@@ -53,25 +76,23 @@
 import io.grpc.NameResolverProvider;
 import io.grpc.NameResolverRegistry;
 import io.grpc.Status;
-import io.grpc.Status.Code;
 import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
-import io.grpc.internal.BackoffPolicy;
+import io.grpc.inprocess.InProcessChannelBuilder;
+import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.FakeClock;
-import io.grpc.internal.FakeClock.ScheduledTask;
 import io.grpc.internal.GrpcUtil;
-import io.grpc.internal.ObjectPool;
+import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.util.GracefulSwitchLoadBalancer;
 import io.grpc.util.GracefulSwitchLoadBalancerAccessor;
+import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
 import io.grpc.util.OutlierDetectionLoadBalancerProvider;
+import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
 import io.grpc.xds.ClusterImplLoadBalancerProvider.ClusterImplConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
 import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig.DiscoveryMechanism;
 import io.grpc.xds.Endpoints.DropOverload;
-import io.grpc.xds.Endpoints.LbEndpoint;
-import io.grpc.xds.Endpoints.LocalityLbEndpoints;
 import io.grpc.xds.EnvoyServerProtoData.FailurePercentageEjection;
-import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
 import io.grpc.xds.EnvoyServerProtoData.SuccessRateEjection;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.LeastRequestLoadBalancer.LeastRequestConfig;
@@ -79,24 +100,16 @@
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
 import io.grpc.xds.RingHashLoadBalancer.RingHashConfig;
 import io.grpc.xds.WrrLocalityLoadBalancer.WrrLocalityConfig;
-import io.grpc.xds.XdsEndpointResource.EdsUpdate;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
-import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import java.net.InetSocketAddress;
-import java.net.SocketAddress;
 import java.net.URI;
-import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
 import org.junit.After;
@@ -107,9 +120,7 @@
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
-import org.mockito.InOrder;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
 
@@ -117,39 +128,43 @@
 @RunWith(JUnit4.class)
 public class ClusterResolverLoadBalancerTest {
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
+  @Rule
+  public final GrpcCleanupRule cleanupRule = new GrpcCleanupRule();
 
-  private static final String AUTHORITY = "api.google.com";
-  private static final String CLUSTER1 = "cluster-foo.googleapis.com";
-  private static final String CLUSTER2 = "cluster-bar.googleapis.com";
-  private static final String CLUSTER_DNS = "cluster-dns.googleapis.com";
-  private static final String EDS_SERVICE_NAME1 = "backend-service-foo.googleapis.com";
-  private static final String EDS_SERVICE_NAME2 = "backend-service-bar.googleapis.com";
+  private static final String SERVER_NAME = "example.com";
+  private static final String CLUSTER = "cluster-foo.googleapis.com";
+  private static final String EDS_SERVICE_NAME = "backend-service-foo.googleapis.com";
   private static final String DNS_HOST_NAME = "dns-service.googleapis.com";
-  private static final ServerInfo LRS_SERVER_INFO =
-      ServerInfo.create("lrs.googleapis.com", InsecureChannelCredentials.create());
-  private final Locality locality1 =
-      Locality.create("test-region-1", "test-zone-1", "test-subzone-1");
-  private final Locality locality2 =
-      Locality.create("test-region-2", "test-zone-2", "test-subzone-2");
-  private final Locality locality3 =
-      Locality.create("test-region-3", "test-zone-3", "test-subzone-3");
-  private final UpstreamTlsContext tlsContext =
-      CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
-  private final OutlierDetection outlierDetection = OutlierDetection.create(
-      100L, 100L, 100L, 100, SuccessRateEjection.create(100, 100, 100, 100),
-      FailurePercentageEjection.create(100, 100, 100, 100));
-  private final DiscoveryMechanism edsDiscoveryMechanism1 =
-      DiscoveryMechanism.forEds(CLUSTER1, EDS_SERVICE_NAME1, LRS_SERVER_INFO, 100L, tlsContext,
-          Collections.emptyMap(), null);
-  private final DiscoveryMechanism edsDiscoveryMechanism2 =
-      DiscoveryMechanism.forEds(CLUSTER2, EDS_SERVICE_NAME2, LRS_SERVER_INFO, 200L, tlsContext,
-          Collections.emptyMap(), null);
-  private final DiscoveryMechanism edsDiscoveryMechanismWithOutlierDetection =
-      DiscoveryMechanism.forEds(CLUSTER1, EDS_SERVICE_NAME1, LRS_SERVER_INFO, 100L, tlsContext,
-          Collections.emptyMap(), outlierDetection);
-  private final DiscoveryMechanism logicalDnsDiscoveryMechanism =
-      DiscoveryMechanism.forLogicalDns(CLUSTER_DNS, DNS_HOST_NAME, LRS_SERVER_INFO, 300L, null,
-          Collections.emptyMap());
+  private static final Cluster EDS_CLUSTER = Cluster.newBuilder()
+      .setName(CLUSTER)
+      .setType(Cluster.DiscoveryType.EDS)
+      .setEdsClusterConfig(Cluster.EdsClusterConfig.newBuilder()
+          .setServiceName(EDS_SERVICE_NAME)
+          .setEdsConfig(ConfigSource.newBuilder()
+            .setAds(AggregatedConfigSource.newBuilder())))
+      .build();
+  private static final Cluster LOGICAL_DNS_CLUSTER = Cluster.newBuilder()
+      .setName(CLUSTER)
+      .setType(Cluster.DiscoveryType.LOGICAL_DNS)
+      .setLoadAssignment(ClusterLoadAssignment.newBuilder()
+          .addEndpoints(LocalityLbEndpoints.newBuilder()
+            .addLbEndpoints(newSocketLbEndpoint(DNS_HOST_NAME, 9000))))
+      .build();
+  private static final Locality LOCALITY1 = Locality.newBuilder()
+      .setRegion("test-region-1")
+      .setZone("test-zone-1")
+      .setSubZone("test-subzone-1")
+      .build();
+  private static final Locality LOCALITY2 = Locality.newBuilder()
+      .setRegion("test-region-2")
+      .setZone("test-zone-2")
+      .setSubZone("test-subzone-2")
+      .build();
+  private static final Locality LOCALITY3 = Locality.newBuilder()
+      .setRegion("test-region-3")
+      .setZone("test-zone-3")
+      .setSubZone("test-subzone-3")
+      .build();
 
   private final SynchronizationContext syncContext = new SynchronizationContext(
       new Thread.UncaughtExceptionHandler() {
@@ -161,50 +176,32 @@ public void uncaughtException(Thread t, Throwable e) {
   private final FakeClock fakeClock = new FakeClock();
   private final LoadBalancerRegistry lbRegistry = new LoadBalancerRegistry();
   private final NameResolverRegistry nsRegistry = new NameResolverRegistry();
-  private final Object roundRobin = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-      new FakeLoadBalancerProvider("wrr_locality_experimental"), new WrrLocalityConfig(
-          GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-              new FakeLoadBalancerProvider("round_robin"), null)));
-  private final Object ringHash = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-      new FakeLoadBalancerProvider("ring_hash_experimental"), new RingHashConfig(10L, 100L, ""));
-  private final Object leastRequest = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-      new FakeLoadBalancerProvider("wrr_locality_experimental"), new WrrLocalityConfig(
-          GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-              new FakeLoadBalancerProvider("least_request_experimental"),
-              new LeastRequestConfig(3))));
   private final List<FakeLoadBalancer> childBalancers = new ArrayList<>();
   private final List<FakeNameResolver> resolvers = new ArrayList<>();
-  private final FakeXdsClient xdsClient = new FakeXdsClient();
-  private final ObjectPool<XdsClient> xdsClientPool = new ObjectPool<XdsClient>() {
-    @Override
-    public XdsClient getObject() {
-      xdsClientRefs++;
-      return xdsClient;
-    }
-
-    @Override
-    public XdsClient returnObject(Object object) {
-      xdsClientRefs--;
-      return null;
-    }
-  };
-
+  private final XdsTestControlPlaneService controlPlaneService = new XdsTestControlPlaneService();
+  private final XdsClient xdsClient = XdsTestUtils.createXdsClient(
+      Arrays.asList("control-plane.example.com"),
+      serverInfo -> new GrpcXdsTransportFactory.GrpcXdsTransport(
+          InProcessChannelBuilder
+            .forName(serverInfo.target())
+            .directExecutor()
+            .build()),
+      fakeClock);
+
+
+  private XdsDependencyManager xdsDepManager;
   @Mock
   private Helper helper;
-  @Mock
-  private BackoffPolicy.Provider backoffPolicyProvider;
-  @Mock
-  private BackoffPolicy backoffPolicy1;
-  @Mock
-  private BackoffPolicy backoffPolicy2;
   @Captor
   private ArgumentCaptor<SubchannelPicker> pickerCaptor;
-  private int xdsClientRefs;
-  private ClusterResolverLoadBalancer loadBalancer;
-  private NameResolverProvider fakeNameResolverProvider;
+  private CdsLoadBalancer2 loadBalancer;
+  private boolean originalIsEnabledXdsHttpConnect;
 
   @Before
-  public void setUp() throws URISyntaxException {
+  public void setUp() throws Exception {
+    lbRegistry.register(new ClusterResolverLoadBalancerProvider(lbRegistry));
+    lbRegistry.register(new RingHashLoadBalancerProvider());
+    lbRegistry.register(new WrrLocalityLoadBalancerProvider());
     lbRegistry.register(new FakeLoadBalancerProvider(PRIORITY_POLICY_NAME));
     lbRegistry.register(new FakeLoadBalancerProvider(CLUSTER_IMPL_POLICY_NAME));
     lbRegistry.register(new FakeLoadBalancerProvider(WEIGHTED_TARGET_POLICY_NAME));
@@ -217,81 +214,112 @@ public void setUp() throws URISyntaxException {
         .setSynchronizationContext(syncContext)
         .setServiceConfigParser(mock(ServiceConfigParser.class))
         .setChannelLogger(mock(ChannelLogger.class))
+        .setScheduledExecutorService(fakeClock.getScheduledExecutorService())
+        .setNameResolverRegistry(nsRegistry)
         .build();
-    fakeNameResolverProvider = new FakeNameResolverProvider(false);
-    nsRegistry.register(fakeNameResolverProvider);
-    when(helper.getNameResolverRegistry()).thenReturn(nsRegistry);
-    when(helper.getNameResolverArgs()).thenReturn(args);
-    when(helper.getSynchronizationContext()).thenReturn(syncContext);
-    when(helper.getScheduledExecutorService()).thenReturn(fakeClock.getScheduledExecutorService());
-    when(helper.getAuthority()).thenReturn(AUTHORITY);
-    when(backoffPolicyProvider.get()).thenReturn(backoffPolicy1, backoffPolicy2);
-    when(backoffPolicy1.nextBackoffNanos())
-        .thenReturn(TimeUnit.SECONDS.toNanos(1L), TimeUnit.SECONDS.toNanos(10L));
-    when(backoffPolicy2.nextBackoffNanos())
-        .thenReturn(TimeUnit.SECONDS.toNanos(5L), TimeUnit.SECONDS.toNanos(50L));
-    loadBalancer = new ClusterResolverLoadBalancer(helper, lbRegistry, backoffPolicyProvider);
+
+    xdsDepManager = new XdsDependencyManager(
+        xdsClient,
+        syncContext,
+        SERVER_NAME,
+        SERVER_NAME,
+        args);
+
+    cleanupRule.register(InProcessServerBuilder
+        .forName("control-plane.example.com")
+        .addService(controlPlaneService)
+        .directExecutor()
+        .build()
+        .start());
+
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_LDS, ImmutableMap.of(
+        SERVER_NAME, ControlPlaneRule.buildClientListener(SERVER_NAME, "my-route")));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_RDS, ImmutableMap.of(
+        "my-route", XdsTestUtils.buildRouteConfiguration(SERVER_NAME, "my-route", CLUSTER)));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, EDS_CLUSTER));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, ControlPlaneRule.buildClusterLoadAssignment(
+            "127.0.0.1", "", 8080, EDS_SERVICE_NAME)));
+
+    nsRegistry.register(new FakeNameResolverProvider());
+    when(helper.getAuthority()).thenReturn("api.google.com");
+    doAnswer((inv) -> {
+      xdsDepManager.requestReresolution();
+      return null;
+    }).when(helper).refreshNameResolution();
+    loadBalancer = new CdsLoadBalancer2(helper, lbRegistry);
+
+    originalIsEnabledXdsHttpConnect = XdsClusterResource.isEnabledXdsHttpConnect;
   }
 
   @After
-  public void tearDown() {
+  public void tearDown() throws Exception {
+    XdsClusterResource.isEnabledXdsHttpConnect = originalIsEnabledXdsHttpConnect;
     loadBalancer.shutdown();
+    if (xdsDepManager != null) {
+      xdsDepManager.shutdown();
+    }
+    assertThat(xdsClient.getSubscribedResourcesMetadataSnapshot().get()).isEmpty();
+    xdsClient.shutdown();
+    assertThat(childBalancers).isEmpty();
     assertThat(resolvers).isEmpty();
-    assertThat(xdsClient.watchers).isEmpty();
-    assertThat(xdsClientRefs).isEqualTo(0);
     assertThat(fakeClock.getPendingTasks()).isEmpty();
   }
 
   @Test
-  public void edsClustersWithRingHashEndpointLbPolicy() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, ringHash, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-
+  public void edsClustersWithRingHashEndpointLbPolicy() throws Exception {
+    Cluster cluster = EDS_CLUSTER.toBuilder()
+        .setLbPolicy(Cluster.LbPolicy.RING_HASH)
+        .setRingHashLbConfig(Cluster.RingHashLbConfig.newBuilder()
+            .setMinimumRingSize(UInt64Value.of(10))
+            .setMaximumRingSize(UInt64Value.of(100))
+            .build())
+        .build();
     // One priority with two localities of different weights.
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    EquivalentAddressGroup endpoint3 = makeAddress("endpoint-addr-3");
-    LocalityLbEndpoints localityLbEndpoints1 =
-        LocalityLbEndpoints.create(
-            Arrays.asList(
-                LbEndpoint.create(endpoint1, 0 /* loadBalancingWeight */,
-                    true, "hostname1", ImmutableMap.of()),
-                LbEndpoint.create(endpoint2, 0 /* loadBalancingWeight */,
-                    true, "hostname2", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    LocalityLbEndpoints localityLbEndpoints2 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(
-                LbEndpoint.create(
-                    endpoint3, 60 /* loadBalancingWeight */, true,
-                    "hostname3", ImmutableMap.of())),
-            50 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1,
-        ImmutableMap.of(locality1, localityLbEndpoints1, locality2, localityLbEndpoints2));
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(10))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8080))
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.2", 8080)))
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(50))
+          .setLocality(LOCALITY2)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.1.1", 8080)
+            .setLoadBalancingWeight(UInt32Value.of(60))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, cluster));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.addresses).hasSize(3);
     EquivalentAddressGroup addr1 = childBalancer.addresses.get(0);
     EquivalentAddressGroup addr2 = childBalancer.addresses.get(1);
     EquivalentAddressGroup addr3 = childBalancer.addresses.get(2);
-    // Endpoints in locality1 have no endpoint-level weight specified, so all endpoints within
-    // locality1 are equally weighted.
-    assertThat(addr1.getAddresses()).isEqualTo(endpoint1.getAddresses());
+    // Endpoints in LOCALITY1 have no endpoint-level weight specified, so all endpoints within
+    // LOCALITY1 are equally weighted.
+    assertThat(addr1.getAddresses())
+        .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.0.1", 8080)));
     assertThat(addr1.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(10);
-    assertThat(addr2.getAddresses()).isEqualTo(endpoint2.getAddresses());
+    assertThat(addr2.getAddresses())
+        .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.0.2", 8080)));
     assertThat(addr2.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(10);
-    assertThat(addr3.getAddresses()).isEqualTo(endpoint3.getAddresses());
+    assertThat(addr3.getAddresses())
+        .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.1.1", 8080)));
     assertThat(addr3.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(50 * 60);
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
     PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
-    assertThat(priorityLbConfig.priorities).containsExactly(CLUSTER1 + "[child1]");
+    assertThat(priorityLbConfig.priorities).containsExactly(CLUSTER + "[child1]");
     PriorityChildConfig priorityChildConfig =
         Iterables.getOnlyElement(priorityLbConfig.childConfigs.values());
     assertThat(priorityChildConfig.ignoreReresolution).isTrue();
@@ -300,8 +328,8 @@ public void edsClustersWithRingHashEndpointLbPolicy() {
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
-    assertClusterImplConfig(clusterImplConfig, CLUSTER1, EDS_SERVICE_NAME1, LRS_SERVER_INFO, 100L,
-        tlsContext, Collections.<DropOverload>emptyList(), "ring_hash_experimental");
+    assertClusterImplConfig(clusterImplConfig, CLUSTER, EDS_SERVICE_NAME, null, null,
+        null, Collections.emptyList(), "ring_hash_experimental");
     RingHashConfig ringHashConfig = (RingHashConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(clusterImplConfig.childConfig);
     assertThat(ringHashConfig.minRingSize).isEqualTo(10L);
@@ -310,31 +338,33 @@ public void edsClustersWithRingHashEndpointLbPolicy() {
 
   @Test
   public void edsClustersWithLeastRequestEndpointLbPolicy() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, leastRequest, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-
+    Cluster cluster = EDS_CLUSTER.toBuilder()
+        .setLbPolicy(Cluster.LbPolicy.LEAST_REQUEST)
+        .build();
     // Simple case with one priority and one locality
-    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
-    LocalityLbEndpoints localityLbEndpoints =
-        LocalityLbEndpoints.create(
-            Arrays.asList(
-                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
-                    "hostname1", ImmutableMap.of())),
-            100 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1,
-        ImmutableMap.of(locality1, localityLbEndpoints));
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8080)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, cluster));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.addresses).hasSize(1);
     EquivalentAddressGroup addr = childBalancer.addresses.get(0);
-    assertThat(addr.getAddresses()).isEqualTo(endpoint.getAddresses());
+    assertThat(addr.getAddresses())
+        .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.0.1", 8080)));
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
     PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
-    assertThat(priorityLbConfig.priorities).containsExactly(CLUSTER1 + "[child1]");
+    assertThat(priorityLbConfig.priorities).containsExactly(CLUSTER + "[child1]");
     PriorityChildConfig priorityChildConfig =
         Iterables.getOnlyElement(priorityLbConfig.childConfigs.values());
     assertThat(GracefulSwitchLoadBalancerAccessor.getChildProvider(priorityChildConfig.childConfig)
@@ -342,8 +372,8 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
-    assertClusterImplConfig(clusterImplConfig, CLUSTER1, EDS_SERVICE_NAME1, LRS_SERVER_INFO, 100L,
-        tlsContext, Collections.<DropOverload>emptyList(), WRR_LOCALITY_POLICY_NAME);
+    assertClusterImplConfig(clusterImplConfig, CLUSTER, EDS_SERVICE_NAME, null, null,
+        null, Collections.emptyList(), WRR_LOCALITY_POLICY_NAME);
     WrrLocalityConfig wrrLocalityConfig = (WrrLocalityConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(clusterImplConfig.childConfig);
     LoadBalancerProvider childProvider =
@@ -357,23 +387,22 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
 
   @Test
   public void edsClustersEndpointHostname_addedToAddressAttribute() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanismWithOutlierDetection, leastRequest, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-
     // Simple case with one priority and one locality
-    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
-    LocalityLbEndpoints localityLbEndpoints =
-        LocalityLbEndpoints.create(
-            Arrays.asList(
-                LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
-                    "hostname1", ImmutableMap.of())),
-            100 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1,
-        ImmutableMap.of(locality1, localityLbEndpoints));
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(LbEndpoint.newBuilder()
+            .setEndpoint(Endpoint.newBuilder()
+              .setHostname("hostname1")
+              .setAddress(newAddress("127.0.0.1", 8000)))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
 
@@ -384,85 +413,87 @@ public void edsClustersEndpointHostname_addedToAddressAttribute() {
 
   @Test
   public void endpointAddressRewritten_whenProxyMetadataIsInEndpointMetadata() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanismWithOutlierDetection, leastRequest, true);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-
-    EquivalentAddressGroup endpoint =
-        new EquivalentAddressGroup(InetSocketAddress.createUnresolved("127.0.0.1", 8080));
-
-    // Proxy address in endpointMetadata (use FakeSocketAddress directly)
-    SocketAddress proxyAddress = new FakeSocketAddress("127.0.0.2");
-    ImmutableMap<String, Object> endpointMetadata =
-        ImmutableMap.of("envoy.http11_proxy_transport_socket.proxy_address", proxyAddress);
-
-    // No proxy in locality metadata
-    ImmutableMap<String, Object> localityMetadata = ImmutableMap.of();
-
-    LocalityLbEndpoints localityLbEndpoints = LocalityLbEndpoints.create(
-        Arrays.asList(
-            LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
-        "hostname1", endpointMetadata)),
-        100 /* localityWeight */, 1 /* priority */, localityMetadata);
-
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1,
-        ImmutableMap.of(locality1, localityLbEndpoints));
+    XdsClusterResource.isEnabledXdsHttpConnect = true;
+    Cluster cluster = EDS_CLUSTER.toBuilder()
+        .setTransportSocket(TransportSocket.newBuilder()
+            .setName(
+                "type.googleapis.com/" + Http11ProxyUpstreamTransport.getDescriptor().getFullName())
+            .setTypedConfig(Any.pack(Http11ProxyUpstreamTransport.getDefaultInstance())))
+        .build();
+    // Proxy address in endpointMetadata, and no proxy in locality metadata
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8080)
+            .setMetadata(Metadata.newBuilder()
+              .putTypedFilterMetadata(
+                  "envoy.http11_proxy_transport_socket.proxy_address",
+                  Any.pack(newAddress("127.0.0.2", 8081).build()))))
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.3", 8082)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, cluster));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
 
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
 
     // Get the rewritten address
-    SocketAddress rewrittenAddress =
+    java.net.SocketAddress rewrittenAddress =
         childBalancer.addresses.get(0).getAddresses().get(0);
     assertThat(rewrittenAddress).isInstanceOf(HttpConnectProxiedSocketAddress.class);
     HttpConnectProxiedSocketAddress proxiedSocket =
         (HttpConnectProxiedSocketAddress) rewrittenAddress;
 
     // Assert that the target address is the original address
-    assertThat(proxiedSocket.getTargetAddress())
-        .isEqualTo(endpoint.getAddresses().get(0));
+    assertThat(proxiedSocket.getTargetAddress()).isEqualTo(newInetSocketAddress("127.0.0.1", 8080));
 
     // Assert that the proxy address is correctly set
-    assertThat(proxiedSocket.getProxyAddress()).isEqualTo(proxyAddress);
+    assertThat(proxiedSocket.getProxyAddress()).isEqualTo(newInetSocketAddress("127.0.0.2", 8081));
+
+    // Check the non-rewritten address
+    java.net.SocketAddress normalAddress = childBalancer.addresses.get(1).getAddresses().get(0);
+    assertThat(normalAddress).isEqualTo(newInetSocketAddress("127.0.0.3", 8082));
   }
 
   @Test
   public void endpointAddressRewritten_whenProxyMetadataIsInLocalityMetadata() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanismWithOutlierDetection, leastRequest, true);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-
-    EquivalentAddressGroup endpoint =
-        new EquivalentAddressGroup(InetSocketAddress.createUnresolved("127.0.0.2", 8080));
-
-    // No proxy in endpointMetadata
-    ImmutableMap<String, Object> endpointMetadata = ImmutableMap.of();
-
-    // Proxy address is now in localityMetadata
-    SocketAddress proxyAddress = new FakeSocketAddress("proxy-addr");
-    ImmutableMap<String, Object> localityMetadata =
-        ImmutableMap.of("envoy.http11_proxy_transport_socket.proxy_address", proxyAddress);
-
-    LocalityLbEndpoints localityLbEndpoints = LocalityLbEndpoints.create(
-        Arrays.asList(
-            LbEndpoint.create(endpoint, 0 /* loadBalancingWeight */, true,
-        "hostname2", endpointMetadata)),
-        100 /* localityWeight */, 1 /* priority */, localityMetadata);
-
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1,
-        ImmutableMap.of(locality1, localityLbEndpoints));
+    XdsClusterResource.isEnabledXdsHttpConnect = true;
+    Cluster cluster = EDS_CLUSTER.toBuilder()
+        .setTransportSocket(TransportSocket.newBuilder()
+            .setName(
+                "type.googleapis.com/" + Http11ProxyUpstreamTransport.getDescriptor().getFullName())
+            .setTypedConfig(Any.pack(Http11ProxyUpstreamTransport.getDefaultInstance())))
+        .build();
+    // No proxy address in endpointMetadata, and proxy in locality metadata
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8080))
+          .setMetadata(Metadata.newBuilder()
+            .putTypedFilterMetadata(
+                "envoy.http11_proxy_transport_socket.proxy_address",
+                Any.pack(newAddress("127.0.0.2", 8081).build()))))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, cluster));
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
 
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
 
     // Get the rewritten address
-    SocketAddress rewrittenAddress = childBalancer.addresses.get(0).getAddresses().get(0);
+    java.net.SocketAddress rewrittenAddress = childBalancer.addresses.get(0).getAddresses().get(0);
 
     // Assert that the address was rewritten
     assertThat(rewrittenAddress).isInstanceOf(HttpConnectProxiedSocketAddress.class);
@@ -470,47 +501,37 @@ public void endpointAddressRewritten_whenProxyMetadataIsInLocalityMetadata() {
         (HttpConnectProxiedSocketAddress) rewrittenAddress;
 
     // Assert that the target address is the original address
-    assertThat(proxiedSocket.getTargetAddress()).isEqualTo(endpoint.getAddresses().get(0));
+    assertThat(proxiedSocket.getTargetAddress()).isEqualTo(newInetSocketAddress("127.0.0.1", 8080));
 
     // Assert that the proxy address is correctly set from locality metadata
-    assertThat(proxiedSocket.getProxyAddress()).isEqualTo(proxyAddress);
+    assertThat(proxiedSocket.getProxyAddress()).isEqualTo(newInetSocketAddress("127.0.0.2", 8081));
   }
 
   @Test
   public void onlyEdsClusters_receivedEndpoints() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism2, roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME2);
-    assertThat(childBalancers).isEmpty();
-    // CLUSTER1 has priority 1 (priority3), which has locality 2, which has endpoint3.
-    // CLUSTER2 has priority 1 (priority1) and 2 (priority2); priority1 has locality1,
-    // which has endpoint1 and endpoint2; priority2 has locality3, which has endpoint4.
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    EquivalentAddressGroup endpoint4 = makeAddress("endpoint-addr-4");
-    LocalityLbEndpoints localityLbEndpoints1 =
-            LocalityLbEndpoints.create(
-                    Arrays.asList(
-                            LbEndpoint.create(endpoint1, 100,
-                                    true, "hostname1", ImmutableMap.of()),
-                            LbEndpoint.create(endpoint2, 100,
-                                    true, "hostname1", ImmutableMap.of())),
-                    70 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    LocalityLbEndpoints localityLbEndpoints3 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint4, 100, true,
-        "hostname3", ImmutableMap.of())),
-            20 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
-    String priority1 = CLUSTER2 + "[child1]";
-    String priority2 = CLUSTER2 + "[child2]";
-
-    // CLUSTER2: locality1 with priority 1 and locality3 with priority 2.
-    xdsClient.deliverClusterLoadAssignment(
-            EDS_SERVICE_NAME2,
-            ImmutableMap.of(locality1, localityLbEndpoints1, locality3, localityLbEndpoints3));
-
-    // Endpoints of all clusters have been resolved.
+    // Has two localities with different priorities
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(70))
+          .setPriority(0)
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8080))
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.2", 8080)))
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(30))
+          .setPriority(1)
+          .setLocality(LOCALITY2)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.3", 8080)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
+
+    String priority1 = CLUSTER + "[child1]";
+    String priority2 = CLUSTER + "[child2]";
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
@@ -525,8 +546,8 @@ public void onlyEdsClusters_receivedEndpoints() {
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig1 = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig1.childConfig);
-    assertClusterImplConfig(clusterImplConfig1, CLUSTER2, EDS_SERVICE_NAME2, LRS_SERVER_INFO, 200L,
-        tlsContext, Collections.<DropOverload>emptyList(), WRR_LOCALITY_POLICY_NAME);
+    assertClusterImplConfig(clusterImplConfig1, CLUSTER, EDS_SERVICE_NAME, null, null,
+        null, Collections.emptyList(), WRR_LOCALITY_POLICY_NAME);
     WrrLocalityConfig wrrLocalityConfig1 = (WrrLocalityConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(clusterImplConfig1.childConfig);
     LoadBalancerProvider childProvider1 =
@@ -540,8 +561,8 @@ public void onlyEdsClusters_receivedEndpoints() {
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig2 = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig2.childConfig);
-    assertClusterImplConfig(clusterImplConfig2, CLUSTER2, EDS_SERVICE_NAME2, LRS_SERVER_INFO, 200L,
-        tlsContext, Collections.<DropOverload>emptyList(), WRR_LOCALITY_POLICY_NAME);
+    assertClusterImplConfig(clusterImplConfig2, CLUSTER, EDS_SERVICE_NAME, null, null,
+        null, Collections.emptyList(), WRR_LOCALITY_POLICY_NAME);
     WrrLocalityConfig wrrLocalityConfig2 = (WrrLocalityConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(clusterImplConfig1.childConfig);
     LoadBalancerProvider childProvider2 =
@@ -554,36 +575,41 @@ public void onlyEdsClusters_receivedEndpoints() {
         GracefulSwitchLoadBalancerAccessor.getChildProvider(wrrLocalityConfig3.childConfig);
     assertThat(childProvider3.getPolicyName()).isEqualTo("round_robin");
 
+    io.grpc.xds.client.Locality locality1 = io.grpc.xds.client.Locality.create(
+        LOCALITY1.getRegion(), LOCALITY1.getZone(), LOCALITY1.getSubZone());
+    io.grpc.xds.client.Locality locality2 = io.grpc.xds.client.Locality.create(
+        LOCALITY2.getRegion(), LOCALITY2.getZone(), LOCALITY2.getSubZone());
     for (EquivalentAddressGroup eag : childBalancer.addresses) {
-      if (eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY) == locality1) {
+      io.grpc.xds.client.Locality locality = eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY);
+      if (locality.equals(locality1)) {
         assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY_WEIGHT))
             .isEqualTo(70);
-      }
-      if (eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY) == locality2) {
-        assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY_WEIGHT))
-            .isEqualTo(10);
-      }
-      if (eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY) == locality3) {
+      } else if (locality.equals(locality2)) {
         assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY_WEIGHT))
-            .isEqualTo(20);
+            .isEqualTo(30);
+      } else {
+        throw new AssertionError("Unexpected locality region: " + locality.region());
       }
     }
   }
 
   @SuppressWarnings("unchecked")
-  private void verifyEdsPriorityNames(List<String> want,
-                                      Map<Locality, LocalityLbEndpoints>... updates) {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism2, roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME2);
-    assertThat(childBalancers).isEmpty();
-
-    for (Map<Locality, LocalityLbEndpoints> update: updates) {
-      xdsClient.deliverClusterLoadAssignment(
-          EDS_SERVICE_NAME2,
-          update);
+  private void verifyEdsPriorityNames(List<String> want, List<LocalityLbEndpoints>... updates) {
+    Iterator<ClusterLoadAssignment> edsUpdates = Arrays.asList(updates).stream()
+        .map(update -> ClusterLoadAssignment.newBuilder()
+            .setClusterName(EDS_SERVICE_NAME)
+            .addAllEndpoints(update)
+            .build())
+        .iterator();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, edsUpdates.next()));
+    startXdsDepManager();
+
+    while (edsUpdates.hasNext()) {
+      controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+          EDS_SERVICE_NAME, edsUpdates.next()));
     }
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
@@ -594,151 +620,198 @@ private void verifyEdsPriorityNames(List<String> want,
   @Test
   @SuppressWarnings("unchecked")
   public void edsUpdatePriorityName_twoPriorities() {
-    verifyEdsPriorityNames(Arrays.asList(CLUSTER2 + "[child1]", CLUSTER2 + "[child2]"),
-        ImmutableMap.of(locality1, createEndpoints(1),
-                locality2, createEndpoints(2)
-        ));
+    verifyEdsPriorityNames(Arrays.asList(CLUSTER + "[child1]", CLUSTER + "[child2]"),
+        Arrays.asList(createEndpoints(LOCALITY1, 0), createEndpoints(LOCALITY2, 1)));
   }
 
   @Test
   @SuppressWarnings("unchecked")
   public void edsUpdatePriorityName_addOnePriority() {
-    verifyEdsPriorityNames(Arrays.asList(CLUSTER2 + "[child2]"),
-        ImmutableMap.of(locality1, createEndpoints(1)),
-        ImmutableMap.of(locality2, createEndpoints(1)
-        ));
+    verifyEdsPriorityNames(Arrays.asList(CLUSTER + "[child2]"),
+        Arrays.asList(createEndpoints(LOCALITY1, 0)),
+        Arrays.asList(createEndpoints(LOCALITY2, 0)));
   }
 
   @Test
   @SuppressWarnings("unchecked")
   public void edsUpdatePriorityName_swapTwoPriorities() {
-    verifyEdsPriorityNames(Arrays.asList(CLUSTER2 + "[child2]", CLUSTER2 + "[child1]",
-            CLUSTER2 + "[child3]"),
-        ImmutableMap.of(locality1, createEndpoints(1),
-            locality2, createEndpoints(2),
-            locality3, createEndpoints(3)
-        ),
-        ImmutableMap.of(locality1, createEndpoints(2),
-            locality2, createEndpoints(1),
-            locality3, createEndpoints(3))
-    );
+    verifyEdsPriorityNames(Arrays.asList(CLUSTER + "[child2]", CLUSTER + "[child1]",
+            CLUSTER + "[child3]"),
+        Arrays.asList(
+            createEndpoints(LOCALITY1, 0),
+            createEndpoints(LOCALITY2, 1),
+            createEndpoints(LOCALITY3, 2)),
+        Arrays.asList(
+            createEndpoints(LOCALITY1, 1),
+            createEndpoints(LOCALITY2, 0),
+            createEndpoints(LOCALITY3, 2)));
   }
 
   @Test
   @SuppressWarnings("unchecked")
   public void edsUpdatePriorityName_mergeTwoPriorities() {
-    verifyEdsPriorityNames(Arrays.asList(CLUSTER2 + "[child3]", CLUSTER2 + "[child1]"),
-        ImmutableMap.of(locality1, createEndpoints(1),
-          locality3, createEndpoints(3),
-          locality2, createEndpoints(2)),
-        ImmutableMap.of(locality1, createEndpoints(2),
-          locality3, createEndpoints(1),
-          locality2, createEndpoints(1)
-        ));
+    verifyEdsPriorityNames(Arrays.asList(CLUSTER + "[child3]", CLUSTER + "[child1]"),
+        Arrays.asList(
+            createEndpoints(LOCALITY1, 0),
+            createEndpoints(LOCALITY3, 2),
+            createEndpoints(LOCALITY2, 1)),
+        Arrays.asList(
+            createEndpoints(LOCALITY1, 1),
+            createEndpoints(LOCALITY3, 0),
+            createEndpoints(LOCALITY2, 0)));
   }
 
-  private LocalityLbEndpoints createEndpoints(int priority) {
-    return LocalityLbEndpoints.create(
-        Arrays.asList(
-            LbEndpoint.create(makeAddress("endpoint-addr-1"), 100,
-        true, "hostname1", ImmutableMap.of()),
-            LbEndpoint.create(makeAddress("endpoint-addr-2"), 100,
-        true, "hostname2", ImmutableMap.of())),
-        70 /* localityWeight */, priority /* priority */, ImmutableMap.of());
+  private LocalityLbEndpoints createEndpoints(Locality locality, int priority) {
+    return LocalityLbEndpoints.newBuilder()
+        .setLoadBalancingWeight(UInt32Value.of(70))
+        .setLocality(locality)
+        .setPriority(priority)
+        .addLbEndpoints(newSocketLbEndpoint("127.0." + priority + ".1", 8080))
+        .build();
   }
 
   @Test
   public void onlyEdsClusters_resourceNeverExist_returnErrorPicker() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    xdsClient.deliverResourceNotFound(EDS_SERVICE_NAME1);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
+    startXdsDepManager();
 
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     assertPicker(
         pickerCaptor.getValue(),
         Status.UNAVAILABLE.withDescription(
-                "No usable endpoint from cluster: " + CLUSTER1),
+            "CDS resource " + CLUSTER + " does not exist nodeID: node-id"),
         null);
   }
 
   @Test
-  public void edsCluster_resourcesRevoked_shutDownChildLbPolicy() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    LocalityLbEndpoints localityLbEndpoints1 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true,
-        "hostname1", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints1));
+  public void cdsMissing_handledDirectly() {
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8000)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+
+    startXdsDepManager();
+    assertThat(childBalancers).hasSize(0);  // no child LB policy created
+    verify(helper).updateBalancingState(
+        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
+    Status expectedError = Status.UNAVAILABLE.withDescription(
+        "CDS resource " + CLUSTER + " does not exist nodeID: node-id");
+    assertPicker(pickerCaptor.getValue(), expectedError, null);
+  }
+
+  @Test
+  public void cdsRevoked_handledDirectly() {
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8000)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+
+    startXdsDepManager();
     assertThat(childBalancers).hasSize(1);  // child LB policy created
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(((PriorityLbConfig) childBalancer.config).priorities).hasSize(1);
-    assertAddressesEqual(Arrays.asList(endpoint1), childBalancer.addresses);
+    assertThat(childBalancer.addresses).hasSize(1);
+    assertAddressesEqual(
+        Arrays.asList(newInetSocketAddressEag("127.0.0.1", 8000)),
+        childBalancer.addresses);
 
-    xdsClient.deliverResourceNotFound(EDS_SERVICE_NAME1);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     Status expectedError = Status.UNAVAILABLE.withDescription(
-        "No usable endpoint from cluster: " + CLUSTER1);
+        "CDS resource " + CLUSTER + " does not exist nodeID: node-id");
     assertPicker(pickerCaptor.getValue(), expectedError, null);
+    assertThat(childBalancer.shutdown).isTrue();
+  }
+
+  @Test
+  public void edsMissing_handledByChildPolicy() {
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of());
+
+    startXdsDepManager();
+    assertThat(childBalancers).hasSize(1);  // child LB policy created
+    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
+    assertThat(childBalancer.upstreamError).isNotNull();
+    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(childBalancer.upstreamError.getDescription())
+        .isEqualTo("EDS resource " + EDS_SERVICE_NAME + " does not exist nodeID: node-id");
+    assertThat(childBalancer.shutdown).isFalse();
+  }
+
+  @Test
+  public void logicalDnsLookupFailed_handledByChildPolicy() {
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, LOGICAL_DNS_CLUSTER));
+    startXdsDepManager(new CdsConfig(CLUSTER), /* forwardTime= */ false);
+    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME + ":9000");
+    assertThat(childBalancers).isEmpty();
+    resolver.deliverError(Status.UNAVAILABLE.withDescription("OH NO! Who would have guessed?"));
+
+    assertThat(childBalancers).hasSize(1);  // child LB policy created
+    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
+    assertThat(childBalancer.upstreamError).isNotNull();
+    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(childBalancer.upstreamError.getDescription())
+        .isEqualTo("OH NO! Who would have guessed?");
+    assertThat(childBalancer.shutdown).isFalse();
   }
 
   @Test
   public void handleEdsResource_ignoreUnhealthyEndpoints() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    LocalityLbEndpoints localityLbEndpoints =
-        LocalityLbEndpoints.create(
-            Arrays.asList(
-                LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
-            "hostname1", ImmutableMap.of()),
-                LbEndpoint.create(endpoint2, 100, true /* isHealthy */,
-            "hostname2", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8000)
+            .setHealthStatus(HealthStatus.UNHEALTHY))
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.2", 8000)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(childBalancer.addresses).hasSize(1);
-    assertAddressesEqual(Collections.singletonList(endpoint2), childBalancer.addresses);
+    assertAddressesEqual(
+        Arrays.asList(new EquivalentAddressGroup(newInetSocketAddress("127.0.0.2", 8000))),
+        childBalancer.addresses);
   }
 
   @Test
   public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    LocalityLbEndpoints localityLbEndpoints1 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
-        "hostname1", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    LocalityLbEndpoints localityLbEndpoints2 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint2, 100, true /* isHealthy */,
-        "hostname2", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1,
-        ImmutableMap.of(locality1, localityLbEndpoints1, locality2, localityLbEndpoints2));
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8000)
+            .setHealthStatus(HealthStatus.UNHEALTHY)))
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY2)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.2", 8000)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
 
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
+    io.grpc.xds.client.Locality locality2 = io.grpc.xds.client.Locality.create(
+        LOCALITY2.getRegion(), LOCALITY2.getZone(), LOCALITY2.getSubZone());
     for (EquivalentAddressGroup eag : childBalancer.addresses) {
       assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY)).isEqualTo(locality2);
     }
@@ -746,76 +819,65 @@ public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
 
   @Test
   public void handleEdsResource_ignorePrioritiesWithNoHealthyEndpoints() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    LocalityLbEndpoints localityLbEndpoints1 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, false /* isHealthy */,
-        "hostname1", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    LocalityLbEndpoints localityLbEndpoints2 =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint2, 200, true /* isHealthy */,
-        "hostname2", ImmutableMap.of())),
-           10 /* localityWeight */, 2 /* priority */, ImmutableMap.of());
-    String priority2 = CLUSTER1 + "[child2]";
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1,
-        ImmutableMap.of(locality1, localityLbEndpoints1, locality2, localityLbEndpoints2));
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .setPriority(0)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8000)
+            .setHealthStatus(HealthStatus.UNHEALTHY)))
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY2)
+          .setPriority(1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.2", 8000)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
 
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
+    String priority2 = CLUSTER + "[child2]";
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(((PriorityLbConfig) childBalancer.config).priorities).containsExactly(priority2);
   }
 
   @Test
   public void handleEdsResource_noHealthyEndpoint() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
-    LocalityLbEndpoints localityLbEndpoints =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint, 100, false /* isHealthy */,
-                "hostname1", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(EDS_SERVICE_NAME1,
-        Collections.singletonMap(locality1, localityLbEndpoints));  // single endpoint, unhealthy
+    ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
+        .setClusterName(EDS_SERVICE_NAME)
+        .addEndpoints(LocalityLbEndpoints.newBuilder()
+          .setLoadBalancingWeight(UInt32Value.of(100))
+          .setLocality(LOCALITY1)
+          .addLbEndpoints(newSocketLbEndpoint("127.0.0.1", 8000)
+            .setHealthStatus(HealthStatus.UNHEALTHY)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of(
+        EDS_SERVICE_NAME, clusterLoadAssignment));
+    startXdsDepManager();
 
-    assertThat(childBalancers).isEmpty();
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(
-        pickerCaptor.getValue(),
-        Status.UNAVAILABLE.withDescription(
-            "No usable endpoint from cluster: " + CLUSTER1),
-        null);
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
+    assertThat(childBalancers).hasSize(1);
+    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
+    assertThat(childBalancer.upstreamError).isNotNull();
+    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(childBalancer.upstreamError.getDescription())
+        .isEqualTo("No usable endpoint from cluster: " + CLUSTER);
   }
 
   @Test
   public void onlyLogicalDnsCluster_endpointsResolved() {
-    do_onlyLogicalDnsCluster_endpointsResolved();
-  }
-
-  @Test
-  public void oldListenerCallback_onlyLogicalDnsCluster_endpointsResolved() {
-    nsRegistry.deregister(fakeNameResolverProvider);
-    nsRegistry.register(new FakeNameResolverProvider(true));
-    do_onlyLogicalDnsCluster_endpointsResolved();
-  }
-
-  void do_onlyLogicalDnsCluster_endpointsResolved() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        logicalDnsDiscoveryMechanism, roundRobin, false);
-    deliverLbConfig(config);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, LOGICAL_DNS_CLUSTER));
+    startXdsDepManager(new CdsConfig(CLUSTER), /* forwardTime= */ false);
+    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME + ":9000");
     assertThat(childBalancers).isEmpty();
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    resolver.deliverEndpointAddresses(Arrays.asList(endpoint1, endpoint2));
+    resolver.deliverEndpointAddresses(Arrays.asList(
+        newInetSocketAddressEag("127.0.2.1", 9000), newInetSocketAddressEag("127.0.2.2", 9000)));
+    fakeClock.forwardTime(10, TimeUnit.MINUTES);
 
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
@@ -828,263 +890,132 @@ void do_onlyLogicalDnsCluster_endpointsResolved() {
         .isEqualTo(CLUSTER_IMPL_POLICY_NAME);
     ClusterImplConfig clusterImplConfig = (ClusterImplConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
-    assertClusterImplConfig(clusterImplConfig, CLUSTER_DNS, null, LRS_SERVER_INFO, 300L, null,
-        Collections.<DropOverload>emptyList(), "pick_first");
-    assertAddressesEqual(Arrays.asList(endpoint1, endpoint2), childBalancer.addresses);
+    assertClusterImplConfig(clusterImplConfig, CLUSTER, null, null, null, null,
+        Collections.<DropOverload>emptyList(), "wrr_locality_experimental");
+    assertAddressesEqual(
+        Arrays.asList(new EquivalentAddressGroup(Arrays.asList(
+            newInetSocketAddress("127.0.2.1", 9000), newInetSocketAddress("127.0.2.2", 9000)))),
+        childBalancer.addresses);
     assertThat(childBalancer.addresses.get(0).getAttributes()
-        .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
-    assertThat(childBalancer.addresses.get(1).getAttributes()
-        .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME);
+        .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME + ":9000");
   }
 
   @Test
   public void onlyLogicalDnsCluster_handleRefreshNameResolution() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        logicalDnsDiscoveryMechanism, roundRobin, false);
-    deliverLbConfig(config);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, LOGICAL_DNS_CLUSTER));
+    startXdsDepManager(new CdsConfig(CLUSTER), /* forwardTime= */ false);
+    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME + ":9000");
     assertThat(childBalancers).isEmpty();
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    resolver.deliverEndpointAddresses(Arrays.asList(endpoint1, endpoint2));
-    assertThat(resolver.refreshCount).isEqualTo(0);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    childBalancer.helper.refreshNameResolution();
-    assertThat(resolver.refreshCount).isEqualTo(1);
-  }
-
-  @Test
-  public void resolutionError_backoffAndRefresh() {
-    do_onlyLogicalDnsCluster_resolutionError_backoffAndRefresh();
-  }
-
-  @Test
-  public void oldListenerCallback_resolutionError_backoffAndRefresh() {
-    nsRegistry.deregister(fakeNameResolverProvider);
-    nsRegistry.register(new FakeNameResolverProvider(true));
-    do_onlyLogicalDnsCluster_resolutionError_backoffAndRefresh();
-  }
+    resolver.deliverEndpointAddresses(Arrays.asList(newInetSocketAddressEag("127.0.2.1", 9000)));
+    fakeClock.forwardTime(10, TimeUnit.MINUTES);
 
-  void do_onlyLogicalDnsCluster_resolutionError_backoffAndRefresh() {
-    InOrder inOrder = Mockito.inOrder(helper, backoffPolicyProvider,
-        backoffPolicy1, backoffPolicy2);
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        logicalDnsDiscoveryMechanism, roundRobin, false);
-    deliverLbConfig(config);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
-    assertThat(childBalancers).isEmpty();
-    Status error = Status.UNAVAILABLE.withDescription("cannot reach DNS server");
-    resolver.deliverError(error);
-    inOrder.verify(helper).updateBalancingState(
-            eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(pickerCaptor.getValue(), error, null);
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(resolver.refreshCount).isEqualTo(0);
-    inOrder.verify(backoffPolicyProvider).get();
-    inOrder.verify(backoffPolicy1).nextBackoffNanos();
-    assertThat(fakeClock.getPendingTasks()).hasSize(1);
-    assertThat(Iterables.getOnlyElement(fakeClock.getPendingTasks()).getDelay(TimeUnit.SECONDS))
-            .isEqualTo(1L);
-    fakeClock.forwardTime(1L, TimeUnit.SECONDS);
-    assertThat(resolver.refreshCount).isEqualTo(1);
-
-    error = Status.UNKNOWN.withDescription("I am lost");
-    resolver.deliverError(error);
-    inOrder.verify(helper).updateBalancingState(
-            eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    inOrder.verify(backoffPolicy1).nextBackoffNanos();
-    assertPicker(pickerCaptor.getValue(), error, null);
-    assertThat(fakeClock.getPendingTasks()).hasSize(1);
-    assertThat(Iterables.getOnlyElement(fakeClock.getPendingTasks()).getDelay(TimeUnit.SECONDS))
-            .isEqualTo(10L);
-    fakeClock.forwardTime(10L, TimeUnit.SECONDS);
-    assertThat(resolver.refreshCount).isEqualTo(2);
-
-    // Succeed.
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    resolver.deliverEndpointAddresses(Arrays.asList(endpoint1, endpoint2));
-    assertThat(childBalancers).hasSize(1);
-    assertAddressesEqual(Arrays.asList(endpoint1, endpoint2),
-            Iterables.getOnlyElement(childBalancers).addresses);
-
-    assertThat(fakeClock.getPendingTasks()).isEmpty();
-    inOrder.verifyNoMoreInteractions();
-  }
-
-  @Test
-  public void onlyLogicalDnsCluster_refreshNameResolutionRaceWithResolutionError() {
-    InOrder inOrder = Mockito.inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        logicalDnsDiscoveryMechanism, roundRobin, false);
-    deliverLbConfig(config);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
-    assertThat(childBalancers).isEmpty();
-    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr");
-    resolver.deliverEndpointAddresses(Collections.singletonList(endpoint));
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertAddressesEqual(Collections.singletonList(endpoint), childBalancer.addresses);
-    assertThat(resolver.refreshCount).isEqualTo(0);
-
     childBalancer.helper.refreshNameResolution();
     assertThat(resolver.refreshCount).isEqualTo(1);
-    resolver.deliverError(Status.UNAVAILABLE.withDescription("I am lost"));
-    inOrder.verify(backoffPolicyProvider).get();
-    inOrder.verify(backoffPolicy1).nextBackoffNanos();
-    assertThat(fakeClock.getPendingTasks()).hasSize(1);
-    ScheduledTask task = Iterables.getOnlyElement(fakeClock.getPendingTasks());
-    assertThat(task.getDelay(TimeUnit.SECONDS)).isEqualTo(1L);
-
-    fakeClock.forwardTime( 100L, TimeUnit.MILLISECONDS);
-    childBalancer.helper.refreshNameResolution();
-    assertThat(resolver.refreshCount).isEqualTo(2);
-    assertThat(task.isCancelled()).isTrue();
-    assertThat(fakeClock.getPendingTasks()).isEmpty();
-    resolver.deliverError(Status.UNAVAILABLE.withDescription("I am still lost"));
-    inOrder.verify(backoffPolicyProvider).get();  // active refresh resets backoff sequence
-    inOrder.verify(backoffPolicy2).nextBackoffNanos();
-    task = Iterables.getOnlyElement(fakeClock.getPendingTasks());
-    assertThat(task.getDelay(TimeUnit.SECONDS)).isEqualTo(5L);
-
-    fakeClock.forwardTime(5L, TimeUnit.SECONDS);
-    assertThat(resolver.refreshCount).isEqualTo(3);
-    inOrder.verifyNoMoreInteractions();
   }
 
   @Test
-  public void resolutionErrorAfterChildLbCreated_propagateError() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr-1");
-    LocalityLbEndpoints localityLbEndpoints =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint, 100, true,
-        "hostname1", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-            EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
-
-    assertThat(childBalancers).hasSize(1);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);  // child LB created
-    assertThat(childBalancer.upstreamError).isNull();  // should not propagate error to child LB
-    assertAddressesEqual(Collections.singletonList(endpoint), childBalancer.addresses);
-
-    xdsClient.deliverError(Status.RESOURCE_EXHAUSTED.withDescription("out of memory"));
-    assertThat(childBalancer.upstreamError).isNotNull();  // last cluster's (DNS) error propagated
-    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNAVAILABLE);
-    assertThat(childBalancer.upstreamError.getDescription())
-        .isEqualTo("Unable to load EDS backend-service-foo.googleapis.com. xDS server returned: "
-            + "RESOURCE_EXHAUSTED: out of memory");
-    assertThat(childBalancer.shutdown).isFalse();
-    verify(helper, never()).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), any(SubchannelPicker.class));
-  }
-
-  @Test
-  public void resolutionErrorBeforeChildLbCreated_returnErrorPicker() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    xdsClient.deliverError(Status.RESOURCE_EXHAUSTED.withDescription("OOM"));
-    assertThat(childBalancers).isEmpty();
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    PickResult result = pickerCaptor.getValue().pickSubchannel(mock(PickSubchannelArgs.class));
-    Status actualStatus = result.getStatus();
-    assertThat(actualStatus.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
-    assertThat(actualStatus.getDescription()).contains("RESOURCE_EXHAUSTED: OOM");
-  }
-
-  @Test
-  public void handleNameResolutionErrorFromUpstream_eds_beforeChildLbCreated_returnErrorPicker() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    Status upstreamError = Status.UNAVAILABLE.withDescription("unreachable");
-    loadBalancer.handleNameResolutionError(upstreamError);
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(pickerCaptor.getValue(), upstreamError, null);
-  }
-
-  @Test
-  public void handleNameResolutionErrorFromUpstream_lDns_beforeChildLbCreated_returnErrorPicker() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        logicalDnsDiscoveryMechanism, roundRobin, false);
-    deliverLbConfig(config);
-    assertResolverCreated("/" + DNS_HOST_NAME);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    Status upstreamError = Status.UNAVAILABLE.withDescription("unreachable");
-    loadBalancer.handleNameResolutionError(upstreamError);
-    verify(helper).updateBalancingState(
-        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(pickerCaptor.getValue(), upstreamError, null);
-  }
+  public void outlierDetection_disabledConfig() {
+    Cluster cluster = EDS_CLUSTER.toBuilder()
+        .setOutlierDetection(OutlierDetection.newBuilder()
+            .setEnforcingSuccessRate(UInt32Value.of(0))
+            .setEnforcingFailurePercentage(UInt32Value.of(0)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, cluster));
+    startXdsDepManager();
 
-  @Test
-  public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_eds_fallThrough() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        edsDiscoveryMechanism1, roundRobin, false);
-    deliverLbConfig(config);
-    assertThat(xdsClient.watchers.keySet()).containsExactly(EDS_SERVICE_NAME1);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr-1");
-    LocalityLbEndpoints localityLbEndpoints =
-        LocalityLbEndpoints.create(
-            Collections.singletonList(LbEndpoint.create(endpoint1, 100, true,
-                "hostname1", ImmutableMap.of())),
-            10 /* localityWeight */, 1 /* priority */, ImmutableMap.of());
-    xdsClient.deliverClusterLoadAssignment(
-        EDS_SERVICE_NAME1, Collections.singletonMap(locality1, localityLbEndpoints));
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(((PriorityLbConfig) childBalancer.config).priorities)
-        .containsExactly(CLUSTER1 + "[child1]");
-    assertAddressesEqual(Arrays.asList(endpoint1), childBalancer.addresses);
-
-    loadBalancer.handleNameResolutionError(Status.UNAVAILABLE.withDescription("unreachable"));
-    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNAVAILABLE);
-    assertThat(childBalancer.upstreamError.getDescription()).isEqualTo("unreachable");
-    verify(helper, never()).updateBalancingState(
-        any(ConnectivityState.class), any(SubchannelPicker.class));
+    assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
+    PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
+    PriorityChildConfig priorityChildConfig =
+        Iterables.getOnlyElement(priorityLbConfig.childConfigs.values());
+    OutlierDetectionLoadBalancerConfig outlier = (OutlierDetectionLoadBalancerConfig)
+        GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
+    assertThat(outlier.successRateEjection).isNull();
+    assertThat(outlier.failurePercentageEjection).isNull();
   }
 
   @Test
-  public void handleNameResolutionErrorFromUpstream_afterChildLbCreated_logicalDns_fallThrough() {
-    ClusterResolverConfig config = new ClusterResolverConfig(
-        logicalDnsDiscoveryMechanism, roundRobin, false);
-    deliverLbConfig(config);
-    FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME);
-    assertThat(childBalancers).isEmpty();
-    reset(helper);
-    EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr-2");
-    resolver.deliverEndpointAddresses(Collections.singletonList(endpoint2));
+  public void outlierDetection_fullConfig() {
+    Cluster cluster = EDS_CLUSTER.toBuilder()
+        .setLbPolicy(Cluster.LbPolicy.ROUND_ROBIN)
+        .setOutlierDetection(OutlierDetection.newBuilder()
+            .setInterval(Duration.newBuilder().setNanos(101))
+            .setBaseEjectionTime(Duration.newBuilder().setNanos(102))
+            .setMaxEjectionTime(Duration.newBuilder().setNanos(103))
+            .setMaxEjectionPercent(UInt32Value.of(80))
+            .setSuccessRateStdevFactor(UInt32Value.of(105))
+            .setEnforcingSuccessRate(UInt32Value.of(81))
+            .setSuccessRateMinimumHosts(UInt32Value.of(107))
+            .setSuccessRateRequestVolume(UInt32Value.of(108))
+            .setFailurePercentageThreshold(UInt32Value.of(82))
+            .setEnforcingFailurePercentage(UInt32Value.of(83))
+            .setFailurePercentageMinimumHosts(UInt32Value.of(111))
+            .setFailurePercentageRequestVolume(UInt32Value.of(112)))
+        .build();
+    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
+        CLUSTER, cluster));
+    startXdsDepManager();
+
+    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(((PriorityLbConfig) childBalancer.config).priorities)
-        .containsExactly(CLUSTER_DNS + "[child0]");
-    assertAddressesEqual(Arrays.asList(endpoint2), childBalancer.addresses);
-
-    loadBalancer.handleNameResolutionError(Status.UNAVAILABLE.withDescription("unreachable"));
-    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Code.UNAVAILABLE);
-    assertThat(childBalancer.upstreamError.getDescription()).isEqualTo("unreachable");
-    verify(helper, never()).updateBalancingState(
-        any(ConnectivityState.class), any(SubchannelPicker.class));
+    assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
+    PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
+    PriorityChildConfig priorityChildConfig =
+        Iterables.getOnlyElement(priorityLbConfig.childConfigs.values());
+    OutlierDetectionLoadBalancerConfig outlier = (OutlierDetectionLoadBalancerConfig)
+        GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
+    assertThat(outlier.intervalNanos).isEqualTo(101);
+    assertThat(outlier.baseEjectionTimeNanos).isEqualTo(102);
+    assertThat(outlier.maxEjectionTimeNanos).isEqualTo(103);
+    assertThat(outlier.maxEjectionPercent).isEqualTo(80);
+    assertThat(outlier.successRateEjection.stdevFactor).isEqualTo(105);
+    assertThat(outlier.successRateEjection.enforcementPercentage).isEqualTo(81);
+    assertThat(outlier.successRateEjection.minimumHosts).isEqualTo(107);
+    assertThat(outlier.successRateEjection.requestVolume).isEqualTo(108);
+    assertThat(outlier.failurePercentageEjection.threshold).isEqualTo(82);
+    assertThat(outlier.failurePercentageEjection.enforcementPercentage).isEqualTo(83);
+    assertThat(outlier.failurePercentageEjection.minimumHosts).isEqualTo(111);
+    assertThat(outlier.failurePercentageEjection.requestVolume).isEqualTo(112);
+    assertClusterImplConfig(
+        (ClusterImplConfig) GracefulSwitchLoadBalancerAccessor.getChildConfig(outlier.childConfig),
+        CLUSTER, EDS_SERVICE_NAME, null, null, null, Collections.emptyList(),
+        "wrr_locality_experimental");
   }
 
   @Test
   public void config_equalsTester() {
+    ServerInfo lrsServerInfo =
+        ServerInfo.create("lrs.googleapis.com", InsecureChannelCredentials.create());
+    UpstreamTlsContext tlsContext =
+        CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
+    DiscoveryMechanism edsDiscoveryMechanism1 =
+        DiscoveryMechanism.forEds(CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, tlsContext,
+            Collections.emptyMap(), null);
+    io.grpc.xds.EnvoyServerProtoData.OutlierDetection outlierDetection =
+        io.grpc.xds.EnvoyServerProtoData.OutlierDetection.create(
+            100L, 100L, 100L, 100, SuccessRateEjection.create(100, 100, 100, 100),
+            FailurePercentageEjection.create(100, 100, 100, 100));
+    DiscoveryMechanism edsDiscoveryMechanismWithOutlierDetection =
+        DiscoveryMechanism.forEds(CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, tlsContext,
+            Collections.emptyMap(), outlierDetection);
+    Object roundRobin = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+        new FakeLoadBalancerProvider("wrr_locality_experimental"), new WrrLocalityConfig(
+            GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+                new FakeLoadBalancerProvider("round_robin"), null)));
+    Object leastRequest = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+        new FakeLoadBalancerProvider("wrr_locality_experimental"), new WrrLocalityConfig(
+            GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+                new FakeLoadBalancerProvider("least_request_experimental"),
+                new LeastRequestConfig(3))));
+
     new EqualsTester()
         .addEqualityGroup(
             new ClusterResolverConfig(
@@ -1102,17 +1033,36 @@ public void config_equalsTester() {
         .testEquals();
   }
 
-  private void deliverLbConfig(ClusterResolverConfig config) {
-    loadBalancer.acceptResolvedAddresses(
-        ResolvedAddresses.newBuilder()
-            .setAddresses(Collections.<EquivalentAddressGroup>emptyList())
-            .setAttributes(
-                // Other attributes not used by cluster_resolver LB are omitted.
-                Attributes.newBuilder()
-                    .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
-                    .build())
-            .setLoadBalancingPolicyConfig(config)
-            .build());
+  private void startXdsDepManager() {
+    startXdsDepManager(new CdsConfig(CLUSTER));
+  }
+
+  private void startXdsDepManager(final CdsConfig cdsConfig) {
+    startXdsDepManager(cdsConfig, true);
+  }
+
+  private void startXdsDepManager(final CdsConfig cdsConfig, boolean forwardTime) {
+    xdsDepManager.start(
+        xdsConfig -> {
+          if (!xdsConfig.hasValue()) {
+            throw new AssertionError("" + xdsConfig.getStatus());
+          }
+          if (loadBalancer == null) {
+            return;
+          }
+          loadBalancer.acceptResolvedAddresses(ResolvedAddresses.newBuilder()
+              .setAddresses(Collections.emptyList())
+              .setAttributes(Attributes.newBuilder()
+                .set(XdsAttributes.XDS_CONFIG, xdsConfig.getValue())
+                .set(XdsAttributes.XDS_CLUSTER_SUBSCRIPT_REGISTRY, xdsDepManager)
+                .build())
+              .setLoadBalancingPolicyConfig(cdsConfig)
+              .build());
+        });
+    if (forwardTime) {
+      // trigger does not exist timer, so broken config is more obvious
+      fakeClock.forwardTime(10, TimeUnit.MINUTES);
+    }
   }
 
   private FakeNameResolver assertResolverCreated(String uriPath) {
@@ -1151,112 +1101,41 @@ private static void assertClusterImplConfig(ClusterImplConfig config, String clu
   /** Asserts two list of EAGs contains same addresses, regardless of attributes. */
   private static void assertAddressesEqual(
       List<EquivalentAddressGroup> expected, List<EquivalentAddressGroup> actual) {
-    List<List<SocketAddress>> expectedAddresses
+    List<List<java.net.SocketAddress>> expectedAddresses
         = expected.stream().map(EquivalentAddressGroup::getAddresses).collect(toList());
-    List<List<SocketAddress>> actualAddresses
+    List<List<java.net.SocketAddress>> actualAddresses
         = actual.stream().map(EquivalentAddressGroup::getAddresses).collect(toList());
     assertThat(actualAddresses).isEqualTo(expectedAddresses);
   }
 
-  private static EquivalentAddressGroup makeAddress(final String name) {
-    return new EquivalentAddressGroup(new FakeSocketAddress(name));
+  @SuppressWarnings("AddressSelection")
+  private static InetSocketAddress newInetSocketAddress(String ip, int port) {
+    return new InetSocketAddress(ip, port);
   }
 
-  static class FakeSocketAddress extends SocketAddress {
-    private final String name;
-
-    private FakeSocketAddress(String name) {
-      this.name = name;
-    }
-
-    @Override
-    public int hashCode() {
-      return Objects.hash(name);
-    }
-
-    @Override
-    public boolean equals(Object o) {
-      if (this == o) {
-        return true;
-      }
-      if (!(o instanceof FakeSocketAddress)) {
-        return false;
-      }
-      FakeSocketAddress that = (FakeSocketAddress) o;
-      return Objects.equals(name, that.name);
-    }
-
-    @Override
-    public String toString() {
-      return name;
-    }
+  private static EquivalentAddressGroup newInetSocketAddressEag(String ip, int port) {
+    return new EquivalentAddressGroup(newInetSocketAddress(ip, port));
   }
 
-  private static final class FakeXdsClient extends XdsClient {
-
-    private final Map<String, ResourceWatcher<EdsUpdate>> watchers = new HashMap<>();
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public <T extends ResourceUpdate> void watchXdsResource(XdsResourceType<T> type,
-            String resourceName,
-            ResourceWatcher<T> watcher,
-            Executor syncContext) {
-      assertThat(type.typeName()).isEqualTo("EDS");
-      assertThat(watchers).doesNotContainKey(resourceName);
-      watchers.put(resourceName, (ResourceWatcher<EdsUpdate>) watcher);
-    }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T> type,
-                                                                  String resourceName,
-                                                                  ResourceWatcher<T> watcher) {
-      assertThat(type.typeName()).isEqualTo("EDS");
-      assertThat(watchers).containsKey(resourceName);
-      watchers.remove(resourceName);
-    }
-
-    void deliverClusterLoadAssignment(
-        String resource, Map<Locality, LocalityLbEndpoints> localityLbEndpointsMap) {
-      deliverClusterLoadAssignment(
-          resource, Collections.<DropOverload>emptyList(), localityLbEndpointsMap);
-    }
-
-    void deliverClusterLoadAssignment(String resource, List<DropOverload> dropOverloads,
-        Map<Locality, LocalityLbEndpoints> localityLbEndpointsMap) {
-      if (watchers.containsKey(resource)) {
-        watchers.get(resource).onChanged(
-            new XdsEndpointResource.EdsUpdate(resource, localityLbEndpointsMap, dropOverloads));
-      }
-    }
-
-    void deliverResourceNotFound(String resource) {
-      if (watchers.containsKey(resource)) {
-        watchers.get(resource).onResourceDoesNotExist(resource);
-      }
-    }
+  private static LbEndpoint.Builder newSocketLbEndpoint(String ip, int port) {
+    return LbEndpoint.newBuilder()
+        .setEndpoint(Endpoint.newBuilder()
+          .setAddress(newAddress(ip, port)))
+        .setHealthStatus(HealthStatus.HEALTHY);
+  }
 
-    void deliverError(Status error) {
-      for (ResourceWatcher<EdsUpdate> watcher : watchers.values()) {
-        watcher.onError(error);
-      }
-    }
+  private static Address.Builder newAddress(String ip, int port) {
+    return Address.newBuilder()
+        .setSocketAddress(SocketAddress.newBuilder()
+            .setAddress(ip)
+            .setPortValue(port));
   }
 
   private class FakeNameResolverProvider extends NameResolverProvider {
-    private final boolean useOldListenerCallback;
-
-    private FakeNameResolverProvider(boolean useOldListenerCallback) {
-      this.useOldListenerCallback = useOldListenerCallback;
-    }
-
     @Override
     public NameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
       assertThat(targetUri.getScheme()).isEqualTo("dns");
-      FakeNameResolver resolver = useOldListenerCallback
-              ? new FakeNameResolverUsingOldListenerCallback(targetUri)
-              : new FakeNameResolver(targetUri);
+      FakeNameResolver resolver = new FakeNameResolver(targetUri);
       resolvers.add(resolver);
       return resolver;
     }
@@ -1321,23 +1200,6 @@ protected void deliverError(Status error) {
     }
   }
 
-  private class FakeNameResolverUsingOldListenerCallback extends FakeNameResolver {
-    private FakeNameResolverUsingOldListenerCallback(URI targetUri) {
-      super(targetUri);
-    }
-
-    @Override
-    protected void deliverEndpointAddresses(List<EquivalentAddressGroup> addresses) {
-      listener.onResult(ResolutionResult.newBuilder()
-              .setAddressesOrError(StatusOr.fromValue(addresses)).build());
-    }
-
-    @Override
-    protected void deliverError(Status error) {
-      listener.onError(error);
-    }
-  }
-
   private final class FakeLoadBalancerProvider extends LoadBalancerProvider {
     private final String policyName;
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index b50bdfce01f..e80fcd008bd 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -205,6 +205,8 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
 
   @Before
   public void setUp() {
+    lenient().doReturn(Status.OK).when(mockListener).onResult2(any());
+
     try {
       targetUri = new URI(AUTHORITY);
     } catch (URISyntaxException e) {
@@ -435,6 +437,7 @@ public void resolving_ldsResourceUpdateRdsName() {
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
 
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     ArgumentCaptor<ResolutionResult> resultCaptor =
         ArgumentCaptor.forClass(ResolutionResult.class);
     String alternativeRdsResource = "route-configuration-alter.googleapis.com";
@@ -492,11 +495,13 @@ public void resolving_ldsResourceRevokedAndAddedBack() {
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
 
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     xdsClient.deliverLdsResourceNotFound();  // revoke LDS resource
     assertThat(xdsClient.rdsWatchers.keySet()).isEmpty();  // stop subscribing to stale RDS resource
     assertEmptyResolutionResult(expectedLdsResourceName);
 
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     xdsClient.deliverLdsUpdateForRdsName(RDS_RESOURCE_NAME);
     // No name resolution result until new RDS resource update is received. Do not use stale config
     verifyNoInteractions(mockListener);
@@ -533,11 +538,13 @@ public void resolving_rdsResourceRevokedAndAddedBack() {
         (Map<String, ?>) resolutionResultCaptor.getValue().getServiceConfig().getConfig());
 
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     xdsClient.deliverRdsResourceNotFound(RDS_RESOURCE_NAME);  // revoke RDS resource
     assertEmptyResolutionResult(RDS_RESOURCE_NAME);
 
     // Simulate management server adds back the previously used RDS resource.
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     xdsClient.deliverRdsUpdate(RDS_RESOURCE_NAME, Collections.singletonList(virtualHost));
     createAndDeliverClusterUpdates(xdsClient, cluster1);
     verify(mockListener).onResult2(resolutionResultCaptor.capture());
@@ -941,6 +948,7 @@ public void resolved_rpcHashingByChannelId() {
     // A different resolver/Channel.
     resolver.shutdown();
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     when(mockRandom.nextLong()).thenReturn(123L);
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler,
@@ -1044,6 +1052,7 @@ public void resolved_resourceUpdateAfterCallStarted() {
     TestCall<?, ?> firstCall = testCall;
 
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
         Arrays.asList(
@@ -1086,6 +1095,7 @@ public void resolved_resourceUpdateAfterCallStarted() {
   public void resolved_resourceUpdatedBeforeCallStarted() {
     InternalConfigSelector configSelector = resolveToClusters();
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
         Arrays.asList(
@@ -1122,6 +1132,7 @@ public void resolved_raceBetweenCallAndRepeatedResourceUpdate() {
     assertCallSelectClusterResult(call1, configSelector, cluster1, 15.0);
 
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
         Arrays.asList(
@@ -1546,6 +1557,7 @@ public void filterState_shutdown_onLdsNotFound() {
 
     // LDS 2: resource not found.
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     xdsClient.deliverLdsResourceNotFound();
     assertEmptyResolutionResult(expectedLdsResourceName);
     // Verify shutdown.
@@ -1603,6 +1615,7 @@ public void filterState_shutdown_onRdsNotFound() {
 
     // RDS 2: RDS_RESOURCE_NAME not found.
     reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
     xdsClient.deliverRdsResourceNotFound(RDS_RESOURCE_NAME);
     assertEmptyResolutionResult(RDS_RESOURCE_NAME);
     assertThat(lds1Filter1.isShutdown()).isTrue();

From 8f0db07d5d1a0f7b234db5740f7419e996c84425 Mon Sep 17 00:00:00 2001
From: Patrick Strawderman <pstrawderman@netflix.com>
Date: Thu, 18 Sep 2025 12:43:40 -0700
Subject: [PATCH 384/591] api: Avoid allocating empty array in LoadBalancer
 (#12337)

Use a singleton empty Object array to initialize the customOptions
default in LoadBalancer.Builder.
---
 api/src/main/java/io/grpc/LoadBalancer.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index d2fd8409e01..adc43b19841 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -855,9 +855,11 @@ public String toString() {
     @ExperimentalApi("https://github.com/grpc/grpc-java/issues/1771")
     public static final class Builder {
 
+      private static final Object[][] EMPTY_CUSTOM_OPTIONS = new Object[0][2];
+
       private List<EquivalentAddressGroup> addrs;
       private Attributes attrs = Attributes.EMPTY;
-      private Object[][] customOptions = new Object[0][2];
+      private Object[][] customOptions = EMPTY_CUSTOM_OPTIONS;
 
       Builder() {
       }

From 1a7042ac98a8fda6d4332563891131f75b1edb36 Mon Sep 17 00:00:00 2001
From: dmytroreutov <56252415+dmytroreutov@users.noreply.github.com>
Date: Thu, 18 Sep 2025 22:51:25 +0300
Subject: [PATCH 385/591] android: fix network change handling on API levels <
 24

Fixes https://github.com/grpc/grpc-java/issues/12313

In case if VPN toggled on<->off `wasConnected` returns true and
`delegate.enterIdle()` is skipped.
---
 .../main/java/io/grpc/android/AndroidChannelBuilder.java    | 6 ++----
 .../java/io/grpc/android/AndroidChannelBuilderTest.java     | 6 ------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java b/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
index 54b38bc3bd3..3a750e02795 100644
--- a/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
+++ b/android/src/main/java/io/grpc/android/AndroidChannelBuilder.java
@@ -323,7 +323,6 @@ public void onBlockedStatusChanged(Network network, boolean blocked) {
 
     /** Respond to network changes. Only used on API levels < 24. */
     private class NetworkReceiver extends BroadcastReceiver {
-      private boolean isConnected = false;
 
       @SuppressWarnings("deprecation")
       @Override
@@ -331,9 +330,8 @@ public void onReceive(Context context, Intent intent) {
         ConnectivityManager conn =
             (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE);
         android.net.NetworkInfo networkInfo = conn.getActiveNetworkInfo();
-        boolean wasConnected = isConnected;
-        isConnected = networkInfo != null && networkInfo.isConnected();
-        if (isConnected && !wasConnected) {
+
+        if (networkInfo != null && networkInfo.isConnected()) {
           delegate.enterIdle();
         }
       }
diff --git a/android/src/test/java/io/grpc/android/AndroidChannelBuilderTest.java b/android/src/test/java/io/grpc/android/AndroidChannelBuilderTest.java
index 83367d93b32..c0884e4d7cf 100644
--- a/android/src/test/java/io/grpc/android/AndroidChannelBuilderTest.java
+++ b/android/src/test/java/io/grpc/android/AndroidChannelBuilderTest.java
@@ -152,12 +152,6 @@ public void networkChanges_api23() {
         .sendBroadcast(new Intent(ConnectivityManager.CONNECTIVITY_ACTION));
     assertThat(delegateChannel.enterIdleCount).isEqualTo(1);
 
-    // The broadcast receiver may fire when the active network status has not actually changed
-    ApplicationProvider
-        .getApplicationContext()
-        .sendBroadcast(new Intent(ConnectivityManager.CONNECTIVITY_ACTION));
-    assertThat(delegateChannel.enterIdleCount).isEqualTo(1);
-
     // Drop the connection
     shadowOf(connectivityManager).setActiveNetworkInfo(null);
     ApplicationProvider

From afe72220d0aaa205b9d7cc8a291c2707510854f1 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 18 Sep 2025 22:55:53 -0700
Subject: [PATCH 386/591] SECURITY.md: Mention gcompat for Alpine (#12365)

In the olden days Alpine didn't work at all. Then it worked. And then
sometime in 2021 it started failing (#8751) because of missing
__strndup. The most recent deep investigation showed it is missing
__strdup these days
https://github.com/grpc/grpc-java/issues/11660#issuecomment-2469284111 .

I'm not expecting too many people to find this themselves, but we can
link to it when they experience problems.
---
 SECURITY.md | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index cd02fbe3e18..1555882c3c6 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -330,14 +330,10 @@ is an option](#tls-with-conscrypt). Otherwise you need to [build your own 32-bit
 version of
 `netty-tcnative`](https://netty.io/wiki/forked-tomcat-native.html#wiki-h2-6).
 
-If on Alpine Linux and you see "Error loading shared library libcrypt.so.1: No
-such file or directory". Run `apk update && apk add libc6-compat` to install the
-necessary dependency.
-
-If on Alpine Linux, try to use `grpc-netty-shaded` instead of `grpc-netty` or
-(if you need `grpc-netty`) `netty-tcnative-boringssl-static` instead of
-`netty-tcnative`. If those are not an option, you may consider using
-[netty-tcnative-alpine](https://github.com/pires/netty-tcnative-alpine).
+If on Alpine Linux, depending on your specific JDK you may see a crash in
+netty_tcnative. This is generally caused by a missing symbol. Run `apk install
+gcompat` and use the environment variable `LD_PRELOAD=/lib/libgcompat.so.0` when
+executing Java.
 
 If on Fedora 30 or later and you see "libcrypt.so.1: cannot open shared object
 file: No such file or directory". Run `dnf -y install libxcrypt-compat` to

From 4995700069ad31d11d846900cc62df35001653fb Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 18 Sep 2025 11:17:51 -0700
Subject: [PATCH 387/591] xds: Remove verify TODO for onResult2 error status

This had been accidentally left in 0c179e3f9.

Requesting a refresh is pretty close to RetryingNameResolver's behavior
of exponential backoff. While not identical, it is the closest we can
get easily.
---
 xds/src/main/java/io/grpc/xds/XdsNameResolver.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 55059dc4a5a..c3bc7c2e326 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -331,7 +331,6 @@ private void updateResolutionResult(XdsConfig xdsConfig) {
             .setServiceConfig(parsedServiceConfig)
             .build();
     if (!listener.onResult2(result).isOk()) {
-      // TODO: check if this is right
       resolveState.xdsDependencyManager.requestReresolution();
     }
   }

From 040665f2438ec04c1d5144a99c84cf7aa4ade3c1 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 18 Sep 2025 13:09:03 -0700
Subject: [PATCH 388/591] examples: Explain Bazel BCR releases and git_override
 option

---
 examples/MODULE.bazel | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 8bd50810c46..18d74d86973 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -4,7 +4,16 @@ bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1"
 bazel_dep(name = "rules_jvm_external", version = "6.0")
 bazel_dep(name = "rules_proto", version = "5.3.0-21.7")
 
-# Do not use this override in your own MODULE.bazel. Use a version from BCR
+# Do not use this override in your own MODULE.bazel. It is unnecessary when
+# using a version from BCR. Be aware the gRPC Java team does not update the
+# BCR for new releases, so you may need to create a PR for the BCR to add the
+# version. To not use the BCR, you could use:
+#
+# git_override(
+#    module_name = "grpc-java",
+#    remote = "https://github.com/grpc/grpc-java.git",
+#    tag = "v<VERSION>",
+# )
 local_path_override(
     module_name = "grpc-java",
     path = "..",

From 1937ef8debf453ea80f89f45edccf07b0db52c5a Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Fri, 19 Sep 2025 16:52:04 -0400
Subject: [PATCH 389/591] Start 1.77.0 development cycle (#12369)

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 4465f46e6c5..83ff9eaa539 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.76.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.77.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 366edf1b9e5..f80b27a4476 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.76.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.77.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 22d3491be95..f42922c76b2 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.76.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.77.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 22978149759..2e8d702a877 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.76.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.77.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 2ad4a01d9e6..a8199ae5bef 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.76.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.77.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 18d74d86973..7f639476b84 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,4 +1,4 @@
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.76.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.77.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 8048eba73ab..d9b3f50a941 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,11 +54,11 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 69519c8e4ab..81ea9235155 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index a09de35e994..a0aef26cb61 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index c0447a42af1..e1e6b8badc4 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,7 +53,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index ddd8e7b3a65..f0965338b8f 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 9f86adb0aeb..970e287f609 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 3dc873e179b..b9baf5f3817 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index c4fce2d793b..4bb8b33f9ab 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 5d8c30b2127..8c32559a6dc 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index b65beb84103..3561254ed0c 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index befc2f7c0c7..3c3978603c7 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 98bbebd114a..70d7ea56a5a 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index abb2dd8a220..a1e767d02df 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.52.0'
 def openTelemetryPrometheusVersion = '1.52.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 08e00294452..605c93ea75f 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 94a85e8f8ab..19fe0816580 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index e93b36e39d1..3d9225d72da 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 28df68e4fc7..e1509f08b79 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 4834cfa09ef..2a097386637 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 05a450dcc8d..38f105ec37f 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index a2f61e38467..30c0608c24a 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index edcca46480e..46591b42c80 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.52.0'
 def openTelemetryPrometheusVersion = '1.52.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index f21c89ee0a4..3e3d141b5a1 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index a5bda680ef4..9c49388a946 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index d0f475f1833..ee891209000 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 0b3914febf3..e55a7ce7f33 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index 3932f4c32f4..202ad17d896 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index 3914aa3fea0..bd040511b3e 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.76.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 4da1eb14f90..2a6817a56a0 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.76.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.76.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for JDK 8 -->

From 9cddcb4a8ef55c455dd1e2f611d73e3b2400cb1b Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Mon, 22 Sep 2025 02:51:20 -0700
Subject: [PATCH 390/591] stub: remove interrupt checking from
 ThreadSafeThreadlessExecutor.drain (#12358)

The only caller of `drain()` just reset the interrupt flag. So, we can
avoid the whole exception dance.
---
 .../main/java/io/grpc/stub/BlockingClientCall.java | 14 +++-----------
 stub/src/main/java/io/grpc/stub/ClientCalls.java   |  7 ++-----
 2 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
index 2c896c7208a..27bd42e53bb 100644
--- a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
+++ b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
@@ -273,7 +273,7 @@ public void halfClose() {
    */
   @VisibleForTesting
   Status getClosedStatus() {
-    drainQuietly();
+    executor.drain();
     CloseState state = closeState.get();
     return (state == null) ? null : state.status;
   }
@@ -295,7 +295,7 @@ boolean isEitherReadOrWriteReady() {
    */
   @VisibleForTesting
   boolean isReadReady() {
-    drainQuietly();
+    executor.drain();
 
     return !buffer.isEmpty();
   }
@@ -308,7 +308,7 @@ boolean isReadReady() {
    */
   @VisibleForTesting
   boolean isWriteReady() {
-    drainQuietly();
+    executor.drain();
 
     return isWriteLegal() && call.isReady();
   }
@@ -325,14 +325,6 @@ ClientCall.Listener<RespT> getListener() {
     return new QueuingListener();
   }
 
-  private void drainQuietly() {
-    try {
-      executor.drain();
-    } catch (InterruptedException e) {
-      Thread.currentThread().interrupt();
-    }
-  }
-
   private final class QueuingListener extends ClientCall.Listener<RespT> {
     @Override
     public void onMessage(RespT value) {
diff --git a/stub/src/main/java/io/grpc/stub/ClientCalls.java b/stub/src/main/java/io/grpc/stub/ClientCalls.java
index 8cd31ea9cca..ff2804a0a1f 100644
--- a/stub/src/main/java/io/grpc/stub/ClientCalls.java
+++ b/stub/src/main/java/io/grpc/stub/ClientCalls.java
@@ -935,11 +935,8 @@ public <T> void waitAndDrainWithTimeout(boolean waitForever, long end,
       }
     }
 
-    /**
-     * Executes all queued Runnables and if there were any wakes up any waiting threads.
-     */
-    public void drain() throws InterruptedException {
-      throwIfInterrupted();
+    /** Executes all queued Runnables and if there were any wakes up any waiting threads. */
+    void drain() {
       Runnable runnable;
       boolean didWork = false;
 

From d380191bed0dfccdb6f7432270979e42399cc4b7 Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Tue, 23 Sep 2025 20:08:38 -0400
Subject: [PATCH 391/591] Implement otel retry metrics (#12064)

implements [A96](https://github.com/grpc/proposal/pull/488/files)
---
 .../main/java/io/grpc/ClientStreamTracer.java |  32 ++-
 .../java/io/grpc/internal/ClientCallImpl.java |   3 +-
 .../main/java/io/grpc/internal/GrpcUtil.java  |   4 +-
 .../io/grpc/internal/ManagedChannelImpl.java  |   7 +-
 .../java/io/grpc/internal/OobChannel.java     |   3 +-
 .../io/grpc/internal/RetriableStream.java     |  18 +-
 .../io/grpc/internal/SubchannelChannel.java   |   3 +-
 .../io/grpc/internal/RetriableStreamTest.java |   3 +-
 .../grpc/opentelemetry/GrpcOpenTelemetry.java |  63 +++-
 .../OpenTelemetryMetricsModule.java           |  76 ++++-
 .../OpenTelemetryMetricsResource.java         |  19 ++
 .../internal/OpenTelemetryConstants.java      |   7 +
 .../OpenTelemetryMetricsModuleTest.java       | 270 +++++++++++++++++-
 13 files changed, 469 insertions(+), 39 deletions(-)

diff --git a/api/src/main/java/io/grpc/ClientStreamTracer.java b/api/src/main/java/io/grpc/ClientStreamTracer.java
index 2f366b7404c..42e1fdfebea 100644
--- a/api/src/main/java/io/grpc/ClientStreamTracer.java
+++ b/api/src/main/java/io/grpc/ClientStreamTracer.java
@@ -132,12 +132,15 @@ public static final class StreamInfo {
     private final CallOptions callOptions;
     private final int previousAttempts;
     private final boolean isTransparentRetry;
+    private final boolean isHedging;
 
     StreamInfo(
-        CallOptions callOptions, int previousAttempts, boolean isTransparentRetry) {
+        CallOptions callOptions, int previousAttempts, boolean isTransparentRetry,
+        boolean isHedging) {
       this.callOptions = checkNotNull(callOptions, "callOptions");
       this.previousAttempts = previousAttempts;
       this.isTransparentRetry = isTransparentRetry;
+      this.isHedging = isHedging;
     }
 
     /**
@@ -165,6 +168,15 @@ public boolean isTransparentRetry() {
       return isTransparentRetry;
     }
 
+    /**
+     * Whether the stream is hedging.
+     *
+     * @since 1.74.0
+     */
+    public boolean isHedging() {
+      return isHedging;
+    }
+
     /**
      * Converts this StreamInfo into a new Builder.
      *
@@ -174,7 +186,9 @@ public Builder toBuilder() {
       return new Builder()
           .setCallOptions(callOptions)
           .setPreviousAttempts(previousAttempts)
-          .setIsTransparentRetry(isTransparentRetry);
+          .setIsTransparentRetry(isTransparentRetry)
+          .setIsHedging(isHedging);
+
     }
 
     /**
@@ -192,6 +206,7 @@ public String toString() {
           .add("callOptions", callOptions)
           .add("previousAttempts", previousAttempts)
           .add("isTransparentRetry", isTransparentRetry)
+          .add("isHedging", isHedging)
           .toString();
     }
 
@@ -204,6 +219,7 @@ public static final class Builder {
       private CallOptions callOptions = CallOptions.DEFAULT;
       private int previousAttempts;
       private boolean isTransparentRetry;
+      private boolean isHedging;
 
       Builder() {
       }
@@ -236,11 +252,21 @@ public Builder setIsTransparentRetry(boolean isTransparentRetry) {
         return this;
       }
 
+      /**
+       * Sets whether the stream is hedging.
+       *
+       * @since 1.74.0
+       */
+      public Builder setIsHedging(boolean isHedging) {
+        this.isHedging = isHedging;
+        return this;
+      }
+
       /**
        * Builds a new StreamInfo.
        */
       public StreamInfo build() {
-        return new StreamInfo(callOptions, previousAttempts, isTransparentRetry);
+        return new StreamInfo(callOptions, previousAttempts, isTransparentRetry, isHedging);
       }
     }
   }
diff --git a/core/src/main/java/io/grpc/internal/ClientCallImpl.java b/core/src/main/java/io/grpc/internal/ClientCallImpl.java
index b9e8dd79f09..4b24b1eae3d 100644
--- a/core/src/main/java/io/grpc/internal/ClientCallImpl.java
+++ b/core/src/main/java/io/grpc/internal/ClientCallImpl.java
@@ -250,7 +250,8 @@ public void runInContext() {
       stream = clientStreamProvider.newStream(method, callOptions, headers, context);
     } else {
       ClientStreamTracer[] tracers =
-          GrpcUtil.getClientStreamTracers(callOptions, headers, 0, false);
+          GrpcUtil.getClientStreamTracers(callOptions, headers, 0,
+              false, false);
       String deadlineName = contextIsDeadlineSource ? "Context" : "CallOptions";
       Long nameResolutionDelay = callOptions.getOption(NAME_RESOLUTION_DELAYED);
       String description = String.format(
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index a8199ae5bef..a512fff6af2 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -759,13 +759,15 @@ public ListenableFuture<SocketStats> getStats() {
 
   /** Gets stream tracers based on CallOptions. */
   public static ClientStreamTracer[] getClientStreamTracers(
-      CallOptions callOptions, Metadata headers, int previousAttempts, boolean isTransparentRetry) {
+      CallOptions callOptions, Metadata headers, int previousAttempts, boolean isTransparentRetry,
+      boolean isHedging) {
     List<ClientStreamTracer.Factory> factories = callOptions.getStreamTracerFactories();
     ClientStreamTracer[] tracers = new ClientStreamTracer[factories.size() + 1];
     StreamInfo streamInfo = StreamInfo.newBuilder()
         .setCallOptions(callOptions)
         .setPreviousAttempts(previousAttempts)
         .setIsTransparentRetry(isTransparentRetry)
+        .setIsHedging(isHedging)
         .build();
     for (int i = 0; i < factories.size(); i++) {
       tracers[i] = factories.get(i).newClientStreamTracer(streamInfo, headers);
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 78c5181502f..849e4b8e45c 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -479,7 +479,8 @@ public ClientStream newStream(
       // the delayed transport or a real transport will go in-use and cancel the idle timer.
       if (!retryEnabled) {
         ClientStreamTracer[] tracers = GrpcUtil.getClientStreamTracers(
-            callOptions, headers, 0, /* isTransparentRetry= */ false);
+            callOptions, headers, 0, /* isTransparentRetry= */ false,
+            /* isHedging= */false);
         Context origContext = context.attach();
         try {
           return delayedTransport.newStream(method, headers, callOptions, tracers);
@@ -519,10 +520,10 @@ void postCommit() {
           @Override
           ClientStream newSubstream(
               Metadata newHeaders, ClientStreamTracer.Factory factory, int previousAttempts,
-              boolean isTransparentRetry) {
+              boolean isTransparentRetry, boolean isHedgedStream) {
             CallOptions newOptions = callOptions.withStreamTracerFactory(factory);
             ClientStreamTracer[] tracers = GrpcUtil.getClientStreamTracers(
-                newOptions, newHeaders, previousAttempts, isTransparentRetry);
+                newOptions, newHeaders, previousAttempts, isTransparentRetry, isHedgedStream);
             Context origContext = context.attach();
             try {
               return delayedTransport.newStream(method, newHeaders, newOptions, tracers);
diff --git a/core/src/main/java/io/grpc/internal/OobChannel.java b/core/src/main/java/io/grpc/internal/OobChannel.java
index 01ef457460f..30c9f55e796 100644
--- a/core/src/main/java/io/grpc/internal/OobChannel.java
+++ b/core/src/main/java/io/grpc/internal/OobChannel.java
@@ -88,7 +88,8 @@ final class OobChannel extends ManagedChannel implements InternalInstrumented<Ch
     public ClientStream newStream(MethodDescriptor<?, ?> method,
         CallOptions callOptions, Metadata headers, Context context) {
       ClientStreamTracer[] tracers = GrpcUtil.getClientStreamTracers(
-          callOptions, headers, 0, /* isTransparentRetry= */ false);
+          callOptions, headers, 0, /* isTransparentRetry= */ false,
+          /* isHedging= */ false);
       Context origContext = context.attach();
       // delayed transport's newStream() always acquires a lock, but concurrent performance doesn't
       // matter here because OOB communication should be sparse, and it's not on application RPC's
diff --git a/core/src/main/java/io/grpc/internal/RetriableStream.java b/core/src/main/java/io/grpc/internal/RetriableStream.java
index 6d33c2eb3e7..9fe8ab4ffff 100644
--- a/core/src/main/java/io/grpc/internal/RetriableStream.java
+++ b/core/src/main/java/io/grpc/internal/RetriableStream.java
@@ -245,7 +245,8 @@ private void commitAndRun(Substream winningSubstream) {
   // returns null means we should not create new sub streams, e.g. cancelled or
   // other close condition is met for retriableStream.
   @Nullable
-  private Substream createSubstream(int previousAttemptCount, boolean isTransparentRetry) {
+  private Substream createSubstream(int previousAttemptCount, boolean isTransparentRetry,
+                                    boolean isHedgedStream) {
     int inFlight;
     do {
       inFlight = inFlightSubStreams.get();
@@ -266,7 +267,8 @@ public ClientStreamTracer newClientStreamTracer(
 
     Metadata newHeaders = updateHeaders(headers, previousAttemptCount);
     // NOTICE: This set _must_ be done before stream.start() and it actually is.
-    sub.stream = newSubstream(newHeaders, tracerFactory, previousAttemptCount, isTransparentRetry);
+    sub.stream = newSubstream(newHeaders, tracerFactory, previousAttemptCount, isTransparentRetry,
+        isHedgedStream);
     return sub;
   }
 
@@ -276,7 +278,7 @@ public ClientStreamTracer newClientStreamTracer(
    */
   abstract ClientStream newSubstream(
       Metadata headers, ClientStreamTracer.Factory tracerFactory, int previousAttempts,
-      boolean isTransparentRetry);
+      boolean isTransparentRetry, boolean isHedgedStream);
 
   /** Adds grpc-previous-rpc-attempts in the headers of a retry/hedging RPC. */
   @VisibleForTesting
@@ -398,7 +400,7 @@ public final void start(ClientStreamListener listener) {
       state.buffer.add(new StartEntry());
     }
 
-    Substream substream = createSubstream(0, false);
+    Substream substream = createSubstream(0, false, false);
     if (substream == null) {
       return;
     }
@@ -471,7 +473,7 @@ public void run() {
       // If this run is not cancelled, the value of state.hedgingAttemptCount won't change
       // until state.addActiveHedge() is called subsequently, even the state could possibly
       // change.
-      Substream newSubstream = createSubstream(state.hedgingAttemptCount, false);
+      Substream newSubstream = createSubstream(state.hedgingAttemptCount, false, true);
       if (newSubstream == null) {
         return;
       }
@@ -949,7 +951,8 @@ public void run() {
             || (rpcProgress == RpcProgress.REFUSED
                 && noMoreTransparentRetry.compareAndSet(false, true))) {
           // transparent retry
-          final Substream newSubstream = createSubstream(substream.previousAttemptCount, true);
+          final Substream newSubstream = createSubstream(substream.previousAttemptCount,
+              true, false);
           if (newSubstream == null) {
             return;
           }
@@ -1001,7 +1004,8 @@ public void run() {
             RetryPlan retryPlan = makeRetryDecision(status, trailers);
             if (retryPlan.shouldRetry) {
               // retry
-              Substream newSubstream = createSubstream(substream.previousAttemptCount + 1, false);
+              Substream newSubstream = createSubstream(substream.previousAttemptCount + 1,
+                  false, false);
               if (newSubstream == null) {
                 return;
               }
diff --git a/core/src/main/java/io/grpc/internal/SubchannelChannel.java b/core/src/main/java/io/grpc/internal/SubchannelChannel.java
index 773dcb99dd7..ced4272afe3 100644
--- a/core/src/main/java/io/grpc/internal/SubchannelChannel.java
+++ b/core/src/main/java/io/grpc/internal/SubchannelChannel.java
@@ -59,7 +59,8 @@ public ClientStream newStream(MethodDescriptor<?, ?> method,
           transport = notReadyTransport;
         }
         ClientStreamTracer[] tracers = GrpcUtil.getClientStreamTracers(
-            callOptions, headers, 0, /* isTransparentRetry= */ false);
+            callOptions, headers, 0, /* isTransparentRetry= */ false,
+            /* isHedging= */ false);
         Context origContext = context.attach();
         try {
           return transport.newStream(method, headers, callOptions, tracers);
diff --git a/core/src/test/java/io/grpc/internal/RetriableStreamTest.java b/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
index 9b1ec343bb7..afbdaa395b0 100644
--- a/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/RetriableStreamTest.java
@@ -186,7 +186,8 @@ ClientStream newSubstream(
         Metadata metadata,
         ClientStreamTracer.Factory tracerFactory,
         int previousAttempts,
-        boolean isTransparentRetry) {
+        boolean isTransparentRetry,
+        boolean isHedgedStream) {
       bufferSizeTracer =
           tracerFactory.newClientStreamTracer(STREAM_INFO, metadata);
       int actualPreviousRpcAttemptsInHeader = metadata.get(GRPC_PREVIOUS_RPC_ATTEMPTS) == null
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
index 6b257a18a6c..e0af0f80ed3 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
@@ -18,8 +18,11 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.internal.GrpcUtil.IMPLEMENTATION_VERSION;
+import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.HEDGE_BUCKETS;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.LATENCY_BUCKETS;
+import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.RETRY_BUCKETS;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.SIZE_BUCKETS;
+import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.TRANSPARENT_RETRY_BUCKETS;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Stopwatch;
@@ -64,8 +67,8 @@ public Stopwatch get() {
   };
 
   @VisibleForTesting
-  static boolean ENABLE_OTEL_TRACING = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_ENABLE_OTEL_TRACING",
-      false);
+  static boolean ENABLE_OTEL_TRACING =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_ENABLE_OTEL_TRACING", false);
 
   private final OpenTelemetry openTelemetrySdk;
   private final MeterProvider meterProvider;
@@ -241,6 +244,54 @@ static OpenTelemetryMetricsResource createMetricInstruments(Meter meter,
               .build());
     }
 
+    if (isMetricEnabled("grpc.client.call.retries", enableMetrics, disableDefault)) {
+      builder.clientCallRetriesCounter(
+          meter.histogramBuilder(
+                  "grpc.client.call.retries")
+              .setUnit("{retry}")
+              .setDescription("Number of retries during the client call. "
+                  + "If there were no retries, 0 is not reported.")
+              .ofLongs()
+              .setExplicitBucketBoundariesAdvice(RETRY_BUCKETS)
+              .build());
+    }
+
+    if (isMetricEnabled("grpc.client.call.transparent_retries", enableMetrics,
+        disableDefault)) {
+      builder.clientCallTransparentRetriesCounter(
+          meter.histogramBuilder(
+                  "grpc.client.call.transparent_retries")
+              .setUnit("{transparent_retry}")
+              .setDescription("Number of transparent retries during the client call. "
+                  + "If there were no transparent retries, 0 is not reported.")
+              .ofLongs()
+              .setExplicitBucketBoundariesAdvice(TRANSPARENT_RETRY_BUCKETS)
+              .build());
+    }
+
+    if (isMetricEnabled("grpc.client.call.hedges", enableMetrics, disableDefault)) {
+      builder.clientCallHedgesCounter(
+          meter.histogramBuilder(
+                  "grpc.client.call.hedges")
+              .setUnit("{hedge}")
+              .setDescription("Number of hedges during the client call. "
+                  + "If there were no hedges, 0 is not reported.")
+              .ofLongs()
+              .setExplicitBucketBoundariesAdvice(HEDGE_BUCKETS)
+              .build());
+    }
+
+    if (isMetricEnabled("grpc.client.call.retry_delay", enableMetrics, disableDefault)) {
+      builder.clientCallRetryDelayCounter(
+          meter.histogramBuilder(
+                  "grpc.client.call.retry_delay")
+              .setUnit("s")
+              .setDescription("Total time of delay while there is no active attempt during the "
+                  + "client call")
+              .setExplicitBucketBoundariesAdvice(LATENCY_BUCKETS)
+              .build());
+    }
+
     if (isMetricEnabled("grpc.server.call.started", enableMetrics, disableDefault)) {
       builder.serverCallCountCounter(
           meter.counterBuilder("grpc.server.call.started")
@@ -259,8 +310,8 @@ static OpenTelemetryMetricsResource createMetricInstruments(Meter meter,
               .build());
     }
 
-    if (isMetricEnabled("grpc.server.call.sent_total_compressed_message_size", enableMetrics,
-        disableDefault)) {
+    if (isMetricEnabled("grpc.server.call.sent_total_compressed_message_size",
+        enableMetrics, disableDefault)) {
       builder.serverTotalSentCompressedMessageSizeCounter(
           meter.histogramBuilder(
                   "grpc.server.call.sent_total_compressed_message_size")
@@ -271,8 +322,8 @@ static OpenTelemetryMetricsResource createMetricInstruments(Meter meter,
               .build());
     }
 
-    if (isMetricEnabled("grpc.server.call.rcvd_total_compressed_message_size", enableMetrics,
-        disableDefault)) {
+    if (isMetricEnabled("grpc.server.call.rcvd_total_compressed_message_size",
+        enableMetrics, disableDefault)) {
       builder.serverTotalReceivedCompressedMessageSizeCounter(
           meter.histogramBuilder(
                   "grpc.server.call.rcvd_total_compressed_message_size")
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
index 82ad41e7b20..1d77f9ee3e4 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
@@ -285,16 +285,19 @@ void recordFinishedAttempt() {
   static final class CallAttemptsTracerFactory extends ClientStreamTracer.Factory {
     private final OpenTelemetryMetricsModule module;
     private final String target;
-    private final Stopwatch attemptStopwatch;
+    private final Stopwatch attemptDelayStopwatch;
     private final Stopwatch callStopWatch;
     @GuardedBy("lock")
     private boolean callEnded;
     private final String fullMethodName;
     private final List<OpenTelemetryPlugin.ClientCallPlugin> callPlugins;
     private Status status;
+    private long retryDelayNanos;
     private long callLatencyNanos;
     private final Object lock = new Object();
     private final AtomicLong attemptsPerCall = new AtomicLong();
+    private final AtomicLong hedgedAttemptsPerCall = new AtomicLong();
+    private final AtomicLong transparentRetriesPerCall = new AtomicLong();
     @GuardedBy("lock")
     private int activeStreams;
     @GuardedBy("lock")
@@ -309,7 +312,7 @@ static final class CallAttemptsTracerFactory extends ClientStreamTracer.Factory
       this.target = checkNotNull(target, "target");
       this.fullMethodName = checkNotNull(fullMethodName, "fullMethodName");
       this.callPlugins = checkNotNull(callPlugins, "callPlugins");
-      this.attemptStopwatch = module.stopwatchSupplier.get();
+      this.attemptDelayStopwatch = module.stopwatchSupplier.get();
       this.callStopWatch = module.stopwatchSupplier.get().start();
 
       io.opentelemetry.api.common.Attributes attribute = io.opentelemetry.api.common.Attributes.of(
@@ -329,8 +332,9 @@ public ClientStreamTracer newClientStreamTracer(StreamInfo info, Metadata metada
           // This can be the case when the call is cancelled but a retry attempt is created.
           return new ClientStreamTracer() {};
         }
-        if (++activeStreams == 1 && attemptStopwatch.isRunning()) {
-          attemptStopwatch.stop();
+        if (++activeStreams == 1 && attemptDelayStopwatch.isRunning()) {
+          attemptDelayStopwatch.stop();
+          retryDelayNanos = attemptDelayStopwatch.elapsed(TimeUnit.NANOSECONDS);
         }
       }
       // Skip recording for the first time, since it is already recorded in
@@ -344,7 +348,11 @@ public ClientStreamTracer newClientStreamTracer(StreamInfo info, Metadata metada
           module.resource.clientAttemptCountCounter().add(1, attribute);
         }
       }
-      if (!info.isTransparentRetry()) {
+      if (info.isTransparentRetry()) {
+        transparentRetriesPerCall.incrementAndGet();
+      } else if (info.isHedging()) {
+        hedgedAttemptsPerCall.incrementAndGet();
+      } else {
         attemptsPerCall.incrementAndGet();
       }
       return newClientTracer(info);
@@ -367,7 +375,7 @@ void attemptEnded() {
       boolean shouldRecordFinishedCall = false;
       synchronized (lock) {
         if (--activeStreams == 0) {
-          attemptStopwatch.start();
+          attemptDelayStopwatch.start();
           if (callEnded && !finishedCallToBeRecorded) {
             shouldRecordFinishedCall = true;
             finishedCallToBeRecorded = true;
@@ -402,19 +410,61 @@ void callEnded(Status status) {
     void recordFinishedCall() {
       if (attemptsPerCall.get() == 0) {
         ClientTracer tracer = newClientTracer(null);
-        tracer.attemptNanos = attemptStopwatch.elapsed(TimeUnit.NANOSECONDS);
+        tracer.attemptNanos = attemptDelayStopwatch.elapsed(TimeUnit.NANOSECONDS);
         tracer.statusCode = status.getCode();
         tracer.recordFinishedAttempt();
       }
       callLatencyNanos = callStopWatch.elapsed(TimeUnit.NANOSECONDS);
-      io.opentelemetry.api.common.Attributes attribute =
-          io.opentelemetry.api.common.Attributes.of(METHOD_KEY, fullMethodName,
-              TARGET_KEY, target,
-              STATUS_KEY, status.getCode().toString());
 
+      // Base attributes
+      io.opentelemetry.api.common.Attributes baseAttributes =
+          io.opentelemetry.api.common.Attributes.of(
+              METHOD_KEY, fullMethodName,
+              TARGET_KEY, target
+          );
+
+      // Duration
       if (module.resource.clientCallDurationCounter() != null) {
-        module.resource.clientCallDurationCounter()
-            .record(callLatencyNanos * SECONDS_PER_NANO, attribute);
+        module.resource.clientCallDurationCounter().record(
+            callLatencyNanos * SECONDS_PER_NANO,
+            baseAttributes.toBuilder()
+                .put(STATUS_KEY, status.getCode().toString())
+                .build()
+        );
+      }
+
+      // Retry counts
+      if (module.resource.clientCallRetriesCounter() != null) {
+        long retriesPerCall = Math.max(attemptsPerCall.get() - 1, 0);
+        if (retriesPerCall > 0) {
+          module.resource.clientCallRetriesCounter().record(retriesPerCall, baseAttributes);
+        }
+      }
+
+      // Hedge counts
+      if (module.resource.clientCallHedgesCounter() != null) {
+        long hedges = hedgedAttemptsPerCall.get();
+        if (hedges > 0) {
+          module.resource.clientCallHedgesCounter()
+              .record(hedges, baseAttributes);
+        }
+      }
+
+      // Transparent Retry counts
+      if (module.resource.clientCallTransparentRetriesCounter() != null) {
+        long transparentRetries = transparentRetriesPerCall.get();
+        if (transparentRetries > 0) {
+          module.resource.clientCallTransparentRetriesCounter().record(
+              transparentRetries, baseAttributes);
+        }
+      }
+
+      // Retry delay
+      if (module.resource.clientCallRetryDelayCounter() != null) {
+        module.resource.clientCallRetryDelayCounter().record(
+            retryDelayNanos * SECONDS_PER_NANO,
+            baseAttributes
+        );
       }
     }
   }
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsResource.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsResource.java
index e519b7e1eb6..d32ae1e67f5 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsResource.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsResource.java
@@ -41,6 +41,17 @@ abstract class OpenTelemetryMetricsResource {
   @Nullable
   abstract LongHistogram clientTotalReceivedCompressedMessageSizeCounter();
 
+  @Nullable
+  abstract LongHistogram clientCallRetriesCounter();
+
+  @Nullable
+  abstract LongHistogram clientCallTransparentRetriesCounter();
+
+  @Nullable
+  abstract LongHistogram clientCallHedgesCounter();
+
+  @Nullable
+  abstract DoubleHistogram clientCallRetryDelayCounter();
 
   /* Server Metrics */
   @Nullable
@@ -73,6 +84,14 @@ abstract static class Builder {
     abstract Builder clientTotalReceivedCompressedMessageSizeCounter(
         LongHistogram counter);
 
+    abstract Builder clientCallRetriesCounter(LongHistogram counter);
+
+    abstract Builder clientCallTransparentRetriesCounter(LongHistogram counter);
+
+    abstract Builder clientCallHedgesCounter(LongHistogram counter);
+
+    abstract Builder clientCallRetryDelayCounter(DoubleHistogram counter);
+
     abstract Builder serverCallCountCounter(LongCounter counter);
 
     abstract Builder serverCallDurationCounter(DoubleHistogram counter);
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
index ef21903c8e7..ff2b88acbfd 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
@@ -55,6 +55,13 @@ public final class OpenTelemetryConstants {
           0L, 1024L, 2048L, 4096L, 16384L, 65536L, 262144L, 1048576L, 4194304L, 16777216L,
           67108864L, 268435456L, 1073741824L, 4294967296L);
 
+  public static final List<Long> RETRY_BUCKETS = ImmutableList.of(1L, 2L, 3L, 4L, 5L);
+
+  public static final List<Long> TRANSPARENT_RETRY_BUCKETS =
+      ImmutableList.of(1L, 2L, 3L, 4L, 5L, 10L);
+
+  public static final List<Long> HEDGE_BUCKETS = ImmutableList.of(1L, 2L, 3L, 4L, 5L);
+
   private OpenTelemetryConstants() {
   }
 }
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
index 77f0268ec2f..6d1234497d6 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
@@ -54,11 +54,14 @@
 import io.opentelemetry.api.common.AttributeKey;
 import io.opentelemetry.api.metrics.Meter;
 import io.opentelemetry.sdk.common.InstrumentationScopeInfo;
+import io.opentelemetry.sdk.metrics.data.MetricData;
 import io.opentelemetry.sdk.testing.junit4.OpenTelemetryRule;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
+import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 import javax.annotation.Nullable;
@@ -94,6 +97,11 @@ public class OpenTelemetryMetricsModuleTest {
   private static final String CLIENT_ATTEMPT_RECV_TOTAL_COMPRESSED_MESSAGE_SIZE
       = "grpc.client.attempt.rcvd_total_compressed_message_size";
   private static final String CLIENT_CALL_DURATION = "grpc.client.call.duration";
+  private static final String CLIENT_CALL_RETRIES = "grpc.client.call.retries";
+  private static final String CLIENT_CALL_TRANSPARENT_RETRIES =
+      "grpc.client.call.transparent_retries";
+  private static final String CLIENT_CALL_HEDGES = "grpc.client.call.hedges";
+  private static final String CLIENT_CALL_RETRY_DELAY = "grpc.client.call.retry_delay";
   private static final String SERVER_CALL_COUNT = "grpc.server.call.started";
   private static final String SERVER_CALL_DURATION = "grpc.server.call.duration";
   private static final String SERVER_CALL_SENT_TOTAL_COMPRESSED_MESSAGE_SIZE
@@ -194,7 +202,7 @@ public ServerCall.Listener<String> startCall(
             }).build());
 
     final AtomicReference<CallOptions> capturedCallOptions = new AtomicReference<>();
-    ClientInterceptor callOptionsCatureInterceptor = new ClientInterceptor() {
+    ClientInterceptor callOptionsCaptureInterceptor = new ClientInterceptor() {
       @Override
       public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
           MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
@@ -204,7 +212,7 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
     };
     Channel interceptedChannel =
         ClientInterceptors.intercept(
-            grpcServerRule.getChannel(), callOptionsCatureInterceptor,
+            grpcServerRule.getChannel(), callOptionsCaptureInterceptor,
             module.getClientInterceptor("target:///"));
     ClientCall<String, String> call;
     call = interceptedChannel.newCall(method, CALL_OPTIONS);
@@ -378,6 +386,88 @@ public void clientBasicMetrics() {
                                         .hasBucketCounts(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                                             0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0,
                                             0, 0, 0, 0, 0, 0, 0, 0, 0))));
+
+    assertThat(openTelemetryTesting.getMetrics())
+        .extracting("name")
+        .doesNotContain(
+            CLIENT_CALL_RETRIES,
+            CLIENT_CALL_TRANSPARENT_RETRIES,
+            CLIENT_CALL_HEDGES,
+            CLIENT_CALL_RETRY_DELAY);
+  }
+
+  @Test
+  public void clientBasicMetrics_withRetryMetricsEnabled_shouldRecordZeroOrBeAbsent() {
+    // Explicitly enable the retry metrics
+    Map<String, Boolean> enabledMetrics = ImmutableMap.of(
+        CLIENT_CALL_RETRIES, true,
+        CLIENT_CALL_TRANSPARENT_RETRIES, true,
+        CLIENT_CALL_HEDGES, true,
+        CLIENT_CALL_RETRY_DELAY, true
+    );
+
+    String target = "target:///";
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetrics, disableDefaultMetrics);
+    OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
+    OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
+        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+    ClientStreamTracer tracer =
+        callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
+
+    fakeClock.forwardTime(30, TimeUnit.MILLISECONDS);
+    tracer.outboundHeaders();
+    fakeClock.forwardTime(100, TimeUnit.MILLISECONDS);
+    tracer.outboundMessage(0);
+    tracer.streamClosed(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK);
+
+    io.opentelemetry.api.common.Attributes finalAttributes
+        = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName());
+
+    assertThat(openTelemetryTesting.getMetrics())
+        .satisfiesExactlyInAnyOrder(
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_DURATION_INSTRUMENT_NAME),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_SENT_TOTAL_COMPRESSED_MESSAGE_SIZE),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_RECV_TOTAL_COMPRESSED_MESSAGE_SIZE),
+            metric -> assertThat(metric).hasName(CLIENT_CALL_DURATION),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_RETRY_DELAY)
+                .hasHistogramSatisfying(
+                    histogram ->
+                        histogram.hasPointsSatisfying(
+                            point ->
+                                point
+                                    .hasSum(0)
+                                    .hasCount(1)
+                                    .hasAttributes(finalAttributes)))
+
+        );
+
+    List<String> optionalMetricNames = Arrays.asList(
+        CLIENT_CALL_RETRIES,
+        CLIENT_CALL_TRANSPARENT_RETRIES,
+        CLIENT_CALL_HEDGES);
+
+    for (String metricName : optionalMetricNames) {
+      Optional<MetricData> metric = openTelemetryTesting.getMetrics().stream()
+          .filter(m -> m.getName().equals(metricName))
+          .findFirst();
+      if (metric.isPresent()) {
+        assertThat(metric.get())
+            .hasHistogramSatisfying(
+                histogram ->
+                    histogram.hasPointsSatisfying(
+                        point ->
+                            point
+                                .hasSum(0)
+                                .hasCount(1)
+                                .hasAttributes(finalAttributes)));
+      }
+    }
   }
 
   // This test is only unit-testing the metrics recording logic. The retry behavior is faked.
@@ -831,6 +921,182 @@ public void recordAttemptMetrics() {
                                             .hasBucketBoundaries(sizeBuckets))));
   }
 
+  @Test
+  public void recordAttemptMetrics_withRetryMetricsEnabled() {
+    Map<String, Boolean> enabledMetrics = ImmutableMap.of(
+        CLIENT_CALL_RETRIES, true,
+        CLIENT_CALL_TRANSPARENT_RETRIES, true,
+        CLIENT_CALL_HEDGES, true,
+        CLIENT_CALL_RETRY_DELAY, true
+    );
+
+    String target = "dns:///example.com";
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetrics, disableDefaultMetrics);
+    OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
+    OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
+        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target,
+            method.getFullMethodName(), emptyList());
+
+    ClientStreamTracer tracer =
+        callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
+    fakeClock.forwardTime(154, TimeUnit.MILLISECONDS);
+    tracer.streamClosed(Status.UNAVAILABLE);
+
+    fakeClock.forwardTime(1000, TimeUnit.MILLISECONDS);
+    tracer = callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
+    fakeClock.forwardTime(100, TimeUnit.MILLISECONDS);
+    tracer.streamClosed(Status.NOT_FOUND);
+
+    fakeClock.forwardTime(10, TimeUnit.MILLISECONDS);
+    tracer = callAttemptsTracerFactory.newClientStreamTracer(
+        STREAM_INFO.toBuilder().setIsTransparentRetry(true).build(), new Metadata());
+    fakeClock.forwardTime(32, MILLISECONDS);
+    tracer.streamClosed(Status.UNAVAILABLE);
+
+    fakeClock.forwardTime(10, MILLISECONDS);
+    tracer = callAttemptsTracerFactory.newClientStreamTracer(
+        STREAM_INFO.toBuilder().setIsTransparentRetry(true).build(), new Metadata());
+    tracer.inboundWireSize(33);
+    fakeClock.forwardTime(24, MILLISECONDS);
+    tracer.streamClosed(Status.OK); // RPC succeeded
+
+    // --- The overall call ends ---
+    callAttemptsTracerFactory.callEnded(Status.OK);
+
+    // Define attributes for assertions
+    io.opentelemetry.api.common.Attributes finalAttributes
+        = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName());
+
+    // FINAL ASSERTION BLOCK
+    assertThat(openTelemetryTesting.getMetrics())
+        .satisfiesExactlyInAnyOrder(
+            // Default metrics
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_DURATION_INSTRUMENT_NAME),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_SENT_TOTAL_COMPRESSED_MESSAGE_SIZE),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_RECV_TOTAL_COMPRESSED_MESSAGE_SIZE),
+            metric -> assertThat(metric).hasName(CLIENT_CALL_DURATION),
+
+            // --- Assertions for the retry metrics ---
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_RETRIES)
+                .hasUnit("{retry}")
+                .hasHistogramSatisfying(histogram -> histogram.hasPointsSatisfying(
+                    point -> point
+                        .hasCount(1)
+                        .hasSum(1) // We faked one standard retry
+                        .hasAttributes(finalAttributes))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_TRANSPARENT_RETRIES)
+                .hasUnit("{transparent_retry}")
+                .hasHistogramSatisfying(histogram -> histogram.hasPointsSatisfying(
+                    point -> point
+                        .hasCount(1)
+                        .hasSum(2) // We faked two transparent retries
+                        .hasAttributes(finalAttributes))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_RETRY_DELAY)
+                .hasUnit("s")
+                .hasHistogramSatisfying(histogram -> histogram.hasPointsSatisfying(
+                    point -> point
+                        .hasCount(1)
+                        .hasSum(1.02) // 1000ms + 10ms + 10ms
+                        .hasAttributes(finalAttributes)))
+        );
+  }
+
+  @Test
+  public void recordAttemptMetrics_withHedgedCalls() {
+    // Enable the retry metrics, including hedges
+    Map<String, Boolean> enabledMetrics = ImmutableMap.of(
+        CLIENT_CALL_RETRIES, true,
+        CLIENT_CALL_TRANSPARENT_RETRIES, true,
+        CLIENT_CALL_HEDGES, true,
+        CLIENT_CALL_RETRY_DELAY, true
+    );
+
+    String target = "dns:///example.com";
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetrics, disableDefaultMetrics);
+    OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
+    OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
+        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target,
+            method.getFullMethodName(), emptyList());
+
+    // Create a StreamInfo specifically for hedged attempts
+    final ClientStreamTracer.StreamInfo hedgedStreamInfo =
+        STREAM_INFO.toBuilder().setIsHedging(true).build();
+
+    // --- First attempt starts ---
+    ClientStreamTracer tracer =
+        callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
+
+    // --- Faking a hedged attempt ---
+    fakeClock.forwardTime(10, TimeUnit.MILLISECONDS); // Hedging delay
+    ClientStreamTracer hedgeTracer1 =
+        callAttemptsTracerFactory.newClientStreamTracer(hedgedStreamInfo, new Metadata());
+
+    // --- Faking a second hedged attempt ---
+    fakeClock.forwardTime(20, TimeUnit.MILLISECONDS); // Another hedging delay
+    ClientStreamTracer hedgeTracer2 =
+        callAttemptsTracerFactory.newClientStreamTracer(hedgedStreamInfo, new Metadata());
+
+    // --- Let the attempts resolve ---
+    fakeClock.forwardTime(50, TimeUnit.MILLISECONDS);
+    // Initial attempt is cancelled because a hedge will succeed
+    tracer.streamClosed(Status.CANCELLED);
+    hedgeTracer1.streamClosed(Status.UNAVAILABLE); // First hedge fails
+
+    fakeClock.forwardTime(30, TimeUnit.MILLISECONDS);
+    hedgeTracer2.streamClosed(Status.OK); // Second hedge succeeds
+
+    // --- The overall call ends ---
+    callAttemptsTracerFactory.callEnded(Status.OK);
+
+    // Define attributes for assertions
+    io.opentelemetry.api.common.Attributes finalAttributes
+        = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName());
+
+    // FINAL ASSERTION BLOCK
+    // We expect 7 metrics: 5 default + hedges + retry_delay.
+    // Retries and transparent_retries are 0 and will not be reported.
+    assertThat(openTelemetryTesting.getMetrics())
+        .satisfiesExactlyInAnyOrder(
+            // Default metrics
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_DURATION_INSTRUMENT_NAME),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_SENT_TOTAL_COMPRESSED_MESSAGE_SIZE),
+            metric -> assertThat(metric).hasName(CLIENT_ATTEMPT_RECV_TOTAL_COMPRESSED_MESSAGE_SIZE),
+            metric -> assertThat(metric).hasName(CLIENT_CALL_DURATION),
+
+            // --- Assertions for the NEW metrics ---
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_HEDGES)
+                .hasUnit("{hedge}")
+                .hasHistogramSatisfying(histogram -> histogram.hasPointsSatisfying(
+                    point -> point
+                        .hasCount(1)
+                        .hasSum(2)
+                        .hasAttributes(finalAttributes))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_RETRY_DELAY)
+                .hasUnit("s")
+                .hasHistogramSatisfying(
+                    histogram ->
+                        histogram.hasPointsSatisfying(
+                            point ->
+                                point
+                                    .hasCount(1)
+                                    .hasSum(0)
+                                    .hasAttributes(finalAttributes)))
+        );
+  }
+
   @Test
   public void clientStreamNeverCreatedStillRecordMetrics() {
     String target = "dns:///foo.example.com";

From 55aefd5b8e76a15861c5988d1d8ced0a58160303 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 25 Sep 2025 11:03:54 +0530
Subject: [PATCH 392/591] compiler: Protobuf upgrade to 26.1 (#12330)

---
 buildscripts/kokoro/windows32.bat  | 2 +-
 buildscripts/kokoro/windows64.bat  | 2 +-
 buildscripts/make_dependencies.bat | 6 +++---
 buildscripts/make_dependencies.sh  | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/buildscripts/kokoro/windows32.bat b/buildscripts/kokoro/windows32.bat
index f87899d0ab8..2b925c3095c 100644
--- a/buildscripts/kokoro/windows32.bat
+++ b/buildscripts/kokoro/windows32.bat
@@ -25,7 +25,7 @@ cd "%WORKSPACE%"
 
 SET TARGET_ARCH=x86_32
 SET FAIL_ON_WARNINGS=true
-SET PROTOBUF_VER=22.5
+SET PROTOBUF_VER=26.1
 SET PKG_CONFIG_PATH=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib\\pkgconfig
 SET VC_PROTOBUF_LIBS=/LIBPATH:%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib
 SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\include
diff --git a/buildscripts/kokoro/windows64.bat b/buildscripts/kokoro/windows64.bat
index 0a99f47dd3d..0bed4612bcf 100644
--- a/buildscripts/kokoro/windows64.bat
+++ b/buildscripts/kokoro/windows64.bat
@@ -24,7 +24,7 @@ cd "%WORKSPACE%"
 
 SET TARGET_ARCH=x86_64
 SET FAIL_ON_WARNINGS=true
-SET PROTOBUF_VER=22.5
+SET PROTOBUF_VER=26.1
 SET PKG_CONFIG_PATH=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib\\pkgconfig
 SET VC_PROTOBUF_LIBS=/LIBPATH:%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib
 SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\include
diff --git a/buildscripts/make_dependencies.bat b/buildscripts/make_dependencies.bat
index dce08ef7624..adb7a1fbcbc 100644
--- a/buildscripts/make_dependencies.bat
+++ b/buildscripts/make_dependencies.bat
@@ -1,8 +1,8 @@
 choco install -y pkgconfiglite
 choco install -y openjdk --version=17.0
 set PATH=%PATH%;"c:\Program Files\OpenJDK\jdk-17\bin"
-set PROTOBUF_VER=22.5
-set ABSL_VERSION=20230125.4
+set PROTOBUF_VER=26.1
+set ABSL_VERSION=20250127.1
 set CMAKE_NAME=cmake-3.26.3-windows-x86_64
 
 if not exist "protobuf-%PROTOBUF_VER%\build\Release\" (
@@ -51,7 +51,7 @@ for /f "tokens=4 delims=\" %%a in ("%VCINSTALLDIR%") do (
 for /f "tokens=1 delims=." %%a in ("%VisualStudioVersion%") do (
   SET visual_studio_major_version=%%a
 )
-cmake -Dprotobuf_BUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=%cd%\protobuf-%PROTOBUF_VER% -DCMAKE_PREFIX_PATH=%cd%\protobuf-%PROTOBUF_VER% -G "Visual Studio %visual_studio_major_version% %VC_YEAR%" %CMAKE_VSARCH% .. || exit /b 1
+cmake -DABSL_MSVC_STATIC_RUNTIME=ON -Dprotobuf_BUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=%cd%\protobuf-%PROTOBUF_VER% -DCMAKE_PREFIX_PATH=%cd%\protobuf-%PROTOBUF_VER% -G "Visual Studio %visual_studio_major_version% %VC_YEAR%" %CMAKE_VSARCH% .. || exit /b 1
 cmake --build . --config Release --target install || exit /b 1
 popd
 goto :eof
diff --git a/buildscripts/make_dependencies.sh b/buildscripts/make_dependencies.sh
index 73cb54b7b68..7dc94299daf 100755
--- a/buildscripts/make_dependencies.sh
+++ b/buildscripts/make_dependencies.sh
@@ -3,8 +3,8 @@
 # Build protoc
 set -evux -o pipefail
 
-PROTOBUF_VERSION=22.5
-ABSL_VERSION=20230125.4
+PROTOBUF_VERSION=26.1
+ABSL_VERSION=20250127.1
 CMAKE_VERSION=3.26.3
 
 # ARCH is x86_64 bit unless otherwise specified.

From 63fdaaccc025c243dd9f32f40e0f254d3ad2484a Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 25 Sep 2025 12:12:05 +0530
Subject: [PATCH 393/591] xds: SslContext updates handling when using system
 root certs (#12340)

Fixes the issues in SslContext not updated when using system root certs because it was using `CertProviderClientSslContextProvider` that relies on watcher updates from the certificate file watcher. This change creates a separate handler for system root certs and updates the SslContext on the `SslContextProvider` callback as soon as the provider is created.
---
 .../CertProviderClientSslContextProvider.java |  23 ++--
 .../CertProviderSslContextProvider.java       |  67 ++++++----
 .../certprovider/IgnoreUpdatesWatcher.java    |  68 ++++++++++
 .../SystemRootCertificateProvider.java        |  71 ++++++++++
 .../grpc/xds/XdsSecurityClientServerTest.java |  78 +++++++++--
 .../ClientSslContextProviderFactoryTest.java  |  32 +++--
 .../ServerSslContextProviderFactoryTest.java  |  16 +--
 ...tProviderClientSslContextProviderTest.java | 124 +++++++++++++++---
 8 files changed, 399 insertions(+), 80 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/security/certprovider/IgnoreUpdatesWatcher.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/security/certprovider/SystemRootCertificateProvider.java

diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
index d7c2267c48f..131ae6b6125 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
@@ -55,20 +55,19 @@ protected final SslContextBuilder getSslContextBuilder(
           CertificateValidationContext certificateValidationContextdationContext)
       throws CertStoreException {
     SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
-    // Null rootCertInstance implies hasSystemRootCerts because of the check in
-    // CertProviderClientSslContextProviderFactory.
-    if (rootCertInstance != null) {
-      if (savedSpiffeTrustMap != null) {
-        sslContextBuilder = sslContextBuilder.trustManager(
+    if (savedSpiffeTrustMap != null) {
+      sslContextBuilder = sslContextBuilder.trustManager(
+        new XdsTrustManagerFactory(
+            savedSpiffeTrustMap,
+            certificateValidationContextdationContext));
+    } else if (savedTrustedRoots != null) {
+      sslContextBuilder = sslContextBuilder.trustManager(
           new XdsTrustManagerFactory(
-              savedSpiffeTrustMap,
+              savedTrustedRoots.toArray(new X509Certificate[0]),
               certificateValidationContextdationContext));
-      } else {
-        sslContextBuilder = sslContextBuilder.trustManager(
-            new XdsTrustManagerFactory(
-                savedTrustedRoots.toArray(new X509Certificate[0]),
-                certificateValidationContextdationContext));
-      }
+    } else {
+      // Should be impossible because of the check in CertProviderClientSslContextProviderFactory
+      throw new IllegalStateException("There must be trusted roots or a SPIFFE trust map");
     }
     if (isMtls()) {
       sslContextBuilder.keyManager(savedKey, savedCertChain);
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
index 801dabeecb7..2570dcb731b 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
@@ -24,6 +24,7 @@
 import io.grpc.xds.client.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.internal.security.CommonTlsContextUtil;
 import io.grpc.xds.internal.security.DynamicSslContextProvider;
+import java.io.Closeable;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.List;
@@ -34,8 +35,8 @@
 abstract class CertProviderSslContextProvider extends DynamicSslContextProvider implements
     CertificateProvider.Watcher {
 
-  @Nullable private final CertificateProviderStore.Handle certHandle;
-  @Nullable private final CertificateProviderStore.Handle rootCertHandle;
+  @Nullable private final NoExceptionCloseable certHandle;
+  @Nullable private final NoExceptionCloseable rootCertHandle;
   @Nullable private final CertificateProviderInstance certInstance;
   @Nullable protected final CertificateProviderInstance rootCertInstance;
   @Nullable protected PrivateKey savedKey;
@@ -55,24 +56,33 @@ protected CertProviderSslContextProvider(
     super(tlsContext, staticCertValidationContext);
     this.certInstance = certInstance;
     this.rootCertInstance = rootCertInstance;
-    String certInstanceName = null;
-    if (certInstance != null && certInstance.isInitialized()) {
-      certInstanceName = certInstance.getInstanceName();
+    this.isUsingSystemRootCerts = rootCertInstance == null
+        && CommonTlsContextUtil.isUsingSystemRootCerts(tlsContext.getCommonTlsContext());
+    boolean createCertInstance = certInstance != null && certInstance.isInitialized();
+    boolean createRootCertInstance = rootCertInstance != null && rootCertInstance.isInitialized();
+    boolean sharedCertInstance = createCertInstance && createRootCertInstance
+        && rootCertInstance.getInstanceName().equals(certInstance.getInstanceName());
+    if (createCertInstance) {
       CertificateProviderInfo certProviderInstanceConfig =
-          getCertProviderConfig(certProviders, certInstanceName);
+          getCertProviderConfig(certProviders, certInstance.getInstanceName());
+      CertificateProvider.Watcher watcher = this;
+      if (!sharedCertInstance && !isUsingSystemRootCerts) {
+        watcher = new IgnoreUpdatesWatcher(watcher, /* ignoreRootCertUpdates= */ true);
+      }
+      // TODO: Previously we'd hang if certProviderInstanceConfig were null or
+      // certInstance.isInitialized() == false. Now we'll proceed. Those should be errors, or are
+      // they impossible and should be assertions?
       certHandle = certProviderInstanceConfig == null ? null
           : certificateProviderStore.createOrGetProvider(
               certInstance.getCertificateName(),
               certProviderInstanceConfig.pluginName(),
               certProviderInstanceConfig.config(),
-              this,
-              true);
+              watcher,
+              true)::close;
     } else {
       certHandle = null;
     }
-    if (rootCertInstance != null
-        && rootCertInstance.isInitialized()
-        && !rootCertInstance.getInstanceName().equals(certInstanceName)) {
+    if (createRootCertInstance && !sharedCertInstance) {
       CertificateProviderInfo certProviderInstanceConfig =
           getCertProviderConfig(certProviders, rootCertInstance.getInstanceName());
       rootCertHandle = certProviderInstanceConfig == null ? null
@@ -80,13 +90,16 @@ protected CertProviderSslContextProvider(
               rootCertInstance.getCertificateName(),
               certProviderInstanceConfig.pluginName(),
               certProviderInstanceConfig.config(),
-              this,
-              true);
+              new IgnoreUpdatesWatcher(this, /* ignoreRootCertUpdates= */ false),
+              false)::close;
+    } else if (rootCertInstance == null
+        && CommonTlsContextUtil.isUsingSystemRootCerts(tlsContext.getCommonTlsContext())) {
+      SystemRootCertificateProvider systemRootProvider = new SystemRootCertificateProvider(this);
+      systemRootProvider.start();
+      rootCertHandle = systemRootProvider::close;
     } else {
       rootCertHandle = null;
     }
-    this.isUsingSystemRootCerts = rootCertInstance == null
-        && CommonTlsContextUtil.isUsingSystemRootCerts(tlsContext.getCommonTlsContext());
   }
 
   private static CertificateProviderInfo getCertProviderConfig(
@@ -150,17 +163,16 @@ public final void updateSpiffeTrustMap(Map<String, List<X509Certificate>> spiffe
 
   private void updateSslContextWhenReady() {
     if (isMtls()) {
-      if (savedKey != null
-          && (savedTrustedRoots != null || isUsingSystemRootCerts || savedSpiffeTrustMap != null)) {
+      if (savedKey != null && (savedTrustedRoots != null || savedSpiffeTrustMap != null)) {
         updateSslContext();
         clearKeysAndCerts();
       }
-    } else if (isClientSideTls()) {
+    } else if (isRegularTlsAndClientSide()) {
       if (savedTrustedRoots != null || savedSpiffeTrustMap != null) {
         updateSslContext();
         clearKeysAndCerts();
       }
-    } else if (isServerSideTls()) {
+    } else if (isRegularTlsAndServerSide()) {
       if (savedKey != null) {
         updateSslContext();
         clearKeysAndCerts();
@@ -170,8 +182,10 @@ private void updateSslContextWhenReady() {
 
   private void clearKeysAndCerts() {
     savedKey = null;
-    savedTrustedRoots = null;
-    savedSpiffeTrustMap = null;
+    if (!isUsingSystemRootCerts) {
+      savedTrustedRoots = null;
+      savedSpiffeTrustMap = null;
+    }
     savedCertChain = null;
   }
 
@@ -179,11 +193,11 @@ protected final boolean isMtls() {
     return certInstance != null && (rootCertInstance != null || isUsingSystemRootCerts);
   }
 
-  protected final boolean isClientSideTls() {
-    return rootCertInstance != null && certInstance == null;
+  protected final boolean isRegularTlsAndClientSide() {
+    return (rootCertInstance != null || isUsingSystemRootCerts) && certInstance == null;
   }
 
-  protected final boolean isServerSideTls() {
+  protected final boolean isRegularTlsAndServerSide() {
     return certInstance != null && rootCertInstance == null;
   }
 
@@ -201,4 +215,9 @@ public final void close() {
       rootCertHandle.close();
     }
   }
+
+  interface NoExceptionCloseable extends Closeable {
+    @Override
+    void close();
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/IgnoreUpdatesWatcher.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/IgnoreUpdatesWatcher.java
new file mode 100644
index 00000000000..cd9d88be41b
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/IgnoreUpdatesWatcher.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.security.certprovider;
+
+import static java.util.Objects.requireNonNull;
+
+import com.google.common.annotations.VisibleForTesting;
+import io.grpc.Status;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Map;
+
+public final class IgnoreUpdatesWatcher implements CertificateProvider.Watcher {
+  private final CertificateProvider.Watcher delegate;
+  private final boolean ignoreRootCertUpdates;
+
+  public IgnoreUpdatesWatcher(
+      CertificateProvider.Watcher delegate, boolean ignoreRootCertUpdates) {
+    this.delegate = requireNonNull(delegate, "delegate");
+    this.ignoreRootCertUpdates = ignoreRootCertUpdates;
+  }
+
+  @Override
+  public void updateCertificate(PrivateKey key, List<X509Certificate> certChain) {
+    if (ignoreRootCertUpdates) {
+      delegate.updateCertificate(key, certChain);
+    }
+  }
+
+  @Override
+  public void updateTrustedRoots(List<X509Certificate> trustedRoots) {
+    if (!ignoreRootCertUpdates) {
+      delegate.updateTrustedRoots(trustedRoots);
+    }
+  }
+
+  @Override
+  public void updateSpiffeTrustMap(Map<String, List<X509Certificate>> spiffeTrustMap) {
+    if (!ignoreRootCertUpdates) {
+      delegate.updateSpiffeTrustMap(spiffeTrustMap);
+    }
+  }
+
+  @Override
+  public void onError(Status errorStatus) {
+    delegate.onError(errorStatus);
+  }
+
+  @VisibleForTesting
+  public CertificateProvider.Watcher getDelegate() {
+    return delegate;
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/SystemRootCertificateProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/SystemRootCertificateProvider.java
new file mode 100644
index 00000000000..7c60f714e71
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/SystemRootCertificateProvider.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2020 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.security.certprovider;
+
+import io.grpc.Status;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.stream.Collectors;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * An non-registered provider for CertProviderSslContextProvider to use the same code path for
+ * system root certs as provider-obtained certs.
+ */
+final class SystemRootCertificateProvider extends CertificateProvider {
+  public SystemRootCertificateProvider(CertificateProvider.Watcher watcher) {
+    super(new DistributorWatcher(), false);
+    getWatcher().addWatcher(watcher);
+  }
+
+  @Override
+  public void start() {
+    try {
+      TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
+          TrustManagerFactory.getDefaultAlgorithm());
+      trustManagerFactory.init((KeyStore) null);
+
+      List<TrustManager> trustManagers = Arrays.asList(trustManagerFactory.getTrustManagers());
+      List<X509Certificate> rootCerts = trustManagers.stream()
+          .filter(X509TrustManager.class::isInstance)
+          .map(X509TrustManager.class::cast)
+          .map(trustManager -> Arrays.asList(trustManager.getAcceptedIssuers()))
+          .flatMap(Collection::stream)
+          .collect(Collectors.toList());
+      getWatcher().updateTrustedRoots(rootCerts);
+    } catch (KeyStoreException | NoSuchAlgorithmException ex) {
+      getWatcher().onError(Status.UNAVAILABLE
+          .withDescription("Could not load system root certs")
+          .withCause(ex));
+    }
+  }
+
+  @Override
+  public void close() {
+    // Unnecessary because there's no more callbacks, but do it for good measure
+    for (Watcher watcher : getWatcher().getDownstreamWatchers()) {
+      getWatcher().removeWatcher(watcher);
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index 23068d665bf..e46e440475a 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -37,6 +37,7 @@
 import com.google.common.util.concurrent.SettableFuture;
 import io.envoyproxy.envoy.config.core.v3.SocketAddress.Protocol;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
+import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.Grpc;
@@ -117,6 +118,8 @@
 @RunWith(Parameterized.class)
 public class XdsSecurityClientServerTest {
 
+  private static final String SAN_TO_MATCH = "waterzooi.test.google.be";
+
   @Parameter
   public Boolean enableSpiffe;
   private Boolean originalEnableSpiffe;
@@ -206,7 +209,8 @@ public void tlsClientServer_noClientAuthentication() throws Exception {
    * Uses common_tls_context.combined_validation_context in upstream_tls_context.
    */
   @Test
-  public void tlsClientServer_useSystemRootCerts_useCombinedValidationContext() throws Exception {
+  public void tlsClientServer_useSystemRootCerts_noMtls_useCombinedValidationContext()
+      throws Exception {
     Path trustStoreFilePath = getCacertFilePathForTestCa();
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
@@ -217,7 +221,7 @@ public void tlsClientServer_useSystemRootCerts_useCombinedValidationContext() th
 
       UpstreamTlsContext upstreamTlsContext =
           setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, true);
+              CLIENT_PEM_FILE, true, SAN_TO_MATCH, false);
 
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
           getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -233,7 +237,7 @@ public void tlsClientServer_useSystemRootCerts_useCombinedValidationContext() th
    * Uses common_tls_context.validation_context in upstream_tls_context.
    */
   @Test
-  public void tlsClientServer_useSystemRootCerts_validationContext() throws Exception {
+  public void tlsClientServer_useSystemRootCerts_noMtls_validationContext() throws Exception {
     Path trustStoreFilePath = getCacertFilePathForTestCa().toAbsolutePath();
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
@@ -244,7 +248,7 @@ public void tlsClientServer_useSystemRootCerts_validationContext() throws Except
 
       UpstreamTlsContext upstreamTlsContext =
           setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, false);
+              CLIENT_PEM_FILE, false, SAN_TO_MATCH, false);
 
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
           getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -255,9 +259,60 @@ public void tlsClientServer_useSystemRootCerts_validationContext() throws Except
     }
   }
 
+  @Test
+  public void tlsClientServer_useSystemRootCerts_mtls() throws Exception {
+    Path trustStoreFilePath = getCacertFilePathForTestCa();
+    try {
+      setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
+      DownstreamTlsContext downstreamTlsContext =
+          setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+              null, false, true);
+      buildServerWithTlsContext(downstreamTlsContext);
+
+      UpstreamTlsContext upstreamTlsContext =
+          setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, true, SAN_TO_MATCH, true);
+
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+          getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+      assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
+    } finally {
+      Files.deleteIfExists(trustStoreFilePath);
+      clearTrustStoreSystemProperties();
+    }
+  }
+
+  @Test
+  public void tlsClientServer_useSystemRootCerts_failureToMatchSubjAltNames() throws Exception {
+    Path trustStoreFilePath = getCacertFilePathForTestCa();
+    try {
+      setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
+      DownstreamTlsContext downstreamTlsContext =
+          setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+              null, false, false);
+      buildServerWithTlsContext(downstreamTlsContext);
+
+      UpstreamTlsContext upstreamTlsContext =
+          setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, true, "server1.test.google.in", false);
+
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+          getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+      unaryRpc(/* requestMessage= */ "buddy", blockingStub);
+      fail("Expected handshake failure exception");
+    } catch (StatusRuntimeException e) {
+      assertThat(e.getCause()).isInstanceOf(SSLHandshakeException.class);
+      assertThat(e.getCause().getCause()).isInstanceOf(CertificateException.class);
+      assertThat(e.getCause().getCause().getMessage()).isEqualTo(
+          "Peer certificate SAN check failed");
+    } finally {
+      Files.deleteIfExists(trustStoreFilePath);
+      clearTrustStoreSystemProperties();
+    }
+  }
+
   /**
    * Use system root ca cert for TLS channel - mTLS.
-   * Uses common_tls_context.combined_validation_context in upstream_tls_context.
    */
   @Test
   public void tlsClientServer_useSystemRootCerts_requireClientAuth() throws Exception {
@@ -266,12 +321,12 @@ public void tlsClientServer_useSystemRootCerts_requireClientAuth() throws Except
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
       DownstreamTlsContext downstreamTlsContext =
           setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
-              null, false, false);
+              null, false, true);
       buildServerWithTlsContext(downstreamTlsContext);
 
       UpstreamTlsContext upstreamTlsContext =
           setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, true);
+              CLIENT_PEM_FILE, true, SAN_TO_MATCH, false);
 
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
           getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -549,20 +604,25 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContext(String cli
         .buildUpstreamTlsContext("google_cloud_private_spiffe-client", hasIdentityCert);
   }
 
+  @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
   private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(
       String clientKeyFile,
       String clientPemFile,
-      boolean useCombinedValidationContext) {
+      boolean useCombinedValidationContext, String sanToMatch, boolean isMtls) {
     bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", clientKeyFile, clientPemFile,
             CA_PEM_FILE, null, null, null, null, null);
     if (useCombinedValidationContext) {
       return CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(
-          "google_cloud_private_spiffe-client", "ROOT", null,
+          isMtls ? "google_cloud_private_spiffe-client" : null,
+          isMtls ? "ROOT" : null, null,
           null, null,
           CertificateValidationContext.newBuilder()
               .setSystemRootCerts(
                   CertificateValidationContext.SystemRootCerts.newBuilder().build())
+              .addMatchSubjectAltNames(
+                  StringMatcher.newBuilder()
+                      .setExact(sanToMatch))
               .build());
     }
     return CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
index 397fe01e0f5..a0eac581d5c 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
@@ -37,6 +37,7 @@
 import io.grpc.xds.internal.security.certprovider.CertificateProviderProvider;
 import io.grpc.xds.internal.security.certprovider.CertificateProviderRegistry;
 import io.grpc.xds.internal.security.certprovider.CertificateProviderStore;
+import io.grpc.xds.internal.security.certprovider.IgnoreUpdatesWatcher;
 import io.grpc.xds.internal.security.certprovider.TestCertificateProvider;
 import org.junit.Before;
 import org.junit.Test;
@@ -84,7 +85,7 @@ public void createCertProviderClientSslContextProvider() throws XdsInitializatio
         clientSslContextProviderFactory.create(upstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderClientSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], false);
     // verify that bootstrapInfo is cached...
     sslContextProvider =
         clientSslContextProviderFactory.create(upstreamTlsContext);
@@ -119,7 +120,7 @@ public void bothPresent_expectCertProviderClientSslContextProvider()
         clientSslContextProviderFactory.create(upstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderClientSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
   }
 
   @Test
@@ -145,7 +146,7 @@ public void createCertProviderClientSslContextProvider_onlyRootCert()
             clientSslContextProviderFactory.create(upstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderClientSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
   }
 
   @Test
@@ -179,7 +180,7 @@ public void createCertProviderClientSslContextProvider_withStaticContext()
             clientSslContextProviderFactory.create(upstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderClientSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
   }
 
   @Test
@@ -209,8 +210,8 @@ public void createCertProviderClientSslContextProvider_2providers()
         clientSslContextProviderFactory.create(upstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderClientSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
-    verifyWatcher(sslContextProvider, watcherCaptor[1]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
+    verifyWatcher(sslContextProvider, watcherCaptor[1], true);
   }
 
   @Test
@@ -246,8 +247,8 @@ public void createNewCertProviderClientSslContextProvider_withSans() {
         clientSslContextProviderFactory.create(upstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderClientSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
-    verifyWatcher(sslContextProvider, watcherCaptor[1]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
+    verifyWatcher(sslContextProvider, watcherCaptor[1], true);
   }
 
   @Test
@@ -280,7 +281,7 @@ public void createNewCertProviderClientSslContextProvider_onlyRootCert() {
         clientSslContextProviderFactory.create(upstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderClientSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
   }
 
   static void createAndRegisterProviderProvider(
@@ -310,11 +311,18 @@ public CertificateProvider answer(InvocationOnMock invocation) throws Throwable
   }
 
   static void verifyWatcher(
-      SslContextProvider sslContextProvider, CertificateProvider.DistributorWatcher watcherCaptor) {
+      SslContextProvider sslContextProvider, CertificateProvider.DistributorWatcher watcherCaptor,
+      boolean usesDelegateWatcher) {
     assertThat(watcherCaptor).isNotNull();
     assertThat(watcherCaptor.getDownstreamWatchers()).hasSize(1);
-    assertThat(watcherCaptor.getDownstreamWatchers().iterator().next())
-        .isSameInstanceAs(sslContextProvider);
+    if (usesDelegateWatcher) {
+      assertThat(((IgnoreUpdatesWatcher) watcherCaptor.getDownstreamWatchers().iterator().next())
+          .getDelegate())
+          .isSameInstanceAs(sslContextProvider);
+    } else {
+      assertThat(watcherCaptor.getDownstreamWatchers().iterator().next())
+          .isSameInstanceAs(sslContextProvider);
+    }
   }
 
   static CommonTlsContext.Builder addFilenames(
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java
index cf86b511f1f..7a5a6c00639 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java
@@ -78,7 +78,7 @@ public void createCertProviderServerSslContextProvider() throws XdsInitializatio
         serverSslContextProviderFactory.create(downstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderServerSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], false);
     // verify that bootstrapInfo is cached...
     sslContextProvider =
         serverSslContextProviderFactory.create(downstreamTlsContext);
@@ -117,7 +117,7 @@ public void bothPresent_expectCertProviderServerSslContextProvider()
         serverSslContextProviderFactory.create(downstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderServerSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
   }
 
   @Test
@@ -144,7 +144,7 @@ public void createCertProviderServerSslContextProvider_onlyCertInstance()
             serverSslContextProviderFactory.create(downstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderServerSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
   }
 
   @Test
@@ -179,7 +179,7 @@ public void createCertProviderServerSslContextProvider_withStaticContext()
             serverSslContextProviderFactory.create(downstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderServerSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], false);
   }
 
   @Test
@@ -210,8 +210,8 @@ public void createCertProviderServerSslContextProvider_2providers()
         serverSslContextProviderFactory.create(downstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderServerSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
-    verifyWatcher(sslContextProvider, watcherCaptor[1]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
+    verifyWatcher(sslContextProvider, watcherCaptor[1], true);
   }
 
   @Test
@@ -249,7 +249,7 @@ public void createNewCertProviderServerSslContextProvider_withSans()
         serverSslContextProviderFactory.create(downstreamTlsContext);
     assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
         "CertProviderServerSslContextProvider");
-    verifyWatcher(sslContextProvider, watcherCaptor[0]);
-    verifyWatcher(sslContextProvider, watcherCaptor[1]);
+    verifyWatcher(sslContextProvider, watcherCaptor[0], true);
+    verifyWatcher(sslContextProvider, watcherCaptor[1], true);
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
index b0800458d66..3c734df3f5a 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
@@ -72,15 +72,28 @@ private CertProviderClientSslContextProvider getSslContextProvider(
       String rootInstanceName,
       Bootstrapper.BootstrapInfo bootstrapInfo,
       Iterable<String> alpnProtocols,
-      CertificateValidationContext staticCertValidationContext) {
-    EnvoyServerProtoData.UpstreamTlsContext upstreamTlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(
-            certInstanceName,
-            "cert-default",
-            rootInstanceName,
-            "root-default",
-            alpnProtocols,
-            staticCertValidationContext);
+      CertificateValidationContext staticCertValidationContext,
+      boolean useSystemRootCerts) {
+    EnvoyServerProtoData.UpstreamTlsContext upstreamTlsContext;
+    if (useSystemRootCerts) {
+      upstreamTlsContext =
+              CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(
+                      certInstanceName,
+                      "cert-default",
+                      rootInstanceName,
+                      "root-default",
+                      alpnProtocols,
+                      staticCertValidationContext);
+    } else {
+      upstreamTlsContext =
+              CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(
+                      certInstanceName,
+                      "cert-default",
+                      rootInstanceName,
+                      "root-default",
+                      alpnProtocols,
+                      staticCertValidationContext);
+    }
     return (CertProviderClientSslContextProvider)
         certProviderClientSslContextProviderFactory.getProvider(
             upstreamTlsContext,
@@ -122,7 +135,7 @@ public void testProviderForClient_mtls() throws Exception {
             "gcp_id",
             CommonBootstrapperTestUtils.getTestBootstrapInfo(),
             /* alpnProtocols= */ null,
-            /* staticCertValidationContext= */ null);
+            /* staticCertValidationContext= */ null, false);
 
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
@@ -173,6 +186,87 @@ public void testProviderForClient_mtls() throws Exception {
     assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
   }
 
+  @Test
+  public void testProviderForClient_systemRootCerts_regularTls() {
+    final CertificateProvider.DistributorWatcher[] watcherCaptor =
+            new CertificateProvider.DistributorWatcher[1];
+    TestCertificateProvider.createAndRegisterProviderProvider(
+            certificateProviderRegistry, watcherCaptor, "testca", 0);
+    CertProviderClientSslContextProvider provider =
+        getSslContextProvider(
+                null,
+                null,
+            CommonBootstrapperTestUtils.getTestBootstrapInfo(),
+            /* alpnProtocols= */ null,
+            CertificateValidationContext.newBuilder()
+                .setSystemRootCerts(
+                        CertificateValidationContext.SystemRootCerts.getDefaultInstance())
+                .build(),
+            true);
+
+    assertThat(provider.savedKey).isNull();
+    assertThat(provider.savedCertChain).isNull();
+    assertThat(provider.savedTrustedRoots).isNotNull();
+    assertThat(provider.getSslContext()).isNotNull();
+    TestCallback testCallback =
+        CommonTlsContextTestsUtil.getValueThruCallback(provider);
+    assertThat(testCallback.updatedSslContext).isEqualTo(provider.getSslContext());
+
+    assertThat(watcherCaptor[0]).isNull();
+  }
+
+  @Test
+  public void testProviderForClient_systemRootCerts_mtls() throws Exception {
+    final CertificateProvider.DistributorWatcher[] watcherCaptor =
+        new CertificateProvider.DistributorWatcher[1];
+    TestCertificateProvider.createAndRegisterProviderProvider(
+        certificateProviderRegistry, watcherCaptor, "testca", 0);
+    CertProviderClientSslContextProvider provider =
+        getSslContextProvider(
+            "gcp_id",
+            null,
+            CommonBootstrapperTestUtils.getTestBootstrapInfo(),
+            /* alpnProtocols= */ null,
+            CertificateValidationContext.newBuilder()
+                .setSystemRootCerts(
+                    CertificateValidationContext.SystemRootCerts.getDefaultInstance())
+                .build(),
+        true);
+
+    assertThat(provider.savedKey).isNull();
+    assertThat(provider.savedCertChain).isNull();
+    assertThat(provider.savedTrustedRoots).isNotNull();
+    assertThat(provider.getSslContext()).isNull();
+
+    // now generate cert update
+    watcherCaptor[0].updateCertificate(
+        CommonCertProviderTestUtils.getPrivateKey(CLIENT_KEY_FILE),
+        ImmutableList.of(getCertFromResourceName(CLIENT_PEM_FILE)));
+    assertThat(provider.savedKey).isNull();
+    assertThat(provider.savedCertChain).isNull();
+    assertThat(provider.savedTrustedRoots).isNotNull();
+    assertThat(provider.getSslContext()).isNotNull();
+
+    TestCallback testCallback =
+        CommonTlsContextTestsUtil.getValueThruCallback(provider);
+
+    doChecksOnSslContext(false, testCallback.updatedSslContext, /* expectedApnProtos= */ null);
+    TestCallback testCallback1 =
+        CommonTlsContextTestsUtil.getValueThruCallback(provider);
+    assertThat(testCallback1.updatedSslContext).isSameInstanceAs(testCallback.updatedSslContext);
+
+    // now update id cert: sslContext should be updated i.e. different from the previous one
+    watcherCaptor[0].updateCertificate(
+        CommonCertProviderTestUtils.getPrivateKey(SERVER_1_KEY_FILE),
+        ImmutableList.of(getCertFromResourceName(SERVER_1_PEM_FILE)));
+    assertThat(provider.savedKey).isNull();
+    assertThat(provider.savedCertChain).isNull();
+    assertThat(provider.savedTrustedRoots).isNotNull();
+    assertThat(provider.getSslContext()).isNotNull();
+    testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
+    assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
+  }
+
   @Test
   public void testProviderForClient_mtls_newXds() throws Exception {
     final CertificateProvider.DistributorWatcher[] watcherCaptor =
@@ -248,7 +342,7 @@ public void testProviderForClient_queueExecutor() throws Exception {
             "gcp_id",
             CommonBootstrapperTestUtils.getTestBootstrapInfo(),
             /* alpnProtocols= */ null,
-            /* staticCertValidationContext= */ null);
+            /* staticCertValidationContext= */ null, false);
     QueuedExecutor queuedExecutor = new QueuedExecutor();
 
     TestCallback testCallback =
@@ -281,7 +375,7 @@ public void testProviderForClient_tls() throws Exception {
             "gcp_id",
             CommonBootstrapperTestUtils.getTestBootstrapInfo(),
             /* alpnProtocols= */ null,
-            /* staticCertValidationContext= */ null);
+            /* staticCertValidationContext= */ null, false);
 
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
@@ -318,7 +412,7 @@ public void testProviderForClient_sslContextException_onError() throws Exception
                     "gcp_id",
                     CommonBootstrapperTestUtils.getTestBootstrapInfo(),
                     /* alpnProtocols= */null,
-                    staticCertValidationContext);
+                    staticCertValidationContext, false);
 
     TestCallback testCallback = new TestCallback(MoreExecutors.directExecutor());
     provider.addCallback(testCallback);
@@ -350,7 +444,7 @@ public void testProviderForClient_rootInstanceNull_and_notUsingSystemRootCerts_e
           /* rootInstanceName= */ null,
           CommonBootstrapperTestUtils.getTestBootstrapInfo(),
           /* alpnProtocols= */ null,
-          /* staticCertValidationContext= */ null);
+          /* staticCertValidationContext= */ null, false);
       fail("exception expected");
     } catch (UnsupportedOperationException expected) {
       assertThat(expected).hasMessageThat().contains("Unsupported configurations in "
@@ -373,7 +467,7 @@ public void testProviderForClient_rootInstanceNull_but_isUsingSystemRootCerts_va
         CertificateValidationContext.newBuilder()
             .setSystemRootCerts(
                 CertificateValidationContext.SystemRootCerts.newBuilder().build())
-            .build());
+            .build(), false);
   }
 
   static class QueuedExecutor implements Executor {

From 5b876cc864f98e02c1aed215ae3fd9daa2b0f227 Mon Sep 17 00:00:00 2001
From: vimanikag <viswakarma18rc@gmail.com>
Date: Thu, 25 Sep 2025 13:29:36 +0530
Subject: [PATCH 394/591] xds: Handle wildcards in split patterns in DNS SAN
 exact matching (#12345)

Makes DNS SAN exact matching in xds handle wildcards in split patterns similar to Envoy.

Fixes #12326
---
 .../bad_wildcard_dns_certificate.pem          | 22 ++++++
 .../security/trust/XdsX509TrustManager.java   | 48 ++++++++++++
 .../security/CommonTlsContextTestsUtil.java   |  2 +
 .../trust/XdsX509TrustManagerTest.java        | 74 ++++++++++++++++++-
 4 files changed, 144 insertions(+), 2 deletions(-)
 create mode 100644 testing/src/main/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem

diff --git a/testing/src/main/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem b/testing/src/main/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem
new file mode 100644
index 00000000000..b015f62e51c
--- /dev/null
+++ b/testing/src/main/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsjCCApqgAwIBAgIUCs5j4C2KXgCRVFa48kc5TYRS1JwwDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOTXkgSW50ZXJuYWwgQ0EwIBcNMjUwOTIzMDc1NDUzWhgP
+MjEyNTA4MzAwNzU0NTNaMGUxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhJbGxpbm9p
+czEQMA4GA1UEBwwHQ2hpY2FnbzEVMBMGA1UECgwMRXhhbXBsZSwgQ28uMRowGAYD
+VQQDDBEqLnRlc3QuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKoqcnNh9MV39GH6JjC5KVMN6MO1IoTw6wHJN0JJ/nGNx6ycIsBK8SgJ
+eYRR2BEpT6WZba+f04KChcB4Z9tiPISNvUBpmEv76rAsdtcAZwSpF06q4wxHVE5F
+rX6mNT8hk448mDBDGHUXNAT6g/e/Vlt6U0XRyuu713gbZq1X6JH29FG7EJ3LUx35
+h6sEkvTlZZ3m6NJr7zYoqrYh/gRkPigtPxaNcoXo0gVm4IEde0sYz27SWyNH4v/o
+23NynSulOwx4DwEhBOXekLb5QJHBqwMTPynaMncBQIXF+PXeuxN9a3zR6DSn+jGw
+g008tS0tn2FuAvJDBl0paEykdOr2rNMCAwEAAaOBozCBoDALBgNVHQ8EBAMCBeAw
+EwYDVR0lBAwwCgYIKwYBBQUHAwEwPAYDVR0RBDUwM4IKbHkqKmZ0LmNvbYIIKnlm
+dC5jKm2CCS5seWZ0LmNvbYIOeG4tLSoubHlmdC5jb22CADAdBgNVHQ4EFgQUZoL2
+OzBtK/BUzSYfgXDx3iDjcIQwHwYDVR0jBBgwFoAUHlstFN5WSLSqyJgUDy6BB0z0
+BrgwDQYJKoZIhvcNAQELBQADggEBAMYwVOT7XZJMQ6n32pQqtZhJ/Z0wlVfCAbm0
+7xospeBt6KtOz2zIsvPpq0aqPjowMAeL1EZaBvmfm/XgWUU5e/3hLUIHOHyKfswB
+czDbY0RE8nfVDoF4Ck1ljPjvrFr4tSAxTzVA4JU5o3UXkblBg0LG6tTuLlZ3x5aF
+KtkZnszxjE+vOg6J9MDbFP/xtA1oVHyCvk+cUgnBxAoPShI+87DINGVTmztBSetK
+nJN9dOh7Q88NhTLHOe67Ora9Y0ZP+uFKHaqFv8qj8B/Q6ptb0CAksdL5EunkIHrq
+glKdVdYgIP2JpRwtvVHK5FzWBlGXCi3DxTyYi6FWqsSJ+heCS2w=
+-----END CERTIFICATE-----
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
index 1ecfe378d29..ebf7ea82184 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
@@ -147,6 +147,9 @@ private static boolean verifyDnsNameExact(
     if (Strings.isNullOrEmpty(sanToVerifyExact)) {
       return false;
     }
+    if (sanToVerifyExact.contains("*")) {
+      return verifyDnsNameWildcard(altNameFromCert, sanToVerifyExact, ignoreCase);
+    }
     return ignoreCase
         ? sanToVerifyExact.equalsIgnoreCase(altNameFromCert)
         : sanToVerifyExact.equals(altNameFromCert);
@@ -303,4 +306,49 @@ public X509Certificate[] getAcceptedIssuers() {
     }
     return delegate.getAcceptedIssuers();
   }
+
+  private static boolean verifyDnsNameWildcard(
+      String altNameFromCert, String sanToVerify, boolean ignoreCase) {
+    String[] splitPattern = splitAtFirstDelimiter(ignoreCase
+        ? sanToVerify.toLowerCase(Locale.ROOT) : sanToVerify);
+    String[] splitDnsName = splitAtFirstDelimiter(ignoreCase
+        ? altNameFromCert.toLowerCase(Locale.ROOT) : altNameFromCert);
+    if (splitPattern == null || splitDnsName == null) {
+      return false;
+    }
+    if (splitDnsName[0].startsWith("xn--")) {
+      return false;
+    }
+    if (splitPattern[0].contains("*")
+        && !splitPattern[1].contains("*")
+        && !splitPattern[0].startsWith("xn--")) {
+      return splitDnsName[1].equals(splitPattern[1])
+          && labelWildcardMatch(splitDnsName[0], splitPattern[0]);
+    }
+    return false;
+  }
+
+  private static boolean labelWildcardMatch(String dnsLabel, String pattern) {
+    final char glob = '*';
+    // Check the special case of a single * pattern, as it's common.
+    if (pattern.equals("*")) {
+      return !dnsLabel.isEmpty();
+    }
+    int globIndex = pattern.indexOf(glob);
+    if (pattern.indexOf(glob, globIndex + 1) == -1) {
+      return dnsLabel.length() >= pattern.length() - 1
+          && dnsLabel.startsWith(pattern.substring(0, globIndex))
+          && dnsLabel.endsWith(pattern.substring(globIndex + 1));
+    }
+    return false;
+  }
+
+  @Nullable
+  private static String[] splitAtFirstDelimiter(String s) {
+    int index = s.indexOf('.');
+    if (index == -1) {
+      return null;
+    }
+    return new String[]{s.substring(0, index), s.substring(index + 1)};
+  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
index 48814dece1d..8f970c86366 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
@@ -60,6 +60,8 @@ public class CommonTlsContextTestsUtil {
   public static final String BAD_SERVER_KEY_FILE = "badserver.key";
   public static final String BAD_CLIENT_PEM_FILE = "badclient.pem";
   public static final String BAD_CLIENT_KEY_FILE = "badclient.key";
+  public static final String BAD_WILDCARD_DNS_PEM_FILE =
+      "sni-test-certs/bad_wildcard_dns_certificate.pem";
 
   /** takes additional values and creates CombinedCertificateValidationContext as needed. */
   private static CommonTlsContext buildCommonTlsContextWithAdditionalValues(
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
index 6fa3d2e7d24..ddd0a8e7f94 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
@@ -18,9 +18,11 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.BAD_SERVER_PEM_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.BAD_WILDCARD_DNS_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_SPIFFE_PEM_FILE;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_SPIFFE_PEM_FILE;
 import static org.junit.Assert.fail;
@@ -42,6 +44,7 @@
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import javax.net.ssl.SSLEngine;
@@ -52,7 +55,8 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
@@ -60,7 +64,7 @@
 /**
  * Unit tests for {@link XdsX509TrustManager}.
  */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class XdsX509TrustManagerTest {
 
   @Rule
@@ -74,6 +78,12 @@ public class XdsX509TrustManagerTest {
 
   private XdsX509TrustManager trustManager;
 
+  private final TestParam testParam;
+
+  public XdsX509TrustManagerTest(TestParam testParam) {
+    this.testParam = testParam;
+  }
+
   @Test
   public void nullCertContextTest() throws CertificateException, IOException {
     trustManager = new XdsX509TrustManager(null, mockDelegate);
@@ -691,6 +701,52 @@ public void unsupportedAltNameType() throws CertificateException, IOException {
     }
   }
 
+  @Test
+  public void testDnsWildcardPatterns()
+      throws CertificateException, IOException {
+    StringMatcher stringMatcher =
+        StringMatcher.newBuilder()
+            .setExact(testParam.sanPattern)
+            .setIgnoreCase(testParam.ignoreCase)
+            .build();
+    @SuppressWarnings("deprecation")
+    CertificateValidationContext certContext =
+        CertificateValidationContext.newBuilder()
+            .addMatchSubjectAltNames(stringMatcher)
+            .build();
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    X509Certificate[] certs =
+        CertificateUtils.toX509Certificates(TlsTesting.loadCert(testParam.certFile));
+    try {
+      trustManager.verifySubjectAltNameInChain(certs);
+      assertThat(testParam.expected).isTrue();
+    } catch (CertificateException certException) {
+      assertThat(testParam.expected).isFalse();
+      assertThat(certException).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
+    }
+  }
+
+  @Parameters(name = "{index}: {0}")
+  public static Collection<Object[]> getParameters() {
+    return Arrays.asList(new Object[][] {
+        {new TestParam("*.test.google.fr", SERVER_1_PEM_FILE, false, true)},
+        {new TestParam("*.test.youtube.com", SERVER_1_PEM_FILE, false, true)},
+        {new TestParam("waterzooi.test.google.be", SERVER_1_PEM_FILE, false, true)},
+        {new TestParam("192.168.1.3", SERVER_1_PEM_FILE, false, true)},
+        {new TestParam("*.TEST.YOUTUBE.com", SERVER_1_PEM_FILE, true, true)},
+        {new TestParam("w*i.test.google.be", SERVER_1_PEM_FILE, false, true)},
+        {new TestParam("w*a.test.google.be", SERVER_1_PEM_FILE, false, false)},
+        {new TestParam("*.test.google.com.au", SERVER_0_PEM_FILE, false, false)},
+        {new TestParam("*.TEST.YOUTUBE.com", SERVER_1_PEM_FILE, false, false)},
+        {new TestParam("*waterzooi", SERVER_1_PEM_FILE, false, false)},
+        {new TestParam("*.lyft.com", BAD_WILDCARD_DNS_PEM_FILE, false, false)},
+        {new TestParam("ly**ft.com", BAD_WILDCARD_DNS_PEM_FILE, false, false)},
+        {new TestParam("*yft.c*m", BAD_WILDCARD_DNS_PEM_FILE, false, false)},
+        {new TestParam("xn--*.lyft.com", BAD_WILDCARD_DNS_PEM_FILE, false, false)},
+        {new TestParam("", BAD_WILDCARD_DNS_PEM_FILE, false, false)},
+    });
+  }
+
   private TestSslEngine buildTrustManagerAndGetSslEngine()
       throws CertificateException, IOException, CertStoreException {
     SSLParameters sslParams = buildTrustManagerAndGetSslParameters();
@@ -754,4 +810,18 @@ public void setSSLParameters(SSLParameters sslParameters) {
 
     private SSLParameters sslParameters;
   }
+
+  private static class TestParam {
+    final String sanPattern;
+    final String certFile;
+    final boolean ignoreCase;
+    final boolean expected;
+
+    TestParam(String sanPattern, String certFile, boolean ignoreCase, boolean expected) {
+      this.sanPattern = sanPattern;
+      this.certFile = certFile;
+      this.ignoreCase = ignoreCase;
+      this.expected = expected;
+    }
+  }
 }

From 9ade38a792f8a07ea8bc7387593d2c6d91804ba9 Mon Sep 17 00:00:00 2001
From: Sangamesh <ghulesangu@gmail.com>
Date: Thu, 25 Sep 2025 18:13:57 +0530
Subject: [PATCH 395/591] Observe failOnWarnings for android build (#12040)

Fixes: #6868
---
 build.gradle | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/build.gradle b/build.gradle
index f80b27a4476..35f7161d4bf 100644
--- a/build.gradle
+++ b/build.gradle
@@ -197,6 +197,25 @@ subprojects {
         }
     }
 
+    plugins.withId("com.android.base") {
+        android {
+            lint {
+                abortOnError true
+                if (rootProject.hasProperty('failOnWarnings') && rootProject.failOnWarnings.toBoolean()) {
+                    warningsAsErrors true
+                }
+            }
+        }
+        tasks.withType(JavaCompile).configureEach {
+            it.options.compilerArgs += [
+                    "-Xlint:all"
+            ]
+            if (rootProject.hasProperty('failOnWarnings') && rootProject.failOnWarnings.toBoolean()) {
+                it.options.compilerArgs += ["-Werror"]
+            }
+        }
+    }
+
     plugins.withId("java") {
         dependencies {
             testImplementation libraries.junit,

From 82f9b8ec053418d4c970cb8fff5ef028cd50409c Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Mon, 29 Sep 2025 12:42:39 +0530
Subject: [PATCH 396/591] xds: Make cluster selection interceptor run before
 other filters (#12381)

Needed for `GcpAuthenticationFilter` to retrieve the cluster key set into the `CallOptions`.
---
 xds/src/main/java/io/grpc/xds/XdsNameResolver.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index c3bc7c2e326..20001b6558d 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -525,7 +525,7 @@ public void onClose(Status status, Metadata trailers) {
           Result.newBuilder()
               .setConfig(config)
               .setInterceptor(combineInterceptors(
-                  ImmutableList.of(filters, new ClusterSelectionInterceptor())))
+                  ImmutableList.of(new ClusterSelectionInterceptor(), filters)))
               .build();
     }
 

From 05675316cf960f5ec06d5611187a1c13341e43b9 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Mon, 29 Sep 2025 21:51:09 +0530
Subject: [PATCH 397/591] xds: xDS based SNI setting and SAN validation
 (#12378)

When using xDS credentials make SNI for the Tls handshake to be
configured via xDS, rather than use the channel authority as the SNI,
and make SAN validation to be able to use the SNI sent when so
instructed via xDS.

Implements A101.
---
 .../io/grpc/internal/CertificateUtils.java    |  26 ++
 .../netty/InternalProtocolNegotiators.java    |  17 +-
 .../io/grpc/netty/NettyChannelBuilder.java    |   2 +-
 .../io/grpc/netty/ProtocolNegotiators.java    |  73 ++---
 .../grpc/netty/NettyClientTransportTest.java  |   2 +-
 .../grpc/netty/ProtocolNegotiatorsTest.java   |   4 +-
 .../S2AProtocolNegotiatorFactory.java         |   4 +-
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |  15 +-
 .../grpc/xds/ClusterResolverLoadBalancer.java |  12 +-
 .../io/grpc/xds/EnvoyServerProtoData.java     |  38 ++-
 .../main/java/io/grpc/xds/XdsAttributes.java  |   5 -
 .../xds/internal/XdsInternalAttributes.java   |  27 ++
 .../security/DynamicSslContextProvider.java   |  49 ++--
 .../security/SecurityProtocolNegotiators.java |  47 ++-
 .../internal/security/SslContextProvider.java |  12 +-
 .../security/SslContextProviderSupplier.java  |  13 +-
 .../security/TlsContextManagerImpl.java       |   2 -
 .../CertProviderClientSslContextProvider.java |  34 ++-
 .../CertProviderServerSslContextProvider.java |  16 +-
 .../security/trust/CertificateUtils.java      |   3 +
 .../trust/XdsTrustManagerFactory.java         |  38 ++-
 .../security/trust/XdsX509TrustManager.java   |  68 ++++-
 .../grpc/xds/ClusterImplLoadBalancerTest.java |  32 ++-
 .../xds/ClusterResolverLoadBalancerTest.java  |  30 +-
 .../grpc/xds/XdsSecurityClientServerTest.java | 160 +++++++++--
 .../security/CommonTlsContextTestsUtil.java   |  81 +++++-
 .../SecurityProtocolNegotiatorsTest.java      | 270 ++++++++++++++----
 .../SslContextProviderSupplierTest.java       |  92 +++++-
 ...tProviderClientSslContextProviderTest.java |  84 +++---
 ...tProviderServerSslContextProviderTest.java |  20 +-
 .../trust/XdsTrustManagerFactoryTest.java     |  27 +-
 .../trust/XdsX509TrustManagerTest.java        | 189 ++++++------
 32 files changed, 1073 insertions(+), 419 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/XdsInternalAttributes.java

diff --git a/core/src/main/java/io/grpc/internal/CertificateUtils.java b/core/src/main/java/io/grpc/internal/CertificateUtils.java
index 91d17de93cb..130a435bb1a 100644
--- a/core/src/main/java/io/grpc/internal/CertificateUtils.java
+++ b/core/src/main/java/io/grpc/internal/CertificateUtils.java
@@ -26,14 +26,29 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
+import java.util.List;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 import javax.security.auth.x500.X500Principal;
 
 /**
  * Contains certificate/key PEM file utility method(s) for internal usage.
  */
 public final class CertificateUtils {
+  private static final Class<?> x509ExtendedTrustManagerClass;
+
+  static {
+    Class<?> x509ExtendedTrustManagerClass1;
+    try {
+      x509ExtendedTrustManagerClass1 = Class.forName("javax.net.ssl.X509ExtendedTrustManager");
+    } catch (ClassNotFoundException e) {
+      x509ExtendedTrustManagerClass1 = null;
+      // Will disallow per-rpc authority override via call option.
+    }
+    x509ExtendedTrustManagerClass = x509ExtendedTrustManagerClass1;
+  }
+
   /**
    * Creates X509TrustManagers using the provided CA certs.
    */
@@ -71,6 +86,17 @@ public static TrustManager[] createTrustManager(InputStream rootCerts)
     return trustManagerFactory.getTrustManagers();
   }
 
+  public static X509TrustManager getX509ExtendedTrustManager(List<TrustManager> trustManagers) {
+    if (x509ExtendedTrustManagerClass != null) {
+      for (TrustManager trustManager : trustManagers) {
+        if (x509ExtendedTrustManagerClass.isInstance(trustManager)) {
+          return (X509TrustManager) trustManager;
+        }
+      }
+    }
+    return null;
+  }
+
   private static X509Certificate[] getX509Certificates(InputStream inputStream)
           throws CertificateException {
     CertificateFactory factory = CertificateFactory.getInstance("X.509");
diff --git a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
index 039ea6c4f24..35dc1bbc2e8 100644
--- a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
@@ -26,6 +26,7 @@
 import io.netty.handler.ssl.SslContext;
 import io.netty.util.AsciiString;
 import java.util.concurrent.Executor;
+import javax.net.ssl.X509TrustManager;
 
 /**
  * Internal accessor for {@link ProtocolNegotiators}.
@@ -42,9 +43,11 @@ private InternalProtocolNegotiators() {}
    */
   public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslContext,
           ObjectPool<? extends Executor> executorPool,
-          Optional<Runnable> handshakeCompleteRunnable) {
+          Optional<Runnable> handshakeCompleteRunnable,
+          X509TrustManager extendedX509TrustManager,
+          String sni) {
     final io.grpc.netty.ProtocolNegotiator negotiator = ProtocolNegotiators.tls(sslContext,
-        executorPool, handshakeCompleteRunnable, null);
+        executorPool, handshakeCompleteRunnable, extendedX509TrustManager, sni);
     final class TlsNegotiator implements InternalProtocolNegotiator.ProtocolNegotiator {
 
       @Override
@@ -62,17 +65,19 @@ public void close() {
         negotiator.close();
       }
     }
-    
+
     return new TlsNegotiator();
   }
-  
+
   /**
    * Returns a {@link ProtocolNegotiator} that ensures the pipeline is set up so that TLS will
    * be negotiated, the {@code handler} is added and writes to the {@link io.netty.channel.Channel}
    * may happen immediately, even before the TLS Handshake is complete.
    */
-  public static InternalProtocolNegotiator.ProtocolNegotiator tls(SslContext sslContext) {
-    return tls(sslContext, null, Optional.absent());
+  public static InternalProtocolNegotiator.ProtocolNegotiator tls(
+      SslContext sslContext, String sni,
+      X509TrustManager extendedX509TrustManager) {
+    return tls(sslContext, null, Optional.absent(), extendedX509TrustManager, sni);
   }
 
   /**
diff --git a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
index 46566eaca1a..2db5ab20a91 100644
--- a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
@@ -652,7 +652,7 @@ static ProtocolNegotiator createProtocolNegotiatorByType(
       case PLAINTEXT_UPGRADE:
         return ProtocolNegotiators.plaintextUpgrade();
       case TLS:
-        return ProtocolNegotiators.tls(sslContext, executorPool, Optional.absent(), null);
+        return ProtocolNegotiators.tls(sslContext, executorPool, Optional.absent(), null, null);
       default:
         throw new IllegalArgumentException("Unsupported negotiationType: " + negotiationType);
     }
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
index 77308c76ace..59e7e96b4a5 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -102,15 +102,6 @@ final class ProtocolNegotiators {
   private static final EnumSet<TlsServerCredentials.Feature> understoodServerTlsFeatures =
       EnumSet.of(
           TlsServerCredentials.Feature.MTLS, TlsServerCredentials.Feature.CUSTOM_MANAGERS);
-  private static Class<?> x509ExtendedTrustManagerClass;
-
-  static {
-    try {
-      x509ExtendedTrustManagerClass = Class.forName("javax.net.ssl.X509ExtendedTrustManager");
-    } catch (ClassNotFoundException e) {
-      // Will disallow per-rpc authority override via call option.
-    }
-  }
 
   private ProtocolNegotiators() {
   }
@@ -147,15 +138,8 @@ public static FromChannelCredentialsResult from(ChannelCredentials creds) {
           trustManagers = Arrays.asList(tmf.getTrustManagers());
         }
         builder.trustManager(new FixedTrustManagerFactory(trustManagers));
-        TrustManager x509ExtendedTrustManager = null;
-        if (x509ExtendedTrustManagerClass != null) {
-          for (TrustManager trustManager : trustManagers) {
-            if (x509ExtendedTrustManagerClass.isInstance(trustManager)) {
-              x509ExtendedTrustManager = trustManager;
-              break;
-            }
-          }
-        }
+        TrustManager x509ExtendedTrustManager =
+            CertificateUtils.getX509ExtendedTrustManager(trustManagers);
         return FromChannelCredentialsResult.negotiator(tlsClientFactory(builder.build(),
                 (X509TrustManager) x509ExtendedTrustManager));
       } catch (SSLException | GeneralSecurityException ex) {
@@ -579,7 +563,7 @@ static final class ClientTlsProtocolNegotiator implements ProtocolNegotiator {
 
     public ClientTlsProtocolNegotiator(SslContext sslContext,
         ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable,
-        X509TrustManager x509ExtendedTrustManager) {
+        X509TrustManager x509ExtendedTrustManager, String sni) {
       this.sslContext = Preconditions.checkNotNull(sslContext, "sslContext");
       this.executorPool = executorPool;
       if (this.executorPool != null) {
@@ -587,12 +571,14 @@ public ClientTlsProtocolNegotiator(SslContext sslContext,
       }
       this.handshakeCompleteRunnable = handshakeCompleteRunnable;
       this.x509ExtendedTrustManager = x509ExtendedTrustManager;
+      this.sni = sni;
     }
 
     private final SslContext sslContext;
     private final ObjectPool<? extends Executor> executorPool;
     private final Optional<Runnable> handshakeCompleteRunnable;
     private final X509TrustManager x509ExtendedTrustManager;
+    private final String sni;
     private Executor executor;
 
     @Override
@@ -604,9 +590,17 @@ public AsciiString scheme() {
     public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       ChannelHandler gnh = new GrpcNegotiationHandler(grpcHandler);
       ChannelLogger negotiationLogger = grpcHandler.getNegotiationLogger();
-      ChannelHandler cth = new ClientTlsHandler(gnh, sslContext, grpcHandler.getAuthority(),
-          this.executor, negotiationLogger, handshakeCompleteRunnable, this,
-              x509ExtendedTrustManager);
+      String authority;
+      if ("".equals(sni)) {
+        authority = null;
+      } else if (sni != null) {
+        authority = sni;
+      } else {
+        authority = grpcHandler.getAuthority();
+      }
+      ChannelHandler cth = new ClientTlsHandler(gnh, sslContext,
+          authority, this.executor, negotiationLogger, handshakeCompleteRunnable, this,
+          x509ExtendedTrustManager);
       return new WaitUntilActiveHandler(cth, negotiationLogger);
     }
 
@@ -630,28 +624,40 @@ static final class ClientTlsHandler extends ProtocolNegotiationHandler {
     private final int port;
     private Executor executor;
     private final Optional<Runnable> handshakeCompleteRunnable;
-    private final X509TrustManager x509ExtendedTrustManager;
+    private final X509TrustManager x509TrustManager;
     private SSLEngine sslEngine;
 
     ClientTlsHandler(ChannelHandler next, SslContext sslContext, String authority,
         Executor executor, ChannelLogger negotiationLogger,
         Optional<Runnable> handshakeCompleteRunnable,
         ClientTlsProtocolNegotiator clientTlsProtocolNegotiator,
-         X509TrustManager x509ExtendedTrustManager) {
+        X509TrustManager x509TrustManager) {
       super(next, negotiationLogger);
       this.sslContext = Preconditions.checkNotNull(sslContext, "sslContext");
-      HostPort hostPort = parseAuthority(authority);
-      this.host = hostPort.host;
-      this.port = hostPort.port;
+      // TODO: For empty authority and fallback flag
+      // GRPC_USE_CHANNEL_AUTHORITY_IF_NO_SNI_APPLICABLE present, we should parse authority
+      // but prevent it from being used for SAN validation in the TrustManager.
+      if (authority != null) {
+        HostPort hostPort = parseAuthority(authority);
+        this.host = hostPort.host;
+        this.port = hostPort.port;
+      } else {
+        this.host = null;
+        this.port = 0;
+      }
       this.executor = executor;
       this.handshakeCompleteRunnable = handshakeCompleteRunnable;
-      this.x509ExtendedTrustManager = x509ExtendedTrustManager;
+      this.x509TrustManager = x509TrustManager;
     }
 
     @Override
     @IgnoreJRERequirement
     protected void handlerAdded0(ChannelHandlerContext ctx) {
-      sslEngine = sslContext.newEngine(ctx.alloc(), host, port);
+      if (host != null) {
+        sslEngine = sslContext.newEngine(ctx.alloc(), host, port);
+      } else {
+        sslEngine = sslContext.newEngine(ctx.alloc());
+      }
       SSLParameters sslParams = sslEngine.getSSLParameters();
       sslParams.setEndpointIdentificationAlgorithm("HTTPS");
       sslEngine.setSSLParameters(sslParams);
@@ -709,7 +715,7 @@ private void propagateTlsComplete(ChannelHandlerContext ctx, SSLSession session)
           .set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY)
           .set(Grpc.TRANSPORT_ATTR_SSL_SESSION, session)
           .set(GrpcAttributes.ATTR_AUTHORITY_VERIFIER, new X509AuthorityVerifier(
-              sslEngine, x509ExtendedTrustManager))
+              sslEngine, x509TrustManager))
           .build();
       replaceProtocolNegotiationEvent(existingPne.withAttributes(attrs).withSecurity(security));
       if (handshakeCompleteRunnable.isPresent()) {
@@ -746,13 +752,14 @@ static HostPort parseAuthority(String authority) {
    * Returns a {@link ProtocolNegotiator} that ensures the pipeline is set up so that TLS will
    * be negotiated, the {@code handler} is added and writes to the {@link io.netty.channel.Channel}
    * may happen immediately, even before the TLS Handshake is complete.
+   *
    * @param executorPool a dedicated {@link Executor} pool for time-consuming TLS tasks
    */
   public static ProtocolNegotiator tls(SslContext sslContext,
       ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable,
-      X509TrustManager x509ExtendedTrustManager) {
+      X509TrustManager x509ExtendedTrustManager, String sni) {
     return new ClientTlsProtocolNegotiator(sslContext, executorPool, handshakeCompleteRunnable,
-        x509ExtendedTrustManager);
+        x509ExtendedTrustManager, sni);
   }
 
   /**
@@ -762,7 +769,7 @@ public static ProtocolNegotiator tls(SslContext sslContext,
    */
   public static ProtocolNegotiator tls(SslContext sslContext,
       X509TrustManager x509ExtendedTrustManager) {
-    return tls(sslContext, null, Optional.absent(), x509ExtendedTrustManager);
+    return tls(sslContext, null, Optional.absent(), x509ExtendedTrustManager, null);
   }
 
   public static ProtocolNegotiator.ClientFactory tlsClientFactory(SslContext sslContext,
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index 55abe29e93a..3f9759ee1d2 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -877,7 +877,7 @@ public void tlsNegotiationServerExecutorShouldSucceed() throws Exception {
         .keyManager(clientCert, clientKey)
         .build();
     ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, clientExecutorPool,
-        Optional.absent(), null);
+        Optional.absent(), null, null);
     // after starting the client, the Executor in the client pool should be used
     assertEquals(true, clientExecutorPool.isInUse());
     final NettyClientTransport transport = newTransport(negotiator);
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 638fe960a32..9bb5a43d792 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -1026,7 +1026,7 @@ public void clientTlsHandler_closeDuringNegotiation() throws Exception {
   private ClientTlsProtocolNegotiator getClientTlsProtocolNegotiator() throws SSLException {
     return new ClientTlsProtocolNegotiator(GrpcSslContexts.forClient().trustManager(
         TlsTesting.loadCert("ca.pem")).build(),
-        null, Optional.absent(), null);
+        null, Optional.absent(), null, "");
   }
 
   @Test
@@ -1277,7 +1277,7 @@ public void clientTlsHandler_firesNegotiation() throws Exception {
     }
     FakeGrpcHttp2ConnectionHandler gh = FakeGrpcHttp2ConnectionHandler.newHandler();
     ClientTlsProtocolNegotiator pn = new ClientTlsProtocolNegotiator(clientSslContext,
-        null, Optional.absent(), null);
+        null, Optional.absent(), null, null);
     WriteBufferingAndExceptionHandler clientWbaeh =
         new WriteBufferingAndExceptionHandler(pn.newHandler(gh));
 
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
index 03976cc7d7b..3b52f61c9df 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
@@ -38,7 +38,6 @@
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiators;
 import io.grpc.netty.InternalProtocolNegotiators.ProtocolNegotiationHandler;
-import io.grpc.s2a.internal.handshaker.S2AIdentity;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerAdapter;
 import io.netty.channel.ChannelHandlerContext;
@@ -259,7 +258,8 @@ public void onSuccess(SslContext sslContext) {
                             public void run() {
                               s2aStub.close();
                             }
-                          }))
+                          }),
+                          null, null)
                       .newHandler(grpcHandler);
 
               // Delegate the rest of the handshake to the TLS handler. and remove the 
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index fba66e2e8d7..a506977d952 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -53,6 +53,7 @@
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
+import io.grpc.xds.internal.XdsInternalAttributes;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import io.grpc.xds.orca.OrcaPerRequestUtil;
@@ -117,12 +118,12 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
     Attributes attributes = resolvedAddresses.getAttributes();
     if (xdsClientPool == null) {
-      xdsClientPool = attributes.get(XdsAttributes.XDS_CLIENT_POOL);
+      xdsClientPool = attributes.get(io.grpc.xds.XdsAttributes.XDS_CLIENT_POOL);
       assert xdsClientPool != null;
       xdsClient = xdsClientPool.getObject();
     }
     if (callCounterProvider == null) {
-      callCounterProvider = attributes.get(XdsAttributes.CALL_COUNTER_PROVIDER);
+      callCounterProvider = attributes.get(io.grpc.xds.XdsAttributes.CALL_COUNTER_PROVIDER);
     }
 
     ClusterImplConfig config =
@@ -241,9 +242,9 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
           .set(ATTR_CLUSTER_LOCALITY, localityAtomicReference);
       if (GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE", false)) {
         String hostname = args.getAddresses().get(0).getAttributes()
-            .get(XdsAttributes.ATTR_ADDRESS_NAME);
+            .get(XdsInternalAttributes.ATTR_ADDRESS_NAME);
         if (hostname != null) {
-          attrsBuilder.set(XdsAttributes.ATTR_ADDRESS_NAME, hostname);
+          attrsBuilder.set(XdsInternalAttributes.ATTR_ADDRESS_NAME, hostname);
         }
       }
       args = args.toBuilder().setAddresses(addresses).setAttributes(attrsBuilder.build()).build();
@@ -292,7 +293,7 @@ private List<EquivalentAddressGroup> withAdditionalAttributes(
       List<EquivalentAddressGroup> newAddresses = new ArrayList<>();
       for (EquivalentAddressGroup eag : addresses) {
         Attributes.Builder attrBuilder = eag.getAttributes().toBuilder().set(
-            XdsAttributes.ATTR_CLUSTER_NAME, cluster);
+            io.grpc.xds.XdsAttributes.ATTR_CLUSTER_NAME, cluster);
         if (sslContextProviderSupplier != null) {
           attrBuilder.set(
               SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
@@ -304,7 +305,7 @@ private List<EquivalentAddressGroup> withAdditionalAttributes(
     }
 
     private ClusterLocality createClusterLocalityFromAttributes(Attributes addressAttributes) {
-      Locality locality = addressAttributes.get(XdsAttributes.ATTR_LOCALITY);
+      Locality locality = addressAttributes.get(io.grpc.xds.XdsAttributes.ATTR_LOCALITY);
       String localityName = addressAttributes.get(EquivalentAddressGroup.ATTR_LOCALITY_NAME);
 
       // Endpoint addresses resolved by ClusterResolverLoadBalancer should always contain
@@ -438,7 +439,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
             result = PickResult.withSubchannel(result.getSubchannel(),
                 result.getStreamTracerFactory(),
                 result.getSubchannel().getAttributes().get(
-                    XdsAttributes.ATTR_ADDRESS_NAME));
+                    XdsInternalAttributes.ATTR_ADDRESS_NAME));
           }
         }
         return result;
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index 06fafbb6cf1..4c4092632bf 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -47,6 +47,7 @@
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
+import io.grpc.xds.internal.XdsInternalAttributes;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.util.ArrayList;
@@ -97,7 +98,8 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
     ClusterResolverConfig config =
         (ClusterResolverConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
-    XdsConfig xdsConfig = resolvedAddresses.getAttributes().get(XdsAttributes.XDS_CONFIG);
+    XdsConfig xdsConfig = resolvedAddresses.getAttributes().get(
+        io.grpc.xds.XdsAttributes.XDS_CONFIG);
 
     DiscoveryMechanism instance = config.discoveryMechanism;
     String cluster = instance.cluster;
@@ -189,12 +191,12 @@ StatusOr<ClusterResolutionResult> edsUpdateToResult(
             String localityName = localityName(locality);
             Attributes attr =
                 endpoint.eag().getAttributes().toBuilder()
-                    .set(XdsAttributes.ATTR_LOCALITY, locality)
+                    .set(io.grpc.xds.XdsAttributes.ATTR_LOCALITY, locality)
                     .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, localityName)
-                    .set(XdsAttributes.ATTR_LOCALITY_WEIGHT,
+                    .set(io.grpc.xds.XdsAttributes.ATTR_LOCALITY_WEIGHT,
                         localityLbInfo.localityWeight())
-                    .set(XdsAttributes.ATTR_SERVER_WEIGHT, weight)
-                    .set(XdsAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
+                    .set(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT, weight)
+                    .set(XdsInternalAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
                     .build();
             EquivalentAddressGroup eag;
             if (config.isHttp11ProxyAvailable()) {
diff --git a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
index 9c2ee641423..01ef3d97b57 100644
--- a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
+++ b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
@@ -73,20 +73,54 @@ public int hashCode() {
 
   public static final class UpstreamTlsContext extends BaseTlsContext {
 
+    private final String sni;
+    private final boolean autoHostSni;
+    private final boolean autoSniSanValidation;
+
     @VisibleForTesting
     public UpstreamTlsContext(CommonTlsContext commonTlsContext) {
       super(commonTlsContext);
+      this.sni = null;
+      this.autoHostSni = false;
+      this.autoSniSanValidation = false;
+    }
+
+    @VisibleForTesting
+    public UpstreamTlsContext(
+        io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+            upstreamTlsContext) {
+      super(upstreamTlsContext.getCommonTlsContext());
+      this.sni = upstreamTlsContext.getSni();
+      this.autoHostSni = upstreamTlsContext.getAutoHostSni();
+      this.autoSniSanValidation = upstreamTlsContext.getAutoSniSanValidation();
     }
 
     public static UpstreamTlsContext fromEnvoyProtoUpstreamTlsContext(
         io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
             upstreamTlsContext) {
-      return new UpstreamTlsContext(upstreamTlsContext.getCommonTlsContext());
+      return new UpstreamTlsContext(upstreamTlsContext);
+    }
+
+    public String getSni() {
+      return sni;
+    }
+
+    public boolean getAutoHostSni() {
+      return autoHostSni;
+    }
+
+    public boolean getAutoSniSanValidation() {
+      return autoSniSanValidation;
     }
 
     @Override
     public String toString() {
-      return "UpstreamTlsContext{" + "commonTlsContext=" + commonTlsContext + '}';
+      return "UpstreamTlsContext{"
+          + "commonTlsContext=" + commonTlsContext
+          + "\nsni=" + sni
+          + "\nauto_host_sni=" + autoHostSni
+          + "\nauto_sni_san_validation=" + autoSniSanValidation
+          + "}";
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsAttributes.java b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
index 2e165201e5f..0e770173219 100644
--- a/xds/src/main/java/io/grpc/xds/XdsAttributes.java
+++ b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
@@ -88,11 +88,6 @@ final class XdsAttributes {
   static final Attributes.Key<Long> ATTR_SERVER_WEIGHT =
       Attributes.Key.create("io.grpc.xds.XdsAttributes.serverWeight");
 
-  /** Name associated with individual address, if available (e.g., DNS name). */
-  @EquivalentAddressGroup.Attr
-  static final Attributes.Key<String> ATTR_ADDRESS_NAME =
-      Attributes.Key.create("io.grpc.xds.XdsAttributes.addressName");
-
   /**
    * Filter chain match for network filters.
    */
diff --git a/xds/src/main/java/io/grpc/xds/internal/XdsInternalAttributes.java b/xds/src/main/java/io/grpc/xds/internal/XdsInternalAttributes.java
new file mode 100644
index 00000000000..b05230ea30b
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/XdsInternalAttributes.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal;
+
+import io.grpc.Attributes;
+import io.grpc.EquivalentAddressGroup;
+
+public final class XdsInternalAttributes {
+  /** Name associated with individual address, if available (e.g., DNS name). */
+  @EquivalentAddressGroup.Attr
+  public static final Attributes.Key<String> ATTR_ADDRESS_NAME =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.addressName");
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java
index 6bf66d022ff..e7b27cd644a 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java
@@ -30,9 +30,11 @@
 import java.io.IOException;
 import java.security.cert.CertStoreException;
 import java.security.cert.CertificateException;
+import java.util.AbstractMap;
 import java.util.ArrayList;
 import java.util.List;
 import javax.annotation.Nullable;
+import javax.net.ssl.X509TrustManager;
 
 /** Base class for dynamic {@link SslContextProvider}s. */
 @Internal
@@ -40,7 +42,8 @@ public abstract class DynamicSslContextProvider extends SslContextProvider {
 
   protected final List<Callback> pendingCallbacks = new ArrayList<>();
   @Nullable protected final CertificateValidationContext staticCertificateValidationContext;
-  @Nullable protected SslContext sslContext;
+  @Nullable protected AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager>
+      sslContextAndTrustManager;
 
   protected DynamicSslContextProvider(
       BaseTlsContext tlsContext, CertificateValidationContext staticCertValidationContext) {
@@ -49,15 +52,17 @@ protected DynamicSslContextProvider(
   }
 
   @Nullable
-  public SslContext getSslContext() {
-    return sslContext;
+  public AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager>
+      getSslContextAndTrustManager() {
+    return sslContextAndTrustManager;
   }
 
   protected abstract CertificateValidationContext generateCertificateValidationContext();
 
   /** Gets a server or client side SslContextBuilder. */
-  protected abstract SslContextBuilder getSslContextBuilder(
-      CertificateValidationContext certificateValidationContext)
+  protected abstract AbstractMap.SimpleImmutableEntry<SslContextBuilder, X509TrustManager>
+      getSslContextBuilderAndTrustManager(
+          CertificateValidationContext certificateValidationContext)
       throws CertificateException, IOException, CertStoreException;
 
   // this gets called only when requested secrets are ready...
@@ -65,7 +70,8 @@ protected final void updateSslContext() {
     try {
       CertificateValidationContext localCertValidationContext =
           generateCertificateValidationContext();
-      SslContextBuilder sslContextBuilder = getSslContextBuilder(localCertValidationContext);
+      AbstractMap.SimpleImmutableEntry<SslContextBuilder, X509TrustManager> sslContextBuilderAndTm =
+          getSslContextBuilderAndTrustManager(localCertValidationContext);
       CommonTlsContext commonTlsContext = getCommonTlsContext();
       if (commonTlsContext != null && commonTlsContext.getAlpnProtocolsCount() > 0) {
         List<String> alpnList = commonTlsContext.getAlpnProtocolsList();
@@ -75,16 +81,18 @@ protected final void updateSslContext() {
                 ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
                 ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
                 alpnList);
-        sslContextBuilder.applicationProtocolConfig(apn);
+        sslContextBuilderAndTm.getKey().applicationProtocolConfig(apn);
       }
       List<Callback> pendingCallbacksCopy;
-      SslContext sslContextCopy;
+      AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager>
+          sslContextAndExtendedX09TrustManagerCopy;
       synchronized (pendingCallbacks) {
-        sslContext = sslContextBuilder.build();
-        sslContextCopy = sslContext;
+        sslContextAndTrustManager = new AbstractMap.SimpleImmutableEntry<>(
+            sslContextBuilderAndTm.getKey().build(), sslContextBuilderAndTm.getValue());
+        sslContextAndExtendedX09TrustManagerCopy = sslContextAndTrustManager;
         pendingCallbacksCopy = clonePendingCallbacksAndClear();
       }
-      makePendingCallbacks(sslContextCopy, pendingCallbacksCopy);
+      makePendingCallbacks(sslContextAndExtendedX09TrustManagerCopy, pendingCallbacksCopy);
     } catch (Exception e) {
       onError(Status.fromThrowable(e));
       throw new RuntimeException(e);
@@ -92,12 +100,13 @@ protected final void updateSslContext() {
   }
 
   protected final void callPerformCallback(
-          Callback callback, final SslContext sslContextCopy) {
+          Callback callback,
+          final AbstractMap.SimpleImmutableEntry<SslContext,X509TrustManager> sslContextAndTmCopy) {
     performCallback(
         new SslContextGetter() {
           @Override
-          public SslContext get() {
-            return sslContextCopy;
+          public AbstractMap.SimpleImmutableEntry<SslContext,X509TrustManager> get() {
+            return sslContextAndTmCopy;
           }
         },
         callback
@@ -108,10 +117,10 @@ public SslContext get() {
   public final void addCallback(Callback callback) {
     checkNotNull(callback, "callback");
     // if there is a computed sslContext just send it
-    SslContext sslContextCopy = null;
+    AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextCopy = null;
     synchronized (pendingCallbacks) {
-      if (sslContext != null) {
-        sslContextCopy = sslContext;
+      if (sslContextAndTrustManager != null) {
+        sslContextCopy = sslContextAndTrustManager;
       } else {
         pendingCallbacks.add(callback);
       }
@@ -122,9 +131,11 @@ public final void addCallback(Callback callback) {
   }
 
   private final void makePendingCallbacks(
-      SslContext sslContextCopy, List<Callback> pendingCallbacksCopy) {
+      AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager>
+          sslContextAndExtendedX509TrustManagerCopy,
+      List<Callback> pendingCallbacksCopy) {
     for (Callback callback : pendingCallbacksCopy) {
-      callPerformCallback(callback, sslContextCopy);
+      callPerformCallback(callback, sslContextAndExtendedX509TrustManagerCopy);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
index c34fab74032..10e3a0bcda1 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
 import io.grpc.Attributes;
 import io.grpc.Grpc;
 import io.grpc.internal.GrpcUtil;
@@ -29,6 +30,10 @@
 import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
 import io.grpc.netty.InternalProtocolNegotiators;
 import io.grpc.netty.ProtocolNegotiationEvent;
+import io.grpc.xds.EnvoyServerProtoData;
+import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
+import io.grpc.xds.internal.XdsInternalAttributes;
+import io.grpc.xds.internal.security.trust.CertificateUtils;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerAdapter;
 import io.netty.channel.ChannelHandlerContext;
@@ -36,12 +41,14 @@
 import io.netty.handler.ssl.SslContext;
 import io.netty.util.AsciiString;
 import java.security.cert.CertStoreException;
+import java.util.AbstractMap;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
+import javax.net.ssl.X509TrustManager;
 
 /**
  * Provides client and server side gRPC {@link ProtocolNegotiator}s to provide the SSL
@@ -60,14 +67,14 @@ private SecurityProtocolNegotiators() {
   private static final AsciiString SCHEME = AsciiString.of("http");
 
   public static final Attributes.Key<SslContextProviderSupplier>
-          ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER =
-          Attributes.Key.create("io.grpc.xds.internal.security.server.sslContextProviderSupplier");
+      ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER =
+      Attributes.Key.create("io.grpc.xds.internal.security.server.sslContextProviderSupplier");
 
   /** Attribute key for SslContextProviderSupplier (used from client) for a subchannel. */
   @Grpc.TransportAttr
   public static final Attributes.Key<SslContextProviderSupplier>
       ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER =
-          Attributes.Key.create("io.grpc.xds.internal.security.SslContextProviderSupplier");
+      Attributes.Key.create("io.grpc.xds.internal.security.SslContextProviderSupplier");
 
   /**
    * Returns a {@link InternalProtocolNegotiator.ClientFactory}.
@@ -142,7 +149,8 @@ public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
             fallbackProtocolNegotiator, "No TLS config and no fallbackProtocolNegotiator!");
         return fallbackProtocolNegotiator.newHandler(grpcHandler);
       }
-      return new ClientSecurityHandler(grpcHandler, localSslContextProviderSupplier);
+      return new ClientSecurityHandler(grpcHandler, localSslContextProviderSupplier,
+          grpcHandler.getEagAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME));
     }
 
     @Override
@@ -185,10 +193,12 @@ static final class ClientSecurityHandler
       extends InternalProtocolNegotiators.ProtocolNegotiationHandler {
     private final GrpcHttp2ConnectionHandler grpcHandler;
     private final SslContextProviderSupplier sslContextProviderSupplier;
+    private final String sni;
 
     ClientSecurityHandler(
         GrpcHttp2ConnectionHandler grpcHandler,
-        SslContextProviderSupplier sslContextProviderSupplier) {
+        SslContextProviderSupplier sslContextProviderSupplier,
+        String endpointHostname) {
       super(
           // superclass (InternalProtocolNegotiators.ProtocolNegotiationHandler) expects 'next'
           // handler but we don't have a next handler _yet_. So we "disable" superclass's behavior
@@ -202,6 +212,19 @@ public void handlerAdded(ChannelHandlerContext ctx) throws Exception {
       checkNotNull(grpcHandler, "grpcHandler");
       this.grpcHandler = grpcHandler;
       this.sslContextProviderSupplier = sslContextProviderSupplier;
+      EnvoyServerProtoData.BaseTlsContext tlsContext = sslContextProviderSupplier.getTlsContext();
+      UpstreamTlsContext upstreamTlsContext = ((UpstreamTlsContext) tlsContext);
+      if (CertificateUtils.isXdsSniEnabled) {
+        sni = upstreamTlsContext.getAutoHostSni() && !Strings.isNullOrEmpty(endpointHostname)
+            ? endpointHostname : upstreamTlsContext.getSni();
+      } else {
+        sni = grpcHandler.getAuthority();
+      }
+    }
+
+    @VisibleForTesting
+    String getSni() {
+      return sni;
     }
 
     @Override
@@ -213,7 +236,8 @@ protected void handlerAdded0(final ChannelHandlerContext ctx) {
           new SslContextProvider.Callback(ctx.executor()) {
 
             @Override
-            public void updateSslContext(SslContext sslContext) {
+            public void updateSslContextAndExtendedX509TrustManager(
+                AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm) {
               if (ctx.isRemoved()) {
                 return;
               }
@@ -222,7 +246,9 @@ public void updateSslContext(SslContext sslContext) {
                   "ClientSecurityHandler.updateSslContext authority={0}, ctx.name={1}",
                   new Object[]{grpcHandler.getAuthority(), ctx.name()});
               ChannelHandler handler =
-                  InternalProtocolNegotiators.tls(sslContext).newHandler(grpcHandler);
+                  InternalProtocolNegotiators.tls(
+                      sslContextAndTm.getKey(), sni, sslContextAndTm.getValue())
+                      .newHandler(grpcHandler);
 
               // Delegate rest of handshake to TLS handler
               ctx.pipeline().addAfter(ctx.name(), null, handler);
@@ -356,9 +382,10 @@ protected void handlerAdded0(final ChannelHandlerContext ctx) {
           new SslContextProvider.Callback(ctx.executor()) {
 
             @Override
-            public void updateSslContext(SslContext sslContext) {
-              ChannelHandler handler =
-                  InternalProtocolNegotiators.serverTls(sslContext).newHandler(grpcHandler);
+            public void updateSslContextAndExtendedX509TrustManager(
+                AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm) {
+              ChannelHandler handler = InternalProtocolNegotiators.serverTls(
+                  sslContextAndTm.getKey()).newHandler(grpcHandler);
 
               // Delegate rest of handshake to TLS handler
               if (!ctx.isRemoved()) {
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java
index a0c4ed37dfb..a5d14f72dc5 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java
@@ -32,7 +32,9 @@
 import java.io.IOException;
 import java.security.cert.CertStoreException;
 import java.security.cert.CertificateException;
+import java.util.AbstractMap;
 import java.util.concurrent.Executor;
+import javax.net.ssl.X509TrustManager;
 
 /**
  * A SslContextProvider is a "container" or provider of SslContext. This is used by gRPC-xds to
@@ -57,7 +59,8 @@ protected Callback(Executor executor) {
     }
 
     /** Informs callee of new/updated SslContext. */
-    @VisibleForTesting public abstract void updateSslContext(SslContext sslContext);
+    @VisibleForTesting public abstract void updateSslContextAndExtendedX509TrustManager(
+        AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContext);
 
     /** Informs callee of an exception that was generated. */
     @VisibleForTesting protected abstract void onException(Throwable throwable);
@@ -119,8 +122,9 @@ protected final void performCallback(
           @Override
           public void run() {
             try {
-              SslContext sslContext = sslContextGetter.get();
-              callback.updateSslContext(sslContext);
+              AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm =
+                  sslContextGetter.get();
+              callback.updateSslContextAndExtendedX509TrustManager(sslContextAndTm);
             } catch (Throwable e) {
               callback.onException(e);
             }
@@ -130,6 +134,6 @@ public void run() {
 
   /** Allows implementations to compute or get SslContext. */
   protected interface SslContextGetter {
-    SslContext get() throws Exception;
+    AbstractMap.SimpleImmutableEntry<SslContext,X509TrustManager> get() throws Exception;
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProviderSupplier.java b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProviderSupplier.java
index 5f629273179..38ae15a88aa 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProviderSupplier.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProviderSupplier.java
@@ -25,7 +25,9 @@
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.TlsContextManager;
 import io.netty.handler.ssl.SslContext;
+import java.util.AbstractMap;
 import java.util.Objects;
+import javax.net.ssl.X509TrustManager;
 
 /**
  * Enables Client or server side to initialize this object with the received {@link BaseTlsContext}
@@ -52,7 +54,8 @@ public BaseTlsContext getTlsContext() {
   }
 
   /** Updates SslContext via the passed callback. */
-  public synchronized void updateSslContext(final SslContextProvider.Callback callback) {
+  public synchronized void updateSslContext(
+      final SslContextProvider.Callback callback) {
     checkNotNull(callback, "callback");
     try {
       if (!shutdown) {
@@ -66,8 +69,9 @@ public synchronized void updateSslContext(final SslContextProvider.Callback call
           new SslContextProvider.Callback(callback.getExecutor()) {
 
             @Override
-            public void updateSslContext(SslContext sslContext) {
-              callback.updateSslContext(sslContext);
+            public void updateSslContextAndExtendedX509TrustManager(
+                AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm) {
+              callback.updateSslContextAndExtendedX509TrustManager(sslContextAndTm);
               releaseSslContextProvider(toRelease);
             }
 
@@ -98,7 +102,8 @@ private void releaseSslContextProvider(SslContextProvider toRelease) {
   private SslContextProvider getSslContextProvider() {
     return tlsContext instanceof UpstreamTlsContext
         ? tlsContextManager.findOrCreateClientSslContextProvider((UpstreamTlsContext) tlsContext)
-        : tlsContextManager.findOrCreateServerSslContextProvider((DownstreamTlsContext) tlsContext);
+        : tlsContextManager.findOrCreateServerSslContextProvider(
+            (DownstreamTlsContext) tlsContext);
   }
 
   @VisibleForTesting public boolean isShutdown() {
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/TlsContextManagerImpl.java b/xds/src/main/java/io/grpc/xds/internal/security/TlsContextManagerImpl.java
index 34a8863c52b..f56524d50b7 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/TlsContextManagerImpl.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/TlsContextManagerImpl.java
@@ -71,8 +71,6 @@ public SslContextProvider findOrCreateServerSslContextProvider(
   public SslContextProvider findOrCreateClientSslContextProvider(
       UpstreamTlsContext upstreamTlsContext) {
     checkNotNull(upstreamTlsContext, "upstreamTlsContext");
-    CommonTlsContext.Builder builder = upstreamTlsContext.getCommonTlsContext().toBuilder();
-    upstreamTlsContext = new UpstreamTlsContext(builder.build());
     return mapForClients.get(upstreamTlsContext);
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
index 131ae6b6125..e92f9ad1e54 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
@@ -26,8 +26,11 @@
 import io.netty.handler.ssl.SslContextBuilder;
 import java.security.cert.CertStoreException;
 import java.security.cert.X509Certificate;
+import java.util.AbstractMap;
+import java.util.Arrays;
 import java.util.Map;
 import javax.annotation.Nullable;
+import javax.net.ssl.X509TrustManager;
 
 /** A client SslContext provider using CertificateProviderInstance to fetch secrets. */
 final class CertProviderClientSslContextProvider extends CertProviderSslContextProvider {
@@ -51,27 +54,46 @@ final class CertProviderClientSslContextProvider extends CertProviderSslContextP
   }
 
   @Override
-  protected final SslContextBuilder getSslContextBuilder(
-          CertificateValidationContext certificateValidationContextdationContext)
-      throws CertStoreException {
+  protected final AbstractMap.SimpleImmutableEntry<SslContextBuilder, X509TrustManager>
+      getSslContextBuilderAndTrustManager(
+          CertificateValidationContext certificateValidationContext)
+              throws CertStoreException {
     SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
     if (savedSpiffeTrustMap != null) {
       sslContextBuilder = sslContextBuilder.trustManager(
         new XdsTrustManagerFactory(
             savedSpiffeTrustMap,
-            certificateValidationContextdationContext));
+            certificateValidationContext,
+            ((UpstreamTlsContext) tlsContext).getAutoSniSanValidation()));
     } else if (savedTrustedRoots != null) {
       sslContextBuilder = sslContextBuilder.trustManager(
           new XdsTrustManagerFactory(
               savedTrustedRoots.toArray(new X509Certificate[0]),
-              certificateValidationContextdationContext));
+              certificateValidationContext,
+              ((UpstreamTlsContext) tlsContext).getAutoSniSanValidation()));
     } else {
       // Should be impossible because of the check in CertProviderClientSslContextProviderFactory
       throw new IllegalStateException("There must be trusted roots or a SPIFFE trust map");
     }
+    XdsTrustManagerFactory trustManagerFactory;
+    if (savedSpiffeTrustMap != null) {
+      trustManagerFactory = new XdsTrustManagerFactory(
+          savedSpiffeTrustMap,
+          certificateValidationContext,
+          ((UpstreamTlsContext) tlsContext).getAutoSniSanValidation());
+      sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
+    } else {
+      trustManagerFactory = new XdsTrustManagerFactory(
+          savedTrustedRoots.toArray(new X509Certificate[0]),
+          certificateValidationContext,
+          ((UpstreamTlsContext) tlsContext).getAutoSniSanValidation());
+      sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
+    }
     if (isMtls()) {
       sslContextBuilder.keyManager(savedKey, savedCertChain);
     }
-    return sslContextBuilder;
+    return new AbstractMap.SimpleImmutableEntry<>(sslContextBuilder,
+        io.grpc.internal.CertificateUtils.getX509ExtendedTrustManager(
+            Arrays.asList(trustManagerFactory.getTrustManagers())));
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java
index ef65bbfb6f9..3712b948142 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java
@@ -30,8 +30,10 @@
 import java.security.cert.CertStoreException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.AbstractMap;
 import java.util.Map;
 import javax.annotation.Nullable;
+import javax.net.ssl.X509TrustManager;
 
 /** A server SslContext provider using CertificateProviderInstance to fetch secrets. */
 final class CertProviderServerSslContextProvider extends CertProviderSslContextProvider {
@@ -55,23 +57,25 @@ final class CertProviderServerSslContextProvider extends CertProviderSslContextP
   }
 
   @Override
-  protected final SslContextBuilder getSslContextBuilder(
-      CertificateValidationContext certificateValidationContextdationContext)
-      throws CertStoreException, CertificateException, IOException {
+  protected final AbstractMap.SimpleImmutableEntry<SslContextBuilder, X509TrustManager>
+      getSslContextBuilderAndTrustManager(
+          CertificateValidationContext certificateValidationContextdationContext)
+          throws CertStoreException, CertificateException, IOException {
     SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(savedKey, savedCertChain);
     XdsTrustManagerFactory trustManagerFactory = null;
     if (isMtls() && savedSpiffeTrustMap != null) {
       trustManagerFactory = new XdsTrustManagerFactory(
           savedSpiffeTrustMap,
-          certificateValidationContextdationContext);
+          certificateValidationContextdationContext, false);
     } else if (isMtls()) {
       trustManagerFactory = new XdsTrustManagerFactory(
           savedTrustedRoots.toArray(new X509Certificate[0]),
-          certificateValidationContextdationContext);
+          certificateValidationContextdationContext, false);
     }
     setClientAuthValues(sslContextBuilder, trustManagerFactory);
     sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
-    return sslContextBuilder;
+    // TrustManager in the below return value is not used on the server side, so setting it to null
+    return new AbstractMap.SimpleImmutableEntry<>(sslContextBuilder, null);
   }
 
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
index 86b6dd95c3e..89b4abd3029 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
@@ -16,6 +16,7 @@
 
 package io.grpc.xds.internal.security.trust;
 
+import io.grpc.internal.GrpcUtil;
 import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -29,6 +30,8 @@
  * Contains certificate utility method(s).
  */
 public final class CertificateUtils {
+  public static boolean isXdsSniEnabled = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SNI", false);
+
   /**
    * Generates X509Certificate array from a file on disk.
    *
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java
index 8cb44117065..664c5dd9362 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java
@@ -58,43 +58,50 @@ public XdsTrustManagerFactory(CertificateValidationContext certificateValidation
     this(
         getTrustedCaFromCertContext(certificateValidationContext),
         certificateValidationContext,
+        false,
         false);
   }
 
   public XdsTrustManagerFactory(
-          X509Certificate[] certs, CertificateValidationContext staticCertificateValidationContext)
-          throws CertStoreException {
-    this(certs, staticCertificateValidationContext, true);
+          X509Certificate[] certs, CertificateValidationContext staticCertificateValidationContext,
+          boolean autoSniSanValidation) throws CertStoreException {
+    this(certs, staticCertificateValidationContext, true, autoSniSanValidation);
   }
 
   public XdsTrustManagerFactory(Map<String, List<X509Certificate>> spiffeTrustMap,
-      CertificateValidationContext staticCertificateValidationContext) throws CertStoreException {
-    this(spiffeTrustMap, staticCertificateValidationContext, true);
+      CertificateValidationContext staticCertificateValidationContext, boolean autoSniSanValidation)
+      throws CertStoreException {
+    this(spiffeTrustMap, staticCertificateValidationContext, true, autoSniSanValidation);
   }
 
   private XdsTrustManagerFactory(
       X509Certificate[] certs,
       CertificateValidationContext certificateValidationContext,
-      boolean validationContextIsStatic)
+      boolean validationContextIsStatic,
+      boolean autoSniSanValidation)
       throws CertStoreException {
     if (validationContextIsStatic) {
       checkArgument(
-          certificateValidationContext == null || !certificateValidationContext.hasTrustedCa(),
+          certificateValidationContext == null || !certificateValidationContext.hasTrustedCa()
+          || certificateValidationContext.hasSystemRootCerts(),
           "only static certificateValidationContext expected");
     }
-    xdsX509TrustManager = createX509TrustManager(certs, certificateValidationContext);
+    xdsX509TrustManager = createX509TrustManager(
+        certs, certificateValidationContext, autoSniSanValidation);
   }
 
   private XdsTrustManagerFactory(
       Map<String, List<X509Certificate>> spiffeTrustMap,
       CertificateValidationContext certificateValidationContext,
-      boolean validationContextIsStatic)
+      boolean validationContextIsStatic,
+      boolean autoSniSanValidation)
       throws CertStoreException {
     if (validationContextIsStatic) {
       checkArgument(
           certificateValidationContext == null || !certificateValidationContext.hasTrustedCa(),
           "only static certificateValidationContext expected");
-      xdsX509TrustManager = createX509TrustManager(spiffeTrustMap, certificateValidationContext);
+      xdsX509TrustManager = createX509TrustManager(
+          spiffeTrustMap, certificateValidationContext, autoSniSanValidation);
     }
   }
 
@@ -121,21 +128,24 @@ private static X509Certificate[] getTrustedCaFromCertContext(
 
   @VisibleForTesting
   static XdsX509TrustManager createX509TrustManager(
-      X509Certificate[] certs, CertificateValidationContext certContext) throws CertStoreException {
-    return new XdsX509TrustManager(certContext, createTrustManager(certs));
+      X509Certificate[] certs, CertificateValidationContext certContext,
+      boolean autoSniSanValidation)
+      throws CertStoreException {
+    return new XdsX509TrustManager(certContext, createTrustManager(certs), autoSniSanValidation);
   }
 
   @VisibleForTesting
   static XdsX509TrustManager createX509TrustManager(
       Map<String, List<X509Certificate>> spiffeTrustMapFile,
-      CertificateValidationContext certContext) throws CertStoreException {
+      CertificateValidationContext certContext, boolean autoSniSanValidation)
+      throws CertStoreException {
     checkNotNull(spiffeTrustMapFile, "spiffeTrustMapFile");
     Map<String, X509ExtendedTrustManager> delegates = new HashMap<>();
     for (Map.Entry<String, List<X509Certificate>> entry:spiffeTrustMapFile.entrySet()) {
       delegates.put(entry.getKey(), createTrustManager(
           entry.getValue().toArray(new X509Certificate[0])));
     }
-    return new XdsX509TrustManager(certContext, delegates);
+    return new XdsX509TrustManager(certContext, delegates, autoSniSanValidation);
   }
 
   private static X509ExtendedTrustManager createTrustManager(X509Certificate[] certs)
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
index ebf7ea82184..e8e7243ce0e 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
@@ -31,6 +31,7 @@
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
@@ -39,6 +40,8 @@
 import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nullable;
+import javax.net.ssl.SNIHostName;
+import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
@@ -60,21 +63,26 @@ final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509
   private final X509ExtendedTrustManager delegate;
   private final Map<String, X509ExtendedTrustManager> spiffeTrustMapDelegates;
   private final CertificateValidationContext certContext;
+  private final boolean autoSniSanValidation;
 
   XdsX509TrustManager(@Nullable CertificateValidationContext certContext,
-                      X509ExtendedTrustManager delegate) {
+                      X509ExtendedTrustManager delegate,
+                      boolean autoSniSanValidation) {
     checkNotNull(delegate, "delegate");
     this.certContext = certContext;
     this.delegate = delegate;
     this.spiffeTrustMapDelegates = null;
+    this.autoSniSanValidation = autoSniSanValidation;
   }
 
   XdsX509TrustManager(@Nullable CertificateValidationContext certContext,
-      Map<String, X509ExtendedTrustManager> spiffeTrustMapDelegates) {
+      Map<String, X509ExtendedTrustManager> spiffeTrustMapDelegates,
+      boolean autoSniSanValidation) {
     checkNotNull(spiffeTrustMapDelegates, "spiffeTrustMapDelegates");
     this.spiffeTrustMapDelegates = ImmutableMap.copyOf(spiffeTrustMapDelegates);
     this.certContext = certContext;
     this.delegate = null;
+    this.autoSniSanValidation = autoSniSanValidation;
   }
 
   private static boolean verifyDnsNameInPattern(
@@ -206,12 +214,11 @@ private static void verifySubjectAltNameInLeaf(
    * This is called from various check*Trusted methods.
    */
   @VisibleForTesting
-  void verifySubjectAltNameInChain(X509Certificate[] peerCertChain) throws CertificateException {
+  void verifySubjectAltNameInChain(X509Certificate[] peerCertChain,
+      List<StringMatcher> verifyList) throws CertificateException {
     if (certContext == null) {
       return;
     }
-    @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
-    List<StringMatcher> verifyList = certContext.getMatchSubjectAltNamesList();
     if (verifyList.isEmpty()) {
       return;
     }
@@ -223,29 +230,36 @@ void verifySubjectAltNameInChain(X509Certificate[] peerCertChain) throws Certifi
   }
 
   @Override
+  @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
   public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
       throws CertificateException {
     chooseDelegate(chain).checkClientTrusted(chain, authType, socket);
-    verifySubjectAltNameInChain(chain);
+    verifySubjectAltNameInChain(chain, certContext != null
+        ? certContext.getMatchSubjectAltNamesList() : new ArrayList<>());
   }
 
   @Override
+  @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
   public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
       throws CertificateException {
     chooseDelegate(chain).checkClientTrusted(chain, authType, sslEngine);
-    verifySubjectAltNameInChain(chain);
+    verifySubjectAltNameInChain(chain, certContext != null
+        ? certContext.getMatchSubjectAltNamesList() : new ArrayList<>());
   }
 
   @Override
+  @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
   public void checkClientTrusted(X509Certificate[] chain, String authType)
       throws CertificateException {
     chooseDelegate(chain).checkClientTrusted(chain, authType);
-    verifySubjectAltNameInChain(chain);
+    verifySubjectAltNameInChain(chain, certContext != null
+        ? certContext.getMatchSubjectAltNamesList() : new ArrayList<>());
   }
 
   @Override
   public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
       throws CertificateException {
+    List<StringMatcher> sniMatchers = null;
     if (socket instanceof SSLSocket) {
       SSLSocket sslSocket = (SSLSocket) socket;
       SSLParameters sslParams = sslSocket.getSSLParameters();
@@ -253,28 +267,60 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, Socket
         sslParams.setEndpointIdentificationAlgorithm("");
         sslSocket.setSSLParameters(sslParams);
       }
+      sniMatchers = getAutoSniSanMatchers(sslParams);
+    }
+    if (sniMatchers.isEmpty() && certContext != null) {
+      @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
+      List<StringMatcher> sniMatchersTmp = certContext.getMatchSubjectAltNamesList();
+      sniMatchers = sniMatchersTmp;
     }
     chooseDelegate(chain).checkServerTrusted(chain, authType, socket);
-    verifySubjectAltNameInChain(chain);
+    verifySubjectAltNameInChain(chain, sniMatchers);
   }
 
   @Override
   public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
       throws CertificateException {
+    List<StringMatcher> sniMatchers = null;
     SSLParameters sslParams = sslEngine.getSSLParameters();
     if (sslParams != null) {
       sslParams.setEndpointIdentificationAlgorithm("");
       sslEngine.setSSLParameters(sslParams);
+      sniMatchers = getAutoSniSanMatchers(sslParams);
+    }
+    if (sniMatchers.isEmpty() && certContext != null) {
+      @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
+      List<StringMatcher> sniMatchersTmp = certContext.getMatchSubjectAltNamesList();
+      sniMatchers = sniMatchersTmp;
     }
     chooseDelegate(chain).checkServerTrusted(chain, authType, sslEngine);
-    verifySubjectAltNameInChain(chain);
+    verifySubjectAltNameInChain(chain, sniMatchers);
   }
 
   @Override
+  @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names
   public void checkServerTrusted(X509Certificate[] chain, String authType)
       throws CertificateException {
     chooseDelegate(chain).checkServerTrusted(chain, authType);
-    verifySubjectAltNameInChain(chain);
+    verifySubjectAltNameInChain(chain, certContext != null
+        ? certContext.getMatchSubjectAltNamesList() : new ArrayList<>());
+  }
+
+  private List<StringMatcher> getAutoSniSanMatchers(SSLParameters sslParams) {
+    List<StringMatcher> sniNamesToMatch = new ArrayList<>();
+    if (CertificateUtils.isXdsSniEnabled && autoSniSanValidation) {
+      List<SNIServerName> serverNames = sslParams.getServerNames();
+      if (serverNames != null) {
+        for (SNIServerName serverName : serverNames) {
+          if (serverName instanceof SNIHostName) {
+            SNIHostName sniHostName = (SNIHostName) serverName;
+            String hostName = sniHostName.getAsciiName();
+            sniNamesToMatch.add(StringMatcher.newBuilder().setExact(hostName).build());
+          }
+        }
+      }
+    }
+    return sniNamesToMatch;
   }
 
   private X509ExtendedTrustManager chooseDelegate(X509Certificate[] chain)
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index c5e3f80f170..a491d3f3612 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -77,6 +77,7 @@
 import io.grpc.xds.client.Stats.ClusterStats;
 import io.grpc.xds.client.Stats.UpstreamLocalityStats;
 import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.internal.XdsInternalAttributes;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators;
 import io.grpc.xds.internal.security.SslContextProvider;
@@ -197,7 +198,7 @@ public void handleResolvedAddresses_propagateToChildPolicy() {
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(downstreamBalancers);
     assertThat(Iterables.getOnlyElement(childBalancer.addresses)).isEqualTo(endpoint);
     assertThat(childBalancer.config).isSameInstanceAs(weightedTargetConfig);
-    assertThat(childBalancer.attributes.get(XdsAttributes.XDS_CLIENT_POOL))
+    assertThat(childBalancer.attributes.get(io.grpc.xds.XdsAttributes.XDS_CLIENT_POOL))
         .isSameInstanceAs(xdsClientPool);
     assertThat(childBalancer.attributes.get(NameResolver.ATTR_BACKEND_SERVICE)).isEqualTo(CLUSTER);
   }
@@ -561,7 +562,7 @@ public void dropRpcsWithRespectToLbConfigDropCategories() {
             .setAddresses(Collections.singletonList(endpoint))
             .setAttributes(
                 Attributes.newBuilder()
-                    .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+                    .set(io.grpc.xds.XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
                     .build())
             .setLoadBalancingPolicyConfig(config)
             .build());
@@ -766,14 +767,14 @@ public void endpointAddressesAttachedWithClusterName() {
             .build();
     Subchannel subchannel = leafBalancer.helper.createSubchannel(args);
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-      assertThat(eag.getAttributes().get(XdsAttributes.ATTR_CLUSTER_NAME))
+      assertThat(eag.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_CLUSTER_NAME))
           .isEqualTo(CLUSTER);
     }
 
     // An address update should also retain the cluster attribute.
     subchannel.updateAddresses(leafBalancer.addresses);
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-      assertThat(eag.getAttributes().get(XdsAttributes.ATTR_CLUSTER_NAME))
+      assertThat(eag.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_CLUSTER_NAME))
           .isEqualTo(CLUSTER);
     }
   }
@@ -811,10 +812,10 @@ public void endpointAddressesAttachedWithClusterName() {
               new FixedResultPicker(PickResult.withSubchannel(subchannel)));
         }
       });
-      assertThat(subchannel.getAttributes().get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(
+      assertThat(subchannel.getAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME)).isEqualTo(
           "authority-host-name");
       for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-        assertThat(eag.getAttributes().get(XdsAttributes.ATTR_ADDRESS_NAME))
+        assertThat(eag.getAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME))
             .isEqualTo("authority-host-name");
       }
 
@@ -863,9 +864,9 @@ public void endpointAddressesAttachedWithClusterName() {
       }
     });
     // Sub Channel wrapper args won't have the address name although addresses will.
-    assertThat(subchannel.getAttributes().get(XdsAttributes.ATTR_ADDRESS_NAME)).isNull();
+    assertThat(subchannel.getAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME)).isNull();
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
-      assertThat(eag.getAttributes().get(XdsAttributes.ATTR_ADDRESS_NAME))
+      assertThat(eag.getAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME))
           .isEqualTo("authority-host-name");
     }
 
@@ -881,7 +882,8 @@ public void endpointAddressesAttachedWithClusterName() {
   @Test
   public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
     UpstreamTlsContext upstreamTlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
+        CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+            "google_cloud_private_spiffe", true);
     LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
     WeightedTargetConfig weightedTargetConfig =
         buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
@@ -925,8 +927,8 @@ public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
     }
 
     // Config with a new UpstreamTlsContext.
-    upstreamTlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe1", true);
+    upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+        "google_cloud_private_spiffe1", true);
     config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO,
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
@@ -957,8 +959,8 @@ private void deliverAddressesAndConfig(List<EquivalentAddressGroup> addresses,
             .setAddresses(addresses)
             .setAttributes(
                 Attributes.newBuilder()
-                    .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
-                    .set(XdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
+                    .set(io.grpc.xds.XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+                    .set(io.grpc.xds.XdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
                     .build())
             .setLoadBalancingPolicyConfig(config)
             .build());
@@ -1015,11 +1017,11 @@ public String toString() {
     }
 
     Attributes.Builder attributes = Attributes.newBuilder()
-        .set(XdsAttributes.ATTR_LOCALITY, locality)
+        .set(io.grpc.xds.XdsAttributes.ATTR_LOCALITY, locality)
         // Unique but arbitrary string
         .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, locality.toString());
     if (authorityHostname != null) {
-      attributes.set(XdsAttributes.ATTR_ADDRESS_NAME, authorityHostname);
+      attributes.set(XdsInternalAttributes.ATTR_ADDRESS_NAME, authorityHostname);
     }
     EquivalentAddressGroup eag = new EquivalentAddressGroup(new FakeSocketAddress(name),
         attributes.build());
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index be68018792b..86f525c61f2 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -102,6 +102,7 @@
 import io.grpc.xds.WrrLocalityLoadBalancer.WrrLocalityConfig;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.internal.XdsInternalAttributes;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import java.net.InetSocketAddress;
 import java.net.URI;
@@ -307,15 +308,15 @@ public void edsClustersWithRingHashEndpointLbPolicy() throws Exception {
     // LOCALITY1 are equally weighted.
     assertThat(addr1.getAddresses())
         .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.0.1", 8080)));
-    assertThat(addr1.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
+    assertThat(addr1.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(10);
     assertThat(addr2.getAddresses())
         .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.0.2", 8080)));
-    assertThat(addr2.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
+    assertThat(addr2.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(10);
     assertThat(addr3.getAddresses())
         .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.1.1", 8080)));
-    assertThat(addr3.getAttributes().get(XdsAttributes.ATTR_SERVER_WEIGHT))
+    assertThat(addr3.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT))
         .isEqualTo(50 * 60);
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
     PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
@@ -382,7 +383,7 @@ public void edsClustersWithLeastRequestEndpointLbPolicy() {
 
     assertThat(
         childBalancer.addresses.get(0).getAttributes()
-            .get(XdsAttributes.ATTR_LOCALITY_WEIGHT)).isEqualTo(100);
+            .get(io.grpc.xds.XdsAttributes.ATTR_LOCALITY_WEIGHT)).isEqualTo(100);
   }
 
   @Test
@@ -408,7 +409,7 @@ public void edsClustersEndpointHostname_addedToAddressAttribute() {
 
     assertThat(
         childBalancer.addresses.get(0).getAttributes()
-            .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo("hostname1");
+            .get(XdsInternalAttributes.ATTR_ADDRESS_NAME)).isEqualTo("hostname1");
   }
 
   @Test
@@ -580,12 +581,13 @@ public void onlyEdsClusters_receivedEndpoints() {
     io.grpc.xds.client.Locality locality2 = io.grpc.xds.client.Locality.create(
         LOCALITY2.getRegion(), LOCALITY2.getZone(), LOCALITY2.getSubZone());
     for (EquivalentAddressGroup eag : childBalancer.addresses) {
-      io.grpc.xds.client.Locality locality = eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY);
+      io.grpc.xds.client.Locality locality =
+          eag.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_LOCALITY);
       if (locality.equals(locality1)) {
-        assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY_WEIGHT))
+        assertThat(eag.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_LOCALITY_WEIGHT))
             .isEqualTo(70);
       } else if (locality.equals(locality2)) {
-        assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY_WEIGHT))
+        assertThat(eag.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_LOCALITY_WEIGHT))
             .isEqualTo(30);
       } else {
         throw new AssertionError("Unexpected locality region: " + locality.region());
@@ -813,7 +815,8 @@ public void handleEdsResource_ignoreLocalitiesWithNoHealthyEndpoints() {
     io.grpc.xds.client.Locality locality2 = io.grpc.xds.client.Locality.create(
         LOCALITY2.getRegion(), LOCALITY2.getZone(), LOCALITY2.getSubZone());
     for (EquivalentAddressGroup eag : childBalancer.addresses) {
-      assertThat(eag.getAttributes().get(XdsAttributes.ATTR_LOCALITY)).isEqualTo(locality2);
+      assertThat(eag.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_LOCALITY))
+          .isEqualTo(locality2);
     }
   }
 
@@ -897,7 +900,7 @@ public void onlyLogicalDnsCluster_endpointsResolved() {
             newInetSocketAddress("127.0.2.1", 9000), newInetSocketAddress("127.0.2.2", 9000)))),
         childBalancer.addresses);
     assertThat(childBalancer.addresses.get(0).getAttributes()
-        .get(XdsAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME + ":9000");
+        .get(XdsInternalAttributes.ATTR_ADDRESS_NAME)).isEqualTo(DNS_HOST_NAME + ":9000");
   }
 
   @Test
@@ -995,7 +998,8 @@ public void config_equalsTester() {
     ServerInfo lrsServerInfo =
         ServerInfo.create("lrs.googleapis.com", InsecureChannelCredentials.create());
     UpstreamTlsContext tlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
+        CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+            "google_cloud_private_spiffe", true);
     DiscoveryMechanism edsDiscoveryMechanism1 =
         DiscoveryMechanism.forEds(CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, tlsContext,
             Collections.emptyMap(), null);
@@ -1053,8 +1057,8 @@ private void startXdsDepManager(final CdsConfig cdsConfig, boolean forwardTime)
           loadBalancer.acceptResolvedAddresses(ResolvedAddresses.newBuilder()
               .setAddresses(Collections.emptyList())
               .setAttributes(Attributes.newBuilder()
-                .set(XdsAttributes.XDS_CONFIG, xdsConfig.getValue())
-                .set(XdsAttributes.XDS_CLUSTER_SUBSCRIPT_REGISTRY, xdsDepManager)
+                .set(io.grpc.xds.XdsAttributes.XDS_CONFIG, xdsConfig.getValue())
+                .set(io.grpc.xds.XdsAttributes.XDS_CLUSTER_SUBSCRIPT_REGISTRY, xdsDepManager)
                 .build())
               .setLoadBalancingPolicyConfig(cdsConfig)
               .build());
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index e46e440475a..6e4d243e904 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -71,11 +71,13 @@
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.internal.Matchers.HeaderMatcher;
+import io.grpc.xds.internal.XdsInternalAttributes;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import io.grpc.xds.internal.security.TlsContextManagerImpl;
 import io.grpc.xds.internal.security.certprovider.FileWatcherCertificateProviderProvider;
+import io.grpc.xds.internal.security.trust.CertificateUtils;
 import io.netty.handler.ssl.NotSslRecordException;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -84,7 +86,6 @@
 import java.net.Inet4Address;
 import java.net.InetSocketAddress;
 import java.net.URI;
-import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
@@ -117,8 +118,8 @@
  */
 @RunWith(Parameterized.class)
 public class XdsSecurityClientServerTest {
-
-  private static final String SAN_TO_MATCH = "waterzooi.test.google.be";
+ 
+  private static final String SNI_IN_UTC = "waterzooi.test.google.be";
 
   @Parameter
   public Boolean enableSpiffe;
@@ -221,7 +222,7 @@ public void tlsClientServer_useSystemRootCerts_noMtls_useCombinedValidationConte
 
       UpstreamTlsContext upstreamTlsContext =
           setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, true, SAN_TO_MATCH, false);
+              CLIENT_PEM_FILE, true, SNI_IN_UTC, false, "", false, false);
 
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
           getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -248,7 +249,7 @@ public void tlsClientServer_useSystemRootCerts_noMtls_validationContext() throws
 
       UpstreamTlsContext upstreamTlsContext =
           setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, false, SAN_TO_MATCH, false);
+              CLIENT_PEM_FILE, false, SNI_IN_UTC, false, null, false, false);
 
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
           getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -271,7 +272,7 @@ public void tlsClientServer_useSystemRootCerts_mtls() throws Exception {
 
       UpstreamTlsContext upstreamTlsContext =
           setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, true, SAN_TO_MATCH, true);
+              CLIENT_PEM_FILE, true, SNI_IN_UTC, true, "", false, false);
 
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
           getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -283,7 +284,8 @@ public void tlsClientServer_useSystemRootCerts_mtls() throws Exception {
   }
 
   @Test
-  public void tlsClientServer_useSystemRootCerts_failureToMatchSubjAltNames() throws Exception {
+  public void tlsClientServer_noAutoSniValidation_failureToMatchSubjAltNames()
+      throws Exception {
     Path trustStoreFilePath = getCacertFilePathForTestCa();
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
@@ -294,7 +296,7 @@ public void tlsClientServer_useSystemRootCerts_failureToMatchSubjAltNames() thro
 
       UpstreamTlsContext upstreamTlsContext =
           setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, true, "server1.test.google.in", false);
+              CLIENT_PEM_FILE, true, "server1.test.google.in", false, "", false, false);
 
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
           getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
@@ -311,6 +313,103 @@ public void tlsClientServer_useSystemRootCerts_failureToMatchSubjAltNames() thro
     }
   }
 
+
+  @Test
+  public void tlsClientServer_autoSniValidation_sniInUtc()
+      throws Exception {
+    CertificateUtils.isXdsSniEnabled = true;
+    Path trustStoreFilePath = getCacertFilePathForTestCa();
+    try {
+      setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
+      DownstreamTlsContext downstreamTlsContext =
+          setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+              null, false, false);
+      buildServerWithTlsContext(downstreamTlsContext);
+
+      UpstreamTlsContext upstreamTlsContext =
+          setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, true,
+              // SAN matcher in CommonValidationContext. Will be overridden by autoSniSanValidation
+              "server1.test.google.in",
+              false,
+              SNI_IN_UTC,
+              false, true);
+
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+          getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+      unaryRpc(/* requestMessage= */ "buddy", blockingStub);
+    } finally {
+      Files.deleteIfExists(trustStoreFilePath);
+      clearTrustStoreSystemProperties();
+      CertificateUtils.isXdsSniEnabled = false;
+    }
+  }
+
+  @Test
+  public void tlsClientServer_autoSniValidation_sniFromHostname()
+      throws Exception {
+    CertificateUtils.isXdsSniEnabled = true;
+    Path trustStoreFilePath = getCacertFilePathForTestCa();
+    try {
+      setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
+      DownstreamTlsContext downstreamTlsContext =
+          setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+              null, false, false);
+      buildServerWithTlsContext(downstreamTlsContext);
+
+      UpstreamTlsContext upstreamTlsContext =
+          setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, true,
+              // SAN matcher in CommonValidationContext. Will be overridden by autoSniSanValidation
+              "server1.test.google.in",
+              false,
+              "",
+              true, true);
+
+      // TODO: Change this to foo.test.gooogle.fr that needs wildcard matching after
+      // https://github.com/grpc/grpc-java/pull/12345 is done
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+          getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY,
+              "waterzooi.test.google.be");
+      unaryRpc(/* requestMessage= */ "buddy", blockingStub);
+    } finally {
+      Files.deleteIfExists(trustStoreFilePath);
+      clearTrustStoreSystemProperties();
+      CertificateUtils.isXdsSniEnabled = false;
+    }
+  }
+
+  @Test
+  public void tlsClientServer_autoSniValidation_noSniApplicable_usesMatcherFromCmnVdnCtx()
+      throws Exception {
+    CertificateUtils.isXdsSniEnabled = true;
+    Path trustStoreFilePath = getCacertFilePathForTestCa();
+    try {
+      setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
+      DownstreamTlsContext downstreamTlsContext =
+          setBootstrapInfoAndBuildDownstreamTlsContext(SERVER_1_PEM_FILE, null, null, null, null,
+              null, false, false);
+      buildServerWithTlsContext(downstreamTlsContext);
+
+      UpstreamTlsContext upstreamTlsContext =
+          setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, true,
+              // This is what will get used for the SAN validation since no SNI was used
+              "waterzooi.test.google.be",
+              false,
+              "",
+              false, true);
+
+      SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
+          getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
+      unaryRpc(/* requestMessage= */ "buddy", blockingStub);
+    } finally {
+      Files.deleteIfExists(trustStoreFilePath);
+      clearTrustStoreSystemProperties();
+      CertificateUtils.isXdsSniEnabled = false;
+    }
+  }
+
   /**
    * Use system root ca cert for TLS channel - mTLS.
    */
@@ -326,8 +425,7 @@ public void tlsClientServer_useSystemRootCerts_requireClientAuth() throws Except
 
       UpstreamTlsContext upstreamTlsContext =
           setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, true, SAN_TO_MATCH, false);
-
+              CLIENT_PEM_FILE, true, SNI_IN_UTC, false, "", false, false);
       SimpleServiceGrpc.SimpleServiceBlockingStub blockingStub =
           getBlockingStub(upstreamTlsContext, /* overrideAuthority= */ OVERRIDE_AUTHORITY);
       assertThat(unaryRpc(/* requestMessage= */ "buddy", blockingStub)).isEqualTo("Hello buddy");
@@ -608,7 +706,11 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContext(String cli
   private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(
       String clientKeyFile,
       String clientPemFile,
-      boolean useCombinedValidationContext, String sanToMatch, boolean isMtls) {
+      boolean useCombinedValidationContext,
+      String sanToMatch,
+      boolean isMtls,
+      String sniInUpstreamTlsContext,
+      boolean autoHostSni, boolean autoSniSanValidation) {
     bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", clientKeyFile, clientPemFile,
             CA_PEM_FILE, null, null, null, null, null);
@@ -623,7 +725,7 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSys
               .addMatchSubjectAltNames(
                   StringMatcher.newBuilder()
                       .setExact(sanToMatch))
-              .build());
+              .build(), sniInUpstreamTlsContext, autoHostSni, autoSniSanValidation);
     }
     return CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(
         "google_cloud_private_spiffe-client", "ROOT", null,
@@ -708,8 +810,20 @@ static EnvoyServerProtoData.Listener buildListener(
   }
 
   private SimpleServiceGrpc.SimpleServiceBlockingStub getBlockingStub(
-      final UpstreamTlsContext upstreamTlsContext, String overrideAuthority)
-      throws URISyntaxException {
+      final UpstreamTlsContext upstreamTlsContext, String overrideAuthority) {
+    return getBlockingStub(upstreamTlsContext, overrideAuthority, overrideAuthority);
+  }
+
+  // Two separate parameters for overrideAuthority and addrAttribute is for the SAN SNI validation
+  // test tlsClientServer_useSystemRootCerts_sni_san_validation_from_hostname that uses hostname
+  // passed for SNI. foo.test.google.fr is used for virtual host matching via authority but it
+  // can't be used for SNI in this testcase because foo.test.google.fr needs wildcard matching to
+  // match against *.test.google.fr in the certificate SNI, which isn't implemented yet
+  // (https://github.com/grpc/grpc-java/pull/12345 implements it)
+  // so use an exact match SAN such as waterzooi.test.google.be for SNI for this testcase.
+  private SimpleServiceGrpc.SimpleServiceBlockingStub getBlockingStub(
+      final UpstreamTlsContext upstreamTlsContext, String overrideAuthority,
+      String addrNameAttribute) {
     ManagedChannelBuilder<?> channelBuilder =
         Grpc.newChannelBuilder(
             "sectest://localhost:" + port,
@@ -721,14 +835,16 @@ private SimpleServiceGrpc.SimpleServiceBlockingStub getBlockingStub(
     InetSocketAddress socketAddress =
         new InetSocketAddress(Inet4Address.getLoopbackAddress(), port);
     tlsContextManagerForClient = new TlsContextManagerImpl(bootstrapInfoForClient);
-    sslContextAttributes =
-        (upstreamTlsContext != null)
-            ? Attributes.newBuilder()
-                .set(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
-                    new SslContextProviderSupplier(
-                        upstreamTlsContext, tlsContextManagerForClient))
-                .build()
-            : Attributes.EMPTY;
+    Attributes.Builder sslContextAttributesBuilder = (upstreamTlsContext != null)
+        ? Attributes.newBuilder()
+        .set(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
+            new SslContextProviderSupplier(
+                upstreamTlsContext, tlsContextManagerForClient))
+        : Attributes.newBuilder();
+    if (addrNameAttribute != null) {
+      sslContextAttributesBuilder.set(XdsInternalAttributes.ATTR_ADDRESS_NAME, addrNameAttribute);
+    }
+    sslContextAttributes = sslContextAttributesBuilder.build();
     fakeNameResolverFactory.setServers(
         ImmutableList.of(new EquivalentAddressGroup(socketAddress, sslContextAttributes)));
     return SimpleServiceGrpc.newBlockingStub(cleanupRule.register(channelBuilder.build()));
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
index 8f970c86366..80a8083fb27 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
@@ -36,10 +36,12 @@
 import java.io.InputStream;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.AbstractMap;
 import java.util.Arrays;
 import java.util.List;
 import java.util.concurrent.Executor;
 import javax.annotation.Nullable;
+import javax.net.ssl.X509TrustManager;
 
 /** Utility class for client and server ssl provider tests. */
 public class CommonTlsContextTestsUtil {
@@ -151,11 +153,24 @@ public static String getTempFileNameForResourcesFile(String resFile) throws IOEx
    * Helper method to build UpstreamTlsContext for above tests. Called from other classes as well.
    */
   static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
-      CommonTlsContext commonTlsContext) {
-    UpstreamTlsContext upstreamTlsContext =
-        UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
+        CommonTlsContext commonTlsContext) {
+    return buildUpstreamTlsContext(commonTlsContext, "", false, false);
+  }
+
+  /**
+   * Helper method to build UpstreamTlsContext with SNI info.
+   */
+  static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
+        CommonTlsContext commonTlsContext, String sni, boolean autoHostSni,
+        boolean autoSniSanValidation) {
+    UpstreamTlsContext.Builder upstreamTlsContext =
+        UpstreamTlsContext.newBuilder()
+            .setCommonTlsContext(commonTlsContext)
+            .setAutoHostSni(autoHostSni)
+            .setAutoSniSanValidation(autoSniSanValidation)
+            .setSni(sni);
     return EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
-        upstreamTlsContext);
+        upstreamTlsContext.build());
   }
 
   /** Helper method to build UpstreamTlsContext for multiple test classes. */
@@ -170,6 +185,21 @@ public static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
         null);
   }
 
+  /** Helper method to build UpstreamTlsContext with SNI info. */
+  public static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
+      String commonInstanceName, boolean hasIdentityCert, String sni, boolean autoHostSni) {
+    return buildUpstreamTlsContextForCertProviderInstance(
+        hasIdentityCert ? commonInstanceName : null,
+        hasIdentityCert ? "default" : null,
+        commonInstanceName,
+        "ROOT",
+        null,
+        null,
+        sni,
+        autoHostSni,
+        false);
+  }
+
   /** Gets a cert from contents of a resource. */
   public static X509Certificate getCertFromResourceName(String resourceName)
       throws IOException, CertificateException {
@@ -286,7 +316,31 @@ private static CommonTlsContext.Builder addNewCertificateValidationContext(
             rootInstanceName,
             rootCertName,
             alpnProtocols,
-            staticCertValidationContext));
+            staticCertValidationContext),
+        "", false, false);
+  }
+
+  /** Helper method to build UpstreamTlsContext with SNI info for CertProvider tests. */
+  public static EnvoyServerProtoData.UpstreamTlsContext
+      buildUpstreamTlsContextForCertProviderInstance(
+          @Nullable String certInstanceName,
+          @Nullable String certName,
+          @Nullable String rootInstanceName,
+          @Nullable String rootCertName,
+          Iterable<String> alpnProtocols,
+          CertificateValidationContext staticCertValidationContext,
+          String sni,
+          boolean autoHostSni,
+          boolean autoSniSanValidation) {
+    return buildUpstreamTlsContext(
+        buildCommonTlsContextForCertProviderInstance(
+            certInstanceName,
+            certName,
+            rootInstanceName,
+            rootCertName,
+            alpnProtocols,
+            staticCertValidationContext),
+        sni, autoHostSni, autoSniSanValidation);
   }
 
   /** Helper method to build UpstreamTlsContext for CertProvider tests. */
@@ -305,7 +359,8 @@ private static CommonTlsContext.Builder addNewCertificateValidationContext(
             rootInstanceName,
             rootCertName,
             alpnProtocols,
-            staticCertValidationContext));
+            staticCertValidationContext),
+    "", false, false);
   }
 
   /** Helper method to build DownstreamTlsContext for CertProvider tests. */
@@ -349,14 +404,15 @@ private static CommonTlsContext.Builder addNewCertificateValidationContext(
   }
 
   /** Perform some simple checks on sslContext. */
-  public static void doChecksOnSslContext(boolean server, SslContext sslContext,
+  public static void doChecksOnSslContext(boolean server,
+      AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm,
       List<String> expectedApnProtos) {
     if (server) {
-      assertThat(sslContext.isServer()).isTrue();
+      assertThat(sslContextAndTm.getKey().isServer()).isTrue();
     } else {
-      assertThat(sslContext.isClient()).isTrue();
+      assertThat(sslContextAndTm.getKey().isClient()).isTrue();
     }
-    List<String> apnProtos = sslContext.applicationProtocolNegotiator().protocols();
+    List<String> apnProtos = sslContextAndTm.getKey().applicationProtocolNegotiator().protocols();
     assertThat(apnProtos).isNotNull();
     if (expectedApnProtos != null) {
       assertThat(apnProtos).isEqualTo(expectedApnProtos);
@@ -382,7 +438,7 @@ public static TestCallback getValueThruCallback(SslContextProvider provider, Exe
 
   public static class TestCallback extends SslContextProvider.Callback {
 
-    public SslContext updatedSslContext;
+    public AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> updatedSslContext;
     public Throwable updatedThrowable;
 
     public TestCallback(Executor executor) {
@@ -390,7 +446,8 @@ public TestCallback(Executor executor) {
     }
 
     @Override
-    public void updateSslContext(SslContext sslContext) {
+    public void updateSslContextAndExtendedX509TrustManager(
+        AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContext) {
       updatedSslContext = sslContext;
     }
 
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
index a0139618f9f..061e6bad581 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
@@ -50,9 +50,11 @@
 import io.grpc.xds.TlsContextManager;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
+import io.grpc.xds.internal.XdsInternalAttributes;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSecurityHandler;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSecurityProtocolNegotiator;
 import io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils;
+import io.grpc.xds.internal.security.trust.CertificateUtils;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPipeline;
@@ -73,11 +75,13 @@
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.security.cert.CertStoreException;
+import java.util.AbstractMap;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
+import javax.net.ssl.X509TrustManager;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -86,6 +90,10 @@
 @RunWith(JUnit4.class)
 public class SecurityProtocolNegotiatorsTest {
 
+  private static final String HOSTNAME = "hostname";
+  private static final String SNI_IN_UTC = "sni-in-upstream-tls-context";
+  private static final String FAKE_AUTHORITY = "authority";
+
   private final GrpcHttp2ConnectionHandler grpcHandler =
       FakeGrpcHttp2ConnectionHandler.newHandler();
 
@@ -121,8 +129,8 @@ public void clientSecurityProtocolNegotiatorNewHandler_noFallback_expectExceptio
 
   @Test
   public void clientSecurityProtocolNegotiatorNewHandler_withTlsContextAttribute() {
-    UpstreamTlsContext upstreamTlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext(CommonTlsContext.newBuilder().build());
+    UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+        CommonTlsContext.newBuilder().build());
     ClientSecurityProtocolNegotiator pn =
         new ClientSecurityProtocolNegotiator(InternalProtocolNegotiators.plaintext());
     GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class);
@@ -141,6 +149,36 @@ public void clientSecurityProtocolNegotiatorNewHandler_withTlsContextAttribute()
     assertThat(newHandler).isInstanceOf(ClientSecurityHandler.class);
   }
 
+  @Test
+  public void clientSecurityProtocolNegotiator_autoHostSni_hostnamePassedToClientSecurityHandlr() {
+    CertificateUtils.isXdsSniEnabled = true;
+    try {
+      UpstreamTlsContext upstreamTlsContext =
+          CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+              CommonTlsContext.newBuilder().build(), "", true, false);
+      ClientSecurityProtocolNegotiator pn =
+          new ClientSecurityProtocolNegotiator(InternalProtocolNegotiators.plaintext());
+      GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class);
+      ChannelLogger logger = mock(ChannelLogger.class);
+      doNothing().when(logger).log(any(ChannelLogLevel.class), anyString());
+      when(mockHandler.getNegotiationLogger()).thenReturn(logger);
+      TlsContextManager mockTlsContextManager = mock(TlsContextManager.class);
+      when(mockHandler.getEagAttributes())
+          .thenReturn(
+              Attributes.newBuilder()
+                  .set(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
+                      new SslContextProviderSupplier(upstreamTlsContext, mockTlsContextManager))
+                  .set(XdsInternalAttributes.ATTR_ADDRESS_NAME, FAKE_AUTHORITY)
+                  .build());
+      ChannelHandler newHandler = pn.newHandler(mockHandler);
+      assertThat(newHandler).isNotNull();
+      assertThat(newHandler).isInstanceOf(ClientSecurityHandler.class);
+      assertThat(((ClientSecurityHandler) newHandler).getSni()).isEqualTo(FAKE_AUTHORITY);
+    } finally {
+      CertificateUtils.isXdsSniEnabled = false;
+    }
+  }
+
   @Test
   public void clientSecurityHandler_addLast()
       throws InterruptedException, TimeoutException, ExecutionException {
@@ -157,7 +195,7 @@ public void clientSecurityHandler_addLast()
         new SslContextProviderSupplier(upstreamTlsContext,
             new TlsContextManagerImpl(bootstrapInfoForClient));
     ClientSecurityHandler clientSecurityHandler =
-        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier);
+        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
     pipeline.addLast(clientSecurityHandler);
     channelHandlerCtx = pipeline.context(clientSecurityHandler);
     assertNotNull(channelHandlerCtx);
@@ -168,8 +206,9 @@ public void clientSecurityHandler_addLast()
     sslContextProviderSupplier
         .updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {
           @Override
-          public void updateSslContext(SslContext sslContext) {
-            future.set(sslContext);
+          public void updateSslContextAndExtendedX509TrustManager(
+              AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm) {
+            future.set(sslContextAndTm);
           }
 
           @Override
@@ -180,7 +219,7 @@ protected void onException(Throwable throwable) {
     assertThat(executor.runDueTasks()).isEqualTo(1);
     channel.runPendingTasks();
     Object fromFuture = future.get(2, TimeUnit.SECONDS);
-    assertThat(fromFuture).isInstanceOf(SslContext.class);
+    assertThat(fromFuture).isInstanceOf(AbstractMap.SimpleImmutableEntry.class);
     channel.runPendingTasks();
     channelHandlerCtx = pipeline.context(clientSecurityHandler);
     assertThat(channelHandlerCtx).isNull();
@@ -194,6 +233,114 @@ protected void onException(Throwable throwable) {
     CommonCertProviderTestUtils.register0();
   }
 
+  @Test
+  public void sniInClientSecurityHandler_autoHostSniIsTrue_usesEndpointHostname() {
+    CertificateUtils.isXdsSniEnabled = true;
+    try {
+      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+      UpstreamTlsContext upstreamTlsContext =
+          CommonTlsContextTestsUtil
+              .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true, "", true);
+      SslContextProviderSupplier sslContextProviderSupplier =
+          new SslContextProviderSupplier(upstreamTlsContext,
+              new TlsContextManagerImpl(bootstrapInfoForClient));
+
+      ClientSecurityHandler clientSecurityHandler =
+          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
+
+      assertThat(clientSecurityHandler.getSni()).isEqualTo(HOSTNAME);
+    } finally {
+      CertificateUtils.isXdsSniEnabled = false;
+    }
+  }
+
+  @Test
+  public void sniInClientSecurityHandler_autoHostSni_endpointHostnameIsEmpty_usesSniFromUtc() {
+    CertificateUtils.isXdsSniEnabled = true;
+    try {
+      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+      UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+          "google_cloud_private_spiffe-client", true, SNI_IN_UTC, true);
+      SslContextProviderSupplier sslContextProviderSupplier =
+          new SslContextProviderSupplier(upstreamTlsContext,
+              new TlsContextManagerImpl(bootstrapInfoForClient));
+
+      ClientSecurityHandler clientSecurityHandler =
+          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, "");
+
+      assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
+    } finally {
+      CertificateUtils.isXdsSniEnabled = false;
+    }
+  }
+
+  @Test
+  public void sniInClientSecurityHandler_autoHostSni_endpointHostnameIsNull_usesSniFromUtc() {
+    CertificateUtils.isXdsSniEnabled = true;
+    try {
+      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+      UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+          "google_cloud_private_spiffe-client", true, SNI_IN_UTC, true);
+      SslContextProviderSupplier sslContextProviderSupplier =
+          new SslContextProviderSupplier(upstreamTlsContext,
+              new TlsContextManagerImpl(bootstrapInfoForClient));
+
+      ClientSecurityHandler clientSecurityHandler =
+          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, null);
+
+      assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
+    } finally {
+      CertificateUtils.isXdsSniEnabled = false;
+    }
+  }
+
+  @Test
+  public void sniInClientSecurityHandler_autoHostSniIsFalse_usesSniFromUpstreamTlsContext() {
+    CertificateUtils.isXdsSniEnabled = true;
+    try {
+      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+      UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+          "google_cloud_private_spiffe-client", true, SNI_IN_UTC, false);
+      SslContextProviderSupplier sslContextProviderSupplier =
+          new SslContextProviderSupplier(upstreamTlsContext,
+              new TlsContextManagerImpl(bootstrapInfoForClient));
+
+      ClientSecurityHandler clientSecurityHandler =
+          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
+
+      assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
+    } finally {
+      CertificateUtils.isXdsSniEnabled = false;
+    }
+  }
+
+  @Test
+  public void sniFeatureNotEnabled_usesChannelAuthorityForSni() {
+    CertificateUtils.isXdsSniEnabled = false;
+    Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+            .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+                    CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+    UpstreamTlsContext upstreamTlsContext =
+            CommonTlsContextTestsUtil
+                .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
+    SslContextProviderSupplier sslContextProviderSupplier =
+            new SslContextProviderSupplier(upstreamTlsContext,
+                    new TlsContextManagerImpl(bootstrapInfoForClient));
+
+    ClientSecurityHandler clientSecurityHandler =
+            new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
+
+    assertThat(clientSecurityHandler.getSni()).isEqualTo(FAKE_AUTHORITY);
+  }
+
   @Test
   public void serverSecurityHandler_addLast()
       throws InterruptedException, TimeoutException, ExecutionException {
@@ -245,8 +392,9 @@ public SocketAddress remoteAddress() {
     sslContextProviderSupplier
         .updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {
           @Override
-          public void updateSslContext(SslContext sslContext) {
-            future.set(sslContext);
+          public void updateSslContextAndExtendedX509TrustManager(
+              AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm) {
+            future.set(sslContextAndTm);
           }
 
           @Override
@@ -257,7 +405,7 @@ protected void onException(Throwable throwable) {
     channel.runPendingTasks(); // need this for tasks to execute on eventLoop
     assertThat(executor.runDueTasks()).isEqualTo(1);
     Object fromFuture = future.get(2, TimeUnit.SECONDS);
-    assertThat(fromFuture).isInstanceOf(SslContext.class);
+    assertThat(fromFuture).isInstanceOf(AbstractMap.SimpleImmutableEntry.class);
     channel.runPendingTasks();
     channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSecurityHandler.class);
     assertThat(channelHandlerCtx).isNull();
@@ -356,53 +504,59 @@ public void nullTlsContext_nullFallbackProtocolNegotiator_expectException() {
   @Test
   public void clientSecurityProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent()
           throws InterruptedException, TimeoutException, ExecutionException {
-    FakeClock executor = new FakeClock();
-    CommonCertProviderTestUtils.register(executor);
-    Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
-        .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
-            CA_PEM_FILE, null, null, null, null, null);
-    UpstreamTlsContext upstreamTlsContext =
-        CommonTlsContextTestsUtil
-            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
-
-    SslContextProviderSupplier sslContextProviderSupplier =
-        new SslContextProviderSupplier(upstreamTlsContext,
-            new TlsContextManagerImpl(bootstrapInfoForClient));
-    ClientSecurityHandler clientSecurityHandler =
-        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier);
-
-    pipeline.addLast(clientSecurityHandler);
-    channelHandlerCtx = pipeline.context(clientSecurityHandler);
-    assertNotNull(channelHandlerCtx); // non-null since we just added it
-
-    // kick off protocol negotiation.
-    pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault());
-    final SettableFuture<Object> future = SettableFuture.create();
-    sslContextProviderSupplier
-        .updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {
-          @Override
-          public void updateSslContext(SslContext sslContext) {
-            future.set(sslContext);
-          }
-
-          @Override
-          protected void onException(Throwable throwable) {
-            future.set(throwable);
-          }
-        });
-    executor.runDueTasks();
-    channel.runPendingTasks(); // need this for tasks to execute on eventLoop
-    Object fromFuture = future.get(5, TimeUnit.SECONDS);
-    assertThat(fromFuture).isInstanceOf(SslContext.class);
-    channel.runPendingTasks();
-    channelHandlerCtx = pipeline.context(clientSecurityHandler);
-    assertThat(channelHandlerCtx).isNull();
-    Object sslEvent = SslHandshakeCompletionEvent.SUCCESS;
-
-    pipeline.fireUserEventTriggered(sslEvent);
-    channel.runPendingTasks(); // need this for tasks to execute on eventLoop
-    assertTrue(channel.isOpen());
-    CommonCertProviderTestUtils.register0();
+    CertificateUtils.isXdsSniEnabled = true;
+    try {
+      FakeClock executor = new FakeClock();
+      CommonCertProviderTestUtils.register(executor);
+      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+      UpstreamTlsContext upstreamTlsContext =
+          CommonTlsContextTestsUtil
+              .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
+
+      SslContextProviderSupplier sslContextProviderSupplier =
+          new SslContextProviderSupplier(upstreamTlsContext,
+              new TlsContextManagerImpl(bootstrapInfoForClient));
+      ClientSecurityHandler clientSecurityHandler =
+          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
+
+      pipeline.addLast(clientSecurityHandler);
+      channelHandlerCtx = pipeline.context(clientSecurityHandler);
+      assertNotNull(channelHandlerCtx); // non-null since we just added it
+
+      // kick off protocol negotiation.
+      pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault());
+      final SettableFuture<Object> future = SettableFuture.create();
+      sslContextProviderSupplier
+          .updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {
+            @Override
+            public void updateSslContextAndExtendedX509TrustManager(
+                AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm) {
+              future.set(sslContextAndTm);
+            }
+
+            @Override
+            protected void onException(Throwable throwable) {
+              future.set(throwable);
+            }
+          });
+      executor.runDueTasks();
+      channel.runPendingTasks(); // need this for tasks to execute on eventLoop
+      Object fromFuture = future.get(5, TimeUnit.SECONDS);
+      assertThat(fromFuture).isInstanceOf(AbstractMap.SimpleImmutableEntry.class);
+      channel.runPendingTasks();
+      channelHandlerCtx = pipeline.context(clientSecurityHandler);
+      assertThat(channelHandlerCtx).isNull();
+      Object sslEvent = SslHandshakeCompletionEvent.SUCCESS;
+
+      pipeline.fireUserEventTriggered(sslEvent);
+      channel.runPendingTasks(); // need this for tasks to execute on eventLoop
+      assertTrue(channel.isOpen());
+      CommonCertProviderTestUtils.register0();
+    } finally {
+      CertificateUtils.isXdsSniEnabled = false;
+    }
   }
 
   @Test
@@ -420,7 +574,7 @@ public void clientSecurityProtocolNegotiatorNewHandler_handleHandlerRemoved() {
         new SslContextProviderSupplier(upstreamTlsContext,
             new TlsContextManagerImpl(bootstrapInfoForClient));
     ClientSecurityHandler clientSecurityHandler =
-        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier);
+        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
 
     pipeline.addLast(clientSecurityHandler);
     channelHandlerCtx = pipeline.context(clientSecurityHandler);
@@ -458,7 +612,7 @@ static FakeGrpcHttp2ConnectionHandler newHandler() {
 
     @Override
     public String getAuthority() {
-      return "authority";
+      return FAKE_AUTHORITY;
     }
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java
index f476818297d..9b6e1ecbc74 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java
@@ -17,8 +17,9 @@
 package io.grpc.xds.internal.security;
 
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.buildUpstreamTlsContext;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.mock;
@@ -26,10 +27,13 @@
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
+import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.grpc.xds.EnvoyServerProtoData;
 import io.grpc.xds.TlsContextManager;
 import io.netty.handler.ssl.SslContext;
+import java.util.AbstractMap;
 import java.util.concurrent.Executor;
+import javax.net.ssl.X509TrustManager;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -47,14 +51,14 @@ public class SslContextProviderSupplierTest {
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
 
   @Mock private TlsContextManager mockTlsContextManager;
+  @Mock private Executor mockExecutor;
   private SslContextProviderSupplier supplier;
   private SslContextProvider mockSslContextProvider;
-  private EnvoyServerProtoData.UpstreamTlsContext upstreamTlsContext;
+  private EnvoyServerProtoData.UpstreamTlsContext upstreamTlsContext =
+      buildUpstreamTlsContext("google_cloud_private_spiffe", true);
   private SslContextProvider.Callback mockCallback;
 
   private void prepareSupplier() {
-    upstreamTlsContext =
-            CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
     mockSslContextProvider = mock(SslContextProvider.class);
     doReturn(mockSslContextProvider)
             .when(mockTlsContextManager)
@@ -64,7 +68,6 @@ private void prepareSupplier() {
 
   private void callUpdateSslContext() {
     mockCallback = mock(SslContextProvider.Callback.class);
-    Executor mockExecutor = mock(Executor.class);
     doReturn(mockExecutor).when(mockCallback).getExecutor();
     supplier.updateSslContext(mockCallback);
   }
@@ -82,9 +85,12 @@ public void get_updateSecret() {
     verify(mockSslContextProvider, times(1)).addCallback(callbackCaptor.capture());
     SslContextProvider.Callback capturedCallback = callbackCaptor.getValue();
     assertThat(capturedCallback).isNotNull();
-    SslContext mockSslContext = mock(SslContext.class);
-    capturedCallback.updateSslContext(mockSslContext);
-    verify(mockCallback, times(1)).updateSslContext(eq(mockSslContext));
+    @SuppressWarnings("unchecked")
+    AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> mockSslContextAndTm =
+        mock(AbstractMap.SimpleImmutableEntry.class);
+    capturedCallback.updateSslContextAndExtendedX509TrustManager(mockSslContextAndTm);
+    verify(mockCallback, times(1))
+        .updateSslContextAndExtendedX509TrustManager(eq(mockSslContextAndTm));
     verify(mockTlsContextManager, times(1))
         .releaseClientSslContextProvider(eq(mockSslContextProvider));
     SslContextProvider.Callback mockCallback = mock(SslContextProvider.Callback.class);
@@ -94,14 +100,42 @@ public void get_updateSecret() {
   }
 
   @Test
-  public void get_onException() {
+  public void autoHostSniFalse_usesSniFromUpstreamTlsContext() {
     prepareSupplier();
     callUpdateSslContext();
+    verify(mockTlsContextManager, times(2))
+            .findOrCreateClientSslContextProvider(eq(upstreamTlsContext));
+    verify(mockTlsContextManager, times(0))
+            .releaseClientSslContextProvider(any(SslContextProvider.class));
     ArgumentCaptor<SslContextProvider.Callback> callbackCaptor =
         ArgumentCaptor.forClass(SslContextProvider.Callback.class);
     verify(mockSslContextProvider, times(1)).addCallback(callbackCaptor.capture());
     SslContextProvider.Callback capturedCallback = callbackCaptor.getValue();
     assertThat(capturedCallback).isNotNull();
+    @SuppressWarnings("unchecked")
+    AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> mockSslContextAndTm =
+        mock(AbstractMap.SimpleImmutableEntry.class);
+    capturedCallback.updateSslContextAndExtendedX509TrustManager(mockSslContextAndTm);
+    verify(mockCallback, times(1))
+        .updateSslContextAndExtendedX509TrustManager(eq(mockSslContextAndTm));
+    verify(mockTlsContextManager, times(1))
+        .releaseClientSslContextProvider(eq(mockSslContextProvider));
+    SslContextProvider.Callback mockCallback = mock(SslContextProvider.Callback.class);
+    supplier.updateSslContext(mockCallback);
+    verify(mockTlsContextManager, times(3))
+        .findOrCreateClientSslContextProvider(eq(upstreamTlsContext));
+  }
+
+  @Test
+  public void get_onException() {
+    prepareSupplier();
+    callUpdateSslContext();
+    ArgumentCaptor<SslContextProvider.Callback> callbackCaptor =
+        ArgumentCaptor.forClass(SslContextProvider.Callback.class);
+    verify(mockSslContextProvider, times(1))
+            .addCallback(callbackCaptor.capture());
+    SslContextProvider.Callback capturedCallback = callbackCaptor.getValue();
+    assertThat(capturedCallback).isNotNull();
     Exception exception = new Exception("test");
     capturedCallback.onException(exception);
     verify(mockCallback, times(1)).onException(eq(exception));
@@ -109,6 +143,46 @@ public void get_onException() {
         .releaseClientSslContextProvider(eq(mockSslContextProvider));
   }
 
+  @Test
+  public void systemRootCertsWithMtls_callbackExecutedFromProvider() {
+    upstreamTlsContext =
+        CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(
+            "gcp_id",
+            "cert-default",
+            null,
+            "root-default",
+            null,
+            CertificateValidationContext.newBuilder()
+                .setSystemRootCerts(
+                    CertificateValidationContext.SystemRootCerts.getDefaultInstance())
+                .build());
+    prepareSupplier();
+
+    callUpdateSslContext();
+
+    verify(mockTlsContextManager, times(2))
+        .findOrCreateClientSslContextProvider(eq(upstreamTlsContext));
+    verify(mockTlsContextManager, times(0))
+        .releaseClientSslContextProvider(any(SslContextProvider.class));
+    ArgumentCaptor<SslContextProvider.Callback> callbackCaptor =
+        ArgumentCaptor.forClass(SslContextProvider.Callback.class);
+    verify(mockSslContextProvider, times(1)).addCallback(callbackCaptor.capture());
+    SslContextProvider.Callback capturedCallback = callbackCaptor.getValue();
+    assertThat(capturedCallback).isNotNull();
+    @SuppressWarnings("unchecked")
+    AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> mockSslContextAndTm =
+        mock(AbstractMap.SimpleImmutableEntry.class);
+    capturedCallback.updateSslContextAndExtendedX509TrustManager(mockSslContextAndTm);
+    verify(mockCallback, times(1))
+        .updateSslContextAndExtendedX509TrustManager(eq(mockSslContextAndTm));
+    verify(mockTlsContextManager, times(1))
+        .releaseClientSslContextProvider(eq(mockSslContextProvider));
+    SslContextProvider.Callback mockCallback = mock(SslContextProvider.Callback.class);
+    supplier.updateSslContext(mockCallback);
+    verify(mockTlsContextManager, times(3))
+        .findOrCreateClientSslContextProvider(eq(upstreamTlsContext));
+  }
+
   @Test
   public void testClose() {
     prepareSupplier();
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
index 3c734df3f5a..875a57b8f3d 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
@@ -140,7 +140,7 @@ public void testProviderForClient_mtls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate cert update
     watcherCaptor[0].updateCertificate(
@@ -148,11 +148,11 @@ public void testProviderForClient_mtls() throws Exception {
         ImmutableList.of(getCertFromResourceName(CLIENT_PEM_FILE)));
     assertThat(provider.savedKey).isNotNull();
     assertThat(provider.savedCertChain).isNotNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate root cert update
     watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
@@ -181,40 +181,11 @@ public void testProviderForClient_mtls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
     assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
   }
 
-  @Test
-  public void testProviderForClient_systemRootCerts_regularTls() {
-    final CertificateProvider.DistributorWatcher[] watcherCaptor =
-            new CertificateProvider.DistributorWatcher[1];
-    TestCertificateProvider.createAndRegisterProviderProvider(
-            certificateProviderRegistry, watcherCaptor, "testca", 0);
-    CertProviderClientSslContextProvider provider =
-        getSslContextProvider(
-                null,
-                null,
-            CommonBootstrapperTestUtils.getTestBootstrapInfo(),
-            /* alpnProtocols= */ null,
-            CertificateValidationContext.newBuilder()
-                .setSystemRootCerts(
-                        CertificateValidationContext.SystemRootCerts.getDefaultInstance())
-                .build(),
-            true);
-
-    assertThat(provider.savedKey).isNull();
-    assertThat(provider.savedCertChain).isNull();
-    assertThat(provider.savedTrustedRoots).isNotNull();
-    assertThat(provider.getSslContext()).isNotNull();
-    TestCallback testCallback =
-        CommonTlsContextTestsUtil.getValueThruCallback(provider);
-    assertThat(testCallback.updatedSslContext).isEqualTo(provider.getSslContext());
-
-    assertThat(watcherCaptor[0]).isNull();
-  }
-
   @Test
   public void testProviderForClient_systemRootCerts_mtls() throws Exception {
     final CertificateProvider.DistributorWatcher[] watcherCaptor =
@@ -236,7 +207,7 @@ public void testProviderForClient_systemRootCerts_mtls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNotNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate cert update
     watcherCaptor[0].updateCertificate(
@@ -245,7 +216,7 @@ public void testProviderForClient_systemRootCerts_mtls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNotNull();
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
 
     TestCallback testCallback =
         CommonTlsContextTestsUtil.getValueThruCallback(provider);
@@ -262,11 +233,40 @@ public void testProviderForClient_systemRootCerts_mtls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNotNull();
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
     assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
   }
 
+  @Test
+  public void testProviderForClient_systemRootCerts_regularTls() {
+    final CertificateProvider.DistributorWatcher[] watcherCaptor =
+            new CertificateProvider.DistributorWatcher[1];
+    TestCertificateProvider.createAndRegisterProviderProvider(
+            certificateProviderRegistry, watcherCaptor, "testca", 0);
+    CertProviderClientSslContextProvider provider =
+        getSslContextProvider(
+                null,
+                null,
+            CommonBootstrapperTestUtils.getTestBootstrapInfo(),
+            /* alpnProtocols= */ null,
+            CertificateValidationContext.newBuilder()
+                .setSystemRootCerts(
+                        CertificateValidationContext.SystemRootCerts.getDefaultInstance())
+                .build(),
+            true);
+
+    assertThat(provider.savedKey).isNull();
+    assertThat(provider.savedCertChain).isNull();
+    assertThat(provider.savedTrustedRoots).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
+    TestCallback testCallback =
+        CommonTlsContextTestsUtil.getValueThruCallback(provider);
+    assertThat(testCallback.updatedSslContext).isEqualTo(provider.getSslContextAndTrustManager());
+
+    assertThat(watcherCaptor[0]).isNull();
+  }
+
   @Test
   public void testProviderForClient_mtls_newXds() throws Exception {
     final CertificateProvider.DistributorWatcher[] watcherCaptor =
@@ -284,7 +284,7 @@ public void testProviderForClient_mtls_newXds() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate cert update
     watcherCaptor[0].updateCertificate(
@@ -292,11 +292,11 @@ public void testProviderForClient_mtls_newXds() throws Exception {
             ImmutableList.of(getCertFromResourceName(CLIENT_PEM_FILE)));
     assertThat(provider.savedKey).isNotNull();
     assertThat(provider.savedCertChain).isNotNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate root cert update
     watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
@@ -325,7 +325,7 @@ public void testProviderForClient_mtls_newXds() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
     assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
   }
@@ -380,11 +380,11 @@ public void testProviderForClient_tls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate root cert update
     watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java
index 423829ff5af..93559f47245 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java
@@ -127,7 +127,7 @@ public void testProviderForServer_mtls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate cert update
     watcherCaptor[0].updateCertificate(
@@ -135,11 +135,11 @@ public void testProviderForServer_mtls() throws Exception {
         ImmutableList.of(getCertFromResourceName(SERVER_0_PEM_FILE)));
     assertThat(provider.savedKey).isNotNull();
     assertThat(provider.savedCertChain).isNotNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate root cert update
     watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
@@ -168,7 +168,7 @@ public void testProviderForServer_mtls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
     assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
   }
@@ -196,7 +196,7 @@ public void testProviderForServer_mtls_newXds() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate cert update
     watcherCaptor[0].updateCertificate(
@@ -204,11 +204,11 @@ public void testProviderForServer_mtls_newXds() throws Exception {
             ImmutableList.of(getCertFromResourceName(SERVER_0_PEM_FILE)));
     assertThat(provider.savedKey).isNotNull();
     assertThat(provider.savedCertChain).isNotNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate root cert update
     watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
@@ -237,7 +237,7 @@ public void testProviderForServer_mtls_newXds() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
     assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
   }
@@ -294,14 +294,14 @@ public void testProviderForServer_tls() throws Exception {
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
-    assertThat(provider.getSslContext()).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
 
     // now generate cert update
     watcherCaptor[0].updateCertificate(
             CommonCertProviderTestUtils.getPrivateKey(SERVER_0_KEY_FILE),
             ImmutableList.of(getCertFromResourceName(SERVER_0_PEM_FILE)));
 
-    assertThat(provider.getSslContext()).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
     assertThat(provider.savedKey).isNull();
     assertThat(provider.savedCertChain).isNull();
     assertThat(provider.savedTrustedRoots).isNull();
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
index db83961cfc3..0b81c9249dd 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
@@ -91,7 +91,7 @@ public void constructor_fromRootCert()
     CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1",
         "san2");
     XdsTrustManagerFactory factory =
-        new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext);
+        new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext, false);
     assertThat(factory).isNotNull();
     TrustManager[] tms = factory.getTrustManagers();
     assertThat(tms).isNotNull();
@@ -115,7 +115,7 @@ public void constructor_fromSpiffeTrustMap()
         "san2");
     // Single domain and single cert
     XdsTrustManagerFactory factory = new XdsTrustManagerFactory(ImmutableMap
-        .of("example.com", ImmutableList.of(x509Cert)), staticValidationContext);
+        .of("example.com", ImmutableList.of(x509Cert)), staticValidationContext, false);
     assertThat(factory).isNotNull();
     TrustManager[] tms = factory.getTrustManagers();
     assertThat(tms).isNotNull();
@@ -131,7 +131,7 @@ public void constructor_fromSpiffeTrustMap()
     X509Certificate anotherCert = TestUtils.loadX509Cert(CLIENT_PEM_FILE);
     factory = new XdsTrustManagerFactory(ImmutableMap
         .of("example.com", ImmutableList.of(x509Cert),
-            "google.com", ImmutableList.of(x509Cert, anotherCert)), staticValidationContext);
+            "google.com", ImmutableList.of(x509Cert, anotherCert)), staticValidationContext, false);
     assertThat(factory).isNotNull();
     tms = factory.getTrustManagers();
     assertThat(tms).isNotNull();
@@ -154,7 +154,7 @@ public void constructorRootCert_checkServerTrusted()
     CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1",
         "waterzooi.test.google.be");
     XdsTrustManagerFactory factory =
-        new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext);
+        new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext, false);
     XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0];
     X509Certificate[] serverChain =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
@@ -167,7 +167,7 @@ public void constructorRootCert_nonStaticContext_throwsException()
     X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE);
     try {
       new XdsTrustManagerFactory(
-              new X509Certificate[] {x509Cert}, getCertContextFromPath(CA_PEM_FILE));
+              new X509Certificate[] {x509Cert}, getCertContextFromPath(CA_PEM_FILE), false);
       Assert.fail("no exception thrown");
     } catch (IllegalArgumentException expected) {
       assertThat(expected)
@@ -176,6 +176,19 @@ public void constructorRootCert_nonStaticContext_throwsException()
     }
   }
 
+  @Test
+  public void constructorRootCert_nonStaticContext_systemRootCerts_valid()
+      throws CertificateException, IOException, CertStoreException {
+    X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE);
+    CertificateValidationContext certValidationContext = CertificateValidationContext.newBuilder()
+        .setTrustedCa(
+            DataSource.newBuilder().setFilename(TestUtils.loadCert(CA_PEM_FILE).getAbsolutePath()))
+        .setSystemRootCerts(CertificateValidationContext.SystemRootCerts.getDefaultInstance())
+        .build();
+    new XdsTrustManagerFactory(
+        new X509Certificate[] {x509Cert}, certValidationContext, false);
+  }
+
   @Test
   public void constructorRootCert_checkServerTrusted_throwsException()
       throws CertificateException, IOException, CertStoreException {
@@ -183,7 +196,7 @@ public void constructorRootCert_checkServerTrusted_throwsException()
     CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1",
         "san2");
     XdsTrustManagerFactory factory =
-        new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext);
+        new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext, false);
     XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0];
     X509Certificate[] serverChain =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
@@ -204,7 +217,7 @@ public void constructorRootCert_checkClientTrusted_throwsException()
     CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1",
         "san2");
     XdsTrustManagerFactory factory =
-        new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext);
+        new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext, false);
     XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0];
     X509Certificate[] clientChain =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
index ddd0a8e7f94..ffe0536f25b 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
@@ -43,6 +43,7 @@
 import java.security.cert.CertStoreException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
@@ -86,30 +87,32 @@ public XdsX509TrustManagerTest(TestParam testParam) {
 
   @Test
   public void nullCertContextTest() throws CertificateException, IOException {
-    trustManager = new XdsX509TrustManager(null, mockDelegate);
+    trustManager = new XdsX509TrustManager(null, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, new ArrayList<>());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void emptySanListContextTest() throws CertificateException, IOException {
     CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void missingPeerCerts() {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("foo.com").build();
     @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     try {
-      trustManager.verifySubjectAltNameInChain(null);
+      trustManager.verifySubjectAltNameInChain(null, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate(s) missing");
@@ -117,14 +120,15 @@ public void missingPeerCerts() {
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void emptyArrayPeerCerts() {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("foo.com").build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     try {
-      trustManager.verifySubjectAltNameInChain(new X509Certificate[0]);
+      trustManager.verifySubjectAltNameInChain(
+          new X509Certificate[0], certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate(s) missing");
@@ -132,16 +136,16 @@ public void emptyArrayPeerCerts() {
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void noSansInPeerCerts() throws CertificateException, IOException {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("foo.com").build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(CLIENT_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -149,22 +153,23 @@ public void noSansInPeerCerts() throws CertificateException, IOException {
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCertsVerifies() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder()
             .setExact("waterzooi.test.google.be")
             .setIgnoreCase(false)
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCertsVerifies_differentCase_expectException()
       throws CertificateException, IOException {
     StringMatcher stringMatcher =
@@ -172,14 +177,13 @@ public void oneSanInPeerCertsVerifies_differentCase_expectException()
             .setExact("waterZooi.test.Google.be")
             .setIgnoreCase(false)
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -187,47 +191,48 @@ public void oneSanInPeerCertsVerifies_differentCase_expectException()
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCertsVerifies_ignoreCase() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setExact("Waterzooi.Test.google.be").setIgnoreCase(true).build();
     @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_prefix() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder()
             .setPrefix("waterzooi.") // test.google.be
             .setIgnoreCase(false)
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCertsPrefix_differentCase_expectException()
       throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setPrefix("waterZooi.").setIgnoreCase(false).build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -235,47 +240,47 @@ public void oneSanInPeerCertsPrefix_differentCase_expectException()
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_prefixIgnoreCase() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder()
             .setPrefix("WaterZooi.") // test.google.be
             .setIgnoreCase(true)
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_suffix() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setSuffix(".google.be").setIgnoreCase(false).build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCertsSuffix_differentCase_expectException()
       throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setSuffix(".gooGle.bE").setIgnoreCase(false).build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -283,44 +288,45 @@ public void oneSanInPeerCertsSuffix_differentCase_expectException()
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_suffixIgnoreCase() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setSuffix(".GooGle.BE").setIgnoreCase(true).build();
     @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_substring() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setContains("zooi.test.google").setIgnoreCase(false).build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCertsSubstring_differentCase_expectException()
       throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setContains("zooi.Test.gooGle").setIgnoreCase(false).build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -328,81 +334,81 @@ public void oneSanInPeerCertsSubstring_differentCase_expectException()
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_substringIgnoreCase() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setContains("zooI.Test.Google").setIgnoreCase(true).build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_safeRegex() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder()
             .setSafeRegex(
                 RegexMatcher.newBuilder().setRegex("water[[:alpha:]]{1}ooi\\.test\\.google\\.be"))
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_safeRegex1() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder()
             .setSafeRegex(
                 RegexMatcher.newBuilder().setRegex("no-match-string|\\*\\.test\\.youtube\\.com"))
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_safeRegex_ipAddress() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder()
             .setSafeRegex(
                 RegexMatcher.newBuilder().setRegex("([[:digit:]]{1,3}\\.){3}[[:digit:]]{1,3}"))
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCerts_safeRegex_noMatch() throws CertificateException, IOException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder()
             .setSafeRegex(
                 RegexMatcher.newBuilder().setRegex("water[[:alpha:]]{2}ooi\\.test\\.google\\.be"))
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -410,35 +416,35 @@ public void oneSanInPeerCerts_safeRegex_noMatch() throws CertificateException, I
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCertsVerifiesMultipleVerifySans()
           throws CertificateException, IOException {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("x.foo.com").build();
     StringMatcher stringMatcher1 =
         StringMatcher.newBuilder().setExact("waterzooi.test.google.be").build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder()
             .addMatchSubjectAltNames(stringMatcher)
             .addMatchSubjectAltNames(stringMatcher1)
             .build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneSanInPeerCertsNotFoundException()
           throws CertificateException, IOException {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("x.foo.com").build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -446,42 +452,43 @@ public void oneSanInPeerCertsNotFoundException()
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void wildcardSanInPeerCertsVerifiesMultipleVerifySans()
           throws CertificateException, IOException {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("x.foo.com").build();
     StringMatcher stringMatcher1 =
         StringMatcher.newBuilder().setSuffix("test.youTube.Com").setIgnoreCase(true).build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder()
             .addMatchSubjectAltNames(stringMatcher)
             .addMatchSubjectAltNames(stringMatcher1) // should match suffix test.youTube.Com
             .build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void wildcardSanInPeerCertsVerifiesMultipleVerifySans1()
           throws CertificateException, IOException {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("x.foo.com").build();
     StringMatcher stringMatcher1 =
         StringMatcher.newBuilder().setContains("est.Google.f").setIgnoreCase(true).build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder()
             .addMatchSubjectAltNames(stringMatcher)
             .addMatchSubjectAltNames(stringMatcher1) // should contain est.Google.f
             .build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void wildcardSanInPeerCertsSubdomainMismatch()
           throws CertificateException, IOException {
     // 2. Asterisk (*) cannot match across domain name labels.
@@ -489,14 +496,13 @@ public void wildcardSanInPeerCertsSubdomainMismatch()
     //    sub.test.example.com.
     StringMatcher stringMatcher =
         StringMatcher.newBuilder().setExact("sub.abc.test.youtube.com").build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -504,36 +510,36 @@ public void wildcardSanInPeerCertsSubdomainMismatch()
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneIpAddressInPeerCertsVerifies() throws CertificateException, IOException {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("x.foo.com").build();
     StringMatcher stringMatcher1 = StringMatcher.newBuilder().setExact("192.168.1.3").build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder()
             .addMatchSubjectAltNames(stringMatcher)
             .addMatchSubjectAltNames(stringMatcher1)
             .build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
-    trustManager.verifySubjectAltNameInChain(certs);
+    trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void oneIpAddressInPeerCertsMismatch() throws CertificateException, IOException {
     StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("x.foo.com").build();
     StringMatcher stringMatcher1 = StringMatcher.newBuilder().setExact("192.168.2.3").build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder()
             .addMatchSubjectAltNames(stringMatcher)
             .addMatchSubjectAltNames(stringMatcher1)
             .build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -560,7 +566,7 @@ public void checkServerTrustedSslEngineSpiffeTrustMap()
     List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
         .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
     trustManager = XdsTrustManagerFactory.createX509TrustManager(
-        ImmutableMap.of("example.com", caCerts), null);
+        ImmutableMap.of("example.com", caCerts), null, false);
     trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
     verify(sslEngine, times(1)).getHandshakeSession();
     assertThat(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
@@ -575,7 +581,7 @@ public void checkServerTrustedSslEngineSpiffeTrustMap_missing_spiffe_id()
     List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
         .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
     trustManager = XdsTrustManagerFactory.createX509TrustManager(
-        ImmutableMap.of("example.com", caCerts), null);
+        ImmutableMap.of("example.com", caCerts), null, false);
     try {
       trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
       fail("exception expected");
@@ -594,7 +600,7 @@ public void checkServerTrustedSpiffeSslEngineTrustMap_missing_trust_domain()
     List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
         .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
     trustManager = XdsTrustManagerFactory.createX509TrustManager(
-        ImmutableMap.of("unknown.com", caCerts), null);
+        ImmutableMap.of("unknown.com", caCerts), null, false);
     try {
       trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
       fail("exception expected");
@@ -612,7 +618,7 @@ public void checkClientTrustedSpiffeTrustMap()
     List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
         .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
     trustManager = XdsTrustManagerFactory.createX509TrustManager(
-        ImmutableMap.of("foo.bar.com", caCerts), null);
+        ImmutableMap.of("foo.bar.com", caCerts), null, false);
     trustManager.checkClientTrusted(clientCerts, "RSA");
   }
 
@@ -653,7 +659,7 @@ public void checkServerTrustedSslSocketSpiffeTrustMap()
     List<X509Certificate> caCerts = Arrays.asList(CertificateUtils
         .toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)));
     trustManager = XdsTrustManagerFactory.createX509TrustManager(
-        ImmutableMap.of("example.com", caCerts), null);
+        ImmutableMap.of("example.com", caCerts), null, false);
     trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslSocket);
     verify(sslSocket, times(1)).isConnected();
     verify(sslSocket, times(1)).getHandshakeSession();
@@ -678,23 +684,23 @@ public void checkServerTrustedSslSocket_untrustedServer_expectException()
   }
 
   @Test
-  public void unsupportedAltNameType() throws CertificateException, IOException {
+  @SuppressWarnings("deprecation")
+  public void unsupportedAltNameType() throws CertificateException {
     StringMatcher stringMatcher =
         StringMatcher.newBuilder()
             .setExact("waterzooi.test.google.be")
             .setIgnoreCase(false)
             .build();
-    @SuppressWarnings("deprecation")
     CertificateValidationContext certContext =
         CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate mockCert = mock(X509Certificate.class);
 
     when(mockCert.getSubjectAlternativeNames())
         .thenReturn(Collections.<List<?>>singleton(ImmutableList.of(Integer.valueOf(1), "foo")));
     X509Certificate[] certs = new X509Certificate[] {mockCert};
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       fail("no exception thrown");
     } catch (CertificateException expected) {
       assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
@@ -702,6 +708,7 @@ public void unsupportedAltNameType() throws CertificateException, IOException {
   }
 
   @Test
+  @SuppressWarnings("deprecation")
   public void testDnsWildcardPatterns()
       throws CertificateException, IOException {
     StringMatcher stringMatcher =
@@ -714,11 +721,11 @@ public void testDnsWildcardPatterns()
         CertificateValidationContext.newBuilder()
             .addMatchSubjectAltNames(stringMatcher)
             .build();
-    trustManager = new XdsX509TrustManager(certContext, mockDelegate);
+    trustManager = new XdsX509TrustManager(certContext, mockDelegate, false);
     X509Certificate[] certs =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(testParam.certFile));
     try {
-      trustManager.verifySubjectAltNameInChain(certs);
+      trustManager.verifySubjectAltNameInChain(certs, certContext.getMatchSubjectAltNamesList());
       assertThat(testParam.expected).isTrue();
     } catch (CertificateException certException) {
       assertThat(testParam.expected).isFalse();
@@ -773,7 +780,7 @@ private SSLParameters buildTrustManagerAndGetSslParameters()
     X509Certificate[] caCerts =
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE));
     trustManager = XdsTrustManagerFactory.createX509TrustManager(caCerts,
-        null);
+        null, false);
     when(mockSession.getProtocol()).thenReturn("TLSv1.2");
     when(mockSession.getPeerHost()).thenReturn("peer-host-from-mock");
     SSLParameters sslParams = new SSLParameters();

From 5c145963eb0bea285782847367d4d588037e210e Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 30 Sep 2025 13:23:08 -0700
Subject: [PATCH 398/591] Clean up ServiceBindingTest. (#12386)

- Don't store shadows in variables
- removing confusing references to uid (these tests are all about Android users, which are different)
- remove duplicated logic
---
 .../binder/internal/ServiceBindingTest.java   | 31 +++++++------------
 1 file changed, 12 insertions(+), 19 deletions(-)

diff --git a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
index 0875881dcc5..0acd7a75f22 100644
--- a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
@@ -52,7 +52,6 @@
 import org.robolectric.RobolectricTestRunner;
 import org.robolectric.annotation.Config;
 import org.robolectric.shadows.ShadowApplication;
-import org.robolectric.shadows.ShadowDevicePolicyManager;
 
 @RunWith(RobolectricTestRunner.class)
 public final class ServiceBindingTest {
@@ -365,12 +364,12 @@ public void testBindServiceAsUser_returnsErrorWhenSdkBelowR() {
   @Test
   @Config(sdk = 28)
   public void testDevicePolicyBlind_returnsErrorWhenSdkBelowR() {
-    String deviceAdminClassName = "DevicePolicyAdmin";
-    ComponentName adminComponent = new ComponentName(appContext, deviceAdminClassName);
-    allowBindDeviceAdminForUser(appContext, adminComponent, 10);
+    ComponentName adminComponent = new ComponentName(appContext, "DevicePolicyAdmin");
+    UserHandle user10 = generateUserHandle(/* userId= */ 10);
+    allowBindDeviceAdminForUser(appContext, adminComponent, user10);
     binding =
         newBuilder()
-            .setTargetUserHandle(UserHandle.getUserHandleForUid(10))
+            .setTargetUserHandle(user10)
             .setChannelCredentials(BinderChannelCredentials.forDevicePolicyAdmin(adminComponent))
             .build();
     binding.bind();
@@ -384,13 +383,12 @@ public void testDevicePolicyBlind_returnsErrorWhenSdkBelowR() {
   @Test
   @Config(sdk = 30)
   public void testBindWithDeviceAdmin() throws Exception {
-    String deviceAdminClassName = "DevicePolicyAdmin";
-    ComponentName adminComponent = new ComponentName(appContext, deviceAdminClassName);
-    allowBindDeviceAdminForUser(appContext, adminComponent, /* userId= */ 0);
+    ComponentName adminComponent = new ComponentName(appContext, "DevicePolicyAdmin");
+    UserHandle user0 = generateUserHandle(/* userId= */ 0);
+    allowBindDeviceAdminForUser(appContext, adminComponent, user0);
     binding =
         newBuilder()
-            .setTargetUserHandle(UserHandle.getUserHandleForUid(/* uid= */ 0))
-            .setTargetUserHandle(generateUserHandle(/* userId= */ 0))
+            .setTargetUserHandle(user0)
             .setChannelCredentials(BinderChannelCredentials.forDevicePolicyAdmin(adminComponent))
             .build();
     shadowOf(getMainLooper()).idle();
@@ -418,15 +416,10 @@ private void assertNoLockHeld() {
   }
 
   private static void allowBindDeviceAdminForUser(
-      Context context, ComponentName admin, int userId) {
-    ShadowDevicePolicyManager devicePolicyManager =
-        shadowOf(context.getSystemService(DevicePolicyManager.class));
-    devicePolicyManager.setDeviceOwner(admin);
-    devicePolicyManager.setBindDeviceAdminTargetUsers(
-        Arrays.asList(UserHandle.getUserHandleForUid(userId)));
-    shadowOf((DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE));
-    devicePolicyManager.setDeviceOwner(admin);
-    devicePolicyManager.setBindDeviceAdminTargetUsers(Arrays.asList(generateUserHandle(userId)));
+      Context context, ComponentName admin, UserHandle user) {
+    DevicePolicyManager devicePolicyManager = context.getSystemService(DevicePolicyManager.class);
+    shadowOf(devicePolicyManager).setBindDeviceAdminTargetUsers(Arrays.asList(user));
+    shadowOf(devicePolicyManager).setDeviceOwner(admin);
   }
 
   /** Generate UserHandles the hard way. */

From b33c17fcea482402d0cd2c3541ac5b1cce408e50 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Tue, 30 Sep 2025 23:30:58 +0200
Subject: [PATCH 399/591] api: remove nullable from StatusOr value methods
 (#12338)

It someone wants it nullable, that should be defined via the type
parameter, e.g. `StatusOr<@Nullable Foo> foo`
---
 api/src/main/java/io/grpc/StatusOr.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/io/grpc/StatusOr.java b/api/src/main/java/io/grpc/StatusOr.java
index 0f1e9da3c75..b7dd68cfd7b 100644
--- a/api/src/main/java/io/grpc/StatusOr.java
+++ b/api/src/main/java/io/grpc/StatusOr.java
@@ -33,7 +33,7 @@ private StatusOr(Status status, T value) {
   }
 
   /** Construct from a value. */
-  public static <T> StatusOr<T> fromValue(@Nullable T value) {
+  public static <T> StatusOr<T> fromValue(T value) {
     StatusOr<T> result = new StatusOr<T>(null, value);
     return result;
   }
@@ -54,7 +54,7 @@ public boolean hasValue() {
    * Returns the value if set or throws exception if there is no value set. This method is meant
    * to be called after checking the return value of hasValue() first.
    */
-  public @Nullable T getValue() {
+  public T getValue() {
     if (status != null) {
       throw new IllegalStateException("No value present.");
     }
@@ -105,6 +105,7 @@ public String toString() {
     return stringHelper.toString();
   }
 
+  @Nullable
   private final Status status;
   private final T value;
 }

From 6b83959ff47211e1f8387f2b51060d3d2c13097a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 30 Sep 2025 19:05:47 -0700
Subject: [PATCH 400/591] netty: Unconditionally disable adaptive cumulator
 (#12390)

io.netty.util.Version is unreliable, so we stop using it. grpc-netty and
grpc-netty-shaded have their version.properties mix, and you can't tell
which is which.

Changed the tests to use assume, so it is clear in the results that they
weren't run.
---
 netty/shaded/build.gradle                     |  6 ++-
 .../netty/GrpcHttp2ConnectionHandler.java     | 40 -------------------
 .../netty/NettyAdaptiveCumulatorTest.java     | 13 +++---
 3 files changed, 12 insertions(+), 47 deletions(-)

diff --git a/netty/shaded/build.gradle b/netty/shaded/build.gradle
index f805a4f4a1f..27816f9380b 100644
--- a/netty/shaded/build.gradle
+++ b/netty/shaded/build.gradle
@@ -153,7 +153,11 @@ class NettyResourceTransformer implements Transformer {
 
     @Override
     boolean canTransformResource(FileTreeElement fileTreeElement) {
-        fileTreeElement.name.startsWith("META-INF/native-image/io.netty")
+        // io.netty.versions.properties can't actually be shaded successfully,
+        // as io.netty.util.Version still looks for the unshaded name. But we
+        // keep the file for manual inspection.
+        fileTreeElement.name.startsWith("META-INF/native-image/io.netty") ||
+            fileTreeElement.name.startsWith("META-INF/io.netty.versions.properties")
     }
 
     @Override
diff --git a/netty/src/main/java/io/grpc/netty/GrpcHttp2ConnectionHandler.java b/netty/src/main/java/io/grpc/netty/GrpcHttp2ConnectionHandler.java
index a463cf01d95..ee5227484fb 100644
--- a/netty/src/main/java/io/grpc/netty/GrpcHttp2ConnectionHandler.java
+++ b/netty/src/main/java/io/grpc/netty/GrpcHttp2ConnectionHandler.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.base.Preconditions.checkState;
 
-import com.google.common.annotations.VisibleForTesting;
 import io.grpc.Attributes;
 import io.grpc.ChannelLogger;
 import io.grpc.Internal;
@@ -28,7 +27,6 @@
 import io.netty.handler.codec.http2.Http2ConnectionEncoder;
 import io.netty.handler.codec.http2.Http2ConnectionHandler;
 import io.netty.handler.codec.http2.Http2Settings;
-import io.netty.util.Version;
 import javax.annotation.Nullable;
 
 /**
@@ -36,37 +34,9 @@
  */
 @Internal
 public abstract class GrpcHttp2ConnectionHandler extends Http2ConnectionHandler {
-  static final int ADAPTIVE_CUMULATOR_COMPOSE_MIN_SIZE_DEFAULT = 1024;
-  static final Cumulator ADAPTIVE_CUMULATOR =
-      new NettyAdaptiveCumulator(ADAPTIVE_CUMULATOR_COMPOSE_MIN_SIZE_DEFAULT);
-
   @Nullable
   protected final ChannelPromise channelUnused;
   private final ChannelLogger negotiationLogger;
-  private static final boolean usingPre4_1_111_Netty;
-
-  static {
-    // Netty 4.1.111 introduced a change in the behavior of duplicate() method
-    // that breaks the assumption of the cumulator. We need to detect this version
-    // and adjust the behavior accordingly.
-
-    boolean identifiedOldVersion = false;
-    try {
-      Version version = Version.identify().get("netty-buffer");
-      if (version != null) {
-        String[] split = version.artifactVersion().split("\\.");
-        if (split.length >= 3
-            && Integer.parseInt(split[0]) == 4
-            && Integer.parseInt(split[1]) <= 1
-            && Integer.parseInt(split[2]) < 111) {
-          identifiedOldVersion = true;
-        }
-      }
-    } catch (Exception e) {
-      // Ignore, we'll assume it's a new version.
-    }
-    usingPre4_1_111_Netty = identifiedOldVersion;
-  }
 
   @SuppressWarnings("this-escape")
   protected GrpcHttp2ConnectionHandler(
@@ -78,16 +48,6 @@ protected GrpcHttp2ConnectionHandler(
     super(decoder, encoder, initialSettings);
     this.channelUnused = channelUnused;
     this.negotiationLogger = negotiationLogger;
-    if (usingPre4_1_111_Netty()) {
-      // We need to use the adaptive cumulator only if we're using a version of Netty that
-      // doesn't have the behavior that breaks it.
-      setCumulator(ADAPTIVE_CUMULATOR);
-    }
-  }
-
-  @VisibleForTesting
-  static boolean usingPre4_1_111_Netty() {
-    return usingPre4_1_111_Netty;
   }
 
   /**
diff --git a/netty/src/test/java/io/grpc/netty/NettyAdaptiveCumulatorTest.java b/netty/src/test/java/io/grpc/netty/NettyAdaptiveCumulatorTest.java
index 68dc6dc0c80..b19f247b5cf 100644
--- a/netty/src/test/java/io/grpc/netty/NettyAdaptiveCumulatorTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyAdaptiveCumulatorTest.java
@@ -52,6 +52,9 @@
 
 @RunWith(Enclosed.class)
 public class NettyAdaptiveCumulatorTest {
+  private static boolean usingPre4_1_111_Netty() {
+    return false;  // Disabled detection because it was unreliable
+  }
 
   private static Collection<Object[]> cartesianProductParams(List<?>... lists) {
     return Lists.transform(Lists.cartesianProduct(lists), List::toArray);
@@ -385,9 +388,8 @@ public void mergeWithCompositeTail_tailExpandable_reallocateInMemory() {
     }
 
     private void assertTailExpanded(String expectedTailReadableData, int expectedNewTailCapacity) {
-      if (!GrpcHttp2ConnectionHandler.usingPre4_1_111_Netty()) {
-        return; // Netty 4.1.111 doesn't work with NettyAdaptiveCumulator
-      }
+      assume().withMessage("Netty 4.1.111 doesn't work with NettyAdaptiveCumulator")
+          .that(usingPre4_1_111_Netty()).isTrue();
       int originalNumComponents = composite.numComponents();
 
       // Handle the case when reader index is beyond all readable bytes of the cumulation.
@@ -628,9 +630,8 @@ public void mergeWithCompositeTail_outOfSyncComposite() {
           alloc.compositeBuffer(8).addFlattenedComponents(true, composite1);
       assertThat(composite2.toString(US_ASCII)).isEqualTo("01234");
 
-      if (!GrpcHttp2ConnectionHandler.usingPre4_1_111_Netty()) {
-        return; // Netty 4.1.111 doesn't work with NettyAdaptiveCumulator
-      }
+      assume().withMessage("Netty 4.1.111 doesn't work with NettyAdaptiveCumulator")
+          .that(usingPre4_1_111_Netty()).isTrue();
 
       // The previous operation does not adjust the read indexes of the underlying buffers,
       // only the internal Component offsets. When the cumulator attempts to append the input to

From 7d5749f39d2d1665ad9a2fc5d6d7adf1533effdc Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 1 Oct 2025 11:37:29 +0530
Subject: [PATCH 401/591] xds: Use `unused` variable to ignore the return value
 (#12388)

Internal: cl/813142534
---
 .../internal/security/trust/XdsTrustManagerFactoryTest.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
index 0b81c9249dd..3077482b10b 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactoryTest.java
@@ -185,8 +185,8 @@ public void constructorRootCert_nonStaticContext_systemRootCerts_valid()
             DataSource.newBuilder().setFilename(TestUtils.loadCert(CA_PEM_FILE).getAbsolutePath()))
         .setSystemRootCerts(CertificateValidationContext.SystemRootCerts.getDefaultInstance())
         .build();
-    new XdsTrustManagerFactory(
-        new X509Certificate[] {x509Cert}, certValidationContext, false);
+    XdsTrustManagerFactory unused =
+        new XdsTrustManagerFactory(new X509Certificate[] {x509Cert}, certValidationContext, false);
   }
 
   @Test

From b37ee67cf7e657ee1835bf9b35490d640d7bd9fa Mon Sep 17 00:00:00 2001
From: ZachChuba <49295341+ZachChuba@users.noreply.github.com>
Date: Thu, 2 Oct 2025 14:14:22 -0400
Subject: [PATCH 402/591] Upgrade netty to 4.1.127.Final

And netty-tcnative to 2.0.74.Final. Removes CVE-2025-58057 from security reports.
---
 MODULE.bazel              | 28 ++++++++++++++--------------
 SECURITY.md               |  3 ++-
 gradle/libs.versions.toml |  4 ++--
 repositories.bzl          | 28 ++++++++++++++--------------
 4 files changed, 32 insertions(+), 31 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 83ff9eaa539..9e83053fb0b 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -23,20 +23,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.124.Final",
-    "io.netty:netty-codec-http2:4.1.124.Final",
-    "io.netty:netty-codec-http:4.1.124.Final",
-    "io.netty:netty-codec-socks:4.1.124.Final",
-    "io.netty:netty-codec:4.1.124.Final",
-    "io.netty:netty-common:4.1.124.Final",
-    "io.netty:netty-handler-proxy:4.1.124.Final",
-    "io.netty:netty-handler:4.1.124.Final",
-    "io.netty:netty-resolver:4.1.124.Final",
-    "io.netty:netty-tcnative-boringssl-static:2.0.70.Final",
-    "io.netty:netty-tcnative-classes:2.0.70.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.124.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.124.Final",
-    "io.netty:netty-transport:4.1.124.Final",
+    "io.netty:netty-buffer:4.1.127.Final",
+    "io.netty:netty-codec-http2:4.1.127.Final",
+    "io.netty:netty-codec-http:4.1.127.Final",
+    "io.netty:netty-codec-socks:4.1.127.Final",
+    "io.netty:netty-codec:4.1.127.Final",
+    "io.netty:netty-common:4.1.127.Final",
+    "io.netty:netty-handler-proxy:4.1.127.Final",
+    "io.netty:netty-handler:4.1.127.Final",
+    "io.netty:netty-resolver:4.1.127.Final",
+    "io.netty:netty-tcnative-boringssl-static:2.0.74.Final",
+    "io.netty:netty-tcnative-classes:2.0.74.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.127.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.127.Final",
+    "io.netty:netty-transport:4.1.127.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
diff --git a/SECURITY.md b/SECURITY.md
index 1555882c3c6..c0ef797238f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -397,7 +397,8 @@ grpc-netty version | netty-handler version | netty-tcnative-boringssl-static ver
 1.60.x-1.66.x      | 4.1.100.Final         | 2.0.61.Final
 1.67.x-1.70.x      | 4.1.110.Final         | 2.0.65.Final
 1.71.x-1.74.x      | 4.1.110.Final         | 2.0.70.Final
-1.75.x-            | 4.1.124.Final         | 2.0.72.Final
+1.75.x-1.76.x      | 4.1.124.Final         | 2.0.72.Final
+1.77.x-            | 4.1.127.Final         | 2.0.74.Final
 
 _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_
 
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index cb5dce02843..bf03cc6e18e 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,8 +1,8 @@
 [versions]
-netty = '4.1.124.Final'
+netty = '4.1.127.Final'
 # Keep the following references of tcnative version in sync whenever it's updated:
 #   SECURITY.md
-nettytcnative = '2.0.72.Final'
+nettytcnative = '2.0.74.Final'
 opencensus = "0.31.1"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
diff --git a/repositories.bzl b/repositories.bzl
index 4b9d0327b66..2c9b0d46bb6 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -27,20 +27,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.2",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.124.Final",
-    "io.netty:netty-codec-http2:4.1.124.Final",
-    "io.netty:netty-codec-http:4.1.124.Final",
-    "io.netty:netty-codec-socks:4.1.124.Final",
-    "io.netty:netty-codec:4.1.124.Final",
-    "io.netty:netty-common:4.1.124.Final",
-    "io.netty:netty-handler-proxy:4.1.124.Final",
-    "io.netty:netty-handler:4.1.124.Final",
-    "io.netty:netty-resolver:4.1.124.Final",
-    "io.netty:netty-tcnative-boringssl-static:2.0.70.Final",
-    "io.netty:netty-tcnative-classes:2.0.70.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.124.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.124.Final",
-    "io.netty:netty-transport:4.1.124.Final",
+    "io.netty:netty-buffer:4.1.127.Final",
+    "io.netty:netty-codec-http2:4.1.127.Final",
+    "io.netty:netty-codec-http:4.1.127.Final",
+    "io.netty:netty-codec-socks:4.1.127.Final",
+    "io.netty:netty-codec:4.1.127.Final",
+    "io.netty:netty-common:4.1.127.Final",
+    "io.netty:netty-handler-proxy:4.1.127.Final",
+    "io.netty:netty-handler:4.1.127.Final",
+    "io.netty:netty-resolver:4.1.127.Final",
+    "io.netty:netty-tcnative-boringssl-static:2.0.74.Final",
+    "io.netty:netty-tcnative-classes:2.0.74.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.127.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.127.Final",
+    "io.netty:netty-transport:4.1.127.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",

From f96ce0670fbe2f2a71b76ccda770e52b1affc063 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 3 Oct 2025 13:44:43 -0700
Subject: [PATCH 403/591] Remove experimental bindAsUser() method, deprecated
 since 1.69 (#12401)

---
 .../io/grpc/binder/BinderChannelBuilder.java  | 28 -------------------
 .../internal/BinderClientTransport.java       |  4 +--
 .../BinderClientTransportFactory.java         | 10 -------
 3 files changed, 1 insertion(+), 41 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
index 18928339fbd..9a20d35ddb5 100644
--- a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
+++ b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
@@ -20,8 +20,6 @@
 import static com.google.common.base.Preconditions.checkState;
 
 import android.content.Context;
-import android.os.UserHandle;
-import androidx.annotation.RequiresApi;
 import com.google.errorprone.annotations.DoNotCall;
 import io.grpc.ExperimentalApi;
 import io.grpc.ForwardingChannelBuilder;
@@ -235,32 +233,6 @@ public BinderChannelBuilder securityPolicy(SecurityPolicy securityPolicy) {
     return this;
   }
 
-  /**
-   * Specifies the {@link UserHandle} to be searched for the remote Android Service by default.
-   *
-   * <p>Used only as a fallback if the direct or resolved {@link AndroidComponentAddress} doesn't
-   * specify a {@link UserHandle}. If neither the Channel nor the {@link AndroidComponentAddress}
-   * specifies a target user, the {@link UserHandle} of the current process will be used.
-   *
-   * <p>Connecting to a server in a different Android user is uncommon and can only be done by a
-   * "system app" client with special permissions. See {@link
-   * AndroidComponentAddress.Builder#setTargetUser(UserHandle)} for details.
-   *
-   * @deprecated This method's name is misleading because it implies an impersonated client identity
-   *     when it's actually specifying part of the server's location. It's also no longer necessary
-   *     since the target user is part of {@link AndroidComponentAddress}. Prefer to specify target
-   *     user in the address instead, either directly or via a {@link io.grpc.NameResolverProvider}.
-   * @param targetUserHandle the target user to bind into.
-   * @return this
-   */
-  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
-  @RequiresApi(30)
-  @Deprecated
-  public BinderChannelBuilder bindAsUser(UserHandle targetUserHandle) {
-    transportFactoryBuilder.setDefaultTargetUserHandle(targetUserHandle);
-    return this;
-  }
-
   /** Sets the policy for inbound parcelable objects. */
   public BinderChannelBuilder inboundParcelablePolicy(
       InboundParcelablePolicy inboundParcelablePolicy) {
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index 144ad56eec3..6b68552722c 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -131,9 +131,7 @@ public BinderClientTransport(
             factory.sourceContext,
             factory.channelCredentials,
             targetAddress.asBindIntent(),
-            targetAddress.getTargetUser() != null
-                ? targetAddress.getTargetUser()
-                : factory.defaultTargetUserHandle,
+            targetAddress.getTargetUser(),
             factory.bindServiceFlags.toInteger(),
             this);
   }
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
index 3f51452c90c..e156a6a7b92 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
@@ -18,7 +18,6 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import android.content.Context;
-import android.os.UserHandle;
 import androidx.core.content.ContextCompat;
 import io.grpc.ChannelCredentials;
 import io.grpc.ChannelLogger;
@@ -39,7 +38,6 @@
 import java.util.Collections;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
-import javax.annotation.Nullable;
 
 /** Creates new binder transports. */
 @Internal
@@ -50,7 +48,6 @@ public final class BinderClientTransportFactory implements ClientTransportFactor
   final ObjectPool<ScheduledExecutorService> scheduledExecutorPool;
   final ObjectPool<? extends Executor> offloadExecutorPool;
   final SecurityPolicy securityPolicy;
-  @Nullable final UserHandle defaultTargetUserHandle;
   final BindServiceFlags bindServiceFlags;
   final InboundParcelablePolicy inboundParcelablePolicy;
   final OneWayBinderProxy.Decorator binderDecorator;
@@ -71,7 +68,6 @@ private BinderClientTransportFactory(Builder builder) {
     scheduledExecutorPool = checkNotNull(builder.scheduledExecutorPool);
     offloadExecutorPool = checkNotNull(builder.offloadExecutorPool);
     securityPolicy = checkNotNull(builder.securityPolicy);
-    defaultTargetUserHandle = builder.defaultTargetUserHandle;
     bindServiceFlags = checkNotNull(builder.bindServiceFlags);
     inboundParcelablePolicy = checkNotNull(builder.inboundParcelablePolicy);
     binderDecorator = checkNotNull(builder.binderDecorator);
@@ -125,7 +121,6 @@ public static final class Builder implements ClientTransportFactoryBuilder {
     ObjectPool<ScheduledExecutorService> scheduledExecutorPool =
         SharedResourcePool.forResource(GrpcUtil.TIMER_SERVICE);
     SecurityPolicy securityPolicy = SecurityPolicies.internalOnly();
-    @Nullable UserHandle defaultTargetUserHandle;
     BindServiceFlags bindServiceFlags = BindServiceFlags.DEFAULTS;
     InboundParcelablePolicy inboundParcelablePolicy = InboundParcelablePolicy.DEFAULT;
     OneWayBinderProxy.Decorator binderDecorator = OneWayBinderProxy.IDENTITY_DECORATOR;
@@ -172,11 +167,6 @@ public Builder setSecurityPolicy(SecurityPolicy securityPolicy) {
       return this;
     }
 
-    public Builder setDefaultTargetUserHandle(@Nullable UserHandle defaultTargetUserHandle) {
-      this.defaultTargetUserHandle = defaultTargetUserHandle;
-      return this;
-    }
-
     public Builder setBindServiceFlags(BindServiceFlags bindServiceFlags) {
       this.bindServiceFlags = checkNotNull(bindServiceFlags, "bindServiceFlags");
       return this;

From 349a35a9b121f744a47caa9c6be293e2f33ade33 Mon Sep 17 00:00:00 2001
From: vimanikag <viswakarma18rc@gmail.com>
Date: Tue, 7 Oct 2025 02:22:23 +0530
Subject: [PATCH 404/591] android: Fix UdsChannelBuilder with WiFi Proxy

We want to avoid "[{0}] Failed to resolve name. status={1}" I/O failures
for UDS channels when WiFi Proxies are enabled, as it should be local
communication.

Fixes #11922
---
 android/src/main/java/io/grpc/android/UdsChannelBuilder.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/android/src/main/java/io/grpc/android/UdsChannelBuilder.java b/android/src/main/java/io/grpc/android/UdsChannelBuilder.java
index 7d41301704c..6f03aa0ee5e 100644
--- a/android/src/main/java/io/grpc/android/UdsChannelBuilder.java
+++ b/android/src/main/java/io/grpc/android/UdsChannelBuilder.java
@@ -21,6 +21,7 @@
 import io.grpc.ExperimentalApi;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.ManagedChannelBuilder;
+import io.grpc.internal.GrpcUtil;
 import java.lang.reflect.InvocationTargetException;
 import javax.annotation.Nullable;
 import javax.net.SocketFactory;
@@ -81,7 +82,7 @@ public static ManagedChannelBuilder<?> forPath(String path, Namespace namespace)
       OKHTTP_CHANNEL_BUILDER_CLASS
           .getMethod("socketFactory", SocketFactory.class)
           .invoke(builder, new UdsSocketFactory(path, namespace));
-      return builder;
+      return builder.proxyDetector(GrpcUtil.NOOP_PROXY_DETECTOR);
     } catch (IllegalAccessException e) {
       throw new RuntimeException("Failed to create OkHttpChannelBuilder", e);
     } catch (NoSuchMethodException e) {

From 032d2928ebfacc4c5a237e21233acdff9a62416b Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Mon, 13 Oct 2025 13:27:31 +0530
Subject: [PATCH 405/591] xds: ORCA to LRS propagation changes (#12203)

Implements gRFC A85 (https://github.com/grpc/proposal/pull/454).
---
 .../java/io/grpc/xds/CdsLoadBalancer2.java    |   6 +-
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |  24 ++-
 .../xds/ClusterImplLoadBalancerProvider.java  |   7 +-
 .../grpc/xds/ClusterResolverLoadBalancer.java |   3 +-
 .../ClusterResolverLoadBalancerProvider.java  |  24 ++-
 .../java/io/grpc/xds/XdsClusterResource.java  |  33 +++-
 .../xds/client/BackendMetricPropagation.java  | 133 +++++++++++++++
 .../io/grpc/xds/client/LoadStatsManager2.java |  65 +++++++-
 .../java/io/grpc/xds/client/XdsClient.java    |  17 ++
 .../io/grpc/xds/client/XdsClientImpl.java     |  15 +-
 .../io/grpc/xds/CdsLoadBalancer2Test.java     |  12 +-
 .../grpc/xds/ClusterImplLoadBalancerTest.java | 154 +++++++++++++++---
 .../xds/ClusterResolverLoadBalancerTest.java  |  27 ++-
 .../grpc/xds/GcpAuthenticationFilterTest.java |   6 +-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |  39 +++++
 .../io/grpc/xds/XdsClientFederationTest.java  |   1 -
 .../java/io/grpc/xds/XdsNameResolverTest.java |   2 +-
 .../test/java/io/grpc/xds/XdsTestUtils.java   |   2 +-
 .../client/BackendMetricPropagationTest.java  | 151 +++++++++++++++++
 .../xds/client/LoadStatsManager2Test.java     |  54 ++++++
 20 files changed, 707 insertions(+), 68 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/client/BackendMetricPropagation.java
 create mode 100644 xds/src/test/java/io/grpc/xds/client/BackendMetricPropagationTest.java

diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
index 87963476265..688626d9b3d 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
@@ -122,7 +122,8 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
             result.maxConcurrentRequests(),
             result.upstreamTlsContext(),
             result.filterMetadata(),
-            result.outlierDetection());
+            result.outlierDetection(),
+            result.backendMetricPropagation());
       } else {
         instance = DiscoveryMechanism.forLogicalDns(
             clusterName,
@@ -130,7 +131,8 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
             result.lrsServerInfo(),
             result.maxConcurrentRequests(),
             result.upstreamTlsContext(),
-            result.filterMetadata());
+            result.filterMetadata(),
+            result.backendMetricPropagation());
       }
       gracefulConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
           lbRegistry.getProvider(CLUSTER_RESOLVER_POLICY_NAME),
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index a506977d952..00fe736761b 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.xds.client.LoadStatsManager2.isEnabledOrcaLrsPropagation;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;
@@ -46,6 +47,7 @@
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.ThreadSafeRandom.ThreadSafeRandomImpl;
 import io.grpc.xds.XdsNameResolverProvider.CallCounterProvider;
+import io.grpc.xds.client.BackendMetricPropagation;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.LoadStatsManager2.ClusterDropStats;
 import io.grpc.xds.client.LoadStatsManager2.ClusterLocalityStats;
@@ -149,6 +151,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     childLbHelper.updateMaxConcurrentRequests(config.maxConcurrentRequests);
     childLbHelper.updateSslContextProviderSupplier(config.tlsContext);
     childLbHelper.updateFilterMetadata(config.filterMetadata);
+    childLbHelper.updateBackendMetricPropagation(config.backendMetricPropagation);
 
     childSwitchLb.handleResolvedAddresses(
         resolvedAddresses.toBuilder()
@@ -209,6 +212,8 @@ private final class ClusterImplLbHelper extends ForwardingLoadBalancerHelper {
     private Map<String, Struct> filterMetadata = ImmutableMap.of();
     @Nullable
     private final ServerInfo lrsServerInfo;
+    @Nullable
+    private BackendMetricPropagation backendMetricPropagation;
 
     private ClusterImplLbHelper(AtomicLong inFlights, @Nullable ServerInfo lrsServerInfo) {
       this.inFlights = checkNotNull(inFlights, "inFlights");
@@ -321,7 +326,7 @@ private ClusterLocality createClusterLocalityFromAttributes(Attributes addressAt
           (lrsServerInfo == null)
               ? null
               : xdsClient.addClusterLocalityStats(lrsServerInfo, cluster,
-                  edsServiceName, locality);
+                  edsServiceName, locality, backendMetricPropagation);
 
       return new ClusterLocality(localityStats, localityName);
     }
@@ -371,6 +376,11 @@ private void updateFilterMetadata(Map<String, Struct> filterMetadata) {
       this.filterMetadata = ImmutableMap.copyOf(filterMetadata);
     }
 
+    private void updateBackendMetricPropagation(
+        @Nullable BackendMetricPropagation backendMetricPropagation) {
+      this.backendMetricPropagation = backendMetricPropagation;
+    }
+
     private class RequestLimitingSubchannelPicker extends SubchannelPicker {
       private final SubchannelPicker delegate;
       private final List<DropOverload> dropPolicies;
@@ -506,11 +516,19 @@ private OrcaPerRpcListener(ClusterLocalityStats stats) {
     }
 
     /**
-     * Copies {@link MetricReport#getNamedMetrics()} to {@link ClusterLocalityStats} such that it is
-     * included in the snapshot for the LRS report sent to the LRS server.
+     * Copies ORCA metrics from {@link MetricReport} to {@link ClusterLocalityStats}
+     * such that they are included in the snapshot for the LRS report sent to the LRS server.
+     * This includes both top-level metrics (CPU, memory, application utilization) and named
+     * metrics, filtered according to the backend metric propagation configuration.
      */
     @Override
     public void onLoadReport(MetricReport report) {
+      if (isEnabledOrcaLrsPropagation) {
+        stats.recordTopLevelMetrics(
+            report.getCpuUtilization(),
+            report.getMemoryUtilization(),
+            report.getApplicationUtilization());
+      }
       stats.recordBackendLoadMetricStats(report.getNamedMetrics());
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancerProvider.java
index 4c9c14ba5f5..f369c3b99b4 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancerProvider.java
@@ -31,6 +31,7 @@
 import io.grpc.Status;
 import io.grpc.xds.Endpoints.DropOverload;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
+import io.grpc.xds.client.BackendMetricPropagation;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -98,11 +99,14 @@ static final class ClusterImplConfig {
     // Provides the direct child policy and its config.
     final Object childConfig;
     final Map<String, Struct> filterMetadata;
+    @Nullable
+    final BackendMetricPropagation backendMetricPropagation;
 
     ClusterImplConfig(String cluster, @Nullable String edsServiceName,
         @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
         List<DropOverload> dropCategories, Object childConfig,
-        @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata) {
+        @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata,
+        @Nullable BackendMetricPropagation backendMetricPropagation) {
       this.cluster = checkNotNull(cluster, "cluster");
       this.edsServiceName = edsServiceName;
       this.lrsServerInfo = lrsServerInfo;
@@ -112,6 +116,7 @@ static final class ClusterImplConfig {
       this.dropCategories = Collections.unmodifiableList(
           new ArrayList<>(checkNotNull(dropCategories, "dropCategories")));
       this.childConfig = checkNotNull(childConfig, "childConfig");
+      this.backendMetricPropagation = backendMetricPropagation;
     }
 
     @Override
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index 4c4092632bf..6cfed96a54e 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -44,6 +44,7 @@
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
 import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
+// import io.grpc.xds.client.BackendMetricPropagation;]
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
@@ -336,7 +337,7 @@ private static Map<String, PriorityChildConfig> generatePriorityChildConfigs(
           new ClusterImplConfig(
               discovery.cluster, discovery.edsServiceName, discovery.lrsServerInfo,
               discovery.maxConcurrentRequests, dropOverloads, endpointLbConfig,
-              discovery.tlsContext, discovery.filterMetadata);
+              discovery.tlsContext, discovery.filterMetadata, discovery.backendMetricPropagation);
       LoadBalancerProvider clusterImplLbProvider =
           lbRegistry.getProvider(XdsLbPolicies.CLUSTER_IMPL_POLICY_NAME);
       Object priorityChildPolicy = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
index 8cff272fcba..f6f92a7a9a7 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
@@ -30,6 +30,7 @@
 import io.grpc.Status;
 import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
+import io.grpc.xds.client.BackendMetricPropagation;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import java.util.Map;
 import java.util.Objects;
@@ -152,6 +153,8 @@ static final class DiscoveryMechanism {
       @Nullable
       final OutlierDetection outlierDetection;
       final Map<String, Struct> filterMetadata;
+      @Nullable
+      final BackendMetricPropagation backendMetricPropagation;
 
       enum Type {
         EDS,
@@ -161,7 +164,8 @@ enum Type {
       private DiscoveryMechanism(String cluster, Type type, @Nullable String edsServiceName,
           @Nullable String dnsHostName, @Nullable ServerInfo lrsServerInfo,
           @Nullable Long maxConcurrentRequests, @Nullable UpstreamTlsContext tlsContext,
-          Map<String, Struct> filterMetadata, @Nullable OutlierDetection outlierDetection) {
+          Map<String, Struct> filterMetadata, @Nullable OutlierDetection outlierDetection,
+          @Nullable BackendMetricPropagation backendMetricPropagation) {
         this.cluster = checkNotNull(cluster, "cluster");
         this.type = checkNotNull(type, "type");
         this.edsServiceName = edsServiceName;
@@ -171,27 +175,33 @@ private DiscoveryMechanism(String cluster, Type type, @Nullable String edsServic
         this.tlsContext = tlsContext;
         this.filterMetadata = ImmutableMap.copyOf(checkNotNull(filterMetadata, "filterMetadata"));
         this.outlierDetection = outlierDetection;
+        this.backendMetricPropagation = backendMetricPropagation;
       }
 
       static DiscoveryMechanism forEds(String cluster, @Nullable String edsServiceName,
           @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
           @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata,
-          OutlierDetection outlierDetection) {
-        return new DiscoveryMechanism(cluster, Type.EDS, edsServiceName, null, lrsServerInfo,
-            maxConcurrentRequests, tlsContext, filterMetadata, outlierDetection);
+          OutlierDetection outlierDetection,
+          @Nullable BackendMetricPropagation backendMetricPropagation) {
+        return new DiscoveryMechanism(cluster, Type.EDS, edsServiceName,
+            null, lrsServerInfo, maxConcurrentRequests, tlsContext,
+            filterMetadata, outlierDetection, backendMetricPropagation);
       }
 
       static DiscoveryMechanism forLogicalDns(String cluster, String dnsHostName,
           @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
-          @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata) {
+          @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata,
+          @Nullable BackendMetricPropagation backendMetricPropagation) {
         return new DiscoveryMechanism(cluster, Type.LOGICAL_DNS, null, dnsHostName,
-            lrsServerInfo, maxConcurrentRequests, tlsContext, filterMetadata, null);
+            lrsServerInfo, maxConcurrentRequests, tlsContext, filterMetadata, null,
+            backendMetricPropagation);
       }
 
       @Override
       public int hashCode() {
         return Objects.hash(cluster, type, lrsServerInfo, maxConcurrentRequests, tlsContext,
-            edsServiceName, dnsHostName, filterMetadata, outlierDetection);
+            edsServiceName, dnsHostName, filterMetadata,
+            outlierDetection, backendMetricPropagation);
       }
 
       @Override
diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index a5220515b6c..54089491671 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.xds.client.Bootstrapper.ServerInfo;
+import static io.grpc.xds.client.LoadStatsManager2.isEnabledOrcaLrsPropagation;
 
 import com.google.auto.value.AutoValue;
 import com.google.common.annotations.VisibleForTesting;
@@ -47,6 +48,7 @@
 import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
+import io.grpc.xds.client.BackendMetricPropagation;
 import io.grpc.xds.client.XdsClient.ResourceUpdate;
 import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.internal.security.CommonTlsContextUtil;
@@ -227,6 +229,12 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
     UpstreamTlsContext upstreamTlsContext = null;
     OutlierDetection outlierDetection = null;
     boolean isHttp11ProxyAvailable = false;
+    BackendMetricPropagation backendMetricPropagation = null;
+
+    if (isEnabledOrcaLrsPropagation) {
+      backendMetricPropagation = BackendMetricPropagation.fromMetricSpecs(
+          cluster.getLrsReportEndpointMetricsList());
+    }
     if (cluster.hasLrsServer()) {
       if (!cluster.getLrsServer().hasSelf()) {
         return StructOrError.fromError(
@@ -326,7 +334,7 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
 
       return StructOrError.fromStruct(CdsUpdate.forEds(
           clusterName, edsServiceName, lrsServerInfo, maxConcurrentRequests, upstreamTlsContext,
-          outlierDetection, isHttp11ProxyAvailable));
+          outlierDetection, isHttp11ProxyAvailable, backendMetricPropagation));
     } else if (type.equals(Cluster.DiscoveryType.LOGICAL_DNS)) {
       if (!cluster.hasLoadAssignment()) {
         return StructOrError.fromError(
@@ -362,7 +370,7 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
           Locale.US, "%s:%d", socketAddress.getAddress(), socketAddress.getPortValue());
       return StructOrError.fromStruct(CdsUpdate.forLogicalDns(
           clusterName, dnsHostName, lrsServerInfo, maxConcurrentRequests,
-          upstreamTlsContext, isHttp11ProxyAvailable));
+          upstreamTlsContext, isHttp11ProxyAvailable, backendMetricPropagation));
     }
     return StructOrError.fromError(
         "Cluster " + clusterName + ": unsupported built-in discovery type: " + type);
@@ -614,6 +622,9 @@ abstract static class CdsUpdate implements ResourceUpdate {
 
     abstract ImmutableMap<String, Object> parsedMetadata();
 
+    @Nullable
+    abstract BackendMetricPropagation backendMetricPropagation();
+
     private static Builder newBuilder(String clusterName) {
       return new AutoValue_XdsClusterResource_CdsUpdate.Builder()
           .clusterName(clusterName)
@@ -622,7 +633,8 @@ private static Builder newBuilder(String clusterName) {
           .choiceCount(0)
           .filterMetadata(ImmutableMap.of())
           .parsedMetadata(ImmutableMap.of())
-          .isHttp11ProxyAvailable(false);
+          .isHttp11ProxyAvailable(false)
+          .backendMetricPropagation(null);
     }
 
     static Builder forAggregate(String clusterName, List<String> prioritizedClusterNames) {
@@ -636,7 +648,8 @@ static Builder forEds(String clusterName, @Nullable String edsServiceName,
                           @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
                           @Nullable UpstreamTlsContext upstreamTlsContext,
                           @Nullable OutlierDetection outlierDetection,
-                          boolean isHttp11ProxyAvailable) {
+                          boolean isHttp11ProxyAvailable,
+                          BackendMetricPropagation backendMetricPropagation) {
       return newBuilder(clusterName)
           .clusterType(ClusterType.EDS)
           .edsServiceName(edsServiceName)
@@ -644,21 +657,24 @@ static Builder forEds(String clusterName, @Nullable String edsServiceName,
           .maxConcurrentRequests(maxConcurrentRequests)
           .upstreamTlsContext(upstreamTlsContext)
           .outlierDetection(outlierDetection)
-          .isHttp11ProxyAvailable(isHttp11ProxyAvailable);
+          .isHttp11ProxyAvailable(isHttp11ProxyAvailable)
+          .backendMetricPropagation(backendMetricPropagation);
     }
 
     static Builder forLogicalDns(String clusterName, String dnsHostName,
                                  @Nullable ServerInfo lrsServerInfo,
                                  @Nullable Long maxConcurrentRequests,
                                  @Nullable UpstreamTlsContext upstreamTlsContext,
-                                 boolean isHttp11ProxyAvailable) {
+                                 boolean isHttp11ProxyAvailable,
+                                 BackendMetricPropagation backendMetricPropagation) {
       return newBuilder(clusterName)
           .clusterType(ClusterType.LOGICAL_DNS)
           .dnsHostName(dnsHostName)
           .lrsServerInfo(lrsServerInfo)
           .maxConcurrentRequests(maxConcurrentRequests)
           .upstreamTlsContext(upstreamTlsContext)
-          .isHttp11ProxyAvailable(isHttp11ProxyAvailable);
+          .isHttp11ProxyAvailable(isHttp11ProxyAvailable)
+          .backendMetricPropagation(backendMetricPropagation);
     }
 
     enum ClusterType {
@@ -749,6 +765,9 @@ Builder leastRequestLbPolicy(Integer choiceCount) {
 
       protected abstract Builder parsedMetadata(ImmutableMap<String, Object> parsedMetadata);
 
+      protected abstract Builder backendMetricPropagation(
+          BackendMetricPropagation backendMetricPropagation);
+
       abstract CdsUpdate build();
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/client/BackendMetricPropagation.java b/xds/src/main/java/io/grpc/xds/client/BackendMetricPropagation.java
new file mode 100644
index 00000000000..f0e2c9484b4
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/client/BackendMetricPropagation.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.client;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.collect.ImmutableSet;
+import io.grpc.Internal;
+import java.util.Objects;
+import javax.annotation.Nullable;
+
+/**
+ * Represents the configuration for which ORCA metrics should be propagated from backend
+ * to LRS load reports, as defined in gRFC A85.
+ */
+@Internal
+public final class BackendMetricPropagation {
+
+  public final boolean propagateCpuUtilization;
+  public final boolean propagateMemUtilization;
+  public final boolean propagateApplicationUtilization;
+
+  private final boolean propagateAllNamedMetrics;
+  private final ImmutableSet<String> namedMetricKeys;
+
+  private BackendMetricPropagation(
+      boolean propagateCpuUtilization,
+      boolean propagateMemUtilization,
+      boolean propagateApplicationUtilization,
+      boolean propagateAllNamedMetrics,
+      ImmutableSet<String> namedMetricKeys) {
+    this.propagateCpuUtilization = propagateCpuUtilization;
+    this.propagateMemUtilization = propagateMemUtilization;
+    this.propagateApplicationUtilization = propagateApplicationUtilization;
+    this.propagateAllNamedMetrics = propagateAllNamedMetrics;
+    this.namedMetricKeys = checkNotNull(namedMetricKeys, "namedMetricKeys");
+  }
+
+  /**
+   * Creates a BackendMetricPropagation from a list of metric specifications.
+   *
+   * @param metricSpecs list of metric specification strings from CDS resource
+   * @return BackendMetricPropagation instance
+   */
+  public static BackendMetricPropagation fromMetricSpecs(
+      @Nullable java.util.List<String> metricSpecs) {
+    if (metricSpecs == null || metricSpecs.isEmpty()) {
+      return new BackendMetricPropagation(false, false, false, false, ImmutableSet.of());
+    }
+
+    boolean propagateCpuUtilization = false;
+    boolean propagateMemUtilization = false;
+    boolean propagateApplicationUtilization = false;
+    boolean propagateAllNamedMetrics = false;
+    ImmutableSet.Builder<String> namedMetricKeysBuilder = ImmutableSet.builder();
+    for (String spec : metricSpecs) {
+      if (spec == null) {
+        continue;
+      }
+      switch (spec) {
+        case "cpu_utilization":
+          propagateCpuUtilization = true;
+          break;
+        case "mem_utilization":
+          propagateMemUtilization = true;
+          break;
+        case "application_utilization":
+          propagateApplicationUtilization = true;
+          break;
+        case "named_metrics.*":
+          propagateAllNamedMetrics = true;
+          break;
+        default:
+          if (spec.startsWith("named_metrics.")) {
+            String metricKey = spec.substring("named_metrics.".length());
+            if (!metricKey.isEmpty()) {
+              namedMetricKeysBuilder.add(metricKey);
+            }
+          }
+      }
+    }
+
+    return new BackendMetricPropagation(
+        propagateCpuUtilization,
+        propagateMemUtilization,
+        propagateApplicationUtilization,
+        propagateAllNamedMetrics,
+        namedMetricKeysBuilder.build());
+  }
+
+  /**
+   * Returns whether the given named metric key should be propagated.
+   */
+  public boolean shouldPropagateNamedMetric(String metricKey) {
+    return propagateAllNamedMetrics || namedMetricKeys.contains(metricKey);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    BackendMetricPropagation that = (BackendMetricPropagation) o;
+    return propagateCpuUtilization == that.propagateCpuUtilization
+        && propagateMemUtilization == that.propagateMemUtilization
+        && propagateApplicationUtilization == that.propagateApplicationUtilization
+        && propagateAllNamedMetrics == that.propagateAllNamedMetrics
+        && Objects.equals(namedMetricKeys, that.namedMetricKeys);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(propagateCpuUtilization, propagateMemUtilization,
+        propagateApplicationUtilization, propagateAllNamedMetrics, namedMetricKeys);
+  }
+}
\ No newline at end of file
diff --git a/xds/src/main/java/io/grpc/xds/client/LoadStatsManager2.java b/xds/src/main/java/io/grpc/xds/client/LoadStatsManager2.java
index be9d3587d14..cd858dccd99 100644
--- a/xds/src/main/java/io/grpc/xds/client/LoadStatsManager2.java
+++ b/xds/src/main/java/io/grpc/xds/client/LoadStatsManager2.java
@@ -25,6 +25,7 @@
 import com.google.common.collect.Sets;
 import io.grpc.Internal;
 import io.grpc.Status;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.xds.client.Stats.BackendLoadMetricStats;
 import io.grpc.xds.client.Stats.ClusterStats;
 import io.grpc.xds.client.Stats.DroppedRequests;
@@ -57,6 +58,8 @@ public final class LoadStatsManager2 {
   private final Map<String, Map<String,
       Map<Locality, ReferenceCounted<ClusterLocalityStats>>>> allLoadStats = new HashMap<>();
   private final Supplier<Stopwatch> stopwatchSupplier;
+  public static boolean isEnabledOrcaLrsPropagation =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION", false);
 
   @VisibleForTesting
   public LoadStatsManager2(Supplier<Stopwatch> stopwatchSupplier) {
@@ -98,13 +101,20 @@ private synchronized void releaseClusterDropCounter(
 
   /**
    * Gets or creates the stats object for recording loads for the specified locality (in the
-   * specified cluster with edsServiceName). The returned object is reference counted and the
-   * caller should use {@link ClusterLocalityStats#release} to release its <i>hard</i> reference
+   * specified cluster with edsServiceName) with the specified backend metric propagation
+   * configuration. The returned object is reference counted and the caller should
+   * use {@link ClusterLocalityStats#release} to release its <i>hard</i> reference
    * when it is safe to discard the future stats for the locality.
    */
   @VisibleForTesting
   public synchronized ClusterLocalityStats getClusterLocalityStats(
       String cluster, @Nullable String edsServiceName, Locality locality) {
+    return getClusterLocalityStats(cluster, edsServiceName, locality, null);
+  }
+
+  public synchronized ClusterLocalityStats getClusterLocalityStats(
+      String cluster, @Nullable String edsServiceName, Locality locality,
+      @Nullable BackendMetricPropagation backendMetricPropagation) {
     if (!allLoadStats.containsKey(cluster)) {
       allLoadStats.put(
           cluster,
@@ -121,8 +131,8 @@ public synchronized ClusterLocalityStats getClusterLocalityStats(
     if (!localityStats.containsKey(locality)) {
       localityStats.put(
           locality,
-          ReferenceCounted.wrap(new ClusterLocalityStats(
-              cluster, edsServiceName, locality, stopwatchSupplier.get())));
+          ReferenceCounted.wrap(new ClusterLocalityStats(cluster, edsServiceName,
+              locality, stopwatchSupplier.get(), backendMetricPropagation)));
     }
     ReferenceCounted<ClusterLocalityStats> ref = localityStats.get(locality);
     ref.retain();
@@ -325,6 +335,8 @@ public final class ClusterLocalityStats {
     private final String edsServiceName;
     private final Locality locality;
     private final Stopwatch stopwatch;
+    @Nullable
+    private final BackendMetricPropagation backendMetricPropagation;
     private final AtomicLong callsInProgress = new AtomicLong();
     private final AtomicLong callsSucceeded = new AtomicLong();
     private final AtomicLong callsFailed = new AtomicLong();
@@ -333,11 +345,12 @@ public final class ClusterLocalityStats {
 
     private ClusterLocalityStats(
         String clusterName, @Nullable String edsServiceName, Locality locality,
-        Stopwatch stopwatch) {
+        Stopwatch stopwatch, BackendMetricPropagation backendMetricPropagation) {
       this.clusterName = checkNotNull(clusterName, "clusterName");
       this.edsServiceName = edsServiceName;
       this.locality = checkNotNull(locality, "locality");
       this.stopwatch = checkNotNull(stopwatch, "stopwatch");
+      this.backendMetricPropagation = backendMetricPropagation;
       stopwatch.reset().start();
     }
 
@@ -367,17 +380,51 @@ public void recordCallFinished(Status status) {
      * requests counter of 1 and the {@code value} if the key is not present in the map. Otherwise,
      * increments the finished requests counter and adds the {@code value} to the existing
      * {@link BackendLoadMetricStats}.
+     * Metrics are filtered based on the backend metric propagation configuration if configured.
      */
     public synchronized void recordBackendLoadMetricStats(Map<String, Double> namedMetrics) {
+      if (!isEnabledOrcaLrsPropagation) {
+        namedMetrics.forEach((name, value) -> updateLoadMetricStats(name, value));
+        return;
+      }
+
       namedMetrics.forEach((name, value) -> {
-        if (!loadMetricStatsMap.containsKey(name)) {
-          loadMetricStatsMap.put(name, new BackendLoadMetricStats(1, value));
-        } else {
-          loadMetricStatsMap.get(name).addMetricValueAndIncrementRequestsFinished(value);
+        if (backendMetricPropagation.shouldPropagateNamedMetric(name)) {
+          updateLoadMetricStats("named_metrics." + name, value);
         }
       });
     }
 
+    private void updateLoadMetricStats(String metricName, double value) {
+      if (!loadMetricStatsMap.containsKey(metricName)) {
+        loadMetricStatsMap.put(metricName, new BackendLoadMetricStats(1, value));
+      } else {
+        loadMetricStatsMap.get(metricName).addMetricValueAndIncrementRequestsFinished(value);
+      }
+    }
+
+    /**
+     * Records top-level ORCA metrics (CPU, memory, application utilization) for per-call load
+     * reporting. Metrics are filtered based on the backend metric propagation configuration
+     * if configured.
+     *
+     * @param cpuUtilization CPU utilization metric value
+     * @param memUtilization Memory utilization metric value
+     * @param applicationUtilization Application utilization metric value
+     */
+    public synchronized void recordTopLevelMetrics(double cpuUtilization, double memUtilization,
+        double applicationUtilization) {
+      if (backendMetricPropagation.propagateCpuUtilization && cpuUtilization > 0) {
+        updateLoadMetricStats("cpu_utilization", cpuUtilization);
+      }
+      if (backendMetricPropagation.propagateMemUtilization && memUtilization > 0) {
+        updateLoadMetricStats("mem_utilization", memUtilization);
+      }
+      if (backendMetricPropagation.propagateApplicationUtilization && applicationUtilization > 0) {
+        updateLoadMetricStats("application_utilization", applicationUtilization);
+      }
+    }
+
     /**
      * Release the <i>hard</i> reference for this stats object (previously obtained via {@link
      * LoadStatsManager2#getClusterLocalityStats}). The object may still be
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index e2dd4169bca..cd545c00c1d 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -388,6 +388,23 @@ public LoadStatsManager2.ClusterDropStats addClusterDropStats(
   public LoadStatsManager2.ClusterLocalityStats addClusterLocalityStats(
       Bootstrapper.ServerInfo serverInfo, String clusterName, @Nullable String edsServiceName,
       Locality locality) {
+    return addClusterLocalityStats(serverInfo, clusterName, edsServiceName, locality, null);
+  }
+
+  /**
+   * Adds load stats for the specified locality (in the specified cluster with edsServiceName) by
+   * using the returned object to record RPCs. Load stats recorded with the returned object will
+   * be reported to the load reporting server. The returned object is reference counted and the
+   * caller should use {@link LoadStatsManager2.ClusterLocalityStats#release} to release its
+   * <i>hard</i> reference when it is safe to stop reporting RPC loads for the specified locality
+   * in the future.
+   *
+   * @param backendMetricPropagation Configuration for which backend metrics should be propagated
+   *     to LRS load reports. If null, all metrics will be propagated (legacy behavior).
+   */
+  public LoadStatsManager2.ClusterLocalityStats addClusterLocalityStats(
+      Bootstrapper.ServerInfo serverInfo, String clusterName, @Nullable String edsServiceName,
+      Locality locality, @Nullable BackendMetricPropagation backendMetricPropagation) {
     throw new UnsupportedOperationException();
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 4c6823f844a..6a4c20cf02b 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -409,9 +409,22 @@ public void run() {
   public LoadStatsManager2.ClusterLocalityStats addClusterLocalityStats(
       final ServerInfo serverInfo, String clusterName, @Nullable String edsServiceName,
       Locality locality) {
+    return addClusterLocalityStats(serverInfo, clusterName, edsServiceName, locality, null);
+  }
+
+  @Override
+  public LoadStatsManager2.ClusterLocalityStats addClusterLocalityStats(
+      final ServerInfo serverInfo,
+      String clusterName,
+      @Nullable String edsServiceName,
+      Locality locality,
+      @Nullable BackendMetricPropagation backendMetricPropagation) {
     LoadStatsManager2 loadStatsManager = loadStatsManagerMap.get(serverInfo);
+
     LoadStatsManager2.ClusterLocalityStats loadCounter =
-        loadStatsManager.getClusterLocalityStats(clusterName, edsServiceName, locality);
+        loadStatsManager.getClusterLocalityStats(
+            clusterName, edsServiceName, locality, backendMetricPropagation);
+
     syncContext.execute(new Runnable() {
       @Override
       public void run() {
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index 2059022c203..790f4445823 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -257,7 +257,7 @@ public void discoverTopLevelEdsCluster() {
           CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, upstreamTlsContext,
           Collections.emptyMap(), io.grpc.xds.EnvoyServerProtoData.OutlierDetection.create(
               null, null, null, null, SuccessRateEjection.create(null, null, null, null),
-              FailurePercentageEjection.create(null, null, null, null))));
+              FailurePercentageEjection.create(null, null, null, null)), null));
     assertThat(
         GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
         .isEqualTo("wrr_locality_experimental");
@@ -304,7 +304,7 @@ public void discoverTopLevelLogicalDnsCluster() {
     assertThat(childLbConfig.discoveryMechanism).isEqualTo(
         DiscoveryMechanism.forLogicalDns(
           CLUSTER, "dns.example.com:1111", lrsServerInfo, 100L, upstreamTlsContext,
-          Collections.emptyMap()));
+          Collections.emptyMap(), null));
     assertThat(
         GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
         .isEqualTo("wrr_locality_experimental");
@@ -338,7 +338,7 @@ public void nonAggregateCluster_resourceUpdate() {
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
     assertThat(childLbConfig.discoveryMechanism).isEqualTo(
           DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, 100L, null, Collections.emptyMap(), null));
+            CLUSTER, EDS_SERVICE_NAME, null, 100L, null, Collections.emptyMap(), null, null));
 
     cluster = EDS_CLUSTER.toBuilder()
         .setCircuitBreakers(CircuitBreakers.newBuilder()
@@ -353,7 +353,7 @@ public void nonAggregateCluster_resourceUpdate() {
     childLbConfig = (ClusterResolverConfig) childBalancer.config;
     assertThat(childLbConfig.discoveryMechanism).isEqualTo(
           DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, 200L, null, Collections.emptyMap(), null));
+            CLUSTER, EDS_SERVICE_NAME, null, 200L, null, Collections.emptyMap(), null, null));
   }
 
   @Test
@@ -367,7 +367,7 @@ public void nonAggregateCluster_resourceRevoked() {
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
     assertThat(childLbConfig.discoveryMechanism).isEqualTo(
           DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null));
+            CLUSTER, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null, null));
 
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
 
@@ -398,7 +398,7 @@ public void dynamicCluster() {
     ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
     assertThat(childLbConfig.discoveryMechanism).isEqualTo(
           DiscoveryMechanism.forEds(
-            clusterName, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null));
+            clusterName, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null, null));
 
     assertThat(this.lastXdsConfig.getClusters()).containsKey(clusterName);
     shutdownLoadBalancer();
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index a491d3f3612..50138cb8e5a 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -68,6 +68,7 @@
 import io.grpc.xds.WeightedTargetLoadBalancerProvider.WeightedPolicySelection;
 import io.grpc.xds.WeightedTargetLoadBalancerProvider.WeightedTargetConfig;
 import io.grpc.xds.XdsNameResolverProvider.CallCounterProvider;
+import io.grpc.xds.client.BackendMetricPropagation;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.LoadReportClient;
 import io.grpc.xds.client.LoadStatsManager2;
@@ -192,7 +193,7 @@ public void handleResolvedAddresses_propagateToChildPolicy() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(downstreamBalancers);
@@ -220,7 +221,7 @@ public void handleResolvedAddresses_childPolicyChanges() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), configWithWeightedTarget);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(downstreamBalancers);
@@ -235,7 +236,7 @@ public void handleResolvedAddresses_childPolicyChanges() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             wrrLocalityProvider, wrrLocalityConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), configWithWrrLocality);
     childBalancer = Iterables.getOnlyElement(downstreamBalancers);
     assertThat(childBalancer.name).isEqualTo(XdsLbPolicies.WRR_LOCALITY_POLICY_NAME);
@@ -261,7 +262,7 @@ public void nameResolutionError_afterChildPolicyInstantiated_propagateToDownstre
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(downstreamBalancers);
@@ -282,7 +283,7 @@ public void pick_addsOptionalLabels() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
     FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
@@ -313,7 +314,7 @@ public void pick_noResult_addsClusterLabel() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
     FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
@@ -337,7 +338,7 @@ public void recordLoadStats() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
     FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
@@ -416,6 +417,116 @@ public void recordLoadStats() {
     assertThat(clusterStats.upstreamLocalityStatsList()).isEmpty();  // no longer reported
   }
 
+  @Test
+  public void recordLoadStats_orcaLrsPropagationEnabled() {
+    boolean originalVal = LoadStatsManager2.isEnabledOrcaLrsPropagation;
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = true;
+    BackendMetricPropagation backendMetricPropagation = BackendMetricPropagation.fromMetricSpecs(
+        Arrays.asList("application_utilization", "cpu_utilization", "named_metrics.named1"));
+    LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
+    WeightedTargetConfig weightedTargetConfig =
+        buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
+    ClusterImplConfig config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO,
+        null, Collections.<DropOverload>emptyList(),
+        GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+            weightedTargetProvider, weightedTargetConfig),
+        null, Collections.emptyMap(), backendMetricPropagation);
+    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
+    deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
+    FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
+    Subchannel subchannel = leafBalancer.createSubChannel();
+    FakeSubchannel fakeSubchannel = helper.subchannels.poll();
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
+    fakeSubchannel.setConnectedEagIndex(0);
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+    assertThat(currentState).isEqualTo(ConnectivityState.READY);
+    PickResult result = currentPicker.pickSubchannel(pickSubchannelArgs);
+    assertThat(result.getStatus().isOk()).isTrue();
+    ClientStreamTracer streamTracer = result.getStreamTracerFactory().newClientStreamTracer(
+        ClientStreamTracer.StreamInfo.newBuilder().build(), new Metadata());
+    Metadata trailersWithOrcaLoadReport = new Metadata();
+    trailersWithOrcaLoadReport.put(ORCA_ENDPOINT_LOAD_METRICS_KEY,
+        OrcaLoadReport.newBuilder()
+            .setApplicationUtilization(1.414)
+            .setCpuUtilization(0.5)
+            .setMemUtilization(0.034)
+            .putNamedMetrics("named1", 3.14159)
+            .putNamedMetrics("named2", -1.618).build());
+    streamTracer.inboundTrailers(trailersWithOrcaLoadReport);
+    streamTracer.streamClosed(Status.OK);
+    ClusterStats clusterStats =
+        Iterables.getOnlyElement(loadStatsManager.getClusterStatsReports(CLUSTER));
+    UpstreamLocalityStats localityStats =
+        Iterables.getOnlyElement(clusterStats.upstreamLocalityStatsList());
+
+    assertThat(localityStats.loadMetricStatsMap()).containsKey("application_utilization");
+    assertThat(localityStats.loadMetricStatsMap().get("application_utilization").totalMetricValue())
+        .isWithin(TOLERANCE).of(1.414);
+    assertThat(localityStats.loadMetricStatsMap()).containsKey("cpu_utilization");
+    assertThat(localityStats.loadMetricStatsMap().get("cpu_utilization").totalMetricValue())
+        .isWithin(TOLERANCE).of(0.5);
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("mem_utilization");
+    assertThat(localityStats.loadMetricStatsMap()).containsKey("named_metrics.named1");
+    assertThat(localityStats.loadMetricStatsMap().get("named_metrics.named1").totalMetricValue())
+        .isWithin(TOLERANCE).of(3.14159);
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("named_metrics.named2");
+    subchannel.shutdown();
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = originalVal;
+  }
+
+  @Test
+  public void recordLoadStats_orcaLrsPropagationDisabled() {
+    boolean originalVal = LoadStatsManager2.isEnabledOrcaLrsPropagation;
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = false;
+    BackendMetricPropagation backendMetricPropagation = BackendMetricPropagation.fromMetricSpecs(
+        Arrays.asList("application_utilization", "cpu_utilization", "named_metrics.named1"));
+    LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
+    WeightedTargetConfig weightedTargetConfig =
+        buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
+    ClusterImplConfig config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO,
+        null, Collections.<DropOverload>emptyList(),
+        GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+            weightedTargetProvider, weightedTargetConfig),
+        null, Collections.emptyMap(), backendMetricPropagation);
+    EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
+    deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
+    FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
+    Subchannel subchannel = leafBalancer.createSubChannel();
+    FakeSubchannel fakeSubchannel = helper.subchannels.poll();
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
+    fakeSubchannel.setConnectedEagIndex(0);
+    fakeSubchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+    assertThat(currentState).isEqualTo(ConnectivityState.READY);
+    PickResult result = currentPicker.pickSubchannel(pickSubchannelArgs);
+    assertThat(result.getStatus().isOk()).isTrue();
+    ClientStreamTracer streamTracer = result.getStreamTracerFactory().newClientStreamTracer(
+        ClientStreamTracer.StreamInfo.newBuilder().build(), new Metadata());
+    Metadata trailersWithOrcaLoadReport = new Metadata();
+    trailersWithOrcaLoadReport.put(ORCA_ENDPOINT_LOAD_METRICS_KEY,
+        OrcaLoadReport.newBuilder()
+            .setApplicationUtilization(1.414)
+            .setCpuUtilization(0.5)
+            .setMemUtilization(0.034)
+            .putNamedMetrics("named1", 3.14159)
+            .putNamedMetrics("named2", -1.618).build());
+    streamTracer.inboundTrailers(trailersWithOrcaLoadReport);
+    streamTracer.streamClosed(Status.OK);
+    ClusterStats clusterStats =
+        Iterables.getOnlyElement(loadStatsManager.getClusterStatsReports(CLUSTER));
+    UpstreamLocalityStats localityStats =
+        Iterables.getOnlyElement(clusterStats.upstreamLocalityStatsList());
+
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("application_utilization");
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("cpu_utilization");
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("mem_utilization");
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("named_metrics.named1");
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("named_metrics.named2");
+    assertThat(localityStats.loadMetricStatsMap().containsKey("named1")).isTrue();
+    assertThat(localityStats.loadMetricStatsMap().containsKey("named2")).isTrue();
+    subchannel.shutdown();
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = originalVal;
+  }
+
   // Verifies https://github.com/grpc/grpc-java/issues/11434.
   @Test
   public void pickFirstLoadReport_onUpdateAddress() {
@@ -432,7 +543,7 @@ public void pickFirstLoadReport_onUpdateAddress() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(pickFirstProvider,
             pickFirstConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr1", locality1);
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr2", locality2);
     deliverAddressesAndConfig(Arrays.asList(endpoint1, endpoint2), config);
@@ -522,7 +633,7 @@ public void dropRpcsWithRespectToLbConfigDropCategories() {
         null, Collections.singletonList(DropOverload.create("throttle", 500_000)),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
     when(mockRandom.nextInt(anyInt())).thenReturn(499_999, 999_999, 1_000_000);
@@ -556,7 +667,7 @@ public void dropRpcsWithRespectToLbConfigDropCategories() {
         Collections.singletonList(DropOverload.create("lb", 1_000_000)),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(Collections.singletonList(endpoint))
@@ -605,7 +716,7 @@ private void subtest_maxConcurrentRequests_appliedByLbConfig(boolean enableCircu
         maxConcurrentRequests, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
     assertThat(downstreamBalancers).hasSize(1);  // one leaf balancer
@@ -652,7 +763,7 @@ private void subtest_maxConcurrentRequests_appliedByLbConfig(boolean enableCircu
         maxConcurrentRequests, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
 
     result = currentPicker.pickSubchannel(pickSubchannelArgs);
@@ -700,7 +811,7 @@ private void subtest_maxConcurrentRequests_appliedWithDefaultValue(
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint = makeAddress("endpoint-addr", locality);
     deliverAddressesAndConfig(Collections.singletonList(endpoint), config);
     assertThat(downstreamBalancers).hasSize(1);  // one leaf balancer
@@ -751,7 +862,7 @@ public void endpointAddressesAttachedWithClusterName() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     // One locality with two endpoints.
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr1", locality);
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr2", locality);
@@ -791,7 +902,7 @@ public void endpointAddressesAttachedWithClusterName() {
           null, Collections.<DropOverload>emptyList(),
           GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
               weightedTargetProvider, weightedTargetConfig),
-          null, Collections.emptyMap());
+          null, Collections.emptyMap(), null);
       EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr1", locality,
           "authority-host-name");
       deliverAddressesAndConfig(Arrays.asList(endpoint1), config);
@@ -842,7 +953,7 @@ public void endpointAddressesAttachedWithClusterName() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr1", locality,
         "authority-host-name");
     deliverAddressesAndConfig(Arrays.asList(endpoint1), config);
@@ -891,7 +1002,7 @@ public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        upstreamTlsContext, Collections.emptyMap());
+        upstreamTlsContext, Collections.emptyMap(), null);
     // One locality with two endpoints.
     EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr1", locality);
     EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr2", locality);
@@ -916,7 +1027,7 @@ public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        null, Collections.emptyMap());
+        null, Collections.emptyMap(), null);
     deliverAddressesAndConfig(Arrays.asList(endpoint1, endpoint2), config);
     assertThat(Iterables.getOnlyElement(downstreamBalancers)).isSameInstanceAs(leafBalancer);
     subchannel = leafBalancer.helper.createSubchannel(args);  // creates new connections
@@ -933,7 +1044,7 @@ public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
             weightedTargetProvider, weightedTargetConfig),
-        upstreamTlsContext, Collections.emptyMap());
+        upstreamTlsContext, Collections.emptyMap(), null);
     deliverAddressesAndConfig(Arrays.asList(endpoint1, endpoint2), config);
     assertThat(Iterables.getOnlyElement(downstreamBalancers)).isSameInstanceAs(leafBalancer);
     subchannel = leafBalancer.helper.createSubchannel(args);  // creates new connections
@@ -1243,8 +1354,9 @@ public ClusterDropStats addClusterDropStats(
     @Override
     public ClusterLocalityStats addClusterLocalityStats(
         ServerInfo lrsServerInfo, String clusterName, @Nullable String edsServiceName,
-        Locality locality) {
-      return loadStatsManager.getClusterLocalityStats(clusterName, edsServiceName, locality);
+        Locality locality, BackendMetricPropagation backendMetricPropagation) {
+      return loadStatsManager.getClusterLocalityStats(
+          clusterName, edsServiceName, locality, backendMetricPropagation);
     }
 
     @Override
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 86f525c61f2..983ae17818c 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -100,7 +100,9 @@
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
 import io.grpc.xds.RingHashLoadBalancer.RingHashConfig;
 import io.grpc.xds.WrrLocalityLoadBalancer.WrrLocalityConfig;
+import io.grpc.xds.client.BackendMetricPropagation;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.client.LoadStatsManager2;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.internal.XdsInternalAttributes;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
@@ -270,14 +272,19 @@ public void tearDown() throws Exception {
 
   @Test
   public void edsClustersWithRingHashEndpointLbPolicy() throws Exception {
+    boolean originalVal = LoadStatsManager2.isEnabledOrcaLrsPropagation;
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = true;
+    List<String> metricSpecs = Arrays.asList("cpu_utilization");
+    BackendMetricPropagation backendMetricPropagation =
+        BackendMetricPropagation.fromMetricSpecs(metricSpecs);
     Cluster cluster = EDS_CLUSTER.toBuilder()
         .setLbPolicy(Cluster.LbPolicy.RING_HASH)
         .setRingHashLbConfig(Cluster.RingHashLbConfig.newBuilder()
             .setMinimumRingSize(UInt64Value.of(10))
             .setMaximumRingSize(UInt64Value.of(100))
             .build())
+        .addAllLrsReportEndpointMetrics(metricSpecs)
         .build();
-    // One priority with two localities of different weights.
     ClusterLoadAssignment clusterLoadAssignment = ClusterLoadAssignment.newBuilder()
         .setClusterName(EDS_SERVICE_NAME)
         .addEndpoints(LocalityLbEndpoints.newBuilder()
@@ -331,6 +338,8 @@ public void edsClustersWithRingHashEndpointLbPolicy() throws Exception {
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
     assertClusterImplConfig(clusterImplConfig, CLUSTER, EDS_SERVICE_NAME, null, null,
         null, Collections.emptyList(), "ring_hash_experimental");
+    assertThat(clusterImplConfig.backendMetricPropagation).isEqualTo(backendMetricPropagation);
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = originalVal;
     RingHashConfig ringHashConfig = (RingHashConfig)
         GracefulSwitchLoadBalancerAccessor.getChildConfig(clusterImplConfig.childConfig);
     assertThat(ringHashConfig.minRingSize).isEqualTo(10L);
@@ -871,8 +880,16 @@ public void handleEdsResource_noHealthyEndpoint() {
 
   @Test
   public void onlyLogicalDnsCluster_endpointsResolved() {
+    boolean originalVal = LoadStatsManager2.isEnabledOrcaLrsPropagation;
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = true;
+    List<String> metricSpecs = Arrays.asList("cpu_utilization");
+    BackendMetricPropagation backendMetricPropagation =
+        BackendMetricPropagation.fromMetricSpecs(metricSpecs);
+    Cluster logicalDnsClusterWithMetrics = LOGICAL_DNS_CLUSTER.toBuilder()
+        .addAllLrsReportEndpointMetrics(metricSpecs)
+        .build();
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
-        CLUSTER, LOGICAL_DNS_CLUSTER));
+        CLUSTER, logicalDnsClusterWithMetrics));
     startXdsDepManager(new CdsConfig(CLUSTER), /* forwardTime= */ false);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME + ":9000");
     assertThat(childBalancers).isEmpty();
@@ -895,6 +912,8 @@ public void onlyLogicalDnsCluster_endpointsResolved() {
         GracefulSwitchLoadBalancerAccessor.getChildConfig(priorityChildConfig.childConfig);
     assertClusterImplConfig(clusterImplConfig, CLUSTER, null, null, null, null,
         Collections.<DropOverload>emptyList(), "wrr_locality_experimental");
+    assertThat(clusterImplConfig.backendMetricPropagation).isEqualTo(backendMetricPropagation);
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = originalVal;
     assertAddressesEqual(
         Arrays.asList(new EquivalentAddressGroup(Arrays.asList(
             newInetSocketAddress("127.0.2.1", 9000), newInetSocketAddress("127.0.2.2", 9000)))),
@@ -1002,14 +1021,14 @@ public void config_equalsTester() {
             "google_cloud_private_spiffe", true);
     DiscoveryMechanism edsDiscoveryMechanism1 =
         DiscoveryMechanism.forEds(CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, tlsContext,
-            Collections.emptyMap(), null);
+            Collections.emptyMap(), null, null);
     io.grpc.xds.EnvoyServerProtoData.OutlierDetection outlierDetection =
         io.grpc.xds.EnvoyServerProtoData.OutlierDetection.create(
             100L, 100L, 100L, 100, SuccessRateEjection.create(100, 100, 100, 100),
             FailurePercentageEjection.create(100, 100, 100, 100));
     DiscoveryMechanism edsDiscoveryMechanismWithOutlierDetection =
         DiscoveryMechanism.forEds(CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, tlsContext,
-            Collections.emptyMap(), outlierDetection);
+            Collections.emptyMap(), outlierDetection, null);
     Object roundRobin = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
         new FakeLoadBalancerProvider("wrr_locality_experimental"), new WrrLocalityConfig(
             GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
index 1d6c97d81e6..7f203e036b7 100644
--- a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -491,7 +491,7 @@ private static CdsUpdate getCdsUpdate() {
     parsedMetadata.put("FILTER_INSTANCE_NAME", new AudienceWrapper("TEST_AUDIENCE"));
     try {
       CdsUpdate.Builder cdsUpdate = CdsUpdate.forEds(
-              CLUSTER_NAME, EDS_NAME, null, null, null, null, false)
+              CLUSTER_NAME, EDS_NAME, null, null, null, null, false, null)
           .lbPolicyConfig(getWrrLbConfigAsMap());
       return cdsUpdate.parsedMetadata(parsedMetadata.build()).build();
     } catch (IOException ex) {
@@ -504,7 +504,7 @@ private static CdsUpdate getCdsUpdate2() {
     parsedMetadata.put("FILTER_INSTANCE_NAME", new AudienceWrapper("NEW_TEST_AUDIENCE"));
     try {
       CdsUpdate.Builder cdsUpdate = CdsUpdate.forEds(
-              CLUSTER_NAME, EDS_NAME, null, null, null, null, false)
+              CLUSTER_NAME, EDS_NAME, null, null, null, null, false, null)
           .lbPolicyConfig(getWrrLbConfigAsMap());
       return cdsUpdate.parsedMetadata(parsedMetadata.build()).build();
     } catch (IOException ex) {
@@ -516,7 +516,7 @@ private static CdsUpdate getCdsUpdateWithIncorrectAudienceWrapper() throws IOExc
     ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
     parsedMetadata.put("FILTER_INSTANCE_NAME", "TEST_AUDIENCE");
     CdsUpdate.Builder cdsUpdate = CdsUpdate.forEds(
-            CLUSTER_NAME, EDS_NAME, null, null, null, null, false)
+            CLUSTER_NAME, EDS_NAME, null, null, null, null, false, null)
         .lbPolicyConfig(getWrrLbConfigAsMap());
     return cdsUpdate.parsedMetadata(parsedMetadata.build()).build();
   }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 3650e5d5bb9..2c75ee04d91 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -24,6 +24,7 @@
 import static org.junit.Assert.fail;
 
 import com.github.udpa.udpa.type.v1.TypedStruct;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
@@ -140,7 +141,9 @@
 import io.grpc.xds.VirtualHost.Route.RouteMatch.PathMatcher;
 import io.grpc.xds.WeightedRoundRobinLoadBalancer.WeightedRoundRobinLoadBalancerConfig;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
+import io.grpc.xds.client.BackendMetricPropagation;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.client.LoadStatsManager2;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsResourceType;
 import io.grpc.xds.client.XdsResourceType.ResourceInvalidException;
@@ -2640,6 +2643,42 @@ public void parseNonAggregateCluster_withHttp11ProxyTransportSocket() throws Exc
     assertThat(result.isHttp11ProxyAvailable()).isTrue();
   }
 
+  @Test
+  public void processCluster_parsesOrcaLrsPropagationMetrics() throws ResourceInvalidException {
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = true;
+
+    ImmutableList<String> metricSpecs = ImmutableList.of(
+        "cpu_utilization",
+        "named_metrics.foo",
+        "unknown_metric_spec"
+    );
+    Cluster cluster = Cluster.newBuilder()
+        .setName("cluster-orca.googleapis.com")
+        .setType(DiscoveryType.EDS)
+        .setEdsClusterConfig(
+            EdsClusterConfig.newBuilder()
+                .setEdsConfig(
+                    ConfigSource.newBuilder().setAds(AggregatedConfigSource.getDefaultInstance()))
+                .setServiceName("service-orca.googleapis.com"))
+        .setLbPolicy(LbPolicy.ROUND_ROBIN)
+        .addAllLrsReportEndpointMetrics(metricSpecs)
+        .build();
+
+    CdsUpdate update = XdsClusterResource.processCluster(
+        cluster, null, LRS_SERVER_INFO, LoadBalancerRegistry.getDefaultRegistry());
+
+    BackendMetricPropagation propagationConfig = update.backendMetricPropagation();
+    assertThat(propagationConfig).isNotNull();
+    assertThat(propagationConfig.propagateCpuUtilization).isTrue();
+    assertThat(propagationConfig.propagateMemUtilization).isFalse();
+    assertThat(propagationConfig.shouldPropagateNamedMetric("foo")).isTrue();
+    assertThat(propagationConfig.shouldPropagateNamedMetric("bar")).isFalse();
+    assertThat(propagationConfig.shouldPropagateNamedMetric("unknown_metric_spec"))
+        .isFalse();
+
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = false;
+  }
+
   @Test
   public void parseServerSideListener_invalidTrafficDirection() throws ResourceInvalidException {
     Listener listener =
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
index b2b713e9a8e..ee32c4490af 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
@@ -154,7 +154,6 @@ public void lrsClientsStartedForLocalityStats() throws InterruptedException, Exe
     }
   }
 
-
   /**
    * Assures that when an {@link XdsClient} is asked to add cluster locality stats it appropriately
    * starts {@link LoadReportClient}s to do that.
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index e80fcd008bd..6edd98f923e 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -1246,7 +1246,7 @@ private static void createAndDeliverClusterUpdates(
       FakeXdsClient xdsClient, String... clusterNames) {
     for (String clusterName : clusterNames) {
       CdsUpdate.Builder forEds = CdsUpdate
-          .forEds(clusterName, clusterName, null, null, null, null, false)
+          .forEds(clusterName, clusterName, null, null, null, null, false, null)
               .roundRobinLbPolicy();
       xdsClient.deliverCdsUpdate(clusterName, forEds.build());
       EdsUpdate edsUpdate = new EdsUpdate(clusterName,
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index b1818445bea..63bd139c2cd 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -268,7 +268,7 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
     XdsEndpointResource.EdsUpdate edsUpdate = new XdsEndpointResource.EdsUpdate(
         EDS_NAME, lbEndpointsMap, Collections.emptyList());
     XdsClusterResource.CdsUpdate cdsUpdate = XdsClusterResource.CdsUpdate.forEds(
-        CLUSTER_NAME, EDS_NAME, serverInfo, null, null, null, false)
+        CLUSTER_NAME, EDS_NAME, serverInfo, null, null, null, false, null)
         .lbPolicyConfig(getWrrLbConfigAsMap()).build();
     XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
         CLUSTER_NAME, cdsUpdate, new EndpointConfig(StatusOr.fromValue(edsUpdate)));
diff --git a/xds/src/test/java/io/grpc/xds/client/BackendMetricPropagationTest.java b/xds/src/test/java/io/grpc/xds/client/BackendMetricPropagationTest.java
new file mode 100644
index 00000000000..31ad6f9c47f
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/client/BackendMetricPropagationTest.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.client;
+
+import static com.google.common.truth.Truth.assertThat;
+import static java.util.Arrays.asList;
+
+import com.google.common.collect.ImmutableList;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Unit tests for {@link BackendMetricPropagation}.
+ */
+@RunWith(JUnit4.class)
+public class BackendMetricPropagationTest {
+
+  @Test
+  public void fromMetricSpecs_nullInput() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(null);
+
+    assertThat(config.propagateCpuUtilization).isFalse();
+    assertThat(config.propagateMemUtilization).isFalse();
+    assertThat(config.propagateApplicationUtilization).isFalse();
+    assertThat(config.shouldPropagateNamedMetric("any")).isFalse();
+  }
+
+  @Test
+  public void fromMetricSpecs_emptyInput() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(ImmutableList.of());
+
+    assertThat(config.propagateCpuUtilization).isFalse();
+    assertThat(config.propagateMemUtilization).isFalse();
+    assertThat(config.propagateApplicationUtilization).isFalse();
+    assertThat(config.shouldPropagateNamedMetric("any")).isFalse();
+  }
+
+  @Test
+  public void fromMetricSpecs_partialStandardMetrics() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(
+        ImmutableList.of("cpu_utilization", "mem_utilization"));
+
+    assertThat(config.propagateCpuUtilization).isTrue();
+    assertThat(config.propagateMemUtilization).isTrue();
+    assertThat(config.propagateApplicationUtilization).isFalse();
+    assertThat(config.shouldPropagateNamedMetric("any")).isFalse();
+  }
+
+  @Test
+  public void fromMetricSpecs_allStandardMetrics() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(
+        ImmutableList.of("cpu_utilization", "mem_utilization", "application_utilization"));
+
+    assertThat(config.propagateCpuUtilization).isTrue();
+    assertThat(config.propagateMemUtilization).isTrue();
+    assertThat(config.propagateApplicationUtilization).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("any")).isFalse();
+  }
+
+  @Test
+  public void fromMetricSpecs_wildcardNamedMetrics() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(
+        ImmutableList.of("named_metrics.*"));
+
+    assertThat(config.propagateCpuUtilization).isFalse();
+    assertThat(config.propagateMemUtilization).isFalse();
+    assertThat(config.propagateApplicationUtilization).isFalse();
+    assertThat(config.shouldPropagateNamedMetric("any_key")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("another_key")).isTrue();
+  }
+
+  @Test
+  public void fromMetricSpecs_specificNamedMetrics() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(
+        ImmutableList.of("named_metrics.foo", "named_metrics.bar"));
+
+    assertThat(config.shouldPropagateNamedMetric("foo")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("bar")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("baz")).isFalse();
+    assertThat(config.shouldPropagateNamedMetric("any")).isFalse();
+  }
+
+  @Test
+  public void fromMetricSpecs_mixedStandardAndNamed() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(
+        ImmutableList.of("cpu_utilization", "named_metrics.foo", "named_metrics.bar"));
+
+    assertThat(config.propagateCpuUtilization).isTrue();
+    assertThat(config.propagateMemUtilization).isFalse();
+    assertThat(config.shouldPropagateNamedMetric("foo")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("bar")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("baz")).isFalse();
+  }
+
+  @Test
+  public void fromMetricSpecs_wildcardAndSpecificNamedMetrics() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(
+        ImmutableList.of("named_metrics.foo", "named_metrics.*"));
+
+    assertThat(config.shouldPropagateNamedMetric("foo")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("bar")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("any_other_key")).isTrue();
+  }
+
+  @Test
+  public void fromMetricSpecs_malformedAndUnknownSpecs_areIgnored() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(
+        asList(
+            "cpu_utilization",
+            null,                   // ignored
+            "disk_utilization",
+            "named_metrics.",       // empty key
+            "named_metrics.valid"
+        ));
+
+    assertThat(config.propagateCpuUtilization).isTrue();
+    assertThat(config.propagateMemUtilization).isFalse();
+    assertThat(config.shouldPropagateNamedMetric("disk_utilization")).isFalse();
+    assertThat(config.shouldPropagateNamedMetric("valid")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("")).isFalse(); // from the empty key
+  }
+
+  @Test
+  public void fromMetricSpecs_duplicateSpecs_areHandledGracefully() {
+    BackendMetricPropagation config = BackendMetricPropagation.fromMetricSpecs(
+        ImmutableList.of(
+            "cpu_utilization",
+            "named_metrics.foo",
+            "cpu_utilization",
+            "named_metrics.foo"));
+
+    assertThat(config.propagateCpuUtilization).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("foo")).isTrue();
+    assertThat(config.shouldPropagateNamedMetric("bar")).isFalse();
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/client/LoadStatsManager2Test.java b/xds/src/test/java/io/grpc/xds/client/LoadStatsManager2Test.java
index 9a90a92dcbd..a0642f7e4bb 100644
--- a/xds/src/test/java/io/grpc/xds/client/LoadStatsManager2Test.java
+++ b/xds/src/test/java/io/grpc/xds/client/LoadStatsManager2Test.java
@@ -27,6 +27,7 @@
 import io.grpc.xds.client.Stats.ClusterStats;
 import io.grpc.xds.client.Stats.DroppedRequests;
 import io.grpc.xds.client.Stats.UpstreamLocalityStats;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
 import java.util.concurrent.TimeUnit;
@@ -254,6 +255,59 @@ public void sharedLoadCounterStatsAggregation() {
         2.718);
   }
 
+  @Test
+  public void recordMetrics_orcaLrsPropagationEnabled_specificMetrics() {
+    boolean originalVal = LoadStatsManager2.isEnabledOrcaLrsPropagation;
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = true;
+    BackendMetricPropagation backendMetricPropagation = BackendMetricPropagation.fromMetricSpecs(
+        Arrays.asList("cpu_utilization", "named_metrics.named1"));
+    ClusterLocalityStats stats = loadStatsManager.getClusterLocalityStats(
+        CLUSTER_NAME1, EDS_SERVICE_NAME1, LOCALITY1, backendMetricPropagation);
+
+    stats.recordTopLevelMetrics(0.8, 0.5, 0.0); // cpu, mem, app
+    stats.recordBackendLoadMetricStats(ImmutableMap.of("named1", 123.4, "named2", 567.8));
+    stats.recordCallFinished(Status.OK);
+    ClusterStats report = Iterables.getOnlyElement(
+        loadStatsManager.getClusterStatsReports(CLUSTER_NAME1));
+    UpstreamLocalityStats localityStats =
+        Iterables.getOnlyElement(report.upstreamLocalityStatsList());
+
+    assertThat(localityStats.loadMetricStatsMap()).containsKey("cpu_utilization");
+    assertThat(localityStats.loadMetricStatsMap().get("cpu_utilization").totalMetricValue())
+        .isWithin(TOLERANCE).of(0.8);
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("mem_utilization");
+    assertThat(localityStats.loadMetricStatsMap()).containsKey("named_metrics.named1");
+    assertThat(localityStats.loadMetricStatsMap().get("named_metrics.named1").totalMetricValue())
+        .isWithin(TOLERANCE).of(123.4);
+    assertThat(localityStats.loadMetricStatsMap()).doesNotContainKey("named_metrics.named2");
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = originalVal;
+  }
+
+  @Test
+  public void recordMetrics_orcaLrsPropagationEnabled_wildcardNamedMetrics() {
+    boolean originalVal = LoadStatsManager2.isEnabledOrcaLrsPropagation;
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = true;
+    BackendMetricPropagation backendMetricPropagation = BackendMetricPropagation.fromMetricSpecs(
+        Arrays.asList("named_metrics.*"));
+    ClusterLocalityStats stats = loadStatsManager.getClusterLocalityStats(
+        CLUSTER_NAME1, EDS_SERVICE_NAME1, LOCALITY1, backendMetricPropagation);
+
+    stats.recordBackendLoadMetricStats(ImmutableMap.of("named1", 123.4, "named2", 567.8));
+    stats.recordCallFinished(Status.OK);
+    ClusterStats report = Iterables.getOnlyElement(
+        loadStatsManager.getClusterStatsReports(CLUSTER_NAME1));
+    UpstreamLocalityStats localityStats =
+        Iterables.getOnlyElement(report.upstreamLocalityStatsList());
+
+    assertThat(localityStats.loadMetricStatsMap()).containsKey("named_metrics.named1");
+    assertThat(localityStats.loadMetricStatsMap().get("named_metrics.named1").totalMetricValue())
+        .isWithin(TOLERANCE).of(123.4);
+    assertThat(localityStats.loadMetricStatsMap()).containsKey("named_metrics.named2");
+    assertThat(localityStats.loadMetricStatsMap().get("named_metrics.named2").totalMetricValue())
+        .isWithin(TOLERANCE).of(567.8);
+    LoadStatsManager2.isEnabledOrcaLrsPropagation = originalVal;
+  }
+
   @Test
   public void loadCounterDelayedDeletionAfterAllInProgressRequestsReported() {
     ClusterLocalityStats counter = loadStatsManager.getClusterLocalityStats(

From 7f0a19d41a4c2bb11afb01dbcece3703b9de4f18 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 14 Oct 2025 09:36:52 +0530
Subject: [PATCH 406/591] xds: Add documentation for /sni-test-certs and
 refactoring (#12415)

---
 .../resources/certs/sni-test-certs/README     | 55 +++++++++++++++++++
 .../bad_wildcard_dns_certificate.pem          |  0
 2 files changed, 55 insertions(+)
 create mode 100644 xds/src/test/resources/certs/sni-test-certs/README
 rename {testing/src/main => xds/src/test}/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem (100%)

diff --git a/xds/src/test/resources/certs/sni-test-certs/README b/xds/src/test/resources/certs/sni-test-certs/README
new file mode 100644
index 00000000000..25e66021192
--- /dev/null
+++ b/xds/src/test/resources/certs/sni-test-certs/README
@@ -0,0 +1,55 @@
+Bad Wildcard DNS Certificate (bad_wildcard_dns_certificate.pem)
+This certificate is used for testing SNI with invalid wildcard DNS SANs. It is issued by a custom, self-signed Certificate Authority (CA).
+
+1. Create the Certificate Authority (CA)
+Create the CA's private key:
+$ openssl genpkey -algorithm RSA -out ca.key -pkeyopt rsa_keygen_bits:2048
+Create the CA's self-signed certificate:
+$ openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.pem -subj "/CN=My Internal CA"
+
+2. Generate the Server Certificate
+Next, generate the server's private key and a Certificate Signing Request (CSR).
+Create the server's private key:
+$ openssl genpkey -algorithm RSA -out bad_wildcard_dns.key -pkeyopt rsa_keygen_bits:2048
+Create a configuration file named san.cnf with the following content. This file specifies the Subject Alternative Names (SANs) for the certificate.
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US
+ST = Illinois
+L = Chicago
+O = "Example, Co."
+CN = *.test.google.com
+
+[v3_req]
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.test.google.fr
+DNS.2 = *.test.youtube.com
+DNS.3 = waterzooi.test.google.be
+DNS.4 = 192.168.1.3
+DNS.5 = *.TEST.YOUTUBE.com
+DNS.6 = w*i.test.google.be
+DNS.7 = w*a.test.google.be
+DNS.8 = *.test.google.com.au
+DNS.9 = *waterzooi
+DNS.10 = *.lyft.com
+DNS.11 = ly**ft.com
+DNS.12 = *yft.c*m
+DNS.13 = xn--*.lyft.com
+
+Create the Certificate Signing Request (CSR):
+$ openssl req -new -key bad_wildcard_dns.key -out bad_wildcard_dns.csr -config san.cnf
+
+3. Sign the Server Certificate
+Finally, use the CA to sign the CSR, which will create the server certificate.
+$ openssl x509 -req -in bad_wildcard_dns.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out bad_wildcard_dns_certificate.pem -days 365 -sha256 -extensions v3_req -extfile san.cnf
+
+4. Clean Up
+$ rm bad_wildcard_dns.key san.cnf bad_wildcard_dns.csr ca.key ca.pem ca.srl
diff --git a/testing/src/main/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem b/xds/src/test/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem
similarity index 100%
rename from testing/src/main/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem
rename to xds/src/test/resources/certs/sni-test-certs/bad_wildcard_dns_certificate.pem

From 4725ced9981e714c9745f22123e3c621342e0b70 Mon Sep 17 00:00:00 2001
From: HYUNSANG HAN <gustkd3@gmail.com>
Date: Wed, 15 Oct 2025 05:35:58 +0900
Subject: [PATCH 407/591] binder: Avoid potential deadlock when canceling
 AsyncSecurityPolicy futures (#12283)

Move future cancellation outside of synchronized block in
`BinderClientTransport.notifyTerminated()` to prevent deadlock if
`AsyncSecurityPolicy` uses `directExecutor()` for callbacks.

Fixes grpc#12190

---------

Signed-off-by: Hyunsang Han <gustkd3@gmail.com>
---
 .../internal/BinderClientTransport.java       | 20 +++++--------------
 .../grpc/binder/internal/BinderTransport.java | 19 ++++++++++++++++++
 2 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index 6b68552722c..c2447daf751 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -87,13 +87,6 @@ public final class BinderClientTransport extends BinderTransport
   @GuardedBy("this")
   private ScheduledFuture<?> readyTimeoutFuture; // != null iff timeout scheduled.
 
-  @GuardedBy("this")
-  @Nullable
-  private ListenableFuture<Status> authResultFuture; // null before we check auth.
-
-  @GuardedBy("this")
-  @Nullable
-  private ListenableFuture<Status> preAuthResultFuture; // null before we pre-auth.
 
   /**
    * Constructs a new transport instance.
@@ -193,7 +186,8 @@ private void preAuthorize(ServiceInfo serviceInfo) {
     // unauthorized server a chance to run, but the connection will still fail by SecurityPolicy
     // check later in handshake. Pre-auth remains effective at mitigating abuse because malware
     // can't typically control the exact timing of its installation.
-    preAuthResultFuture = checkServerAuthorizationAsync(serviceInfo.applicationInfo.uid);
+    ListenableFuture<Status> preAuthResultFuture =
+        register(checkServerAuthorizationAsync(serviceInfo.applicationInfo.uid));
     Futures.addCallback(
         preAuthResultFuture,
         new FutureCallback<Status>() {
@@ -314,12 +308,6 @@ void notifyTerminated() {
       readyTimeoutFuture.cancel(false);
       readyTimeoutFuture = null;
     }
-    if (preAuthResultFuture != null) {
-      preAuthResultFuture.cancel(false); // No effect if already complete.
-    }
-    if (authResultFuture != null) {
-      authResultFuture.cancel(false); // No effect if already complete.
-    }
     serviceBinding.unbind();
     clientTransportListener.transportTerminated();
   }
@@ -339,7 +327,8 @@ protected void handleSetupTransport(Parcel parcel) {
       } else {
         restrictIncomingBinderToCallsFrom(remoteUid);
         attributes = setSecurityAttrs(attributes, remoteUid);
-        authResultFuture = checkServerAuthorizationAsync(remoteUid);
+        ListenableFuture<Status> authResultFuture =
+            register(checkServerAuthorizationAsync(remoteUid));
         Futures.addCallback(
             authResultFuture,
             new FutureCallback<Status>() {
@@ -398,6 +387,7 @@ protected void handlePingResponse(Parcel parcel) {
     pingTracker.onPingResponse(parcel.readInt());
   }
 
+
   private static ClientStream newFailingClientStream(
       Status failure, Attributes attributes, Metadata headers, ClientStreamTracer[] tracers) {
     StatsTraceContext statsTraceContext =
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 904b7e83001..0f03d5fc9f2 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -45,9 +45,11 @@
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.NoSuchElementException;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.Future;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -166,6 +168,9 @@ protected enum TransportState {
   @GuardedBy("this")
   private final LinkedHashSet<Integer> callIdsToNotifyWhenReady = new LinkedHashSet<>();
 
+  @GuardedBy("this")
+  private final List<Future<?>> ownedFutures = new ArrayList<>(); // To cancel upon terminate.
+
   @GuardedBy("this")
   protected Attributes attributes;
 
@@ -249,6 +254,13 @@ void releaseExecutors() {
     executorServicePool.returnObject(scheduledExecutorService);
   }
 
+  // Registers the specified future for eventual safe cancellation upon shutdown/terminate.
+  @GuardedBy("this")
+  protected final <T extends Future<?>> T register(T future) {
+    ownedFutures.add(future);
+    return future;
+  }
+
   @GuardedBy("this")
   boolean inState(TransportState transportState) {
     return this.transportState == transportState;
@@ -299,6 +311,8 @@ final void shutdownInternal(Status shutdownStatus, boolean forceTerminate) {
       sendShutdownTransaction();
       ArrayList<Inbound<?>> calls = new ArrayList<>(ongoingCalls.values());
       ongoingCalls.clear();
+      ArrayList<Future<?>> futuresToCancel = new ArrayList<>(ownedFutures);
+      ownedFutures.clear();
       scheduledExecutorService.execute(
           () -> {
             for (Inbound<?> inbound : calls) {
@@ -310,6 +324,11 @@ final void shutdownInternal(Status shutdownStatus, boolean forceTerminate) {
               notifyTerminated();
             }
             releaseExecutors();
+            
+            for (Future<?> future : futuresToCancel) {
+              // Not holding any locks here just in case some listener runs on a direct Executor.
+              future.cancel(false); // No effect if already isDone().
+            }
           });
     }
   }

From f0a606710bc87da8848225d20710044c34fa4780 Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Wed, 15 Oct 2025 17:41:45 +0530
Subject: [PATCH 408/591] Bump readme (#12410) to reference 1.76.0

---
 README.md | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index d696164ee32..c25fc73934f 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.75.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.75.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.76.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.76.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,34 +56,34 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.75.0</version>
+  <version>1.76.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.75.0</version>
+  <version>1.76.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.75.0</version>
+  <version>1.76.0</version>
 </dependency>
 ```
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.75.0'
-implementation 'io.grpc:grpc-protobuf:1.75.0'
-implementation 'io.grpc:grpc-stub:1.75.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.76.0'
+implementation 'io.grpc:grpc-protobuf:1.76.0'
+implementation 'io.grpc:grpc-stub:1.76.0'
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.75.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.75.0'
-implementation 'io.grpc:grpc-stub:1.75.0'
+implementation 'io.grpc:grpc-okhttp:1.76.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.76.0'
+implementation 'io.grpc:grpc-stub:1.76.0'
 ```
 
 For [Bazel](https://bazel.build), you can either
@@ -91,7 +91,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.75.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.76.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://central.sonatype.com/repository/maven-snapshots/).
@@ -121,9 +121,9 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <artifactId>protobuf-maven-plugin</artifactId>
       <version>0.6.1</version>
       <configuration>
-        <protocArtifact>com.google.protobuf:protoc:3.25.5:exe:${os.detected.classifier}</protocArtifact>
+        <protocArtifact>com.google.protobuf:protoc:3.25.8:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.75.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.76.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -149,11 +149,11 @@ plugins {
 
 protobuf {
   protoc {
-    artifact = "com.google.protobuf:protoc:3.25.5"
+    artifact = "com.google.protobuf:protoc:3.25.8"
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0'
     }
   }
   generateProtoTasks {
@@ -182,11 +182,11 @@ plugins {
 
 protobuf {
   protoc {
-    artifact = "com.google.protobuf:protoc:3.25.5"
+    artifact = "com.google.protobuf:protoc:3.25.8"
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.75.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0'
     }
   }
   generateProtoTasks {

From 53393e06f3adfcecf929caf3b571f1e4ec46ae12 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 17 Oct 2025 09:53:22 +0530
Subject: [PATCH 409/591] xds: use UNKNOWN for auth algorithm type during
 per-rpc authority verification  (#12421)

While we can get the cipher suite name with
`sslEngine.getHandshakeSession().getCipherSuite()`, for the `authType`
to use in `X509ExtendedTrustManager.checkServerTrusted` it needs to go
through a mapping, for example, for the cipher suite name
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" the `authType` to use is
actually `ECDHE_RSA`. (JDK code maintains such a
[mapping](https://github.com/openjdk/jdk/blob/844118a9d854459778f88d299b148c2288131344/src/java.base/share/classes/sun/security/ssl/CipherSuite.java#L113)).
Since we don't have all this information handy to use, and UNKNOWN for
`authType` works and has actually been observed being used during Tls
handshake, we are using the same during the per-rpc authority
verification check as the Tls connection has already been established by
then.
---
 netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java b/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java
index 8a8d426662f..a2df3dbc431 100644
--- a/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java
+++ b/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java
@@ -103,6 +103,6 @@ private void verifyAuthorityAllowedForPeerCert(String authority)
       throw new IllegalStateException("checkServerTrustedMethod not found");
     }
     checkServerTrustedMethod.invoke(
-            x509ExtendedTrustManager, x509PeerCertificates, "RSA", sslEngineWrapper);
+            x509ExtendedTrustManager, x509PeerCertificates, "UNKNOWN", sslEngineWrapper);
   }
 }

From 559e3ba41d7ab8798a52cdd6bdd7cf762c6739d5 Mon Sep 17 00:00:00 2001
From: Gregory Cooke <gregorycooke@google.com>
Date: Fri, 17 Oct 2025 05:17:00 -0400
Subject: [PATCH 410/591] internal: Allow EC Keys in SPIFFE Bundle Map parsing
 (#12399)

SPIFFE Bundle Map parsing was originally implemented to only support RSA keys. It should also support EC keys.
---
 .../java/io/grpc/internal/SpiffeUtil.java     |  13 +-
 .../java/io/grpc/internal/SpiffeUtilTest.java |  19 ++-
 .../io/grpc/internal/spiffebundle_ec.json     | 116 ++++++++++++++++++
 3 files changed, 142 insertions(+), 6 deletions(-)
 create mode 100644 core/src/test/resources/io/grpc/internal/spiffebundle_ec.json

diff --git a/core/src/main/java/io/grpc/internal/SpiffeUtil.java b/core/src/main/java/io/grpc/internal/SpiffeUtil.java
index 44ef343b6dc..9eafc9950e2 100644
--- a/core/src/main/java/io/grpc/internal/SpiffeUtil.java
+++ b/core/src/main/java/io/grpc/internal/SpiffeUtil.java
@@ -23,6 +23,7 @@
 import com.google.common.base.Splitter;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.io.Files;
 import java.io.ByteArrayInputStream;
 import java.io.File;
@@ -51,7 +52,7 @@ public final class SpiffeUtil {
 
   private static final Integer URI_SAN_TYPE = 6;
   private static final String USE_PARAMETER_VALUE = "x509-svid";
-  private static final String KTY_PARAMETER_VALUE = "RSA";
+  private static final ImmutableSet<String> KTY_PARAMETER_VALUES = ImmutableSet.of("RSA", "EC");
   private static final String CERTIFICATE_PREFIX = "-----BEGIN CERTIFICATE-----\n";
   private static final String CERTIFICATE_SUFFIX = "-----END CERTIFICATE-----";
   private static final String PREFIX = "spiffe://";
@@ -205,10 +206,12 @@ public static SpiffeBundle loadTrustBundleFromFile(String trustBundleFile) throw
 
   private static void checkJwkEntry(Map<String, ?> jwkNode, String trustDomainName) {
     String kty = JsonUtil.getString(jwkNode, "kty");
-    if (kty == null || !kty.equals(KTY_PARAMETER_VALUE)) {
-      throw new IllegalArgumentException(String.format("'kty' parameter must be '%s' but '%s' "
-              + "found. Certificate loading for trust domain '%s' failed.", KTY_PARAMETER_VALUE,
-          kty, trustDomainName));
+    if (kty == null || !KTY_PARAMETER_VALUES.contains(kty)) {
+      throw new IllegalArgumentException(
+          String.format(
+              "'kty' parameter must be one of %s but '%s' "
+                  + "found. Certificate loading for trust domain '%s' failed.",
+              KTY_PARAMETER_VALUES, kty, trustDomainName));
     }
     if (jwkNode.containsKey("kid")) {
       throw new IllegalArgumentException(String.format("'kid' parameter must not be set. "
diff --git a/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java b/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
index d5155728936..57824cf207f 100644
--- a/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
+++ b/core/src/test/java/io/grpc/internal/SpiffeUtilTest.java
@@ -218,6 +218,7 @@ public static class CertificateApiTest {
     private static final String SERVER_0_PEM_FILE = "server0.pem";
     private static final String TEST_DIRECTORY_PREFIX = "io/grpc/internal/";
     private static final String SPIFFE_TRUST_BUNDLE = "spiffebundle.json";
+    private static final String SPIFFE_TRUST_BUNDLE_WITH_EC_KTY = "spiffebundle_ec.json";
     private static final String SPIFFE_TRUST_BUNDLE_MALFORMED = "spiffebundle_malformed.json";
     private static final String SPIFFE_TRUST_BUNDLE_CORRUPTED_CERT =
         "spiffebundle_corrupted_cert.json";
@@ -311,6 +312,21 @@ public void loadTrustBundleFromFileSuccessTest() throws Exception {
               .toArray(new X509Certificate[0]));
       assertTrue(spiffeId.isPresent());
       assertEquals("foo.bar.com", spiffeId.get().getTrustDomain());
+
+      SpiffeBundle tb_ec = SpiffeUtil.loadTrustBundleFromFile(
+          copyFileToTmp(SPIFFE_TRUST_BUNDLE_WITH_EC_KTY));
+      assertEquals(2, tb_ec.getSequenceNumbers().size());
+      assertEquals(12035488L, (long) tb_ec.getSequenceNumbers().get("example.com"));
+      assertEquals(-1L, (long) tb_ec.getSequenceNumbers().get("test.example.com"));
+      assertEquals(3, tb_ec.getBundleMap().size());
+      assertEquals(0, tb_ec.getBundleMap().get("test.google.com.au").size());
+      assertEquals(1, tb_ec.getBundleMap().get("example.com").size());
+      assertEquals(2, tb_ec.getBundleMap().get("test.example.com").size());
+      Optional<SpiffeId> spiffeId_ec =
+          SpiffeUtil.extractSpiffeId(tb_ec.getBundleMap().get("example.com")
+                                         .toArray(new X509Certificate[0]));
+      assertTrue(spiffeId_ec.isPresent());
+      assertEquals("foo.bar.com", spiffeId_ec.get().getTrustDomain());
     }
 
     @Test
@@ -338,7 +354,8 @@ public void loadTrustBundleFromFileFailureTest() {
       // Check the exception if 'kty' value differs from 'RSA'
       iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
           .loadTrustBundleFromFile(copyFileToTmp(SPIFFE_TRUST_BUNDLE_WRONG_KTY)));
-      assertEquals("'kty' parameter must be 'RSA' but 'null' found." + DOMAIN_ERROR_MESSAGE,
+      assertEquals(
+          "'kty' parameter must be one of [RSA, EC] but 'null' found." + DOMAIN_ERROR_MESSAGE,
           iae.getMessage());
       // Check the exception if 'kid' has a value
       iae = assertThrows(IllegalArgumentException.class, () -> SpiffeUtil
diff --git a/core/src/test/resources/io/grpc/internal/spiffebundle_ec.json b/core/src/test/resources/io/grpc/internal/spiffebundle_ec.json
new file mode 100644
index 00000000000..1732310f8cf
--- /dev/null
+++ b/core/src/test/resources/io/grpc/internal/spiffebundle_ec.json
@@ -0,0 +1,116 @@
+{
+  "trust_domains": {
+    "test.google.com.au": {},
+    "example.com": {
+      "spiffe_sequence": 12035488,
+      "keys": [
+        {
+          
+          "kty": "EC",
+          "use": "x509-svid",
+          "x5c": ["MIIFsjCCA5qgAwIBAgIURygVMMzdr+Q7rsUaz189JozyHMwwDQYJKoZIhvcNAQEL
+          BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+          BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy
+          NTJaFw0zMTEyMjExODQyNTJaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM
+          MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu
+          dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ4AqpGetyVSqGUuBJ
+          LVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zEtz/Z
+          G5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpmszuqO
+          a6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3emjg3Z
+          JPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3f1XV
+          m0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQsSW75
+          7PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlrCAfc
+          msHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb740Yc
+          DmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7BvPN
+          zHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5LXRs
+          vvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnrbJkI
+          sK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABo4GHMIGEMB0GA1UdDgQWBBQ2lBp0PiRH
+          HvQ5IRURm8aHsj4RETAfBgNVHSMEGDAWgBQ2lBp0PiRHHvQ5IRURm8aHsj4RETAP
+          BgNVHRMBAf8EBTADAQH/MDEGA1UdEQQqMCiGJnNwaWZmZTovL2Zvby5iYXIuY29t
+          L2NsaWVudC93b3JrbG9hZC8xMA0GCSqGSIb3DQEBCwUAA4ICAQA1mSkgRclAl+E/
+          aS9zJ7t8+Y4n3T24nOKKveSIjxXm/zjhWqVsLYBI6kglWtih2+PELvU8JdPqNZK3
+          4Kl0Q6FWpVSGDdWN1i6NyORt2ocggL3ke3iXxRk3UpUKJmqwz81VhA2KUHnMlyE0
+          IufFfZNwNWWHBv13uJfRbjeQpKPhU+yf4DeXrsWcvrZlGvAET+mcplafUzCp7Iv+
+          PcISJtUerbxbVtuHVeZCLlgDXWkLAWJN8rf0dIG4x060LJ+j6j9uRVhb9sZn1HJV
+          +j4XdIYm1VKilluhOtNwP2d3Ox/JuTBxf7hFHXZPfMagQE5k5PzmxRaCAEMJ1l2D
+          vUbZw+shJfSNoWcBo2qadnUaWT3BmmJRBDh7ZReib/RQ1Rd4ygOyzP3E0vkV4/gq
+          yjLdApXh5PZP8KLQZ+1JN/sdWt7VfIt9wYOpkIqujdll51ESHzwQeAK9WVCB4UvV
+          z6zdhItB9CRbXPreWC+wCB1xDovIzFKOVsLs5+Gqs1m7VinG2LxbDqaKyo/FB0Hx
+          x0acBNzezLWoDwXYQrN0T0S4pnqhKD1CYPpdArBkNezUYAjS725FkApuK+mnBX3U
+          0msBffEaUEOkcyar1EW2m/33vpetD/k3eQQkmvQf4Hbiu9AF+9cNDm/hMuXEw5EX
+          GA91fn0891b5eEW8BJHXX0jri0aN8g=="],
+          "n": "<base64urlUint-encoded value>",
+          "e": "AQAB"
+        }
+      ]
+    },
+    "test.example.com": {
+      "keys": [
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIFsjCCA5qgAwIBAgIURygVMMzdr+Q7rsUaz189JozyHMwwDQYJKoZIhvcNAQEL
+          BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL
+          BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy
+          NTJaFw0zMTEyMjExODQyNTJaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM
+          MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu
+          dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ4AqpGetyVSqGUuBJ
+          LVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zEtz/Z
+          G5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpmszuqO
+          a6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3emjg3Z
+          JPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3f1XV
+          m0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQsSW75
+          7PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlrCAfc
+          msHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb740Yc
+          DmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7BvPN
+          zHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5LXRs
+          vvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnrbJkI
+          sK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABo4GHMIGEMB0GA1UdDgQWBBQ2lBp0PiRH
+          HvQ5IRURm8aHsj4RETAfBgNVHSMEGDAWgBQ2lBp0PiRHHvQ5IRURm8aHsj4RETAP
+          BgNVHRMBAf8EBTADAQH/MDEGA1UdEQQqMCiGJnNwaWZmZTovL2Zvby5iYXIuY29t
+          L2NsaWVudC93b3JrbG9hZC8xMA0GCSqGSIb3DQEBCwUAA4ICAQA1mSkgRclAl+E/
+          aS9zJ7t8+Y4n3T24nOKKveSIjxXm/zjhWqVsLYBI6kglWtih2+PELvU8JdPqNZK3
+          4Kl0Q6FWpVSGDdWN1i6NyORt2ocggL3ke3iXxRk3UpUKJmqwz81VhA2KUHnMlyE0
+          IufFfZNwNWWHBv13uJfRbjeQpKPhU+yf4DeXrsWcvrZlGvAET+mcplafUzCp7Iv+
+          PcISJtUerbxbVtuHVeZCLlgDXWkLAWJN8rf0dIG4x060LJ+j6j9uRVhb9sZn1HJV
+          +j4XdIYm1VKilluhOtNwP2d3Ox/JuTBxf7hFHXZPfMagQE5k5PzmxRaCAEMJ1l2D
+          vUbZw+shJfSNoWcBo2qadnUaWT3BmmJRBDh7ZReib/RQ1Rd4ygOyzP3E0vkV4/gq
+          yjLdApXh5PZP8KLQZ+1JN/sdWt7VfIt9wYOpkIqujdll51ESHzwQeAK9WVCB4UvV
+          z6zdhItB9CRbXPreWC+wCB1xDovIzFKOVsLs5+Gqs1m7VinG2LxbDqaKyo/FB0Hx
+          x0acBNzezLWoDwXYQrN0T0S4pnqhKD1CYPpdArBkNezUYAjS725FkApuK+mnBX3U
+          0msBffEaUEOkcyar1EW2m/33vpetD/k3eQQkmvQf4Hbiu9AF+9cNDm/hMuXEw5EX
+          GA91fn0891b5eEW8BJHXX0jri0aN8g=="],
+          "n": "<base64urlUint-encoded value>",
+          "e": "AQAB"
+        },
+        {
+          "kty": "RSA",
+          "use": "x509-svid",
+          "x5c": ["MIIELTCCAxWgAwIBAgIUVXGlXjNENtOZbI12epjgIhMaShEwDQYJKoZIhvcNAQEL
+          BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+          GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTI0
+          MDkxNzE2MTk0NFoXDTM0MDkxNTE2MTk0NFowTjELMAkGA1UEBhMCVVMxCzAJBgNV
+          BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFTATBgNVBAMMDHRl
+          c3QtY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOcTjjcS
+          SfG/EGrr6G+f+3T2GXyHHfroQFi9mZUz80L7uKBdECOImID+YhoK8vcxLQjPmEEv
+          FIYgJT5amugDcYIgUhMjBx/8RPJaP/nGmBngAqsuuNCaZfyaHBRqN8XdS/AwmsI5
+          Wo+nru0+0/7aQFdqqtd2+e9dHjUWwgHxXvMgC4hkHpsdCGIZWVzWyBliwTYQYb1Y
+          yYe1LzqqQA5OMbZfKOY9MYDCEYOliRiunOn30iIOHj9V5qLzWGfSyxCRuvLRdEP8
+          iDeNweHbdaKuI80nQmxuBdRIspE9k5sD1WA4vLZpeg3zggxp4rfLL5zBJgb/33D3
+          d9Rkm14xfDPihhkCAwEAAaOB+jCB9zBZBgNVHREEUjBQhiZzcGlmZmU6Ly9mb28u
+          YmFyLmNvbS9jbGllbnQvd29ya2xvYWQvMYYmc3BpZmZlOi8vZm9vLmJhci5jb20v
+          Y2xpZW50L3dvcmtsb2FkLzIwHQYDVR0OBBYEFG9GkBgdBg/p0U9/lXv8zIJ+2c2N
+          MHsGA1UdIwR0MHKhWqRYMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
+          YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
+          BnRlc3RjYYIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQELBQADggEB
+          AJ4Cbxv+02SpUgkEu4hP/1+8DtSBXUxNxI0VG4e3Ap2+Rhjm3YiFeS/UeaZhNrrw
+          UEjkSTPFODyXR7wI7UO9OO1StyD6CMkp3SEvevU5JsZtGL6mTiTLTi3Qkywa91Bt
+          GlyZdVMghA1bBJLBMwiD5VT5noqoJBD7hDy6v9yNmt1Sw2iYBJPqI3Gnf5bMjR3s
+          UICaxmFyqaMCZsPkfJh0DmZpInGJys3m4QqGz6ZE2DWgcSr1r/ML7/5bSPjjr8j4
+          WFFSqFR3dMu8CbGnfZTCTXa4GTX/rARXbAO67Z/oJbJBK7VKayskL+PzKuohb9ox
+          jGL772hQMbwtFCOFXu5VP0s="]
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file

From 9662f0fdccf1cb93a056236b0c93ca4bc4adfbf5 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 16 Oct 2025 16:07:21 -0700
Subject: [PATCH 411/591] buildscripts: Convert GAE CI to Cloud Build

The Google App Engine build now requires Java 17, because the App Engine
libraries are now using Java 17 bytecode. The Kokoro environment doesn't
include Java 17, and while we could make some custom pools to resolve
it, it is easier to swap to Cloud Build than to fight and maintain the
Kokoro images. With Cloud Build we can also restrict permissions easier,
as the same workers aren't used for multiple tasks.

However, the Gradle App Engine plugin doesn't support choosing a service
account for GAE, so I swapped to using gcloud app deploy.

Although we'll be using restricted service accounts, we'll configure
Cloud Build to require a "/gcbrun" GitHub comment except for owners and
collaborators of the repository, similar to the "kokoro:run" label
today.

I swapped the Gradle code to use project properties instead of system
properties, as we really should have been using project properties to
begin with and I didn't want to add new system properties. The sleep has
probably been unnecessary since the turndown of GAE Java 7, when the
architecture of GAE changed considerably. But today it is very possible
a new instance is spun up for that request and GAE does a warmup
request, so the delay seems unlikely to help anything and was excessive
at 20 seconds.

The Cloud Build file _doesn't_ include GAE in its name because it can do
more than GAE testing and it is easy to run things in parallel in Cloud
Build (although they share the worker). In particular, some of the
Android tests may make sense to migrate away from Kokoro.

We're using e2-standard-16 for Kokoro and it takes about 10 minutes.
With the default Cloud Build worker e2-standard-2 it takes 20 minutes,
and with e2-highcpu-8 it takes 10 minutes with 4 minutes spent on app
deploy.

The expectation is to run this with a Java-CI-specific service account,
so we have configure logging ourselves. I chose CLOUD_LOGGING_ONLY
because it was easy, but we'll want to configure GCS in the future to
allow external contributors to see the logs.
---
 buildscripts/cloudbuild-testing.yaml      | 64 +++++++++++++++++++++++
 buildscripts/gae-build/Dockerfile         | 10 ++++
 buildscripts/kokoro/gae-interop.sh        | 55 -------------------
 gae-interop-testing/gae-jdk8/build.gradle | 20 +++----
 4 files changed, 85 insertions(+), 64 deletions(-)
 create mode 100644 buildscripts/cloudbuild-testing.yaml
 create mode 100644 buildscripts/gae-build/Dockerfile
 delete mode 100755 buildscripts/kokoro/gae-interop.sh

diff --git a/buildscripts/cloudbuild-testing.yaml b/buildscripts/cloudbuild-testing.yaml
new file mode 100644
index 00000000000..623b85b6882
--- /dev/null
+++ b/buildscripts/cloudbuild-testing.yaml
@@ -0,0 +1,64 @@
+substitutions:
+  _GAE_SERVICE_ACCOUNT: appengine-testing-java@grpc-testing.iam.gserviceaccount.com
+options:
+  env:
+  - BUILD_ID=$BUILD_ID
+  - KOKORO_GAE_SERVICE=java-gae-interop-test
+  - DUMMY_DEFAULT_VERSION=dummy-default
+  - GRADLE_OPTS=-Dorg.gradle.jvmargs='-Xmx1g'
+  - GRADLE_FLAGS=-PskipCodegen=true -PskipAndroid=true
+  logging: CLOUD_LOGGING_ONLY
+  machineType: E2_HIGHCPU_8
+
+steps:
+- id: clean-stale-deploys
+  name: gcr.io/cloud-builders/gcloud
+  allowFailure: true
+  script: |
+    #!/usr/bin/env bash
+    set -e
+    echo "Cleaning out stale deploys from previous runs, it is ok if this part fails"
+    # If the test fails, the deployment is leaked.
+    # Delete all versions whose name is not 'dummy-default' and is older than 1 hour.
+    # This expression is an ISO8601 relative date:
+    # https://cloud.google.com/sdk/gcloud/reference/topic/datetimes
+    (gcloud app versions list --format="get(version.id)" \
+        --filter="service=$KOKORO_GAE_SERVICE AND NOT version : '$DUMMY_DEFAULT_VERSION' AND version.createTime<'-p1h'" \
+        | xargs -i gcloud app services delete "$KOKORO_GAE_SERVICE" --version {} --quiet) || true
+
+- name: gcr.io/cloud-builders/docker
+  args: ['build', '-t', 'gae-build', 'buildscripts/gae-build/']
+
+- id: build
+  name: gae-build
+  script: |
+    #!/usr/bin/env bash
+    exec ./gradlew $GRADLE_FLAGS :grpc-gae-interop-testing-jdk8:appengineStage
+
+- id: deploy
+  name: gcr.io/cloud-builders/gcloud
+  args:
+    - app
+    - deploy
+    - gae-interop-testing/gae-jdk8/build/staged-app/app.yaml
+    - --service-account=$_GAE_SERVICE_ACCOUNT
+    - --no-promote
+    - --no-stop-previous-version
+    - --version=cb-$BUILD_ID
+
+- id: runInteropTestRemote
+  name: eclipse-temurin:17-jdk
+  env:
+  - PROJECT_ID=$PROJECT_ID
+  script: |
+    #!/usr/bin/env bash
+    exec ./gradlew $GRADLE_FLAGS --stacktrace -PgaeDeployVersion="cb-$BUILD_ID" \
+        -PgaeProjectId="$PROJECT_ID" :grpc-gae-interop-testing-jdk8:runInteropTestRemote
+
+- id: cleanup
+  name: gcr.io/cloud-builders/gcloud
+  script: |
+    #!/usr/bin/env bash
+    set -e
+    echo "Performing cleanup now."
+    gcloud app services delete "$KOKORO_GAE_SERVICE" --version "cb-$BUILD_ID" --quiet
diff --git a/buildscripts/gae-build/Dockerfile b/buildscripts/gae-build/Dockerfile
new file mode 100644
index 00000000000..7e68b270801
--- /dev/null
+++ b/buildscripts/gae-build/Dockerfile
@@ -0,0 +1,10 @@
+FROM eclipse-temurin:17-jdk
+
+# The AppEngine Gradle plugin downloads and runs its own gcloud to get the .jar
+# to link against, so we need Python even if we use gcloud deploy directly
+# instead of using the plugin.
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends python3 && \
+    rm -rf /var/lib/apt/lists/*
diff --git a/buildscripts/kokoro/gae-interop.sh b/buildscripts/kokoro/gae-interop.sh
deleted file mode 100755
index c4ce56cac52..00000000000
--- a/buildscripts/kokoro/gae-interop.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash
-
-set -exu -o pipefail
-if [[ -f /VERSION ]]; then
-  cat /VERSION
-fi
-
-KOKORO_GAE_SERVICE="java-gae-interop-test"
-
-# We deploy as different versions of a single service, this way any stale
-# lingering deploys can be easily cleaned up by purging all running versions
-# of this service.
-KOKORO_GAE_APP_VERSION=$(hostname)
-
-# A dummy version that can be the recipient of all traffic, so that the kokoro test version can be
-# set to 0 traffic. This is a requirement in order to delete it.
-DUMMY_DEFAULT_VERSION='dummy-default'
-
-function cleanup() {
-  echo "Performing cleanup now."
-  gcloud app services delete $KOKORO_GAE_SERVICE --version $KOKORO_GAE_APP_VERSION --quiet
-}
-trap cleanup SIGHUP SIGINT SIGTERM EXIT
-
-readonly GRPC_JAVA_DIR="$(cd "$(dirname "$0")"/../.. && pwd)"
-cd "$GRPC_JAVA_DIR"
-
-##
-## Deploy the dummy 'default' version of the service
-##
-GRADLE_FLAGS="--stacktrace -DgaeStopPreviousVersion=false -PskipCodegen=true -PskipAndroid=true"
-export GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx1g'"
-
-# Deploy the dummy 'default' version. We only require that it exists when cleanup() is called.
-# It ok if we race with another run and fail here, because the end result is idempotent.
-set +e
-if ! gcloud app versions describe "$DUMMY_DEFAULT_VERSION" --service="$KOKORO_GAE_SERVICE"; then
-  ./gradlew $GRADLE_FLAGS -DgaeDeployVersion="$DUMMY_DEFAULT_VERSION" -DgaePromote=true :grpc-gae-interop-testing-jdk8:appengineDeploy
-else
-  echo "default version already exists: $DUMMY_DEFAULT_VERSION"
-fi
-set -e
-
-# Deploy and test the real app (jdk8)
-./gradlew $GRADLE_FLAGS -DgaeDeployVersion="$KOKORO_GAE_APP_VERSION" :grpc-gae-interop-testing-jdk8:runInteropTestRemote
-
-set +e
-echo "Cleaning out stale deploys from previous runs, it is ok if this part fails"
-
-# Sometimes the trap based cleanup fails.
-# Delete all versions whose name is not 'dummy-default' and is older than 1 hour.
-# This expression is an ISO8601 relative date:
-# https://cloud.google.com/sdk/gcloud/reference/topic/datetimes
-gcloud app versions list --format="get(version.id)" --filter="service=$KOKORO_GAE_SERVICE AND NOT version : 'dummy-default' AND version.createTime<'-p1h'" | xargs -i gcloud app services delete "$KOKORO_GAE_SERVICE" --version {} --quiet
-exit 0
diff --git a/gae-interop-testing/gae-jdk8/build.gradle b/gae-interop-testing/gae-jdk8/build.gradle
index 14abbc05a9b..07033f403de 100644
--- a/gae-interop-testing/gae-jdk8/build.gradle
+++ b/gae-interop-testing/gae-jdk8/build.gradle
@@ -58,6 +58,7 @@ def createDefaultVersion() {
     return new java.text.SimpleDateFormat("yyyyMMdd't'HHmmss").format(new Date())
 }
 
+def nonShadowedProject = project
 // [START model]
 appengine {
     // App Engine tasks configuration
@@ -67,13 +68,13 @@ appengine {
 
     deploy {
         // deploy configuration
-        projectId = 'GCLOUD_CONFIG'
+        projectId = nonShadowedProject.findProperty('gaeProjectId') ?: 'GCLOUD_CONFIG'
         // default - stop the current version
-        stopPreviousVersion = System.getProperty('gaeStopPreviousVersion') ?: true
+        stopPreviousVersion = nonShadowedProject.findProperty('gaeStopPreviousVersion') ?: true
         // default - do not make this the promoted version
-        promote = System.getProperty('gaePromote') ?: false
-        // Use -DgaeDeployVersion if set, otherwise the version is null and the plugin will generate it
-        version = System.getProperty('gaeDeployVersion', createDefaultVersion())
+        promote = nonShadowedProject.findProperty('gaePromote') ?: false
+        // Use -PgaeDeployVersion if set, otherwise the version is null and the plugin will generate it
+        version = nonShadowedProject.findProperty('gaeDeployVersion') ?: createDefaultVersion()
     }
 }
 // [END model]
@@ -83,6 +84,10 @@ version = '1.0-SNAPSHOT'          // Version in generated output
 
 /** Returns the service name. */
 String getGaeProject() {
+    def configuredProjectId = appengine.deploy.projectId
+    if (!"GCLOUD_CONFIG".equals(configuredProjectId)) {
+        return configuredProjectId
+    }
     def stream = new ByteArrayOutputStream()
     exec {
         executable 'gcloud'
@@ -110,11 +115,8 @@ String getAppUrl(String project, String service, String version) {
 }
 
 tasks.register("runInteropTestRemote") {
-    dependsOn appengineDeploy
+    mustRunAfter appengineDeploy
     doLast {
-        // give remote app some time to settle down
-        sleep(20000)
-
         def appUrl = getAppUrl(
                 getGaeProject(),
                 getService(project.getProjectDir().toPath()),

From ab20a12c50558d3c84f6371f740589ba2b68f642 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 20 Oct 2025 21:48:11 -0700
Subject: [PATCH 412/591] Cancel owned Futures *before* declaring termination.
 (#12426)

Fixes BinderClientTransportTest#testAsyncSecurityPolicyCancelledUponExternalTermination
and others which have been flaky since #12283. @HyunSangHan
---
 .../java/io/grpc/binder/internal/BinderTransport.java | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index 0f03d5fc9f2..a5b8d94ba0e 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -320,15 +320,16 @@ final void shutdownInternal(Status shutdownStatus, boolean forceTerminate) {
                 inbound.closeAbnormal(shutdownStatus);
               }
             }
-            synchronized (this) {
-              notifyTerminated();
-            }
-            releaseExecutors();
-            
+
             for (Future<?> future : futuresToCancel) {
               // Not holding any locks here just in case some listener runs on a direct Executor.
               future.cancel(false); // No effect if already isDone().
             }
+
+            synchronized (this) {
+              notifyTerminated();
+            }
+            releaseExecutors();
           });
     }
   }

From 7ea47445be44f625f2d37c20172da716f5f1e2f6 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 21 Oct 2025 21:38:01 +0530
Subject: [PATCH 413/591] xds: Introduce flag for fallback to use the xds
 channel authority if no SNI is determined to be used. (#12422)

This is to allow the previous behavior if needed, and when the xds
channel authority is used as the SNI, it won't be used for the SAN
validation.
---
 .../io/grpc/netty/ProtocolNegotiators.java    |  3 ---
 .../security/DynamicSslContextProvider.java   |  5 +++++
 .../security/SecurityProtocolNegotiators.java | 20 ++++++++++++++-----
 .../security/SslContextProviderSupplier.java  |  5 ++++-
 .../CertProviderClientSslContextProvider.java |  6 ++++--
 .../security/trust/CertificateUtils.java      |  2 ++
 .../XdsClientWrapperForServerSdsTestMisc.java |  2 +-
 .../SecurityProtocolNegotiatorsTest.java      |  6 +++---
 .../SslContextProviderSupplierTest.java       | 10 +++++-----
 9 files changed, 39 insertions(+), 20 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
index 59e7e96b4a5..d30a6292d38 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -634,9 +634,6 @@ static final class ClientTlsHandler extends ProtocolNegotiationHandler {
         X509TrustManager x509TrustManager) {
       super(next, negotiationLogger);
       this.sslContext = Preconditions.checkNotNull(sslContext, "sslContext");
-      // TODO: For empty authority and fallback flag
-      // GRPC_USE_CHANNEL_AUTHORITY_IF_NO_SNI_APPLICABLE present, we should parse authority
-      // but prevent it from being used for SAN validation in the TrustManager.
       if (authority != null) {
         HostPort hostPort = parseAuthority(authority);
         this.host = hostPort.host;
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java
index e7b27cd644a..59e114a89ff 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java
@@ -44,6 +44,7 @@ public abstract class DynamicSslContextProvider extends SslContextProvider {
   @Nullable protected final CertificateValidationContext staticCertificateValidationContext;
   @Nullable protected AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager>
       sslContextAndTrustManager;
+  protected boolean autoSniSanValidationDoesNotApply;
 
   protected DynamicSslContextProvider(
       BaseTlsContext tlsContext, CertificateValidationContext staticCertValidationContext) {
@@ -59,6 +60,10 @@ protected DynamicSslContextProvider(
 
   protected abstract CertificateValidationContext generateCertificateValidationContext();
 
+  public void setAutoSniSanValidationDoesNotApply() {
+    autoSniSanValidationDoesNotApply = true;
+  }
+
   /** Gets a server or client side SslContextBuilder. */
   protected abstract AbstractMap.SimpleImmutableEntry<SslContextBuilder, X509TrustManager>
       getSslContextBuilderAndTrustManager(
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
index 10e3a0bcda1..0da06b3a753 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
@@ -194,6 +194,7 @@ static final class ClientSecurityHandler
     private final GrpcHttp2ConnectionHandler grpcHandler;
     private final SslContextProviderSupplier sslContextProviderSupplier;
     private final String sni;
+    private final boolean autoSniSanValidationDoesNotApply;
 
     ClientSecurityHandler(
         GrpcHttp2ConnectionHandler grpcHandler,
@@ -215,10 +216,19 @@ public void handlerAdded(ChannelHandlerContext ctx) throws Exception {
       EnvoyServerProtoData.BaseTlsContext tlsContext = sslContextProviderSupplier.getTlsContext();
       UpstreamTlsContext upstreamTlsContext = ((UpstreamTlsContext) tlsContext);
       if (CertificateUtils.isXdsSniEnabled) {
-        sni = upstreamTlsContext.getAutoHostSni() && !Strings.isNullOrEmpty(endpointHostname)
+        String sniToUse = upstreamTlsContext.getAutoHostSni()
+            && !Strings.isNullOrEmpty(endpointHostname)
             ? endpointHostname : upstreamTlsContext.getSni();
+        if (sniToUse.isEmpty() && CertificateUtils.useChannelAuthorityIfNoSniApplicable) {
+          sniToUse = grpcHandler.getAuthority();
+          autoSniSanValidationDoesNotApply = true;
+        } else {
+          autoSniSanValidationDoesNotApply = false;
+        }
+        sni = sniToUse;
       } else {
         sni = grpcHandler.getAuthority();
+        autoSniSanValidationDoesNotApply = false;
       }
     }
 
@@ -260,8 +270,8 @@ public void updateSslContextAndExtendedX509TrustManager(
             public void onException(Throwable throwable) {
               ctx.fireExceptionCaught(throwable);
             }
-          }
-      );
+          },
+          autoSniSanValidationDoesNotApply);
     }
 
     @Override
@@ -399,8 +409,8 @@ public void updateSslContextAndExtendedX509TrustManager(
             public void onException(Throwable throwable) {
               ctx.fireExceptionCaught(throwable);
             }
-          }
-      );
+          },
+          false);
     }
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProviderSupplier.java b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProviderSupplier.java
index 38ae15a88aa..e5960dd95e8 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProviderSupplier.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProviderSupplier.java
@@ -55,12 +55,15 @@ public BaseTlsContext getTlsContext() {
 
   /** Updates SslContext via the passed callback. */
   public synchronized void updateSslContext(
-      final SslContextProvider.Callback callback) {
+      final SslContextProvider.Callback callback, boolean autoSniSanValidationDoesNotApply) {
     checkNotNull(callback, "callback");
     try {
       if (!shutdown) {
         if (sslContextProvider == null) {
           sslContextProvider = getSslContextProvider();
+          if (tlsContext instanceof UpstreamTlsContext && autoSniSanValidationDoesNotApply) {
+            ((DynamicSslContextProvider) sslContextProvider).setAutoSniSanValidationDoesNotApply();
+          }
         }
       }
       // we want to increment the ref-count so call findOrCreate again...
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
index e92f9ad1e54..b4b72ae11c6 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
@@ -64,13 +64,15 @@ final class CertProviderClientSslContextProvider extends CertProviderSslContextP
         new XdsTrustManagerFactory(
             savedSpiffeTrustMap,
             certificateValidationContext,
-            ((UpstreamTlsContext) tlsContext).getAutoSniSanValidation()));
+            autoSniSanValidationDoesNotApply
+                ? false : ((UpstreamTlsContext) tlsContext).getAutoSniSanValidation()));
     } else if (savedTrustedRoots != null) {
       sslContextBuilder = sslContextBuilder.trustManager(
           new XdsTrustManagerFactory(
               savedTrustedRoots.toArray(new X509Certificate[0]),
               certificateValidationContext,
-              ((UpstreamTlsContext) tlsContext).getAutoSniSanValidation()));
+              autoSniSanValidationDoesNotApply
+                  ? false : ((UpstreamTlsContext) tlsContext).getAutoSniSanValidation()));
     } else {
       // Should be impossible because of the check in CertProviderClientSslContextProviderFactory
       throw new IllegalStateException("There must be trusted roots or a SPIFFE trust map");
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
index 89b4abd3029..30535df836e 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
@@ -31,6 +31,8 @@
  */
 public final class CertificateUtils {
   public static boolean isXdsSniEnabled = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SNI", false);
+  public static boolean useChannelAuthorityIfNoSniApplicable
+      = GrpcUtil.getFlag("GRPC_USE_CHANNEL_AUTHORITY_IF_NO_SNI_APPLICABLE", false);
 
   /**
    * Generates X509Certificate array from a file on disk.
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
index ff97afe6916..f997f583898 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
@@ -301,7 +301,7 @@ public void releaseOldSupplierOnTemporaryError_noClose() throws Exception {
   private void callUpdateSslContext(SslContextProviderSupplier sslContextProviderSupplier) {
     assertThat(sslContextProviderSupplier).isNotNull();
     SslContextProvider.Callback callback = mock(SslContextProvider.Callback.class);
-    sslContextProviderSupplier.updateSslContext(callback);
+    sslContextProviderSupplier.updateSslContext(callback, false);
   }
 
   private void sendListenerUpdate(
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
index 061e6bad581..dcb2fa051a3 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
@@ -215,7 +215,7 @@ public void updateSslContextAndExtendedX509TrustManager(
           protected void onException(Throwable throwable) {
             future.set(throwable);
           }
-        });
+        }, false);
     assertThat(executor.runDueTasks()).isEqualTo(1);
     channel.runPendingTasks();
     Object fromFuture = future.get(2, TimeUnit.SECONDS);
@@ -401,7 +401,7 @@ public void updateSslContextAndExtendedX509TrustManager(
           protected void onException(Throwable throwable) {
             future.set(throwable);
           }
-        });
+        }, false);
     channel.runPendingTasks(); // need this for tasks to execute on eventLoop
     assertThat(executor.runDueTasks()).isEqualTo(1);
     Object fromFuture = future.get(2, TimeUnit.SECONDS);
@@ -540,7 +540,7 @@ public void updateSslContextAndExtendedX509TrustManager(
             protected void onException(Throwable throwable) {
               future.set(throwable);
             }
-          });
+          }, false);
       executor.runDueTasks();
       channel.runPendingTasks(); // need this for tasks to execute on eventLoop
       Object fromFuture = future.get(5, TimeUnit.SECONDS);
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java
index 9b6e1ecbc74..70a53c53205 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java
@@ -69,7 +69,7 @@ private void prepareSupplier() {
   private void callUpdateSslContext() {
     mockCallback = mock(SslContextProvider.Callback.class);
     doReturn(mockExecutor).when(mockCallback).getExecutor();
-    supplier.updateSslContext(mockCallback);
+    supplier.updateSslContext(mockCallback, false);
   }
 
   @Test
@@ -94,7 +94,7 @@ public void get_updateSecret() {
     verify(mockTlsContextManager, times(1))
         .releaseClientSslContextProvider(eq(mockSslContextProvider));
     SslContextProvider.Callback mockCallback = mock(SslContextProvider.Callback.class);
-    supplier.updateSslContext(mockCallback);
+    supplier.updateSslContext(mockCallback, false);
     verify(mockTlsContextManager, times(3))
         .findOrCreateClientSslContextProvider(eq(upstreamTlsContext));
   }
@@ -121,7 +121,7 @@ public void autoHostSniFalse_usesSniFromUpstreamTlsContext() {
     verify(mockTlsContextManager, times(1))
         .releaseClientSslContextProvider(eq(mockSslContextProvider));
     SslContextProvider.Callback mockCallback = mock(SslContextProvider.Callback.class);
-    supplier.updateSslContext(mockCallback);
+    supplier.updateSslContext(mockCallback, false);
     verify(mockTlsContextManager, times(3))
         .findOrCreateClientSslContextProvider(eq(upstreamTlsContext));
   }
@@ -178,7 +178,7 @@ public void systemRootCertsWithMtls_callbackExecutedFromProvider() {
     verify(mockTlsContextManager, times(1))
         .releaseClientSslContextProvider(eq(mockSslContextProvider));
     SslContextProvider.Callback mockCallback = mock(SslContextProvider.Callback.class);
-    supplier.updateSslContext(mockCallback);
+    supplier.updateSslContext(mockCallback, false);
     verify(mockTlsContextManager, times(3))
         .findOrCreateClientSslContextProvider(eq(upstreamTlsContext));
   }
@@ -190,7 +190,7 @@ public void testClose() {
     supplier.close();
     verify(mockTlsContextManager, times(1))
         .releaseClientSslContextProvider(eq(mockSslContextProvider));
-    supplier.updateSslContext(mockCallback);
+    supplier.updateSslContext(mockCallback, false);
     verify(mockTlsContextManager, times(3))
         .findOrCreateClientSslContextProvider(eq(upstreamTlsContext));
     verify(mockTlsContextManager, times(1))

From 096c4d9f915fcbef342311a794378194f526bd54 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 21 Oct 2025 10:38:15 -0700
Subject: [PATCH 414/591] Javadoc and rename BinderServerTransport's init
 method. (#12427)

Call this `start()` to match the other transports and so readers know this is way more than a setter.
---
 .../io/grpc/binder/internal/BinderServer.java   |  2 +-
 .../binder/internal/BinderServerTransport.java  | 17 ++++++++++++++---
 .../internal/BinderServerTransportTest.java     |  2 +-
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServer.java b/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
index fca8e3d88e1..b1ae344d5f9 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
@@ -185,7 +185,7 @@ public synchronized boolean handleTransaction(int code, Parcel parcel) {
                   streamTracerFactories,
                   OneWayBinderProxy.IDENTITY_DECORATOR,
                   callbackBinder);
-          transport.setServerTransportListener(listener.transportCreated(transport));
+          transport.start(listener.transportCreated(transport));
           return true;
         }
       }
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
index 1c345249735..1556b838142 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
@@ -15,6 +15,9 @@
  */
 package io.grpc.binder.internal;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+
 import android.os.IBinder;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
@@ -57,9 +60,17 @@ public BinderServerTransport(
     setOutgoingBinder(OneWayBinderProxy.wrap(callbackBinder, getScheduledExecutorService()));
   }
 
-  public synchronized void setServerTransportListener(
-      ServerTransportListener serverTransportListener) {
-    this.serverTransportListener = serverTransportListener;
+  /**
+   * Initializes this transport instance.
+   *
+   * <p>Must be called exactly once, even if {@link #shutdown} or {@link #shutdownNow} was called
+   * first.
+   *
+   * @param serverTransportListener where this transport will report events
+   */
+  public synchronized void start(ServerTransportListener serverTransportListener) {
+    checkState(this.serverTransportListener == null, "Already started!");
+    this.serverTransportListener = checkNotNull(serverTransportListener, "serverTransportListener");
     if (isShutdown()) {
       setState(TransportState.SHUTDOWN_TERMINATED);
       notifyTerminated();
diff --git a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
index e7e73e6d4b0..42bfa387044 100644
--- a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
@@ -74,7 +74,7 @@ public void setUp() throws Exception {
   public void testSetupTransactionFailureCausesMultipleShutdowns_b153460678() throws Exception {
     // Make the binder fail the setup transaction.
     when(mockBinder.transact(anyInt(), any(Parcel.class), isNull(), anyInt())).thenReturn(false);
-    transport.setServerTransportListener(transportListener);
+    transport.start(transportListener);
 
     // Now shut it down.
     transport.shutdownNow(Status.UNKNOWN.withDescription("reasons"));

From 6da93db6fc038d86c43a81b5485a54f73a80db63 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 21 Oct 2025 11:47:40 -0700
Subject: [PATCH 415/591] xds: Remove commented out+broken import from cluster
 resolver

It was added by mistake in 032d2928e.
---
 xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
index 6cfed96a54e..61bfd3c0839 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
@@ -44,7 +44,6 @@
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
 import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.XdsEndpointResource.EdsUpdate;
-// import io.grpc.xds.client.BackendMetricPropagation;]
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;

From ea7444607565f9d3ba8e6fe6e9d70a828f7645de Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 22 Oct 2025 09:51:14 -0700
Subject: [PATCH 416/591] binder: Fix a "fail the setup transaction" test case.
 (#12434)

The setup transaction hasn't actually been failing in this test case
since #8987. That's when I changed Robolectric tests to start ignoring
the return value of transact() to match how real Android doesn't expose
the peers' return value for 'oneway' cross-process transactions. The fix is
as simple as mocking transact() to throw rather than return false.
---
 .../internal/BinderServerTransportTest.java   | 74 ++++++++++++++++---
 1 file changed, 63 insertions(+), 11 deletions(-)

diff --git a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
index 42bfa387044..b3b99ae34e8 100644
--- a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
@@ -20,17 +20,21 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.isNull;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.doThrow;
 import static org.robolectric.Shadows.shadowOf;
 
 import android.os.IBinder;
 import android.os.Looper;
 import android.os.Parcel;
+import android.os.RemoteException;
 import com.google.common.collect.ImmutableList;
 import io.grpc.Attributes;
+import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.internal.FixedObjectPool;
 import io.grpc.internal.MockServerTransportListener;
+import io.grpc.internal.ObjectPool;
+import java.util.List;
 import java.util.concurrent.ScheduledExecutorService;
 import org.junit.Before;
 import org.junit.Rule;
@@ -60,26 +64,74 @@ public final class BinderServerTransportTest {
 
   @Before
   public void setUp() throws Exception {
-    transport =
-        new BinderServerTransport(
-            new FixedObjectPool<>(executorService),
-            Attributes.EMPTY,
-            ImmutableList.of(),
-            OneWayBinderProxy.IDENTITY_DECORATOR,
-            mockBinder);
     transportListener = new MockServerTransportListener(transport);
   }
 
+  // Provide defaults so that we can "include only relevant details in tests."
+  BinderServerTransportBuilder newBinderServerTransportBuilder() {
+    return new BinderServerTransportBuilder()
+        .setExecutorServicePool(new FixedObjectPool<>(executorService))
+        .setAttributes(Attributes.EMPTY)
+        .setStreamTracerFactories(ImmutableList.of())
+        .setBinderDecorator(OneWayBinderProxy.IDENTITY_DECORATOR)
+        .setCallbackBinder(mockBinder);
+  }
+
   @Test
-  public void testSetupTransactionFailureCausesMultipleShutdowns_b153460678() throws Exception {
+  public void testSetupTransactionFailureReportsMultipleTerminations_b153460678() throws Exception {
     // Make the binder fail the setup transaction.
-    when(mockBinder.transact(anyInt(), any(Parcel.class), isNull(), anyInt())).thenReturn(false);
+    doThrow(new RemoteException())
+        .when(mockBinder)
+        .transact(anyInt(), any(Parcel.class), isNull(), anyInt());
+    transport = newBinderServerTransportBuilder().setCallbackBinder(mockBinder).build();
+    shadowOf(Looper.getMainLooper()).idle();
     transport.start(transportListener);
 
-    // Now shut it down.
+    // Now shut it down externally *before* executing Runnables scheduled on the executor.
     transport.shutdownNow(Status.UNKNOWN.withDescription("reasons"));
     shadowOf(Looper.getMainLooper()).idle();
 
     assertThat(transportListener.isTerminated()).isTrue();
   }
+
+  static class BinderServerTransportBuilder {
+    ObjectPool<ScheduledExecutorService> executorServicePool;
+    Attributes attributes;
+    List<ServerStreamTracer.Factory> streamTracerFactories;
+    OneWayBinderProxy.Decorator binderDecorator;
+    IBinder callbackBinder;
+
+    public BinderServerTransport build() {
+      return new BinderServerTransport(
+          executorServicePool, attributes, streamTracerFactories, binderDecorator, callbackBinder);
+    }
+
+    public BinderServerTransportBuilder setExecutorServicePool(
+        ObjectPool<ScheduledExecutorService> executorServicePool) {
+      this.executorServicePool = executorServicePool;
+      return this;
+    }
+
+    public BinderServerTransportBuilder setAttributes(Attributes attributes) {
+      this.attributes = attributes;
+      return this;
+    }
+
+    public BinderServerTransportBuilder setStreamTracerFactories(
+        List<ServerStreamTracer.Factory> streamTracerFactories) {
+      this.streamTracerFactories = streamTracerFactories;
+      return this;
+    }
+
+    public BinderServerTransportBuilder setBinderDecorator(
+        OneWayBinderProxy.Decorator binderDecorator) {
+      this.binderDecorator = binderDecorator;
+      return this;
+    }
+
+    public BinderServerTransportBuilder setCallbackBinder(IBinder callbackBinder) {
+      this.callbackBinder = callbackBinder;
+      return this;
+    }
+  }
 }

From b769f966a051a6e6607bc4ddfb2a56a5964b1281 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 22 Oct 2025 07:45:48 -0700
Subject: [PATCH 417/591] alts: Remove dep on grpclb

There are no longer any users of grpclb on directpath, so remove the
special-casing logic to choose between TLS and ALTS for grpclb-provided
backends.

Removing the grpclb dep can speed channel startup, as grpclb's DNS
resolver does SRV lookups which are no longer needed.
---
 alts/BUILD.bazel                                          | 1 -
 alts/build.gradle                                         | 2 --
 .../io/grpc/alts/internal/AltsProtocolNegotiator.java     | 5 +----
 .../internal/GoogleDefaultProtocolNegotiatorTest.java     | 8 --------
 gcp-observability/build.gradle                            | 1 -
 5 files changed, 1 insertion(+), 16 deletions(-)

diff --git a/alts/BUILD.bazel b/alts/BUILD.bazel
index 2d9d3508461..d2c01449dc3 100644
--- a/alts/BUILD.bazel
+++ b/alts/BUILD.bazel
@@ -13,7 +13,6 @@ java_library(
         ":handshaker_java_proto",
         "//api",
         "//core:internal",
-        "//grpclb",
         "//netty",
         "//stub",
         "@com_google_protobuf//:protobuf_java",
diff --git a/alts/build.gradle b/alts/build.gradle
index fe2e27784fc..c206a37bcef 100644
--- a/alts/build.gradle
+++ b/alts/build.gradle
@@ -14,12 +14,10 @@ dependencies {
     implementation project(':grpc-auth'),
             project(':grpc-core'),
             project(":grpc-context"), // Override google-auth dependency with our newer version
-            project(':grpc-grpclb'),
             project(':grpc-protobuf'),
             project(':grpc-stub'),
             libraries.protobuf.java,
             libraries.conscrypt,
-            libraries.guava.jre, // JRE required by protobuf-java-util from grpclb
             libraries.google.auth.oauth2Http
     def nettyDependency = implementation project(':grpc-netty')
 
diff --git a/alts/src/main/java/io/grpc/alts/internal/AltsProtocolNegotiator.java b/alts/src/main/java/io/grpc/alts/internal/AltsProtocolNegotiator.java
index e0343f83c51..9c51cf6a053 100644
--- a/alts/src/main/java/io/grpc/alts/internal/AltsProtocolNegotiator.java
+++ b/alts/src/main/java/io/grpc/alts/internal/AltsProtocolNegotiator.java
@@ -30,7 +30,6 @@
 import io.grpc.SecurityLevel;
 import io.grpc.Status;
 import io.grpc.alts.internal.RpcProtocolVersionsUtil.RpcVersionsCheckResult;
-import io.grpc.grpclb.GrpclbConstants;
 import io.grpc.internal.ObjectPool;
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
 import io.grpc.netty.InternalProtocolNegotiator;
@@ -299,9 +298,7 @@ public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
         isXdsDirectPath = isDirectPathCluster(
             grpcHandler.getEagAttributes().get(clusterNameAttrKey));
       }
-      if (grpcHandler.getEagAttributes().get(GrpclbConstants.ATTR_LB_ADDR_AUTHORITY) != null
-          || grpcHandler.getEagAttributes().get(GrpclbConstants.ATTR_LB_PROVIDED_BACKEND) != null
-          || isXdsDirectPath) {
+      if (isXdsDirectPath) {
         TsiHandshaker handshaker =
             handshakerFactory.newHandshaker(grpcHandler.getAuthority(), negotiationLogger); 
         NettyTsiHandshaker nettyHandshaker = new NettyTsiHandshaker(handshaker);
diff --git a/alts/src/test/java/io/grpc/alts/internal/GoogleDefaultProtocolNegotiatorTest.java b/alts/src/test/java/io/grpc/alts/internal/GoogleDefaultProtocolNegotiatorTest.java
index 9a520720beb..14c19e554ae 100644
--- a/alts/src/test/java/io/grpc/alts/internal/GoogleDefaultProtocolNegotiatorTest.java
+++ b/alts/src/test/java/io/grpc/alts/internal/GoogleDefaultProtocolNegotiatorTest.java
@@ -29,7 +29,6 @@
 import io.grpc.ChannelLogger;
 import io.grpc.ChannelLogger.ChannelLogLevel;
 import io.grpc.ManagedChannel;
-import io.grpc.grpclb.GrpclbConstants;
 import io.grpc.inprocess.InProcessChannelBuilder;
 import io.grpc.internal.ObjectPool;
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
@@ -95,13 +94,6 @@ public void tearDown() {
     @Nullable
     abstract Attributes.Key<String> getClusterNameAttrKey();
 
-    @Test
-    public void altsHandler_lbProvidedBackend() {
-      Attributes attrs =
-          Attributes.newBuilder().set(GrpclbConstants.ATTR_LB_PROVIDED_BACKEND, true).build();
-      subtest_altsHandler(attrs);
-    }
-
     @Test
     public void tlsHandler_emptyAttributes() {
       subtest_tlsHandler(Attributes.EMPTY);
diff --git a/gcp-observability/build.gradle b/gcp-observability/build.gradle
index c6d6fa28ddc..1d8c7a9f961 100644
--- a/gcp-observability/build.gradle
+++ b/gcp-observability/build.gradle
@@ -59,7 +59,6 @@ dependencies {
             project(path: ':grpc-alts', configuration: 'shadow'),
             project(':grpc-auth'), // Align grpc versions
             project(':grpc-core'), // Align grpc versions
-            project(':grpc-grpclb'), // Align grpc versions
             project(':grpc-services'), // Align grpc versions
             libraries.animalsniffer.annotations, // Use our newer version
             libraries.auto.value.annotations, // Use our newer version

From 91f3f4dc176f69f15e5b4c2a77e4fb7f07426eae Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 24 Oct 2025 16:03:06 -0700
Subject: [PATCH 418/591] Fix a BinderServerTransport crash in the rare
 shutdown-before-start case (#12440)

The `isShutdown()` clause of `BinderServerTransport#start()` code was completely
untested and did not in fact work.

The problem is that if the listener does in fact arrive via start()
after shutdown, BinderTransport's `shutdownInternal()` has already set
the state to `SHUTDOWN_TERMINATED` (which is not a valid transition from
itself). It has also already scheduled a call to notifyTerminated() and
releaseExecutors(). This causes a duplicate call to
`transportTerminated` and releasing the same executor twice.

This commit changes `start()` to leave changing state and releasing
executors to `shutdownInternal()`'s. `notifyTerminated()` either runs
then (if already started) or from within `start()` (if not yet started)

Fixes #12439.
---
 .../internal/BinderServerTransport.java       |  27 ++--
 .../grpc/binder/internal/SimplePromise.java   |  97 ++++++++++++
 .../internal/BinderServerTransportTest.java   |  23 +++
 .../binder/internal/SimplePromiseTest.java    | 143 ++++++++++++++++++
 4 files changed, 275 insertions(+), 15 deletions(-)
 create mode 100644 binder/src/main/java/io/grpc/binder/internal/SimplePromise.java
 create mode 100644 binder/src/test/java/io/grpc/binder/internal/SimplePromiseTest.java

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
index 1556b838142..cbe64149e15 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
@@ -15,9 +15,6 @@
  */
 package io.grpc.binder.internal;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Preconditions.checkState;
-
 import android.os.IBinder;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
@@ -41,7 +38,9 @@
 public final class BinderServerTransport extends BinderTransport implements ServerTransport {
 
   private final List<ServerStreamTracer.Factory> streamTracerFactories;
-  @Nullable private ServerTransportListener serverTransportListener;
+
+  @GuardedBy("this")
+  private final SimplePromise<ServerTransportListener> listenerPromise = new SimplePromise<>();
 
   /**
    * Constructs a new transport instance.
@@ -69,13 +68,8 @@ public BinderServerTransport(
    * @param serverTransportListener where this transport will report events
    */
   public synchronized void start(ServerTransportListener serverTransportListener) {
-    checkState(this.serverTransportListener == null, "Already started!");
-    this.serverTransportListener = checkNotNull(serverTransportListener, "serverTransportListener");
-    if (isShutdown()) {
-      setState(TransportState.SHUTDOWN_TERMINATED);
-      notifyTerminated();
-      releaseExecutors();
-    } else {
+    this.listenerPromise.set(serverTransportListener);
+    if (!isShutdown()) {
       sendSetupTransaction();
       // Check we're not shutdown again, since a failure inside sendSetupTransaction (or a callback
       // it triggers), could have shut us down.
@@ -90,11 +84,16 @@ StatsTraceContext createStatsTraceContext(String methodName, Metadata headers) {
     return StatsTraceContext.newServerContext(streamTracerFactories, methodName, headers);
   }
 
+  /**
+   * Reports a new ServerStream requested by the remote client.
+   *
+   * <p>Precondition: {@link #start(ServerTransportListener)} must already have been called.
+   */
   synchronized Status startStream(ServerStream stream, String methodName, Metadata headers) {
     if (isShutdown()) {
       return Status.UNAVAILABLE.withDescription("transport is shutdown");
     } else {
-      serverTransportListener.streamCreated(stream, methodName, headers);
+      listenerPromise.get().streamCreated(stream, methodName, headers);
       return Status.OK;
     }
   }
@@ -108,9 +107,7 @@ void notifyShutdown(Status status) {
   @Override
   @GuardedBy("this")
   void notifyTerminated() {
-    if (serverTransportListener != null) {
-      serverTransportListener.transportTerminated();
-    }
+    listenerPromise.runWhenSet(ServerTransportListener::transportTerminated);
   }
 
   @Override
diff --git a/binder/src/main/java/io/grpc/binder/internal/SimplePromise.java b/binder/src/main/java/io/grpc/binder/internal/SimplePromise.java
new file mode 100644
index 00000000000..c7d227fbf64
--- /dev/null
+++ b/binder/src/main/java/io/grpc/binder/internal/SimplePromise.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.binder.internal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Placeholder for an object that will be provided later.
+ *
+ * <p>Similar to {@link com.google.common.util.concurrent.SettableFuture}, except it cannot fail or
+ * be cancelled. Most importantly, this class guarantees that {@link Listener}s run one-at-a-time
+ * and in the same order that they were scheduled. This conveniently matches the expectations of
+ * most listener interfaces in the io.grpc universe.
+ *
+ * <p>Not safe for concurrent use by multiple threads. Thread-compatible for callers that provide
+ * synchronization externally.
+ */
+public class SimplePromise<T> {
+  private T value;
+  private List<Listener<T>> pendingListeners; // Allocated lazily in the hopes it's never needed.
+
+  /**
+   * Provides the promised object and runs any pending listeners.
+   *
+   * @throws IllegalStateException if this method has already been called
+   * @throws RuntimeException if some pending listener threw when we tried to run it
+   */
+  public void set(T value) {
+    checkNotNull(value, "value");
+    checkState(this.value == null, "Already set!");
+    this.value = value;
+    if (pendingListeners != null) {
+      for (Listener<T> listener : pendingListeners) {
+        listener.notify(value);
+      }
+      pendingListeners = null;
+    }
+  }
+
+  /**
+   * Returns the promised object, under the assumption that it's already been set.
+   *
+   * <p>Compared to {@link #runWhenSet(Listener)}, this method may be a more efficient way to access
+   * the promised value in the case where you somehow know externally that {@link #set(T)} has
+   * "happened-before" this call.
+   *
+   * @throws IllegalStateException if {@link #set(T)} has not yet been called
+   */
+  public T get() {
+    checkState(value != null, "Not yet set!");
+    return value;
+  }
+
+  /**
+   * Runs the given listener when this promise is fulfilled, or immediately if already fulfilled.
+   *
+   * @throws RuntimeException if already fulfilled and 'listener' threw when we tried to run it
+   */
+  public void runWhenSet(Listener<T> listener) {
+    if (value != null) {
+      listener.notify(value);
+    } else {
+      if (pendingListeners == null) {
+        pendingListeners = new ArrayList<>();
+      }
+      pendingListeners.add(listener);
+    }
+  }
+
+  /**
+   * An object that wants to get notified when a SimplePromise has been fulfilled.
+   */
+  public interface Listener<T> {
+    /**
+     * Indicates that the associated SimplePromise has been fulfilled with the given `value`.
+     */
+    void notify(T value);
+  }
+}
diff --git a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
index b3b99ae34e8..12416922fc9 100644
--- a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
@@ -21,8 +21,10 @@
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.isNull;
 import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.when;
 import static org.robolectric.Shadows.shadowOf;
 
+import android.os.DeadObjectException;
 import android.os.IBinder;
 import android.os.Looper;
 import android.os.Parcel;
@@ -94,6 +96,27 @@ public void testSetupTransactionFailureReportsMultipleTerminations_b153460678()
     assertThat(transportListener.isTerminated()).isTrue();
   }
 
+  @Test
+  public void testStartAfterShutdownAndIdle() throws Exception {
+    transport = newBinderServerTransportBuilder().build();
+    transport.shutdownNow(Status.UNKNOWN.withDescription("reasons"));
+    shadowOf(Looper.getMainLooper()).idle();
+    transport.start(transportListener);
+    shadowOf(Looper.getMainLooper()).idle();
+
+    assertThat(transportListener.isTerminated()).isTrue();
+  }
+
+  @Test
+  public void testStartAfterShutdownNoIdle() throws Exception {
+    transport = newBinderServerTransportBuilder().build();
+    transport.shutdownNow(Status.UNKNOWN.withDescription("reasons"));
+    transport.start(transportListener);
+    shadowOf(Looper.getMainLooper()).idle();
+
+    assertThat(transportListener.isTerminated()).isTrue();
+  }
+
   static class BinderServerTransportBuilder {
     ObjectPool<ScheduledExecutorService> executorServicePool;
     Attributes attributes;
diff --git a/binder/src/test/java/io/grpc/binder/internal/SimplePromiseTest.java b/binder/src/test/java/io/grpc/binder/internal/SimplePromiseTest.java
new file mode 100644
index 00000000000..6486ff5e8a1
--- /dev/null
+++ b/binder/src/test/java/io/grpc/binder/internal/SimplePromiseTest.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.binder.internal;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
+import io.grpc.binder.internal.SimplePromise.Listener;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.InOrder;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+
+@RunWith(JUnit4.class)
+public final class SimplePromiseTest {
+
+  private static final String FULFILLED_VALUE = "a fulfilled value";
+
+  @Mock private Listener<String> mockListener1;
+  @Mock private Listener<String> mockListener2;
+  @Rule public final MockitoRule mocks = MockitoJUnit.rule();
+
+  private SimplePromise<String> promise = new SimplePromise<>();
+
+  @Before
+  public void setUp() {
+  }
+
+  @Test
+  public void get_beforeFulfilled_throws() {
+    IllegalStateException e = assertThrows(IllegalStateException.class, () -> promise.get());
+    assertThat(e).hasMessageThat().isEqualTo("Not yet set!");
+  }
+
+  @Test
+  public void get_afterFulfilled_returnsValue() {
+    promise.set(FULFILLED_VALUE);
+    assertThat(promise.get()).isEqualTo(FULFILLED_VALUE);
+  }
+
+  @Test
+  public void set_withNull_throws() {
+    assertThrows(NullPointerException.class, () -> promise.set(null));
+  }
+
+  @Test
+  public void set_calledTwice_throws() {
+    promise.set(FULFILLED_VALUE);
+    IllegalStateException e =
+        assertThrows(IllegalStateException.class, () -> promise.set("another value"));
+    assertThat(e).hasMessageThat().isEqualTo("Already set!");
+  }
+
+  @Test
+  public void runWhenSet_beforeFulfill_listenerIsNotifiedUponSet() {
+    promise.runWhenSet(mockListener1);
+
+    // Should not have been called yet.
+    verify(mockListener1, never()).notify(FULFILLED_VALUE);
+
+    promise.set(FULFILLED_VALUE);
+
+    // Now it should be called.
+    verify(mockListener1, times(1)).notify(FULFILLED_VALUE);
+  }
+
+  @Test
+  public void runWhenSet_afterSet_listenerIsNotifiedImmediately() {
+    promise.set(FULFILLED_VALUE);
+    promise.runWhenSet(mockListener1);
+
+    // Should have been called immediately.
+    verify(mockListener1, times(1)).notify(FULFILLED_VALUE);
+  }
+
+  @Test
+  public void multipleListeners_addedBeforeSet_allNotifiedInOrder() {
+    promise.runWhenSet(mockListener1);
+    promise.runWhenSet(mockListener2);
+
+    promise.set(FULFILLED_VALUE);
+
+    InOrder inOrder = inOrder(mockListener1, mockListener2);
+    inOrder.verify(mockListener1).notify(FULFILLED_VALUE);
+    inOrder.verify(mockListener2).notify(FULFILLED_VALUE);
+  }
+
+  @Test
+  public void listenerThrows_duringSet_propagatesException() {
+    // A listener that will throw when notified.
+    Listener<String> throwingListener =
+        (value) -> {
+          throw new UnsupportedOperationException("Listener failed");
+        };
+
+    promise.runWhenSet(throwingListener);
+
+    // Fulfilling the promise should now throw the exception from the listener.
+    UnsupportedOperationException e =
+        assertThrows(UnsupportedOperationException.class, () -> promise.set(FULFILLED_VALUE));
+    assertThat(e).hasMessageThat().isEqualTo("Listener failed");
+  }
+
+  @Test
+  public void listenerThrows_whenAddedAfterSet_propagatesException() {
+    promise.set(FULFILLED_VALUE);
+
+    // A listener that will throw when notified.
+    Listener<String> throwingListener =
+        (value) -> {
+          throw new UnsupportedOperationException("Listener failed");
+        };
+
+    // Running the listener should throw immediately because the promise is already fulfilled.
+    UnsupportedOperationException e =
+        assertThrows(
+            UnsupportedOperationException.class, () -> promise.runWhenSet(throwingListener));
+    assertThat(e).hasMessageThat().isEqualTo("Listener failed");
+  }
+}

From 599a0a1469c3c9e773c1bd90868aa1b54f0e9072 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 27 Oct 2025 13:52:28 -0700
Subject: [PATCH 419/591] binder: Let the server know when the client fails to
 authorize it. (#12445)

Avoids waiting for the handshake timeout on the server side in this
case.

I also add test coverage for the `!setOutgoingBinder()` case to make
sure it works in the new location.

My ulterior motive for this change is simplifying the client handshake
code in preparation for #12398 -- An (impossible) !isShutdown() clause
goes away for easy to understand reasons and I'll no longer have to pass
the server's binder as an arg from async function to function in two
separate handshake impls.

Fixes #12438
---
 .../internal/BinderClientTransportTest.java   | 15 ++++
 .../internal/BinderClientTransport.java       | 28 +++----
 .../RobolectricBinderTransportTest.java       | 24 ++++++
 .../java/io/grpc/binder/FakeDeadBinder.java   | 74 +++++++++++++++++++
 4 files changed, 124 insertions(+), 17 deletions(-)
 create mode 100644 binder/src/testFixtures/java/io/grpc/binder/FakeDeadBinder.java

diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
index 0038a054854..ee28f132f79 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
@@ -39,6 +39,7 @@
 import io.grpc.Status.Code;
 import io.grpc.binder.AndroidComponentAddress;
 import io.grpc.binder.BinderServerBuilder;
+import io.grpc.binder.FakeDeadBinder;
 import io.grpc.binder.HostServices;
 import io.grpc.binder.SecurityPolicy;
 import io.grpc.binder.internal.OneWayBinderProxies.BlackHoleOneWayBinderProxy;
@@ -358,6 +359,20 @@ public void testTxnFailurePostSetup() throws Exception {
     assertThat(streamStatus.getCause()).isSameInstanceAs(doe);
   }
 
+  @Test
+  public void testServerBinderDeadOnArrival() throws Exception {
+    BlockingBinderDecorator<OneWayBinderProxy> decorator = new BlockingBinderDecorator<>();
+    transport = new BinderClientTransportBuilder().setBinderDecorator(decorator).build();
+    transport.start(transportListener).run();
+    decorator.putNextResult(decorator.takeNextRequest());  // Server's "Endpoint" Binder.
+    OneWayBinderProxy unusedServerBinder = decorator.takeNextRequest();
+    decorator.putNextResult(
+        OneWayBinderProxy.wrap(new FakeDeadBinder(), offloadServicePool.getObject()));
+    Status clientStatus = transportListener.awaitShutdown();
+    assertThat(clientStatus.getCode()).isEqualTo(Code.UNAVAILABLE);
+    assertThat(clientStatus.getDescription()).contains("Failed to observe outgoing binder");
+  }
+
   @Test
   public void testBlackHoleEndpointConnectTimeout() throws Exception {
     BlockingBinderDecorator<BlackHoleOneWayBinderProxy> decorator = new BlockingBinderDecorator<>();
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index c2447daf751..c6aa195544e 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -87,7 +87,6 @@ public final class BinderClientTransport extends BinderTransport
   @GuardedBy("this")
   private ScheduledFuture<?> readyTimeoutFuture; // != null iff timeout scheduled.
 
-
   /**
    * Constructs a new transport instance.
    *
@@ -324,6 +323,9 @@ protected void handleSetupTransport(Parcel parcel) {
       } else if (binder == null) {
         shutdownInternal(
             Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
+      } else if (!setOutgoingBinder(OneWayBinderProxy.wrap(binder, offloadExecutor))) {
+        shutdownInternal(
+            Status.UNAVAILABLE.withDescription("Failed to observe outgoing binder"), true);
       } else {
         restrictIncomingBinderToCallsFrom(remoteUid);
         attributes = setSecurityAttrs(attributes, remoteUid);
@@ -334,7 +336,7 @@ protected void handleSetupTransport(Parcel parcel) {
             new FutureCallback<Status>() {
               @Override
               public void onSuccess(Status result) {
-                handleAuthResult(binder, result);
+                handleAuthResult(result);
               }
 
               @Override
@@ -353,24 +355,17 @@ private ListenableFuture<Status> checkServerAuthorizationAsync(int remoteUid) {
         : Futures.submit(() -> securityPolicy.checkAuthorization(remoteUid), offloadExecutor);
   }
 
-  private synchronized void handleAuthResult(IBinder binder, Status authorization) {
+  private synchronized void handleAuthResult(Status authorization) {
     if (inState(TransportState.SETUP)) {
       if (!authorization.isOk()) {
         shutdownInternal(authorization, true);
-      } else if (!setOutgoingBinder(OneWayBinderProxy.wrap(binder, offloadExecutor))) {
-        shutdownInternal(
-            Status.UNAVAILABLE.withDescription("Failed to observe outgoing binder"), true);
       } else {
-        // Check state again, since a failure inside setOutgoingBinder (or a callback it
-        // triggers), could have shut us down.
-        if (!isShutdown()) {
-          setState(TransportState.READY);
-          attributes = clientTransportListener.filterTransport(attributes);
-          clientTransportListener.transportReady();
-          if (readyTimeoutFuture != null) {
-            readyTimeoutFuture.cancel(false);
-            readyTimeoutFuture = null;
-          }
+        setState(TransportState.READY);
+        attributes = clientTransportListener.filterTransport(attributes);
+        clientTransportListener.transportReady();
+        if (readyTimeoutFuture != null) {
+          readyTimeoutFuture.cancel(false);
+          readyTimeoutFuture = null;
         }
       }
     }
@@ -387,7 +382,6 @@ protected void handlePingResponse(Parcel parcel) {
     pingTracker.onPingResponse(parcel.readInt());
   }
 
-
   private static ClientStream newFailingClientStream(
       Status failure, Attributes attributes, Metadata headers, ClientStreamTracer[] tracers) {
     StatsTraceContext statsTraceContext =
diff --git a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
index d3d73f0e9eb..6beb92c1691 100644
--- a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
@@ -43,6 +43,7 @@
 import androidx.test.core.content.pm.ApplicationInfoBuilder;
 import androidx.test.core.content.pm.PackageInfoBuilder;
 import com.google.common.collect.ImmutableList;
+import com.google.common.truth.TruthJUnit;
 import io.grpc.Attributes;
 import io.grpc.InternalChannelz.SocketStats;
 import io.grpc.ServerStreamTracer;
@@ -353,6 +354,29 @@ static void sendShutdownTransportTransactionAsUid(ClientTransport client, int se
     }
   }
 
+  @Test
+  public void clientReportsAuthzErrorToServer() throws Exception {
+    server.start(serverListener);
+    client =
+        newClientTransportBuilder()
+            .setFactory(
+                newClientTransportFactoryBuilder()
+                    .setSecurityPolicy(SecurityPolicies.permissionDenied("test"))
+                    .buildClientTransportFactory())
+            .build();
+    runIfNotNull(client.start(mockClientTransportListener));
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS))
+        .transportShutdown(statusCaptor.capture());
+    assertThat(statusCaptor.getValue().getCode()).isEqualTo(Status.Code.PERMISSION_DENIED);
+
+    TruthJUnit.assume().that(preAuthServersParam).isFalse();
+
+    MockServerTransportListener serverTransportListener =
+        serverListener.takeListenerOrFail(TIMEOUT_MS, MILLISECONDS);
+    serverTransportListener.waitForTermination(TIMEOUT_MS, MILLISECONDS);
+    assertThat(serverTransportListener.isTerminated()).isTrue();
+  }
+
   @Test
   @Override
   // We don't quite pass the official/abstract version of this test yet because
diff --git a/binder/src/testFixtures/java/io/grpc/binder/FakeDeadBinder.java b/binder/src/testFixtures/java/io/grpc/binder/FakeDeadBinder.java
new file mode 100644
index 00000000000..b1658c13812
--- /dev/null
+++ b/binder/src/testFixtures/java/io/grpc/binder/FakeDeadBinder.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.binder;
+
+import android.os.DeadObjectException;
+import android.os.IBinder;
+import android.os.IInterface;
+import android.os.Parcel;
+import android.os.RemoteException;
+import java.io.FileDescriptor;
+
+/** An {@link IBinder} that behaves as if its hosting process has died, for testing. */
+public class FakeDeadBinder implements IBinder {
+  @Override
+  public boolean isBinderAlive() {
+    return false;
+  }
+
+  @Override
+  public IInterface queryLocalInterface(String descriptor) {
+    return null;
+  }
+
+  @Override
+  public String getInterfaceDescriptor() throws RemoteException {
+    throw new DeadObjectException();
+  }
+
+  @Override
+  public boolean pingBinder() {
+    return false;
+  }
+
+  @Override
+  public void dump(FileDescriptor fd, String[] args) throws RemoteException {
+    throw new DeadObjectException();
+  }
+
+  @Override
+  public void dumpAsync(FileDescriptor fd, String[] args) throws RemoteException {
+    throw new DeadObjectException();
+  }
+
+  @Override
+  public boolean transact(int code, Parcel data, Parcel reply, int flags) throws RemoteException {
+    throw new DeadObjectException();
+  }
+
+  @Override
+  public void linkToDeath(DeathRecipient r, int flags) throws RemoteException {
+    throw new DeadObjectException();
+  }
+
+  @Override
+  public boolean unlinkToDeath(DeathRecipient deathRecipient, int flags) {
+    // No need to check whether 'deathRecipient' was ever actually passed to linkToDeath(): Per our
+    // API contract, if "the IBinder has already died" we never throw and always return false.
+    return false;
+  }
+}

From 9b424b3186d35d1185658c5f60003ebe2a477c47 Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Tue, 28 Oct 2025 21:31:36 +0900
Subject: [PATCH 420/591] stub: remove unnecessary condition in if statement
 (#12437)

This PR removes unnecessary condition inside an `if` statement in
BlockingClientCall class.
There is no functional change.

Fixes #12425
---
 stub/src/main/java/io/grpc/stub/BlockingClientCall.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
index 27bd42e53bb..6a52ce50776 100644
--- a/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
+++ b/stub/src/main/java/io/grpc/stub/BlockingClientCall.java
@@ -225,7 +225,7 @@ private boolean write(boolean waitForever, ReqT request, long endNanoTime)
         (x) -> x.call.isReady() || x.closeState.get() != null;
     executor.waitAndDrainWithTimeout(waitForever, endNanoTime, predicate, this);
     CloseState savedCloseState = closeState.get();
-    if (savedCloseState == null || savedCloseState.status == null) {
+    if (savedCloseState == null) {
       call.sendMessage(request);
       return true;
     } else if (savedCloseState.status.isOk()) {

From acbbf869a160153e636f95f6fd1f37a6a4ae0b5f Mon Sep 17 00:00:00 2001
From: oliviamariacodes <oliviamariacodes@gmail.com>
Date: Wed, 29 Oct 2025 01:58:05 -0700
Subject: [PATCH 421/591] api: Fix name resolver bridge listener handling for
 address resolution errors (#12441)

Fixes https://github.com/grpc/grpc-java/issues/12444

This PR addresses a bug in the `NameResolver.Listener` to
`NameResolver.Listener2` bridge affecting custom NameResolver
implementations using Listener.

The bridge in `NameResolver.start(Listener)` at
https://github.com/grpc/grpc-java/blob/master/api/src/main/java/io/grpc/NameResolver.java#L100
unconditionally calls `getValue()` on the `StatusOr`, throwing
`java.lang.IllegalStateException: No value present.` when the result
contains an error.

This was identified when upgrading from gRPC `v1.63.3` to `v1.75.0`.

The bug occurs due to `DnsNameResolver`'s error handling changes between
versions:

- `v1.63.3`: Errors reported via `Listener.onError()`
(https://github.com/grpc/grpc-java/blob/v1.63.x/core/src/main/java/io/grpc/internal/DnsNameResolver.java#L319)
- `v1.75.0`: Errors passed via `Listener2.onResult2()` with a
ResolutionResult containing either addresses OR an error
(https://github.com/grpc/grpc-java/blob/master/core/src/main/java/io/grpc/internal/DnsNameResolver.java#L322)

This PR updates the bridge to check whether `ResolutionResult` contains
addresses or an error. It passes the error via `onError` and addresses
via `onAddresses`.

**Reproducing the Issue**
The `startOnOldListener_resolverReportsError` test reproduces a similar
issue. It creates a custom `NameResolver` that reports errors through
the `ResolutionResult` like the `DNSNameResolver` in `v1.75.0`, passes
an old Listener to `resolver.start`, which triggers the bridge code
path.

Without the fix, the bridge calls `getValue()` on the error containing
`StatusOr`, throwing `IllegalStateException: No value present`.

With the fix, the bridge checks `hasValue()` first and correctly routes
to `listener.onError()` when appropriate. This ensures backward
compatibility for `Listener` implementations when resolvers report
errors via `ResolutionResult`.
---
 api/src/main/java/io/grpc/NameResolver.java   | 10 +++-
 .../test/java/io/grpc/NameResolverTest.java   | 50 +++++++++++++++++++
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index 2ac4ecae69e..0e8315e812c 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -97,8 +97,14 @@ public void onError(Status error) {
 
           @Override
           public void onResult(ResolutionResult resolutionResult) {
-            listener.onAddresses(resolutionResult.getAddressesOrError().getValue(),
-                resolutionResult.getAttributes());
+            StatusOr<List<EquivalentAddressGroup>> addressesOrError =
+                resolutionResult.getAddressesOrError();
+            if (addressesOrError.hasValue()) {
+              listener.onAddresses(addressesOrError.getValue(),
+                  resolutionResult.getAttributes());
+            } else {
+              listener.onError(addressesOrError.getStatus());
+            }
           }
       });
     }
diff --git a/api/src/test/java/io/grpc/NameResolverTest.java b/api/src/test/java/io/grpc/NameResolverTest.java
index ae8c080bd5c..82abe5c7505 100644
--- a/api/src/test/java/io/grpc/NameResolverTest.java
+++ b/api/src/test/java/io/grpc/NameResolverTest.java
@@ -192,6 +192,56 @@ public void resolutionResult_hashCode() {
         Objects.hashCode(StatusOr.fromValue(ADDRESSES), ATTRIBUTES, CONFIG));
   }
 
+  @Test
+  public void startOnOldListener_resolverReportsError() {
+    final boolean[] onErrorCalled = new boolean[1];
+    final Status[] receivedError = new Status[1];
+
+    NameResolver resolver = new NameResolver() {
+      @Override
+      public String getServiceAuthority() {
+        return "example.com";
+      }
+
+      @Override
+      public void shutdown() {
+      }
+
+      @Override
+      public void start(Listener2 listener2) {
+        ResolutionResult errorResult = ResolutionResult.newBuilder()
+            .setAddressesOrError(StatusOr.fromStatus(
+                Status.UNAVAILABLE
+                    .withDescription("DNS resolution failed with UNAVAILABLE")))
+            .build();
+
+        listener2.onResult(errorResult);
+      }
+    };
+
+    NameResolver.Listener listener = new NameResolver.Listener() {
+      @Override
+      public void onAddresses(
+          List<EquivalentAddressGroup> servers,
+          Attributes attributes) {
+        throw new AssertionError("Called onAddresses on error");
+      }
+
+      @Override
+      public void onError(Status error) {
+        onErrorCalled[0] = true;
+        receivedError[0] = error;
+      }
+    };
+
+    resolver.start(listener);
+
+    assertThat(onErrorCalled[0]).isTrue();
+    assertThat(receivedError[0].getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(receivedError[0].getDescription()).isEqualTo(
+        "DNS resolution failed with UNAVAILABLE");
+  }
+
   private static class FakeSocketAddress extends SocketAddress {
     final String name;
 

From 27d150890e165dbaf6869e79484139d6c0058ea5 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 29 Oct 2025 09:43:58 -0700
Subject: [PATCH 422/591] xds,googleapis: Allow wrapping NameResolver to inject
 XdsClient (#12450)

Since there is no longer a single global XdsClient, it makes more sense
to allow things like the c2p name resolver to inject its own bootstrap
even if there is one defined in an environment variable.
GoogleCloudToProdNameResolver can now pass an XdsClient instance to
XdsNameResolver, and SharedXdsClientPoolProvider allows
GoogleCloudToProdNameResolver to choose the bootstrap for that one
specific target.

Since XdsNameResolver is no longer in control of the XdsClient pool the
XdsClient instance is now passed to ClusterImplLb. A channel will now
only access the global XdsClient pool exactly once: in the name
resolver.

BootstrapInfo is purposefully being shared across channels, as we really
want to share things like credentials which can have significant memory
use and may have caches which reduce I/O when shared. That is why
SharedXdsClientPoolProvider receives BootstrapInfo instead of
Map<String,?>.

Verifying BootstrapInfo.server() is not empty was moved from
SharedXdsClientPoolProvider to GrpcBootstrapperImpl so avoid
getOrCreate() throwing an exception in only that one case. It might make
sense to move that to BootstrapperImpl, but that will need more
investigation.

A lot of tests needed updating because XdsClientPoolProvider is no
longer responsible for parsing the bootstrap, so we now need bootstraps
even if XdsClientPoolProvider will ignore it.

This also fixes a bug in GoogleCloudToProdNameResolver where it would
initialize the delegate even when it failed to create the bootstrap.
That would certainly cause all RPCs on the channel to fail because of
the missing bootstrap and it defeated the point of `succeeded == false`
and `refresh()` which was supposed to retry contacting the metadata
server.

The server tests were enhanced to give a useful error when
server.start() throws an exception, as otherwise the real error is lost.

b/442819521
---
 googleapis/BUILD.bazel                        |   1 +
 .../GoogleCloudToProdNameResolver.java        | 135 +++++++++-------
 ...GoogleCloudToProdNameResolverProvider.java |  13 +-
 .../GoogleCloudToProdNameResolverTest.java    | 145 ++++--------------
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |  12 +-
 .../io/grpc/xds/GrpcBootstrapperImpl.java     |  17 +-
 .../xds/InternalGrpcBootstrapperImpl.java     |   7 +
 .../InternalSharedXdsClientPoolProvider.java  |  56 +++++++
 .../grpc/xds/SharedXdsClientPoolProvider.java |  42 ++---
 .../main/java/io/grpc/xds/XdsAttributes.java  |   5 +-
 .../io/grpc/xds/XdsClientPoolFactory.java     |   9 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |  98 ++++++++++--
 .../io/grpc/xds/XdsNameResolverProvider.java  |   9 ++
 .../java/io/grpc/xds/XdsServerBuilder.java    |   6 +-
 .../java/io/grpc/xds/XdsServerWrapper.java    |  25 ++-
 .../grpc/xds/ClusterImplLoadBalancerTest.java |  22 +--
 .../java/io/grpc/xds/CsdsServiceTest.java     |   9 +-
 .../io/grpc/xds/GrpcBootstrapperImplTest.java |  44 +++++-
 .../xds/SharedXdsClientPoolProviderTest.java  |  40 +++--
 .../io/grpc/xds/XdsClientFallbackTest.java    |   6 +-
 .../io/grpc/xds/XdsClientFederationTest.java  |   6 +-
 .../XdsClientWrapperForServerSdsTestMisc.java |   3 +-
 .../java/io/grpc/xds/XdsNameResolverTest.java |  90 +++++------
 .../grpc/xds/XdsSecurityClientServerTest.java |  14 +-
 .../io/grpc/xds/XdsServerBuilderTest.java     |  22 ++-
 .../java/io/grpc/xds/XdsServerTestHelper.java |  24 +--
 .../io/grpc/xds/XdsServerWrapperTest.java     |  17 +-
 27 files changed, 526 insertions(+), 351 deletions(-)

diff --git a/googleapis/BUILD.bazel b/googleapis/BUILD.bazel
index 42632e0f99d..5b62b21cb3a 100644
--- a/googleapis/BUILD.bazel
+++ b/googleapis/BUILD.bazel
@@ -13,5 +13,6 @@ java_library(
         "//core:internal",
         "//xds",
         artifact("com.google.guava:guava"),
+        artifact("com.google.errorprone:error_prone_annotations"),
     ],
 )
diff --git a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolver.java b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolver.java
index ebc7dd05ea4..0aee17b6b9f 100644
--- a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolver.java
+++ b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolver.java
@@ -20,10 +20,11 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.io.CharStreams;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
+import io.grpc.MetricRecorder;
 import io.grpc.NameResolver;
 import io.grpc.NameResolverRegistry;
 import io.grpc.Status;
@@ -32,6 +33,13 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.SharedResourceHolder;
 import io.grpc.internal.SharedResourceHolder.Resource;
+import io.grpc.xds.InternalGrpcBootstrapperImpl;
+import io.grpc.xds.InternalSharedXdsClientPoolProvider;
+import io.grpc.xds.InternalSharedXdsClientPoolProvider.XdsClientResult;
+import io.grpc.xds.XdsNameResolverProvider;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
+import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsInitializationException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
@@ -41,7 +49,6 @@
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
-import java.util.Map;
 import java.util.Random;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
@@ -63,52 +70,54 @@ final class GoogleCloudToProdNameResolver extends NameResolver {
   static final String C2P_AUTHORITY = "traffic-director-c2p.xds.googleapis.com";
   @VisibleForTesting
   static boolean isOnGcp = InternalCheckGcpEnvironment.isOnGcp();
-  @VisibleForTesting
-  static boolean xdsBootstrapProvided =
-      System.getenv("GRPC_XDS_BOOTSTRAP") != null
-          || System.getProperty("io.grpc.xds.bootstrap") != null
-          || System.getenv("GRPC_XDS_BOOTSTRAP_CONFIG") != null
-          || System.getProperty("io.grpc.xds.bootstrapConfig") != null;
-  @VisibleForTesting
-  static boolean enableFederation =
-      Strings.isNullOrEmpty(System.getenv("GRPC_EXPERIMENTAL_XDS_FEDERATION"))
-          || Boolean.parseBoolean(System.getenv("GRPC_EXPERIMENTAL_XDS_FEDERATION"));
 
   private static final String serverUriOverride =
       System.getenv("GRPC_TEST_ONLY_GOOGLE_C2P_RESOLVER_TRAFFIC_DIRECTOR_URI");
 
-  private HttpConnectionProvider httpConnectionProvider = HttpConnectionFactory.INSTANCE;
+  @GuardedBy("GoogleCloudToProdNameResolver.class")
+  private static BootstrapInfo bootstrapInfo;
+  private static HttpConnectionProvider httpConnectionProvider = HttpConnectionFactory.INSTANCE;
+  private static int c2pId = new Random().nextInt();
+
+  private static synchronized BootstrapInfo getBootstrapInfo()
+      throws XdsInitializationException, IOException {
+    if (bootstrapInfo != null) {
+      return bootstrapInfo;
+    }
+    BootstrapInfo bootstrapInfoTmp =
+        InternalGrpcBootstrapperImpl.parseBootstrap(generateBootstrap());
+    // Avoid setting global when testing
+    if (httpConnectionProvider == HttpConnectionFactory.INSTANCE) {
+      bootstrapInfo = bootstrapInfoTmp;
+    }
+    return bootstrapInfoTmp;
+  }
+
   private final String authority;
   private final SynchronizationContext syncContext;
   private final Resource<Executor> executorResource;
-  private final BootstrapSetter bootstrapSetter;
+  private final String target;
+  private final MetricRecorder metricRecorder;
   private final NameResolver delegate;
-  private final Random rand;
   private final boolean usingExecutorResource;
-  // It's not possible to use both PSM and DirectPath C2P in the same application.
-  // Delegate to DNS if user-provided bootstrap is found.
-  private final String schemeOverride =
-      !isOnGcp
-      || (xdsBootstrapProvided && !enableFederation)
-      ? "dns" : "xds";
+  private final String schemeOverride = !isOnGcp ? "dns" : "xds";
+  private XdsClientResult xdsClientPool;
+  private XdsClient xdsClient;
   private Executor executor;
   private Listener2 listener;
   private boolean succeeded;
   private boolean resolving;
   private boolean shutdown;
 
-  GoogleCloudToProdNameResolver(URI targetUri, Args args, Resource<Executor> executorResource,
-      BootstrapSetter bootstrapSetter) {
-    this(targetUri, args, executorResource, new Random(), bootstrapSetter,
+  GoogleCloudToProdNameResolver(URI targetUri, Args args, Resource<Executor> executorResource) {
+    this(targetUri, args, executorResource,
         NameResolverRegistry.getDefaultRegistry().asFactory());
   }
 
   @VisibleForTesting
   GoogleCloudToProdNameResolver(URI targetUri, Args args, Resource<Executor> executorResource,
-      Random rand, BootstrapSetter bootstrapSetter, NameResolver.Factory nameResolverFactory) {
+      NameResolver.Factory nameResolverFactory) {
     this.executorResource = checkNotNull(executorResource, "executorResource");
-    this.bootstrapSetter = checkNotNull(bootstrapSetter, "bootstrapSetter");
-    this.rand = checkNotNull(rand, "rand");
     String targetPath = checkNotNull(checkNotNull(targetUri, "targetUri").getPath(), "targetPath");
     Preconditions.checkArgument(
         targetPath.startsWith("/"),
@@ -118,9 +127,14 @@ final class GoogleCloudToProdNameResolver extends NameResolver {
     authority = GrpcUtil.checkAuthority(targetPath.substring(1));
     syncContext = checkNotNull(args, "args").getSynchronizationContext();
     targetUri = overrideUriScheme(targetUri, schemeOverride);
-    if (schemeOverride.equals("xds") && enableFederation) {
+    if (schemeOverride.equals("xds")) {
       targetUri = overrideUriAuthority(targetUri, C2P_AUTHORITY);
+      args = args.toBuilder()
+          .setArg(XdsNameResolverProvider.XDS_CLIENT_SUPPLIER, () -> xdsClient)
+          .build();
     }
+    target = targetUri.toString();
+    metricRecorder = args.getMetricRecorder();
     delegate = checkNotNull(nameResolverFactory, "nameResolverFactory").newNameResolver(
         targetUri, args);
     executor = args.getOffloadExecutor();
@@ -150,7 +164,7 @@ private void resolve() {
 
     resolving = true;
     if (logger.isLoggable(Level.FINE)) {
-      logger.fine("resolve with schemaOverride = " + schemeOverride);
+      logger.log(Level.FINE, "start with schemaOverride = {0}", schemeOverride);
     }
 
     if (schemeOverride.equals("dns")) {
@@ -168,28 +182,28 @@ private void resolve() {
     class Resolve implements Runnable {
       @Override
       public void run() {
-        ImmutableMap<String, ?> rawBootstrap = null;
+        BootstrapInfo bootstrapInfo = null;
         try {
-          // User provided bootstrap configs are only supported with federation. If federation is
-          // not enabled or there is no user provided config, we set a custom bootstrap override.
-          // Otherwise, we don't set the override, which will allow a user provided bootstrap config
-          // to take effect.
-          if (!enableFederation || !xdsBootstrapProvided) {
-            rawBootstrap = generateBootstrap(queryZoneMetadata(METADATA_URL_ZONE),
-                queryIpv6SupportMetadata(METADATA_URL_SUPPORT_IPV6));
-          }
+          bootstrapInfo = getBootstrapInfo();
         } catch (IOException e) {
           listener.onError(
               Status.INTERNAL.withDescription("Unable to get metadata").withCause(e));
+        } catch (XdsInitializationException e) {
+          listener.onError(
+              Status.INTERNAL.withDescription("Unable to create c2p bootstrap").withCause(e));
+        } catch (Throwable t) {
+          listener.onError(
+              Status.INTERNAL.withDescription("Unexpected error creating c2p bootstrap")
+              .withCause(t));
         } finally {
-          final ImmutableMap<String, ?> finalRawBootstrap = rawBootstrap;
+          final BootstrapInfo finalBootstrapInfo = bootstrapInfo;
           syncContext.execute(new Runnable() {
             @Override
             public void run() {
-              if (!shutdown) {
-                if (finalRawBootstrap != null) {
-                  bootstrapSetter.setBootstrap(finalRawBootstrap);
-                }
+              if (!shutdown && finalBootstrapInfo != null) {
+                xdsClientPool = InternalSharedXdsClientPoolProvider.getOrCreate(
+                    target, finalBootstrapInfo, metricRecorder, null);
+                xdsClient = xdsClientPool.getObject();
                 delegate.start(listener);
                 succeeded = true;
               }
@@ -203,9 +217,16 @@ public void run() {
     executor.execute(new Resolve());
   }
 
-  private ImmutableMap<String, ?> generateBootstrap(String zone, boolean supportIpv6) {
+  @VisibleForTesting
+  static ImmutableMap<String, ?> generateBootstrap() throws IOException {
+    return generateBootstrap(
+        queryZoneMetadata(METADATA_URL_ZONE),
+        queryIpv6SupportMetadata(METADATA_URL_SUPPORT_IPV6));
+  }
+
+  private static ImmutableMap<String, ?> generateBootstrap(String zone, boolean supportIpv6) {
     ImmutableMap.Builder<String, Object> nodeBuilder = ImmutableMap.builder();
-    nodeBuilder.put("id", "C2P-" + (rand.nextInt() & Integer.MAX_VALUE));
+    nodeBuilder.put("id", "C2P-" + (c2pId & Integer.MAX_VALUE));
     if (!zone.isEmpty()) {
       nodeBuilder.put("locality", ImmutableMap.of("zone", zone));
     }
@@ -250,12 +271,15 @@ public void shutdown() {
     if (delegate != null) {
       delegate.shutdown();
     }
+    if (xdsClient != null) {
+      xdsClient = xdsClientPool.returnObject(xdsClient);
+    }
     if (executor != null && usingExecutorResource) {
       executor = SharedResourceHolder.release(executorResource, executor);
     }
   }
 
-  private String queryZoneMetadata(String url) throws IOException {
+  private static String queryZoneMetadata(String url) throws IOException {
     HttpURLConnection con = null;
     String respBody;
     try {
@@ -275,7 +299,7 @@ private String queryZoneMetadata(String url) throws IOException {
     return index == -1 ? "" : respBody.substring(index + 1);
   }
 
-  private boolean queryIpv6SupportMetadata(String url) throws IOException {
+  private static boolean queryIpv6SupportMetadata(String url) throws IOException {
     HttpURLConnection con = null;
     try {
       con = httpConnectionProvider.createConnection(url);
@@ -294,8 +318,17 @@ private boolean queryIpv6SupportMetadata(String url) throws IOException {
   }
 
   @VisibleForTesting
-  void setHttpConnectionProvider(HttpConnectionProvider httpConnectionProvider) {
-    this.httpConnectionProvider = httpConnectionProvider;
+  static void setHttpConnectionProvider(HttpConnectionProvider httpConnectionProvider) {
+    if (httpConnectionProvider == null) {
+      GoogleCloudToProdNameResolver.httpConnectionProvider = HttpConnectionFactory.INSTANCE;
+    } else {
+      GoogleCloudToProdNameResolver.httpConnectionProvider = httpConnectionProvider;
+    }
+  }
+
+  @VisibleForTesting
+  static void setC2pId(int c2pId) {
+    GoogleCloudToProdNameResolver.c2pId = c2pId;
   }
 
   private static URI overrideUriScheme(URI uri, String scheme) {
@@ -335,8 +368,4 @@ public HttpURLConnection createConnection(String url) throws IOException {
   interface HttpConnectionProvider {
     HttpURLConnection createConnection(String url) throws IOException;
   }
-
-  public interface BootstrapSetter {
-    void setBootstrap(Map<String, ?> bootstrap);
-  }
 }
diff --git a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProvider.java b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProvider.java
index 8ad292a3d98..c02cf53c2d2 100644
--- a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProvider.java
+++ b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProvider.java
@@ -22,13 +22,11 @@
 import io.grpc.NameResolver.Args;
 import io.grpc.NameResolverProvider;
 import io.grpc.internal.GrpcUtil;
-import io.grpc.xds.InternalSharedXdsClientPoolProvider;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.Map;
 
 /**
  * A provider for {@link GoogleCloudToProdNameResolver}.
@@ -52,8 +50,7 @@ public GoogleCloudToProdNameResolverProvider() {
   public NameResolver newNameResolver(URI targetUri, Args args) {
     if (scheme.equals(targetUri.getScheme())) {
       return new GoogleCloudToProdNameResolver(
-          targetUri, args, GrpcUtil.SHARED_CHANNEL_EXECUTOR,
-          new SharedXdsClientPoolProviderBootstrapSetter());
+          targetUri, args, GrpcUtil.SHARED_CHANNEL_EXECUTOR);
     }
     return null;
   }
@@ -77,12 +74,4 @@ protected int priority() {
   public Collection<Class<? extends SocketAddress>> getProducedSocketAddressTypes() {
     return Collections.singleton(InetSocketAddress.class);
   }
-
-  private static final class SharedXdsClientPoolProviderBootstrapSetter
-      implements GoogleCloudToProdNameResolver.BootstrapSetter {
-    @Override
-    public void setBootstrap(Map<String, ?> bootstrap) {
-      InternalSharedXdsClientPoolProvider.setDefaultProviderBootstrapOverride(bootstrap);
-    }
-  }
 }
diff --git a/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverTest.java b/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverTest.java
index edb3126d1e3..6a144696447 100644
--- a/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverTest.java
+++ b/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverTest.java
@@ -25,6 +25,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import io.grpc.ChannelLogger;
+import io.grpc.MetricRecorder;
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.Args;
 import io.grpc.NameResolver.ServiceConfigParser;
@@ -47,7 +48,6 @@
 import java.util.Map;
 import java.util.Random;
 import java.util.concurrent.Executor;
-import java.util.concurrent.atomic.AtomicReference;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -77,15 +77,16 @@ public void uncaughtException(Thread t, Throwable e) {
           throw new AssertionError(e);
         }
       });
+  private final FakeClock fakeExecutor = new FakeClock();
   private final NameResolver.Args args = NameResolver.Args.newBuilder()
       .setDefaultPort(DEFAULT_PORT)
       .setProxyDetector(GrpcUtil.DEFAULT_PROXY_DETECTOR)
       .setSynchronizationContext(syncContext)
+      .setScheduledExecutorService(fakeExecutor.getScheduledExecutorService())
       .setServiceConfigParser(mock(ServiceConfigParser.class))
       .setChannelLogger(mock(ChannelLogger.class))
+      .setMetricRecorder(new MetricRecorder() {})
       .build();
-  private final FakeClock fakeExecutor = new FakeClock();
-  private final FakeBootstrapSetter fakeBootstrapSetter = new FakeBootstrapSetter();
   private final Resource<Executor> fakeExecutorResource = new Resource<Executor>() {
     @Override
     public Executor create() {
@@ -101,34 +102,18 @@ public void close(Executor instance) {}
 
   @Mock
   private NameResolver.Listener2 mockListener;
-  private Random random = new Random(1);
   @Captor
   private ArgumentCaptor<Status> errorCaptor;
   private boolean originalIsOnGcp;
-  private boolean originalXdsBootstrapProvided;
   private GoogleCloudToProdNameResolver resolver;
+  private String responseToIpV6 = "1:1:1";
 
   @Before
   public void setUp() {
     nsRegistry.register(new FakeNsProvider("dns"));
     nsRegistry.register(new FakeNsProvider("xds"));
     originalIsOnGcp = GoogleCloudToProdNameResolver.isOnGcp;
-    originalXdsBootstrapProvided = GoogleCloudToProdNameResolver.xdsBootstrapProvided;
-  }
-
-  @After
-  public void tearDown() {
-    GoogleCloudToProdNameResolver.isOnGcp = originalIsOnGcp;
-    GoogleCloudToProdNameResolver.xdsBootstrapProvided = originalXdsBootstrapProvided;
-    resolver.shutdown();
-    verify(Iterables.getOnlyElement(delegatedResolver.values())).shutdown();
-  }
-
-  private void createResolver() {
-    createResolver("1:1:1");
-  }
 
-  private void createResolver(String responseToIpV6) {
     HttpConnectionProvider httpConnections = new HttpConnectionProvider() {
       @Override
       public HttpURLConnection createConnection(String url) throws IOException {
@@ -148,10 +133,24 @@ public HttpURLConnection createConnection(String url) throws IOException {
         throw new AssertionError("Unknown http query");
       }
     };
+    GoogleCloudToProdNameResolver.setHttpConnectionProvider(httpConnections);
+
+    GoogleCloudToProdNameResolver.setC2pId(new Random(1).nextInt());
+  }
+
+  @After
+  public void tearDown() {
+    GoogleCloudToProdNameResolver.isOnGcp = originalIsOnGcp;
+    GoogleCloudToProdNameResolver.setHttpConnectionProvider(null);
+    if (resolver != null) {
+      resolver.shutdown();
+      verify(Iterables.getOnlyElement(delegatedResolver.values())).shutdown();
+    }
+  }
+
+  private void createResolver() {
     resolver = new GoogleCloudToProdNameResolver(
-        TARGET_URI, args, fakeExecutorResource, random, fakeBootstrapSetter,
-        nsRegistry.asFactory());
-    resolver.setHttpConnectionProvider(httpConnections);
+        TARGET_URI, args, fakeExecutorResource, nsRegistry.asFactory());
   }
 
   @Test
@@ -164,27 +163,19 @@ public void notOnGcp_DelegateToDns() {
   }
 
   @Test
-  public void hasProvidedBootstrap_DelegateToDns() {
+  public void onGcpAndNoProvidedBootstrap_DelegateToXds() {
     GoogleCloudToProdNameResolver.isOnGcp = true;
-    GoogleCloudToProdNameResolver.xdsBootstrapProvided = true;
-    GoogleCloudToProdNameResolver.enableFederation = false;
     createResolver();
     resolver.start(mockListener);
-    assertThat(delegatedResolver.keySet()).containsExactly("dns");
+    fakeExecutor.runDueTasks();
+    assertThat(delegatedResolver.keySet()).containsExactly("xds");
     verify(Iterables.getOnlyElement(delegatedResolver.values())).start(mockListener);
   }
 
   @SuppressWarnings("unchecked")
   @Test
-  public void onGcpAndNoProvidedBootstrap_DelegateToXds() {
-    GoogleCloudToProdNameResolver.isOnGcp = true;
-    GoogleCloudToProdNameResolver.xdsBootstrapProvided = false;
-    createResolver();
-    resolver.start(mockListener);
-    fakeExecutor.runDueTasks();
-    assertThat(delegatedResolver.keySet()).containsExactly("xds");
-    verify(Iterables.getOnlyElement(delegatedResolver.values())).start(mockListener);
-    Map<String, ?> bootstrap = fakeBootstrapSetter.bootstrapRef.get();
+  public void generateBootstrap_ipv6() throws IOException {
+    Map<String, ?> bootstrap = GoogleCloudToProdNameResolver.generateBootstrap();
     Map<String, ?> node = (Map<String, ?>) bootstrap.get("node");
     assertThat(node).containsExactly(
         "id", "C2P-991614323",
@@ -204,15 +195,9 @@ public void onGcpAndNoProvidedBootstrap_DelegateToXds() {
 
   @SuppressWarnings("unchecked")
   @Test
-  public void onGcpAndNoProvidedBootstrap_DelegateToXds_noIpV6() {
-    GoogleCloudToProdNameResolver.isOnGcp = true;
-    GoogleCloudToProdNameResolver.xdsBootstrapProvided = false;
-    createResolver(null);
-    resolver.start(mockListener);
-    fakeExecutor.runDueTasks();
-    assertThat(delegatedResolver.keySet()).containsExactly("xds");
-    verify(Iterables.getOnlyElement(delegatedResolver.values())).start(mockListener);
-    Map<String, ?> bootstrap = fakeBootstrapSetter.bootstrapRef.get();
+  public void generateBootstrap_noIpV6() throws IOException {
+    responseToIpV6 = null;
+    Map<String, ?> bootstrap = GoogleCloudToProdNameResolver.generateBootstrap();
     Map<String, ?> node = (Map<String, ?>) bootstrap.get("node");
     assertThat(node).containsExactly(
         "id", "C2P-991614323",
@@ -231,70 +216,18 @@ public void onGcpAndNoProvidedBootstrap_DelegateToXds_noIpV6() {
 
   @SuppressWarnings("unchecked")
   @Test
-  public void emptyResolverMeetadataValue() {
-    GoogleCloudToProdNameResolver.isOnGcp = true;
-    GoogleCloudToProdNameResolver.xdsBootstrapProvided = false;
-    createResolver("");
-    resolver.start(mockListener);
-    fakeExecutor.runDueTasks();
-    assertThat(delegatedResolver.keySet()).containsExactly("xds");
-    verify(Iterables.getOnlyElement(delegatedResolver.values())).start(mockListener);
-    Map<String, ?> bootstrap = fakeBootstrapSetter.bootstrapRef.get();
+  public void emptyResolverMeetadataValue() throws IOException {
+    responseToIpV6 = "";
+    Map<String, ?> bootstrap = GoogleCloudToProdNameResolver.generateBootstrap();
     Map<String, ?> node = (Map<String, ?>) bootstrap.get("node");
     assertThat(node).containsExactly(
         "id", "C2P-991614323",
         "locality", ImmutableMap.of("zone", ZONE));
   }
 
-  @SuppressWarnings("unchecked")
-  @Test
-  public void onGcpAndNoProvidedBootstrapAndFederationEnabled_DelegateToXds() {
-    GoogleCloudToProdNameResolver.isOnGcp = true;
-    GoogleCloudToProdNameResolver.xdsBootstrapProvided = false;
-    GoogleCloudToProdNameResolver.enableFederation = true;
-    createResolver();
-    resolver.start(mockListener);
-    fakeExecutor.runDueTasks();
-    assertThat(delegatedResolver.keySet()).containsExactly("xds");
-    verify(Iterables.getOnlyElement(delegatedResolver.values())).start(mockListener);
-    // check bootstrap
-    Map<String, ?> bootstrap = fakeBootstrapSetter.bootstrapRef.get();
-    Map<String, ?> node = (Map<String, ?>) bootstrap.get("node");
-    assertThat(node).containsExactly(
-        "id", "C2P-991614323",
-        "locality", ImmutableMap.of("zone", ZONE),
-        "metadata", ImmutableMap.of("TRAFFICDIRECTOR_DIRECTPATH_C2P_IPV6_CAPABLE", true));
-    Map<String, ?> server = Iterables.getOnlyElement(
-        (List<Map<String, ?>>) bootstrap.get("xds_servers"));
-    assertThat(server).containsExactly(
-        "server_uri", "directpath-pa.googleapis.com",
-        "channel_creds", ImmutableList.of(ImmutableMap.of("type", "google_default")),
-        "server_features", ImmutableList.of("xds_v3", "ignore_resource_deletion"));
-    Map<String, ?> authorities = (Map<String, ?>) bootstrap.get("authorities");
-    assertThat(authorities).containsExactly(
-        "traffic-director-c2p.xds.googleapis.com",
-        ImmutableMap.of("xds_servers", ImmutableList.of(server)));
-  }
-
-  @SuppressWarnings("unchecked")
-  @Test
-  public void onGcpAndProvidedBootstrapAndFederationEnabled_DontDelegateToXds() {
-    GoogleCloudToProdNameResolver.isOnGcp = true;
-    GoogleCloudToProdNameResolver.xdsBootstrapProvided = true;
-    GoogleCloudToProdNameResolver.enableFederation = true;
-    createResolver();
-    resolver.start(mockListener);
-    fakeExecutor.runDueTasks();
-    assertThat(delegatedResolver.keySet()).containsExactly("xds");
-    verify(Iterables.getOnlyElement(delegatedResolver.values())).start(mockListener);
-    // Bootstrapper should not have been set, since there was no user provided config.
-    assertThat(fakeBootstrapSetter.bootstrapRef.get()).isNull();
-  }
-
   @Test
   public void failToQueryMetadata() {
     GoogleCloudToProdNameResolver.isOnGcp = true;
-    GoogleCloudToProdNameResolver.xdsBootstrapProvided = false;
     createResolver();
     HttpConnectionProvider httpConnections = new HttpConnectionProvider() {
       @Override
@@ -304,7 +237,7 @@ public HttpURLConnection createConnection(String url) throws IOException {
         return con;
       }
     };
-    resolver.setHttpConnectionProvider(httpConnections);
+    GoogleCloudToProdNameResolver.setHttpConnectionProvider(httpConnections);
     resolver.start(mockListener);
     fakeExecutor.runDueTasks();
     verify(mockListener).onError(errorCaptor.capture());
@@ -344,14 +277,4 @@ public String getDefaultScheme() {
       return scheme;
     }
   }
-
-  private static final class FakeBootstrapSetter
-      implements GoogleCloudToProdNameResolver.BootstrapSetter {
-    private final AtomicReference<Map<String, ?>> bootstrapRef = new AtomicReference<>();
-
-    @Override
-    public void setBootstrap(Map<String, ?> bootstrap) {
-      bootstrapRef.set(bootstrap);
-    }
-  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 00fe736761b..ad5dff3cea1 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -37,7 +37,6 @@
 import io.grpc.Status;
 import io.grpc.internal.ForwardingClientStreamTracer;
 import io.grpc.internal.GrpcUtil;
-import io.grpc.internal.ObjectPool;
 import io.grpc.services.MetricReport;
 import io.grpc.util.ForwardingLoadBalancerHelper;
 import io.grpc.util.ForwardingSubchannel;
@@ -96,7 +95,6 @@ final class ClusterImplLoadBalancer extends LoadBalancer {
   private String cluster;
   @Nullable
   private String edsServiceName;
-  private ObjectPool<XdsClient> xdsClientPool;
   private XdsClient xdsClient;
   private CallCounterProvider callCounterProvider;
   private ClusterDropStats dropStats;
@@ -119,10 +117,8 @@ final class ClusterImplLoadBalancer extends LoadBalancer {
   public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
     Attributes attributes = resolvedAddresses.getAttributes();
-    if (xdsClientPool == null) {
-      xdsClientPool = attributes.get(io.grpc.xds.XdsAttributes.XDS_CLIENT_POOL);
-      assert xdsClientPool != null;
-      xdsClient = xdsClientPool.getObject();
+    if (xdsClient == null) {
+      xdsClient = checkNotNull(attributes.get(io.grpc.xds.XdsAttributes.XDS_CLIENT), "xdsClient");
     }
     if (callCounterProvider == null) {
       callCounterProvider = attributes.get(io.grpc.xds.XdsAttributes.CALL_COUNTER_PROVIDER);
@@ -192,9 +188,7 @@ public void shutdown() {
         childLbHelper = null;
       }
     }
-    if (xdsClient != null) {
-      xdsClient = xdsClientPool.returnObject(xdsClient);
-    }
+    xdsClient = null;
   }
 
   /**
diff --git a/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
index f61fab42cae..fdcf3a972b5 100644
--- a/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
@@ -18,6 +18,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.ChannelCredentials;
 import io.grpc.internal.JsonUtil;
 import io.grpc.xds.client.BootstrapperImpl;
@@ -48,7 +49,11 @@ class GrpcBootstrapperImpl extends BootstrapperImpl {
 
   @Override
   public BootstrapInfo bootstrap(Map<String, ?> rawData) throws XdsInitializationException {
-    return super.bootstrap(rawData);
+    BootstrapInfo info = super.bootstrap(rawData);
+    if (info.servers().isEmpty()) {
+      throw new XdsInitializationException("Invalid bootstrap: 'xds_servers' is empty");
+    }
+    return info;
   }
 
   /**
@@ -95,6 +100,16 @@ protected Object getImplSpecificConfig(Map<String, ?> serverConfig, String serve
     return getChannelCredentials(serverConfig, serverUri);
   }
 
+  @GuardedBy("GrpcBootstrapperImpl.class")
+  private static BootstrapInfo defaultBootstrap;
+
+  static synchronized BootstrapInfo defaultBootstrap() throws XdsInitializationException {
+    if (defaultBootstrap == null) {
+      defaultBootstrap = new GrpcBootstrapperImpl().bootstrap();
+    }
+    return defaultBootstrap;
+  }
+
   private static ChannelCredentials getChannelCredentials(Map<String, ?> serverConfig,
                                                           String serverUri)
       throws XdsInitializationException {
diff --git a/xds/src/main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java
index 929619c11d7..6a852a2fbb4 100644
--- a/xds/src/main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java
@@ -17,8 +17,10 @@
 package io.grpc.xds;
 
 import io.grpc.Internal;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.XdsInitializationException;
 import java.io.IOException;
+import java.util.Map;
 
 /**
  * Internal accessors for GrpcBootstrapperImpl.
@@ -30,4 +32,9 @@ private InternalGrpcBootstrapperImpl() {} // prevent instantiation
   public static String getJsonContent() throws XdsInitializationException, IOException {
     return new GrpcBootstrapperImpl().getJsonContent();
   }
+
+  public static BootstrapInfo parseBootstrap(Map<String, ?> bootstrap)
+      throws XdsInitializationException {
+    return new GrpcBootstrapperImpl().bootstrap(bootstrap);
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
index 9c98bba93cf..5eb36a498cf 100644
--- a/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
@@ -20,6 +20,7 @@
 import io.grpc.Internal;
 import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsInitializationException;
 import java.util.Map;
@@ -32,24 +33,79 @@ public final class InternalSharedXdsClientPoolProvider {
   // Prevent instantiation
   private InternalSharedXdsClientPoolProvider() {}
 
+  /**
+   * Override the global bootstrap.
+   *
+   * @deprecated Use InternalGrpcBootstrapperImpl.parseBootstrap() and pass the result to
+   *     getOrCreate().
+   */
+  @Deprecated
   public static void setDefaultProviderBootstrapOverride(Map<String, ?> bootstrap) {
     SharedXdsClientPoolProvider.getDefaultProvider().setBootstrapOverride(bootstrap);
   }
 
+  /**
+   * Get an XdsClient pool.
+   *
+   * @deprecated Use InternalGrpcBootstrapperImpl.parseBootstrap() and pass the result to the other
+   *     getOrCreate().
+   */
+  @Deprecated
   public static ObjectPool<XdsClient> getOrCreate(String target)
       throws XdsInitializationException {
     return getOrCreate(target, new MetricRecorder() {});
   }
 
+  /**
+   * Get an XdsClient pool.
+   *
+   * @deprecated Use InternalGrpcBootstrapperImpl.parseBootstrap() and pass the result to the other
+   *     getOrCreate().
+   */
+  @Deprecated
   public static ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
       throws XdsInitializationException {
     return getOrCreate(target, metricRecorder, null);
   }
 
+  /**
+   * Get an XdsClient pool.
+   *
+   * @deprecated Use InternalGrpcBootstrapperImpl.parseBootstrap() and pass the result to the other
+   *     getOrCreate().
+   */
+  @Deprecated
   public static ObjectPool<XdsClient> getOrCreate(
       String target, MetricRecorder metricRecorder, CallCredentials transportCallCredentials)
       throws XdsInitializationException {
     return SharedXdsClientPoolProvider.getDefaultProvider()
         .getOrCreate(target, metricRecorder, transportCallCredentials);
   }
+
+  public static XdsClientResult getOrCreate(
+      String target, BootstrapInfo bootstrapInfo, MetricRecorder metricRecorder,
+      CallCredentials transportCallCredentials) {
+    return new XdsClientResult(SharedXdsClientPoolProvider.getDefaultProvider()
+        .getOrCreate(target, bootstrapInfo, metricRecorder, transportCallCredentials));
+  }
+
+  /**
+   * An ObjectPool, except without exposing io.grpc.internal, which must not be used for
+   * cross-package APIs.
+   */
+  public static final class XdsClientResult {
+    private final ObjectPool<XdsClient> xdsClientPool;
+
+    XdsClientResult(ObjectPool<XdsClient> xdsClientPool) {
+      this.xdsClientPool = xdsClientPool;
+    }
+
+    public XdsClient getObject() {
+      return xdsClientPool.getObject();
+    }
+
+    public XdsClient returnObject(XdsClient xdsClient) {
+      return xdsClientPool.returnObject(xdsClient);
+    }
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
index 5302880d48c..29b6870ab97 100644
--- a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
@@ -73,7 +73,7 @@ static SharedXdsClientPoolProvider getDefaultProvider() {
     return SharedXdsClientPoolProviderHolder.instance;
   }
 
-  @Override
+  @Deprecated
   public void setBootstrapOverride(Map<String, ?> bootstrap) {
     bootstrapOverride.set(bootstrap);
   }
@@ -84,30 +84,36 @@ public ObjectPool<XdsClient> get(String target) {
     return targetToXdsClientMap.get(target);
   }
 
-  @Override
-  public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
+  @Deprecated
+  public ObjectPool<XdsClient> getOrCreate(
+      String target, MetricRecorder metricRecorder, CallCredentials transportCallCredentials)
       throws XdsInitializationException {
-    return getOrCreate(target, metricRecorder, null);
+    BootstrapInfo bootstrapInfo;
+    Map<String, ?> rawBootstrap = bootstrapOverride.get();
+    if (rawBootstrap != null) {
+      bootstrapInfo = bootstrapper.bootstrap(rawBootstrap);
+    } else {
+      bootstrapInfo = bootstrapper.bootstrap();
+    }
+    return getOrCreate(target, bootstrapInfo, metricRecorder, transportCallCredentials);
   }
 
+  @Override
   public ObjectPool<XdsClient> getOrCreate(
-      String target, MetricRecorder metricRecorder, CallCredentials transportCallCredentials)
-      throws XdsInitializationException {
+      String target, BootstrapInfo bootstrapInfo, MetricRecorder metricRecorder) {
+    return getOrCreate(target, bootstrapInfo, metricRecorder, null);
+  }
+
+  public ObjectPool<XdsClient> getOrCreate(
+      String target,
+      BootstrapInfo bootstrapInfo,
+      MetricRecorder metricRecorder,
+      CallCredentials transportCallCredentials) {
     ObjectPool<XdsClient> ref = targetToXdsClientMap.get(target);
     if (ref == null) {
       synchronized (lock) {
         ref = targetToXdsClientMap.get(target);
         if (ref == null) {
-          BootstrapInfo bootstrapInfo;
-          Map<String, ?> rawBootstrap = bootstrapOverride.get();
-          if (rawBootstrap != null) {
-            bootstrapInfo = bootstrapper.bootstrap(rawBootstrap);
-          } else {
-            bootstrapInfo = bootstrapper.bootstrap();
-          }
-          if (bootstrapInfo.servers().isEmpty()) {
-            throw new XdsInitializationException("No xDS server provided");
-          }
           ref =
               new RefCountedXdsClientObjectPool(
                   bootstrapInfo, target, metricRecorder, transportCallCredentials);
@@ -157,9 +163,9 @@ class RefCountedXdsClientObjectPool implements ObjectPool<XdsClient> {
         String target,
         MetricRecorder metricRecorder,
         CallCredentials transportCallCredentials) {
-      this.bootstrapInfo = checkNotNull(bootstrapInfo);
+      this.bootstrapInfo = checkNotNull(bootstrapInfo, "bootstrapInfo");
       this.target = target;
-      this.metricRecorder = metricRecorder;
+      this.metricRecorder = checkNotNull(metricRecorder, "metricRecorder");
       this.transportCallCredentials = transportCallCredentials;
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsAttributes.java b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
index 0e770173219..5647b25e418 100644
--- a/xds/src/main/java/io/grpc/xds/XdsAttributes.java
+++ b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
@@ -20,7 +20,6 @@
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.Grpc;
 import io.grpc.NameResolver;
-import io.grpc.internal.ObjectPool;
 import io.grpc.xds.XdsNameResolverProvider.CallCounterProvider;
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsClient;
@@ -33,8 +32,8 @@ final class XdsAttributes {
    * Attribute key for passing around the XdsClient object pool across NameResolver/LoadBalancers.
    */
   @NameResolver.ResolutionResultAttr
-  static final Attributes.Key<ObjectPool<XdsClient>> XDS_CLIENT_POOL =
-      Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsClientPool");
+  static final Attributes.Key<XdsClient> XDS_CLIENT =
+      Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsClient");
 
   /**
    * Attribute key for passing around the latest XdsConfig across NameResolver/LoadBalancers.
diff --git a/xds/src/main/java/io/grpc/xds/XdsClientPoolFactory.java b/xds/src/main/java/io/grpc/xds/XdsClientPoolFactory.java
index f10d6504d79..6df8d566a7a 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClientPoolFactory.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClientPoolFactory.java
@@ -18,20 +18,17 @@
 
 import io.grpc.MetricRecorder;
 import io.grpc.internal.ObjectPool;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.client.XdsInitializationException;
 import java.util.List;
-import java.util.Map;
 import javax.annotation.Nullable;
 
 interface XdsClientPoolFactory {
-  void setBootstrapOverride(Map<String, ?> bootstrap);
-
   @Nullable
   ObjectPool<XdsClient> get(String target);
 
-  ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
-      throws XdsInitializationException;
+  ObjectPool<XdsClient> getOrCreate(
+      String target, BootstrapInfo bootstrapInfo, MetricRecorder metricRecorder);
 
   List<String> getTargets();
 }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 20001b6558d..196d51fb5a6 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -64,6 +64,7 @@
 import io.grpc.xds.client.Bootstrapper.AuthorityInfo;
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.XdsClient;
+import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
 import java.net.URI;
@@ -80,6 +81,7 @@
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.atomic.AtomicInteger;
+import java.util.function.Supplier;
 import javax.annotation.Nullable;
 
 /**
@@ -91,7 +93,6 @@
  * @see XdsNameResolverProvider
  */
 final class XdsNameResolver extends NameResolver {
-
   static final CallOptions.Key<String> CLUSTER_SELECTION_KEY =
       CallOptions.Key.create("io.grpc.xds.CLUSTER_SELECTION_KEY");
   static final CallOptions.Key<XdsConfig> XDS_CONFIG_CALL_OPTION_KEY =
@@ -118,7 +119,7 @@ final class XdsNameResolver extends NameResolver {
   private final ServiceConfigParser serviceConfigParser;
   private final SynchronizationContext syncContext;
   private final ScheduledExecutorService scheduler;
-  private final XdsClientPoolFactory xdsClientPoolFactory;
+  private final XdsClientPool xdsClientPool;
   private final ThreadSafeRandom random;
   private final FilterRegistry filterRegistry;
   private final XxHash64 hashFunc = XxHash64.INSTANCE;
@@ -127,7 +128,6 @@ final class XdsNameResolver extends NameResolver {
   private final ConcurrentMap<String, ClusterRefState> clusterRefs = new ConcurrentHashMap<>();
   private final ConfigSelector configSelector = new ConfigSelector();
   private final long randomChannelId;
-  private final MetricRecorder metricRecorder;
   private final Args nameResolverArgs;
   // Must be accessed in syncContext.
   // Filter instances are unique per channel, and per filter (name+typeUrl).
@@ -136,7 +136,6 @@ final class XdsNameResolver extends NameResolver {
 
   private volatile RoutingConfig routingConfig;
   private Listener2 listener;
-  private ObjectPool<XdsClient> xdsClientPool;
   private XdsClient xdsClient;
   private CallCounterProvider callCounterProvider;
   private ResolveState resolveState;
@@ -148,7 +147,10 @@ final class XdsNameResolver extends NameResolver {
       @Nullable Map<String, ?> bootstrapOverride,
       MetricRecorder metricRecorder, Args nameResolverArgs) {
     this(targetUri, targetUri.getAuthority(), name, overrideAuthority, serviceConfigParser,
-        syncContext, scheduler, SharedXdsClientPoolProvider.getDefaultProvider(),
+        syncContext, scheduler,
+        bootstrapOverride == null
+          ? SharedXdsClientPoolProvider.getDefaultProvider()
+          : new SharedXdsClientPoolProvider(),
         ThreadSafeRandomImpl.instance, FilterRegistry.getDefaultRegistry(), bootstrapOverride,
         metricRecorder, nameResolverArgs);
   }
@@ -173,12 +175,17 @@ final class XdsNameResolver extends NameResolver {
     this.serviceConfigParser = checkNotNull(serviceConfigParser, "serviceConfigParser");
     this.syncContext = checkNotNull(syncContext, "syncContext");
     this.scheduler = checkNotNull(scheduler, "scheduler");
-    this.xdsClientPoolFactory = bootstrapOverride == null ? checkNotNull(xdsClientPoolFactory,
-            "xdsClientPoolFactory") : new SharedXdsClientPoolProvider();
-    this.xdsClientPoolFactory.setBootstrapOverride(bootstrapOverride);
+    Supplier<XdsClient> xdsClientSupplierArg =
+        nameResolverArgs.getArg(XdsNameResolverProvider.XDS_CLIENT_SUPPLIER);
+    if (xdsClientSupplierArg != null) {
+      this.xdsClientPool = new SupplierXdsClientPool(xdsClientSupplierArg);
+    } else {
+      checkNotNull(xdsClientPoolFactory, "xdsClientPoolFactory");
+      this.xdsClientPool = new BootstrappingXdsClientPool(
+          xdsClientPoolFactory, target, bootstrapOverride, metricRecorder);
+    }
     this.random = checkNotNull(random, "random");
     this.filterRegistry = checkNotNull(filterRegistry, "filterRegistry");
-    this.metricRecorder = metricRecorder;
     this.nameResolverArgs = checkNotNull(nameResolverArgs, "nameResolverArgs");
 
     randomChannelId = random.nextLong();
@@ -196,13 +203,12 @@ public String getServiceAuthority() {
   public void start(Listener2 listener) {
     this.listener = checkNotNull(listener, "listener");
     try {
-      xdsClientPool = xdsClientPoolFactory.getOrCreate(target, metricRecorder);
+      xdsClient = xdsClientPool.getObject();
     } catch (Exception e) {
       listener.onError(
           Status.UNAVAILABLE.withDescription("Failed to initialize xDS").withCause(e));
       return;
     }
-    xdsClient = xdsClientPool.getObject();
     BootstrapInfo bootstrapInfo = xdsClient.getBootstrapInfo();
     String listenerNameTemplate;
     if (targetAuthority == null) {
@@ -319,7 +325,7 @@ private void updateResolutionResult(XdsConfig xdsConfig) {
     ConfigOrError parsedServiceConfig = serviceConfigParser.parseServiceConfig(rawServiceConfig);
     Attributes attrs =
         Attributes.newBuilder()
-            .set(XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+            .set(XdsAttributes.XDS_CLIENT, xdsClient)
             .set(XdsAttributes.XDS_CONFIG, xdsConfig)
             .set(XdsAttributes.XDS_CLUSTER_SUBSCRIPT_REGISTRY, resolveState.xdsDependencyManager)
             .set(XdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
@@ -1034,4 +1040,72 @@ static ClusterRefState forRlsPlugin(
       return new ClusterRefState(refCount, null, rlsPluginConfig, null);
     }
   }
+
+  /** An ObjectPool, except it can throw an exception. */
+  private interface XdsClientPool {
+    XdsClient getObject() throws XdsInitializationException;
+
+    XdsClient returnObject(XdsClient xdsClient);
+  }
+
+  private static final class BootstrappingXdsClientPool implements XdsClientPool {
+    private final XdsClientPoolFactory xdsClientPoolFactory;
+    private final String target;
+    private final @Nullable Map<String, ?> bootstrapOverride;
+    private final @Nullable MetricRecorder metricRecorder;
+    private ObjectPool<XdsClient> xdsClientPool;
+
+    BootstrappingXdsClientPool(
+        XdsClientPoolFactory xdsClientPoolFactory,
+        String target,
+        @Nullable Map<String, ?> bootstrapOverride,
+        @Nullable MetricRecorder metricRecorder) {
+      this.xdsClientPoolFactory = checkNotNull(xdsClientPoolFactory, "xdsClientPoolFactory");
+      this.target = checkNotNull(target, "target");
+      this.bootstrapOverride = bootstrapOverride;
+      this.metricRecorder = metricRecorder;
+    }
+
+    @Override
+    public XdsClient getObject() throws XdsInitializationException {
+      if (xdsClientPool == null) {
+        BootstrapInfo bootstrapInfo;
+        if (bootstrapOverride == null) {
+          bootstrapInfo = GrpcBootstrapperImpl.defaultBootstrap();
+        } else {
+          bootstrapInfo = new GrpcBootstrapperImpl().bootstrap(bootstrapOverride);
+        }
+        this.xdsClientPool =
+            xdsClientPoolFactory.getOrCreate(target, bootstrapInfo, metricRecorder);
+      }
+      return xdsClientPool.getObject();
+    }
+
+    @Override
+    public XdsClient returnObject(XdsClient xdsClient) {
+      return xdsClientPool.returnObject(xdsClient);
+    }
+  }
+
+  private static final class SupplierXdsClientPool implements XdsClientPool {
+    private final Supplier<XdsClient> xdsClientSupplier;
+
+    SupplierXdsClientPool(Supplier<XdsClient> xdsClientSupplier) {
+      this.xdsClientSupplier = checkNotNull(xdsClientSupplier, "xdsClientSupplier");
+    }
+
+    @Override
+    public XdsClient getObject() throws XdsInitializationException {
+      XdsClient xdsClient = xdsClientSupplier.get();
+      if (xdsClient == null) {
+        throw new XdsInitializationException("Caller failed to initialize XDS_CLIENT_SUPPLIER");
+      }
+      return xdsClient;
+    }
+
+    @Override
+    public XdsClient returnObject(XdsClient xdsClient) {
+      return null;
+    }
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
index eb3887396a0..e3462276b17 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
@@ -22,6 +22,7 @@
 import io.grpc.Internal;
 import io.grpc.NameResolver.Args;
 import io.grpc.NameResolverProvider;
+import io.grpc.xds.client.XdsClient;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
@@ -29,6 +30,7 @@
 import java.util.Collections;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicLong;
+import java.util.function.Supplier;
 import javax.annotation.Nullable;
 
 /**
@@ -43,6 +45,13 @@
  */
 @Internal
 public final class XdsNameResolverProvider extends NameResolverProvider {
+  /**
+   * If provided, the suppler must return non-null when lb.start() is called (which implies not
+   * throwing), and the XdsClient must remain alive until lb.shutdown() returns. It may only be
+   * called from the synchronization context.
+   */
+  public static final Args.Key<Supplier<XdsClient>> XDS_CLIENT_SUPPLIER =
+      Args.Key.create("io.grpc.xds.XdsNameResolverProvider.XDS_CLIENT_SUPPLIER");
 
   private static final String SCHEME = "xds";
   private final String scheme;
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerBuilder.java b/xds/src/main/java/io/grpc/xds/XdsServerBuilder.java
index 928f22c4d5e..4a4fb71aa84 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerBuilder.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerBuilder.java
@@ -55,6 +55,7 @@ public final class XdsServerBuilder extends ForwardingServerBuilder<XdsServerBui
   private final FilterRegistry filterRegistry = FilterRegistry.getDefaultRegistry();
   private XdsClientPoolFactory xdsClientPoolFactory =
           SharedXdsClientPoolProvider.getDefaultProvider();
+  private Map<String, ?> bootstrapOverride;
   private long drainGraceTime = 10;
   private TimeUnit drainGraceTimeUnit = TimeUnit.MINUTES;
 
@@ -127,7 +128,7 @@ public Server build() {
     }
     InternalNettyServerBuilder.eagAttributes(delegate, builder.build());
     return new XdsServerWrapper("0.0.0.0:" + port, delegate, xdsServingStatusListener,
-            filterChainSelectorManager, xdsClientPoolFactory, filterRegistry);
+            filterChainSelectorManager, xdsClientPoolFactory, bootstrapOverride, filterRegistry);
   }
 
   @VisibleForTesting
@@ -140,11 +141,10 @@ XdsServerBuilder xdsClientPoolFactory(XdsClientPoolFactory xdsClientPoolFactory)
    * Allows providing bootstrap override, useful for testing.
    */
   public XdsServerBuilder overrideBootstrapForTest(Map<String, ?> bootstrapOverride) {
-    checkNotNull(bootstrapOverride, "bootstrapOverride");
+    this.bootstrapOverride = checkNotNull(bootstrapOverride, "bootstrapOverride");
     if (this.xdsClientPoolFactory == SharedXdsClientPoolProvider.getDefaultProvider()) {
       this.xdsClientPoolFactory = new SharedXdsClientPoolProvider();
     }
-    this.xdsClientPoolFactory.setBootstrapOverride(bootstrapOverride);
     return this;
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index be64b56eef5..f54c4af5cff 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -56,6 +56,7 @@
 import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import io.grpc.xds.XdsServerBuilder.XdsServingStatusListener;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsClient.ResourceWatcher;
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
@@ -103,6 +104,7 @@ public void uncaughtException(Thread t, Throwable e) {
   private final FilterRegistry filterRegistry;
   private final ThreadSafeRandom random = ThreadSafeRandomImpl.instance;
   private final XdsClientPoolFactory xdsClientPoolFactory;
+  private final @Nullable Map<String, ?> bootstrapOverride;
   private final XdsServingStatusListener listener;
   private final FilterChainSelectorManager filterChainSelectorManager;
   private final AtomicBoolean started = new AtomicBoolean(false);
@@ -131,9 +133,17 @@ public void uncaughtException(Thread t, Throwable e) {
       XdsServingStatusListener listener,
       FilterChainSelectorManager filterChainSelectorManager,
       XdsClientPoolFactory xdsClientPoolFactory,
+      @Nullable Map<String, ?> bootstrapOverride,
       FilterRegistry filterRegistry) {
-    this(listenerAddress, delegateBuilder, listener, filterChainSelectorManager,
-        xdsClientPoolFactory, filterRegistry, SharedResourceHolder.get(GrpcUtil.TIMER_SERVICE));
+    this(
+        listenerAddress,
+        delegateBuilder,
+        listener,
+        filterChainSelectorManager,
+        xdsClientPoolFactory,
+        bootstrapOverride,
+        filterRegistry,
+        SharedResourceHolder.get(GrpcUtil.TIMER_SERVICE));
     sharedTimeService = true;
   }
 
@@ -144,6 +154,7 @@ public void uncaughtException(Thread t, Throwable e) {
           XdsServingStatusListener listener,
           FilterChainSelectorManager filterChainSelectorManager,
           XdsClientPoolFactory xdsClientPoolFactory,
+          @Nullable Map<String, ?> bootstrapOverride,
           FilterRegistry filterRegistry,
           ScheduledExecutorService timeService) {
     this.listenerAddress = checkNotNull(listenerAddress, "listenerAddress");
@@ -153,6 +164,7 @@ public void uncaughtException(Thread t, Throwable e) {
     this.filterChainSelectorManager
         = checkNotNull(filterChainSelectorManager, "filterChainSelectorManager");
     this.xdsClientPoolFactory = checkNotNull(xdsClientPoolFactory, "xdsClientPoolFactory");
+    this.bootstrapOverride = bootstrapOverride;
     this.timeService = checkNotNull(timeService, "timeService");
     this.filterRegistry = checkNotNull(filterRegistry,"filterRegistry");
     this.delegate = delegateBuilder.build();
@@ -182,7 +194,14 @@ public void run() {
 
   private void internalStart() {
     try {
-      xdsClientPool = xdsClientPoolFactory.getOrCreate("#server", new MetricRecorder() {});
+      BootstrapInfo bootstrapInfo;
+      if (bootstrapOverride == null) {
+        bootstrapInfo = GrpcBootstrapperImpl.defaultBootstrap();
+      } else {
+        bootstrapInfo = new GrpcBootstrapperImpl().bootstrap(bootstrapOverride);
+      }
+      xdsClientPool = xdsClientPoolFactory.getOrCreate(
+          "#server", bootstrapInfo, new MetricRecorder() {});
     } catch (Exception e) {
       StatusException statusException = Status.UNAVAILABLE.withDescription(
               "Failed to initialize xDS").withCause(e).asException();
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index 50138cb8e5a..af618beda6a 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -55,7 +55,6 @@
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.FakeClock;
-import io.grpc.internal.ObjectPool;
 import io.grpc.internal.PickFirstLoadBalancerProvider;
 import io.grpc.internal.PickSubchannelArgsImpl;
 import io.grpc.protobuf.ProtoUtils;
@@ -140,19 +139,6 @@ public void uncaughtException(Thread t, Throwable e) {
   private final LoadStatsManager2 loadStatsManager =
       new LoadStatsManager2(fakeClock.getStopwatchSupplier());
   private final FakeXdsClient xdsClient = new FakeXdsClient();
-  private final ObjectPool<XdsClient> xdsClientPool = new ObjectPool<XdsClient>() {
-    @Override
-    public XdsClient getObject() {
-      xdsClientRefs++;
-      return xdsClient;
-    }
-
-    @Override
-    public XdsClient returnObject(Object object) {
-      xdsClientRefs--;
-      return null;
-    }
-  };
   private final CallCounterProvider callCounterProvider = new CallCounterProvider() {
     @Override
     public AtomicLong getOrCreate(String cluster, @Nullable String edsServiceName) {
@@ -199,8 +185,8 @@ public void handleResolvedAddresses_propagateToChildPolicy() {
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(downstreamBalancers);
     assertThat(Iterables.getOnlyElement(childBalancer.addresses)).isEqualTo(endpoint);
     assertThat(childBalancer.config).isSameInstanceAs(weightedTargetConfig);
-    assertThat(childBalancer.attributes.get(io.grpc.xds.XdsAttributes.XDS_CLIENT_POOL))
-        .isSameInstanceAs(xdsClientPool);
+    assertThat(childBalancer.attributes.get(io.grpc.xds.XdsAttributes.XDS_CLIENT))
+        .isSameInstanceAs(xdsClient);
     assertThat(childBalancer.attributes.get(NameResolver.ATTR_BACKEND_SERVICE)).isEqualTo(CLUSTER);
   }
 
@@ -673,7 +659,7 @@ public void dropRpcsWithRespectToLbConfigDropCategories() {
             .setAddresses(Collections.singletonList(endpoint))
             .setAttributes(
                 Attributes.newBuilder()
-                    .set(io.grpc.xds.XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+                    .set(io.grpc.xds.XdsAttributes.XDS_CLIENT, xdsClient)
                     .build())
             .setLoadBalancingPolicyConfig(config)
             .build());
@@ -1070,7 +1056,7 @@ private void deliverAddressesAndConfig(List<EquivalentAddressGroup> addresses,
             .setAddresses(addresses)
             .setAttributes(
                 Attributes.newBuilder()
-                    .set(io.grpc.xds.XdsAttributes.XDS_CLIENT_POOL, xdsClientPool)
+                    .set(io.grpc.xds.XdsAttributes.XDS_CLIENT, xdsClient)
                     .set(io.grpc.xds.XdsAttributes.CALL_COUNTER_PROVIDER, callCounterProvider)
                     .build())
             .setLoadBalancingPolicyConfig(config)
diff --git a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
index 573aef7ca1e..e8bd7461736 100644
--- a/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
+++ b/xds/src/test/java/io/grpc/xds/CsdsServiceTest.java
@@ -513,13 +513,8 @@ public List<String> getTargets() {
     }
 
     @Override
-    public void setBootstrapOverride(Map<String, ?> bootstrap) {
-      throw new UnsupportedOperationException("Should not be called");
-    }
-
-
-    @Override
-    public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder) {
+    public ObjectPool<XdsClient> getOrCreate(
+        String target, BootstrapInfo bootstrapInfo, MetricRecorder metricRecorder) {
       throw new UnsupportedOperationException("Should not be called");
     }
   }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
index 3f93cc6f191..2b7bd53d5ef 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
@@ -84,6 +84,19 @@ public void restoreEnvironment() {
     CommonBootstrapperTestUtils.setEnableXdsFallback(originalExperimentalXdsFallbackFlag);
   }
 
+  @Test
+  public void parseBootstrap_emptyServers_throws() {
+    String rawData = "{\n"
+        + "  \"xds_servers\": [\n"
+        + "  ]\n"
+        + "}";
+
+    bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
+    XdsInitializationException e = Assert.assertThrows(XdsInitializationException.class,
+        bootstrapper::bootstrap);
+    assertThat(e).hasMessageThat().isEqualTo("Invalid bootstrap: 'xds_servers' is empty");
+  }
+
   @Test
   public void parseBootstrap_singleXdsServer() throws XdsInitializationException {
     String rawData = "{\n"
@@ -352,7 +365,14 @@ public void parseBootstrap_serverWithoutServerUri() throws XdsInitializationExce
   public void parseBootstrap_certProviderInstances() throws XdsInitializationException {
     String rawData =
         "{\n"
-            + "  \"xds_servers\": [],\n"
+            + "  \"xds_servers\": [\n"
+            + "    {\n"
+            + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+            + "      \"channel_creds\": [\n"
+            + "        {\"type\": \"insecure\"}\n"
+            + "      ]\n"
+            + "    }\n"
+            + "  ],\n"
             + "  \"certificate_providers\": {\n"
             + "    \"gcp_id\": {\n"
             + "      \"plugin_name\": \"meshca\",\n"
@@ -389,7 +409,6 @@ public void parseBootstrap_certProviderInstances() throws XdsInitializationExcep
 
     bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
     BootstrapInfo info = bootstrapper.bootstrap();
-    assertThat(info.servers()).isEmpty();
     assertThat(info.node()).isEqualTo(getNodeBuilder().build());
     Map<String, Bootstrapper.CertificateProviderInfo> certProviders = info.certProviders();
     assertThat(certProviders).isNotNull();
@@ -556,7 +575,14 @@ public void parseBootstrap_missingPluginName() {
   @Test
   public void parseBootstrap_grpcServerResourceId() throws XdsInitializationException {
     String rawData = "{\n"
-            + "  \"xds_servers\": [],\n"
+            + "  \"xds_servers\": [\n"
+            + "    {\n"
+            + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+            + "      \"channel_creds\": [\n"
+            + "        {\"type\": \"insecure\"}\n"
+            + "      ]\n"
+            + "    }\n"
+            + "  ],\n"
             + "  \"server_listener_resource_name_template\": \"grpc/serverx=%s\"\n"
             + "}";
 
@@ -779,6 +805,12 @@ public void fallbackToConfigFromSysProp() throws XdsInitializationException {
   public void parseClientDefaultListenerResourceNameTemplate() throws Exception {
     String rawData = "{\n"
         + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [\n"
+        + "        {\"type\": \"insecure\"}\n"
+        + "      ]\n"
+        + "    }\n"
         + "  ]\n"
         + "}";
     bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
@@ -788,6 +820,12 @@ public void parseClientDefaultListenerResourceNameTemplate() throws Exception {
     rawData = "{\n"
         + "  \"client_default_listener_resource_name_template\": \"xdstp://a.com/faketype/%s\",\n"
         + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [\n"
+        + "        {\"type\": \"insecure\"}\n"
+        + "      ]\n"
+        + "    }\n"
         + "  ]\n"
         + "}";
     bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
diff --git a/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java b/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
index 24f1750d5a8..29b149f166f 100644
--- a/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/SharedXdsClientPoolProviderTest.java
@@ -19,7 +19,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.Metadata.ASCII_STRING_MARSHALLER;
-import static org.junit.Assert.assertThrows;
+import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
@@ -74,16 +74,24 @@ public class SharedXdsClientPoolProviderTest {
   private GrpcBootstrapperImpl bootstrapper;
   @Mock private ResourceWatcher<LdsUpdate> ldsResourceWatcher;
 
+  @Deprecated
   @Test
-  public void noServer() throws XdsInitializationException {
+  public void sharedXdsClientObjectPool_deprecated() throws XdsInitializationException {
+    ServerInfo server = ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
-        BootstrapInfo.builder().servers(Collections.<ServerInfo>emptyList()).node(node).build();
+        BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
     when(bootstrapper.bootstrap()).thenReturn(bootstrapInfo);
+
     SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
-    XdsInitializationException e = assertThrows(XdsInitializationException.class,
-        () -> provider.getOrCreate(DUMMY_TARGET, metricRecorder));
-    assertThat(e).hasMessageThat().isEqualTo("No xDS server provided");
     assertThat(provider.get(DUMMY_TARGET)).isNull();
+    ObjectPool<XdsClient> xdsClientPool =
+        provider.getOrCreate(DUMMY_TARGET, metricRecorder, null);
+    verify(bootstrapper).bootstrap();
+    assertThat(provider.getOrCreate(DUMMY_TARGET, bootstrapInfo, metricRecorder))
+        .isSameInstanceAs(xdsClientPool);
+    assertThat(provider.get(DUMMY_TARGET)).isNotNull();
+    assertThat(provider.get(DUMMY_TARGET)).isSameInstanceAs(xdsClientPool);
+    verifyNoMoreInteractions(bootstrapper);
   }
 
   @Test
@@ -91,13 +99,14 @@ public void sharedXdsClientObjectPool() throws XdsInitializationException {
     ServerInfo server = ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
         BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
-    when(bootstrapper.bootstrap()).thenReturn(bootstrapInfo);
 
     SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
     assertThat(provider.get(DUMMY_TARGET)).isNull();
-    ObjectPool<XdsClient> xdsClientPool = provider.getOrCreate(DUMMY_TARGET, metricRecorder);
-    verify(bootstrapper).bootstrap();
-    assertThat(provider.getOrCreate(DUMMY_TARGET, metricRecorder)).isSameInstanceAs(xdsClientPool);
+    ObjectPool<XdsClient> xdsClientPool =
+        provider.getOrCreate(DUMMY_TARGET, bootstrapInfo, metricRecorder);
+    verify(bootstrapper, never()).bootstrap();
+    assertThat(provider.getOrCreate(DUMMY_TARGET, bootstrapInfo, metricRecorder))
+        .isSameInstanceAs(xdsClientPool);
     assertThat(provider.get(DUMMY_TARGET)).isNotNull();
     assertThat(provider.get(DUMMY_TARGET)).isSameInstanceAs(xdsClientPool);
     verifyNoMoreInteractions(bootstrapper);
@@ -108,7 +117,7 @@ public void refCountedXdsClientObjectPool_delayedCreation() {
     ServerInfo server = ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
         BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
-    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
+    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider();
     RefCountedXdsClientObjectPool xdsClientPool =
         provider.new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET, metricRecorder);
     assertThat(xdsClientPool.getXdsClientForTest()).isNull();
@@ -122,7 +131,7 @@ public void refCountedXdsClientObjectPool_refCounted() {
     ServerInfo server = ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
         BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
-    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
+    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider();
     RefCountedXdsClientObjectPool xdsClientPool =
         provider.new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET, metricRecorder);
     // getObject once
@@ -143,7 +152,7 @@ public void refCountedXdsClientObjectPool_getObjectCreatesNewInstanceIfAlreadySh
     ServerInfo server = ServerInfo.create(SERVER_URI, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
         BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
-    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
+    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider();
     RefCountedXdsClientObjectPool xdsClientPool =
         provider.new RefCountedXdsClientObjectPool(bootstrapInfo, DUMMY_TARGET, metricRecorder);
     XdsClient xdsClient1 = xdsClientPool.getObject();
@@ -189,8 +198,7 @@ public void xdsClient_usesCallCredentials() throws Exception {
     ServerInfo server = ServerInfo.create(xdsServerUri, InsecureChannelCredentials.create());
     BootstrapInfo bootstrapInfo =
         BootstrapInfo.builder().servers(Collections.singletonList(server)).node(node).build();
-    when(bootstrapper.bootstrap()).thenReturn(bootstrapInfo);
-    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider(bootstrapper);
+    SharedXdsClientPoolProvider provider = new SharedXdsClientPoolProvider();
 
     // Create custom xDS transport CallCredentials
     CallCredentials sampleCreds =
@@ -199,7 +207,7 @@ public void xdsClient_usesCallCredentials() throws Exception {
 
     // Create xDS client that uses the CallCredentials on the transport
     ObjectPool<XdsClient> xdsClientPool =
-        provider.getOrCreate("target", metricRecorder, sampleCreds);
+        provider.getOrCreate("target", bootstrapInfo, metricRecorder, sampleCreds);
     XdsClient xdsClient = xdsClientPool.getObject();
     xdsClient.watchXdsResource(
         XdsListenerResource.getInstance(), "someLDSresource", ldsResourceWatcher);
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index 1e7ce6dc2a2..09b4c5d8637 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -178,8 +178,10 @@ public void setUp() throws XdsInitializationException {
     setAdsConfig(fallbackServer, FALLBACK_SERVER);
 
     SharedXdsClientPoolProvider clientPoolProvider = new SharedXdsClientPoolProvider();
-    clientPoolProvider.setBootstrapOverride(defaultBootstrapOverride());
-    xdsClientPool = clientPoolProvider.getOrCreate(DUMMY_TARGET, metricRecorder);
+    xdsClientPool = clientPoolProvider.getOrCreate(
+        DUMMY_TARGET,
+        new GrpcBootstrapperImpl().bootstrap(defaultBootstrapOverride()),
+        metricRecorder);
   }
 
   @After
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
index ee32c4490af..24ef60c4685 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
@@ -79,8 +79,10 @@ public class XdsClientFederationTest {
   @Before
   public void setUp() throws XdsInitializationException {
     SharedXdsClientPoolProvider clientPoolProvider = new SharedXdsClientPoolProvider();
-    clientPoolProvider.setBootstrapOverride(defaultBootstrapOverride());
-    xdsClientPool = clientPoolProvider.getOrCreate(DUMMY_TARGET, metricRecorder);
+    xdsClientPool = clientPoolProvider.getOrCreate(
+        DUMMY_TARGET,
+        new GrpcBootstrapperImpl().bootstrap(defaultBootstrapOverride()),
+        metricRecorder);
     xdsClient = xdsClientPool.getObject();
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
index f997f583898..53dcd15dd3b 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
@@ -120,7 +120,8 @@ public void setUp() {
     when(mockBuilder.build()).thenReturn(mockServer);
     when(mockServer.isShutdown()).thenReturn(false);
     xdsServerWrapper = new XdsServerWrapper("0.0.0.0:" + PORT, mockBuilder, listener,
-            selectorManager, new FakeXdsClientPoolFactory(xdsClient), FilterRegistry.newRegistry());
+            selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+            XdsServerTestHelper.RAW_BOOTSTRAP, FilterRegistry.newRegistry());
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 6edd98f923e..d090687a072 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -101,7 +101,6 @@
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.client.EnvoyProtoData.Node;
 import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.client.XdsResourceType;
 import java.io.IOException;
 import java.net.URI;
@@ -174,6 +173,15 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
   private final CallInfo call2 = new CallInfo("GreetService", "bye");
   private final TestChannel channel = new TestChannel();
   private final MetricRecorder metricRecorder = new MetricRecorder() {};
+  private final Map<String, ?> rawBootstrap = ImmutableMap.of(
+      "xds_servers", ImmutableList.of(
+          ImmutableMap.of(
+              "server_uri", "td.googleapis.com",
+              "channel_creds", ImmutableList.of(
+                  ImmutableMap.of(
+                      "type", "insecure")))
+      ));
+
   private BootstrapInfo bootstrapInfo = BootstrapInfo.builder()
       .servers(ImmutableList.of(ServerInfo.create(
           "td.googleapis.com", InsecureChannelCredentials.create())))
@@ -230,7 +238,8 @@ public void setUp() {
 
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, filterRegistry, null, metricRecorder, nameResolverArgs);
+        xdsClientPoolFactory, mockRandom, filterRegistry, rawBootstrap, metricRecorder,
+        nameResolverArgs);
   }
 
   @After
@@ -250,46 +259,23 @@ public void tearDown() {
 
   @Test
   public void resolving_failToCreateXdsClientPool() {
-    XdsClientPoolFactory xdsClientPoolFactory = new XdsClientPoolFactory() {
-      @Override
-      public void setBootstrapOverride(Map<String, ?> bootstrap) {
-      }
-
-      @Override
-      @Nullable
-      public ObjectPool<XdsClient> get(String target) {
-        throw new UnsupportedOperationException("Should not be called");
-      }
-
-      @Override
-      public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
-          throws XdsInitializationException {
-        throw new XdsInitializationException("Fail to read bootstrap file");
-      }
-
-      @Override
-      public List<String> getTargets() {
-        return null;
-      }
-    };
-
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder, nameResolverArgs);
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(),
+        Collections.emptyMap(), metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener).onError(errorCaptor.capture());
     Status error = errorCaptor.getValue();
     assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(error.getDescription()).isEqualTo("Failed to initialize xDS");
-    assertThat(error.getCause()).hasMessageThat().isEqualTo("Fail to read bootstrap file");
+    assertThat(error.getCause()).hasMessageThat().contains("Invalid bootstrap");
   }
 
   @Test
   public void resolving_withTargetAuthorityNotFound() {
     resolver = new XdsNameResolver(targetUri,
         "notfound.google.com", AUTHORITY, null, serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener).onError(errorCaptor.capture());
@@ -312,7 +298,8 @@ public void resolving_noTargetAuthority_templateWithoutXdstp() {
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext,
         scheduler, xdsClientPoolFactory,
-        mockRandom, FilterRegistry.getDefaultRegistry(), null, metricRecorder, nameResolverArgs);
+        mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap, metricRecorder,
+        nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
   }
@@ -332,7 +319,7 @@ public void resolving_noTargetAuthority_templateWithXdstp() {
             + "%5B::FFFF:129.144.52.38%5D:80?id=1";
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
@@ -353,7 +340,7 @@ public void resolving_noTargetAuthority_xdstpWithMultipleSlashes() {
             + "path/to/service?id=1";
     resolver = new XdsNameResolver(
         targetUri, null, serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
 
 
@@ -382,7 +369,7 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
         + "%5B::FFFF:129.144.52.38%5D:80?bar=2&foo=1"; // query param canonified
     resolver = new XdsNameResolver(targetUri,
         "xds.authority.com", serviceAuthority, null, serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     verify(mockListener, never()).onError(any(Status.class));
@@ -415,7 +402,7 @@ public void resolving_ldsResourceUpdateRdsName() {
         .build();
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
     // use different ldsResourceName and service authority. The virtualhost lookup should use
     // service authority.
@@ -617,7 +604,7 @@ public void resolving_matchingVirtualHostNotFound_matchingOverrideAuthority() {
 
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, "random",
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
@@ -642,7 +629,7 @@ public void resolving_matchingVirtualHostNotFound_notMatchingOverrideAuthority()
 
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, "random",
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
@@ -655,7 +642,7 @@ public void resolving_matchingVirtualHostNotFound_notMatchingOverrideAuthority()
   public void resolving_matchingVirtualHostNotFoundForOverrideAuthority() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, AUTHORITY,
         serviceConfigParser, syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
@@ -740,8 +727,8 @@ public void retryPolicyInPerMethodConfigGeneratedByResolverIsValid() {
     ServiceConfigParser realParser = new ScParser(
         true, 5, 5, new AutoConfiguredLoadBalancerFactory("pick-first"));
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, realParser, syncContext,
-        scheduler, xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
-        metricRecorder, nameResolverArgs);
+        scheduler, xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(),
+        rawBootstrap, metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     RetryPolicy retryPolicy = RetryPolicy.create(
@@ -822,7 +809,7 @@ public void resolved_simpleCallFailedToRoute_routeWithNonForwardingAction() {
     assertServiceConfigForLoadBalancingConfig(
         Collections.singletonList(cluster2),
         (Map<String, ?>) result.getServiceConfig().getConfig());
-    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT)).isNotNull();
     assertThat(result.getAttributes().get(XdsAttributes.CALL_COUNTER_PROVIDER)).isNotNull();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     // Simulates making a call1 RPC.
@@ -952,7 +939,7 @@ public void resolved_rpcHashingByChannelId() {
     when(mockRandom.nextLong()).thenReturn(123L);
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler,
-        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), null,
+        xdsClientPoolFactory, mockRandom, FilterRegistry.getDefaultRegistry(), rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     xdsClient = (FakeXdsClient) resolver.getXdsClient();
@@ -986,7 +973,7 @@ public void resolved_rpcHashingByChannelId() {
   public void resolved_routeActionHasAutoHostRewrite_emitsCallOptionForTheSame() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler, xdsClientPoolFactory, mockRandom,
-        FilterRegistry.getDefaultRegistry(), null, metricRecorder, nameResolverArgs);
+        FilterRegistry.getDefaultRegistry(), rawBootstrap, metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
@@ -1017,7 +1004,7 @@ public void resolved_routeActionHasAutoHostRewrite_emitsCallOptionForTheSame() {
   public void resolved_routeActionNoAutoHostRewrite_doesntEmitCallOptionForTheSame() {
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
         syncContext, scheduler, xdsClientPoolFactory, mockRandom,
-        FilterRegistry.getDefaultRegistry(), null, metricRecorder, nameResolverArgs);
+        FilterRegistry.getDefaultRegistry(), rawBootstrap, metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsUpdate(
@@ -1235,7 +1222,7 @@ public void resolved_simpleCallSucceeds_routeToWeightedCluster() {
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2), (Map<String, ?>) result.getServiceConfig().getConfig());
-    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT)).isNotNull();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     assertCallSelectClusterResult(call1, configSelector, cluster2, 20.0);
     assertCallSelectClusterResult(call1, configSelector, cluster1, 20.0);
@@ -1300,7 +1287,7 @@ public void resolved_simpleCallSucceeds_routeToRls() {
                 ImmutableList.of(ImmutableMap.of("rls_experimental", expectedRlsLbConfig)))));
     assertThat(clusterManagerLbConfig).isEqualTo(expectedClusterManagerLbConfig);
 
-    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT)).isNotNull();
     InternalConfigSelector configSelector = result.getAttributes().get(InternalConfigSelector.KEY);
     assertCallSelectRlsPluginResult(
         call1, configSelector, "rls-plugin-foo", 20.0);
@@ -1489,7 +1476,7 @@ public void filterState_specialCase_sameNameDifferentTypeUrl() {
     FilterRegistry filterRegistry = FilterRegistry.newRegistry()
         .register(statefulFilterProvider, altStatefulFilterProvider, ROUTER_FILTER_PROVIDER);
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
-        syncContext, scheduler, xdsClientPoolFactory, mockRandom, filterRegistry, null,
+        syncContext, scheduler, xdsClientPoolFactory, mockRandom, filterRegistry, rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
 
@@ -1627,7 +1614,7 @@ private StatefulFilter.Provider filterStateTestSetupResolver() {
     FilterRegistry filterRegistry = FilterRegistry.newRegistry()
         .register(statefulFilterProvider, ROUTER_FILTER_PROVIDER);
     resolver = new XdsNameResolver(targetUri, null, AUTHORITY, null, serviceConfigParser,
-        syncContext, scheduler, xdsClientPoolFactory, mockRandom, filterRegistry, null,
+        syncContext, scheduler, xdsClientPoolFactory, mockRandom, filterRegistry, rawBootstrap,
         metricRecorder, nameResolverArgs);
     resolver.start(mockListener);
     return statefulFilterProvider;
@@ -1761,7 +1748,7 @@ private InternalConfigSelector resolveToClusters() {
     assertThat(result.getAddressesOrError().getValue()).isEmpty();
     assertServiceConfigForLoadBalancingConfig(
         Arrays.asList(cluster1, cluster2), (Map<String, ?>) result.getServiceConfig().getConfig());
-    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT_POOL)).isNotNull();
+    assertThat(result.getAttributes().get(XdsAttributes.XDS_CLIENT)).isNotNull();
     assertThat(result.getAttributes().get(XdsAttributes.CALL_COUNTER_PROVIDER)).isNotNull();
     return result.getAttributes().get(InternalConfigSelector.KEY);
   }
@@ -2423,9 +2410,6 @@ private final class FakeXdsClientPoolFactory implements XdsClientPoolFactory {
     Set<String> targets = new HashSet<>();
     XdsClient xdsClient = new FakeXdsClient();
 
-    @Override
-    public void setBootstrapOverride(Map<String, ?> bootstrap) {}
-
     @Override
     @Nullable
     public ObjectPool<XdsClient> get(String target) {
@@ -2433,8 +2417,8 @@ public ObjectPool<XdsClient> get(String target) {
     }
 
     @Override
-    public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
-        throws XdsInitializationException {
+    public ObjectPool<XdsClient> getOrCreate(
+        String target, BootstrapInfo bootstrapInfo, MetricRecorder metricRecorder) {
       targets.add(target);
       return new ObjectPool<XdsClient>() {
         @Override
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index 6e4d243e904..9141147702f 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -753,6 +753,7 @@ private void buildServerWithFallbackServerCredentials(
     ServerCredentials xdsCredentials = XdsServerCredentials.create(fallbackCredentials);
     XdsServerBuilder builder = XdsServerBuilder.forPort(0, xdsCredentials)
             .xdsClientPoolFactory(fakePoolFactory)
+            .overrideBootstrapForTest(XdsServerTestHelper.RAW_BOOTSTRAP)
             .addService(new SimpleServiceImpl());
     buildServer(builder, downstreamTlsContext);
   }
@@ -872,7 +873,18 @@ public void run() {
         }
       }
     });
-    xdsClient.ldsResource.get(8000, TimeUnit.MILLISECONDS);
+    try {
+      xdsClient.ldsResource.get(8000, TimeUnit.MILLISECONDS);
+    } catch (Exception ex) {
+      // start() probably failed, so throw its exception
+      if (settableFuture.isDone()) {
+        Throwable t = settableFuture.get();
+        if (t != null) {
+          throw new Exception(t);
+        }
+      }
+      throw ex;
+    }
     return settableFuture;
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java b/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
index 2c168c65869..40225d3860d 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
@@ -43,7 +43,6 @@
 import java.net.InetSocketAddress;
 import java.net.ServerSocket;
 import java.net.SocketAddress;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ExecutionException;
@@ -84,6 +83,7 @@ private void buildBuilder(XdsServerBuilder.XdsServingStatusListener xdsServingSt
         XdsServerBuilder.forPort(
             port, XdsServerCredentials.create(InsecureServerCredentials.create()));
     builder.xdsClientPoolFactory(xdsClientPoolFactory);
+    builder.overrideBootstrapForTest(XdsServerTestHelper.RAW_BOOTSTRAP);
     if (xdsServingStatusListener != null) {
       builder.xdsServingStatusListener(xdsServingStatusListener);
     }
@@ -138,7 +138,18 @@ public void run() {
         }
       }
     });
-    xdsClient.ldsResource.get(5000, TimeUnit.MILLISECONDS);
+    try {
+      xdsClient.ldsResource.get(5000, TimeUnit.MILLISECONDS);
+    } catch (TimeoutException ex) {
+      // start() probably failed, so throw its exception
+      if (settableFuture.isDone()) {
+        Throwable t = settableFuture.get();
+        if (t != null) {
+          throw new ExecutionException(t);
+        }
+      }
+      throw ex;
+    }
     return settableFuture;
   }
 
@@ -304,9 +315,12 @@ public void drainGraceTime_negativeThrows() throws IOException {
 
   @Test
   public void testOverrideBootstrap() throws Exception {
-    Map<String, Object> b = new HashMap<>();
+    Map<String, ?> b = XdsServerTestHelper.RAW_BOOTSTRAP;
     buildBuilder(null);
     builder.overrideBootstrapForTest(b);
-    assertThat(xdsClientPoolFactory.savedBootstrap).isEqualTo(b);
+    xdsServer = cleanupRule.register((XdsServerWrapper) builder.build());
+    Future<Throwable> unused = startServerAsync();
+    assertThat(xdsClientPoolFactory.savedBootstrapInfo.node().getId())
+        .isEqualTo(XdsServerTestHelper.BOOTSTRAP_INFO.node().getId());
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
index b0472b4729d..a9236ac77ca 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
@@ -37,7 +37,6 @@
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.EnvoyProtoData;
 import io.grpc.xds.client.XdsClient;
-import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.client.XdsResourceType;
 import java.time.Duration;
 import java.util.ArrayList;
@@ -63,6 +62,17 @@ public class XdsServerTestHelper {
       "projects/42/networks/default/nodes/5c85b298-6f5b-4722-b74a-f7d1f0ccf5ad";
   private static final EnvoyProtoData.Node BOOTSTRAP_NODE =
       EnvoyProtoData.Node.newBuilder().setId(NODE_ID).build();
+  static final Map<String, ?> RAW_BOOTSTRAP = ImmutableMap.of(
+      "node", ImmutableMap.of(
+          "id", NODE_ID),
+      "server_listener_resource_name_template", "grpc/server?udpa.resource.listening_address=%s",
+      "xds_servers", ImmutableList.of(
+          ImmutableMap.of(
+              "server_uri", SERVER_URI,
+              "channel_creds", ImmutableList.of(
+                  ImmutableMap.of(
+                      "type", "insecure")))
+      ));
   static final Bootstrapper.BootstrapInfo BOOTSTRAP_INFO =
       Bootstrapper.BootstrapInfo.builder()
           .servers(Arrays.asList(
@@ -140,17 +150,12 @@ static final class FakeXdsClientPoolFactory
         implements XdsClientPoolFactory {
 
     private XdsClient xdsClient;
-    Map<String, ?> savedBootstrap;
+    BootstrapInfo savedBootstrapInfo;
 
     FakeXdsClientPoolFactory(XdsClient xdsClient) {
       this.xdsClient = xdsClient;
     }
 
-    @Override
-    public void setBootstrapOverride(Map<String, ?> bootstrap) {
-      this.savedBootstrap = bootstrap;
-    }
-
     @Override
     @Nullable
     public ObjectPool<XdsClient> get(String target) {
@@ -158,8 +163,9 @@ public ObjectPool<XdsClient> get(String target) {
     }
 
     @Override
-    public ObjectPool<XdsClient> getOrCreate(String target, MetricRecorder metricRecorder)
-        throws XdsInitializationException {
+    public ObjectPool<XdsClient> getOrCreate(
+        String target, BootstrapInfo bootstrapInfo, MetricRecorder metricRecorder) {
+      this.savedBootstrapInfo = bootstrapInfo;
       return new ObjectPool<XdsClient>() {
         @Override
         public XdsClient getObject() {
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
index ce1c6b94a35..99e9907f7d0 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
@@ -135,6 +135,7 @@ public void setup() {
     when(mockBuilder.build()).thenReturn(mockServer);
     xdsServerWrapper = new XdsServerWrapper("0.0.0.0:1", mockBuilder, listener,
             selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+            XdsServerTestHelper.RAW_BOOTSTRAP,
             filterRegistry, executor.getScheduledExecutorService());
   }
 
@@ -157,7 +158,8 @@ public void testBootstrap() throws Exception {
     XdsListenerResource listenerResource = XdsListenerResource.getInstance();
     when(xdsClient.getBootstrapInfo()).thenReturn(b);
     xdsServerWrapper = new XdsServerWrapper("[::FFFF:129.144.52.38]:80", mockBuilder, listener,
-        selectorManager, new FakeXdsClientPoolFactory(xdsClient), filterRegistry);
+        selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        XdsServerTestHelper.RAW_BOOTSTRAP, filterRegistry);
     Executors.newSingleThreadExecutor().execute(new Runnable() {
       @Override
       public void run() {
@@ -190,7 +192,8 @@ private void verifyBootstrapFail(Bootstrapper.BootstrapInfo b) throws Exception
     XdsClient xdsClient = mock(XdsClient.class);
     when(xdsClient.getBootstrapInfo()).thenReturn(b);
     xdsServerWrapper = new XdsServerWrapper("0.0.0.0:1", mockBuilder, listener,
-            selectorManager, new FakeXdsClientPoolFactory(xdsClient), filterRegistry);
+            selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+            XdsServerTestHelper.RAW_BOOTSTRAP, filterRegistry);
     final SettableFuture<Server> start = SettableFuture.create();
     Executors.newSingleThreadExecutor().execute(new Runnable() {
       @Override
@@ -229,7 +232,8 @@ public void testBootstrap_templateWithXdstp() throws Exception {
     XdsListenerResource listenerResource = XdsListenerResource.getInstance();
     when(xdsClient.getBootstrapInfo()).thenReturn(b);
     xdsServerWrapper = new XdsServerWrapper("[::FFFF:129.144.52.38]:80", mockBuilder, listener,
-        selectorManager, new FakeXdsClientPoolFactory(xdsClient), filterRegistry);
+        selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        XdsServerTestHelper.RAW_BOOTSTRAP, filterRegistry);
     Executors.newSingleThreadExecutor().execute(new Runnable() {
       @Override
       public void run() {
@@ -546,6 +550,7 @@ public void onChanged_listenerIsNull()
       throws ExecutionException, InterruptedException, TimeoutException {
     xdsServerWrapper = new XdsServerWrapper("10.1.2.3:1", mockBuilder, listener,
         selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        XdsServerTestHelper.RAW_BOOTSTRAP,
         filterRegistry, executor.getScheduledExecutorService());
     final SettableFuture<Server> start = SettableFuture.create();
     Executors.newSingleThreadExecutor().execute(new Runnable() {
@@ -575,6 +580,7 @@ public void onChanged_listenerAddressMissingPort()
       throws ExecutionException, InterruptedException, TimeoutException {
     xdsServerWrapper = new XdsServerWrapper("10.1.2.3:1", mockBuilder, listener,
         selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        XdsServerTestHelper.RAW_BOOTSTRAP,
         filterRegistry, executor.getScheduledExecutorService());
     final SettableFuture<Server> start = SettableFuture.create();
     Executors.newSingleThreadExecutor().execute(new Runnable() {
@@ -612,6 +618,7 @@ public void onChanged_listenerAddressMismatch()
       throws ExecutionException, InterruptedException, TimeoutException {
     xdsServerWrapper = new XdsServerWrapper("10.1.2.3:1", mockBuilder, listener,
         selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        XdsServerTestHelper.RAW_BOOTSTRAP,
         filterRegistry, executor.getScheduledExecutorService());
     final SettableFuture<Server> start = SettableFuture.create();
     Executors.newSingleThreadExecutor().execute(new Runnable() {
@@ -649,6 +656,7 @@ public void onChanged_listenerAddressPortMismatch()
       throws ExecutionException, InterruptedException, TimeoutException {
     xdsServerWrapper = new XdsServerWrapper("10.1.2.3:1", mockBuilder, listener,
         selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        XdsServerTestHelper.RAW_BOOTSTRAP,
         filterRegistry, executor.getScheduledExecutorService());
     final SettableFuture<Server> start = SettableFuture.create();
     Executors.newSingleThreadExecutor().execute(new Runnable() {
@@ -1842,7 +1850,8 @@ private FilterRegistry filterStateTestFilterRegistry(
 
   private SettableFuture<Server> filterStateTestStartServer(FilterRegistry filterRegistry) {
     xdsServerWrapper = new XdsServerWrapper("0.0.0.0:1", mockBuilder, listener,
-        selectorManager, new FakeXdsClientPoolFactory(xdsClient), filterRegistry);
+        selectorManager, new FakeXdsClientPoolFactory(xdsClient),
+        XdsServerTestHelper.RAW_BOOTSTRAP, filterRegistry);
     SettableFuture<Server> serverStart = SettableFuture.create();
     scheduleServerStart(xdsServerWrapper, serverStart);
     return serverStart;

From 86e8b56170a12b45dcf243a40db1670de595b3c0 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 7 Oct 2025 15:16:40 -0700
Subject: [PATCH 423/591] Include causal status details in higher-level
 statuses

When an operation fails and we want to produce a new status at a higher
level, we commonly are turning the first status into an exception to
attach to the new exception. We should instead prefer to keep as much
information in the status description itself, as cause is not as
reliable to be logged/propagated.

I do expect long-term we'll want to expose an API in grpc-api for this,
but for the moment let's keep it internal. In particular, we'd have to
figure out its name. I could also believe we might want different
formatting, which becomes a clearer discussion when we can see the
usages.

I'm pretty certain there are some other places that could benefit from
this utility, as I remember really wishing I had these functions a month
or two ago. But these are the places I could immediately find.

OutlierDetectionLoadBalancerConfig had its status code changed from
INTERNAL to UNAVAILABLE because the value comes externally, and so isn't
a gRPC bug or such. I didn't change the xds policies in the same way
because it's murkier as the configuration for those is largely generated
within xds itself.
---
 .../main/java/io/grpc/internal/GrpcUtil.java  | 25 +++++++++++++++++++
 .../io/grpc/internal/RetriableStream.java     |  5 ++--
 .../OpenTelemetryTracingModule.java           | 11 ++------
 .../OutlierDetectionLoadBalancerProvider.java |  8 +++---
 .../WeightedTargetLoadBalancerProvider.java   |  8 +++---
 .../xds/WrrLocalityLoadBalancerProvider.java  |  8 +++---
 6 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index a512fff6af2..048812ac1de 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -821,6 +821,31 @@ public static Status replaceInappropriateControlPlaneStatus(Status status) {
             + status.getDescription()).withCause(status.getCause()) : status;
   }
 
+  /**
+   * Returns a "clean" representation of a status code and description (not cause) like
+   * "UNAVAILABLE: The description". Should be similar to Status.formatThrowableMessage().
+   */
+  public static String statusToPrettyString(Status status) {
+    if (status.getDescription() == null) {
+      return status.getCode().toString();
+    } else {
+      return status.getCode() + ": " + status.getDescription();
+    }
+  }
+
+  /**
+   * Create a status with contextual information, propagating details from a non-null status that
+   * contributed to the failure. For example, if UNAVAILABLE, "Couldn't load bar", and status
+   * "FAILED_PRECONDITION: Foo missing" were passed as arguments, then this method would produce the
+   * status "UNAVAILABLE: Couldn't load bar: FAILED_PRECONDITION: Foo missing" with a cause if the
+   * passed status had a cause.
+   */
+  public static Status statusWithDetails(Status.Code code, String description, Status causeStatus) {
+    return code.toStatus()
+        .withDescription(description + ": " + statusToPrettyString(causeStatus))
+        .withCause(causeStatus.getCause());
+  }
+
   /**
    * Checks whether the given item exists in the iterable.  This is copied from Guava Collect's
    * {@code Iterables.contains()} because Guava Collect is not Android-friendly thus core can't
diff --git a/core/src/main/java/io/grpc/internal/RetriableStream.java b/core/src/main/java/io/grpc/internal/RetriableStream.java
index 9fe8ab4ffff..96816eb6f15 100644
--- a/core/src/main/java/io/grpc/internal/RetriableStream.java
+++ b/core/src/main/java/io/grpc/internal/RetriableStream.java
@@ -938,9 +938,8 @@ public void run() {
           && localOnlyTransparentRetries.incrementAndGet() > 1_000) {
         commitAndRun(substream);
         if (state.winningSubstream == substream) {
-          Status tooManyTransparentRetries = Status.INTERNAL
-              .withDescription("Too many transparent retries. Might be a bug in gRPC")
-              .withCause(status.asRuntimeException());
+          Status tooManyTransparentRetries = GrpcUtil.statusWithDetails(
+              Status.Code.INTERNAL, "Too many transparent retries. Might be a bug in gRPC", status);
           safeCloseMasterListener(tooManyTransparentRetries, rpcProgress, trailers);
         }
         return;
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
index 8c42a189ac2..4fa4f802dc0 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
@@ -36,6 +36,7 @@
 import io.grpc.ServerCallHandler;
 import io.grpc.ServerInterceptor;
 import io.grpc.ServerStreamTracer;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
 import io.opentelemetry.api.OpenTelemetry;
 import io.opentelemetry.api.common.AttributesBuilder;
@@ -463,19 +464,11 @@ private void recordInboundMessageSize(Span span, int seqNo, long bytes) {
     span.addEvent("Inbound message", attributesBuilder.build());
   }
 
-  private String generateErrorStatusDescription(io.grpc.Status status) {
-    if (status.getDescription() != null) {
-      return status.getCode() + ": " + status.getDescription();
-    } else {
-      return status.getCode().toString();
-    }
-  }
-
   private void endSpanWithStatus(Span span, io.grpc.Status status) {
     if (status.isOk()) {
       span.setStatus(StatusCode.OK);
     } else {
-      span.setStatus(StatusCode.ERROR, generateErrorStatusDescription(status));
+      span.setStatus(StatusCode.ERROR, GrpcUtil.statusToPrettyString(status));
     }
     span.end();
   }
diff --git a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancerProvider.java b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancerProvider.java
index c76d68a03de..084898bc38f 100644
--- a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancerProvider.java
+++ b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancerProvider.java
@@ -23,6 +23,7 @@
 import io.grpc.LoadBalancerProvider;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.JsonUtil;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig.FailurePercentageEjection;
@@ -148,9 +149,10 @@ private ConfigOrError parseLoadBalancingPolicyConfigInternal(Map<String, ?> rawC
     ConfigOrError childConfig = GracefulSwitchLoadBalancer.parseLoadBalancingPolicyConfig(
         JsonUtil.getListOfObjects(rawConfig, "childPolicy"));
     if (childConfig.getError() != null) {
-      return ConfigOrError.fromError(Status.INTERNAL
-          .withDescription("Failed to parse child in outlier_detection_experimental: " + rawConfig)
-          .withCause(childConfig.getError().asRuntimeException()));
+      return ConfigOrError.fromError(GrpcUtil.statusWithDetails(
+          Status.Code.UNAVAILABLE,
+          "Failed to parse child in outlier_detection_experimental",
+          childConfig.getError()));
     }
     configBuilder.setChildConfig(childConfig.getConfig());
 
diff --git a/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancerProvider.java
index 55f33fb11aa..15318693aca 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancerProvider.java
@@ -25,6 +25,7 @@
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.JsonUtil;
 import io.grpc.util.GracefulSwitchLoadBalancer;
 import java.util.LinkedHashMap;
@@ -99,9 +100,10 @@ public ConfigOrError parseLoadBalancingPolicyConfig(Map<String, ?> rawConfig) {
         ConfigOrError childConfig = GracefulSwitchLoadBalancer.parseLoadBalancingPolicyConfig(
             JsonUtil.getListOfObjects(rawWeightedTarget, "childPolicy"), lbRegistry);
         if (childConfig.getError() != null) {
-          return ConfigOrError.fromError(Status.INTERNAL
-              .withDescription("Could not parse weighted_target's child policy:" + name)
-              .withCause(childConfig.getError().asRuntimeException()));
+          return ConfigOrError.fromError(GrpcUtil.statusWithDetails(
+              Status.Code.INTERNAL,
+              "Could not parse weighted_target's child policy: " + name,
+              childConfig.getError()));
         }
         parsedChildConfigs.put(name, new WeightedPolicySelection(weight, childConfig.getConfig()));
       }
diff --git a/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancerProvider.java
index 384831b8a05..3693df9208a 100644
--- a/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/WrrLocalityLoadBalancerProvider.java
@@ -23,6 +23,7 @@
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.JsonUtil;
 import io.grpc.util.GracefulSwitchLoadBalancer;
 import io.grpc.xds.WrrLocalityLoadBalancer.WrrLocalityConfig;
@@ -62,9 +63,10 @@ public ConfigOrError parseLoadBalancingPolicyConfig(Map<String, ?> rawConfig) {
       ConfigOrError childConfig = GracefulSwitchLoadBalancer.parseLoadBalancingPolicyConfig(
           JsonUtil.getListOfObjects(rawConfig, "childPolicy"));
       if (childConfig.getError() != null) {
-        return ConfigOrError.fromError(Status.INTERNAL
-            .withDescription("Failed to parse child policy in wrr_locality LB policy: " + rawConfig)
-            .withCause(childConfig.getError().asRuntimeException()));
+        return ConfigOrError.fromError(GrpcUtil.statusWithDetails(
+            Status.Code.INTERNAL,
+            "Failed to parse child policy in wrr_locality LB policy",
+            childConfig.getError()));
       }
       return ConfigOrError.fromConfig(new WrrLocalityConfig(childConfig.getConfig()));
     } catch (RuntimeException e) {

From 827558077861daf444638e4f432e6562cb5cb3b5 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 29 Oct 2025 10:26:02 -0700
Subject: [PATCH 424/591] Flatten the BinderTransports using the "guard clause"
 pattern (#12449)

`Binder[Client/Server]Transport` uses the following "single exit point"
style/pattern of control flow all over the place:
```
if (inState(ExpectedState)) {
  if (!doStep1ThatCanFail()) {
    // error handling
  } else if (!doStep2ThatCanFail()) {
    // error handling
  } else if (...) {
    ...
  } else {
    // Happy case.
  }
}
```

This has the advantage of a single exit point which, in C-like languages
has historically been useful for unconditional cleanup like releasing
locks and closing resources. However, in Java with exceptions,
unconditional cleanup has to happen in a finally block and so we don't
really benefit. On the other hand the single exit point pattern creates
a lot of nesting:
- The happy case is always nested at least two levels deep in an `else`.
- Inserting a new no-fail step in the sequence (say between 1 and 2) is
awkward. You have to either create an empty error handling block or
create a new "else" clause, increasing the indent/nesting level by one.

In this PR, I reduce nesting and make life easier for future PRs by
converting all BinderTransport methods to use the guard clause pattern
instead:

https://refactoring.com/catalog/replaceNestedConditionalWithGuardClauses.html

https://testing.googleblog.com/2017/06/code-health-reduce-nesting-reduce.html
---
 .../internal/BinderClientTransport.java       | 183 ++++++++++--------
 .../internal/BinderServerTransport.java       |  29 +--
 2 files changed, 117 insertions(+), 95 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index c6aa195544e..54d65936fab 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -148,31 +148,33 @@ public synchronized void onUnbound(Status reason) {
   @Override
   public synchronized Runnable start(Listener clientTransportListener) {
     this.clientTransportListener = checkNotNull(clientTransportListener);
-    return () -> {
-      synchronized (BinderClientTransport.this) {
-        if (inState(TransportState.NOT_STARTED)) {
-          setState(TransportState.SETUP);
-          try {
-            if (preAuthorizeServer) {
-              preAuthorize(serviceBinding.resolve());
-            } else {
-              serviceBinding.bind();
-            }
-          } catch (StatusException e) {
-            shutdownInternal(e.getStatus(), true);
-            return;
-          }
-          if (readyTimeoutMillis >= 0) {
-            readyTimeoutFuture =
-                getScheduledExecutorService()
-                    .schedule(
-                        BinderClientTransport.this::onReadyTimeout,
-                        readyTimeoutMillis,
-                        MILLISECONDS);
-          }
-        }
+    return this::postStartRunnable;
+  }
+
+  private synchronized void postStartRunnable() {
+    if (!inState(TransportState.NOT_STARTED)) {
+      return;
+    }
+
+    setState(TransportState.SETUP);
+
+    try {
+      if (preAuthorizeServer) {
+        preAuthorize(serviceBinding.resolve());
+      } else {
+        serviceBinding.bind();
       }
-    };
+    } catch (StatusException e) {
+      shutdownInternal(e.getStatus(), true);
+      return;
+    }
+
+    if (readyTimeoutMillis >= 0) {
+      readyTimeoutFuture =
+          getScheduledExecutorService()
+              .schedule(
+                  BinderClientTransport.this::onReadyTimeout, readyTimeoutMillis, MILLISECONDS);
+    }
   }
 
   @GuardedBy("this")
@@ -204,13 +206,16 @@ public void onFailure(Throwable t) {
   }
 
   private synchronized void handlePreAuthResult(Status authorization) {
-    if (inState(TransportState.SETUP)) {
-      if (!authorization.isOk()) {
-        shutdownInternal(authorization, true);
-      } else {
-        serviceBinding.bind();
-      }
+    if (!inState(TransportState.SETUP)) {
+      return;
+    }
+
+    if (!authorization.isOk()) {
+      shutdownInternal(authorization, true);
+      return;
     }
+
+    serviceBinding.bind();
   }
 
   private synchronized void onReadyTimeout() {
@@ -252,17 +257,17 @@ public synchronized ClientStream newStream(
       Status failure = Status.INTERNAL.withDescription("Clashing call IDs");
       shutdownInternal(failure, true);
       return newFailingClientStream(failure, attributes, headers, tracers);
+    }
+
+    if (inbound.countsForInUse() && numInUseStreams.getAndIncrement() == 0) {
+      clientTransportListener.transportInUse(true);
+    }
+    Outbound.ClientOutbound outbound =
+        new Outbound.ClientOutbound(this, callId, method, headers, statsTraceContext);
+    if (method.getType().clientSendsOneMessage()) {
+      return new SingleMessageClientStream(inbound, outbound, attributes);
     } else {
-      if (inbound.countsForInUse() && numInUseStreams.getAndIncrement() == 0) {
-        clientTransportListener.transportInUse(true);
-      }
-      Outbound.ClientOutbound outbound =
-          new Outbound.ClientOutbound(this, callId, method, headers, statsTraceContext);
-      if (method.getType().clientSendsOneMessage()) {
-        return new SingleMessageClientStream(inbound, outbound, attributes);
-      } else {
-        return new MultiMessageClientStream(inbound, outbound, attributes);
-      }
+      return new MultiMessageClientStream(inbound, outbound, attributes);
     }
   }
 
@@ -314,39 +319,46 @@ void notifyTerminated() {
   @Override
   @GuardedBy("this")
   protected void handleSetupTransport(Parcel parcel) {
-    int remoteUid = Binder.getCallingUid();
-    if (inState(TransportState.SETUP)) {
-      int version = parcel.readInt();
-      IBinder binder = parcel.readStrongBinder();
-      if (version != WIRE_FORMAT_VERSION) {
-        shutdownInternal(Status.UNAVAILABLE.withDescription("Wire format version mismatch"), true);
-      } else if (binder == null) {
-        shutdownInternal(
-            Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
-      } else if (!setOutgoingBinder(OneWayBinderProxy.wrap(binder, offloadExecutor))) {
-        shutdownInternal(
-            Status.UNAVAILABLE.withDescription("Failed to observe outgoing binder"), true);
-      } else {
-        restrictIncomingBinderToCallsFrom(remoteUid);
-        attributes = setSecurityAttrs(attributes, remoteUid);
-        ListenableFuture<Status> authResultFuture =
-            register(checkServerAuthorizationAsync(remoteUid));
-        Futures.addCallback(
-            authResultFuture,
-            new FutureCallback<Status>() {
-              @Override
-              public void onSuccess(Status result) {
-                handleAuthResult(result);
-              }
-
-              @Override
-              public void onFailure(Throwable t) {
-                handleAuthResult(t);
-              }
-            },
-            offloadExecutor);
-      }
+    if (!inState(TransportState.SETUP)) {
+      return;
+    }
+
+    int version = parcel.readInt();
+    if (version != WIRE_FORMAT_VERSION) {
+      shutdownInternal(Status.UNAVAILABLE.withDescription("Wire format version mismatch"), true);
+      return;
+    }
+
+    IBinder binder = parcel.readStrongBinder();
+    if (binder == null) {
+      shutdownInternal(Status.UNAVAILABLE.withDescription("Malformed SETUP_TRANSPORT data"), true);
+      return;
+    }
+
+    if (!setOutgoingBinder(OneWayBinderProxy.wrap(binder, offloadExecutor))) {
+      shutdownInternal(
+          Status.UNAVAILABLE.withDescription("Failed to observe outgoing binder"), true);
+      return;
     }
+
+    int remoteUid = Binder.getCallingUid();
+    restrictIncomingBinderToCallsFrom(remoteUid);
+    attributes = setSecurityAttrs(attributes, remoteUid);
+    ListenableFuture<Status> authResultFuture = register(checkServerAuthorizationAsync(remoteUid));
+    Futures.addCallback(
+        authResultFuture,
+        new FutureCallback<Status>() {
+          @Override
+          public void onSuccess(Status result) {
+            handleAuthResult(result);
+          }
+
+          @Override
+          public void onFailure(Throwable t) {
+            handleAuthResult(t);
+          }
+        },
+        offloadExecutor);
   }
 
   private ListenableFuture<Status> checkServerAuthorizationAsync(int remoteUid) {
@@ -356,18 +368,21 @@ private ListenableFuture<Status> checkServerAuthorizationAsync(int remoteUid) {
   }
 
   private synchronized void handleAuthResult(Status authorization) {
-    if (inState(TransportState.SETUP)) {
-      if (!authorization.isOk()) {
-        shutdownInternal(authorization, true);
-      } else {
-        setState(TransportState.READY);
-        attributes = clientTransportListener.filterTransport(attributes);
-        clientTransportListener.transportReady();
-        if (readyTimeoutFuture != null) {
-          readyTimeoutFuture.cancel(false);
-          readyTimeoutFuture = null;
-        }
-      }
+    if (!inState(TransportState.SETUP)) {
+      return;
+    }
+
+    if (!authorization.isOk()) {
+      shutdownInternal(authorization, true);
+      return;
+    }
+
+    setState(TransportState.READY);
+    attributes = clientTransportListener.filterTransport(attributes);
+    clientTransportListener.transportReady();
+    if (readyTimeoutFuture != null) {
+      readyTimeoutFuture.cancel(false);
+      readyTimeoutFuture = null;
     }
   }
 
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
index cbe64149e15..44909f9c0bc 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
@@ -69,15 +69,22 @@ public BinderServerTransport(
    */
   public synchronized void start(ServerTransportListener serverTransportListener) {
     this.listenerPromise.set(serverTransportListener);
-    if (!isShutdown()) {
-      sendSetupTransaction();
-      // Check we're not shutdown again, since a failure inside sendSetupTransaction (or a callback
-      // it triggers), could have shut us down.
-      if (!isShutdown()) {
-        setState(TransportState.READY);
-        attributes = serverTransportListener.transportReady(attributes);
-      }
+    if (isShutdown()) {
+      // It's unlikely, but we could be shutdown externally between construction and start(). One
+      // possible cause is an extremely short handshake timeout.
+      return;
     }
+
+    sendSetupTransaction();
+
+    // Check we're not shutdown again, since a failure inside sendSetupTransaction (or a callback
+    // it triggers), could have shut us down.
+    if (isShutdown()) {
+      return;
+    }
+
+    setState(TransportState.READY);
+    attributes = serverTransportListener.transportReady(attributes);
   }
 
   StatsTraceContext createStatsTraceContext(String methodName, Metadata headers) {
@@ -92,10 +99,10 @@ StatsTraceContext createStatsTraceContext(String methodName, Metadata headers) {
   synchronized Status startStream(ServerStream stream, String methodName, Metadata headers) {
     if (isShutdown()) {
       return Status.UNAVAILABLE.withDescription("transport is shutdown");
-    } else {
-      listenerPromise.get().streamCreated(stream, methodName, headers);
-      return Status.OK;
     }
+
+    listenerPromise.get().streamCreated(stream, methodName, headers);
+    return Status.OK;
   }
 
   @Override

From 06d734469fa7170f9f3c890723027364b3bad2b0 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 29 Oct 2025 13:09:07 -0700
Subject: [PATCH 425/591] binder: Move FakeDeadBinder to internal

It is only used by internal and isn't for general consumption.
---
 .../java/io/grpc/binder/internal/BinderClientTransportTest.java | 2 +-
 .../java/io/grpc/binder/{ => internal}/FakeDeadBinder.java      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename binder/src/testFixtures/java/io/grpc/binder/{ => internal}/FakeDeadBinder.java (98%)

diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
index ee28f132f79..17b83a090fe 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
@@ -39,9 +39,9 @@
 import io.grpc.Status.Code;
 import io.grpc.binder.AndroidComponentAddress;
 import io.grpc.binder.BinderServerBuilder;
-import io.grpc.binder.FakeDeadBinder;
 import io.grpc.binder.HostServices;
 import io.grpc.binder.SecurityPolicy;
+import io.grpc.binder.internal.FakeDeadBinder;
 import io.grpc.binder.internal.OneWayBinderProxies.BlackHoleOneWayBinderProxy;
 import io.grpc.binder.internal.OneWayBinderProxies.BlockingBinderDecorator;
 import io.grpc.binder.internal.OneWayBinderProxies.ThrowingOneWayBinderProxy;
diff --git a/binder/src/testFixtures/java/io/grpc/binder/FakeDeadBinder.java b/binder/src/testFixtures/java/io/grpc/binder/internal/FakeDeadBinder.java
similarity index 98%
rename from binder/src/testFixtures/java/io/grpc/binder/FakeDeadBinder.java
rename to binder/src/testFixtures/java/io/grpc/binder/internal/FakeDeadBinder.java
index b1658c13812..5bce7498c4b 100644
--- a/binder/src/testFixtures/java/io/grpc/binder/FakeDeadBinder.java
+++ b/binder/src/testFixtures/java/io/grpc/binder/internal/FakeDeadBinder.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.binder;
+package io.grpc.binder.internal;
 
 import android.os.DeadObjectException;
 import android.os.IBinder;

From e25c414c9cf1016e5845139ae6fe03e0f35d4cfe Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 29 Oct 2025 13:16:41 -0700
Subject: [PATCH 426/591] Start 1.78.0 development cycle

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 9e83053fb0b..36db31dbd71 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.77.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.78.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 35f7161d4bf..38ee6220169 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.77.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.78.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index f42922c76b2..3451d0cad09 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.77.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.78.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 2e8d702a877..e86ad0b8f08 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.77.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.78.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 048812ac1de..4a9da1d19fe 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.77.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.78.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 7f639476b84..67c97bbf690 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,4 +1,4 @@
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.77.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.78.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index d9b3f50a941..02389619418 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,11 +54,11 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.1.5'
-    testImplementation 'io.grpc:grpc-testing:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 81ea9235155..60d32f0360d 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index a0aef26cb61..c232389ff3d 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index e1e6b8badc4..6c8209621a9 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,7 +53,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index f0965338b8f..1cd8eea75fc 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 970e287f609..4796123ef23 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index b9baf5f3817..a21ece5686f 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 4bb8b33f9ab..ddfedaa2e39 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 8c32559a6dc..affd18996e6 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 3561254ed0c..66e6b481da4 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 3c3978603c7..fef81b77697 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 70d7ea56a5a..afae8ee6ec4 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index a1e767d02df..9b714b0a88f 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.52.0'
 def openTelemetryPrometheusVersion = '1.52.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 605c93ea75f..9ece32e2b78 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 19fe0816580..671de65d2ff 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index 3d9225d72da..d228ee3e7c5 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index e1509f08b79..c2ff9f7a7f2 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 2a097386637..5deb3583561 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 38f105ec37f..36e45958b84 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 30c0608c24a..e81f5e50190 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 46591b42c80..188e5ff0a00 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.52.0'
 def openTelemetryPrometheusVersion = '1.52.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 3e3d141b5a1..e188b4079ef 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 9c49388a946..5148eaf7938 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index ee891209000..3ee7bb2a592 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index e55a7ce7f33..b36d21f1b41 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index 202ad17d896..34819f52a45 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index bd040511b3e..f5945320080 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.77.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 2a6817a56a0..63921323fb9 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.77.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.77.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for JDK 8 -->

From 4843256afde4fd7a0fda0791def5d7c834472cae Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Thu, 30 Oct 2025 16:58:34 +0200
Subject: [PATCH 427/591] core: simplify DnsNameResolver.resolveAddresses()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

`resolveAddresses()` is a private method, called only once. There is no
need to handle exceptions in multiple places.

The reason for creating this PR:
I have noticed an exception like this in the logs
```
2025-10-16 13:09:33.141 WARN  [grpc-default-executor-222]    ManagedChannelImpl            [Channel<47>: (x.y.com:443)] Failed to resolve name. status=Status{code=UNAVAILABLE,
description=Unable to resolve host x.y.com,
cause=java.lang.RuntimeException: java.net.UnknownHostException: x.y.com: nodename nor servname provided, or not known
...
Caused by: java.net.UnknownHostException: x.y.com: nodename nor servname provided, or not known
...
}
```
---
 .../java/io/grpc/internal/DnsNameResolver.java | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DnsNameResolver.java b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
index 6f1cf4cd900..6c48389b95b 100644
--- a/core/src/main/java/io/grpc/internal/DnsNameResolver.java
+++ b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
@@ -23,7 +23,6 @@
 import com.google.common.base.Objects;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Stopwatch;
-import com.google.common.base.Throwables;
 import com.google.common.base.Verify;
 import com.google.common.base.VerifyException;
 import io.grpc.Attributes;
@@ -211,20 +210,8 @@ public void refresh() {
     resolve();
   }
 
-  private List<EquivalentAddressGroup> resolveAddresses() {
-    List<? extends InetAddress> addresses;
-    Exception addressesException = null;
-    try {
-      addresses = addressResolver.resolveAddress(host);
-    } catch (Exception e) {
-      addressesException = e;
-      Throwables.throwIfUnchecked(e);
-      throw new RuntimeException(e);
-    } finally {
-      if (addressesException != null) {
-        logger.log(Level.FINE, "Address resolution failure", addressesException);
-      }
-    }
+  private List<EquivalentAddressGroup> resolveAddresses() throws Exception {
+    List<? extends InetAddress> addresses = addressResolver.resolveAddress(host);
     // Each address forms an EAG
     List<EquivalentAddressGroup> servers = new ArrayList<>(addresses.size());
     for (InetAddress inetAddr : addresses) {
@@ -280,6 +267,7 @@ protected InternalResolutionResult doResolve(boolean forceTxt) {
     try {
       result.addresses = resolveAddresses();
     } catch (Exception e) {
+      logger.log(Level.FINE, "Address resolution failure", e);
       if (!forceTxt) {
         result.error =
             Status.UNAVAILABLE.withDescription("Unable to resolve host " + host).withCause(e);

From d89628c3c5035d4b8e4221c702492a31fe9303c1 Mon Sep 17 00:00:00 2001
From: srkethireddy <73372452+srkethireddy@users.noreply.github.com>
Date: Fri, 31 Oct 2025 08:22:42 -0700
Subject: [PATCH 428/591] alts: Override metadata server address with env
 variable

Adding an option to override "metadata.google.internal.:8080" by setting
a value for GCE_METADATA_HOST environment variable.

b/451639946
---
 .../main/java/io/grpc/alts/HandshakerServiceChannel.java    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
index fa1d4f7fa1c..f03cc6f8c94 100644
--- a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
+++ b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
@@ -16,6 +16,7 @@
 
 package io.grpc.alts;
 
+import com.google.common.base.MoreObjects;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
@@ -39,7 +40,10 @@
 final class HandshakerServiceChannel {
 
   static final Resource<Channel> SHARED_HANDSHAKER_CHANNEL =
-      new ChannelResource("metadata.google.internal.:8080");
+      new ChannelResource(
+          MoreObjects.firstNonNull(
+              System.getenv("GCE_METADATA_HOST"), "metadata.google.internal.:8080"));
+
 
   /** Returns a resource of handshaker service channel for testing only. */
   static Resource<Channel> getHandshakerChannelForTesting(String handshakerAddress) {

From 9e58ea8ab8e66a8f7fc4d0fcafdce5f90a789427 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 31 Oct 2025 22:19:46 +0530
Subject: [PATCH 429/591] buildscripts: Increase macos.cfg timeout to 1h

We are seeing frequent Kokoro VM timeouts with the 45 minute setting.
Even successful builds take 38 mins which is close, so increasing the
timeout to 1 hour.
---
 buildscripts/kokoro/macos.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildscripts/kokoro/macos.cfg b/buildscripts/kokoro/macos.cfg
index a58691a7102..4c79743692e 100644
--- a/buildscripts/kokoro/macos.cfg
+++ b/buildscripts/kokoro/macos.cfg
@@ -2,7 +2,7 @@
 
 # Location of the continuous shell script in repository.
 build_file: "grpc-java/buildscripts/kokoro/macos.sh"
-timeout_mins: 45
+timeout_mins: 60
 
 # We always build mvn artifacts.
 action {

From 89d77e0620108588bbc76c8cfdc029073db82953 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 31 Oct 2025 10:10:41 -0700
Subject: [PATCH 430/591] Stop leaking `this` from BinderServerTransport's ctor
 (#12453)

Accomplish this with a new factory method.

Document why ignoring errors from setOutgoingBinder() is ok.

Add a test for a dead-on-arrival client binder.
---
 .../io/grpc/binder/internal/BinderServer.java |  2 +-
 .../internal/BinderServerTransport.java       | 22 +++++++++++++++----
 .../grpc/binder/internal/BinderTransport.java |  9 ++++++++
 .../internal/BinderServerTransportTest.java   | 15 ++++++++++---
 4 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServer.java b/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
index b1ae344d5f9..96685a2f8bd 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServer.java
@@ -179,7 +179,7 @@ public synchronized boolean handleTransaction(int code, Parcel parcel) {
               checkNotNull(executor, "Not started?"));
           // Create a new transport and let our listener know about it.
           BinderServerTransport transport =
-              new BinderServerTransport(
+              BinderServerTransport.create(
                   executorServicePool,
                   attrsBuilder.build(),
                   streamTracerFactories,
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
index 44909f9c0bc..a57f89e72ac 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
@@ -42,21 +42,35 @@ public final class BinderServerTransport extends BinderTransport implements Serv
   @GuardedBy("this")
   private final SimplePromise<ServerTransportListener> listenerPromise = new SimplePromise<>();
 
+  private BinderServerTransport(
+      ObjectPool<ScheduledExecutorService> executorServicePool,
+      Attributes attributes,
+      List<ServerStreamTracer.Factory> streamTracerFactories,
+      OneWayBinderProxy.Decorator binderDecorator) {
+    super(executorServicePool, attributes, binderDecorator, buildLogId(attributes));
+    this.streamTracerFactories = streamTracerFactories;
+  }
+
   /**
    * Constructs a new transport instance.
    *
    * @param binderDecorator used to decorate 'callbackBinder', for fault injection.
    */
-  public BinderServerTransport(
+  public static BinderServerTransport create(
       ObjectPool<ScheduledExecutorService> executorServicePool,
       Attributes attributes,
       List<ServerStreamTracer.Factory> streamTracerFactories,
       OneWayBinderProxy.Decorator binderDecorator,
       IBinder callbackBinder) {
-    super(executorServicePool, attributes, binderDecorator, buildLogId(attributes));
-    this.streamTracerFactories = streamTracerFactories;
+    BinderServerTransport transport =
+        new BinderServerTransport(
+            executorServicePool, attributes, streamTracerFactories, binderDecorator);
     // TODO(jdcormie): Plumb in the Server's executor() and use it here instead.
-    setOutgoingBinder(OneWayBinderProxy.wrap(callbackBinder, getScheduledExecutorService()));
+    // No need to handle failure here because if 'callbackBinder' is already dead, we'll notice it
+    // again in start() when we send the first transaction.
+    transport.setOutgoingBinder(
+        OneWayBinderProxy.wrap(callbackBinder, transport.getScheduledExecutorService()));
+    return transport;
   }
 
   /**
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
index a5b8d94ba0e..1592f6977df 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -159,6 +159,7 @@ protected enum TransportState {
   private final ObjectPool<ScheduledExecutorService> executorServicePool;
   private final ScheduledExecutorService scheduledExecutorService;
   private final InternalLogId logId;
+
   @GuardedBy("this")
   private final LeakSafeOneWayBinder incomingBinder;
 
@@ -277,6 +278,14 @@ final void setState(TransportState newState) {
     transportState = newState;
   }
 
+  /**
+   * Sets the binder to use for sending subsequent transactions to our peer.
+   *
+   * <p>Subclasses should call this as early as possible but not from a constructor.
+   *
+   * <p>Returns true for success, false if the process hosting 'binder' is already dead. Callers are
+   * responsible for handling this.
+   */
   @GuardedBy("this")
   protected boolean setOutgoingBinder(OneWayBinderProxy binder) {
     binder = binderDecorator.decorate(binder);
diff --git a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
index 12416922fc9..d261ce43c8c 100644
--- a/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/BinderServerTransportTest.java
@@ -21,10 +21,8 @@
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.isNull;
 import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.when;
 import static org.robolectric.Shadows.shadowOf;
 
-import android.os.DeadObjectException;
 import android.os.IBinder;
 import android.os.Looper;
 import android.os.Parcel;
@@ -96,6 +94,17 @@ public void testSetupTransactionFailureReportsMultipleTerminations_b153460678()
     assertThat(transportListener.isTerminated()).isTrue();
   }
 
+  @Test
+  public void testClientBinderIsDeadOnArrival() throws Exception {
+    transport = newBinderServerTransportBuilder()
+        .setCallbackBinder(new FakeDeadBinder())
+        .build();
+    transport.start(transportListener);
+    shadowOf(Looper.getMainLooper()).idle();
+
+    assertThat(transportListener.isTerminated()).isTrue();
+  }
+
   @Test
   public void testStartAfterShutdownAndIdle() throws Exception {
     transport = newBinderServerTransportBuilder().build();
@@ -125,7 +134,7 @@ static class BinderServerTransportBuilder {
     IBinder callbackBinder;
 
     public BinderServerTransport build() {
-      return new BinderServerTransport(
+      return BinderServerTransport.create(
           executorServicePool, attributes, streamTracerFactories, binderDecorator, callbackBinder);
     }
 

From 589df4e3016dcbd6169eb09662d7ce42aa787810 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 31 Oct 2025 11:31:55 -0700
Subject: [PATCH 431/591] xds: Avoid default bootstrap when global override in
 XdsNameResolver

This fixes a regression with an internal API from 27d150890 where
overridding the global bootstrap didn't impact parsing the default
bootstrap. So if no global bootstrap was available XdsNameResolver would
fail to start even though an override was in place in
SharedXdsClientPoolProvider. Instead of dealing with the override in
SharedXdsClientPoolProvider, do it in GrpcBootstrapperImpl so
XdsNameResolver is ignorant of the source of the default bootstrap.

We want all of this to go away in favor of XDS_CLIENT_SUPPLIER
injection, but there needs to be some overlap for migration.

cl/826085025
---
 .../io/grpc/xds/GrpcBootstrapperImpl.java     | 12 ++++++++++-
 .../InternalSharedXdsClientPoolProvider.java  |  2 +-
 .../grpc/xds/SharedXdsClientPoolProvider.java | 21 +++++++------------
 3 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
index fdcf3a972b5..494e95a58f6 100644
--- a/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
@@ -100,12 +100,22 @@ protected Object getImplSpecificConfig(Map<String, ?> serverConfig, String serve
     return getChannelCredentials(serverConfig, serverUri);
   }
 
+  @GuardedBy("GrpcBootstrapperImpl.class")
+  private static Map<String, ?> defaultBootstrapOverride;
   @GuardedBy("GrpcBootstrapperImpl.class")
   private static BootstrapInfo defaultBootstrap;
 
+  static synchronized void setDefaultBootstrapOverride(Map<String, ?> rawBootstrap) {
+    defaultBootstrapOverride = rawBootstrap;
+  }
+
   static synchronized BootstrapInfo defaultBootstrap() throws XdsInitializationException {
     if (defaultBootstrap == null) {
-      defaultBootstrap = new GrpcBootstrapperImpl().bootstrap();
+      if (defaultBootstrapOverride == null) {
+        defaultBootstrap = new GrpcBootstrapperImpl().bootstrap();
+      } else {
+        defaultBootstrap = new GrpcBootstrapperImpl().bootstrap(defaultBootstrapOverride);
+      }
     }
     return defaultBootstrap;
   }
diff --git a/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
index 5eb36a498cf..cc5ff128274 100644
--- a/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/InternalSharedXdsClientPoolProvider.java
@@ -41,7 +41,7 @@ private InternalSharedXdsClientPoolProvider() {}
    */
   @Deprecated
   public static void setDefaultProviderBootstrapOverride(Map<String, ?> bootstrap) {
-    SharedXdsClientPoolProvider.getDefaultProvider().setBootstrapOverride(bootstrap);
+    GrpcBootstrapperImpl.setDefaultBootstrapOverride(bootstrap);
   }
 
   /**
diff --git a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
index 29b6870ab97..4cafbd1a762 100644
--- a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
@@ -37,7 +37,6 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -55,29 +54,24 @@ final class SharedXdsClientPoolProvider implements XdsClientPoolFactory {
   private static final ExponentialBackoffPolicy.Provider BACKOFF_POLICY_PROVIDER =
       new ExponentialBackoffPolicy.Provider();
 
+  @Nullable
   private final Bootstrapper bootstrapper;
   private final Object lock = new Object();
-  private final AtomicReference<Map<String, ?>> bootstrapOverride = new AtomicReference<>();
   private final Map<String, ObjectPool<XdsClient>> targetToXdsClientMap = new ConcurrentHashMap<>();
 
   SharedXdsClientPoolProvider() {
-    this(new GrpcBootstrapperImpl());
+    this(null);
   }
 
   @VisibleForTesting
-  SharedXdsClientPoolProvider(Bootstrapper bootstrapper) {
-    this.bootstrapper = checkNotNull(bootstrapper, "bootstrapper");
+  SharedXdsClientPoolProvider(@Nullable Bootstrapper bootstrapper) {
+    this.bootstrapper = bootstrapper;
   }
 
   static SharedXdsClientPoolProvider getDefaultProvider() {
     return SharedXdsClientPoolProviderHolder.instance;
   }
 
-  @Deprecated
-  public void setBootstrapOverride(Map<String, ?> bootstrap) {
-    bootstrapOverride.set(bootstrap);
-  }
-
   @Override
   @Nullable
   public ObjectPool<XdsClient> get(String target) {
@@ -89,11 +83,10 @@ public ObjectPool<XdsClient> getOrCreate(
       String target, MetricRecorder metricRecorder, CallCredentials transportCallCredentials)
       throws XdsInitializationException {
     BootstrapInfo bootstrapInfo;
-    Map<String, ?> rawBootstrap = bootstrapOverride.get();
-    if (rawBootstrap != null) {
-      bootstrapInfo = bootstrapper.bootstrap(rawBootstrap);
-    } else {
+    if (bootstrapper != null) {
       bootstrapInfo = bootstrapper.bootstrap();
+    } else {
+      bootstrapInfo = GrpcBootstrapperImpl.defaultBootstrap();
     }
     return getOrCreate(target, bootstrapInfo, metricRecorder, transportCallCredentials);
   }

From a40d549ced82becbb12ca6f6b0e007cd430555a6 Mon Sep 17 00:00:00 2001
From: vimanikag <viswakarma18rc@gmail.com>
Date: Mon, 3 Nov 2025 14:49:04 +0530
Subject: [PATCH 432/591] core: Report marshaller error for uncompressed size
 too large back to the client

Report a status code of RESOURCE_EXHAUSTED instead of UNKNOWN, when the marshaller throws error for uncompressed message size being too large.

Fixes : #11246
---
 .../java/io/grpc/internal/ServerCallImpl.java | 16 +++++---
 .../io/grpc/internal/ServerCallImplTest.java  | 41 +++++++++++++++++++
 .../integration/AbstractInteropTest.java      |  2 +-
 .../integration/TransportCompressionTest.java | 29 ++++++++++++-
 4 files changed, 80 insertions(+), 8 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ServerCallImpl.java b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
index e224384ce8f..22d5912050a 100644
--- a/core/src/main/java/io/grpc/internal/ServerCallImpl.java
+++ b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
@@ -327,16 +327,20 @@ private void messagesAvailableInternal(final MessageProducer producer) {
         return;
       }
 
-      InputStream message;
       try {
+        InputStream message;
         while ((message = producer.next()) != null) {
-          try {
-            listener.onMessage(call.method.parseRequest(message));
-          } catch (Throwable t) {
+          ReqT parsedMessage;
+          try (InputStream ignored = message) {
+            parsedMessage = call.method.parseRequest(message);
+          } catch (StatusRuntimeException e) {
             GrpcUtil.closeQuietly(message);
-            throw t;
+            GrpcUtil.closeQuietly(producer);
+            call.cancelled = true;
+            call.close(e.getStatus(), new Metadata());
+            return;
           }
-          message.close();
+          listener.onMessage(parsedMessage);
         }
       } catch (Throwable t) {
         GrpcUtil.closeQuietly(producer);
diff --git a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
index 7394c83eab2..abe8fb0ee56 100644
--- a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
@@ -48,9 +48,11 @@
 import io.grpc.SecurityLevel;
 import io.grpc.ServerCall;
 import io.grpc.Status;
+import io.grpc.StatusRuntimeException;
 import io.grpc.internal.ServerCallImpl.ServerStreamListenerImpl;
 import io.perfmark.PerfMark;
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import org.junit.Before;
@@ -69,6 +71,8 @@ public class ServerCallImplTest {
 
   @Mock private ServerStream stream;
   @Mock private ServerCall.Listener<Long> callListener;
+  @Mock private StreamListener.MessageProducer messageProducer;
+  @Mock private InputStream message;
 
   private final CallTracer serverCallTracer = CallTracer.getDefaultFactory().create();
   private ServerCallImpl<Long, Long> call;
@@ -493,6 +497,43 @@ public void streamListener_unexpectedRuntimeException() {
     assertThat(e).hasMessageThat().isEqualTo("unexpected exception");
   }
 
+  @Test
+  public void streamListener_statusRuntimeException() throws IOException {
+    MethodDescriptor<Long, Long> failingParseMethod = MethodDescriptor.<Long, Long>newBuilder()
+        .setType(MethodType.UNARY)
+        .setFullMethodName("service/method")
+        .setRequestMarshaller(new LongMarshaller() {
+            @Override
+            public Long parse(InputStream stream) {
+              throw new StatusRuntimeException(Status.RESOURCE_EXHAUSTED
+                  .withDescription("Decompressed gRPC message exceeds maximum size"));
+            }
+        })
+        .setResponseMarshaller(new LongMarshaller())
+        .build();
+
+    call =  new ServerCallImpl<>(stream, failingParseMethod, requestHeaders, context,
+            DecompressorRegistry.getDefaultInstance(), CompressorRegistry.getDefaultInstance(),
+            serverCallTracer, PerfMark.createTag());
+
+    ServerStreamListenerImpl<Long> streamListener =
+            new ServerCallImpl.ServerStreamListenerImpl<>(call, callListener, context);
+
+    when(messageProducer.next()).thenReturn(message, (InputStream) null);
+    streamListener.messagesAvailable(messageProducer);
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    ArgumentCaptor<Metadata> metadataCaptor = ArgumentCaptor.forClass(Metadata.class);
+
+    verify(stream).close(statusCaptor.capture(), metadataCaptor.capture());
+    Status status = statusCaptor.getValue();
+    assertEquals(Status.RESOURCE_EXHAUSTED.getCode(), status.getCode());
+    assertEquals("Decompressed gRPC message exceeds maximum size", status.getDescription());
+
+    streamListener.halfClosed();
+    verify(callListener, never()).onHalfClose();
+    verify(callListener, never()).onMessage(any());
+  }
+
   private static class LongMarshaller implements Marshaller<Long> {
     @Override
     public InputStream stream(Long value) {
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index 11455790497..843019433aa 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -2030,7 +2030,7 @@ private void assertPayload(Payload expected, Payload actual) {
     }
   }
 
-  private static void assertCodeEquals(Status.Code expected, Status actual) {
+  protected static void assertCodeEquals(Status.Code expected, Status actual) {
     assertWithMessage("Unexpected status: %s", actual).that(actual.getCode()).isEqualTo(expected);
   }
 
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
index b9692383254..33cd624aebb 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
@@ -17,6 +17,7 @@
 package io.grpc.testing.integration;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
 import com.google.protobuf.ByteString;
@@ -37,6 +38,8 @@
 import io.grpc.ServerCall.Listener;
 import io.grpc.ServerCallHandler;
 import io.grpc.ServerInterceptor;
+import io.grpc.Status.Code;
+import io.grpc.StatusRuntimeException;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.netty.InternalNettyChannelBuilder;
 import io.grpc.netty.InternalNettyServerBuilder;
@@ -53,7 +56,9 @@
 import java.io.OutputStream;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -84,10 +89,16 @@ public static void registerCompressors() {
     compressors.register(Codec.Identity.NONE);
   }
 
+  @Rule
+  public final TestName currentTest = new TestName();
+
   @Override
   protected ServerBuilder<?> getServerBuilder() {
     NettyServerBuilder builder = NettyServerBuilder.forPort(0, InsecureServerCredentials.create())
-        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
+        .maxInboundMessageSize(
+            DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME.equals(currentTest.getMethodName())
+                ? 1000
+                : AbstractInteropTest.MAX_MESSAGE_SIZE)
         .compressorRegistry(compressors)
         .decompressorRegistry(decompressors)
         .intercept(new ServerInterceptor() {
@@ -126,6 +137,22 @@ public void compresses() {
     assertTrue(FZIPPER.anyWritten);
   }
 
+  private static final String DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME =
+      "decompressedMessageTooLong";
+
+  @Test
+  public void decompressedMessageTooLong() {
+    assertEquals(DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME, currentTest.getMethodName());
+    final SimpleRequest bigRequest = SimpleRequest.newBuilder()
+        .setPayload(Payload.newBuilder().setBody(ByteString.copyFrom(new byte[10_000])))
+        .build();
+    StatusRuntimeException e = assertThrows(StatusRuntimeException.class,
+        () -> blockingStub.withCompression("gzip").unaryCall(bigRequest));
+    assertCodeEquals(Code.RESOURCE_EXHAUSTED, e.getStatus());
+    assertEquals("Decompressed gRPC message exceeds maximum size 1000",
+        e.getStatus().getDescription());
+  }
+
   @Override
   protected NettyChannelBuilder createChannelBuilder() {
     NettyChannelBuilder builder = NettyChannelBuilder.forAddress(getListenAddress())

From 881996a0c6657c6981d850bd66b8527048b7eaca Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 31 Oct 2025 15:24:57 -0700
Subject: [PATCH 433/591] xds: Detect negative ref count for xds client

If the refcount goes negative, then the next getObject() will return
null. This was noticed during code inspection when investigating a
NullPointerException in b/454396128, although it is unclear if this is
actually happening.
---
 .../main/java/io/grpc/xds/SharedXdsClientPoolProvider.java    | 4 ++++
 xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java      | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
index 4cafbd1a762..45c379244af 100644
--- a/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
+++ b/xds/src/main/java/io/grpc/xds/SharedXdsClientPoolProvider.java
@@ -202,6 +202,10 @@ public XdsClient returnObject(Object object) {
           metricReporter = null;
           targetToXdsClientMap.remove(target);
           scheduler = SharedResourceHolder.release(GrpcUtil.TIMER_SERVICE, scheduler);
+        } else if (refCount < 0) {
+          assert false; // We want our tests to fail
+          log.log(Level.SEVERE, "Negative reference count. File a bug", new Exception());
+          refCount = 0;
         }
         return null;
       }
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index 09b4c5d8637..b2b4e2c14cf 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -186,8 +186,8 @@ public void setUp() throws XdsInitializationException {
 
   @After
   public void cleanUp() {
-    if (xdsClientPool != null) {
-      xdsClientPool.returnObject(xdsClient);
+    if (xdsClient != null) {
+      xdsClient = xdsClientPool.returnObject(xdsClient);
     }
     CommonBootstrapperTestUtils.setEnableXdsFallback(originalEnableXdsFallback);
   }

From 76a1f2a8edff4615f62270baebbef008505a3a67 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 4 Nov 2025 07:26:04 +0000
Subject: [PATCH 434/591] rls: Add route lookup reason to request whether it is
 due to a cache miss or stale cache entry (#12442)

b/348690462
---
 .../java/io/grpc/rls/CachingRlsLbClient.java  | 134 +++++++------
 .../java/io/grpc/rls/RlsProtoConverters.java  |   5 +-
 .../main/java/io/grpc/rls/RlsProtoData.java   |  30 ++-
 .../java/io/grpc/rls/RlsRequestFactory.java   |  12 +-
 .../io/grpc/rls/CachingRlsLbClientTest.java   | 181 +++++++++++-------
 .../java/io/grpc/rls/RlsLoadBalancerTest.java |  12 +-
 .../io/grpc/rls/RlsProtoConvertersTest.java   |   4 +-
 .../io/grpc/rls/RlsRequestFactoryTest.java    |  26 +--
 8 files changed, 246 insertions(+), 158 deletions(-)

diff --git a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
index cc3ac9f516e..2c26d29f14d 100644
--- a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
+++ b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
@@ -61,6 +61,7 @@
 import io.grpc.rls.RlsProtoConverters.RouteLookupResponseConverter;
 import io.grpc.rls.RlsProtoData.RouteLookupConfig;
 import io.grpc.rls.RlsProtoData.RouteLookupRequest;
+import io.grpc.rls.RlsProtoData.RouteLookupRequestKey;
 import io.grpc.rls.RlsProtoData.RouteLookupResponse;
 import io.grpc.stub.StreamObserver;
 import io.grpc.util.ForwardingLoadBalancerHelper;
@@ -112,7 +113,7 @@ final class CachingRlsLbClient {
   private final Future<?> periodicCleaner;
   // any RPC on the fly will cached in this map
   @GuardedBy("lock")
-  private final Map<RouteLookupRequest, PendingCacheEntry> pendingCallCache = new HashMap<>();
+  private final Map<RouteLookupRequestKey, PendingCacheEntry> pendingCallCache = new HashMap<>();
 
   private final ScheduledExecutorService scheduledExecutorService;
   private final Ticker ticker;
@@ -292,18 +293,22 @@ private void periodicClean() {
   /** Populates async cache entry for new request. */
   @GuardedBy("lock")
   private CachedRouteLookupResponse asyncRlsCall(
-      RouteLookupRequest request, @Nullable BackoffPolicy backoffPolicy) {
+      RouteLookupRequestKey routeLookupRequestKey, @Nullable BackoffPolicy backoffPolicy,
+      RouteLookupRequest.Reason routeLookupReason) {
     if (throttler.shouldThrottle()) {
-      logger.log(ChannelLogLevel.DEBUG, "[RLS Entry {0}] Throttled RouteLookup", request);
+      logger.log(ChannelLogLevel.DEBUG, "[RLS Entry {0}] Throttled RouteLookup",
+          routeLookupRequestKey);
       // Cache updated, but no need to call updateBalancingState because no RPCs were queued waiting
       // on this result
       return CachedRouteLookupResponse.backoffEntry(createBackOffEntry(
-          request, Status.RESOURCE_EXHAUSTED.withDescription("RLS throttled"), backoffPolicy));
+          routeLookupRequestKey, Status.RESOURCE_EXHAUSTED.withDescription("RLS throttled"),
+          backoffPolicy));
     }
     final SettableFuture<RouteLookupResponse> response = SettableFuture.create();
-    io.grpc.lookup.v1.RouteLookupRequest routeLookupRequest = REQUEST_CONVERTER.convert(request);
+    io.grpc.lookup.v1.RouteLookupRequest routeLookupRequest = REQUEST_CONVERTER.convert(
+        RouteLookupRequest.create(routeLookupRequestKey.keyMap(), routeLookupReason));
     logger.log(ChannelLogLevel.DEBUG,
-        "[RLS Entry {0}] Starting RouteLookup: {1}", request, routeLookupRequest);
+        "[RLS Entry {0}] Starting RouteLookup: {1}", routeLookupRequestKey, routeLookupRequest);
     rlsStub.withDeadlineAfter(callTimeoutNanos, TimeUnit.NANOSECONDS)
         .routeLookup(
             routeLookupRequest,
@@ -311,14 +316,14 @@ private CachedRouteLookupResponse asyncRlsCall(
               @Override
               public void onNext(io.grpc.lookup.v1.RouteLookupResponse value) {
                 logger.log(ChannelLogLevel.DEBUG,
-                    "[RLS Entry {0}] RouteLookup succeeded: {1}", request, value);
+                    "[RLS Entry {0}] RouteLookup succeeded: {1}", routeLookupRequestKey, value);
                 response.set(RESPONSE_CONVERTER.reverse().convert(value));
               }
 
               @Override
               public void onError(Throwable t) {
                 logger.log(ChannelLogLevel.DEBUG,
-                    "[RLS Entry {0}] RouteLookup failed: {1}", request, t);
+                    "[RLS Entry {0}] RouteLookup failed: {1}", routeLookupRequestKey, t);
                 response.setException(t);
                 throttler.registerBackendResponse(true);
               }
@@ -329,7 +334,7 @@ public void onCompleted() {
               }
             });
     return CachedRouteLookupResponse.pendingResponse(
-        createPendingEntry(request, response, backoffPolicy));
+        createPendingEntry(routeLookupRequestKey, response, backoffPolicy));
   }
 
   /**
@@ -338,16 +343,17 @@ public void onCompleted() {
    * changed after the return.
    */
   @CheckReturnValue
-  final CachedRouteLookupResponse get(final RouteLookupRequest request) {
+  final CachedRouteLookupResponse get(final RouteLookupRequestKey routeLookupRequestKey) {
     synchronized (lock) {
       final CacheEntry cacheEntry;
-      cacheEntry = linkedHashLruCache.read(request);
+      cacheEntry = linkedHashLruCache.read(routeLookupRequestKey);
       if (cacheEntry == null) {
-        PendingCacheEntry pendingEntry = pendingCallCache.get(request);
+        PendingCacheEntry pendingEntry = pendingCallCache.get(routeLookupRequestKey);
         if (pendingEntry != null) {
           return CachedRouteLookupResponse.pendingResponse(pendingEntry);
         }
-        return asyncRlsCall(request, /* backoffPolicy= */ null);
+        return asyncRlsCall(routeLookupRequestKey, /* backoffPolicy= */ null,
+            RouteLookupRequest.Reason.REASON_MISS);
       }
 
       if (cacheEntry instanceof DataCacheEntry) {
@@ -383,13 +389,14 @@ void requestConnection() {
 
   @GuardedBy("lock")
   private PendingCacheEntry createPendingEntry(
-      RouteLookupRequest request,
+      RouteLookupRequestKey routeLookupRequestKey,
       ListenableFuture<RouteLookupResponse> pendingCall,
       @Nullable BackoffPolicy backoffPolicy) {
-    PendingCacheEntry entry = new PendingCacheEntry(request, pendingCall, backoffPolicy);
+    PendingCacheEntry entry = new PendingCacheEntry(routeLookupRequestKey, pendingCall,
+        backoffPolicy);
     // Add the entry to the map before adding the Listener, because the listener removes the
     // entry from the map
-    pendingCallCache.put(request, entry);
+    pendingCallCache.put(routeLookupRequestKey, entry);
     // Beware that the listener can run immediately on the current thread
     pendingCall.addListener(() -> pendingRpcComplete(entry), MoreExecutors.directExecutor());
     return entry;
@@ -397,17 +404,18 @@ private PendingCacheEntry createPendingEntry(
 
   private void pendingRpcComplete(PendingCacheEntry entry) {
     synchronized (lock) {
-      boolean clientClosed = pendingCallCache.remove(entry.request) == null;
+      boolean clientClosed = pendingCallCache.remove(entry.routeLookupRequestKey) == null;
       if (clientClosed) {
         return;
       }
 
       try {
-        createDataEntry(entry.request, Futures.getDone(entry.pendingCall));
+        createDataEntry(entry.routeLookupRequestKey, Futures.getDone(entry.pendingCall));
         // Cache updated. DataCacheEntry constructor indirectly calls updateBalancingState() to
         // reattempt picks when the child LB is done connecting
       } catch (Exception e) {
-        createBackOffEntry(entry.request, Status.fromThrowable(e), entry.backoffPolicy);
+        createBackOffEntry(entry.routeLookupRequestKey, Status.fromThrowable(e),
+            entry.backoffPolicy);
         // Cache updated. updateBalancingState() to reattempt picks
         helper.triggerPendingRpcProcessing();
       }
@@ -416,21 +424,21 @@ private void pendingRpcComplete(PendingCacheEntry entry) {
 
   @GuardedBy("lock")
   private DataCacheEntry createDataEntry(
-      RouteLookupRequest request, RouteLookupResponse routeLookupResponse) {
+      RouteLookupRequestKey routeLookupRequestKey, RouteLookupResponse routeLookupResponse) {
     logger.log(
         ChannelLogLevel.DEBUG,
         "[RLS Entry {0}] Transition to data cache: routeLookupResponse={1}",
-        request, routeLookupResponse);
-    DataCacheEntry entry = new DataCacheEntry(request, routeLookupResponse);
+        routeLookupRequestKey, routeLookupResponse);
+    DataCacheEntry entry = new DataCacheEntry(routeLookupRequestKey, routeLookupResponse);
     // Constructor for DataCacheEntry causes updateBalancingState, but the picks can't happen until
     // this cache update because the lock is held
-    linkedHashLruCache.cacheAndClean(request, entry);
+    linkedHashLruCache.cacheAndClean(routeLookupRequestKey, entry);
     return entry;
   }
 
   @GuardedBy("lock")
-  private BackoffCacheEntry createBackOffEntry(
-      RouteLookupRequest request, Status status, @Nullable BackoffPolicy backoffPolicy) {
+  private BackoffCacheEntry createBackOffEntry(RouteLookupRequestKey routeLookupRequestKey,
+      Status status, @Nullable BackoffPolicy backoffPolicy) {
     if (backoffPolicy == null) {
       backoffPolicy = backoffProvider.get();
     }
@@ -438,12 +446,12 @@ private BackoffCacheEntry createBackOffEntry(
     logger.log(
         ChannelLogLevel.DEBUG,
         "[RLS Entry {0}] Transition to back off: status={1}, delayNanos={2}",
-        request, status, delayNanos);
-    BackoffCacheEntry entry = new BackoffCacheEntry(request, status, backoffPolicy);
+        routeLookupRequestKey, status, delayNanos);
+    BackoffCacheEntry entry = new BackoffCacheEntry(routeLookupRequestKey, status, backoffPolicy);
     // Lock is held, so the task can't execute before the assignment
     entry.scheduledFuture = scheduledExecutorService.schedule(
         () -> refreshBackoffEntry(entry), delayNanos, TimeUnit.NANOSECONDS);
-    linkedHashLruCache.cacheAndClean(request, entry);
+    linkedHashLruCache.cacheAndClean(routeLookupRequestKey, entry);
     return entry;
   }
 
@@ -455,9 +463,10 @@ private void refreshBackoffEntry(BackoffCacheEntry entry) {
         return;
       }
       logger.log(ChannelLogLevel.DEBUG,
-          "[RLS Entry {0}] Calling RLS for transition to pending", entry.request);
-      linkedHashLruCache.invalidate(entry.request);
-      asyncRlsCall(entry.request, entry.backoffPolicy);
+          "[RLS Entry {0}] Calling RLS for transition to pending", entry.routeLookupRequestKey);
+      linkedHashLruCache.invalidate(entry.routeLookupRequestKey);
+      asyncRlsCall(entry.routeLookupRequestKey, entry.backoffPolicy,
+          RouteLookupRequest.Reason.REASON_MISS);
     }
   }
 
@@ -590,15 +599,15 @@ public String toString() {
   /** A pending cache entry when the async RouteLookup RPC is still on the fly. */
   static final class PendingCacheEntry {
     private final ListenableFuture<RouteLookupResponse> pendingCall;
-    private final RouteLookupRequest request;
+    private final RouteLookupRequestKey routeLookupRequestKey;
     @Nullable
     private final BackoffPolicy backoffPolicy;
 
     PendingCacheEntry(
-        RouteLookupRequest request,
+        RouteLookupRequestKey routeLookupRequestKey,
         ListenableFuture<RouteLookupResponse> pendingCall,
         @Nullable BackoffPolicy backoffPolicy) {
-      this.request = checkNotNull(request, "request");
+      this.routeLookupRequestKey = checkNotNull(routeLookupRequestKey, "request");
       this.pendingCall = checkNotNull(pendingCall, "pendingCall");
       this.backoffPolicy = backoffPolicy;
     }
@@ -606,7 +615,7 @@ static final class PendingCacheEntry {
     @Override
     public String toString() {
       return MoreObjects.toStringHelper(this)
-          .add("request", request)
+          .add("routeLookupRequestKey", routeLookupRequestKey)
           .toString();
     }
   }
@@ -614,10 +623,10 @@ public String toString() {
   /** Common cache entry data for {@link RlsAsyncLruCache}. */
   abstract static class CacheEntry {
 
-    protected final RouteLookupRequest request;
+    protected final RouteLookupRequestKey routeLookupRequestKey;
 
-    CacheEntry(RouteLookupRequest request) {
-      this.request = checkNotNull(request, "request");
+    CacheEntry(RouteLookupRequestKey routeLookupRequestKey) {
+      this.routeLookupRequestKey = checkNotNull(routeLookupRequestKey, "request");
     }
 
     abstract int getSizeBytes();
@@ -640,8 +649,9 @@ final class DataCacheEntry extends CacheEntry {
     private final List<ChildPolicyWrapper> childPolicyWrappers;
 
     // GuardedBy CachingRlsLbClient.lock
-    DataCacheEntry(RouteLookupRequest request, final RouteLookupResponse response) {
-      super(request);
+    DataCacheEntry(RouteLookupRequestKey routeLookupRequestKey,
+        final RouteLookupResponse response) {
+      super(routeLookupRequestKey);
       this.response = checkNotNull(response, "response");
       checkState(!response.targets().isEmpty(), "No targets returned by RLS");
       childPolicyWrappers =
@@ -669,13 +679,14 @@ final class DataCacheEntry extends CacheEntry {
      */
     void maybeRefresh() {
       synchronized (lock) { // Lock is already held, but ErrorProne can't tell
-        if (pendingCallCache.containsKey(request)) {
+        if (pendingCallCache.containsKey(routeLookupRequestKey)) {
           // pending already requested
           return;
         }
         logger.log(ChannelLogLevel.DEBUG,
-            "[RLS Entry {0}] Cache entry is stale, refreshing", request);
-        asyncRlsCall(request, /* backoffPolicy= */ null);
+            "[RLS Entry {0}] Cache entry is stale, refreshing", routeLookupRequestKey);
+        asyncRlsCall(routeLookupRequestKey, /* backoffPolicy= */ null,
+            RouteLookupRequest.Reason.REASON_STALE);
       }
     }
 
@@ -745,7 +756,7 @@ void cleanup() {
     @Override
     public String toString() {
       return MoreObjects.toStringHelper(this)
-          .add("request", request)
+          .add("request", routeLookupRequestKey)
           .add("response", response)
           .add("expireTime", expireTime)
           .add("staleTime", staleTime)
@@ -764,8 +775,9 @@ private static final class BackoffCacheEntry extends CacheEntry {
     private final BackoffPolicy backoffPolicy;
     private Future<?> scheduledFuture;
 
-    BackoffCacheEntry(RouteLookupRequest request, Status status, BackoffPolicy backoffPolicy) {
-      super(request);
+    BackoffCacheEntry(RouteLookupRequestKey routeLookupRequestKey, Status status,
+        BackoffPolicy backoffPolicy) {
+      super(routeLookupRequestKey);
       this.status = checkNotNull(status, "status");
       this.backoffPolicy = checkNotNull(backoffPolicy, "backoffPolicy");
     }
@@ -792,7 +804,7 @@ void cleanup() {
     @Override
     public String toString() {
       return MoreObjects.toStringHelper(this)
-          .add("request", request)
+          .add("request", routeLookupRequestKey)
           .add("status", status)
           .toString();
     }
@@ -811,7 +823,7 @@ static final class Builder {
     private Throttler throttler = new HappyThrottler();
     private ResolvedAddressFactory resolvedAddressFactory;
     private Ticker ticker = Ticker.systemTicker();
-    private EvictionListener<RouteLookupRequest, CacheEntry> evictionListener;
+    private EvictionListener<RouteLookupRequestKey, CacheEntry> evictionListener;
     private BackoffPolicy.Provider backoffProvider = new ExponentialBackoffPolicy.Provider();
 
     Builder setHelper(Helper helper) {
@@ -845,7 +857,7 @@ Builder setTicker(Ticker ticker) {
     }
 
     Builder setEvictionListener(
-        @Nullable EvictionListener<RouteLookupRequest, CacheEntry> evictionListener) {
+        @Nullable EvictionListener<RouteLookupRequestKey, CacheEntry> evictionListener) {
       this.evictionListener = evictionListener;
       return this;
     }
@@ -867,17 +879,17 @@ CachingRlsLbClient build() {
    * CacheEntry#cleanup()} after original {@link EvictionListener} is finished.
    */
   private static final class AutoCleaningEvictionListener
-      implements EvictionListener<RouteLookupRequest, CacheEntry> {
+      implements EvictionListener<RouteLookupRequestKey, CacheEntry> {
 
-    private final EvictionListener<RouteLookupRequest, CacheEntry> delegate;
+    private final EvictionListener<RouteLookupRequestKey, CacheEntry> delegate;
 
     AutoCleaningEvictionListener(
-        @Nullable EvictionListener<RouteLookupRequest, CacheEntry> delegate) {
+        @Nullable EvictionListener<RouteLookupRequestKey, CacheEntry> delegate) {
       this.delegate = delegate;
     }
 
     @Override
-    public void onEviction(RouteLookupRequest key, CacheEntry value, EvictionType cause) {
+    public void onEviction(RouteLookupRequestKey key, CacheEntry value, EvictionType cause) {
       if (delegate != null) {
         delegate.onEviction(key, value, cause);
       }
@@ -902,29 +914,29 @@ public void registerBackendResponse(boolean throttled) {
 
   /** Implementation of {@link LinkedHashLruCache} for RLS. */
   private static final class RlsAsyncLruCache
-      extends LinkedHashLruCache<RouteLookupRequest, CacheEntry> {
+      extends LinkedHashLruCache<RouteLookupRequestKey, CacheEntry> {
     private final RlsLbHelper helper;
 
     RlsAsyncLruCache(long maxEstimatedSizeBytes,
-        @Nullable EvictionListener<RouteLookupRequest, CacheEntry> evictionListener,
+        @Nullable EvictionListener<RouteLookupRequestKey, CacheEntry> evictionListener,
         Ticker ticker, RlsLbHelper helper) {
       super(maxEstimatedSizeBytes, evictionListener, ticker);
       this.helper = checkNotNull(helper, "helper");
     }
 
     @Override
-    protected boolean isExpired(RouteLookupRequest key, CacheEntry value, long nowNanos) {
+    protected boolean isExpired(RouteLookupRequestKey key, CacheEntry value, long nowNanos) {
       return value.isExpired(nowNanos);
     }
 
     @Override
-    protected int estimateSizeOf(RouteLookupRequest key, CacheEntry value) {
+    protected int estimateSizeOf(RouteLookupRequestKey key, CacheEntry value) {
       return value.getSizeBytes();
     }
 
     @Override
     protected boolean shouldInvalidateEldestEntry(
-        RouteLookupRequest eldestKey, CacheEntry eldestValue, long now) {
+        RouteLookupRequestKey eldestKey, CacheEntry eldestValue, long now) {
       if (!eldestValue.isOldEnoughToBeEvicted(now)) {
         return false;
       }
@@ -933,7 +945,7 @@ protected boolean shouldInvalidateEldestEntry(
       return this.estimatedSizeBytes() > this.estimatedMaxSizeBytes();
     }
 
-    public CacheEntry cacheAndClean(RouteLookupRequest key, CacheEntry value) {
+    public CacheEntry cacheAndClean(RouteLookupRequestKey key, CacheEntry value) {
       CacheEntry newEntry = cache(key, value);
 
       // force cleanup if new entry pushed cache over max size (in bytes)
@@ -989,9 +1001,9 @@ final class RlsPicker extends SubchannelPicker {
     public PickResult pickSubchannel(PickSubchannelArgs args) {
       String serviceName = args.getMethodDescriptor().getServiceName();
       String methodName = args.getMethodDescriptor().getBareMethodName();
-      RouteLookupRequest request =
+      RlsProtoData.RouteLookupRequestKey lookupRequestKey =
           requestFactory.create(serviceName, methodName, args.getHeaders());
-      final CachedRouteLookupResponse response = CachingRlsLbClient.this.get(request);
+      final CachedRouteLookupResponse response = CachingRlsLbClient.this.get(lookupRequestKey);
 
       if (response.getHeaderData() != null && !response.getHeaderData().isEmpty()) {
         Metadata headers = args.getHeaders();
diff --git a/rls/src/main/java/io/grpc/rls/RlsProtoConverters.java b/rls/src/main/java/io/grpc/rls/RlsProtoConverters.java
index aa5147449c4..70f9fb4d891 100644
--- a/rls/src/main/java/io/grpc/rls/RlsProtoConverters.java
+++ b/rls/src/main/java/io/grpc/rls/RlsProtoConverters.java
@@ -64,7 +64,9 @@ static final class RouteLookupRequestConverter
     @Override
     protected RlsProtoData.RouteLookupRequest doForward(RouteLookupRequest routeLookupRequest) {
       return RlsProtoData.RouteLookupRequest.create(
-          ImmutableMap.copyOf(routeLookupRequest.getKeyMapMap()));
+          ImmutableMap.copyOf(routeLookupRequest.getKeyMapMap()),
+          RlsProtoData.RouteLookupRequest.Reason.valueOf(routeLookupRequest.getReason().name())
+      );
     }
 
     @Override
@@ -72,6 +74,7 @@ protected RouteLookupRequest doBackward(RlsProtoData.RouteLookupRequest routeLoo
       return
           RouteLookupRequest.newBuilder()
               .setTargetType("grpc")
+              .setReason(RouteLookupRequest.Reason.valueOf(routeLookupRequest.reason().name()))
               .putAllKeyMap(routeLookupRequest.keyMap())
               .build();
     }
diff --git a/rls/src/main/java/io/grpc/rls/RlsProtoData.java b/rls/src/main/java/io/grpc/rls/RlsProtoData.java
index 49f32c6b6e3..39c404870f9 100644
--- a/rls/src/main/java/io/grpc/rls/RlsProtoData.java
+++ b/rls/src/main/java/io/grpc/rls/RlsProtoData.java
@@ -27,16 +27,42 @@ final class RlsProtoData {
 
   private RlsProtoData() {}
 
+  /** A key object for the Rls route lookup data cache. */
+  @AutoValue
+  @Immutable
+  abstract static class RouteLookupRequestKey {
+
+    /** Returns a map of key values extracted via key builders for the gRPC or HTTP request. */
+    abstract ImmutableMap<String, String> keyMap();
+
+    static RouteLookupRequestKey create(ImmutableMap<String, String> keyMap) {
+      return new AutoValue_RlsProtoData_RouteLookupRequestKey(keyMap);
+    }
+  }
+
   /** A request object sent to route lookup service. */
   @AutoValue
   @Immutable
   abstract static class RouteLookupRequest {
 
+    /** Names should match those in {@link io.grpc.lookup.v1.RouteLookupRequest.Reason}. */
+    enum Reason {
+      /** Unused. */
+      REASON_UNKNOWN,
+      /** No data available in local cache. */
+      REASON_MISS,
+      /** Data in local cache is stale. */
+      REASON_STALE;
+    }
+
+    /** Reason for making this request. */
+    abstract Reason reason();
+
     /** Returns a map of key values extracted via key builders for the gRPC or HTTP request. */
     abstract ImmutableMap<String, String> keyMap();
 
-    static RouteLookupRequest create(ImmutableMap<String, String> keyMap) {
-      return new AutoValue_RlsProtoData_RouteLookupRequest(keyMap);
+    static RouteLookupRequest create(ImmutableMap<String, String> keyMap, Reason reason) {
+      return new AutoValue_RlsProtoData_RouteLookupRequest(reason, keyMap);
     }
   }
 
diff --git a/rls/src/main/java/io/grpc/rls/RlsRequestFactory.java b/rls/src/main/java/io/grpc/rls/RlsRequestFactory.java
index e26e49979e1..1fed78f4df3 100644
--- a/rls/src/main/java/io/grpc/rls/RlsRequestFactory.java
+++ b/rls/src/main/java/io/grpc/rls/RlsRequestFactory.java
@@ -27,13 +27,13 @@
 import io.grpc.rls.RlsProtoData.GrpcKeyBuilder.Name;
 import io.grpc.rls.RlsProtoData.NameMatcher;
 import io.grpc.rls.RlsProtoData.RouteLookupConfig;
-import io.grpc.rls.RlsProtoData.RouteLookupRequest;
+import io.grpc.rls.RlsProtoData.RouteLookupRequestKey;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
 /**
- * A RlsRequestFactory creates {@link RouteLookupRequest} using key builder map from {@link
+ * A RlsRequestFactory creates {@link RouteLookupRequestKey} using key builder map from {@link
  * RouteLookupConfig}.
  */
 final class RlsRequestFactory {
@@ -61,9 +61,9 @@ private static Map<String, GrpcKeyBuilder> createKeyBuilderTable(
     return table;
   }
 
-  /** Creates a {@link RouteLookupRequest} for given request's metadata. */
+  /** Creates a {@link RouteLookupRequestKey} for the given request lookup metadata. */
   @CheckReturnValue
-  RouteLookupRequest create(String service, String method, Metadata metadata) {
+  RouteLookupRequestKey create(String service, String method, Metadata metadata) {
     checkNotNull(service, "service");
     checkNotNull(method, "method");
     String path = "/" + service + "/" + method;
@@ -73,7 +73,7 @@ RouteLookupRequest create(String service, String method, Metadata metadata) {
       grpcKeyBuilder = keyBuilderTable.get("/" + service + "/*");
     }
     if (grpcKeyBuilder == null) {
-      return RouteLookupRequest.create(ImmutableMap.<String, String>of());
+      return RouteLookupRequestKey.create(ImmutableMap.of());
     }
     ImmutableMap.Builder<String, String> rlsRequestHeaders =
         createRequestHeaders(metadata, grpcKeyBuilder.headers());
@@ -89,7 +89,7 @@ RouteLookupRequest create(String service, String method, Metadata metadata) {
       rlsRequestHeaders.put(extraKeys.method(), method);
     }
     rlsRequestHeaders.putAll(constantKeys);
-    return RouteLookupRequest.create(rlsRequestHeaders.buildOrThrow());
+    return RouteLookupRequestKey.create(rlsRequestHeaders.buildOrThrow());
   }
 
   private ImmutableMap.Builder<String, String> createRequestHeaders(
diff --git a/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java b/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
index 4f086abc4a2..93c7d0f00ff 100644
--- a/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
+++ b/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
@@ -128,7 +128,7 @@ public class CachingRlsLbClientTest {
   public final GrpcCleanupRule grpcCleanupRule = new GrpcCleanupRule();
 
   @Mock
-  private EvictionListener<RouteLookupRequest, CacheEntry> evictionListener;
+  private EvictionListener<RlsProtoData.RouteLookupRequestKey, CacheEntry> evictionListener;
   @Mock
   private SocketAddress socketAddress;
   @Mock
@@ -200,14 +200,14 @@ public void tearDown() throws Exception {
   }
 
   private CachedRouteLookupResponse getInSyncContext(
-      final RouteLookupRequest request)
+      final RlsProtoData.RouteLookupRequestKey routeLookupRequestKey)
       throws ExecutionException, InterruptedException, TimeoutException {
     final SettableFuture<CachedRouteLookupResponse> responseSettableFuture =
         SettableFuture.create();
     syncContext.execute(new Runnable() {
       @Override
       public void run() {
-        responseSettableFuture.set(rlsLbClient.get(request));
+        responseSettableFuture.set(rlsLbClient.get(routeLookupRequestKey));
       }
     });
     return responseSettableFuture.get(5, TimeUnit.SECONDS);
@@ -217,48 +217,53 @@ public void run() {
   public void get_noError_lifeCycle() throws Exception {
     setUpRlsLbClient();
     InOrder inOrder = inOrder(evictionListener);
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
     rlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            routeLookupRequest,
+            routeLookupRequestKey,
             RouteLookupResponse.create(ImmutableList.of("target"), "header")));
 
     // initial request
-    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequest);
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.isPending()).isTrue();
 
     // server response
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isTrue();
 
     // cache hit for staled entry
     fakeClock.forwardTime(ROUTE_LOOKUP_CONFIG.staleAgeInNanos(), TimeUnit.NANOSECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    rlsServerImpl.routeLookupReason = null;
+    resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isTrue();
 
     // async refresh finishes
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
     inOrder
         .verify(evictionListener)
-        .onEviction(eq(routeLookupRequest), any(CacheEntry.class), eq(EvictionType.REPLACED));
+        .onEviction(eq(routeLookupRequestKey), any(CacheEntry.class), eq(EvictionType.REPLACED));
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
 
+    assertThat(rlsServerImpl.routeLookupReason).isEqualTo(
+        io.grpc.lookup.v1.RouteLookupRequest.Reason.REASON_STALE);
     assertThat(resp.hasData()).isTrue();
 
     // existing cache expired
     fakeClock.forwardTime(ROUTE_LOOKUP_CONFIG.maxAgeInNanos(), TimeUnit.NANOSECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
 
     assertThat(resp.isPending()).isTrue();
     inOrder
         .verify(evictionListener)
-        .onEviction(eq(routeLookupRequest), any(CacheEntry.class), eq(EvictionType.EXPIRED));
+        .onEviction(eq(routeLookupRequestKey), any(CacheEntry.class), eq(EvictionType.EXPIRED));
 
     inOrder.verifyNoMoreInteractions();
   }
@@ -287,22 +292,27 @@ public void rls_withCustomRlsChannelServiceConfig() throws Exception {
             .setThrottler(fakeThrottler)
             .setTicker(fakeClock.getTicker())
             .build();
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
     rlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            routeLookupRequest,
+            routeLookupRequestKey,
             RouteLookupResponse.create(ImmutableList.of("target"), "header")));
 
+    rlsServerImpl.routeLookupReason = null;
     // initial request
-    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequest);
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.isPending()).isTrue();
 
     // server response
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isTrue();
+    assertThat(rlsServerImpl.routeLookupReason).isEqualTo(
+        io.grpc.lookup.v1.RouteLookupRequest.Reason.REASON_MISS);
 
     assertThat(rlsChannelOverriddenAuthority).isEqualTo("bigtable.googleapis.com:443");
     assertThat(rlsChannelServiceConfig).isEqualTo(routeLookupChannelServiceConfig);
@@ -311,26 +321,28 @@ public void rls_withCustomRlsChannelServiceConfig() throws Exception {
   @Test
   public void get_throttledAndRecover() throws Exception {
     setUpRlsLbClient();
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
     rlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            routeLookupRequest,
+            routeLookupRequestKey,
             RouteLookupResponse.create(ImmutableList.of("target"), "header")));
 
     fakeThrottler.nextResult = true;
     fakeBackoffProvider.nextPolicy = createBackoffPolicy(10, TimeUnit.MILLISECONDS);
 
-    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequest);
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
 
     assertThat(resp.hasError()).isTrue();
 
     fakeClock.forwardTime(10, TimeUnit.MILLISECONDS);
     // initially backed off entry is backed off again
     verify(evictionListener)
-        .onEviction(eq(routeLookupRequest), any(CacheEntry.class), eq(EvictionType.EXPLICIT));
+        .onEviction(eq(routeLookupRequestKey), any(CacheEntry.class), eq(EvictionType.EXPLICIT));
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
 
     assertThat(resp.hasError()).isTrue();
 
@@ -338,14 +350,17 @@ public void get_throttledAndRecover() throws Exception {
     fakeThrottler.nextResult = false;
     fakeClock.forwardTime(10, TimeUnit.MILLISECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
 
     assertThat(resp.isPending()).isTrue();
 
+    rlsServerImpl.routeLookupReason = null;
     // server responses
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
+    assertThat(rlsServerImpl.routeLookupReason).isEqualTo(
+        io.grpc.lookup.v1.RouteLookupRequest.Reason.REASON_MISS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
 
     assertThat(resp.hasData()).isTrue();
   }
@@ -354,21 +369,24 @@ public void get_throttledAndRecover() throws Exception {
   public void get_updatesLbState() throws Exception {
     setUpRlsLbClient();
     InOrder inOrder = inOrder(helper);
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "service1", "method-key", "create"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "service1",
+                "method-key", "create"));
     rlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            routeLookupRequest,
+            routeLookupRequestKey,
             RouteLookupResponse.create(
                 ImmutableList.of("primary.cloudbigtable.googleapis.com"),
                 "header-rls-data-value")));
 
     // valid channel
-    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequest);
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.isPending()).isTrue();
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isTrue();
 
     ArgumentCaptor<SubchannelPicker> pickerCaptor = ArgumentCaptor.forClass(SubchannelPicker.class);
@@ -393,13 +411,13 @@ public void get_updatesLbState() throws Exception {
     // move backoff further back to only test error behavior
     fakeBackoffProvider.nextPolicy = createBackoffPolicy(100, TimeUnit.MILLISECONDS);
     // try to get invalid
-    RouteLookupRequest invalidRouteLookupRequest =
-        RouteLookupRequest.create(ImmutableMap.<String, String>of());
-    CachedRouteLookupResponse errorResp = getInSyncContext(invalidRouteLookupRequest);
+    RlsProtoData.RouteLookupRequestKey invalidRouteLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(ImmutableMap.<String, String>of());
+    CachedRouteLookupResponse errorResp = getInSyncContext(invalidRouteLookupRequestKey);
     assertThat(errorResp.isPending()).isTrue();
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    errorResp = getInSyncContext(invalidRouteLookupRequest);
+    errorResp = getInSyncContext(invalidRouteLookupRequestKey);
     assertThat(errorResp.hasError()).isTrue();
 
     // Channel is still READY because the subchannel for method /service1/create is still READY.
@@ -423,21 +441,24 @@ public void get_updatesLbState() throws Exception {
   @Test
   public void timeout_not_changing_picked_subchannel() throws Exception {
     setUpRlsLbClient();
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "service1", "method-key", "create"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "service1",
+                "method-key", "create"));
     rlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            routeLookupRequest,
+            routeLookupRequestKey,
             RouteLookupResponse.create(
                 ImmutableList.of("primary.cloudbigtable.googleapis.com", "target2", "target3"),
                 "header-rls-data-value")));
 
     // valid channel
-    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequest);
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isFalse();
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isTrue();
 
     ArgumentCaptor<SubchannelPicker> pickerCaptor = ArgumentCaptor.forClass(SubchannelPicker.class);
@@ -493,21 +514,24 @@ public void get_withAdaptiveThrottler() throws Exception {
             .setTicker(fakeClock.getTicker())
             .build();
     InOrder inOrder = inOrder(helper);
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "service1", "method-key", "create"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "service1",
+                "method-key", "create"));
     rlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            routeLookupRequest,
+            routeLookupRequestKey,
             RouteLookupResponse.create(
                 ImmutableList.of("primary.cloudbigtable.googleapis.com"),
                 "header-rls-data-value")));
 
     // valid channel
-    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequest);
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.isPending()).isTrue();
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isTrue();
 
     ArgumentCaptor<SubchannelPicker> pickerCaptor = ArgumentCaptor.forClass(SubchannelPicker.class);
@@ -524,13 +548,13 @@ public void get_withAdaptiveThrottler() throws Exception {
     // move backoff further back to only test error behavior
     fakeBackoffProvider.nextPolicy = createBackoffPolicy(100, TimeUnit.MILLISECONDS);
     // try to get invalid
-    RouteLookupRequest invalidRouteLookupRequest =
-        RouteLookupRequest.create(ImmutableMap.<String, String>of());
-    CachedRouteLookupResponse errorResp = getInSyncContext(invalidRouteLookupRequest);
+    RlsProtoData.RouteLookupRequestKey invalidRouteLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(ImmutableMap.<String, String>of());
+    CachedRouteLookupResponse errorResp = getInSyncContext(invalidRouteLookupRequestKey);
     assertThat(errorResp.isPending()).isTrue();
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    errorResp = getInSyncContext(invalidRouteLookupRequest);
+    errorResp = getInSyncContext(invalidRouteLookupRequestKey);
     assertThat(errorResp.hasError()).isTrue();
 
     // Channel is still READY because the subchannel for method /service1/create is still READY.
@@ -560,22 +584,26 @@ private PickSubchannelArgsImpl getInvalidArgs(Metadata headers) {
   @Test
   public void get_childPolicyWrapper_reusedForSameTarget() throws Exception {
     setUpRlsLbClient();
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
-    RouteLookupRequest routeLookupRequest2 = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "baz"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey2 =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "baz"));
     rlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            routeLookupRequest,
+            routeLookupRequestKey,
             RouteLookupResponse.create(ImmutableList.of("target"), "header"),
-            routeLookupRequest2,
+            routeLookupRequestKey2,
             RouteLookupResponse.create(ImmutableList.of("target"), "header2")));
 
-    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequest);
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.isPending()).isTrue();
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isTrue();
     assertThat(resp.getHeaderData()).isEqualTo("header");
 
@@ -585,11 +613,11 @@ public void get_childPolicyWrapper_reusedForSameTarget() throws Exception {
     assertThat(childPolicyWrapper.getPicker()).isNotInstanceOf(RlsPicker.class);
 
     // request2 has same target, it should reuse childPolicyWrapper
-    CachedRouteLookupResponse resp2 = getInSyncContext(routeLookupRequest2);
+    CachedRouteLookupResponse resp2 = getInSyncContext(routeLookupRequestKey2);
     assertThat(resp2.isPending()).isTrue();
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    resp2 = getInSyncContext(routeLookupRequest2);
+    resp2 = getInSyncContext(routeLookupRequestKey2);
     assertThat(resp2.hasData()).isTrue();
     assertThat(resp2.getHeaderData()).isEqualTo("header2");
     assertThat(resp2.getChildPolicyWrapper()).isEqualTo(resp.getChildPolicyWrapper());
@@ -598,20 +626,22 @@ public void get_childPolicyWrapper_reusedForSameTarget() throws Exception {
   @Test
   public void get_childPolicyWrapper_multiTarget() throws Exception {
     setUpRlsLbClient();
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(ImmutableMap.of(
-        "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
     rlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            routeLookupRequest,
+            routeLookupRequestKey,
             RouteLookupResponse.create(
                 ImmutableList.of("target1", "target2", "target3"),
                 "header")));
 
-    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequest);
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.isPending()).isTrue();
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
-    resp = getInSyncContext(routeLookupRequest);
+    resp = getInSyncContext(routeLookupRequestKey);
     assertThat(resp.hasData()).isTrue();
     List<ChildPolicyWrapper> policyWrappers = new ArrayList<>();
 
@@ -680,14 +710,15 @@ public void metricGauges() throws ExecutionException, InterruptedException, Time
         .recordLongGauge(argThat(new LongGaugeInstrumentArgumentMatcher("grpc.lb.rls.cache_size")),
             eq(0L), any(), any());
 
-    RouteLookupRequest routeLookupRequest = RouteLookupRequest.create(
-        ImmutableMap.of("server", "bigtable.googleapis.com", "service-key", "foo", "method-key",
-            "bar"));
-    rlsServerImpl.setLookupTable(ImmutableMap.of(routeLookupRequest,
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of("server", "bigtable.googleapis.com", "service-key", "foo", "method-key",
+                "bar"));
+    rlsServerImpl.setLookupTable(ImmutableMap.of(routeLookupRequestKey,
         RouteLookupResponse.create(ImmutableList.of("target"), "header")));
 
     // Make a request that will populate the cache with an entry
-    getInSyncContext(routeLookupRequest);
+    getInSyncContext(routeLookupRequestKey);
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
 
     // Gauge values should reflect the new cache entry.
@@ -857,7 +888,9 @@ private static final class StaticFixedDelayRlsServerImpl
     private final long responseDelayNano;
     private final ScheduledExecutorService scheduledExecutorService;
 
-    private Map<RouteLookupRequest, RouteLookupResponse> lookupTable = ImmutableMap.of();
+    private Map<RlsProtoData.RouteLookupRequestKey, RouteLookupResponse> lookupTable =
+        ImmutableMap.of();
+    io.grpc.lookup.v1.RouteLookupRequest.Reason routeLookupReason;
 
     public StaticFixedDelayRlsServerImpl(
         long responseDelayNano, ScheduledExecutorService scheduledExecutorService) {
@@ -867,7 +900,8 @@ public StaticFixedDelayRlsServerImpl(
           checkNotNull(scheduledExecutorService, "scheduledExecutorService");
     }
 
-    private void setLookupTable(Map<RouteLookupRequest, RouteLookupResponse> lookupTable) {
+    private void setLookupTable(Map<RlsProtoData.RouteLookupRequestKey,
+        RouteLookupResponse> lookupTable) {
       this.lookupTable = checkNotNull(lookupTable, "lookupTable");
     }
 
@@ -879,8 +913,11 @@ public void routeLookup(final io.grpc.lookup.v1.RouteLookupRequest request,
               new Runnable() {
                 @Override
                 public void run() {
+                  routeLookupReason = request.getReason();
                   RouteLookupResponse response =
-                      lookupTable.get(REQUEST_CONVERTER.convert(request));
+                      lookupTable.get(
+                          RlsProtoData.RouteLookupRequestKey.create(
+                              REQUEST_CONVERTER.convert(request).keyMap()));
                   if (response == null) {
                     responseObserver.onError(new RuntimeException("not found"));
                   } else {
diff --git a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
index 354466f3caf..c180935b153 100644
--- a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
@@ -166,15 +166,19 @@ public void setUp() {
             .build();
     fakeRlsServerImpl.setLookupTable(
         ImmutableMap.of(
-            RouteLookupRequest.create(ImmutableMap.of(
+            RouteLookupRequest.create(
+                ImmutableMap.of(
                 "server", "fake-bigtable.googleapis.com",
                 "service-key", "com.google",
-                "method-key", "Search")),
+                "method-key", "Search"),
+                RouteLookupRequest.Reason.REASON_MISS),
             RouteLookupResponse.create(ImmutableList.of("wilderness"), "where are you?"),
-            RouteLookupRequest.create(ImmutableMap.of(
+            RouteLookupRequest.create(
+                ImmutableMap.of(
                 "server", "fake-bigtable.googleapis.com",
                 "service-key", "com.google",
-                "method-key", "Rescue")),
+                "method-key", "Rescue"),
+                RouteLookupRequest.Reason.REASON_MISS),
             RouteLookupResponse.create(ImmutableList.of("civilization"), "you are safe")));
 
     rlsLb = (RlsLoadBalancer) provider.newLoadBalancer(helper);
diff --git a/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java b/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
index fc5fdb59f21..ad1ce8c363e 100644
--- a/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
@@ -61,12 +61,14 @@ public void convert_toRequestObject() {
     Converter<RlsProtoData.RouteLookupRequest, RouteLookupRequest> converter =
         new RouteLookupRequestConverter().reverse();
     RlsProtoData.RouteLookupRequest requestObject =
-        RlsProtoData.RouteLookupRequest.create(ImmutableMap.of("key1", "val1"));
+        RlsProtoData.RouteLookupRequest.create(ImmutableMap.of("key1", "val1"),
+            RlsProtoData.RouteLookupRequest.Reason.REASON_MISS);
 
     RouteLookupRequest proto = converter.convert(requestObject);
 
     assertThat(proto.getTargetType()).isEqualTo("grpc");
     assertThat(proto.getKeyMapMap()).containsExactly("key1", "val1");
+    assertThat(proto.getReason()).isEqualTo(RouteLookupRequest.Reason.REASON_MISS);
   }
 
   @Test
diff --git a/rls/src/test/java/io/grpc/rls/RlsRequestFactoryTest.java b/rls/src/test/java/io/grpc/rls/RlsRequestFactoryTest.java
index 6ee2c01af8a..2b900994ed9 100644
--- a/rls/src/test/java/io/grpc/rls/RlsRequestFactoryTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsRequestFactoryTest.java
@@ -26,7 +26,6 @@
 import io.grpc.rls.RlsProtoData.GrpcKeyBuilder.Name;
 import io.grpc.rls.RlsProtoData.NameMatcher;
 import io.grpc.rls.RlsProtoData.RouteLookupConfig;
-import io.grpc.rls.RlsProtoData.RouteLookupRequest;
 import java.util.concurrent.TimeUnit;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -82,8 +81,9 @@ public void create_pathMatches() {
     metadata.put(Metadata.Key.of("X-Google-Id", Metadata.ASCII_STRING_MARSHALLER), "123");
     metadata.put(Metadata.Key.of("foo", Metadata.ASCII_STRING_MARSHALLER), "bar");
 
-    RouteLookupRequest request = factory.create("com.google.service1", "Create", metadata);
-    assertThat(request.keyMap()).containsExactly(
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        factory.create("com.google.service1", "Create", metadata);
+    assertThat(routeLookupRequestKey.keyMap()).containsExactly(
         "user", "test",
         "id", "123",
         "server-1", "bigtable.googleapis.com",
@@ -97,9 +97,10 @@ public void create_pathFallbackMatches() {
     metadata.put(Metadata.Key.of("Password", Metadata.ASCII_STRING_MARSHALLER), "hunter2");
     metadata.put(Metadata.Key.of("foo", Metadata.ASCII_STRING_MARSHALLER), "bar");
 
-    RouteLookupRequest request = factory.create("com.google.service1" , "Update", metadata);
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        factory.create("com.google.service1" , "Update", metadata);
 
-    assertThat(request.keyMap()).containsExactly(
+    assertThat(routeLookupRequestKey.keyMap()).containsExactly(
         "user", "test",
         "password", "hunter2",
         "service-2", "com.google.service1",
@@ -113,9 +114,10 @@ public void create_pathFallbackMatches_optionalHeaderMissing() {
     metadata.put(Metadata.Key.of("X-Google-Id", Metadata.ASCII_STRING_MARSHALLER), "123");
     metadata.put(Metadata.Key.of("foo", Metadata.ASCII_STRING_MARSHALLER), "bar");
 
-    RouteLookupRequest request = factory.create("com.google.service1", "Update", metadata);
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        factory.create("com.google.service1", "Update", metadata);
 
-    assertThat(request.keyMap()).containsExactly(
+    assertThat(routeLookupRequestKey.keyMap()).containsExactly(
         "user", "test",
         "service-2", "com.google.service1",
         "const-key-2", "const-value-2");
@@ -128,8 +130,9 @@ public void create_unknownPath() {
     metadata.put(Metadata.Key.of("X-Google-Id", Metadata.ASCII_STRING_MARSHALLER), "123");
     metadata.put(Metadata.Key.of("foo", Metadata.ASCII_STRING_MARSHALLER), "bar");
 
-    RouteLookupRequest request = factory.create("abc.def.service999", "Update", metadata);
-    assertThat(request.keyMap()).isEmpty();
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        factory.create("abc.def.service999", "Update", metadata);
+    assertThat(routeLookupRequestKey.keyMap()).isEmpty();
   }
 
   @Test
@@ -139,9 +142,10 @@ public void create_noMethodInRlsConfig() {
     metadata.put(Metadata.Key.of("X-Google-Id", Metadata.ASCII_STRING_MARSHALLER), "123");
     metadata.put(Metadata.Key.of("foo", Metadata.ASCII_STRING_MARSHALLER), "bar");
 
-    RouteLookupRequest request = factory.create("com.google.service3", "Update", metadata);
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        factory.create("com.google.service3", "Update", metadata);
 
-    assertThat(request.keyMap()).containsExactly(
+    assertThat(routeLookupRequestKey.keyMap()).containsExactly(
         "user", "test", "const-key-4", "const-value-4");
   }
 }

From 9313e87dfe55f00a5b73028b33e6d6866cbd6330 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 17 Oct 2025 22:59:17 -0700
Subject: [PATCH 435/591] Pre-factor out the guts of the BinderClientTransport
 handshake.

Moves the existing handshake logic behind an interface using the
strategy pattern. No functional change.
---
 .../internal/BinderClientTransport.java       | 65 +++++++++++++++++--
 1 file changed, 61 insertions(+), 4 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index 54d65936fab..b456b60de34 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -25,6 +25,8 @@
 import android.os.IBinder;
 import android.os.Parcel;
 import android.os.Process;
+import androidx.annotation.BinderThread;
+import androidx.annotation.MainThread;
 import com.google.common.base.Ticker;
 import com.google.common.util.concurrent.FutureCallback;
 import com.google.common.util.concurrent.Futures;
@@ -72,6 +74,9 @@ public final class BinderClientTransport extends BinderTransport
   private final SecurityPolicy securityPolicy;
   private final Bindable serviceBinding;
 
+  @GuardedBy("this")
+  private final ClientHandshake handshake;
+
   /** Number of ongoing calls which keep this transport "in-use". */
   private final AtomicInteger numInUseStreams;
 
@@ -114,6 +119,7 @@ public BinderClientTransport(
     Boolean preAuthServerOverride = options.getEagAttributes().get(PRE_AUTH_SERVER_OVERRIDE);
     this.preAuthorizeServer =
         preAuthServerOverride != null ? preAuthServerOverride : factory.preAuthorizeServers;
+    this.handshake = new LegacyClientHandshake();
     numInUseStreams = new AtomicInteger();
     pingTracker = new PingTracker(Ticker.systemTicker(), (id) -> sendPing(id));
 
@@ -136,7 +142,7 @@ void releaseExecutors() {
 
   @Override
   public synchronized void onBound(IBinder binder) {
-    sendSetupTransaction(binderDecorator.decorate(OneWayBinderProxy.wrap(binder, offloadExecutor)));
+    handshake.onBound(binderDecorator.decorate(OneWayBinderProxy.wrap(binder, offloadExecutor)));
   }
 
   @Override
@@ -340,10 +346,11 @@ protected void handleSetupTransport(Parcel parcel) {
           Status.UNAVAILABLE.withDescription("Failed to observe outgoing binder"), true);
       return;
     }
+    handshake.handleSetupTransport();
+  }
 
-    int remoteUid = Binder.getCallingUid();
-    restrictIncomingBinderToCallsFrom(remoteUid);
-    attributes = setSecurityAttrs(attributes, remoteUid);
+  @GuardedBy("this")
+  private void checkServerAuthorization(int remoteUid) {
     ListenableFuture<Status> authResultFuture = register(checkServerAuthorizationAsync(remoteUid));
     Futures.addCallback(
         authResultFuture,
@@ -376,7 +383,11 @@ private synchronized void handleAuthResult(Status authorization) {
       shutdownInternal(authorization, true);
       return;
     }
+    handshake.onServerAuthorizationOk();
+  }
 
+  @GuardedBy("this")
+  private void onHandshakeComplete() {
     setState(TransportState.READY);
     attributes = clientTransportListener.filterTransport(attributes);
     clientTransportListener.transportReady();
@@ -397,6 +408,52 @@ protected void handlePingResponse(Parcel parcel) {
     pingTracker.onPingResponse(parcel.readInt());
   }
 
+  /**
+   * An abstract implementation of the client's connection handshake.
+   *
+   * <p>Supports a clean migration away from the legacy approach, one client at a time.
+   */
+  private interface ClientHandshake {
+    /**
+     * Notifies the implementation that the binding has succeeded and we are now connected to the
+     * server's "endpoint" which can be reached at 'endpointBinder'.
+     */
+    @MainThread
+    void onBound(OneWayBinderProxy endpointBinder);
+
+    /** Notifies the implementation that we've received a valid SETUP_TRANSPORT transaction. */
+    @BinderThread
+    void handleSetupTransport();
+
+    /** Notifies the implementation that the SecurityPolicy check of the server succeeded. */
+    void onServerAuthorizationOk();
+  }
+
+  private final class LegacyClientHandshake implements ClientHandshake {
+    @Override
+    @MainThread
+    @GuardedBy("BinderClientTransport.this") // By way of @GuardedBy("this") `handshake` member.
+    public void onBound(OneWayBinderProxy binder) {
+      sendSetupTransaction(binder);
+    }
+
+    @Override
+    @BinderThread
+    @GuardedBy("BinderClientTransport.this") // By way of @GuardedBy("this") `handshake` member.
+    public void handleSetupTransport() {
+      int remoteUid = Binder.getCallingUid();
+      restrictIncomingBinderToCallsFrom(remoteUid);
+      attributes = setSecurityAttrs(attributes, remoteUid);
+      checkServerAuthorization(remoteUid);
+    }
+
+    @Override
+    @GuardedBy("BinderClientTransport.this") // By way of @GuardedBy("this") `handshake` member.
+    public void onServerAuthorizationOk() {
+      onHandshakeComplete();
+    }
+  }
+
   private static ClientStream newFailingClientStream(
       Status failure, Attributes attributes, Metadata headers, ClientStreamTracer[] tracers) {
     StatsTraceContext statsTraceContext =

From d9710725d708e64b0455b8a184614b91c003d372 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 17 Oct 2025 23:29:34 -0700
Subject: [PATCH 436/591] binder: Introduce server authorization strategy v2

Adds support for android:isolatedProcess Services (fixing #12293) and
moves all peer authorization checks to the handshake, allowing
subsequent transactions to go unchecked.
---
 .../grpc/binder/BinderChannelSmokeTest.java   | 29 ++++++---
 .../io/grpc/binder/BinderChannelBuilder.java  | 61 +++++++++++++++++++
 .../io/grpc/binder/internal/Bindable.java     | 22 ++++++-
 .../internal/BinderClientTransport.java       | 54 +++++++++++++++-
 .../BinderClientTransportFactory.java         |  9 +++
 .../grpc/binder/internal/ServiceBinding.java  | 24 ++++++++
 .../RobolectricBinderTransportTest.java       | 43 ++++++++++---
 .../binder/internal/ServiceBindingTest.java   | 31 ++++++++++
 8 files changed, 252 insertions(+), 21 deletions(-)

diff --git a/binder/src/androidTest/java/io/grpc/binder/BinderChannelSmokeTest.java b/binder/src/androidTest/java/io/grpc/binder/BinderChannelSmokeTest.java
index e3a8c58bf88..4e3cfcf0d05 100644
--- a/binder/src/androidTest/java/io/grpc/binder/BinderChannelSmokeTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/BinderChannelSmokeTest.java
@@ -97,6 +97,7 @@ public final class BinderChannelSmokeTest {
           .setType(MethodDescriptor.MethodType.BIDI_STREAMING)
           .build();
 
+  AndroidComponentAddress serverAddress;
   ManagedChannel channel;
   AtomicReference<Metadata> headersCapture = new AtomicReference<>();
   AtomicReference<PeerUid> clientUidCapture = new AtomicReference<>();
@@ -134,7 +135,7 @@ public void setUp() throws Exception {
             TestUtils.recordRequestHeadersInterceptor(headersCapture),
             PeerUids.newPeerIdentifyingServerInterceptor());
 
-    AndroidComponentAddress serverAddress = HostServices.allocateService(appContext);
+    serverAddress = HostServices.allocateService(appContext);
     HostServices.configureService(
         serverAddress,
         HostServices.serviceParamsBuilder()
@@ -149,13 +150,15 @@ public void setUp() throws Exception {
                         .build())
             .build());
 
-    channel =
-        BinderChannelBuilder.forAddress(serverAddress, appContext)
+    channel = newBinderChannelBuilder().build();
+  }
+
+  BinderChannelBuilder newBinderChannelBuilder() {
+    return BinderChannelBuilder.forAddress(serverAddress, appContext)
             .inboundParcelablePolicy(
-                InboundParcelablePolicy.newBuilder()
-                    .setAcceptParcelableMetadataValues(true)
-                    .build())
-            .build();
+                    InboundParcelablePolicy.newBuilder()
+                            .setAcceptParcelableMetadataValues(true)
+                            .build());
   }
 
   @After
@@ -185,6 +188,18 @@ public void testBasicCall() throws Exception {
     assertThat(doCall("Hello").get()).isEqualTo("Hello");
   }
 
+  @Test
+  public void testBasicCallWithLegacyAuthStrategy() throws Exception {
+    channel = newBinderChannelBuilder().useLegacyAuthStrategy().build();
+    assertThat(doCall("Hello").get()).isEqualTo("Hello");
+  }
+
+  @Test
+  public void testBasicCallWithV2AuthStrategy() throws Exception {
+    channel = newBinderChannelBuilder().useV2AuthStrategy().build();
+    assertThat(doCall("Hello").get()).isEqualTo("Hello");
+  }
+
   @Test
   public void testPeerUidIsRecorded() throws Exception {
     assertThat(doCall("Hello").get()).isEqualTo("Hello");
diff --git a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
index 9a20d35ddb5..a241634dd22 100644
--- a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
+++ b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
@@ -280,6 +280,67 @@ public BinderChannelBuilder preAuthorizeServers(boolean preAuthorize) {
     return this;
   }
 
+  /**
+   * Specifies how and when to authorize a server against this Channel's {@link SecurityPolicy}.
+   *
+   * <p>This method selects the original "legacy" authorization strategy, which is no longer
+   * preferred for two reasons: First, the legacy strategy considers the UID of the server *process*
+   * we connect to. This is problematic for services using the `android:isolatedProcess` attribute,
+   * which runs them under a different "ephemeral" UID. This UID lacks all the privileges of the
+   * hosting app -- any non-trivial SecurityPolicy would fail to authorize it. Second, the legacy
+   * authorization strategy performs SecurityPolicy checks later in the connection handshake, which
+   * means the calling UID must be rechecked on every subsequent RPC. For these reasons, prefer
+   * {@link #useV2AuthStrategy} instead.
+   *
+   * <p>The server does not know which authorization strategy a client is using. Both strategies
+   * work with all versions of the grpc-binder server.
+   *
+   * <p>Callers need not specify an authorization strategy, but the default is unspecified and will
+   * eventually become {@link #useV2AuthStrategy()}. Clients that require the legacy strategy should
+   * configure it explicitly using this method. Eventually, however, legacy support will be
+   * deprecated and removed.
+   *
+   * @return this
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/12397")
+  public BinderChannelBuilder useLegacyAuthStrategy() {
+    transportFactoryBuilder.setUseLegacyAuthStrategy(true);
+    return this;
+  }
+
+  /**
+   * Specifies how and when to authorize a server against this Channel's {@link SecurityPolicy}.
+   *
+   * <p>This method selects the v2 authorization strategy. It improves on the original strategy
+   * ({@link #useLegacyAuthStrategy}), by considering the UID of the server *app* we connect to,
+   * rather than the server *process*. This allows clients to connect to services configured with
+   * the `android:isolatedProcess` attribute, which run with the same authority as the hosting app,
+   * but under a different "ephemeral" UID that any non-trivial SecurityPolicy would fail to
+   * authorize.
+   *
+   * <p>Furthermore, the v2 authorization strategy performs SecurityPolicy checks earlier in the
+   * connection handshake, which allows subsequent RPCs over that connection to proceed securely
+   * without further UID checks. For these reasons, clients should prefer the v2 strategy.
+   *
+   * <p>The server does not know which authorization strategy a client is using. Both strategies
+   * work with all versions of the grpc-binder server.
+   *
+   * <p>Callers need not specify an authorization strategy, but the default is unspecified and can
+   * change over time. Clients that require the v2 strategy should configure it explicitly using
+   * this method. Eventually, this strategy will become the default and legacy support will be
+   * removed.
+   *
+   * <p>If moving to the new authorization strategy causes a robolectric test to fail, ensure your
+   * fake Service component is registered with `ShadowPackageManager` using `addOrUpdateService()`.
+   *
+   * @return this
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/12397")
+  public BinderChannelBuilder useV2AuthStrategy() {
+    transportFactoryBuilder.setUseLegacyAuthStrategy(false);
+    return this;
+  }
+
   @Override
   public BinderChannelBuilder idleTimeout(long value, TimeUnit unit) {
     checkState(
diff --git a/binder/src/main/java/io/grpc/binder/internal/Bindable.java b/binder/src/main/java/io/grpc/binder/internal/Bindable.java
index ae0c7284faf..59a2502de2b 100644
--- a/binder/src/main/java/io/grpc/binder/internal/Bindable.java
+++ b/binder/src/main/java/io/grpc/binder/internal/Bindable.java
@@ -54,8 +54,11 @@ interface Observer {
    * before giving them a chance to run. However, note that the identity/existence of the resolved
    * Service can change between the time this method returns and the time you actually bind/connect
    * to it. For example, suppose the target package gets uninstalled or upgraded right after this
-   * method returns. In {@link Observer#onBound}, you should verify that the server you resolved is
-   * the same one you connected to.
+   * method returns.
+   *
+   * <p>Compare with {@link #getConnectedServiceInfo()}, which can only be called after {@link
+   * Observer#onBound(IBinder)} but can be used to learn about the service you actually connected
+   * to.
    */
   @AnyThread
   ServiceInfo resolve() throws StatusException;
@@ -68,6 +71,21 @@ interface Observer {
   @AnyThread
   void bind();
 
+  /**
+   * Asks PackageManager for details about the remote Service we *actually* connected to.
+   *
+   * <p>Can only be called after {@link Observer#onBound}.
+   *
+   * <p>Compare with {@link #resolve()}, which reports which service would be selected as of now but
+   * *without* connecting.
+   *
+   * @throws StatusException UNIMPLEMENTED if the connected service isn't found (an {@link
+   *     Observer#onUnbound} callback has likely already happened or is on its way!)
+   * @throws IllegalStateException if {@link Observer#onBound} has not "happened-before" this call
+   */
+  @AnyThread
+  ServiceInfo getConnectedServiceInfo() throws StatusException;
+
   /**
    * Unbind from the remote service if connected.
    *
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index b456b60de34..00437956a51 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -119,10 +119,10 @@ public BinderClientTransport(
     Boolean preAuthServerOverride = options.getEagAttributes().get(PRE_AUTH_SERVER_OVERRIDE);
     this.preAuthorizeServer =
         preAuthServerOverride != null ? preAuthServerOverride : factory.preAuthorizeServers;
-    this.handshake = new LegacyClientHandshake();
+    this.handshake =
+        factory.useLegacyAuthStrategy ? new LegacyClientHandshake() : new V2ClientHandshake();
     numInUseStreams = new AtomicInteger();
     pingTracker = new PingTracker(Ticker.systemTicker(), (id) -> sendPing(id));
-
     serviceBinding =
         new ServiceBinding(
             factory.mainThreadExecutor,
@@ -386,6 +386,56 @@ private synchronized void handleAuthResult(Status authorization) {
     handshake.onServerAuthorizationOk();
   }
 
+  private final class V2ClientHandshake implements ClientHandshake {
+
+    private OneWayBinderProxy endpointBinder;
+
+    @Override
+    @GuardedBy("BinderClientTransport.this") // By way of @GuardedBy("this") `handshake` member.
+    public void onBound(OneWayBinderProxy endpointBinder) {
+      this.endpointBinder = endpointBinder;
+      Futures.addCallback(
+          Futures.submit(serviceBinding::getConnectedServiceInfo, offloadExecutor),
+          new FutureCallback<ServiceInfo>() {
+            @Override
+            public void onSuccess(ServiceInfo result) {
+              synchronized (BinderClientTransport.this) {
+                onConnectedServiceInfo(result);
+              }
+            }
+
+            @Override
+            public void onFailure(Throwable t) {
+              synchronized (BinderClientTransport.this) {
+                shutdownInternal(Status.fromThrowable(t), true);
+              }
+            }
+          },
+          offloadExecutor);
+    }
+
+    @GuardedBy("BinderClientTransport.this")
+    private void onConnectedServiceInfo(ServiceInfo serviceInfo) {
+      if (!inState(TransportState.SETUP)) {
+        return;
+      }
+      attributes = setSecurityAttrs(attributes, serviceInfo.applicationInfo.uid);
+      checkServerAuthorization(serviceInfo.applicationInfo.uid);
+    }
+
+    @Override
+    @GuardedBy("BinderClientTransport.this")
+    public void onServerAuthorizationOk() {
+      sendSetupTransaction(endpointBinder);
+    }
+
+    @Override
+    @GuardedBy("BinderClientTransport.this") // By way of @GuardedBy("this") `handshake` member.
+    public void handleSetupTransport() {
+      onHandshakeComplete();
+    }
+  }
+
   @GuardedBy("this")
   private void onHandshakeComplete() {
     setState(TransportState.READY);
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
index e156a6a7b92..459e064ad9b 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransportFactory.java
@@ -53,6 +53,7 @@ public final class BinderClientTransportFactory implements ClientTransportFactor
   final OneWayBinderProxy.Decorator binderDecorator;
   final long readyTimeoutMillis;
   final boolean preAuthorizeServers; // TODO(jdcormie): Default to true.
+  final boolean useLegacyAuthStrategy;
 
   ScheduledExecutorService executorService;
   Executor offloadExecutor;
@@ -73,6 +74,7 @@ private BinderClientTransportFactory(Builder builder) {
     binderDecorator = checkNotNull(builder.binderDecorator);
     readyTimeoutMillis = builder.readyTimeoutMillis;
     preAuthorizeServers = builder.preAuthorizeServers;
+    useLegacyAuthStrategy = builder.useLegacyAuthStrategy;
 
     executorService = scheduledExecutorPool.getObject();
     offloadExecutor = offloadExecutorPool.getObject();
@@ -126,6 +128,7 @@ public static final class Builder implements ClientTransportFactoryBuilder {
     OneWayBinderProxy.Decorator binderDecorator = OneWayBinderProxy.IDENTITY_DECORATOR;
     long readyTimeoutMillis = 60_000;
     boolean preAuthorizeServers;
+    boolean useLegacyAuthStrategy = true; // TODO(jdcormie): Default to false.
 
     @Override
     public BinderClientTransportFactory buildClientTransportFactory() {
@@ -219,5 +222,11 @@ public Builder setPreAuthorizeServers(boolean preAuthorizeServers) {
       this.preAuthorizeServers = preAuthorizeServers;
       return this;
     }
+
+    /** Specifies which version of the client handshake to use. */
+    public Builder setUseLegacyAuthStrategy(boolean useLegacyAuthStrategy) {
+      this.useLegacyAuthStrategy = useLegacyAuthStrategy;
+      return this;
+    }
   }
 }
diff --git a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
index 3351736108e..4b6bf7d06fb 100644
--- a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
+++ b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
@@ -102,6 +102,9 @@ public String methodName() {
 
   private State reportedState; // Only used on the main thread.
 
+  @GuardedBy("this")
+  private ComponentName connectedServiceName;
+
   @AnyThread
   ServiceBinding(
       Executor mainThreadExecutor,
@@ -305,6 +308,26 @@ private void clearReferences() {
     sourceContext = null;
   }
 
+  @AnyThread
+  @Override
+  public ServiceInfo getConnectedServiceInfo() throws StatusException {
+    try {
+      return getContextForTargetUser("cross-user v2 handshake")
+          .getPackageManager()
+          .getServiceInfo(getConnectedServiceName(), /* flags= */ 0);
+    } catch (PackageManager.NameNotFoundException e) {
+      throw Status.UNIMPLEMENTED
+          .withCause(e)
+          .withDescription("connected remote service was uninstalled/disabled during handshake")
+          .asException();
+    }
+  }
+
+  private synchronized ComponentName getConnectedServiceName() {
+    checkState(connectedServiceName != null, "onBound() not yet called!");
+    return connectedServiceName;
+  }
+
   @Override
   @MainThread
   public void onServiceConnected(ComponentName className, IBinder binder) {
@@ -312,6 +335,7 @@ public void onServiceConnected(ComponentName className, IBinder binder) {
     synchronized (this) {
       if (state == State.BINDING) {
         state = State.BOUND;
+        connectedServiceName = className;
         bound = true;
       }
     }
diff --git a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
index 6beb92c1691..737c5651131 100644
--- a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
@@ -25,6 +25,7 @@
 import static io.grpc.binder.internal.BinderTransport.SHUTDOWN_TRANSPORT;
 import static io.grpc.binder.internal.BinderTransport.WIRE_FORMAT_VERSION;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static org.junit.Assume.assumeTrue;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -99,6 +100,9 @@
 @LooperMode(Mode.INSTRUMENTATION_TEST)
 public final class RobolectricBinderTransportTest extends AbstractTransportTest {
 
+  static final int SERVER_APP_UID = 11111;
+  static final int EPHEMERAL_SERVER_UID = 22222; // UID of isolated server process.
+
   private final Application application = ApplicationProvider.getApplicationContext();
   private final ObjectPool<ScheduledExecutorService> executorServicePool =
       SharedResourcePool.forResource(GrpcUtil.TIMER_SERVICE);
@@ -111,8 +115,7 @@ public final class RobolectricBinderTransportTest extends AbstractTransportTest
 
   @Mock AsyncSecurityPolicy mockClientSecurityPolicy;
 
-  @Captor
-  ArgumentCaptor<Status> statusCaptor;
+  @Captor ArgumentCaptor<Status> statusCaptor;
 
   ApplicationInfo serverAppInfo;
   PackageInfo serverPkgInfo;
@@ -120,11 +123,19 @@ public final class RobolectricBinderTransportTest extends AbstractTransportTest
 
   private int nextServerAddress;
 
-  @Parameter public boolean preAuthServersParam;
+  @Parameter(value = 0)
+  public boolean preAuthServersParam;
+
+  @Parameter(value = 1)
+  public boolean useLegacyAuthStrategy;
 
-  @Parameters(name = "preAuthServersParam={0}")
-  public static ImmutableList<Boolean> data() {
-    return ImmutableList.of(true, false);
+  @Parameters(name = "preAuthServersParam={0};useLegacyAuthStrategy={1}")
+  public static ImmutableList<Object[]> data() {
+    return ImmutableList.of(
+        new Object[] {false, false},
+        new Object[] {false, true},
+        new Object[] {true, false},
+        new Object[] {true, true});
   }
 
   @Override
@@ -190,6 +201,7 @@ protected InternalServer newServer(
   BinderClientTransportFactory.Builder newClientTransportFactoryBuilder() {
     return new BinderClientTransportFactory.Builder()
         .setPreAuthorizeServers(preAuthServersParam)
+        .setUseLegacyAuthStrategy(useLegacyAuthStrategy)
         .setSourceContext(application)
         .setScheduledExecutorPool(executorServicePool)
         .setOffloadExecutorPool(offloadExecutorPool);
@@ -224,9 +236,9 @@ public void clientAuthorizesServerUidsInOrder() throws Exception {
     //  lets us fake value this *globally*. So the ShadowBinder#setCallingUid() here unrealistically
     //  affects the server's view of the client's uid too. For now this doesn't matter because this
     //  test never exercises server SecurityPolicy.
-    ShadowBinder.setCallingUid(11111); // UID of the server *process*.
+    ShadowBinder.setCallingUid(EPHEMERAL_SERVER_UID);
 
-    serverPkgInfo.applicationInfo.uid = 22222; // UID of the server *app*, which can be different.
+    serverPkgInfo.applicationInfo.uid = SERVER_APP_UID;
     shadowOf(application.getPackageManager()).installPackage(serverPkgInfo);
     shadowOf(application.getPackageManager()).addOrUpdateService(serviceInfo);
     server = newServer(ImmutableList.of());
@@ -244,13 +256,17 @@ public void clientAuthorizesServerUidsInOrder() throws Exception {
 
     if (preAuthServersParam) {
       AuthRequest preAuthRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_MS, MILLISECONDS);
-      assertThat(preAuthRequest.uid).isEqualTo(22222);
+      assertThat(preAuthRequest.uid).isEqualTo(SERVER_APP_UID);
       verify(mockClientTransportListener, never()).transportReady();
       preAuthRequest.setResult(Status.OK);
     }
 
     AuthRequest authRequest = securityPolicy.takeNextAuthRequest(TIMEOUT_MS, MILLISECONDS);
-    assertThat(authRequest.uid).isEqualTo(11111);
+    if (useLegacyAuthStrategy) {
+      assertThat(authRequest.uid).isEqualTo(EPHEMERAL_SERVER_UID);
+    } else {
+      assertThat(authRequest.uid).isEqualTo(SERVER_APP_UID);
+    }
     verify(mockClientTransportListener, never()).transportReady();
     authRequest.setResult(Status.OK);
 
@@ -321,6 +337,10 @@ public void clientIgnoresDuplicateSetupTransaction() throws Exception {
   @Test
   public void clientIgnoresTransactionFromNonServerUids() throws Exception {
     server.start(serverListener);
+
+    // This test is not applicable to the new auth strategy which keeps the client Binder a secret.
+    assumeTrue(useLegacyAuthStrategy);
+
     client = newClientTransport(server);
     startTransport(client, mockClientTransportListener);
 
@@ -369,7 +389,10 @@ public void clientReportsAuthzErrorToServer() throws Exception {
         .transportShutdown(statusCaptor.capture());
     assertThat(statusCaptor.getValue().getCode()).isEqualTo(Status.Code.PERMISSION_DENIED);
 
+    // Client doesn't tell the server in this case by design -- we don't even want to start it!
     TruthJUnit.assume().that(preAuthServersParam).isFalse();
+    // Similar story here. The client won't send a setup transaction to an unauthorized server.
+    TruthJUnit.assume().that(useLegacyAuthStrategy).isTrue();
 
     MockServerTransportListener serverTransportListener =
         serverListener.takeListenerOrFail(TIMEOUT_MS, MILLISECONDS);
diff --git a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
index 0acd7a75f22..0f57b6f8a30 100644
--- a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
@@ -115,6 +115,32 @@ public void testBind() throws Exception {
     assertThat(binding.isSourceContextCleared()).isFalse();
   }
 
+  @Test
+  public void testGetConnectedServiceInfo() throws Exception {
+    binding = newBuilder().setTargetComponent(serviceComponent).build();
+    binding.bind();
+    shadowOf(getMainLooper()).idle();
+
+    assertThat(observer.gotBoundEvent).isTrue();
+
+    ServiceInfo serviceInfo = binding.getConnectedServiceInfo();
+    assertThat(serviceInfo.name).isEqualTo(serviceComponent.getClassName());
+    assertThat(serviceInfo.packageName).isEqualTo(serviceComponent.getPackageName());
+  }
+
+  @Test
+  public void testGetConnectedServiceInfoThrows() throws Exception {
+    binding = newBuilder().setTargetComponent(serviceComponent).build();
+    binding.bind();
+    shadowOf(getMainLooper()).idle();
+
+    assertThat(observer.gotBoundEvent).isTrue();
+    shadowOf(appContext.getPackageManager()).removeService(serviceComponent);
+
+    StatusException se = assertThrows(StatusException.class, binding::getConnectedServiceInfo);
+    assertThat(se.getStatus().getCode()).isEqualTo(Code.UNIMPLEMENTED);
+  }
+
   @Test
   public void testBindingIntent() throws Exception {
     shadowApplication.setComponentNameAndServiceForBindService(null, null);
@@ -389,6 +415,7 @@ public void testBindWithDeviceAdmin() throws Exception {
     binding =
         newBuilder()
             .setTargetUserHandle(user0)
+            .setTargetComponent(serviceComponent)
             .setChannelCredentials(BinderChannelCredentials.forDevicePolicyAdmin(adminComponent))
             .build();
     shadowOf(getMainLooper()).idle();
@@ -401,6 +428,10 @@ public void testBindWithDeviceAdmin() throws Exception {
     assertThat(observer.binder).isSameInstanceAs(mockBinder);
     assertThat(observer.gotUnboundEvent).isFalse();
     assertThat(binding.isSourceContextCleared()).isFalse();
+
+    ServiceInfo serviceInfo = binding.getConnectedServiceInfo();
+    assertThat(serviceInfo.name).isEqualTo(serviceComponent.getClassName());
+    assertThat(serviceInfo.packageName).isEqualTo(serviceComponent.getPackageName());
   }
 
   private void assertNoLockHeld() {

From 1ef5ee25905b540a64424d36ea735ac431e117fa Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 3 Nov 2025 13:12:50 -0800
Subject: [PATCH 437/591] core: Fix NPE during address update with Happy
 Eyeballs

Fixes #12168
---
 .../internal/PickFirstLeafLoadBalancer.java   |  8 +++-
 .../PickFirstLeafLoadBalancerTest.java        | 39 +++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
index ebe329ca591..2689d7d2308 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
@@ -137,9 +137,13 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     final ImmutableList<EquivalentAddressGroup> newImmutableAddressGroups =
         ImmutableList.<EquivalentAddressGroup>builder().addAll(cleanServers).build();
 
-    if (rawConnectivityState == READY || rawConnectivityState == CONNECTING) {
+    if (rawConnectivityState == READY
+        || (rawConnectivityState == CONNECTING
+          && (!enableHappyEyeballs || addressIndex.isValid()))) {
       // If the previous ready (or connecting) subchannel exists in new address list,
-      // keep this connection and don't create new subchannels
+      // keep this connection and don't create new subchannels. Happy Eyeballs is excluded when
+      // connecting, because it allows multiple attempts simultaneously, thus is fine to start at
+      // the beginning.
       SocketAddress previousAddress = addressIndex.getCurrentAddress();
       addressIndex.updateGroups(newImmutableAddressGroups);
       if (addressIndex.seekTo(previousAddress)) {
diff --git a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
index 0e902bfdd56..8b09fce2aa2 100644
--- a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
+++ b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
@@ -1872,6 +1872,45 @@ public void updateAddresses_identical_transient_failure() {
     assertEquals(PickResult.withSubchannel(mockSubchannel1), picker.pickSubchannel(mockArgs));
   }
 
+  @Test
+  public void updateAddresses_identicalSingleAddress_connecting() {
+    // Creating first set of endpoints/addresses
+    List<EquivalentAddressGroup> oldServers = Lists.newArrayList(servers.get(0));
+
+    // Accept Addresses and verify proper connection flow
+    assertEquals(IDLE, loadBalancer.getConcludedConnectivityState());
+    loadBalancer.acceptResolvedAddresses(
+        ResolvedAddresses.newBuilder().setAddresses(oldServers).setAttributes(affinity).build());
+    verify(mockSubchannel1).start(stateListenerCaptor.capture());
+    SubchannelStateListener stateListener = stateListenerCaptor.getValue();
+    assertEquals(CONNECTING, loadBalancer.getConcludedConnectivityState());
+
+    // First connection attempt is successful
+    stateListener.onSubchannelState(ConnectivityStateInfo.forNonError(CONNECTING));
+    assertEquals(CONNECTING, loadBalancer.getConcludedConnectivityState());
+    fakeClock.forwardTime(CONNECTION_DELAY_INTERVAL_MS, TimeUnit.MILLISECONDS);
+
+    // verify that picker returns no subchannel
+    verify(mockHelper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
+    SubchannelPicker picker = pickerCaptor.getValue();
+    assertEquals(PickResult.withNoResult(), picker.pickSubchannel(mockArgs));
+
+    // Accept same resolved addresses to update
+    reset(mockHelper);
+    loadBalancer.acceptResolvedAddresses(
+        ResolvedAddresses.newBuilder().setAddresses(oldServers).setAttributes(affinity).build());
+    fakeClock.forwardTime(CONNECTION_DELAY_INTERVAL_MS, TimeUnit.MILLISECONDS);
+
+    // Verify that no new subchannels were created or started
+    verify(mockSubchannel2, never()).start(any());
+    assertEquals(CONNECTING, loadBalancer.getConcludedConnectivityState());
+
+    // verify that picker hasn't changed via checking mock helper's interactions
+    verify(mockHelper, atLeast(0)).getSynchronizationContext();  // Don't care
+    verify(mockHelper, atLeast(0)).getScheduledExecutorService();
+    verifyNoMoreInteractions(mockHelper);
+  }
+
   @Test
   public void twoAddressesSeriallyConnect() {
     // Starting first connection attempt

From 236077138220ce125861e4d014a6d7d92dfb5d71 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 4 Nov 2025 12:44:13 -0800
Subject: [PATCH 438/591] binder: Hold lock when calling setOutgoingBinder()

setOutgoingBinder() has `@GuardedBy` for the transport.

```
binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java:71: error: [GuardedBy] This access should be guarded by 'transport', which is not currently held
    transport.setOutgoingBinder(
             ^
```
---
 .../java/io/grpc/binder/internal/BinderServerTransport.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
index a57f89e72ac..b8ab5e9f843 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderServerTransport.java
@@ -68,8 +68,10 @@ public static BinderServerTransport create(
     // TODO(jdcormie): Plumb in the Server's executor() and use it here instead.
     // No need to handle failure here because if 'callbackBinder' is already dead, we'll notice it
     // again in start() when we send the first transaction.
-    transport.setOutgoingBinder(
-        OneWayBinderProxy.wrap(callbackBinder, transport.getScheduledExecutorService()));
+    synchronized (transport) {
+      transport.setOutgoingBinder(
+          OneWayBinderProxy.wrap(callbackBinder, transport.getScheduledExecutorService()));
+    }
     return transport;
   }
 

From a76ab792121d6aecc70351d35ba4047220322aac Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 4 Nov 2025 14:18:23 -0800
Subject: [PATCH 439/591] interop-testing: timeoutOnSleepingServer should fail
 on exception

This is ancient code, but our API should not throw IllegalStateException
in the case of races. This essentially reverts 0958fd407. The stream
code has changed a lot since this code was introduced, but at the very
least the replacement of AbstractStream that culminated in b661ac7d7
means the bug is almost certainly gone.

I ran Http2Test 1000 times and there were no failures.
---
 .../grpc/testing/integration/AbstractInteropTest.java  | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index 843019433aa..f5cd111a5b1 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -1625,7 +1625,6 @@ public void unimplementedService() {
   }
 
   /** Start a fullDuplexCall which the server will not respond, and verify the deadline expires. */
-  @SuppressWarnings("MissingFail")
   @Test
   public void timeoutOnSleepingServer() throws Exception {
     TestServiceGrpc.TestServiceStub stub =
@@ -1635,15 +1634,10 @@ public void timeoutOnSleepingServer() throws Exception {
     StreamObserver<StreamingOutputCallRequest> requestObserver
         = stub.fullDuplexCall(responseObserver);
 
-    StreamingOutputCallRequest request = StreamingOutputCallRequest.newBuilder()
+    requestObserver.onNext(StreamingOutputCallRequest.newBuilder()
         .setPayload(Payload.newBuilder()
             .setBody(ByteString.copyFrom(new byte[27182])))
-        .build();
-    try {
-      requestObserver.onNext(request);
-    } catch (IllegalStateException expected) {
-      // This can happen if the stream has already been terminated due to deadline exceeded.
-    }
+        .build());
 
     assertTrue(responseObserver.awaitCompletion(operationTimeoutMillis(), TimeUnit.MILLISECONDS));
     assertEquals(0, responseObserver.getValues().size());

From 7eab160b70cf9da0ea32647f7c51e485af6b6fc6 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 5 Nov 2025 07:19:24 -0800
Subject: [PATCH 440/591] Revert "core: Report marshaller error for
 uncompressed size too large back to the client "

This reverts commit a40d549ced82becbb12ca6f6b0e007cd430555a6.

A user has noticed it caused test failures. cl/828098798

```
java.lang.AssertionError: Failed executing read operation
	at io.grpc.internal.CompositeReadableBuffer.execute(CompositeReadableBuffer.java:328)
	at io.grpc.internal.CompositeReadableBuffer.executeNoThrow(CompositeReadableBuffer.java:336)
	at io.grpc.internal.CompositeReadableBuffer.readBytes(CompositeReadableBuffer.java:151)
	at io.grpc.internal.ReadableBuffers$BufferInputStream.read(ReadableBuffers.java:377)
	at io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller.parse(ProtoLiteUtils.java:205)
	at io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller.parse(ProtoLiteUtils.java:133)
	at io.grpc.MethodDescriptor.parseRequest(MethodDescriptor.java:307)
	at io.grpc.ServerInterceptors$2$2.onMessage(ServerInterceptors.java:324)
```
---
 .../java/io/grpc/internal/ServerCallImpl.java | 16 +++-----
 .../io/grpc/internal/ServerCallImplTest.java  | 41 -------------------
 .../integration/AbstractInteropTest.java      |  2 +-
 .../integration/TransportCompressionTest.java | 29 +------------
 4 files changed, 8 insertions(+), 80 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ServerCallImpl.java b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
index 22d5912050a..e224384ce8f 100644
--- a/core/src/main/java/io/grpc/internal/ServerCallImpl.java
+++ b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
@@ -327,20 +327,16 @@ private void messagesAvailableInternal(final MessageProducer producer) {
         return;
       }
 
+      InputStream message;
       try {
-        InputStream message;
         while ((message = producer.next()) != null) {
-          ReqT parsedMessage;
-          try (InputStream ignored = message) {
-            parsedMessage = call.method.parseRequest(message);
-          } catch (StatusRuntimeException e) {
+          try {
+            listener.onMessage(call.method.parseRequest(message));
+          } catch (Throwable t) {
             GrpcUtil.closeQuietly(message);
-            GrpcUtil.closeQuietly(producer);
-            call.cancelled = true;
-            call.close(e.getStatus(), new Metadata());
-            return;
+            throw t;
           }
-          listener.onMessage(parsedMessage);
+          message.close();
         }
       } catch (Throwable t) {
         GrpcUtil.closeQuietly(producer);
diff --git a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
index abe8fb0ee56..7394c83eab2 100644
--- a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
@@ -48,11 +48,9 @@
 import io.grpc.SecurityLevel;
 import io.grpc.ServerCall;
 import io.grpc.Status;
-import io.grpc.StatusRuntimeException;
 import io.grpc.internal.ServerCallImpl.ServerStreamListenerImpl;
 import io.perfmark.PerfMark;
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import org.junit.Before;
@@ -71,8 +69,6 @@ public class ServerCallImplTest {
 
   @Mock private ServerStream stream;
   @Mock private ServerCall.Listener<Long> callListener;
-  @Mock private StreamListener.MessageProducer messageProducer;
-  @Mock private InputStream message;
 
   private final CallTracer serverCallTracer = CallTracer.getDefaultFactory().create();
   private ServerCallImpl<Long, Long> call;
@@ -497,43 +493,6 @@ public void streamListener_unexpectedRuntimeException() {
     assertThat(e).hasMessageThat().isEqualTo("unexpected exception");
   }
 
-  @Test
-  public void streamListener_statusRuntimeException() throws IOException {
-    MethodDescriptor<Long, Long> failingParseMethod = MethodDescriptor.<Long, Long>newBuilder()
-        .setType(MethodType.UNARY)
-        .setFullMethodName("service/method")
-        .setRequestMarshaller(new LongMarshaller() {
-            @Override
-            public Long parse(InputStream stream) {
-              throw new StatusRuntimeException(Status.RESOURCE_EXHAUSTED
-                  .withDescription("Decompressed gRPC message exceeds maximum size"));
-            }
-        })
-        .setResponseMarshaller(new LongMarshaller())
-        .build();
-
-    call =  new ServerCallImpl<>(stream, failingParseMethod, requestHeaders, context,
-            DecompressorRegistry.getDefaultInstance(), CompressorRegistry.getDefaultInstance(),
-            serverCallTracer, PerfMark.createTag());
-
-    ServerStreamListenerImpl<Long> streamListener =
-            new ServerCallImpl.ServerStreamListenerImpl<>(call, callListener, context);
-
-    when(messageProducer.next()).thenReturn(message, (InputStream) null);
-    streamListener.messagesAvailable(messageProducer);
-    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
-    ArgumentCaptor<Metadata> metadataCaptor = ArgumentCaptor.forClass(Metadata.class);
-
-    verify(stream).close(statusCaptor.capture(), metadataCaptor.capture());
-    Status status = statusCaptor.getValue();
-    assertEquals(Status.RESOURCE_EXHAUSTED.getCode(), status.getCode());
-    assertEquals("Decompressed gRPC message exceeds maximum size", status.getDescription());
-
-    streamListener.halfClosed();
-    verify(callListener, never()).onHalfClose();
-    verify(callListener, never()).onMessage(any());
-  }
-
   private static class LongMarshaller implements Marshaller<Long> {
     @Override
     public InputStream stream(Long value) {
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index f5cd111a5b1..51295281a90 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -2024,7 +2024,7 @@ private void assertPayload(Payload expected, Payload actual) {
     }
   }
 
-  protected static void assertCodeEquals(Status.Code expected, Status actual) {
+  private static void assertCodeEquals(Status.Code expected, Status actual) {
     assertWithMessage("Unexpected status: %s", actual).that(actual.getCode()).isEqualTo(expected);
   }
 
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
index 33cd624aebb..b9692383254 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
@@ -17,7 +17,6 @@
 package io.grpc.testing.integration;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
 import com.google.protobuf.ByteString;
@@ -38,8 +37,6 @@
 import io.grpc.ServerCall.Listener;
 import io.grpc.ServerCallHandler;
 import io.grpc.ServerInterceptor;
-import io.grpc.Status.Code;
-import io.grpc.StatusRuntimeException;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.netty.InternalNettyChannelBuilder;
 import io.grpc.netty.InternalNettyServerBuilder;
@@ -56,9 +53,7 @@
 import java.io.OutputStream;
 import org.junit.Before;
 import org.junit.BeforeClass;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -89,16 +84,10 @@ public static void registerCompressors() {
     compressors.register(Codec.Identity.NONE);
   }
 
-  @Rule
-  public final TestName currentTest = new TestName();
-
   @Override
   protected ServerBuilder<?> getServerBuilder() {
     NettyServerBuilder builder = NettyServerBuilder.forPort(0, InsecureServerCredentials.create())
-        .maxInboundMessageSize(
-            DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME.equals(currentTest.getMethodName())
-                ? 1000
-                : AbstractInteropTest.MAX_MESSAGE_SIZE)
+        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
         .compressorRegistry(compressors)
         .decompressorRegistry(decompressors)
         .intercept(new ServerInterceptor() {
@@ -137,22 +126,6 @@ public void compresses() {
     assertTrue(FZIPPER.anyWritten);
   }
 
-  private static final String DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME =
-      "decompressedMessageTooLong";
-
-  @Test
-  public void decompressedMessageTooLong() {
-    assertEquals(DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME, currentTest.getMethodName());
-    final SimpleRequest bigRequest = SimpleRequest.newBuilder()
-        .setPayload(Payload.newBuilder().setBody(ByteString.copyFrom(new byte[10_000])))
-        .build();
-    StatusRuntimeException e = assertThrows(StatusRuntimeException.class,
-        () -> blockingStub.withCompression("gzip").unaryCall(bigRequest));
-    assertCodeEquals(Code.RESOURCE_EXHAUSTED, e.getStatus());
-    assertEquals("Decompressed gRPC message exceeds maximum size 1000",
-        e.getStatus().getDescription());
-  }
-
   @Override
   protected NettyChannelBuilder createChannelBuilder() {
     NettyChannelBuilder builder = NettyChannelBuilder.forAddress(getListenAddress())

From 48a42889d5f8c9aca019d2cfe64400ff28a1a271 Mon Sep 17 00:00:00 2001
From: Zgoda91 <dzgoda@google.com>
Date: Wed, 5 Nov 2025 21:37:54 +0000
Subject: [PATCH 441/591] util: Add A68 random subsetting LB

implementing [gRFC A68](https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md)

This change contains:
1. Usage of `murmur3_128` hashing algorithm from Guava library.
2. Implementation of `RandomSubsettingLoadBalancer` and
`RandomSubsettingLoadBalancerProvider` classes and integration into the
`util` project.

Since envoy extensions does not support `random_subsetting` LB policy
yet, xDS related changes will be introduced later. Envoy PR
[here](https://github.com/envoyproxy/envoy/pull/41758).
---
 .../io/grpc/LoadBalancerRegistryTest.java     |   8 +-
 util/build.gradle                             |   1 +
 .../grpc/util/GracefulSwitchLoadBalancer.java |   4 +-
 .../util/RandomSubsettingLoadBalancer.java    | 161 +++++++++
 .../RandomSubsettingLoadBalancerProvider.java |  86 +++++
 .../services/io.grpc.LoadBalancerProvider     |   1 +
 ...domSubsettingLoadBalancerProviderTest.java | 135 +++++++
 .../RandomSubsettingLoadBalancerTest.java     | 330 ++++++++++++++++++
 8 files changed, 723 insertions(+), 3 deletions(-)
 create mode 100644 util/src/main/java/io/grpc/util/RandomSubsettingLoadBalancer.java
 create mode 100644 util/src/main/java/io/grpc/util/RandomSubsettingLoadBalancerProvider.java
 create mode 100644 util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerProviderTest.java
 create mode 100644 util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerTest.java

diff --git a/api/src/test/java/io/grpc/LoadBalancerRegistryTest.java b/api/src/test/java/io/grpc/LoadBalancerRegistryTest.java
index 5b348b7adab..690db6622e0 100644
--- a/api/src/test/java/io/grpc/LoadBalancerRegistryTest.java
+++ b/api/src/test/java/io/grpc/LoadBalancerRegistryTest.java
@@ -40,7 +40,7 @@ public void getClassesViaHardcoded_classesPresent() throws Exception {
   @Test
   public void stockProviders() {
     LoadBalancerRegistry defaultRegistry = LoadBalancerRegistry.getDefaultRegistry();
-    assertThat(defaultRegistry.providers()).hasSize(3);
+    assertThat(defaultRegistry.providers()).hasSize(4);
 
     LoadBalancerProvider pickFirst = defaultRegistry.getProvider("pick_first");
     assertThat(pickFirst).isInstanceOf(PickFirstLoadBalancerProvider.class);
@@ -56,6 +56,12 @@ public void stockProviders() {
     assertThat(outlierDetection.getClass().getName()).isEqualTo(
         "io.grpc.util.OutlierDetectionLoadBalancerProvider");
     assertThat(roundRobin.getPriority()).isEqualTo(5);
+
+    LoadBalancerProvider randomSubsetting = defaultRegistry.getProvider(
+        "random_subsetting_experimental");
+    assertThat(randomSubsetting.getClass().getName()).isEqualTo(
+        "io.grpc.util.RandomSubsettingLoadBalancerProvider");
+    assertThat(randomSubsetting.getPriority()).isEqualTo(5);
   }
 
   @Test
diff --git a/util/build.gradle b/util/build.gradle
index 6fbd6925c00..846b110b106 100644
--- a/util/build.gradle
+++ b/util/build.gradle
@@ -58,6 +58,7 @@ animalsniffer {
 tasks.named("javadoc").configure {
     exclude 'io/grpc/util/MultiChildLoadBalancer.java'
     exclude 'io/grpc/util/OutlierDetectionLoadBalancer*'
+    exclude 'io/grpc/util/RandomSubsettingLoadBalancer*'
     exclude 'io/grpc/util/RoundRobinLoadBalancer*'
 }
 
diff --git a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
index 1dc4fb6750a..dc296a7293e 100644
--- a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
@@ -207,14 +207,14 @@ public static ConfigOrError parseLoadBalancingPolicyConfig(
         ServiceConfigUtil.unwrapLoadBalancingConfigList(loadBalancingConfigs);
     if (childConfigCandidates == null || childConfigCandidates.isEmpty()) {
       return ConfigOrError.fromError(
-          Status.INTERNAL.withDescription("No child LB config specified"));
+          Status.UNAVAILABLE.withDescription("No child LB config specified"));
     }
     ConfigOrError selectedConfig =
         ServiceConfigUtil.selectLbPolicyFromList(childConfigCandidates, lbRegistry);
     if (selectedConfig.getError() != null) {
       Status error = selectedConfig.getError();
       return ConfigOrError.fromError(
-          Status.INTERNAL
+          Status.UNAVAILABLE
               .withCause(error.getCause())
               .withDescription(error.getDescription())
               .augmentDescription("Failed to select child config"));
diff --git a/util/src/main/java/io/grpc/util/RandomSubsettingLoadBalancer.java b/util/src/main/java/io/grpc/util/RandomSubsettingLoadBalancer.java
new file mode 100644
index 00000000000..ad4de9e8921
--- /dev/null
+++ b/util/src/main/java/io/grpc/util/RandomSubsettingLoadBalancer.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.util;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.hash.HashCode;
+import com.google.common.hash.HashFunction;
+import com.google.common.hash.Hashing;
+import com.google.common.primitives.Ints;
+import io.grpc.EquivalentAddressGroup;
+import io.grpc.LoadBalancer;
+import io.grpc.Status;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Random;
+
+
+/**
+ * Wraps a child {@code LoadBalancer}, separating the total set of backends into smaller subsets for
+ * the child balancer to balance across.
+ *
+ * <p>This implements random subsetting gRFC:
+ * https://https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md
+ */
+final class RandomSubsettingLoadBalancer extends LoadBalancer {
+  private final GracefulSwitchLoadBalancer switchLb;
+  private final HashFunction hashFunc;
+
+  public RandomSubsettingLoadBalancer(Helper helper) {
+    this(helper, new Random().nextInt());
+  }
+
+  @VisibleForTesting
+  RandomSubsettingLoadBalancer(Helper helper, int seed) {
+    switchLb = new GracefulSwitchLoadBalancer(checkNotNull(helper, "helper"));
+    hashFunc = Hashing.murmur3_128(seed);
+  }
+
+  @Override
+  public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+    RandomSubsettingLoadBalancerConfig config =
+        (RandomSubsettingLoadBalancerConfig)
+            resolvedAddresses.getLoadBalancingPolicyConfig();
+
+    ResolvedAddresses subsetAddresses = filterEndpoints(resolvedAddresses, config.subsetSize);
+
+    return switchLb.acceptResolvedAddresses(
+        subsetAddresses.toBuilder()
+            .setLoadBalancingPolicyConfig(config.childConfig)
+            .build());
+  }
+
+  // implements the subsetting algorithm, as described in A68:
+  // https://github.com/grpc/proposal/pull/423
+  private ResolvedAddresses filterEndpoints(ResolvedAddresses resolvedAddresses, int subsetSize) {
+    if (subsetSize >= resolvedAddresses.getAddresses().size()) {
+      return resolvedAddresses;
+    }
+
+    ArrayList<EndpointWithHash> endpointWithHashList =
+        new ArrayList<>(resolvedAddresses.getAddresses().size());
+
+    for (EquivalentAddressGroup addressGroup : resolvedAddresses.getAddresses()) {
+      HashCode hashCode = hashFunc.hashString(
+          addressGroup.getAddresses().get(0).toString(),
+          StandardCharsets.UTF_8);
+      endpointWithHashList.add(new EndpointWithHash(addressGroup, hashCode.asLong()));
+    }
+
+    Collections.sort(endpointWithHashList, new HashAddressComparator());
+
+    ArrayList<EquivalentAddressGroup> addressGroups = new ArrayList<>(subsetSize);
+
+    for (int idx = 0; idx < subsetSize; ++idx) {
+      addressGroups.add(endpointWithHashList.get(idx).addressGroup);
+    }
+
+    return resolvedAddresses.toBuilder().setAddresses(addressGroups).build();
+  }
+
+  @Override
+  public void handleNameResolutionError(Status error) {
+    switchLb.handleNameResolutionError(error);
+  }
+
+  @Override
+  public void shutdown() {
+    switchLb.shutdown();
+  }
+
+  private static final class EndpointWithHash {
+    public final EquivalentAddressGroup addressGroup;
+    public final long hashCode;
+
+    public EndpointWithHash(EquivalentAddressGroup addressGroup, long hashCode) {
+      this.addressGroup = addressGroup;
+      this.hashCode = hashCode;
+    }
+  }
+
+  private static final class HashAddressComparator implements Comparator<EndpointWithHash> {
+    @Override
+    public int compare(EndpointWithHash lhs, EndpointWithHash rhs) {
+      return Long.compare(lhs.hashCode, rhs.hashCode);
+    }
+  }
+
+  public static final class RandomSubsettingLoadBalancerConfig {
+    public final int subsetSize;
+    public final Object childConfig;
+
+    private RandomSubsettingLoadBalancerConfig(int subsetSize, Object childConfig) {
+      this.subsetSize = subsetSize;
+      this.childConfig = childConfig;
+    }
+
+    public static class Builder {
+      int subsetSize;
+      Object childConfig;
+
+      public Builder setSubsetSize(long subsetSize) {
+        checkArgument(subsetSize > 0L, "Subset size must be greater than 0");
+        // clamping subset size to Integer.MAX_VALUE due to collection indexing limitations in JVM
+        this.subsetSize = Ints.saturatedCast(subsetSize);
+        return this;
+      }
+
+      public Builder setChildConfig(Object childConfig) {
+        this.childConfig = checkNotNull(childConfig, "childConfig");
+        return this;
+      }
+
+      public RandomSubsettingLoadBalancerConfig build() {
+        checkState(subsetSize != 0L, "Subset size must be set before building the config");
+        return new RandomSubsettingLoadBalancerConfig(
+            subsetSize,
+            checkNotNull(childConfig, "childConfig"));
+      }
+    }
+  }
+}
diff --git a/util/src/main/java/io/grpc/util/RandomSubsettingLoadBalancerProvider.java b/util/src/main/java/io/grpc/util/RandomSubsettingLoadBalancerProvider.java
new file mode 100644
index 00000000000..edcbf48a201
--- /dev/null
+++ b/util/src/main/java/io/grpc/util/RandomSubsettingLoadBalancerProvider.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.util;
+
+import io.grpc.Internal;
+import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancerProvider;
+import io.grpc.NameResolver.ConfigOrError;
+import io.grpc.Status;
+import io.grpc.internal.JsonUtil;
+import java.util.Map;
+
+@Internal
+public final class RandomSubsettingLoadBalancerProvider extends LoadBalancerProvider {
+  private static final String POLICY_NAME = "random_subsetting_experimental";
+
+  @Override
+  public LoadBalancer newLoadBalancer(LoadBalancer.Helper helper) {
+    return new RandomSubsettingLoadBalancer(helper);
+  }
+
+  @Override
+  public boolean isAvailable() {
+    return true;
+  }
+
+  @Override
+  public int getPriority() {
+    return 5;
+  }
+
+  @Override
+  public String getPolicyName() {
+    return POLICY_NAME;
+  }
+
+  @Override
+  public ConfigOrError parseLoadBalancingPolicyConfig(Map<String, ?> rawConfig) {
+    try {
+      return parseLoadBalancingPolicyConfigInternal(rawConfig);
+    } catch (RuntimeException e) {
+      return ConfigOrError.fromError(
+          Status.UNAVAILABLE
+              .withCause(e)
+              .withDescription("Failed parsing configuration for " + getPolicyName()));
+    }
+  }
+
+  private ConfigOrError parseLoadBalancingPolicyConfigInternal(Map<String, ?> rawConfig) {
+    Long subsetSize = JsonUtil.getNumberAsLong(rawConfig, "subsetSize");
+    if (subsetSize == null) {
+      return ConfigOrError.fromError(
+          Status.UNAVAILABLE.withDescription(
+              "Subset size missing in " + getPolicyName() + ", LB policy config=" + rawConfig));
+    }
+
+    ConfigOrError childConfig = GracefulSwitchLoadBalancer.parseLoadBalancingPolicyConfig(
+        JsonUtil.getListOfObjects(rawConfig, "childPolicy"));
+    if (childConfig.getError() != null) {
+      return ConfigOrError.fromError(Status.UNAVAILABLE
+          .withDescription(
+              "Failed to parse child in " + getPolicyName() + ", LB policy config=" + rawConfig)
+          .withCause(childConfig.getError().asRuntimeException()));
+    }
+
+    return ConfigOrError.fromConfig(
+        new RandomSubsettingLoadBalancer.RandomSubsettingLoadBalancerConfig.Builder()
+            .setSubsetSize(subsetSize)
+            .setChildConfig(childConfig.getConfig())
+            .build());
+  }
+}
diff --git a/util/src/main/resources/META-INF/services/io.grpc.LoadBalancerProvider b/util/src/main/resources/META-INF/services/io.grpc.LoadBalancerProvider
index 1fdd69cb00b..d973a6f6728 100644
--- a/util/src/main/resources/META-INF/services/io.grpc.LoadBalancerProvider
+++ b/util/src/main/resources/META-INF/services/io.grpc.LoadBalancerProvider
@@ -1,2 +1,3 @@
 io.grpc.util.SecretRoundRobinLoadBalancerProvider$Provider
 io.grpc.util.OutlierDetectionLoadBalancerProvider
+io.grpc.util.RandomSubsettingLoadBalancerProvider
diff --git a/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerProviderTest.java b/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerProviderTest.java
new file mode 100644
index 00000000000..18a0766d4b2
--- /dev/null
+++ b/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerProviderTest.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.util;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+
+import io.grpc.InternalServiceProviders;
+import io.grpc.LoadBalancer.Helper;
+import io.grpc.LoadBalancerProvider;
+import io.grpc.NameResolver.ConfigOrError;
+import io.grpc.Status;
+import io.grpc.internal.JsonParser;
+import io.grpc.util.RandomSubsettingLoadBalancer.RandomSubsettingLoadBalancerConfig;
+import java.io.IOException;
+import java.util.Map;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class RandomSubsettingLoadBalancerProviderTest {
+  private final RandomSubsettingLoadBalancerProvider provider =
+      new RandomSubsettingLoadBalancerProvider();
+
+  @Test
+  public void registered() {
+    for (LoadBalancerProvider current :
+        InternalServiceProviders.getCandidatesViaServiceLoader(
+            LoadBalancerProvider.class, getClass().getClassLoader())) {
+      if (current instanceof RandomSubsettingLoadBalancerProvider) {
+        return;
+      }
+    }
+    fail("RandomSubsettingLoadBalancerProvider not registered");
+  }
+
+  @Test
+  public void providesLoadBalancer() {
+    Helper helper = mock(Helper.class);
+    assertThat(provider.newLoadBalancer(helper))
+        .isInstanceOf(RandomSubsettingLoadBalancer.class);
+  }
+
+  @Test
+  public void parseConfigRequiresSubsetSize() throws IOException {
+    String emptyConfig = "{}";
+
+    ConfigOrError configOrError =
+        provider.parseLoadBalancingPolicyConfig(parseJsonObject(emptyConfig));
+    assertThat(configOrError.getError()).isNotNull();
+    assertThat(configOrError.getError().toString())
+        .isEqualTo(
+            Status.UNAVAILABLE
+                .withDescription(
+                    "Subset size missing in random_subsetting_experimental, LB policy config={}")
+                .toString());
+  }
+
+  @Test
+  public void parseConfigReturnsErrorWhenChildPolicyMissing() throws IOException {
+    String missingChildPolicyConfig = "{\"subsetSize\": 3}";
+
+    ConfigOrError configOrError =
+        provider.parseLoadBalancingPolicyConfig(parseJsonObject(missingChildPolicyConfig));
+    assertThat(configOrError.getError()).isNotNull();
+
+    Status error = configOrError.getError();
+    assertThat(error.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(error.getDescription()).isEqualTo(
+        "Failed to parse child in random_subsetting_experimental"
+        + ", LB policy config={subsetSize=3.0}");
+    assertThat(error.getCause().getMessage()).isEqualTo(
+        "UNAVAILABLE: No child LB config specified");
+  }
+
+  @Test
+  public void parseConfigReturnsErrorWhenChildPolicyInvalid() throws IOException {
+    String invalidChildPolicyConfig =
+        "{"
+            + "\"subsetSize\": 3, "
+            + "\"childPolicy\" : [{\"random_policy\" : {}}]"
+            + "}";
+
+    ConfigOrError configOrError =
+        provider.parseLoadBalancingPolicyConfig(parseJsonObject(invalidChildPolicyConfig));
+    assertThat(configOrError.getError()).isNotNull();
+
+    Status error = configOrError.getError();
+    assertThat(error.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(error.getDescription()).isEqualTo(
+        "Failed to parse child in random_subsetting_experimental, LB policy config="
+        + "{subsetSize=3.0, childPolicy=[{random_policy={}}]}");
+    assertThat(error.getCause().getMessage()).contains(
+        "UNAVAILABLE: None of [random_policy] specified by Service Config are available.");
+  }
+
+  @Test
+  public void parseValidConfig() throws IOException {
+    String validConfig =
+        "{"
+            + "\"subsetSize\": 3, "
+            + "\"childPolicy\" : [{\"round_robin\" : {}}]"
+            + "}";
+    ConfigOrError configOrError =
+        provider.parseLoadBalancingPolicyConfig(parseJsonObject(validConfig));
+    assertThat(configOrError.getConfig()).isNotNull();
+
+    RandomSubsettingLoadBalancerConfig actualConfig =
+        (RandomSubsettingLoadBalancerConfig) configOrError.getConfig();
+    assertThat(GracefulSwitchLoadBalancerAccessor.getChildProvider(
+        actualConfig.childConfig).getPolicyName()).isEqualTo("round_robin");
+    assertThat(actualConfig.subsetSize).isEqualTo(3);
+  }
+
+  @SuppressWarnings("unchecked")
+  private static Map<String, ?> parseJsonObject(String json) throws IOException {
+    return (Map<String, ?>) JsonParser.parse(json);
+  }
+}
diff --git a/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerTest.java b/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerTest.java
new file mode 100644
index 00000000000..91dde6ba19d
--- /dev/null
+++ b/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerTest.java
@@ -0,0 +1,330 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.util;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import io.grpc.ConnectivityState;
+import io.grpc.ConnectivityStateInfo;
+import io.grpc.EquivalentAddressGroup;
+import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancer.CreateSubchannelArgs;
+import io.grpc.LoadBalancer.ResolvedAddresses;
+import io.grpc.LoadBalancer.Subchannel;
+import io.grpc.LoadBalancer.SubchannelStateListener;
+import io.grpc.LoadBalancerProvider;
+import io.grpc.Status;
+import io.grpc.internal.TestUtils;
+import io.grpc.util.RandomSubsettingLoadBalancer.RandomSubsettingLoadBalancerConfig;
+import java.net.SocketAddress;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
+import org.mockito.Mock;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+import org.mockito.stubbing.Answer;
+
+public class RandomSubsettingLoadBalancerTest {
+  @Rule
+  public final MockitoRule mockitoRule = MockitoJUnit.rule();
+
+  @Mock
+  private LoadBalancer.Helper mockHelper;
+  @Mock
+  private LoadBalancer mockChildLb;
+  @Mock
+  private SocketAddress mockSocketAddress;
+
+  @Captor
+  private ArgumentCaptor<ResolvedAddresses> resolvedAddrCaptor;
+
+  private BackendDetails backendDetails;
+
+  private RandomSubsettingLoadBalancer loadBalancer;
+
+  private final LoadBalancerProvider mockChildLbProvider =
+      new TestUtils.StandardLoadBalancerProvider("foo_policy") {
+        @Override
+        public LoadBalancer newLoadBalancer(LoadBalancer.Helper helper) {
+          return mockChildLb;
+        }
+      };
+
+  private final LoadBalancerProvider roundRobinLbProvider =
+      new TestUtils.StandardLoadBalancerProvider("round_robin") {
+        @Override
+        public LoadBalancer newLoadBalancer(LoadBalancer.Helper helper) {
+          return new RoundRobinLoadBalancer(helper);
+        }
+      };
+
+  private Object newChildConfig(LoadBalancerProvider provider, Object config) {
+    return GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(provider, config);
+  }
+
+  private RandomSubsettingLoadBalancerConfig createRandomSubsettingLbConfig(
+      int subsetSize, LoadBalancerProvider childLbProvider, Object childConfig) {
+    return new RandomSubsettingLoadBalancer.RandomSubsettingLoadBalancerConfig.Builder()
+            .setSubsetSize(subsetSize)
+            .setChildConfig(newChildConfig(childLbProvider, childConfig))
+            .build();
+  }
+
+  private BackendDetails setupBackends(int backendCount) {
+    List<EquivalentAddressGroup> servers = Lists.newArrayList();
+    Map<List<EquivalentAddressGroup>, Subchannel> subchannels = Maps.newLinkedHashMap();
+
+    for (int i = 0; i < backendCount; i++) {
+      SocketAddress addr = new FakeSocketAddress("server" + i);
+      EquivalentAddressGroup addressGroup = new EquivalentAddressGroup(addr);
+      servers.add(addressGroup);
+      Subchannel subchannel = mock(Subchannel.class);
+      subchannels.put(Arrays.asList(addressGroup), subchannel);
+    }
+
+    return new BackendDetails(servers, subchannels);
+  }
+
+  @Before
+  public void setUp() {
+    int seed = 0;
+    loadBalancer = new RandomSubsettingLoadBalancer(mockHelper, seed);
+
+    int backendSize = 5;
+    backendDetails = setupBackends(backendSize);
+  }
+
+  @Test
+  public void handleNameResolutionError() {
+    int subsetSize = 2;
+    Object childConfig = "someConfig";
+
+    RandomSubsettingLoadBalancerConfig config = createRandomSubsettingLbConfig(
+        subsetSize, mockChildLbProvider, childConfig);
+
+    loadBalancer.acceptResolvedAddresses(
+        ResolvedAddresses.newBuilder()
+            .setAddresses(ImmutableList.of(new EquivalentAddressGroup(mockSocketAddress)))
+            .setLoadBalancingPolicyConfig(config)
+            .build());
+
+    loadBalancer.handleNameResolutionError(Status.DEADLINE_EXCEEDED);
+    verify(mockChildLb).handleNameResolutionError(Status.DEADLINE_EXCEEDED);
+  }
+
+  @Test
+  public void shutdown() {
+    int subsetSize = 2;
+    Object childConfig = "someConfig";
+
+    RandomSubsettingLoadBalancerConfig config = createRandomSubsettingLbConfig(
+        subsetSize, mockChildLbProvider, childConfig);
+
+    loadBalancer.acceptResolvedAddresses(
+        ResolvedAddresses.newBuilder()
+            .setAddresses(ImmutableList.of(new EquivalentAddressGroup(mockSocketAddress)))
+            .setLoadBalancingPolicyConfig(config)
+            .build());
+
+    loadBalancer.shutdown();
+    verify(mockChildLb).shutdown();
+  }
+
+  @Test
+  public void acceptResolvedAddresses_mockedChildLbPolicy() {
+    int subsetSize = 3;
+    Object childConfig = "someConfig";
+
+    RandomSubsettingLoadBalancerConfig config = createRandomSubsettingLbConfig(
+        subsetSize, mockChildLbProvider, childConfig);
+
+    ResolvedAddresses resolvedAddresses =
+        ResolvedAddresses.newBuilder()
+            .setAddresses(ImmutableList.copyOf(backendDetails.servers))
+            .setLoadBalancingPolicyConfig(config)
+            .build();
+
+    loadBalancer.acceptResolvedAddresses(resolvedAddresses);
+
+    verify(mockChildLb).acceptResolvedAddresses(resolvedAddrCaptor.capture());
+    assertThat(resolvedAddrCaptor.getValue().getAddresses().size()).isEqualTo(subsetSize);
+    assertThat(resolvedAddrCaptor.getValue().getLoadBalancingPolicyConfig()).isEqualTo(childConfig);
+  }
+
+  @Test
+  public void acceptResolvedAddresses_roundRobinChildLbPolicy() {
+    int subsetSize = 3;
+    Object childConfig = null;
+
+    RandomSubsettingLoadBalancerConfig config = createRandomSubsettingLbConfig(
+        subsetSize, roundRobinLbProvider, childConfig);
+
+    ResolvedAddresses resolvedAddresses =
+        ResolvedAddresses.newBuilder()
+            .setAddresses(ImmutableList.copyOf(backendDetails.servers))
+            .setLoadBalancingPolicyConfig(config)
+            .build();
+
+    loadBalancer.acceptResolvedAddresses(resolvedAddresses);
+
+    int insubset = 0;
+    for (Subchannel subchannel : backendDetails.subchannels.values()) {
+      LoadBalancer.SubchannelStateListener ssl =
+          backendDetails.subchannelStateListeners.get(subchannel);
+      if (ssl != null) { // it might be null if it's not in the subset.
+        insubset += 1;
+        ssl.onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+      }
+    }
+
+    assertThat(insubset).isEqualTo(subsetSize);
+  }
+
+  // verifies: https://github.com/grpc/proposal/blob/master/A68_graphics/subsetting100-100-5.png
+  @Test
+  public void backendsCanBeDistributedEvenly_subsetting100_100_5() {
+    verifyConnectionsByServer(100, 100, 5, 15);
+  }
+
+  // verifies https://github.com/grpc/proposal/blob/master/A68_graphics/subsetting100-100-25.png
+  @Test
+  public void backendsCanBeDistributedEvenly_subsetting100_100_25() {
+    verifyConnectionsByServer(100, 100, 25, 40);
+  }
+
+  // verifies: https://github.com/grpc/proposal/blob/master/A68_graphics/subsetting100-10-5.png
+  @Test
+  public void backendsCanBeDistributedEvenly_subsetting100_10_5() {
+    verifyConnectionsByServer(100, 10, 5, 65);
+  }
+
+  // verifies: https://github.com/grpc/proposal/blob/master/A68_graphics/subsetting500-10-5.png
+  @Test
+  public void backendsCanBeDistributedEvenly_subsetting500_10_5() {
+    verifyConnectionsByServer(500, 10, 5, 600);
+  }
+
+  // verifies: https://github.com/grpc/proposal/blob/master/A68_graphics/subsetting2000-10-5.png
+  @Test
+  public void backendsCanBeDistributedEvenly_subsetting2000_100_5() {
+    verifyConnectionsByServer(2000, 10, 5, 1200);
+  }
+
+  public void verifyConnectionsByServer(
+      int clientsCount, int serversCount, int subsetSize, int expectedMaxConnections) {
+    backendDetails = setupBackends(serversCount);
+    Object childConfig = "someConfig";
+
+    List<RandomSubsettingLoadBalancerConfig> configs = Lists.newArrayList();
+    for (int i = 0; i < clientsCount; i++) {
+      configs.add(createRandomSubsettingLbConfig(subsetSize, mockChildLbProvider, childConfig));
+    }
+
+    Map<SocketAddress, Integer> connectionsByServer = Maps.newLinkedHashMap();
+
+    for (int i = 0; i < clientsCount; i++) {
+      RandomSubsettingLoadBalancerConfig config = configs.get(i);
+
+      ResolvedAddresses resolvedAddresses =
+          ResolvedAddresses.newBuilder()
+              .setAddresses(ImmutableList.copyOf(backendDetails.servers))
+              .setLoadBalancingPolicyConfig(config)
+              .build();
+
+      loadBalancer = new RandomSubsettingLoadBalancer(mockHelper, i);
+      loadBalancer.acceptResolvedAddresses(resolvedAddresses);
+
+      verify(mockChildLb, atLeastOnce()).acceptResolvedAddresses(resolvedAddrCaptor.capture());
+      // Verify ChildLB is only getting subsetSize ResolvedAddresses each time
+      assertThat(resolvedAddrCaptor.getValue().getAddresses().size()).isEqualTo(config.subsetSize);
+
+      for (EquivalentAddressGroup eag : resolvedAddrCaptor.getValue().getAddresses()) {
+        for (SocketAddress addr : eag.getAddresses()) {
+          Integer prev = connectionsByServer.getOrDefault(addr, 0);
+          connectionsByServer.put(addr, prev + 1);
+        }
+      }
+    }
+
+    int maxConnections = Collections.max(connectionsByServer.values());
+
+    assertThat(maxConnections).isAtMost(expectedMaxConnections);
+  }
+
+  private class BackendDetails {
+    private final List<EquivalentAddressGroup> servers;
+    private final Map<List<EquivalentAddressGroup>, Subchannel> subchannels;
+    private final Map<Subchannel, LoadBalancer.SubchannelStateListener> subchannelStateListeners;
+
+    BackendDetails(List<EquivalentAddressGroup> servers,
+                   Map<List<EquivalentAddressGroup>, Subchannel> subchannels) {
+      this.servers = servers;
+      this.subchannels = subchannels;
+      this.subchannelStateListeners = Maps.newLinkedHashMap();
+
+      when(mockHelper.createSubchannel(any(LoadBalancer.CreateSubchannelArgs.class))).then(
+          new Answer<Subchannel>() {
+            @Override
+            public Subchannel answer(InvocationOnMock invocation) throws Throwable {
+              CreateSubchannelArgs args = (CreateSubchannelArgs) invocation.getArguments()[0];
+              final Subchannel subchannel = backendDetails.subchannels.get(args.getAddresses());
+              when(subchannel.getAllAddresses()).thenReturn(args.getAddresses());
+              when(subchannel.getAttributes()).thenReturn(args.getAttributes());
+              doAnswer(new Answer<Void>() {
+                @Override
+                public Void answer(InvocationOnMock invocation) throws Throwable {
+                  subchannelStateListeners.put(subchannel,
+                        (SubchannelStateListener) invocation.getArguments()[0]);
+                  return null;
+                }
+              }).when(subchannel).start(any(SubchannelStateListener.class));
+              return subchannel;
+            }
+          });
+    }
+  }
+
+  private static class FakeSocketAddress extends SocketAddress {
+    final String name;
+
+    FakeSocketAddress(String name) {
+      this.name = name;
+    }
+
+    @Override
+    public String toString() {
+      return "FakeSocketAddress-" + name;
+    }
+  }
+}

From 26c1c1341936640597f93a6a648e427a66d8dfe3 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 6 Nov 2025 10:27:19 +0000
Subject: [PATCH 442/591] rls: Control plane channel monitor state and back off
 handling (#12460)

At the end of back off time, instead of firing a Rls RPC, just update the RLS picker, and RLS connectivity state change from TRANSIENT_FAILURE to READY deactivate all active backoffs.
---
 .../java/io/grpc/rls/CachingRlsLbClient.java  |  88 ++++----
 .../io/grpc/rls/LbPolicyConfiguration.java    |  27 +--
 .../io/grpc/rls/CachingRlsLbClientTest.java   | 212 ++++++++++++++++--
 .../grpc/rls/LbPolicyConfigurationTest.java   |   6 +-
 .../java/io/grpc/rls/RlsLoadBalancerTest.java |   3 +-
 5 files changed, 249 insertions(+), 87 deletions(-)

diff --git a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
index 2c26d29f14d..83e9d482bc5 100644
--- a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
+++ b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
@@ -53,7 +53,6 @@
 import io.grpc.lookup.v1.RouteLookupServiceGrpc;
 import io.grpc.lookup.v1.RouteLookupServiceGrpc.RouteLookupServiceStub;
 import io.grpc.rls.ChildLoadBalancerHelper.ChildLoadBalancerHelperProvider;
-import io.grpc.rls.LbPolicyConfiguration.ChildLbStatusListener;
 import io.grpc.rls.LbPolicyConfiguration.ChildPolicyWrapper;
 import io.grpc.rls.LbPolicyConfiguration.RefCountedChildPolicyWrapperFactory;
 import io.grpc.rls.LruCache.EvictionListener;
@@ -217,6 +216,35 @@ private CachingRlsLbClient(Builder builder) {
       rlsChannelBuilder.disableServiceConfigLookUp();
     }
     rlsChannel = rlsChannelBuilder.build();
+    Runnable rlsServerConnectivityStateChangeHandler = new Runnable() {
+      private boolean wasInTransientFailure;
+      @Override
+      public void run() {
+        ConnectivityState currentState = rlsChannel.getState(false);
+        if (currentState == ConnectivityState.TRANSIENT_FAILURE) {
+          wasInTransientFailure = true;
+        } else if (wasInTransientFailure && currentState == ConnectivityState.READY) {
+          wasInTransientFailure = false;
+          synchronized (lock) {
+            boolean anyBackoffsCanceled = false;
+            for (CacheEntry value : linkedHashLruCache.values()) {
+              if (value instanceof BackoffCacheEntry) {
+                if (((BackoffCacheEntry) value).scheduledFuture.cancel(false)) {
+                  anyBackoffsCanceled = true;
+                }
+              }
+            }
+            if (anyBackoffsCanceled) {
+              // Cache updated. updateBalancingState() to reattempt picks
+              helper.triggerPendingRpcProcessing();
+            }
+          }
+        }
+        rlsChannel.notifyWhenStateChanged(currentState, this);
+      }
+    };
+    rlsChannel.notifyWhenStateChanged(
+        ConnectivityState.IDLE, rlsServerConnectivityStateChangeHandler);
     rlsStub = RouteLookupServiceGrpc.newStub(rlsChannel);
     childLbResolvedAddressFactory =
         checkNotNull(builder.resolvedAddressFactory, "resolvedAddressFactory");
@@ -226,8 +254,7 @@ private CachingRlsLbClient(Builder builder) {
     refCountedChildPolicyWrapperFactory =
         new RefCountedChildPolicyWrapperFactory(
             lbPolicyConfig.getLoadBalancingPolicy(), childLbResolvedAddressFactory,
-            childLbHelperProvider,
-            new BackoffRefreshListener());
+            childLbHelperProvider);
     // TODO(creamsoup) wait until lb is ready
     String defaultTarget = lbPolicyConfig.getRouteLookupConfig().defaultTarget();
     if (defaultTarget != null && !defaultTarget.isEmpty()) {
@@ -347,12 +374,15 @@ final CachedRouteLookupResponse get(final RouteLookupRequestKey routeLookupReque
     synchronized (lock) {
       final CacheEntry cacheEntry;
       cacheEntry = linkedHashLruCache.read(routeLookupRequestKey);
-      if (cacheEntry == null) {
+      if (cacheEntry == null
+          || (cacheEntry instanceof BackoffCacheEntry
+          && !((BackoffCacheEntry) cacheEntry).isInBackoffPeriod())) {
         PendingCacheEntry pendingEntry = pendingCallCache.get(routeLookupRequestKey);
         if (pendingEntry != null) {
           return CachedRouteLookupResponse.pendingResponse(pendingEntry);
         }
-        return asyncRlsCall(routeLookupRequestKey, /* backoffPolicy= */ null,
+        return asyncRlsCall(routeLookupRequestKey, cacheEntry instanceof BackoffCacheEntry
+            ? ((BackoffCacheEntry) cacheEntry).backoffPolicy : null,
             RouteLookupRequest.Reason.REASON_MISS);
       }
 
@@ -447,7 +477,8 @@ private BackoffCacheEntry createBackOffEntry(RouteLookupRequestKey routeLookupRe
         ChannelLogLevel.DEBUG,
         "[RLS Entry {0}] Transition to back off: status={1}, delayNanos={2}",
         routeLookupRequestKey, status, delayNanos);
-    BackoffCacheEntry entry = new BackoffCacheEntry(routeLookupRequestKey, status, backoffPolicy);
+    BackoffCacheEntry entry = new BackoffCacheEntry(routeLookupRequestKey, status, backoffPolicy,
+        ticker.read() + delayNanos * 2);
     // Lock is held, so the task can't execute before the assignment
     entry.scheduledFuture = scheduledExecutorService.schedule(
         () -> refreshBackoffEntry(entry), delayNanos, TimeUnit.NANOSECONDS);
@@ -462,11 +493,8 @@ private void refreshBackoffEntry(BackoffCacheEntry entry) {
         // Future was previously cancelled
         return;
       }
-      logger.log(ChannelLogLevel.DEBUG,
-          "[RLS Entry {0}] Calling RLS for transition to pending", entry.routeLookupRequestKey);
-      linkedHashLruCache.invalidate(entry.routeLookupRequestKey);
-      asyncRlsCall(entry.routeLookupRequestKey, entry.backoffPolicy,
-          RouteLookupRequest.Reason.REASON_MISS);
+      // Cache updated. updateBalancingState() to reattempt picks
+      helper.triggerPendingRpcProcessing();
     }
   }
 
@@ -773,13 +801,15 @@ private static final class BackoffCacheEntry extends CacheEntry {
 
     private final Status status;
     private final BackoffPolicy backoffPolicy;
+    private final long expiryTimeNanos;
     private Future<?> scheduledFuture;
 
     BackoffCacheEntry(RouteLookupRequestKey routeLookupRequestKey, Status status,
-        BackoffPolicy backoffPolicy) {
+        BackoffPolicy backoffPolicy, long expiryTimeNanos) {
       super(routeLookupRequestKey);
       this.status = checkNotNull(status, "status");
       this.backoffPolicy = checkNotNull(backoffPolicy, "backoffPolicy");
+      this.expiryTimeNanos = expiryTimeNanos;
     }
 
     Status getStatus() {
@@ -791,9 +821,13 @@ int getSizeBytes() {
       return OBJ_OVERHEAD_B * 3 + Long.SIZE + 8; // 3 java objects, 1 long and a boolean
     }
 
+    boolean isInBackoffPeriod() {
+      return !scheduledFuture.isDone();
+    }
+
     @Override
-    boolean isExpired(long now) {
-      return scheduledFuture.isDone();
+    boolean isExpired(long nowNanos) {
+      return nowNanos > expiryTimeNanos;
     }
 
     @Override
@@ -956,32 +990,6 @@ public CacheEntry cacheAndClean(RouteLookupRequestKey key, CacheEntry value) {
     }
   }
 
-  /**
-   * LbStatusListener refreshes {@link BackoffCacheEntry} when lb state is changed to {@link
-   * ConnectivityState#READY} from {@link ConnectivityState#TRANSIENT_FAILURE}.
-   */
-  private final class BackoffRefreshListener implements ChildLbStatusListener {
-
-    @Nullable
-    private ConnectivityState prevState = null;
-
-    @Override
-    public void onStatusChanged(ConnectivityState newState) {
-      if (prevState == ConnectivityState.TRANSIENT_FAILURE
-          && newState == ConnectivityState.READY) {
-        logger.log(ChannelLogLevel.DEBUG, "Transitioning from TRANSIENT_FAILURE to READY");
-        synchronized (lock) {
-          for (CacheEntry value : linkedHashLruCache.values()) {
-            if (value instanceof BackoffCacheEntry) {
-              refreshBackoffEntry((BackoffCacheEntry) value);
-            }
-          }
-        }
-      }
-      prevState = newState;
-    }
-  }
-
   /** A header will be added when RLS server respond with additional header data. */
   @VisibleForTesting
   static final Metadata.Key<String> RLS_DATA_KEY =
diff --git a/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java b/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
index 226176d25ff..0fb10326f28 100644
--- a/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
+++ b/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
@@ -210,20 +210,17 @@ static final class RefCountedChildPolicyWrapperFactory {
         new HashMap<>();
 
     private final ChildLoadBalancerHelperProvider childLbHelperProvider;
-    private final ChildLbStatusListener childLbStatusListener;
     private final ChildLoadBalancingPolicy childPolicy;
     private ResolvedAddressFactory childLbResolvedAddressFactory;
 
     public RefCountedChildPolicyWrapperFactory(
         ChildLoadBalancingPolicy childPolicy,
         ResolvedAddressFactory childLbResolvedAddressFactory,
-        ChildLoadBalancerHelperProvider childLbHelperProvider,
-        ChildLbStatusListener childLbStatusListener) {
+        ChildLoadBalancerHelperProvider childLbHelperProvider) {
       this.childPolicy = checkNotNull(childPolicy, "childPolicy");
       this.childLbResolvedAddressFactory =
           checkNotNull(childLbResolvedAddressFactory, "childLbResolvedAddressFactory");
       this.childLbHelperProvider = checkNotNull(childLbHelperProvider, "childLbHelperProvider");
-      this.childLbStatusListener = checkNotNull(childLbStatusListener, "childLbStatusListener");
     }
 
     void init() {
@@ -248,8 +245,7 @@ ChildPolicyWrapper createOrGet(String target) {
       RefCountedChildPolicyWrapper pooledChildPolicyWrapper = childPolicyMap.get(target);
       if (pooledChildPolicyWrapper == null) {
         ChildPolicyWrapper childPolicyWrapper = new ChildPolicyWrapper(
-            target, childPolicy, childLbResolvedAddressFactory, childLbHelperProvider,
-            childLbStatusListener);
+            target, childPolicy, childLbResolvedAddressFactory, childLbHelperProvider);
         pooledChildPolicyWrapper = RefCountedChildPolicyWrapper.of(childPolicyWrapper);
         childPolicyMap.put(target, pooledChildPolicyWrapper);
         return pooledChildPolicyWrapper.getObject();
@@ -299,11 +295,9 @@ public ChildPolicyWrapper(
         String target,
         ChildLoadBalancingPolicy childPolicy,
         final ResolvedAddressFactory childLbResolvedAddressFactory,
-        ChildLoadBalancerHelperProvider childLbHelperProvider,
-        ChildLbStatusListener childLbStatusListener) {
+        ChildLoadBalancerHelperProvider childLbHelperProvider) {
       this.target = target;
-      this.helper =
-          new ChildPolicyReportingHelper(childLbHelperProvider, childLbStatusListener);
+      this.helper = new ChildPolicyReportingHelper(childLbHelperProvider);
       LoadBalancerProvider lbProvider = childPolicy.getEffectiveLbProvider();
       final ConfigOrError lbConfig =
           lbProvider
@@ -386,14 +380,11 @@ public String toString() {
     final class ChildPolicyReportingHelper extends ForwardingLoadBalancerHelper {
 
       private final ChildLoadBalancerHelper delegate;
-      private final ChildLbStatusListener listener;
 
       ChildPolicyReportingHelper(
-          ChildLoadBalancerHelperProvider childHelperProvider,
-          ChildLbStatusListener listener) {
+          ChildLoadBalancerHelperProvider childHelperProvider) {
         checkNotNull(childHelperProvider, "childHelperProvider");
         this.delegate = childHelperProvider.forTarget(getTarget());
-        this.listener = checkNotNull(listener, "listener");
       }
 
       @Override
@@ -406,18 +397,10 @@ public void updateBalancingState(ConnectivityState newState, SubchannelPicker ne
         picker = newPicker;
         state = newState;
         super.updateBalancingState(newState, newPicker);
-        listener.onStatusChanged(newState);
       }
     }
   }
 
-  /** Listener for child lb status change events. */
-  interface ChildLbStatusListener {
-
-    /** Notifies when child lb status changes. */
-    void onStatusChanged(ConnectivityState newState);
-  }
-
   private static final class RefCountedChildPolicyWrapper
       implements ObjectPool<ChildPolicyWrapper> {
 
diff --git a/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java b/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
index 93c7d0f00ff..12483d60794 100644
--- a/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
+++ b/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
@@ -59,6 +59,7 @@
 import io.grpc.MetricRecorder.BatchRecorder;
 import io.grpc.MetricRecorder.Registration;
 import io.grpc.NameResolver.ConfigOrError;
+import io.grpc.Server;
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
@@ -66,7 +67,10 @@
 import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.BackoffPolicy;
 import io.grpc.internal.FakeClock;
+import io.grpc.internal.GrpcUtil;
+import io.grpc.internal.ObjectPool;
 import io.grpc.internal.PickSubchannelArgsImpl;
+import io.grpc.internal.SharedResourcePool;
 import io.grpc.lookup.v1.RouteLookupServiceGrpc;
 import io.grpc.rls.CachingRlsLbClient.CacheEntry;
 import io.grpc.rls.CachingRlsLbClient.CachedRouteLookupResponse;
@@ -96,10 +100,13 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ExecutorService;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicBoolean;
 import javax.annotation.Nonnull;
 import org.junit.After;
 import org.junit.Before;
@@ -160,8 +167,9 @@ public void uncaughtException(Thread t, Throwable e) {
           fakeClock.getScheduledExecutorService());
   private final ChildLoadBalancingPolicy childLbPolicy =
       new ChildLoadBalancingPolicy("target", Collections.<String, Object>emptyMap(), lbProvider);
+  private final FakeHelper fakeHelper = new FakeHelper();
   private final Helper helper =
-      mock(Helper.class, delegatesTo(new FakeHelper()));
+      mock(Helper.class, delegatesTo(fakeHelper));
   private final FakeThrottler fakeThrottler = new FakeThrottler();
   private final LbPolicyConfiguration lbPolicyConfiguration =
       new LbPolicyConfiguration(ROUTE_LOOKUP_CONFIG, null, childLbPolicy);
@@ -319,7 +327,44 @@ public void rls_withCustomRlsChannelServiceConfig() throws Exception {
   }
 
   @Test
-  public void get_throttledAndRecover() throws Exception {
+  public void backoffTimerEnd_updatesPicker() throws Exception {
+    setUpRlsLbClient();
+    InOrder inOrder = inOrder(helper);
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(
+            ImmutableMap.of(
+                "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
+    rlsServerImpl.setLookupTable(
+        ImmutableMap.of(
+            routeLookupRequestKey,
+            RouteLookupResponse.create(ImmutableList.of("target"), "header")));
+
+    fakeThrottler.nextResult = true;
+    fakeBackoffProvider.nextPolicy = createBackoffPolicy(10, TimeUnit.MILLISECONDS);
+
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
+    assertThat(resp.hasError()).isTrue();
+
+    fakeClock.forwardTime(10, TimeUnit.MILLISECONDS);
+    // Assert that Rls LB policy picker was updated which picks the fallback target
+    ArgumentCaptor<SubchannelPicker> pickerCaptor = ArgumentCaptor.forClass(SubchannelPicker.class);
+    ArgumentCaptor<ConnectivityState> stateCaptor =
+        ArgumentCaptor.forClass(ConnectivityState.class);
+
+    inOrder.verify(helper, times(3))
+        .updateBalancingState(stateCaptor.capture(), pickerCaptor.capture());
+    assertThat(new HashSet<>(pickerCaptor.getAllValues())).hasSize(1);
+    assertThat(stateCaptor.getAllValues())
+        .containsExactly(ConnectivityState.TRANSIENT_FAILURE, ConnectivityState.CONNECTING,
+            ConnectivityState.CONNECTING);
+    Metadata headers = new Metadata();
+    PickResult pickResult = getPickResultForCreate(pickerCaptor, headers);
+    assertThat(pickResult.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(pickResult.getStatus().getDescription()).isEqualTo("fallback not available");
+  }
+
+  @Test
+  public void get_throttledTwice_usesSameBackoffpolicy() throws Exception {
     setUpRlsLbClient();
     RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
         RlsProtoData.RouteLookupRequestKey.create(
@@ -338,20 +383,59 @@ public void get_throttledAndRecover() throws Exception {
     assertThat(resp.hasError()).isTrue();
 
     fakeClock.forwardTime(10, TimeUnit.MILLISECONDS);
-    // initially backed off entry is backed off again
-    verify(evictionListener)
-        .onEviction(eq(routeLookupRequestKey), any(CacheEntry.class), eq(EvictionType.EXPLICIT));
 
+    // Assert that the same backoff policy is still in effect for the cache entry.
+    // The below provider should not get used, so the back off time will still be set to 10ms.
+    fakeBackoffProvider.nextPolicy = createBackoffPolicy(20, TimeUnit.MILLISECONDS);
+    // let it be throttled again
     resp = getInSyncContext(routeLookupRequestKey);
-
     assertThat(resp.hasError()).isTrue();
 
-    // let it pass throttler
-    fakeThrottler.nextResult = false;
     fakeClock.forwardTime(10, TimeUnit.MILLISECONDS);
 
+    // Backoff entry's backoff timer has gone off, so next rpc should not be backed off.
+    fakeThrottler.nextResult = false;
     resp = getInSyncContext(routeLookupRequestKey);
+    assertThat(resp.isPending()).isTrue();
 
+    rlsServerImpl.routeLookupReason = null;
+    // server responses
+    fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
+    assertThat(rlsServerImpl.routeLookupReason).isEqualTo(
+        io.grpc.lookup.v1.RouteLookupRequest.Reason.REASON_MISS);
+  }
+
+  @Test
+  public void get_errorResponseTwice_usesSameBackoffPolicy() throws Exception {
+    setUpRlsLbClient();
+    RlsProtoData.RouteLookupRequestKey invalidRouteLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(ImmutableMap.of());
+    CachedRouteLookupResponse resp = getInSyncContext(invalidRouteLookupRequestKey);
+    assertThat(resp.isPending()).isTrue();
+    fakeBackoffProvider.nextPolicy = createBackoffPolicy(10, TimeUnit.MILLISECONDS);
+    fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
+    assertThat(rlsServerImpl.routeLookupReason).isEqualTo(
+        io.grpc.lookup.v1.RouteLookupRequest.Reason.REASON_MISS);
+
+    resp = getInSyncContext(invalidRouteLookupRequestKey);
+    assertThat(resp.hasError()).isTrue();
+
+    // Backoff time expiry
+    fakeClock.forwardTime(10, TimeUnit.MILLISECONDS);
+    resp = getInSyncContext(invalidRouteLookupRequestKey);
+    assertThat(resp.isPending()).isTrue();
+    // Assert that the same backoff policy is still in effect for the cache entry.
+    // The below provider should not get used, so the back off time will still be set to 10ms.
+    fakeBackoffProvider.nextPolicy = createBackoffPolicy(20, TimeUnit.MILLISECONDS);
+    // Gets error again and backed off again
+    fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
+
+    resp = getInSyncContext(invalidRouteLookupRequestKey);
+    assertThat(resp.hasError()).isTrue();
+
+    // Backoff time expiry
+    fakeClock.forwardTime(10, TimeUnit.MILLISECONDS);
+    resp = getInSyncContext(invalidRouteLookupRequestKey);
     assertThat(resp.isPending()).isTrue();
 
     rlsServerImpl.routeLookupReason = null;
@@ -359,10 +443,95 @@ public void get_throttledAndRecover() throws Exception {
     fakeClock.forwardTime(SERVER_LATENCY_MILLIS, TimeUnit.MILLISECONDS);
     assertThat(rlsServerImpl.routeLookupReason).isEqualTo(
         io.grpc.lookup.v1.RouteLookupRequest.Reason.REASON_MISS);
+  }
 
-    resp = getInSyncContext(routeLookupRequestKey);
+  @Test
+  public void controlPlaneTransientToReady_backOffEntriesRemovedAndPickerUpdated()
+      throws Exception {
+    setUpRlsLbClient();
+    InOrder inOrder = inOrder(helper);
+    final ConnectivityState[] rlsChannelState = new ConnectivityState[1];
+    Runnable channelStateListener = new Runnable() {
+      @Override
+      public void run() {
+        rlsChannelState[0] = fakeHelper.oobChannel.getState(false);
+        fakeHelper.oobChannel.notifyWhenStateChanged(rlsChannelState[0], this);
+        synchronized (this) {
+          notify();
+        }
+      }
+    };
+    fakeHelper.oobChannel.notifyWhenStateChanged(fakeHelper.oobChannel.getState(false),
+        channelStateListener);
+
+    fakeHelper.server.shutdown();
+    // Channel goes to IDLE state from the shutdown listener handling.
+    try {
+      if (!fakeHelper.server.awaitTermination(10, TimeUnit.SECONDS)) {
+        fakeHelper.server.shutdownNow(); // Forceful shutdown if graceful timeout expires
+      }
+    } catch (InterruptedException e) {
+      fakeHelper.server.shutdownNow();
+    }
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey =
+        RlsProtoData.RouteLookupRequestKey.create(ImmutableMap.of(
+        "server", "bigtable.googleapis.com", "service-key", "foo", "method-key", "bar"));
+    // Rls channel will go to TRANSIENT_FAILURE (connection back-off).
+    CachedRouteLookupResponse resp = getInSyncContext(routeLookupRequestKey);
+    assertThat(resp.isPending()).isTrue();
+    assertThat(rlsChannelState[0]).isEqualTo(ConnectivityState.TRANSIENT_FAILURE);
+    // Throttle the next rpc call.
+    fakeThrottler.nextResult = true;
+    fakeBackoffProvider.nextPolicy = createBackoffPolicy(10, TimeUnit.MILLISECONDS);
 
-    assertThat(resp.hasData()).isTrue();
+    // Cause two cache misses by using new request keys. This will create back-off Rls cache
+    // entries. RLS control plane state transitioning to READY should reset both back-offs but
+    // update picker only once.
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey2 =
+        RlsProtoData.RouteLookupRequestKey.create(ImmutableMap.of(
+        "server", "bigtable.googleapis.com", "service-key", "foo2", "method-key", "bar"));
+    resp = getInSyncContext(routeLookupRequestKey2);
+    assertThat(resp.hasError()).isTrue();
+    RlsProtoData.RouteLookupRequestKey routeLookupRequestKey3 =
+        RlsProtoData.RouteLookupRequestKey.create(ImmutableMap.of(
+            "server", "bigtable.googleapis.com", "service-key", "foo3", "method-key", "bar"));
+    resp = getInSyncContext(routeLookupRequestKey3);
+    assertThat(resp.hasError()).isTrue();
+
+    fakeHelper.createServerAndRegister("service1");
+    // Wait for Rls control plane channel back-off expiry and its moving to READY
+    synchronized (channelStateListener) {
+      channelStateListener.wait(2000);
+    }
+    assertThat(rlsChannelState[0]).isEqualTo(ConnectivityState.READY);
+    final ObjectPool<? extends Executor> defaultExecutorPool =
+        SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR);
+    AtomicBoolean isSuccess = new AtomicBoolean(false);
+    ((ExecutorService) defaultExecutorPool.getObject()).submit(() -> {
+      // Assert that Rls LB policy picker was updated which picks the fallback target
+      ArgumentCaptor<SubchannelPicker> pickerCaptor =
+          ArgumentCaptor.forClass(SubchannelPicker.class);
+      ArgumentCaptor<ConnectivityState> stateCaptor =
+          ArgumentCaptor.forClass(ConnectivityState.class);
+
+      inOrder.verify(helper, times(4))
+          .updateBalancingState(stateCaptor.capture(), pickerCaptor.capture());
+      assertThat(new HashSet<>(pickerCaptor.getAllValues())).hasSize(1);
+      assertThat(stateCaptor.getAllValues())
+          .containsExactly(ConnectivityState.TRANSIENT_FAILURE, ConnectivityState.CONNECTING,
+              ConnectivityState.CONNECTING, ConnectivityState.CONNECTING);
+      Metadata headers = new Metadata();
+      PickResult pickResult = getPickResultForCreate(pickerCaptor, headers);
+      assertThat(pickResult.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+      assertThat(pickResult.getStatus().getDescription()).isEqualTo("fallback not available");
+      isSuccess.set(true);
+    }).get();
+    assertThat(isSuccess.get()).isTrue();
+
+    fakeThrottler.nextResult = false;
+    // Rpcs are not backed off now.
+    assertThat(getInSyncContext(routeLookupRequestKey2).isPending()).isTrue();
+    assertThat(getInSyncContext(routeLookupRequestKey3).isPending()).isTrue();
   }
 
   @Test
@@ -931,16 +1100,23 @@ public void run() {
 
   private final class FakeHelper extends Helper {
 
+    Server server;
+    ManagedChannel oobChannel;
+
+    void createServerAndRegister(String target) throws IOException {
+      server = InProcessServerBuilder.forName(target)
+          .addService(rlsServerImpl)
+          .directExecutor()
+          .build()
+          .start();
+      grpcCleanupRule.register(server);
+    }
+
     @Override
     public ManagedChannelBuilder<?> createResolvingOobChannelBuilder(
         String target, ChannelCredentials creds) {
       try {
-        grpcCleanupRule.register(
-            InProcessServerBuilder.forName(target)
-                .addService(rlsServerImpl)
-                .directExecutor()
-                .build()
-                .start());
+        createServerAndRegister(target);
       } catch (IOException e) {
         throw new RuntimeException("cannot create server: " + target, e);
       }
@@ -956,7 +1132,8 @@ protected ManagedChannelBuilder<?> delegate() {
 
         @Override
         public ManagedChannel build() {
-          return grpcCleanupRule.register(super.build());
+          oobChannel = super.build();
+          return grpcCleanupRule.register(oobChannel);
         }
 
         @Override
@@ -985,7 +1162,6 @@ public ManagedChannel createOobChannel(EquivalentAddressGroup eag, String author
     @Override
     public void updateBalancingState(
         @Nonnull ConnectivityState newState, @Nonnull SubchannelPicker newPicker) {
-      // no-op
     }
 
     @Override
diff --git a/rls/src/test/java/io/grpc/rls/LbPolicyConfigurationTest.java b/rls/src/test/java/io/grpc/rls/LbPolicyConfigurationTest.java
index d6025d5bad4..fc48e6a5405 100644
--- a/rls/src/test/java/io/grpc/rls/LbPolicyConfigurationTest.java
+++ b/rls/src/test/java/io/grpc/rls/LbPolicyConfigurationTest.java
@@ -39,7 +39,6 @@
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
 import io.grpc.rls.ChildLoadBalancerHelper.ChildLoadBalancerHelperProvider;
-import io.grpc.rls.LbPolicyConfiguration.ChildLbStatusListener;
 import io.grpc.rls.LbPolicyConfiguration.ChildLoadBalancingPolicy;
 import io.grpc.rls.LbPolicyConfiguration.ChildPolicyWrapper;
 import io.grpc.rls.LbPolicyConfiguration.ChildPolicyWrapper.ChildPolicyReportingHelper;
@@ -61,7 +60,6 @@ public class LbPolicyConfigurationTest {
   private final LoadBalancer lb = mock(LoadBalancer.class);
   private final SubchannelStateManager subchannelStateManager = new SubchannelStateManagerImpl();
   private final SubchannelPicker picker = mock(SubchannelPicker.class);
-  private final ChildLbStatusListener childLbStatusListener = mock(ChildLbStatusListener.class);
   private final ResolvedAddressFactory resolvedAddressFactory =
       new ResolvedAddressFactory() {
         @Override
@@ -78,8 +76,7 @@ public ResolvedAddresses create(Object childLbConfig) {
               ImmutableMap.<String, Object>of("foo", "bar"),
               lbProvider),
           resolvedAddressFactory,
-          new ChildLoadBalancerHelperProvider(helper, subchannelStateManager, picker),
-          childLbStatusListener);
+          new ChildLoadBalancerHelperProvider(helper, subchannelStateManager, picker));
 
   @Before
   public void setUp() {
@@ -185,7 +182,6 @@ public void updateBalancingState_triggersListener() {
 
     childPolicyReportingHelper.updateBalancingState(ConnectivityState.READY, childPicker);
 
-    verify(childLbStatusListener).onStatusChanged(ConnectivityState.READY);
     assertThat(childPolicyWrapper.getPicker()).isEqualTo(childPicker);
     // picker governs childPickers will be reported to parent LB
     verify(helper).updateBalancingState(ConnectivityState.READY, picker);
diff --git a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
index c180935b153..8d16d1bd74c 100644
--- a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
@@ -456,8 +456,7 @@ public void lb_working_withDefaultTarget_noRlsResponse() throws Exception {
         (FakeSubchannel) markReadyAndGetPickResult(inOrder, searchSubchannelArgs).getSubchannel();
     assertThat(searchSubchannel).isNotNull();
     assertThat(searchSubchannel).isNotSameInstanceAs(fallbackSubchannel);
-    times = PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 1 : 2;
-    verifyLongCounterAdd("grpc.lb.rls.target_picks", times, 1, "wilderness", "complete");
+    verifyLongCounterAdd("grpc.lb.rls.target_picks", 1, 1, "wilderness", "complete");
 
     // create rescue subchannel
     picker.pickSubchannel(rescueSubchannelArgs);

From 97953ca9075ccf3f99068ee80463e361ab3258e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=AA=20Nam=20Kh=C3=A1nh?=
 <55955273+khanhkhanhlele@users.noreply.github.com>
Date: Thu, 6 Nov 2025 23:18:38 +0700
Subject: [PATCH 443/591] chore: fix typos in some files (#12478)

This PR fixes typos in the file file using codespell.
---
 .../main/java/io/grpc/alts/internal/AltsTsiHandshaker.java    | 2 +-
 services/src/main/proto/grpc/binlog/v1/binarylog.proto        | 2 +-
 .../src/main/proto/grpc/reflection/v1alpha/reflection.proto   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/alts/src/main/java/io/grpc/alts/internal/AltsTsiHandshaker.java b/alts/src/main/java/io/grpc/alts/internal/AltsTsiHandshaker.java
index 007db9e1eed..2d6c322c1b1 100644
--- a/alts/src/main/java/io/grpc/alts/internal/AltsTsiHandshaker.java
+++ b/alts/src/main/java/io/grpc/alts/internal/AltsTsiHandshaker.java
@@ -80,7 +80,7 @@ public boolean processBytesFromPeer(ByteBuffer bytes) throws GeneralSecurityExce
       return true;
     }
     int remaining = bytes.remaining();
-    // Call handshaker service to proceess the bytes.
+    // Call handshaker service to process the bytes.
     if (outputFrame == null) {
       checkState(!isClient, "Client handshaker should not process any frame at the beginning.");
       outputFrame = handshaker.startServerHandshake(bytes);
diff --git a/services/src/main/proto/grpc/binlog/v1/binarylog.proto b/services/src/main/proto/grpc/binlog/v1/binarylog.proto
index 9ed1733e2d8..b18bd88ddc9 100644
--- a/services/src/main/proto/grpc/binlog/v1/binarylog.proto
+++ b/services/src/main/proto/grpc/binlog/v1/binarylog.proto
@@ -120,7 +120,7 @@ message ClientHeader {
 
   // A single process may be used to run multiple virtual
   // servers with different identities.
-  // The authority is the name of such a server identitiy.
+  // The authority is the name of such a server identity.
   // It is typically a portion of the URI in the form of
   // <host> or <host>:<port> .
   string authority = 3;
diff --git a/services/src/main/proto/grpc/reflection/v1alpha/reflection.proto b/services/src/main/proto/grpc/reflection/v1alpha/reflection.proto
index 8c5e06fe148..a3984b55c2d 100644
--- a/services/src/main/proto/grpc/reflection/v1alpha/reflection.proto
+++ b/services/src/main/proto/grpc/reflection/v1alpha/reflection.proto
@@ -80,7 +80,7 @@ message ExtensionRequest {
 message ServerReflectionResponse {
   string valid_host = 1;
   ServerReflectionRequest original_request = 2;
-  // The server set one of the following fields accroding to the message_request
+  // The server set one of the following fields according to the message_request
   // in the request.
   oneof message_response {
     // This message is used to answer file_by_filename, file_containing_symbol,
@@ -91,7 +91,7 @@ message ServerReflectionResponse {
     // that were previously sent in response to earlier requests in the stream.
     FileDescriptorResponse file_descriptor_response = 4;
 
-    // This message is used to answer all_extension_numbers_of_type requst.
+    // This message is used to answer all_extension_numbers_of_type request.
     ExtensionNumberResponse all_extension_numbers_response = 5;
 
     // This message is used to answer list_services request.

From 14087f841c0bef87cffd9da45278c19c04da4a35 Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Thu, 6 Nov 2025 18:19:22 +0200
Subject: [PATCH 444/591] core: Report marshaller error for uncompressed size
 too large back to the client 2 (#12477)

Code mostly as in #12360 but trying to use `handleInternalError()` / `cancel()` as suggested by @ejona86

Fixes #11246
---
 .../grpc/internal/CloseWithHeadersMarker.java | 32 ++++++++++++++
 .../java/io/grpc/internal/ServerCallImpl.java | 24 +++++++++--
 .../io/grpc/internal/ServerCallImplTest.java  | 42 +++++++++++++++++++
 .../integration/AbstractInteropTest.java      |  2 +-
 .../integration/TransportCompressionTest.java | 29 ++++++++++++-
 .../java/io/grpc/netty/NettyServerStream.java |  7 +++-
 6 files changed, 129 insertions(+), 7 deletions(-)
 create mode 100644 core/src/main/java/io/grpc/internal/CloseWithHeadersMarker.java

diff --git a/core/src/main/java/io/grpc/internal/CloseWithHeadersMarker.java b/core/src/main/java/io/grpc/internal/CloseWithHeadersMarker.java
new file mode 100644
index 00000000000..376b9edb614
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/CloseWithHeadersMarker.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import io.grpc.Status;
+
+/**
+ * Marker to be used for Status sent to {@link ServerStream#cancel(Status)} to signal that stream
+ * should be closed by sending headers.
+ */
+public class CloseWithHeadersMarker extends Throwable {
+  private static final long serialVersionUID = 0L;
+
+  @Override
+  public synchronized Throwable fillInStackTrace() {
+    return this;
+  }
+}
diff --git a/core/src/main/java/io/grpc/internal/ServerCallImpl.java b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
index e224384ce8f..1c1f76cbb12 100644
--- a/core/src/main/java/io/grpc/internal/ServerCallImpl.java
+++ b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
@@ -279,6 +279,17 @@ private void handleInternalError(Throwable internalError) {
     serverCallTracer.reportCallEnded(false); // error so always false
   }
 
+  /**
+   * Close the {@link ServerStream} because parsing request message failed.
+   * Similar to {@link #handleInternalError(Throwable)}.
+   */
+  private void handleParseError(StatusRuntimeException parseError) {
+    cancelled = true;
+    log.log(Level.WARNING, "Cancelling the stream because of parse error", parseError);
+    stream.cancel(parseError.getStatus().withCause(new CloseWithHeadersMarker()));
+    serverCallTracer.reportCallEnded(false); // error so always false
+  }
+
   /**
    * All of these callbacks are assumed to called on an application thread, and the caller is
    * responsible for handling thrown exceptions.
@@ -327,18 +338,23 @@ private void messagesAvailableInternal(final MessageProducer producer) {
         return;
       }
 
-      InputStream message;
+      InputStream message = null;
       try {
         while ((message = producer.next()) != null) {
+          ReqT parsed;
           try {
-            listener.onMessage(call.method.parseRequest(message));
-          } catch (Throwable t) {
+            parsed = call.method.parseRequest(message);
+          } catch (StatusRuntimeException e) {
             GrpcUtil.closeQuietly(message);
-            throw t;
+            GrpcUtil.closeQuietly(producer);
+            call.handleParseError(e);
+            return;
           }
           message.close();
+          listener.onMessage(parsed);
         }
       } catch (Throwable t) {
+        GrpcUtil.closeQuietly(message);
         GrpcUtil.closeQuietly(producer);
         Throwables.throwIfUnchecked(t);
         throw new RuntimeException(t);
diff --git a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
index 7394c83eab2..028f1ac93cd 100644
--- a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
@@ -48,9 +48,11 @@
 import io.grpc.SecurityLevel;
 import io.grpc.ServerCall;
 import io.grpc.Status;
+import io.grpc.StatusRuntimeException;
 import io.grpc.internal.ServerCallImpl.ServerStreamListenerImpl;
 import io.perfmark.PerfMark;
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import org.junit.Before;
@@ -69,6 +71,8 @@ public class ServerCallImplTest {
 
   @Mock private ServerStream stream;
   @Mock private ServerCall.Listener<Long> callListener;
+  @Mock private StreamListener.MessageProducer messageProducer;
+  @Mock private InputStream message;
 
   private final CallTracer serverCallTracer = CallTracer.getDefaultFactory().create();
   private ServerCallImpl<Long, Long> call;
@@ -493,6 +497,44 @@ public void streamListener_unexpectedRuntimeException() {
     assertThat(e).hasMessageThat().isEqualTo("unexpected exception");
   }
 
+  @Test
+  public void streamListener_statusRuntimeException() throws IOException {
+    MethodDescriptor<Long, Long> failingParseMethod = MethodDescriptor.<Long, Long>newBuilder()
+        .setType(MethodType.UNARY)
+        .setFullMethodName("service/method")
+        .setRequestMarshaller(new LongMarshaller() {
+            @Override
+            public Long parse(InputStream stream) {
+              throw new StatusRuntimeException(Status.RESOURCE_EXHAUSTED
+                  .withDescription("Decompressed gRPC message exceeds maximum size"));
+            }
+        })
+        .setResponseMarshaller(new LongMarshaller())
+        .build();
+
+    call =  new ServerCallImpl<>(stream, failingParseMethod, requestHeaders, context,
+            DecompressorRegistry.getDefaultInstance(), CompressorRegistry.getDefaultInstance(),
+            serverCallTracer, PerfMark.createTag());
+
+    ServerStreamListenerImpl<Long> streamListener =
+            new ServerCallImpl.ServerStreamListenerImpl<>(call, callListener, context);
+
+    when(messageProducer.next()).thenReturn(message, (InputStream) null);
+    streamListener.messagesAvailable(messageProducer);
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(stream).cancel(statusCaptor.capture());
+    Status status = statusCaptor.getValue();
+    assertEquals(Status.Code.RESOURCE_EXHAUSTED, status.getCode());
+    assertEquals("Decompressed gRPC message exceeds maximum size", status.getDescription());
+
+    streamListener.halfClosed();
+    verify(callListener, never()).onHalfClose();
+
+    when(messageProducer.next()).thenReturn(message, (InputStream) null);
+    streamListener.messagesAvailable(messageProducer);
+    verify(callListener, never()).onMessage(any());
+  }
+
   private static class LongMarshaller implements Marshaller<Long> {
     @Override
     public InputStream stream(Long value) {
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index 51295281a90..f5cd111a5b1 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -2024,7 +2024,7 @@ private void assertPayload(Payload expected, Payload actual) {
     }
   }
 
-  private static void assertCodeEquals(Status.Code expected, Status actual) {
+  protected static void assertCodeEquals(Status.Code expected, Status actual) {
     assertWithMessage("Unexpected status: %s", actual).that(actual.getCode()).isEqualTo(expected);
   }
 
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
index b9692383254..33cd624aebb 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
@@ -17,6 +17,7 @@
 package io.grpc.testing.integration;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
 import com.google.protobuf.ByteString;
@@ -37,6 +38,8 @@
 import io.grpc.ServerCall.Listener;
 import io.grpc.ServerCallHandler;
 import io.grpc.ServerInterceptor;
+import io.grpc.Status.Code;
+import io.grpc.StatusRuntimeException;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.netty.InternalNettyChannelBuilder;
 import io.grpc.netty.InternalNettyServerBuilder;
@@ -53,7 +56,9 @@
 import java.io.OutputStream;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -84,10 +89,16 @@ public static void registerCompressors() {
     compressors.register(Codec.Identity.NONE);
   }
 
+  @Rule
+  public final TestName currentTest = new TestName();
+
   @Override
   protected ServerBuilder<?> getServerBuilder() {
     NettyServerBuilder builder = NettyServerBuilder.forPort(0, InsecureServerCredentials.create())
-        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
+        .maxInboundMessageSize(
+            DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME.equals(currentTest.getMethodName())
+                ? 1000
+                : AbstractInteropTest.MAX_MESSAGE_SIZE)
         .compressorRegistry(compressors)
         .decompressorRegistry(decompressors)
         .intercept(new ServerInterceptor() {
@@ -126,6 +137,22 @@ public void compresses() {
     assertTrue(FZIPPER.anyWritten);
   }
 
+  private static final String DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME =
+      "decompressedMessageTooLong";
+
+  @Test
+  public void decompressedMessageTooLong() {
+    assertEquals(DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME, currentTest.getMethodName());
+    final SimpleRequest bigRequest = SimpleRequest.newBuilder()
+        .setPayload(Payload.newBuilder().setBody(ByteString.copyFrom(new byte[10_000])))
+        .build();
+    StatusRuntimeException e = assertThrows(StatusRuntimeException.class,
+        () -> blockingStub.withCompression("gzip").unaryCall(bigRequest));
+    assertCodeEquals(Code.RESOURCE_EXHAUSTED, e.getStatus());
+    assertEquals("Decompressed gRPC message exceeds maximum size 1000",
+        e.getStatus().getDescription());
+  }
+
   @Override
   protected NettyChannelBuilder createChannelBuilder() {
     NettyChannelBuilder builder = NettyChannelBuilder.forAddress(getListenAddress())
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerStream.java b/netty/src/main/java/io/grpc/netty/NettyServerStream.java
index 836f39ddf19..681e649d1ef 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerStream.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerStream.java
@@ -23,6 +23,7 @@
 import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.internal.AbstractServerStream;
+import io.grpc.internal.CloseWithHeadersMarker;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.TransportTracer;
 import io.grpc.internal.WritableBuffer;
@@ -130,7 +131,11 @@ public void writeTrailers(Metadata trailers, boolean headersSent, Status status)
     @Override
     public void cancel(Status status) {
       try (TaskCloseable ignore = PerfMark.traceTask("NettyServerStream$Sink.cancel")) {
-        writeQueue.enqueue(CancelServerStreamCommand.withReset(transportState(), status), true);
+        CancelServerStreamCommand cmd =
+            status.getCause() instanceof CloseWithHeadersMarker
+                ? CancelServerStreamCommand.withReason(transportState(), status)
+                : CancelServerStreamCommand.withReset(transportState(), status);
+        writeQueue.enqueue(cmd, true);
       }
     }
   }

From 7cb8b68c3aa8dea787bf0ac71e11aadf0f4eed85 Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Fri, 7 Nov 2025 16:30:23 +0300
Subject: [PATCH 445/591] opentelemetry: propagate baggage to metrics for
 custom attributes, helps with b/406058193 (#12389)

---
 opentelemetry/build.gradle                    |   1 +
 .../grpc/opentelemetry/GrpcOpenTelemetry.java |   4 +-
 .../OpenTelemetryMetricsModule.java           |  45 ++++--
 .../OpenTelemetryTracingModule.java           |  24 +++-
 .../internal/OpenTelemetryConstants.java      |   6 +
 .../OpenTelemetryMetricsModuleTest.java       | 132 ++++++++++++++++++
 .../OpenTelemetryTracingModuleTest.java       | 116 +++++++++++++++
 7 files changed, 309 insertions(+), 19 deletions(-)

diff --git a/opentelemetry/build.gradle b/opentelemetry/build.gradle
index b729f393e4b..c856ad8dcb9 100644
--- a/opentelemetry/build.gradle
+++ b/opentelemetry/build.gradle
@@ -15,6 +15,7 @@ dependencies {
             libraries.auto.value.annotations
 
     testImplementation project(':grpc-testing'),
+            project(':grpc-testing-proto'),
             project(':grpc-inprocess'),
             testFixtures(project(':grpc-core')),
             testFixtures(project(':grpc-api')),
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
index e0af0f80ed3..4341b27daa4 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
@@ -179,12 +179,14 @@ public void configureChannelBuilder(ManagedChannelBuilder<?> builder) {
    * @param serverBuilder the server builder to configure
    */
   public void configureServerBuilder(ServerBuilder<?> serverBuilder) {
-    serverBuilder.addStreamTracerFactory(openTelemetryMetricsModule.getServerTracerFactory());
+    /* To ensure baggage propagation to metrics, we need the tracing
+    tracers to be initialised before metrics */
     if (ENABLE_OTEL_TRACING) {
       serverBuilder.addStreamTracerFactory(
           openTelemetryTracingModule.getServerTracerFactory());
       serverBuilder.intercept(openTelemetryTracingModule.getServerSpanPropagationInterceptor());
     }
+    serverBuilder.addStreamTracerFactory(openTelemetryMetricsModule.getServerTracerFactory());
   }
 
   @VisibleForTesting
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
index 1d77f9ee3e4..3e5137e0034 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.BACKEND_SERVICE_KEY;
+import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.BAGGAGE_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.LOCALITY_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.METHOD_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.STATUS_KEY;
@@ -44,7 +45,9 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.StreamTracer;
+import io.opentelemetry.api.baggage.Baggage;
 import io.opentelemetry.api.common.AttributesBuilder;
+import io.opentelemetry.context.Context;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -94,8 +97,8 @@ final class OpenTelemetryMetricsModule {
   private final ImmutableList<OpenTelemetryPlugin> plugins;
 
   OpenTelemetryMetricsModule(Supplier<Stopwatch> stopwatchSupplier,
-      OpenTelemetryMetricsResource resource, Collection<String> optionalLabels,
-      List<OpenTelemetryPlugin> plugins) {
+                             OpenTelemetryMetricsResource resource,
+                             Collection<String> optionalLabels, List<OpenTelemetryPlugin> plugins) {
     this.resource = checkNotNull(resource, "resource");
     this.stopwatchSupplier = checkNotNull(stopwatchSupplier, "stopwatchSupplier");
     this.localityEnabled = optionalLabels.contains(LOCALITY_KEY.getKey());
@@ -128,6 +131,14 @@ static String recordMethodName(String fullMethodName, boolean isGeneratedMethod)
     return isGeneratedMethod ? fullMethodName : "other";
   }
 
+  private static Context otelContextWithBaggage() {
+    Baggage baggage = BAGGAGE_KEY.get();
+    if (baggage == null) {
+      return Context.current();
+    }
+    return Context.current().with(baggage);
+  }
+
   private static final class ClientTracer extends ClientStreamTracer {
     @Nullable private static final AtomicLongFieldUpdater<ClientTracer> outboundWireSizeUpdater;
     @Nullable private static final AtomicLongFieldUpdater<ClientTracer> inboundWireSizeUpdater;
@@ -243,6 +254,7 @@ public void streamClosed(Status status) {
     }
 
     void recordFinishedAttempt() {
+      Context otelContext = otelContextWithBaggage();
       AttributesBuilder builder = io.opentelemetry.api.common.Attributes.builder()
           .put(METHOD_KEY, fullMethodName)
           .put(TARGET_KEY, target)
@@ -268,15 +280,15 @@ void recordFinishedAttempt() {
 
       if (module.resource.clientAttemptDurationCounter() != null ) {
         module.resource.clientAttemptDurationCounter()
-            .record(attemptNanos * SECONDS_PER_NANO, attribute);
+            .record(attemptNanos * SECONDS_PER_NANO, attribute, otelContext);
       }
       if (module.resource.clientTotalSentCompressedMessageSizeCounter() != null) {
         module.resource.clientTotalSentCompressedMessageSizeCounter()
-            .record(outboundWireSize, attribute);
+            .record(outboundWireSize, attribute, otelContext);
       }
       if (module.resource.clientTotalReceivedCompressedMessageSizeCounter() != null) {
         module.resource.clientTotalReceivedCompressedMessageSizeCounter()
-            .record(inboundWireSize, attribute);
+            .record(inboundWireSize, attribute, otelContext);
       }
     }
   }
@@ -408,6 +420,7 @@ void callEnded(Status status) {
     }
 
     void recordFinishedCall() {
+      Context otelContext = otelContextWithBaggage();
       if (attemptsPerCall.get() == 0) {
         ClientTracer tracer = newClientTracer(null);
         tracer.attemptNanos = attemptDelayStopwatch.elapsed(TimeUnit.NANOSECONDS);
@@ -429,7 +442,8 @@ void recordFinishedCall() {
             callLatencyNanos * SECONDS_PER_NANO,
             baseAttributes.toBuilder()
                 .put(STATUS_KEY, status.getCode().toString())
-                .build()
+                .build(),
+            otelContext
         );
       }
 
@@ -437,7 +451,8 @@ void recordFinishedCall() {
       if (module.resource.clientCallRetriesCounter() != null) {
         long retriesPerCall = Math.max(attemptsPerCall.get() - 1, 0);
         if (retriesPerCall > 0) {
-          module.resource.clientCallRetriesCounter().record(retriesPerCall, baseAttributes);
+          module.resource.clientCallRetriesCounter()
+              .record(retriesPerCall, baseAttributes, otelContext);
         }
       }
 
@@ -446,7 +461,7 @@ void recordFinishedCall() {
         long hedges = hedgedAttemptsPerCall.get();
         if (hedges > 0) {
           module.resource.clientCallHedgesCounter()
-              .record(hedges, baseAttributes);
+              .record(hedges, baseAttributes, otelContext);
         }
       }
 
@@ -454,8 +469,8 @@ void recordFinishedCall() {
       if (module.resource.clientCallTransparentRetriesCounter() != null) {
         long transparentRetries = transparentRetriesPerCall.get();
         if (transparentRetries > 0) {
-          module.resource.clientCallTransparentRetriesCounter().record(
-              transparentRetries, baseAttributes);
+          module.resource.clientCallTransparentRetriesCounter()
+              .record(transparentRetries, baseAttributes, otelContext);
         }
       }
 
@@ -463,7 +478,8 @@ void recordFinishedCall() {
       if (module.resource.clientCallRetryDelayCounter() != null) {
         module.resource.clientCallRetryDelayCounter().record(
             retryDelayNanos * SECONDS_PER_NANO,
-            baseAttributes
+            baseAttributes,
+            otelContext
         );
       }
     }
@@ -562,6 +578,7 @@ public void inboundWireSize(long bytes) {
      */
     @Override
     public void streamClosed(Status status) {
+      Context otelContext = otelContextWithBaggage();
       if (streamClosedUpdater != null) {
         if (streamClosedUpdater.getAndSet(this, 1) != 0) {
           return;
@@ -584,15 +601,15 @@ public void streamClosed(Status status) {
 
       if (module.resource.serverCallDurationCounter() != null) {
         module.resource.serverCallDurationCounter()
-            .record(elapsedTimeNanos * SECONDS_PER_NANO, attributes);
+            .record(elapsedTimeNanos * SECONDS_PER_NANO, attributes, otelContext);
       }
       if (module.resource.serverTotalSentCompressedMessageSizeCounter() != null) {
         module.resource.serverTotalSentCompressedMessageSizeCounter()
-            .record(outboundWireSize, attributes);
+            .record(outboundWireSize, attributes, otelContext);
       }
       if (module.resource.serverTotalReceivedCompressedMessageSizeCounter() != null) {
         module.resource.serverTotalReceivedCompressedMessageSizeCounter()
-            .record(inboundWireSize, attributes);
+            .record(inboundWireSize, attributes, otelContext);
       }
     }
   }
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
index 4fa4f802dc0..d214e99bd75 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryTracingModule.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.ClientStreamTracer.NAME_RESOLUTION_DELAYED;
 import static io.grpc.internal.GrpcUtil.IMPLEMENTATION_VERSION;
+import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.BAGGAGE_KEY;
 
 import com.google.common.annotations.VisibleForTesting;
 import io.grpc.Attributes;
@@ -39,6 +40,7 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
 import io.opentelemetry.api.OpenTelemetry;
+import io.opentelemetry.api.baggage.Baggage;
 import io.opentelemetry.api.common.AttributesBuilder;
 import io.opentelemetry.api.trace.Span;
 import io.opentelemetry.api.trace.StatusCode;
@@ -59,6 +61,7 @@ final class OpenTelemetryTracingModule {
 
   @VisibleForTesting
   final io.grpc.Context.Key<Span> otelSpan = io.grpc.Context.key("opentelemetry-span-key");
+
   @Nullable
   private static final AtomicIntegerFieldUpdater<CallAttemptsTracerFactory> callEndedUpdater;
   @Nullable
@@ -243,13 +246,15 @@ private final class ServerTracer extends ServerStreamTracer {
     private final Span span;
     volatile int streamClosed;
     private int seqNo;
+    private Baggage baggage;
 
-    ServerTracer(String fullMethodName, @Nullable Span remoteSpan) {
+    ServerTracer(String fullMethodName, @Nullable Span remoteSpan, Baggage baggage) {
       checkNotNull(fullMethodName, "fullMethodName");
       this.span =
           otelTracer.spanBuilder(generateTraceSpanName(true, fullMethodName))
               .setParent(remoteSpan == null ? null : Context.current().with(remoteSpan))
               .startSpan();
+      this.baggage = baggage;
     }
 
     /**
@@ -275,7 +280,9 @@ public void streamClosed(io.grpc.Status status) {
 
     @Override
     public io.grpc.Context filterContext(io.grpc.Context context) {
-      return context.withValue(otelSpan, span);
+      return context
+          .withValue(otelSpan, span)
+          .withValue(BAGGAGE_KEY, baggage);
     }
 
     @Override
@@ -315,7 +322,8 @@ public ServerStreamTracer newServerStreamTracer(String fullMethodName, Metadata
       if (remoteSpan == Span.getInvalid()) {
         remoteSpan = null;
       }
-      return new ServerTracer(fullMethodName, remoteSpan);
+      Baggage baggage = Baggage.fromContext(context);
+      return new ServerTracer(fullMethodName, remoteSpan, baggage);
     }
   }
 
@@ -330,7 +338,15 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
             + "tracing must be set.");
         return next.startCall(call, headers);
       }
-      Context serverCallContext = Context.current().with(span);
+      Context serverCallContext = Context.current();
+      serverCallContext = serverCallContext.with(span);
+      Baggage baggage = BAGGAGE_KEY.get();
+      if (baggage != null) {
+        serverCallContext = serverCallContext.with(baggage);
+      } else {
+        logger.log(Level.WARNING, "Server baggage not found which is unexpected, "
+            + "as it is being added unconditionally in filterContext().");
+      }
       try (Scope scope = serverCallContext.makeCurrent()) {
         return new ContextServerCallListener<>(next.startCall(call, headers), serverCallContext);
       }
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
index ff2b88acbfd..2c7123198c4 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
@@ -16,7 +16,9 @@
 
 package io.grpc.opentelemetry.internal;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
+import io.opentelemetry.api.baggage.Baggage;
 import io.opentelemetry.api.common.AttributeKey;
 import java.util.List;
 
@@ -42,6 +44,10 @@ public final class OpenTelemetryConstants {
   public static final AttributeKey<String> SECURITY_LEVEL_KEY =
       AttributeKey.stringKey("grpc.security_level");
 
+  @VisibleForTesting
+  public static final io.grpc.Context.Key<Baggage> BAGGAGE_KEY =
+      io.grpc.Context.key("opentelemetry-baggage-key");
+
   public static final List<Double> LATENCY_BUCKETS =
       ImmutableList.of(
           0d,     0.00001d, 0.00005d, 0.0001d, 0.0003d, 0.0006d, 0.0008d, 0.001d, 0.002d,
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
index 6d1234497d6..58759294fca 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
@@ -27,6 +27,7 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyDouble;
 import static org.mockito.Mockito.verify;
 
 import com.google.common.collect.ImmutableMap;
@@ -47,11 +48,21 @@
 import io.grpc.ServerStreamTracer.ServerCallInfo;
 import io.grpc.Status;
 import io.grpc.Status.Code;
+import io.grpc.inprocess.InProcessChannelBuilder;
+import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.FakeClock;
 import io.grpc.opentelemetry.OpenTelemetryMetricsModule.CallAttemptsTracerFactory;
 import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
+import io.grpc.stub.MetadataUtils;
+import io.grpc.stub.StreamObserver;
 import io.grpc.testing.GrpcServerRule;
+import io.grpc.testing.protobuf.SimpleRequest;
+import io.grpc.testing.protobuf.SimpleResponse;
+import io.grpc.testing.protobuf.SimpleServiceGrpc;
+import io.opentelemetry.api.OpenTelemetry;
+import io.opentelemetry.api.baggage.Baggage;
 import io.opentelemetry.api.common.AttributeKey;
+import io.opentelemetry.api.metrics.DoubleHistogram;
 import io.opentelemetry.api.metrics.Meter;
 import io.opentelemetry.sdk.common.InstrumentationScopeInfo;
 import io.opentelemetry.sdk.metrics.data.MetricData;
@@ -65,6 +76,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 import javax.annotation.Nullable;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -161,6 +173,14 @@ public String parse(InputStream stream) {
   private ServerCall.Listener<String> mockServerCallListener;
   @Captor
   private ArgumentCaptor<Status> statusCaptor;
+  @Mock
+  private DoubleHistogram mockServerCallDurationHistogram;
+  @Captor
+  private ArgumentCaptor<io.opentelemetry.context.Context> contextCaptor;
+  private io.grpc.Server server;
+  private io.grpc.ManagedChannel channel;
+  private OpenTelemetryMetricsResource resource;
+  private final String serverName = "E2ETestServer-" + Math.random();
 
   private final FakeClock fakeClock = new FakeClock();
   private final MethodDescriptor<String, String> method =
@@ -180,6 +200,19 @@ public String parse(InputStream stream) {
   public void setUp() throws Exception {
     testMeter = openTelemetryTesting.getOpenTelemetry()
         .getMeter(OpenTelemetryConstants.INSTRUMENTATION_SCOPE);
+    resource = OpenTelemetryMetricsResource.builder()
+        .serverCallDurationCounter(mockServerCallDurationHistogram)
+        .build();
+  }
+
+  @After
+  public void tearDown() {
+    if (channel != null) {
+      channel.shutdownNow();
+    }
+    if (server != null) {
+      server.shutdownNow();
+    }
   }
 
   @Test
@@ -1595,6 +1628,45 @@ public void serverBasicMetrics() {
 
   }
 
+  @Test
+  public void serverBaggagePropagationToMetrics() {
+    // 1. Create module and tracer factory using the mock resource
+    OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
+        fakeClock.getStopwatchSupplier(), resource, emptyList(), emptyList());
+    ServerStreamTracer.Factory tracerFactory = module.getServerTracerFactory();
+    ServerStreamTracer tracer =
+        tracerFactory.newServerStreamTracer(method.getFullMethodName(), new Metadata());
+
+    // 2. Define the test baggage and gRPC context
+    Baggage testBaggage = Baggage.builder()
+        .put("user-id", "67")
+        .build();
+
+    // This simulates the context that the Tracing module would have created
+    io.grpc.Context grpcContext = io.grpc.Context.current()
+        .withValue(OpenTelemetryConstants.BAGGAGE_KEY, testBaggage);
+
+    // 3. Attach the gRPC context, trigger metric recording, and detach
+    io.grpc.Context previousContext = grpcContext.attach();
+    try {
+      tracer.streamClosed(Status.OK);
+    } finally {
+      grpcContext.detach(previousContext);
+    }
+
+    // 4. Verify the record call and capture the OTel Context
+    verify(mockServerCallDurationHistogram).record(
+        anyDouble(),
+        any(io.opentelemetry.api.common.Attributes.class),
+        contextCaptor.capture());
+
+    // 5. Assert on the captured OTel Context
+    io.opentelemetry.context.Context capturedOtelContext = contextCaptor.getValue();
+    Baggage capturedBaggage = Baggage.fromContext(capturedOtelContext);
+
+    assertEquals("67", capturedBaggage.getEntryValue("user-id"));
+  }
+
   private OpenTelemetryMetricsModule newOpenTelemetryMetricsModule(
       OpenTelemetryMetricsResource resource) {
     return new OpenTelemetryMetricsModule(
@@ -1631,4 +1703,64 @@ public String getAuthority() {
       return authority;
     }
   }
+
+  @Test
+  public void serverBaggagePropagation_EndToEnd() throws Exception {
+    // 1. Create Both Modules
+    OpenTelemetry otel = openTelemetryTesting.getOpenTelemetry();
+    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(otel);
+    OpenTelemetryMetricsModule metricsModule = new OpenTelemetryMetricsModule(
+        fakeClock.getStopwatchSupplier(), resource, emptyList(), emptyList());
+
+    // 2. Create Server with *both* tracer factories
+    server = InProcessServerBuilder.forName(serverName)
+        .addService(new SimpleServiceImpl()) // <-- Uses the helper class below
+        .addStreamTracerFactory(tracingModule.getServerTracerFactory())
+        .addStreamTracerFactory(metricsModule.getServerTracerFactory())
+        .build()
+        .start();
+
+    // 3. Create Client Channel
+    channel = InProcessChannelBuilder.forName(serverName).directExecutor().build();
+
+    // 4. Manually create baggage headers
+    Metadata headers = new Metadata();
+    headers.put(Metadata.Key.of("baggage", Metadata.ASCII_STRING_MARSHALLER),
+        "choice=red_pill_or_blue_pill");
+
+    // 5. Make the gRPC call with these headers
+    ClientInterceptor headerAttachingInterceptor =
+        MetadataUtils.newAttachHeadersInterceptor(headers);
+
+    // Now, create the stub and apply that interceptor
+    SimpleServiceGrpc.SimpleServiceBlockingStub stub =
+        SimpleServiceGrpc.newBlockingStub(channel)
+            .withInterceptors(headerAttachingInterceptor);
+
+    // Use the imported SimpleRequest
+    stub.unaryRpc(SimpleRequest.getDefaultInstance());
+
+    // 6. Verify the Mock
+    verify(mockServerCallDurationHistogram).record(
+        anyDouble(),
+        any(io.opentelemetry.api.common.Attributes.class),
+        contextCaptor.capture());
+
+    // 7. Assert on the captured Context
+    io.opentelemetry.context.Context capturedOtelContext = contextCaptor.getValue();
+    Baggage capturedBaggage = Baggage.fromContext(capturedOtelContext);
+
+    assertEquals("red_pill_or_blue_pill", capturedBaggage.getEntryValue("choice"));
+  }
+
+  /**
+   * A simple service implementation for the E2E test.
+   */
+  private static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase {
+    @Override
+    public void unaryRpc(SimpleRequest request, StreamObserver<SimpleResponse> responseObserver) {
+      responseObserver.onNext(SimpleResponse.getDefaultInstance());
+      responseObserver.onCompleted();
+    }
+  }
 }
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
index bca6be94b9f..e6759aadb1e 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryTracingModuleTest.java
@@ -17,12 +17,15 @@
 package io.grpc.opentelemetry;
 
 import static io.grpc.ClientStreamTracer.NAME_RESOLUTION_DELAYED;
+import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.BAGGAGE_KEY;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.same;
+import static org.mockito.Mockito.doAnswer;
 import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -59,11 +62,15 @@
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.testing.GrpcServerRule;
 import io.opentelemetry.api.OpenTelemetry;
+import io.opentelemetry.api.baggage.Baggage;
 import io.opentelemetry.api.trace.Span;
 import io.opentelemetry.api.trace.SpanBuilder;
+import io.opentelemetry.api.trace.SpanContext;
 import io.opentelemetry.api.trace.SpanId;
 import io.opentelemetry.api.trace.StatusCode;
+import io.opentelemetry.api.trace.TraceFlags;
 import io.opentelemetry.api.trace.TraceId;
+import io.opentelemetry.api.trace.TraceState;
 import io.opentelemetry.api.trace.Tracer;
 import io.opentelemetry.api.trace.TracerBuilder;
 import io.opentelemetry.api.trace.TracerProvider;
@@ -750,6 +757,115 @@ public void onComplete() {
     }
   }
 
+  /**
+   * Tests that baggage from the initial context is propagated
+   * to the context active during the next handler's execution.
+   */
+  @Test
+  public void testBaggageIsPropagatedToHandlerContext() {
+    // 1. ARRANGE
+    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(
+        openTelemetryRule.getOpenTelemetry());
+    ServerInterceptor interceptor = tracingModule.getServerSpanPropagationInterceptor();
+
+    // Create mocks for the gRPC call chain
+    @SuppressWarnings("unchecked")
+    ServerCallHandler<String, String> mockHandler = mock(ServerCallHandler.class);
+    @SuppressWarnings("unchecked")
+    ServerCall.Listener<String> mockListener = mock(ServerCall.Listener.class);
+    ServerCall<String, String> mockCall = new NoopServerCall<>();
+    Metadata mockHeaders = new Metadata();
+
+    // Create a non-null Span (required to pass the first 'if' check)
+    Span testSpan = Span.wrap(
+        SpanContext.create("time-period", "star-wars",
+            TraceFlags.getSampled(), TraceState.getDefault()));
+
+    // Create the test Baggage
+    Baggage testBaggage = Baggage.builder().put("best-bot", "R2D2").build();
+
+    // Create the initial gRPC context that the interceptor will read from
+    io.grpc.Context initialGrpcContext = io.grpc.Context.current()
+        .withValue(tracingModule.otelSpan, testSpan)
+        .withValue(BAGGAGE_KEY, testBaggage);
+
+    // This AtomicReference will capture the Baggage from *within* the handler
+    final AtomicReference<Baggage> capturedBaggage = new AtomicReference<>();
+
+    // Stub the handler to capture the *current* context when it's called
+    doAnswer(invocation -> {
+      // Baggage.current() gets baggage from io.opentelemetry.context.Context.current()
+      capturedBaggage.set(Baggage.current());
+      return mockListener;
+    }).when(mockHandler).startCall(any(), any());
+
+    // 2. ACT
+    // Run the interceptCall method within the prepared context
+    io.grpc.Context previous = initialGrpcContext.attach();
+    try {
+      interceptor.interceptCall(mockCall, mockHeaders, mockHandler);
+    } finally {
+      initialGrpcContext.detach(previous);
+    }
+
+    // 3. ASSERT
+    // Verify the next handler was called
+    verify(mockHandler).startCall(same(mockCall), same(mockHeaders));
+
+    // Check the baggage that was captured
+    assertNotNull("Baggage should not be null in handler context", capturedBaggage.get());
+    assertEquals("Baggage was not correctly propagated to the handler's context",
+        "R2D2", capturedBaggage.get().getEntryValue("best-bot"));
+  }
+
+  /**
+   * Tests that the interceptor proceeds correctly if baggage is null or empty.
+   */
+  @Test
+  public void testNullBaggageIsHandledGracefully() {
+    // 1. ARRANGE
+    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(
+        openTelemetryRule.getOpenTelemetry());
+    ServerInterceptor interceptor = tracingModule.getServerSpanPropagationInterceptor();
+
+    @SuppressWarnings("unchecked")
+    ServerCallHandler<String, String> mockHandler = mock(ServerCallHandler.class);
+    @SuppressWarnings("unchecked")
+    ServerCall.Listener<String> mockListener = mock(ServerCall.Listener.class);
+    ServerCall<String, String> mockCall = new NoopServerCall<>();
+    Metadata mockHeaders = new Metadata();
+
+    Span testSpan = Span.getInvalid(); // A non-null span
+
+    // No baggage is set in the context
+    io.grpc.Context initialGrpcContext = io.grpc.Context.current()
+        .withValue(tracingModule.otelSpan, testSpan);
+
+    final AtomicReference<Baggage> capturedBaggage = new AtomicReference<>();
+
+    // Stub the handler to capture the *current* context when it's called
+    doAnswer(invocation -> {
+      // Baggage.current() gets baggage from io.opentelemetry.context.Context.current()
+      capturedBaggage.set(Baggage.current());
+      return mockListener;
+    }).when(mockHandler).startCall(any(), any());
+
+    // 2. ACT
+    io.grpc.Context previous = initialGrpcContext.attach();
+    try {
+      interceptor.interceptCall(mockCall, mockHeaders, mockHandler);
+    } finally {
+      initialGrpcContext.detach(previous);
+    }
+
+    // 3. ASSERT
+    verify(mockHandler).startCall(same(mockCall), same(mockHeaders));
+
+    // Baggage should be null in the downstream context
+    assertEquals("Baggage should be empty when not provided",
+        Baggage.empty(), capturedBaggage.get());
+  }
+
   @Test
   public void generateTraceSpanName() {
     assertEquals(

From d50098f80647f5737c53fd7110bf5f79b9d05255 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Mon, 10 Nov 2025 14:23:03 -0800
Subject: [PATCH 446/591] s2a: Remove channel.awaitTermination() from S2A
 ChannelResource

awaitTermination() was always timing out, because when the channel
terminates it releases shared resources from a transport thread.
Releasing the reference count was blocked on the same lock that the
close() thread is holding. So it essentially deadlocked, except one
thread would eventually give up.

b/388769143
---
 .../channel/S2AHandshakerServiceChannel.java        | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
index b1ba88d1886..8453268efc0 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/channel/S2AHandshakerServiceChannel.java
@@ -24,9 +24,6 @@
 import io.grpc.ManagedChannel;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyChannelBuilder;
-import java.time.Duration;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
@@ -50,9 +47,6 @@
  */
 @ThreadSafe
 public final class S2AHandshakerServiceChannel {
-  private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10);
-  private static final Logger logger =
-          Logger.getLogger(S2AHandshakerServiceChannel.class.getName());
 
   /**
    * Returns a {@link SharedResourceHolder.Resource} instance for managing channels to an S2A server
@@ -101,13 +95,6 @@ public void close(Channel instanceChannel) {
       checkNotNull(instanceChannel);
       ManagedChannel channel = (ManagedChannel) instanceChannel;
       channel.shutdownNow();
-      try {
-        channel.awaitTermination(CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS);
-      } catch (InterruptedException e) {
-        Thread.currentThread().interrupt();
-        logger.log(Level.WARNING, "Channel to S2A was not shutdown.");
-      }
-
     }
 
     @Override

From da70387824ec77727397029f2bb1683050cb3531 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 10 Nov 2025 11:41:30 -0800
Subject: [PATCH 447/591] api: Document A18 TCP_USER_TIMEOUT handling for
 keepalive

Fixes #12487
---
 api/src/main/java/io/grpc/ManagedChannelBuilder.java | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/api/src/main/java/io/grpc/ManagedChannelBuilder.java b/api/src/main/java/io/grpc/ManagedChannelBuilder.java
index df867d09ba1..3f370ab3003 100644
--- a/api/src/main/java/io/grpc/ManagedChannelBuilder.java
+++ b/api/src/main/java/io/grpc/ManagedChannelBuilder.java
@@ -374,9 +374,17 @@ public T maxInboundMetadataSize(int bytes) {
    * notice when they are causing excessive load. Clients are strongly encouraged to use only as
    * small of a value as necessary.
    *
+   * <p>When the channel implementation supports TCP_USER_TIMEOUT, enabling keepalive will also
+   * enable TCP_USER_TIMEOUT for the connection. This requires <em>all</em> sent packets to receive
+   * a TCP acknowledgement before the keepalive timeout. The keepalive time is not used for
+   * TCP_USER_TIMEOUT, except as a signal to enable the feature. grpc-netty supports
+   * TCP_USER_TIMEOUT on Linux platforms supported by netty-transport-native-epoll.
+   *
    * @throws UnsupportedOperationException if unsupported
    * @see <a href="https://github.com/grpc/proposal/blob/master/A8-client-side-keepalive.md">gRFC A8
    *     Client-side Keepalive</a>
+   * @see <a href="https://github.com/grpc/proposal/blob/master/A18-tcp-user-timeout.md">gRFC A18
+   *     TCP User Timeout</a>
    * @since 1.7.0
    */
   public T keepAliveTime(long keepAliveTime, TimeUnit timeUnit) {
@@ -393,6 +401,8 @@ public T keepAliveTime(long keepAliveTime, TimeUnit timeUnit) {
    * @throws UnsupportedOperationException if unsupported
    * @see <a href="https://github.com/grpc/proposal/blob/master/A8-client-side-keepalive.md">gRFC A8
    *     Client-side Keepalive</a>
+   * @see <a href="https://github.com/grpc/proposal/blob/master/A18-tcp-user-timeout.md">gRFC A18
+   *     TCP User Timeout</a>
    * @since 1.7.0
    */
   public T keepAliveTimeout(long keepAliveTimeout, TimeUnit timeUnit) {

From 51611bad102657dddbc9d897a40a78af83871a99 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 11 Nov 2025 16:39:31 +0000
Subject: [PATCH 448/591] xds: Enable flags for CSM Cloud run gRPC Java
 (#12499)

Make default to true for the env vars
GRPC_EXPERIMENTAL_XDS_SNI
GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE
GRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS

and remove usage of the env var
GRPC_EXPERIMENTAL_XDS_GCP_AUTHENTICATION_FILTER and make it enabled.
---
 .../main/java/io/grpc/xds/FilterRegistry.java | 10 ++--------
 .../io/grpc/xds/GcpAuthenticationFilter.java  |  5 -----
 .../java/io/grpc/xds/XdsClusterResource.java  |  2 +-
 .../grpc/xds/XdsRouteConfigureResource.java   | 15 +++++++-------
 .../security/trust/CertificateUtils.java      |  2 +-
 .../grpc/xds/GcpAuthenticationFilterTest.java |  3 ++-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 20 ++++++++-----------
 .../test/java/io/grpc/xds/XdsTestUtils.java   | 10 +++++++---
 8 files changed, 28 insertions(+), 39 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/FilterRegistry.java b/xds/src/main/java/io/grpc/xds/FilterRegistry.java
index 1fbccea8000..da3a59fe8c1 100644
--- a/xds/src/main/java/io/grpc/xds/FilterRegistry.java
+++ b/xds/src/main/java/io/grpc/xds/FilterRegistry.java
@@ -17,7 +17,6 @@
 package io.grpc.xds;
 
 import com.google.common.annotations.VisibleForTesting;
-import io.grpc.internal.GrpcUtil;
 import java.util.HashMap;
 import java.util.Map;
 import javax.annotation.Nullable;
@@ -33,18 +32,13 @@ final class FilterRegistry {
 
   private FilterRegistry() {}
 
-  static boolean isEnabledGcpAuthnFilter =
-      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_GCP_AUTHENTICATION_FILTER", false);
-
   static synchronized FilterRegistry getDefaultRegistry() {
     if (instance == null) {
       instance = newRegistry().register(
               new FaultFilter.Provider(),
               new RouterFilter.Provider(),
-              new RbacFilter.Provider());
-      if (isEnabledGcpAuthnFilter) {
-        instance.register(new GcpAuthenticationFilter.Provider());
-      }
+              new RbacFilter.Provider(),
+              new GcpAuthenticationFilter.Provider());
     }
     return instance;
   }
diff --git a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
index dc133eaaf1a..8ec02f4f809 100644
--- a/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
+++ b/xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java
@@ -17,7 +17,6 @@
 package io.grpc.xds;
 
 import static com.google.common.base.Preconditions.checkNotNull;
-import static io.grpc.xds.FilterRegistry.isEnabledGcpAuthnFilter;
 import static io.grpc.xds.XdsNameResolver.CLUSTER_SELECTION_KEY;
 import static io.grpc.xds.XdsNameResolver.XDS_CONFIG_CALL_OPTION_KEY;
 
@@ -313,10 +312,6 @@ public String getTypeUrl() {
     public AudienceWrapper parse(Any any) throws ResourceInvalidException {
       Audience audience;
       try {
-        if (!isEnabledGcpAuthnFilter) {
-          throw new InvalidProtocolBufferException("Environment variable for GCP Authentication "
-              + "Filter is Not Set");
-        }
         audience = any.unpack(Audience.class);
       } catch (InvalidProtocolBufferException ex) {
         throw new ResourceInvalidException("Invalid Resource in address proto", ex);
diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index 54089491671..593aed4ef48 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -66,7 +66,7 @@ class XdsClusterResource extends XdsResourceType<CdsUpdate> {
               System.getProperty("io.grpc.xds.experimentalEnableLeastRequest", "true"));
   @VisibleForTesting
   public static boolean enableSystemRootCerts =
-      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS", false);
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS", true);
   static boolean isEnabledXdsHttpConnect =
       GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_HTTP_CONNECT", false);
 
diff --git a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
index 2ee326435c4..24ec0659b42 100644
--- a/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java
@@ -69,8 +69,8 @@
 
 class XdsRouteConfigureResource extends XdsResourceType<RdsUpdate> {
 
-  private static final String GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE =
-      "GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE";
+  private static final boolean isXdsAuthorityRewriteEnabled = GrpcUtil.getFlag(
+      "GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE", true);
   @VisibleForTesting
   static boolean enableRouteLookup = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_RLS_LB", true);
 
@@ -475,8 +475,8 @@ static StructOrError<RouteAction> parseRouteAction(
       case CLUSTER:
         return StructOrError.fromStruct(RouteAction.forCluster(
             proto.getCluster(), hashPolicies, timeoutNano, retryPolicy,
-            GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, false)
-            && args.getServerInfo().isTrustedXdsServer() && proto.getAutoHostRewrite().getValue()));
+            isXdsAuthorityRewriteEnabled && args.getServerInfo().isTrustedXdsServer()
+                && proto.getAutoHostRewrite().getValue()));
       case CLUSTER_HEADER:
         return null;
       case WEIGHTED_CLUSTERS:
@@ -510,8 +510,8 @@ static StructOrError<RouteAction> parseRouteAction(
         }
         return StructOrError.fromStruct(VirtualHost.Route.RouteAction.forWeightedClusters(
             weightedClusters, hashPolicies, timeoutNano, retryPolicy,
-            GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, false)
-            && args.getServerInfo().isTrustedXdsServer() && proto.getAutoHostRewrite().getValue()));
+            isXdsAuthorityRewriteEnabled && args.getServerInfo().isTrustedXdsServer()
+                && proto.getAutoHostRewrite().getValue()));
       case CLUSTER_SPECIFIER_PLUGIN:
         if (enableRouteLookup) {
           String pluginName = proto.getClusterSpecifierPlugin();
@@ -527,8 +527,7 @@ static StructOrError<RouteAction> parseRouteAction(
           NamedPluginConfig namedPluginConfig = NamedPluginConfig.create(pluginName, pluginConfig);
           return StructOrError.fromStruct(VirtualHost.Route.RouteAction.forClusterSpecifierPlugin(
               namedPluginConfig, hashPolicies, timeoutNano, retryPolicy,
-              GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE, false)
-              && args.getServerInfo().isTrustedXdsServer()
+              isXdsAuthorityRewriteEnabled && args.getServerInfo().isTrustedXdsServer()
                   && proto.getAutoHostRewrite().getValue()));
         } else {
           return null;
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
index 30535df836e..ad030143f62 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
@@ -30,7 +30,7 @@
  * Contains certificate utility method(s).
  */
 public final class CertificateUtils {
-  public static boolean isXdsSniEnabled = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SNI", false);
+  public static boolean isXdsSniEnabled = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SNI", true);
   public static boolean useChannelAuthorityIfNoSniApplicable
       = GrpcUtil.getFlag("GRPC_USE_CHANNEL_AUTHORITY_IF_NO_SNI_APPLICABLE", false);
 
diff --git a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
index 7f203e036b7..f252c6f4ec1 100644
--- a/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
+++ b/xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java
@@ -468,7 +468,8 @@ private static LdsUpdate getLdsUpdate() {
   private static RdsUpdate getRdsUpdate() {
     RouteConfiguration routeConfiguration =
         buildRouteConfiguration("my-server", RDS_NAME, CLUSTER_NAME);
-    XdsResourceType.Args args = new XdsResourceType.Args(null, "0", "0", null, null, null);
+    XdsResourceType.Args args = new XdsResourceType.Args(
+        XdsTestUtils.EMPTY_BOOTSTRAPPER_SERVER_INFO, "0", "0", null, null, null);
     try {
       return XdsRouteConfigureResource.getInstance().doParse(args, routeConfiguration);
     } catch (ResourceInvalidException ex) {
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 2c75ee04d91..0af64755969 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -568,7 +568,7 @@ public void parseRouteAction_withCluster_flagDisabled_autoHostRewriteNotEnabled(
     assertThat(struct.getErrorDetail()).isNull();
     assertThat(struct.getStruct().cluster()).isEqualTo("cluster-foo");
     assertThat(struct.getStruct().weightedClusters()).isNull();
-    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
+    assertThat(struct.getStruct().autoHostRewrite()).isTrue();
   }
 
   @Test
@@ -656,7 +656,7 @@ public void parseRouteAction_withWeightedCluster_flagDisabled_autoHostRewriteDis
     assertThat(struct.getStruct().weightedClusters()).containsExactly(
         ClusterWeight.create("cluster-foo", 30, ImmutableMap.<String, FilterConfig>of()),
         ClusterWeight.create("cluster-bar", 70, ImmutableMap.<String, FilterConfig>of()));
-    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
+    assertThat(struct.getStruct().autoHostRewrite()).isTrue();
   }
 
   @Test
@@ -1038,7 +1038,7 @@ public void parseRouteAction_clusterSpecifier_flagDisabled_autoHostRewriteDisabl
                 ImmutableMap.of("lookupService", "rls-cbt.googleapis.com"))), ImmutableSet.of(),
             getXdsResourceTypeArgs(true));
     assertThat(struct.getStruct()).isNotNull();
-    assertThat(struct.getStruct().autoHostRewrite()).isFalse();
+    assertThat(struct.getStruct().autoHostRewrite()).isTrue();
   }
 
   @Test
@@ -2447,7 +2447,6 @@ public Object parse(Any value) {
 
   @Test
   public void processCluster_parsesAudienceMetadata() throws Exception {
-    FilterRegistry.isEnabledGcpAuthnFilter = true;
     MetadataRegistry.getInstance();
 
     Audience audience = Audience.newBuilder()
@@ -2491,14 +2490,11 @@ public void processCluster_parsesAudienceMetadata() throws Exception {
         "FILTER_METADATA", ImmutableMap.of(
             "key1", "value1",
             "key2", 42.0));
-    try {
-      assertThat(update.parsedMetadata().get("FILTER_METADATA"))
-          .isEqualTo(expectedParsedMetadata.get("FILTER_METADATA"));
-      assertThat(update.parsedMetadata().get("AUDIENCE_METADATA"))
-          .isInstanceOf(AudienceWrapper.class);
-    } finally {
-      FilterRegistry.isEnabledGcpAuthnFilter = false;
-    }
+
+    assertThat(update.parsedMetadata().get("FILTER_METADATA"))
+        .isEqualTo(expectedParsedMetadata.get("FILTER_METADATA"));
+    assertThat(update.parsedMetadata().get("AUDIENCE_METADATA"))
+        .isInstanceOf(AudienceWrapper.class);
   }
 
   @Test
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index 63bd139c2cd..becfe00c79b 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -47,6 +47,7 @@
 import io.grpc.BindableService;
 import io.grpc.Context;
 import io.grpc.Context.CancellationListener;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.StatusOr;
 import io.grpc.internal.ExponentialBackoffPolicy;
 import io.grpc.internal.FakeClock;
@@ -84,6 +85,9 @@ public class XdsTestUtils {
   static final String HTTP_CONNECTION_MANAGER_TYPE_URL =
       "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3"
           + ".HttpConnectionManager";
+  static final Bootstrapper.ServerInfo EMPTY_BOOTSTRAPPER_SERVER_INFO =
+      Bootstrapper.ServerInfo.create(
+      "td.googleapis.com", InsecureChannelCredentials.create(), false, true, false);
   public static final String ENDPOINT_HOSTNAME = "data-host";
   public static final int ENDPOINT_PORT = 1234;
 
@@ -247,8 +251,8 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
 
     RouteConfiguration routeConfiguration =
         buildRouteConfiguration(serverHostName, RDS_NAME, CLUSTER_NAME);
-    Bootstrapper.ServerInfo serverInfo = null;
-    XdsResourceType.Args args = new XdsResourceType.Args(serverInfo, "0", "0", null, null, null);
+    XdsResourceType.Args args = new XdsResourceType.Args(
+        EMPTY_BOOTSTRAPPER_SERVER_INFO, "0", "0", null, null, null);
     XdsRouteConfigureResource.RdsUpdate rdsUpdate =
         XdsRouteConfigureResource.getInstance().doParse(args, routeConfiguration);
 
@@ -268,7 +272,7 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
     XdsEndpointResource.EdsUpdate edsUpdate = new XdsEndpointResource.EdsUpdate(
         EDS_NAME, lbEndpointsMap, Collections.emptyList());
     XdsClusterResource.CdsUpdate cdsUpdate = XdsClusterResource.CdsUpdate.forEds(
-        CLUSTER_NAME, EDS_NAME, serverInfo, null, null, null, false, null)
+        CLUSTER_NAME, EDS_NAME, null, null, null, null, false, null)
         .lbPolicyConfig(getWrrLbConfigAsMap()).build();
     XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
         CLUSTER_NAME, cdsUpdate, new EndpointConfig(StatusOr.fromValue(edsUpdate)));

From 2f64092b8a5a07dad83ce710c12aede0fe84ccee Mon Sep 17 00:00:00 2001
From: Mike Kruskal <62662355+mkruskal-google@users.noreply.github.com>
Date: Tue, 11 Nov 2025 15:38:33 -0800
Subject: [PATCH 449/591] compiler: Update maximum supported edition to
 EDITION_2024

gRPC doesn't do anything sensitive to the new 2024 features, but it does
need a new enough libprotoc.
---
 compiler/src/java_plugin/cpp/java_plugin.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/compiler/src/java_plugin/cpp/java_plugin.cpp b/compiler/src/java_plugin/cpp/java_plugin.cpp
index a595a6a6896..4b02d6e9884 100644
--- a/compiler/src/java_plugin/cpp/java_plugin.cpp
+++ b/compiler/src/java_plugin/cpp/java_plugin.cpp
@@ -58,7 +58,11 @@ class JavaGrpcGenerator : public protobuf::compiler::CodeGenerator {
     return protobuf::Edition::EDITION_PROTO2;
   }
   protobuf::Edition GetMaximumEdition() const override {
+#if GOOGLE_PROTOBUF_VERSION >= 6032000
+    return protobuf::Edition::EDITION_2024;
+#else
     return protobuf::Edition::EDITION_2023;
+#endif
   }
   std::vector<const protobuf::FieldDescriptor*> GetFeatureExtensions()
       const override {

From e2d5bad905ae0f3673ca076a37c5f3cbb323e341 Mon Sep 17 00:00:00 2001
From: srkethireddy <73372452+srkethireddy@users.noreply.github.com>
Date: Wed, 12 Nov 2025 10:39:33 -0800
Subject: [PATCH 450/591] alts: Metadata server address modification to account
 for default port

Fixing the utilization of the GCE Metadata host server address
environment variable to account for the case where the user does not
specify a port (defaults to port 8080)

b/451639946
---
 .../grpc/alts/HandshakerServiceChannel.java   | 27 ++++++++++++++-----
 .../alts/HandshakerServiceChannelTest.java    | 18 +++++++++++++
 2 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
index f03cc6f8c94..5e32d22d901 100644
--- a/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
+++ b/alts/src/main/java/io/grpc/alts/HandshakerServiceChannel.java
@@ -16,7 +16,6 @@
 
 package io.grpc.alts;
 
-import com.google.common.base.MoreObjects;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ClientCall;
@@ -38,13 +37,29 @@
  * application will have at most one connection to the handshaker service.
  */
 final class HandshakerServiceChannel {
+  // Port 8080 is necessary for ALTS handshake.
+  private static final int ALTS_PORT = 8080;
+  private static final String DEFAULT_TARGET = "metadata.google.internal.:8080";
 
   static final Resource<Channel> SHARED_HANDSHAKER_CHANNEL =
-      new ChannelResource(
-          MoreObjects.firstNonNull(
-              System.getenv("GCE_METADATA_HOST"), "metadata.google.internal.:8080"));
-
-
+      new ChannelResource(getHandshakerTarget(System.getenv("GCE_METADATA_HOST")));
+  
+  /**
+   * Returns handshaker target. When GCE_METADATA_HOST is provided, it might contain port which we
+   * will discard and use ALTS_PORT instead.
+   */
+  static String getHandshakerTarget(String envValue) {
+    if (envValue == null || envValue.isEmpty()) {
+      return DEFAULT_TARGET;
+    }
+    String host = envValue;
+    int portIndex = host.lastIndexOf(':');
+    if (portIndex != -1) {
+      host = host.substring(0, portIndex); // Discard port if specified
+    }
+    return host + ":" + ALTS_PORT; // Utilize ALTS port in all cases
+  }
+  
   /** Returns a resource of handshaker service channel for testing only. */
   static Resource<Channel> getHandshakerChannelForTesting(String handshakerAddress) {
     return new ChannelResource(handshakerAddress);
diff --git a/alts/src/test/java/io/grpc/alts/HandshakerServiceChannelTest.java b/alts/src/test/java/io/grpc/alts/HandshakerServiceChannelTest.java
index a3937904cd7..221001157f1 100644
--- a/alts/src/test/java/io/grpc/alts/HandshakerServiceChannelTest.java
+++ b/alts/src/test/java/io/grpc/alts/HandshakerServiceChannelTest.java
@@ -67,6 +67,24 @@ public void sharedChannel_authority() {
     }
   }
 
+  @Test
+  public void getHandshakerTarget_nullEnvVar() {
+    assertThat(HandshakerServiceChannel.getHandshakerTarget(null))
+        .isEqualTo("metadata.google.internal.:8080");
+  }
+
+  @Test
+  public void getHandshakerTarget_envVarWithPort() {
+    assertThat(HandshakerServiceChannel.getHandshakerTarget("169.254.169.254:80"))
+        .isEqualTo("169.254.169.254:8080");
+  }
+
+  @Test
+  public void getHandshakerTarget_envVarWithHostOnly() {
+    assertThat(HandshakerServiceChannel.getHandshakerTarget("169.254.169.254"))
+        .isEqualTo("169.254.169.254:8080");
+  }
+  
   @Test
   public void resource_works() {
     Channel channel = resource.create();

From cb73f217ee687106fb87cd2627bd5402e5acd5cc Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 12 Nov 2025 11:34:58 -0800
Subject: [PATCH 451/591] core: Release lock before closing shared resource

If a resource has dependencies that also use SharedResourceHolder, and
its close() blocks waiting for processing on another thread, then the
threads could become deadlocked on the SharedResourceHolder lock. Our
answer should be "don't block," but it's also good to avoid calling
arbitrary code with a lock held.

create() is still called with the lock held, but that seems less likely
to do work on another thread, and it is harder to avoid the lock.
close() is very easy to call without the lock.

See d50098f80 and b/458736211
---
 .../grpc/internal/SharedResourceHolder.java   | 18 ++++----
 .../internal/SharedResourceHolderTest.java    | 42 +++++++++++++++++++
 2 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/SharedResourceHolder.java b/core/src/main/java/io/grpc/internal/SharedResourceHolder.java
index 67d1a98b545..1dfa1f90718 100644
--- a/core/src/main/java/io/grpc/internal/SharedResourceHolder.java
+++ b/core/src/main/java/io/grpc/internal/SharedResourceHolder.java
@@ -134,18 +134,16 @@ synchronized <T> T releaseInternal(final Resource<T> resource, final T instance)
         public void run() {
           synchronized (SharedResourceHolder.this) {
             // Refcount may have gone up since the task was scheduled. Re-check it.
-            if (cached.refcount == 0) {
-              try {
-                resource.close(instance);
-              } finally {
-                instances.remove(resource);
-                if (instances.isEmpty()) {
-                  destroyer.shutdown();
-                  destroyer = null;
-                }
-              }
+            if (cached.refcount != 0) {
+              return;
+            }
+            instances.remove(resource);
+            if (instances.isEmpty()) {
+              destroyer.shutdown();
+              destroyer = null;
             }
           }
+          resource.close(instance);
         }
       }), DESTROY_DELAY_SECONDS, TimeUnit.SECONDS);
     }
diff --git a/core/src/test/java/io/grpc/internal/SharedResourceHolderTest.java b/core/src/test/java/io/grpc/internal/SharedResourceHolderTest.java
index d27195e2490..692b22a0a68 100644
--- a/core/src/test/java/io/grpc/internal/SharedResourceHolderTest.java
+++ b/core/src/test/java/io/grpc/internal/SharedResourceHolderTest.java
@@ -30,7 +30,9 @@
 
 import io.grpc.internal.SharedResourceHolder.Resource;
 import java.util.LinkedList;
+import java.util.concurrent.CyclicBarrier;
 import java.util.concurrent.Delayed;
+import java.util.concurrent.FutureTask;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
@@ -201,6 +203,46 @@ public void close(ResourceInstance instance) {
     assertNotSame(instance, holder.getInternal(resource));
   }
 
+  @Test(timeout = 5000)
+  public void closeRunsConcurrently() throws Exception {
+    CyclicBarrier barrier = new CyclicBarrier(2);
+    class SlowResource implements Resource<ResourceInstance> {
+      @Override
+      public ResourceInstance create() {
+        return new ResourceInstance();
+      }
+
+      @Override
+      public void close(ResourceInstance instance) {
+        instance.closed = true;
+        try {
+          barrier.await();
+          barrier.await();
+        } catch (Exception ex) {
+          throw new AssertionError(ex);
+        }
+      }
+    }
+
+    Resource<ResourceInstance> resource = new SlowResource();
+    ResourceInstance instance = holder.getInternal(resource);
+    holder.releaseInternal(resource, instance);
+    MockScheduledFuture<?> scheduledDestroyTask = scheduledDestroyTasks.poll();
+    FutureTask<Void> runTask = new FutureTask<>(scheduledDestroyTask::runTask, null);
+    Thread t = new Thread(runTask);
+    t.start();
+
+    barrier.await(); // Ensure the other thread has blocked
+    assertTrue(instance.closed);
+    instance = holder.getInternal(resource);
+    assertFalse(instance.closed);
+    holder.releaseInternal(resource, instance);
+
+    barrier.await(); // Resume the other thread
+    t.join();
+    runTask.get(); // Check for exception
+  }
+
   private class MockExecutorFactory implements
       SharedResourceHolder.ScheduledExecutorFactory {
     @Override

From bbc0aa369f4972f5aa639c6632c16a35a70cc576 Mon Sep 17 00:00:00 2001
From: devalkone <devalkone@gmail.com>
Date: Wed, 5 Nov 2025 14:26:31 +0300
Subject: [PATCH 452/591] api,netty: Add custom header support for HTTP CONNECT
 proxy

Allow users to specify custom HTTP headers when connecting through
an HTTP CONNECT proxy. This extends HttpConnectProxiedSocketAddress
with an optional headers field (Map<String, String>), which is
converted to Netty's HttpHeaders in the protocol negotiator.

This change is fully backward-compatible. Existing code without
headers continues to work as before.

Fixes #9826
---
 .../grpc/HttpConnectProxiedSocketAddress.java |  35 ++-
 .../HttpConnectProxiedSocketAddressTest.java  | 248 ++++++++++++++++++
 .../io/grpc/netty/NettyChannelBuilder.java    |   1 +
 .../io/grpc/netty/ProtocolNegotiators.java    |  32 ++-
 .../grpc/netty/ProtocolNegotiatorsTest.java   |  83 +++++-
 5 files changed, 388 insertions(+), 11 deletions(-)
 create mode 100644 api/src/test/java/io/grpc/HttpConnectProxiedSocketAddressTest.java

diff --git a/api/src/main/java/io/grpc/HttpConnectProxiedSocketAddress.java b/api/src/main/java/io/grpc/HttpConnectProxiedSocketAddress.java
index d59c53db1d1..0df8dc452c1 100644
--- a/api/src/main/java/io/grpc/HttpConnectProxiedSocketAddress.java
+++ b/api/src/main/java/io/grpc/HttpConnectProxiedSocketAddress.java
@@ -23,6 +23,9 @@
 import com.google.common.base.Objects;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import javax.annotation.Nullable;
 
 /**
@@ -33,6 +36,8 @@ public final class HttpConnectProxiedSocketAddress extends ProxiedSocketAddress
 
   private final SocketAddress proxyAddress;
   private final InetSocketAddress targetAddress;
+  @SuppressWarnings("serial")
+  private final Map<String, String> headers;
   @Nullable
   private final String username;
   @Nullable
@@ -41,6 +46,7 @@ public final class HttpConnectProxiedSocketAddress extends ProxiedSocketAddress
   private HttpConnectProxiedSocketAddress(
       SocketAddress proxyAddress,
       InetSocketAddress targetAddress,
+      Map<String, String> headers,
       @Nullable String username,
       @Nullable String password) {
     checkNotNull(proxyAddress, "proxyAddress");
@@ -53,6 +59,7 @@ private HttpConnectProxiedSocketAddress(
     }
     this.proxyAddress = proxyAddress;
     this.targetAddress = targetAddress;
+    this.headers = headers;
     this.username = username;
     this.password = password;
   }
@@ -87,6 +94,14 @@ public InetSocketAddress getTargetAddress() {
     return targetAddress;
   }
 
+  /**
+   * Returns the custom HTTP headers to be sent during the HTTP CONNECT handshake.
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/12479")
+  public Map<String, String> getHeaders() {
+    return headers;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (!(o instanceof HttpConnectProxiedSocketAddress)) {
@@ -95,13 +110,14 @@ public boolean equals(Object o) {
     HttpConnectProxiedSocketAddress that = (HttpConnectProxiedSocketAddress) o;
     return Objects.equal(proxyAddress, that.proxyAddress)
         && Objects.equal(targetAddress, that.targetAddress)
+        && Objects.equal(headers, that.headers)
         && Objects.equal(username, that.username)
         && Objects.equal(password, that.password);
   }
 
   @Override
   public int hashCode() {
-    return Objects.hashCode(proxyAddress, targetAddress, username, password);
+    return Objects.hashCode(proxyAddress, targetAddress, username, password, headers);
   }
 
   @Override
@@ -109,6 +125,7 @@ public String toString() {
     return MoreObjects.toStringHelper(this)
         .add("proxyAddr", proxyAddress)
         .add("targetAddr", targetAddress)
+        .add("headers", headers)
         .add("username", username)
         // Intentionally mask out password
         .add("hasPassword", password != null)
@@ -129,6 +146,7 @@ public static final class Builder {
 
     private SocketAddress proxyAddress;
     private InetSocketAddress targetAddress;
+    private Map<String, String> headers = Collections.emptyMap();
     @Nullable
     private String username;
     @Nullable
@@ -153,6 +171,18 @@ public Builder setTargetAddress(InetSocketAddress targetAddress) {
       return this;
     }
 
+    /**
+     * Sets custom HTTP headers to be sent during the HTTP CONNECT handshake. This is an optional
+     * field. The headers will be sent in addition to any authentication headers (if username and
+     * password are set).
+     */
+    @ExperimentalApi("https://github.com/grpc/grpc-java/issues/12479")
+    public Builder setHeaders(Map<String, String> headers) {
+      this.headers = Collections.unmodifiableMap(
+          new HashMap<>(checkNotNull(headers, "headers")));
+      return this;
+    }
+
     /**
      * Sets the username used to connect to the proxy.  This is an optional field and can be {@code
      * null}.
@@ -175,7 +205,8 @@ public Builder setPassword(@Nullable String password) {
      * Creates an {@code HttpConnectProxiedSocketAddress}.
      */
     public HttpConnectProxiedSocketAddress build() {
-      return new HttpConnectProxiedSocketAddress(proxyAddress, targetAddress, username, password);
+      return new HttpConnectProxiedSocketAddress(
+          proxyAddress, targetAddress, headers, username, password);
     }
   }
 }
diff --git a/api/src/test/java/io/grpc/HttpConnectProxiedSocketAddressTest.java b/api/src/test/java/io/grpc/HttpConnectProxiedSocketAddressTest.java
new file mode 100644
index 00000000000..6620a7d413a
--- /dev/null
+++ b/api/src/test/java/io/grpc/HttpConnectProxiedSocketAddressTest.java
@@ -0,0 +1,248 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertThrows;
+
+import com.google.common.testing.EqualsTester;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class HttpConnectProxiedSocketAddressTest {
+
+  private final InetSocketAddress proxyAddress = 
+      new InetSocketAddress(InetAddress.getLoopbackAddress(), 8080);
+  private final InetSocketAddress targetAddress = 
+      InetSocketAddress.createUnresolved("example.com", 443);
+
+  @Test
+  public void buildWithAllFields() {
+    Map<String, String> headers = new HashMap<>();
+    headers.put("X-Custom-Header", "custom-value");
+    headers.put("Proxy-Authorization", "Bearer token");
+
+    HttpConnectProxiedSocketAddress address = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .setHeaders(headers)
+        .setUsername("user")
+        .setPassword("pass")
+        .build();
+
+    assertThat(address.getProxyAddress()).isEqualTo(proxyAddress);
+    assertThat(address.getTargetAddress()).isEqualTo(targetAddress);
+    assertThat(address.getHeaders()).hasSize(2);
+    assertThat(address.getHeaders()).containsEntry("X-Custom-Header", "custom-value");
+    assertThat(address.getHeaders()).containsEntry("Proxy-Authorization", "Bearer token");
+    assertThat(address.getUsername()).isEqualTo("user");
+    assertThat(address.getPassword()).isEqualTo("pass");
+  }
+
+  @Test
+  public void buildWithoutOptionalFields() {
+    HttpConnectProxiedSocketAddress address = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .build();
+
+    assertThat(address.getProxyAddress()).isEqualTo(proxyAddress);
+    assertThat(address.getTargetAddress()).isEqualTo(targetAddress);
+    assertThat(address.getHeaders()).isEmpty();
+    assertThat(address.getUsername()).isNull();
+    assertThat(address.getPassword()).isNull();
+  }
+
+  @Test
+  public void buildWithEmptyHeaders() {
+    HttpConnectProxiedSocketAddress address = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .setHeaders(Collections.emptyMap())
+        .build();
+
+    assertThat(address.getHeaders()).isEmpty();
+  }
+
+  @Test
+  public void headersAreImmutable() {
+    Map<String, String> headers = new HashMap<>();
+    headers.put("key1", "value1");
+
+    HttpConnectProxiedSocketAddress address = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .setHeaders(headers)
+        .build();
+
+    headers.put("key2", "value2");
+
+    assertThat(address.getHeaders()).hasSize(1);
+    assertThat(address.getHeaders()).containsEntry("key1", "value1");
+    assertThat(address.getHeaders()).doesNotContainKey("key2");
+  }
+
+  @Test
+  public void returnedHeadersAreUnmodifiable() {
+    Map<String, String> headers = new HashMap<>();
+    headers.put("key", "value");
+
+    HttpConnectProxiedSocketAddress address = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .setHeaders(headers)
+        .build();
+
+    assertThrows(UnsupportedOperationException.class,
+        () -> address.getHeaders().put("newKey", "newValue"));
+  }
+
+  @Test
+  public void nullHeadersThrowsException() {
+    assertThrows(NullPointerException.class,
+        () -> HttpConnectProxiedSocketAddress.newBuilder()
+            .setProxyAddress(proxyAddress)
+            .setTargetAddress(targetAddress)
+            .setHeaders(null)
+            .build());
+  }
+
+  @Test
+  public void equalsAndHashCode() {
+    Map<String, String> headers1 = new HashMap<>();
+    headers1.put("header", "value");
+
+    Map<String, String> headers2 = new HashMap<>();
+    headers2.put("header", "value");
+
+    Map<String, String> differentHeaders = new HashMap<>();
+    differentHeaders.put("different", "header");
+
+    new EqualsTester()
+        .addEqualityGroup(
+            HttpConnectProxiedSocketAddress.newBuilder()
+                .setProxyAddress(proxyAddress)
+                .setTargetAddress(targetAddress)
+                .setHeaders(headers1)
+                .setUsername("user")
+                .setPassword("pass")
+                .build(),
+            HttpConnectProxiedSocketAddress.newBuilder()
+                .setProxyAddress(proxyAddress)
+                .setTargetAddress(targetAddress)
+                .setHeaders(headers2)
+                .setUsername("user")
+                .setPassword("pass")
+                .build())
+        .addEqualityGroup(
+            HttpConnectProxiedSocketAddress.newBuilder()
+                .setProxyAddress(proxyAddress)
+                .setTargetAddress(targetAddress)
+                .setHeaders(differentHeaders)
+                .setUsername("user")
+                .setPassword("pass")
+                .build())
+        .addEqualityGroup(
+            HttpConnectProxiedSocketAddress.newBuilder()
+                .setProxyAddress(proxyAddress)
+                .setTargetAddress(targetAddress)
+                .build())
+        .testEquals();
+  }
+
+  @Test
+  public void toStringContainsHeaders() {
+    Map<String, String> headers = new HashMap<>();
+    headers.put("X-Test", "test-value");
+
+    HttpConnectProxiedSocketAddress address = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .setHeaders(headers)
+        .setUsername("user")
+        .setPassword("secret")
+        .build();
+
+    String toString = address.toString();
+    assertThat(toString).contains("headers");
+    assertThat(toString).contains("X-Test");
+    assertThat(toString).contains("hasPassword=true");
+    assertThat(toString).doesNotContain("secret");
+  }
+
+  @Test
+  public void toStringWithoutPassword() {
+    HttpConnectProxiedSocketAddress address = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .build();
+
+    String toString = address.toString();
+    assertThat(toString).contains("hasPassword=false");
+  }
+
+  @Test
+  public void hashCodeDependsOnHeaders() {
+    Map<String, String> headers1 = new HashMap<>();
+    headers1.put("header", "value1");
+
+    Map<String, String> headers2 = new HashMap<>();
+    headers2.put("header", "value2");
+
+    HttpConnectProxiedSocketAddress address1 = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .setHeaders(headers1)
+        .build();
+
+    HttpConnectProxiedSocketAddress address2 = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .setHeaders(headers2)
+        .build();
+
+    assertNotEquals(address1.hashCode(), address2.hashCode());
+  }
+
+  @Test
+  public void multipleHeadersSupported() {
+    Map<String, String> headers = new HashMap<>();
+    headers.put("X-Header-1", "value1");
+    headers.put("X-Header-2", "value2");
+    headers.put("X-Header-3", "value3");
+
+    HttpConnectProxiedSocketAddress address = HttpConnectProxiedSocketAddress.newBuilder()
+        .setProxyAddress(proxyAddress)
+        .setTargetAddress(targetAddress)
+        .setHeaders(headers)
+        .build();
+
+    assertThat(address.getHeaders()).hasSize(3);
+    assertThat(address.getHeaders()).containsEntry("X-Header-1", "value1");
+    assertThat(address.getHeaders()).containsEntry("X-Header-2", "value2");
+    assertThat(address.getHeaders()).containsEntry("X-Header-3", "value3");
+  }
+}
+
diff --git a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
index 2db5ab20a91..258aa15b005 100644
--- a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
@@ -818,6 +818,7 @@ public ConnectionClientTransport newClientTransport(
         serverAddress = proxiedAddr.getTargetAddress();
         localNegotiator = ProtocolNegotiators.httpProxy(
             proxiedAddr.getProxyAddress(),
+            proxiedAddr.getHeaders(),
             proxiedAddr.getUsername(),
             proxiedAddr.getPassword(),
             protocolNegotiator);
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
index d30a6292d38..9323c58aae1 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -51,10 +51,12 @@
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelInboundHandlerAdapter;
+import io.netty.handler.codec.http.DefaultHttpHeaders;
 import io.netty.handler.codec.http.DefaultHttpRequest;
 import io.netty.handler.codec.http.HttpClientCodec;
 import io.netty.handler.codec.http.HttpClientUpgradeHandler;
 import io.netty.handler.codec.http.HttpHeaderNames;
+import io.netty.handler.codec.http.HttpHeaders;
 import io.netty.handler.codec.http.HttpMethod;
 import io.netty.handler.codec.http.HttpVersion;
 import io.netty.handler.codec.http2.Http2ClientUpgradeCodec;
@@ -77,6 +79,7 @@
 import java.util.Arrays;
 import java.util.EnumSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
@@ -484,7 +487,8 @@ private void fireProtocolNegotiationEvent(ChannelHandlerContext ctx, SSLSession
    * Returns a {@link ProtocolNegotiator} that does HTTP CONNECT proxy negotiation.
    */
   public static ProtocolNegotiator httpProxy(final SocketAddress proxyAddress,
-      final @Nullable String proxyUsername, final @Nullable String proxyPassword,
+      final @Nullable Map<String, String> headers, final @Nullable String proxyUsername,
+      final @Nullable String proxyPassword,
       final ProtocolNegotiator negotiator) {
     Preconditions.checkNotNull(negotiator, "negotiator");
     Preconditions.checkNotNull(proxyAddress, "proxyAddress");
@@ -494,8 +498,9 @@ class ProxyNegotiator implements ProtocolNegotiator {
       public ChannelHandler newHandler(GrpcHttp2ConnectionHandler http2Handler) {
         ChannelHandler protocolNegotiationHandler = negotiator.newHandler(http2Handler);
         ChannelLogger negotiationLogger = http2Handler.getNegotiationLogger();
+        HttpHeaders httpHeaders = toHttpHeaders(headers);
         return new ProxyProtocolNegotiationHandler(
-            proxyAddress, proxyUsername, proxyPassword, protocolNegotiationHandler,
+            proxyAddress, httpHeaders, proxyUsername, proxyPassword, protocolNegotiationHandler,
             negotiationLogger);
       }
 
@@ -515,6 +520,22 @@ public void close() {
     return new ProxyNegotiator();
   }
 
+  /**
+   * Converts generic Map of headers to Netty's HttpHeaders.
+   * Returns null if the map is null or empty.
+   */
+  @Nullable
+  private static HttpHeaders toHttpHeaders(@Nullable Map<String, String> headers) {
+    if (headers == null || headers.isEmpty()) {
+      return null;
+    }
+    HttpHeaders httpHeaders = new DefaultHttpHeaders();
+    for (Map.Entry<String, String> entry : headers.entrySet()) {
+      httpHeaders.add(entry.getKey(), entry.getValue());
+    }
+    return httpHeaders;
+  }
+
   /**
    * A Proxy handler follows {@link ProtocolNegotiationHandler} pattern. Upon successful proxy
    * connection, this handler will install {@code next} handler which should be a handler from
@@ -523,17 +544,20 @@ public void close() {
   static final class ProxyProtocolNegotiationHandler extends ProtocolNegotiationHandler {
 
     private final SocketAddress address;
+    @Nullable private final HttpHeaders httpHeaders;
     @Nullable private final String userName;
     @Nullable private final String password;
 
     public ProxyProtocolNegotiationHandler(
         SocketAddress address,
+        @Nullable HttpHeaders httpHeaders,
         @Nullable String userName,
         @Nullable String password,
         ChannelHandler next,
         ChannelLogger negotiationLogger) {
       super(next, negotiationLogger);
       this.address = Preconditions.checkNotNull(address, "address");
+      this.httpHeaders = httpHeaders;
       this.userName = userName;
       this.password = password;
     }
@@ -542,9 +566,9 @@ public ProxyProtocolNegotiationHandler(
     protected void protocolNegotiationEventTriggered(ChannelHandlerContext ctx) {
       HttpProxyHandler nettyProxyHandler;
       if (userName == null || password == null) {
-        nettyProxyHandler = new HttpProxyHandler(address);
+        nettyProxyHandler = new HttpProxyHandler(address, httpHeaders);
       } else {
-        nettyProxyHandler = new HttpProxyHandler(address, userName, password);
+        nettyProxyHandler = new HttpProxyHandler(address, userName, password, httpHeaders);
       }
       ctx.pipeline().addBefore(ctx.name(), /* name= */ null, nettyProxyHandler);
     }
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 9bb5a43d792..cde33139965 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -126,6 +126,7 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Queue;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
@@ -1088,20 +1089,21 @@ public void tls_invalidHost() throws SSLException {
   @Test
   public void httpProxy_nullAddressNpe() {
     assertThrows(NullPointerException.class,
-        () -> ProtocolNegotiators.httpProxy(null, "user", "pass", ProtocolNegotiators.plaintext()));
+        () -> ProtocolNegotiators.httpProxy(null, null, "user", "pass", 
+            ProtocolNegotiators.plaintext()));
   }
 
   @Test
   public void httpProxy_nullNegotiatorNpe() {
     assertThrows(NullPointerException.class,
         () -> ProtocolNegotiators.httpProxy(
-            InetSocketAddress.createUnresolved("localhost", 80), "user", "pass", null));
+            InetSocketAddress.createUnresolved("localhost", 80), null, "user", "pass", null));
   }
 
   @Test
   public void httpProxy_nullUserPassNoException() throws Exception {
     assertNotNull(ProtocolNegotiators.httpProxy(
-        InetSocketAddress.createUnresolved("localhost", 80), null, null,
+        InetSocketAddress.createUnresolved("localhost", 80), null, null, null,
         ProtocolNegotiators.plaintext()));
   }
 
@@ -1119,7 +1121,7 @@ public void httpProxy_completes() throws Exception {
         .bind(proxy).sync().channel();
 
     ProtocolNegotiator nego =
-        ProtocolNegotiators.httpProxy(proxy, null, null, ProtocolNegotiators.plaintext());
+        ProtocolNegotiators.httpProxy(proxy, null, null, null, ProtocolNegotiators.plaintext());
     // normally NettyClientTransport will add WBAEH which kick start the ProtocolNegotiation,
     // mocking the behavior using KickStartHandler.
     ChannelHandler handler =
@@ -1182,7 +1184,7 @@ public void httpProxy_500() throws Exception {
         .bind(proxy).sync().channel();
 
     ProtocolNegotiator nego =
-        ProtocolNegotiators.httpProxy(proxy, null, null, ProtocolNegotiators.plaintext());
+        ProtocolNegotiators.httpProxy(proxy, null, null, null, ProtocolNegotiators.plaintext());
     // normally NettyClientTransport will add WBAEH which kick start the ProtocolNegotiation,
     // mocking the behavior using KickStartHandler.
     ChannelHandler handler =
@@ -1220,6 +1222,77 @@ public void httpProxy_500() throws Exception {
     }
   }
 
+  @Test
+  public void httpProxy_customHeaders() throws Exception {
+    DefaultEventLoopGroup elg = new DefaultEventLoopGroup(1);
+    // ProxyHandler is incompatible with EmbeddedChannel because when channelRegistered() is called
+    // the channel is already active.
+    LocalAddress proxy = new LocalAddress("httpProxy_customHeaders");
+    SocketAddress host = InetSocketAddress.createUnresolved("example.com", 443);
+
+    ChannelInboundHandler mockHandler = mock(ChannelInboundHandler.class);
+    Channel serverChannel = new ServerBootstrap().group(elg).channel(LocalServerChannel.class)
+        .childHandler(mockHandler)
+        .bind(proxy).sync().channel();
+
+    Map<String, String> headers = new java.util.HashMap<>();
+    headers.put("X-Custom-Header", "custom-value");
+    headers.put("Proxy-Authorization", "Bearer token123");
+
+    ProtocolNegotiator nego = ProtocolNegotiators.httpProxy(
+        proxy, headers, null, null, ProtocolNegotiators.plaintext());
+    // normally NettyClientTransport will add WBAEH which kick start the ProtocolNegotiation,
+    // mocking the behavior using KickStartHandler.
+    ChannelHandler handler =
+        new KickStartHandler(nego.newHandler(FakeGrpcHttp2ConnectionHandler.noopHandler()));
+    Channel channel = new Bootstrap().group(elg).channel(LocalChannel.class).handler(handler)
+        .register().sync().channel();
+    pipeline = channel.pipeline();
+    // Wait for initialization to complete
+    channel.eventLoop().submit(NOOP_RUNNABLE).sync();
+    channel.connect(host).sync();
+    serverChannel.close();
+    ArgumentCaptor<ChannelHandlerContext> contextCaptor =
+        ArgumentCaptor.forClass(ChannelHandlerContext.class);
+    Mockito.verify(mockHandler).channelActive(contextCaptor.capture());
+    ChannelHandlerContext serverContext = contextCaptor.getValue();
+
+    final String golden = "testData";
+    ChannelFuture negotiationFuture = channel.writeAndFlush(bb(golden, channel));
+
+    // Wait for sending initial request to complete
+    channel.eventLoop().submit(NOOP_RUNNABLE).sync();
+    ArgumentCaptor<Object> objectCaptor = ArgumentCaptor.forClass(Object.class);
+    Mockito.verify(mockHandler)
+        .channelRead(ArgumentMatchers.<ChannelHandlerContext>any(), objectCaptor.capture());
+    ByteBuf b = (ByteBuf) objectCaptor.getValue();
+    String request = b.toString(UTF_8);
+    b.release();
+
+    // Verify custom headers are present in the CONNECT request
+    assertTrue("No trailing newline: " + request, request.endsWith("\r\n\r\n"));
+    assertTrue("No CONNECT: " + request, request.startsWith("CONNECT example.com:443 "));
+    assertTrue("No custom header: " + request, 
+        request.contains("X-Custom-Header: custom-value"));
+    assertTrue("No proxy authorization: " + request,
+        request.contains("Proxy-Authorization: Bearer token123"));
+
+    assertFalse(negotiationFuture.isDone());
+    serverContext.writeAndFlush(bb("HTTP/1.1 200 OK\r\n\r\n", serverContext.channel())).sync();
+    negotiationFuture.sync();
+
+    channel.eventLoop().submit(NOOP_RUNNABLE).sync();
+    objectCaptor = ArgumentCaptor.forClass(Object.class);
+    Mockito.verify(mockHandler, times(2))
+        .channelRead(ArgumentMatchers.<ChannelHandlerContext>any(), objectCaptor.capture());
+    b = (ByteBuf) objectCaptor.getAllValues().get(1);
+    String preface = b.toString(UTF_8);
+    b.release();
+    assertEquals(golden, preface);
+
+    channel.close();
+  }
+
   @Test
   public void waitUntilActiveHandler_firesNegotiation() throws Exception {
     EventLoopGroup elg = new DefaultEventLoopGroup(1);

From 6dab2ceab57763265adacf8de9a5bc4bc8d1f1a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20D=C4=85browski?=
 <3007876+marcindabrowski@users.noreply.github.com>
Date: Wed, 12 Nov 2025 22:12:58 +0100
Subject: [PATCH 453/591] Upgrade gson to 2.12.1

Since error_prone_annotations are in version 2.36.0, there is not reason
why gson couldn't be bumped to v2.12.1.
Since v2.12.0 gson do not support Java 7, but it has been dropped in
https://github.com/grpc/grpc-java/pull/8828.
---
 MODULE.bazel              | 2 +-
 gradle/libs.versions.toml | 4 ++--
 repositories.bzl          | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 36db31dbd71..418a78275b6 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -14,7 +14,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
-    "com.google.code.gson:gson:2.11.0",
+    "com.google.code.gson:gson:2.12.1",
     "com.google.errorprone:error_prone_annotations:2.36.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.4.8-android",
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index bf03cc6e18e..3d923af7d40 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -41,8 +41,8 @@ google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.24.
 google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.24.1"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
 google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.1"
-# 2.12.1 requires error_prone_annotations:2.36.0 but we are stuck with 2.30.0
-gson = "com.google.code.gson:gson:2.11.0"
+# 2.13.0 requires error_prone_annotations:2.37.0, but we are stuck with 2.36.0
+gson = "com.google.code.gson:gson:2.12.1"
 # 33.4.8 requires com.google.errorprone:error_prone_annotations:2.36.0
 guava = "com.google.guava:guava:33.4.8-android"
 guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
diff --git a/repositories.bzl b/repositories.bzl
index 2c9b0d46bb6..a635b59a425 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -18,7 +18,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
-    "com.google.code.gson:gson:2.11.0",
+    "com.google.code.gson:gson:2.12.1",
     "com.google.errorprone:error_prone_annotations:2.36.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.4.8-android",

From 8fa2c2c3c1454d411b1b029f8e83debf02c9bf11 Mon Sep 17 00:00:00 2001
From: Kim Sumin <ksoomin25@gmail.com>
Date: Wed, 12 Nov 2025 14:55:35 +0900
Subject: [PATCH 454/591] okhttp: Fix bidirectional keep-alive causing spurious
 GO_AWAY

When bidirectional keep-alive is enabled (both client and server
sending keep-alive pings), the server incorrectly validates ping
acknowledgments (ACKs) sent in response to server-initiated pings.
This causes the KeepAliveEnforcer strike counter to increment for
legitimate protocol responses, eventually triggering a GO_AWAY with
ENHANCE_YOUR_CALM.

Move the keepAliveEnforcer.pingAcceptable() check inside the !ack
conditional block, so only client-initiated ping requests are
validated. Ping ACKs now bypass enforcement entirely, enabling
bidirectional keep-alive to work correctly.

Fixes #12417
---
 .../io/grpc/okhttp/OkHttpServerTransport.java | 10 ++++----
 .../okhttp/OkHttpServerTransportTest.java     | 25 +++++++++++++++++++
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
index b744bca3116..7d192b16943 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerTransport.java
@@ -951,13 +951,13 @@ public void settings(boolean clearPrevious, Settings settings) {
 
     @Override
     public void ping(boolean ack, int payload1, int payload2) {
-      if (!keepAliveEnforcer.pingAcceptable()) {
-        abruptShutdown(ErrorCode.ENHANCE_YOUR_CALM, "too_many_pings",
-            Status.RESOURCE_EXHAUSTED.withDescription("Too many pings from client"), false);
-        return;
-      }
       long payload = (((long) payload1) << 32) | (payload2 & 0xffffffffL);
       if (!ack) {
+        if (!keepAliveEnforcer.pingAcceptable()) {
+          abruptShutdown(ErrorCode.ENHANCE_YOUR_CALM, "too_many_pings",
+              Status.RESOURCE_EXHAUSTED.withDescription("Too many pings from client"), false);
+          return;
+        }
         frameLogger.logPing(OkHttpFrameLogger.Direction.INBOUND, payload);
         synchronized (lock) {
           frameWriter.ping(true, payload1, payload2);
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpServerTransportTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpServerTransportTest.java
index 4d2744dc9c7..00db6e1d339 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpServerTransportTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpServerTransportTest.java
@@ -1268,6 +1268,31 @@ public void keepAliveEnforcer_noticesActive() throws Exception {
         eq(ByteString.encodeString("too_many_pings", GrpcUtil.US_ASCII)));
   }
 
+  @Test
+  public void keepAliveEnforcer_doesNotEnforcePingAcks() throws Exception {
+    serverBuilder.permitKeepAliveTime(1, TimeUnit.HOURS)
+        .permitKeepAliveWithoutCalls(true);
+    initTransport();
+    handshake();
+
+    for (int i = 0; i < KeepAliveEnforcer.MAX_PING_STRIKES + 2; i++) {
+      int serverPingId = 0xDEAD + i;
+      clientFrameWriter.ping(true, serverPingId, 0);
+      clientFrameWriter.flush();
+    }
+
+    for (int i = 0; i < KeepAliveEnforcer.MAX_PING_STRIKES; i++) {
+      pingPong();
+    }
+
+    pingPongId++;
+    clientFrameWriter.ping(false, pingPongId, 0);
+    clientFrameWriter.flush();
+    assertThat(clientFrameReader.nextFrame(clientFramesRead)).isTrue();
+    verify(clientFramesRead).goAway(0, ErrorCode.ENHANCE_YOUR_CALM,
+        ByteString.encodeString("too_many_pings", GrpcUtil.US_ASCII));
+  }
+
   @Test
   public void maxConcurrentCallsPerConnection_failsWithRst() throws Exception {
     int maxConcurrentCallsPerConnection = 1;

From 3fc026c29bd09c6ca87b72fd69eff843b88456a3 Mon Sep 17 00:00:00 2001
From: adam lazur <laz@canva.com>
Date: Thu, 13 Nov 2025 07:15:10 +0900
Subject: [PATCH 455/591] xds: Support deprecated xDS TLS fields for Istio
 compat (#12435)

## Problem

When using xDS with Istio's grpc-agent in proxyless mode, Java gRPC
fails with:

```
LDS response Listener validation error:
tls_certificate_provider_instance is required in downstream-tls-context
```

**Root Cause:**

Istio sends deprecated certificate provider fields for backward
compatibility with older Envoy versions. Java gRPC currently only reads
the current fields, causing validation failures.

Specifically, Istio uses these deprecated fields:
1. **Field 11**: `tls_certificate_certificate_provider_instance`
(deprecated) instead of field 14 (`tls_certificate_provider_instance`)
2. **Field 4**: `validation_context_certificate_provider_instance` in
`CombinedValidationContext` (deprecated) instead of
`ca_certificate_provider_instance` in `default_validation_context`

## Fix

Istio is adding support for the new fields in
https://github.com/istio/istio/pull/58257. Add fallback logic to support
deprecated certificate provider fields before that is rolled out:

**For identity certificates:**
1. Try current field 14 (`tls_certificate_provider_instance`) first
2. Fall back to deprecated field 11
(`tls_certificate_certificate_provider_instance`)

**For validation context in CombinedValidationContext:**
1. Try `ca_certificate_provider_instance` in
`default_validation_context` first
2. Fall back to deprecated field 4
(`validation_context_certificate_provider_instance`)

This matches the behavior of
[grpc-cpp](https://github.com/grpc/grpc/blob/master/src/core/xds/grpc/xds_common_types_parser.cc#L435-L474)
and
[grpc-go](https://github.com/grpc/grpc-go/blob/master/internal/xds/xdsclient/xdsresource/unmarshal_cds.go#L310-L344)
implementations.

## Testing

* Added new tests for both deprecated field paths (field 11 and field 4)
* All existing tests pass
* Manual local testing with Istio in proxyless mode verified the
compatibility fix works

---------

Co-authored-by: Amp <amp@ampcode.com>
---
 .../java/io/grpc/xds/XdsClusterResource.java  | 17 +++++-
 .../security/CommonTlsContextUtil.java        | 19 +++++--
 .../CertProviderSslContextProvider.java       |  8 ++-
 .../grpc/xds/GrpcXdsClientImplDataTest.java   | 30 +++++++++++
 .../security/CommonTlsContextTestsUtil.java   | 27 ++++++++++
 ...tProviderClientSslContextProviderTest.java | 52 +++++++++++++++++++
 6 files changed, 148 insertions(+), 5 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index 593aed4ef48..d9848d97017 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -541,7 +541,12 @@ private static String getIdentityCertInstanceName(CommonTlsContext commonTlsCont
     if (commonTlsContext.hasTlsCertificateProviderInstance()) {
       return commonTlsContext.getTlsCertificateProviderInstance().getInstanceName();
     }
-    return null;
+    // Fall back to deprecated field (field 11) for backward compatibility with Istio
+    @SuppressWarnings("deprecation")
+    String instanceName = commonTlsContext.hasTlsCertificateCertificateProviderInstance()
+        ? commonTlsContext.getTlsCertificateCertificateProviderInstance().getInstanceName()
+        : null;
+    return instanceName;
   }
 
   private static String getRootCertInstanceName(CommonTlsContext commonTlsContext) {
@@ -559,6 +564,16 @@ private static String getRootCertInstanceName(CommonTlsContext commonTlsContext)
         return combinedCertificateValidationContext.getDefaultValidationContext()
             .getCaCertificateProviderInstance().getInstanceName();
       }
+      // Fall back to deprecated field (field 4) in CombinedValidationContext
+      @SuppressWarnings("deprecation")
+      String instanceName = combinedCertificateValidationContext
+          .hasValidationContextCertificateProviderInstance()
+          ? combinedCertificateValidationContext.getValidationContextCertificateProviderInstance()
+              .getInstanceName()
+          : null;
+      if (instanceName != null) {
+        return instanceName;
+      }
     }
     return null;
   }
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java b/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
index 50fa18b64f9..bd8a423e683 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/CommonTlsContextUtil.java
@@ -28,7 +28,10 @@ public static boolean hasCertProviderInstance(CommonTlsContext commonTlsContext)
     if (commonTlsContext == null) {
       return false;
     }
+    @SuppressWarnings("deprecation")
+    boolean hasDeprecatedField = commonTlsContext.hasTlsCertificateCertificateProviderInstance();
     return commonTlsContext.hasTlsCertificateProviderInstance()
+        || hasDeprecatedField
         || hasValidationProviderInstance(commonTlsContext);
   }
 
@@ -37,9 +40,19 @@ private static boolean hasValidationProviderInstance(CommonTlsContext commonTlsC
         .hasCaCertificateProviderInstance()) {
       return true;
     }
-    return commonTlsContext.hasCombinedValidationContext()
-        && commonTlsContext.getCombinedValidationContext().getDefaultValidationContext()
-          .hasCaCertificateProviderInstance();
+    if (commonTlsContext.hasCombinedValidationContext()) {
+      CommonTlsContext.CombinedCertificateValidationContext combined =
+          commonTlsContext.getCombinedValidationContext();
+      if (combined.hasDefaultValidationContext()
+          && combined.getDefaultValidationContext().hasCaCertificateProviderInstance()) {
+        return true;
+      }
+      // Check deprecated field (field 4) in CombinedValidationContext
+      @SuppressWarnings("deprecation")
+      boolean hasDeprecatedField = combined.hasValidationContextCertificateProviderInstance();
+      return hasDeprecatedField;
+    }
+    return false;
   }
 
   /**
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
index 2570dcb731b..cb99ca6ad95 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
@@ -113,7 +113,13 @@ protected static CertificateProviderInstance getCertProviderInstance(
     if (commonTlsContext.hasTlsCertificateProviderInstance()) {
       return CommonTlsContextUtil.convert(commonTlsContext.getTlsCertificateProviderInstance());
     }
-    return null;
+    // Fall back to deprecated field for backward compatibility with Istio
+    @SuppressWarnings("deprecation")
+    CertificateProviderInstance deprecatedInstance =
+        commonTlsContext.hasTlsCertificateCertificateProviderInstance()
+            ? commonTlsContext.getTlsCertificateCertificateProviderInstance()
+            : null;
+    return deprecatedInstance;
   }
 
   @Nullable
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 0af64755969..975570d8205 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -3134,6 +3134,18 @@ public void validateCommonTlsContext_tlsNewCertificateProviderInstance()
         .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("name1", "name2"), true);
   }
 
+  @Test
+  @SuppressWarnings("deprecation")
+  public void validateCommonTlsContext_tlsDeprecatedCertificateProviderInstance()
+      throws ResourceInvalidException {
+    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
+        .setTlsCertificateCertificateProviderInstance(
+            CommonTlsContext.CertificateProviderInstance.newBuilder().setInstanceName("name1"))
+        .build();
+    XdsClusterResource
+        .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("name1", "name2"), true);
+  }
+
   @Test
   public void validateCommonTlsContext_tlsCertificateProviderInstance()
       throws ResourceInvalidException {
@@ -3218,6 +3230,24 @@ public void validateCommonTlsContext_combinedValidationContextSystemRootCerts()
         .validateCommonTlsContext(commonTlsContext, ImmutableSet.of(), false);
   }
 
+  @Test
+  @SuppressWarnings("deprecation")
+  public void validateCommonTlsContext_combinedValidationContextDeprecatedCertProvider()
+      throws ResourceInvalidException {
+    CommonTlsContext commonTlsContext = CommonTlsContext.newBuilder()
+        .setTlsCertificateProviderInstance(
+            CertificateProviderPluginInstance.newBuilder().setInstanceName("cert1"))
+        .setCombinedValidationContext(
+            CommonTlsContext.CombinedCertificateValidationContext.newBuilder()
+                .setValidationContextCertificateProviderInstance(
+                    CommonTlsContext.CertificateProviderInstance.newBuilder()
+                        .setInstanceName("root1"))
+                .build())
+        .build();
+    XdsClusterResource
+        .validateCommonTlsContext(commonTlsContext, ImmutableSet.of("cert1", "root1"), true);
+  }
+
   @Test
   public void validateCommonTlsContext_validationContextSystemRootCerts_envVarNotSet_throws() {
     XdsClusterResource.enableSystemRootCerts = false;
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
index 80a8083fb27..abacd2038f8 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
@@ -232,6 +232,33 @@ private static CommonTlsContext buildCommonTlsContextForCertProviderInstance(
     return builder.build();
   }
 
+  /** Helper method to build CommonTlsContext using deprecated certificate provider field. */
+  @SuppressWarnings("deprecation")
+  public static CommonTlsContext buildCommonTlsContextWithDeprecatedCertProviderInstance(
+      String certInstanceName,
+      String certName,
+      String rootInstanceName,
+      String rootCertName,
+      Iterable<String> alpnProtocols,
+      CertificateValidationContext staticCertValidationContext) {
+    CommonTlsContext.Builder builder = CommonTlsContext.newBuilder();
+    if (certInstanceName != null) {
+      // Use deprecated field (field 11) instead of current field (field 14)
+      builder =
+              builder.setTlsCertificateCertificateProviderInstance(
+                      CommonTlsContext.CertificateProviderInstance.newBuilder()
+                              .setInstanceName(certInstanceName)
+                              .setCertificateName(certName));
+    }
+    builder =
+        addCertificateValidationContext(
+            builder, rootInstanceName, rootCertName, staticCertValidationContext);
+    if (alpnProtocols != null) {
+      builder.addAllAlpnProtocols(alpnProtocols);
+    }
+    return builder.build();
+  }
+
   private static CommonTlsContext buildNewCommonTlsContextForCertProviderInstance(
           String certInstanceName,
           String certName,
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
index 875a57b8f3d..91f02863ca4 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
@@ -470,6 +470,58 @@ public void testProviderForClient_rootInstanceNull_but_isUsingSystemRootCerts_va
             .build(), false);
   }
 
+  @Test
+  public void testProviderForClient_deprecatedCertProviderField() throws Exception {
+    final CertificateProvider.DistributorWatcher[] watcherCaptor =
+        new CertificateProvider.DistributorWatcher[1];
+    TestCertificateProvider.createAndRegisterProviderProvider(
+        certificateProviderRegistry, watcherCaptor, "testca", 0);
+    
+    // Build UpstreamTlsContext using deprecated field
+    EnvoyServerProtoData.UpstreamTlsContext upstreamTlsContext =
+        new EnvoyServerProtoData.UpstreamTlsContext(
+            CommonTlsContextTestsUtil.buildCommonTlsContextWithDeprecatedCertProviderInstance(
+                "gcp_id",
+                "cert-default",
+                "gcp_id",
+                "root-default",
+                /* alpnProtocols= */ null,
+                /* staticCertValidationContext= */ null));
+    
+    Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
+    CertProviderClientSslContextProvider provider =
+        (CertProviderClientSslContextProvider)
+            certProviderClientSslContextProviderFactory.getProvider(
+                upstreamTlsContext,
+                bootstrapInfo.node().toEnvoyProtoNode(),
+                bootstrapInfo.certProviders());
+
+    assertThat(provider.savedKey).isNull();
+    assertThat(provider.savedCertChain).isNull();
+    assertThat(provider.savedTrustedRoots).isNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
+
+    // Generate cert update
+    watcherCaptor[0].updateCertificate(
+        CommonCertProviderTestUtils.getPrivateKey(CLIENT_KEY_FILE),
+        ImmutableList.of(getCertFromResourceName(CLIENT_PEM_FILE)));
+    assertThat(provider.savedKey).isNotNull();
+    assertThat(provider.savedCertChain).isNotNull();
+    assertThat(provider.getSslContextAndTrustManager()).isNull();
+
+    // Generate root cert update
+    watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
+    assertThat(provider.getSslContextAndTrustManager()).isNotNull();
+    assertThat(provider.savedKey).isNull();
+    assertThat(provider.savedCertChain).isNull();
+    assertThat(provider.savedTrustedRoots).isNull();
+
+    TestCallback testCallback =
+        CommonTlsContextTestsUtil.getValueThruCallback(provider);
+
+    doChecksOnSslContext(false, testCallback.updatedSslContext, /* expectedApnProtos= */ null);
+  }
+
   static class QueuedExecutor implements Executor {
     /** A list of Runnables to be run in order. */
     @VisibleForTesting final Queue<Runnable> runQueue = new ConcurrentLinkedQueue<>();

From 6a61a38eb4bbd9f226ada2a651429308811ded03 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 12 Nov 2025 13:27:16 -0800
Subject: [PATCH 456/591] util: Add RunWith to RandomSubsettingLoadBalancerTest

In some environments the test won't run without the annotation.
---
 .../java/io/grpc/util/RandomSubsettingLoadBalancerTest.java    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerTest.java b/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerTest.java
index 91dde6ba19d..2c43e8f4c3a 100644
--- a/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/RandomSubsettingLoadBalancerTest.java
@@ -47,6 +47,8 @@
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
@@ -55,6 +57,7 @@
 import org.mockito.junit.MockitoRule;
 import org.mockito.stubbing.Answer;
 
+@RunWith(JUnit4.class)
 public class RandomSubsettingLoadBalancerTest {
   @Rule
   public final MockitoRule mockitoRule = MockitoJUnit.rule();

From 40155b1002aac9b720215615e5900b405d6aa3c3 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 12 Nov 2025 08:10:21 -0800
Subject: [PATCH 457/591] interop-testing: Increase timeout for
 StressTestClientTest

gaugesShouldBeExported with TSAN doesn't finish in less than 6 seconds
and sometimes takes 12 seconds.
---
 .../java/io/grpc/testing/integration/StressTestClientTest.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/StressTestClientTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/StressTestClientTest.java
index c09a0cfeab9..95ef5379120 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/StressTestClientTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/StressTestClientTest.java
@@ -44,7 +44,7 @@
 public class StressTestClientTest {
 
   @Rule
-  public final Timeout globalTimeout = Timeout.seconds(10);
+  public final Timeout globalTimeout = Timeout.seconds(15);
 
   @Test
   public void ipv6AddressesShouldBeSupported() {

From 55314c3ca5dfc7bba5953f1c73ec70c3f9ce0dfd Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 12 Nov 2025 15:29:05 -0800
Subject: [PATCH 458/591] servlet: Ignore timeoutOnSleepingServer for Tomcat

tomcat10Test is frequently failing on Windows because Tomcat doesn't
support trailers-only. I removed the FIXMEs because we won't workaround
Tomcat in grpc-servlet because:

1. An interceptor that converts trailers-only into headers+trailers
   would handle most cases, as it could run directly next to the
   application.  That is semantically very safe. But an interceptor
   doesn't help deadline handling and other transport-caused closures,
   as those trailers-only are produced by the transport
2. Having the transport convert trailers-only would work for deadline
   handling, but is not semantically safe
3. The other languages didn't find Tomcat to be important enough to
   support HEADERS+empty DATA(END_STREAM) as trailers-only on the
   client-side

```
Unexpected status: Status{code=INTERNAL, description=Received unexpected EOS on empty DATA frame from server, cause=null}
value of: getCode()
expected: DEADLINE_EXCEEDED
but was : INTERNAL
	at app//io.grpc.testing.integration.AbstractInteropTest.assertCodeEquals(AbstractInteropTest.java:2028)
	at app//io.grpc.testing.integration.AbstractInteropTest.timeoutOnSleepingServer(AbstractInteropTest.java:1644)
```
---
 .../java/io/grpc/servlet/TomcatInteropTest.java          | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatInteropTest.java b/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatInteropTest.java
index 1422b5388fd..d072fea93a1 100644
--- a/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatInteropTest.java
+++ b/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatInteropTest.java
@@ -113,27 +113,28 @@ protected boolean metricsExpected() {
   @Test
   public void gracefulShutdown() {}
 
-  // FIXME
   @Override
   @Ignore("Tomcat is not able to send trailer only")
   @Test
   public void specialStatusMessage() {}
 
-  // FIXME
   @Override
   @Ignore("Tomcat is not able to send trailer only")
   @Test
   public void unimplementedMethod() {}
 
-  // FIXME
   @Override
   @Ignore("Tomcat is not able to send trailer only")
   @Test
   public void statusCodeAndMessage() {}
 
-  // FIXME
   @Override
   @Ignore("Tomcat is not able to send trailer only")
   @Test
   public void emptyStream() {}
+
+  @Override
+  @Ignore("Tomcat is not able to send trailer only")
+  @Test
+  public void timeoutOnSleepingServer() {}
 }

From 731d85bc911f51c22f50df78745c098c46fc23c1 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 29 Oct 2025 09:49:00 -0700
Subject: [PATCH 459/591] xds: Remove
 InternalGrpcBootstrapperImpl.getJsonContent()

It has been unused since 84d30afad.
---
 .../main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java  | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java
index 6a852a2fbb4..7bbc2a6dfca 100644
--- a/xds/src/main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/InternalGrpcBootstrapperImpl.java
@@ -19,7 +19,6 @@
 import io.grpc.Internal;
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.XdsInitializationException;
-import java.io.IOException;
 import java.util.Map;
 
 /**
@@ -29,10 +28,6 @@
 public final class InternalGrpcBootstrapperImpl {
   private InternalGrpcBootstrapperImpl() {} // prevent instantiation
 
-  public static String getJsonContent() throws XdsInitializationException, IOException {
-    return new GrpcBootstrapperImpl().getJsonContent();
-  }
-
   public static BootstrapInfo parseBootstrap(Map<String, ?> bootstrap)
       throws XdsInitializationException {
     return new GrpcBootstrapperImpl().bootstrap(bootstrap);

From 28a6130e8026033a5906ff0d14f7eaedd3f066e9 Mon Sep 17 00:00:00 2001
From: Marius Volkhart <marius@volkhart.com>
Date: Thu, 13 Nov 2025 12:47:16 -0500
Subject: [PATCH 460/591] core: Fix AbstractClientStream Javadoc

Subclasses also need to implement setAuthority(String) and getAttributes() which
come in from the ClientStream interface.
---
 .../main/java/io/grpc/internal/AbstractClientStream.java    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/AbstractClientStream.java b/core/src/main/java/io/grpc/internal/AbstractClientStream.java
index 14fd5888147..bce1820b482 100644
--- a/core/src/main/java/io/grpc/internal/AbstractClientStream.java
+++ b/core/src/main/java/io/grpc/internal/AbstractClientStream.java
@@ -43,9 +43,9 @@
 import javax.annotation.Nullable;
 
 /**
- * The abstract base class for {@link ClientStream} implementations. Extending classes only need to
- * implement {@link #transportState()} and {@link #abstractClientStreamSink()}. Must only be called
- * from the sending application thread.
+ * The abstract base class for {@link ClientStream} implementations.
+ *
+ * <p>Must only be called from the sending application thread.
  */
 public abstract class AbstractClientStream extends AbstractStream
     implements ClientStream, MessageFramer.Sink {

From 322e488a4e9c9d68cbc2d4293e6514a5cec63f66 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Thu, 13 Nov 2025 07:11:52 -0800
Subject: [PATCH 461/591] Revert "core: Report marshaller error for
 uncompressed size too large back to the client 2 (#12477)"

This reverts commit 14087f841c0bef87cffd9da45278c19c04da4a35.

It caused the same failures as the previous attempt that was reverted in
7eab160. cl/831837315

```
java.lang.AssertionError: Failed executing read operation
	at io.grpc.internal.CompositeReadableBuffer.execute(CompositeReadableBuffer.java:328)
	at io.grpc.internal.CompositeReadableBuffer.executeNoThrow(CompositeReadableBuffer.java:336)
	at io.grpc.internal.CompositeReadableBuffer.readBytes(CompositeReadableBuffer.java:151)
	at io.grpc.internal.ReadableBuffers$BufferInputStream.read(ReadableBuffers.java:377)
	at io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller.parse(ProtoLiteUtils.java:205)
	at io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller.parse(ProtoLiteUtils.java:133)
	at io.grpc.MethodDescriptor.parseRequest(MethodDescriptor.java:307)
```
---
 .../grpc/internal/CloseWithHeadersMarker.java | 32 --------------
 .../java/io/grpc/internal/ServerCallImpl.java | 24 ++---------
 .../io/grpc/internal/ServerCallImplTest.java  | 42 -------------------
 .../integration/AbstractInteropTest.java      |  2 +-
 .../integration/TransportCompressionTest.java | 29 +------------
 .../java/io/grpc/netty/NettyServerStream.java |  7 +---
 6 files changed, 7 insertions(+), 129 deletions(-)
 delete mode 100644 core/src/main/java/io/grpc/internal/CloseWithHeadersMarker.java

diff --git a/core/src/main/java/io/grpc/internal/CloseWithHeadersMarker.java b/core/src/main/java/io/grpc/internal/CloseWithHeadersMarker.java
deleted file mode 100644
index 376b9edb614..00000000000
--- a/core/src/main/java/io/grpc/internal/CloseWithHeadersMarker.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright 2025 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.internal;
-
-import io.grpc.Status;
-
-/**
- * Marker to be used for Status sent to {@link ServerStream#cancel(Status)} to signal that stream
- * should be closed by sending headers.
- */
-public class CloseWithHeadersMarker extends Throwable {
-  private static final long serialVersionUID = 0L;
-
-  @Override
-  public synchronized Throwable fillInStackTrace() {
-    return this;
-  }
-}
diff --git a/core/src/main/java/io/grpc/internal/ServerCallImpl.java b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
index 1c1f76cbb12..e224384ce8f 100644
--- a/core/src/main/java/io/grpc/internal/ServerCallImpl.java
+++ b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
@@ -279,17 +279,6 @@ private void handleInternalError(Throwable internalError) {
     serverCallTracer.reportCallEnded(false); // error so always false
   }
 
-  /**
-   * Close the {@link ServerStream} because parsing request message failed.
-   * Similar to {@link #handleInternalError(Throwable)}.
-   */
-  private void handleParseError(StatusRuntimeException parseError) {
-    cancelled = true;
-    log.log(Level.WARNING, "Cancelling the stream because of parse error", parseError);
-    stream.cancel(parseError.getStatus().withCause(new CloseWithHeadersMarker()));
-    serverCallTracer.reportCallEnded(false); // error so always false
-  }
-
   /**
    * All of these callbacks are assumed to called on an application thread, and the caller is
    * responsible for handling thrown exceptions.
@@ -338,23 +327,18 @@ private void messagesAvailableInternal(final MessageProducer producer) {
         return;
       }
 
-      InputStream message = null;
+      InputStream message;
       try {
         while ((message = producer.next()) != null) {
-          ReqT parsed;
           try {
-            parsed = call.method.parseRequest(message);
-          } catch (StatusRuntimeException e) {
+            listener.onMessage(call.method.parseRequest(message));
+          } catch (Throwable t) {
             GrpcUtil.closeQuietly(message);
-            GrpcUtil.closeQuietly(producer);
-            call.handleParseError(e);
-            return;
+            throw t;
           }
           message.close();
-          listener.onMessage(parsed);
         }
       } catch (Throwable t) {
-        GrpcUtil.closeQuietly(message);
         GrpcUtil.closeQuietly(producer);
         Throwables.throwIfUnchecked(t);
         throw new RuntimeException(t);
diff --git a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
index 028f1ac93cd..7394c83eab2 100644
--- a/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerCallImplTest.java
@@ -48,11 +48,9 @@
 import io.grpc.SecurityLevel;
 import io.grpc.ServerCall;
 import io.grpc.Status;
-import io.grpc.StatusRuntimeException;
 import io.grpc.internal.ServerCallImpl.ServerStreamListenerImpl;
 import io.perfmark.PerfMark;
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import org.junit.Before;
@@ -71,8 +69,6 @@ public class ServerCallImplTest {
 
   @Mock private ServerStream stream;
   @Mock private ServerCall.Listener<Long> callListener;
-  @Mock private StreamListener.MessageProducer messageProducer;
-  @Mock private InputStream message;
 
   private final CallTracer serverCallTracer = CallTracer.getDefaultFactory().create();
   private ServerCallImpl<Long, Long> call;
@@ -497,44 +493,6 @@ public void streamListener_unexpectedRuntimeException() {
     assertThat(e).hasMessageThat().isEqualTo("unexpected exception");
   }
 
-  @Test
-  public void streamListener_statusRuntimeException() throws IOException {
-    MethodDescriptor<Long, Long> failingParseMethod = MethodDescriptor.<Long, Long>newBuilder()
-        .setType(MethodType.UNARY)
-        .setFullMethodName("service/method")
-        .setRequestMarshaller(new LongMarshaller() {
-            @Override
-            public Long parse(InputStream stream) {
-              throw new StatusRuntimeException(Status.RESOURCE_EXHAUSTED
-                  .withDescription("Decompressed gRPC message exceeds maximum size"));
-            }
-        })
-        .setResponseMarshaller(new LongMarshaller())
-        .build();
-
-    call =  new ServerCallImpl<>(stream, failingParseMethod, requestHeaders, context,
-            DecompressorRegistry.getDefaultInstance(), CompressorRegistry.getDefaultInstance(),
-            serverCallTracer, PerfMark.createTag());
-
-    ServerStreamListenerImpl<Long> streamListener =
-            new ServerCallImpl.ServerStreamListenerImpl<>(call, callListener, context);
-
-    when(messageProducer.next()).thenReturn(message, (InputStream) null);
-    streamListener.messagesAvailable(messageProducer);
-    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
-    verify(stream).cancel(statusCaptor.capture());
-    Status status = statusCaptor.getValue();
-    assertEquals(Status.Code.RESOURCE_EXHAUSTED, status.getCode());
-    assertEquals("Decompressed gRPC message exceeds maximum size", status.getDescription());
-
-    streamListener.halfClosed();
-    verify(callListener, never()).onHalfClose();
-
-    when(messageProducer.next()).thenReturn(message, (InputStream) null);
-    streamListener.messagesAvailable(messageProducer);
-    verify(callListener, never()).onMessage(any());
-  }
-
   private static class LongMarshaller implements Marshaller<Long> {
     @Override
     public InputStream stream(Long value) {
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
index f5cd111a5b1..51295281a90 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -2024,7 +2024,7 @@ private void assertPayload(Payload expected, Payload actual) {
     }
   }
 
-  protected static void assertCodeEquals(Status.Code expected, Status actual) {
+  private static void assertCodeEquals(Status.Code expected, Status actual) {
     assertWithMessage("Unexpected status: %s", actual).that(actual.getCode()).isEqualTo(expected);
   }
 
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
index 33cd624aebb..b9692383254 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/TransportCompressionTest.java
@@ -17,7 +17,6 @@
 package io.grpc.testing.integration;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
 import com.google.protobuf.ByteString;
@@ -38,8 +37,6 @@
 import io.grpc.ServerCall.Listener;
 import io.grpc.ServerCallHandler;
 import io.grpc.ServerInterceptor;
-import io.grpc.Status.Code;
-import io.grpc.StatusRuntimeException;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.netty.InternalNettyChannelBuilder;
 import io.grpc.netty.InternalNettyServerBuilder;
@@ -56,9 +53,7 @@
 import java.io.OutputStream;
 import org.junit.Before;
 import org.junit.BeforeClass;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -89,16 +84,10 @@ public static void registerCompressors() {
     compressors.register(Codec.Identity.NONE);
   }
 
-  @Rule
-  public final TestName currentTest = new TestName();
-
   @Override
   protected ServerBuilder<?> getServerBuilder() {
     NettyServerBuilder builder = NettyServerBuilder.forPort(0, InsecureServerCredentials.create())
-        .maxInboundMessageSize(
-            DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME.equals(currentTest.getMethodName())
-                ? 1000
-                : AbstractInteropTest.MAX_MESSAGE_SIZE)
+        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
         .compressorRegistry(compressors)
         .decompressorRegistry(decompressors)
         .intercept(new ServerInterceptor() {
@@ -137,22 +126,6 @@ public void compresses() {
     assertTrue(FZIPPER.anyWritten);
   }
 
-  private static final String DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME =
-      "decompressedMessageTooLong";
-
-  @Test
-  public void decompressedMessageTooLong() {
-    assertEquals(DECOMPRESSED_MESSAGE_TOO_LONG_METHOD_NAME, currentTest.getMethodName());
-    final SimpleRequest bigRequest = SimpleRequest.newBuilder()
-        .setPayload(Payload.newBuilder().setBody(ByteString.copyFrom(new byte[10_000])))
-        .build();
-    StatusRuntimeException e = assertThrows(StatusRuntimeException.class,
-        () -> blockingStub.withCompression("gzip").unaryCall(bigRequest));
-    assertCodeEquals(Code.RESOURCE_EXHAUSTED, e.getStatus());
-    assertEquals("Decompressed gRPC message exceeds maximum size 1000",
-        e.getStatus().getDescription());
-  }
-
   @Override
   protected NettyChannelBuilder createChannelBuilder() {
     NettyChannelBuilder builder = NettyChannelBuilder.forAddress(getListenAddress())
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerStream.java b/netty/src/main/java/io/grpc/netty/NettyServerStream.java
index 681e649d1ef..836f39ddf19 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerStream.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerStream.java
@@ -23,7 +23,6 @@
 import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.internal.AbstractServerStream;
-import io.grpc.internal.CloseWithHeadersMarker;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.TransportTracer;
 import io.grpc.internal.WritableBuffer;
@@ -131,11 +130,7 @@ public void writeTrailers(Metadata trailers, boolean headersSent, Status status)
     @Override
     public void cancel(Status status) {
       try (TaskCloseable ignore = PerfMark.traceTask("NettyServerStream$Sink.cancel")) {
-        CancelServerStreamCommand cmd =
-            status.getCause() instanceof CloseWithHeadersMarker
-                ? CancelServerStreamCommand.withReason(transportState(), status)
-                : CancelServerStreamCommand.withReset(transportState(), status);
-        writeQueue.enqueue(cmd, true);
+        writeQueue.enqueue(CancelServerStreamCommand.withReset(transportState(), status), true);
       }
     }
   }

From a57c373973f01524cde6d02161d87e77f5b638d4 Mon Sep 17 00:00:00 2001
From: Saurav <sauravz@google.com>
Date: Fri, 14 Nov 2025 21:58:38 +0530
Subject: [PATCH 462/591] xds: Update Envoy proto definitions and add ExtAuthz
 gRPC service

This commit updates the Envoy proto definitions to a newer version and
adds the generated gRPC code for the
`envoy.service.auth.v3.Authorization` service.

The updated proto definitions include changes to the `ext_authz` filter,
`GrpcService` configuration, and other related components. This also
includes new proto files for gRPC credentials and header mutation rules.

The generated `AuthorizationGrpc.java` file provides the gRPC stub that
will be used to communicate with the external authorization service.
---
 .gitignore                                    |   3 +
 .../service/auth/v3/AuthorizationGrpc.java    | 377 +++++++++++++
 xds/third_party/envoy/import.sh               |  14 +-
 .../envoy/config/bootstrap/v3/bootstrap.proto |  10 +-
 .../envoy/config/cluster/v3/cluster.proto     |  17 +-
 .../mutation_rules/v3/mutation_rules.proto    | 113 ++++
 .../proto/envoy/config/core/v3/address.proto  |   3 -
 .../envoy/config/core/v3/config_source.proto  |   5 +-
 .../envoy/config/core/v3/grpc_service.proto   |  23 +-
 .../envoy/config/core/v3/health_check.proto   |   6 +-
 .../proto/envoy/config/core/v3/protocol.proto |  27 +-
 .../envoy/config/endpoint/v3/endpoint.proto   |   5 +-
 .../config/endpoint/v3/load_report.proto      |   6 +-
 .../listener/v3/listener_components.proto     |   2 +-
 .../proto/envoy/config/metrics/v3/stats.proto |   4 +-
 .../envoy/config/overload/v3/overload.proto   |  22 +-
 .../config/route/v3/route_components.proto    |  94 +++-
 .../envoy/config/trace/v3/opentelemetry.proto |   9 +-
 .../proto/envoy/config/trace/v3/zipkin.proto  |  85 ++-
 .../filters/http/ext_authz/v3/ext_authz.proto | 529 ++++++++++++++++++
 .../v3/http_connection_manager.proto          |  34 +-
 .../v3/access_token_credentials.proto         |  19 +
 .../v3/google_default_credentials.proto       |  17 +
 .../insecure/v3/insecure_credentials.proto    |  17 +
 .../local/v3/local_credentials.proto          |  17 +
 .../tls/v3/tls_credentials.proto              |  27 +
 .../xds/v3/xds_credentials.proto              |  21 +
 .../common/v3/common.proto                    |  24 +-
 .../service/auth/v3/attribute_context.proto   | 222 ++++++++
 .../envoy/service/auth/v3/external_auth.proto | 144 +++++
 .../proto/envoy/type/matcher/v3/value.proto   |   2 +-
 31 files changed, 1828 insertions(+), 70 deletions(-)
 create mode 100644 xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/auth/v3/AuthorizationGrpc.java
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/config/common/mutation_rules/v3/mutation_rules.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/call_credentials/access_token/v3/access_token_credentials.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/google_default/v3/google_default_credentials.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/insecure/v3/insecure_credentials.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/local/v3/local_credentials.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/tls/v3/tls_credentials.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/xds/v3/xds_credentials.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/attribute_context.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/external_auth.proto

diff --git a/.gitignore b/.gitignore
index 92a0e3d6d3a..b078d891adf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,9 @@ MODULE.bazel.lock
 .gitignore
 bin
 
+# VsCode
+.vscode
+
 # OS X
 .DS_Store
 
diff --git a/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/auth/v3/AuthorizationGrpc.java b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/auth/v3/AuthorizationGrpc.java
new file mode 100644
index 00000000000..df9b7a3514b
--- /dev/null
+++ b/xds/src/generated/thirdparty/grpc/io/envoyproxy/envoy/service/auth/v3/AuthorizationGrpc.java
@@ -0,0 +1,377 @@
+package io.envoyproxy.envoy.service.auth.v3;
+
+import static io.grpc.MethodDescriptor.generateFullMethodName;
+
+/**
+ * <pre>
+ * A generic interface for performing authorization check on incoming
+ * requests to a networked service.
+ * </pre>
+ */
+@io.grpc.stub.annotations.GrpcGenerated
+public final class AuthorizationGrpc {
+
+  private AuthorizationGrpc() {}
+
+  public static final java.lang.String SERVICE_NAME = "envoy.service.auth.v3.Authorization";
+
+  // Static method descriptors that strictly reflect the proto.
+  private static volatile io.grpc.MethodDescriptor<io.envoyproxy.envoy.service.auth.v3.CheckRequest,
+      io.envoyproxy.envoy.service.auth.v3.CheckResponse> getCheckMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "Check",
+      requestType = io.envoyproxy.envoy.service.auth.v3.CheckRequest.class,
+      responseType = io.envoyproxy.envoy.service.auth.v3.CheckResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<io.envoyproxy.envoy.service.auth.v3.CheckRequest,
+      io.envoyproxy.envoy.service.auth.v3.CheckResponse> getCheckMethod() {
+    io.grpc.MethodDescriptor<io.envoyproxy.envoy.service.auth.v3.CheckRequest, io.envoyproxy.envoy.service.auth.v3.CheckResponse> getCheckMethod;
+    if ((getCheckMethod = AuthorizationGrpc.getCheckMethod) == null) {
+      synchronized (AuthorizationGrpc.class) {
+        if ((getCheckMethod = AuthorizationGrpc.getCheckMethod) == null) {
+          AuthorizationGrpc.getCheckMethod = getCheckMethod =
+              io.grpc.MethodDescriptor.<io.envoyproxy.envoy.service.auth.v3.CheckRequest, io.envoyproxy.envoy.service.auth.v3.CheckResponse>newBuilder()
+              .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(generateFullMethodName(SERVICE_NAME, "Check"))
+              .setSampledToLocalTracing(true)
+              .setRequestMarshaller(io.grpc.protobuf.ProtoUtils.marshaller(
+                  io.envoyproxy.envoy.service.auth.v3.CheckRequest.getDefaultInstance()))
+              .setResponseMarshaller(io.grpc.protobuf.ProtoUtils.marshaller(
+                  io.envoyproxy.envoy.service.auth.v3.CheckResponse.getDefaultInstance()))
+              .setSchemaDescriptor(new AuthorizationMethodDescriptorSupplier("Check"))
+              .build();
+        }
+      }
+    }
+    return getCheckMethod;
+  }
+
+  /**
+   * Creates a new async stub that supports all call types for the service
+   */
+  public static AuthorizationStub newStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<AuthorizationStub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<AuthorizationStub>() {
+        @java.lang.Override
+        public AuthorizationStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new AuthorizationStub(channel, callOptions);
+        }
+      };
+    return AuthorizationStub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new blocking-style stub that supports all types of calls on the service
+   */
+  public static AuthorizationBlockingV2Stub newBlockingV2Stub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<AuthorizationBlockingV2Stub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<AuthorizationBlockingV2Stub>() {
+        @java.lang.Override
+        public AuthorizationBlockingV2Stub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new AuthorizationBlockingV2Stub(channel, callOptions);
+        }
+      };
+    return AuthorizationBlockingV2Stub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new blocking-style stub that supports unary and streaming output calls on the service
+   */
+  public static AuthorizationBlockingStub newBlockingStub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<AuthorizationBlockingStub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<AuthorizationBlockingStub>() {
+        @java.lang.Override
+        public AuthorizationBlockingStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new AuthorizationBlockingStub(channel, callOptions);
+        }
+      };
+    return AuthorizationBlockingStub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new ListenableFuture-style stub that supports unary calls on the service
+   */
+  public static AuthorizationFutureStub newFutureStub(
+      io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<AuthorizationFutureStub> factory =
+      new io.grpc.stub.AbstractStub.StubFactory<AuthorizationFutureStub>() {
+        @java.lang.Override
+        public AuthorizationFutureStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+          return new AuthorizationFutureStub(channel, callOptions);
+        }
+      };
+    return AuthorizationFutureStub.newStub(factory, channel);
+  }
+
+  /**
+   * <pre>
+   * A generic interface for performing authorization check on incoming
+   * requests to a networked service.
+   * </pre>
+   */
+  public interface AsyncService {
+
+    /**
+     * <pre>
+     * Performs authorization check based on the attributes associated with the
+     * incoming request, and returns status `OK` or not `OK`.
+     * </pre>
+     */
+    default void check(io.envoyproxy.envoy.service.auth.v3.CheckRequest request,
+        io.grpc.stub.StreamObserver<io.envoyproxy.envoy.service.auth.v3.CheckResponse> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(getCheckMethod(), responseObserver);
+    }
+  }
+
+  /**
+   * Base class for the server implementation of the service Authorization.
+   * <pre>
+   * A generic interface for performing authorization check on incoming
+   * requests to a networked service.
+   * </pre>
+   */
+  public static abstract class AuthorizationImplBase
+      implements io.grpc.BindableService, AsyncService {
+
+    @java.lang.Override public final io.grpc.ServerServiceDefinition bindService() {
+      return AuthorizationGrpc.bindService(this);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do asynchronous rpc calls to service Authorization.
+   * <pre>
+   * A generic interface for performing authorization check on incoming
+   * requests to a networked service.
+   * </pre>
+   */
+  public static final class AuthorizationStub
+      extends io.grpc.stub.AbstractAsyncStub<AuthorizationStub> {
+    private AuthorizationStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected AuthorizationStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new AuthorizationStub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Performs authorization check based on the attributes associated with the
+     * incoming request, and returns status `OK` or not `OK`.
+     * </pre>
+     */
+    public void check(io.envoyproxy.envoy.service.auth.v3.CheckRequest request,
+        io.grpc.stub.StreamObserver<io.envoyproxy.envoy.service.auth.v3.CheckResponse> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getCheckMethod(), getCallOptions()), request, responseObserver);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do synchronous rpc calls to service Authorization.
+   * <pre>
+   * A generic interface for performing authorization check on incoming
+   * requests to a networked service.
+   * </pre>
+   */
+  public static final class AuthorizationBlockingV2Stub
+      extends io.grpc.stub.AbstractBlockingStub<AuthorizationBlockingV2Stub> {
+    private AuthorizationBlockingV2Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected AuthorizationBlockingV2Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new AuthorizationBlockingV2Stub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Performs authorization check based on the attributes associated with the
+     * incoming request, and returns status `OK` or not `OK`.
+     * </pre>
+     */
+    public io.envoyproxy.envoy.service.auth.v3.CheckResponse check(io.envoyproxy.envoy.service.auth.v3.CheckRequest request) throws io.grpc.StatusException {
+      return io.grpc.stub.ClientCalls.blockingV2UnaryCall(
+          getChannel(), getCheckMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do limited synchronous rpc calls to service Authorization.
+   * <pre>
+   * A generic interface for performing authorization check on incoming
+   * requests to a networked service.
+   * </pre>
+   */
+  public static final class AuthorizationBlockingStub
+      extends io.grpc.stub.AbstractBlockingStub<AuthorizationBlockingStub> {
+    private AuthorizationBlockingStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected AuthorizationBlockingStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new AuthorizationBlockingStub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Performs authorization check based on the attributes associated with the
+     * incoming request, and returns status `OK` or not `OK`.
+     * </pre>
+     */
+    public io.envoyproxy.envoy.service.auth.v3.CheckResponse check(io.envoyproxy.envoy.service.auth.v3.CheckRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCheckMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   * A stub to allow clients to do ListenableFuture-style rpc calls to service Authorization.
+   * <pre>
+   * A generic interface for performing authorization check on incoming
+   * requests to a networked service.
+   * </pre>
+   */
+  public static final class AuthorizationFutureStub
+      extends io.grpc.stub.AbstractFutureStub<AuthorizationFutureStub> {
+    private AuthorizationFutureStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected AuthorizationFutureStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new AuthorizationFutureStub(channel, callOptions);
+    }
+
+    /**
+     * <pre>
+     * Performs authorization check based on the attributes associated with the
+     * incoming request, and returns status `OK` or not `OK`.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<io.envoyproxy.envoy.service.auth.v3.CheckResponse> check(
+        io.envoyproxy.envoy.service.auth.v3.CheckRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getCheckMethod(), getCallOptions()), request);
+    }
+  }
+
+  private static final int METHODID_CHECK = 0;
+
+  private static final class MethodHandlers<Req, Resp> implements
+      io.grpc.stub.ServerCalls.UnaryMethod<Req, Resp>,
+      io.grpc.stub.ServerCalls.ServerStreamingMethod<Req, Resp>,
+      io.grpc.stub.ServerCalls.ClientStreamingMethod<Req, Resp>,
+      io.grpc.stub.ServerCalls.BidiStreamingMethod<Req, Resp> {
+    private final AsyncService serviceImpl;
+    private final int methodId;
+
+    MethodHandlers(AsyncService serviceImpl, int methodId) {
+      this.serviceImpl = serviceImpl;
+      this.methodId = methodId;
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public void invoke(Req request, io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        case METHODID_CHECK:
+          serviceImpl.check((io.envoyproxy.envoy.service.auth.v3.CheckRequest) request,
+              (io.grpc.stub.StreamObserver<io.envoyproxy.envoy.service.auth.v3.CheckResponse>) responseObserver);
+          break;
+        default:
+          throw new AssertionError();
+      }
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public io.grpc.stub.StreamObserver<Req> invoke(
+        io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        default:
+          throw new AssertionError();
+      }
+    }
+  }
+
+  public static final io.grpc.ServerServiceDefinition bindService(AsyncService service) {
+    return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor())
+        .addMethod(
+          getCheckMethod(),
+          io.grpc.stub.ServerCalls.asyncUnaryCall(
+            new MethodHandlers<
+              io.envoyproxy.envoy.service.auth.v3.CheckRequest,
+              io.envoyproxy.envoy.service.auth.v3.CheckResponse>(
+                service, METHODID_CHECK)))
+        .build();
+  }
+
+  private static abstract class AuthorizationBaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoFileDescriptorSupplier, io.grpc.protobuf.ProtoServiceDescriptorSupplier {
+    AuthorizationBaseDescriptorSupplier() {}
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
+      return io.envoyproxy.envoy.service.auth.v3.ExternalAuthProto.getDescriptor();
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() {
+      return getFileDescriptor().findServiceByName("Authorization");
+    }
+  }
+
+  private static final class AuthorizationFileDescriptorSupplier
+      extends AuthorizationBaseDescriptorSupplier {
+    AuthorizationFileDescriptorSupplier() {}
+  }
+
+  private static final class AuthorizationMethodDescriptorSupplier
+      extends AuthorizationBaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoMethodDescriptorSupplier {
+    private final java.lang.String methodName;
+
+    AuthorizationMethodDescriptorSupplier(java.lang.String methodName) {
+      this.methodName = methodName;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() {
+      return getServiceDescriptor().findMethodByName(methodName);
+    }
+  }
+
+  private static volatile io.grpc.ServiceDescriptor serviceDescriptor;
+
+  public static io.grpc.ServiceDescriptor getServiceDescriptor() {
+    io.grpc.ServiceDescriptor result = serviceDescriptor;
+    if (result == null) {
+      synchronized (AuthorizationGrpc.class) {
+        result = serviceDescriptor;
+        if (result == null) {
+          serviceDescriptor = result = io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME)
+              .setSchemaDescriptor(new AuthorizationFileDescriptorSupplier())
+              .addMethod(getCheckMethod())
+              .build();
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh
index ba657612586..0ad90f7baf0 100755
--- a/xds/third_party/envoy/import.sh
+++ b/xds/third_party/envoy/import.sh
@@ -16,8 +16,8 @@
 # Update VERSION then execute this script
 
 set -e
-# import VERSION from the google internal copybara_version.txt for Envoy
-VERSION=1128a52d227efb8c798478d293fdc05e8075ebcd
+# import VERSION from the google internal go/envoy-import-status
+VERSION=b6df993feef0340391e6dbf6ad957ab42884ad05
 DOWNLOAD_URL="https://github.com/envoyproxy/envoy/archive/${VERSION}.tar.gz"
 DOWNLOAD_BASE_DIR="envoy-${VERSION}"
 SOURCE_PROTO_BASE_DIR="${DOWNLOAD_BASE_DIR}/api"
@@ -33,6 +33,7 @@ envoy/config/cluster/v3/circuit_breaker.proto
 envoy/config/cluster/v3/cluster.proto
 envoy/config/cluster/v3/filter.proto
 envoy/config/cluster/v3/outlier_detection.proto
+envoy/config/common/mutation_rules/v3/mutation_rules.proto
 envoy/config/core/v3/address.proto
 envoy/config/core/v3/backoff.proto
 envoy/config/core/v3/base.proto
@@ -74,12 +75,19 @@ envoy/config/trace/v3/zipkin.proto
 envoy/data/accesslog/v3/accesslog.proto
 envoy/extensions/clusters/aggregate/v3/cluster.proto
 envoy/extensions/filters/common/fault/v3/fault.proto
+envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
 envoy/extensions/filters/http/fault/v3/fault.proto
 envoy/extensions/filters/http/rate_limit_quota/v3/rate_limit_quota.proto
 envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
 envoy/extensions/filters/http/rbac/v3/rbac.proto
 envoy/extensions/filters/http/router/v3/router.proto
 envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+envoy/extensions/grpc_service/call_credentials/access_token/v3/access_token_credentials.proto
+envoy/extensions/grpc_service/channel_credentials/google_default/v3/google_default_credentials.proto
+envoy/extensions/grpc_service/channel_credentials/insecure/v3/insecure_credentials.proto
+envoy/extensions/grpc_service/channel_credentials/local/v3/local_credentials.proto
+envoy/extensions/grpc_service/channel_credentials/tls/v3/tls_credentials.proto
+envoy/extensions/grpc_service/channel_credentials/xds/v3/xds_credentials.proto
 envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
 envoy/extensions/load_balancing_policies/common/v3/common.proto
 envoy/extensions/load_balancing_policies/least_request/v3/least_request.proto
@@ -92,6 +100,8 @@ envoy/extensions/transport_sockets/tls/v3/cert.proto
 envoy/extensions/transport_sockets/tls/v3/common.proto
 envoy/extensions/transport_sockets/tls/v3/secret.proto
 envoy/extensions/transport_sockets/tls/v3/tls.proto
+envoy/service/auth/v3/attribute_context.proto
+envoy/service/auth/v3/external_auth.proto
 envoy/service/discovery/v3/ads.proto
 envoy/service/discovery/v3/discovery.proto
 envoy/service/load_stats/v3/lrs.proto
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
index bf65f3df45c..28b1eba6680 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
@@ -41,7 +41,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // <config_overview_bootstrap>` for more detail.
 
 // Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
-// [#next-free-field: 42]
+// [#next-free-field: 43]
 message Bootstrap {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.bootstrap.v2.Bootstrap";
@@ -230,6 +230,14 @@ message Bootstrap {
     bool stats_flush_on_admin = 29 [(validate.rules).bool = {const: true}];
   }
 
+  oneof stats_eviction {
+    // Optional duration to perform metric eviction. At every interval, during the stats flush
+    // the unused metrics are removed from the worker caches and the used metrics
+    // are marked as unused. Must be a multiple of the ``stats_flush_interval``.
+    google.protobuf.Duration stats_eviction_interval = 42
+        [(validate.rules).duration = {gte {nanos: 1000000}}];
+  }
+
   // Optional watchdog configuration.
   // This is for a single watchdog configuration for the entire system.
   // Deprecated in favor of ``watchdogs`` which has finer granularity.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
index 51180b1e855..c5112458a71 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
@@ -652,9 +652,10 @@ message Cluster {
     // If this is not set, we default to a merge window of 1000ms. To disable it, set the merge
     // window to 0.
     //
-    // Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is
-    // because merging those updates isn't currently safe. See
-    // https://github.com/envoyproxy/envoy/pull/3941.
+    // .. note::
+    //   Merging does not apply to cluster membership changes (e.g.: adds/removes); this is
+    //   because merging those updates isn't currently safe. See
+    //   https://github.com/envoyproxy/envoy/pull/3941.
     google.protobuf.Duration update_merge_window = 4;
 
     // If set to true, Envoy will :ref:`exclude <arch_overview_load_balancing_excluded>` new hosts
@@ -816,12 +817,14 @@ message Cluster {
   string name = 1 [(validate.rules).string = {min_len: 1}];
 
   // An optional alternative to the cluster name to be used for observability. This name is used
-  // emitting stats for the cluster and access logging the cluster name. This will appear as
+  // for emitting stats for the cluster and access logging the cluster name. This will appear as
   // additional information in configuration dumps of a cluster's current status as
   // :ref:`observability_name <envoy_v3_api_field_admin.v3.ClusterStatus.observability_name>`
-  // and as an additional tag "upstream_cluster.name" while tracing. Note: Any ``:`` in the name
-  // will be converted to ``_`` when emitting statistics. This should not be confused with
-  // :ref:`Router Filter Header <config_http_filters_router_x-envoy-upstream-alt-stat-name>`.
+  // and as an additional tag "upstream_cluster.name" while tracing.
+  //
+  // .. note::
+  //   Any ``:`` in the name will be converted to ``_`` when emitting statistics. This should not be confused with
+  //   :ref:`Router Filter Header <config_http_filters_router_x-envoy-upstream-alt-stat-name>`.
   string alt_stat_name = 28 [(udpa.annotations.field_migrate).rename = "observability_name"];
 
   oneof cluster_discovery_type {
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/common/mutation_rules/v3/mutation_rules.proto b/xds/third_party/envoy/src/main/proto/envoy/config/common/mutation_rules/v3/mutation_rules.proto
new file mode 100644
index 00000000000..c015db21431
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/common/mutation_rules/v3/mutation_rules.proto
@@ -0,0 +1,113 @@
+syntax = "proto3";
+
+package envoy.config.common.mutation_rules.v3;
+
+import "envoy/config/core/v3/base.proto";
+import "envoy/type/matcher/v3/regex.proto";
+import "envoy/type/matcher/v3/string.proto";
+
+import "google/protobuf/wrappers.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.config.common.mutation_rules.v3";
+option java_outer_classname = "MutationRulesProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3;mutation_rulesv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Header mutation rules]
+
+// The HeaderMutationRules structure specifies what headers may be
+// manipulated by a processing filter. This set of rules makes it
+// possible to control which modifications a filter may make.
+//
+// By default, an external processing server may add, modify, or remove
+// any header except for an "Envoy internal" header (which is typically
+// denoted by an x-envoy prefix) or specific headers that may affect
+// further filter processing:
+//
+// * ``host``
+// * ``:authority``
+// * ``:scheme``
+// * ``:method``
+//
+// Every attempt to add, change, append, or remove a header will be
+// tested against the rules here. Disallowed header mutations will be
+// ignored unless ``disallow_is_error`` is set to true.
+//
+// Attempts to remove headers are further constrained -- regardless of the
+// settings, system-defined headers (that start with ``:``) and the ``host``
+// header may never be removed.
+//
+// In addition, a counter will be incremented whenever a mutation is
+// rejected. In the ext_proc filter, that counter is named
+// ``rejected_header_mutations``.
+// [#next-free-field: 8]
+message HeaderMutationRules {
+  // By default, certain headers that could affect processing of subsequent
+  // filters or request routing cannot be modified. These headers are
+  // ``host``, ``:authority``, ``:scheme``, and ``:method``. Setting this parameter
+  // to true allows these headers to be modified as well.
+  google.protobuf.BoolValue allow_all_routing = 1;
+
+  // If true, allow modification of envoy internal headers. By default, these
+  // start with ``x-envoy`` but this may be overridden in the ``Bootstrap``
+  // configuration using the
+  // :ref:`header_prefix <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.header_prefix>`
+  // field. Default is false.
+  google.protobuf.BoolValue allow_envoy = 2;
+
+  // If true, prevent modification of any system header, defined as a header
+  // that starts with a ``:`` character, regardless of any other settings.
+  // A processing server may still override the ``:status`` of an HTTP response
+  // using an ``ImmediateResponse`` message. Default is false.
+  google.protobuf.BoolValue disallow_system = 3;
+
+  // If true, prevent modifications of all header values, regardless of any
+  // other settings. A processing server may still override the ``:status``
+  // of an HTTP response using an ``ImmediateResponse`` message. Default is false.
+  google.protobuf.BoolValue disallow_all = 4;
+
+  // If set, specifically allow any header that matches this regular
+  // expression. This overrides all other settings except for
+  // ``disallow_expression``.
+  type.matcher.v3.RegexMatcher allow_expression = 5;
+
+  // If set, specifically disallow any header that matches this regular
+  // expression regardless of any other settings.
+  type.matcher.v3.RegexMatcher disallow_expression = 6;
+
+  // If true, and if the rules in this list cause a header mutation to be
+  // disallowed, then the filter using this configuration will terminate the
+  // request with a 500 error. In addition, regardless of the setting of this
+  // parameter, any attempt to set, add, or modify a disallowed header will
+  // cause the ``rejected_header_mutations`` counter to be incremented.
+  // Default is false.
+  google.protobuf.BoolValue disallow_is_error = 7;
+}
+
+// The HeaderMutation structure specifies an action that may be taken on HTTP
+// headers.
+message HeaderMutation {
+  message RemoveOnMatch {
+    // A string matcher that will be applied to the header key. If the header key
+    // matches, the header will be removed.
+    type.matcher.v3.StringMatcher key_matcher = 1 [(validate.rules).message = {required: true}];
+  }
+
+  oneof action {
+    option (validate.required) = true;
+
+    // Remove the specified header if it exists.
+    string remove = 1
+        [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
+
+    // Append new header by the specified HeaderValueOption.
+    core.v3.HeaderValueOption append = 2;
+
+    // Remove the header if the key matches the specified string matcher.
+    RemoveOnMatch remove_on_match = 3;
+  }
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
index 56796fc721a..238494a09c7 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
@@ -105,9 +105,6 @@ message SocketAddress {
   // .. note::
   //    Setting this parameter requires Envoy to run with the ``CAP_NET_ADMIN`` capability.
   //
-  // .. note::
-  //    Currently only used for Listener sockets.
-  //
   // .. attention::
   //     Network namespaces are only configurable on Linux. Otherwise, this field has no effect.
   string network_namespace_filepath = 7;
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto
index f0effd99e45..430562aa5bd 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto
@@ -276,7 +276,8 @@ message ExtensionConfigSource {
   // to be supplied.
   bool apply_default_config_without_warming = 3;
 
-  // A set of permitted extension type URLs. Extension configuration updates are rejected
-  // if they do not match any type URL in the set.
+  // A set of permitted extension type URLs for the type encoded inside of the
+  // :ref:`TypedExtensionConfig <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`. Extension
+  // configuration updates are rejected if they do not match any type URL in the set.
   repeated string type_urls = 4 [(validate.rules).repeated = {min_items: 1}];
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto
index 5fd7921a806..f8feb2f516f 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto
@@ -64,7 +64,7 @@ message GrpcService {
     bool skip_envoy_headers = 5;
   }
 
-  // [#next-free-field: 9]
+  // [#next-free-field: 11]
   message GoogleGrpc {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.api.v2.core.GrpcService.GoogleGrpc";
@@ -249,16 +249,31 @@ message GrpcService {
     }
 
     // The target URI when using the `Google C++ gRPC client
-    // <https://github.com/grpc/grpc>`_. SSL credentials will be supplied in
-    // :ref:`channel_credentials <envoy_v3_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_credentials>`.
+    // <https://github.com/grpc/grpc>`_.
     string target_uri = 1 [(validate.rules).string = {min_len: 1}];
 
+    // The channel credentials to use. See `channel credentials
+    // <https://grpc.io/docs/guides/auth.html#credential-types>`_.
+    // Ignored if ``channel_credentials_plugin`` is set.
     ChannelCredentials channel_credentials = 2;
 
-    // A set of call credentials that can be composed with `channel credentials
+    // A list of channel credentials plugins.
+    // The data plane will iterate over the list in order and stop at the first credential type
+    // that it supports. This provides a mechanism for starting to use new credential types that
+    // are not yet supported by all data planes.
+    // [#not-implemented-hide:]
+    repeated google.protobuf.Any channel_credentials_plugin = 9;
+
+    // The call credentials to use. See `channel credentials
     // <https://grpc.io/docs/guides/auth.html#credential-types>`_.
+    // Ignored if ``call_credentials_plugin`` is set.
     repeated CallCredentials call_credentials = 3;
 
+    // A list of call credentials plugins. All supported plugins will be used.
+    // Unsupported plugin types will be ignored.
+    // [#not-implemented-hide:]
+    repeated google.protobuf.Any call_credentials_plugin = 10;
+
     // The human readable prefix to use when emitting statistics for the gRPC
     // service.
     //
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto
index fd4440d8fa5..a4ed6e91818 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto
@@ -102,7 +102,8 @@ message HealthCheck {
     // ``/healthcheck``.
     string path = 2 [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_VALUE}];
 
-    // [#not-implemented-hide:] HTTP specific payload.
+    // HTTP specific payload to be sent as the request body during health checking.
+    // If specified, the method should support a request body (POST, PUT, PATCH, etc.).
     Payload send = 3;
 
     // Specifies a list of HTTP expected responses to match in the first ``response_buffer_size`` bytes of the response body.
@@ -161,7 +162,8 @@ message HealthCheck {
     type.matcher.v3.StringMatcher service_name_matcher = 11;
 
     // HTTP Method that will be used for health checking, default is "GET".
-    // GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PATCH methods are supported, but making request body is not supported.
+    // GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PATCH methods are supported.
+    // Request body payloads are supported for POST, PUT, PATCH, and OPTIONS methods only.
     // CONNECT method is disallowed because it is not appropriate for health check request.
     // If a non-200 response is expected by the method, it needs to be set in :ref:`expected_statuses <envoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.expected_statuses>`.
     RequestMethod method = 13 [(validate.rules).enum = {defined_only: true not_in: 6}];
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
index edab4cd79c6..74fe641fe3a 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
@@ -77,7 +77,7 @@ message QuicProtocolOptions {
       [(validate.rules).uint32 = {lte: 16777216 gte: 1}];
 
   // Similar to ``initial_stream_window_size``, but for connection-level
-  // flow-control. Valid values rage from 1 to 25165824 (24MB, maximum supported by QUICHE) and defaults
+  // flow-control. Valid values range from 1 to 25165824 (24MB, maximum supported by QUICHE) and defaults
   // to 25165824 (24 * 1024 * 1024).
   //
   // .. note::
@@ -111,10 +111,9 @@ message QuicProtocolOptions {
   // default 600s will be applied.
   // For internal corporate network, a long timeout is often fine.
   // But for client facing network, 30s is usually a good choice.
-  google.protobuf.Duration idle_network_timeout = 8 [(validate.rules).duration = {
-    lte {seconds: 600}
-    gte {seconds: 1}
-  }];
+  // Do not add an upper bound here. A long idle timeout is useful for maintaining warm connections at non-front-line proxy for low QPS services."
+  google.protobuf.Duration idle_network_timeout = 8
+      [(validate.rules).duration = {gte {seconds: 1}}];
 
   // Maximum packet length for QUIC connections. It refers to the largest size of a QUIC packet that can be transmitted over the connection.
   // If not specified, one of the `default values in QUICHE <https://github.com/google/quiche/blob/main/quiche/quic/core/quic_constants.h>`_ is used.
@@ -276,7 +275,7 @@ message HttpProtocolOptions {
   // The default value for responses can be overridden by setting runtime key ``envoy.reloadable_features.max_response_headers_count``.
   // Downstream requests that exceed this limit will receive a 431 response for HTTP/1.x and cause a stream
   // reset for HTTP/2.
-  // Upstream responses that exceed this limit will result in a 503 response.
+  // Upstream responses that exceed this limit will result in a 502 response.
   google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}];
 
   // The maximum size of response headers.
@@ -420,7 +419,7 @@ message Http1ProtocolOptions {
   // envoy.reloadable_features.http1_use_balsa_parser.
   // See issue #21245.
   google.protobuf.BoolValue use_balsa_parser = 9
-      [(xds.annotations.v3.field_status).work_in_progress = true];
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
   // [#not-implemented-hide:] Hiding so that field can be removed.
   // If true, and BalsaParser is used (either `use_balsa_parser` above is true,
@@ -503,7 +502,7 @@ message Http2ProtocolOptions {
 
   // `Maximum concurrent streams <https://httpwg.org/specs/rfc7540.html#rfc.section.5.1.2>`_
   // allowed for peer on one HTTP/2 connection. Valid values range from 1 to 2147483647 (2^31 - 1)
-  // and defaults to 2147483647.
+  // and defaults to 1024 for safety and should be sufficient for most use cases.
   //
   // For upstream connections, this also limits how many streams Envoy will initiate concurrently
   // on a single connection. If the limit is reached, Envoy may queue requests or establish
@@ -517,8 +516,8 @@ message Http2ProtocolOptions {
 
   // `Initial stream-level flow-control window
   // <https://httpwg.org/specs/rfc7540.html#rfc.section.6.9.2>`_ size. Valid values range from 65535
-  // (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to 268435456
-  // (256 * 1024 * 1024).
+  // (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to
+  // 16MiB (16 * 1024 * 1024).
   //
   // .. note::
   //
@@ -532,7 +531,7 @@ message Http2ProtocolOptions {
       [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
 
   // Similar to ``initial_stream_window_size``, but for connection-level flow-control
-  // window. Currently, this has the same minimum/maximum/default as ``initial_stream_window_size``.
+  // window. The default is 24MiB (24 * 1024 * 1024).
   google.protobuf.UInt32Value initial_connection_window_size = 4
       [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
 
@@ -674,7 +673,7 @@ message GrpcProtocolOptions {
 }
 
 // A message which allows using HTTP/3.
-// [#next-free-field: 8]
+// [#next-free-field: 9]
 message Http3ProtocolOptions {
   QuicProtocolOptions quic_protocol_options = 1;
 
@@ -709,6 +708,10 @@ message Http3ProtocolOptions {
   // No huffman encoding, zero dynamic table capacity and no cookie crumbing.
   // This can be useful for trading off CPU vs bandwidth when an upstream HTTP/3 connection multiplexes multiple downstream connections.
   bool disable_qpack = 7;
+
+  // Disables connection level flow control for HTTP/3 streams. This is useful in situations where the streams share the same connection
+  // but originate from different end-clients, so that each stream can make progress independently at non-front-line proxies.
+  bool disable_connection_flow_control_for_streams = 8;
 }
 
 // A message to control transformations to the :scheme header
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto
index 894f68310a4..a149f6095c1 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto
@@ -113,8 +113,9 @@ message ClusterLoadAssignment {
     // to determine the health of the priority level, or in other words assume each host has a weight of 1 for
     // this calculation.
     //
-    // Note: this is not currently implemented for
-    // :ref:`locality weighted load balancing <arch_overview_load_balancing_locality_weighted_lb>`.
+    // .. note::
+    //   This is not currently implemented for
+    //   :ref:`locality weighted load balancing <arch_overview_load_balancing_locality_weighted_lb>`.
     bool weighted_priority_health = 6;
   }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto
index 32bbfe2d3f6..6d12765cef5 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto
@@ -38,7 +38,8 @@ message UpstreamLocalityStats {
   // locality.
   uint64 total_successful_requests = 2;
 
-  // The total number of unfinished requests
+  // The total number of unfinished requests. A request can be an HTTP request
+  // or a TCP connection for a TCP connection pool.
   uint64 total_requests_in_progress = 3;
 
   // The total number of requests that failed due to errors at the endpoint,
@@ -47,7 +48,8 @@ message UpstreamLocalityStats {
 
   // The total number of requests that were issued by this Envoy since
   // the last report. This information is aggregated over all the
-  // upstream endpoints in the locality.
+  // upstream endpoints in the locality. A request can be an HTTP request
+  // or a TCP connection for a TCP connection pool.
   uint64 total_issued_requests = 8;
 
   // The total number of connections in an established state at the time of the
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
index 33eb349fd06..cfa30afbb68 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
@@ -233,7 +233,7 @@ message FilterChain {
   google.protobuf.BoolValue use_proxy_proto = 4
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
-  // [#not-implemented-hide:] filter chain metadata.
+  // Filter chain metadata.
   core.v3.Metadata metadata = 5;
 
   // Optional custom transport socket implementation to use for downstream connections.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto b/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto
index e7d7f80d648..02bb23aec9d 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto
@@ -298,10 +298,12 @@ message HistogramBucketSettings {
   // Each value is the upper bound of a bucket. Each bucket must be greater than 0 and unique.
   // The order of the buckets does not matter.
   repeated double buckets = 2 [(validate.rules).repeated = {
-    min_items: 1
     unique: true
     items {double {gt: 0.0}}
   }];
+
+  // Initial number of bins for the ``circllhist`` thread local histogram per time series. Default value is 100.
+  google.protobuf.UInt32Value bins = 3 [(validate.rules).uint32 = {lte: 46082 gt: 0}];
 }
 
 // Stats configuration proto schema for built-in ``envoy.stat_sinks.statsd`` sink. This sink does not support
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto b/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto
index 1f267c1863d..b5bc2c4d830 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto
@@ -109,6 +109,13 @@ message ScaleTimersOverloadActionConfig {
     // :ref:`HttpConnectionManager.common_http_protocol_options.max_connection_duration
     // <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_connection_duration>`.
     HTTP_DOWNSTREAM_CONNECTION_MAX = 4;
+
+    // Adjusts the timeout for the downstream codec to flush an ended stream.
+    // This affects the value of :ref:`RouteAction.flush_timeout
+    // <envoy_v3_api_field_config.route.v3.RouteAction.flush_timeout>` and
+    // :ref:`HttpConnectionManager.stream_flush_timeout
+    // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_flush_timeout>`
+    HTTP_DOWNSTREAM_STREAM_FLUSH = 5;
   }
 
   message ScaleTimer {
@@ -134,9 +141,16 @@ message OverloadAction {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.overload.v2alpha.OverloadAction";
 
-  // The name of the overload action. This is just a well-known string that listeners can
-  // use for registering callbacks. Custom overload actions should be named using reverse
-  // DNS to ensure uniqueness.
+  // The name of the overload action. This is just a well-known string that
+  // listeners can use for registering callbacks.
+  // Valid known overload actions include:
+  // - envoy.overload_actions.stop_accepting_requests
+  // - envoy.overload_actions.disable_http_keepalive
+  // - envoy.overload_actions.stop_accepting_connections
+  // - envoy.overload_actions.reject_incoming_connections
+  // - envoy.overload_actions.shrink_heap
+  // - envoy.overload_actions.reduce_timeouts
+  // - envoy.overload_actions.reset_high_memory_stream
   string name = 1 [(validate.rules).string = {min_len: 1}];
 
   // A set of triggers for this action. The state of the action is the maximum
@@ -148,7 +162,7 @@ message OverloadAction {
   // in this list.
   repeated Trigger triggers = 2 [(validate.rules).repeated = {min_items: 1}];
 
-  // Configuration for the action being instantiated.
+  // Configuration for the action being instantiated if applicable.
   google.protobuf.Any typed_config = 3;
 }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
index 292e5b93558..6837ade69d8 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
@@ -41,7 +41,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // host header. This allows a single listener to service multiple top level domain path trees. Once
 // a virtual host is selected based on the domain, the routes are processed in order to see which
 // upstream cluster to route to or whether to perform a redirect.
-// [#next-free-field: 25]
+// [#next-free-field: 26]
 message VirtualHost {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.VirtualHost";
 
@@ -205,10 +205,37 @@ message VirtualHost {
   // request header in retries initiated by per try timeouts.
   bool include_is_timeout_retry_header = 23;
 
-  // The maximum bytes which will be buffered for retries and shadowing.
-  // If set and a route-specific limit is not set, the bytes actually buffered will be the minimum
-  // value of this and the listener per_connection_buffer_limit_bytes.
-  google.protobuf.UInt32Value per_request_buffer_limit_bytes = 18;
+  // The maximum bytes which will be buffered for retries and shadowing. If set, the bytes actually buffered will be
+  // the minimum value of this and the listener ``per_connection_buffer_limit_bytes``.
+  //
+  // .. attention::
+  //
+  //   This field has been deprecated. Please use :ref:`request_body_buffer_limit
+  //   <envoy_v3_api_field_config.route.v3.VirtualHost.request_body_buffer_limit>` instead.
+  //   Only one of ``per_request_buffer_limit_bytes`` and ``request_body_buffer_limit`` could be set.
+  google.protobuf.UInt32Value per_request_buffer_limit_bytes = 18
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // The maximum bytes which will be buffered for request bodies to support large request body
+  // buffering beyond the ``per_connection_buffer_limit_bytes``.
+  //
+  // This limit is specifically for the request body buffering and allows buffering larger payloads while maintaining
+  // flow control.
+  //
+  // Buffer limit precedence (from highest to lowest priority):
+  //
+  // 1. If ``request_body_buffer_limit`` is set, then ``request_body_buffer_limit`` will be used.
+  // 2. If :ref:`per_request_buffer_limit_bytes <envoy_v3_api_field_config.route.v3.VirtualHost.per_request_buffer_limit_bytes>`
+  //    is set but ``request_body_buffer_limit`` is not, then ``min(per_request_buffer_limit_bytes, per_connection_buffer_limit_bytes)``
+  //    will be used.
+  // 3. If neither is set, then ``per_connection_buffer_limit_bytes`` will be used.
+  //
+  // For flow control chunk sizes, ``min(per_connection_buffer_limit_bytes, 16KB)`` will be used.
+  //
+  // Only one of :ref:`per_request_buffer_limit_bytes <envoy_v3_api_field_config.route.v3.VirtualHost.per_request_buffer_limit_bytes>`
+  // and ``request_body_buffer_limit`` could be set.
+  google.protobuf.UInt64Value request_body_buffer_limit = 25
+      [(validate.rules).message = {required: false}];
 
   // Specify a set of default request mirroring policies for every route under this virtual host.
   // It takes precedence over the route config mirror policy entirely.
@@ -244,7 +271,7 @@ message RouteList {
 //
 //   Envoy supports routing on HTTP method via :ref:`header matching
 //   <envoy_v3_api_msg_config.route.v3.HeaderMatcher>`.
-// [#next-free-field: 20]
+// [#next-free-field: 21]
 message Route {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Route";
 
@@ -341,7 +368,14 @@ message Route {
   // The maximum bytes which will be buffered for retries and shadowing.
   // If set, the bytes actually buffered will be the minimum value of this and the
   // listener per_connection_buffer_limit_bytes.
-  google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16;
+  //
+  // .. attention::
+  //
+  //   This field has been deprecated. Please use :ref:`request_body_buffer_limit
+  //   <envoy_v3_api_field_config.route.v3.Route.request_body_buffer_limit>` instead.
+  //   Only one of ``per_request_buffer_limit_bytes`` and ``request_body_buffer_limit`` may be set.
+  google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
   // The human readable prefix to use when emitting statistics for this endpoint.
   // The statistics are rooted at vhost.<virtual host name>.route.<stat_prefix>.
@@ -357,6 +391,25 @@ message Route {
   //    every application endpoint. This is both not easily maintainable and
   //    statistics use a non-trivial amount of memory(approximately 1KiB per route).
   string stat_prefix = 19;
+
+  // The maximum bytes which will be buffered for request bodies to support large request body
+  // buffering beyond the ``per_connection_buffer_limit_bytes``.
+  //
+  // This limit is specifically for the request body buffering and allows buffering larger payloads while maintaining
+  // flow control.
+  //
+  // Buffer limit precedence (from highest to lowest priority):
+  //
+  // 1. If ``request_body_buffer_limit`` is set: use ``request_body_buffer_limit``
+  // 2. If :ref:`per_request_buffer_limit_bytes <envoy_v3_api_field_config.route.v3.Route.per_request_buffer_limit_bytes>`
+  //    is set but ``request_body_buffer_limit`` is not: use ``min(per_request_buffer_limit_bytes, per_connection_buffer_limit_bytes)``
+  // 3. If neither is set: use ``per_connection_buffer_limit_bytes``
+  //
+  // For flow control chunk sizes, use ``min(per_connection_buffer_limit_bytes, 16KB)``.
+  //
+  // Only one of :ref:`per_request_buffer_limit_bytes <envoy_v3_api_field_config.route.v3.Route.per_request_buffer_limit_bytes>`
+  // and ``request_body_buffer_limit`` may be set.
+  google.protobuf.UInt64Value request_body_buffer_limit = 20;
 }
 
 // Compared to the :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>` field that specifies a
@@ -365,6 +418,7 @@ message Route {
 // multiple upstream clusters along with weights that indicate the percentage of
 // traffic to be forwarded to each cluster. The router selects an upstream cluster based on the
 // weights.
+// [#next-free-field: 6]
 message WeightedCluster {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.WeightedCluster";
 
@@ -495,6 +549,10 @@ message WeightedCluster {
     // the process for the consistency. And the value is a unsigned number between 0 and UINT64_MAX.
     string header_name = 4
         [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}];
+
+    // When set to true, the hash policies will be used to generate the random value for weighted cluster selection.
+    // This could ensure consistent cluster picking across multiple proxy levels for weighted traffic.
+    google.protobuf.BoolValue use_hash_policy = 5;
   }
 }
 
@@ -740,7 +798,7 @@ message CorsPolicy {
   google.protobuf.BoolValue forward_not_matching_preflights = 13;
 }
 
-// [#next-free-field: 42]
+// [#next-free-field: 43]
 message RouteAction {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteAction";
 
@@ -1265,8 +1323,28 @@ message RouteAction {
   // If the :ref:`overload action <config_overload_manager_overload_actions>` "envoy.overload_actions.reduce_timeouts"
   // is configured, this timeout is scaled according to the value for
   // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE <envoy_v3_api_enum_value_config.overload.v3.ScaleTimersOverloadActionConfig.TimerType.HTTP_DOWNSTREAM_STREAM_IDLE>`.
+  //
+  // This timeout may also be used in place of ``flush_timeout`` in very specific cases. See the
+  // documentation for ``flush_timeout`` for more details.
   google.protobuf.Duration idle_timeout = 24;
 
+  // Specifies the codec stream flush timeout for the route.
+  //
+  // If not specified, the first preference is the global :ref:`stream_flush_timeout
+  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_flush_timeout>`,
+  // but only if explicitly configured.
+  //
+  // If neither the explicit HCM-wide flush timeout nor this route-specific flush timeout is configured,
+  // the route's stream idle timeout is reused for this timeout. This is for
+  // backwards compatibility since both behaviors were historically controlled by the one timeout.
+  //
+  // If the route also does not have an idle timeout configured, the global :ref:`stream_idle_timeout
+  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_idle_timeout>`. used, again
+  // for backwards compatibility. That timeout defaults to 5 minutes.
+  //
+  // A value of 0 via any of the above paths will completely disable the timeout for a given route.
+  google.protobuf.Duration flush_timeout = 42;
+
   // Specifies how to send request over TLS early data.
   // If absent, allows `safe HTTP requests <https://www.rfc-editor.org/rfc/rfc7231#section-4.2.1>`_ to be sent on early data.
   // [#extension-category: envoy.route.early_data_policy]
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opentelemetry.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opentelemetry.proto
index 59028326f22..5260d9bd6af 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opentelemetry.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opentelemetry.proto
@@ -6,6 +6,8 @@ import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/grpc_service.proto";
 import "envoy/config/core/v3/http_service.proto";
 
+import "google/protobuf/wrappers.proto";
+
 import "udpa/annotations/migrate.proto";
 import "udpa/annotations/status.proto";
 
@@ -19,7 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // Configuration for the OpenTelemetry tracer.
 //  [#extension: envoy.tracers.opentelemetry]
-// [#next-free-field: 6]
+// [#next-free-field: 7]
 message OpenTelemetryConfig {
   // The upstream gRPC cluster that will receive OTLP traces.
   // Note that the tracer drops traces if the server does not read data fast enough.
@@ -57,4 +59,9 @@ message OpenTelemetryConfig {
   // See: `OpenTelemetry sampler specification <https://opentelemetry.io/docs/specs/otel/trace/sdk/#sampler>`_
   // [#extension-category: envoy.tracers.opentelemetry.samplers]
   core.v3.TypedExtensionConfig sampler = 5;
+
+  // Envoy caches the span in memory when the OpenTelemetry backend service is temporarily unavailable.
+  // This field specifies the maximum number of spans that can be cached. If not specified, the
+  // default is 1024.
+  google.protobuf.UInt32Value max_cache_size = 6;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto
index 2d8f3195c31..7405c596ed5 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto
@@ -2,13 +2,14 @@ syntax = "proto3";
 
 package envoy.config.trace.v3;
 
+import "envoy/config/core/v3/http_service.proto";
+
 import "google/protobuf/wrappers.proto";
 
 import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
-import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.config.trace.v3";
 option java_outer_classname = "ZipkinProto";
@@ -21,10 +22,22 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // Configuration for the Zipkin tracer.
 // [#extension: envoy.tracers.zipkin]
-// [#next-free-field: 8]
+// [#next-free-field: 10]
 message ZipkinConfig {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v2.ZipkinConfig";
 
+  // Available trace context options for handling different trace header formats.
+  enum TraceContextOption {
+    // Use B3 headers only (default behavior).
+    USE_B3 = 0;
+
+    // Enable B3 and W3C dual header support:
+    // - For downstream: Extract from B3 headers first, fallback to W3C traceparent if B3 is unavailable.
+    // - For upstream: Inject both B3 and W3C traceparent headers.
+    // When this option is NOT set, only B3 headers are used for both extraction and injection.
+    USE_B3_WITH_W3C_PROPAGATION = 1;
+  }
+
   // Available Zipkin collector endpoint versions.
   enum CollectorEndpointVersion {
     // Zipkin API v1, JSON over HTTP.
@@ -48,11 +61,17 @@ message ZipkinConfig {
   }
 
   // The cluster manager cluster that hosts the Zipkin collectors.
-  string collector_cluster = 1 [(validate.rules).string = {min_len: 1}];
+  // Note: This field will be deprecated in future releases in favor of
+  // :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
+  // Either this field or collector_service must be specified.
+  string collector_cluster = 1;
 
   // The API endpoint of the Zipkin service where the spans will be sent. When
   // using a standard Zipkin installation.
-  string collector_endpoint = 2 [(validate.rules).string = {min_len: 1}];
+  // Note: This field will be deprecated in future releases in favor of
+  // :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
+  // Required when using collector_cluster.
+  string collector_endpoint = 2;
 
   // Determines whether a 128bit trace id will be used when creating a new
   // trace instance. The default value is false, which will result in a 64 bit trace id being used.
@@ -67,6 +86,8 @@ message ZipkinConfig {
 
   // Optional hostname to use when sending spans to the collector_cluster. Useful for collectors
   // that require a specific hostname. Defaults to :ref:`collector_cluster <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_cluster>` above.
+  // Note: This field will be deprecated in future releases in favor of
+  // :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
   string collector_hostname = 6;
 
   // If this is set to true, then Envoy will be treated as an independent hop in trace chain. A complete span pair will be created for a single
@@ -88,4 +109,60 @@ message ZipkinConfig {
   //   Please use that ``spawn_upstream_span`` field to control the span creation.
   bool split_spans_for_request = 7
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // Determines which trace context format to use for trace header extraction and propagation.
+  // This controls both downstream request header extraction and upstream request header injection.
+  // Here is the spec for W3C trace headers: https://www.w3.org/TR/trace-context/
+  // The default value is USE_B3 to maintain backward compatibility.
+  TraceContextOption trace_context_option = 8;
+
+  // HTTP service configuration for the Zipkin collector.
+  // When specified, this configuration takes precedence over the legacy fields:
+  // collector_cluster, collector_endpoint, and collector_hostname.
+  // This provides a complete HTTP service configuration including cluster, URI, timeout, and headers.
+  // If not specified, the legacy fields above will be used for backward compatibility.
+  //
+  // Required fields when using collector_service:
+  //
+  // * ``http_uri.cluster`` - Must be specified and non-empty
+  // * ``http_uri.uri`` - Must be specified and non-empty
+  // * ``http_uri.timeout`` - Optional
+  //
+  // Full URI Support with Automatic Parsing:
+  //
+  // The ``uri`` field supports both path-only and full URI formats:
+  //
+  // .. code-block:: yaml
+  //
+  //   tracing:
+  //     provider:
+  //       name: envoy.tracers.zipkin
+  //       typed_config:
+  //         "@type": type.googleapis.com/envoy.config.trace.v3.ZipkinConfig
+  //         collector_service:
+  //           http_uri:
+  //             # Full URI format - hostname and path are extracted automatically
+  //             uri: "https://zipkin-collector.example.com/api/v2/spans"
+  //             cluster: zipkin
+  //             timeout: 5s
+  //           request_headers_to_add:
+  //             - header:
+  //                 key: "X-Custom-Token"
+  //                 value: "your-custom-token"
+  //             - header:
+  //                 key: "X-Service-ID"
+  //                 value: "your-service-id"
+  //
+  // URI Parsing Behavior:
+  //
+  // * Full URI: ``"https://zipkin-collector.example.com/api/v2/spans"``
+  //
+  //   * Hostname: ``zipkin-collector.example.com`` (sets HTTP ``Host`` header)
+  //   * Path: ``/api/v2/spans`` (sets HTTP request path)
+  //
+  // * Path only: ``"/api/v2/spans"``
+  //
+  //   * Hostname: Uses cluster name as fallback
+  //   * Path: ``/api/v2/spans``
+  core.v3.HttpService collector_service = 9;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
new file mode 100644
index 00000000000..7cf2aac64aa
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -0,0 +1,529 @@
+syntax = "proto3";
+
+package envoy.extensions.filters.http.ext_authz.v3;
+
+import "envoy/config/common/mutation_rules/v3/mutation_rules.proto";
+import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/config_source.proto";
+import "envoy/config/core/v3/grpc_service.proto";
+import "envoy/config/core/v3/http_uri.proto";
+import "envoy/type/matcher/v3/metadata.proto";
+import "envoy/type/matcher/v3/string.proto";
+import "envoy/type/v3/http_status.proto";
+
+import "google/protobuf/struct.proto";
+import "google/protobuf/wrappers.proto";
+
+import "envoy/annotations/deprecation.proto";
+import "udpa/annotations/sensitive.proto";
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3";
+option java_outer_classname = "ExtAuthzProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3;ext_authzv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: External Authorization]
+// External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.
+// [#extension: envoy.filters.http.ext_authz]
+
+// [#next-free-field: 30]
+message ExtAuthz {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.filter.http.ext_authz.v3.ExtAuthz";
+
+  reserved 4;
+
+  reserved "use_alpha";
+
+  // External authorization service configuration.
+  oneof services {
+    // gRPC service configuration (default timeout: 200ms).
+    config.core.v3.GrpcService grpc_service = 1;
+
+    // HTTP service configuration (default timeout: 200ms).
+    HttpService http_service = 3;
+  }
+
+  // API version for ext_authz transport protocol. This describes the ext_authz gRPC endpoint and
+  // version of messages used on the wire.
+  config.core.v3.ApiVersion transport_api_version = 12
+      [(validate.rules).enum = {defined_only: true}];
+
+  // Changes the filter's behavior on errors:
+  //
+  // #. When set to ``true``, the filter will ``accept`` the client request even if communication with
+  //    the authorization service has failed, or if the authorization service has returned an HTTP 5xx
+  //    error.
+  //
+  // #. When set to ``false``, the filter will ``reject`` client requests and return ``Forbidden``
+  //    if communication with the authorization service has failed, or if the authorization service
+  //    has returned an HTTP 5xx error.
+  //
+  // Errors can always be tracked in the :ref:`stats <config_http_filters_ext_authz_stats>`.
+  bool failure_mode_allow = 2;
+
+  // When ``failure_mode_allow`` and ``failure_mode_allow_header_add`` are both set to ``true``,
+  // ``x-envoy-auth-failure-mode-allowed: true`` will be added to request headers if the communication
+  // with the authorization service has failed, or if the authorization service has returned a
+  // HTTP 5xx error.
+  bool failure_mode_allow_header_add = 19;
+
+  // Enables the filter to buffer the client request body and send it within the authorization request.
+  // The ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization
+  // request indicating whether the body data is partial.
+  BufferSettings with_request_body = 5;
+
+  // Clears the route cache in order to allow the external authorization service to correctly affect
+  // routing decisions. The filter clears all cached routes when:
+  //
+  // #. The field is set to ``true``.
+  //
+  // #. The status returned from the authorization service is an HTTP 200 or gRPC 0.
+  //
+  // #. At least one ``authorization response header`` is added to the client request, or is used to
+  //    alter another client request header.
+  //
+  bool clear_route_cache = 6;
+
+  // Sets the HTTP status that is returned to the client when the authorization server returns an error
+  // or cannot be reached. The default status is HTTP 403 Forbidden.
+  type.v3.HttpStatus status_on_error = 7;
+
+  // When this is set to ``true``, the filter will check the :ref:`ext_authz response
+  // <envoy_v3_api_msg_service.auth.v3.CheckResponse>` for invalid header and
+  // query parameter mutations. If the side stream response is invalid, it will send a local reply
+  // to the downstream request with status HTTP 500 Internal Server Error.
+  //
+  // .. note::
+  //   Both ``headers_to_remove`` and ``query_parameters_to_remove`` are validated, but invalid elements in
+  //   those fields should not affect any headers and thus will not cause the filter to send a local reply.
+  //
+  // When set to ``false``, any invalid mutations will be visible to the rest of Envoy and may cause
+  // unexpected behavior.
+  //
+  // If you are using ext_authz with an untrusted ext_authz server, you should set this to ``true``.
+  bool validate_mutations = 24;
+
+  // Specifies a list of metadata namespaces whose values, if present, will be passed to the
+  // ext_authz service. The :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>`
+  // is passed as an opaque ``protobuf::Struct``.
+  //
+  // .. note::
+  //   This field applies exclusively to the gRPC ext_authz service and has no effect on the HTTP service.
+  //
+  // For example, if the ``jwt_authn`` filter is used and :ref:`payload_in_metadata
+  // <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.payload_in_metadata>` is set,
+  // then the following will pass the jwt payload to the authorization server.
+  //
+  // .. code-block:: yaml
+  //
+  //    metadata_context_namespaces:
+  //    - envoy.filters.http.jwt_authn
+  //
+  repeated string metadata_context_namespaces = 8;
+
+  // Specifies a list of metadata namespaces whose values, if present, will be passed to the
+  // ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>`
+  // is passed as a ``protobuf::Any``.
+  //
+  // .. note::
+  //   This field applies exclusively to the gRPC ext_authz service and has no effect on the HTTP service.
+  //
+  // This works similarly to ``metadata_context_namespaces`` but allows Envoy and the ext_authz server to share
+  // the protobuf message definition in order to perform safe parsing.
+  //
+  repeated string typed_metadata_context_namespaces = 16;
+
+  // Specifies a list of route metadata namespaces whose values, if present, will be passed to the
+  // ext_authz service at :ref:`route_metadata_context <envoy_v3_api_field_service.auth.v3.AttributeContext.route_metadata_context>` in
+  // :ref:`CheckRequest <envoy_v3_api_field_service.auth.v3.CheckRequest.attributes>`.
+  // :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` is passed as an opaque ``protobuf::Struct``.
+  repeated string route_metadata_context_namespaces = 21;
+
+  // Specifies a list of route metadata namespaces whose values, if present, will be passed to the
+  // ext_authz service at :ref:`route_metadata_context <envoy_v3_api_field_service.auth.v3.AttributeContext.route_metadata_context>` in
+  // :ref:`CheckRequest <envoy_v3_api_field_service.auth.v3.CheckRequest.attributes>`.
+  // :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` is passed as a ``protobuf::Any``.
+  repeated string route_typed_metadata_context_namespaces = 22;
+
+  // Specifies if the filter is enabled.
+  //
+  // If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
+  // Envoy will lookup the runtime key to get the percentage of requests to filter.
+  //
+  // If this field is not specified, the filter will be enabled for all requests.
+  config.core.v3.RuntimeFractionalPercent filter_enabled = 9;
+
+  // Specifies if the filter is enabled with metadata matcher.
+  // If this field is not specified, the filter will be enabled for all requests.
+  type.matcher.v3.MetadataMatcher filter_enabled_metadata = 14;
+
+  // Specifies whether to deny the requests when the filter is disabled.
+  // If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFeatureFlag.runtime_key>` is specified,
+  // Envoy will lookup the runtime key to determine whether to deny requests for filter-protected paths
+  // when the filter is disabled. If the filter is disabled in ``typed_per_filter_config`` for the path,
+  // requests will not be denied.
+  //
+  // If this field is not specified, all requests will be allowed when disabled.
+  //
+  // If a request is denied due to this setting, the response code in :ref:`status_on_error
+  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.status_on_error>` will
+  // be returned.
+  config.core.v3.RuntimeFeatureFlag deny_at_disable = 11;
+
+  // Specifies if the peer certificate is sent to the external service.
+  //
+  // When this field is ``true``, Envoy will include the peer X.509 certificate, if available, in the
+  // :ref:`certificate<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.certificate>`.
+  bool include_peer_certificate = 10;
+
+  // Optional additional prefix to use when emitting statistics. This allows distinguishing
+  // emitted statistics between configured ``ext_authz`` filters in an HTTP filter chain. For example:
+  //
+  // .. code-block:: yaml
+  //
+  //   http_filters:
+  //     - name: envoy.filters.http.ext_authz
+  //       typed_config:
+  //         "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
+  //         stat_prefix: waf # This emits ext_authz.waf.ok, ext_authz.waf.denied, etc.
+  //     - name: envoy.filters.http.ext_authz
+  //       typed_config:
+  //         "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
+  //         stat_prefix: blocker # This emits ext_authz.blocker.ok, ext_authz.blocker.denied, etc.
+  //
+  string stat_prefix = 13;
+
+  // Optional labels that will be passed to :ref:`labels<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.labels>` in
+  // :ref:`destination<envoy_v3_api_field_service.auth.v3.AttributeContext.destination>`.
+  // The labels will be read from :ref:`metadata<envoy_v3_api_msg_config.core.v3.Node>` with the specified key.
+  string bootstrap_metadata_labels_key = 15;
+
+  // Check request to authorization server will include the client request headers that have a correspondent match
+  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`. If this option isn't specified, then
+  // all client request headers are included in the check request to a gRPC authorization server, whereas no client request headers
+  // (besides the ones allowed by default - see note below) are included in the check request to an HTTP authorization server.
+  // This inconsistency between gRPC and HTTP servers is to maintain backwards compatibility with legacy behavior.
+  //
+  // .. note::
+  //
+  //  For requests to an HTTP authorization server: in addition to the user's supplied matchers, ``Host``, ``Method``, ``Path``,
+  //  ``Content-Length``, and ``Authorization`` are **additionally included** in the list.
+  //
+  // .. note::
+  //
+  //  For requests to an HTTP authorization server: the value of ``Content-Length`` will be set to ``0`` and the request to the
+  //  authorization server will not have a message body. However, the check request can include the buffered
+  //  client request body (controlled by :ref:`with_request_body
+  //  <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>` setting);
+  //  consequently, the value of ``Content-Length`` in the authorization request reflects the size of its payload.
+  //
+  // .. note::
+  //
+  //  This can be overridden by the field ``disallowed_headers`` below. That is, if a header
+  //  matches for both ``allowed_headers`` and ``disallowed_headers``, the header will NOT be sent.
+  type.matcher.v3.ListStringMatcher allowed_headers = 17;
+
+  // If set, specifically disallow any header in this list to be forwarded to the external
+  // authentication server. This overrides the above ``allowed_headers`` if a header matches both.
+  type.matcher.v3.ListStringMatcher disallowed_headers = 25;
+
+  // Specifies if the TLS session level details like SNI are sent to the external service.
+  //
+  // When this field is ``true``, Envoy will include the SNI name used for TLSClientHello, if available, in the
+  // :ref:`tls_session<envoy_v3_api_field_service.auth.v3.AttributeContext.tls_session>`.
+  bool include_tls_session = 18;
+
+  // Whether to increment cluster statistics (e.g. cluster.<cluster_name>.upstream_rq_*) on authorization failure.
+  // Defaults to ``true``.
+  google.protobuf.BoolValue charge_cluster_response_stats = 20;
+
+  // Whether to encode the raw headers (i.e., unsanitized values and unconcatenated multi-line headers)
+  // in the authorization request. Works with both HTTP and gRPC clients.
+  //
+  // When this is set to ``true``, header values are not sanitized. Headers with the same key will also
+  // not be combined into a single, comma-separated header.
+  // Requests to gRPC services will populate the field
+  // :ref:`header_map<envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.header_map>`.
+  // Requests to HTTP services will be constructed with the unsanitized header values and preserved
+  // multi-line headers with the same key.
+  //
+  // If this field is set to ``false``, header values will be sanitized, with any non-UTF-8-compliant
+  // bytes replaced with ``'!'``. Headers with the same key will have their values concatenated into a
+  // single comma-separated header value.
+  // Requests to gRPC services will populate the field
+  // :ref:`headers<envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>`.
+  // Requests to HTTP services will have their header values sanitized and will not preserve
+  // multi-line headers with the same key.
+  //
+  // It is recommended to set this to ``true`` unless you rely on the previous behavior.
+  //
+  // It is set to ``false`` by default for backwards compatibility.
+  bool encode_raw_headers = 23;
+
+  // Rules for what modifications an ext_authz server may make to the request headers before
+  // continuing decoding / forwarding upstream.
+  //
+  // If set to anything, enables header mutation checking against configured rules. Note that
+  // :ref:`HeaderMutationRules <envoy_v3_api_msg_config.common.mutation_rules.v3.HeaderMutationRules>`
+  // has defaults that change ext_authz behavior. Also note that if this field is set to anything,
+  // ext_authz can no longer append to :-prefixed headers.
+  //
+  // If empty, header mutation rule checking is completely disabled.
+  //
+  // Regardless of what is configured here, ext_authz cannot remove :-prefixed headers.
+  //
+  // This field and ``validate_mutations`` have different use cases. ``validate_mutations`` enables
+  // correctness checks for all header / query parameter mutations (e.g. for invalid characters).
+  // This field allows the filter to reject mutations to specific headers.
+  config.common.mutation_rules.v3.HeaderMutationRules decoder_header_mutation_rules = 26;
+
+  // Enable or disable ingestion of dynamic metadata from the ext_authz service.
+  //
+  // If ``false``, the filter will ignore dynamic metadata injected by the ext_authz service. If the
+  // ext_authz service tries injecting dynamic metadata, the filter will log, increment the
+  // ``ignored_dynamic_metadata`` stat, then continue handling the response.
+  //
+  // If ``true``, the filter will ingest dynamic metadata entries as normal.
+  //
+  // If unset, defaults to ``true``.
+  google.protobuf.BoolValue enable_dynamic_metadata_ingestion = 27;
+
+  // Additional metadata to be added to the filter state for logging purposes. The metadata will be
+  // added to StreamInfo's filter state under the namespace corresponding to the ext_authz filter
+  // name.
+  google.protobuf.Struct filter_metadata = 28;
+
+  // When set to ``true``, the filter will emit per-stream stats for access logging. The filter state
+  // key will be the same as the filter name.
+  //
+  // If using Envoy gRPC, emits latency, bytes sent / received, upstream info, and upstream cluster
+  // info. If not using Envoy gRPC, emits only latency. Note that stats are ONLY added to filter
+  // state if a check request is actually made to an ext_authz service.
+  //
+  // If this is ``false`` the filter will not emit stats, but filter_metadata will still be respected if
+  // it has a value.
+  //
+  // Field ``latency_us`` is exposed for CEL and logging when using gRPC or HTTP service.
+  // Fields ``bytesSent`` and ``bytesReceived`` are exposed for CEL and logging only when using gRPC service.
+  bool emit_filter_state_stats = 29;
+}
+
+// Configuration for buffering the request data.
+message BufferSettings {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.filter.http.ext_authz.v2.BufferSettings";
+
+  // Sets the maximum size of a message body that the filter will hold in memory. Envoy will return
+  // ``HTTP 413`` and will *not* initiate the authorization process when the buffer reaches the size
+  // set in this field. Note that this setting will have precedence over :ref:`failure_mode_allow
+  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.failure_mode_allow>`.
+  uint32 max_request_bytes = 1 [(validate.rules).uint32 = {gt: 0}];
+
+  // When this field is ``true``, Envoy will buffer the message until ``max_request_bytes`` is reached.
+  // The authorization request will be dispatched and no 413 HTTP error will be returned by the
+  // filter.
+  bool allow_partial_message = 2;
+
+  // If ``true``, the body sent to the external authorization service is set as raw bytes and populates
+  // :ref:`raw_body<envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.raw_body>`
+  // in the HTTP request attribute context. Otherwise, :ref:`body
+  // <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` will be populated
+  // with a UTF-8 string request body.
+  //
+  // This field only affects configurations using a :ref:`grpc_service
+  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.grpc_service>`. In configurations that use
+  // an :ref:`http_service <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.http_service>`, this
+  // has no effect.
+  bool pack_as_bytes = 3;
+}
+
+// HttpService is used for raw HTTP communication between the filter and the authorization service.
+// When configured, the filter will parse the client request and use these attributes to call the
+// authorization server. Depending on the response, the filter may reject or accept the client
+// request. Note that in any of these events, metadata can be added, removed or overridden by the
+// filter:
+//
+// On authorization request, a list of allowed request headers may be supplied. See
+// :ref:`allowed_headers
+// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.AuthorizationRequest.allowed_headers>`
+// for details. Additional headers metadata may be added to the authorization request. See
+// :ref:`headers_to_add
+// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.AuthorizationRequest.headers_to_add>` for
+// details.
+//
+// On authorization response status ``HTTP 200 OK``, the filter will allow traffic to the upstream and
+// additional headers metadata may be added to the original client request. See
+// :ref:`allowed_upstream_headers
+// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.AuthorizationResponse.allowed_upstream_headers>`
+// for details. Additionally, the filter may add additional headers to the client's response. See
+// :ref:`allowed_client_headers_on_success
+// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.AuthorizationResponse.allowed_client_headers_on_success>`
+// for details.
+//
+// On other authorization response statuses, the filter will not allow traffic. Additional headers
+// metadata as well as body may be added to the client's response. See :ref:`allowed_client_headers
+// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.AuthorizationResponse.allowed_client_headers>`
+// for details.
+// [#next-free-field: 9]
+message HttpService {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.filter.http.ext_authz.v2.HttpService";
+
+  reserved 3, 4, 5, 6;
+
+  // Sets the HTTP server URI which the authorization requests must be sent to.
+  config.core.v3.HttpUri server_uri = 1;
+
+  // Sets a prefix to the value of authorization request header ``Path``.
+  string path_prefix = 2;
+
+  // Settings used for controlling authorization request metadata.
+  AuthorizationRequest authorization_request = 7;
+
+  // Settings used for controlling authorization response metadata.
+  AuthorizationResponse authorization_response = 8;
+}
+
+message AuthorizationRequest {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.filter.http.ext_authz.v2.AuthorizationRequest";
+
+  // Authorization request includes the client request headers that have a corresponding match
+  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`.
+  // This field has been deprecated in favor of :ref:`allowed_headers
+  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.allowed_headers>`.
+  //
+  // .. note::
+  //
+  //   In addition to the user's supplied matchers, ``Host``, ``Method``, ``Path``,
+  //   ``Content-Length``, and ``Authorization`` are **automatically included** in the list.
+  //
+  // .. note::
+  //
+  //   By default, the ``Content-Length`` header is set to ``0`` and the request to the authorization
+  //   service has no message body. However, the authorization request *may* include the buffered
+  //   client request body (controlled by :ref:`with_request_body
+  //   <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>`
+  //   setting); hence the value of its ``Content-Length`` reflects the size of its payload.
+  //
+  type.matcher.v3.ListStringMatcher allowed_headers = 1
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // Sets a list of headers that will be included in the request to the authorization service. Note that
+  // client request headers with the same key will be overridden.
+  repeated config.core.v3.HeaderValue headers_to_add = 2;
+}
+
+// [#next-free-field: 6]
+message AuthorizationResponse {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.filter.http.ext_authz.v2.AuthorizationResponse";
+
+  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // response headers that have a correspondent match will be added to the original client request.
+  // Note that coexistent headers will be overridden.
+  type.matcher.v3.ListStringMatcher allowed_upstream_headers = 1;
+
+  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // response headers that have a correspondent match will be added to the original client request.
+  // Note that coexistent headers will be appended.
+  type.matcher.v3.ListStringMatcher allowed_upstream_headers_to_append = 3;
+
+  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // response headers that have a correspondent match will be added to the client's response. Note
+  // that when this list is *not* set, all the authorization response headers, except ``Authority
+  // (Host)`` will be in the response to the client. When a header is included in this list, ``Path``,
+  // ``Status``, ``Content-Length``, ``WWWAuthenticate`` and ``Location`` are automatically added.
+  type.matcher.v3.ListStringMatcher allowed_client_headers = 2;
+
+  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // response headers that have a correspondent match will be added to the client's response when
+  // the authorization response itself is successful, i.e. not failed or denied. When this list is
+  // *not* set, no additional headers will be added to the client's response on success.
+  type.matcher.v3.ListStringMatcher allowed_client_headers_on_success = 4;
+
+  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // response headers that have a correspondent match will be emitted as dynamic metadata to be consumed
+  // by the next filter. This metadata lives in a namespace specified by the canonical name of extension filter
+  // that requires it:
+  //
+  // - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
+  // - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
+  type.matcher.v3.ListStringMatcher dynamic_metadata_from_headers = 5;
+}
+
+// Extra settings on a per virtualhost/route/weighted-cluster level.
+message ExtAuthzPerRoute {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.filter.http.ext_authz.v2.ExtAuthzPerRoute";
+
+  oneof override {
+    option (validate.required) = true;
+
+    // Disable the ext auth filter for this particular vhost or route.
+    // If disabled is specified in multiple per-filter-configs, the most specific one will be used.
+    // If the filter is disabled by default and this is set to ``false``, the filter will be enabled
+    // for this vhost or route.
+    bool disabled = 1;
+
+    // Check request settings for this route.
+    CheckSettings check_settings = 2 [(validate.rules).message = {required: true}];
+  }
+}
+
+// Extra settings for the check request.
+// [#next-free-field: 6]
+message CheckSettings {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.filter.http.ext_authz.v2.CheckSettings";
+
+  // Context extensions to set on the CheckRequest's
+  // :ref:`AttributeContext.context_extensions<envoy_v3_api_field_service.auth.v3.AttributeContext.context_extensions>`
+  //
+  // You can use this to provide extra context for the external authorization server on specific
+  // virtual hosts/routes. For example, adding a context extension on the virtual host level can
+  // give the ext-authz server information on what virtual host is used without needing to parse the
+  // host header. If CheckSettings is specified in multiple per-filter-configs, they will be merged
+  // in order, and the result will be used.
+  //
+  // Merge semantics for this field are such that keys from more specific configs override.
+  //
+  // .. note::
+  //   These settings are only applied to a filter configured with a
+  //   :ref:`grpc_service<envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.grpc_service>`.
+  map<string, string> context_extensions = 1 [(udpa.annotations.sensitive) = true];
+
+  // When set to ``true``, disable the configured :ref:`with_request_body
+  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>` for a specific route.
+  //
+  // Only one of ``disable_request_body_buffering`` and
+  // :ref:`with_request_body <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.CheckSettings.with_request_body>`
+  // may be specified.
+  bool disable_request_body_buffering = 2;
+
+  // Enable or override request body buffering, which is configured using the
+  // :ref:`with_request_body <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>`
+  // option for a specific route.
+  //
+  // Only one of ``with_request_body`` and
+  // :ref:`disable_request_body_buffering <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.CheckSettings.disable_request_body_buffering>`
+  // may be specified.
+  BufferSettings with_request_body = 3;
+
+  // Override the external authorization service for this route.
+  // This allows different routes to use different external authorization service backends
+  // and service types (gRPC or HTTP). If specified, this overrides the filter-level service
+  // configuration regardless of the original service type.
+  oneof service_override {
+    // Override with a gRPC service configuration.
+    config.core.v3.GrpcService grpc_service = 4;
+
+    // Override with an HTTP service configuration.
+    HttpService http_service = 5;
+  }
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
index e0282af86e6..730e065e6c4 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -37,7 +37,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.
 // [#extension: envoy.filters.network.http_connection_manager]
 
-// [#next-free-field: 59]
+// [#next-free-field: 60]
 message HttpConnectionManager {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager";
@@ -527,16 +527,6 @@ message HttpConnectionManager {
   // is terminated with a 408 Request Timeout error code if no upstream response
   // header has been received, otherwise a stream reset occurs.
   //
-  // This timeout also specifies the amount of time that Envoy will wait for the peer to open enough
-  // window to write any remaining stream data once the entirety of stream data (local end stream is
-  // true) has been buffered pending available window. In other words, this timeout defends against
-  // a peer that does not release enough window to completely write the stream, even though all
-  // data has been proxied within available flow control windows. If the timeout is hit in this
-  // case, the :ref:`tx_flush_timeout <config_http_conn_man_stats_per_codec>` counter will be
-  // incremented. Note that :ref:`max_stream_duration
-  // <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_stream_duration>` does not apply to
-  // this corner case.
-  //
   // If the :ref:`overload action <config_overload_manager_overload_actions>` "envoy.overload_actions.reduce_timeouts"
   // is configured, this timeout is scaled according to the value for
   // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE <envoy_v3_api_enum_value_config.overload.v3.ScaleTimersOverloadActionConfig.TimerType.HTTP_DOWNSTREAM_STREAM_IDLE>`.
@@ -549,9 +539,29 @@ message HttpConnectionManager {
   //
   // A value of 0 will completely disable the connection manager stream idle
   // timeout, although per-route idle timeout overrides will continue to apply.
+  //
+  // This timeout is also used as the default value for :ref:`stream_flush_timeout
+  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_flush_timeout>`.
   google.protobuf.Duration stream_idle_timeout = 24
       [(udpa.annotations.security).configure_for_untrusted_downstream = true];
 
+  // The stream flush timeout for connections managed by the connection manager.
+  //
+  // If not specified, the value of stream_idle_timeout is used. This is for backwards compatibility
+  // since this was the original behavior. In essence this timeout is an override for the
+  // stream_idle_timeout that applies specifically to the end of stream flush case.
+  //
+  // This timeout specifies the amount of time that Envoy will wait for the peer to open enough
+  // window to write any remaining stream data once the entirety of stream data (local end stream is
+  // true) has been buffered pending available window. In other words, this timeout defends against
+  // a peer that does not release enough window to completely write the stream, even though all
+  // data has been proxied within available flow control windows. If the timeout is hit in this
+  // case, the :ref:`tx_flush_timeout <config_http_conn_man_stats_per_codec>` counter will be
+  // incremented. Note that :ref:`max_stream_duration
+  // <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_stream_duration>` does not apply to
+  // this corner case.
+  google.protobuf.Duration stream_flush_timeout = 59;
+
   // The amount of time that Envoy will wait for the entire request to be received.
   // The timer is activated when the request is initiated, and is disarmed when the last byte of the
   // request is sent upstream (i.e. all decoding filters have processed the request), OR when the
@@ -1036,7 +1046,7 @@ message Rds {
       "envoy.config.filter.network.http_connection_manager.v2.Rds";
 
   // Configuration source specifier for RDS.
-  config.core.v3.ConfigSource config_source = 1 [(validate.rules).message = {required: true}];
+  config.core.v3.ConfigSource config_source = 1;
 
   // The name of the route configuration. This name will be passed to the RDS
   // API. This allows an Envoy configuration with multiple HTTP listeners (and
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/call_credentials/access_token/v3/access_token_credentials.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/call_credentials/access_token/v3/access_token_credentials.proto
new file mode 100644
index 00000000000..45ee3839e6f
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/call_credentials/access_token/v3/access_token_credentials.proto
@@ -0,0 +1,19 @@
+syntax = "proto3";
+
+package envoy.extensions.grpc_service.call_credentials.access_token.v3;
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.grpc_service.call_credentials.access_token.v3";
+option java_outer_classname = "AccessTokenCredentialsProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/grpc_service/call_credentials/access_token/v3;access_tokenv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: gRPC Access Token Credentials]
+
+// [#not-implemented-hide:]
+message AccessTokenCredentials {
+  // The access token.
+  string token = 1;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/google_default/v3/google_default_credentials.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/google_default/v3/google_default_credentials.proto
new file mode 100644
index 00000000000..77c3af41fdd
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/google_default/v3/google_default_credentials.proto
@@ -0,0 +1,17 @@
+syntax = "proto3";
+
+package envoy.extensions.grpc_service.channel_credentials.google_default.v3;
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.google_default.v3";
+option java_outer_classname = "GoogleDefaultCredentialsProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/grpc_service/channel_credentials/google_default/v3;google_defaultv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: gRPC Google Default Credentials]
+
+// [#not-implemented-hide:]
+message GoogleDefaultCredentials {
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/insecure/v3/insecure_credentials.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/insecure/v3/insecure_credentials.proto
new file mode 100644
index 00000000000..70d58451e2d
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/insecure/v3/insecure_credentials.proto
@@ -0,0 +1,17 @@
+syntax = "proto3";
+
+package envoy.extensions.grpc_service.channel_credentials.insecure.v3;
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.insecure.v3";
+option java_outer_classname = "InsecureCredentialsProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/grpc_service/channel_credentials/insecure/v3;insecurev3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: gRPC Insecure Credentials]
+
+// [#not-implemented-hide:]
+message InsecureCredentials {
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/local/v3/local_credentials.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/local/v3/local_credentials.proto
new file mode 100644
index 00000000000..00514a0e847
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/local/v3/local_credentials.proto
@@ -0,0 +1,17 @@
+syntax = "proto3";
+
+package envoy.extensions.grpc_service.channel_credentials.local.v3;
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.local.v3";
+option java_outer_classname = "LocalCredentialsProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/grpc_service/channel_credentials/local/v3;localv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: gRPC Local Credentials]
+
+// [#not-implemented-hide:]
+message LocalCredentials {
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/tls/v3/tls_credentials.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/tls/v3/tls_credentials.proto
new file mode 100644
index 00000000000..f64c16bb684
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/tls/v3/tls_credentials.proto
@@ -0,0 +1,27 @@
+syntax = "proto3";
+
+package envoy.extensions.grpc_service.channel_credentials.tls.v3;
+
+import "envoy/extensions/transport_sockets/tls/v3/tls.proto";
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.tls.v3";
+option java_outer_classname = "TlsCredentialsProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/grpc_service/channel_credentials/tls/v3;tlsv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: gRPC TLS Credentials]
+
+// [#not-implemented-hide:]
+message TlsCredentials {
+  // The certificate provider instance for the root cert. Must be set.
+  transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance root_certificate_provider =
+      1;
+
+  // The certificate provider instance for the identity cert. Optional;
+  // if unset, no identity certificate will be sent to the server.
+  transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance
+      identity_certificate_provider = 2;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/xds/v3/xds_credentials.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/xds/v3/xds_credentials.proto
new file mode 100644
index 00000000000..ba8d471dd49
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/grpc_service/channel_credentials/xds/v3/xds_credentials.proto
@@ -0,0 +1,21 @@
+syntax = "proto3";
+
+package envoy.extensions.grpc_service.channel_credentials.xds.v3;
+
+import "google/protobuf/any.proto";
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.xds.v3";
+option java_outer_classname = "XdsCredentialsProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/grpc_service/channel_credentials/xds/v3;xdsv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: gRPC xDS Credentials]
+
+// [#not-implemented-hide:]
+message XdsCredentials {
+  // Fallback credentials. Required.
+  google.protobuf.Any fallback_credentials = 1;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto
index 7868fb02b1a..22faf11b9c5 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto
@@ -3,6 +3,7 @@ syntax = "proto3";
 package envoy.extensions.load_balancing_policies.common.v3;
 
 import "envoy/config/core/v3/base.proto";
+import "envoy/config/route/v3/route_components.proto";
 import "envoy/type/v3/percent.proto";
 
 import "google/protobuf/duration.proto";
@@ -23,8 +24,17 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 message LocalityLbConfig {
   // Configuration for :ref:`zone aware routing
   // <arch_overview_load_balancing_zone_aware_routing>`.
-  // [#next-free-field: 6]
+  // [#next-free-field: 7]
   message ZoneAwareLbConfig {
+    // Basis for computing per-locality percentages in zone-aware routing.
+    enum LocalityBasis {
+      // Use the number of healthy hosts in each locality.
+      HEALTHY_HOSTS_NUM = 0;
+
+      // Use the weights of healthy hosts in each locality.
+      HEALTHY_HOSTS_WEIGHT = 1;
+    }
+
     // Configures Envoy to always route requests to the local zone regardless of the
     // upstream zone structure. In Envoy's default configuration, traffic is distributed proportionally
     // across all upstream hosts while trying to maximize local routing when possible. The approach
@@ -66,6 +76,12 @@ message LocalityLbConfig {
         [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
     ForceLocalZone force_local_zone = 5;
+
+    // Determines how locality percentages are computed:
+    // - HEALTHY_HOSTS_NUM: proportional to the count of healthy hosts.
+    // - HEALTHY_HOSTS_WEIGHT: proportional to the weights of healthy hosts.
+    // Default value is HEALTHY_HOSTS_NUM if unset.
+    LocalityBasis locality_basis = 6;
   }
 
   // Configuration for :ref:`locality weighted load balancing
@@ -136,4 +152,10 @@ message ConsistentHashingLbConfig {
   // This is an O(N) algorithm, unlike other load balancers. Using a lower ``hash_balance_factor`` results in more hosts
   // being probed, so use a higher value if you require better performance.
   google.protobuf.UInt32Value hash_balance_factor = 2 [(validate.rules).uint32 = {gte: 100}];
+
+  //  Specifies a list of hash policies to use for ring hash load balancing. If ``hash_policy`` is
+  // set, then
+  // :ref:`route level hash policy <envoy_v3_api_field_config.route.v3.RouteAction.hash_policy>`
+  // will be ignored.
+  repeated config.route.v3.RouteAction.HashPolicy hash_policy = 3;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/attribute_context.proto b/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/attribute_context.proto
new file mode 100644
index 00000000000..2c4fbb4b73e
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/attribute_context.proto
@@ -0,0 +1,222 @@
+syntax = "proto3";
+
+package envoy.service.auth.v3;
+
+import "envoy/config/core/v3/address.proto";
+import "envoy/config/core/v3/base.proto";
+
+import "google/protobuf/timestamp.proto";
+
+import "udpa/annotations/migrate.proto";
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+
+option java_package = "io.envoyproxy.envoy.service.auth.v3";
+option java_outer_classname = "AttributeContextProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3;authv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Attribute context]
+
+// See :ref:`network filter configuration overview <config_network_filters_ext_authz>`
+// and :ref:`HTTP filter configuration overview <config_http_filters_ext_authz>`.
+
+// An attribute is a piece of metadata that describes an activity on a network.
+// For example, the size of an HTTP request, or the status code of an HTTP response.
+//
+// Each attribute has a type and a name, which is logically defined as a proto message field
+// of the ``AttributeContext``. The ``AttributeContext`` is a collection of individual attributes
+// supported by Envoy authorization system.
+// [#comment: The following items are left out of this proto
+// Request.Auth field for JWTs
+// Request.Api for api management
+// Origin peer that originated the request
+// Caching Protocol
+// request_context return values to inject back into the filter chain
+// peer.claims -- from X.509 extensions
+// Configuration
+// - field mask to send
+// - which return values from request_context are copied back
+// - which return values are copied into request_headers]
+// [#next-free-field: 14]
+message AttributeContext {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.service.auth.v2.AttributeContext";
+
+  // This message defines attributes for a node that handles a network request.
+  // The node can be either a service or an application that sends, forwards,
+  // or receives the request. Service peers should fill in the ``service``,
+  // ``principal``, and ``labels`` as appropriate.
+  // [#next-free-field: 6]
+  message Peer {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.service.auth.v2.AttributeContext.Peer";
+
+    // The address of the peer, this is typically the IP address.
+    // It can also be UDS path, or others.
+    config.core.v3.Address address = 1;
+
+    // The canonical service name of the peer.
+    // It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster
+    // <config_http_conn_man_headers_downstream-service-cluster>`
+    // If a more trusted source of the service name is available through mTLS/secure naming, it
+    // should be used.
+    string service = 2;
+
+    // The labels associated with the peer.
+    // These could be pod labels for Kubernetes or tags for VMs.
+    // The source of the labels could be an X.509 certificate or other configuration.
+    map<string, string> labels = 3;
+
+    // The authenticated identity of this peer.
+    // For example, the identity associated with the workload such as a service account.
+    // If an X.509 certificate is used to assert the identity this field should be sourced from
+    // ``URI Subject Alternative Names``, ``DNS Subject Alternate Names`` or ``Subject`` in that order.
+    // The primary identity should be the principal. The principal format is issuer specific.
+    //
+    // Examples:
+    //
+    // - SPIFFE format is ``spiffe://trust-domain/path``.
+    // - Google account format is ``https://accounts.google.com/{userid}``.
+    string principal = 4;
+
+    // The X.509 certificate used to authenticate the identify of this peer.
+    // When present, the certificate contents are encoded in URL and PEM format.
+    string certificate = 5;
+  }
+
+  // Represents a network request, such as an HTTP request.
+  message Request {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.service.auth.v2.AttributeContext.Request";
+
+    // The timestamp when the proxy receives the first byte of the request.
+    google.protobuf.Timestamp time = 1;
+
+    // Represents an HTTP request or an HTTP-like request.
+    HttpRequest http = 2;
+  }
+
+  // This message defines attributes for an HTTP request.
+  // HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests.
+  // [#next-free-field: 14]
+  message HttpRequest {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.service.auth.v2.AttributeContext.HttpRequest";
+
+    // The unique ID for a request, which can be propagated to downstream
+    // systems. The ID should have low probability of collision
+    // within a single day for a specific service.
+    // For HTTP requests, it should be X-Request-ID or equivalent.
+    string id = 1;
+
+    // The HTTP request method, such as ``GET``, ``POST``.
+    string method = 2;
+
+    // The HTTP request headers. If multiple headers share the same key, they
+    // must be merged according to the HTTP spec. All header keys must be
+    // lower-cased, because HTTP header keys are case-insensitive.
+    // Header value is encoded as UTF-8 string. Non-UTF-8 characters will be replaced by "!".
+    // This field will not be set if
+    // :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
+    // is set to true.
+    map<string, string> headers = 3
+        [(udpa.annotations.field_migrate).oneof_promotion = "headers_type"];
+
+    // A list of the raw HTTP request headers. This is used instead of
+    // :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>` when
+    // :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
+    // is set to true.
+    //
+    // Note that this is not actually a map type. ``header_map`` contains a single repeated field
+    // ``headers``.
+    //
+    // Here, only the ``key`` and ``raw_value`` fields will be populated for each HeaderValue, and
+    // that is only when
+    // :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>`
+    // is set to true.
+    //
+    // Also, unlike the
+    // :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>`
+    // field, headers with the same key are not combined into a single comma separated header.
+    config.core.v3.HeaderMap header_map = 13
+        [(udpa.annotations.field_migrate).oneof_promotion = "headers_type"];
+
+    // The request target, as it appears in the first line of the HTTP request. This includes
+    // the URL path and query-string. No decoding is performed.
+    string path = 4;
+
+    // The HTTP request ``Host`` or ``:authority`` header value.
+    string host = 5;
+
+    // The HTTP URL scheme, such as ``http`` and ``https``.
+    string scheme = 6;
+
+    // This field is always empty, and exists for compatibility reasons. The HTTP URL query is
+    // included in ``path`` field.
+    string query = 7;
+
+    // This field is always empty, and exists for compatibility reasons. The URL fragment is
+    // not submitted as part of HTTP requests; it is unknowable.
+    string fragment = 8;
+
+    // The HTTP request size in bytes. If unknown, it must be -1.
+    int64 size = 9;
+
+    // The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2".
+    //
+    // See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all
+    // possible values.
+    string protocol = 10;
+
+    // The HTTP request body.
+    string body = 11;
+
+    // The HTTP request body in bytes. This is used instead of
+    // :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when
+    // :ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>`
+    // is set to true.
+    bytes raw_body = 12;
+  }
+
+  // This message defines attributes for the underlying TLS session.
+  message TLSSession {
+    // SNI used for TLS session.
+    string sni = 1;
+  }
+
+  // The source of a network activity, such as starting a TCP connection.
+  // In a multi hop network activity, the source represents the sender of the
+  // last hop.
+  Peer source = 1;
+
+  // The destination of a network activity, such as accepting a TCP connection.
+  // In a multi hop network activity, the destination represents the receiver of
+  // the last hop.
+  Peer destination = 2;
+
+  // Represents a network request, such as an HTTP request.
+  Request request = 4;
+
+  // This is analogous to http_request.headers, however these contents will not be sent to the
+  // upstream server. Context_extensions provide an extension mechanism for sending additional
+  // information to the auth server without modifying the proto definition. It maps to the
+  // internal opaque context in the filter chain.
+  map<string, string> context_extensions = 10;
+
+  // Dynamic metadata associated with the request.
+  config.core.v3.Metadata metadata_context = 11;
+
+  // Metadata associated with the selected route.
+  config.core.v3.Metadata route_metadata_context = 13;
+
+  // TLS session details of the underlying connection.
+  // This is not populated by default and will be populated only if the ext_authz filter has
+  // been specifically configured to include this information.
+  // For HTTP ext_authz, that requires :ref:`include_tls_session <config_http_filters_ext_authz>`
+  // to be set to true.
+  // For network ext_authz, that requires :ref:`include_tls_session <config_network_filters_ext_authz>`
+  // to be set to true.
+  TLSSession tls_session = 12;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/external_auth.proto b/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/external_auth.proto
new file mode 100644
index 00000000000..1f3ed5787d8
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/external_auth.proto
@@ -0,0 +1,144 @@
+syntax = "proto3";
+
+package envoy.service.auth.v3;
+
+import "envoy/config/core/v3/base.proto";
+import "envoy/service/auth/v3/attribute_context.proto";
+import "envoy/type/v3/http_status.proto";
+
+import "google/protobuf/struct.proto";
+import "google/rpc/status.proto";
+
+import "envoy/annotations/deprecation.proto";
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+
+option java_package = "io.envoyproxy.envoy.service.auth.v3";
+option java_outer_classname = "ExternalAuthProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3;authv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Authorization service]
+
+// The authorization service request messages used by external authorization :ref:`network filter
+// <config_network_filters_ext_authz>` and :ref:`HTTP filter <config_http_filters_ext_authz>`.
+
+// A generic interface for performing authorization check on incoming
+// requests to a networked service.
+service Authorization {
+  // Performs authorization check based on the attributes associated with the
+  // incoming request, and returns status `OK` or not `OK`.
+  rpc Check(CheckRequest) returns (CheckResponse) {
+  }
+}
+
+message CheckRequest {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.service.auth.v2.CheckRequest";
+
+  // The request attributes.
+  AttributeContext attributes = 1;
+}
+
+// HTTP attributes for a denied response.
+message DeniedHttpResponse {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.service.auth.v2.DeniedHttpResponse";
+
+  // This field allows the authorization service to send an HTTP response status code to the
+  // downstream client. If not set, Envoy sends ``403 Forbidden`` HTTP status code by default.
+  type.v3.HttpStatus status = 1;
+
+  // This field allows the authorization service to send HTTP response headers
+  // to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
+  // false when used in this message.
+  repeated config.core.v3.HeaderValueOption headers = 2;
+
+  // This field allows the authorization service to send a response body data
+  // to the downstream client.
+  string body = 3;
+}
+
+// HTTP attributes for an OK response.
+// [#next-free-field: 9]
+message OkHttpResponse {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.service.auth.v2.OkHttpResponse";
+
+  // HTTP entity headers in addition to the original request headers. This allows the authorization
+  // service to append, to add or to override headers from the original request before
+  // dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
+  // false when used in this message. By setting the ``append`` field to ``true``,
+  // the filter will append the correspondent header value to the matched request header.
+  // By leaving ``append`` as false, the filter will either add a new header, or override an existing
+  // one if there is a match.
+  repeated config.core.v3.HeaderValueOption headers = 2;
+
+  // HTTP entity headers to remove from the original request before dispatching
+  // it to the upstream. This allows the authorization service to act on auth
+  // related headers (like ``Authorization``), process them, and consume them.
+  // Under this model, the upstream will either receive the request (if it's
+  // authorized) or not receive it (if it's not), but will not see headers
+  // containing authorization credentials.
+  //
+  // Pseudo headers (such as ``:authority``, ``:method``, ``:path`` etc), as well as
+  // the header ``Host``, may not be removed as that would make the request
+  // malformed. If mentioned in ``headers_to_remove`` these special headers will
+  // be ignored.
+  //
+  // When using the HTTP service this must instead be set by the HTTP
+  // authorization service as a comma separated list like so:
+  // ``x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header``.
+  repeated string headers_to_remove = 5;
+
+  // This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata
+  // <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed,
+  // setting this field overrides :ref:`CheckResponse.dynamic_metadata
+  // <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`.
+  google.protobuf.Struct dynamic_metadata = 3
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // This field allows the authorization service to send HTTP response headers
+  // to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>`
+  // defaults to false when used in this message.
+  repeated config.core.v3.HeaderValueOption response_headers_to_add = 6;
+
+  // This field allows the authorization service to set (and overwrite) query
+  // string parameters on the original request before it is sent upstream.
+  repeated config.core.v3.QueryParameter query_parameters_to_set = 7;
+
+  // This field allows the authorization service to specify which query parameters
+  // should be removed from the original request before it is sent upstream. Each
+  // element in this list is a case-sensitive query parameter name to be removed.
+  repeated string query_parameters_to_remove = 8;
+}
+
+// Intended for gRPC and Network Authorization servers ``only``.
+message CheckResponse {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.service.auth.v2.CheckResponse";
+
+  // Status ``OK`` allows the request. Any other status indicates the request should be denied, and
+  // for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
+  // Envoy sends ``403 Forbidden`` HTTP status code by default.
+  google.rpc.Status status = 1;
+
+  // An message that contains HTTP response attributes. This message is
+  // used when the authorization service needs to send custom responses to the
+  // downstream client or, to modify/add request headers being dispatched to the upstream.
+  oneof http_response {
+    // Supplies http attributes for a denied response.
+    DeniedHttpResponse denied_response = 2;
+
+    // Supplies http attributes for an ok response.
+    OkHttpResponse ok_response = 3;
+  }
+
+  // Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
+  // filter. This metadata lives in a namespace specified by the canonical name of extension filter
+  // that requires it:
+  //
+  // - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter.
+  // - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter.
+  google.protobuf.Struct dynamic_metadata = 4;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/value.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/value.proto
index d773c6057fc..8d65c457ccc 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/value.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/value.proto
@@ -17,7 +17,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Value matcher]
 
-// Specifies the way to match a ProtobufWkt::Value. Primitive values and ListValue are supported.
+// Specifies the way to match a Protobuf::Value. Primitive values and ListValue are supported.
 // StructValue is not supported and is always not matched.
 // [#next-free-field: 8]
 message ValueMatcher {

From 6e430122fb160ad11dd9fb03e5aa3208e55e9637 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 14 Nov 2025 15:21:29 -0800
Subject: [PATCH 463/591] Update README etc to reference 1.77.0

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index c25fc73934f..7bd0e67f275 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.76.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.76.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.77.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.77.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,34 +56,34 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.76.0</version>
+  <version>1.77.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.76.0</version>
+  <version>1.77.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.76.0</version>
+  <version>1.77.0</version>
 </dependency>
 ```
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.76.0'
-implementation 'io.grpc:grpc-protobuf:1.76.0'
-implementation 'io.grpc:grpc-stub:1.76.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.77.0'
+implementation 'io.grpc:grpc-protobuf:1.77.0'
+implementation 'io.grpc:grpc-stub:1.77.0'
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.76.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.76.0'
-implementation 'io.grpc:grpc-stub:1.76.0'
+implementation 'io.grpc:grpc-okhttp:1.77.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.77.0'
+implementation 'io.grpc:grpc-stub:1.77.0'
 ```
 
 For [Bazel](https://bazel.build), you can either
@@ -91,7 +91,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.76.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.77.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://central.sonatype.com/repository/maven-snapshots/).
@@ -123,7 +123,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.8:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.76.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.77.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -153,7 +153,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0'
     }
   }
   generateProtoTasks {
@@ -186,7 +186,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.76.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0'
     }
   }
   generateProtoTasks {

From 725ab22f33ec64108305159f8777389820f77c16 Mon Sep 17 00:00:00 2001
From: Dayuxiaoshui <792179245@qq.com>
Date: Mon, 17 Nov 2025 22:49:14 +0800
Subject: [PATCH 464/591] Add RISC-V 64-bit architecture support to compiler
 build configuration

Add riscv_64 platform definition and include it in the supported architectures list for the protoc plugin compiler. This enables the gRPC Java compiler to generate native code for RISC-V 64-bit architecture.

The changes allow the compiler module to recognize and build for RISC-V architecture, enabling native code generation for RISC-V platforms. This has been tested and verified on RISC-V SG2044 servers.

Co-authored-by: gong-flying <gongxiaofei24@iscas.ac.cn>
---
 compiler/build.gradle | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/compiler/build.gradle b/compiler/build.gradle
index c5acccebae7..9b02f8286a1 100644
--- a/compiler/build.gradle
+++ b/compiler/build.gradle
@@ -76,6 +76,7 @@ model {
         aarch_64 { architecture "aarch_64" }
         s390_64 { architecture "s390_64" }
         loongarch_64 { architecture "loongarch_64" }
+        riscv_64 { architecture "riscv_64" }
     }
 
     components {
@@ -84,6 +85,7 @@ model {
                 'x86_32',
                 'x86_64',
                 'ppcle_64',
+                'riscv_64',
                 'aarch_64',
                 's390_64',
                 'loongarch_64'

From 6d611f7f8cd1f9763e5946288c2a0a626317a654 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 19 Nov 2025 09:33:07 -0800
Subject: [PATCH 465/591] buildSrc: checkForUpdates comments to tune version
 search

This will make it more likely that we notice minor and patch releases
for dependencies that we can't update to the brand newest while also
reducing the checkForUpdate noise/toil.
---
 build.gradle                                  |  2 +-
 .../io/grpc/gradle/CheckForUpdatesTask.java   | 43 +++++++++++++++++--
 gradle/libs.versions.toml                     | 18 +++++++-
 3 files changed, 56 insertions(+), 7 deletions(-)

diff --git a/build.gradle b/build.gradle
index 38ee6220169..50b7419df64 100644
--- a/build.gradle
+++ b/build.gradle
@@ -533,5 +533,5 @@ configurations {
     }
 }
 
-tasks.register('checkForUpdates', CheckForUpdatesTask, project.configurations.checkForUpdates, "libs")
+tasks.register('checkForUpdates', CheckForUpdatesTask, project.configurations.checkForUpdates, "libs", layout.projectDirectory.file("gradle/libs.versions.toml"))
 
diff --git a/buildSrc/src/main/java/io/grpc/gradle/CheckForUpdatesTask.java b/buildSrc/src/main/java/io/grpc/gradle/CheckForUpdatesTask.java
index 9d0156a1b72..b7c28dbbb2d 100644
--- a/buildSrc/src/main/java/io/grpc/gradle/CheckForUpdatesTask.java
+++ b/buildSrc/src/main/java/io/grpc/gradle/CheckForUpdatesTask.java
@@ -16,11 +16,15 @@
 
 package io.grpc.gradle;
 
+import java.io.IOException;
+import java.nio.file.Files;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.stream.Collectors;
 import javax.inject.Inject;
 import org.gradle.api.DefaultTask;
 import org.gradle.api.artifacts.Configuration;
@@ -32,6 +36,7 @@
 import org.gradle.api.artifacts.result.ResolvedComponentResult;
 import org.gradle.api.artifacts.result.ResolvedDependencyResult;
 import org.gradle.api.artifacts.result.UnresolvedDependencyResult;
+import org.gradle.api.file.RegularFile;
 import org.gradle.api.provider.Provider;
 import org.gradle.api.tasks.Input;
 import org.gradle.api.tasks.Nested;
@@ -45,7 +50,23 @@ public abstract class CheckForUpdatesTask extends DefaultTask {
   private final Set<Library> libraries;
 
   @Inject
-  public CheckForUpdatesTask(Configuration updateConf, String catalog) {
+  public CheckForUpdatesTask(Configuration updateConf, String catalog, RegularFile commentFile)
+      throws IOException {
+    // Check for overrides to the default version selection ('+'), using comments of the form:
+    // # checkForUpdates: library-name:1.2.+
+    List<String> fileComments = Files.lines(commentFile.getAsFile().toPath())
+        .filter(l -> l.matches("# *checkForUpdates:.*"))
+        .map(l -> l.replaceFirst("# *checkForUpdates:", "").trim())
+        .collect(Collectors.toList());
+    Map<String, String> aliasToVersionSelector = new HashMap<>(2*fileComments.size());
+    for (String comment : fileComments) {
+      String[] parts = comment.split(":", 2);
+      String name = parts[0].replaceAll("[_-]", ".");
+      if (aliasToVersionSelector.put(name, parts[1]) != null) {
+        throw new RuntimeException("Duplicate checkForUpdates comment for library: " + name);
+      }
+    }
+
     updateConf.setVisible(false);
     updateConf.setTransitive(false);
     VersionCatalog versionCatalog = getProject().getExtensions().getByType(VersionCatalogsExtension.class).named(catalog);
@@ -59,8 +80,12 @@ public CheckForUpdatesTask(Configuration updateConf, String catalog) {
       oldConf.getDependencies().add(oldDep);
 
       Configuration newConf = updateConf.copy();
+      String versionSelector = aliasToVersionSelector.remove(name);
+      if (versionSelector == null) {
+        versionSelector = "+";
+      }
       Dependency newDep = getProject().getDependencies().create(
-          depMap(dep.getGroup(), dep.getName(), "+", "pom"));
+          depMap(dep.getGroup(), dep.getName(), versionSelector, "pom"));
       newConf.getDependencies().add(newDep);
 
       libraries.add(new Library(
@@ -68,6 +93,10 @@ public CheckForUpdatesTask(Configuration updateConf, String catalog) {
           oldConf.getIncoming().getResolutionResult().getRootComponent(),
           newConf.getIncoming().getResolutionResult().getRootComponent()));
     }
+    if (!aliasToVersionSelector.isEmpty()) {
+      throw new RuntimeException(
+          "Unused checkForUpdates comments: " + aliasToVersionSelector.keySet());
+    }
     this.libraries = Collections.unmodifiableSet(libraries);
   }
 
@@ -96,10 +125,16 @@ public void checkForUpdates() {
             "- Current version of libs.%s not resolved", name));
         continue;
       }
+      DependencyResult newResult = lib.getNewResult().get().getDependencies().iterator().next();
+      if (newResult instanceof UnresolvedDependencyResult) {
+        System.out.println(String.format(
+            "- New version of libs.%s not resolved", name));
+        continue;
+      }
       ModuleVersionIdentifier oldId =
           ((ResolvedDependencyResult) oldResult).getSelected().getModuleVersion();
-      ModuleVersionIdentifier newId = ((ResolvedDependencyResult) lib.getNewResult().get()
-          .getDependencies().iterator().next()).getSelected().getModuleVersion();
+      ModuleVersionIdentifier newId =
+          ((ResolvedDependencyResult) newResult).getSelected().getModuleVersion();
       if (oldId != newId) {
         System.out.println(String.format(
             "libs.%s = %s %s -> %s",
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 3d923af7d40..f4914c1ea71 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -11,9 +11,11 @@ protobuf = "3.25.8"
 [libraries]
 android-annotations = "com.google.android:annotations:4.1.1.4"
 # androidx-annotation 1.9.1+ uses Kotlin and requires Android Gradle Plugin 9+
+# checkForUpdates: androidx-annotation:1.9.0
 androidx-annotation = "androidx.annotation:annotation:1.9.0"
 # 1.15.0 requires libraries and applications that depend on it to compile against
 # version 35 or later of the Android APIs.
+# checkForUpdates: androidx-core:1.13.+
 androidx-core = "androidx.core:core:1.13.1"
 # androidx-lifecycle 2.9+ requires Java 17
 androidx-lifecycle-common = "androidx.lifecycle:lifecycle-common:2.8.7"
@@ -33,15 +35,19 @@ cronet-api = "org.chromium.net:cronet-api:119.6045.31"
 cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
 errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.36.0"
 # error-prone 2.32.0+ require Java 17+
+# checkForUpdates: errorprone-core:2.31.+
 errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
 google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.59.2"
 # google-auth-library 1.25.0+ requires error_prone_annotations 2.31.0+, which
 # breaks the Android build
+# checkForUpdates: google-auth-credentials:1.24.+
 google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.24.1"
+# checkForUpdates: google-auth-oauth2Http:1.24.+
 google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.24.1"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
 google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.1"
 # 2.13.0 requires error_prone_annotations:2.37.0, but we are stuck with 2.36.0
+# checkForUpdates: gson:2.12.+
 gson = "com.google.code.gson:gson:2.12.1"
 # 33.4.8 requires com.google.errorprone:error_prone_annotations:2.36.0
 guava = "com.google.guava:guava:33.4.8-android"
@@ -52,9 +58,11 @@ guava-testlib = "com.google.guava:guava-testlib:33.4.8-android"
 guava-jre = "com.google.guava:guava:33.4.8-jre"
 hdrhistogram = "org.hdrhistogram:HdrHistogram:2.2.2"
 # 6.0.0+ use java.lang.Deprecated forRemoval and since from Java 9
+# checkForUpdates: jakarta-servlet-api:5.+
 jakarta-servlet-api = "jakarta.servlet:jakarta.servlet-api:5.0.0"
 javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
 # 12.0.0+ require Java 17+
+# checkForUpdates: jetty-client:11.+
 jetty-client = "org.eclipse.jetty:jetty-client:11.0.24"
 jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.0.23"
 jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.20"
@@ -79,6 +87,7 @@ netty-transport-epoll = { module = "io.netty:netty-transport-native-epoll", vers
 netty-unix-common = { module = "io.netty:netty-transport-native-unix-common", version.ref = "netty" }
 okhttp = "com.squareup.okhttp:okhttp:2.7.5"
 # okio 3.5+ uses Kotlin 1.9+ which requires Android Gradle Plugin 9+
+# checkForUpdates: okio:3.4.+
 okio = "com.squareup.okio:okio:3.4.0"
 opencensus-api = { module = "io.opencensus:opencensus-api", version.ref = "opencensus" }
 opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-grpc-metrics", version.ref = "opencensus" }
@@ -101,14 +110,19 @@ s2a-proto = "com.google.s2a.proto.v2:s2a-proto:0.1.2"
 signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r2"
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
+# checkForUpdates: tomcat-embed-core:10.+
 tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.31"
+# checkForUpdates: tomcat-embed-core9:9.+
 tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.89"
 truth = "com.google.truth:truth:1.4.4"
+# checkForUpdates: undertow-servlet22:2.2.+
 undertow-servlet22 = "io.undertow:undertow-servlet:2.2.37.Final"
 undertow-servlet = "io.undertow:undertow-servlet:2.3.18.Final"
 
-# Do not update: Pinned to the last version supporting Java 8.
-# See https://checkstyle.sourceforge.io/releasenotes.html#Release_10.1
+# checkstyle 10.0+ requires Java 11+
+# See https://checkstyle.sourceforge.io/releasenotes_old_8-35_10-26.html#Release_10.0
+# checkForUpdates: checkstylejava8:9.+
 checkstylejava8 = "com.puppycrawl.tools:checkstyle:9.3"
 # 2.11.0+ requires JDK 11+ (See https://github.com/google/error-prone/releases/tag/v2.11.0)
+# checkForUpdates: errorprone-corejava8:2.10.+
 errorprone-corejava8 = "com.google.errorprone:error_prone_core:2.10.0"

From 97695d523eef447cf7a254781da6bc0cbf22ad21 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 21 Nov 2025 10:28:06 -0800
Subject: [PATCH 466/591] examples: Document how to preserve META-INF/services
 in uber jars

---
 examples/build.gradle                         |  9 ++++++
 .../maven-assembly-jar-with-dependencies.xml  | 27 +++++++++++++++++
 examples/pom.xml                              | 29 +++++++++++++++++++
 3 files changed, 65 insertions(+)
 create mode 100644 examples/maven-assembly-jar-with-dependencies.xml

diff --git a/examples/build.gradle b/examples/build.gradle
index 1cd8eea75fc..3c7464ea2d2 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -51,6 +51,15 @@ protobuf {
     }
 }
 
+// gRPC uses java.util.ServiceLoader, which reads class names from
+// META-INF/services in jars. If you package your application as a "fat" jar
+// that includes dependencies, you need to make sure the packaging tool
+// concatenates duplicate files in META-INF/services.
+//
+// For the Shadow Gradle Plugin, use call mergeServiceFiles() within the
+// shadowJar task.
+// https://gradleup.com/shadow/configuration/merging/#merging-service-descriptor-files
+
 startScripts.enabled = false
 
 // Creates start scripts for a class name and adds it to the distribution. The
diff --git a/examples/maven-assembly-jar-with-dependencies.xml b/examples/maven-assembly-jar-with-dependencies.xml
new file mode 100644
index 00000000000..6c8abbfe7e8
--- /dev/null
+++ b/examples/maven-assembly-jar-with-dependencies.xml
@@ -0,0 +1,27 @@
+<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.2.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.2.0 https://maven.apache.org/xsd/assembly-2.2.0.xsd">
+<!--
+This is jar-with-dependencies with the metaInf-services handler added.
+https://maven.apache.org/plugins/maven-assembly-plugin/descriptor-refs.html#jar-with-dependencies
+https://maven.apache.org/plugins/maven-assembly-plugin/examples/single/using-container-descriptor-handlers.html
+-->
+  <id>jar-with-dependencies</id>
+  <formats>
+    <format>jar</format>
+  </formats>
+  <includeBaseDirectory>false</includeBaseDirectory>
+  <dependencySets>
+    <dependencySet>
+      <outputDirectory>/</outputDirectory>
+      <useProjectArtifact>true</useProjectArtifact>
+      <unpack>true</unpack>
+      <scope>runtime</scope>
+    </dependencySet>
+  </dependencySets>
+  <containerDescriptorHandlers>
+    <containerDescriptorHandler>
+      <handlerName>metaInf-services</handlerName>
+    </containerDescriptorHandler>
+  </containerDescriptorHandlers>
+</assembly>
diff --git a/examples/pom.xml b/examples/pom.xml
index 63921323fb9..2f4629ec201 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -124,6 +124,35 @@
           </execution>
         </executions>
       </plugin>
+
+      <!-- gRPC uses java.util.ServiceLoader, which reads class names from
+        META-INF/services in jars. If you package your application as a "fat"
+        jar that includes dependencies, you need to make sure the packaging tool
+        concatenates duplicate files in META-INF/services. -->
+
+      <!-- If using maven-shade-plugin, use ServicesResourceTransformer, as
+        documented by maven-shade-plugin.
+        https://maven.apache.org/plugins/maven-shade-plugin/examples/resource-transformers.html#ServicesResourceTransformer -->
+
+      <!-- If using maven-assembly-plugin, you need to add the metaInf-services
+        handler to the descriptor, which requires making a copy of
+        jar-with-dependencies. -->
+      <plugin>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <version>3.7.1</version>
+        <configuration>
+          <descriptors>${project.basedir}/maven-assembly-jar-with-dependencies.xml</descriptors>
+        </configuration>
+        <executions>
+          <execution>
+            <id>make-assembly</id>
+            <phase>package</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
   </build>
 </project>

From 753ed1be62caf7ae2ba3020402c5ce661b74548b Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 25 Nov 2025 11:47:29 +0530
Subject: [PATCH 467/591] xds: Avoid using empty SNI string that was never
 sent, for SAN validation (#12532)

---
 .../xds/internal/security/SecurityProtocolNegotiators.java  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
index 0da06b3a753..37259afa1a9 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
@@ -219,8 +219,10 @@ public void handlerAdded(ChannelHandlerContext ctx) throws Exception {
         String sniToUse = upstreamTlsContext.getAutoHostSni()
             && !Strings.isNullOrEmpty(endpointHostname)
             ? endpointHostname : upstreamTlsContext.getSni();
-        if (sniToUse.isEmpty() && CertificateUtils.useChannelAuthorityIfNoSniApplicable) {
-          sniToUse = grpcHandler.getAuthority();
+        if (sniToUse.isEmpty()) {
+          if (CertificateUtils.useChannelAuthorityIfNoSniApplicable) {
+            sniToUse = grpcHandler.getAuthority();
+          }
           autoSniSanValidationDoesNotApply = true;
         } else {
           autoSniSanValidationDoesNotApply = false;

From 2b9509e543b8c6f6021d0b6fdfe27ff76770b232 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Tue, 25 Nov 2025 09:44:50 -0800
Subject: [PATCH 468/591] s2a: Fix FakeS2AServerTest flakiness

Wait for server response to be received before shutting down resources.

Fixes #12501
---
 .../s2a/internal/handshaker/FakeS2AServerTest.java     | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
index d8374a8a382..c3155b864b3 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/FakeS2AServerTest.java
@@ -45,6 +45,7 @@
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
+import java.util.concurrent.TimeoutException;
 import java.util.logging.Logger;
 import org.junit.After;
 import org.junit.Before;
@@ -77,7 +78,10 @@ public void tearDown() throws Exception {
 
   @Test
   public void callS2AServerOnce_getTlsConfiguration_returnsValidResult()
-      throws InterruptedException, IOException, java.util.concurrent.ExecutionException {
+      throws InterruptedException,
+          IOException,
+          java.util.concurrent.ExecutionException,
+          TimeoutException {
     ExecutorService executor = Executors.newSingleThreadExecutor();
     logger.info("Client connecting to: " + serverAddress);
     ManagedChannel channel =
@@ -121,6 +125,7 @@ public void onCompleted() {
       // Mark the end of requests.
       requestObserver.onCompleted();
       // Wait for receiving to happen.
+      respFuture.get(5, SECONDS);
     } finally {
       channel.shutdown();
       channel.awaitTermination(1, SECONDS);
@@ -165,7 +170,7 @@ public void onCompleted() {
 
   @Test
   public void callS2AServerOnce_validatePeerCertifiate_returnsValidResult()
-      throws InterruptedException, java.util.concurrent.ExecutionException {
+      throws InterruptedException, java.util.concurrent.ExecutionException, TimeoutException {
     ExecutorService executor = Executors.newSingleThreadExecutor();
     logger.info("Client connecting to: " + serverAddress);
     ManagedChannel channel =
@@ -212,6 +217,7 @@ public void onCompleted() {
       // Mark the end of requests.
       requestObserver.onCompleted();
       // Wait for receiving to happen.
+      respFuture.get(5, SECONDS);
     } finally {
       channel.shutdown();
       channel.awaitTermination(1, SECONDS);

From 7a077528c2fd43aec53a782026382be7d4a5ad55 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 25 Nov 2025 09:01:09 -0800
Subject: [PATCH 469/591] xds: Use separate key for ATTR_ADDRESS_NAME on a
 subchannel

XdsInternalAttributes.ATTR_ADDRESS_NAME is annotated with
`@EquivalentAddressGroup.Attr`, so it should only be used in the EAG.
---
 .../main/java/io/grpc/xds/ClusterImplLoadBalancer.java    | 8 +++++---
 .../java/io/grpc/xds/ClusterImplLoadBalancerTest.java     | 5 +++--
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index ad5dff3cea1..ec4bec7f25c 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -87,6 +87,9 @@ final class ClusterImplLoadBalancer extends LoadBalancer {
 
   private static final Attributes.Key<AtomicReference<ClusterLocality>> ATTR_CLUSTER_LOCALITY =
       Attributes.Key.create("io.grpc.xds.ClusterImplLoadBalancer.clusterLocality");
+  @VisibleForTesting
+  static final Attributes.Key<String> ATTR_SUBCHANNEL_ADDRESS_NAME =
+      Attributes.Key.create("io.grpc.xds.ClusterImplLoadBalancer.addressName");
 
   private final XdsLogger logger;
   private final Helper helper;
@@ -243,7 +246,7 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
         String hostname = args.getAddresses().get(0).getAttributes()
             .get(XdsInternalAttributes.ATTR_ADDRESS_NAME);
         if (hostname != null) {
-          attrsBuilder.set(XdsInternalAttributes.ATTR_ADDRESS_NAME, hostname);
+          attrsBuilder.set(ATTR_SUBCHANNEL_ADDRESS_NAME, hostname);
         }
       }
       args = args.toBuilder().setAddresses(addresses).setAttributes(attrsBuilder.build()).build();
@@ -442,8 +445,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
               && args.getCallOptions().getOption(XdsNameResolver.AUTO_HOST_REWRITE_KEY)) {
             result = PickResult.withSubchannel(result.getSubchannel(),
                 result.getStreamTracerFactory(),
-                result.getSubchannel().getAttributes().get(
-                    XdsInternalAttributes.ATTR_ADDRESS_NAME));
+                result.getSubchannel().getAttributes().get(ATTR_SUBCHANNEL_ADDRESS_NAME));
           }
         }
         return result;
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index af618beda6a..9277675385a 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
+import static io.grpc.xds.ClusterImplLoadBalancer.ATTR_SUBCHANNEL_ADDRESS_NAME;
 import static io.grpc.xds.XdsNameResolver.AUTO_HOST_REWRITE_KEY;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.mock;
@@ -909,7 +910,7 @@ public void endpointAddressesAttachedWithClusterName() {
               new FixedResultPicker(PickResult.withSubchannel(subchannel)));
         }
       });
-      assertThat(subchannel.getAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME)).isEqualTo(
+      assertThat(subchannel.getAttributes().get(ATTR_SUBCHANNEL_ADDRESS_NAME)).isEqualTo(
           "authority-host-name");
       for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
         assertThat(eag.getAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME))
@@ -961,7 +962,7 @@ public void endpointAddressesAttachedWithClusterName() {
       }
     });
     // Sub Channel wrapper args won't have the address name although addresses will.
-    assertThat(subchannel.getAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME)).isNull();
+    assertThat(subchannel.getAttributes().get(ATTR_SUBCHANNEL_ADDRESS_NAME)).isNull();
     for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
       assertThat(eag.getAttributes().get(XdsInternalAttributes.ATTR_ADDRESS_NAME))
           .isEqualTo("authority-host-name");

From 6f3d3f66d7384a35fed0395c03f81bb9d66938cc Mon Sep 17 00:00:00 2001
From: Alex Panchenko <440271+panchenko@users.noreply.github.com>
Date: Sat, 22 Nov 2025 10:25:22 +0200
Subject: [PATCH 470/591] core: remove unused method from
 CompositeReadableBuffer

---
 .../internal/CompositeReadableBuffer.java     | 27 -------------------
 1 file changed, 27 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/CompositeReadableBuffer.java b/core/src/main/java/io/grpc/internal/CompositeReadableBuffer.java
index 4407eb8a2a2..4c8cb72a7ce 100644
--- a/core/src/main/java/io/grpc/internal/CompositeReadableBuffer.java
+++ b/core/src/main/java/io/grpc/internal/CompositeReadableBuffer.java
@@ -23,7 +23,6 @@
 import java.nio.InvalidMarkException;
 import java.util.ArrayDeque;
 import java.util.Deque;
-import java.util.Queue;
 import javax.annotation.Nullable;
 
 /**
@@ -39,7 +38,6 @@ public class CompositeReadableBuffer extends AbstractReadableBuffer {
   private final Deque<ReadableBuffer> readableBuffers;
   private Deque<ReadableBuffer> rewindableBuffers;
   private int readableBytes;
-  private final Queue<ReadableBuffer> buffers = new ArrayDeque<ReadableBuffer>(2);
   private boolean marked;
 
   public CompositeReadableBuffer(int initialCapacity) {
@@ -161,31 +159,6 @@ public void readBytes(OutputStream dest, int length) throws IOException {
     execute(STREAM_OP, length, dest, 0);
   }
 
-  /**
-   * Reads {@code length} bytes from this buffer and writes them to the destination buffer.
-   * Increments the read position by {@code length}. If the required bytes are not readable, throws
-   * {@link IndexOutOfBoundsException}.
-   *
-   * @param dest the destination buffer to receive the bytes.
-   * @param length the number of bytes to be copied.
-   * @throws IndexOutOfBoundsException if required bytes are not readable
-   */
-  public void readBytes(CompositeReadableBuffer dest, int length) {
-    checkReadable(length);
-    readableBytes -= length;
-
-    while (length > 0) {
-      ReadableBuffer buffer = buffers.peek();
-      if (buffer.readableBytes() > length) {
-        dest.addBuffer(buffer.readBytes(length));
-        length = 0;
-      } else {
-        dest.addBuffer(buffers.poll());
-        length -= buffer.readableBytes();
-      }
-    }
-  }
-
   @Override
   public ReadableBuffer readBytes(int length) {
     if (length <= 0) {

From 02e98a806d4738a113519115d55fc242243e98d6 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 25 Nov 2025 15:37:49 -0800
Subject: [PATCH 471/591] core: Fix shutdown failing accepted RPCs

This fixes a race where RPCs could fail with "UNAVAILABLE: Channel
shutdown invoked" even though they were created before
channel.shutdown().

This basically adopts the internalStart() logic from DelayedStream,
although the stream is a bit different because it has APIs that can be
called before start() and doesn't need to handle cancel() without
start().

The ManagedChannelImpltest had the number of due tasks increase because
start() running earlier creates a DelayedStream. Previously the stream
wasn't created until runDueTasks() so the mockPicker had already been
installed and it could use a real stream from the beginning. But that's
specific to the test; in practice it'd be a delayed stream before and
after this change.

See #12536
---
 .../io/grpc/internal/DelayedClientCall.java   | 31 +++++++++++++------
 .../grpc/internal/DelayedClientCallTest.java  |  4 ++-
 .../grpc/internal/ManagedChannelImplTest.java |  2 +-
 3 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DelayedClientCall.java b/core/src/main/java/io/grpc/internal/DelayedClientCall.java
index 253237c3c7d..b568bb12c46 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientCall.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientCall.java
@@ -64,6 +64,8 @@ public class DelayedClientCall<ReqT, RespT> extends ClientCall<ReqT, RespT> {
    * order, but also used if an error occurs before {@code realCall} is set.
    */
   private Listener<RespT> listener;
+  // No need to synchronize; start() synchronization provides a happens-before
+  private Metadata startHeaders;
   // Must hold {@code this} lock when setting.
   private ClientCall<ReqT, RespT> realCall;
   @GuardedBy("this")
@@ -161,13 +163,23 @@ public void run() {
    */
   // When this method returns, passThrough is guaranteed to be true
   public final Runnable setCall(ClientCall<ReqT, RespT> call) {
+    Listener<RespT> savedDelayedListener;
     synchronized (this) {
       // If realCall != null, then either setCall() or cancel() has been called.
       if (realCall != null) {
         return null;
       }
       setRealCall(checkNotNull(call, "call"));
+      // start() not yet called
+      if (delayedListener == null) {
+        assert pendingRunnables.isEmpty();
+        pendingRunnables = null;
+        passThrough = true;
+        return null;
+      }
+      savedDelayedListener = this.delayedListener;
     }
+    internalStart(savedDelayedListener);
     return new ContextRunnable(context) {
       @Override
       public void runInContext() {
@@ -176,8 +188,15 @@ public void runInContext() {
     };
   }
 
+  private void internalStart(Listener<RespT> listener) {
+    Metadata savedStartHeaders = this.startHeaders;
+    this.startHeaders = null;
+    context.run(() -> realCall.start(listener, savedStartHeaders));
+  }
+
   @Override
   public final void start(Listener<RespT> listener, final Metadata headers) {
+    checkNotNull(headers, "headers");
     checkState(this.listener == null, "already started");
     Status savedError;
     boolean savedPassThrough;
@@ -188,6 +207,7 @@ public final void start(Listener<RespT> listener, final Metadata headers) {
       savedPassThrough = passThrough;
       if (!savedPassThrough) {
         listener = delayedListener = new DelayedListener<>(listener);
+        startHeaders = headers;
       }
     }
     if (savedError != null) {
@@ -196,15 +216,7 @@ public final void start(Listener<RespT> listener, final Metadata headers) {
     }
     if (savedPassThrough) {
       realCall.start(listener, headers);
-    } else {
-      final Listener<RespT> finalListener = listener;
-      delayOrExecute(new Runnable() {
-        @Override
-        public void run() {
-          realCall.start(finalListener, headers);
-        }
-      });
-    }
+    } // else realCall.start() will be called by setCall
   }
 
   // When this method returns, passThrough is guaranteed to be true
@@ -253,6 +265,7 @@ public void run() {
       if (listenerToClose != null) {
         callExecutor.execute(new CloseListenerRunnable(listenerToClose, status));
       }
+      internalStart(listenerToClose); // listener instance doesn't matter
       drainPendingCalls();
     }
     callCancelled();
diff --git a/core/src/test/java/io/grpc/internal/DelayedClientCallTest.java b/core/src/test/java/io/grpc/internal/DelayedClientCallTest.java
index 45682b3a385..557ddfe5ace 100644
--- a/core/src/test/java/io/grpc/internal/DelayedClientCallTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedClientCallTest.java
@@ -151,10 +151,12 @@ public void startThenSetCall() {
     delayedClientCall.request(1);
     Runnable r = delayedClientCall.setCall(mockRealCall);
     assertThat(r).isNotNull();
-    r.run();
     @SuppressWarnings("unchecked")
     ArgumentCaptor<Listener<Integer>> listenerCaptor = ArgumentCaptor.forClass(Listener.class);
+    // start() must be called before setCall() returns (not in runnable), to ensure the in-use
+    // counts keeping the channel alive after shutdown() don't momentarily decrease to zero.
     verify(mockRealCall).start(listenerCaptor.capture(), any(Metadata.class));
+    r.run();
     Listener<Integer> realCallListener = listenerCaptor.getValue();
     verify(mockRealCall).request(1);
     realCallListener.onMessage(1);
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index efc582703ba..91a9f506bc8 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -1343,7 +1343,7 @@ public ClientStreamTracer newClientStreamTracer(StreamInfo info, Metadata header
         PickResult.withSubchannel(subchannel));
 
     updateBalancingStateSafely(helper, READY, mockPicker);
-    assertEquals(2, executor.runDueTasks());
+    assertEquals(3, executor.runDueTasks());
 
     verify(mockPicker).pickSubchannel(any(PickSubchannelArgs.class));
     verify(mockTransport).newStream(

From f385add314a45794401d9edae18cef16b06b4655 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Sun, 30 Nov 2025 13:01:33 +0530
Subject: [PATCH 472/591] xds: gRFC A88 - Changes to XdsClient Watcher APIs
 (#12446)

Implements
https://github.com/grpc/proposal/blob/master/A88-xds-data-error-handling.md#a88-xds-data-error-handling
---
 .../io/grpc/xds/XdsDependencyManager.java     |   48 +-
 .../java/io/grpc/xds/XdsServerWrapper.java    |  134 +--
 .../io/grpc/xds/client/BootstrapperImpl.java  |    4 +-
 .../grpc/xds/client/ControlPlaneClient.java   |    4 +-
 .../java/io/grpc/xds/client/XdsClient.java    |   32 +-
 .../io/grpc/xds/client/XdsClientImpl.java     |  103 +-
 .../io/grpc/xds/CdsLoadBalancer2Test.java     |   17 +-
 .../xds/ClusterResolverLoadBalancerTest.java  |   26 +-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 1045 +++++++++++------
 .../io/grpc/xds/XdsClientFallbackTest.java    |  235 ++--
 .../io/grpc/xds/XdsClientFederationTest.java  |   37 +-
 .../XdsClientWrapperForServerSdsTestMisc.java |   11 +-
 .../io/grpc/xds/XdsDependencyManagerTest.java |   18 +-
 .../java/io/grpc/xds/XdsNameResolverTest.java |  163 ++-
 .../io/grpc/xds/XdsServerBuilderTest.java     |   10 +-
 .../java/io/grpc/xds/XdsServerTestHelper.java |   19 +-
 .../io/grpc/xds/XdsServerWrapperTest.java     |   42 +-
 17 files changed, 1225 insertions(+), 723 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
index 21b0ad7dc66..919836ddd9c 100644
--- a/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
+++ b/xds/src/main/java/io/grpc/xds/XdsDependencyManager.java
@@ -632,6 +632,9 @@ private abstract class XdsWatcherBase<T extends ResourceUpdate>
 
     @Nullable
     private StatusOr<T> data;
+    @Nullable
+    @SuppressWarnings("unused")
+    private Status ambientError;
 
 
     private XdsWatcherBase(XdsResourceType<T> type, String resourceName) {
@@ -640,42 +643,39 @@ private XdsWatcherBase(XdsResourceType<T> type, String resourceName) {
     }
 
     @Override
-    public void onError(Status error) {
-      checkNotNull(error, "error");
+    public void onResourceChanged(StatusOr<T> update) {
       if (cancelled) {
         return;
       }
-      // Don't update configuration on error, if we've already received configuration
-      if (!hasDataValue()) {
-        this.data = StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
-            String.format("Error retrieving %s: %s: %s",
-              toContextString(), error.getCode(), error.getDescription())));
-        maybePublishConfig();
-      }
-    }
+      ambientError = null;
+      if (update.hasValue()) {
+        data = update;
+        subscribeToChildren(update.getValue());
+      } else {
+        Status status = update.getStatus();
+        Status translatedStatus = Status.UNAVAILABLE.withDescription(
+            String.format("Error retrieving %s: %s. Details: %s%s",
+                toContextString(),
+                status.getCode(),
+                status.getDescription() != null ? status.getDescription() : "",
+                nodeInfo()));
 
-    @Override
-    public void onResourceDoesNotExist(String resourceName) {
-      if (cancelled) {
-        return;
+        data = StatusOr.fromStatus(translatedStatus);
       }
-
-      checkArgument(this.resourceName.equals(resourceName), "Resource name does not match");
-      this.data = StatusOr.fromStatus(Status.UNAVAILABLE.withDescription(
-          toContextString() + " does not exist" + nodeInfo()));
       maybePublishConfig();
     }
 
     @Override
-    public void onChanged(T update) {
-      checkNotNull(update, "update");
+    public void onAmbientError(Status error) {
       if (cancelled) {
         return;
       }
-
-      this.data = StatusOr.fromValue(update);
-      subscribeToChildren(update);
-      maybePublishConfig();
+      ambientError = error.withDescription(
+          String.format("Ambient error for %s: %s. Details: %s%s",
+              toContextString(),
+              error.getCode(),
+              error.getDescription() != null ? error.getDescription() : "",
+              nodeInfo()));
     }
 
     protected abstract void subscribeToChildren(T update);
diff --git a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
index f54c4af5cff..5529f96c7a2 100644
--- a/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
+++ b/xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
@@ -42,6 +42,7 @@
 import io.grpc.ServerServiceDefinition;
 import io.grpc.Status;
 import io.grpc.StatusException;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.SynchronizationContext.ScheduledHandle;
 import io.grpc.internal.GrpcUtil;
@@ -401,18 +402,30 @@ private DiscoveryState(String resourceName) {
     }
 
     @Override
-    public void onChanged(final LdsUpdate update) {
+    public void onResourceChanged(final StatusOr<LdsUpdate> update) {
       if (stopped) {
         return;
       }
-      logger.log(Level.FINEST, "Received Lds update {0}", update);
-      if (update.listener() == null) {
-        onResourceDoesNotExist("Non-API");
+
+      if (!update.hasValue()) {
+        Status status = update.getStatus();
+        StatusException statusException = Status.UNAVAILABLE.withDescription(
+                String.format("Listener %s unavailable: %s", resourceName, status.getDescription()))
+            .withCause(status.asException())
+            .asException();
+        handleConfigNotFoundOrMismatch(statusException);
         return;
       }
 
-      String ldsAddress = update.listener().address();
-      if (ldsAddress == null || update.listener().protocol() != Protocol.TCP
+      final LdsUpdate ldsUpdate = update.getValue();
+      logger.log(Level.FINEST, "Received Lds update {0}", ldsUpdate);
+      if (ldsUpdate.listener() == null) {
+        handleConfigNotFoundOrMismatch(
+            Status.NOT_FOUND.withDescription("Listener is null in LdsUpdate").asException());
+        return;
+      }
+      String ldsAddress = ldsUpdate.listener().address();
+      if (ldsAddress == null || ldsUpdate.listener().protocol() != Protocol.TCP
           || !ipAddressesMatch(ldsAddress)) {
         handleConfigNotFoundOrMismatch(
             Status.UNKNOWN.withDescription(
@@ -421,16 +434,15 @@ public void onChanged(final LdsUpdate update) {
                     listenerAddress, ldsAddress)).asException());
         return;
       }
+
       if (!pendingRds.isEmpty()) {
         // filter chain state has not yet been applied to filterChainSelectorManager and there
-        // are two sets of sslContextProviderSuppliers, so we release the old ones.
         releaseSuppliersInFlight();
         pendingRds.clear();
       }
 
-      filterChains = update.listener().filterChains();
-      defaultFilterChain = update.listener().defaultFilterChain();
-      // Filters are loaded even if the server isn't serving yet.
+      filterChains = ldsUpdate.listener().filterChains();
+      defaultFilterChain = ldsUpdate.listener().defaultFilterChain();
       updateActiveFilters();
 
       List<FilterChain> allFilterChains = filterChains;
@@ -469,31 +481,8 @@ public void onChanged(final LdsUpdate update) {
       }
     }
 
-    private boolean ipAddressesMatch(String ldsAddress) {
-      HostAndPort ldsAddressHnP = HostAndPort.fromString(ldsAddress);
-      HostAndPort listenerAddressHnP = HostAndPort.fromString(listenerAddress);
-      if (!ldsAddressHnP.hasPort() || !listenerAddressHnP.hasPort()
-          || ldsAddressHnP.getPort() != listenerAddressHnP.getPort()) {
-        return false;
-      }
-      InetAddress listenerIp = InetAddresses.forString(listenerAddressHnP.getHost());
-      InetAddress ldsIp = InetAddresses.forString(ldsAddressHnP.getHost());
-      return listenerIp.equals(ldsIp);
-    }
-
-    @Override
-    public void onResourceDoesNotExist(final String resourceName) {
-      if (stopped) {
-        return;
-      }
-      StatusException statusException = Status.UNAVAILABLE.withDescription(
-          String.format("Listener %s unavailable, xDS node ID: %s", resourceName,
-              xdsClient.getBootstrapInfo().node().getId())).asException();
-      handleConfigNotFoundOrMismatch(statusException);
-    }
-
     @Override
-    public void onError(final Status error) {
+    public void onAmbientError(final Status error) {
       if (stopped) {
         return;
       }
@@ -501,11 +490,24 @@ public void onError(final Status error) {
       Status errorWithNodeId = error.withDescription(
           description + "xDS node ID: " + xdsClient.getBootstrapInfo().node().getId());
       logger.log(Level.FINE, "Error from XdsClient", errorWithNodeId);
+
       if (!isServing) {
         listener.onNotServing(errorWithNodeId.asException());
       }
     }
 
+    private boolean ipAddressesMatch(String ldsAddress) {
+      HostAndPort ldsAddressHnP = HostAndPort.fromString(ldsAddress);
+      HostAndPort listenerAddressHnP = HostAndPort.fromString(listenerAddress);
+      if (!ldsAddressHnP.hasPort() || !listenerAddressHnP.hasPort()
+          || ldsAddressHnP.getPort() != listenerAddressHnP.getPort()) {
+        return false;
+      }
+      InetAddress listenerIp = InetAddresses.forString(listenerAddressHnP.getHost());
+      InetAddress ldsIp = InetAddresses.forString(ldsAddressHnP.getHost());
+      return listenerIp.equals(ldsIp);
+    }
+
     private void shutdown() {
       stopped = true;
       cleanUpRouteDiscoveryStates();
@@ -794,54 +796,42 @@ private RouteDiscoveryState(String resourceName) {
       }
 
       @Override
-      public void onChanged(final RdsUpdate update) {
-        syncContext.execute(new Runnable() {
-          @Override
-          public void run() {
-            if (!routeDiscoveryStates.containsKey(resourceName)) {
-              return;
-            }
-            if (savedVirtualHosts == null && !isPending) {
-              logger.log(Level.WARNING, "Received valid Rds {0} configuration.", resourceName);
-            }
-            savedVirtualHosts = ImmutableList.copyOf(update.virtualHosts);
-            updateRdsRoutingConfig();
-            maybeUpdateSelector();
+      public void onResourceChanged(final StatusOr<RdsUpdate> update) {
+        syncContext.execute(() -> {
+          if (!routeDiscoveryStates.containsKey(resourceName)) {
+            return; // Watcher has been cancelled.
           }
-        });
-      }
 
-      @Override
-      public void onResourceDoesNotExist(final String resourceName) {
-        syncContext.execute(new Runnable() {
-          @Override
-          public void run() {
-            if (!routeDiscoveryStates.containsKey(resourceName)) {
-              return;
+          if (update.hasValue()) {
+            if (savedVirtualHosts == null && !isPending) {
+              logger.log(Level.WARNING, "Received valid Rds {0} configuration.", resourceName);
             }
-            logger.log(Level.WARNING, "Rds {0} unavailable", resourceName);
+            savedVirtualHosts = ImmutableList.copyOf(update.getValue().virtualHosts);
+          } else {
+            logger.log(Level.WARNING, "Rds {0} unavailable: {1}",
+                new Object[]{resourceName, update.getStatus()});
             savedVirtualHosts = null;
-            updateRdsRoutingConfig();
-            maybeUpdateSelector();
           }
+          // In both cases, a change has occurred that requires a config update.
+          updateRdsRoutingConfig();
+          maybeUpdateSelector();
         });
       }
 
       @Override
-      public void onError(final Status error) {
-        syncContext.execute(new Runnable() {
-          @Override
-          public void run() {
-            if (!routeDiscoveryStates.containsKey(resourceName)) {
-              return;
-            }
-            String description = error.getDescription() == null ? "" : error.getDescription() + " ";
-            Status errorWithNodeId = error.withDescription(
-                    description + "xDS node ID: " + xdsClient.getBootstrapInfo().node().getId());
-            logger.log(Level.WARNING, "Error loading RDS resource {0} from XdsClient: {1}.",
-                    new Object[]{resourceName, errorWithNodeId});
-            maybeUpdateSelector();
+      public void onAmbientError(final Status error) {
+        syncContext.execute(() -> {
+          if (!routeDiscoveryStates.containsKey(resourceName)) {
+            return; // Watcher has been cancelled.
           }
+          String description = error.getDescription() == null ? "" : error.getDescription() + " ";
+          Status errorWithNodeId = error.withDescription(
+              description + "xDS node ID: " + xdsClient.getBootstrapInfo().node().getId());
+          logger.log(Level.WARNING, "Error loading RDS resource {0} from XdsClient: {1}.",
+              new Object[]{resourceName, errorWithNodeId});
+
+          // Per gRFC A88, ambient errors should not trigger a configuration change.
+          // Therefore, we do NOT call maybeUpdateSelector() here.
         });
       }
 
diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index 423c1a118e8..22c794e1129 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -262,7 +262,9 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
       List<?> serverFeatures = JsonUtil.getList(serverConfig, "server_features");
       if (serverFeatures != null) {
         logger.log(XdsLogLevel.INFO, "Server features: {0}", serverFeatures);
-        ignoreResourceDeletion = serverFeatures.contains(SERVER_FEATURE_IGNORE_RESOURCE_DELETION);
+        if (serverFeatures.contains(SERVER_FEATURE_IGNORE_RESOURCE_DELETION)) {
+          ignoreResourceDeletion = true;
+        }
         resourceTimerIsTransientError = xdsDataErrorHandlingEnabled
             && serverFeatures.contains(SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR);
       }
diff --git a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
index 82a0e2f9220..59f439d3687 100644
--- a/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
@@ -457,10 +457,10 @@ private void handleRpcStreamClosed(Status status) {
       if (responseReceived) {
         // A closed ADS stream after a successful response is not considered an error. Servers may
         // close streams for various reasons during normal operation, such as load balancing or
-        // underlying connection hitting its max connection age limit  (see gRFC A9).
+        // underlying connection hitting its max connection age limit (see gRFC A9).
         if (!status.isOk()) {
           newStatus = Status.OK;
-          logger.log( XdsLogLevel.DEBUG, "ADS stream closed with error {0}: {1}. However, a "
+          logger.log(XdsLogLevel.DEBUG, "ADS stream closed with error {0}: {1}. However, a "
               + "response was received, so this will not be treated as an error. Cause: {2}",
               status.getCode(), status.getDescription(), status.getCause());
         } else {
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClient.java b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
index cd545c00c1d..982fb6651a9 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClient.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClient.java
@@ -27,6 +27,7 @@
 import com.google.protobuf.Any;
 import io.grpc.ExperimentalApi;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -139,30 +140,29 @@ public interface ResourceUpdate {}
 
   /**
    * Watcher interface for a single requested xDS resource.
+   *
+   * <p>Note that we expect that the implementer to:
+   * - Comply with the guarantee to not generate certain statuses by the library:
+   *   https://grpc.github.io/grpc/core/md_doc_statuscodes.html. If the code needs to be
+   *   propagated to the channel, override it with {@link io.grpc.Status.Code#UNAVAILABLE}.
+   * - Keep {@link Status} description in one form or another, as it contains valuable debugging
+   *   information.
    */
   @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10862")
   public interface ResourceWatcher<T extends ResourceUpdate> {
 
     /**
-     * Called when the resource discovery RPC encounters some transient error.
-     *
-     * <p>Note that we expect that the implementer to:
-     * - Comply with the guarantee to not generate certain statuses by the library:
-     *   https://grpc.github.io/grpc/core/md_doc_statuscodes.html. If the code needs to be
-     *   propagated to the channel, override it with {@link io.grpc.Status.Code#UNAVAILABLE}.
-     * - Keep {@link Status} description in one form or another, as it contains valuable debugging
-     *   information.
+     * Called to deliver a resource update or an error. If an error is passed after a valid
+     * resource has been delivered, the watcher should stop using the previously delivered
+     * resource.
      */
-    void onError(Status error);
+    void onResourceChanged(StatusOr<T> update);
 
     /**
-     * Called when the requested resource is not available.
-     *
-     * @param resourceName name of the resource requested in discovery request.
-     */
-    void onResourceDoesNotExist(String resourceName);
-
-    void onChanged(T update);
+     * Called to deliver a transient error that should not affect the watcher's use of any
+     * previously received resource.
+     *   */
+    void onAmbientError(Status error);
   }
 
   /**
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 6a4c20cf02b..2bf1286babc 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -33,6 +33,7 @@
 import io.grpc.Internal;
 import io.grpc.InternalLogId;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.SynchronizationContext.ScheduledHandle;
 import io.grpc.internal.BackoffPolicy;
@@ -730,17 +731,20 @@ void addWatcher(ResourceWatcher<T> watcher, Executor watcherExecutor) {
       Status savedError = lastError;
       watcherExecutor.execute(() -> {
         if (errorDescription != null) {
-          watcher.onError(Status.INVALID_ARGUMENT.withDescription(errorDescription));
-          return;
-        }
-        if (savedError != null) {
-          watcher.onError(savedError);
+          watcher.onResourceChanged(StatusOr.fromStatus(
+              Status.INVALID_ARGUMENT.withDescription(errorDescription)));
           return;
         }
         if (savedData != null) {
-          notifyWatcher(watcher, savedData);
+          watcher.onResourceChanged(StatusOr.fromValue(savedData));
+          if (savedError != null) {
+            watcher.onAmbientError(savedError);
+          }
+        } else if (savedError != null) {
+          watcher.onResourceChanged(StatusOr.fromStatus(savedError));
         } else if (savedAbsent) {
-          watcher.onResourceDoesNotExist(resource);
+          watcher.onResourceChanged(StatusOr.fromStatus(
+              Status.NOT_FOUND.withDescription("Resource " + resource + " does not exist")));
         }
       });
     }
@@ -768,8 +772,8 @@ class ResourceNotFound implements Runnable {
         public void run() {
           logger.log(XdsLogLevel.INFO, "{0} resource {1} initial fetch timeout",
               type, resource);
-          respTimer = null;
           onAbsent(null, activeCpc.getServerInfo());
+          respTimer = null;
         }
 
         @Override
@@ -825,8 +829,8 @@ void onData(ParsedResource<T> parsedResource, String version, long updateTime,
       }
       ResourceUpdate oldData = this.data;
       this.data = parsedResource.getResourceUpdate();
-      this.metadata = ResourceMetadata
-          .newResourceMetadataAcked(parsedResource.getRawResource(), version, updateTime);
+      this.metadata = ResourceMetadata.newResourceMetadataAcked(
+          parsedResource.getRawResource(), version, updateTime);
       absent = false;
       lastError = null;
       if (resourceDeletionIgnored) {
@@ -836,11 +840,12 @@ void onData(ParsedResource<T> parsedResource, String version, long updateTime,
         resourceDeletionIgnored = false;
       }
       if (!Objects.equals(oldData, data)) {
+        StatusOr<T> update = StatusOr.fromValue(data);
         for (ResourceWatcher<T> watcher : watchers.keySet()) {
           processingTracker.startTask();
           watchers.get(watcher).execute(() -> {
             try {
-              notifyWatcher(watcher, data);
+              watcher.onResourceChanged(update);
             } finally {
               processingTracker.onComplete();
             }
@@ -871,6 +876,9 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
               serverInfo.target(), type, resource);
           resourceDeletionIgnored = true;
         }
+        Status deletionStatus = Status.NOT_FOUND.withDescription(
+            "Resource " + resource + " deleted from server");
+        onAmbientError(deletionStatus, processingTracker);
         return;
       }
 
@@ -879,21 +887,30 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
         data = null;
         absent = true;
         lastError = null;
-        metadata = serverInfo.resourceTimerIsTransientError()
-            ? ResourceMetadata.newResourceMetadataTimeout()
-            : ResourceMetadata.newResourceMetadataDoesNotExist();
-        for (ResourceWatcher<T> watcher : watchers.keySet()) {
+
+        Status status;
+        if (respTimer == null) {
+          status = Status.NOT_FOUND.withDescription("Resource " + resource + " does not exist");
+          metadata = ResourceMetadata.newResourceMetadataDoesNotExist();
+        } else {
+          status = serverInfo.resourceTimerIsTransientError()
+              ? Status.UNAVAILABLE.withDescription(
+                  "Timed out waiting for resource " + resource + " from xDS server")
+              : Status.NOT_FOUND.withDescription(
+                  "Timed out waiting for resource " + resource + " from xDS server");
+          metadata = serverInfo.resourceTimerIsTransientError()
+              ? ResourceMetadata.newResourceMetadataTimeout()
+              : ResourceMetadata.newResourceMetadataDoesNotExist();
+        }
+
+        StatusOr<T> update = StatusOr.fromStatus(status);
+        for (Map.Entry<ResourceWatcher<T>, Executor> entry : watchers.entrySet()) {
           if (processingTracker != null) {
             processingTracker.startTask();
           }
-          watchers.get(watcher).execute(() -> {
+          entry.getValue().execute(() -> {
             try {
-              if (serverInfo.resourceTimerIsTransientError()) {
-                watcher.onError(Status.UNAVAILABLE.withDescription(
-                    "Timed out waiting for resource " + resource + " from xDS server"));
-              } else {
-                watcher.onResourceDoesNotExist(resource);
-              }
+              entry.getKey().onResourceChanged(update);
             } finally {
               if (processingTracker != null) {
                 processingTracker.onComplete();
@@ -918,13 +935,37 @@ void onError(Status error, @Nullable ProcessingTracker tracker) {
           .withCause(error.getCause());
       this.lastError = errorAugmented;
 
-      for (ResourceWatcher<T> watcher : watchers.keySet()) {
+      if (data != null) {
+        // We have cached data, so this is an ambient error.
+        onAmbientError(errorAugmented, tracker);
+      } else {
+        // No data, this is a definitive resource error.
+        StatusOr<T> update = StatusOr.fromStatus(errorAugmented);
+        for (Map.Entry<ResourceWatcher<T>, Executor> entry : watchers.entrySet()) {
+          if (tracker != null) {
+            tracker.startTask();
+          }
+          entry.getValue().execute(() -> {
+            try {
+              entry.getKey().onResourceChanged(update);
+            } finally {
+              if (tracker != null) {
+                tracker.onComplete();
+              }
+            }
+          });
+        }
+      }
+    }
+
+    private void onAmbientError(Status error, @Nullable ProcessingTracker tracker) {
+      for (Map.Entry<ResourceWatcher<T>, Executor> entry : watchers.entrySet()) {
         if (tracker != null) {
           tracker.startTask();
         }
-        watchers.get(watcher).execute(() -> {
+        entry.getValue().execute(() -> {
           try {
-            watcher.onError(errorAugmented);
+            entry.getKey().onAmbientError(error);
           } finally {
             if (tracker != null) {
               tracker.onComplete();
@@ -939,10 +980,6 @@ void onRejected(String rejectedVersion, long rejectedTime, String rejectedDetail
           .newResourceMetadataNacked(metadata, rejectedVersion, rejectedTime, rejectedDetails,
               data != null);
     }
-
-    private void notifyWatcher(ResourceWatcher<T> watcher, T update) {
-      watcher.onChanged(update);
-    }
   }
 
   private class ResponseHandler implements XdsResponseHandler {
@@ -991,7 +1028,12 @@ public void handleStreamClosed(Status status, boolean shouldTryFallback) {
       for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap :
           resourceSubscribers.values()) {
         for (ResourceSubscriber<? extends ResourceUpdate> subscriber : subscriberMap.values()) {
-          if (subscriber.hasResult() || !authoritiesForClosedCpc.contains(subscriber.authority)) {
+          if (!authoritiesForClosedCpc.contains(subscriber.authority)) {
+            continue;
+          }
+          // If subscriber already has data, this is an ambient error.
+          if (subscriber.hasResult()) {
+            subscriber.onError(status, null);
             continue;
           }
 
@@ -1008,7 +1050,6 @@ public void handleStreamClosed(Status status, boolean shouldTryFallback) {
         }
       }
     }
-
   }
 
   private static class CpcWithFallbackState {
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index 790f4445823..c1d3322faa2 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -315,8 +315,10 @@ public void nonAggregateCluster_resourceNotExist_returnErrorPicker() {
     startXdsDepManager();
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS resource " + CLUSTER + " does not exist nodeID: " + NODE_ID);
+    String expectedDescription = "Error retrieving CDS resource " + CLUSTER + ": NOT_FOUND. "
+        + "Details: Timed out waiting for resource " + CLUSTER
+        + " from xDS server nodeID: " + NODE_ID;
+    Status unavailable = Status.UNAVAILABLE.withDescription(expectedDescription);
     assertPickerStatus(pickerCaptor.getValue(), unavailable);
     assertThat(childBalancers).isEmpty();
   }
@@ -372,8 +374,9 @@ public void nonAggregateCluster_resourceRevoked() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
 
     assertThat(childBalancer.shutdown).isTrue();
-    Status unavailable = Status.UNAVAILABLE.withDescription(
-        "CDS resource " + CLUSTER + " does not exist nodeID: " + NODE_ID);
+    String expectedDescription = "Error retrieving CDS resource " + CLUSTER + ": NOT_FOUND. "
+        + "Details: Resource " + CLUSTER + " does not exist nodeID: " + NODE_ID;
+    Status unavailable = Status.UNAVAILABLE.withDescription(expectedDescription);
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     assertPickerStatus(pickerCaptor.getValue(), unavailable);
@@ -583,8 +586,10 @@ public void aggregateCluster_noNonAggregateClusterExits_returnErrorPicker() {
 
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status status = Status.UNAVAILABLE.withDescription(
-        "CDS resource " + cluster1 + " does not exist nodeID: " + NODE_ID);
+    String expectedDescription = "Error retrieving CDS resource " + cluster1 + ": NOT_FOUND. "
+        + "Details: Timed out waiting for resource " + cluster1 + " from xDS server nodeID: "
+        + NODE_ID;
+    Status status = Status.UNAVAILABLE.withDescription(expectedDescription);
     assertPickerStatus(pickerCaptor.getValue(), status);
     assertThat(childBalancers).isEmpty();
   }
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 983ae17818c..5c710699a96 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -688,11 +688,10 @@ public void onlyEdsClusters_resourceNeverExist_returnErrorPicker() {
 
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    assertPicker(
-        pickerCaptor.getValue(),
-        Status.UNAVAILABLE.withDescription(
-            "CDS resource " + CLUSTER + " does not exist nodeID: node-id"),
-        null);
+    String expectedDescription = "Error retrieving CDS resource " + CLUSTER + ": NOT_FOUND. "
+        + "Details: Timed out waiting for resource " + CLUSTER + " from xDS server nodeID: node-id";
+    Status expectedError = Status.UNAVAILABLE.withDescription(expectedDescription);
+    assertPicker(pickerCaptor.getValue(), expectedError, null);
   }
 
   @Test
@@ -712,8 +711,10 @@ public void cdsMissing_handledDirectly() {
     assertThat(childBalancers).hasSize(0);  // no child LB policy created
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status expectedError = Status.UNAVAILABLE.withDescription(
-        "CDS resource " + CLUSTER + " does not exist nodeID: node-id");
+    String expectedDescription = "Error retrieving CDS resource " + CLUSTER + ": NOT_FOUND. "
+        + "Details: Timed out waiting for resource " + CLUSTER + " from xDS server nodeID: node-id";
+    Status expectedError = Status.UNAVAILABLE.withDescription(expectedDescription);
+    assertPicker(pickerCaptor.getValue(), expectedError, null);
     assertPicker(pickerCaptor.getValue(), expectedError, null);
   }
 
@@ -741,8 +742,9 @@ public void cdsRevoked_handledDirectly() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    Status expectedError = Status.UNAVAILABLE.withDescription(
-        "CDS resource " + CLUSTER + " does not exist nodeID: node-id");
+    String expectedDescription = "Error retrieving CDS resource " + CLUSTER + ": NOT_FOUND. "
+        + "Details: Resource " + CLUSTER + " does not exist nodeID: node-id";
+    Status expectedError = Status.UNAVAILABLE.withDescription(expectedDescription);
     assertPicker(pickerCaptor.getValue(), expectedError, null);
     assertThat(childBalancer.shutdown).isTrue();
   }
@@ -756,8 +758,10 @@ public void edsMissing_handledByChildPolicy() {
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
     assertThat(childBalancer.upstreamError).isNotNull();
     assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
-    assertThat(childBalancer.upstreamError.getDescription())
-        .isEqualTo("EDS resource " + EDS_SERVICE_NAME + " does not exist nodeID: node-id");
+    String expectedDescription = "Error retrieving EDS resource " + EDS_SERVICE_NAME
+        + ": NOT_FOUND. Details: Timed out waiting for resource " + EDS_SERVICE_NAME
+        + " from xDS server nodeID: node-id";
+    assertThat(childBalancer.upstreamError.getDescription()).isEqualTo(expectedDescription);
     assertThat(childBalancer.shutdown).isFalse();
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 9ff19c6d1b0..6b9d601b2cf 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -19,12 +19,14 @@
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.timeout;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
@@ -56,6 +58,7 @@
 import io.grpc.Server;
 import io.grpc.Status;
 import io.grpc.Status.Code;
+import io.grpc.StatusOr;
 import io.grpc.inprocess.InProcessChannelBuilder;
 import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.BackoffPolicy;
@@ -126,7 +129,6 @@
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.ArgumentCaptor;
-import org.mockito.ArgumentMatchers;
 import org.mockito.Captor;
 import org.mockito.InOrder;
 import org.mockito.Mock;
@@ -251,15 +253,13 @@ public long currentTimeNanos() {
   private Message lbEndpointZeroWeight;
   private Any testClusterLoadAssignment;
   @Captor
-  private ArgumentCaptor<LdsUpdate> ldsUpdateCaptor;
+  private ArgumentCaptor<StatusOr<LdsUpdate>> ldsUpdateCaptor;
   @Captor
-  private ArgumentCaptor<RdsUpdate> rdsUpdateCaptor;
+  private ArgumentCaptor<StatusOr<RdsUpdate>> rdsUpdateCaptor;
   @Captor
-  private ArgumentCaptor<CdsUpdate> cdsUpdateCaptor;
+  private ArgumentCaptor<StatusOr<CdsUpdate>> cdsUpdateCaptor;
   @Captor
-  private ArgumentCaptor<EdsUpdate> edsUpdateCaptor;
-  @Captor
-  private ArgumentCaptor<Status> errorCaptor;
+  private ArgumentCaptor<StatusOr<EdsUpdate>> edsUpdateCaptor;
 
   @Mock
   private BackoffPolicy.Provider backoffPolicyProvider;
@@ -683,7 +683,10 @@ public void ldsResourceNotFound() {
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
     // Server failed to return subscribed resource within expected time window.
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(ldsResourceWatcher).onResourceDoesNotExist(LDS_RESOURCE);
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isFalse();
+    assertThat(statusOrUpdate.getStatus().getCode()).isEqualTo(Status.Code.NOT_FOUND);
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataDoesNotExist(LDS, LDS_RESOURCE);
     // Check metric data.
@@ -696,11 +699,11 @@ public void ldsResourceUpdated_withXdstpResourceName_withUnknownAuthority() {
         "xdstp://unknown.example.com/envoy.config.listener.v3.Listener/listener1";
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), ldsResourceName,
         ldsResourceWatcher);
-    verify(ldsResourceWatcher).onError(errorCaptor.capture());
-    Status error = errorCaptor.getValue();
-    assertThat(error.getCode()).isEqualTo(Code.INVALID_ARGUMENT);
-    assertThat(error.getDescription()).isEqualTo(
-        "Wrong configuration: xds server does not exist for resource " + ldsResourceName);
+    verify(ldsResourceWatcher).onResourceChanged(argThat(statusOr ->
+        !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Status.Code.INVALID_ARGUMENT
+            && statusOr.getStatus().getDescription().equals(
+            "Wrong configuration: xds server does not exist for resource " + ldsResourceName)));
     assertThat(resourceDiscoveryCalls.poll()).isNull();
     xdsClient.cancelXdsResourceWatch(XdsListenerResource.getInstance(), ldsResourceName,
         ldsResourceWatcher);
@@ -713,13 +716,20 @@ public void ldsResource_onError_cachedForNewWatcher() {
         ldsResourceWatcher);
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     call.sendCompleted();
-    verify(ldsResourceWatcher).onError(errorCaptor.capture());
-    Status initialError = errorCaptor.getValue();
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<LdsUpdate>> errorCaptor =
+        ArgumentCaptor.forClass(StatusOr.class);
+    verify(ldsResourceWatcher, timeout(1000)).onResourceChanged(errorCaptor.capture());
+    StatusOr<LdsUpdate> initialError = errorCaptor.getValue();
+    assertThat(initialError.hasValue()).isFalse();
+
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE,
         ldsResourceWatcher2);
-    ArgumentCaptor<Status> secondErrorCaptor = ArgumentCaptor.forClass(Status.class);
-    verify(ldsResourceWatcher2).onError(secondErrorCaptor.capture());
-    Status cachedError = secondErrorCaptor.getValue();
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<LdsUpdate>> secondErrorCaptor =
+        ArgumentCaptor.forClass(StatusOr.class);
+    verify(ldsResourceWatcher2, timeout(1000)).onResourceChanged(secondErrorCaptor.capture());
+    StatusOr<LdsUpdate> cachedError = secondErrorCaptor.getValue();
 
     assertThat(cachedError).isEqualTo(initialError);
     assertThat(resourceDiscoveryCalls.poll()).isNull();
@@ -760,7 +770,7 @@ public void ldsResponseErrorHandling_someResourcesFailedUnpack() {
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
     // The response is NACKed with the same error message.
     call.verifyRequestNack(LDS, LDS_RESOURCE, "", "0000", NODE, errors);
-    verify(ldsResourceWatcher).onChanged(any(LdsUpdate.class));
+    verify(ldsResourceWatcher).onResourceChanged(any());
   }
 
   /**
@@ -928,8 +938,10 @@ public void ldsResourceFound_containsVirtualHosts() {
     // Client sends an ACK LDS request.
     call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
@@ -943,8 +955,10 @@ public void wrappedLdsResource() {
     // Client sends an ACK LDS request.
     call.sendResponse(LDS, mf.buildWrappedResource(testListenerVhosts), VERSION_1, "0000");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
@@ -962,8 +976,10 @@ public void wrappedLdsResource_preferWrappedName() {
     call.sendResponse(LDS, mf.buildWrappedResourceWithName(innerResource, LDS_RESOURCE), VERSION_1,
         "0000");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, innerResource, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
@@ -977,8 +993,10 @@ public void ldsResourceFound_containsRdsName() {
 
     // Client sends an ACK LDS request.
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerRds(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerRds(statusOrUpdate.getValue());
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerRds, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
@@ -996,8 +1014,10 @@ public void cachedLdsResource_data() {
 
     ResourceWatcher<LdsUpdate> watcher = mock(ResourceWatcher.class);
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, watcher);
-    verify(watcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerRds(ldsUpdateCaptor.getValue());
+    verify(watcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerRds(statusOrUpdate.getValue());
     call.verifyNoMoreRequest();
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerRds, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
@@ -1009,11 +1029,17 @@ public void cachedLdsResource_absent() {
     DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
         ldsResourceWatcher);
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(ldsResourceWatcher).onResourceDoesNotExist(LDS_RESOURCE);
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isFalse();
+    assertThat(statusOrUpdate.getStatus().getCode()).isEqualTo(Status.Code.NOT_FOUND);
     // Add another watcher.
     ResourceWatcher<LdsUpdate> watcher = mock(ResourceWatcher.class);
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, watcher);
-    verify(watcher).onResourceDoesNotExist(LDS_RESOURCE);
+    verify(watcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate1 = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate1.hasValue()).isFalse();
+    assertThat(statusOrUpdate1.getStatus().getCode()).isEqualTo(Status.Code.NOT_FOUND);
     call.verifyNoMoreRequest();
     verifyResourceMetadataDoesNotExist(LDS, LDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
@@ -1028,15 +1054,19 @@ public void ldsResourceUpdated() {
     // Initial LDS response.
     call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
 
     // Updated LDS response.
     call.sendResponse(LDS, testListenerRds, VERSION_2, "0001");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_2, "0001", NODE);
-    verify(ldsResourceWatcher, times(2)).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerRds(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher, times(2)).onResourceChanged(ldsUpdateCaptor.capture());
+    statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerRds(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerRds, VERSION_2, TIME_INCREMENT * 2);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
     assertThat(channelForCustomAuthority).isNull();
@@ -1052,8 +1082,10 @@ public void cancelResourceWatcherNotRemoveUrlSubscribers() {
     // Initial LDS response.
     call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
 
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(),
@@ -1066,8 +1098,10 @@ public void cancelResourceWatcherNotRemoveUrlSubscribers() {
         mf.buildRouteConfiguration("new", mf.buildOpaqueVirtualHosts(VHOST_SIZE))));
     call.sendResponse(LDS, testListenerVhosts2, VERSION_2, "0001");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_2, "0001", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts2, VERSION_2,
         TIME_INCREMENT * 2);
   }
@@ -1085,8 +1119,10 @@ public void ldsResourceUpdated_withXdstpResourceName() {
         mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(VHOST_SIZE))));
     call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
     call.verifyRequest(LDS, ldsResourceName, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(
         LDS, ldsResourceName, testListenerVhosts, VERSION_1, TIME_INCREMENT);
   }
@@ -1103,8 +1139,10 @@ public void ldsResourceUpdated_withXdstpResourceName_withEmptyAuthority() {
         mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(VHOST_SIZE))));
     call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
     call.verifyRequest(LDS, ldsResourceName, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(
         LDS, ldsResourceName, testListenerVhosts, VERSION_1, TIME_INCREMENT);
   }
@@ -1172,8 +1210,12 @@ public void rdsResourceUpdated_withXdstpResourceName_unknownAuthority() {
         "xdstp://unknown.example.com/envoy.config.route.v3.RouteConfiguration/route1";
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), rdsResourceName,
         rdsResourceWatcher);
-    verify(rdsResourceWatcher).onError(errorCaptor.capture());
-    Status error = errorCaptor.getValue();
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<RdsUpdate>> rdsUpdateCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(rdsResourceWatcher).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> capturedUpdate = rdsUpdateCaptor.getValue();
+    assertThat(capturedUpdate.hasValue()).isFalse();
+    Status error = capturedUpdate.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.INVALID_ARGUMENT);
     assertThat(error.getDescription()).isEqualTo(
         "Wrong configuration: xds server does not exist for resource " + rdsResourceName);
@@ -1207,8 +1249,12 @@ public void cdsResourceUpdated_withXdstpResourceName_unknownAuthority() {
     String cdsResourceName = "xdstp://unknown.example.com/envoy.config.cluster.v3.Cluster/cluster1";
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), cdsResourceName,
         cdsResourceWatcher);
-    verify(cdsResourceWatcher).onError(errorCaptor.capture());
-    Status error = errorCaptor.getValue();
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<CdsUpdate>> cdsUpdateCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> capturedUpdate = cdsUpdateCaptor.getValue();
+    assertThat(capturedUpdate.hasValue()).isFalse();
+    Status error = capturedUpdate.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.INVALID_ARGUMENT);
     assertThat(error.getDescription()).isEqualTo(
         "Wrong configuration: xds server does not exist for resource " + cdsResourceName);
@@ -1247,8 +1293,12 @@ public void edsResourceUpdated_withXdstpResourceName_unknownAuthority() {
         "xdstp://unknown.example.com/envoy.config.endpoint.v3.ClusterLoadAssignment/cluster1";
     xdsClient.watchXdsResource(XdsEndpointResource.getInstance(),
         edsResourceName, edsResourceWatcher);
-    verify(edsResourceWatcher).onError(errorCaptor.capture());
-    Status error = errorCaptor.getValue();
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<EdsUpdate>> edsUpdateCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(edsResourceWatcher).onResourceChanged(edsUpdateCaptor.capture());
+    StatusOr<EdsUpdate> capturedUpdate = edsUpdateCaptor.getValue();
+    assertThat(capturedUpdate.hasValue()).isFalse();
+    Status error = capturedUpdate.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.INVALID_ARGUMENT);
     assertThat(error.getDescription()).isEqualTo(
         "Wrong configuration: xds server does not exist for resource " + edsResourceName);
@@ -1297,11 +1347,13 @@ public void ldsResourceUpdate_withFaultInjection() {
 
     // Client sends an ACK LDS request.
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, listener, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
 
-    LdsUpdate ldsUpdate = ldsUpdateCaptor.getValue();
+    LdsUpdate ldsUpdate = statusOrUpdate.getValue();
     assertThat(ldsUpdate.httpConnectionManager().virtualHosts()).hasSize(2);
     assertThat(ldsUpdate.httpConnectionManager().httpFilterConfigs().get(0).name)
         .isEqualTo("envoy.fault");
@@ -1326,6 +1378,7 @@ public void ldsResourceUpdate_withFaultInjection() {
   @Test
   public void ldsResourceDeleted() {
     Assume.assumeFalse(ignoreResourceDeletion());
+    InOrder inOrder = inOrder(ldsResourceWatcher);
 
     DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
         ldsResourceWatcher);
@@ -1334,15 +1387,20 @@ public void ldsResourceDeleted() {
     // Initial LDS response.
     call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
 
     // Empty LDS response deletes the listener.
     call.sendResponse(LDS, Collections.<Any>emptyList(), VERSION_2, "0001");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_2, "0001", NODE);
-    verify(ldsResourceWatcher).onResourceDoesNotExist(LDS_RESOURCE);
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate1 = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate1.hasValue()).isFalse();
+    assertThat(statusOrUpdate1.getStatus().getCode()).isEqualTo(Status.Code.NOT_FOUND);
     verifyResourceMetadataDoesNotExist(LDS, LDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
   }
@@ -1362,8 +1420,8 @@ public void ldsResourceDeleted_ignoreResourceDeletion() {
     // Initial LDS response.
     call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue().getValue());
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
 
@@ -1371,19 +1429,21 @@ public void ldsResourceDeleted_ignoreResourceDeletion() {
     call.sendResponse(LDS, Collections.emptyList(), VERSION_2, "0001");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_2, "0001", NODE);
     // The resource is still ACKED at VERSION_1 (no changes).
+    verify(ldsResourceWatcher).onAmbientError(
+        argThat(status -> status.getCode() == Status.Code.NOT_FOUND));
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
-    // onResourceDoesNotExist not called
-    verify(ldsResourceWatcher, never()).onResourceDoesNotExist(LDS_RESOURCE);
 
     // Next update is correct, and contains the listener again.
-    call.sendResponse(LDS, testListenerVhosts, VERSION_3, "0003");
+    Any updatedListener = Any.pack(mf.buildListenerWithApiListener(LDS_RESOURCE,
+        mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(VHOST_SIZE + 1))));
+    call.sendResponse(LDS, updatedListener, VERSION_3, "0003");
     call.verifyRequest(LDS, LDS_RESOURCE, VERSION_3, "0003", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher, times(2)).onResourceChanged(ldsUpdateCaptor.capture());
+    assertThat(ldsUpdateCaptor.getValue().getValue().httpConnectionManager().virtualHosts())
+        .hasSize(VHOST_SIZE + 1);
     // LDS is now ACKEd at VERSION_3.
-    verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_3,
-        TIME_INCREMENT * 3);
+    verifyResourceMetadataAcked(LDS, LDS_RESOURCE, updatedListener, VERSION_3, TIME_INCREMENT * 3);
     verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
     verifyNoMoreInteractions(ldsResourceWatcher);
   }
@@ -1405,9 +1465,12 @@ public void multipleLdsWatchers() {
     verifySubscribedResourcesMetadataSizes(2, 0, 0, 0);
 
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(ldsResourceWatcher).onResourceDoesNotExist(LDS_RESOURCE);
-    verify(watcher1).onResourceDoesNotExist(ldsResourceTwo);
-    verify(watcher2).onResourceDoesNotExist(ldsResourceTwo);
+    verify(ldsResourceWatcher).onResourceChanged(argThat(statusOr ->
+        !statusOr.hasValue() && statusOr.getStatus().getDescription().contains(LDS_RESOURCE)));
+    verify(watcher1).onResourceChanged(argThat(statusOr ->
+        !statusOr.hasValue() && statusOr.getStatus().getDescription().contains(ldsResourceTwo)));
+    verify(watcher2).onResourceChanged(argThat(statusOr ->
+        !statusOr.hasValue() && statusOr.getStatus().getDescription().contains(ldsResourceTwo)));
     verifyResourceMetadataDoesNotExist(LDS, LDS_RESOURCE);
     verifyResourceMetadataDoesNotExist(LDS, ldsResourceTwo);
     verifySubscribedResourcesMetadataSizes(2, 0, 0, 0);
@@ -1415,16 +1478,22 @@ public void multipleLdsWatchers() {
     Any listenerTwo = Any.pack(mf.buildListenerWithApiListenerForRds(ldsResourceTwo, RDS_RESOURCE));
     call.sendResponse(LDS, ImmutableList.of(testListenerVhosts, listenerTwo), VERSION_1, "0000");
     // ResourceWatcher called with listenerVhosts.
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher, times(2)).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     // watcher1 called with listenerTwo.
-    verify(watcher1).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerRds(ldsUpdateCaptor.getValue());
-    assertThat(ldsUpdateCaptor.getValue().httpConnectionManager().virtualHosts()).isNull();
+    verify(watcher1, times(2)).onResourceChanged(ldsUpdateCaptor.capture());
+    statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerRds(statusOrUpdate.getValue());
+    assertThat(statusOrUpdate.getValue().httpConnectionManager().virtualHosts()).isNull();
     // watcher2 called with listenerTwo.
-    verify(watcher2).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerRds(ldsUpdateCaptor.getValue());
-    assertThat(ldsUpdateCaptor.getValue().httpConnectionManager().virtualHosts()).isNull();
+    verify(watcher2, times(2)).onResourceChanged(ldsUpdateCaptor.capture());
+    statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerRds(statusOrUpdate.getValue());
+    assertThat(statusOrUpdate.getValue().httpConnectionManager().virtualHosts()).isNull();
     // Metadata of both listeners is stored.
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(LDS, ldsResourceTwo, listenerTwo, VERSION_1, TIME_INCREMENT);
@@ -1446,7 +1515,8 @@ public void rdsResourceNotFound() {
     verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
     // Server failed to return subscribed resource within expected time window.
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(rdsResourceWatcher).onResourceDoesNotExist(RDS_RESOURCE);
+    verify(rdsResourceWatcher).onResourceChanged(argThat(
+        arg -> !arg.hasValue() && arg.getStatus().getDescription().contains(RDS_RESOURCE)));
     assertThat(fakeClock.getPendingTasks(RDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataDoesNotExist(RDS, RDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
@@ -1487,7 +1557,7 @@ public void rdsResponseErrorHandling_someResourcesFailedUnpack() {
     verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
     // The response is NACKed with the same error message.
     call.verifyRequestNack(RDS, RDS_RESOURCE, "", "0000", NODE, errors);
-    verify(rdsResourceWatcher).onChanged(any(RdsUpdate.class));
+    verify(rdsResourceWatcher).onResourceChanged(any());
   }
 
   @Test
@@ -1495,6 +1565,7 @@ public void rdsResponseErrorHandling_nackWeightedSumZero() {
     DiscoveryRpcCall call = startResourceWatcher(XdsRouteConfigureResource.getInstance(),
         RDS_RESOURCE, rdsResourceWatcher);
     verifyResourceMetadataRequested(RDS, RDS_RESOURCE);
+    String expectedErrorDetail = "Sum of cluster weights should be above 0";
 
     io.envoyproxy.envoy.config.route.v3.RouteAction routeAction =
         io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()
@@ -1528,11 +1599,14 @@ public void rdsResponseErrorHandling_nackWeightedSumZero() {
         "RDS response RouteConfiguration \'route-configuration.googleapis.com\' validation error: "
             + "RouteConfiguration contains invalid virtual host: Virtual host [do not care] "
             + "contains invalid route : Route [route-blade] contains invalid RouteAction: "
-            + "Sum of cluster weights should be above 0.");
+            + expectedErrorDetail);
     verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
     // The response is NACKed with the same error message.
     call.verifyRequestNack(RDS, RDS_RESOURCE, "", "0000", NODE, errors);
-    verify(rdsResourceWatcher, never()).onChanged(any(RdsUpdate.class));
+    verify(rdsResourceWatcher).onResourceChanged(argThat(
+        statusOr -> !statusOr.hasValue() && statusOr.getStatus().getDescription()
+            .contains(expectedErrorDetail)));
+    verify(rdsResourceWatcher, never()).onResourceChanged(argThat(StatusOr::hasValue));
   }
 
   /**
@@ -1614,8 +1688,10 @@ public void rdsResourceFound() {
 
     // Client sends an ACK RDS request.
     call.verifyRequest(RDS, RDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(rdsResourceWatcher).onChanged(rdsUpdateCaptor.capture());
-    verifyGoldenRouteConfig(rdsUpdateCaptor.getValue());
+    verify(rdsResourceWatcher).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> statusOrUpdate = rdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenRouteConfig(statusOrUpdate.getValue());
     assertThat(fakeClock.getPendingTasks(RDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
@@ -1629,8 +1705,10 @@ public void wrappedRdsResource() {
 
     // Client sends an ACK RDS request.
     call.verifyRequest(RDS, RDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(rdsResourceWatcher).onChanged(rdsUpdateCaptor.capture());
-    verifyGoldenRouteConfig(rdsUpdateCaptor.getValue());
+    verify(rdsResourceWatcher).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> statusOrUpdate = rdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenRouteConfig(statusOrUpdate.getValue());
     assertThat(fakeClock.getPendingTasks(RDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
@@ -1648,8 +1726,10 @@ public void cachedRdsResource_data() {
 
     ResourceWatcher<RdsUpdate> watcher = mock(ResourceWatcher.class);
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE, watcher);
-    verify(watcher).onChanged(rdsUpdateCaptor.capture());
-    verifyGoldenRouteConfig(rdsUpdateCaptor.getValue());
+    verify(watcher).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> statusOrUpdate = rdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenRouteConfig(statusOrUpdate.getValue());
     call.verifyNoMoreRequest();
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
@@ -1661,11 +1741,15 @@ public void cachedRdsResource_absent() {
     DiscoveryRpcCall call = startResourceWatcher(XdsRouteConfigureResource.getInstance(),
         RDS_RESOURCE, rdsResourceWatcher);
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(rdsResourceWatcher).onResourceDoesNotExist(RDS_RESOURCE);
+    verify(rdsResourceWatcher).onResourceChanged(argThat(statusOr ->
+        !statusOr.hasValue() && statusOr.getStatus().getDescription().contains(RDS_RESOURCE)
+            && statusOr.getStatus().getDescription().contains(RDS_RESOURCE)));
     // Add another watcher.
     ResourceWatcher<RdsUpdate> watcher = mock(ResourceWatcher.class);
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE, watcher);
-    verify(watcher).onResourceDoesNotExist(RDS_RESOURCE);
+    verify(watcher).onResourceChanged(argThat(statusOr ->
+        !statusOr.hasValue() && statusOr.getStatus().getDescription().contains(RDS_RESOURCE)
+            && statusOr.getStatus().getDescription().contains(RDS_RESOURCE)));
     call.verifyNoMoreRequest();
     verifyResourceMetadataDoesNotExist(RDS, RDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(0, 0, 1, 0);
@@ -1680,8 +1764,10 @@ public void rdsResourceUpdated() {
     // Initial RDS response.
     call.sendResponse(RDS, testRouteConfig, VERSION_1, "0000");
     call.verifyRequest(RDS, RDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(rdsResourceWatcher).onChanged(rdsUpdateCaptor.capture());
-    verifyGoldenRouteConfig(rdsUpdateCaptor.getValue());
+    verify(rdsResourceWatcher).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> statusOrUpdate = rdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenRouteConfig(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT);
 
     // Updated RDS response.
@@ -1691,8 +1777,10 @@ public void rdsResourceUpdated() {
 
     // Client sends an ACK RDS request.
     call.verifyRequest(RDS, RDS_RESOURCE, VERSION_2, "0001", NODE);
-    verify(rdsResourceWatcher, times(2)).onChanged(rdsUpdateCaptor.capture());
-    assertThat(rdsUpdateCaptor.getValue().virtualHosts).hasSize(4);
+    verify(rdsResourceWatcher, times(2)).onResourceChanged(rdsUpdateCaptor.capture());
+    statusOrUpdate = rdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    assertThat(statusOrUpdate.getValue().virtualHosts).hasSize(4);
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, routeConfigUpdated, VERSION_2,
         TIME_INCREMENT * 2);
   }
@@ -1739,15 +1827,19 @@ public void rdsResourceDeletedByLdsApiListener() {
 
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     call.sendResponse(LDS, testListenerRds, VERSION_1, "0000");
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerRds(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerRds(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerRds, VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataRequested(RDS, RDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(1, 0, 1, 0);
 
     call.sendResponse(RDS, testRouteConfig, VERSION_1, "0000");
-    verify(rdsResourceWatcher).onChanged(rdsUpdateCaptor.capture());
-    verifyGoldenRouteConfig(rdsUpdateCaptor.getValue());
+    verify(rdsResourceWatcher).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> statusOrUpdate1 = rdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenRouteConfig(statusOrUpdate1.getValue());
     verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerRds, VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT * 2);
     verifySubscribedResourcesMetadataSizes(1, 0, 1, 0);
@@ -1757,8 +1849,10 @@ public void rdsResourceDeletedByLdsApiListener() {
     // Note that this must work the same despite the ignore_resource_deletion feature is on.
     // This happens because the Listener is getting replaced, and not deleted.
     call.sendResponse(LDS, testListenerVhosts, VERSION_2, "0001");
-    verify(ldsResourceWatcher, times(2)).onChanged(ldsUpdateCaptor.capture());
-    verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+    verify(ldsResourceWatcher, times(2)).onResourceChanged(ldsUpdateCaptor.capture());
+    statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
     verifyNoMoreInteractions(rdsResourceWatcher);
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT * 2);
     verifyResourceMetadataAcked(
@@ -1790,11 +1884,13 @@ public void rdsResourcesDeletedByLdsTcpListener() {
     // referencing RDS_RESOURCE.
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     call.sendResponse(LDS, packedListener, VERSION_1, "0000");
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
 
-    assertThat(ldsUpdateCaptor.getValue().listener().filterChains()).hasSize(1);
+    assertThat(statusOrUpdate.getValue().listener().filterChains()).hasSize(1);
     FilterChain parsedFilterChain = Iterables.getOnlyElement(
-        ldsUpdateCaptor.getValue().listener().filterChains());
+        statusOrUpdate.getValue().listener().filterChains());
     assertThat(parsedFilterChain.httpConnectionManager().rdsName()).isEqualTo(RDS_RESOURCE);
     verifyResourceMetadataAcked(LDS, LISTENER_RESOURCE, packedListener, VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataRequested(RDS, RDS_RESOURCE);
@@ -1802,8 +1898,10 @@ public void rdsResourcesDeletedByLdsTcpListener() {
 
     // Simulates receiving the requested RDS resource.
     call.sendResponse(RDS, testRouteConfig, VERSION_1, "0000");
-    verify(rdsResourceWatcher).onChanged(rdsUpdateCaptor.capture());
-    verifyGoldenRouteConfig(rdsUpdateCaptor.getValue());
+    verify(rdsResourceWatcher).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> statusOrUpdate1 = rdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenRouteConfig(statusOrUpdate1.getValue());
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT * 2);
 
     // Simulates receiving an updated version of the requested LDS resource as a TCP listener
@@ -1821,12 +1919,15 @@ public void rdsResourcesDeletedByLdsTcpListener() {
     packedListener =
         Any.pack(mf.buildListenerWithFilterChain(LISTENER_RESOURCE, 7000, "0.0.0.0", filterChain));
     call.sendResponse(LDS, packedListener, VERSION_2, "0001");
-    verify(ldsResourceWatcher, times(2)).onChanged(ldsUpdateCaptor.capture());
-    assertThat(ldsUpdateCaptor.getValue().listener().filterChains()).hasSize(1);
+    verify(ldsResourceWatcher, times(2)).onResourceChanged(ldsUpdateCaptor.capture());
+    statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    assertThat(statusOrUpdate.getValue().listener().filterChains()).hasSize(1);
     parsedFilterChain = Iterables.getOnlyElement(
-        ldsUpdateCaptor.getValue().listener().filterChains());
+        statusOrUpdate.getValue().listener().filterChains());
     assertThat(parsedFilterChain.httpConnectionManager().virtualHosts()).hasSize(VHOST_SIZE);
-    verify(rdsResourceWatcher, never()).onResourceDoesNotExist(RDS_RESOURCE);
+    verify(rdsResourceWatcher, never()).onResourceChanged(argThat(statusOr ->
+        !statusOr.hasValue() && statusOr.getStatus().getDescription().equals(RDS_RESOURCE)));
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT * 2);
     verifyResourceMetadataAcked(
         LDS, LISTENER_RESOURCE, packedListener, VERSION_2, TIME_INCREMENT * 3);
@@ -1851,16 +1952,25 @@ public void multipleRdsWatchers() {
     verifySubscribedResourcesMetadataSizes(0, 0, 2, 0);
 
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(rdsResourceWatcher).onResourceDoesNotExist(RDS_RESOURCE);
-    verify(watcher1).onResourceDoesNotExist(rdsResourceTwo);
-    verify(watcher2).onResourceDoesNotExist(rdsResourceTwo);
+    verify(rdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Status.Code.NOT_FOUND));
+    verify(watcher1).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Status.Code.NOT_FOUND));
+    verify(watcher2).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Status.Code.NOT_FOUND));
     verifyResourceMetadataDoesNotExist(RDS, RDS_RESOURCE);
     verifyResourceMetadataDoesNotExist(RDS, rdsResourceTwo);
     verifySubscribedResourcesMetadataSizes(0, 0, 2, 0);
 
     call.sendResponse(RDS, testRouteConfig, VERSION_1, "0000");
-    verify(rdsResourceWatcher).onChanged(rdsUpdateCaptor.capture());
-    verifyGoldenRouteConfig(rdsUpdateCaptor.getValue());
+    ArgumentCaptor<StatusOr<RdsUpdate>> rdsUpdateCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(rdsResourceWatcher, times(2)).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> capturedUpdate1 = rdsUpdateCaptor.getAllValues().get(1);
+    assertThat(capturedUpdate1.hasValue()).isTrue();
+    verifyGoldenRouteConfig(capturedUpdate1.getValue());
     verifyNoMoreInteractions(watcher1, watcher2);
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataDoesNotExist(RDS, rdsResourceTwo);
@@ -1869,13 +1979,22 @@ public void multipleRdsWatchers() {
     Any routeConfigTwo =
         Any.pack(mf.buildRouteConfiguration(rdsResourceTwo, mf.buildOpaqueVirtualHosts(4)));
     call.sendResponse(RDS, routeConfigTwo, VERSION_2, "0002");
-    verify(watcher1).onChanged(rdsUpdateCaptor.capture());
-    assertThat(rdsUpdateCaptor.getValue().virtualHosts).hasSize(4);
-    verify(watcher2).onChanged(rdsUpdateCaptor.capture());
-    assertThat(rdsUpdateCaptor.getValue().virtualHosts).hasSize(4);
+    ArgumentCaptor<StatusOr<RdsUpdate>> watcher1Captor =
+        ArgumentCaptor.forClass(StatusOr.class);
+    verify(watcher1, times(2)).onResourceChanged(watcher1Captor.capture());
+    StatusOr<RdsUpdate> capturedUpdate2 = watcher1Captor.getAllValues().get(1);
+    assertThat(capturedUpdate2.hasValue()).isTrue();
+    assertThat(capturedUpdate2.getValue().virtualHosts).hasSize(4);
+    ArgumentCaptor<StatusOr<RdsUpdate>> watcher2Captor =
+        ArgumentCaptor.forClass(StatusOr.class);
+    verify(watcher2, times(2)).onResourceChanged(watcher2Captor.capture());
+    StatusOr<RdsUpdate> capturedUpdate3 = watcher2Captor.getAllValues().get(1);
+    assertThat(capturedUpdate3.hasValue()).isTrue();
+    assertThat(capturedUpdate3.getValue().virtualHosts).hasSize(4);
     verifyNoMoreInteractions(rdsResourceWatcher);
     verifyResourceMetadataAcked(RDS, RDS_RESOURCE, testRouteConfig, VERSION_1, TIME_INCREMENT);
-    verifyResourceMetadataAcked(RDS, rdsResourceTwo, routeConfigTwo, VERSION_2, TIME_INCREMENT * 2);
+    verifyResourceMetadataAcked(RDS, rdsResourceTwo, routeConfigTwo, VERSION_2,
+        TIME_INCREMENT * 2);
     verifySubscribedResourcesMetadataSizes(0, 0, 2, 0);
   }
 
@@ -1898,7 +2017,8 @@ public void cdsResourceNotFound() {
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
     // Server failed to return subscribed resource within expected time window.
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(cdsResourceWatcher).onResourceDoesNotExist(CDS_RESOURCE);
+    verify(cdsResourceWatcher).onResourceChanged(argThat(
+        arg -> !arg.hasValue() && arg.getStatus().getDescription().contains(CDS_RESOURCE)));
     assertThat(fakeClock.getPendingTasks(CDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataDoesNotExist(CDS, CDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
@@ -1940,7 +2060,7 @@ public void cdsResponseErrorHandling_someResourcesFailedUnpack() {
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
     // The response is NACKed with the same error message.
     call.verifyRequestNack(CDS, CDS_RESOURCE, "", "0000", NODE, errors);
-    verify(cdsResourceWatcher).onChanged(any(CdsUpdate.class));
+    verify(cdsResourceWatcher).onResourceChanged(any());
   }
 
   /**
@@ -2130,8 +2250,10 @@ public void cdsResourceFound() {
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    verifyGoldenClusterRoundRobin(cdsUpdateCaptor.getValue());
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenClusterRoundRobin(statusOrUpdate.getValue());
     assertThat(fakeClock.getPendingTasks(CDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_1,
         TIME_INCREMENT);
@@ -2146,8 +2268,10 @@ public void wrappedCdsResource() {
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    verifyGoldenClusterRoundRobin(cdsUpdateCaptor.getValue());
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenClusterRoundRobin(statusOrUpdate.getValue());
     assertThat(fakeClock.getPendingTasks(CDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_1,
         TIME_INCREMENT);
@@ -2167,8 +2291,10 @@ public void cdsResourceFound_leastRequestLbPolicy() {
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
     assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
     assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.EDS);
     assertThat(cdsUpdate.edsServiceName()).isNull();
@@ -2199,8 +2325,10 @@ public void cdsResourceFound_ringHashLbPolicy() {
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
     assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
     assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.EDS);
     assertThat(cdsUpdate.edsServiceName()).isNull();
@@ -2230,8 +2358,10 @@ public void cdsResponseWithAggregateCluster() {
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
     assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
     assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.AGGREGATE);
     LbConfig lbConfig = ServiceConfigUtil.unwrapLoadBalancingConfig(cdsUpdate.lbPolicyConfig());
@@ -2257,8 +2387,8 @@ public void cdsResponseWithEmptyAggregateCluster() {
     String errorMsg = "CDS response Cluster 'cluster.googleapis.com' validation error: "
         + "Cluster cluster.googleapis.com: aggregate ClusterConfig.clusters must not be empty";
     call.verifyRequestNack(CDS, CDS_RESOURCE, "", "0000", NODE, ImmutableList.of(errorMsg));
-    verify(cdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    verifyStatusWithNodeId(cdsUpdateCaptor.getValue().getStatus(), Code.UNAVAILABLE, errorMsg);
   }
 
   @Test
@@ -2272,8 +2402,10 @@ public void cdsResponseWithCircuitBreakers() {
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
     assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
     assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.EDS);
     assertThat(cdsUpdate.edsServiceName()).isNull();
@@ -2315,8 +2447,10 @@ public void cdsResponseWithUpstreamTlsContext() {
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
     verify(cdsResourceWatcher, times(1))
-        .onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+        .onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
     CertificateProviderPluginInstance certificateProviderInstance =
         cdsUpdate.upstreamTlsContext().getCommonTlsContext().getCombinedValidationContext()
             .getDefaultValidationContext().getCaCertificateProviderInstance();
@@ -2350,8 +2484,10 @@ public void cdsResponseWithNewUpstreamTlsContext() {
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher, times(1)).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher, times(1)).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
     CertificateProviderPluginInstance certificateProviderInstance =
         cdsUpdate.upstreamTlsContext().getCommonTlsContext().getValidationContext()
             .getCaCertificateProviderInstance();
@@ -2383,8 +2519,8 @@ public void cdsResponseErrorHandling_badUpstreamTlsContext() {
         + "ca_certificate_provider_instance or system_root_certs is required in "
         + "upstream-tls-context";
     call.verifyRequestNack(CDS, CDS_RESOURCE, "", "0000", NODE, ImmutableList.of(errorMsg));
-    verify(cdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    verifyStatusWithNodeId(cdsUpdateCaptor.getValue().getStatus(), Code.UNAVAILABLE, errorMsg);
   }
 
   /**
@@ -2425,8 +2561,10 @@ public void cdsResponseWithOutlierDetection() {
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher, times(1)).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher, times(1)).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
 
     // The outlier detection config in CdsUpdate should match what we get from xDS.
     EnvoyServerProtoData.OutlierDetection outlierDetection = cdsUpdate.outlierDetection();
@@ -2486,8 +2624,8 @@ public void cdsResponseWithInvalidOutlierDetectionNacks() {
         + "io.grpc.xds.client.XdsResourceType$ResourceInvalidException: outlier_detection "
         + "max_ejection_percent is > 100";
     call.verifyRequestNack(CDS, CDS_RESOURCE, "", "0000", NODE, ImmutableList.of(errorMsg));
-    verify(cdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    verifyStatusWithNodeId(cdsUpdateCaptor.getValue().getStatus(), Code.UNAVAILABLE, errorMsg);
   }
 
   @Test(expected = ResourceInvalidException.class)
@@ -2581,8 +2719,8 @@ public void cdsResponseErrorHandling_badTransportSocketName() {
     String errorMsg = "CDS response Cluster 'cluster.googleapis.com' validation error: "
         + "transport-socket with name envoy.transport_sockets.bad not supported.";
     call.verifyRequestNack(CDS, CDS_RESOURCE, "", "0000", NODE, ImmutableList.of(errorMsg));
-    verify(cdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    verifyStatusWithNodeId(cdsUpdateCaptor.getValue().getStatus(), Code.UNAVAILABLE, errorMsg);
   }
 
   @Test
@@ -2624,8 +2762,10 @@ public void cachedCdsResource_data() {
 
     ResourceWatcher<CdsUpdate> watcher = mock(ResourceWatcher.class);
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, watcher);
-    verify(watcher).onChanged(cdsUpdateCaptor.capture());
-    verifyGoldenClusterRoundRobin(cdsUpdateCaptor.getValue());
+    verify(watcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenClusterRoundRobin(statusOrUpdate.getValue());
     call.verifyNoMoreRequest();
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_1,
         TIME_INCREMENT);
@@ -2639,10 +2779,12 @@ public void cachedCdsResource_absent() {
     DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
         cdsResourceWatcher);
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(cdsResourceWatcher).onResourceDoesNotExist(CDS_RESOURCE);
+    verify(cdsResourceWatcher).onResourceChanged(argThat(
+        arg -> !arg.hasValue() && arg.getStatus().getDescription().contains(CDS_RESOURCE)));
     ResourceWatcher<CdsUpdate> watcher = mock(ResourceWatcher.class);
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, watcher);
-    verify(watcher).onResourceDoesNotExist(CDS_RESOURCE);
+    verify(watcher).onResourceChanged(argThat(
+        arg -> !arg.hasValue() && arg.getStatus().getDescription().contains(CDS_RESOURCE)));
     call.verifyNoMoreRequest();
     verifyResourceMetadataDoesNotExist(CDS, CDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
@@ -2662,8 +2804,10 @@ public void cdsResourceUpdated() {
             null, null, false, null, null));
     call.sendResponse(CDS, clusterDns, VERSION_1, "0000");
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
     assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
     assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.LOGICAL_DNS);
     assertThat(cdsUpdate.dnsHostName()).isEqualTo(dnsHostAddr + ":" + dnsHostPort);
@@ -2685,8 +2829,10 @@ public void cdsResourceUpdated() {
         ));
     call.sendResponse(CDS, clusterEds, VERSION_2, "0001");
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_2, "0001", NODE);
-    verify(cdsResourceWatcher, times(2)).onChanged(cdsUpdateCaptor.capture());
-    cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher, times(2)).onResourceChanged(cdsUpdateCaptor.capture());
+    statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    cdsUpdate = statusOrUpdate.getValue();
     assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
     assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.EDS);
     assertThat(cdsUpdate.edsServiceName()).isEqualTo(edsService);
@@ -2727,27 +2873,27 @@ public void cdsResourceUpdatedWithDuplicate() {
 
     // Configure with round robin, the update should be sent to the watcher.
     call.sendResponse(CDS, roundRobinConfig, VERSION_2, "0001");
-    verify(cdsResourceWatcher, times(1)).onChanged(isA(CdsUpdate.class));
+    verify(cdsResourceWatcher, times(1)).onResourceChanged(argThat(StatusOr::hasValue));
 
     // Second update is identical, watcher should not get an additional update.
     call.sendResponse(CDS, roundRobinConfig, VERSION_2, "0002");
-    verify(cdsResourceWatcher, times(1)).onChanged(isA(CdsUpdate.class));
+    verify(cdsResourceWatcher, times(1)).onResourceChanged(any());
 
     // Now we switch to ring hash so the watcher should be notified.
     call.sendResponse(CDS, ringHashConfig, VERSION_2, "0003");
-    verify(cdsResourceWatcher, times(2)).onChanged(isA(CdsUpdate.class));
+    verify(cdsResourceWatcher, times(2)).onResourceChanged(argThat(StatusOr::hasValue));
 
     // Second update to ring hash should not result in watcher being notified.
     call.sendResponse(CDS, ringHashConfig, VERSION_2, "0004");
-    verify(cdsResourceWatcher, times(2)).onChanged(isA(CdsUpdate.class));
+    verify(cdsResourceWatcher, times(2)).onResourceChanged(any());
 
     // Now we switch to least request so the watcher should be notified.
     call.sendResponse(CDS, leastRequestConfig, VERSION_2, "0005");
-    verify(cdsResourceWatcher, times(3)).onChanged(isA(CdsUpdate.class));
+    verify(cdsResourceWatcher, times(3)).onResourceChanged(argThat(StatusOr::hasValue));
 
     // Second update to least request should not result in watcher being notified.
     call.sendResponse(CDS, leastRequestConfig, VERSION_2, "0006");
-    verify(cdsResourceWatcher, times(3)).onChanged(isA(CdsUpdate.class));
+    verify(cdsResourceWatcher, times(3)).onResourceChanged(any());
   }
 
   @Test
@@ -2761,8 +2907,10 @@ public void cdsResourceDeleted() {
     // Initial CDS response.
     call.sendResponse(CDS, testClusterRoundRobin, VERSION_1, "0000");
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    verifyGoldenClusterRoundRobin(cdsUpdateCaptor.getValue());
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenClusterRoundRobin(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_1,
         TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
@@ -2770,7 +2918,8 @@ public void cdsResourceDeleted() {
     // Empty CDS response deletes the cluster.
     call.sendResponse(CDS, Collections.<Any>emptyList(), VERSION_2, "0001");
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_2, "0001", NODE);
-    verify(cdsResourceWatcher).onResourceDoesNotExist(CDS_RESOURCE);
+    verify(cdsResourceWatcher).onResourceChanged(argThat(
+        arg -> !arg.hasValue() && arg.getStatus().getDescription().contains(CDS_RESOURCE)));
     verifyResourceMetadataDoesNotExist(CDS, CDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
   }
@@ -2790,8 +2939,10 @@ public void cdsResourceDeleted_ignoreResourceDeletion() {
     // Initial CDS response.
     call.sendResponse(CDS, testClusterRoundRobin, VERSION_1, "0000");
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    verifyGoldenClusterRoundRobin(cdsUpdateCaptor.getValue());
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenClusterRoundRobin(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_1,
         TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
@@ -2805,13 +2956,16 @@ public void cdsResourceDeleted_ignoreResourceDeletion() {
         TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
     // onResourceDoesNotExist must not be called.
-    verify(ldsResourceWatcher, never()).onResourceDoesNotExist(CDS_RESOURCE);
+    verify(ldsResourceWatcher, never()).onResourceChanged(argThat(
+        arg -> !arg.hasValue() && arg.getStatus().getDescription().contains(CDS_RESOURCE)));
 
     // Next update is correct, and contains the cluster again.
     call.sendResponse(CDS, testClusterRoundRobin, VERSION_3, "0003");
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_3, "0003", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    verifyGoldenClusterRoundRobin(cdsUpdateCaptor.getValue());
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenClusterRoundRobin(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_3,
         TIME_INCREMENT * 3);
     verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
@@ -2834,9 +2988,12 @@ public void multipleCdsWatchers() {
     verifySubscribedResourcesMetadataSizes(0, 2, 0, 0);
 
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(cdsResourceWatcher).onResourceDoesNotExist(CDS_RESOURCE);
-    verify(watcher1).onResourceDoesNotExist(cdsResourceTwo);
-    verify(watcher2).onResourceDoesNotExist(cdsResourceTwo);
+    verify(cdsResourceWatcher).onResourceChanged(argThat(statusOr ->
+        statusOr.getStatus().getDescription().contains(CDS_RESOURCE)));
+    verify(watcher1).onResourceChanged(argThat(statusOr ->
+        statusOr.getStatus().getDescription().contains(cdsResourceTwo)));
+    verify(watcher2).onResourceChanged(argThat(statusOr ->
+        statusOr.getStatus().getDescription().contains(cdsResourceTwo)));
     verifyResourceMetadataDoesNotExist(CDS, CDS_RESOURCE);
     verifyResourceMetadataDoesNotExist(CDS, cdsResourceTwo);
     verifySubscribedResourcesMetadataSizes(0, 2, 0, 0);
@@ -2850,45 +3007,54 @@ public void multipleCdsWatchers() {
         Any.pack(mf.buildEdsCluster(cdsResourceTwo, edsService, "round_robin", null, null, true,
             null, "envoy.transport_sockets.tls", null, null)));
     call.sendResponse(CDS, clusters, VERSION_1, "0000");
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
-    assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
-    assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.LOGICAL_DNS);
-    assertThat(cdsUpdate.dnsHostName()).isEqualTo(dnsHostAddr + ":" + dnsHostPort);
-    LbConfig lbConfig = ServiceConfigUtil.unwrapLoadBalancingConfig(cdsUpdate.lbPolicyConfig());
+    ArgumentCaptor<StatusOr<CdsUpdate>> cdsUpdateCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(cdsResourceWatcher, times(2)).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> capturedUpdate1 = cdsUpdateCaptor.getAllValues().get(1);
+    assertThat(capturedUpdate1.hasValue()).isTrue();
+    CdsUpdate cdsUpdate1 = capturedUpdate1.getValue();
+    assertThat(cdsUpdate1.clusterName()).isEqualTo(CDS_RESOURCE);
+    assertThat(cdsUpdate1.clusterType()).isEqualTo(ClusterType.LOGICAL_DNS);
+    assertThat(cdsUpdate1.dnsHostName()).isEqualTo(dnsHostAddr + ":" + dnsHostPort);
+    LbConfig lbConfig = ServiceConfigUtil.unwrapLoadBalancingConfig(cdsUpdate1.lbPolicyConfig());
     assertThat(lbConfig.getPolicyName()).isEqualTo("wrr_locality_experimental");
     List<LbConfig> childConfigs = ServiceConfigUtil.unwrapLoadBalancingConfigList(
         JsonUtil.getListOfObjects(lbConfig.getRawConfigValue(), "childPolicy"));
     assertThat(childConfigs.get(0).getPolicyName()).isEqualTo("round_robin");
-    assertThat(cdsUpdate.lrsServerInfo()).isNull();
-    assertThat(cdsUpdate.maxConcurrentRequests()).isNull();
-    assertThat(cdsUpdate.upstreamTlsContext()).isNull();
-    verify(watcher1).onChanged(cdsUpdateCaptor.capture());
-    cdsUpdate = cdsUpdateCaptor.getValue();
-    assertThat(cdsUpdate.clusterName()).isEqualTo(cdsResourceTwo);
-    assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.EDS);
-    assertThat(cdsUpdate.edsServiceName()).isEqualTo(edsService);
-    lbConfig = ServiceConfigUtil.unwrapLoadBalancingConfig(cdsUpdate.lbPolicyConfig());
+    assertThat(cdsUpdate1.lrsServerInfo()).isNull();
+    assertThat(cdsUpdate1.maxConcurrentRequests()).isNull();
+    assertThat(cdsUpdate1.upstreamTlsContext()).isNull();
+    ArgumentCaptor<StatusOr<CdsUpdate>> watcher1Captor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(watcher1, times(2)).onResourceChanged(watcher1Captor.capture());
+    StatusOr<CdsUpdate> capturedUpdate2 = watcher1Captor.getAllValues().get(1);
+    assertThat(capturedUpdate2.hasValue()).isTrue();
+    CdsUpdate cdsUpdate2 = capturedUpdate2.getValue();
+    assertThat(cdsUpdate2.clusterName()).isEqualTo(cdsResourceTwo);
+    assertThat(cdsUpdate2.clusterType()).isEqualTo(ClusterType.EDS);
+    assertThat(cdsUpdate2.edsServiceName()).isEqualTo(edsService);
+    lbConfig = ServiceConfigUtil.unwrapLoadBalancingConfig(cdsUpdate2.lbPolicyConfig());
     assertThat(lbConfig.getPolicyName()).isEqualTo("wrr_locality_experimental");
     childConfigs = ServiceConfigUtil.unwrapLoadBalancingConfigList(
         JsonUtil.getListOfObjects(lbConfig.getRawConfigValue(), "childPolicy"));
     assertThat(childConfigs.get(0).getPolicyName()).isEqualTo("round_robin");
-    assertThat(cdsUpdate.lrsServerInfo()).isEqualTo(xdsServerInfo);
-    assertThat(cdsUpdate.maxConcurrentRequests()).isNull();
-    assertThat(cdsUpdate.upstreamTlsContext()).isNull();
-    verify(watcher2).onChanged(cdsUpdateCaptor.capture());
-    cdsUpdate = cdsUpdateCaptor.getValue();
-    assertThat(cdsUpdate.clusterName()).isEqualTo(cdsResourceTwo);
-    assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.EDS);
-    assertThat(cdsUpdate.edsServiceName()).isEqualTo(edsService);
-    lbConfig = ServiceConfigUtil.unwrapLoadBalancingConfig(cdsUpdate.lbPolicyConfig());
+    assertThat(cdsUpdate2.lrsServerInfo()).isEqualTo(xdsServerInfo);
+    assertThat(cdsUpdate2.maxConcurrentRequests()).isNull();
+    assertThat(cdsUpdate2.upstreamTlsContext()).isNull();
+    ArgumentCaptor<StatusOr<CdsUpdate>> watcher2Captor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(watcher2, times(2)).onResourceChanged(watcher2Captor.capture());
+    StatusOr<CdsUpdate> capturedUpdate3 = watcher2Captor.getAllValues().get(1);
+    assertThat(capturedUpdate3.hasValue()).isTrue();
+    CdsUpdate cdsUpdate3 = capturedUpdate3.getValue();
+    assertThat(cdsUpdate3.clusterName()).isEqualTo(cdsResourceTwo);
+    assertThat(cdsUpdate3.clusterType()).isEqualTo(ClusterType.EDS);
+    assertThat(cdsUpdate3.edsServiceName()).isEqualTo(edsService);
+    lbConfig = ServiceConfigUtil.unwrapLoadBalancingConfig(cdsUpdate3.lbPolicyConfig());
     assertThat(lbConfig.getPolicyName()).isEqualTo("wrr_locality_experimental");
     childConfigs = ServiceConfigUtil.unwrapLoadBalancingConfigList(
         JsonUtil.getListOfObjects(lbConfig.getRawConfigValue(), "childPolicy"));
     assertThat(childConfigs.get(0).getPolicyName()).isEqualTo("round_robin");
-    assertThat(cdsUpdate.lrsServerInfo()).isEqualTo(xdsServerInfo);
-    assertThat(cdsUpdate.maxConcurrentRequests()).isNull();
-    assertThat(cdsUpdate.upstreamTlsContext()).isNull();
+    assertThat(cdsUpdate3.lrsServerInfo()).isEqualTo(xdsServerInfo);
+    assertThat(cdsUpdate3.maxConcurrentRequests()).isNull();
+    assertThat(cdsUpdate3.upstreamTlsContext()).isNull();
     // Metadata of both clusters is stored.
     verifyResourceMetadataAcked(CDS, CDS_RESOURCE, clusters.get(0), VERSION_1, TIME_INCREMENT);
     verifyResourceMetadataAcked(CDS, cdsResourceTwo, clusters.get(1), VERSION_1, TIME_INCREMENT);
@@ -2912,7 +3078,8 @@ public void edsResourceNotFound() {
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 1);
     // Server failed to return subscribed resource within expected time window.
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(edsResourceWatcher).onResourceDoesNotExist(EDS_RESOURCE);
+    verify(edsResourceWatcher).onResourceChanged(argThat(statusOr ->
+        statusOr.getStatus().getDescription().contains(EDS_RESOURCE)));
     assertThat(fakeClock.getPendingTasks(EDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
     verifyResourceMetadataDoesNotExist(EDS, EDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 1);
@@ -2936,7 +3103,7 @@ public void edsCleanupNonceAfterUnsubscription() {
     call.sendResponse(EDS, resourcesV1.values().asList(), VERSION_1, "0000");
     // {A.1} -> ACK, version 1
     call.verifyRequest(EDS, "A.1", VERSION_1, "0000", NODE);
-    verify(edsResourceWatcher, times(1)).onChanged(any());
+    verify(edsResourceWatcher, times(1)).onResourceChanged(any());
 
     // trigger an EDS resource unsubscription.
     xdsClient.cancelXdsResourceWatch(XdsEndpointResource.getInstance(), "A.1", edsResourceWatcher);
@@ -2987,8 +3154,10 @@ public void edsResponseErrorHandling_someResourcesFailedUnpack() {
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 1);
     // The response is NACKed with the same error message.
     call.verifyRequestNack(EDS, EDS_RESOURCE, "", "0000", NODE, errors);
-    verify(edsResourceWatcher).onChanged(edsUpdateCaptor.capture());
-    EdsUpdate edsUpdate = edsUpdateCaptor.getValue();
+    verify(edsResourceWatcher).onResourceChanged(edsUpdateCaptor.capture());
+    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    EdsUpdate edsUpdate = statusOrUpdate.getValue();
     assertThat(edsUpdate.clusterName).isEqualTo(EDS_RESOURCE);
   }
 
@@ -3072,8 +3241,10 @@ public void edsResourceFound() {
 
     // Client sent an ACK EDS request.
     call.verifyRequest(EDS, EDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(edsResourceWatcher).onChanged(edsUpdateCaptor.capture());
-    validateGoldenClusterLoadAssignment(edsUpdateCaptor.getValue());
+    verify(edsResourceWatcher).onResourceChanged(edsUpdateCaptor.capture());
+    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    validateGoldenClusterLoadAssignment(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(EDS, EDS_RESOURCE, testClusterLoadAssignment, VERSION_1,
         TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 1);
@@ -3087,8 +3258,10 @@ public void wrappedEdsResourceFound() {
 
     // Client sent an ACK EDS request.
     call.verifyRequest(EDS, EDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(edsResourceWatcher).onChanged(edsUpdateCaptor.capture());
-    validateGoldenClusterLoadAssignment(edsUpdateCaptor.getValue());
+    verify(edsResourceWatcher).onResourceChanged(edsUpdateCaptor.capture());
+    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    validateGoldenClusterLoadAssignment(statusOrUpdate.getValue());
     verifyResourceMetadataAcked(EDS, EDS_RESOURCE, testClusterLoadAssignment, VERSION_1,
         TIME_INCREMENT);
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 1);
@@ -3106,8 +3279,10 @@ public void cachedEdsResource_data() {
     // Add another watcher.
     ResourceWatcher<EdsUpdate> watcher = mock(ResourceWatcher.class);
     xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, watcher);
-    verify(watcher).onChanged(edsUpdateCaptor.capture());
-    validateGoldenClusterLoadAssignment(edsUpdateCaptor.getValue());
+    verify(watcher).onResourceChanged(edsUpdateCaptor.capture());
+    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    validateGoldenClusterLoadAssignment(statusOrUpdate.getValue());
     call.verifyNoMoreRequest();
     verifyResourceMetadataAcked(EDS, EDS_RESOURCE, testClusterLoadAssignment, VERSION_1,
         TIME_INCREMENT);
@@ -3120,10 +3295,12 @@ public void cachedEdsResource_absent() {
     DiscoveryRpcCall call = startResourceWatcher(XdsEndpointResource.getInstance(), EDS_RESOURCE,
         edsResourceWatcher);
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(edsResourceWatcher).onResourceDoesNotExist(EDS_RESOURCE);
+    verify(edsResourceWatcher).onResourceChanged(argThat(statusOr ->
+        statusOr.getStatus().getDescription().contains(EDS_RESOURCE)));
     ResourceWatcher<EdsUpdate> watcher = mock(ResourceWatcher.class);
     xdsClient.watchXdsResource(XdsEndpointResource.getInstance(), EDS_RESOURCE, watcher);
-    verify(watcher).onResourceDoesNotExist(EDS_RESOURCE);
+    verify(watcher).onResourceChanged(argThat(statusOr ->
+        statusOr.getStatus().getDescription().contains(EDS_RESOURCE)));
     call.verifyNoMoreRequest();
     verifyResourceMetadataDoesNotExist(EDS, EDS_RESOURCE);
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 1);
@@ -3154,7 +3331,7 @@ public void flowControlAbsent() throws Exception {
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
     assertThat(fakeWatchClock.getPendingTasks().size()).isEqualTo(2);
     CyclicBarrier barrier = new CyclicBarrier(2);
-    doAnswer(blockUpdate(barrier)).when(cdsResourceWatcher).onChanged(any(CdsUpdate.class));
+    doAnswer(blockUpdate(barrier)).when(cdsResourceWatcher).onResourceChanged(any());
 
     CountDownLatch latch = new CountDownLatch(1);
     new Thread(() -> {
@@ -3176,16 +3353,16 @@ public void flowControlAbsent() throws Exception {
     verifyResourceMetadataAcked(
         CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_1, TIME_INCREMENT);
     barrier.await();
-    verify(cdsResourceWatcher, atLeastOnce()).onChanged(any());
+    verify(cdsResourceWatcher, atLeastOnce()).onResourceChanged(any());
     String errorMsg = "CDS response Cluster 'cluster.googleapis.com2' validation error: "
         + "Cluster cluster.googleapis.com2: unspecified cluster discovery type";
     call.verifyRequestNack(CDS, Arrays.asList(CDS_RESOURCE, anotherCdsResource), VERSION_1, "0001",
         NODE, Arrays.asList(errorMsg));
     barrier.await();
     latch.await(10, TimeUnit.SECONDS);
-    verify(cdsResourceWatcher, times(2)).onChanged(any());
-    verify(anotherWatcher).onResourceDoesNotExist(eq(anotherCdsResource));
-    verify(anotherWatcher).onError(any());
+    verify(cdsResourceWatcher, times(2)).onResourceChanged(any());
+    verify(anotherWatcher, times(2)).onResourceChanged(
+        argThat(statusOr -> statusOr.getStatus().getDescription().contains(anotherCdsResource)));
   }
 
   @Test
@@ -3281,9 +3458,11 @@ public void resourceTimerIsTransientError_callsOnErrorUnavailable() {
     call.verifyRequest(CDS, ImmutableList.of(timeoutResource), "", "", NODE);
     fakeClock.forwardTime(XdsClientImpl.EXTENDED_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
     fakeClock.runDueTasks();
-    ArgumentCaptor<Status> errorCaptor = ArgumentCaptor.forClass(Status.class);
-    verify(timeoutWatcher).onError(errorCaptor.capture());
-    Status error = errorCaptor.getValue();
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<CdsUpdate>> statusOrCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(timeoutWatcher).onResourceChanged(statusOrCaptor.capture());
+    StatusOr<CdsUpdate> statusOr = statusOrCaptor.getValue();
+    Status error = statusOr.getStatus();
     assertThat(error.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
     assertThat(error.getDescription()).isEqualTo(
         "Timed out waiting for resource " + timeoutResource + " from xDS server");
@@ -3326,7 +3505,7 @@ public void simpleFlowControl() throws Exception {
     assertThat(call.isReady()).isFalse();
 
     CyclicBarrier barrier = new CyclicBarrier(2);
-    doAnswer(blockUpdate(barrier)).when(edsResourceWatcher).onChanged(any(EdsUpdate.class));
+    doAnswer(blockUpdate(barrier)).when(edsResourceWatcher).onResourceChanged(any());
 
     CountDownLatch latch = new CountDownLatch(1);
     new Thread(() -> {
@@ -3341,12 +3520,14 @@ public void simpleFlowControl() throws Exception {
     verifyResourceMetadataAcked(EDS, EDS_RESOURCE, testClusterLoadAssignment, VERSION_1,
         TIME_INCREMENT);
     barrier.await();
-    verify(edsResourceWatcher, atLeastOnce()).onChanged(edsUpdateCaptor.capture());
-    EdsUpdate edsUpdate = edsUpdateCaptor.getAllValues().get(0);
+    verify(edsResourceWatcher, atLeastOnce()).onResourceChanged(edsUpdateCaptor.capture());
+    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    EdsUpdate edsUpdate = statusOrUpdate.getValue();
     validateGoldenClusterLoadAssignment(edsUpdate);
     barrier.await();
     latch.await(10, TimeUnit.SECONDS);
-    verify(edsResourceWatcher, times(2)).onChanged(any());
+    verify(edsResourceWatcher, times(2)).onResourceChanged(any());
     verifyResourceMetadataAcked(EDS, EDS_RESOURCE, updatedClusterLoadAssignment, VERSION_2,
         TIME_INCREMENT * 2);
   }
@@ -3358,7 +3539,7 @@ public void flowControlUnknownType() {
     call.sendResponse(CDS, testClusterRoundRobin, VERSION_1, "0000");
     call.sendResponse(EDS, testClusterLoadAssignment, VERSION_1, "0000");
     call.verifyRequest(EDS, EDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(edsResourceWatcher).onChanged(any());
+    verify(edsResourceWatcher).onResourceChanged(any());
   }
 
   @Test
@@ -3370,8 +3551,10 @@ public void edsResourceUpdated() {
     // Initial EDS response.
     call.sendResponse(EDS, testClusterLoadAssignment, VERSION_1, "0000");
     call.verifyRequest(EDS, EDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(edsResourceWatcher).onChanged(edsUpdateCaptor.capture());
-    EdsUpdate edsUpdate = edsUpdateCaptor.getValue();
+    verify(edsResourceWatcher).onResourceChanged(edsUpdateCaptor.capture());
+    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    EdsUpdate edsUpdate = statusOrUpdate.getValue();
     validateGoldenClusterLoadAssignment(edsUpdate);
     verifyResourceMetadataAcked(EDS, EDS_RESOURCE, testClusterLoadAssignment, VERSION_1,
         TIME_INCREMENT);
@@ -3383,8 +3566,10 @@ public void edsResourceUpdated() {
         ImmutableList.<Message>of()));
     call.sendResponse(EDS, updatedClusterLoadAssignment, VERSION_2, "0001");
 
-    verify(edsResourceWatcher, times(2)).onChanged(edsUpdateCaptor.capture());
-    edsUpdate = edsUpdateCaptor.getValue();
+    verify(edsResourceWatcher, times(2)).onResourceChanged(edsUpdateCaptor.capture());
+    statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    edsUpdate = statusOrUpdate.getValue();
     assertThat(edsUpdate.clusterName).isEqualTo(EDS_RESOURCE);
     assertThat(edsUpdate.dropPolicies).isEmpty();
     assertThat(edsUpdate.localityLbEndpointsMap)
@@ -3422,8 +3607,12 @@ public void edsDuplicateLocalityInTheSamePriority() {
         + "locality:Locality{region=region2, zone=zone2, subZone=subzone2} for priority:1";
     call.verifyRequestNack(EDS, EDS_RESOURCE, "", "0001", NODE, ImmutableList.of(
         errorMsg));
-    verify(edsResourceWatcher).onError(errorCaptor.capture());
-    assertThat(errorCaptor.getValue().getDescription()).contains(errorMsg);
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<EdsUpdate>> captor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(edsResourceWatcher).onResourceChanged(captor.capture());
+    StatusOr<EdsUpdate> statusOrUpdate = captor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isFalse();
+    assertThat(statusOrUpdate.getStatus().getDescription()).contains(errorMsg);
   }
 
   @Test
@@ -3450,12 +3639,13 @@ public void edsResourceDeletedByCds() {
         Any.pack(mf.buildEdsCluster(CDS_RESOURCE, EDS_RESOURCE, "round_robin", null, null, false,
             null, "envoy.transport_sockets.tls", null, null)));
     call.sendResponse(CDS, clusters, VERSION_1, "0000");
-    verify(cdsWatcher).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    ArgumentCaptor<StatusOr<CdsUpdate>> cdsUpdateCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(cdsWatcher, times(1)).onResourceChanged(cdsUpdateCaptor.capture());
+    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue().getValue();
     assertThat(cdsUpdate.edsServiceName()).isEqualTo(null);
     assertThat(cdsUpdate.lrsServerInfo()).isEqualTo(xdsServerInfo);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher, times(1)).onResourceChanged(cdsUpdateCaptor.capture());
+    cdsUpdate = cdsUpdateCaptor.getValue().getValue();
     assertThat(cdsUpdate.edsServiceName()).isEqualTo(EDS_RESOURCE);
     assertThat(cdsUpdate.lrsServerInfo()).isNull();
     verifyResourceMetadataAcked(CDS, resource, clusters.get(0), VERSION_1, TIME_INCREMENT);
@@ -3479,10 +3669,11 @@ public void edsResourceDeletedByCds() {
                                 "endpoint-host-name"), 1, 0)),
                     ImmutableList.of(mf.buildDropOverload("lb", 100)))));
     call.sendResponse(EDS, clusterLoadAssignments, VERSION_1, "0000");
-    verify(edsWatcher).onChanged(edsUpdateCaptor.capture());
-    assertThat(edsUpdateCaptor.getValue().clusterName).isEqualTo(resource);
-    verify(edsResourceWatcher).onChanged(edsUpdateCaptor.capture());
-    assertThat(edsUpdateCaptor.getValue().clusterName).isEqualTo(EDS_RESOURCE);
+    ArgumentCaptor<StatusOr<EdsUpdate>> edsUpdateCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    verify(edsWatcher, times(1)).onResourceChanged(edsUpdateCaptor.capture());
+    assertThat(edsUpdateCaptor.getValue().getValue().clusterName).isEqualTo(resource);
+    verify(edsResourceWatcher, times(1)).onResourceChanged(edsUpdateCaptor.capture());
+    assertThat(edsUpdateCaptor.getValue().getValue().clusterName).isEqualTo(EDS_RESOURCE);
 
     verifyResourceMetadataAcked(
         EDS, EDS_RESOURCE, clusterLoadAssignments.get(0), VERSION_1, TIME_INCREMENT * 2);
@@ -3500,12 +3691,8 @@ public void edsResourceDeletedByCds() {
             "envoy.transport_sockets.tls", null, null
         )));
     call.sendResponse(CDS, clusters, VERSION_2, "0001");
-    verify(cdsResourceWatcher, times(2)).onChanged(cdsUpdateCaptor.capture());
-    assertThat(cdsUpdateCaptor.getValue().edsServiceName()).isNull();
-    // Note that the endpoint must be deleted even if the ignore_resource_deletion feature.
-    // This happens because the cluster CDS_RESOURCE is getting replaced, and not deleted.
-    verify(edsResourceWatcher, never()).onResourceDoesNotExist(EDS_RESOURCE);
-    verify(edsResourceWatcher, never()).onResourceDoesNotExist(resource);
+    verify(cdsResourceWatcher, times(2)).onResourceChanged(cdsUpdateCaptor.capture());
+    assertThat(cdsUpdateCaptor.getValue().getValue().edsServiceName()).isNull();
     verifyNoMoreInteractions(cdsWatcher, edsWatcher);
     verifyResourceMetadataAcked(
         EDS, EDS_RESOURCE, clusterLoadAssignments.get(0), VERSION_1, TIME_INCREMENT * 2);
@@ -3531,16 +3718,24 @@ public void multipleEdsWatchers() {
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 2);
 
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(edsResourceWatcher).onResourceDoesNotExist(EDS_RESOURCE);
-    verify(watcher1).onResourceDoesNotExist(edsResourceTwo);
-    verify(watcher2).onResourceDoesNotExist(edsResourceTwo);
+    verify(edsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getDescription().contains(EDS_RESOURCE)));
+    verify(watcher1).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getDescription().contains(edsResourceTwo)));
+    verify(watcher2).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getDescription().contains(edsResourceTwo)));
     verifyResourceMetadataDoesNotExist(EDS, EDS_RESOURCE);
     verifyResourceMetadataDoesNotExist(EDS, edsResourceTwo);
     verifySubscribedResourcesMetadataSizes(0, 0, 0, 2);
 
     call.sendResponse(EDS, testClusterLoadAssignment, VERSION_1, "0000");
-    verify(edsResourceWatcher).onChanged(edsUpdateCaptor.capture());
-    EdsUpdate edsUpdate = edsUpdateCaptor.getValue();
+    verify(edsResourceWatcher, times(2)).onResourceChanged(edsUpdateCaptor.capture());
+    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    EdsUpdate edsUpdate = statusOrUpdate.getValue();
     validateGoldenClusterLoadAssignment(edsUpdate);
     verifyNoMoreInteractions(watcher1, watcher2);
     verifyResourceMetadataAcked(
@@ -3557,8 +3752,10 @@ public void multipleEdsWatchers() {
             ImmutableList.<Message>of()));
     call.sendResponse(EDS, clusterLoadAssignmentTwo, VERSION_2, "0001");
 
-    verify(watcher1).onChanged(edsUpdateCaptor.capture());
-    edsUpdate = edsUpdateCaptor.getValue();
+    verify(watcher1, times(2)).onResourceChanged(edsUpdateCaptor.capture());
+    statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    edsUpdate = statusOrUpdate.getValue();
     assertThat(edsUpdate.clusterName).isEqualTo(edsResourceTwo);
     assertThat(edsUpdate.dropPolicies).isEmpty();
     assertThat(edsUpdate.localityLbEndpointsMap)
@@ -3569,8 +3766,10 @@ public void multipleEdsWatchers() {
                     LbEndpoint.create("172.44.2.2", 8000, 3,
                         true, "endpoint-host-name", ImmutableMap.of())),
                 2, 0, ImmutableMap.of()));
-    verify(watcher2).onChanged(edsUpdateCaptor.capture());
-    edsUpdate = edsUpdateCaptor.getValue();
+    verify(watcher2, times(2)).onResourceChanged(edsUpdateCaptor.capture());
+    statusOrUpdate = edsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    edsUpdate = statusOrUpdate.getValue();
     assertThat(edsUpdate.clusterName).isEqualTo(edsResourceTwo);
     assertThat(edsUpdate.dropPolicies).isEmpty();
     assertThat(edsUpdate.localityLbEndpointsMap)
@@ -3601,10 +3800,13 @@ public void useIndependentRpcContext() {
       // The inbound RPC finishes and closes its context. The outbound RPC's control plane RPC
       // should not be impacted.
       cancellableContext.close();
-      verify(ldsResourceWatcher, never()).onError(any(Status.class));
+      verify(ldsResourceWatcher, never()).onAmbientError(any(Status.class));
+      verify(ldsResourceWatcher, never()).onResourceChanged(argThat(
+          statusOr -> !statusOr.hasValue()
+      ));
 
       call.sendResponse(LDS, testListenerRds, VERSION_1, "0000");
-      verify(ldsResourceWatcher).onChanged(any(LdsUpdate.class));
+      verify(ldsResourceWatcher).onResourceChanged(any());
     } finally {
       cancellableContext.detach(prevContext);
     }
@@ -3624,12 +3826,15 @@ public void streamClosedWithNoResponse() {
     // Check metric data.
     callback_ReportServerConnection();
     verifyServerConnection(1, false, xdsServerInfo.target());
-    verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
-        .onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
+    verify(ldsResourceWatcher, Mockito.timeout(1000)).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> ldsStatusOr = ldsUpdateCaptor.getValue();
+    assertThat(ldsStatusOr.hasValue()).isFalse();
+    verifyStatusWithNodeId(ldsStatusOr.getStatus(), Code.UNAVAILABLE,
         "ADS stream closed with OK before receiving a response");
-    verify(rdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
+    verify(rdsResourceWatcher, Mockito.timeout(1000)).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> rdsStatusOr = rdsUpdateCaptor.getValue();
+    assertThat(rdsStatusOr.hasValue()).isFalse();
+    verifyStatusWithNodeId(rdsStatusOr.getStatus(), Code.UNAVAILABLE,
         "ADS stream closed with OK before receiving a response");
   }
 
@@ -3658,17 +3863,21 @@ public void streamClosedAfterSendingResponses() {
     // Check metric data.
     callback_ReportServerConnection();
     verifyServerConnection(3, true, xdsServerInfo.target());
-    verify(ldsResourceWatcher, never()).onError(errorCaptor.capture());
-    verify(rdsResourceWatcher, never()).onError(errorCaptor.capture());
+    verify(ldsResourceWatcher, never()).onAmbientError(any(Status.class));
+    verify(rdsResourceWatcher, never()).onAmbientError(any(Status.class));
+    verify(ldsResourceWatcher, times(1)).onResourceChanged(any());
+    verify(rdsResourceWatcher, times(1)).onResourceChanged(any());
   }
 
   @Test
   public void streamClosedAndRetryWithBackoff() {
-    InOrder inOrder = Mockito.inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
+    InOrder inOrder = inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
+    InOrder ldsWatcherInOrder = inOrder(ldsResourceWatcher);
+    InOrder rdsWatcherInOrder = inOrder(rdsResourceWatcher);
+    InOrder cdsWatcherInOrder = inOrder(cdsResourceWatcher);
+    InOrder edsWatcherInOrder = inOrder(edsResourceWatcher);
+    when(backoffPolicyProvider.get()).thenReturn(backoffPolicy1, backoffPolicy2, backoffPolicy2);
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
-    // Check metric data.
-    callback_ReportServerConnection();
-    verifyServerConnection(1, true, xdsServerInfo.target());
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
         rdsResourceWatcher);
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CDS_RESOURCE, cdsResourceWatcher);
@@ -3679,25 +3888,25 @@ public void streamClosedAndRetryWithBackoff() {
     call.verifyRequest(CDS, CDS_RESOURCE, "", "", NODE);
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
 
-    // Management server closes the RPC stream with an error.
+    // Management server closes the RPC stream with an error. No response received yet.
     fakeClock.forwardNanos(1000L); // Make sure retry isn't based on stopwatch 0
     call.sendError(Status.UNKNOWN.asException());
-    verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
-        .onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNKNOWN, "");
-    verify(rdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNKNOWN, "");
-    verify(cdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNKNOWN, "");
-    verify(edsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNKNOWN, "");
+    ldsWatcherInOrder.verify(ldsResourceWatcher, timeout(1000)).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNKNOWN));
+    rdsWatcherInOrder.verify(rdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNKNOWN));
+    cdsWatcherInOrder.verify(cdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNKNOWN));
+    edsWatcherInOrder.verify(edsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNKNOWN));
 
-    // Check metric data.
-    callback_ReportServerConnection();
-    verifyServerConnection(1, false, xdsServerInfo.target());
+    verifyServerFailureCount(1, 1, xdsServerInfo.target());
 
     // Retry after backoff.
-    inOrder.verify(backoffPolicyProvider).get();
     inOrder.verify(backoffPolicy1).nextBackoffNanos();
     ScheduledTask retryTask =
         Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
@@ -3709,25 +3918,23 @@ public void streamClosedAndRetryWithBackoff() {
     call.verifyRequest(CDS, CDS_RESOURCE, "", "", NODE);
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
 
-    // Check metric data.
-    callback_ReportServerConnection();
-    verifyServerConnection(2, false, xdsServerInfo.target());
-
-    // Management server becomes unreachable.
+    // Management server becomes unreachable. No response received on this stream either.
     String errorMsg = "my fault";
     call.sendError(Status.UNAVAILABLE.withDescription(errorMsg).asException());
-    verify(ldsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
-    verify(rdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
-    verify(cdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
-    verify(edsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    ldsWatcherInOrder.verify(ldsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    rdsWatcherInOrder.verify(rdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    cdsWatcherInOrder.verify(cdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    edsWatcherInOrder.verify(edsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
 
-    // Check metric data.
-    callback_ReportServerConnection();
-    verifyServerConnection(3, false, xdsServerInfo.target());
+    verifyServerFailureCount(2, 1, xdsServerInfo.target());
 
     // Retry after backoff.
     inOrder.verify(backoffPolicy1).nextBackoffNanos();
@@ -3746,36 +3953,25 @@ public void streamClosedAndRetryWithBackoff() {
             mf.buildRouteConfiguration("do not care", mf.buildOpaqueVirtualHosts(2)))));
     call.sendResponse(LDS, listeners, "63", "3242");
     call.verifyRequest(LDS, LDS_RESOURCE, "63", "3242", NODE);
-    // Check metric data.
-    callback_ReportServerConnection();
-    verifyServerConnection(2, true, xdsServerInfo.target());
+    ldsWatcherInOrder.verify(ldsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue()));
 
     List<Any> routeConfigs = ImmutableList.of(
         Any.pack(mf.buildRouteConfiguration(RDS_RESOURCE, mf.buildOpaqueVirtualHosts(2))));
     call.sendResponse(RDS, routeConfigs, "5", "6764");
     call.verifyRequest(RDS, RDS_RESOURCE, "5", "6764", NODE);
+    rdsWatcherInOrder.verify(rdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue()));
 
-    call.sendError(Status.DEADLINE_EXCEEDED.asException());
-    fakeClock.forwardNanos(100L);
-    call = resourceDiscoveryCalls.poll();
+    // Stream fails AFTER a response. Error is suppressed and no watcher notification occurs.
     call.sendError(Status.DEADLINE_EXCEEDED.asException());
 
-    // Already received LDS and RDS, so they only error twice.
-    verify(ldsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verify(rdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verify(cdsResourceWatcher, times(3)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.DEADLINE_EXCEEDED, "");
-    verify(edsResourceWatcher, times(3)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.DEADLINE_EXCEEDED, "");
-
-    // Check metric data.
-    callback_ReportServerConnection();
-    verifyServerConnection(2, true, xdsServerInfo.target());
-    verifyServerConnection(4, false, xdsServerInfo.target());
+    // Failure count does NOT increase.
+    verifyServerFailureCount(2, 1, xdsServerInfo.target());
 
     // Reset backoff sequence and retry after backoff.
     inOrder.verify(backoffPolicyProvider).get();
-    inOrder.verify(backoffPolicy2, times(2)).nextBackoffNanos();
+    inOrder.verify(backoffPolicy2).nextBackoffNanos();
     retryTask =
         Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
     fakeClock.forwardNanos(retryTask.getDelay(TimeUnit.NANOSECONDS));
@@ -3785,23 +3981,21 @@ public void streamClosedAndRetryWithBackoff() {
     call.verifyRequest(CDS, CDS_RESOURCE, "", "", NODE);
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
 
-    // Check metric data, should be in error since haven't gotten a response.
-    callback_ReportServerConnection();
-    verifyServerConnection(2, true, xdsServerInfo.target());
-    verifyServerConnection(5, false, xdsServerInfo.target());
-
-    // Management server becomes unreachable again.
+    // Management server becomes unreachable again. This is on a new stream, so error propagates.
     call.sendError(Status.UNAVAILABLE.asException());
-    verify(ldsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verify(rdsResourceWatcher, times(2)).onError(errorCaptor.capture());
-    verify(cdsResourceWatcher, times(4)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
-    verify(edsResourceWatcher, times(4)).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
-
-    // Check metric data.
-    callback_ReportServerConnection();
-    verifyServerConnection(6, false, xdsServerInfo.target());
+    ldsWatcherInOrder.verify(ldsResourceWatcher).onAmbientError(
+        argThat(status -> status.getCode() == Code.UNAVAILABLE));
+    rdsWatcherInOrder.verify(rdsResourceWatcher).onAmbientError(
+        argThat(status -> status.getCode() == Code.UNAVAILABLE));
+    cdsWatcherInOrder.verify(cdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    edsWatcherInOrder.verify(edsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+
+    // Failure count is now 3.
+    verifyServerFailureCount(3, 1, xdsServerInfo.target());
 
     // Retry after backoff.
     inOrder.verify(backoffPolicy2).nextBackoffNanos();
@@ -3815,16 +4009,41 @@ public void streamClosedAndRetryWithBackoff() {
     call.verifyRequest(CDS, CDS_RESOURCE, "", "", NODE);
     call.verifyRequest(EDS, EDS_RESOURCE, "", "", NODE);
 
-    // Check metric data.
-    callback_ReportServerConnection();
-    verifyServerConnection(7, false, xdsServerInfo.target());
-
-    // Send a response so CPC is considered working
+    // Send a response so CPC is considered working and close gracefully.
     call.sendResponse(LDS, listeners, "63", "3242");
-    callback_ReportServerConnection();
-    verifyServerConnection(3, true, xdsServerInfo.target());
+    call.sendCompleted();
+
+    // Final failure count is still 3.
+    verifyServerFailureCount(3, 1, xdsServerInfo.target());
+  }
+
+  @Test
+  public void newWatcher_receivesCachedDataAndAmbientError() throws Exception {
+    InOrder inOrder = inOrder(ldsResourceWatcher);
+    DiscoveryRpcCall call1 = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
+        ldsResourceWatcher);
+    call1.sendResponse(LDS, testListenerRds, VERSION_1, "0000");
+    inOrder.verify(ldsResourceWatcher, timeout(5000))
+        .onResourceChanged(argThat(statusOr -> statusOr.hasValue()));
+
+    call1.sendError(Status.DEADLINE_EXCEEDED.asException());
+    ScheduledTask retryTask =
+        Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
+    fakeClock.forwardNanos(retryTask.getDelay(TimeUnit.NANOSECONDS));
+    DiscoveryRpcCall call2 = resourceDiscoveryCalls.poll();
+    Status propagatedError = Status.UNAVAILABLE.withDescription("real failure");
+    call2.sendError(propagatedError.asException());
+    inOrder.verify(ldsResourceWatcher, timeout(5000)).onAmbientError(
+        argThat(status -> status.getCode() == Code.UNAVAILABLE));
+    @SuppressWarnings("unchecked")
+    ResourceWatcher<LdsUpdate> ldsResourceWatcher2 = mock(ResourceWatcher.class);
+    xdsClient.watchXdsResource(
+        XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher2);
 
-    inOrder.verifyNoMoreInteractions();
+    verify(ldsResourceWatcher2, timeout(5000)).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue()));
+    verify(ldsResourceWatcher2, timeout(5000)).onAmbientError(
+        argThat(status -> status.getCode() == Code.UNAVAILABLE));
   }
 
   @Test
@@ -3839,10 +4058,10 @@ public void streamClosedAndRetryRaceWithAddRemoveWatchers() {
     verifyServerConnection(1, true, xdsServerInfo.target());
     call.sendError(Status.UNAVAILABLE.asException());
     verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
-        .onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
-    verify(rdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
+        .onResourceChanged(ldsUpdateCaptor.capture());
+    verifyStatusWithNodeId(ldsUpdateCaptor.getValue().getStatus(), Code.UNAVAILABLE, "");
+    verify(rdsResourceWatcher).onResourceChanged(rdsUpdateCaptor.capture());
+    verifyStatusWithNodeId(rdsUpdateCaptor.getValue().getStatus(), Code.UNAVAILABLE, "");
     ScheduledTask retryTask =
         Iterables.getOnlyElement(fakeClock.getPendingTasks(RPC_RETRY_TASK_FILTER));
     assertThat(retryTask.getDelay(TimeUnit.NANOSECONDS)).isEqualTo(10L);
@@ -3915,22 +4134,29 @@ public void streamClosedAndRetryRestartsResourceInitialFetchTimerForUnresolvedRe
     call.sendError(Status.UNAVAILABLE.asException());
     assertThat(cdsResourceTimeout.isCancelled()).isTrue();
     assertThat(edsResourceTimeout.isCancelled()).isTrue();
-    verify(ldsResourceWatcher, never()).onError(errorCaptor.capture());
-    verify(rdsResourceWatcher, never()).onError(errorCaptor.capture());
-    verify(cdsResourceWatcher, never()).onError(errorCaptor.capture());
-    verify(edsResourceWatcher, never()).onError(errorCaptor.capture());
-    // Check metric data.
+
+    // With the reverted logic, the first error is suppressed because a response was received.
+    // We verify that no error callbacks are invoked at this point.
+    verify(ldsResourceWatcher, never()).onAmbientError(any(Status.class));
+    verify(rdsResourceWatcher, never()).onAmbientError(any(Status.class));
+
+    // The metric report for a failed server connection is also suppressed.
     callback_ReportServerConnection();
     verifyServerConnection(4, true, xdsServerInfo.target());
-    verify(cdsResourceWatcher, never()).onError(errorCaptor.capture()); // We had a response
 
     fakeClock.forwardTime(5, TimeUnit.SECONDS);
     DiscoveryRpcCall call2 = resourceDiscoveryCalls.poll();
     call2.sendError(Status.UNAVAILABLE.asException());
-    verify(cdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
-    verify(edsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, "");
+
+    // Now, verify the watchers are notified as expected.
+    verify(ldsResourceWatcher).onAmbientError(any(Status.class));
+    verify(rdsResourceWatcher).onAmbientError(any(Status.class));
+    verify(cdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    verify(edsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
 
     fakeClock.forwardTime(5, TimeUnit.SECONDS);
     DiscoveryRpcCall call3 = resourceDiscoveryCalls.poll();
@@ -3988,8 +4214,10 @@ public void serverSideListenerFound() {
     call.sendResponse(LDS, listeners, "0", "0000");
     // Client sends an ACK LDS request.
     call.verifyRequest(LDS, Collections.singletonList(LISTENER_RESOURCE), "0", "0000", NODE);
-    verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-    EnvoyServerProtoData.Listener parsedListener = ldsUpdateCaptor.getValue().listener();
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    EnvoyServerProtoData.Listener parsedListener = statusOrUpdate.getValue().listener();
     assertThat(parsedListener.name()).isEqualTo(LISTENER_RESOURCE);
     assertThat(parsedListener.address()).isEqualTo("0.0.0.0:7000");
     assertThat(parsedListener.defaultFilterChain()).isNull();
@@ -4026,7 +4254,8 @@ public void serverSideListenerNotFound() {
 
     verifyNoInteractions(ldsResourceWatcher);
     fakeClock.forwardTime(XdsClientImpl.INITIAL_RESOURCE_FETCH_TIMEOUT_SEC, TimeUnit.SECONDS);
-    verify(ldsResourceWatcher).onResourceDoesNotExist(LISTENER_RESOURCE);
+    verify(ldsResourceWatcher).onResourceChanged(argThat(
+        statusOr -> statusOr.getStatus().getDescription().contains(LISTENER_RESOURCE)));
     assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
   }
 
@@ -4052,8 +4281,10 @@ public void serverSideListenerResponseErrorHandling_badDownstreamTlsContext() {
         + "0.0.0.0:7000\' validation error: "
         + "common-tls-context is required in downstream-tls-context";
     call.verifyRequestNack(LDS, LISTENER_RESOURCE, "", "0000", NODE, ImmutableList.of(errorMsg));
-    verify(ldsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isFalse();
+    verifyStatusWithNodeId(statusOrUpdate.getStatus(), Code.UNAVAILABLE, errorMsg);
   }
 
   @Test
@@ -4079,8 +4310,8 @@ public void serverSideListenerResponseErrorHandling_badTransportSocketName() {
         + "transport-socket with name envoy.transport_sockets.bad1 not supported.";
     call.verifyRequestNack(LDS, LISTENER_RESOURCE, "", "0000", NODE, ImmutableList.of(
         errorMsg));
-    verify(ldsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE, errorMsg);
+    verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    verifyStatusWithNodeId(ldsUpdateCaptor.getValue().getStatus(), Code.UNAVAILABLE, errorMsg);
   }
 
   @Test
@@ -4110,16 +4341,17 @@ public void sendingToStoppedServer() throws Exception {
               .build()
               .start());
       fakeClock.forwardTime(5, TimeUnit.SECONDS);
-      verify(ldsResourceWatcher, never()).onResourceDoesNotExist(LDS_RESOURCE);
+      verify(ldsResourceWatcher, never()).onResourceChanged(argThat(
+          statusOr -> statusOr.getStatus().getDescription().contains(LDS_RESOURCE)));
       fakeClock.forwardTime(20, TimeUnit.SECONDS); // Trigger rpcRetryTimer
       DiscoveryRpcCall call = resourceDiscoveryCalls.poll(3, TimeUnit.SECONDS);
       // Check metric data.
       callback_ReportServerConnection();
-      verifyServerConnection(2, false, xdsServerInfo.target());
       if (call == null) { // The first rpcRetry may have happened before the channel was ready
         fakeClock.forwardTime(50, TimeUnit.SECONDS);
         call = resourceDiscoveryCalls.poll(3, TimeUnit.SECONDS);
       }
+      verifyServerConnection(2, false, xdsServerInfo.target());
 
       // Check metric data.
       callback_ReportServerConnection();
@@ -4131,8 +4363,12 @@ public void sendingToStoppedServer() throws Exception {
       // Send a response and do verifications
       call.sendResponse(LDS, mf.buildWrappedResource(testListenerVhosts), VERSION_1, "0001");
       call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0001", NODE);
-      verify(ldsResourceWatcher).onChanged(ldsUpdateCaptor.capture());
-      verifyGoldenListenerVhosts(ldsUpdateCaptor.getValue());
+      @SuppressWarnings("unchecked")
+      ArgumentCaptor<StatusOr<LdsUpdate>> captor = ArgumentCaptor.forClass(StatusOr.class);
+      verify(ldsResourceWatcher, timeout(1000).atLeast(2)).onResourceChanged(captor.capture());
+      StatusOr<LdsUpdate> lastValue = captor.getAllValues().get(captor.getAllValues().size() - 1);
+      assertThat(lastValue.hasValue()).isTrue();
+      verifyGoldenListenerVhosts(lastValue.getValue());
       assertThat(fakeClock.getPendingTasks(LDS_RESOURCE_FETCH_TIMEOUT_TASK_FILTER)).isEmpty();
       verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
       verifySubscribedResourcesMetadataSizes(1, 1, 0, 0);
@@ -4153,8 +4389,8 @@ public void sendToBadUrl() throws Exception {
     client.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
     fakeClock.forwardTime(20, TimeUnit.SECONDS);
     verify(ldsResourceWatcher, Mockito.timeout(5000).atLeastOnce())
-        .onError(errorCaptor.capture());
-    assertThat(errorCaptor.getValue().getDescription()).contains(garbageUri);
+        .onResourceChanged(ldsUpdateCaptor.capture());
+    assertThat(ldsUpdateCaptor.getValue().getStatus().getDescription()).contains(garbageUri);
     client.shutdown();
   }
 
@@ -4169,8 +4405,10 @@ public void circuitBreakingConversionOf32bitIntTo64bitLongForMaxRequestNegativeV
 
     // Client sent an ACK CDS request.
     call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
-    verify(cdsResourceWatcher).onChanged(cdsUpdateCaptor.capture());
-    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    CdsUpdate cdsUpdate = statusOrUpdate.getValue();
 
     assertThat(cdsUpdate.clusterName()).isEqualTo(CDS_RESOURCE);
     assertThat(cdsUpdate.clusterType()).isEqualTo(ClusterType.EDS);
@@ -4185,7 +4423,10 @@ public void sendToNonexistentServer() throws Exception {
     // file. Assume localhost doesn't speak HTTP/2 on the finger port
     XdsClientImpl client = createXdsClient("localhost:79");
     client.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
-    verify(ldsResourceWatcher, Mockito.timeout(5000).times(1)).onError(ArgumentMatchers.any());
+    verify(ldsResourceWatcher, Mockito.timeout(5000)).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isFalse();
+    assertThat(statusOrUpdate.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
     assertThat(fakeClock.numPendingTasks()).isEqualTo(1); //retry
     assertThat(fakeClock.getPendingTasks().iterator().next().toString().contains("RpcRetryTask"))
         .isTrue();
@@ -4251,19 +4492,27 @@ public void serverFailureMetricReport() {
     DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
     // Management server closes the RPC stream before sending any response.
     call.sendCompleted();
-    verify(ldsResourceWatcher, Mockito.timeout(1000).times(1))
-        .onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
+    verify(ldsResourceWatcher, Mockito.timeout(1000)).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> ldsStatusOr = ldsUpdateCaptor.getValue();
+    assertThat(ldsStatusOr.hasValue()).isFalse();
+    verifyStatusWithNodeId(ldsStatusOr.getStatus(), Code.UNAVAILABLE,
         "ADS stream closed with OK before receiving a response");
-    verify(rdsResourceWatcher).onError(errorCaptor.capture());
-    verifyStatusWithNodeId(errorCaptor.getValue(), Code.UNAVAILABLE,
+    verify(rdsResourceWatcher).onResourceChanged(rdsUpdateCaptor.capture());
+    StatusOr<RdsUpdate> rdsStatusOr = rdsUpdateCaptor.getValue();
+    assertThat(rdsStatusOr.hasValue()).isFalse();
+    verifyStatusWithNodeId(rdsStatusOr.getStatus(), Code.UNAVAILABLE,
         "ADS stream closed with OK before receiving a response");
     verifyServerFailureCount(1, 1, xdsServerInfo.target());
   }
 
   @Test
   public void serverFailureMetricReport_forRetryAndBackoff() {
-    InOrder inOrder = Mockito.inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
+    InOrder inOrder = inOrder(backoffPolicyProvider, backoffPolicy1, backoffPolicy2);
+    InOrder ldsWatcherInOrder = inOrder(ldsResourceWatcher);
+    InOrder rdsWatcherInOrder = inOrder(rdsResourceWatcher);
+    InOrder cdsWatcherInOrder = inOrder(cdsResourceWatcher);
+    InOrder edsWatcherInOrder = inOrder(edsResourceWatcher);
+    when(backoffPolicyProvider.get()).thenReturn(backoffPolicy1, backoffPolicy2, backoffPolicy2);
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), LDS_RESOURCE, ldsResourceWatcher);
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_RESOURCE,
         rdsResourceWatcher);
@@ -4273,6 +4522,18 @@ public void serverFailureMetricReport_forRetryAndBackoff() {
 
     // Management server closes the RPC stream with an error.
     call.sendError(Status.UNKNOWN.asException());
+    ldsWatcherInOrder.verify(ldsResourceWatcher, timeout(1000)).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNKNOWN));
+    rdsWatcherInOrder.verify(rdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNKNOWN));
+    cdsWatcherInOrder.verify(cdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNKNOWN));
+    edsWatcherInOrder.verify(edsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNKNOWN));
     verifyServerFailureCount(1, 1, xdsServerInfo.target());
 
     // Retry after backoff.
@@ -4287,6 +4548,18 @@ public void serverFailureMetricReport_forRetryAndBackoff() {
     // Management server becomes unreachable.
     String errorMsg = "my fault";
     call.sendError(Status.UNAVAILABLE.withDescription(errorMsg).asException());
+    ldsWatcherInOrder.verify(ldsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    rdsWatcherInOrder.verify(rdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    cdsWatcherInOrder.verify(cdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    edsWatcherInOrder.verify(edsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
     verifyServerFailureCount(2, 1, xdsServerInfo.target());
 
     // Retry after backoff.
@@ -4299,13 +4572,18 @@ public void serverFailureMetricReport_forRetryAndBackoff() {
 
     List<Any> resources = ImmutableList.of(FAILING_ANY, testListenerRds, FAILING_ANY);
     call.sendResponse(LDS, resources, "63", "3242");
+    ldsWatcherInOrder.verify(ldsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue()));
 
     List<Any> routeConfigs = ImmutableList.of(FAILING_ANY, testRouteConfig, FAILING_ANY);
     call.sendResponse(RDS, routeConfigs, "5", "6764");
+    rdsWatcherInOrder.verify(rdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue()));
 
+    // Stream fails AFTER a response. Error is suppressed and no watcher notification occurs.
     call.sendError(Status.DEADLINE_EXCEEDED.asException());
-    // Server Failure metric will not be reported, as stream is closed with an error after receiving
-    // a response
+
+    // Failure count does NOT increase because the error was suppressed. It is still 2.
     verifyServerFailureCount(2, 1, xdsServerInfo.target());
 
     // Reset backoff sequence and retry after backoff.
@@ -4317,8 +4595,20 @@ public void serverFailureMetricReport_forRetryAndBackoff() {
     fakeClock.forwardNanos(20L);
     call = resourceDiscoveryCalls.poll();
 
-    // Management server becomes unreachable again.
+    // Management server becomes unreachable again. This is on a new stream, so error propagates.
     call.sendError(Status.UNAVAILABLE.asException());
+    ldsWatcherInOrder.verify(ldsResourceWatcher).onAmbientError(
+        argThat(status -> status.getCode() == Code.UNAVAILABLE));
+    rdsWatcherInOrder.verify(rdsResourceWatcher).onAmbientError(
+        argThat(status -> status.getCode() == Code.UNAVAILABLE));
+    cdsWatcherInOrder.verify(cdsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+    edsWatcherInOrder.verify(edsResourceWatcher).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Code.UNAVAILABLE));
+
+    // Server failure count is now 3.
     verifyServerFailureCount(3, 1, xdsServerInfo.target());
 
     // Retry after backoff.
@@ -4332,12 +4622,11 @@ public void serverFailureMetricReport_forRetryAndBackoff() {
     List<Any> clusters = ImmutableList.of(FAILING_ANY, testClusterRoundRobin);
     call.sendResponse(CDS, clusters, VERSION_1, "0000");
     call.sendCompleted();
-    // Server Failure metric will not be reported once again, as stream is closed after receiving a
-    // response
+
+    // Final failure count is still 3 as the stream closed gracefully.
     verifyServerFailureCount(3, 1, xdsServerInfo.target());
   }
 
-
   private XdsClientImpl createXdsClient(String serverUri) {
     BootstrapInfo bootstrapInfo = buildBootStrap(serverUri);
     return new XdsClientImpl(
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
index b2b4e2c14cf..27ee8d22825 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFallbackTest.java
@@ -20,7 +20,7 @@
 import static com.google.common.truth.Truth.assertWithMessage;
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -34,9 +34,13 @@
 import io.grpc.Grpc;
 import io.grpc.MetricRecorder;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.internal.ExponentialBackoffPolicy;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.ObjectPool;
+import io.grpc.xds.XdsClusterResource.CdsUpdate;
+import io.grpc.xds.XdsListenerResource.LdsUpdate;
+import io.grpc.xds.XdsRouteConfigureResource.RdsUpdate;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
 import io.grpc.xds.client.LoadReportClient;
@@ -98,25 +102,25 @@ public class XdsClientFallbackTest {
   private XdsClientMetricReporter xdsClientMetricReporter;
 
   @Captor
-  private ArgumentCaptor<Status> errorCaptor;
-
+  private ArgumentCaptor<StatusOr<LdsUpdate>> ldsUpdateCaptor;
+  @Captor
+  private ArgumentCaptor<StatusOr<RdsUpdate>> rdsUpdateCaptor;
 
   private final XdsClient.ResourceWatcher<XdsListenerResource.LdsUpdate> raalLdsWatcher =
-      new XdsClient.ResourceWatcher<XdsListenerResource.LdsUpdate>() {
-
-        @Override
-        public void onChanged(XdsListenerResource.LdsUpdate update) {
-          log.log(Level.FINE, "LDS update: " + update);
-        }
+      new XdsClient.ResourceWatcher<LdsUpdate>() {
 
         @Override
-        public void onError(Status error) {
-          log.log(Level.FINE, "LDS update error: " + error.getDescription());
+        public void onResourceChanged(StatusOr<LdsUpdate> update) {
+          if (update.hasValue()) {
+            log.log(Level.FINE, "LDS update: " + update.getValue());
+          } else {
+            log.log(Level.FINE, "LDS resource error: " + update.getStatus().getDescription());
+          }
         }
 
         @Override
-        public void onResourceDoesNotExist(String resourceName) {
-          log.log(Level.FINE, "LDS resource does not exist: " + resourceName);
+        public void onAmbientError(Status error) {
+          log.log(Level.FINE, "LDS ambient error: " + error.getDescription());
         }
       };
 
@@ -133,30 +137,30 @@ public void onResourceDoesNotExist(String resourceName) {
   @Mock
   private XdsClient.ResourceWatcher<XdsRouteConfigureResource.RdsUpdate> rdsWatcher3;
 
-  private final XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> raalCdsWatcher =
-      new XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate>() {
+  private final XdsClient.ResourceWatcher<CdsUpdate> raalCdsWatcher =
+      new XdsClient.ResourceWatcher<CdsUpdate>() {
 
         @Override
-        public void onChanged(XdsClusterResource.CdsUpdate update) {
-          log.log(Level.FINE, "CDS update: " + update);
+        public void onResourceChanged(StatusOr<CdsUpdate> update) {
+          if (update.hasValue()) {
+            log.log(Level.FINE, "CDS update: " + update.getValue());
+          } else {
+            log.log(Level.FINE, "CDS resource error: " + update.getStatus().getDescription());
+          }
         }
 
         @Override
-        public void onError(Status error) {
-          log.log(Level.FINE, "CDS update error: " + error.getDescription());
-        }
-
-        @Override
-        public void onResourceDoesNotExist(String resourceName) {
-          log.log(Level.FINE, "CDS resource does not exist: " + resourceName);
+        public void onAmbientError(Status error) {
+          // Logic from the old onError method for transient errors.
+          log.log(Level.FINE, "CDS ambient error: " + error.getDescription());
         }
       };
 
   @SuppressWarnings("unchecked")
-  private final XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> cdsWatcher =
+  private final XdsClient.ResourceWatcher<CdsUpdate> cdsWatcher =
       mock(XdsClient.ResourceWatcher.class, delegatesTo(raalCdsWatcher));
   @Mock
-  private XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> cdsWatcher2;
+  private XdsClient.ResourceWatcher<CdsUpdate> cdsWatcher2;
 
   @Rule(order = 0)
   public ControlPlaneRule mainXdsServer =
@@ -223,12 +227,14 @@ public void everything_okay() {
     fallbackServer.restartXdsServer();
     xdsClient = xdsClientPool.getObject();
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(
-            MAIN_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(ldsUpdateCaptor.capture());
+    assertThat(ldsUpdateCaptor.getValue().hasValue()).isTrue();
+    assertThat(ldsUpdateCaptor.getValue().getValue()).isEqualTo(
+        LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
 
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher);
-    verify(rdsWatcher, timeout(5000)).onChanged(any());
+    verify(rdsWatcher, timeout(5000)).onResourceChanged(rdsUpdateCaptor.capture());
+    assertThat(rdsUpdateCaptor.getValue().hasValue()).isTrue();
   }
 
   @Test
@@ -240,9 +246,9 @@ public void mainServerDown_fallbackServerUp() {
 
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
 
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(
-            FALLBACK_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(
+        StatusOr.fromValue(XdsListenerResource.LdsUpdate.forApiListener(
+            FALLBACK_HTTP_CONNECTION_MANAGER)));
   }
 
   @Test
@@ -253,7 +259,8 @@ public void useBadAuthority() {
     String badPrefix = "xdstp://authority.xds.bad/envoy.config.listener.v3.Listener/";
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(),
         badPrefix + "listener.googleapis.com", ldsWatcher);
-    inOrder.verify(ldsWatcher, timeout(5000)).onError(any());
+    inOrder.verify(ldsWatcher, timeout(5000)).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()));
 
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
         badPrefix + "route-config.googleapis.bad", rdsWatcher);
@@ -261,14 +268,20 @@ public void useBadAuthority() {
         badPrefix + "route-config2.googleapis.bad", rdsWatcher2);
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(),
         badPrefix + "route-config3.googleapis.bad", rdsWatcher3);
-    inOrder.verify(rdsWatcher, timeout(5000).times(1)).onError(any());
-    inOrder.verify(rdsWatcher2, timeout(5000).times(1)).onError(any());
-    inOrder.verify(rdsWatcher3, timeout(5000).times(1)).onError(any());
-    verify(rdsWatcher, never()).onChanged(any());
+    inOrder.verify(rdsWatcher, timeout(5000)).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()));
+    inOrder.verify(rdsWatcher2, timeout(5000)).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()));
+    inOrder.verify(rdsWatcher3, timeout(5000)).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()));
+    verify(rdsWatcher, never()).onResourceChanged(argThat(StatusOr::hasValue));
 
     // even after an error, a valid one will still work
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher2);
-    verify(ldsWatcher2, timeout(5000)).onChanged(
+    verify(ldsWatcher2, timeout(5000)).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOr = ldsUpdateCaptor.getValue();
+    assertThat(statusOr.hasValue()).isTrue();
+    assertThat(statusOr.getValue()).isEqualTo(
         XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
   }
 
@@ -279,21 +292,24 @@ public void both_down_restart_main() {
     xdsClient = xdsClientPool.getObject();
 
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
-    verify(ldsWatcher, timeout(5000).atLeastOnce()).onError(any());
-    verify(ldsWatcher, timeout(5000).times(0)).onChanged(any());
+    verify(ldsWatcher, timeout(5000).atLeastOnce())
+        .onResourceChanged(argThat(statusOr -> !statusOr.hasValue()));
+    verify(ldsWatcher, never()).onResourceChanged(argThat(StatusOr::hasValue));
     xdsClient.watchXdsResource(
         XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher2);
-    verify(rdsWatcher2, timeout(5000).atLeastOnce()).onError(any());
+    verify(rdsWatcher2, timeout(5000).atLeastOnce())
+        .onResourceChanged(argThat(statusOr -> !statusOr.hasValue()));
 
     mainXdsServer.restartXdsServer();
 
     xdsClient.watchXdsResource(
         XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher);
 
-    verify(ldsWatcher, timeout(16000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
-    verify(rdsWatcher, timeout(5000)).onChanged(any());
-    verify(rdsWatcher2, timeout(5000)).onChanged(any());
+    verify(ldsWatcher, timeout(16000)).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue() && statusOr.getValue().equals(
+            XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER))));
+    verify(rdsWatcher, timeout(5000)).onResourceChanged(argThat(StatusOr::hasValue));
+    verify(rdsWatcher2, timeout(5000)).onResourceChanged(argThat(StatusOr::hasValue));
   }
 
   @Test
@@ -304,10 +320,16 @@ public void mainDown_fallbackUp_restart_main() {
     InOrder inOrder = inOrder(ldsWatcher, rdsWatcher, cdsWatcher, cdsWatcher2);
 
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
-    inOrder.verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
+    inOrder.verify(ldsWatcher, timeout(5000)).onResourceChanged(
+        StatusOr.fromValue(XdsListenerResource.LdsUpdate.forApiListener(
+            FALLBACK_HTTP_CONNECTION_MANAGER)));
+
+    // Watch another resource, also from the fallback server.
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), FALLBACK_CLUSTER_NAME, cdsWatcher);
-    inOrder.verify(cdsWatcher, timeout(5000)).onChanged(any());
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<CdsUpdate>> cdsUpdateCaptor1 = ArgumentCaptor.forClass(StatusOr.class);
+    inOrder.verify(cdsWatcher, timeout(5000)).onResourceChanged(cdsUpdateCaptor1.capture());
+    assertThat(cdsUpdateCaptor1.getValue().getStatus().isOk()).isTrue();
 
     assertThat(fallbackServer.getService().getSubscriberCounts()
         .get("type.googleapis.com/envoy.config.listener.v3.Listener")).isEqualTo(1);
@@ -315,15 +337,26 @@ public void mainDown_fallbackUp_restart_main() {
 
     mainXdsServer.restartXdsServer();
 
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+    // The existing ldsWatcher should receive a new update from the main server.
+    // Note: This is not an inOrder verification because the timing of the switchover
+    // can vary. We just need to verify it happens.
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(
+        StatusOr.fromValue(XdsListenerResource.LdsUpdate.forApiListener(
+            MAIN_HTTP_CONNECTION_MANAGER)));
 
+    // Watch a new resource; should now come from the main server.
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher);
-    inOrder.verify(rdsWatcher, timeout(5000)).onChanged(any());
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<RdsUpdate>> rdsUpdateCaptor = ArgumentCaptor.forClass(StatusOr.class);
+    inOrder.verify(rdsWatcher, timeout(5000)).onResourceChanged(rdsUpdateCaptor.capture());
+    assertThat(rdsUpdateCaptor.getValue().getStatus().isOk()).isTrue();
     verifyNoSubscribers(fallbackServer);
 
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher2);
-    inOrder.verify(cdsWatcher2, timeout(5000)).onChanged(any());
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<CdsUpdate>> cdsUpdateCaptor2 = ArgumentCaptor.forClass(StatusOr.class);
+    inOrder.verify(cdsWatcher2, timeout(5000)).onResourceChanged(cdsUpdateCaptor2.capture());
+    assertThat(cdsUpdateCaptor2.getValue().getStatus().isOk()).isTrue();
 
     verifyNoSubscribers(fallbackServer);
     assertThat(mainXdsServer.getService().getSubscriberCounts()
@@ -363,11 +396,12 @@ public XdsTransport create(Bootstrapper.ServerInfo serverInfo) {
 
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
 
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+    // Initial resource fetch from the main server
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(
+        StatusOr.fromValue(LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER)));
 
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher);
-    verify(rdsWatcher, timeout(5000)).onChanged(any());
+    verify(rdsWatcher, timeout(5000)).onResourceChanged(argThat(StatusOr::hasValue));
 
     mainXdsServer.getServer().shutdownNow();
     // Sleep for the ADS stream disconnect to be processed and for the retry to fail. Between those
@@ -379,38 +413,43 @@ public XdsTransport create(Bootstrapper.ServerInfo serverInfo) {
     }
 
     // Shouldn't do fallback since all watchers are loaded
-    verify(ldsWatcher, never()).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher, never()).onResourceChanged(StatusOr.fromValue(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER)));
 
     // Should just get from cache
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher2);
     xdsClient.watchXdsResource(XdsRouteConfigureResource.getInstance(), RDS_NAME, rdsWatcher2);
-    verify(ldsWatcher2, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
-    verify(ldsWatcher, never()).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher2, timeout(5000)).onResourceChanged(StatusOr.fromValue(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER)));
+    verify(ldsWatcher, never()).onResourceChanged(StatusOr.fromValue(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER)));
     // Make sure that rdsWatcher wasn't called again
-    verify(rdsWatcher, times(1)).onChanged(any());
-    verify(rdsWatcher2, timeout(5000)).onChanged(any());
+    verify(rdsWatcher, times(1)).onResourceChanged(any());
+    verify(rdsWatcher2, timeout(5000)).onResourceChanged(argThat(StatusOr::hasValue));
 
     // Asking for something not in cache should force a fallback
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), FALLBACK_CLUSTER_NAME, cdsWatcher);
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
-    verify(ldsWatcher2, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER));
-    verify(cdsWatcher, timeout(5000)).onChanged(any());
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(StatusOr.fromValue(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER)));
+    verify(ldsWatcher2, timeout(5000)).onResourceChanged(StatusOr.fromValue(
+        XdsListenerResource.LdsUpdate.forApiListener(FALLBACK_HTTP_CONNECTION_MANAGER)));
+    verify(cdsWatcher, timeout(5000)).onResourceChanged(argThat(StatusOr::hasValue));
 
     xdsClient.watchXdsResource(
         XdsRouteConfigureResource.getInstance(), FALLBACK_RDS_NAME, rdsWatcher3);
-    verify(rdsWatcher3, timeout(5000)).onChanged(any());
+    verify(rdsWatcher3, timeout(5000)).onResourceChanged(argThat(StatusOr::hasValue));
 
     // Test that resource defined in main but not fallback is handled correctly
     xdsClient.watchXdsResource(
         XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher2);
-    verify(cdsWatcher2, never()).onResourceDoesNotExist(eq(CLUSTER_NAME));
+    verify(cdsWatcher2, never()).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Status.Code.NOT_FOUND));
     fakeClock.forwardTime(15000, TimeUnit.MILLISECONDS); // Does not exist timer
-    verify(cdsWatcher2, timeout(5000)).onResourceDoesNotExist(eq(CLUSTER_NAME));
+    verify(cdsWatcher2, timeout(5000)).onResourceChanged(
+        argThat(statusOr -> !statusOr.hasValue()
+            && statusOr.getStatus().getCode() == Status.Code.NOT_FOUND
+            && statusOr.getStatus().getDescription().contains(CLUSTER_NAME)));
     xdsClient.shutdown();
     executor.shutdown();
   }
@@ -419,22 +458,21 @@ public XdsTransport create(Bootstrapper.ServerInfo serverInfo) {
   public void connect_then_mainServerRestart_fallbackServerdown() {
     mainXdsServer.restartXdsServer();
     xdsClient = xdsClientPool.getObject();
-
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
 
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
-
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue() && statusOr.getValue().equals(
+            LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER))));
     mainXdsServer.getServer().shutdownNow();
     fallbackServer.getServer().shutdownNow();
-
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher);
-
     mainXdsServer.restartXdsServer();
 
-    verify(cdsWatcher, timeout(5000)).onChanged(any());
-    verify(ldsWatcher, timeout(5000).atLeastOnce()).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+    verify(cdsWatcher, timeout(5000)).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue()));
+    verify(ldsWatcher, timeout(5000).atLeastOnce()).onResourceChanged(
+        argThat(statusOr -> statusOr.hasValue() && statusOr.getValue().equals(
+            LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER))));
   }
 
   @Test
@@ -454,10 +492,10 @@ public void fallbackFromBadUrlToGoodOne() {
 
     client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
     fakeClock.forwardTime(20, TimeUnit.SECONDS);
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(
-            MAIN_HTTP_CONNECTION_MANAGER));
-    verify(ldsWatcher, never()).onError(any());
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(
+        StatusOr.fromValue(XdsListenerResource.LdsUpdate.forApiListener(
+            MAIN_HTTP_CONNECTION_MANAGER)));
+    verify(ldsWatcher, never()).onAmbientError(any(Status.class));
 
     client.shutdown();
   }
@@ -478,10 +516,13 @@ public void testGoodUrlFollowedByBadUrl() {
             xdsClientMetricReporter);
 
     client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(
-            MAIN_HTTP_CONNECTION_MANAGER));
-    verify(ldsWatcher, never()).onError(any());
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOr = ldsUpdateCaptor.getValue();
+    assertThat(statusOr.hasValue()).isTrue();
+    assertThat(statusOr.getValue()).isEqualTo(
+        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher, never()).onAmbientError(any());
+    verify(ldsWatcher, times(1)).onResourceChanged(any());
 
     client.shutdown();
   }
@@ -503,9 +544,12 @@ public void testTwoBadUrl()  {
 
     client.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
     fakeClock.forwardTime(20, TimeUnit.SECONDS);
-    verify(ldsWatcher, Mockito.timeout(5000).atLeastOnce()).onError(errorCaptor.capture());
-    assertThat(errorCaptor.getValue().getDescription()).contains(garbageUri2);
-    verify(ldsWatcher, never()).onChanged(any());
+    verify(ldsWatcher, Mockito.timeout(5000).atLeastOnce())
+        .onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOr = ldsUpdateCaptor.getValue();
+    assertThat(statusOr.hasValue()).isFalse();
+    assertThat(statusOr.getStatus().getDescription()).contains(garbageUri2);
+    verify(ldsWatcher, never()).onResourceChanged(argThat(StatusOr::hasValue));
     client.shutdown();
   }
 
@@ -525,8 +569,8 @@ public void used_then_mainServerRestart_fallbackServerUp() {
 
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(), MAIN_SERVER, ldsWatcher);
 
-    verify(ldsWatcher, timeout(5000)).onChanged(
-        XdsListenerResource.LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER));
+    verify(ldsWatcher, timeout(5000)).onResourceChanged(
+        StatusOr.fromValue(LdsUpdate.forApiListener(MAIN_HTTP_CONNECTION_MANAGER)));
 
     mainXdsServer.restartXdsServer();
 
@@ -535,7 +579,7 @@ public void used_then_mainServerRestart_fallbackServerUp() {
 
     xdsClient.watchXdsResource(XdsClusterResource.getInstance(), CLUSTER_NAME, cdsWatcher);
 
-    verify(cdsWatcher, timeout(5000)).onChanged(any());
+    verify(cdsWatcher, timeout(5000)).onResourceChanged(any());
     assertThat(getLrsServerInfo("localhost:" + fallbackServer.getServer().getPort())).isNull();
   }
 
@@ -563,5 +607,4 @@ public void used_then_mainServerRestart_fallbackServerUp() {
         "fallback-policy", "fallback"
       );
   }
-
 }
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java b/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
index 24ef60c4685..da310871c25 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientFederationTest.java
@@ -17,6 +17,9 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.timeout;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -24,6 +27,8 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import io.grpc.MetricRecorder;
+import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.Filter.NamedFilterConfig;
 import io.grpc.xds.XdsListenerResource.LdsUpdate;
@@ -46,6 +51,7 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
+import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
@@ -107,14 +113,19 @@ public void isolatedResourceDeletions() {
     xdsClient.watchXdsResource(XdsListenerResource.getInstance(),
         "xdstp://server-one/envoy.config.listener.v3.Listener/test-server", mockDirectPathWatcher);
 
-    verify(mockWatcher, timeout(10000)).onChanged(
-        LdsUpdate.forApiListener(
-            HttpConnectionManager.forRdsName(0, "route-config.googleapis.com", ImmutableList.of(
-                new NamedFilterConfig("terminal-filter", RouterFilter.ROUTER_CONFIG)))));
-    verify(mockDirectPathWatcher, timeout(10000)).onChanged(
-        LdsUpdate.forApiListener(
-            HttpConnectionManager.forRdsName(0, "route-config.googleapis.com", ImmutableList.of(
-                new NamedFilterConfig("terminal-filter", RouterFilter.ROUTER_CONFIG)))));
+    @SuppressWarnings("unchecked")
+    ArgumentCaptor<StatusOr<LdsUpdate>> captor = ArgumentCaptor.forClass(StatusOr.class);
+    LdsUpdate expectedUpdate = LdsUpdate.forApiListener(
+        HttpConnectionManager.forRdsName(0, "route-config.googleapis.com", ImmutableList.of(
+            new NamedFilterConfig("terminal-filter", RouterFilter.ROUTER_CONFIG))));
+
+    verify(mockWatcher, timeout(10000)).onResourceChanged(captor.capture());
+    assertThat(captor.getValue().hasValue()).isTrue();
+    assertThat(captor.getValue().getValue()).isEqualTo(expectedUpdate);
+
+    verify(mockDirectPathWatcher, timeout(10000)).onResourceChanged(captor.capture());
+    assertThat(captor.getValue().hasValue()).isTrue();
+    assertThat(captor.getValue().getValue()).isEqualTo(expectedUpdate);
 
     // By setting the LDS config with a new server name we effectively make the old server to go
     // away as it is not in the configuration anymore. This change in one control plane (here the
@@ -122,9 +133,13 @@ public void isolatedResourceDeletions() {
     // watcher of another control plane (here the DirectPath one).
     trafficdirector.setLdsConfig(ControlPlaneRule.buildServerListener(),
         ControlPlaneRule.buildClientListener("new-server"));
-    verify(mockWatcher, timeout(20000)).onResourceDoesNotExist("test-server");
-    verify(mockDirectPathWatcher, times(0)).onResourceDoesNotExist(
-        "xdstp://server-one/envoy.config.listener.v3.Listener/test-server");
+    verify(mockWatcher, timeout(20000)).onResourceChanged(argThat(statusOr -> {
+      return !statusOr.hasValue()
+          && statusOr.getStatus().getCode() == Status.Code.NOT_FOUND
+          && statusOr.getStatus().getDescription().contains("test-server");
+    }));
+    verify(mockDirectPathWatcher, times(1)).onResourceChanged(any());
+    verify(mockDirectPathWatcher, never()).onAmbientError(any());
   }
 
   /**
diff --git a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
index 53dcd15dd3b..81186d0639c 100644
--- a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
+++ b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java
@@ -36,6 +36,7 @@
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.inprocess.InProcessSocketAddress;
 import io.grpc.internal.TestUtils.NoopChannelLogger;
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
@@ -172,7 +173,7 @@ public void run() {
             null,
             Protocol.TCP);
     LdsUpdate listenerUpdate = LdsUpdate.forTcpListener(tcpListener);
-    xdsClient.ldsWatcher.onChanged(listenerUpdate);
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromValue(listenerUpdate));
     verify(listener, timeout(5000)).onServing();
     start.get(START_WAIT_AFTER_LISTENER_MILLIS, TimeUnit.MILLISECONDS);
     FilterChainSelector selector = selectorManager.getSelectorToUpdateSelector();
@@ -193,7 +194,8 @@ public void run() {
       }
     });
     String ldsWatched = xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
-    xdsClient.ldsWatcher.onResourceDoesNotExist(ldsWatched);
+    Status status = Status.NOT_FOUND.withDescription("Resource not found: " + ldsWatched);
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(status));
     verify(listener, timeout(5000)).onNotServing(any());
     try {
       start.get(START_WAIT_AFTER_LISTENER_MILLIS, TimeUnit.MILLISECONDS);
@@ -278,7 +280,8 @@ public void releaseOldSupplierOnNotFound_verifyClose() throws Exception {
             getSslContextProviderSupplier(selectorManager.getSelectorToUpdateSelector());
     assertThat(returnedSupplier.getTlsContext()).isSameInstanceAs(tlsContext1);
     callUpdateSslContext(returnedSupplier);
-    xdsClient.ldsWatcher.onResourceDoesNotExist("not-found Error");
+    Status status = Status.NOT_FOUND.withDescription("not-found Error");
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(status));
     verify(tlsContextManager, times(1)).releaseServerSslContextProvider(eq(sslContextProvider1));
   }
 
@@ -295,7 +298,7 @@ public void releaseOldSupplierOnTemporaryError_noClose() throws Exception {
             getSslContextProviderSupplier(selectorManager.getSelectorToUpdateSelector());
     assertThat(returnedSupplier.getTlsContext()).isSameInstanceAs(tlsContext1);
     callUpdateSslContext(returnedSupplier);
-    xdsClient.ldsWatcher.onError(Status.CANCELLED);
+    xdsClient.ldsWatcher.onAmbientError(Status.CANCELLED);
     verify(tlsContextManager, never()).releaseServerSslContextProvider(eq(sslContextProvider1));
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
index fca7b5220e6..7bae7000eaf 100644
--- a/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsDependencyManagerTest.java
@@ -853,7 +853,7 @@ public void ldsUpdateAfterShutdown() {
         serverName,
         resourceWatcher,
         MoreExecutors.directExecutor());
-    verify(resourceWatcher).onChanged(any());
+    verify(resourceWatcher).onResourceChanged(argThat(StatusOr::hasValue));
 
     syncContext.execute(() -> {
       // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
@@ -862,7 +862,7 @@ public void ldsUpdateAfterShutdown() {
 
       XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS2", "CDS", "EDS",
           ENDPOINT_HOSTNAME, ENDPOINT_PORT);
-      verify(resourceWatcher, times(2)).onChanged(any());
+      verify(resourceWatcher, times(2)).onResourceChanged(argThat(StatusOr::hasValue));
       xdsClient.cancelXdsResourceWatch(
           XdsListenerResource.getInstance(), serverName, resourceWatcher);
     });
@@ -885,7 +885,7 @@ public void rdsUpdateAfterShutdown() {
         "RDS",
         resourceWatcher,
         MoreExecutors.directExecutor());
-    verify(resourceWatcher).onChanged(any());
+    verify(resourceWatcher).onResourceChanged(argThat(StatusOr::hasValue));
 
     syncContext.execute(() -> {
       // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
@@ -894,7 +894,7 @@ public void rdsUpdateAfterShutdown() {
 
       XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS2", "EDS",
           ENDPOINT_HOSTNAME, ENDPOINT_PORT);
-      verify(resourceWatcher, times(2)).onChanged(any());
+      verify(resourceWatcher, times(2)).onResourceChanged(argThat(StatusOr::hasValue));
       xdsClient.cancelXdsResourceWatch(
           XdsRouteConfigureResource.getInstance(), serverName, resourceWatcher);
     });
@@ -910,14 +910,14 @@ public void cdsUpdateAfterShutdown() {
     verify(xdsConfigWatcher).onUpdate(any());
 
     @SuppressWarnings("unchecked")
-    XdsClient.ResourceWatcher<XdsClusterResource.CdsUpdate> resourceWatcher =
+    XdsClient.ResourceWatcher<CdsUpdate> resourceWatcher =
         mock(XdsClient.ResourceWatcher.class);
     xdsClient.watchXdsResource(
         XdsClusterResource.getInstance(),
         "CDS",
         resourceWatcher,
         MoreExecutors.directExecutor());
-    verify(resourceWatcher).onChanged(any());
+    verify(resourceWatcher).onResourceChanged(argThat(StatusOr::hasValue));
 
     syncContext.execute(() -> {
       // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
@@ -926,7 +926,7 @@ public void cdsUpdateAfterShutdown() {
 
       XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS2",
           ENDPOINT_HOSTNAME, ENDPOINT_PORT);
-      verify(resourceWatcher, times(2)).onChanged(any());
+      verify(resourceWatcher, times(2)).onResourceChanged(argThat(StatusOr::hasValue));
       xdsClient.cancelXdsResourceWatch(
           XdsClusterResource.getInstance(), serverName, resourceWatcher);
     });
@@ -949,7 +949,7 @@ public void edsUpdateAfterShutdown() {
         "EDS",
         resourceWatcher,
         MoreExecutors.directExecutor());
-    verify(resourceWatcher).onChanged(any());
+    verify(resourceWatcher).onResourceChanged(argThat(StatusOr::hasValue));
 
     syncContext.execute(() -> {
       // Shutdown before any updates. This will unsubscribe from XdsClient, but only after this
@@ -958,7 +958,7 @@ public void edsUpdateAfterShutdown() {
 
       XdsTestUtils.setAdsConfig(controlPlaneService, serverName, "RDS", "CDS", "EDS",
           ENDPOINT_HOSTNAME + "2", ENDPOINT_PORT);
-      verify(resourceWatcher, times(2)).onChanged(any());
+      verify(resourceWatcher, times(2)).onResourceChanged(argThat(StatusOr::hasValue));
       xdsClient.cancelXdsResourceWatch(
           XdsEndpointResource.getInstance(), serverName, resourceWatcher);
     });
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index d090687a072..6bb37cd4483 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -69,6 +69,7 @@
 import io.grpc.NoopClientCall.NoopClientCallListener;
 import io.grpc.Status;
 import io.grpc.Status.Code;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.AutoConfiguredLoadBalancerFactory;
 import io.grpc.internal.FakeClock;
@@ -376,7 +377,7 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
   }
 
   @Test
-  public void resolving_ldsResourceNotFound() {
+  public void resolving_ldsResourceNotFound() { // hi
     resolver.start(mockListener);
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
     xdsClient.deliverLdsResourceNotFound();
@@ -553,7 +554,7 @@ public void resolving_encounterErrorLdsWatcherOnly() {
     Status error = selectResult.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(error.getDescription()).contains(AUTHORITY);
-    assertThat(error.getDescription()).contains("UNAVAILABLE: server unreachable");
+    assertThat(error.getDescription()).contains("server unreachable");
   }
 
   @Test
@@ -569,7 +570,7 @@ public void resolving_translateErrorLds() {
     Status error = selectResult.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(error.getDescription()).contains(AUTHORITY);
-    assertThat(error.getDescription()).contains("NOT_FOUND: server unreachable");
+    assertThat(error.getDescription()).contains("server unreachable");
     assertThat(error.getCause()).isNull();
   }
 
@@ -586,8 +587,10 @@ public void resolving_encounterErrorLdsAndRdsWatchers() {
         newPickSubchannelArgs(call1.methodDescriptor, new Metadata(), CallOptions.DEFAULT));
     Status error = selectResult.getStatus();
     assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
-    assertThat(error.getDescription()).contains(RDS_RESOURCE_NAME);
-    assertThat(error.getDescription()).contains("UNAVAILABLE: server unreachable");
+    // XdsDepManager.buildUpdate doesn't allow this
+    // assertThat(error.getDescription()).contains(RDS_RESOURCE_NAME);
+    assertThat(error.getDescription()).contains(expectedLdsResourceName);
+    assertThat(error.getDescription()).contains("server unreachable");
   }
 
   @SuppressWarnings("unchecked")
@@ -1552,6 +1555,33 @@ public void filterState_shutdown_onLdsNotFound() {
     assertThat(lds1Filter2.isShutdown()).isTrue();
   }
 
+  @Test
+  public void filterState_noShutdown_onLdsDeletion() {
+    StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+    VirtualHost vhost = filterStateTestVhost();
+
+    xdsClient.deliverLdsUpdateWithFilters(vhost, filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
+    assertClusterResolutionResult(call1, cluster1);
+    ImmutableList<StatefulFilter> lds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("LDS 1: expected to create filter instances").that(lds1Snapshot).hasSize(2);
+    StatefulFilter lds1Filter1 = lds1Snapshot.get(0);
+    StatefulFilter lds1Filter2 = lds1Snapshot.get(1);
+
+    // LDS 2: Deliver a resource deletion, which is now an ambient error.
+    reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
+    xdsClient.deliverLdsResourceDeletion();
+
+    // With an ambient error, no new resolution should happen.
+    verify(mockListener, never()).onResult2(any());
+
+    // Verify that the filters are NOT shut down.
+    assertThat(lds1Filter1.isShutdown()).isFalse();
+    assertThat(lds1Filter2.isShutdown()).isFalse();
+  }
+
   /**
    * Verifies that all filter instances are shutdown (closed) on LDS ResourceWatcher shutdown.
    */
@@ -1586,6 +1616,35 @@ public void filterState_shutdown_onResolverShutdown() {
   public void filterState_shutdown_onRdsNotFound() {
     StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
     FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
+    xdsClient.deliverLdsUpdateForRdsNameWithFilters(
+        RDS_RESOURCE_NAME,
+        filterStateTestConfigs(STATEFUL_1, STATEFUL_2));
+    xdsClient.deliverRdsUpdate(
+        RDS_RESOURCE_NAME,
+        Collections.singletonList(filterStateTestVhost()));
+    createAndDeliverClusterUpdates(xdsClient, cluster1);
+    assertClusterResolutionResult(call1, cluster1);
+
+    ImmutableList<StatefulFilter> rds1Snapshot = statefulFilterProvider.getAllInstances();
+    assertWithMessage("RDS 1: Expected to create filter instances").that(rds1Snapshot).hasSize(2);
+    StatefulFilter rds1Filter1 = rds1Snapshot.get(0);
+    StatefulFilter rds1Filter2 = rds1Snapshot.get(1);
+    assertThat(rds1Filter1.isShutdown()).isFalse();
+    assertThat(rds1Filter2.isShutdown()).isFalse();
+
+    reset(mockListener);
+    when(mockListener.onResult2(any())).thenReturn(Status.OK);
+    xdsClient.deliverRdsResourceNotFound(RDS_RESOURCE_NAME);
+
+    assertEmptyResolutionResult(RDS_RESOURCE_NAME);
+    assertThat(rds1Filter1.isShutdown()).isTrue();
+    assertThat(rds1Filter2.isShutdown()).isTrue();
+  }
+
+  @Test
+  public void filterState_noShutdown_onRdsAmbientError() {
+    StatefulFilter.Provider statefulFilterProvider = filterStateTestSetupResolver();
+    FakeXdsClient xdsClient = (FakeXdsClient) resolver.getXdsClient();
 
     // LDS 1.
     xdsClient.deliverLdsUpdateForRdsNameWithFilters(RDS_RESOURCE_NAME,
@@ -1603,10 +1662,10 @@ public void filterState_shutdown_onRdsNotFound() {
     // RDS 2: RDS_RESOURCE_NAME not found.
     reset(mockListener);
     when(mockListener.onResult2(any())).thenReturn(Status.OK);
-    xdsClient.deliverRdsResourceNotFound(RDS_RESOURCE_NAME);
-    assertEmptyResolutionResult(RDS_RESOURCE_NAME);
-    assertThat(lds1Filter1.isShutdown()).isTrue();
-    assertThat(lds1Filter2.isShutdown()).isTrue();
+    xdsClient.deliverRdsAmbientError(RDS_RESOURCE_NAME, Status.NOT_FOUND);
+    verify(mockListener, never()).onResult2(any());
+    assertThat(lds1Filter1.isShutdown()).isFalse();
+    assertThat(lds1Filter2.isShutdown()).isFalse();
   }
 
   private StatefulFilter.Provider filterStateTestSetupResolver() {
@@ -2523,10 +2582,22 @@ public <T extends ResourceUpdate> void cancelXdsResourceWatch(XdsResourceType<T>
       }
     }
 
+    void deliverRdsAmbientError(String resourceName, Status status) {
+      if (!rdsWatchers.containsKey(resourceName)) {
+        return;
+      }
+      syncContext.execute(() -> {
+        List<ResourceWatcher<RdsUpdate>> resourceWatchers =
+            ImmutableList.copyOf(rdsWatchers.get(resourceName));
+        resourceWatchers.forEach(w -> w.onAmbientError(status));
+      });
+    }
+
     void deliverLdsUpdateOnly(long httpMaxStreamDurationNano, List<VirtualHost> virtualHosts) {
       syncContext.execute(() -> {
-        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
-            httpMaxStreamDurationNano, virtualHosts, null)));
+        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            httpMaxStreamDurationNano, virtualHosts, null));
+        ldsWatcher.onResourceChanged(StatusOr.fromValue(ldsUpdate));
       });
     }
 
@@ -2537,8 +2608,9 @@ void deliverLdsUpdate(long httpMaxStreamDurationNano, List<VirtualHost> virtualH
       }
 
       syncContext.execute(() -> {
-        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
-            httpMaxStreamDurationNano, virtualHosts, null)));
+        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            httpMaxStreamDurationNano, virtualHosts, null));
+        ldsWatcher.onResourceChanged(StatusOr.fromValue(ldsUpdate));
         createAndDeliverClusterUpdates(this, clusterNames.toArray(new String[0]));
       });
     }
@@ -2551,8 +2623,9 @@ void deliverLdsUpdate(final List<Route> routes) {
       List<String> clusterNames = getClusterNames(routes);
 
       syncContext.execute(() -> {
-        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
-            0L, Collections.singletonList(virtualHost), null)));
+        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            0L, Collections.singletonList(virtualHost), null));
+        ldsWatcher.onResourceChanged(StatusOr.fromValue(ldsUpdate));
         if (!clusterNames.isEmpty()) {
           createAndDeliverClusterUpdates(this, clusterNames.toArray(new String[0]));
         }
@@ -2561,8 +2634,9 @@ void deliverLdsUpdate(final List<Route> routes) {
 
     void deliverLdsUpdateWithFilters(VirtualHost vhost, List<NamedFilterConfig> filterConfigs) {
       syncContext.execute(() -> {
-        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
-            0L, Collections.singletonList(vhost), filterConfigs)));
+        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            0L, Collections.singletonList(vhost), filterConfigs));
+        ldsWatcher.onResourceChanged(StatusOr.fromValue(ldsUpdate));
       });
     }
 
@@ -2609,8 +2683,9 @@ void deliverLdsUpdateWithFaultInjection(
           Collections.singletonList(route),
           overrideConfig);
       syncContext.execute(() -> {
-        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
-            0L, Collections.singletonList(virtualHost), filterChain)));
+        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            0L, Collections.singletonList(virtualHost), filterChain));
+        ldsWatcher.onResourceChanged(StatusOr.fromValue(ldsUpdate));
         createAndDeliverClusterUpdates(this, cluster);
       });
     }
@@ -2625,8 +2700,9 @@ void deliverLdsUpdateForRdsNameWithFaultInjection(
           new NamedFilterConfig(FAULT_FILTER_INSTANCE_NAME, httpFilterFaultConfig),
           new NamedFilterConfig(ROUTER_FILTER_INSTANCE_NAME, RouterFilter.ROUTER_CONFIG));
       syncContext.execute(() -> {
-        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forRdsName(
-            0L, rdsName, filterChain)));
+        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(HttpConnectionManager.forRdsName(
+            0L, rdsName, filterChain));
+        ldsWatcher.onResourceChanged(StatusOr.fromValue(ldsUpdate));
       });
     }
 
@@ -2638,14 +2714,27 @@ void deliverLdsUpdateForRdsNameWithFilters(
         String rdsName,
         @Nullable List<NamedFilterConfig> filterConfigs) {
       syncContext.execute(() -> {
-        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forRdsName(
-            0, rdsName, filterConfigs)));
+        LdsUpdate ldsUpdate = LdsUpdate.forApiListener(HttpConnectionManager.forRdsName(
+            0, rdsName, filterConfigs));
+        ldsWatcher.onResourceChanged(StatusOr.fromValue(ldsUpdate));
+      });
+    }
+
+    void deliverLdsResourceDeletion() {
+      Status status = Status.NOT_FOUND.withDescription(
+          "Resource not found: " + expectedLdsResourceName);
+      syncContext.execute(() -> {
+        ldsWatcher.onAmbientError(status);
       });
     }
 
     void deliverLdsResourceNotFound() {
+      Status notFoundStatus = Status.UNAVAILABLE.withDescription(
+          "Resource not found: " + expectedLdsResourceName);
       syncContext.execute(() -> {
-        ldsWatcher.onResourceDoesNotExist(expectedLdsResourceName);
+        if (ldsWatcher != null) {
+          ldsWatcher.onResourceChanged(StatusOr.fromStatus(notFoundStatus));
+        }
       });
     }
 
@@ -2715,7 +2804,7 @@ void deliverRdsUpdate(String resourceName, List<VirtualHost> virtualHosts) {
         RdsUpdate update = new RdsUpdate(virtualHosts);
         List<ResourceWatcher<RdsUpdate>> resourceWatchers =
             ImmutableList.copyOf(rdsWatchers.get(resourceName));
-        resourceWatchers.forEach(w -> w.onChanged(update));
+        resourceWatchers.forEach(w -> w.onResourceChanged(StatusOr.fromValue(update)));
       });
     }
 
@@ -2730,7 +2819,8 @@ void deliverRdsResourceNotFound(String resourceName) {
       syncContext.execute(() -> {
         List<ResourceWatcher<RdsUpdate>> resourceWatchers =
             ImmutableList.copyOf(rdsWatchers.get(resourceName));
-        resourceWatchers.forEach(w -> w.onResourceDoesNotExist(resourceName));
+        Status status = Status.UNAVAILABLE.withDescription("Resource not found: " + resourceName);
+        resourceWatchers.forEach(w -> w.onResourceChanged(StatusOr.fromStatus(status)));
       });
     }
 
@@ -2741,7 +2831,7 @@ private void deliverCdsUpdate(String clusterName, CdsUpdate update) {
       syncContext.execute(() -> {
         List<ResourceWatcher<CdsUpdate>> resourceWatchers =
             ImmutableList.copyOf(cdsWatchers.get(clusterName));
-        resourceWatchers.forEach(w -> w.onChanged(update));
+        resourceWatchers.forEach(w -> w.onResourceChanged(StatusOr.fromValue(update)));
       });
     }
 
@@ -2752,7 +2842,7 @@ private void deliverEdsUpdate(String name, EdsUpdate update) {
         }
         List<ResourceWatcher<EdsUpdate>> resourceWatchers =
             ImmutableList.copyOf(edsWatchers.get(name));
-        resourceWatchers.forEach(w -> w.onChanged(update));
+        resourceWatchers.forEach(w -> w.onResourceChanged(StatusOr.fromValue(update)));
       });
     }
 
@@ -2760,16 +2850,19 @@ private void deliverEdsUpdate(String name, EdsUpdate update) {
     void deliverError(final Status error) {
       if (ldsWatcher != null) {
         syncContext.execute(() -> {
-          ldsWatcher.onError(error);
+          ldsWatcher.onResourceChanged(StatusOr.fromStatus(error));
         });
       }
       syncContext.execute(() -> {
-        rdsWatchers.values().stream()
-            .flatMap(List::stream)
-            .forEach(w -> w.onError(error));
-        cdsWatchers.values().stream()
-            .flatMap(List::stream)
-            .forEach(w -> w.onError(error));
+        List<ResourceWatcher<RdsUpdate>> rdsCopy = rdsWatchers.values().stream()
+            .flatMap(List::stream).collect(java.util.stream.Collectors.toList());
+        List<ResourceWatcher<CdsUpdate>> cdsCopy = cdsWatchers.values().stream()
+            .flatMap(List::stream).collect(java.util.stream.Collectors.toList());
+        List<ResourceWatcher<EdsUpdate>> edsCopy = edsWatchers.values().stream()
+            .flatMap(List::stream).collect(java.util.stream.Collectors.toList());
+        rdsCopy.forEach(w -> w.onResourceChanged(StatusOr.fromStatus(error)));
+        cdsCopy.forEach(w -> w.onResourceChanged(StatusOr.fromStatus(error)));
+        edsCopy.forEach(w -> w.onResourceChanged(StatusOr.fromStatus(error)));
       });
     }
   }
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java b/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
index 40225d3860d..ac990226259 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java
@@ -34,6 +34,7 @@
 import io.grpc.ServerServiceDefinition;
 import io.grpc.Status;
 import io.grpc.StatusException;
+import io.grpc.StatusOr;
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.xds.XdsListenerResource.LdsUpdate;
 import io.grpc.xds.XdsServerTestHelper.FakeXdsClient;
@@ -209,13 +210,14 @@ public void xdsServer_discoverState() throws Exception {
             CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "VA1"),
             tlsContextManager);
     future.get(5000, TimeUnit.MILLISECONDS);
-    xdsClient.ldsWatcher.onError(Status.ABORTED);
+    xdsClient.ldsWatcher.onAmbientError(Status.ABORTED);
     verify(mockXdsServingStatusListener, never()).onNotServing(any(StatusException.class));
     reset(mockXdsServingStatusListener);
-    xdsClient.ldsWatcher.onError(Status.CANCELLED);
+    xdsClient.ldsWatcher.onAmbientError(Status.CANCELLED);
     verify(mockXdsServingStatusListener, never()).onNotServing(any(StatusException.class));
     reset(mockXdsServingStatusListener);
-    xdsClient.ldsWatcher.onResourceDoesNotExist("not found error");
+    Status notFoundStatus = Status.NOT_FOUND.withDescription("not found error");
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(notFoundStatus));
     verify(mockXdsServingStatusListener).onNotServing(any(StatusException.class));
     reset(mockXdsServingStatusListener);
     XdsServerTestHelper.generateListenerUpdate(
@@ -266,7 +268,7 @@ public void xdsServerStartSecondUpdateAndError()
             tlsContextManager);
     verify(mockXdsServingStatusListener, never()).onNotServing(any(Throwable.class));
     verifyServer(future, mockXdsServingStatusListener, null);
-    xdsClient.ldsWatcher.onError(Status.ABORTED);
+    xdsClient.ldsWatcher.onAmbientError(Status.ABORTED);
     verifyServer(null, mockXdsServingStatusListener, null);
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
index a9236ac77ca..386793299d8 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerTestHelper.java
@@ -24,6 +24,8 @@
 import io.envoyproxy.envoy.config.core.v3.SocketAddress.Protocol;
 import io.grpc.InsecureChannelCredentials;
 import io.grpc.MetricRecorder;
+import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.internal.ObjectPool;
 import io.grpc.xds.EnvoyServerProtoData.ConnectionSourceType;
 import io.grpc.xds.EnvoyServerProtoData.FilterChain;
@@ -301,13 +303,14 @@ private String awaitLdsResource(Duration timeout) {
     void deliverLdsUpdateWithApiListener(long httpMaxStreamDurationNano,
         List<VirtualHost> virtualHosts) {
       execute(() -> {
-        ldsWatcher.onChanged(LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
-            httpMaxStreamDurationNano, virtualHosts, null)));
+        LdsUpdate update = LdsUpdate.forApiListener(HttpConnectionManager.forVirtualHosts(
+            httpMaxStreamDurationNano, virtualHosts, null));
+        ldsWatcher.onResourceChanged(StatusOr.fromValue(update));
       });
     }
 
     void deliverLdsUpdate(LdsUpdate ldsUpdate) {
-      execute(() -> ldsWatcher.onChanged(ldsUpdate));
+      execute(() -> ldsWatcher.onResourceChanged(StatusOr.fromValue(ldsUpdate)));
     }
 
     void deliverLdsUpdate(
@@ -322,11 +325,14 @@ void deliverLdsUpdate(FilterChain filterChain, @Nullable FilterChain defaultFilt
     }
 
     void deliverLdsResourceNotFound() {
-      execute(() -> ldsWatcher.onResourceDoesNotExist(awaitLdsResource(DEFAULT_TIMEOUT)));
+      String resourceName = awaitLdsResource(DEFAULT_TIMEOUT);
+      Status status = Status.NOT_FOUND.withDescription("Resource not found: " + resourceName);
+      execute(() -> ldsWatcher.onResourceChanged(StatusOr.fromStatus(status)));
     }
 
     void deliverRdsUpdate(String resourceName, List<VirtualHost> virtualHosts) {
-      execute(() -> rdsWatchers.get(resourceName).onChanged(new RdsUpdate(virtualHosts)));
+      RdsUpdate update = new RdsUpdate(virtualHosts);
+      execute(() -> rdsWatchers.get(resourceName).onResourceChanged(StatusOr.fromValue(update)));
     }
 
     void deliverRdsUpdate(String resourceName, VirtualHost virtualHost) {
@@ -334,7 +340,8 @@ void deliverRdsUpdate(String resourceName, VirtualHost virtualHost) {
     }
 
     void deliverRdsResourceNotFound(String resourceName) {
-      execute(() -> rdsWatchers.get(resourceName).onResourceDoesNotExist(resourceName));
+      Status status = Status.NOT_FOUND.withDescription("Resource not found: " + resourceName);
+      execute(() -> rdsWatchers.get(resourceName).onResourceChanged(StatusOr.fromStatus(status)));
     }
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
index 99e9907f7d0..99e3911307a 100644
--- a/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsServerWrapperTest.java
@@ -49,6 +49,7 @@
 import io.grpc.ServerInterceptor;
 import io.grpc.Status;
 import io.grpc.StatusException;
+import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.FakeClock;
 import io.grpc.testing.TestMethodDescriptors;
@@ -345,7 +346,8 @@ public void run() {
       }
     });
     String ldsResource = xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
-    xdsClient.ldsWatcher.onResourceDoesNotExist(ldsResource);
+    Status notFoundStatus = Status.NOT_FOUND.withDescription("Resource not found: " + ldsResource);
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(notFoundStatus));
     verify(listener, timeout(5000)).onNotServing(any());
     try {
       start.get(START_WAIT_AFTER_LISTENER_MILLIS, TimeUnit.MILLISECONDS);
@@ -534,7 +536,8 @@ public void run() {
     verify(mockServer).start();
 
     // server shutdown after resourceDoesNotExist
-    xdsClient.ldsWatcher.onResourceDoesNotExist(ldsResource);
+    Status notFoundStatus = Status.NOT_FOUND.withDescription("Resource not found: " + ldsResource);
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(notFoundStatus));
     verify(mockServer).shutdown();
 
     // re-deliver lds resource
@@ -853,7 +856,7 @@ public void run() {
     EnvoyServerProtoData.FilterChain f1 = createFilterChain("filter-chain-1", createRds("r0"));
     xdsClient.deliverLdsUpdate(Arrays.asList(f0, f1), null);
     xdsClient.awaitRds(FakeXdsClient.DEFAULT_TIMEOUT);
-    xdsClient.rdsWatchers.get("r0").onError(Status.CANCELLED);
+    xdsClient.rdsWatchers.get("r0").onResourceChanged(StatusOr.fromStatus(Status.CANCELLED));
     start.get(5000, TimeUnit.MILLISECONDS);
     assertThat(selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().size())
         .isEqualTo(2);
@@ -873,13 +876,14 @@ public void run() {
         Collections.singletonList(createVirtualHost("virtual-host-1")));
     assertThat(realConfig.interceptors()).isEqualTo(ImmutableMap.of());
 
-    xdsClient.rdsWatchers.get("r0").onError(Status.CANCELLED);
+    xdsClient.rdsWatchers.get("r0").onAmbientError(Status.CANCELLED);
     realConfig = selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().get(f1).get();
     assertThat(realConfig.virtualHosts()).isEqualTo(
         Collections.singletonList(createVirtualHost("virtual-host-1")));
     assertThat(realConfig.interceptors()).isEqualTo(ImmutableMap.of());
 
-    xdsClient.rdsWatchers.get("r0").onResourceDoesNotExist("r0");
+    Status notFoundStatus = Status.NOT_FOUND.withDescription("Resource r0 does not exist");
+    xdsClient.rdsWatchers.get("r0").onResourceChanged(StatusOr.fromStatus(notFoundStatus));
     realConfig = selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().get(f1).get();
     assertThat(realConfig.virtualHosts()).isEmpty();
     assertThat(realConfig.interceptors()).isEmpty();
@@ -899,7 +903,9 @@ public void run() {
       }
     });
     String ldsResource = xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
-    xdsClient.ldsWatcher.onResourceDoesNotExist(ldsResource);
+    Status notFoundStatus = Status.NOT_FOUND.withDescription(
+        "FakeXdsClient: Resource not found: " + ldsResource);
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(notFoundStatus));
     verify(listener, timeout(5000)).onNotServing(any());
     try {
       start.get(START_WAIT_AFTER_LISTENER_MILLIS, TimeUnit.MILLISECONDS);
@@ -913,10 +919,10 @@ public void run() {
     FilterChain filterChain0 = createFilterChain("filter-chain-0", createRds("rds"));
     SslContextProviderSupplier sslSupplier0 = filterChain0.sslContextProviderSupplier();
     xdsClient.deliverLdsUpdate(Collections.singletonList(filterChain0), null);
-    xdsClient.ldsWatcher.onError(Status.INTERNAL);
+    ResourceWatcher<RdsUpdate> saveRdsWatcher = xdsClient.rdsWatchers.get("rds");
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(Status.INTERNAL));
     assertThat(selectorManager.getSelectorToUpdateSelector())
         .isSameInstanceAs(FilterChainSelector.NO_FILTER_CHAIN);
-    ResourceWatcher<RdsUpdate> saveRdsWatcher = xdsClient.rdsWatchers.get("rds");
     verify(mockBuilder, times(1)).build();
     verify(listener, times(2)).onNotServing(any(StatusException.class));
     assertThat(sslSupplier0.isShutdown()).isFalse();
@@ -952,7 +958,7 @@ public void run() {
     xdsClient.deliverRdsUpdate("rds",
             Collections.singletonList(createVirtualHost("virtual-host-2")));
     assertThat(sslSupplier1.isShutdown()).isFalse();
-    xdsClient.ldsWatcher.onError(Status.DEADLINE_EXCEEDED);
+    xdsClient.ldsWatcher.onAmbientError(Status.DEADLINE_EXCEEDED);
     verify(mockBuilder, times(1)).build();
     verify(mockServer, times(2)).start();
     verify(listener, times(2)).onNotServing(any(StatusException.class));
@@ -967,17 +973,18 @@ public void run() {
     assertThat(sslSupplier1.isShutdown()).isFalse();
 
     // not serving after serving
-    xdsClient.ldsWatcher.onResourceDoesNotExist(ldsResource);
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(notFoundStatus));
     assertThat(xdsClient.rdsWatchers).isEmpty();
-    verify(mockServer, times(2)).shutdown();
+    verify(mockServer, times(3)).shutdown(); // This is the 3rd shutdown in the test.
     when(mockServer.isShutdown()).thenReturn(true);
     assertThat(selectorManager.getSelectorToUpdateSelector())
         .isSameInstanceAs(FilterChainSelector.NO_FILTER_CHAIN);
     verify(listener, times(3)).onNotServing(any(StatusException.class));
     assertThat(sslSupplier1.isShutdown()).isTrue();
+    assertThat(xdsClient.rdsWatchers.get("rds")).isNull();
     // no op
-    saveRdsWatcher.onChanged(
-            new RdsUpdate(Collections.singletonList(createVirtualHost("virtual-host-1"))));
+    saveRdsWatcher.onResourceChanged(StatusOr.fromValue(
+        new RdsUpdate(Collections.singletonList(createVirtualHost("virtual-host-1")))));
     verify(mockBuilder, times(1)).build();
     verify(mockServer, times(2)).start();
     verify(listener, times(1)).onServing();
@@ -1006,8 +1013,8 @@ public void run() {
     assertThat(realConfig.interceptors()).isEqualTo(ImmutableMap.of());
 
     assertThat(executor.numPendingTasks()).isEqualTo(1);
-    xdsClient.ldsWatcher.onResourceDoesNotExist(ldsResource);
-    verify(mockServer, times(3)).shutdown();
+    xdsClient.ldsWatcher.onResourceChanged(StatusOr.fromStatus(notFoundStatus));
+    verify(mockServer, times(4)).shutdown();
     verify(listener, times(4)).onNotServing(any(StatusException.class));
     verify(listener, times(1)).onNotServing(any(IOException.class));
     when(mockServer.isShutdown()).thenReturn(true);
@@ -1035,7 +1042,7 @@ public void run() {
     assertThat(realConfig.interceptors()).isEqualTo(ImmutableMap.of());
 
     xdsServerWrapper.shutdown();
-    verify(mockServer, times(4)).shutdown();
+    verify(mockServer, times(5)).shutdown();
     assertThat(sslSupplier3.isShutdown()).isTrue();
     when(mockServer.awaitTermination(anyLong(), any(TimeUnit.class))).thenReturn(true);
     assertThat(xdsServerWrapper.awaitTermination(5, TimeUnit.SECONDS)).isTrue();
@@ -1429,7 +1436,8 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
     assertThat(interceptorTrace).isEqualTo(Arrays.asList(0, 0));
     verify(mockNext, times(2)).startCall(eq(serverCall), any(Metadata.class));
 
-    xdsClient.rdsWatchers.get("r0").onResourceDoesNotExist("r0");
+    Status notFoundStatus = Status.NOT_FOUND.withDescription("Resource r0 does not exist");
+    xdsClient.rdsWatchers.get("r0").onResourceChanged(StatusOr.fromStatus(notFoundStatus));
     assertThat(selectorManager.getSelectorToUpdateSelector().getRoutingConfigs()
         .get(filterChain).get()).isEqualTo(noopConfig);
   }

From 337c7b8e8082397f86444604f1ff385aa26f217b Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Wed, 3 Dec 2025 00:48:28 +0900
Subject: [PATCH 473/591] servlet: disable RECYCLE_FACADES to reduce flaky
 tests

Set discardFacades=false in Tomcat 10 Embedded to avoid premature
OutputBuffer recycling. This works around flaky tests in gRPC servlet
transport by ensuring facades are not discarded too early.

Fixes #12524
---
 .../tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java b/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java
index 2171c6eb2df..cd73b096ccb 100644
--- a/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java
+++ b/servlet/src/tomcatTest/java/io/grpc/servlet/TomcatTransportTest.java
@@ -93,6 +93,10 @@ public void start(ServerListener listener) throws IOException {
             .setAsyncSupported(true);
         ctx.addServletMappingDecoded("/*", "TomcatTransportTest");
         tomcatServer.getConnector().addUpgradeProtocol(new Http2Protocol());
+        // Workaround for https://github.com/grpc/grpc-java/issues/12540
+        // Prevent premature OutputBuffer recycling by disabling facade recycling.
+        // This should be revisited once the root cause is fixed.
+        tomcatServer.getConnector().setDiscardFacades(false);
         try {
           tomcatServer.start();
         } catch (LifecycleException e) {

From f36defa2d3950de103d2a2dc73fc7f308d35f624 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 3 Dec 2025 21:49:12 -0800
Subject: [PATCH 474/591] Upgrade dependencies

---
 MODULE.bazel                                  |  16 +-
 .../main/java/io/grpc/ConnectivityState.java  |   2 +-
 .../java/io/grpc/LoadBalancerProvider.java    |   2 +-
 .../authz/AuthorizationPolicyTranslator.java  |  16 +-
 .../io/grpc/internal/DnsNameResolver.java     |   2 +-
 .../main/java/io/grpc/internal/JsonUtil.java  |   3 +-
 .../internal/ManagedChannelImplBuilder.java   |   2 +-
 .../grpc/internal/DelayedClientCallTest.java  |   2 +-
 examples/android/clientcache/app/build.gradle |   2 +-
 examples/example-gauth/build.gradle           |   2 +-
 examples/example-gauth/pom.xml                |   2 +-
 .../build.gradle                              |   4 +-
 examples/example-oauth/build.gradle           |   2 +-
 examples/example-oauth/pom.xml                |   8 +-
 examples/example-opentelemetry/build.gradle   |   4 +-
 examples/pom.xml                              |   2 +-
 gradle/libs.versions.toml                     | 153 ++++++++++--------
 .../integration/StressTestClientTest.java     |   4 +-
 netty/src/main/java/io/grpc/netty/Utils.java  |   8 +-
 .../io/grpc/okhttp/OkHttpClientTransport.java |   2 +-
 repositories.bzl                              |  16 +-
 .../S2AProtocolNegotiatorFactory.java         |   2 +-
 .../handshaker/SslContextFactory.java         |   6 +-
 .../io/grpc/servlet/JettyTransportTest.java   |  14 +-
 settings.gradle                               |   4 +-
 25 files changed, 150 insertions(+), 130 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 418a78275b6..f81f287588f 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -8,19 +8,19 @@ module(
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.59.2",
-    "com.google.auth:google-auth-library-credentials:1.24.1",
-    "com.google.auth:google-auth-library-oauth2-http:1.24.1",
+    "com.google.api.grpc:proto-google-common-protos:2.63.1",
+    "com.google.auth:google-auth-library-credentials:1.40.0",
+    "com.google.auth:google-auth-library-oauth2-http:1.40.0",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.12.1",
-    "com.google.errorprone:error_prone_annotations:2.36.0",
+    "com.google.errorprone:error_prone_annotations:2.44.0",
     "com.google.guava:failureaccess:1.0.1",
-    "com.google.guava:guava:33.4.8-android",
+    "com.google.guava:guava:33.5.0-android",
     "com.google.re2j:re2j:1.8",
-    "com.google.s2a.proto.v2:s2a-proto:0.1.2",
-    "com.google.truth:truth:1.4.2",
+    "com.google.s2a.proto.v2:s2a-proto:0.1.3",
+    "com.google.truth:truth:1.4.5",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
     "io.netty:netty-buffer:4.1.127.Final",
@@ -42,7 +42,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
     "org.checkerframework:checker-qual:3.49.5",
-    "org.codehaus.mojo:animal-sniffer-annotations:1.24",
+    "org.codehaus.mojo:animal-sniffer-annotations:1.26",
 ]
 # GRPC_DEPS_END
 
diff --git a/api/src/main/java/io/grpc/ConnectivityState.java b/api/src/main/java/io/grpc/ConnectivityState.java
index 677039b2517..a7407efb2e9 100644
--- a/api/src/main/java/io/grpc/ConnectivityState.java
+++ b/api/src/main/java/io/grpc/ConnectivityState.java
@@ -20,7 +20,7 @@
  * The connectivity states.
  *
  * @see <a href="https://github.com/grpc/grpc/blob/master/doc/connectivity-semantics-and-api.md">
- * more information</a>
+ *     more information</a>
  */
 @ExperimentalApi("https://github.com/grpc/grpc-java/issues/4359")
 public enum ConnectivityState {
diff --git a/api/src/main/java/io/grpc/LoadBalancerProvider.java b/api/src/main/java/io/grpc/LoadBalancerProvider.java
index bb4c574211e..7dc30d6baaf 100644
--- a/api/src/main/java/io/grpc/LoadBalancerProvider.java
+++ b/api/src/main/java/io/grpc/LoadBalancerProvider.java
@@ -81,7 +81,7 @@ public abstract class LoadBalancerProvider extends LoadBalancer.Factory {
    * @return a tuple of the fully parsed and validated balancer configuration, else the Status.
    * @since 1.20.0
    * @see <a href="https://github.com/grpc/proposal/blob/master/A24-lb-policy-config.md">
-   *   A24-lb-policy-config.md</a>
+   *     A24-lb-policy-config.md</a>
    */
   public ConfigOrError parseLoadBalancingPolicyConfig(Map<String, ?> rawLoadBalancingPolicyConfig) {
     return UNKNOWN_CONFIG;
diff --git a/authz/src/main/java/io/grpc/authz/AuthorizationPolicyTranslator.java b/authz/src/main/java/io/grpc/authz/AuthorizationPolicyTranslator.java
index ed7e018412c..183ae2c3f55 100644
--- a/authz/src/main/java/io/grpc/authz/AuthorizationPolicyTranslator.java
+++ b/authz/src/main/java/io/grpc/authz/AuthorizationPolicyTranslator.java
@@ -156,19 +156,19 @@ private static Map<String, Policy> parseRules(
   }
 
   /** 
-  * Translates a gRPC authorization policy in JSON string to Envoy RBAC policies.
-  * On success, will return one of the following -
-  * 1. One allow RBAC policy or,
-  * 2. Two RBAC policies, deny policy followed by allow policy.
-  * If the policy cannot be parsed or is invalid, an exception will be thrown.
-  */
+   * Translates a gRPC authorization policy in JSON string to Envoy RBAC policies.
+   * On success, will return one of the following -
+   * 1. One allow RBAC policy or,
+   * 2. Two RBAC policies, deny policy followed by allow policy.
+   * If the policy cannot be parsed or is invalid, an exception will be thrown.
+   */
   public static List<RBAC> translate(String authorizationPolicy) 
             throws IllegalArgumentException, IOException {
     Object jsonObject = JsonParser.parse(authorizationPolicy);
     if (!(jsonObject instanceof Map)) {
       throw new IllegalArgumentException(
-        "Authorization policy should be a JSON object. Found: "
-        + (jsonObject == null ? null : jsonObject.getClass()));
+          "Authorization policy should be a JSON object. Found: "
+          + (jsonObject == null ? null : jsonObject.getClass()));
     }
     @SuppressWarnings("unchecked")
     Map<String, ?> json = (Map<String, ?>)jsonObject;
diff --git a/core/src/main/java/io/grpc/internal/DnsNameResolver.java b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
index 6c48389b95b..dacbe291b6b 100644
--- a/core/src/main/java/io/grpc/internal/DnsNameResolver.java
+++ b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
@@ -478,7 +478,7 @@ private static long getNetworkAddressCacheTtlNanos(boolean isAndroid) {
    * Determines if a given Service Config choice applies, and if so, returns it.
    *
    * @see <a href="https://github.com/grpc/proposal/blob/master/A2-service-configs-in-dns.md">
-   *   Service Config in DNS</a>
+   *     Service Config in DNS</a>
    * @param choice The service config choice.
    * @return The service config object or {@code null} if this choice does not apply.
    */
diff --git a/core/src/main/java/io/grpc/internal/JsonUtil.java b/core/src/main/java/io/grpc/internal/JsonUtil.java
index a0d5eef8660..6c9274702b6 100644
--- a/core/src/main/java/io/grpc/internal/JsonUtil.java
+++ b/core/src/main/java/io/grpc/internal/JsonUtil.java
@@ -361,7 +361,8 @@ private static int parseNanos(String value) throws ParseException {
   /**
    * Copy of {@link com.google.protobuf.util.Durations#normalizedDuration}.
    */
-  @SuppressWarnings("NarrowingCompoundAssignment")
+  // Math.addExact() requires Android API level 24
+  @SuppressWarnings({"NarrowingCompoundAssignment", "InlineMeInliner"})
   private static long normalizedDuration(long seconds, int nanos) {
     if (nanos <= -NANOS_PER_SECOND || nanos >= NANOS_PER_SECOND) {
       seconds = checkedAdd(seconds, nanos / NANOS_PER_SECOND);
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
index fc3c7891008..1773c04388d 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
@@ -759,7 +759,7 @@ List<ClientInterceptor> getEffectiveInterceptors(String computedTarget) {
       if (GET_CLIENT_INTERCEPTOR_METHOD != null) {
         try {
           statsInterceptor =
-            (ClientInterceptor) GET_CLIENT_INTERCEPTOR_METHOD
+              (ClientInterceptor) GET_CLIENT_INTERCEPTOR_METHOD
               .invoke(
                 null,
                 recordStartedRpcs,
diff --git a/core/src/test/java/io/grpc/internal/DelayedClientCallTest.java b/core/src/test/java/io/grpc/internal/DelayedClientCallTest.java
index 557ddfe5ace..ff131d29975 100644
--- a/core/src/test/java/io/grpc/internal/DelayedClientCallTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedClientCallTest.java
@@ -206,7 +206,7 @@ public void delayedCallsRunUnderContext() throws Exception {
     Object goldenValue = new Object();
     DelayedClientCall<String, Integer> delayedClientCall =
         Context.current().withValue(contextKey, goldenValue).call(() ->
-          new DelayedClientCall<>(callExecutor, fakeClock.getScheduledExecutorService(), null));
+            new DelayedClientCall<>(callExecutor, fakeClock.getScheduledExecutorService(), null));
     AtomicReference<Context> readyContext = new AtomicReference<>();
     delayedClientCall.start(new ClientCall.Listener<Integer>() {
       @Override public void onReady() {
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 02389619418..0a3cd38b6ed 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -59,6 +59,6 @@ dependencies {
     implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 
     testImplementation 'junit:junit:4.13.2'
-    testImplementation 'com.google.truth:truth:1.1.5'
+    testImplementation 'com.google.truth:truth:1.4.5'
     testImplementation 'io.grpc:grpc-testing:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index fef81b77697..1d305677048 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -30,7 +30,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    implementation "com.google.auth:google-auth-library-oauth2-http:1.23.0"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.40.0"
     implementation "com.google.api.grpc:grpc-google-cloud-pubsub-v1:0.1.24"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index afae8ee6ec4..73efa507656 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -57,7 +57,7 @@
     <dependency>
       <groupId>com.google.auth</groupId>
       <artifactId>google-auth-library-oauth2-http</artifactId>
-      <version>1.23.0</version>
+      <version>1.40.0</version>
     </dependency>
     <dependency>
       <groupId>com.google.api.grpc</groupId>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 9b714b0a88f..d02e0d76ec4 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -24,8 +24,8 @@ java {
 // updating the version in our release process.
 def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
-def openTelemetryVersion = '1.52.0'
-def openTelemetryPrometheusVersion = '1.52.0-alpha'
+def openTelemetryVersion = '1.56.0'
+def openTelemetryPrometheusVersion = '1.56.0-alpha'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 36e45958b84..447e40f1f3e 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -29,7 +29,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    implementation "com.google.auth:google-auth-library-oauth2-http:1.23.0"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.40.0"
 
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index e81f5e50190..85103ec9121 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -50,17 +50,11 @@
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-auth</artifactId>
-      <exclusions>
-        <exclusion>
-          <groupId>com.google.auth</groupId>
-          <artifactId>google-auth-library-credentials</artifactId>
-        </exclusion>
-      </exclusions>
     </dependency>
     <dependency>
       <groupId>com.google.auth</groupId>
       <artifactId>google-auth-library-oauth2-http</artifactId>
-      <version>1.23.0</version>
+      <version>1.40.0</version>
     </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 188e5ff0a00..2c953b3d487 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -23,8 +23,8 @@ java {
 // updating the version in our release process.
 def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
-def openTelemetryVersion = '1.52.0'
-def openTelemetryPrometheusVersion = '1.52.0-alpha'
+def openTelemetryVersion = '1.56.0'
+def openTelemetryPrometheusVersion = '1.56.0-alpha'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
diff --git a/examples/pom.xml b/examples/pom.xml
index 2f4629ec201..544f737ceb1 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -58,7 +58,7 @@
     <dependency> <!-- Use newer version than in protobuf-java-util -->
       <groupId>com.google.j2objc</groupId>
       <artifactId>j2objc-annotations</artifactId>
-      <version>3.0.0</version>
+      <version>3.1</version>
     </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index f4914c1ea71..9cf74e270cb 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,61 +1,68 @@
 [versions]
-netty = '4.1.127.Final'
-# Keep the following references of tcnative version in sync whenever it's updated:
-#   SECURITY.md
-nettytcnative = '2.0.74.Final'
 opencensus = "0.31.1"
-# Not upgrading to 4.x as it is not yet ABI compatible.
-# https://github.com/protocolbuffers/protobuf/issues/17247
-protobuf = "3.25.8"
 
 [libraries]
 android-annotations = "com.google.android:annotations:4.1.1.4"
-# androidx-annotation 1.9.1+ uses Kotlin and requires Android Gradle Plugin 9+
+# 1.9.1+ uses Kotlin and requires Android Gradle Plugin 9+
 # checkForUpdates: androidx-annotation:1.9.0
 androidx-annotation = "androidx.annotation:annotation:1.9.0"
-# 1.15.0 requires libraries and applications that depend on it to compile against
-# version 35 or later of the Android APIs.
+# 1.15.0+ requires minSdkVersion 21 in android-interop-testing (1.14.x doesn't exist)
 # checkForUpdates: androidx-core:1.13.+
 androidx-core = "androidx.core:core:1.13.1"
-# androidx-lifecycle 2.9+ requires Java 17
+# 2.9+ requires minSdkVersion 21 in android-intetrop-testing
+# checkForUpdates: androidx-lifecycle-common:2.8.+
 androidx-lifecycle-common = "androidx.lifecycle:lifecycle-common:2.8.7"
+# checkForUpdates: androidx-lifecycle-service:2.8.+
 androidx-lifecycle-service = "androidx.lifecycle:lifecycle-service:2.8.7"
-androidx-test-core = "androidx.test:core:1.6.1"
-androidx-test-ext-junit = "androidx.test.ext:junit:1.2.1"
+androidx-test-core = "androidx.test:core:1.7.0"
+androidx-test-ext-junit = "androidx.test.ext:junit:1.3.0"
+# 1.7.0+ requires minSdkVersion 21 in android-interop-testing
+# checkForUpdates: androidx-test-rules:1.6.+
 androidx-test-rules = "androidx.test:rules:1.6.1"
-animalsniffer = "org.codehaus.mojo:animal-sniffer:1.24"
-animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.24"
-assertj-core = "org.assertj:assertj-core:3.27.3"
+animalsniffer = "org.codehaus.mojo:animal-sniffer:1.26"
+animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.26"
+assertj-core = "org.assertj:assertj-core:3.27.6"
+# 1.11.1 started converting jsr305 @Nullable to jspecify
+# checkForUpdates: auto-value:1.11.0
 auto-value = "com.google.auto.value:auto-value:1.11.0"
+# checkForUpdates: auto-value-annotations:1.11.0
 auto-value-annotations = "com.google.auto.value:auto-value-annotations:1.11.0"
-checkstyle = "com.puppycrawl.tools:checkstyle:10.21.2"
+# 11.0+ requires Java 17+
+# https://checkstyle.sourceforge.io/releasenotes.html
+# checkForUpdates: checkstyle:10.+
+checkstyle = "com.puppycrawl.tools:checkstyle:10.26.1"
+# checkstyle 10.0+ requires Java 11+
+# See https://checkstyle.sourceforge.io/releasenotes_old_8-35_10-26.html#Release_10.0
+# checkForUpdates: checkstylejava8:9.+
+checkstylejava8 = "com.puppycrawl.tools:checkstyle:9.3"
 commons-math3 = "org.apache.commons:commons-math3:3.6.1"
 conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
+# 141.7340.3+ requires minSdkVersion 23
+# checkForUpdates: cronet-api:119.6045.31
 cronet-api = "org.chromium.net:cronet-api:119.6045.31"
+# checkForUpdates: cronet-embedded:119.6045.31
 cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
-errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.36.0"
-# error-prone 2.32.0+ require Java 17+
+errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.44.0"
+# 2.32.0+ requires Java 17+
 # checkForUpdates: errorprone-core:2.31.+
 errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
-google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.59.2"
-# google-auth-library 1.25.0+ requires error_prone_annotations 2.31.0+, which
-# breaks the Android build
-# checkForUpdates: google-auth-credentials:1.24.+
-google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.24.1"
-# checkForUpdates: google-auth-oauth2Http:1.24.+
-google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.24.1"
+# 2.11.0+ requires JDK 11+ (See https://github.com/google/error-prone/releases/tag/v2.11.0)
+# checkForUpdates: errorprone-corejava8:2.10.+
+errorprone-corejava8 = "com.google.errorprone:error_prone_core:2.10.0"
+google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.63.1"
+google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.40.0"
+google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.40.0"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
-google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.1"
+google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.8"
 # 2.13.0 requires error_prone_annotations:2.37.0, but we are stuck with 2.36.0
 # checkForUpdates: gson:2.12.+
 gson = "com.google.code.gson:gson:2.12.1"
-# 33.4.8 requires com.google.errorprone:error_prone_annotations:2.36.0
-guava = "com.google.guava:guava:33.4.8-android"
+guava = "com.google.guava:guava:33.5.0-android"
 guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
-guava-testlib = "com.google.guava:guava-testlib:33.4.8-android"
+guava-testlib = "com.google.guava:guava-testlib:33.5.0-android"
 # JRE version is needed for projects where its a transitive dependency, f.e. gcp-observability.
 # May be different from the -android version.
-guava-jre = "com.google.guava:guava:33.4.8-jre"
+guava-jre = "com.google.guava:guava:33.5.0-jre"
 hdrhistogram = "org.hdrhistogram:HdrHistogram:2.2.2"
 # 6.0.0+ use java.lang.Deprecated forRemoval and since from Java 9
 # checkForUpdates: jakarta-servlet-api:5.+
@@ -63,28 +70,40 @@ jakarta-servlet-api = "jakarta.servlet:jakarta.servlet-api:5.0.0"
 javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
 # 12.0.0+ require Java 17+
 # checkForUpdates: jetty-client:11.+
-jetty-client = "org.eclipse.jetty:jetty-client:11.0.24"
-jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.0.23"
-jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.20"
-jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.0.16"
-jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.20"
+jetty-client = "org.eclipse.jetty:jetty-client:11.0.26"
+jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.4"
+# 10.0.25+ uses uses @Deprecated(since=/forRemoval=) from Java 9
+# checkForUpdates: jetty-http2-server10:10.0.24
+jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.24"
+jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.4"
+# checkForUpdates: jetty-servlet10:10.0.24
+jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.24"
 jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
 junit = "junit:junit:4.13.2"
-lincheck = "org.jetbrains.lincheck:lincheck:3.2"
+lincheck = "org.jetbrains.lincheck:lincheck:3.3.2"
 # Update notes / 2023-07-19 sergiitk:
 #    Couldn't update to 5.4.0, updated to the last in 4.x line. Version 5.x breaks some tests.
 #    Error log: https://github.com/grpc/grpc-java/pull/10359#issuecomment-1632834435
 # Update notes / 2023-10-09 temawi:
-#    4.11.0 Has been breaking the android integration tests as mockito now uses streams
+#    4.5.0 Has been breaking the android integration tests as mockito now uses streams
 #    (not available in API levels < 24). https://github.com/grpc/grpc-java/issues/10457
+# checkForUpdates: mockito-android:4.4.+
 mockito-android = "org.mockito:mockito-android:4.4.0"
+# checkForUpdates: mockito-core:4.4.+
 mockito-core = "org.mockito:mockito-core:4.4.0"
-netty-codec-http2 = { module = "io.netty:netty-codec-http2", version.ref = "netty" }
-netty-handler-proxy = { module = "io.netty:netty-handler-proxy", version.ref = "netty" }
-netty-tcnative = { module = "io.netty:netty-tcnative-boringssl-static", version.ref = "nettytcnative" }
-netty-tcnative-classes = { module = "io.netty:netty-tcnative-classes", version.ref = "nettytcnative" }
-netty-transport-epoll = { module = "io.netty:netty-transport-native-epoll", version.ref = "netty" }
-netty-unix-common = { module = "io.netty:netty-transport-native-unix-common", version.ref = "netty" }
+# Need to decide when we require users to absorb the breaking changes in 4.2
+# checkForUpdates: netty-codec-http2:4.1.+
+netty-codec-http2 = "io.netty:netty-codec-http2:4.1.127.Final"
+# checkForUpdates: netty-handler-proxy:4.1.+
+netty-handler-proxy = "io.netty:netty-handler-proxy:4.1.127.Final"
+# Keep the following references of tcnative version in sync whenever it's updated:
+#   SECURITY.md
+netty-tcnative = "io.netty:netty-tcnative-boringssl-static:2.0.74.Final"
+netty-tcnative-classes = "io.netty:netty-tcnative-classes:2.0.74.Final"
+# checkForUpdates: netty-transport-epoll:4.1.+
+netty-transport-epoll = "io.netty:netty-transport-native-epoll:4.1.127.Final"
+# checkForUpdates: netty-unix-common:4.1.+
+netty-unix-common = "io.netty:netty-transport-native-unix-common:4.1.127.Final"
 okhttp = "com.squareup.okhttp:okhttp:2.7.5"
 # okio 3.5+ uses Kotlin 1.9+ which requires Android Gradle Plugin 9+
 # checkForUpdates: okio:3.4.+
@@ -94,35 +113,33 @@ opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-g
 opencensus-exporter-stats-stackdriver = { module = "io.opencensus:opencensus-exporter-stats-stackdriver", version.ref = "opencensus" }
 opencensus-exporter-trace-stackdriver = { module = "io.opencensus:opencensus-exporter-trace-stackdriver", version.ref = "opencensus" }
 opencensus-impl = { module = "io.opencensus:opencensus-impl", version.ref = "opencensus" }
-opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.52.0"
-opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.52.0-alpha"
-opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.48.0-alpha"
-opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.52.0"
-opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.52.0"
+opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.56.0"
+opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.56.0-alpha"
+opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.51.0-alpha"
+opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.56.0"
+opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.56.0"
 perfmark-api = "io.perfmark:perfmark-api:0.27.0"
-protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobuf" }
-protobuf-java-util = { module = "com.google.protobuf:protobuf-java-util", version.ref = "protobuf" }
-protobuf-javalite = { module = "com.google.protobuf:protobuf-javalite", version.ref = "protobuf" }
-protobuf-protoc = { module = "com.google.protobuf:protoc", version.ref = "protobuf" }
+# Not upgrading to 4.x as it is not yet ABI compatible.
+# https://github.com/protocolbuffers/protobuf/issues/17247
+# checkForUpdates: protobuf-java:3.+
+protobuf-java = "com.google.protobuf:protobuf-java:3.25.8"
+# checkForUpdates: protobuf-java-util:3.+
+protobuf-java-util = "com.google.protobuf:protobuf-java-util:3.25.8"
+# checkForUpdates: protobuf-javalite:3.+
+protobuf-javalite = "com.google.protobuf:protobuf-javalite:3.25.8"
+# checkForUpdates: protobuf-protoc:3.+
+protobuf-protoc = "com.google.protobuf:protoc:3.25.8"
 re2j = "com.google.re2j:re2j:1.8"
-robolectric = "org.robolectric:robolectric:4.15.1"
-s2a-proto = "com.google.s2a.proto.v2:s2a-proto:0.1.2"
+robolectric = "org.robolectric:robolectric:4.16"
+s2a-proto = "com.google.s2a.proto.v2:s2a-proto:0.1.3"
 signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r2"
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
 # checkForUpdates: tomcat-embed-core:10.+
-tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.31"
+tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.49"
 # checkForUpdates: tomcat-embed-core9:9.+
-tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.89"
-truth = "com.google.truth:truth:1.4.4"
+tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.112"
+truth = "com.google.truth:truth:1.4.5"
 # checkForUpdates: undertow-servlet22:2.2.+
-undertow-servlet22 = "io.undertow:undertow-servlet:2.2.37.Final"
-undertow-servlet = "io.undertow:undertow-servlet:2.3.18.Final"
-
-# checkstyle 10.0+ requires Java 11+
-# See https://checkstyle.sourceforge.io/releasenotes_old_8-35_10-26.html#Release_10.0
-# checkForUpdates: checkstylejava8:9.+
-checkstylejava8 = "com.puppycrawl.tools:checkstyle:9.3"
-# 2.11.0+ requires JDK 11+ (See https://github.com/google/error-prone/releases/tag/v2.11.0)
-# checkForUpdates: errorprone-corejava8:2.10.+
-errorprone-corejava8 = "com.google.errorprone:error_prone_core:2.10.0"
+undertow-servlet22 = "io.undertow:undertow-servlet:2.2.38.Final"
+undertow-servlet = "io.undertow:undertow-servlet:2.3.20.Final"
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/StressTestClientTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/StressTestClientTest.java
index 95ef5379120..a1a2cb9b5ea 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/StressTestClientTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/StressTestClientTest.java
@@ -49,8 +49,8 @@ public class StressTestClientTest {
   @Test
   public void ipv6AddressesShouldBeSupported() {
     StressTestClient client = new StressTestClient();
-    client.parseArgs(new String[] {"--server_addresses=[0:0:0:0:0:0:0:1]:8080,"
-        + "[1:2:3:4:f:e:a:b]:8083"});
+    client.parseArgs(new String[] {
+        "--server_addresses=[0:0:0:0:0:0:0:1]:8080,[1:2:3:4:f:e:a:b]:8083"});
 
     assertEquals(2, client.addresses().size());
     assertEquals(new InetSocketAddress("0:0:0:0:0:0:0:1", 8080), client.addresses().get(0));
diff --git a/netty/src/main/java/io/grpc/netty/Utils.java b/netty/src/main/java/io/grpc/netty/Utils.java
index c0981f5b219..386df20ba0b 100644
--- a/netty/src/main/java/io/grpc/netty/Utils.java
+++ b/netty/src/main/java/io/grpc/netty/Utils.java
@@ -122,10 +122,10 @@ private static final class ByteBufAllocatorPreferHeapHolder {
       EPOLL_DOMAIN_CLIENT_CHANNEL_TYPE = epollDomainSocketChannelType();
       DEFAULT_SERVER_CHANNEL_FACTORY = new ReflectiveChannelFactory<>(epollServerChannelType());
       EPOLL_EVENT_LOOP_GROUP_CONSTRUCTOR = epollEventLoopGroupConstructor();
-      DEFAULT_BOSS_EVENT_LOOP_GROUP
-        = new DefaultEventLoopGroupResource(1, "grpc-default-boss-ELG", EventLoopGroupType.EPOLL);
-      DEFAULT_WORKER_EVENT_LOOP_GROUP
-        = new DefaultEventLoopGroupResource(0,"grpc-default-worker-ELG", EventLoopGroupType.EPOLL);
+      DEFAULT_BOSS_EVENT_LOOP_GROUP = new DefaultEventLoopGroupResource(
+          1, "grpc-default-boss-ELG", EventLoopGroupType.EPOLL);
+      DEFAULT_WORKER_EVENT_LOOP_GROUP = new DefaultEventLoopGroupResource(
+          0, "grpc-default-worker-ELG", EventLoopGroupType.EPOLL);
     } else {
       logger.log(Level.FINE, "Epoll is not available, using Nio.", getEpollUnavailabilityCause());
       DEFAULT_SERVER_CHANNEL_FACTORY = nioServerChannelFactory();
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index e76799845c7..a9fa345e6d8 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -337,7 +337,7 @@ private OkHttpClientTransport(
         ? SocketFactory.getDefault() : transportFactory.socketFactory;
     this.sslSocketFactory = transportFactory.sslSocketFactory;
     this.hostnameVerifier = transportFactory.hostnameVerifier != null
-      ? transportFactory.hostnameVerifier : OkHostnameVerifier.INSTANCE;
+        ? transportFactory.hostnameVerifier : OkHostnameVerifier.INSTANCE;
     this.connectionSpec = Preconditions.checkNotNull(
         transportFactory.connectionSpec, "connectionSpec");
     this.stopwatchFactory = Preconditions.checkNotNull(stopwatchFactory, "stopwatchFactory");
diff --git a/repositories.bzl b/repositories.bzl
index a635b59a425..f227b8f72c4 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -12,19 +12,19 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.59.2",
-    "com.google.auth:google-auth-library-credentials:1.24.1",
-    "com.google.auth:google-auth-library-oauth2-http:1.24.1",
+    "com.google.api.grpc:proto-google-common-protos:2.63.1",
+    "com.google.auth:google-auth-library-credentials:1.40.0",
+    "com.google.auth:google-auth-library-oauth2-http:1.40.0",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.12.1",
-    "com.google.errorprone:error_prone_annotations:2.36.0",
+    "com.google.errorprone:error_prone_annotations:2.44.0",
     "com.google.guava:failureaccess:1.0.1",
-    "com.google.guava:guava:33.4.8-android",
+    "com.google.guava:guava:33.5.0-android",
     "com.google.re2j:re2j:1.8",
-    "com.google.s2a.proto.v2:s2a-proto:0.1.2",
-    "com.google.truth:truth:1.4.2",
+    "com.google.s2a.proto.v2:s2a-proto:0.1.3",
+    "com.google.truth:truth:1.4.5",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
     "io.netty:netty-buffer:4.1.127.Final",
@@ -46,7 +46,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
     "org.checkerframework:checker-qual:3.49.5",
-    "org.codehaus.mojo:animal-sniffer-annotations:1.24",
+    "org.codehaus.mojo:animal-sniffer-annotations:1.26",
 ]
 # GRPC_DEPS_END
 
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
index 3b52f61c9df..9dcbdcf0509 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AProtocolNegotiatorFactory.java
@@ -151,7 +151,7 @@ public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       String hostname = getHostNameFromAuthority(grpcHandler.getAuthority());
       checkArgument(!isNullOrEmpty(hostname), "hostname should not be null or empty.");
       return new S2AProtocolNegotiationHandler(
-        grpcHandler, channel, localIdentity, hostname, service, stub);
+          grpcHandler, channel, localIdentity, hostname, service, stub);
     }
 
     @Override
diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
index 2dfde16cf2f..5d4ef9eb667 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java
@@ -150,8 +150,8 @@ private static void configureSslContextWithClientTlsConfiguration(
         ProtoUtil.buildTlsProtocolVersionSet(
             clientTlsConfiguration.getMinTlsVersion(), clientTlsConfiguration.getMaxTlsVersion());
     if (tlsVersions.isEmpty()) {
-      throw new S2AConnectionException("Set of TLS versions received from S2A server is"
-        + " empty or not supported.");
+      throw new S2AConnectionException(
+          "Set of TLS versions received from S2A server is empty or not supported.");
     }
     sslContextBuilder.protocols(tlsVersions);
   }
@@ -184,4 +184,4 @@ private static X509Certificate convertStringToX509Cert(String certificate)
   }
 
   private SslContextFactory() {}
-}
\ No newline at end of file
+}
diff --git a/servlet/src/jettyTest/java/io/grpc/servlet/JettyTransportTest.java b/servlet/src/jettyTest/java/io/grpc/servlet/JettyTransportTest.java
index c896c7a23ea..58143a8516c 100644
--- a/servlet/src/jettyTest/java/io/grpc/servlet/JettyTransportTest.java
+++ b/servlet/src/jettyTest/java/io/grpc/servlet/JettyTransportTest.java
@@ -77,9 +77,7 @@ public void start(ServerListener listener) throws IOException {
         ServerConnector sc = (ServerConnector) jettyServer.getConnectors()[0];
         HttpConfiguration httpConfiguration = new HttpConfiguration();
 
-        // Must be set for several tests to pass, so that the request handling can begin before
-        // content arrives.
-        httpConfiguration.setDelayDispatchUntilContent(false);
+        setDelayDispatchUntilContent(httpConfiguration);
 
         HTTP2CServerConnectionFactory factory =
                 new HTTP2CServerConnectionFactory(httpConfiguration);
@@ -135,6 +133,16 @@ protected InternalServer newServer(int port,
     return newServer(streamTracerFactories);
   }
 
+  // The future default appears to be false as people are supposed to be migrate to
+  // EagerContentHandler, but the default is still true. Seems they messed up the migration
+  // process here by not flipping the default.
+  @SuppressWarnings("removal")
+  private static void setDelayDispatchUntilContent(HttpConfiguration httpConfiguration) {
+    // Must be set for several tests to pass, so that the request handling can begin before
+    // content arrives.
+    httpConfiguration.setDelayDispatchUntilContent(false);
+  }
+
   @Override
   protected ManagedClientTransport newClientTransport(InternalServer server) {
     NettyChannelBuilder nettyChannelBuilder = NettyChannelBuilder
diff --git a/settings.gradle b/settings.gradle
index f4df1105090..51c4bdc0d3d 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -20,9 +20,9 @@ pluginManagement {
 	// https://github.com/kt3k/coveralls-gradle-plugin/tags
         id "com.github.kt3k.coveralls" version "2.12.2"
 	// https://github.com/GoogleCloudPlatform/appengine-plugins/releases
-        id "com.google.cloud.tools.appengine" version "2.8.0"
+        id "com.google.cloud.tools.appengine" version "2.8.6"
         // https://github.com/GoogleContainerTools/jib/blob/master/jib-gradle-plugin/CHANGELOG.md
-        id "com.google.cloud.tools.jib" version "3.4.5"
+        id "com.google.cloud.tools.jib" version "3.5.1"
 	// https://github.com/google/osdetector-gradle-plugin/tags
         id "com.google.osdetector" version "1.7.3"
         // https://github.com/google/protobuf-gradle-plugin/releases

From 53a092646a0883c29d3bc8f05277b9f0c15a1ce6 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 4 Dec 2025 12:04:03 +0530
Subject: [PATCH 475/591] xds: fix race in simpleFlowControl (#12547)

---
 xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 6b9d601b2cf..87758286dc5 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -3521,7 +3521,7 @@ public void simpleFlowControl() throws Exception {
         TIME_INCREMENT);
     barrier.await();
     verify(edsResourceWatcher, atLeastOnce()).onResourceChanged(edsUpdateCaptor.capture());
-    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getValue();
+    StatusOr<EdsUpdate> statusOrUpdate = edsUpdateCaptor.getAllValues().get(0);
     assertThat(statusOrUpdate.hasValue()).isTrue();
     EdsUpdate edsUpdate = statusOrUpdate.getValue();
     validateGoldenClusterLoadAssignment(edsUpdate);

From 55ae1d0541c3482cf9fa2cadb156b1da6852deb4 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 3 Dec 2025 15:10:38 -0800
Subject: [PATCH 476/591] rls: Avoid missed config update from reentrancy

Since ChildPolicyWrapper() called into the child before
childPolicyMap.put(), it is possible for that child to call back into
RLS and further update state without that child being known. When CDS
is_dynamic=true (since ca99a8c47), it registers the cluster with
XdsDependencyManager, which adds a watch to XdsClient. If XdsClient
already has the results cached then the watch callback can be enqueued
immediately onto the syncContext and execute still within the
constructor.

Calling into the child with the lock held isn't great, as it allows for
this type of reentrancy bug. But that'll take larger changes to fix.

b/464116731
---
 .../io/grpc/rls/LbPolicyConfiguration.java    |  7 ++--
 .../grpc/rls/LbPolicyConfigurationTest.java   | 34 +++++++++++++------
 2 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java b/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
index 0fb10326f28..77ed080e654 100644
--- a/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
+++ b/rls/src/main/java/io/grpc/rls/LbPolicyConfiguration.java
@@ -245,9 +245,10 @@ ChildPolicyWrapper createOrGet(String target) {
       RefCountedChildPolicyWrapper pooledChildPolicyWrapper = childPolicyMap.get(target);
       if (pooledChildPolicyWrapper == null) {
         ChildPolicyWrapper childPolicyWrapper = new ChildPolicyWrapper(
-            target, childPolicy, childLbResolvedAddressFactory, childLbHelperProvider);
+            target, childPolicy, childLbHelperProvider);
         pooledChildPolicyWrapper = RefCountedChildPolicyWrapper.of(childPolicyWrapper);
         childPolicyMap.put(target, pooledChildPolicyWrapper);
+        childPolicyWrapper.start(childLbResolvedAddressFactory);
         return pooledChildPolicyWrapper.getObject();
       } else {
         ChildPolicyWrapper childPolicyWrapper = pooledChildPolicyWrapper.getObject();
@@ -294,7 +295,6 @@ static final class ChildPolicyWrapper {
     public ChildPolicyWrapper(
         String target,
         ChildLoadBalancingPolicy childPolicy,
-        final ResolvedAddressFactory childLbResolvedAddressFactory,
         ChildLoadBalancerHelperProvider childLbHelperProvider) {
       this.target = target;
       this.helper = new ChildPolicyReportingHelper(childLbHelperProvider);
@@ -307,6 +307,9 @@ public ChildPolicyWrapper(
       this.childLbConfig = lbConfig.getConfig();
       helper.getChannelLogger().log(
           ChannelLogLevel.DEBUG, "RLS child lb created. config: {0}", childLbConfig);
+    }
+
+    void start(ResolvedAddressFactory childLbResolvedAddressFactory) {
       helper.getSynchronizationContext().execute(
           new Runnable() {
             @Override
diff --git a/rls/src/test/java/io/grpc/rls/LbPolicyConfigurationTest.java b/rls/src/test/java/io/grpc/rls/LbPolicyConfigurationTest.java
index fc48e6a5405..de41d0488fc 100644
--- a/rls/src/test/java/io/grpc/rls/LbPolicyConfigurationTest.java
+++ b/rls/src/test/java/io/grpc/rls/LbPolicyConfigurationTest.java
@@ -21,6 +21,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -44,8 +45,8 @@
 import io.grpc.rls.LbPolicyConfiguration.ChildPolicyWrapper.ChildPolicyReportingHelper;
 import io.grpc.rls.LbPolicyConfiguration.InvalidChildPolicyConfigException;
 import io.grpc.rls.LbPolicyConfiguration.RefCountedChildPolicyWrapperFactory;
-import java.lang.Thread.UncaughtExceptionHandler;
 import java.util.Map;
+import java.util.concurrent.atomic.AtomicBoolean;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -60,6 +61,9 @@ public class LbPolicyConfigurationTest {
   private final LoadBalancer lb = mock(LoadBalancer.class);
   private final SubchannelStateManager subchannelStateManager = new SubchannelStateManagerImpl();
   private final SubchannelPicker picker = mock(SubchannelPicker.class);
+  private final SynchronizationContext syncContext = new SynchronizationContext((t, e) -> {
+    throw new AssertionError(e);
+  });
   private final ResolvedAddressFactory resolvedAddressFactory =
       new ResolvedAddressFactory() {
         @Override
@@ -81,15 +85,7 @@ public ResolvedAddresses create(Object childLbConfig) {
   @Before
   public void setUp() {
     doReturn(mock(ChannelLogger.class)).when(helper).getChannelLogger();
-    doReturn(
-        new SynchronizationContext(
-            new UncaughtExceptionHandler() {
-              @Override
-              public void uncaughtException(Thread t, Throwable e) {
-                throw new AssertionError(e);
-              }
-            }))
-        .when(helper).getSynchronizationContext();
+    doReturn(syncContext).when(helper).getSynchronizationContext();
     doReturn(lb).when(lbProvider).newLoadBalancer(any(Helper.class));
     doReturn(ConfigOrError.fromConfig(new Object()))
         .when(lbProvider).parseLoadBalancingPolicyConfig(ArgumentMatchers.<Map<String, ?>>any());
@@ -186,4 +182,22 @@ public void updateBalancingState_triggersListener() {
     // picker governs childPickers will be reported to parent LB
     verify(helper).updateBalancingState(ConnectivityState.READY, picker);
   }
+
+  @Test
+  public void refCountedGetOrCreate_addsChildBeforeConfiguringChild() {
+    AtomicBoolean calledAlready = new AtomicBoolean();
+    when(lb.acceptResolvedAddresses(any(ResolvedAddresses.class))).thenAnswer(i -> {
+      if (!calledAlready.get()) {
+        calledAlready.set(true);
+        // Should end up calling this function again, as this child should already be added to the
+        // list of children. In practice, this can be caused by CDS is_dynamic=true starting a watch
+        // when XdsClient already has the cluster cached (e.g., from another channel).
+        syncContext.execute(() ->
+            factory.acceptResolvedAddressFactory(resolvedAddressFactory));
+      }
+      return Status.OK;
+    });
+    ChildPolicyWrapper unused = factory.createOrGet("foo.google.com");
+    verify(lb, times(2)).acceptResolvedAddresses(any(ResolvedAddresses.class));
+  }
 }

From b1a94a410e1926fb870e9717d11c7d8f85c62cb6 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 5 Dec 2025 14:23:30 +0530
Subject: [PATCH 477/591] xds: implement server feature fail_on_data_errors
 (#12544)

Implements server feature `fail_on_data_errors`, per gRFC A88:
https://github.com/grpc/proposal/blob/master/A88-xds-data-error-handling.md
---
 .../java/io/grpc/xds/client/Bootstrapper.java |  12 +-
 .../io/grpc/xds/client/BootstrapperImpl.java  |   6 +-
 .../io/grpc/xds/client/XdsClientImpl.java     |  66 ++-
 .../io/grpc/xds/GrpcBootstrapperImplTest.java |  46 ++
 .../grpc/xds/GrpcXdsClientImplDataTest.java   |   2 +-
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 446 +++++++++++++++++-
 .../java/io/grpc/xds/XdsNameResolverTest.java |   5 +-
 .../test/java/io/grpc/xds/XdsTestUtils.java   |   2 +-
 .../client/CommonBootstrapperTestUtils.java   |   2 +-
 9 files changed, 553 insertions(+), 34 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
index 4fa75f6b335..1d526703299 100644
--- a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
+++ b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
@@ -65,18 +65,22 @@ public abstract static class ServerInfo {
 
     public abstract boolean resourceTimerIsTransientError();
 
+    public abstract boolean failOnDataErrors();
+
     @VisibleForTesting
     public static ServerInfo create(String target, @Nullable Object implSpecificConfig) {
       return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
-          false, false, false);
+          false, false, false, false);
     }
 
     @VisibleForTesting
     public static ServerInfo create(
-        String target, Object implSpecificConfig, boolean ignoreResourceDeletion,
-        boolean isTrustedXdsServer, boolean resourceTimerIsTransientError) {
+        String target, Object implSpecificConfig,
+        boolean ignoreResourceDeletion, boolean isTrustedXdsServer,
+        boolean resourceTimerIsTransientError, boolean failOnDataErrors) {
       return new AutoValue_Bootstrapper_ServerInfo(target, implSpecificConfig,
-          ignoreResourceDeletion, isTrustedXdsServer, resourceTimerIsTransientError);
+          ignoreResourceDeletion, isTrustedXdsServer,
+          resourceTimerIsTransientError, failOnDataErrors);
     }
   }
 
diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index 22c794e1129..b44e32bb2d9 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -58,6 +58,7 @@ public abstract class BootstrapperImpl extends Bootstrapper {
   private static final String SERVER_FEATURE_TRUSTED_XDS_SERVER = "trusted_xds_server";
   private static final String
       SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR = "resource_timer_is_transient_error";
+  private static final String SERVER_FEATURE_FAIL_ON_DATA_ERRORS = "fail_on_data_errors";
 
   @VisibleForTesting
   static boolean enableXdsFallback = GrpcUtil.getFlag(GRPC_EXPERIMENTAL_XDS_FALLBACK, true);
@@ -257,6 +258,7 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
 
       boolean resourceTimerIsTransientError = false;
       boolean ignoreResourceDeletion = false;
+      boolean failOnDataErrors = false;
       // "For forward compatibility reasons, the client will ignore any entry in the list that it
       // does not understand, regardless of type."
       List<?> serverFeatures = JsonUtil.getList(serverConfig, "server_features");
@@ -267,12 +269,14 @@ private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger lo
         }
         resourceTimerIsTransientError = xdsDataErrorHandlingEnabled
             && serverFeatures.contains(SERVER_FEATURE_RESOURCE_TIMER_IS_TRANSIENT_ERROR);
+        failOnDataErrors = xdsDataErrorHandlingEnabled
+            && serverFeatures.contains(SERVER_FEATURE_FAIL_ON_DATA_ERRORS);
       }
       servers.add(
           ServerInfo.create(serverUri, implSpecificConfig, ignoreResourceDeletion,
               serverFeatures != null
                   && serverFeatures.contains(SERVER_FEATURE_TRUSTED_XDS_SERVER),
-              resourceTimerIsTransientError));
+              resourceTimerIsTransientError, failOnDataErrors));
     }
     return servers.build();
   }
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
index 2bf1286babc..0584a3dbfdd 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsClientImpl.java
@@ -603,16 +603,20 @@ private <T extends ResourceUpdate> void handleResourceUpdate(
       }
 
       if (invalidResources.contains(resourceName)) {
-        // The resource update is invalid. Capture the error without notifying the watchers.
+        // The resource update is invalid (NACK). Handle as a data error.
         subscriber.onRejected(args.versionInfo, updateTime, errorDetail);
-      }
-
-      if (invalidResources.contains(resourceName)) {
-        // The resource is missing. Reuse the cached resource if possible.
-        if (subscriber.data == null) {
-          // No cached data. Notify the watchers of an invalid update.
-          subscriber.onError(Status.UNAVAILABLE.withDescription(errorDetail), processingTracker);
+        
+        // Handle data errors (NACKs) based on fail_on_data_errors server feature.
+        // When xdsDataErrorHandlingEnabled is true and fail_on_data_errors is present,
+        // delete cached data so onError will call onResourceChanged instead of onAmbientError.
+        // When xdsDataErrorHandlingEnabled is false, use old behavior (always keep cached data).
+        if (BootstrapperImpl.xdsDataErrorHandlingEnabled && subscriber.data != null
+            && args.serverInfo.failOnDataErrors()) {
+          subscriber.data = null;
         }
+        // Call onError, which will decide whether to call onResourceChanged or onAmbientError
+        // based on whether data exists after the above deletion.
+        subscriber.onError(Status.UNAVAILABLE.withDescription(errorDetail), processingTracker);
         continue;
       }
 
@@ -866,20 +870,42 @@ void onAbsent(@Nullable ProcessingTracker processingTracker, ServerInfo serverIn
         return;
       }
 
-      // Ignore deletion of State of the World resources when this feature is on,
-      // and the resource is reusable.
+      // Handle data errors (resource deletions) based on fail_on_data_errors server feature.
+      // When xdsDataErrorHandlingEnabled is true and fail_on_data_errors is not present,
+      // we treat deletions as ambient errors and keep using the cached resource.
+      // When fail_on_data_errors is present, we delete the cached resource and fail.
+      // When xdsDataErrorHandlingEnabled is false, use the old behavior (ignore_resource_deletion).
       boolean ignoreResourceDeletionEnabled = serverInfo.ignoreResourceDeletion();
-      if (ignoreResourceDeletionEnabled && type.isFullStateOfTheWorld() && data != null) {
-        if (!resourceDeletionIgnored) {
-          logger.log(XdsLogLevel.FORCE_WARNING,
-              "xds server {0}: ignoring deletion for resource type {1} name {2}}",
-              serverInfo.target(), type, resource);
-          resourceDeletionIgnored = true;
+      boolean failOnDataErrors = serverInfo.failOnDataErrors();
+      boolean xdsDataErrorHandlingEnabled = BootstrapperImpl.xdsDataErrorHandlingEnabled;
+
+      if (type.isFullStateOfTheWorld() && data != null) {
+        // New behavior (per gRFC A88): Default is to treat deletions as ambient errors
+        if (xdsDataErrorHandlingEnabled && !failOnDataErrors) {
+          if (!resourceDeletionIgnored) {
+            logger.log(XdsLogLevel.FORCE_WARNING,
+                "xds server {0}: ignoring deletion for resource type {1} name {2}}",
+                serverInfo.target(), type, resource);
+            resourceDeletionIgnored = true;
+          }
+          Status deletionStatus = Status.NOT_FOUND.withDescription(
+              "Resource " + resource + " deleted from server");
+          onAmbientError(deletionStatus, processingTracker);
+          return;
+        }
+        // Old behavior: Use ignore_resource_deletion server feature
+        if (!xdsDataErrorHandlingEnabled && ignoreResourceDeletionEnabled) {
+          if (!resourceDeletionIgnored) {
+            logger.log(XdsLogLevel.FORCE_WARNING,
+                "xds server {0}: ignoring deletion for resource type {1} name {2}}",
+                serverInfo.target(), type, resource);
+            resourceDeletionIgnored = true;
+          }
+          Status deletionStatus = Status.NOT_FOUND.withDescription(
+              "Resource " + resource + " deleted from server");
+          onAmbientError(deletionStatus, processingTracker);
+          return;
         }
-        Status deletionStatus = Status.NOT_FOUND.withDescription(
-            "Resource " + resource + " deleted from server");
-        onAmbientError(deletionStatus, processingTracker);
-        return;
       }
 
       logger.log(XdsLogLevel.INFO, "Conclude {0} resource {1} not exist", type, resource);
diff --git a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
index 2b7bd53d5ef..0a303b7255d 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
@@ -723,6 +723,52 @@ public void serverFeatures_ignoresUnknownValues() throws XdsInitializationExcept
     assertThat(serverInfo.isTrustedXdsServer()).isTrue();
   }
 
+  @Test
+  public void serverFeature_failOnDataErrors() throws XdsInitializationException {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    String rawData = "{\n"
+        + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [\n"
+        + "        {\"type\": \"insecure\"}\n"
+        + "      ],\n"
+        + "      \"server_features\": [\"fail_on_data_errors\"]\n"
+        + "    }\n"
+        + "  ]\n"
+        + "}";
+
+    bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
+    BootstrapInfo info = bootstrapper.bootstrap();
+    ServerInfo serverInfo = Iterables.getOnlyElement(info.servers());
+    assertThat(serverInfo.target()).isEqualTo(SERVER_URI);
+    assertThat(serverInfo.implSpecificConfig()).isInstanceOf(InsecureChannelCredentials.class);
+    assertThat(serverInfo.failOnDataErrors()).isTrue();
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
+  @Test
+  public void serverFeature_failOnDataErrors_requiresEnvVar() throws XdsInitializationException {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+    String rawData = "{\n"
+        + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [\n"
+        + "        {\"type\": \"insecure\"}\n"
+        + "      ],\n"
+        + "      \"server_features\": [\"fail_on_data_errors\"]\n"
+        + "    }\n"
+        + "  ]\n"
+        + "}";
+
+    bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
+    BootstrapInfo info = bootstrapper.bootstrap();
+    ServerInfo serverInfo = Iterables.getOnlyElement(info.servers());
+    // Should be false when env var is not enabled
+    assertThat(serverInfo.failOnDataErrors()).isFalse();
+  }
+
   @Test
   public void notFound() {
     bootstrapper.bootstrapPathFromEnvVar = null;
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index 975570d8205..be29e5e719f 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -3614,7 +3614,7 @@ private static Filter buildHttpConnectionManagerFilter(HttpFilter... httpFilters
 
   private XdsResourceType.Args getXdsResourceTypeArgs(boolean isTrustedServer) {
     return new XdsResourceType.Args(
-        ServerInfo.create("http://td", "", false, isTrustedServer, false), "1.0", null, null, null, null
+        ServerInfo.create("http://td", "", false, isTrustedServer, false, false), "1.0", null, null, null, null
     );
   }
 }
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 87758286dc5..887923b169b 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -362,7 +362,7 @@ public void setUp() throws IOException {
         cleanupRule.register(InProcessChannelBuilder.forName(serverName).directExecutor().build());
 
     xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
-        true, false);
+        true, false, false);
     BootstrapInfo bootstrapInfo =
         Bootstrapper.BootstrapInfo.builder()
             .servers(Collections.singletonList(xdsServerInfo))
@@ -851,6 +851,52 @@ public void ldsResponseErrorHandling_subscribedResourceInvalid() {
     verifySubscribedResourcesMetadataSizes(3, 0, 0, 0);
   }
 
+  @Test
+  public void ldsResponseErrorHandling_subscribedResourceInvalid_withDataErrorHandlingEnabled() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "A", ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "B", ldsResourceWatcher);
+    xdsClient.watchXdsResource(XdsListenerResource.getInstance(), "C", ldsResourceWatcher);
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+    assertThat(call).isNotNull();
+    verifyResourceMetadataRequested(LDS, "A");
+    verifyResourceMetadataRequested(LDS, "B");
+    verifyResourceMetadataRequested(LDS, "C");
+    ImmutableMap<String, Any> resourcesV1 = ImmutableMap.of(
+        "A", Any.pack(mf.buildListenerWithApiListenerForRds("A", "A.1")),
+        "B", Any.pack(mf.buildListenerWithApiListenerForRds("B", "B.1")),
+        "C", Any.pack(mf.buildListenerWithApiListenerForRds("C", "C.1")));
+    call.sendResponse(LDS, resourcesV1.values().asList(), VERSION_1, "0000");
+    verify(ldsResourceWatcher, times(3)).onResourceChanged(any());
+    ImmutableMap<String, Any> resourcesV2 = ImmutableMap.of(
+        "A", Any.pack(mf.buildListenerWithApiListenerForRds("A", "A.2")),
+        "B", Any.pack(mf.buildListenerWithApiListenerInvalid("B")));
+    call.sendResponse(LDS, resourcesV2.values().asList(), VERSION_2, "0001");
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(ldsResourceWatcher, times(2)).onAmbientError(statusCaptor.capture());
+    List<Status> receivedStatuses = statusCaptor.getAllValues();
+    assertThat(receivedStatuses).hasSize(2);
+
+    assertThat(
+        receivedStatuses.stream().anyMatch(
+            status -> status.getCode() == Status.Code.UNAVAILABLE
+                && status.getDescription().contains("LDS response Listener 'B' validation error")))
+        .isTrue();
+    assertThat(
+        receivedStatuses.stream().anyMatch(
+            status -> status.getCode() == Status.Code.NOT_FOUND
+                && status.getDescription().contains("Resource C deleted from server")))
+        .isTrue();
+    List<String> errorsV2 = ImmutableList.of("LDS response Listener 'B' validation error: ");
+    verifyResourceMetadataAcked(LDS, "A", resourcesV2.get("A"), VERSION_2, TIME_INCREMENT * 2);
+    verifyResourceMetadataNacked(LDS, "B", resourcesV1.get("B"), VERSION_1, TIME_INCREMENT,
+        VERSION_2, TIME_INCREMENT * 2, errorsV2, true);
+    verifyResourceMetadataAcked(LDS, "C", resourcesV1.get("C"), VERSION_1, TIME_INCREMENT);
+
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
   @Test
   public void ldsResponseErrorHandling_subscribedResourceInvalid_withRdsSubscription() {
     List<String> subscribedResourceNames = ImmutableList.of("A", "B", "C");
@@ -1448,6 +1494,176 @@ public void ldsResourceDeleted_ignoreResourceDeletion() {
     verifyNoMoreInteractions(ldsResourceWatcher);
   }
 
+  /**
+   * When fail_on_data_errors server feature is on, xDS client should delete the cached listener
+   * and fail RPCs when LDS resource is deleted.
+   */
+  @Test
+  public void ldsResourceDeleted_failOnDataErrors_true() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, false,
+        true, false, true);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of())
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+
+    InOrder inOrder = inOrder(ldsResourceWatcher);
+    DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
+        ldsResourceWatcher);
+    verifyResourceMetadataRequested(LDS, LDS_RESOURCE);
+
+    // Initial LDS response.
+    call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
+    call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
+    verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
+    verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
+
+    // Empty LDS response deletes the listener and fails RPCs.
+    call.sendResponse(LDS, Collections.<Any>emptyList(), VERSION_2, "0001");
+    call.verifyRequest(LDS, LDS_RESOURCE, VERSION_2, "0001", NODE);
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate1 = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate1.hasValue()).isFalse();
+    assertThat(statusOrUpdate1.getStatus().getCode()).isEqualTo(Status.Code.NOT_FOUND);
+    verifyResourceMetadataDoesNotExist(LDS, LDS_RESOURCE);
+    verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
+
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
+  /**
+   * When the fail_on_data_errors server feature is not present, the default behavior
+   * is to treat a resource deletion as an ambient error and preserve the cached resource.
+   */
+  @Test
+  public void ldsResourceDeleted_failOnDataErrors_false() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, false,
+        true, false, false);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of())
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+
+    InOrder inOrder = inOrder(ldsResourceWatcher);
+    DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
+        ldsResourceWatcher);
+    verifyResourceMetadataRequested(LDS, LDS_RESOURCE);
+
+    // Initial LDS response.
+    call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
+    call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(statusOrUpdate.getValue());
+    verifyResourceMetadataAcked(LDS, LDS_RESOURCE, testListenerVhosts, VERSION_1, TIME_INCREMENT);
+    verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
+
+    // Empty LDS response deletes the listener and fails RPCs.
+    call.sendResponse(LDS, Collections.<Any>emptyList(), VERSION_2, "0001");
+    call.verifyRequest(LDS, LDS_RESOURCE, VERSION_2, "0001", NODE);
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    inOrder.verify(ldsResourceWatcher).onAmbientError(statusCaptor.capture());
+    Status receivedStatus = statusCaptor.getValue();
+    assertThat(receivedStatus.getCode()).isEqualTo(Status.Code.NOT_FOUND);
+    assertThat(receivedStatus.getDescription()).contains(
+        "Resource " + LDS_RESOURCE + " deleted from server");
+    inOrder.verify(ldsResourceWatcher, never()).onResourceChanged(any());
+    verifySubscribedResourcesMetadataSizes(1, 0, 0, 0);
+
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
+  /**
+   * Tests that fail_on_data_errors feature is ignored if the env var is not enabled,
+   * and the old behavior (dropping the resource) is used.
+   */
+  @Test
+  public void ldsResourceDeleted_failOnDataErrorsIgnoredWithoutEnvVar() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, false,
+        true, false, true);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of())
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+
+    InOrder inOrder = inOrder(ldsResourceWatcher);
+    DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
+        ldsResourceWatcher);
+    call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    assertThat(ldsUpdateCaptor.getValue().hasValue()).isTrue();
+    call.sendResponse(LDS, Collections.<Any>emptyList(), VERSION_2, "0001");
+
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> statusOrUpdate = ldsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isFalse();
+    assertThat(statusOrUpdate.getStatus().getCode()).isEqualTo(Status.Code.NOT_FOUND);
+  }
+
   @Test
   @SuppressWarnings("unchecked")
   public void multipleLdsWatchers() {
@@ -2972,6 +3188,228 @@ public void cdsResourceDeleted_ignoreResourceDeletion() {
     verifyNoMoreInteractions(ldsResourceWatcher);
   }
 
+  /**
+   * When fail_on_data_errors server feature is on, xDS client should delete the cached cluster
+   * and fail RPCs when CDS resource is deleted.
+   */
+  @Test
+  public void cdsResourceDeleted_failOnDataErrors_true() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, false,
+        true, false, true);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of())
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+
+    DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
+        cdsResourceWatcher);
+    verifyResourceMetadataRequested(CDS, CDS_RESOURCE);
+
+    // Initial CDS response.
+    call.sendResponse(CDS, testClusterRoundRobin, VERSION_1, "0000");
+    call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
+    verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenClusterRoundRobin(statusOrUpdate.getValue());
+    verifyResourceMetadataAcked(CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_1,
+        TIME_INCREMENT);
+    verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
+
+    // Empty CDS response deletes the cluster and fails RPCs.
+    call.sendResponse(CDS, Collections.<Any>emptyList(), VERSION_2, "0001");
+    call.verifyRequest(CDS, CDS_RESOURCE, VERSION_2, "0001", NODE);
+    verify(cdsResourceWatcher).onResourceChanged(argThat(
+        arg -> !arg.hasValue() && arg.getStatus().getDescription().contains(CDS_RESOURCE)));
+    verifyResourceMetadataDoesNotExist(CDS, CDS_RESOURCE);
+    verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
+
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
+  /**
+   * When fail_on_data_errors server feature is on, xDS client should delete the cached cluster
+   * and fail RPCs when CDS resource is deleted.
+   */
+  @Test
+  public void cdsResourceDeleted_failOnDataErrors_false() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    // Set failOnDataErrors to false for this test case.
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, false,
+        true, false, false);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .authorities(ImmutableMap.of(
+                "",
+                AuthorityInfo.create(
+                    "xdstp:///envoy.config.listener.v3.Listener/%s",
+                    ImmutableList.of(Bootstrapper.ServerInfo.create(
+                        SERVER_URI_EMPTY_AUTHORITY, CHANNEL_CREDENTIALS)))))
+            .certProviders(ImmutableMap.of())
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+
+    InOrder inOrder = inOrder(cdsResourceWatcher);
+    DiscoveryRpcCall call = startResourceWatcher(XdsClusterResource.getInstance(), CDS_RESOURCE,
+        cdsResourceWatcher);
+    verifyResourceMetadataRequested(CDS, CDS_RESOURCE);
+
+    // Initial CDS response.
+    call.sendResponse(CDS, testClusterRoundRobin, VERSION_1, "0000");
+    call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
+    inOrder.verify(cdsResourceWatcher).onResourceChanged(cdsUpdateCaptor.capture());
+    StatusOr<CdsUpdate> statusOrUpdate = cdsUpdateCaptor.getValue();
+    assertThat(statusOrUpdate.hasValue()).isTrue();
+    verifyGoldenClusterRoundRobin(statusOrUpdate.getValue());
+    verifyResourceMetadataAcked(CDS, CDS_RESOURCE, testClusterRoundRobin, VERSION_1,
+        TIME_INCREMENT);
+    verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
+
+    // Empty CDS response should trigger an ambient error.
+    call.sendResponse(CDS, Collections.<Any>emptyList(), VERSION_2, "0001");
+    call.verifyRequest(CDS, CDS_RESOURCE, VERSION_2, "0001", NODE);
+
+    // Verify that onAmbientError() is called.
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    inOrder.verify(cdsResourceWatcher).onAmbientError(statusCaptor.capture());
+    Status receivedStatus = statusCaptor.getValue();
+    assertThat(receivedStatus.getCode()).isEqualTo(Status.Code.NOT_FOUND);
+    assertThat(receivedStatus.getDescription()).contains(
+        "Resource " + CDS_RESOURCE + " deleted from server");
+
+    // Verify that onResourceChanged() is NOT called again.
+    inOrder.verify(cdsResourceWatcher, never()).onResourceChanged(any());
+    verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
+
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
+  /**
+   * Tests that a NACKed LDS resource update drops the cached resource when fail_on_data_errors
+   * is enabled.
+   */
+  @Test
+  public void ldsResourceNacked_withFailOnDataErrors_dropsResource() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, false,
+        true, false, true);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+
+    InOrder inOrder = inOrder(ldsResourceWatcher);
+    DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
+        ldsResourceWatcher);
+    call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
+    call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> initialUpdate = ldsUpdateCaptor.getValue();
+    assertThat(initialUpdate.hasValue()).isTrue();
+    verifyGoldenListenerVhosts(initialUpdate.getValue());
+    Message invalidListener = mf.buildListenerWithApiListenerInvalid(LDS_RESOURCE);
+    call.sendResponse(LDS, Collections.singletonList(Any.pack(invalidListener)), VERSION_2, "0001");
+    String expectedError = "LDS response Listener '" + LDS_RESOURCE + "' validation error";
+    call.verifyRequestNack(LDS, LDS_RESOURCE, VERSION_1, "0001", NODE,
+        Collections.singletonList(expectedError));
+
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(ldsUpdateCaptor.capture());
+    StatusOr<LdsUpdate> finalUpdate = ldsUpdateCaptor.getValue();
+    assertThat(finalUpdate.hasValue()).isFalse();
+    assertThat(finalUpdate.getStatus().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(finalUpdate.getStatus().getDescription()).contains(expectedError);
+
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
+  /**
+   * Tests that a NACKed LDS resource update is treated as an ambient error when
+   * fail_on_data_errors is disabled.
+   */
+  @Test
+  public void ldsResourceNacked_withFailOnDataErrorsDisabled_isAmbientError() {
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
+    xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, false,
+        true, false, false);
+    BootstrapInfo bootstrapInfo =
+        Bootstrapper.BootstrapInfo.builder()
+            .servers(Collections.singletonList(xdsServerInfo))
+            .node(NODE)
+            .build();
+    xdsClient = new XdsClientImpl(
+        xdsTransportFactory,
+        bootstrapInfo,
+        fakeClock.getScheduledExecutorService(),
+        backoffPolicyProvider,
+        fakeClock.getStopwatchSupplier(),
+        timeProvider,
+        MessagePrinter.INSTANCE,
+        new TlsContextManagerImpl(bootstrapInfo),
+        xdsClientMetricReporter);
+    InOrder inOrder = inOrder(ldsResourceWatcher);
+    DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
+        ldsResourceWatcher);
+
+    call.sendResponse(LDS, testListenerVhosts, VERSION_1, "0000");
+    call.verifyRequest(LDS, LDS_RESOURCE, VERSION_1, "0000", NODE);
+    inOrder.verify(ldsResourceWatcher).onResourceChanged(any());
+    Message invalidListener = mf.buildListenerWithApiListenerInvalid(LDS_RESOURCE);
+    call.sendResponse(LDS, Collections.singletonList(Any.pack(invalidListener)), VERSION_2, "0001");
+
+    String expectedError = "LDS response Listener '" + LDS_RESOURCE + "' validation error";
+    call.verifyRequestNack(LDS, LDS_RESOURCE, VERSION_1, "0001", NODE,
+        Collections.singletonList(expectedError));
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    inOrder.verify(ldsResourceWatcher).onAmbientError(statusCaptor.capture());
+    Status receivedStatus = statusCaptor.getValue();
+    assertThat(receivedStatus.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(receivedStatus.getDescription()).contains(expectedError);
+    inOrder.verify(ldsResourceWatcher, never()).onResourceChanged(any());
+
+    BootstrapperImpl.xdsDataErrorHandlingEnabled = false;
+  }
+
   @Test
   @SuppressWarnings("unchecked")
   public void multipleCdsWatchers() {
@@ -3369,7 +3807,7 @@ public void flowControlAbsent() throws Exception {
   public void resourceTimerIsTransientError_schedulesExtendedTimeout() {
     BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
     ServerInfo serverInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS,
-        false, true, true);
+        false, true, true, false);
     BootstrapInfo bootstrapInfo =
         Bootstrapper.BootstrapInfo.builder()
             .servers(Collections.singletonList(serverInfo))
@@ -3414,7 +3852,7 @@ public void resourceTimerIsTransientError_schedulesExtendedTimeout() {
   public void resourceTimerIsTransientError_callsOnErrorUnavailable() {
     BootstrapperImpl.xdsDataErrorHandlingEnabled = true;
     xdsServerInfo = ServerInfo.create(SERVER_URI, CHANNEL_CREDENTIALS, ignoreResourceDeletion(),
-        true, true);
+        true, true, false);
     BootstrapInfo bootstrapInfo =
         Bootstrapper.BootstrapInfo.builder()
             .servers(Collections.singletonList(xdsServerInfo))
@@ -4644,7 +5082,7 @@ private XdsClientImpl createXdsClient(String serverUri) {
   private BootstrapInfo buildBootStrap(String serverUri) {
 
     ServerInfo xdsServerInfo = ServerInfo.create(serverUri, CHANNEL_CREDENTIALS,
-        ignoreResourceDeletion(), true, false);
+        ignoreResourceDeletion(), true, false, false);
 
     return Bootstrapper.BootstrapInfo.builder()
         .servers(Collections.singletonList(xdsServerInfo))
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 6bb37cd4483..45a96ee172f 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -358,13 +358,14 @@ public void resolving_targetAuthorityInAuthoritiesMap() {
     String serviceAuthority = "[::FFFF:129.144.52.38]:80";
     bootstrapInfo = BootstrapInfo.builder()
         .servers(ImmutableList.of(ServerInfo.create(
-            "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false)))
+            "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false, false)))
         .node(Node.newBuilder().build())
         .authorities(
             ImmutableMap.of(targetAuthority, AuthorityInfo.create(
                 "xdstp://" + targetAuthority + "/envoy.config.listener.v3.Listener/%s?foo=1&bar=2",
                 ImmutableList.of(ServerInfo.create(
-                    "td.googleapis.com", InsecureChannelCredentials.create(), true, true, false)))))
+                    "td.googleapis.com", InsecureChannelCredentials.create(),
+                    true, true, false, false)))))
         .build();
     expectedLdsResourceName = "xdstp://xds.authority.com/envoy.config.listener.v3.Listener/"
         + "%5B::FFFF:129.144.52.38%5D:80?bar=2&foo=1"; // query param canonified
diff --git a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
index becfe00c79b..f81957ee311 100644
--- a/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/XdsTestUtils.java
@@ -87,7 +87,7 @@ public class XdsTestUtils {
           + ".HttpConnectionManager";
   static final Bootstrapper.ServerInfo EMPTY_BOOTSTRAPPER_SERVER_INFO =
       Bootstrapper.ServerInfo.create(
-      "td.googleapis.com", InsecureChannelCredentials.create(), false, true, false);
+      "td.googleapis.com", InsecureChannelCredentials.create(), false, true, false, false);
   public static final String ENDPOINT_HOSTNAME = "data-host";
   public static final int ENDPOINT_PORT = 1234;
 
diff --git a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
index 754e903f8a9..e3760bd983f 100644
--- a/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/client/CommonBootstrapperTestUtils.java
@@ -203,7 +203,7 @@ public static Bootstrapper.BootstrapInfo buildBootStrap(List<String> serverUris)
 
     List<ServerInfo> serverInfos = new ArrayList<>();
     for (String uri : serverUris) {
-      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true, false));
+      serverInfos.add(ServerInfo.create(uri, CHANNEL_CREDENTIALS, false, true, false, false));
     }
     EnvoyProtoData.Node node = EnvoyProtoData.Node.newBuilder().setId("node-id").build();
 

From 8d49dc1c9129fc42c6b80584f5dbad1a543009b5 Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Fri, 5 Dec 2025 20:11:46 +0900
Subject: [PATCH 478/591] okhttp: Fix race condition overwriting
 MAX_CONCURRENT_STREAMS (#12548)

### What this PR does

This PR fixes a race condition in `OkHttpClientTransport` where
`MAX_CONCURRENT_STREAMS` sent by the server could be incorrectly
overwritten by the client's default initialization.

The fix simply reorders the initialization to happen **before** starting
the reader thread, ensuring that any updates from the server are
preserved.

### Note on Testing

I attempted to add a deterministic reproduction test, but reliably
simulating this specific race condition proved difficult without
intrusive changes.
I request reviewers to primarily verify the logical correctness of the
reordering. I am open to collaborating with the team to develop a
suitable test case if required.


### Future Work

This PR covers **Step 1** (Fixing the race condition) of the plan
discussed in #11985.
I plan to follow up with **Step 2** (Adding assertions to verify no
pending streams exist) in a separate PR.

Part of #11985
---
 .../src/main/java/io/grpc/okhttp/OkHttpClientTransport.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index a9fa345e6d8..2b344554644 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -800,13 +800,13 @@ public void run() {
         if (connectingCallback != null) {
           connectingCallback.run();
         }
-        // ClientFrameHandler need to be started after connectionPreface / settings, otherwise it
-        // may send goAway immediately.
-        executor.execute(clientFrameHandler);
         synchronized (lock) {
           maxConcurrentStreams = Integer.MAX_VALUE;
           startPendingStreams();
         }
+        // ClientFrameHandler need to be started after connectionPreface / settings, otherwise it
+        // may send goAway immediately.
+        executor.execute(clientFrameHandler);
         if (connectedFuture != null) {
           connectedFuture.set(null);
         }

From 58ae5f808cf8e20c5864033c9a8f485b237f9dfc Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 5 Dec 2025 16:42:43 +0530
Subject: [PATCH 479/591] compiler: Upgrade to protobuf 33.1 (#12534)

---
 buildscripts/kokoro/macos.sh       | 11 +++-
 buildscripts/kokoro/windows32.bat  | 18 +++---
 buildscripts/kokoro/windows64.bat  | 18 +++---
 buildscripts/make_dependencies.bat |  5 +-
 buildscripts/make_dependencies.sh  | 91 ++++++++++++++++++------------
 compiler/build.gradle              |  4 +-
 6 files changed, 88 insertions(+), 59 deletions(-)

diff --git a/buildscripts/kokoro/macos.sh b/buildscripts/kokoro/macos.sh
index 018d15dd2f9..0240c0650f7 100755
--- a/buildscripts/kokoro/macos.sh
+++ b/buildscripts/kokoro/macos.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 set -veux -o pipefail
+CMAKE_VERSION=3.31.10
 
 if [[ -f /VERSION ]]; then
   cat /VERSION
@@ -7,6 +8,10 @@ fi
 
 readonly GRPC_JAVA_DIR="$(cd "$(dirname "$0")"/../.. && pwd)"
 
+DOWNLOAD_DIR=/tmp/source
+mkdir -p ${DOWNLOAD_DIR}
+curl -Ls https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}-macos-universal.tar.gz | tar xz -C ${DOWNLOAD_DIR}
+
 # We had problems with random tests timing out because it took seconds to do
 # trivial (ns) operations. The Kokoro Mac machines have 2 cores with 4 logical
 # threads, so Gradle should be using 4 workers by default.
@@ -15,7 +20,9 @@ export GRADLE_FLAGS="${GRADLE_FLAGS:-} --max-workers=2"
 . "$GRPC_JAVA_DIR"/buildscripts/kokoro/kokoro.sh
 trap spongify_logs EXIT
 
-export -n JAVA_HOME
-export PATH="$(/usr/libexec/java_home -v"1.8.0")/bin:${PATH}"
+brew install --cask temurin@8
+export PATH="$(/usr/libexec/java_home -v"1.8.0")/bin:${DOWNLOAD_DIR}/cmake-${CMAKE_VERSION}-macos-universal/CMake.app/Contents/bin:${PATH}"
+export JAVA_HOME="$(/usr/libexec/java_home -v"1.8.0")"
+brew install maven
 
 "$GRPC_JAVA_DIR"/buildscripts/kokoro/unix.sh
diff --git a/buildscripts/kokoro/windows32.bat b/buildscripts/kokoro/windows32.bat
index 2b925c3095c..e98cceb0905 100644
--- a/buildscripts/kokoro/windows32.bat
+++ b/buildscripts/kokoro/windows32.bat
@@ -25,7 +25,7 @@ cd "%WORKSPACE%"
 
 SET TARGET_ARCH=x86_32
 SET FAIL_ON_WARNINGS=true
-SET PROTOBUF_VER=26.1
+SET PROTOBUF_VER=33.1
 SET PKG_CONFIG_PATH=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib\\pkgconfig
 SET VC_PROTOBUF_LIBS=/LIBPATH:%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib
 SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\include
@@ -66,14 +66,16 @@ for /f "tokens=*" %%a in ('pkg-config --libs protobuf') do (
       set lib=!lib:~2!
       @rem remove spaces
       set lib=!lib: =!
-      @rem Because protobuf is specified as libprotobuf and elsewhere
-      if !lib! NEQ protobuf (
+      set libprefix=!lib:~0,4!
+      if !libprefix!==absl (
         set lib=!lib!.lib
-        if "!libs_list!"=="" (
-          set libs_list=!lib!
-        ) else (
-          set libs_list=!libs_list!,!lib!
-        )
+      ) else (
+        set lib=lib!lib!.lib
+      )
+      if "!libs_list!"=="" (
+        set libs_list=!lib!
+      ) else (
+        set libs_list=!libs_list!,!lib!
       )
     )
   )
diff --git a/buildscripts/kokoro/windows64.bat b/buildscripts/kokoro/windows64.bat
index 0bed4612bcf..d5798c634d0 100644
--- a/buildscripts/kokoro/windows64.bat
+++ b/buildscripts/kokoro/windows64.bat
@@ -24,7 +24,7 @@ cd "%WORKSPACE%"
 
 SET TARGET_ARCH=x86_64
 SET FAIL_ON_WARNINGS=true
-SET PROTOBUF_VER=26.1
+SET PROTOBUF_VER=33.1
 SET PKG_CONFIG_PATH=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib\\pkgconfig
 SET VC_PROTOBUF_LIBS=/LIBPATH:%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib
 SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\include
@@ -50,14 +50,16 @@ for /f "tokens=*" %%a in ('pkg-config --libs protobuf') do (
       set lib=!lib:~2!
       @rem remove spaces
       set lib=!lib: =!
-      @rem Because protobuf is specified as libprotobuf and elsewhere
-      if !lib! NEQ protobuf (
+      set libprefix=!lib:~0,4!
+      if !libprefix!==absl (
         set lib=!lib!.lib
-        if "!libs_list!"=="" (
-          set libs_list=!lib!
-        ) else (
-          set libs_list=!libs_list!,!lib!
-        )
+      ) else (
+        set lib=lib!lib!.lib
+      )
+      if "!libs_list!"=="" (
+        set libs_list=!lib!
+      ) else (
+        set libs_list=!libs_list!,!lib!
       )
     )
   )
diff --git a/buildscripts/make_dependencies.bat b/buildscripts/make_dependencies.bat
index adb7a1fbcbc..a167b8e59b2 100644
--- a/buildscripts/make_dependencies.bat
+++ b/buildscripts/make_dependencies.bat
@@ -1,7 +1,7 @@
 choco install -y pkgconfiglite
 choco install -y openjdk --version=17.0
 set PATH=%PATH%;"c:\Program Files\OpenJDK\jdk-17\bin"
-set PROTOBUF_VER=26.1
+set PROTOBUF_VER=33.1
 set ABSL_VERSION=20250127.1
 set CMAKE_NAME=cmake-3.26.3-windows-x86_64
 
@@ -30,7 +30,6 @@ del protobuf.zip
 powershell -command "$ProgressPreference = 'SilentlyContinue'; $ErrorActionPreference = 'stop'; & { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; iwr https://github.com/abseil/abseil-cpp/archive/refs/tags/%ABSL_VERSION%.zip -OutFile absl.zip }" || exit /b 1
 powershell -command "$ErrorActionPreference = 'stop'; & { Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('absl.zip', '.') }" || exit /b 1
 del absl.zip
-rmdir protobuf-%PROTOBUF_VER%\third_party\abseil-cpp
 move abseil-cpp-%ABSL_VERSION% protobuf-%PROTOBUF_VER%\third_party\abseil-cpp
 mkdir protobuf-%PROTOBUF_VER%\build
 pushd protobuf-%PROTOBUF_VER%\build
@@ -51,7 +50,7 @@ for /f "tokens=4 delims=\" %%a in ("%VCINSTALLDIR%") do (
 for /f "tokens=1 delims=." %%a in ("%VisualStudioVersion%") do (
   SET visual_studio_major_version=%%a
 )
-cmake -DABSL_MSVC_STATIC_RUNTIME=ON -Dprotobuf_BUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=%cd%\protobuf-%PROTOBUF_VER% -DCMAKE_PREFIX_PATH=%cd%\protobuf-%PROTOBUF_VER% -G "Visual Studio %visual_studio_major_version% %VC_YEAR%" %CMAKE_VSARCH% .. || exit /b 1
+cmake -DCMAKE_CXX_STANDARD=17 -DABSL_MSVC_STATIC_RUNTIME=ON -Dprotobuf_BUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=%cd%\protobuf-%PROTOBUF_VER% -DCMAKE_PREFIX_PATH=%cd%\protobuf-%PROTOBUF_VER% -G "Visual Studio %visual_studio_major_version% %VC_YEAR%" %CMAKE_VSARCH% .. || exit /b 1
 cmake --build . --config Release --target install || exit /b 1
 popd
 goto :eof
diff --git a/buildscripts/make_dependencies.sh b/buildscripts/make_dependencies.sh
index 7dc94299daf..9612199540b 100755
--- a/buildscripts/make_dependencies.sh
+++ b/buildscripts/make_dependencies.sh
@@ -3,54 +3,33 @@
 # Build protoc
 set -evux -o pipefail
 
-PROTOBUF_VERSION=26.1
+PROTOBUF_VERSION=33.1
 ABSL_VERSION=20250127.1
-CMAKE_VERSION=3.26.3
 
 # ARCH is x86_64 bit unless otherwise specified.
 ARCH="${ARCH:-x86_64}"
 DOWNLOAD_DIR=/tmp/source
 INSTALL_DIR="/tmp/protobuf-cache/$PROTOBUF_VERSION/$(uname -s)-$ARCH"
 BUILDSCRIPTS_DIR="$(cd "$(dirname "$0")" && pwd)"
-mkdir -p $DOWNLOAD_DIR
-cd "$DOWNLOAD_DIR"
-
-# Start with a sane default
-NUM_CPU=4
-if [[ $(uname) == 'Linux' ]]; then
-    NUM_CPU=$(nproc)
-fi
-if [[ $(uname) == 'Darwin' ]]; then
-    NUM_CPU=$(sysctl -n hw.ncpu)
-fi
 
-# Make protoc
-# Can't check for presence of directory as cache auto-creates it.
-if [ -f ${INSTALL_DIR}/bin/protoc ]; then
-  echo "Not building protobuf. Already built"
-# TODO(ejona): swap to `brew install --devel protobuf` once it is up-to-date
-else
-  if [[ ! -d "protobuf-${PROTOBUF_VERSION}" ]]; then
-    curl -Ls "https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protobuf-${PROTOBUF_VERSION}.tar.gz" | tar xz
-    curl -Ls "https://github.com/abseil/abseil-cpp/archive/refs/tags/${ABSL_VERSION}.tar.gz" | tar xz
-    rmdir "protobuf-$PROTOBUF_VERSION/third_party/abseil-cpp"
-    mv "abseil-cpp-$ABSL_VERSION" "protobuf-$PROTOBUF_VERSION/third_party/abseil-cpp"
+function build_and_install() {
+  if [[ "$1" == "abseil" ]]; then
+    TESTS_OFF_ARG=ABSL_BUILD_TEST_HELPERS
+  else
+    TESTS_OFF_ARG=protobuf_BUILD_TESTS  
   fi
-  # the same source dir is used for 32 and 64 bit builds, so we need to clean stale data first
-  rm -rf "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
-  mkdir "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
-  pushd "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
-  # install here so we don't need sudo
   if [[ "$(uname -s)" == "Darwin" ]]; then
     cmake .. \
-      -DCMAKE_CXX_STANDARD=14 -Dprotobuf_BUILD_TESTS=OFF -DBUILD_SHARED_LIBS=OFF \
-      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" -DABSL_INTERNAL_AT_LEAST_CXX17=0 \
+      -DCMAKE_CXX_STANDARD=17 -D${TESTS_OFF_ARG}=OFF -DBUILD_SHARED_LIBS=OFF \
+      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" \
+      -DCMAKE_PREFIX_PATH="$INSTALL_DIR" \
       -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" \
       -B. || exit 1
   elif [[ "$ARCH" == x86* ]]; then
     CFLAGS=-m${ARCH#*_} CXXFLAGS=-m${ARCH#*_} cmake .. \
-      -DCMAKE_CXX_STANDARD=14 -Dprotobuf_BUILD_TESTS=OFF -DBUILD_SHARED_LIBS=OFF \
-      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" -DABSL_INTERNAL_AT_LEAST_CXX17=0 \
+      -DCMAKE_CXX_STANDARD=17 -D${TESTS_OFF_ARG}=OFF -DBUILD_SHARED_LIBS=OFF \
+      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" \
+      -DCMAKE_PREFIX_PATH="$INSTALL_DIR" \
       -B. || exit 1
   else
     if [[ "$ARCH" == aarch_64 ]]; then
@@ -66,17 +45,56 @@ else
       exit 1
     fi
     cmake .. \
-      -DCMAKE_CXX_STANDARD=14 -Dprotobuf_BUILD_TESTS=OFF -DBUILD_SHARED_LIBS=OFF \
-      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" -DABSL_INTERNAL_AT_LEAST_CXX17=0 \
+      -DCMAKE_CXX_STANDARD=17 -D${TESTS_OFF_ARG}=OFF -DBUILD_SHARED_LIBS=OFF \
+      -DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" \
+      -DCMAKE_PREFIX_PATH="$INSTALL_DIR" \
       -Dcrosscompile_ARCH="$GCC_ARCH" \
       -DCMAKE_TOOLCHAIN_FILE=$BUILDSCRIPTS_DIR/toolchain.cmake \
       -B. || exit 1
   fi
   export CMAKE_BUILD_PARALLEL_LEVEL="$NUM_CPU"
   cmake --build . || exit 1
+  # install here so we don't need sudo
   cmake --install . || exit 1
-  [ -d "$INSTALL_DIR/lib64" ] && mv "$INSTALL_DIR/lib64" "$INSTALL_DIR/lib"
+}
+
+mkdir -p $DOWNLOAD_DIR
+cd "$DOWNLOAD_DIR"
+
+# Start with a sane default
+NUM_CPU=4
+if [[ $(uname) == 'Linux' ]]; then
+    NUM_CPU=$(nproc)
+fi
+if [[ $(uname) == 'Darwin' ]]; then
+    NUM_CPU=$(sysctl -n hw.ncpu)
+fi
+export CMAKE_BUILD_PARALLEL_LEVEL="$NUM_CPU"
+
+# Make protoc
+# Can't check for presence of directory as cache auto-creates it.
+if [ -f ${INSTALL_DIR}/bin/protoc ]; then
+  echo "Not building protobuf. Already built"
+# TODO(ejona): swap to `brew install --devel protobuf` once it is up-to-date
+else
+  if [[ ! -d "protobuf-${PROTOBUF_VERSION}" ]]; then
+    curl -Ls "https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protobuf-${PROTOBUF_VERSION}.tar.gz" | tar xz
+    curl -Ls "https://github.com/abseil/abseil-cpp/archive/refs/tags/${ABSL_VERSION}.tar.gz" | tar xz
+  fi
+  # the same source dir is used for 32 and 64 bit builds, so we need to clean stale data first
+  rm -rf "$DOWNLOAD_DIR/abseil-cpp-${ABSL_VERSION}/build"
+  mkdir "$DOWNLOAD_DIR/abseil-cpp-${ABSL_VERSION}/build"
+  pushd "$DOWNLOAD_DIR/abseil-cpp-${ABSL_VERSION}/build"
+  build_and_install "abseil"
+  popd 
+  
+  rm -rf "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
+  mkdir "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
+  pushd "$DOWNLOAD_DIR/protobuf-${PROTOBUF_VERSION}/build"
+  build_and_install "protobuf"
   popd
+  
+  [ -d "$INSTALL_DIR/lib64" ] && mv "$INSTALL_DIR/lib64" "$INSTALL_DIR/lib"  
 fi
 
 # If /tmp/protobuf exists then we just assume it's a symlink created by us.
@@ -94,3 +112,4 @@ export CXXFLAGS="$(PKG_CONFIG_PATH=/tmp/protobuf/lib/pkgconfig pkg-config --cfla
 export LIBRARY_PATH=/tmp/protobuf/lib
 export LD_LIBRARY_PATH=/tmp/protobuf/lib
 EOF
+
diff --git a/compiler/build.gradle b/compiler/build.gradle
index 9b02f8286a1..f970f629e19 100644
--- a/compiler/build.gradle
+++ b/compiler/build.gradle
@@ -102,7 +102,7 @@ model {
         all {
             if (toolChain in Gcc || toolChain in Clang) {
                 cppCompiler.define("GRPC_VERSION", version)
-                cppCompiler.args "--std=c++14"
+                cppCompiler.args "--std=c++17"
                 addEnvArgs("CXXFLAGS", cppCompiler.args)
                 addEnvArgs("CPPFLAGS", cppCompiler.args)
                 if (project.hasProperty('buildUniversal') &&
@@ -132,7 +132,7 @@ model {
             } else if (toolChain in VisualCpp) {
                 usingVisualCpp = true
                 cppCompiler.define("GRPC_VERSION", version)
-                cppCompiler.args "/EHsc", "/MT"
+                cppCompiler.args "/EHsc", "/MT", "/std:c++17"
                 if (rootProject.hasProperty('vcProtobufInclude')) {
                     cppCompiler.args "/I${rootProject.vcProtobufInclude}"
                 } 

From eb8a63cefb827337cc9fd4c5a3877d96a238c1d6 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 5 Dec 2025 14:43:15 -0800
Subject: [PATCH 480/591] Introduce io.grpc.Uri. (#12535)

`io.grpc.Uri` is an implementation of RFC 3986 tailored for grpc-java's
needs. It lifts some of the limitations of `java.net.URI` that currently
prevent us from resolving target URIs like `intent:#Intent;...` See
#12244 for more.

Marked `@Internal` for now but the plan is to eventually use this to
replace `java.net.URI` in our public APIs such as NameResolver.Factory.
---
 api/build.gradle                       |    1 +
 api/src/main/java/io/grpc/Uri.java     | 1021 ++++++++++++++++++++++++
 api/src/test/java/io/grpc/UriTest.java |  601 ++++++++++++++
 3 files changed, 1623 insertions(+)
 create mode 100644 api/src/main/java/io/grpc/Uri.java
 create mode 100644 api/src/test/java/io/grpc/UriTest.java

diff --git a/api/build.gradle b/api/build.gradle
index 415a17f61f8..745fa00b3f1 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -73,6 +73,7 @@ tasks.named("javadoc").configure {
     exclude 'io/grpc/Internal?*.java'
     exclude 'io/grpc/MetricRecorder.java'
     exclude 'io/grpc/MetricSink.java'
+    exclude 'io/grpc/Uri.java'
 }
 
 tasks.named("sourcesJar").configure {
diff --git a/api/src/main/java/io/grpc/Uri.java b/api/src/main/java/io/grpc/Uri.java
new file mode 100644
index 00000000000..01aaed31c74
--- /dev/null
+++ b/api/src/main/java/io/grpc/Uri.java
@@ -0,0 +1,1021 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+
+import com.google.common.base.VerifyException;
+import com.google.common.collect.ImmutableList;
+import com.google.common.net.InetAddresses;
+import com.google.errorprone.annotations.CanIgnoreReturnValue;
+import java.net.InetAddress;
+import java.net.URISyntaxException;
+import java.nio.ByteBuffer;
+import java.nio.CharBuffer;
+import java.nio.charset.CharacterCodingException;
+import java.nio.charset.CharsetEncoder;
+import java.nio.charset.CodingErrorAction;
+import java.nio.charset.MalformedInputException;
+import java.nio.charset.StandardCharsets;
+import java.util.BitSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.Objects;
+import javax.annotation.Nullable;
+
+/**
+ * A not-quite-general-purpose representation of a Uniform Resource Identifier (URI), as defined by
+ * <a href="https://datatracker.ietf.org/doc/html/rfc3986">RFC 3986</a>.
+ *
+ * <h1>The URI</h1>
+ *
+ * <p>A URI identifies a resource by its name or location or both. The resource could be a file,
+ * service, or some other abstract entity.
+ *
+ * <h2>Examples</h2>
+ *
+ * <ul>
+ *   <li><code>http://admin@example.com:8080/controlpanel?filter=users#settings</code>
+ *   <li><code>ftp://[2001:db8::7]/docs/report.pdf</code>
+ *   <li><code>file:///My%20Computer/Documents/letter.doc</code>
+ *   <li><code>dns://8.8.8.8/storage.googleapis.com</code>
+ *   <li><code>mailto:John.Doe@example.com</code>
+ *   <li><code>tel:+1-206-555-1212</code>
+ *   <li><code>urn:isbn:978-1492082798</code>
+ * </ul>
+ *
+ * <h2>Limitations</h2>
+ *
+ * <p>This class aims to meet the needs of grpc-java itself and RPC related code that depend on it.
+ * It isn't quite general-purpose. It definitely would not be suitable for building an HTTP user
+ * agent or proxy server. In particular, it:
+ *
+ * <ul>
+ *   <li>Can only represent a URI, not a "URI-reference" or "relative reference". In other words, a
+ *       "scheme" is always required.
+ *   <li>Has no knowledge of the particulars of any scheme, with respect to normalization and
+ *       comparison. We don't know <code>https://google.com</code> is the same as <code>
+ *       https://google.com:443</code>, that <code>file:///</code> is the same as <code>
+ *       file://localhost</code>, or that <code>joe@example.com</code> is the same as <code>
+ *       joe@EXAMPLE.COM</code>. No one class can or should know everything about every scheme so
+ *       all this is better handled at a higher layer.
+ *   <li>Implements {@link #equals(Object)} as a char-by-char comparison. Expect false negatives.
+ *   <li>Does not support "IPvFuture" literal addresses.
+ *   <li>Does not reflect how web browsers parse user input or the <a
+ *       href="https://url.spec.whatwg.org/">URL Living Standard</a>.
+ *   <li>Does not support different character encodings. Assumes UTF-8 in several places.
+ * </ul>
+ *
+ * <h2>Migrating from RFC 2396 and {@link java.net.URI}</h2>
+ *
+ * <p>Those migrating from {@link java.net.URI} and/or its primary specification in RFC 2396 should
+ * note some differences.
+ *
+ * <h3>Uniform Hierarchical Syntax</h3>
+ *
+ * <p>RFC 3986 unifies the older ideas of "hierarchical" and "opaque" URIs into a single generic
+ * syntax. What RFC 2396 called an opaque "scheme-specific part" is always broken out by RFC 3986
+ * into an authority and path hierarchy, followed by query and fragment components. Accordingly,
+ * this class has only getters for those components but no {@link
+ * java.net.URI#getSchemeSpecificPart()} analog.
+ *
+ * <p>The RFC 3986 definition of path is now more liberal to accommodate this:
+ *
+ * <ul>
+ *   <li>Path doesn't have to start with a slash. For example, the path of <code>
+ *       urn:isbn:978-1492082798</code> is <code>isbn:978-1492082798</code> even though it doesn't
+ *       look much like a file system path.
+ *   <li>The path can now be empty. So Android's <code>
+ *       intent:#Intent;action=MAIN;category=LAUNCHER;end</code> is now a valid {@link Uri}. Even
+ *       the scheme-only <code>about:</code> is now valid.
+ * </ul>
+ *
+ * <p>The uniform syntax always understands what follows a '?' to be a query string. For example,
+ * <code>mailto:me@example.com?subject=foo</code> now has a query component whereas RFC 2396
+ * considered everything after the <code>mailto:</code> scheme to be opaque.
+ *
+ * <p>Same goes for fragment. <code>data:image/png;...#xywh=0,0,10,10</code> now has a fragment
+ * whereas RFC 2396 considered everything after the scheme to be opaque.
+ *
+ * <h3>Uniform Authority Syntax</h3>
+ *
+ * <p>RFC 2396 tried to guess if an authority was a "server" (host:port) or "registry-based"
+ * (arbitrary string) based on its contents. RFC 3986 expects every authority to look like
+ * [userinfo@]host[:port] and loosens the definition of a "host" to accommodate. Accordingly, this
+ * class has no equivalent to {@link java.net.URI#parseServerAuthority()} -- authority was parsed
+ * into its components and checked for validity when the {@link Uri} was created.
+ *
+ * <h3>Other Specific Differences</h3>
+ *
+ * <p>RFC 2396 does not allow underscores in a host name, meaning {@link java.net.URI} switches to
+ * opaque mode when it sees one. {@link Uri} does allow underscores in host, to accommodate
+ * registries other than DNS. So <code>http://my_site.com:8080/index.html</code> now parses as a
+ * host, port and path rather than a single opaque scheme-specific part.
+ *
+ * <p>{@link Uri} strictly *requires* square brackets in the query string and fragment to be
+ * percent-encoded whereas RFC 2396 merely recommended doing so.
+ *
+ * <p>Other URx classes are "liberal in what they accept and strict in what they produce." {@link
+ * Uri#parse(String)} and {@link Uri#create(String)}, however, are strict in what they accept and
+ * transparent when asked to reproduce it via {@link Uri#toString()}. The former policy may be
+ * appropriate for parsing user input or web content, but this class is meant for gRPC clients,
+ * servers and plugins like name resolvers where human error at runtime is less likely and best
+ * detected early. {@link java.net.URI#create(String)} is similarly strict, which makes migration
+ * easy, except for the server/registry-based ambiguity addressed by {@link
+ * java.net.URI#parseServerAuthority()}.
+ *
+ * <p>{@link java.net.URI} and {@link Uri} both support IPv6 literals in square brackets as defined
+ * by RFC 2732.
+ */
+@Internal
+public final class Uri {
+  // Components are stored percent-encoded, just as originally parsed for transparent parse/toString
+  // round-tripping.
+  private final String scheme; // != null since we don't support relative references.
+  @Nullable private final String userInfo;
+  @Nullable private final String host;
+  @Nullable private final String port;
+  private final String path; // In RFC 3986, path is always defined (but can be empty).
+  @Nullable private final String query;
+  @Nullable private final String fragment;
+
+  private Uri(Builder builder) {
+    this.scheme = checkNotNull(builder.scheme, "scheme");
+    this.userInfo = builder.userInfo;
+    this.host = builder.host;
+    this.port = builder.port;
+    this.path = builder.path;
+    this.query = builder.query;
+    this.fragment = builder.fragment;
+
+    // Checks common to the parse() and Builder code paths.
+    if (hasAuthority()) {
+      if (!path.isEmpty() && !path.startsWith("/")) {
+        throw new IllegalArgumentException("Has authority -- Non-empty path must start with '/'");
+      }
+    } else {
+      if (path.startsWith("//")) {
+        throw new IllegalArgumentException("No authority -- Path cannot start with '//'");
+      }
+    }
+  }
+
+  /**
+   * Parses a URI from its string form.
+   *
+   * @throws URISyntaxException if 's' is not a valid RFC 3986 URI.
+   */
+  public static Uri parse(String s) throws URISyntaxException {
+    try {
+      return create(s);
+    } catch (IllegalArgumentException e) {
+      throw new URISyntaxException(s, e.getMessage());
+    }
+  }
+
+  /**
+   * Creates a URI from a string assumed to be valid.
+   *
+   * <p>Useful for defining URI constants in code. Not for user input.
+   *
+   * @throws IllegalArgumentException if 's' is not a valid RFC 3986 URI.
+   */
+  public static Uri create(String s) {
+    Builder builder = new Builder();
+    int i = 0;
+    final int n = s.length();
+
+    // 3.1. Scheme: Look for a ':' before '/', '?', or '#'.
+    int schemeColon = -1;
+    for (; i < n; ++i) {
+      char c = s.charAt(i);
+      if (c == ':') {
+        schemeColon = i;
+        break;
+      } else if (c == '/' || c == '?' || c == '#') {
+        break;
+      }
+    }
+    if (schemeColon < 0) {
+      throw new IllegalArgumentException("Missing required scheme.");
+    }
+    builder.setRawScheme(s.substring(0, schemeColon));
+
+    // 3.2. Authority. Look for '//' then keep scanning until '/', '?', or '#'.
+    i = schemeColon + 1;
+    if (i + 1 < n && s.charAt(i) == '/' && s.charAt(i + 1) == '/') {
+      // "//" just means we have an authority. Skip over it.
+      i += 2;
+
+      int authorityStart = i;
+      for (; i < n; ++i) {
+        char c = s.charAt(i);
+        if (c == '/' || c == '?' || c == '#') {
+          break;
+        }
+      }
+      String authority = s.substring(authorityStart, i);
+
+      // 3.2.1. UserInfo. Easy, because '@' cannot appear unencoded inside userinfo or host.
+      int userInfoEnd = authority.indexOf('@');
+      if (userInfoEnd >= 0) {
+        builder.setRawUserInfo(authority.substring(0, userInfoEnd));
+      }
+
+      // 3.2.2/3. Host/Port.
+      int hostStart = userInfoEnd >= 0 ? userInfoEnd + 1 : 0;
+      int portStartColon = findPortStartColon(authority, hostStart);
+      if (portStartColon < 0) {
+        builder.setRawHost(authority.substring(hostStart, authority.length()));
+      } else {
+        builder.setRawHost(authority.substring(hostStart, portStartColon));
+        builder.setRawPort(authority.substring(portStartColon + 1));
+      }
+    }
+
+    // 3.3. Path: Whatever is left before '?' or '#'.
+    int pathStart = i;
+    for (; i < n; ++i) {
+      char c = s.charAt(i);
+      if (c == '?' || c == '#') {
+        break;
+      }
+    }
+    builder.setRawPath(s.substring(pathStart, i));
+
+    // 3.4. Query, if we stopped at '?'.
+    if (i < n && s.charAt(i) == '?') {
+      i++; // Skip '?'
+      int queryStart = i;
+      for (; i < n; ++i) {
+        char c = s.charAt(i);
+        if (c == '#') {
+          break;
+        }
+      }
+      builder.setRawQuery(s.substring(queryStart, i));
+    }
+
+    // 3.5. Fragment, if we stopped at '#'.
+    if (i < n && s.charAt(i) == '#') {
+      ++i; // Skip '#'
+      builder.setRawFragment(s.substring(i));
+    }
+
+    return builder.build();
+  }
+
+  private static int findPortStartColon(String authority, int hostStart) {
+    for (int i = authority.length() - 1; i >= hostStart; --i) {
+      char c = authority.charAt(i);
+      if (c == ':') {
+        return i;
+      }
+      if (c == ']') {
+        // Hit the end of IP-literal. Any further colon is inside it and couldn't indicate a port.
+        break;
+      }
+      if (!digitChars.get(c)) {
+        // Found a non-digit, non-colon, non-bracket.
+        // This means there is no valid port (e.g. host is "example.com")
+        break;
+      }
+    }
+    return -1;
+  }
+
+  // Checks a raw path for validity and parses it into segments. Let 'out' be null to just validate.
+  private static void parseAssumedUtf8PathIntoSegments(
+      String path, ImmutableList.Builder<String> out) {
+    // Skip the first slash so it doesn't count as an empty segment at the start.
+    // (e.g., "/a" -> ["a"], not ["", "a"])
+    int start = path.startsWith("/") ? 1 : 0;
+
+    for (int i = start; i < path.length(); ) {
+      int nextSlash = path.indexOf('/', i);
+      String segment;
+      if (nextSlash >= 0) {
+        // Typical segment case (e.g., "foo" in "/foo/bar").
+        segment = path.substring(i, nextSlash);
+        i = nextSlash + 1;
+      } else {
+        // Final segment case (e.g., "bar" in "/foo/bar").
+        segment = path.substring(i);
+        i = path.length();
+      }
+      if (out != null) {
+        out.add(percentDecodeAssumedUtf8(segment));
+      } else {
+        checkPercentEncodedArg(segment, "path segment", pChars);
+      }
+    }
+
+    // RFC 3986 says a trailing slash creates a final empty segment.
+    // (e.g., "/foo/" -> ["foo", ""])
+    if (path.endsWith("/") && out != null) {
+      out.add("");
+    }
+  }
+
+  /** Returns the scheme of this URI. */
+  public String getScheme() {
+    return scheme;
+  }
+
+  /**
+   * Returns the percent-decoded "Authority" component of this URI, or null if not present.
+   *
+   * <p>NB: This method assumes the "host" component was encoded as UTF-8, as mandated by RFC 3986.
+   * This method also assumes the "user information" part of authority was encoded as UTF-8,
+   * although RFC 3986 doesn't specify an encoding.
+   *
+   * <p>Decoding errors are indicated by a {@code '\u005CuFFFD'} unicode replacement character in
+   * the output. Callers who want to detect and handle errors in some other way should call {@link
+   * #getRawAuthority()}, {@link #percentDecode(CharSequence)}, then decode the bytes for
+   * themselves.
+   */
+  @Nullable
+  public String getAuthority() {
+    return percentDecodeAssumedUtf8(getRawAuthority());
+  }
+
+  private boolean hasAuthority() {
+    return host != null;
+  }
+
+  /**
+   * Returns the "authority" component of this URI in its originally parsed, possibly
+   * percent-encoded form.
+   */
+  @Nullable
+  public String getRawAuthority() {
+    if (hasAuthority()) {
+      StringBuilder sb = new StringBuilder();
+      appendAuthority(sb);
+      return sb.toString();
+    }
+    return null;
+  }
+
+  private void appendAuthority(StringBuilder sb) {
+    if (userInfo != null) {
+      sb.append(userInfo).append('@');
+    }
+    if (host != null) {
+      sb.append(host);
+    }
+    if (port != null) {
+      sb.append(':').append(port);
+    }
+  }
+
+  /**
+   * Returns the percent-decoded "User Information" component of this URI, or null if not present.
+   *
+   * <p>NB: This method *assumes* this component was encoded as UTF-8, although RFC 3986 doesn't
+   * specify an encoding.
+   *
+   * <p>Decoding errors are indicated by a {@code '\u005CuFFFD'} unicode replacement character in
+   * the output. Callers who want to detect and handle errors in some other way should call {@link
+   * #getRawUserInfo()}, {@link #percentDecode(CharSequence)}, then decode the bytes for themselves.
+   */
+  @Nullable
+  public String getUserInfo() {
+    return percentDecodeAssumedUtf8(userInfo);
+  }
+
+  /**
+   * Returns the "User Information" component of this URI in its originally parsed, possibly
+   * percent-encoded form.
+   */
+  @Nullable
+  public String getRawUserInfo() {
+    return userInfo;
+  }
+
+  /**
+   * Returns the percent-decoded "host" component of this URI, or null if not present.
+   *
+   * <p>This method assumes the host was encoded as UTF-8, as mandated by RFC 3986.
+   *
+   * <p>Decoding errors are indicated by a {@code '\u005CuFFFD'} unicode replacement character in
+   * the output. Callers who want to detect and handle errors in some other way should call {@link
+   * #getRawHost()}, {@link #percentDecode(CharSequence)}, then decode the bytes for themselves.
+   */
+  @Nullable
+  public String getHost() {
+    return percentDecodeAssumedUtf8(host);
+  }
+
+  /**
+   * Returns the host component of this URI in its originally parsed, possibly percent-encoded form.
+   */
+  @Nullable
+  public String getRawHost() {
+    return host;
+  }
+
+  /** Returns the "port" component of this URI, or -1 if not present. */
+  public int getPort() {
+    return port != null ? Integer.parseInt(port) : -1;
+  }
+
+  /** Returns the raw port component of this URI in its originally parsed form. */
+  @Nullable
+  public String getRawPort() {
+    return port;
+  }
+
+  /**
+   * Returns the (possibly empty) percent-decoded "path" component of this URI.
+   *
+   * <p>NB: This method *assumes* the path was encoded as UTF-8, although RFC 3986 doesn't specify
+   * an encoding.
+   *
+   * <p>Decoding errors are indicated by a {@code '\u005CuFFFD'} unicode replacement character in
+   * the output. Callers who want to detect and handle errors in some other way should call {@link
+   * #getRawPath()}, {@link #percentDecode(CharSequence)}, then decode the bytes for themselves.
+   *
+   * <p>NB: Prefer {@link #getPathSegments()} because this method's decoding is lossy. For example,
+   * consider these (different) URIs:
+   *
+   * <ul>
+   *   <li>file:///home%2Ffolder/my%20file
+   *   <li>file:///home/folder/my%20file
+   * </ul>
+   *
+   * <p>Calling getPath() on each returns the same string: <code>/home/folder/my file</code>. You
+   * can't tell whether the second '/' character is part of the first path segment or separates the
+   * first and second path segments. This method only exists to ease migration from {@link
+   * java.net.URI}.
+   */
+  public String getPath() {
+    return percentDecodeAssumedUtf8(path);
+  }
+
+  /**
+   * Returns this URI's path as a list of path segments not including the '/' segment delimiters.
+   *
+   * <p>Prefer this method over {@link #getPath()} because it preserves the distinction between
+   * segment separators and literal '/'s within a path segment.
+   *
+   * <p>The returned list is immutable.
+   */
+  public List<String> getPathSegments() {
+    // Returned list must be immutable but we intentionally keep guava out of the public API.
+    ImmutableList.Builder<String> segmentsBuilder = ImmutableList.builder();
+    parseAssumedUtf8PathIntoSegments(path, segmentsBuilder);
+    return segmentsBuilder.build();
+  }
+
+  /**
+   * Returns the path component of this URI in its originally parsed, possibly percent-encoded form.
+   */
+  public String getRawPath() {
+    return path;
+  }
+
+  /**
+   * Returns the percent-decoded "query" component of this URI, or null if not present.
+   *
+   * <p>NB: This method assumes the query was encoded as UTF-8, although RFC 3986 doesn't specify an
+   * encoding.
+   *
+   * <p>Decoding errors are indicated by a {@code '\u005CuFFFD'} unicode replacement character in
+   * the output. Callers who want to detect and handle errors in some other way should call {@link
+   * #getRawQuery()}, {@link #percentDecode(CharSequence)}, then decode the bytes for themselves.
+   */
+  @Nullable
+  public String getQuery() {
+    return percentDecodeAssumedUtf8(query);
+  }
+
+  /**
+   * Returns the query component of this URI in its originally parsed, possibly percent-encoded
+   * form, without any leading '?' character.
+   */
+  @Nullable
+  public String getRawQuery() {
+    return query;
+  }
+
+  /**
+   * Returns the percent-decoded "fragment" component of this URI, or null if not present.
+   *
+   * <p>NB: This method assumes the fragment was encoded as UTF-8, although RFC 3986 doesn't specify
+   * an encoding.
+   *
+   * <p>Decoding errors are indicated by a {@code '\u005CuFFFD'} unicode replacement character in
+   * the output. Callers who want to detect and handle errors in some other way should call {@link
+   * #getRawFragment()}, {@link #percentDecode(CharSequence)}, then decode the bytes for themselves.
+   */
+  @Nullable
+  public String getFragment() {
+    return percentDecodeAssumedUtf8(fragment);
+  }
+
+  /**
+   * Returns the fragment component of this URI in its original, possibly percent-encoded form, and
+   * without any leading '#' character.
+   */
+  @Nullable
+  public String getRawFragment() {
+    return fragment;
+  }
+
+  /**
+   * {@inheritDoc}
+   *
+   * <p>If this URI was created by {@link #parse(String)} or {@link #create(String)}, then the
+   * returned string will match that original input exactly.
+   */
+  @Override
+  public String toString() {
+    // https://datatracker.ietf.org/doc/html/rfc3986#section-5.3
+    StringBuilder sb = new StringBuilder();
+    sb.append(scheme).append(':');
+    if (hasAuthority()) {
+      sb.append("//");
+      appendAuthority(sb);
+    }
+    sb.append(path);
+    if (query != null) {
+      sb.append('?').append(query);
+    }
+    if (fragment != null) {
+      sb.append('#').append(fragment);
+    }
+    return sb.toString();
+  }
+
+  /**
+   * Returns true iff this URI has a scheme and an authority/path hierarchy, but no fragment.
+   *
+   * <p>All instances of {@link Uri} are RFC 3986 URIs, not "relative references", so this method is
+   * equivalent to {@code getFragment() == null}. It mostly exists for compatibility with {@link
+   * java.net.URI}.
+   */
+  public boolean isAbsolute() {
+    return scheme != null && fragment == null;
+  }
+
+  /**
+   * {@inheritDoc}
+   *
+   * <p>Two instances of {@link Uri} are equal if and only if they have the same string
+   * representation, which RFC 3986 calls "Simple String Comparison" (6.2.1). Callers with a higher
+   * layer expectation of equality (e.g. <code>http://some%2Dhost:80/foo/./bar.txt</code> ~= <code>
+   * http://some-host/foo/bar.txt</code>) will experience false negatives.
+   */
+  @Override
+  public boolean equals(Object otherObj) {
+    if (!(otherObj instanceof Uri)) {
+      return false;
+    }
+    Uri other = (Uri) otherObj;
+    return Objects.equals(scheme, other.scheme)
+        && Objects.equals(userInfo, other.userInfo)
+        && Objects.equals(host, other.host)
+        && Objects.equals(port, other.port)
+        && Objects.equals(path, other.path)
+        && Objects.equals(query, other.query)
+        && Objects.equals(fragment, other.fragment);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(scheme, userInfo, host, port, path, query, fragment);
+  }
+
+  /** Returns a new Builder initialized with the fields of this URI. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  /** Creates a new {@link Builder} with all fields uninitialized or set to their default values. */
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  /** Builder for {@link Uri}. */
+  public static final class Builder {
+    private String scheme;
+    private String path = "";
+    private String query;
+    private String fragment;
+    private String userInfo;
+    private String host;
+    private String port;
+
+    private Builder() {}
+
+    Builder(Uri prototype) {
+      this.scheme = prototype.scheme;
+      this.userInfo = prototype.userInfo;
+      this.host = prototype.host;
+      this.port = prototype.port;
+      this.path = prototype.path;
+      this.query = prototype.query;
+      this.fragment = prototype.fragment;
+    }
+
+    /**
+     * Sets the scheme, e.g. "https", "dns" or "xds".
+     *
+     * <p>This field is required.
+     *
+     * @return this, for fluent building
+     * @throws IllegalArgumentException if the scheme is invalid.
+     */
+    @CanIgnoreReturnValue
+    public Builder setScheme(String scheme) {
+      return setRawScheme(scheme.toLowerCase(Locale.ROOT));
+    }
+
+    @CanIgnoreReturnValue
+    Builder setRawScheme(String scheme) {
+      if (scheme.isEmpty() || !alphaChars.get(scheme.charAt(0))) {
+        throw new IllegalArgumentException("Scheme must start with an alphabetic char");
+      }
+      for (int i = 0; i < scheme.length(); i++) {
+        char c = scheme.charAt(i);
+        if (!schemeChars.get(c)) {
+          throw new IllegalArgumentException("Invalid character in scheme at index " + i);
+        }
+      }
+      this.scheme = scheme;
+      return this;
+    }
+
+    /**
+     * Specifies the new URI's path component as a string of zero or more '/' delimited segments.
+     *
+     * <p>Path segments can consist of any string of codepoints. Codepoints that can't be encoded
+     * literally will be percent-encoded for you.
+     *
+     * <p>If a URI contains an authority component, then the path component must either be empty or
+     * begin with a slash ("/") character. If a URI does not contain an authority component, then
+     * the path cannot begin with two slash characters ("//").
+     *
+     * <p>This method interprets all '/' characters in 'path' as segment delimiters. If any of your
+     * segments contain literal '/' characters, call {@link #setRawPath(String)} instead.
+     *
+     * <p>See <a href="https://datatracker.ietf.org/doc/html/rfc3986#section-3.3">RFC 3986 3.3</a>
+     * for more.
+     *
+     * <p>This field is required but can be empty (its default value).
+     *
+     * @param path the new path
+     * @return this, for fluent building
+     */
+    @CanIgnoreReturnValue
+    public Builder setPath(String path) {
+      checkArgument(path != null, "Path can be empty but not null");
+      this.path = percentEncode(path, pCharsAndSlash);
+      return this;
+    }
+
+    /**
+     * Specifies the new URI's path component as a string of zero or more '/' delimited segments.
+     *
+     * <p>Path segments can consist of any string of codepoints but the caller must first percent-
+     * encode anything other than RFC 3986's "pchar" character class using UTF-8.
+     *
+     * <p>If a URI contains an authority component, then the path component must either be empty or
+     * begin with a slash ("/") character. If a URI does not contain an authority component, then
+     * the path cannot begin with two slash characters ("//").
+     *
+     * <p>This method interprets all '/' characters in 'path' as segment delimiters. If any of your
+     * segments contain literal '/' characters, you must percent-encode them.
+     *
+     * <p>See <a href="https://datatracker.ietf.org/doc/html/rfc3986#section-3.3">RFC 3986 3.3</a>
+     * for more.
+     *
+     * <p>This field is required but can be empty (its default value).
+     *
+     * @param path the new path, a string consisting of characters from "pchar"
+     * @return this, for fluent building
+     */
+    @CanIgnoreReturnValue
+    public Builder setRawPath(String path) {
+      checkArgument(path != null, "Path can be empty but not null");
+      parseAssumedUtf8PathIntoSegments(path, null);
+      this.path = path;
+      return this;
+    }
+
+    /**
+     * Specifies the query component of the new URI (not including the leading '?').
+     *
+     * <p>Query can contain any string of codepoints. Codepoints that can't be encoded literally
+     * will be percent-encoded for you as UTF-8.
+     *
+     * <p>This field is optional.
+     *
+     * @param query the new query component, or null to clear this field
+     * @return this, for fluent building
+     */
+    @CanIgnoreReturnValue
+    public Builder setQuery(@Nullable String query) {
+      this.query = percentEncode(query, queryChars);
+      return this;
+    }
+
+    @CanIgnoreReturnValue
+    Builder setRawQuery(String query) {
+      checkPercentEncodedArg(query, "query", queryChars);
+      this.query = query;
+      return this;
+    }
+
+    /**
+     * Specifies the fragment component of the new URI (not including the leading '#').
+     *
+     * <p>The fragment can contain any string of codepoints. Codepoints that can't be encoded
+     * literally will be percent-encoded for you as UTF-8.
+     *
+     * <p>This field is optional.
+     *
+     * @param fragment the new fragment component, or null to clear this field
+     * @return this, for fluent building
+     */
+    @CanIgnoreReturnValue
+    public Builder setFragment(@Nullable String fragment) {
+      this.fragment = percentEncode(fragment, fragmentChars);
+      return this;
+    }
+
+    @CanIgnoreReturnValue
+    Builder setRawFragment(String fragment) {
+      checkPercentEncodedArg(fragment, "fragment", fragmentChars);
+      this.fragment = fragment;
+      return this;
+    }
+
+    /**
+     * Set the "user info" component of the new URI, e.g. "username:password", not including the
+     * trailing '@' character.
+     *
+     * <p>User info can contain any string of codepoints. Codepoints that can't be encoded literally
+     * will be percent-encoded for you as UTF-8.
+     *
+     * <p>This field is optional.
+     *
+     * @param userInfo the new "user info" component, or null to clear this field
+     * @return this, for fluent building
+     */
+    @CanIgnoreReturnValue
+    public Builder setUserInfo(@Nullable String userInfo) {
+      this.userInfo = percentEncode(userInfo, userInfoChars);
+      return this;
+    }
+
+    @CanIgnoreReturnValue
+    Builder setRawUserInfo(String userInfo) {
+      checkPercentEncodedArg(userInfo, "userInfo", userInfoChars);
+      this.userInfo = userInfo;
+      return this;
+    }
+
+    /**
+     * Specifies the "host" component of the new URI in its "registered name" form (usually DNS),
+     * e.g. "server.com".
+     *
+     * <p>The registered name can contain any string of codepoints. Codepoints that can't be encoded
+     * literally will be percent-encoded for you as UTF-8.
+     *
+     * <p>This field is optional.
+     *
+     * @param regName the new host component in "registered name" form, or null to clear this field
+     * @return this, for fluent building
+     */
+    @CanIgnoreReturnValue
+    public Builder setHost(@Nullable String regName) {
+      if (regName != null) {
+        regName = regName.toLowerCase(Locale.ROOT);
+        regName = percentEncode(regName, regNameChars);
+      }
+      this.host = regName;
+      return this;
+    }
+
+    /**
+     * Specifies the "host" component of the new URI as an IP address.
+     *
+     * <p>This field is optional.
+     *
+     * @param addr the new "host" component in InetAddress form, or null to clear this field
+     * @return this, for fluent building
+     */
+    @CanIgnoreReturnValue
+    public Builder setHost(@Nullable InetAddress addr) {
+      this.host = addr != null ? InetAddresses.toUriString(addr) : null;
+      return this;
+    }
+
+    @CanIgnoreReturnValue
+    Builder setRawHost(String host) {
+      // IP-literal validation is complicated so we delegate it to Guava. We use this particular
+      // method of InetAddresses because it doesn't try to match interfaces on the local machine.
+      // (The validity of a URI should be the same no matter which machine does the parsing.)
+      // TODO(jdcormie): IPFuture
+      if (!InetAddresses.isUriInetAddress(host)) {
+        // Must be a "registered name".
+        checkPercentEncodedArg(host, "host", regNameChars);
+      }
+      this.host = host;
+      return this;
+    }
+
+    /**
+     * Specifies the "port" component of the new URI, e.g. "8080".
+     *
+     * <p>The port can be any non-negative integer. A negative value represents "no port".
+     *
+     * <p>This field is optional.
+     *
+     * @param port the new "port" component, or -1 to clear this field
+     * @return this, for fluent building
+     */
+    @CanIgnoreReturnValue
+    public Builder setPort(int port) {
+      this.port = port < 0 ? null : Integer.toString(port);
+      return this;
+    }
+
+    @CanIgnoreReturnValue
+    Builder setRawPort(String port) {
+      try {
+        Integer.parseInt(port); // Result unused.
+      } catch (NumberFormatException e) {
+        throw new IllegalArgumentException("Invalid port", e);
+      }
+      this.port = port;
+      return this;
+    }
+
+    /** Builds a new instance of {@link Uri} as specified by the setters. */
+    public Uri build() {
+      checkState(scheme != null, "Missing required scheme.");
+      if (host == null) {
+        checkState(port == null, "Cannot set port without host.");
+        checkState(userInfo == null, "Cannot set userInfo without host.");
+      }
+      return new Uri(this);
+    }
+  }
+
+  /**
+   * Decodes a string of characters in the range [U+0000, U+007F] to bytes.
+   *
+   * <p>Each percent-encoded sequence (e.g. "%F0" or "%2a", as defined by RFC 3986 2.1) is decoded
+   * to the octet it encodes. Other characters are decoded to their code point's single byte value.
+   * A literal % character must be encoded as %25.
+   *
+   * @throws IllegalArgumentException if 's' contains characters out of range or invalid percent
+   *     encoding sequences.
+   */
+  public static ByteBuffer percentDecode(CharSequence s) {
+    // This is large enough because each input character needs *at most* one byte of output.
+    ByteBuffer outBuf = ByteBuffer.allocate(s.length());
+    percentDecode(s, "input", null, outBuf);
+    outBuf.flip();
+    return outBuf;
+  }
+
+  private static void percentDecode(
+      CharSequence s, String what, BitSet allowedChars, ByteBuffer outBuf) {
+    for (int i = 0; i < s.length(); i++) {
+      char c = s.charAt(i);
+      if (c == '%') {
+        if (i + 2 >= s.length()) {
+          throw new IllegalArgumentException(
+              "Invalid percent-encoding at index " + i + " of " + what + ": " + s);
+        }
+        int h1 = Character.digit(s.charAt(i + 1), 16);
+        int h2 = Character.digit(s.charAt(i + 2), 16);
+        if (h1 == -1 || h2 == -1) {
+          throw new IllegalArgumentException(
+              "Invalid hex digit in " + what + " at index " + i + " of: " + s);
+        }
+        if (outBuf != null) {
+          outBuf.put((byte) (h1 << 4 | h2));
+        }
+        i += 2;
+      } else if (allowedChars == null || allowedChars.get(c)) {
+        if (outBuf != null) {
+          outBuf.put((byte) c);
+        }
+      } else {
+        throw new IllegalArgumentException("Invalid character in " + what + " at index " + i);
+      }
+    }
+  }
+
+  @Nullable
+  private static String percentDecodeAssumedUtf8(@Nullable String s) {
+    if (s == null || s.indexOf('%') == -1) {
+      return s;
+    }
+
+    ByteBuffer utf8Bytes = percentDecode(s);
+    try {
+      return StandardCharsets.UTF_8
+          .newDecoder()
+          .onMalformedInput(CodingErrorAction.REPLACE)
+          .onUnmappableCharacter(CodingErrorAction.REPLACE)
+          .decode(utf8Bytes)
+          .toString();
+    } catch (CharacterCodingException e) {
+      throw new VerifyException(e); // Should not happen in REPLACE mode.
+    }
+  }
+
+  @Nullable
+  private static String percentEncode(String s, BitSet allowedCodePoints) {
+    if (s == null) {
+      return null;
+    }
+    CharsetEncoder encoder =
+        StandardCharsets.UTF_8
+            .newEncoder()
+            .onMalformedInput(CodingErrorAction.REPORT)
+            .onUnmappableCharacter(CodingErrorAction.REPORT);
+    ByteBuffer utf8Bytes;
+    try {
+      utf8Bytes = encoder.encode(CharBuffer.wrap(s));
+    } catch (MalformedInputException e) {
+      throw new IllegalArgumentException("Malformed input", e); // Must be a broken surrogate pair.
+    } catch (CharacterCodingException e) {
+      throw new VerifyException(e); // Should not happen when encoding to UTF-8.
+    }
+
+    StringBuilder sb = new StringBuilder();
+    while (utf8Bytes.hasRemaining()) {
+      int b = 0xff & utf8Bytes.get();
+      if (allowedCodePoints.get(b)) {
+        sb.append((char) b);
+      } else {
+        sb.append('%');
+        sb.append(hexDigitsByVal[(b & 0xF0) >> 4]);
+        sb.append(hexDigitsByVal[b & 0x0F]);
+      }
+    }
+    return sb.toString();
+  }
+
+  private static void checkPercentEncodedArg(String s, String what, BitSet allowedChars) {
+    percentDecode(s, what, allowedChars, null);
+  }
+
+  // See UriTest for how these were computed from the ABNF constants in RFC 3986.
+  static final BitSet digitChars = BitSet.valueOf(new long[] {0x3ff000000000000L});
+  static final BitSet alphaChars = BitSet.valueOf(new long[] {0L, 0x7fffffe07fffffeL});
+  // scheme        = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+  static final BitSet schemeChars =
+      BitSet.valueOf(new long[] {0x3ff680000000000L, 0x7fffffe07fffffeL});
+  // unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
+  static final BitSet unreservedChars =
+      BitSet.valueOf(new long[] {0x3ff600000000000L, 0x47fffffe87fffffeL});
+  // gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"
+  static final BitSet genDelimsChars =
+      BitSet.valueOf(new long[] {0x8400800800000000L, 0x28000001L});
+  // sub-delims    = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
+  static final BitSet subDelimsChars = BitSet.valueOf(new long[] {0x28001fd200000000L});
+  // reserved      = gen-delims / sub-delims
+  static final BitSet reservedChars = BitSet.valueOf(new long[] {0xac009fda00000000L, 0x28000001L});
+  // reg-name      = *( unreserved / pct-encoded / sub-delims )
+  static final BitSet regNameChars =
+      BitSet.valueOf(new long[] {0x2bff7fd200000000L, 0x47fffffe87fffffeL});
+  // userinfo      = *( unreserved / pct-encoded / sub-delims / ":" )
+  static final BitSet userInfoChars =
+      BitSet.valueOf(new long[] {0x2fff7fd200000000L, 0x47fffffe87fffffeL});
+  // pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
+  static final BitSet pChars =
+      BitSet.valueOf(new long[] {0x2fff7fd200000000L, 0x47fffffe87ffffffL});
+  static final BitSet pCharsAndSlash =
+      BitSet.valueOf(new long[] {0x2fffffd200000000L, 0x47fffffe87ffffffL});
+  //  query         = *( pchar / "/" / "?" )
+  static final BitSet queryChars =
+      BitSet.valueOf(new long[] {0xafffffd200000000L, 0x47fffffe87ffffffL});
+  // fragment      = *( pchar / "/" / "?" )
+  static final BitSet fragmentChars = queryChars;
+
+  private static final char[] hexDigitsByVal = "0123456789ABCDEF".toCharArray();
+}
diff --git a/api/src/test/java/io/grpc/UriTest.java b/api/src/test/java/io/grpc/UriTest.java
new file mode 100644
index 00000000000..df921e3e487
--- /dev/null
+++ b/api/src/test/java/io/grpc/UriTest.java
@@ -0,0 +1,601 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import com.google.common.net.InetAddresses;
+import com.google.common.testing.EqualsTester;
+import java.net.URISyntaxException;
+import java.util.BitSet;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class UriTest {
+
+  @Test
+  public void parse_allComponents() throws URISyntaxException {
+    Uri uri = Uri.parse("scheme://user@host:0443/path?query#fragment");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getAuthority()).isEqualTo("user@host:0443");
+    assertThat(uri.getUserInfo()).isEqualTo("user");
+    assertThat(uri.getPort()).isEqualTo(443);
+    assertThat(uri.getRawPort()).isEqualTo("0443");
+    assertThat(uri.getPath()).isEqualTo("/path");
+    assertThat(uri.getQuery()).isEqualTo("query");
+    assertThat(uri.getFragment()).isEqualTo("fragment");
+    assertThat(uri.toString()).isEqualTo("scheme://user@host:0443/path?query#fragment");
+    assertThat(uri.isAbsolute()).isFalse(); // Has a fragment.
+  }
+
+  @Test
+  public void parse_noAuthority() throws URISyntaxException {
+    Uri uri = Uri.parse("scheme:/path?query#fragment");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getAuthority()).isNull();
+    assertThat(uri.getPath()).isEqualTo("/path");
+    assertThat(uri.getQuery()).isEqualTo("query");
+    assertThat(uri.getFragment()).isEqualTo("fragment");
+    assertThat(uri.toString()).isEqualTo("scheme:/path?query#fragment");
+    assertThat(uri.isAbsolute()).isFalse(); // Has a fragment.
+  }
+
+  @Test
+  public void parse_ipv6Literal_withPort() throws URISyntaxException {
+    Uri uri = Uri.parse("scheme://[2001:db8::7]:012345");
+    assertThat(uri.getAuthority()).isEqualTo("[2001:db8::7]:012345");
+    assertThat(uri.getRawHost()).isEqualTo("[2001:db8::7]");
+    assertThat(uri.getHost()).isEqualTo("[2001:db8::7]");
+    assertThat(uri.getRawPort()).isEqualTo("012345");
+    assertThat(uri.getPort()).isEqualTo(12345);
+  }
+
+  @Test
+  public void parse_ipv6Literal_noPort() throws URISyntaxException {
+    Uri uri = Uri.parse("scheme://[2001:db8::7]");
+    assertThat(uri.getAuthority()).isEqualTo("[2001:db8::7]");
+    assertThat(uri.getRawHost()).isEqualTo("[2001:db8::7]");
+    assertThat(uri.getHost()).isEqualTo("[2001:db8::7]");
+    assertThat(uri.getRawPort()).isNull();
+    assertThat(uri.getPort()).isLessThan(0);
+  }
+
+  @Test
+  public void parse_noQuery() throws URISyntaxException {
+    Uri uri = Uri.parse("scheme://authority/path#fragment");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getAuthority()).isEqualTo("authority");
+    assertThat(uri.getPath()).isEqualTo("/path");
+    assertThat(uri.getQuery()).isNull();
+    assertThat(uri.getFragment()).isEqualTo("fragment");
+    assertThat(uri.toString()).isEqualTo("scheme://authority/path#fragment");
+  }
+
+  @Test
+  public void parse_noFragment() throws URISyntaxException {
+    Uri uri = Uri.parse("scheme://authority/path?query");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getAuthority()).isEqualTo("authority");
+    assertThat(uri.getPath()).isEqualTo("/path");
+    assertThat(uri.getQuery()).isEqualTo("query");
+    assertThat(uri.getFragment()).isNull();
+    assertThat(uri.toString()).isEqualTo("scheme://authority/path?query");
+    assertThat(uri.isAbsolute()).isTrue();
+  }
+
+  @Test
+  public void parse_emptyPathWithAuthority() throws URISyntaxException {
+    Uri uri = Uri.parse("scheme://authority");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getAuthority()).isEqualTo("authority");
+    assertThat(uri.getPath()).isEmpty();
+    assertThat(uri.getQuery()).isNull();
+    assertThat(uri.getFragment()).isNull();
+    assertThat(uri.toString()).isEqualTo("scheme://authority");
+    assertThat(uri.isAbsolute()).isTrue();
+  }
+
+  @Test
+  public void parse_rootless() throws URISyntaxException {
+    Uri uri = Uri.parse("mailto:ceo@company.com?subject=raise");
+    assertThat(uri.getScheme()).isEqualTo("mailto");
+    assertThat(uri.getAuthority()).isNull();
+    assertThat(uri.getPath()).isEqualTo("ceo@company.com");
+    assertThat(uri.getQuery()).isEqualTo("subject=raise");
+    assertThat(uri.getFragment()).isNull();
+    assertThat(uri.toString()).isEqualTo("mailto:ceo@company.com?subject=raise");
+    assertThat(uri.isAbsolute()).isTrue();
+  }
+
+  @Test
+  public void parse_emptyPath() throws URISyntaxException {
+    Uri uri = Uri.parse("scheme:");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getAuthority()).isNull();
+    assertThat(uri.getPath()).isEmpty();
+    assertThat(uri.getQuery()).isNull();
+    assertThat(uri.getFragment()).isNull();
+    assertThat(uri.toString()).isEqualTo("scheme:");
+    assertThat(uri.isAbsolute()).isTrue();
+  }
+
+  @Test
+  public void parse_invalidScheme_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("1scheme://authority/path"));
+    assertThat(e).hasMessageThat().contains("Scheme must start with an alphabetic char");
+
+    e = assertThrows(URISyntaxException.class, () -> Uri.parse(":path"));
+    assertThat(e).hasMessageThat().contains("Scheme must start with an alphabetic char");
+  }
+
+  @Test
+  public void parse_unTerminatedScheme_throws() {
+    URISyntaxException e = assertThrows(URISyntaxException.class, () -> Uri.parse("scheme/"));
+    assertThat(e).hasMessageThat().contains("Missing required scheme");
+
+    e = assertThrows(URISyntaxException.class, () -> Uri.parse("scheme?"));
+    assertThat(e).hasMessageThat().contains("Missing required scheme");
+
+    e = assertThrows(URISyntaxException.class, () -> Uri.parse("scheme#"));
+    assertThat(e).hasMessageThat().contains("Missing required scheme");
+  }
+
+  @Test
+  public void parse_invalidCharactersInScheme_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("schem e://authority/path"));
+    assertThat(e).hasMessageThat().contains("Invalid character in scheme");
+  }
+
+  @Test
+  public void parse_unTerminatedAuthority_throws() {
+    Uri uri = Uri.create("s://auth/");
+    assertThat(uri.getAuthority()).isEqualTo("auth");
+    uri = Uri.create("s://auth?");
+    assertThat(uri.getAuthority()).isEqualTo("auth");
+    uri = Uri.create("s://auth#");
+    assertThat(uri.getAuthority()).isEqualTo("auth");
+  }
+
+  @Test
+  public void parse_invalidCharactersInUserinfo_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("scheme://u ser@host/path"));
+    assertThat(e).hasMessageThat().contains("Invalid character in userInfo");
+  }
+
+  @Test
+  public void parse_invalidBackslashInUserinfo_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("http://other.com\\@intended.com"));
+    assertThat(e).hasMessageThat().contains("Invalid character in userInfo");
+  }
+
+  @Test
+  public void parse_invalidCharactersInHost_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("scheme://h ost/path"));
+    assertThat(e).hasMessageThat().contains("Invalid character in host");
+  }
+
+  @Test
+  public void parse_invalidBackslashInHost_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("http://other.com\\.intended.com"));
+    assertThat(e).hasMessageThat().contains("Invalid character in host");
+  }
+
+  @Test
+  public void parse_emptyPort_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("scheme://user@host:/path"));
+    assertThat(e).hasMessageThat().contains("Invalid port");
+  }
+
+  @Test
+  public void parse_invalidCharactersInPort_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("scheme://user@host:8 0/path"));
+    assertThat(e).hasMessageThat().contains("Invalid character");
+  }
+
+  @Test
+  public void parse_nonAsciiCharacterInPath_throws() throws URISyntaxException {
+    URISyntaxException e = assertThrows(URISyntaxException.class, () -> Uri.parse("foo:bär"));
+    assertThat(e).hasMessageThat().contains("Invalid character in path");
+  }
+
+  @Test
+  public void parse_invalidCharactersInPath_throws() {
+    URISyntaxException e = assertThrows(URISyntaxException.class, () -> Uri.parse("scheme:/p ath"));
+    assertThat(e).hasMessageThat().contains("Invalid character in path");
+  }
+
+  @Test
+  public void parse_invalidCharactersInQuery_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("scheme://user@host/p?q[]uery"));
+    assertThat(e).hasMessageThat().contains("Invalid character in query");
+  }
+
+  @Test
+  public void parse_invalidCharactersInFragment_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("scheme://user@host/path#f[]rag"));
+    assertThat(e).hasMessageThat().contains("Invalid character in fragment");
+  }
+
+  @Test
+  public void parse_nonAsciiCharacterInFragment_throws() throws URISyntaxException {
+    URISyntaxException e = assertThrows(URISyntaxException.class, () -> Uri.parse("foo:#bär"));
+    assertThat(e).hasMessageThat().contains("Invalid character in fragment");
+  }
+
+  @Test
+  public void parse_decoding() throws URISyntaxException {
+    Uri uri = Uri.parse("s://user%2Ename:pass%2Eword@a%2db:1234/p%20ath?q%20uery#f%20ragment");
+    assertThat(uri.getAuthority()).isEqualTo("user.name:pass.word@a-b:1234");
+    assertThat(uri.getRawAuthority()).isEqualTo("user%2Ename:pass%2Eword@a%2db:1234");
+    assertThat(uri.getUserInfo()).isEqualTo("user.name:pass.word");
+    assertThat(uri.getRawUserInfo()).isEqualTo("user%2Ename:pass%2Eword");
+    assertThat(uri.getHost()).isEqualTo("a-b");
+    assertThat(uri.getRawHost()).isEqualTo("a%2db");
+    assertThat(uri.getPort()).isEqualTo(1234);
+    assertThat(uri.getPath()).isEqualTo("/p ath");
+    assertThat(uri.getRawPath()).isEqualTo("/p%20ath");
+    assertThat(uri.getQuery()).isEqualTo("q uery");
+    assertThat(uri.getRawQuery()).isEqualTo("q%20uery");
+    assertThat(uri.getFragment()).isEqualTo("f ragment");
+    assertThat(uri.getRawFragment()).isEqualTo("f%20ragment");
+  }
+
+  @Test
+  public void parse_decodingNonAscii() throws URISyntaxException {
+    Uri uri = Uri.parse("s://a/%E2%82%AC");
+    assertThat(uri.getPath()).isEqualTo("/€");
+  }
+
+  @Test
+  public void parse_decodingPercent() throws URISyntaxException {
+    Uri uri = Uri.parse("s://a/p%2520ath?q%25uery#f%25ragment");
+    assertThat(uri.getPath()).isEqualTo("/p%20ath");
+    assertThat(uri.getQuery()).isEqualTo("q%uery");
+    assertThat(uri.getFragment()).isEqualTo("f%ragment");
+  }
+
+  @Test
+  public void parse_invalidPercentEncoding_throws() {
+    URISyntaxException e = assertThrows(URISyntaxException.class, () -> Uri.parse("s://a/p%2"));
+    assertThat(e).hasMessageThat().contains("Invalid");
+
+    e = assertThrows(URISyntaxException.class, () -> Uri.parse("s://a/p%2G"));
+    assertThat(e).hasMessageThat().contains("Invalid");
+  }
+
+  @Test
+  public void parse_emptyAuthority() {
+    Uri uri = Uri.create("file:///foo/bar");
+    assertThat(uri.getAuthority()).isEmpty();
+    assertThat(uri.getHost()).isEmpty();
+    assertThat(uri.getUserInfo()).isNull();
+    assertThat(uri.getPort()).isEqualTo(-1);
+    assertThat(uri.getPath()).isEqualTo("/foo/bar");
+  }
+
+  @Test
+  public void parse_pathSegments_empty() throws URISyntaxException {
+    Uri uri = Uri.create("scheme:");
+    assertThat(uri.getPathSegments()).isEmpty();
+  }
+
+  @Test
+  public void parse_pathSegments_root() throws URISyntaxException {
+    Uri uri = Uri.create("scheme:/");
+    assertThat(uri.getPathSegments()).containsExactly("");
+  }
+
+  @Test
+  public void parse_onePathSegment() throws URISyntaxException {
+    Uri uri = Uri.create("file:/foo");
+    assertThat(uri.getPathSegments()).containsExactly("foo");
+  }
+
+  @Test
+  public void parse_onePathSegment_trailingSlash() throws URISyntaxException {
+    Uri uri = Uri.create("file:/foo/");
+    assertThat(uri.getPathSegments()).containsExactly("foo", "");
+  }
+
+  @Test
+  public void parse_twoPathSegments() throws URISyntaxException {
+    Uri uri = Uri.create("file:/foo/bar");
+    assertThat(uri.getPathSegments()).containsExactly("foo", "bar");
+  }
+
+  @Test
+  public void toString_percentEncoding() throws URISyntaxException {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("s")
+            .setHost("a b")
+            .setPath("/p ath")
+            .setQuery("q uery")
+            .setFragment("f ragment")
+            .build();
+    assertThat(uri.toString()).isEqualTo("s://a%20b/p%20ath?q%20uery#f%20ragment");
+  }
+
+  @Test
+  public void parse_transparentRoundTrip_ipLiteral() {
+    Uri uri = Uri.create("http://[2001:dB8::7]:080/%4a%4B%2f%2F?%4c%4D#%4e%4F").toBuilder().build();
+    assertThat(uri.toString()).isEqualTo("http://[2001:dB8::7]:080/%4a%4B%2f%2F?%4c%4D#%4e%4F");
+
+    // IPv6 host has non-canonical :: zeros and mixed case hex digits.
+    assertThat(uri.getRawHost()).isEqualTo("[2001:dB8::7]");
+    assertThat(uri.getHost()).isEqualTo("[2001:dB8::7]");
+    assertThat(uri.getRawPort()).isEqualTo("080"); // Leading zeros.
+    assertThat(uri.getPort()).isEqualTo(80);
+    // Unnecessary and mixed case percent encodings.
+    assertThat(uri.getRawPath()).isEqualTo("/%4a%4B%2f%2F");
+    assertThat(uri.getPathSegments()).containsExactly("JK//");
+    assertThat(uri.getRawQuery()).isEqualTo("%4c%4D");
+    assertThat(uri.getQuery()).isEqualTo("LM");
+    assertThat(uri.getRawFragment()).isEqualTo("%4e%4F");
+    assertThat(uri.getFragment()).isEqualTo("NO");
+  }
+
+  @Test
+  public void parse_transparentRoundTrip_regName() {
+    Uri uri = Uri.create("http://aB%4A%4b:080/%4a%4B%2f%2F?%4c%4D#%4e%4F").toBuilder().build();
+    assertThat(uri.toString()).isEqualTo("http://aB%4A%4b:080/%4a%4B%2f%2F?%4c%4D#%4e%4F");
+
+    // Mixed case literal chars and hex digits.
+    assertThat(uri.getRawHost()).isEqualTo("aB%4A%4b");
+    assertThat(uri.getHost()).isEqualTo("aBJK");
+    assertThat(uri.getRawPort()).isEqualTo("080"); // Leading zeros.
+    assertThat(uri.getPort()).isEqualTo(80);
+    // Unnecessary and mixed case percent encodings.
+    assertThat(uri.getRawPath()).isEqualTo("/%4a%4B%2f%2F");
+    assertThat(uri.getPathSegments()).containsExactly("JK//");
+    assertThat(uri.getRawQuery()).isEqualTo("%4c%4D");
+    assertThat(uri.getQuery()).isEqualTo("LM");
+    assertThat(uri.getRawFragment()).isEqualTo("%4e%4F");
+    assertThat(uri.getFragment()).isEqualTo("NO");
+  }
+
+  @Test
+  public void builder_numericPort() throws URISyntaxException {
+    Uri uri = Uri.newBuilder().setScheme("scheme").setHost("host").setPort(80).build();
+    assertThat(uri.toString()).isEqualTo("scheme://host:80");
+  }
+
+  @Test
+  public void builder_ipv6Literal() throws URISyntaxException {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("scheme")
+            .setHost(InetAddresses.forString("2001:4860:4860::8844"))
+            .build();
+    assertThat(uri.toString()).isEqualTo("scheme://[2001:4860:4860::8844]");
+  }
+
+  @Test
+  public void builder_encodingWithAllowedReservedChars() throws URISyntaxException {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("s")
+            .setUserInfo("u@")
+            .setHost("a[]")
+            .setPath("/p:/@")
+            .setQuery("q/?")
+            .setFragment("f/?")
+            .build();
+    assertThat(uri.toString()).isEqualTo("s://u%40@a%5B%5D/p:/@?q/?#f/?");
+  }
+
+  @Test
+  public void builder_percentEncodingNonAscii() throws URISyntaxException {
+    Uri uri = Uri.newBuilder().setScheme("s").setHost("a").setPath("/€").build();
+    assertThat(uri.toString()).isEqualTo("s://a/%E2%82%AC");
+  }
+
+  @Test
+  public void builder_percentEncodingLoneHighSurrogate_throws() {
+    IllegalArgumentException e =
+        assertThrows(
+            IllegalArgumentException.class,
+            () -> Uri.newBuilder().setPath("\uD83D")); // Lone high surrogate.
+    assertThat(e.getMessage()).contains("Malformed input");
+  }
+
+  @Test
+  public void builder_hasAuthority_pathStartsWithSlash_throws() throws URISyntaxException {
+    IllegalArgumentException e =
+        assertThrows(
+            IllegalArgumentException.class,
+            () -> Uri.newBuilder().setScheme("s").setHost("a").setPath("path").build());
+    assertThat(e.getMessage()).contains("Non-empty path must start with '/'");
+  }
+
+  @Test
+  public void builder_noAuthority_pathStartsWithDoubleSlash_throws() throws URISyntaxException {
+    IllegalArgumentException e =
+        assertThrows(
+            IllegalArgumentException.class,
+            () -> Uri.newBuilder().setScheme("s").setPath("//path").build());
+    assertThat(e.getMessage()).contains("Path cannot start with '//'");
+  }
+
+  @Test
+  public void builder_noScheme_throws() {
+    IllegalStateException e =
+        assertThrows(IllegalStateException.class, () -> Uri.newBuilder().build());
+    assertThat(e.getMessage()).contains("Missing required scheme");
+  }
+
+  @Test
+  public void builder_noHost_hasUserInfo_throws() {
+    IllegalStateException e =
+        assertThrows(
+            IllegalStateException.class,
+            () -> Uri.newBuilder().setScheme("scheme").setUserInfo("user").build());
+    assertThat(e.getMessage()).contains("Cannot set userInfo without host");
+  }
+
+  @Test
+  public void builder_noHost_hasPort_throws() {
+    IllegalStateException e =
+        assertThrows(
+            IllegalStateException.class,
+            () -> Uri.newBuilder().setScheme("scheme").setPort(1234).build());
+    assertThat(e.getMessage()).contains("Cannot set port without host");
+  }
+
+  @Test
+  public void builder_normalizesCaseWhereAppropriate() {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("hTtP") // #section-3.1 says producers (Builder) should normalize to lower.
+            .setHost("aBc") // #section-3.2.2 says producers (Builder) should normalize to lower.
+            .setPath("/CdE") // #section-6.2.2.1 says the rest are assumed to be case-sensitive
+            .setQuery("fGh")
+            .setFragment("IjK")
+            .build();
+    assertThat(uri.toString()).isEqualTo("http://abc/CdE?fGh#IjK");
+  }
+
+  @Test
+  public void builder_normalizesIpv6Literal() {
+    Uri uri =
+        Uri.newBuilder().setScheme("scheme").setHost(InetAddresses.forString("ABCD::EFAB")).build();
+    assertThat(uri.toString()).isEqualTo("scheme://[abcd::efab]");
+  }
+
+  @Test
+  public void builder_canClearAllOptionalFields() {
+    Uri uri =
+        Uri.create("http://user@host:80/path?query#fragment").toBuilder()
+            .setHost((String) null)
+            .setPath("")
+            .setUserInfo(null)
+            .setPort(-1)
+            .setQuery(null)
+            .setFragment(null)
+            .build();
+    assertThat(uri.toString()).isEqualTo("http:");
+  }
+
+  @Test
+  public void toString_percentEncodingMultiChar() throws URISyntaxException {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("s")
+            .setHost("a")
+            .setPath("/emojis/😊/icon.png") // Smile requires two chars to express in a java String.
+            .build();
+    assertThat(uri.toString()).isEqualTo("s://a/emojis/%F0%9F%98%8A/icon.png");
+  }
+
+  @Test
+  public void toString_percentEncodingLiteralPercent() throws URISyntaxException {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("s")
+            .setHost("a")
+            .setPath("/p%20ath")
+            .setQuery("q%uery")
+            .setFragment("f%ragment")
+            .build();
+    assertThat(uri.toString()).isEqualTo("s://a/p%2520ath?q%25uery#f%25ragment");
+  }
+
+  @Test
+  public void equalsAndHashCode() {
+    new EqualsTester()
+        .addEqualityGroup(
+            Uri.create("scheme://authority/path?query#fragment"),
+            Uri.create("scheme://authority/path?query#fragment"))
+        .addEqualityGroup(Uri.create("scheme://authority/path"))
+        .addEqualityGroup(Uri.create("scheme://authority/path?query"))
+        .addEqualityGroup(Uri.create("scheme:/path"))
+        .addEqualityGroup(Uri.create("scheme:/path?query"))
+        .addEqualityGroup(Uri.create("scheme:/path#fragment"))
+        .addEqualityGroup(Uri.create("scheme:path"))
+        .addEqualityGroup(Uri.create("scheme:path?query"))
+        .addEqualityGroup(Uri.create("scheme:path#fragment"))
+        .addEqualityGroup(Uri.create("scheme:"))
+        .testEquals();
+  }
+
+  @Test
+  public void isAbsolute() {
+    assertThat(Uri.create("scheme://authority/path").isAbsolute()).isTrue();
+    assertThat(Uri.create("scheme://authority/path?query").isAbsolute()).isTrue();
+    assertThat(Uri.create("scheme://authority/path#fragment").isAbsolute()).isFalse();
+    assertThat(Uri.create("scheme://authority/path?query#fragment").isAbsolute()).isFalse();
+  }
+
+  @Test
+  public void serializedCharacterClasses_matchComputed() {
+    assertThat(Uri.digitChars).isEqualTo(bitSetOfRange('0', '9'));
+    assertThat(Uri.alphaChars).isEqualTo(or(bitSetOfRange('A', 'Z'), bitSetOfRange('a', 'z')));
+    assertThat(Uri.schemeChars)
+        .isEqualTo(or(Uri.digitChars, Uri.alphaChars, bitSetOf('+', '-', '.')));
+    assertThat(Uri.unreservedChars)
+        .isEqualTo(or(Uri.alphaChars, Uri.digitChars, bitSetOf('-', '.', '_', '~')));
+    assertThat(Uri.genDelimsChars).isEqualTo(bitSetOf(':', '/', '?', '#', '[', ']', '@'));
+    assertThat(Uri.subDelimsChars)
+        .isEqualTo(bitSetOf('!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '='));
+    assertThat(Uri.reservedChars).isEqualTo(or(Uri.genDelimsChars, Uri.subDelimsChars));
+    assertThat(Uri.regNameChars).isEqualTo(or(Uri.unreservedChars, Uri.subDelimsChars));
+    assertThat(Uri.userInfoChars)
+        .isEqualTo(or(Uri.unreservedChars, Uri.subDelimsChars, bitSetOf(':')));
+    assertThat(Uri.pChars)
+        .isEqualTo(or(Uri.unreservedChars, Uri.subDelimsChars, bitSetOf(':', '@')));
+    assertThat(Uri.pCharsAndSlash).isEqualTo(or(Uri.pChars, bitSetOf('/')));
+    assertThat(Uri.queryChars).isEqualTo(or(Uri.pChars, bitSetOf('/', '?')));
+    assertThat(Uri.fragmentChars).isEqualTo(or(Uri.pChars, bitSetOf('/', '?')));
+  }
+
+  private static BitSet bitSetOfRange(char from, char to) {
+    BitSet bitset = new BitSet();
+    for (char c = from; c <= to; c++) {
+      bitset.set(c);
+    }
+    return bitset;
+  }
+
+  private static BitSet bitSetOf(char... chars) {
+    BitSet bitset = new BitSet();
+    for (char c : chars) {
+      bitset.set(c);
+    }
+    return bitset;
+  }
+
+  private static BitSet or(BitSet... bitsets) {
+    BitSet bitset = new BitSet();
+    for (BitSet bs : bitsets) {
+      bitset.or(bs);
+    }
+    return bitset;
+  }
+}

From 283f1031f7b48ce32a2f91bb92bac93a0ca29bdd Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Fri, 5 Dec 2025 15:36:14 -0800
Subject: [PATCH 481/591] netty: Run handshakeCompleteRunnable in success cases

b/458734698
---
 .../src/main/java/io/grpc/netty/ProtocolNegotiators.java | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
index 9323c58aae1..8faf3d0fae8 100644
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -702,9 +702,6 @@ protected void userEventTriggered0(ChannelHandlerContext ctx, Object evt) throws
             Exception ex =
                 unavailableException("Failed ALPN negotiation: Unable to find compatible protocol");
             logSslEngineDetails(Level.FINE, ctx, "TLS negotiation failed.", ex);
-            if (handshakeCompleteRunnable.isPresent()) {
-              handshakeCompleteRunnable.get().run();
-            }
             ctx.fireExceptionCaught(ex);
           }
         } else {
@@ -719,11 +716,11 @@ protected void userEventTriggered0(ChannelHandlerContext ctx, Object evt) throws
                 .withCause(t)
                 .asRuntimeException();
           }
-          if (handshakeCompleteRunnable.isPresent()) {
-            handshakeCompleteRunnable.get().run();
-          }
           ctx.fireExceptionCaught(t);
         }
+        if (handshakeCompleteRunnable.isPresent()) {
+          handshakeCompleteRunnable.get().run();
+        }
       } else {
         super.userEventTriggered0(ctx, evt);
       }

From bdbcaf1795fbb486d970e8a167e0748fae3f8d4c Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 9 Dec 2025 14:14:10 +0530
Subject: [PATCH 482/591] Start 1.79.0 development cycle (#12557)

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index f81f287588f..ab3534b3ef8 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,7 +2,7 @@ module(
     name = "grpc-java",
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.78.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.79.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
diff --git a/build.gradle b/build.gradle
index 50b7419df64..91690c1e3c3 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.78.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.79.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 3451d0cad09..5289f632637 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.78.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.79.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index e86ad0b8f08..b603c40f09f 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.78.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.79.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 4a9da1d19fe..1b5feeccb4a 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.78.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.79.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 67c97bbf690..dca8c091f17 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,4 +1,4 @@
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.78.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.79.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
 bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 0a3cd38b6ed..61d29f253c9 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,11 +54,11 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.4.5'
-    testImplementation 'io.grpc:grpc-testing:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 60d32f0360d..5df93b8cd6e 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index c232389ff3d..ff133450f0e 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index 6c8209621a9..40155447d7b 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,7 +53,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index 3c7464ea2d2..cc8f15fd9c9 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 4796123ef23..97233a56775 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index a21ece5686f..517948dec81 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index ddfedaa2e39..5a521e746b3 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index affd18996e6..cd6f2885779 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 66e6b481da4..05a873a7c49 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 1d305677048..3ec28dd8785 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 73efa507656..80db41266aa 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index d02e0d76ec4..5ed39227f41 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.56.0'
 def openTelemetryPrometheusVersion = '1.56.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 9ece32e2b78..8ed29af77ec 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 671de65d2ff..ffe52075785 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index d228ee3e7c5..c302537146f 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index c2ff9f7a7f2..938eb424c81 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 5deb3583561..5a0697b2357 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 447e40f1f3e..7f6e1c425d8 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 85103ec9121..70b9682bb11 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 2c953b3d487..17286dcd546 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.56.0'
 def openTelemetryPrometheusVersion = '1.56.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index e188b4079ef..b4d66282dab 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 5148eaf7938..472281c4b79 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 3ee7bb2a592..12458971e30 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index b36d21f1b41..d88bced17bf 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index 34819f52a45..6f7243be5a6 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index f5945320080..fe74bada961 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.78.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 544f737ceb1..642e0983e03 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.78.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.78.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for JDK 8 -->

From b61a8f49c0e14f98f5315deb2ca89d67d1e2ea4a Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Wed, 10 Dec 2025 09:49:25 -0800
Subject: [PATCH 483/591] compiler: Upgrade Bazel protobuf to 33.1 (#12553)

Following up on
https://github.com/grpc/grpc-java/commit/58ae5f808cf8e20c5864033c9a8f485b237f9dfc,
change Bazel's view of the protobuf version to 33.1 too.

This is a bit of an adventure in the bzlmod/WORKSPACE compatibility
maze. A few rulesets like `rules_java` must be upgraded too.

C++ compilation must happen until C++17 now due to the new abseil
version required.

Dependency on `rules_proto` is removed because it has become a
superfluous wrapper over rules in the upstream protobuf repo.
---
 .bazelrc                              |  2 +-
 .github/workflows/testing.yml         |  2 +-
 MODULE.bazel                          | 11 ++++-------
 WORKSPACE                             | 27 +++++++++++++++++++++++----
 alts/BUILD.bazel                      |  2 +-
 buildscripts/kokoro/unix.sh           |  1 +
 examples/.bazelrc                     |  2 +-
 examples/BUILD.bazel                  |  3 ++-
 examples/MODULE.bazel                 |  3 +--
 examples/WORKSPACE                    | 11 +++++++++--
 examples/example-alts/BUILD.bazel     |  3 ++-
 examples/example-hostname/BUILD.bazel |  3 ++-
 examples/example-tls/BUILD.bazel      |  3 ++-
 java_grpc_library.bzl                 |  3 ++-
 repositories.bzl                      |  6 +++---
 testing-proto/BUILD.bazel             |  2 +-
 xds/BUILD.bazel                       |  4 ++--
 17 files changed, 58 insertions(+), 30 deletions(-)

diff --git a/.bazelrc b/.bazelrc
index 554440cfe3d..53485cb9743 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -1 +1 @@
-build --cxxopt=-std=c++14 --host_cxxopt=-std=c++14
+build --cxxopt=-std=c++17 --host_cxxopt=-std=c++17
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 4fe75b0be78..ccabd9be79f 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -81,7 +81,7 @@ jobs:
       matrix:
         bzlmod: [true, false]
     env:
-      USE_BAZEL_VERSION: 7.0.0
+      USE_BAZEL_VERSION: 7.7.1
 
     steps:
     - uses: actions/checkout@v4
diff --git a/MODULE.bazel b/MODULE.bazel
index ab3534b3ef8..92749683dde 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -48,17 +48,14 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
 
 bazel_dep(name = "bazel_jar_jar", version = "0.1.7")
 bazel_dep(name = "bazel_skylib", version = "1.7.1")
-bazel_dep(name = "googleapis", repo_name = "com_google_googleapis", version = "0.0.0-20240326-1c8d509c5")
-bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
-# Protobuf 25.5+ is incompatible with Bazel 7 with bzlmod
-bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "24.4")
+bazel_dep(name = "googleapis", version = "0.0.0-20240326-1c8d509c5", repo_name = "com_google_googleapis")
+bazel_dep(name = "grpc-proto", version = "0.0.0-20240627-ec30f58", repo_name = "io_grpc_grpc_proto")
+bazel_dep(name = "protobuf", version = "33.1", repo_name = "com_google_protobuf")
 bazel_dep(name = "rules_cc", version = "0.0.9")
-bazel_dep(name = "rules_java", version = "5.3.5")
+bazel_dep(name = "rules_java", version = "9.1.0")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
-bazel_dep(name = "rules_proto", version = "5.3.0-21.7")
 
 maven = use_extension("@rules_jvm_external//:extensions.bzl", "maven")
-
 maven.install(
     artifacts = IO_GRPC_GRPC_JAVA_ARTIFACTS,
     repositories = [
diff --git a/WORKSPACE b/WORKSPACE
index 227ef332757..e5fa1a185f7 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -2,12 +2,28 @@ workspace(name = "io_grpc_grpc_java")
 
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
+http_archive(
+    name = "bazel_features",
+    sha256 = "a660027f5a87f13224ab54b8dc6e191693c554f2692fcca46e8e29ee7dabc43b",
+    strip_prefix = "bazel_features-1.30.0",
+    url = "https://github.com/bazel-contrib/bazel_features/releases/download/v1.30.0/bazel_features-v1.30.0.tar.gz",
+)
+
+load("@bazel_features//:deps.bzl", "bazel_features_deps")
+bazel_features_deps()
+
 http_archive(
     name = "rules_java",
-    url = "https://github.com/bazelbuild/rules_java/releases/download/5.3.5/rules_java-5.3.5.tar.gz",
-    sha256 = "c73336802d0b4882e40770666ad055212df4ea62cfa6edf9cb0f9d29828a0934",
+    urls = [
+        "https://github.com/bazelbuild/rules_java/releases/download/9.1.0/rules_java-9.1.0.tar.gz",
+    ],
+    sha256 = "4e1a28a25c2efa53500c928d22ceffbc505dd95b335a2d025836a293b592212f",
 )
 
+load("@rules_java//java:rules_java_deps.bzl", "compatibility_proxy_repo")
+
+compatibility_proxy_repo()
+
 http_archive(
     name = "rules_jvm_external",
     sha256 = "d31e369b854322ca5098ea12c69d7175ded971435e55c18dd9dd5f29cc5249ac",
@@ -26,11 +42,14 @@ load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar_repositories")
 
 jar_jar_repositories()
 
-load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS")
-load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
+load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS", "protobuf_deps")
 
 protobuf_deps()
 
+load("@rules_python//python:repositories.bzl", "py_repositories")
+
+py_repositories()
+
 load("@com_google_googleapis//:repository_rules.bzl", "switched_rules_by_language")
 
 switched_rules_by_language(
diff --git a/alts/BUILD.bazel b/alts/BUILD.bazel
index d2c01449dc3..5cf14504e2c 100644
--- a/alts/BUILD.bazel
+++ b/alts/BUILD.bazel
@@ -1,6 +1,6 @@
+load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@rules_java//java:defs.bzl", "java_library", "java_proto_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
-load("@rules_proto//proto:defs.bzl", "proto_library")
 load("//:java_grpc_library.bzl", "java_grpc_library")
 
 java_library(
diff --git a/buildscripts/kokoro/unix.sh b/buildscripts/kokoro/unix.sh
index 455d9c07199..693768a0270 100755
--- a/buildscripts/kokoro/unix.sh
+++ b/buildscripts/kokoro/unix.sh
@@ -38,6 +38,7 @@ ARCH="$ARCH" buildscripts/make_dependencies.sh
 
 # Set properties via flags, do not pollute gradle.properties
 GRADLE_FLAGS="${GRADLE_FLAGS:-}"
+GRADLE_FLAGS+=" --stacktrace"
 GRADLE_FLAGS+=" -PtargetArch=$ARCH"
 
 # For universal binaries on macOS, signal Gradle to use universal flags.
diff --git a/examples/.bazelrc b/examples/.bazelrc
index 554440cfe3d..53485cb9743 100644
--- a/examples/.bazelrc
+++ b/examples/.bazelrc
@@ -1 +1 @@
-build --cxxopt=-std=c++14 --host_cxxopt=-std=c++14
+build --cxxopt=-std=c++17 --host_cxxopt=-std=c++17
diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel
index 3a0936780a0..24f6966e053 100644
--- a/examples/BUILD.bazel
+++ b/examples/BUILD.bazel
@@ -1,4 +1,5 @@
-load("@rules_proto//proto:defs.bzl", "proto_library")
+load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
+load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
 
 proto_library(
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index dca8c091f17..78c6a42df9b 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,8 +1,7 @@
 bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.79.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
-bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "23.1")
+bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "33.1")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
-bazel_dep(name = "rules_proto", version = "5.3.0-21.7")
 
 # Do not use this override in your own MODULE.bazel. It is unnecessary when
 # using a version from BCR. Be aware the gRPC Java team does not update the
diff --git a/examples/WORKSPACE b/examples/WORKSPACE
index 66a713a1a01..6080a3c3d25 100644
--- a/examples/WORKSPACE
+++ b/examples/WORKSPACE
@@ -34,11 +34,18 @@ jar_jar_repositories()
 
 # Protobuf now requires C++14 or higher, which requires Bazel configuration
 # outside the WORKSPACE. See .bazelrc in this directory.
-load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS")
-load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
+load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS", "protobuf_deps")
 
 protobuf_deps()
 
+load("@rules_python//python:repositories.bzl", "py_repositories")
+
+py_repositories()
+
+load("@rules_java//java:rules_java_deps.bzl", "compatibility_proxy_repo")
+
+compatibility_proxy_repo()
+
 load("@com_google_googleapis//:repository_rules.bzl", "switched_rules_by_language")
 
 switched_rules_by_language(
diff --git a/examples/example-alts/BUILD.bazel b/examples/example-alts/BUILD.bazel
index 0404dcccf81..2bb0d532fa5 100644
--- a/examples/example-alts/BUILD.bazel
+++ b/examples/example-alts/BUILD.bazel
@@ -1,4 +1,5 @@
-load("@rules_proto//proto:defs.bzl", "proto_library")
+load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
+load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
 
 proto_library(
diff --git a/examples/example-hostname/BUILD.bazel b/examples/example-hostname/BUILD.bazel
index 8b76f790983..adb50da94f9 100644
--- a/examples/example-hostname/BUILD.bazel
+++ b/examples/example-hostname/BUILD.bazel
@@ -1,4 +1,5 @@
-load("@rules_proto//proto:defs.bzl", "proto_library")
+load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
+load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
 
 proto_library(
diff --git a/examples/example-tls/BUILD.bazel b/examples/example-tls/BUILD.bazel
index 81913836766..e46f1db9e5a 100644
--- a/examples/example-tls/BUILD.bazel
+++ b/examples/example-tls/BUILD.bazel
@@ -1,4 +1,5 @@
-load("@rules_proto//proto:defs.bzl", "proto_library")
+load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
+load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
 
 proto_library(
diff --git a/java_grpc_library.bzl b/java_grpc_library.bzl
index aaebfe3f933..e6afc028883 100644
--- a/java_grpc_library.bzl
+++ b/java_grpc_library.bzl
@@ -1,5 +1,6 @@
 """Build rule for java_grpc_library."""
-load("@rules_proto//proto:defs.bzl", "ProtoInfo")
+
+load("@com_google_protobuf//bazel/common:proto_info.bzl", "ProtoInfo")
 load("@rules_java//java:defs.bzl", "JavaInfo", "JavaPluginInfo", "java_common")
 
 _JavaRpcToolchainInfo = provider(
diff --git a/repositories.bzl b/repositories.bzl
index f227b8f72c4..43b7fcfe1ed 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -116,9 +116,9 @@ def com_google_protobuf():
     # This statement defines the @com_google_protobuf repo.
     http_archive(
         name = "com_google_protobuf",
-        sha256 = "3cf7d5b17c4ff04fe9f038104e9d0cae6da09b8ce271c13e44f8ac69f51e4e0f",
-        strip_prefix = "protobuf-25.5",
-        urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v25.5/protobuf-25.5.tar.gz"],
+        sha256 = "fda132cb0c86400381c0af1fe98bd0f775cb566cb247cdcc105e344e00acc30e",
+        strip_prefix = "protobuf-33.1",
+        urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v33.1/protobuf-33.1.tar.gz"],
     )
 
 def io_grpc_grpc_proto():
diff --git a/testing-proto/BUILD.bazel b/testing-proto/BUILD.bazel
index f02957c6fc3..362cee91463 100644
--- a/testing-proto/BUILD.bazel
+++ b/testing-proto/BUILD.bazel
@@ -1,5 +1,5 @@
+load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@rules_java//java:defs.bzl", "java_proto_library")
-load("@rules_proto//proto:defs.bzl", "proto_library")
 load("//:java_grpc_library.bzl", "java_grpc_library")
 
 proto_library(
diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index 66c790a654d..be44abf4f39 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -1,6 +1,6 @@
-load("@rules_java//java:defs.bzl", "java_binary", "java_library", "java_proto_library", "java_test")
-load("@rules_proto//proto:defs.bzl", "proto_library")
 load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar")
+load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
+load("@rules_java//java:defs.bzl", "java_binary", "java_library", "java_proto_library", "java_test")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "INTERNAL_java_grpc_library_for_xds", "java_grpc_library", "java_rpc_toolchain")
 

From 226b1e5ecc7ddcbb819cfc893308ac46973d16d5 Mon Sep 17 00:00:00 2001
From: Jeroen Meijer <jjgmeijer@gmail.com>
Date: Thu, 11 Dec 2025 08:48:46 +0100
Subject: [PATCH 484/591] api: Add missing @Nullable annotation (#12559)

This simple commit adds a missing but necessary @Nullable annotation to
`StatusException.getTrailers()`.
---
 api/src/main/java/io/grpc/StatusException.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/src/main/java/io/grpc/StatusException.java b/api/src/main/java/io/grpc/StatusException.java
index 2a235c3aaaf..c0a67a375b2 100644
--- a/api/src/main/java/io/grpc/StatusException.java
+++ b/api/src/main/java/io/grpc/StatusException.java
@@ -65,6 +65,7 @@ public final Status getStatus() {
    *
    * @since 1.0.0
    */
+  @Nullable
   public final Metadata getTrailers() {
     return trailers;
   }

From 24bd540261f0eb077d9686e12c5b9e076ddae97f Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 19 Nov 2025 10:18:39 -0800
Subject: [PATCH 485/591] xds: Fix WRR test flake with TSAN

Fixes:
```
org.mockito.exceptions.verification.TooManyActualInvocations:
metricSink.addLongCounter(
    <custom argument matcher>,
    1L,
    [directaddress:///wrr-metrics],
    [, ]
);
Wanted 1 time:
-> at io.grpc.xds.WeightedRoundRobinLoadBalancerTest.metricWithRealChannel(WeightedRoundRobinLoadBalancerTest.java:1307)
But was 2 times:
-> at io.grpc.internal.MetricRecorderImpl.addLongCounter(MetricRecorderImpl.java:103)
-> at io.grpc.internal.MetricRecorderImpl.addLongCounter(MetricRecorderImpl.java:103)

	at io.grpc.xds.WeightedRoundRobinLoadBalancerTest.metricWithRealChannel(WeightedRoundRobinLoadBalancerTest.java:1307)
```
---
 .../java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
index 868bc811a70..9fac46eaf09 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
@@ -21,6 +21,7 @@
 import static org.mockito.AdditionalAnswers.delegatesTo;
 import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.atLeast;
 import static org.mockito.Mockito.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -1303,8 +1304,8 @@ public void metricWithRealChannel() throws Exception {
     assertThat(recorder.getError()).isNull();
 
     // Make sure at least one metric works. The other tests will make sure other metrics and the
-    // edge cases are working.
-    verify(metrics).addLongCounter(
+    // edge cases are working. Since this is racy, we just care it happened at least once.
+    verify(metrics, atLeast(1)).addLongCounter(
         argThat((instr) -> instr.getName().equals("grpc.lb.wrr.rr_fallback")),
         eq(1L),
         eq(Arrays.asList("directaddress:///wrr-metrics")),

From ed6d175fccf287face885184723bdfb021452123 Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Tue, 16 Dec 2025 22:18:03 +0900
Subject: [PATCH 486/591] okhttp: Assert no pending streams before transport
 READY (#12566)

### What this PR does

Based on guidance from maintainers and what I have observed in the
OkHttpClientTransport lifecycle, it seems that no pending streams should
exist when the transport transitions to READY.
This PR adds an assertion to help verify this invariant.

---

### Note on Testing

All existing tests pass with this assertion in place.

---

This PR corresponds to **Step 2** of the plan discussed in #11985, by
adding an explicit assertion to help ensure the transport readiness
invariant.

Fixes #11985
---
 .../src/main/java/io/grpc/okhttp/OkHttpClientTransport.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index 2b344554644..ce1ff29aa5b 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -802,7 +802,9 @@ public void run() {
         }
         synchronized (lock) {
           maxConcurrentStreams = Integer.MAX_VALUE;
-          startPendingStreams();
+          checkState(pendingStreams.isEmpty(),
+              "Pending streams detected during transport start."
+                  + " RPCs should not be started before transport is ready.");
         }
         // ClientFrameHandler need to be started after connectionPreface / settings, otherwise it
         // may send goAway immediately.

From 7f398052de7743a32f4231fa6e72ee97051fcdf6 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 16 Dec 2025 10:38:54 -0800
Subject: [PATCH 487/591] api: Fix encoding of IPv6 scopes. (#12564)

Both `java.net.Uri` and Guava's `InetAddresses` predate standardization
of IPv6 scopes in URIs. They both emit/accept a naked % between the
[square bracketed] address. This causes the current implementation to
crash in io.grpc.Uri#getHost while percent decoding. RFC 6874 says that
% in an IP-literal must be percent-encoded just as is done everywhere
else.

RFC 3986 & 9844 say not to support scopes at all but I think we should, for feature parity with `java.net.Uri`. (Other contemporary libraries take the same approach, e.g. https://pkg.go.dev/net/url). A future PR will provide a first-class method to convert from `java.net.Uri` handling all the edge cases.
---
 api/src/main/java/io/grpc/Uri.java     | 28 ++++++++++-
 api/src/test/java/io/grpc/UriTest.java | 65 ++++++++++++++++++++++++++
 2 files changed, 92 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/io/grpc/Uri.java b/api/src/main/java/io/grpc/Uri.java
index 01aaed31c74..0ef6212d35a 100644
--- a/api/src/main/java/io/grpc/Uri.java
+++ b/api/src/main/java/io/grpc/Uri.java
@@ -142,6 +142,12 @@
  *
  * <p>{@link java.net.URI} and {@link Uri} both support IPv6 literals in square brackets as defined
  * by RFC 2732.
+ *
+ * <p>{@link java.net.URI} supports IPv6 scope IDs but accepts and emits a non-standard syntax.
+ * {@link Uri} implements the newer RFC 6874, which percent encodes scope IDs and the % delimiter
+ * itself. RFC 9844 claims to obsolete RFC 6874 because web browsers would not support it. This
+ * class implements RFC 6874 anyway, mostly to avoid creating a barrier to migration away from
+ * {@link java.net.URI}.
  */
 @Internal
 public final class Uri {
@@ -825,12 +831,32 @@ public Builder setHost(@Nullable String regName) {
      */
     @CanIgnoreReturnValue
     public Builder setHost(@Nullable InetAddress addr) {
-      this.host = addr != null ? InetAddresses.toUriString(addr) : null;
+      this.host = addr != null ? toUriString(addr) : null;
       return this;
     }
 
+    private static String toUriString(InetAddress addr) {
+      // InetAddresses.toUriString(addr) is almost enough but neglects RFC 6874 percent encoding.
+      String inetAddrStr = InetAddresses.toUriString(addr);
+      int percentIndex = inetAddrStr.indexOf('%');
+      if (percentIndex < 0) {
+        return inetAddrStr;
+      }
+
+      String scope = inetAddrStr.substring(percentIndex, inetAddrStr.length() - 1);
+      return inetAddrStr.substring(0, percentIndex) + percentEncode(scope, unreservedChars) + "]";
+    }
+
     @CanIgnoreReturnValue
     Builder setRawHost(String host) {
+      if (host.startsWith("[") && host.endsWith("]")) {
+        // IP-literal: Guava's isUriInetAddress() is almost enough but it doesn't check the scope.
+        int percentIndex = host.indexOf('%');
+        if (percentIndex > 0) {
+          String scope = host.substring(percentIndex, host.length() - 1);
+          checkPercentEncodedArg(scope, "scope", unreservedChars);
+        }
+      }
       // IP-literal validation is complicated so we delegate it to Guava. We use this particular
       // method of InetAddresses because it doesn't try to match interfaces on the local machine.
       // (The validity of a URI should be the same no matter which machine does the parsing.)
diff --git a/api/src/test/java/io/grpc/UriTest.java b/api/src/test/java/io/grpc/UriTest.java
index df921e3e487..12fc9813b60 100644
--- a/api/src/test/java/io/grpc/UriTest.java
+++ b/api/src/test/java/io/grpc/UriTest.java
@@ -18,10 +18,13 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertThrows;
+import static org.junit.Assume.assumeNoException;
 
 import com.google.common.net.InetAddresses;
 import com.google.common.testing.EqualsTester;
+import java.net.Inet6Address;
 import java.net.URISyntaxException;
+import java.net.UnknownHostException;
 import java.util.BitSet;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -77,6 +80,20 @@ public void parse_ipv6Literal_noPort() throws URISyntaxException {
     assertThat(uri.getPort()).isLessThan(0);
   }
 
+  @Test
+  public void parse_ipv6ScopedLiteral() throws URISyntaxException {
+    Uri uri = Uri.parse("http://[fe80::1%25eth0]");
+    assertThat(uri.getRawHost()).isEqualTo("[fe80::1%25eth0]");
+    assertThat(uri.getHost()).isEqualTo("[fe80::1%eth0]");
+  }
+
+  @Test
+  public void parse_ipv6ScopedPercentEncodedLiteral() throws URISyntaxException {
+    Uri uri = Uri.parse("http://[fe80::1%25foo-bar%2Fblah]");
+    assertThat(uri.getRawHost()).isEqualTo("[fe80::1%25foo-bar%2Fblah]");
+    assertThat(uri.getHost()).isEqualTo("[fe80::1%foo-bar/blah]");
+  }
+
   @Test
   public void parse_noQuery() throws URISyntaxException {
     Uri uri = Uri.parse("scheme://authority/path#fragment");
@@ -203,6 +220,13 @@ public void parse_invalidBackslashInHost_throws() {
     assertThat(e).hasMessageThat().contains("Invalid character in host");
   }
 
+  @Test
+  public void parse_invalidBackslashScope_throws() {
+    URISyntaxException e =
+        assertThrows(URISyntaxException.class, () -> Uri.parse("http://[::1%25foo\\bar]"));
+    assertThat(e).hasMessageThat().contains("Invalid character in scope");
+  }
+
   @Test
   public void parse_emptyPort_throws() {
     URISyntaxException e =
@@ -397,6 +421,47 @@ public void builder_ipv6Literal() throws URISyntaxException {
     assertThat(uri.toString()).isEqualTo("scheme://[2001:4860:4860::8844]");
   }
 
+  @Test
+  public void builder_ipv6ScopedLiteral_numeric() throws UnknownHostException {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("http")
+            // Create an address with a numeric scope_id, which should always be valid.
+            .setHost(
+                Inet6Address.getByAddress(null, InetAddresses.forString("fe80::1").getAddress(), 1))
+            .build();
+
+    // We expect the scope ID to be percent encoded.
+    assertThat(uri.getRawHost()).isEqualTo("[fe80::1%251]");
+    assertThat(uri.getHost()).isEqualTo("[fe80::1%1]");
+  }
+
+  @Test
+  public void builder_ipv6ScopedLiteral_named() throws UnknownHostException {
+    // Unfortunately, there's no Java API to create an Inet6Address with an arbitrary interface-
+    // scoped name. There's actually no way to hermetically create an Inet6Address with a scope name
+    // at all! The following address/interface is likely to be present on Linux test runners.
+    Inet6Address address;
+    try {
+      address = (Inet6Address) InetAddresses.forString("::1%lo");
+    } catch (IllegalArgumentException e) {
+      assumeNoException(e);
+      return; // Not reached.
+    }
+    Uri uri = Uri.newBuilder().setScheme("http").setHost(address).build();
+
+    // We expect the scope ID to be percent encoded.
+    assertThat(uri.getRawHost()).isEqualTo("[::1%25lo]");
+    assertThat(uri.getHost()).isEqualTo("[::1%lo]");
+  }
+
+  @Test
+  public void builder_ipv6PercentEncodedScopedLiteral() {
+    Uri uri = Uri.newBuilder().setScheme("http").setRawHost("[fe80::1%25foo%2Dbar%2Fblah]").build();
+    assertThat(uri.getRawHost()).isEqualTo("[fe80::1%25foo%2Dbar%2Fblah]");
+    assertThat(uri.getHost()).isEqualTo("[fe80::1%foo-bar/blah]");
+  }
+
   @Test
   public void builder_encodingWithAllowedReservedChars() throws URISyntaxException {
     Uri uri =

From b3f6adf52622881776ade3a7e59c7ac05f56b56a Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Tue, 16 Dec 2025 18:52:49 -0800
Subject: [PATCH 488/591] Format Bazel files (#12560)

This prevents automated transformations of BUILD files from making
extraneous diff noise.
---
 MODULE.bazel                          | 25 +------------------------
 WORKSPACE                             |  7 +++----
 compiler/BUILD.bazel                  |  2 +-
 context/BUILD.bazel                   |  1 +
 examples/BUILD.bazel                  |  2 ++
 examples/MODULE.bazel                 |  8 ++++----
 examples/WORKSPACE                    |  4 +---
 examples/example-alts/BUILD.bazel     |  2 ++
 examples/example-gauth/BUILD.bazel    |  3 ++-
 examples/example-hostname/BUILD.bazel |  2 ++
 examples/example-tls/BUILD.bazel      |  2 ++
 s2a/BUILD.bazel                       |  8 ++++----
 12 files changed, 25 insertions(+), 41 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 92749683dde..42568eef6fd 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -1,8 +1,8 @@
 module(
     name = "grpc-java",
+    version = "1.79.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
-    version = "1.79.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
 )
 
 # GRPC_DEPS_START
@@ -63,119 +63,96 @@ maven.install(
     ],
     strict_visibility = True,
 )
-
 use_repo(maven, "maven")
 
 maven.override(
     coordinates = "com.google.protobuf:protobuf-java",
     target = "@com_google_protobuf//:protobuf_java",
 )
-
 maven.override(
     coordinates = "com.google.protobuf:protobuf-java-util",
     target = "@com_google_protobuf//:protobuf_java_util",
 )
-
 maven.override(
     coordinates = "com.google.protobuf:protobuf-javalite",
     target = "@com_google_protobuf//:protobuf_javalite",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-alts",
     target = "@io_grpc_grpc_java//alts",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-api",
     target = "@io_grpc_grpc_java//api",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-auth",
     target = "@io_grpc_grpc_java//auth",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-census",
     target = "@io_grpc_grpc_java//census",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-context",
     target = "@io_grpc_grpc_java//context",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-core",
     target = "@io_grpc_grpc_java//core:core_maven",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-googleapis",
     target = "@io_grpc_grpc_java//googleapis",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-grpclb",
     target = "@io_grpc_grpc_java//grpclb",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-inprocess",
     target = "@io_grpc_grpc_java//inprocess",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-netty",
     target = "@io_grpc_grpc_java//netty",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-netty-shaded",
     target = "@io_grpc_grpc_java//netty:shaded_maven",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-okhttp",
     target = "@io_grpc_grpc_java//okhttp",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-protobuf",
     target = "@io_grpc_grpc_java//protobuf",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-protobuf-lite",
     target = "@io_grpc_grpc_java//protobuf-lite",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-rls",
     target = "@io_grpc_grpc_java//rls",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-services",
     target = "@io_grpc_grpc_java//services:services_maven",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-stub",
     target = "@io_grpc_grpc_java//stub",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-testing",
     target = "@io_grpc_grpc_java//testing",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-xds",
     target = "@io_grpc_grpc_java//xds:xds_maven",
 )
-
 maven.override(
     coordinates = "io.grpc:grpc-util",
     target = "@io_grpc_grpc_java//util",
diff --git a/WORKSPACE b/WORKSPACE
index e5fa1a185f7..7d435ec82dc 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -10,14 +10,15 @@ http_archive(
 )
 
 load("@bazel_features//:deps.bzl", "bazel_features_deps")
+
 bazel_features_deps()
 
 http_archive(
     name = "rules_java",
+    sha256 = "4e1a28a25c2efa53500c928d22ceffbc505dd95b335a2d025836a293b592212f",
     urls = [
         "https://github.com/bazelbuild/rules_java/releases/download/9.1.0/rules_java-9.1.0.tar.gz",
     ],
-    sha256 = "4e1a28a25c2efa53500c928d22ceffbc505dd95b335a2d025836a293b592212f",
 )
 
 load("@rules_java//java:rules_java_deps.bzl", "compatibility_proxy_repo")
@@ -32,9 +33,7 @@ http_archive(
 )
 
 load("@rules_jvm_external//:defs.bzl", "maven_install")
-load("//:repositories.bzl", "IO_GRPC_GRPC_JAVA_ARTIFACTS")
-load("//:repositories.bzl", "IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS")
-load("//:repositories.bzl", "grpc_java_repositories")
+load("//:repositories.bzl", "IO_GRPC_GRPC_JAVA_ARTIFACTS", "IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS", "grpc_java_repositories")
 
 grpc_java_repositories()
 
diff --git a/compiler/BUILD.bazel b/compiler/BUILD.bazel
index 30ff3ce5dff..e8a0571e134 100644
--- a/compiler/BUILD.bazel
+++ b/compiler/BUILD.bazel
@@ -1,5 +1,5 @@
-load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_cc//cc:defs.bzl", "cc_binary")
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "java_rpc_toolchain")
 
diff --git a/context/BUILD.bazel b/context/BUILD.bazel
index fad8e2ef881..0a51dca24a9 100644
--- a/context/BUILD.bazel
+++ b/context/BUILD.bazel
@@ -1,4 +1,5 @@
 load("@rules_java//java:defs.bzl", "java_library")
+
 java_library(
     name = "context",
     visibility = ["//visibility:public"],
diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel
index 24f6966e053..e3ef8c5ac5d 100644
--- a/examples/BUILD.bazel
+++ b/examples/BUILD.bazel
@@ -1,6 +1,8 @@
 load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
 load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
+load("@rules_java//java:java_binary.bzl", "java_binary")
+load("@rules_java//java:java_library.bzl", "java_library")
 
 proto_library(
     name = "helloworld_proto",
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 78c6a42df9b..36fbdeb8420 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,6 +1,7 @@
-bazel_dep(name = "grpc-java", repo_name = "io_grpc_grpc_java", version = "1.79.0-SNAPSHOT")  # CURRENT_GRPC_VERSION
-bazel_dep(name = "grpc-proto", repo_name = "io_grpc_grpc_proto", version = "0.0.0-20240627-ec30f58")
-bazel_dep(name = "protobuf", repo_name = "com_google_protobuf", version = "33.1")
+bazel_dep(name = "grpc-java", version = "1.79.0-SNAPSHOT", repo_name = "io_grpc_grpc_java")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "rules_java", version = "9.3.0")
+bazel_dep(name = "grpc-proto", version = "0.0.0-20240627-ec30f58", repo_name = "io_grpc_grpc_proto")
+bazel_dep(name = "protobuf", version = "33.1", repo_name = "com_google_protobuf")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
 
 # Do not use this override in your own MODULE.bazel. It is unnecessary when
@@ -19,7 +20,6 @@ local_path_override(
 )
 
 maven = use_extension("@rules_jvm_external//:extensions.bzl", "maven")
-
 use_repo(maven, "maven")
 
 maven.install(
diff --git a/examples/WORKSPACE b/examples/WORKSPACE
index 6080a3c3d25..f26e3124562 100644
--- a/examples/WORKSPACE
+++ b/examples/WORKSPACE
@@ -21,10 +21,8 @@ http_archive(
     url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/5.3/rules_jvm_external-5.3.tar.gz",
 )
 
+load("@io_grpc_grpc_java//:repositories.bzl", "IO_GRPC_GRPC_JAVA_ARTIFACTS", "IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS", "grpc_java_repositories")
 load("@rules_jvm_external//:defs.bzl", "maven_install")
-load("@io_grpc_grpc_java//:repositories.bzl", "IO_GRPC_GRPC_JAVA_ARTIFACTS")
-load("@io_grpc_grpc_java//:repositories.bzl", "IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS")
-load("@io_grpc_grpc_java//:repositories.bzl", "grpc_java_repositories")
 
 grpc_java_repositories()
 
diff --git a/examples/example-alts/BUILD.bazel b/examples/example-alts/BUILD.bazel
index 2bb0d532fa5..4d66accfc19 100644
--- a/examples/example-alts/BUILD.bazel
+++ b/examples/example-alts/BUILD.bazel
@@ -1,6 +1,8 @@
 load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
 load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
+load("@rules_java//java:java_binary.bzl", "java_binary")
+load("@rules_java//java:java_library.bzl", "java_library")
 
 proto_library(
     name = "helloworld_proto",
diff --git a/examples/example-gauth/BUILD.bazel b/examples/example-gauth/BUILD.bazel
index edc4a291e27..033c51f8856 100644
--- a/examples/example-gauth/BUILD.bazel
+++ b/examples/example-gauth/BUILD.bazel
@@ -1,4 +1,5 @@
-load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
+load("@rules_java//java:java_binary.bzl", "java_binary")
+load("@rules_java//java:java_library.bzl", "java_library")
 
 java_library(
     name = "example-gauth",
diff --git a/examples/example-hostname/BUILD.bazel b/examples/example-hostname/BUILD.bazel
index adb50da94f9..d5bd3aba94c 100644
--- a/examples/example-hostname/BUILD.bazel
+++ b/examples/example-hostname/BUILD.bazel
@@ -1,6 +1,8 @@
 load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
 load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
+load("@rules_java//java:java_binary.bzl", "java_binary")
+load("@rules_java//java:java_library.bzl", "java_library")
 
 proto_library(
     name = "helloworld_proto",
diff --git a/examples/example-tls/BUILD.bazel b/examples/example-tls/BUILD.bazel
index e46f1db9e5a..cb46ef5bb30 100644
--- a/examples/example-tls/BUILD.bazel
+++ b/examples/example-tls/BUILD.bazel
@@ -1,6 +1,8 @@
 load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
 load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
 load("@io_grpc_grpc_java//:java_grpc_library.bzl", "java_grpc_library")
+load("@rules_java//java:java_binary.bzl", "java_binary")
+load("@rules_java//java:java_library.bzl", "java_library")
 
 proto_library(
     name = "helloworld_proto",
diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel
index 6f58670534b..34387206ba5 100644
--- a/s2a/BUILD.bazel
+++ b/s2a/BUILD.bazel
@@ -56,8 +56,8 @@ java_library(
         "src/main/java/io/grpc/s2a/internal/handshaker/SslContextFactory.java",
     ],
     deps = [
-        ":token_manager",
         ":s2a_identity",
+        ":token_manager",
         "//api",
         "//core:internal",
         "//netty",
@@ -87,7 +87,7 @@ java_library(
         "//netty",
         artifact("com.google.code.findbugs:jsr305"),
         artifact("com.google.errorprone:error_prone_annotations"),
-        artifact("com.google.guava:guava"), 
-        artifact("org.checkerframework:checker-qual"), 
+        artifact("com.google.guava:guava"),
+        artifact("org.checkerframework:checker-qual"),
     ],
-)
\ No newline at end of file
+)

From 4b41af62a46372904f6bd8e08f9c1cc6d914e30c Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 16 Dec 2025 13:53:17 -0800
Subject: [PATCH 489/591] netty: Replace missed jsr305's GuardedBy with Error
 Prone's

This was missed in 70825adce
---
 netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index 3f9759ee1d2..7615a96b556 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -46,6 +46,7 @@
 import com.google.common.base.Ticker;
 import com.google.common.io.ByteStreams;
 import com.google.common.util.concurrent.SettableFuture;
+import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.ChannelLogger;
@@ -122,7 +123,6 @@
 import java.util.concurrent.TimeoutException;
 import java.util.concurrent.atomic.AtomicBoolean;
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
 import javax.net.ssl.TrustManager;

From 738782fb050ec94b9bf1c795cf2299b90a6ce327 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 22 Dec 2025 11:27:23 -0800
Subject: [PATCH 490/591] core: Delete ReadableBuffer.readBytes(ByteBuffer)
 (#12580)

At the very least it isn't used now. The method is as old as
ReadableBuffer itself (05a2b252b), but it appears to have never actually
been used.
---
 .../internal/CompositeReadableBuffer.java     | 20 -----------
 .../internal/ForwardingReadableBuffer.java    |  5 ---
 .../java/io/grpc/internal/ReadableBuffer.java |  9 -----
 .../io/grpc/internal/ReadableBuffers.java     | 24 -------------
 .../internal/CompositeReadableBufferTest.java | 35 -------------------
 .../ForwardingReadableBufferTest.java         |  9 -----
 .../grpc/internal/ReadableBufferTestBase.java | 25 -------------
 .../io/grpc/netty/NettyReadableBuffer.java    |  5 ---
 .../io/grpc/okhttp/OkHttpReadableBuffer.java  |  7 ----
 .../grpc/okhttp/OkHttpReadableBufferTest.java | 12 -------
 10 files changed, 151 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/CompositeReadableBuffer.java b/core/src/main/java/io/grpc/internal/CompositeReadableBuffer.java
index 4c8cb72a7ce..6cedb2caee9 100644
--- a/core/src/main/java/io/grpc/internal/CompositeReadableBuffer.java
+++ b/core/src/main/java/io/grpc/internal/CompositeReadableBuffer.java
@@ -18,7 +18,6 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
-import java.nio.Buffer;
 import java.nio.ByteBuffer;
 import java.nio.InvalidMarkException;
 import java.util.ArrayDeque;
@@ -120,20 +119,6 @@ public int read(ReadableBuffer buffer, int length, byte[] dest, int offset) {
         }
       };
 
-  private static final NoThrowReadOperation<ByteBuffer> BYTE_BUF_OP =
-      new NoThrowReadOperation<ByteBuffer>() {
-        @Override
-        public int read(ReadableBuffer buffer, int length, ByteBuffer dest, int unused) {
-          // Change the limit so that only lengthToCopy bytes are available.
-          int prevLimit = dest.limit();
-          ((Buffer) dest).limit(dest.position() + length);
-          // Write the bytes and restore the original limit.
-          buffer.readBytes(dest);
-          ((Buffer) dest).limit(prevLimit);
-          return 0;
-        }
-      };
-
   private static final ReadOperation<OutputStream> STREAM_OP =
       new ReadOperation<OutputStream>() {
         @Override
@@ -149,11 +134,6 @@ public void readBytes(byte[] dest, int destOffset, int length) {
     executeNoThrow(BYTE_ARRAY_OP, length, dest, destOffset);
   }
 
-  @Override
-  public void readBytes(ByteBuffer dest) {
-    executeNoThrow(BYTE_BUF_OP, dest.remaining(), dest, 0);
-  }
-
   @Override
   public void readBytes(OutputStream dest, int length) throws IOException {
     execute(STREAM_OP, length, dest, 0);
diff --git a/core/src/main/java/io/grpc/internal/ForwardingReadableBuffer.java b/core/src/main/java/io/grpc/internal/ForwardingReadableBuffer.java
index 06d04b6de2d..7e690309647 100644
--- a/core/src/main/java/io/grpc/internal/ForwardingReadableBuffer.java
+++ b/core/src/main/java/io/grpc/internal/ForwardingReadableBuffer.java
@@ -67,11 +67,6 @@ public void readBytes(byte[] dest, int destOffset, int length) {
     buf.readBytes(dest, destOffset, length);
   }
 
-  @Override
-  public void readBytes(ByteBuffer dest) {
-    buf.readBytes(dest);
-  }
-
   @Override
   public void readBytes(OutputStream dest, int length) throws IOException {
     buf.readBytes(dest, length);
diff --git a/core/src/main/java/io/grpc/internal/ReadableBuffer.java b/core/src/main/java/io/grpc/internal/ReadableBuffer.java
index 6963c78203e..20f64719875 100644
--- a/core/src/main/java/io/grpc/internal/ReadableBuffer.java
+++ b/core/src/main/java/io/grpc/internal/ReadableBuffer.java
@@ -71,15 +71,6 @@ public interface ReadableBuffer extends Closeable {
    */
   void readBytes(byte[] dest, int destOffset, int length);
 
-  /**
-   * Reads from this buffer until the destination's position reaches its limit, and increases the
-   * read position by the number of the transferred bytes.
-   *
-   * @param dest the destination buffer to receive the bytes.
-   * @throws IndexOutOfBoundsException if required bytes are not readable
-   */
-  void readBytes(ByteBuffer dest);
-
   /**
    * Reads {@code length} bytes from this buffer and writes them to the destination stream.
    * Increments the read position by {@code length}. If the required bytes are not readable, throws
diff --git a/core/src/main/java/io/grpc/internal/ReadableBuffers.java b/core/src/main/java/io/grpc/internal/ReadableBuffers.java
index e512c810f84..439745e29b2 100644
--- a/core/src/main/java/io/grpc/internal/ReadableBuffers.java
+++ b/core/src/main/java/io/grpc/internal/ReadableBuffers.java
@@ -171,15 +171,6 @@ public void readBytes(byte[] dest, int destIndex, int length) {
       offset += length;
     }
 
-    @Override
-    public void readBytes(ByteBuffer dest) {
-      Preconditions.checkNotNull(dest, "dest");
-      int length = dest.remaining();
-      checkReadable(length);
-      dest.put(bytes, offset, length);
-      offset += length;
-    }
-
     @Override
     public void readBytes(OutputStream dest, int length) throws IOException {
       checkReadable(length);
@@ -262,21 +253,6 @@ public void readBytes(byte[] dest, int destOffset, int length) {
       bytes.get(dest, destOffset, length);
     }
 
-    @Override
-    public void readBytes(ByteBuffer dest) {
-      Preconditions.checkNotNull(dest, "dest");
-      int length = dest.remaining();
-      checkReadable(length);
-
-      // Change the limit so that only length bytes are available.
-      int prevLimit = bytes.limit();
-      ((Buffer) bytes).limit(bytes.position() + length);
-
-      // Write the bytes and restore the original limit.
-      dest.put(bytes);
-      bytes.limit(prevLimit);
-    }
-
     @Override
     public void readBytes(OutputStream dest, int length) throws IOException {
       checkReadable(length);
diff --git a/core/src/test/java/io/grpc/internal/CompositeReadableBufferTest.java b/core/src/test/java/io/grpc/internal/CompositeReadableBufferTest.java
index 8d9248a8910..749b71d681e 100644
--- a/core/src/test/java/io/grpc/internal/CompositeReadableBufferTest.java
+++ b/core/src/test/java/io/grpc/internal/CompositeReadableBufferTest.java
@@ -28,8 +28,6 @@
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.nio.Buffer;
-import java.nio.ByteBuffer;
 import java.nio.InvalidMarkException;
 import org.junit.After;
 import org.junit.Before;
@@ -121,27 +119,6 @@ public void readByteArrayShouldSucceed() {
     assertEquals(EXPECTED_VALUE, new String(bytes, UTF_8));
   }
 
-  @Test
-  public void readByteBufferShouldSucceed() {
-    ByteBuffer byteBuffer = ByteBuffer.allocate(EXPECTED_VALUE.length());
-    int remaining = EXPECTED_VALUE.length();
-
-    ((Buffer) byteBuffer).limit(1);
-    composite.readBytes(byteBuffer);
-    remaining--;
-    assertEquals(remaining, composite.readableBytes());
-
-    ((Buffer) byteBuffer).limit(byteBuffer.limit() + 5);
-    composite.readBytes(byteBuffer);
-    remaining -= 5;
-    assertEquals(remaining, composite.readableBytes());
-
-    ((Buffer) byteBuffer).limit(byteBuffer.limit() + remaining);
-    composite.readBytes(byteBuffer);
-    assertEquals(0, composite.readableBytes());
-    assertEquals(EXPECTED_VALUE, new String(byteBuffer.array(), UTF_8));
-  }
-
   @Test
   public void readStreamShouldSucceed() throws IOException {
     ByteArrayOutputStream bos = new ByteArrayOutputStream();
@@ -216,18 +193,6 @@ public void markAndResetWithReadByteArrayShouldSucceed() {
     assertArrayEquals(first, second);
   }
 
-  @Test
-  public void markAndResetWithReadByteBufferShouldSucceed() {
-    byte[] first = new byte[EXPECTED_VALUE.length()];
-    composite.mark();
-    composite.readBytes(ByteBuffer.wrap(first));
-    composite.reset();
-    byte[] second = new byte[EXPECTED_VALUE.length()];
-    assertEquals(EXPECTED_VALUE.length(), composite.readableBytes());
-    composite.readBytes(ByteBuffer.wrap(second));
-    assertArrayEquals(first, second);
-  }
-
   @Test
   public void markAndResetWithReadStreamShouldSucceed() throws IOException {
     ByteArrayOutputStream first = new ByteArrayOutputStream();
diff --git a/core/src/test/java/io/grpc/internal/ForwardingReadableBufferTest.java b/core/src/test/java/io/grpc/internal/ForwardingReadableBufferTest.java
index 8ce45bc77cf..696fb35e379 100644
--- a/core/src/test/java/io/grpc/internal/ForwardingReadableBufferTest.java
+++ b/core/src/test/java/io/grpc/internal/ForwardingReadableBufferTest.java
@@ -25,7 +25,6 @@
 import java.io.IOException;
 import java.io.OutputStream;
 import java.lang.reflect.Method;
-import java.nio.ByteBuffer;
 import java.util.Collections;
 import org.junit.Before;
 import org.junit.Rule;
@@ -91,14 +90,6 @@ public void readBytes() {
     verify(delegate).readBytes(dest, 1, 2);
   }
 
-  @Test
-  public void readBytes_overload1() {
-    ByteBuffer dest = ByteBuffer.allocate(0);
-    buffer.readBytes(dest);
-
-    verify(delegate).readBytes(dest);
-  }
-
   @Test
   public void readBytes_overload2() throws IOException {
     OutputStream dest = mock(OutputStream.class);
diff --git a/core/src/testFixtures/java/io/grpc/internal/ReadableBufferTestBase.java b/core/src/testFixtures/java/io/grpc/internal/ReadableBufferTestBase.java
index 202fb7ee8a4..2262f0466f7 100644
--- a/core/src/testFixtures/java/io/grpc/internal/ReadableBufferTestBase.java
+++ b/core/src/testFixtures/java/io/grpc/internal/ReadableBufferTestBase.java
@@ -21,7 +21,6 @@
 import static org.junit.Assert.assertEquals;
 
 import java.io.ByteArrayOutputStream;
-import java.nio.Buffer;
 import java.nio.ByteBuffer;
 import java.util.Arrays;
 import org.junit.Assume;
@@ -83,30 +82,6 @@ public void partialReadToStreamShouldSucceed() throws Exception {
     assertEquals(msg.length() - 2, buffer.readableBytes());
   }
 
-  @Test
-  public void readToByteBufferShouldSucceed() {
-    ReadableBuffer buffer = buffer();
-    ByteBuffer byteBuffer = ByteBuffer.allocate(msg.length());
-    buffer.readBytes(byteBuffer);
-    ((Buffer) byteBuffer).flip();
-    byte[] array = new byte[msg.length()];
-    byteBuffer.get(array);
-    assertArrayEquals(msg.getBytes(UTF_8), array);
-    assertEquals(0, buffer.readableBytes());
-  }
-
-  @Test
-  public void partialReadToByteBufferShouldSucceed() {
-    ReadableBuffer buffer = buffer();
-    ByteBuffer byteBuffer = ByteBuffer.allocate(2);
-    buffer.readBytes(byteBuffer);
-    ((Buffer) byteBuffer).flip();
-    byte[] array = new byte[2];
-    byteBuffer.get(array);
-    assertArrayEquals(new byte[]{'h', 'e'}, array);
-    assertEquals(msg.length() - 2, buffer.readableBytes());
-  }
-
   @Test
   public void partialReadToReadableBufferShouldSucceed() {
     ReadableBuffer buffer = buffer();
diff --git a/netty/src/main/java/io/grpc/netty/NettyReadableBuffer.java b/netty/src/main/java/io/grpc/netty/NettyReadableBuffer.java
index 7e180544de4..af5ec8d8bad 100644
--- a/netty/src/main/java/io/grpc/netty/NettyReadableBuffer.java
+++ b/netty/src/main/java/io/grpc/netty/NettyReadableBuffer.java
@@ -60,11 +60,6 @@ public void readBytes(byte[] dest, int index, int length) {
     buffer.readBytes(dest, index, length);
   }
 
-  @Override
-  public void readBytes(ByteBuffer dest) {
-    buffer.readBytes(dest);
-  }
-
   @Override
   public void readBytes(OutputStream dest, int length) {
     try {
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpReadableBuffer.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpReadableBuffer.java
index 136ee8954a2..d65453722f0 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpReadableBuffer.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpReadableBuffer.java
@@ -21,7 +21,6 @@
 import java.io.EOFException;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.nio.ByteBuffer;
 
 /**
  * A {@link ReadableBuffer} implementation that is backed by an {@link okio.Buffer}.
@@ -71,12 +70,6 @@ public void readBytes(byte[] dest, int destOffset, int length) {
     }
   }
 
-  @Override
-  public void readBytes(ByteBuffer dest) {
-    // We are not using it.
-    throw new UnsupportedOperationException();
-  }
-
   @Override
   public void readBytes(OutputStream dest, int length) throws IOException {
     buffer.writeTo(dest, length);
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpReadableBufferTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpReadableBufferTest.java
index 4aeeae2fa8b..be8dbf0e62b 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpReadableBufferTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpReadableBufferTest.java
@@ -44,18 +44,6 @@ public void setup() {
     }
   }
 
-  @Override
-  @Test
-  public void readToByteBufferShouldSucceed() {
-    // Not supported.
-  }
-
-  @Override
-  @Test
-  public void partialReadToByteBufferShouldSucceed() {
-    // Not supported.
-  }
-
   @Override
   @Test
   public void markAndResetWithReadShouldSucceed() {

From ead532b3910fbb3b005de59a958c6565b1e859aa Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 19 Dec 2025 13:59:42 -0800
Subject: [PATCH 491/591] core: Improve DEADLINE_EXCEEDED message for CallCreds
 delays

DelayedStream is used both by DelayedClientTransport and
CallCredentialsApplyingTransport, but it wasn't clear from the error
which of the two was the cause of the delay. Now the two will have
different messages.

b/462499883
---
 .../grpc/internal/DelayedClientTransport.java   |  1 +
 .../java/io/grpc/internal/DelayedStream.java    | 17 ++++++++++++++---
 .../io/grpc/internal/MetadataApplierImpl.java   |  2 +-
 .../internal/DelayedClientTransportTest.java    |  4 ++--
 .../io/grpc/internal/DelayedStreamTest.java     |  6 +++---
 5 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
index eccd8fadc8c..920a0e7006b 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
@@ -363,6 +363,7 @@ private class PendingStream extends DelayedStream {
     private volatile Status lastPickStatus;
 
     private PendingStream(PickSubchannelArgs args, ClientStreamTracer[] tracers) {
+      super("connecting_and_lb");
       this.args = args;
       this.tracers = tracers;
     }
diff --git a/core/src/main/java/io/grpc/internal/DelayedStream.java b/core/src/main/java/io/grpc/internal/DelayedStream.java
index 2ca4630d6a1..a2b1e963ac5 100644
--- a/core/src/main/java/io/grpc/internal/DelayedStream.java
+++ b/core/src/main/java/io/grpc/internal/DelayedStream.java
@@ -42,6 +42,7 @@
  * necessary.
  */
 class DelayedStream implements ClientStream {
+  private final String bufferContext;
   /** {@code true} once realStream is valid and all pending calls have been drained. */
   private volatile boolean passThrough;
   /**
@@ -64,6 +65,14 @@ class DelayedStream implements ClientStream {
   // No need to synchronize; start() synchronization provides a happens-before
   private List<Runnable> preStartPendingCalls = new ArrayList<>();
 
+  /**
+   * Create a delayed stream with debug context {@code bufferContext}. The context is what this
+   * stream is delayed by (e.g., "connecting", "call_credentials").
+   */
+  public DelayedStream(String bufferContext) {
+    this.bufferContext = checkNotNull(bufferContext, "bufferContext");
+  }
+
   @Override
   public void setMaxInboundMessageSize(final int maxSize) {
     checkState(listener == null, "May only be called before start");
@@ -104,11 +113,13 @@ public void appendTimeoutInsight(InsightBuilder insight) {
         return;
       }
       if (realStream != null) {
-        insight.appendKeyValue("buffered_nanos", streamSetTimeNanos - startTimeNanos);
+        insight.appendKeyValue(
+            bufferContext + "_delay", "" + (streamSetTimeNanos - startTimeNanos) + "ns");
         realStream.appendTimeoutInsight(insight);
       } else {
-        insight.appendKeyValue("buffered_nanos", System.nanoTime() - startTimeNanos);
-        insight.append("waiting_for_connection");
+        insight.appendKeyValue(
+            bufferContext + "_delay", "" + (System.nanoTime() - startTimeNanos) + "ns");
+        insight.append("was_still_waiting");
       }
     }
   }
diff --git a/core/src/main/java/io/grpc/internal/MetadataApplierImpl.java b/core/src/main/java/io/grpc/internal/MetadataApplierImpl.java
index 09a1018c11c..166f97b78f5 100644
--- a/core/src/main/java/io/grpc/internal/MetadataApplierImpl.java
+++ b/core/src/main/java/io/grpc/internal/MetadataApplierImpl.java
@@ -120,7 +120,7 @@ ClientStream returnStream() {
     synchronized (lock) {
       if (returnedStream == null) {
         // apply() has not been called, needs to buffer the requests.
-        delayedStream = new DelayedStream();
+        delayedStream = new DelayedStream("call_credentials");
         return returnedStream = delayedStream;
       } else {
         return returnedStream;
diff --git a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
index 902c2835a92..3baf8ca7e16 100644
--- a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
@@ -742,7 +742,7 @@ public void pendingStream_appendTimeoutInsight_waitForReady() {
     InsightBuilder insight = new InsightBuilder();
     stream.appendTimeoutInsight(insight);
     assertThat(insight.toString())
-        .matches("\\[wait_for_ready, buffered_nanos=[0-9]+\\, waiting_for_connection]");
+        .matches("\\[wait_for_ready, connecting_and_lb_delay=[0-9]+ns\\, was_still_waiting]");
   }
 
   @Test
@@ -759,7 +759,7 @@ public void pendingStream_appendTimeoutInsight_waitForReady_withLastPickFailure(
     assertThat(insight.toString())
         .matches("\\[wait_for_ready, "
             + "Last Pick Failure=Status\\{code=PERMISSION_DENIED, description=null, cause=null\\},"
-            + " buffered_nanos=[0-9]+, waiting_for_connection]");
+            + " connecting_and_lb_delay=[0-9]+ns, was_still_waiting]");
   }
 
   private static TransportProvider newTransportProvider(final ClientTransport transport) {
diff --git a/core/src/test/java/io/grpc/internal/DelayedStreamTest.java b/core/src/test/java/io/grpc/internal/DelayedStreamTest.java
index a47bea9f4ab..12c32fcf126 100644
--- a/core/src/test/java/io/grpc/internal/DelayedStreamTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedStreamTest.java
@@ -71,7 +71,7 @@ public class DelayedStreamTest {
   @Mock private ClientStreamListener listener;
   @Mock private ClientStream realStream;
   @Captor private ArgumentCaptor<ClientStreamListener> listenerCaptor;
-  private DelayedStream stream = new DelayedStream();
+  private DelayedStream stream = new DelayedStream("test_op");
 
   @Test
   public void setStream_setAuthority() {
@@ -450,7 +450,7 @@ public void appendTimeoutInsight_realStreamNotSet() {
     InsightBuilder insight = new InsightBuilder();
     stream.start(listener);
     stream.appendTimeoutInsight(insight);
-    assertThat(insight.toString()).matches("\\[buffered_nanos=[0-9]+\\, waiting_for_connection]");
+    assertThat(insight.toString()).matches("\\[test_op_delay=[0-9]+ns\\, was_still_waiting]");
   }
 
   @Test
@@ -469,7 +469,7 @@ public Void answer(InvocationOnMock in) {
     InsightBuilder insight = new InsightBuilder();
     stream.appendTimeoutInsight(insight);
     assertThat(insight.toString())
-        .matches("\\[buffered_nanos=[0-9]+, remote_addr=127\\.0\\.0\\.1:443\\]");
+        .matches("\\[test_op_delay=[0-9]+ns, remote_addr=127\\.0\\.0\\.1:443\\]");
   }
 
   private void callMeMaybe(Runnable r) {

From d0005b27fe8e397370b0c96c122591a2dbf6fb14 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 23 Dec 2025 10:02:49 +0530
Subject: [PATCH 492/591] grpclb: pick_first delegation (#12568)

**Summary of Changes**
This pull request refactors the grpclb load balancer's PICK_FIRST mode
to delegate its logic to a standard pick_first load balancing policy.

The key changes are as follows:
1. **`grpclb/build.gradle`**

Added dependency on `grpc-util` module to access
`ForwardingLoadBalancerHelper`

2. **`grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java`**
- New imports:
LoadBalancer, LoadBalancerProvider, LoadBalancerRegistry,
ResolvedAddresses, FixedResultPicker, ForwardingLoadBalancerHelper
- New fields for PICK_FIRST delegation:
    - pickFirstLbProvider - Provider for creating child pick_first LB
    - pickFirstLb - The child LoadBalancer instance
- pickFirstLbState / pickFirstLbPicker - Track child LB's state and
picker
    - currentPickFirstLoadRecorder - Load recorder for token attachment
- Key behavioral changes:
- updateServerList() PICK_FIRST case: Instead of creating a single
subchannel, it now:
- Creates the child pick_first LB once and then updates it with new
addresses on subsequent updates.
        - Passes addresses to child LB via acceptResolvedAddresses()
- maybeUpdatePicker() PICK_FIRST case: Uses child LB's state and picker
wrapped with ChildLbPickerEntry
- RoundRobinEntry.picked() signature change: Changed from
picked(Metadata) to picked(PickSubchannelArgs) to allow child picker
delegation
- New ChildLbPickerEntry class: Wraps child LB's picker and attaches
TokenAttachingTracerFactory for token propagation
- New PickFirstLbHelper class: Forwarding helper that intercepts
updateBalancingState() to store child state and trigger grpclb picker
updates
- Updated shutdown(), requestConnection(), maybeUseFallbackBackends():
Handle the new child LB delegation model

3. **`grpclb/src/test/java/io/grpc/grpclb/GrpclbLoadBalancerTest.java`**

- Updated tests to reflect the new delegation behavior:
- Initial state is now CONNECTING (not IDLE) since standard pick_first
eagerly connects
- Tests now verify the child LB is created only once and then handles
address updates internally.
    - Adjusted verification expectations for the new flow
- Key Behavioral Changes:
- Delegation to child LB: The grpclb state no longer directly manages
subchannels for PICK_FIRST mode; the child pick_first LB handles this
internally.
---
 grpclb/BUILD.bazel                            |   1 +
 grpclb/build.gradle                           |   1 +
 .../main/java/io/grpc/grpclb/GrpclbState.java | 231 +++++++++++------
 .../grpc/grpclb/GrpclbLoadBalancerTest.java   | 242 ++++++++++--------
 4 files changed, 294 insertions(+), 181 deletions(-)

diff --git a/grpclb/BUILD.bazel b/grpclb/BUILD.bazel
index 4612968ebcd..ca9975b7ce6 100644
--- a/grpclb/BUILD.bazel
+++ b/grpclb/BUILD.bazel
@@ -17,6 +17,7 @@ java_library(
         "//context",
         "//core:internal",
         "//stub",
+        "//util",
         "@com_google_protobuf//:protobuf_java_util",
         "@io_grpc_grpc_proto//:grpclb_load_balancer_java_proto",
         artifact("com.google.code.findbugs:jsr305"),
diff --git a/grpclb/build.gradle b/grpclb/build.gradle
index f543e0d71fc..e8896604f03 100644
--- a/grpclb/build.gradle
+++ b/grpclb/build.gradle
@@ -19,6 +19,7 @@ dependencies {
     implementation project(':grpc-core'),
             project(':grpc-protobuf'),
             project(':grpc-stub'),
+            project(':grpc-util'),
             libraries.guava,
             libraries.protobuf.java,
             libraries.protobuf.java.util
diff --git a/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java b/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
index 49b74645ec8..7ca20d58bce 100644
--- a/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
+++ b/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
@@ -37,13 +37,16 @@
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.Context;
 import io.grpc.EquivalentAddressGroup;
-import io.grpc.LoadBalancer.CreateSubchannelArgs;
+import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancer.FixedResultPicker;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancer.PickResult;
 import io.grpc.LoadBalancer.PickSubchannelArgs;
+import io.grpc.LoadBalancer.ResolvedAddresses;
 import io.grpc.LoadBalancer.Subchannel;
 import io.grpc.LoadBalancer.SubchannelPicker;
-import io.grpc.LoadBalancer.SubchannelStateListener;
+import io.grpc.LoadBalancerProvider;
+import io.grpc.LoadBalancerRegistry;
 import io.grpc.ManagedChannel;
 import io.grpc.Metadata;
 import io.grpc.Status;
@@ -62,6 +65,7 @@
 import io.grpc.lb.v1.Server;
 import io.grpc.lb.v1.ServerList;
 import io.grpc.stub.StreamObserver;
+import io.grpc.util.ForwardingLoadBalancerHelper;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
@@ -119,7 +123,7 @@ final class GrpclbState {
   @VisibleForTesting
   static final RoundRobinEntry BUFFER_ENTRY = new RoundRobinEntry() {
       @Override
-      public PickResult picked(Metadata headers) {
+      public PickResult picked(PickSubchannelArgs args) {
         return PickResult.withNoResult();
       }
 
@@ -187,6 +191,15 @@ enum Mode {
       new RoundRobinPicker(Collections.<DropEntry>emptyList(), Arrays.asList(BUFFER_ENTRY));
   private boolean requestConnectionPending;
 
+  // Child LoadBalancer and state for PICK_FIRST mode delegation.
+  private final LoadBalancerProvider pickFirstLbProvider;
+  @Nullable
+  private LoadBalancer pickFirstLb;
+  private ConnectivityState pickFirstLbState = CONNECTING;
+  private SubchannelPicker pickFirstLbPicker = new FixedResultPicker(PickResult.withNoResult());
+  @Nullable
+  private GrpclbClientLoadRecorder currentPickFirstLoadRecorder;
+
   GrpclbState(
       GrpclbConfig config,
       Helper helper,
@@ -212,6 +225,9 @@ public void onSubchannelState(
     } else {
       this.subchannelPool = null;
     }
+    this.pickFirstLbProvider = checkNotNull(
+        LoadBalancerRegistry.getDefaultRegistry().getProvider("pick_first"),
+        "pick_first balancer not available");
     this.time = checkNotNull(time, "time provider");
     this.stopwatch = checkNotNull(stopwatch, "stopwatch");
     this.timerService = checkNotNull(helper.getScheduledExecutorService(), "timerService");
@@ -309,6 +325,12 @@ void handleAddresses(
 
   void requestConnection() {
     requestConnectionPending = true;
+    // For PICK_FIRST mode with delegation, forward to the child LB.
+    if (config.getMode() == Mode.PICK_FIRST && pickFirstLb != null) {
+      pickFirstLb.requestConnection();
+      requestConnectionPending = false;
+      return;
+    }
     for (RoundRobinEntry entry : currentPicker.pickList) {
       if (entry instanceof IdleSubchannelEntry) {
         ((IdleSubchannelEntry) entry).subchannel.requestConnection();
@@ -323,15 +345,23 @@ private void maybeUseFallbackBackends() {
     }
     // Balancer RPC should have either been broken or timed out.
     checkState(fallbackReason != null, "no reason to fallback");
-    for (Subchannel subchannel : subchannels.values()) {
-      ConnectivityStateInfo stateInfo = subchannel.getAttributes().get(STATE_INFO).get();
-      if (stateInfo.getState() == READY) {
+    // For PICK_FIRST mode with delegation, check the child LB's state.
+    if (config.getMode() == Mode.PICK_FIRST) {
+      if (pickFirstLb != null && pickFirstLbState == READY) {
         return;
       }
-      // If we do have balancer-provided backends, use one of its error in the error message if
-      // fail to fallback.
-      if (stateInfo.getState() == TRANSIENT_FAILURE) {
-        fallbackReason = stateInfo.getStatus();
+      // For PICK_FIRST, we don't have individual subchannel states to use as fallback reason.
+    } else {
+      for (Subchannel subchannel : subchannels.values()) {
+        ConnectivityStateInfo stateInfo = subchannel.getAttributes().get(STATE_INFO).get();
+        if (stateInfo.getState() == READY) {
+          return;
+        }
+        // If we do have balancer-provided backends, use one of its error in the error message if
+        // fail to fallback.
+        if (stateInfo.getState() == TRANSIENT_FAILURE) {
+          fallbackReason = stateInfo.getStatus();
+        }
       }
     }
     // Fallback conditions met
@@ -438,9 +468,10 @@ void shutdown() {
         subchannelPool.clear();
         break;
       case PICK_FIRST:
-        if (!subchannels.isEmpty()) {
-          checkState(subchannels.size() == 1, "Excessive Subchannels: %s", subchannels);
-          subchannels.values().iterator().next().shutdown();
+        // Shutdown the child pick_first LB which manages its own subchannels.
+        if (pickFirstLb != null) {
+          pickFirstLb.shutdown();
+          pickFirstLb = null;
         }
         break;
       default:
@@ -517,22 +548,17 @@ private void updateServerList(
         subchannels = Collections.unmodifiableMap(newSubchannelMap);
         break;
       case PICK_FIRST:
-        checkState(subchannels.size() <= 1, "Unexpected Subchannel count: %s", subchannels);
-        final Subchannel subchannel;
+        // Delegate to child pick_first LB for address management.
+        // Shutdown existing child LB if addresses become empty.
         if (newBackendAddrList.isEmpty()) {
-          if (subchannels.size() == 1) {
-            subchannel = subchannels.values().iterator().next();
-            subchannel.shutdown();
-            subchannels = Collections.emptyMap();
+          if (pickFirstLb != null) {
+            pickFirstLb.shutdown();
+            pickFirstLb = null;
           }
           break;
         }
         List<EquivalentAddressGroup> eagList = new ArrayList<>();
-        // Because for PICK_FIRST, we create a single Subchannel for all addresses, we have to
-        // attach the tokens to the EAG attributes and use TokenAttachingLoadRecorder to put them on
-        // headers.
-        //
-        // The PICK_FIRST code path doesn't cache Subchannels.
+        // Attach tokens to EAG attributes for TokenAttachingTracerFactory to retrieve.
         for (BackendAddressGroup bag : newBackendAddrList) {
           EquivalentAddressGroup origEag = bag.getAddresses();
           Attributes eagAttrs = origEag.getAttributes();
@@ -542,30 +568,22 @@ private void updateServerList(
           }
           eagList.add(new EquivalentAddressGroup(origEag.getAddresses(), eagAttrs));
         }
-        if (subchannels.isEmpty()) {
-          subchannel =
-              helper.createSubchannel(
-                  CreateSubchannelArgs.newBuilder()
-                      .setAddresses(eagList)
-                      .setAttributes(createSubchannelAttrs())
-                      .build());
-          subchannel.start(new SubchannelStateListener() {
-            @Override
-            public void onSubchannelState(ConnectivityStateInfo newState) {
-              handleSubchannelState(subchannel, newState);
-            }
-          });
-          if (requestConnectionPending) {
-            subchannel.requestConnection();
-            requestConnectionPending = false;
-          }
-        } else {
-          subchannel = subchannels.values().iterator().next();
-          subchannel.updateAddresses(eagList);
+
+        if (pickFirstLb == null) {
+          pickFirstLb = pickFirstLbProvider.newLoadBalancer(new PickFirstLbHelper());
         }
-        subchannels = Collections.singletonMap(eagList, subchannel);
-        newBackendList.add(
-            new BackendEntry(subchannel, new TokenAttachingTracerFactory(loadRecorder)));
+
+        // Pass addresses to child LB.
+        pickFirstLb.acceptResolvedAddresses(
+            ResolvedAddresses.newBuilder()
+                .setAddresses(eagList)
+                .build());
+        if (requestConnectionPending) {
+          pickFirstLb.requestConnection();
+          requestConnectionPending = false;
+        }
+        // Store the load recorder for token attachment.
+        currentPickFirstLoadRecorder = loadRecorder;
         break;
       default:
         throw new AssertionError("Missing case for " + config.getMode());
@@ -842,7 +860,11 @@ private void cleanUp() {
   private void maybeUpdatePicker() {
     List<RoundRobinEntry> pickList;
     ConnectivityState state;
-    if (backendList.isEmpty()) {
+    // For PICK_FIRST mode with delegation, check if child LB exists instead of backendList.
+    boolean hasBackends = config.getMode() == Mode.PICK_FIRST
+        ? pickFirstLb != null
+        : !backendList.isEmpty();
+    if (!hasBackends) {
       // Note balancer (is working) may enforce using fallback backends, and that fallback may
       // fail. So we should check if currently in fallback first.
       if (usingFallbackBackends) {
@@ -894,26 +916,12 @@ private void maybeUpdatePicker() {
         }
         break;
       case PICK_FIRST: {
-        checkState(backendList.size() == 1, "Excessive backend entries: %s", backendList);
-        BackendEntry onlyEntry = backendList.get(0);
-        ConnectivityStateInfo stateInfo =
-            onlyEntry.subchannel.getAttributes().get(STATE_INFO).get();
-        state = stateInfo.getState();
-        switch (state) {
-          case READY:
-            pickList = Collections.<RoundRobinEntry>singletonList(onlyEntry);
-            break;
-          case TRANSIENT_FAILURE:
-            pickList =
-                Collections.<RoundRobinEntry>singletonList(new ErrorEntry(stateInfo.getStatus()));
-            break;
-          case CONNECTING:
-            pickList = Collections.singletonList(BUFFER_ENTRY);
-            break;
-          default:
-            pickList = Collections.<RoundRobinEntry>singletonList(
-                new IdleSubchannelEntry(onlyEntry.subchannel, syncContext));
-        }
+        // Use child LB's state and picker. Wrap the picker for token attachment.
+        state = pickFirstLbState;
+        TokenAttachingTracerFactory tracerFactory =
+            new TokenAttachingTracerFactory(currentPickFirstLoadRecorder);
+        pickList = Collections.<RoundRobinEntry>singletonList(
+            new ChildLbPickerEntry(pickFirstLbPicker, tracerFactory));
         break;
       }
       default:
@@ -983,7 +991,7 @@ public boolean equals(Object other) {
 
   @VisibleForTesting
   interface RoundRobinEntry {
-    PickResult picked(Metadata headers);
+    PickResult picked(PickSubchannelArgs args);
   }
 
   @VisibleForTesting
@@ -1024,7 +1032,8 @@ static final class BackendEntry implements RoundRobinEntry {
     }
 
     @Override
-    public PickResult picked(Metadata headers) {
+    public PickResult picked(PickSubchannelArgs args) {
+      Metadata headers = args.getHeaders();
       headers.discardAll(GrpclbConstants.TOKEN_METADATA_KEY);
       if (token != null) {
         headers.put(GrpclbConstants.TOKEN_METADATA_KEY, token);
@@ -1065,7 +1074,7 @@ static final class IdleSubchannelEntry implements RoundRobinEntry {
     }
 
     @Override
-    public PickResult picked(Metadata headers) {
+    public PickResult picked(PickSubchannelArgs args) {
       if (connectionRequested.compareAndSet(false, true)) {
         syncContext.execute(new Runnable() {
             @Override
@@ -1108,7 +1117,7 @@ static final class ErrorEntry implements RoundRobinEntry {
     }
 
     @Override
-    public PickResult picked(Metadata headers) {
+    public PickResult picked(PickSubchannelArgs args) {
       return result;
     }
 
@@ -1132,6 +1141,58 @@ public String toString() {
     }
   }
 
+  /**
+   * Entry that wraps a child LB's picker for PICK_FIRST mode delegation.
+   * Attaches TokenAttachingTracerFactory to the pick result for token propagation.
+   */
+  @VisibleForTesting
+  static final class ChildLbPickerEntry implements RoundRobinEntry {
+    private final SubchannelPicker childPicker;
+    private final TokenAttachingTracerFactory tracerFactory;
+
+    ChildLbPickerEntry(SubchannelPicker childPicker, TokenAttachingTracerFactory tracerFactory) {
+      this.childPicker = checkNotNull(childPicker, "childPicker");
+      this.tracerFactory = checkNotNull(tracerFactory, "tracerFactory");
+    }
+
+    @Override
+    public PickResult picked(PickSubchannelArgs args) {
+      PickResult childResult = childPicker.pickSubchannel(args);
+      if (childResult.getSubchannel() == null) {
+        // No subchannel (e.g., buffer, error), return as-is.
+        return childResult;
+      }
+      // Wrap the pick result to attach tokens via the tracer factory.
+      return PickResult.withSubchannel(
+          childResult.getSubchannel(), tracerFactory, childResult.getAuthorityOverride());
+    }
+
+    @Override
+    public int hashCode() {
+      return Objects.hashCode(childPicker, tracerFactory);
+    }
+
+    @Override
+    public boolean equals(Object other) {
+      if (!(other instanceof ChildLbPickerEntry)) {
+        return false;
+      }
+      ChildLbPickerEntry that = (ChildLbPickerEntry) other;
+      return Objects.equal(childPicker, that.childPicker)
+          && Objects.equal(tracerFactory, that.tracerFactory);
+    }
+
+    @Override
+    public String toString() {
+      return "ChildLbPickerEntry(" + childPicker + ")";
+    }
+
+    @VisibleForTesting
+    SubchannelPicker getChildPicker() {
+      return childPicker;
+    }
+  }
+
   @VisibleForTesting
   static final class RoundRobinPicker extends SubchannelPicker {
     @VisibleForTesting
@@ -1174,7 +1235,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
         if (pickIndex == pickList.size()) {
           pickIndex = 0;
         }
-        return pick.picked(args.getHeaders());
+        return pick.picked(args);
       }
     }
 
@@ -1189,4 +1250,28 @@ public String toString() {
       return MoreObjects.toStringHelper(RoundRobinPicker.class).toString();
     }
   }
+
+  /**
+   * Helper for the child pick_first LB in PICK_FIRST mode. Intercepts updateBalancingState()
+   * to store state and trigger the grpclb picker update with drops and token attachment.
+   */
+  private final class PickFirstLbHelper extends ForwardingLoadBalancerHelper {
+
+    @Override
+    protected Helper delegate() {
+      return helper;
+    }
+
+    @Override
+    public void updateBalancingState(ConnectivityState newState, SubchannelPicker newPicker) {
+      pickFirstLbState = newState;
+      pickFirstLbPicker = newPicker;
+      // Trigger name resolution refresh on TRANSIENT_FAILURE or IDLE, similar to ROUND_ROBIN.
+      if (newState == TRANSIENT_FAILURE || newState == IDLE) {
+        helper.refreshNameResolution();
+      }
+      maybeUseFallbackBackends();
+      maybeUpdatePicker();
+    }
+  }
 }
diff --git a/grpclb/src/test/java/io/grpc/grpclb/GrpclbLoadBalancerTest.java b/grpclb/src/test/java/io/grpc/grpclb/GrpclbLoadBalancerTest.java
index e489129676a..ef31b318cb5 100644
--- a/grpclb/src/test/java/io/grpc/grpclb/GrpclbLoadBalancerTest.java
+++ b/grpclb/src/test/java/io/grpc/grpclb/GrpclbLoadBalancerTest.java
@@ -72,6 +72,7 @@
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
 import io.grpc.grpclb.GrpclbState.BackendEntry;
+import io.grpc.grpclb.GrpclbState.ChildLbPickerEntry;
 import io.grpc.grpclb.GrpclbState.DropEntry;
 import io.grpc.grpclb.GrpclbState.ErrorEntry;
 import io.grpc.grpclb.GrpclbState.IdleSubchannelEntry;
@@ -779,7 +780,9 @@ public void receiveNoBackendAndBalancerAddress() {
     verify(helper).updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
     RoundRobinPicker picker = (RoundRobinPicker) pickerCaptor.getValue();
     assertThat(picker.dropList).isEmpty();
-    Status error = Iterables.getOnlyElement(picker.pickList).picked(new Metadata()).getStatus();
+    PickSubchannelArgs args = mock(PickSubchannelArgs.class);
+    when(args.getHeaders()).thenReturn(new Metadata());
+    Status error = Iterables.getOnlyElement(picker.pickList).picked(args).getStatus();
     assertThat(error.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(error.getDescription()).isEqualTo("No backend or balancer addresses found");
   }
@@ -1915,6 +1918,7 @@ public void grpclbWorking_pickFirstMode() throws Exception {
     lbResponseObserver.onNext(buildInitialResponse());
     lbResponseObserver.onNext(buildLbResponse(backends1));
 
+    // With delegation, the child pick_first creates the subchannel
     inOrder.verify(helper).createSubchannel(createSubchannelArgsCaptor.capture());
     CreateSubchannelArgs createSubchannelArgs = createSubchannelArgsCaptor.getValue();
     assertThat(createSubchannelArgs.getAddresses())
@@ -1922,42 +1926,41 @@ public void grpclbWorking_pickFirstMode() throws Exception {
             new EquivalentAddressGroup(backends1.get(0).addr, eagAttrsWithToken("token0001")),
             new EquivalentAddressGroup(backends1.get(1).addr, eagAttrsWithToken("token0002")));
 
-    // Initially IDLE
-    inOrder.verify(helper).updateBalancingState(eq(IDLE), pickerCaptor.capture());
+    // Child pick_first eagerly connects, so we start in CONNECTING
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
     RoundRobinPicker picker0 = (RoundRobinPicker) pickerCaptor.getValue();
-
-    // Only one subchannel is created
+    // Only one subchannel is created by the child LB
     assertThat(mockSubchannels).hasSize(1);
     Subchannel subchannel = mockSubchannels.poll();
     assertThat(picker0.dropList).containsExactly(null, null);
-    assertThat(picker0.pickList).containsExactly(new IdleSubchannelEntry(subchannel, syncContext));
+    assertThat(picker0.pickList).hasSize(1);
+    assertThat(picker0.pickList.get(0)).isInstanceOf(ChildLbPickerEntry.class);
 
-    // PICK_FIRST doesn't eagerly connect
-    verify(subchannel, never()).requestConnection();
-
-    // CONNECTING
-    deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(CONNECTING));
-    inOrder.verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
-    RoundRobinPicker picker1 = (RoundRobinPicker) pickerCaptor.getValue();
-    assertThat(picker1.dropList).containsExactly(null, null);
-    assertThat(picker1.pickList).containsExactly(BUFFER_ENTRY);
+    // Child pick_first eagerly calls requestConnection()
+    verify(subchannel).requestConnection();
 
     // TRANSIENT_FAILURE
     Status error = Status.UNAVAILABLE.withDescription("Simulated connection error");
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forTransientFailure(error));
-    inOrder.verify(helper).updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
-    RoundRobinPicker picker2 = (RoundRobinPicker) pickerCaptor.getValue();
-    assertThat(picker2.dropList).containsExactly(null, null);
-    assertThat(picker2.pickList).containsExactly(new ErrorEntry(error));
+    // The child LB will notify our helper, which updates grpclb state
+    inOrder.verify(helper, atLeast(1))
+        .updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
+    RoundRobinPicker picker1 = (RoundRobinPicker) pickerCaptor.getValue();
+    assertThat(picker1.dropList).containsExactly(null, null);
+    ChildLbPickerEntry failureEntry = (ChildLbPickerEntry) picker1.pickList.get(0);
+    PickResult failureResult =
+        failureEntry.getChildPicker().pickSubchannel(mock(PickSubchannelArgs.class));
+    assertThat(failureResult.getStatus()).isEqualTo(error);
 
     // READY
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
-    inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
-    RoundRobinPicker picker3 = (RoundRobinPicker) pickerCaptor.getValue();
-    assertThat(picker3.dropList).containsExactly(null, null);
-    assertThat(picker3.pickList).containsExactly(
-        new BackendEntry(subchannel, new TokenAttachingTracerFactory(getLoadRecorder())));
-
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(READY), pickerCaptor.capture());
+    RoundRobinPicker picker2 = (RoundRobinPicker) pickerCaptor.getValue();
+    assertThat(picker2.dropList).containsExactly(null, null);
+    ChildLbPickerEntry readyEntry = (ChildLbPickerEntry) picker2.pickList.get(0);
+    PickResult readyResult =
+        readyEntry.getChildPicker().pickSubchannel(mock(PickSubchannelArgs.class));
+    assertThat(readyResult.getSubchannel()).isEqualTo(subchannel);
 
     // New server list with drops
     List<ServerEntry> backends2 = Arrays.asList(
@@ -1968,37 +1971,40 @@ public void grpclbWorking_pickFirstMode() throws Exception {
         .updateBalancingState(any(ConnectivityState.class), any(SubchannelPicker.class));
     lbResponseObserver.onNext(buildLbResponse(backends2));
 
-    // new addresses will be updated to the existing subchannel
-    // createSubchannel() has ever been called only once
+    // Verify child LB is updated with new addresses, NOT recreated
+    inOrder.verify(helper, never()).createSubchannel(any(CreateSubchannelArgs.class));
     verify(helper, times(1)).createSubchannel(any(CreateSubchannelArgs.class));
     assertThat(mockSubchannels).isEmpty();
+
+    // The child LB policy internally calls updateAddresses on the subchannel
     verify(subchannel).updateAddresses(
         eq(Arrays.asList(
             new EquivalentAddressGroup(backends2.get(0).addr, eagAttrsWithToken("token0001")),
             new EquivalentAddressGroup(backends2.get(2).addr,
                 eagAttrsWithToken("token0004")))));
-    inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
-    RoundRobinPicker picker4 = (RoundRobinPicker) pickerCaptor.getValue();
-    assertThat(picker4.dropList).containsExactly(
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(READY), pickerCaptor.capture());
+    RoundRobinPicker picker3 = (RoundRobinPicker) pickerCaptor.getValue();
+    assertThat(picker3.dropList).containsExactly(
         null, new DropEntry(getLoadRecorder(), "token0003"), null);
-    assertThat(picker4.pickList).containsExactly(
-        new BackendEntry(subchannel, new TokenAttachingTracerFactory(getLoadRecorder())));
+    ChildLbPickerEntry updatedEntry = (ChildLbPickerEntry) picker3.pickList.get(0);
+    PickResult updatedResult =
+        updatedEntry.getChildPicker().pickSubchannel(mock(PickSubchannelArgs.class));
+    assertThat(updatedResult.getSubchannel()).isEqualTo(subchannel);
 
-    // Subchannel goes IDLE, but PICK_FIRST will not try to reconnect
+    // Subchannel goes IDLE, grpclb state should follow
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(IDLE));
     inOrder.verify(helper).updateBalancingState(eq(IDLE), pickerCaptor.capture());
-    RoundRobinPicker picker5 = (RoundRobinPicker) pickerCaptor.getValue();
-    verify(subchannel, never()).requestConnection();
+    RoundRobinPicker picker4 = (RoundRobinPicker) pickerCaptor.getValue();
 
-    // ... until it's selected
+    // No new connection request should have happened yet (beyond the first eager one)
+    verify(subchannel, times(1)).requestConnection();
     PickSubchannelArgs args = mock(PickSubchannelArgs.class);
-    PickResult pick = picker5.pickSubchannel(args);
-    assertThat(pick).isSameInstanceAs(PickResult.withNoResult());
-    verify(subchannel).requestConnection();
-
-    // ... or requested by application
-    balancer.requestConnection();
+    PickResult pick = picker4.pickSubchannel(args);
+    // Child pick_first picker returns withNoResult() when IDLE and requests connection
+    assertThat(pick.getSubchannel()).isNull();
     verify(subchannel, times(2)).requestConnection();
+    balancer.requestConnection();
+    verify(subchannel, times(3)).requestConnection();
 
     // PICK_FIRST doesn't use subchannelPool
     verify(subchannelPool, never())
@@ -2036,6 +2042,7 @@ public void grpclbWorking_pickFirstMode_lbSendsEmptyAddress() throws Exception {
     lbResponseObserver.onNext(buildInitialResponse());
     lbResponseObserver.onNext(buildLbResponse(backends1));
 
+    // The child pick_first creates the first subchannel
     inOrder.verify(helper).createSubchannel(createSubchannelArgsCaptor.capture());
     CreateSubchannelArgs createSubchannelArgs = createSubchannelArgsCaptor.getValue();
     assertThat(createSubchannelArgs.getAddresses())
@@ -2043,56 +2050,43 @@ public void grpclbWorking_pickFirstMode_lbSendsEmptyAddress() throws Exception {
             new EquivalentAddressGroup(backends1.get(0).addr, eagAttrsWithToken("token0001")),
             new EquivalentAddressGroup(backends1.get(1).addr, eagAttrsWithToken("token0002")));
 
-    // Initially IDLE
-    inOrder.verify(helper).updateBalancingState(eq(IDLE), pickerCaptor.capture());
+    // Child pick_first eagerly connects, so initial state is CONNECTING
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
     RoundRobinPicker picker0 = (RoundRobinPicker) pickerCaptor.getValue();
-
-    // Only one subchannel is created
+    // Verify subchannel creation by child LB
     assertThat(mockSubchannels).hasSize(1);
     Subchannel subchannel = mockSubchannels.poll();
     assertThat(picker0.dropList).containsExactly(null, null);
-    assertThat(picker0.pickList).containsExactly(new IdleSubchannelEntry(subchannel, syncContext));
-
-    // PICK_FIRST doesn't eagerly connect
-    verify(subchannel, never()).requestConnection();
+    assertThat(picker0.pickList).hasSize(1);
+    assertThat(picker0.pickList.get(0)).isInstanceOf(ChildLbPickerEntry.class);
 
-    // CONNECTING
-    deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(CONNECTING));
-    inOrder.verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
-    RoundRobinPicker picker1 = (RoundRobinPicker) pickerCaptor.getValue();
-    assertThat(picker1.dropList).containsExactly(null, null);
-    assertThat(picker1.pickList).containsExactly(BUFFER_ENTRY);
-
-    // TRANSIENT_FAILURE
-    Status error = Status.UNAVAILABLE.withDescription("Simulated connection error");
-    deliverSubchannelState(subchannel, ConnectivityStateInfo.forTransientFailure(error));
-    inOrder.verify(helper).updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
-    RoundRobinPicker picker2 = (RoundRobinPicker) pickerCaptor.getValue();
-    assertThat(picker2.dropList).containsExactly(null, null);
-    assertThat(picker2.pickList).containsExactly(new ErrorEntry(error));
+    // Child pick_first eagerly calls requestConnection()
+    verify(subchannel).requestConnection();
 
     // READY
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
-    inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
-    RoundRobinPicker picker3 = (RoundRobinPicker) pickerCaptor.getValue();
-    assertThat(picker3.dropList).containsExactly(null, null);
-    assertThat(picker3.pickList).containsExactly(
-        new BackendEntry(subchannel, new TokenAttachingTracerFactory(getLoadRecorder())));
-
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(READY), pickerCaptor.capture());
+    RoundRobinPicker pickerReady = (RoundRobinPicker) pickerCaptor.getValue();
+    // Verify the subchannel in the delegated picker
+    ChildLbPickerEntry readyEntry = (ChildLbPickerEntry) pickerReady.pickList.get(0);
+    assertThat(
+        readyEntry.getChildPicker().pickSubchannel(mock(PickSubchannelArgs.class)).getSubchannel())
+        .isEqualTo(subchannel);
     inOrder.verify(helper, never())
         .updateBalancingState(any(ConnectivityState.class), any(SubchannelPicker.class));
 
-    // Empty addresses from LB
+    // Empty addresses from LB - child LB is shutdown
     lbResponseObserver.onNext(buildLbResponse(Collections.<ServerEntry>emptyList()));
 
-    // new addresses will be updated to the existing subchannel
+    // Child LB is shutdown (which shuts down its subchannel)
     // createSubchannel() has ever been called only once
     inOrder.verify(helper, never()).createSubchannel(any(CreateSubchannelArgs.class));
     assertThat(mockSubchannels).isEmpty();
     verify(subchannel).shutdown();
 
     // RPC error status includes message of no backends provided by balancer
-    inOrder.verify(helper).updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
+    inOrder.verify(helper, atLeast(1))
+        .updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
     RoundRobinPicker errorPicker = (RoundRobinPicker) pickerCaptor.getValue();
     assertThat(errorPicker.pickList)
         .containsExactly(new ErrorEntry(GrpclbState.NO_AVAILABLE_BACKENDS_STATUS));
@@ -2109,18 +2103,22 @@ public void grpclbWorking_pickFirstMode_lbSendsEmptyAddress() throws Exception {
         .updateBalancingState(any(ConnectivityState.class), any(SubchannelPicker.class));
     lbResponseObserver.onNext(buildLbResponse(backends2));
 
-    // new addresses will be updated to the existing subchannel
-    inOrder.verify(helper, times(1)).createSubchannel(any(CreateSubchannelArgs.class));
-    inOrder.verify(helper).updateBalancingState(eq(IDLE), pickerCaptor.capture());
-    subchannel = mockSubchannels.poll();
+    // A NEW child LB and NEW subchannel are created upon recovery
+    inOrder.verify(helper).createSubchannel(any(CreateSubchannelArgs.class));
+    assertThat(mockSubchannels).hasSize(1);
+    Subchannel subchannel2 = mockSubchannels.poll();
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
 
     // Subchannel became READY
-    deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(CONNECTING));
-    deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
-    inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
-    RoundRobinPicker picker4 = (RoundRobinPicker) pickerCaptor.getValue();
-    assertThat(picker4.pickList).containsExactly(
-        new BackendEntry(subchannel, new TokenAttachingTracerFactory(getLoadRecorder())));
+    deliverSubchannelState(subchannel2, ConnectivityStateInfo.forNonError(READY));
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(READY), pickerCaptor.capture());
+    RoundRobinPicker pickerFinal = (RoundRobinPicker) pickerCaptor.getValue();
+    assertThat(pickerFinal.dropList).containsExactly(
+        null, new DropEntry(getLoadRecorder(), "token0003"), null);
+    ChildLbPickerEntry finalEntry = (ChildLbPickerEntry) pickerFinal.pickList.get(0);
+    assertThat(
+        finalEntry.getChildPicker().pickSubchannel(mock(PickSubchannelArgs.class)).getSubchannel())
+        .isEqualTo(subchannel2);
   }
 
   @Test
@@ -2179,7 +2177,7 @@ private void pickFirstModeFallback(long timeout) throws Exception {
     // Fallback timer expires with no response
     fakeClock.forwardTime(timeout, TimeUnit.MILLISECONDS);
 
-    // Entering fallback mode
+    // Entering fallback mode - child LB is created for fallback backends
     inOrder.verify(helper).createSubchannel(createSubchannelArgsCaptor.capture());
     CreateSubchannelArgs createSubchannelArgs = createSubchannelArgsCaptor.getValue();
     assertThat(createSubchannelArgs.getAddresses())
@@ -2188,23 +2186,24 @@ private void pickFirstModeFallback(long timeout) throws Exception {
     assertThat(mockSubchannels).hasSize(1);
     Subchannel subchannel = mockSubchannels.poll();
 
-    // Initially IDLE
-    inOrder.verify(helper).updateBalancingState(eq(IDLE), pickerCaptor.capture());
+    // child pick_first eagerly connects, so initial state is CONNECTING
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
     RoundRobinPicker picker0 = (RoundRobinPicker) pickerCaptor.getValue();
+    assertThat(picker0.pickList.get(0)).isInstanceOf(ChildLbPickerEntry.class);
 
-    // READY
+    // Initial eager connection request
+    verify(subchannel).requestConnection();
+    // READY transition in fallback
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
-    inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(READY), pickerCaptor.capture());
     RoundRobinPicker picker1 = (RoundRobinPicker) pickerCaptor.getValue();
     assertThat(picker1.dropList).containsExactly(null, null);
-    assertThat(picker1.pickList).containsExactly(
-        new BackendEntry(subchannel, new TokenAttachingTracerFactory(null)));
+    ChildLbPickerEntry readyEntry = (ChildLbPickerEntry) picker1.pickList.get(0);
+    assertThat(
+        readyEntry.getChildPicker().pickSubchannel(mock(PickSubchannelArgs.class)).getSubchannel())
+        .isEqualTo(subchannel);
 
-    assertThat(picker0.dropList).containsExactly(null, null);
-    assertThat(picker0.pickList).containsExactly(new IdleSubchannelEntry(subchannel, syncContext));
-
-
-    // Finally, an LB response, which brings us out of fallback
+    // Finally, an LB response arrives, which brings us out of fallback
     List<ServerEntry> backends1 = Arrays.asList(
         new ServerEntry("127.0.0.1", 2000, "token0001"),
         new ServerEntry("127.0.0.1", 2010, "token0002"));
@@ -2213,20 +2212,42 @@ private void pickFirstModeFallback(long timeout) throws Exception {
     lbResponseObserver.onNext(buildInitialResponse());
     lbResponseObserver.onNext(buildLbResponse(backends1));
 
-    // new addresses will be updated to the existing subchannel
-    // createSubchannel() has ever been called only once
+    // subchannel should be updated, NOT recreated
     inOrder.verify(helper, never()).createSubchannel(any(CreateSubchannelArgs.class));
     assertThat(mockSubchannels).isEmpty();
+    // The child LB internally calls updateAddresses on the existing subchannel
     verify(subchannel).updateAddresses(
         eq(Arrays.asList(
             new EquivalentAddressGroup(backends1.get(0).addr, eagAttrsWithToken("token0001")),
             new EquivalentAddressGroup(backends1.get(1).addr,
                 eagAttrsWithToken("token0002")))));
-    inOrder.verify(helper).updateBalancingState(eq(READY), pickerCaptor.capture());
+    inOrder.verify(helper, atLeast(1)).updateBalancingState(eq(READY), pickerCaptor.capture());
     RoundRobinPicker picker2 = (RoundRobinPicker) pickerCaptor.getValue();
     assertThat(picker2.dropList).containsExactly(null, null);
-    assertThat(picker2.pickList).containsExactly(
-        new BackendEntry(subchannel, new TokenAttachingTracerFactory(getLoadRecorder())));
+
+    // Verify subchannel is still the same via delegated picker
+    ChildLbPickerEntry updatedEntry = (ChildLbPickerEntry) picker2.pickList.get(0);
+    assertThat(
+        updatedEntry.getChildPicker().pickSubchannel(mock(PickSubchannelArgs.class))
+            .getSubchannel())
+        .isEqualTo(subchannel);
+
+    // Subchannel goes IDLE, grpclb follows
+    deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(IDLE));
+    inOrder.verify(helper).updateBalancingState(eq(IDLE), pickerCaptor.capture());
+    RoundRobinPicker pickerIdle = (RoundRobinPicker) pickerCaptor.getValue();
+
+    // Verify connection is NOT eagerly requested again yet (still only the 1st request from start)
+    verify(subchannel, times(1)).requestConnection();
+
+    // Picking while IDLE triggers a new connection request
+    PickSubchannelArgs args = mock(PickSubchannelArgs.class);
+    PickResult pick = pickerIdle.pickSubchannel(args);
+    assertThat(pick.getSubchannel()).isNull(); // BUFFERing while IDLE
+    verify(subchannel, times(2)).requestConnection();
+
+    balancer.requestConnection();
+    verify(subchannel, times(3)).requestConnection();
 
     // PICK_FIRST doesn't use subchannelPool
     verify(subchannelPool, never())
@@ -2260,6 +2281,8 @@ public void switchMode() throws Exception {
     List<ServerEntry> backends1 = Arrays.asList(
         new ServerEntry("127.0.0.1", 2000, "token0001"),
         new ServerEntry("127.0.0.1", 2010, "token0002"));
+
+    // RR Mode: Ensure no updates before initial response
     inOrder.verify(helper, never())
         .updateBalancingState(any(ConnectivityState.class), any(SubchannelPicker.class));
     lbResponseObserver.onNext(buildInitialResponse());
@@ -2284,7 +2307,6 @@ public void switchMode() throws Exception {
         Collections.<EquivalentAddressGroup>emptyList(),
         grpclbBalancerList, GrpclbConfig.create(Mode.PICK_FIRST));
 
-
     // GrpclbState will be shutdown, and a new one will be created
     assertThat(oobChannel.isShutdown()).isTrue();
     verify(subchannelPool)
@@ -2303,13 +2325,13 @@ public void switchMode() throws Exception {
             InitialLoadBalanceRequest.newBuilder().setName(SERVICE_AUTHORITY).build())
             .build()));
 
-    // Simulate receiving LB response
+    // Simulate receiving LB response for PICK_FIRST
     inOrder.verify(helper, never())
         .updateBalancingState(any(ConnectivityState.class), any(SubchannelPicker.class));
     lbResponseObserver.onNext(buildInitialResponse());
     lbResponseObserver.onNext(buildLbResponse(backends1));
 
-    // PICK_FIRST Subchannel
+    // PICK_FIRST Subchannel: child LB creates it
     inOrder.verify(helper).createSubchannel(createSubchannelArgsCaptor.capture());
     CreateSubchannelArgs createSubchannelArgs = createSubchannelArgsCaptor.getValue();
     assertThat(createSubchannelArgs.getAddresses())
@@ -2317,7 +2339,9 @@ public void switchMode() throws Exception {
             new EquivalentAddressGroup(backends1.get(0).addr, eagAttrsWithToken("token0001")),
             new EquivalentAddressGroup(backends1.get(1).addr, eagAttrsWithToken("token0002")));
 
-    inOrder.verify(helper).updateBalancingState(eq(IDLE), any(SubchannelPicker.class));
+    // Child pick_first eagerly connects, so initial state is CONNECTING (not IDLE)
+    inOrder.verify(helper, atLeast(1))
+        .updateBalancingState(eq(CONNECTING), any(SubchannelPicker.class));
   }
 
   private static Attributes eagAttrsWithToken(String token) {
@@ -2344,7 +2368,7 @@ public void switchMode_nullLbPolicy() throws Exception {
             InitialLoadBalanceRequest.newBuilder().setName(SERVICE_AUTHORITY).build())
             .build()));
 
-    // Simulate receiving LB response
+    // Simulate receiving LB response (Initial default mode: ROUND_ROBIN)
     List<ServerEntry> backends1 = Arrays.asList(
         new ServerEntry("127.0.0.1", 2000, "token0001"),
         new ServerEntry("127.0.0.1", 2010, "token0002"));
@@ -2391,13 +2415,13 @@ public void switchMode_nullLbPolicy() throws Exception {
             InitialLoadBalanceRequest.newBuilder().setName(SERVICE_AUTHORITY).build())
             .build()));
 
-    // Simulate receiving LB response
+    // Simulate receiving LB response for PICK_FIRST
     inOrder.verify(helper, never())
         .updateBalancingState(any(ConnectivityState.class), any(SubchannelPicker.class));
     lbResponseObserver.onNext(buildInitialResponse());
     lbResponseObserver.onNext(buildLbResponse(backends1));
 
-    // PICK_FIRST Subchannel
+    // PICK_FIRST Subchannel: with delegation, child LB creates the subchannel
     inOrder.verify(helper).createSubchannel(createSubchannelArgsCaptor.capture());
     CreateSubchannelArgs createSubchannelArgs = createSubchannelArgsCaptor.getValue();
     assertThat(createSubchannelArgs.getAddresses())
@@ -2405,7 +2429,9 @@ public void switchMode_nullLbPolicy() throws Exception {
             new EquivalentAddressGroup(backends1.get(0).addr, eagAttrsWithToken("token0001")),
             new EquivalentAddressGroup(backends1.get(1).addr, eagAttrsWithToken("token0002")));
 
-    inOrder.verify(helper).updateBalancingState(eq(IDLE), any(SubchannelPicker.class));
+    // Child pick_first eagerly connects, so state is CONNECTING (not IDLE)
+    inOrder.verify(helper, atLeast(1))
+        .updateBalancingState(eq(CONNECTING), any(SubchannelPicker.class));
   }
 
   @Test

From 6b2f7580cf0f9b0c03d9ffeb335ab95c2e54618d Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Tue, 23 Dec 2025 10:36:21 +0530
Subject: [PATCH 493/591] opentelemetry: plumb subchannel metrics disconnect
 error (#12342)

Finishes the remaining work of
[A94](https://github.com/grpc/proposal/pull/485/files) i.e. the plumbing the disconnect error
---
 .../internal/BinderClientTransportTest.java   |   3 +-
 .../internal/BinderClientTransport.java       |   3 +-
 .../RobolectricBinderTransportTest.java       |   6 +-
 .../grpc/internal/DelayedClientTransport.java |   6 +-
 .../io/grpc/internal/DisconnectError.java     |  34 +++++
 .../grpc/internal/GoAwayDisconnectError.java  |  64 +++++++++
 .../io/grpc/internal/InternalSubchannel.java  |   7 +-
 .../io/grpc/internal/KeepAliveManager.java    |  27 +++-
 .../io/grpc/internal/ManagedChannelImpl.java  |   2 +-
 .../grpc/internal/ManagedClientTransport.java |   3 +-
 .../java/io/grpc/internal/OobChannel.java     |   2 +-
 .../grpc/internal/SimpleDisconnectError.java  |  68 ++++++++++
 .../io/grpc/internal/SubchannelMetrics.java   |  81 -----------
 .../internal/DelayedClientTransportTest.java  |  30 +++--
 .../grpc/internal/InternalSubchannelTest.java | 126 ++++++++++++------
 .../grpc/internal/KeepAliveManagerTest.java   |  13 +-
 .../grpc/internal/ManagedChannelImplTest.java |  65 ++++++---
 .../internal/ManagedClientTransportTest.java  |   4 +-
 .../grpc/internal/AbstractTransportTest.java  |  24 ++--
 .../io/grpc/cronet/CronetClientTransport.java |   3 +-
 .../cronet/CronetClientTransportTest.java     |   4 +-
 .../io/grpc/inprocess/InProcessTransport.java |   3 +-
 .../ClientTransportLifecycleManager.java      |  13 +-
 .../io/grpc/netty/NettyClientHandler.java     |  25 ++--
 .../io/grpc/netty/NettyClientTransport.java   |  22 ++-
 .../io/grpc/netty/NettyClientHandlerTest.java |   3 +-
 .../grpc/netty/NettyClientTransportTest.java  |   3 +-
 .../io/grpc/netty/NettyTransportTest.java     |   3 +-
 .../grpc/netty/ProtocolNegotiatorsTest.java   |   3 +-
 .../io/grpc/okhttp/OkHttpClientTransport.java |  20 ++-
 .../okhttp/OkHttpClientTransportTest.java     |  94 ++++++++-----
 31 files changed, 507 insertions(+), 257 deletions(-)
 create mode 100644 core/src/main/java/io/grpc/internal/DisconnectError.java
 create mode 100644 core/src/main/java/io/grpc/internal/GoAwayDisconnectError.java
 create mode 100644 core/src/main/java/io/grpc/internal/SimpleDisconnectError.java

diff --git a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
index 17b83a090fe..aa3fb573ab5 100644
--- a/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
+++ b/binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java
@@ -49,6 +49,7 @@
 import io.grpc.internal.ClientStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.FixedObjectPool;
 import io.grpc.internal.ManagedClientTransport;
 import io.grpc.internal.ObjectPool;
@@ -529,7 +530,7 @@ private static final class TestTransportListener implements ManagedClientTranspo
     private final SettableFuture<Boolean> isTerminated = SettableFuture.create();
 
     @Override
-    public void transportShutdown(Status shutdownStatus) {
+    public void transportShutdown(Status shutdownStatus, DisconnectError disconnectError) {
       if (!this.shutdownStatus.set(shutdownStatus)) {
         throw new IllegalStateException("transportShutdown() already called");
       }
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
index 00437956a51..bef1eefd43e 100644
--- a/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
+++ b/binder/src/main/java/io/grpc/binder/internal/BinderClientTransport.java
@@ -56,6 +56,7 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ManagedClientTransport;
 import io.grpc.internal.ObjectPool;
+import io.grpc.internal.SimpleDisconnectError;
 import io.grpc.internal.StatsTraceContext;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledFuture;
@@ -305,7 +306,7 @@ public synchronized void shutdownNow(Status reason) {
   @Override
   @GuardedBy("this")
   void notifyShutdown(Status status) {
-    clientTransportListener.transportShutdown(status);
+    clientTransportListener.transportShutdown(status, SimpleDisconnectError.UNKNOWN);
   }
 
   @Override
diff --git a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
index 737c5651131..8282f5e1025 100644
--- a/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/RobolectricBinderTransportTest.java
@@ -26,6 +26,7 @@
 import static io.grpc.binder.internal.BinderTransport.WIRE_FORMAT_VERSION;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static org.junit.Assume.assumeTrue;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -58,6 +59,7 @@
 import io.grpc.internal.ClientTransport;
 import io.grpc.internal.ClientTransportFactory.ClientTransportOptions;
 import io.grpc.internal.ConnectionClientTransport;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.ManagedClientTransport;
@@ -357,7 +359,7 @@ public void clientIgnoresTransactionFromNonServerUids() throws Exception {
     sendShutdownTransportTransactionAsUid(client, serverUid);
 
     verify(mockClientTransportListener, timeout(TIMEOUT_MS))
-        .transportShutdown(statusCaptor.capture());
+        .transportShutdown(statusCaptor.capture(), any(DisconnectError.class));
     assertThat(statusCaptor.getValue().getCode()).isEqualTo(Status.Code.UNAVAILABLE);
     assertThat(statusCaptor.getValue().getDescription()).contains("shutdown");
   }
@@ -386,7 +388,7 @@ public void clientReportsAuthzErrorToServer() throws Exception {
             .build();
     runIfNotNull(client.start(mockClientTransportListener));
     verify(mockClientTransportListener, timeout(TIMEOUT_MS))
-        .transportShutdown(statusCaptor.capture());
+        .transportShutdown(statusCaptor.capture(), any(DisconnectError.class));
     assertThat(statusCaptor.getValue().getCode()).isEqualTo(Status.Code.PERMISSION_DENIED);
 
     // Client doesn't tell the server in this case by design -- we don't even want to start it!
diff --git a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
index 920a0e7006b..5569e1eecf8 100644
--- a/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/DelayedClientTransport.java
@@ -201,8 +201,8 @@ public ListenableFuture<SocketStats> getStats() {
   }
 
   /**
-   * Prevents creating any new streams.  Buffered streams are not failed and may still proceed
-   * when {@link #reprocess} is called.  The delayed transport will be terminated when there is no
+   * Prevents creating any new streams. Buffered streams are not failed and may still proceed
+   * when {@link #reprocess} is called. The delayed transport will be terminated when there is no
    * more buffered streams.
    */
   @Override
@@ -215,7 +215,7 @@ public final void shutdown(final Status status) {
       syncContext.executeLater(new Runnable() {
           @Override
           public void run() {
-            listener.transportShutdown(status);
+            listener.transportShutdown(status, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
           }
         });
       if (!hasPendingStreams() && reportTransportTerminated != null) {
diff --git a/core/src/main/java/io/grpc/internal/DisconnectError.java b/core/src/main/java/io/grpc/internal/DisconnectError.java
new file mode 100644
index 00000000000..771024f106e
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/DisconnectError.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * Represents the reason for a subchannel disconnection.
+ * Implementations are either the SimpleDisconnectError enum or the GoAwayDisconnectError class for
+ * dynamic ones.
+ */
+@Immutable
+public interface DisconnectError {
+  /**
+   * Returns the string representation suitable for use as an error tag.
+   *
+   * @return The formatted error tag string.
+   */
+  String toErrorString();
+}
diff --git a/core/src/main/java/io/grpc/internal/GoAwayDisconnectError.java b/core/src/main/java/io/grpc/internal/GoAwayDisconnectError.java
new file mode 100644
index 00000000000..20c8c709932
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/GoAwayDisconnectError.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * Represents a dynamic disconnection due to an HTTP/2 GOAWAY frame.
+ * This class is immutable and holds the specific error code from the frame.
+ */
+@Immutable
+public final class GoAwayDisconnectError implements DisconnectError {
+  private static final String ERROR_TAG = "GOAWAY";
+  private final GrpcUtil.Http2Error errorCode;
+
+  /**
+   * Creates a GoAway reason.
+   *
+   * @param errorCode The specific, non-null HTTP/2 error code (e.g., "NO_ERROR").
+   */
+  public GoAwayDisconnectError(GrpcUtil.Http2Error errorCode) {
+    if (errorCode == null) {
+      throw new NullPointerException("Http2Error cannot be null for GOAWAY");
+    }
+    this.errorCode = errorCode;
+  }
+
+  @Override
+  public String toErrorString() {
+    return ERROR_TAG + " " + errorCode.name();
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    GoAwayDisconnectError goAwayDisconnectError = (GoAwayDisconnectError) o;
+    return errorCode == goAwayDisconnectError.errorCode;
+  }
+
+  @Override
+  public int hashCode() {
+    return errorCode.hashCode();
+  }
+}
diff --git a/core/src/main/java/io/grpc/internal/InternalSubchannel.java b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
index 649843c5c03..7a48bf642fe 100644
--- a/core/src/main/java/io/grpc/internal/InternalSubchannel.java
+++ b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
@@ -326,7 +326,7 @@ public void run() {
   }
 
   /**
-   * Immediately attempt to reconnect if the current state is TRANSIENT_FAILURE. Otherwise this
+   * Immediately attempt to reconnect if the current state is TRANSIENT_FAILURE. Otherwise, this
    * method has no effect.
    */
   void resetConnectBackoff() {
@@ -620,7 +620,7 @@ public void transportInUse(boolean inUse) {
     }
 
     @Override
-    public void transportShutdown(final Status s) {
+    public void transportShutdown(final Status s, final DisconnectError disconnectError) {
       channelLogger.log(
           ChannelLogLevel.INFO, "{0} SHUTDOWN with {1}", transport.getLogId(), printShortStatus(s));
       shutdownInitiated = true;
@@ -639,8 +639,7 @@ public void run() {
                     NameResolver.ATTR_BACKEND_SERVICE),
                 /* locality= */ getAttributeOrDefault(addressIndex.getCurrentEagAttributes(),
                     EquivalentAddressGroup.ATTR_LOCALITY_NAME),
-                /* disconnectError= */ SubchannelMetrics.DisconnectError.UNKNOWN
-                    .getErrorString(null),
+                /* disconnectError= */ disconnectError.toErrorString(),
                 /* securityLevel= */ extractSecurityLevel(addressIndex.getCurrentEagAttributes()
                     .get(GrpcAttributes.ATTR_SECURITY_LEVEL)));
           } else if (pendingTransport == transport) {
diff --git a/core/src/main/java/io/grpc/internal/KeepAliveManager.java b/core/src/main/java/io/grpc/internal/KeepAliveManager.java
index d831a096087..535b3a82524 100644
--- a/core/src/main/java/io/grpc/internal/KeepAliveManager.java
+++ b/core/src/main/java/io/grpc/internal/KeepAliveManager.java
@@ -27,6 +27,7 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
+import javax.annotation.concurrent.ThreadSafe;
 
 /**
  * Manages keepalive pings.
@@ -262,9 +263,25 @@ public interface KeepAlivePinger {
    * Default client side {@link KeepAlivePinger}.
    */
   public static final class ClientKeepAlivePinger implements KeepAlivePinger {
-    private final ConnectionClientTransport transport;
 
-    public ClientKeepAlivePinger(ConnectionClientTransport transport) {
+
+    /**
+     * A {@link ClientTransport} that has life-cycle management.
+     *
+     */
+    @ThreadSafe
+    public interface TransportWithDisconnectReason extends ClientTransport {
+
+      /**
+       * Initiates a forceful shutdown in which preexisting and new calls are closed. Existing calls
+       * should be closed with the provided {@code reason} and {@code disconnectError}.
+       */
+      void shutdownNow(Status reason, DisconnectError disconnectError);
+    }
+
+    private final TransportWithDisconnectReason transport;
+
+    public ClientKeepAlivePinger(TransportWithDisconnectReason transport) {
       this.transport = transport;
     }
 
@@ -277,7 +294,8 @@ public void onSuccess(long roundTripTimeNanos) {}
         @Override
         public void onFailure(Status cause) {
           transport.shutdownNow(Status.UNAVAILABLE.withDescription(
-              "Keepalive failed. The connection is likely gone"));
+                  "Keepalive failed. The connection is likely gone"),
+              SimpleDisconnectError.CONNECTION_TIMED_OUT);
         }
       }, MoreExecutors.directExecutor());
     }
@@ -285,7 +303,8 @@ public void onFailure(Status cause) {
     @Override
     public void onPingTimeout() {
       transport.shutdownNow(Status.UNAVAILABLE.withDescription(
-          "Keepalive failed. The connection is likely gone"));
+              "Keepalive failed. The connection is likely gone"),
+          SimpleDisconnectError.CONNECTION_TIMED_OUT);
     }
   }
 }
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 849e4b8e45c..e9fda4e9ec3 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -2056,7 +2056,7 @@ public String toString() {
    */
   private final class DelayedTransportListener implements ManagedClientTransport.Listener {
     @Override
-    public void transportShutdown(Status s) {
+    public void transportShutdown(Status s, DisconnectError e) {
       checkState(shutdown.get(), "Channel must have been shut down");
     }
 
diff --git a/core/src/main/java/io/grpc/internal/ManagedClientTransport.java b/core/src/main/java/io/grpc/internal/ManagedClientTransport.java
index 184a4d98955..8350a005409 100644
--- a/core/src/main/java/io/grpc/internal/ManagedClientTransport.java
+++ b/core/src/main/java/io/grpc/internal/ManagedClientTransport.java
@@ -77,8 +77,9 @@ interface Listener {
      * <p>This is called exactly once, and must be called prior to {@link #transportTerminated}.
      *
      * @param s the reason for the shutdown.
+     * @param e the disconnect error.
      */
-    void transportShutdown(Status s);
+    void transportShutdown(Status s, DisconnectError e);
 
     /**
      * The transport completed shutting down. All resources have been released. All streams have
diff --git a/core/src/main/java/io/grpc/internal/OobChannel.java b/core/src/main/java/io/grpc/internal/OobChannel.java
index 30c9f55e796..71973ed5d64 100644
--- a/core/src/main/java/io/grpc/internal/OobChannel.java
+++ b/core/src/main/java/io/grpc/internal/OobChannel.java
@@ -117,7 +117,7 @@ public ClientStream newStream(MethodDescriptor<?, ?> method,
     this.channelz = Preconditions.checkNotNull(channelz);
     this.delayedTransport.start(new ManagedClientTransport.Listener() {
         @Override
-        public void transportShutdown(Status s) {
+        public void transportShutdown(Status s, DisconnectError e) {
           // Don't care
         }
 
diff --git a/core/src/main/java/io/grpc/internal/SimpleDisconnectError.java b/core/src/main/java/io/grpc/internal/SimpleDisconnectError.java
new file mode 100644
index 00000000000..addbfbe10a3
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/SimpleDisconnectError.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * Represents a fixed, static reason for disconnection.
+ */
+@Immutable
+public enum SimpleDisconnectError implements DisconnectError {
+  /**
+   * The subchannel was shut down for various reasons like parent channel shutdown,
+   * idleness, or load balancing policy changes.
+   */
+  SUBCHANNEL_SHUTDOWN("subchannel shutdown"),
+
+  /**
+   * Connection was reset (e.g., ECONNRESET, WSAECONNERESET).
+   */
+  CONNECTION_RESET("connection reset"),
+
+  /**
+   * Connection timed out (e.g., ETIMEDOUT, WSAETIMEDOUT), including closures
+   * from gRPC keepalives.
+   */
+  CONNECTION_TIMED_OUT("connection timed out"),
+
+  /**
+   * Connection was aborted (e.g., ECONNABORTED, WSAECONNABORTED).
+   */
+  CONNECTION_ABORTED("connection aborted"),
+
+  /**
+   * Any socket error not covered by other specific disconnect errors.
+   */
+  SOCKET_ERROR("socket error"),
+
+  /**
+   * A catch-all for any other unclassified reason.
+   */
+  UNKNOWN("unknown");
+
+  private final String errorTag;
+
+  SimpleDisconnectError(String errorTag) {
+    this.errorTag = errorTag;
+  }
+
+  @Override
+  public String toErrorString() {
+    return this.errorTag;
+  }
+}
diff --git a/core/src/main/java/io/grpc/internal/SubchannelMetrics.java b/core/src/main/java/io/grpc/internal/SubchannelMetrics.java
index 8921f13ebe6..4bc2cf47046 100644
--- a/core/src/main/java/io/grpc/internal/SubchannelMetrics.java
+++ b/core/src/main/java/io/grpc/internal/SubchannelMetrics.java
@@ -22,7 +22,6 @@
 import io.grpc.LongUpDownCounterMetricInstrument;
 import io.grpc.MetricInstrumentRegistry;
 import io.grpc.MetricRecorder;
-import javax.annotation.Nullable;
 
 final class SubchannelMetrics {
 
@@ -106,84 +105,4 @@ public void recordDisconnection(String target, String backendService, String loc
             ImmutableList.of(target),
             ImmutableList.of(securityLevel, backendService, locality));
   }
-
-  /**
-   * Represents the reason for a subchannel failure.
-   */
-  public enum DisconnectError {
-
-    /**
-     * Represents an HTTP/2 GOAWAY frame. The specific error code
-     * (e.g., "NO_ERROR", "PROTOCOL_ERROR") should be handled separately
-     * as it is a dynamic part of the error.
-     * See RFC 9113 for error codes: https://www.rfc-editor.org/rfc/rfc9113.html#name-error-codes
-     */
-    GOAWAY("goaway"),
-
-    /**
-     * The subchannel was shut down for various reasons like parent channel shutdown,
-     * idleness, or load balancing policy changes.
-     */
-    SUBCHANNEL_SHUTDOWN("subchannel shutdown"),
-
-    /**
-     * Connection was reset (e.g., ECONNRESET, WSAECONNERESET).
-     */
-    CONNECTION_RESET("connection reset"),
-
-    /**
-     * Connection timed out (e.g., ETIMEDOUT, WSAETIMEDOUT), including closures
-     * from gRPC keepalives.
-     */
-    CONNECTION_TIMED_OUT("connection timed out"),
-
-    /**
-     * Connection was aborted (e.g., ECONNABORTED, WSAECONNABORTED).
-     */
-    CONNECTION_ABORTED("connection aborted"),
-
-    /**
-     * Any socket error not covered by other specific disconnect errors.
-     */
-    SOCKET_ERROR("socket error"),
-
-    /**
-     * A catch-all for any other unclassified reason.
-     */
-    UNKNOWN("unknown");
-
-    private final String errorTag;
-
-    /**
-     * Private constructor to associate a description with each enum constant.
-     *
-     * @param errorTag The detailed explanation of the error.
-     */
-    DisconnectError(String errorTag) {
-      this.errorTag = errorTag;
-    }
-
-    /**
-     * Gets the error string suitable for use as a metric tag.
-     *
-     * <p>If the reason is {@code GOAWAY}, this method requires the specific
-     * HTTP/2 error code to create the complete tag (e.g., "goaway PROTOCOL_ERROR").
-     * For all other reasons, the parameter is ignored.</p>
-     *
-     * @param goawayErrorCode The specific HTTP/2 error code. This is only
-     *                        used if the reason is GOAWAY and should not be null in that case.
-     * @return The formatted error string.
-     */
-    public String getErrorString(@Nullable String goawayErrorCode) {
-      if (this == GOAWAY) {
-        if (goawayErrorCode == null || goawayErrorCode.isEmpty()) {
-          // Return the base tag if the code is missing, or consider throwing an exception
-          // throw new IllegalArgumentException("goawayErrorCode is required for GOAWAY reason.");
-          return this.errorTag;
-        }
-        return this.errorTag + " " + goawayErrorCode;
-      }
-      return this.errorTag;
-    }
-  }
 }
diff --git a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
index 3baf8ca7e16..d7e1d4ca4f6 100644
--- a/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
+++ b/core/src/test/java/io/grpc/internal/DelayedClientTransportTest.java
@@ -175,7 +175,8 @@ public void uncaughtException(Thread t, Throwable e) {
     delayedTransport.reprocess(mockPicker);
     assertEquals(0, delayedTransport.getPendingStreamsCount());
     delayedTransport.shutdown(SHUTDOWN_STATUS);
-    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS));
+    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener).transportTerminated();
     assertEquals(0, fakeExecutor.runDueTasks());
     verify(mockRealTransport).newStream(
@@ -187,7 +188,8 @@ public void uncaughtException(Thread t, Throwable e) {
 
   @Test public void transportTerminatedThenAssignTransport() {
     delayedTransport.shutdown(SHUTDOWN_STATUS);
-    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS));
+    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener).transportTerminated();
     delayedTransport.reprocess(mockPicker);
     verifyNoMoreInteractions(transportListener);
@@ -196,7 +198,8 @@ public void uncaughtException(Thread t, Throwable e) {
   @Test public void assignTransportThenShutdownThenNewStream() {
     delayedTransport.reprocess(mockPicker);
     delayedTransport.shutdown(SHUTDOWN_STATUS);
-    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS));
+    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener).transportTerminated();
     ClientStream stream = delayedTransport.newStream(
         method, headers, callOptions, tracers);
@@ -210,7 +213,8 @@ public void uncaughtException(Thread t, Throwable e) {
   @Test public void assignTransportThenShutdownNowThenNewStream() {
     delayedTransport.reprocess(mockPicker);
     delayedTransport.shutdownNow(Status.UNAVAILABLE);
-    verify(transportListener).transportShutdown(any(Status.class));
+    verify(transportListener).transportShutdown(any(Status.class),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener).transportTerminated();
     ClientStream stream = delayedTransport.newStream(
         method, headers, callOptions, tracers);
@@ -241,7 +245,8 @@ public void uncaughtException(Thread t, Throwable e) {
     delayedTransport.shutdown(SHUTDOWN_STATUS);
 
     // Stream is still buffered
-    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS));
+    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener, times(0)).transportTerminated();
     assertEquals(1, delayedTransport.getPendingStreamsCount());
 
@@ -275,7 +280,8 @@ public void uncaughtException(Thread t, Throwable e) {
     ClientStream stream = delayedTransport.newStream(
         method, new Metadata(), CallOptions.DEFAULT, tracers);
     delayedTransport.shutdown(SHUTDOWN_STATUS);
-    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS));
+    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener, times(0)).transportTerminated();
     assertEquals(1, delayedTransport.getPendingStreamsCount());
     stream.start(streamListener);
@@ -288,7 +294,8 @@ public void uncaughtException(Thread t, Throwable e) {
 
   @Test public void shutdownThenNewStream() {
     delayedTransport.shutdown(SHUTDOWN_STATUS);
-    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS));
+    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener).transportTerminated();
     ClientStream stream = delayedTransport.newStream(
         method, new Metadata(), CallOptions.DEFAULT, tracers);
@@ -303,7 +310,8 @@ public void uncaughtException(Thread t, Throwable e) {
         method, new Metadata(), CallOptions.DEFAULT, tracers);
     stream.start(streamListener);
     delayedTransport.shutdownNow(Status.UNAVAILABLE);
-    verify(transportListener).transportShutdown(any(Status.class));
+    verify(transportListener).transportShutdown(any(Status.class),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener).transportTerminated();
     verify(streamListener)
         .closed(statusCaptor.capture(), eq(RpcProgress.REFUSED), any(Metadata.class));
@@ -312,7 +320,8 @@ public void uncaughtException(Thread t, Throwable e) {
 
   @Test public void shutdownNowThenNewStream() {
     delayedTransport.shutdownNow(Status.UNAVAILABLE);
-    verify(transportListener).transportShutdown(any(Status.class));
+    verify(transportListener).transportShutdown(any(Status.class),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener).transportTerminated();
     ClientStream stream = delayedTransport.newStream(
         method, new Metadata(), CallOptions.DEFAULT, tracers);
@@ -487,7 +496,8 @@ public void uncaughtException(Thread t, Throwable e) {
 
     // wfr5 will stop delayed transport from terminating
     delayedTransport.shutdown(SHUTDOWN_STATUS);
-    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS));
+    verify(transportListener).transportShutdown(same(SHUTDOWN_STATUS),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
     verify(transportListener, never()).transportTerminated();
     // ... until it's gone
     picker = mock(SubchannelPicker.class);
diff --git a/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java b/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
index 4ac5fbac362..811344da307 100644
--- a/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
+++ b/core/src/test/java/io/grpc/internal/InternalSubchannelTest.java
@@ -233,7 +233,8 @@ public void constructor_eagListWithNull_throws() {
 
     // Fail this one. Because there is only one address to try, enter TRANSIENT_FAILURE.
     assertNoCallbackInvoke();
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(TRANSIENT_FAILURE, internalSubchannel.getState());
     assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
     // Backoff reset and using first back-off value interval
@@ -264,7 +265,8 @@ public void constructor_eagListWithNull_throws() {
     assertNoCallbackInvoke();
     // Here we use a different status from the first failure, and verify that it's passed to
     // the callback.
-    transports.poll().listener.transportShutdown(Status.RESOURCE_EXHAUSTED);
+    transports.poll().listener.transportShutdown(Status.RESOURCE_EXHAUSTED,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(TRANSIENT_FAILURE, internalSubchannel.getState());
     assertExactCallbackInvokes("onStateChange:" + RESOURCE_EXHAUSTED_STATE);
     // Second back-off interval
@@ -302,7 +304,8 @@ public void constructor_eagListWithNull_throws() {
 
     // Close the READY transport, will enter IDLE state.
     assertNoCallbackInvoke();
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(IDLE, internalSubchannel.getState());
     assertExactCallbackInvokes("onStateChange:IDLE");
 
@@ -334,7 +337,8 @@ public void constructor_eagListWithNull_throws() {
     assertEquals(CONNECTING, internalSubchannel.getState());
     verify(mockTransportFactory).newClientTransport(eq(addr1), any(), any());
     // Let this one fail without success
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // Still in CONNECTING
     assertNull(internalSubchannel.obtainActiveTransport());
     assertNoCallbackInvoke();
@@ -350,7 +354,8 @@ public void constructor_eagListWithNull_throws() {
     assertNull(internalSubchannel.obtainActiveTransport());
     // Fail this one too
     assertNoCallbackInvoke();
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // All addresses have failed, but we aren't controlling retries.
     assertEquals(IDLE, internalSubchannel.getState());
     assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
@@ -394,7 +399,8 @@ public void constructor_eagListWithNull_throws() {
             isA(TransportLogger.class));
 
     // Let this one fail without success
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // Still in CONNECTING
     assertNull(internalSubchannel.obtainActiveTransport());
     assertNoCallbackInvoke();
@@ -410,7 +416,8 @@ public void constructor_eagListWithNull_throws() {
     assertNull(internalSubchannel.obtainActiveTransport());
     // Fail this one too
     assertNoCallbackInvoke();
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // All addresses have failed. Delayed transport will be in back-off interval.
     assertEquals(TRANSIENT_FAILURE, internalSubchannel.getState());
     assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
@@ -441,7 +448,8 @@ public void constructor_eagListWithNull_throws() {
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
     // Fail this one too
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(CONNECTING, internalSubchannel.getState());
 
     // Forth attempt will start immediately. Keep back-off policy.
@@ -455,7 +463,8 @@ public void constructor_eagListWithNull_throws() {
             isA(TransportLogger.class));
     // Fail this one too
     assertNoCallbackInvoke();
-    transports.poll().listener.transportShutdown(Status.RESOURCE_EXHAUSTED);
+    transports.poll().listener.transportShutdown(Status.RESOURCE_EXHAUSTED,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // All addresses have failed again. Delayed transport will be in back-off interval.
     assertExactCallbackInvokes("onStateChange:" + RESOURCE_EXHAUSTED_STATE);
     assertEquals(TRANSIENT_FAILURE, internalSubchannel.getState());
@@ -492,7 +501,8 @@ public void constructor_eagListWithNull_throws() {
         ((CallTracingTransport) internalSubchannel.obtainActiveTransport()).delegate());
     // Then close it.
     assertNoCallbackInvoke();
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:IDLE");
     assertEquals(IDLE, internalSubchannel.getState());
 
@@ -508,7 +518,8 @@ public void constructor_eagListWithNull_throws() {
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
     // Fail the transport
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(CONNECTING, internalSubchannel.getState());
 
     // Second attempt will start immediately. Still no new back-off policy.
@@ -520,7 +531,8 @@ public void constructor_eagListWithNull_throws() {
             isA(TransportLogger.class));
     // Fail this one too
     assertEquals(CONNECTING, internalSubchannel.getState());
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // All addresses have failed. Enter TRANSIENT_FAILURE. Back-off in effect.
     assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
     assertEquals(TRANSIENT_FAILURE, internalSubchannel.getState());
@@ -584,7 +596,8 @@ public void updateAddresses_eagListWithNull_throws() {
             eq(addr1),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(CONNECTING, internalSubchannel.getState());
 
     // Second address connects
@@ -606,7 +619,8 @@ public void updateAddresses_eagListWithNull_throws() {
     verify(transports.peek().transport, never()).shutdownNow(any(Status.class));
 
     // And new addresses chosen when re-connecting
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:IDLE");
 
     assertNull(internalSubchannel.obtainActiveTransport());
@@ -616,13 +630,15 @@ public void updateAddresses_eagListWithNull_throws() {
             eq(addr2),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     verify(mockTransportFactory)
         .newClientTransport(
             eq(addr3),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     verifyNoMoreInteractions(mockTransportFactory);
 
     fakeClock.forwardNanos(10); // Drain retry, but don't care about result
@@ -643,7 +659,8 @@ public void updateAddresses_eagListWithNull_throws() {
             eq(addr1),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(CONNECTING, internalSubchannel.getState());
 
     // Second address connecting
@@ -666,7 +683,8 @@ public void updateAddresses_eagListWithNull_throws() {
     // And new addresses chosen when re-connecting
     transports.peek().listener.transportReady();
     assertExactCallbackInvokes("onStateChange:READY");
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:IDLE");
 
     assertNull(internalSubchannel.obtainActiveTransport());
@@ -676,13 +694,15 @@ public void updateAddresses_eagListWithNull_throws() {
             eq(addr2),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     verify(mockTransportFactory)
         .newClientTransport(
             eq(addr3),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     verifyNoMoreInteractions(mockTransportFactory);
 
     fakeClock.forwardNanos(10); // Drain retry, but don't care about result
@@ -721,7 +741,8 @@ public void updateAddresses_eagListWithNull_throws() {
 
     // And no other addresses attempted
     assertEquals(0, fakeClock.numPendingTasks());
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
     assertEquals(TRANSIENT_FAILURE, internalSubchannel.getState());
     verifyNoMoreInteractions(mockTransportFactory);
@@ -745,7 +766,8 @@ public void updateAddresses_eagListWithNull_throws() {
             eq(addr1),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(CONNECTING, internalSubchannel.getState());
 
     // Second address connects
@@ -769,7 +791,8 @@ public void updateAddresses_eagListWithNull_throws() {
     verify(transports.peek().transport).shutdown(any(Status.class));
 
     // And new addresses chosen when re-connecting
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertNoCallbackInvoke();
     assertEquals(IDLE, internalSubchannel.getState());
 
@@ -780,13 +803,15 @@ public void updateAddresses_eagListWithNull_throws() {
             eq(addr3),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     verify(mockTransportFactory)
         .newClientTransport(
             eq(addr4),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     verifyNoMoreInteractions(mockTransportFactory);
 
     fakeClock.forwardNanos(10); // Drain retry, but don't care about result
@@ -808,7 +833,8 @@ public void updateAddresses_eagListWithNull_throws() {
             eq(addr1),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(CONNECTING, internalSubchannel.getState());
 
     // Second address connecting
@@ -838,13 +864,15 @@ public void updateAddresses_eagListWithNull_throws() {
             eq(addr3),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     verify(mockTransportFactory)
         .newClientTransport(
             eq(addr4),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     verifyNoMoreInteractions(mockTransportFactory);
 
     fakeClock.forwardNanos(10); // Drain retry, but don't care about result
@@ -928,7 +956,8 @@ public void connectIsLazy() {
             isA(TransportLogger.class));
 
     // Fail this one
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
 
     // Will always reconnect after back-off
@@ -944,7 +973,8 @@ public void connectIsLazy() {
     transports.peek().listener.transportReady();
     assertExactCallbackInvokes("onStateChange:READY");
     // Then go-away
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:IDLE");
 
     // No scheduled tasks that would ever try to reconnect ...
@@ -974,7 +1004,8 @@ public void shutdownWhenReady() throws Exception {
     internalSubchannel.shutdown(SHUTDOWN_REASON);
     verify(transportInfo.transport).shutdown(same(SHUTDOWN_REASON));
     assertExactCallbackInvokes("onStateChange:SHUTDOWN");
-    transportInfo.listener.transportShutdown(SHUTDOWN_REASON);
+    transportInfo.listener.transportShutdown(SHUTDOWN_REASON,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
 
     transportInfo.listener.transportTerminated();
     assertExactCallbackInvokes("onTerminated");
@@ -997,7 +1028,8 @@ public void shutdownBeforeTransportCreated() throws Exception {
 
     // Fail this one
     MockClientTransportInfo transportInfo = transports.poll();
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo.listener.transportTerminated();
 
     // Entering TRANSIENT_FAILURE, waiting for back-off
@@ -1053,7 +1085,8 @@ public void shutdownBeforeTransportReady() throws Exception {
 
     // The transport should've been shut down even though it's not the active transport yet.
     verify(transportInfo.transport).shutdown(same(SHUTDOWN_REASON));
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertNoCallbackInvoke();
     transportInfo.listener.transportTerminated();
     assertExactCallbackInvokes("onTerminated");
@@ -1069,7 +1102,7 @@ public void shutdownNow() throws Exception {
     MockClientTransportInfo t1 = transports.poll();
     t1.listener.transportReady();
     assertExactCallbackInvokes("onStateChange:CONNECTING", "onStateChange:READY");
-    t1.listener.transportShutdown(Status.UNAVAILABLE);
+    t1.listener.transportShutdown(Status.UNAVAILABLE, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:IDLE");
 
     internalSubchannel.obtainActiveTransport();
@@ -1126,7 +1159,7 @@ public void inUseState() {
 
     t0.listener.transportInUse(true);
     assertExactCallbackInvokes("onInUse");
-    t0.listener.transportShutdown(Status.UNAVAILABLE);
+    t0.listener.transportShutdown(Status.UNAVAILABLE, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:IDLE");
 
     assertNull(internalSubchannel.obtainActiveTransport());
@@ -1159,7 +1192,7 @@ public void transportTerminateWithoutExitingInUse() {
     t0.listener.transportInUse(true);
     assertExactCallbackInvokes("onInUse");
 
-    t0.listener.transportShutdown(Status.UNAVAILABLE);
+    t0.listener.transportShutdown(Status.UNAVAILABLE, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:IDLE");
     t0.listener.transportTerminated();
     assertExactCallbackInvokes("onNotInUse");
@@ -1186,12 +1219,12 @@ public void run() {
     assertEquals(1, runnableInvokes.get());
 
     MockClientTransportInfo t0 = transports.poll();
-    t0.listener.transportShutdown(Status.UNAVAILABLE);
+    t0.listener.transportShutdown(Status.UNAVAILABLE, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertEquals(2, runnableInvokes.get());
 
     // 2nd address: reconnect immediatly
     MockClientTransportInfo t1 = transports.poll();
-    t1.listener.transportShutdown(Status.UNAVAILABLE);
+    t1.listener.transportShutdown(Status.UNAVAILABLE, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
 
     // Addresses exhausted, waiting for back-off.
     assertEquals(2, runnableInvokes.get());
@@ -1218,7 +1251,8 @@ public void resetConnectBackoff() throws Exception {
             eq(addr),
             eq(createClientTransportOptions()),
             isA(TransportLogger.class));
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
 
     // Save the reconnectTask
@@ -1254,7 +1288,8 @@ public void resetConnectBackoff() throws Exception {
 
     // Fail the reconnect attempt to verify that a fresh reconnect policy is generated after
     // invoking resetConnectBackoff()
-    transports.poll().listener.transportShutdown(Status.UNAVAILABLE);
+    transports.poll().listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertExactCallbackInvokes("onStateChange:" + UNAVAILABLE_STATE);
     verify(mockBackoffPolicyProvider, times(2)).get();
     fakeClock.forwardNanos(10);
@@ -1282,7 +1317,8 @@ public void channelzMembership() throws Exception {
     MockClientTransportInfo t0 = transports.poll();
     t0.listener.transportReady();
     assertTrue(channelz.containsClientSocket(t0.transport.getLogId()));
-    t0.listener.transportShutdown(Status.RESOURCE_EXHAUSTED);
+    t0.listener.transportShutdown(Status.RESOURCE_EXHAUSTED,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     t0.listener.transportTerminated();
     assertFalse(channelz.containsClientSocket(t0.transport.getLogId()));
   }
@@ -1502,7 +1538,8 @@ public void subchannelStateChanges_triggersAttemptFailedMetric() {
 
     // b. Fail the transport before it can signal `transportReady()`.
     transportInfo.listener.transportShutdown(
-        Status.INTERNAL.withDescription("Simulated connect failure"));
+        Status.INTERNAL.withDescription("Simulated connect failure"),
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     fakeClock.runDueTasks(); // Process the failure event
 
     // --- Verification ---
@@ -1556,7 +1593,8 @@ public void subchannelStateChanges_triggersSuccessAndDisconnectMetrics() {
     fakeClock.runDueTasks(); // Process the successful connection
 
     // --- Action: Transport is shut down ---
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE.withDescription("unknown"));
+    transportInfo.listener.transportShutdown(Status.UNAVAILABLE.withDescription("unknown"),
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     fakeClock.runDueTasks(); // Process the shutdown
 
     // --- Verification ---
@@ -1581,7 +1619,7 @@ public void subchannelStateChanges_triggersSuccessAndDisconnectMetrics() {
         eqMetricInstrumentName("grpc.subchannel.disconnections"),
         eq(1L),
         eq(Arrays.asList(AUTHORITY)),
-        eq(Arrays.asList(BACKEND_SERVICE, LOCALITY, "unknown"))
+        eq(Arrays.asList(BACKEND_SERVICE, LOCALITY, "subchannel shutdown"))
     );
     inOrder.verify(mockMetricRecorder).addLongUpDownCounter(
         eqMetricInstrumentName("grpc.subchannel.open_connections"),
diff --git a/core/src/test/java/io/grpc/internal/KeepAliveManagerTest.java b/core/src/test/java/io/grpc/internal/KeepAliveManagerTest.java
index 3cf7bfcedfe..81e3d1b2638 100644
--- a/core/src/test/java/io/grpc/internal/KeepAliveManagerTest.java
+++ b/core/src/test/java/io/grpc/internal/KeepAliveManagerTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -104,13 +105,15 @@ public void keepAlivePingDelayedByIncomingData() {
 
   @Test
   public void clientKeepAlivePinger_pingTimeout() {
-    ConnectionClientTransport transport = mock(ConnectionClientTransport.class);
+    ClientKeepAlivePinger.TransportWithDisconnectReason transport =
+        mock(ClientKeepAlivePinger.TransportWithDisconnectReason.class);
     ClientKeepAlivePinger pinger = new ClientKeepAlivePinger(transport);
 
     pinger.onPingTimeout();
 
     ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
-    verify(transport).shutdownNow(statusCaptor.capture());
+    verify(transport).shutdownNow(statusCaptor.capture(),
+        eq(SimpleDisconnectError.CONNECTION_TIMED_OUT));
     Status status = statusCaptor.getValue();
     assertThat(status.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
     assertThat(status.getDescription()).isEqualTo(
@@ -119,7 +122,8 @@ public void clientKeepAlivePinger_pingTimeout() {
 
   @Test
   public void clientKeepAlivePinger_pingFailure() {
-    ConnectionClientTransport transport = mock(ConnectionClientTransport.class);
+    ClientKeepAlivePinger.TransportWithDisconnectReason transport =
+        mock(ClientKeepAlivePinger.TransportWithDisconnectReason.class);
     ClientKeepAlivePinger pinger = new ClientKeepAlivePinger(transport);
     pinger.ping();
     ArgumentCaptor<ClientTransport.PingCallback> pingCallbackCaptor =
@@ -130,7 +134,8 @@ public void clientKeepAlivePinger_pingFailure() {
     pingCallback.onFailure(Status.UNAVAILABLE.withDescription("I must write descriptions"));
 
     ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
-    verify(transport).shutdownNow(statusCaptor.capture());
+    verify(transport).shutdownNow(statusCaptor.capture(),
+        eq(SimpleDisconnectError.CONNECTION_TIMED_OUT));
     Status status = statusCaptor.getValue();
     assertThat(status.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
     assertThat(status.getDescription()).isEqualTo(
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 91a9f506bc8..7b3e725991c 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -798,7 +798,8 @@ public void channelzMembership_subchannel() throws Exception {
     transportInfo.listener.transportReady();
 
     // terminate transport
-    transportInfo.listener.transportShutdown(Status.CANCELLED);
+    transportInfo.listener.transportShutdown(Status.CANCELLED,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo.listener.transportTerminated();
     assertFalse(channelz.containsClientSocket(transportInfo.transport.getLogId()));
 
@@ -841,7 +842,8 @@ public void channelzMembership_oob() throws Exception {
     assertTrue(channelz.containsClientSocket(transportInfo.transport.getLogId()));
 
     // terminate transport
-    transportInfo.listener.transportShutdown(Status.INTERNAL);
+    transportInfo.listener.transportShutdown(Status.INTERNAL,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo.listener.transportTerminated();
     assertFalse(channelz.containsClientSocket(transportInfo.transport.getLogId()));
 
@@ -1002,7 +1004,8 @@ private void subtestCallsAndShutdown(boolean shutdownNow, boolean shutdownNowAft
     }
 
     // Killing the remaining real transport will terminate the channel
-    transportListener.transportShutdown(Status.UNAVAILABLE);
+    transportListener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertFalse(channel.isTerminated());
     verify(executorPool, never()).returnObject(any());
     transportListener.transportTerminated();
@@ -1072,7 +1075,8 @@ public void noMoreCallbackAfterLoadBalancerShutdown() {
 
     // Since subchannels are shutdown, SubchannelStateListeners will only get SHUTDOWN regardless of
     // the transport states.
-    transportInfo1.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo1.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo2.listener.transportReady();
     verify(stateListener1).onSubchannelState(ConnectivityStateInfo.forNonError(SHUTDOWN));
     verify(stateListener2).onSubchannelState(ConnectivityStateInfo.forNonError(SHUTDOWN));
@@ -1141,7 +1145,8 @@ public void noMoreCallbackAfterLoadBalancerShutdown_configError() throws Interru
 
     // Since subchannels are shutdown, SubchannelStateListeners will only get SHUTDOWN regardless of
     // the transport states.
-    transportInfo1.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo1.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo2.listener.transportReady();
     verify(stateListener1).onSubchannelState(ConnectivityStateInfo.forNonError(SHUTDOWN));
     verify(stateListener2).onSubchannelState(ConnectivityStateInfo.forNonError(SHUTDOWN));
@@ -1277,7 +1282,8 @@ public void callOptionsExecutor() {
     verify(mockCallListener).onClose(same(Status.CANCELLED), same(trailers));
 
 
-    transportListener.transportShutdown(Status.UNAVAILABLE);
+    transportListener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportListener.transportTerminated();
 
     // Clean up as much as possible to allow the channel to terminate.
@@ -1429,7 +1435,8 @@ public void firstResolvedServerFailedToConnect() throws Exception {
 
     MockClientTransportInfo badTransportInfo = transports.poll();
     // Which failed to connect
-    badTransportInfo.listener.transportShutdown(Status.UNAVAILABLE);
+    badTransportInfo.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     inOrder.verifyNoMoreInteractions();
 
     // The channel then try the second address (goodAddress)
@@ -1579,7 +1586,8 @@ public void allServersFailedToConnect() throws Exception {
         .newClientTransport(
             same(addr2), any(ClientTransportOptions.class), any(ChannelLogger.class));
     MockClientTransportInfo transportInfo1 = transports.poll();
-    transportInfo1.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo1.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
 
     // Connecting to server2, which will fail too
     verify(mockTransportFactory)
@@ -1587,7 +1595,8 @@ public void allServersFailedToConnect() throws Exception {
             same(addr2), any(ClientTransportOptions.class), any(ChannelLogger.class));
     MockClientTransportInfo transportInfo2 = transports.poll();
     Status server2Error = Status.UNAVAILABLE.withDescription("Server2 failed to connect");
-    transportInfo2.listener.transportShutdown(server2Error);
+    transportInfo2.listener.transportShutdown(server2Error,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
 
     // ... which makes the subchannel enter TRANSIENT_FAILURE. The last error Status is propagated
     // to LoadBalancer.
@@ -1697,9 +1706,11 @@ public void run() {
     verify(transportInfo2.transport).shutdown(same(ManagedChannelImpl.SHUTDOWN_STATUS));
 
     // Cleanup
-    transportInfo1.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo1.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo1.listener.transportTerminated();
-    transportInfo2.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo2.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo2.listener.transportTerminated();
     timer.forwardTime(ManagedChannelImpl.SUBCHANNEL_SHUTDOWN_DELAY_SECONDS, TimeUnit.SECONDS);
   }
@@ -1739,8 +1750,10 @@ public void subchannelsWhenChannelShutdownNow() {
     verify(ti1.transport).shutdownNow(any(Status.class));
     verify(ti2.transport).shutdownNow(any(Status.class));
 
-    ti1.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"));
-    ti2.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"));
+    ti1.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"),
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
+    ti2.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"),
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     ti1.listener.transportTerminated();
 
     assertFalse(channel.isTerminated());
@@ -1829,7 +1842,8 @@ public void oobchannels() {
         ArgumentMatchers.<ClientStreamTracer[]>any());
 
     // The transport goes away
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo.listener.transportTerminated();
 
     // A new call will trigger a new transport
@@ -1848,7 +1862,8 @@ public void oobchannels() {
     // This transport fails
     Status transportError = Status.UNAVAILABLE.withDescription("Connection refused");
     assertEquals(0, balancerRpcExecutor.numPendingTasks());
-    transportInfo.listener.transportShutdown(transportError);
+    transportInfo.listener.transportShutdown(transportError,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     assertTrue(balancerRpcExecutor.runDueTasks() > 0);
 
     // Fail-fast RPC will fail, while wait-for-ready RPC will still be pending
@@ -2102,8 +2117,10 @@ public void oobChannelsWhenChannelShutdownNow() {
     verify(ti1.transport).shutdownNow(any(Status.class));
     verify(ti2.transport).shutdownNow(any(Status.class));
 
-    ti1.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"));
-    ti2.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"));
+    ti1.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"),
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
+    ti2.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"),
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     ti1.listener.transportTerminated();
 
     assertFalse(channel.isTerminated());
@@ -2331,7 +2348,8 @@ private void subtestNameResolutionRefreshWhenConnectionFailed(boolean isIdle) {
 
     // Transport closed when connecting
     assertEquals(expectedRefreshCount, resolver.refreshCalled);
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // When channel enters idle, new resolver is created but not started.
     if (!isIdle) {
       expectedRefreshCount++;
@@ -2346,7 +2364,8 @@ private void subtestNameResolutionRefreshWhenConnectionFailed(boolean isIdle) {
 
     // Transport closed when ready
     assertEquals(expectedRefreshCount, resolver.refreshCalled);
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE);
+    transportInfo.listener.transportShutdown(Status.UNAVAILABLE,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // When channel enters idle, new resolver is created but not started.
     if (!isIdle) {
       expectedRefreshCount++;
@@ -3917,7 +3936,8 @@ public double nextDouble() {
     verify(mockLoadBalancer).shutdown();
     // simulating the shutdown of load balancer triggers the shutdown of subchannel
     shutdownSafely(helper, subchannel);
-    transportInfo.listener.transportShutdown(Status.INTERNAL);
+    transportInfo.listener.transportShutdown(Status.INTERNAL,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo.listener.transportTerminated(); // simulating transport terminated
     assertTrue(
         "channel.isTerminated() is expected to be true but was false",
@@ -4022,7 +4042,8 @@ public void hedgingScheduledThenChannelShutdown_hedgeShouldStillHappen_newCallSh
     // simulating the shutdown of load balancer triggers the shutdown of subchannel
     shutdownSafely(helper, subchannel);
     // simulating transport shutdown & terminated
-    transportInfo.listener.transportShutdown(Status.INTERNAL);
+    transportInfo.listener.transportShutdown(Status.INTERNAL,
+        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     transportInfo.listener.transportTerminated();
     assertTrue(
         "channel.isTerminated() is expected to be true but was false",
@@ -4792,7 +4813,7 @@ public void transportTerminated(Attributes transportAttrs) {
     assertEquals(1, readyCallbackCalled.get());
     assertEquals(0, terminationCallbackCalled.get());
 
-    transportListener.transportShutdown(Status.OK);
+    transportListener.transportShutdown(Status.OK, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
 
     transportListener.transportTerminated();
     assertEquals(1, terminationCallbackCalled.get());
diff --git a/core/src/test/java/io/grpc/internal/ManagedClientTransportTest.java b/core/src/test/java/io/grpc/internal/ManagedClientTransportTest.java
index 0af88a62728..5ddea08131b 100644
--- a/core/src/test/java/io/grpc/internal/ManagedClientTransportTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedClientTransportTest.java
@@ -32,7 +32,7 @@ public class ManagedClientTransportTest {
   public void testListener() {
     ManagedClientTransport.Listener listener = new ManagedClientTransport.Listener() {
       @Override
-      public void transportShutdown(Status s) {}
+      public void transportShutdown(Status s, DisconnectError e) {}
 
       @Override
       public void transportTerminated() {}
@@ -45,7 +45,7 @@ public void transportInUse(boolean inUse) {}
     };
 
     // Test that the listener methods do not throw.
-    listener.transportShutdown(Status.OK);
+    listener.transportShutdown(Status.OK, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     listener.transportTerminated();
     listener.transportReady();
     listener.transportInUse(true);
diff --git a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
index c60174b2faf..5d6b88a1392 100644
--- a/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
+++ b/core/src/testFixtures/java/io/grpc/internal/AbstractTransportTest.java
@@ -326,7 +326,8 @@ public void serverNotListening() throws Exception {
     runIfNotNull(client.start(mockClientTransportListener));
     verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportTerminated();
     ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
-    inOrder.verify(mockClientTransportListener).transportShutdown(statusCaptor.capture());
+    inOrder.verify(mockClientTransportListener).transportShutdown(statusCaptor.capture(),
+        any(DisconnectError.class));
     assertCodeEquals(Status.UNAVAILABLE, statusCaptor.getValue());
     inOrder.verify(mockClientTransportListener).transportTerminated();
     verify(mockClientTransportListener, never()).transportReady();
@@ -342,7 +343,8 @@ public void clientStartStop() throws Exception {
     Status shutdownReason = Status.UNAVAILABLE.withDescription("shutdown called");
     client.shutdown(shutdownReason);
     verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportTerminated();
-    inOrder.verify(mockClientTransportListener).transportShutdown(same(shutdownReason));
+    inOrder.verify(mockClientTransportListener).transportShutdown(same(shutdownReason),
+        any(DisconnectError.class));
     inOrder.verify(mockClientTransportListener).transportTerminated();
     verify(mockClientTransportListener, never()).transportInUse(anyBoolean());
   }
@@ -358,7 +360,8 @@ public void clientStartAndStopOnceConnected() throws Exception {
         = serverListener.takeListenerOrFail(TIMEOUT_MS, TimeUnit.MILLISECONDS);
     client.shutdown(Status.UNAVAILABLE);
     verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportTerminated();
-    inOrder.verify(mockClientTransportListener).transportShutdown(any(Status.class));
+    inOrder.verify(mockClientTransportListener).transportShutdown(any(Status.class),
+        any(DisconnectError.class));
     inOrder.verify(mockClientTransportListener).transportTerminated();
     assertTrue(serverTransportListener.waitForTermination(TIMEOUT_MS, TimeUnit.MILLISECONDS));
     server.shutdown();
@@ -454,7 +457,8 @@ public void openStreamPreventsTermination() throws Exception {
     serverTransport.shutdown();
     serverTransport = null;
 
-    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class));
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class),
+        any(DisconnectError.class));
     assertTrue(serverListener.waitForShutdown(TIMEOUT_MS, TimeUnit.MILLISECONDS));
 
     // A new server should be able to start listening, since the current server has given up
@@ -504,7 +508,8 @@ public void shutdownNowKillsClientStream() throws Exception {
     client.shutdownNow(status);
     client = null;
 
-    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class));
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class),
+        any(DisconnectError.class));
     verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportTerminated();
     verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportInUse(false);
     assertTrue(serverTransportListener.waitForTermination(TIMEOUT_MS, TimeUnit.MILLISECONDS));
@@ -543,7 +548,8 @@ public void shutdownNowKillsServerStream() throws Exception {
     serverTransport.shutdownNow(shutdownStatus);
     serverTransport = null;
 
-    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class));
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class),
+        any(DisconnectError.class));
     verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportTerminated();
     verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportInUse(false);
     assertTrue(serverTransportListener.waitForTermination(TIMEOUT_MS, TimeUnit.MILLISECONDS));
@@ -591,7 +597,8 @@ public void ping_duringShutdown() throws Exception {
     ClientStreamListenerBase clientStreamListener = new ClientStreamListenerBase();
     stream.start(clientStreamListener);
     client.shutdown(Status.UNAVAILABLE);
-    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class));
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class),
+        any(DisconnectError.class));
     ClientTransport.PingCallback mockPingCallback = mock(ClientTransport.PingCallback.class);
     try {
       client.ping(mockPingCallback, MoreExecutors.directExecutor());
@@ -635,7 +642,8 @@ public void newStream_duringShutdown() throws Exception {
     ClientStreamListenerBase clientStreamListener = new ClientStreamListenerBase();
     stream.start(clientStreamListener);
     client.shutdown(Status.UNAVAILABLE);
-    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class));
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportShutdown(any(Status.class),
+        any(DisconnectError.class));
 
     ClientStream stream2 = client.newStream(
         methodDescriptor, new Metadata(), callOptions, tracers);
diff --git a/cronet/src/main/java/io/grpc/cronet/CronetClientTransport.java b/cronet/src/main/java/io/grpc/cronet/CronetClientTransport.java
index 465df8b2cc9..99eb88737aa 100644
--- a/cronet/src/main/java/io/grpc/cronet/CronetClientTransport.java
+++ b/cronet/src/main/java/io/grpc/cronet/CronetClientTransport.java
@@ -34,6 +34,7 @@
 import io.grpc.internal.ConnectionClientTransport;
 import io.grpc.internal.GrpcAttributes;
 import io.grpc.internal.GrpcUtil;
+import io.grpc.internal.SimpleDisconnectError;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.TransportTracer;
 import java.net.InetSocketAddress;
@@ -229,7 +230,7 @@ private void startGoAway(Status status) {
       startedGoAway = true;
     }
 
-    listener.transportShutdown(status);
+    listener.transportShutdown(status, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
 
     synchronized (lock) {
       goAway = true;
diff --git a/cronet/src/test/java/io/grpc/cronet/CronetClientTransportTest.java b/cronet/src/test/java/io/grpc/cronet/CronetClientTransportTest.java
index 03c31f93329..3a79cc0b6a8 100644
--- a/cronet/src/test/java/io/grpc/cronet/CronetClientTransportTest.java
+++ b/cronet/src/test/java/io/grpc/cronet/CronetClientTransportTest.java
@@ -34,6 +34,7 @@
 import io.grpc.Status;
 import io.grpc.cronet.CronetChannelBuilder.StreamBuilderFactory;
 import io.grpc.internal.ClientStreamListener;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.GrpcAttributes;
 import io.grpc.internal.ManagedClientTransport;
 import io.grpc.internal.TransportTracer;
@@ -128,7 +129,8 @@ public void shutdownTransport() throws Exception {
     BidirectionalStream.Callback callback2 = callbackCaptor.getValue();
     // Shut down the transport. transportShutdown should be called immediately.
     transport.shutdown();
-    verify(clientTransportListener).transportShutdown(any(Status.class));
+    verify(clientTransportListener).transportShutdown(any(Status.class),
+        any(DisconnectError.class));
     // Have two live streams. Transport has not been terminated.
     verify(clientTransportListener, times(0)).transportTerminated();
 
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
index e31696eb631..a92f10fd5c5 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -58,6 +58,7 @@
 import io.grpc.internal.ServerStreamListener;
 import io.grpc.internal.ServerTransport;
 import io.grpc.internal.ServerTransportListener;
+import io.grpc.internal.SimpleDisconnectError;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.StreamListener;
 import java.io.ByteArrayInputStream;
@@ -327,7 +328,7 @@ private synchronized void notifyShutdown(Status s) {
       return;
     }
     shutdown = true;
-    clientTransportListener.transportShutdown(s);
+    clientTransportListener.transportShutdown(s, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
   }
 
   private synchronized void notifyTerminated() {
diff --git a/netty/src/main/java/io/grpc/netty/ClientTransportLifecycleManager.java b/netty/src/main/java/io/grpc/netty/ClientTransportLifecycleManager.java
index b4e53d5568c..01e7bc3ed12 100644
--- a/netty/src/main/java/io/grpc/netty/ClientTransportLifecycleManager.java
+++ b/netty/src/main/java/io/grpc/netty/ClientTransportLifecycleManager.java
@@ -19,6 +19,7 @@
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import io.grpc.Attributes;
 import io.grpc.Status;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.ManagedClientTransport;
 
 /** Maintainer of transport lifecycle status. */
@@ -55,18 +56,18 @@ public void notifyReady() {
    * Marks transport as shutdown, but does not set the error status. This must eventually be
    * followed by a call to notifyShutdown.
    */
-  public void notifyGracefulShutdown(Status s) {
+  public void notifyGracefulShutdown(Status s, DisconnectError disconnectError) {
     if (transportShutdown) {
       return;
     }
     transportShutdown = true;
-    listener.transportShutdown(s);
+    listener.transportShutdown(s, disconnectError);
   }
 
   /** Returns {@code true} if was the first shutdown. */
   @CanIgnoreReturnValue
-  public boolean notifyShutdown(Status s) {
-    notifyGracefulShutdown(s);
+  public boolean notifyShutdown(Status s, DisconnectError disconnectError) {
+    notifyGracefulShutdown(s, disconnectError);
     if (shutdownStatus != null) {
       return false;
     }
@@ -82,12 +83,12 @@ public void notifyInUse(boolean inUse) {
     listener.transportInUse(inUse);
   }
 
-  public void notifyTerminated(Status s) {
+  public void notifyTerminated(Status s, DisconnectError disconnectError) {
     if (transportTerminated) {
       return;
     }
     transportTerminated = true;
-    notifyShutdown(s);
+    notifyShutdown(s, disconnectError);
     listener.transportTerminated();
   }
 
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
index d6bb3790433..8ebf89842ad 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -34,11 +34,14 @@
 import io.grpc.StatusException;
 import io.grpc.internal.ClientStreamListener.RpcProgress;
 import io.grpc.internal.ClientTransport.PingCallback;
+import io.grpc.internal.DisconnectError;
+import io.grpc.internal.GoAwayDisconnectError;
 import io.grpc.internal.GrpcAttributes;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.Http2Ping;
 import io.grpc.internal.InUseStateAggregator;
 import io.grpc.internal.KeepAliveManager;
+import io.grpc.internal.SimpleDisconnectError;
 import io.grpc.internal.TransportTracer;
 import io.grpc.netty.GrpcHttp2HeadersUtils.GrpcHttp2ClientHeadersDecoder;
 import io.netty.buffer.ByteBuf;
@@ -478,7 +481,8 @@ public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exce
     logger.fine("Network channel being closed by the application.");
     if (ctx.channel().isActive()) { // Ignore notification that the socket was closed
       lifecycleManager.notifyShutdown(
-          Status.UNAVAILABLE.withDescription("Transport closed for unknown reason"));
+          Status.UNAVAILABLE.withDescription("Transport closed for unknown reason"),
+          SimpleDisconnectError.UNKNOWN);
     }
     super.close(ctx, promise);
   }
@@ -491,7 +495,7 @@ public void channelInactive(ChannelHandlerContext ctx) throws Exception {
     try {
       logger.fine("Network channel is closed");
       Status status = Status.UNAVAILABLE.withDescription("Network closed for unknown reason");
-      lifecycleManager.notifyShutdown(status);
+      lifecycleManager.notifyShutdown(status, SimpleDisconnectError.UNKNOWN);
       final Status streamStatus;
       if (channelInactiveReason != null) {
         streamStatus = channelInactiveReason;
@@ -512,7 +516,7 @@ public boolean visit(Http2Stream stream) throws Http2Exception {
           }
         });
       } finally {
-        lifecycleManager.notifyTerminated(status);
+        lifecycleManager.notifyTerminated(status, SimpleDisconnectError.UNKNOWN);
       }
     } finally {
       // Close any open streams
@@ -560,7 +564,8 @@ InternalChannelz.Security getSecurityInfo() {
   protected void onConnectionError(ChannelHandlerContext ctx,  boolean outbound, Throwable cause,
       Http2Exception http2Ex) {
     logger.log(Level.FINE, "Caught a connection error", cause);
-    lifecycleManager.notifyShutdown(Utils.statusFromThrowable(cause));
+    lifecycleManager.notifyShutdown(Utils.statusFromThrowable(cause),
+        SimpleDisconnectError.SOCKET_ERROR);
     // Parent class will shut down the Channel
     super.onConnectionError(ctx, outbound, cause, http2Ex);
   }
@@ -667,7 +672,7 @@ private void createStream(CreateStreamCommand command, ChannelPromise promise)
       if (!connection().goAwaySent()) {
         logger.fine("Stream IDs have been exhausted for this connection. "
                 + "Initiating graceful shutdown of the connection.");
-        lifecycleManager.notifyShutdown(e.getStatus());
+        lifecycleManager.notifyShutdown(e.getStatus(), SimpleDisconnectError.UNKNOWN);
         close(ctx(), ctx().newPromise());
       }
       return;
@@ -893,7 +898,7 @@ public void operationComplete(ChannelFuture future) throws Exception {
 
   private void gracefulClose(ChannelHandlerContext ctx, GracefulCloseCommand msg,
       ChannelPromise promise) throws Exception {
-    lifecycleManager.notifyShutdown(msg.getStatus());
+    lifecycleManager.notifyShutdown(msg.getStatus(), SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // Explicitly flush to create any buffered streams before sending GOAWAY.
     // TODO(ejona): determine if the need to flush is a bug in Netty
     flush(ctx);
@@ -929,13 +934,15 @@ public boolean visit(Http2Stream stream) throws Http2Exception {
   private void goingAway(long errorCode, byte[] debugData) {
     Status finalStatus = statusFromH2Error(
         Status.Code.UNAVAILABLE, "GOAWAY shut down transport", errorCode, debugData);
-    lifecycleManager.notifyGracefulShutdown(finalStatus);
+    DisconnectError disconnectError = new GoAwayDisconnectError(
+        GrpcUtil.Http2Error.forCode(errorCode));
+    lifecycleManager.notifyGracefulShutdown(finalStatus, disconnectError);
     abruptGoAwayStatus = statusFromH2Error(
         Status.Code.UNAVAILABLE, "Abrupt GOAWAY closed unsent stream", errorCode, debugData);
     // While this _should_ be UNAVAILABLE, Netty uses the wrong stream id in the GOAWAY when it
     // fails streams due to HPACK failures (e.g., header list too large). To be more conservative,
     // we assume any sent streams may be related to the GOAWAY. This should rarely impact users
-    // since the main time servers should use abrupt GOAWAYs is if there is a protocol error, and if
+    // since the main time servers should use abrupt GOAWAYs if there is a protocol error, and if
     // there wasn't a protocol error the error code was probably NO_ERROR which is mapped to
     // UNAVAILABLE. https://github.com/netty/netty/issues/10670
     final Status abruptGoAwayStatusConservative = statusFromH2Error(
@@ -950,7 +957,7 @@ private void goingAway(long errorCode, byte[] debugData) {
     // This can cause reentrancy, but should be minor since it is normal to handle writes in
     // response to a read. Also, the call stack is rather shallow at this point
     clientWriteQueue.drainNow();
-    if (lifecycleManager.notifyShutdown(finalStatus)) {
+    if (lifecycleManager.notifyShutdown(finalStatus, disconnectError)) {
       // This is for the only RPCs that are actually covered by the GOAWAY error code. All other
       // RPCs were not observed by the remote and so should be UNAVAILABLE.
       channelInactiveReason = statusFromH2Error(
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
index e03989e9906..53914b3c877 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
@@ -37,11 +37,13 @@
 import io.grpc.Status;
 import io.grpc.internal.ClientStream;
 import io.grpc.internal.ConnectionClientTransport;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.FailingClientStream;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.Http2Ping;
 import io.grpc.internal.KeepAliveManager;
 import io.grpc.internal.KeepAliveManager.ClientKeepAlivePinger;
+import io.grpc.internal.SimpleDisconnectError;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.TransportTracer;
 import io.grpc.netty.NettyChannelBuilder.LocalSocketPicker;
@@ -68,7 +70,8 @@
 /**
  * A Netty-based {@link ConnectionClientTransport} implementation.
  */
-class NettyClientTransport implements ConnectionClientTransport {
+class NettyClientTransport implements ConnectionClientTransport,
+    ClientKeepAlivePinger.TransportWithDisconnectReason {
 
   private final InternalLogId logId;
   private final Map<ChannelOption<?>, ?> channelOptions;
@@ -231,8 +234,8 @@ public Runnable start(Listener transportListener) {
     EventLoop eventLoop = group.next();
     if (keepAliveTimeNanos != KEEPALIVE_TIME_NANOS_DISABLED) {
       keepAliveManager = new KeepAliveManager(
-          new ClientKeepAlivePinger(this), eventLoop, keepAliveTimeNanos, keepAliveTimeoutNanos,
-          keepAliveWithoutCalls);
+          new ClientKeepAlivePinger(this), eventLoop, keepAliveTimeNanos,
+          keepAliveTimeoutNanos, keepAliveWithoutCalls);
     }
 
     handler = NettyClientHandler.newHandler(
@@ -291,7 +294,8 @@ public void run() {
           // could use GlobalEventExecutor (which is what regFuture would use for notifying
           // listeners in this case), but avoiding on-demand thread creation in an error case seems
           // a good idea and is probably clearer threading.
-          lifecycleManager.notifyTerminated(statusExplainingWhyTheChannelIsNull);
+          lifecycleManager.notifyTerminated(statusExplainingWhyTheChannelIsNull,
+              SimpleDisconnectError.UNKNOWN);
         }
       };
     }
@@ -323,7 +327,8 @@ public void operationComplete(ChannelFuture future) throws Exception {
         if (!future.isSuccess()) {
           // Need to notify of this failure, because NettyClientHandler may not have been added to
           // the pipeline before the error occurred.
-          lifecycleManager.notifyTerminated(Utils.statusFromThrowable(future.cause()));
+          lifecycleManager.notifyTerminated(Utils.statusFromThrowable(future.cause()),
+              SimpleDisconnectError.UNKNOWN);
         }
       }
     });
@@ -357,12 +362,17 @@ public void shutdown(Status reason) {
 
   @Override
   public void shutdownNow(final Status reason) {
+    shutdownNow(reason, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
+  }
+
+  @Override
+  public void shutdownNow(final Status reason, DisconnectError disconnectError) {
     // Notifying of termination is automatically done when the channel closes.
     if (channel != null && channel.isOpen()) {
       handler.getWriteQueue().enqueue(new Runnable() {
         @Override
         public void run() {
-          lifecycleManager.notifyShutdown(reason);
+          lifecycleManager.notifyShutdown(reason, disconnectError);
           channel.write(new ForcefulCloseCommand(reason));
         }
       }, true);
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index c5289296ed0..53598727efd 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -67,6 +67,7 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.KeepAliveManager;
 import io.grpc.internal.ManagedClientTransport;
+import io.grpc.internal.SimpleDisconnectError;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.StreamListener;
 import io.grpc.internal.TransportTracer;
@@ -764,7 +765,7 @@ public void exhaustedStreamsShouldFail() throws Exception {
   public void nonExistentStream() throws Exception {
     Status status = Status.INTERNAL.withDescription("zz");
 
-    lifecycleManager.notifyShutdown(status);
+    lifecycleManager.notifyShutdown(status, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
     // Stream creation can race with the transport shutting down, with the create command already
     // enqueued.
     ChannelFuture future1 = createStream();
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index 7615a96b556..db44c8f50fd 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -64,6 +64,7 @@
 import io.grpc.internal.ClientStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientTransport;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.FixedObjectPool;
 import io.grpc.internal.GrpcUtil;
@@ -1462,7 +1463,7 @@ public FakeClientTransportListener(SettableFuture<Void> connected) {
     }
 
     @Override
-    public void transportShutdown(Status s) {}
+    public void transportShutdown(Status s, DisconnectError e) {}
 
     @Override
     public void transportTerminated() {}
diff --git a/netty/src/test/java/io/grpc/netty/NettyTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyTransportTest.java
index b1c89e22f93..b779dfbe980 100644
--- a/netty/src/test/java/io/grpc/netty/NettyTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyTransportTest.java
@@ -26,6 +26,7 @@
 import io.grpc.Status;
 import io.grpc.internal.AbstractTransportTest;
 import io.grpc.internal.ClientTransportFactory;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.ManagedClientTransport;
@@ -127,7 +128,7 @@ public void channelHasUnresolvedHostname() throws Exception {
             .setChannelLogger(logger), logger);
     Runnable runnable = transport.start(new ManagedClientTransport.Listener() {
       @Override
-      public void transportShutdown(Status s) {
+      public void transportShutdown(Status s, DisconnectError e) {
         future.set(s);
       }
 
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index cde33139965..80438532172 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -55,6 +55,7 @@
 import io.grpc.TlsChannelCredentials;
 import io.grpc.TlsServerCredentials;
 import io.grpc.internal.ClientTransportFactory;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.GrpcAttributes;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.ManagedClientTransport;
@@ -409,7 +410,7 @@ private Object expectHandshake(
     } else {
       ArgumentCaptor<Status> captor = ArgumentCaptor.forClass(Status.class);
       verify(clientTransportListener, timeout(TIMEOUT_SECONDS * 1000))
-          .transportShutdown(captor.capture());
+          .transportShutdown(captor.capture(), any(DisconnectError.class));
       result = captor.getValue();
     }
 
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
index ce1ff29aa5b..4764a6a1387 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@@ -48,6 +48,8 @@
 import io.grpc.internal.CertificateUtils;
 import io.grpc.internal.ClientStreamListener.RpcProgress;
 import io.grpc.internal.ConnectionClientTransport;
+import io.grpc.internal.DisconnectError;
+import io.grpc.internal.GoAwayDisconnectError;
 import io.grpc.internal.GrpcAttributes;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.Http2Ping;
@@ -56,6 +58,7 @@
 import io.grpc.internal.KeepAliveManager.ClientKeepAlivePinger;
 import io.grpc.internal.NoopSslSession;
 import io.grpc.internal.SerializingExecutor;
+import io.grpc.internal.SimpleDisconnectError;
 import io.grpc.internal.StatsTraceContext;
 import io.grpc.internal.TransportTracer;
 import io.grpc.okhttp.ExceptionHandlingFrameWriter.TransportExceptionHandler;
@@ -129,7 +132,7 @@
  * A okhttp-based {@link ConnectionClientTransport} implementation.
  */
 class OkHttpClientTransport implements ConnectionClientTransport, TransportExceptionHandler,
-      OutboundFlowController.Transport {
+      OutboundFlowController.Transport, ClientKeepAlivePinger.TransportWithDisconnectReason {
   private static final Map<ErrorCode, Status> ERROR_CODE_TO_STATUS = buildErrorCodeToStatusMap();
   private static final Logger log = Logger.getLogger(OkHttpClientTransport.class.getName());
   private static final String GRPC_ENABLE_PER_RPC_AUTHORITY_CHECK =
@@ -992,13 +995,18 @@ public void shutdown(Status reason) {
       }
 
       goAwayStatus = reason;
-      listener.transportShutdown(goAwayStatus);
+      listener.transportShutdown(goAwayStatus, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
       stopIfNecessary();
     }
   }
 
   @Override
   public void shutdownNow(Status reason) {
+    shutdownNow(reason, SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
+  }
+
+  @Override
+  public void shutdownNow(Status reason, DisconnectError disconnectError) {
     shutdown(reason);
     synchronized (lock) {
       Iterator<Map.Entry<Integer, OkHttpClientStream>> it = streams.entrySet().iterator();
@@ -1088,7 +1096,13 @@ private void startGoAway(int lastKnownStreamId, ErrorCode errorCode, Status stat
     synchronized (lock) {
       if (goAwayStatus == null) {
         goAwayStatus = status;
-        listener.transportShutdown(status);
+        GrpcUtil.Http2Error http2Error;
+        if (errorCode == null) {
+          http2Error = GrpcUtil.Http2Error.NO_ERROR;
+        } else {
+          http2Error = GrpcUtil.Http2Error.forCode(errorCode.httpCode);
+        }
+        listener.transportShutdown(status, new GoAwayDisconnectError(http2Error));
       }
       if (errorCode != null && !goAwaySent) {
         // Send GOAWAY with lastGoodStreamId of 0, since we don't expect any server-initiated
diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
index 99f430be009..f87912c44ea 100644
--- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
+++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpClientTransportTest.java
@@ -71,9 +71,12 @@
 import io.grpc.internal.ClientStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientTransport;
+import io.grpc.internal.DisconnectError;
 import io.grpc.internal.FakeClock;
+import io.grpc.internal.GoAwayDisconnectError;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.ManagedClientTransport;
+import io.grpc.internal.SimpleDisconnectError;
 import io.grpc.okhttp.OkHttpClientTransport.ClientFrameHandler;
 import io.grpc.okhttp.OkHttpFrameLogger.Direction;
 import io.grpc.okhttp.internal.Protocol;
@@ -280,7 +283,8 @@ public void testTransportExecutorWithTooFewThreads() throws Exception {
         null);
     clientTransport.start(transportListener);
     ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
-    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(statusCaptor.capture());
+    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(statusCaptor.capture(),
+        eq(new GoAwayDisconnectError(GrpcUtil.Http2Error.INTERNAL_ERROR)));
     Status capturedStatus = statusCaptor.getValue();
     assertEquals("Timed out waiting for second handshake thread. "
         + "The transport executor pool may have run out of threads",
@@ -481,7 +485,8 @@ public void nextFrameThrowIoException() throws Exception {
     assertEquals(NETWORK_ISSUE_MESSAGE, listener1.status.getCause().getMessage());
     assertEquals(Status.INTERNAL.getCode(), listener2.status.getCode());
     assertEquals(NETWORK_ISSUE_MESSAGE, listener2.status.getCause().getMessage());
-    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(isA(Status.class));
+    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     shutdownAndVerify();
   }
@@ -507,7 +512,8 @@ public void nextFrameThrowsError() throws Exception {
     assertEquals(0, activeStreamCount());
     assertEquals(Status.INTERNAL.getCode(), listener.status.getCode());
     assertEquals(ERROR_MESSAGE, listener.status.getCause().getMessage());
-    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(isA(Status.class));
+    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     shutdownAndVerify();
   }
@@ -523,7 +529,8 @@ public void nextFrameReturnFalse() throws Exception {
     frameReader.nextFrameAtEndOfStream();
     listener.waitUntilStreamClosed();
     assertEquals(Status.UNAVAILABLE.getCode(), listener.status.getCode());
-    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(isA(Status.class));
+    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     shutdownAndVerify();
   }
@@ -565,7 +572,8 @@ public void receivedHeadersForInvalidStreamShouldKillConnection() throws Excepti
         HeadersMode.HTTP_20_HEADERS);
     verify(frameWriter, timeout(TIME_OUT_MS))
         .goAway(eq(0), eq(ErrorCode.PROTOCOL_ERROR), any(byte[].class));
-    verify(transportListener).transportShutdown(isA(Status.class));
+    verify(transportListener).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     shutdownAndVerify();
   }
@@ -577,7 +585,8 @@ public void receivedDataForInvalidStreamShouldKillConnection() throws Exception
         1000, 1000);
     verify(frameWriter, timeout(TIME_OUT_MS))
         .goAway(eq(0), eq(ErrorCode.PROTOCOL_ERROR), any(byte[].class));
-    verify(transportListener).transportShutdown(isA(Status.class));
+    verify(transportListener).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     shutdownAndVerify();
   }
@@ -1173,7 +1182,8 @@ public void stopNormally() throws Exception {
     clientTransport.shutdown(SHUTDOWN_REASON);
 
     assertEquals(2, activeStreamCount());
-    verify(transportListener).transportShutdown(same(SHUTDOWN_REASON));
+    verify(transportListener).transportShutdown(same(SHUTDOWN_REASON),
+        eq(SimpleDisconnectError.SUBCHANNEL_SHUTDOWN));
 
     stream1.cancel(Status.CANCELLED);
     stream2.cancel(Status.CANCELLED);
@@ -1207,7 +1217,8 @@ public void receiveGoAway() throws Exception {
     frameHandler().goAway(3, ErrorCode.CANCEL, ByteString.EMPTY);
 
     // Transport should be in STOPPING state.
-    verify(transportListener).transportShutdown(isA(Status.class));
+    verify(transportListener).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, never()).transportTerminated();
 
     // Stream 2 should be closed.
@@ -1277,7 +1288,8 @@ public void streamIdExhausted() throws Exception {
     // Should only have the first message delivered.
     assertEquals(message, listener.messages.get(0));
     verify(frameWriter, timeout(TIME_OUT_MS)).rstStream(eq(startId), eq(ErrorCode.CANCEL));
-    verify(transportListener).transportShutdown(isA(Status.class));
+    verify(transportListener).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     shutdownAndVerify();
   }
@@ -1588,7 +1600,8 @@ public void receiveDataForUnknownStreamUpdateConnectionWindow() throws Exception
         (int) buffer.size());
     verify(frameWriter, timeout(TIME_OUT_MS))
         .goAway(eq(0), eq(ErrorCode.PROTOCOL_ERROR), any(byte[].class));
-    verify(transportListener).transportShutdown(isA(Status.class));
+    verify(transportListener).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     shutdownAndVerify();
   }
@@ -1608,7 +1621,8 @@ public void receiveWindowUpdateForUnknownStream() throws Exception {
     frameHandler().windowUpdate(5, 73);
     verify(frameWriter, timeout(TIME_OUT_MS))
         .goAway(eq(0), eq(ErrorCode.PROTOCOL_ERROR), any(byte[].class));
-    verify(transportListener).transportShutdown(isA(Status.class));
+    verify(transportListener).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     shutdownAndVerify();
   }
@@ -1821,9 +1835,10 @@ public void unreachableServer() throws Exception {
 
     ManagedClientTransport.Listener listener = mock(ManagedClientTransport.Listener.class);
     clientTransport.start(listener);
-    ArgumentCaptor<Status> captor = ArgumentCaptor.forClass(Status.class);
-    verify(listener, timeout(TIME_OUT_MS)).transportShutdown(captor.capture());
-    Status status = captor.getValue();
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(listener, timeout(TIME_OUT_MS)).transportShutdown(statusCaptor.capture(),
+        eq(new GoAwayDisconnectError(GrpcUtil.Http2Error.INTERNAL_ERROR)));
+    Status status = statusCaptor.getValue();
     assertEquals(Status.UNAVAILABLE.getCode(), status.getCode());
     assertTrue(status.getCause().toString(), status.getCause() instanceof IOException);
 
@@ -1852,9 +1867,10 @@ public void customSocketFactory() throws Exception {
 
     ManagedClientTransport.Listener listener = mock(ManagedClientTransport.Listener.class);
     clientTransport.start(listener);
-    ArgumentCaptor<Status> captor = ArgumentCaptor.forClass(Status.class);
-    verify(listener, timeout(TIME_OUT_MS)).transportShutdown(captor.capture());
-    Status status = captor.getValue();
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(listener, timeout(TIME_OUT_MS)).transportShutdown(statusCaptor.capture(),
+        eq(new GoAwayDisconnectError(GrpcUtil.Http2Error.INTERNAL_ERROR)));
+    Status status = statusCaptor.getValue();
     assertEquals(Status.UNAVAILABLE.getCode(), status.getCode());
     assertSame(exception, status.getCause());
   }
@@ -1903,7 +1919,8 @@ public void proxy_200() throws Exception {
     });
     sock.getOutputStream().flush();
 
-    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(isA(Status.class));
+    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(isA(Status.class),
+        any(DisconnectError.class));
     while (sock.getInputStream().read() != -1) {}
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     sock.close();
@@ -1943,17 +1960,18 @@ public void proxy_500() throws Exception {
 
     assertEquals(-1, sock.getInputStream().read());
 
-    ArgumentCaptor<Status> captor = ArgumentCaptor.forClass(Status.class);
-    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(captor.capture());
-    Status error = captor.getValue();
-    assertTrue("Status didn't contain error code: " + captor.getValue(),
-        error.getDescription().contains("500"));
-    assertTrue("Status didn't contain error description: " + captor.getValue(),
-        error.getDescription().contains("OH NO"));
-    assertTrue("Status didn't contain error text: " + captor.getValue(),
-        error.getDescription().contains(errorText));
-    assertEquals("Not UNAVAILABLE: " + captor.getValue(),
-        Status.UNAVAILABLE.getCode(), error.getCode());
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(statusCaptor.capture(),
+        eq(new GoAwayDisconnectError(GrpcUtil.Http2Error.INTERNAL_ERROR)));
+    Status status = statusCaptor.getValue();
+    assertTrue("Status didn't contain error code: " + statusCaptor.getValue(),
+        status.getDescription().contains("500"));
+    assertTrue("Status didn't contain error description: " + statusCaptor.getValue(),
+        status.getDescription().contains("OH NO"));
+    assertTrue("Status didn't contain error text: " + statusCaptor.getValue(),
+        status.getDescription().contains(errorText));
+    assertEquals("Not UNAVAILABLE: " + statusCaptor.getValue(),
+        Status.UNAVAILABLE.getCode(), status.getCode());
     sock.close();
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
   }
@@ -1980,13 +1998,14 @@ public void proxy_immediateServerClose() throws Exception {
     serverSocket.close();
     sock.close();
 
-    ArgumentCaptor<Status> captor = ArgumentCaptor.forClass(Status.class);
-    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(captor.capture());
-    Status error = captor.getValue();
-    assertTrue("Status didn't contain proxy: " + captor.getValue(),
-        error.getDescription().contains("proxy"));
-    assertEquals("Not UNAVAILABLE: " + captor.getValue(),
-        Status.UNAVAILABLE.getCode(), error.getCode());
+    ArgumentCaptor<Status> statusCaptor = ArgumentCaptor.forClass(Status.class);
+    verify(transportListener, timeout(TIME_OUT_MS)).transportShutdown(statusCaptor.capture(),
+        eq(new GoAwayDisconnectError(GrpcUtil.Http2Error.INTERNAL_ERROR)));
+    Status status = statusCaptor.getValue();
+    assertTrue("Status didn't contain proxy: " + statusCaptor.getValue(),
+        status.getDescription().contains("proxy"));
+    assertEquals("Not UNAVAILABLE: " + statusCaptor.getValue(),
+        Status.UNAVAILABLE.getCode(), status.getCode());
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
   }
 
@@ -2017,7 +2036,8 @@ public void proxy_serverHangs() throws Exception {
     assertEquals("Host: theservice:80", reader.readLine());
     while (!"".equals(reader.readLine())) {}
 
-    verify(transportListener, timeout(200)).transportShutdown(any(Status.class));
+    verify(transportListener, timeout(200)).transportShutdown(any(Status.class),
+        any(DisconnectError.class));
     verify(transportListener, timeout(TIME_OUT_MS)).transportTerminated();
     sock.close();
   }

From c7f3cdbc3eb83981fbf5574f92e18e1d4c929f57 Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Tue, 16 Dec 2025 18:57:02 -0800
Subject: [PATCH 494/591] bazel: always load java_proto_library from the
 protobuf repo

The java_proto_library rule in rules_java is deprecated.
---
 BUILD.bazel               | 3 ++-
 alts/BUILD.bazel          | 3 ++-
 testing-proto/BUILD.bazel | 2 +-
 xds/BUILD.bazel           | 3 ++-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/BUILD.bazel b/BUILD.bazel
index fee2c0bd12d..27a99fb62eb 100644
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-load("@rules_java//java:defs.bzl", "java_library", "java_plugin", "java_proto_library")
+load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
+load("@rules_java//java:defs.bzl", "java_library", "java_plugin")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load(":java_grpc_library.bzl", "java_grpc_library")
 
diff --git a/alts/BUILD.bazel b/alts/BUILD.bazel
index 5cf14504e2c..f29df303fbe 100644
--- a/alts/BUILD.bazel
+++ b/alts/BUILD.bazel
@@ -1,5 +1,6 @@
+load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
 load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
-load("@rules_java//java:defs.bzl", "java_library", "java_proto_library")
+load("@rules_java//java:defs.bzl", "java_library")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "java_grpc_library")
 
diff --git a/testing-proto/BUILD.bazel b/testing-proto/BUILD.bazel
index 362cee91463..aa0fc9ee20b 100644
--- a/testing-proto/BUILD.bazel
+++ b/testing-proto/BUILD.bazel
@@ -1,5 +1,5 @@
+load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
 load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
-load("@rules_java//java:defs.bzl", "java_proto_library")
 load("//:java_grpc_library.bzl", "java_grpc_library")
 
 proto_library(
diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index be44abf4f39..7f2c5f02338 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -1,6 +1,7 @@
 load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar")
+load("@com_google_protobuf//bazel:java_proto_library.bzl", "java_proto_library")
 load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
-load("@rules_java//java:defs.bzl", "java_binary", "java_library", "java_proto_library", "java_test")
+load("@rules_java//java:defs.bzl", "java_binary", "java_library", "java_test")
 load("@rules_jvm_external//:defs.bzl", "artifact")
 load("//:java_grpc_library.bzl", "INTERNAL_java_grpc_library_for_xds", "java_grpc_library", "java_rpc_toolchain")
 

From 52f23e435d5f635393900e7c40dda1fa58053728 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 24 Dec 2025 09:59:45 +0530
Subject: [PATCH 495/591] Update README etc to reference 1.78.0 (#12584)

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 7bd0e67f275..205187b4000 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.77.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.77.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.78.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.78.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,34 +56,34 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.77.0</version>
+  <version>1.78.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.77.0</version>
+  <version>1.78.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.77.0</version>
+  <version>1.78.0</version>
 </dependency>
 ```
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.77.0'
-implementation 'io.grpc:grpc-protobuf:1.77.0'
-implementation 'io.grpc:grpc-stub:1.77.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.78.0'
+implementation 'io.grpc:grpc-protobuf:1.78.0'
+implementation 'io.grpc:grpc-stub:1.78.0'
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.77.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.77.0'
-implementation 'io.grpc:grpc-stub:1.77.0'
+implementation 'io.grpc:grpc-okhttp:1.78.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.78.0'
+implementation 'io.grpc:grpc-stub:1.78.0'
 ```
 
 For [Bazel](https://bazel.build), you can either
@@ -91,7 +91,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.77.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.78.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://central.sonatype.com/repository/maven-snapshots/).
@@ -123,7 +123,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.8:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.77.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.78.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -153,7 +153,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0'
     }
   }
   generateProtoTasks {
@@ -186,7 +186,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.77.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0'
     }
   }
   generateProtoTasks {

From 7c87bf49d4499c35d9945175a2ddf5f95642089c Mon Sep 17 00:00:00 2001
From: Yun Peng <pcloudy@google.com>
Date: Tue, 16 Dec 2025 15:50:00 +0100
Subject: [PATCH 496/591] Fix build with Bazel 9 by upgrading bazel_jar_jar and
 grpc-proto versions

---
 MODULE.bazel | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 42568eef6fd..5bf2ece6a25 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -46,10 +46,10 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
 ]
 # GRPC_DEPS_END
 
-bazel_dep(name = "bazel_jar_jar", version = "0.1.7")
+bazel_dep(name = "bazel_jar_jar", version = "0.1.11.bcr.1")
 bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "googleapis", version = "0.0.0-20240326-1c8d509c5", repo_name = "com_google_googleapis")
-bazel_dep(name = "grpc-proto", version = "0.0.0-20240627-ec30f58", repo_name = "io_grpc_grpc_proto")
+bazel_dep(name = "grpc-proto", version = "0.0.0-20240627-ec30f58.bcr.1", repo_name = "io_grpc_grpc_proto")
 bazel_dep(name = "protobuf", version = "33.1", repo_name = "com_google_protobuf")
 bazel_dep(name = "rules_cc", version = "0.0.9")
 bazel_dep(name = "rules_java", version = "9.1.0")

From 12f610f8e04f958f65797fdddc3f8064d8a666c1 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 23 Dec 2025 13:26:35 -0800
Subject: [PATCH 497/591] bazel: Fix Bazel 8 WORKSPACE support

There's some rearranging happening here, like moving jar_jar later. But
the main thing is downgrading rules_java to 8.15.2. rules_java 8.16 and
later somehow break protobuf:

```
	File ".../external/com_google_protobuf/bazel/private/proto_library_rule.bzl", line 43, column 17, in _get_import_prefix
		if not paths.is_normalized(import_prefix):
Error: 'struct' value has no field or method 'is_normalized'
Available attributes: basename, dirname, is_absolute, join, normalize, relativize, replace_extension, split_extension
```

https://github.com/protocolbuffers/protobuf/issues/17687 claims that
this is due to not using bazel_skylib 1.7.0, but protobuf_deps is
defining bazel_skylib to be 1.7.0 and nothing earlier seems to be
defining bazel_skylib. So we'll leave this as a bit of a mystery for
later. rules_java 8.15.2 is still newer than protobuf_deps's 8.6.1.
---
 WORKSPACE          | 47 ++++++++++++++++++++--------------------------
 examples/WORKSPACE | 43 ++++++++++++++++++++++++++++--------------
 2 files changed, 49 insertions(+), 41 deletions(-)

diff --git a/WORKSPACE b/WORKSPACE
index 7d435ec82dc..1efdf2793a8 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -1,50 +1,34 @@
 workspace(name = "io_grpc_grpc_java")
 
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+load("//:repositories.bzl", "IO_GRPC_GRPC_JAVA_ARTIFACTS", "IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS", "grpc_java_repositories")
 
-http_archive(
-    name = "bazel_features",
-    sha256 = "a660027f5a87f13224ab54b8dc6e191693c554f2692fcca46e8e29ee7dabc43b",
-    strip_prefix = "bazel_features-1.30.0",
-    url = "https://github.com/bazel-contrib/bazel_features/releases/download/v1.30.0/bazel_features-v1.30.0.tar.gz",
-)
-
-load("@bazel_features//:deps.bzl", "bazel_features_deps")
-
-bazel_features_deps()
+grpc_java_repositories()
 
 http_archive(
     name = "rules_java",
-    sha256 = "4e1a28a25c2efa53500c928d22ceffbc505dd95b335a2d025836a293b592212f",
+    sha256 = "47632cc506c858011853073449801d648e10483d4b50e080ec2549a4b2398960",
     urls = [
-        "https://github.com/bazelbuild/rules_java/releases/download/9.1.0/rules_java-9.1.0.tar.gz",
+        "https://github.com/bazelbuild/rules_java/releases/download/8.15.2/rules_java-8.15.2.tar.gz",
     ],
 )
 
-load("@rules_java//java:rules_java_deps.bzl", "compatibility_proxy_repo")
+load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS", "protobuf_deps")
 
-compatibility_proxy_repo()
+protobuf_deps()
 
-http_archive(
-    name = "rules_jvm_external",
-    sha256 = "d31e369b854322ca5098ea12c69d7175ded971435e55c18dd9dd5f29cc5249ac",
-    strip_prefix = "rules_jvm_external-5.3",
-    url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/5.3/rules_jvm_external-5.3.tar.gz",
-)
+load("@rules_java//java:rules_java_deps.bzl", "rules_java_dependencies")
 
-load("@rules_jvm_external//:defs.bzl", "maven_install")
-load("//:repositories.bzl", "IO_GRPC_GRPC_JAVA_ARTIFACTS", "IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS", "grpc_java_repositories")
+rules_java_dependencies()
 
-grpc_java_repositories()
+load("@bazel_features//:deps.bzl", "bazel_features_deps")
+
+bazel_features_deps()
 
 load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar_repositories")
 
 jar_jar_repositories()
 
-load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS", "protobuf_deps")
-
-protobuf_deps()
-
 load("@rules_python//python:repositories.bzl", "py_repositories")
 
 py_repositories()
@@ -55,6 +39,15 @@ switched_rules_by_language(
     name = "com_google_googleapis_imports",
 )
 
+http_archive(
+    name = "rules_jvm_external",
+    sha256 = "d31e369b854322ca5098ea12c69d7175ded971435e55c18dd9dd5f29cc5249ac",
+    strip_prefix = "rules_jvm_external-5.3",
+    url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/5.3/rules_jvm_external-5.3.tar.gz",
+)
+
+load("@rules_jvm_external//:defs.bzl", "maven_install")
+
 maven_install(
     artifacts = IO_GRPC_GRPC_JAVA_ARTIFACTS + PROTOBUF_MAVEN_ARTIFACTS,
     override_targets = IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS,
diff --git a/examples/WORKSPACE b/examples/WORKSPACE
index f26e3124562..1387cc4cf12 100644
--- a/examples/WORKSPACE
+++ b/examples/WORKSPACE
@@ -14,21 +14,17 @@ local_repository(
     path = "..",
 )
 
-http_archive(
-    name = "rules_jvm_external",
-    sha256 = "d31e369b854322ca5098ea12c69d7175ded971435e55c18dd9dd5f29cc5249ac",
-    strip_prefix = "rules_jvm_external-5.3",
-    url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/5.3/rules_jvm_external-5.3.tar.gz",
-)
-
 load("@io_grpc_grpc_java//:repositories.bzl", "IO_GRPC_GRPC_JAVA_ARTIFACTS", "IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS", "grpc_java_repositories")
-load("@rules_jvm_external//:defs.bzl", "maven_install")
 
 grpc_java_repositories()
 
-load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar_repositories")
-
-jar_jar_repositories()
+http_archive(
+    name = "rules_java",
+    sha256 = "47632cc506c858011853073449801d648e10483d4b50e080ec2549a4b2398960",
+    urls = [
+        "https://github.com/bazelbuild/rules_java/releases/download/8.15.2/rules_java-8.15.2.tar.gz",
+    ],
+)
 
 # Protobuf now requires C++14 or higher, which requires Bazel configuration
 # outside the WORKSPACE. See .bazelrc in this directory.
@@ -36,20 +32,39 @@ load("@com_google_protobuf//:protobuf_deps.bzl", "PROTOBUF_MAVEN_ARTIFACTS", "pr
 
 protobuf_deps()
 
-load("@rules_python//python:repositories.bzl", "py_repositories")
+load("@rules_java//java:rules_java_deps.bzl", "compatibility_proxy_repo", "rules_java_dependencies")
 
-py_repositories()
+rules_java_dependencies()
+
+load("@bazel_features//:deps.bzl", "bazel_features_deps")
 
-load("@rules_java//java:rules_java_deps.bzl", "compatibility_proxy_repo")
+bazel_features_deps()
 
 compatibility_proxy_repo()
 
+load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar_repositories")
+
+jar_jar_repositories()
+
+load("@rules_python//python:repositories.bzl", "py_repositories")
+
+py_repositories()
+
 load("@com_google_googleapis//:repository_rules.bzl", "switched_rules_by_language")
 
 switched_rules_by_language(
     name = "com_google_googleapis_imports",
 )
 
+http_archive(
+    name = "rules_jvm_external",
+    sha256 = "d31e369b854322ca5098ea12c69d7175ded971435e55c18dd9dd5f29cc5249ac",
+    strip_prefix = "rules_jvm_external-5.3",
+    url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/5.3/rules_jvm_external-5.3.tar.gz",
+)
+
+load("@rules_jvm_external//:defs.bzl", "maven_install")
+
 maven_install(
     artifacts = [
         "com.google.api.grpc:grpc-google-cloud-pubsub-v1:0.1.24",

From 6422092e3aebb5b29989d4eb0af27b0b46f007a4 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 31 Dec 2025 11:42:10 +0530
Subject: [PATCH 498/591] Upgrade dependencies (#12588)

---
 MODULE.bazel                        | 32 ++++++++++++-------------
 SECURITY.md                         |  3 ++-
 examples/example-gauth/build.gradle |  2 +-
 examples/example-oauth/build.gradle |  2 +-
 gradle/libs.versions.toml           | 36 ++++++++++++++---------------
 repositories.bzl                    | 32 ++++++++++++-------------
 6 files changed, 54 insertions(+), 53 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 5bf2ece6a25..763897bb383 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -8,14 +8,14 @@ module(
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.63.1",
-    "com.google.auth:google-auth-library-credentials:1.40.0",
-    "com.google.auth:google-auth-library-oauth2-http:1.40.0",
+    "com.google.api.grpc:proto-google-common-protos:2.63.2",
+    "com.google.auth:google-auth-library-credentials:1.41.0",
+    "com.google.auth:google-auth-library-oauth2-http:1.41.0",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.12.1",
-    "com.google.errorprone:error_prone_annotations:2.44.0",
+    "com.google.errorprone:error_prone_annotations:2.45.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.5.0-android",
     "com.google.re2j:re2j:1.8",
@@ -23,20 +23,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.5",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.127.Final",
-    "io.netty:netty-codec-http2:4.1.127.Final",
-    "io.netty:netty-codec-http:4.1.127.Final",
-    "io.netty:netty-codec-socks:4.1.127.Final",
-    "io.netty:netty-codec:4.1.127.Final",
-    "io.netty:netty-common:4.1.127.Final",
-    "io.netty:netty-handler-proxy:4.1.127.Final",
-    "io.netty:netty-handler:4.1.127.Final",
-    "io.netty:netty-resolver:4.1.127.Final",
+    "io.netty:netty-buffer:4.1.130.Final",
+    "io.netty:netty-codec-http2:4.1.130.Final",
+    "io.netty:netty-codec-http:4.1.130.Final",
+    "io.netty:netty-codec-socks:4.1.130.Final",
+    "io.netty:netty-codec:4.1.130.Final",
+    "io.netty:netty-common:4.1.130.Final",
+    "io.netty:netty-handler-proxy:4.1.130.Final",
+    "io.netty:netty-handler:4.1.130.Final",
+    "io.netty:netty-resolver:4.1.130.Final",
     "io.netty:netty-tcnative-boringssl-static:2.0.74.Final",
     "io.netty:netty-tcnative-classes:2.0.74.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.127.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.127.Final",
-    "io.netty:netty-transport:4.1.127.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.130.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.130.Final",
+    "io.netty:netty-transport:4.1.130.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
diff --git a/SECURITY.md b/SECURITY.md
index c0ef797238f..fa5b85c0e3a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -398,7 +398,8 @@ grpc-netty version | netty-handler version | netty-tcnative-boringssl-static ver
 1.67.x-1.70.x      | 4.1.110.Final         | 2.0.65.Final
 1.71.x-1.74.x      | 4.1.110.Final         | 2.0.70.Final
 1.75.x-1.76.x      | 4.1.124.Final         | 2.0.72.Final
-1.77.x-            | 4.1.127.Final         | 2.0.74.Final
+1.77.x-1.78.x      | 4.1.127.Final         | 2.0.74.Final
+1.79.x-            | 4.1.130.Final         | 2.0.74.Final
 
 _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_
 
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 3ec28dd8785..ecd03182cfc 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -30,7 +30,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    implementation "com.google.auth:google-auth-library-oauth2-http:1.40.0"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.41.0"
     implementation "com.google.api.grpc:grpc-google-cloud-pubsub-v1:0.1.24"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 7f6e1c425d8..e8c649f424a 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -29,7 +29,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    implementation "com.google.auth:google-auth-library-oauth2-http:1.40.0"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.41.0"
 
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 9cf74e270cb..3806fa3404e 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -42,18 +42,18 @@ conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
 cronet-api = "org.chromium.net:cronet-api:119.6045.31"
 # checkForUpdates: cronet-embedded:119.6045.31
 cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
-errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.44.0"
+errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.45.0"
 # 2.32.0+ requires Java 17+
 # checkForUpdates: errorprone-core:2.31.+
 errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
 # 2.11.0+ requires JDK 11+ (See https://github.com/google/error-prone/releases/tag/v2.11.0)
 # checkForUpdates: errorprone-corejava8:2.10.+
 errorprone-corejava8 = "com.google.errorprone:error_prone_core:2.10.0"
-google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.63.1"
-google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.40.0"
-google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.40.0"
+google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.63.2"
+google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.41.0"
+google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.41.0"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
-google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.8"
+google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.9"
 # 2.13.0 requires error_prone_annotations:2.37.0, but we are stuck with 2.36.0
 # checkForUpdates: gson:2.12.+
 gson = "com.google.code.gson:gson:2.12.1"
@@ -71,11 +71,11 @@ javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
 # 12.0.0+ require Java 17+
 # checkForUpdates: jetty-client:11.+
 jetty-client = "org.eclipse.jetty:jetty-client:11.0.26"
-jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.4"
+jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.5"
 # 10.0.25+ uses uses @Deprecated(since=/forRemoval=) from Java 9
 # checkForUpdates: jetty-http2-server10:10.0.24
 jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.24"
-jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.4"
+jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.5"
 # checkForUpdates: jetty-servlet10:10.0.24
 jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.24"
 jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
@@ -93,17 +93,17 @@ mockito-android = "org.mockito:mockito-android:4.4.0"
 mockito-core = "org.mockito:mockito-core:4.4.0"
 # Need to decide when we require users to absorb the breaking changes in 4.2
 # checkForUpdates: netty-codec-http2:4.1.+
-netty-codec-http2 = "io.netty:netty-codec-http2:4.1.127.Final"
+netty-codec-http2 = "io.netty:netty-codec-http2:4.1.130.Final"
 # checkForUpdates: netty-handler-proxy:4.1.+
-netty-handler-proxy = "io.netty:netty-handler-proxy:4.1.127.Final"
+netty-handler-proxy = "io.netty:netty-handler-proxy:4.1.130.Final"
 # Keep the following references of tcnative version in sync whenever it's updated:
 #   SECURITY.md
 netty-tcnative = "io.netty:netty-tcnative-boringssl-static:2.0.74.Final"
 netty-tcnative-classes = "io.netty:netty-tcnative-classes:2.0.74.Final"
 # checkForUpdates: netty-transport-epoll:4.1.+
-netty-transport-epoll = "io.netty:netty-transport-native-epoll:4.1.127.Final"
+netty-transport-epoll = "io.netty:netty-transport-native-epoll:4.1.130.Final"
 # checkForUpdates: netty-unix-common:4.1.+
-netty-unix-common = "io.netty:netty-transport-native-unix-common:4.1.127.Final"
+netty-unix-common = "io.netty:netty-transport-native-unix-common:4.1.130.Final"
 okhttp = "com.squareup.okhttp:okhttp:2.7.5"
 # okio 3.5+ uses Kotlin 1.9+ which requires Android Gradle Plugin 9+
 # checkForUpdates: okio:3.4.+
@@ -113,11 +113,11 @@ opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-g
 opencensus-exporter-stats-stackdriver = { module = "io.opencensus:opencensus-exporter-stats-stackdriver", version.ref = "opencensus" }
 opencensus-exporter-trace-stackdriver = { module = "io.opencensus:opencensus-exporter-trace-stackdriver", version.ref = "opencensus" }
 opencensus-impl = { module = "io.opencensus:opencensus-impl", version.ref = "opencensus" }
-opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.56.0"
-opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.56.0-alpha"
-opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.51.0-alpha"
-opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.56.0"
-opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.56.0"
+opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.57.0"
+opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.57.0-alpha"
+opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.52.0-alpha"
+opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.57.0"
+opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.57.0"
 perfmark-api = "io.perfmark:perfmark-api:0.27.0"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
@@ -136,9 +136,9 @@ signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
 # checkForUpdates: tomcat-embed-core:10.+
-tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.49"
+tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.50"
 # checkForUpdates: tomcat-embed-core9:9.+
-tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.112"
+tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.113"
 truth = "com.google.truth:truth:1.4.5"
 # checkForUpdates: undertow-servlet22:2.2.+
 undertow-servlet22 = "io.undertow:undertow-servlet:2.2.38.Final"
diff --git a/repositories.bzl b/repositories.bzl
index 43b7fcfe1ed..33efebaf5b3 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -12,14 +12,14 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.63.1",
-    "com.google.auth:google-auth-library-credentials:1.40.0",
-    "com.google.auth:google-auth-library-oauth2-http:1.40.0",
+    "com.google.api.grpc:proto-google-common-protos:2.63.2",
+    "com.google.auth:google-auth-library-credentials:1.41.0",
+    "com.google.auth:google-auth-library-oauth2-http:1.41.0",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.12.1",
-    "com.google.errorprone:error_prone_annotations:2.44.0",
+    "com.google.errorprone:error_prone_annotations:2.45.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.5.0-android",
     "com.google.re2j:re2j:1.8",
@@ -27,20 +27,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.5",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.127.Final",
-    "io.netty:netty-codec-http2:4.1.127.Final",
-    "io.netty:netty-codec-http:4.1.127.Final",
-    "io.netty:netty-codec-socks:4.1.127.Final",
-    "io.netty:netty-codec:4.1.127.Final",
-    "io.netty:netty-common:4.1.127.Final",
-    "io.netty:netty-handler-proxy:4.1.127.Final",
-    "io.netty:netty-handler:4.1.127.Final",
-    "io.netty:netty-resolver:4.1.127.Final",
+    "io.netty:netty-buffer:4.1.130.Final",
+    "io.netty:netty-codec-http2:4.1.130.Final",
+    "io.netty:netty-codec-http:4.1.130.Final",
+    "io.netty:netty-codec-socks:4.1.130.Final",
+    "io.netty:netty-codec:4.1.130.Final",
+    "io.netty:netty-common:4.1.130.Final",
+    "io.netty:netty-handler-proxy:4.1.130.Final",
+    "io.netty:netty-handler:4.1.130.Final",
+    "io.netty:netty-resolver:4.1.130.Final",
     "io.netty:netty-tcnative-boringssl-static:2.0.74.Final",
     "io.netty:netty-tcnative-classes:2.0.74.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.127.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.127.Final",
-    "io.netty:netty-transport:4.1.127.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.130.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.130.Final",
+    "io.netty:netty-transport:4.1.130.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",

From a9f73f4c0aa5617aa2b6ae6ac805693915899b6a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 30 Dec 2025 13:39:35 -0800
Subject: [PATCH 499/591] opentelemetry: Add Android API checking

opentelemetry-android is a thing, so support it with our otel code.
opentelemetry-android actually requires desugaring, so some APIs would
be available that animalsniffer would believe are not. However, gRPC
normally doesn't require desugaring and requiring it in just this case
makes it more annoying to verify.
---
 opentelemetry/build.gradle | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/opentelemetry/build.gradle b/opentelemetry/build.gradle
index c856ad8dcb9..c0ec7b73b5a 100644
--- a/opentelemetry/build.gradle
+++ b/opentelemetry/build.gradle
@@ -29,6 +29,11 @@ dependencies {
             extension = "signature"
         }
     }
+    signature (libraries.signature.android) {
+        artifact {
+            extension = "signature"
+        }
+    }
 }
 
 tasks.named("jar").configure {

From a1a736339189d81d316c3b81c1c2c7ebaedff384 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 19 Nov 2025 07:58:12 -0800
Subject: [PATCH 500/591] Prefer FixedResultPicker over custom Picker
 implementations

These other implementations pre-date FixedResultPicker, and are no
longer needed.

gRPC-LB's tests failed when using FixedResultPicker because it didn't
transition to READY. This was because GrpclbState.maybeUpdatePicker()
didn't consider the ConnectivityState when checking if anything had
changed. The old PickFirstLoadBalancer.Picker didn't implement equals()
so every update was considered different, ignoring the connectivity
state. PickFirstLeafLoadBalancer wasn't impacted because it didn't pick
a subchannel when in CONNECTING, and neither did PickFirstLoadBalancer
after the first update.

This is fixed by gRPC-LB checking the connectivity state. A follow-up
will have PickFirstLoadBalancer no longer return the useless subchannel
when picking during CONNECTING.
---
 .../AutoConfiguredLoadBalancerFactory.java    | 36 +++--------------
 .../java/io/grpc/internal/OobChannel.java     | 39 ++-----------------
 .../internal/PickFirstLeafLoadBalancer.java   | 35 +++--------------
 .../grpc/internal/PickFirstLoadBalancer.java  | 34 +++-------------
 .../ShufflingPickFirstLoadBalancer.java       | 34 +++-------------
 .../main/java/io/grpc/grpclb/GrpclbState.java |  5 ++-
 .../java/io/grpc/rls/RlsLoadBalancer.java     | 18 +--------
 .../io/grpc/rls/CachingRlsLbClientTest.java   | 11 ++----
 .../OutlierDetectionLoadBalancerTest.java     |  8 +---
 .../io/grpc/xds/LeastRequestLoadBalancer.java |  4 +-
 .../xds/LeastRequestLoadBalancerTest.java     | 36 ++++++++---------
 11 files changed, 58 insertions(+), 202 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java b/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
index a257637de22..6b8537fd658 100644
--- a/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
+++ b/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
@@ -19,17 +19,15 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.MoreObjects;
 import io.grpc.ChannelLogger.ChannelLogLevel;
 import io.grpc.ConnectivityState;
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancer.FixedResultPicker;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancer.PickResult;
-import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.LoadBalancer.ResolvedAddresses;
 import io.grpc.LoadBalancer.Subchannel;
-import io.grpc.LoadBalancer.SubchannelPicker;
 import io.grpc.LoadBalancerProvider;
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver.ConfigOrError;
@@ -110,7 +108,8 @@ Status tryAcceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
           defaultProvider = getProviderOrThrow(defaultPolicy, "using default policy");
         } catch (PolicyException e) {
           Status s = Status.INTERNAL.withDescription(e.getMessage());
-          helper.updateBalancingState(ConnectivityState.TRANSIENT_FAILURE, new FailingPicker(s));
+          helper.updateBalancingState(
+              ConnectivityState.TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(s)));
           delegate.shutdown();
           delegateProvider = null;
           delegate = new NoopLoadBalancer();
@@ -122,7 +121,8 @@ Status tryAcceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
 
       if (delegateProvider == null
           || !policySelection.provider.getPolicyName().equals(delegateProvider.getPolicyName())) {
-        helper.updateBalancingState(ConnectivityState.CONNECTING, new EmptyPicker());
+        helper.updateBalancingState(
+            ConnectivityState.CONNECTING, new FixedResultPicker(PickResult.withNoResult()));
         delegate.shutdown();
         delegateProvider = policySelection.provider;
         LoadBalancer old = delegate;
@@ -236,30 +236,4 @@ private PolicyException(String msg) {
       super(msg);
     }
   }
-
-  private static final class EmptyPicker extends SubchannelPicker {
-
-    @Override
-    public PickResult pickSubchannel(PickSubchannelArgs args) {
-      return PickResult.withNoResult();
-    }
-
-    @Override
-    public String toString() {
-      return MoreObjects.toStringHelper(EmptyPicker.class).toString();
-    }
-  }
-
-  private static final class FailingPicker extends SubchannelPicker {
-    private final Status failure;
-
-    FailingPicker(Status failure) {
-      this.failure = failure;
-    }
-
-    @Override
-    public PickResult pickSubchannel(PickSubchannelArgs args) {
-      return PickResult.withError(failure);
-    }
-  }
 }
diff --git a/core/src/main/java/io/grpc/internal/OobChannel.java b/core/src/main/java/io/grpc/internal/OobChannel.java
index 71973ed5d64..b2272a89672 100644
--- a/core/src/main/java/io/grpc/internal/OobChannel.java
+++ b/core/src/main/java/io/grpc/internal/OobChannel.java
@@ -38,8 +38,8 @@
 import io.grpc.InternalLogId;
 import io.grpc.InternalWithLogId;
 import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancer.FixedResultPicker;
 import io.grpc.LoadBalancer.PickResult;
-import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.LoadBalancer.Subchannel;
 import io.grpc.LoadBalancer.SubchannelPicker;
 import io.grpc.ManagedChannel;
@@ -182,23 +182,7 @@ public Object getInternalSubchannel() {
         }
     };
 
-    final class OobSubchannelPicker extends SubchannelPicker {
-      final PickResult result = PickResult.withSubchannel(subchannelImpl);
-
-      @Override
-      public PickResult pickSubchannel(PickSubchannelArgs args) {
-        return result;
-      }
-
-      @Override
-      public String toString() {
-        return MoreObjects.toStringHelper(OobSubchannelPicker.class)
-            .add("result", result)
-            .toString();
-      }
-    }
-
-    subchannelPicker = new OobSubchannelPicker();
+    subchannelPicker = new FixedResultPicker(PickResult.withSubchannel(subchannelImpl));
     delayedTransport.reprocess(subchannelPicker);
   }
 
@@ -270,23 +254,8 @@ void handleSubchannelStateChange(final ConnectivityStateInfo newState) {
         delayedTransport.reprocess(subchannelPicker);
         break;
       case TRANSIENT_FAILURE:
-        final class OobErrorPicker extends SubchannelPicker {
-          final PickResult errorResult = PickResult.withError(newState.getStatus());
-
-          @Override
-          public PickResult pickSubchannel(PickSubchannelArgs args) {
-            return errorResult;
-          }
-
-          @Override
-          public String toString() {
-            return MoreObjects.toStringHelper(OobErrorPicker.class)
-                .add("errorResult", errorResult)
-                .toString();
-          }
-        }
-
-        delayedTransport.reprocess(new OobErrorPicker());
+        delayedTransport.reprocess(
+            new FixedResultPicker(PickResult.withError(newState.getStatus())));
         break;
       default:
         // Do nothing
diff --git a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
index 2689d7d2308..935214a94fd 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
@@ -24,7 +24,6 @@
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.MoreObjects;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Lists;
 import io.grpc.Attributes;
@@ -164,7 +163,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     if (noOldAddrs) {
       // Make tests happy; they don't properly assume starting in CONNECTING
       rawConnectivityState = CONNECTING;
-      updateBalancingState(CONNECTING, new Picker(PickResult.withNoResult()));
+      updateBalancingState(CONNECTING, new FixedResultPicker(PickResult.withNoResult()));
     }
 
     if (rawConnectivityState == READY) {
@@ -237,7 +236,7 @@ public void handleNameResolutionError(Status error) {
     subchannels.clear();
     addressIndex.updateGroups(ImmutableList.of());
     rawConnectivityState = TRANSIENT_FAILURE;
-    updateBalancingState(TRANSIENT_FAILURE, new Picker(PickResult.withError(error)));
+    updateBalancingState(TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
   }
 
   void processSubchannelState(SubchannelData subchannelData, ConnectivityStateInfo stateInfo) {
@@ -290,7 +289,7 @@ void processSubchannelState(SubchannelData subchannelData, ConnectivityStateInfo
 
       case CONNECTING:
         rawConnectivityState = CONNECTING;
-        updateBalancingState(CONNECTING, new Picker(PickResult.withNoResult()));
+        updateBalancingState(CONNECTING, new FixedResultPicker(PickResult.withNoResult()));
         break;
 
       case READY:
@@ -322,7 +321,7 @@ void processSubchannelState(SubchannelData subchannelData, ConnectivityStateInfo
         if (isPassComplete()) {
           rawConnectivityState = TRANSIENT_FAILURE;
           updateBalancingState(TRANSIENT_FAILURE,
-              new Picker(PickResult.withError(stateInfo.getStatus())));
+              new FixedResultPicker(PickResult.withError(stateInfo.getStatus())));
 
           // Refresh Name Resolution, but only when all 3 conditions are met
           // * We are at the end of addressIndex
@@ -385,11 +384,11 @@ private void updateHealthCheckedState(SubchannelData subchannelData) {
       updateBalancingState(READY,
           new FixedResultPicker(PickResult.withSubchannel(subchannelData.subchannel)));
     } else if (subchannelData.getHealthState() == TRANSIENT_FAILURE) {
-      updateBalancingState(TRANSIENT_FAILURE, new Picker(PickResult.withError(
+      updateBalancingState(TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(
           subchannelData.healthStateInfo.getStatus())));
     } else if (concludedState != TRANSIENT_FAILURE) {
       updateBalancingState(subchannelData.getHealthState(),
-          new Picker(PickResult.withNoResult()));
+          new FixedResultPicker(PickResult.withNoResult()));
     }
   }
 
@@ -593,28 +592,6 @@ ConnectivityState getConcludedConnectivityState() {
     return this.concludedState;
   }
 
-  /**
-   * No-op picker which doesn't add any custom picking logic. It just passes already known result
-   * received in constructor.
-   */
-  private static final class Picker extends SubchannelPicker {
-    private final PickResult result;
-
-    Picker(PickResult result) {
-      this.result = checkNotNull(result, "result");
-    }
-
-    @Override
-    public PickResult pickSubchannel(PickSubchannelArgs args) {
-      return result;
-    }
-
-    @Override
-    public String toString() {
-      return MoreObjects.toStringHelper(Picker.class).add("result", result).toString();
-    }
-  }
-
   /**
    * Picker that requests connection during the first pick, and returns noResult.
    */
diff --git a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
index a23855e67ec..a41ef03fbda 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
@@ -22,7 +22,6 @@
 import static io.grpc.ConnectivityState.SHUTDOWN;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 
-import com.google.common.base.MoreObjects;
 import io.grpc.ConnectivityState;
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.EquivalentAddressGroup;
@@ -87,7 +86,8 @@ public void onSubchannelState(ConnectivityStateInfo stateInfo) {
 
       // The channel state does not get updated when doing name resolving today, so for the moment
       // let LB report CONNECTION and call subchannel.requestConnection() immediately.
-      updateBalancingState(CONNECTING, new Picker(PickResult.withSubchannel(subchannel)));
+      updateBalancingState(
+          CONNECTING, new FixedResultPicker(PickResult.withSubchannel(subchannel)));
       subchannel.requestConnection();
     } else {
       subchannel.updateAddresses(servers);
@@ -105,7 +105,7 @@ public void handleNameResolutionError(Status error) {
 
     // NB(lukaszx0) Whether we should propagate the error unconditionally is arguable. It's fine
     // for time being.
-    updateBalancingState(TRANSIENT_FAILURE, new Picker(PickResult.withError(error)));
+    updateBalancingState(TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
   }
 
   private void processSubchannelState(Subchannel subchannel, ConnectivityStateInfo stateInfo) {
@@ -139,13 +139,13 @@ private void processSubchannelState(Subchannel subchannel, ConnectivityStateInfo
       case CONNECTING:
         // It's safe to use RequestConnectionPicker here, so when coming from IDLE we could leave
         // the current picker in-place. But ignoring the potential optimization is simpler.
-        picker = new Picker(PickResult.withNoResult());
+        picker = new FixedResultPicker(PickResult.withNoResult());
         break;
       case READY:
-        picker = new Picker(PickResult.withSubchannel(subchannel));
+        picker = new FixedResultPicker(PickResult.withSubchannel(subchannel));
         break;
       case TRANSIENT_FAILURE:
-        picker = new Picker(PickResult.withError(stateInfo.getStatus()));
+        picker = new FixedResultPicker(PickResult.withError(stateInfo.getStatus()));
         break;
       default:
         throw new IllegalArgumentException("Unsupported state:" + newState);
@@ -173,28 +173,6 @@ public void requestConnection() {
     }
   }
 
-  /**
-   * No-op picker which doesn't add any custom picking logic. It just passes already known result
-   * received in constructor.
-   */
-  private static final class Picker extends SubchannelPicker {
-    private final PickResult result;
-
-    Picker(PickResult result) {
-      this.result = checkNotNull(result, "result");
-    }
-
-    @Override
-    public PickResult pickSubchannel(PickSubchannelArgs args) {
-      return result;
-    }
-
-    @Override
-    public String toString() {
-      return MoreObjects.toStringHelper(Picker.class).add("result", result).toString();
-    }
-  }
-
   /** Picker that requests connection during the first pick, and returns noResult. */
   private final class RequestConnectionPicker extends SubchannelPicker {
     private final AtomicBoolean connectionRequested = new AtomicBoolean(false);
diff --git a/examples/src/main/java/io/grpc/examples/customloadbalance/ShufflingPickFirstLoadBalancer.java b/examples/src/main/java/io/grpc/examples/customloadbalance/ShufflingPickFirstLoadBalancer.java
index b49c856c4d0..4715b551524 100644
--- a/examples/src/main/java/io/grpc/examples/customloadbalance/ShufflingPickFirstLoadBalancer.java
+++ b/examples/src/main/java/io/grpc/examples/customloadbalance/ShufflingPickFirstLoadBalancer.java
@@ -92,7 +92,7 @@ public void onSubchannelState(ConnectivityStateInfo stateInfo) {
       });
       this.subchannel = subchannel;
 
-      helper.updateBalancingState(CONNECTING, new Picker(PickResult.withNoResult()));
+      helper.updateBalancingState(CONNECTING, new FixedResultPicker(PickResult.withNoResult()));
       subchannel.requestConnection();
     } else {
       subchannel.updateAddresses(servers);
@@ -107,7 +107,8 @@ public void handleNameResolutionError(Status error) {
       subchannel.shutdown();
       subchannel = null;
     }
-    helper.updateBalancingState(TRANSIENT_FAILURE, new Picker(PickResult.withError(error)));
+    helper.updateBalancingState(
+        TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
   }
 
   private void processSubchannelState(Subchannel subchannel, ConnectivityStateInfo stateInfo) {
@@ -125,13 +126,13 @@ private void processSubchannelState(Subchannel subchannel, ConnectivityStateInfo
         picker = new RequestConnectionPicker();
         break;
       case CONNECTING:
-        picker = new Picker(PickResult.withNoResult());
+        picker = new FixedResultPicker(PickResult.withNoResult());
         break;
       case READY:
-        picker = new Picker(PickResult.withSubchannel(subchannel));
+        picker = new FixedResultPicker(PickResult.withSubchannel(subchannel));
         break;
       case TRANSIENT_FAILURE:
-        picker = new Picker(PickResult.withError(stateInfo.getStatus()));
+        picker = new FixedResultPicker(PickResult.withError(stateInfo.getStatus()));
         break;
       default:
         throw new IllegalArgumentException("Unsupported state:" + currentState);
@@ -154,29 +155,6 @@ public void requestConnection() {
     }
   }
 
-  /**
-   * No-op picker which doesn't add any custom picking logic. It just passes already known result
-   * received in constructor.
-   */
-  private static final class Picker extends SubchannelPicker {
-
-    private final PickResult result;
-
-    Picker(PickResult result) {
-      this.result = checkNotNull(result, "result");
-    }
-
-    @Override
-    public PickResult pickSubchannel(PickSubchannelArgs args) {
-      return result;
-    }
-
-    @Override
-    public String toString() {
-      return MoreObjects.toStringHelper(Picker.class).add("result", result).toString();
-    }
-  }
-
   /**
    * Picker that requests connection during the first pick, and returns noResult.
    */
diff --git a/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java b/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
index 7ca20d58bce..2fc2a492ac8 100644
--- a/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
+++ b/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
@@ -187,6 +187,7 @@ enum Mode {
   private List<DropEntry> dropList = Collections.emptyList();
   // Contains only non-drop, i.e., backends from the round-robin list from the balancer.
   private List<BackendEntry> backendList = Collections.emptyList();
+  private ConnectivityState currentState = ConnectivityState.CONNECTING;
   private RoundRobinPicker currentPicker =
       new RoundRobinPicker(Collections.<DropEntry>emptyList(), Arrays.asList(BUFFER_ENTRY));
   private boolean requestConnectionPending;
@@ -937,10 +938,12 @@ private void maybeUpdatePicker(ConnectivityState state, RoundRobinPicker picker)
     // Discard the new picker if we are sure it won't make any difference, in order to save
     // re-processing pending streams, and avoid unnecessary resetting of the pointer in
     // RoundRobinPicker.
-    if (picker.dropList.equals(currentPicker.dropList)
+    if (state.equals(currentState)
+        && picker.dropList.equals(currentPicker.dropList)
         && picker.pickList.equals(currentPicker.pickList)) {
       return;
     }
+    currentState = state;
     currentPicker = picker;
     helper.updateBalancingState(state, picker);
   }
diff --git a/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java b/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
index 6e59e867e32..848199f50a8 100644
--- a/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
+++ b/rls/src/main/java/io/grpc/rls/RlsLoadBalancer.java
@@ -19,7 +19,6 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.MoreObjects;
 import io.grpc.ChannelLogger;
 import io.grpc.ChannelLogger.ChannelLogLevel;
 import io.grpc.ConnectivityState;
@@ -93,27 +92,14 @@ public void requestConnection() {
 
   @Override
   public void handleNameResolutionError(final Status error) {
-    class ErrorPicker extends SubchannelPicker {
-      @Override
-      public PickResult pickSubchannel(PickSubchannelArgs args) {
-        return PickResult.withError(error);
-      }
-
-      @Override
-      public String toString() {
-        return MoreObjects.toStringHelper(this)
-            .add("error", error)
-            .toString();
-      }
-    }
-
     if (routeLookupClient != null) {
       logger.log(ChannelLogLevel.DEBUG, "closing the routeLookupClient on a name resolution error");
       routeLookupClient.close();
       routeLookupClient = null;
       lbPolicyConfiguration = null;
     }
-    helper.updateBalancingState(ConnectivityState.TRANSIENT_FAILURE, new ErrorPicker());
+    helper.updateBalancingState(
+        ConnectivityState.TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(error)));
   }
 
   @Override
diff --git a/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java b/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
index 12483d60794..b349aecdbf3 100644
--- a/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
+++ b/rls/src/test/java/io/grpc/rls/CachingRlsLbClientTest.java
@@ -1025,14 +1025,9 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
 
         @Override
         public void handleNameResolutionError(final Status error) {
-          class ErrorPicker extends SubchannelPicker {
-            @Override
-            public PickResult pickSubchannel(PickSubchannelArgs args) {
-              return PickResult.withError(error);
-            }
-          }
-
-          helper.updateBalancingState(ConnectivityState.TRANSIENT_FAILURE, new ErrorPicker());
+          helper.updateBalancingState(
+              ConnectivityState.TRANSIENT_FAILURE,
+              new FixedResultPicker(PickResult.withError(error)));
         }
 
         @Override
diff --git a/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java b/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
index c4eb4c7bae5..10436407422 100644
--- a/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
@@ -54,7 +54,6 @@
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.FakeClock.ScheduledTask;
-import io.grpc.internal.PickFirstLoadBalancerProvider;
 import io.grpc.internal.TestUtils.StandardLoadBalancerProvider;
 import io.grpc.util.OutlierDetectionLoadBalancer.EndpointTracker;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
@@ -568,9 +567,7 @@ public void successRateOneOutlier_configChange() {
 
     loadBalancer.acceptResolvedAddresses(buildResolvedAddress(config, servers));
 
-    // The PickFirstLeafLB has an extra level of indirection because of health
-    int expectedStateChanges = PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 8 : 12;
-    generateLoad(ImmutableMap.of(subchannel2, Status.DEADLINE_EXCEEDED), expectedStateChanges);
+    generateLoad(ImmutableMap.of(subchannel2, Status.DEADLINE_EXCEEDED), 8);
 
     // Move forward in time to a point where the detection timer has fired.
     forwardTime(config);
@@ -604,8 +601,7 @@ public void successRateOneOutlier_unejected() {
     assertEjectedSubchannels(ImmutableSet.of(ImmutableSet.copyOf(servers.get(0).getAddresses())));
 
     // Now we produce more load, but the subchannel has started working and is no longer an outlier.
-    int expectedStateChanges = PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 8 : 12;
-    generateLoad(ImmutableMap.of(), expectedStateChanges);
+    generateLoad(ImmutableMap.of(), 8);
 
     // Move forward in time to a point where the detection timer has fired.
     fakeClock.forwardTime(config.maxEjectionTimeNanos + 1, TimeUnit.NANOSECONDS);
diff --git a/xds/src/main/java/io/grpc/xds/LeastRequestLoadBalancer.java b/xds/src/main/java/io/grpc/xds/LeastRequestLoadBalancer.java
index dda2ad177e6..1f23f2a4af5 100644
--- a/xds/src/main/java/io/grpc/xds/LeastRequestLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/LeastRequestLoadBalancer.java
@@ -54,7 +54,7 @@
 final class LeastRequestLoadBalancer extends MultiChildLoadBalancer {
   private final ThreadSafeRandom random;
 
-  private SubchannelPicker currentPicker = new EmptyPicker();
+  private SubchannelPicker currentPicker = new FixedResultPicker(PickResult.withNoResult());
   private int choiceCount = DEFAULT_CHOICE_COUNT;
 
   LeastRequestLoadBalancer(Helper helper) {
@@ -113,7 +113,7 @@ protected void updateOverallBalancingState() {
         }
       }
       if (isConnecting) {
-        updateBalancingState(CONNECTING, new EmptyPicker());
+        updateBalancingState(CONNECTING, new FixedResultPicker(PickResult.withNoResult()));
       } else {
         // Give it all the failing children and let it randomly pick among them
         updateBalancingState(TRANSIENT_FAILURE,
diff --git a/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
index 6fb6507fa4e..302faed95a4 100644
--- a/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/LeastRequestLoadBalancerTest.java
@@ -22,6 +22,7 @@
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.SHUTDOWN;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
+import static io.grpc.LoadBalancerMatchers.pickerReturns;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
@@ -50,6 +51,7 @@
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.CreateSubchannelArgs;
+import io.grpc.LoadBalancer.FixedResultPicker;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancer.PickResult;
 import io.grpc.LoadBalancer.PickSubchannelArgs;
@@ -62,7 +64,6 @@
 import io.grpc.internal.PickFirstLoadBalancerProvider;
 import io.grpc.util.AbstractTestHelper;
 import io.grpc.util.MultiChildLoadBalancer.ChildLbState;
-import io.grpc.xds.LeastRequestLoadBalancer.EmptyPicker;
 import io.grpc.xds.LeastRequestLoadBalancer.LeastRequestConfig;
 import io.grpc.xds.LeastRequestLoadBalancer.LeastRequestLbState;
 import io.grpc.xds.LeastRequestLoadBalancer.ReadyPicker;
@@ -238,7 +239,8 @@ public void pickAfterStateChange() throws Exception {
     ChildLbState childLbState = loadBalancer.getChildLbStates().iterator().next();
     Subchannel subchannel = getSubchannel(servers.get(0));
 
-    inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
+    inOrder.verify(helper)
+        .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
     assertThat(childLbState.getCurrentState()).isEqualTo(CONNECTING);
 
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(READY));
@@ -251,7 +253,8 @@ public void pickAfterStateChange() throws Exception {
     assertThat(childLbState.getCurrentState()).isEqualTo(TRANSIENT_FAILURE);
     assertThat(childLbState.getCurrentPicker().toString()).contains(error.toString());
     refreshInvokedAndUpdateBS(inOrder, CONNECTING);
-    assertThat(pickerCaptor.getValue()).isInstanceOf(EmptyPicker.class);
+    assertThat(pickerCaptor.getValue().pickSubchannel(mockArgs))
+        .isEqualTo(PickResult.withNoResult());
 
     deliverSubchannelState(subchannel, ConnectivityStateInfo.forNonError(IDLE));
     inOrder.verify(helper).refreshNameResolution();
@@ -302,7 +305,8 @@ public void ignoreShutdownSubchannelStateChange() {
         ResolvedAddresses.newBuilder().setAddresses(servers).setAttributes(Attributes.EMPTY)
             .build());
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
-    inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
+    inOrder.verify(helper)
+        .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
 
     List<Subchannel> savedSubchannels = new ArrayList<>(subchannels.values());
     loadBalancer.shutdown();
@@ -324,7 +328,8 @@ public void stayTransientFailureUntilReady() {
             .build());
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
 
-    inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
+    inOrder.verify(helper)
+        .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
 
     // Simulate state transitions for each subchannel individually.
     List<ChildLbState> children = new ArrayList<>(loadBalancer.getChildLbStates());
@@ -384,7 +389,8 @@ public void refreshNameResolutionWhenSubchannelConnectionBroken() {
     assertThat(addressesAcceptanceStatus.isOk()).isTrue();
 
     verify(helper, times(3)).createSubchannel(any(CreateSubchannelArgs.class));
-    inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
+    inOrder.verify(helper)
+        .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
 
     // Simulate state transitions for each subchannel individually.
     for (Subchannel sc : subchannels.values()) {
@@ -399,7 +405,8 @@ public void refreshNameResolutionWhenSubchannelConnectionBroken() {
       deliverSubchannelState(sc, ConnectivityStateInfo.forNonError(IDLE));
       inOrder.verify(helper).refreshNameResolution();
       verify(sc, times(2)).requestConnection();
-      inOrder.verify(helper).updateBalancingState(eq(CONNECTING), isA(EmptyPicker.class));
+      inOrder.verify(helper)
+          .updateBalancingState(eq(CONNECTING), pickerReturns(PickResult.withNoResult()));
     }
 
     AbstractTestHelper.verifyNoMoreMeaningfulInteractions(helper);
@@ -469,14 +476,6 @@ public void pickerLeastRequest() throws Exception {
     assertEquals(0, ((LeastRequestLbState) childLbStates.get(0)).getActiveRequests());
   }
 
-  @Test
-  public void pickerEmptyList() throws Exception {
-    SubchannelPicker picker = new EmptyPicker();
-
-    assertNull(picker.pickSubchannel(mockArgs).getSubchannel());
-    assertEquals(Status.OK, picker.pickSubchannel(mockArgs).getStatus());
-  }
-
   @Test
   public void nameResolutionErrorWithNoChannels() throws Exception {
     Status error = Status.NOT_FOUND.withDescription("nameResolutionError");
@@ -554,7 +553,8 @@ public void subchannelStateIsolation() throws Exception {
     Iterator<SubchannelPicker> pickers = pickerCaptor.getAllValues().iterator();
     // The picker is incrementally updated as subchannels become READY
     assertEquals(CONNECTING, stateIterator.next());
-    assertThat(pickers.next()).isInstanceOf(EmptyPicker.class);
+    assertThat(pickers.next().pickSubchannel(mockArgs))
+        .isEqualTo(PickResult.withNoResult());
     assertEquals(READY, stateIterator.next());
     assertThat(getList(pickers.next())).containsExactly(sc1);
     assertEquals(READY, stateIterator.next());
@@ -585,8 +585,8 @@ public void readyPicker_emptyList() {
 
   @Test
   public void internalPickerComparisons() {
-    EmptyPicker empty1 = new EmptyPicker();
-    EmptyPicker empty2 = new EmptyPicker();
+    FixedResultPicker empty1 = new FixedResultPicker(PickResult.withNoResult());
+    FixedResultPicker empty2 = new FixedResultPicker(PickResult.withNoResult());
 
     loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder().setAddresses(servers).setAttributes(affinity).build());

From 228fc8ecd924bdad377963b65b55e28eaa56490d Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 5 Jan 2026 10:52:50 -0800
Subject: [PATCH 501/591] core: PickFirstLB should not return a subchannel
 during CONNECTING

This is a follow-up from noticing a breakage in gRPC-LB because it
wasn't checking if the connectivity state changed even if the picker was
identical.

lb_serverStatusCodeConversion() has been misleading since 42e1829b37
("xds: Do RLS fallback policy eagar start"). At that point, the
subchannel it marked as READY was for the default target's policy, not
the policy for wilderness. However, since old PF policy provided a
subchannel when CONNECTING, everything was "fine", but RLS would
mistakenly count toward target_picks.

This demonstrates that RLS target_picks has been broken since it was
introduced for PF, as PF relied on the caller to avoid the picker when
it was CONNECTING. This may have been hard to notice in production, as
the metrics become correct as soon as the connection is established, so
as long as you use the channel for a while, the duplicate counting would
become a small percentage of the overall amount.
---
 .../io/grpc/internal/PickFirstLoadBalancer.java  |  3 +--
 .../grpc/internal/PickFirstLoadBalancerTest.java | 11 +++++------
 .../java/io/grpc/rls/RlsLoadBalancerTest.java    | 16 +++++++---------
 3 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
index a41ef03fbda..aa8b5a7e9a9 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
@@ -86,8 +86,7 @@ public void onSubchannelState(ConnectivityStateInfo stateInfo) {
 
       // The channel state does not get updated when doing name resolving today, so for the moment
       // let LB report CONNECTION and call subchannel.requestConnection() immediately.
-      updateBalancingState(
-          CONNECTING, new FixedResultPicker(PickResult.withSubchannel(subchannel)));
+      updateBalancingState(CONNECTING, new FixedResultPicker(PickResult.withNoResult()));
       subchannel.requestConnection();
     } else {
       subchannel.updateAddresses(servers);
diff --git a/core/src/test/java/io/grpc/internal/PickFirstLoadBalancerTest.java b/core/src/test/java/io/grpc/internal/PickFirstLoadBalancerTest.java
index 3e0258f2e40..819293e070b 100644
--- a/core/src/test/java/io/grpc/internal/PickFirstLoadBalancerTest.java
+++ b/core/src/test/java/io/grpc/internal/PickFirstLoadBalancerTest.java
@@ -219,7 +219,7 @@ public void refreshNameResolutionAfterSubchannelConnectionBroken() {
     inOrder.verify(mockSubchannel).start(stateListenerCaptor.capture());
     SubchannelStateListener stateListener = stateListenerCaptor.getValue();
     inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
-    assertSame(mockSubchannel, pickerCaptor.getValue().pickSubchannel(mockArgs).getSubchannel());
+    assertThat(pickerCaptor.getValue().pickSubchannel(mockArgs).hasResult()).isFalse();
     inOrder.verify(mockSubchannel).requestConnection();
 
     stateListener.onSubchannelState(ConnectivityStateInfo.forNonError(CONNECTING));
@@ -278,7 +278,7 @@ public void pickAfterResolvedAndChanged() throws Exception {
     assertThat(args.getAddresses()).isEqualTo(servers);
     inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
     verify(mockSubchannel).requestConnection();
-    assertEquals(mockSubchannel, pickerCaptor.getValue().pickSubchannel(mockArgs).getSubchannel());
+    assertThat(pickerCaptor.getValue().pickSubchannel(mockArgs).hasResult()).isFalse();
 
     loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder().setAddresses(newServers).setAttributes(affinity).build());
@@ -300,7 +300,7 @@ public void pickAfterStateChangeAfterResolution() throws Exception {
     verify(mockSubchannel).start(stateListenerCaptor.capture());
     SubchannelStateListener stateListener = stateListenerCaptor.getValue();
     verify(mockHelper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
-    Subchannel subchannel = pickerCaptor.getValue().pickSubchannel(mockArgs).getSubchannel();
+    assertThat(pickerCaptor.getValue().pickSubchannel(mockArgs).hasResult()).isFalse();
     reset(mockHelper);
     when(mockHelper.getSynchronizationContext()).thenReturn(syncContext);
 
@@ -317,7 +317,7 @@ public void pickAfterStateChangeAfterResolution() throws Exception {
 
     stateListener.onSubchannelState(ConnectivityStateInfo.forNonError(READY));
     inOrder.verify(mockHelper).updateBalancingState(eq(READY), pickerCaptor.capture());
-    assertEquals(subchannel, pickerCaptor.getValue().pickSubchannel(mockArgs).getSubchannel());
+    assertEquals(mockSubchannel, pickerCaptor.getValue().pickSubchannel(mockArgs).getSubchannel());
 
     verify(mockHelper, atLeast(0)).getSynchronizationContext();  // Don't care
     verifyNoMoreInteractions(mockHelper);
@@ -405,8 +405,7 @@ public void nameResolutionSuccessAfterError() throws Exception {
     inOrder.verify(mockHelper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
     verify(mockSubchannel).requestConnection();
 
-    assertEquals(mockSubchannel, pickerCaptor.getValue().pickSubchannel(mockArgs)
-        .getSubchannel());
+    assertThat(pickerCaptor.getValue().pickSubchannel(mockArgs).hasResult()).isFalse();
 
     assertEquals(pickerCaptor.getValue().pickSubchannel(mockArgs),
         pickerCaptor.getValue().pickSubchannel(mockArgs));
diff --git a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
index 8d16d1bd74c..188c99bcd5a 100644
--- a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
@@ -72,7 +72,6 @@
 import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.JsonParser;
-import io.grpc.internal.PickFirstLoadBalancerProvider;
 import io.grpc.internal.PickSubchannelArgsImpl;
 import io.grpc.internal.testing.StreamRecorder;
 import io.grpc.lookup.v1.RouteLookupServiceGrpc;
@@ -212,12 +211,14 @@ public void lb_serverStatusCodeConversion() throws Exception {
         throw new RuntimeException(e);
       }
     });
+    assertThat(subchannels.poll()).isNotNull(); // default target
+    assertThat(subchannels.poll()).isNull();
+    // Warm-up pick; will be queued
     InOrder inOrder = inOrder(helper);
     inOrder.verify(helper)
         .updateBalancingState(eq(ConnectivityState.CONNECTING), pickerCaptor.capture());
     SubchannelPicker picker = pickerCaptor.getValue();
     PickSubchannelArgs fakeSearchMethodArgs = newPickSubchannelArgs(fakeSearchMethod);
-    // Warm-up pick; will be queued
     PickResult res = picker.pickSubchannel(fakeSearchMethodArgs);
     assertThat(res.getStatus().isOk()).isTrue();
     assertThat(res.getSubchannel()).isNull();
@@ -230,8 +231,7 @@ public void lb_serverStatusCodeConversion() throws Exception {
     subchannel.updateState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
     res = picker.pickSubchannel(fakeSearchMethodArgs);
     assertThat(res.getStatus().getCode()).isEqualTo(Status.Code.OK);
-    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 1 : 2;
-    verifyLongCounterAdd("grpc.lb.rls.target_picks", expectedTimes, 1, "wilderness", "complete");
+    verifyLongCounterAdd("grpc.lb.rls.target_picks", 1, 1, "wilderness", "complete");
 
     // Check on conversion
     Throwable cause = new Throwable("cause");
@@ -284,8 +284,7 @@ public void lb_working_withDefaultTarget_rlsResponding() throws Exception {
     res = picker.pickSubchannel(searchSubchannelArgs);
     assertThat(subchannelIsReady(res.getSubchannel())).isTrue();
     assertThat(res.getSubchannel()).isSameInstanceAs(searchSubchannel);
-    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 1 : 2;
-    verifyLongCounterAdd("grpc.lb.rls.target_picks", expectedTimes, 1, "wilderness", "complete");
+    verifyLongCounterAdd("grpc.lb.rls.target_picks", 1, 1, "wilderness", "complete");
 
     // rescue should be pending status although the overall channel state is READY
     res = picker.pickSubchannel(rescueSubchannelArgs);
@@ -431,7 +430,7 @@ public void lb_working_withDefaultTarget_noRlsResponse() throws Exception {
     inOrder.verify(helper).getMetricRecorder();
     inOrder.verify(helper).getChannelTarget();
     inOrder.verifyNoMoreInteractions();
-    int times = PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 1 : 2;
+    int times = 1;
     verifyLongCounterAdd("grpc.lb.rls.default_target_picks", times, 1,
         "defaultTarget", "complete");
 
@@ -536,8 +535,7 @@ public void lb_working_withoutDefaultTarget() throws Exception {
     res = picker.pickSubchannel(newPickSubchannelArgs(fakeSearchMethod));
     assertThat(res.getStatus().isOk()).isFalse();
     assertThat(subchannelIsReady(res.getSubchannel())).isFalse();
-    int expectedTimes = PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 1 : 2;
-    verifyLongCounterAdd("grpc.lb.rls.target_picks", expectedTimes, 1, "wilderness", "complete");
+    verifyLongCounterAdd("grpc.lb.rls.target_picks", 1, 1, "wilderness", "complete");
 
     res = picker.pickSubchannel(newPickSubchannelArgs(fakeRescueMethod));
     assertThat(subchannelIsReady(res.getSubchannel())).isTrue();

From 3915d029c02efcdcdbd2e57b43e22a3c42435ad0 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 5 Jan 2026 21:27:01 -0800
Subject: [PATCH 502/591] core: Implement oobChannel with resolvingOobChannel

The most important part of this change is to ensure that CallCredentials
are not propagated to the OOB channel. Because the authority of the OOB
channel doesn't match the parent channel, we must ensure that any bearer
tokens are not sent to the different server. However, this was not a
problem because resolvingOobChannel has the same constraint. (RLS has a
different constraint, but we were able to let RLS manage that itself.)

This commit does change the behavior of channelz, shutdown, and metrics
for the OOB channel. Previously the OOB channel was registered with
channelz, but it is only a TODO for resolving channel. Channel shutdown
no longer shuts down the OOB channel and it no longer waits for the OOB
channel to terminate before becoming terminated itself. That is also a
pre-existing TODO. Since ManagedChannelImplBuilder is now being used,
global configurators and census are enabled. The proper behavior here is
still being determined, but we would want it to be the same for
resolving OOB channel and OOB channel.

The OOB channel used to refresh the name resolution when the subchannel
went IDLE or TF. That is an older behavior from back when regular
subchannels would also cause the name resolver to refresh. Now-a-days
that goes though the LB tree. gRPC-LB already refreshes name resolution
when its RPC closes, so no longer doing it automatically should be fine.

balancerRpcExecutorPool no longer has its lifetime managed by the child.
It'd be easiest to not use it at all from OOB channel, which wouldn't
actually change the regular behavior, as channels already use the same
executor by default. However, the tests are making use of the executor
being injected, so some propagation needs to be preserved.

Lots of OOB channel tests were deleted, but these were either testing
OobChannel, which is now gone, or things like channelz, which are known
to no longer work like before.
---
 .../io/grpc/internal/ManagedChannelImpl.java  | 153 ++----
 .../java/io/grpc/internal/OobChannel.java     | 314 -------------
 .../internal/OobNameResolverProvider.java     | 121 +++++
 .../grpc/internal/ManagedChannelImplTest.java | 441 +-----------------
 .../main/java/io/grpc/grpclb/GrpclbState.java |   5 +-
 5 files changed, 173 insertions(+), 861 deletions(-)
 delete mode 100644 core/src/main/java/io/grpc/internal/OobChannel.java
 create mode 100644 core/src/main/java/io/grpc/internal/OobNameResolverProvider.java

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index e9fda4e9ec3..bdade61efc6 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -95,6 +95,7 @@
 import io.grpc.internal.RetriableStream.ChannelBufferMeter;
 import io.grpc.internal.RetriableStream.Throttle;
 import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -167,11 +168,9 @@ public Result selectConfig(PickSubchannelArgs args) {
   @Nullable
   private final ChannelCredentials originalChannelCreds;
   private final ClientTransportFactory transportFactory;
-  private final ClientTransportFactory oobTransportFactory;
   private final RestrictedScheduledExecutor scheduledExecutor;
   private final Executor executor;
   private final ObjectPool<? extends Executor> executorPool;
-  private final ObjectPool<? extends Executor> balancerRpcExecutorPool;
   private final ExecutorHolder balancerRpcExecutorHolder;
   private final ExecutorHolder offloadExecutorHolder;
   private final TimeProvider timeProvider;
@@ -240,9 +239,6 @@ public void uncaughtException(Thread t, Throwable e) {
   private Collection<RealChannel.PendingCall<?, ?>> pendingCalls;
   private final Object pendingCallsInUseObject = new Object();
 
-  // Must be mutated from syncContext
-  private final Set<OobChannel> oobChannels = new HashSet<>(1, .75f);
-
   // reprocess() must be run from syncContext
   private final DelayedClientTransport delayedTransport;
   private final UncommittedRetriableStreamsRegistry uncommittedRetriableStreamsRegistry
@@ -312,9 +308,6 @@ private void maybeShutdownNowSubchannels() {
       for (InternalSubchannel subchannel : subchannels) {
         subchannel.shutdownNow(SHUTDOWN_NOW_STATUS);
       }
-      for (OobChannel oobChannel : oobChannels) {
-        oobChannel.getInternalSubchannel().shutdownNow(SHUTDOWN_NOW_STATUS);
-      }
     }
   }
 
@@ -334,7 +327,6 @@ public void run() {
         builder.setTarget(target).setState(channelStateManager.getState());
         List<InternalWithLogId> children = new ArrayList<>();
         children.addAll(subchannels);
-        children.addAll(oobChannels);
         builder.setSubchannels(children);
         ret.set(builder.build());
       }
@@ -564,8 +556,6 @@ ClientStream newSubstream(
         new ExecutorHolder(checkNotNull(builder.offloadExecutorPool, "offloadExecutorPool"));
     this.transportFactory = new CallCredentialsApplyingTransportFactory(
         clientTransportFactory, builder.callCredentials, this.offloadExecutorHolder);
-    this.oobTransportFactory = new CallCredentialsApplyingTransportFactory(
-        clientTransportFactory, null, this.offloadExecutorHolder);
     this.scheduledExecutor =
         new RestrictedScheduledExecutor(transportFactory.getScheduledExecutorService());
     maxTraceEvents = builder.maxTraceEvents;
@@ -604,8 +594,8 @@ ClientStream newSubstream(
     this.nameResolverArgs = nameResolverArgsBuilder.build();
     this.nameResolver = getNameResolver(
         targetUri, authorityOverride, nameResolverProvider, nameResolverArgs);
-    this.balancerRpcExecutorPool = checkNotNull(balancerRpcExecutorPool, "balancerRpcExecutorPool");
-    this.balancerRpcExecutorHolder = new ExecutorHolder(balancerRpcExecutorPool);
+    this.balancerRpcExecutorHolder = new ExecutorHolder(
+        checkNotNull(balancerRpcExecutorPool, "balancerRpcExecutorPool"));
     this.delayedTransport = new DelayedClientTransport(this.executor, this.syncContext);
     this.delayedTransport.start(delayedTransportListener);
     this.backoffPolicyProvider = backoffPolicyProvider;
@@ -1187,7 +1177,7 @@ private void maybeTerminateChannel() {
     if (terminated) {
       return;
     }
-    if (shutdown.get() && subchannels.isEmpty() && oobChannels.isEmpty()) {
+    if (shutdown.get() && subchannels.isEmpty()) {
       channelLogger.log(ChannelLogLevel.INFO, "Terminated");
       channelz.removeRootChannel(this);
       executorPool.returnObject(executor);
@@ -1201,13 +1191,6 @@ private void maybeTerminateChannel() {
     }
   }
 
-  // Must be called from syncContext
-  private void handleInternalSubchannelState(ConnectivityStateInfo newState) {
-    if (newState.getState() == TRANSIENT_FAILURE || newState.getState() == IDLE) {
-      refreshNameResolution();
-    }
-  }
-
   @Override
   public ConnectivityState getState(boolean requestConnection) {
     ConnectivityState savedChannelState = channelStateManager.getState();
@@ -1253,9 +1236,6 @@ public void run() {
         for (InternalSubchannel subchannel : subchannels) {
           subchannel.resetConnectBackoff();
         }
-        for (OobChannel oobChannel : oobChannels) {
-          oobChannel.resetConnectBackoff();
-        }
       }
     }
 
@@ -1413,86 +1393,28 @@ public ManagedChannel createOobChannel(EquivalentAddressGroup addressGroup, Stri
     @Override
     public ManagedChannel createOobChannel(List<EquivalentAddressGroup> addressGroup,
         String authority) {
-      // TODO(ejona): can we be even stricter? Like terminating?
-      checkState(!terminated, "Channel is terminated");
-      long oobChannelCreationTime = timeProvider.currentTimeNanos();
-      InternalLogId oobLogId = InternalLogId.allocate("OobChannel", /*details=*/ null);
-      InternalLogId subchannelLogId =
-          InternalLogId.allocate("Subchannel-OOB", /*details=*/ authority);
-      ChannelTracer oobChannelTracer =
-          new ChannelTracer(
-              oobLogId, maxTraceEvents, oobChannelCreationTime,
-              "OobChannel for " + addressGroup);
-      final OobChannel oobChannel = new OobChannel(
-          authority, balancerRpcExecutorPool, oobTransportFactory.getScheduledExecutorService(),
-          syncContext, callTracerFactory.create(), oobChannelTracer, channelz, timeProvider);
-      channelTracer.reportEvent(new ChannelTrace.Event.Builder()
-          .setDescription("Child OobChannel created")
-          .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
-          .setTimestampNanos(oobChannelCreationTime)
-          .setChannelRef(oobChannel)
-          .build());
-      ChannelTracer subchannelTracer =
-          new ChannelTracer(subchannelLogId, maxTraceEvents, oobChannelCreationTime,
-              "Subchannel for " + addressGroup);
-      ChannelLogger subchannelLogger = new ChannelLoggerImpl(subchannelTracer, timeProvider);
-      final class ManagedOobChannelCallback extends InternalSubchannel.Callback {
-        @Override
-        void onTerminated(InternalSubchannel is) {
-          oobChannels.remove(oobChannel);
-          channelz.removeSubchannel(is);
-          oobChannel.handleSubchannelTerminated();
-          maybeTerminateChannel();
-        }
-
-        @Override
-        void onStateChange(InternalSubchannel is, ConnectivityStateInfo newState) {
-          // TODO(chengyuanzhang): change to let LB policies explicitly manage OOB channel's
-          //  state and refresh name resolution if necessary.
-          handleInternalSubchannelState(newState);
-          oobChannel.handleSubchannelStateChange(newState);
-        }
-      }
-
-      final InternalSubchannel internalSubchannel = new InternalSubchannel(
-          CreateSubchannelArgs.newBuilder().setAddresses(addressGroup).build(),
-          authority, userAgent, backoffPolicyProvider, oobTransportFactory,
-          oobTransportFactory.getScheduledExecutorService(), stopwatchSupplier, syncContext,
-          // All callback methods are run from syncContext
-          new ManagedOobChannelCallback(),
-          channelz,
-          callTracerFactory.create(),
-          subchannelTracer,
-          subchannelLogId,
-          subchannelLogger,
-          transportFilters,
-          target,
-          lbHelper.getMetricRecorder());
-      oobChannelTracer.reportEvent(new ChannelTrace.Event.Builder()
-          .setDescription("Child Subchannel created")
-          .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
-          .setTimestampNanos(oobChannelCreationTime)
-          .setSubchannelRef(internalSubchannel)
-          .build());
-      channelz.addSubchannel(oobChannel);
-      channelz.addSubchannel(internalSubchannel);
-      oobChannel.setSubchannel(internalSubchannel);
-      final class AddOobChannel implements Runnable {
-        @Override
-        public void run() {
-          if (terminating) {
-            oobChannel.shutdown();
-          }
-          if (!terminated) {
-            // If channel has not terminated, it will track the subchannel and block termination
-            // for it.
-            oobChannels.add(oobChannel);
-          }
-        }
-      }
-
-      syncContext.execute(new AddOobChannel());
-      return oobChannel;
+      NameResolverRegistry nameResolverRegistry = new NameResolverRegistry();
+      OobNameResolverProvider resolverProvider =
+          new OobNameResolverProvider(authority, addressGroup, syncContext);
+      nameResolverRegistry.register(resolverProvider);
+      // We could use a hard-coded target, as the name resolver won't actually use this string.
+      // However, that would make debugging less clear, as we use the target to identify the
+      // channel.
+      String target;
+      try {
+        target = new URI("oob", "", "/" + authority, null, null).toString();
+      } catch (URISyntaxException ex) {
+        // Any special characters in the path will be percent encoded. So this should be impossible.
+        throw new AssertionError(ex);
+      }
+      ManagedChannel delegate = createResolvingOobChannelBuilder(
+          target, new DefaultChannelCreds(), nameResolverRegistry)
+          // TODO(zdapeng): executors should not outlive the parent channel.
+          .executor(balancerRpcExecutorHolder.getExecutor())
+          .idleTimeout(Integer.MAX_VALUE, TimeUnit.SECONDS)
+          .disableRetry()
+          .build();
+      return new OobChannel(delegate, resolverProvider);
     }
 
     @Deprecated
@@ -1504,11 +1426,17 @@ public ManagedChannelBuilder<?> createResolvingOobChannelBuilder(String target)
           .overrideAuthority(getAuthority());
     }
 
-    // TODO(creamsoup) prevent main channel to shutdown if oob channel is not terminated
-    // TODO(zdapeng) register the channel as a subchannel of the parent channel in channelz.
     @Override
     public ManagedChannelBuilder<?> createResolvingOobChannelBuilder(
         final String target, final ChannelCredentials channelCreds) {
+      return createResolvingOobChannelBuilder(target, channelCreds, nameResolverRegistry);
+    }
+
+    // TODO(creamsoup) prevent main channel to shutdown if oob channel is not terminated
+    // TODO(zdapeng) register the channel as a subchannel of the parent channel in channelz.
+    private ManagedChannelBuilder<?> createResolvingOobChannelBuilder(
+        final String target, final ChannelCredentials channelCreds,
+        NameResolverRegistry nameResolverRegistry) {
       checkNotNull(channelCreds, "channelCreds");
 
       final class ResolvingOobChannelBuilder
@@ -1641,6 +1569,19 @@ public ChannelCredentials withoutBearerTokens() {
     }
   }
 
+  static final class OobChannel extends ForwardingManagedChannel {
+    private final OobNameResolverProvider resolverProvider;
+
+    public OobChannel(ManagedChannel delegate, OobNameResolverProvider resolverProvider) {
+      super(delegate);
+      this.resolverProvider = checkNotNull(resolverProvider, "resolverProvider");
+    }
+
+    public void updateAddresses(List<EquivalentAddressGroup> eags) {
+      resolverProvider.updateAddresses(eags);
+    }
+  }
+
   final class NameResolverListener extends NameResolver.Listener2 {
     final LbHelperImpl helper;
     final NameResolver resolver;
diff --git a/core/src/main/java/io/grpc/internal/OobChannel.java b/core/src/main/java/io/grpc/internal/OobChannel.java
deleted file mode 100644
index b2272a89672..00000000000
--- a/core/src/main/java/io/grpc/internal/OobChannel.java
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
- * Copyright 2016 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.internal;
-
-import static com.google.common.base.Preconditions.checkNotNull;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.MoreObjects;
-import com.google.common.base.Preconditions;
-import com.google.common.util.concurrent.ListenableFuture;
-import com.google.common.util.concurrent.SettableFuture;
-import io.grpc.Attributes;
-import io.grpc.CallOptions;
-import io.grpc.ClientCall;
-import io.grpc.ClientStreamTracer;
-import io.grpc.ConnectivityState;
-import io.grpc.ConnectivityStateInfo;
-import io.grpc.Context;
-import io.grpc.EquivalentAddressGroup;
-import io.grpc.InternalChannelz;
-import io.grpc.InternalChannelz.ChannelStats;
-import io.grpc.InternalChannelz.ChannelTrace;
-import io.grpc.InternalInstrumented;
-import io.grpc.InternalLogId;
-import io.grpc.InternalWithLogId;
-import io.grpc.LoadBalancer;
-import io.grpc.LoadBalancer.FixedResultPicker;
-import io.grpc.LoadBalancer.PickResult;
-import io.grpc.LoadBalancer.Subchannel;
-import io.grpc.LoadBalancer.SubchannelPicker;
-import io.grpc.ManagedChannel;
-import io.grpc.Metadata;
-import io.grpc.MethodDescriptor;
-import io.grpc.Status;
-import io.grpc.SynchronizationContext;
-import io.grpc.internal.ClientCallImpl.ClientStreamProvider;
-import java.util.Collections;
-import java.util.List;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import javax.annotation.concurrent.ThreadSafe;
-
-/**
- * A ManagedChannel backed by a single {@link InternalSubchannel} and used for {@link LoadBalancer}
- * to its own RPC needs.
- */
-@ThreadSafe
-final class OobChannel extends ManagedChannel implements InternalInstrumented<ChannelStats> {
-  private static final Logger log = Logger.getLogger(OobChannel.class.getName());
-
-  private InternalSubchannel subchannel;
-  private AbstractSubchannel subchannelImpl;
-  private SubchannelPicker subchannelPicker;
-
-  private final InternalLogId logId;
-  private final String authority;
-  private final DelayedClientTransport delayedTransport;
-  private final InternalChannelz channelz;
-  private final ObjectPool<? extends Executor> executorPool;
-  private final Executor executor;
-  private final ScheduledExecutorService deadlineCancellationExecutor;
-  private final CountDownLatch terminatedLatch = new CountDownLatch(1);
-  private volatile boolean shutdown;
-  private final CallTracer channelCallsTracer;
-  private final ChannelTracer channelTracer;
-  private final TimeProvider timeProvider;
-
-  private final ClientStreamProvider transportProvider = new ClientStreamProvider() {
-    @Override
-    public ClientStream newStream(MethodDescriptor<?, ?> method,
-        CallOptions callOptions, Metadata headers, Context context) {
-      ClientStreamTracer[] tracers = GrpcUtil.getClientStreamTracers(
-          callOptions, headers, 0, /* isTransparentRetry= */ false,
-          /* isHedging= */ false);
-      Context origContext = context.attach();
-      // delayed transport's newStream() always acquires a lock, but concurrent performance doesn't
-      // matter here because OOB communication should be sparse, and it's not on application RPC's
-      // critical path.
-      try {
-        return delayedTransport.newStream(method, headers, callOptions, tracers);
-      } finally {
-        context.detach(origContext);
-      }
-    }
-  };
-
-  OobChannel(
-      String authority, ObjectPool<? extends Executor> executorPool,
-      ScheduledExecutorService deadlineCancellationExecutor, SynchronizationContext syncContext,
-      CallTracer callsTracer, ChannelTracer channelTracer, InternalChannelz channelz,
-      TimeProvider timeProvider) {
-    this.authority = checkNotNull(authority, "authority");
-    this.logId = InternalLogId.allocate(getClass(), authority);
-    this.executorPool = checkNotNull(executorPool, "executorPool");
-    this.executor = checkNotNull(executorPool.getObject(), "executor");
-    this.deadlineCancellationExecutor = checkNotNull(
-        deadlineCancellationExecutor, "deadlineCancellationExecutor");
-    this.delayedTransport = new DelayedClientTransport(executor, syncContext);
-    this.channelz = Preconditions.checkNotNull(channelz);
-    this.delayedTransport.start(new ManagedClientTransport.Listener() {
-        @Override
-        public void transportShutdown(Status s, DisconnectError e) {
-          // Don't care
-        }
-
-        @Override
-        public void transportTerminated() {
-          subchannelImpl.shutdown();
-        }
-
-        @Override
-        public void transportReady() {
-          // Don't care
-        }
-
-        @Override
-        public Attributes filterTransport(Attributes attributes) {
-          return attributes;
-        }
-
-        @Override
-        public void transportInUse(boolean inUse) {
-          // Don't care
-        }
-      });
-    this.channelCallsTracer = callsTracer;
-    this.channelTracer = checkNotNull(channelTracer, "channelTracer");
-    this.timeProvider = checkNotNull(timeProvider, "timeProvider");
-  }
-
-  // Must be called only once, right after the OobChannel is created.
-  void setSubchannel(final InternalSubchannel subchannel) {
-    log.log(Level.FINE, "[{0}] Created with [{1}]", new Object[] {this, subchannel});
-    this.subchannel = subchannel;
-    subchannelImpl = new AbstractSubchannel() {
-        @Override
-        public void shutdown() {
-          subchannel.shutdown(Status.UNAVAILABLE.withDescription("OobChannel is shutdown"));
-        }
-
-        @Override
-        InternalInstrumented<ChannelStats> getInstrumentedInternalSubchannel() {
-          return subchannel;
-        }
-
-        @Override
-        public void requestConnection() {
-          subchannel.obtainActiveTransport();
-        }
-
-        @Override
-        public List<EquivalentAddressGroup> getAllAddresses() {
-          return subchannel.getAddressGroups();
-        }
-
-        @Override
-        public Attributes getAttributes() {
-          return Attributes.EMPTY;
-        }
-
-        @Override
-        public Object getInternalSubchannel() {
-          return subchannel;
-        }
-    };
-
-    subchannelPicker = new FixedResultPicker(PickResult.withSubchannel(subchannelImpl));
-    delayedTransport.reprocess(subchannelPicker);
-  }
-
-  void updateAddresses(List<EquivalentAddressGroup> eag) {
-    subchannel.updateAddresses(eag);
-  }
-
-  @Override
-  public <RequestT, ResponseT> ClientCall<RequestT, ResponseT> newCall(
-      MethodDescriptor<RequestT, ResponseT> methodDescriptor, CallOptions callOptions) {
-    return new ClientCallImpl<>(methodDescriptor,
-        callOptions.getExecutor() == null ? executor : callOptions.getExecutor(),
-        callOptions, transportProvider, deadlineCancellationExecutor, channelCallsTracer, null);
-  }
-
-  @Override
-  public String authority() {
-    return authority;
-  }
-
-  @Override
-  public boolean isTerminated() {
-    return terminatedLatch.getCount() == 0;
-  }
-
-  @Override
-  public boolean awaitTermination(long time, TimeUnit unit) throws InterruptedException {
-    return terminatedLatch.await(time, unit);
-  }
-
-  @Override
-  public ConnectivityState getState(boolean requestConnectionIgnored) {
-    if (subchannel == null) {
-      return ConnectivityState.IDLE;
-    }
-    return subchannel.getState();
-  }
-
-  @Override
-  public ManagedChannel shutdown() {
-    shutdown = true;
-    delayedTransport.shutdown(Status.UNAVAILABLE.withDescription("OobChannel.shutdown() called"));
-    return this;
-  }
-
-  @Override
-  public boolean isShutdown() {
-    return shutdown;
-  }
-
-  @Override
-  public ManagedChannel shutdownNow() {
-    shutdown = true;
-    delayedTransport.shutdownNow(
-        Status.UNAVAILABLE.withDescription("OobChannel.shutdownNow() called"));
-    return this;
-  }
-
-  void handleSubchannelStateChange(final ConnectivityStateInfo newState) {
-    channelTracer.reportEvent(
-        new ChannelTrace.Event.Builder()
-            .setDescription("Entering " + newState.getState() + " state")
-            .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
-            .setTimestampNanos(timeProvider.currentTimeNanos())
-            .build());
-    switch (newState.getState()) {
-      case READY:
-      case IDLE:
-        delayedTransport.reprocess(subchannelPicker);
-        break;
-      case TRANSIENT_FAILURE:
-        delayedTransport.reprocess(
-            new FixedResultPicker(PickResult.withError(newState.getStatus())));
-        break;
-      default:
-        // Do nothing
-    }
-  }
-
-  // must be run from channel executor
-  void handleSubchannelTerminated() {
-    channelz.removeSubchannel(this);
-    // When delayedTransport is terminated, it shuts down subchannel.  Therefore, at this point
-    // both delayedTransport and subchannel have terminated.
-    executorPool.returnObject(executor);
-    terminatedLatch.countDown();
-  }
-
-  @VisibleForTesting
-  Subchannel getSubchannel() {
-    return subchannelImpl;
-  }
-
-  InternalSubchannel getInternalSubchannel() {
-    return subchannel;
-  }
-
-  @Override
-  public ListenableFuture<ChannelStats> getStats() {
-    final SettableFuture<ChannelStats> ret = SettableFuture.create();
-    final ChannelStats.Builder builder = new ChannelStats.Builder();
-    channelCallsTracer.updateBuilder(builder);
-    channelTracer.updateBuilder(builder);
-    builder
-        .setTarget(authority)
-        .setState(subchannel.getState())
-        .setSubchannels(Collections.<InternalWithLogId>singletonList(subchannel));
-    ret.set(builder.build());
-    return ret;
-  }
-
-  @Override
-  public InternalLogId getLogId() {
-    return logId;
-  }
-
-  @Override
-  public String toString() {
-    return MoreObjects.toStringHelper(this)
-        .add("logId", logId.getId())
-        .add("authority", authority)
-        .toString();
-  }
-
-  @Override
-  public void resetConnectBackoff() {
-    subchannel.resetConnectBackoff();
-  }
-}
diff --git a/core/src/main/java/io/grpc/internal/OobNameResolverProvider.java b/core/src/main/java/io/grpc/internal/OobNameResolverProvider.java
new file mode 100644
index 00000000000..408b92e0c84
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/OobNameResolverProvider.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static java.util.Objects.requireNonNull;
+
+import io.grpc.EquivalentAddressGroup;
+import io.grpc.NameResolver;
+import io.grpc.NameResolverProvider;
+import io.grpc.StatusOr;
+import io.grpc.SynchronizationContext;
+import java.net.URI;
+import java.util.Collection;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * A provider that is passed addresses and relays those addresses to its created resolvers.
+ */
+final class OobNameResolverProvider extends NameResolverProvider {
+  private final String authority;
+  private final SynchronizationContext parentSyncContext;
+  // Only accessed from parentSyncContext
+  @SuppressWarnings("JdkObsolete") // LinkedList uses O(n) memory, including after deletions
+  private final Collection<OobNameResolver> resolvers = new LinkedList<>();
+  // Only accessed from parentSyncContext
+  private List<EquivalentAddressGroup> lastEags;
+
+  public OobNameResolverProvider(
+      String authority, List<EquivalentAddressGroup> eags, SynchronizationContext syncContext) {
+    this.authority = requireNonNull(authority, "authority");
+    this.lastEags = requireNonNull(eags, "eags");
+    this.parentSyncContext = requireNonNull(syncContext, "syncContext");
+  }
+
+  @Override
+  public String getDefaultScheme() {
+    return "oob";
+  }
+
+  @Override
+  protected boolean isAvailable() {
+    return true;
+  }
+
+  @Override
+  protected int priority() {
+    return 5; // Doesn't matter, as we expect only one provider in the registry
+  }
+
+  public void updateAddresses(List<EquivalentAddressGroup> eags) {
+    requireNonNull(eags, "eags");
+    parentSyncContext.execute(() -> {
+      this.lastEags = eags;
+      for (OobNameResolver resolver : resolvers) {
+        resolver.updateAddresses(eags);
+      }
+    });
+  }
+
+  @Override
+  public NameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
+    return new OobNameResolver(args.getSynchronizationContext());
+  }
+
+  final class OobNameResolver extends NameResolver {
+    private final SynchronizationContext syncContext;
+    // Null before started, and after shutdown. Only accessed from syncContext
+    private Listener2 listener;
+
+    public OobNameResolver(SynchronizationContext syncContext) {
+      this.syncContext = requireNonNull(syncContext, "syncContext");
+    }
+
+    @Override
+    public String getServiceAuthority() {
+      return authority;
+    }
+
+    @Override
+    public void start(Listener2 listener) {
+      this.listener = requireNonNull(listener, "listener");
+      parentSyncContext.execute(() -> {
+        resolvers.add(this);
+        updateAddresses(lastEags);
+      });
+    }
+
+    void updateAddresses(List<EquivalentAddressGroup> eags) {
+      parentSyncContext.throwIfNotInThisSynchronizationContext();
+      syncContext.execute(() -> {
+        if (listener == null) {
+          return;
+        }
+        listener.onResult2(ResolutionResult.newBuilder()
+            .setAddressesOrError(StatusOr.fromValue(lastEags))
+            .build());
+      });
+    }
+
+    @Override
+    public void shutdown() {
+      this.listener = null;
+      parentSyncContext.execute(() -> resolvers.remove(this));
+    }
+  }
+}
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 7b3e725991c..731fac94044 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -285,10 +285,6 @@ public String getPolicyName() {
   @Mock
   private ClientCall.Listener<Integer> mockCallListener3;
   @Mock
-  private ClientCall.Listener<Integer> mockCallListener4;
-  @Mock
-  private ClientCall.Listener<Integer> mockCallListener5;
-  @Mock
   private ObjectPool<Executor> executorPool;
   @Mock
   private ObjectPool<Executor> balancerRpcExecutorPool;
@@ -817,47 +813,6 @@ public void channelzMembership_subchannel() throws Exception {
     assertNotNull(channelz.getRootChannel(channel.getLogId().getId()));
   }
 
-  @Test
-  public void channelzMembership_oob() throws Exception {
-    createChannel();
-    OobChannel oob = (OobChannel) helper.createOobChannel(
-        Collections.singletonList(addressGroup), AUTHORITY);
-    // oob channels are not root channels
-    assertNull(channelz.getRootChannel(oob.getLogId().getId()));
-    assertTrue(channelz.containsSubchannel(oob.getLogId()));
-    assertThat(getStats(channel).subchannels).containsExactly(oob);
-    assertTrue(channelz.containsSubchannel(oob.getLogId()));
-
-    AbstractSubchannel subchannel = (AbstractSubchannel) oob.getSubchannel();
-    assertTrue(
-        channelz.containsSubchannel(subchannel.getInstrumentedInternalSubchannel().getLogId()));
-    assertThat(getStats(oob).subchannels)
-        .containsExactly(subchannel.getInstrumentedInternalSubchannel());
-    assertTrue(
-        channelz.containsSubchannel(subchannel.getInstrumentedInternalSubchannel().getLogId()));
-
-    oob.getSubchannel().requestConnection();
-    MockClientTransportInfo transportInfo = transports.poll();
-    assertNotNull(transportInfo);
-    assertTrue(channelz.containsClientSocket(transportInfo.transport.getLogId()));
-
-    // terminate transport
-    transportInfo.listener.transportShutdown(Status.INTERNAL,
-        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
-    transportInfo.listener.transportTerminated();
-    assertFalse(channelz.containsClientSocket(transportInfo.transport.getLogId()));
-
-    // terminate oobchannel
-    oob.shutdown();
-    assertFalse(channelz.containsSubchannel(oob.getLogId()));
-    assertThat(getStats(channel).subchannels).isEmpty();
-    assertFalse(
-        channelz.containsSubchannel(subchannel.getInstrumentedInternalSubchannel().getLogId()));
-
-    // channel still appears
-    assertNotNull(channelz.getRootChannel(channel.getLogId().getId()));
-  }
-
   @Test
   public void callsAndShutdown() {
     subtestCallsAndShutdown(false, false);
@@ -1801,7 +1756,7 @@ public void subchannelsNoConnectionShutdownNow() {
     channel.shutdownNow();
 
     verify(mockLoadBalancer).shutdown();
-    // Channel's shutdownNow() will call shutdownNow() on all subchannels and oobchannels.
+    // Channel's shutdownNow() will call shutdownNow() on all subchannels.
     // Therefore, channel is terminated without relying on LoadBalancer to shutdown subchannels.
     assertTrue(channel.isTerminated());
     verify(mockTransportFactory, never())
@@ -1809,114 +1764,6 @@ public void subchannelsNoConnectionShutdownNow() {
             any(SocketAddress.class), any(ClientTransportOptions.class), any(ChannelLogger.class));
   }
 
-  @Test
-  public void oobchannels() {
-    createChannel();
-
-    ManagedChannel oob1 = helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oob1authority");
-    ManagedChannel oob2 = helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oob2authority");
-    verify(balancerRpcExecutorPool, times(2)).getObject();
-
-    assertEquals("oob1authority", oob1.authority());
-    assertEquals("oob2authority", oob2.authority());
-
-    // OOB channels create connections lazily.  A new call will initiate the connection.
-    Metadata headers = new Metadata();
-    ClientCall<String, Integer> call = oob1.newCall(method, CallOptions.DEFAULT);
-    call.start(mockCallListener, headers);
-    verify(mockTransportFactory)
-        .newClientTransport(
-            eq(socketAddress),
-            eq(new ClientTransportOptions().setAuthority("oob1authority").setUserAgent(USER_AGENT)),
-            isA(ChannelLogger.class));
-    MockClientTransportInfo transportInfo = transports.poll();
-    assertNotNull(transportInfo);
-
-    assertEquals(0, balancerRpcExecutor.numPendingTasks());
-    transportInfo.listener.transportReady();
-    assertEquals(1, balancerRpcExecutor.runDueTasks());
-    verify(transportInfo.transport).newStream(
-        same(method), same(headers), same(CallOptions.DEFAULT),
-        ArgumentMatchers.<ClientStreamTracer[]>any());
-
-    // The transport goes away
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE,
-        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
-    transportInfo.listener.transportTerminated();
-
-    // A new call will trigger a new transport
-    ClientCall<String, Integer> call2 = oob1.newCall(method, CallOptions.DEFAULT);
-    call2.start(mockCallListener2, headers);
-    ClientCall<String, Integer> call3 =
-        oob1.newCall(method, CallOptions.DEFAULT.withWaitForReady());
-    call3.start(mockCallListener3, headers);
-    verify(mockTransportFactory, times(2)).newClientTransport(
-        eq(socketAddress),
-        eq(new ClientTransportOptions().setAuthority("oob1authority").setUserAgent(USER_AGENT)),
-        isA(ChannelLogger.class));
-    transportInfo = transports.poll();
-    assertNotNull(transportInfo);
-
-    // This transport fails
-    Status transportError = Status.UNAVAILABLE.withDescription("Connection refused");
-    assertEquals(0, balancerRpcExecutor.numPendingTasks());
-    transportInfo.listener.transportShutdown(transportError,
-        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
-    assertTrue(balancerRpcExecutor.runDueTasks() > 0);
-
-    // Fail-fast RPC will fail, while wait-for-ready RPC will still be pending
-    verify(mockCallListener2).onClose(same(transportError), any(Metadata.class));
-    verify(mockCallListener3, never()).onClose(any(Status.class), any(Metadata.class));
-
-    // Shutdown
-    assertFalse(oob1.isShutdown());
-    assertFalse(oob2.isShutdown());
-    oob1.shutdown();
-    oob2.shutdownNow();
-    assertTrue(oob1.isShutdown());
-    assertTrue(oob2.isShutdown());
-    assertTrue(oob2.isTerminated());
-    verify(balancerRpcExecutorPool).returnObject(balancerRpcExecutor.getScheduledExecutorService());
-
-    // New RPCs will be rejected.
-    assertEquals(0, balancerRpcExecutor.numPendingTasks());
-    ClientCall<String, Integer> call4 = oob1.newCall(method, CallOptions.DEFAULT);
-    ClientCall<String, Integer> call5 = oob2.newCall(method, CallOptions.DEFAULT);
-    call4.start(mockCallListener4, headers);
-    call5.start(mockCallListener5, headers);
-    assertTrue(balancerRpcExecutor.runDueTasks() > 0);
-    verify(mockCallListener4).onClose(statusCaptor.capture(), any(Metadata.class));
-    Status status4 = statusCaptor.getValue();
-    assertEquals(Status.Code.UNAVAILABLE, status4.getCode());
-    verify(mockCallListener5).onClose(statusCaptor.capture(), any(Metadata.class));
-    Status status5 = statusCaptor.getValue();
-    assertEquals(Status.Code.UNAVAILABLE, status5.getCode());
-
-    // The pending RPC will still be pending
-    verify(mockCallListener3, never()).onClose(any(Status.class), any(Metadata.class));
-
-    // This will shutdownNow() the delayed transport, terminating the pending RPC
-    assertEquals(0, balancerRpcExecutor.numPendingTasks());
-    oob1.shutdownNow();
-    assertTrue(balancerRpcExecutor.runDueTasks() > 0);
-    verify(mockCallListener3).onClose(any(Status.class), any(Metadata.class));
-
-    // Shut down the channel, and it will not terminated because OOB channel has not.
-    channel.shutdown();
-    assertFalse(channel.isTerminated());
-    // Delayed transport has already terminated.  Terminating the transport terminates the
-    // subchannel, which in turn terimates the OOB channel, which terminates the channel.
-    assertFalse(oob1.isTerminated());
-    verify(balancerRpcExecutorPool).returnObject(balancerRpcExecutor.getScheduledExecutorService());
-    transportInfo.listener.transportTerminated();
-    assertTrue(oob1.isTerminated());
-    assertTrue(channel.isTerminated());
-    verify(balancerRpcExecutorPool, times(2))
-        .returnObject(balancerRpcExecutor.getScheduledExecutorService());
-  }
-
   @Test
   public void oobChannelHasNoChannelCallCredentials() {
     Metadata.Key<String> metadataKey =
@@ -1968,7 +1815,7 @@ public void oobChannelHasNoChannelCallCredentials() {
     balancerRpcExecutor.runDueTasks();
 
     verify(transportInfo.transport).newStream(
-        same(method), same(headers), same(callOptions),
+        same(method), same(headers), ArgumentMatchers.any(),
         ArgumentMatchers.<ClientStreamTracer[]>any());
     assertThat(headers.getAll(metadataKey)).containsExactly(callCredValue);
     oob.shutdownNow();
@@ -2095,76 +1942,6 @@ public SwapChannelCredentialsResult answer(InvocationOnMock invocation) {
     oob.shutdownNow();
   }
 
-  @Test
-  public void oobChannelsWhenChannelShutdownNow() {
-    createChannel();
-    ManagedChannel oob1 = helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oob1Authority");
-    ManagedChannel oob2 = helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oob2Authority");
-
-    oob1.newCall(method, CallOptions.DEFAULT).start(mockCallListener, new Metadata());
-    oob2.newCall(method, CallOptions.DEFAULT).start(mockCallListener2, new Metadata());
-
-    assertThat(transports).hasSize(2);
-    MockClientTransportInfo ti1 = transports.poll();
-    MockClientTransportInfo ti2 = transports.poll();
-
-    ti1.listener.transportReady();
-    ti2.listener.transportReady();
-
-    channel.shutdownNow();
-    verify(ti1.transport).shutdownNow(any(Status.class));
-    verify(ti2.transport).shutdownNow(any(Status.class));
-
-    ti1.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"),
-        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
-    ti2.listener.transportShutdown(Status.UNAVAILABLE.withDescription("shutdown now"),
-        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
-    ti1.listener.transportTerminated();
-
-    assertFalse(channel.isTerminated());
-    ti2.listener.transportTerminated();
-    assertTrue(channel.isTerminated());
-  }
-
-  @Test
-  public void oobChannelsNoConnectionShutdown() {
-    createChannel();
-    ManagedChannel oob1 = helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oob1Authority");
-    ManagedChannel oob2 = helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oob2Authority");
-    channel.shutdown();
-
-    verify(mockLoadBalancer).shutdown();
-    oob1.shutdown();
-    assertTrue(oob1.isTerminated());
-    assertFalse(channel.isTerminated());
-    oob2.shutdown();
-    assertTrue(oob2.isTerminated());
-    assertTrue(channel.isTerminated());
-    verify(mockTransportFactory, never())
-        .newClientTransport(
-            any(SocketAddress.class), any(ClientTransportOptions.class), any(ChannelLogger.class));
-  }
-
-  @Test
-  public void oobChannelsNoConnectionShutdownNow() {
-    createChannel();
-    helper.createOobChannel(Collections.singletonList(addressGroup), "oob1Authority");
-    helper.createOobChannel(Collections.singletonList(addressGroup), "oob2Authority");
-    channel.shutdownNow();
-
-    verify(mockLoadBalancer).shutdown();
-    assertTrue(channel.isTerminated());
-    // Channel's shutdownNow() will call shutdownNow() on all subchannels and oobchannels.
-    // Therefore, channel is terminated without relying on LoadBalancer to shutdown oobchannels.
-    verify(mockTransportFactory, never())
-        .newClientTransport(
-            any(SocketAddress.class), any(ClientTransportOptions.class), any(ChannelLogger.class));
-  }
-
   @Test
   public void subchannelChannel_normalUsage() {
     createChannel();
@@ -2310,69 +2087,6 @@ public void lbHelper_getNonDefaultNameResolverRegistry() {
         .isNotSameInstanceAs(NameResolverRegistry.getDefaultRegistry());
   }
 
-  @Test
-  public void refreshNameResolution_whenOobChannelConnectionFailed_notIdle() {
-    subtestNameResolutionRefreshWhenConnectionFailed(false);
-  }
-
-  @Test
-  public void notRefreshNameResolution_whenOobChannelConnectionFailed_idle() {
-    subtestNameResolutionRefreshWhenConnectionFailed(true);
-  }
-
-  private void subtestNameResolutionRefreshWhenConnectionFailed(boolean isIdle) {
-    FakeNameResolverFactory nameResolverFactory =
-        new FakeNameResolverFactory.Builder(expectedUri)
-            .setServers(Collections.singletonList(new EquivalentAddressGroup(socketAddress)))
-            .build();
-    channelBuilder.nameResolverFactory(nameResolverFactory);
-    createChannel();
-    OobChannel oobChannel = (OobChannel) helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oobAuthority");
-    oobChannel.getSubchannel().requestConnection();
-
-    MockClientTransportInfo transportInfo = transports.poll();
-    assertNotNull(transportInfo);
-
-    FakeNameResolverFactory.FakeNameResolver resolver = nameResolverFactory.resolvers.remove(0);
-
-    if (isIdle) {
-      channel.enterIdle();
-      // Entering idle mode will result in a new resolver
-      resolver = nameResolverFactory.resolvers.remove(0);
-    }
-
-    assertEquals(0, nameResolverFactory.resolvers.size());
-
-    int expectedRefreshCount = 0;
-
-    // Transport closed when connecting
-    assertEquals(expectedRefreshCount, resolver.refreshCalled);
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE,
-        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
-    // When channel enters idle, new resolver is created but not started.
-    if (!isIdle) {
-      expectedRefreshCount++;
-    }
-    assertEquals(expectedRefreshCount, resolver.refreshCalled);
-
-    timer.forwardNanos(RECONNECT_BACKOFF_INTERVAL_NANOS);
-    transportInfo = transports.poll();
-    assertNotNull(transportInfo);
-
-    transportInfo.listener.transportReady();
-
-    // Transport closed when ready
-    assertEquals(expectedRefreshCount, resolver.refreshCalled);
-    transportInfo.listener.transportShutdown(Status.UNAVAILABLE,
-        SimpleDisconnectError.SUBCHANNEL_SHUTDOWN);
-    // When channel enters idle, new resolver is created but not started.
-    if (!isIdle) {
-      expectedRefreshCount++;
-    }
-    assertEquals(expectedRefreshCount, resolver.refreshCalled);
-  }
-
   /**
    * Test that information such as the Call's context, MethodDescriptor, authority, executor are
    * propagated to newStream() and applyRequestMetadata().
@@ -3525,48 +3239,6 @@ public void channelTracing_subchannelStateChangeEvent() throws Exception {
         .build());
   }
 
-  @Test
-  public void channelTracing_oobChannelStateChangeEvent() throws Exception {
-    channelBuilder.maxTraceEvents(10);
-    createChannel();
-    OobChannel oobChannel = (OobChannel) helper.createOobChannel(
-        Collections.singletonList(addressGroup), "authority");
-    timer.forwardNanos(1234);
-    oobChannel.handleSubchannelStateChange(
-        ConnectivityStateInfo.forNonError(ConnectivityState.CONNECTING));
-    assertThat(getStats(oobChannel).channelTrace.events).contains(new ChannelTrace.Event.Builder()
-        .setDescription("Entering CONNECTING state")
-        .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
-        .setTimestampNanos(timer.getTicker().read())
-        .build());
-  }
-
-  @Test
-  public void channelTracing_oobChannelCreationEvents() throws Exception {
-    channelBuilder.maxTraceEvents(10);
-    createChannel();
-    timer.forwardNanos(1234);
-    OobChannel oobChannel = (OobChannel) helper.createOobChannel(
-        Collections.singletonList(addressGroup), "authority");
-    assertThat(getStats(channel).channelTrace.events).contains(new ChannelTrace.Event.Builder()
-        .setDescription("Child OobChannel created")
-        .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
-        .setTimestampNanos(timer.getTicker().read())
-        .setChannelRef(oobChannel)
-        .build());
-    assertThat(getStats(oobChannel).channelTrace.events).contains(new ChannelTrace.Event.Builder()
-        .setDescription("OobChannel for [[[test-addr]/{}]] created")
-        .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
-        .setTimestampNanos(timer.getTicker().read())
-        .build());
-    assertThat(getStats(oobChannel.getInternalSubchannel()).channelTrace.events).contains(
-        new ChannelTrace.Event.Builder()
-            .setDescription("Subchannel for [[[test-addr]/{}]] created")
-            .setSeverity(ChannelTrace.Event.Severity.CT_INFO)
-            .setTimestampNanos(timer.getTicker().read())
-            .build());
-  }
-
   @Test
   public void channelsAndSubchannels_instrumented_state() throws Exception {
     createChannel();
@@ -3682,115 +3354,6 @@ private void channelsAndSubchannels_instrumented0(boolean success) throws Except
     }
   }
 
-  @Test
-  public void channelsAndSubchannels_oob_instrumented_success() throws Exception {
-    channelsAndSubchannels_oob_instrumented0(true);
-  }
-
-  @Test
-  public void channelsAndSubchannels_oob_instrumented_fail() throws Exception {
-    channelsAndSubchannels_oob_instrumented0(false);
-  }
-
-  private void channelsAndSubchannels_oob_instrumented0(boolean success) throws Exception {
-    // set up
-    ClientStream mockStream = mock(ClientStream.class);
-    createChannel();
-
-    OobChannel oobChannel = (OobChannel) helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oobauthority");
-    AbstractSubchannel oobSubchannel = (AbstractSubchannel) oobChannel.getSubchannel();
-    FakeClock callExecutor = new FakeClock();
-    CallOptions options =
-        CallOptions.DEFAULT.withExecutor(callExecutor.getScheduledExecutorService());
-    ClientCall<String, Integer> call = oobChannel.newCall(method, options);
-    Metadata headers = new Metadata();
-
-    // Channel stat bumped when ClientCall.start() called
-    assertEquals(0, getStats(oobChannel).callsStarted);
-    call.start(mockCallListener, headers);
-    assertEquals(1, getStats(oobChannel).callsStarted);
-
-    MockClientTransportInfo transportInfo = transports.poll();
-    ConnectionClientTransport mockTransport = transportInfo.transport;
-    ManagedClientTransport.Listener transportListener = transportInfo.listener;
-    when(mockTransport.newStream(
-            same(method), same(headers), any(CallOptions.class),
-            ArgumentMatchers.<ClientStreamTracer[]>any()))
-        .thenReturn(mockStream);
-
-    // subchannel stat bumped when call gets assigned to it
-    assertEquals(0, getStats(oobSubchannel).callsStarted);
-    transportListener.transportReady();
-    callExecutor.runDueTasks();
-    verify(mockStream).start(streamListenerCaptor.capture());
-    assertEquals(1, getStats(oobSubchannel).callsStarted);
-
-    ClientStreamListener streamListener = streamListenerCaptor.getValue();
-    call.halfClose();
-
-    // closing stream listener affects subchannel stats immediately
-    assertEquals(0, getStats(oobSubchannel).callsSucceeded);
-    assertEquals(0, getStats(oobSubchannel).callsFailed);
-    streamListener.closed(success ? Status.OK : Status.UNKNOWN, PROCESSED, new Metadata());
-    if (success) {
-      assertEquals(1, getStats(oobSubchannel).callsSucceeded);
-      assertEquals(0, getStats(oobSubchannel).callsFailed);
-    } else {
-      assertEquals(0, getStats(oobSubchannel).callsSucceeded);
-      assertEquals(1, getStats(oobSubchannel).callsFailed);
-    }
-
-    // channel stats bumped when the ClientCall.Listener is notified
-    assertEquals(0, getStats(oobChannel).callsSucceeded);
-    assertEquals(0, getStats(oobChannel).callsFailed);
-    callExecutor.runDueTasks();
-    if (success) {
-      assertEquals(1, getStats(oobChannel).callsSucceeded);
-      assertEquals(0, getStats(oobChannel).callsFailed);
-    } else {
-      assertEquals(0, getStats(oobChannel).callsSucceeded);
-      assertEquals(1, getStats(oobChannel).callsFailed);
-    }
-    // oob channel is separate from the original channel
-    assertEquals(0, getStats(channel).callsSucceeded);
-    assertEquals(0, getStats(channel).callsFailed);
-  }
-
-  @Test
-  public void channelsAndSubchannels_oob_instrumented_name() throws Exception {
-    createChannel();
-
-    String authority = "oobauthority";
-    OobChannel oobChannel = (OobChannel) helper.createOobChannel(
-        Collections.singletonList(addressGroup), authority);
-    assertEquals(authority, getStats(oobChannel).target);
-  }
-
-  @Test
-  public void channelsAndSubchannels_oob_instrumented_state() throws Exception {
-    createChannel();
-
-    OobChannel oobChannel = (OobChannel) helper.createOobChannel(
-        Collections.singletonList(addressGroup), "oobauthority");
-    assertEquals(IDLE, getStats(oobChannel).state);
-
-    oobChannel.getSubchannel().requestConnection();
-    assertEquals(CONNECTING, getStats(oobChannel).state);
-
-    MockClientTransportInfo transportInfo = transports.poll();
-    ManagedClientTransport.Listener transportListener = transportInfo.listener;
-
-    transportListener.transportReady();
-    assertEquals(READY, getStats(oobChannel).state);
-
-    // oobchannel state is separate from the ManagedChannel
-    assertEquals(CONNECTING, getStats(channel).state);
-    channel.shutdownNow();
-    assertEquals(SHUTDOWN, getStats(channel).state);
-    assertEquals(SHUTDOWN, getStats(oobChannel).state);
-  }
-
   @Test
   public void binaryLogInstalled() throws Exception {
     final SettableFuture<Boolean> intercepted = SettableFuture.create();
diff --git a/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java b/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
index 2fc2a492ac8..5ed84ade2f8 100644
--- a/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
+++ b/grpclb/src/main/java/io/grpc/grpclb/GrpclbState.java
@@ -386,11 +386,12 @@ private void useFallbackBackends() {
   }
 
   private void shutdownLbComm() {
+    shutdownLbRpc();
     if (lbCommChannel != null) {
-      lbCommChannel.shutdown();
+      // The channel should have no RPCs at this point
+      lbCommChannel.shutdownNow();
       lbCommChannel = null;
     }
-    shutdownLbRpc();
   }
 
   private void shutdownLbRpc() {

From 4bbf8eee5069ed45624a601c046bb3ee81798e43 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 5 Jan 2026 21:30:53 -0800
Subject: [PATCH 503/591] core: Convert AutoConfiguredLB to an actual LB

AutoConfiguredLB wasn't able to be a LB because it needed to be able to
reject configuration to cause the NameResolver to refresh. Since
4b4cb0bd3b, and especially 9888a54abd, the LB API now is able to do this
directly.

The real end-goal of this work is to replace (much of) AutoConfiguredLB
with GracefulSwitchLB. The AutoConfiguredLBFactory will still be needed
for config handling, but the LB itself could just become an instance of
GracefulSwitchLB. Using GracefulSwitchLB will let us reuse more of the
config parsing logic, avoids a latency hit when the top-level policy
changes, and gets rid of the last usage of
ServiceConfigUtil.selectLbPolicyFromList() outside of GracefulSwitchLB.
Go and C are already using GracefulSwitchLB for the top-level policy.

Moving the defaultProvider creation earlier was to allow
parseLoadBalancingPolicyConfig() to never return null. However, that ran
into some simple but annoying test failures because the service config
was now being detected as changed. That's solveable, but turns out to be
more involved than this change itself, so that's left for later. Since
the error handling is nicer now and the earlier creation will be needed
eventually anyway, I left the earlier creation in-place even though it
technically doesn't have to be done as part of this commit.
---
 .../AutoConfiguredLoadBalancerFactory.java    | 107 +++++++-----------
 .../FixedPickerLoadBalancerProvider.java      |  80 +++++++++++++
 .../io/grpc/internal/ManagedChannelImpl.java  |   8 +-
 .../main/java/io/grpc/internal/ScParser.java  |  11 +-
 ...AutoConfiguredLoadBalancerFactoryTest.java |  82 +++++++-------
 .../grpc/internal/ManagedChannelImplTest.java |   4 +-
 6 files changed, 178 insertions(+), 114 deletions(-)
 create mode 100644 core/src/main/java/io/grpc/internal/FixedPickerLoadBalancerProvider.java

diff --git a/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java b/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
index 6b8537fd658..dcefa8f8351 100644
--- a/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
+++ b/core/src/main/java/io/grpc/internal/AutoConfiguredLoadBalancerFactory.java
@@ -38,10 +38,10 @@
 import java.util.Map;
 import javax.annotation.Nullable;
 
-public final class AutoConfiguredLoadBalancerFactory {
+public final class AutoConfiguredLoadBalancerFactory extends LoadBalancerProvider {
 
   private final LoadBalancerRegistry registry;
-  private final String defaultPolicy;
+  private final LoadBalancerProvider defaultProvider;
 
   public AutoConfiguredLoadBalancerFactory(String defaultPolicy) {
     this(LoadBalancerRegistry.getDefaultRegistry(), defaultPolicy);
@@ -50,47 +50,34 @@ public AutoConfiguredLoadBalancerFactory(String defaultPolicy) {
   @VisibleForTesting
   AutoConfiguredLoadBalancerFactory(LoadBalancerRegistry registry, String defaultPolicy) {
     this.registry = checkNotNull(registry, "registry");
-    this.defaultPolicy = checkNotNull(defaultPolicy, "defaultPolicy");
+    LoadBalancerProvider provider =
+        registry.getProvider(checkNotNull(defaultPolicy, "defaultPolicy"));
+    if (provider == null) {
+      Status status = Status.INTERNAL.withDescription("Could not find policy '" + defaultPolicy
+          + "'. Make sure its implementation is either registered to LoadBalancerRegistry or"
+          + " included in META-INF/services/io.grpc.LoadBalancerProvider from your jar files.");
+      provider = new FixedPickerLoadBalancerProvider(
+          ConnectivityState.TRANSIENT_FAILURE,
+          new LoadBalancer.FixedResultPicker(PickResult.withError(status)),
+          status);
+    }
+    this.defaultProvider = provider;
   }
 
+  @Override
   public AutoConfiguredLoadBalancer newLoadBalancer(Helper helper) {
     return new AutoConfiguredLoadBalancer(helper);
   }
 
-  private static final class NoopLoadBalancer extends LoadBalancer {
-
-    @Override
-    @Deprecated
-    @SuppressWarnings("InlineMeSuggester")
-    public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-    }
-
-    @Override
-    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-      return Status.OK;
-    }
-
-    @Override
-    public void handleNameResolutionError(Status error) {}
-
-    @Override
-    public void shutdown() {}
-  }
-
   @VisibleForTesting
-  public final class AutoConfiguredLoadBalancer {
+  public final class AutoConfiguredLoadBalancer extends LoadBalancer {
     private final Helper helper;
     private LoadBalancer delegate;
     private LoadBalancerProvider delegateProvider;
 
     AutoConfiguredLoadBalancer(Helper helper) {
       this.helper = helper;
-      delegateProvider = registry.getProvider(defaultPolicy);
-      if (delegateProvider == null) {
-        throw new IllegalStateException("Could not find policy '" + defaultPolicy
-            + "'. Make sure its implementation is either registered to LoadBalancerRegistry or"
-            + " included in META-INF/services/io.grpc.LoadBalancerProvider from your jar files.");
-      }
+      this.delegateProvider = defaultProvider;
       delegate = delegateProvider.newLoadBalancer(helper);
     }
 
@@ -98,23 +85,12 @@ public final class AutoConfiguredLoadBalancer {
      * Returns non-OK status if the delegate rejects the resolvedAddresses (e.g. if it does not
      * support an empty list).
      */
-    Status tryAcceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+    @Override
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       PolicySelection policySelection =
           (PolicySelection) resolvedAddresses.getLoadBalancingPolicyConfig();
 
       if (policySelection == null) {
-        LoadBalancerProvider defaultProvider;
-        try {
-          defaultProvider = getProviderOrThrow(defaultPolicy, "using default policy");
-        } catch (PolicyException e) {
-          Status s = Status.INTERNAL.withDescription(e.getMessage());
-          helper.updateBalancingState(
-              ConnectivityState.TRANSIENT_FAILURE, new FixedResultPicker(PickResult.withError(s)));
-          delegate.shutdown();
-          delegateProvider = null;
-          delegate = new NoopLoadBalancer();
-          return Status.OK;
-        }
         policySelection =
             new PolicySelection(defaultProvider, /* config= */ null);
       }
@@ -145,20 +121,24 @@ Status tryAcceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
               .build());
     }
 
-    void handleNameResolutionError(Status error) {
+    @Override
+    public void handleNameResolutionError(Status error) {
       getDelegate().handleNameResolutionError(error);
     }
 
+    @Override
     @Deprecated
-    void handleSubchannelState(Subchannel subchannel, ConnectivityStateInfo stateInfo) {
+    public void handleSubchannelState(Subchannel subchannel, ConnectivityStateInfo stateInfo) {
       getDelegate().handleSubchannelState(subchannel, stateInfo);
     }
 
-    void requestConnection() {
+    @Override
+    public void requestConnection() {
       getDelegate().requestConnection();
     }
 
-    void shutdown() {
+    @Override
+    public void shutdown() {
       delegate.shutdown();
       delegate = null;
     }
@@ -179,16 +159,6 @@ LoadBalancerProvider getDelegateProvider() {
     }
   }
 
-  private LoadBalancerProvider getProviderOrThrow(String policy, String choiceReason)
-      throws PolicyException {
-    LoadBalancerProvider provider = registry.getProvider(policy);
-    if (provider == null) {
-      throw new PolicyException(
-          "Trying to load '" + policy + "' because " + choiceReason + ", but it's unavailable");
-    }
-    return provider;
-  }
-
   /**
    * Parses first available LoadBalancer policy from service config. Available LoadBalancer should
    * be registered to {@link LoadBalancerRegistry}. If the first available LoadBalancer policy is
@@ -209,8 +179,11 @@ private LoadBalancerProvider getProviderOrThrow(String policy, String choiceReas
    *
    * @return the parsed {@link PolicySelection}, or {@code null} if no selection could be made.
    */
+  // TODO(ejona): The Provider API doesn't allow null, but ScParser can handle this and it will need
+  // tweaking to ManagedChannelImpl.defaultServiceConfig to fix.
   @Nullable
-  ConfigOrError parseLoadBalancerPolicy(Map<String, ?> serviceConfig) {
+  @Override
+  public ConfigOrError parseLoadBalancingPolicyConfig(Map<String, ?> serviceConfig) {
     try {
       List<LbConfig> loadBalancerConfigs = null;
       if (serviceConfig != null) {
@@ -228,12 +201,18 @@ ConfigOrError parseLoadBalancerPolicy(Map<String, ?> serviceConfig) {
     }
   }
 
-  @VisibleForTesting
-  static final class PolicyException extends Exception {
-    private static final long serialVersionUID = 1L;
+  @Override
+  public boolean isAvailable() {
+    return true;
+  }
 
-    private PolicyException(String msg) {
-      super(msg);
-    }
+  @Override
+  public int getPriority() {
+    return 5;
+  }
+
+  @Override
+  public String getPolicyName() {
+    return "auto_configured_internal";
   }
 }
diff --git a/core/src/main/java/io/grpc/internal/FixedPickerLoadBalancerProvider.java b/core/src/main/java/io/grpc/internal/FixedPickerLoadBalancerProvider.java
new file mode 100644
index 00000000000..a632948bdb9
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/FixedPickerLoadBalancerProvider.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static java.util.Objects.requireNonNull;
+
+import io.grpc.ConnectivityState;
+import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancerProvider;
+import io.grpc.Status;
+
+/** A LB provider whose LB always uses the same picker. */
+final class FixedPickerLoadBalancerProvider extends LoadBalancerProvider {
+  private final ConnectivityState state;
+  private final LoadBalancer.SubchannelPicker picker;
+  private final Status acceptAddressesStatus;
+
+  public FixedPickerLoadBalancerProvider(
+      ConnectivityState state, LoadBalancer.SubchannelPicker picker, Status acceptAddressesStatus) {
+    this.state = requireNonNull(state, "state");
+    this.picker = requireNonNull(picker, "picker");
+    this.acceptAddressesStatus = requireNonNull(acceptAddressesStatus, "acceptAddressesStatus");
+  }
+
+  @Override
+  public boolean isAvailable() {
+    return true;
+  }
+
+  @Override
+  public int getPriority() {
+    return 5;
+  }
+
+  @Override
+  public String getPolicyName() {
+    return "fixed_picker_lb_internal";
+  }
+
+  @Override
+  public LoadBalancer newLoadBalancer(LoadBalancer.Helper helper) {
+    return new FixedPickerLoadBalancer(helper);
+  }
+
+  private final class FixedPickerLoadBalancer extends LoadBalancer {
+    private final Helper helper;
+
+    public FixedPickerLoadBalancer(Helper helper) {
+      this.helper = requireNonNull(helper, "helper");
+    }
+
+    @Override
+    public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
+      helper.updateBalancingState(state, picker);
+      return acceptAddressesStatus;
+    }
+
+    @Override
+    public void handleNameResolutionError(Status error) {
+      helper.updateBalancingState(state, picker);
+    }
+
+    @Override
+    public void shutdown() {}
+  }
+}
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index bdade61efc6..5c3afbf8de0 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -69,6 +69,7 @@
 import io.grpc.LoadBalancer.ResolvedAddresses;
 import io.grpc.LoadBalancer.SubchannelPicker;
 import io.grpc.LoadBalancer.SubchannelStateListener;
+import io.grpc.LoadBalancerProvider;
 import io.grpc.ManagedChannel;
 import io.grpc.ManagedChannelBuilder;
 import io.grpc.Metadata;
@@ -85,7 +86,6 @@
 import io.grpc.StatusOr;
 import io.grpc.SynchronizationContext;
 import io.grpc.SynchronizationContext.ScheduledHandle;
-import io.grpc.internal.AutoConfiguredLoadBalancerFactory.AutoConfiguredLoadBalancer;
 import io.grpc.internal.ClientCallImpl.ClientStreamProvider;
 import io.grpc.internal.ClientTransportFactory.SwapChannelCredentialsResult;
 import io.grpc.internal.ManagedChannelImplBuilder.ClientTransportFactoryBuilder;
@@ -163,7 +163,7 @@ public Result selectConfig(PickSubchannelArgs args) {
   private final URI targetUri;
   private final NameResolverProvider nameResolverProvider;
   private final NameResolver.Args nameResolverArgs;
-  private final AutoConfiguredLoadBalancerFactory loadBalancerFactory;
+  private final LoadBalancerProvider loadBalancerFactory;
   private final ClientTransportFactory originalTransportFactory;
   @Nullable
   private final ChannelCredentials originalChannelCreds;
@@ -1342,7 +1342,7 @@ void remove(RetriableStream<?> retriableStream) {
   }
 
   private final class LbHelperImpl extends LoadBalancer.Helper {
-    AutoConfiguredLoadBalancer lb;
+    LoadBalancer lb;
 
     @Override
     public AbstractSubchannel createSubchannel(CreateSubchannelArgs args) {
@@ -1727,7 +1727,7 @@ public Status onResult2(final ResolutionResult resolutionResult) {
             .setAddresses(serversOrError.getValue())
             .setAttributes(attributes)
             .setLoadBalancingPolicyConfig(effectiveServiceConfig.getLoadBalancingConfig());
-        Status addressAcceptanceStatus = helper.lb.tryAcceptResolvedAddresses(
+        Status addressAcceptanceStatus = helper.lb.acceptResolvedAddresses(
             resolvedAddresses.build());
         return addressAcceptanceStatus;
       }
diff --git a/core/src/main/java/io/grpc/internal/ScParser.java b/core/src/main/java/io/grpc/internal/ScParser.java
index f94449f7c7b..16a241f41f6 100644
--- a/core/src/main/java/io/grpc/internal/ScParser.java
+++ b/core/src/main/java/io/grpc/internal/ScParser.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
+import io.grpc.LoadBalancerProvider;
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
@@ -31,18 +32,18 @@ public final class ScParser extends NameResolver.ServiceConfigParser {
   private final boolean retryEnabled;
   private final int maxRetryAttemptsLimit;
   private final int maxHedgedAttemptsLimit;
-  private final AutoConfiguredLoadBalancerFactory autoLoadBalancerFactory;
+  private final LoadBalancerProvider parser;
 
   /** Creates a parse with global retry settings and an auto configured lb factory. */
   public ScParser(
       boolean retryEnabled,
       int maxRetryAttemptsLimit,
       int maxHedgedAttemptsLimit,
-      AutoConfiguredLoadBalancerFactory autoLoadBalancerFactory) {
+      LoadBalancerProvider parser) {
     this.retryEnabled = retryEnabled;
     this.maxRetryAttemptsLimit = maxRetryAttemptsLimit;
     this.maxHedgedAttemptsLimit = maxHedgedAttemptsLimit;
-    this.autoLoadBalancerFactory = checkNotNull(autoLoadBalancerFactory, "autoLoadBalancerFactory");
+    this.parser = checkNotNull(parser, "parser");
   }
 
   @Override
@@ -50,7 +51,9 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
     try {
       Object loadBalancingPolicySelection;
       ConfigOrError choiceFromLoadBalancer =
-          autoLoadBalancerFactory.parseLoadBalancerPolicy(rawServiceConfig);
+          parser.parseLoadBalancingPolicyConfig(rawServiceConfig);
+      // TODO(ejona): The Provider API doesn't allow null, but AutoConfiguredLoadBalancerFactory can
+      // return null and it will need tweaking to ManagedChannelImpl.defaultServiceConfig to fix.
       if (choiceFromLoadBalancer == null) {
         loadBalancingPolicySelection = null;
       } else if (choiceFromLoadBalancer.getError() != null) {
diff --git a/core/src/test/java/io/grpc/internal/AutoConfiguredLoadBalancerFactoryTest.java b/core/src/test/java/io/grpc/internal/AutoConfiguredLoadBalancerFactoryTest.java
index 8d56968737b..07d19d41a86 100644
--- a/core/src/test/java/io/grpc/internal/AutoConfiguredLoadBalancerFactoryTest.java
+++ b/core/src/test/java/io/grpc/internal/AutoConfiguredLoadBalancerFactoryTest.java
@@ -193,7 +193,7 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
     AutoConfiguredLoadBalancer lb = lbf.newLoadBalancer(helper);
     LoadBalancer oldDelegate = lb.getDelegate();
 
-    Status addressAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    Status addressAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setAttributes(Attributes.EMPTY)
@@ -208,7 +208,7 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
   public void acceptResolvedAddresses_shutsDownOldBalancer() throws Exception {
     Map<String, ?> serviceConfig =
         parseConfig("{\"loadBalancingConfig\": [ {\"round_robin\": { } } ] }");
-    ConfigOrError lbConfigs = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError lbConfigs = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
 
     final List<EquivalentAddressGroup> servers =
         Collections.singletonList(new EquivalentAddressGroup(new SocketAddress(){}));
@@ -235,7 +235,7 @@ public void shutdown() {
     };
     lb.setDelegate(testlb);
 
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -252,7 +252,7 @@ public void shutdown() {
   public void acceptResolvedAddresses_propagateLbConfigToDelegate() throws Exception {
     Map<String, ?> rawServiceConfig =
         parseConfig("{\"loadBalancingConfig\": [ {\"test_lb\": { \"setting1\": \"high\" } } ] }");
-    ConfigOrError lbConfigs = lbf.parseLoadBalancerPolicy(rawServiceConfig);
+    ConfigOrError lbConfigs = lbf.parseLoadBalancingPolicyConfig(rawServiceConfig);
     assertThat(lbConfigs.getConfig()).isNotNull();
 
     final List<EquivalentAddressGroup> servers =
@@ -260,7 +260,7 @@ public void acceptResolvedAddresses_propagateLbConfigToDelegate() throws Excepti
     Helper helper = new TestHelper();
     AutoConfiguredLoadBalancer lb = lbf.newLoadBalancer(helper);
 
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -280,9 +280,9 @@ public void acceptResolvedAddresses_propagateLbConfigToDelegate() throws Excepti
 
     rawServiceConfig =
         parseConfig("{\"loadBalancingConfig\": [ {\"test_lb\": { \"setting1\": \"low\" } } ] }");
-    lbConfigs = lbf.parseLoadBalancerPolicy(rawServiceConfig);
+    lbConfigs = lbf.parseLoadBalancingPolicyConfig(rawServiceConfig);
 
-    addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -305,7 +305,7 @@ public void acceptResolvedAddresses_propagateLbConfigToDelegate() throws Excepti
   public void acceptResolvedAddresses_propagateAddrsToDelegate() throws Exception {
     Map<String, ?> rawServiceConfig =
         parseConfig("{\"loadBalancingConfig\": [ {\"test_lb\": { \"setting1\": \"high\" } } ] }");
-    ConfigOrError lbConfigs = lbf.parseLoadBalancerPolicy(rawServiceConfig);
+    ConfigOrError lbConfigs = lbf.parseLoadBalancingPolicyConfig(rawServiceConfig);
     assertThat(lbConfigs.getConfig()).isNotNull();
 
     Helper helper = new TestHelper();
@@ -313,7 +313,7 @@ public void acceptResolvedAddresses_propagateAddrsToDelegate() throws Exception
     List<EquivalentAddressGroup> servers =
         Collections.singletonList(new EquivalentAddressGroup(new InetSocketAddress(8080){}));
 
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -329,7 +329,7 @@ public void acceptResolvedAddresses_propagateAddrsToDelegate() throws Exception
 
     servers =
         Collections.singletonList(new EquivalentAddressGroup(new InetSocketAddress(9090){}));
-    addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -353,8 +353,8 @@ public void acceptResolvedAddresses_delegateDoNotAcceptEmptyAddressList_nothing(
 
     Map<String, ?> serviceConfig =
         parseConfig("{\"loadBalancingConfig\": [ {\"test_lb\": { \"setting1\": \"high\" } } ] }");
-    ConfigOrError lbConfig = lbf.parseLoadBalancerPolicy(serviceConfig);
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    ConfigOrError lbConfig = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(Collections.<EquivalentAddressGroup>emptyList())
             .setLoadBalancingPolicyConfig(lbConfig.getConfig())
@@ -373,8 +373,8 @@ public void acceptResolvedAddresses_delegateAcceptsEmptyAddressList()
     Map<String, ?> rawServiceConfig =
         parseConfig("{\"loadBalancingConfig\": [ {\"test_lb2\": { \"setting1\": \"high\" } } ] }");
     ConfigOrError lbConfigs =
-        lbf.parseLoadBalancerPolicy(rawServiceConfig);
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+        lbf.parseLoadBalancingPolicyConfig(rawServiceConfig);
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(Collections.<EquivalentAddressGroup>emptyList())
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -394,7 +394,7 @@ public void acceptResolvedAddresses_delegateAcceptsEmptyAddressList()
   public void acceptResolvedAddresses_useSelectedLbPolicy() throws Exception {
     Map<String, ?> rawServiceConfig =
         parseConfig("{\"loadBalancingConfig\": [{\"round_robin\": {}}]}");
-    ConfigOrError lbConfigs = lbf.parseLoadBalancerPolicy(rawServiceConfig);
+    ConfigOrError lbConfigs = lbf.parseLoadBalancingPolicyConfig(rawServiceConfig);
     assertThat(lbConfigs.getConfig()).isNotNull();
     assertThat(((PolicySelection) lbConfigs.getConfig()).provider.getClass().getName())
         .isEqualTo("io.grpc.util.SecretRoundRobinLoadBalancerProvider$Provider");
@@ -409,7 +409,7 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
       }
     };
     AutoConfiguredLoadBalancer lb = lbf.newLoadBalancer(helper);
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -431,7 +431,7 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
       }
     };
     AutoConfiguredLoadBalancer lb = lbf.newLoadBalancer(helper);
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(null)
@@ -446,7 +446,7 @@ public void acceptResolvedAddresses_noLbPolicySelected_defaultToCustomDefault()
         .newLoadBalancer(new TestHelper());
     List<EquivalentAddressGroup> servers =
         Collections.singletonList(new EquivalentAddressGroup(new SocketAddress(){}));
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(null)
@@ -468,7 +468,7 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
 
     AutoConfiguredLoadBalancer lb =
         new AutoConfiguredLoadBalancerFactory(GrpcUtil.DEFAULT_LB_POLICY).newLoadBalancer(helper);
-    Status addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    Status addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setAttributes(Attributes.EMPTY)
@@ -481,8 +481,8 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
     nextParsedConfigOrError.set(testLbParsedConfig);
     Map<String, ?> serviceConfig =
         parseConfig("{\"loadBalancingConfig\": [ {\"test_lb\": { } } ] }");
-    ConfigOrError lbConfigs = lbf.parseLoadBalancerPolicy(serviceConfig);
-    addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    ConfigOrError lbConfigs = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
+    addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -504,8 +504,8 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
     testLbParsedConfig = ConfigOrError.fromConfig("bar");
     nextParsedConfigOrError.set(testLbParsedConfig);
     serviceConfig = parseConfig("{\"loadBalancingConfig\": [ {\"test_lb\": { } } ] }");
-    lbConfigs = lbf.parseLoadBalancerPolicy(serviceConfig);
-    addressesAcceptanceStatus = lb.tryAcceptResolvedAddresses(
+    lbConfigs = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
+    addressesAcceptanceStatus = lb.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder()
             .setAddresses(servers)
             .setLoadBalancingPolicyConfig(lbConfigs.getConfig())
@@ -519,33 +519,33 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
   }
 
   @Test
-  public void parseLoadBalancerConfig_failedOnUnknown() throws Exception {
+  public void parseLoadBalancingConfig_failedOnUnknown() throws Exception {
     Map<String, ?> serviceConfig =
         parseConfig("{\"loadBalancingConfig\": [ {\"magic_balancer\": {} } ] }");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
     assertThat(parsed.getError()).isNotNull();
     assertThat(parsed.getError().getDescription())
         .isEqualTo("None of [magic_balancer] specified by Service Config are available.");
   }
 
   @Test
-  public void parseLoadBalancerPolicy_failedOnUnknown() throws Exception {
+  public void parseLoadBalancingPolicy_failedOnUnknown() throws Exception {
     Map<String, ?> serviceConfig =
         parseConfig("{\"loadBalancingPolicy\": \"magic_balancer\"}");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
     assertThat(parsed.getError()).isNotNull();
     assertThat(parsed.getError().getDescription())
         .isEqualTo("None of [magic_balancer] specified by Service Config are available.");
   }
 
   @Test
-  public void parseLoadBalancerConfig_multipleValidPolicies() throws Exception {
+  public void parseLoadBalancingConfig_multipleValidPolicies() throws Exception {
     Map<String, ?> serviceConfig =
         parseConfig(
             "{\"loadBalancingConfig\": ["
                 + "{\"round_robin\": {}},"
                 + "{\"test_lb\": {} } ] }");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
     assertThat(parsed).isNotNull();
     assertThat(parsed.getError()).isNull();
     assertThat(parsed.getConfig()).isInstanceOf(PolicySelection.class);
@@ -554,12 +554,12 @@ public void parseLoadBalancerConfig_multipleValidPolicies() throws Exception {
   }
 
   @Test
-  public void parseLoadBalancerConfig_policyShouldBeIgnoredIfConfigExists() throws Exception {
+  public void parseLoadBalancingConfig_policyShouldBeIgnoredIfConfigExists() throws Exception {
     Map<String, ?> serviceConfig =
         parseConfig(
             "{\"loadBalancingConfig\": [{\"round_robin\": {} } ],"
                 + "\"loadBalancingPolicy\": \"pick_first\" }");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
     assertThat(parsed).isNotNull();
     assertThat(parsed.getError()).isNull();
     assertThat(parsed.getConfig()).isInstanceOf(PolicySelection.class);
@@ -568,13 +568,13 @@ public void parseLoadBalancerConfig_policyShouldBeIgnoredIfConfigExists() throws
   }
 
   @Test
-  public void parseLoadBalancerConfig_policyShouldBeIgnoredEvenIfUnknownPolicyExists()
+  public void parseLoadBalancingConfig_policyShouldBeIgnoredEvenIfUnknownPolicyExists()
       throws Exception {
     Map<String, ?> serviceConfig =
         parseConfig(
             "{\"loadBalancingConfig\": [{\"magic_balancer\": {} } ],"
                 + "\"loadBalancingPolicy\": \"round_robin\" }");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
     assertThat(parsed.getError()).isNotNull();
     assertThat(parsed.getError().getDescription())
         .isEqualTo("None of [magic_balancer] specified by Service Config are available.");
@@ -582,7 +582,7 @@ public void parseLoadBalancerConfig_policyShouldBeIgnoredEvenIfUnknownPolicyExis
 
   @Test
   @SuppressWarnings("unchecked")
-  public void parseLoadBalancerConfig_firstInvalidPolicy() throws Exception {
+  public void parseLoadBalancingConfig_firstInvalidPolicy() throws Exception {
     when(testLbBalancerProvider.parseLoadBalancingPolicyConfig(any(Map.class)))
         .thenReturn(ConfigOrError.fromError(Status.UNKNOWN));
     Map<String, ?> serviceConfig =
@@ -590,7 +590,7 @@ public void parseLoadBalancerConfig_firstInvalidPolicy() throws Exception {
             "{\"loadBalancingConfig\": ["
                 + "{\"test_lb\": {}},"
                 + "{\"round_robin\": {} } ] }");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
     assertThat(parsed).isNotNull();
     assertThat(parsed.getConfig()).isNull();
     assertThat(parsed.getError()).isEqualTo(Status.UNKNOWN);
@@ -598,7 +598,7 @@ public void parseLoadBalancerConfig_firstInvalidPolicy() throws Exception {
 
   @Test
   @SuppressWarnings("unchecked")
-  public void parseLoadBalancerConfig_firstValidSecondInvalidPolicy() throws Exception {
+  public void parseLoadBalancingConfig_firstValidSecondInvalidPolicy() throws Exception {
     when(testLbBalancerProvider.parseLoadBalancingPolicyConfig(any(Map.class)))
         .thenReturn(ConfigOrError.fromError(Status.UNKNOWN));
     Map<String, ?> serviceConfig =
@@ -606,32 +606,32 @@ public void parseLoadBalancerConfig_firstValidSecondInvalidPolicy() throws Excep
             "{\"loadBalancingConfig\": ["
                 + "{\"round_robin\": {}},"
                 + "{\"test_lb\": {} } ] }");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
     assertThat(parsed).isNotNull();
     assertThat(parsed.getConfig()).isNotNull();
     assertThat(((PolicySelection) parsed.getConfig()).config).isNotNull();
   }
 
   @Test
-  public void parseLoadBalancerConfig_someProvidesAreNotAvailable() throws Exception {
+  public void parseLoadBalancingConfig_someProvidesAreNotAvailable() throws Exception {
     Map<String, ?> serviceConfig =
         parseConfig("{\"loadBalancingConfig\": [ "
             + "{\"magic_balancer\": {} },"
             + "{\"round_robin\": {}} ] }");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(serviceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(serviceConfig);
     assertThat(parsed).isNotNull();
     assertThat(parsed.getConfig()).isNotNull();
     assertThat(((PolicySelection) parsed.getConfig()).config).isNotNull();
   }
 
   @Test
-  public void parseLoadBalancerConfig_lbConfigPropagated() throws Exception {
+  public void parseLoadBalancingConfig_lbConfigPropagated() throws Exception {
     Map<String, ?> rawServiceConfig =
         parseConfig(
             "{\"loadBalancingConfig\": ["
                 + "{\"pick_first\": {\"shuffleAddressList\": true } }"
                 + "] }");
-    ConfigOrError parsed = lbf.parseLoadBalancerPolicy(rawServiceConfig);
+    ConfigOrError parsed = lbf.parseLoadBalancingPolicyConfig(rawServiceConfig);
     assertThat(parsed).isNotNull();
     assertThat(parsed.getConfig()).isNotNull();
     PolicySelection policySelection = (PolicySelection) parsed.getConfig();
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 731fac94044..24ea4fa03d9 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -3946,8 +3946,10 @@ public void nameResolverHelper_noConfigChosen() {
     boolean retryEnabled = false;
     int maxRetryAttemptsLimit = 2;
     int maxHedgedAttemptsLimit = 3;
+    LoadBalancerRegistry registry = new LoadBalancerRegistry();
+    registry.register(mockLoadBalancerProvider);
     AutoConfiguredLoadBalancerFactory autoConfiguredLoadBalancerFactory =
-        new AutoConfiguredLoadBalancerFactory("pick_first");
+        new AutoConfiguredLoadBalancerFactory(registry, MOCK_POLICY_NAME);
 
     ScParser parser = new ScParser(
         retryEnabled,

From 172f650f1f55abfce980742441235eb0c6fe51d4 Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Wed, 7 Jan 2026 03:03:08 +0900
Subject: [PATCH 504/591] xds: Implement proactive connection in
 RingHashLoadBalancer

Implement proactive connection logic in RingHashLoadBalancer as
outlined in gRFC A61. This address the missing logic where the
balancer should initialize the first IDLE child when a child
balancer reports TRANSIENT_FAILURE and no other children are
connecting.

This behavior, which was previously present before #10610, ensures
that a backup subchannel starts connecting immediately outside of
the picker flow, reducing failover latency.

Fixes #12024
---
 .../io/grpc/xds/RingHashLoadBalancer.java     | 20 +++++++
 .../io/grpc/xds/RingHashLoadBalancerTest.java | 60 +++++++++++++++----
 2 files changed, 67 insertions(+), 13 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
index 21ee914ff8f..513f4d643ea 100644
--- a/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/RingHashLoadBalancer.java
@@ -214,12 +214,32 @@ protected void updateOverallBalancingState() {
       overallState = TRANSIENT_FAILURE;
     }
 
+    // gRFC A61: if the aggregated connectivity state is TRANSIENT_FAILURE or CONNECTING and
+    // there are no endpoints in CONNECTING state, the ring_hash policy will choose one of
+    // the endpoints in IDLE state (if any) to trigger a connection attempt on
+    if (numReady == 0 && numTF > 0 && numConnecting == 0 && numIdle > 0) {
+      triggerIdleChildConnection();
+    }
+
     RingHashPicker picker =
         new RingHashPicker(syncContext, ring, getChildLbStates(), requestHashHeaderKey, random);
     getHelper().updateBalancingState(overallState, picker);
     this.currentConnectivityState = overallState;
   }
 
+
+  /**
+   * Triggers a connection attempt for the first IDLE child load balancer.
+   */
+  private void triggerIdleChildConnection() {
+    for (ChildLbState child : getChildLbStates()) {
+      if (child.getCurrentState() == ConnectivityState.IDLE) {
+        child.getLb().requestConnection();
+        return;
+      }
+    }
+  }
+
   @Override
   protected ChildLbState createChildLbState(Object key) {
     return new ChildLbState(key, lazyLbFactory);
diff --git a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
index d65cf96c00d..b515ed81158 100644
--- a/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/RingHashLoadBalancerTest.java
@@ -255,7 +255,7 @@ public void aggregateSubchannelStates_connectingReadyIdleFailure() {
       inOrder.verify(helper).refreshNameResolution();
       inOrder.verify(helper).updateBalancingState(eq(CONNECTING), any());
     }
-    verifyConnection(0);
+    verifyConnection(1);
   }
 
   private void verifyConnection(int times) {
@@ -537,7 +537,7 @@ public void pickWithRandomHash_firstSubchannelInTransientFailure_remainingSubcha
     // Bring one subchannel to TRANSIENT_FAILURE.
     deliverSubchannelUnreachable(getSubChannel(servers.get(0)));
     verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
-    verifyConnection(0);
+    verifyConnection(1);
 
     // Pick subchannel with random hash does trigger connection by walking the ring
     // and choosing the first (at most one) IDLE subchannel along the way.
@@ -583,7 +583,7 @@ public void skipFailingHosts_pickNextNonFailingHost() {
         getSubChannel(servers.get(0)),
         ConnectivityStateInfo.forTransientFailure(
             Status.UNAVAILABLE.withDescription("unreachable")));
-    verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
+    verify(helper, atLeastOnce()).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
 
     PickResult result = pickerCaptor.getValue().pickSubchannel(args);
     assertThat(result.getStatus().isOk()).isTrue();
@@ -649,7 +649,7 @@ public void skipFailingHosts_firstTwoHostsFailed_pickNextFirstReady() {
         ConnectivityStateInfo.forTransientFailure(
             Status.PERMISSION_DENIED.withDescription("permission denied")));
     verify(helper).updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
-    verifyConnection(0);
+    verifyConnection(2);
     PickResult result = pickerCaptor.getValue().pickSubchannel(args); // activate last subchannel
     assertThat(result.getStatus().isOk()).isTrue();
     int expectedCount = PickFirstLoadBalancerProvider.isEnabledNewPickFirst() ? 0 : 1;
@@ -721,7 +721,7 @@ public void allSubchannelsInTransientFailure() {
     }
     verify(helper, atLeastOnce())
         .updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
-    verifyConnection(0);
+    verifyConnection(2);
 
     // Picking subchannel triggers connection. RPC hash hits server0.
     PickSubchannelArgs args = getDefaultPickSubchannelArgsForServer(0);
@@ -740,12 +740,13 @@ public void firstSubchannelIdle() {
     List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
     initializeLbSubchannels(config, servers);
 
-    // Go to TF does nothing, though PF will try to reconnect after backoff
+    // As per gRFC A61, entering TF triggers a proactive connection attempt
+    // on an IDLE subchannel because no other subchannel is currently CONNECTING.
     deliverSubchannelState(getSubchannel(servers, 1),
         ConnectivityStateInfo.forTransientFailure(
         Status.UNAVAILABLE.withDescription("unreachable")));
     verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
-    verifyConnection(0);
+    verifyConnection(1);
 
     // Picking subchannel triggers connection. RPC hash hits server0.
     PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
@@ -796,7 +797,7 @@ public void firstSubchannelFailure() {
         ConnectivityStateInfo.forTransientFailure(
             Status.UNAVAILABLE.withDescription("unreachable")));
     verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
-    verifyConnection(0);
+    verifyConnection(1);
 
     // Per GRFC A61 Picking subchannel should no longer request connections that were failing
     PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
@@ -824,7 +825,7 @@ public void secondSubchannelConnecting() {
 
     Subchannel firstSubchannel = getSubchannel(servers, 0);
     deliverSubchannelUnreachable(firstSubchannel);
-    verifyConnection(0);
+    verifyConnection(1);
 
     deliverSubchannelState(getSubchannel(servers, 2), CSI_CONNECTING);
     verify(helper, times(2)).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
@@ -833,7 +834,7 @@ public void secondSubchannelConnecting() {
     // Picking subchannel when idle triggers connection.
     deliverSubchannelState(getSubchannel(servers, 2),
         ConnectivityStateInfo.forNonError(IDLE));
-    verifyConnection(0);
+    verifyConnection(1);
     PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
     PickResult result = pickerCaptor.getValue().pickSubchannel(args);
     assertThat(result.getStatus().isOk()).isTrue();
@@ -857,7 +858,7 @@ public void secondSubchannelFailure() {
     deliverSubchannelUnreachable(firstSubchannel);
     deliverSubchannelUnreachable(getSubchannel(servers, 2));
     verify(helper).updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
-    verifyConnection(0);
+    verifyConnection(2);
 
     // Picking subchannel triggers connection.
     PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
@@ -887,7 +888,7 @@ public void thirdSubchannelConnecting() {
     deliverSubchannelState(getSubchannel(servers, 1), CSI_CONNECTING);
     verify(helper, atLeastOnce())
         .updateBalancingState(eq(TRANSIENT_FAILURE), pickerCaptor.capture());
-    verifyConnection(0);
+    verifyConnection(2);
 
     // Picking subchannel should not trigger connection per gRFC A61.
     PickSubchannelArgs args = getDefaultPickSubchannelArgs(hashFunc.hashVoid());
@@ -909,7 +910,7 @@ public void stickyTransientFailure() {
     deliverSubchannelUnreachable(firstSubchannel);
 
     verify(helper).updateBalancingState(eq(CONNECTING), pickerCaptor.capture());
-    verifyConnection(0);
+    verifyConnection(1);
 
     reset(helper);
     deliverSubchannelState(firstSubchannel, ConnectivityStateInfo.forNonError(IDLE));
@@ -1127,6 +1128,39 @@ public void config_equalsTester() {
         .testEquals();
   }
 
+  @Test
+  public void tfWithoutConnectingChild_triggersIdleChildConnection() {
+    RingHashConfig config = new RingHashConfig(10, 100, "");
+    List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1);
+
+    initializeLbSubchannels(config, servers);
+
+    Subchannel tfSubchannel = getSubchannel(servers, 0);
+    Subchannel idleSubchannel = getSubchannel(servers, 1);
+
+    deliverSubchannelUnreachable(tfSubchannel);
+
+    Subchannel requested = connectionRequestedQueue.poll();
+    assertThat(requested).isSameInstanceAs(idleSubchannel);
+    assertThat(connectionRequestedQueue.poll()).isNull();
+  }
+
+  @Test
+  public void tfWithReadyChild_doesNotTriggerIdleChildConnection() {
+    RingHashConfig config = new RingHashConfig(10, 100, "");
+    List<EquivalentAddressGroup> servers = createWeightedServerAddrs(1, 1, 1);
+
+    initializeLbSubchannels(config, servers);
+
+    Subchannel tfSubchannel = getSubchannel(servers, 0);
+    Subchannel readySubchannel = getSubchannel(servers, 1);
+
+    deliverSubchannelState(readySubchannel, ConnectivityStateInfo.forNonError(READY));
+    deliverSubchannelUnreachable(tfSubchannel);
+
+    assertThat(connectionRequestedQueue.poll()).isNull();
+  }
+
   private List<Subchannel> initializeLbSubchannels(RingHashConfig config,
       List<EquivalentAddressGroup> servers, InitializationFlags... initFlags) {
 

From 2e48dcddd49f055df2adc50b6b5b54e00cfcb654 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 17 Dec 2025 01:26:59 -0800
Subject: [PATCH 505/591] api: Add newNameResolver() overload and default,
 best-effort impl.

---
 api/src/main/java/io/grpc/NameResolver.java | 35 +++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index 0e8315e812c..53dbc5d6888 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -158,6 +158,10 @@ public abstract static class Factory {
      * cannot be resolved by this factory. The decision should be solely based on the scheme of the
      * URI.
      *
+     * <p>This method will eventually be deprecated and removed as part of a migration from {@code
+     * java.net.URI} to {@code io.grpc.Uri}. Implementations will override {@link
+     * #newNameResolver(Uri, Args)} instead.
+     *
      * @param targetUri the target URI to be resolved, whose scheme must not be {@code null}
      * @param args other information that may be useful
      *
@@ -165,6 +169,37 @@ public abstract static class Factory {
      */
     public abstract NameResolver newNameResolver(URI targetUri, final Args args);
 
+    /**
+     * Creates a {@link NameResolver} for the given target URI.
+     *
+     * <p>Implementations return {@code null} if 'targetUri' cannot be resolved by this factory. The
+     * decision should be solely based on the target's scheme.
+     *
+     * <p>All {@link NameResolver.Factory} implementations should override this method, as it will
+     * eventually replace {@link #newNameResolver(URI, Args)}. For backwards compatibility, this
+     * default implementation delegates to {@link #newNameResolver(URI, Args)} if 'targetUri' can be
+     * converted to a java.net.URI.
+     *
+     * <p>NB: Conversion is not always possible, for example {@code scheme:#frag} is a valid {@link
+     * Uri} but not a valid {@link URI} because its path is empty. The default implementation throws
+     * IllegalArgumentException in these cases.
+     *
+     * @param targetUri the target URI to be resolved
+     * @param args other information that may be useful
+     * @throws IllegalArgumentException if targetUri does not have the expected form
+     * @since 1.79
+     */
+    public NameResolver newNameResolver(Uri targetUri, final Args args) {
+      // Not every io.grpc.Uri can be converted but in the ordinary ManagedChannel creation flow,
+      // any IllegalArgumentException thrown here would happened anyway, just earlier. That's
+      // because parse/toString is transparent so java.net.URI#create here sees the original target
+      // string just like it did before the io.grpc.Uri migration.
+      //
+      // Throwing IAE shouldn't surprise non-framework callers either. After all, many existing
+      // Factory impls are picky about targetUri and throw IAE when it doesn't look how they expect.
+      return newNameResolver(URI.create(targetUri.toString()), args);
+    }
+
     /**
      * Returns the default scheme, which will be used to construct a URI when {@link
      * ManagedChannelBuilder#forTarget(String)} is given an authority string instead of a compliant

From 5aeb7143ac3605c03573bd5c3d3ea494ef892c53 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Thu, 18 Dec 2025 15:44:26 -0800
Subject: [PATCH 506/591] core: Create a UriWrapper abstraction for the
 migration

# Conflicts:
#	core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
---
 .../io/grpc/internal/ManagedChannelImpl.java  |   8 +-
 .../internal/ManagedChannelImplBuilder.java   |   7 +-
 .../java/io/grpc/internal/UriWrapper.java     | 139 ++++++++++++++++++
 ...ManagedChannelImplGetNameResolverTest.java |   3 +-
 .../ManagedChannelImplIdlenessTest.java       |   3 +-
 .../grpc/internal/ManagedChannelImplTest.java |  13 +-
 .../ServiceConfigErrorHandlingTest.java       |   3 +-
 7 files changed, 160 insertions(+), 16 deletions(-)
 create mode 100644 core/src/main/java/io/grpc/internal/UriWrapper.java

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
index 5c3afbf8de0..e423220e3ad 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImpl.java
@@ -160,7 +160,7 @@ public Result selectConfig(PickSubchannelArgs args) {
   @Nullable
   private final String authorityOverride;
   private final NameResolverRegistry nameResolverRegistry;
-  private final URI targetUri;
+  private final UriWrapper targetUri;
   private final NameResolverProvider nameResolverProvider;
   private final NameResolver.Args nameResolverArgs;
   private final LoadBalancerProvider loadBalancerFactory;
@@ -538,7 +538,7 @@ ClientStream newSubstream(
   ManagedChannelImpl(
       ManagedChannelImplBuilder builder,
       ClientTransportFactory clientTransportFactory,
-      URI targetUri,
+      UriWrapper targetUri,
       NameResolverProvider nameResolverProvider,
       BackoffPolicy.Provider backoffPolicyProvider,
       ObjectPool<? extends Executor> balancerRpcExecutorPool,
@@ -667,9 +667,9 @@ public CallTracer create() {
 
   @VisibleForTesting
   static NameResolver getNameResolver(
-      URI targetUri, @Nullable final String overrideAuthority,
+      UriWrapper targetUri, @Nullable final String overrideAuthority,
       NameResolverProvider provider, NameResolver.Args nameResolverArgs) {
-    NameResolver resolver = provider.newNameResolver(targetUri, nameResolverArgs);
+    NameResolver resolver = targetUri.newNameResolver(provider, nameResolverArgs);
     if (resolver == null) {
       throw new IllegalArgumentException("cannot create a NameResolver for " + targetUri);
     }
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
index 1773c04388d..944fea9c512 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import static io.grpc.internal.UriWrapper.wrap;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
@@ -814,10 +815,10 @@ int getDefaultPort() {
 
   @VisibleForTesting
   static class ResolvedNameResolver {
-    public final URI targetUri;
+    public final UriWrapper targetUri;
     public final NameResolverProvider provider;
 
-    public ResolvedNameResolver(URI targetUri, NameResolverProvider provider) {
+    public ResolvedNameResolver(UriWrapper targetUri, NameResolverProvider provider) {
       this.targetUri = checkNotNull(targetUri, "targetUri");
       this.provider = checkNotNull(provider, "provider");
     }
@@ -872,7 +873,7 @@ static ResolvedNameResolver getNameResolverProvider(
       }
     }
 
-    return new ResolvedNameResolver(targetUri, provider);
+    return new ResolvedNameResolver(wrap(targetUri), provider);
   }
 
   private static class DirectAddressNameResolverProvider extends NameResolverProvider {
diff --git a/core/src/main/java/io/grpc/internal/UriWrapper.java b/core/src/main/java/io/grpc/internal/UriWrapper.java
new file mode 100644
index 00000000000..ca5835cabd8
--- /dev/null
+++ b/core/src/main/java/io/grpc/internal/UriWrapper.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import io.grpc.NameResolver;
+import io.grpc.Uri;
+import java.net.URI;
+import javax.annotation.Nullable;
+
+/** Temporary wrapper for a URI-like object to ease the migration to io.grpc.Uri. */
+interface UriWrapper {
+
+  static UriWrapper wrap(URI uri) {
+    return new JavaNetUriWrapper(uri);
+  }
+
+  static UriWrapper wrap(Uri uri) {
+    return new IoGrpcUriWrapper(uri);
+  }
+
+  /** Uses the given factory and args to create a {@link NameResolver} for this URI. */
+  NameResolver newNameResolver(NameResolver.Factory factory, NameResolver.Args args);
+
+  /** Returns the scheme component of this URI, e.g. "http", "mailto" or "dns". */
+  String getScheme();
+
+  /**
+   * Returns the authority component of this URI, e.g. "google.com", "127.0.0.1:8080", or null if
+   * not present.
+   */
+  @Nullable
+  String getAuthority();
+
+  /** Wraps an instance of java.net.URI. */
+  final class JavaNetUriWrapper implements UriWrapper {
+    private final URI uri;
+
+    private JavaNetUriWrapper(URI uri) {
+      this.uri = checkNotNull(uri);
+    }
+
+    @Override
+    public NameResolver newNameResolver(NameResolver.Factory factory, NameResolver.Args args) {
+      return factory.newNameResolver(uri, args);
+    }
+
+    @Override
+    public String getScheme() {
+      return uri.getScheme();
+    }
+
+    @Override
+    public String getAuthority() {
+      return uri.getAuthority();
+    }
+
+    @Override
+    public String toString() {
+      return uri.toString();
+    }
+
+    @Override
+    public boolean equals(Object other) {
+      if (other == this) {
+        return true;
+      }
+      if (!(other instanceof JavaNetUriWrapper)) {
+        return false;
+      }
+      return uri.equals(((JavaNetUriWrapper) other).uri);
+    }
+
+    @Override
+    public int hashCode() {
+      return uri.hashCode();
+    }
+  }
+
+  /** Wraps an instance of io.grpc.Uri. */
+  final class IoGrpcUriWrapper implements UriWrapper {
+    private final Uri uri;
+
+    private IoGrpcUriWrapper(Uri uri) {
+      this.uri = checkNotNull(uri);
+    }
+
+    @Override
+    public NameResolver newNameResolver(NameResolver.Factory factory, NameResolver.Args args) {
+      return factory.newNameResolver(uri, args);
+    }
+
+    @Override
+    public String getScheme() {
+      return uri.getScheme();
+    }
+
+    @Override
+    public String getAuthority() {
+      return uri.getAuthority();
+    }
+
+    @Override
+    public String toString() {
+      return uri.toString();
+    }
+
+    @Override
+    public boolean equals(Object other) {
+      if (other == this) {
+        return true;
+      }
+      if (!(other instanceof IoGrpcUriWrapper)) {
+        return false;
+      }
+      return uri.equals(((IoGrpcUriWrapper) other).uri);
+    }
+
+    @Override
+    public int hashCode() {
+      return uri.hashCode();
+    }
+  }
+}
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverTest.java
index a0bd388b1b6..8ec522260ae 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverTest.java
@@ -17,6 +17,7 @@
 package io.grpc.internal;
 
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.internal.UriWrapper.wrap;
 import static org.junit.Assert.fail;
 
 import io.grpc.NameResolver;
@@ -125,7 +126,7 @@ private void testValidTarget(String target, String expectedUriString, URI expect
         ManagedChannelImplBuilder.getNameResolverProvider(
             target, nameResolverRegistry, Collections.singleton(InetSocketAddress.class));
     assertThat(resolved.provider).isInstanceOf(FakeNameResolverProvider.class);
-    assertThat(resolved.targetUri).isEqualTo(expectedUri);
+    assertThat(resolved.targetUri).isEqualTo(wrap(expectedUri));
     assertThat(resolved.targetUri.toString()).isEqualTo(expectedUriString);
   }
 
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplIdlenessTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplIdlenessTest.java
index 293d0e70961..97e92be7fdd 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplIdlenessTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplIdlenessTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
+import static io.grpc.internal.UriWrapper.wrap;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
@@ -185,7 +186,7 @@ public void setUp() {
     NameResolverProvider nameResolverProvider =
         builder.nameResolverRegistry.getProviderForScheme(targetUri.getScheme());
     channel = new ManagedChannelImpl(
-        builder, mockTransportFactory, targetUri, nameResolverProvider,
+        builder, mockTransportFactory, wrap(targetUri), nameResolverProvider,
         new FakeBackoffPolicyProvider(),
         oobExecutorPool, timer.getStopwatchSupplier(),
         Collections.<ClientInterceptor>emptyList(),
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 24ea4fa03d9..30b53e99946 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -28,6 +28,7 @@
 import static io.grpc.EquivalentAddressGroup.ATTR_AUTHORITY_OVERRIDE;
 import static io.grpc.PickSubchannelArgsMatcher.eqPickSubchannelArgs;
 import static io.grpc.internal.ClientStreamListener.RpcProgress.PROCESSED;
+import static io.grpc.internal.UriWrapper.wrap;
 import static junit.framework.TestCase.assertNotSame;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -315,7 +316,7 @@ private void createChannel(boolean nameResolutionExpectedToFail,
     NameResolverProvider nameResolverProvider =
         channelBuilder.nameResolverRegistry.getProviderForScheme(expectedUri.getScheme());
     channel = new ManagedChannelImpl(
-        channelBuilder, mockTransportFactory, expectedUri, nameResolverProvider,
+        channelBuilder, mockTransportFactory, wrap(expectedUri), nameResolverProvider,
         new FakeBackoffPolicyProvider(),
         balancerRpcExecutorPool, timer.getStopwatchSupplier(), Arrays.asList(interceptors),
         timer.getTimeProvider());
@@ -504,7 +505,7 @@ public void startCallBeforeNameResolution() throws Exception {
     when(mockTransportFactory.getSupportedSocketAddressTypes()).thenReturn(Collections.singleton(
         InetSocketAddress.class));
     channel = new ManagedChannelImpl(
-        channelBuilder, mockTransportFactory, expectedUri, nameResolverFactory,
+        channelBuilder, mockTransportFactory, wrap(expectedUri), nameResolverFactory,
         new FakeBackoffPolicyProvider(),
         balancerRpcExecutorPool, timer.getStopwatchSupplier(),
         Collections.<ClientInterceptor>emptyList(), timer.getTimeProvider());
@@ -569,7 +570,7 @@ public void newCallWithConfigSelector() {
     when(mockTransportFactory.getSupportedSocketAddressTypes()).thenReturn(Collections.singleton(
         InetSocketAddress.class));
     channel = new ManagedChannelImpl(
-        channelBuilder, mockTransportFactory, expectedUri, nameResolverFactory,
+        channelBuilder, mockTransportFactory, wrap(expectedUri), nameResolverFactory,
         new FakeBackoffPolicyProvider(),
         balancerRpcExecutorPool, timer.getStopwatchSupplier(),
         Collections.<ClientInterceptor>emptyList(), timer.getTimeProvider());
@@ -4416,11 +4417,11 @@ public void validAuthorityTarget_overrideAuthority() throws Exception {
 
     URI targetUri = new URI("defaultscheme", "", "/foo.googleapis.com:8080", null);
     NameResolver nameResolver = ManagedChannelImpl.getNameResolver(
-        targetUri, null, nameResolverProvider, NAMERESOLVER_ARGS);
+        wrap(targetUri), null, nameResolverProvider, NAMERESOLVER_ARGS);
     assertThat(nameResolver.getServiceAuthority()).isEqualTo(serviceAuthority);
 
     nameResolver = ManagedChannelImpl.getNameResolver(
-        targetUri, overrideAuthority, nameResolverProvider, NAMERESOLVER_ARGS);
+        wrap(targetUri), overrideAuthority, nameResolverProvider, NAMERESOLVER_ARGS);
     assertThat(nameResolver.getServiceAuthority()).isEqualTo(overrideAuthority);
   }
 
@@ -4449,7 +4450,7 @@ public String getDefaultScheme() {
     };
     try {
       ManagedChannelImpl.getNameResolver(
-          URI.create("defaultscheme:///foo.gogoleapis.com:8080"),
+          wrap(URI.create("defaultscheme:///foo.gogoleapis.com:8080")),
           null, nameResolverProvider, NAMERESOLVER_ARGS);
       fail("Should fail");
     } catch (IllegalArgumentException e) {
diff --git a/core/src/test/java/io/grpc/internal/ServiceConfigErrorHandlingTest.java b/core/src/test/java/io/grpc/internal/ServiceConfigErrorHandlingTest.java
index 6f255763d30..0daee676b82 100644
--- a/core/src/test/java/io/grpc/internal/ServiceConfigErrorHandlingTest.java
+++ b/core/src/test/java/io/grpc/internal/ServiceConfigErrorHandlingTest.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
+import static io.grpc.internal.UriWrapper.wrap;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.AdditionalAnswers.delegatesTo;
@@ -168,7 +169,7 @@ private void createChannel(ClientInterceptor... interceptors) {
         new ManagedChannelImpl(
             channelBuilder,
             mockTransportFactory,
-            expectedUri,
+            wrap(expectedUri),
             nameResolverProvider,
             new FakeBackoffPolicyProvider(),
             balancerRpcExecutorPool,

From fc5efee745e8f66ba9ad16973d076c9327eeee35 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 5 Jan 2026 23:06:48 -0800
Subject: [PATCH 507/591] core: add a FlagResetRule test fixture

---
 .../java/io/grpc/internal/FlagResetRule.java  | 66 +++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java

diff --git a/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java b/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java
new file mode 100644
index 00000000000..dbcaca79358
--- /dev/null
+++ b/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import java.util.ArrayDeque;
+import java.util.Deque;
+import org.junit.rules.ExternalResource;
+
+/**
+ * A {@link org.junit.rules.TestRule} that lets you set one or more feature flags just for
+ * the duration of the current test case.
+ *
+ * <p>Flags and other global variables must be reset to ensure no state leaks across tests.
+ */
+public final class FlagResetRule extends ExternalResource {
+
+  /** A functional interface representing a standard gRPC feature flag setter. */
+  public interface SetterMethod<T> {
+    /** Sets a flag for testing and returns its previous value. */
+    T set(T val);
+  }
+
+  private final Deque<Runnable> toRunAfter = new ArrayDeque<>();
+
+  /**
+   * Sets a global feature flag to 'value' using 'setter' and arranges for its previous value to be
+   * unconditionally restored when the test completes.
+   */
+  public <T> void setFlagForTest(SetterMethod<T> setter, T value) {
+    final T oldValue = setter.set(value);
+    toRunAfter.push(() -> setter.set(oldValue));
+  }
+
+  @Override
+  protected void after() {
+    RuntimeException toThrow = null;
+    while (!toRunAfter.isEmpty()) {
+      try {
+        toRunAfter.pop().run();
+      } catch (RuntimeException e) {
+        if (toThrow == null) {
+          toThrow = e;
+        } else {
+          toThrow.addSuppressed(e);
+        }
+      }
+    }
+    if (toThrow != null) {
+      throw toThrow;
+    }
+  }
+}

From 7ef40a98b6321a99ce8fb742f54604c4a5a68677 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 5 Jan 2026 23:07:58 -0800
Subject: [PATCH 508/591] core: Use io.grpc.Uri to parse the target, if flagged

---
 .../internal/ManagedChannelImplBuilder.java   |  83 +++++-
 .../ManagedChannelImplBuilderTest.java        |  24 +-
 ...ChannelImplGetNameResolverRfc3986Test.java | 243 ++++++++++++++++++
 ...ManagedChannelImplGetNameResolverTest.java |  36 ++-
 4 files changed, 361 insertions(+), 25 deletions(-)
 create mode 100644 core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverRfc3986Test.java

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
index 944fea9c512..628224b826e 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
@@ -47,6 +47,7 @@
 import io.grpc.NameResolverRegistry;
 import io.grpc.ProxyDetector;
 import io.grpc.StatusOr;
+import io.grpc.Uri;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.SocketAddress;
@@ -105,6 +106,16 @@ public static ManagedChannelBuilder<?> forTarget(String target) {
    */
   static final long IDLE_MODE_MIN_TIMEOUT_MILLIS = TimeUnit.SECONDS.toMillis(1);
 
+  private static boolean enableRfc3986Uris = GrpcUtil.getFlag("GRPC_ENABLE_RFC3986_URIS", false);
+
+  /** Whether to parse targets as RFC 3986 URIs (true), or use {@link java.net.URI} (false). */
+  @VisibleForTesting
+  static boolean setRfc3986UrisEnabled(boolean value) {
+    boolean prevValue = ManagedChannelImplBuilder.enableRfc3986Uris;
+    ManagedChannelImplBuilder.enableRfc3986Uris = value;
+    return prevValue;
+  }
+
   private static final ObjectPool<? extends Executor> DEFAULT_EXECUTOR_POOL =
       SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR);
 
@@ -719,8 +730,11 @@ protected ManagedChannelImplBuilder addMetricSink(MetricSink metricSink) {
   public ManagedChannel build() {
     ClientTransportFactory clientTransportFactory =
         clientTransportFactoryBuilder.buildClientTransportFactory();
-    ResolvedNameResolver resolvedResolver = getNameResolverProvider(
-        target, nameResolverRegistry, clientTransportFactory.getSupportedSocketAddressTypes());
+    ResolvedNameResolver resolvedResolver =
+        enableRfc3986Uris
+            ? getNameResolverProviderRfc3986(target, nameResolverRegistry)
+            : getNameResolverProvider(target, nameResolverRegistry);
+    resolvedResolver.checkAddressTypes(clientTransportFactory.getSupportedSocketAddressTypes());
     return new ManagedChannelOrphanWrapper(new ManagedChannelImpl(
         this,
         clientTransportFactory,
@@ -822,12 +836,25 @@ public ResolvedNameResolver(UriWrapper targetUri, NameResolverProvider provider)
       this.targetUri = checkNotNull(targetUri, "targetUri");
       this.provider = checkNotNull(provider, "provider");
     }
+
+    void checkAddressTypes(
+        Collection<Class<? extends SocketAddress>> channelTransportSocketAddressTypes) {
+      if (channelTransportSocketAddressTypes != null) {
+        Collection<Class<? extends SocketAddress>> nameResolverSocketAddressTypes =
+            provider.getProducedSocketAddressTypes();
+        if (!channelTransportSocketAddressTypes.containsAll(nameResolverSocketAddressTypes)) {
+          throw new IllegalArgumentException(
+              String.format(
+                  "Address types of NameResolver '%s' for '%s' not supported by transport",
+                  provider.getDefaultScheme(), targetUri));
+        }
+      }
+    }
   }
 
   @VisibleForTesting
   static ResolvedNameResolver getNameResolverProvider(
-      String target, NameResolverRegistry nameResolverRegistry,
-      Collection<Class<? extends SocketAddress>> channelTransportSocketAddressTypes) {
+      String target, NameResolverRegistry nameResolverRegistry) {
     // Finding a NameResolver. Try using the target string as the URI. If that fails, try prepending
     // "dns:///".
     NameResolverProvider provider = null;
@@ -863,14 +890,46 @@ static ResolvedNameResolver getNameResolverProvider(
           target, uriSyntaxErrors.length() > 0 ? " (" + uriSyntaxErrors + ")" : ""));
     }
 
-    if (channelTransportSocketAddressTypes != null) {
-      Collection<Class<? extends SocketAddress>> nameResolverSocketAddressTypes
-          = provider.getProducedSocketAddressTypes();
-      if (!channelTransportSocketAddressTypes.containsAll(nameResolverSocketAddressTypes)) {
-        throw new IllegalArgumentException(String.format(
-            "Address types of NameResolver '%s' for '%s' not supported by transport",
-            targetUri.getScheme(), target));
-      }
+    return new ResolvedNameResolver(wrap(targetUri), provider);
+  }
+
+  @VisibleForTesting
+  static ResolvedNameResolver getNameResolverProviderRfc3986(
+      String target, NameResolverRegistry nameResolverRegistry) {
+    // Finding a NameResolver. Try using the target string as the URI. If that fails, try prepending
+    // "dns:///".
+    NameResolverProvider provider = null;
+    Uri targetUri = null;
+    StringBuilder uriSyntaxErrors = new StringBuilder();
+    try {
+      targetUri = Uri.parse(target);
+    } catch (URISyntaxException e) {
+      // Can happen with ip addresses like "[::1]:1234" or 127.0.0.1:1234.
+      uriSyntaxErrors.append(e.getMessage());
+    }
+    if (targetUri != null) {
+      // For "localhost:8080" this would likely cause provider to be null, because "localhost" is
+      // parsed as the scheme. Will hit the next case and try "dns:///localhost:8080".
+      provider = nameResolverRegistry.getProviderForScheme(targetUri.getScheme());
+    }
+
+    if (provider == null && !URI_PATTERN.matcher(target).matches()) {
+      // It doesn't look like a URI target. Maybe it's an authority string. Try with the default
+      // scheme from the registry.
+      targetUri =
+          Uri.newBuilder()
+              .setScheme(nameResolverRegistry.getDefaultScheme())
+              .setHost("")
+              .setPath("/" + target)
+              .build();
+      provider = nameResolverRegistry.getProviderForScheme(targetUri.getScheme());
+    }
+
+    if (provider == null) {
+      throw new IllegalArgumentException(
+          String.format(
+              "Could not find a NameResolverProvider for %s%s",
+              target, uriSyntaxErrors.length() > 0 ? " (" + uriSyntaxErrors + ")" : ""));
     }
 
     return new ResolvedNameResolver(wrap(targetUri), provider);
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
index a054e65a6e8..8bf10de3949 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
@@ -69,13 +69,15 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
 
 /** Unit tests for {@link ManagedChannelImplBuilder}. */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class ManagedChannelImplBuilderTest {
   private static final int DUMMY_PORT = 42;
   private static final String DUMMY_TARGET = "fake-target";
@@ -98,8 +100,16 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
         }
       };
 
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
   @Rule public final GrpcCleanupRule grpcCleanupRule = new GrpcCleanupRule();
+  @Rule public final FlagResetRule flagResetRule = new FlagResetRule();
 
   @Mock private ClientTransportFactory mockClientTransportFactory;
   @Mock private ClientTransportFactoryBuilder mockClientTransportFactoryBuilder;
@@ -117,6 +127,9 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
 
   @Before
   public void setUp() throws Exception {
+    flagResetRule.setFlagForTest(
+        ManagedChannelImplBuilder::setRfc3986UrisEnabled, enableRfc3986UrisParam);
+
     builder = new ManagedChannelImplBuilder(
         DUMMY_TARGET,
         new UnsupportedClientTransportFactoryBuilder(),
@@ -373,8 +386,11 @@ public void transportDoesNotSupportAddressTypes() {
       ManagedChannel unused = grpcCleanupRule.register(builder.build());
       fail("Should fail");
     } catch (IllegalArgumentException e) {
-      assertThat(e).hasMessageThat().isEqualTo(
-          "Address types of NameResolver 'dns' for 'valid:1234' not supported by transport");
+      assertThat(e)
+          .hasMessageThat()
+          .isEqualTo(
+              "Address types of NameResolver 'dns' for 'dns:///valid:1234' not supported by"
+                  + " transport");
     }
   }
 
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverRfc3986Test.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverRfc3986Test.java
new file mode 100644
index 00000000000..5bcf24a30e2
--- /dev/null
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverRfc3986Test.java
@@ -0,0 +1,243 @@
+/*
+ * Copyright 2015 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.internal.UriWrapper.wrap;
+import static org.junit.Assert.fail;
+
+import io.grpc.NameResolver;
+import io.grpc.NameResolverProvider;
+import io.grpc.NameResolverRegistry;
+import io.grpc.Uri;
+import java.net.SocketAddress;
+import java.net.URI;
+import java.util.Collections;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for ManagedChannelImplBuilder#getNameResolverProviderNew(). */
+@RunWith(JUnit4.class)
+public class ManagedChannelImplGetNameResolverRfc3986Test {
+  @Test
+  public void invalidUriTarget() {
+    testInvalidTarget("defaultscheme:///[invalid]");
+  }
+
+  @Test
+  public void invalidUnescapedSquareBracketsInRfc3986UriFragment() {
+    testInvalidTarget("defaultscheme://8.8.8.8/host#section[1]");
+  }
+
+  @Test
+  public void invalidUnescapedSquareBracketsInRfc3986UriQuery() {
+    testInvalidTarget("dns://8.8.8.8/path?section=[1]");
+  }
+
+  @Test
+  public void validTargetWithInvalidDnsName() throws Exception {
+    testValidTarget(
+        "[valid]",
+        "defaultscheme:///%5Bvalid%5D",
+        Uri.newBuilder().setScheme("defaultscheme").setHost("").setPath("/[valid]").build());
+  }
+
+  @Test
+  public void validAuthorityTarget() throws Exception {
+    testValidTarget(
+        "foo.googleapis.com:8080",
+        "defaultscheme:///foo.googleapis.com:8080",
+        Uri.newBuilder()
+            .setScheme("defaultscheme")
+            .setHost("")
+            .setPath("/foo.googleapis.com:8080")
+            .build());
+  }
+
+  @Test
+  public void validUriTarget() throws Exception {
+    testValidTarget(
+        "scheme:///foo.googleapis.com:8080",
+        "scheme:///foo.googleapis.com:8080",
+        Uri.newBuilder()
+            .setScheme("scheme")
+            .setHost("")
+            .setPath("/foo.googleapis.com:8080")
+            .build());
+  }
+
+  @Test
+  public void validIpv4AuthorityTarget() throws Exception {
+    testValidTarget(
+        "127.0.0.1:1234",
+        "defaultscheme:///127.0.0.1:1234",
+        Uri.newBuilder().setScheme("defaultscheme").setHost("").setPath("/127.0.0.1:1234").build());
+  }
+
+  @Test
+  public void validIpv4UriTarget() throws Exception {
+    testValidTarget(
+        "dns:///127.0.0.1:1234",
+        "dns:///127.0.0.1:1234",
+        Uri.newBuilder().setScheme("dns").setHost("").setPath("/127.0.0.1:1234").build());
+  }
+
+  @Test
+  public void validIpv6AuthorityTarget() throws Exception {
+    testValidTarget(
+        "[::1]:1234",
+        "defaultscheme:///%5B::1%5D:1234",
+        Uri.newBuilder().setScheme("defaultscheme").setHost("").setPath("/[::1]:1234").build());
+  }
+
+  @Test
+  public void invalidIpv6UriTarget() throws Exception {
+    testInvalidTarget("dns:///[::1]:1234");
+  }
+
+  @Test
+  public void invalidIpv6UriWithUnescapedScope() {
+    testInvalidTarget("dns://[::1%eth0]:53/host");
+  }
+
+  @Test
+  public void validIpv6UriTarget() throws Exception {
+    testValidTarget(
+        "dns:///%5B::1%5D:1234",
+        "dns:///%5B::1%5D:1234",
+        Uri.newBuilder().setScheme("dns").setHost("").setPath("/[::1]:1234").build());
+  }
+
+  @Test
+  public void validTargetStartingWithSlash() throws Exception {
+    testValidTarget(
+        "/target",
+        "defaultscheme:////target",
+        Uri.newBuilder().setScheme("defaultscheme").setHost("").setPath("//target").build());
+  }
+
+  @Test
+  public void validTargetNoProvider() {
+    NameResolverRegistry nameResolverRegistry = new NameResolverRegistry();
+    try {
+      ManagedChannelImplBuilder.getNameResolverProviderRfc3986(
+          "foo.googleapis.com:8080", nameResolverRegistry);
+      fail("Should fail");
+    } catch (IllegalArgumentException e) {
+      // expected
+    }
+  }
+
+  @Test
+  public void validTargetProviderAddrTypesNotSupported() {
+    NameResolverRegistry nameResolverRegistry = getTestRegistry("testscheme");
+    try {
+      ManagedChannelImplBuilder.getNameResolverProviderRfc3986(
+              "testscheme:///foo.googleapis.com:8080", nameResolverRegistry)
+          .checkAddressTypes(Collections.singleton(CustomSocketAddress.class));
+      fail("Should fail");
+    } catch (IllegalArgumentException e) {
+      assertThat(e)
+          .hasMessageThat()
+          .isEqualTo(
+              "Address types of NameResolver 'testscheme' for "
+                  + "'testscheme:///foo.googleapis.com:8080' not supported by transport");
+    }
+  }
+
+  private void testValidTarget(String target, String expectedUriString, Uri expectedUri) {
+    NameResolverRegistry nameResolverRegistry = getTestRegistry(expectedUri.getScheme());
+    ManagedChannelImplBuilder.ResolvedNameResolver resolved =
+        ManagedChannelImplBuilder.getNameResolverProviderRfc3986(target, nameResolverRegistry);
+    assertThat(resolved.provider).isInstanceOf(FakeNameResolverProvider.class);
+    assertThat(resolved.targetUri).isEqualTo(wrap(expectedUri));
+    assertThat(resolved.targetUri.toString()).isEqualTo(expectedUriString);
+  }
+
+  private void testInvalidTarget(String target) {
+    NameResolverRegistry nameResolverRegistry = getTestRegistry("dns");
+
+    try {
+      ManagedChannelImplBuilder.ResolvedNameResolver resolved =
+          ManagedChannelImplBuilder.getNameResolverProviderRfc3986(target, nameResolverRegistry);
+      FakeNameResolverProvider nameResolverProvider = (FakeNameResolverProvider) resolved.provider;
+      fail("Should have failed, but got resolver provider " + nameResolverProvider);
+    } catch (IllegalArgumentException e) {
+      // expected
+    }
+  }
+
+  private static NameResolverRegistry getTestRegistry(String expectedScheme) {
+    NameResolverRegistry nameResolverRegistry = new NameResolverRegistry();
+    FakeNameResolverProvider nameResolverProvider = new FakeNameResolverProvider(expectedScheme);
+    nameResolverRegistry.register(nameResolverProvider);
+    return nameResolverRegistry;
+  }
+
+  private static class FakeNameResolverProvider extends NameResolverProvider {
+    final String expectedScheme;
+
+    FakeNameResolverProvider(String expectedScheme) {
+      this.expectedScheme = expectedScheme;
+    }
+
+    @Override
+    public NameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
+      if (expectedScheme.equals(targetUri.getScheme())) {
+        return new FakeNameResolver(targetUri);
+      }
+      return null;
+    }
+
+    @Override
+    public String getDefaultScheme() {
+      return expectedScheme;
+    }
+
+    @Override
+    protected boolean isAvailable() {
+      return true;
+    }
+
+    @Override
+    protected int priority() {
+      return 5;
+    }
+  }
+
+  private static class FakeNameResolver extends NameResolver {
+    final URI uri;
+
+    FakeNameResolver(URI uri) {
+      this.uri = uri;
+    }
+
+    @Override
+    public String getServiceAuthority() {
+      return uri.getAuthority();
+    }
+
+    @Override
+    public void start(final Listener2 listener) {}
+
+    @Override
+    public void shutdown() {}
+  }
+
+  private static class CustomSocketAddress extends SocketAddress {}
+}
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverTest.java
index 8ec522260ae..792f4daca4e 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplGetNameResolverTest.java
@@ -23,7 +23,6 @@
 import io.grpc.NameResolver;
 import io.grpc.NameResolverProvider;
 import io.grpc.NameResolverRegistry;
-import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
 import java.util.Collections;
@@ -39,6 +38,21 @@ public void invalidUriTarget() {
     testInvalidTarget("defaultscheme:///[invalid]");
   }
 
+  @Test
+  public void validSquareBracketsInRfc2396UriFragment() throws Exception {
+    testValidTarget("dns://8.8.8.8/host#section[1]",
+        "dns://8.8.8.8/host#section[1]",
+        new URI("dns", "8.8.8.8", "/host", null, "section[1]"));
+  }
+
+
+  @Test
+  public void validSquareBracketsInRfc2396UriQuery() throws Exception {
+    testValidTarget("dns://8.8.8.8/host?section=[1]",
+        "dns://8.8.8.8/host?section=[1]",
+        new URI("dns", "8.8.8.8", "/host", "section=[1]", null));
+  }
+
   @Test
   public void validTargetWithInvalidDnsName() throws Exception {
     testValidTarget("[valid]", "defaultscheme:///%5Bvalid%5D",
@@ -75,6 +89,13 @@ public void validIpv6AuthorityTarget() throws Exception {
         new URI("defaultscheme", "", "/[::1]:1234", null));
   }
 
+  @Test
+  public void validIpv6UriWithJavaNetUriScopeName() throws Exception {
+    testValidTarget("dns://[::1%eth0]:53/host",
+        "dns://[::1%eth0]:53/host",
+        new URI("dns", "[::1%eth0]:53", "/host", null, null));
+  }
+
   @Test
   public void invalidIpv6UriTarget() throws Exception {
     testInvalidTarget("dns:///[::1]:1234");
@@ -97,8 +118,7 @@ public void validTargetNoProvider() {
     NameResolverRegistry nameResolverRegistry = new NameResolverRegistry();
     try {
       ManagedChannelImplBuilder.getNameResolverProvider(
-          "foo.googleapis.com:8080", nameResolverRegistry,
-          Collections.singleton(InetSocketAddress.class));
+          "foo.googleapis.com:8080", nameResolverRegistry);
       fail("Should fail");
     } catch (IllegalArgumentException e) {
       // expected
@@ -110,8 +130,8 @@ public void validTargetProviderAddrTypesNotSupported() {
     NameResolverRegistry nameResolverRegistry = getTestRegistry("testscheme");
     try {
       ManagedChannelImplBuilder.getNameResolverProvider(
-          "testscheme:///foo.googleapis.com:8080", nameResolverRegistry,
-          Collections.singleton(CustomSocketAddress.class));
+              "testscheme:///foo.googleapis.com:8080", nameResolverRegistry)
+          .checkAddressTypes(Collections.singleton(CustomSocketAddress.class));
       fail("Should fail");
     } catch (IllegalArgumentException e) {
       assertThat(e).hasMessageThat().isEqualTo(
@@ -123,8 +143,7 @@ public void validTargetProviderAddrTypesNotSupported() {
   private void testValidTarget(String target, String expectedUriString, URI expectedUri) {
     NameResolverRegistry nameResolverRegistry = getTestRegistry(expectedUri.getScheme());
     ManagedChannelImplBuilder.ResolvedNameResolver resolved =
-        ManagedChannelImplBuilder.getNameResolverProvider(
-            target, nameResolverRegistry, Collections.singleton(InetSocketAddress.class));
+        ManagedChannelImplBuilder.getNameResolverProvider(target, nameResolverRegistry);
     assertThat(resolved.provider).isInstanceOf(FakeNameResolverProvider.class);
     assertThat(resolved.targetUri).isEqualTo(wrap(expectedUri));
     assertThat(resolved.targetUri.toString()).isEqualTo(expectedUriString);
@@ -135,8 +154,7 @@ private void testInvalidTarget(String target) {
 
     try {
       ManagedChannelImplBuilder.ResolvedNameResolver resolved =
-          ManagedChannelImplBuilder.getNameResolverProvider(
-              target, nameResolverRegistry, Collections.singleton(InetSocketAddress.class));
+          ManagedChannelImplBuilder.getNameResolverProvider(target, nameResolverRegistry);
       FakeNameResolverProvider nameResolverProvider = (FakeNameResolverProvider) resolved.provider;
       fail("Should have failed, but got resolver provider " + nameResolverProvider);
     } catch (IllegalArgumentException e) {

From 57e858945dd9c1eb310e7f05e167bd16714295dc Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 5 Jan 2026 17:04:45 -0800
Subject: [PATCH 509/591] binder: Migrate IntentNameResolverProvider to
 io.grpc.Uri

---
 .../internal/IntentNameResolverProvider.java  | 17 ++++++++++++++---
 .../IntentNameResolverProviderTest.java       | 19 +++++++++++++++++--
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/binder/src/main/java/io/grpc/binder/internal/IntentNameResolverProvider.java b/binder/src/main/java/io/grpc/binder/internal/IntentNameResolverProvider.java
index 67859045dba..5a3c9fcc986 100644
--- a/binder/src/main/java/io/grpc/binder/internal/IntentNameResolverProvider.java
+++ b/binder/src/main/java/io/grpc/binder/internal/IntentNameResolverProvider.java
@@ -20,6 +20,7 @@
 import android.content.Intent;
 import com.google.common.collect.ImmutableSet;
 import io.grpc.NameResolver;
+import io.grpc.Uri;
 import io.grpc.NameResolver.Args;
 import io.grpc.NameResolverProvider;
 import io.grpc.binder.AndroidComponentAddress;
@@ -46,7 +47,17 @@ public String getDefaultScheme() {
   @Override
   public NameResolver newNameResolver(URI targetUri, final Args args) {
     if (Objects.equals(targetUri.getScheme(), ANDROID_INTENT_SCHEME)) {
-      return new IntentNameResolver(parseUriArg(targetUri), args);
+      return new IntentNameResolver(parseUriArg(targetUri.toString()), args);
+    } else {
+      return null;
+    }
+  }
+
+  @Nullable
+  @Override
+  public NameResolver newNameResolver(Uri targetUri, final Args args) {
+    if (Objects.equals(targetUri.getScheme(), ANDROID_INTENT_SCHEME)) {
+      return new IntentNameResolver(parseUriArg(targetUri.toString()), args);
     } else {
       return null;
     }
@@ -67,9 +78,9 @@ public ImmutableSet<Class<? extends SocketAddress>> getProducedSocketAddressType
     return ImmutableSet.of(AndroidComponentAddress.class);
   }
 
-  private static Intent parseUriArg(URI targetUri) {
+  private static Intent parseUriArg(String targetUri) {
     try {
-      return Intent.parseUri(targetUri.toString(), URI_INTENT_SCHEME);
+      return Intent.parseUri(targetUri, URI_INTENT_SCHEME);
     } catch (URISyntaxException e) {
       throw new IllegalArgumentException(e);
     }
diff --git a/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverProviderTest.java b/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverProviderTest.java
index aa75ba84b09..2809a72fee1 100644
--- a/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverProviderTest.java
+++ b/binder/src/test/java/io/grpc/binder/internal/IntentNameResolverProviderTest.java
@@ -30,6 +30,7 @@
 import io.grpc.NameResolver.ServiceConfigParser;
 import io.grpc.NameResolverProvider;
 import io.grpc.SynchronizationContext;
+import io.grpc.Uri;
 import io.grpc.binder.ApiConstants;
 import java.net.URI;
 import org.junit.Before;
@@ -70,18 +71,32 @@ public void testProviderScheme_returnsIntentScheme() throws Exception {
 
   @Test
   public void testNoResolverForUnknownScheme_returnsNull() throws Exception {
-    assertThat(provider.newNameResolver(new URI("random://uri"), args)).isNull();
+    assertThat(provider.newNameResolver(Uri.create("random://uri"), args)).isNull();
   }
 
   @Test
   public void testResolutionWithBadUri_throwsIllegalArg() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
-        () -> provider.newNameResolver(new URI("intent:xxx#Intent;e.x=1;end;"), args));
+        () -> provider.newNameResolver(Uri.create("intent:xxx#Intent;e.x=1;end;"), args));
   }
 
   @Test
   public void testResolverForIntentScheme_returnsResolver() throws Exception {
+    Uri uri = Uri.create("intent:#Intent;action=action;end");
+    NameResolver resolver = provider.newNameResolver(uri, args);
+    assertThat(resolver).isNotNull();
+    assertThat(resolver.getServiceAuthority()).isEqualTo("localhost");
+    syncContext.execute(() -> resolver.start(mockListener));
+    shadowOf(getMainLooper()).idle();
+    verify(mockListener).onResult2(resultCaptor.capture());
+    assertThat(resultCaptor.getValue().getAddressesOrError()).isNotNull();
+    syncContext.execute(resolver::shutdown);
+    shadowOf(getMainLooper()).idle();
+  }
+
+  @Test
+  public void testResolverForIntentScheme_returnsResolver_javaNetUri() throws Exception {
     URI uri = new URI("intent://authority/path#Intent;action=action;scheme=scheme;end");
     NameResolver resolver = provider.newNameResolver(uri, args);
     assertThat(resolver).isNotNull();

From ebb9420948e4c5ea380f9da2e1c6c0d8cf991bbe Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 30 Dec 2025 13:31:48 -0800
Subject: [PATCH 510/591] xds: Merge ClusterResolverLB into CdsLB2

This is a cleanup from gRFC A74:

> The xds_cluster_resolver LB policy will be removed completely, as
> obtaining endpoint addresses will now be done in the xds resolver. The
> code for generating the child policy configs for the priority policy
> will now be done in the cds LB policy.

Since XdsDependencyManager handles the actual resolution,
ClusterResolverLB was only handling config conversion. We just do that
in CdsLB2 now.

The large blob of code from ClusterResolverLB was moved into CdsLB2
unchanged. The cluster resolver tests were left in-place, though, as
they did need changes and it'd be very hard to see the changes if moved
at the same time.
---
 .../java/io/grpc/xds/CdsLoadBalancer2.java    | 417 ++++++++++++++--
 .../grpc/xds/ClusterResolverLoadBalancer.java | 455 ------------------
 .../ClusterResolverLoadBalancerProvider.java  | 245 ----------
 .../main/java/io/grpc/xds/XdsLbPolicies.java  |   1 -
 .../services/io.grpc.LoadBalancerProvider     |   1 -
 .../io/grpc/xds/CdsLoadBalancer2Test.java     | 121 +----
 ...usterResolverLoadBalancerProviderTest.java |  79 ---
 .../xds/ClusterResolverLoadBalancerTest.java  |  98 +---
 8 files changed, 425 insertions(+), 992 deletions(-)
 delete mode 100644 xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
 delete mode 100644 xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
 delete mode 100644 xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerProviderTest.java

diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
index 688626d9b3d..67c5626aff5 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
@@ -19,20 +19,31 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
 import static io.grpc.xds.XdsLbPolicies.CDS_POLICY_NAME;
-import static io.grpc.xds.XdsLbPolicies.CLUSTER_RESOLVER_POLICY_NAME;
 import static io.grpc.xds.XdsLbPolicies.PRIORITY_POLICY_NAME;
 
+import com.google.common.collect.ImmutableMap;
 import com.google.errorprone.annotations.CheckReturnValue;
+import io.grpc.Attributes;
+import io.grpc.EquivalentAddressGroup;
+import io.grpc.HttpConnectProxiedSocketAddress;
 import io.grpc.InternalLogId;
 import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancerProvider;
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.StatusOr;
 import io.grpc.util.GracefulSwitchLoadBalancer;
+import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
 import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
-import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
-import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig.DiscoveryMechanism;
+import io.grpc.xds.ClusterImplLoadBalancerProvider.ClusterImplConfig;
+import io.grpc.xds.Endpoints.DropOverload;
+import io.grpc.xds.Endpoints.LbEndpoint;
+import io.grpc.xds.Endpoints.LocalityLbEndpoints;
+import io.grpc.xds.EnvoyServerProtoData.FailurePercentageEjection;
+import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
+import io.grpc.xds.EnvoyServerProtoData.SuccessRateEjection;
+import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig;
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
 import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.XdsClusterResource.CdsUpdate.ClusterType;
@@ -40,13 +51,22 @@
 import io.grpc.xds.XdsConfig.XdsClusterConfig;
 import io.grpc.xds.XdsConfig.XdsClusterConfig.AggregateConfig;
 import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
+import io.grpc.xds.XdsEndpointResource.EdsUpdate;
+import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
+import io.grpc.xds.internal.XdsInternalAttributes;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
 
 /**
  * Load balancer for cds_experimental LB policy. One instance per top-level cluster.
@@ -57,6 +77,7 @@ final class CdsLoadBalancer2 extends LoadBalancer {
   private final XdsLogger logger;
   private final Helper helper;
   private final LoadBalancerRegistry lbRegistry;
+  private final ClusterState clusterState = new ClusterState();
   private GracefulSwitchLoadBalancer delegate;
   // Following fields are effectively final.
   private String clusterName;
@@ -100,7 +121,6 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     XdsClusterConfig clusterConfig = clusterConfigOr.getValue();
 
     NameResolver.ConfigOrError configOrError;
-    Object gracefulConfig;
     if (clusterConfig.getChildren() instanceof EndpointConfig) {
       // The LB policy config is provided in service_config.proto/JSON format.
       configOrError =
@@ -112,34 +132,38 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
         return fail(Status.INTERNAL.withDescription(
                 errorPrefix() + "Unable to parse the LB config: " + configOrError.getError()));
       }
-      CdsUpdate result = clusterConfig.getClusterResource();
-      DiscoveryMechanism instance;
-      if (result.clusterType() == ClusterType.EDS) {
-        instance = DiscoveryMechanism.forEds(
-            clusterName,
-            result.edsServiceName(),
-            result.lrsServerInfo(),
-            result.maxConcurrentRequests(),
-            result.upstreamTlsContext(),
-            result.filterMetadata(),
-            result.outlierDetection(),
-            result.backendMetricPropagation());
-      } else {
-        instance = DiscoveryMechanism.forLogicalDns(
-            clusterName,
-            result.dnsHostName(),
-            result.lrsServerInfo(),
-            result.maxConcurrentRequests(),
-            result.upstreamTlsContext(),
-            result.filterMetadata(),
-            result.backendMetricPropagation());
-      }
-      gracefulConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-          lbRegistry.getProvider(CLUSTER_RESOLVER_POLICY_NAME),
-          new ClusterResolverConfig(
-              instance,
-              configOrError.getConfig(),
-              clusterConfig.getClusterResource().isHttp11ProxyAvailable()));
+
+      StatusOr<EdsUpdate> edsUpdate = getEdsUpdate(xdsConfig, clusterName);
+      StatusOr<ClusterResolutionResult> statusOrResult = clusterState.edsUpdateToResult(
+          clusterName,
+          clusterConfig.getClusterResource(),
+          configOrError.getConfig(),
+          edsUpdate);
+      if (!statusOrResult.hasValue()) {
+        Status status = Status.UNAVAILABLE
+            .withDescription(statusOrResult.getStatus().getDescription())
+            .withCause(statusOrResult.getStatus().getCause());
+        delegate.handleNameResolutionError(status);
+        return status;
+      }
+      ClusterResolutionResult result = statusOrResult.getValue();
+      List<EquivalentAddressGroup> addresses = result.addresses;
+      if (addresses.isEmpty()) {
+        Status status = Status.UNAVAILABLE
+            .withDescription("No usable endpoint from cluster: " + clusterName);
+        delegate.handleNameResolutionError(status);
+        return status;
+      }
+      Object gracefulConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+          lbRegistry.getProvider(PRIORITY_POLICY_NAME),
+          new PriorityLbConfig(
+              Collections.unmodifiableMap(result.priorityChildConfigs),
+              Collections.unmodifiableList(result.priorities)));
+      return delegate.acceptResolvedAddresses(
+          resolvedAddresses.toBuilder()
+            .setLoadBalancingPolicyConfig(gracefulConfig)
+            .setAddresses(Collections.unmodifiableList(addresses))
+            .build());
     } else if (clusterConfig.getChildren() instanceof AggregateConfig) {
       Map<String, PriorityChildConfig> priorityChildConfigs = new HashMap<>();
       List<String> leafClusters = ((AggregateConfig) clusterConfig.getChildren()).getLeafNames();
@@ -151,18 +175,17 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
                                 new CdsConfig(childCluster)),
                         false));
       }
-      gracefulConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+      Object gracefulConfig = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
           lbRegistry.getProvider(PRIORITY_POLICY_NAME),
           new PriorityLoadBalancerProvider.PriorityLbConfig(
               Collections.unmodifiableMap(priorityChildConfigs), leafClusters));
+      return delegate.acceptResolvedAddresses(
+          resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(gracefulConfig).build());
     } else {
       return fail(Status.INTERNAL.withDescription(
               errorPrefix() + "Unexpected cluster children type: "
                       + clusterConfig.getChildren().getClass()));
     }
-
-    return delegate.acceptResolvedAddresses(
-        resolvedAddresses.toBuilder().setLoadBalancingPolicyConfig(gracefulConfig).build());
   }
 
   @Override
@@ -198,4 +221,326 @@ private Status fail(Status error) {
   private String errorPrefix() {
     return "CdsLb for " + clusterName + ": ";
   }
+
+  private static StatusOr<EdsUpdate> getEdsUpdate(XdsConfig xdsConfig, String cluster) {
+    StatusOr<XdsClusterConfig> clusterConfig = xdsConfig.getClusters().get(cluster);
+    if (clusterConfig == null) {
+      return StatusOr.fromStatus(Status.INTERNAL
+          .withDescription("BUG: cluster resolver could not find cluster in xdsConfig"));
+    }
+    if (!clusterConfig.hasValue()) {
+      return StatusOr.fromStatus(clusterConfig.getStatus());
+    }
+    if (!(clusterConfig.getValue().getChildren() instanceof XdsClusterConfig.EndpointConfig)) {
+      return StatusOr.fromStatus(Status.INTERNAL
+          .withDescription("BUG: cluster resolver cluster with children of unknown type"));
+    }
+    XdsClusterConfig.EndpointConfig endpointConfig =
+        (XdsClusterConfig.EndpointConfig) clusterConfig.getValue().getChildren();
+    return endpointConfig.getEndpoint();
+  }
+
+  /**
+   * Generates a string that represents the priority in the LB policy config. The string is unique
+   * across priorities in all clusters and priorityName(c, p1) < priorityName(c, p2) iff p1 < p2.
+   * The ordering is undefined for priorities in different clusters.
+   */
+  private static String priorityName(String cluster, int priority) {
+    return cluster + "[child" + priority + "]";
+  }
+
+  /**
+   * Generates a string that represents the locality in the LB policy config. The string is unique
+   * across all localities in all clusters.
+   */
+  private static String localityName(Locality locality) {
+    return "{region=\"" + locality.region()
+        + "\", zone=\"" + locality.zone()
+        + "\", sub_zone=\"" + locality.subZone()
+        + "\"}";
+  }
+
+  private final class ClusterState {
+    private Map<Locality, String> localityPriorityNames = Collections.emptyMap();
+    int priorityNameGenId = 1;
+
+    StatusOr<ClusterResolutionResult> edsUpdateToResult(
+        String clusterName,
+        CdsUpdate discovery,
+        Object lbConfig,
+        StatusOr<EdsUpdate> updateOr) {
+      if (!updateOr.hasValue()) {
+        return StatusOr.fromStatus(updateOr.getStatus());
+      }
+      EdsUpdate update = updateOr.getValue();
+      logger.log(XdsLogLevel.DEBUG, "Received endpoint update {0}", update);
+      if (logger.isLoggable(XdsLogLevel.INFO)) {
+        logger.log(XdsLogLevel.INFO, "Cluster {0}: {1} localities, {2} drop categories",
+            clusterName, update.localityLbEndpointsMap.size(),
+            update.dropPolicies.size());
+      }
+      Map<Locality, LocalityLbEndpoints> localityLbEndpoints =
+          update.localityLbEndpointsMap;
+      List<DropOverload> dropOverloads = update.dropPolicies;
+      List<EquivalentAddressGroup> addresses = new ArrayList<>();
+      Map<String, Map<Locality, Integer>> prioritizedLocalityWeights = new HashMap<>();
+      List<String> sortedPriorityNames =
+          generatePriorityNames(clusterName, localityLbEndpoints);
+      for (Locality locality : localityLbEndpoints.keySet()) {
+        LocalityLbEndpoints localityLbInfo = localityLbEndpoints.get(locality);
+        String priorityName = localityPriorityNames.get(locality);
+        boolean discard = true;
+        for (LbEndpoint endpoint : localityLbInfo.endpoints()) {
+          if (endpoint.isHealthy()) {
+            discard = false;
+            long weight = localityLbInfo.localityWeight();
+            if (endpoint.loadBalancingWeight() != 0) {
+              weight *= endpoint.loadBalancingWeight();
+            }
+            String localityName = localityName(locality);
+            Attributes attr =
+                endpoint.eag().getAttributes().toBuilder()
+                    .set(io.grpc.xds.XdsAttributes.ATTR_LOCALITY, locality)
+                    .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, localityName)
+                    .set(io.grpc.xds.XdsAttributes.ATTR_LOCALITY_WEIGHT,
+                        localityLbInfo.localityWeight())
+                    .set(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT, weight)
+                    .set(XdsInternalAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
+                    .build();
+            EquivalentAddressGroup eag;
+            if (discovery.isHttp11ProxyAvailable()) {
+              List<SocketAddress> rewrittenAddresses = new ArrayList<>();
+              for (SocketAddress addr : endpoint.eag().getAddresses()) {
+                rewrittenAddresses.add(rewriteAddress(
+                    addr, endpoint.endpointMetadata(), localityLbInfo.localityMetadata()));
+              }
+              eag = new EquivalentAddressGroup(rewrittenAddresses, attr);
+            } else {
+              eag = new EquivalentAddressGroup(endpoint.eag().getAddresses(), attr);
+            }
+            eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
+            addresses.add(eag);
+          }
+        }
+        if (discard) {
+          logger.log(XdsLogLevel.INFO,
+              "Discard locality {0} with 0 healthy endpoints", locality);
+          continue;
+        }
+        if (!prioritizedLocalityWeights.containsKey(priorityName)) {
+          prioritizedLocalityWeights.put(priorityName, new HashMap<Locality, Integer>());
+        }
+        prioritizedLocalityWeights.get(priorityName).put(
+            locality, localityLbInfo.localityWeight());
+      }
+      if (prioritizedLocalityWeights.isEmpty()) {
+        // Will still update the result, as if the cluster resource is revoked.
+        logger.log(XdsLogLevel.INFO,
+            "Cluster {0} has no usable priority/locality/endpoint", clusterName);
+      }
+      sortedPriorityNames.retainAll(prioritizedLocalityWeights.keySet());
+      Map<String, PriorityChildConfig> priorityChildConfigs =
+          generatePriorityChildConfigs(
+              clusterName, discovery, lbConfig, lbRegistry,
+              prioritizedLocalityWeights, dropOverloads);
+      return StatusOr.fromValue(new ClusterResolutionResult(addresses, priorityChildConfigs,
+          sortedPriorityNames));
+    }
+
+    private SocketAddress rewriteAddress(SocketAddress addr,
+        ImmutableMap<String, Object> endpointMetadata,
+        ImmutableMap<String, Object> localityMetadata) {
+      if (!(addr instanceof InetSocketAddress)) {
+        return addr;
+      }
+
+      SocketAddress proxyAddress;
+      try {
+        proxyAddress = (SocketAddress) endpointMetadata.get(
+            "envoy.http11_proxy_transport_socket.proxy_address");
+        if (proxyAddress == null) {
+          proxyAddress = (SocketAddress) localityMetadata.get(
+              "envoy.http11_proxy_transport_socket.proxy_address");
+        }
+      } catch (ClassCastException e) {
+        return addr;
+      }
+
+      if (proxyAddress == null) {
+        return addr;
+      }
+
+      return HttpConnectProxiedSocketAddress.newBuilder()
+          .setTargetAddress((InetSocketAddress) addr)
+          .setProxyAddress(proxyAddress)
+          .build();
+    }
+
+    private List<String> generatePriorityNames(String name,
+        Map<Locality, LocalityLbEndpoints> localityLbEndpoints) {
+      TreeMap<Integer, List<Locality>> todo = new TreeMap<>();
+      for (Locality locality : localityLbEndpoints.keySet()) {
+        int priority = localityLbEndpoints.get(locality).priority();
+        if (!todo.containsKey(priority)) {
+          todo.put(priority, new ArrayList<>());
+        }
+        todo.get(priority).add(locality);
+      }
+      Map<Locality, String> newNames = new HashMap<>();
+      Set<String> usedNames = new HashSet<>();
+      List<String> ret = new ArrayList<>();
+      for (Integer priority: todo.keySet()) {
+        String foundName = "";
+        for (Locality locality : todo.get(priority)) {
+          if (localityPriorityNames.containsKey(locality)
+              && usedNames.add(localityPriorityNames.get(locality))) {
+            foundName = localityPriorityNames.get(locality);
+            break;
+          }
+        }
+        if ("".equals(foundName)) {
+          foundName = priorityName(name, priorityNameGenId++);
+        }
+        for (Locality locality : todo.get(priority)) {
+          newNames.put(locality, foundName);
+        }
+        ret.add(foundName);
+      }
+      localityPriorityNames = newNames;
+      return ret;
+    }
+  }
+
+  private static class ClusterResolutionResult {
+    // Endpoint addresses.
+    private final List<EquivalentAddressGroup> addresses;
+    // Config (include load balancing policy/config) for each priority in the cluster.
+    private final Map<String, PriorityChildConfig> priorityChildConfigs;
+    // List of priority names ordered in descending priorities.
+    private final List<String> priorities;
+
+    ClusterResolutionResult(List<EquivalentAddressGroup> addresses,
+        Map<String, PriorityChildConfig> configs, List<String> priorities) {
+      this.addresses = addresses;
+      this.priorityChildConfigs = configs;
+      this.priorities = priorities;
+    }
+  }
+
+  /**
+   * Generates configs to be used in the priority LB policy for priorities in a cluster.
+   *
+   * <p>priority LB -> cluster_impl LB (one per priority) -> (weighted_target LB
+   * -> round_robin / least_request_experimental (one per locality)) / ring_hash_experimental
+   */
+  private static Map<String, PriorityChildConfig> generatePriorityChildConfigs(
+      String clusterName,
+      CdsUpdate discovery,
+      Object endpointLbConfig,
+      LoadBalancerRegistry lbRegistry,
+      Map<String, Map<Locality, Integer>> prioritizedLocalityWeights,
+      List<DropOverload> dropOverloads) {
+    Map<String, PriorityChildConfig> configs = new HashMap<>();
+    for (String priority : prioritizedLocalityWeights.keySet()) {
+      ClusterImplConfig clusterImplConfig =
+          new ClusterImplConfig(
+              clusterName, discovery.edsServiceName(), discovery.lrsServerInfo(),
+              discovery.maxConcurrentRequests(), dropOverloads, endpointLbConfig,
+              discovery.upstreamTlsContext(), discovery.filterMetadata(),
+              discovery.backendMetricPropagation());
+      LoadBalancerProvider clusterImplLbProvider =
+          lbRegistry.getProvider(XdsLbPolicies.CLUSTER_IMPL_POLICY_NAME);
+      Object priorityChildPolicy = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+          clusterImplLbProvider, clusterImplConfig);
+
+      // If outlier detection has been configured we wrap the child policy in the outlier detection
+      // load balancer.
+      if (discovery.outlierDetection() != null) {
+        LoadBalancerProvider outlierDetectionProvider = lbRegistry.getProvider(
+            "outlier_detection_experimental");
+        priorityChildPolicy = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
+            outlierDetectionProvider,
+            buildOutlierDetectionLbConfig(discovery.outlierDetection(), priorityChildPolicy));
+      }
+
+      boolean isEds = discovery.clusterType() == ClusterType.EDS;
+      PriorityChildConfig priorityChildConfig =
+          new PriorityChildConfig(priorityChildPolicy, isEds /* ignoreReresolution */);
+      configs.put(priority, priorityChildConfig);
+    }
+    return configs;
+  }
+
+  /**
+   * Converts {@link OutlierDetection} that represents the xDS configuration to {@link
+   * OutlierDetectionLoadBalancerConfig} that the {@link io.grpc.util.OutlierDetectionLoadBalancer}
+   * understands.
+   */
+  private static OutlierDetectionLoadBalancerConfig buildOutlierDetectionLbConfig(
+      OutlierDetection outlierDetection, Object childConfig) {
+    OutlierDetectionLoadBalancerConfig.Builder configBuilder
+        = new OutlierDetectionLoadBalancerConfig.Builder();
+
+    configBuilder.setChildConfig(childConfig);
+
+    if (outlierDetection.intervalNanos() != null) {
+      configBuilder.setIntervalNanos(outlierDetection.intervalNanos());
+    }
+    if (outlierDetection.baseEjectionTimeNanos() != null) {
+      configBuilder.setBaseEjectionTimeNanos(outlierDetection.baseEjectionTimeNanos());
+    }
+    if (outlierDetection.maxEjectionTimeNanos() != null) {
+      configBuilder.setMaxEjectionTimeNanos(outlierDetection.maxEjectionTimeNanos());
+    }
+    if (outlierDetection.maxEjectionPercent() != null) {
+      configBuilder.setMaxEjectionPercent(outlierDetection.maxEjectionPercent());
+    }
+
+    SuccessRateEjection successRate = outlierDetection.successRateEjection();
+    if (successRate != null) {
+      OutlierDetectionLoadBalancerConfig.SuccessRateEjection.Builder
+          successRateConfigBuilder = new OutlierDetectionLoadBalancerConfig
+          .SuccessRateEjection.Builder();
+
+      if (successRate.stdevFactor() != null) {
+        successRateConfigBuilder.setStdevFactor(successRate.stdevFactor());
+      }
+      if (successRate.enforcementPercentage() != null) {
+        successRateConfigBuilder.setEnforcementPercentage(successRate.enforcementPercentage());
+      }
+      if (successRate.minimumHosts() != null) {
+        successRateConfigBuilder.setMinimumHosts(successRate.minimumHosts());
+      }
+      if (successRate.requestVolume() != null) {
+        successRateConfigBuilder.setRequestVolume(successRate.requestVolume());
+      }
+
+      configBuilder.setSuccessRateEjection(successRateConfigBuilder.build());
+    }
+
+    FailurePercentageEjection failurePercentage = outlierDetection.failurePercentageEjection();
+    if (failurePercentage != null) {
+      OutlierDetectionLoadBalancerConfig.FailurePercentageEjection.Builder
+          failurePercentageConfigBuilder = new OutlierDetectionLoadBalancerConfig
+          .FailurePercentageEjection.Builder();
+
+      if (failurePercentage.threshold() != null) {
+        failurePercentageConfigBuilder.setThreshold(failurePercentage.threshold());
+      }
+      if (failurePercentage.enforcementPercentage() != null) {
+        failurePercentageConfigBuilder.setEnforcementPercentage(
+            failurePercentage.enforcementPercentage());
+      }
+      if (failurePercentage.minimumHosts() != null) {
+        failurePercentageConfigBuilder.setMinimumHosts(failurePercentage.minimumHosts());
+      }
+      if (failurePercentage.requestVolume() != null) {
+        failurePercentageConfigBuilder.setRequestVolume(failurePercentage.requestVolume());
+      }
+
+      configBuilder.setFailurePercentageEjection(failurePercentageConfigBuilder.build());
+    }
+
+    return configBuilder.build();
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
deleted file mode 100644
index 61bfd3c0839..00000000000
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancer.java
+++ /dev/null
@@ -1,455 +0,0 @@
-/*
- * Copyright 2020 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.xds;
-
-import static com.google.common.base.Preconditions.checkNotNull;
-import static io.grpc.xds.XdsLbPolicies.PRIORITY_POLICY_NAME;
-
-import com.google.common.collect.ImmutableMap;
-import io.grpc.Attributes;
-import io.grpc.EquivalentAddressGroup;
-import io.grpc.HttpConnectProxiedSocketAddress;
-import io.grpc.InternalLogId;
-import io.grpc.LoadBalancer;
-import io.grpc.LoadBalancerProvider;
-import io.grpc.LoadBalancerRegistry;
-import io.grpc.Status;
-import io.grpc.StatusOr;
-import io.grpc.util.GracefulSwitchLoadBalancer;
-import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
-import io.grpc.xds.ClusterImplLoadBalancerProvider.ClusterImplConfig;
-import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
-import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig.DiscoveryMechanism;
-import io.grpc.xds.Endpoints.DropOverload;
-import io.grpc.xds.Endpoints.LbEndpoint;
-import io.grpc.xds.Endpoints.LocalityLbEndpoints;
-import io.grpc.xds.EnvoyServerProtoData.FailurePercentageEjection;
-import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
-import io.grpc.xds.EnvoyServerProtoData.SuccessRateEjection;
-import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig;
-import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
-import io.grpc.xds.XdsConfig.XdsClusterConfig;
-import io.grpc.xds.XdsEndpointResource.EdsUpdate;
-import io.grpc.xds.client.Locality;
-import io.grpc.xds.client.XdsLogger;
-import io.grpc.xds.client.XdsLogger.XdsLogLevel;
-import io.grpc.xds.internal.XdsInternalAttributes;
-import java.net.InetSocketAddress;
-import java.net.SocketAddress;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeMap;
-
-/**
- * Load balancer for cluster_resolver_experimental LB policy. This LB policy is the child LB policy
- * of the cds_experimental LB policy and the parent LB policy of the priority_experimental LB
- * policy in the xDS load balancing hierarchy. This policy converts endpoints of non-aggregate
- * clusters (e.g., EDS or Logical DNS) and groups endpoints in priorities and localities to be
- * used in the downstream LB policies for fine-grained load balancing purposes.
- */
-final class ClusterResolverLoadBalancer extends LoadBalancer {
-  private final XdsLogger logger;
-  private final LoadBalancerRegistry lbRegistry;
-  private final LoadBalancer delegate;
-  private ClusterState clusterState;
-
-  ClusterResolverLoadBalancer(Helper helper, LoadBalancerRegistry lbRegistry) {
-    this.delegate = lbRegistry.getProvider(PRIORITY_POLICY_NAME).newLoadBalancer(helper);
-    this.lbRegistry = checkNotNull(lbRegistry, "lbRegistry");
-    logger = XdsLogger.withLogId(
-        InternalLogId.allocate("cluster-resolver-lb", helper.getAuthority()));
-    logger.log(XdsLogLevel.INFO, "Created");
-  }
-
-  @Override
-  public void handleNameResolutionError(Status error) {
-    logger.log(XdsLogLevel.WARNING, "Received name resolution error: {0}", error);
-    delegate.handleNameResolutionError(error);
-  }
-
-  @Override
-  public void shutdown() {
-    logger.log(XdsLogLevel.INFO, "Shutdown");
-    delegate.shutdown();
-  }
-
-  @Override
-  public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
-    logger.log(XdsLogLevel.DEBUG, "Received resolution result: {0}", resolvedAddresses);
-    ClusterResolverConfig config =
-        (ClusterResolverConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
-    XdsConfig xdsConfig = resolvedAddresses.getAttributes().get(
-        io.grpc.xds.XdsAttributes.XDS_CONFIG);
-
-    DiscoveryMechanism instance = config.discoveryMechanism;
-    String cluster = instance.cluster;
-    if (clusterState == null) {
-      clusterState = new ClusterState();
-    }
-
-    StatusOr<EdsUpdate> edsUpdate = getEdsUpdate(xdsConfig, cluster);
-    StatusOr<ClusterResolutionResult> statusOrResult =
-        clusterState.edsUpdateToResult(config, instance, edsUpdate);
-    if (!statusOrResult.hasValue()) {
-      Status status = Status.UNAVAILABLE
-          .withDescription(statusOrResult.getStatus().getDescription())
-          .withCause(statusOrResult.getStatus().getCause());
-      delegate.handleNameResolutionError(status);
-      return status;
-    }
-    ClusterResolutionResult result = statusOrResult.getValue();
-    List<EquivalentAddressGroup> addresses = result.addresses;
-    if (addresses.isEmpty()) {
-      Status status = Status.UNAVAILABLE
-          .withDescription("No usable endpoint from cluster: " + cluster);
-      delegate.handleNameResolutionError(status);
-      return status;
-    }
-    PriorityLbConfig childConfig =
-        new PriorityLbConfig(
-            Collections.unmodifiableMap(result.priorityChildConfigs),
-            Collections.unmodifiableList(result.priorities));
-    return delegate.acceptResolvedAddresses(
-        resolvedAddresses.toBuilder()
-            .setLoadBalancingPolicyConfig(childConfig)
-            .setAddresses(Collections.unmodifiableList(addresses))
-            .build());
-  }
-
-  private static StatusOr<EdsUpdate> getEdsUpdate(XdsConfig xdsConfig, String cluster) {
-    StatusOr<XdsClusterConfig> clusterConfig = xdsConfig.getClusters().get(cluster);
-    if (clusterConfig == null) {
-      return StatusOr.fromStatus(Status.INTERNAL
-          .withDescription("BUG: cluster resolver could not find cluster in xdsConfig"));
-    }
-    if (!clusterConfig.hasValue()) {
-      return StatusOr.fromStatus(clusterConfig.getStatus());
-    }
-    if (!(clusterConfig.getValue().getChildren() instanceof XdsClusterConfig.EndpointConfig)) {
-      return StatusOr.fromStatus(Status.INTERNAL
-          .withDescription("BUG: cluster resolver cluster with children of unknown type"));
-    }
-    XdsClusterConfig.EndpointConfig endpointConfig =
-        (XdsClusterConfig.EndpointConfig) clusterConfig.getValue().getChildren();
-    return endpointConfig.getEndpoint();
-  }
-
-  private final class ClusterState {
-    private Map<Locality, String> localityPriorityNames = Collections.emptyMap();
-    int priorityNameGenId = 1;
-
-    StatusOr<ClusterResolutionResult> edsUpdateToResult(
-        ClusterResolverConfig config, DiscoveryMechanism discovery, StatusOr<EdsUpdate> updateOr) {
-      if (!updateOr.hasValue()) {
-        return StatusOr.fromStatus(updateOr.getStatus());
-      }
-      EdsUpdate update = updateOr.getValue();
-      logger.log(XdsLogLevel.DEBUG, "Received endpoint update {0}", update);
-      if (logger.isLoggable(XdsLogLevel.INFO)) {
-        logger.log(XdsLogLevel.INFO, "Cluster {0}: {1} localities, {2} drop categories",
-            discovery.cluster, update.localityLbEndpointsMap.size(),
-            update.dropPolicies.size());
-      }
-      Map<Locality, LocalityLbEndpoints> localityLbEndpoints =
-          update.localityLbEndpointsMap;
-      List<DropOverload> dropOverloads = update.dropPolicies;
-      List<EquivalentAddressGroup> addresses = new ArrayList<>();
-      Map<String, Map<Locality, Integer>> prioritizedLocalityWeights = new HashMap<>();
-      List<String> sortedPriorityNames =
-          generatePriorityNames(discovery.cluster, localityLbEndpoints);
-      for (Locality locality : localityLbEndpoints.keySet()) {
-        LocalityLbEndpoints localityLbInfo = localityLbEndpoints.get(locality);
-        String priorityName = localityPriorityNames.get(locality);
-        boolean discard = true;
-        for (LbEndpoint endpoint : localityLbInfo.endpoints()) {
-          if (endpoint.isHealthy()) {
-            discard = false;
-            long weight = localityLbInfo.localityWeight();
-            if (endpoint.loadBalancingWeight() != 0) {
-              weight *= endpoint.loadBalancingWeight();
-            }
-            String localityName = localityName(locality);
-            Attributes attr =
-                endpoint.eag().getAttributes().toBuilder()
-                    .set(io.grpc.xds.XdsAttributes.ATTR_LOCALITY, locality)
-                    .set(EquivalentAddressGroup.ATTR_LOCALITY_NAME, localityName)
-                    .set(io.grpc.xds.XdsAttributes.ATTR_LOCALITY_WEIGHT,
-                        localityLbInfo.localityWeight())
-                    .set(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT, weight)
-                    .set(XdsInternalAttributes.ATTR_ADDRESS_NAME, endpoint.hostname())
-                    .build();
-            EquivalentAddressGroup eag;
-            if (config.isHttp11ProxyAvailable()) {
-              List<SocketAddress> rewrittenAddresses = new ArrayList<>();
-              for (SocketAddress addr : endpoint.eag().getAddresses()) {
-                rewrittenAddresses.add(rewriteAddress(
-                    addr, endpoint.endpointMetadata(), localityLbInfo.localityMetadata()));
-              }
-              eag = new EquivalentAddressGroup(rewrittenAddresses, attr);
-            } else {
-              eag = new EquivalentAddressGroup(endpoint.eag().getAddresses(), attr);
-            }
-            eag = AddressFilter.setPathFilter(eag, Arrays.asList(priorityName, localityName));
-            addresses.add(eag);
-          }
-        }
-        if (discard) {
-          logger.log(XdsLogLevel.INFO,
-              "Discard locality {0} with 0 healthy endpoints", locality);
-          continue;
-        }
-        if (!prioritizedLocalityWeights.containsKey(priorityName)) {
-          prioritizedLocalityWeights.put(priorityName, new HashMap<Locality, Integer>());
-        }
-        prioritizedLocalityWeights.get(priorityName).put(
-            locality, localityLbInfo.localityWeight());
-      }
-      if (prioritizedLocalityWeights.isEmpty()) {
-        // Will still update the result, as if the cluster resource is revoked.
-        logger.log(XdsLogLevel.INFO,
-            "Cluster {0} has no usable priority/locality/endpoint", discovery.cluster);
-      }
-      sortedPriorityNames.retainAll(prioritizedLocalityWeights.keySet());
-      Map<String, PriorityChildConfig> priorityChildConfigs =
-          generatePriorityChildConfigs(
-              discovery, config.lbConfig, lbRegistry,
-              prioritizedLocalityWeights, dropOverloads);
-      return StatusOr.fromValue(new ClusterResolutionResult(addresses, priorityChildConfigs,
-          sortedPriorityNames));
-    }
-
-    private SocketAddress rewriteAddress(SocketAddress addr,
-        ImmutableMap<String, Object> endpointMetadata,
-        ImmutableMap<String, Object> localityMetadata) {
-      if (!(addr instanceof InetSocketAddress)) {
-        return addr;
-      }
-
-      SocketAddress proxyAddress;
-      try {
-        proxyAddress = (SocketAddress) endpointMetadata.get(
-            "envoy.http11_proxy_transport_socket.proxy_address");
-        if (proxyAddress == null) {
-          proxyAddress = (SocketAddress) localityMetadata.get(
-              "envoy.http11_proxy_transport_socket.proxy_address");
-        }
-      } catch (ClassCastException e) {
-        return addr;
-      }
-
-      if (proxyAddress == null) {
-        return addr;
-      }
-
-      return HttpConnectProxiedSocketAddress.newBuilder()
-          .setTargetAddress((InetSocketAddress) addr)
-          .setProxyAddress(proxyAddress)
-          .build();
-    }
-
-    private List<String> generatePriorityNames(String name,
-        Map<Locality, LocalityLbEndpoints> localityLbEndpoints) {
-      TreeMap<Integer, List<Locality>> todo = new TreeMap<>();
-      for (Locality locality : localityLbEndpoints.keySet()) {
-        int priority = localityLbEndpoints.get(locality).priority();
-        if (!todo.containsKey(priority)) {
-          todo.put(priority, new ArrayList<>());
-        }
-        todo.get(priority).add(locality);
-      }
-      Map<Locality, String> newNames = new HashMap<>();
-      Set<String> usedNames = new HashSet<>();
-      List<String> ret = new ArrayList<>();
-      for (Integer priority: todo.keySet()) {
-        String foundName = "";
-        for (Locality locality : todo.get(priority)) {
-          if (localityPriorityNames.containsKey(locality)
-              && usedNames.add(localityPriorityNames.get(locality))) {
-            foundName = localityPriorityNames.get(locality);
-            break;
-          }
-        }
-        if ("".equals(foundName)) {
-          foundName = priorityName(name, priorityNameGenId++);
-        }
-        for (Locality locality : todo.get(priority)) {
-          newNames.put(locality, foundName);
-        }
-        ret.add(foundName);
-      }
-      localityPriorityNames = newNames;
-      return ret;
-    }
-  }
-
-  private static class ClusterResolutionResult {
-    // Endpoint addresses.
-    private final List<EquivalentAddressGroup> addresses;
-    // Config (include load balancing policy/config) for each priority in the cluster.
-    private final Map<String, PriorityChildConfig> priorityChildConfigs;
-    // List of priority names ordered in descending priorities.
-    private final List<String> priorities;
-
-    ClusterResolutionResult(List<EquivalentAddressGroup> addresses,
-        Map<String, PriorityChildConfig> configs, List<String> priorities) {
-      this.addresses = addresses;
-      this.priorityChildConfigs = configs;
-      this.priorities = priorities;
-    }
-  }
-
-  /**
-   * Generates configs to be used in the priority LB policy for priorities in a cluster.
-   *
-   * <p>priority LB -> cluster_impl LB (one per priority) -> (weighted_target LB
-   * -> round_robin / least_request_experimental (one per locality)) / ring_hash_experimental
-   */
-  private static Map<String, PriorityChildConfig> generatePriorityChildConfigs(
-      DiscoveryMechanism discovery,
-      Object endpointLbConfig,
-      LoadBalancerRegistry lbRegistry,
-      Map<String, Map<Locality, Integer>> prioritizedLocalityWeights,
-      List<DropOverload> dropOverloads) {
-    Map<String, PriorityChildConfig> configs = new HashMap<>();
-    for (String priority : prioritizedLocalityWeights.keySet()) {
-      ClusterImplConfig clusterImplConfig =
-          new ClusterImplConfig(
-              discovery.cluster, discovery.edsServiceName, discovery.lrsServerInfo,
-              discovery.maxConcurrentRequests, dropOverloads, endpointLbConfig,
-              discovery.tlsContext, discovery.filterMetadata, discovery.backendMetricPropagation);
-      LoadBalancerProvider clusterImplLbProvider =
-          lbRegistry.getProvider(XdsLbPolicies.CLUSTER_IMPL_POLICY_NAME);
-      Object priorityChildPolicy = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-          clusterImplLbProvider, clusterImplConfig);
-
-      // If outlier detection has been configured we wrap the child policy in the outlier detection
-      // load balancer.
-      if (discovery.outlierDetection != null) {
-        LoadBalancerProvider outlierDetectionProvider = lbRegistry.getProvider(
-            "outlier_detection_experimental");
-        priorityChildPolicy = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-            outlierDetectionProvider,
-            buildOutlierDetectionLbConfig(discovery.outlierDetection, priorityChildPolicy));
-      }
-
-      boolean isEds = discovery.type == DiscoveryMechanism.Type.EDS;
-      PriorityChildConfig priorityChildConfig =
-          new PriorityChildConfig(priorityChildPolicy, isEds /* ignoreReresolution */);
-      configs.put(priority, priorityChildConfig);
-    }
-    return configs;
-  }
-
-  /**
-   * Converts {@link OutlierDetection} that represents the xDS configuration to {@link
-   * OutlierDetectionLoadBalancerConfig} that the {@link io.grpc.util.OutlierDetectionLoadBalancer}
-   * understands.
-   */
-  private static OutlierDetectionLoadBalancerConfig buildOutlierDetectionLbConfig(
-      OutlierDetection outlierDetection, Object childConfig) {
-    OutlierDetectionLoadBalancerConfig.Builder configBuilder
-        = new OutlierDetectionLoadBalancerConfig.Builder();
-
-    configBuilder.setChildConfig(childConfig);
-
-    if (outlierDetection.intervalNanos() != null) {
-      configBuilder.setIntervalNanos(outlierDetection.intervalNanos());
-    }
-    if (outlierDetection.baseEjectionTimeNanos() != null) {
-      configBuilder.setBaseEjectionTimeNanos(outlierDetection.baseEjectionTimeNanos());
-    }
-    if (outlierDetection.maxEjectionTimeNanos() != null) {
-      configBuilder.setMaxEjectionTimeNanos(outlierDetection.maxEjectionTimeNanos());
-    }
-    if (outlierDetection.maxEjectionPercent() != null) {
-      configBuilder.setMaxEjectionPercent(outlierDetection.maxEjectionPercent());
-    }
-
-    SuccessRateEjection successRate = outlierDetection.successRateEjection();
-    if (successRate != null) {
-      OutlierDetectionLoadBalancerConfig.SuccessRateEjection.Builder
-          successRateConfigBuilder = new OutlierDetectionLoadBalancerConfig
-          .SuccessRateEjection.Builder();
-
-      if (successRate.stdevFactor() != null) {
-        successRateConfigBuilder.setStdevFactor(successRate.stdevFactor());
-      }
-      if (successRate.enforcementPercentage() != null) {
-        successRateConfigBuilder.setEnforcementPercentage(successRate.enforcementPercentage());
-      }
-      if (successRate.minimumHosts() != null) {
-        successRateConfigBuilder.setMinimumHosts(successRate.minimumHosts());
-      }
-      if (successRate.requestVolume() != null) {
-        successRateConfigBuilder.setRequestVolume(successRate.requestVolume());
-      }
-
-      configBuilder.setSuccessRateEjection(successRateConfigBuilder.build());
-    }
-
-    FailurePercentageEjection failurePercentage = outlierDetection.failurePercentageEjection();
-    if (failurePercentage != null) {
-      OutlierDetectionLoadBalancerConfig.FailurePercentageEjection.Builder
-          failurePercentageConfigBuilder = new OutlierDetectionLoadBalancerConfig
-          .FailurePercentageEjection.Builder();
-
-      if (failurePercentage.threshold() != null) {
-        failurePercentageConfigBuilder.setThreshold(failurePercentage.threshold());
-      }
-      if (failurePercentage.enforcementPercentage() != null) {
-        failurePercentageConfigBuilder.setEnforcementPercentage(
-            failurePercentage.enforcementPercentage());
-      }
-      if (failurePercentage.minimumHosts() != null) {
-        failurePercentageConfigBuilder.setMinimumHosts(failurePercentage.minimumHosts());
-      }
-      if (failurePercentage.requestVolume() != null) {
-        failurePercentageConfigBuilder.setRequestVolume(failurePercentage.requestVolume());
-      }
-
-      configBuilder.setFailurePercentageEjection(failurePercentageConfigBuilder.build());
-    }
-
-    return configBuilder.build();
-  }
-
-  /**
-   * Generates a string that represents the priority in the LB policy config. The string is unique
-   * across priorities in all clusters and priorityName(c, p1) < priorityName(c, p2) iff p1 < p2.
-   * The ordering is undefined for priorities in different clusters.
-   */
-  private static String priorityName(String cluster, int priority) {
-    return cluster + "[child" + priority + "]";
-  }
-
-  /**
-   * Generates a string that represents the locality in the LB policy config. The string is unique
-   * across all localities in all clusters.
-   */
-  private static String localityName(Locality locality) {
-    return "{region=\"" + locality.region()
-        + "\", zone=\"" + locality.zone()
-        + "\", sub_zone=\"" + locality.subZone()
-        + "\"}";
-  }
-}
diff --git a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
deleted file mode 100644
index f6f92a7a9a7..00000000000
--- a/xds/src/main/java/io/grpc/xds/ClusterResolverLoadBalancerProvider.java
+++ /dev/null
@@ -1,245 +0,0 @@
-/*
- * Copyright 2020 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.xds;
-
-import static com.google.common.base.Preconditions.checkNotNull;
-
-import com.google.common.base.MoreObjects;
-import com.google.common.collect.ImmutableMap;
-import com.google.protobuf.Struct;
-import io.grpc.Internal;
-import io.grpc.LoadBalancer;
-import io.grpc.LoadBalancer.Helper;
-import io.grpc.LoadBalancerProvider;
-import io.grpc.LoadBalancerRegistry;
-import io.grpc.NameResolver.ConfigOrError;
-import io.grpc.Status;
-import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;
-import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
-import io.grpc.xds.client.BackendMetricPropagation;
-import io.grpc.xds.client.Bootstrapper.ServerInfo;
-import java.util.Map;
-import java.util.Objects;
-import javax.annotation.Nullable;
-
-/**
- * The provider for the cluster_resolver load balancing policy. This class should not be directly
- * referenced in code.  The policy should be accessed through
- * {@link io.grpc.LoadBalancerRegistry#getProvider} with the name "cluster_resolver_experimental".
- */
-@Internal
-public final class ClusterResolverLoadBalancerProvider extends LoadBalancerProvider {
-  private final LoadBalancerRegistry lbRegistry;
-
-  public ClusterResolverLoadBalancerProvider() {
-    this.lbRegistry = null;
-  }
-
-  ClusterResolverLoadBalancerProvider(LoadBalancerRegistry lbRegistry) {
-    this.lbRegistry = checkNotNull(lbRegistry, "lbRegistry");
-  }
-
-  @Override
-  public boolean isAvailable() {
-    return true;
-  }
-
-  @Override
-  public int getPriority() {
-    return 5;
-  }
-
-  @Override
-  public String getPolicyName() {
-    return XdsLbPolicies.CLUSTER_RESOLVER_POLICY_NAME;
-  }
-
-  @Override
-  public ConfigOrError parseLoadBalancingPolicyConfig(Map<String, ?> rawLoadBalancingPolicyConfig) {
-    return ConfigOrError.fromError(
-        Status.INTERNAL.withDescription(getPolicyName() + " cannot be used from service config"));
-  }
-
-  @Override
-  public LoadBalancer newLoadBalancer(Helper helper) {
-    LoadBalancerRegistry lbRegistry = this.lbRegistry;
-    if (lbRegistry == null) {
-      lbRegistry = LoadBalancerRegistry.getDefaultRegistry();
-    }
-    return new ClusterResolverLoadBalancer(helper, lbRegistry);
-  }
-
-  static final class ClusterResolverConfig {
-    // Cluster to be resolved.
-    final DiscoveryMechanism discoveryMechanism;
-    // GracefulSwitch configuration
-    final Object lbConfig;
-    private final boolean isHttp11ProxyAvailable;
-
-    ClusterResolverConfig(DiscoveryMechanism discoveryMechanism, Object lbConfig,
-        boolean isHttp11ProxyAvailable) {
-      this.discoveryMechanism = checkNotNull(discoveryMechanism, "discoveryMechanism");
-      this.lbConfig = checkNotNull(lbConfig, "lbConfig");
-      this.isHttp11ProxyAvailable = isHttp11ProxyAvailable;
-    }
-
-    boolean isHttp11ProxyAvailable() {
-      return isHttp11ProxyAvailable;
-    }
-
-    @Override
-    public int hashCode() {
-      return Objects.hash(discoveryMechanism, lbConfig, isHttp11ProxyAvailable);
-    }
-
-    @Override
-    public boolean equals(Object o) {
-      if (this == o) {
-        return true;
-      }
-      if (o == null || getClass() != o.getClass()) {
-        return false;
-      }
-      ClusterResolverConfig that = (ClusterResolverConfig) o;
-      return discoveryMechanism.equals(that.discoveryMechanism)
-          && lbConfig.equals(that.lbConfig)
-          && isHttp11ProxyAvailable == that.isHttp11ProxyAvailable;
-    }
-
-    @Override
-    public String toString() {
-      return MoreObjects.toStringHelper(this)
-          .add("discoveryMechanism", discoveryMechanism)
-          .add("lbConfig", lbConfig)
-          .add("isHttp11ProxyAvailable", isHttp11ProxyAvailable)
-          .toString();
-    }
-
-    // Describes the mechanism for a specific cluster.
-    static final class DiscoveryMechanism {
-      // Name of the cluster to resolve.
-      final String cluster;
-      // Type of the cluster.
-      final Type type;
-      // Load reporting server info. Null if not enabled.
-      @Nullable
-      final ServerInfo lrsServerInfo;
-      // Cluster-level max concurrent request threshold. Null if not specified.
-      @Nullable
-      final Long maxConcurrentRequests;
-      // TLS context for connections to endpoints in the cluster.
-      @Nullable
-      final UpstreamTlsContext tlsContext;
-      // Resource name for resolving endpoints via EDS. Only valid for EDS clusters.
-      @Nullable
-      final String edsServiceName;
-      // Hostname for resolving endpoints via DNS. Only valid for LOGICAL_DNS clusters.
-      @Nullable
-      final String dnsHostName;
-      @Nullable
-      final OutlierDetection outlierDetection;
-      final Map<String, Struct> filterMetadata;
-      @Nullable
-      final BackendMetricPropagation backendMetricPropagation;
-
-      enum Type {
-        EDS,
-        LOGICAL_DNS,
-      }
-
-      private DiscoveryMechanism(String cluster, Type type, @Nullable String edsServiceName,
-          @Nullable String dnsHostName, @Nullable ServerInfo lrsServerInfo,
-          @Nullable Long maxConcurrentRequests, @Nullable UpstreamTlsContext tlsContext,
-          Map<String, Struct> filterMetadata, @Nullable OutlierDetection outlierDetection,
-          @Nullable BackendMetricPropagation backendMetricPropagation) {
-        this.cluster = checkNotNull(cluster, "cluster");
-        this.type = checkNotNull(type, "type");
-        this.edsServiceName = edsServiceName;
-        this.dnsHostName = dnsHostName;
-        this.lrsServerInfo = lrsServerInfo;
-        this.maxConcurrentRequests = maxConcurrentRequests;
-        this.tlsContext = tlsContext;
-        this.filterMetadata = ImmutableMap.copyOf(checkNotNull(filterMetadata, "filterMetadata"));
-        this.outlierDetection = outlierDetection;
-        this.backendMetricPropagation = backendMetricPropagation;
-      }
-
-      static DiscoveryMechanism forEds(String cluster, @Nullable String edsServiceName,
-          @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
-          @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata,
-          OutlierDetection outlierDetection,
-          @Nullable BackendMetricPropagation backendMetricPropagation) {
-        return new DiscoveryMechanism(cluster, Type.EDS, edsServiceName,
-            null, lrsServerInfo, maxConcurrentRequests, tlsContext,
-            filterMetadata, outlierDetection, backendMetricPropagation);
-      }
-
-      static DiscoveryMechanism forLogicalDns(String cluster, String dnsHostName,
-          @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,
-          @Nullable UpstreamTlsContext tlsContext, Map<String, Struct> filterMetadata,
-          @Nullable BackendMetricPropagation backendMetricPropagation) {
-        return new DiscoveryMechanism(cluster, Type.LOGICAL_DNS, null, dnsHostName,
-            lrsServerInfo, maxConcurrentRequests, tlsContext, filterMetadata, null,
-            backendMetricPropagation);
-      }
-
-      @Override
-      public int hashCode() {
-        return Objects.hash(cluster, type, lrsServerInfo, maxConcurrentRequests, tlsContext,
-            edsServiceName, dnsHostName, filterMetadata,
-            outlierDetection, backendMetricPropagation);
-      }
-
-      @Override
-      public boolean equals(Object o) {
-        if (this == o) {
-          return true;
-        }
-        if (o == null || getClass() != o.getClass()) {
-          return false;
-        }
-        DiscoveryMechanism that = (DiscoveryMechanism) o;
-        return cluster.equals(that.cluster)
-            && type == that.type
-            && Objects.equals(edsServiceName, that.edsServiceName)
-            && Objects.equals(dnsHostName, that.dnsHostName)
-            && Objects.equals(lrsServerInfo, that.lrsServerInfo)
-            && Objects.equals(maxConcurrentRequests, that.maxConcurrentRequests)
-            && Objects.equals(tlsContext, that.tlsContext)
-            && Objects.equals(filterMetadata, that.filterMetadata)
-            && Objects.equals(outlierDetection, that.outlierDetection);
-      }
-
-      @Override
-      public String toString() {
-        MoreObjects.ToStringHelper toStringHelper =
-            MoreObjects.toStringHelper(this)
-                .add("cluster", cluster)
-                .add("type", type)
-                .add("edsServiceName", edsServiceName)
-                .add("dnsHostName", dnsHostName)
-                .add("lrsServerInfo", lrsServerInfo)
-                // Exclude tlsContext as its string representation is cumbersome.
-                .add("maxConcurrentRequests", maxConcurrentRequests)
-                .add("filterMetadata", filterMetadata)
-                // Exclude outlierDetection as its string representation is long.
-                ;
-        return toStringHelper.toString();
-      }
-    }
-  }
-}
diff --git a/xds/src/main/java/io/grpc/xds/XdsLbPolicies.java b/xds/src/main/java/io/grpc/xds/XdsLbPolicies.java
index dcca2fbfff3..ae5ac38b471 100644
--- a/xds/src/main/java/io/grpc/xds/XdsLbPolicies.java
+++ b/xds/src/main/java/io/grpc/xds/XdsLbPolicies.java
@@ -19,7 +19,6 @@
 final class XdsLbPolicies {
   static final String CLUSTER_MANAGER_POLICY_NAME = "cluster_manager_experimental";
   static final String CDS_POLICY_NAME = "cds_experimental";
-  static final String CLUSTER_RESOLVER_POLICY_NAME = "cluster_resolver_experimental";
   static final String PRIORITY_POLICY_NAME = "priority_experimental";
   static final String CLUSTER_IMPL_POLICY_NAME = "cluster_impl_experimental";
   static final String WEIGHTED_TARGET_POLICY_NAME = "weighted_target_experimental";
diff --git a/xds/src/main/resources/META-INF/services/io.grpc.LoadBalancerProvider b/xds/src/main/resources/META-INF/services/io.grpc.LoadBalancerProvider
index e1c4d4aa427..04a2d9cf7a8 100644
--- a/xds/src/main/resources/META-INF/services/io.grpc.LoadBalancerProvider
+++ b/xds/src/main/resources/META-INF/services/io.grpc.LoadBalancerProvider
@@ -2,7 +2,6 @@ io.grpc.xds.CdsLoadBalancerProvider
 io.grpc.xds.PriorityLoadBalancerProvider
 io.grpc.xds.WeightedTargetLoadBalancerProvider
 io.grpc.xds.ClusterManagerLoadBalancerProvider
-io.grpc.xds.ClusterResolverLoadBalancerProvider
 io.grpc.xds.ClusterImplLoadBalancerProvider
 io.grpc.xds.LeastRequestLoadBalancerProvider
 io.grpc.xds.RingHashLoadBalancerProvider
diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
index c1d3322faa2..928520aded7 100644
--- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
+++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java
@@ -17,7 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
-import static io.grpc.xds.XdsLbPolicies.CLUSTER_RESOLVER_POLICY_NAME;
+import static io.grpc.xds.XdsLbPolicies.CLUSTER_IMPL_POLICY_NAME;
 import static io.grpc.xds.XdsLbPolicies.PRIORITY_POLICY_NAME;
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_CDS;
 import static io.grpc.xds.XdsTestControlPlaneService.ADS_TYPE_URL_EDS;
@@ -78,11 +78,7 @@
 import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.util.GracefulSwitchLoadBalancerAccessor;
 import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
-import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
-import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig.DiscoveryMechanism;
-import io.grpc.xds.EnvoyServerProtoData.FailurePercentageEjection;
-import io.grpc.xds.EnvoyServerProtoData.SuccessRateEjection;
-import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.ClusterImplLoadBalancerProvider.ClusterImplConfig;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import java.util.ArrayList;
@@ -139,7 +135,6 @@ public class CdsLoadBalancer2Test {
             .directExecutor()
             .build()),
       fakeClock);
-  private final ServerInfo lrsServerInfo = xdsClient.getBootstrapInfo().servers().get(0);
   private XdsDependencyManager xdsDepManager;
 
   @Mock
@@ -151,8 +146,10 @@ public class CdsLoadBalancer2Test {
 
   @Before
   public void setUp() throws Exception {
-    lbRegistry.register(new FakeLoadBalancerProvider(CLUSTER_RESOLVER_POLICY_NAME));
+    lbRegistry.register(new FakeLoadBalancerProvider(PRIORITY_POLICY_NAME));
+    lbRegistry.register(new FakeLoadBalancerProvider(CLUSTER_IMPL_POLICY_NAME));
     lbRegistry.register(new FakeLoadBalancerProvider("round_robin"));
+    lbRegistry.register(new FakeLoadBalancerProvider("outlier_detection_experimental"));
     lbRegistry.register(
         new FakeLoadBalancerProvider("ring_hash_experimental", new RingHashLoadBalancerProvider()));
     lbRegistry.register(new FakeLoadBalancerProvider("least_request_experimental",
@@ -222,7 +219,7 @@ private void shutdownLoadBalancer() {
   }
 
   @Test
-  public void discoverTopLevelEdsCluster() {
+  public void discoverTopLevelCluster() {
     Cluster cluster = Cluster.newBuilder()
         .setName(CLUSTER)
         .setType(Cluster.DiscoveryType.EDS)
@@ -250,64 +247,7 @@ public void discoverTopLevelEdsCluster() {
     verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(childBalancer.name).isEqualTo(CLUSTER_RESOLVER_POLICY_NAME);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
-        DiscoveryMechanism.forEds(
-          CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, upstreamTlsContext,
-          Collections.emptyMap(), io.grpc.xds.EnvoyServerProtoData.OutlierDetection.create(
-              null, null, null, null, SuccessRateEjection.create(null, null, null, null),
-              FailurePercentageEjection.create(null, null, null, null)), null));
-    assertThat(
-        GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
-        .isEqualTo("wrr_locality_experimental");
-  }
-
-  @Test
-  public void discoverTopLevelLogicalDnsCluster() {
-    Cluster cluster = Cluster.newBuilder()
-        .setName(CLUSTER)
-        .setType(Cluster.DiscoveryType.LOGICAL_DNS)
-        .setLoadAssignment(ClusterLoadAssignment.newBuilder()
-          .addEndpoints(LocalityLbEndpoints.newBuilder()
-            .addLbEndpoints(LbEndpoint.newBuilder()
-              .setEndpoint(Endpoint.newBuilder()
-                .setAddress(Address.newBuilder()
-                  .setSocketAddress(SocketAddress.newBuilder()
-                    .setAddress("dns.example.com")
-                    .setPortValue(1111)))))))
-        .setEdsClusterConfig(Cluster.EdsClusterConfig.newBuilder()
-          .setServiceName(EDS_SERVICE_NAME)
-          .setEdsConfig(ConfigSource.newBuilder()
-            .setAds(AggregatedConfigSource.newBuilder())))
-        .setLbPolicy(Cluster.LbPolicy.LEAST_REQUEST)
-        .setLrsServer(ConfigSource.newBuilder()
-          .setSelf(SelfConfigSource.getDefaultInstance()))
-        .setCircuitBreakers(CircuitBreakers.newBuilder()
-            .addThresholds(CircuitBreakers.Thresholds.newBuilder()
-              .setPriority(RoutingPriority.DEFAULT)
-              .setMaxRequests(UInt32Value.newBuilder().setValue(100))))
-        .setTransportSocket(TransportSocket.newBuilder()
-            .setName("envoy.transport_sockets.tls")
-            .setTypedConfig(Any.pack(UpstreamTlsContext.newBuilder()
-                .setCommonTlsContext(upstreamTlsContext.getCommonTlsContext())
-                .build())))
-        .build();
-    controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, cluster));
-    startXdsDepManager();
-
-    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
-    assertThat(childBalancers).hasSize(1);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(childBalancer.name).isEqualTo(CLUSTER_RESOLVER_POLICY_NAME);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
-        DiscoveryMechanism.forLogicalDns(
-          CLUSTER, "dns.example.com:1111", lrsServerInfo, 100L, upstreamTlsContext,
-          Collections.emptyMap(), null));
-    assertThat(
-        GracefulSwitchLoadBalancerAccessor.getChildProvider(childLbConfig.lbConfig).getPolicyName())
-        .isEqualTo("wrr_locality_experimental");
+    assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
   }
 
   @Test
@@ -325,6 +265,7 @@ public void nonAggregateCluster_resourceNotExist_returnErrorPicker() {
 
   @Test
   public void nonAggregateCluster_resourceUpdate() {
+    lbRegistry.register(new PriorityLoadBalancerProvider());
     Cluster cluster = EDS_CLUSTER.toBuilder()
         .setCircuitBreakers(CircuitBreakers.newBuilder()
             .addThresholds(CircuitBreakers.Thresholds.newBuilder()
@@ -337,10 +278,9 @@ public void nonAggregateCluster_resourceUpdate() {
     verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
-          DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, 100L, null, Collections.emptyMap(), null, null));
+    ClusterImplConfig childLbConfig = (ClusterImplConfig) childBalancer.config;
+    assertThat(childLbConfig.cluster).isEqualTo(CLUSTER);
+    assertThat(childLbConfig.maxConcurrentRequests).isEqualTo(100L);
 
     cluster = EDS_CLUSTER.toBuilder()
         .setCircuitBreakers(CircuitBreakers.newBuilder()
@@ -352,24 +292,21 @@ public void nonAggregateCluster_resourceUpdate() {
     verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     childBalancer = Iterables.getOnlyElement(childBalancers);
-    childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
-          DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, 200L, null, Collections.emptyMap(), null, null));
+    childLbConfig = (ClusterImplConfig) childBalancer.config;
+    assertThat(childLbConfig.maxConcurrentRequests).isEqualTo(200L);
   }
 
   @Test
   public void nonAggregateCluster_resourceRevoked() {
+    lbRegistry.register(new PriorityLoadBalancerProvider());
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(CLUSTER, EDS_CLUSTER));
     startXdsDepManager();
 
     verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
-          DiscoveryMechanism.forEds(
-            CLUSTER, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null, null));
+    ClusterImplConfig childLbConfig = (ClusterImplConfig) childBalancer.config;
+    assertThat(childLbConfig.cluster).isEqualTo(CLUSTER);
 
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of());
 
@@ -398,10 +335,7 @@ public void dynamicCluster() {
     verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(1);
     FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    ClusterResolverConfig childLbConfig = (ClusterResolverConfig) childBalancer.config;
-    assertThat(childLbConfig.discoveryMechanism).isEqualTo(
-          DiscoveryMechanism.forEds(
-            clusterName, EDS_SERVICE_NAME, null, null, null, Collections.emptyMap(), null, null));
+    assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
 
     assertThat(this.lastXdsConfig.getClusters()).containsKey(clusterName);
     shutdownLoadBalancer();
@@ -410,7 +344,6 @@ public void dynamicCluster() {
 
   @Test
   public void discoverAggregateCluster_createsPriorityLbPolicy() {
-    lbRegistry.register(new FakeLoadBalancerProvider(PRIORITY_POLICY_NAME));
     CdsLoadBalancerProvider cdsLoadBalancerProvider = new CdsLoadBalancerProvider(lbRegistry);
     lbRegistry.register(cdsLoadBalancerProvider);
     loadBalancer = (CdsLoadBalancer2) cdsLoadBalancerProvider.newLoadBalancer(helper);
@@ -522,21 +455,17 @@ public void discoverAggregateCluster_testChildCdsLbPolicyParsing() {
 
     verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
     assertThat(childBalancers).hasSize(2);
-    ClusterResolverConfig cluster1ResolverConfig =
-        (ClusterResolverConfig) childBalancers.get(0).config;
-    assertThat(cluster1ResolverConfig.discoveryMechanism.cluster)
+    ClusterImplConfig cluster1ImplConfig =
+        (ClusterImplConfig) childBalancers.get(0).config;
+    assertThat(cluster1ImplConfig.cluster)
         .isEqualTo("cluster-01.googleapis.com");
-    assertThat(cluster1ResolverConfig.discoveryMechanism.type)
-        .isEqualTo(DiscoveryMechanism.Type.EDS);
-    assertThat(cluster1ResolverConfig.discoveryMechanism.edsServiceName)
+    assertThat(cluster1ImplConfig.edsServiceName)
         .isEqualTo("backend-service-1.googleapis.com");
-    ClusterResolverConfig cluster2ResolverConfig =
-        (ClusterResolverConfig) childBalancers.get(1).config;
-    assertThat(cluster2ResolverConfig.discoveryMechanism.cluster)
+    ClusterImplConfig cluster2ImplConfig =
+        (ClusterImplConfig) childBalancers.get(1).config;
+    assertThat(cluster2ImplConfig.cluster)
         .isEqualTo("cluster-02.googleapis.com");
-    assertThat(cluster2ResolverConfig.discoveryMechanism.type)
-        .isEqualTo(DiscoveryMechanism.Type.EDS);
-    assertThat(cluster2ResolverConfig.discoveryMechanism.edsServiceName)
+    assertThat(cluster2ImplConfig.edsServiceName)
         .isEqualTo("backend-service-1.googleapis.com");
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerProviderTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerProviderTest.java
deleted file mode 100644
index a201ecfaa4b..00000000000
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerProviderTest.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright 2020 The gRPC Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package io.grpc.xds;
-
-import static com.google.common.truth.Truth.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import io.grpc.ChannelLogger;
-import io.grpc.LoadBalancer;
-import io.grpc.LoadBalancer.Helper;
-import io.grpc.LoadBalancerProvider;
-import io.grpc.LoadBalancerRegistry;
-import io.grpc.NameResolver;
-import io.grpc.NameResolver.ServiceConfigParser;
-import io.grpc.NameResolverRegistry;
-import io.grpc.SynchronizationContext;
-import io.grpc.internal.FakeClock;
-import io.grpc.internal.GrpcUtil;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
-
-/** Tests for {@link ClusterResolverLoadBalancerProvider}. */
-@RunWith(JUnit4.class)
-public class ClusterResolverLoadBalancerProviderTest {
-
-  @Test
-  public void provided() {
-    LoadBalancerProvider provider =
-        LoadBalancerRegistry.getDefaultRegistry().getProvider(
-            XdsLbPolicies.CLUSTER_RESOLVER_POLICY_NAME);
-    assertThat(provider).isInstanceOf(ClusterResolverLoadBalancerProvider.class);
-  }
-
-  @Test
-  public void providesLoadBalancer()  {
-    Helper helper = mock(Helper.class);
-
-    SynchronizationContext syncContext = new SynchronizationContext(
-        new Thread.UncaughtExceptionHandler() {
-          @Override
-          public void uncaughtException(Thread t, Throwable e) {
-            throw new AssertionError(e);
-          }
-        });
-    FakeClock fakeClock = new FakeClock();
-    NameResolverRegistry nsRegistry = new NameResolverRegistry();
-    NameResolver.Args args = NameResolver.Args.newBuilder()
-        .setDefaultPort(8080)
-        .setProxyDetector(GrpcUtil.NOOP_PROXY_DETECTOR)
-        .setSynchronizationContext(syncContext)
-        .setServiceConfigParser(mock(ServiceConfigParser.class))
-        .setChannelLogger(mock(ChannelLogger.class))
-        .build();
-    when(helper.getNameResolverRegistry()).thenReturn(nsRegistry);
-    when(helper.getNameResolverArgs()).thenReturn(args);
-    when(helper.getSynchronizationContext()).thenReturn(syncContext);
-    when(helper.getScheduledExecutorService()).thenReturn(fakeClock.getScheduledExecutorService());
-    when(helper.getAuthority()).thenReturn("api.google.com");
-    LoadBalancerProvider provider = new ClusterResolverLoadBalancerProvider();
-    LoadBalancer loadBalancer = provider.newLoadBalancer(helper);
-    assertThat(loadBalancer).isInstanceOf(ClusterResolverLoadBalancer.class);
-  }
-}
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 5c710699a96..5e524f79596 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -36,7 +36,6 @@
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
-import com.google.common.testing.EqualsTester;
 import com.google.protobuf.Any;
 import com.google.protobuf.Duration;
 import com.google.protobuf.UInt32Value;
@@ -61,7 +60,6 @@
 import io.grpc.ConnectivityState;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.HttpConnectProxiedSocketAddress;
-import io.grpc.InsecureChannelCredentials;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancer.PickResult;
@@ -83,19 +81,13 @@
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.testing.GrpcCleanupRule;
-import io.grpc.util.GracefulSwitchLoadBalancer;
 import io.grpc.util.GracefulSwitchLoadBalancerAccessor;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
 import io.grpc.util.OutlierDetectionLoadBalancerProvider;
 import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
 import io.grpc.xds.ClusterImplLoadBalancerProvider.ClusterImplConfig;
-import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig;
-import io.grpc.xds.ClusterResolverLoadBalancerProvider.ClusterResolverConfig.DiscoveryMechanism;
 import io.grpc.xds.Endpoints.DropOverload;
-import io.grpc.xds.EnvoyServerProtoData.FailurePercentageEjection;
-import io.grpc.xds.EnvoyServerProtoData.SuccessRateEjection;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
-import io.grpc.xds.LeastRequestLoadBalancer.LeastRequestConfig;
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig;
 import io.grpc.xds.PriorityLoadBalancerProvider.PriorityLbConfig.PriorityChildConfig;
 import io.grpc.xds.RingHashLoadBalancer.RingHashConfig;
@@ -105,7 +97,6 @@
 import io.grpc.xds.client.LoadStatsManager2;
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.internal.XdsInternalAttributes;
-import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import java.net.InetSocketAddress;
 import java.net.URI;
 import java.util.ArrayList;
@@ -202,7 +193,6 @@ public void uncaughtException(Thread t, Throwable e) {
 
   @Before
   public void setUp() throws Exception {
-    lbRegistry.register(new ClusterResolverLoadBalancerProvider(lbRegistry));
     lbRegistry.register(new RingHashLoadBalancerProvider());
     lbRegistry.register(new WrrLocalityLoadBalancerProvider());
     lbRegistry.register(new FakeLoadBalancerProvider(PRIORITY_POLICY_NAME));
@@ -750,37 +740,34 @@ public void cdsRevoked_handledDirectly() {
   }
 
   @Test
-  public void edsMissing_handledByChildPolicy() {
+  public void edsMissing_failsRpcs() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_EDS, ImmutableMap.of());
 
     startXdsDepManager();
-    assertThat(childBalancers).hasSize(1);  // child LB policy created
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(childBalancer.upstreamError).isNotNull();
-    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
+    assertThat(childBalancers).hasSize(0);  // Graceful switch handles it, so no child policies yet
+    verify(helper).updateBalancingState(
+        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
     String expectedDescription = "Error retrieving EDS resource " + EDS_SERVICE_NAME
         + ": NOT_FOUND. Details: Timed out waiting for resource " + EDS_SERVICE_NAME
         + " from xDS server nodeID: node-id";
-    assertThat(childBalancer.upstreamError.getDescription()).isEqualTo(expectedDescription);
-    assertThat(childBalancer.shutdown).isFalse();
+    Status expectedError = Status.UNAVAILABLE.withDescription(expectedDescription);
+    assertPicker(pickerCaptor.getValue(), expectedError, null);
   }
 
   @Test
-  public void logicalDnsLookupFailed_handledByChildPolicy() {
+  public void logicalDnsLookupFailed_failsRpcs() {
     controlPlaneService.setXdsConfig(ADS_TYPE_URL_CDS, ImmutableMap.of(
         CLUSTER, LOGICAL_DNS_CLUSTER));
     startXdsDepManager(new CdsConfig(CLUSTER), /* forwardTime= */ false);
     FakeNameResolver resolver = assertResolverCreated("/" + DNS_HOST_NAME + ":9000");
     assertThat(childBalancers).isEmpty();
-    resolver.deliverError(Status.UNAVAILABLE.withDescription("OH NO! Who would have guessed?"));
+    Status status = Status.UNAVAILABLE.withDescription("OH NO! Who would have guessed?");
+    resolver.deliverError(status);
 
-    assertThat(childBalancers).hasSize(1);  // child LB policy created
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(childBalancer.upstreamError).isNotNull();
-    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
-    assertThat(childBalancer.upstreamError.getDescription())
-        .isEqualTo("OH NO! Who would have guessed?");
-    assertThat(childBalancer.shutdown).isFalse();
+    assertThat(childBalancers).hasSize(0);  // Graceful switch handles it, so no child policies yet
+    verify(helper).updateBalancingState(
+        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
+    assertPicker(pickerCaptor.getValue(), status, null);
   }
 
   @Test
@@ -873,13 +860,12 @@ public void handleEdsResource_noHealthyEndpoint() {
         EDS_SERVICE_NAME, clusterLoadAssignment));
     startXdsDepManager();
 
-    verify(helper, never()).updateBalancingState(eq(ConnectivityState.TRANSIENT_FAILURE), any());
-    assertThat(childBalancers).hasSize(1);
-    FakeLoadBalancer childBalancer = Iterables.getOnlyElement(childBalancers);
-    assertThat(childBalancer.upstreamError).isNotNull();
-    assertThat(childBalancer.upstreamError.getCode()).isEqualTo(Status.Code.UNAVAILABLE);
-    assertThat(childBalancer.upstreamError.getDescription())
-        .isEqualTo("No usable endpoint from cluster: " + CLUSTER);
+    assertThat(childBalancers).hasSize(0);  // Graceful switch handles it, so no child policies yet
+    verify(helper).updateBalancingState(
+        eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
+    Status expectedStatus = Status.UNAVAILABLE
+        .withDescription("No usable endpoint from cluster: " + CLUSTER);
+    assertPicker(pickerCaptor.getValue(), expectedStatus, null);
   }
 
   @Test
@@ -1016,50 +1002,6 @@ public void outlierDetection_fullConfig() {
         "wrr_locality_experimental");
   }
 
-  @Test
-  public void config_equalsTester() {
-    ServerInfo lrsServerInfo =
-        ServerInfo.create("lrs.googleapis.com", InsecureChannelCredentials.create());
-    UpstreamTlsContext tlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext(
-            "google_cloud_private_spiffe", true);
-    DiscoveryMechanism edsDiscoveryMechanism1 =
-        DiscoveryMechanism.forEds(CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, tlsContext,
-            Collections.emptyMap(), null, null);
-    io.grpc.xds.EnvoyServerProtoData.OutlierDetection outlierDetection =
-        io.grpc.xds.EnvoyServerProtoData.OutlierDetection.create(
-            100L, 100L, 100L, 100, SuccessRateEjection.create(100, 100, 100, 100),
-            FailurePercentageEjection.create(100, 100, 100, 100));
-    DiscoveryMechanism edsDiscoveryMechanismWithOutlierDetection =
-        DiscoveryMechanism.forEds(CLUSTER, EDS_SERVICE_NAME, lrsServerInfo, 100L, tlsContext,
-            Collections.emptyMap(), outlierDetection, null);
-    Object roundRobin = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-        new FakeLoadBalancerProvider("wrr_locality_experimental"), new WrrLocalityConfig(
-            GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-                new FakeLoadBalancerProvider("round_robin"), null)));
-    Object leastRequest = GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-        new FakeLoadBalancerProvider("wrr_locality_experimental"), new WrrLocalityConfig(
-            GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(
-                new FakeLoadBalancerProvider("least_request_experimental"),
-                new LeastRequestConfig(3))));
-
-    new EqualsTester()
-        .addEqualityGroup(
-            new ClusterResolverConfig(
-                edsDiscoveryMechanism1, leastRequest, false),
-            new ClusterResolverConfig(
-                edsDiscoveryMechanism1, leastRequest, false))
-        .addEqualityGroup(new ClusterResolverConfig(
-            edsDiscoveryMechanism1, roundRobin, false))
-        .addEqualityGroup(new ClusterResolverConfig(
-            edsDiscoveryMechanism1, leastRequest, true))
-        .addEqualityGroup(new ClusterResolverConfig(
-            edsDiscoveryMechanismWithOutlierDetection,
-            leastRequest,
-            false))
-        .testEquals();
-  }
-
   private void startXdsDepManager() {
     startXdsDepManager(new CdsConfig(CLUSTER));
   }
@@ -1262,7 +1204,6 @@ private final class FakeLoadBalancer extends LoadBalancer {
     private final Helper helper;
     private List<EquivalentAddressGroup> addresses;
     private Object config;
-    private Status upstreamError;
     private boolean shutdown;
 
     FakeLoadBalancer(String name, Helper helper) {
@@ -1279,7 +1220,6 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
 
     @Override
     public void handleNameResolutionError(Status error) {
-      upstreamError = error;
     }
 
     @Override

From a535ed799387e41b1edb44b59907af99e770259b Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 6 Jan 2026 16:50:22 -0800
Subject: [PATCH 511/591] Catch Errors when calling complex parsing code

When we have involved parsing/validation logic, it would be easy to have
bugs. There's little reason we can't handle those bugs, as the logic
shouldn't be modifying global state. While the current config is bad or
trigger a bug, we want to keep working until we get good/working config
again.

For XDS, we do have the problem of losing the exception's stack trace.
We could consider increasing the log level, but we could also consider
propagating the error to the listener. Let's skip figuring out that
exact behavior for now, and just move a step in the right direction.
---
 .../main/java/io/grpc/internal/ScParser.java  |  11 ++
 .../grpc/internal/ManagedChannelImplTest.java |  22 ++++
 .../io/grpc/xds/client/XdsResourceType.java   |  14 ++
 .../grpc/xds/GrpcXdsClientImplTestBase.java   | 124 ++++++++++++++++++
 4 files changed, 171 insertions(+)

diff --git a/core/src/main/java/io/grpc/internal/ScParser.java b/core/src/main/java/io/grpc/internal/ScParser.java
index 16a241f41f6..71d6d33877f 100644
--- a/core/src/main/java/io/grpc/internal/ScParser.java
+++ b/core/src/main/java/io/grpc/internal/ScParser.java
@@ -69,8 +69,19 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
               maxHedgedAttemptsLimit,
               loadBalancingPolicySelection));
     } catch (RuntimeException e) {
+      // TODO(ejona): We really don't want parsers throwing exceptions; they should return an error.
+      // However, right now ManagedChannelServiceConfig itself uses exceptions like
+      // ClassCastException. We should handle those with a graceful return within
+      // ManagedChannelServiceConfig and then get rid of this case. Then all exceptions are
+      // "unexpected" and the INTERNAL status code makes it clear a bug needs to be fixed.
       return ConfigOrError.fromError(
           Status.UNKNOWN.withDescription("failed to parse service config").withCause(e));
+    } catch (Throwable t) {
+      // Even catch Errors, since broken config parsing could trigger AssertionError,
+      // StackOverflowError, and other errors we can reasonably safely recover. Since the config
+      // could be untrusted, we want to error on the side of recovering.
+      return ConfigOrError.fromError(
+          Status.INTERNAL.withDescription("Unexpected error parsing service config").withCause(t));
     }
   }
 }
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
index 30b53e99946..ae224af27e1 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
@@ -3942,6 +3942,28 @@ public void nameResolverHelper_badConfigFails() {
     assertThat(coe.getError().getCause()).isInstanceOf(ClassCastException.class);
   }
 
+  @Test
+  public void nameResolverHelper_badParser_failsGracefully() {
+    boolean retryEnabled = false;
+    int maxRetryAttemptsLimit = 2;
+    int maxHedgedAttemptsLimit = 3;
+
+    Throwable t = new Error("really poor config parser");
+    when(mockLoadBalancerProvider.parseLoadBalancingPolicyConfig(any())).thenThrow(t);
+    ScParser parser = new ScParser(
+        retryEnabled,
+        maxRetryAttemptsLimit,
+        maxHedgedAttemptsLimit,
+        mockLoadBalancerProvider);
+
+    ConfigOrError coe = parser.parseServiceConfig(ImmutableMap.of());
+
+    assertThat(coe.getError()).isNotNull();
+    assertThat(coe.getError().getCode()).isEqualTo(Code.INTERNAL);
+    assertThat(coe.getError().getDescription()).contains("Unexpected error parsing service config");
+    assertThat(coe.getError().getCause()).isSameInstanceAs(t);
+  }
+
   @Test
   public void nameResolverHelper_noConfigChosen() {
     boolean retryEnabled = false;
diff --git a/xds/src/main/java/io/grpc/xds/client/XdsResourceType.java b/xds/src/main/java/io/grpc/xds/client/XdsResourceType.java
index ccb622ff168..4d6e75b1809 100644
--- a/xds/src/main/java/io/grpc/xds/client/XdsResourceType.java
+++ b/xds/src/main/java/io/grpc/xds/client/XdsResourceType.java
@@ -33,10 +33,14 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import javax.annotation.Nullable;
 
 @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10847")
 public abstract class XdsResourceType<T extends ResourceUpdate> {
+  private static final Logger log = Logger.getLogger(XdsResourceType.class.getName());
+
   static final String TYPE_URL_RESOURCE =
       "type.googleapis.com/envoy.service.discovery.v3.Resource";
   protected static final String TRANSPORT_SOCKET_NAME_TLS = "envoy.transport_sockets.tls";
@@ -176,6 +180,16 @@ ValidatedResourceUpdate<T> parse(Args args, List<Any> resources) {
                 typeName(), unpackedClassName().getSimpleName(), cname, e.getMessage()));
         invalidResources.add(cname);
         continue;
+      } catch (Throwable t) {
+        log.log(Level.FINE, "Unexpected error in doParse()", t);
+        String errorMessage = t.getClass().getSimpleName();
+        if (t.getMessage() != null) {
+          errorMessage = errorMessage + ": " + t.getMessage();
+        }
+        errors.add(String.format("%s response '%s' unexpected error: %s",
+                typeName(), cname, errorMessage));
+        invalidResources.add(cname);
+        continue;
       }
 
       // Resource parsed successfully.
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
index 887923b169b..af55e572811 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplTestBase.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
+import static io.grpc.StatusMatcher.statusHasCode;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.ArgumentMatchers.eq;
@@ -42,6 +43,7 @@
 import com.google.protobuf.Duration;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.Message;
+import com.google.protobuf.StringValue;
 import com.google.protobuf.UInt32Value;
 import com.google.protobuf.util.Durations;
 import io.envoyproxy.envoy.config.cluster.v3.OutlierDetection;
@@ -59,6 +61,7 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.StatusOr;
+import io.grpc.StatusOrMatcher;
 import io.grpc.inprocess.InProcessChannelBuilder;
 import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.BackoffPolicy;
@@ -111,6 +114,7 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Queue;
 import java.util.concurrent.BlockingDeque;
 import java.util.concurrent.CountDownLatch;
@@ -278,6 +282,8 @@ public long currentTimeNanos() {
   @Mock
   private ResourceWatcher<EdsUpdate> edsResourceWatcher;
   @Mock
+  private ResourceWatcher<StringUpdate> stringResourceWatcher;
+  @Mock
   private XdsClientMetricReporter xdsClientMetricReporter;
   @Mock
   private ServerConnectionCallback serverConnectionCallback;
@@ -667,6 +673,58 @@ private void verifyServerConnection(int times, boolean isConnected, String xdsSe
         eq(xdsServer));
   }
 
+  @Test
+  public void doParse_returnsSuccessfully() {
+    XdsStringResource resourceType = new XdsStringResource();
+    xdsClient.watchXdsResource(
+        resourceType, "resource1", stringResourceWatcher, MoreExecutors.directExecutor());
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+
+    Any resource = Any.pack(StringValue.newBuilder().setValue("resource1").build());
+    call.sendResponse(resourceType, resource, VERSION_1, "0000");
+    verify(stringResourceWatcher).onResourceChanged(argThat(StatusOrMatcher.hasValue(
+        (StringUpdate arg) -> new StringUpdate("resource1").equals(arg))));
+  }
+
+  @Test
+  public void doParse_throwsResourceInvalidException_resourceInvalid() {
+    XdsStringResource resourceType = new XdsStringResource() {
+      @Override
+      protected StringUpdate doParse(Args args, Message unpackedMessage)
+          throws ResourceInvalidException {
+        throw new ResourceInvalidException("some bad input");
+      }
+    };
+    xdsClient.watchXdsResource(
+        resourceType, "resource1", stringResourceWatcher, MoreExecutors.directExecutor());
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+
+    Any resource = Any.pack(StringValue.newBuilder().setValue("resource1").build());
+    call.sendResponse(resourceType, resource, VERSION_1, "0000");
+    verify(stringResourceWatcher).onResourceChanged(argThat(StatusOrMatcher.hasStatus(
+        statusHasCode(Status.Code.UNAVAILABLE)
+          .andDescriptionContains("validation error: some bad input"))));
+  }
+
+  @Test
+  public void doParse_throwsError_resourceInvalid() throws Exception {
+    XdsStringResource resourceType = new XdsStringResource() {
+      @Override
+      protected StringUpdate doParse(Args args, Message unpackedMessage) {
+        throw new AssertionError("something bad happened");
+      }
+    };
+    xdsClient.watchXdsResource(
+        resourceType, "resource1", stringResourceWatcher, MoreExecutors.directExecutor());
+    DiscoveryRpcCall call = resourceDiscoveryCalls.poll();
+
+    Any resource = Any.pack(StringValue.newBuilder().setValue("resource1").build());
+    call.sendResponse(resourceType, resource, VERSION_1, "0000");
+    verify(stringResourceWatcher).onResourceChanged(argThat(StatusOrMatcher.hasStatus(
+        statusHasCode(Status.Code.UNAVAILABLE)
+          .andDescriptionContains("unexpected error: AssertionError: something bad happened"))));
+  }
+
   @Test
   public void ldsResourceNotFound() {
     DiscoveryRpcCall call = startResourceWatcher(XdsListenerResource.getInstance(), LDS_RESOURCE,
@@ -5318,4 +5376,70 @@ protected abstract Message buildHttpConnectionManagerFilter(
 
     protected abstract Message buildTerminalFilter();
   }
+
+  private static class XdsStringResource extends XdsResourceType<StringUpdate> {
+    @Override
+    @SuppressWarnings("unchecked")
+    protected Class<? extends com.google.protobuf.Message> unpackedClassName() {
+      return StringValue.class;
+    }
+
+    @Override
+    public String typeName() {
+      return "EMPTY";
+    }
+
+    @Override
+    public String typeUrl() {
+      return "type.googleapis.com/google.protobuf.StringValue";
+    }
+
+    @Override
+    public boolean shouldRetrieveResourceKeysForArgs() {
+      return false;
+    }
+
+    @Override
+    protected boolean isFullStateOfTheWorld() {
+      return false;
+    }
+
+    @Override
+    @Nullable
+    protected String extractResourceName(Message unpackedResource) {
+      if (!(unpackedResource instanceof StringValue)) {
+        return null;
+      }
+      return ((StringValue) unpackedResource).getValue();
+    }
+
+    @Override
+    protected StringUpdate doParse(Args args, Message unpackedMessage)
+        throws ResourceInvalidException {
+      return new StringUpdate(((StringValue) unpackedMessage).getValue());
+    }
+  }
+
+  private static final class StringUpdate implements ResourceUpdate {
+    @SuppressWarnings("UnusedVariable")
+    public final String value;
+
+    public StringUpdate(String value) {
+      this.value = value;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+      if (!(o instanceof StringUpdate)) {
+        return false;
+      }
+      StringUpdate that = (StringUpdate) o;
+      return Objects.equals(this.value, that.value);
+    }
+
+    @Override
+    public int hashCode() {
+      return Objects.hash(value);
+    }
+  }
 }

From f65127cf7c861a1b7cf7411ef48df6f9116d6bc3 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Fri, 9 Jan 2026 05:58:11 -0800
Subject: [PATCH 512/591] api: Add RFC 3986 support to DnsNameResolverProvider
 (#12602)

Accept both absolute (e.g. `dns:///hostname`) and rootless (e.g.
`dns:hostname`) paths as specified by
https://github.com/grpc/grpc/blob/master/doc/naming.md and matching the
behavior of grpc core and grpc-go.
---
 api/src/main/java/io/grpc/Uri.java            | 47 +++++++++++++
 api/src/test/java/io/grpc/UriTest.java        | 30 +++++++++
 .../internal/DnsNameResolverProvider.java     | 33 ++++++++--
 .../internal/DnsNameResolverProviderTest.java | 66 ++++++++++++++++---
 4 files changed, 163 insertions(+), 13 deletions(-)

diff --git a/api/src/main/java/io/grpc/Uri.java b/api/src/main/java/io/grpc/Uri.java
index 0ef6212d35a..3034211752b 100644
--- a/api/src/main/java/io/grpc/Uri.java
+++ b/api/src/main/java/io/grpc/Uri.java
@@ -481,6 +481,15 @@ public String getPath() {
    * <p>Prefer this method over {@link #getPath()} because it preserves the distinction between
    * segment separators and literal '/'s within a path segment.
    *
+   * <p>A trailing '/' delimiter in the path results in the empty string as the last element in the
+   * returned list. For example, <code>file://localhost/foo/bar/</code> has path segments <code>
+   * ["foo", "bar", ""]</code>
+   *
+   * <p>A leading '/' delimiter cannot be detected using this method. For example, both <code>
+   * dns:example.com</code> and <code>dns:///example.com</code> have the same list of path segments:
+   * <code>["example.com"]</code>. Use {@link #isPathAbsolute()} or {@link #isPathRootless()} to
+   * distinguish these cases.
+   *
    * <p>The returned list is immutable.
    */
   public List<String> getPathSegments() {
@@ -490,6 +499,44 @@ public List<String> getPathSegments() {
     return segmentsBuilder.build();
   }
 
+  /**
+   * Returns true iff this URI's path component starts with a path segment (rather than the '/'
+   * segment delimiter).
+   *
+   * <p>The path of an RFC 3986 URI is either empty, absolute (starts with the '/' segment
+   * delimiter) or rootless (starts with a path segment). For example, <code>tel:+1-206-555-1212
+   * </code>, <code>mailto:me@example.com</code> and <code>urn:isbn:978-1492082798</code> all have
+   * rootless paths. <code>mailto:%2Fdev%2Fnull@example.com</code> is also rootless because its
+   * percent-encoded slashes are not segment delimiters but rather part of the first and only path
+   * segment.
+   *
+   * <p>Contrast rootless paths with absolute ones (see {@link #isPathAbsolute()}.
+   */
+  public boolean isPathRootless() {
+    return !path.isEmpty() && !path.startsWith("/");
+  }
+
+  /**
+   * Returns true iff this URI's path component starts with the '/' segment delimiter (rather than a
+   * path segment).
+   *
+   * <p>The path of an RFC 3986 URI is either empty, absolute (starts with the '/' segment
+   * delimiter) or rootless (starts with a path segment). For example, <code>file:///resume.txt
+   * </code>, <code>file:/resume.txt</code> and <code>file://localhost/</code> all have absolute
+   * paths while <code>tel:+1-206-555-1212</code>'s path is not absolute. <code>
+   * mailto:%2Fdev%2Fnull@example.com</code> is also not absolute because its percent-encoded
+   * slashes are not segment delimiters but rather part of the first and only path segment.
+   *
+   * <p>Contrast absolute paths with rootless ones (see {@link #isPathRootless()}.
+   *
+   * <p>NB: The term "absolute" has two different meanings in RFC 3986 which are easily confused.
+   * This method tests for a property of this URI's path component. Contrast with {@link
+   * #isAbsolute()} which tests the URI itself for a different property.
+   */
+  public boolean isPathAbsolute() {
+    return path.startsWith("/");
+  }
+
   /**
    * Returns the path component of this URI in its originally parsed, possibly percent-encoded form.
    */
diff --git a/api/src/test/java/io/grpc/UriTest.java b/api/src/test/java/io/grpc/UriTest.java
index 12fc9813b60..e34319e8910 100644
--- a/api/src/test/java/io/grpc/UriTest.java
+++ b/api/src/test/java/io/grpc/UriTest.java
@@ -46,6 +46,8 @@ public void parse_allComponents() throws URISyntaxException {
     assertThat(uri.getFragment()).isEqualTo("fragment");
     assertThat(uri.toString()).isEqualTo("scheme://user@host:0443/path?query#fragment");
     assertThat(uri.isAbsolute()).isFalse(); // Has a fragment.
+    assertThat(uri.isPathAbsolute()).isTrue();
+    assertThat(uri.isPathRootless()).isFalse();
   }
 
   @Test
@@ -127,6 +129,8 @@ public void parse_emptyPathWithAuthority() throws URISyntaxException {
     assertThat(uri.getFragment()).isNull();
     assertThat(uri.toString()).isEqualTo("scheme://authority");
     assertThat(uri.isAbsolute()).isTrue();
+    assertThat(uri.isPathAbsolute()).isFalse();
+    assertThat(uri.isPathRootless()).isFalse();
   }
 
   @Test
@@ -139,6 +143,8 @@ public void parse_rootless() throws URISyntaxException {
     assertThat(uri.getFragment()).isNull();
     assertThat(uri.toString()).isEqualTo("mailto:ceo@company.com?subject=raise");
     assertThat(uri.isAbsolute()).isTrue();
+    assertThat(uri.isPathAbsolute()).isFalse();
+    assertThat(uri.isPathRootless()).isTrue();
   }
 
   @Test
@@ -151,6 +157,8 @@ public void parse_emptyPath() throws URISyntaxException {
     assertThat(uri.getFragment()).isNull();
     assertThat(uri.toString()).isEqualTo("scheme:");
     assertThat(uri.isAbsolute()).isTrue();
+    assertThat(uri.isPathAbsolute()).isFalse();
+    assertThat(uri.isPathRootless()).isFalse();
   }
 
   @Test
@@ -348,12 +356,34 @@ public void parse_onePathSegment_trailingSlash() throws URISyntaxException {
     assertThat(uri.getPathSegments()).containsExactly("foo", "");
   }
 
+  @Test
+  public void parse_onePathSegment_rootless() throws URISyntaxException {
+    Uri uri = Uri.create("dns:www.example.com");
+    assertThat(uri.getPathSegments()).containsExactly("www.example.com");
+    assertThat(uri.isPathAbsolute()).isFalse();
+    assertThat(uri.isPathRootless()).isTrue();
+  }
+
   @Test
   public void parse_twoPathSegments() throws URISyntaxException {
     Uri uri = Uri.create("file:/foo/bar");
     assertThat(uri.getPathSegments()).containsExactly("foo", "bar");
   }
 
+  @Test
+  public void parse_twoPathSegments_rootless() throws URISyntaxException {
+    Uri uri = Uri.create("file:foo/bar");
+    assertThat(uri.getPathSegments()).containsExactly("foo", "bar");
+  }
+
+  @Test
+  public void parse_percentEncodedPathSegment_rootless() throws URISyntaxException {
+    Uri uri = Uri.create("mailto:%2Fdev%2Fnull@example.com");
+    assertThat(uri.getPathSegments()).containsExactly("/dev/null@example.com");
+    assertThat(uri.isPathAbsolute()).isFalse();
+    assertThat(uri.isPathRootless()).isTrue();
+  }
+
   @Test
   public void toString_percentEncoding() throws URISyntaxException {
     Uri uri =
diff --git a/core/src/main/java/io/grpc/internal/DnsNameResolverProvider.java b/core/src/main/java/io/grpc/internal/DnsNameResolverProvider.java
index c977fbb0cca..16edf767901 100644
--- a/core/src/main/java/io/grpc/internal/DnsNameResolverProvider.java
+++ b/core/src/main/java/io/grpc/internal/DnsNameResolverProvider.java
@@ -21,25 +21,30 @@
 import io.grpc.InternalServiceProviders;
 import io.grpc.NameResolver;
 import io.grpc.NameResolverProvider;
+import io.grpc.Uri;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.List;
 
 /**
  * A provider for {@link DnsNameResolver}.
  *
  * <p>It resolves a target URI whose scheme is {@code "dns"}. The (optional) authority of the target
- * URI is reserved for the address of alternative DNS server (not implemented yet). The path of the
- * target URI, excluding the leading slash {@code '/'}, is treated as the host name and the optional
- * port to be resolved by DNS. Example target URIs:
+ * URI is reserved for the address of alternative DNS server (not implemented yet). The first path
+ * segment of the hierarchical target URI is interpreted as an RFC 2396 "server-based" authority and
+ * used as the "service authority" of the resulting {@link NameResolver}. The "host" part of this
+ * authority is the name to be resolved by DNS. The "port" part of this authority (if present) will
+ * become the port number for all {@link InetSocketAddress} produced by this resolver. For example:
  *
  * <ul>
  *   <li>{@code "dns:///foo.googleapis.com:8080"} (using default DNS)</li>
  *   <li>{@code "dns://8.8.8.8/foo.googleapis.com:8080"} (using alternative DNS (not implemented
  *   yet))</li>
- *   <li>{@code "dns:///foo.googleapis.com"} (without port)</li>
+ *   <li>{@code "dns:///foo.googleapis.com"} (output addresses will have port {@link
+ *       NameResolver.Args#getDefaultPort()})</li>
  * </ul>
  */
 public final class DnsNameResolverProvider extends NameResolverProvider {
@@ -51,6 +56,7 @@ public final class DnsNameResolverProvider extends NameResolverProvider {
 
   @Override
   public NameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
+    // TODO(jdcormie): Remove once RFC 3986 migration is complete.
     if (SCHEME.equals(targetUri.getScheme())) {
       String targetPath = Preconditions.checkNotNull(targetUri.getPath(), "targetPath");
       Preconditions.checkArgument(targetPath.startsWith("/"),
@@ -68,6 +74,25 @@ public NameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
     }
   }
 
+  @Override
+  public NameResolver newNameResolver(Uri targetUri, final NameResolver.Args args) {
+    if (SCHEME.equals(targetUri.getScheme())) {
+      List<String> pathSegments = targetUri.getPathSegments();
+      Preconditions.checkArgument(!pathSegments.isEmpty(),
+          "expected 1 path segment in target %s but found %s", targetUri, pathSegments);
+      String domainNameToResolve = pathSegments.get(0);
+      return new DnsNameResolver(
+          targetUri.getAuthority(),
+          domainNameToResolve,
+          args,
+          GrpcUtil.SHARED_CHANNEL_EXECUTOR,
+          Stopwatch.createUnstarted(),
+          IS_ANDROID);
+    } else {
+      return null;
+    }
+  }
+
   @Override
   public String getDefaultScheme() {
     return SCHEME;
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
index aff10ce9337..fabecea0bad 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
@@ -16,8 +16,8 @@
 
 package io.grpc.internal;
 
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertSame;
+import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.TruthJUnit.assume;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
 
@@ -25,16 +25,27 @@
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.ServiceConfigParser;
 import io.grpc.SynchronizationContext;
+import io.grpc.Uri;
 import java.net.URI;
+import java.util.Arrays;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 
 /** Unit tests for {@link DnsNameResolverProvider}. */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class DnsNameResolverProviderTest {
   private final FakeClock fakeClock = new FakeClock();
 
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
   private final SynchronizationContext syncContext = new SynchronizationContext(
       new Thread.UncaughtExceptionHandler() {
         @Override
@@ -59,10 +70,47 @@ public void isAvailable() {
   }
 
   @Test
-  public void newNameResolver() {
-    assertSame(DnsNameResolver.class,
-        provider.newNameResolver(URI.create("dns:///localhost:443"), args).getClass());
-    assertNull(
-        provider.newNameResolver(URI.create("notdns:///localhost:443"), args));
+  public void newNameResolver_acceptsHostAndPort() {
+    NameResolver nameResolver = newNameResolver("dns:///localhost:443", args);
+    assertThat(nameResolver).isNotNull();
+    assertThat(nameResolver.getClass()).isSameInstanceAs(DnsNameResolver.class);
+    assertThat(nameResolver.getServiceAuthority()).isEqualTo("localhost:443");
+  }
+
+  @Test
+  public void newNameResolver_acceptsRootless() {
+    assume().that(enableRfc3986UrisParam).isTrue();
+    NameResolver nameResolver = newNameResolver("dns:localhost:443", args);
+    assertThat(nameResolver).isNotNull();
+    assertThat(nameResolver.getClass()).isSameInstanceAs(DnsNameResolver.class);
+    assertThat(nameResolver.getServiceAuthority()).isEqualTo("localhost:443");
+  }
+
+  @Test
+  public void newNameResolver_rejectsNonDnsScheme() {
+    NameResolver nameResolver = newNameResolver("notdns:///localhost:443", args);
+    assertThat(nameResolver).isNull();
+  }
+
+  @Test
+  public void newNameResolver_toleratesTrailingPathSegments() {
+    NameResolver nameResolver = newNameResolver("dns:///foo.googleapis.com/ig/nor/ed", args);
+    assertThat(nameResolver).isNotNull();
+    assertThat(nameResolver.getClass()).isSameInstanceAs(DnsNameResolver.class);
+    assertThat(nameResolver.getServiceAuthority()).isEqualTo("foo.googleapis.com");
+  }
+
+  @Test
+  public void newNameResolver_toleratesAuthority() {
+    NameResolver nameResolver = newNameResolver("dns://8.8.8.8/foo.googleapis.com", args);
+    assertThat(nameResolver).isNotNull();
+    assertThat(nameResolver.getClass()).isSameInstanceAs(DnsNameResolver.class);
+    assertThat(nameResolver.getServiceAuthority()).isEqualTo("foo.googleapis.com");
+  }
+
+  private NameResolver newNameResolver(String uriString, NameResolver.Args args) {
+    return enableRfc3986UrisParam
+        ? provider.newNameResolver(Uri.create(uriString), args)
+        : provider.newNameResolver(URI.create(uriString), args);
   }
 }

From c5f5ee0e994f76d4edac48ea17b52a0f918af822 Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Fri, 9 Jan 2026 23:16:41 +0900
Subject: [PATCH 513/591] opentelemetry: Add target attribute filter for
 metrics (#12587)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Introduce an optional Predicate<String> targetAttributeFilter to control how grpc.target is recorded in OpenTelemetry client metrics.

When a filter is provided, targets rejected by the predicate are normalized to "other" to reduce grpc.target metric cardinality, while accepted targets are recorded as-is. If no filter is set, existing behavior is preserved.

This change adds a new Builder API on GrpcOpenTelemetry to allow applications to configure the filter. Tests verify both the Builder
wiring and the target normalization behavior.

This is an optional API; annotation (e.g., experimental) can be added
per maintainer guidance.

Refs #12322
Related: gRFC A109 – Target Attribute Filter for OpenTelemetry Metrics
https://github.com/grpc/proposal/pull/528
---
 opentelemetry/build.gradle                    |   3 +-
 .../grpc/opentelemetry/GrpcOpenTelemetry.java |  40 ++++-
 .../OpenTelemetryMetricsModule.java           |  30 +++-
 .../opentelemetry/GrpcOpenTelemetryTest.java  |  13 ++
 .../OpenTelemetryMetricsModuleTest.java       | 138 ++++++++++++++++++
 5 files changed, 221 insertions(+), 3 deletions(-)

diff --git a/opentelemetry/build.gradle b/opentelemetry/build.gradle
index c0ec7b73b5a..594686294f0 100644
--- a/opentelemetry/build.gradle
+++ b/opentelemetry/build.gradle
@@ -12,7 +12,8 @@ dependencies {
     implementation libraries.guava,
             project(':grpc-core'),
             libraries.opentelemetry.api,
-            libraries.auto.value.annotations
+            libraries.auto.value.annotations,
+            libraries.animalsniffer.annotations
 
     testImplementation project(':grpc-testing'),
             project(':grpc-testing-proto'),
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
index 4341b27daa4..6904340ac74 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
@@ -48,6 +48,9 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.function.Predicate;
+import javax.annotation.Nullable;
+import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
 
 /**
  *  The entrypoint for OpenTelemetry metrics functionality in gRPC.
@@ -97,7 +100,8 @@ private GrpcOpenTelemetry(Builder builder) {
     this.resource = createMetricInstruments(meter, enableMetrics, disableDefault);
     this.optionalLabels = ImmutableList.copyOf(builder.optionalLabels);
     this.openTelemetryMetricsModule = new OpenTelemetryMetricsModule(
-        STOPWATCH_SUPPLIER, resource, optionalLabels, builder.plugins);
+        STOPWATCH_SUPPLIER, resource, optionalLabels, builder.plugins,
+        builder.targetFilter);
     this.openTelemetryTracingModule = new OpenTelemetryTracingModule(openTelemetrySdk);
     this.sink = new OpenTelemetryMetricSink(meter, enableMetrics, disableDefault, optionalLabels);
   }
@@ -141,6 +145,11 @@ Tracer getTracer() {
     return this.openTelemetryTracingModule.getTracer();
   }
 
+  @VisibleForTesting
+  TargetFilter getTargetAttributeFilter() {
+    return this.openTelemetryMetricsModule.getTargetAttributeFilter();
+  }
+
   /**
    * Registers GrpcOpenTelemetry globally, applying its configuration to all subsequently created
    * gRPC channels and servers.
@@ -349,6 +358,13 @@ static boolean isMetricEnabled(String metricName, Map<String, Boolean> enableMet
         && !disableDefault;
   }
 
+  /**
+   * Internal interface to avoid storing a {@link java.util.function.Predicate} directly, ensuring
+   * compatibility with Android devices (API level < 24) that do not use library desugaring.
+   */
+  interface TargetFilter {
+    boolean test(String target);
+  }
 
   /**
    * Builder for configuring {@link GrpcOpenTelemetry}.
@@ -359,6 +375,8 @@ public static class Builder {
     private final Collection<String> optionalLabels = new ArrayList<>();
     private final Map<String, Boolean> enableMetrics = new HashMap<>();
     private boolean disableAll;
+    @Nullable
+    private TargetFilter targetFilter;
 
     private Builder() {}
 
@@ -421,6 +439,26 @@ Builder enableTracing(boolean enable) {
       return this;
     }
 
+    /**
+     * Sets an optional filter to control recording of the {@code grpc.target} metric
+     * attribute.
+     *
+     * <p>If the predicate returns {@code true}, the original target is recorded. Otherwise,
+     * the target is recorded as {@code "other"} to limit metric cardinality.
+     *
+     * <p>If unset, all targets are recorded as-is.
+     */
+    @ExperimentalApi("https://github.com/grpc/grpc-java/issues/12595")
+    @IgnoreJRERequirement
+    public Builder targetAttributeFilter(@Nullable Predicate<String> filter) {
+      if (filter == null) {
+        this.targetFilter = null;
+      } else {
+        this.targetFilter = filter::test;
+      }
+      return this;
+    }
+
     /**
      * Returns a new {@link GrpcOpenTelemetry} built with the configuration of this {@link
      * Builder}.
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
index 3e5137e0034..b05884305dc 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
@@ -45,6 +45,7 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.StreamTracer;
+import io.grpc.opentelemetry.GrpcOpenTelemetry.TargetFilter;
 import io.opentelemetry.api.baggage.Baggage;
 import io.opentelemetry.api.common.AttributesBuilder;
 import io.opentelemetry.context.Context;
@@ -68,6 +69,10 @@
  * tracer. It's the tracer that reports per-attempt stats, and the factory that reports the stats
  * of the overall RPC, such as RETRIES_PER_CALL, to OpenTelemetry.
  *
+ * <p>This module optionally applies a target attribute filter to limit the cardinality of
+ * the {@code grpc.target} attribute in client-side metrics by mapping disallowed targets
+ * to a stable placeholder value.
+ *
  * <p>On the server-side, there is only one ServerStream per each ServerCall, and ServerStream
  * starts earlier than the ServerCall. Therefore, only one tracer is created per stream/call, and
  * it's the tracer that reports the summary to OpenTelemetry.
@@ -95,15 +100,30 @@ final class OpenTelemetryMetricsModule {
   private final boolean localityEnabled;
   private final boolean backendServiceEnabled;
   private final ImmutableList<OpenTelemetryPlugin> plugins;
+  @Nullable
+  private final TargetFilter targetAttributeFilter;
 
   OpenTelemetryMetricsModule(Supplier<Stopwatch> stopwatchSupplier,
                              OpenTelemetryMetricsResource resource,
                              Collection<String> optionalLabels, List<OpenTelemetryPlugin> plugins) {
+    this(stopwatchSupplier, resource, optionalLabels, plugins, null);
+  }
+
+  OpenTelemetryMetricsModule(Supplier<Stopwatch> stopwatchSupplier,
+      OpenTelemetryMetricsResource resource,
+      Collection<String> optionalLabels, List<OpenTelemetryPlugin> plugins,
+      @Nullable TargetFilter targetAttributeFilter) {
     this.resource = checkNotNull(resource, "resource");
     this.stopwatchSupplier = checkNotNull(stopwatchSupplier, "stopwatchSupplier");
     this.localityEnabled = optionalLabels.contains(LOCALITY_KEY.getKey());
     this.backendServiceEnabled = optionalLabels.contains(BACKEND_SERVICE_KEY.getKey());
     this.plugins = ImmutableList.copyOf(plugins);
+    this.targetAttributeFilter = targetAttributeFilter;
+  }
+
+  @VisibleForTesting
+  TargetFilter getTargetAttributeFilter() {
+    return targetAttributeFilter;
   }
 
   /**
@@ -124,7 +144,15 @@ ClientInterceptor getClientInterceptor(String target) {
         pluginBuilder.add(plugin);
       }
     }
-    return new MetricsClientInterceptor(target, pluginBuilder.build());
+    String filteredTarget = recordTarget(target);
+    return new MetricsClientInterceptor(filteredTarget, pluginBuilder.build());
+  }
+
+  String recordTarget(String target) {
+    if (targetAttributeFilter == null || target == null) {
+      return target;
+    }
+    return targetAttributeFilter.test(target) ? target : "other";
   }
 
   static String recordMethodName(String fullMethodName, boolean isGeneratedMethod) {
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
index 1ae7b755a48..16cb02c61c2 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
@@ -29,6 +29,7 @@
 import io.grpc.MetricSink;
 import io.grpc.ServerBuilder;
 import io.grpc.internal.GrpcUtil;
+import io.grpc.opentelemetry.GrpcOpenTelemetry.TargetFilter;
 import io.opentelemetry.api.OpenTelemetry;
 import io.opentelemetry.sdk.OpenTelemetrySdk;
 import io.opentelemetry.sdk.metrics.SdkMeterProvider;
@@ -130,6 +131,18 @@ public void builderDefaults() {
     );
   }
 
+  @Test
+  public void builderTargetAttributeFilter() {
+    GrpcOpenTelemetry module = GrpcOpenTelemetry.newBuilder()
+        .targetAttributeFilter(t -> t.contains("allowed.com"))
+        .build();
+
+    TargetFilter internalFilter = module.getTargetAttributeFilter();
+
+    assertThat(internalFilter.test("allowed.com")).isTrue();
+    assertThat(internalFilter.test("example.com")).isFalse();
+  }
+
   @Test
   public void enableDisableMetrics() {
     GrpcOpenTelemetry.Builder builder = GrpcOpenTelemetry.newBuilder();
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
index 58759294fca..391f94cefea 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
@@ -51,6 +51,7 @@
 import io.grpc.inprocess.InProcessChannelBuilder;
 import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.internal.FakeClock;
+import io.grpc.opentelemetry.GrpcOpenTelemetry.TargetFilter;
 import io.grpc.opentelemetry.OpenTelemetryMetricsModule.CallAttemptsTracerFactory;
 import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
 import io.grpc.stub.MetadataUtils;
@@ -1667,12 +1668,149 @@ public void serverBaggagePropagationToMetrics() {
     assertEquals("67", capturedBaggage.getEntryValue("user-id"));
   }
 
+  @Test
+  public void targetAttributeFilter_notSet_usesOriginalTarget() {
+    // Test that when no filter is set, the original target is used
+    String target = "dns:///example.com";
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetricsMap, disableDefaultMetrics);
+    OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
+
+    Channel interceptedChannel =
+        ClientInterceptors.intercept(
+            grpcServerRule.getChannel(), module.getClientInterceptor(target));
+
+    ClientCall<String, String> call = interceptedChannel.newCall(method, CALL_OPTIONS);
+
+    // Make the call
+    Metadata headers = new Metadata();
+    call.start(mockClientCallListener, headers);
+
+    // End the call
+    call.halfClose();
+    call.request(1);
+
+    io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName());
+
+    assertThat(openTelemetryTesting.getMetrics())
+        .anySatisfy(
+            metric ->
+                assertThat(metric)
+                    .hasInstrumentationScope(InstrumentationScopeInfo.create(
+                        OpenTelemetryConstants.INSTRUMENTATION_SCOPE))
+                    .hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME)
+                    .hasUnit("{attempt}")
+                    .hasLongSumSatisfying(
+                        longSum ->
+                            longSum
+                                .hasPointsSatisfying(
+                                    point ->
+                                        point
+                                            .hasAttributes(attributes))));
+  }
+
+  @Test
+  public void targetAttributeFilter_allowsTarget_usesOriginalTarget() {
+    // Test that when filter allows the target, the original target is used
+    String target = "dns:///example.com";
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetricsMap, disableDefaultMetrics);
+    OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource,
+        t -> t.contains("example.com"));
+
+    Channel interceptedChannel =
+        ClientInterceptors.intercept(
+            grpcServerRule.getChannel(), module.getClientInterceptor(target));
+
+    ClientCall<String, String> call = interceptedChannel.newCall(method, CALL_OPTIONS);
+
+    // Make the call
+    Metadata headers = new Metadata();
+    call.start(mockClientCallListener, headers);
+
+    // End the call
+    call.halfClose();
+    call.request(1);
+
+    io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, target,
+        METHOD_KEY, method.getFullMethodName());
+
+    assertThat(openTelemetryTesting.getMetrics())
+        .anySatisfy(
+            metric ->
+                assertThat(metric)
+                    .hasInstrumentationScope(InstrumentationScopeInfo.create(
+                        OpenTelemetryConstants.INSTRUMENTATION_SCOPE))
+                    .hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME)
+                    .hasUnit("{attempt}")
+                    .hasLongSumSatisfying(
+                        longSum ->
+                            longSum
+                                .hasPointsSatisfying(
+                                    point ->
+                                        point
+                                            .hasAttributes(attributes))));
+  }
+
+  @Test
+  public void targetAttributeFilter_rejectsTarget_mapsToOther() {
+    // Test that when filter rejects the target, it is mapped to "other"
+    String target = "dns:///example.com";
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetricsMap, disableDefaultMetrics);
+    OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource,
+        t -> t.contains("allowed.com"));
+
+    Channel interceptedChannel =
+        ClientInterceptors.intercept(
+            grpcServerRule.getChannel(), module.getClientInterceptor(target));
+
+    ClientCall<String, String> call = interceptedChannel.newCall(method, CALL_OPTIONS);
+
+    // Make the call
+    Metadata headers = new Metadata();
+    call.start(mockClientCallListener, headers);
+
+    // End the call
+    call.halfClose();
+    call.request(1);
+
+    io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
+        TARGET_KEY, "other",
+        METHOD_KEY, method.getFullMethodName());
+
+    assertThat(openTelemetryTesting.getMetrics())
+        .anySatisfy(
+            metric ->
+                assertThat(metric)
+                    .hasInstrumentationScope(InstrumentationScopeInfo.create(
+                        OpenTelemetryConstants.INSTRUMENTATION_SCOPE))
+                    .hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME)
+                    .hasUnit("{attempt}")
+                    .hasLongSumSatisfying(
+                        longSum ->
+                            longSum
+                                .hasPointsSatisfying(
+                                    point ->
+                                        point
+                                            .hasAttributes(attributes))));
+  }
+
   private OpenTelemetryMetricsModule newOpenTelemetryMetricsModule(
       OpenTelemetryMetricsResource resource) {
     return new OpenTelemetryMetricsModule(
         fakeClock.getStopwatchSupplier(), resource, emptyList(), emptyList());
   }
 
+  private OpenTelemetryMetricsModule newOpenTelemetryMetricsModule(
+      OpenTelemetryMetricsResource resource, TargetFilter filter) {
+    return new OpenTelemetryMetricsModule(
+        fakeClock.getStopwatchSupplier(), resource, emptyList(), emptyList(), filter);
+  }
+
   static class CallInfo<ReqT, RespT> extends ServerCallInfo<ReqT, RespT> {
     private final MethodDescriptor<ReqT, RespT> methodDescriptor;
     private final Attributes attributes;

From 59a64f0b685f32b70b9bf73c7e15a5b0f847f767 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 12 Jan 2026 05:10:33 -0800
Subject: [PATCH 514/591] core: Use FlagResetRule to set/restore system
 properties in DnsNameResolverTest (#12604)

---
 .../io/grpc/internal/DnsNameResolverTest.java | 35 ++++++-------------
 .../java/io/grpc/internal/FlagResetRule.java  | 30 ++++++++++++++++
 2 files changed, 40 insertions(+), 25 deletions(-)

diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
index f5be078f83a..b50dd5bcca3 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
@@ -17,6 +17,7 @@
 package io.grpc.internal;
 
 import static com.google.common.truth.Truth.assertThat;
+import static io.grpc.internal.DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -78,8 +79,6 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
-import javax.annotation.Nullable;
-import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -100,6 +99,7 @@ public class DnsNameResolverTest {
 
   @Rule public final TestRule globalTimeout = new DisableOnDebug(Timeout.seconds(10));
   @Rule public final MockitoRule mocks = MockitoJUnit.rule();
+  @Rule public final FlagResetRule flagResetRule = new FlagResetRule();
 
   private final Map<String, ?> serviceConfig = new LinkedHashMap<>();
 
@@ -152,8 +152,6 @@ public void close(Executor instance) {}
   private NameResolver.Listener2 mockListener;
   @Captor
   private ArgumentCaptor<ResolutionResult> resultCaptor;
-  @Nullable
-  private String networkaddressCacheTtlPropertyValue;
   @Mock
   private RecordFetcher recordFetcher;
   @Mock private ProxyDetector mockProxyDetector;
@@ -213,24 +211,11 @@ private RetryingNameResolver newResolver(
   @Before
   public void setUp() {
     DnsNameResolver.enableJndi = true;
-    networkaddressCacheTtlPropertyValue =
-        System.getProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY);
 
     // By default the mock listener processes the result successfully.
     when(mockListener.onResult2(isA(ResolutionResult.class))).thenReturn(Status.OK);
   }
 
-  @After
-  public void restoreSystemProperty() {
-    if (networkaddressCacheTtlPropertyValue == null) {
-      System.clearProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY);
-    } else {
-      System.setProperty(
-          DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY,
-          networkaddressCacheTtlPropertyValue);
-    }
-  }
-
   @Test
   public void invalidDnsName() throws Exception {
     testInvalidUri(new URI("dns", null, "/[invalid]", null));
@@ -275,19 +260,19 @@ public void invalidDnsName_containsUnderscore() {
 
   @Test
   public void resolve_androidIgnoresPropertyValue() throws Exception {
-    System.setProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY, Long.toString(2));
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "2");
     resolveNeverCache(true);
   }
 
   @Test
   public void resolve_androidIgnoresPropertyValueCacheForever() throws Exception {
-    System.setProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY, Long.toString(-1));
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "-1");
     resolveNeverCache(true);
   }
 
   @Test
   public void resolve_neverCache() throws Exception {
-    System.setProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY, "0");
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "0");
     resolveNeverCache(false);
   }
 
@@ -387,7 +372,7 @@ public void execute(Runnable command) {
 
   @Test
   public void resolve_cacheForever() throws Exception {
-    System.setProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY, "-1");
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "-1");
     final List<InetAddress> answer1 = createAddressList(2);
     String name = "foo.googleapis.com";
     FakeTicker fakeTicker = new FakeTicker();
@@ -421,7 +406,7 @@ public void resolve_cacheForever() throws Exception {
   @Test
   public void resolve_usingCache() throws Exception {
     long ttl = 60;
-    System.setProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY, Long.toString(ttl));
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, Long.toString(ttl));
     final List<InetAddress> answer = createAddressList(2);
     String name = "foo.googleapis.com";
     FakeTicker fakeTicker = new FakeTicker();
@@ -456,7 +441,7 @@ public void resolve_usingCache() throws Exception {
   @Test
   public void resolve_cacheExpired() throws Exception {
     long ttl = 60;
-    System.setProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY, Long.toString(ttl));
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, Long.toString(ttl));
     final List<InetAddress> answer1 = createAddressList(2);
     final List<InetAddress> answer2 = createAddressList(1);
     String name = "foo.googleapis.com";
@@ -491,13 +476,13 @@ public void resolve_cacheExpired() throws Exception {
 
   @Test
   public void resolve_invalidTtlPropertyValue() throws Exception {
-    System.setProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY, "not_a_number");
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "not_a_number");
     resolveDefaultValue();
   }
 
   @Test
   public void resolve_noPropertyValue() throws Exception {
-    System.clearProperty(DnsNameResolver.NETWORKADDRESS_CACHE_TTL_PROPERTY);
+    flagResetRule.clearSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY);
     resolveDefaultValue();
   }
 
diff --git a/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java b/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java
index dbcaca79358..96125cd0c8a 100644
--- a/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java
+++ b/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java
@@ -18,6 +18,7 @@
 
 import java.util.ArrayDeque;
 import java.util.Deque;
+import javax.annotation.Nullable;
 import org.junit.rules.ExternalResource;
 
 /**
@@ -45,6 +46,35 @@ public <T> void setFlagForTest(SetterMethod<T> setter, T value) {
     toRunAfter.push(() -> setter.set(oldValue));
   }
 
+  /**
+   * Sets java system property 'key' to 'value' and arranges for its previous value to be
+   * unconditionally restored when the test completes.
+   */
+  public void setSystemPropertyForTest(String key, String value) {
+    String oldValue = System.setProperty(key, value);
+    restoreSystemPropertyAfterTest(key, oldValue);
+  }
+
+  /**
+   * Clears java system property 'key' and arranges for its previous value to be unconditionally
+   * restored when the test completes.
+   */
+  public void clearSystemPropertyForTest(String key) {
+    String oldValue = System.clearProperty(key);
+    restoreSystemPropertyAfterTest(key, oldValue);
+  }
+
+  private void restoreSystemPropertyAfterTest(String key, @Nullable String oldValue) {
+    toRunAfter.push(
+        () -> {
+          if (oldValue == null) {
+            System.clearProperty(key);
+          } else {
+            System.setProperty(key, oldValue);
+          }
+        });
+  }
+
   @Override
   protected void after() {
     RuntimeException toThrow = null;

From 65596ae3a9cdf420d91748e5ad1779ad92e14627 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 12 Jan 2026 05:20:15 -0800
Subject: [PATCH 515/591] core: Move 4 test cases from DnsNameResolverTest to
 DnsNameResolverProviderTest (#12605)

These test cases make use of DnsNameResolverProvider but also cover some
logic from DnsNameResolverProvider's ctor. They could reasonably live in
either file but DnsNameResolverProviderTest already knows how to test
the new RFC 3986 newNameResolver() overload.

Leaves DnsNameResolverTest.java without any `java.net.URI` usage, which
makes sense because DnsNameResolver's public API does not mention
java.net.URI.

Removed test helpers that asserted more than "a single conceptual fact"
per

https://abseil.io/resources/swe-book/html/ch12.html#shared_helpers_and_validation
---
 .../internal/DnsNameResolverProviderTest.java | 27 ++++++++++
 .../io/grpc/internal/DnsNameResolverTest.java | 50 +------------------
 2 files changed, 28 insertions(+), 49 deletions(-)

diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
index fabecea0bad..787272cf630 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.TruthJUnit.assume;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
 
@@ -75,6 +76,7 @@ public void newNameResolver_acceptsHostAndPort() {
     assertThat(nameResolver).isNotNull();
     assertThat(nameResolver.getClass()).isSameInstanceAs(DnsNameResolver.class);
     assertThat(nameResolver.getServiceAuthority()).isEqualTo("localhost:443");
+    assertThat(((DnsNameResolver) nameResolver).getPort()).isEqualTo(443);
   }
 
   @Test
@@ -92,6 +94,15 @@ public void newNameResolver_rejectsNonDnsScheme() {
     assertThat(nameResolver).isNull();
   }
 
+  @Test
+  public void newNameResolver_validDnsNameWithoutPort_usesDefaultPort() {
+    DnsNameResolver nameResolver =
+        (DnsNameResolver) newNameResolver("dns:/foo.googleapis.com", args);
+    assertThat(nameResolver).isNotNull();
+    assertThat(nameResolver.getServiceAuthority()).isEqualTo("foo.googleapis.com");
+    assertThat(nameResolver.getPort()).isEqualTo(args.getDefaultPort());
+  }
+
   @Test
   public void newNameResolver_toleratesTrailingPathSegments() {
     NameResolver nameResolver = newNameResolver("dns:///foo.googleapis.com/ig/nor/ed", args);
@@ -108,6 +119,22 @@ public void newNameResolver_toleratesAuthority() {
     assertThat(nameResolver.getServiceAuthority()).isEqualTo("foo.googleapis.com");
   }
 
+  @Test
+  public void newNameResolver_validIpv6Host() {
+    NameResolver nameResolver = newNameResolver("dns:/%5B::1%5D", args);
+    assertThat(nameResolver).isNotNull();
+    assertThat(nameResolver.getClass()).isSameInstanceAs(DnsNameResolver.class);
+    assertThat(nameResolver.getServiceAuthority()).isEqualTo("[::1]");
+  }
+
+  @Test
+  public void newNameResolver_invalidIpv6Host_throws() {
+    IllegalArgumentException e =
+        assertThrows(
+            IllegalArgumentException.class, () -> newNameResolver("dns:/%5Binvalid%5D", args));
+    assertThat(e).hasMessageThat().contains("invalid");
+  }
+
   private NameResolver newNameResolver(String uriString, NameResolver.Args args) {
     return enableRfc3986UrisParam
         ? provider.newNameResolver(Uri.create(uriString), args)
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
index b50dd5bcca3..c6067d305b5 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
@@ -64,7 +64,6 @@
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
-import java.net.URI;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -112,7 +111,6 @@ public void uncaughtException(Thread t, Throwable e) {
         }
       });
 
-  private final DnsNameResolverProvider provider = new DnsNameResolverProvider();
   private final FakeClock fakeClock = new FakeClock();
   private final FakeClock fakeExecutor = new FakeClock();
   private static final FakeClock.TaskFilter NAME_RESOLVER_REFRESH_TASK_FILTER =
@@ -139,15 +137,6 @@ public Executor create() {
     public void close(Executor instance) {}
   }
 
-  private final NameResolver.Args args = NameResolver.Args.newBuilder()
-      .setDefaultPort(DEFAULT_PORT)
-      .setProxyDetector(GrpcUtil.DEFAULT_PROXY_DETECTOR)
-      .setSynchronizationContext(syncContext)
-      .setServiceConfigParser(mock(ServiceConfigParser.class))
-      .setChannelLogger(mock(ChannelLogger.class))
-      .setScheduledExecutorService(fakeExecutor.getScheduledExecutorService())
-      .build();
-
   @Mock
   private NameResolver.Listener2 mockListener;
   @Captor
@@ -167,6 +156,7 @@ private RetryingNameResolver newResolver(String name, int defaultPort, boolean i
         isAndroid);
   }
 
+
   private RetryingNameResolver newResolver(
       String name,
       int defaultPort,
@@ -216,28 +206,6 @@ public void setUp() {
     when(mockListener.onResult2(isA(ResolutionResult.class))).thenReturn(Status.OK);
   }
 
-  @Test
-  public void invalidDnsName() throws Exception {
-    testInvalidUri(new URI("dns", null, "/[invalid]", null));
-  }
-
-  @Test
-  public void validIpv6() throws Exception {
-    testValidUri(new URI("dns", null, "/[::1]", null), "[::1]", DEFAULT_PORT);
-  }
-
-  @Test
-  public void validDnsNameWithoutPort() throws Exception {
-    testValidUri(new URI("dns", null, "/foo.googleapis.com", null),
-        "foo.googleapis.com", DEFAULT_PORT);
-  }
-
-  @Test
-  public void validDnsNameWithPort() throws Exception {
-    testValidUri(new URI("dns", null, "/foo.googleapis.com:456", null),
-        "foo.googleapis.com:456", 456);
-  }
-
   @Test
   public void nullDnsName() {
     try {
@@ -1284,22 +1252,6 @@ public void parseServiceConfig_matches() {
     assertThat(result.getConfig()).isEqualTo(ImmutableMap.of());
   }
 
-  private void testInvalidUri(URI uri) {
-    try {
-      provider.newNameResolver(uri, args);
-      fail("Should have failed");
-    } catch (IllegalArgumentException e) {
-      // expected
-    }
-  }
-
-  private void testValidUri(URI uri, String exportedAuthority, int expectedPort) {
-    DnsNameResolver resolver = (DnsNameResolver) provider.newNameResolver(uri, args);
-    assertNotNull(resolver);
-    assertEquals(expectedPort, resolver.getPort());
-    assertEquals(exportedAuthority, resolver.getServiceAuthority());
-  }
-
   private byte lastByte = 0;
 
   private List<InetAddress> createAddressList(int n) throws UnknownHostException {

From c589bef18f33c1aead47382391adba70f8bd4655 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 13 Jan 2026 12:33:54 -0800
Subject: [PATCH 516/591] core: clarify dns javadoc/test about trailing path
 segments

---
 .../io/grpc/internal/DnsNameResolverProvider.java     | 11 ++++++-----
 .../io/grpc/internal/DnsNameResolverProviderTest.java |  2 ++
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DnsNameResolverProvider.java b/core/src/main/java/io/grpc/internal/DnsNameResolverProvider.java
index 16edf767901..14b56f1a12a 100644
--- a/core/src/main/java/io/grpc/internal/DnsNameResolverProvider.java
+++ b/core/src/main/java/io/grpc/internal/DnsNameResolverProvider.java
@@ -33,11 +33,12 @@
  * A provider for {@link DnsNameResolver}.
  *
  * <p>It resolves a target URI whose scheme is {@code "dns"}. The (optional) authority of the target
- * URI is reserved for the address of alternative DNS server (not implemented yet). The first path
- * segment of the hierarchical target URI is interpreted as an RFC 2396 "server-based" authority and
- * used as the "service authority" of the resulting {@link NameResolver}. The "host" part of this
- * authority is the name to be resolved by DNS. The "port" part of this authority (if present) will
- * become the port number for all {@link InetSocketAddress} produced by this resolver. For example:
+ * URI is reserved for the address of alternative DNS server (not implemented yet). The target URI
+ * must be hierarchical and have exactly one path segment which will be interpreted as an RFC 2396
+ * "server-based" authority and used as the "service authority" of the resulting {@link
+ * NameResolver}. The "host" part of this authority is the name to be resolved by DNS. The "port"
+ * part of this authority (if present) will become the port number for all {@link InetSocketAddress}
+ * produced by this resolver. For example:
  *
  * <ul>
  *   <li>{@code "dns:///foo.googleapis.com:8080"} (using default DNS)</li>
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
index 787272cf630..75b82df544f 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverProviderTest.java
@@ -103,6 +103,8 @@ public void newNameResolver_validDnsNameWithoutPort_usesDefaultPort() {
     assertThat(nameResolver.getPort()).isEqualTo(args.getDefaultPort());
   }
 
+  // TODO(jdcormie): Trailing path segments *should* be forbidden. This test just demonstrates that
+  // both newNameResolver() overloads behave the same with respect to this bug.
   @Test
   public void newNameResolver_toleratesTrailingPathSegments() {
     NameResolver nameResolver = newNameResolver("dns:///foo.googleapis.com/ig/nor/ed", args);

From 7a1c79ef2e707b2743b2c6c8a69bc5e0340f2140 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Tue, 20 Jan 2026 11:23:03 +0530
Subject: [PATCH 517/591] Start 1.80.0 development cycle (#12616)

---
 MODULE.bazel                                           |  2 +-
 build.gradle                                           |  2 +-
 .../src/test/golden/TestDeprecatedService.java.txt     |  2 +-
 compiler/src/test/golden/TestService.java.txt          |  2 +-
 core/src/main/java/io/grpc/internal/GrpcUtil.java      |  2 +-
 examples/MODULE.bazel                                  |  2 +-
 examples/android/clientcache/app/build.gradle          | 10 +++++-----
 examples/android/helloworld/app/build.gradle           |  8 ++++----
 examples/android/routeguide/app/build.gradle           |  8 ++++----
 examples/android/strictmode/app/build.gradle           |  8 ++++----
 examples/build.gradle                                  |  2 +-
 examples/example-alts/build.gradle                     |  2 +-
 examples/example-debug/build.gradle                    |  2 +-
 examples/example-debug/pom.xml                         |  4 ++--
 examples/example-dualstack/build.gradle                |  2 +-
 examples/example-dualstack/pom.xml                     |  4 ++--
 examples/example-gauth/build.gradle                    |  2 +-
 examples/example-gauth/pom.xml                         |  4 ++--
 examples/example-gcp-csm-observability/build.gradle    |  2 +-
 examples/example-gcp-observability/build.gradle        |  2 +-
 examples/example-hostname/build.gradle                 |  2 +-
 examples/example-hostname/pom.xml                      |  4 ++--
 examples/example-jwt-auth/build.gradle                 |  2 +-
 examples/example-jwt-auth/pom.xml                      |  4 ++--
 examples/example-oauth/build.gradle                    |  2 +-
 examples/example-oauth/pom.xml                         |  4 ++--
 examples/example-opentelemetry/build.gradle            |  2 +-
 examples/example-orca/build.gradle                     |  2 +-
 examples/example-reflection/build.gradle               |  2 +-
 examples/example-servlet/build.gradle                  |  2 +-
 examples/example-tls/build.gradle                      |  2 +-
 examples/example-tls/pom.xml                           |  4 ++--
 examples/example-xds/build.gradle                      |  2 +-
 examples/pom.xml                                       |  4 ++--
 34 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 763897bb383..35b4e7adfda 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -1,6 +1,6 @@
 module(
     name = "grpc-java",
-    version = "1.79.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.80.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
 )
diff --git a/build.gradle b/build.gradle
index 91690c1e3c3..10a5c5cbbc2 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.79.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.80.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index 5289f632637..ed2eab9a696 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.79.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.80.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index b603c40f09f..2afdfdbf206 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.79.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.80.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index 1b5feeccb4a..d8d0c1b2dc5 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.79.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.80.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 36fbdeb8420..489cf3e3f5c 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,4 +1,4 @@
-bazel_dep(name = "grpc-java", version = "1.79.0-SNAPSHOT", repo_name = "io_grpc_grpc_java")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", version = "1.80.0-SNAPSHOT", repo_name = "io_grpc_grpc_java")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "rules_java", version = "9.3.0")
 bazel_dep(name = "grpc-proto", version = "0.0.0-20240627-ec30f58", repo_name = "io_grpc_grpc_proto")
 bazel_dep(name = "protobuf", version = "33.1", repo_name = "com_google_protobuf")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 61d29f253c9..2870850562d 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,11 +54,11 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.4.5'
-    testImplementation 'io.grpc:grpc-testing:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 5df93b8cd6e..afc2a97e92f 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index ff133450f0e..c6fb344e82e 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index 40155447d7b..fad9bfb58fb 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,7 +53,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index cc8f15fd9c9..cfaea82333a 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 97233a56775..939b6ff73e4 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index 517948dec81..bb7c85cb2be 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index 5a521e746b3..cef96ad17fe 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index cd6f2885779..0b5e165f692 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 05a873a7c49..96be352c45f 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index ecd03182cfc..48294d0a5b3 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 80db41266aa..9c520141027 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 5ed39227f41..6d20464e567 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.56.0'
 def openTelemetryPrometheusVersion = '1.56.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index 8ed29af77ec..c64eed714c9 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index ffe52075785..0facab784d3 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index c302537146f..c21e85d1333 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 938eb424c81..224d822f2e3 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 5a0697b2357..6208b1251f0 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index e8c649f424a..63dd47fc61b 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 70b9682bb11..cac1a949a85 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index 17286dcd546..ab703b5acda 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.56.0'
 def openTelemetryPrometheusVersion = '1.56.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index b4d66282dab..049158088ec 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index 472281c4b79..c06f276c2a0 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index 12458971e30..a41e998a455 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index d88bced17bf..8d410146570 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index 6f7243be5a6..9dd823ad563 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index fe74bada961..f04cedc5a74 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.79.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 642e0983e03..4deaaca54a4 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.79.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.79.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for JDK 8 -->

From 50c18f183a4f9178372a88cb0a4d4ffdcb6539a9 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Tue, 20 Jan 2026 12:01:47 +0530
Subject: [PATCH 518/591] Upgrade to protobuf 33.4 (#12615)

Per https://github.com/protocolbuffers/protobuf/releases

```
okshiva@okshiva-mac2 grpc-java % curl -sL https://github.com/protocolbuffers/protobuf/releases/download/v33.4/protobuf-33.4.tar.gz | shasum -a 256
bc670a4e34992c175137ddda24e76562bb928f849d712a0e3c2fb2e19249bea1
```
---
 MODULE.bazel                       | 2 +-
 buildscripts/kokoro/windows32.bat  | 2 +-
 buildscripts/kokoro/windows64.bat  | 2 +-
 buildscripts/make_dependencies.bat | 2 +-
 buildscripts/make_dependencies.sh  | 2 +-
 repositories.bzl                   | 6 +++---
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 35b4e7adfda..81d80ed7e1a 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -50,7 +50,7 @@ bazel_dep(name = "bazel_jar_jar", version = "0.1.11.bcr.1")
 bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "googleapis", version = "0.0.0-20240326-1c8d509c5", repo_name = "com_google_googleapis")
 bazel_dep(name = "grpc-proto", version = "0.0.0-20240627-ec30f58.bcr.1", repo_name = "io_grpc_grpc_proto")
-bazel_dep(name = "protobuf", version = "33.1", repo_name = "com_google_protobuf")
+bazel_dep(name = "protobuf", version = "33.4", repo_name = "com_google_protobuf")
 bazel_dep(name = "rules_cc", version = "0.0.9")
 bazel_dep(name = "rules_java", version = "9.1.0")
 bazel_dep(name = "rules_jvm_external", version = "6.0")
diff --git a/buildscripts/kokoro/windows32.bat b/buildscripts/kokoro/windows32.bat
index e98cceb0905..d51beba82f9 100644
--- a/buildscripts/kokoro/windows32.bat
+++ b/buildscripts/kokoro/windows32.bat
@@ -25,7 +25,7 @@ cd "%WORKSPACE%"
 
 SET TARGET_ARCH=x86_32
 SET FAIL_ON_WARNINGS=true
-SET PROTOBUF_VER=33.1
+SET PROTOBUF_VER=33.4
 SET PKG_CONFIG_PATH=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib\\pkgconfig
 SET VC_PROTOBUF_LIBS=/LIBPATH:%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib
 SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper32\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\include
diff --git a/buildscripts/kokoro/windows64.bat b/buildscripts/kokoro/windows64.bat
index d5798c634d0..180025d5e82 100644
--- a/buildscripts/kokoro/windows64.bat
+++ b/buildscripts/kokoro/windows64.bat
@@ -24,7 +24,7 @@ cd "%WORKSPACE%"
 
 SET TARGET_ARCH=x86_64
 SET FAIL_ON_WARNINGS=true
-SET PROTOBUF_VER=33.1
+SET PROTOBUF_VER=33.4
 SET PKG_CONFIG_PATH=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib\\pkgconfig
 SET VC_PROTOBUF_LIBS=/LIBPATH:%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\lib
 SET VC_PROTOBUF_INCLUDE=%ESCWORKSPACE%\\grpc-java-helper64\\protobuf-%PROTOBUF_VER%\\build\\protobuf-%PROTOBUF_VER%\\include
diff --git a/buildscripts/make_dependencies.bat b/buildscripts/make_dependencies.bat
index a167b8e59b2..a11f84d998e 100644
--- a/buildscripts/make_dependencies.bat
+++ b/buildscripts/make_dependencies.bat
@@ -1,7 +1,7 @@
 choco install -y pkgconfiglite
 choco install -y openjdk --version=17.0
 set PATH=%PATH%;"c:\Program Files\OpenJDK\jdk-17\bin"
-set PROTOBUF_VER=33.1
+set PROTOBUF_VER=33.4
 set ABSL_VERSION=20250127.1
 set CMAKE_NAME=cmake-3.26.3-windows-x86_64
 
diff --git a/buildscripts/make_dependencies.sh b/buildscripts/make_dependencies.sh
index 9612199540b..8cbefddd2eb 100755
--- a/buildscripts/make_dependencies.sh
+++ b/buildscripts/make_dependencies.sh
@@ -3,7 +3,7 @@
 # Build protoc
 set -evux -o pipefail
 
-PROTOBUF_VERSION=33.1
+PROTOBUF_VERSION=33.4
 ABSL_VERSION=20250127.1
 
 # ARCH is x86_64 bit unless otherwise specified.
diff --git a/repositories.bzl b/repositories.bzl
index 33efebaf5b3..c89e1bdff32 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -116,9 +116,9 @@ def com_google_protobuf():
     # This statement defines the @com_google_protobuf repo.
     http_archive(
         name = "com_google_protobuf",
-        sha256 = "fda132cb0c86400381c0af1fe98bd0f775cb566cb247cdcc105e344e00acc30e",
-        strip_prefix = "protobuf-33.1",
-        urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v33.1/protobuf-33.1.tar.gz"],
+        sha256 = "bc670a4e34992c175137ddda24e76562bb928f849d712a0e3c2fb2e19249bea1",
+        strip_prefix = "protobuf-33.4",
+        urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v33.4/protobuf-33.4.tar.gz"],
     )
 
 def io_grpc_grpc_proto():

From 990348876b839bd3a50be344c3eecf9730519227 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 20 Jan 2026 05:30:44 -0800
Subject: [PATCH 519/591] api: Update NameResolverRegistry for io.grpc.Uri
 (#12609)

---
 .../java/io/grpc/NameResolverRegistry.java    |   7 +
 .../io/grpc/NameResolverRegistryTest.java     | 165 +++++++++++++-----
 2 files changed, 129 insertions(+), 43 deletions(-)

diff --git a/api/src/main/java/io/grpc/NameResolverRegistry.java b/api/src/main/java/io/grpc/NameResolverRegistry.java
index 26eb5552b9b..b31c49d63fc 100644
--- a/api/src/main/java/io/grpc/NameResolverRegistry.java
+++ b/api/src/main/java/io/grpc/NameResolverRegistry.java
@@ -182,6 +182,13 @@ public NameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
       return provider == null ? null : provider.newNameResolver(targetUri, args);
     }
 
+    @Override
+    @Nullable
+    public NameResolver newNameResolver(io.grpc.Uri targetUri, NameResolver.Args args) {
+      NameResolverProvider provider = getProviderForScheme(targetUri.getScheme());
+      return provider == null ? null : provider.newNameResolver(targetUri, args);
+    }
+
     @Override
     public String getDefaultScheme() {
       return NameResolverRegistry.this.getDefaultScheme();
diff --git a/api/src/test/java/io/grpc/NameResolverRegistryTest.java b/api/src/test/java/io/grpc/NameResolverRegistryTest.java
index 2fd23e3a974..8191815477c 100644
--- a/api/src/test/java/io/grpc/NameResolverRegistryTest.java
+++ b/api/src/test/java/io/grpc/NameResolverRegistryTest.java
@@ -33,7 +33,8 @@
 /** Unit tests for {@link NameResolverRegistry}. */
 @RunWith(JUnit4.class)
 public class NameResolverRegistryTest {
-  private final URI uri = URI.create("dns:///localhost");
+  private final URI javaNetUri = URI.create("dns:///localhost");
+  private final Uri ioGrpcUri = Uri.create("dns:///localhost");
   private final NameResolver.Args args = NameResolver.Args.newBuilder()
       .setDefaultPort(8080)
       .setProxyDetector(mock(ProxyDetector.class))
@@ -96,43 +97,80 @@ public void getDefaultScheme_noProvider() {
   }
 
   @Test
-  public void newNameResolver_providerReturnsNull() {
+  public void newNameResolver_providerReturnsNull_ioGrpcUri() {
     NameResolverRegistry registry = new NameResolverRegistry();
     registry.register(
         new BaseProvider(true, 5, "noScheme") {
           @Override
           public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs) {
-            assertThat(passedUri).isSameInstanceAs(uri);
+            assertThat(passedUri).isSameInstanceAs(ioGrpcUri);
             assertThat(passedArgs).isSameInstanceAs(args);
             return null;
           }
         });
-    assertThat(registry.asFactory().newNameResolver(uri, args)).isNull();
+    assertThat(registry.asFactory().newNameResolver(ioGrpcUri, args)).isNull();
     assertThat(registry.asFactory().getDefaultScheme()).isEqualTo("noScheme");
   }
 
   @Test
-  public void newNameResolver_providerReturnsNonNull() {
+  public void newNameResolver_providerReturnsNull_javaNetUri() {
     NameResolverRegistry registry = new NameResolverRegistry();
-    registry.register(new BaseProvider(true, 5, uri.getScheme()) {
-      @Override
-      public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs) {
-        return null;
-      }
-    });
-    final NameResolver nr = new NameResolver() {
-      @Override public String getServiceAuthority() {
-        throw new UnsupportedOperationException();
-      }
+    registry.register(
+        new BaseProvider(true, 5, "noScheme") {
+          @Override
+          public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs) {
+            assertThat(passedUri).isSameInstanceAs(javaNetUri);
+            assertThat(passedArgs).isSameInstanceAs(args);
+            return null;
+          }
+        });
+    assertThat(registry.asFactory().newNameResolver(javaNetUri, args)).isNull();
+    assertThat(registry.asFactory().getDefaultScheme()).isEqualTo("noScheme");
+  }
 
-      @Override public void start(Listener2 listener) {
-        throw new UnsupportedOperationException();
-      }
+  @Test
+  public void newNameResolver_providerReturnsNonNull_ioGrpcUri() {
+    NameResolverRegistry registry = new NameResolverRegistry();
+    Uri uri = ioGrpcUri;
+    registry.register(
+        new BaseProvider(true, 5, uri.getScheme()) {
+          @Override
+          public NameResolver newNameResolver(Uri passedUri, NameResolver.Args passedArgs) {
+            return null;
+          }
+        });
+    final NameResolver nr = new DummyNameResolver();
+    registry.register(
+        new BaseProvider(true, 4, uri.getScheme()) {
+          @Override
+          public NameResolver newNameResolver(Uri passedUri, NameResolver.Args passedArgs) {
+            return nr;
+          }
+        });
+    registry.register(
+        new BaseProvider(true, 3, uri.getScheme()) {
+          @Override
+          public NameResolver newNameResolver(Uri passedUri, NameResolver.Args passedArgs) {
+            fail("Should not be called");
+            throw new AssertionError();
+          }
+        });
+    assertThat(registry.asFactory().newNameResolver(uri, args)).isNull();
+    assertThat(registry.asFactory().getDefaultScheme()).isEqualTo(uri.getScheme());
+  }
 
-      @Override public void shutdown() {
-        throw new UnsupportedOperationException();
-      }
-    };
+  @Test
+  public void newNameResolver_providerReturnsNonNull_javaNetUri() {
+    NameResolverRegistry registry = new NameResolverRegistry();
+    URI uri = javaNetUri;
+    registry.register(
+        new BaseProvider(true, 5, uri.getScheme()) {
+          @Override
+          public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs) {
+            return null;
+          }
+        });
+    final NameResolver nr = new DummyNameResolver();
     registry.register(
         new BaseProvider(true, 4, uri.getScheme()) {
           @Override
@@ -153,27 +191,45 @@ public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs)
   }
 
   @Test
-  public void newNameResolver_multipleScheme() {
+  public void newNameResolver_multipleScheme_ioGrpcUri() {
     NameResolverRegistry registry = new NameResolverRegistry();
-    registry.register(new BaseProvider(true, 5, uri.getScheme()) {
-      @Override
-      public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs) {
-        return null;
-      }
-    });
-    final NameResolver nr = new NameResolver() {
-      @Override public String getServiceAuthority() {
-        throw new UnsupportedOperationException();
-      }
+    Uri uri = ioGrpcUri;
+    registry.register(
+        new BaseProvider(true, 5, uri.getScheme()) {
+          @Override
+          public NameResolver newNameResolver(Uri passedUri, NameResolver.Args passedArgs) {
+            return null;
+          }
+        });
+    final NameResolver nr = new DummyNameResolver();
+    registry.register(
+        new BaseProvider(true, 4, "other") {
+          @Override
+          public NameResolver newNameResolver(Uri passedUri, NameResolver.Args passedArgs) {
+            return nr;
+          }
+        });
 
-      @Override public void start(Listener2 listener) {
-        throw new UnsupportedOperationException();
-      }
+    assertThat(registry.asFactory().newNameResolver(uri, args)).isNull();
+    assertThat(registry.asFactory().newNameResolver(Uri.create("other:///0.0.0.0:80"), args))
+        .isSameInstanceAs(nr);
+    assertThat(registry.asFactory().newNameResolver(Uri.create("OTHER:///0.0.0.0:80"), args))
+        .isSameInstanceAs(nr);
+    assertThat(registry.asFactory().getDefaultScheme()).isEqualTo("dns");
+  }
 
-      @Override public void shutdown() {
-        throw new UnsupportedOperationException();
-      }
-    };
+  @Test
+  public void newNameResolver_multipleScheme_javaNetUri() {
+    NameResolverRegistry registry = new NameResolverRegistry();
+    URI uri = javaNetUri;
+    registry.register(
+        new BaseProvider(true, 5, uri.getScheme()) {
+          @Override
+          public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs) {
+            return null;
+          }
+        });
+    final NameResolver nr = new DummyNameResolver();
     registry.register(
         new BaseProvider(true, 4, "other") {
           @Override
@@ -186,16 +242,17 @@ public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs)
     assertThat(registry.asFactory().newNameResolver(URI.create("/0.0.0.0:80"), args)).isNull();
     assertThat(registry.asFactory().newNameResolver(URI.create("///0.0.0.0:80"), args)).isNull();
     assertThat(registry.asFactory().newNameResolver(URI.create("other:///0.0.0.0:80"), args))
-            .isSameInstanceAs(nr);
+        .isSameInstanceAs(nr);
     assertThat(registry.asFactory().newNameResolver(URI.create("OTHER:///0.0.0.0:80"), args))
-            .isSameInstanceAs(nr);
+        .isSameInstanceAs(nr);
     assertThat(registry.asFactory().getDefaultScheme()).isEqualTo("dns");
   }
 
   @Test
   public void newNameResolver_noProvider() {
     NameResolver.Factory factory = new NameResolverRegistry().asFactory();
-    assertThat(factory.newNameResolver(uri, args)).isNull();
+    assertThat(factory.newNameResolver(javaNetUri, args)).isNull();
+    assertThat(factory.newNameResolver(ioGrpcUri, args)).isNull();
     assertThat(factory.getDefaultScheme()).isEqualTo("unknown");
   }
 
@@ -261,9 +318,31 @@ public NameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
       throw new UnsupportedOperationException();
     }
 
+    @Override
+    public NameResolver newNameResolver(Uri targetUri, NameResolver.Args args) {
+      throw new UnsupportedOperationException();
+    }
+
     @Override
     public String getDefaultScheme() {
       return scheme == null ? "scheme" + getClass().getSimpleName() : scheme;
     }
   }
+
+  private static class DummyNameResolver extends NameResolver {
+    @Override
+    public String getServiceAuthority() {
+      throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void start(Listener2 listener) {
+      throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void shutdown() {
+      throw new UnsupportedOperationException();
+    }
+  }
 }

From 76a631bcf772288f95050adfae3d890ba9ecca1a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 8 Oct 2025 11:02:49 -0700
Subject: [PATCH 520/591] api: Remove unused ServiceProviders.load()

load() unused since c8a94d105 in 2020.
---
 .../io/grpc/InternalServiceProviders.java     | 11 -------
 .../main/java/io/grpc/ServiceProviders.java   | 17 ----------
 .../java/io/grpc/ServiceProvidersTest.java    | 32 ++++++++++++-------
 3 files changed, 20 insertions(+), 40 deletions(-)

diff --git a/api/src/main/java/io/grpc/InternalServiceProviders.java b/api/src/main/java/io/grpc/InternalServiceProviders.java
index c72e01db67a..9207f6f741c 100644
--- a/api/src/main/java/io/grpc/InternalServiceProviders.java
+++ b/api/src/main/java/io/grpc/InternalServiceProviders.java
@@ -24,17 +24,6 @@ public final class InternalServiceProviders {
   private InternalServiceProviders() {
   }
 
-  /**
-   * Accessor for method.
-   */
-  public static <T> T load(
-      Class<T> klass,
-      Iterable<Class<?>> hardcoded,
-      ClassLoader classLoader,
-      PriorityAccessor<T> priorityAccessor) {
-    return ServiceProviders.load(klass, hardcoded, classLoader, priorityAccessor);
-  }
-
   /**
    * Accessor for method.
    */
diff --git a/api/src/main/java/io/grpc/ServiceProviders.java b/api/src/main/java/io/grpc/ServiceProviders.java
index ac4b27d8783..c7a118ba042 100644
--- a/api/src/main/java/io/grpc/ServiceProviders.java
+++ b/api/src/main/java/io/grpc/ServiceProviders.java
@@ -29,23 +29,6 @@ private ServiceProviders() {
     // do not instantiate
   }
 
-  /**
-   * If this is not Android, returns the highest priority implementation of the class via
-   * {@link ServiceLoader}.
-   * If this is Android, returns an instance of the highest priority class in {@code hardcoded}.
-   */
-  public static <T> T load(
-      Class<T> klass,
-      Iterable<Class<?>> hardcoded,
-      ClassLoader cl,
-      PriorityAccessor<T> priorityAccessor) {
-    List<T> candidates = loadAll(klass, hardcoded, cl, priorityAccessor);
-    if (candidates.isEmpty()) {
-      return null;
-    }
-    return candidates.get(0);
-  }
-
   /**
    * If this is not Android, returns all available implementations discovered via
    * {@link ServiceLoader}.
diff --git a/api/src/test/java/io/grpc/ServiceProvidersTest.java b/api/src/test/java/io/grpc/ServiceProvidersTest.java
index 7d4388a5bb9..63809351c58 100644
--- a/api/src/test/java/io/grpc/ServiceProvidersTest.java
+++ b/api/src/test/java/io/grpc/ServiceProvidersTest.java
@@ -69,8 +69,7 @@ public void contextClassLoaderProvider() {
       Thread.currentThread().setContextClassLoader(rcll);
       assertEquals(
           Available7Provider.class,
-          ServiceProviders.load(
-              ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
+          load(ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
     } finally {
       Thread.currentThread().setContextClassLoader(ccl);
     }
@@ -85,8 +84,7 @@ public void noProvider() {
           serviceFile,
           "io/grpc/ServiceProvidersTestAbstractProvider-doesNotExist.txt");
       Thread.currentThread().setContextClassLoader(cl);
-      assertNull(ServiceProviders.load(
-          ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR));
+      assertNull(load(ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR));
     } finally {
       Thread.currentThread().setContextClassLoader(ccl);
     }
@@ -98,8 +96,7 @@ public void multipleProvider() throws Exception {
         "io/grpc/ServiceProvidersTestAbstractProvider-multipleProvider.txt");
     assertSame(
         Available7Provider.class,
-        ServiceProviders.load(
-            ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
+        load(ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
 
     List<ServiceProvidersTestAbstractProvider> providers = ServiceProviders.loadAll(
         ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
@@ -116,8 +113,7 @@ public void unavailableProvider() {
         "io/grpc/ServiceProvidersTestAbstractProvider-unavailableProvider.txt");
     assertEquals(
         Available7Provider.class,
-        ServiceProviders.load(
-            ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
+        load(ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
   }
 
   @Test
@@ -125,7 +121,7 @@ public void unknownClassProvider() {
     ClassLoader cl = new ReplacingClassLoader(getClass().getClassLoader(), serviceFile,
         "io/grpc/ServiceProvidersTestAbstractProvider-unknownClassProvider.txt");
     try {
-      ServiceProviders.load(
+      ServiceProviders.loadAll(
           ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
       fail("Exception expected");
     } catch (ServiceConfigurationError e) {
@@ -140,7 +136,7 @@ public void exceptionSurfacedToCaller_failAtInit() {
     try {
       // Even though there is a working provider, if any providers fail then we should fail
       // completely to avoid returning something unexpected.
-      ServiceProviders.load(
+      ServiceProviders.loadAll(
           ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
       fail("Expected exception");
     } catch (ServiceConfigurationError expected) {
@@ -154,7 +150,7 @@ public void exceptionSurfacedToCaller_failAtPriority() {
         "io/grpc/ServiceProvidersTestAbstractProvider-failAtPriorityProvider.txt");
     try {
       // The exception should be surfaced to the caller
-      ServiceProviders.load(
+      ServiceProviders.loadAll(
           ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
       fail("Expected exception");
     } catch (FailAtPriorityProvider.PriorityException expected) {
@@ -168,7 +164,7 @@ public void exceptionSurfacedToCaller_failAtAvailable() {
         "io/grpc/ServiceProvidersTestAbstractProvider-failAtAvailableProvider.txt");
     try {
       // The exception should be surfaced to the caller
-      ServiceProviders.load(
+      ServiceProviders.loadAll(
           ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
       fail("Expected exception");
     } catch (FailAtAvailableProvider.AvailableException expected) {
@@ -244,6 +240,18 @@ class RandomClass {}
     assertFalse(candidates.iterator().hasNext());
   }
 
+  private static <T> T load(
+      Class<T> klass,
+      Iterable<Class<?>> hardcoded,
+      ClassLoader cl,
+      PriorityAccessor<T> priorityAccessor) {
+    List<T> candidates = ServiceProviders.loadAll(klass, hardcoded, cl, priorityAccessor);
+    if (candidates.isEmpty()) {
+      return null;
+    }
+    return candidates.get(0);
+  }
+
   private static class BaseProvider extends ServiceProvidersTestAbstractProvider {
     private final boolean isAvailable;
     private final int priority;

From 9d5842b8133c87e74b9300751710192231485662 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Wed, 21 Jan 2026 11:37:25 +0530
Subject: [PATCH 521/591] compiler: Replace usages of deprecated protobuf
 method `protobuf::compiler::java::ClassName` with
 `protobuf::compiler::java::QualifiedClassName` (#12614)

Fixes #12464.
---
 compiler/src/java_plugin/cpp/java_generator.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/compiler/src/java_plugin/cpp/java_generator.cpp b/compiler/src/java_plugin/cpp/java_generator.cpp
index 659d7ccca47..a81d54791b4 100644
--- a/compiler/src/java_plugin/cpp/java_generator.cpp
+++ b/compiler/src/java_plugin/cpp/java_generator.cpp
@@ -213,7 +213,7 @@ static inline std::string MethodIdFieldName(const MethodDescriptor* method) {
 }
 
 static inline std::string MessageFullJavaName(const Descriptor* desc) {
-  return protobuf::compiler::java::ClassName(desc);
+  return protobuf::compiler::java::QualifiedClassName(desc);
 }
 
 // TODO(nmittler): Remove once protobuf includes javadoc methods in distribution.
@@ -1050,7 +1050,7 @@ static void PrintGetServiceDescriptorMethod(const ServiceDescriptor* service,
     (*vars)["proto_base_descriptor_supplier"] = service_name + "BaseDescriptorSupplier";
     (*vars)["proto_file_descriptor_supplier"] = service_name + "FileDescriptorSupplier";
     (*vars)["proto_method_descriptor_supplier"] = service_name + "MethodDescriptorSupplier";
-    (*vars)["proto_class_name"] = protobuf::compiler::java::ClassName(service->file());
+    (*vars)["proto_class_name"] = protobuf::compiler::java::QualifiedClassName(service->file());
     p->Print(
         *vars,
         "private static abstract class $proto_base_descriptor_supplier$\n"
@@ -1384,7 +1384,7 @@ void GenerateService(const ServiceDescriptor* service,
 }
 
 std::string ServiceJavaPackage(const FileDescriptor* file) {
-  std::string result = protobuf::compiler::java::ClassName(file);
+  std::string result = protobuf::compiler::java::QualifiedClassName(file);
   size_t last_dot_pos = result.find_last_of('.');
   if (last_dot_pos != std::string::npos) {
     result.resize(last_dot_pos);

From 34dd29042a24bb1a0a5ef2e0d43c6d6aab40a4db Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 23 Jan 2026 12:46:50 -0800
Subject: [PATCH 522/591] core: Add pick_first weighted shuffle

The prior uniform shuffle in pick_first will send uniform load across
clients. When endpoints have weights, we'd desire for endpoints to be
selected proportionally to their weight.

The server weight attribute has to move out of xDS to be seen by
pick-first, but it is kept as internal for now. Since xDS is the only
thing that sets weights, the behavior change is only visible to xDS.

See gRFC A113
---
 .../java/io/grpc/EquivalentAddressGroup.java  |   9 +
 .../grpc/InternalEquivalentAddressGroup.java  |  29 +++
 .../internal/PickFirstLeafLoadBalancer.java   |  50 ++++-
 .../grpc/internal/PickFirstLoadBalancer.java  |   7 +-
 .../PickFirstLeafLoadBalancerTest.java        | 146 +++++++++++-
 .../internal/PickFirstLoadBalancerTest.java   | 207 ++++++++++++++++++
 .../main/java/io/grpc/xds/XdsAttributes.java  |   4 +-
 7 files changed, 435 insertions(+), 17 deletions(-)
 create mode 100644 api/src/main/java/io/grpc/InternalEquivalentAddressGroup.java

diff --git a/api/src/main/java/io/grpc/EquivalentAddressGroup.java b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
index bf8a864902c..d40e47c16f6 100644
--- a/api/src/main/java/io/grpc/EquivalentAddressGroup.java
+++ b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
@@ -55,6 +55,15 @@ public final class EquivalentAddressGroup {
    */
   public static final Attributes.Key<String> ATTR_LOCALITY_NAME =
       Attributes.Key.create("io.grpc.EquivalentAddressGroup.LOCALITY");
+  /**
+   * Endpoint weight for load balancing purposes. While the type is Long, it must be a valid uint32.
+   * Must not be zero. The weight is proportional to the other endpoints; if an endpoint's weight is
+   * twice that of another endpoint, it is intended to receive twice the load.
+   */
+  @Attr
+  static final Attributes.Key<Long> ATTR_WEIGHT =
+      Attributes.Key.create("io.grpc.EquivalentAddressGroup.ATTR_WEIGHT");
+
   private final List<SocketAddress> addrs;
   private final Attributes attrs;
 
diff --git a/api/src/main/java/io/grpc/InternalEquivalentAddressGroup.java b/api/src/main/java/io/grpc/InternalEquivalentAddressGroup.java
new file mode 100644
index 00000000000..d4bed4d81bc
--- /dev/null
+++ b/api/src/main/java/io/grpc/InternalEquivalentAddressGroup.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+@Internal
+public final class InternalEquivalentAddressGroup {
+  private InternalEquivalentAddressGroup() {}
+
+  /**
+   * Endpoint weight for load balancing purposes. While the type is Long, it must be a valid uint32.
+   * Must not be zero. The weight is proportional to the other endpoints; if an endpoint's weight is
+   * twice that of another endpoint, it is intended to receive twice the load.
+   */
+  public static final Attributes.Key<Long> ATTR_WEIGHT = EquivalentAddressGroup.ATTR_WEIGHT;
+}
diff --git a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
index 935214a94fd..cd9ff9ab58c 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
@@ -26,10 +26,12 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Lists;
+import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.ConnectivityState;
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.EquivalentAddressGroup;
+import io.grpc.InternalEquivalentAddressGroup;
 import io.grpc.LoadBalancer;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext.ScheduledHandle;
@@ -61,6 +63,8 @@ final class PickFirstLeafLoadBalancer extends LoadBalancer {
   static final int CONNECTION_DELAY_INTERVAL_MS = 250;
   private final boolean enableHappyEyeballs = !isSerializingRetries()
       && PickFirstLoadBalancerProvider.isEnabledHappyEyeballs();
+  static boolean weightedShuffling =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING", true);
   private final Helper helper;
   private final Map<SocketAddress, SubchannelData> subchannels = new HashMap<>();
   private final Index addressIndex = new Index(ImmutableList.of(), this.enableHappyEyeballs);
@@ -128,13 +132,13 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       PickFirstLeafLoadBalancerConfig config
           = (PickFirstLeafLoadBalancerConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
       if (config.shuffleAddressList != null && config.shuffleAddressList) {
-        Collections.shuffle(cleanServers,
-            config.randomSeed != null ? new Random(config.randomSeed) : new Random());
+        cleanServers = shuffle(
+            cleanServers, config.randomSeed != null ? new Random(config.randomSeed) : new Random());
       }
     }
 
     final ImmutableList<EquivalentAddressGroup> newImmutableAddressGroups =
-        ImmutableList.<EquivalentAddressGroup>builder().addAll(cleanServers).build();
+        ImmutableList.copyOf(cleanServers);
 
     if (rawConnectivityState == READY
         || (rawConnectivityState == CONNECTING
@@ -224,6 +228,46 @@ private static List<EquivalentAddressGroup> deDupAddresses(List<EquivalentAddres
     return newGroups;
   }
 
+  // Also used by PickFirstLoadBalancer
+  @CheckReturnValue
+  static List<EquivalentAddressGroup> shuffle(List<EquivalentAddressGroup> eags, Random random) {
+    if (weightedShuffling) {
+      List<WeightEntry> weightedEntries = new ArrayList<>(eags.size());
+      for (EquivalentAddressGroup eag : eags) {
+        weightedEntries.add(new WeightEntry(eag, eagToWeight(eag, random)));
+      }
+      Collections.sort(weightedEntries, Collections.reverseOrder() /* descending */);
+      return Lists.transform(weightedEntries, entry -> entry.eag);
+    } else {
+      List<EquivalentAddressGroup> eagsCopy = new ArrayList<>(eags);
+      Collections.shuffle(eagsCopy, random);
+      return eagsCopy;
+    }
+  }
+
+  private static double eagToWeight(EquivalentAddressGroup eag, Random random) {
+    Long weight = eag.getAttributes().get(InternalEquivalentAddressGroup.ATTR_WEIGHT);
+    if (weight == null) {
+      weight = 1L;
+    }
+    return Math.pow(random.nextDouble(), 1.0 / weight);
+  }
+
+  private static final class WeightEntry implements Comparable<WeightEntry> {
+    final EquivalentAddressGroup eag;
+    final double weight;
+
+    public WeightEntry(EquivalentAddressGroup eag, double weight) {
+      this.eag = eag;
+      this.weight = weight;
+    }
+
+    @Override
+    public int compareTo(WeightEntry entry) {
+      return Double.compare(this.weight, entry.weight);
+    }
+  }
+
   @Override
   public void handleNameResolutionError(Status error) {
     if (rawConnectivityState == SHUTDOWN) {
diff --git a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
index aa8b5a7e9a9..cf4b4c94e04 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLoadBalancer.java
@@ -27,8 +27,6 @@
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.LoadBalancer;
 import io.grpc.Status;
-import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 import java.util.Random;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -65,9 +63,8 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       PickFirstLoadBalancerConfig config
           = (PickFirstLoadBalancerConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
       if (config.shuffleAddressList != null && config.shuffleAddressList) {
-        servers = new ArrayList<EquivalentAddressGroup>(servers);
-        Collections.shuffle(servers,
-            config.randomSeed != null ? new Random(config.randomSeed) : new Random());
+        servers = PickFirstLeafLoadBalancer.shuffle(
+            servers, config.randomSeed != null ? new Random(config.randomSeed) : new Random());
       }
     }
 
diff --git a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
index 8b09fce2aa2..cb73d17d682 100644
--- a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
+++ b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
@@ -23,6 +23,7 @@
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.SHUTDOWN;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
+import static io.grpc.InternalEquivalentAddressGroup.ATTR_WEIGHT;
 import static io.grpc.LoadBalancer.HAS_HEALTH_PRODUCER_LISTENER_KEY;
 import static io.grpc.LoadBalancer.HEALTH_CONSUMER_LISTENER_ARG_KEY;
 import static io.grpc.LoadBalancer.IS_PETIOLE_POLICY;
@@ -70,10 +71,13 @@
 import io.grpc.internal.PickFirstLeafLoadBalancer.PickFirstLeafLoadBalancerConfig;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
+import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Queue;
+import java.util.Random;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import org.junit.After;
@@ -149,6 +153,7 @@ public void uncaughtException(Thread t, Throwable e) {
 
   private String originalHappyEyeballsEnabledValue;
   private String originalSerializeRetriesValue;
+  private boolean originalWeightedShuffling;
 
   private long backoffMillis;
 
@@ -165,6 +170,8 @@ public void setUp() {
     System.setProperty(PickFirstLoadBalancerProvider.GRPC_PF_USE_HAPPY_EYEBALLS,
         Boolean.toString(enableHappyEyeballs));
 
+    originalWeightedShuffling = PickFirstLeafLoadBalancer.weightedShuffling;
+
     for (int i = 1; i <= 5; i++) {
       SocketAddress addr = new FakeSocketAddress("server" + i);
       servers.add(new EquivalentAddressGroup(addr));
@@ -207,6 +214,7 @@ public void tearDown() {
       System.setProperty(PickFirstLoadBalancerProvider.GRPC_PF_USE_HAPPY_EYEBALLS,
           originalHappyEyeballsEnabledValue);
     }
+    PickFirstLeafLoadBalancer.weightedShuffling = originalWeightedShuffling;
 
     loadBalancer.shutdown();
     verifyNoMoreInteractions(mockArgs);
@@ -242,6 +250,12 @@ public void pickAfterResolved() {
     verifyNoMoreInteractions(mockHelper);
   }
 
+  @Test
+  public void pickAfterResolved_shuffle_oppositeWeightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = !PickFirstLeafLoadBalancer.weightedShuffling;
+    pickAfterResolved_shuffle();
+  }
+
   @Test
   public void pickAfterResolved_shuffle() {
     servers.remove(4);
@@ -305,6 +319,103 @@ public void pickAfterResolved_noShuffle() {
     assertNotNull(pickerCaptor.getValue().pickSubchannel(mockArgs));
   }
 
+  @Test
+  public void pickAfterResolved_shuffleImplicitUniform_oppositeWeightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = !PickFirstLeafLoadBalancer.weightedShuffling;
+    pickAfterResolved_shuffleImplicitUniform();
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleImplicitUniform() {
+    EquivalentAddressGroup eag1 = new EquivalentAddressGroup(new FakeSocketAddress("server1"));
+    EquivalentAddressGroup eag2 = new EquivalentAddressGroup(new FakeSocketAddress("server2"));
+    EquivalentAddressGroup eag3 = new EquivalentAddressGroup(new FakeSocketAddress("server3"));
+
+    int[] counts = countAddressSelections(99, Arrays.asList(eag1, eag2, eag3));
+    assertThat(counts[0]).isWithin(7).of(33);
+    assertThat(counts[1]).isWithin(7).of(33);
+    assertThat(counts[2]).isWithin(7).of(33);
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleExplicitUniform_oppositeWeightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = !PickFirstLeafLoadBalancer.weightedShuffling;
+    pickAfterResolved_shuffleExplicitUniform();
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleExplicitUniform() {
+    EquivalentAddressGroup eag1 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server1"), Attributes.newBuilder().set(ATTR_WEIGHT, 111L).build());
+    EquivalentAddressGroup eag2 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server2"), Attributes.newBuilder().set(ATTR_WEIGHT, 111L).build());
+    EquivalentAddressGroup eag3 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server3"), Attributes.newBuilder().set(ATTR_WEIGHT, 111L).build());
+
+    int[] counts = countAddressSelections(99, Arrays.asList(eag1, eag2, eag3));
+    assertThat(counts[0]).isWithin(7).of(33);
+    assertThat(counts[1]).isWithin(7).of(33);
+    assertThat(counts[2]).isWithin(7).of(33);
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleWeighted_noWeightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = false;
+    EquivalentAddressGroup eag1 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server1"), Attributes.newBuilder().set(ATTR_WEIGHT, 12L).build());
+    EquivalentAddressGroup eag2 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server2"), Attributes.newBuilder().set(ATTR_WEIGHT, 3L).build());
+    EquivalentAddressGroup eag3 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server3"), Attributes.newBuilder().set(ATTR_WEIGHT, 1L).build());
+
+    int[] counts = countAddressSelections(100, Arrays.asList(eag1, eag2, eag3));
+    assertThat(counts[0]).isWithin(7).of(33);
+    assertThat(counts[1]).isWithin(7).of(33);
+    assertThat(counts[2]).isWithin(7).of(33);
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleWeighted_weightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = true;
+    EquivalentAddressGroup eag1 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server1"), Attributes.newBuilder().set(ATTR_WEIGHT, 12L).build());
+    EquivalentAddressGroup eag2 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server2"), Attributes.newBuilder().set(ATTR_WEIGHT, 3L).build());
+    EquivalentAddressGroup eag3 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server3"), Attributes.newBuilder().set(ATTR_WEIGHT, 1L).build());
+
+    int[] counts = countAddressSelections(100, Arrays.asList(eag1, eag2, eag3));
+    assertThat(counts[0]).isWithin(7).of(75); // 100*12/16
+    assertThat(counts[1]).isWithin(7).of(19); // 100*3/16
+    assertThat(counts[2]).isWithin(7).of(6); // 100*1/16
+  }
+
+  /** Returns int[index_of_eag] array with number of times each eag was selected. */
+  private int[] countAddressSelections(int trials, List<EquivalentAddressGroup> eags) {
+    int[] counts = new int[eags.size()];
+    Random random = new Random(1);
+    for (int i = 0; i < trials; i++) {
+      RecordingHelper helper = new RecordingHelper();
+      LoadBalancer lb = new PickFirstLeafLoadBalancer(helper);
+      assertThat(lb.acceptResolvedAddresses(ResolvedAddresses.newBuilder()
+            .setAddresses(eags)
+            .setAttributes(affinity)
+            .setLoadBalancingPolicyConfig(
+                new PickFirstLeafLoadBalancerConfig(true, random.nextLong()))
+            .build()))
+          .isSameInstanceAs(Status.OK);
+      helper.subchannels.remove().listener.onSubchannelState(
+          ConnectivityStateInfo.forNonError(READY));
+
+      assertThat(helper.state).isEqualTo(READY);
+      Subchannel subchannel = helper.picker.pickSubchannel(mockArgs).getSubchannel();
+      counts[eags.indexOf(subchannel.getAddresses())]++;
+
+      lb.shutdown();
+    }
+    return counts;
+  }
+
   @Test
   public void requestConnectionPicker() {
     // Set up
@@ -2945,13 +3056,7 @@ public String toString() {
     }
   }
 
-  private class MockHelperImpl extends LoadBalancer.Helper {
-    private final List<Subchannel> subchannels;
-
-    public MockHelperImpl(List<? extends Subchannel> subchannels) {
-      this.subchannels = new ArrayList<Subchannel>(subchannels);
-    }
-
+  private class BaseHelper extends LoadBalancer.Helper {
     @Override
     public ManagedChannel createOobChannel(EquivalentAddressGroup eag, String authority) {
       return null;
@@ -2981,6 +3086,14 @@ public ScheduledExecutorService getScheduledExecutorService() {
     public void refreshNameResolution() {
       // noop
     }
+  }
+
+  private class MockHelperImpl extends BaseHelper {
+    private final List<Subchannel> subchannels;
+
+    public MockHelperImpl(List<? extends Subchannel> subchannels) {
+      this.subchannels = new ArrayList<Subchannel>(subchannels);
+    }
 
     @Override
     public Subchannel createSubchannel(CreateSubchannelArgs args) {
@@ -2997,4 +3110,23 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
       throw new IllegalArgumentException("Unexpected addresses: " + args.getAddresses());
     }
   }
+
+  class RecordingHelper extends BaseHelper {
+    ConnectivityState state;
+    SubchannelPicker picker;
+    final Queue<FakeSubchannel> subchannels = new ArrayDeque<>();
+
+    @Override
+    public void updateBalancingState(ConnectivityState newState, SubchannelPicker newPicker) {
+      this.state = newState;
+      this.picker = newPicker;
+    }
+
+    @Override
+    public Subchannel createSubchannel(CreateSubchannelArgs args) {
+      FakeSubchannel subchannel = new FakeSubchannel(args.getAddresses(), args.getAttributes());
+      subchannels.add(subchannel);
+      return subchannel;
+    }
+  }
 }
diff --git a/core/src/test/java/io/grpc/internal/PickFirstLoadBalancerTest.java b/core/src/test/java/io/grpc/internal/PickFirstLoadBalancerTest.java
index 819293e070b..1e130423a45 100644
--- a/core/src/test/java/io/grpc/internal/PickFirstLoadBalancerTest.java
+++ b/core/src/test/java/io/grpc/internal/PickFirstLoadBalancerTest.java
@@ -21,6 +21,7 @@
 import static io.grpc.ConnectivityState.IDLE;
 import static io.grpc.ConnectivityState.READY;
 import static io.grpc.ConnectivityState.TRANSIENT_FAILURE;
+import static io.grpc.InternalEquivalentAddressGroup.ATTR_WEIGHT;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
@@ -49,12 +50,18 @@
 import io.grpc.LoadBalancer.Subchannel;
 import io.grpc.LoadBalancer.SubchannelPicker;
 import io.grpc.LoadBalancer.SubchannelStateListener;
+import io.grpc.ManagedChannel;
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
 import io.grpc.internal.PickFirstLoadBalancer.PickFirstLoadBalancerConfig;
 import java.net.SocketAddress;
+import java.util.ArrayDeque;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
+import java.util.Queue;
+import java.util.Random;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -103,8 +110,12 @@ public void uncaughtException(Thread t, Throwable e) {
   @Mock // This LoadBalancer doesn't use any of the arg fields, as verified in tearDown().
   private PickSubchannelArgs mockArgs;
 
+  private boolean originalWeightedShuffling;
+
   @Before
   public void setUp() {
+    originalWeightedShuffling = PickFirstLeafLoadBalancer.weightedShuffling;
+
     for (int i = 0; i < 3; i++) {
       SocketAddress addr = new FakeSocketAddress("server" + i);
       servers.add(new EquivalentAddressGroup(addr));
@@ -120,6 +131,7 @@ public void setUp() {
 
   @After
   public void tearDown() throws Exception {
+    PickFirstLeafLoadBalancer.weightedShuffling = originalWeightedShuffling;
     verifyNoMoreInteractions(mockArgs);
   }
 
@@ -141,6 +153,12 @@ public void pickAfterResolved() throws Exception {
     verifyNoMoreInteractions(mockHelper);
   }
 
+  @Test
+  public void pickAfterResolved_shuffle_oppositeWeightedShuffling() throws Exception {
+    PickFirstLeafLoadBalancer.weightedShuffling = !PickFirstLeafLoadBalancer.weightedShuffling;
+    pickAfterResolved_shuffle();
+  }
+
   @Test
   public void pickAfterResolved_shuffle() throws Exception {
     loadBalancer.acceptResolvedAddresses(
@@ -184,6 +202,103 @@ public void pickAfterResolved_noShuffle() throws Exception {
     verifyNoMoreInteractions(mockHelper);
   }
 
+  @Test
+  public void pickAfterResolved_shuffleImplicitUniform_oppositeWeightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = !PickFirstLeafLoadBalancer.weightedShuffling;
+    pickAfterResolved_shuffleImplicitUniform();
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleImplicitUniform() {
+    EquivalentAddressGroup eag1 = new EquivalentAddressGroup(new FakeSocketAddress("server1"));
+    EquivalentAddressGroup eag2 = new EquivalentAddressGroup(new FakeSocketAddress("server2"));
+    EquivalentAddressGroup eag3 = new EquivalentAddressGroup(new FakeSocketAddress("server3"));
+
+    int[] counts = countAddressSelections(99, Arrays.asList(eag1, eag2, eag3));
+    assertThat(counts[0]).isWithin(7).of(33);
+    assertThat(counts[1]).isWithin(7).of(33);
+    assertThat(counts[2]).isWithin(7).of(33);
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleExplicitUniform_oppositeWeightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = !PickFirstLeafLoadBalancer.weightedShuffling;
+    pickAfterResolved_shuffleExplicitUniform();
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleExplicitUniform() {
+    EquivalentAddressGroup eag1 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server1"), Attributes.newBuilder().set(ATTR_WEIGHT, 111L).build());
+    EquivalentAddressGroup eag2 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server2"), Attributes.newBuilder().set(ATTR_WEIGHT, 111L).build());
+    EquivalentAddressGroup eag3 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server3"), Attributes.newBuilder().set(ATTR_WEIGHT, 111L).build());
+
+    int[] counts = countAddressSelections(99, Arrays.asList(eag1, eag2, eag3));
+    assertThat(counts[0]).isWithin(7).of(33);
+    assertThat(counts[1]).isWithin(7).of(33);
+    assertThat(counts[2]).isWithin(7).of(33);
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleWeighted_noWeightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = false;
+    EquivalentAddressGroup eag1 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server1"), Attributes.newBuilder().set(ATTR_WEIGHT, 12L).build());
+    EquivalentAddressGroup eag2 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server2"), Attributes.newBuilder().set(ATTR_WEIGHT, 3L).build());
+    EquivalentAddressGroup eag3 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server3"), Attributes.newBuilder().set(ATTR_WEIGHT, 1L).build());
+
+    int[] counts = countAddressSelections(100, Arrays.asList(eag1, eag2, eag3));
+    assertThat(counts[0]).isWithin(7).of(33);
+    assertThat(counts[1]).isWithin(7).of(33);
+    assertThat(counts[2]).isWithin(7).of(33);
+  }
+
+  @Test
+  public void pickAfterResolved_shuffleWeighted_weightedShuffling() {
+    PickFirstLeafLoadBalancer.weightedShuffling = true;
+    EquivalentAddressGroup eag1 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server1"), Attributes.newBuilder().set(ATTR_WEIGHT, 12L).build());
+    EquivalentAddressGroup eag2 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server2"), Attributes.newBuilder().set(ATTR_WEIGHT, 3L).build());
+    EquivalentAddressGroup eag3 = new EquivalentAddressGroup(
+        new FakeSocketAddress("server3"), Attributes.newBuilder().set(ATTR_WEIGHT, 1L).build());
+
+    int[] counts = countAddressSelections(100, Arrays.asList(eag1, eag2, eag3));
+    assertThat(counts[0]).isWithin(7).of(75); // 100*12/16
+    assertThat(counts[1]).isWithin(7).of(19); // 100*3/16
+    assertThat(counts[2]).isWithin(7).of(6); // 100*1/16
+  }
+
+  /** Returns int[index_of_eag] array with number of times each eag was selected. */
+  private int[] countAddressSelections(int trials, List<EquivalentAddressGroup> eags) {
+    int[] counts = new int[eags.size()];
+    Random random = new Random(1);
+    for (int i = 0; i < trials; i++) {
+      RecordingHelper helper = new RecordingHelper();
+      PickFirstLoadBalancer lb = new PickFirstLoadBalancer(helper);
+      assertThat(lb.acceptResolvedAddresses(ResolvedAddresses.newBuilder()
+            .setAddresses(eags)
+            .setAttributes(affinity)
+            .setLoadBalancingPolicyConfig(
+                new PickFirstLoadBalancerConfig(true, random.nextLong()))
+            .build()))
+          .isSameInstanceAs(Status.OK);
+      helper.subchannels.remove().listener.onSubchannelState(
+          ConnectivityStateInfo.forNonError(READY));
+
+      assertThat(helper.state).isEqualTo(READY);
+      Subchannel subchannel = helper.picker.pickSubchannel(mockArgs).getSubchannel();
+      counts[eags.indexOf(subchannel.getAllAddresses().get(0))]++;
+
+      lb.shutdown();
+    }
+    return counts;
+  }
+
   @Test
   public void requestConnectionPicker() throws Exception {
     loadBalancer.acceptResolvedAddresses(
@@ -486,4 +601,96 @@ public String toString() {
       return "FakeSocketAddress-" + name;
     }
   }
+
+  private static class FakeSubchannel extends Subchannel {
+    private final Attributes attributes;
+    private List<EquivalentAddressGroup> eags;
+    private SubchannelStateListener listener;
+
+    public FakeSubchannel(List<EquivalentAddressGroup> eags, Attributes attributes) {
+      this.eags = Collections.unmodifiableList(eags);
+      this.attributes = attributes;
+    }
+
+    @Override
+    public List<EquivalentAddressGroup> getAllAddresses() {
+      return eags;
+    }
+
+    @Override
+    public Attributes getAttributes() {
+      return attributes;
+    }
+
+    @Override
+    public void start(SubchannelStateListener listener) {
+      this.listener = listener;
+    }
+
+    @Override
+    public void updateAddresses(List<EquivalentAddressGroup> addrs) {
+      this.eags = Collections.unmodifiableList(addrs);
+    }
+
+    @Override
+    public void shutdown() {
+      listener.onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.SHUTDOWN));
+    }
+
+    @Override
+    public void requestConnection() {
+    }
+
+    @Override
+    public String toString() {
+      return "FakeSubchannel@" + hashCode() + "(" + eags + ")";
+    }
+  }
+
+  private class BaseHelper extends Helper {
+    @Override
+    public ManagedChannel createOobChannel(EquivalentAddressGroup eag, String authority) {
+      return null;
+    }
+
+    @Override
+    public String getAuthority() {
+      return null;
+    }
+
+    @Override
+    public void updateBalancingState(ConnectivityState newState, SubchannelPicker newPicker) {
+      // ignore
+    }
+
+    @Override
+    public SynchronizationContext getSynchronizationContext() {
+      return syncContext;
+    }
+
+    @Override
+    public void refreshNameResolution() {
+      // noop
+    }
+  }
+
+  class RecordingHelper extends BaseHelper {
+    ConnectivityState state;
+    SubchannelPicker picker;
+    final Queue<FakeSubchannel> subchannels = new ArrayDeque<>();
+
+    @Override
+    public void updateBalancingState(ConnectivityState newState, SubchannelPicker newPicker) {
+      this.state = newState;
+      this.picker = newPicker;
+    }
+
+    @Override
+    public Subchannel createSubchannel(CreateSubchannelArgs args) {
+      FakeSubchannel subchannel = new FakeSubchannel(args.getAddresses(), args.getAttributes());
+      subchannels.add(subchannel);
+      return subchannel;
+    }
+  }
+
 }
diff --git a/xds/src/main/java/io/grpc/xds/XdsAttributes.java b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
index 5647b25e418..d3fe8d4619c 100644
--- a/xds/src/main/java/io/grpc/xds/XdsAttributes.java
+++ b/xds/src/main/java/io/grpc/xds/XdsAttributes.java
@@ -19,6 +19,7 @@
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.Grpc;
+import io.grpc.InternalEquivalentAddressGroup;
 import io.grpc.NameResolver;
 import io.grpc.xds.XdsNameResolverProvider.CallCounterProvider;
 import io.grpc.xds.client.Locality;
@@ -84,8 +85,7 @@ final class XdsAttributes {
    * Endpoint weight for load balancing purposes.
    */
   @EquivalentAddressGroup.Attr
-  static final Attributes.Key<Long> ATTR_SERVER_WEIGHT =
-      Attributes.Key.create("io.grpc.xds.XdsAttributes.serverWeight");
+  static final Attributes.Key<Long> ATTR_SERVER_WEIGHT = InternalEquivalentAddressGroup.ATTR_WEIGHT;
 
   /**
    * Filter chain match for network filters.

From 02cb1deb8e5c7ef4339cd124a643c6d5f205e9b4 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 23 Jan 2026 12:50:09 -0800
Subject: [PATCH 523/591] xds: Normalize weights before combining endpoint and
 locality weights

Previously, the number of endpoints in a locality would skew how much
traffic was sent to that locality. Also, if endpoints in localities had
wildly different weights, that would impact cross-locality weighting.

For example, consider:
  LocalityA weight=1 endpointWeights=[100, 100, 100, 100]
  LocalityB weight=1 endpointWeights=[1]

The endpoint in LocalityB should have an endpoint weight that is half
the total sum of endpoint weights, in order to receive half the traffic.
But the multiple endpoints in LocalityA would cause it to get 4x the
traffic and the endpoint weights in LocalityA causes them to get 100x
the traffic.

See gRFC A113
---
 .../java/io/grpc/xds/CdsLoadBalancer2.java    | 75 ++++++++++++++++++-
 xds/src/main/java/io/grpc/xds/Endpoints.java  |  5 +-
 .../xds/ClusterResolverLoadBalancerTest.java  | 18 ++++-
 3 files changed, 91 insertions(+), 7 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
index 67c5626aff5..5a59b47c529 100644
--- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
+++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer2.java
@@ -22,6 +22,7 @@
 import static io.grpc.xds.XdsLbPolicies.PRIORITY_POLICY_NAME;
 
 import com.google.common.collect.ImmutableMap;
+import com.google.common.primitives.UnsignedInts;
 import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
@@ -33,6 +34,7 @@
 import io.grpc.NameResolver;
 import io.grpc.Status;
 import io.grpc.StatusOr;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.util.GracefulSwitchLoadBalancer;
 import io.grpc.util.OutlierDetectionLoadBalancer.OutlierDetectionLoadBalancerConfig;
 import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
@@ -74,6 +76,9 @@
  * by a group of sub-clusters in a tree hierarchy.
  */
 final class CdsLoadBalancer2 extends LoadBalancer {
+  static boolean pickFirstWeightedShuffling =
+      GrpcUtil.getFlag("GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING", true);
+
   private final XdsLogger logger;
   private final Helper helper;
   private final LoadBalancerRegistry lbRegistry;
@@ -222,6 +227,26 @@ private String errorPrefix() {
     return "CdsLb for " + clusterName + ": ";
   }
 
+  /**
+   * The number of bits assigned to the fractional part of fixed-point values. We normalize weights
+   * to a fixed-point number between 0 and 1, representing that item's proportion of traffic (1 ==
+   * 100% of traffic). We reserve at least one bit for the whole number so that we don't need to
+   * special case a single item, and so that we can round up very low values without risking uint32
+   * overflow of the sum of weights.
+   */
+  private static final int FIXED_POINT_FRACTIONAL_BITS = 31;
+
+  /** Divide two uint32s and produce a fixed-point uint32 result. */
+  private static long fractionToFixedPoint(long numerator, long denominator) {
+    long one = 1L << FIXED_POINT_FRACTIONAL_BITS;
+    return numerator * one / denominator;
+  }
+
+  /** Multiply two uint32 fixed-point numbers, returning a uint32 fixed-point. */
+  private static long fixedPointMultiply(long a, long b) {
+    return (a * b) >> FIXED_POINT_FRACTIONAL_BITS;
+  }
+
   private static StatusOr<EdsUpdate> getEdsUpdate(XdsConfig xdsConfig, String cluster) {
     StatusOr<XdsClusterConfig> clusterConfig = xdsConfig.getClusters().get(cluster);
     if (clusterConfig == null) {
@@ -286,17 +311,61 @@ StatusOr<ClusterResolutionResult> edsUpdateToResult(
       Map<String, Map<Locality, Integer>> prioritizedLocalityWeights = new HashMap<>();
       List<String> sortedPriorityNames =
           generatePriorityNames(clusterName, localityLbEndpoints);
+      Map<String, Long> priorityLocalityWeightSums;
+      if (pickFirstWeightedShuffling) {
+        priorityLocalityWeightSums = new HashMap<>(sortedPriorityNames.size() * 2);
+        for (Locality locality : localityLbEndpoints.keySet()) {
+          LocalityLbEndpoints localityLbInfo = localityLbEndpoints.get(locality);
+          String priorityName = localityPriorityNames.get(locality);
+          Long sum = priorityLocalityWeightSums.get(priorityName);
+          if (sum == null) {
+            sum = 0L;
+          }
+          long weight = UnsignedInts.toLong(localityLbInfo.localityWeight());
+          priorityLocalityWeightSums.put(priorityName, sum + weight);
+        }
+      } else {
+        priorityLocalityWeightSums = null;
+      }
+
       for (Locality locality : localityLbEndpoints.keySet()) {
         LocalityLbEndpoints localityLbInfo = localityLbEndpoints.get(locality);
         String priorityName = localityPriorityNames.get(locality);
         boolean discard = true;
+        // These sums _should_ fit in uint32, but XdsEndpointResource isn't actually verifying that
+        // is true today. Since we are using long to avoid signedness trouble, the math happens to
+        // still work if it turns out the sums exceed uint32.
+        long localityWeightSum = 0;
+        long endpointWeightSum = 0;
+        if (pickFirstWeightedShuffling) {
+          localityWeightSum = priorityLocalityWeightSums.get(priorityName);
+          for (LbEndpoint endpoint : localityLbInfo.endpoints()) {
+            if (endpoint.isHealthy()) {
+              endpointWeightSum += UnsignedInts.toLong(endpoint.loadBalancingWeight());
+            }
+          }
+        }
         for (LbEndpoint endpoint : localityLbInfo.endpoints()) {
           if (endpoint.isHealthy()) {
             discard = false;
-            long weight = localityLbInfo.localityWeight();
-            if (endpoint.loadBalancingWeight() != 0) {
-              weight *= endpoint.loadBalancingWeight();
+            long weight;
+            if (pickFirstWeightedShuffling) {
+              // Combine locality and endpoint weights as defined by gRFC A113
+              long localityWeight = fractionToFixedPoint(
+                  UnsignedInts.toLong(localityLbInfo.localityWeight()), localityWeightSum);
+              long endpointWeight = fractionToFixedPoint(
+                  UnsignedInts.toLong(endpoint.loadBalancingWeight()), endpointWeightSum);
+              weight = fixedPointMultiply(localityWeight, endpointWeight);
+              if (weight == 0) {
+                weight = 1;
+              }
+            } else {
+              weight = localityLbInfo.localityWeight();
+              if (endpoint.loadBalancingWeight() != 0) {
+                weight *= endpoint.loadBalancingWeight();
+              }
             }
+
             String localityName = localityName(locality);
             Attributes attr =
                 endpoint.eag().getAttributes().toBuilder()
diff --git a/xds/src/main/java/io/grpc/xds/Endpoints.java b/xds/src/main/java/io/grpc/xds/Endpoints.java
index dcb72f3e90d..558e3932ddc 100644
--- a/xds/src/main/java/io/grpc/xds/Endpoints.java
+++ b/xds/src/main/java/io/grpc/xds/Endpoints.java
@@ -59,7 +59,7 @@ abstract static class LbEndpoint {
     // The endpoint address to be connected to.
     abstract EquivalentAddressGroup eag();
 
-    // Endpoint's weight for load balancing. If unspecified, value of 0 is returned.
+    // Endpoint's weight for load balancing. Guaranteed not to be 0.
     abstract int loadBalancingWeight();
 
     // Whether the endpoint is healthy.
@@ -71,6 +71,9 @@ abstract static class LbEndpoint {
 
     static LbEndpoint create(EquivalentAddressGroup eag, int loadBalancingWeight,
         boolean isHealthy, String hostname, ImmutableMap<String, Object> endpointMetadata) {
+      if (loadBalancingWeight == 0) {
+        loadBalancingWeight = 1;
+      }
       return new AutoValue_Endpoints_LbEndpoint(
           eag, loadBalancingWeight, isHealthy, hostname, endpointMetadata);
     }
diff --git a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
index 5e524f79596..c6e5db08526 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java
@@ -260,6 +260,18 @@ public void tearDown() throws Exception {
     assertThat(fakeClock.getPendingTasks()).isEmpty();
   }
 
+  @Test
+  public void edsClustersWithRingHashEndpointLbPolicy_oppositePickFirstWeightedShuffling()
+      throws Exception {
+    boolean original = CdsLoadBalancer2.pickFirstWeightedShuffling;
+    CdsLoadBalancer2.pickFirstWeightedShuffling = !CdsLoadBalancer2.pickFirstWeightedShuffling;
+    try {
+      edsClustersWithRingHashEndpointLbPolicy();
+    } finally {
+      CdsLoadBalancer2.pickFirstWeightedShuffling = original;
+    }
+  }
+
   @Test
   public void edsClustersWithRingHashEndpointLbPolicy() throws Exception {
     boolean originalVal = LoadStatsManager2.isEnabledOrcaLrsPropagation;
@@ -306,15 +318,15 @@ public void edsClustersWithRingHashEndpointLbPolicy() throws Exception {
     assertThat(addr1.getAddresses())
         .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.0.1", 8080)));
     assertThat(addr1.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT))
-        .isEqualTo(10);
+        .isEqualTo(CdsLoadBalancer2.pickFirstWeightedShuffling ? 0x0AAAAAAA /* 1/12 */ : 10);
     assertThat(addr2.getAddresses())
         .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.0.2", 8080)));
     assertThat(addr2.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT))
-        .isEqualTo(10);
+        .isEqualTo(CdsLoadBalancer2.pickFirstWeightedShuffling ? 0x0AAAAAAA /* 1/12 */ : 10);
     assertThat(addr3.getAddresses())
         .isEqualTo(Arrays.asList(newInetSocketAddress("127.0.1.1", 8080)));
     assertThat(addr3.getAttributes().get(io.grpc.xds.XdsAttributes.ATTR_SERVER_WEIGHT))
-        .isEqualTo(50 * 60);
+        .isEqualTo(CdsLoadBalancer2.pickFirstWeightedShuffling ? 0x6AAAAAAA /* 5/6 */ : 50 * 60);
     assertThat(childBalancer.name).isEqualTo(PRIORITY_POLICY_NAME);
     PriorityLbConfig priorityLbConfig = (PriorityLbConfig) childBalancer.config;
     assertThat(priorityLbConfig.priorities).containsExactly(CLUSTER + "[child1]");

From e636df5759b2fc7fe319ef4b3596527914e3dae7 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 29 Jan 2026 11:36:34 +0530
Subject: [PATCH 524/591] Fix unit tests for name resolver provider returning
 null for the name resolver (#12621)

Fix unit tests that were meant to test the case of a registered provider
for a scheme returning null for the name resolver. The tests were
passing even with no provider registered for the passed Uri scheme.
---
 .../test/java/io/grpc/NameResolverRegistryTest.java    | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/api/src/test/java/io/grpc/NameResolverRegistryTest.java b/api/src/test/java/io/grpc/NameResolverRegistryTest.java
index 8191815477c..76976c3b59b 100644
--- a/api/src/test/java/io/grpc/NameResolverRegistryTest.java
+++ b/api/src/test/java/io/grpc/NameResolverRegistryTest.java
@@ -100,23 +100,23 @@ public void getDefaultScheme_noProvider() {
   public void newNameResolver_providerReturnsNull_ioGrpcUri() {
     NameResolverRegistry registry = new NameResolverRegistry();
     registry.register(
-        new BaseProvider(true, 5, "noScheme") {
+        new BaseProvider(true, 5, ioGrpcUri.getScheme()) {
           @Override
-          public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs) {
+          public NameResolver newNameResolver(Uri passedUri, NameResolver.Args passedArgs) {
             assertThat(passedUri).isSameInstanceAs(ioGrpcUri);
             assertThat(passedArgs).isSameInstanceAs(args);
             return null;
           }
         });
     assertThat(registry.asFactory().newNameResolver(ioGrpcUri, args)).isNull();
-    assertThat(registry.asFactory().getDefaultScheme()).isEqualTo("noScheme");
+    assertThat(registry.asFactory().getDefaultScheme()).isEqualTo(ioGrpcUri.getScheme());
   }
 
   @Test
   public void newNameResolver_providerReturnsNull_javaNetUri() {
     NameResolverRegistry registry = new NameResolverRegistry();
     registry.register(
-        new BaseProvider(true, 5, "noScheme") {
+        new BaseProvider(true, 5, javaNetUri.getScheme()) {
           @Override
           public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs) {
             assertThat(passedUri).isSameInstanceAs(javaNetUri);
@@ -125,7 +125,7 @@ public NameResolver newNameResolver(URI passedUri, NameResolver.Args passedArgs)
           }
         });
     assertThat(registry.asFactory().newNameResolver(javaNetUri, args)).isNull();
-    assertThat(registry.asFactory().getDefaultScheme()).isEqualTo("noScheme");
+    assertThat(registry.asFactory().getDefaultScheme()).isEqualTo(javaNetUri.getScheme());
   }
 
   @Test

From db472c0663063b9357096f39b37a3731b663b16d Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 5 Feb 2026 13:08:23 +0530
Subject: [PATCH 525/591] Update README etc to reference 1.79.0 (#12643)

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 205187b4000..47502009c3f 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.78.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.78.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.79.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.79.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,34 +56,34 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.78.0</version>
+  <version>1.79.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.78.0</version>
+  <version>1.79.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.78.0</version>
+  <version>1.79.0</version>
 </dependency>
 ```
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.78.0'
-implementation 'io.grpc:grpc-protobuf:1.78.0'
-implementation 'io.grpc:grpc-stub:1.78.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.79.0'
+implementation 'io.grpc:grpc-protobuf:1.79.0'
+implementation 'io.grpc:grpc-stub:1.79.0'
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.78.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.78.0'
-implementation 'io.grpc:grpc-stub:1.78.0'
+implementation 'io.grpc:grpc-okhttp:1.79.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.79.0'
+implementation 'io.grpc:grpc-stub:1.79.0'
 ```
 
 For [Bazel](https://bazel.build), you can either
@@ -91,7 +91,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.78.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.79.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://central.sonatype.com/repository/maven-snapshots/).
@@ -123,7 +123,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.8:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.78.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.79.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -153,7 +153,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0'
     }
   }
   generateProtoTasks {
@@ -186,7 +186,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.78.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0'
     }
   }
   generateProtoTasks {

From a5b7192d73c4cf6df65b6229e57850e64456e277 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 5 Feb 2026 20:44:28 +0530
Subject: [PATCH 526/591] rls: verify maxAge is clamped if staleAge is not set
 (#12647)

---
 .../io/grpc/rls/RlsProtoConvertersTest.java   | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java b/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
index ad1ce8c363e..82ad606c50d 100644
--- a/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsProtoConvertersTest.java
@@ -530,6 +530,65 @@ public void convert_jsonRlsConfig_doNotClampMaxAgeIfStaleAgeIsSet() throws IOExc
     assertThat(converted).isEqualTo(expectedConfig);
   }
 
+  @Test
+  public void convert_jsonRlsConfig_clampMaxAgeIfStaleAgeMissing() throws IOException {
+    String jsonStr = "{\n"
+        + "  \"grpcKeybuilders\": [\n"
+        + "    {\n"
+        + "      \"names\": [\n"
+        + "        {\n"
+        + "          \"service\": \"service1\",\n"
+        + "          \"method\": \"create\"\n"
+        + "        }\n"
+        + "      ],\n"
+        + "      \"headers\": [\n"
+        + "        {\n"
+        + "          \"key\": \"user\","
+        + "          \"names\": [\"User\", \"Parent\"],\n"
+        + "          \"optional\": true\n"
+        + "        },\n"
+        + "        {\n"
+        + "          \"key\": \"id\","
+        + "          \"names\": [\"X-Google-Id\"],\n"
+        + "          \"optional\": true\n"
+        + "        }\n"
+        + "      ]\n"
+        + "    }\n"
+        + "  ],\n"
+        + "  \"lookupService\": \"service1\",\n"
+        + "  \"lookupServiceTimeout\": \"2s\",\n"
+        + "  \"maxAge\": \"350s\",\n" // Exceeds 5m limit
+        + "  \"validTargets\": [\"a valid target\"],"
+        + "  \"cacheSizeBytes\": \"1000\",\n"
+        + "  \"defaultTarget\": \"us_east_1.cloudbigtable.googleapis.com\"\n"
+        + "}";
+
+    RouteLookupConfig expectedConfig =
+        RouteLookupConfig.builder()
+            .grpcKeybuilders(ImmutableList.of(
+                GrpcKeyBuilder.create(
+                    ImmutableList.of(Name.create("service1", "create")),
+                    ImmutableList.of(
+                        NameMatcher.create("user", ImmutableList.of("User", "Parent")),
+                        NameMatcher.create("id", ImmutableList.of("X-Google-Id"))),
+                    ExtraKeys.DEFAULT,
+                    ImmutableMap.<String, String>of())))
+            .lookupService("service1")
+            .lookupServiceTimeoutInNanos(TimeUnit.SECONDS.toNanos(2))
+            // Should be clamped to 300s (5m) because staleAge is missing
+            .maxAgeInNanos(TimeUnit.MINUTES.toNanos(5))
+            .staleAgeInNanos(TimeUnit.MINUTES.toNanos(5))
+            .cacheSizeBytes(1000)
+            .defaultTarget("us_east_1.cloudbigtable.googleapis.com")
+            .build();
+
+    RouteLookupConfigConverter converter = new RouteLookupConfigConverter();
+    @SuppressWarnings("unchecked")
+    Map<String, ?> parsedJson = (Map<String, ?>) JsonParser.parse(jsonStr);
+    RouteLookupConfig converted = converter.convert(parsedJson);
+    assertThat(converted).isEqualTo(expectedConfig);
+  }
+
   @Test
   public void convert_jsonRlsConfig_keyBuilderWithoutName() throws IOException {
     String jsonStr = "{\n"

From 1be68159ed635069a70299fb985951744acb7007 Mon Sep 17 00:00:00 2001
From: Stage Growth <sgkim530@naver.com>
Date: Fri, 6 Feb 2026 01:38:44 +0900
Subject: [PATCH 527/591] api: Remove obsolete TODO in
 EquivalentAddressGroup#toString (#12627)

### Background

EquivalentAddressGroup is intended to represent a small set of addresses
for the same endpoint (e.g., IPv4/IPv6). A long-standing TODO in
EquivalentAddressGroup#toString() suggested adding summarization for
very large address lists.

During review, maintainers noted that large address lists within a
single EquivalentAddressGroup are no longer expected in current designs,
and the historical behavior that could create a very large group (e.g.,
by aggregating many groups into one) has been removed. As a result, the
TODO is now obsolete.

### Changes

Remove the obsolete TODO comment in EquivalentAddressGroup#toString().

Add a brief explanatory comment capturing why summarization is no longer
needed.

### Purpose

Avoid leaving stale TODOs that imply work is still required.

Align the codebase with the intended semantics and current behavior of
EquivalentAddressGroup.

### Note

This change is comment-only and does not alter any runtime behavior or
output format.

Fixes https://github.com/grpc/grpc-java/issues/12593

---------
---
 api/src/main/java/io/grpc/EquivalentAddressGroup.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/io/grpc/EquivalentAddressGroup.java b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
index d40e47c16f6..18151e88aba 100644
--- a/api/src/main/java/io/grpc/EquivalentAddressGroup.java
+++ b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
@@ -122,7 +122,9 @@ public Attributes getAttributes() {
 
   @Override
   public String toString() {
-    // TODO(zpencer): Summarize return value if addr is very large
+    // EquivalentAddressGroup is intended to contain a small number of addresses for the same
+    // endpoint(e.g., IPv4/IPv6). Aggregating many groups into a single EquivalentAddressGroup
+    // is no longer done, so this no longer needs summarization.
     return "[" + addrs + "/" + attrs + "]";
   }
 

From 4f2b110994cb537368565e4cc27ea3725d1e2db9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=ED=99=A9=EA=B7=9C=ED=98=81?=
 <126947828+Gyuhyeok99@users.noreply.github.com>
Date: Fri, 6 Feb 2026 03:19:37 +0900
Subject: [PATCH 528/591] s2a: Improve S2AStubTest clarity and performance
 (#12618)

Refactors S2AStubTest to address issues in #12581:
- Rename `send_receiveOkStatus` to test successful responses using
FakeWriter
- Add `send_withUnavailableService_throwsDeadlineExceeded` with 1-second
deadline for timeout testing

- as is

<img width="484" height="351" alt="image2"
src="https://github.com/user-attachments/assets/24320f43-32fe-4305-9daf-29d2570ecaf1"
/>

- to be
<img width="596" height="404" alt="image"
src="https://github.com/user-attachments/assets/6f8b9c4c-ca6c-46ae-8e99-d405a504308e"
/>

Reduces test execution time from 20 seconds to 1 second while clarifying
test intent.
---
 .../grpc/s2a/internal/handshaker/S2AStub.java | 16 ++++++++-
 .../s2a/internal/handshaker/S2AStubTest.java  | 33 ++++++++++++++-----
 2 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
index fe2ec388fe4..37236f26f4b 100644
--- a/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
+++ b/s2a/src/main/java/io/grpc/s2a/internal/handshaker/S2AStub.java
@@ -43,6 +43,7 @@ public class S2AStub implements AutoCloseable {
   private final BlockingQueue<Result> responses = new ArrayBlockingQueue<>(10);
   private S2AServiceGrpc.S2AServiceStub serviceStub;
   private StreamObserver<SessionReq> writer;
+  private long deadlineSeconds = HANDSHAKE_RPC_DEADLINE_SECS;
   private boolean doneReading = false;
   private boolean doneWriting = false;
   private boolean isClosed = false;
@@ -53,6 +54,14 @@ public static S2AStub newInstance(S2AServiceGrpc.S2AServiceStub serviceStub) {
     return new S2AStub(serviceStub);
   }
 
+  @VisibleForTesting
+  static S2AStub newInstanceWithDeadline(
+      S2AServiceGrpc.S2AServiceStub serviceStub, long deadlineSeconds) {
+    checkNotNull(serviceStub);
+    checkArgument(deadlineSeconds > 0);
+    return new S2AStub(serviceStub, deadlineSeconds);
+  }
+
   @VisibleForTesting
   static S2AStub newInstanceForTesting(StreamObserver<SessionReq> writer) {
     checkNotNull(writer);
@@ -63,6 +72,11 @@ private S2AStub(S2AServiceGrpc.S2AServiceStub serviceStub) {
     this.serviceStub = serviceStub;
   }
 
+  private S2AStub(S2AServiceGrpc.S2AServiceStub serviceStub, long deadlineSeconds) {
+    this.serviceStub = serviceStub;
+    this.deadlineSeconds = deadlineSeconds;
+  }
+
   private S2AStub(StreamObserver<SessionReq> writer) {
     this.writer = writer;
   }
@@ -154,7 +168,7 @@ private void createWriterIfNull() {
       writer =
           serviceStub
               .withWaitForReady()
-              .withDeadlineAfter(HANDSHAKE_RPC_DEADLINE_SECS, SECONDS)
+              .withDeadlineAfter(deadlineSeconds, SECONDS)
               .setUpSession(reader);
     }
   }
diff --git a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
index 713984c361d..2c7a7dd8405 100644
--- a/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
+++ b/s2a/src/test/java/io/grpc/s2a/internal/handshaker/S2AStubTest.java
@@ -61,17 +61,17 @@ public void setUp() {
 
   @Test
   public void send_receiveOkStatus() throws Exception {
-    ObjectPool<Channel> channelPool =
-        SharedResourcePool.forResource(
-            S2AHandshakerServiceChannel.getChannelResource(
-                S2A_ADDRESS, InsecureChannelCredentials.create()));
-    S2AServiceGrpc.S2AServiceStub serviceStub = S2AServiceGrpc.newStub(channelPool.getObject());
-    S2AStub newStub = S2AStub.newInstance(serviceStub);
+    SessionReq req =
+        SessionReq.newBuilder()
+            .setGetTlsConfigurationReq(
+                GetTlsConfigurationReq.newBuilder()
+                    .setConnectionSide(ConnectionSide.CONNECTION_SIDE_CLIENT))
+            .build();
 
-    IOException expected =
-        assertThrows(IOException.class, () -> newStub.send(SessionReq.getDefaultInstance()));
+    SessionResp resp = stub.send(req);
 
-    assertThat(expected).hasMessageThat().contains("DEADLINE_EXCEEDED");
+    assertThat(resp.hasGetTlsConfigurationResp()).isTrue();
+    assertThat(resp.getGetTlsConfigurationResp().hasClientTlsConfiguration()).isTrue();
   }
 
   @Test
@@ -233,6 +233,21 @@ public void send_afterEarlyClose_receivesClosedException() throws InterruptedExc
     assertThat(expected).hasMessageThat().contains("Stream to the S2A is closed.");
   }
 
+  @Test
+  public void send_withUnavailableService_throwsDeadlineExceeded() throws Exception {
+    ObjectPool<Channel> channelPool =
+        SharedResourcePool.forResource(
+            S2AHandshakerServiceChannel.getChannelResource(
+                S2A_ADDRESS, InsecureChannelCredentials.create()));
+    S2AServiceGrpc.S2AServiceStub serviceStub = S2AServiceGrpc.newStub(channelPool.getObject());
+    S2AStub newStub = S2AStub.newInstanceWithDeadline(serviceStub, 1);
+
+    IOException expected =
+        assertThrows(IOException.class, () -> newStub.send(SessionReq.getDefaultInstance()));
+
+    assertThat(expected).hasMessageThat().contains("DEADLINE_EXCEEDED");
+  }
+
   @Test
   public void send_failToWrite() throws Exception {
     FailWriter failWriter = new FailWriter();

From ac44e9681da9108856d4ea0f48b332989e34ad6f Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Fri, 6 Feb 2026 19:39:05 +0900
Subject: [PATCH 529/591] xds: Remove isXdsSniEnabled and align SNI logic with
 gRFC A101 (#12625)

## Description
Remove the `isXdsSniEnabled` (GRPC_EXPERIMENTAL_XDS_SNI) guard so that
SNI determination via xDS is always enabled. This aligns the behavior
with
**gRFC A101**, where SNI is determined by xDS configurations such as
`auto_host_sni` or `UpstreamTlsContext.sni`, without relying on an
experimental toggle.

This change does **not** remove the
`GRPC_USE_CHANNEL_AUTHORITY_IF_NO_SNI_APPLICABLE` fallback logic, which
remains unchanged.

## Changes
- Remove the `isXdsSniEnabled` flag and the related conditional logic.
- Remove test cases that specifically covered behavior when the
experimental flag was disabled, since the flag is no longer supported.

Ref #11784
---
 .../security/SecurityProtocolNegotiators.java |  22 +-
 .../security/trust/CertificateUtils.java      |   1 -
 .../security/trust/XdsX509TrustManager.java   |   2 +-
 .../grpc/xds/XdsSecurityClientServerTest.java |   7 -
 .../SecurityProtocolNegotiatorsTest.java      | 286 ++++++++----------
 5 files changed, 128 insertions(+), 190 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
index 37259afa1a9..a93299de11c 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java
@@ -215,23 +215,19 @@ public void handlerAdded(ChannelHandlerContext ctx) throws Exception {
       this.sslContextProviderSupplier = sslContextProviderSupplier;
       EnvoyServerProtoData.BaseTlsContext tlsContext = sslContextProviderSupplier.getTlsContext();
       UpstreamTlsContext upstreamTlsContext = ((UpstreamTlsContext) tlsContext);
-      if (CertificateUtils.isXdsSniEnabled) {
-        String sniToUse = upstreamTlsContext.getAutoHostSni()
-            && !Strings.isNullOrEmpty(endpointHostname)
-            ? endpointHostname : upstreamTlsContext.getSni();
-        if (sniToUse.isEmpty()) {
-          if (CertificateUtils.useChannelAuthorityIfNoSniApplicable) {
-            sniToUse = grpcHandler.getAuthority();
-          }
-          autoSniSanValidationDoesNotApply = true;
-        } else {
-          autoSniSanValidationDoesNotApply = false;
+
+      String sniToUse = upstreamTlsContext.getAutoHostSni()
+          && !Strings.isNullOrEmpty(endpointHostname)
+          ? endpointHostname : upstreamTlsContext.getSni();
+      if (sniToUse.isEmpty()) {
+        if (CertificateUtils.useChannelAuthorityIfNoSniApplicable) {
+          sniToUse = grpcHandler.getAuthority();
         }
-        sni = sniToUse;
+        autoSniSanValidationDoesNotApply = true;
       } else {
-        sni = grpcHandler.getAuthority();
         autoSniSanValidationDoesNotApply = false;
       }
+      sni = sniToUse;
     }
 
     @VisibleForTesting
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
index ad030143f62..41a3980c123 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/CertificateUtils.java
@@ -30,7 +30,6 @@
  * Contains certificate utility method(s).
  */
 public final class CertificateUtils {
-  public static boolean isXdsSniEnabled = GrpcUtil.getFlag("GRPC_EXPERIMENTAL_XDS_SNI", true);
   public static boolean useChannelAuthorityIfNoSniApplicable
       = GrpcUtil.getFlag("GRPC_USE_CHANNEL_AUTHORITY_IF_NO_SNI_APPLICABLE", false);
 
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
index e8e7243ce0e..01f25dda6c7 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
@@ -308,7 +308,7 @@ public void checkServerTrusted(X509Certificate[] chain, String authType)
 
   private List<StringMatcher> getAutoSniSanMatchers(SSLParameters sslParams) {
     List<StringMatcher> sniNamesToMatch = new ArrayList<>();
-    if (CertificateUtils.isXdsSniEnabled && autoSniSanValidation) {
+    if (autoSniSanValidation) {
       List<SNIServerName> serverNames = sslParams.getServerNames();
       if (serverNames != null) {
         for (SNIServerName serverName : serverNames) {
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
index 9141147702f..c8ad9f1c670 100644
--- a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -77,7 +77,6 @@
 import io.grpc.xds.internal.security.SslContextProviderSupplier;
 import io.grpc.xds.internal.security.TlsContextManagerImpl;
 import io.grpc.xds.internal.security.certprovider.FileWatcherCertificateProviderProvider;
-import io.grpc.xds.internal.security.trust.CertificateUtils;
 import io.netty.handler.ssl.NotSslRecordException;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -317,7 +316,6 @@ public void tlsClientServer_noAutoSniValidation_failureToMatchSubjAltNames()
   @Test
   public void tlsClientServer_autoSniValidation_sniInUtc()
       throws Exception {
-    CertificateUtils.isXdsSniEnabled = true;
     Path trustStoreFilePath = getCacertFilePathForTestCa();
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
@@ -341,14 +339,12 @@ public void tlsClientServer_autoSniValidation_sniInUtc()
     } finally {
       Files.deleteIfExists(trustStoreFilePath);
       clearTrustStoreSystemProperties();
-      CertificateUtils.isXdsSniEnabled = false;
     }
   }
 
   @Test
   public void tlsClientServer_autoSniValidation_sniFromHostname()
       throws Exception {
-    CertificateUtils.isXdsSniEnabled = true;
     Path trustStoreFilePath = getCacertFilePathForTestCa();
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
@@ -375,14 +371,12 @@ public void tlsClientServer_autoSniValidation_sniFromHostname()
     } finally {
       Files.deleteIfExists(trustStoreFilePath);
       clearTrustStoreSystemProperties();
-      CertificateUtils.isXdsSniEnabled = false;
     }
   }
 
   @Test
   public void tlsClientServer_autoSniValidation_noSniApplicable_usesMatcherFromCmnVdnCtx()
       throws Exception {
-    CertificateUtils.isXdsSniEnabled = true;
     Path trustStoreFilePath = getCacertFilePathForTestCa();
     try {
       setTrustStoreSystemProperties(trustStoreFilePath.toAbsolutePath().toString());
@@ -406,7 +400,6 @@ public void tlsClientServer_autoSniValidation_noSniApplicable_usesMatcherFromCmn
     } finally {
       Files.deleteIfExists(trustStoreFilePath);
       clearTrustStoreSystemProperties();
-      CertificateUtils.isXdsSniEnabled = false;
     }
   }
 
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
index dcb2fa051a3..f11c661e211 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
@@ -54,7 +54,6 @@
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSecurityHandler;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSecurityProtocolNegotiator;
 import io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils;
-import io.grpc.xds.internal.security.trust.CertificateUtils;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPipeline;
@@ -151,32 +150,27 @@ public void clientSecurityProtocolNegotiatorNewHandler_withTlsContextAttribute()
 
   @Test
   public void clientSecurityProtocolNegotiator_autoHostSni_hostnamePassedToClientSecurityHandlr() {
-    CertificateUtils.isXdsSniEnabled = true;
-    try {
-      UpstreamTlsContext upstreamTlsContext =
-          CommonTlsContextTestsUtil.buildUpstreamTlsContext(
-              CommonTlsContext.newBuilder().build(), "", true, false);
-      ClientSecurityProtocolNegotiator pn =
-          new ClientSecurityProtocolNegotiator(InternalProtocolNegotiators.plaintext());
-      GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class);
-      ChannelLogger logger = mock(ChannelLogger.class);
-      doNothing().when(logger).log(any(ChannelLogLevel.class), anyString());
-      when(mockHandler.getNegotiationLogger()).thenReturn(logger);
-      TlsContextManager mockTlsContextManager = mock(TlsContextManager.class);
-      when(mockHandler.getEagAttributes())
-          .thenReturn(
-              Attributes.newBuilder()
-                  .set(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
-                      new SslContextProviderSupplier(upstreamTlsContext, mockTlsContextManager))
-                  .set(XdsInternalAttributes.ATTR_ADDRESS_NAME, FAKE_AUTHORITY)
-                  .build());
-      ChannelHandler newHandler = pn.newHandler(mockHandler);
-      assertThat(newHandler).isNotNull();
-      assertThat(newHandler).isInstanceOf(ClientSecurityHandler.class);
-      assertThat(((ClientSecurityHandler) newHandler).getSni()).isEqualTo(FAKE_AUTHORITY);
-    } finally {
-      CertificateUtils.isXdsSniEnabled = false;
-    }
+    UpstreamTlsContext upstreamTlsContext =
+        CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+            CommonTlsContext.newBuilder().build(), "", true, false);
+    ClientSecurityProtocolNegotiator pn =
+        new ClientSecurityProtocolNegotiator(InternalProtocolNegotiators.plaintext());
+    GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class);
+    ChannelLogger logger = mock(ChannelLogger.class);
+    doNothing().when(logger).log(any(ChannelLogLevel.class), anyString());
+    when(mockHandler.getNegotiationLogger()).thenReturn(logger);
+    TlsContextManager mockTlsContextManager = mock(TlsContextManager.class);
+    when(mockHandler.getEagAttributes())
+        .thenReturn(
+            Attributes.newBuilder()
+                .set(SecurityProtocolNegotiators.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER,
+                    new SslContextProviderSupplier(upstreamTlsContext, mockTlsContextManager))
+                .set(XdsInternalAttributes.ATTR_ADDRESS_NAME, FAKE_AUTHORITY)
+                .build());
+    ChannelHandler newHandler = pn.newHandler(mockHandler);
+    assertThat(newHandler).isNotNull();
+    assertThat(newHandler).isInstanceOf(ClientSecurityHandler.class);
+    assertThat(((ClientSecurityHandler) newHandler).getSni()).isEqualTo(FAKE_AUTHORITY);
   }
 
   @Test
@@ -235,110 +229,71 @@ protected void onException(Throwable throwable) {
 
   @Test
   public void sniInClientSecurityHandler_autoHostSniIsTrue_usesEndpointHostname() {
-    CertificateUtils.isXdsSniEnabled = true;
-    try {
-      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
-          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
-      UpstreamTlsContext upstreamTlsContext =
-          CommonTlsContextTestsUtil
-              .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true, "", true);
-      SslContextProviderSupplier sslContextProviderSupplier =
-          new SslContextProviderSupplier(upstreamTlsContext,
-              new TlsContextManagerImpl(bootstrapInfoForClient));
-
-      ClientSecurityHandler clientSecurityHandler =
-          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
-
-      assertThat(clientSecurityHandler.getSni()).isEqualTo(HOSTNAME);
-    } finally {
-      CertificateUtils.isXdsSniEnabled = false;
-    }
+    Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+        .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+            CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+    UpstreamTlsContext upstreamTlsContext =
+        CommonTlsContextTestsUtil
+            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true, "", true);
+    SslContextProviderSupplier sslContextProviderSupplier =
+        new SslContextProviderSupplier(upstreamTlsContext,
+            new TlsContextManagerImpl(bootstrapInfoForClient));
+
+    ClientSecurityHandler clientSecurityHandler =
+        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
+
+    assertThat(clientSecurityHandler.getSni()).isEqualTo(HOSTNAME);
   }
 
   @Test
   public void sniInClientSecurityHandler_autoHostSni_endpointHostnameIsEmpty_usesSniFromUtc() {
-    CertificateUtils.isXdsSniEnabled = true;
-    try {
-      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
-          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
-      UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
-          "google_cloud_private_spiffe-client", true, SNI_IN_UTC, true);
-      SslContextProviderSupplier sslContextProviderSupplier =
-          new SslContextProviderSupplier(upstreamTlsContext,
-              new TlsContextManagerImpl(bootstrapInfoForClient));
-
-      ClientSecurityHandler clientSecurityHandler =
-          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, "");
-
-      assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
-    } finally {
-      CertificateUtils.isXdsSniEnabled = false;
-    }
+    Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+        .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+            CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+    UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+        "google_cloud_private_spiffe-client", true, SNI_IN_UTC, true);
+    SslContextProviderSupplier sslContextProviderSupplier =
+        new SslContextProviderSupplier(upstreamTlsContext,
+            new TlsContextManagerImpl(bootstrapInfoForClient));
+
+    ClientSecurityHandler clientSecurityHandler =
+        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, "");
+
+    assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
   }
 
   @Test
   public void sniInClientSecurityHandler_autoHostSni_endpointHostnameIsNull_usesSniFromUtc() {
-    CertificateUtils.isXdsSniEnabled = true;
-    try {
-      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
-          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
-      UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
-          "google_cloud_private_spiffe-client", true, SNI_IN_UTC, true);
-      SslContextProviderSupplier sslContextProviderSupplier =
-          new SslContextProviderSupplier(upstreamTlsContext,
-              new TlsContextManagerImpl(bootstrapInfoForClient));
-
-      ClientSecurityHandler clientSecurityHandler =
-          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, null);
-
-      assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
-    } finally {
-      CertificateUtils.isXdsSniEnabled = false;
-    }
-  }
+    Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+        .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+            CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+    UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+        "google_cloud_private_spiffe-client", true, SNI_IN_UTC, true);
+    SslContextProviderSupplier sslContextProviderSupplier =
+        new SslContextProviderSupplier(upstreamTlsContext,
+            new TlsContextManagerImpl(bootstrapInfoForClient));
 
-  @Test
-  public void sniInClientSecurityHandler_autoHostSniIsFalse_usesSniFromUpstreamTlsContext() {
-    CertificateUtils.isXdsSniEnabled = true;
-    try {
-      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
-          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
-      UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
-          "google_cloud_private_spiffe-client", true, SNI_IN_UTC, false);
-      SslContextProviderSupplier sslContextProviderSupplier =
-          new SslContextProviderSupplier(upstreamTlsContext,
-              new TlsContextManagerImpl(bootstrapInfoForClient));
-
-      ClientSecurityHandler clientSecurityHandler =
-          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
-
-      assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
-    } finally {
-      CertificateUtils.isXdsSniEnabled = false;
-    }
+    ClientSecurityHandler clientSecurityHandler =
+        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, null);
+
+    assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
   }
 
   @Test
-  public void sniFeatureNotEnabled_usesChannelAuthorityForSni() {
-    CertificateUtils.isXdsSniEnabled = false;
+  public void sniInClientSecurityHandler_autoHostSniIsFalse_usesSniFromUpstreamTlsContext() {
     Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
-            .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
-                    CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
-    UpstreamTlsContext upstreamTlsContext =
-            CommonTlsContextTestsUtil
-                .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
+        .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+            CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+    UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(
+        "google_cloud_private_spiffe-client", true, SNI_IN_UTC, false);
     SslContextProviderSupplier sslContextProviderSupplier =
-            new SslContextProviderSupplier(upstreamTlsContext,
-                    new TlsContextManagerImpl(bootstrapInfoForClient));
+        new SslContextProviderSupplier(upstreamTlsContext,
+            new TlsContextManagerImpl(bootstrapInfoForClient));
 
     ClientSecurityHandler clientSecurityHandler =
-            new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
+        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
 
-    assertThat(clientSecurityHandler.getSni()).isEqualTo(FAKE_AUTHORITY);
+    assertThat(clientSecurityHandler.getSni()).isEqualTo(SNI_IN_UTC);
   }
 
   @Test
@@ -503,60 +458,55 @@ public void nullTlsContext_nullFallbackProtocolNegotiator_expectException() {
 
   @Test
   public void clientSecurityProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent()
-          throws InterruptedException, TimeoutException, ExecutionException {
-    CertificateUtils.isXdsSniEnabled = true;
-    try {
-      FakeClock executor = new FakeClock();
-      CommonCertProviderTestUtils.register(executor);
-      Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
-          .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
-              CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
-      UpstreamTlsContext upstreamTlsContext =
-          CommonTlsContextTestsUtil
-              .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
-
-      SslContextProviderSupplier sslContextProviderSupplier =
-          new SslContextProviderSupplier(upstreamTlsContext,
-              new TlsContextManagerImpl(bootstrapInfoForClient));
-      ClientSecurityHandler clientSecurityHandler =
-          new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
-
-      pipeline.addLast(clientSecurityHandler);
-      channelHandlerCtx = pipeline.context(clientSecurityHandler);
-      assertNotNull(channelHandlerCtx); // non-null since we just added it
-
-      // kick off protocol negotiation.
-      pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault());
-      final SettableFuture<Object> future = SettableFuture.create();
-      sslContextProviderSupplier
-          .updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {
-            @Override
-            public void updateSslContextAndExtendedX509TrustManager(
-                AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm) {
-              future.set(sslContextAndTm);
-            }
-
-            @Override
-            protected void onException(Throwable throwable) {
-              future.set(throwable);
-            }
-          }, false);
-      executor.runDueTasks();
-      channel.runPendingTasks(); // need this for tasks to execute on eventLoop
-      Object fromFuture = future.get(5, TimeUnit.SECONDS);
-      assertThat(fromFuture).isInstanceOf(AbstractMap.SimpleImmutableEntry.class);
-      channel.runPendingTasks();
-      channelHandlerCtx = pipeline.context(clientSecurityHandler);
-      assertThat(channelHandlerCtx).isNull();
-      Object sslEvent = SslHandshakeCompletionEvent.SUCCESS;
-
-      pipeline.fireUserEventTriggered(sslEvent);
-      channel.runPendingTasks(); // need this for tasks to execute on eventLoop
-      assertTrue(channel.isOpen());
-      CommonCertProviderTestUtils.register0();
-    } finally {
-      CertificateUtils.isXdsSniEnabled = false;
-    }
+      throws InterruptedException, TimeoutException, ExecutionException {
+    FakeClock executor = new FakeClock();
+    CommonCertProviderTestUtils.register(executor);
+    Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
+        .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE,
+            CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null, null);
+    UpstreamTlsContext upstreamTlsContext =
+        CommonTlsContextTestsUtil
+            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
+
+    SslContextProviderSupplier sslContextProviderSupplier =
+        new SslContextProviderSupplier(upstreamTlsContext,
+            new TlsContextManagerImpl(bootstrapInfoForClient));
+    ClientSecurityHandler clientSecurityHandler =
+        new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier, HOSTNAME);
+
+    pipeline.addLast(clientSecurityHandler);
+    channelHandlerCtx = pipeline.context(clientSecurityHandler);
+    assertNotNull(channelHandlerCtx); // non-null since we just added it
+
+    // kick off protocol negotiation.
+    pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault());
+    final SettableFuture<Object> future = SettableFuture.create();
+    sslContextProviderSupplier
+        .updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {
+          @Override
+          public void updateSslContextAndExtendedX509TrustManager(
+              AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager> sslContextAndTm) {
+            future.set(sslContextAndTm);
+          }
+
+          @Override
+          protected void onException(Throwable throwable) {
+            future.set(throwable);
+          }
+        }, false);
+    executor.runDueTasks();
+    channel.runPendingTasks(); // need this for tasks to execute on eventLoop
+    Object fromFuture = future.get(5, TimeUnit.SECONDS);
+    assertThat(fromFuture).isInstanceOf(AbstractMap.SimpleImmutableEntry.class);
+    channel.runPendingTasks();
+    channelHandlerCtx = pipeline.context(clientSecurityHandler);
+    assertThat(channelHandlerCtx).isNull();
+    Object sslEvent = SslHandshakeCompletionEvent.SUCCESS;
+
+    pipeline.fireUserEventTriggered(sslEvent);
+    channel.runPendingTasks(); // need this for tasks to execute on eventLoop
+    assertTrue(channel.isOpen());
+    CommonCertProviderTestUtils.register0();
   }
 
   @Test

From 0ef1b392b532b37255e88acb09480d7c1c49b690 Mon Sep 17 00:00:00 2001
From: PetitBaguette <petit_baguette@yahoo.co.jp>
Date: Mon, 9 Feb 2026 19:46:44 +0900
Subject: [PATCH 530/591] fix(xds): Allow and normalize trailing dot (FQDN) in
 matchHostName (#12644)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Summary

`matchHostName` in `RoutingUtils` and `XdsNameResolver` currently
rejects hostnames and patterns
with a trailing dot (`.`) via `checkArgument`. A trailing dot denotes a
**Fully Qualified Domain Name (FQDN)** as defined in
[RFC 1034 Section
3.1](https://www.rfc-editor.org/rfc/rfc1034#section-3.1), and is a
valid,
well-defined representation of an absolute domain name. Rejecting it is
inconsistent with the RFC.

This change removes the trailing-dot rejection and adds normalization to
strip the trailing dot
before matching, making `example.com.` and `example.com` match
equivalently.

## Background

Per [RFC 1034 Section
3.1](https://www.rfc-editor.org/rfc/rfc1034#section-3.1):

> "If the name ends with a dot, it is an absolute name ... For example,
`poneria.ISI.EDU.`"

A trailing dot simply indicates that the name is rooted at the DNS root
and is semantically
equivalent to the same name without the trailing dot. Treating it as
invalid prevents legitimate
FQDNs from being used as hostnames or virtual host domain patterns in
xDS routing configuration.

## Motivation

This was discovered when using gRPC Proxyless Service Mesh on a
Kubernetes cluster with Istio.
The issue surfaced after upgrading Istio from 1.26.8 to 1.28.3. The
Istio change
[istio/istio#56008](https://github.com/istio/istio/pull/56008) began
sending FQDN-style domain
names (with trailing dots) in xDS route configuration, which caused
grpc-java to throw an
`IllegalArgumentException` in `matchHostName`:

```text
java.lang.IllegalArgumentException: Invalid pattern/domain name
    at com.google.common.base.Preconditions.checkArgument(Preconditions.java:143)
```

The root cause is that grpc-java's `matchHostName` was not RFC-compliant
in rejecting trailing dots — the Istio upgrade merely made it visible.
The fix here is to bring grpc-java into compliance with RFC 1034,
independent of any specific Istio version.

## Changes

- `xds/src/main/java/io/grpc/xds/RoutingUtils.java`: Removed
trailing-dot rejection and added
  FQDN normalization in `matchHostName`.
- `xds/src/main/java/io/grpc/xds/XdsNameResolver.java`: Same as above.
- `xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java`: Added
`matchHostName_trailingDot`
test covering exact match, prefix wildcard, and suffix wildcard with
trailing dot combinations.

## References

- [RFC 1034 – Domain Names: Concepts and
Facilities](https://www.rfc-editor.org/rfc/rfc1034)
- [RFC 1035 – Domain Names: Implementation and
Specification](https://www.rfc-editor.org/rfc/rfc1035)
- [istio/istio#56008](https://github.com/istio/istio/pull/56008) – Istio
change that began sending FQDN domain names in xDS configuration
---
 .../main/java/io/grpc/xds/RoutingUtils.java   |  13 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |  61 -------
 .../java/io/grpc/xds/RoutingUtilsTest.java    | 165 ++++++++++++++++++
 .../java/io/grpc/xds/XdsNameResolverTest.java |  42 -----
 4 files changed, 176 insertions(+), 105 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/RoutingUtils.java b/xds/src/main/java/io/grpc/xds/RoutingUtils.java
index 2b60e90deda..bff6756a9a4 100644
--- a/xds/src/main/java/io/grpc/xds/RoutingUtils.java
+++ b/xds/src/main/java/io/grpc/xds/RoutingUtils.java
@@ -92,15 +92,24 @@ static VirtualHost findVirtualHostForHostName(List<VirtualHost> virtualHosts, St
    * </ol>
    */
   private static boolean matchHostName(String hostName, String pattern) {
-    checkArgument(hostName.length() != 0 && !hostName.startsWith(".") && !hostName.endsWith("."),
+    checkArgument(hostName.length() != 0 && !hostName.startsWith("."),
         "Invalid host name");
-    checkArgument(pattern.length() != 0 && !pattern.startsWith(".") && !pattern.endsWith("."),
+    checkArgument(pattern.length() != 0 && !pattern.startsWith("."),
         "Invalid pattern/domain name");
 
     hostName = hostName.toLowerCase(Locale.US);
     pattern = pattern.toLowerCase(Locale.US);
     // hostName and pattern are now in lower case -- domain names are case-insensitive.
 
+    // Strip trailing dot to normalize FQDN (e.g. "example.com.") to a relative form,
+    // as per RFC 1034 Section 3.1 the two are semantically equivalent.
+    if (hostName.endsWith(".")) {
+      hostName = hostName.substring(0, hostName.length() - 1);
+    }
+    if (pattern.endsWith(".")) {
+      pattern = pattern.substring(0, pattern.length() - 1);
+    }
+
     if (!pattern.contains("*")) {
       // Not a wildcard pattern -- hostName and pattern must match exactly.
       return hostName.equals(pattern);
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 196d51fb5a6..ec3e417e53a 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -73,7 +73,6 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
@@ -341,66 +340,6 @@ private void updateResolutionResult(XdsConfig xdsConfig) {
     }
   }
 
-  /**
-   * Returns {@code true} iff {@code hostName} matches the domain name {@code pattern} with
-   * case-insensitive.
-   *
-   * <p>Wildcard pattern rules:
-   * <ol>
-   * <li>A single asterisk (*) matches any domain.</li>
-   * <li>Asterisk (*) is only permitted in the left-most or the right-most part of the pattern,
-   *     but not both.</li>
-   * </ol>
-   */
-  @VisibleForTesting
-  static boolean matchHostName(String hostName, String pattern) {
-    checkArgument(hostName.length() != 0 && !hostName.startsWith(".") && !hostName.endsWith("."),
-        "Invalid host name");
-    checkArgument(pattern.length() != 0 && !pattern.startsWith(".") && !pattern.endsWith("."),
-        "Invalid pattern/domain name");
-
-    hostName = hostName.toLowerCase(Locale.US);
-    pattern = pattern.toLowerCase(Locale.US);
-    // hostName and pattern are now in lower case -- domain names are case-insensitive.
-
-    if (!pattern.contains("*")) {
-      // Not a wildcard pattern -- hostName and pattern must match exactly.
-      return hostName.equals(pattern);
-    }
-    // Wildcard pattern
-
-    if (pattern.length() == 1) {
-      return true;
-    }
-
-    int index = pattern.indexOf('*');
-
-    // At most one asterisk (*) is allowed.
-    if (pattern.indexOf('*', index + 1) != -1) {
-      return false;
-    }
-
-    // Asterisk can only match prefix or suffix.
-    if (index != 0 && index != pattern.length() - 1) {
-      return false;
-    }
-
-    // HostName must be at least as long as the pattern because asterisk has to
-    // match one or more characters.
-    if (hostName.length() < pattern.length()) {
-      return false;
-    }
-
-    if (index == 0 && hostName.endsWith(pattern.substring(1))) {
-      // Prefix matching fails.
-      return true;
-    }
-
-    // Pattern matches hostname if suffix matching succeeds.
-    return index == pattern.length() - 1
-        && hostName.startsWith(pattern.substring(0, pattern.length() - 1));
-  }
-
   private final class ConfigSelector extends InternalConfigSelector {
     @Override
     public Result selectConfig(PickSubchannelArgs args) {
diff --git a/xds/src/test/java/io/grpc/xds/RoutingUtilsTest.java b/xds/src/test/java/io/grpc/xds/RoutingUtilsTest.java
index a460501e85b..e9fde9f4c4a 100644
--- a/xds/src/test/java/io/grpc/xds/RoutingUtilsTest.java
+++ b/xds/src/test/java/io/grpc/xds/RoutingUtilsTest.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.mock;
 
 import com.google.common.collect.ImmutableMap;
@@ -88,6 +89,170 @@ public void findVirtualHostForHostName_asteriskMatchAnyDomain() {
         .isEqualTo(vHost1);
   }
 
+  @Test
+  public void findVirtualHostForHostName_trailingDot() {
+    // FQDN (trailing dot) is semantically equivalent to the relative form
+    // per RFC 1034 Section 3.1.
+    List<Route> routes = Collections.emptyList();
+    VirtualHost vHost1 = VirtualHost.create("virtualhost01.googleapis.com",
+        Collections.singletonList("a.googleapis.com"), routes,
+        ImmutableMap.of());
+    VirtualHost vHost2 = VirtualHost.create("virtualhost02.googleapis.com",
+        Collections.singletonList("*.googleapis.com"), routes,
+        ImmutableMap.of());
+    VirtualHost vHost3 = VirtualHost.create("virtualhost03.googleapis.com",
+        Collections.singletonList("*"), routes,
+        ImmutableMap.of());
+    List<VirtualHost> virtualHosts = Arrays.asList(vHost1, vHost2, vHost3);
+
+    // Trailing dot in hostName, exact match.
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "a.googleapis.com.")).isEqualTo(vHost1);
+    // Trailing dot in hostName, wildcard match.
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "b.googleapis.com.")).isEqualTo(vHost2);
+
+    // Trailing dot in domain pattern, exact match.
+    VirtualHost vHost4 = VirtualHost.create("virtualhost04.googleapis.com",
+        Collections.singletonList("a.googleapis.com."), routes,
+        ImmutableMap.of());
+    List<VirtualHost> virtualHosts2 =
+        Arrays.asList(vHost4, vHost2, vHost3);
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts2, "a.googleapis.com")).isEqualTo(vHost4);
+
+    // Trailing dot in both hostName and domain pattern.
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts2, "a.googleapis.com.")).isEqualTo(vHost4);
+
+    // Trailing dot in domain pattern, wildcard match.
+    VirtualHost vHost5 = VirtualHost.create("virtualhost05.googleapis.com",
+        Collections.singletonList("*.googleapis.com."), routes,
+        ImmutableMap.of());
+    List<VirtualHost> virtualHosts3 =
+        Arrays.asList(vHost5, vHost3);
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts3, "b.googleapis.com")).isEqualTo(vHost5);
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts3, "b.googleapis.com.")).isEqualTo(vHost5);
+  }
+
+  @Test
+  public void findVirtualHostForHostName_exactMatch() {
+    List<Route> routes = Collections.emptyList();
+    VirtualHost vHostFoo = VirtualHost.create("vhost-foo",
+        Collections.singletonList("foo.googleapis.com"), routes,
+        ImmutableMap.of());
+    VirtualHost vHostBar = VirtualHost.create("vhost-bar",
+        Collections.singletonList("bar.googleapis.com"), routes,
+        ImmutableMap.of());
+    List<VirtualHost> virtualHosts =
+        Arrays.asList(vHostFoo, vHostBar);
+
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "foo.googleapis.com")).isEqualTo(vHostFoo);
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "bar.googleapis.com")).isEqualTo(vHostBar);
+    // No match returns null.
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "baz.googleapis.com")).isNull();
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "foo.googleapis")).isNull();
+  }
+
+  @Test
+  public void findVirtualHostForHostName_invalidHostName() {
+    List<Route> routes = Collections.emptyList();
+    VirtualHost vHost = VirtualHost.create("vhost",
+        Collections.singletonList("a.googleapis.com"), routes,
+        ImmutableMap.of());
+    List<VirtualHost> virtualHosts = Collections.singletonList(vHost);
+
+    // Empty hostName.
+    assertThrows(IllegalArgumentException.class,
+        () -> RoutingUtils.findVirtualHostForHostName(
+            virtualHosts, ""));
+    // HostName starting with dot.
+    assertThrows(IllegalArgumentException.class,
+        () -> RoutingUtils.findVirtualHostForHostName(
+            virtualHosts, ".a.googleapis.com"));
+  }
+
+  @Test
+  public void findVirtualHostForHostName_invalidPattern() {
+    List<Route> routes = Collections.emptyList();
+    // Empty domain pattern.
+    VirtualHost vHostEmpty = VirtualHost.create("vhost-empty",
+        Collections.singletonList(""), routes,
+        ImmutableMap.of());
+    assertThrows(IllegalArgumentException.class,
+        () -> RoutingUtils.findVirtualHostForHostName(
+            Collections.singletonList(vHostEmpty),
+            "a.googleapis.com"));
+    // Domain pattern starting with dot.
+    VirtualHost vHostDot = VirtualHost.create("vhost-dot",
+        Collections.singletonList(".a.googleapis.com"), routes,
+        ImmutableMap.of());
+    assertThrows(IllegalArgumentException.class,
+        () -> RoutingUtils.findVirtualHostForHostName(
+            Collections.singletonList(vHostDot),
+            "a.googleapis.com"));
+  }
+
+  @Test
+  public void findVirtualHostForHostName_prefixWildcard() {
+    List<Route> routes = Collections.emptyList();
+    VirtualHost vHostWild = VirtualHost.create("vhost-wild",
+        Collections.singletonList("*.foo.googleapis.com"),
+        routes, ImmutableMap.of());
+    VirtualHost vHostOther = VirtualHost.create("vhost-other",
+        Collections.singletonList("other.googleapis.com"),
+        routes, ImmutableMap.of());
+    List<VirtualHost> virtualHosts =
+        Arrays.asList(vHostWild, vHostOther);
+
+    // Prefix wildcard matches.
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "bar.foo.googleapis.com"))
+        .isEqualTo(vHostWild);
+    // Base domain without subdomain does not match *.foo.googleapis.com.
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "foo.googleapis.com")).isNull();
+
+    // Longer prefix wildcard is preferred over shorter one.
+    VirtualHost vHostLong = VirtualHost.create("vhost-long",
+        Collections.singletonList("*.bar.foo.googleapis.com"),
+        routes, ImmutableMap.of());
+    List<VirtualHost> virtualHosts2 =
+        Arrays.asList(vHostLong, vHostWild);
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts2, "baz.bar.foo.googleapis.com"))
+        .isEqualTo(vHostLong);
+  }
+
+  @Test
+  public void findVirtualHostForHostName_postfixWildcard() {
+    List<Route> routes = Collections.emptyList();
+    VirtualHost vHostWild = VirtualHost.create("vhost-wild",
+        Collections.singletonList("foo.*"), routes,
+        ImmutableMap.of());
+    VirtualHost vHostOther = VirtualHost.create("vhost-other",
+        Collections.singletonList("bar.googleapis.com"),
+        routes, ImmutableMap.of());
+    List<VirtualHost> virtualHosts =
+        Arrays.asList(vHostWild, vHostOther);
+
+    // Postfix wildcard matches.
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "foo.googleapis.com"))
+        .isEqualTo(vHostWild);
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "foo.com")).isEqualTo(vHostWild);
+    // Different prefix does not match foo.*.
+    assertThat(RoutingUtils.findVirtualHostForHostName(
+        virtualHosts, "bar.foo.googleapis.com")).isNull();
+  }
+
   @Test
   public void routeMatching_pathOnly() {
     Metadata headers = new Metadata();
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 45a96ee172f..3f50d92c2b5 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -2020,48 +2020,6 @@ public void generateServiceConfig_forPerMethodConfig() throws IOException {
         .isEqualTo(expectedServiceConfig);
   }
 
-  @Test
-  public void matchHostName_exactlyMatch() {
-    String pattern = "foo.googleapis.com";
-    assertThat(XdsNameResolver.matchHostName("bar.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("fo.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("oo.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("foo.googleapis", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isTrue();
-  }
-
-  @Test
-  public void matchHostName_prefixWildcard() {
-    String pattern = "*.foo.googleapis.com";
-    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("bar-baz.foo.googleapis", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("bar.foo.googleapis.com", pattern)).isTrue();
-    pattern = "*-bar.foo.googleapis.com";
-    assertThat(XdsNameResolver.matchHostName("bar.foo.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("baz-bar.foo.googleapis", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("-bar.foo.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("baz-bar.foo.googleapis.com", pattern))
-        .isTrue();
-  }
-
-  @Test
-  public void matchHostName_postfixWildCard() {
-    String pattern = "foo.*";
-    assertThat(XdsNameResolver.matchHostName("bar.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("bar.foo.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isTrue();
-    assertThat(XdsNameResolver.matchHostName("foo.com", pattern)).isTrue();
-    pattern = "foo-*";
-    assertThat(XdsNameResolver.matchHostName("bar-.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("foo-", pattern)).isFalse();
-    assertThat(XdsNameResolver.matchHostName("foo-bar.com", pattern)).isTrue();
-    assertThat(XdsNameResolver.matchHostName("foo-.com", pattern)).isTrue();
-    assertThat(XdsNameResolver.matchHostName("foo-bar", pattern)).isTrue();
-  }
-
   @Test
   public void resolved_faultAbortInLdsUpdate() {
     resolver.start(mockListener);

From 024fdd0ead5aecf5feaf107cb4dc7e678c40dca6 Mon Sep 17 00:00:00 2001
From: wcchoi <fortexx@gmail.com>
Date: Mon, 9 Feb 2026 19:55:12 +0800
Subject: [PATCH 531/591] core: fix the backoff range to [0.8, 1.2] as per the
 A6 redefinition (#12639)

The range is [0.4, 1.2] in code

[spec](https://github.com/grpc/proposal/blob/6a8163b49157f2e19a5a7535a5957398d99701f1/A6-client-retries.md?plain=1#L113) mentions [0.8, 1.2].
---
 core/src/main/java/io/grpc/internal/RetriableStream.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/io/grpc/internal/RetriableStream.java b/core/src/main/java/io/grpc/internal/RetriableStream.java
index 96816eb6f15..f02ce36351c 100644
--- a/core/src/main/java/io/grpc/internal/RetriableStream.java
+++ b/core/src/main/java/io/grpc/internal/RetriableStream.java
@@ -853,7 +853,7 @@ public void run() {
 
   public static long intervalWithJitter(long intervalNanos) {
     double inverseJitterFactor = isExperimentalRetryJitterEnabled
-            ? 0.8 * random.nextDouble() + 0.4 : random.nextDouble();
+            ? 0.4 * random.nextDouble() + 0.8 : random.nextDouble();
     return (long) (intervalNanos * inverseJitterFactor);
   }
 

From 73abb48547df4cbaadddfa5bd6a82ef387fac800 Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Tue, 10 Feb 2026 01:13:17 +0900
Subject: [PATCH 532/591] core: Fix inFlightSubStreams counting on retry commit
 (#12649)

This PR fixes a race condition in RetriableStream where, under certain
retry and deadline timings, the response future may never be completed.

When a deadline cancellation occurs concurrently with retry commit,
inFlightSubStreams may not be decremented, causing
`ClientCallImpl.ClientStreamListenerImpl.closed` to never be invoked. As
a result, blockingUnaryCall can hang indefinitely.

After this change, the inFlightSubStreams counting is consistent
whenever a scheduled retry is committed, ensuring the close signal is
always delivered.

I verified this using the issue reproduction code from the issue
reporter, which previously caused blockingUnaryCall to hang and
eventually hit a TimeoutException because a while loop never progressed.
After this change, running the same reproduction code no longer hangs
and continues as expected without timing out.

Fixes #12620
---
 core/src/main/java/io/grpc/internal/RetriableStream.java | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/RetriableStream.java b/core/src/main/java/io/grpc/internal/RetriableStream.java
index f02ce36351c..0c37a0beaca 100644
--- a/core/src/main/java/io/grpc/internal/RetriableStream.java
+++ b/core/src/main/java/io/grpc/internal/RetriableStream.java
@@ -166,7 +166,8 @@ private Runnable commit(final Substream winningSubstream) {
 
       final boolean wasCancelled = (scheduledRetry != null) ? scheduledRetry.isCancelled() : false;
       final Future<?> retryFuture;
-      if (scheduledRetry != null) {
+      final boolean retryWasScheduled = scheduledRetry != null;
+      if (retryWasScheduled) {
         retryFuture = scheduledRetry.markCancelled();
         scheduledRetry = null;
       } else {
@@ -190,8 +191,10 @@ public void run() {
               substream.stream.cancel(CANCELLED_BECAUSE_COMMITTED);
             }
           }
-          if (retryFuture != null) {
-            retryFuture.cancel(false);
+          if (retryWasScheduled) {
+            if (retryFuture != null) {
+              retryFuture.cancel(false);
+            }
             if (!wasCancelled && inFlightSubStreams.decrementAndGet() == Integer.MIN_VALUE) {
               assert savedCloseMasterListenerReason != null;
               listenerSerializeExecutor.execute(

From 2ab1da8c4fd29869203c8b4bff19d0995a6ab3f3 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 11 Feb 2026 02:59:14 -0800
Subject: [PATCH 533/591] Move FlagResetRule from core to api/testFixtures

---
 .../src/testFixtures/java/io/grpc}/FlagResetRule.java           | 2 +-
 core/src/test/java/io/grpc/internal/DnsNameResolverTest.java    | 1 +
 .../java/io/grpc/internal/ManagedChannelImplBuilderTest.java    | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)
 rename {core/src/testFixtures/java/io/grpc/internal => api/src/testFixtures/java/io/grpc}/FlagResetRule.java (99%)

diff --git a/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java b/api/src/testFixtures/java/io/grpc/FlagResetRule.java
similarity index 99%
rename from core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java
rename to api/src/testFixtures/java/io/grpc/FlagResetRule.java
index 96125cd0c8a..08ce7ce82f2 100644
--- a/core/src/testFixtures/java/io/grpc/internal/FlagResetRule.java
+++ b/api/src/testFixtures/java/io/grpc/FlagResetRule.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.internal;
+package io.grpc;
 
 import java.util.ArrayDeque;
 import java.util.Deque;
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
index c6067d305b5..0a46b7d8204 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
@@ -44,6 +44,7 @@
 import com.google.common.testing.FakeTicker;
 import io.grpc.ChannelLogger;
 import io.grpc.EquivalentAddressGroup;
+import io.grpc.FlagResetRule;
 import io.grpc.HttpConnectProxiedSocketAddress;
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.ConfigOrError;
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
index 8bf10de3949..bd21e28a0ef 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
@@ -38,6 +38,7 @@
 import io.grpc.ClientInterceptor;
 import io.grpc.CompressorRegistry;
 import io.grpc.DecompressorRegistry;
+import io.grpc.FlagResetRule;
 import io.grpc.InternalConfigurator;
 import io.grpc.InternalConfiguratorRegistry;
 import io.grpc.InternalManagedChannelBuilder.InternalInterceptorFactory;

From e8bff49d4d2995760082ff04f00a7b754109920b Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 20 Jan 2026 17:39:14 -0800
Subject: [PATCH 534/591] move GrpcUtil.getFlag to api

---
 api/src/main/java/io/grpc/FeatureFlags.java   | 38 +++++++++++++++++++
 .../java/io/grpc/InternalFeatureFlags.java    | 26 +++++++++++++
 .../main/java/io/grpc/internal/GrpcUtil.java  | 15 +-------
 3 files changed, 66 insertions(+), 13 deletions(-)
 create mode 100644 api/src/main/java/io/grpc/FeatureFlags.java
 create mode 100644 api/src/main/java/io/grpc/InternalFeatureFlags.java

diff --git a/api/src/main/java/io/grpc/FeatureFlags.java b/api/src/main/java/io/grpc/FeatureFlags.java
new file mode 100644
index 00000000000..e406ab9c99f
--- /dev/null
+++ b/api/src/main/java/io/grpc/FeatureFlags.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import com.google.common.base.Strings;
+
+class FeatureFlags {
+  static boolean getFlag(String envVarName, boolean enableByDefault) {
+    String envVar = System.getenv(envVarName);
+    if (envVar == null) {
+      envVar = System.getProperty(envVarName);
+    }
+    if (envVar != null) {
+      envVar = envVar.trim();
+    }
+    if (enableByDefault) {
+      return Strings.isNullOrEmpty(envVar) || Boolean.parseBoolean(envVar);
+    } else {
+      return !Strings.isNullOrEmpty(envVar) && Boolean.parseBoolean(envVar);
+    }
+  }
+
+  private FeatureFlags() {}
+}
diff --git a/api/src/main/java/io/grpc/InternalFeatureFlags.java b/api/src/main/java/io/grpc/InternalFeatureFlags.java
new file mode 100644
index 00000000000..1f4145efc58
--- /dev/null
+++ b/api/src/main/java/io/grpc/InternalFeatureFlags.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+@Internal
+public class InternalFeatureFlags {
+  public static boolean getFlag(String envVarName, boolean enableByDefault) {
+    return FeatureFlags.getFlag(envVarName, enableByDefault);
+  }
+
+  private InternalFeatureFlags() {}
+}
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index d8d0c1b2dc5..c3ff3628465 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -24,7 +24,6 @@
 import com.google.common.base.Preconditions;
 import com.google.common.base.Splitter;
 import com.google.common.base.Stopwatch;
-import com.google.common.base.Strings;
 import com.google.common.base.Supplier;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
@@ -32,6 +31,7 @@
 import io.grpc.ClientStreamTracer;
 import io.grpc.ClientStreamTracer.StreamInfo;
 import io.grpc.InternalChannelz.SocketStats;
+import io.grpc.InternalFeatureFlags;
 import io.grpc.InternalLogId;
 import io.grpc.InternalMetadata;
 import io.grpc.InternalMetadata.TrustedAsciiMarshaller;
@@ -958,18 +958,7 @@ public static String encodeAuthority(String authority) {
   }
 
   public static boolean getFlag(String envVarName, boolean enableByDefault) {
-    String envVar = System.getenv(envVarName);
-    if (envVar == null) {
-      envVar = System.getProperty(envVarName);
-    }
-    if (envVar != null) {
-      envVar = envVar.trim();
-    }
-    if (enableByDefault) {
-      return Strings.isNullOrEmpty(envVar) || Boolean.parseBoolean(envVar);
-    } else {
-      return !Strings.isNullOrEmpty(envVar) && Boolean.parseBoolean(envVar);
-    }
+    return InternalFeatureFlags.getFlag(envVarName, enableByDefault);
   }
 
 

From 8acfc757ac5b83e77e45406bcabbedc46ea07485 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 14 Jan 2026 11:18:24 -0800
Subject: [PATCH 535/591] Move RFC 3986 feature flag to 'api'

---
 api/src/main/java/io/grpc/FeatureFlags.java      | 16 ++++++++++++++++
 .../main/java/io/grpc/InternalFeatureFlags.java  | 15 +++++++++++++++
 .../grpc/internal/ManagedChannelImplBuilder.java | 13 ++-----------
 .../internal/ManagedChannelImplBuilderTest.java  |  3 ++-
 4 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/api/src/main/java/io/grpc/FeatureFlags.java b/api/src/main/java/io/grpc/FeatureFlags.java
index e406ab9c99f..0e414ed7b31 100644
--- a/api/src/main/java/io/grpc/FeatureFlags.java
+++ b/api/src/main/java/io/grpc/FeatureFlags.java
@@ -16,9 +16,25 @@
 
 package io.grpc;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
 
 class FeatureFlags {
+  private static boolean enableRfc3986Uris = getFlag("GRPC_ENABLE_RFC3986_URIS", false);
+
+  /** Whether to parse targets as RFC 3986 URIs (true), or use {@link java.net.URI} (false). */
+  @VisibleForTesting
+  static boolean setRfc3986UrisEnabled(boolean value) {
+    boolean prevValue = enableRfc3986Uris;
+    enableRfc3986Uris = value;
+    return prevValue;
+  }
+
+  /** Whether to parse targets as RFC 3986 URIs (true), or use {@link java.net.URI} (false). */
+  static boolean getRfc3986UrisEnabled() {
+    return enableRfc3986Uris;
+  }
+
   static boolean getFlag(String envVarName, boolean enableByDefault) {
     String envVar = System.getenv(envVarName);
     if (envVar == null) {
diff --git a/api/src/main/java/io/grpc/InternalFeatureFlags.java b/api/src/main/java/io/grpc/InternalFeatureFlags.java
index 1f4145efc58..a1e771a7571 100644
--- a/api/src/main/java/io/grpc/InternalFeatureFlags.java
+++ b/api/src/main/java/io/grpc/InternalFeatureFlags.java
@@ -16,8 +16,23 @@
 
 package io.grpc;
 
+import com.google.common.annotations.VisibleForTesting;
+
+/** Global variables that govern major changes to the behavior of more than one grpc module. */
 @Internal
 public class InternalFeatureFlags {
+
+  /** Whether to parse targets as RFC 3986 URIs (true), or use {@link java.net.URI} (false). */
+  @VisibleForTesting
+  public static boolean setRfc3986UrisEnabled(boolean value) {
+    return FeatureFlags.setRfc3986UrisEnabled(value);
+  }
+
+  /** Whether to parse targets as RFC 3986 URIs (true), or use {@link java.net.URI} (false). */
+  public static boolean getRfc3986UrisEnabled() {
+    return FeatureFlags.getRfc3986UrisEnabled();
+  }
+
   public static boolean getFlag(String envVarName, boolean enableByDefault) {
     return FeatureFlags.getFlag(envVarName, enableByDefault);
   }
diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
index 628224b826e..128c929ec0e 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelImplBuilder.java
@@ -38,6 +38,7 @@
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.InternalChannelz;
 import io.grpc.InternalConfiguratorRegistry;
+import io.grpc.InternalFeatureFlags;
 import io.grpc.ManagedChannel;
 import io.grpc.ManagedChannelBuilder;
 import io.grpc.MethodDescriptor;
@@ -106,16 +107,6 @@ public static ManagedChannelBuilder<?> forTarget(String target) {
    */
   static final long IDLE_MODE_MIN_TIMEOUT_MILLIS = TimeUnit.SECONDS.toMillis(1);
 
-  private static boolean enableRfc3986Uris = GrpcUtil.getFlag("GRPC_ENABLE_RFC3986_URIS", false);
-
-  /** Whether to parse targets as RFC 3986 URIs (true), or use {@link java.net.URI} (false). */
-  @VisibleForTesting
-  static boolean setRfc3986UrisEnabled(boolean value) {
-    boolean prevValue = ManagedChannelImplBuilder.enableRfc3986Uris;
-    ManagedChannelImplBuilder.enableRfc3986Uris = value;
-    return prevValue;
-  }
-
   private static final ObjectPool<? extends Executor> DEFAULT_EXECUTOR_POOL =
       SharedResourcePool.forResource(GrpcUtil.SHARED_CHANNEL_EXECUTOR);
 
@@ -731,7 +722,7 @@ public ManagedChannel build() {
     ClientTransportFactory clientTransportFactory =
         clientTransportFactoryBuilder.buildClientTransportFactory();
     ResolvedNameResolver resolvedResolver =
-        enableRfc3986Uris
+        InternalFeatureFlags.getRfc3986UrisEnabled()
             ? getNameResolverProviderRfc3986(target, nameResolverRegistry)
             : getNameResolverProvider(target, nameResolverRegistry);
     resolvedResolver.checkAddressTypes(clientTransportFactory.getSupportedSocketAddressTypes());
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
index bd21e28a0ef..b0939239477 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelImplBuilderTest.java
@@ -41,6 +41,7 @@
 import io.grpc.FlagResetRule;
 import io.grpc.InternalConfigurator;
 import io.grpc.InternalConfiguratorRegistry;
+import io.grpc.InternalFeatureFlags;
 import io.grpc.InternalManagedChannelBuilder.InternalInterceptorFactory;
 import io.grpc.ManagedChannel;
 import io.grpc.ManagedChannelBuilder;
@@ -129,7 +130,7 @@ public static Iterable<Object[]> data() {
   @Before
   public void setUp() throws Exception {
     flagResetRule.setFlagForTest(
-        ManagedChannelImplBuilder::setRfc3986UrisEnabled, enableRfc3986UrisParam);
+        InternalFeatureFlags::setRfc3986UrisEnabled, enableRfc3986UrisParam);
 
     builder = new ManagedChannelImplBuilder(
         DUMMY_TARGET,

From c1b4da931f19e494a89599204e479298e46c540c Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 11 Feb 2026 03:10:03 -0800
Subject: [PATCH 536/591] api: Use io.grpc.Uri for target parsing in
 ManagedChannelRegistry

---
 .../java/io/grpc/ManagedChannelRegistry.java  |  7 ++++--
 .../io/grpc/ManagedChannelRegistryTest.java   | 24 +++++++++++++++++--
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/api/src/main/java/io/grpc/ManagedChannelRegistry.java b/api/src/main/java/io/grpc/ManagedChannelRegistry.java
index aed5eca9abf..2e794295c2e 100644
--- a/api/src/main/java/io/grpc/ManagedChannelRegistry.java
+++ b/api/src/main/java/io/grpc/ManagedChannelRegistry.java
@@ -160,8 +160,11 @@ ManagedChannelBuilder<?> newChannelBuilder(NameResolverRegistry nameResolverRegi
       String target, ChannelCredentials creds) {
     NameResolverProvider nameResolverProvider = null;
     try {
-      URI uri = new URI(target);
-      nameResolverProvider = nameResolverRegistry.getProviderForScheme(uri.getScheme());
+      String scheme =
+          FeatureFlags.getRfc3986UrisEnabled()
+              ? Uri.parse(target).getScheme()
+              : new URI(target).getScheme();
+      nameResolverProvider = nameResolverRegistry.getProviderForScheme(scheme);
     } catch (URISyntaxException ignore) {
       // bad URI found, just ignore and continue
     }
diff --git a/api/src/test/java/io/grpc/ManagedChannelRegistryTest.java b/api/src/test/java/io/grpc/ManagedChannelRegistryTest.java
index 30de2477d77..2479e339791 100644
--- a/api/src/test/java/io/grpc/ManagedChannelRegistryTest.java
+++ b/api/src/test/java/io/grpc/ManagedChannelRegistryTest.java
@@ -20,17 +20,23 @@
 import static org.junit.Assert.fail;
 
 import com.google.common.collect.ImmutableSet;
+import io.grpc.FlagResetRule;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 
 /** Unit tests for {@link ManagedChannelRegistry}. */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class ManagedChannelRegistryTest {
   private String target = "testing123";
   private ChannelCredentials creds = new ChannelCredentials() {
@@ -40,6 +46,20 @@ public ChannelCredentials withoutBearerTokens() {
     }
   };
 
+  @Rule public final FlagResetRule flagResetRule = new FlagResetRule();
+
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
+  @Before
+  public void setUp() {
+    flagResetRule.setFlagForTest(FeatureFlags::setRfc3986UrisEnabled, enableRfc3986UrisParam);
+  }
+
   @Test
   public void register_unavailableProviderThrows() {
     ManagedChannelRegistry reg = new ManagedChannelRegistry();

From 61d54925caab7e3c66ed35a7fae3f72858d7d7da Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Thu, 12 Feb 2026 10:51:01 +0530
Subject: [PATCH 537/591] xds: add protos for composite filter (#12653)

Adds support for

- xds/third_party/envoy/src/main/proto/envoy/extensions/common/matching/v3/extension_matcher.proto
- xds/third_party/envoy/src/main/proto/envoy/config/common/matcher/v3/matcher.proto
- xds/third_party/envoy/src/main/proto/envoy/config/core/v3/cel.proto
- xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/composite/v3/composite.proto
---
 xds/third_party/envoy/import.sh               |   6 +-
 .../envoy/config/accesslog/v3/accesslog.proto |   3 +
 .../envoy/config/bootstrap/v3/bootstrap.proto | 187 ++++----
 .../envoy/config/cluster/v3/cluster.proto     |  41 +-
 .../config/common/matcher/v3/matcher.proto    | 239 +++++++++++
 .../proto/envoy/config/core/v3/address.proto  |   8 +-
 .../main/proto/envoy/config/core/v3/cel.proto |  63 +++
 .../envoy/config/core/v3/grpc_service.proto   |  32 +-
 .../proto/envoy/config/core/v3/protocol.proto | 247 +++++++----
 .../envoy/config/core/v3/proxy_protocol.proto |  28 +-
 .../envoy/config/listener/v3/listener.proto   |  26 +-
 .../listener/v3/listener_components.proto     |   8 +-
 .../config/listener/v3/quic_config.proto      |   8 +-
 .../proto/envoy/config/metrics/v3/stats.proto |   5 -
 .../proto/envoy/config/rbac/v3/rbac.proto     |   8 +
 .../proto/envoy/config/route/v3/route.proto   |  13 +-
 .../config/route/v3/route_components.proto    | 399 +++++++++++++++---
 .../proto/envoy/config/trace/v3/zipkin.proto  |  24 +-
 .../matching/v3/extension_matcher.proto       |  42 ++
 .../filters/http/composite/v3/composite.proto | 106 +++++
 .../filters/http/ext_authz/v3/ext_authz.proto | 167 +++++---
 .../filters/http/rbac/v3/rbac.proto           |   7 +-
 .../filters/http/router/v3/router.proto       |   8 +-
 .../v3/http_connection_manager.proto          |  86 +++-
 .../v3/client_side_weighted_round_robin.proto |   8 +-
 .../wrr_locality/v3/wrr_locality.proto        |   2 +-
 .../transport_sockets/tls/v3/tls.proto        |   1 +
 .../envoy/service/auth/v3/external_auth.proto |  13 +
 .../envoy/type/tracing/v3/custom_tag.proto    |   9 +-
 29 files changed, 1470 insertions(+), 324 deletions(-)
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/config/common/matcher/v3/matcher.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/config/core/v3/cel.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/common/matching/v3/extension_matcher.proto
 create mode 100644 xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/composite/v3/composite.proto

diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh
index 0ad90f7baf0..74b8af750ab 100755
--- a/xds/third_party/envoy/import.sh
+++ b/xds/third_party/envoy/import.sh
@@ -17,7 +17,7 @@
 
 set -e
 # import VERSION from the google internal go/envoy-import-status
-VERSION=b6df993feef0340391e6dbf6ad957ab42884ad05
+VERSION=a0b3df32ba54c92a08d3636a9a36013cb920e471
 DOWNLOAD_URL="https://github.com/envoyproxy/envoy/archive/${VERSION}.tar.gz"
 DOWNLOAD_BASE_DIR="envoy-${VERSION}"
 SOURCE_PROTO_BASE_DIR="${DOWNLOAD_BASE_DIR}/api"
@@ -37,6 +37,7 @@ envoy/config/common/mutation_rules/v3/mutation_rules.proto
 envoy/config/core/v3/address.proto
 envoy/config/core/v3/backoff.proto
 envoy/config/core/v3/base.proto
+envoy/config/core/v3/cel.proto
 envoy/config/core/v3/config_source.proto
 envoy/config/core/v3/event_service_config.proto
 envoy/config/core/v3/extension.proto
@@ -76,7 +77,9 @@ envoy/data/accesslog/v3/accesslog.proto
 envoy/extensions/clusters/aggregate/v3/cluster.proto
 envoy/extensions/filters/common/fault/v3/fault.proto
 envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+envoy/extensions/common/matching/v3/extension_matcher.proto
 envoy/extensions/filters/http/fault/v3/fault.proto
+envoy/extensions/filters/http/composite/v3/composite.proto
 envoy/extensions/filters/http/rate_limit_quota/v3/rate_limit_quota.proto
 envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
 envoy/extensions/filters/http/rbac/v3/rbac.proto
@@ -113,6 +116,7 @@ envoy/type/matcher/v3/filter_state.proto
 envoy/type/matcher/v3/http_inputs.proto
 envoy/type/matcher/v3/metadata.proto
 envoy/type/matcher/v3/node.proto
+envoy/config/common/matcher/v3/matcher.proto
 envoy/type/matcher/v3/number.proto
 envoy/type/matcher/v3/path.proto
 envoy/type/matcher/v3/regex.proto
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto
index 6753ab6ab52..f273f2e695f 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto
@@ -108,6 +108,9 @@ message ComparisonFilter {
 
     // <=
     LE = 2;
+
+    // !=
+    NE = 3;
   }
 
   // Comparison operator.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
index 28b1eba6680..7b862c1021a 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
@@ -16,6 +16,7 @@ import "envoy/config/metrics/v3/stats.proto";
 import "envoy/config/overload/v3/overload.proto";
 import "envoy/config/trace/v3/http_tracer.proto";
 import "envoy/extensions/transport_sockets/tls/v3/secret.proto";
+import "envoy/type/matcher/v3/string.proto";
 import "envoy/type/v3/percent.proto";
 
 import "google/protobuf/duration.proto";
@@ -76,7 +77,7 @@ message Bootstrap {
     // :ref:`LDS <arch_overview_dynamic_config_lds>` configuration source.
     core.v3.ConfigSource lds_config = 1;
 
-    // xdstp:// resource locator for listener collection.
+    // ``xdstp://`` resource locator for listener collection.
     // [#not-implemented-hide:]
     string lds_resources_locator = 5;
 
@@ -85,7 +86,7 @@ message Bootstrap {
     // configuration source.
     core.v3.ConfigSource cds_config = 2;
 
-    // xdstp:// resource locator for cluster collection.
+    // ``xdstp://`` resource locator for cluster collection.
     // [#not-implemented-hide:]
     string cds_resources_locator = 6;
 
@@ -126,17 +127,19 @@ message Bootstrap {
     // When the flag is enabled, Envoy will lazily initialize a subset of the stats (see below).
     // This will save memory and CPU cycles when creating the objects that own these stats, if those
     // stats are never referenced throughout the lifetime of the process. However, it will incur additional
-    // memory overhead for these objects, and a small increase of CPU usage when a at least one of the stats
+    // memory overhead for these objects, and a small increase of CPU usage when at least one of the stats
     // is updated for the first time.
+    //
     // Groups of stats that will be lazily initialized:
+    //
     // - Cluster traffic stats: a subgroup of the :ref:`cluster statistics <config_cluster_manager_cluster_stats>`
-    // that are used when requests are routed to the cluster.
+    //   that are used when requests are routed to the cluster.
     bool enable_deferred_creation_stats = 1;
   }
 
   message GrpcAsyncClientManagerConfig {
     // Optional field to set the expiration time for the cached gRPC client object.
-    // The minimal value is 5s and the default is 50s.
+    // The minimal value is ``5s`` and the default is ``50s``.
     google.protobuf.Duration max_cached_entry_idle_duration = 1
         [(validate.rules).duration = {gte {seconds: 5}}];
   }
@@ -151,25 +154,25 @@ message Bootstrap {
 
   // A list of :ref:`Node <envoy_v3_api_msg_config.core.v3.Node>` field names
   // that will be included in the context parameters of the effective
-  // xdstp:// URL that is sent in a discovery request when resource
+  // ``xdstp://`` URL that is sent in a discovery request when resource
   // locators are used for LDS/CDS. Any non-string field will have its JSON
   // encoding set as the context parameter value, with the exception of
   // metadata, which will be flattened (see example below). The supported field
   // names are:
-  // - "cluster"
-  // - "id"
-  // - "locality.region"
-  // - "locality.sub_zone"
-  // - "locality.zone"
-  // - "metadata"
-  // - "user_agent_build_version.metadata"
-  // - "user_agent_build_version.version"
-  // - "user_agent_name"
-  // - "user_agent_version"
+  // - ``cluster``
+  // - ``id``
+  // - ``locality.region``
+  // - ``locality.sub_zone``
+  // - ``locality.zone``
+  // - ``metadata``
+  // - ``user_agent_build_version.metadata``
+  // - ``user_agent_build_version.version``
+  // - ``user_agent_name``
+  // - ``user_agent_version``
   //
   // The node context parameters act as a base layer dictionary for the context
   // parameters (i.e. more specific resource specific context parameters will
-  // override). Field names will be prefixed with “udpa.node.” when included in
+  // override). Field names will be prefixed with ````"udpa.node."```` when included in
   // context parameters.
   //
   // For example, if node_context_params is ``["user_agent_name", "metadata"]``,
@@ -211,10 +214,10 @@ message Bootstrap {
 
   // Optional duration between flushes to configured stats sinks. For
   // performance reasons Envoy latches counters and only flushes counters and
-  // gauges at a periodic interval. If not specified the default is 5000ms (5
-  // seconds). Only one of ``stats_flush_interval`` or ``stats_flush_on_admin``
+  // gauges at a periodic interval. If not specified the default is ``5000ms`` (``5`` seconds).
+  // Only one of ``stats_flush_interval`` or ``stats_flush_on_admin``
   // can be set.
-  // Duration must be at least 1ms and at most 5 min.
+  // Duration must be at least ``1ms`` and at most ``5 min``.
   google.protobuf.Duration stats_flush_interval = 7 [
     (validate.rules).duration = {
       lt {seconds: 300}
@@ -271,23 +274,28 @@ message Bootstrap {
     (udpa.annotations.security).configure_for_untrusted_upstream = true
   ];
 
-  // Enable :ref:`stats for event dispatcher <operations_performance>`, defaults to false.
-  // Note that this records a value for each iteration of the event loop on every thread. This
-  // should normally be minimal overhead, but when using
-  // :ref:`statsd <envoy_v3_api_msg_config.metrics.v3.StatsdSink>`, it will send each observed value
-  // over the wire individually because the statsd protocol doesn't have any way to represent a
-  // histogram summary. Be aware that this can be a very large volume of data.
+  // Enable :ref:`stats for event dispatcher <operations_performance>`. Defaults to ``false``.
+  //
+  // .. note::
+  //
+  //   This records a value for each iteration of the event loop on every thread. This
+  //   should normally be minimal overhead, but when using
+  //   :ref:`statsd <envoy_v3_api_msg_config.metrics.v3.StatsdSink>`, it will send each observed value
+  //   over the wire individually because the statsd protocol doesn't have any way to represent a
+  //   histogram summary. Be aware that this can be a very large volume of data.
   bool enable_dispatcher_stats = 16;
 
-  // Optional string which will be used in lieu of x-envoy in prefixing headers.
+  // Optional string which will be used in lieu of ``x-envoy`` in prefixing headers.
   //
-  // For example, if this string is present and set to X-Foo, then x-envoy-retry-on will be
-  // transformed into x-foo-retry-on etc.
+  // For example, if this string is present and set to ``X-Foo``, then ``x-envoy-retry-on`` will be
+  // transformed into ``x-foo-retry-on`` etc.
+  //
+  // .. note::
   //
-  // Note this applies to the headers Envoy will generate, the headers Envoy will sanitize, and the
-  // headers Envoy will trust for core code and core extensions only. Be VERY careful making
-  // changes to this string, especially in multi-layer Envoy deployments or deployments using
-  // extensions which are not upstream.
+  //   This applies to the headers Envoy will generate, the headers Envoy will sanitize, and the
+  //   headers Envoy will trust for core code and core extensions only. Be VERY careful making
+  //   changes to this string, especially in multi-layer Envoy deployments or deployments using
+  //   extensions which are not upstream.
   string header_prefix = 18;
 
   // Optional proxy version which will be used to set the value of :ref:`server.version statistic
@@ -295,8 +303,8 @@ message Bootstrap {
   // :ref:`stats sinks <envoy_v3_api_msg_config.metrics.v3.StatsSink>`.
   google.protobuf.UInt64Value stats_server_version_override = 19;
 
-  // Always use TCP queries instead of UDP queries for DNS lookups.
-  // This may be overridden on a per-cluster basis in cds_config,
+  // Always use ``TCP`` queries instead of ``UDP`` queries for DNS lookups.
+  // This may be overridden on a per-cluster basis in ``cds_config``,
   // when :ref:`dns_resolvers <envoy_v3_api_field_config.cluster.v3.Cluster.dns_resolvers>` and
   // :ref:`use_tcp_for_dns_lookups <envoy_v3_api_field_config.cluster.v3.Cluster.use_tcp_for_dns_lookups>` are
   // specified.
@@ -305,8 +313,8 @@ message Bootstrap {
   bool use_tcp_for_dns_lookups = 20
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
-  // DNS resolution configuration which includes the underlying dns resolver addresses and options.
-  // This may be overridden on a per-cluster basis in cds_config, when
+  // DNS resolution configuration which includes the underlying DNS resolver addresses and options.
+  // This may be overridden on a per-cluster basis in ``cds_config``, when
   // :ref:`dns_resolution_config <envoy_v3_api_field_config.cluster.v3.Cluster.dns_resolution_config>`
   // is specified.
   // This field is deprecated in favor of
@@ -314,14 +322,15 @@ message Bootstrap {
   core.v3.DnsResolutionConfig dns_resolution_config = 30
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
-  // DNS resolver type configuration extension. This extension can be used to configure c-ares, apple,
+  // DNS resolver type configuration extension. This extension can be used to configure ``c-ares``, ``apple``,
   // or any other DNS resolver types and the related parameters.
   // For example, an object of
   // :ref:`CaresDnsResolverConfig <envoy_v3_api_msg_extensions.network.dns_resolver.cares.v3.CaresDnsResolverConfig>`
   // can be packed into this ``typed_dns_resolver_config``. This configuration replaces the
   // :ref:`dns_resolution_config <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.dns_resolution_config>`
   // configuration.
-  // During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists,
+  //
+  // During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exist,
   // when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``.
   // When ``typed_dns_resolver_config`` is missing, the default behavior is in place.
   // [#extension-category: envoy.network.dns_resolver]
@@ -337,9 +346,10 @@ message Bootstrap {
   repeated FatalAction fatal_actions = 28;
 
   // Configuration sources that will participate in
-  // xdstp:// URL authority resolution. The algorithm is as
+  // ``xdstp://`` URL authority resolution. The algorithm is as
   // follows:
-  // 1. The authority field is taken from the xdstp:// URL, call
+  //
+  // 1. The authority field is taken from the ``xdstp://`` URL, call
   //    this ``resource_authority``.
   // 2. ``resource_authority`` is compared against the authorities in any peer
   //    ``ConfigSource``. The peer ``ConfigSource`` is the configuration source
@@ -355,7 +365,7 @@ message Bootstrap {
   // [#not-implemented-hide:]
   repeated core.v3.ConfigSource config_sources = 22;
 
-  // Default configuration source for xdstp:// URLs if all
+  // Default configuration source for ``xdstp://`` URLs if all
   // other resolution fails.
   // [#not-implemented-hide:]
   core.v3.ConfigSource default_config_source = 23;
@@ -375,28 +385,30 @@ message Bootstrap {
   // allows users to customize the inline headers on-demand at Envoy startup without modifying
   // Envoy's source code.
   //
-  // Note that the 'set-cookie' header cannot be registered as inline header.
+  // .. note::
+  //
+  //   The ``set-cookie`` header cannot be registered as inline header.
   repeated CustomInlineHeader inline_headers = 32;
 
-  // Optional path to a file with performance tracing data created by "Perfetto" SDK in binary
-  // ProtoBuf format. The default value is "envoy.pftrace".
+  // Optional path to a file with performance tracing data created by ``Perfetto`` SDK in binary
+  // ProtoBuf format. The default value is ``envoy.pftrace``.
   string perf_tracing_file_path = 33;
 
   // Optional overriding of default regex engine.
-  // If the value is not specified, Google RE2 will be used by default.
+  // If the value is not specified, ``Google RE2`` will be used by default.
   // [#extension-category: envoy.regex_engines]
   core.v3.TypedExtensionConfig default_regex_engine = 34;
 
   // Optional XdsResourcesDelegate configuration, which allows plugging custom logic into both
   // fetch and load events during xDS processing.
-  // If a value is not specified, no XdsResourcesDelegate will be used.
+  // If a value is not specified, no ``XdsResourcesDelegate`` will be used.
   // TODO(abeyad): Add public-facing documentation.
   // [#not-implemented-hide:]
   core.v3.TypedExtensionConfig xds_delegate_extension = 35;
 
   // Optional XdsConfigTracker configuration, which allows tracking xDS responses in external components,
   // e.g., external tracer or monitor. It provides the process point when receive, ingest, or fail to
-  // process xDS resources and messages. If a value is not specified, no XdsConfigTracker will be used.
+  // process xDS resources and messages. If a value is not specified, no ``XdsConfigTracker`` will be used.
   //
   // .. note::
   //
@@ -408,14 +420,14 @@ message Bootstrap {
 
   // [#not-implemented-hide:]
   // This controls the type of listener manager configured for Envoy. Currently
-  // Envoy only supports ListenerManager for this field and Envoy Mobile
-  // supports ApiListenerManager.
+  // Envoy only supports ``ListenerManager`` for this field and Envoy Mobile
+  // supports ``ApiListenerManager``.
   core.v3.TypedExtensionConfig listener_manager = 37;
 
   // Optional application log configuration.
   ApplicationLogConfig application_log_config = 38;
 
-  // Optional gRPC async manager config.
+  // Optional gRPC async client manager config.
   GrpcAsyncClientManagerConfig grpc_async_client_manager_config = 40;
 
   // Optional configuration for memory allocation manager.
@@ -425,7 +437,7 @@ message Bootstrap {
 
 // Administration interface :ref:`operations documentation
 // <operations_admin_interface>`.
-// [#next-free-field: 7]
+// [#next-free-field: 8]
 message Admin {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Admin";
 
@@ -434,14 +446,14 @@ message Admin {
   repeated accesslog.v3.AccessLog access_log = 5;
 
   // The path to write the access log for the administration server. If no
-  // access log is desired specify ‘/dev/null’. This is only required if
+  // access log is desired specify ``/dev/null``. This is only required if
   // :ref:`address <envoy_v3_api_field_config.bootstrap.v3.Admin.address>` is set.
   // Deprecated in favor of ``access_log`` which offers more options.
   string access_log_path = 1
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
-  // The cpu profiler output path for the administration server. If no profile
-  // path is specified, the default is ‘/var/log/envoy/envoy.prof’.
+  // The CPU profiler output path for the administration server. If no profile
+  // path is specified, the default is ``/var/log/envoy/envoy.prof``.
   string profile_path = 2;
 
   // The TCP address that the administration server will listen on.
@@ -455,6 +467,21 @@ message Admin {
   // Indicates whether :ref:`global_downstream_max_connections <config_overload_manager_limiting_connections>`
   // should apply to the admin interface or not.
   bool ignore_global_conn_limit = 6;
+
+  // List of admin paths that are accessible. If not specified, all admin endpoints are accessible.
+  //
+  // When specified, only paths in this list will be accessible, all others will return ``HTTP 403 Forbidden``.
+  //
+  // Example:
+  //
+  // .. code-block:: yaml
+  //
+  //   allow_paths:
+  //   - exact: /stats
+  //   - exact: /ready
+  //   - prefix: /healthcheck
+  //
+  repeated type.matcher.v3.StringMatcher allow_paths = 7;
 }
 
 // Cluster manager :ref:`architecture overview <arch_overview_cluster_manager>`.
@@ -491,7 +518,7 @@ message ClusterManager {
   OutlierDetection outlier_detection = 2;
 
   // Optional configuration used to bind newly established upstream connections.
-  // This may be overridden on a per-cluster basis by upstream_bind_config in the cds_config.
+  // This may be overridden on a per-cluster basis by ``upstream_bind_config`` in the ``cds_config``.
   core.v3.BindConfig upstream_bind_config = 3;
 
   // A management server endpoint to stream load stats to via
@@ -502,7 +529,7 @@ message ClusterManager {
 
   // Whether the ClusterManager will create clusters on the worker threads
   // inline during requests. This will save memory and CPU cycles in cases where
-  // there are lots of inactive clusters and > 1 worker thread.
+  // there are lots of inactive clusters and ``> 1`` worker thread.
   bool enable_deferred_cluster_creation = 5;
 }
 
@@ -525,12 +552,12 @@ message Watchdog {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Watchdog";
 
   message WatchdogAction {
-    // The events are fired in this order: KILL, MULTIKILL, MEGAMISS, MISS.
+    // The events are fired in this order: ``KILL``, ``MULTIKILL``, ``MEGAMISS``, ``MISS``.
     // Within an event type, actions execute in the order they are configured.
-    // For KILL/MULTIKILL there is a default PANIC that will run after the
+    // For ``KILL``/``MULTIKILL`` there is a default ``PANIC`` that will run after the
     // registered actions and kills the process if it wasn't already killed.
     // It might be useful to specify several debug actions, and possibly an
-    // alternate FATAL action.
+    // alternate ``FATAL`` action.
     enum WatchdogEvent {
       UNKNOWN = 0;
       KILL = 1;
@@ -545,46 +572,48 @@ message Watchdog {
     WatchdogEvent event = 2 [(validate.rules).enum = {defined_only: true}];
   }
 
-  // Register actions that will fire on given WatchDog events.
-  // See ``WatchDogAction`` for priority of events.
+  // Register actions that will fire on given Watchdog events.
+  // See ``WatchdogAction`` for priority of events.
   repeated WatchdogAction actions = 7;
 
   // The duration after which Envoy counts a nonresponsive thread in the
-  // ``watchdog_miss`` statistic. If not specified the default is 200ms.
+  // ``watchdog_miss`` statistic. If not specified the default is ``200ms``.
   google.protobuf.Duration miss_timeout = 1;
 
   // The duration after which Envoy counts a nonresponsive thread in the
-  // ``watchdog_mega_miss`` statistic. If not specified the default is
-  // 1000ms.
+  // ``watchdog_mega_miss`` statistic. If not specified the default is ``1000ms``.
   google.protobuf.Duration megamiss_timeout = 2;
 
   // If a watched thread has been nonresponsive for this duration, assume a
-  // programming error and kill the entire Envoy process. Set to 0 to disable
-  // kill behavior. If not specified the default is 0 (disabled).
+  // programming error and kill the entire Envoy process. Set to ``0`` to disable
+  // kill behavior. If not specified the default is ``0`` (disabled).
   google.protobuf.Duration kill_timeout = 3;
 
   // Defines the maximum jitter used to adjust the ``kill_timeout`` if ``kill_timeout`` is
   // enabled. Enabling this feature would help to reduce risk of synchronized
-  // watchdog kill events across proxies due to external triggers. Set to 0 to
-  // disable. If not specified the default is 0 (disabled).
+  // watchdog kill events across proxies due to external triggers. Set to ``0`` to
+  // disable. If not specified the default is ``0`` (disabled).
   google.protobuf.Duration max_kill_timeout_jitter = 6 [(validate.rules).duration = {gte {}}];
 
-  // If ``max(2, ceil(registered_threads * Fraction(*multikill_threshold*)))``
+  // If ``max(2, ceil(registered_threads * Fraction(multikill_threshold)))``
   // threads have been nonresponsive for at least this duration kill the entire
-  // Envoy process. Set to 0 to disable this behavior. If not specified the
-  // default is 0 (disabled).
+  // Envoy process. Set to ``0`` to disable this behavior. If not specified the
+  // default is ``0`` (disabled).
   google.protobuf.Duration multikill_timeout = 4;
 
   // Sets the threshold for ``multikill_timeout`` in terms of the percentage of
   // nonresponsive threads required for the ``multikill_timeout``.
-  // If not specified the default is 0.
+  // If not specified the default is ``0``.
   type.v3.Percent multikill_threshold = 5;
 }
 
 // Fatal actions to run while crashing. Actions can be safe (meaning they are
 // async-signal safe) or unsafe. We run all safe actions before we run unsafe actions.
-// If using an unsafe action that could get stuck or deadlock, it important to
-// have an out of band system to terminate the process.
+//
+// .. note::
+//
+//   If using an unsafe action that could get stuck or deadlock, it is important to
+//   have an out of band system to terminate the process.
 //
 // The interface for the extension is ``Envoy::Server::Configuration::FatalAction``.
 // ``FatalAction`` extensions live in the ``envoy.extensions.fatal_actions`` API
@@ -667,7 +696,7 @@ message RuntimeLayer {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.config.bootstrap.v2.RuntimeLayer.RtdsLayer";
 
-    // Resource to subscribe to at ``rtds_config`` for the RTDS layer.
+    // Resource to subscribe to at the ``rtds_config`` for the RTDS layer.
     string name = 1;
 
     // RTDS configuration source.
@@ -708,11 +737,11 @@ message LayeredRuntime {
 // Used to specify the header that needs to be registered as an inline header.
 //
 // If request or response contain multiple headers with the same name and the header
-// name is registered as an inline header. Then multiple headers will be folded
+// name is registered as an inline header, then multiple headers will be folded
 // into one, and multiple header values will be concatenated by a suitable delimiter.
 // The delimiter is generally a comma.
 //
-// For example, if 'foo' is registered as an inline header, and the headers contains
+// For example, if ``foo`` is registered as an inline header, and the headers contain
 // the following two headers:
 //
 // .. code-block:: text
@@ -752,6 +781,6 @@ message MemoryAllocatorManager {
 
   // Interval in milliseconds for memory releasing. If specified, during every
   // interval Envoy will try to release ``bytes_to_release`` of free memory back to operating system for reuse.
-  // Defaults to 1000 milliseconds.
+  // Defaults to ``1000`` milliseconds.
   google.protobuf.Duration memory_release_interval = 2;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
index c5112458a71..192409096af 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto
@@ -22,6 +22,7 @@ import "google/protobuf/struct.proto";
 import "google/protobuf/wrappers.proto";
 
 import "xds/core/v3/collection_entry.proto";
+import "xds/type/matcher/v3/matcher.proto";
 
 import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
@@ -45,7 +46,7 @@ message ClusterCollection {
 }
 
 // Configuration for a single upstream cluster.
-// [#next-free-field: 59]
+// [#next-free-field: 60]
 message Cluster {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster";
 
@@ -747,6 +748,9 @@ message Cluster {
     // If both this and preconnect_ratio are set, Envoy will make sure both predicted needs are met,
     // basically preconnecting max(predictive-preconnect, per-upstream-preconnect), for each
     // upstream.
+    //
+    // This is limited somewhat arbitrarily to 3 because preconnecting too aggressively can
+    // harm latency more than the preconnecting helps.
     google.protobuf.DoubleValue predictive_preconnect_ratio = 2
         [(validate.rules).double = {lte: 3.0 gte: 1.0}];
   }
@@ -809,6 +813,41 @@ message Cluster {
   // [#comment:TODO(incfly): add a detailed architecture doc on intended usage.]
   repeated TransportSocketMatch transport_socket_matches = 43;
 
+  // Optional matcher that selects a transport socket from
+  // :ref:`transport_socket_matches <envoy_v3_api_field_config.cluster.v3.Cluster.transport_socket_matches>`.
+  //
+  // This matcher uses the generic xDS matcher framework to select a named transport socket
+  // based on various inputs available at transport socket selection time.
+  //
+  // Supported matching inputs:
+  //
+  // * ``endpoint_metadata``: Extract values from the selected endpoint's metadata.
+  // * ``locality_metadata``: Extract values from the endpoint's locality metadata.
+  // * ``transport_socket_filter_state``: Extract values from filter state that was explicitly shared from
+  //   downstream to upstream via ``TransportSocketOptions``. This enables flexible
+  //   downstream-connection-based matching, such as:
+  //
+  //   - Network namespace matching.
+  //   - Custom connection attributes.
+  //   - Any data explicitly passed via filter state.
+  //
+  // .. note::
+  //   Filter state sharing follows the same pattern as tunneling in Envoy. Filters must explicitly
+  //   share data by setting filter state with the appropriate sharing mode. The filter state is
+  //   then accessible via the ``transport_socket_filter_state`` input during transport socket selection.
+  //
+  // If this field is set, it takes precedence over legacy metadata-based selection
+  // performed by :ref:`transport_socket_matches
+  // <envoy_v3_api_field_config.cluster.v3.Cluster.transport_socket_matches>` alone.
+  // If the matcher does not yield a match, Envoy uses the default transport socket
+  // configured for the cluster.
+  //
+  // When using this field, each entry in
+  // :ref:`transport_socket_matches <envoy_v3_api_field_config.cluster.v3.Cluster.transport_socket_matches>`
+  // must have a unique ``name``. The matcher outcome is expected to reference one of
+  // these names.
+  xds.type.matcher.v3.Matcher transport_socket_matcher = 59;
+
   // Supplies the name of the cluster which must be unique across all clusters.
   // The cluster name is used when emitting
   // :ref:`statistics <config_cluster_manager_cluster_stats>` if :ref:`alt_stat_name
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/common/matcher/v3/matcher.proto b/xds/third_party/envoy/src/main/proto/envoy/config/common/matcher/v3/matcher.proto
new file mode 100644
index 00000000000..9b189d1aa77
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/common/matcher/v3/matcher.proto
@@ -0,0 +1,239 @@
+syntax = "proto3";
+
+package envoy.config.common.matcher.v3;
+
+import "envoy/config/core/v3/extension.proto";
+import "envoy/config/route/v3/route_components.proto";
+import "envoy/type/matcher/v3/string.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.config.common.matcher.v3";
+option java_outer_classname = "MatcherProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/common/matcher/v3;matcherv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Unified Matcher API]
+
+// A matcher, which may traverse a matching tree in order to result in a match action.
+// During matching, the tree will be traversed until a match is found, or if no match
+// is found the action specified by the most specific on_no_match will be evaluated.
+// As an on_no_match might result in another matching tree being evaluated, this process
+// might repeat several times until the final OnMatch (or no match) is decided.
+//
+// .. note::
+//   Please use the syntactically equivalent :ref:`matching API <envoy_v3_api_msg_.xds.type.matcher.v3.Matcher>`
+message Matcher {
+  // What to do if a match is successful.
+  message OnMatch {
+    oneof on_match {
+      option (validate.required) = true;
+
+      // Nested matcher to evaluate.
+      // If the nested matcher does not match and does not specify
+      // on_no_match, then this matcher is considered not to have
+      // matched, even if a predicate at this level or above returned
+      // true.
+      Matcher matcher = 1;
+
+      // Protocol-specific action to take.
+      core.v3.TypedExtensionConfig action = 2;
+    }
+
+    // If true, the action will be taken but the caller will behave as if no
+    // match was found. This applies both to actions directly encoded in the
+    // action field and to actions returned from a nested matcher tree in the
+    // matcher field. A subsequent matcher on_no_match action will be used
+    // instead.
+    //
+    // This field is not supported in all contexts in which the matcher API is
+    // used. If this field is set in a context in which it's not supported,
+    // the resource will be rejected.
+    bool keep_matching = 3;
+  }
+
+  // A linear list of field matchers.
+  // The field matchers are evaluated in order, and the first match
+  // wins.
+  message MatcherList {
+    // Predicate to determine if a match is successful.
+    message Predicate {
+      // Predicate for a single input field.
+      message SinglePredicate {
+        // Protocol-specific specification of input field to match on.
+        // [#extension-category: envoy.matching.common_inputs]
+        core.v3.TypedExtensionConfig input = 1 [(validate.rules).message = {required: true}];
+
+        oneof matcher {
+          option (validate.required) = true;
+
+          // Built-in string matcher.
+          type.matcher.v3.StringMatcher value_match = 2;
+
+          // Extension for custom matching logic.
+          // [#extension-category: envoy.matching.input_matchers]
+          core.v3.TypedExtensionConfig custom_match = 3;
+        }
+      }
+
+      // A list of two or more matchers. Used to allow using a list within a oneof.
+      message PredicateList {
+        repeated Predicate predicate = 1 [(validate.rules).repeated = {min_items: 2}];
+      }
+
+      oneof match_type {
+        option (validate.required) = true;
+
+        // A single predicate to evaluate.
+        SinglePredicate single_predicate = 1;
+
+        // A list of predicates to be OR-ed together.
+        PredicateList or_matcher = 2;
+
+        // A list of predicates to be AND-ed together.
+        PredicateList and_matcher = 3;
+
+        // The inverse of a predicate
+        Predicate not_matcher = 4;
+      }
+    }
+
+    // An individual matcher.
+    message FieldMatcher {
+      // Determines if the match succeeds.
+      Predicate predicate = 1 [(validate.rules).message = {required: true}];
+
+      // What to do if the match succeeds.
+      OnMatch on_match = 2 [(validate.rules).message = {required: true}];
+    }
+
+    // A list of matchers. First match wins.
+    repeated FieldMatcher matchers = 1 [(validate.rules).repeated = {min_items: 1}];
+  }
+
+  message MatcherTree {
+    // A map of configured matchers. Used to allow using a map within a oneof.
+    message MatchMap {
+      map<string, OnMatch> map = 1 [(validate.rules).map = {min_pairs: 1}];
+    }
+
+    // Protocol-specific specification of input field to match on.
+    core.v3.TypedExtensionConfig input = 1 [(validate.rules).message = {required: true}];
+
+    // Exact or prefix match maps in which to look up the input value.
+    // If the lookup succeeds, the match is considered successful, and
+    // the corresponding OnMatch is used.
+    oneof tree_type {
+      option (validate.required) = true;
+
+      MatchMap exact_match_map = 2;
+
+      // Longest matching prefix wins.
+      MatchMap prefix_match_map = 3;
+
+      // Extension for custom matching logic.
+      core.v3.TypedExtensionConfig custom_match = 4;
+    }
+  }
+
+  oneof matcher_type {
+    option (validate.required) = true;
+
+    // A linear list of matchers to evaluate.
+    MatcherList matcher_list = 1;
+
+    // A match tree to evaluate.
+    MatcherTree matcher_tree = 2;
+  }
+
+  // Optional ``OnMatch`` to use if the matcher failed.
+  // If specified, the ``OnMatch`` is used, and the matcher is considered
+  // to have matched.
+  // If not specified, the matcher is considered not to have matched.
+  OnMatch on_no_match = 3;
+}
+
+// Match configuration. This is a recursive structure which allows complex nested match
+// configurations to be built using various logical operators.
+// [#next-free-field: 11]
+message MatchPredicate {
+  // A set of match configurations used for logical operations.
+  message MatchSet {
+    // The list of rules that make up the set.
+    repeated MatchPredicate rules = 1 [(validate.rules).repeated = {min_items: 2}];
+  }
+
+  oneof rule {
+    option (validate.required) = true;
+
+    // A set that describes a logical OR. If any member of the set matches, the match configuration
+    // matches.
+    MatchSet or_match = 1;
+
+    // A set that describes a logical AND. If all members of the set match, the match configuration
+    // matches.
+    MatchSet and_match = 2;
+
+    // A negation match. The match configuration will match if the negated match condition matches.
+    MatchPredicate not_match = 3;
+
+    // The match configuration will always match.
+    bool any_match = 4 [(validate.rules).bool = {const: true}];
+
+    // HTTP request headers match configuration.
+    HttpHeadersMatch http_request_headers_match = 5;
+
+    // HTTP request trailers match configuration.
+    HttpHeadersMatch http_request_trailers_match = 6;
+
+    // HTTP response headers match configuration.
+    HttpHeadersMatch http_response_headers_match = 7;
+
+    // HTTP response trailers match configuration.
+    HttpHeadersMatch http_response_trailers_match = 8;
+
+    // HTTP request generic body match configuration.
+    HttpGenericBodyMatch http_request_generic_body_match = 9;
+
+    // HTTP response generic body match configuration.
+    HttpGenericBodyMatch http_response_generic_body_match = 10;
+  }
+}
+
+// HTTP headers match configuration.
+message HttpHeadersMatch {
+  // HTTP headers to match.
+  repeated route.v3.HeaderMatcher headers = 1;
+}
+
+// HTTP generic body match configuration.
+// List of text strings and hex strings to be located in HTTP body.
+// All specified strings must be found in the HTTP body for positive match.
+// The search may be limited to specified number of bytes from the body start.
+//
+// .. attention::
+//
+//   Searching for patterns in HTTP body is potentially CPU-intensive. For each specified pattern, HTTP body is scanned byte by byte to find a match.
+//   If multiple patterns are specified, the process is repeated for each pattern. If location of a pattern is known, ``bytes_limit`` should be specified
+//   to scan only part of the HTTP body.
+message HttpGenericBodyMatch {
+  message GenericTextMatch {
+    oneof rule {
+      option (validate.required) = true;
+
+      // Text string to be located in HTTP body.
+      string string_match = 1 [(validate.rules).string = {min_len: 1}];
+
+      // Sequence of bytes to be located in HTTP body.
+      bytes binary_match = 2 [(validate.rules).bytes = {min_len: 1}];
+    }
+  }
+
+  // Limits search to specified number of bytes - default zero (no limit - match entire captured buffer).
+  uint32 bytes_limit = 1;
+
+  // List of patterns to match.
+  repeated GenericTextMatch patterns = 2 [(validate.rules).repeated = {min_items: 1}];
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
index 238494a09c7..17a68269e34 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto
@@ -115,16 +115,18 @@ message TcpKeepalive {
 
   // Maximum number of keepalive probes to send without response before deciding
   // the connection is dead. Default is to use the OS level configuration (unless
-  // overridden, Linux defaults to 9.)
+  // overridden, Linux defaults to 9.) Setting this to ``0`` disables TCP keepalive.
   google.protobuf.UInt32Value keepalive_probes = 1;
 
   // The number of seconds a connection needs to be idle before keep-alive probes
   // start being sent. Default is to use the OS level configuration (unless
-  // overridden, Linux defaults to 7200s (i.e., 2 hours.)
+  // overridden, Linux defaults to 7200s (i.e., 2 hours.) Setting this to ``0`` disables
+  // TCP keepalive.
   google.protobuf.UInt32Value keepalive_time = 2;
 
   // The number of seconds between keep-alive probes. Default is to use the OS
-  // level configuration (unless overridden, Linux defaults to 75s.)
+  // level configuration (unless overridden, Linux defaults to 75s.) Setting this to
+  // ``0`` disables TCP keepalive.
   google.protobuf.UInt32Value keepalive_interval = 3;
 }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/cel.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/cel.proto
new file mode 100644
index 00000000000..940a66d0b10
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/cel.proto
@@ -0,0 +1,63 @@
+syntax = "proto3";
+
+package envoy.config.core.v3;
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.config.core.v3";
+option java_outer_classname = "CelProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: CEL Expression Configuration]
+
+// CEL expression evaluation configuration.
+// These options control the behavior of the Common Expression Language runtime for
+// individual CEL expressions.
+message CelExpressionConfig {
+  // Enable string conversion functions for CEL expressions. When enabled, CEL expressions
+  // can convert values to strings using the ``string()`` function.
+  //
+  // .. attention::
+  //
+  //   This option is disabled by default to avoid unbounded memory allocation.
+  //   CEL evaluation cost is typically bounded by the expression size, but converting
+  //   arbitrary values (e.g., large messages, lists, or maps) to strings may allocate
+  //   memory proportional to input data size, which can be unbounded and lead to
+  //   memory exhaustion.
+  bool enable_string_conversion = 1;
+
+  // Enable string concatenation for CEL expressions. When enabled, CEL expressions
+  // can concatenate strings using the ``+`` operator.
+  //
+  // .. attention::
+  //
+  //   This option is disabled by default to avoid unbounded memory allocation.
+  //   While CEL normally bounds evaluation by expression size, enabling string
+  //   concatenation allows building outputs whose size depends on input data,
+  //   potentially causing large intermediate allocations and memory exhaustion.
+  bool enable_string_concat = 2;
+
+  // Enable string manipulation functions for CEL expressions. When enabled, CEL
+  // expressions can use additional string functions:
+  //
+  // * ``replace(old, new)`` - Replaces all occurrences of ``old`` with ``new``.
+  // * ``split(separator)`` - Splits a string into a list of substrings.
+  // * ``lowerAscii()`` - Converts ASCII characters to lowercase.
+  // * ``upperAscii()`` - Converts ASCII characters to uppercase.
+  //
+  // .. note::
+  //
+  //   Standard CEL string functions like ``contains()``, ``startsWith()``, and
+  //   ``endsWith()`` are always available regardless of this setting.
+  //
+  // .. attention::
+  //
+  //   This option is disabled by default to avoid unbounded memory allocation.
+  //   Although CEL generally bounds evaluation by expression size, functions such as
+  //   ``replace``, ``split``, ``lowerAscii()``, and ``upperAscii()`` can allocate memory
+  //   proportional to input data size. Under adversarial inputs this can lead to
+  //   unbounded allocations and memory exhaustion.
+  bool enable_string_functions = 3;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto
index f8feb2f516f..9c44006b2a9 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto
@@ -45,10 +45,20 @@ message GrpcService {
         [(validate.rules).string =
              {min_len: 0 max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}];
 
-    // Indicates the retry policy for re-establishing the gRPC stream
-    // This field is optional. If max interval is not provided, it will be set to ten times the provided base interval.
-    // Currently only supported for xDS gRPC streams.
-    // If not set, xDS gRPC streams default base interval:500ms, maximum interval:30s will be applied.
+    // Specifies the retry backoff policy for re-establishing long‑lived xDS gRPC streams.
+    //
+    // This field is optional. If ``retry_back_off.max_interval`` is not provided, it will be set to
+    // ten times the configured ``retry_back_off.base_interval``.
+    //
+    // .. note::
+    //
+    //   This field is only honored for management‑plane xDS gRPC streams created from
+    //   :ref:`ApiConfigSource <envoy_v3_api_msg_config.core.v3.ApiConfigSource>` that use
+    //   ``envoy_grpc``. Data‑plane gRPC clients (for example external authorization or external
+    //   processing filters) must use :ref:`GrpcService.retry_policy
+    //   <envoy_v3_api_field_config.core.v3.GrpcService.retry_policy>` instead.
+    //
+    // If not set, xDS gRPC streams default to a base interval of 500ms and a maximum interval of 30s.
     RetryPolicy retry_policy = 3;
 
     // Maximum gRPC message size that is allowed to be received.
@@ -329,7 +339,17 @@ message GrpcService {
   // <config_http_conn_man_headers_custom_request_headers>`.
   repeated HeaderValue initial_metadata = 5;
 
-  // Optional default retry policy for streams toward the service.
-  // If an async stream doesn't have retry policy configured in its stream options, this retry policy is used.
+  // Optional default retry policy for RPCs or streams initiated toward this gRPC service.
+  //
+  // If an async stream does not have a retry policy configured in its per‑stream options, this
+  // policy is used as the default.
+  //
+  // .. note::
+  //
+  //   This field is only applied by Envoy gRPC (``envoy_grpc``) clients. Google gRPC
+  //   (``google_grpc``) clients currently ignore this field.
+  //
+  // If not specified, no default retry policy is applied at the client level and retries only occur
+  // when explicitly configured in per‑stream options.
   RetryPolicy retry_policy = 6;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
index 74fe641fe3a..63e189e689e 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto
@@ -31,10 +31,13 @@ message TcpProtocolOptions {
 }
 
 // Config for keepalive probes in a QUIC connection.
-// Note that QUIC keep-alive probing packets work differently from HTTP/2 keep-alive PINGs in a sense that the probing packet
-// itself doesn't timeout waiting for a probing response. Quic has a shorter idle timeout than TCP, so it doesn't rely on such probing to discover dead connections. If the peer fails to respond, the connection will idle timeout eventually. Thus, they are configured differently from :ref:`connection_keepalive <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.connection_keepalive>`.
+//
+// .. note::
+//
+//   QUIC keep-alive probing packets work differently from HTTP/2 keep-alive PINGs in a sense that the probing packet
+//   itself doesn't timeout waiting for a probing response. QUIC has a shorter idle timeout than TCP, so it doesn't rely on such probing to discover dead connections. If the peer fails to respond, the connection will idle timeout eventually. Thus, they are configured differently from :ref:`connection_keepalive <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.connection_keepalive>`.
 message QuicKeepAliveSettings {
-  // The max interval for a connection to send keep-alive probing packets (with PING or PATH_RESPONSE). The value should be smaller than :ref:`connection idle_timeout <envoy_v3_api_field_config.listener.v3.QuicProtocolOptions.idle_timeout>` to prevent idle timeout while not less than 1s to avoid throttling the connection or flooding the peer with probes.
+  // The max interval for a connection to send keep-alive probing packets (with ``PING`` or ``PATH_RESPONSE``). The value should be smaller than :ref:`connection idle_timeout <envoy_v3_api_field_config.listener.v3.QuicProtocolOptions.idle_timeout>` to prevent idle timeout while not less than ``1s`` to avoid throttling the connection or flooding the peer with probes.
   //
   // If :ref:`initial_interval <envoy_v3_api_field_config.core.v3.QuicKeepAliveSettings.initial_interval>` is absent or zero, a client connection will use this value to start probing.
   //
@@ -54,20 +57,53 @@ message QuicKeepAliveSettings {
 }
 
 // QUIC protocol options which apply to both downstream and upstream connections.
-// [#next-free-field: 10]
+// [#next-free-field: 12]
 message QuicProtocolOptions {
-  // Maximum number of streams that the client can negotiate per connection. 100
+  // Config for QUIC connection migration across network interfaces, i.e. cellular to WIFI, upon
+  // network change events from the platform, i.e. the current network gets
+  // disconnected, or upon the QUIC detecting a bad connection. After migration, the
+  // connection may be on a different network other than the default network
+  // picked by the platform. Both iOS and Android will use a default network to interact with the internet, usually prefer unmetered network (WIFI)
+  // over metered ones (cellular). And users can specify which network to be used as the default. A connection on non-default network is only allowed to
+  // serve new requests for a certain period of time before being drained, and
+  // meanwhile, QUIC will try to migrate to the default network if possible.
+  message ConnectionMigrationSettings {
+    // Config for options to migrate idle connections which aren't serving any requests.
+    message MigrateIdleConnectionSettings {
+      // If idle connections are allowed to be migrated, only migrate the connection
+      // if it hasn't been idle for longer than this idle period. Otherwise, the
+      // connection will be closed instead.
+      // Default to 30s.
+      google.protobuf.Duration max_idle_time_before_migration = 1
+          [(validate.rules).duration = {gte {seconds: 1}}];
+    }
+
+    // Config whether and how to migrate idle connections.
+    // If absent, idle connections will not be migrated but be closed upon
+    // migration signals.
+    MigrateIdleConnectionSettings migrate_idle_connections = 1;
+
+    // After migrating to a non-default network interface, the connection will
+    // only be allowed to stay on that network for up to this period of time before
+    // being drained unless it migrates to the default network or that network
+    // gets picked as the default by the device by then.
+    // Default to 128s.
+    google.protobuf.Duration max_time_on_non_default_network = 2
+        [(validate.rules).duration = {gte {seconds: 1}}];
+  }
+
+  // Maximum number of streams that the client can negotiate per connection. ``100``
   // if not specified.
   google.protobuf.UInt32Value max_concurrent_streams = 1 [(validate.rules).uint32 = {gte: 1}];
 
   // `Initial stream-level flow-control receive window
   // <https://tools.ietf.org/html/draft-ietf-quic-transport-34#section-4.1>`_ size. Valid values range from
-  // 1 to 16777216 (2^24, maximum supported by QUICHE) and defaults to 16777216 (16 * 1024 * 1024).
+  // ``1`` to ``16777216`` (``2^24``, maximum supported by QUICHE) and defaults to ``16777216`` (``16 * 1024 * 1024``).
   //
   // .. note::
   //
-  //   16384 (2^14) is the minimum window size supported in Google QUIC. If configured smaller than it, we will use
-  //   16384 instead. QUICHE IETF Quic implementation supports 1 bytes window. We only support increasing the default
+  //   ``16384`` (``2^14``) is the minimum window size supported in Google QUIC. If configured smaller than it, we will use
+  //   ``16384`` instead. QUICHE IETF QUIC implementation supports ``1`` byte window. We only support increasing the default
   //   window size now, so it's also the minimum.
   //
   // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the
@@ -77,26 +113,26 @@ message QuicProtocolOptions {
       [(validate.rules).uint32 = {lte: 16777216 gte: 1}];
 
   // Similar to ``initial_stream_window_size``, but for connection-level
-  // flow-control. Valid values range from 1 to 25165824 (24MB, maximum supported by QUICHE) and defaults
-  // to 25165824 (24 * 1024 * 1024).
+  // flow-control. Valid values range from ``1`` to ``25165824`` (``24MB``, maximum supported by QUICHE) and defaults
+  // to ``25165824`` (``24 * 1024 * 1024``).
   //
   // .. note::
   //
-  //   16384 (2^14) is the minimum window size supported in Google QUIC. We only support increasing the default
+  //   ``16384`` (``2^14``) is the minimum window size supported in Google QUIC. We only support increasing the default
   //   window size now, so it's also the minimum.
   //
   google.protobuf.UInt32Value initial_connection_window_size = 3
       [(validate.rules).uint32 = {lte: 25165824 gte: 1}];
 
   // The number of timeouts that can occur before port migration is triggered for QUIC clients.
-  // This defaults to 4. If set to 0, port migration will not occur on path degrading.
-  // Timeout here refers to QUIC internal path degrading timeout mechanism, such as PTO.
+  // This defaults to ``4``. If set to ``0``, port migration will not occur on path degrading.
+  // Timeout here refers to QUIC internal path degrading timeout mechanism, such as ``PTO``.
   // This has no effect on server sessions.
   google.protobuf.UInt32Value num_timeouts_to_trigger_port_migration = 4
       [(validate.rules).uint32 = {lte: 5 gte: 0}];
 
-  // Probes the peer at the configured interval to solicit traffic, i.e. ACK or PATH_RESPONSE, from the peer to push back connection idle timeout.
-  // If absent, use the default keepalive behavior of which a client connection sends PINGs every 15s, and a server connection doesn't do anything.
+  // Probes the peer at the configured interval to solicit traffic, i.e. ``ACK`` or ``PATH_RESPONSE``, from the peer to push back connection idle timeout.
+  // If absent, use the default keepalive behavior of which a client connection sends ``PING``s every ``15s``, and a server connection doesn't do anything.
   QuicKeepAliveSettings connection_keepalive = 5;
 
   // A comma-separated list of strings representing QUIC connection options defined in
@@ -108,16 +144,35 @@ message QuicProtocolOptions {
   string client_connection_options = 7;
 
   // The duration that a QUIC connection stays idle before it closes itself. If this field is not present, QUICHE
-  // default 600s will be applied.
+  // default ``600s`` will be applied.
   // For internal corporate network, a long timeout is often fine.
-  // But for client facing network, 30s is usually a good choice.
-  // Do not add an upper bound here. A long idle timeout is useful for maintaining warm connections at non-front-line proxy for low QPS services."
+  // But for client facing network, ``30s`` is usually a good choice.
+  // Do not add an upper bound here. A long idle timeout is useful for maintaining warm connections at non-front-line proxy for low QPS services.
   google.protobuf.Duration idle_network_timeout = 8
       [(validate.rules).duration = {gte {seconds: 1}}];
 
   // Maximum packet length for QUIC connections. It refers to the largest size of a QUIC packet that can be transmitted over the connection.
   // If not specified, one of the `default values in QUICHE <https://github.com/google/quiche/blob/main/quiche/quic/core/quic_constants.h>`_ is used.
   google.protobuf.UInt64Value max_packet_length = 9;
+
+  // A customized UDP socket and a QUIC packet writer using the socket for
+  // client connections. i.e. Mobile uses its own implementation to interact
+  // with platform socket APIs.
+  // If not present, the default platform-independent socket and writer will be used.
+  // [#extension-category: envoy.quic.client_packet_writer]
+  TypedExtensionConfig client_packet_writer = 10;
+
+  // Enable QUIC `connection migration
+  // <https://datatracker.ietf.org/doc/html/rfc9000#name-connection-migration>`
+  // to a different network interface when the current network is degrading or
+  // has become bad.
+  // In order to use a different network interface other than the platform's default one,
+  // a customized :ref:`client_packet_writer <envoy_v3_api_field_config.core.v3.QuicProtocolOptions.client_packet_writer>` needs to be configured to
+  // create UDP sockets on non-default networks.
+  // Only takes effect when runtime key ``envoy.reloadable_features.use_migration_in_quiche`` is true.
+  // If absent, the feature will be disabled.
+  // [#not-implemented-hide:]
+  ConnectionMigrationSettings connection_migration = 11;
 }
 
 message UpstreamHttpProtocolOptions {
@@ -187,9 +242,9 @@ message AlternateProtocolsCacheOptions {
   // not the case.
   string name = 1 [(validate.rules).string = {min_len: 1}];
 
-  // The maximum number of entries that the cache will hold. If not specified defaults to 1024.
+  // The maximum number of entries that the cache will hold. If not specified defaults to ``1024``.
   //
-  // .. note:
+  // .. note::
   //
   //   The implementation is approximate and enforced independently on each worker thread, thus
   //   it is possible for the maximum entries in the cache to go slightly above the configured
@@ -232,14 +287,14 @@ message HttpProtocolOptions {
     // Allow headers with underscores. This is the default behavior.
     ALLOW = 0;
 
-    // Reject client request. HTTP/1 requests are rejected with the 400 status. HTTP/2 requests
-    // end with the stream reset. The "httpN.requests_rejected_with_underscores_in_headers" counter
+    // Reject client request. HTTP/1 requests are rejected with ``HTTP 400`` status. HTTP/2 requests
+    // end with the stream reset. The ``httpN.requests_rejected_with_underscores_in_headers`` counter
     // is incremented for each rejected request.
     REJECT_REQUEST = 1;
 
     // Drop the client header with name containing underscores. The header is dropped before the filter chain is
     // invoked and as such filters will not see dropped headers. The
-    // "httpN.dropped_headers_with_underscores" is incremented for each dropped header.
+    // ``httpN.dropped_headers_with_underscores`` is incremented for each dropped header.
     DROP_HEADER = 2;
   }
 
@@ -249,8 +304,12 @@ message HttpProtocolOptions {
   // downstream connection a drain sequence will occur prior to closing the connection, see
   // :ref:`drain_timeout
   // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.drain_timeout>`.
-  // Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive.
-  // If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0.
+  //
+  // .. note::
+  //
+  //   Request based timeouts mean that HTTP/2 PINGs will not keep the connection alive.
+  //
+  // If not specified, this defaults to ``1 hour``. To disable idle timeouts explicitly set this to ``0``.
   //
   // .. warning::
   //   Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP
@@ -270,19 +329,19 @@ message HttpProtocolOptions {
 
   // The maximum number of headers (request headers if configured on HttpConnectionManager,
   // response headers when configured on a cluster).
-  // If unconfigured, the default maximum number of headers allowed is 100.
+  // If unconfigured, the default maximum number of headers allowed is ``100``.
   // The default value for requests can be overridden by setting runtime key ``envoy.reloadable_features.max_request_headers_count``.
   // The default value for responses can be overridden by setting runtime key ``envoy.reloadable_features.max_response_headers_count``.
-  // Downstream requests that exceed this limit will receive a 431 response for HTTP/1.x and cause a stream
+  // Downstream requests that exceed this limit will receive a ``HTTP 431`` response for HTTP/1.x and cause a stream
   // reset for HTTP/2.
-  // Upstream responses that exceed this limit will result in a 502 response.
+  // Upstream responses that exceed this limit will result in a ``HTTP 502`` response.
   google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}];
 
   // The maximum size of response headers.
-  // If unconfigured, the default is 60 KiB, except for HTTP/1 response headers which have a default
-  // of 80KiB.
+  // If unconfigured, the default is ``60 KiB``, except for HTTP/1 response headers which have a default
+  // of ``80 KiB``.
   // The default value can be overridden by setting runtime key ``envoy.reloadable_features.max_response_headers_size_kb``.
-  // Responses that exceed this limit will result in a 503 response.
+  // Responses that exceed this limit will result in a ``HTTP 503`` response.
   // In Envoy, this setting is only valid when configured on an upstream cluster, not on the
   // :ref:`HTTP Connection Manager
   // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.common_http_protocol_options>`.
@@ -291,8 +350,8 @@ message HttpProtocolOptions {
   //
   //   Currently some protocol codecs impose limits on the maximum size of a single header.
   //
-  //   * HTTP/2 (when using nghttp2) limits a single header to around 100kb.
-  //   * HTTP/3 limits a single header to around 1024kb.
+  //   * HTTP/2 (when using ``nghttp2``) limits a single header to around ``100kb``.
+  //   * HTTP/3 limits a single header to around ``1024kb``.
   //
   google.protobuf.UInt32Value max_response_headers_kb = 7
       [(validate.rules).uint32 = {lte: 8192 gt: 0}];
@@ -302,7 +361,7 @@ message HttpProtocolOptions {
   google.protobuf.Duration max_stream_duration = 4;
 
   // Action to take when a client request with a header name containing underscore characters is received.
-  // If this setting is not specified, the value defaults to ALLOW.
+  // If this setting is not specified, the value defaults to ``ALLOW``.
   //
   // .. note::
   //
@@ -316,7 +375,7 @@ message HttpProtocolOptions {
 
   // Optional maximum requests for both upstream and downstream connections.
   // If not specified, there is no limit.
-  // Setting this parameter to 1 will effectively disable keep alive.
+  // Setting this parameter to ``1`` will effectively disable keep alive.
   // For HTTP/2 and HTTP/3, due to concurrent stream processing, the limit is approximate.
   google.protobuf.UInt32Value max_requests_per_connection = 6;
 }
@@ -341,9 +400,12 @@ message Http1ProtocolOptions {
 
       // Formats the header by proper casing words: the first character and any character following
       // a special character will be capitalized if it's an alpha character. For example,
-      // "content-type" becomes "Content-Type", and "foo$b#$are" becomes "Foo$B#$Are".
-      // Note that while this results in most headers following conventional casing, certain headers
-      // are not covered. For example, the "TE" header will be formatted as "Te".
+      // ``"content-type"`` becomes ``"Content-Type"``, and ``"foo$b#$are"`` becomes ``"Foo$B#$Are"``.
+      //
+      // .. note::
+      //
+      //   While this results in most headers following conventional casing, certain headers
+      //   are not covered. For example, the ``"TE"`` header will be formatted as ``"Te"``.
       ProperCaseWords proper_case_words = 1;
 
       // Configuration for stateful formatter extensions that allow using received headers to
@@ -359,7 +421,7 @@ message Http1ProtocolOptions {
   // ``http_proxy`` environment variable.
   google.protobuf.BoolValue allow_absolute_url = 1;
 
-  // Handle incoming HTTP/1.0 and HTTP 0.9 requests.
+  // Handle incoming HTTP/1.0 and HTTP/0.9 requests.
   // This is off by default, and not fully standards compliant. There is support for pre-HTTP/1.1
   // style connect logic, dechunking, and handling lack of client host iff
   // ``default_host_for_http_10`` is configured.
@@ -378,19 +440,20 @@ message Http1ProtocolOptions {
   //
   // .. attention::
   //
-  //   Note that this only happens when Envoy is chunk encoding which occurs when:
+  //   This only happens when Envoy is chunk encoding which occurs when:
   //   - The request is HTTP/1.1.
-  //   - Is neither a HEAD only request nor a HTTP Upgrade.
-  //   - Not a response to a HEAD request.
-  //   - The content length header is not present.
+  //   - Is neither a ``HEAD`` only request nor a HTTP Upgrade.
+  //   - Not a response to a ``HEAD`` request.
+  //   - The ``Content-Length`` header is not present.
   bool enable_trailers = 5;
 
   // Allows Envoy to process requests/responses with both ``Content-Length`` and ``Transfer-Encoding``
   // headers set. By default such messages are rejected, but if option is enabled - Envoy will
-  // remove Content-Length header and process message.
+  // remove ``Content-Length`` header and process message.
   // See `RFC7230, sec. 3.3.3 <https://tools.ietf.org/html/rfc7230#section-3.3.3>`_ for details.
   //
   // .. attention::
+  //
   //   Enabling this option might lead to request smuggling vulnerability, especially if traffic
   //   is proxied via multiple layers of proxies.
   // [#comment:TODO: This field is ignored when the
@@ -449,9 +512,12 @@ message KeepaliveSettings {
   google.protobuf.Duration interval = 1 [(validate.rules).duration = {gte {nanos: 1000000}}];
 
   // How long to wait for a response to a keepalive PING. If a response is not received within this
-  // time period, the connection will be aborted. Note that in order to prevent the influence of
-  // Head-of-line (HOL) blocking the timeout period is extended when *any* frame is received on
-  // the connection, under the assumption that if a frame is received the connection is healthy.
+  // time period, the connection will be aborted.
+  //
+  // .. note::
+  //
+  //   In order to prevent the influence of Head-of-line (HOL) blocking the timeout period is extended when *any* frame is received on
+  //   the connection, under the assumption that if a frame is received the connection is healthy.
   google.protobuf.Duration timeout = 2 [(validate.rules).duration = {
     required: true
     gte {nanos: 1000000}
@@ -459,7 +525,7 @@ message KeepaliveSettings {
 
   // A random jitter amount as a percentage of interval that will be added to each interval.
   // A value of zero means there will be no jitter.
-  // The default value is 15%.
+  // The default value is ``15%``.
   type.v3.Percent interval_jitter = 3;
 
   // If the connection has been idle for this duration, send a HTTP/2 ping ahead
@@ -473,7 +539,7 @@ message KeepaliveSettings {
       [(validate.rules).duration = {gte {nanos: 1000000}}];
 }
 
-// [#next-free-field: 18]
+// [#next-free-field: 19]
 message Http2ProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.core.Http2ProtocolOptions";
@@ -496,13 +562,13 @@ message Http2ProtocolOptions {
 
   // `Maximum table size <https://httpwg.org/specs/rfc7541.html#rfc.section.4.2>`_
   // (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values
-  // range from 0 to 4294967295 (2^32 - 1) and defaults to 4096. 0 effectively disables header
+  // range from ``0`` to ``4294967295`` (``2^32 - 1``) and defaults to ``4096``. ``0`` effectively disables header
   // compression.
   google.protobuf.UInt32Value hpack_table_size = 1;
 
   // `Maximum concurrent streams <https://httpwg.org/specs/rfc7540.html#rfc.section.5.1.2>`_
-  // allowed for peer on one HTTP/2 connection. Valid values range from 1 to 2147483647 (2^31 - 1)
-  // and defaults to 1024 for safety and should be sufficient for most use cases.
+  // allowed for peer on one HTTP/2 connection. Valid values range from ``1`` to ``2147483647`` (``2^31 - 1``)
+  // and defaults to ``1024`` for safety and should be sufficient for most use cases.
   //
   // For upstream connections, this also limits how many streams Envoy will initiate concurrently
   // on a single connection. If the limit is reached, Envoy may queue requests or establish
@@ -515,13 +581,13 @@ message Http2ProtocolOptions {
       [(validate.rules).uint32 = {lte: 2147483647 gte: 1}];
 
   // `Initial stream-level flow-control window
-  // <https://httpwg.org/specs/rfc7540.html#rfc.section.6.9.2>`_ size. Valid values range from 65535
-  // (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to
-  // 16MiB (16 * 1024 * 1024).
+  // <https://httpwg.org/specs/rfc7540.html#rfc.section.6.9.2>`_ size. Valid values range from ``65535``
+  // (``2^16 - 1``, HTTP/2 default) to ``2147483647`` (``2^31 - 1``, HTTP/2 maximum) and defaults to
+  // ``16MiB`` (``16 * 1024 * 1024``).
   //
   // .. note::
   //
-  //   65535 is the initial window size from HTTP/2 spec. We only support increasing the default window size now,
+  //   ``65535`` is the initial window size from HTTP/2 spec. We only support increasing the default window size now,
   //   so it's also the minimum.
   //
   // This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the
@@ -531,7 +597,7 @@ message Http2ProtocolOptions {
       [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
 
   // Similar to ``initial_stream_window_size``, but for connection-level flow-control
-  // window. The default is 24MiB (24 * 1024 * 1024).
+  // window. The default is ``24MiB`` (``24 * 1024 * 1024``).
   google.protobuf.UInt32Value initial_connection_window_size = 4
       [(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
 
@@ -549,51 +615,51 @@ message Http2ProtocolOptions {
   // Limit the number of pending outbound downstream frames of all types (frames that are waiting to
   // be written into the socket). Exceeding this limit triggers flood mitigation and connection is
   // terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due
-  // to flood mitigation. The default limit is 10000.
+  // to flood mitigation. The default limit is ``10000``.
   google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}];
 
-  // Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM,
+  // Limit the number of pending outbound downstream frames of types ``PING``, ``SETTINGS`` and ``RST_STREAM``,
   // preventing high memory utilization when receiving continuous stream of these frames. Exceeding
   // this limit triggers flood mitigation and connection is terminated. The
   // ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood
-  // mitigation. The default limit is 1000.
+  // mitigation. The default limit is ``1000``.
   google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}];
 
-  // Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an
+  // Limit the number of consecutive inbound frames of types ``HEADERS``, ``CONTINUATION`` and ``DATA`` with an
   // empty payload and no end stream flag. Those frames have no legitimate use and are abusive, but
-  // might be a result of a broken HTTP/2 implementation. The `http2.inbound_empty_frames_flood``
+  // might be a result of a broken HTTP/2 implementation. The ``http2.inbound_empty_frames_flood``
   // stat tracks the number of connections terminated due to flood mitigation.
-  // Setting this to 0 will terminate connection upon receiving first frame with an empty payload
-  // and no end stream flag. The default limit is 1.
+  // Setting this to ``0`` will terminate connection upon receiving first frame with an empty payload
+  // and no end stream flag. The default limit is ``1``.
   google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9;
 
-  // Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number
-  // of PRIORITY frames received over the lifetime of connection exceeds the value calculated
+  // Limit the number of inbound ``PRIORITY`` frames allowed per each opened stream. If the number
+  // of ``PRIORITY`` frames received over the lifetime of connection exceeds the value calculated
   // using this formula::
   //
   //   ``max_inbound_priority_frames_per_stream`` * (1 + ``opened_streams``)
   //
   // the connection is terminated. For downstream connections the ``opened_streams`` is incremented when
   // Envoy receives complete response headers from the upstream server. For upstream connection the
-  // ``opened_streams`` is incremented when Envoy send the HEADERS frame for a new stream. The
+  // ``opened_streams`` is incremented when Envoy sends the ``HEADERS`` frame for a new stream. The
   // ``http2.inbound_priority_frames_flood`` stat tracks
-  // the number of connections terminated due to flood mitigation. The default limit is 100.
+  // the number of connections terminated due to flood mitigation. The default limit is ``100``.
   google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10;
 
-  // Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number
-  // of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated
+  // Limit the number of inbound ``WINDOW_UPDATE`` frames allowed per ``DATA`` frame sent. If the number
+  // of ``WINDOW_UPDATE`` frames received over the lifetime of connection exceeds the value calculated
   // using this formula::
   //
-  //   5 + 2 * (``opened_streams`` +
-  //            ``max_inbound_window_update_frames_per_data_frame_sent`` * ``outbound_data_frames``)
+  //   ``5 + 2 * (opened_streams +
+  //            max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames)``
   //
   // the connection is terminated. For downstream connections the ``opened_streams`` is incremented when
   // Envoy receives complete response headers from the upstream server. For upstream connections the
-  // ``opened_streams`` is incremented when Envoy sends the HEADERS frame for a new stream. The
+  // ``opened_streams`` is incremented when Envoy sends the ``HEADERS`` frame for a new stream. The
   // ``http2.inbound_priority_frames_flood`` stat tracks the number of connections terminated due to
-  // flood mitigation. The default max_inbound_window_update_frames_per_data_frame_sent value is 10.
-  // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control,
-  // but more complex implementations that try to estimate available bandwidth require at least 2.
+  // flood mitigation. The default ``max_inbound_window_update_frames_per_data_frame_sent`` value is ``10``.
+  // Setting this to ``1`` should be enough to support HTTP/2 implementations with basic flow control,
+  // but more complex implementations that try to estimate available bandwidth require at least ``2``.
   google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11
       [(validate.rules).uint32 = {gte: 1}];
 
@@ -631,8 +697,10 @@ message Http2ProtocolOptions {
   // 2. SETTINGS_ENABLE_CONNECT_PROTOCOL (0x8) is only configurable through the named field
   // 'allow_connect'.
   //
-  // Note that custom parameters specified through this field can not also be set in the
-  // corresponding named parameters:
+  // .. note::
+  //
+  //   Custom parameters specified through this field can not also be set in the
+  //   corresponding named parameters:
   //
   // .. code-block:: text
   //
@@ -660,8 +728,14 @@ message Http2ProtocolOptions {
   google.protobuf.BoolValue use_oghttp2_codec = 16
       [(xds.annotations.v3.field_status).work_in_progress = true];
 
-  // Configure the maximum amount of metadata than can be handled per stream. Defaults to 1 MB.
+  // Configure the maximum amount of metadata than can be handled per stream. Defaults to ``1 MB``.
   google.protobuf.UInt64Value max_metadata_size = 17;
+
+  // Controls whether to encode headers using huffman encoding.
+  // This can be useful in cases where the cpu spent encoding the headers isn't
+  // worth the network bandwidth saved e.g. for localhost.
+  // If unset, uses the data plane's default value.
+  google.protobuf.BoolValue enable_huffman_encoding = 18;
 }
 
 // [#not-implemented-hide:]
@@ -690,7 +764,10 @@ message Http3ProtocolOptions {
   // <https://datatracker.ietf.org/doc/html/rfc8441>`_
   // and settings `proposed for HTTP/3
   // <https://datatracker.ietf.org/doc/draft-ietf-httpbis-h3-websockets/>`_
-  // Note that HTTP/3 CONNECT is not yet an RFC.
+  //
+  // .. note::
+  //
+  //   HTTP/3 CONNECT is not yet an RFC.
   bool allow_extended_connect = 5 [(xds.annotations.v3.field_status).work_in_progress = true];
 
   // [#not-implemented-hide:] Hiding until Envoy has full metadata support.
@@ -705,7 +782,7 @@ message Http3ProtocolOptions {
   // Still under implementation. DO NOT USE.
   //
   // Disables QPACK compression related features for HTTP/3 including:
-  // No huffman encoding, zero dynamic table capacity and no cookie crumbing.
+  // No huffman encoding, zero dynamic table capacity and no cookie crumbling.
   // This can be useful for trading off CPU vs bandwidth when an upstream HTTP/3 connection multiplexes multiple downstream connections.
   bool disable_qpack = 7;
 
@@ -718,13 +795,13 @@ message Http3ProtocolOptions {
 message SchemeHeaderTransformation {
   oneof transformation {
     // Overwrite any Scheme header with the contents of this string.
-    // If set, takes precedence over match_upstream.
+    // If set, takes precedence over ``match_upstream``.
     string scheme_to_overwrite = 1 [(validate.rules).string = {in: "http" in: "https"}];
   }
 
   // Set the Scheme header to match the upstream transport protocol. For example, should a
-  // request be sent to the upstream over TLS, the scheme header will be set to "https". Should the
-  // request be sent over plaintext, the scheme header will be set to "http".
-  // If scheme_to_overwrite is set, this field is not used.
+  // request be sent to the upstream over TLS, the scheme header will be set to ``"https"``. Should the
+  // request be sent over plaintext, the scheme header will be set to ``"http"``.
+  // If ``scheme_to_overwrite`` is set, this field is not used.
   bool match_upstream = 2;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto
index 564e76cb1e5..2da5fe5fd4d 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto
@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.config.core.v3;
 
+import "envoy/config/core/v3/substitution_format_string.proto";
+
 import "udpa/annotations/status.proto";
 import "validate/validate.proto";
 
@@ -37,8 +39,27 @@ message TlvEntry {
   // The type of the TLV. Must be a uint8 (0-255) as per the Proxy Protocol v2 specification.
   uint32 type = 1 [(validate.rules).uint32 = {lt: 256}];
 
-  // The value of the TLV. Must be at least one byte long.
-  bytes value = 2 [(validate.rules).bytes = {min_len: 1}];
+  // The static value of the TLV.
+  // Only one of ``value`` or ``format_string`` may be set.
+  bytes value = 2;
+
+  // Uses the :ref:`format string <config_access_log_format_strings>` to dynamically
+  // populate the TLV value from stream information. This allows dynamic values
+  // such as metadata, filter state, or other stream properties to be included in
+  // the TLV.
+  //
+  // For example:
+  //
+  // .. code-block:: yaml
+  //
+  //   type: 0xF0
+  //   format_string:
+  //     text_format_source:
+  //       inline_string: "%DYNAMIC_METADATA(envoy.filters.network:key)%"
+  //
+  // The formatted string will be used directly as the TLV value.
+  // Only one of ``value`` or ``format_string`` may be set.
+  SubstitutionFormatString format_string = 3;
 }
 
 message ProxyProtocolConfig {
@@ -81,6 +102,9 @@ message ProxyProtocolConfig {
   //   at the transport socket level and override them at the host level.
   // - Any TLV defined in the ``pass_through_tlvs`` field will be overridden by either the host-level
   //   or transport socket-level TLV.
+  //
+  // If there are multiple TLVs with the same type, only the TLVs from the highest precedence level
+  // will be used.
   repeated TlvEntry added_tlvs = 3;
 }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto
index ff2f79d1137..54ef2cfed38 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto
@@ -15,7 +15,6 @@ import "envoy/config/listener/v3/udp_listener_config.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
-import "xds/annotations/v3/status.proto";
 import "xds/core/v3/collection_entry.proto";
 import "xds/type/matcher/v3/matcher.proto";
 
@@ -46,6 +45,14 @@ message AdditionalAddress {
   // or an empty list of :ref:`socket_options <envoy_v3_api_field_config.core.v3.SocketOptionsOverride.socket_options>`,
   // it means no socket option will apply.
   core.v3.SocketOptionsOverride socket_options = 2;
+
+  // Configures TCP keepalive settings for the additional address.
+  // If not set, the listener :ref:`tcp_keepalive <envoy_v3_api_field_config.listener.v3.Listener.tcp_keepalive>`
+  // configuration is inherited. You can explicitly disable TCP keepalive for the additional address by setting any keepalive field
+  // (:ref:`keepalive_probes <envoy_v3_api_field_config.core.v3.TcpKeepalive.keepalive_probes>`,
+  // :ref:`keepalive_time <envoy_v3_api_field_config.core.v3.TcpKeepalive.keepalive_time>`, or
+  // :ref:`keepalive_interval <envoy_v3_api_field_config.core.v3.TcpKeepalive.keepalive_interval>`) to ``0``.
+  core.v3.TcpKeepalive tcp_keepalive = 3;
 }
 
 // Listener list collections. Entries are ``Listener`` resources or references.
@@ -54,7 +61,7 @@ message ListenerCollection {
   repeated xds.core.v3.CollectionEntry entries = 1;
 }
 
-// [#next-free-field: 37]
+// [#next-free-field: 38]
 message Listener {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener";
 
@@ -141,6 +148,12 @@ message Listener {
   // that is governed by the bind rules of the OS. E.g., multiple listeners can listen on port 0 on
   // Linux as the actual port will be allocated by the OS.
   // Required unless ``api_listener`` or ``listener_specifier`` is populated.
+  //
+  // When the address contains a network namespace filepath (via
+  // :ref:`network_namespace_filepath <envoy_v3_api_field_config.core.v3.SocketAddress.network_namespace_filepath>`),
+  // Envoy automatically populates the filter state with key ``envoy.network.network_namespace``
+  // when a connection is accepted. This provides read-only access to the network namespace for
+  // filters, access logs, and other components.
   core.v3.Address address = 2;
 
   // The additional addresses the listener should listen on. The addresses must be unique across all
@@ -184,8 +197,7 @@ message Listener {
   //  connections bound to the filter chain are not drained. If, however, the
   //  filter chain is removed or structurally modified, then the drain for its
   //  connections is initiated.
-  xds.type.matcher.v3.Matcher filter_chain_matcher = 32
-      [(xds.annotations.v3.field_status).work_in_progress = true];
+  xds.type.matcher.v3.Matcher filter_chain_matcher = 32;
 
   // If a connection is redirected using ``iptables``, the port on which the proxy
   // receives it might be different from the original destination address. When this flag is set to
@@ -416,6 +428,12 @@ message Listener {
 
   // Whether the listener bypasses configured overload manager actions.
   bool bypass_overload_manager = 35;
+
+  // If set, TCP keepalive settings are configured for the listener address and inherited by
+  // additional addresses. If not set, TCP keepalive settings are not configured for the
+  // listener address and additional addresses by default. See :ref:`tcp_keepalive <envoy_v3_api_field_config.listener.v3.AdditionalAddress.tcp_keepalive>`
+  // to explicitly configure TCP keepalive settings for individual additional addresses.
+  core.v3.TcpKeepalive tcp_keepalive = 37;
 }
 
 // A placeholder proto so that users can explicitly configure the standard
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
index cfa30afbb68..16b43568f39 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto
@@ -250,9 +250,11 @@ message FilterChain {
   google.protobuf.Duration transport_socket_connect_timeout = 9;
 
   // The unique name (or empty) by which this filter chain is known.
-  // Note: :ref:`filter_chain_matcher
-  // <envoy_v3_api_field_config.listener.v3.Listener.filter_chain_matcher>`
-  // requires that filter chains are uniquely named within a listener.
+  //
+  // .. note::
+  //     :ref:`filter_chain_matcher
+  //     <envoy_v3_api_field_config.listener.v3.Listener.filter_chain_matcher>`
+  //     requires that filter chains are uniquely named within a listener.
   string name = 7;
 }
 
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto
index 6c0a5bd201f..c208a58f4a4 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto
@@ -25,7 +25,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#protodoc-title: QUIC listener config]
 
 // Configuration specific to the UDP QUIC listener.
-// [#next-free-field: 14]
+// [#next-free-field: 15]
 message QuicProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.listener.QuicProtocolOptions";
@@ -99,4 +99,10 @@ message QuicProtocolOptions {
   // QUIC layer by replying with an empty version negotiation packet to the
   // client.
   bool reject_new_connections = 13;
+
+  // Maximum number of QUIC sessions to create per event loop.
+  // If not specified, the default value is 16.
+  // This is an equivalent of the TCP listener option
+  // max_connections_to_accept_per_socket_event.
+  google.protobuf.UInt32Value max_sessions_per_event_loop = 14 [(validate.rules).uint32 = {gt: 0}];
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto b/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto
index 02bb23aec9d..0fcf36c1c71 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto
@@ -60,11 +60,6 @@ message StatsConfig {
   // <envoy_v3_api_field_config.metrics.v3.StatsConfig.stats_tags>`. They will be processed before
   // the custom tags.
   //
-  // .. note::
-  //
-  //   If any default tags are specified twice, the config will be considered
-  //   invalid.
-  //
   // See :repo:`well_known_names.h <source/common/config/well_known_names.h>` for a list of the
   // default tags in Envoy.
   //
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
index cdb1267a2c9..ef153ad177b 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto
@@ -3,6 +3,7 @@ syntax = "proto3";
 package envoy.config.rbac.v3;
 
 import "envoy/config/core/v3/address.proto";
+import "envoy/config/core/v3/cel.proto";
 import "envoy/config/core/v3/extension.proto";
 import "envoy/config/route/v3/route_components.proto";
 import "envoy/type/matcher/v3/filter_state.proto";
@@ -173,6 +174,7 @@ message RBAC {
 // A policy matches if and only if at least one of its permissions match the
 // action taking place AND at least one of its principals match the downstream
 // AND the condition is true if specified.
+// [#next-free-field: 6]
 message Policy {
   option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Policy";
 
@@ -199,6 +201,12 @@ message Policy {
   // Only be used when condition is not used.
   google.api.expr.v1alpha1.CheckedExpr checked_condition = 4
       [(udpa.annotations.field_migrate).oneof_promotion = "expression_specifier"];
+
+  // CEL expression configuration that modifies the evaluation behavior of the ``condition`` field.
+  // If specified, string conversion, concatenation, and manipulation functions may be enabled
+  // for the CEL expression. See :ref:`CelExpressionConfig <envoy_v3_api_msg_config.core.v3.CelExpressionConfig>`
+  // for more details.
+  core.v3.CelExpressionConfig cel_config = 5;
 }
 
 // SourcedMetadata enables matching against metadata from different sources in the request processing
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto
index c4d507d22b0..5bd909f34c3 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto
@@ -23,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // * Routing :ref:`architecture overview <arch_overview_http_routing>`
 // * HTTP :ref:`router filter <config_http_filters_router>`
 
-// [#next-free-field: 18]
+// [#next-free-field: 19]
 message RouteConfiguration {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.RouteConfiguration";
 
@@ -129,10 +129,17 @@ message RouteConfiguration {
 
   // By default, port in :authority header (if any) is used in host matching.
   // With this option enabled, Envoy will ignore the port number in the :authority header (if any) when picking VirtualHost.
-  // NOTE: this option will not strip the port number (if any) contained in route config
-  // :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`.domains field.
+  //
+  // .. note::
+  //     This option will not strip the port number (if any) contained in route config
+  //     :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`.domains field.
   bool ignore_port_in_host_matching = 14;
 
+  // Normally, virtual host matching is done using the :authority (or
+  // Host: in HTTP < 2) HTTP header. Setting this will instead, use a
+  // different HTTP header for this purpose.
+  string vhost_header = 18;
+
   // Ignore path-parameters in path-matching.
   // Before RFC3986, URI were like(RFC1808): <scheme>://<net_loc>/<path>;<params>?<query>#<fragment>
   // Envoy by default takes ":path" as "<path>;<params>".
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
index 6837ade69d8..4587ef10487 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto
@@ -2,9 +2,11 @@ syntax = "proto3";
 
 package envoy.config.route.v3;
 
+import "envoy/config/common/mutation_rules/v3/mutation_rules.proto";
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/proxy_protocol.proto";
+import "envoy/config/core/v3/substitution_format_string.proto";
 import "envoy/type/matcher/v3/filter_state.proto";
 import "envoy/type/matcher/v3/metadata.proto";
 import "envoy/type/matcher/v3/regex.proto";
@@ -78,7 +80,7 @@ message VirtualHost {
   // .. note::
   //
   //   The wildcard will not match the empty string.
-  //   e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``.
+  //   For example, ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``.
   //   The longest wildcards match first.
   //   Only a single virtual host in the entire route configuration can match on ``*``. A domain
   //   must be unique across all virtual hosts or the config will fail to load.
@@ -155,7 +157,7 @@ message VirtualHost {
   // This field can be used to provide virtual host level per filter config. The key should match the
   // :ref:`filter config name
   // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
-  // See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>`
+  // See :ref:`HTTP filter route-specific config <arch_overview_http_filters_per_filter_config>`
   // for details.
   // [#comment: An entry's value may be wrapped in a
   // :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>`
@@ -166,7 +168,10 @@ message VirtualHost {
   // <config_http_filters_router_x-envoy-attempt-count>` header should be included
   // in the upstream request. Setting this option will cause it to override any existing header
   // value, so in the case of two Envoys on the request path with this option enabled, the upstream
-  // will see the attempt count as perceived by the second Envoy. Defaults to false.
+  // will see the attempt count as perceived by the second Envoy.
+  //
+  // Defaults to ``false``.
+  //
   // This header is unaffected by the
   // :ref:`suppress_envoy_headers
   // <envoy_v3_api_field_extensions.filters.http.router.v3.Router.suppress_envoy_headers>` flag.
@@ -178,7 +183,10 @@ message VirtualHost {
   // <config_http_filters_router_x-envoy-attempt-count>` header should be included
   // in the downstream response. Setting this option will cause the router to override any existing header
   // value, so in the case of two Envoys on the request path with this option enabled, the downstream
-  // will see the attempt count as perceived by the Envoy closest upstream from itself. Defaults to false.
+  // will see the attempt count as perceived by the Envoy closest upstream from itself.
+  //
+  // Defaults to ``false``.
+  //
   // This header is unaffected by the
   // :ref:`suppress_envoy_headers
   // <envoy_v3_api_field_extensions.filters.http.router.v3.Router.suppress_envoy_headers>` flag.
@@ -186,23 +194,23 @@ message VirtualHost {
 
   // Indicates the retry policy for all routes in this virtual host. Note that setting a
   // route level entry will take precedence over this config and it'll be treated
-  // independently (e.g.: values are not inherited).
+  // independently (e.g., values are not inherited).
   RetryPolicy retry_policy = 16;
 
   // [#not-implemented-hide:]
   // Specifies the configuration for retry policy extension. Note that setting a route level entry
-  // will take precedence over this config and it'll be treated independently (e.g.: values are not
+  // will take precedence over this config and it'll be treated independently (e.g., values are not
   // inherited). :ref:`Retry policy <envoy_v3_api_field_config.route.v3.VirtualHost.retry_policy>` should not be
   // set if this field is used.
   google.protobuf.Any retry_policy_typed_config = 20;
 
   // Indicates the hedge policy for all routes in this virtual host. Note that setting a
   // route level entry will take precedence over this config and it'll be treated
-  // independently (e.g.: values are not inherited).
+  // independently (e.g., values are not inherited).
   HedgePolicy hedge_policy = 17;
 
   // Decides whether to include the :ref:`x-envoy-is-timeout-retry <config_http_filters_router_x-envoy-is-timeout-retry>`
-  // request header in retries initiated by per try timeouts.
+  // request header in retries initiated by per-try timeouts.
   bool include_is_timeout_retry_header = 23;
 
   // The maximum bytes which will be buffered for retries and shadowing. If set, the bytes actually buffered will be
@@ -324,7 +332,7 @@ message Route {
   // This field can be used to provide route specific per filter config. The key should match the
   // :ref:`filter config name
   // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
-  // See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>`
+  // See :ref:`HTTP filter route-specific config <arch_overview_http_filters_per_filter_config>`
   // for details.
   // [#comment: An entry's value may be wrapped in a
   // :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>`
@@ -389,7 +397,7 @@ message Route {
   //
   //    We do not recommend setting up a stat prefix for
   //    every application endpoint. This is both not easily maintainable and
-  //    statistics use a non-trivial amount of memory(approximately 1KiB per route).
+  //    statistics use a non-trivial amount of memory (approximately 1KiB per route).
   string stat_prefix = 19;
 
   // The maximum bytes which will be buffered for request bodies to support large request body
@@ -506,7 +514,7 @@ message WeightedCluster {
     // This field can be used to provide weighted cluster specific per filter config. The key should match the
     // :ref:`filter config name
     // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
-    // See :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>`
+    // See :ref:`HTTP filter route-specific config <arch_overview_http_filters_per_filter_config>`
     // for details.
     // [#comment: An entry's value may be wrapped in a
     // :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>`
@@ -571,7 +579,7 @@ message ClusterSpecifierPlugin {
   bool is_optional = 2;
 }
 
-// [#next-free-field: 17]
+// [#next-free-field: 18]
 message RouteMatch {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteMatch";
 
@@ -629,7 +637,7 @@ message RouteMatch {
     //
     // [#next-major-version: In the v3 API we should redo how path specification works such
     // that we utilize StringMatcher, and additionally have consistent options around whether we
-    // strip query strings, do a case sensitive match, etc. In the interim it will be too disruptive
+    // strip query strings, do a case-sensitive match, etc. In the interim it will be too disruptive
     // to deprecate the existing options. We should even consider whether we want to do away with
     // path_specifier entirely and just rely on a set of header matchers which can already match
     // on :path, etc. The issue with that is it is unclear how to generically deal with query string
@@ -661,7 +669,7 @@ message RouteMatch {
     core.v3.TypedExtensionConfig path_match_policy = 15;
   }
 
-  // Indicates that prefix/path matching should be case sensitive. The default
+  // Indicates that prefix/path matching should be case-sensitive. The default
   // is true. Ignored for safe_regex matching.
   google.protobuf.BoolValue case_sensitive = 4;
 
@@ -701,14 +709,19 @@ message RouteMatch {
   //
   //    If query parameters are used to pass request message fields when
   //    `grpc_json_transcoder <https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/grpc_json_transcoder_filter>`_
-  //    is used, the transcoded message fields maybe different. The query parameters are
-  //    url encoded, but the message fields are not. For example, if a query
+  //    is used, the transcoded message fields may be different. The query parameters are
+  //    URL-encoded, but the message fields are not. For example, if a query
   //    parameter is "foo%20bar", the message field will be "foo bar".
   repeated QueryParameterMatcher query_parameters = 7;
 
+  // Specifies a set of cookies on which the route should match. The router parses the ``Cookie``
+  // header and evaluates the named cookie against each matcher. If the number of specified cookie
+  // matchers is nonzero, they all must match for the route to be selected.
+  repeated CookieMatcher cookies = 17;
+
   // If specified, only gRPC requests will be matched. The router will check
-  // that the content-type header has a application/grpc or one of the various
-  // application/grpc+ values.
+  // that the ``Content-Type`` header has ``application/grpc`` or one of the various
+  // ``application/grpc+`` values.
   GrpcRouteMatchOptions grpc = 8;
 
   // If specified, the client tls context will be matched against the defined
@@ -794,11 +807,11 @@ message CorsPolicy {
   google.protobuf.BoolValue allow_private_network_access = 12;
 
   // Specifies if preflight requests not matching the configured allowed origin should be forwarded
-  // to the upstream. Default is true.
+  // to the upstream. Default is ``true``.
   google.protobuf.BoolValue forward_not_matching_preflights = 13;
 }
 
-// [#next-free-field: 43]
+// [#next-free-field: 46]
 message RouteAction {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteAction";
 
@@ -837,8 +850,8 @@ message RouteAction {
   //
   // .. note::
   //
-  //   Shadowing doesn't support Http CONNECT and upgrades.
-  // [#next-free-field: 7]
+  //   Shadowing doesn't support HTTP CONNECT and upgrades.
+  // [#next-free-field: 9]
   message RequestMirrorPolicy {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.api.v2.route.RouteAction.RequestMirrorPolicy";
@@ -888,8 +901,24 @@ message RouteAction {
     // is disabled.
     google.protobuf.BoolValue trace_sampled = 4;
 
-    // Disables appending the ``-shadow`` suffix to the shadowed ``Host`` header. Defaults to ``false``.
+    // Disables appending the ``-shadow`` suffix to the shadowed ``Host`` header.
+    //
+    // Defaults to ``false``.
     bool disable_shadow_host_suffix_append = 6;
+
+    // Specifies a list of header mutations that should be applied to each mirrored request.
+    // Header mutations are applied in the order they are specified. For more information, including
+    // details on header value syntax, see the documentation on :ref:`custom request headers
+    // <config_http_conn_man_headers_custom_request_headers>`.
+    repeated common.mutation_rules.v3.HeaderMutation request_headers_mutations = 7
+        [(validate.rules).repeated = {max_items: 1000}];
+
+    // Indicates that during mirroring, the host header will be swapped with this value.
+    // :ref:`disable_shadow_host_suffix_append
+    // <envoy_v3_api_field_config.route.v3.RouteAction.RequestMirrorPolicy.disable_shadow_host_suffix_append>`
+    // is implicitly enabled if this field is set.
+    string host_rewrite_literal = 8
+        [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
   }
 
   // Specifies the route's hashing policy if the upstream cluster uses a hashing :ref:`load balancer
@@ -1051,13 +1080,15 @@ message RouteAction {
       bool allow_post = 2;
     }
 
-    // The case-insensitive name of this upgrade, e.g. "websocket".
+    // The case-insensitive name of this upgrade, for example, "websocket".
     // For each upgrade type present in upgrade_configs, requests with
     // Upgrade: [upgrade_type] will be proxied upstream.
     string upgrade_type = 1
         [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}];
 
-    // Determines if upgrades are available on this route. Defaults to true.
+    // Determines if upgrades are available on this route.
+    //
+    // Defaults to ``true``.
     google.protobuf.BoolValue enabled = 2;
 
     // Configuration for sending data upstream as a raw data payload. This is used for
@@ -1156,9 +1187,11 @@ message RouteAction {
   // place the original path before rewrite into the :ref:`x-envoy-original-path
   // <config_http_filters_router_x-envoy-original-path>` header.
   //
-  // Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`
+  // Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`,
   // :ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`,
-  // or :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>` may be specified.
+  // :ref:`path_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite>`,
+  // or :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`
+  // may be specified.
   //
   // .. attention::
   //
@@ -1194,8 +1227,9 @@ message RouteAction {
   // <config_http_filters_router_x-envoy-original-path>` header.
   //
   // Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`,
-  // :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`, or
-  // :ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`]
+  // :ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`,
+  // :ref:`path_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite>`,
+  // or :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`
   // may be specified.
   //
   // Examples using Google's `RE2 <https://github.com/google/re2>`_ engine:
@@ -1219,6 +1253,33 @@ message RouteAction {
   // [#extension-category: envoy.path.rewrite]
   core.v3.TypedExtensionConfig path_rewrite_policy = 41;
 
+  // Rewrites the whole path (without query parameters) with the given path value.
+  // The router filter will
+  // place the original path before rewrite into the :ref:`x-envoy-original-path
+  // <config_http_filters_router_x-envoy-original-path>` header.
+  //
+  // Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`,
+  // :ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`,
+  // :ref:`path_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite>`,
+  // or :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`
+  // may be specified.
+  //
+  // The :ref:`substitution format specifier <config_access_log_format>` could be applied here.
+  // For example, with the following config:
+  //
+  //   .. code-block:: yaml
+  //
+  //     path_rewrite: "/new_path_prefix%REQ(custom-path-header-name)%"
+  //
+  // Would rewrite the path to ``/new_path_prefix/some_value`` given the header
+  // ``custom-path-header-name: some_value``. If the header is not present, the path will be
+  // rewritten to ``/new_path_prefix``.
+  //
+  //
+  // If the final output of the path rewrite is empty, then the update will be ignored and the
+  // original path will be preserved.
+  string path_rewrite = 45;
+
   // If one of the host rewrite specifiers is set and the
   // :ref:`suppress_envoy_headers
   // <envoy_v3_api_field_extensions.filters.http.router.v3.Router.suppress_envoy_headers>` flag is not
@@ -1277,6 +1338,25 @@ message RouteAction {
     //
     // Would rewrite the host header to ``envoyproxy.io`` given the path ``/envoyproxy.io/some/path``.
     type.matcher.v3.RegexMatchAndSubstitute host_rewrite_path_regex = 35;
+
+    // Rewrites the host header with the value of this field. The router filter will
+    // place the original host header value before rewriting into the :ref:`x-envoy-original-host
+    // <config_http_filters_router_x-envoy-original-host>` header.
+    //
+    // The :ref:`substitution format specifier <config_access_log_format>` could be applied here.
+    // For example, with the following config:
+    //
+    //   .. code-block:: yaml
+    //
+    //     host_rewrite: "prefix-%REQ(custom-host-header-name)%"
+    //
+    // Would rewrite the host header to ``prefix-some_value`` given the header
+    // ``custom-host-header-name: some_value``. If the header is not present, the host header will
+    // be rewritten to an value of ``prefix-``.
+    //
+    // If the final output of the host rewrite is empty, then the update will be ignored and the
+    // original host header will be preserved.
+    string host_rewrite = 44;
   }
 
   // If set, then a host rewrite action (one of
@@ -1352,13 +1432,13 @@ message RouteAction {
 
   // Indicates that the route has a retry policy. Note that if this is set,
   // it'll take precedence over the virtual host level retry policy entirely
-  // (e.g.: policies are not merged, most internal one becomes the enforced policy).
+  // (e.g., policies are not merged, the most internal one becomes the enforced policy).
   RetryPolicy retry_policy = 9;
 
   // [#not-implemented-hide:]
   // Specifies the configuration for retry policy extension. Note that if this is set, it'll take
-  // precedence over the virtual host level retry policy entirely (e.g.: policies are not merged,
-  // most internal one becomes the enforced policy). :ref:`Retry policy <envoy_v3_api_field_config.route.v3.VirtualHost.retry_policy>`
+  // precedence over the virtual host level retry policy entirely (e.g., policies are not merged,
+  // the most internal one becomes the enforced policy). :ref:`Retry policy <envoy_v3_api_field_config.route.v3.VirtualHost.retry_policy>`
   // should not be set if this field is used.
   google.protobuf.Any retry_policy_typed_config = 33;
 
@@ -1379,7 +1459,9 @@ message RouteAction {
   // :ref:`rate_limits <envoy_v3_api_field_config.route.v3.VirtualHost.rate_limits>` are not applied to the
   // request.
   //
-  // This field is deprecated. Please use :ref:`vh_rate_limits <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimitPerRoute.vh_rate_limits>`
+  // .. attention::
+  //
+  //   This field is deprecated. Please use :ref:`vh_rate_limits <envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimitPerRoute.vh_rate_limits>`
   google.protobuf.BoolValue include_vh_rate_limits = 14
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
@@ -1473,7 +1555,7 @@ message RouteAction {
 
   // Indicates that the route has a hedge policy. Note that if this is set,
   // it'll take precedence over the virtual host level hedge policy entirely
-  // (e.g.: policies are not merged, most internal one becomes the enforced policy).
+  // (e.g., policies are not merged, the most internal one becomes the enforced policy).
   HedgePolicy hedge_policy = 27;
 
   // Specifies the maximum stream duration for this route.
@@ -1607,7 +1689,9 @@ message RetryPolicy {
 
     // Specifies the maximum back off interval that Envoy will allow. If a reset
     // header contains an interval longer than this then it will be discarded and
-    // the next header will be tried. Defaults to 300 seconds.
+    // the next header will be tried.
+    //
+    // Defaults to 300 seconds.
     google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}];
   }
 
@@ -1636,7 +1720,7 @@ message RetryPolicy {
   google.protobuf.Duration per_try_timeout = 3;
 
   // Specifies an upstream idle timeout per retry attempt (including the initial attempt). This
-  // parameter is optional and if absent there is no per try idle timeout. The semantics of the per
+  // parameter is optional and if absent there is no per-try idle timeout. The semantics of the per-
   // try idle timeout are similar to the
   // :ref:`route idle timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>` and
   // :ref:`stream idle timeout
@@ -1711,12 +1795,14 @@ message HedgePolicy {
 
   // Specifies the number of initial requests that should be sent upstream.
   // Must be at least 1.
+  //
   // Defaults to 1.
   // [#not-implemented-hide:]
   google.protobuf.UInt32Value initial_requests = 1 [(validate.rules).uint32 = {gte: 1}];
 
   // Specifies a probability that an additional upstream request should be sent
   // on top of what is specified by initial_requests.
+  //
   // Defaults to 0.
   // [#not-implemented-hide:]
   type.v3.FractionalPercent additional_request_chance = 2;
@@ -1726,14 +1812,16 @@ message HedgePolicy {
   // The first request to complete successfully will be the one returned to the caller.
   //
   // * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client.
-  // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client
+  // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned to the client
   //   if there are no more retries left.
   // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress.
   //
-  // Note: For this to have effect, you must have a :ref:`RetryPolicy <envoy_v3_api_msg_config.route.v3.RetryPolicy>` that retries at least
-  // one error code and specifies a maximum number of retries.
+  // .. note::
+  //
+  //   For this to have effect, you must have a :ref:`RetryPolicy <envoy_v3_api_msg_config.route.v3.RetryPolicy>` that retries at least
+  //   one error code and specifies a maximum number of retries.
   //
-  // Defaults to false.
+  // Defaults to ``false``.
   bool hedge_on_per_try_timeout = 3;
 }
 
@@ -1860,6 +1948,12 @@ message DirectResponseAction {
   //   :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` or
   //   :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`.
   core.v3.DataSource body = 2;
+
+  // Specifies a format string for the response body. If present, the contents of
+  // ``body_format`` will be formatted and used as the response body, where the
+  // contents of ``body`` (may be empty) will be passed as the variable ``%LOCAL_REPLY_BODY%``.
+  // If neither are provided, no body is included in the generated response.
+  core.v3.SubstitutionFormatString body_format = 3;
 }
 
 // [#not-implemented-hide:]
@@ -1879,10 +1973,11 @@ message Decorator {
   //   <config_http_filters_router_x-envoy-decorator-operation>` header.
   string operation = 1 [(validate.rules).string = {min_len: 1}];
 
-  // Whether the decorated details should be propagated to the other party. The default is true.
+  // Whether the decorated details should be propagated to the other party. The default is ``true``.
   google.protobuf.BoolValue propagate = 2;
 }
 
+// [#next-free-field: 7]
 message Tracing {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Tracing";
 
@@ -1918,6 +2013,34 @@ message Tracing {
   // each in the HTTP connection manager and the route level, the one configured here takes
   // priority.
   repeated type.tracing.v3.CustomTag custom_tags = 4;
+
+  // The operation name of the span which will be used for tracing.
+  //
+  // The same :ref:`format specifier <config_access_log_format>` as used for
+  // :ref:`HTTP access logging <config_access_log>` applies here, however
+  // unknown specifier values are replaced with the empty string instead of ``-``.
+  //
+  // This field will take precedence over and make following settings ineffective:
+  //
+  // * :ref:`route decorator <envoy_v3_api_field_config.route.v3.Route.decorator>`.
+  // * :ref:`x-envoy-decorator-operation <config_http_filters_router_x-envoy-decorator-operation>`.
+  // * :ref:`HCM tracing operation
+  //   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.Tracing.operation>`.
+  string operation = 5;
+
+  // The operation name of the upstream span which will be used for tracing.
+  // This only takes effect when ``spawn_upstream_span`` is set to true and the upstream
+  // span is created.
+  //
+  // The same :ref:`format specifier <config_access_log_format>` as used for
+  // :ref:`HTTP access logging <config_access_log>` applies here, however
+  // unknown specifier values are replaced with the empty string instead of ``-``.
+  //
+  // This field will take precedence over and make following settings ineffective:
+  //
+  // * :ref:`HCM tracing upstream operation
+  //   <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.Tracing.upstream_operation>`
+  string upstream_operation = 6;
 }
 
 // A virtual cluster is a way of specifying a regex matching rule against
@@ -2044,7 +2167,7 @@ message RateLimit {
       // the value of the descriptor entry for the descriptor_key.
       string query_parameter_name = 1 [(validate.rules).string = {min_len: 1}];
 
-      // The key to use when creating the rate limit descriptor entry. his descriptor key will be used to identify the
+      // The key to use when creating the rate limit descriptor entry. This descriptor key will be used to identify the
       // rate limit rule in the rate limiting service.
       string descriptor_key = 2 [(validate.rules).string = {min_len: 1}];
 
@@ -2082,14 +2205,18 @@ message RateLimit {
     //   ("masked_remote_address", "<masked address from x-forwarded-for>")
     message MaskedRemoteAddress {
       // Length of prefix mask len for IPv4 (e.g. 0, 32).
+      //
       // Defaults to 32 when unset.
+      //
       // For example, trusted address from x-forwarded-for is ``192.168.1.1``,
       // the descriptor entry is ("masked_remote_address", "192.168.1.1/32");
       // if mask len is 24, the descriptor entry is ("masked_remote_address", "192.168.1.0/24").
       google.protobuf.UInt32Value v4_prefix_mask_len = 1 [(validate.rules).uint32 = {lte: 32}];
 
       // Length of prefix mask len for IPv6 (e.g. 0, 128).
+      //
       // Defaults to 128 when unset.
+      //
       // For example, trusted address from x-forwarded-for is ``2001:abcd:ef01:2345:6789:abcd:ef01:234``,
       // the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345:6789:abcd:ef01:234/128");
       // if mask len is 64, the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345::/64").
@@ -2105,9 +2232,40 @@ message RateLimit {
       option (udpa.annotations.versioning).previous_message_type =
           "envoy.api.v2.route.RateLimit.Action.GenericKey";
 
-      // The value to use in the descriptor entry.
+      // Descriptor value of entry.
+      //
+      // The same :ref:`format specifier <config_access_log_format>` as used for
+      // :ref:`HTTP access logging <config_access_log>` applies here, however
+      // unknown specifier values are replaced with the empty string instead of ``-``.
+      //
+      // .. note::
+      //
+      //   Formatter parsing is controlled by the runtime feature flag
+      //   ``envoy.reloadable_features.enable_formatter_for_ratelimit_action_descriptor_value``
+      //   (disabled by default).
+      //
+      //   When enabled: The format string can contain multiple valid substitution
+      //   fields. If multiple substitution fields are present, their results will be concatenated
+      //   to form the final descriptor value. If it contains no substitution fields, the value
+      //   will be used as is. If the final concatenated result is empty and ``default_value`` is set,
+      //   the ``default_value`` will be used. If ``default_value`` is not set and the result is
+      //   empty, this descriptor will be skipped and not included in the rate limit call.
+      //
+      //   When disabled (default): The descriptor_value is used as a literal string without any formatter
+      //   parsing or substitution.
+      //
+      // For example, ``static_value`` will be used as is since there are no substitution fields.
+      // ``%REQ(:method)%`` will be replaced with the HTTP method, and
+      // ``%REQ(:method)%%REQ(:path)%`` will be replaced with the concatenation of the HTTP method and path.
+      // ``%CEL(request.headers['user-id'])%`` will use CEL to extract the user ID from request headers.
+      //
       string descriptor_value = 1 [(validate.rules).string = {min_len: 1}];
 
+      // An optional value to use if the final concatenated ``descriptor_value`` result is empty.
+      // Only applicable when formatter parsing is enabled by the runtime feature flag
+      // ``envoy.reloadable_features.enable_formatter_for_ratelimit_action_descriptor_value`` (disabled by default).
+      string default_value = 3;
+
       // An optional key to use in the descriptor entry. If not set it defaults
       // to 'generic_key' as the descriptor key.
       string descriptor_key = 2;
@@ -2118,16 +2276,51 @@ message RateLimit {
     // .. code-block:: cpp
     //
     //   ("header_match", "<descriptor_value>")
+    // [#next-free-field: 6]
     message HeaderValueMatch {
       option (udpa.annotations.versioning).previous_message_type =
           "envoy.api.v2.route.RateLimit.Action.HeaderValueMatch";
 
-      // The key to use in the descriptor entry. Defaults to ``header_match``.
-      string descriptor_key = 4;
-
-      // The value to use in the descriptor entry.
+      // Descriptor value of entry.
+      //
+      // The same :ref:`format specifier <config_access_log_format>` as used for
+      // :ref:`HTTP access logging <config_access_log>` applies here, however
+      // unknown specifier values are replaced with the empty string instead of ``-``.
+      //
+      // .. note::
+      //
+      //   Formatter parsing is controlled by the runtime feature flag
+      //   ``envoy.reloadable_features.enable_formatter_for_ratelimit_action_descriptor_value``
+      //   (disabled by default).
+      //
+      //   When enabled: The format string can contain multiple valid substitution
+      //   fields. If multiple substitution fields are present, their results will be concatenated
+      //   to form the final descriptor value. If it contains no substitution fields, the value
+      //   will be used as is. All substitution fields will be evaluated and their results
+      //   concatenated. If the final concatenated result is empty and ``default_value`` is set,
+      //   the ``default_value`` will be used. If ``default_value`` is not set and the result is
+      //   empty, this descriptor will be skipped and not included in the rate limit call.
+      //
+      //   When disabled (default): The descriptor_value is used as a literal string without any formatter
+      //   parsing or substitution.
+      //
+      // For example, ``static_value`` will be used as is since there are no substitution fields.
+      // ``%REQ(:method)%`` will be replaced with the HTTP method, and
+      // ``%REQ(:method)%%REQ(:path)%`` will be replaced with the concatenation of the HTTP method and path.
+      // ``%CEL(request.headers['user-id'])%`` will use CEL to extract the user ID from request headers.
+      //
       string descriptor_value = 1 [(validate.rules).string = {min_len: 1}];
 
+      // An optional value to use if the final concatenated ``descriptor_value`` result is empty.
+      // Only applicable when formatter parsing is enabled by the runtime feature flag
+      // ``envoy.reloadable_features.enable_formatter_for_ratelimit_action_descriptor_value`` (disabled by default).
+      string default_value = 5;
+
+      // The key to use in the descriptor entry.
+      //
+      // Defaults to ``header_match``.
+      string descriptor_key = 4;
+
       // If set to true, the action will append a descriptor entry when the
       // request matches the headers. If set to false, the action will append a
       // descriptor entry when the request does not match the headers. The
@@ -2135,7 +2328,7 @@ message RateLimit {
       google.protobuf.BoolValue expect_match = 2;
 
       // Specifies a set of headers that the rate limit action should match
-      // on. The action will check the request’s headers against all the
+      // on. The action will check the request's headers against all the
       // specified headers in the config. A match will happen if all the
       // headers in the config are present in the request with the same values
       // (or based on presence if the value field is not in the config).
@@ -2215,13 +2408,48 @@ message RateLimit {
     // .. code-block:: cpp
     //
     //   ("query_match", "<descriptor_value>")
+    // [#next-free-field: 6]
     message QueryParameterValueMatch {
-      // The key to use in the descriptor entry. Defaults to ``query_match``.
-      string descriptor_key = 4;
-
-      // The value to use in the descriptor entry.
+      // Descriptor value of entry.
+      //
+      // The same :ref:`format specifier <config_access_log_format>` as used for
+      // :ref:`HTTP access logging <config_access_log>` applies here, however
+      // unknown specifier values are replaced with the empty string instead of ``-``.
+      //
+      // .. note::
+      //
+      //   Formatter parsing is controlled by the runtime feature flag
+      //   ``envoy.reloadable_features.enable_formatter_for_ratelimit_action_descriptor_value``
+      //   (disabled by default).
+      //
+      //   When enabled: The format string can contain multiple valid substitution
+      //   fields. If multiple substitution fields are present, their results will be concatenated
+      //   to form the final descriptor value. If it contains no substitution fields, the value
+      //   will be used as is. All substitution fields will be evaluated and their results
+      //   concatenated. If the final concatenated result is empty and ``default_value`` is set,
+      //   the ``default_value`` will be used. If ``default_value`` is not set and the result is
+      //   empty, this descriptor will be skipped and not included in the rate limit call.
+      //
+      //   When disabled (default): The descriptor_value is used as a literal string without any formatter
+      //   parsing or substitution.
+      //
+      // For example, ``static_value`` will be used as is since there are no substitution fields.
+      // ``%REQ(:method)%`` will be replaced with the HTTP method, and
+      // ``%REQ(:method)%%REQ(:path)%`` will be replaced with the concatenation of the HTTP method and path.
+      // ``%CEL(request.headers['user-id'])%`` will use CEL to extract the user ID from request headers.
+      //
       string descriptor_value = 1 [(validate.rules).string = {min_len: 1}];
 
+      // An optional value to use if the final concatenated ``descriptor_value`` result is empty.
+      // Only applicable when formatter parsing is enabled by the runtime feature flag
+      // ``envoy.reloadable_features.enable_formatter_for_ratelimit_action_descriptor_value`` (disabled by default).
+      string default_value = 5;
+
+      // The key to use in the descriptor entry.
+      //
+      // Defaults to ``query_match``.
+      string descriptor_key = 4;
+
       // If set to true, the action will append a descriptor entry when the
       // request matches the headers. If set to false, the action will append a
       // descriptor entry when the request does not match the headers. The
@@ -2229,7 +2457,7 @@ message RateLimit {
       google.protobuf.BoolValue expect_match = 2;
 
       // Specifies a set of query parameters that the rate limit action should match
-      // on. The action will check the request’s query parameters against all the
+      // on. The action will check the request's query parameters against all the
       // specified query parameters in the config. A match will happen if all the
       // query parameters in the config are present in the request with the same values
       // (or based on presence if the value field is not in the config).
@@ -2446,14 +2674,20 @@ message HeaderMatcher {
   // Specifies how the header match will be performed to route the request.
   oneof header_match_specifier {
     // If specified, header match will be performed based on the value of the header.
-    // This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
+    //
+    // .. attention::
+    //
+    //   This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
     string exact_match = 4
         [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
     // If specified, this regex string is a regular expression rule which implies the entire request
     // header value must match the regex. The rule will not match if only a subsequence of the
     // request header value matches the regex.
-    // This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
+    //
+    // .. attention::
+    //
+    //   This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
     type.matcher.v3.RegexMatcher safe_regex_match = 11
         [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
@@ -2475,8 +2709,14 @@ message HeaderMatcher {
     bool present_match = 7;
 
     // If specified, header match will be performed based on the prefix of the header value.
-    // Note: empty prefix is not allowed, please use present_match instead.
-    // This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
+    //
+    // .. note::
+    //
+    //   Empty prefix is not allowed. Please use ``present_match`` instead.
+    //
+    // .. attention::
+    //
+    //   This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
     //
     // Examples:
     //
@@ -2488,8 +2728,14 @@ message HeaderMatcher {
     ];
 
     // If specified, header match will be performed based on the suffix of the header value.
-    // Note: empty suffix is not allowed, please use present_match instead.
-    // This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
+    //
+    // .. note::
+    //
+    //   Empty suffix is not allowed. Please use ``present_match`` instead.
+    //
+    // .. attention::
+    //
+    //   This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
     //
     // Examples:
     //
@@ -2502,8 +2748,14 @@ message HeaderMatcher {
 
     // If specified, header match will be performed based on whether the header value contains
     // the given value or not.
-    // Note: empty contains match is not allowed, please use present_match instead.
-    // This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
+    //
+    // .. note::
+    //
+    //   Empty contains match is not allowed. Please use ``present_match`` instead.
+    //
+    // .. attention::
+    //
+    //   This field is deprecated. Please use :ref:`string_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.string_match>`.
     //
     // Examples:
     //
@@ -2518,7 +2770,9 @@ message HeaderMatcher {
     type.matcher.v3.StringMatcher string_match = 13;
   }
 
-  // If specified, the match result will be inverted before checking. Defaults to false.
+  // If specified, the match result will be inverted before checking.
+  //
+  // Defaults to ``false``.
   //
   // Examples:
   //
@@ -2527,7 +2781,9 @@ message HeaderMatcher {
   bool invert_match = 8;
 
   // If specified, for any header match rule, if the header match rule specified header
-  // does not exist, this header value will be treated as empty. Defaults to false.
+  // does not exist, this header value will be treated as empty.
+  //
+  // Defaults to ``false``.
   //
   // Examples:
   //
@@ -2579,6 +2835,20 @@ message QueryParameterMatcher {
   }
 }
 
+// Cookie matching inspects individual name/value pairs parsed from the ``Cookie`` header.
+message CookieMatcher {
+  // Specifies the cookie name to evaluate.
+  string name = 1 [(validate.rules).string = {min_len: 1 max_bytes: 1024}];
+
+  // Match the cookie value using :ref:`StringMatcher
+  // <envoy_v3_api_msg_type.matcher.v3.StringMatcher>` semantics.
+  type.matcher.v3.StringMatcher string_match = 2 [(validate.rules).message = {required: true}];
+
+  // Invert the match result. If the cookie is not present, the match result is false, so
+  // ``invert_match`` will cause the matcher to succeed when the cookie is absent.
+  bool invert_match = 3;
+}
+
 // HTTP Internal Redirect :ref:`architecture overview <arch_overview_internal_redirects>`.
 // [#next-free-field: 6]
 message InternalRedirectPolicy {
@@ -2604,7 +2874,7 @@ message InternalRedirectPolicy {
   repeated core.v3.TypedExtensionConfig predicates = 3;
 
   // Allow internal redirect to follow a target URI with a different scheme than the value of
-  // x-forwarded-proto. The default is false.
+  // x-forwarded-proto. The default is ``false``.
   bool allow_cross_scheme_redirect = 4;
 
   // Specifies a list of headers, by name, to copy from the internal redirect into the subsequent
@@ -2644,6 +2914,5 @@ message FilterConfig {
   //   initial route will not be added back to the filter chain because the filter chain is already
   //   created and it is too late to change the chain.
   //
-  //   This field only make sense for the downstream HTTP filters for now.
   bool disabled = 3;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto
index 7405c596ed5..2364983efc5 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto
@@ -61,16 +61,22 @@ message ZipkinConfig {
   }
 
   // The cluster manager cluster that hosts the Zipkin collectors.
-  // Note: This field will be deprecated in future releases in favor of
-  // :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
-  // Either this field or collector_service must be specified.
+  //
+  // .. note::
+  //     This field will be deprecated in future releases in favor of
+  //     :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
+  //
+  //     Either this field or ``collector_service`` must be specified.
   string collector_cluster = 1;
 
   // The API endpoint of the Zipkin service where the spans will be sent. When
   // using a standard Zipkin installation.
-  // Note: This field will be deprecated in future releases in favor of
-  // :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
-  // Required when using collector_cluster.
+  //
+  // .. note::
+  //     This field will be deprecated in future releases in favor of
+  //     :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
+  //
+  //     Required when using ``collector_cluster``.
   string collector_endpoint = 2;
 
   // Determines whether a 128bit trace id will be used when creating a new
@@ -86,8 +92,10 @@ message ZipkinConfig {
 
   // Optional hostname to use when sending spans to the collector_cluster. Useful for collectors
   // that require a specific hostname. Defaults to :ref:`collector_cluster <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_cluster>` above.
-  // Note: This field will be deprecated in future releases in favor of
-  // :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
+  //
+  // .. note::
+  //     This field will be deprecated in future releases in favor of
+  //     :ref:`collector_service <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_service>`.
   string collector_hostname = 6;
 
   // If this is set to true, then Envoy will be treated as an independent hop in trace chain. A complete span pair will be created for a single
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/common/matching/v3/extension_matcher.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/common/matching/v3/extension_matcher.proto
new file mode 100644
index 00000000000..817cd27a37a
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/common/matching/v3/extension_matcher.proto
@@ -0,0 +1,42 @@
+syntax = "proto3";
+
+package envoy.extensions.common.matching.v3;
+
+import "envoy/config/common/matcher/v3/matcher.proto";
+import "envoy/config/core/v3/extension.proto";
+
+import "xds/type/matcher/v3/matcher.proto";
+
+import "envoy/annotations/deprecation.proto";
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.common.matching.v3";
+option java_outer_classname = "ExtensionMatcherProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/common/matching/v3;matchingv3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Extension matcher]
+
+// Wrapper around an existing extension that provides an associated matcher. This allows
+// decorating an existing extension with a matcher, which can be used to match against
+// relevant protocol data.
+message ExtensionWithMatcher {
+  // The associated matcher. This is deprecated in favor of xds_matcher.
+  config.common.matcher.v3.Matcher matcher = 1
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // The associated matcher.
+  xds.type.matcher.v3.Matcher xds_matcher = 3;
+
+  // The underlying extension config.
+  config.core.v3.TypedExtensionConfig extension_config = 2
+      [(validate.rules).message = {required: true}];
+}
+
+// Extra settings on a per virtualhost/route/weighted-cluster level.
+message ExtensionWithMatcherPerRoute {
+  // Matcher override.
+  xds.type.matcher.v3.Matcher xds_matcher = 1;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/composite/v3/composite.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/composite/v3/composite.proto
new file mode 100644
index 00000000000..1ab6c5eb1ef
--- /dev/null
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/composite/v3/composite.proto
@@ -0,0 +1,106 @@
+syntax = "proto3";
+
+package envoy.extensions.filters.http.composite.v3;
+
+import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/config_source.proto";
+import "envoy/config/core/v3/extension.proto";
+
+import "udpa/annotations/migrate.proto";
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.filters.http.composite.v3";
+option java_outer_classname = "CompositeProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/composite/v3;compositev3";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Composite]
+// Composite Filter :ref:`configuration overview <config_http_filters_composite>`.
+// [#extension: envoy.filters.http.composite]
+
+// :ref:`Composite filter <config_http_filters_composite>` config. The composite filter config
+// allows delegating filter handling to another filter as determined by matching on the request
+// headers. This makes it possible to use different filters or filter configurations based on the
+// incoming request.
+//
+// This is intended to be used with
+// :ref:`ExtensionWithMatcher <envoy_v3_api_msg_extensions.common.matching.v3.ExtensionWithMatcher>`
+// where a match tree is specified that indicates (via
+// :ref:`ExecuteFilterAction <envoy_v3_api_msg_extensions.filters.http.composite.v3.ExecuteFilterAction>`)
+// which filter configuration to create and delegate to.
+message Composite {
+  // Named filter chain definitions that can be referenced from
+  // :ref:`ExecuteFilterAction.filter_chain_name
+  // <envoy_v3_api_field_extensions.filters.http.composite.v3.ExecuteFilterAction.filter_chain_name>`.
+  // The filter chains are compiled at configuration time and can be referenced by name.
+  // This is useful when the same filter chain needs to be applied across many routes,
+  // as it avoids duplicating the filter chain configuration.
+  map<string, FilterChainConfiguration> named_filter_chains = 1;
+}
+
+// A list of filter configurations to be called in order. Note that this can be used as the type
+// inside of an ECDS :ref:`TypedExtensionConfig
+// <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>` extension, which allows a chain of
+// filters to be configured dynamically. In that case, the types of all filters in the chain must
+// be present in the :ref:`ExtensionConfigSource.type_urls
+// <envoy_v3_api_field_config.core.v3.ExtensionConfigSource.type_urls>` field.
+message FilterChainConfiguration {
+  repeated config.core.v3.TypedExtensionConfig typed_config = 1;
+}
+
+// Configuration for an extension configuration discovery service with name.
+message DynamicConfig {
+  // The name of the extension configuration. It also serves as a resource name in ExtensionConfigDS.
+  // The resource type in the ``DiscoveryRequest`` will be :ref:`TypedExtensionConfig
+  // <envoy_v3_api_msg_config.core.v3.TypedExtensionConfig>`.
+  string name = 1 [(validate.rules).string = {min_len: 1}];
+
+  // Configuration source specifier for an extension configuration discovery
+  // service. In case of a failure and without the default configuration,
+  // 500(Internal Server Error) will be returned.
+  config.core.v3.ExtensionConfigSource config_discovery = 2;
+}
+
+// Composite match action (see :ref:`matching docs <arch_overview_matching_api>` for more info on match actions).
+// This specifies the filter configuration of the filter that the composite filter should delegate filter interactions to.
+// [#next-free-field: 6]
+message ExecuteFilterAction {
+  // Filter specific configuration which depends on the filter being
+  // instantiated. See the supported filters for further documentation.
+  // Only one of ``typed_config``, ``dynamic_config``, ``filter_chain``, or ``filter_chain_name``
+  // can be set.
+  // [#extension-category: envoy.filters.http]
+  config.core.v3.TypedExtensionConfig typed_config = 1
+      [(udpa.annotations.field_migrate).oneof_promotion = "config_type"];
+
+  // Dynamic configuration of filter obtained via extension configuration discovery service.
+  // Only one of ``typed_config``, ``dynamic_config``, ``filter_chain``, or ``filter_chain_name``
+  // can be set.
+  DynamicConfig dynamic_config = 2
+      [(udpa.annotations.field_migrate).oneof_promotion = "config_type"];
+
+  // An inlined list of filter configurations. The specified filters will be executed in order.
+  // Only one of ``typed_config``, ``dynamic_config``, ``filter_chain``, or ``filter_chain_name``
+  // can be set.
+  FilterChainConfiguration filter_chain = 4;
+
+  // The name of a filter chain defined in
+  // :ref:`Composite.named_filter_chains
+  // <envoy_v3_api_field_extensions.filters.http.composite.v3.Composite.named_filter_chains>`.
+  // At runtime, if the named filter chain is not found in the Composite filter's configuration,
+  // no filter will be applied for this match (the action is silently skipped).
+  // Only one of ``typed_config``, ``dynamic_config``, ``filter_chain``, or ``filter_chain_name``
+  // can be set.
+  string filter_chain_name = 5;
+
+  // Probability of the action execution. If not specified, this is 100%.
+  // This allows sampling behavior for the configured actions.
+  // For example, if
+  // :ref:`default_value <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.default_value>`
+  // under the ``sample_percent`` is configured with 30%, a dice roll with that
+  // probability is done. The underline action will only be executed if the
+  // dice roll returns positive. Otherwise, the action is skipped.
+  config.core.v3.RuntimeFractionalPercent sample_percent = 3;
+}
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
index 7cf2aac64aa..7f70b70013b 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -30,7 +30,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.
 // [#extension: envoy.filters.http.ext_authz]
 
-// [#next-free-field: 30]
+// [#next-free-field: 32]
 message ExtAuthz {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.ext_authz.v3.ExtAuthz";
@@ -55,15 +55,17 @@ message ExtAuthz {
 
   // Changes the filter's behavior on errors:
   //
-  // #. When set to ``true``, the filter will ``accept`` the client request even if communication with
-  //    the authorization service has failed, or if the authorization service has returned an HTTP 5xx
-  //    error.
+  // * When set to ``true``, the filter will ``accept`` the client request even if communication with
+  //   the authorization service has failed, or if the authorization service has returned an HTTP 5xx
+  //   error.
   //
-  // #. When set to ``false``, the filter will ``reject`` client requests and return ``Forbidden``
-  //    if communication with the authorization service has failed, or if the authorization service
-  //    has returned an HTTP 5xx error.
+  // * When set to ``false``, the filter will ``reject`` client requests and return ``Forbidden``
+  //   if communication with the authorization service has failed, or if the authorization service
+  //   has returned an HTTP 5xx error.
   //
   // Errors can always be tracked in the :ref:`stats <config_http_filters_ext_authz_stats>`.
+  //
+  // Defaults to ``false``.
   bool failure_mode_allow = 2;
 
   // When ``failure_mode_allow`` and ``failure_mode_allow_header_add`` are both set to ``true``,
@@ -78,25 +80,26 @@ message ExtAuthz {
   BufferSettings with_request_body = 5;
 
   // Clears the route cache in order to allow the external authorization service to correctly affect
-  // routing decisions. The filter clears all cached routes when:
-  //
-  // #. The field is set to ``true``.
-  //
-  // #. The status returned from the authorization service is an HTTP 200 or gRPC 0.
+  // routing decisions. The filter clears all cached routes when all of the following holds:
   //
-  // #. At least one ``authorization response header`` is added to the client request, or is used to
-  //    alter another client request header.
+  // * This field is set to ``true``.
+  // * The status returned from the authorization service is an HTTP 200 or gRPC 0.
+  // * At least one ``authorization response header`` is added to the client request, or is used to
+  //   alter another client request header.
   //
+  // Defaults to ``false``.
   bool clear_route_cache = 6;
 
   // Sets the HTTP status that is returned to the client when the authorization server returns an error
-  // or cannot be reached. The default status is HTTP 403 Forbidden.
+  // or cannot be reached.
+  //
+  // The default status is ``HTTP 403 Forbidden``.
   type.v3.HttpStatus status_on_error = 7;
 
-  // When this is set to ``true``, the filter will check the :ref:`ext_authz response
+  // When set to ``true``, the filter will check the :ref:`ext_authz response
   // <envoy_v3_api_msg_service.auth.v3.CheckResponse>` for invalid header and
-  // query parameter mutations. If the side stream response is invalid, it will send a local reply
-  // to the downstream request with status HTTP 500 Internal Server Error.
+  // query parameter mutations. If the response is invalid, the filter will send a local reply
+  // to the downstream request with status ``HTTP 500 Internal Server Error``.
   //
   // .. note::
   //   Both ``headers_to_remove`` and ``query_parameters_to_remove`` are validated, but invalid elements in
@@ -106,6 +109,8 @@ message ExtAuthz {
   // unexpected behavior.
   //
   // If you are using ext_authz with an untrusted ext_authz server, you should set this to ``true``.
+  //
+  // Defaults to ``false``.
   bool validate_mutations = 24;
 
   // Specifies a list of metadata namespaces whose values, if present, will be passed to the
@@ -160,6 +165,24 @@ message ExtAuthz {
 
   // Specifies if the filter is enabled with metadata matcher.
   // If this field is not specified, the filter will be enabled for all requests.
+  //
+  // .. note::
+  //
+  //   This field is only evaluated if the filter is instantiated. If the filter is marked with
+  //   ``disabled: true`` in the :ref:`HttpFilter
+  //   <envoy_v3_api_msg_extensions.filters.network.http_connection_manager.v3.HttpFilter>`
+  //   configuration or in per-route configuration via :ref:`ExtAuthzPerRoute
+  //   <envoy_v3_api_msg_extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute>`,
+  //   the filter will not be instantiated and this field will have no effect.
+  //
+  // .. tip::
+  //
+  //   For dynamic filter activation based on metadata (such as metadata set by a preceding
+  //   filter), consider using :ref:`ExtensionWithMatcher
+  //   <envoy_v3_api_msg_extensions.common.matching.v3.ExtensionWithMatcher>` instead. This
+  //   provides a more flexible matching framework that can evaluate conditions before filter
+  //   instantiation. See the :ref:`ext_authz filter documentation
+  //   <config_http_filters_ext_authz>` for examples.
   type.matcher.v3.MetadataMatcher filter_enabled_metadata = 14;
 
   // Specifies whether to deny the requests when the filter is disabled.
@@ -204,7 +227,7 @@ message ExtAuthz {
   string bootstrap_metadata_labels_key = 15;
 
   // Check request to authorization server will include the client request headers that have a correspondent match
-  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`. If this option isn't specified, then
+  // in the list. If this option isn't specified, then
   // all client request headers are included in the check request to a gRPC authorization server, whereas no client request headers
   // (besides the ones allowed by default - see note below) are included in the check request to an HTTP authorization server.
   // This inconsistency between gRPC and HTTP servers is to maintain backwards compatibility with legacy behavior.
@@ -266,19 +289,19 @@ message ExtAuthz {
   bool encode_raw_headers = 23;
 
   // Rules for what modifications an ext_authz server may make to the request headers before
-  // continuing decoding / forwarding upstream.
+  // continuing decoding or forwarding upstream.
   //
-  // If set to anything, enables header mutation checking against configured rules. Note that
+  // If set, enables header mutation checking against the configured rules. Note that
   // :ref:`HeaderMutationRules <envoy_v3_api_msg_config.common.mutation_rules.v3.HeaderMutationRules>`
-  // has defaults that change ext_authz behavior. Also note that if this field is set to anything,
-  // ext_authz can no longer append to :-prefixed headers.
+  // has defaults that change ext_authz behavior. Also note that if this field is set,
+  // ext_authz can no longer append to ``:``-prefixed headers.
   //
-  // If empty, header mutation rule checking is completely disabled.
+  // If unset, header mutation rule checking is completely disabled.
   //
-  // Regardless of what is configured here, ext_authz cannot remove :-prefixed headers.
+  // Regardless of what is configured here, ext_authz cannot remove ``:``-prefixed headers.
   //
   // This field and ``validate_mutations`` have different use cases. ``validate_mutations`` enables
-  // correctness checks for all header / query parameter mutations (e.g. for invalid characters).
+  // correctness checks for all header and query parameter mutations (for example, invalid characters).
   // This field allows the filter to reject mutations to specific headers.
   config.common.mutation_rules.v3.HeaderMutationRules decoder_header_mutation_rules = 26;
 
@@ -302,8 +325,10 @@ message ExtAuthz {
   // key will be the same as the filter name.
   //
   // If using Envoy gRPC, emits latency, bytes sent / received, upstream info, and upstream cluster
-  // info. If not using Envoy gRPC, emits only latency. Note that stats are ONLY added to filter
-  // state if a check request is actually made to an ext_authz service.
+  // info. If not using Envoy gRPC, emits only latency.
+  //
+  // .. note::
+  //   Stats are ONLY added to filter state if a check request is actually made to an ext_authz service.
   //
   // If this is ``false`` the filter will not emit stats, but filter_metadata will still be respected if
   // it has a value.
@@ -311,6 +336,29 @@ message ExtAuthz {
   // Field ``latency_us`` is exposed for CEL and logging when using gRPC or HTTP service.
   // Fields ``bytesSent`` and ``bytesReceived`` are exposed for CEL and logging only when using gRPC service.
   bool emit_filter_state_stats = 29;
+
+  // Sets the maximum size (in bytes) of the response body that the filter will send downstream
+  // when a request is denied by the external authorization service.
+  //
+  // If the authorization server returns a response body larger than this configured limit,
+  // the body will be truncated to ``max_denied_response_body_bytes`` before being sent to the
+  // downstream client.
+  //
+  // If this field is not set or is set to 0, no truncation will occur, and the entire
+  // denied response body will be forwarded.
+  uint32 max_denied_response_body_bytes = 30;
+
+  // When set to ``true``, the filter will enforce the response header map's count and size limits
+  // by sending a local reply when those limits are violated.
+  //
+  // When set to ``false``, the filter will ignore the response header map's limits and add / set
+  // all response headers as specified by the external authorization service.
+  //
+  // Recommendation: enable if the external authorization service is not trusted. Otherwise, leave
+  // it ``false``.
+  //
+  // Defaults to ``false``.
+  bool enforce_response_header_limits = 31;
 }
 
 // Configuration for buffering the request data.
@@ -320,13 +368,18 @@ message BufferSettings {
 
   // Sets the maximum size of a message body that the filter will hold in memory. Envoy will return
   // ``HTTP 413`` and will *not* initiate the authorization process when the buffer reaches the size
-  // set in this field. Note that this setting will have precedence over :ref:`failure_mode_allow
-  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.failure_mode_allow>`.
+  // set in this field.
+  //
+  // .. note::
+  //   This setting will have precedence over :ref:`failure_mode_allow
+  //   <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.failure_mode_allow>`.
   uint32 max_request_bytes = 1 [(validate.rules).uint32 = {gt: 0}];
 
   // When this field is ``true``, Envoy will buffer the message until ``max_request_bytes`` is reached.
   // The authorization request will be dispatched and no 413 HTTP error will be returned by the
   // filter.
+  //
+  // Defaults to ``false``.
   bool allow_partial_message = 2;
 
   // If ``true``, the body sent to the external authorization service is set as raw bytes and populates
@@ -339,14 +392,18 @@ message BufferSettings {
   // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.grpc_service>`. In configurations that use
   // an :ref:`http_service <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.http_service>`, this
   // has no effect.
+  //
+  // Defaults to ``false``.
   bool pack_as_bytes = 3;
 }
 
 // HttpService is used for raw HTTP communication between the filter and the authorization service.
 // When configured, the filter will parse the client request and use these attributes to call the
 // authorization server. Depending on the response, the filter may reject or accept the client
-// request. Note that in any of these events, metadata can be added, removed or overridden by the
-// filter:
+// request.
+//
+// .. note::
+//   In any of these events, metadata can be added, removed or overridden by the filter:
 //
 // On authorization request, a list of allowed request headers may be supplied. See
 // :ref:`allowed_headers
@@ -369,7 +426,7 @@ message BufferSettings {
 // metadata as well as body may be added to the client's response. See :ref:`allowed_client_headers
 // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.AuthorizationResponse.allowed_client_headers>`
 // for details.
-// [#next-free-field: 9]
+// [#next-free-field: 10]
 message HttpService {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.ext_authz.v2.HttpService";
@@ -387,6 +444,13 @@ message HttpService {
 
   // Settings used for controlling authorization response metadata.
   AuthorizationResponse authorization_response = 8;
+
+  // Optional retry policy for requests to the authorization server.
+  // If not set, no retries will be performed.
+  //
+  // .. note::
+  //   When this field is set, the ``ext_authz`` filter will buffer the request body for retry purposes.
+  config.core.v3.RetryPolicy retry_policy = 9;
 }
 
 message AuthorizationRequest {
@@ -394,7 +458,7 @@ message AuthorizationRequest {
       "envoy.config.filter.http.ext_authz.v2.AuthorizationRequest";
 
   // Authorization request includes the client request headers that have a corresponding match
-  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`.
+  // in the list.
   // This field has been deprecated in favor of :ref:`allowed_headers
   // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.allowed_headers>`.
   //
@@ -414,8 +478,10 @@ message AuthorizationRequest {
   type.matcher.v3.ListStringMatcher allowed_headers = 1
       [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
 
-  // Sets a list of headers that will be included in the request to the authorization service. Note that
-  // client request headers with the same key will be overridden.
+  // Sets a list of headers that will be included in the request to the authorization service.
+  //
+  // .. note::
+  //   Client request headers with the same key will be overridden.
   repeated config.core.v3.HeaderValue headers_to_add = 2;
 }
 
@@ -424,30 +490,37 @@ message AuthorizationResponse {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.ext_authz.v2.AuthorizationResponse";
 
-  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // When this list is set, authorization
   // response headers that have a correspondent match will be added to the original client request.
-  // Note that coexistent headers will be overridden.
+  //
+  // .. note::
+  //   Existing headers will be overridden.
   type.matcher.v3.ListStringMatcher allowed_upstream_headers = 1;
 
-  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // When this list is set, authorization
   // response headers that have a correspondent match will be added to the original client request.
-  // Note that coexistent headers will be appended.
+  //
+  // .. note::
+  //   Existing headers will be appended.
   type.matcher.v3.ListStringMatcher allowed_upstream_headers_to_append = 3;
 
-  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
-  // response headers that have a correspondent match will be added to the client's response. Note
-  // that when this list is *not* set, all the authorization response headers, except ``Authority
-  // (Host)`` will be in the response to the client. When a header is included in this list, ``Path``,
-  // ``Status``, ``Content-Length``, ``WWWAuthenticate`` and ``Location`` are automatically added.
+  // When this list is set, authorization
+  // response headers that have a correspondent match will be added to the client's response.
+  // When a header is included in this list, ``Path``, ``Status``, ``Content-Length``, ``WWW-Authenticate`` and
+  // ``Location`` are automatically added.
+  //
+  // .. note::
+  //   When this list is *not* set, all the authorization response headers, except
+  //   ``Authority (Host)``, will be in the response to the client.
   type.matcher.v3.ListStringMatcher allowed_client_headers = 2;
 
-  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // When this list is set, authorization
   // response headers that have a correspondent match will be added to the client's response when
   // the authorization response itself is successful, i.e. not failed or denied. When this list is
   // *not* set, no additional headers will be added to the client's response on success.
   type.matcher.v3.ListStringMatcher allowed_client_headers_on_success = 4;
 
-  // When this :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // When this list is set, authorization
   // response headers that have a correspondent match will be emitted as dynamic metadata to be consumed
   // by the next filter. This metadata lives in a namespace specified by the canonical name of extension filter
   // that requires it:
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto
index 6efd47ac58b..a37efe157db 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto
@@ -4,7 +4,6 @@ package envoy.extensions.filters.http.rbac.v3;
 
 import "envoy/config/rbac/v3/rbac.proto";
 
-import "xds/annotations/v3/status.proto";
 import "xds/type/matcher/v3/matcher.proto";
 
 import "udpa/annotations/migrate.proto";
@@ -64,10 +63,8 @@ message RBAC {
   // If absent, no shadow matcher will be applied.
   // Match tree for testing RBAC rules through stats and logs without enforcing them.
   // If absent, no shadow matching occurs.
-  xds.type.matcher.v3.Matcher shadow_matcher = 5 [
-    (udpa.annotations.field_migrate).oneof_promotion = "shadow_rules_specifier",
-    (xds.annotations.v3.field_status).work_in_progress = true
-  ];
+  xds.type.matcher.v3.Matcher shadow_matcher = 5
+      [(udpa.annotations.field_migrate).oneof_promotion = "shadow_rules_specifier"];
 
   // If specified, shadow rules will emit stats with the given prefix.
   // This is useful for distinguishing metrics when multiple RBAC filters use shadow rules.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto
index d3996a96798..7da658bcb33 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto
@@ -23,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // Router :ref:`configuration overview <config_http_filters_router>`.
 // [#extension: envoy.filters.http.router]
 
-// [#next-free-field: 10]
+// [#next-free-field: 11]
 message Router {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.router.v2.Router";
@@ -134,4 +134,10 @@ message Router {
   // upstream HTTP filters will count as a final response if hedging is configured.
   // [#extension-category: envoy.filters.http.upstream]
   repeated network.http_connection_manager.v3.HttpFilter upstream_http_filters = 8;
+
+  // If set to true, Envoy will reject ``CONNECT`` requests that send data before
+  // receiving a ``200`` response from the upstream. This early data behavior
+  // is common for latency reduction but can cause issues with some upstreams.
+  // Defaults to false to allow early data and be compatible with common behavior.
+  google.protobuf.BoolValue reject_connect_request_early_data = 10;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
index 730e065e6c4..9d8cf8bf4fd 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -20,6 +20,8 @@ import "google/protobuf/any.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "xds/type/matcher/v3/matcher.proto";
+
 import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "udpa/annotations/security.proto";
@@ -37,7 +39,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.
 // [#extension: envoy.filters.network.http_connection_manager]
 
-// [#next-free-field: 60]
+// [#next-free-field: 61]
 message HttpConnectionManager {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager";
@@ -139,11 +141,13 @@ message HttpConnectionManager {
     UNESCAPE_AND_FORWARD = 4;
   }
 
-  // [#next-free-field: 11]
+  // [#next-free-field: 13]
   message Tracing {
     option (udpa.annotations.versioning).previous_message_type =
         "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager.Tracing";
 
+    // This OperationName makes no sense and is unnecessary in the current tracing API.
+    // [#not-implemented-hide:]
     enum OperationName {
       // The HTTP listener is used for ingress/incoming requests.
       INGRESS = 0;
@@ -217,6 +221,28 @@ message HttpConnectionManager {
     //
     // The default value is false for now for backward compatibility.
     google.protobuf.BoolValue spawn_upstream_span = 10;
+
+    // The operation name of the span which will be used for tracing.
+    //
+    // The same :ref:`format specifier <config_access_log_format>` as used for
+    // :ref:`HTTP access logging <config_access_log>` applies here, however
+    // unknown specifier values are replaced with the empty string instead of ``-``.
+    //
+    // This field will take precedence over and make following settings ineffective:
+    //
+    // * :ref:`route decorator <envoy_v3_api_field_config.route.v3.Route.decorator>` and
+    // * :ref:`x-envoy-decorator-operation <config_http_filters_router_x-envoy-decorator-operation>`
+    //   header will be ignored.
+    string operation = 11;
+
+    // The operation name of the upstream span which will be used for tracing.
+    // This only takes effect when ``spawn_upstream_span`` is set to true and the upstream
+    // span is created.
+    //
+    // The same :ref:`format specifier <config_access_log_format>` as used for
+    // :ref:`HTTP access logging <config_access_log>` applies here, however
+    // unknown specifier values are replaced with the empty string instead of ``-``.
+    string upstream_operation = 12;
   }
 
   message InternalAddressConfig {
@@ -263,6 +289,15 @@ message HttpConnectionManager {
     bool uri = 5;
   }
 
+  // The configuration for forwarding client cert details.
+  message ForwardClientCertConfig {
+    // How to handle the XFCC header.
+    ForwardClientCertDetails forward_client_cert_details = 1;
+
+    // How to set the current client cert details.
+    SetCurrentClientCertDetails set_current_client_cert_details = 2;
+  }
+
   // The configuration for HTTP upgrades.
   // For each upgrade type desired, an UpgradeConfig must be added.
   //
@@ -784,6 +819,53 @@ message HttpConnectionManager {
   // value.
   SetCurrentClientCertDetails set_current_client_cert_details = 17;
 
+  // The matcher for forwarding client cert details. This allows per-request configuration
+  // of forward client cert behavior based on request properties. If a matcher is configured
+  // and matches a request, the matched action's forward client cert config will be used.
+  // If the matcher is not configured or doesn't match, the static
+  // :ref:`forward_client_cert_details
+  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.forward_client_cert_details>`
+  // and
+  // :ref:`set_current_client_cert_details
+  // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.set_current_client_cert_details>`
+  // config will be used as fallback.
+  //
+  // Example: If the x-forwarded-client-cert header contains "trusted-client", use APPEND_FORWARD,
+  // otherwise use SANITIZE_SET:
+  //
+  // .. code-block:: yaml
+  //
+  //   forward_client_cert_matcher:
+  //     matcher_list:
+  //       matchers:
+  //       - predicate:
+  //           single_predicate:
+  //             input:
+  //               name: envoy.matching.inputs.request_headers
+  //               typed_config:
+  //                 "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput
+  //                 header_name: "x-forwarded-client-cert"
+  //             value_match:
+  //               string_match:
+  //                 contains: "trusted-client"
+  //         on_match:
+  //           action:
+  //             name: forward_client_cert
+  //             typed_config:
+  //               "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.ForwardClientCertConfig
+  //               forward_client_cert_details: APPEND_FORWARD
+  //               set_current_client_cert_details:
+  //                 uri: true
+  //     on_no_match:
+  //       action:
+  //         name: forward_client_cert
+  //         typed_config:
+  //           "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.ForwardClientCertConfig
+  //           forward_client_cert_details: SANITIZE_SET
+  //           set_current_client_cert_details:
+  //             uri: true
+  xds.type.matcher.v3.Matcher forward_client_cert_matcher = 60;
+
   // If proxy_100_continue is true, Envoy will proxy incoming "Expect:
   // 100-continue" headers upstream, and forward "100 Continue" responses
   // downstream. If this is false or not set, Envoy will instead strip the
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
index f913cb6a257..c55d30b89e0 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.extensions.load_balancing_policies.client_side_weighted_round_robin.v3;
 
+import "envoy/extensions/load_balancing_policies/common/v3/common.proto";
+
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
@@ -42,7 +44,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // See the :ref:`load balancing architecture
 // overview<arch_overview_load_balancing_types>` for more information.
 //
-// [#next-free-field: 8]
+// [#next-free-field: 9]
 message ClientSideWeightedRoundRobin {
   // Whether to enable out-of-band utilization reporting collection from
   // the endpoints. By default, per-request utilization reporting is used.
@@ -82,4 +84,8 @@ message ClientSideWeightedRoundRobin {
   // For map fields in the ORCA proto, the string will be of the form ``<map_field_name>.<map_key>``. For example, the string ``named_metrics.foo`` will mean to look for the key ``foo`` in the ORCA :ref:`named_metrics <envoy_v3_api_field_.xds.data.orca.v3.OrcaLoadReport.named_metrics>` field.
   // If none of the specified metrics are present in the load report, then :ref:`cpu_utilization <envoy_v3_api_field_.xds.data.orca.v3.OrcaLoadReport.cpu_utilization>` is used instead.
   repeated string metric_names_for_computing_utilization = 7;
+
+  // Configuration for slow start mode.
+  // If this configuration is not set, slow start will not be not enabled.
+  common.v3.SlowStartConfig slow_start_config = 8;
 }
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto
index ab8367a401a..e2e4ade8236 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto
@@ -14,7 +14,7 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/loa
 option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Weighted Round Robin Locality-Picking Load Balancing Policy]
-// [#not-implemented-hide:]
+// [#extension: envoy.load_balancing_policies.wrr_locality]
 
 // Configuration for the wrr_locality LB policy. See the :ref:`load balancing architecture overview
 // <arch_overview_load_balancing_types>` for more information.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
index b292b18c45d..d656c66b5d0 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto
@@ -300,6 +300,7 @@ message CommonTlsContext {
   // Select TLS certificate based on TLS client hello.
   // If empty, defaults to native TLS certificate selection behavior:
   // DNS SANs or Subject Common Name in TLS certificates is extracted as server name pattern to match SNI.
+  // [#extension-category: envoy.tls.certificate_selectors]
   config.core.v3.TypedExtensionConfig custom_tls_certificate_selector = 16;
 
   // Certificate provider for fetching TLS certificates.
diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/external_auth.proto b/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/external_auth.proto
index 1f3ed5787d8..520a4ff4f31 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/external_auth.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/service/auth/v3/external_auth.proto
@@ -114,6 +114,7 @@ message OkHttpResponse {
 }
 
 // Intended for gRPC and Network Authorization servers ``only``.
+// [#next-free-field: 6]
 message CheckResponse {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.service.auth.v2.CheckResponse";
@@ -132,6 +133,18 @@ message CheckResponse {
 
     // Supplies http attributes for an ok response.
     OkHttpResponse ok_response = 3;
+
+    // Supplies http attributes for an error response. This is used when the authorization
+    // service encounters an internal error and wants to return custom headers and body to the
+    // downstream client. When ``error_response`` is set, the ext_authz filter increments the
+    // ``ext_authz_error`` stat and respects the :ref:`failure_mode_allow
+    // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.failure_mode_allow>`
+    // configuration. The HTTP status code, headers, and body are taken from the
+    // :ref:`DeniedHttpResponse <envoy_v3_api_msg_service.auth.v3.DeniedHttpResponse>` message.
+    // If the status field is not set, Envoy sends the status code configured via
+    // :ref:`status_on_error <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.status_on_error>`,
+    // which defaults to ``403 Forbidden``.
+    DeniedHttpResponse error_response = 5;
   }
 
   // Optional response metadata that will be emitted as dynamic metadata to be consumed by the next
diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto b/xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto
index feb57e8eb66..cdb42a43507 100644
--- a/xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto
+++ b/xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto
@@ -17,7 +17,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#protodoc-title: Custom Tag]
 
 // Describes custom tags for the active span.
-// [#next-free-field: 6]
+// [#next-free-field: 7]
 message CustomTag {
   option (udpa.annotations.versioning).previous_message_type = "envoy.type.tracing.v2.CustomTag";
 
@@ -98,5 +98,12 @@ message CustomTag {
 
     // A custom tag to obtain tag value from the metadata.
     Metadata metadata = 5;
+
+    // Custom tag value.
+    //
+    // The same :ref:`format specifier <config_access_log_format>` as used for
+    // :ref:`HTTP access logging <config_access_log>` applies here, however
+    // unknown specifier values are replaced with the empty string instead of ``-``.
+    string value = 6;
   }
 }

From 015bde2236875e5ac9917322f0b1c1586558a346 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 17 Feb 2026 09:25:45 -0800
Subject: [PATCH 538/591] api: Highlight a bug in java.net.URI for those
 migrating.

Consider:
URI uri = URI.create("file://?#");

// These getters distinguish null from empty, as documented.
assertThat(uri.getPath()).isEqualTo("");
assertThat(uri.getQuery()).isEqualTo("");
assertThat(uri.getFragment()).isEqualTo("");

// These getters do not, unfortunately.
assertThat(uri.getAuthority()).isNull();
assertThat(uri.getHost()).isNull();
---
 api/src/main/java/io/grpc/Uri.java     |  9 +++++++++
 api/src/test/java/io/grpc/UriTest.java | 24 ++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/api/src/main/java/io/grpc/Uri.java b/api/src/main/java/io/grpc/Uri.java
index 3034211752b..42d99d8b4b1 100644
--- a/api/src/main/java/io/grpc/Uri.java
+++ b/api/src/main/java/io/grpc/Uri.java
@@ -148,6 +148,15 @@
  * itself. RFC 9844 claims to obsolete RFC 6874 because web browsers would not support it. This
  * class implements RFC 6874 anyway, mostly to avoid creating a barrier to migration away from
  * {@link java.net.URI}.
+ *
+ * <p>Some URI components, e.g. scheme, are required while others may or may not be present, e.g.
+ * authority. {@link Uri} is careful to preserve the distinction between an absent string component
+ * (getter returns null) and one with an empty value (getter returns ""). {@link java.net.URI} makes
+ * this distinction too, *except* when it comes to the authority and host components: {@link
+ * java.net.URI#getAuthority()} and {@link java.net.URI#getHost()} return null when an authority is
+ * absent, e.g. <code>file:/path</code> as expected. But these methods surprisingly also return null
+ * when the authority is the empty string, e.g.<code>file:///path</code>. {@link Uri}'s getters
+ * correctly return null and "" in these cases, respectively, as one would expect.
  */
 @Internal
 public final class Uri {
diff --git a/api/src/test/java/io/grpc/UriTest.java b/api/src/test/java/io/grpc/UriTest.java
index e34319e8910..6963566f737 100644
--- a/api/src/test/java/io/grpc/UriTest.java
+++ b/api/src/test/java/io/grpc/UriTest.java
@@ -161,6 +161,30 @@ public void parse_emptyPath() throws URISyntaxException {
     assertThat(uri.isPathRootless()).isFalse();
   }
 
+  @Test
+  public void parse_emptyQuery() {
+    Uri uri = Uri.create("scheme:?");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getQuery()).isEmpty();
+  }
+
+  @Test
+  public void parse_emptyFragment() {
+    Uri uri = Uri.create("scheme:#");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getFragment()).isEmpty();
+  }
+
+  @Test
+  public void parse_emptyUserInfo() {
+    Uri uri = Uri.create("scheme://@host");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getAuthority()).isEqualTo("@host");
+    assertThat(uri.getHost()).isEqualTo("host");
+    assertThat(uri.getUserInfo()).isEmpty();
+    assertThat(uri.toString()).isEqualTo("scheme://@host");
+  }
+
   @Test
   public void parse_invalidScheme_throws() {
     URISyntaxException e =

From 82923d4bc6b6283380bcf159aa0cf3e16a66e98d Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 17 Feb 2026 10:11:56 -0800
Subject: [PATCH 539/591] api: Allow Uri's raw port to be the empty string.

https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3 says
  port = *DIGIT

and #section-6.2.3 explicitly lists http://example.com:/ as a valid URI.

Behavior now matches java.net.URI.
---
 api/src/main/java/io/grpc/Uri.java     | 14 ++++++++------
 api/src/test/java/io/grpc/UriTest.java | 19 ++++++++++++-------
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/api/src/main/java/io/grpc/Uri.java b/api/src/main/java/io/grpc/Uri.java
index 42d99d8b4b1..612cbbaab99 100644
--- a/api/src/main/java/io/grpc/Uri.java
+++ b/api/src/main/java/io/grpc/Uri.java
@@ -446,9 +446,9 @@ public String getRawHost() {
     return host;
   }
 
-  /** Returns the "port" component of this URI, or -1 if not present. */
+  /** Returns the "port" component of this URI, or -1 if empty or not present. */
   public int getPort() {
-    return port != null ? Integer.parseInt(port) : -1;
+    return port != null && !port.isEmpty() ? Integer.parseInt(port) : -1;
   }
 
   /** Returns the raw port component of this URI in its originally parsed form. */
@@ -943,10 +943,12 @@ public Builder setPort(int port) {
 
     @CanIgnoreReturnValue
     Builder setRawPort(String port) {
-      try {
-        Integer.parseInt(port); // Result unused.
-      } catch (NumberFormatException e) {
-        throw new IllegalArgumentException("Invalid port", e);
+      if (port != null && !port.isEmpty()) {
+        try {
+          Integer.parseInt(port); // Result unused.
+        } catch (NumberFormatException e) {
+          throw new IllegalArgumentException("Invalid port", e);
+        }
       }
       this.port = port;
       return this;
diff --git a/api/src/test/java/io/grpc/UriTest.java b/api/src/test/java/io/grpc/UriTest.java
index 6963566f737..a0f2e96b1cd 100644
--- a/api/src/test/java/io/grpc/UriTest.java
+++ b/api/src/test/java/io/grpc/UriTest.java
@@ -185,6 +185,18 @@ public void parse_emptyUserInfo() {
     assertThat(uri.toString()).isEqualTo("scheme://@host");
   }
 
+  @Test
+  public void parse_emptyPort() {
+    Uri uri = Uri.create("scheme://host:");
+    assertThat(uri.getScheme()).isEqualTo("scheme");
+    assertThat(uri.getAuthority()).isEqualTo("host:");
+    assertThat(uri.getRawAuthority()).isEqualTo("host:");
+    assertThat(uri.getHost()).isEqualTo("host");
+    assertThat(uri.getPort()).isEqualTo(-1);
+    assertThat(uri.getRawPort()).isEqualTo("");
+    assertThat(uri.toString()).isEqualTo("scheme://host:");
+  }
+
   @Test
   public void parse_invalidScheme_throws() {
     URISyntaxException e =
@@ -259,13 +271,6 @@ public void parse_invalidBackslashScope_throws() {
     assertThat(e).hasMessageThat().contains("Invalid character in scope");
   }
 
-  @Test
-  public void parse_emptyPort_throws() {
-    URISyntaxException e =
-        assertThrows(URISyntaxException.class, () -> Uri.parse("scheme://user@host:/path"));
-    assertThat(e).hasMessageThat().contains("Invalid port");
-  }
-
   @Test
   public void parse_invalidCharactersInPort_throws() {
     URISyntaxException e =

From d5536b34b26788993c9b0ae4212f22a35a9ecf3c Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 17 Feb 2026 13:52:56 -0800
Subject: [PATCH 540/591] netty: factor out some duplicated code into a helper
 method

---
 .../netty/UdsNameResolverProviderTest.java    | 56 ++++++-------------
 1 file changed, 18 insertions(+), 38 deletions(-)

diff --git a/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java b/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
index 9dacf00cfad..f18039ee606 100644
--- a/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
+++ b/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
@@ -75,19 +75,7 @@ public class UdsNameResolverProviderTest {
   public void testUnixRelativePath() {
     UdsNameResolver udsNameResolver =
         udsNameResolverProvider.newNameResolver(URI.create("unix:sock.sock"), args);
-    assertThat(udsNameResolver).isNotNull();
-    udsNameResolver.start(mockListener);
-    verify(mockListener).onResult2(resultCaptor.capture());
-    NameResolver.ResolutionResult result = resultCaptor.getValue();
-    List<EquivalentAddressGroup> list = result.getAddressesOrError().getValue();
-    assertThat(list).isNotNull();
-    assertThat(list).hasSize(1);
-    EquivalentAddressGroup eag = list.get(0);
-    assertThat(eag).isNotNull();
-    List<SocketAddress> addresses = eag.getAddresses();
-    assertThat(addresses).hasSize(1);
-    assertThat(addresses.get(0)).isInstanceOf(DomainSocketAddress.class);
-    DomainSocketAddress domainSocketAddress = (DomainSocketAddress) addresses.get(0);
+    DomainSocketAddress domainSocketAddress = startAndGetUniqueResolvedAddress(udsNameResolver);
     assertThat(domainSocketAddress.path()).isEqualTo("sock.sock");
   }
 
@@ -95,19 +83,7 @@ public void testUnixRelativePath() {
   public void testUnixAbsolutePath() {
     UdsNameResolver udsNameResolver =
         udsNameResolverProvider.newNameResolver(URI.create("unix:/sock.sock"), args);
-    assertThat(udsNameResolver).isNotNull();
-    udsNameResolver.start(mockListener);
-    verify(mockListener).onResult2(resultCaptor.capture());
-    NameResolver.ResolutionResult result = resultCaptor.getValue();
-    List<EquivalentAddressGroup> list = result.getAddressesOrError().getValue();
-    assertThat(list).isNotNull();
-    assertThat(list).hasSize(1);
-    EquivalentAddressGroup eag = list.get(0);
-    assertThat(eag).isNotNull();
-    List<SocketAddress> addresses = eag.getAddresses();
-    assertThat(addresses).hasSize(1);
-    assertThat(addresses.get(0)).isInstanceOf(DomainSocketAddress.class);
-    DomainSocketAddress domainSocketAddress = (DomainSocketAddress) addresses.get(0);
+    DomainSocketAddress domainSocketAddress = startAndGetUniqueResolvedAddress(udsNameResolver);
     assertThat(domainSocketAddress.path()).isEqualTo("/sock.sock");
   }
 
@@ -115,6 +91,21 @@ public void testUnixAbsolutePath() {
   public void testUnixAbsoluteAlternatePath() {
     UdsNameResolver udsNameResolver =
         udsNameResolverProvider.newNameResolver(URI.create("unix:///sock.sock"), args);
+    DomainSocketAddress domainSocketAddress = startAndGetUniqueResolvedAddress(udsNameResolver);
+    assertThat(domainSocketAddress.path()).isEqualTo("/sock.sock");
+  }
+
+  @Test
+  public void testUnixPathWithAuthority() {
+    try {
+      udsNameResolverProvider.newNameResolver(URI.create("unix://localhost/sock.sock"), args);
+      fail("exception expected");
+    } catch (IllegalArgumentException e) {
+      assertThat(e).hasMessageThat().isEqualTo("authority not supported: localhost");
+    }
+  }
+
+  private DomainSocketAddress startAndGetUniqueResolvedAddress(UdsNameResolver udsNameResolver) {
     assertThat(udsNameResolver).isNotNull();
     udsNameResolver.start(mockListener);
     verify(mockListener).onResult2(resultCaptor.capture());
@@ -127,17 +118,6 @@ public void testUnixAbsoluteAlternatePath() {
     List<SocketAddress> addresses = eag.getAddresses();
     assertThat(addresses).hasSize(1);
     assertThat(addresses.get(0)).isInstanceOf(DomainSocketAddress.class);
-    DomainSocketAddress domainSocketAddress = (DomainSocketAddress) addresses.get(0);
-    assertThat(domainSocketAddress.path()).isEqualTo("/sock.sock");
-  }
-
-  @Test
-  public void testUnixPathWithAuthority() {
-    try {
-      udsNameResolverProvider.newNameResolver(URI.create("unix://localhost/sock.sock"), args);
-      fail("exception expected");
-    } catch (IllegalArgumentException e) {
-      assertThat(e).hasMessageThat().isEqualTo("non-null authority not supported");
-    }
+    return (DomainSocketAddress) addresses.get(0);
   }
 }

From d9320eea62534e8a87319c1124a3a0f8443e43a8 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 17 Feb 2026 14:05:13 -0800
Subject: [PATCH 541/591] netty: Add RFC 3986 support to the 'unix:' name
 resolver.

---
 .../java/io/grpc/netty/UdsNameResolver.java   | 13 ++++-
 .../grpc/netty/UdsNameResolverProvider.java   | 17 ++++++
 .../netty/UdsNameResolverProviderTest.java    | 52 +++++++++++++++----
 .../io/grpc/netty/UdsNameResolverTest.java    |  4 +-
 4 files changed, 74 insertions(+), 12 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/UdsNameResolver.java b/netty/src/main/java/io/grpc/netty/UdsNameResolver.java
index de14dc8b460..3477a458933 100644
--- a/netty/src/main/java/io/grpc/netty/UdsNameResolver.java
+++ b/netty/src/main/java/io/grpc/netty/UdsNameResolver.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Strings.isNullOrEmpty;
 
 import com.google.common.base.Preconditions;
 import io.grpc.EquivalentAddressGroup;
@@ -31,8 +32,18 @@ final class UdsNameResolver extends NameResolver {
   private NameResolver.Listener2 listener;
   private final String authority;
 
+  /**
+   * Constructs a new instance of UdsNameResolver.
+   *
+   * @param authority authority of the 'unix:' URI to resolve, or null if target has no authority
+   * @param targetPath path of the 'unix:' URI to resolve
+   */
   UdsNameResolver(String authority, String targetPath, Args args) {
-    checkArgument(authority == null, "non-null authority not supported");
+    // UDS is inherently local. According to https://github.com/grpc/grpc/blob/master/doc/naming.md,
+    // this is expressed in the target URI either by using a blank authority, like "unix:///sock",
+    // or by omitting authority completely, e.g. "unix:/sock".
+    // TODO(jdcormie): Allow the explicit authority string "localhost"?
+    checkArgument(isNullOrEmpty(authority), "authority not supported: %s", authority);
     this.authority = targetPath;
   }
 
diff --git a/netty/src/main/java/io/grpc/netty/UdsNameResolverProvider.java b/netty/src/main/java/io/grpc/netty/UdsNameResolverProvider.java
index fe6300057fd..baf18e3d7de 100644
--- a/netty/src/main/java/io/grpc/netty/UdsNameResolverProvider.java
+++ b/netty/src/main/java/io/grpc/netty/UdsNameResolverProvider.java
@@ -20,6 +20,7 @@
 import io.grpc.Internal;
 import io.grpc.NameResolver;
 import io.grpc.NameResolverProvider;
+import io.grpc.Uri;
 import io.netty.channel.unix.DomainSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
@@ -31,9 +32,21 @@ public final class UdsNameResolverProvider extends NameResolverProvider {
 
   private static final String SCHEME = "unix";
 
+  @Override
+  public NameResolver newNameResolver(Uri targetUri, NameResolver.Args args) {
+    if (SCHEME.equals(targetUri.getScheme())) {
+      return new UdsNameResolver(targetUri.getAuthority(), targetUri.getPath(), args);
+    } else {
+      return null;
+    }
+  }
+
   @Override
   public UdsNameResolver newNameResolver(URI targetUri, NameResolver.Args args) {
     if (SCHEME.equals(targetUri.getScheme())) {
+      // TODO(jdcormie): java.net.URI has a bug where getAuthority() returns null for both the
+      // undefined and zero-length authority. Doesn't matter for now because UdsNameResolver doesn't
+      // distinguish these cases.
       return new UdsNameResolver(targetUri.getAuthority(), getTargetPathFromUri(targetUri), args);
     } else {
       return null;
@@ -44,6 +57,10 @@ static String getTargetPathFromUri(URI targetUri) {
     Preconditions.checkArgument(SCHEME.equals(targetUri.getScheme()), "scheme must be " + SCHEME);
     String targetPath = targetUri.getPath();
     if (targetPath == null) {
+      // TODO(jdcormie): This incorrectly includes '?' and any characters that follow. In the
+      // hierarchical case ('unix:///path'), java.net.URI parses these into a query component that's
+      // distinct from the path. But in the present "opaque" case ('unix:/path'), what may look like
+      // a query is considered part of the SSP.
       targetPath = Preconditions.checkNotNull(targetUri.getSchemeSpecificPart(), "targetPath");
     }
     return targetPath;
diff --git a/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java b/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
index f18039ee606..1766a8e4134 100644
--- a/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
+++ b/netty/src/test/java/io/grpc/netty/UdsNameResolverProviderTest.java
@@ -17,6 +17,7 @@
 package io.grpc.netty;
 
 import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.TruthJUnit.assume;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -26,16 +27,20 @@
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.ServiceConfigParser;
 import io.grpc.SynchronizationContext;
+import io.grpc.Uri;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.GrpcUtil;
 import io.netty.channel.unix.DomainSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
+import java.util.Arrays;
 import java.util.List;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
@@ -43,9 +48,17 @@
 import org.mockito.junit.MockitoRule;
 
 /** Unit tests for {@link UdsNameResolverProvider}. */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class UdsNameResolverProviderTest {
   private static final int DEFAULT_PORT = 887;
+
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
 
@@ -73,24 +86,21 @@ public class UdsNameResolverProviderTest {
 
   @Test
   public void testUnixRelativePath() {
-    UdsNameResolver udsNameResolver =
-        udsNameResolverProvider.newNameResolver(URI.create("unix:sock.sock"), args);
+    UdsNameResolver udsNameResolver = newNameResolver("unix:sock.sock", args);
     DomainSocketAddress domainSocketAddress = startAndGetUniqueResolvedAddress(udsNameResolver);
     assertThat(domainSocketAddress.path()).isEqualTo("sock.sock");
   }
 
   @Test
   public void testUnixAbsolutePath() {
-    UdsNameResolver udsNameResolver =
-        udsNameResolverProvider.newNameResolver(URI.create("unix:/sock.sock"), args);
+    UdsNameResolver udsNameResolver = newNameResolver("unix:/sock.sock", args);
     DomainSocketAddress domainSocketAddress = startAndGetUniqueResolvedAddress(udsNameResolver);
     assertThat(domainSocketAddress.path()).isEqualTo("/sock.sock");
   }
 
   @Test
   public void testUnixAbsoluteAlternatePath() {
-    UdsNameResolver udsNameResolver =
-        udsNameResolverProvider.newNameResolver(URI.create("unix:///sock.sock"), args);
+    UdsNameResolver udsNameResolver = newNameResolver("unix:///sock.sock", args);
     DomainSocketAddress domainSocketAddress = startAndGetUniqueResolvedAddress(udsNameResolver);
     assertThat(domainSocketAddress.path()).isEqualTo("/sock.sock");
   }
@@ -98,13 +108,37 @@ public void testUnixAbsoluteAlternatePath() {
   @Test
   public void testUnixPathWithAuthority() {
     try {
-      udsNameResolverProvider.newNameResolver(URI.create("unix://localhost/sock.sock"), args);
+      newNameResolver("unix://localhost/sock.sock", args);
       fail("exception expected");
     } catch (IllegalArgumentException e) {
       assertThat(e).hasMessageThat().isEqualTo("authority not supported: localhost");
     }
   }
 
+  @Test
+  public void testUnixAbsolutePathDoesNotIncludeQueryOrFragment() {
+    UdsNameResolver udsNameResolver = newNameResolver("unix:///sock.sock?query#fragment", args);
+    DomainSocketAddress domainSocketAddress = startAndGetUniqueResolvedAddress(udsNameResolver);
+    assertThat(domainSocketAddress.path()).isEqualTo("/sock.sock");
+  }
+
+  @Test
+  public void testUnixRelativePathDoesNotIncludeQueryOrFragment() {
+    // This test fails without RFC 3986 support because of a bug in the legacy java.net.URI-based
+    // NRP implementation.
+    assume().that(enableRfc3986UrisParam).isTrue();
+
+    UdsNameResolver udsNameResolver = newNameResolver("unix:sock.sock?query#fragment", args);
+    DomainSocketAddress domainSocketAddress = startAndGetUniqueResolvedAddress(udsNameResolver);
+    assertThat(domainSocketAddress.path()).isEqualTo("sock.sock");
+  }
+
+  private UdsNameResolver newNameResolver(String uriString, NameResolver.Args args) {
+    return enableRfc3986UrisParam
+        ? (UdsNameResolver) udsNameResolverProvider.newNameResolver(Uri.create(uriString), args)
+        : udsNameResolverProvider.newNameResolver(URI.create(uriString), args);
+  }
+
   private DomainSocketAddress startAndGetUniqueResolvedAddress(UdsNameResolver udsNameResolver) {
     assertThat(udsNameResolver).isNotNull();
     udsNameResolver.start(mockListener);
diff --git a/netty/src/test/java/io/grpc/netty/UdsNameResolverTest.java b/netty/src/test/java/io/grpc/netty/UdsNameResolverTest.java
index 22790a41c77..7bf808c18ce 100644
--- a/netty/src/test/java/io/grpc/netty/UdsNameResolverTest.java
+++ b/netty/src/test/java/io/grpc/netty/UdsNameResolverTest.java
@@ -91,10 +91,10 @@ public void testValidTargetPath() {
   @Test
   public void testNonNullAuthority() {
     try {
-      udsNameResolver = new UdsNameResolver("authority", "sock.sock", args);
+      udsNameResolver = new UdsNameResolver("somehost", "sock.sock", args);
       fail("exception expected");
     } catch (IllegalArgumentException e) {
-      assertThat(e).hasMessageThat().isEqualTo("non-null authority not supported");
+      assertThat(e).hasMessageThat().isEqualTo("authority not supported: somehost");
     }
   }
 }

From eae16b2517e294cde94c2a8b1171c0131fa7991a Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 20 Feb 2026 13:07:40 +0530
Subject: [PATCH 542/591] unwrap ForwardingSubchannel during Picks (#12658)

This PR ensures that Load Balancing (LB) policies unwrap
`ForwardingSubchannel` instances before returning them in a
`PickResult`.

**Rationale:** Currently, the identity of a subchannel is "awkward"
because decorators break object identity. This forces the core channel
to use internal workarounds like `getInternalSubchannel()` to find the
underlying implementation. Removing these wrappers during the pick
process is a critical prerequisite for deleting Subchannel Attributes.

By enforcing unwrapping, `ManagedChannelImpl` can rely on the fact that
a returned subchannel is the same instance it originally created. This
allows the channel to use strongly-typed fields for state management
(via "blind casting") rather than abusing attributes to re-discover
information that should already be known. This also paves the way for
the eventual removal of the `getInternalSubchannel()` internal API.

**New APIs:** To ensure we don't "drop data on the floor" during the
unwrapping process, this PR adds two new non-static APIs to PickResult:
- copyWithSubchannel()
- copyWithStreamTracerFactory()

Unlike static factory methods, these instance methods follow a
"copy-and-update" pattern that preserves all existing pick-level
metadata (such as authority overrides or drop status) while only
swapping the specific field required.
---
 api/src/main/java/io/grpc/LoadBalancer.java   | 24 ++++++
 .../test/java/io/grpc/LoadBalancerTest.java   | 20 +++++
 .../HealthCheckingLoadBalancerFactory.java    | 24 ++++++
 .../io/grpc/util/HealthProducerHelper.java    | 26 ++++++
 .../util/OutlierDetectionLoadBalancer.java    | 11 ++-
 .../OutlierDetectionLoadBalancerTest.java     |  2 +-
 .../io/grpc/xds/ClusterImplLoadBalancer.java  | 85 +++++++++++--------
 .../xds/WeightedRoundRobinLoadBalancer.java   | 11 ++-
 .../java/io/grpc/xds/orca/OrcaOobUtil.java    | 28 ++++++
 .../WeightedRoundRobinLoadBalancerTest.java   | 36 ++++----
 .../io/grpc/xds/orca/OrcaOobUtilAccessor.java | 35 ++++++++
 11 files changed, 244 insertions(+), 58 deletions(-)
 create mode 100644 xds/src/test/java/io/grpc/xds/orca/OrcaOobUtilAccessor.java

diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index adc43b19841..9816de95c5e 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -632,6 +632,8 @@ private PickResult(
      *                            stream is created at all in some cases.
      * @since 1.3.0
      */
+    // TODO(shivaspeaks): Need to deprecate old APIs and create new ones, 
+    // per https://github.com/grpc/grpc-java/issues/12662.
     public static PickResult withSubchannel(
         Subchannel subchannel, @Nullable ClientStreamTracer.Factory streamTracerFactory) {
       return new PickResult(
@@ -661,6 +663,28 @@ public static PickResult withSubchannel(Subchannel subchannel) {
       return withSubchannel(subchannel, null);
     }
 
+    /**
+     * Creates a new {@code PickResult} with the given {@code subchannel},
+     * but retains all other properties from this {@code PickResult}.
+     *
+     * @since 1.80.0
+     */
+    public PickResult copyWithSubchannel(Subchannel subchannel) {
+      return new PickResult(checkNotNull(subchannel, "subchannel"), streamTracerFactory,
+          status, drop, authorityOverride);
+    }
+
+    /**
+     * Creates a new {@code PickResult} with the given {@code streamTracerFactory},
+     * but retains all other properties from this {@code PickResult}.
+     *
+     * @since 1.80.0
+     */
+    public PickResult copyWithStreamTracerFactory(
+        @Nullable ClientStreamTracer.Factory streamTracerFactory) {
+      return new PickResult(subchannel, streamTracerFactory, status, drop, authorityOverride);
+    }
+
     /**
      * A decision to report a connectivity error to the RPC.  If the RPC is {@link
      * CallOptions#withWaitForReady wait-for-ready}, it will stay buffered.  Otherwise, it will fail
diff --git a/api/src/test/java/io/grpc/LoadBalancerTest.java b/api/src/test/java/io/grpc/LoadBalancerTest.java
index 5e9e5cbe816..22fdc220081 100644
--- a/api/src/test/java/io/grpc/LoadBalancerTest.java
+++ b/api/src/test/java/io/grpc/LoadBalancerTest.java
@@ -64,6 +64,26 @@ public void pickResult_withSubchannelAndTracer() {
     assertThat(result.isDrop()).isFalse();
   }
 
+  @Test
+  public void pickResult_withSubchannelReplacement() {
+    PickResult result = PickResult.withSubchannel(subchannel, tracerFactory)
+        .copyWithSubchannel(subchannel2);
+    assertThat(result.getSubchannel()).isSameInstanceAs(subchannel2);
+    assertThat(result.getStatus()).isSameInstanceAs(Status.OK);
+    assertThat(result.getStreamTracerFactory()).isSameInstanceAs(tracerFactory);
+    assertThat(result.isDrop()).isFalse();
+  }
+
+  @Test
+  public void pickResult_withStreamTracerFactory() {
+    PickResult result = PickResult.withSubchannel(subchannel)
+        .copyWithStreamTracerFactory(tracerFactory);
+    assertThat(result.getSubchannel()).isSameInstanceAs(subchannel);
+    assertThat(result.getStatus()).isSameInstanceAs(Status.OK);
+    assertThat(result.getStreamTracerFactory()).isSameInstanceAs(tracerFactory);
+    assertThat(result.isDrop()).isFalse();
+  }
+
   @Test
   public void pickResult_withNoResult() {
     PickResult result = PickResult.withNoResult();
diff --git a/services/src/main/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactory.java b/services/src/main/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactory.java
index 8cf1458f5dc..b9f235d0aff 100644
--- a/services/src/main/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactory.java
+++ b/services/src/main/java/io/grpc/protobuf/services/HealthCheckingLoadBalancerFactory.java
@@ -144,6 +144,30 @@ void setHealthCheckedService(@Nullable String service) {
     public String toString() {
       return MoreObjects.toStringHelper(this).add("delegate", delegate()).toString();
     }
+
+    @Override
+    public void updateBalancingState(
+        io.grpc.ConnectivityState newState, LoadBalancer.SubchannelPicker newPicker) {
+      delegate().updateBalancingState(newState, new HealthCheckPicker(newPicker));
+    }
+
+    private final class HealthCheckPicker extends LoadBalancer.SubchannelPicker {
+      private final LoadBalancer.SubchannelPicker delegate;
+
+      HealthCheckPicker(LoadBalancer.SubchannelPicker delegate) {
+        this.delegate = delegate;
+      }
+
+      @Override
+      public LoadBalancer.PickResult pickSubchannel(LoadBalancer.PickSubchannelArgs args) {
+        LoadBalancer.PickResult result = delegate.pickSubchannel(args);
+        LoadBalancer.Subchannel subchannel = result.getSubchannel();
+        if (subchannel instanceof SubchannelImpl) {
+          return result.copyWithSubchannel(((SubchannelImpl) subchannel).delegate());
+        }
+        return result;
+      }
+    }
   }
 
   @VisibleForTesting
diff --git a/util/src/main/java/io/grpc/util/HealthProducerHelper.java b/util/src/main/java/io/grpc/util/HealthProducerHelper.java
index b11864765ea..d871911d203 100644
--- a/util/src/main/java/io/grpc/util/HealthProducerHelper.java
+++ b/util/src/main/java/io/grpc/util/HealthProducerHelper.java
@@ -22,6 +22,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import io.grpc.Attributes;
+import io.grpc.ConnectivityState;
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.Internal;
 import io.grpc.LoadBalancer;
@@ -84,6 +85,31 @@ protected LoadBalancer.Helper delegate() {
     return delegate;
   }
 
+  @Override
+  public void updateBalancingState(
+      ConnectivityState newState, LoadBalancer.SubchannelPicker newPicker) {
+    delegate.updateBalancingState(newState, new HealthProducerPicker(newPicker));
+  }
+
+  private static final class HealthProducerPicker extends LoadBalancer.SubchannelPicker {
+    private final LoadBalancer.SubchannelPicker delegate;
+
+    HealthProducerPicker(LoadBalancer.SubchannelPicker delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public LoadBalancer.PickResult pickSubchannel(LoadBalancer.PickSubchannelArgs args) {
+      LoadBalancer.PickResult result = delegate.pickSubchannel(args);
+      LoadBalancer.Subchannel subchannel = result.getSubchannel();
+      if (subchannel instanceof HealthProducerSubchannel) {
+        return result.copyWithSubchannel(
+            ((HealthProducerSubchannel) subchannel).delegate());
+      }
+      return result;
+    }
+  }
+
   // The parent subchannel in the health check producer LB chain. It duplicates subchannel state to
   // both the state listener and health listener.
   @VisibleForTesting
diff --git a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
index d72a85012f2..dc61441bccd 100644
--- a/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/OutlierDetectionLoadBalancer.java
@@ -442,9 +442,14 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
 
       Subchannel subchannel = pickResult.getSubchannel();
       if (subchannel != null) {
-        return PickResult.withSubchannel(subchannel, new ResultCountingClientStreamTracerFactory(
-            subchannel.getAttributes().get(ENDPOINT_TRACKER_KEY),
-            pickResult.getStreamTracerFactory()));
+        EndpointTracker tracker = subchannel.getAttributes().get(ENDPOINT_TRACKER_KEY);
+        if (subchannel instanceof OutlierDetectionSubchannel) {
+          subchannel = ((OutlierDetectionSubchannel) subchannel).delegate();
+        }
+        return pickResult.copyWithSubchannel(subchannel)
+            .copyWithStreamTracerFactory(new ResultCountingClientStreamTracerFactory(
+                tracker,
+                pickResult.getStreamTracerFactory()));
       }
 
       return pickResult;
diff --git a/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java b/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
index 10436407422..39f5b5fb7d6 100644
--- a/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/OutlierDetectionLoadBalancerTest.java
@@ -408,7 +408,7 @@ public void delegatePick() throws Exception {
     // Make sure that we can pick the single READY subchannel.
     SubchannelPicker picker = pickerCaptor.getAllValues().get(2);
     PickResult pickResult = picker.pickSubchannel(mock(PickSubchannelArgs.class));
-    Subchannel s = ((OutlierDetectionSubchannel) pickResult.getSubchannel()).delegate();
+    Subchannel s = pickResult.getSubchannel();
     if (s instanceof HealthProducerHelper.HealthProducerSubchannel) {
       s = ((HealthProducerHelper.HealthProducerSubchannel) s).delegate();
     }
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index ec4bec7f25c..8b8ce0f03ce 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -252,42 +252,55 @@ public Subchannel createSubchannel(CreateSubchannelArgs args) {
       args = args.toBuilder().setAddresses(addresses).setAttributes(attrsBuilder.build()).build();
       final Subchannel subchannel = delegate().createSubchannel(args);
 
-      return new ForwardingSubchannel() {
-        @Override
-        public void start(SubchannelStateListener listener) {
-          delegate().start(new SubchannelStateListener() {
-            @Override
-            public void onSubchannelState(ConnectivityStateInfo newState) {
-              // Do nothing if LB has been shutdown
-              if (xdsClient != null && newState.getState().equals(ConnectivityState.READY)) {
-                // Get locality based on the connected address attributes
-                ClusterLocality updatedClusterLocality = createClusterLocalityFromAttributes(
-                    subchannel.getConnectedAddressAttributes());
-                ClusterLocality oldClusterLocality = localityAtomicReference
-                    .getAndSet(updatedClusterLocality);
-                oldClusterLocality.release();
+      return new ClusterImplSubchannel(subchannel, localityAtomicReference);
+    }
+
+    private final class ClusterImplSubchannel extends ForwardingSubchannel {
+      private final Subchannel delegate;
+      private final AtomicReference<ClusterLocality> localityAtomicReference;
+
+      private ClusterImplSubchannel(
+          Subchannel delegate, AtomicReference<ClusterLocality> localityAtomicReference) {
+        this.delegate = delegate;
+        this.localityAtomicReference = localityAtomicReference;
+      }
+
+      @Override
+      public void start(SubchannelStateListener listener) {
+        delegate().start(
+            new SubchannelStateListener() {
+              @Override
+              public void onSubchannelState(ConnectivityStateInfo newState) {
+                // Do nothing if LB has been shutdown
+                if (xdsClient != null && newState.getState().equals(ConnectivityState.READY)) {
+                  // Get locality based on the connected address attributes
+                  ClusterLocality updatedClusterLocality =
+                      createClusterLocalityFromAttributes(
+                          delegate.getConnectedAddressAttributes());
+                  ClusterLocality oldClusterLocality =
+                      localityAtomicReference.getAndSet(updatedClusterLocality);
+                  oldClusterLocality.release();
+                }
+                listener.onSubchannelState(newState);
               }
-              listener.onSubchannelState(newState);
-            }
-          });
-        }
+            });
+      }
 
-        @Override
-        public void shutdown() {
-          localityAtomicReference.get().release();
-          delegate().shutdown();
-        }
+      @Override
+      public void shutdown() {
+        localityAtomicReference.get().release();
+        delegate().shutdown();
+      }
 
-        @Override
-        public void updateAddresses(List<EquivalentAddressGroup> addresses) {
-          delegate().updateAddresses(withAdditionalAttributes(addresses));
-        }
+      @Override
+      public void updateAddresses(List<EquivalentAddressGroup> addresses) {
+        delegate().updateAddresses(withAdditionalAttributes(addresses));
+      }
 
-        @Override
-        protected Subchannel delegate() {
-          return subchannel;
-        }
-      };
+      @Override
+      protected Subchannel delegate() {
+        return delegate;
+      }
     }
 
     private List<EquivalentAddressGroup> withAdditionalAttributes(
@@ -412,6 +425,11 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
         }
         PickResult result = delegate.pickSubchannel(args);
         if (result.getStatus().isOk() && result.getSubchannel() != null) {
+          Subchannel subchannel = result.getSubchannel();
+          if (subchannel instanceof ClusterImplLbHelper.ClusterImplSubchannel) {
+            subchannel = ((ClusterImplLbHelper.ClusterImplSubchannel) subchannel).delegate();
+            result = result.copyWithSubchannel(subchannel);
+          }
           if (enableCircuitBreaking) {
             if (inFlights.get() >= maxConcurrentRequests) {
               if (dropStats != null) {
@@ -437,8 +455,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
                   stats, inFlights, result.getStreamTracerFactory());
               ClientStreamTracer.Factory orcaTracerFactory = OrcaPerRequestUtil.getInstance()
                   .newOrcaClientStreamTracerFactory(tracerFactory, new OrcaPerRpcListener(stats));
-              result = PickResult.withSubchannel(result.getSubchannel(),
-                  orcaTracerFactory);
+              result = result.copyWithStreamTracerFactory(orcaTracerFactory);
             }
           }
           if (args.getCallOptions().getOption(XdsNameResolver.AUTO_HOST_REWRITE_KEY) != null
diff --git a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
index 6cf3189d587..fc6c3f5b119 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
@@ -508,12 +508,15 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
       if (subchannel == null) {
         return pickResult;
       }
+      
+      subchannel = ((WrrSubchannel) subchannel).delegate();
       if (!enableOobLoadReport) {
-        return PickResult.withSubchannel(subchannel,
-            OrcaPerRequestUtil.getInstance().newOrcaClientStreamTracerFactory(
-                reportListeners.get(pick)));
+        return pickResult.copyWithSubchannel(subchannel)
+            .copyWithStreamTracerFactory(
+                OrcaPerRequestUtil.getInstance().newOrcaClientStreamTracerFactory(
+                    reportListeners.get(pick)));
       } else {
-        return PickResult.withSubchannel(subchannel);
+        return pickResult.copyWithSubchannel(subchannel);
       }
     }
 
diff --git a/xds/src/main/java/io/grpc/xds/orca/OrcaOobUtil.java b/xds/src/main/java/io/grpc/xds/orca/OrcaOobUtil.java
index 9ac06d362fc..b37b9bc42e3 100644
--- a/xds/src/main/java/io/grpc/xds/orca/OrcaOobUtil.java
+++ b/xds/src/main/java/io/grpc/xds/orca/OrcaOobUtil.java
@@ -36,12 +36,16 @@
 import io.grpc.ChannelLogger;
 import io.grpc.ChannelLogger.ChannelLogLevel;
 import io.grpc.ClientCall;
+import io.grpc.ConnectivityState;
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.ExperimentalApi;
 import io.grpc.LoadBalancer;
 import io.grpc.LoadBalancer.CreateSubchannelArgs;
 import io.grpc.LoadBalancer.Helper;
+import io.grpc.LoadBalancer.PickResult;
+import io.grpc.LoadBalancer.PickSubchannelArgs;
 import io.grpc.LoadBalancer.Subchannel;
+import io.grpc.LoadBalancer.SubchannelPicker;
 import io.grpc.LoadBalancer.SubchannelStateListener;
 import io.grpc.Metadata;
 import io.grpc.Status;
@@ -236,6 +240,30 @@ protected Helper delegate() {
       return delegate;
     }
 
+    @Override
+    public void updateBalancingState(ConnectivityState newState, SubchannelPicker newPicker) {
+      delegate.updateBalancingState(newState, new OrcaOobPicker(newPicker));
+    }
+
+    @VisibleForTesting
+    static final class OrcaOobPicker extends SubchannelPicker {
+      final SubchannelPicker delegate;
+
+      OrcaOobPicker(SubchannelPicker delegate) {
+        this.delegate = delegate;
+      }
+
+      @Override
+      public PickResult pickSubchannel(PickSubchannelArgs args) {
+        PickResult result = delegate.pickSubchannel(args);
+        Subchannel subchannel = result.getSubchannel();
+        if (subchannel instanceof SubchannelImpl) {
+          return result.copyWithSubchannel(((SubchannelImpl) subchannel).delegate());
+        }
+        return result;
+      }
+    }
+
     @Override
     public Subchannel createSubchannel(CreateSubchannelArgs args) {
       syncContext.throwIfNotInThisSynchronizationContext();
diff --git a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
index 9fac46eaf09..0b026b06f6f 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
@@ -85,6 +85,7 @@
 import io.grpc.xds.WeightedRoundRobinLoadBalancer.WeightedChildLbState;
 import io.grpc.xds.WeightedRoundRobinLoadBalancer.WeightedRoundRobinLoadBalancerConfig;
 import io.grpc.xds.WeightedRoundRobinLoadBalancer.WeightedRoundRobinPicker;
+import io.grpc.xds.orca.OrcaOobUtilAccessor;
 import java.net.SocketAddress;
 import java.util.Arrays;
 import java.util.Collections;
@@ -171,6 +172,10 @@ public WeightedRoundRobinLoadBalancerTest() {
     helper = mock(Helper.class, delegatesTo(testHelperInstance));
   }
 
+  private static WeightedRoundRobinPicker getWrrPicker(SubchannelPicker picker) {
+    return (WeightedRoundRobinPicker) OrcaOobUtilAccessor.getDelegate(picker);
+  }
+
   @Before
   public void setup() {
     for (int i = 0; i < 3; i++) {
@@ -212,9 +217,8 @@ public void pickChildLbTF() throws Exception {
         .forTransientFailure(Status.UNAVAILABLE));
     verify(helper).updateBalancingState(
         eq(ConnectivityState.TRANSIENT_FAILURE), pickerCaptor.capture());
-    final WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getValue();
-    weightedPicker.pickSubchannel(mockArgs);
+    final SubchannelPicker picker = pickerCaptor.getValue();
+    picker.pickSubchannel(mockArgs);
   }
 
   @Test
@@ -274,9 +278,9 @@ public void wrrLifeCycle() {
             eq(ConnectivityState.READY), pickerCaptor.capture());
     assertThat(pickerCaptor.getAllValues().size()).isEqualTo(2);
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(0);
+        getWrrPicker(pickerCaptor.getAllValues().get(0));
     assertThat(weightedPicker.getChildren().size()).isEqualTo(1);
-    weightedPicker = (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(1);
+    weightedPicker = getWrrPicker(pickerCaptor.getAllValues().get(1));
     assertThat(weightedPicker.getChildren().size()).isEqualTo(2);
     String weightedPickerStr = weightedPicker.toString();
     assertThat(weightedPickerStr).contains("enableOobLoadReport=false");
@@ -337,7 +341,7 @@ public void enableOobLoadReportConfig() {
     verify(helper, times(2)).updateBalancingState(
             eq(ConnectivityState.READY), pickerCaptor.capture());
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(1);
+        getWrrPicker(pickerCaptor.getAllValues().get(1));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
     weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
@@ -361,8 +365,8 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
             .setAttributes(affinity).build()));
     verify(helper, times(3)).updateBalancingState(
             eq(ConnectivityState.READY), pickerCaptor2.capture());
-    weightedPicker = (WeightedRoundRobinPicker) pickerCaptor2.getAllValues().get(2);
-    pickResult = weightedPicker.pickSubchannel(mockArgs);
+    SubchannelPicker rawPicker = pickerCaptor2.getAllValues().get(2);
+    pickResult = rawPicker.pickSubchannel(mockArgs);
     assertThat(getAddresses(pickResult)).isEqualTo(servers.get(0));
     assertThat(pickResult.getStreamTracerFactory()).isNull();
     OrcaLoadReportRequest golden = OrcaLoadReportRequest.newBuilder().setReportInterval(
@@ -395,7 +399,7 @@ private void pickByWeight(MetricReport r1, MetricReport r2, MetricReport r3,
     verify(helper, times(3)).updateBalancingState(
             eq(ConnectivityState.READY), pickerCaptor.capture());
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(2);
+        getWrrPicker(pickerCaptor.getAllValues().get(2));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
     WeightedChildLbState weightedChild3 = (WeightedChildLbState) getChild(weightedPicker, 2);
@@ -595,7 +599,7 @@ public void blackoutPeriod() {
     verify(helper, times(2)).updateBalancingState(
             eq(ConnectivityState.READY), pickerCaptor.capture());
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(1);
+        getWrrPicker(pickerCaptor.getAllValues().get(1));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
     weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
@@ -655,9 +659,9 @@ public void updateWeightTimer() {
         eq(ConnectivityState.READY), pickerCaptor.capture());
     assertThat(pickerCaptor.getAllValues().size()).isEqualTo(2);
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(0);
+        getWrrPicker(pickerCaptor.getAllValues().get(0));
     assertThat(weightedPicker.getChildren().size()).isEqualTo(1);
-    weightedPicker = (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(1);
+    weightedPicker = getWrrPicker(pickerCaptor.getAllValues().get(1));
     assertThat(weightedPicker.getChildren().size()).isEqualTo(2);
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
@@ -710,7 +714,7 @@ public void weightExpired() {
     verify(helper, times(2)).updateBalancingState(
             eq(ConnectivityState.READY), pickerCaptor.capture());
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(1);
+        getWrrPicker(pickerCaptor.getAllValues().get(1));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
     weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
@@ -761,7 +765,7 @@ public void rrFallback() {
     verify(helper, times(2)).updateBalancingState(
         eq(ConnectivityState.READY), pickerCaptor.capture());
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(1);
+        getWrrPicker(pickerCaptor.getAllValues().get(1));
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
     assertThat(fakeClock.forwardTime(10, TimeUnit.SECONDS)).isEqualTo(expectedTasks);
     Map<EquivalentAddressGroup, Integer> qpsByChannel = ImmutableMap.of(servers.get(0), 2,
@@ -816,7 +820,7 @@ public void unknownWeightIsAvgWeight() {
     verify(helper, times(3)).updateBalancingState(
             eq(ConnectivityState.READY), pickerCaptor.capture());
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(2);
+        getWrrPicker(pickerCaptor.getAllValues().get(2));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
     weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
@@ -857,7 +861,7 @@ public void pickFromOtherThread() throws Exception {
     verify(helper, times(2)).updateBalancingState(
             eq(ConnectivityState.READY), pickerCaptor.capture());
     WeightedRoundRobinPicker weightedPicker =
-        (WeightedRoundRobinPicker) pickerCaptor.getAllValues().get(1);
+        getWrrPicker(pickerCaptor.getAllValues().get(1));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
     weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
diff --git a/xds/src/test/java/io/grpc/xds/orca/OrcaOobUtilAccessor.java b/xds/src/test/java/io/grpc/xds/orca/OrcaOobUtilAccessor.java
new file mode 100644
index 00000000000..db9168dd08e
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/orca/OrcaOobUtilAccessor.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.orca;
+
+import io.grpc.LoadBalancer;
+
+/**
+ * Accessor for white-box testing involving OrcaOobUtil.
+ */
+public final class OrcaOobUtilAccessor {
+  private OrcaOobUtilAccessor() {
+    // Do not instantiate
+  }
+
+  public static LoadBalancer.SubchannelPicker getDelegate(LoadBalancer.SubchannelPicker picker) {
+    if (picker instanceof OrcaOobUtil.OrcaReportingHelper.OrcaOobPicker) {
+      return ((OrcaOobUtil.OrcaReportingHelper.OrcaOobPicker) picker).delegate;
+    }
+    return picker;
+  }
+}

From 50ead96f4718569782cc7a3f694c9aa755722bac Mon Sep 17 00:00:00 2001
From: Kim Jin Young <tian__mi__mi@naver.com>
Date: Sat, 21 Feb 2026 00:31:39 +0900
Subject: [PATCH 543/591] netty: Preserve early server handshake failure cause
 in logs

Early server-side negotiation failures may terminate a transport before
NettyServerHandler is fully active in the pipeline. In those cases, the
original handshake failure can be missing from transport termination
logging because termination may rely on connectionError(), which can be
null on this early path.

This change adds a server-side NOOP write in
NettyServerTransport.start() (analogous to the existing client-side NOOP
write path). If that write fails, its cause is passed to
notifyTerminated(), preserving and logging the original transport
termination reason for debugging.

To support this, NettyServerHandler now accepts NOOP_MESSAGE writes by
writing an empty buffer, and tests are added to verify:
  - transport failure logging for plaintext-client to TLS-server failure
  - server NOOP write handling in NettyServerHandler

Fixes #8495
---
 .../io/grpc/netty/NettyServerHandler.java     |  8 ++++
 .../io/grpc/netty/NettyServerTransport.java   | 12 ++++++
 .../io/grpc/netty/NettyServerHandlerTest.java | 19 ++++++++++
 .../grpc/netty/ProtocolNegotiatorsTest.java   | 37 +++++++++++++++++++
 4 files changed, 76 insertions(+)

diff --git a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
index 036fde55e2c..416fdd9be5c 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
@@ -124,6 +124,12 @@ class NettyServerHandler extends AbstractNettyHandler {
   private static final boolean DISABLE_CONNECTION_HEADER_CHECK = Boolean.parseBoolean(
       System.getProperty("io.grpc.netty.disableConnectionHeaderCheck", "false"));
 
+  /**
+   * A message that simply passes through the channel without any real processing. It is useful to
+   * check if buffers have been drained and test the health of the channel in a single operation.
+   */
+  static final Object NOOP_MESSAGE = new Object();
+
   private final Http2Connection.PropertyKey streamKey;
   private final ServerTransportListener transportListener;
   private final int maxMessageSize;
@@ -709,6 +715,8 @@ public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)
       gracefulClose(ctx, (GracefulServerCloseCommand) msg, promise);
     } else if (msg instanceof ForcefulCloseCommand) {
       forcefulClose(ctx, (ForcefulCloseCommand) msg, promise);
+    } else if (msg == NOOP_MESSAGE) {
+      ctx.write(Unpooled.EMPTY_BUFFER, promise);
     } else {
       AssertionError e =
           new AssertionError("Write called for unexpected type: " + msg.getClass().getName());
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerTransport.java b/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
index 758ffeee5b1..6651b42ee66 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
@@ -160,6 +160,18 @@ public void operationComplete(ChannelFuture future) throws Exception {
     channel.closeFuture().addListener(terminationNotifier);
 
     channel.pipeline().addLast(bufferingHandler);
+
+    channel.writeAndFlush(NettyServerHandler.NOOP_MESSAGE).addListener(new ChannelFutureListener() {
+      @Override
+      public void operationComplete(ChannelFuture future) throws Exception {
+        if (!future.isSuccess()) {
+          // grpcHandler (NettyServerHandler) may not be in the pipeline yet on early negotiation
+          // failure, so connectionError() can remain null. Notify termination here with the write
+          // failure cause to preserve/log the original transport termination reason.
+          notifyTerminated(future.cause());
+        }
+      }
+    });
   }
 
   @Override
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
index 0d5a9bab176..7f958a2845c 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
@@ -1347,6 +1347,25 @@ public void maxRstCountSent_exceedsLimit_fails() throws Exception {
     assertFalse(channel().isOpen());
   }
 
+  @Test
+  public void write_noopMessage_writesEmptyBuffer() throws Exception {
+    manualSetUp();
+
+    ChannelPromise promise = newPromise();
+    handler().write(ctx(), NettyServerHandler.NOOP_MESSAGE, promise);
+    channel().flush();
+
+    assertTrue(promise.isSuccess());
+
+    Object outbound = channel().readOutbound();
+    assertTrue(outbound instanceof ByteBuf);
+    ByteBuf buf = (ByteBuf) outbound;
+    assertEquals(0, buf.readableBytes());
+    buf.release();
+
+    assertNull(channel().readOutbound());
+  }
+
   private void madeYouReset(int burstSize) throws Exception {
     when(streamTracerFactory.newServerStreamTracer(anyString(), any(Metadata.class)))
         .thenAnswer((args) -> new TestServerStreamTracer());
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 80438532172..90ca8f94c6c 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -133,6 +133,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Filter;
+import java.util.logging.Handler;
 import java.util.logging.Level;
 import java.util.logging.LogRecord;
 import java.util.logging.Logger;
@@ -472,6 +473,42 @@ public void from_tls_clientAuthRequire_noClientCert() throws Exception {
     }
   }
 
+  @Test
+  public void from_plaintextClient_toTlsServer_logsTransportFailureCause() throws Exception {
+    final AtomicReference<LogRecord> transportFailureLog = new AtomicReference<>();
+    Handler handler = new Handler() {
+      @Override
+      public void publish(LogRecord record) {
+        if ("Transport failed".equals(record.getMessage()) && record.getThrown() != null) {
+          transportFailureLog.compareAndSet(null, record);
+        }
+      }
+
+      @Override
+      public void flush() {}
+
+      @Override
+      public void close() throws SecurityException {}
+    };
+    Logger logger =
+        Logger.getLogger(String.format("%s.connections", NettyServerTransport.class.getName()));
+    Level oldLevel = logger.getLevel();
+    try {
+      logger.addHandler(handler);
+      logger.setLevel(Level.ALL);
+
+      ServerCredentials serverCreds = TlsServerCredentials.create(server1Cert, server1Key);
+      ChannelCredentials channelCreds = InsecureChannelCredentials.create();
+      Status status = expectFailedHandshake(channelCreds, serverCreds);
+
+      assertEquals(Status.Code.UNAVAILABLE, status.getCode());
+      assertThat(transportFailureLog.get()).isNotNull();
+    } finally {
+      logger.removeHandler(handler);
+      logger.setLevel(oldLevel);
+    }
+  }
+
   @Test
   public void from_tls_clientAuthRequire_clientCert() throws Exception {
     ServerCredentials serverCreds = TlsServerCredentials.newBuilder()

From 470219f9ca330887215d3192f72095aa844d84fb Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 23 Feb 2026 07:46:17 -0800
Subject: [PATCH 544/591] Trigger R8's ServiceLoader optimization

This simplifies R8 Full Mode's configuration when paired with R8
optimizations (which is made more difficult to avoid in AGP 9), as when
the optimization is triggered Full Mode will automatically keep the
constructor for the relevant classes.

android-interop-test doesn't currently enable R8 optimizations, so it
doesn't actually demonstrate the benefit, but I have manually confirmed
that enabling proguard-android-optimize.txt does cause the ServiceLoader
optimization in android-interop-test. Note that full mode is a separate
configuration and not necessary to get the ServiceLoader optimization.
---
 .../io/grpc/InternalServiceProviders.java     | 24 +++++++-
 .../java/io/grpc/LoadBalancerRegistry.java    |  8 ++-
 .../java/io/grpc/ManagedChannelRegistry.java  |  7 ++-
 .../java/io/grpc/NameResolverRegistry.java    |  7 ++-
 api/src/main/java/io/grpc/ServerRegistry.java |  6 +-
 .../main/java/io/grpc/ServiceProviders.java   | 43 +++++++++----
 .../java/io/grpc/ServiceProvidersTest.java    | 61 +++++++++++++------
 .../io/grpc/xds/XdsCredentialsRegistry.java   |  7 ++-
 8 files changed, 123 insertions(+), 40 deletions(-)

diff --git a/api/src/main/java/io/grpc/InternalServiceProviders.java b/api/src/main/java/io/grpc/InternalServiceProviders.java
index 9207f6f741c..debc786a82a 100644
--- a/api/src/main/java/io/grpc/InternalServiceProviders.java
+++ b/api/src/main/java/io/grpc/InternalServiceProviders.java
@@ -17,7 +17,9 @@
 package io.grpc;
 
 import com.google.common.annotations.VisibleForTesting;
+import java.util.Iterator;
 import java.util.List;
+import java.util.ServiceLoader;
 
 @Internal
 public final class InternalServiceProviders {
@@ -27,12 +29,28 @@ private InternalServiceProviders() {
   /**
    * Accessor for method.
    */
+  @Deprecated
   public static <T> List<T> loadAll(
       Class<T> klass,
       Iterable<Class<?>> hardCodedClasses,
       ClassLoader classLoader,
       PriorityAccessor<T> priorityAccessor) {
-    return ServiceProviders.loadAll(klass, hardCodedClasses, classLoader, priorityAccessor);
+    return loadAll(
+        klass,
+        ServiceLoader.load(klass, classLoader).iterator(),
+        () -> hardCodedClasses,
+        priorityAccessor);
+  }
+
+  /**
+   * Accessor for method.
+   */
+  public static <T> List<T> loadAll(
+      Class<T> klass,
+      Iterator<T> serviceLoader,
+      Supplier<Iterable<Class<?>>> hardCodedClasses,
+      PriorityAccessor<T> priorityAccessor) {
+    return ServiceProviders.loadAll(klass, serviceLoader, hardCodedClasses::get, priorityAccessor);
   }
 
   /**
@@ -60,4 +78,8 @@ public static boolean isAndroid(ClassLoader cl) {
   }
 
   public interface PriorityAccessor<T> extends ServiceProviders.PriorityAccessor<T> {}
+
+  public interface Supplier<T> {
+    T get();
+  }
 }
diff --git a/api/src/main/java/io/grpc/LoadBalancerRegistry.java b/api/src/main/java/io/grpc/LoadBalancerRegistry.java
index f6b69f978b8..a8fbc102f5f 100644
--- a/api/src/main/java/io/grpc/LoadBalancerRegistry.java
+++ b/api/src/main/java/io/grpc/LoadBalancerRegistry.java
@@ -26,6 +26,7 @@
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.ServiceLoader;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -42,7 +43,6 @@
 public final class LoadBalancerRegistry {
   private static final Logger logger = Logger.getLogger(LoadBalancerRegistry.class.getName());
   private static LoadBalancerRegistry instance;
-  private static final Iterable<Class<?>> HARDCODED_CLASSES = getHardCodedClasses();
 
   private final LinkedHashSet<LoadBalancerProvider> allProviders =
       new LinkedHashSet<>();
@@ -101,8 +101,10 @@ public static synchronized LoadBalancerRegistry getDefaultRegistry() {
     if (instance == null) {
       List<LoadBalancerProvider> providerList = ServiceProviders.loadAll(
           LoadBalancerProvider.class,
-          HARDCODED_CLASSES,
-          LoadBalancerProvider.class.getClassLoader(),
+          ServiceLoader
+            .load(LoadBalancerProvider.class, LoadBalancerProvider.class.getClassLoader())
+            .iterator(),
+          LoadBalancerRegistry::getHardCodedClasses,
           new LoadBalancerPriorityAccessor());
       instance = new LoadBalancerRegistry();
       for (LoadBalancerProvider provider : providerList) {
diff --git a/api/src/main/java/io/grpc/ManagedChannelRegistry.java b/api/src/main/java/io/grpc/ManagedChannelRegistry.java
index 2e794295c2e..ec47b325ffc 100644
--- a/api/src/main/java/io/grpc/ManagedChannelRegistry.java
+++ b/api/src/main/java/io/grpc/ManagedChannelRegistry.java
@@ -29,6 +29,7 @@
 import java.util.Comparator;
 import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.ServiceLoader;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.concurrent.ThreadSafe;
@@ -100,8 +101,10 @@ public static synchronized ManagedChannelRegistry getDefaultRegistry() {
     if (instance == null) {
       List<ManagedChannelProvider> providerList = ServiceProviders.loadAll(
           ManagedChannelProvider.class,
-          getHardCodedClasses(),
-          ManagedChannelProvider.class.getClassLoader(),
+          ServiceLoader
+            .load(ManagedChannelProvider.class, ManagedChannelProvider.class.getClassLoader())
+            .iterator(),
+          ManagedChannelRegistry::getHardCodedClasses,
           new ManagedChannelPriorityAccessor());
       instance = new ManagedChannelRegistry();
       for (ManagedChannelProvider provider : providerList) {
diff --git a/api/src/main/java/io/grpc/NameResolverRegistry.java b/api/src/main/java/io/grpc/NameResolverRegistry.java
index b31c49d63fc..c5e9f7467ab 100644
--- a/api/src/main/java/io/grpc/NameResolverRegistry.java
+++ b/api/src/main/java/io/grpc/NameResolverRegistry.java
@@ -29,6 +29,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.ServiceLoader;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -125,8 +126,10 @@ public static synchronized NameResolverRegistry getDefaultRegistry() {
     if (instance == null) {
       List<NameResolverProvider> providerList = ServiceProviders.loadAll(
           NameResolverProvider.class,
-          getHardCodedClasses(),
-          NameResolverProvider.class.getClassLoader(),
+          ServiceLoader
+            .load(NameResolverProvider.class, NameResolverProvider.class.getClassLoader())
+            .iterator(),
+          NameResolverRegistry::getHardCodedClasses,
           new NameResolverPriorityAccessor());
       if (providerList.isEmpty()) {
         logger.warning("No NameResolverProviders found via ServiceLoader, including for DNS. This "
diff --git a/api/src/main/java/io/grpc/ServerRegistry.java b/api/src/main/java/io/grpc/ServerRegistry.java
index 5b9c8c558e7..1ec7030b82b 100644
--- a/api/src/main/java/io/grpc/ServerRegistry.java
+++ b/api/src/main/java/io/grpc/ServerRegistry.java
@@ -24,6 +24,7 @@
 import java.util.Comparator;
 import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.ServiceLoader;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.concurrent.ThreadSafe;
@@ -93,8 +94,9 @@ public static synchronized ServerRegistry getDefaultRegistry() {
     if (instance == null) {
       List<ServerProvider> providerList = ServiceProviders.loadAll(
           ServerProvider.class,
-          getHardCodedClasses(),
-          ServerProvider.class.getClassLoader(),
+          ServiceLoader.load(ServerProvider.class, ServerProvider.class.getClassLoader())
+            .iterator(),
+          ServerRegistry::getHardCodedClasses,
           new ServerPriorityAccessor());
       instance = new ServerRegistry();
       for (ServerProvider provider : providerList) {
diff --git a/api/src/main/java/io/grpc/ServiceProviders.java b/api/src/main/java/io/grpc/ServiceProviders.java
index c7a118ba042..861688be9fb 100644
--- a/api/src/main/java/io/grpc/ServiceProviders.java
+++ b/api/src/main/java/io/grpc/ServiceProviders.java
@@ -17,10 +17,13 @@
 package io.grpc;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Supplier;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
+import java.util.Iterator;
 import java.util.List;
+import java.util.ListIterator;
 import java.util.ServiceConfigurationError;
 import java.util.ServiceLoader;
 
@@ -34,20 +37,39 @@ private ServiceProviders() {
    * {@link ServiceLoader}.
    * If this is Android, returns all available implementations in {@code hardcoded}.
    * The list is sorted in descending priority order.
+   *
+   * <p>{@code serviceLoader} should be created with {@code ServiceLoader.load(MyClass.class,
+   * MyClass.class.getClassLoader()).iterator()} in order to be detected by R8 so that R8 full mode
+   * will keep the constructors for the provider classes.
    */
   public static <T> List<T> loadAll(
       Class<T> klass,
-      Iterable<Class<?>> hardcoded,
-      ClassLoader cl,
+      Iterator<T> serviceLoader,
+      Supplier<Iterable<Class<?>>> hardcoded,
       final PriorityAccessor<T> priorityAccessor) {
-    Iterable<T> candidates;
-    if (isAndroid(cl)) {
-      candidates = getCandidatesViaHardCoded(klass, hardcoded);
+    Iterator<T> candidates;
+    if (serviceLoader instanceof ListIterator) {
+      // A rewriting tool has replaced the ServiceLoader with a List of some sort (R8 uses
+      // ArrayList, AppReduce uses singletonList). We prefer to use such iterators on Android as
+      // they won't need reflection like the hard-coded list does. In addition, the provider
+      // instances will have already been created, so it seems we should use them.
+      //
+      // R8: https://r8.googlesource.com/r8/+/490bc53d9310d4cc2a5084c05df4aadaec8c885d/src/main/java/com/android/tools/r8/ir/optimize/ServiceLoaderRewriter.java
+      // AppReduce: service_loader_pass.cc
+      candidates = serviceLoader;
+    } else if (isAndroid(klass.getClassLoader())) {
+      // Avoid getResource() on Android, which must read from a zip which uses a lot of memory
+      candidates = getCandidatesViaHardCoded(klass, hardcoded.get()).iterator();
+    } else if (!serviceLoader.hasNext()) {
+      // Attempt to load using the context class loader and ServiceLoader.
+      // This allows frameworks like http://aries.apache.org/modules/spi-fly.html to plug in.
+      candidates = ServiceLoader.load(klass).iterator();
     } else {
-      candidates = getCandidatesViaServiceLoader(klass, cl);
+      candidates = serviceLoader;
     }
     List<T> list = new ArrayList<>();
-    for (T current: candidates) {
+    while (candidates.hasNext()) {
+      T current = candidates.next();
       if (!priorityAccessor.isAvailable(current)) {
         continue;
       }
@@ -84,15 +106,14 @@ static boolean isAndroid(ClassLoader cl) {
   }
 
   /**
-   * Loads service providers for the {@code klass} service using {@link ServiceLoader}.
+   * For testing only: Loads service providers for the {@code klass} service using {@link
+   * ServiceLoader}. Does not support spi-fly and related tricks.
    */
   @VisibleForTesting
   public static <T> Iterable<T> getCandidatesViaServiceLoader(Class<T> klass, ClassLoader cl) {
     Iterable<T> i = ServiceLoader.load(klass, cl);
-    // Attempt to load using the context class loader and ServiceLoader.
-    // This allows frameworks like http://aries.apache.org/modules/spi-fly.html to plug in.
     if (!i.iterator().hasNext()) {
-      i = ServiceLoader.load(klass);
+      return null;
     }
     return i;
   }
diff --git a/api/src/test/java/io/grpc/ServiceProvidersTest.java b/api/src/test/java/io/grpc/ServiceProvidersTest.java
index 63809351c58..f971ed42646 100644
--- a/api/src/test/java/io/grpc/ServiceProvidersTest.java
+++ b/api/src/test/java/io/grpc/ServiceProvidersTest.java
@@ -16,6 +16,7 @@
 
 package io.grpc;
 
+import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
@@ -23,12 +24,15 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableList;
 import io.grpc.InternalServiceProviders.PriorityAccessor;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 import java.util.ServiceConfigurationError;
+import java.util.ServiceLoader;
+import org.junit.After;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -36,7 +40,6 @@
 /** Unit tests for {@link ServiceProviders}. */
 @RunWith(JUnit4.class)
 public class ServiceProvidersTest {
-  private static final List<Class<?>> NO_HARDCODED = Collections.emptyList();
   private static final PriorityAccessor<ServiceProvidersTestAbstractProvider> ACCESSOR =
       new PriorityAccessor<ServiceProvidersTestAbstractProvider>() {
         @Override
@@ -51,6 +54,19 @@ public int getPriority(ServiceProvidersTestAbstractProvider provider) {
       };
   private final String serviceFile =
       "META-INF/services/io.grpc.ServiceProvidersTestAbstractProvider";
+  private boolean failingHardCodedAccessed;
+  private final Supplier<Iterable<Class<?>>> failingHardCoded = new Supplier<Iterable<Class<?>>>() {
+    @Override
+    public Iterable<Class<?>> get() {
+      failingHardCodedAccessed = true;
+      throw new AssertionError();
+    }
+  };
+
+  @After
+  public void tearDown() {
+    assertThat(failingHardCodedAccessed).isFalse();
+  }
 
   @Test
   public void contextClassLoaderProvider() {
@@ -69,7 +85,8 @@ public void contextClassLoaderProvider() {
       Thread.currentThread().setContextClassLoader(rcll);
       assertEquals(
           Available7Provider.class,
-          load(ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
+          load(ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR)
+            .getClass());
     } finally {
       Thread.currentThread().setContextClassLoader(ccl);
     }
@@ -84,7 +101,7 @@ public void noProvider() {
           serviceFile,
           "io/grpc/ServiceProvidersTestAbstractProvider-doesNotExist.txt");
       Thread.currentThread().setContextClassLoader(cl);
-      assertNull(load(ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR));
+      assertNull(load(ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR));
     } finally {
       Thread.currentThread().setContextClassLoader(ccl);
     }
@@ -96,10 +113,11 @@ public void multipleProvider() throws Exception {
         "io/grpc/ServiceProvidersTestAbstractProvider-multipleProvider.txt");
     assertSame(
         Available7Provider.class,
-        load(ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
+        load(ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR)
+          .getClass());
 
-    List<ServiceProvidersTestAbstractProvider> providers = ServiceProviders.loadAll(
-        ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
+    List<ServiceProvidersTestAbstractProvider> providers = loadAll(
+        ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR);
     assertEquals(3, providers.size());
     assertEquals(Available7Provider.class, providers.get(0).getClass());
     assertEquals(Available5Provider.class, providers.get(1).getClass());
@@ -113,7 +131,8 @@ public void unavailableProvider() {
         "io/grpc/ServiceProvidersTestAbstractProvider-unavailableProvider.txt");
     assertEquals(
         Available7Provider.class,
-        load(ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR).getClass());
+        load(ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR)
+          .getClass());
   }
 
   @Test
@@ -121,8 +140,7 @@ public void unknownClassProvider() {
     ClassLoader cl = new ReplacingClassLoader(getClass().getClassLoader(), serviceFile,
         "io/grpc/ServiceProvidersTestAbstractProvider-unknownClassProvider.txt");
     try {
-      ServiceProviders.loadAll(
-          ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
+      loadAll(ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR);
       fail("Exception expected");
     } catch (ServiceConfigurationError e) {
       // noop
@@ -136,8 +154,7 @@ public void exceptionSurfacedToCaller_failAtInit() {
     try {
       // Even though there is a working provider, if any providers fail then we should fail
       // completely to avoid returning something unexpected.
-      ServiceProviders.loadAll(
-          ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
+      loadAll(ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR);
       fail("Expected exception");
     } catch (ServiceConfigurationError expected) {
       // noop
@@ -150,8 +167,7 @@ public void exceptionSurfacedToCaller_failAtPriority() {
         "io/grpc/ServiceProvidersTestAbstractProvider-failAtPriorityProvider.txt");
     try {
       // The exception should be surfaced to the caller
-      ServiceProviders.loadAll(
-          ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
+      loadAll(ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR);
       fail("Expected exception");
     } catch (FailAtPriorityProvider.PriorityException expected) {
       // noop
@@ -164,8 +180,7 @@ public void exceptionSurfacedToCaller_failAtAvailable() {
         "io/grpc/ServiceProvidersTestAbstractProvider-failAtAvailableProvider.txt");
     try {
       // The exception should be surfaced to the caller
-      ServiceProviders.loadAll(
-          ServiceProvidersTestAbstractProvider.class, NO_HARDCODED, cl, ACCESSOR);
+      loadAll(ServiceProvidersTestAbstractProvider.class, failingHardCoded, cl, ACCESSOR);
       fail("Expected exception");
     } catch (FailAtAvailableProvider.AvailableException expected) {
       // noop
@@ -242,16 +257,28 @@ class RandomClass {}
 
   private static <T> T load(
       Class<T> klass,
-      Iterable<Class<?>> hardcoded,
+      Supplier<Iterable<Class<?>>> hardCoded,
       ClassLoader cl,
       PriorityAccessor<T> priorityAccessor) {
-    List<T> candidates = ServiceProviders.loadAll(klass, hardcoded, cl, priorityAccessor);
+    List<T> candidates = loadAll(klass, hardCoded, cl, priorityAccessor);
     if (candidates.isEmpty()) {
       return null;
     }
     return candidates.get(0);
   }
 
+  private static <T> List<T> loadAll(
+      Class<T> klass,
+      Supplier<Iterable<Class<?>>> hardCoded,
+      ClassLoader classLoader,
+      PriorityAccessor<T> priorityAccessor) {
+    return ServiceProviders.loadAll(
+        klass,
+        ServiceLoader.load(klass, classLoader).iterator(),
+        hardCoded,
+        priorityAccessor);
+  }
+
   private static class BaseProvider extends ServiceProvidersTestAbstractProvider {
     private final boolean isAvailable;
     private final int priority;
diff --git a/xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java b/xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java
index 9dfefaf1a65..9dd77a400cd 100644
--- a/xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java
+++ b/xds/src/main/java/io/grpc/xds/XdsCredentialsRegistry.java
@@ -29,6 +29,7 @@
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.ServiceLoader;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.Nullable;
@@ -109,8 +110,10 @@ public static synchronized XdsCredentialsRegistry getDefaultRegistry() {
     if (instance == null) {
       List<XdsCredentialsProvider> providerList = InternalServiceProviders.loadAll(
               XdsCredentialsProvider.class,
-              getHardCodedClasses(),
-              XdsCredentialsProvider.class.getClassLoader(),
+              ServiceLoader
+                .load(XdsCredentialsProvider.class, XdsCredentialsProvider.class.getClassLoader())
+                .iterator(),
+              XdsCredentialsRegistry::getHardCodedClasses,
               new XdsCredentialsProviderPriorityAccessor());
       if (providerList.isEmpty()) {
         logger.warning("No XdsCredsRegistry found via ServiceLoader, including for GoogleDefault, "

From 31fdb6c2268b4b1c8ba6c995ee46c58e84a831aa Mon Sep 17 00:00:00 2001
From: Mohannad Farrag <aymanm@google.com>
Date: Wed, 2 Jul 2025 16:30:45 +0000
Subject: [PATCH 545/591] Add `CRONET_READ_BUFFER_SIZE_KEY` API to
 CronetClientStream

By default, CronetClientStreams would use a 4KB buffer to read data
from Cronet. This can be inefficient especially if the amount of data
being read is huge (~MBs) as each read callback operation incur overhead
from Cronet itself (e.g. Context switch, JNI calls). The alternative
would be to immediately bump the default to a bigger number but that
would incur an increase in memory usage.

So in order to safely experiment on this, An OptionKey is introduced
which allows setting a per-stream value which will be controlled in a
controlled environment to ensure we find the best new default.
---
 .../io/grpc/cronet/CronetClientStream.java    | 14 +++++--
 .../cronet/InternalCronetCallOptions.java     | 12 ++++++
 .../grpc/cronet/CronetChannelBuilderTest.java | 37 +++++++++++++++++++
 3 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java b/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
index fcba49a7ae1..07bbb953489 100644
--- a/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
+++ b/cronet/src/main/java/io/grpc/cronet/CronetClientStream.java
@@ -59,7 +59,6 @@
  * Client stream for the cronet transport.
  */
 class CronetClientStream extends AbstractClientStream {
-  private static final int READ_BUFFER_CAPACITY = 4 * 1024;
   private static final ByteBuffer EMPTY_BUFFER = ByteBuffer.allocateDirect(0);
   private static final String LOG_TAG = "grpc-java-cronet";
 
@@ -69,6 +68,12 @@ class CronetClientStream extends AbstractClientStream {
 
   static final CallOptions.Key<Collection<Object>> CRONET_ANNOTATIONS_KEY =
       CallOptions.Key.create("cronet-annotations");
+  /**
+   * Sets the read buffer size which the GRPC layer will use to read data from Cronet. Higher buffer
+   * size leads to less overhead but more memory consumption. The current default value is 4KB.
+   */
+  static final CallOptions.Key<Integer> CRONET_READ_BUFFER_SIZE_KEY =
+      CallOptions.Key.createWithDefault("cronet-read-buffer-size", 4 * 1024);
 
   private final String url;
   private final String userAgent;
@@ -85,6 +90,8 @@ class CronetClientStream extends AbstractClientStream {
   private final Collection<Object> annotations;
   private final TransportState state;
   private final Sink sink = new Sink();
+  @VisibleForTesting
+  final int readBufferSize;
   private StreamBuilderFactory streamFactory;
 
   CronetClientStream(
@@ -120,6 +127,7 @@ class CronetClientStream extends AbstractClientStream {
     this.annotations = callOptions.getOption(CRONET_ANNOTATIONS_KEY);
     this.state = new TransportState(maxMessageSize, statsTraceCtx, lock, transportTracer,
             callOptions);
+    this.readBufferSize = callOptions.getOption(CRONET_READ_BUFFER_SIZE_KEY);
 
     // Tests expect the "plain" deframer behavior, not MigratingDeframer
     // https://github.com/grpc/grpc-java/issues/7140
@@ -309,7 +317,7 @@ public void bytesRead(int processedBytes) {
         if (Log.isLoggable(LOG_TAG, Log.VERBOSE)) {
           Log.v(LOG_TAG, "BidirectionalStream.read");
         }
-        stream.read(ByteBuffer.allocateDirect(READ_BUFFER_CAPACITY));
+        stream.read(ByteBuffer.allocateDirect(readBufferSize));
       }
     }
 
@@ -429,7 +437,7 @@ public void onResponseHeadersReceived(BidirectionalStream stream, UrlResponseInf
         Log.v(LOG_TAG, "BidirectionalStream.read");
       }
       reportHeaders(info.getAllHeadersAsList(), false);
-      stream.read(ByteBuffer.allocateDirect(READ_BUFFER_CAPACITY));
+      stream.read(ByteBuffer.allocateDirect(readBufferSize));
     }
 
     @Override
diff --git a/cronet/src/main/java/io/grpc/cronet/InternalCronetCallOptions.java b/cronet/src/main/java/io/grpc/cronet/InternalCronetCallOptions.java
index e7c4144e63a..9261a0a8f4b 100644
--- a/cronet/src/main/java/io/grpc/cronet/InternalCronetCallOptions.java
+++ b/cronet/src/main/java/io/grpc/cronet/InternalCronetCallOptions.java
@@ -36,6 +36,18 @@ public static CallOptions withAnnotation(CallOptions callOptions, Object annotat
     return CronetClientStream.withAnnotation(callOptions, annotation);
   }
 
+  public static CallOptions withReadBufferSize(CallOptions callOptions, int size) {
+    return callOptions.withOption(CronetClientStream.CRONET_READ_BUFFER_SIZE_KEY, size);
+  }
+
+  /**
+   * Returns Cronet read buffer size for gRPC included in the given {@code callOptions}. Read
+   * buffer can be customized via {@link #withReadBufferSize(CallOptions, int)}.
+   */
+  public static int getReadBufferSize(CallOptions callOptions) {
+    return callOptions.getOption(CronetClientStream.CRONET_READ_BUFFER_SIZE_KEY);
+  }
+
   /**
    * Returns Cronet annotations for gRPC included in the given {@code callOptions}. Annotations
    * are attached via {@link #withAnnotation(CallOptions, Object)}.
diff --git a/cronet/src/test/java/io/grpc/cronet/CronetChannelBuilderTest.java b/cronet/src/test/java/io/grpc/cronet/CronetChannelBuilderTest.java
index 41f48bc03bb..be437b3c80b 100644
--- a/cronet/src/test/java/io/grpc/cronet/CronetChannelBuilderTest.java
+++ b/cronet/src/test/java/io/grpc/cronet/CronetChannelBuilderTest.java
@@ -16,7 +16,9 @@
 
 package io.grpc.cronet;
 
+import static io.grpc.cronet.CronetClientStream.CRONET_READ_BUFFER_SIZE_KEY;
 import static io.grpc.internal.GrpcUtil.TIMER_SERVICE;
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
@@ -92,6 +94,41 @@ public void alwaysUsePut_defaultsToFalse() throws Exception {
     assertFalse(stream.idempotent);
   }
 
+  @Test
+  public void channelBuilderReadBufferSize_defaultsTo4Kb() throws Exception {
+    CronetChannelBuilder builder = CronetChannelBuilder.forAddress("address", 1234, mockEngine);
+    CronetTransportFactory transportFactory =
+        (CronetTransportFactory) builder.buildTransportFactory();
+    CronetClientTransport transport =
+        (CronetClientTransport)
+            transportFactory.newClientTransport(
+                new InetSocketAddress("localhost", 443),
+                new ClientTransportOptions(),
+                channelLogger);
+    CronetClientStream stream = transport.newStream(
+        method, new Metadata(), CallOptions.DEFAULT, tracers);
+
+    assertEquals(4 * 1024, stream.readBufferSize);
+  }
+
+  @Test
+  public void channelBuilderReadBufferSize_changeReflected() throws Exception {
+    CronetChannelBuilder builder = CronetChannelBuilder.forAddress("address", 1234, mockEngine);
+    CronetTransportFactory transportFactory =
+        (CronetTransportFactory) builder.buildTransportFactory();
+    CronetClientTransport transport =
+        (CronetClientTransport)
+            transportFactory.newClientTransport(
+                new InetSocketAddress("localhost", 443),
+                new ClientTransportOptions(),
+                channelLogger);
+    CronetClientStream stream = transport.newStream(
+        method, new Metadata(),
+        CallOptions.DEFAULT.withOption(CRONET_READ_BUFFER_SIZE_KEY, 32 * 1024), tracers);
+
+    assertEquals(32 * 1024, stream.readBufferSize);
+  }
+
   @Test
   public void scheduledExecutorService_default() {
     CronetChannelBuilder builder = CronetChannelBuilder.forAddress("address", 1234, mockEngine);

From 09a6e2ef6ebdbee4d3980d5ac6bd3e3e1c2d9755 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 27 Feb 2026 10:36:15 -0800
Subject: [PATCH 546/591] Revert "netty: Preserve early server handshake
 failure cause in logs"

This reverts commit 50ead96f4718569782cc7a3f694c9aa755722bac.
Some users are seeing errors during app development: cl/876319409
b/488103229. Seems related to some internal Google-specific stuff.
---
 .../io/grpc/netty/NettyServerHandler.java     |  8 ----
 .../io/grpc/netty/NettyServerTransport.java   | 12 ------
 .../io/grpc/netty/NettyServerHandlerTest.java | 19 ----------
 .../grpc/netty/ProtocolNegotiatorsTest.java   | 37 -------------------
 4 files changed, 76 deletions(-)

diff --git a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
index 416fdd9be5c..036fde55e2c 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
@@ -124,12 +124,6 @@ class NettyServerHandler extends AbstractNettyHandler {
   private static final boolean DISABLE_CONNECTION_HEADER_CHECK = Boolean.parseBoolean(
       System.getProperty("io.grpc.netty.disableConnectionHeaderCheck", "false"));
 
-  /**
-   * A message that simply passes through the channel without any real processing. It is useful to
-   * check if buffers have been drained and test the health of the channel in a single operation.
-   */
-  static final Object NOOP_MESSAGE = new Object();
-
   private final Http2Connection.PropertyKey streamKey;
   private final ServerTransportListener transportListener;
   private final int maxMessageSize;
@@ -715,8 +709,6 @@ public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)
       gracefulClose(ctx, (GracefulServerCloseCommand) msg, promise);
     } else if (msg instanceof ForcefulCloseCommand) {
       forcefulClose(ctx, (ForcefulCloseCommand) msg, promise);
-    } else if (msg == NOOP_MESSAGE) {
-      ctx.write(Unpooled.EMPTY_BUFFER, promise);
     } else {
       AssertionError e =
           new AssertionError("Write called for unexpected type: " + msg.getClass().getName());
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerTransport.java b/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
index 6651b42ee66..758ffeee5b1 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
@@ -160,18 +160,6 @@ public void operationComplete(ChannelFuture future) throws Exception {
     channel.closeFuture().addListener(terminationNotifier);
 
     channel.pipeline().addLast(bufferingHandler);
-
-    channel.writeAndFlush(NettyServerHandler.NOOP_MESSAGE).addListener(new ChannelFutureListener() {
-      @Override
-      public void operationComplete(ChannelFuture future) throws Exception {
-        if (!future.isSuccess()) {
-          // grpcHandler (NettyServerHandler) may not be in the pipeline yet on early negotiation
-          // failure, so connectionError() can remain null. Notify termination here with the write
-          // failure cause to preserve/log the original transport termination reason.
-          notifyTerminated(future.cause());
-        }
-      }
-    });
   }
 
   @Override
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
index 7f958a2845c..0d5a9bab176 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
@@ -1347,25 +1347,6 @@ public void maxRstCountSent_exceedsLimit_fails() throws Exception {
     assertFalse(channel().isOpen());
   }
 
-  @Test
-  public void write_noopMessage_writesEmptyBuffer() throws Exception {
-    manualSetUp();
-
-    ChannelPromise promise = newPromise();
-    handler().write(ctx(), NettyServerHandler.NOOP_MESSAGE, promise);
-    channel().flush();
-
-    assertTrue(promise.isSuccess());
-
-    Object outbound = channel().readOutbound();
-    assertTrue(outbound instanceof ByteBuf);
-    ByteBuf buf = (ByteBuf) outbound;
-    assertEquals(0, buf.readableBytes());
-    buf.release();
-
-    assertNull(channel().readOutbound());
-  }
-
   private void madeYouReset(int burstSize) throws Exception {
     when(streamTracerFactory.newServerStreamTracer(anyString(), any(Metadata.class)))
         .thenAnswer((args) -> new TestServerStreamTracer());
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 90ca8f94c6c..80438532172 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -133,7 +133,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Filter;
-import java.util.logging.Handler;
 import java.util.logging.Level;
 import java.util.logging.LogRecord;
 import java.util.logging.Logger;
@@ -473,42 +472,6 @@ public void from_tls_clientAuthRequire_noClientCert() throws Exception {
     }
   }
 
-  @Test
-  public void from_plaintextClient_toTlsServer_logsTransportFailureCause() throws Exception {
-    final AtomicReference<LogRecord> transportFailureLog = new AtomicReference<>();
-    Handler handler = new Handler() {
-      @Override
-      public void publish(LogRecord record) {
-        if ("Transport failed".equals(record.getMessage()) && record.getThrown() != null) {
-          transportFailureLog.compareAndSet(null, record);
-        }
-      }
-
-      @Override
-      public void flush() {}
-
-      @Override
-      public void close() throws SecurityException {}
-    };
-    Logger logger =
-        Logger.getLogger(String.format("%s.connections", NettyServerTransport.class.getName()));
-    Level oldLevel = logger.getLevel();
-    try {
-      logger.addHandler(handler);
-      logger.setLevel(Level.ALL);
-
-      ServerCredentials serverCreds = TlsServerCredentials.create(server1Cert, server1Key);
-      ChannelCredentials channelCreds = InsecureChannelCredentials.create();
-      Status status = expectFailedHandshake(channelCreds, serverCreds);
-
-      assertEquals(Status.Code.UNAVAILABLE, status.getCode());
-      assertThat(transportFailureLog.get()).isNotNull();
-    } finally {
-      logger.removeHandler(handler);
-      logger.setLevel(oldLevel);
-    }
-  }
-
   @Test
   public void from_tls_clientAuthRequire_clientCert() throws Exception {
     ServerCredentials serverCreds = TlsServerCredentials.newBuilder()

From 4dc1eb46148b3005d45a70738b75a561cb941793 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Wed, 4 Mar 2026 16:54:41 +0000
Subject: [PATCH 547/591] Revert "fix(xds): Allow and normalize trailing dot
 (FQDN) in matchHostName (#12644)"

We want to synchronize the behavior across all gRPC languages, and also with envoy.

This reverts commit 0ef1b392b532b37255e88acb09480d7c1c49b690.
---
 .../main/java/io/grpc/xds/RoutingUtils.java   |  13 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |  61 +++++++
 .../java/io/grpc/xds/RoutingUtilsTest.java    | 165 ------------------
 .../java/io/grpc/xds/XdsNameResolverTest.java |  42 +++++
 4 files changed, 105 insertions(+), 176 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/RoutingUtils.java b/xds/src/main/java/io/grpc/xds/RoutingUtils.java
index bff6756a9a4..2b60e90deda 100644
--- a/xds/src/main/java/io/grpc/xds/RoutingUtils.java
+++ b/xds/src/main/java/io/grpc/xds/RoutingUtils.java
@@ -92,24 +92,15 @@ static VirtualHost findVirtualHostForHostName(List<VirtualHost> virtualHosts, St
    * </ol>
    */
   private static boolean matchHostName(String hostName, String pattern) {
-    checkArgument(hostName.length() != 0 && !hostName.startsWith("."),
+    checkArgument(hostName.length() != 0 && !hostName.startsWith(".") && !hostName.endsWith("."),
         "Invalid host name");
-    checkArgument(pattern.length() != 0 && !pattern.startsWith("."),
+    checkArgument(pattern.length() != 0 && !pattern.startsWith(".") && !pattern.endsWith("."),
         "Invalid pattern/domain name");
 
     hostName = hostName.toLowerCase(Locale.US);
     pattern = pattern.toLowerCase(Locale.US);
     // hostName and pattern are now in lower case -- domain names are case-insensitive.
 
-    // Strip trailing dot to normalize FQDN (e.g. "example.com.") to a relative form,
-    // as per RFC 1034 Section 3.1 the two are semantically equivalent.
-    if (hostName.endsWith(".")) {
-      hostName = hostName.substring(0, hostName.length() - 1);
-    }
-    if (pattern.endsWith(".")) {
-      pattern = pattern.substring(0, pattern.length() - 1);
-    }
-
     if (!pattern.contains("*")) {
       // Not a wildcard pattern -- hostName and pattern must match exactly.
       return hostName.equals(pattern);
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index ec3e417e53a..196d51fb5a6 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -73,6 +73,7 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
@@ -340,6 +341,66 @@ private void updateResolutionResult(XdsConfig xdsConfig) {
     }
   }
 
+  /**
+   * Returns {@code true} iff {@code hostName} matches the domain name {@code pattern} with
+   * case-insensitive.
+   *
+   * <p>Wildcard pattern rules:
+   * <ol>
+   * <li>A single asterisk (*) matches any domain.</li>
+   * <li>Asterisk (*) is only permitted in the left-most or the right-most part of the pattern,
+   *     but not both.</li>
+   * </ol>
+   */
+  @VisibleForTesting
+  static boolean matchHostName(String hostName, String pattern) {
+    checkArgument(hostName.length() != 0 && !hostName.startsWith(".") && !hostName.endsWith("."),
+        "Invalid host name");
+    checkArgument(pattern.length() != 0 && !pattern.startsWith(".") && !pattern.endsWith("."),
+        "Invalid pattern/domain name");
+
+    hostName = hostName.toLowerCase(Locale.US);
+    pattern = pattern.toLowerCase(Locale.US);
+    // hostName and pattern are now in lower case -- domain names are case-insensitive.
+
+    if (!pattern.contains("*")) {
+      // Not a wildcard pattern -- hostName and pattern must match exactly.
+      return hostName.equals(pattern);
+    }
+    // Wildcard pattern
+
+    if (pattern.length() == 1) {
+      return true;
+    }
+
+    int index = pattern.indexOf('*');
+
+    // At most one asterisk (*) is allowed.
+    if (pattern.indexOf('*', index + 1) != -1) {
+      return false;
+    }
+
+    // Asterisk can only match prefix or suffix.
+    if (index != 0 && index != pattern.length() - 1) {
+      return false;
+    }
+
+    // HostName must be at least as long as the pattern because asterisk has to
+    // match one or more characters.
+    if (hostName.length() < pattern.length()) {
+      return false;
+    }
+
+    if (index == 0 && hostName.endsWith(pattern.substring(1))) {
+      // Prefix matching fails.
+      return true;
+    }
+
+    // Pattern matches hostname if suffix matching succeeds.
+    return index == pattern.length() - 1
+        && hostName.startsWith(pattern.substring(0, pattern.length() - 1));
+  }
+
   private final class ConfigSelector extends InternalConfigSelector {
     @Override
     public Result selectConfig(PickSubchannelArgs args) {
diff --git a/xds/src/test/java/io/grpc/xds/RoutingUtilsTest.java b/xds/src/test/java/io/grpc/xds/RoutingUtilsTest.java
index e9fde9f4c4a..a460501e85b 100644
--- a/xds/src/test/java/io/grpc/xds/RoutingUtilsTest.java
+++ b/xds/src/test/java/io/grpc/xds/RoutingUtilsTest.java
@@ -17,7 +17,6 @@
 package io.grpc.xds;
 
 import static com.google.common.truth.Truth.assertThat;
-import static org.junit.Assert.assertThrows;
 import static org.mockito.Mockito.mock;
 
 import com.google.common.collect.ImmutableMap;
@@ -89,170 +88,6 @@ public void findVirtualHostForHostName_asteriskMatchAnyDomain() {
         .isEqualTo(vHost1);
   }
 
-  @Test
-  public void findVirtualHostForHostName_trailingDot() {
-    // FQDN (trailing dot) is semantically equivalent to the relative form
-    // per RFC 1034 Section 3.1.
-    List<Route> routes = Collections.emptyList();
-    VirtualHost vHost1 = VirtualHost.create("virtualhost01.googleapis.com",
-        Collections.singletonList("a.googleapis.com"), routes,
-        ImmutableMap.of());
-    VirtualHost vHost2 = VirtualHost.create("virtualhost02.googleapis.com",
-        Collections.singletonList("*.googleapis.com"), routes,
-        ImmutableMap.of());
-    VirtualHost vHost3 = VirtualHost.create("virtualhost03.googleapis.com",
-        Collections.singletonList("*"), routes,
-        ImmutableMap.of());
-    List<VirtualHost> virtualHosts = Arrays.asList(vHost1, vHost2, vHost3);
-
-    // Trailing dot in hostName, exact match.
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "a.googleapis.com.")).isEqualTo(vHost1);
-    // Trailing dot in hostName, wildcard match.
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "b.googleapis.com.")).isEqualTo(vHost2);
-
-    // Trailing dot in domain pattern, exact match.
-    VirtualHost vHost4 = VirtualHost.create("virtualhost04.googleapis.com",
-        Collections.singletonList("a.googleapis.com."), routes,
-        ImmutableMap.of());
-    List<VirtualHost> virtualHosts2 =
-        Arrays.asList(vHost4, vHost2, vHost3);
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts2, "a.googleapis.com")).isEqualTo(vHost4);
-
-    // Trailing dot in both hostName and domain pattern.
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts2, "a.googleapis.com.")).isEqualTo(vHost4);
-
-    // Trailing dot in domain pattern, wildcard match.
-    VirtualHost vHost5 = VirtualHost.create("virtualhost05.googleapis.com",
-        Collections.singletonList("*.googleapis.com."), routes,
-        ImmutableMap.of());
-    List<VirtualHost> virtualHosts3 =
-        Arrays.asList(vHost5, vHost3);
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts3, "b.googleapis.com")).isEqualTo(vHost5);
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts3, "b.googleapis.com.")).isEqualTo(vHost5);
-  }
-
-  @Test
-  public void findVirtualHostForHostName_exactMatch() {
-    List<Route> routes = Collections.emptyList();
-    VirtualHost vHostFoo = VirtualHost.create("vhost-foo",
-        Collections.singletonList("foo.googleapis.com"), routes,
-        ImmutableMap.of());
-    VirtualHost vHostBar = VirtualHost.create("vhost-bar",
-        Collections.singletonList("bar.googleapis.com"), routes,
-        ImmutableMap.of());
-    List<VirtualHost> virtualHosts =
-        Arrays.asList(vHostFoo, vHostBar);
-
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "foo.googleapis.com")).isEqualTo(vHostFoo);
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "bar.googleapis.com")).isEqualTo(vHostBar);
-    // No match returns null.
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "baz.googleapis.com")).isNull();
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "foo.googleapis")).isNull();
-  }
-
-  @Test
-  public void findVirtualHostForHostName_invalidHostName() {
-    List<Route> routes = Collections.emptyList();
-    VirtualHost vHost = VirtualHost.create("vhost",
-        Collections.singletonList("a.googleapis.com"), routes,
-        ImmutableMap.of());
-    List<VirtualHost> virtualHosts = Collections.singletonList(vHost);
-
-    // Empty hostName.
-    assertThrows(IllegalArgumentException.class,
-        () -> RoutingUtils.findVirtualHostForHostName(
-            virtualHosts, ""));
-    // HostName starting with dot.
-    assertThrows(IllegalArgumentException.class,
-        () -> RoutingUtils.findVirtualHostForHostName(
-            virtualHosts, ".a.googleapis.com"));
-  }
-
-  @Test
-  public void findVirtualHostForHostName_invalidPattern() {
-    List<Route> routes = Collections.emptyList();
-    // Empty domain pattern.
-    VirtualHost vHostEmpty = VirtualHost.create("vhost-empty",
-        Collections.singletonList(""), routes,
-        ImmutableMap.of());
-    assertThrows(IllegalArgumentException.class,
-        () -> RoutingUtils.findVirtualHostForHostName(
-            Collections.singletonList(vHostEmpty),
-            "a.googleapis.com"));
-    // Domain pattern starting with dot.
-    VirtualHost vHostDot = VirtualHost.create("vhost-dot",
-        Collections.singletonList(".a.googleapis.com"), routes,
-        ImmutableMap.of());
-    assertThrows(IllegalArgumentException.class,
-        () -> RoutingUtils.findVirtualHostForHostName(
-            Collections.singletonList(vHostDot),
-            "a.googleapis.com"));
-  }
-
-  @Test
-  public void findVirtualHostForHostName_prefixWildcard() {
-    List<Route> routes = Collections.emptyList();
-    VirtualHost vHostWild = VirtualHost.create("vhost-wild",
-        Collections.singletonList("*.foo.googleapis.com"),
-        routes, ImmutableMap.of());
-    VirtualHost vHostOther = VirtualHost.create("vhost-other",
-        Collections.singletonList("other.googleapis.com"),
-        routes, ImmutableMap.of());
-    List<VirtualHost> virtualHosts =
-        Arrays.asList(vHostWild, vHostOther);
-
-    // Prefix wildcard matches.
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "bar.foo.googleapis.com"))
-        .isEqualTo(vHostWild);
-    // Base domain without subdomain does not match *.foo.googleapis.com.
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "foo.googleapis.com")).isNull();
-
-    // Longer prefix wildcard is preferred over shorter one.
-    VirtualHost vHostLong = VirtualHost.create("vhost-long",
-        Collections.singletonList("*.bar.foo.googleapis.com"),
-        routes, ImmutableMap.of());
-    List<VirtualHost> virtualHosts2 =
-        Arrays.asList(vHostLong, vHostWild);
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts2, "baz.bar.foo.googleapis.com"))
-        .isEqualTo(vHostLong);
-  }
-
-  @Test
-  public void findVirtualHostForHostName_postfixWildcard() {
-    List<Route> routes = Collections.emptyList();
-    VirtualHost vHostWild = VirtualHost.create("vhost-wild",
-        Collections.singletonList("foo.*"), routes,
-        ImmutableMap.of());
-    VirtualHost vHostOther = VirtualHost.create("vhost-other",
-        Collections.singletonList("bar.googleapis.com"),
-        routes, ImmutableMap.of());
-    List<VirtualHost> virtualHosts =
-        Arrays.asList(vHostWild, vHostOther);
-
-    // Postfix wildcard matches.
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "foo.googleapis.com"))
-        .isEqualTo(vHostWild);
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "foo.com")).isEqualTo(vHostWild);
-    // Different prefix does not match foo.*.
-    assertThat(RoutingUtils.findVirtualHostForHostName(
-        virtualHosts, "bar.foo.googleapis.com")).isNull();
-  }
-
   @Test
   public void routeMatching_pathOnly() {
     Metadata headers = new Metadata();
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 3f50d92c2b5..45a96ee172f 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -2020,6 +2020,48 @@ public void generateServiceConfig_forPerMethodConfig() throws IOException {
         .isEqualTo(expectedServiceConfig);
   }
 
+  @Test
+  public void matchHostName_exactlyMatch() {
+    String pattern = "foo.googleapis.com";
+    assertThat(XdsNameResolver.matchHostName("bar.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("fo.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("oo.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("foo.googleapis", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isTrue();
+  }
+
+  @Test
+  public void matchHostName_prefixWildcard() {
+    String pattern = "*.foo.googleapis.com";
+    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("bar-baz.foo.googleapis", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("bar.foo.googleapis.com", pattern)).isTrue();
+    pattern = "*-bar.foo.googleapis.com";
+    assertThat(XdsNameResolver.matchHostName("bar.foo.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("baz-bar.foo.googleapis", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("-bar.foo.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("baz-bar.foo.googleapis.com", pattern))
+        .isTrue();
+  }
+
+  @Test
+  public void matchHostName_postfixWildCard() {
+    String pattern = "foo.*";
+    assertThat(XdsNameResolver.matchHostName("bar.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("bar.foo.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isTrue();
+    assertThat(XdsNameResolver.matchHostName("foo.com", pattern)).isTrue();
+    pattern = "foo-*";
+    assertThat(XdsNameResolver.matchHostName("bar-.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("foo.googleapis.com", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("foo-", pattern)).isFalse();
+    assertThat(XdsNameResolver.matchHostName("foo-bar.com", pattern)).isTrue();
+    assertThat(XdsNameResolver.matchHostName("foo-.com", pattern)).isTrue();
+    assertThat(XdsNameResolver.matchHostName("foo-bar", pattern)).isTrue();
+  }
+
   @Test
   public void resolved_faultAbortInLdsUpdate() {
     resolver.start(mockListener);

From a5a465c38161489444e078b8e1543d464ef06816 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 23 Feb 2026 13:22:34 -0800
Subject: [PATCH 548/591] grpclb: Rewrite URI() calls as URI#create in test
 cases.

This change is a no-op. The create() form is clearer than positional
arguments to a heavily overloaded constructor.
---
 .../grpc/grpclb/SecretGrpclbNameResolverProviderTest.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java b/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
index 24b1c781f58..8951d3154b9 100644
--- a/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
+++ b/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
@@ -74,22 +74,22 @@ public void newNameResolver() {
 
   @Test
   public void invalidDnsName() throws Exception {
-    testInvalidUri(new URI("dns", null, "/[invalid]", null));
+    testInvalidUri(URI.create("dns:/%5Binvalid%5D"));
   }
 
   @Test
   public void validIpv6() throws Exception {
-    testValidUri(new URI("dns", null, "/[::1]", null));
+    testValidUri(URI.create("dns:/%5B::1%5D"));
   }
 
   @Test
   public void validDnsNameWithoutPort() throws Exception {
-    testValidUri(new URI("dns", null, "/foo.googleapis.com", null));
+    testValidUri(URI.create("dns:/foo.googleapis.com"));
   }
 
   @Test
   public void validDnsNameWithPort() throws Exception {
-    testValidUri(new URI("dns", null, "/foo.googleapis.com:456", null));
+    testValidUri(URI.create("dns:/foo.googleapis.com:456"));
   }
 
   private void testInvalidUri(URI uri) {

From 1ea1a537897d3b59da15df4ab0d3b0eee3bf4f1c Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 23 Feb 2026 14:18:54 -0800
Subject: [PATCH 549/591] grpclb: Implement newNameResolver(io.grpc.Uri).

---
 .../SecretGrpclbNameResolverProvider.java     | 39 +++++++++++++----
 .../SecretGrpclbNameResolverProviderTest.java | 43 +++++++++++++------
 2 files changed, 61 insertions(+), 21 deletions(-)

diff --git a/grpclb/src/main/java/io/grpc/grpclb/SecretGrpclbNameResolverProvider.java b/grpclb/src/main/java/io/grpc/grpclb/SecretGrpclbNameResolverProvider.java
index 8952ea1d8fb..0b46270af4d 100644
--- a/grpclb/src/main/java/io/grpc/grpclb/SecretGrpclbNameResolverProvider.java
+++ b/grpclb/src/main/java/io/grpc/grpclb/SecretGrpclbNameResolverProvider.java
@@ -19,14 +19,17 @@
 import com.google.common.base.Preconditions;
 import com.google.common.base.Stopwatch;
 import io.grpc.InternalServiceProviders;
+import io.grpc.NameResolver;
 import io.grpc.NameResolver.Args;
 import io.grpc.NameResolverProvider;
+import io.grpc.Uri;
 import io.grpc.internal.GrpcUtil;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.net.URI;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.List;
 
 /**
  * A provider for {@code io.grpc.grpclb.GrpclbNameResolver}.
@@ -56,27 +59,47 @@ public static final class Provider extends NameResolverProvider {
     private static final boolean IS_ANDROID = InternalServiceProviders
         .isAndroid(SecretGrpclbNameResolverProvider.class.getClassLoader());
 
+    @Override
+    public NameResolver newNameResolver(Uri targetUri, final NameResolver.Args args) {
+      if (SCHEME.equals(targetUri.getScheme())) {
+        List<String> pathSegments = targetUri.getPathSegments();
+        Preconditions.checkArgument(
+            !pathSegments.isEmpty(),
+            "expected 1 path segment in target %s but found %s",
+            targetUri,
+            pathSegments);
+        return newNameResolver(targetUri.getAuthority(), pathSegments.get(0), args);
+      } else {
+        return null;
+      }
+    }
+
     @Override
     public GrpclbNameResolver newNameResolver(URI targetUri, Args args) {
+      // TODO(jdcormie): Remove once RFC 3986 migration is complete.
       if (SCHEME.equals(targetUri.getScheme())) {
         String targetPath = Preconditions.checkNotNull(targetUri.getPath(), "targetPath");
         Preconditions.checkArgument(
             targetPath.startsWith("/"),
             "the path component (%s) of the target (%s) must start with '/'",
             targetPath, targetUri);
-        String name = targetPath.substring(1);
-        return new GrpclbNameResolver(
-            targetUri.getAuthority(),
-            name,
-            args,
-            GrpcUtil.SHARED_CHANNEL_EXECUTOR,
-            Stopwatch.createUnstarted(),
-            IS_ANDROID);
+        return newNameResolver(targetUri.getAuthority(), targetPath.substring(1), args);
       } else {
         return null;
       }
     }
 
+    private GrpclbNameResolver newNameResolver(
+        String authority, String domainNameToResolve, final NameResolver.Args args) {
+      return new GrpclbNameResolver(
+          authority,
+          domainNameToResolve,
+          args,
+          GrpcUtil.SHARED_CHANNEL_EXECUTOR,
+          Stopwatch.createUnstarted(),
+          IS_ANDROID);
+    }
+
     @Override
     public String getDefaultScheme() {
       return SCHEME;
diff --git a/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java b/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
index 8951d3154b9..9720354c7f6 100644
--- a/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
+++ b/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
@@ -24,15 +24,19 @@
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.ServiceConfigParser;
 import io.grpc.SynchronizationContext;
+import io.grpc.Uri;
 import io.grpc.internal.DnsNameResolverProvider;
 import io.grpc.internal.GrpcUtil;
 import java.net.URI;
+import java.util.Arrays;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 
 /** Unit tests for {@link SecretGrpclbNameResolverProvider}. */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class SecretGrpclbNameResolverProviderTest {
 
   private final SynchronizationContext syncContext = new SynchronizationContext(
@@ -53,6 +57,13 @@ public void uncaughtException(Thread t, Throwable e) {
   private SecretGrpclbNameResolverProvider.Provider provider =
       new SecretGrpclbNameResolverProvider.Provider();
 
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
   @Test
   public void isAvailable() {
     assertThat(provider.isAvailable()).isTrue();
@@ -66,43 +77,49 @@ public void priority_shouldBeHigherThanDefaultDnsNameResolver() {
   }
 
   @Test
-  public void newNameResolver() {
-    assertThat(provider.newNameResolver(URI.create("dns:///localhost:443"), args))
+  public void newNameResolverReturnsCorrectType() {
+    assertThat(newNameResolver("dns:///localhost:443", args))
         .isInstanceOf(GrpclbNameResolver.class);
-    assertThat(provider.newNameResolver(URI.create("notdns:///localhost:443"), args)).isNull();
+    assertThat(newNameResolver("notdns:///localhost:443", args)).isNull();
   }
 
   @Test
   public void invalidDnsName() throws Exception {
-    testInvalidUri(URI.create("dns:/%5Binvalid%5D"));
+    testInvalidUri("dns:/%5Binvalid%5D");
   }
 
   @Test
   public void validIpv6() throws Exception {
-    testValidUri(URI.create("dns:/%5B::1%5D"));
+    testValidUri("dns:/%5B::1%5D");
   }
 
   @Test
   public void validDnsNameWithoutPort() throws Exception {
-    testValidUri(URI.create("dns:/foo.googleapis.com"));
+    testValidUri("dns:/foo.googleapis.com");
   }
 
   @Test
   public void validDnsNameWithPort() throws Exception {
-    testValidUri(URI.create("dns:/foo.googleapis.com:456"));
+    testValidUri("dns:/foo.googleapis.com:456");
   }
 
-  private void testInvalidUri(URI uri) {
+  private void testInvalidUri(String uri) {
     try {
-      provider.newNameResolver(uri, args);
+      newNameResolver(uri, args);
       fail("Should have failed");
     } catch (IllegalArgumentException e) {
       // expected
     }
   }
 
-  private void testValidUri(URI uri) {
-    GrpclbNameResolver resolver = provider.newNameResolver(uri, args);
+  private void testValidUri(String uri) {
+    NameResolver resolver = newNameResolver(uri, args);
     assertThat(resolver).isNotNull();
   }
+
+  private NameResolver newNameResolver(String uriString, NameResolver.Args args) {
+    return enableRfc3986UrisParam
+        ? provider.newNameResolver(Uri.create(uriString), args)
+        : provider.newNameResolver(URI.create(uriString), args);
+  }
 }

From 54e5859702158f96aeb18a8c665a49822d630b44 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Wed, 4 Mar 2026 16:22:44 -0800
Subject: [PATCH 550/591] grpclb: Be strict about only a single path segment in
 target URI

Guard this behavior change behind the RFC 3986 parser flag.
---
 .../SecretGrpclbNameResolverProvider.java      |  2 +-
 .../SecretGrpclbNameResolverProviderTest.java  | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/grpclb/src/main/java/io/grpc/grpclb/SecretGrpclbNameResolverProvider.java b/grpclb/src/main/java/io/grpc/grpclb/SecretGrpclbNameResolverProvider.java
index 0b46270af4d..f394c812b28 100644
--- a/grpclb/src/main/java/io/grpc/grpclb/SecretGrpclbNameResolverProvider.java
+++ b/grpclb/src/main/java/io/grpc/grpclb/SecretGrpclbNameResolverProvider.java
@@ -64,7 +64,7 @@ public NameResolver newNameResolver(Uri targetUri, final NameResolver.Args args)
       if (SCHEME.equals(targetUri.getScheme())) {
         List<String> pathSegments = targetUri.getPathSegments();
         Preconditions.checkArgument(
-            !pathSegments.isEmpty(),
+            pathSegments.size() == 1,
             "expected 1 path segment in target %s but found %s",
             targetUri,
             pathSegments);
diff --git a/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java b/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
index 9720354c7f6..e9ed92a54d0 100644
--- a/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
+++ b/grpclb/src/test/java/io/grpc/grpclb/SecretGrpclbNameResolverProviderTest.java
@@ -17,6 +17,8 @@
 package io.grpc.grpclb;
 
 import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.TruthJUnit.assume;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
 
@@ -103,6 +105,22 @@ public void validDnsNameWithPort() throws Exception {
     testValidUri("dns:/foo.googleapis.com:456");
   }
 
+  @Test
+  public void newNameResolver_rejectsExtraPathSegments() {
+    assume().that(enableRfc3986UrisParam).isTrue();
+    IllegalArgumentException iae =
+        assertThrows(
+            IllegalArgumentException.class,
+            () -> newNameResolver("dns:///localhost:443/extras", args));
+    assertThat(iae).hasMessageThat().contains("expected 1 path segment in target");
+  }
+
+  @Test
+  public void newNameResolver_toleratesExtraPathSegments() {
+    assume().that(enableRfc3986UrisParam).isFalse();
+    newNameResolver("dns:///localhost:443/extras", args);
+  }
+
   private void testInvalidUri(String uri) {
     try {
       newNameResolver(uri, args);

From 1fbf0ebb0a689e9ccf6bc47cdbe34e451e00302d Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 5 Mar 2026 13:13:10 +0530
Subject: [PATCH 551/591] Start 1.81.0 development cycle (#12673)

---
 MODULE.bazel                                  |   2 +-
 build.gradle                                  |   2 +-
 .../golden/TestDeprecatedService.java.txt     |   2 +-
 compiler/src/test/golden/TestService.java.txt |   2 +-
 .../main/java/io/grpc/internal/GrpcUtil.java  |   2 +-
 examples/MODULE.bazel                         |   2 +-
 examples/android/clientcache/app/build.gradle |  10 +++++-----
 examples/android/helloworld/app/build.gradle  |   8 ++++----
 examples/android/routeguide/app/build.gradle  |   8 ++++----
 examples/android/strictmode/app/build.gradle  |   8 ++++----
 examples/build.gradle                         |   2 +-
 examples/example-alts/build.gradle            |   2 +-
 examples/example-debug/build.gradle           |   2 +-
 examples/example-debug/pom.xml                |   4 ++--
 examples/example-dualstack/build.gradle       |   2 +-
 examples/example-dualstack/pom.xml            |   4 ++--
 examples/example-gauth/build.gradle           |   2 +-
 examples/example-gauth/pom.xml                |   4 ++--
 .../build.gradle                              |   2 +-
 .../example-gcp-observability/build.gradle    |   2 +-
 examples/example-hostname/build.gradle        |   2 +-
 examples/example-hostname/pom.xml             |   4 ++--
 examples/example-jwt-auth/build.gradle        |   2 +-
 examples/example-jwt-auth/pom.xml             |   4 ++--
 examples/example-oauth/build.gradle           |   2 +-
 examples/example-oauth/pom.xml                |   4 ++--
 examples/example-opentelemetry/build.gradle   |   2 +-
 examples/example-orca/build.gradle            |   2 +-
 examples/example-reflection/build.gradle      |   2 +-
 examples/example-servlet/build.gradle         |   2 +-
 examples/example-tls/build.gradle             |   2 +-
 examples/example-tls/pom.xml                  |   4 ++--
 examples/example-xds/build.gradle             |   2 +-
 examples/pom.xml                              |   4 ++--
 protoc-29.4-linux-x86_64.zip                  | Bin 0 -> 3288836 bytes
 35 files changed, 55 insertions(+), 55 deletions(-)
 create mode 100644 protoc-29.4-linux-x86_64.zip

diff --git a/MODULE.bazel b/MODULE.bazel
index 81d80ed7e1a..fdaaaff317e 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -1,6 +1,6 @@
 module(
     name = "grpc-java",
-    version = "1.80.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
+    version = "1.81.0-SNAPSHOT",  # CURRENT_GRPC_VERSION
     compatibility_level = 0,
     repo_name = "io_grpc_grpc_java",
 )
diff --git a/build.gradle b/build.gradle
index 10a5c5cbbc2..2cf3439ea76 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ subprojects {
     apply plugin: "net.ltgt.errorprone"
 
     group = "io.grpc"
-    version = "1.80.0-SNAPSHOT" // CURRENT_GRPC_VERSION
+    version = "1.81.0-SNAPSHOT" // CURRENT_GRPC_VERSION
 
     repositories {
         maven { // The google mirror is less flaky than mavenCentral()
diff --git a/compiler/src/test/golden/TestDeprecatedService.java.txt b/compiler/src/test/golden/TestDeprecatedService.java.txt
index ed2eab9a696..1c37c9a8af9 100644
--- a/compiler/src/test/golden/TestDeprecatedService.java.txt
+++ b/compiler/src/test/golden/TestDeprecatedService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.80.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.81.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 @java.lang.Deprecated
diff --git a/compiler/src/test/golden/TestService.java.txt b/compiler/src/test/golden/TestService.java.txt
index 2afdfdbf206..08eb2fb6ac3 100644
--- a/compiler/src/test/golden/TestService.java.txt
+++ b/compiler/src/test/golden/TestService.java.txt
@@ -8,7 +8,7 @@ import static io.grpc.MethodDescriptor.generateFullMethodName;
  * </pre>
  */
 @javax.annotation.Generated(
-    value = "by gRPC proto compiler (version 1.80.0-SNAPSHOT)",
+    value = "by gRPC proto compiler (version 1.81.0-SNAPSHOT)",
     comments = "Source: grpc/testing/compiler/test.proto")
 @io.grpc.stub.annotations.GrpcGenerated
 public final class TestServiceGrpc {
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
index c3ff3628465..deae5d831b8 100644
--- a/core/src/main/java/io/grpc/internal/GrpcUtil.java
+++ b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -219,7 +219,7 @@ public byte[] parseAsciiString(byte[] serialized) {
 
   public static final Splitter ACCEPT_ENCODING_SPLITTER = Splitter.on(',').trimResults();
 
-  public static final String IMPLEMENTATION_VERSION = "1.80.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
+  public static final String IMPLEMENTATION_VERSION = "1.81.0-SNAPSHOT"; // CURRENT_GRPC_VERSION
 
   /**
    * The default timeout in nanos for a keepalive ping request.
diff --git a/examples/MODULE.bazel b/examples/MODULE.bazel
index 489cf3e3f5c..2e90a63c219 100644
--- a/examples/MODULE.bazel
+++ b/examples/MODULE.bazel
@@ -1,4 +1,4 @@
-bazel_dep(name = "grpc-java", version = "1.80.0-SNAPSHOT", repo_name = "io_grpc_grpc_java")  # CURRENT_GRPC_VERSION
+bazel_dep(name = "grpc-java", version = "1.81.0-SNAPSHOT", repo_name = "io_grpc_grpc_java")  # CURRENT_GRPC_VERSION
 bazel_dep(name = "rules_java", version = "9.3.0")
 bazel_dep(name = "grpc-proto", version = "0.0.0-20240627-ec30f58", repo_name = "io_grpc_grpc_proto")
 bazel_dep(name = "protobuf", version = "33.1", repo_name = "com_google_protobuf")
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 2870850562d..0f1dedf11bc 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -34,7 +34,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -54,11 +54,11 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.google.truth:truth:1.4.5'
-    testImplementation 'io.grpc:grpc-testing:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    testImplementation 'io.grpc:grpc-testing:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index afc2a97e92f..6308e03b6ac 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index c6fb344e82e..78d309c166c 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -32,7 +32,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -52,7 +52,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/android/strictmode/app/build.gradle b/examples/android/strictmode/app/build.gradle
index fad9bfb58fb..b752bc4ffd3 100644
--- a/examples/android/strictmode/app/build.gradle
+++ b/examples/android/strictmode/app/build.gradle
@@ -33,7 +33,7 @@ android {
 protobuf {
     protoc { artifact = 'com.google.protobuf:protoc:3.25.1' }
     plugins {
-        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+        grpc { artifact = 'io.grpc:protoc-gen-grpc-java:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
         }
     }
     generateProtoTasks {
@@ -53,7 +53,7 @@ dependencies {
     implementation 'androidx.appcompat:appcompat:1.0.0'
 
     // You need to build grpc-java to obtain these libraries below.
-    implementation 'io.grpc:grpc-okhttp:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-protobuf-lite:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-    implementation 'io.grpc:grpc-stub:1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-okhttp:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-protobuf-lite:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+    implementation 'io.grpc:grpc-stub:1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 }
diff --git a/examples/build.gradle b/examples/build.gradle
index cfaea82333a..62e50d38861 100644
--- a/examples/build.gradle
+++ b/examples/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle
index 939b6ff73e4..47268ab6510 100644
--- a/examples/example-alts/build.gradle
+++ b/examples/example-alts/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle
index bb7c85cb2be..940543a3681 100644
--- a/examples/example-debug/build.gradle
+++ b/examples/example-debug/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml
index cef96ad17fe..10734935ee6 100644
--- a/examples/example-debug/pom.xml
+++ b/examples/example-debug/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.81.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-debug</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.81.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle
index 0b5e165f692..f2947c641cf 100644
--- a/examples/example-dualstack/build.gradle
+++ b/examples/example-dualstack/build.gradle
@@ -23,7 +23,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml
index 96be352c45f..f5e720a9128 100644
--- a/examples/example-dualstack/pom.xml
+++ b/examples/example-dualstack/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.81.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-dualstack</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.81.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 48294d0a5b3..9846cf3fd84 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 9c520141027..4b64eaed454 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.81.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-gauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.81.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle
index 6d20464e567..63c6d20125d 100644
--- a/examples/example-gcp-csm-observability/build.gradle
+++ b/examples/example-gcp-csm-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.56.0'
 def openTelemetryPrometheusVersion = '1.56.0-alpha'
diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle
index c64eed714c9..a41e7cdd629 100644
--- a/examples/example-gcp-observability/build.gradle
+++ b/examples/example-gcp-observability/build.gradle
@@ -22,7 +22,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle
index 0facab784d3..6117b8c32a1 100644
--- a/examples/example-hostname/build.gradle
+++ b/examples/example-hostname/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml
index c21e85d1333..ed90d481587 100644
--- a/examples/example-hostname/pom.xml
+++ b/examples/example-hostname/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.81.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-hostname</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.81.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle
index 224d822f2e3..5614a72742c 100644
--- a/examples/example-jwt-auth/build.gradle
+++ b/examples/example-jwt-auth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml
index 6208b1251f0..7befaf500c5 100644
--- a/examples/example-jwt-auth/pom.xml
+++ b/examples/example-jwt-auth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.81.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-jwt-auth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.81.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 63dd47fc61b..d2eda15ab3d 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protobufVersion = '3.25.8'
 def protocVersion = protobufVersion
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index cac1a949a85..480923df5f4 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -7,13 +7,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.81.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-oauth</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.81.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle
index ab703b5acda..a24900c0fe5 100644
--- a/examples/example-opentelemetry/build.gradle
+++ b/examples/example-opentelemetry/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 def openTelemetryVersion = '1.56.0'
 def openTelemetryPrometheusVersion = '1.56.0-alpha'
diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle
index 049158088ec..674c4bdf2f7 100644
--- a/examples/example-orca/build.gradle
+++ b/examples/example-orca/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle
index c06f276c2a0..aa870967135 100644
--- a/examples/example-reflection/build.gradle
+++ b/examples/example-reflection/build.gradle
@@ -16,7 +16,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle
index a41e998a455..7f23c83e0d9 100644
--- a/examples/example-servlet/build.gradle
+++ b/examples/example-servlet/build.gradle
@@ -15,7 +15,7 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle
index 8d410146570..456cb8b4f73 100644
--- a/examples/example-tls/build.gradle
+++ b/examples/example-tls/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml
index 9dd823ad563..ff9d01253f5 100644
--- a/examples/example-tls/pom.xml
+++ b/examples/example-tls/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.81.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>example-tls</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.81.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protoc.version>3.25.8</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle
index f04cedc5a74..e8b3f3dd395 100644
--- a/examples/example-xds/build.gradle
+++ b/examples/example-xds/build.gradle
@@ -21,7 +21,7 @@ java {
 
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
-def grpcVersion = '1.80.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def grpcVersion = '1.81.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.8'
 
 dependencies {
diff --git a/examples/pom.xml b/examples/pom.xml
index 4deaaca54a4..5375b930b3b 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -6,13 +6,13 @@
   <packaging>jar</packaging>
   <!-- Feel free to delete the comment at the end of these lines. It is just
        for safely updating the version in our release process. -->
-  <version>1.80.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <version>1.81.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
   <name>examples</name>
   <url>https://github.com/grpc/grpc-java</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <grpc.version>1.80.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <grpc.version>1.81.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
     <protobuf.version>3.25.8</protobuf.version>
     <protoc.version>3.25.8</protoc.version>
     <!-- required for JDK 8 -->
diff --git a/protoc-29.4-linux-x86_64.zip b/protoc-29.4-linux-x86_64.zip
new file mode 100644
index 0000000000000000000000000000000000000000..1d1f13996795703c5edc06d23503d48861bebee2
GIT binary patch
literal 3288836
zcmZ6yWmH@3)-{Z~7I$~I;!caZyB8}C#odZK6qn+z#ogVZI0Scx0D*km&pGFQ$N2K&
z+B?bK$;_N{%{9g~vQ*@uVXz_o^Pu?e@jnNckAs<w1Dnc!uR!>CP65&6pFkYr%>m)`
zHwgmizgIZ9IJ!BSpLZd8sxLkA`by{%jynY_z!E^gSYsAz&cPv3bK5Jkhf&@YX(k{a
zr&1zvE+padg<5M8t7z1$R6605K_irL7fV`eGM5DgswD1)B4{M24g1<%bSWpf>fOKh
zymntbiENvvW;d?9Uo<Zp`CK$daIq*h7xT<pQ}R8o{3IH**=hA`i!4%%$-Taa=7h19
zHNXO1^bsI@PC^EAF~nsstBbe@c=x)fn%XE?sS&TQ#HkPuOkirYM-aSy8FF4K5yTm}
zc8T51>jqp=SA(6C0Xla<;lwL5jz#o%WA8K^E^1WCfHJGo3F)@XxpUBu+Xe!qO4YO(
zA<Mj|g9<iLiTS1UZ8hQ*Y#VH8-7N(Am0zzjV2ei4$^A{GnN#jqKpA3XX<YF_L@X^g
zx2m~T`o#-N=(1!@x;+j*ZpHD^GL*|ke&Ja}>!@>A)U*w5;(#5aw<hs{aeg7)eaU@l
z%Wm@TWx8a*QTa(g>HYcoPU$vWUUA7x!M!tMyA@oqRmCySwpx4sGWgWig}wavi~vlH
z(`5o#OjmXj6OgT^9KKR{%zwuq{P-Ez^Zx$wdUjRY^Z!2qZ;AFjS86#)8+NN;W84Zq
z(vQVkO{>`>PNCnoj?Mr|a6sGsDQ8@3Ld!zKLTf^{)QikoO$3=4Lm^r>9^##>O9uG8
zh=oJ>uFhtmix-+yRyY$wWKqMy6V7T#yckKA!N<*!r7Qp*JnSh9yU9Z3HH<q5E7zI1
zwL!Y(g~=@qosO&t^*l(Ukz!dEQV627VI^*5PUX*{X8vw2kvO^ri6WPe5JxMCgRm!-
z#+*m-fuT$i5Yqyx=2+14*UAg6!GlP~-sBkce}m+0j5)I}d&8QpjQEHmZLh>IFT?a0
zkonp#Qvd~oX6J*SR5bO@=bc~$ot}nQ5UzEe6A8@PG(os>pW59XwaCd^*WFqL64#fY
z^og5TuRsu__5hYFPgTMdSlA{8e^2Zd`2mb8C^O1s_zLy7(A8ej%7<aP{JT-|r=`)&
z)It{CsbvLb8=3b>b{HA2dRB#aaU|gi0W9H|U2ivyv)zs_57uGc3B#m3oa&%)M$)<{
z?J5AO_Tpyk44^l4?>m5CT<01WewGhFaZ-9AYmhra8c!Oh7#>sH`t;%&i8I~)71R!3
z5<S!+js@`5Kc6%=@_~<nJGO5Qlf|kJpQII_*nW;X1VtQX?W%-6te3|hwo1io+|EMO
zi0%40Yt`dcnYf~+d27)^M*ClQ(j#BI>&kwzs(Cm)x1XHmS{u}><jQv@oi%&N^ny5n
zCHn$xvA?pmu48E9-N&yyvuf^g*n9}=yd5S^&-7%SqxzW`zBridX~toVHM42}9ay<M
zhdj;?6RmSp73Z>SLkwNr2Dy=4AE^y{6rY`-KN-Xiy1;l84&wQ-{AG<v=6wd<-pnwz
zH(+sbZtjUi2TCWCm_^noOm@1F7mtm4S+3(Vjk8%s0KW<4b0@@cHic2k;d?MBsHA?|
z#=UqD(X2k<m1{n9qmmHf<`PLo+KGlJ)Yp1a7EV})(#n*nY(t%#!>Sx@dKh9hYV*r%
zh`Q9Dps(zI+_-VF@0zV)EOrbmW?ddHgOMxPS``BA{F`_HO}<8sRdw~hgJu@EbU*Jo
zi(I9^U9c}<ASc1rPmk-%eP``z6Z$fun}ZzW>K{<$>Ltf?TmW5V)@$Iv(FF5_8Ln$5
zvoy@?@mo;6Ko)Wnobu^disvHIre2R>yu+D8V-e3nTFNpouP!o)-wKo6Md2%XU3pzR
zwgJ_SMNgNo6fvaFq=+~%G>#X(&@Qe8-?Sb@piMPk<=rR+Q*&Um^AApWv0t}h)$p2_
zwVuUKSPFvS-#<hog_3tU@yRov;ezINt+50Nzq6J#U(HU5<qH{>VrI+NHwaVC$(f|%
z$+G#WU|fXjoHWKK^J$6q;ULmBB^wawC}KBt+az!XL~7Fbs``g}4z%Fwgvj4`p_$lj
zRXpF~hoh_nqCCC+eLN05Chxq6Y5SwF_fz2>c-173KIr_-Us0D5C|<27ByN_s*vc2#
zXmn#MJ{uRJlGfsDe&WsZbkriN@t1{<iK@DdE>ily=ezGIqFr+B9FILndXuEmkE?#D
z>%^IlJf*Y+@Kb9*1|5Q6r7XrHzcj;jrW5MuouA;Dj>~g`Z7{iNSSG}e)oo=#QD%e;
z<JV6T@X5ELJ;BT|67V!Fe(|oxPs#@@b-+(@GUxie-3HQLqnxYVyU&osp}3GAiE}o<
zuI*r3Ua&lg5s!4K3TJ2*w&dPJVI?bneTR-IYY;Qjqd@GHpebc6GJKS3MzE(UG80dC
zOh~}$G`Z`Y<w<WYCNBbpm{m9YJ<Elr3l|f6a3_nIE}OO6V9TXakS_D9eCJLpF<XIz
zK~Q4ksJ1v%M=r2|DadII<u}VacgFDglS1P)d^E*&wmu$$Q?_|{K<gBb;%g$@q)ouA
zTsw^v;4#>fMzZQpRB`aHI1-$VC1irQ#?Q`~%c4l9btGBi<E3dYKD{OvyuVfUNTsWG
z<mi|StMLIKRjq4RdOsPb2fRV?V9(kq&rwXa*0f{TpLdu3q9=9cLe`GaKgPC^-l;A*
ztbv{Aqh-zr(6&sRgAr?o4~DYTNyiY6$W8E}79>%f>ercN@ELmI=Bbw4Z8q-y3w)BD
zJMr}bJ@)(YO#&Z^h)b}7&;&|X8gG+XX61<I1XN&ur}Yrz{TxugvFU1-ZFApd>4Sw;
z!-D3QzuF<TFNm5o=|S{BMAVvU`OG0$u#r+!-{y^I)cLd5Ye5houJ`EoDbiq8!m4VT
zh%kbVO0<qz-02G<`V5pPiKjBkqM;BR4zdPhGm(mET~Hz`D>px)2GatKNu!uK;PAHt
z2Cw5%XzR0|q6M#UX&4$OiW59T4f+s`S~mYrA9!bB$d)hwB|{DWP%}C}$$HH5Imr?N
zEpmb$xZ@7hO`zC|TxjVez_|(EiirJjrO59PCmSaWrSOEkZG=`I1_#)oO)^QR*d|T~
z#@h*41C$}*ai9&NgE58&+v5cXzOe}?zHm=8>`y*p8oVYmL|S);6C57l8<+EzR%eZ<
z74F1T^8ukWdNeSrQNkS4&er5UrMy!J)il-=lkG}yB@o%G9GRpEHxCl;RzTUN>J^Ip
zHme7w-tf~?R!&P{9*^#z-jNXtj&t6dzpjiO#->G{L~9SCNkPI7C1fau+bPJeGRR_h
z!VZ|qy;V;`sBdE^=W9eogb$0seCLk+bVx&V_Y%pQ{oQtdfOZl$&DL2rRjD(;0-zKO
ziv3jfN>ki7!5g_mQCm8lD9Iq-Ew}7IKIE?hix-@KkxD+Pi)G(w<lL1kV=7K^wn+)G
zVdurcX#4vBnKi<apqCa$e>;B?SOT0b{6>1IXELP26$~&sy+6s;zS`5?Ku4=jR-o(=
zq&N>`fCs@xg5*TN+T<&jhZL>n`F3!*vv=GogHN<g<x@E|dA3+oK8q0McX4uot!p&P
zv~VUe4pc@smCTC1)?>c$tywd6(C34UooHqaY=Z_uQ;;&rX7xy>!;C)Ee{EZMX+GiH
zmRJ|u%9r+!uKmuOG^;R8vaLYI9K;ru&0h+o{~AR@XlhomQ(UpT{b<SeB#NXL{pu0`
zHykoG>`0tZ6X9kZQ|ZCC#<07I8TUKk&Q@N!lX8ZKbKZ+(=jZAcHV35%RL4+aVt27q
zT2FwHk8_?*s(w)FfL>(kqqTNut>8}u#SKTyCo$+7Rld3dh&F-*S3Cf)YjF;qF%IN$
z(5tMN&yWWe3vI_$!e0FhRV^8F-!m#8f^ze1&iseg**OdBlg=+$ZQBwgGdn2f=5b+h
z#m5lyghm0VG>EumB)G6mKYk~|zkA13O`38=jjRwM)bwYsNEI2!<@MKOo3MsdG(6jl
zB$cPL?P_kq*XQpCCX}bK>bAW~>vP4xvLKV#UV|-NzYX1|WGcN1dZOOv+IC7%>?dKO
zNKs+K<Y+k7_MEd;>C-u};9t+Ba7bF9&#a+5kW&}X``<d!d5Fq#TLZMY4dXech^#wr
znuHcoW{9c~9f!a)Q7=xp<^=5WX8;nvg0{iU!JM2G!W*xMU22t+pYFxU;bT4+w7((a
ze?c`WY_r1nVX<FH97Ow7PXbnwc6%YF&8m#%x4gJa;+-#1dntv_Iv_V5|Ij1UR_hHe
zh&4i@eq)qZ8?tqEc4vy#`GzSx?Z`a~d)a_597kK#{~n<}WY*YNm`Gnh#f{?;J=8|W
zSHo)ZS&RP?uB@xeE-ub3Rqp4Y$pjO;i}DeME0nw%0s-zbukN6F_Z&63XgO*TH<Qf0
zLbd`tB7O}#LR*g+gUzTCzL=~0%|^??SMnXg%El;nv(!fK^2VB1wZ_I8qO0ZLlWh0u
zv>$HEn|&QU5|WE2z|PJ6qGG>4j*Q{K0>XJ73L$ic&z-8r^8}&3+iG2nmquG%S^G5C
zUV@{tlzF_6;?6J@hj(cqDa9<=?zAFT=6nw~)aD2ZjFCWWkt<Z{71NM*y#-H_O=us|
zza{RMYJjD<lAzth$FadIIg4Mbzsfh2h#7kjk|8OQX0~ChB5~f~r&u>Nw7G(@&_8Kh
z67=8ei-5zv;x_?>Fy#-Xe}7{1$hXqpq`elz-Kwrp=vv}I$Nj9iD1Nl0YgnS=T{BVJ
z?5$XD;c&`xa$_A1n;`t@-a74=qZVT2*LJwuIn+GY=pR@G2TkEY4@InsHs>mX->!tj
zEtJqcCgida4|g*N)s(Z}kf<)4o6=*8ps8-2;R{ID>sjAR3F{Uo_@do25X>8`qng%z
zkr8ACmr@n_%wYR64=DB+^T6~NP8968afrEVn*tq5pNTn$92uth3mVb?v~#7ZE+R3x
z+4jrzc|lG7fl&BGAU|Wi2sc>^oB9iJYMR=?U#P5t${ZSBX(Pu6N}2cAx~SfO`(UvK
zqh#?`^*v3ULM#6<^3`q<BrPD_Hb2Vdib_DB&2p?m@^-hB5vQwN2pwcS{m!d0Zr8tx
zID+kZGRe0Q<X4BhQglmZLt^Dz_cPq-cgFha`S^0;k5a>5e?-bM<q3OwDgBWtiuq>8
zSI*ZViQRTSebScunuVx>!Iq4)hXThNWl(MF!Rw;n&SPvg8r}voxis2o%A3KPUA0+V
z-@>gWkeR%*OR-l4wi6d({%Q5YGL2=wC?pKJwHH0ISu6qM)Qv?nMKnjhpWeppd#B3x
zHsYyvo2O8C+5Sd-I%`j>>OTA6XSbM4uic?B_hd<P!^asSQx(>xA^(d^H~6kh-@uxb
zC+ncDe8B_!TA~ybk@<}FHuFuH2pqDi?(g*2lrWupsWOvG%rTo?C`AZMt6&dy>gR6V
zMO04*KVX$Kfc^Wa-{(S442k*BHv9W7z8BK9BoP!X1@JgC0wsi<Gv5Nf147a6PXqWp
z2rDxMGv0Y8bNmk+1U&=>8IF{O>)ICZ4Bpz3@7+I^0<~Ph-LIc=1Wy>pHf%7n1p8pd
zf^#+J==oL=r*psd4kCTi1i$Uua4F?}tsh&k|E9DSFTqv%WO4}egEK$Y!sk{I+*2&p
z=zLz=2L(_qpE|QK_=Xv$Ge7$_mc6r?<K>4*Jl+`fIfTyBwAm=oN-16m<99K<616M#
zW@2F@gSQbzmoQ2-Y|}ligTEN=bhHqmbjo5iVVPr%;vQ0w<=<w64#&qg{tgmRI#(p6
zh&brd#9rC8S33bZ%^hWicVFajSuRy2f?OI91gv3wGeZX9>-RqQQcWRyteHKfn=dC%
zl4IHS<NSR*r4U~wvOI@qUy2;jX<fZYrPFp;Dj{J5Q(DOyU~W3^8O9pWi)~wqZSh>9
z#T)N54iuDS4u;Db8mZTN^e`rhP|GGo=bUyH9XsK?MIoL)<9{dX%WN7smzmAG-O?SZ
z(5EF46(4kJAF|F7ribABUX@0)_sp1NES#%T>y-YzOSnU#f?3M-JG5VM4LQ8`zDEzW
zD{O->O{{t6{hA2l+z>3MdvN865^?Y`4);?pYo)Vxor0|<eIUn`B<!C68Kr15m52_1
zJic<`=d8DrBDK9I9ex|^D3X}{fPr{0OoL8OeCAHG_QL4gf;V}Ww|0(aT-m&?EgD8;
zB?r!BCfzExc2T7V3gjz!53=TiYrKgAq06-B$PrnG1SY<)Uq>x9*3#ZD1K~t{+M$Lf
zwE6N#y2#_p`Dj#j<KW3J*3^N|=yHvOfeKPG{1z7bdHZ*1M)HTgYzDtwkSoiwQEOG&
z&U9azwfhf#kSqKi_yt$QK@wy$k-x#Ty&SO-kzm@eq0TFInM$PL@F_XDcYnCPiFCn8
znYbmau|3^-PO{1@Q%i5v4q@!bx*PWv_Q{OpAz!1Ko8-3Mw9**uP=7NTMPR(wY*yAL
zW}qg0fREXNSglD-ISs7E7r~B7*a)IwgXht(c50_v+DS|wu+5*%Z=yR$AfBdB2=UPM
zmmW>u+RmDcy=w-gxrHLDsqF=Y3O;c@Oti|a3EC|e1+6BdYV9fdq_|1bGy_cY0cgI#
zJAd#Mg6ELEnsLS~LNE`_xuqTip)U0hWcFRlpq>pAKZ#Y{4;!J#MVtE_c`>@vO>{xK
z;w>0dEAPOE!*^Mqqz}x-PRk|-mbx7hRg8z>Li3-TtFE0&KB}1o&^|aXBHk~`twXZ9
zM||IgwlC-%c2wDcJ>h_mAtP0!O;5S1%`eubdPD*NeeL0rve9DVmBxoVseV1NPINR&
zPZNcCefibW5G!%_M-6291r(QP7DV24|4C!NExjy))e1*XV&2qp=B<p;2OD8thxwHq
zG|S$4TPaE=buMk4wWeau=T9h{AoIN>#WSzzTAII|*8kxM+MMqDkuY0{X%RPB&X6oG
zA(b%zZU-Z-c-~M4`l(lDQb>vGO%!^UhWgwxl#yI0E|iU+00Dt58=^lVrj7tXSH?30
za|@;)mb%I;bV=-QSm<-gP8R&{s>P!(t8($$?`^5!rW4tnh4^h(DJ5iTsJ-Sv<QD;u
zgu7XIPC{T{lu+(=70{JJ#0=AIvOCs>s>+i>ks%-VtG><WT|bhgA1sTzVRy29V=*gc
zv*UCE0$q`47Pe!>+~g$~nZn^Ohn=?;&w2qU7nlnOG^@R<Sv#qIHYi2K0r^I@kn{cQ
z&u4G71udjziTM@eEIPdbVuUx_cI_<+)hBqCa*CqN1MgmC6pBxpiwpOpB{s@oC1RL^
zdDN~17oV18){qDx5<T%pIBj$3ZZPWY@yoFW-mirQw&;rqif1CIi)i7f<$rO;N@^}w
zR8*zLr2sH+>+Cpk&sj8=e`qtr#tNqooGW2z*@5-vBZVmtrTeAeQ31x0w5`#we=eo=
z*ipAv@5pSeQC8~W<p$yu20DFbujfLLP!+)$;Q-PK(@WRM5+b=WMPwpW>LBkIS2qJj
zlY3|8oPl{Jg6YBI1p;Bn`T3)*mn93Flt0AzlG5A@<U8L8g=T-oDIRU6nClPU;1?AW
z1oS#{?zJw-^E)K*=Ps(mo#BtnZ>H?o?*F|+=lg6)T*@AYl}KgOAFet1@%o=&4l-u>
ztl`$}kPVNN?cCQAGWsX_;kUz6jHj9yAECYXJKJHyiB|3E5_hjD`32H6qp|t0%CT0A
z0Hoks*|;Cs?kR_2dN{wUi<(B1pe~TVHmd8n4%(YEG0SzlAkQwdXU5K})qh9(O{2Qz
zDB}|~hm!J$l}0jR-M(Zq=m-<{qAbBt?UWNekA*LsHdjetI5Ds3lDTUul+v9uX9wk0
z==^hTh3kdl>l6En+*dY>6R(eVjm+<v@p4wbgTG_QTD3dTrkzso=1R~F+KrDCzoV+5
zhS~<{5+xP5<s<3xc$j7_ml_*=IWAv{@y$+(ucqwOTokU9_(Z|z8wt%ewd%W`%~NS@
z*xmib?_hyaZ{$nNJHzi<^ZW9c?zp)-{LMc|M`h6{_47lNrzKrvGJBw6&$Ow!J$x;)
z!8ES(LpN{VKnjOQPJm%JkP@v`SlR|Q<_|^gX@9+%k5n3**SmyJW!D&Bh&9SHp5n3L
zo=Kd4EXIn|`l3VXvVot<4{qqq5wMz7)r%F=mlfkI^4kiAz;Nvgfv^R^=yN<ShMyb*
zeH=~=L&1qo;^V@3bqInXvdu~HW~)toe0Yf7^21DR(dh61{hc|pVV3xUkM4_bT2FMb
zvFXVav*Gl-WBvW-H2=6_<;MF@X(GMz$`iK{3-?qFzG<Q{#Xb!napujm;;Y1iMmH;6
z5&4#cgU0)690d{iJgbx8jH-8L!-?Cc8uH3&XZt@1kx+&;eV}~-`(hR*ok8E?IK3B^
z!372*CWA|%5nyT~l)O$m-GC@bKR6gUMtZ+V=>;tv#Z9pezEO=_o)CK+Or6pbR29J9
zbBFZhyNRFbI{5>@g$HMEbnbvV?l|?P@Vi&YjhXAfu{P1yqfpuJC}-Ob8v8K^ZVE}u
z#^!r(M~i}7>FPa3W5=s8xq}~zNZj1RM93T1^)UVozCp*-^sflYt50`~UykV&iCjDf
zO1<dMUn3YiesFN+LmFQ@oOy-)dy>=i(v{s`-z$ij7;DwW$hZcf!aXC3t>6xh@n`-*
zLQB^7yKBbbH0nZ9nX_kckj@+%hQxFVGW>2?VArbio24)gf4uKJ;OQ%t2X=1>@5rKT
zolb~u`yl(0gyw;QdyxfLq&@p`^znV6b2&UU5xP_RD;YW&5z_m2z!0roDVm+Cp{^No
z8EVsbMg91_YB?uvr$(%AKC9#wnvGG5XU#6{k$gBv$wZ87GDJ2UvdQTs`{@_}4=>$>
zZ56s*?PE$15<$;0h5sHwPkc6`|56_O^BdD(E%br5<nx6oNUjIz)~+8YTym(50pJxF
zykf3)?6>W&&Ae%h0AAz|6{XqwmtgdiVf5sr7=J#{9sv?afWEQ&4^7N#h-G&g)D|WG
z!VdQ~&yce{n9g53at%={RVxom$(WWecBny->ynC=MK6D5LAW6z2H?q7XJ62Q0Qf!9
z5}@}npy7<>%^3;6gMx1K%BO_vz{(7y7YdBE0EwvF33gJAUR_}Hcx0rj`S0QP7~+Wg
zW5#R`ZtSE+2a_}@)38zHk|cDPn36BT;_cF|SgB~8!lCY*d5>TmC=J;Ds+6B=qb8*z
zg4u)hNx^Q3tqyRVKbC|W-fIQ7#9n~MG<cbhPad~ZtDD3yEyh-chR(it#|e?8im^8B
zR`&w4zZevb9R3+-Z~^~N<Fz@$!i_Tsf{5PPOawfOmE>-i_zoZXBNZ+!6}Szk+EJ}l
zuSGRKRynr8GF`1EL=;W|s8xpbMGRYDe@QU3a}nAk;3hR2>L!TCSZqekd_wfp1{0hN
zTr_DV7HO4xqMcE3zOyI}2)lRSHu_A~B@n*D3__`KoWxzY)wtPLz&bj<9hJ!5s`Jj~
zcN7OmH2?BfVB2?{p7_{&=fI`8$Z??9Kj=+szROuJXE|a<{c{&S^DgwG<_6CE2=vdH
z2xc&PvC|t9j7Uu*%FHEkuxOwWClPmYoC6)6>JJh*Siyu_j=Z<$G;NkkwrUZEt0a<*
z$D=QD<2YFk_QhDm71gtTVhP{nP4tqxsTG&M%?0#&3)s4z;VnJ1S&m*Fnr*lW26@#C
z>7BGqX?^NkGg40T2+s7UyxN-TmN6_ftM44b|NC;(|7ICwd##4DF8+f5jr=`878x(u
zk8tJ%{~-G|uc!XK=hqZNx}O4~BwjNA@wg6+Kia@H%^uk|AR2b<VP60B3ZCk-t^cO(
zJLY5yU}`XFc<xJP6Dr%36k&hORCeP0*<|)T`{g3)cX~mzM&q^c4!NVWCXRIJ31#bj
z7J;ns=XXTW{Z;tw%*OJf=(pIgTxq<yi`#l;VPDK2S$o~zZ-JxEWLr3fz1U2vYk~Vy
z+G4k8-;X_r#{EefYsKTPuK5|CH?$Z}79|*;>C)aI=g$ib3%TR2<qrBi`#d8$!{=~x
z0Q@Jf0zw0Je(y--+LExBy-?AKqDG?&Mhe9kE;KV>BF!UAT7MLED}4D<mO+NRJWaou
zQq)Bj39iuOAALwFYkyT9Wzia-^USgqS#6}(2jsVGhmJ_PVXD<U5OEsBD}k)4mXChp
zpa4kCl3&Fh%;e+1Tv}zJ7r%vmy@She3uWomP1R;xR7-shAI5#4o^e6a2&e2o#=ct`
zX(xHB!OJ4_`3tKFQv`=Lef}Mk0FRRS2`=*+g#31<@`AAL3kXC$z%Y9K*LMT_y5F;P
zB+{kZHS_lN?V#J1p@_!cL-KW_JO1p#wbW1IfrQ(*p33<CCZO8JMOe|NlKUbsQ$%$m
zp(NzYuKm)y;w00ng2c<_sg}E!`Iq!c@74FhlMI*417(vFOXdJ;e7cR58ql%m#)|)U
z^}pSZWs2i^x}WF#F3|Ioj*4(dhq@o{*%1TkYTxFhn<|L%G%q?w-bx8^{qRe6N5~j?
ze2*k6Oi^q-D`W~xy><hNC}y~0{L>zi#r@^Va^&qdo+WMf7F=z5jwf%?>p=Qsv!L6y
zd%1d(PP9hC6X+<$Y$jztET_|G4_n5P;QC0?le4M5)obK9H%^N0qWCSg(z~v<r9r3_
zRi-p<^R*#k$L?jxE^dUV@@9QqI`Qf!QEm-rvN~UAxxJ%O4$qO4ih1!DMhEt(Zy+_r
zqQoqv^@p;gbnoaJfr7SGwWZGRYCBMEqC;_n>BWb6P15pov^snN>NWuKojceruh7L^
zA({FeuG}Ul4<3Uco;OLH+0Qyb@jWP7I|^z#u+t6x?1SR#)FlZeSC%Js`qu44B{tap
z0j|)dk3)p`0b4K>^W)(SM<$OPqc@75=gK-9xuU^8aKXCX5hQOpa)f^|D!o<$m;C6<
zT_sodIM(BmvL)${dN`)zIc3dty<2mp?AILnx>XB<yd}!E;wExl$(7g6!@BD+1Ga|p
zT5gWqL0$v_NY^7_q7yfCcmcS(GmXGIly?wGK*`<=HpmMmV0dqa9z+l)DtSYP6QBU(
zf(Rh(&65J1got)smlD0Z1?SBHzTA}DNlDESTx4yG4pK>6*48?E!tYLR2lm!7U;-EI
zB44qDgFE)JFbNHgyZ8dR<l?r1Jtdgw*jQ6aYQ}nfpx66^82-R(4>&{LGzZ05_wkKk
zSj7W31Jp-ZzWl+WOGl_V%;`+#%VMgaBUZzDs<q8Ns(-=)8frEtQZ>a1CXqF_)U}3P
zP4R0JO~oo)URi(p@dXzF@@o7(ut(CxSX$rJq-E8Mr61EC^J&ERj+Z6=5_wf3e*+vT
z*brbcGf$hqtc-sDu+r;RBjpso)CTwMF?)zc>wJ9DJNfPlS_6R3d@JrL@phfBG=;o%
z4e_#oP<;Q{9^Ee63M+dhQ^;=gX;M)5`mDCc;ZM^;vX2?FS(~de`Fmi=d~5p5-wQC3
z+WT$NTqJ3wrzVDS#)#gK<CuCTPEg&G)^&$~!Nzy2Cj{-s)s1-A4RlzS8rDPY?7i#m
zQ!BCkFO{BixW)`Wt(XBb!9FrpeY%Fwe#)c5u}{NDH`>>jE_+vxg8A;(Ut)t@n+wpc
zwjN)-VRoz?X<Hl5LV;?1tLOe`com(B8+KUIK7%o})zj)ct=|!jBV1}?YVB+0NKMB@
zvOIfB+P-ngxi*IO=4!6>YJc|7GdZXW+@qi_p;^|`TD?Tof%XaQ-C9gt<MwFGEq}(5
z_xt9rebh;HSLjm1=Drd1#XT^H@-VgC$_`ZTC4H`{WgSW1D-6X|;{qlM*4c}%i`)@c
zCPwlRap7*%$sgrBV9_bpAA(-A0MOK}xiPTwB{Q|dGs+t6tFp52SV|o8885<9QA!=^
zCWP~Mym9mi3&0m@LT;62#^breING8S+~%!WL+dZW8aPl3HZ63P!#+8^m$}GmK#oM=
zMEQgOEyC$W`$e#IM^^#0$bj7$S)I|Ya8&k|WO7pM!SqCX0A~3^B+4~i()iOgTlzkz
zu-+;uJXAcSiN?zc%4VV~7?@=OdO=@TGqGPqS#zlfY7tOg26lu|%RRbl`8r{lv!;$8
zY5wNjMdqCTo3AuaVi+!QTR3$QcrfSC*TxH>L|8V-p1YI2D|tIBz;XGkS&}W5Yz2>K
z<Vei!{8AXkfWtnB5)QVnk=@P|)6DV&0lop+4g*>Id7GMXP%OaIewvLxn^LC;pJz;o
zxVfr9%U*}Hb!X-)HN=D%P^s_1*_BTgI~QF&me=J*S;sWKp<-bWHE2E4m5?vTWnP*M
z%T1j8!&ei6P)w>LITi>dJbrKX=jBD3a}lTS5hC}`V#VmF_(k^x9dK{u=tEs#(Yu27
zr}yn=m8BbSqe#m2OWyPBRvZ|7UBKb^UVtvX&wJGy)Vn0(bQu>~-|JrMqmz1Pn{4GH
z30heIZa<D?{?c$pm-2N5kxn^&Ge^x+J&zCM#_gx`Tr1#RE|3f+S{|P>hM(IOrZX9D
zgQWm7eY&;kpM;QjN2GYydoyv2?LjDb4)}Cl;B4xN!4+qQwYO1mk%NC6ulFThv1*K6
zYlg(mT`sYl_2-SsZTJ^#2fn1l_k8+AaVn+5gaYCPeX76bQ1wStkkp_3A3J++Voxop
zE0obp!~)3tdlQx>6I`?hO=lR5O0ewDlL>B0zpB+nB&uLYUnP1!pg)eeoF`vBjfm*V
zzZCt_W9&k*vAa~PYX5bbflRdudrV43GQ<$R!B%xSH_JASFpb62>ai5^1DS1YTW2ld
zz(skqgb1qSl~e%_u|z-g4WJO)!xI;8Xk<y!KXD|i?A@<RwDp@bVSEk!pzhU6_!tmu
zcTehc4b$iKS<UH%GRU%M%JYGs4=`WU9>&P!t;E!~^!NN;%0l4=#aUN~wmz|ksJph1
zLBvVVZ$Wougwzt!%vIaAd{x&2JumYVlZZkd4DTgPZ103iQF57RG-7lrw;2+rU+rRW
zM}Ldbjk5xGsasDqHg&a9to=5?@4GZ1k@GuR%pr{=R$-9N9coh&^B9^NG61;`hoY6s
z6mEW;mar4(_9fB_#jlR6Won=;6H$8vBkPQn$jf`rBK$_%CpyAlth72v?F695bR;UR
z<z-<E8q^Du`6V(gVGfIjPxpncm8vqd*CBz$6SE(d?2<ee=JuxM9JH30;cFz1`uQ7w
zm9#%@cB$R$gHAFYGJ9>iVsc(umJn(t$YXv#*yqzd?h#urV7B6i*Xu?6zQNfUer}_N
zYy3c~ttS-%Z=6Gk=FHb$x3(9t1q+YvO`l>S4sA^flam)$Ab&^k_8X^Zo5qi~t*y-A
zC&hx+G3L0fjPh%#kZ5z?pR`U#-4^$Z;rWAG*SGMwOx;PYQ+Q9A2FWO&vQ~J)#cgVw
z>HPAKbySzL9G&NTM2D{(SM+mu%@2Q2KE0c7xlQ`S?Pomm6u%?fl@eaVjWs0w=pCc+
z#Y1M*EA&tPmgphS#H{DDBH#e;$E*EZ{6tLXJM_!(*iOq~P1rYG$m}*TxMQK!Xx|-0
z4b{uHZ$h{gf7`3+?l&gAXJKt2V@?)soU(~$JXDX|aINN^IYGBrP#*c7RoP8<E_PmV
z?^D{%R~~=50Xq8Y6(oZ0NJ8V@>ue}vhP?ogR#@K1wdQvCo^kpO(UK?AK&|$U)j06k
z))zi}Mr-GF!n2a_>Pq~E7FOizaEta{kBMgvRDdV)!0ThhwL^IA7Ev6yC1$%|ShW8-
z3<(59z*ceNM<5~{M8>!`Qh7r>V8wV%V&U6K*fS$`;|=?M{w=)cB^C*cHn8IR`#ONY
zxL|n3^k3vGD8~7{$_Y1Ii@?t){{#N+=5Yu{0yQf(fGcnEID|@jwa0;EJzBfkoI+dZ
zn1^6a|KEh7xw|V&*Ibq$U!HE>0V}5KH_J}V*q*J}=N>3Bs=f8f8)L3cr65sI!8zEt
z{Q8Wb`-LeCJOL!J1<8f8Y3$&QdaA~f&0O;%fm8@Yjbg8+t}~E);R(oUhmEhsLB>I%
zuR-VFRNGf}U&Z2nu%&MpA((c+2OFr#>0eC<<{rSKzs9lvq44;#4_Gl=cUg9-#;$Pq
z215m0Z2yB>^eh9+be+oiK7xevZXRA+p#toQ*)AIvB=GNo5>+3b(cY8h@cjd|Z9J^M
z1SCaqRNFDP@b%&8{)2oM0Q-LZbrt+nc5U=Q_&==mNX7=l?jqv=VL6R7_N>@_<Df(}
zhU2yOUb%crpti+_Kd4tEFskj%+a!PO(GC+`%Xse5-UV}ZOT=yuUX#N5r^Xmp4zrm8
zp<w-kWAX}y(XD{Yu-z>&ycIXz;mRsIwOwqlJ%nI=x)17oi(|m`24UM%*O~`N;D3Aq
zOvnEhb}8q-u>JoZY>t65Y~aAv*t>B_KiT;xs7K-B+x;U5dxHLjeZ=)I><G?(VS8|P
z8hwz>whETl1R7siyc<{i$0h+||Kb)MxrRjo!4Qak(2%m*hz;E0+$tNUWB)(84OhWS
zo~Q$^|A8$Pw!Izn91!^-8EDwaw`7Nu&+lv@d-1J91fk}#5!RUPFS<;JZyg5hS=(UL
zqSTCn11(+K3iZxeiTj?(LmJgY*7Uw5!~R3s0m0JCD!zz#P|u@s+q<nVUHB0;P>uk+
z=YaF>>!StUjCz>>#@cp9{A)yi=zop);qm1E`tT0lsI-^NU-}X}boxLvppD1$^5KMn
zVGk3a1gw8h4BnDw0Q1?0;s4Kv;NV>@93UE}h*7Ku*Z(nt-UjwrJmU?gn?VlyxU*Je
z@0GJtI>?x2Z>8d+-v0HWvEV<_ITAQ(>}{I@VPN0ayg!%$@}tZ!{GSggA6{a2E2FUA
z+4ep}xBs7@=pzw5=8KyrI{JDpnS~ZmEDRa>CaSpDNhNR4Y<%emM#>VC0!sd6xnyU%
z`X$FOj!~q#$XkHZ>97QSVy2(yL#rFEpLTwkxUwk(Q-S0;APpdZd{7?fz7K!-lnA}s
zs9HFo)QH%Zj*{Kty6#q@c_pg^<2=ZXC|V@W({hc35GJ}JM!z!dbHNap$RJY=DXHp+
zAIPh{#ezJ^f~MYzw46i<q_>byd1N=QmQ9>(%r41Y^v6aGUJ_O%sr|$m+oUBGmfUc<
za&|gYZHTwS{u)nIm2DSagIg@XV6`P9(Lbi|;Qv*yWB3#Ob)^MJkH??lU*@)kuXX=R
zoZx>dSn(g?GM6X8IR7U&9-}YGfVN-3KZU3oTWbP*KmsWch#JQR<m@)$0N**cDuzYJ
zuKyRA$prrhZbUZ%p3wvzqQuWghYtN;35zaA4F&v1av%#z-tS)Y)SJB}AaVGN#*W}9
z(38g>X5b75*yuR=-lHCNHGIt@i1VQq(;`sbgB`5Bqdf*}w)JKB7x=qn_>9_)&xGek
z9LDZqVFT@IC*Es^MMwV|_8SHLb_CtF5&zV}SDyEgw10k32B&{FA=vTXu+JO#7x)p!
zKZ)6?^$5N=eMTS9cGUhSvkHbk!c!&4n0)UGk4WUMD>krz)8Chm^lN%EnaI?0_tRt0
zwL{?@V%vMvEr-kVqpep`+|oyWf-()jGmCdPZSQ#ur)+y3WjCDQ{~8`>@`m%zr*sm6
zS^sSqS0<iaPyvscZD2?B-39#aZ&`&Od5y#)lC~?11Y#uU(TYvK(EVS#@SDv2pJ@Me
zJCh4od++Ff?V@GtE4ZRM>OW?Wzz6?NvM2U`(+dxOtEhKm6!>Th+H3d->j>ktH?TU+
zyGVHLyT*Ugi;Us52dYPGINBCOk^9kE{u8>wD0$_*9tk%$Eqfo`bEYQo4UC23PxaB^
z3jZ&<dhgZ?ji7yVN4BiZ5T)qwsEeA?lWwrS92N7jJeiJWA`eE2yb%h>d!T2B=likI
zU~$|?E@-^sDfs`9@DI@K)~v40-Bm>Ljfrur9R@E4H}^mV0BPFZM76G-ID8*Qq8`(4
z1Q&s*D8^;IYza4ogra%>m8FwVH09s?=t<uF_|>a;2ajNxF7Q%zGg$hcJ8}Mrtp71;
zJo9g|=1u)u2I~Kby<lSSB5?VC`5}SxuEB*1M#8yK9{$J}VU!-Dpge}Xqskj;0ulY7
zE4ICATM%tHFT*tlXLlFjhpz-+-<>|1sQ%&}^oN;L|6?XA4&Q?RQrh+ZYCz`S8hDQ=
z`NyV>GZXJUy29HX@z3CI|1@qSo^I&>_FsEG(jIBP*q$8*fIz?ZCQ+(I-j|cDG7TYE
zMl!M`e5Kvq0da4?&s)6MOC-}LRz6Y^Bl@8T$S+2Yx3ZEZ{b9hIOiAUpo=^wJK05eP
z4~Bi0BtB^={?Z_eG){h{j7bezSj+h$1zLt=L{nKWQM^1?&BBV*G0Aa@RL(Z(jC=az
z_0+Nc@B_SKoU+t$i#Sex<%~%!+ES)u-SK@sOHTC+>=fB#&J64{W<*EPTj7b%9vyvc
z8*e2!euNP#Gv2y<CtK(Xa~FDZ#K?z%%3_x&qYusD1_o^Tq=u>9^vSfAoU$1TDztkk
zvR#}6l?taRvelep49V^-<)S|2f;xRTmTSV%uFE#S&gK0^)Yx;y6FfI3w(25;?Q>>D
z|G{CL#M;EjVl`UY>jey8j2sg6^#B3?$NviKfF7ZsK%H)CXA|xO-~sS0!f>|Ug}w6c
zO3X$rLz-Z~Vb3e9W4Qs7L0g<MqMgGbz-QAnHzy}Cz(tnqwym9%$x(PJ!&S+pzgs}2
z3ytBpQHgH{HTw0G{03?McIIYASZYgx84<8q9cVGmKZM!4DQsPUyH7qRVdywVYl$<c
z4LZ8M+RvWnYkGe5a;B)e{i>-s-5=i!>#Mvg7!!&5S!B3E@sWuF(iDc-<YPmH;&x^e
z)|a{Fv$jwppKqvzY|_wDx$6yc{-&Q5hX}dZ7G|Vs5l>s5(uSe$=W#E}HM0%-0E5oc
z+}iq|K0uGpZqC`k89R8SAa0sG56GU<hzG$~V|u1x#=xPPV2$l3F^YJs0?Qkkzu8L6
zM|UD{F7?JEj)F-6p))>sYTZ0CNqRpI?icV%q4R6s$nwo6lR8wGI$ic169Wdf7@ipY
z-{-pNi<B>Cc!V?@)-gw%Ju=}${n~sPx3FTZp0P$(ABKJXX>;4S7_+r~Zkg1`F<%HF
zLbayH6Kf&Q2R&l$$~*iF=Sq$h=Z~3*thTm(z9e1A&!&J~YF!<Bb*r3Tc(!x8UGmR3
z0{j8|m91Bp;zAUB%F7mU4HBT%?(B0(<AIQsdvq+iA)(aaH&SA<KPw0JyP-iqJI62G
zgwk76nxUa$4^6>IHU-mxZ(ewPN4a$H^<U{lM0MzEqA|D+`n&ZX)5Ou{VnW(|r+XiF
zw6cHWZJ9B$1R*&b`A*0t{whS(UvZtE9+_{wEtBWXJLFE5KONhy5&SZjBYibKzTKb5
zIeJ<=X0u_jZP6J``Zmm)ls)(MmiV#7w{SBM44}Cw!QMs|C4C7K@0TvuLN7o+w8Yz0
z%#UoI9~^5fW*zia^jNb}Y+JXBn)3gaW;j|s(B&)Aqs?W}xE6TjnVx}gsVu7ph}c8T
z_hNR<rQV0LX0Yc1nMgl}Z}U29S+z~muA#0T;0_3Jk|x^0<m!k|a_u{55c#QMRZQ_F
zmwoP^?zqZL%6U6xjv)UwoR)P@5&OuEx?-I|p~d<d-2VMXR|D9>QoEtS`HP|T>Rc6b
zZM3)95JH@z%_(dt`rN`_lV{kX&Z&gr&tW@81HaZ#RzJ54CD3#MF{HQNQi|&)uS*s!
zn3iaLT2Ji1^AmDyL<gEryOC5nqb$8#L~7XC&24(j_<p}MkDqRcyfZ8HQuLNCn~r4k
z85%1lGcP{iTrJ?N*8DM#<DPGMnTy}FurLwn+}?KrJYW=jHZRKw6>U(*U6W1thF1LJ
z6L$0C;Kr~L4M$78x)(}wGP!KAP^Ar5#X}>O#1C(mw6}5sW%HbZ@g3s=IWW~%8~Pjr
zAsdNNl_Hg2#n~Kk@;1?Hvl5tC!D*SPGn0+3!wWAqT)Ex=Qm08$aa{9^`uhM2X2{s$
zbT~c!M~V9Dil?@m`j@R~ou}d1ONI8E+_s!l93?Wc2JJ`R*Lz*mHKr1yC0*wW;QIR6
z3T@wb949rldl3y<3^JjeEGb7Cq!Ku-)TPozi|_M>T7&0~%sLti4pZ}|vSKrw2mjx)
zl8>*_$?JcwHfa|Xeo;)l7bA0FA@jXB7X&5?2Yi+6v$gSbZ~k&&)5m2Vvh+46d-@kg
zY5PY-g<!Y8`^6~3K2H67(PDVTvslQIf`i225fN$n_OMxER*<GO@NXTGq9gmuAG8zh
zag!wEKbm+|WZrDHHhp}|zZmoZr5xh&#0I!cQe&K{G~M6A+;`K+83zjp?*Hx!$mV^u
zt5#op@nb0-W+=;QLS4PUVyU0CQx0VwWE?j;+%%UE-Xj><yCaHeEo`W$Iv$#9L2YT2
zSR%5tW*%7s%!#jqGKpfE;axTV)Hn36IeqLc2mmOpiK?;3KvI=uwc_guL*BgB^)M{4
zwa!US0myM$vF^Yhza_OYIIUjHXDoQJ*)kdJ#>Pnr++R&pu}G@c=q24$nOW+cHD+0Z
zi1{0oyeRQ?_ks_)s(d9{ZGL*PWYVH3CX+v_@jcr9y*};6+Dz#CEX8Y4H#IkC-|(HH
z#WdBz-dK>+B40OtCVM`AeV@T@BFbOn_KyP>mqwRrc;A;U>mW_4ki!#+DJ=NXL~;3(
zqe&Mbt}va`KJrR<d?xkQ;-8d=)(j+i<J35)1<kw+w%eTT6tB&8v;H|{#Z3zmX=++e
zXAuK}e~EoU(%KhwRGqc%!y+8*%E^e}D|yGStyT5)$j^53i`&^!rzESn;HMV2bh;B#
zXHa<26CEV(tmlL>=DoS9T}leaYlcw?F2ep<mWB&-Ka0S4=)6E>W3}AhxYM8E5z3%1
z%GTC3@|~Q8;_fqR=?z<Z+mP~`|6YFhZ74zYmam($N__G<<Mp}n9Q-qm3d@Zc(shx_
zWM#N%#Y%n?U%MgZZzhZ_$tM?i=M0X-EuB4{xt0@8egnOftahjF&2*ETQ{vXu2X244
zs}}k=S48(qOh}H#X%95D0!l@h#G35dv#Ywv8f7K*gbs|`kZi~0D=9HJoa=H4F;i@Z
zbyS5SFF|ZCeH$a9%oh2?7WD!h6wIaAJ9}+w3~F#bxd-{a5C1kx#oyA(pMeHpfkPTV
zJ8s7|N=JezeW^Qxs7@TDp-fCwxM?~Av=wrh+!FE@iv14$?dbGKGY>V$0c@ynwOz=>
z{aB5C)KagW*-q!EPE}N<ADyN{4veEDh|m7hD_v>ye`1hY)hY5xa71DcPjI|QY_?P~
zS0ocxnoY^Fbct%jeI%6jePK1A<6PP?38u?glVteYlJ;$|)f~Qlray>SgA;z18|W7_
zr0CDl5UZB}rfUGVt&Kil@=p2uJoGCbz5Dw4cuZHD@O~fmpXEWLzLBX+nh~ZdzyE2z
z6Y9&BZRQill#g!WlY~VGn(MjT$D%17N3#zzy;2=V|2Y^5zZ!!*80kv-j+Xv*c((JA
z`%3l8)?hfxqm*F?u6_mi6Xkwi_7zse-^T+fF}$!q!SZW&?wS12g@sPyOuX9Bv$;C6
zW>lt<4nidd`OzmQkv+{q9Xv(|M|5;VJ{<8->DkV^sLn?2D+Q6Uj-t^HvAga<FZZa<
zZHllfeuTyAAqhi&STHEVH6K#HNjBq;_^f<j;ULJ3l;a0}(F>)?l^4$rJltrK9(jHz
z=}y+2soJy%%&(a<)2(i?jN@V?7;FO-XrnIj%6dphrZdRg9t>I<bdKmV(~>0>+WL8H
zn3!r+Xwve;CH&yP-3JJB+x{ZAuQA1>B~Okive|B~^bnUIMbzWltg2yEnB!B(wKv+z
z8-A#!2Z*c?N+aps^#=$rO4P6TK%NJPJ65$oEy9RE0=%Wb9<D$oZw$!zMQ9;^)#U;f
zsISY=)JBDYFeeQ-5Sy&!kiu+Z0>1HqKOP`FjFQ}eFpyKHkiIA;Nk&q=yWWB3;w0aw
zcGkTEuYv_EDD#_0^RGRSMpIrWcgT7wA;B+(%LTAdM&<CHZyvf4u22vL4-m?RC4s~9
zD+s@Qbx}Rf8>$B25j<N-O(rdMBQz0YYT>VqO8n&ya~3cfap>PWU<I<KQds*1V2vde
zl4wuTuPuV_{XEr}-k8>VpRs~>?B%Xs<*w~^WplWxI==@ui6Q!{A?9M|#w5RQN#+`P
z%%qjBTr>`pteicDDb~g-Czh_nNqBkt?VFNhiFw##XKu(pcJR9>`nW6m7VAfXAMzz4
z$h7G1mj;l+x&w<GY1=9^0Y2HJ4A&$y*TvTsRVfh%NxE&Xk_TqR8M|U#+?YW*_;sj)
zKM>eVG;ohe<T$eiDWkbstmpR5J#V!V!i*|N3Rqn^vn68M$mqMLs_uQxTPX&=Bp{tR
zdsULAFO41$XnE5Lir@f}Xr`)0EDeNNZAK3uwO&ZuxF=%BIOrE^&MpftUdkzA&B-NZ
z%<tXB@^F8|jy%nth>@SaFnI-`JIudz%lcb3>=4#qZG4NY{z{@)tPOS`S9Vrp?t7m3
z)Y-kb$Wu7|rXZGWcoe@nCII-^4tkS+GG{xuk=!lR7WhUW)r5~_f$=CL6RzWc)6*Qa
zjSQfv^u$U(AsgT{RHr)6boNLx_IU(m^`|aqX>)}n=+IcBi3i8qvr%8tvN8Q>C%4rb
zVzjHrX8E~|G=!JA`l;(%{dl%|7kBFRVaB(^yhnw-Mj^cC@94a!0cu!5?3K^Cx>S4x
zXQ}d_s^zaTWSPV3=*l01b3JlXwRPLB45?tVJWbcBwFiKT`3R%P74}~SoNxFGY8_f7
zQLn@!{TGOqPo}GK^k>!%3!bp0+E%cVNsdwo0Lbzu1XRDoTJj&vKUfuZ(x|C(kvByt
zN%3an*J&T~uUeT~BI&*ZmQd=yuAxtn(i2@<^cPZnOxO}K`56?gK0P^W`Q|)0`_`)*
zaR~FdPJcqRa%9|@h;x+vlMy=qv(ba&2nBHNq1t|%fxW$9BYf>wT(47jYY!cvGJ;+K
zuYLTgwV`@pA8<6wvZ3l1v8yYvNKN8PE1agaqwDA8O{~osyCZoqVbu7mkvp!jMd^OD
zRvIOMNz?pe{uWBHyhUf|V@UU;od$Y46~;E%QSd0SOC00mV?w3v6VP7L9L5=SmA8%%
zosSUD_LlJ+j4g%l3$!0995PX^LUkk?JvIllkTAW|eA+1CYD4;&Gi{l4-2|b;WuPv2
z#%Z8TP-N%{iNBq}jc%;8?_jRO8=U;Ydxoy%Ii5iM6K~dtYh(vnKzX<FYboFlQ7Apg
z<Vt3v9CkzjX??n`tppGry_qn0<Vc|}pv{h>_ydL}Hb3Z70z>Op0tKLxy3pl;Crdc9
znGUC|@RFvakx8DEu}Ofdn~OEk>gmHLhGB?2FwFXPMg)OaeOotq>fT-B-#Dc1EzLD<
zZwxE<rxRwr2{(E{tce&bfZe1%PjI8s#8GN~3tg^)qLB33LJ7ZOM5J;!dZFX|Hcl^a
z-W#F2YJ5w=+Zq5dow4{aB(o^973dn994Z#cZelRiILE4P*li{2+7F#~<8AwwoPb8=
zAaSkx`-~DqmLbh<Nhyy?iAt;ico?rD)wX(=(|;AkcSKFFwmhzVo6iJm;+d%ojG1h1
zd1?>)ZKofS5yF=a()eRyH~^P5@TVb|hcQEbN^s;Twli|!r)=4|Gxy&@Rq9|<<NzrR
zW9bdL#ehiJNtLIZb#5Roz0GkxBoNT$I|JgM7si5f!cE^g@5HnLLo&fGky7mnTVjS~
zYp{#Lnm;OeuLt3Idzqa@W^<E`;)0AuU-#_|eYemFlh8Mf+S?!<NvVYOHds*Mi_oJZ
zK*Bttb^8Sx9OR`e_@QyDgLd;HZ`WsscY^YEBfr(0za34<_%vUkRw@1!hVYu`Q!=a1
ze;y~kGHl1ek@Yr#XhSZ-lS!hLu+cW?YEPN|{{THe!oQ<+X%ehU*^|(DHUSymm;N5B
ziWI8Ky^5;j0nm3rgSt!$@4xi~O{^!#h=MHh&}bK=qyJ)(c5y*Td)^P1)Bz>s6FndV
zIk<4<x1LR*9%L2Ec6JX+=<*s!I01P<ZSV=beLz55sQI3`1DbCqkX-|$kyH`;Sn~0K
z5-H_<D-H3-P>GiT<R6PKCnJIAxS;X6>=AnBUX9fMH8bZsMXKIFZb!_;w~67)>M<L6
zYP@EbJ&NStc-0)tvbxqq)gU9h1xEwEp0hBCvp43qrKI@V;;=ltU=Wca9^Zva`9Nj@
zzl*#`^}T1%$X@B587UA9&eiKod7s=MEBn;BWEK8qqwrPuT1b7O@%L&_|4E=<c>5+E
zsozsepmFj*W$)EM0LHSWoZSd^?-M9D^V`y5jOC8WHt{$4{y&!{XI@jzF_hmn0{U!m
z|I8S>-zt`i2mBA>{Vc$|Prw7y0joQ*T!`YBhXv)sm|}G=M>3UkA+gpr;8QZb@cBic
zzyQ0!&gXB1GvBaAWa}Z*@rM(jyRG64;tsgv`e^|9uo&?ve=8p5?k+xjZdC}=1ueuP
z#~B)$@*$MZx(>4Nr=IUW>Y%<K8}zvJ>EM|HlBuyF>_=deX8@zT*hW~ZrO@WlV7YW?
zbeus<cy17W+#62A8Xdjiqiovf#=k)anR<&f@Kih2bwsdn{h2@<PKb|(h>roWKOs6o
zL^}|B*ol9<#fAIF>zsO*=42gR+(k>9`VS)4I+A=<b;=bU8|?V!+g_#MBq;~LzUZs!
zl^`DkJc<CW9-uY|7=(Z`^#Dt6%79J?$i}4Wf$*02VNMF2ZueW#Vj?Gp0BIMHCF3ZF
zkV(?R|DXY&8;L^Y(vW|$C{&99U=1Ms`a+HGByIvX)Kl(VV-B_Ir>s?L?Pl;()}m>o
zMXyLJS7VDdhEr9G9)Fs)=--}z7M%}*q+>6^&yV=?J^c8#;ELei`13FP*@{0nAo%d*
zr@j|B79^=>!Z5icBRMo1iIHYyB!@3;*WaKsjd{}P8+7&2IhL(Tpop|DnC)fRfp)>{
zdD6#>cs4}LlqO%G#2<j@kMy_mb3tj{*xF)e2(OizBaxKs&Pu+~E-id~3!9%hf1OSy
zr>zpt;Rm!!r-#o?aY+&&{dIt1bbpGBh4ZIMBOk_b5XaD?g6qC;-`Fu*_KnAzh55!i
zv&m36;B7WQU6hBya;eup!d+uN0LiCS@ViZVXjQSC1Q;pv?EL^c12F034{%YDuFY^Q
zg=w)KyLU{6@rFa22b?_^ytYZHc)Q|h)p!cXvf}DUtNZ>)!C9`ex?96>cPzS*=0gpH
zi$w;Ex8^_@AT5R%v$4$am`(gSG#=A<o1u)irDpL5zY*+33zk8&Ee%CmMZDEp-FXHY
zaEYvQpeLx#=RbxwZyL|>`Qymy|BRIRk%n`^l9{tlP?>m4wrt`+OqhuW1KEXZ>;rEy
zBY(gJjlBEqa3i+{sP8>C&DKk)zWX`TRt;D$zb&?lQrwwYvbch9aaFUJxWCEbR)@rm
zREYZ*Kz%E2H>jr<z@R?&=4}E&d_hBjfX`dUkwGhobJ(!?maSAr0l%?9em_3nU|`9l
zfhCay78XF>nn?pl&&N{m^E=Qc$s0AyWRHW%d?h#Vn=@CWsQSXckY+z0wgq#a?|#xB
zo3@6YOst9D``jRNYt6EMZKd3=z?(~*zrv#GQJ5q2Tlg5>4BzJG^^-a596A&|)5jW-
z%yTco)IfSRRa5U~8%MhOJ_^TBaKHr4-jm$9#BZ}1;);Kc6x_*L7?h!CziuFH=e=Y<
z5r%Py5J?lwkKh)_u)pJ2rw@&FU4UpL#JCW#SNNc^G?(m)NMGNF`$GZsh=UXg_y7S@
z!Z+GB`e-EEcSjmmK;svE{WtV~o9kKV|4C$GlwrI=`~POS|DT*z06C?kzqgKtehzEC
zIa*=B9GyKK*P`M9X<a(jEJdq@i2`)S!RA0I2_|M^sbj27yejwihm`%@YZkx92^LXo
z<roYcP~1^Wi<d(8_tNeU%30kjXm>{e7szXMukiU(NN@j@-o1^Hm&DxyayzkAti>0e
zPe;>FoJ=1w6usoV-4_!pq$CnK50TpdO2{jgk4q=h*!N>vs{BXIuc?aP4)S>iGT&CQ
ze1WkX-!klZMrQs@t9ZaFUcpyD6Ruk)g}9!E)fRf;V^mFfS0#+|gN$=Pm!^)7!Qsg&
z?zM^st>W+ai4-DZM3{{8p?#vWvNhP?B@5Y~N`<_RLK+zVGR1Fj-^Cpz_NV(h;<H+t
z`&pfhI)*b9Kad!9_jF3E&AkvhS&H7Y^2s>zbwz2{#AN#3c{HZ9{`~zQ@yP_iy)Y@U
zR{FVDZ}q!S$g9{FCeX=5Vk$mfm4cst;ru#$MG6d$9aEFpr&gRLu{d2FkW7d9`;zH<
zQtnEopXx2)$@@^k>O(dYZ$O2%8-o>sxS=D<_XE<$Fg3`)3r6JiF1Mt2NE+itsFqf|
zMUhtRmkDTXxoTzS?kC?lgvA0(WuS7A4OOlTKljRNH_`&8@mdVQ>XqT!T?Sfc^~$hn
zSp#U5#tooV%p5>p{UWtUqgFjG4P>MrT3~Gz`)ipQAWyDxSyDq)E=o~Wc}vP4R=H+;
zc$N46s;sh2JSz?A`6soWoYGLO(^JA~J+nWp_2d0%tta%SRlL|dSnG5~I^Miq|4_`|
z;%wy3H*yb~NN&(f7X;UE!76@Zb(Tff7He$0MG~f@XOhtwch8|u3GT=;G8NHC<d#%h
z1nx~afs-!rh~KD`mzr2h_We#vj~jY(7R}-$i&$gTc;PHLCqvg5<Y;XJo-*j|i!)qL
zkjXKOG5ub?2KLO_bsyT(I>lm07K|lxJ`r4aBde>4;2I$bflB0!+eiL3A$e9!0Qb&}
zhwMEB<9BnMImzu~9OtZ4aGTJ0>6vP?=9d3h`2L7k;+u%0g|jp+tW_F#|B{gVD+W#*
zxyMvoZ73wA@vcpgY__G74<^A#I}T3JBCd2DZqgyvL$G;<J$QuXovtM_rzro@(Hxe_
z#_JARc7rqlyGI$OOK%@ElKY%V4!Qf+=^-|cgZYPr-<B1Vk$)1?34Gp5q||gBy%E$E
z3&!y`pH^TEcr(OX8OGE0dBfew_gnW}z|R}Nhz6F60_I~StN4R8{wIM?`A*2+Z*PH%
zW|+^7!54`;dRTLB;$v0#JQ^HqyiEcMehGnm7stkDNET7b_so0Eo}3}x05OiWeqP!B
zC$ZHMa^^RMg{&=#%%DpJcgJEOw*-eZUn0)b$wn`<Wn6F*V@OnRJJf{#bXFKqWBF|+
z7+Sp!o@6=aWpaGp>_~c@4poH6^6zfFX+fJSTWfWtVL?9sYci&j!hC)a7vjy@$Yz*M
z8^TM?%^GOvlF_8$bQ-#`Jq{-s)A5#WE%Akbbo~b-J~N}WL7QhmiTqb5lM>qrgXV`;
zjv&h6ERj5CVso!1dE|?+*Q916G-Oj0^PxpQHQ=tSx%hM>-Mv-Z^&W|R?h*!ee;=^o
zak3{rsw4D>XC&DG(i?;C1Jo~w!nw?}2z;F&RL>%alkl01MTY5Mr2MX6Bv?mO5lgHl
zM+}BeFYEPn!W8xx0`~l`pt2cmgO?i3=@GDo8<-Viv4M4hW)BiyBW->z@rX@)*RY<e
zw|=p@`U+E0lY{{fF8F0#@V?1I1`VIzhPe1sh9tZ+5QoN05XeOzms!A=3gKvjM&K<U
zQn6FaG$egVtW4vPAjc!uyF`t|BQU<%aEB7t#}HIZwK#v-NiG0cr=%t0&K!i5;V39G
zJgl7aw+XJdBBnwGX+-Ic5v8jfQRb3>a@-Q}lp)stQ&>D9FEy)`p6Sw?OV#`h;+<sG
zl)_oEIcK=8G1LTRkPz_r{4C=6Slx&ZNjUjLW5b~UE3lpz7q6Ny<(-#7`C&Wmqu<2v
z;)c2oBwRA{OVX0?THQC(`0R?zY5c7{kUB6d$(%C`!>d=DVLZd<=iLefYD>V-QDk{W
z?x-FD!G0)M_Zxu*dw~S|A=I)z5r;LD(V+S(o%~0T*av5+<PsdYUJ$Zx_3xnK2it@8
zO*~>Xmd(jhnHR>0uFCys;ERKgh!-RSWj3Q^kGC3snA2-WPI7#V<5x7b)p+@t?;|Fm
zrB(h!21T@Yqt4jx!4u7z;Yl!U)Q}H9h?Eerz0G)v&rbu(!{Wul*;|qxfm#Ssb<RDU
zpARDpPQQ;-Zn|_Cnaf>F!bEN<js}X$aj@oHB4KPGs27d*a37Hs@e<tZrQs%97rrk3
zHcMU?_Z|gHrT%PPyge(W!3FC9dBJKQLU*r5kPBuuSC%f7-?qpQqlln+yRMNf$e$m@
zb=4qjbG>Uwom&WqL+ktlaSHML{M&4Not{Y7txrD;%kD^g2r@uEYhp9#Vaa8#0|$Bj
z(QEXE5mZm=*ArG<8B}2QqjY~axR8rcuGNyR%eR9CdO)doNJ`6df(y2B(#pg^A!9G>
z)SFCmT1Al^tj>P<GCj$i%yKVBLT;nr?$&h4(kZOL9%QI*Bma0lG|npC!ujt#bTa5#
znqc*&k*OG+ofR4J^M8+Mt?s$x!X+8{6QtLSU`B5#THWd_jm7Jlu@HZ?WZRD1j!&*y
zR7zbQsK2h}^J_I+1J5X2CRCdtiQo2=!DPW-0Y<Y}a><v^t0cbC%#h(;q6e~`Tr|u-
zVjt^5BhPD!LsNB6vQwS2C^isdAJo8Q#iryNGRLHL_Yxqxq!@#zp$m$9ele&*F78z^
zO%w3jHer4o{fO+xB_qI(`!YYSncVQcdVI9Juik_1tKSdY?Zb;t;pRa+ZXSSv^-^vu
zc*osQbeKIk_cpuk1IANVEg7ByfHZBnDNf_N5=nYW9A|H@=6V;@)pszm;ff5JELY_F
zOsGf?R*_z}sR&*gu782Rcso@K#!*#cK~-NSnRE_Jnbg2m$UTJECq%qU*@O1pl<)rg
zvK!Q<=%#u*q$CJfhk#FS;_ao1>%G{X`3W#65TAmEN3Ye>$9?EiRBd`?j$j)@=)$}3
z#&0uu^junT&d8x%U6BTxyH6a<;bY0PQE&~z>uHJmrPOwV$S2PDycX<Ap|dWM4DHWM
z5Zohg(o1aMW5#{_vR+Yi2THet+&>_mw~F6OCFDv*zv|&5*fSJEIuD}pU2xA2b(0)u
z$$SqPMeShy3&iC3AjU7?J+KV624J$;?@i#sn8W<{g!D=WSRln$v&;JDZKA;dWI-&J
zZ2jfy>)6k%u68g)N-zN;F`$CT;q#8si7kv|I^^#fBH<j<i6DruFdZh{@3HRa2kl@K
z>lWiUNSH>9ll<Q_<alKhWXIb(3>>c&bG*$H(5dIf5-9E`24SBgtQmu?n9#6)dLo#A
z@_BD*$jm!E#rJOwz3L8&g!>KBy7*w%Pfhd)uGR)$f841*lIXFz@N;uk32}n)H-6b%
zyaQm$SM<Re%^uRyU^6HurS?EJ4$hT^)o+H2&&Rt_67m$>ecGZF8oSnz$(g@5USEU(
zKSTW08h=#K9202c%%3q7X0WG77xLQ%Oqb?NAXoAzZ=PPLi0n2f?AkVnOMz0f;UcC>
za^FKosBD9d0E_GgDFZk8URPIC?m>SJdK6e95w&y;!_e6d?{A1B?<eYtGVUYhfjVdo
z5RWAf3~9;*&0fKHna{64bHZGMt~l^|GTAC9{Y@V8LqXl10e$=7apaQTaZUIoy(4Tf
zaclN%LdWP)G<5tlG!*6PKQI~%Y^?4jNm5$d-T+&|HWjq@;idu|$jDd`wujq~^#3q|
zk+~<QBsxpSh0k@I16Pg37}YNnqwWWygAmOjq6vsugqRT`+LXa+K|sD*c%c&nt0(Ji
z?#>JX_99?nJ-{PDz$OF?r=e9E^T+cLyg`iKJNzt`Dj~@>j)(9yMHi$`hW3NWE!Yd1
z+}-c>hgcZexg`Sc4ipfJQRzljKMt2C0~d^;G22|{&J2hn>c#9~L1|4;+TdGkQpM&|
zqQpOc|8@CJ<I^1naiZkwj#Hy2pG9gv*Sry&zo{T%XX^L+JXB}kYCM2zLI-?zwwViF
zD@c!{TSLRYqwyh~9S5`HgY4M%yL#)hk@zLIGk8r^JU-F4HzAq(gZWYtZh(5r=vEkv
z0b*alO}9Z31aTI)e!7nCR=A^X^dPssK{`EF@TTj@SmaKRquUzc@2O6YBk!qBPXL&S
z!iEd<5oR%6fQ(GY$YL4O*@%@s9Wr3?z9NUCe>V4L<e_VE%Sw_eDj=y91tj&pha9$G
zq~u$!*gy}sXap8p84I9P(?b<Kcqj{2NTVT#I*#tvME^geeF=OM)%NhDEfCfTn^r|E
z60k*<R$FLji(O#?DHK7hii)C$%2F|rDob0E2r)!a!F@%aqT&N(5m{THEt~8Din56?
zVOT|=Y|VGiId>+Lq~-trzR%x#Wpd}vUC%xD>}O3M0p$<NZ_&IIUv{9EVqf++f*w=Z
zW1d6v^6cUWaSnF8AbGs8&@QZiGY(KowKLHmaMtp>RP584NiPb5FADLN{cZ&PQ^fwM
zau&nuYUeAwR+V!qdoqw3MmxztuM-%4Rpv0kkGV}5O#7V3|AWgX;PW4MaBD5uxI;h@
za?wu0T7|m=lt^yxL?&(~x$iEj8!M;tr#N}SZhr5`GJi^xKj}n(`c5Yb-rfCj-i_cb
z7U0c0y$A(mI=mN!<eYOvczHuAFAOhlg5@hRQNOZ6f`2Rl`$(0BudXazJqZ<Ljb?Fs
z6Px9bqbb;$u!;^vNy>Mhs^5ZTujILoLg0(??YH2>l=ZwjLdX-lff;}^HGEvJqlw)L
z+;{Jyc(4=vBgdc>;kRk@ZEX0r<DzjgAX3A-9}E&~-Y-z@<oynyH0hMJx(d%~brnr8
z*Bq_f6lO0LsI*$n*sWQm>0O25b5?KeDS=EPFWLW++!yP`rzMOJuadhlsteoYeJBgq
zSkZ>c>jjCK^RPj>^c&X^*2v?!!emxp6bSDMIBl>I&qZ!Tlc2od|7$;dHwX7)pT^f6
zzZ-{9PD{1{hjCnV0V1$+^cEaSGmrx|4UT7!kp?6?Zq^1TJ8lCzX4Z=1fbyKg26tO<
zaJRzm#Nh89A%k53!ebNHAso1gpD5+akV<odl`hIZYn8lw5;UupFe~2*z<BbKZFmwQ
z0%i<FFq$-4p1lnpB-y(S7GY8<10s8Wn|EZq&HG{^h{Rf=yob?iR%cawK7)~#IS3=C
z;OIO4g1CB;H;2(u12V&Qc}5pD5a*;g!QLFxfBIgGm1iGC`Rd<yz_pMA>ak#60&h;J
zJsT3=kcU)PwhPJ_vmHv5To{PN)lNZATy4dw8NboHy&><YnT%ER?vIdn`{>>0^zLxT
zyFcljo8BD@d3S`~JxlMDkax%FT|T`#8}jZXy-T8Z7ed~h6T)r2nsH(wM*g`CqbIIk
z2`7r8d4&e@dr;xuhzeJ(s7^%_p@I@o;RTHz83q-eyc%9%Ca=&~PJs$jA}V~&`OxNa
z8>sMB1f$xCQ$;Q0^Q~Ehn`*-=#MY{c{hd&uG5T^;%Z^P%!HnG$W{;@9E()xkEuh^%
z?RAJQHdp0xi8_HRYY5OxzTqHy9s`UpS}*rug;qGo9y`d+n>TrZ$iPGlg=AxVu}E5Q
z*>#_R9UHWw2a%jFy>x&ty_O6ifav@8E;7uEh4@<hl}SEu7jc_$13bC4vAh@zG3539
zjXtJ_<DLkkjFbqYj8t|i3WCaP22h6v)Iq6l#=?wXVLB^ZiiOr-p%iI?ktkbR-OvOh
zQI2oLO)x?$jMOSLf(k?RHX3bzAsdZu=kkR5?|;b#`pwN&&u**dg4I*YZ5r7Q#e&8F
zbucFQ6Gu#9NoTTVGr?X?;6LI(5fY0zi?7R%f{4ubk_k3FlWlOqc-mkLHIfM%+z9lx
zUuD28%zy)Smu-I6(*C}5McrMad=s?oTxa5?CfakMGwoq)e^0Iw%iqO;<o+12%f6}c
zFs|h`NK~@!;#!0KZr1XL){4KQ^P|Tl+DL7h234!`&{rhiGsVdMZ({$C%lE#NDEZob
zX!WHZKqFWjhz}da5<ZAYo%kTEp4<bm{2dPB3H~O8AG|jLpn8V0vB(Wdp@?^~wGJ42
z###rA-EX}ijFpnZ=-(oPkQX9A=!JmlQMw)~JQ-2pNv*;cP+>?A#*Fe0n+V1>p3c+x
zACy(YrRX1O?t}6BLiD}HC{Qr$@mv6=XztDUIY^8CksGv!2%84G=&Xryv|I%ww!dLZ
zpt1Y`6Sy~=DIX=4KoF7YTyp_Y*leZM2i#3ofgET+=lGeR((?Nx?}wRO;mi2&QXo$y
z%R13j3lyI3OVkwEe2Y;hnRGEPDL{H>hN9v}F?uyE=_2C?W16QizSLd*vMBrG!NVlR
ze$@X&G!pKNNvS*(4^IpVKD^^zaJOK@_nQsSO~L(JQxNwa6<yt$2?CkU+ysJe&w9YP
zD-yd1&Xwjv$RWKB!_Hb|MCwwx1N3c-7)U)44|F7G5TP2V_$5o_l!@#e>$?Bn@mh?t
zd4~SJ-1vYR2}}}mD?sw#U5Ltc=do*65HW(u=0AY~ldIhE*$ux;1g_-Uq%HzzT>u~X
z@8AJipgp<#P&~?v;;oFB?Vj(s3$$Z4&q~x5sw<0vd-OwMYwiX=Mt>>t3G->MJeO<<
zXQX8{0sOB-vQ&!??i5{@S^=m8tQCQ1t21B#CA)LG(BIdFZOjg-!k<oH&i)f6F>i;>
zP$P-iJ0$l`@WuiNWETw5biVXoVQJ+rdZ951YaEA61YT6qsezuSuCt!bSS=USA&V{?
z86&l<fHP#t8Hk-QN~$;$4N1m5mnG-nYwSk)1=_V5&Pcu(e6$(lq@Cxp#PPYmf*NtW
z?N`%z2D9vkSi+vO#Fj&U74WY~a;}Y$EIS-KB+E8?=TQF=qtzqw{Os&<HCoXi|E%K}
zBgyT^IC|pJ1uXT@5~?d6jNq2c^|uTqFDA`r$R>1PWCK4@q=|<E6Q?r2-jB!&&2t^h
z7_^N6SEuPyTY{V0LD4m}Im&+J{GI^FRiI(ThP<=Qz)9H>j<Br&eF$W(lJ7_f1oGWS
zVfe@8O?QAD7#%nG7wdb@qV)?6!)CcEy7O5N{=qGTaNAcUR~6aLKKO9Z_H{QaUIRbm
z=O%FD*Ssh}HGUmt*BigiV|D$RQD8sKjX#D1W^f{@pXS_vAYf<j*Th4E&!%XHb?UnY
zvcLgq1~h>2^4(np0r3@B2mIQIeFSnrIhlRr^^(y-+c(+(RnB0s?XUP$03nvI(4)x%
z5t~NDjjGO!=d3-+a2UVPQ1Uhk6d2bOLyJd})48r%>$}G+(tpKSJ$+-ds`|zmC|%i4
zSe4cLhXLAX&ej|`W)?u+j#qmuK$8h}u&HduoxHbwIv(cOs=oIc0IeTM)J^O(JNM2N
z3kg72B}YtE-(&+QGBTm=OTDOCbwk?IQdX}j*DT^Cp9yrFWV4({2Sw2ZVSH@9`3L|?
zyKw(12C1y7=sJK%B28j+gQ!}Jz>hfi0Wg#0EJ+upCV}4Il-?d<;s~4J7|f_*0kPjB
z`=wjS*^^<-$p_eXF~Zb$>AP91elf2<c%fQ9#_C*O2$c_GnBzLFmOGBD+Y0(jb5*IV
zcZqO3QjcbMO9ly|hbA+ae5ElOc!7-%>kH77yz(wuS%|MpkoEgL2nSv#w}`o?)mZks
z1$!#Sr-2N(ntx1>rYr^+*6O}^QI5*0?yG_r5a0-6O$o$ci{c1)UcvUOt-fI<HX*B+
zy9dl8a4?@9)q@ZlY1T?4qui%N_d<qL{40<@S&5q^m;Dtl@cV}K;GbpW@WiI)pAWV-
zUZ4>%@+o(M1svlV0zw-G9(ZT_J|Zybp+3Qy#j}Rt<5V(so6oTxeImMAMRRX74+Nj}
z9AtN7=L7LL?-9TXynIV1bgCNx;Dipicu%RYwT%B50YA$54^gu=^R6`SBjJ&w5yMF}
zJr>Z3Kzjf%X||H)0wvv9WX(HqF>Iov0UQZKmUFV10q#R9i~`^7K!`n$-OK>^A|P{^
z&OCO=a$^JRKCYC!Chh9|&jJt~RFf$mJ2KX?s`qdKt0%954l;2)Ku|X|U*FLzXn!<s
zzp(!HD}U75&&2kfRfW)aIW!)_j_*qI47@lh=Or#+bjxJ+k=hTO>EL_<RnSNbHe#uo
zG7N92V8;x;s*yw~&V(h6mON)dmy<#WdozPe3em!4^CDc*&u~eV_krI?g|X$b!E9$x
z2;*qO=qKKPF6&$L{e&(JE_0EA6Fg@d0l|avPb7HQRWK!0-P+H(FJL_mhrn<*9uUl1
ze)~t=9@`*N_MwK($<e87JSYG*FtUDKDv0%ozGJ(gv_*SDX=F42GFx8JmyhTsPb0^0
zTVQn()lo?i02etR@I{rQXh5IP3cZU*uXHlQ$pHH%(cK#NPp2qgtpHU3G>dsOP}RkR
z?itzaT!yG$bnP?<Jg&#CH3Ayvy36tUq()s1ID4L7l@^l6FL{1R4~VWO`EktmPC+MY
z$-U8@SUTAl=;3IIrbegb2g?HiHq->=Mag+NW<sm7$;NBlpL=40!wBMV&sOm1z=~Tp
zK}EZbt(Qq$nrC3>I=!~!Z5_Ow7smrP^3ujp;!_(&iF+#oY(guyOTK1Z7_Zq@s5la1
zHT;T0o4m{a5L<3s7@E_dHGq}q`T`e}#)PsN_96u@$bk=_Oc`*de^+z_b&{X1QYXWD
z3>H+UV7VtNmVao6et4Un<@CwT(HecS^m#pfVq~@bts)ygo2E7%_b6+;6>t2vw7Sik
zwlv~5k?1}eMH+?EL&L8j|1orvhgg!{GL(v2%Hk1?wq>Mx(th=#=Av%6ntaKzlCvrn
zuFTVI`ykm#v>)4BwtX))fj2{YGOV498~Mt!MfNW0mf9J}UT!qu5ARUp<<;F^oG>!!
zA8)Sl+Rr1|yQB?`w>#G2R={Q_fvDb735@(5K%iF~j{(!@(Hs^gfF8QKA7&>3Gr!SN
z#orK9p@)&Ju44#Ymfzo<4kS8~%f99Z8w1G&PZyfPlf-Cf$s|>0QsfAtW~8{POt`r2
zvw9lA4cVA>8@1MGMfol+li_y^{{uD-H7NobeG-ZCGRXEFz2MS*ya6D<^&!ja^}zB<
z2^CVs<pvBT#91v{#A#mxU-ZSbKmc{0Q!S)v)pVatLRFh3bHPvy5p^>GG@HtsjC@5j
z1{MJfk{H2-qw@`gwLC04(lufZXCb<pATFF<sD5N`N8ya_wuaX{gyweBN9bw-{*jXg
zhu2)nYI>)`xB?p>amMr=2*lG<gCn~tx>iJSA`<<ph6Sli_gq%p|H8F;D6StKs+;0E
z8dDd=6@7m_6xYMaL~$MIk`rWQFYJidh!d3q0!)CMtmV8t-s(As{?b;6sVfL%2YSiQ
zZu|QHNMr&M<q+76L97P(uU6?u{l-EGI6%ms|6wM1Nvm{D=LboA;EtLEi6wZQNm_>w
zS#8FGmaPZjiB3qwE;z;~ITHNc;B<QWz-WOiCfjLxCSsZ`d1HjUH1H$`Aara4_8Y)8
zKjE~V#j6rsuc1uif>d!mT5?`DKxz%fcuT%E@zQFI<My1BEdNaG1FZORt<WI9n1&2E
zV@>RR@J5C(Iw}KxXFRe|Ach0lO}QiF(+QQ5XOsH1V=dbTt0(;=+ux}zP+oyjqP?Ag
zkK}Cdw3g{YzTp_n_sbA=5(T~J^2s?$bs^lB*g0Dhhxhee>F6C`;-aB=fQf-ay9k^c
zBqA13{^4_hfZUpO=ihsd=v#yt!*3J^i{wV~+FkKN=}hd-fR>U5!U`~;ixmdZ{X3$E
zwsM!j!fG%`lH-~rVgp3!ro6e8m93l!J{lFJlF1-7KuL_(YQ)dKrq5Tw=c=L7fyRj%
z46Boo-=EisE|@a>Vg;#1Q(RrRg_9f~-A7On2ms{hA?yHw`#vY!H|&iMo(zS}l1_$;
zEyeB{GQ)`@a-ujMQWeyYDQjZs&&Uqgo0JwOK&)t1o^;CjGc*$|y5DC%y=9CNMnT^&
zkc_>Ge)cK8gu&WEE`OWhOu2Vwv>mC{y;%Jyj3z%XMJtipcjmV@5+D9lKDJC4j3ikq
zL{}#m!v3UFN~hoptPF;m4BisfN)=b4CCe_+dF2uqk0<ZTa!zH``9VgW0StOyV#IhY
zDc21TAvOm~Y-?FHk=yGh|Dk*-$36fCGKX2c#{OGtgU|V>Y)Sb(elVk$8<_ZPYS@r}
zh6ujPC&FB3bRw97V)=Ro%rB$!1A_(GGz?y3+zQVz>{<R{C>9JK#tP0qpatQ=wP?j!
z@!!Xu{JqFP(0`Ei;O_z@mAKFA$XH-Ni*!LrS9<wH;Hwh-phfl{g1V4sh@DC_xR=eW
znjgFY$O#|z(7#-5M|U<LyN`USIjh_O+8f{}Ukq4cYG^;ayT=eL^mj7oYh03lh8nlP
z*TFhXXc9X1aV_s$op8rrbwJv8uUSxXmB+Eg<MK1jc^m)|@R<B7!ajZ}rjMYs;k7ML
z+os%!pA#Y2mrYuEQ5mkvGH_f<J_M@ks0>hg!h=cQ;GErhURN8}C!6C1rKxg@a<kG_
zX&oGpl7Xhxp=}J_9sfU2pXzM^pP(9g>Jov6=WDZA&@L56J97JCPj{*}i32V0+V9Qd
z#H(7vejxZ8Z=8K{LNm&nd2Uah>fak;FVe^>)kt8{Tr9gcPQ6!CAwLr%gnDR3+q{d)
z@pyg*taHBQ0=upN)Ph+~Pz(@ONpt}kQSG3DwiOM*P@r+X=igBO7gd>JIpc_hEl_{l
zW_7MN<y%fV{!m7Pp~Y=M70IpeyGQVM_YjrIa<CLwd@+MMRShq`45{-47-!51uj8|M
z7LkzPJ2Jue;t*nqllG^rVbigjn=qOd`0++$4syoPlslI=6s5-vEkpK#IIlJ9T<y0?
z@_ctl2(?#1w;taLvRA3oY{gn#4qs!S6Gc?x*O0x+1Dd^x4eV9G2IH*#uY5*WH}?*%
z$@TRQ<a(^(b|LFjD+>9g3mMd|+6PM8zew6?Eek+5;#-W&Pmuy+1bK5~z<4Xj{wC$w
zLF|$O%PHA;EdxM9XS-vwT(paTFk<5%_8gXRs~?0&&Hjf$WiJiHP8q_WlB#*XBWtBE
zKpn(($kECFx*jrzM%7WtJ}z<_o542f;qm`*KXd*K-A{>TSE$XdFgUvo+A!~qm>pD8
znrju7Q!_<cGevbZBSbV)6xz&d2F(JF8-`J9BkF1m4Maj(8xh*t5bVx5T2(nzI~URu
z>jO}sQ0;u#pcYKQP9scH9_~ufr41p`rIFUl=tJ+!A@7I|%(#=@C4{`|MDH5XyY3<H
zy3o55cjLQzL*Df;KvZgS1gOrGalmz9G<SE1q4f9FpxZ#Ob_A4(?sq_z8n|9pZGVs2
zI*T8#yZD_51CWQWs75F|&SePx0TEUz+pbZCrt(6lP<}1KN<}k5c>^j;i7-O>@w#e+
zG7c(y5mDjbb=3$ZA1Z*n4*grc4)YI&X;?jb(KbQy-iq;JAGTt)1|x<Az}RIE)no(}
z#3oHI?7SW&&IEUtEYC?yuc)FuUthFSDFz{SJlyO>%H5j&TGL{(OBE=^A{*Ylfps>^
zU!p4^3c@pXJ(yKGMaXn?1n)Y}X-qXE|Mdup+kW+LjnT)y15Rb%LsleFiy{0{E_t*k
zT~zZJ$-kY>Ky8h0L@aPzj;4%@%@eX_#F!P%`$(P>@*+!r0RvUM!pWyZ7+I_>Z8Eq%
z<^{<0(FDSgaDA$)V+&ZvT5CmZwAERQ(n(ULChD}PmQ9k_Z->orR#T)7HIHVzKKbEt
zChpN&$t53T>0Enyfi-<H-*TNVuju+xP?e`ARpsf+;mT7pSDu~>QJzA)9?=w3pNcIt
z?WxuGQtT*699IQ_Q*+t-5~{}j(X^@SK%1Hn9<R@6^)xeEeFI}b@`DQ1^^6y+ar~`u
zlBv<4P+e~Xe_0cGn|VP58s-P<Kgr-UtGXW=_*y+ZvZ``>#71t#ayYz2wZw~<z%e&g
zbp3|`&MHt(0#kuw!TfJ_Fn*z^yITA>$gYREU3hA-{@&z67)R!^+~aXl2E7Y_>KkJ=
zP#5UMj{>D=tK}Da$Nt`CvKMaTVzIxk9Xh&nI?HYsZ_`psH_;6qL=>`(<cjRtogT+n
ziZ}0~fPx{8G?SswLqcefyUcGua+gz#^lt`omno@&y$3*Sj&dK{zkJW%Xw=NzvHyGm
zTvHgYH)oxgC+B-k`uFogF*36ciiK4lBUM0iM*jIu63}Gbk^@3ZHar6i?=61@Eg>Fe
zU>|`5Cg(V9B8To^H8*t5fh3q%<Tdbd8?<r1*i;>N2O4)$e_!$`T>NN^;S-SGG4v5I
zN;Hi0=lkj$DPN$be6(-J<_H*{E0{)&6AM5Kq-wct;MaZb{i6G`##}fUv4va2X%_&9
zj^aVeDC$&)OWPw@cu%k}DKt18_FUotHXk@L`KZDW?ZgQCo)>YBwQ?oA9;Hdc(JcK3
z#_#&C81>7W*`ASS?V-J=I^{4-n0(M0r~;Dg!cZ%#whpUla_r1bnqXS;eiW^Re!SF}
zhkh);(2pZj$Mn%Q?+ZoZQe)}m+LAH+Je(KD>&5vS0~P1Rl{**$F^Nl?nNXU)$L2Xy
zdO0w8x6&Ixy-A-sf=H^n^=MoU0TFE3p__6T<7vdiwX6ZrHJWQBjaHwVj8k&WMG#(s
zuGLCtLb)w8ewgR5)w2ck9GKaHEnE>$bDh2sFxXxJm?vW7G6UP|^xBebVft>sbTQ^g
zg@x7EtPT4vrVULI`<T2_dE4s!7zmks?<yjRuQGfKL`beVo`y5oT&&z2qEC;*S}!6Q
zGs!48PFlTl5JVx&0c;P%Yk*_V5Pm9{g22ldgyFWEa>09NHks-;FB`;HUxEx)zQI={
zXGJYTx{{c)iDA_!z*eX^)s&_y&87G+CW=y1_E9By>1>Mt5rIpQVt!DzdV5M~!(@jA
zLS{%Pe`pN>Gcv{5m09APN^mL@mu^IFNilZ=<d(DgN;E&P-b!KC5(8swbY-2D+=T{^
z>*Xb#%3Na5y>i^GTmQ_`3x+J?Dcp6w!+^|-MfX~U!qMOAYzH`MEwjA+z}Y*?GpNR0
zUQ(@yB$Lk)EBZmfQZmJyEN2MHx54%=vJn_WH=Jjy*G<b#@i7v~%#5#hBV3*aD>DZR
zY8+@-!e!x0DDQvE!j`NLL>hq=gbIrc*0cv@$4zYUMAt6}1-0^DEnxu}-qp>VO-i6p
zrcbl+EN_APb%vem-);r`-yuh}r-8EFP&TCl_{Z^a7sznaTD=W5Pg5uNG);sPUtIwU
zB0ntj(On}9e_EgoPxbN`I(DpSb4%9ro!E3E9vHTfh8=PnaO{wX*da4%zkUX;J^^$_
zdn67vWr%K5l)-TNoAs_Ugls?_*^cnE(ke#?Pdw&GL{J&+A9zjmBIDaCzOl8I-0}fb
z<xh?=G`W&Ok^Xkajojf%zSokLJj*^(K0&O*pkXwFhX0^i1cEw;8XdVY0HBxrk<y&N
z4~Xu!5Cl@D-2W&X$U&}$X~pFyze3I!<qc_zwyU&*J)UOgX-GhZR$rdJM);KqAr>W)
zQ7AVtuA5HkP}Z8Oy8*vX4e<tE6)i+8mgrssNp75E+*cDVPEW#sG0i)$U6n?*DU%GF
z0!JjTm!#L|g(6uli>`n1_uI&arM-<xMz@Q~NDK9fEI3|bzeZ@kMlZjWX8%p>V8K5a
zd08)MlU@eT*Je}_+LNO-YlAF4x3P|3744H)QIXoLz2)*$YIZC%dqof^&HMZ8p>zfE
zn>=(PztPz0$MVp7C@*hc_q}G0CdhU4hg#EmF&g4cgT9q*H*3Dg2jx5KY2`o^wIaG~
zute+(_#X-~@uYzpBPDEOgmvQyBbR5<Ohh(7<zBuP>h#*M{-iW7tc&Aj8;2{;HX8>m
z7v`woH{;v4t2ZMrc<VNHJ6^>lL1x_Ei^tq3)pUjqbC5LH4s#m-@NT_5M{6YiHacy_
z(q*swFB;hkjSPZDVswodZ^LMh)XXGoW>iQEg~1m7h8Frm3v1g2Td2A<M^NrTePhZE
zsDt}rb=1My7C9uh0^6uq@Yfol+Q(O~C&3viinxnXjp{#jiTtOI-oSs#ivCkzi<EyP
z1L#WdpW^b^2J$x-(@5h7?5|$v;mcT&4l0C{57<A5sgug(t39(oW3VFw-`w42FccnR
zh4Qp?#8XMP0iNn1c{YJQnWB~44f(&YJTr*D?qkh-&svt>%?S0SMN}oeasH|<6VvR&
z3=<v>b5P+G59upD4;8n9<Ly6b?9VCqBd4KWWRA$aKbB8s*PrZYhDx9J+VIlVE#dn|
z?oJWNF}<vc)Lel4I(?x&Z8oQ<j=G8RxVZw4Zm{@WI%QqU^LWL%tfDeR8LSLa@|6Kf
zXT_-8sl+H*Y~H%uC&N!NWZj&-OHl4oIw>8srgKha@TMQ)P48Hfr;m|hk~8^>W$Z<r
z@y=w#Q=gJ-cmW(sMw!?wis+gTq963DvH6}d8<pFG^yP6mb!9x)V6vLi464of;Gg2T
zh8rV|9zlz4(d8C^y;(CE&q=wH5v0P@pMfnwTEcngT3D!r4{lMdN^WKQu{@K5zw?&5
ztx6yqEw?IJA&^zcd-p_Gm8=RP60p>5!5Z!g%i9fG4Y6vuRqKD<BAr2R^ew7E@B4iz
zaP@86SjHpijb-+;GppQEr@=s}rOv>z4@Mdb>`AJ}SfE=Qq8gSo$q~rw;k)JW0tRS~
zIG=J$3!@lSa4^bctR}Sa%_^OLL<l?-n_#ZHREH|!7JW}+#G80_8ox*#jMQJza)H&9
zXC1cz-~0Lrwk#gBlZnT-@`Hb8aOWnnuM%BrK~P0*+3eu!^C>K~n*z?-9(K`LJKWwx
z3T$$m^v}jX@>in7X|KUkU=tGd**kzE;AAR$Dnh9l$k#GEz|Q-+J<7%hdVY!0X~0-8
zC#>9ahJ~0&@ZUaY6NtmpQx+|w;nEG*Z(;jB*ZL??Apq=~7cj0fnhirVK^(r87(<SA
z$pgqu?==|NGKmtM1iM@}-6HVlX+&R#54WyyzCJxT&Q^7f^SdY-XNuMP6Oc{Tw4Z>~
zvJWK({qEEy(pO_3N>P=`>cNWs1cORDfi4~;(@0-=*0McliF*(ad(e^g;0n&K?K{$=
z0;R2HYq4z+Yv-__ZVtFw;^u5;o3ov74(^MMPn0jxlRb5dq@V96uUZ6c;f(V5?F2WW
z?xBf1amxSIO6I;AT*(c8*0qwS4YZPN*p4skM>~$Q{O!MLfBI1jFpyq99>RSFi$6w=
zaXJ9D)iNCx+TJ&7B^gwn67LZDdxyr=4D`mt0e5S~I6Rl+XPz~nqb>i=`vwxtC~g5$
zZ<E#X%Y>?Y@7I8s^Sx^TG3Q&Z+2hdv<|0P2`Awd19|+&<%|TKKq0RqRq81t$7Jx$>
zs+w5S8g5oGi_M9c6Pvk4X{PZNtP~iFp4_#nNS1zQSL9vnCtKz=?E8||H!}ZXt+o;0
zD8HtD-GqG&W&ZE4X)R>5CXtcW0*H*_u`oG!;olqCY|HCvvx|P?&DKUJ0G_T@E4|Jt
z`G*ldw6PU5e`m1y4rt5vW2+m-@py~(c$b_7jXAGJ#__1q2GyQb@yPxqtbpCT9ki5e
zUmc~(IbQw<o*2?iUX~|lxHw*R^Wxi=)$b2kc9P;V5U<Cez1=Y&=+~guYnjY*d6tm;
zA=c(ygPe?qRPpRuk2i4Vn2~URR;hw@N?ybj|B{FD^?+{|^g<T7qN`sF+LXoN_n>94
zdM6qsc3GW(n;SYPU54X;z;leVyA&vhgDUf)?A_FY)HF6^(fu`kU1CJNekO{a-D%O(
zBKWg4#1w+;iUYcq?C;U=tCfMoN2zMqN#!<_=T2dzf1!c0v&x7y3sC^o2h_}Sa?PUX
zIssTAZH(FE*p8MG`3ZlAIu5xe#(-+&q_yH&wAFddVDlW}8i+VB6t<jr=~<iM(2HXv
z_bK~$$(N4OSoy30156L}r2m!gJ_TYK)6^D}I0u|aHws`47O<m{uw6+LtcE`&UyOna
zZT0*S+yYobn2|pP{TFwzz9!6uIF0U8jyIF`>pLj<RQXO1A80)dgpV7x3oUxoGzbij
z?TTT9&CLzLipKx~|Ka9TH0{E-ZJRb^#Po-8DFTsba%tNXVRgK~r66rf;q_#CE#Ged
zLF`|%a8uaeZJ5=9XLmxvYv*+eZU5SdG{IkqChn)eT9NT2T^9(l^XmkGt-H12dUP(^
z({{NiQiiQov$*-?664+MDq%$iarQb#J`la13240b!2ARhU4zxYJcH<7&9AEhG(D>{
zkQ7RiEE`1E76Zwq;8S_a!UVxzP0IVqXdd8fc}G|hhd@Dn;>fUc?%PD0$H}AE3;$aB
z=1u-h=JFW$CJVo5yCa5|lA+v#ccjoy5N!2s!wLSjYgnz-w{v>&URFl~`&9Ixf_*}I
z{4Ifh@g028fq!AZR_*3?P-pgAc>SK8@UXDjz$+YTpCb6bAXeHRrH->1jPw0KEsQfE
zbes#?>&E$3YjvCt>c{DAuN!A($T&^fICJ#le5gH*lk8>R#Boacai*%>%FWoYlJ@&&
z5T##>S{uHJuC$<Gnzonj<XSR5!@VqBkU+c=2pc~`q{ii5dwiXOTmIX(2?#}r21gE=
z4LJh_M>EPvxstt9nr2?CHaHr{X9lGRn&02f<BYA{$1co$;cRWnOamIoy{E#@&rMmC
z<#)kCKUZ6einPRe21gUg3x-M)WaVb5;!q!{qUJtNmGjtbY(1V%gcOQv3BFQWrEp05
z?@ee<x3?QRX%*esr7==@LTRQnfmNI40gE&6sKce(alJNxX=ZpyoV<pWC{x%^r5MZj
z^nd?`&2SX7km=#;4=pt&8?oE5Nu>aPX-(OosRq<r(6qPwSQ?owvYQO61sH<h-z3U!
z%@X*o&YL9!m(dF!F*GpbhrG~u^X&dYn;($#Spnf(mx$hx(uhuCwCcyidM*J92h5sp
zWA{O8SW$*TlQznOelV*Jc#dP}{Lep;yzWB+=|c+9clsT$Y+t3O#k672S%^lc+#9Cf
zxXA7w1HA`VK+!!K)77stN@>H*g`(?z3`@<&a7mu>lbLK+vl<YZ^bDsvis8aS_D!J)
z^wDwlc*&C{IWvvM(p8g5V}*?aY3>J2wJslCyp*8m_2F#vGhy_eKf-RKfxh&(pg!Dc
z*=7^_U1nE>P0YTGCRLE_y}vL0I$lmguBOp;Vzh~vW0HG6m?~ewKnTCfU9T{>1qCxm
z!1o?yb$v1ILH&$OfX$O6d9sWHd@;4`UlU)SG31sUr=OF(iL)eE5Z_3JbZM(hB%1^Y
zw6i2p5MTch%s#mPdtOoi4PZjnKflAZ^V#C~W*tU}B{Pwb7$w>(Mu~f6HaN-VeNo2C
z1%w6|kLJ9%vJ&Rpp@xSUPOq?8Cd!W1l+8q*dASzU3NC2fmlqh-LH1NSHjNU;yVS-T
zT)tAk{@q&+f+Gm;=ti>Ia1tqP%=2h7OZWv|sgQ3&@4pk)e@q35Ja5u^`$L(f*KaYb
zBVb4N7jxO_waW@r<0|H+l_Um1RP;??S7t85%fF)^Y!TZCj29!u#)9_A`<N^_ueKDY
zfy7fPy9(*)MCYUELX4Mp&d0q3|7yOx`ustxD=Q`h4Uwwk8pCrb{yq0$LGEURgnmn6
zk%Afp$Bu1%JGn0#6UJqSWSjVjuX)t_Lj;PW?iE5gF^U?>^)AQ2%a<{XBjgTmSoDgQ
zgK~KzlB}q@dz}==9i{qA^dT`wzG{EqyxMreE0VW`R8i5Cr@#f*Y(s@~Z*Kb<>C$2U
zI{o=V`A=Lu(vve$Bt4mUIlB%u0z~pby-Tb=rxrZYF~6(xYRrUK?@iv^_SbyP{zMYF
z;*hlKkkoj)k}XxQ#hkqE{q`KjlSw=L;?ndMl5a>rT$<ZHP;od~+I76*NVI1M`$AmW
zLTbE0YFray4^oCxvR?XIN?M!Ca7jDx<ne5$0?F&6;9Bk)j_wL<-c@KF=h-e*$c-QZ
zPQ}S))}-~NM@qz{Yez-o^tF21LmYGu!gvXX@s}t);a3g9StJH7I3b2HvOnm>{$1;T
zCPGQSSBu%xehXufHq@efqaO2!Z%hLNGw)Tf0%EvikpYuCF;buurxO95|7oBK-8x+@
z2nzjPZ%~)e&;ER*#O%xV_3Zgof%e>aDVz0=qk;O1=bP#FpBH-j%YUHxdq#3+c15>m
zOt8GUlTM13C~w|FoZHB6@xIF%HiRLCM(hB~D9e*PS9yeHsMO~d5NJeamrhO$^sx7a
zT411%Rul};Op-&{zAr=I%5Td08m-UyYNVthkFDb-bv93toLv=@D5&Li%kxM9z6*1I
zSUuOm!s(bK=PO1$(gmVxDw4l1n&{&H>Ock>^hlJEQ{Ho%=K6M<)pOcfaV#c3+RlKH
zaM47l?wM+|V(e6m9Gn|Z5q9m*QwSQunQVVQ&l$prazGmLwcj#$+E4if)`^vOk{{Vg
zD}5(c)=7U~a=gTNK%PGf7jP2Mv2kRIhh{8t!oy^xv<8)jY7I!GqW(zLJ!jf@M%WV`
zf0n1*hD~&SgqoNfYy!kZabRt2;@+=p83P5Fli?vQu!;*w3A&H$Ht&f-yG?(L-fr`6
zwAF~_E{jp(G)U_J&Wqx-;p|EL$y9cwTQ`Ac=>^}#$HzPDqWeDNqq#8ym`|V^J-93Z
z<}Tz$6LUHO9s2?|kvJ!bIa{I52-Qx40%@vBelACgg9#Rbg#_tWUbN`o<JCV1K1QS5
z4vdl(-vXOg1)Fy}x@-L%V~rjI(l}6+unI%|fQ_Dl+gAj8+uxg;$YErB7>rEG3W1S*
zd&znmI~s6{1|_%aprnXbxFnz0AB2;lNH}Q<=huh%5p1x5HoynRaSv?(S@M;~P_A}w
zWcb|)S_Wr*=?j?7)&DYbs3Dq!?ShKbUj9(0N%&bHyEc=0FU}L{y%+z|?!|G0?52eE
zF-Gg7t-g;3!u!arzYmwz$3*PI@8tJr!7cUR)UU5*V=q1a$&Lhcx5E&*O!h|@==TbY
z1rVMeVzNBXK%HSc@47nc%{yCruCC5z3Tlqrkf2s=5VtQA!bPErYuOMS<AXQeIEWs8
zz5v+0OYKy4?=fKa@|r+)g0sk1r`^t9t-b^Ke~~kEfR}p5sNCIlV+!WK#Xjnf?*2qT
z4c>lmJ-a^dkGNmE@(P813=-nZsJ%WmGWwPu3&UbD@5aJ$!NRejO=ob?WuZJ0`tBZK
z3Vn|jSw0&obd0F*My*<*15_xDFz7bas$B?B;h%^WRD<q9`QSQk&@GQ@&;C5o9(~A^
zmdbrfh8FDj;cX;KH7Z7}tnW5e`I)|ruH)Tv^Y||GZ=@+;P4eyh^^&=H;rYSX{a6@9
z{AmFxy(E-2GQJuZgrtjd>74lRhy+r7VF?)MS}lEz_Q$|}76`PYQ=mB=0siVBmksiN
z$#Rv;d?z5bQCgTI%o(eutdr$SQ`ka)exRY%JJ87OFeS?`6Dqh}d5jr4rpUhDXq$JW
zk(()Yug^X)J!qe}+vceu`^0Fgry30n?}?!hIB)|fw}#piUbcF+fjwah5D9}uMGMtL
z@rzw%Er79)+<E1RuY>UMBdXwCX-3Z&kR%U_CYf#_;|;+{7E{HC*)L*LyiN=NMnJj0
zOEbKE6)^ro+cOBUK|uP8j1yS}w3%~thQK&FANP$0d6Z+IDxBsQsX=_TXJbMA813`9
zQCQyZ8C+*8Us;k-hq~tks(au{Nn=>l9?OXk-><B)li@a_A52z8&9ZsT=6uhEND1>^
zBlLNyF2Ch)8+S114h9PY3fbODvv8lJq@inG6vJ}9t_s@1EhcX}0S4pwGvD&BM3kNA
z!l*UQ${JQ|^Bl4|ug6Y!)LL;W8a)I2VC&8r+01zVEnwZA3poQ!F}u;ceYZ($8M6zl
z+jlWkIx)<;9V?aO?$(UktH89o-7Lw=PGvru*C5rNos#gJ1$%ZbA{xCrO~ABBo_1!C
z${1mrkP-03tRppqx^KZPfDm33+M5Sv!yS%?_$1+w<*AVp_DK~r(Gap^8rZul#S9m2
zr~zCkYPit7v7|z25n>eggFJi<*hjM3A7Jg)y4vC!SD~p^q1fv<N06Cv2llCdAH*)x
z^K)R^x|cKJg`nSPs?TTM6h%#ztB&JJ9_0V#LsSiO+&fDSC@n&abGCx738u7^7p?{p
z>XNb|#GhcLIT$>;c4r!R4uFMkKLcB;^jh(a-q%9p8EmT?)oI>)Gnn_@Oc(->{N!DJ
z!!?{;n0%oS{5RiL-r;hvpy3k{O$>$3!XmVi!Q<1KXHy-xQ$0R_%#X|C4il*Wtpwva
zq^YfpsJj(ouoV-u5`S2aU$M1iV4D__n0nWW-jJ9&PF}vZH-=06RbN$J|3yE>79$zn
z%$&KzAf?&NM$vU=H0c%q0@XCr{_)9JhRe>+;&L-w85`wCPv0v*+7!u>3!kIXn9<2`
zj05)()FP&``7$Q<eV9FWGPE5mD4j#%bL01@uGSF0=rrI`G?OvOmX}{dv3L=&bD0Mr
zMCm#pq?U5C0Yy>qg8g<ahg)J;+~)1u(>S4aH|vp|A1SawvQ#?KZq&hYgVqbUfNZ(R
zASf0+Jl^2bXx*oW<u`9q$0)iQ1js+7&T+=Gar*xP86zc86vWrZ;@Z!~n-<zA;0zWI
zWps+W``LWOv0xULsgu7_a%~Lv6d$m9c1vO|V-y)+V^B(~^Vl`Gp)#%Bo5&y?lDm6;
zlV5z;fGpsD0I)FLfd&F?Gg||B*t{?M$LiT9*GyxjBY9fKzy@|5OnEZ6E*RL0QxM=A
zM@thG(jw;SY<{d2yXT&7`@h)9hTCW-Gxap^?N*A>iNnBvPV5diB7(#;p!8ta=j-!h
zZ)7oCj^mJfFJ~BXu{t(+fHQa^<f-E@Ex6=OH`8Sa4q>?(IvT$<4aZ)@$Bv#A#bIOb
z50yC4C10NzPqv1IQDMo~Xxk)D1><5VRp2JcYtZdlSODnEpt;wwmV<@mpuLj&oX-|e
zx*BAl?mnMgA7eDkP*)(A-p%S^RNg#IjLI#4XGd%X4`{9~V#8^=MYN1fMsrf#8lpr!
z+`5zSM|ga~|37=rN0({#p6O-?py2KYk$?Ij4WH2rO&?Q6wF#Pcwrh^&ooyMY%YoJ?
zMI3SNMqnhq(U7w<vGSRp*o_GxPvn<c5vf1b?_=$vf>7y>X`~R+JJ$>8?Y5)|N+ZT1
zh@8gHlr4;lP~w9h*MCe7ZcYpC!L(A{9xQo2Sx_dxh#c@|H2fI`o7oI-q<g=kxddXN
z({eku><R|dd5bkBUq67<nfw5&ro>|WT(%fWQ>C%e2-;|+rL)6sUSFFL9Kh#e0iKV`
z?~fJ!=Tl<dtUD!pJ!Hvua8BM0^4*o4j3+BjOk+(UeIbA9j0mnKPGe|LZj?$F$#Aog
zn_64F-9`63(IkP+#EKFMn22I$cXPh?B?fvIMAt#E_TWO~6`DSdaYC7X2J^x!Ylj-t
z{}@Jz<F}6z?K?*0ihFnFxp&$-ozD|j{+@4GXYFvcza@E}-InKjI4~-&!>&Bf?~Wr}
zAHY6o9)Gw%fX{ZY&m1lC4I8X%9#&_CN%?#hO7Hf_zpf>F0ZH;gg4Z?`M3r8!<KkwD
zvA0NG2jehe`bd}ll9IMdhO_vvmhdzneXD1OwZh-X>e*nekelTvZOHQM$SOTtk|!?R
z2>CcGLgnmvNgMrl1XM3eh}@US2t8SJ{bHafgm;lXLHF7kr~-VJ;3qe`t)laDR(GKH
zsS5&x4onoL{+V>j|C*rp->q}~Hs!fD()#VlH>|aGxH8bvb&u$RoU3{4OtLlHl;_#u
zI3V7E>n9(i_1nlkbF{D;%3=Kg7TEf6vBn<x?Fw4Kc$=qdg&)!pQa(@&D&2XD8FNwd
zwS;KLxQw8g;mc^}%cv<Ta2c&h<^SU{)(;|g>Oh1|@qj%k3`8<<e#V13_~@>Ok1uCI
zw7=T|m04+H%!%U6?rg*S&yuo7#iurN9D)ZA%A6P+c~ZH53K}f{y@8qpdz==>r!efm
zzF3_G=cX#x+`xd;oVc_MTn=XBnj5mmN%YvrY8hv=7utAwXozq36i6k<m>Y2Ylh^*I
zz&%)1@xZ>ZARbu9T8C6&Qi6=Mn`PaEok|ON{}v=~MfY9Nsu<3@tT3D!u3QMzaPba^
zGyWcN$0~W-<mqI<552t$1aYZgHURxpKzeV;Fbv1NXcUP(*aTi-6J(c@=Obk3;C}qz
zm1IE;pbBW`Jt0UYgW$EDTr)9QU@Ov&T@IhF1)A!8HZs>vdvcHsY|}L9qVsY~$!9Zy
z|2Jckv)R8n`#@TgDPgt--X-h*6@!Z2h%sBX;T|N_XasOY+;o4kHWvBir;uoY0B;L5
zQKfewu`EHtpp}x%C95mkI?3wQ6WM~7<KZ`AdFaGidI{FxlWx^pga5*6`!5Ui_cH&4
z+RFp_Ugqd}Nr(-#H@_vMhv!+%dhE?jP3sO&XQ`8}c`~{ly5{G<iLS}|BRjZ=$s?2b
z+Ac3(SLf(D2k=Idx(5K(_>luR997Q%QuzSN_h$p4qz=Kr_7UxV_`Mm2rVL@n@Z>tW
zHvu~2Pp5I}5-!FN>N0pt<mGevK`+>_<7;JY(oWY-(ftHCK+j@-<Q0wCpQY@Nl0-q1
zL?uO|MZO=T1GEt%wE=ck9#f)}=A1}j1#K~U6QL5v?Yy_%+DI>y(G7pymnYPVVodAO
z)b^|DT>xdRZUH{w&3@%W7XVcrin$PwR=9+;LffiFgN4<%3Y7k<@kiVSW}AT4NRYfN
zK_A%y15RM7*(y2xYqQ|RNGe|M7z6mlXDtJ>)m$;J+`TdDXPKTiLbO=b&3p%Px!ge)
zxYuV6bzu{u-v-hBqoC*SSBwZpW;NddG7~)@Fq8LJ6MMgh*OX7Zjr+;Hd%-qLbajQm
zjycHfFB%bcB5ysep2+<T8QuFVKatT;Tn8-YsL>up*RxTWgR^gr-w{=3(`$~YO^+_q
z9rk%p%tc~g?DztHR)nc9{gVuo4Wc|0OF#8^D3-R7nID>9pe)&L9x;ks#Tk}<j$z5?
zQSw>@C+(6wSs)vFo<SK?YQQ!&lOLIY$hnz@ocl&2a_-K97`723F|$p~so^ffcIcaR
z!#aG<pxZ-{3sPqA-V)_j>j+El<XAdUF0#?#ff32O9@DV&q`Fu0g}>F+ytP!fnh*bt
zs1vwF`E)Ceptl+{1pRv(J^Jj*YWp$Ar)t5s)_LSM*5(&Ru;8nL(_;L)UKX)`l(zdH
z3hM5EEz~*QilgdypDWRg_uHev@%B;2`*H9>=@K&D$*i`Y-`Mhk>lt-p%!Y>uW4^uz
zFsA=Su45~yul}BcRR1xoA97aQ?F_-4lgE}N2>!MPL8ueoe;QLazE7z0!Z~-Xp3z8r
zG~0j84#LB_;mI6Kto`e~aN5^1fbZ+PaEj_1K=lC{z@T5%3kQcV>(OK(6ptKb<RG^#
zeY;bNpmUnEui{RVM!ah9nxUIy@ilgn{CSP+T%jrXy*p9_`Kf4jsvn0x55u1aqA3Q^
zn8z7A*%~ZF*D0y+=U({JhHjo)HLH{qtM2H?!|4Y$esz?fAJ-o%)9?oPa(Z55KAh2b
zO3q_+qjxDR*#y)cH++X*0Zs6hsD{iW81DgXCFFN^cM&i$P^~;>52RwRW_;%T-`}J1
zzB7>XB*gW|uw)F^eu!=tG#aKiZ$6yN_@31Z31I-yl;wSuCl&bfhcT$BgILKOexzp;
zd(Pv}v6N<%N1Xt~mq=KpP`>hgHvy<>jHFY@@KTWhU#K3TVC&TIzuizyi{={?*bF{B
z2%mb+$PYTr==j*fc`x_6tL$nJl(9ii>N^E30QNz7-yx7PElpL=KP#$)1L-wVy5*0I
znsc>1Ms=?42ui}G19JSST&z5UxAxjkfG6#*!1H7C5ofyBqvlPOZ*2<{2+LDovmb+Q
z(1L^Q%HUqzgkTC~j)c--Y@YQTm*sos$7peAE=BV=G@=V4m0>Izf06+MRq>t%LQgkw
z>~roQOtT@iv$&yl*!~l(d1UtIalRW~&Jg^*D1B4W`li0Br>V!)rtJ68xgE$>0g&R7
z8Zws(x=nj3Y@V~?>T_^t8ttd^`^FALe@po&N^9ym?|fl){Z8LJvLl=C{^9Rv_a7>w
z-A^i0cfY!eLGZVWqQF62u+{KzJn%s&Z_>CUyAHdN9Jo3(aK{{oA@})HX7sx>qUAPT
z>HyZ6c%Nr8FwVhHPZ*r!uCa8V7wGw*Lb%UkWbbo$pT}tT`AS3ZJ}+eVd9yn2^Fwsn
zJa#%a5?lUPrx4GY&24%P%8#!=&>Y9}Z{^~R?Qg&V_z(x+Z!ULJZ*p+V34%cW^#VFH
zusL7+SvLqgsNEeBfxv^o2Ab&`c(R@bI%y5`qz3Y!w*BG_V4->+$N$?HZ`BK`=iR9K
zd%SwwHh%i#uX2+4#ern^gAWoy23te9_sHa++|f5A8LdYf6EO2ws+bve!nQ7SgNzPk
zR_GS#17g}|$kXlM{u>Km-_eXd#?58ta5``?7p~O?<g@Tcfj`IK&tdjQ8KFD|4g)FN
z?%yc?p3Sb?d?<SW{ye9>sQ5lZP?Gu2Lixve-T3U^0}<$L+(!ZD^3~QZxJTW~@&sOv
z3)5$qZecn+saqKP{q-))L%gxWrQz{lizP_qHW`e;8oWJ!4EGPfv@2@VB<Iu^VQPNX
zYA}t1)M^kj0nS<>qJPlW=A~wPV-i7A6DVhY+fi~Qo96_0ES-7_^N>g*^J3H#B)>RU
z0jd_JJ^)6rq3vNVl`wgIUSWUMK2J}nYx*s<X*VhHtKy;cZO&D*u=N3vt;7Az+8dqi
zZFUy!z-({s*_enS_r`XsSi8`W)lxNiv)2uz0l03@#v30D{k34~7-{-c(tb=xq;v}#
zf4(Q#jIrrJx3q!Bodyl1uZ=+!7<ylj@(s0C%O8#%wlH4@@YOYnuHU2Ua(E#3I|$`2
zPM?j)13cqI=bLz2UIb)RAiD64FCFry3i6|y(nt`=UJdft{|1;rEy~o^Xi0JrZui8E
z;IqSOfQ4>z^sir(hF4>O&7gp1p06D?$9^G~<1IxJPg@dylYnXu4g;Dt9^Lk~YGZOk
zRwlM+AtRu~_lh?^;iNr9ovGEi8_m_mz%tp*MUemIPlV=suai)Zt(u}VfrPvbxCcg_
z5oO8T<UUr-s2-Z_)W@@(CW2_cL$N?!^1hT?t`v}^6qq|EE(b>@GS`=*l%9Ai6+$;7
zY~Dn1X?_!{<+P(YzISaDT}cM=t~Tb1OZ^NU@P)Oy`m=V$YJ5P3Qvb+G%ROM4GAYYz
zJJ8IsVaixvfx%O5+2rVk1H!8dRlh+$0XCYHd8Z+A5F3<Se4-~qvw@Al>L})eCuw;@
z{4h%Q;r*8j_=oqg53{_ibB5oW3if-m0_)j$1~$pEY;inn^ZbMH@0ygp+*EK35SLD1
zch;uN-Y+z<pRjtiW_kWqdXAb!pKP)Enr)TJDg;BMKSh$&_qsrL2<zhv1WdG?7TwXX
z<q#b83PZvftY#d>?3$A7DOdLamPy@*FKa^fp;2%jUh((TnQB&7$HlNKWzL>#^5)@W
z+Dd+(1w_}k$jg*)UZx-NG6DI^GjKsQ0*YEsgj|xZ?x4%bxglGKFq7=8#hhHfFpZNv
zCq4r1W_@v};pC)WZ>TH&iFo=JAF(UpJIR-E;bMUxAH2jam6;dWrGi12Kfj+{3k^Xt
zrnEt*;#Y@Bp7=HUEE;|~+5I6nnkctv6)^N)=Y^>Ci_-k#3gw)S=-S`^N*>NH=Y9e0
z@!>icI;6nnT|>TQU&BR{Z#izihm8D2h1;7!Tu4yx-zlj6^b{qT{OQrYemJJuC3`6y
zyM%dYAO-OrtLGA!XE9EUF+SD_@#r4chN6E{90}G>puhwX<omEHJwJxX8O4vPiO`+v
zk=DaMajNA3MqL170odQ!>?~q%tMjZ=24cSE_g6898W~e288!qCp?(#XW6XjKutqk8
z$3BMyvHEsdlb>4*f^nVbz8I}%CKhZeAZr%6<?aY&dF?I&OJB;@<8&g7<E)rsqf9Yy
z0mcwj;8HC=8x0|HFWJD3X|241)%6bo8g&06M)y7w&0|z!?AzKvK`aFh0Yf0s^^HM$
zYofRQkx@MSy>2=fBXegeP3J6r6Ef_6+OSu`?Cz(r$%(sk6r=8h-4(-6nCN<i7@>YS
z{#PTLJ-bsC=zO}dfC9>3{v#-c{B<hxw?V7-CDbeC^?uk{w?y#^jp->Nd6HK^3-fez
zq{rccHKL(9%WH3lVvoDdXVy89q0x1rikFpoP{sCN2vroWXIpfL%Zvsn^$1Dk^4eXX
z_9sA?jrg%QB$RqNAQ24sF}-dzRC-#4i%)U#>)=?3Bqw<89SApEN#TaC8XQlvp*F&3
z!_UHKH=n3yw0H9Uzg-uJ*hH6zMlTubx1-59@H|12^JOHtK!E&RK5@t@Sj(;xQ`S_4
zuJGL4qI+Zr&pl)V+etJAKe0XHnC#uIZg}bQx?@tlJv-DWf5G;81&j0Q6q&8|*RvUI
zx6opIyta<Ta32s<BYC~?ydyUv-T3V!O?r@FFf^by=~)lB2JG9$M#g@991A-I3(X;S
z!*^sZ{?8nS<UbANOeS&D5R<%{y`|)q&J1x|xMh3jSN8_gB+#G0S7!R^x2-oeyU*0T
z)<(luNfCzYzt^hG_JazWYazOF9*?g4sE}2adwZ<lKLFg*PiNT8_9OiH9{$Wb16~3d
zZO*Yv?+Sa?1^W2tGdAnHmCm}bTplQj)kJqEibyBZ%ATjziIbm(I?-A@kzt=@aN*}l
zUi;{ab;$4HqmWP*UEL|Mwbk>l#GppLE@|m2+~xKZe*WU<{GE7<pTA-{f9=2y)SNY=
z5kD06&i)CggP0Nv*Kz=|y|QDo=uh3T8EhcCZVd3i?yK76n1k@lH<>|g*xapYf@d8_
zAPx&?kQR&at-0a~V<N|33Mi08jm93KEs)$P-Sz&RHqQ|`<tIU?`^)YIHJWl8il%H1
zw=b8AkJTZu*-lfFo9;<dC3P2bjd2YecUZkI8LeqAne0x9(g)9A<cihV*J$*=tQmah
z4$;dPeVg{tx0GRKU8q;`ONoyP_e*KF1%TJA4<CAG9l-ZqZCE_ek_B|Q=CDmvzF-aQ
z+I(YKz=(i)3Z7)2_y?mw>q!LP2Tn8aO*>T^(7^8C$K*XR@daJ*8k4-?;|w*P!IDgY
zsxIbLZ7-lnQeE~)&XchqS*~6O6fVP!rmYNxHsV5}FE<CVDEm2QGl)`BF8so(wB_it
zjLI%S*~(V**;xGSRSGZxw!^WUf@T%HhgiklY^mjbSgS8sDaG2nsen+M<XbK|a$Mz(
z`&iAdj<A{|qN&MSH*42&NF2-#S{%&%1|A1f#s`oRw83akxk0^%cRv4;f#h*k4I#1>
z0%XS!c>se)`7aP=!s*xGkqz+|$=A%2?=x=$gKm!IyH^pKU%C?ht<-sQzc#*5kRRU!
z^Gr6Yk!}ZVqH2w`YCj%kdz^~ZV$2vMM7q03MzPKEIOMTx=7#dkvods&W7beZ{6ZsX
zs^tqC>k?_sB-VtnNvT<ZN+3BHD^}@v+~&C)lz$jXi-{i_%=od2-UUtUj0LaG^8Bjw
z0{R`ltF-!Js-*@RJErHyQmww}#E+E_KXwY!5IEV<$W0q#ZX>#jK{nQjWMk_#-1t1?
z^YhS1zW)t&9x$3OTj&Rlgv*yn-iOTDy!EsTi7T?h6M@Jd`?d39lt2A|4n?nVc^bd0
zI}Rqsh9XmPskBcw$17;G&+zjL&YEtbd!s=55nwIls$~$pfuYVe$a1V_gtRT;3J8JF
zjj<uhI%?&|zu{gjr)9IVu25>PL}83~5Kiy9BoQ(_rdZibF?~ujPn~kR_Q7#O7#|U>
zOPg}gKn4Oc)TWTYf0$jKN#$%^OhL*4gGk~?xi1dtiWbh}!#yTDrqwlE(C;&LEDAd5
z7}Cjw*+>XcxYaj_t~Ib46paaL?3xWoDrMo?0=h3f;4UP(p2Yo5`G^<)!ixt`@l0O4
zlouycv4<Cb%8PHOVizx-!HdbzHO0w`U*N@ODC^o3Ui>gG-bcknyf}v!S5WaNUfh)z
ze@n&B@Zz?-_-!hFo)_27pyJ6?{4y^-&WoQ8E#6MWbISb#>9D+0IW{aFKpiPunnVyz
z`>(4hTw2UzXK2fHY|L6&2dS7`d1E52MXh=q*Lhh}fe7cpKG)R>bD=^Ha=)p^{uKix
z0vU8&;;<sR-ZPS&i!UXIEd#*K#_6yOAaF2=u1!Ef`BJ*@ci&H^m0Lu`Z}Q@IcyV!K
zEN;Axic5I$%}ucQCSE+67Z*_RMqWIa7YkIpgctYb#eQl#c0Cn$<i$D7u=wH{DsIM$
zr&IAcUVPzID)v(GSzdgA7k6%s#c%WCYF>PuYM1chg}nF}6|dyQ@AG0KHB!inr}5%q
zD&EJ7pXbFBn_}@Be3nCb@q<)*!AdI5;Ki9#JcKvWnHMKe@#nl)<i!J9VDV+%c8!~g
zB`SW6*FMaPWh%bHYj5Jk|59-SUV9NQzQcsYnS2{Q;>B-M@tW0C?B>P4QE@k3dmJx*
zt0fjYc=3b0II0yE&*8<Hym&z?uCfOtx%p<o`0!#xYodBhTK?<ZP@-v}pJ5FxA4U|F
z|Miv-)1_y=cPhKz+ZtOvj4lMAPv?QU4$39>Q~1pyP#6FBQ3lfRnKm@9^nvXz2048H
zBf`x^A-H*6Q-Oa=-YO7ubI|Jo(hWsm-Brx(#854tC~yI8oV@%Qnq3hYBn<e7TvrN0
zS}%jv)fmD07cP7;oG}Jqplh`p5M9$CdXmpwj+3Hn4|$MOjznvqC_&>WZcpohpac*b
zwZAW2!P_-yr~K*^@F=SZh_3mFGOF|$SU~=kv=b65i<}KBf{j@_DI@6SVY3_;-5t5b
zZJgCN%+Md5wXE#TIq}sGT0o?xWQeb$dZ4cRl-i1gwq6Qr%YHw@mBw<EUAUt4vWwDa
zA%wo>Taa@4pW!f(KYi#o8yq|5A3w~%HD}asi43Bl+2w4dV6OJZ7z_CI3=HJ!xsRK}
z#`X86%dGqjDxdLRT}N)}$X<6xrx?ZKhbu!JABJELicJo(b1pAilO2%{XR$#OeZaAe
z6n(7QcLNRVO)H2Z`{ajg!GDK=pfENh{?Qr~0itA+Na4?5DBad*B0#J6qlOx>zrHz7
z`p^)QKHLPSC2L<DG$F<tTF&*qKal=6lg`Z(@6!%T<ot3!{Pcp^iuVUflJEmY?#-Z$
zhx`a*c>GH>ey>FN5vaOHR)M338d41T4b_4V4&cCF1nz;S!sK^?5C)}7cu6cTab#(S
z8-7W_)5QP<PmbvN7zi<NAwH{l+E$9w7J?<yG!nEuvI;Kt;^4(Tkrnn`g%AvcZ}3G4
zd(n+v%+SB^W9|iKMoW74-;j6T(z^>Q@!g`3cMAlHgc>9g?hdFvx>Fb#>~9wlVIfwl
zFdQm0j;N4wO=XkQphD+}n6v-YD%=VcK8>g_T@yE5X0)xpID%>_)++3S3gCrc)u@!8
z01Z)GJZst#8FBr$D7L-?2C@y`1qlSkz%%-9kHO%1qRS3a&iQz(b^Z*|>drP*L+L3>
zH@24Fthk{@XD8sLK5S&l1^|XQ(4As@l@H!Y6Hp(Q={m(zq<<I<@eWuG#{uQ2&M0ab
zyN+`BU9)ZloHU1K5w&QADkHrQs!ifd{zoh77K*oTt|EoU2q}!s(!$R@hNAgi`s4n9
z*80E8bRzdY^|W5zjJNKX3sZb>cRga(|1PDI-t+rxS_A*wC~eI#Dk}&P{eQw<mR0T(
zcszrDWcQb>t{u3qvdUNkFTN<R20`PaDA#vuUeu!N=g0}Uma7w*`!k!+EztKjjqyXs
zqG3&QQwohGk)K+%Pv3{Nc!96QJ<Cy?a;EXanoqCXp2~Vcy(msc^kuzdRk>lU4Qj3(
zj}4@Ux#svPcD47`a2}EYadPY?Lcp0o21uL?D1t~4$O5aEiM;S}q6B#O$*kFF=v7k$
z7^oPp_7srn`BuR`DJ>A+QPAH5_IMQ6U6i+M69k9_bX=-96m5;>anh>c)#0}p@NTnV
z3M|%aF^CCVf5D03q(OD1nl>ZoAFSm|J?>~hn!rmA#Xk?X_f-9-Wj9bzrV`fSrr;qy
z-UuwbR&i1dBd%*_<Kj;Rlote+_^(EsR2#)E=cA(Qzm0HXi-Hh=hEt*2I$@c*t%ISh
z&HxebHlnB%McQdS`BoZm<7MmN4$%oJLYjBKab1smdNhiJD=`wT&i$kgzzqXPfC1bD
zQ!ZVFUW1}L6%rIyx#5?={}Nj+_UaXSbvwO!1z$Z9!1Dqpz<&f0Yumy`M6WK?)2rM1
z5xttp!wh<UliOwL$k0sr`%FAyl)-*D5Na4&tSXBd=$<Taua!1XqNc@ukp1xQsipLK
z{gprfHS_+eS{(5t8u9bjaKw{v#NW^fhb8nUUW3JRkg&|X)80mv6K&_%V&7t*cT}<G
zw54pZn(!HYzm$^<t7opX3G(XKlGT$#SkkvtUE}8d;b>U9Q+^rC4$5VV`L}W}#>o4n
z0FG}mj;}Ecor9izd=TtzfzI#cU^fOspJsfvWUQL&DR`;Qr3=?Z@4gFp_cgs6P45<l
zyhHlg>y9JX0edY+t5D?DD&!ojT*3y_l&{98OR_Z}V?Spt(Qw`pK5YMznDEPf;(67*
zcow6g{iDx^U$l$QtKr(mLxulDRG6<-7zh<UKF@{vRi#sKF;^l;rhK!c05ziTPb4;t
zG8d=3!;7c!;s>Ji^P94So4LY-)+`PYaxYwr@Zmp+z7Z+*#l!|$SVPVl1KuyreL|K8
zmpFJln^C{L7E<*lyx(&M&NWJ9)nG&H|L`)ON9nSah=SbnE^9M`5`+K9Rn1|wRFk2L
zuI=GcKO|6d(RoB=nT8apEYn4@3FoSxi^M9~-_B5J;o%e~>#cDl41JApxnSqUtAq6g
zXNfZTH$~bvkMVDYv2XmtIeTTQE?vg&5q}3v?UQo%0$Ph&2d%|@Au#sdBDM!D_#UJ!
z3W2e%i&PjZgIX>5<=A!+ow3`Iq)#!;r}jVL?E@*s@Bb@&1vQquPe|W?{HTNPH9v;*
zz3@lPegOLJ#QT2#N9^+lC~L=$YK0+W?uec`LDyPGyIDsHBx#wy3oMONzG9!VZECin
zui(FWSzogWG<+9t7)}0t8F%i+k0!H!lFH>?zhnmC%?(~}{<+sR&?&}4@%3d4|Gt{?
zovy_V95h~qiFcscK)Jff5Q~v-@*{7C1IEi^Xp>(6Li#ywMaUqsj54#8QD(M{I#3N_
z6Zel$yeyip34Q4)gRSs4U?Y^9@2u5LeekyhJVUGJpi-nZHzL^Fs~3Y8p}kA!#(oxZ
zu%Cd9?Z=zy6m~W4S*Y&pdkeH(td`d-B&e$XuS!0StkJ+{G+i?>7b$Q*JI3p9b98xB
z3Vtj=gEC1+hw)@6T3mY|!HVR(4i?o0WvUG7+M{W#w>6yf$^`N#+p7sPF3Kt13=Mgx
z(UvmhL22|<1cPs-)|WSw@hy~BmjS-Kq|IRr%^~wba1LX_<}mYz|Lq*g;=<+-$A+US
z$a7iGuKl7r?h<TR$l^b=KwbQV9|}~jjA}W1K?w4_SF7c1&22RNg|&5{L;G!*6%qrA
z#Y||S1>bZ{I0?16nC>aKOHtw~sA$+(ErCa5liq@A<blmWzL}3s-ybBpFT1o@WaHon
z<O2lMfqe_eoLP<MKh2YYW@cj{(4|QkE#JAVHlXeyfVBSuc9G?K8(Dc&(Ft)lgIlx2
zpM(sECh8EgXf{Q5idhwe?!vEiDAV{~L|gt`cA%2VZRk7$I|#?WH{Aw#&(X=Zj|5pI
zhbp=Wp7Rm36d*wc2Y$wAI`E|>8JKaHSBJbd97*)VZ;*Zqz!$^#7XyL9ZpumjvKc{`
zRm0|F%3g~~;w7=M`GpG*f_O5Ri@i&B)zzcPYz!UR56TKDv7i^hBB)C4O!=>=B<&%*
zAOTzVAOy~NNNK3VC^sv?nj0;&OoQ*&8E||#l}4P-3h|3zVzwfA`c(A*P2ttr2EWae
zNAp5KUpTU-j$r+&Cv|yXFt5SOU+3jjygVpoJ^E^z#%mEfA@6vVT*2NCR*s{}Kk>@=
zZ4-GO`>7eDWXiv#&`2<IZad!N(7}1Z`8DdPt8pcTYTOeXE0!PO<+l#j%`$@#c}kMj
z(A0RUbFqM};>}81rM1#htD7~20Yd|AS!3nIDJq8QJVmuoNarmqE+Bgusq7?Ltb6R{
z(UhzT0-jKy+y-N|5N^tZ*nuxuBwrSfnOh-=IS@r63cX@%WN{5G_#j2GkCn+Uwqw|;
zY&|p%nGrwVj2CL@<^nBr&f&_;Fn<Mhw$sg$ub&Cxo1;gYSI8BYj&8zuO&Et!bbW*)
zD?~FHlg&Fq&Pxg?ZA0RPSv_a+Eobb-1AJY3NIOnRzL@XvjX{>Y>FXdduhp|BKjD~F
z%-Ie6Nei?=le0g7$oY;=*0Nf#Phc2_eN<`_ZD&~tnCpX~Nr_F&Kbz}0>n<;zV^6kv
zPO+XG?<mbQei>qIL39f=vK|Dgd)9visqX#V&^!jBnMtwY(!ov8rXZ=@@@uBJ^jFE(
z<}J2<dtxOqZ>?n6ivNUa(?h=XZ1w!AtR;7K?xWZ*9^53v*jUNi(*~CW1)hOK?`?*H
zt$vO4vl@d&x^!4dTFb*Y_T3As+TX}9HtV+Hk)VBVaDNIG87{6hi0;OKAiN2Z_gSOW
za!PbzGzU+zS!oIIgo%it_y~vyybfdqo_V*kka3(5C5}UR-cjj!?xR!p=6k1(!2DeS
zIle7e8arBW?+I&Qi$hkHVl0o)sOWFZQ}3v!*D*NC<2P9`6ywrpq4l5EYL-FGX}spZ
zd3DLV?ENFf>rYkGBl24D1u?NXA3*$c&py>6S~Yl>zo9lzpZ*mPZq`x*Pg!Me%K(WT
zkr|<qh<tB?mDbjN5RPU1#kEny&3HEF0$rfA(Y4Rl+rBv8`!ssxU7f?$8lnnJKAPpJ
zwo)XAL?9XDL+^Klb>5O?IVjE?!cJjs+GKO_)RkDt=1pWPE`!FXR3PFy-sX*icQT5$
zc+Ps(VJzx~bJ@-fWSw!(9k8F%IbBqe)5RDx_W!yXz^m=xP2A=mthf_@1~icMGur&W
zw4^6$vDk^8B%`T2<oK4)%&w<--tHi3_wq(+*BH@m`z1ZqNF$JGt}6o(3Mh)n`9QIk
z3NpEP_?gMw2Pac>mqI{5BcMBm)!L@6159`vofTF?{DrJ#fFtFxy?`d;7DgOO{r}<M
zsMph-tSeTwE1Q-2Uyahqr?vBQ2t`njBC@_~wz{W>ByWzkpQiU{KdH>9hC+--``IFy
z2SH_YSFD7#h?I~Ja~#@<gp%0Q{wk-{i>1k36;%Hcc~(zLq~fUQf3kz>5^W-0KyR<3
zObk~W+;n83VhNBqa3LIp*!UwHHGI21I0|vzdAt($yYYtl;Hdkeo*0qSl<yrcqqivd
zTfX(bYCMV>pI==cFzxs;1enZb)avq89TN&kc7UWY5UYQ37$g;y>mX@L5Ry8kL_*T1
zUqnEXqbMAT9M%YnOJiQrMgON)(d=aB+#9MjekDhhr=MlC!$wy9i@9}Jsk}b-#s<i$
z*>a+M`?Eo_<-)l)wr#mr`|9{;Znhj+VaqkOLKRe4#eN0}M~3PO>}=5Om0OgaI-)1d
zPQ>D_ei|8Nlsj|pcaz*Mk<&lH*Cx3UFZ{IMjpN5{K-zew8Dz&cj~an-GwgXR+7_cf
z(@Hb&<4G6g?H_bRvd=_6&wbw!2N4f9?$F8ll(4K#%5CUEKhP?d8B|<dq4o$|0f_C1
z!H?!=kuG5bK-*}pOGuQ+6PhNOC_mGWc&-sdzSc}iL+qM}N$YHus}O2>JM!?5#>wVO
znZ5rZRews1SLH|$>|~0wEA5R*O?K6BG^7pt6QODYh~qi}{6)j{YgZkL5`RNw!CvU`
zuTg9>f8kxw@W9^{{i=ISN)v)^F!sAkXPQA2fMKqdp@3wz88|$oPwr|$tWUgba`X^9
z^UbIN2@UX<2n*K|&OKW=3GuGCojISvO`aEBFE$}_>qIaq91&`7+0p7nGsBf;43xX#
z;ytK9_nel6Nf{VwVT8d@m1};|z?tD=Aku@p5um*B$Z|plI3A>WTqt>G(p<d;DJ_c;
zxHVwrgbom~01ie~&}H*3BnPg~4k7d%wk4dSI6+wfX?Z8>TW0v5bm@fT*&|h)zE9e5
zMKbJ>3|rMGi9nl=fN_AR6Ofxx-qsgf!H(I}ZM=@s81zX{l)#zF$xC$lBq`d(z1UHq
zH0x!yWn0Ci4epB>hoNgm<Jes|Q>&+v-DMD&)JFw2F;|B0tF!RX0Ot<kftm2D;wf`s
zG{gjKH_PfRiG}m=R7FSBZP_e#NJI8Ct2V$pJcZ4F1qC=gehqqpL1TufUN-NjAiaA;
zHe1m*HJsj67Xt(apKnAFh5bFr>%`3En0wnqQEn;zob2mwCRy%E^JgSxPJ50OFa4Ko
zx@Dhz06V?LixmdPZIXA0k*$;CPRX*vp1`At9(*KTQ0`Kb`cV!00m*rU{cZ(8!}s!v
z$5=(qbWeK8ER?Q9pk-vkDOAGXi@C2sUaU@=qsF1JGE(^%*OL(g<J753o)dC{M9fYE
zsZUuw<Zm{RXvRG&*!Y}R&6K-<AFU{~qktK^QCtwqCdNwOkU@MG(QSr|@N4n~f_)d&
zUB<A9K#3Il#Z~u<hl{OrkV%xhgCO`;EGDZQ+z{{C{B6SlDXuK)fjAO?Qodsg2X@I@
zI!oJG%>5P2!_*&;n_*w*^ia;}dmlx0Y?smMRW|Vr9?yTrEk=0;Y(h7y=K!Qip`#VO
zkVg=LTFYO`&<p#mV0*&Hgq(84Uony|8B$3bQDmjGWh|e2zv#XnQanAt{v?5|fHtYu
zHV2glzQS0bE#uUe5Eg>MtIWn*0&}p)#lKK?o!23^^-4-7AijPDlQS^FG;6gQ)Y&)O
zJR<2-m_NM>qXNt`^!Mc^2H?D7On5Q3f>ZNx1m|4(R$@g058?$gM7!FN0VewPCfxi!
zP++vOdxm`n!K~aH9gU>wip=f{*vCh%NjypuB>(Xo2o$h;t&-xk>hhe7XN16@4^S}%
zK5;?C*arsmPYrgjN}2D50kqZ+K&zqk7bsw8yi#d}?gZdV9klNViPUJL<l7@CPn(A#
z=R=x__ptH|m-z#_Za>6t*){wbt|9L`4j_A8u!I7Au)Vs5ETM_vZg|o{iM%a9C=t;$
zN1(v)Y69*yEu5EIT79`9L=;*3Gu}61_BNZCT}#mzV0bnUC9s6Gj>pUd-Xul~+7fDP
zBahfDhb9jOUfK4IRmeA7gBu)&$~Mg^Bnv#Wb)rGF2&fcio&!Ba706mJLdNslH)n*+
zOC2e5@LXJ$3oqUaCY8#!q2$*OwW=9&zsDK*H5UzXNb(CXL9vjAL*x^Uy!D`L9H?Sn
z+g(3#LK?H*tq%IF%c)%~0xcyQ3D8pVt3&ECcZc|KkTemJAA(qAwplWeK0g+8DBh3g
z=Jfm~4?7bGFm6|^!uF+r{gcbi!cbKU$iA?$nq$twDl9gmMjU~vh2(r0lzdNOO+KKM
z7c(#%M(A0HOt*uVnR?QTfE{I{l8JT^UH?Hi_>yiM?|h0le9Br~t`SU9brm$EnDp`P
zEsA|WR%v=yq4*p-u&2o2({joFSH8Qvek!UGuH=s&%@BC|YSZ7V_au-SAn^zbi1_;p
z6g4rEhmB0cIKg3+mb{=+VEWmk;+qq=a;q<i+Qp!ePrunw$o15KorNJpx{(!E4TskK
zH3*RB*J@Gj1r@Fe0e*}jEYqwdA&`_SXt4rL-(?Z}KU~)m=lZ|6jI76>bLz+iv;hnA
z{||fb0v|<r?vKwTo3MtESp;Q4ghXRWBuXMdvLu0QvLQ3cY=Vkcv{Gr2qf~6z6{<+0
zo7hapvD8bey<hA(w$@XtHY(bZO&|#%cLfyXrox2f5<nr`vj69K-kIImO^A5Tujl;x
z`JB&3!_Le*Gw-~Y=l*=3=t<e&#9iyYq`Uru8r&Xja9iw#7-npU+4}W&!iKQ*31RDw
zG`IvC?4c}z{qTxuT^oDi8((qGY^=|M#>41vQpOLd_R{1x*eB0^8?(KZe~Pu2!cX*4
zz2@2aqF*C2OmXMw?{fN%Kq0wc8%~77E7EaLZhwL*p9+qo$={jJQLGXCzRdVN8|fFB
zKroeFR8YJ0VO^dELog(R?#aB>`fp2+Cr-Kp-U2V1g)jSNLm}5S>I7kxqm}Ge3nG^A
z;wjkR9Q3B^7#Hyy%+_B%Gm)bxh)`4=`{`VyC#+T1CcO5|uI0vIt8p_z4Kww{wV*Jf
z%?OQn-E7pg(tMM#><&M5C6UCfu5vDPRp{Ta%}-bx0woPiiS%n2^davM>pUnYLqeCJ
zRd2{p<L!|xPge7N-zko6bEOSBJT#Pw&l?d+!hak_CrCy6K0f2CHq^HtVE7VQ`VWm~
z(<WN?8_On2H@?R1Dv!hulf751u{Ew<I#E<B3dH+Y-<G!-ZLem%)z;fk1iiF=i6fC)
z+<n61;2plMS9xaB^{8*++?O|=Sn3khyG0X_$C7`yOMf1gX+w*DEk-3g)`qOo>+1D?
zF8s8GJtVKiG!U0W@FkcDn$U#C6JpM1W<2h~0-5i{#e%Rk=-!%BW|IOPw@I#*OZEib
z!R~NNuQBcc{c)jawErzeL1Fs<wlR&vaMzB&J5SPG`Nmx_^3THA#{C)Q`vOmr#=u^=
z(+XiRcbU<Dqd4SSoqr356Q|qASS|eE8d6o5ZGBKX$H$qjvQR~wx1ylZ&?oj3aKNoe
zw?VtlY}rWlT`{(rwWu>&Ff?f7_*AS3Q7!}r+{To7^tce%3(&r?1|dji2BX`eT=du#
zF2kHa8Lwq>G1n)feJL}dBL{JiZQs+wjD=Mo&Pwp_P%7+<*y}`o$yA5NE!o70LWW=B
zV4VYn+1_D8EIfoI4{wZT2>wh<jX5Jh{-$O9*psF%8`v^5Jz^PJcMDL8$#IsUy5~(i
zK>ZcC9#TRX5kF(mJ;lbpy6zrk2wF4AlB}DhUuK+seNtR~?imtF2*8h)lZx9IMq#((
zHxoeERfcCu=r^umrq`jc$sCf3ZYtE%?Xt?@@VVc{unYZa8+kLJd4&_!j63iTTA53|
zXvvec*`k|@vLK`s$-fWH5c$KX(UHiW6_y0gN>D>l*u&xhh=DZci3X0DhQ+`tEbzUg
z(;Zm47+yX)Q+VnLBHO>mm1I6T<h1(3=1gBq_qtX+dRLzp!9y0On_t@lqWuMZDJpt;
zNg{peFN`k@J>$mxFFf@ab!d*$?2Xvb_EPR&xX>`fAEN%)%>LZoZ-3A!>&L``3+fA*
zPv1zOzWm1Q%THn48ELuA828-hxLf@v>O<oB$KSx9n)5`xIsT8WVgO%lOIE=fo@68k
zXCc5oda-p1JjVDx@uYeCd8eSnoB|xF3;*oD^Yqy-n4i52Iz{Mf!c!V?gSOf3cOx}`
zRxQqhX&7szmlE}lMFOluz2Q+9uSDuzdKl;h1LIiiG-l+;1$B++(-o|1zcRb_T%4zD
zZoGey;Stdme0ZKY9O88sI2@>7=$IrCv-fB{*0YgtT1P_1k+^v7GRa(z1AKh?*ZO$O
z;McEW9r>;K@z3}D_<ryJ=6RHLUZq`9HeeklWIX2#AfUtg>$hCTF%N@*LHqc$OeU(t
zOXY`6^`q6~EnelUS2^ic4vQKhs3}MEzdd?2DYVK?eNCN-Q2XjF452nQ*2W$wHJkpu
z>p-ag(yR1(mHn~`4@RYz@aI&N*^Q1}G?xKcGiV!zymwkwj=B|H$2wKaN)W5+QQIi8
zArk7xA4R-JgvL4&^N6cSb6Ytt7BC{DAWL~L%2F0!4B%1{rt@Dh{6%kLQ26qDVdv<t
zJ<=NvU4aSFtj**|8-y)dJ`dYG^#~KV9eVP!h+JR%gfcMSdZO2aZ@FX!@U2CC6oiox
ze3vh3paH_@8311Jy|bvAojz(pITtzk=n{tQm;@&+a9?(P=B(mAc#wF5Y~1kvwf*3s
zpm^#*-wF8uXEJ>9ED&!DKf(;EZ;#7Te|B#Uylfj9jb|99;Jh*8ImE`B!BFxr{#C@v
zj@ykQmQHkgrE6tj!?S2>WCA59aqhqIq2WgTc%XuX^FbwP@Z){zqp)p2j8(<l6G5BL
zp*~p9c*1{a*USWt`md}H>`NqEdE|wG7U=gHP}_Q-F>KI{;+$T1(Q*+av|w+72x9Fw
z#kbEgn8LAQ#s*PKT`q>(VXxX5y>Z>q<D2Wc<E-yN*C?UkR~(+P`D(@Rdfd-qpqH=v
z7)_el8^mBZ0a2~}BfH)pTU9;#oJ|bsn#{q0aDq>Qzlr|Yu95yi?3=4qX#6Q$3su7d
zd*~3Y-=S%6c$N+^{6Cb->PEsLMtFh%6A0Q|BZbCt5;@mI?OE8Q0!|WL5w#@S%QHAo
zE=2pHD{&q`KOWNaeL_C7i+m@m@uOWb<Y73armm6HTVY?`$o6Ij6Fb?1ifjLbjz}hf
ziV7=xg7r3kga39gyBCGvYM0bd(`PBB3XNo}jyg*%#inR7VTgoDuf26UT|&#u@+6Kk
zV_OY*t(bQi>32q`<Kk$*0gAFwadWXLZc=wu^nn49Dacz5n|0{hcSa@9k{Cj=pHcYG
z2sWUiP~K_GO2cy4j?3KjbqRxoMn9%ooT%W_u|_KTzE#R=Jq>E_!w-xnqc$seGn1)r
z1#V@#j`@A%Li3@97K*p_2p+vFC%)dL^=bM}VLazn+7Vea@f<>8ein1xqwLXVJ#@a;
zx%<A(9bQ@P+UH;1^|!NRvG}rKU^I_oM39WJf2;~f&TcZfz$SLrf6k+Mi;9tNy}J+y
z1A^;r=VHw@f5S%p9icrKY!(SM+lpfMAk!5~WsOKxf9h@)LU+s6G4(VocsE-mgrq%#
zFihWiL*&ewZh;P<9_P?lUrBHt7%LlvM7vcgW&->?CxV9hQxM6BYXXv(CL(t@j2@rs
zo|QQ9u`{HI+{>bEmGMXlPrXj~Yrbg|ia9egjXg9$ir_raLob4dCcB#kh0++k!)NY%
zCIaf@ze-jfvBw2ub(9ezk*r)<+U~j1$%TGkf)sg`?{H=9o~z(o2V(LoZTfF-W}1g9
zyF6;ICfpP9k65arUMjMzD^st!jL<`n&DjD>or+YlLv`xN<9PDg=qk7-ro7#2$Z^tW
z&^z=cG?cqSzl>3+e$5gu@5YPts!0E4=%el_<n+HSD2%TcJp-SpPLtI~?6ND|pF4OE
z;f)&g_;#E1_`<9n-=P8O@rhKA4|&cy5xYzE_zKw)8-Ev?D`SPJ$nKjP7f&dwiyV~D
z_*0xE?CiaECjYUnwwMWTLMV-`SC9w2uEV|=W%Wf9xWz}S)YOACGcMit88g40r_=4s
z`_KG&mx@s{EE=CfFA-&{amHDJzIkV1JYr7tWBS=Y=8(^^W9o7Pc|r{!v*@r3XqHGb
z`IWJ>WS8zA5t$4fmsE!Xz4SXn_u&q|Ec#ue@HjVmJR#;g-!Z=v4I0;07$L`@7h@Xz
zF52jXeo>^68kxoK%<B8${d}*i);S2dkp&%&lhp-w)T2nJjG01M;q>jHF>&^+FuI`~
zlIw_x6pMECE=k22%{Z^y5zx%rV;uN4;3SWQkN0SmVUHs9ghu0;sn#=vG2i-2^IP@w
z>BX!k)~WA8)Z>^NmRSeqV0nM{+(*8e{#H!R9RseID4vorbiQxGnxT<fgeyOESzLSz
z>OX<@EDV?(T1I1Y2x;bX7lTmpDTPW_#dRU_=C0q|UT8r>Wb=0uF3~`pgY%{0WNQoU
z`U}HIGB{9;0OV!BZxTg=ZURZe{GKzGdUGZ{bXw`*xOf6NK8`@<MhN7mk0LFc6kWaf
zaB@AJoE|-iwWi;ule3~!^NyHVdJ<=4h(R@{dx&aw`QqkM_|ZZ`qBrU5Xrtw<KG96K
zht2%<p0Ws;UFN=p2&t@2#z0gDj{V3hGD(DY-v(3Nkw~kU2;Mi_&^{`NAkzuWc_sC|
zy>%0g3k&!@<*Q*e+gw6(zAL!jCi166B?yhfOSYi3yAyx<__n;3wpjgOMr5-QxPY;0
z%>5=A-lW|4_0v&q*ip)RSm4h|e`a*k`6}3kJ0yXik6V8Od2j8&6a&SRmkb!1_BO*c
zT2op~PON^GqCV!<0hmDqpZF$G9Sa|au}Hq_K-&q8vd{-}fGJeT=P)RgZgg|Eq>e!~
z3l_pIGJ1Etd`lr`iI2whnoDyJTA4akFS?Hf8#*W`41FvP6QJA-HUw>b(gz9&*3*7%
z2{uf(1{;3+hu1@6j4sZdW%;IMY=0Q<W2)c__$+D)D+-jeX+{N}q5sI|ZlfJGxhEVp
z_`wXU4zErl#byYVr&l^|>-u+RHfP+m<L~BOJlqw_Pen;NDJf@RY*>tWTx7<pSM?K_
zk=H7zshQ}+w@Z|q5?}waes7)7+&Wiype45QCHk7t{E*ioDyf-svB+vVjjW{}W}Tdw
zJ6G@pVdZa!S-MYTk<7DM+BmbVW9e;6y?2lBZph280ue*XIOkOkV-!fGT6Deax)(Sk
zB4JS!7zlsv`+7kR>;=hj2`II5Gq$7Vd_+cnrT?wD!U7MyJLymN&wvhZYiVquFcJTB
zO94?Vo=z>(yWC-%gUI{g<uVA|!QD1!lT0pXpTm5O|HII)^IAfJ$hU_QW&Q+NFnQ3I
zj=?00*2TVT0Qs8#<AuuCCyOsYzTVt)9{Ku(m->~je^>m~^7YcD|A+FmyOPP*A71`n
zm#<%3)Q^1qqeT}kUyq(TfP5V;?jv8D<pyzc8l{PWQ_DmXl(2r+(tL(rR-4bcVZ*^2
zrqr2LRZ8meY2!b(vYs=FYPDIstQmB9m%e(mWjsuOm$_K5z@bqMYQLzg*WbMXtx$!s
zvJgh>5sY5c|9C?&*C)hSU=+t`arMl5Xh3qlo{hnoA|U6jk<i<N9P>G5j%M~M9F4%i
zEL`eXd2tC#EE05E8M6X7P)BxB_+~_m!25lpjW`b`Unbp9Xwbwg<eLPXkA&TSvDwH!
z0@v;<mz8t+_8EoId%N`2a7g}2xCZ>TBIdh!{L-cV0l)O)8H{r|ifFp+R{9;c^5}6B
zF6?o^!ak3S-~UmSOmHOQ2&vOymzFtbypqL^>1;cJy7uk9>KaVxIp`k~j17eii$tIE
z9|%qQDupd7(T*xK#r+mG7vHZj=fVJGK$^e0wd3(W*;3S(JV|(C7^621^&GGAr4;<!
zR;3l?pu%x^O-yiJmEy^<qel~|xXgDWLyJnJrhnStnTB^kS5mVm&@PoJF$hQVjh$Cx
zt%GDN^r#GGSe=G{_!iT*t?yA$%&Ddz&J4`p4(<iwJyBHhhZ?aqVxS$S0M7V^+KIID
zoy1}d>CNgdCr;Wcs(0JP!n++lj}f9+T#ac*6?PPqWo?c_(iY*))UT>WHQ^B_BjmmM
zCDjaaIo;~bX31O_Z5%z>b!Hh2C_W^;oDoQ8IkPms>SUH?IF)3a`X!u-(I?I;k2@|*
z9>1x!A9;LgZ9npOcI}1B<IM#ZDvv)|@YVA8yn?7a-rxTG(f2NBe`XZ)vp=odbB0%0
zDJkoselBH$e&=sR5(?8XT_j6l34Xd!Jk$tKFX5PNb<~S@a?G}FM6+w617#y4nB9(T
zolKftZ0A6{Q}z>7j6Uuej^&(Spuo?bV-ekBDWZURZi2g$ge>TUFw~YHICywk0z7#i
zF=~R9`SQmsrUmr6(Ja+Y&Wsnve_Tbv_>AZVWX$L*Zo8w3*$l6^v^<8MG5gXA2WkHA
z5J(iztq1xsGsW6p|6BH^yRMJeo8ED-@Mp~btwbcIcQE*r6r^8}HR<==^v}x}svS{~
zfD*8Nc`}njX|SG16>_2~Bt}%Ba?Vhde7nWQ6X#!9t+LXtubEWL9%no{^k-2G5HO#r
zVvKs+a1O4-z@lf+{=R}`)Nc(xvzvPQ`m6NMJ7`YEh@SZoRHUsEe&FlRv+KVxt}lsP
zZ<dflQmhUekw4Ihg}^aSpbM&y)Fo$}D#r3b+tcA$J`wT8QA#{aVb&+808)5kXji;G
zX|%uQeC>_TAaF61sk=O3%xI^+(@7am)`VHP(BcsLcarh%HSlj7eM5UiheHoIGLgdC
z^*bCBaXrrJI{G&0TUwG>jFyW*VxZ2+`9O9A@(g6zATVoL+BP(EPs3&)E-28Tqk?wg
ztgcyiUrG6*uOA@!pWde>eOY9A<PZ@Uwx}(1=u0V;Jn7_AGL<;UT+&hIG=&_2o&{a|
zhFC}s{pNw#&nbbk-5@}wBaF^t1tf3O<#tsZofz?7;qjnjvBw?J<Ghx(zT*Q^F8o6@
zI<ef9&xKM};Gur_u0oaouoDIF-RarL=x4>sJIQ_M>9qM5L{B$e*AG24`BA!+{S?IW
zqoR0;za);Xmq!@XYxiSkZiv!`8F2EKbaHO=<agj?6P<h{dh%g7x$u69ZN~tQXly&W
zTVmPLEQ8sk8ms2ZJjRyF`Y^Ckqov8})*3CZ?$a_mj@A9vXgRbGs}mxu?$JDx)fw~M
zM}9;Uc?7EWW#jJqrVPt6xI0nSit1UtH=qWH)JXOC0v+4^heK0X5e@W1gObpvzTeN0
zY}P+AnDc?|+dK!<^YMo9HgpwkoEWjNOD-?uV(pVyk8Gu+{&^KW=h4BOKO^S(ubAiQ
z`QL%(e-}QWJcZJWFoMtMetF&rSkINJXHqT;sNUr-z@v2YXc`_l&7<jf<S>uC%t(6D
zzoP3SVz9*z{~NA`%IG4N;N*Ac<So&YH^a#pbn>3)$#22QLOS_C^yGJAr|h1v8GOHH
zLNV8MQ=d7lF&bQ?{}CIM^l4CJG)U2#u)#Hb8kp;6uzoK#7zKyGuaqNtXIUXtyG@Z?
zD}~1&?zPgGavWj_hPc6il@gj;q60j4SyjyVR$0fltjapR)m7H<y*)a<2iW+Inuh~)
zM`VD2F#I)i7hK@y#SSN2_;=c$`n`DJKI?^_hrSCJHqeDy>xE?@f9zn~Xl_vbj%#5s
z%KD7fG;?3-E^Lt7r$LUn9d#!*xV%q;k&#_^@){%fW9~AHtGTTdsA%E*Oo#6h8g=E6
zyI`dd_%VjapCw1{`R)Bt`m7uDc~m~pXFSxaZ?n?pSFg?LL!V>fAGc8w>lySF$c2j>
zz9Q5bmj8sAccx=qNo{84AZFfa8;=?Z8jQ~I{>iXhQZt)Cb!7C`R~A~#GD&4+FQ%CI
zDY>G|9;!AA?|@Jgx?D73dk#p-O8t8eVO_M{Cdr;GDc4HcQdn#wB<K*U#G#Qd3AiF9
za?-!uaZ*P|iD5I!DsA^<Il0iAMzDGYQw8+52V3kR@$_$#IRteu1a%JIbiyIQad_>y
zXw@K;=#;}aDz_S=Vp!5%xf+GF2id5Mp;2)+rG>JXdWR;jpC=k4QOK%I7$5KR$9#OA
zSD9?Ue(@5@6H0bJpY0szv;W@LpC*#(@r8)llJI>>kC@#pF7IaHGIgSBqtKvJK4y<i
z4D`T@Tcp57&a0sf>X;ZjP$({EZNr0Pq5PP{x5z^2F<JRsBqW9GFU8<Fn-{BqQkJuv
zS>j7Wr8KzTrnlW($b}N}T13$1SvEee8(<D(O5CO2@GK5+n^~4=a_q?7l#R33Dr%L+
z;F3v7Xy%%D@v+mi=%#jELg_eFPOJ)#kgNpZLslbYCeGpkJ=G^sw3-7)H{G~XX#AKY
z-}#xjlHxVt4T`c*fiRNVN+>h*L0X1sdU841HV=s`7ka<1NYu)lctSbVhyM)~)$hSm
zU^H)rd;IXzjXo8J7zjFK*B<{Tcz^{N$775lYJivlW|x%FnUaDEx)*-mnMwCx=^L->
ztp7tMg^!(TX5}bZvNDgXAQBG}^Mj5!Lvcr`u{y4X)p50x>tZ57@m&owIK85=mxSZo
zQkDti#7J%yj)O7S65NPewGC<2$N6j%*-Dws%&GsZxR5jKZEgBprA(Q-+0Lp^{(V;;
zd7I?7=`jcfm&QqnQG4w0d-@3<4}UA(9vdS+zJ^{G5Q>f?+Srp>*x#M~+hZ4G^|8ms
z?3deEH5%G4_u6rL_Sr9;Uw^-Nm2*<|mr~4D@geAloGC{4%QH8!{URCr#UZo(l8*ZY
zD<$h0KaTDf?S3bNOINyZ@7xvLIIw>85#PW;XcsjRRJ3zEp;h=(X_?ao3c*7Uh-jJE
zfL+ODdBS@hl#IYDc<5ujY@-ll9;F#5b{1@gi1om`DizN)b_2SdH}=L1)Yx;QdxPRZ
z2Hp>+%>8iIH;(NG3b~b(vC++Nx3L#GaNGDlVS8a%;Xr%gHtSwsR#0qQAS%i2o@Ce$
zS!_ReAA|ic`Ej-%(x(*~Mi2kc$bLxIUFX8#Pzsqi^<Peb#c!`>i+}bsw)k&LVvE1!
z<8U}8{<46A`_7QPW)P@|tREeoOpHtB;9oj{wj9DL$wKQ!uFzcSXu?9k>J(YM$Bqzp
zGg+!Ku#>#idgYM<u1ZTS5?yQjc6^2j{AkB4<m~mr<1%K2^6$yndqvk)Q7GL?zDbG<
zMhhjsQBpcWbSo=Hv?S9W$}#i<^DHR)b|T$cY7Wd)0jaz*GYj<bm~V+-hdl{G!)qLi
z1$I(&Fb1b{tk#63UiQ5`k}?8zi|<A1q>*$2|IN13XOXkXf0#Zhr@xOn3?EfHd%zDe
z;+DNUEO&=*IQ9>h3oLQ$X5%89Y^<-mjulHJA4)-Nq9QDYLrV#>>^=NPStBc5c`bU*
z_e(H%ax=U1SM$;-xHJ?lF?^DUy8+haBL&QxP?lI86Q2QJCN#8CPWKr}StDg{_9|PY
zV6P1{ax`f>#Oxj<EV8S6;lt8fCLKXFE4xDshHYLYC}p4Wx{eBu&%;Ps*GXBZIO)}j
zrg~i+UZJ8#;(NV9X%AVf-ZD`AfU=P7@dHVDPtUC`Bp?Z_i++OooahDVz|}1@K7)8Z
zEd=AxBV~8XN(=VIs~nZGgF@hEv`mhQ!96x~CuetxCqFFDYeD-%so=1|pP{xv=mV9M
z)m}d6KOplr*@1TYMquC3n!XK7QoSUjgY`6!XEfYA^*8Dx$ThnYVI?7E%4)R7!m2NY
zSx**~rFIsh+wKs<LDALe-%AA;I;B9bO?dnv>~aJAsn&)kNHD0bHNJv!O!lzy;~F)8
zRE@f1l)YLh8e6US#@cJN{86BNzyfJ=NUrt%Ph@o#P>($}FaM#eRM|1}HbYd7viKIk
z!MlZ_JQ6Dj{uhB@9hB87JA5WJ#!ye@(+Y}#J@6s7<A+4!TVypsRx9CqfY493d`|~H
zX)oTDeF}I9d=KJJcVX^6=v8c5eAmIhaq@-W099?MEfXa}ln$VoKNKT>B#7$6Ks1X$
zn(&|$0d4TDu(3WRkrJLe*803;<9Y4I^V<EP$YTD_Nw{Jr%E}xVq5UvIuwNgs)-_YQ
zaWZNTiQ&$?)nt!Si&A9OlLB9C1D?Dj4c7LO6bGJy4eLpB;5jFrOUH9rcrG2!W#PG8
zJXe6{a`9XN40{QD=~)<|-r5&KPtYjiV11wMXb>;eA{by#0=^HH%#vh$Ujn`_0pFL5
z?@Pw_CE)uK@O{bnzGQq~0=_Q+-<OQ<ONRHg!25#mzEkkNu3?NxEO-Q%#KlW`!!h||
z%%yrxgteWGt}HQl#)gz7s22&1PjN=&t&^hb7_jF}Vg0pAOw(P7Y)#Z`+X+(*4jg$q
z5OhW`=&z*ZjF!~lcT1}8Zab+<U3$|LkUllr-59ij^A04!zfIylMgi6l8fJ#%h`~=2
zCFL$hdERGU<va1Nb@+}I55sp<KEjyYM50ss5yvJARmX`HjH#&wjHv~BJ;c;PA6O;2
zWg-?4z~8Zj{FpIZ>gb3BSVruPhJC)9+2=*9ClGQ0k@63r7`xK2M{&nn=s&=y6Re*7
zB}P}iHKv%A%sU)<H@2=G&<iWj&miKoQEMz(t1l6Szpp>JN$hCH7l>O9V_h+>tzY>s
zi)DVYcph{FD<m;hI5YVss<nz!vd9ssV=oZ2^GA9I&zO}{Y+UV|<y9ZBH?;Wf5tUAH
zla46Rq>%(p@j_!BQishag1j%IzUWeJ@nvG(Mo~=#sZ(AR3psAvLJ~(kXf!~5ww=_k
zxQ^T{S(Z6PFGM8XBQzEF-*MsHu*jbjGd9%kt!o-yAZm+_iW%zzdoZ}9X?UKf+Co4W
z&cT2dg;<{vfnc5Q#|$dHD2rPRvRr;B4qs;_-!Hz7q$W#hwF5Un@W>#PIfI8&#k^j4
z<#AzwE!PsNb_%n(?}9mSzvbW}`4uwX-d|f}CP0Dqbdi+>#MHq4-n`8c8z8vo3=K2#
zjRUO-qHCMb@DhUA;E)cJK&j6Q%IfefHOkC&(0kjK`X!h0+~O^=R>{+)nOp3}HP04%
z=$-S~M_@55b;#PiV}Xw*%KUzziOLB9LkoP?BfiyRDh3%H`uo#iJ86r73>8ZJN+g)F
zItR$m{Xm8Gh{3Kz;JV_b10uf$kFz&{IE}fwQsC@R;pw34+Fc?%y{aUA9ZK^fOBxRO
zhDT&R{iR$`FyKj{5t2q~ZJ1IW^~L4A;j(tyxUdxX92(y5RP=as%3c26{`?=Oht`e)
zU6{AQxd2O;2NJebKiqXa7kU7$UsRicNEyN4VDYWUjPq?G|DibX&P#iM&V^<|Gh6L2
zb*k#Q^lWf%VtwmwWs|sNcW69<tWLwknN3|nb5WYm?70+(^_t+GL~+Z0Xi3e4<}~r5
zPVu6iJ`rTf7BR1l>{jIaSgv1haZ$(aSFh3<jcOq%n#R@sYtamqjR``DqBcD&z8wY2
z>cU=8K-x5M(<zY;iu_TECR#5mn`LFS{>qtfnChf_PLg^|VjMyF*fHtJ5z1o59E4x`
z)0{}0l&`J}U4?P^_2|FHf>r2*{hn7HN3m+p5`$Pp9GSU;_v<AAk)fU7BFINW1SxcA
zgVQ}u3fV$i6RLDVBVzCwm8z4?Fs&;{Q>#|;b&S`t<Fgz_5f`Dc7H$X)jfBvQZ}*IM
zA_7}1NkN^+4{Tzh&n)AOxHkH88(Cf0@Ai0N;{{^%XEqZoUQkxAM>+WZ$3?2&XOa@c
z!q*=Hm8w6qE_JXuAXyAI30;n60O5KGXp5BBPQt&kF|$r+ZW$nqaPwSY!H{!hD6q?!
z4vHttl`>9XDB<utIGl-9Z+xvlZS=-Nz6JE1O#j#4d`#r<?iFQN_MjI?JWLg%HyF?N
zxtIS!%J_mbnM$>2x9nP=`!l`pl=((5;Q{>%H*7q3#FEG(U{1YSd3bJyuB<ZR2}_Jv
z#+Jqw|78-t6~$5#)>P^-MjUoYVTQ7v&Xn}gv~E_u#)lFRc4~K=uDi^Le-(gNInXx<
zBZv7=!2_u{z8N1Or5$PwAcj|8ZBk_P_wfC;B6{57+XL*S1@*0r?PB2jJ)A$ezKHMj
zPZ9$aPUsID)C<qHirF{xl+^F56V+QCB~AIfs4WH_v@Ng~c+dtoF@*)&0DZ;59!1K9
z5y_(8$(g`hlA0F!4;GIV=owl&l7doD0}1TeEo#H-2|wAj>7gN_mXBF<Tvsj-<QWJ$
zosRC*y?SmIhPKA}OEJp6&H)252!+XD7mUj$F#}}quw&5}kWL;NiLq!WHv^@{@dF0#
zItD6dFmH1kj*8tfDo67+H=gk4#@he*O{go-EM}bQa|Z|{pTHQlquQF$(}w=dK4G=D
zV_l0rVYM4)wXyyuV5vMSWlD&TH|vu{(6ukSkh8?=lm8&s@E?418Tk+JP){qd`VSr~
zy|R!0AmTqSJ9;JapN~3v9X;o@pK;7t{eAW_6QAT@L3>3Ok5-Q?mLHh($tx_bB^UGl
zve5kDz-W{b)I%gz7g2vdk)q%W;^Vv7^Rn6Vj1<Y7nRg8Iyxlz34?F+!vXqT(P;P-r
zpvHi;|3=`0oTL_MmxM;n<o<y@_b98~N{c&uBN~{p+D!T5posS$qa<6Iz|*5$8}j3u
z?jZVO?Hc?lFrNJ*c(&0);}x6W75X;HeO)P{d<)-e9lPKDx$oG)FVQk~WchTH1wq#m
zjL){thjr|_Z|pmEmgiy5tj{Zsf1a7ope^b_@m|k4!Z2)XN3Nq?%|hY2o_pSm&yQ<=
z_AqPz{$Xmb&wrk?-gnKo!dQOO?|j{g&+4&G+V#%<Cv91DzTl4j=j@Xk2As1UBl?}Q
zD|vIyV(3lud%JZ9eruqu2fz2TLowsy|7oA`>DG52inf1)wb$jJ#*EL9Z}c4>&|*8f
zt!w7HfBIT$=5{VJ$0f1PGuF(zGrrcExybswxO^{!IA7%k)~<Yk0dlbdmm^T;<oy#R
zwT|jCT#YIhMkq_l2l{7!LBIvzv<MwYVZsau{?5u$ied+uZY#>pG8|*P^K5qj^!EnD
z;&ZDNPP9jsAtolF{b`fBUbsD4ki-f1xWgDH=}}JT%Wo)UY50>?MjLhL$0c~tx8UrE
zH!TGOKas4r)<tgh-#>#}ZZmFuOTv00!&#C9PU?S1X1g2jkCaR5(3in!EIN7;boBfi
zN-6klh7>5u9ONHOxZ7_p`c~}&6Ya|%__qh{oj4=$qBTOpPuTa^Kf66r!B7|JeV0n=
zLxisDk{DJ#;aJ4hfkY^YzS#KUJ?Fv3|Fwr<<BuyW?He(^ppOA!QvH3FVo<M%F}?b|
zc%EMQ?xY?GjhG~d-Ff?4@!c^IsJB)OoF08&#3TQmv|^58MD>I7&>mt$rym~4yj@Qm
z@)-Ow8o#^E2-goRb#VTS6;2Yw-qUxG9R;)&u7gVa@CYC(DaqxkP_9<k&|<0P3eC5q
zpjLFlvb>hih}e9^4m7E{Hu@$5w@wf@9r36$dsE9@YnFUgCwN?*UWZ%wMXMXJX19pS
zX=v%+8X6qouOM_S9nASJ6PjB^&DPEePekA7|54}@G`@D5?L9*Cj1-S+n_m!`7b8?u
z{o=u#uPZb}p0jPbdgn%X^M{XS;xJzat(9$m<wYe?dBomS<q)IA4^Vuo8#KMpv(d3+
zOWx|xj{frv)>EVsEOPY5!g?Cq(Bc~+G*_n-1byzV$rMe}8t*@Sqn*KQ!)@#qe=_`=
z68ao(L{YvVC^RB!ef_D+g&&}v#;q2bgGFQB9)l#Xv=csYPpMY)`3N`+?C(Yy^ZLm+
zNnu3xRk*n{QJ$vRgISG{=86;y9crYVQ<Exbx2DQkNm%@cVS^tlXS9of-a)mJ7medR
zQlKZjwpa|eOKAPveYR2?-dd@p2FuZYT?&+NLn{20H;gU=(zqcN{=#o55VUz+o&H_2
ztKD}wh^!rApgnc&GFjziB>_Z6v<=%u*HQl=cT+`5dqoPT=cZ$?A3>W!Xb1z)gtb{|
zAVk|yNf4Uh+aF9RDOfK&v6fBmdXKUudyPD&RasN16|JH{MVG)|==<_F;(OsjJF?$u
zSTYjm<sNM`YN(u7S>w(AND8#VN1k@p-YNwTBue2{FQ`R<PtR6sMW0|RIXmoyVc>)G
zQOYjq<gN(*TN!-+9v%M5dwSr@Q}^H??16Dwc@~{_yS=WDd}E1QGy4z1GlFu_BP#-)
zm0aEagZM?5y0}JCr;5swjj7r#eAA2+T&ey^Li6Tu(6wn{4trmT(7d&zw_Q}<-H6Ku
z4q=nN+fBcl7TLAhuxnH8M`F0l!Nv?D0W4`OhP`K|kut!b-!7HaE5yPPLIXw#2+gHv
z<@epBiD4LRulnwL_;4VPi&6r;moF+@fy*xYq*`T%!4E#Rrx%yqsWHOS!7WEh>cf0s
z8}{mm+ocPEI}pYEFx)0QQNtdxBoijDXW>kE?n;dAEyv~P4)k2U$o&s|uqV6S1CK68
z%-P_U!zJ~-d|)fyxEkJ8nS$Tz&OYjKtrng_pf)$(jW-KVjKBe?50CLnSh;}QV;FmK
zQXfqE<S_We(6uXi5O#26J}$F#M!q=I!IdWb#CErxBfo7jv<ID2Xui*0(u?WC_WFl`
zXcVo$R{BR1(XQPAPbg`cXNS!N{Jy<p@EB1oL?5EkDl13zO9rtDj)jT-e6KP!G=aVP
zSN-41#oYU0GRF~!-C&_vN^x~AO*y%V@5F=&rO-47vzo4mAFhPaqj*%GNOM<a&(@*k
z_qV}_)uiy9;g(Q4HWQU?3}HxL3tTevn|S&qG~b;91AMDpR>xMUo-L_BDt4tR-Lh7i
zsvMQI)K*;kF#7G`)xNp1HhdRsnpEi@y#~ps)<)+_f%UvMW2Y489a?*dtc~6!Wy3aV
zvrB<9=|bQ$LWhSwx7uUkAJxkwWfW`HYWKR<`VT=Ds4HIeq8dfsl1dZr1}fNqkeXg?
zcuS==dL0pWEq@i;pvOsW44e^bZ}!5fKDh&5S}Tb`*jHiDymuj>dW~l5snJHCW|oK1
zgvW^ccV9RBP2E=tJ9jUTvZ3-`AYUtOw0{xbKPi+06aki<ch2e>Ep?5x|6X;NS8=fZ
zx3K<GglXev99GOe!N8JXH8&t4FN)@Y-Mv6KE&Qn_#m%pFhl8^E>>7@3iPhE0vm5Al
zQzbChDUnuzU;;KH)O`5ePg4nq?w?-beHpm1xX#`dQGJpgD>S!=%99=Vv&jt$!c|gG
zn^Ien*Al~zv{c|et7GqJjodS|w?$}1hEtm2&hB=*Iv?Fo!YxWE$*N5;DU1ZtVDQsK
zuX2(N`S8;)<UJw}f<#*;1GBWg5BbMl;vaiQ;{<%#4S!QVjf}t7)hjd{K&0nZ_>;H#
zC0=N}0#;nt)G)=HNAs&p7cwrM+7uBME-cseC{RtS)>6A+-N59HPWEQN8az`j1YW~3
z+(7wb`{Pw_2l^cB@#3Ncw%`i-56YSpHaAC&I&({^tjz4}!7YPis-cA>qmR7VYv4WG
z;O11XHrg(Q*Roe#R{Nl=<*#uo+hN&uNZGJK+Tj(w>9w~>;WjL<fqpEkW}UrVR(6QM
zc+g+w)lxr{c;pqC7<g*-57%oqtydf<&oNrB$6&p-+pylkZppR7cP+5FZIYJSi5Nk1
z<G&C1FMK!h-xj;%TJ1lCAA%;#<{EqUad}Q#wd(1BPxN%A;!5^iT#^Md%&{3Z63<{m
zDzLPKhNp?@v|x#VD?FMlPc{|~EX<Z_W95{?(vg&*Vz?9CMRVZ2y`mB{_@PHD;XSbE
z%C#GKx=C$lH6F0JT4~tK9xwwQ;PAv=hK1k2-qj@HWvtxR0L!)0|1#~na##!6bRO?=
z*Y_k6sHj^g!v!pcR};Q6p08bksoJn9mF^SUp>Zc|h-)qT^VXDdZ8Trbf8-9gQn%D+
zw{hglf0p{<ZYqWMUra44w3(w4;v3;^^=P;8<xO{BLl}Sr$<^Y2Q4Hh22@O97Dyjra
zvW_Oyq_EAmfr*4qwqov0xRdR@u7%JJ*3g&OuX3#@ty;@GjT@y}%Q@{{f!s{W-sR=b
zNr6?cc|I3@fJL{V(J|I2|CpEW#f9Q^?Gt{$!!@9vL`S8QNVU_2#}8s@>u{S_f#ZEB
z|IoX<*{8kPr$l}WY+(f2i}lZ!bqkKcuxHo8a$MUDO?FFxj<f!KUe|G<@#pYBs;6wW
z5A=@lr8b`Mry_ak?F^-Wf{={AH|jU{vzMDnQyA^b3VNDwbShI|4c!PM{9&b*zYAqM
z-09WYa9};aqfQU09S*w?wBaps_F9oR&&w3%aa7b&*Uw!hsd=K38?*lD1){bn)!n-q
zUt;Wqawc=!2CQeT@C3$%!I|Ub$}xBL8fnf)Ze@+!*d{dmk;8}#+eX-^xbL?UE5Lt)
z`x2*XnTD8o(wn_sLU}I`cGk|2f=58i?C>gQrNCz}%sHR4VGhaJA&GCNIZ{5CPJWVi
z$PN4bunvFa!#!>o<-_pDa~Ots)mh1P2<hW~-&lC3DPPL!!XD&>US%Slm0fNAgY*@l
zL<t0BHGh4j;@g<&))w+5O%E~|^E#BOK*&70Fl!me4aeQRZL-?XZS1qPu+KWpedf`=
z8Fn45{m>Yr-XN}5<ypFp)WUx~&1(w=M^JyXd^^dg>Ki8+LxJXR(6()=hDCj8Z*WRw
z%0nMoE7gZvC7_71vc)8YAb#wW_%rZ5qmdNG&@-fm$B7;uKMy_pNN5;Ek>-eGX5t~w
zh`_j{f$T+eZk+z=Fib5=l2ZBrxmfkU`nnX(w?$Sb8~D#F%x|asj5=Tv<1F<OVVYq`
zJ0uWyBkeBJrw^kH1W#s)<my;h82T`3Kkn~&`lZ(PwJ%%i^(gzxQK|-MDKk?)d~qS?
zb$uZ;OoGi*J_UsBg*&@2cH}(q;P@JRNs7>bz-Sao^$rro;C>tM>R9Y0409NUHkpep
z@2^zlaZVF-X(S#wA`nb0ns>i{$Jc~ldYgfNu#Cl*&lOQ1u08a-z7R}y1CQ#7NF!B0
zFtiVX5PjDqs!%tfPyDiFynz#f*gee%G61@Sc)q~xU_1Po1SdD;=UfrPPhW{#@EwCW
zy30;bFxWZFB}pOg=fBgKer7Y5Z}k31&Il%Qj*R4t;88ld$6z*L{QgZ06n9PPCsg=-
zI(b#}WM)hp@Ly1i9<JYewulS;KIY2r@yaE-7q9#@W<4FzUvjY6XEGItt~TNE6TP&A
zFg^^1NLD9cc1)15$8L9UpDm&fTh>F5f3#&i^!UfI^{~&sqw5LUQ^l83@3SK70H$>v
z))Oi|myZ{&w_a!sO^TWS7bEizA9AVQa3-<>Vw$PeW+U{w%w}B+nEa@}BY;YV1qnOP
zk%PHB1%{xYO$c0!Qs%jH@#!gDKNPGc=;(F=f`YQ@4kE%+Wp%FItL*b;_o78C*po;}
zq*V?Kf5WO)uFi+tEOhEkj%A%aeiiD5t1vP+jWA&;bHB)gLCQvWnjoO&I^N5FDJ%Co
zLi6E)cJy{;pO%!361)V&iiNqN>y)oRQocYx{8gE~VXs=0=~cgtp{R)z=Bk_&v)g5m
z1+u^Jr-#0QZ_Hq?3k^r(9EQ~z*L{Q(v+K&<u$(xNKr@u>Q8`e5aAt2@erD9)wwq&i
z&-*y?x8b4wt4yoE&9Q0R0QoxNV+X~4<B8F7nRh}zhSC*GY5_*ziV^u@Nv1PFXrPy4
z6&DQD&B{9@GAtTd`L<0Im6^5~*7m$%3}g8y6p9=dt~<9aHeA<fhU+?5xUTRx+M)Y|
z?4}cnel%p)fi_VM1CTImcP#5`<7^C6xHuY*>?AujG>Q#L7Adsiv_1-JYF-j%l|>3-
zQ3)u}SL_q$YrBb}c|X0;66jmzMQ2CxGkF8%s=mU^$KU7yGVxmrK(9l;l19K-m=C40
zAmFLnV#6iSe_N5&CqZ`1z%MluWM4g5)CXTAYM<^EJJ3JFDU0kZ49+1cx2B8Q-SECz
zO1RlL7!Bvs(+Ms>Xh6Vlw_0rvoPq^{DXf80yzhIGnjCA7sD?G;lGSh7BRNf2)%@E*
zOBA}hV>-(8&^V37px0K%%)O-C;_xbSoo4iTGFqm`x&uq?y#H5tGtO`*&HN>*9JaB@
z7%*ouZlF1vaDycR`$ttJT*!p9czQW=53KpX(=R>x-;ck3HT{1#{yJ;y|HWVbYsFt*
zYyZFaYpwW*cLt|FUEOQixBj)_n|{b!<C~W3ASxA!Z!+<U(plUbOJp%Zj~$WFV+6L1
zgdS5);vjn7F?|VDT@V`646l%b(%_jBu*#ly!iX!9B2k>7%9!<hyj*y9hnL^t%~)H%
zx308lxYMiMbkv)%#vRxrNPKHq)9|5^YCBP>*gj;>54Xb_6&ikMNEG(^qU*TDU0yZy
zgrwPA(#hRo-bR`4q#vz7;$XJ|UD_fALxUs*RM`Wm-n@_C1sI5Db3`V=BW(My9Lp-A
zlh(b$Vem^Yf4cv+nBN2KeLK5cMueQb9%UDbl|Er3ohRKub+X_|e4Ti**}W{DY~Gps
zDV}UM-#4Bt2ES%_W+Y~~&WITf3r#`Jh#B4=7c=~uQ5Z9fa@Ca*-$9-}^${ax_*7iX
z@F{D|aG1pm_gG?vb1`Ok{M&ZUTx_B`9Q0pXJ}~8}?)s$;HZY$g7P3&{OC{}AOmk+D
z#Mh3bNaCUaB8i`qX#ZhUa7PP;ssS_qM>IrjA4amnDf-bi*GdnS<n!cPQqC~q(oymz
z#yFC5{W4b9?6Hw39Gh-+!vcX$B<9W9&Ju}L)VUr^q0~xSrqF<u9c3(kWI{vc?Fd~G
zgAXh!A=!1@w^-70#)z9tQCL!ofZ5-w1F!aGe=Z4S@1t;<Mgg7rrOw_k5R$8;$IhX0
z3?l%Ks+R>>hch^xC@<8>f>-w_dSlDt7ciUoFdAHb7IMVwH()MU^_!gb*MoZ19`)K2
z#z5X`Rur5vE_0Q6_9oF0AEJwS0UqTTMepk@oT6R%;IDkBGY%iFKvdS^io}p*44RE|
z!B6c<HC^!i`rjS>`rn=Cf8T=Ne=1G*0ajFylux|cQaf|Q3x5}IYn1AW-m=>!H1`BL
zh6VO_!wl=Mj-b>M0;Dv&@Fh+21{<WVECrVFw+Kb82f6FpNCL!;Ru&P|>NM+%<qMLM
zp9-4|cz{m;PU}mB)i6^4vY0Orb0;~W-TywS>!G1ke**=>$FT6i<#{c#5^@7gB_BKL
zgr^RL!yui4dio8@s9|Zcdb!a2Xo{p9bQc^Eo_GUwd!;8^7oT@42XVa!4Zoq0pU*OM
zvoJ0^7wtqI<#SY0SSS<5YroFJSD?WN=>^*7iaB(O7dvVcUonS&><v47gMpxRBlzAY
zp+Xdohq%@0J)j%8mFk|*V3J3>-9m7BPh(5n`y#W*FlFS0P!VUmA+%g(l@sp7<W=Yz
z8d(raPo!+fo%*_P5up)ODW0pGG2vEac2f2=k#{$FQ<z~VUufQ>d3o2Sg;z&tUh~G@
z7D;{M1H&CADQ^%^OVf0_R*Js%ol<x@Z9WI)g<{-SKlr8R@we~eqW<<<`ti4y)c2+>
zDppRG)SnbQ=-hP&dITVaC7X|w2+iS=`fviF=?Y~Vgyt^txMP*i67DFj)hBL=ak<Zm
zb-CB~q%9IXN_$ED2_fonFWGz;&9(4i^U3QCJNS($Li15~_OWu;CgCXz{_}7_dW+$C
z7y5YKd8_BW9^K!+9{%6*yw4uqulHPt@t#**6z_SbS7-KrZ>;BCxahy)d3SLa=6TPs
zk>`B?{QCm8aug>AP3xjM8Fn4;YY-XJU_W~XISgnxuQneeLFcET)R~4-=O8)+sZ&lf
ztZlo6#&ZcY)tfxZMznmOPORksvA|69Ro&&v7I%29(6E|1Uy(vhiV9#;X65ZLu-XaV
zOtp;x!G3IySIHS8sh%-FfNW#E%6#~trj9YO=!StTG)4pshZ56Vy1ye-i@5T`)$jFq
zwCR-dW;`{N@()AV|6Why307CYX&C6zSXww@TgVtg<pD~QufMdv$OOXoz)sJXF{(vY
z4FC)$RgLO;gjO4QB~Zvw{YcX7FmT_6ImRq}pB+Z&yLJlzsL<F=oBF;KPr(O5Bl_By
z?|vIHu7=gjcaK6^!>@S?d=2dBjq{h|Hs#yH?XuyR#N8t+4JVmn@Ie@@0@ftZo`7wb
z=e{MOpLU`v=zrBs=$p8NxL|KkG@eRslLqn%Hi_^p1)hS+l-h}TEz8_mD*u%Zdvu6<
zvbVa{Kf2Mw)uec`DpTSJRk^YaX*m({HnZYDD#$-os%<Ll%NiwTYL)7lYR7258fE@e
zdzG3x)tvo{St7@(Zpn4Tzpm>|tijT_!+(i&@<DgOM}|^alx(+02)cX9fw;Ft7C`*m
z@6iAA^CH$0x3a_NSih6M1SN?U96O=01)V(~Q)$}bzl}jdQ>LXKSc$0kS9H3}db-5A
zD1{%josB^$1Ch<EY|zI-cf25)qG9M**RP>X>|K8~O5O_QCrP;Z*F`>O*Jni>d<lJm
zq;$~-0CDL0{<#Q#d91wXR?r7@Pl~KP>>x)12DJf!X+yC=8|}ahS!8*Jqejxc>y$cz
zCU9gD;epw%s8l>x_Eai4S5&H=E9{`zTv@5ihaYO{6{fES_4aQ6=FpAa#?}5I)`5xL
zt=la~xKzkkMzjt+`7_+1?8Pd=cM#ezYD=MihYuHl(ll4tQH@nTL6auIg8O(Fg!~C{
zRE>Aw6%dkr6YO}1RE>{PwRaO3y^^&W2X4&wVL-CCi_eQ}L<SKJ;y(egQ(__l&WFwF
zud+?7Qf!l}m7Iw%91~G8m~5|B=1;`&m>8jFm6~lLTh%5#`!_F0Dg7*ITi+$!8m*OL
z4iT+uedk`bo^3|wXdTCoSOd9TQ~~IQ-Gkp2+-Jkj^Qtx;h<%;|NHOnKJ-i){oIs0t
zq{Vz>jQ(Oev_^Qc?oRP=ccjEg)Y15jWn46Vqg2Zu2_$Nbg^V4Gk|&1|zwxcu_zmqr
zzFe~<mV+E+_<4_+@fnqdqu0Ycy+U)h<!TFDZDm)d<JD;N#w+CwFs}#`=+?@BwsnIr
z!lE~XvUW@G2A;016P5L1U|+9C*-p_LEsQ+J#BbE3lxxGea(<IL9Hh7rBfdg52&J3F
zr%=lZO&*#M--yL;%;3wLZlFLGAm1o&N8&erLh&1(tPj5;e&Yc~l+s7_OO!66(^b~f
zVk~*F8RR87W_fwh|G66p)A8sc>e}9iI2|zV9%LbDyL6fEJY$fw_H*%gn}J@zjMu11
z>0KR4$y<%_8Z{{!yJAI`rpgptw^^M{6)6;fg*&tygX}+M)3Dp4?2c+XZi26AC*sAQ
zb^o0yKg`{%-Q~1w-XU@RQd<sCu&b+-(K*17a)6w9u7*u~XAW|t9HW+ze^`}f%VDTH
z3_qYFG!yr4nn%68r(7#z<D2S!$K1GZwsA+@YAY{tAj!|!#dhovqen>oO}^s@y}+Va
z;FD!_oCj$fC{jS*WPTk`={qw)uxJyWKygCZ?#XTupD$P1m@?H4=YpTw%9Wio5=`y$
zY7aZHB3ZQPPpVsR*hXW_$7twI(P*!-WVF4!;gD}I5ISJDJN-LDOF@0`U*c95^=Q?g
zKGpPy80><)cJSM#8dZaSmG?we#c-QUxuy&<OwP>3jG!#Nbf>{<jn^A}Lh6L3Oa!qZ
zJZ1Casql|iX>-G8U_Eglq`;7@Dpom2US60Rc{Co_SpWkmTyiETAWJea_5?PJJKW-S
zbuJu->kT$I>09qb^{thrzU2->v)WG#aaGbr^Ahle7#!4xP^qvSKYHFkm0~kcC6-=X
zV7yA4_ypUx^3r~H^+Y;dY&|_Cc3)N+Ng8Qnxj>OYfAixamK1uL@Bm`lUmcDJ8OA==
ze*o=`9h@4r?%=-l!X{(M8(Goi>~8Vxh;h!<DKzwwH|7iGFGq)Upob^>_a+RZ=h15%
zJW?dCFg!(qD3qVXjB=qAI{GPw;3987mnfoT%9rWzA;cWTkKrf1n2f65X+&a5EYAx|
zTFw!w&$?B=x*I>X2ZPdBtyK(LQhLz;6FB3nz1xW46_t;~z}~YG3vJv=mR`2hI-GMw
z;eig!hW0Fj{gQeD{>(h#z;LOP@Mq>p$8on%XFGv^Jtxp1ViR4*{O^mdExxNP78mAE
z!1yo`sXPl2LkPPAqBak+oaOAjLc?#VkF7w(PCFMS$;zJ4{bKL{bP>4zR^UZvMQ#3<
zAd01a0iPKKaF{Dm>NfN-X1!s5&tiYiI)tHej~%+(<D~AMrS6`E?sh<Td;K3EvdTEi
z1~cqKLq+9g)Sg*~v7kYhzbk@l{qf-`Ca#oARQ`?Ns2nheK;hhuJ{e2J*G!th=_9UZ
zkSW~pDHsyu7mQr-!+P3(gu@{!+|dBf)sOHDL!|;5qDykx+YCeHKbG|`&lVuL$&wk$
zTZ|<%H^vgW$TpxQl+2)sKyGJabPY3uK1*iMdCUwds`Jncnuhhq!yu}jkzJqq7JId#
z(bA?P2n$K}&m~D5Gk|WDvJZ<w*#{N_=p~7!0kk*P0NM>_tOn3-kJ8=PviN!5WUq1-
zUgLiuB*fZ3Ka1Eu3lQlSgw%HNu{JV*ULRusg;kg9Q5G8((1N}e(7j{<MOvJWv^Yx_
zm@U+eX-lDZ&r?rN$<IVF!LWr6#Y8DtTWBw6^|`w;2C#?bXU3RA_u-8s&eF|7BOyj$
zev(&N1xil+=``U7Xd>h`!xM`H_qzh|{Zi!nR?8^*h<=iAp8O=3N=i@i%^kon8XLbw
z_EEuV9~B0&k3!3RxK`&Jgrz(Zltv@_2xHB5ZAWJnB_M%%=2dhfB%}y>MX8I&2#<he
z*Vr<tv_R|@ilw(%WblK9x*)|}@QLumU&*Sfqf8GcKV^~t`eAWNyFqS<v!yP!+EOF&
zj<##joO-RJMk%_sMp<&LVNG4tExQi+cZF^?tf>{unp$JErdGsTQ_~E6+XG6Rduzn5
zN=2YZIRX6*dK$8+)I&6`+P=ZShmek_oL9{jRpjyCFwIk-NrH@#?rl6|R_H#W-!hG1
z?7GDm%+tHyFCwFyHk&{`{DY}3le@{5iA9tU00{v{Tw}3_5(^*s7SS(RnT^uKbS6wx
zgDkO>g`Tbsx4G6Xye7szL-NG4>m%~Sv$VdON>QG0t*zY|ryIGAFe6Es;BNO!aB`t1
zfi7m}0bLYwS?VMqBfh?yc&=XchBf?x;YGRmK80apsyYy0l+0>6E+GNevYu<4rV<({
zLxKl6mdX#;0Z&LrWT{PESeh7%Kjc}#rLM&@UhA1kJo8=anfqeG<erPF6kno`VAA_V
zM#&)MaF;(E56%7{${^M|PUwl&J7)B`qcZjmw9RkYV!4B)n)nJjee9!O%|8l|e@yP3
z^3UTRume^A^H_C$=CS?kxv#}Me(sxMFppn^E{==8_+RB8Y^V*8o4CBzG_rFS1bu~F
z(-{|``@QPB9ZYWqkpY@iAP2$ZY9PIz(k*66D?(n@pGp#bKoOI`RG2?4`R~c5KP|XB
zQM1)Y7>7Rl>=eQfGFe7@NlL__M(<*n_$+z|VTIss5Hvf`=IwqLceRPz7HD@G@=29e
zG!Asiap)l8YLt99@QfpOk-bLojkBZwYMcWJ?p5f&8t1_4>3BUI57YIkUxmZ4B*p<z
z%mUJvh1%zzs51m@#QbrT$m%xyaqgz_6gOizRCoUNUnAGKAK1%yj8?QGg@eVZGkwWZ
zpg#o6FcCinR-jD^bm*m8>LDT)T8<)Sud;j<%D*t$jvADHE3&)_h$V~c@IM~c6i8|X
zOlO4%C(==hd+L{1>7Zjfj8K+;Wwn<73O?4$ABJK1f_!M?m{oK2hR=$)st(T=S@hnR
z3RPdw9~_e}a{JZst`V9yxtU+>3e%tVen0vh^QXn<u4Y}hKkcjYSCbYMuE6!xCx110
z!2H#uugqUfTIBu*KKQ?sznT>Bq9qTUzls>H`t7Ht{CB))qfSlf&l8p$;|VM8lfO!@
z-r3Xdy|G@jiw6BO^H(oRjLBb(kFVI`#!$nas26PnZX8idRYYyc8ni91ae#=};xJ9-
zfmLXAW>?Va+(L&=*!FAE(eBcMm8;eu8r2#yl+fL|crI73`5Eq9UuL=+bbGiqT6|vA
z?gy5gS}$vvYcakJR^mdDWv;tZuq(2bAA~Qu4U}N=uW3aSDpgN0nop+gu2$w3V+oI9
zq(D=3JhWqmWHC{osoi+Of!ATT*{0%Ay1wQG*u$D_0wX{jStua<(Ztq=8L;EWBm4#k
z#hqw7&Xh=Sg(I{bBjt2pK*CT@XS$a_Ix%h<FX!SRA+^ngcVNVVjKEwlH5-uq+6y{`
zh9#U476os48Z_T^tQ<*Zy=MD>ktm?S*(+HJqX+Rmi>}4WBV488ndpEom_#K@(2O_H
ziHG#PlN^}LGcg@cIH-sTUeCqDbp6BUS$P&rjd+!TMv~WV6M5~zLIW172`tGR%`x`?
zslVj81AdN4dVDMB>gpS9j09~Kl{Y9=ujv*Tl&P!%qAWrS(_7c475eJlI03sf)>+qf
z9%tPnDYe(L_*J)-I*8eb*GBzyZ4rOnNW))uQ;H}1v}+Ce>*`WGS&zh9@bg;e<^DkE
zcjt@GGWG-UZ8H2})~>AGLsh4ILbFVBroeh!i#yCHaw2Q@>y|1I%YYF~sEVx5DqNpc
zk@bm(#39Y~i6@Xlvh`U->+|ZLG9Kf916PmTtySPw8D6T{&N2EmAG_v-t$H(ht?IYK
zlEKYNuyC!8DkU{PcCWGvz;xt%^bob;UTsas4&*!VI2|wN;$_^rt-1P3KM99n4GgE`
z4z1jQNxM&StafgCb|-FH+?PeGNJQX|c=_JELlJ!1q6v~}n;<E+9N0VX+cN=lOivCl
z)%g=>?@U16>dA572?t(J$LqM4CZy{*KZ)*6<g#dse%biua@tRJnekXJEQXuyp6nj%
z&+w<2@KOZ4G9Q+RZxilZIPhUbW8Ws+xh?ee7Tmd;@NGcT;Bq=%#+}=euK(q^aF`O4
zMtHIwP4RGjmXXk0WjKNwqmH2TQf;^kR{z@Q{@4;(`C|+>&~1hrNSndCwfsTaQXX5X
z&u%fiM<DD!dxoJ>JPfyu0={p#dIGK<XIE?SYSjDl7uvyI^8Qr7GdI?sHl07M7UvI~
ztzCeDuz|h39;N5RcA>f3*x&G>nl0JGcZ55rAL_g3m_g%Rw#~5E$XIMvsx29m5Z{FP
zdP;Z?YsY*&t^SuxU(f4?ujf>P*YNeMGkiU57GKZEF10rt?u-9Kc#FM(-elj9#uK2V
zV~APr>d@f4)uBOju(7MDDuq<rtWI~+^c0*RNxOyWdw^JDgd`x<pye^VonozN8yBtd
zYMJe^o)p+H@%d(2QI6q58DFL3M0_aYVMou;q0O8_#CN;{PvB<GLE<|;9S_s>JD(wO
zH-~W>T+coJm#M?O)M2lBEg^=&saxzuKbiee%M4P)6+w~?&n(#Z&;moOt=5W=bLm)3
zT1#EmzhrCHQ~g@<?SDRPm2XK=(rnFCuv?K=ImC`28>S#|{#3>nC1oZSzmZM8h<kfg
zI-X#R5wGXsVS2yuW2?jMuJsGY&yBY~tc%(oR$1&1>uYxsYAKCiWUNH3D5xL%G4x$c
z#${o;FMiR<at%=#EMkLhI549Ai{UWpo8g69Bdq9I+Q?0nxY2rpQ>s!P`slnBmzJF$
z-&9num(_=&7|F-<-@JsVrrrNkRMQ;@Dmv~+&4r<w-ep9=&eN^+&<*@jShiG>Axl(?
zf))(ZXifA3`Zb5n5sc~I4%cw3HhL7p^o{;7On0&%fwmY7(^=sd4AU%bKn&9uJiC9r
zc>ntntnvO&z8o9xe?GkN{(}Ckc;hVS-@qHcHNnizLkhT;M>7LrjtdPxprKtaZ8|K4
z+tIHSwLyl4lYAWp^}j7ka%~U-KQVF!?4|WZ1>EA#(94w9&34^jLL`@!D>01#f7>w$
z1;(+AoJXEjAX?0UNv=XtunLIFoOIOby-(pxL(f7#Aw?h-p?uNYWtCddam+brk@#*Y
zqm$(vfK>5d3`%(w^+7QDFioV2Fw}=S>_bJg4|P-=(&$57y8fPKbb!H{3k`qejE^K}
z^Df!Y=_USfrJ8>{4&{93i|4^5rtm6WRHX}mI`_c(Do1QV2P}I^WQf6s?f(Xm(ivKO
zyShH=?UT+h?)@q8(C<<E=!NGq)Kl^<NWt2qzpY^@4MR3fq$l@-hmR?RFgy<6kT1ge
zxd06Gja^gzX&C4)ZkgCG2D(o__f;6^JDk1Ie6W7-cDsHz5Z*3KcR!H3qKfPTJ>aEw
z!BGk_Cl+2Wg~eD2`=A>BFHP?%QDf=>eI@^x{k#7m{;^-bK>jg%ApU`rn*!Gu3*pbh
zLJsU>ETmTN%R>Ho!7SvqSQc{Cg|d);J^nE&hJVO^_$Tm>K{5PeS%iQ1?zYsdAZK2i
zJtnXqMCo5RHLjyVg9k0vnEiDCkr1(T*>0PxR`t{<auTesM|xy+F#fiS9azno3$^AQ
zii3Df58WGA51QZgl_e}NsaA!h?<r=b$s}bE2)d|+7Tcwc3d0O&;Q>F7<pGj%1hXlD
z{ujp6|6lb>|G#dPi^*ZL%Ehv;s&A3nH+jvqz7Msx`ok`q-fv{|-U;;n^OZpFfpFUO
z%hnRbcN+NB=dE{P8<^IA_US*5*1xr`e_G$P_bX}rk&FA(yXZsjPyOO+;;V~lDeR-^
zu#8J-ZN=iPPwUbX^0_E~Aw&Ebd~KkY_m9U>PhNo<d)^6sX*0%@&2Y}`C~?+QnL$}I
zNt+D~r+rFpLcMWjzF|gGYe5ez)Eg4=*%G#b2P8-8CVt#KpX2;vqX+_HjQXHr2Z!%&
zFB!#!o{vElXk(xPv)(K+Y9bmaxOQD{Wv<-%pLpW+b(KQ79aJ$Es41$2n2!E-v_@j5
z&@h+`03TrRlu;?sh?@eXoW}(8_)3YVMLsACrKfRMqMG`HJyRGKu-EEZfu$iSpRm}Q
z?9-x>I?N2IgMJLNV@REEBDPRY{TJ$S?(>aj`5h6x*OrOJLE$#Lk;!e=<NU&`$N8f*
zQ;eir#fdctW&Vt)+}2MR(LTovPTx4RHyn%S@!zTsC<Y$3bH1f<`4?EekoP@IOxeI~
zh-@sxZAh*As_KE?;lHAKAY(U;n|;rOMn%g7CeUe1SwUDz1#_2Se=PVTtWaPK{zw7h
zkCeppKZ-wco^pZHmkwMmP<Xt7yU?$Q!5?w-gFoWvAAh94z#n;-Gx0~xQ&#XNX@p$i
zPqUznd|)rZvVxDWOLwGMKrNQTrBHI;!h%<HP9aQ@15f||72jgxCsY1c@h!xU&;1|1
z#lIB3MfIvF|A%i;EDQ$j@Y>+M^##8|U(9{>e@I_^^P>yY7jGX(U+k}5l2uU*ZfA<3
z^if|$vEO=0{VIxg$0~{k(cd&cy`--*-Yrl64~=)lhyR26dF3`X?3=g$pMHKJ`uXx0
z{ru0*{S)-_dykn$Ow`Y>M_^{dzWX|j>jr7l5h>geMWpm<ey7;c&JrCxnaQEcqx2db
zHQ|*aaijNyzy}tiZ#o%$cguM_Y@rMmQF8}^09HV$zs!L2KyxREI}i~Fg7Jv&uVUkg
z^W&5~BP;Ft;FpV7AB_G`T1<Ifd~KKX&_Wjfz<+#U`aZA_rtr(C@S~7UF+r&EqZUF9
zqN)*t5i~x&1FhW@3}vx)>xecR{0yxCSIX)G(S3eE-~JTtbN#<-1;~h40jzkEUtte8
z$a3ORKb=2dC6g<Rq?cs<=YK5X7$b?bA{_sFKQ`l%uVp{TjoJ@Zy<yr9b}WyvAM~SN
zzo1=!e$5<>nw#m@=n`K_##FqH)9Bj3pz#v-4m1!EXuRiMGNAF|_aAVb$uda5nB{;e
zKD(`oszw6o2P_UZ*pn2K;xn4Z6r13IDG^mQQ54EQVktf!$;#&#Ns=yRe<=pfC5eqY
zd_%G7P;h^e-nkj0!rC#h=L9GWNf_fpX+)r$=vD6)!EP=`o$^{cT?uqJB+c)jm=rw+
zFSD~w7T<ALcfN}`iC+?Vm0kONH(K@*p8pDcSG@r!_4k~Z-~#91e?R`lr>BD~l8!p?
zYCJ&b<m&i*n*Q}+)$sm0B^CkZ#V6ANJr)E#c-mQiE0gl(y<@1!vXYBxvKag{N#>6m
zs&ZWQ$#-}VhW?Nci7a>Ox4%}zVL1?^6lLXW%sNrKVhR@;gXuN%R$yMv3I9+d-xFhw
z^U>Z&89xV>PvP{N*ONs-e`N*B%=tqj%gh;aS2*5Yg!UVCy3=ZB83!j~Y8#Cg)#O;D
zNz)K>(=J@ElcMW2A5KoClhdOo%i&};otzatc}L93eo_P?I)uWx+x6x@;5YB=@<D@G
zLa>ksfd`QysO6JJ%UOL|-frf}>GS?zntbLi>w5Vc1=e_d6OXI}B^Rn3WW+jy2=V4`
zaDf%Ri8Zr)SK>C-k`4|+-2{g#>3eqi33D32hUpmU`_A)t3lNSh{kmkld}n4sJID*X
z_!h@wFe!$kdoo92m~48Jhw1xR{W#M^n>?1c8dO33i;u2@HAD}Ff!{4E@6b=Rq#G@W
zDWcN59Bs_ujqqV5j9=sYUNb9fR(HzPA53BhtS<#TTwi||iw`?9K>cSc2pg;aY=E#;
z@C=0Q8wPK6QrtCyqRQ(1_Pj%(J0kiTs5lqE?~;zYg$0A~PYt;`<znXXEH)mGcI{O{
z!|zQVS6`GJv1=#QsF_o%RNqv)#ju^!bRNfMB7yK;C`+3fj+Sq}Fn(s*w=IRNZ+~+D
z`}Tl%YDoj*sm)k7<^MIFS~?elr}nEiC&uEbY0Xpm!&BS2_S{$Dsg<8S*Pp)kg|&XJ
zh_%t8`bWtV=hHuAiZ&+L1dHmiK?)uL)q^E(51@Jsj|fu;4UD=#`+H0Qv6~9WNm4*u
zF$&0b;CXiu6SU$9g8mW0nhP0U%4Fk9l3c@+{Ztcrp`?=j48%lI-q$y+VT#A?@1f$c
z7tg1Y_E84f$9AR7|9XGg#}NenBh((1`WF*m;-p%D`Z$u3SDD&}eqQZk?!SD!+#DrV
z|M)uc9d{-Y50Lb-Dc_xW)rbg)$aiBb%Mj(ew*v#ncY-59a8x>kq1Etza@(?->ZftO
z3ACsY@T7?m@b3cwe~S@tcRT@aPvmA1?f%});qbC}|HD`&tf>p^XhP239w*V2GKr44
z9+LWXJy_(qSl2@mx*k$jlk5f(8k#auy2}1gLQ|8L#M84qX~^pujo%KROcL03i~UT<
zwq?2nM>!`9<%BH!J+vHlnb#>eN*to;mr+C~UT`omtR)@8)LZdDc75)viPobM9Jb8J
z6Umfjd1kqj1?5SmuYg3b$a7H+lUxV=%TYX~oSRSn8Y_x<c_2>@_T#b0@2TPRF{jSO
zNJk!1UuQlpS-lQjV~Fmq<Y$tWE2)Cu92r?G?MSwi$NDE*n9mW`@5jM_6>tTHQM8w(
z!>A?30@G!+m*sM=;$CiPDl1@B2ptBp=d!@*1fMf-n)eMsG#Z$hSufqsg)S16$$2ep
zD5WWb;KzCD$BQynOU4=pbtcvHGKf+suN9axrUJ*&%k4n!ucum>D{1*oC$i~8R6$!N
zkVgWNz=6m(eY{Lqkc##Z*h+PBW-ie&kFc$$95~}l0zsO)4A}a+M`RvW>^U*xoTMBC
zoiwT1m4BuGa!`#Wa(1Cbh2jfWVIG~((2VOss|e5aWc0W(`{W2AC>it;-;<QoQNuBs
zNh+^@vBbmTYGv>rD)w{%^t9^+L`M)7ByDZ4;qqFnecl33*#u8m)41Aq1yHdr=p%Gc
z1P&V93mdCw80Q-Yg6rIjHOeOcPH2sEZ#AMNSzZ<Tb6!hmC=QLtZ;_ObF-utFb)@!z
zm7<j-_dh>Gm@8<AVVNy5CrMP+iNQlap;z@kNiCenk{g}njGvuYWi_a!%Nbt+#U7qb
z>@3&9&Z<S0=(||=!W=CG{*3(WQ;9$5W%f%uvtQQf{*lJCoYpT|$@tih;U%z;=SBEe
zTVy^={w2!%A(8xut1Q;D^sf8EW<80%@3ZX|1B-Re=ZHLaN9f;iSlM-L_-?kL`Q342
z+Bbg@$5SSEP+e3?SS<y+V7&*wVkqr-EuxZ|$p(;RJ7=6isUY<t%kpN!XqqKw>jcu(
zL>x;7QF^Q?AFLA<5E0IKmBUhSpRGzQnk>8S)nNlOtK?q&jaIhSm%_c~hl{w-;W7T@
z(S<&GrFEe@{30t$$#AMv>@N*)6(V$)<BRWym&+#bYw93i&M_nWVd$4I!U9N<p+u0_
zaoNhaY){88+hzTX@1lSD_?lt8v`qVs@26h=JsRJ$HCoP#Ft~?l#hQbATE8{O2Dh%i
z!To!5a96Zm(BM{wqxG!J_ruFEz8D6#J$`UMrokPG(fT1<l{Wk^8{YWkYv8?h3_@1j
zQDMh_+Nl1#T4w_h#FwP6&|IAQh@Bn01_w-VDDX!66HSjSz+8iqs8CRl!>|{sxIhn#
z-hSf7`}G9#L?XpQjl(>z{|r~4y2<NFzpKDRKV(#cDNS{seq#%I8&Md+8Ws31z2-k%
zoLfnTr}&C-eD~4Bg!OHIsNl$Uk%k>!l4;YE@P`L+{HELB>)qtLV>!yK-od0Bzo?<S
zc+g3AEib}k!_VP`qIStMaDh@Qk)N;IHIdWxzre!^bpBigmE}&y56nVUKV4sEX9YsC
z^obu%L|5~f;~;EnNn?$tJKnyOJ!$zQe8rRa3V3WXYrLK{z9`aogwgnVY<#!T_`~fJ
z>Fe@N=)d}D6@A}7P`=ccu_L=a;z|1KR6PxU6lLnkPa5NJPIYmCGrVtD;|~951F1Kx
zpIlnSv5L2JxE&4=(w2%?T-IB`tzea{ccRnx%nx1I)duM5@)zJVUDH2@vn!|*gYjk>
zfxPV#jbG#7S6@7q#}3{$l;Z+*Hdq5CNmSjLCDcnwm_BI55PaZ$tIFZst73Do&>rAp
z9X#-Q9vTB04)P2hxC8^CMQoGqhL!6E(KP_7U&EK=o}Q0zQ{T=ka2*k9j)Yg`?U1$k
znKNYVjm(W`!5XO#hBXx^unCPibjcm4v%{@_hFb{*1jUXcXOD|7M~+V7kz1{?2Tp~3
z8Jc@q<7z<)Dy@ONE!mq`ner`rgFVUO^WsG_SI&TzHf)(WaLZ>`VsEer&*6wgCgImr
z!0v>mJJ7zb-fMFQ&KkLfZq1W9t-SFww;-)#4^SKE0kZJ>-3z}<I+}_=#)}13J7vUk
zh<t$KH>ZsXx%2H}cB=<A;N^-7Ub6TSzKzA%s3p2MXDx{OzDq)xkyAju=%jxrj<Eg`
z+~n@4upz~O6GR`DXcg0dR!SX4hde81h{ErCguowr!{Oze1GmW=nKN)*UqtU*I#OxH
z-la#*-|)L4uIu4m_DsEuy@be8*SFDXuT5HY6c*uV+VuPN8(%2m@^*BEF+&A<g@G>x
zh%cRs>J$7c`iAJeP0^lWa8J%Mw>nK$PULOY+n#nIIr875U-V~M0lv@3kTuEGjl1z(
z>eKRf|3B*91iGneYXH9KKvSk0lp&%>fXJW-El_BoXagzSKuU`ORzXF<T9rvipvqKC
z16*SSeU3bR`l;`U!*dn|0b2?!pdy2UfFdB`jTaQ~S?1>7d!KWYdy};C{`Gz9U%zWf
z+k4MF!#?}$v*(Qy`*JN2hN&l`FV?3cs=m7)PUav*Il~A;k@gmGwMcnC1!TZilQ>=@
z{PUFHhJ2(;J>^>8FAF_0<TF(Vt$=reX)yegBtDi(U%z0VNXUIad9i)AfKr%T!8(>-
zuon|vzfJhdMwKVni(!7}_{8Z&&}}bTe<dOd#jh!?Cu9rieN~G2nlOqQ6{m#gK&+-&
zpZ{X0DRDz}jt=$4_-xwj?R=xoRv`9O@Wv6Pt|vqC4X)TS1!m*F03SvawV^WvgsfpO
z$eJF!lgZEGZnN|NdNY)4(&{qkpAN)Tp|=oH97AFX3^hiVKlyj%{ns*u4^0)7-Z!LL
zw&ts8hN-71{HKDJAN?YTy7Kvz1GtJXASuZ479m`Uqp<jhBfuCy0NX$#AWrxa0z&j(
z9nov*o>sJ=6eWZ2+Dsr44Im;Hz+juDzrjpvYZ1Mr+8Xj~47`KRoglly{DN6iju+B4
zvmO0$%>#(fP1YbjXWfAx13`Trotil2DpPi%dSdXg+Q#i;FVTVI2e<5TIJiM(So`oV
zJ}lCIcq4vzLw&3!y>&g)q!%eyV}n%I^R3jgJ=${@<5vf?WVq^P<BM17HO2hbLFn#p
z_2jVt04O}BJL!+(gbsg7C;j2$x|5E+g36{neSylr&3fTK?5tb$XWgn`S!kArm?^`p
zN-~fqb)Gs$O;TskLxv%W`W!r;tlp{K9)bCp?R^DxROHVP{E2MVj-lbOI)Ha*Q9gK%
z*=0sdaYnam9e#Rw<j;5TPx5TzpV^eT_!)KZAnzbu-@!ciB3@s&=vX-^JD9h|95d2R
zGWK*p*J1eiaaCVb;}isL#Dr~WuG-r7o4r81*#19<vs{Ap$UR(N;}94>_|sRoDm;_e
zHB&D{rfF6-((50UDGxY}^BISVYRbC-!!BT*qat12r)2Ez%N)>9^Lq!A$0T_GtIlPX
zYKIfoSZ(mXGU&h0qwgN+uyewmyNo%LaLH-t&lbso)C_HgSSV3dGcmnUvuHiZriSE3
zdq6ng)g*5ZAk2SPH%h=qGi%+Nmj((k%Ibvk1D3js;&<zSKZ>#L7bDP$l^<V1TW1sW
zPjLlqlmcntA{)G&NFFnz6?u$(GU|mz$#>4=?Mpt1nRV*C%t~lfS`fI`QZVRVtLT3g
z_c{n-D^RUsWWCc`0yeKCqQ6J-{Zh}r1XlIpuOP9+<hyO2>Byi&w{W`*?VGX`9=S73
z#%GeRCJ7TrZO3%uZSk873Na0~c?)`kMtxHrJ-yv9t&01&L9G~Rr{^Dt#;~@4WOm4u
zY(n4;a>FfF5GMda0|W00;wr&zLf=@cn^}a>n;IFw5|ASD1YxPuKBUHJA4&;>B=l;4
z-T`cMy)iF{qX-8NJ+^?v=E2k|8<69?0|;fsPO)Mlg?F^JyMq11%&_llE0|c*6OuTj
z2L3<i7KfhWiJxd}7{;A*MqE4?zH-#26^%?zaRm!g@bZvKYE$e@x!-w@&8SWlAHNne
zPJfbOFLB7jG5byv>H=GG{|a}HGpuF%Xv;KcnABjymY3QvsiB6QVj9+&5;O#+tJIx?
zbvzeiM-I6+yh_ntP3Eugu5aK~9e))8k5lexH$q1-T`F|GOEg7Spg;1zyrFy2DR<5Z
z@v*JU+g7=8ha`~376b|@&^OxhgfwZNl=GeV81s2Ot+aubWMZEHEy=wIIH<g~ed%tH
zFcoheqiYws^`&_g8!mhw8Z`HdPgMdTDAT9e*a`UMfB7OSwrIw54TL;Ps_AkggsxYV
ztC0BChThR00?w`>vFtzx_GU}$8@GH`sp2ocP4x0L{_;?wmrMA|<B4A0&tAr0z><3X
zjQjH$hx89S@rS?bA2#O?|BPE(5}!n~`UI2snSa)<KGN4&Wjj5r3H6LVJgIzk6>d^>
z$icXZ<j))DSH^MX!K^&#2j*co{Hb<|+*((6Wg>5}QekEagSRI;g~+v5tW4#PpPuZD
ztG}`6*iyP=!>D<6UpI$J0aw*0OP{^<Ci{<3bVR9Ax4hPl7iR)WXLD<WhWzjIkkUy+
z=|%vh8%dO|$VlmmnL8I|Y5`g|IYR3uM`+#9R1_!Q{R8P;ekwm(u3&31vyKR!+l&Nn
zEBt=~2;Lb|{-Ujt$Zk<dzP}Dn(G0QTDio{5Pik21g*+U+EI;!|)Ssq;)+GgsQ5V|<
z@3J9*DP1hX0-i3-hXkBm%y^?AQdz{suW2;Yl%x@fB3!PyDHj4XGO?Tp8N4vi2}9cm
zp(xk2jZg~KRETNnx%8%`m)>+j!%aKIG%ZTlltbrsBhl3!kH^9+@_^XKxAMmkI65&o
zlM##~8UbVMDh6Kqf_q(h)6SRPv~6Rs>B2CFY<Mw%=m4*vqlxS*_6ofgIr*mnIQdUY
zVi!f*FC>hlWG4&rkLFCamx=z~K(s>FB{7wt1<Bdqc8o3!=j4pkSY}4hGOg_0-SO{`
zdR@j}PfPsz58m^`iC=%iUoTGl`eXk3$;7XpX&0gC97;=G)mq}RO4_o|AJ;z|%^xn;
zKg@00;6O?SpTx?<lW4_Xf0X$3Dc*Bs;@7+Q>n{_({-|x-3V+bgyP^&Ie6#-HbpCK#
z^da1Tx}J2n(B(Yb6rD47aw6*g>|8jE_qmQX`j4E`b$)lVzNCen0aupuI$(Pd`HG|*
zbZK5Z3K)i3p=e}k6DcU^=pIv0z=7S0JihpNHZeWuxFJI`UnQA7qD_%V_o$M5XQ64=
zXj3z#9io=N(3p+w+Q+n$_g00-Vpy~k+Aek5(~a$$B<hzh1K&C240xQPe{3?b$(6zv
zjV|w3A<^>K_R2NN=gk=dR)h?g#H8N2SNCPAprt}g;28gC#pQj4(98Al==nrzc(FGA
z1%~-~@!i(M?{39+yA!_~jPHJpyo2Gd#NieFlXQG?Ji&wn{J1Gb&j}H&zzZFi+}v-1
zlh?maiz|QKan&XH_`W|cuKaa;KL0cxn(FRR8I#X{nu%)+a_yAPe|3b55#Oz1o+7o9
zZx0C8&C{gyW7&VHuAGx@aridLRO=RpY;(&ODd(ZP$0kbcFTNWp@NYreo7r>Kh+qoO
z)szct#4e@kU+8PP4?v+NW$u@PQ>H@SJykcQ`9}w+yydxq11Y%dR4tkdmTKlft|asi
z(+So*w6!EA-*+n)%Xc3bZE?tBLGHw&EMqZT)ryIn+&O2x`|yu~oO(~Tt~;K85VNeH
zS8tjlPzW6qz(g?FN&$6%Sz8J~Eavg9FD*mwk>((SUg74s^UcIG1yiaM=g&X>ZK0s-
z*?p1n=U4s>KKJkUw!{qL=-AvFO&sKxk`FyA@4dpDbj?pOCtcw-=A>Ji8MWudINlQe
z{P^J|;m?B)C%~WT*!Z_*#=n_<=e!h5?YtOMrld(SFv7mt?xe*TN**gpyL!^gO4MR#
zsU(k|p(%ZMaq>3Lb|<;)`dghs1O0FCNBfs=v1sa{n&CD~z0h6x;35t3lfS`1-g|}(
zvbor)i$|x<@8O;MYD*P)Y!~QgZg*w*MPmNPhvvYC+#bf;XX)DCs<ofU+A9(?r|*^p
z2MRIpGsq9!>B#LN710G2huW3}w1eEhDivQK!c$#<833i=_16;!$(%;wLY;DDFqh0^
zHjov%lU@*AiqT4DAs4t`mDOYV5JQuv6m~@J2|g4&srZeA33qLRCmj<JqwG=aC@-{_
zT*1%ZLq02T3n2P2Dw5Wo<mNi%tHr%oU#J77f#h>aS)L%so1m-iASpam!^Y~;QHab&
znLVzLfc;zIwB-ITQ3+-HlTpLpZbmQWWB^{c$Q*itCV?~*PS@oC6qo^w2cXIO81?=h
z7gfUY@As4z1o{^Q7AP*X;L{Oc1BZ*OD4>v&HCOm&;02RSj=gynbPmg)@Jr2`nodT3
zW@UJL<U`$Y8lQPwhCeoTj|pP-9j=!Gm$B4DzQNPqYg{HJ!vKe$a(*_5rRUj){Tuyo
z;UjoX^OP<41^TrkT5Av<^9YrIQI3seG~o#R#2AZC_)iaNi2x4X)JIV5{LegPK?mI?
z?cjJ~QEIOcqT7JIJ_EfmdWg<qdVG%k8_vdEk3<e?_43f5o4V-Zd+_`y-QXD=kZF(d
z1JWzrAHj-hQ#=#Cg@CU!m@3sBoNPyyA`g$e?_9dqhDycOZk7jQ8wH71x#Y?Md57};
zIiQ}Gp?Rw{23+BLWqvlI6na{gSuw?@lbJ}<m>Xd$l(8|w3{M}Y)#OI^e=@&T3Fi01
zfJ>a8wW0Zq!$c*!8I@XA-XKY?ID>n2b1AfXzg$N#gLBK^y$RJ}ca82M)c7#NiODU`
zvc?e8>T~2+tIWNb5Dgy{J;CT}>CG|p)mK}l+>Co3OueuW2TO)=N)=lXC!F2Ra6;P>
zdWgBd;ag4>LzdgR(BGk3ZtkMdWBNO7Y~=61y00SnN3g2I=a|qwvrb8yiOOloDy<oI
z-;{f7)24eQ86dpIV=I~Noi@1_{MAuQM$%l8n`u6l)zKs(*i%hjH$gpE5_=vN(UQ|*
z%o+xZz;Ii2qWU-JNjsE%jal4ug{nmVA);w_n%#kWffM>ktiTe?-04D!nm|O<Ftyb4
zLnF;v5yy7C_!a(sB?drZNr40E{gVH<_sXboq&@zf5&gTj!C3NHw8CS((rYF!(V)I&
zX!MG%45X4CX%rymQqA}FuEk_nF>pw}!JXe?G%>NQMqGBL-cWf{dFw&4l7$XZLRCg@
zUMIsI;8(pr5xqfBXB5aaF8OO7&x4mM4`A7iX0Wc0<wkS@=xMr}3p`f5QEV~B9aip)
z5|Z#pnOPQT&@8J5{%pw{kmPYZ92z5q<ym^;x91vl66Tdc1f`ULBib@WNq7B4loxAB
z_YRG<qI-wMUbbErfH#8&|M&)Pegh#pB6{1n(Edvg$3-8G#rmi8@b2ityWpWr52r;R
zPBq?gw{i1NOT{_^F07Gp0aqg<4Ngyo2Dxz!aw83PV}tAC8eAV~@G&;HIvlaz+LT$B
zb2W~VGnZ|iRp~vKSx{?7IfaO!w>^LO0X&S6m&&L%**tr;C#QU1Z*M<JR>%mwlDq;_
zGaxZWzqeZLurJ;}9?0QvxHZq?iBeND_hWFc?6FToj3@;zZAS076gDN|@0EX`XQP#D
zWIR-UJ92Ru7!KAOzs-~UJFz24tazMmUaGgq^1=L5U<lb=3iNOX9yF5>g}z8Av}R{#
zV|}q+@!4P`o(<-Q6pS?9=I(LIm<`4gmknka>I&Q_BLb37^qo!eNTDYQDyJf;U@(LD
zYWCX+L(>lG{aT~dOpz0P=`ECUwtGjo<R5Wn5=C|&;eHi)<@3zp-sB-9`oBR|H0Qin
zF(etOXfg+Ui+$q-s@wul54}h35@YOe75=DRt3U6C@kv0#vD2hMPJ5BZk3(27!LH5a
zyI}G*b(G)GORV^grg{bj^}y1*P|P=uQi&87=6l^$cIne-hNo(=VkJ(k>U@giJ8z=P
zVmnH`R%tbltVok`zLvz{XE97f9C8-;TST*BPfLvDR#rZX^4%toijPZGKVcG}4p^Y1
z18kS-&dIfVI>ImL6pH?=;&k|bVKTX#5(z(p`9lD%B$2jQgftZ%1HCQA6e2DYAVyDn
z#Gjnw&(HNNqMqdwk}#jpj3^Q*by<IfL8yekGz<zN1_98;iX~WiS*}OD8u@<pvm2!O
z6nlaErz_`xSdoKrQoxI0{1$rfDGZP0w&cC;9wCt84@$nXd9zTj5eneUszNDJxJusa
zJD9vC1s{m{+bN)JGi6mWoxlo!+g!n-3_N)y;_RIf|6FnUZ3p3>yHAveQ@$?|zxe|G
zXpavp{6Tezcz!GVzd`bCpkyW9FW_lai8y2PZ}7`z=z77nlIVSFmQ33yD<BpI{?7Xw
z&=k)DZuytYol4>ST%iE=3X5;~E6bXrq5Qh3>{)?)%oP}m%clBylRuIKSh^>tAUW5r
zzrSkIdSe8Cpsgz~n_3QpmIcW-P>LO__X!<gP75=3UcZ2@SiQ-TN++I2Y{F7GJ*s0c
z`Bxz^CR4!RARR)B`8sUoi2UPI`atiWQe3quSM%d~$8MyP&Z}Wse*m5p<XrUhaASz>
z8RPw&7{4*O26}d*a#-mBiwbQZmG0mX8`1M8s|Ws&w@Q>tN?v~>=922oUbWP}n#Nw;
z3(u6%o6vV?@Ob<^AAU#o82NX#tBSr~@EiQC{N~9O)YfV<HJx%#@gHv7E?6{y|L^lz
z8mdVWGQlzNvjy@-m;6=KD}*i}`79>x9&TQTq|B8w+#*&CFtL(EHYz^lARng8{Y*cI
zg^EDb9TjkAoEZ^lo`Ies1p(mV;8-g^P^2wL9pP$9`G^I<dQ?eOXHzICNzUFm>qGl+
z2mJeq%z37+!@kv4QGR=qMGAl68H?vlB9R)U5qI}9?m+YI(Xs4y<v|+D^OXyh4@~qU
z_oKgS+4^-RA>JF#^Kj@zlIBy;0ZdCq;oq{L3vWO?ljwil$QdIM01?U1<awgTR0-+E
zR2Cc63s0F`8y;;2iW$rFbf@@6eKhU5q(n3P4(q?a+^7KlF>^zc?gcD(1DY?U=AEO>
zJJsf$Va$D=f<J2nfohxSdy!Z{dH}w-td+*Vpg#0u2{I!4LKo0R9d!Y-DrGYnhhiBP
zpKox2y$Ffw1Sw~a_{d5ki(eO@ICjy6ad)RB3{(F`@h_){2LECNUe3>=e=K5Ha59V2
zX2tV}v&~(^OT!*jOyhy4LXE%V3nzJ-i=Q+Z+^ZL?H%}cpCk>9DcYx}EhgtYgTs11m
zcd~a$dX=ZE_=)p|i&?$tsr!bo?_@80EJ82Iq8|+$<u~;9re#)!HqiZ9?~?!H)*{AR
z(#~#k1JC_IIiE?rGUvA31WuyG<i?ZC!#rTdp21jsZBW^XIcb4BAgBvk^6v-CLgmO&
zQu;_rO^UfU<!q6lud}SLA)3*TPvVr)x15zXCZF}XS&1gF0oL-KDMn;*$qJ^7kwZhv
z=UpT8hOS@+-c(0;quP8(`Mgfy-lAVX$7^y2uR~|XNgGl4=usm+(hcpC!CaHeSD)ma
z2+&PqAipK_6^S{87cwhVt3kdDSEBZQ$rN~Bp4+6i_c!sAF-=U1PT_Y>an+b6$qwJC
z-X)Ioo!(s%#&7r^!D}}c{+aWj0Rxo0g^|5ay*1H-Z!$5x5XD=8!1d#L)KDwR>|6uz
z2$B9+po8Bkz~Inl=o&75a^s@YIJbOpRbi3?amJB;R;)nRlp*3L^Gp{Pokr9dCa!Xt
z07xf#!TU2}#a9=xGDCf`SRtY2E4bhSCK?G>0X&)$49<v4dLdZLbJKczk2}RrQcR9T
zCpZ+`CN@-ldX;wvgTg$t^<H3lxAiaJIkrX5aYuOg20e5{ALbc_kEDoOYW5^p-5<~&
zKmBgGOc_#>k}ZVZxELq&XkM;L5`L9SDP#r@exY%V;gZN$U)~L0mC>JrZ(m0@TJAcG
z53d3_6>hW_KDm)h2DQpzM?}c6C|T1O3Hi#w)PtKGiTqhsM#LND`v&4i6AAv&%2C37
zra4OyUWb$x^I2qqnSx2M`sQ_aj}#mr5ox(t-8sK_TVX`!AZ6k_=BWRfdLOLW_4h_;
z?U&3b@%>#uYb!q$P6$F55QGK`dGOJ-ERhKowG3vxQ&T9c!JuzNxGxu^qR{IkP(}1F
zJa<$Ro{M7qJf?jxXVw9@ez-G-^RdB)A~%M`U-{6D$_I1VY}cu8!EFD&qA@kZ!mnty
z@+PGx%vV;_b)Of*;BvL{ePAF{kJZWtSnAq`Me=%e)C_BFk``@5nCmqjay4=fW4+A8
z(;<)TSDU=ZW}21KDQq(Zcz83#yW=ak2h$@;Te#oFrz^)-FOS<_OnZRlwg0fv_0XZD
zq@Cm;7w+Ix*syyPZ@U8j5zm9<s!It)^B=|g!*hdc(M3iIjuP?39@s8?1Z>lqn{XE%
zhTD-PFpXOr2vtemHjc<mVqwM5R+-e6;*xre=K*FhG7OgT$*-vMKINvOoh<rv24-}#
z6y*FSR=gYWy!TbwnAmJo#$?CY15x|WiqW<#2#hjoEDZ|Y7EG)Hl#o&_C{LULa`K6(
zf=3j)QRYI$4jE|hUaq`=I`~Zp`HuJ`13BNOMD&yt;1ogdcgx3J@(=1m%H)R-n_9ph
z-YF>lOE$&_e_dV3Lo=ABml-L_Fnj^^fp{_IVIt8Wx-<sI*vphh)3XWk-SK9-{boj|
z^Yk3gWEdFZdRe{i7_E?%3MSoNPc_j9h<>zQtEGVCtDbH2NN%E8D6Tu;NUnzFOB!ts
zOBI*R3~Pkza`-AVDXit8U|2J417HoRPD8+Oha=pCgR>KGUI96Pdq82*22v`!B%GZY
zdoctEduPsHh!vaZhPVJX#Ao;$9Qg~Fo^qbu2K10_$vHN<98SRvnZ|EOag`@6*;faQ
z%Wm&JH4Tu5Vlm)`aEMRWgglHq|Kl09(0nYBEEm8+KjjO}2R1`o_QwUb$}+57eC_S9
z&_fsK!+ZYX!%i1<AD)~5ABq<Z%%4S>Tgndm<+&tJWNr!dxDeLYYd}R)jZL|n^q$|1
zH<X9T<NEGk>VNLj)W~L?8rj=SnVa25h-7E__~}Ne+)mm`u4o-HflX{+q=V>qF{8AN
z@oKm-GNAKmcJoFC#GAJ_J?s_5tLqK3_<(cFG>f(4X%^~>226d4;oM8(BZ-_em{iB)
zYcM1~K={V|9kmyvzF(RUgl!QBSp)hIFkYNKFbd6kpK27EwH%tY%4y(l)lYdo5#KQz
zi)<jX=k@Y-hkQ~B+{`ka%cOlHD%g&fVN9_*<t+}m(h<JNQZp2@+ikRsuWo3)|DWV5
z-&67bk9_4nPQAo@<^4Y@6cpRX7sJaVxyi|>Q#-t)V3c4bd3g8Q;TiN)9-b|>8lDG@
zi)d?%_1<_qOP)J0S85=hB{eRd#r$8!vjmHy@ho|4(Z5c?MGwu^A5a@SFxVUHF%d7Q
z|9>I@)9j&#*F+!M4d-$t%gLAqvru1%Ke1`b@mt`{-wgJ;Ku3zb$(e%&D}SA*E!k+u
zEc5On;!097D>1PBN2PF79}vjKC$QHRQ8$=<d4}TciQV+4kfhp3X9aRC=IEZV=pxG(
zbf`cE5)EQ2lSb{RfvHrR;xI}<A13#iBL>)LeGYlMgy%IaFvAikY8`T?V|q)2eU=sW
zqbi%kPDCeWOEfWMOF2ymCUYgm+Z<vsYi8vM4C<+5$ax1_zcw*zB%X@=XJ9r~-}xl(
zRe+IZ7K(+AY7-y8@S__PD}1IlqtUi1gP>Pv%VHbI;2Yz=5=n0(1#S%V_FYW&=A*!%
znKTe7DO1vVq#w%K$$d~E)e0{A>FX$7F>|M~2N({N4;)x}c#!g(8^%XjoloIYcn$rs
zDPSg>xcn!^dd@du4ip*=B~z1kXnFSa-W!O~{YDw&M%R<WZuu-Mbv^V@p7*gSGFxZh
zMu#t)?6DK8OQR1&Zm1Y5u^8KUzmF_UIXa0})gD&${92U0PQ$89D3xg+AzUj*_Cd#F
zvs`t0Z(hZ5(YaY}hCM|VHbDy?i-E5Wwtdi;592Dc*pQfPwCh?8km$ebs%^pu;~=GQ
zWCW0ew9_wYfFvNY`<XiT-I(mXg8IFZ`t>x&@5Pbq{NQ=g>L-#vK^>n`n(s`q$Lc$i
z;=PqV{tZ4p<q%sn2~`u>!zdn(0`g%kqILD%G{T%y<ipT9_4zfJHDf~R|Ip9wn@hwt
zn@@?wo3W#o>U>IQ1N)fly<YqzV^Q6G(@2ER0}1{_Nr@x<gl7sppLQ3rZ+S_+6VpoI
zVM!E!$}aGOLFkLg)S=7r><o{EC?=4>l1UM)+`C2trUQ94fI|9+=<$ZnKc#&UPAqiE
zP1M8MpJ(XLT}-~>w41gp)tia%LJ$O+1d7f`ftE<H{W}-*&^U%NgNCz-dSi6z>(J|X
zIB)3bTI=BIL<dtRngsQ-IR6M*QNKxj2nF0O`suqd)pG<U6FtV9YVQg(Zce|8Gwf-o
zo(9%r!cC|;3x{0c1ocU?DaloDS71J)&mCA&Ok@<0Q1fy%>GOz6qsDJ8auVD}A((IF
zc24xcf@`#gljRDrF}d9X@)Wwwpzz)u`QuJEp?}h>Y?h;9(y&}iYU&vb)U!zJPQnw~
z;^mP=qGe>B*lK8=*n@&v$WV?6I-$1=?9GA_Hdb6v-DKwL=_tQ(zPIb8bfmVI0<$E^
zSDnXYLGl6kQ5k!diNmDWwYqaodnUPRYw_O3#2})cf1&$Z%2BlY`!u`1!;ReE=pD#{
z{J$!~?f3=nZ|)bDs`R*raV;783%g64%RpDc>1^XAzEMtaiN7m1dWrv&Nw`B`D(drw
zH!rd`-SN#6IvHk96Xpz^q5OM%F3&OYDr4N0LA{+qL-Dg#BJT?=f#H^wCeiPLEnAr+
z`lk^;`US@{IA4@Nr@L>nNgi&&aOb?b8ffkz)phMeCHu}^0`WgbmFu0kluMp8nAf@j
z3oO1uOH%Y3H~XekNzuNkSI!Pa85^$XLCH)L0OEDNCSPM0@PVXM|CkA_`npZ^q+f$?
zTv!t2I(J}_856wsP|&N|MO&`S+3d<W=9wCC*QwDsJh+{IH`e=Nl9M~<cW*QNxFF{j
zz?a^Q<{96E1mV?Dxmw3+jU+!{j^kpp&U{SiYpknS`Wo}<&H~FafN`A4%MY>iHSM3I
zTsL2^#w{a_yYR-RvGFY4`1li;e&8tVTK`ZvDOcI=E9-fFsR;8x8S(HgeG^C?(Bihh
z+w|UxT^@yw<Z9)Ex^P(YvuXf8C?72*cB0DMn7NDcJ)xJm{H;T-D*&?7F5-o6b%eKL
z?QBa3LkY;i;4H0y%-CNmhgJ<IYf?647Z_ttgN@9rQ+^$pi^($G!8|Kbi>{>F6juq3
zr2^Med9p%SLe0g<x(mp<+Qp4JP?oF<XJ=Mkc}5c46otn=@;=~ZYA8u@p=)c{Dc8xr
zqUT|(%I0$N$cxDY?Hg=f+^Du@E90pD?uNs--cg%RjwS{2J;Kl$=QUPAT?BH>BP&6U
zDSiE7IC4~*7qese+I7x^_2Hwyo@1sof9nv~yW~F+)~(}V4fi<$Iz+7Tmk8#EKW1Rg
zLcbaG!ee0ejnIKPZ1Q$-h^tcUIvDp3Esue52R9vRkU$IMjmnUxC0O1;4Z0;d=r#d@
zFaO5eCS!ps#sl`<ibesujVTv~0A8pYqJW)`fE^5gT?~Nj@j3uj{Fe@}AC6;y9eJ&R
z-o?rbkHJBS^A~6Qg**UL{Yvs&a^{31`Q8CId4u+6qTh>!at5S30}rASF+<+!JDgls
zl@gedO$ndG{IXmze|PYHQ_eYbAHhQCXW+dzSN=^(KPAaU8NNfwPT8|GTkT7M9<>>n
zb<iMBe5ytc!B#1c93U?kSKyWm{MZqglP#BKOOtAxa=%B&4mS&f`U9n{U4da4m?tTD
zWr`y(DtkRnz#-<(h8gS#-e$@<<+&Q<8ti0cinouvS4!XNlE-EE4kkO~DT}k!9<Ja5
z7=0xhe6M0YfOK#iA9hr>L%svXt&)2_qT_8ef6%}<b103p9py%P5n*GSkW1_>z{)?2
zP`v*Kfa0Hf859cu!mgZJv0^>(AZ4f_K`?cee230RvRDwf*XpR-2oLh*pB=uRlk-9F
z?nszfn@5a`*1~fjKQP?}uRXJAGcakYuf_(QiTOpg^=wmS*oOprUYqlq_*enDxCDm-
z+p!I3CJc27TDnB%Zf{H2826-2?sTBy1JovtKud?*%N3Yo#dbK7G--<z%zac6ohMwA
zzLlyDCn^1(l!WM(I0I#tM)&0YxIGC)_atAQ2YYg@VNXJe=lj?_nTC7flym=YapA)L
z#&IDUiXX*Z3~5rT_akzkznMrWWFq)6?q;-j)g$-)HONZ^f!PQwYjo1K$fWHNV0DU4
zI!gnVl_ou5v5kZ+n7362FDIL~mCxG-@Ur2&uX-d_z8!Zn#*@1OqpaE?b_9mmKId~-
z0CU)mfIH{utUJbo;HFI9K$AEGlkhyQn?xnz+*6hEpE3gQvwc9Xe~V6K7)<33oAewU
zVm6c5cohvkaIlnjF8rSXsLQ@a0Te6$%U_^ElFiCWvnrtwvFNmbhu7xivE#&?!H02X
zw&={Vo$^_l+88^V+ms5M+RKGb7uw9Ag|c)nPHl{x&kZ_;Ghw$ew7WELBsyFXa1fH~
zVbN}H!?2iOtZ!W;p^Hzzk+Cwx(=_17_MJ&u&{S;)UBhn+MO3^8GRQ!18MH2D`5({M
zhvWIFA}1!2XQ-D^5G=_?Z#myVL@$^;kfLv#g9eHfkKm;hyd!eM<OhajJII?dU(6qs
z>p=9p-{j2M>S@dFmtUoHxZ;ulFZ1Qx$JG8BKGK={(M4z(QtaOeEbY*5<X~{{Og^Q3
z>}hvR+6+WxsWve_slYVd>6o1zIURJ#(dn?_=zZmVFuF?~mO;m2%Ht72rV)p|%A0!-
z*uyfgTkMNblx=d)r7;wR+tY?yu*glI2*oX66}P((MjKMxqO;Z^n**a-OM$$M$aVu&
z-Xo7l(bXd#Mi;acEXwAz9sw*mPqB@BD8n6eK(}XIaN*?D)ut4P&dq`T4mp!`TZ3Ov
zx2FQbQlx+@BT5BekG9K0QmSL)9c+XJ#S|%3LJ81u0=`O^z}J%R7e0YAr$kE{6T*Qv
zN7kIN;>zASLBO;>SFqTD)_FV@Wd{iBJ6QY!y#Ros^ekTP#0;p+2ocd2I^}BlE86l%
z-%7dGu?y|6i8^L4Qu5>}RTg<dRqJ?tAl5^~B*+h0Q5f!uL0#JFT=HfY!(Z5&N=Lw)
zAIM7yH4_X*k+E6;KzD71?%+Zjs%Ke<oh0v8J{`+lS<sg8*;$%acbs@vnsj$&hJjhv
zFs)7vsdueW@aR_%>z>w(@t+#++4tc_c~546Q)=>ZNvh+#<t^W^z{B4=I%DGvIeD-G
zc}NL3Y}G&*s^jAy<n!)e)_3d23F;Lw-}}y(JcE_G{-jkx{a+LBvGvT?<3~z$sr-7J
z<ToqVvoRIySLNArJ<ZCq=X<MJyn%xpL|~L2nPUXCRf)d;A5d}iHyR>2Am9)o;}A<|
z2+!rN@Ymj5>O02u=|=qoM)iK6NYIrlT&u1G{L|JK8UKw87{9Gy{9+vc@<zr_GmPKk
zug2e;#mDDK*c-@SMn&cpAEbe*KqB&{Nwrlk_kLIS(Byk4TM!>-#ieuY>zMneJ9y1U
z|0)Cts0JIUZ5TZYS4)#dXG^|KW+`Xa{D-8#Xh8m|3_wp1uC5Kk!QSBxT<h@7w+Rb6
zx`G8(S70n+HK1u4HWHm6eY7lp$R>C$=ks{WEuU2XrTGuQ$@2Yj0hK3}19LHfcXwA{
zNp#ktA8SFXUw&vJVclRP!Z7AQp%qp0;Q|x`57L=Vrxf^=RJOyUxIWeL-n&j8lrp#D
zBl-o-a2ox#!4+_r3j()VT=EWARVWP)c9qh+AagV2jNVxyPTOG28J(ZG1v8F!ysuCw
z==2@c<}ks7?@C0^z7lcIF8@x?wU~){XMt%$L8pC%!PYm8%IUe?YaZg8x80oPxz-uH
zDO}>{w9_f?^zNoq?@n>g&di<p{+(W1foU@pTlH00)R#fL^)w$5Oxex^IIO541zWWF
zXQ6<RAC=0;-^1b1p?WQUInqOi3|rF9AzIsWC`hIguFs-S_z4#ekLVXCkayE|`h5ed
z5rMh0cS%)hS^+R-Rcdor=KhA@khv4VU@Zl#>2w}**SBu31H*o}4|*dQ{wOdVaCNFL
z4ECEnBB$R8Z`!aN_X)G7XYhe=Nv9uV)w?fpUU=I3eg6I4&Mwm~EaHmgP1TnQ0Hzjz
z!-+tVMQ#<4TEAyfo7S3e>od1xR>IXtggZ7r-XCxwmU85;l={3YkUhG_X>VromEj>c
zjzo$apeY(A^Ef4kbJcFd#%gOU^)pGz2GPolrR;+wx3LQ#qpr#{BIwS<Gq70-v;yj#
zS*Hv-*A0UnvP}#7F{LS*va8Zon&9^QN(z|D%WMKBuP-CC2l?>XS3#8DG=Nb5>g9L^
zDA0uz7+Ol$KR1kVkOwIs7nQOS|E%A)#e(uUd?s&VUc4W`SN`MT)37u$<h@eERmP~-
z-SiWH>3E2|s%k4Un!X^A!#i5~Be6j?RF0D+IWW=&r|I$c$cJ~56+Zm8!0r34PG=}7
zdK1{^?GeNUwDnwrr4+WhO;u8-v(B8{rJjC{;0Uadu)`s5^&aN(5PZ@?xrfr4W3hq^
zJ+8kB^c1+?<^=O9DQDBXoKR1b(Y_hEG-riagoq8ew?#1F$VXxjZ5lH4QxIrvFMv6?
zf+@e!VfP)zUD(J(*6zH3z!_-~J0$x07^3xRIu8gH^o4TKQ2@$tf>DO=9P%zl`A-Y;
z#Z~)D9OATU<GCo1tMfCD<C#EMU9E@JseFH(rw77no7=QkgH^U8I0|8P(jjm29@ecF
z;q~d{2)x=9m{clk?Aruq0{tcZb>1N`TcAjxiRhy{&)!V%v~dSUTJz<t4qS0~3&y`#
z)INX|7dPsV;=MzJ6mP>Yc^{kTOKORGAXYq$(1xMl;JL*7z0d+FET*gnIJ<-Ws_9Jl
zs?F};;I^9tL2W_t1Nb2456^8<pf8ni^BueZ@FvGIpkxO#cdD(8{>2-loE@Ic;;LMW
zGdO&^qx?+MnZM?hhwt<p$t$n@9DZv*b07JSpHq6nJ*mDZ`7jfJrvuNk>$U^)ZIVv!
zm4dmbxjLhixd#g5l&_CN(VU+C>f=Ff<{6pXE;hbm(J>5T=fThN089+w4&DoBG`u^o
zQ}~0&99$i7XnsFAKHQ*1<Sj;VA+;%Dl;eFHhBwc(ka-Oihryfkq~OSGc(r&y9}V*l
zD6V77o6_nIOtoU@&2%1Ar7_(azYcV1`zb641Wb1Zx;|29RWpGb_|fKdyUJMP_AYdb
zAr={x&qf}(Ai{iS5c6F=x0B$x8+EHzVqxl(qsbJiv4AwTFC#@QA7x2#1=m+n2jk3?
z<Uzvq!ac7zG08*LWm5_%?eUgANc+4~0z)$#^5XCK*EV%LOQK*V-0_`F^Ynm!n|KGV
zp7qc)PhYe6NnT3UU1frhzS-L~G>!5V950YBWFA+uR^K!EK4`MWbKmr7eT$OQw~7@7
z(4c&7XF;rZ2<r>T7w`|yHSkUOT$=#0+9r&nWFd|u?e^f(ZVxpF8o^u~pO}2vu#69c
zNGv2a^zPxp@MRRz0-`XZ$4Mu{Ve*CSofM5DtQ|@)#RY=6xr#D913hT!&N=G6E_9LN
z&=#0ME`xEdNy7ZQUmzn?<B}Ismgt<LV#OZrlUj^6s~6~xQD(S{ME|S!2YOV!X=0SJ
zNa@+Rrx5xl{W+A9>w#oAlpItg^1N2t$MW;ZxX6ktDc1Ezia`BU>6%7iKZo&PT>BqH
zKejW(m41nAcrDtPgISNg2z<#-W!w*B>dve~D`o}-Tq+y-^$~!b31%Jodm(e1Uh@vF
zaLk>QQ~9kI_|x^>VH%2O0akij^&SzSqZgQCa^WmYr3Lq0n}0#;^~{`9t4Isbg4E_?
zeAW}81c=>_J==!Qy7FhX1$}w4;s4x08Ls!h+cixDmVLYPpj;tzggIokn0g6;H)zi{
zy3x0~pe3gE_l3@q$Vu~HJ<&h5MdTPO`3}LeblfTbIG)F;NO=X0zlMtJ$?^`}g}m~g
zP2}o~v?oDIkhf`!U(ib>gz7~#10k|1R3A+ORiq5>KnY`%-k0gTyieSIF|4NQ!hl-+
zrcI?CZy#<IC+|i4V-_8wv(0thL(JO6j2=b5C@ki(`(J3xnC_}yRChI!>#n%Itkzj!
zYc6mPY&Wn>XvTJi-X#^0PKk#4&ze{rngf&8z*SY7@<?nSo*6i?43}?XHnC@iU~FIv
zz64@v5_@pZXrPxFKrgeKa(bD8tl9NPBlNN`LN7C7=w%_Nm#ibEui#=FBV|oIU67!8
zGvnx#_iDIjm0!BSQJE7@=R6ZI&@q^mwL<eLIleb+AX-rs-PN2bwdFTmMwBv@!Uf`#
zPXJO?a-?D<5of@#%r7Z}#M5Bvs|#)wcs`q`7%KWPUbZ}Yu;|BjN)CMH4)k>dnow?O
z7^2h_oNZPPIWfJ~Fe_&CbfH=bewkr#UBoE8Hg7*)$c?ff3AgwGC1J7R4szs(Or*^V
z?~J2>>umI|uxiq?vW+*#T43k_Rk1_h-<jD0{_#Mewg4E6yx$+QFQ>1y>^t0|2z2o&
zdZWnu1_<b8fyNp|`NGtVN*FX})_M%_DBaZqZ@YGI2RD}=$dDB{<Ad=E6#YL7@h<UN
zFkI@ywZJ8LU^T<nXbvbyPrt*2Ky{%kq6BRM`gbkiojMkCn4mt(;zT`BR;TB1O}{8l
zTnF%7WdgCGKRjK;pU%CGB#AC~y?HypsJFqWu$mcgI6RVk2)k`}h=!DmHM_mH;mk`7
zH3nX0^zh=nNDm96^l%hY4BdbdJAl0-Iki`Jhv{I24B%JSnE4ick(Dc`PeUK8sgIt~
zKCUwo&n)h%o}oy+fOvL|3vIe1tTpI{4GL+@!FS)=cxY1v4{d6$oV*^s@}l=$tB7W6
zeh$noRn5c)0K92A%zb2{GI<@BHI#D--Gs`i<}6g^wj(;)YE}00*SnhQ_(hUFZB)OP
zTnK}0_P;ewAhZP}x9$&z9Uqwhg)C0_AgMC7Gw2F5(Xl)!ybcFY46$Mv`z=lMW6bpG
zsrSs91(ajfUH9I@Ih-t@t*d9<GjldPo_*gW{@A~kMB7Od10zedEXs7}DXo5?qA4q?
zdA*c%nN*j;tR>LjtMpFCgs~f$7ZMQ|vBHblP#xK!893TKWuAMGLKUSfIyG%FkSLhO
ze{gp9O`S2FldhQ_V$tB_&az6uztQ0f23{r-d%8eA<C6F4K@eKeN)Q%h-!siSRjjy-
zm9a<(1Mt$=7s`syh}Uc%sljRZdTl%UV*c~INE77?VqfG(mQN)c9{HJV+}6*8n050y
zC5|iE>KVsyG#n0%Vr6FRPZtXLnMasc<^$ir3p~4+&McCq`sYLJ2DDzv4JcL&Cyyh3
z3yS{RusliJO^5&pjbbvn6c||)Sq>J6QHK6Zb9=0c?PkSial3gkC3ZJGx5G}V<DtKd
zz{u=Kf0)rg`Qr#6Y3;CnHrlVOl#BIY?6+rpzqgv=`t6DRUdwJEaalVpU%BoUGAoCF
z#sEoRU$kZ?E+lI988-V?*KA9|W=~-=G#|z?2G^}`gfU2?#my>{<g4sJzcSoF=-J9Z
z<UH&6lprCS<JOmo>r2*VG$7%Ol5j>>;VU2-*Bq>;pB?zmHvDG`_^CEAl;kigOOG(j
zEH}r*V@s4l=zL&!KMeON?B_dUTG$rFmSEQBPiic|z8yf}ipWuzEiZM<=i>#QDJXJ_
zr+M4D<Zt4rh^HqUo|PYR2@xj|*nxLNI6SnUQ$7<@A`bJ^4C>g2;H%;OQ6+SM%coKx
zUqk&sf##CnWu{W%{5nTDzy3}_cu5|M_+IPu+wcsk*Gs|qI$LQ-nXncw*s-*m(5X|N
z%C}O>3Sg!fyFe*P#`nP#;9@Vx*4xW=7-V8wE#@`kJf0231lRWoWMbQ2$iyhonJ`5L
z^YgnFWz66^-*L&K?SNkByyv?BX+W00A<6roglZFvZ_3RjkJ@t`5P<nYjHYCOxXMz#
z;q&rySIlWo)xfyEJZFdJs`6aRol@{7llLU-)~_FNOG2F@evgpPM+_Ym$R|c{lzJCn
z$L{4CcC7t6(j*m{M3LA^8CsA@(&6w8hXIE%Q$J@W+r+iF>aZp!GADRtWGAY{UcnM0
z&qWWIqss~f<)_ZTt$boamF9aFS!%cCb}WE(G3v!f33D-C>3eoMeutkfxdw0#n?IP!
zGQrWflYzkU=eM%w{I8Lz4f}h-`PoJXBZVD|<RRm<gOLVsH>0Cxir2g-2X7z1&S0At
z-_xQYeA~FwxA6er4Noa;VY(St^$`rWz>oX?i(B9?<RFIMQ?Td*X?;KrdNY9>l)JhS
zau?f&=K&@M0o7~ZgkXM<_!H7?@BfPvQa;jRk^-~%0eOS^n>$fC-?ta{n;GB?^m6zv
zCVAUyN2DXNV}x<p%C7bldl1Y@euh*Ge|(8oE_4nvhR;3CF_Uk+>=V_<n3WknB8unQ
zaS+kpn~)6|2rT=M@&rTME9zMr(vJdz6l$vTGNp`SFt1zo)rTY0dfx#?t#>BH<@b^#
z`3pTEPFpuV4&TzeS5Un4={3Z<wOUWC+k?sJy9oiWdPhURq%RX7poV%MU(tv3Y#jCK
zl*xM$^)R$PN`xI66?Skk%<!&n6z_&}yc^5W&aX$idjMsQc=JO4BD9;Y$GVzTxZ`6v
z(iH&CO^ru6`W{g(A26<Ak~}XC;eJt8?PdsfrHjSVC&oCpJ&q`2w%LgD_1|dX3p11@
znL3>7>cFV+2+qCLKZ<jAS~<?yo+6xExD|0OUqiWO4o+kn#JKwJHH^Ce7>AY2m<Wk%
zQ)duAL)YuD>n@I6XZPr^Yu@(^yF5aizwDx8n@Ps<*vWkpfHtEE!?SshGO4$W$1dT8
z-^AO_C4U*=*nu%8hJ7>L_^aMxz@9<%-nNi*$TS3-jcTU?48Zu-DQ{ASwnM3ZkRy;r
zVm(Z@%oUttR@8nd^$)j#d`;y`&>e&ao5zICM@x3z@+d!iK$oe{;Wqe$NeV1^EOgyn
zS<br7hIcDj*BRLL%UtHSa$UiluNRZ9z!o*KpHyD^ifIZyOD0ulcl;2Qi|?6GCkiC8
zIpz<hGNE~i^r0^#Gxnk=P-@l=8s$em|7}CME;wKg5WMZoLDqRX-al+eBLA@LIRCKH
z4`XS1bbdNdF|_M|P>^+N4KS@0?`BfLTq;k9rDj+ix`J;RZ&qsL&0wkluWq7u$8cvk
zPWh0LJHw`GhLJlvq^$qIz@33S?3C}}lmNeo6muy6R(oo;!L{gHISF1@@YgY~hNSRC
ze8hA#{{-?@hw35k)r^}FD=;kwoX5~B$SWE0F%-K46N&cBB6d)x@%xHt{D|(XwPWa2
zZG|0`V#&m~{et7+QzdIBBS2T{2v7yR`YRfw*;M&7{kMjRn?l_YqK$+^IxnKAE7mbr
z#meX3VZxb0OA>MwWI|DCUSXEr0ApcZxDMk;exy2RWRX$!-9XZAf9%a64<7>^v`PX=
z!3!j9E#W-i$jys^B`dmu3@^<cHN%Tc*vy3SzZG_Yq|s>7>R;XRA&0D>aAZ}~JTe84
zY|!z0qxSJKu6?{r?HciaX;2G!cuzR2olrQn54ISCx{(W8*g35L!AZ^2wA|@oB1!5<
zXn6nYj8;)x)bWk%#T863Y6)t5?l<s4O-6lGe41_1|4afko%cF?Qf5$pojFH3rus1n
zqL@PTuy^!fFQejV?Kzf(oAA|pWv&o<^PEwowea!C`?2_b9@A(oAJe!-Ybe))S(T3X
zRX=o(=>P)c6<FzD2;Lx{>|p%!yYLfUw8j@#MQTp<*o~lx<|o~a-K}NwnEEDHi7J!2
zGF8|N<<>WuChz3gp+XFQQ-E=xo2XFpx2zf@In>R=^Hj4250UcLHyE{=V&_-WZ@U=F
zZPv-6O}wq+6-J)hV6U(KrxviIBv+%c8nG>}ab0(Y4$Cr>c|h>U7Odx*l*Ja72VSRY
z!*a7{n|S-Lp5eWF3ZKb+lSp;d8JJlCok}bEpsE8nTXIWSls)I3yB-iL(oJz!n-%6h
z`tiaDo&sX`tzn4$Iy=G2A8%x8uWOb5y>fYo9r}g%!<canlddE*=?0oQ14s|YunTC#
z9tL23`^|ioY04=nQAR{l{u&G~Z-Rq+8MNv4S_G_bS25j%v9#>ds3o<=C%Y3X=CX`d
z$3|1p**}x?MQ2Z9j?O@HJAn%Qc=4_>s|$RG0NZ|%<lokyEk${LCyQgYa+K)4gK;Z1
z14>xqH$tqK!1RG>uj)v^ua%4lSu_ph?*h|MqM9^1G@8AYt8r)mT(8ej0?e#arnY67
zxoh*RxS5gc*MpK+;FguKf^1XzYB_ZNdQ(z&vq@QXd7oGrV_G?vKTW-Fid%V#x4DK`
zpRygj;uYO$FMMuTEm^76ZkiCk|AJA7M|%J)IaICFpM4VF<`!)85<FL?wg5RIIMtjV
zxYvwI3Ax61lt~U|d8_E$tvN!^Z=Q2bthgKXlp7@GpzOUhILaiYZ+6M~f?BL}p`L*8
z&ksyDV?xGASAY|SzUJAfGl!wGv07&-c6Cf}w25l0Yy$Be<AEmo1w9Om+PDYf*EeSe
ztnXHM9^28B#yaXA-%&5@$P#DwEjf=&`cY+B8=%Lxp2tLOTHbct>6*N&1XhgEH~7O*
zjJP|_1dGD*XkEr02W9N}fm=a(D?_j|tR$r|Siun{5WWE^yDQ_~5Hy_;%3EgO^16ri
z*2lE{h1y>G2Fr`d+5+&Y@t<7P^4J&bs;J;U=kcGOFCs#SRk_8ME2z!XCaR<kV|q$}
z#o@2Dpxf`hW-`k5KZZu_B3*3k{>V^P^Vjdw>ssZCXxACa3;g9%@G>qQP-4YP;9990
zW=TSMIO~U{+6{kdEh>B06MMF*YcIi3USheZsb8$9ewn!Sf6ojZN$D9iL%)$g{j%=$
zM$|8{eR%F~%nYsf+0ley$^iRDZ2}u~tj|ti3>&IfLwx*mMD3;12VcH=#$A&h=xbi{
zKtvfl0jSU4U(_js7ks8&!vB@Q`Se$bE@4x8AEAJ4AP-aq%43c7FK0yuQFSW%U&03{
zr;})G>c$kPtId7Lp(ZJ+e*KJJvj6BrQPw=4i7i)ir*^DOrmoO^Wpa6TFYleotoUC3
z&U-0_Uh*@KtYLR)Ehcq%w^&fBI>D*v8Z%$V+6YUV_2L538o1VI<^e6xI^Taptmqu3
zR1ChsFONWy&@RgFwbe8NIWehS7uK+t+itC3<TYBWTUoZxWYK?@mLY`m0wv2BFJLiR
z&7WJ(cmdJhhuNIly`bCU6)<Ax3QiuT*6PT>i7(h$Req10bF(t&DlPl{4*q%zye>(g
ze`Wr2PPy78e?zAlRad8#6|Y{0b6q#TP*~rZL0GA|tcyV9i8@gQqgqt#&ct@|9!Fq$
z3aitjoY>WahQ^xI@~?80aw8mgd4fIHci!Z^jZ!^u7Gv6c#$t5mnjJmoIemubKF(%L
zpGKT#dzj8^E4caz)i=swAkv{LQ-RXBoAe=@;*nQqHf$!q-q~}nWy<N)6&nOfB}|?W
zHYS+Km{@PeCg#BlOy2N_>|Mxc5qc%(iTQJ)<Y=nS9=J&0_CUt|%A=VSzKBWTAhKiy
zXH)cia2|`EFJ65O+v_!#H9_fhAh}pQ4R6;E;z)4$ty*c?=Wk+#1@olfTs<v2iF`-k
zW+u#!v=K)tm&VXCN{To`BWRuoe=hl|5^4CNzBNSG()4s~$A<rcuIYSh@&nUsMCN%e
zPSP13R_@-&3MyJ%QE)pncsmTRP7pnJi<LrCr!28yMAt$+T=xDC)vn?sz7Qz<bQ^`H
z_I!jaqpZ4Gol-Rh%T}S53g~1rR9qz>lt!E3w$0%%`LSGUV*co6wVjc^kVj#2a{7y6
zG818dVznU0oL-_og)%H8Bd-3DADE3=`v_oM)d}r$u{t19R&~^cSu$l6*8w?YkKd;D
zG%A43D(hZ0D1b_qJLUNdI2gm7Yj?>9c-631Zx&b{SF%M}nI=_Sb`?^^wz~Kr&Wxpm
zjW$*^L%duIr&8sW1vIJf8qIAp^Z-H0gKx%V08i=342;Y6ol9DfsgBXQ9nO6zXXv)U
zrVPi9QN#n-zy}MjiEm=B)tJNR79hdll=uEyZxvXD7TT9D1nw|}DXA5667%Ne#36vh
z;iD?XtJn$<W$`Rc=K^74UcGsdlVsMPq$QvKR~$kfcTqEtMw9oZ^6cvYO>(`Xm2sv%
z8p3^OQis9<(LFp$A4@(2zF<F<=+vaJl4O#?5Xz6=4ZnwGC1a2gc8KK|F-OW7v$$k0
zCB|-X&4WO=CZ#NrOq;_8fu7x7Rw#s8@}$`|^8HX8fVUO<#fm3L2+ZpE5HwM-nCPl%
zDZE))FR=g0rSzJ}IaH>6Orcd7_+h<C>yJDpPHrHB%5|7BLmpQ2DZ<5(KFkuzkBm!x
zGFvw2@@~P>H+l>CZHbBLw<tLuGs*sb=>8Nzx?;a4O}r&FV@4rmuNqcN4$YzCk?~10
z@*wqV&>O&(w7GY-vHKMtu<kKX1y?biEq_P)IPT0Ur=l89thkrGSTKV-(ke6fi(>X-
z{hUIwdH_qZ>U}`)7ua$#mKQV6B!XA&b4(RaWiDv0<SetPikWOXtYGahz1zt#q-dNS
zY7?&j!G)ah7#EVswxT<6S?FZptIdx1hTmt>>|9&h_7Xy$^5M<O{>yWzidoj^==4v&
z$Ig64Lb+`gCN0BaACbd42QVizffwbqt!Mr%m7Ji!-b<gF`QEE;GUT(_WkhDTM>}0g
zPnezB0k%2y?rDXBYR2CtPBZK?n|GJXbA^WHh_2%L`R&<&dDKi^H28hsA4mR%#nC<K
zzM5gc3J^R$H0e*7e?>&FPozIyxPemKH0V4WAY~5wy#uCFJMeQRDtGVK3}E%_@7n<U
z*G<#Bwr@t3;=4@ppdRVfkZsqqz>0K(M@f-}!?EGJtl?OX*6`tHwXL;{pv*rzrV{V+
zlGbANK$z{C(fIK^`nb*K+N<@*)+ohAeFb$b>*IS@Um^5A5p4Mi|9mp?=X(6phfGqG
zVSN;tXRkU#oksHSS}y;>Pj!OYQ!U27X7i`h_|Fo2djsVwTT2c*oz#p-m&MASO2+wq
zeS}H41J>#+cx&LL&d=JWyiv&zu~>PDfA=hYM^9S7gd3{oN%^Y2)|lt>dPaZBW6b1b
zA*6B3hm?;v)%cM$xV-LWLF517C_cmAeoIQaVWmJN9>@ExAn?vXc!cf+X&{qf9H_%L
zAH(FjQf2dgb`a4r9Bc8o<Y$J}Hp{U#%%uEmkYUZ3*Ca>|xPg3OrD;UaX~WRCP3}O3
z!?(a@^6qj4hgmW41YKqu((0-(JaoGhNTQ&)k90wC4j}Hzdji=fUT_5#Wbo%V`~w89
z=h*WK6pa?D_rmhVEsF{;p?ipTy59EZ&4SuKY6JWg*8Pw7Y2AJ^aTCn4cdbeDpWz-X
ztDBI8V-xPoV4xi8XRDzP8`clvuv*rE^uUYJn1Z0&CNu`Rd{ZLOwdMJ}4Dg#jy&>4`
zX&iQ+>R^`&cc<bB4?-Bdtb<+BivYU`?D<j#yHwrEwACzIp+T(9n9?isay7XazC1-!
z!AyTEnjthoT&PP|aNI;zRVJ)<G{$??x+hhl5bs8G`Gl%7B{}LUO$9+`M%XPnHxvW_
za%J|gcb7w!?2dBDf*DFm)s4L8XVCbob>2BvUtsJXjU$Qszl!yL751ORSFctX?Hk3h
zv67UHS05=U1@E+?IOmc#!WO2jG{FErv6RP?rrXfP#^tK|IT@o$J$9?wbU6l6yK;_u
z`nUoqJyC3OQSkF=)K`^{4u_F#+b>leOqP;KxS|Yk&$a=QwTWpegHMoMJg|teRcXVL
zZ#;~B*gffu=NKA#3iTsfBK0gA9$#o^{C2wW0}d<61RHQv(YZ^S<gk&bzKpo0lnn@|
zJU5AAk(gr&HF5{9`Dg!IQP+dvmM+r|a0Zqm_bWkfW@*qEU_>iil=mNyx=8RSxGITf
zub+YWh%O*^E4R+&o_>^N?}`AbM#@^?t5He(ReAQE9{XxW48v#|Y@>dAi=ebj&yB7B
ziOMR`YGt|90<#sDufEmH9<D|8CSVgp-}iJFPNO_GdRvwddQ33JqeAoane8!2U{zH!
zw<$Ct;Ou|KovBEt52;hdj`%)hX8S<fA@KadkYMvaiAAkCDD65ZrEgdBq}mM#4a_v@
zaLXs99U*a5Zc8{m;UVHGXa8{3p=4>-FI9(=<sI;exT>X;zFA5?6U|S-gI6hj+if}}
z$=liQlKeYvUC+sIX8o0(0a0L}447)p6+&1hMyjo)IC=S$vg6AvbV62F8})D0&CjD4
zYP60;jSH9YLN0-FRt4E@FOnVZa+jqXbsgD2FV2Ffp#10YOyJDX1FQ&HD(^tXDN-Lx
zTl5kl3bKf$=`d56KQaKdW38jwvCBEfqOLP4;XmM-^EAa=KZyAiViZSrib)LO;!(09
z87m*7T=c0CDdV8p4EHO%sUYV!&(NXexxIz5lOqEu$7ohLzk7}}niR1HJ;oltI4F`7
z@#6+VOuuVIN!*L|(Wz$jO7#l0oi4E8m5=I)Ie7Scown^Ov!-qH@z>+wbwm6@cgkW3
z{K9D#gfMPyGzj5uZvt;v^`5C>i|C)5i~^x9@}TMh#T+bolFoFSw<e)<*8EY)v?F|o
z`{w&+C*d7fSmg56N}BI4a~=P572Ol2zcKac*~j8s#!JXNhHCP_hzv3pK8oVvi0qI*
zxq+|(3|)`c)rtP!O+t+S@qHisSHAbJrU-i9`&B6o`rf~ZEopMoX5BYkqKTNLtZB30
zF-~Q2+*A&{|6fhznPkIM-bhX~6_i~=FCv(xPrC<g=Bx5jd?!k90zV<;55BvcxVm?>
z@Fv<Aye{RC(&1y;nvy4(U-BIROiOo_9qU8$?QzTJ<WK={kV);B9y7W}t&-RtHBU+q
zf8xClkOBCZ+KkAU%>Mrojkxhkj2{Rq#~zJChAVc&BEv2d8)zG{W~*o3gPxK1OqO!Y
zV#P3Wte$RlP`zS45W-R!!Uh`uKWu5fM>AQhC_q>nP+5N^Qta9c)Cj<i*d22I7)N;l
z^N+dO6<mPs$^!t~m40=^CpC4{<fCs)K`Rr36N?XUW7V2-=oa%SEpm4UBdk14Vfwza
zsO{_QJCqE+Eo{%rUuH(MeR8#O0Oq{(yO<1-Milz{yO-+7DOS`72K?DAMDQo-(1|LI
z&{lzG!@>m0#^FQlEo3&w3YyFA4u`{u=G~R%9YRkOt?7UUnx6lVnp$;Dn>WyOJ8OCz
zgK3QZr6rFw<X?)*aRuj;5#kwkNVh$;G2{k>@ewGD^ZCrHPduMIHXo{G6JzK5HqeNj
zFO?477(S1B#PPAF7z8oS;M~Q;Gg$ut&0zn<_!->X*bI<damTSwP%6Qj>k3z3Aw`yZ
z?^3!xF0iQbB?onLjfOrAJBlh4xVdnuY1q4NvIPxHwiTOfuZxk0Wc3-8hI{;*3DKSS
z&nx)PR{Uo=|7n7s>Sd}$ZK*a_o3bKf$KTdT(lg#?;&SP?LxqI)rSAy;iD!&D#g?)F
z-qbsfj1^c2YSbyVsrM>rO_ZQp^aOpo=UNOrEoYKtDGt2wA87uhaP045G%E6Ac660h
zdLGMUexg!Pnus1G*@4nhY0@U*iVaG#3Ohyg2PXsYrr1*=`9-l16L&DRDKEaoPJc$s
z=_lV(y|#X4jJAG&6PU^9$(N`2ZR+(dgSP&pBFe^N1^iFG?A5uGBKtNlh!!M2cPFLP
zyfduGuTCdVZr`Tt1Rj;lxfY$dOVKZx@t&s%kV<G}L_0kyqMa^Hn3oOhJlGLeP&1Hm
zi<1Ylw*SJd8mE+5Z(fpBBR1~n#>8<){bS>fjw~@6HZ=S*1|Ycu*E!H@#)%=&UNiTf
zGo#ybJ{5eQAv-JpHVYP&p*$bSqF+g7UO~l7KC9)WCg4yOD?gZcAptTd2X7;T@|nMf
z!%kQ#<rVuZlqonCUBpksihm_*j;5Zr+&8_g+TD<EjVTLT8*M4SC}ZBCj1AhsNb)un
zKM@9drVE0nL=WcXZ(I_XXVQK2FXMewN$@%u??@c_2#?N5B~#E3^*<~Bi=jR=Mo?Cp
z8W>8q#$>Sqsa@zxQau|_#-D!UcK3?zw^#4aOg{Dn!19cZ$+jprfp_zmC$r)CuoS+=
zQsv;=kytEl|5{+BYT}o$U$4Qp`SNd$a815E-Ig!Uu_L{2!VFb9r`G%RI_SUf&$SsW
zTtnVAV1!BZf7k@ASUpAmcW7N4@=K=X5nme0KTpEiw>=tnU7b$Jtd1%rCqP0Y<{}2}
z^D7K+H$q##cit<+Pt1!>PK^}lC_@gIf~4tC*^}5=iX1H6p;}s>sXJ8Jx6q+_^*JUl
z(xECjiifJ69je2o$f0VfnJF=<Ty3sd9A?+Y8Yh2Il7Vs)>)=?A{V111m+GgeKD(n(
zP}8ua;T@VDt=n@EL};2Qq$Ji%{Q8@0ycq_k=7lD~U~y>4&2P(GXZ4dEbe4T=-0d;Y
zWyl7v%CpCd{w*m?Ga~VPmzeC-(;|>()50dyX5?A<822X!GM`zeoY>QiCXg)!Oe;;u
z?&L{9=k_$f`zlgoj<T2v0t?7}s(m!i&A(tUrS%eW^l-_;tlTs@2CW=e5AgZdm=Kk5
zX+qRHMxs+CBod+!BSIh3+_R+H`G$14UE7dno@pRTa&gQ~v;AlXL^1RL^Niiuwecfx
z8_!2zR_;0uhhSs^=CW*2Bdi@`62|Dg9h5n*UUIOPKIAq|Hb7?C$R)sRel2f^_a+}I
zJYPIp$naUkbU9BnB&{3<80B>+m;aQ>Do|)q1*fC{<C!pv;kWzAHrUJXWd;x%?{&)F
z!*Fu8054{l!+5b`<i-AY3VAUWjpeapB$nC<+C2HexQL-c`TZ$$bYgA1-#2`oZh1Wt
zONiXA(;l_dB_NDFUgu64KCVB^a|iovLcT?{EO)UmGE{5rXwgkzhakLxv4oSPQq<4M
z_$+7Z{ISu)G6I#;?3~yfKDQmi)=+x{BIv(eSiz1M_vXrRA088U1FSXYu~j;L%A{|*
z386dx42N^v_7o}bHshOusBh#E5NN45N-XEwEVgRWx1=@>Z&FD(Eeg0wVY(^d4e&H2
zXR8?el)hT<t7f&RQ$<&}Mw+ylnJc!<-;8^ReX&%Cox&{1VJnbwh-9=1jIiZ|JX=*U
za^D<Eh6k&qz+4NjGB9ER9RF`0=KLiK`{EW5=xq~#9`y!Cc6P&nFRKe9Uv&KD*8rvz
zgmSi=@&sRK=$0_Eu$3wW-*h7sE#-!?F{R8SZbl^XgmP0Yepd5{>-Zn?h)ebA*#4zY
z!trkMpJ<|`QRkU=T;a?0;ZRUuK5Ii>W@5}heE14ItX8|K52|hOshz*Q3g1?+w+#7K
zyvFU)%JSE=X+N{88zJz5&CH;9^d%6DI;%Fdi#ihj-u)8mZ5#htgYPp*d8iKHJ(ns)
zyqE0F5e=eEx$ZS4M0MG$Q!BQOj69``+x?X!-tb)QP$5D7C*QHWh<C0#(9MA!-cA;4
z*4;()?a+lmf`dpl94Hqndx#z_Xt(6)d6wN&80U#<_KF6bk7qFKN1ItX55+UfdHNb-
z1tQV^9&vpqB;UroXjY>Y2Qsz9yGdfj62!qXsoa;8#iz?13I%28kwN4vah${tT@ZKs
ze_W~`nOJdolHu;@k`%dnZsA0Bi4DckP`jka=*@8SO+T^Gm$ECVIq)RvRKqm>_Tr^a
z<ACuB{7pzOjdYyGVK!XxI810#$L_ur%K+P7j!kIN`o9?dGb1nlg{dJZV9sQ?GGFT0
z_?6isa%J{93Rh-(x-tzedBYw~=#mF_R666*fp;j(a0PEk#HIJccX3=gb0K1R6$T7I
zU$vTsGk`ppFvE%PKLE*b7vpC8+(Qk`w(0-IY~Sef7qhKSn6KofmtnRmFT~CE*Ruc9
z*`DwF7qe}XaJH|#1hYNI>2U1|Mg~8JpK43>di?#v6%_l{DMI7=yrj|DrL!1&V5=S~
z==?Gs<d4&<6Z<byJU^+FEKI|f`f7)p1s3iVRVk%<+qmR!){t)AqUq+hd%6J;E1JfL
z7{xsIeT?gpj9&2+VEw1;w)ZQ5MI6|h86id%)TU5T?xoMOvuOKk&(;L&Ui1u_IJ;-q
z?(?%7+HMmm6$_9x@p2FO=aN|}043|x^_bu!&<pc7wAEti?>s$-JoMYaGE^*v_{Pl|
zhutrL1cqE=E$AAH>*<bykEnKm`DuSL{>!4<dW-VLi|8$tB>LBJcXx~C?tUNhg0V)O
zKF%s{En}`OTQE2+h<k;aIQ%Vx62qxO;_ShZ;pE?y+!qZ|s$cB98I5P-pwqmMv2?qC
zV13k;<UulCM`8-iV#SN3(mC4%4d52hzZXx8c@3JeGItovSf6Xx4zsuZ^V!5(OnSdL
z5$y*jxZRBeH#-r*B|QtzrmSBtT(u8+@0&?iEzQz%wM2Hd>C^6-g4ZwI#xw4@%R^1P
zS1_qL>n4(#r^=)xP_p)9Qna6q=3mDwGViTm4)1wr|AC8F`F%#FP@6Xf!3k~q$&!1K
zWGN@0J!UT_AUC&DvC0}^>D=;3rondsV$Mv71|I+GC8mP5af)$;ChCrc-3Vn<`5mMG
zFg^=)jK4XWdm2LbB#!P$AU~jo0~L$(TCo@<G2=588`5z(-^R*F@@cb$a6NkcHYR|?
z<N3mC)E0k%=T$41oZ+7bS4e34`KVgm512UVe%Q}<&XdjS-l9TG+(-v&{}O2Y&-2l=
z5)*g|s#l(7L~;fE#5%*Z%JQdmnd~e|s}+plOJARm{uR09FPs?c%S&*&<cmnmQrz-Z
zr9>cC(0<5_JK$7}ag@95%&KMs`haZCq2a*h9N0IAN1TH=WTHkG)5eOd;cm+cO9!V*
z^B;OBNr;^fQR58CqLRm%#=b1op6hcBcilPJo@)%a>v0;e-IJAB89IhGTW0rr<nlrR
zEBfZZB;E31m}hHvx~)j7zq@ELDz6S}hH@Hpu%Sn9FU^F=yZUXfzN@s+T37v9SFw3h
z-~HQv6R>u7l(s(<ui;1`f^tKItM<&)Gu~~cYnf<*ZC2kKaUDOcyx<Rq*AcCtii0tl
zi32kl(M-gS=zScwz+v2i8+5a1v25CSin6sBpeXw9MTObnotZ-DLHKPQ9i?6Hr`mKK
zv**F@@^zZT-azJ`*dVl-KvJnhX+}ggz(WvtQWxRW@>zBSntV1?D2c6Szvvjs!v*q}
zP5|5lRDO|#9i>U;VF5^8771nZZL+%Mw<!k-{v>a$z-ZcTpljQd>L(amldV<Gna&k%
zjrsdeL>_?r{Yf9H2}I8>;}(@@1)W%be|-s^iCSU`@+H8OCuZHg#j93lkZRQrZ8MLT
z&x19Jeg`>!47a=?z%SnZuHYSr_IVb%-j&n4nKbh*6EBVqWseW?#|XB_$66|=tjC<%
z>9G1R_2BR^jNvG3l|)n!uhI~zzm(0}GX>o#G<kcLXXkpmA^1%QlQOilWHTeM(yTc-
zwEG=^Ng)is!1CO|tdHguaW7@UsA~>^U||bK$Nd!N=4dwD;*hn8R-jq|rh=tJJxoJM
zM<%@m5x@J~XcI*>oP;cqD^Q>-A?1aed$;3LUdAfl&dW>%Z!@{5xa_UYoDE{d|BxmH
zZg8}R@X}KGRB^4=8Dy6Gm7GU0_)7VuRHpis_<h))EBgDZBdFt9>Ad5`=?OX}kCKPe
zjmCg%-QmervQXQ$KZK?#eQm34Qz#DE%3_PXKn-pOVz8|?WoZ+(cbEizVfRS-lBZHM
zKl&p_uTQWJYr1hA4Mdk3=l1;Hkd?eTkW6`ggT!ylGAnl<8zcmVTABCYP|`g}M%RkG
z#}gWu^oa^t3Bf*5N}Eq51Y^vFxan|&ZpU-%y@4rz^h(sd%0C}4*fj`DQKMn>>%YiY
zI59pw7M=e<g7a_ti}N3o9Lr1m@tu@p;9l4qSD-(|-2OovEaT^wse`ES{P3?xrDDuj
z$Z8iiP~Ty&xT>EexL|u;dAR9JHLtw>PS4MI<uxzCZ|!I9$9T)hnn#M_3J^!F@7;Gc
zY36tqf7@eg-YOIEziNA|f06Tbp7>;qJD4)i6|R)RwJyLCPdlf$%9$N@lviRwiS#*p
z%jad+-|5|nOZ8v|jDJRl+xKWh*B?!qcn3y2<Y@$H$$|v-nf8g&{+pF%PtZwuJHmU$
zHu!ZpqU#M&HTQ$%*@L}Plv7`1#(0mt9JqAXpSz7Bz)VvD*B_*Gp%N2@VZrk5x=~x+
z%K7Xn%F`PTJ(@07|F8!>TpIh3LQL>(G?uyD+yd1)j;LBE5Az?;!-D8Tx5lR~Wd5E{
z#x*c1gC6GDZ?ct6-vG^iARL>FVOpetfDP`9YtSXEsgr)(1r1t<qd_nenHjTX3(9U%
znWE2bvNk0y?cLY+HfkDS*+|JAQVNIrIQN)He7IR2v&i{2MbG!|$|p-A=ewbNi&7-t
zBI}5bIG~yD#$+A}O|8%(8pPCSXxda39^!`3U{;@j8aAw$%c!CaPx|d!K(3RgOGqs8
zxUprlmiDeloeW?09;|&iajupg&(p+VFq^4dhcnTj!#Nm4xh5up$=GCF5I=m|enQYY
ztf4<f6BeiT1bptO8{R5KtT5w^?ORyfRP<jYQ|L#GLDSMADn(1-JYi5R6FHRak0TfU
zd%$C#pd5LWowXTojq&C?9wp(b>1*h@_`A~QZst%J=!=f%KJ;Y<wsBE4IUO;tX3_sn
z64N229=tvp;%O$zrL+n#AY`x$4huZa08H3JB@#CvD%8s&ymQAEc-$?INQrcot-SFV
zS7f>6-vH_lKd$MuilQ%$vJ~I{c=Uf~$o^W-$}t0R7FP)=|IGb)PJ1-e0_}1GQ{R6O
z;R9Or-hCuYPM@DlWF``ESAWzJIefquAP^0_0h+IsuMS*qVC_UdZee-$T+vVY&m&%S
zzabL*i1Gehy?1kfMTeH33y0Mn`rxREqsAG6qfTRd)Kl}x;AsEQ#5mfD^XC{<D8r26
z0FoI>r!*j!N9b{zKX22?NM&V!w^n+QH9K-{?k;06GAo+_>Y+1dF&j&iReE(&L#$FN
zQ=`I@;l;@Aro{WgD|JMdW}6#VlvmYhF7T;e17*Vs_r?a_{i!uLvJDz+`7=uThFy&Q
zPD%2c6CV>owi|=uxRUgk3~R$62yVoxRYv%kUSSCQRA*BCSNyG1?E>Th{<@aG@63O;
z$G2%{scNnE!XG0eD%#&cTxL9-UuM88Q{K9Rov2y=j@YZplxO(EJN~URVvXkCWGk=V
z&Wu=P%2eJk>)%6J{j#X~z#1500SdD80<42eBIn@OmB90yho7}W#vl=Ifp6p?79B#R
zzBgjDE{$suVCut&spx%OJ}_7G?<2^3;gWH^m?OL0Mj#!**(n9`e_X+FmI9<=VP%KF
zNEjyQ*LNQt#=8f+qO-sf#hO?ii1M7C-g&HR<@0Lvm^w`6Hp#caioMQds+ju$Y2O@G
zC}=pZ{NyEszX_nh!kSO{F`87xq&k}h6bh;ZemOjVyFzr%#`=PQ)sJ~8gp`MPVYx}@
zc*!jq8$Z>H+>ZJ~B7ITBJSeV8{r3Y?XssU;zkAIy@TWU)9i}A`tya`0yRg7yV4A|?
zQLyOHj`sjzOp2i{8wR;xEwJB|p$pNiwbC=hC4a*$X;r2|L7DsiaQ7zQQB+y~aCJ5s
z2vnmW4I(7cK*E}4O_LxAS*U_e2!ap?L=Z#-1cYvgf)MOPDce>?(ZLZNoY8StW>f@4
zNeCo>8;b}o!=^$t&5neyrT_Pwd#k#tx)XxVJkR%jJ~O22?(4bdo_o&kY()`Mn@rCl
zo23b!Z6^jRQs>WI<g@@mTc#8TV#~#w>|B7S8VT~wemHV1P)MM2^<5S?A@~OQr_bc%
zpUye(4h!ne8{tfq|5WV&J1oR2z8%K8(>junq+bu|SN-PT{7n$qwF1<FemdZQxR)R<
zgTx^o%Uf&}4|)uOlUeZ6w~TmuNlfAeS6E6NFCpN=IKK1@0;Mp~9J=JWU3oRAmB%in
zhg-rQ)DHo%O_+Yj_6c<{K`7->k?CTSMiz!a|B)`7<yaT|Fq+59z&-$k<%&M67NxJT
zs~0-X$@Q8)nR4&cN%o!IjOb4$xo5iUI~s3w_rjS3S)vTq`hh~QFEb0DOrJM<*4?uv
zJs{Y3@@wH_Ieo9tc&qCk5I|ZIL}Y!*nrRi%v=}RUCQ(g`3?|qG6wEVlsC7kaY*&H4
z7mspGHx7;|xijg7KT~m`g$?S{j5Mf9k>IW-yC`!sr=ak4o~u!2i3}@jln(!+gkdUa
zO$RiiEj`VE76Tnaq0Q!Ds1pq2?s7K)UqcHwk}UuN<$sS-oAZ|k36Y=4;E1O$(MgE|
z9x5XH`SmP=e>}7|+6}7Lq>24@<D1+!^5sH1dn1#^Ll?4`OTZ+j_Yv9P4M_AYhy!S`
zqkGc0ywV_F(w;Q?15=Lumq3=X9_a4hvL}sGT>4}$>uaX2Y{(i}dXY*JfT&9Q#NcMB
zBF}M@FZq^y=kjY^owzloOt^mjQe9zkCqh1_cbY5)w>Z<LonElon^99*w&aDt-&uW`
zzTCg1w^@*EOxOq$E^f-&(~q<#v$*mg8SMHK#@F9)cWZl@KQ{;na_Dc&DNU1|COKfy
zf7^cq2W0K=BGd1|p6L09x&i6FH;ukwf!QqKA(9wt3IIO|eCebZW(NmwbrbjW;HVV9
zw{agw-=B~b8;T}TN94gQL6qW=mu!-@iWvc4`V1)U{dgDb6O69R7-cFJk}RU9%8GXV
z%>HW(FwT`|{pTyP!g+??>P{dObE{V_-@#EpjD&AVbyc}k?&r<5klzCQmdclI%K+wH
z0>|jXEdq+n2*sagX_k%QxfY7pkfb6ufS_1jLJAC6yu)Ki&cbFHaWpAuT7TBG3D~sF
zVNIJrn>KBDAxE)7N_RukvTdwwaDtF8AxhUeG>;u_#pdxPU!ewSg_SiC&-0_Sjf9EC
zM%vKcYrnjAcMs*^F(X59R{KWE`<$m}BF8^984B2l2G1v$!Lvrb0{&?yig2+5|Fi?}
zHBBfaTdI&MWjWA4t<#$fKAKI`dywe63xx`*b6S$*3&CsBSdr(Yki)cRIZA9x*D^|M
zNDijweCZ1?B%Z~Ejon#@e<6Bvu@kLBDxMPX_V)3xQb-(W8ii52n}o<ej0OTx1)JlP
zuL}p~HYsYTfi|~MX){@#P}<Mq6#A?dXMy6pq2gAP;u_G?K6e*#a&{T*={xoH^l6Uy
zri{?VKf^M~A7||1A`&8B7^Su;9=cfPu`^DN5AT)(iuf>8#I`59gx<rn%Z4vKc@-gL
zVCnb|hwO0tlY^nh!&OQkRam9J-&MSSXyiK642O$%xEa>CvXQV}P30v5JW~$STqB;n
z9Qyq({zkut{zg|qzn{n7gH~OhL2fo3LpPgSm5k_IhyC6WhP-(vljZR8jho1YW>~17
z{(DG`U`C{MuS3oj?^kKaU3GjV{QMHACkBc)X?Ar0Afg@$@A&9+d^}E(MIckf_gO9=
zlq<tje6<xlZnaRZjrh`6N$h&yRQi~aO<_K{Kxa@kt+Q)!>tp-#cZL;Va^DNm!HM#>
zAKN({?!0FK<>`{H&C?AJ@pN~G@pRDsz!*6Hhf}5=CBV<!ulfKmcs$WFe_xHRi}`EB
z7N=D)7rOu2jvw%4D~8itwLf!3uoW^QS>>C<-9DH@lI_B1=JsLvH$C7WLUED10}65~
zv6hd&MLm_wwI+GyTEe;gN?*4MgIhf{E%?WeqJc=W^3EEJDsf|w{<kC$m$?yb3$(Ll
zD^Bg<?jW~c3*2nKzn;zKK2a`WPmrs*7_6e!Kkm_rNDj5^PJV>~xwa(FE1i{v*La#1
ze~R2%wti$sJ25k^=a~cGtcH@;kfrVKO~IZjx+>YX-v^krAl<L3f(HAkP`BTzZW^V(
z*C5eJimrV8Onyj(`lqSL?ZWf*w`VlH*!*=Grv=4&zpDcFga9+0rc<q(l`19{v~}=v
zcBQQ`(ALLbsp3HD2CqE~UK{z)hd6j0)t+$oVL}+TDY{|%_)B%zrgu_O@0w~Dwm*NU
z8Me_g)M0z*OP~lx<p;N=fj>puRElQgqGY8w4=K*Sjdr#@Z4%jrq^o~oU40kVBH`5M
z%2Xcl;K}|JSb%z}lUw{7DNo>er*F{wv4vbFNR&B5qr$>2$+Pc;qTGoj!5mU?<_6$B
zkO5%{@-czy5mgi_&)iJLF&C*|tCh)`W=$sT4UlPTC1^w6y`KW$w4{Lgk)^e9Oj@gd
zKkp4vuK-mz*_Ske^KaC6ZdwI!{b_{U4j|;VPrx4N#mH^Dt!WIf;NJ`A#o?_NvpB`b
z6YdvH=IQ(?dRa2hi{bRSP>Tm_LHc|tNtvL-Q-D4%PL<#Mx(9**pVEN=kDB}60|Rct
z(N{Zbp7#+3227pe=(Q!*jHpLj!dQmuzH9kn0t_J)#TS-tP=0wfC68@FKz}i|Ya#*1
z*c#IlXMX1qVK?%|WE-tlFU$xppkA0qgMZQ-^_n<mG6;VnsbNHX8?(x%6k(DU`a-_A
z#;z3;^fKQWNlb8nV-Sj9)h=&=Jm}km8q-<jd2?XVb|-hQM?&z4b%3?&9KZpMC{W-N
z1sGLfRs{G&;TprrTzXUNVE0VXQwbUfa=UHt5YTEKrRIWENj729R1{llfXCZ`#w)<i
z_Q+O8_lA4OetW4l1l;~C@@Q;4$<}(sMG`CyIS>kXVLN>~n{1~}Z1>&fq9ReN+}B07
zRri(DqF}{rjoM3V7Rj&7itO)Mx!<F|v&({SG2HJC6_AN&C*tJ}9!87^fV$}`#_3CP
zFO-|SuhVI*mDkUrYJv$7aB)Q`sMjt3m;RlzQhDceN>`1ltqe69)zSUuO`N{gtXU0K
zqFt=1@F^~WZl$)i$LYcGicO(Q!zQYluFVw?*cSd1Q6b&LLs163QxvppA_U7{iLdfH
zjm19=uTMc&fy#aeIbj7V`@1iwBJNY~+Vv{D?r~(HT4ABitL&j1;8pU}E#xSy%t=rb
zAnS#&)i=B8To5b!dA$A7b-5}}x?<?WbHl<(<Lm@7iN>C|2ZwrLVZGS;j@_t;e3q*5
zS><=OXu9z?ayVlDe1p1-E~K{hM!YbcV{Q|jV1&>GeJA-YV^!|EVX$&ZEeaesET*+v
z($taP#ZiR`koHd4PFs9aSTTuEOmK4#TEY?ew+eEO&klw*^GfB%cY^m0gs*Mly#wKE
zn*@>>E^T7?@IN^x#7r?vT17p21oI4Hg^s$d#i_~e8|6iB+i|8%IMW}P0(X*>uMgHJ
zsy}fTIodNp6Eaa*(hKgomc6RJQ5R-Ycv$_jmb-;ygg$}y{}VIndE;90C3Sn$>BBTG
zP^NGnQ4Fno<8=DO^fCMUKKuJR`HPpp*6L$X$wqn&Z1=3j2EZaWo2@+JO=bx$KNA68
z38|q4tpU_?OCG3-w+DxK*>1(D3*DXJ5$J}u;K(A}tI3^4M)SD@4g1}BJQ?FwK>u$G
z(f{$9E0{&qSww9}v1&7nU?6unQ)2n3ERDXK3UXzPIRSq91lj30<X)h;=R93bm*eAa
zDox=_9z^b2X>J0)mh;p+;%e-vS?InoxFx^`zjBFMyfbf{(_19N3HwiSi*cqEo#r1W
zEL#x8ocz-uHTKWd3NVZ0A(b(yoZkgXoy|zigva)G4uXnyw&8q9rH*UJuuABV{joCK
zV%fGNoxCF@+q({3-yt*4F2xr4!D-Zj8>BNKik?q(=I85m=CzRD>5QI_p^)E;9!m)H
z1zMsZS4VQ7=VKVP%GcllWJ<FrzI8eRW+cfs4`FHo(b?XKmTYfPOJu%J0%kJVK;-yO
zo<NNaT{ciF7+!^U7r1q2OGmOn4chPY#kw*G^*I16tv46;S?f%1F2i%^8UY_5!lrw4
zCTc6X^wzjM*wi+WOJ66~+%*RKi2=RF=<O#E<wd@qwbu<^jgF^jNW<(q$+C@NRxGJH
zIFu^6_kAjdVUa(YK{<?fpU$cW-!w^;zi8$@L63j#eSIq~LyfP?qN$PfqzoV_VH4j+
zD-6kzrj#ZGx*6mfC$jYNjpa<hkuBM9z7ynb8TOFnOQNDFckgDp({A~voeQ+n;pu_(
z#LFGfdZJgMsxZ?!Q^o73bAI&}P=B9}W-#svk>>Zc*U0?tFt~#l+e51eAyCJN-tn5*
zZ9Y(=Rs83%n%PY<%<kxWHNZT3@29i-jjulbap`eXUL_4E#4Y|I(<FP022(_T^vBp8
zv~(sK7|J4QJ<1f&vc0R<FcMG*BmlP3oGFw5%&DIMghSg8RQxb95-^330K1k10JQz#
zOal!-`jsOs4y}g`*ab4bkL7}V?=}@PXQJYP@Ilzla5vD}Fn_IJ<}Bx^23RVYv<xa~
zIZ739KAIHC0cvVp&If5x3^j)hT?X8Kr?E|Q0ujs(%Y!D<A+ug<$Z+p;)Od=`)>2Kv
z1wTg3$p-0%%`d;5VHh@pKLbiX!|-!b75tnGxlMVRil39A$Ir?3_R92JjdqJV4L23)
zBSC)Y6D`z7-i^5J){RyWFzAX(ljr}PY|~EQf2f+QKF|+u*AC=avFF;7KYaFSdQ2}F
zeO>fezhBQz1vf2MqxsTh8om>-c0}ofySW0l!<Rh4QSB8oo1+&dHE@pZ!5h*SobHAM
z9wVvuPVHQwg$I}kgAhnMVbuQQOBTYVX>SzhH@srkHK)m>22oq3InU`YZ2vTcniCR2
zha>a+73zPFarIgkqvLM7#(J8n$LA45Z+?pC8xzSo)d_JCtWz1VMyh<<z3PPDq)d3L
zKyriTJL+DhdzUFyW(F%WrJ>dwX+b*>PJ>@cvS7O_42^E+OD8cLmpM#05YLq0;{)xd
zF4y7#O;q7#PRT0>?aL{t=1XLgZYaU+v5BcBJOS@!-oKHPVeKV7#2yT6)FAy)m!tFC
z+5qewaKHev*(?Qj2REc<Gg>~@ZpJbmH)FSvjBA5^c=Bb^xTWeb`Ce;GVjig;lg;6n
zBnuYCqgf!4j0XLPGyzK|t1tojwf#4W)RJ@vZW?1lH;pk2s%P5EAfdSK`dUn86Yg(T
zYka5bu9~pVc%5AIZeb^LDm$4!>qJlH3@ztXD4!awIh*J9re||1oV4dhsAu!i&2WAi
zj^~f=qBoy+$=^Uipnae}-iP6<d%yy}pJge$__rc(D?806%8l=#r@84djdI;@lN9B;
zVf`t2nkXNfL=)~SHRAD+(;lty1aBknG-QJ1KBEZvlQt8!w<F{ky#d!kYr^VE{qRXa
zI!Tycz)A#%R@u@)^~R(3uQg^=0hDU>T#j<LBfNnbszEGK`Sd5$JmHO1gqk-+o4W1t
z7x{!ux*Wx?D5F|k6DlI`Ck?{0Xz|H4@hmp-4aBp^NzpJ`N%_}<XR-aoYvEa}{~@1~
z=e<$~p2e_n|6M!_v>wvnS)@Vj=U40SEYe$s;aODt>A#C-0naGPtIe_-HFxXn&PaF`
z+1F8hL+~tc6d0bxH$T-U!qDPbO!!A+Jd61Q>XPxraQ_9&g{s)!g=dj6Au^uD*8X+1
zHuk^KTG8~o@GKs^D>9x%+y8BAUyS-)coyG|*Wg)P7)xpMsj(qEi=W3D@GR~buju5j
zOQCPI1;si%i&t2%qqr_S3!}UxSD?Zc10F&OA>aiDVN1-|-zRJt94>4bU=X%E)Hj^N
zt6Sdkc1oS{mPafoZ&~lu%3FT?D5AV2rWfIjW{>&<@|GLM)gy0d^?U?*OVuqA<t-PT
znp1yKSB<<SIJ6#l%ceUt@|K)G(W80L;)cpw=-emdc<(FF30H2u<M#<y`iBcwdK!c)
z%X=H)XEV4k`N|hPBgt1{KcMoJ&sIc~ue{zI8OLvO|A2gD$es1bS8`TFkgr_0If8tp
z+i=ZnzL%sq_U*a#$X9+FrID{JD5SGFdr|%J6~!K1(8*VFQ*^?W1VG^n6Rw2zJC(0^
zr=_Y;#2`9uIf~gwUF+6ol&##R$W}B!#C=7B+rY<C^eaJopL;~bBUZ&L_Ysa!{(JXu
z@yd*PAc?bW1&E*nu3I#+l_dGjf=IHJq`G7)q#P8iIHe8LKGGYKO^s#(mOSY<aGyh_
zqCoy(WJD|DNWjD}GbvgX{LIMc#HmJf;@n=G*1Q<Yq4Fs`KCwvFq$*-b0uc+$?Yj4=
zfCZFeLAWAHx#nu{We7C1Dat`!Y>IM_9Zm^37jWmcD;pU4E$khrHQ8Qy(h=BUtpnY3
z`-=ug+F}RpfJ^HMzT~key+lNVK0HIAL@>Gq@{<MEC4G2D&pCe1)g^uK|BL)1&swg^
zI#_+}uCG2`&nhM~P}<QFq#a2ny@4rQ${*-qkU#5h<zBpr<PmNqBK~l?7zuw^m2V`;
z6UYUVbj}6<<k}lAyYBKG>Y<Ofjz$9n1^_8#TBZBj6^oYWjE_vp-QN!)T4R^~+Wim8
z8FnjV-en_wX(ctnQ$A}5)oj{?yVYn&k;M9u5Z;eJ5y}=?ul5tv?WXn`_AaLv$TVdF
znWlkT>X64=kYh$MkWjzAQvia%F?kI5Sd=gO$Vu|prC?A#Lw=Ew15c+*u3-wI@4?F3
z$t-5uY-A>56d2m!JL<oKbXSd_e|R1Q5<z;DF}ved-CNP4EJcr#IU!qfm>o)_hglLF
zO;ZMI1QJGfgMfdT$M7%7-@w2?`#?MRYMvJoNJOy|mz+j{MA1lk{LOJ|1QL@+Qua4V
z24BZC;Ru#+s2c<l#bNx8m3hwd#*uLm;El9MF5R}cn>y1wVf%(oMp266*T$ad3$|<S
zME_}sRg!Kp!K#e?wl6ho`_=@~>p`FO1;e(EqPG#+wUO}!s8najunk<_);v@jbVf34
zLu~Bn0vcMlQUEopvGU{|a~qr@>Pv3yTa5ql+PTb+O#V2O`t=dKxgiDAp6(9lU)zgn
zl%4w&hO{^1UPFBa0~26D{RL2fP;@RV@~Ss!MWeA47aAqXL&>$(>Fcz+H|SIhT5B4i
zm~3SzOFffWsJZ_H?YKj3MY1ckLnljLRTL)NNtCBMCEHn5{wM6{EI>Lb@Be!m7kG!%
zvC9lM`V-Vrj||88bb5)h=r-zdB=54pAsyKbgT9&p_MM>85i;lpIU{?e7OFC2_*;o{
z%JsoHEu})cL1%i;<m6vIrFMVTTE*_~p3fb~e~=~Hr7d)9P+4!Z`zwd^uWoQ~{s4tE
z*!U&v#qOcK*iF9|pJ1M=n#=jmlD)X_s!@8Fq-weMfCOz6bHbqPdmYUQ^P$Q!pHjO)
zajs%cH~@lwV8OlT>NFiZFH`-7o9EW;Kgz1JDAaJeSK8?PO<t6<Gf*@20ni@t=zL9f
zB{7+RmFIp$@b!3tL<Thcol0NOKV$7+RDc~#0rgy|s`(sn(jz$pfcpws{TkWn0Wd`!
ze~X5rJ}?jjX(vGKwcqJzWyO%?QaKPripGTj>s2HFOE7rLO0tB!W!*bC<SlEE$>1#u
zfc{YY20pV&K^hy$Q58ji(&BrR4ZSY!P{;MWOpuENYz~H0%w%i9G@-PbFKq(6#VN?E
z_oM{q)gb?%)>>LmN;Sh!$+x^KHIi~9hPiCYMF3+!oWF8&{r-+l4rl(35>$Dn)(w#w
z>c96`I4t@kTRrNu#(ukRQr+E5kUvg_k*gG?q0_>B-TY}uJ-%*6*5RtC6L!SkTVq%A
z0#JfMx#U2@8)~0i%>{1lFnTb(H!F*)^Zw>JJ`GGWsS%3Sh8OKUp3R{G%cN`TEB4Vm
z)7GJ@2<{lY4_LulX@>t*E=<Yr{H^sX8HVzMUB^(ufR3nBYk3N_>p(h7?K)1$zYbAV
zY(t19M!Sx@Fcn)0jP9~Atv}Ahl&<BEUPAoQY;Vs@9Rlfp{!Y)7=Smm?sfANc)PMI^
z^)fY@jjHCdpwnFLC*tERIUX+>-q#cZojxT71D(TJ4W6)}p$Quo5x6sOJ8AmdV17ud
z{ae3a&_BndDp~q}3zs6NB-V#*Nj3c8-s<#DYrsqvs55EO&g9LR*EN&$?o6obuFLsa
zgOQT{Oi0HAdkfZONjTjx*HAu9(b*_GHI&NW#wrKLS%&Y9M~5pzV{X+-Y(iPw1g*5@
z5eHmqE8%5|BnjTcsU}f=saB(pH_gD_<_xI~Dn6?mLo}+@8*=H+|8P36q!~tgX`?;=
zV#S`{t=RLUbdKRfS{P2`<C*^*d;W<29xk=7-`|6(@L1R)f<3?cVQ}~0mTgPzsBddA
z$g3EQ9tw!6?i*DaohCmE)LkOss3niCn9<z+(}$3;=%=e>21wx+$s3Ewu6|b`z#GVn
zooK1*Pwwh{-8S_ja_YCK?^h7XroKag(WbsjF|(<k5Nb|VZ;eg;O&L0y`oCn;Me_8t
z`t|SY<i}=OjQrS#{Z)Rf^}{-T?63W`{Me<3>f^^|^=}|Q)=FUf*q1kI_^}c85I^?Y
zrTh>-*5Cd+__397A%1L6zYssRiVN{$WOc;3tr6I-df1)DLy+Bh=2pt?46}x@JAe6|
z>`rh<7`vnA06!me9UP#`9@@)7{hVJaa6n@NgN-ay`<olcLZ#|isQcu;i3$sq8qPws
zp08n{EXYD3_Y@UG$3u*l`mGK(i{ED=FSRFRjvQDHo8(No!b=@Z*YHx)GwEiz=U%c|
zmK*t}-MB5H>3;pBCSQ4uSAlw>-5>?vKkmJ>dhQ&!?%f{cIXii3V<45jR_|Ka@|B<M
z$$XpZNj>ss6z^yeJWPzDlL_{HXVR``GV8Z6Q@AX%!lh;V-{Qh8%<|jRGoQvXKstUc
z3p1AiT@p@sha<uXpKwiHEgx95`HWM`Q0z0}R{+4*fG|d_?+c*2F<3tSFfeK;X6_fP
z&WBf=#yvvbc_JE_2|9emCk895+Mrs5AJbwh9qUSs%Pb<S2o+cf3<!!HNrbzD*KO$v
zwCEmiNrOlojIK~?qxJJ#bMIxeWzqxmYWE(}2hCDA;<%orpn(?^Bm4VxN{F6FIlT`f
zxQxnaZCnT>3tJ1@s$!mqHLitO4PFaPwQHfrfZwqepedEPsU|d$L&dN-dUC$on&Lkb
zJ}6ZHi#jqJaqc#s;1IXqKNe$_p20ER$(K-+;8yX?SZnZoyepnBb+~Ratc$sW*keOy
ze1O-?R%+_?%vMVH?MgFS$gST-&R6-?B0J}w6bzrM7h2V`X%)`gtmDkDwQ~#9*^1T9
z){=hLHCqMh&W#G~+(Br8wm3n)eR&T!A3@RT^<xy)zHX0MDLMi5g)}A%fBRC{j$D7w
zm`FQv&L!B9$$aU3mnh4$d%m4hvNFtt^JnwJvNqyN`;i=<%)Qs;?$hFP_uN_Y`aBrj
z_&dI|J?K12SD~!O=fe@->OY<DRPfPG$rVY|jN42B|88hCjzgR@U<tbLczw7-0goh$
zhT<#U=0F5V@OS{*L_V30nfJ8RWS-6n1`iKp8#r(quz`7bU<i>C3Pl(kf2vw2R`NnR
zd|!}Z!q^0K_QM3Q_ltpSaPu!><<lmOQF;}WPjsP`_oi{#afP9{k<GDJ4k-IIrR@E{
z=LqW&%UvpyeH_K8J6l6e@}9IpKk2mpPz@FsbM+3jK;V=fNul*^ssXTd|7SHJ6Y-A;
zX;tL@H}wNozwj%*pK{1Y_0t^kr4D+?KXO-n`U|N}*d&C2!~^r26yl2&4U5sST8|)r
z`?#tba<pI=pV(NVTJdUU>`!2pj#r*VQfID3KOgf!!0#J$<CQx|rXCd}UEmhJgMnYZ
zts8xWqVh576a=mbp)2MklFCZkusKhvRoOucu!HaSiF~h%{K&4+#&_r**$GLB&y<{{
z34vb5hxS`qguN%?`#NNi;vdC_9#jPaj}{~_iE()SW@3|(t4~f>wJH)b@!9tRDmI+~
z)X4UR`wPDR()gXVip*Yn=lXE~SxswE(%!H8DUF2VhEAk7(3GY(Zlk)(?%o=8moWqA
za>*ZOl&=X@WhqTo!4n6W=0^P3GQI`5L{<&8VkEh5lJ6w)oeJL-T7I$s6+xGzAP^b6
z**U$F6P(@|NdQ$y4xOq>d^@SCEdG2USsB^3MuFy2mkYry0R1mIPPv54;`HuZ5nMqz
zc&2bVF1QW?UtOnh<0dEB+rt*7(c)Oqfp-LNR)XLip6WSd5-xl%_|gfbtE!Rz{IrAg
zYoUb$T;OOxo-!nug9&s{hRZ|Ot0brNMILbU<a%{QBzF`lVIVd0@MJ8N%gdijLvs|X
zpeVa07+;J~I)eUa<LMhIDdi#6z;iIQao2=o!^>7v?=VZI)Z9C)WuS3pRUC|feH%as
zJy#|*Rc_x1HR&1T`2gNdY~BZJvVFPa&X`#fNF>2CF}S}rxX<ToC?BjTtzJ@!4=U(U
z^jrDDL+FNs@FD)`B#ky9|MYbBxS}N99!fldKD1Ct&h5?UGowWoO6k+d!NM%k=b;wp
zQ)~M!VNfyb&u2CPY|!J=IY0MQZ?3{9{~+T(3aL~*>(c4#msVNGffR93OZZ%97QH+I
zJ-{h0RK@J1r;BT+Sp|S5hj<k^zD+d0^<+Ln{gAieB|)D(wyx|^H2Z-QYW7PvhG(y{
z_86MIB9uMQHavTyy0XX7><dHL-?^UbjcE4dQ1)i+!n4QJmEBCUzkYSBlD+nZ>*#x9
zntjc2we}I#>lpbaH2cMS3zh7a>&YHZv!{k?&%B<-H>26PQ1-bIhR$49cAjS69#FIQ
zxt{D6n*F&@_Li-$qwlda`(2^zdv3ap?9nv)O`+^@Ev{qeTF~tKkEz+KEZ32p%n~;a
z$(<-w)=SS<OAdU!pEf#VZvkq5sD*}V4ZH<GnNpfi2Kn}5ltE7ATYz>-Rg8_gjfu71
zsEBTT?6jXK5ay^?0)Qd`nm-gdu7dD4^_G9uUq|`tZira^Hyy4~KDld8gbF4y(Q2Q&
zZpRDaG_5lT$;n)|L51UKh4WZTu)>K@VG2|@!BFAU<@MKBG5%WhJxlAG7`eWa?XOv%
z73=Fs>w6cAsjt4lw7w4_*SGkZ_2GO?Y+<Y}tR6OTK}%tzdTuh-(=+n=Q|e2g^^K^z
zzW%hn{K)<K=PeDbuNdL?p-wwnG7TNliE_lMyBVw2pWk)NXBS$zEMKeg3|jfo$d$j>
zu7T^vLF+rz(E1icuJ5)8^)X-zQkfKEBW%jVgd!ztzqhfNL!b2ER2O&N&-!8!fKgEa
zc+2D}USt*=3uN~#gxPi7O!(;2?A_|_zg`J~BfTj$vn$$OR<XuZfp0n*Ob`<=eNVkv
zF9yg@1r)<RVNM$Ix0>a#9H9RM@8bv$LD(`=1u|QT9J{%EJPyXvvlY9`#Le<vZD6P{
zc#i;hT!BFex*HQRZ1syvdMK~1`0XIyQ$y<m#?L##D)=%<r)nsuFLH^RUfxWHi*)rL
zZ$MWQyd!ITbA!@@HGvM$e+=vy>VJ<<SpP@Xl<r#cFJxCy$Gb|tc{W9rTcsPKzfpCe
z+F3Y479h16`#EZxM^2LbeYu?S%<+TFt?x~~PAhhD6fa+wzP&E}j&<Sb!R3=~yfXZ4
z7Hh{V!{2zZX1v1EC;9!4XwxV8zkfuZp3Lviln9gCROaDEFJ+~KX7;LC35lc+D2P%u
zNb^x!Pw+M;s~y4TO<Tncif*2G;TOR>-z?a7Krs1`_6qhY!8<{QA?R^CVASt}aQi0F
z+ab?8o3QFjEa2w7Ty7*t{}IYh#0&N<#fO*hYd1~hXO&ImCzhS%=ai8?&DjcwfqCAk
z<{Uc-pWW)~m1KV<UOmUpZr6=`mrvzg6;t`WWuSTX3{nAd|Cq`z!5xmTFflgrIi8xb
zThC?l8%~R+lVW1+a9_-P(J^`p=kDh8rEh_*=b28ygO1=GD~oBPZL+(CP`b<YClEYT
zJ`Wqym5+~Hz9GS>i95jhf>brzN%h*zPA^n7yHz*RMDmwZ>GqQIo3!u;(!vVBv2~iZ
z2%aq#k=$wg{mEi<n$88H>^~Cf06sPJIHDnYgGl@TwTA8gnc@2%S43&h#eY5r$LoOn
z@Z8>9pvgw~l;3+Ebm6K%%q3OGoB;mO_i4BMazDuNG~XI|K&G@;I!}s6FK*--AMMSG
z7rZyZ6Q$=DaHry)mx-<uJr|=MDaw{k3FSwl@=AYUQ|GDTh0kk9H}G*Pu@-L4vq;-S
zc<oNeDGe^ZRrD<;gOO#XK4xk%N=^uT&S@}<Ek7J3mwz~v1LcNEUJ$iPS!O?|v*&rI
z*lN^z7cCofIT#$wKV43~eK9!@?AXeW*qSMQrD;(qI!W?WndMc_IYKR<-jxD>g|~Lk
z(HcU=YJl++O1HU2lD)x^$SL@ame#_ZBTOD1@ATPxz|>C>qGLM2csadA7LosKv*0;h
zM((!hnf%(Z(*(zkc_T#ch&h6{Ww{`=7Nqp@K&-rTu>;V#%-Pb6c+vB9j8p1kkXB@V
z2D;GNc7veEp9Mno^5fBD`3llimsRvGm{Wc@THgBXl_05b=rqx>*&P$;Y%d$;Yxyg#
zGSe}E?E=AcN=Uv0@-KU}yq4q;rP*^t&y|dIa8!!?kj<IPhE7AoWT5|{^(3(M)O8N7
zC-{^ntkABf)3=AOr||W7Y<6fpw%6q^{%7ZU@@KI8Z_)hlDer$)n}7Mo_2pl~@=vGv
z;ZuHDm%n&hefbNO{?q)0*nfTf2kXn9r1XCl=1;=@>+4@tU;dR!|7re}*#Bp=`7_Sd
zmw%$tf0}<H_FtDjrE`7rr?kJTru`Fi`A;V_B>%AoH2v4*Up}$E_ABe>tp`HuXaAqI
z`42u?U;YH8|1^IB_FtEO$CQTT@2bf^L6?8|>iY5*DE*&_`3tcBy8NfP`o>RLe{anU
zt-t-tb?uL>FMo>Cf0{o9`>)Ht`rU@CpRO}Q>t}*4KNsJS_8*%OYJYou{WsK?U)}#R
zH2eQ)-TZ&jko`MdQ~%4l{5x8Q*Kfq%rS=oZFA;vQ`PaFq1FzUNpnX6!u=*`UuyLp{
z+BgW_rh<2d8GL~x3Ep`MpCn4(h~=l^MZ#EtMxM08M!2OiBezt>*>@4vquCoz(_4>~
zus-lCnt0*d5Po(`2l*Ur%OD)drm5Nd-qShc_OTe*7-r^tPM+{pE-)|6reX>B)@2r@
zEt>n?xg37Okv!8CG4VITLQQcxW&#TZZ?N-8QQ)Hp`*=)#)^{ZcMcu3^im*@xnZDfM
z)a=C5nNp?u-y}gcwy2zPaqgQ%(_Yb2Wf44^@O{OKDN^9c4>3@ap!@{6GaN<I=6{<A
z|Fp{~9W+4ZYUYQ^lfAs)z1sp8Eo3^k3+2b+VYCx}Agp9ei>dtlZBzLvTS+6zNh7*u
zt^)}a^6O4h#8kk;k=`6S$8RVTOgn@`a>0A3hI7Xir<-cs{RGcYD`^?|DCSpe5|T&O
zWE3A+LO4rH#<ITPO5==>xYu)-7fj!ffPsp5t5zgy<}DLP?-2U|(fass@U90c;G(yA
z;B}+FBV24ug=Z)}L0HKFZ?&10fgvloHwe-K3wyY5!ovkA^epOY!82TElcMH|rW<IY
zGsA2@5g4o9Cr0>UYDp&v6MsQS{DyGp%UY%iz6GTHUwaOb_E#=zX%~DkOGK|=5hdpq
z%ehQ`Hb?$hlD&nM9o!-~w(uo@0FCb*#p%ghk)Lqg4?qQ?>C_0Xt#-KARcluF$zl1o
z9M~TR!}mutdN?7MjPg^B;GR`}lFVc+X%5U$ie`>35`L|85V$O6vsnz)IZc(3(&Bsu
zU5EVfY@u0-7lDDNXYU1BbmKEoQp5#@!|thRF}Dp~YReDB2%bX+1z*cz^8aT9$Iki9
z1Yh4A5C!-%P=o6@U<2PWYdYB#hvgoG!38ZpmEYIBueG$1HR1FwwhZ^BFCp8a1L5<c
zou(katQ?8eIT5(fbu|oWUr4Nyk3ZqyoW6<V=F?F$RXL@F<YKbWLZ;Q~lr9S8{%Eo{
zg`LL)({}hy-YH1rK9*}1J;4_IGv!W4O$PtWmW+h2(83D1>2B-c$%QUR!k^mYf$rXb
zB9mFX*h0rA+2w$BV-4IS`o@A2m(O9O<%gv!!K})d^q}bZl`!)&tf<eZWnbk(>#qd0
z;)HCF4|v<-eNypr_Ji!t!aJm4DeM?mLG7uAkkycD0Y#4%aTV8~$BVbtMUP9e{&)1)
z`o!<0$6r@bdi<UAhv{+jGD?rV(*J-SKaaX24WY;N&(HqKy5{GX%>Ui|6fOI`^V74E
z&QJeke|UZ-KSt*#@c92=eyVH!JM(kfmb&IAJL7*hKl>j0z4P<bW;#F5KlX>`r=o<;
z&+y0o2lF%L!hdIeUaqKXeqO!pe>Xp=rN4K6PHv*}Q(f|h=cl8G&d=K=|AYBid%mIb
z6Mi3Rdw1wQl<(2qXBLLvM+C<Oz65@2=h?!PX~e23(0Bo-DZJ|ckq1e-({b9}6mbO|
z7u<n>1DtL&^Ny^^_6?!hA5C-;@;y|CR|I+8ez|5WXmo)4y}$+qOB;JuVbC8>6&&07
zlGEVmn?b>CcP3vFq&-6U)o7>pK9D?HoXH1;@|tMDAq!HvZQdN=bLI(%cY0grC4VcH
zUx^l^v(Dthg5wzfXeWGI_(F6X7x|&b^L*XAi;nY7e&|W3=~pK|<RqDDzT{(2vXrh2
z^Q8k^8z;v-3NO7!^Sr<zZO(I?<x5{CN&K<Vz^WW{CZ8s&NF<FCq?69%le`DKx(mK`
zm^)AURZRYmDD5JXUIVEmzp(TY_-E%IeHnS3olfaH5HOMpgEM&tVM9g7=6TJXrXw^p
zY2e%<a)pQ%f|~?Pc}4Wa{3iI~&r=rD4|-x34meHV&(4x#FB7ZEasE8z)~O;ts~k2@
zHu5_|c#E^@H2Jq>RTkeOelz)J^kxg$KTEQ!PQ#y=D#Dw_I31PlZw1F$S0|xr6V))<
zWTpI%U64`)sfFMvHv`-sV45GxGaW`hi&B9(FZnzS1R2J~-9=Eo+FT=C_)+EWMPJ``
zAZcAO47@IV1<|7Cs%gPdfsFf8FrI{e*X&1zr~cY>@ElNO2Kl5A{7Qf<zxcmHI6TnY
zm1Y9$0qW#-Zv-30@s%r$y1oQAfKKUW)nDZSFl66zKZvTycJ@@5g|wMAi~ES6=$0e+
zr7!+8aG!!S%nZs$$!A?NVEV|!fuii(-gF*nL|=M;x(zP!o<Y$1XfRLf2CwXd^9OVQ
zM>YRgM_eb>y0KLF`P&4^AxKp5o{Xu}am0O0h(>Qe@ixHKg%$Z!02KCvTNHfx=k5=U
z2M!~S2k66-$;TDyn(2f^zl*gR#B+1W5bXpQ9x@3{us+9W-m@B(stMfdnMJbQJj>D2
zZ8KSw0#m8;R9ZE7?=3_L#>I{q08GJg#_ebRk!RYh_A;mRs|KH5+9H7NY^{9HG}>es
zcF~t(5*-KJhv=Xe5#oH&nS91|KPi;7_9DFe&FwBoTfsZG=xZ5AdO=#dhxbe&tsCxZ
zc^odm<PJsX5dT;KwwP3M+Uf0U6X@C}C6PfU?IqX5*5uZK(3Ch+HSS}9Mv$H)&hvH_
z9amfrh*evt_TUz(J?OIW6t72wNkD=pyPHCHNph0EA6c&MrlD6tJ-OQp??MUaNupYA
zG73yy$#<X(Y9v<~La$N19ejXVT(NTDeIWC1pC>Ig5A((REP_u=gMy`Q^E-XE)1oi_
ztUV}F^*^#>ai5prKG*BF@s{{Y<e$-(EM&XaklkJbSLP)#m+;PfiPTgTBRFc^-w8m~
z8iPE)7u*}k)lCSNQ$IbV#`Hbx@=PetclPRt6(e34sjnL9t0wh1&vT^0^R&WhtgxC?
zSV<~8>)t~yt1uvZ=`g5tE>_CAxtF?vjK4@$D!Gt4ZAoJJq3C>H3?-<^<$1ms6WpP5
z?At`TsYJ4=pedW^7%2VEBJKH_{4@G%3n6vRt*6PqEw`S_A`SW){>}c{LZ~F6ci#ZL
zyTq3)y+Rr@>Ix!FJoZjLCnvvq1r^?Jn2u)v9AJ%l*9PSq9)h#ALY_{-0}~;|jz$zQ
zMZTY<JSqRjPEyK6_@*OgOsD!nTS+|fB~IxGUU3(oS~dybTum@S&bimY$!m&e4d&?-
zF@j5>zJjK)dM1*;|M%og59{PjiyV4+6YUQg8!DnEvm$D;sG=sTR@7t$QBxx(YMRMJ
zO|=}yeE5K<=`?-~H`}Wjt17Nj_|ibGZodHk_hX)EcV6Nb#fO&+S=Q2;=Nok<FL8UO
z=MXQNHf1eq*&@>$vv!CS^8zhDSSdIvfzc!kU~zhHuIL2B3#J<J!a*uQa(agoBD7m9
z2ePwCBy*Ez|A7<<Tx*O)9d^RAexFnNBVSqsLZpo_MN^mOnJz_630x#e?b`1b8SiK=
zUSzXU5lP%+6d@(hfe-Z#^g$XfKbk|fWP#x8$Bmzk7ML;eNy1we>dFh39|_)Ei_=$h
zvq-iuIUXM;1f~(c>@zAr(hHB?FZ!<wk7D$~qpSBAgh$6GMHC(lT5wI_(W|c$hJU#?
zPFPBn5)9&@3VL36qog<;e+~LKBMh2@{;8xDG`&z&wz9|jTm*R>=tIzrO*X)i&`oKZ
zSnek`rSixc3}qZ@3Xxr7FB7DA8(xtTs8vqlMOa7ijj6%{yOqe~YBK>XoR}XO3KHyu
z`xQAqL51Obp6P2*y2`W|oR0JgcUy7>RiK|-#36;9e8YUySt#=51g9p-(iSk8fg6r{
z1HI#r`eGL^0A&TZ3E|#xXNe|4YRWCBcI}1Ml9UPlJbdg$eod{PRxWtbD>#=$sl$CR
z@OOJzpeeKl8Bo({id-T@ye*ObDD;xIwsDeyq6#KXQ<=Cvq+kNm2|@S+WP_&DB1MGq
zjv%8nHZ&JskUdT2qN45#>yL0pe0+XBmzTI3Z>eoaz&_N{AiMY++)=xegK<Np)3nc-
zxPu(D86zAq7u}7r9IlIISF-jxxtHp9>?9+&3H=nCeiS_wWbi61fz|e1bh8s4L2ga@
z`frnQ^Hcqy|8wVs{(ZvPC&K&0A9<U&EK?JqZo0RLTTFEy7~{3)#Ry;g*RV#f=9v!U
zCGMqXMrxk#ZgOVq&LmwDO%>$KXgeI=EJlJTq8#5WOy>v-QqEp1;0WPMp2JgWG`v{!
z#utnD`6Ik7za|{lKs-yxqTE4$WO+w_O_t>j%@H%o0(a!{Q)E?Ez^cr%UuH`##;Tbq
zKe<el4pk2ra=t`P2FDAb3<v!;hd)rfF<yC~2;X17^L^s8JLvm_?@q(}giZ@g*chU@
zN2vxF{Q)kAmEZdI80A+NLh`HY(Jym)=gY8KzUl^IEkX`{0aPG+rQp30<XKK{mc>bT
zlPK*G%TExZuq9hMT?bVVy@SCWGGShUI@~`Oh$2X`@)EZojp&LpET(7n7Dq3+31D1j
zMU68c&S;RD1WWH=p6PgA;${$6364cuIQLM&7sGUGWV~E?$I3$57}?zu6wH>0a0Na`
zg=O;iIVi?Lx!LSy`yWJMmQ%V+HuD%*i%E+188m?UpoIniYyfp?Xwb*i(5JR}CUP+a
z{j+il6LZ00vhM<XLDb9dz_Dl5a1oc@KIi`uy*d`9rB|zZ*7Kg4N?kJ4MYHhe*U>B#
zuKpnJjiOJRgjQ|iOQuGF*4ZpG*m-`4Bl?ZF^AxzWCI>@~{TG4WZJj>1Rbw63JkW;9
zb4W2_a5G736&+vlo>;~C<&fg^1g_{85JA~%z&L^oV%BN)((07v)d=3E_yQ|<vuaRf
z&~eJOre1rxXTYBBQWmwRYt9<uhgD=hVX$ON0bxQ?;6e2MOfG(x8}cZue+wo&jwlIc
z^`%$@;f@xb@E1-QMtCy*iZ5x*&HzGylk`u<!@TjAHFW3`g<9lE=LsPYE*u`_bzN48
z#u0^ROqJnnd1V)TTPERo(n-`y%>g^_hQBIbs8wE-aX7U5?ON~4<rIGO%Z2sBkDjkp
zAP>h4N#p!SYQu>B2V;=vryB5Ku7}=pS5<m{Vg#l4FO91EJsRJlr@~wG6w$Mpy+t48
zm%Yugx9DFCZ_yKH!gZpEaHDCWX|q$BOz84tcAYq6xK13>UMH^5>%>9Lb)pSiCt8O5
zdiNdEo8B8*i(rfEl!El)5HkZW4qfWGILvqvNUY9ZiuUCBJaqCL(Vjd<^qS41Ix)@W
zBalFGowA(1Ln|^bUnbc+L(Iw}HN~ldo%sz_<lXX6gA{qkW+;lh%XN6>TVp|*T_s3Q
z+KQ3Tz-tiLN+y@s)*w`CiLK1Uv4gv};9V>Wz7-fHk6Mw)0Yvu>yj-|!87yCd9^w_C
z(Nj=(z5%`Qz_;=@gZ(|o(Z2%ut}L+?ps|qFezU|@2xzdR^oi^*AhS&+tt-aXkxYQb
zViG_I&zV?pkC7iFiHCK7Uz=rKR$_Y`G2IB4E$x>(j3%VZ`wn)<>HW|K78iMr^L$B4
zESQ|V%38jPw$#^S_{aHN;8xxF2$Il!qd*e6#e!MSlN)QE?-7bPa8h=r;oAsVfqNjt
z*Y74$hTK1mx^H<3d0_~?5rR9g;1V^s83dct&;)^$@n;&^974|yOv6!yQG-n26qH8C
zLiFx|w5%Mptl!p>;0-MJHZ}Mt1i!|D2dKe&AowX3oT3KrgWv@$_<l9`X9%9ig6~#?
zzlC6t1%F?wG;l8j_YP~xE(pGv1@~2he}do`7W||dd>DdHIB4)oQA%(Cg1=+I<D!+|
z(-6Fo2A4iy#WmxDHRB&rtHr0Tq-)CLCyZgRlCB<;zdiXNOR302SC_we=o`V!Yp<%`
zpndK?ssASBz?7Oq?*QCGa4G)+L1|amib;a?VDBf7+}9tmApS*Syd@YxR`DW$7k&9E
zHl`FC^Jn_86hBJn$1?m_0O&f1)gi;4-of_QKDw_Cl0O4s#X!k|??a521L+((B~TJ?
zC4apuY|CKeSSvi2qTDuT8jW+eRW^j*OzSSdx-VY=Y=tLn%b{@ZD%(o(H_(9$0+a-U
zgkWG$R1>8r*GJTM7(UXZIMecFcSas?Ku=>^4oE9(@8EP3`c8TQl49u_`Qdx71oNbe
zUKZ)4F)-UeBs`Z)t|y>BtFZ&Ag168NeSQO1LM@@ZPN`fz5;FkcH$-XYFkeiX;MnAD
z%34Z6o#?bUr5Yi52mk2IHo$uC7L&hsI<`9bAzPgi>!(EfDVlcVnYKbBAsZV#(pA2s
z1-R?IiE_y)%Gk^I<-!xflh|+}SPoN0c;GZLYiwwF&pVfc!SxF8hp*q0%fN1Mx7@5Z
zQ1Y6fyAjTFhAgm=0f!99-_L)ObPx)`DMm17dHX0zCkk;;_sb7IQ5&q@Wa3L6z?<Nc
zNK=(A3sTE+7(Im~Lzq817@B8w@|#}9Krc>yEuhJ4pw!r9C%+!YUtLJcSAUSteKG_`
zl^zyyo6I!D!Lt2?f9s8u3(6o|6j=u3jGHS1gDlAZ+LoZC<JYc0at{5#1BNiqf<P!X
zp4rn96S<6!5JhCljr7!#m2<#He=B{-^gNQzElvjz3^qzR_Mn!Yi(dCcrwJf3<U>8-
ziLOeVoRcmtt%L_R(NVQ%KPe)HTioAJgeHFx%Ri}?l0QcDR2D+!Lol}39#4%agI}?Q
zFC7>~yG1wU3hbVf931}$a2y#(*yS8wa!U;5WQ9n38#)X!KISCt!GGst6q+@Xkt|U5
zIusA-<VHXD=TvteWE~MEp&(d5xa!SNM}dy19?+5=f#~Z*I$*Ds8~5r0)%=h<9jhth
z=th7yK6@EyvWE`*lQf3U-b$892I-v*+AT!W_7*UzKnfZ(?oKSIkVQ?5rc{$eEo5Dp
z#-ir1T%^Q@APH}wMe~*?u|(do0<-g$RhX7<G2WKKw-^neOir7HZxLgIvEG4Wd_-Py
zpFK1}F!1s%ZRu>RG=)ech{_A(d8x2YUABpNrPX{%cM>iI0DiUr7H=UO|8VDF*Rc{C
zyif#g(BPGvq>dFbi_?3NtB8VG!iL$kuikssCveYtrhl4RvI1T5${Qwk6Tv$N97oB4
z)<XHg+l2C(!2oS@Gue9^p9OQb%Fyz9lFonYk!jdF3{<w|uC8f#5YUtwcaGIOtk*$z
z&PI&)g*Rw1-WS|J*JT0RyQUfJ=?jKAIO#vQxixFoNfMI_VIj;X^rab{>do)dsjlJZ
z46MVyE|{AYm`)yfus^3RFG9C~MuGi5n?J}Pe<h~j6|f)>OKb9ul*5j^qV^^(e4$To
z!KuZ&2I#g2Eu8ES1S{FV_Clq+aYPCyl>X>y3~I&Ffnb3d29UN~Q*w7&@=7eZ2OdsH
za+j^fln)&gq;>eyn|T`UDoq5b7NM$wJCxNbe|Yt3P^nt((!C1@?s%GrsHAa}R4lzi
zkAZ8^2#Q}8JLSD=(TJb-*Fhty!iR1nZ=?~wc10SocF1+m2u`69X13ccAsW$UETs`v
z7L^d95o1|bl2}wqh(<UR8o@CdVPP~PfzgPRYte{WdE8_pjkwsVE*deSua-tU52v?x
zN+b#agM}0#K13f}Lk)OF3T^nQUfS?Eoays{Enqa^-8%PUS+0Y-)^23T6T{xQ)^4o$
zDYP5eDQ(=08M(@4Yy!}F*1C7(+M6To$dYE)y(4=#8?+;HoBi<}dFv(3j(jc&c4W}i
zn6PDpV}p9xaslkS1?EKL?8lfIutO<!W9;s?uC+rmf2?DNR)!Ddq-Jy;>8h@l-FMqL
zb=;JNop57aRn51<QYHfiJUHB5g2;Nmim`BmM&}C=S9p5^UYLsC#g~8?30?Eodmh4?
zf3#O<&A-{uQGMjiYmI8)`-YEdmw5fCc9;-hRJXUNtEz+)!>EFj)rO6#HPU!~9{oqg
zvv*J3c+z2ma~3v&fs)K0;^4wI@y<s~True<=jsYWRd{{dX?OM2AR(KugW{ah1>Ct$
z+6u{eC3GXqT`aw&u7kgz%G9mIwg!L8(Y}^uaua}ia%uJACXTcG(;b@<?(8hNJ_3t?
z?)V6cPA-;Dfkq$5b;>aO9X1{Bun8MaC{-^bo>;I7>ZR={q3s}bW;&{P-;YrZKX8lQ
z2ray9a70usXRhtfIg?KV`9*wDl?Jne?O<M^N`t9-tsor}r0*3bP+q-Hw^Rv73j~pj
z1s<xt#mekM4H<mtR3<thWODvEvQR-T!q#YKo?RD76#-I<T-pPQd<T~%XmXZpU`vuN
z%@5hqtc3T7Kx^&&DY%&gTb+(yU8A##7j@#eqT?d<1Qj~ZJcHuztygfl9$JQdT-7a&
z3%sSZm#TMR{%5d*PI&k%)76>{;@@NPbN8{eDoFpip5+SEJo&e)C```~N`ts)_>%9?
zpKl|wX#HPMpG4iJ&<^Hf2ghhSn2!Sbc_<7!DQ`foo6L`Y63Xc7?OpJ;2-|M^M}K77
zjX#ImjxV_qjVSMQ>-kScYxbLFua%bZPpysuCJq-Bj4oYlbd&?#aKAWh8Nu>M*?|Md
zaFp}D@z=3+2E7)xb>cp#f9t$9OuKbJ5UUVfkQ@}KJ7~fl!wxzbc?a>O4`TaHL7_Vs
zuVF8=BQc@sHAmIW^nFu>;KN=z39k+PyBfCBM{FAzDLrf_>r~@@+M?{I^v)6aL(iZM
zlNz|6oJrTUpM2@+eo|(dEkDBMW&r$(^n+Y9@As@gvXc&+hMh$3pC}alJhYEKp!?|O
ziS_TJX|)tWl5C|1yMUN{pZ^XLl%2K#i9heNF%iB(4Co@535(!W91;V6(!fRe#^1vh
z<%4VLUz8Rhv?$TP;)jfJAVl4tCmob`?9#Iy(tcQtWY`Ed3lP4+k;u)`X$V2O+(`CZ
zwuAMzGz}0&dXtfR^X__=#CDZ{I69Lh@u@1DY)jUvSGi4YKxq}i|HR76|K3|+_31Ea
zd7-Opao`q+>p?SXA6A@TnX(?1v|@!qrDw+RA7Q5Y*#`mEiC2E#43-e22>1TL957C~
zIi#!I7QXw0zI*F*w?Cz(D!}0sbi%h7)`h?;x^#aFrAyMMD^+>|b~&-~!wv_BUKru^
zOz#G-{{$3~JjrQAB)H(Js9dEjT?uEdj>eU+3~6o-7jeC5_((-Ih|@LfoBpB8wz7Fh
zt8ZvSQB#|wq;UYBi;ef+Uu$%BHx{3UX`%8UTN>xjp>N7XcVX*4*R}o=DBUw?JdOK8
z7gt5&GHBdBUEH@c&PL<fnzV5@nJ~^w<GSeLI?}k~<1wzUE)HIy^nDq3mG%V(=E07n
zFQUP@AKrKQrzf1E36Ta0kkEN5V!|iSXcBgSgb$yInDDbR^o6}ZzIZE1_1+mA!@jiL
zXLVz7l8%Ly#$D3IRdf12vC^M7rfJ4XsG#Ur#AXaTp-DI!5~iMrm~i0<rM)7gnhBqi
zFA2U@53b7R<UN`298MM^yg~F^wklt}*L>0o#&%TR6?letNfRNLcM9Ep<PY!dZI~OM
zb|m*Cg5$+A#<jTdtR~IBAkDiNGHA#msHk5e`Qwx>+RNmU`L}WY7vMEw1wK<$$-Vbo
zMXmX+?C-7YZ(H&gtW-*Wq{pl(3Gly8z5-yu;(tl`h3B;Vv5kDTVFBz$zq=y|i&ew0
zlf8~HW(jnHLd?=nXkE4?@C*EN!2eHp9(e`+DFd6bPiZW+C#Y-B8MQq}IWE*1v3r^-
zbCJ`@M<ALt0^}8P6KL!WYU*y#&S-5bCBH^6aiuki3i*-&*knaq=ucv;Qqp~^q~l3M
z;5!mUzT98?L6nA@*?$gt)EYi-2<1g0vXb!VG+~X2C4`CiGvSK;pP4j0o83**vwON3
zdzR8s*Rzqg8hiG>tm)aU*kZyo+yzxAVi*4ilfGk@Z(_;%1An>~I~H_*<L{zv*mr~r
z_qT$^H-mpn@Xr;Fc4PY<x~?|u!FA;adoe%wp$^>7>Op;oj(e}d>$cpjb_f?30V}}{
z|8&r{Wl18*)l985<5tZE+I^H%<Dul7qdMCPbr0OZ3W1Yf?n>Gkm>Ic(_WBAABx)*{
zixrS-3+L)duP?}G1rh@}fwlo_;3hStJgGNbmw_7sx`__5@?@O9pRNY!L*2?`%}mns
zpOFR}na1DIk!f*t2*pzgnWX}3<z=C&5lVxlMK-hN;dE|s55fgI!4L#}kIbKlhLb^g
z<c(-DCr-{y7pV_q(Xj>I;}+BRI5m&{J#T&y%fD02A0v7;7eeMk3bLkZu?iiogk#k6
z<5lzuG49HcI{ddTJ-!S#!fyh2syBg#N$!2ivTZRXW$QrP^eHHKeFFc0XLrHZV{2(X
zxHuTUG9RC!`RwzEe2(TWvS&aV;;bgISG<zHP(;xb)sJ8*Git;80GQ?hW1a!51w5uR
zLHXax3Xp}^fwHwlw);5LGg}`=n^6vi7ku_t_}+%rmQUIyM$!9<1t{@WCZK{y`9NiV
zY*Pj+yzQksuuXyrSYH4Qu|OMEhT3p5Ys2bL8(8)G0RFy^BHjC9*Oicg;InJsWgrO^
zI5yZ)qA0fnl!VEmAAg>*+8k>qidI*$b|zuqlbBxqhPAhlaopnbbPOk|9$%(Gd(E&=
z=0L(ZOf1;)m9dzx2;}(D8v&!xUM;Tyj>;!kg-_<WrVJc7&ox(&3anKb9p>IY>pq4(
z%9qAAp~F~=7YxR<vCBdX<M*D^N*$pFGp!+CtzqE6`)9dQ?{+~AYSHD5Y0)cL(W_a}
zt3&sYO;6LJ-%yKgOp88e)fL^R_uWu*Wk!NaE&d@^{2EsLI#&F;Q1R1Q@ny#1SLloH
z-#5H?J1c%GD}Dznen+VIy(?((`;5i+(-iN<kqIl_Z>Gf`WW~#@c=*ev)%z4J{<K<r
z6I%Rtt@XwC=?%qCt;$HaJ5<5nSOqn#0*>7R;V-Me$|^9M3>CNy74+{Lp@KVD1r}B?
z04Py!P_e%}OADsjbX6InU*u%dqW}&Y5KxsHh%KoP+GVBZEvYqlQyQB3`leaIqS{S1
zW*KDV*K(Q5a>&^#R8_(^ibRgdJ0=a~#HCkgW7;)=4fqavsE1NhSff%x8*v<K6zK1f
z`^9oB>8O1F(p<y>9;P&kHfAn1hJ+N+#>8jxYh!GL-Y;u}4T0>4v3pD&iVe9+8}c?T
z8>(gEWcqE;5co@B@H_qI8K9uAqDG4S1iyB?EvERgN$~99S^cL-{byTY{Utw=mT!0l
zDb2w=-y>G)1|IuAQB&=KI7)yDnMimds}}w;a`NmmOdCNr+alIh(n^`|%ps$kcV`JX
z%7kYPS10_LI6C2TSl5bJ9q^Ztik_^FVzmxNj5_Ko$j%ZNF%oh#H4J4nEK{<>;SvYx
z*|DD^NV#_v9#wF{ok`}<g=is&MR1hKd6EP%uXm?@tvW(TD%j1S3o8pbo%j|p<$^E0
z9IoT?-Cff-ruy$<S#G7Tge*%YZ;8|8=%M5|A`j74GEI{s#-_`1DLIXbOI)@&ax<1G
z8E>%IA({_5I|r3#HCZ<*S*f5+{-ztv-5pO5U2ZBJG#0QpQ~=Oi`6+DyYYYXfj!?j$
zPyxvF=4lJqYA9e`gaWQ4sRf{xM!dFwgN6cjL@40XPyxucebH4@K#idQIYI#shYA47
zCqJPr07;jo07zjhz!53{NR=#V3rI2)V2w~fO&7HQphmJ;TR?`PfRqRYeB6btx|8yk
z$uw_g$Xlq%OBP-Zr^~gJRZDU`&vJEwTyr$J!ZJCPs%qs)+DyyzRW;IOYTbpZ-q2mE
z5vn~MMJ2Rzj1kYUh(cq;b1Wjm7_pK?BpD-KWDyo)#LFy#>HugWUSSajjS;W1h^@wm
z*IC3GW5io5Vx=+ST^3Pnj99~74yNfs*RoLk`|Ji5nyL%k#6tDPBU=?a8C~etEYzwC
z{T4!(ZU**WBLJ+*pngZH@DQ)e=*anhIUfv$g3TD5!1<G^wZV-sIFa+ui5$Exaxiy6
z8{7ngZ{_^MA_uP^!I@P#)F+|z0GC;r-NVZHn_P^TdaN#3?atpXqL6EZh=Qy(QCdM(
zt0)w5^`UX?b#ZNJTx%NFQ5V;N#$6ULE=d<>qj3jlTn}AbGL5UCalLhMJ!#zQG;V+{
zt`Cj#(ztY8Tq=#5P2)0kaf4{wC>ocmiyK1Y2GF?Sy11b<?q(WSpo??TxZqHXyF(W@
zlE(c^<Nl<J8$;u&Xx!bpxN$V@Z5lU47dMf{Jx$~8*TvmS<L1%02X%1|kgrT|`$tz#
zcN<wf-O1|t@_fWabz8Mj&X;<b3Lm58FPo)t{^ZNX1Sx8Qw;@4dSb`)q!4r_6O;~~i
zHNpLmphZ{$tC~Q71dYQISkwevAb}|?fmuxu2MI1-GA7{E1i!|U1ZTn$)Lc>$Y=#8>
zumq>o1pj~phr$xbYJx{0!S`Va4yp+zL4uuO3HGQ7G9W=^Sc2_pf)0@2)35{^)daOo
zNrE+D2|iR4{09=e7M9@6OH}TQV!!o}<}YDsUSw%NA|XEqX(V)2x+Tz!{A2&o?+5CH
zzd*nqV81uhP+(&%%{i1p6`=&1$*zE(mvh;NfbU=I19^+?>;pNK4(tQ@o*T5nuUJL0
z1|KyETu7`LU?0dY?q?s!eeT4MMTCp3V!sOI&)BaF`2+SVNq&?3`oKi}bPl?Sx(H05
zp7DCZC&jY@mw6rF6Y}IaF7PYLN`7=FmXx_~(aFC&l`@F2Mkj!2Q?2_Hyt_W`AEMyd
zGJl242MLPOy5-n|Ird)|o`rW_s?$^pMf{n==V)PaR*dMWDij@?7aj6^ilu<a4)ZK0
z=>?Yl6>uW}={=A}Tv|m%cAFRd==t<X%+;6W(!Kx9o5=DfD)o7u#E#G^_bcXj6kkp&
zj$6YiHf(}-afZ`7RS>JTEbI0@mx+#wt1P1T4zql0WDmeNgc|<V=T;8k0gk~)kVN20
zn5NoHQWY1q<M@)VA<nbNmJ&r+2PR`E4#^m1Ub>yW<w51%Tr;(1(W_Qw+Y)-w)C)?e
zL@J3%{@5i3v`68lmLSJ}*dH+itco3kMc(#iZ+tWWV-|4t=(y-=2LM<=kOy$=b+(m!
zwxl;jA!4t!hw<CUx}1x{W+uRey*X)XLUGY3jyhD$tR71E=8`n{$*;|g5~|9VPkoW|
zq%Sq|C7noUdQ<n^Fl;Mtx)mJTj)LD`a<_7xBC=|7GJ)ITsQ6Wf_a?tV(vYfB!2-EC
zU-ARa>lTQ43SuT_sPfpIhQZ}8HfV4&XzF2}YYguD{|+16nQt^`aG&$&2e;G{X>fPP
z(or<=CBSYQMzJwp3WDxT?@+6!Cd%D3vpUyg=1bqf=ZpN*>dd4Vz66eFuLSM()I_^t
zO1HUg0OzhHLKOHPG4Z8?ql`mAMUTobLCXuM`?J_sHXwzncvl?|Ir?98EL4M=1bO1?
z+ObH`jzxlIETl*2SR}Bqc<9mI;hZxncM^W0<6z_`UW(Q76EDPuZKF;X8Z^`CH1#V>
zuQAhG)`ZRUqyG$>=>+3U^QGH?Qop`bGuz~H0b$RQF#kK6{m+DAqn743q~Swo>Xd6W
zJU+bP+g@wf{x3G{|KdnXbQ@hhsnr><+Sby&o=;ZkCb~+WXv~*XhEuu6&Npa!nAf=t
z#n<R%=l8>U`SYs{>Ses4msgfV>Sc|I_R_NsDkf9-6%cXUZzY?;=kVzz4VuF=n!44s
zdMCUW*1On-^{(d<eec>w?A^!V6q?YM{fydv@+_gqgk)T!&o3^%o<1ioxkjHyzZ=%)
z7XN5ap9e11_qprhNPT{f!z(u&@u9~$xc?0VEvNL5mQxxDd=CTf3I&cQfiDb1O7t|R
zr9@uNs8Vv^3gumSInhLT&K+0q$~zuQTo5X8zCPE}SCw1=j^rw)%4?l5*FB+JlSp6-
z44f4Td_Z5+gc_x&)lk%k8Y5%;*NaMmC6K^-(U{=dS|z~*NU$YL1!$w%+Ch+D%~fN9
zAJ|34>aPZ;<0F}q<^=hH&*`JDMgB)qs&15aU<f{w|6?tECV!Fq4J0Uz=zT1-6hfQ8
zuZ8f7Q$35fV+C5}+gX9f_7C9#1Jnd*EO_^RT2C4)u@C#(4azeI;sP;&D79Rx9K*7$
zBH6U~b|L@J;LMn-8VW)gj{1kT2-1QCvac-5h9)_^{hi*$X0YjS3ciI&PN|wYmw$U}
ze{Q%het_WE?rv0-WyYs#Z&N^WN&b3nAJOy;KpH!~6Zj$D3DPKwQ(9;Rh!N8cQK}3;
zjwsxyeE_+cu43PyQFo%cOK<oC*3M__W%4tlZsUyj$&|Zw`lz!eJk+J{<gG1X3$I-b
zJ2`DFyac*h3k=ml?$#7|=f@y2A<#?>?%S9eCnccL$GgZtjJKtLvJl}2W|G~9+NeRH
zs>0xgoj2%vSCN#~JjWH6m{q)J5a@dgih`=+fa^fLh6m+f*tq`cKw7Y3eegE(V(+vi
z8Prj0TL97~v{RaAu8cO(=X<^DdbVynjp!@Ki$4vC>~9W`OPt;X7F6hY5$41@7%->_
zFG@Oof}!k)Rb?t<Hu#^X5XhvzCtU?uXv=v*fs_>-vg=@8X<6MkvYQa?iD?;bx-w8L
z9mrqc)ri=Fa+4Ma)MBjzFT8j#=jw%5o}uOjDc)8_gJ({%bI$zxYH+#U|K!W}YW+_Z
z<c9m7)Zs&3c6vXC2YaXYbr7B9Igaq9-*8~eQtdLsS(I-9h4oLZpiD5N6(szC!}R|!
zM@-)y(tAIZfp<h@%VriZS^EI>WWE0Yy-3WoU7N|zLz+(ks00;#meRyj_w;R0J*74@
z3<O=XlpFbB;p^@zVpSae@l=|jrV>zn%Jbd^bl?}*H&1p)lYH4lDh=!+>%owIy(Ycr
zTVj?kn`nkC$gndk{mX{((_7KxEm`?m`<}<SF#8^-<HEJ<17VAexkR^EBV~)dK?W6O
z4i<mu?SR({TGMQLFz^8goI?Y5m{_0>0+*wqf(JEXy<QN{7*=dyb5I)p0AB$-pMn+$
z=Sn0wmeU+>gy-no9M=i8mtuU(SwLOzEi9DR<KCQ?>hvzm$aB=Xba+V{O_-bz=d+o?
zF%~ke2_WW>A%nU?s+z$HnU_FHNP-eNHz<FCn*Z@;um$V!96l8j=wO1v{GrnQvP8f&
z`e*FZWYVV@8Ie|IG@&(A{zB&8amppqc|Rk1vrniK|8u<)zXc}#t{OV=(aOZXFL<-y
zMYq7vgID8W=Vc{n70ZW^fCOzoE(y@GW$s}lK<9Wj-!KY<-$}FszcVb<OcCsVFmOyL
z@D37qAteI4bU3AccBwE(S(O<1!3zU91kcqc5Lkj(xd0M4!V;vi1aWdNNRS+sAc-Yt
zBsYfyZOEs=A2A`nzSuUgVC)Pe+@f_(d=s2PcXUX^(`Zmr2dDZbZj?eb^y@e+s*ptk
zO8uAWfm~o6u7`C%#5D)N8j}GJ73uk9Ip)Vi)MTrwI@tYvPTo`1nJlkz5QceMPzo<+
z{)$PE_aW;e3&r@TnIs=c0EFsj!6%pnX*gjRQpg`OJ#8sal~U!pBhk9{tdsTM|KB-p
zZ$IC#^Y*We>pO4t{lRmW^kSYF&dKB&Vg11%{<lPMY~@RaqmJnXp}Zy*06zeu#j}(2
zt-A><lFCmGRDD}S3w+K=K<x*Q71C8~x0rlYEWa8nl%62$9QtUD6{T<GVI2T<{IDo(
z4n*hJe-X=njm<Ot%AU6enb1E41$A@;UHR}K)o7N8h2xWBZ0xn0<CEZb3&gLp@|FyX
zpgj9Yf)yeNMck4gc*+u-jvDtS_y7VrEQEgsZ`n$LBts)ji8-VM%TSA0HI%&&4Gk43
zda6iC7u*}^Ip4_)o$Bb6W|#%iAt!WbhQ%-qgi(GZKcAED8$l7=3kb~uEoCdI3hiWC
z14glQk})~~GiWD$(a6Ec{clFUDRS+baA~NJAB(35?2C8NOT`fqKGneAPz>60RO66v
z+4q26lCnz@V3(BLf;jN7O~E`z&S*>-dtdB#ID$YcV`reYO_l}3_Euc`&*9o%1OUxb
z$SmuYziQ_@-qt9<ll`n&|5@t#2ZREO&v>xjBVZG(`#+r>sM_`Zi@tk<bk9it<HDTO
zF;?0vr@|eWj8?(UA)ErwYr)fu+>r*73qKj?bQ^f*FpJ(efMQkr2VIh9g7R+!zd_Ow
zI9M0MIFX6#iU@aJL9Wb7Afwfk447F5BA1m^nUz9_T_DO{wu~HLirTIb5gGBHT9oc0
zRM!_P2k!@hY%i-o3~l&PAis!m$<1c+0eFXcd~PRD1RXwi9tC(8?VBRwbMGTl*&nBM
zBeL7MsAh^@GqkS5&0^xEb6NcCctB3A2m|aM>6FO54BEr6hxZ~rcMwp9osPa0?)Ex-
zZYx07&TR|$+<eLVq+T6HHz~=zE`-tj!_8WZZnJy7Xd?S~6Jm5Tr{koN{xNu}&5nJW
zB)6Aoo4cD~z-}+y=1PF}U4-^Q<615eJn6eRR~NGSrT|+&q`xL^mv*`jlC%I=xvg}Y
zyP2k<z<c(x01snAI<lKWd)GvO_SWLhdoD%uk2fLHMP|a+Y~y|8Zag_=DY;7r50c4k
zT8op5uYlzCf;$r6TD!GHCkp_zM((<eU|-f?RC{#iEqFViCC0yT6E3tMH}(>KbOh&>
zbzK$W0xeX2jPm2I0s~$Luw>WRkHC^`KS^1#IAv45Lsw_u*2uhNlW0n-qR3x+nSsAz
z%IZg=s3(f|zS3TH!`8P|ly*=Nf*lxMr*uX>4hM#Ju~qa0qxeS=08zRk?mW)gBJA`F
z(L#;WacJHk!0-qPpFC?5pMn2@H<t^C0d|w5G3^w}{ZUTSA%XvF+Xe761N|0upM=(J
zMQLoD=$&Qe*P4qj);cNZ@f4eRNru7R{v1D>(*U1t3znbbH*9nIx|;=GOHuI6+{5u}
z;|al$i!TNj?L@N!@{7GHRaGLkw+j9oXb$d{q_5J0^k(MtK0;Q2+l)A%m*j7DB5^|W
z=e_8x3>CMEYVG8nb#w_jHydTiUY2eWd~?nSiQgea@Yf`ux1!5M+MB~s=x?UYCHUMH
zImd+lh{$=jHpfJ0czP}W^n+wXmII`1j<$#8!7>0X9_EWDym!kC>><gO9m`?67k%wd
zhmpjW8qeWc%^GRElQ3mgAm(NvS*S4_mLLsdtHXRMh^7q7zZjy&)oeuNUWC*Rwc?>q
zE<CNs41TShK|g35MfPWq6v8`><kUlpcTAmnFudcVZ$ghiCJbnQt4#{tv1<w}s-3bB
zECYy6`!0>gqChLQ|26@%F*p+QjK=#UILb(G%@zF$&XDY68sfzevhi0WL7FHn`iiuz
z4^|oYEDW1CAuv(pXMPVfv5H6x1U5mGGAy)n422klYe0I#P>A!rw#yV~IOMoC?VGES
z9M|Ih$!|EsaNnQ;F|6NT*TNURQXA%cM5;}_hW}d41rT9rdv<IPENz*8AcLh1@z<a*
zY{|FqEk=<4H`1-vI9#pdfUU~K)f#?&7osr^!-FU1vc?fCoR|l{f}uSf!G|Gm@F4%R
z*6G90Qm0D@5uC^=_9aR76X^fCCG}`%uG^y_zjt5hkFH7R(@abM$oU$`Gm*pp{4ih4
z19Zw{(b2Nf-3`#*=Mg5L5}AM`xC}gS1NB;X{zlM<Ka9T42tSqQ%OVHzKB>a}ek7NL
zr>M)qEx1n249k6Nkj}gnT_VaI@zC6&xGa?ae}m`Vmeb<7f4SqT4$u91@UKx>i{fAV
z&I31cSbnL-uE)QQ;E(vuFRs?@kC@><D}c{hLN&x<^ruLssslK}a5~QMC5V0wHgxE=
zGmx$LI|ENK5k%=9TuMb%BJi0b|C4+ORnfSiJr%UPCn-||ICH<`!E-;zD0k&SmOOYM
zP=SfiNd88}A76++Dk1z)Pc2>r@<*OQmJUE2c$GR3im)xv+=y2J1mbVM;?)H!_$Rx%
zSOMP4jP?r`Q^PLm%Z>83jfIL>_;u{hKLjckE~rl|9B38tj~D8X@ca0^AAT{&UJ1YF
z5vVA1Vz?;u=8G^dAEZ)|tIGlh_faMi4c5Rkc_5C`-cM7Qq&$uqbCSrEP^3i_qgO&k
z@29BAjR7CgfPHGft2AJp8t^O)Sgi&;T7wOvh$WwbDH})vx)}I3Xy!f~+sXpeH)B~;
zS!x=Ti}>3I<O5*ku4icV^G7aXg|zk<Y|g?A`c-`)6*bd<VQDP*7N*Lm_E(ja%2B>P
z38x&rae60{qhLlt-IHyNj8FD^=lj^<@cGUnJ9T)9VW#aDQjJ36smlepN_thoDxDL&
zi|5czn=Zfv%qt|_n+QXjr;h2-Y8;$Yn(ll0l|a9~pkHSC^%;Cg2aq88*N_h;@OBXz
zu^7{wlwTmhfum3pslffWz-!v`S$RJtWGB_>U4jDn1jGEJo}Z_34x4|CApW-MRGlFH
zCh&hLPcx(s3ErF2^yo$`ls?sv-mIqIe;zuUrrQxn)#wQjl8+WInZ~&~R%T5Dp?9H{
zfmsw<Wy_&7AK?tVSt;5iz4)~tC~vmz)cyDf8y9R@UYV5?1m0Ye>=s2>N@!lYwm|dx
zg%(a<kpE&}ZYVH^1fFdJfg?kK1-d0x0v5Efc!{f&mmC}jZx{ZV29foWQc6GXJ~)t5
z8le|yw^pU*X(Wx`44>qty#M*DLH+$v&|!B`_HIO*2C;XC4ur9HQ<oQjJ300ud4UP)
z3h_De9;jQR&xva+!|A<G$a5TV->uH^rE}Wlef%7*5Q{2;aeC9pmPb#fIrbBQ$zk*<
zD6b=V^zU%4QS1#)7QIWXwB%<Xm3J_FY?n*PM*!B3SQTT#j3}40fLtzFmCL2uAoWl3
zSV+BxG%EvN&2q`$Ft2_QF8J#9_a~5S8sEuye*2q}K%@V;3~P>kTkv2Q|C<Vqgi`WA
z`x)UjM}s*ZXbXFnnCaED-<7wn2IZ<*DR4Iwy?1b;;|?=l!t8Ra<cdLx4pLRlK%u?5
zx;!R>Ur{Mhhp@<A$d0+}iXc$lVvLnsOlvZ|^Zy@rUmn<0wKRUyjj$%jR@MeAP!^#T
z3TatPOA9xWVpY`oL@2Td$WkG}BFJJ|ZC;2E6@9ql3O>+>g2>*MrDahz6%iB=1#XD!
z2xZOh%*?qr_a-US?f3b8f3&&x%$#%2I%j6ioEa0WFV}dJIBdJC**~EyaDNRSVIsHK
zZjV@cJ;Ii9eR5{HyV)w&R_EbJRy^j*+>`0<8=q;&*ytIf%Sc&oFQh=F6%4_#*mY8@
ze%9)`pLJYhnrqN=CMN0m-b<S~0Ac`^B(fUlFRa%&?gvFbXvd^uzK$qynbKT+&1o><
zfB{N#4e04Ab#94a4@MBE6G37u^_mK{*lVV_?zcEM*GUT#s}-g0TYPU*yfr#6SM}(B
zK4d-W7>7Ly>H;)?V)J?Tna+Yc5^CV?qh~)o)0_j0F@eK$8qnZ)ZW{jr67t~N(KAtZ
z(bG>)qo9>uSz<q`i;G-Iirn!bD6MZx0fi1(Ygs+qLev!%FP3j0!D<7OT*;RZldjSX
zb?K72m0vQ)neL8?zhKds>`ho>$9BI@ScM)6Fs$i-pHdNSSZ;}6TPql&rMaV?aaPnY
z6r2a%rlPu`U>`o{4Tbygu72|E4-epO5wMJXJ}9GSyi_-)6&m8SW6}uxv%tS>i1q=s
zhnGC~XCjRU%yjr?MxS!<PXq}r2T*cHa$7eF4Z?nO5D0`fh&?{T9~tzY0(!Myquii3
z0cDNuZxYDjsmEcuhOkhn@P{C_y5%ePDjPL>4Q!vG$2}D6fY2`==j}_1{`<7A^__D2
z9{Mr3eOshT+V^2~L0DBCQ<JAZG(hl<*U1hpJjqW$!ozrnFnJn#UR6&iu)@oG;H}*)
z|291^sh`{f4;~8cf%0Qvd%*5so8LXRpc&zIz1oa$s~+3^+CNyk8z{vH-oWZebJu?c
zKL_3gVU<ejdzkRXwTY1L#c!fx3{{uc((}L>tn^e?I^iyms9@2Z&vJK-m)aznctW0u
ze`PLxWp-Z^<3^JkvAi~S$9Oy-yC5BX3WC(Ep|$Qdz%A9LsC_Jt+NH-`(!Pr#fwKK$
zmyzz)%IZy4W$FDd!qxUX_^<UOFMSY{5%{6zGeSR5^Clla^+UlgauY4;s1PP;bsua{
zOtz*$_stCbPE=JI^8L1O4e1vJ#dVFRPwGeDCl7sbx7@5}W`%yPc2zz%F6`&dM+$tR
z<VDaYk2t%*C!c+3p!~_DPltZ8MpZs}d26^&zM*_FN5?+2wx2R&Tc=iOP9*KVu)ze%
z7yRI~QlrgtThnwfW4!Is1n{PE(h3f4oLi%$gdh0&j~m&FF$iU%r}^s-z+8qy!voS3
zXXppf?A$e|vX*5QTwtZ2NHZ+oBRbDU!xilf-?L_VnlH=>6kJjeT5z2k7YwTt_fBUS
zTffIs`9)#wyM=FsjA42b?*->2FmVlLp`qX{L3Qox(K}2?KjtGTAe(9vnNOD!RpFj;
z&g7G)oFzOr`9Z<^U2_pn8Z@IDLdbQ@GQ^PDZXx=#H<&^{%5P224+f0Et+)B$7ym)d
zKMqKJ3PU?5`X-&@A-})UF{D58^0?F&2wC%;_YIKCZX0F_)x25RFjog`4mVeO>8R`7
zc~SJm@|n;n%_qEepZvw-Fbnb~bBM41@^D`~CQv`l3GPR@C??L@2#lH5%Be>!y7#Qp
z+<T@wFmVKHqk**|SR}zZX<+RMcC04Cx@lmy(-ylX7ko)Yn}!acU2G+gpH&}#6Bjlg
zrFXAg@l#(lZ3q$hdc8(v)zOqygT6C^U=1~}TL?C+X65bbN3dHpusDKsAXtJ12EJIe
za_II;fxTB+vWtnLYeLM~CtX(I%m$pHA(uthsc}XD&f*Z9+E-LK8Gv&o1m~q|DjXBw
zI75u%e^TRI-N|rvh2ZSv7WO7-KOk%gLAak^Gl-K`0Ybm4!3YDcs=o3v;Pj-c2)n9>
zQ6;RY9_Gfw0!$noNF1g8#Jd**pYS!(!k)b-H=qf8JO5&E{p$THBV5|S5Tbq!M%b+&
z>;;4k?A2G@*U`IFAg_lTWtPmR#}}Ba1NNul{8d~v^7Q3<zz&tA!|e^9-8a#f#|uDu
z+lXcJjq#08@M9n$5?mp%OulR-{p3EDp62W6gIGttOkZ{Q>FtZ~wUkkO9efQi4ifNL
z#rsmx!_fmDrwejnM*d+Wgl{6kDd~e<espAvELZhCJlLi*gXeGbv2x#*$?vd(*sF`q
z`~<=9QppCgrtu^nAA~D<z{7BK^b@XU(RC1)wDk3*D`<f;;FjBi&htX_-AXV4uJ0y&
z?V>;^fpE4Bf2O|s_?Myf4Nh`r=!Ve>(t>t43`(}CMrrrg&~1IxUO60wP;=7VF*j5`
zZ71E+2v!N-dL>>oO4H~|i%i`;|0dVE)8ccb%k7b%ewH}^eKMglG;k4hR!ZzhyYfsf
zH{`(?wh^x?tOG5(bXPh6$YC1TG$f*%J~<1R5;X5eK43aQE(Ymp5lfFoiIK~=Z{G&_
z?FXp7!6Y7Os}-2&)#Q|II4hH1wt|WDW?x>pqmna)8jvWZ+(wr-63Q|lxGOJAYIPg!
zVLOBOuyM#FaCdL0>RNEf9Ns<4;0S8DLH5h`##R{I+*ont<Bp+YM~@sm0t^MqET)Ny
z3#z{8$!~aktkoSu%u)`T{O5yC-hKxZSEo3JiW>mDsYe7qS<OZdE4Rc>vJaL0quECW
zJdgl-nWcr`y9e(s14{*#1OLDgwaNX?MZ#*tTiu@(xZuX`zuKWU=Ti4XPKFC>Y&?@r
zfGaU<x>m6g%XMC}v8T$2-4f)0rDf!44t`_NhTIeVi*0})JBC^XX)9}SS6gia3Jd}e
zX^Iynda$P%2%2drIKlcT^zs{=VL{|x?qEGZbQe)b8@%U%kD>QGScY7lVN}&Tvd`KG
zON8I82Xjl+NWHf?Fj5o8vymE+Zy#a#OeYU}!ROc2E@R{Y^Uf#V(#;}~9e7VrvjbQU
zXD@+ZA8KIlv$s&EH=21>xDYql<WC+z!r35)SfRWCD<r*sp4gx~seWx_gXTtrF)^PJ
zabpwn9el4&l<F|X+glQ{SAVA<oM7GL-5P>$E5DJKCw&13^+RstwYV;qum}(gaL)qb
zM|q#eDOWCK%%JOTJ=w2s29J7#)2aP2KfjV^{5q9SAzv=T@QvUWoQYDyc5K^h4r#4<
zTCSAdp62G03(^H%9xjaI2|{45_DYb+WIc}FUq**pc5i-_%9SX~+R2E=+Yw?bh8PrY
z*c_oaXn=^pHcxR87ko;Pz+IM3w37)AcYD{djOLwn?eGyJhdRdEhuB=B!0p`-aK|ar
z97{DK1dKHFFf8w<z8LFBw0T;0wGNQ!rh7c@M8w%gSs)T7PD{}}u+-@N92#9w+>+cv
zq{H$p&p<aJKvJ&N&%s-;+3YjYZou-~Yor^ouCk;pk{=`?T)kZA%STs!Y62ue>++?-
z$Ge4IaxM6Y7Q`w47+4Uc8Wq!8P%)K9m6G;kc&T12Ur*F(J!tw%Nksyc<+9~VW3qW=
z!6PbfLFViC3*-@%RVW|BXr`^ez3kp+L8eOX(d0g?Y(8pvrCxhLJVITZQ3*<YH~S#k
zI_2|V)b`t0ty8Gh$E&GpeG~@9Gl^l>qdEHh112HM^^46V>)Sx|l7ni<f$hhke_In0
zNpdjDeT0^gH!^fo2~Jtc$n_@tnu!Rn;hxV1#@Cjokaq*@S$V9?T%0(QhmKVyPK#(%
zY{Z*wo?&t&MVKaCSv{eW=!KG1!Hf|P;7L@4svf1|mC2*`d|sJ_I?giGDXvA87><?5
zXB+3Z5tAkjeRRYS*f`5ACi|4U5lVGFh>{rzHo+cW3k1&#RJwua?t-HN7GmCeO}KOA
zgS*Nlync!BFCRB6s>)uuYKQ1u;#G@{;7iVgdpkJ|T!|ho-83edNhQ*KA}0cHBWv?v
z#(jI<<9%^VT7fEY?)+xaVcN~|Lo`~Dny5*=%u}_IBLp7XRO_WJhNo(G$y!lD7;*iU
zC>}!=7gupT>hd$CL^=${=={C|1Vdd5>+iN2y74RelAlepkFmWX>%@d&ur8B+Isqr;
z<YU?9%F~yz%_!iiHu~r0#0p6C>fo=Z1Cvyz_>2vjte`BvdjP3*;W)B7V}j%f3=I&A
z>rw*}0}a@gNew8oBm`<dfY;u_KLU&ZRlW_cysF;h;4`{o3#uqN4vhBjdglh_GuAtg
z7pb1t5KuH*RqwmEq-y4RtlaVWB}%<pXDS^(e#q$IO4a|veNQjp-yv@IJqi@!S|(58
z5>B?d@miC2>gaEIt#<~dI@bCSFHJq=S*@$9YyH~hRAm`3u3=sV@oX>ykPlk<h(JO6
zCSFJkEP+i2Y05)aODhhl=l?;P{|TBI`J)a448j@{?1RATDmtomJBba;XKWam*0?Pp
zd>c8z7VNDV`icPhib~O8^W<R+$)#x3m_74N-4}jX5!Mahw#(||T9_O!c>7#IRxjxi
z?gLje?A%4#*%}Z`&}fCO66{h1!lE@W9chz(AXp6zEQVmE1T$!0H3{}U!Rl*ZU=|gq
zem$&y2f@o&MOCZnVsbmd``T4?vVwgFd3ea64}7g@EK*brdv}IAM2nTaSjX7A!y$U7
zqZ}b$S_BB+h9K-$5dH}WUxXm+<OrfP8W2iD5H=|YA|NaeL0F|Av;~AkAqX9=$p|rk
z&@4o$b!&y(%p+@o%?)u~5y25^OB(^<+(j}wdDM>AvXGPV#X`z`c4Bw40+4(u5x8$1
zQjQJE%IxsHYGt<gUbQmovKJ<y_*yY^Sovo*lQ!nT9;&_VdzP4VLg9D6WUml9cmtCP
z894$JUt6C46BL2C)42LQAUFj=j!FMk3PBfeMVpB$PLQT=MvmNW@D1awNRY-rH8{l?
zImhbUI0uRtzTfZ9N;&U1<xAn8OXr_MjsN?p{Bug{ZdE?g80sv;fZ|9O;{sf@G{!{y
z_zSP4YdY@iK2^sZ*{ABbz57U_$d}fYr$S_P-|g5VzGV8b&`%#;8h#~;f2AXR1$qMn
zkEhC0NvonG9$1tfE2ny!rJ?-EC_PXvixFAn*kO(YxreOI@;T5O8T+7rF0%fqtvDkw
zm8S-p>5QWaEP7QFui;*>)c}(j#z#D1#P~4JnFQw*ondaNe)B^cH1bIW>pa(2qU%?F
zufd&f%<@b(f+FW<k4bP1iZ`;Hc0I&${jeHdY5^R8Z)EVIjQAQ>&&#q*vlD0PNvUyj
z+8@oub!dOgSxNh&xN5|RA@-q<jAepab_;Peh}7eUk6>>(ffxXfbI~RdKW1S}ah?%M
zuh0>zXaTY5{+=ezZn^m352-RhRRc0}BKq;g9Pi<;95SGcwhT<)DFn0}GOq%z!Ht}u
zPLS(AZ-vauvigr^HD-LL*g{k5-Q1fxngU`knIv63N;C3$kPnmB<I(FX-O+tBg9#z+
z_F_0^OnsdKLV#ciQ6A8VvFm{7S})!EH67gKVpwRMN(OKdr&>llkHWq{Q)I8|v9fIN
z<>&HH<V_qgam1seCvmUplk6h`j8;?Dnk2uIO;y2Sm|Ko6*LWi~Q;j5hdX;Pb%2%qI
z7wG~51L~pZeFd*MXJHs?!@2eO3b*b$35@#Uo&<;bNO9i+qrRB;@F~ggEiB~MX-2TM
z;on0cCUFL+*_FGa!?EiS?9}S+trDo+QL~&CdV7B`@G11dC%;(IlHt5OQ=l<~sDRSu
z2Td66cy%Pd_eEedRsi@y24^y8E$=&#sMo5&L|=6I!P*B^la-B$%VBVGV4jV4j2kk3
z=s2!y3<yjwL##zG3Ssq>cK*oCOGuLmza{*4C;vtN<n4%0hhOL!t`NttrLJXM0lbVW
zb(e9~1ozfnUP@+DrKlI&%S$-~q?|{Fz+sEfkwHo%CZIt|41Z)$U}JQAX3XV-QzpI8
z#uPX~-n15WMma1B#1e!F15Y?>U}~{~vLkria_AkL2g2_h&fLC|O3W>kLJCRr#LQ;K
zOFm+50U}9X6APQG8U1@|(45HeuF(quOn#l=r4qyPf$=q5yDsc1C^Zx=L$jCY$!Vy7
z%j+{hDA;W?WR|Re^X-+$uo^NqV>pJS-BL^TP46tFtis9q&>`=&?50ERs6j)X4MYCJ
z!T-%e{#Lwd$ak;S4te(P8uHSRA^%aJA%DlK8uDLvhZ}N?*aBYEy;~T?D`!hoK>FPc
z84WO*v`CM^4Q)n3Ys#A8e|}240ceItPARv<P98CFv@%+w`8Fl8bzY0D^Qov(BO=L#
zy9GLmi;47-)Z3&z%f*O2ax@^aGmGAms*MH|E4LOZm8*mT+Blfh`?1~>q%6s|bjL}W
z(tUs+lf;#+h%T-IyJ0Es0G+WNzmTL74`9nHv$PSs`5IYBNp2M0Q~GxDl-~LmCLTCU
z0nKt8+<(Eu&Vj^E;m^BqpkDtp?0NSHHBLU@+<Q5k{$17eg@veN9vI)KxEhVz&Ly<@
zm0OyQ&9hHrLpR<rHlQ0D$M^900v+gxsC|b;P!-MrzSL0GevMorZ?ggIS9XZ@t6elH
z1!M-Hgb%S91CvN+Hl=bsQ5AQ5s6vC{D5}Cw|4n7X8asCAlT(xr?f`9)vn1B)t|Pjw
z;DObI$_VydM|IKDe5!eX;A=c{r3-u2Q+v1>CQtJR;Kz{hogAkHzP}=Zw%9>Uz=PHi
zkhasU6c5Kt@o*kt6|k}`(laX73h{9ChUJkEl&21c6+Qq_sqeVlSFp;9@%<=LW>l3!
zm>0|;KqUDkNKB3br|@)F6{qm)cH;M;t0jrQAQ{@f-5+`awR})K+wec9?YdSN9Ui!)
zDcEl)s1_kJSO)6$u^-DLKViJW>&9_jchcwy8m{qyDB^WZK-woRY$>RjT_QhYlS~1n
z@qD7sqy{gI<tG4~zj4hD%jsHOU&<Q4a8tIXT=AtJ$xJS*xXk3nX{uWsNehHb!+J|4
z3tHk?O{|_6Tbjo*!%IP)85~3#Gmgsz>7x`LGq`}${bg#l(H3vU8`JBh5nC$db{AK|
z?M6$<v=u-vq55m3H-Z$n|Ne=#0v!G0U#Ld^hc7DO5RY@>tX90*!PjQ`G1P!`j#O(v
zIz;ka-Vw_xVrA<Ek3!kEkrQadzCV*@EZ2_B{|(x)g}*^N7OI&8cNsH@pXT3|e#5s<
z|2ECsPDDq|+}?<)Yvw8<g3ZgmKLUHk<AFURFN^}NM6(4%VRAFU+l2ITuN=XF0!ONW
zf%=btda|bowp0Uyp3?3*8+qtpoGKBE*{<{Hb%+2#{(Z7so%@t!bdD9gnODL_EV=hQ
zR>Vjj`%d$*Zv?ect{P^E6TH(xtih&o*Q91?)*@Dcu^~|!99L9Z<HLY6Oj8{LmfcqH
zz7RgSJ(*dJ`5AhAMxe*1hiQ@hSH$g&xRrZ{{p`G|-?sjTRq5UH!PWlds;b%_0M5RU
zW8|r7oTmY2bO=t*3#xAo2AuX6NXw=hdd=^fiVll77kFwjDSC3HZ$3*E!0@R|p#*(C
z@%zDqs*FO3E@KGZhAfk}4vFj1r@0UhwM?NS?`&4lk(b!ZQl0l>B)DZs`@NsgllKt)
zT0YZRT|an->I8v*LX_@?PrM+f@G9DrD&8Ja#raEARm_p<LjFlCzZZNic}E6H!Y%LY
zGSp>xUneRoogG5;XPfr7%g9`eRa7zU+OUk2OUO+wUnVQ47PF^<{f=fzB^H&lO4R0+
zFiEp{HlS_Ngjx^;SkTtv$#T`!JFZ;SX}Ro$s}Ui08q_L=I!jhw`0B8C5bfisHK_gq
z<oYUPI-8GRDYRQ-@19$lsxZE`6dx1iKrz{-pv2xv8!uwh94P<mGQZ!N@`K})(!mMR
zlBF;LKGdQu8%zq?#e<bu03=nKRx_adl1|m63!#mkP1kh66J@F{7*nR|f``js-uUiA
z-zC0LI3!@}S4Qf@PD@h*r9aP0U-^tuI;KzI>2FgywB`cikZEi|Un3o3uQ+A^+o!<L
zdT-mOs&QZUDUExgwCqzH_m*-O2KU!{n|OaI)i_&&s?p>bwND<|f0hYVj5CZVyuy7f
z9$iOt9hIcPz~eNF=eFl%V!H#P>#SIMIa(~-J^caEd6aD*XGGn1qJO>3Gu5abzpRue
zPTTX?{|dV!E2X=k;9r!ew@(%QTfys^=)A0(u@{ToE|y-86rI;~4g&;L`A&Ydw_yJx
z><0Ef(vf0INwSY){FNRaEc^jt$pSZ9xZjcN>%q!B4Ug@8iR`fg9^-tiIlO_dDNEGD
zV+}B$+@ajy@4U(^Slb=6mii-YE^uIDl07v5j^lgZVbJyRYn9QGunI3POPdSQmHvnO
zcs6(UG{f@2Mm9dZ(#rZ8b*OO^;M$Ga5TqHoIX5$oB$=^BE3=T%W9&%LzC;1?0S7y`
zMCIa;-}iG~j(p-?bVAi6Uh9Oa+h?N%U$W?K0UoIE<aO~5vtTer8tSqU?9WyTc!r7b
zH4y0{X>F<JN;6xhvOhBATb)$xAxDWylTuVoLetS?G#$08nzO7cYtA!rb5?#A)SOtn
zgzQN!x*bK}Uv3A!a8SHnYh#+XgUi3ik_1hCRPAqntG4}pmxZ){`%T)v;->A-HY^{a
zXAN&()=#fPH9XY%0chhtkfvWpfr_<s$6joyK4{?7>%n<B!rn}F3fGub`Q4?8Q#e<5
zZ~_MrD&aNQ|6jJ%b>8ao6I}ERF~Xe?=%CS`rwUn~Ct|H0^u%^i%E5#QCP**=G3dt<
ztey!8Rtl(jO6tZEz^PMwVp>tZM5||p*@}@h!9$r;y&Adc7-@C&8<_@CHgnPpb^GOn
zxcVxGqB?v`dsR7ns72uAqEr_|EmptkAE)9;_uI45QQ%}r7e1n-=Vsl|KUg^b;^>$g
z;&iWP^q<kV%KVI<s}a`E_*K2y&-nWS>F%oLXPo>W{$c;(558Sx|Ke|cX0ED#@q4*{
z@g6fP@h{Hi&mODmS2T9JC}q^3Ah}&o1wfAJn3S3I7L3^@IH$2X{W?cWa2O_}6|o(G
z0@K>t_$FD)H<Gq;W2~<clc8*`lW^!$_c$w(upD=R^GwfFeU`f$dPxHJiG9#ZlFc)W
ziPLZeIuHF}E&>LnyiWqc(D9A5uzRauM-)7$o6Yr<kY1M2D^~EmiQ6U1zlifn{BC@-
zG<q44<>wcr;)d652J4X!|G4gcYSGaVAMi=h4)SYVCp1-j<o>ibj0SBxCbkYF#%o6X
zJ&+ITNJClQ`sQgM3n}VBzqeAk7hd&v+1!sBahC4JS$f6h?ku_|=rfZpSj)@N2TdHr
zw~~$F{f=a-zl=@J#H^I_h61>I$|h(so1hXyGRa6xR(uK@x=FGuWwdV{tACwvjk@&h
z4IA|$8Me=UlQrsD4dhL7UOW*XFNF6YSoUd%s}X)5A=rQX&FzX6|M8y;yypKS{^uWu
z{J(|%B>wjX^k-O$u=Hnav;T4W^WE!Jravt{sWSc9(1hsE>Zuy~1N$co$v?<{hTiIa
zhK3~nkkz%0h9p!|0j|wkGt?CU)Jl{ZZ1fbjCTt8px`)Jo_t`J*pMPLJ4813KK7{jE
zIqjN1;IHy+-CyFbl6`~mTUqYOq5dj+RLNhZ=;^4>@^sw}t|~=xRk;UDG{{vY=pn7-
z56rq&aaCE5{2PL+4fI#}j(|rmHup#gO_vW#rWxoO(0cKR)%CSCX(JD$y=4)&tNc0O
zt};H@U1j|3V(FnsF|rT1DF(IU2aH7k*C*heQUvdmGoI!2;9Pk3l%l6r0&7qiI;O-5
zPW#4t?;mwc8Fx22Uz0B8EBB-RKK{a6y;3!Q;bT4ubwl=d@)zD@gZclSzwlodnXBY4
zJnL+hAay@?1&NetiTURK!e3)0OEJY})DdmZB7focFCi9Zz-00lzC7#Z{=#qnh^-Ed
zzwkMwW{tma<453^_3!2{y#32n@fU9YPl!{{5P#t&$8Yx+-t);D`3oQL9xM4T^B11~
zUKoGj+hAw{{=((97?uM+Tf6mp<N}PbC<o9Bn90vsS2n(L`d{-0`}etl|EvDs{|bDU
zg2X9okmIjblb0Bzx66o^U`f`EF(kkvh}q!GD4W&keiXOaJ0rc>tPk#wg+;lcGI=k^
zzxJtHw4(iE?}qoUy=@&V1&x30dG9m6>~G^=d(4Z!&A;}47SP&$hy7OOU;CK_W)y7(
zObnKv<?E%m_|I~t%huxwqkX7C38Y%E-}hBff@jv6F$S$?csy;%N2Lw5fD-p+JwF9+
zN%aL{@Ekp&kIs9}@%yoixWat*8IXowklJClBjAv{Br&d-ydGoE(R!ToczTGue^GRI
z$11~qbUJ81dKdSjZ@~Xl@Rrn*Jzf?|kEe>OR9n(z+LA8YU`qnsN4sA|+>-pTLz(P#
zU{jKc*5DLkYjZytCo&2yqF5`f1@&=xMh8`2{bLRE6%&!;J1{DM^Q|UyRYykD*iHu2
zGNS`@79A$wmCa*P{8^ZjKfuP8z&17@or(5rNMXC%$iMym*5G|;bhG#@*I4qiW?~#%
zw5Z!l4GfYAJiSKv*gkjHFIVV9<CxU?47vQi?L(T}o8Du)TH*@qcd3Xc&YVEInba4U
zcUfKs7Nwi$ju72<>Otyy6<fdeA&UQ{&~s1<4nxYZsg9O%q`fs-@MWrL#=lpoX$FS0
ziHby@{5}&A40|k8Xu@flsEytWQW6?vy)drEig#%>mW)qVuRqkcTtt0K{dn}gEUI@G
z(Y0MVFe$tTXxLr+65ax0q&bO|B)Xquq%>X6=DxMvMr-NS2(ewcy}8YGNGz3l8472?
z)GS_!%h*@FtWSdAdxVLRu(5%(pzrUAT7dV5txSr@a*t%(*?D_S&dASLamAmdJBEmO
zSOcg0&N7o!=Us5D(l-GnjiGKN(0HSvZXY(I`<U1_xICz=aOseA#jjD3|L_hC?fc`>
zL;T4(e-YVk0xYx*LKLCzyJ}WBzQtCIZ?ScxVSH(De2d;l#7mLP48Xg9u}ND*ReTH9
z)mbgKf{W{r_!b$4Z%=0yUf>ZfMuPwQH3w|EuWYU_Z7sLiJRKim3~5w<ch8Qtlo^tv
z0S|9+S$gsFD;VAag72nz`uay^v^<^WDzm!06yaidAi_n(iYz6<1*?kVDXVTP1)hLg
zkxGP%fqsf`v4x>0`PCIxN4RLq#GUV;f-Sd+p85}orH7-e?ymJk=X6OO=;AwVpo`1&
zy>g>(0R+0R>b~|>%hLS<UuTOpOrVSK@sa*V<1>VnchjmY??QYA=q%kHmDIa4AoYG1
zR_bjLR6ffmXIK~_0LSHp6@WLtUIhWz)6>E>pC~bMsvb5?dlWkVOf)Rd0tuKkdPV`p
zUkNM!ZWcXJ?bHpl)fT9l)3$qUe^d<4_Ytu^J^Ig%&p^)b$&Ue#&k(D`XE4FOFUMyv
zg0+zW?a<Cj7`q#cC(+9S-UVc=TR{nIpgXL)PFelsOp*kR1(P>6LN{7dzA!ku>c~dO
z2!Y;({GS=Iv?Wz2PA_yPalFn-u@Ss@UnwJ*zWX)jm%8&e55LfLhPuGRQn_4T@Hd*W
z!%%=`ExaaXAz!-76F<XR`ZJ?5UEA2)<0VDlI4*4)2Xjga4GIuR2Ut~%w~*ogeeo7*
z`MI+g@b5tJ78<{CgLn&?^M&hdZ5aD|dJbnIUmVPCo9>vQXb~=>b5`fi72=8tnV)OP
z<jtjKFll4+zlT+~(dHV)HiBVH(0q&$+#eZzh-CdC?m8~&w!%9j94<YaF<PBh>l$7t
zwWS=g7+%<9F?|VpWMi-%s80t7Fa$rdH3%j78d<sObsgw)q-CF6@%Jf<YU{T;k1)i?
zVlk3{n#Goy9=;NYr$_!(zp{BI>bWa?`PO+FV-X?@#&otJ_QhlKy6J3Tq|?H1-@~?{
z`++YuVH87G-vlLiVag6iYpc6AZIEkT3ps31`)Rh9gwf0oDY>C${$0|)pM54(@cml@
z`G9oxd!GroVOEBZ=)BbIHQ4c|8?mDmUL)uX2Uw4Kob_-Fk;G4k?TAE%1L)aQBk>!3
zV#Bc;#wAz$HqT>vWI3j?l|I#E^-MNN^Is)y1H|Qk-(ksp2-!$0#L8iP7AqCKN=(I)
z=jnh)9FZ=Qt~Yp6@(9jv{L%Ow7nS%OB9Q*ck}7_OX-sADJ5c;V|9UQ9NYp_*wp-c4
zwI-E;H{{qG1o5CKHc9&-n#O`9S!jo9l*4yi!0;VOn(!SEw`(ZsM{Mp<k~)6J5k|zU
zEzh$d8P2%&C{*+_7ENbMnIJjhvsk{dD0tZ+R>N`W!;i0E438xCRkoTid<T!`<yaCf
ze8&MRoJ4~UeK*!o6TZVlE|BAq_1-9l?>H0`zGI};9_4>;{Ek}Vet-OqofR0rgKaR$
zZ@e%X&42aM{<#>z!_4(B_o6T~SW?CBc;(R>#P9I-xZ?K*`OD}2%+HDLq%5}y{Q><O
zR^Bwwe?`SxU4Co3a%-u-l4W0k%l;AR?vGG?2+RHgoDZ=-SoZ5^*>{c4!UEe}gmsVM
ztzs9;>;5|6(z=JqvEb!Yv^X#Yt^DV|4_f)py-X{AxrdhdfT7CDf0rlq7^*pc3eu0g
zH0K8Tu{`rN|KCU7fBUSe>HD92>F=%YZ@=jOpuRtPZq@Yt5AVwoq<;HJ-=8?I3i|#<
zFPa6Z;R4e4A4n#B|HyeX?*|Vi4M|z@&Gr51F9qxS=YOcx_nTh&JL>yWr&mSaU+}`s
z_5Fzt|8{-9?U5Vl`v=edEA{=GXNS@Eqo3Mv@j-+1<p-~1X|!HbXNT99zqTMmUq0%&
zzmvW^b=q&!mp?g&*2cs+mFvszpF<kD77yLP-fY${U}KQM*sejMYa1h7BHns*!POVy
z8*QFEBV36AgKXRz3+U1~ccP4RC`Hsy>MDBr_{Ej2N%3J7FM5gnyF=V{S!4`~Zl9q5
zyxTI-d8_C=bBDK%j_z3I8R~-PqH^*QNFw%rLtzI1v-Oy5^}MOFMB(0#UClr*p)o^g
ziS{PY@~cK#yt#OfQgqG)G?VWZ1>s5^83D~WYBh!Fwg$f+VKKb8X<`@3>6u49aqQ$b
zEDyT#t@F6hK!33@hF42U-A@;`m^|1|pH?)%m{wLzM^5kJ_LFHfR{NbM(B=wp)<)=d
z)tIfcV4s$dK0y)-ccXVpw&R>uGDlaFI}C;)sLyO3u%luBEQ}Oc#K-pMVYPj2*?J3g
z;ROC68D1V^VCOJmcir!2qVFKVQ7eu8N;*TqSAf6@C_ygI9zROD=t;$t&1gd@6=lG^
zsIjCwW&dj5;TkP4?gCIwgN<alhnrhg6yZfRYD5-rMHi&@H3XrEtwiwrR!}66alY$y
zehK&p+aKUk5IQa>JsN}czta`fCCH<K@lH=h7kzqJMwbM?VYw~doL*$>l0fk|s8-Qa
zilA1TZMt(%h=mcUM967@iiwO!SzW(ir@`lzaD|0M)m2%p>xROUF!h(Cb1V$)c9J#M
z@+>yDjHQNgB)Ln#TYA+5L%}vSj?k+K?Adi4l}sQVi~^zX-AI~1dC(`5&-(q~ru0Gd
zD~4XOnc%|J&rv$9t2vg&046pKbVdpq!ZvemFbKsbvO&|C05K8NVvHCM)FlLa7jQg4
zu?B(MfwN@k*4bvkyPdr1oLm9|_niT<Wo3!qVdDLP#QRv{MobLy=lEYttlXdDV(x5F
zFZF&RRq(zM;*D{wg3ufgJ`O?Xc}+&RI+-Ed7UBsf&MzbE2LvO&COf0i0NWc)o+^zi
zlUbLo8W#n(1>Ocvl?|d|IA|S!r0pe1e3cJe1y9LoR6;!&jeK3^K?zH!gczlSBq(9F
zTmlZfH10EaZO~)L-2yFgwjGUTD85$|!?NRh{C@9?2;1O&iQ{bQNOoRpJ1YKoj8b+(
zLGX=*<PSLbO*L4@3i4(7L;w^rfUmbtK;Jf}q&??kpOu3c*X>JC@_<dguQ5FjT`4#I
z0run*I8vS@?opAoZ4Jl{Zs|Z`)tYv^<`1%m11{Y21VpF}8^-I5v&vz-?)x~5ddPx_
zodSusX*Stc)DgSBv}43BUx5bY4bl@Wv8QT`>#{ps^Q-hldq7|GOA+defRU=2x@fS}
z_^lhMi@IgGN9xtuqQh^5(-y@_6Y<M^gJs5tw+G3L|0p8<;OQA8AU3&Ikr^lOq-ysn
z_Fh#vKVNu)@k^TX^S*C}oS!=x5}lu?G*Zsb2Q&(tpWpIzCFkef`Zqa0-}@Eux7qik
z|2g{gCp7x??0|mVR*8Pyg8KFPA^P>BwxsJK>{5zu{i<BFZxa;JH%oW%oMFucQ3sl9
z)TgsGF#U|!atG?u%Zuu#s0+9(tq$nYH^Nsjh@$GNQkLtOwe(m_e|Oj3L8|nb_up8R
zzK4mlzyOP-r)r5wpx_6+ky)iTIs@U-tcog~wcn;I4~K{Pr3>~Sz0E@P=ie1pS${6N
zryFgaM?rTUb7S54*RTC`y7PsF;dSTvuijL5esJp*O~5|YdSYAkSEy!;5M42<D+D%I
zE78+e4;uEezQDZPnNTz!f#$F$dgBZthO8DB81n+54;f#{7?)v*j9i-2iu##3*<3Z9
zFzX;@ILcW|md|lDIeRtwaLkQdx9=k3{Qpc~JHjTUe{E=25!(dp6Hq5phxM*T{EOM3
zhW|D8Qa9I6&%F2llYY9|t5wub=iW#^jXT7ln477mYs@3{^b4<qs;57xvU)m4tDbHx
z+*m!`>Hms;dhGqbUq3wuoyh#c1eoMr(`5a0kLjqN7Ax0JU&_9betN%FKP|fN@Xni=
zs<}@IIti}GlC2dRBL8v_-AMR%rWuTV$u5O+D;WB)4`SA4XsqpA#|FE7<Nm~%&1w~5
z-~T_MAFc87|3Urek?B>_kM`P>B}i?{NIz<HRzW}NW+h7(o+th2Iuq$f`#Ooo>usf>
z{lFyaN0s}{pc-`@1NQAfwCPhTMxULFicu@T%i#uEH@vb9no*meXhw$$Tr=wOOGm1s
zR*v5fhEH~(s(`WE=ISH@ED@<Tv8Ef@v!x1Zdp5N`P@ED*AJ`#AqYsqZm#eZi8wgq}
z8~A7oGB=x$6@Eit`&>4(>L4ndN(=?h!Gm+Xo(D%XGSNN}bw6f)^^6U7ELi238N|W`
zI@YzlBS<@tSk%V^TMH;d-g$!dWj%bx$aZG#GpSDk769m$qCSabeat${%CZaz&f<$=
zV1cx#xq&_}Zb2LJ=lHt;7WeCuWG9}7cN3S~zMop>_vhK4l?Z>t{w!OzKg%?%Ihm#V
z#^(AmtL2wAmrpGHDaPvV*(}KXtp4*iHb473V172`g({h!-N(((?tJ0K=4Wh!_Oc3M
z?T(A3hhu)H`I%MsJ$#)p<YCOuH2bR@Y(3?oeF&rThUI-tjN00}u&s13#6@;LDlwkV
zg!=%SElCcVE!C7WJt93*^}d>1q#6n2$}^d<iBl7#l~1BJt}mOUi8Q73GE-O#L_sn?
z1tEZHe*)#YU<%uR1^z~4kI8mOEMGrgcnX(xa}N=s<YxT78Lh?~vZk0h!=!U0fG-6T
z5=_2%Jt;G^>g~(-Xb4{8aCo5YG{Jh*!2+`YibW)?>_En?f?Feb8O7SEV=T%tN{0oV
zz_=hoJ6pWPV610o2kNuBHF39eVW`vo=(j2Xw^LRL17F;VJ0R?_99bvOvni21JiTS;
z$wBD8c))5HgcVvSlh6AQwLIR07WHBNyRV5_fdceXYCD~x#(Ssdn}hWEaLsRnR^LLl
zxEB}~fwP89C5O$*xNe9PEsOEsB7k<i7(?Aixi{E9CMWV9VgK%pg~~sQ`-sxO9M;nx
zPlTy*OqqZ>d4ItIS;4IQG-UeGj+X8}_cvN0@H5*{*n2E|hP}htQS8jAY~JWeW*p2X
z<-1Sfq--`xo|FgADwFcyM9riu`X^1w`He|m6Ko&-qxPie$BDuA(NB0n?4t(?VeF$1
zawl^aCx^F>M*UY~#jVZG$#e=cFD>9N<7W1zJtNfiricF$d(#ys{h{|O8M6@|KciDv
z`_f%DPfw#^c`YMQL){*ms{$-9zedjoXetUG(Lfnw^feEO_kPLh+5z_|&kNj~RHL)_
zA~TH6!u5@qv<dmxlhR`oli>P+W#*9?T#=Dp)G@*8xsQneTTzFy-cr=DE@LBOY>|)Y
zc@Wi12b@@p(=#HdPb<qz@B;x%NGr-rfDjX)k75&}D32doJeA1s5+$R92qlxUGtHp&
zVK4o3R)2ZV>xO@IVg1MC`*UfA3DrXEQ+HZDwHh((s7BO7*yL$nd3D@0RbPo|YOVNi
zmZ^=oW$G!Z(*Za%I3+EA4BVnC2CEN{h$G!`2a%8k4S^b?KJRzfuYUN8-yhz7HP+^y
zU}OTRq2O2C{5vCGZ*$MkGkz$MG4K4=HgHOHeD#4Ip}wr#l9h7AQ1CX(ls<D>Yq*jR
z0yJIOcCd;2#9rvy3J}vgwa<*hVMr_MSHY%bzn${c?q#C0*YJ6uvPcc6EK*qFUGr|J
z$CytZ?hg-UeKuEnEHIcK3mBx04C=iLhX+FIxOJl28hp}foD^bd0==Em;99_5@(<bD
z{ZHNhDXRSb4|uE&y8lxYa{uRBQ1#yA{?EGq-S>YU|Bd&5K8O21D+2d_*7Ey54u1b9
z5AOdI@cTbJab^#G|L2xJbpPkqecJu4?%0s~KhK2T|Ji{y5JC5U*6{m3c{jfQGlAd#
zNmbwfiPcDCJY-d{ME1iSl}coKkjTFLf(%Z2guMcU3o264jkGHViJ6XB9+N&Tq+=FV
zV_$zfYUu$yF+XVudk^S|0)7u@D&s1qDz||26BN5#(-K_~m^1HHt5PNJG8$-i51K8<
z##4v<H$`i15p1u-*<`N2WEno*kclpW<o(c&>@SS^vfknCazK~)m>$DTYSfrJtfi-z
z6ju&?Z>m&{nY0@;iDDtCFJoo(<waCqrl{1Hve-5qH8FfZ&q>$U!{v+#wPUb^1Gu#@
z+MvFl!sNT7S-Pv-{??W<c9Y=f07}ittf);G3)%=9e-|gIHCGn|iedwwtrGSepN3O!
zertu`(I9WRu?eW&G;{T40+er(j^@Gau7Y}V&W*>X&icy6r+%-$ZhRIxfA9DVE~W7q
z>HNdv^WrQTpQg^gV0`*c_;bc*d`V^FWAE|TjgS86-#b3*ifMexX8qyuIX8pGXX>oK
zV0=Cp_vehy_H~tw&(|q`-S~`}`FqEw#X1_FHZ%Y5_}n|4#%KSGzhHb~#{N0u(`jvG
z<I~mr*NxBS>A!b;rmvy#d1m?_9-pPtXncB1{|m-v<d{Eae4blf+4#)u_ScP1!c)I@
zd=9Ll@i{u}506j1sWd*XP5TSRr)<=pGd?F*RyIE8yZ&|KQ#AGWj!*BEG(LT&{^9YN
zG=;|J%9DS=__TTS&l#TqD=HhGfnEN(@sXzd-tl?!a~huyru^aY`RWN8pNFRW1>^I~
zh^mec+5eqm(&)@$2=gL1>e1o6ls--;xJsAk3br`n(`K&Q1VAQ+f~AH#QFKq2q$Tf~
zWQ+)vuUd_MQDe`Jj@?|}lGjgbc^T+pz!<{j>ORtNs^pwuMn66Li-ms)@Xsuk_Y+CK
z@I<!gEYA^nJPA16%li<tMNW)D<ihB~OW~Op<<w&+9cL_$G6YFG`R^hA3o(z%odU-Y
zJ*!P<_<mh#@FD02md?=yiknBpEmV-5OL+K<B2@P+r5JwBovNT3>=oniC{eDRvHW#D
zy<#v6R`-1P0(dWg-_87YFaMSJZw3F=N6>F9|4rb(5Htg)bS@m-<WVi{5F_c7v@DY1
zHIupi8g9*f5~iIfU5o^W+Osjflh|Q40o}vNNPiStj<$A(#gtu!!sE5UIr<?yO2rV=
zpqb7w6nLT`Eb;|IoKOrQa-}lVpls^z?s^`hp3UWb#O8j6>r9rb!p7#VDD9{jAz(;h
zn|moV*4ASwgr>DOvAQ~0J$>1d!#=RNe)U2;UOG>qp0&Bzx6j$y{iHHOOW9y3_-AdH
zVn0|*uSG%>85@{{?G*0x)K3ssaz&g$OxY?L`t1U>wjq6&ShyQ)i|n_Eo}Lh9L6E9B
z0v4hDT^&!^T-UNv&Vx@(6J0+Nof|4xBCf0}u@lFLrM^hfzX4o?ueeHIxkGGOYV~y7
zVf93P0c7XYZqzq`emd%F_;35#$bM!-eGC6>-{MPsfXo>9HLUL_*5i(yV#+pq8@2xj
z2sWMtK^E}MS)v!6oAkDn(~cuqg+JTTB%$JAIGV}SgQrZEu$pEhb|prxVO3&u(s@Wn
zH!X7DDhHz`Pho^>oTqMx!Txr`2*K(v;}gLK6JfKh-665GBGQ^tW_Y^pb&7>DkFUQ3
zzEa?@uN;oyVVF{WG!*<R5@v^AEZ>Aw-opmmJ5QkTl+Sq^F+#SJpY!f3+>dTXHrRAK
zZ7ny0B}D1br~xTa-Ru@mAOFafdtDnG2g#m-WvLx&#{=fl!V*K_VgY<4?1S@Ot8;_V
z_g1j~4CoUu-p_DNi_wGkQdOhM4bBCK!w9J%HtsHW)K%733F5lICUjIx+G*33;KO>f
z=7*_lR`#LGbXvc@(k&=6X}`A`o>k1m4uarDd$3m0%ndsEf<P%)KJ|Ckzbd-w*D24a
zqZa~8l8uBnm6gEymQTq}Y~d%JP^|=KNfg@J`V!I@y-ssgV|zvvn+d0Ncq1y%W-(=x
z!FdWNMghNMVTZQ25Zyf`vAhKJg1QRp3b_ZY7Z0%>fFyWWZv$tnXh30g?Xsf1!f9)%
zR4XfKGukV#i9ddQ@E&Y!S%PC8ql`J*ZntI@Zm}o9_PHxdx8B-vJ@^vopVG6Qy=NvI
z>u0vyn(5l*I1n_RIQ|pa__HFmup%6Ft-76Hy#_m^@1;3ey02_*Y`3k)Y9OG7LNDC(
zaK8&wHLKk*TaRh+v4(=DtHVj&b!+MM2&?nD4%GcfH<~3XbR&+fMMgKi1O2EW{X4vt
zHVcPv5S(`Rd;@96wmeeDvyL%B=l5}Cd?sWS`lr{yqpzc2Jn`0qD}H6Q-uVx+z*vRO
zIA~xXVRL<m(H>p1pxRbX#vAN;8+*k7rOF(@vG;ajjmb<pq5jg0mwoTtY+a@~pRx#s
z=YG(^#PKDl{EN7HgX2@Soxv^xx95gsT40uVK0!}ABSsbDwSu1~Ac+(o+mwU$zHGNV
z3S=WkdU9wr46BySh&q(Ph`JFsrc=8eZ{z76Q~*^#s=sdL4QTjobRGVK$Y{98Xt+o;
zTntCU#UL8qP@&;{u!5W5vp~mBWVxoDV68jF2s!vQHqsqxAmmvvE=0&5uY{1>JUzd}
z-qD?s>AB4B1=I74Zv-Uh--IXVJAk0aYv{SvWl)iG2n7M;{HQWP+U1x93=l!&e35`r
zs#fcH#Hm=(6NStf>}M_~^fgV5J0SLu^QjCr&PQmRO(W+7#@D2bZw8KUDUEMlu^GBA
zYCMfE>-*9}F{&Y^tsG`xj`Y@goifxW8tMdjs9#owdj1WD`dsv%Fw{BYZZ_2OLx*~D
zm4{mE-|4R(@09zs;~h)mZ3;i$3CehPM!GgNJIy%*#{3MDCO_=yuws*TOFO%p1ZPF0
zp#ZK|TiwsX8l1V}T`0>?upTQ%{Hgmz{8+p7h5|JBFTETIQBh!{a_$jaXPiG)WAFM&
zQAxXfQ$**{ilp6v_VwK9dVp;S({}1JJn6a&S3i6)vX=<?C6>KJ$}cAN5+%PRu$O50
zC6T?v$S-F0QVn06>-A#FS;tEv+b|5GyX#KZ{fVM~z3AWKIK$?96l?o8VdlG8neS0*
zdX`@d?4(rxu}bKfh@5KSFpvjmrkiP|TjZJkI-lu`i?3{&$434M)BN!<H=E|KgiiAb
zRh{Otf9t<~em{7xc77+){5FT5-<Du{W@h7C1Eqpf5Yd6|{sW)lg%ATG6XqFfkrKjM
zv_aMaOaWV-9gq^g)80?bRvcFI6Prh?_=!4j!-h%Rz*G3%o`Y5|dn8AHaDi^Hx#CN$
zjGsco{bBvg)|5?8JubTY<)pj2E|i4(TY?e4=&osqZ4BcY!bcvG`A86|CmF%q2o3mm
zz!e}{QhAzdXWGm|GctjbObf$GmXLoe=d^gUU~kTY!`k94L532??gpn$B=pgV=r@=G
zx2*BC3|?n#1nF6GZl3(n=`6TUxr6;+jH{K23}uxArep3Xyia*V2CajumQv4W=~7~X
zw0<T$_455YOOU>q2e`cs!t)k-{tBMg(sMaHe?rfz;rV^`>;=!lc#2EaG!z0w^PUM#
z-4Chz1F534caY!jZAIbDylo*W7{S<d^FkCLpWUbTHSu-y_4bWX0=RuOSVzKvZ={k|
z{IHyMkCHZ3N$afy{^~BLsXMu+cPxBb?~CzO_eJ=k!8J`y3=-m(?#~9x6&N)`;YM6F
zN<KqjvQAKsP5W#bs(dLItH>jP)w>U*uQkX>No5FGjcg<N|GtYx9BEs^5XuJ|x74&Z
zX^KSYd7g~?oIM>vqfa%7o~dT3e25Oi;S>Xg6M`Q!3GeIRxx46K{r)EDLZ!2B^j(_S
zXDEQnztp4Z)asDhGdT4eTlBs*WNzhKM%_JXdXf-~w~gUR{sDnmZ75vNlDzP*Qhk&e
z+3YXV;Ogi(E9{j|WZOKC=75NrgY5cYsYf*30~dJ=T6YiFWyi*kLc6Q=0>%DK$Z*-?
z<6$F61m%bsMCu%%%DE6fBWXXsU#4<UVe}bMpTS5o`ltB8E~d@w*+R%a5eT7jtSbH~
zUQHqY6h@VQiVWJf@`6U<U>1eXFhk7}GguwtL7qskvUa1N)eJCl{84JlrjtfJ#~Q;O
z8>m%FwJ-jXg&L-uRd#_aFW0_!4aw0cPL9G>BZpNZjjJ2&tr!i7KLO>`9&iGQ%^>!(
zE|C{_b+AsT^!w4f2J-LgIC`(De1EUajF*L~6@wjf(go>QHwwZ#vfL6o>=7k?Z4pin
z#^`Ep2M%YO76e>G9^tykri6Kw4kHi4`hrm7P`jD5GIfq-5Y84^W>50`vMh=;3v1@~
zJ5m9=gxWGNKBhRDYV#nkO_`<Ha8{v59YZH7Rl+E-9v*q!H5-4?X#&4P3wOu7{ZqMH
z30Hv}$M-aDsH~0^^o}Y|_L~U5tj~Y-$s>t@a6jVR`P^6vgbSaMe!Pz^rRPZB-bXGq
z^cu$s&kD*0u1W=hJCiLR0i4u;<BlrEc!jm84!EQQ7sY_?mL`IC=yi2`(r8R>E_i>q
zjy@8$P6%@q{WDDL7)b1(wLk2|?GKGo1{(x#Cx5Wtg4;Plj&v&^-0G*$p=G~Zl`niO
zN~2I>^_DTh^%(dFKt(XzmFE5U%0Rgv|HYmxpXq$HdEN;uF9f)p7H^S;rP0L^z4Rb^
zf*Y|0-%#bsbtZ@ANc~wE;6q>oy>?WxwPH`c&R|E_o_qt`Y+00A%>sqSJZ4GdQ8Cw=
z$>PjWKV9}OAW92)Vs0QYN7~Sx68p2n%IIwZ?#W-vr$CeS)Ks$-JS=6zkJ97Bh;CYU
z04gr>xL**)SX;SwGe#;w@64wAVq9Ms{@mue0F-*x$8qTT2GVO#N&Acg6b-!+8hs8f
zg|Xl=B%mb8h1<wBHxr9QiBY8GM)DGoxDNasWigt#VHcGS8LCt1&+^je^U@P#wZ9Gb
z0T0)xxuCyc<Kp$)@)?!1Bv8-VkyO$OUQz<Ql<<-gpd|T_Bio91E6ORQ4rTvpQI;St
zc9>=mwOcye4+gOy{t(Y8s#<9C^g3jq7Mj-8!|z;%MjqHnRf9Z~ye3}abuz&hPV+jM
zw1q9;g~hIG8Yt{}UKo&^ro1pg)<HvIdL0!OYvZv_HH9XRH^`nkT43(8P-stHD4<jF
zGK}}F5Ihqv6z`wZMy~>}JJwlOozt`?eQ61gf|nmeV0)HfgKZunj}S{1Iu{(i+zOca
zjPuch(-(+6ILc5rs+6snQV<HHr}|<{K`?}WK_nkBtz}0@fm~oZtI8zuOddLpk#cy>
zj*zlYl@r3%qoN!<y{ZbR7AOEFk<>_CKuJ&mOTrXTmWc&`Me+WAl(!A!-K)x*7E<py
za;^)~`~6gnJ*~|ZqsjD;oav~Pr~VY4&IK~TJrq^0)^e`vQmXn>CT*^2noOrNQc;hM
zNa{T(hby@C!GMQ209&924Ca8n!GNJ0P!bFn&H)R90grOPoM6BhK5g?gsd>s|R;Nx@
z){Q!KnoeGt>eQ!oG7(Xy7U^UnrA~cLClf|>>Rg^`(WJf#sk1gF=z@c<4;h64%U{;1
z1C~ReY6j~=u-7!Oe-o@N!RBjVuM?~$!QR)v-X_?oM-lcP4eSGgeMPYUYG8{9_Bp|p
zX<$nT_8P%fYG9ucYzD#BX<(}eHjH2!G_YcV^&{A34QwO9IuPtj4Qva+3<TS)fo&()
zxseF_Rs;KrVBZq#dkqXu{j@yH*{ehVYfD3JV?4}HAtBO_D+s*-VSfn1VFjT%Abb^q
zuunm_+L0k_3qjbeAnXT(4Iv0y6@*oQusQ@`y@K!xAS?|*_*_BA2ZV(o2#Xbj2LR!X
z5QMj{%G_W#KzJbp;bo2xD>VRwXG0L&9Kj@=@4yhIg&@r22no_xfbe(-f`cO@N}mG4
z$Pk1v9KkF-4+sxkMavK0gX~|@ejZ$%J;4?Wo11rqoZ?*@=BZqH+NC`0p(ofb58S2-
zOx`k$UZ7a1K7WCYRI0{bklnp(p%>h#PVg7p_YUzFVA!OuEW{O$lD1f6=T}1*kG+(K
zYrnUf9Ae(uEfr54L?BTjGDV~pNbE*}PqxBxB}&bBS`IRK$Sz8HOdCtD7U@!QD&CM9
zWlcG0m|Ie?-_f+7#L<YymvU~B;HFns3mmxq>No`&%txz-i^n(X7i5*tm_~H>W0Foj
zT!s`6W(m@WHmL#=aUdqOoc<7`XJNXb@M0u+aBK&)XRL58lx=lS&&Ip((g!t6+M8qG
zUycM~yv}Pz@s5e|*`S)p$x8Xfeh)Os<ckeDFJ&^U9>86|3#!cx4tp@h?Z%IE$nYE_
zcPFKXqO9&lqI)81d{-TKsMGs4GEVc016jySj$+Sc{5dZ($<HO^Ebw&bYpnTRx!&sZ
z8w~}AnBX?RZSOe>B%S+S$OHos$Zi4g9>>z8c71vQB<lgS!Bt17$0V2s&@&ck&?h>K
zN%QaGD3qS*)^WqO7&e$m&*O)V8(~X1WGL)`G;&ic=xAa=vu}Z;Zc*_)RYz*sCl#$x
z@@<5Y0ft&*iL0DR;_`eFqZi{YUq&oE{KBjkPzkXzlh{n;8<}9e;0JKH`*0#C1Q5&K
zS;hyZU?*n^Y$?YKh1Ueq1fmpxYP?Q8%^Icx(OkgLEtgG*rU8@7%{Dx>GrN)NLxTDh
z_JU<}j8@nRczZ%&C!o-Rfh0B0&BZMQ+7;MBz@|d>Us#?gKu4ElHWR!bQJ!4L;}{YU
zst2>g{!~zrrXZLS4Az-o9u3SzuzCc0K?4K#4_c~s^}0;EUt=rCdm_XGVZk+-c0UOS
zjt~!or<4*N1cXB&C48?Sm;vF-5QMuGghqgnew{S&iCo4u!Add*$=DC4l7=#y#&<v}
z>fM2E1UU|tar*o6LBTNM`>TFmdl2Ruafv%$x;sOrliib2x#WIZ5?w^)@_wS=xJ53?
z(HSWC;;3|?(%KcLsA{)MT9QKd;PRuw-jAO3%P0sE<N6ger{Mb()?Qq(9@nAt;;p2`
z5?AF-m}nm|e8fo6l^v@nvMhSit>w#(oB7gAD2BV3QX%M!J+I@mwz<qU^6;9cFS8g`
z)^yS9jthb;(zDkg{B>Snwdz2sBMppp)iMfPcd4R|J0`u`Ayrw)@MWastU)b`YfyvM
zx6(AoF@88SXk@v?#F{2IYi2c)K1YFaj<y4~&rq8_8DK^k^E7XhsyQToME{r9AEjhZ
zbT)qlv89YeUL6RhDDS%Hw~WLcXioa4N^?$0U$@8RWb1fyPy}MlX<lrg=A3Jpiq2Za
zm8>!2h7OxJL3D|6;>zJ;$BxKnErbi5O0!C0NX=*hO|jMUKn|&x4!$3UN<}Ojv;w3Q
z#5<X+-nmr2nL6J6Mf5(0>mEzwx^3olYgQaXb$g(tqK|DhauTEBtg}ZbmANy9>puBc
zbEtdo$)fJvsSD}eoz$NK@6SW@`iYlbC92kGxqB;k_f}9kDjZq&{<K8Zy^eO+y@?UL
z33zzPn$WcP7HYy=6E(qLjIOmei^<UzXidV{NlG(bjizQ`R@RJcYKGfJ&A@X{Z8I$R
zk?3~38QJvuDsM(k1XedUf;VGS1T|w6rRVWxG*dU@;{<HRe7PA5c{7?6*P>>887EKr
zq2s3v88^Z{6ec~J^TUU-N4Y6Sqo^qhc~eAcN=bie%97BgETOvh_EFtS=(U(PWiwTI
zr`(jiyeWGr{Sa@;-TzfJ<)^mT6k{ZB3Ld$$rZg_DPECnWnlkc<;fx*)8w*V-vzP)y
zlFZvd$Ms|5E!2*RJE<L}$dGoJ@GH@6csmm5^;<qd=18osC6c#8jHGsml%7p>O?G{(
zYDZIQ$4t2$MZ6uc^1@ARA-7}vq#+~5JH}07?TBMkY2pO?gxiOV*O1vKBdJA2yhUbe
zQ5)W(IiW3@LrsX{Et*fSpYawgq?#|0TeO0=Xa%L0@D_dkk*Y=3HrS%ma*HZ>iyFz4
zbyRb?MdOB!9uGq!Q&wfU;E9`|aD4<dr-C;pk(%>>m6`*rNl<ejiPb;z9M#`QuP^iF
z#6}SXjl$-viBE{4<|I&hViYw;TC6n3FFn~Bo0AJL#^6o*nodsgSHV16`7l`~NCWSs
zlM|?^w4f&mIxq^-tNaBfndIRwuyUlC`~@h2G>N|em6JyD7a+9KgZu@y7s=L>n1FmK
zy(b;YXcasQ!YX(^3aj8*%2P#6>PnuPtw}BBsX3a|O*~b5FtjbKnratM&DErS8&-Ms
z1F4>X-w1mq1Uv^@$%6O8i|R9>8kpQl@Q$ufCmS%it>A5UNu3;n$t?u$TbkrsFuA?p
zz3Z|%xfUkJ3*N{p>g4K}+){um=;1y&;cD0lwk5~j4emqkw}wW86GPgaO9K&R(7<XE
z><5C?*T9SfD<xQC4Xgpd-X~ZK4Xg>lTm-vS1B)ZrID#c;VDSXIn_#zTVC@K&Ot9NE
zuucSPOt9`6SeFp(RcFrFSCigu!nkfz2xA|wAj|}W1|bNI6@(#xP$LAPj)Kq|5d0xJ
zmq-PnIUt-5L8!PYBV29F5WFD>ClrMJfN-Ev6`NjK)i|t*?OO%m6+qY=g7AfckPirJ
zQ884e(4=~16-|mUt7y`t?kbw}OLrAbI@n!BlXiDk(WFh?RWxZucbO)A+?@_MTXDOW
z=i*b5*}m|y-w)o2&|Srpc=^;bQ5wgdeQm*1#)Mf;Ne}TX8`N3)Dp|}@YDks@o@I_Y
zOTGBO*=n_T`F!)*t@M;Fox4>&QT5&`AE6$+Rn|Fu!=G}cZTu-gD!mmrXx2<?%0a{2
z5=+4eN2`JoM+@zJ1Lp>?8I#`Y2Ku8bpg+1OwY``I1}sS@yp#PnDp2c*w^FV5y`-x3
z!?!}M(Gd=1xGRt$jc52!ouMOTNKi5)1Tq+ThJ1B~E3GhtPRVeCCn#iFD=MUmx{&2m
z$iC}x2L1$yueQRY94SJ{fK$WSO76!gt;p+n-3w{5e>8}R0EeJ943-dYnpwOObtjLJ
zc8zxZp=n@zlnBZj6FD9O%@w#Tc0quj=v}7;)K7u$o5BiuX0RXWej93Qq!T<ii0qnG
z<w%X3$dFgLqhDN={l$gDWUU+cYnlL<YZ#__{FU~gR#4k2YR0P;5OuK)df;4wn~{1w
z(2SFjx}atx?UveAtqrYi+J-sjsSOp|uKL5u`}sP4fA75Lyxzd@^u-u57_A2X?urK6
z$?yLIcX8~|KjZIyytmlP?+41h1%=2Bt}me{z>#-xZO;GIgBb!hI*|#q51Hf`IdXJ9
zV*;Ctt56taNgB3xbqr|_a%H;!&%?10ql5&}@4#B37knbIxFLNax*oBZ=L{2~$9$0m
z*X1niQ>i8@o)z9kDf|Oo_^2`-!Uam6LozF97T|X?sR`Dgj0<1NU5V1H8(QHykeO5>
z-9C?~V6L?AcE3Mu<~p=@G8D`J9(Kh<`;^YWv5PD1qef30J|u6bxC$8fM;s$Ni|g1c
zB8(Kl-6#9Ed8A=%DfF@d99zOezi3F`1ON6hAo$4K$vPbUWLiBL@xED?pxdp6%#Bvh
zT@Bdp4$)arePSzd)#&l|5fjG`9V>RJYgqocUUXjQELPv+s3ST{tBcN(iwrMjVi(c1
zUUY3=36<<p$ME^|s96^$bOwS}a=H2r(U7@b^bCk$zuOslHG{Je=z=`=Q2-Q{5wd$Q
zjE^loR@!tMcY}%-5~XLVrH0}C>PDjpK%VH#msm%=9wAFUq}r7%byL9}Ee{5=+!Fi9
z&`ANMK)YypMsO1m6K*JQR{dR@RM|WuBQU6-#SK5G1LF<y7q=T}+OV(X4YiL_zP3Ax
z%&<^>%jA)ryg(6W!!+Q*LG?H!@MStmE+cCQ#1%-rpy%2Uuy+D^qVHCcCvwRWOT;f6
zl%o2PJh2nyokV$RWhK(u*Ra+F*NCGkzY{qsca)l=dNxWB6s31A_psllW2(Sr=sKFA
zpqRyF4Nl;UBXRcGqgyS&m0i0%{_aQTdbqM3tk28qTAdqD;mJjP(q(<Og`X6l3o~@B
ziz-TN8?H@h{_5nwq==Osk4_D9#(gp}XcnXz!jH*)k(wE>INqWijNS3SWg4)N=(t55
z2~_NN;v?~7W}@JIUI?nydv(Is>S9Dtt+KVX>iJu1^;5Z~R_VM}KW8Lz1|_wVKTOmk
zIAotm<Vvs)f{;q1P||YF$Cl(D5?!nD(QOGf#$(y?Fk5Sez9N9WB0M^i)AF?@0>ycb
zN5*zZNn0^?^svquUD6^&Pxd9z^LVwi>J^ND>|}pute(tR+S#0!YZ#s`Wzv(lV)TU0
zkae`!CC2di0KGWt%rKxp)k|4>0Kr*SLv*gcfYXk&3(+NI@&OgbS7O_2$h2#>QZwx?
zM}(Pn1$HdIS3y5qLhosWlKD7<$<LRfx$4nPFd&224$y|iV%00a5vQeGp;%;i<1aZY
zi4V`ByOV@~09YFZz}AAd6Z*36RUf|R=p8sq>BSQLeQ6yFnsv<H0_8Nsaykj#K9_>!
zfEa#Ekt^lZW^%yAYia=$&vGoy1aHaZu*r?CgiW3sB5h<`md~kcz*myP7k4%!-#ypl
ze7kG0e0@j`uHE-W9wc#>HT>)771>$jzai_lSF~kwtVNeNmiG|`LxGYcPC7=(m1=Zg
zd}(dv)z>H$2`#Ks=>U82MnaY=IJV`|_v^3v72F-|HCdPNtU!3AcOfe*T0Dd2_Mfo)
zq$v}~QnIBlO-@IuKC8V<)t_ijVp9Y7;+XY{ZRuT&NQPO18;xXXB#S5A8p$T25AxcW
zq*je&ktG4DX;G?KUCHKe2%?j(l>$21kXnE;-H#24ai4NLP3|qD^aaPjmi%`-wd8>S
zMy|A~ok}izgO`zfoLI}-;1|)}9gw7s$09q2*v|M%@KjCQl6@-UHEk^4OH1Q~f)e{!
zh{~G>fiB_l*I+anrBj3kMdz{wSo3*6ZO!~(8Qtb`dr2UqbP_R_ADw~?pa%l5dEnNq
zVhnmvdUScR;LA{z9^D>G&wxWHG&r@#TL7%50yBt~s7ixUhJMEAjBBszUJXXuyn%lV
zB+0I>@rnU~MK8LIcnXiFd&RHBF&?Wg+A<hrj?#gr*|CHLZlS?riFE#C9Qew82IMA2
zphZvZ=fP2&r@<unF=Xr#JsFm0C@2wnEkGm_rIZp@@A3^~Y_P!yoOvQQHZVh@$sdQO
z_N6tn6D5-Mzq@C=v~C!g-&^<@Xd>R83p!<dusN9j^8vn<RjKt_H2=SAEz;A6*UIMq
zP~z22I-$}UM87?d*FY!Z_pC|{zHMgad>%g=I2r@9Iww|KIcmu0@x#VChQsk!nZ*=f
zFxQ||FbI5Au$}^+?*Wz`?%jd0hIDcXOj8~<5ja^sQ>V%yIr(JWe>xlI;S$b2qM4zK
zP9NbwjVxoy&IYmqb12VUnXNG?)}o%d+)i;eW%N)6Y5r0+jfZMK9i5AxF5nJ8-ou>m
zsY3#NO0Rs1P8@IeDe0+ClWBM~f*3mIL5pDwKahc88FCOYmpzSA_!>6c{^Bgv7_J;D
z4`jWb#Ly&4qg#jJaSQuIhf@@%<87S=wMy6=YJ)Ain6$;_j*6GMoB^`bpfNy_HIT*x
zNd`!~2I4=B5DP$V(?E_8WFSD=Y9QNAgY)j`*;dcXXtNEzHKd~pkbE^^S*(zyohHjX
zo&|B4K%a0m4({nX+FRYvz|p0($1`BXhuOPA_O6=j4+drTUcu~)3H3Bc1@x90^!8Ns
zbbxfxK#T+#1d!Gm$c0k~83mA58p!vjP_{+&3{=8U(13Ab&KZe<;klaV_v2@<)rUy~
z4yc7R|3*N|=<#Tx!E-zU;@ci&>k%$WmMav^z>SiM<8`dt9NQH4L-nohev12{q=!rZ
z{fN?tOu9}<ug;BAWEp#7xUf!E%?wJuoV?Pv-Z(+A7n(~m`6tE(D)vH>p|Cm1P$jXP
zM83}Vj5XYt;H30)Y-+$Z=LU0}=5;$huW_ogX>VcEUh15Jc0q_{?<i-0Lg~T~*yfxv
z6kfo@X>4mlqmjn3=78{w2!IVi7IKvOd64g|-R%}R5^7H1Y=~uXjF&Iw%L!A|*3M99
z!98T%^K?&SK0nnkpC4<OPldhvg0kGzGmJq{YR^iTSO#lBuopG3e-SK#V6SOl{}zIe
z1+F2NOH@jFmW`#?7h<q8Q{gp70>a}VivMHkLec@}n~*}jR^zk)ob@3%cd2nM>ljWi
z^pyjo;GqwY6f|aYU?kh=R`%u-Bk2NLx-GgxSexkC0I;b6(cOU>HYiyevYa3Kg{Y%i
zd~w_hhh@4-4$G7ys@q8Bn4b#6l^htZt}M}wi5Y>!J}hxECf*xJyhq#av6oftj(~Rm
z<8pA{3|8YD5Ezav1gE!O9;mf|&>3%8ZJ^!Yp*Z4_O;Q@;`h9nL!DEkN@MPh;aiv@T
z_x0sVP7$?;HGTD9n&2D3%TMr`eI1l<9jwW|P+NID)Pgu$SU1uJfJJit9WUH`Qd73V
zT2PaUz5|M`0etWK%dh&C2(7WwGaR7>LkRLu#3-L9`toWv0X{?mm9*QdPfiSPe+8%R
z829uVFa}67hLwr#f1$mLyICpj%-{vv<H!L~I9AGvFd>6-u?b-GpkQ<PZxh#YiK|*V
z%Sw$M*HUDqhJ8w&%nKpAX($}tlz5jzf$mO3838q+QoU($NXZUyUIKYr3P-@WO4QcM
zIg!OgGs`@cg%DuOqxbn-N4Ar6WURlr*0qyd)7Gq}V9mrSxWcvVX+m61u1;G?Gd6;1
z`r$OPV!}e%M`c_y-sF`Hh7?O6hM^}r6k`Nc%M!t>C31~rzv60Ct>>=F9oTfJW2~Lk
zZup3i0lS&Inot*FKG<T|0C4-a1hQx#8y`F{&;!$jW9$+Y^9F7MwEQe}axT3-%3oEc
zKWMFy&%cvT=`*<<P4(F-YmL{U(7a&@!3M@ZAYV&ee+9ZYAFic>N!GBjLj#60%Ni3C
znG@8_qBQN%IBrt_tT09aLqqIxGTP%8*p{u#QVjPL<K7(DoAGk`6AO~D_!YeV@@HfQ
zlMILy%OHj!(fesWLSUu?g!Li#4kJD=8CSv7St;u1Htu^#q+f+kNEe&XLWgmYj`J6o
z9?}o|1-;zuY!Z$!JrOH}v7$H^OB*}c;i&)@IDiaoRDesd@-$SZ`Z;=Ta5)i;<;A2<
z)i)Lbt56N7iGV@izKmZ_ri)#JmPNAkr?LSS3vM9$Uj^cT){|hPUa%4UamZJi2gaM^
zCHT&zaKyq;IIEFL#!<};HWBtEZIOIW#073zg{Kp8&Kwx-oZmwyM7fgJD#Fu=8jXlf
zWNRiccQpy5g4J|ZzLri9E;l~qM?_Vn79@T0l{KoO@|9K8kXDu$w6cs+tKo43;fq4X
z2vE~(wdG&XvX_@QTNMBLT(u}*p{#s3f)>TUI?<xQb#S<mY8`yjNVN_&Hwx7_<NPrc
zmNcY35`(AfhK8!nQv=F4AUin6mWJ{yP^a$T=)o8D3QX0IecX_Q>?16j0Q-0a7ZID}
zY<_px7N^W-*aXEWdCKt7*?NKIH5;9LHaer#rl|EA@lk;*9c+$6cW9giyvN1$L7<R6
zAdR2J#N~E->3#}G3d$VwKr{~50dRf$$}Op?d8M7~P~y!dyK;JE#G2=XtjKp7(tI!n
z&8ZxDraxehLj-cZ`JRH917|ro!E+oH7B|@u6_#S!uS%UX3$R}!s#D?(7NFpuYKal_
z(L~h(gm<~a)bk$F!_RxZogf#%hx*`os$95*STmL?m=LlMU&*Cvt>D#?F^te##^Buv
zFv9Il8ouHF^KvgWwU3@Kp4Da2h+%f6E-&-WG6m|Q&j4kir$NDO58w`JUWZ#AxCoZa
z+o*yGk@R^vn;9x-mhDz$gH$x=rguD4DI=RupcLCaQ&9@&vz2#qN-?56Q408kw4xpn
z2i!{+)l==IZ`M=Mkmu{EXh=alq9Nu`8ghg$@sMl1Qp0dt-bs$05R87NGLmzi0}_LC
zTntNcu5om8FuKr)0I=k}|B49OAD=!Oet$fAi=dn#huI&u<;4YV3WeVv<(z-Q{`kY0
z@cU!VEi^G=Z?HUvKCay#WB;uEQ9M)m{&=FUN>i#?mJttY_eUAyH}8*aKMUR;Cvc{5
zLR;1TxZbFm+n*U#b9<q&(*1GzE!0QG;JGyGmP#gT0SCke=Xmy(aFf-;(RT)y^Ql4U
zFu|D*PV>&yARh=cDP*Z+cKp0ZaHeN1FCzsngoLEKEtyGvUx(oPh5mB6RB@OXB|10d
zSW|WwJTF7x?ono|?gYBLJs`dF0xCkb!x$|=LH3mBUX1%NA9$RZ(w(PL1l7pfQcfER
zdxM%6m2=!PhI-vd`iE%AY*sHBw|pOGwvr=<%Ok<-Wp>#0qN<cZ`s`#1Nb}r9&&bgu
z#$vtJ0`tIEB{>^d!*{2XQme^<O;ueRy=Ixru4I|a4!cbFet|oz)RO9?l{K+iy;Ri_
zf)|RseBT)t*j?5269VhT7H-|l4!dsnRUX`4rDsoI&EPuEh>5IX<3@~o1S_^WGElJ!
z5<p2M@#~y8!LWQMckgmi`o<C1W7U<b;6rKVr+&eb;Oww_Es1`c5aX1*wAo5u_Gy+N
zy?QGuWoc7}RSJ&2J-vKaN73C)4xp<hq%FN@C|nF(>|PUJ0To0w?ZgPWyD3Ge(0+`d
zyPJnFk)NzUmDBw7%XziYsrCwWuJQ;p-oTE<I*@ekrkgtoS_ZE}ky3|~I;umy8to-s
zhdgy1vIBL<lj|U=b4{f>Sd=<g<T@m((Y}wQI>ah<7{lwJSEE^Z9Rzh9V8-)02yz|v
z>QuQpQyp+QVjb`a-EpYV?7R-(s-Nm`RG>P{Q=@^E6x3mk`jjg#PzOlII*bbBvbl*^
z84C9+S|Yi;BYYuO2&#|#qO2Y{<pM_&g6pCt_m~(JL5X@bX3Yo{na7j{9Bs2IZ-M<X
z>UKBAqxdr-QZ4=rjZ|yz6~|eNz-EJo?kkVP<UTC9;}vysHB62Zyo)u-cz2>t3&Gpz
zDt^~S-;Ie-e>Vau>g<(Bu$mfJHG<VAm{9|(MX-un5!OHht4px&3D!gdYe=vXg2icI
zO$qiM!QwSA6TylIcBcl`mtbQFc9#a$pJ3Sp8>oS06Ra!29@N0@BUmiK25VsdAlTJb
z2pgt>4I$Vef{oI^h7)Wf!SXb)u>@O4uzU^7PO#YodrAYFLa;o7J*|OFC)hxOJ*$B^
zBZ5zBE?t)WVtg;92;So%CjfP>$Ox+e!5@OqLqT{I5ISB7M#xqWrT{`(2*OheLJlB|
z4?%cALFf($&JcuR1)(7zED1q4b-~ZQ#r=AWAso68jIdfM;cGxx98$t!1z{;5yb*#h
z|BCGX;{`x?J_O-;1>tc(csc~3@QQp>J{u4whagN*5IO_Gm=J_<SLjFwb+t7C=b;ds
zhtxR7jxro;2+o=cxv^z{@KHrDLfj=8;e9|bhS<72tsoQt!lV#{BMQPWK-dGXZo1Yu
zbHy4UW`+Ww>}n0Cxj2&KkdmKeO;D4G;3_iDu00W1rX!Z4B$y**+*QU1;z>&?7vtn?
zzfFwO$e1mDCP^t+d`r@ilyq8CGp+dc&M=afWby5^@cYF##!Gejk4kESw3U4XlA2PQ
zkko{N((Fi;pfn?rh9gAiDdKer@zdp2`b?eryv!8@qtAteSsUTpEbP%J>N_k=1#j~8
zu=a~9=zx2Cb2`h`P`PJ`0^UQgIU3k(f^{R<JPm9v!I}_kz6J&+@L{S^_;c9W)jOh2
z#+};2cIsD;gvI`UtUU=_ROR+}Sd?74SZbIGRHNb!roto|DCiv>l+udIQlE<WL`58w
z$`pe!r*YEWv$Vyuva+6)m6@6;D2rBZS!%iG!X3vw6LMkx-#O>IckZ1TP~ZFa>nC&X
zIrsa{x1V#qvt-Eu!)Nw56%hMKVC+#Y?2u<#A@S37#80J$B@=9h4wg@_HUulu!3qd=
z2f^$*n2lg(TO#aL9qbi??Izg2b+Gva`=({>1Mnunmgrz_66{5S4cD<z87RE;9!0QG
zI@mJ=OC?yQ4)za%wI|pF9c&!I8WU`)4mO!!7w<*bCpy@N!M;cAb~Sj_bH~_Dx6#k?
zw(PoQM}7=&YKx)8apC~y!&<{=Wys-xu;hBciLzG?IIV)u27LWm;MW6O0n5IA)|aLk
zClu4*8AlmS6HoXeOgW)xSO(yX@WaVGp)@QW5T5WucveMd4hTd15QeG<e;r{6DSilp
zRD@puA<+*ZNk#Y?5aRq05>$kL0Ydx0JHz|3?{|iC9*+y-2Nw2T8i6zF8Qsi(l4gD(
z!N%!eqX{;SU{iFki3A%&uorZ&=>+Rau(>)|ksp&-dQ#zBzCFyE_RUE@e&M7t#oqvg
z&-@Tps|b03@Sz{V%9EOD@Ce|%<%jdG7N;}d%sUxy8Xm3;xcv_G>3h=r%`Z5k4BT&r
zSeaAKkp2HXwTDuyZeDx1#DmRi4~baZy!Nn%%bV98+Hh|3+QS!S6YN(VY&XHu3HFB$
zcG#dFUfv6WTN&d$2U#y%JRPvF{yeRW<7a?%A~4n|73*cd+7}q>x6_*8d=?NZ0wb1d
z5qkjQ>cEI2D;1tn1gu9Y17Z!WR9fmf0DD1TtbQui7QpHr7^`Qc($Xb>)h;krdlhRs
zVBH%St5v0@nS%kbL14r?w1{m0vFcPn#J^7|Gu!h!2zRHr^%lP!dh72R@9mJ2KcEJ^
zfIlE(IF&yjW0;8#;O%W;Y&*C{gt8*Z6#}k><R0ube`nzp(JeqLF90b3<S_j^Y|!PC
zCS*$C4oI%V2T&y+;;+%3dKZ5{|BfvuP3Qs$^re|<$N^lmO$^0rWZT$K%5P^btXKe^
z@5`%eJZYw?yz{O>=&86xZS^bFnpVG9t!Z^mbqx>j_4r9@wTMK!hLS-Xk&m$$doTnA
z+E;;kFJO5iMGaP4Z5eQxAYVM;g*Nj-p&Ry|pq8Vb$~N|ZZJo`%Ac0s-ygzL3>MEtZ
zPlu@O#m`@Xvg}9X``407$i4jUU2Btd{gPXy>6fupntsWsQu?LO3E$a(jxp_^C4+cj
zIM3QtY35mkw&aG|l54KiaO1)g$EoD|0{3JY1G}56JtWDi;YACT4D=parhkVHG4tTv
z^O~-G;W%|Inh;Jp&bzj4u(xY{;x|(N4!ffC@3kPcf3Xc6j%#LV>*Lhf->kvTrItXC
zxch2N7q9$5Xs;3)##3Uiz<qzvV;+yYAq>zI1?Z8>8IT$UW=rz7f6#hKkU#r_Do6LA
zW&AZepZV*fP?`OYfGg+0AX+&c*<b(mj`>SzZ$oNt+*$WL`ZJ&Yyv`ehb+q9P`u-c5
zT;F`7PA(kvW`Ai$J&Zr#$hwdDPAL#N<zJ3z_6&@7e~g+0GN!!d7$3Ju{L%-@U3Iwz
z-J=q`l_U1tV?<muCoY2j4gZD@lIyU*+vxgA{WV)q#~I_Q_T{DgzFPU}Z3WkztDXDp
zFKgz0tIL|XFJ9L4LeOPpkCl)5b^(TX-F;LU&I<g+FDbxmFPK^lDsB1GqbBb<S;8JH
zj^!!_n%d7js%)<_IW9J63NIBeV@yYRNR6nX;=GpXQdnRvEL{N8a@e0RA1>#ehc4Ln
zHFe;_4h+7ai@)#$MPP`Q?0d}iDh$F<CHLGOEns*BTd{S3**PtPduzZ<Yp@dTCG%RF
z9Rm`?H3jnon3mQCs&m49?CEZd4<gx*p~=n<@-)c5Q&<}PG`e_6&K_r0p)b?KFUdDF
zY+Xwnn<MM{LI<?*T*Zm8^qx4Oc7L$KGcic?6^yUQ(@;kg&P)_$_DY47JjNIvch>j*
z)iHCV#Q=#W<tEz%N_f^k(LB2hO)E`hGY%&g&I}P|woi>a!3tSmc1+8+7*0W=IQ#GN
z4hY+UpM<cE&M*VM**QG}%*}t67i^27{Bd7G#}>{6ACHev#nKPmB*LV^EwOQD&GwV-
zHmW@{T`^k05%09c?vmZv2EkL7+-p+oixXL~_H*)Yr)e<g=|}ctwwEgTVZavza<R!@
zUxIPSi(&xs1^Lj7fu^`Kh_O8wHd_}+j_yVn#UezvzE1Vq54#K4_{3<GK7r!*=A-Is
z2D!u~!9Q8t?JOS*R?#&Z+T^Gw+3BiCatvl9#E5H>8_*4;X}f4UEYME27u(-#XrCvs
z8?xfA$gR;TdIqEvpx~C0>4-H;xm&L&rR+eocqsm`LzJA!GGtI|C_&OR(~&&4J1)(3
zBCnz2k!okI$3CUn-C#Xu!yc)&{XA=*84SWJz=P(+-LQ+Fcb8J7cp3KF$#}d&CHj+D
z|Ctjkj##A)(Pq;Q(RLw>+8~Fa#>~f~TU=Aj#(NB@5(|sbrZ*Z~eMqBeaZZik{hKVV
zDYZCel!be*!fQa|7%e|)fv#A{b&%xZm?d9-K1y%*U^*h&Y$052sp@FQGJ3dL7Bl(C
z#+@cej;B%0n)ZvfA_z*s142;DN~QX^ZSt2xqEttFOfiI!%ivd-CWt6_xnq`zV!`W&
zuf%a6-yZZ-Vf~w=u*VP<?)5Z59ukUI$%u;gmDMzTig<KU-n>`&y)D{k;1KmZ5wBNZ
z0^06iy02WTE-R;!&%1Hj;Vd5a7oZ-$9{e(xdN53V^Ifo3bIRTn{fq79uAafjaH#u<
zCaiLlylJ~hP|TO0doQ9!ihQJEe7pB93t4{0cyq2;$uIEs`dC9jq}+Qu4zr@)1|kZB
zy<?1lz{52}Y_~+I!8V}QbZ(euB})b#SvAJM>yI^fV{w$zNyL@cLjsI()Iv7K6M}J!
zv(!83EagsGHT8z>j^tyUq~1wC`bWIp>I~3!@q6(YekWaDO_kwnJpQ0E#xcsxw4nWV
z72S^CY__cm_ML58j|G@*GlTTAt-fZq9XU|<Y<rg9QHQH<viO^H^-XS&?~I(m-^8eI
zzyqe>#fE~_l<X-L*Q7Q`HkIa$l<Y2TzDYwtenTN|pt$A{Hl<1)N^f9wOZKv4`!DXE
z<ZlRD5ayJG&N9fp`M_CqHUMEo7hn_Xm2FHAZGEqKJSn}#7{`dVc=prPjc(L)LrH}!
z=v2r8YCaw(*b*HK+>w%b_-u1UD&8?9m#4NAT>qdL6Vde5n>u~T>!eEwA=tY**jogX
zLlE|X4z|?bt47<x?^?s;oF74n;dhn#R*ix%1P~l_$MH%?Ej0&FFIKaLXqy;9O=OVK
zWDd}q3d_|MHi?>XAHk;UU{eVeO0XF^SU$mA!3dkJgS|+w?F5^ngS|wsFA3(*!CofV
z>jYb%gU$2n(rH%}%}VPZSdWeK>(bX$gzMYj($x>)B^BWSAWWsX)jYWN@Q7D~ZYezC
z>c5qOUxI=^^t%Clm*3{rmq!7@e7{@Rbt*y<AbjeFa7smp0tDZ<8{&L}8r-mED?_;C
zhj2+P;SeAk_d__YUO8_7gkSs+eo+zL281#{gaucXDxL>~*?uGNw~FxOR&IhoTup*h
z$T*D*HD_ZQc<ib9zQr|L(j3|4;TmheaQWkM5XBht(P}IlkE8yPjVT9~;K)&2b4)al
zWwD=wlPOj%GlM;w!h7&s7FqBs%l};5PzUc3=v><8WarYJ>s@bh8elSk=?34^VEqC8
zX@F>_1^sCdra29E|61#5fZuKrXkX7#-~7PeNa~wkV8<w!$#&o_o-J&{?%%+)C9l85
zeo@)qAJXpcW_!7PkGmb{*F20D-C}lzluMzoi7#M`tl2pSeo}Gg;|^GQS&h+bKWF<|
zui>z>CqQD*c7J(1nxqD(#ZPT5xCYVo=kSbY!biT>)pa`fzrst=R-oPA-Lv5SlK=s;
z9V8PhV77xc1iM+bgO}7D`m-|FE&Lpgm#7Hy0O3_XgjZFB34k!m4`CKZ$dU&FLXIE8
zz8gvj?EzscJTj5{rx(<CI594e3%TY2RRLcd*C<xrKdxx)=I$c>LIc+Yfom)%2Iu5m
zIweb({Om5$6vW8Gc5w~MAA&{=H<*{1C9gh%^0oZa2db_GF*<RKF!?ShyfNxq7|oDY
zfoCrKdnZ+rB~Rvsy!-*_6V5+>9UD3Q12w*lB>%9J^e+GKscG{c3N0&mfs*_#$L+}r
zeD`^^x3XjdudRhoLE}|=j<^Y<>iy(^`DVZ#gyQ9Zb1y~S!&I)5Gr*90E$$wbkVqx(
zRWh@n?1UKeZF6aj2UIh#sW5R;EczM;BO4-|tmK&pSJEy}SQd^sUdnxP*p75J0()<^
z#ig09Th09nX7m<>{4?GJwpG?6btbSafdsa{Z8lM9N&?&epaCorKyDE}KHL%e;sp!F
za&SO)L`oC)^;!?+H4bMR;CC}M?$h$Ns;;c07t-bM2|Nl1M{_S_Xs;@0?*p1M^y{Cq
z1aeWuC}Q4hv!S1GNWPkYLaP%{vQQ{qtQ9<44E!Dq?)eS}xn+lxSRB#Gg&T~ZSrTUU
zNR7LK`D9b$&N6=0?64X~S`1gPRafQSXSqVA2+_@j<*1bTExB-pF+~3{<tu{k6TIKw
zIK#hBF@`7~AA}=_0x`nmx_S;eZfZK}3$X>K<(|DrHm5;=$Qfw=ouY=}!RSZn0zVC6
z<<tozwy#yh0L9`a4(<pb@PRHl$h1vlNhPfZ8}+<wt3JGElMqE(w9msL)#x%4@i2|v
z6b%byq??^o_6X<zCjI4yL6#6E+vS9pCq)QK22D0_5#Q3dkPk%Ywl(y~12P^Jc$N^d
zDPM_y%X!LN$=Sm_Sd%5>#R`)q<p%hu@EE4cH!3ZHED2eY$4sU0rQotKmA%rnPvTMe
zQOd&%7TBHzr>Q;A6iq8gKn%T$w}KoBL%-&&kVs^O3kPfkg+N`2f6K{F7+TRr+lp_?
zO<s>eXK3ggGSz~fCTVvn=PF|4d6&Bi>c!cSL;UIvsQnop{Jfuw@Rp?6h>oQ5ie+8X
zemv>Cl3>kB7L&(1PStc#r8;?x>$_yqcQN#v>$@bb@46y8VHgyBR}wKauAk$Dg6~k9
zxEAb`H^QMWi76LYFFw`|gJQW%7!+%lnne_-!l};9sw-%^2>kHD4tOLh%4caOmQak3
zk6#UjQlIMZq>9b@;Xc53kh0stSuW^};c9PK!7%TCYybCZ`>7&s|Gqn(w!p@j`Ymw!
z+iVMbT-gGbUg|0+kTFFJ5~o0Hm%4gS-Np3{0tIn?mH!$k7lj#s-CTj}W@p$6Ft*h#
zCVO6N@XaaN@Cxu>gS`hwT7YQ(`*qO?)mVz}k<hvIukm#zdmgLC4}4++<7giDlOej_
zP!M_oLL1KV{FX~x!EXL{8~<Cv|E|kbV}0<Ma?c4taJ9pQSs}lbdtJQ`heh?u@0vyR
zB6|SVs1shaRm#s)Xs)G;O%Op_`)!{Jlb~Ekb*mt@AzF^9F!5-BkEziBoAQE)9#)In
z#H+YkuDQs1Mq35q9w=9e-OYY+7;O1{j|+lYL9G1Xam~{B2vAM#?%IOh|DJBcI=q!E
zxbNi<i~^Ifks#p!Q5da}@@u?A#Ocm)&b*l{)EYmJ_C70wgn-z;&T-Lk#TYB^yJ$Q_
zD(DayKnhEDq(~Y{hG~ode{HnHExeX47Tw?)=Wq`d0NL`)y;6)})*U?X1QQhbX@<$$
z<qy`fep;84JAQKRc<XZzJ}!;%S*B{y_MafHmQ>;_3uH*5g|-s4jo{<-NWUH!Pd>@g
zUWPp=#z28!WAU#CWJidpY+)knv|mgD<?n#(hvmSdVCK4VVocN|S6p`roIvne)ZLEF
z&&f@*SE2V+dzCPLa6{fZia!#1g0WckXf?LF5^sc`sE>cCJ5eiF`Jbr1Cn+8*Fq|ZQ
z_E<Q838`I*y~in?JjMLvNq~hXv3=;y0)|)bTvt3Spi2tK<byk7DauyGfs*Z)qD>4U
zp|)Dx08joD?<4y%G&o7o84HiaDm8hsvvEziBGLlPqvdSy%lnBA>|=7s5;z^pv}hl2
z;d-u0$1_NWnv{>>{3%fEt{kKQG}O+<vv~FFtw$p#Gwfpm&C3Y&ja$&@QSr@R>`j`Z
zlhMqk8aqGEibeOZoh!|L4&>!cr0Ql<;!?8b@o>fyMw?CN^5is_lCE<)<4tv+?Ndw4
zSPIrU@&XF6KMT5awE_ybDFpjf2ir}s7=rEB!G0lFBZ3{!!S)gC!g+)p*1>)!*e?V-
zrh^?K*jj>}(7}!p>>Ywt>R`tOUqO5aYcU+NZP&2#pu{hJn2Uq!1NfjHxLFN><!=}`
z%um8La_}|)-{S|qhl4)_a05SZ0}gfo_=aEIkZ=UR*#JK3XT<wBr#ub7W*FDmr5Og_
ztc32?eA~t}A0@?_gTwfs$9sx>TnxvOijD6+*hAv6B)_=_&p3*NHKUl0moPcESUI(n
z6o*XyFIFV!F?;y_|8J6{hfPo=X-SS(3+Y@;0(aTJlj;6ccc0EAw>^-qum+@Li*r^6
z+@Z&^Ll8E|M`uxBF$mNF^6~rMfP9>7OiHtzr7Lex&t<T6(g{O%K)Tgf*v=EUe5|;0
zkQ8gSA9dfExj>bVZ&>^HD@aTf^3N*bF<ku~ty4VS4C3+nui?t;s3IJHUTbJG!`66o
zSRKh|>IA%Y2BnCQ7k>gt?n6JE%%x)1LCDmtlDjf_aay`W9gy4^j>D!#3Zyu^R$1@K
zX8;d!Q)u{p@TaqkzF~IE0e8@Wj>KxHInrI@(Y#_z@Vu%T4`V=QSnS=6u;s9#8&T1r
zQ~o0eN}`L<XL+IvMqiA%*R)t`Cov|(D7LRB#;~_y`~FOz4Bh#Rk`99v1LqbKko(6(
zyPKGuGug5Aha5TFp!hETfjggM-|N|>p$H6L1-a^qKT#w%g&zFWOH|G?UZRp1QBpvn
z9tuQM5)qXEMA@GXL=+#ZPE{}qn?*%><tNwEs{8~;qNxhxrwWb1fMh?O=_fx`EAm6t
zt=bDf^=V&f>;<^|^hp_$pV+z(tQ{l@zkDl9ePL<7o})LN9$!aHZ*l%c&TV&;x2|HF
z&=)tzY*f=n!;InXp|JR$7)PA;ka5?&fdRkT4_K9QhYgDQOju2O#@hLeuk5KJw)mP}
zzc*jQZpO;F`vv~pR*q0GUsd~M$zSuA6Xquiwb|=rD9N9_yGsP$T`oUQyNkqkmy|DQ
zcZtE>Wi{Vjl3+iHfSo0p@uRe<aMO@t5)mz|5AM;&TL8`#_Lua&T>oZP7ANT6(rm?b
z>fd(APkv#df_WvpO80VNG}ulP>$B4=+CmDrBtB{5Kg10tWrEKJGvq{93<_(p*RZEY
zKBTy`4f$8eK>}?*bZ386E{=&3NH@iIpa{Pl*K}y?%ZSq4FDqLRFo$eugJYW6GzZ+$
zti4$e>hF7D(WihB*za<adiAmU_$Q86(L=p`iB$4;u-UXT_ZPMf7u`$iFoLbaQ5m!j
zV_+S|!aAJnvkslZjp3QT_sjp&di?$~&3cUC@n1LNdX)HjOuyCjn4w>fpPZ_DJ$_lE
zNWTe;2-o{HB>f&3O>1w@Xm#yH$UT1*xM|?ZwaSV8(kfao56xrCteJ}X_80W}fq5F8
z`r{n;PVdVI`PeT4FDjmc&pVRqu$P;CW-Xdl|B2lP0dO5JV|;;LFT==+MOU$xC{U*2
z(|P7o)u(e37!GB7ohH*d!mRinzBPCJ9!o0m1Y^icgIAg?tcZXcx~<$6`Y5U{ugEDq
znK0M>0t!hXWL&a8gajZ8LNJd<-o64Mzd&AA;}dvO(uR@3ZUZ`3vgZiyV<~YT%X3yz
z+yOmw9rzfnKKa+9q^|*p9P<Mc_ahj7(>%67Cu$bx=SN|IK9g>CrlJj3R^baNg7_-s
zM>qn?tSpAL_&sj-*Bs@U!U6%jWj}!K7mI>$)upBv=EIklarQyjOrL%(`lQx=j_5)q
zIPz0!>D*$U&TZHIb~@Kw_Fr}GV}6}GmUnLc5l!d*xRrG->eCX~M|0Rms6D0q?+A3S
z4P$sazDLJeQ#IHrNn+8~VA3$Qr#66w5t@g4M*9kOikM4kf-Uw7Qi<G4v{^c{*9MO~
z@t1g9AfP@BA&C=PZmO`xNcP_(`&FOyA%+KuO$<`u=5VR7BwR9W&O1xH$e!=x(R~+-
zfv_}SDpztU#A5gpW3z^61`;|`2~GCh$7)E^sbj4Wm1lBhrZ*l_*BDZ5(<u5y!XriZ
z$9v*&JZ02u#DEfn#xaXYvA|H<vsCT3OzQ3vpV8n|(_@>J^e6<WV~Gh|VJx98?U+i=
z9_`{a30&8GVN%B#S_kt&Y2Bd!TtK70kJQ$Uoj3|wH+6KDcdBN!qlt*o99S#Ud39?;
zl&1akb37VwW}phf0_S}gYfhL&(<FpBL+|^X+K@$$xx9rrM0$P@587J5>nNc2b9s}7
z_0$AyJ@q*@X)T|+GjcUk7u6~wX+_K5AMA=g*v-mG>4;M}3?3ZH&4PNO0(&BfHb+~S
zy)R;T`7HVRa~LZal?>|qz#imRJ8yqj=he<y&HR8?tqM^>-u`R1Zc;#}DOx8!2bO)U
zn*)!0c3X4cfgYMU@Xco??OI=%>$}$f#n<}01Ddsdq!c=eFFm%3?vtJC;|1^PuV%%p
z+petsM-IU1&r64#$F$0hu(vIPqS<0ECdYrpbka^XhtT{48Y$T3mX&qEjS=#ISRCx9
zBr}#|)YLRpCA_hPKtcYp<Olji`7BtT+oHj8?|@7lJz~<Ri9GMMcUo75Xa)s29Qy`t
zf~f4MWE&|v*WLbJs?HFe8vVHsh#)aMbX~4DHM(`OO3x(R?^o)U8CRUHG_FwB+Q^;$
zYYlkr1dDy7?gou7IAOhR!IgX&Xu++<g$5P*EV$#{)cI2-=lw^w;6nTs+#7uUSbpn@
zD|Gp0&4OFBnHF4(?}D=$V?^7_lybYn>MXiV=3R|hry!Syfu9o2(0e$_Dvq+2qZBJB
z5FU-gc5&E#1?E7jqv<$3sgB>}nLFVwcqIk?L@jLaN-Rw*!o<v&@r<A7U%glBiEh1L
zyU16gmKK*b(sUl?wz0E%gws*In#U;S+ER9eXBgBYe9reKA<ceD&5YnP^HekA+NK|_
z2OcBi>M|(nIuFG-W^9i4@Y-{qW?NU*!7_EeUHFOL&*p^j=_dJ3vF)35Q>^A&|0xFj
zO?&zV-zioQ%cmI3oVz~JO|gU=-zoN*K)1QBy|hIE)pBC7W}bB|rg;_}aGqU{RtA|3
zYda;_;(?`VxLXL-Hg?oF@3`J!(2py{=;htZzkl2NJs87fj>`7-FOD$8WYg^$t7{py
zVaB$b?xaHdL!s*+Kjw(+v6EQ8M@s85$7hcnk&`<au3FR@UWYGXTZQo{zz}b2?m~)y
zIFF0*3>xcIH4Q@0wSeiqUm)w;mwrRduscet8Lo^97(wf3O+d%+J3QLgcjD`|{$$#o
z1gA^KJRWZMIa!Id2VJzlK*1Sh?6OnxiT1F5j(XS6@><r<DOf-K*VDGGES?PSe8keV
z^H7;{Fi(qvXn-qVfE&<QtY4y>CpkDElSaXL!ghdYO~9Fke5Mq0^5^oygu*oQ!zAfz
zqDl$<y_Kkt6{;@Kb2X<bhN94}#%Q%bRk`40JB&*xVy?6fR`iG*Yp!ly&~eU#WP`?K
zIo|@=<Zm{AVw$kAfj~AV;qtm&U6CB>EbgFELH7KiwDD$5q<Hldg&jO=oJzc)h2-a1
zD)nHyObrZhzB?yC#`nWDfv#G#G}?y4d|(B_^iUYo#CKE%HJddO93k?uv!N!XsV$?Z
zsj<PDjS<Tv+a)%?D7tS(Fz@$~^qj?`{Vt|{-oQiBFEo~F`gz0K%IHtZn>Ye@Pc3_Q
zH%|(&Ok4Tl5Wel7k~_DnW!hr)F$>&+;e>ttTNA(MvQu;>uzn5JZuPt9<$g|dSO}l8
z;UPry77fw$bwp2`I!;e?-n{}hM|G@4A+6(DJT1AjA0DEqc0mZOzcFoZtsy_H(KI9?
zgxpI)v<*q3mr@8dBtL}q`-T%V`#qSgtZN%YyvN@-Kaa?dtgrC^FKb>;TRsf9oX8(w
z;mKVQ<GkE%z2;E3cRktd<olcmjMXn}fio{)!1h9(NnoxoU=9Z?@CDd8z%P>fycU=p
zjpw%`|GlEk_oG}f^=`@|MbgHr6Dc#v!Mor}lf89@KKP$3&FU;tSLb44YlLLSfD~J?
z`0AGWbn`vKnC|Z2m51TLO9vduLAFPdr(7DnRWj`moeSzi-9vID`z5L5k9vhOnj{D_
zkASNmT2eYgnwSfV6H?>0S-=vG?CmU&+jWq$m0c=19%2s8sD_b=-xe+K81F~q4(!3=
zU@Su+&-9dM+!O=s#CxT{POx(XW~o7IKuB#HZcJjm6vopF(p%iDarOu);+p&hX*Lgf
zUW!HkMiR5a$-&7nQjR;|ZVdNN<re#&7SlCrewwp;lzI2LLC%nAX2-BHR>QBB_9x9^
zzh5NV&(_xHA_IjOWC_CAqa{=8Emu9Z;yj}?8zNK|Fu_HDKca<=<_)$z%~}ipNMf37
zmu<!QuUQ{P<AQ5>|8j?6|D?uwK%E_yTrk7fkd1wb0eu21%+8QfGTC;;vLZ6I<C6pu
zO$Kb8VGOmL5thWdxg;7Ud#A0uYvCaZ9vm6|UE6=lO}kcd^wW1O>r!z|Mgz%qfcNN^
zzCD^6cf}p)tKapMneFGyro&=UA$uI??DU|t`z#}QB0>!^cD32QFRguL-Cg}v33hcG
z^K6f%t1Y6Xn!QoG+9IY^r`W4mU)!wxB)gl{ocD^mq1u0O2VgCSq47Hzo$Ku5UCp7h
zGqvjh>|a<{j|9zoSdzG=4EkHb5wKe}N1Ht*=Fx)LR3gp`XCv<V4lk0I<6e@&SXh|`
zG{xAks2HN=!R)m5VQ(zP1~`}rC1MdoN^=bh=6pW;0#dZlhyB@i)`!@S!3`2htX6b)
zfeDi4SY9e{CBacm9b!>67fzB~QRt(#McbY<$Leyy;H`+)kXIj_3fxDrBF=&`%4}d3
zSn&59;>+*B*W1K3zZG0-uog~fvEP1HHtP##Vj0_%gxQrBV1soR$3w0<HoG!$dd<yf
zs6@rXDnRev!|WUkHyWUJb9Tp}mYm(E#d$Ipu>LkNP|8E$Vt9y2Y!dR2R9F!qnQHP*
zCeIzvAi2DM1Ki}he;SVx0y&5fQ|E5xW$&nU@{QxP$HIeyS|zSwtw?W>@WZrJam^*k
znI2wpDj2GFCT=H65@*4HC(-`pNa<G1=;_AjN$Dmtg1SkC<#2VBcLIuWhaxWf-fVU}
z7iMt`kQw%caLGR7LWES2av>VZbmkh8=H@g2PYv&c%Im>q(-lvN>EhIm8vmI~HJc^J
zh6@6c`m<!;unT_9eIm^HxW{xc_ps#Q7SxV~*er3)N^F;FB-kjxxa<7;VOlh(ZL(O8
z(nQn@_zq>jSKZ=(U)>0MNm(re&MJoy?`Nh29;f|>T)$t`G5&K?+3>USP^jy^B3@7&
zgy3&&<A3bG9{-Hn82=0!|CzTi{&`*1QEwwg-PU-MV9CxkQUba>e?wx+5v-buj2>SI
z@-Bx_Af6#TjIIce$k_!DE})!^0pk+tYlIB@VOiMJR(%GY!>;1CU^~JX!ZnM!fE%&G
z6R|f7#~amNMPs{c$p5xHTH)xF{$AZhP}A)KYt`uEF36$CO$D!EmdfdbG!wkqL&GE^
zaisFc8{&~@wvE7*ASgT8w01WU>4GuLY^o89&SJt@aJ6zwuI4udN4XN`f~w#-FaK_A
z&;IU_zz^gcaK2cXb!0n%;)oWq!>k&#miV!QYg566fi4bE)dgo~AIatsZP~0^*EDuY
znC<n=NFBI!voj@~$0J}f5W~q=gh{<NU?E~rTcnjk9QE;By^>@=NAGm8XqtgY?aD}n
zy%Ue@En#XZFW=+)<?re|z8%5jprP_a+|*fffO8A(q9u5S=i?bZl5t_|3_t5`uDd@k
zO|zdgn+{p04|W<mns=XJ{LvV*qiF@QM}M(1doP^X&Dj}Rp&ZsD<<RxF#TUJ49bmB^
zXSL+L<ra1OLEHg_5v3FR8anxJk-R5%8#u8w`$slxujt9XlCy$JMgwXz+mwEhoJ}8P
zr}wUCG%}S3%#Fr=hegt>h9{#C*CZKMFg9n30l3}~b&tqj>;B6TVXJv0<5Ev}hvcn5
zLvpv5pW0%!A4)TwwB|Fex|6iq&AQ_0n~q1`+S?ruv;82eg^fqJZal#MTQ?vzK@`No
zXGCs&Jj6A7G{d2Ee6(nLPaqXUhD2VW;c?sKvtP7B-X_e_i|q)aZ8~sU9ht}?t*iFn
zf3qN+Mv)QIp8SoA)6C>lbD_t;o~6Rw!eD22leC_YJ)+sP*CGzMWHJ105&K?Bvt1F3
z4jF(?P5cX|zr9p$u@>(XE%u`r-7nLpKRoWvy8M)E^tWQG%|JG9b73(u(_zVw{zKCw
z`KR=DLb9nsbZ!B4n*E%`{udztG{ye6Jm}kYsJstDTRV%%mG_Rh{aI~uw~IxeH)Nch
z{fxQfI&0~5*3x6p(t*zI_eq<SmP(A@V*BRHuOO9|%o`Pe#c)h4giN#8dH^e}N0Q|h
z-|{<E_At;May-p;)@(mB^G>{lIc2e*md}54)dO>wx7Hd4C-lFT0f#0_hW!JbjsAql
zDM@DgVeA>#nHm&nz#mIT#!JuP#<~|MvB4%AcfecYtXJJ{DF?j$cgfj!hRcG<yit({
zsolMkO>PR-N<K3#+5U^G<{B^b8uIgOsi4F=vmtkrGh$Ob&;*aXb7?%c9X9M&hj5@X
z<WKkkt#LKJN@krvQ;Pi$MpUI-J5jUt`4eT|<GOm?yI$0Th@CY>B0J#afs6=OD7dZT
zy>u`3Xm+H+rHO|f^GbxWG2gcJYA_u<O9}<vVPYAjCNXW#yPL84BHK{N?mrAeV3J#R
z1_eCgfJ_bl$OOz*OyEg5#Fl4HILyv0`Q$Sg1ga$i9RdzVGPq$+dW`LKW_v2c8wrDW
z5n|DGD8o}u!70i`TNEC3E{#1N`Y(&NdPs@t!(53mD)ze0<92yW>d01rv{sq)5)-$I
zERCTk#z>p(+s!36*v!9SfC*Q)i>+~EjI_?X#(!dK{1}ra*&08_CaU!=Hp5Rs^>X5B
z6j$8AU`yr*9%K(W4+Azb4b(itjbStI#L!QNVVZ}1eU%Nu0c#jAR$niP7t#zjpru2c
z#!B32u*tT@T6vwdoy+LA8eiiI#McNHZQ#_L(#y*DP}}qx?<|v_KLT!1*&u<Vp*Sk$
z3X2nvsjxVE{QeP4yf()lG@z0aCzG>t>4OHm{tR<JuD5@PA+8CHG>LISJ59#)T;R-9
zwZcplCMQKpcA1;V*DwJN?54JaSxj!L8O}Jm^dUA?xq|{hvzm(@SfXP}lGJO8lxHIc
z5BpVlahw6?E`Z(dA&1B2I_limgdg}$JgAhv{#ejnZihg7?DUOlZrVlH1ZU{ZZeAp9
zOUU4~1sa?x4B_1xB9xa}lUPON_Vip*x$Wj!PfV%<i=Df}W%0W5d0k3eG<2<7$6f2T
zGUBeDx3G$uy&A+_>(qW*NE|44sRPN2VQ)5&M*XND2)<H|a>XQ1j_ZM9A#DN>GKxo4
zERT)y?haZ8yit9%6)EI{s$O(mDpD`1o`Z|PyonQ4jqt^Kq{asS7DZF(y@6l!L>g)R
zH{K;E*YC?8(5Go5X4^t8tV)8md|1x;ez%vPW3KfEtPxS0QlzM`$4?q>9X~32JgBfM
zlA@m<o9n$`OXqY);H-HUwAg8mHI#7*)y?2%V)|1oqBw;;)?UoOmgL0!Ea$#%LPm~q
z7DT}Dk;OO?M{pDuY%qcEJoUB)M~ZtuhtVKz;MXD){s9u!vk{~#9~v~db7GGGV$xwC
z8y6ZQZ4dH?>|-*Yb*|(kkPN(@7AM;-dem<{OprG$RHz0|cTV%Zpj)RoOhdEcWp!G%
z_421PPgH2cqubqCD(pSx`?`!MXYF7dkNkI`NpP2{W<yHuHh#IMP7)=xUJgu>9N$|y
zzzB3pXK{wcJmz~de9%CgWw^Y3E!q3Dd0%q_5b-|U0OaTfVQPqmI4xjWh%$S%Z)b3H
zzr=F0@B*gUGv_k|Wqrc^TxW8A#o&$(3Z4fhw4==x6=Xa64qr29FUx1N*Jid7Y-T-m
z+RR?(HnaAZFmfsRz-AGz!S>ld-iSwnz#u~Y^(We9z;Z&~${)ZALjG<$waYIV<R#A2
z`=x#Si*H$A<0H3v)`%G<LTkw|q54$qJrU5=%6bxSof~~OzSfvf7uF-}Jspf<&Gi0-
zV4vt<9};XW!M@bNJ|oyW1Y4(reM7JUf(6XiG=^Yz>tNu12f~4~_qhWWl91#*2d`?H
ztLE8w=a+yn)7S3{_<Ht!?40xKuu`+G($paBmAqO(-l2f5Yt0X1Ngq;459vzk8RYBs
zHR&LQzQzgCp}-`#h9C6xpep4V1@NG%2RL8(1?%6S#rb0vL|5{|`BICs5pb6J;e4dU
zc?)nB`r*8-#hC^;_7m9VFV~I_92+Zu<wA9}w)Yz0Yop+L(=V#jah@oG><OW^-F`l1
z`?WYHW-^>|a@39@ikj&tYC@AQm|(4SuoeWX{1#ztbg=sf_9MYM>tOA5tyHJgj-$S$
zHrl5da1)Svb#K7s8n@5)(@zg-`n~2w_UYn-*h&*oR8L0{SWoM}A6!Ld_YraleEe{g
zZv`1wH5DuYoc?~nt<tnO&jC&^Kb(iPIFA8NXFr_oTAVn*xgX#3cs&;5+s=PFP2J?z
zCBgCB1vbId6<0kfZ??WT76#;@HE>e)_nwrg`l_y1QB}w$l+S>WTveVxTgL9)dMa^$
z5$C_o!}VjGbKv_zeAD}%`z(SyY(G%c`&sxc(eDrUv)_sAx7l8*9*sBN;@9WUjH548
z2<-f)$>%WVY4Buly<HFWCaz`t?_&B3jy$$~pglcEFZ{Udg~)un_9<Xq=W{P}KT4=G
zo7Wk_>&)(U-Q)TolxiyU`Em%O*4>7^0b#xyep!X__1(c*v<O}S*xJes*@LSG`{nA)
zqpXBOxabNwh}DEeRmoLvYPf~d?BQ#JYar1Ocfj>Ts7eI}bYC|IvVw6E|KSDVNWKHW
zG!9H<e_hvEwQhK1qM+-Z5EUKG*Iv}toP#yHI{^aNJItYG09z!luGX{?KkdfAaR=ZL
zEcWCFI5wsSXwDvr4p^JHp7xT5fEzZGS3xhZ`dlWUu@R94ec@iLq3G~pr09NxotHP+
zOlVEqP9X+9_|&G*0aoGi+cr%&_E&A3j@3ab9SF$N(vi<<as4ZZli-mvY&5dPRlXzJ
zM_YKD4KlC6P3zDg{XA*M+W<}~aswO9u=g`)hP}o9y8dL#%N2=XX)5IEuH@o#f&Z1e
z;>>_CIJAgtPJUgau{qhgNMm#I-6FC%`FfG2-#%gw$!iQQmqAcQ-tGM<1o4T;pNW4c
zHQNtCl}|Cr2j14;2ZuP$4e#e3gTA%xi>OmD27fE|;DYp*t_0|r2bEquFW;plFm#b-
zV5{U)g*32(uc!liUfx}(3@n%+%bN?S8VtnoO(7rH`oStO2zaMZGq6kFU;}&7XK<d^
zmNSt(xV8|6>pT9pnEzet^JP+@W{N)uU(WEsh~yYJ@J$M7;6HghxsL5gDx6^q6U3sp
zAd(@%<WC&&Y~SZ4d#&HaqP{TR4o5teI+T~nMr_4PIARzt1}a|s5_m8lao@@3^IR_+
zOvB{-m&j)<U!H`lJ4E)fd9yh@2`||uk0GSN{74?~5)UyC4-dVh8Sc(6Q4D#!#xu#{
z!s67TE23?TfudOtN8X(z4X&RpEL#AB8}fRM2kvLiyAllQ6ge^*33dM)dOw;^Gu}TT
z2Bm-Oudx0BApkoSJl8&E-?{H~eL(NL3R2g50^dYYI+kb6CekteM(%8-7qVt+vTZy)
z8)jBsV|7fQT3F*fT)$t!CiNVp9#(}rS*7B>*_x?W^oWr-adu4Qb$2Ja?{L?5hcaAu
zANZ%CLMJNqRTXXCKhtbi@+PxytPKJvWp}>UR#n!>n}5_uQNJz`R3`;_ae*d@ii1C(
zv~(`rh?A%Juw+3_w#S2t-ufEaKj6dJJiGff*n-A(yzcS!=bwFME)GeRWWOfayBocs
z@5UG<9{29Whe@+YF;p<_-4A&+Xp)qHw^G166n!JmMGi)1Nv|c`9r?$&@Ac1j&g0)%
z{@eI>Q%!2|ikJTiZjWd&j`Z=pZ8;ZwZxf9`YAjdke>)!T^b(DXBP;Hz4Sly`1;(^H
zQb;y)NnGzBas695*WodgpEybeM;XacvJ@1ajuQUnb69}_!{~7fdGSZ&grz`EQzNir
z%DaWj;N1)9pb%M`N-D-ZxP%JP*0NV2XsN`aO{gDWgQ*R!Hed=@etqxtDavXst)D)2
z)Pxc2mCl;;tA?aDmvruDV~k1UX4G*B8u6RKEjyok7-3xM&?!^sMrb6&ADBSDvmgeG
z!Q#v|=0h23fE~sH?-4W(SYw|vsX=!zCahw5IxmNlZqM?P*tQ}0x2)xg9SYRA9FG8^
z()NxT3eG3=&f8WR1Ri>)(-eBth2C+l<aXlAeS_IW3aW>}d3ja7H~J2QtcM_I5Os%?
zNb?0UH+|(J@?iO6z7oJ=|9sLPC27<kI2}dX=ms#PFQm)MTVSBE7JOP34AzEPjQ^-B
zpEQ`9;j~<SI#T2L4esj@D~Wr5XMp#2mcVt2lKk7ffxN$m+<}v6KTRf>Q`YWq$T$i?
z*V@<7eHBhgHWk<9KupAP1-T<lz>?}<v#C6Hr{rw*{z1};N^JbH?<Jdz3=0NkB&Tnh
zR~2QnF|alS@b^Bd_4n=xTiMOyx7EnoCu96J>`nJ3x+z8Nm9dB-xUu!aI<Q_Qxzaa+
zbQjR3zcwpD9C?pgUANJrFSiKPqj!a2kD}wVsSy3?`vml-hmK8Q#21&>!~Kwd<8b&m
z)bH^bpT{wJWp77(nxMHaOEj))%_mBly;^R#ysNTFu(~clgXQV>1PQf{;P)2RP059`
zz#VxuDRrsSc8{S>n{0Nx42zh%Fk45kaxmq0uR_qjTZe$ns<X#kK-L1J=RTF53-Sve
zAU%LdZ3lX)LV3fnoQ?=3dMa|immK|crp|A^e!q}x2kK*~Yk@Nri!L+H5wf~;ZqWj6
zwtC;sR(8r<tMN|v2n;WhEVd6Z!mnud3&$#SX9R^BiH7lv!R{;UmlRDL9qdAQw<CGV
zl)4;_1n-bQu9Cu;XsDkkV>>2)SmR;*Qr>nIKT&3DVE>m89z`tLpl(m67UA{;KAMVz
zu0}kGz&_75Mgt=kV{wd*vGf`pYwccJBN_y1L`<~nVLTlMMW@*-&FyzeYmcf10Tqlp
ztw)=DthvM!O2!Y>bTQgJLA@Ad-M_;k4!CGBR9nQp7lF5E4zVXnD%pBk6pt2Q5X{Y8
z&teBF6f*-1ayIQ6N1??%yO7X+jL_ad=%{;q358}R!2Nn`nyJz{1Xzd!AA3JGm4NLy
zo$PsnH9lql^gt?<b~h`{Y#$JAt{A|B#8gBxW;B|Wl=lObsa(^?6vP9c8qF`V`mvs!
z5MwSm6>2t=TkKO~u@Nca8a7wh^!dFxPM_nG6xQB55xk>Hac?|d(7^tF!{ecWZTyCI
zU=4K-Y!Vw-Nwhr+ky;#s64LCa%<Xq*2dZ2wLW?jOs2Vm<H3o2L$AL<W)eh87Hc)?C
z3>Vly{S6Io4$Bq>>V?+>4b&+Zs4o5k)dRYAZL?Yi$_fK@%G#d>3i(MGpDQ>%kHh%%
zSI1{+GZ>%#Y<&9j@hRuya|*@>iemFA3{J?oGxg(>z{V#DCX?B~HuV=I{rEi849BP6
zM8>&4dR=AQ%DS-=GC?^Zn=J*#ty#og?@9E>-Rem+15P53b)@e}1Yvgl&L18>^j6NF
zD{|U+P5e}T^nCJS?eSBa{fw8qpPaDp_^EXtG?CZ_+OAEwd0P|MA)r4`XpbLl3g&w}
z#a4CTR<9f;J9783YXAPl+dW(E^6j2c0lH_w|JXmBv;6zVJ|kY>gV?pJHfU=45*~PZ
zQMis73hJ*7y4nG;=os(v8JIXj^qywtV$+0;58whk61PpZK1zZN@Zj=2UkR$(Rc^o^
zPzQA5D-28s;tmhPO3sA07KRn%DSeQbqGh19jrPhfQS9a9WpxKu&AXyRj;YBs39ig5
ze)ktu3c?{kSX31-jBEVmfGYPbmr<R5dTHI^Yo`6B=D&tI#^Gb{XG$!BJYX}VU&Abi
zjcp238*HP<tL-r8)Oq>%6isxy{wHcEEGm4nZHkio5LGtor;yy9B(Iu65$x`AwL+<9
z3%!1GiV_lMX;F>GB@hfsn#CdM^2y^h9yPYABxkB+4rjkyV7HCls~`$L)#|#(^*Mh?
zYeg!$RQ|U&|JwtQ>>MeEJ-8dVC&BMltu%4-W;tnLhRc63F~vQe=gb7q<#7~pXGTi0
z;O@r*`JpubX%<2Lk)npr0(nQ#A`N5PbaQtTOeE^Q#~tRb=MHfPsd2U>xq(wNUq5qd
z^aSa=<gk=vHJ_+X-lurkRtS4~EmJ&SoGH%Yhf_51j<eEf$je(ru`O#IF($)}F=7#<
zQs<xW(8LuaQqhMmq=VrnlUD&G$ET7p2Zb=6r^;!VuE4ZaEb5HB8km!9L%SCC-ra%p
zNnjmjKcmDN1@kGitm{QGm{?Se(FHmg(Fz31PmmlVqG8vH0He=nJgcntnC($ux*ZYb
zS}zD%{y5thZf<|xYb%EQP*=1S+h7E~HqCzH_RPh^BFMR^nvC7?Dq5!xvbQ?NPGT?+
zt3t!gt8(Q$Fc3Qn24d&se@%}U2026eK=XJ)Ek-VTbBfMh2T{ZJPPyV~G}8CB(HfCv
zkEiD0S?nqi)O>ftpndy%+Sjj9pmq&(w$ijqGW{rt1AYUiDzWcxlI?(4gt!0pg+z!m
z@esDJy)&Lvne={$z55wxXHyGfH0^uY9EPS|cU)zh!6mexgz;ca-X|}ehD}bSCXeAw
zHakNOQj<Y&>tvL(=0yvZUMq20h_=&=J@U6`eFZIA&q0tM;)*VEi`F<_i`MDc;E(v7
z*NpVy)bU`Ym#s9&%$D_I^WsTqSv|-ea+#fGFl?1LY^UW|hi2Fg<bhq^Ng`T_eS6Y1
z=mywmCJDNVau<PPf$c!vLbf`1!LvSgf6b0;K0CzuhrubVlKsO_cvn*FFjsL6ykx87
zgu5gCB_kw9K3}D)`jJftE;Bqz`{c!QUd?VaN)^Si4c-CUV(e!LmhYdi;?rTpkEGQw
z9145^3zXy$s8<=C!5EXoDU_@s3vHg@gM4HJ!PO2%G$PG(PAobG^W*#RofF()r;jXg
zK|}@Le46)F|JhfZ+{lnAPTrL%T6brri2Hs>wQaMu`7>4AushAL*?iyCfu`=etSPDN
zB+5*^?}t?T?z}&Ez7F<D<9vrjfX}wE&qN#8zncxa%+RdD&Ef7PdV5J$@(YaD3`6>o
z4Pe042N+_v*)csFEfB?s7OZQ+zWQ8{3>T!TlTzF+<;P|o5RUOCX8Ue)iL1WZzSUeJ
zH%g1!TJXm#am~+};-t-);>hAlVoot5j{Ot&v+EuhZ=#oH+idd>Qqkpl;MjbJyG<V9
zD%3^4N1}^4##eUo0fgi+651`7ZXgq30E3Beten}vpl+z*8or@A8`(>ag>c1Y1ZY2w
zyetGX<12DgQl2Y|>OS*JYv>LbH}RLA1se?R?T{dunA};k7Zk=7<<NI#b=WP6xuK(#
z(X~L(=Rf>^8Grk2jz79$V6LJfBeHKDVfnfwN1i$Z20BA}nw7CP{|{r|60CVO{v~#@
z(*Hy5#s(Q2Is67092=dDkF56{<k?|29c0k{HmGfo>v?dHo4ir?ARo~V@{-}e9`QkD
zGU+N37FK|;V1^ZR1b%o|_<X@PpZ5R5_%43=zgXX9Wqq3+^(>AASmJWvCI0_1%uPMC
zzw`BNyAfH(`u=uro$LF=THm3cQ}346chsD^*LU-Ux3Rw8e@e5ylN47Zen@ze@T^dI
zJU9&4d69#;Zu>O=&*?DegPlmUO!;?`#WiIXXJSEeNoB|&$FM%(ik&guaXlLn#TbA@
z#`9E!qX!&2PLiO<9-E^i9P5+pDMLr#WK&t*Saz=a+QU;mvq3)j%#!WDy5lilC45~*
z9@}s~<L5sL`ON^p^P7P>#B^A+^<y2CY&t929`f+jP_Q<z%sy%}$n35E`i1>r;|XHB
z(!QD8*f$GUHP%rvjFtfn(o8p~r@m2o>WYv5L`Xr&(GbQ!#^54XIz@OJsO0%O!A$^t
zB=SaD{QV>J{gG_nYqpp1{!sl3pwSjz{{lv%*=eKxc#-<!3ZqxFjmG{sC)%D;`U4mb
znETH?NoU(CJ}Yz`rL|yBC_$~peqiwtnJtO6d|JWW=ceoR_gL@>1_e6^C9F(QxDx|B
z`P-l#$k@i}CQ}n`r5vl%x<6pR%b3`XX~Mc-e#e}IiUNZZbwVMf8S15L+!gsp12IwL
zLi>(!8T>UJv1aOH(^?doeB#mGRzB$~a_1-1c(lAqn+MKK#=E^VAs&qf@&&61n?(+J
z()0p*TJ}0au(q!CQnNpNt9YK6;K6}L0KgM=fXCUTF@CxUd4Aoy#Tqq$?exdlR`D@D
z_I~<Hiy)_dg(hG_;J1l>_k-V^zXEfxata82Y!sx@6Zi!?2+v0vk#xPU5g5djyXGSI
zU9J!-7JUKOCG-|pSa%<Hnme97xF3gq9&vYcw|BRLpZ(#VWOse|^N<@$QRc;XR<FA)
zz4LO%d3_kV4zJ`znr~V16H9NQkN+4?YAPt}E`{X0dq9D?sC%*?ZyvAdc9;D1_;|ej
zd!f57-gV)u?t=I#D3!dDc{+u?W(>Z$q6`l$?}7V<4?iW{SM?`5ZcTp2ZCgBU&4#Py
z`z{SOCGN5g^*L_odpK`n3cTlS-klZ$cu|MLdFy^}0feo!@0EWYbscolOiD{EAqOY9
zuLrLEO3kDDcQ>0#U;HQdb@X*~Uj~hQJewS39SzyZ3j!n_xfVmU!d3TUTm95<vwask
zY3ob&ol?p9MwYmWWc#k<f}^ui#Wls5$>OA9{jr-GSL|wpOigK+X6n`+znEe_QV8)`
z>1obM8ITv|$&Orm=xi1llO}BJglt+>+%~g)zdXDT_{c+u?Q?Qc8$@iUxa5eohUgLB
zEDk<vqy4N6|18b<5vHRemM`kBNS^|#>R|!Rp@93e1)S)u)(c;T(w9JER%3?SUW>c7
zH^#L8vmFDp)dH3>fKrz=3ROt*3n?vy@lteBUr`vJWt4*j!LU6zE5_X*&LfXtFh>^J
z2GmmmVs(5(35XRjZEWsT2unMD@+9@DeN`ykKg8%l3WI~Kb2-}GP+Y2C4|G?;IfWT`
z_)xx`V>qY!Je<>wY&Dz{+qlaiF9K$TC<lSGoV-W`3X{mgZ#vRVDAI<L_s-bd+!5Jh
zr;X(?II~qkBN?G=9(}%1AYId9?5G*W=>AS4#*#4?{uBx)3ei`|ijGakw6m#2XW1z<
z_cR;}J)&QG9M5@+b0TZ!c^I2J-cDs3=nbl72O52@#ABkIYrqtD?Q*gzfWHE_3CL+n
zHUTkY6CiSHj%jl!<RB0!Z<|ay)EIfwWHJm0(}k8A1Kxhw<P|ctf$to6yBAK5dth?3
z(gI#0KuZAJuLX?n1rcZ}<t7)^IoAS^I%<(p7*ZO}&oRcB<ic5r!pz4~;d+%l#+}vh
z|BhKBEe4ze$9@1KvAkvw(r5I5MDy%2Jm5@aGk$kNB}Z9bZ0w?~<j6yO5s;@J1i8=d
z50}hANY!EZpojK@&mY1zoxg(tI%@&16W|Z{!l(tzP^!Sv@9a-k*iiax=*kDRxao*H
z2g6PGnuE71sormYPW67f6zYl8e%q7?_^>U%bx;A<Oqw;?jiG$h*1MU2zlZ=>znbv#
zi(y{+5$2u>1jy4a<50C?C_8*n;PW?3)JnPcMHR76pn4{n)b5a*TvEqB0dV7V<F7%K
z5i##Utl>K(C2tTuY{YF#w1J8>&5@Z7X*E*>aXzSOF<~1dpkigO>m<-c4Deyk6;f6M
zIfq*H4Q!A=z`Z`i7AI)O?$H$N|GYaHx}>zt-G)6~Zo{6Uwbai^!0x=>#&<eQ<VDIM
zM0rtvkG76;{k(Pbf;u`t9gUQtVzouxp8zXFY4glPOjH4dd_sj-JD440?W7n=Ku?GJ
z&79xkwG?FYkK6l9MELekpdm*4?Yr@qX(+)^i?@{OqG7tKy$e!9cm8-)P2y~^j}`is
zr?iO>T&*Z_=T;l=hhx3`;TX0*9`u0h8X9yT>}$h~G3#2<$gc0iPC9ws^s9ISQEx#k
zY^Glj@~_dp$gzMtf+PPnKi0>G<L+xDr@~e(Ume8QNW(RclJpPv%-8>^?3s>#(!JAN
zT5#qQN?yNc`Kc$A<VNXF_-9B;d_u{P-1nb!d-6jEHHSis+*<wk?k6ZS(tkSCmcL~7
z88qy({Y;j<X2v!-2INbH`7)Ex!Ek`v&G0voc#*N)Z2y(9ENRYf3;4-*r{ZAynpr)W
z$K{R6El+ASMm_ERG^oe2&PXpDa}iyU+l+v7mM)W(V|I+sF>6s%kPkC9-c*k&ZN(~O
zXM8?XoLQ07YT_tXeNOJEacb4`4cY^C45;m4;>%w>t5jL!b2=^$csfG0jg(XVLkVm+
zb0Va5<0oZK9+5N33gJiD0iVU|wb)Nf_H&e^#6sDcD}k|SD1SP}gihpiu8#qy)es}<
zzwMOPuAH0^k&py>hPyNPo5PRkpYB(VX}HT>H<G5QymKZU(>M?B&my~FoM6qel=;^X
ze)(o|dQ%VrxaltDZ=-c@7xA}x<1vhXJ-al&ww0~Am|fB3maB)aBL&w}H31iV2`P%s
z&W5Eu(7UwF?B#xZ`MCGxW9;P?d^ytlas+$%Illa-_vLu~`ZahI$+0&ZSJx%KWNTM2
z8OkX+62LA$@L3M_3@}kpU_JN*2OkCSz8ZCBz+rkJQ!`AHGL>N(1HTy4V;M@h)4f^J
zBjkjkYT9%Q-*q6-`4*6DS`GE?B;i9%{JOW^P-Q2H<y%F#eCbgW8Z*Y|^`nL53!t16
zV{1HVrkcF-Ft5h7)od~AA5}_S^(bvIQrlYYZ};>2+Z-<86wZoe!sHO}$#M3_1SBKj
zmPj8RKg-=p8}E%taO|*2=`}7^bT$ixs3fQ4MbD!6rm!h_BBL0V^sG$e=ze4XjL2qf
zYIY1z?eH$XgE2lnqjy}<Hyl>x5&5ybkr3HnBYxFfjraxf@kq)3oBTSH$#_6<v{aUt
zryws5@pwmR;vla=H`y}GS{<WvNzdoT)CJs_8f>z8bm7WPq)<xd5=b<hC5X@1e{_k+
zywDx*zM?IT39>4!6_LrVM;>>Mn1fl!;P%hKI+=`}3-@5Lw0SjqqD#5}DdQ7V=W{#R
z0$X_IPEdE@jW-WEPdEGvDcU^RnPS3XMiaS=&m*H_Ct=I?U+gZpGc+}Zp6r~CcXA0(
z1J(Er#U`(yyKt(3Zpv$~K@Nk~L%LH?b7bK$!t<$FD0_1O?T*WE_h7ACA$U`wawBP;
z<^c_C92lv<YRqRl>G9TSg1qRtu3$xjc-9A%F9LeIPem0S&zz3>s^>E()#wUe)C~fq
z8(k)7^n`S3Hg-O$Bpd~(CO$9EDQG(4-G0M)@<7q{zHUQ?H!Jy@81>B>-B!-t6s;q#
z+fQboKPm*E@%p1eHc`${NfoK&FP+*-a3xTx&pi6(E!{V`)fe`Dl3>L;*am|2CfH9p
z*j9qwH>376prJErPub~u0bv((urq?MKkX}A3m7X;>C3j;7yNePPk9>Xd^sHu-u6iY
z%|}3-KU*y*2JmugYQdYJ;t7B^yf(bYRJ{Gk;KW-S-oq;1D!_~NYru;)6omPJFp08v
z?$@8Z?zW(~jI6!}hmE@z-@WtYMkDEjVf(*@ogxux_O0U<+RR^wR`>d7d51;eHcR=h
z2zfn6e3T((E=Yb{Q3tZcwEkWuI^lF@3_plYeWsD<#7>nA#^$j%iSZ<{gprc$*)8ld
zV@vkgctMr8ILIYT153G=$%Oo6G$Egk$BR}4X>s-*%)VF7i**s+a=@H?Lmp5-qKV^G
za19tZy3u=*BXKL}2sgfJfQWz$0WT0c&hZ+Sm*%ck^mwd8w|MU_D94!TWipTldWI^*
zcrq6#nJ`mE)T=Yu+`gx=*ab>^EbMsXM(p1Us#efB9pWCdZVT<nQ*td6RK8qI$u$q(
z%>i3<CVrt!`;*i&-PwTX?@xUD=N&8d4>xZ=3Z!rQE|hl)me_HQ*SftlcM}`0supa#
zn)!|w_LIxP%G356_K(H!Z7inP*aYV2jIFSCU=4IP5~Bn%eW<avFgyCl=O=@Ga-N(0
z213%O)Og&7pVsxie*D4Hqy_ghQRdtaQ?W(+Nf^ahGl+VlEui|gf2uk^l=i>5r;bSh
z?SBW#8CFaCS$Vp6wVHI1v0h!T-2EgS+5PaK>(O!VP&%Q|pX$x7`Y=n{+q{2&gci8%
z)^Q75`*33zx4w<=TGXQmxU4b~%HH{_rtE`@y9#NJjW8+G9BaaGII66zGrjt;hoKMh
zUaSXV6&sqWyfdr}hqjExi}7M=!Y5>n8^+|J9#9pUdpWF(OW}cDd~zk$$9SjzQ+~uH
ziJJU~5p)3moemdKrLpSnw*|Jo2mZX~(byq|$uEr|>fdU~_N~DAJR_v_iqRH!X?@9_
zXp|}j(D_KSL~^`}(}GFD?aR!jU&WU{M$YCh$y8$P0al*tGAUv-C4!S2PKw9WlnHqc
zS?te;r5SEm?EegB_<2oTgA5RJ@hn7ZgBWm$fU1TNj5`3f7m%SA?nYtF3u*RtX1s_7
znK3_1@@(;`NAdOeQ7k-<R68;H*62oWvTwFp9MNf}^Lgul5e#5<w+m~i@mi@}AhWxs
zZ0cT=OqZrTXSV-kF<h8B16)LB4Rj`+1)}8gu^2OXuzk#5LK=lS3x|M;=h4{ys{HO4
zh(gHC=gmV{{}|3I&5-Od(2~K<?6U%7O@pAykjdQJ4H(2+vhSw4bBkEtgZ=jGxU;$n
zXU%uNjRh8#MrdyioxPuU-6F`zZ{WS(yKk`HJ=kxU9C+o%zHlVaRQh}{U4l((k<9&t
z;e4|=;*-TS&xRKr$ZMBe-ap*H_9uwcZ*jmfXm!OxcO`M#<c&s;2QY-91LDGB<%rYm
z2duoptHINU+IKNF@Z3(eibsdcmJC}xN7>@uJ1|Rd_mCWsY?~kljqEY;f*2kwHUZz5
zaL7Ppw%2nvlh`t46gQTyr^O5IdXl4_WUn9Rtx;EB-Sp=LaTPG5zvhA4qrZ<2{cZi|
zUpcyN`V()D{uWyLnP4Yp-x-kNTIhXuho0U!W?y=*|D$et=UM8e7xxn&`C&%#<Zvc*
z=RKWVJ|NtX=7=Z36B2X2)<k8LNXOi4qA#O#cNbEu0($UWdIm{8mCa5FRw@Yf-e$vW
z*SB}$c71z4l6>3S=qBxbXV5LQSJ^)kXrv}Vvqc+3^x?x*uQuD1vZZ*MJ^2-#W;Ckg
zgTxOtbn1y!4z+Ok$D@$~p+N?|HzHWid@FF*ik%biVEXxeI+()Q!Sv2iI+&s<zn95l
zouqdY!GozTe@^fh>2WiE5eV@}C)BkbCW;f_F2;IkV|i>~Jobfmz!J1u6g#h`o?+*e
zplWA+d4^7_Gfk6)I`)qrefE$3zT?|zWZmPt!Ti6iKg+J$S$~6l=<Vr8?~D<3)7$8O
zq&NG@?a=%A4|;mvNcE-nr)TS?cer%R>u2_v73i%OC9au3D`-|I6UY078!+HuPC7=i
zm7M7rB+AYHj9h;6NmJENSvl!^<&1=tlcTJhbosSIkpbfRJqQ=(>|+ZAZXIT<uW0kP
z#F>Pox!J}b9y1eiqmG@F=Z%@!JQO(k(P0?lQepO-lTq~*PM!0`GnC@902dZSytRix
zu13Yh9p5`c=Z29Qh{8yQ{#~CQLI1%OBnG&>M+FNcgcJmg?|qM6B^Jdmzf#_AGN~FL
zH3K1QR<Poqe<qf$=VR!4e&X1vQ%8*(tIrQL6z<F&6T&cc9afrcl&D3AhR0)CwhOuz
zc{7)iCM)z5ZxNY@h2Fy-!$_MCN`6fBN;)z6t2pMf7L6~qcq0v5OTZST6HE!%fI1+s
zir~#^7OR8{ojNvm+W65vErJwZG*<I?0oh7?gofCnl@tIXz!*`=v(QrBgdBRz<B$17
zd4YkC(Oll5x%7SkZ_%PnnlWlmEh<)8w3W9g0$LQRq@C;6RcX=KeCyarQ^!wM(#}ot
z#y{N`<Zahh-mU~{*Mm<}yLQ#mu3glSgS;UWcQ!PQKk|637nF8Y^LAC!dx0l#+_X{C
zu1DgrU9n0m*AS&C`CYuRT(ied8apC0KvN#jGzFcuAyf%9CF?0_N>WhZrr>*L=%_o0
z_H=s8<xSyHMMnnlreLZ{)|4!IpTnDS`Fl-M=Jdp-EaMSJ|7=3nP5J9#b67XbKuXjY
z`Pnga;RFQBU#9V>Q=koAo~DUfvnUN>L{-W2(@6Q0FWb_{azuZL)Ds7x*<Ekb`JK-C
z?%;kpzej>yNtVS_X?;rL-<iL_U!JVIE&tap8vo9bVAHpTZF%g#UfwqzwqE7Do?Qxi
zv)&#tV;m|ZK^^K<NJ8Sl0JmOyt_JjNeB)Zc*N<G+zE)ER-gP73>vGc7Zp*COOY@$q
zii2cEXOrLx^9%m>5?4G1%kh9P6)&nP<lm29^ME+34D%0zG{gM;Ak8qZ8brgqVvsV-
z?+(H+TkXuy+m-UH1eD(8%1<fGmbcKc2^4D!>@c59fa@&=g%?G9F|h4HEhd2%vrJnI
zk`t*GlOW%fpfTNwc6Y%7-Di0jm*c67;o35=6~D(TWhBWv01Gr4<jS}yUb*`E27j@$
z)MC28<_BXYP+bqUC3K1nH|FzrQ*@uUa3I8+I-GajJ(UPqfrOlwC&W{fu05Y{LeM@D
zX>i*KbsncVDW2lOt@uQx89KSWN>x<6;$QmuP`VlVtU<EC5!2-Y{&KPQ<%FTcALPr&
zdQuRy=Ncq?{SSTkp%OhmbSlx8AKLI(-TaW{;alN{h7Hw75_wM|6PE@|94cSUT=|-4
zb_`}rPm9#J6Dqxm60g);kCb@yg=4->|N2wzJ`Fd{b$8Ef0sC`Zdv_H3$WOie_`hK{
z;s5&FD*vaI8ATiT@^ZPc9oXfNI+Knq>p!_9i3V;xhJ<M1sp$2a7vv4kf?!GCnR&*j
zfukFJqG-T3Ob2CWnOa3helnuEvn+R&pOon}YgP3ln)$KGN4|c@x4+&QT6ceS>ixg*
z_bcVw;qUMCq4$)@m)<jv)=lq>#M__Gk1A5J#j%$3;>$=cUTN({?TB!PbA2BvVJksD
z{;<3=L(z|;k~a1!(2ob2$hEb%%SL^B>-n|!`Xe{dfAsqA=JSWT`K;(cwis09Jt;OC
z52xv>o9;tso{wY53w-DI!Kc0RdmzNMVg0iIyE^Ce23GNJ2E7VjUifqXjf!`!*Cu~&
z(D!F~yr2Fn{U-Xahi*eYj6nvltHm*qNm|cjBo};7_7ANjM=Do{EV+X<EKA@Dk&RD5
z@8qR}CL!o=x^Xy;q6^?7!yT*SN&oo)GHLQPX*j{d#zvbRsXVR`x1E3^r`0!+2u=5~
z;)n)DHJpOUFaZ%Px$*_gT|Ia-U{HIK)ItZ}K`drE-P0%2(8xEQ?8;BHq5T4JjL(K>
zZ^V_i&xBADEe@2DqBez76VKmIjJOyc8qMkxn<RNfq<JVJy@=v$I*$d&4(|wbb*HgB
zIyfFr_6!TDtd(GL;D20NPvHK?&d_}RI|mwV0C&>@ff9#k8xQ&4zfyT_k9=20liDGe
zi<^rPqLLIn?tT**j3p_u#OUn2F(~LoD!IAGPtu8fJ8^Rvi!w#AK*Pwzqo$zgc9I=9
zHpeSYY$X}?XD&`qHipol^|+u!O+fPvMH0s3-SobiH|@hOHR42k2W(o5BJss?i4Qdn
zk()$n-y`>#gf#nkYTc+2V8k~Oa*aoUm~I_4W|Vc5u61E(w0KqwPYr`ydEv+>&f}pU
zt!!dPLqj{Jk;I;WuM;4n3ShFaXAO?PCQ*d{(D!(QDHU>PUqzfEkq>x7jI=k>Kn)&A
z@3XjwyLy$y8)>h9du;Gx10TcIn;KFZCq^rxVAj}CW5(u=m`G_oq9%?S?{#8GHNfp0
zjoUKb9Ik*EZXsE41vN)IZYzlHS2*2k>9H4oEGBZdD$Ur%o3V@D@8``p`-P?%vtmqY
z))GiOQBPT;uw|_KR3I@hNq*vS5(9x&`O}AM)DWEVl84Di_4S8IBuJMX5Bsm<yh-5j
z6;zAqU^ogoF@ozEomg}yzHTeH?$wD!BED`XxQ^*wH^kQu2(IO1QTX<gAT3$E($b&+
zSp!1Juy``!CVO#{*vqHzWt#V;MK4WtP;ClbQB0Zww`)B@Dz`&PkhcOt&uhL24_#9P
zwvPd!<28@stClXO_EF3@I(8(UKU%)8BZ&v=YLWzw7%eyAFPF2IAkDp_0QqQL@2wfF
z^Sx=bDtjxVb*MLwl7s0h&&%I;AhD^<5)whY1%1##F+7yyMIA_jD~A_F2*>5F7Bj5_
z2|b73(G-Iu3|EVZmD4+zDB^>=J(lIZgl=}UpTL&6RQ;S0eZTr;g511=A`&&~Kvs_F
zX44UNt^@nknz2wVRDFNp7VsgHFDEkD)pRZIJapFd8`w###`RdEM=onmMlYSc1Vi_H
z-d?F^d3);T#2eJl-PvF8zxI(QR_pnND_#Bc-_lL=-`)N<{&>c=+u@J9_|RL=kKUgK
z+(iC~yAA$^EZ(BTHT}Xtl0MINgt;lkdWs61*oypg@=4qp1TlG(%N!>c^do%pbvp*6
zJG!rs$8<-NQHU{)n(_#ZHD`T!@4Ya3$Jn@X?#E&}D%#o_1TPDqvl<0^g8Nqz=Mw{*
zP6XK^qA!#kHFSy{yTbi=?bwOKNg@sht+?6VI-N13viJzvA(FMb-EHlpdYCyBWjRC{
zt`uzzxC$<du9vQKrNn+2Dgq=Yhit_dAvBcRRW@$kfy@rsdyi^12r9E|)r||DrmGt?
zmNgq{_E1PZjOH?WKzGShCeB+5VPC*DJ-MPkZl30fdLhW@_iv@zZpRISjWXZ6QBG$s
zTMa|q8MMg@m<9Pi2ryR*a24S~?Oiz(VNM;)POu*d_Aea_Bn$nX>f$=CP<bdDa@X&E
z#&wrfgl>Rv(huR7iqHfQe)dE7nInYB7g|7YcRz#_wS=93(1SgKrV&P~9-H>4ZG@Ge
zyCCG(g1y_&KJ;sKlGh?TA%V8*Fgdb~vL7|&h%2jUKWe(`n#X@XdUlo1eOyOB`M2Lq
z<loM>ydOod{m96sMucWRVt>MMRY_s;sO`8lMfe#X)PDc@`4>L=h7KC~k^Sq$=?@<i
z&e|Y0@w@-*^uO(=2QSs!j=sT%-c#-U_W!;&+5c}suWmoZJcVF)P!Ba_cFelUulcx0
zbg-E!5;eYV(ThYgf-xEqe3u|ql#zH>roG_XkxUX%lJ{D|D;6<1CG^Gmbo4{K?bkx-
zH|~Z8IFz%XC=9s`tY_|r8fhpb(&RPiX423KLAg}n($E9Vyq79B6@<2-xm#PsHe7SJ
z(kPkaAc~dXf44$$9YV+QJ4q7CLYwnPjh_$-LzH)Jr8YV@v~2NmjWE=qwMn@IL}4gG
zd;L{U5r$Hlf-rREmW81j6dAgtIcA1??fbKhF|-QWCdKQnE7>rGE7DIi$qD^<lPC{b
z=m{?FX&jL7%2MJNVG_OP*OEQfe4x3qlv<gTOF`^gycEQ{JuU@}yZct8puX6op3t1R
zygAV{Xiq#$LeK);-CmA5XbY$fNBIrdGJ4$2o3w&RUqww?O@b0@(pq}Y?<IR2e_w4<
zm7Leoq}&IBBoz6#1tp;b0A)a$zpo?&Lp#LW6({e<-H55iJP&VmBc}Ra-DsCikmq)*
zMFfKNTDJ%^F|Y^}9asc%2Nr=orh|F0rS5nd6SxEuBDcF64BOENuMFB(5vOV2`Z#Le
zS8+=FR>WcU7xx2*UM0_sB%$HL0t$MGWlW9aNkKqL$z%^~SF@KvgmC)|V}!diqMes5
zk(!(*Unm8rm3Q`*5+g@PlDrV%?np(sFJdW`a=l0r7$&I&FoG|(R=<svPqbD}&fi;;
z#E?J|1H{K}$s~q*NZ+l<3#GAKUI1}sz(qJ@vBvLs^A@(I^Y{9Em1O9e7u9N}BEosO
zA^Wy=`<@m0^P;)Y_q?zq)_q<aY;!C2YMl4hnQyiCnr}t&*qUMy8Z@Z!%{6+!rtd{6
zL4)(|Wu27a4My)oMc@(nkt>SjRs`v_xZ?3iQS}?uDIU?6BtR&K2<{^VlJQxiiR=IB
zh|j<l?2}h$!Nw5tJ%pHV`Q6m6+`r*+7ymVBHL_KbYxZ?L<VQco@7=(qDfOC|7&o8g
zt11*a`)C1XZAPNxa@GazHSPqJr5nr0L7zT)?B7!HzDR7TOrUNpX@>o9PGtqd<<|V=
zH|LUsK=(5r`S45k`RV^nH_`t;a9jM+{R+QSunBzb1#2UPaoST6NDy7%!!P;Jdn(#*
z{@;Y&gZKZx@uwx5Z<{}T_Cp{3I@*^%otIEIf7<FM^y};|CEWrZ>|Mak3)b@m+y)nL
zZn{*sIfJImLoaJGM`#Q%qq!MbESQlc5hnwC^}uf<1Ni@55d@7{=9UW<Vck%H-$Eqx
zMYGIa&yiV2G+Xnb-;!BJESO~`fLZ1^f3wVRt-rwS+G9p=d&~)q$R0C->@j0WU@nV}
z*O2SD#K^TM<l2+F3T{zd<@@C7Q#BsF@usA=1R0!K_epwOjZAf@Av;Nb;g%Hzo3D9P
zSF7U>(w21Xw7Q(5<sA<Se6^?CLks)h>7+XBL2KUku?KDKyIxxLtb4tzjJmD$-AcL2
zq^tM@$q^@;zYG%mS2n-T^jRN1^!E3oH@nA8?B64ALa)wWsBjY!F|$i*9K^2$|0Bmt
z$zs5OQM;9ZQF8#vJi7w+a<i#)#)0I*jq~ukc=}H3FYTB%(qgEQ9K9sR&@lPM9!eSL
zlvP-f0R{Y?TsSjCnAubLTK|25=KJ2t_x(eZj}K|xsTTO`S5eyiO5LvH@;d@;RsQn-
zxn(}{rKRuwbmqaj_oo@HZ)<<;$myl|GWrh5Q9uTIiCc;GSoxJN4MHH=1NtBM(BIaN
z{!TZce?zNVwCDF;-^VL+9`3Lm`D{zNW{vcYr@|a~hDI<xC>of=)B4>*vDNn<kC{vL
z?a92?cRdX6R`+^1)3WaNNRIl_=pl^60!j@MveofKBeog2f-N;3wjTWBuRBC>O)~0Z
z{~e0@*pTvM(8sd>SL{+R@*D;G`R^o94Hi8M!hRuxWGHv3&i)ic%i`=jzgd<5k(uhF
zYQaZen;d3wBycNa6p7`8P?Nxz!_nEJrh*}|#r`K)UD>Q4)Z0%fH_j25hK;h>hs&3z
zMS88jFg{)^R2HFi9B14j=^ns>S;_RJSQhhmV<@-EYeFESVQEEDOY8W_lNc>i$Bwp2
zrv0L=9$Z55U?$N-L0Af7jyDGL12c@Bd`Ege&UkCa$;wL(L}FYIbRSoUiq`6lNynfn
z54Z`klG01D5~lE65T_8L-9a#Hc8oPSV-e&ZA3_~6Vx`$Ho9&0KT~*s+M-dNmhRNzg
zTMEtr9`hFu#+5C|o1F}&Ia+T6d9okH`YOSX9f(Z!3@cM8^}t7KwI4ww;{sBw2uK1M
zY&#T(c#d|+KqSmnNoe09-fO3hIFM`+)T23Axz(6XHM18U3V)~|Qh<F`lU=1`apwjC
z_~tr)6Ry6gXArzD^Y{ik2}1ez$|l`bf@u2(1U`Q`D4=;~9)l$_Hi;|2LyRzak{N+f
zg6lAuXLjg~3TjZ?dll4Jb7Aj03D#H#yMtht5)l@zgEb=9UV`1NgNX!NPq5}X*j)sB
zmtZY)ux12%iC~dB*u4bHB-jHwSQNnq5-dgsGZL%|!8+<-5N=D)CcSyXgTac|1~DdS
z-VI;9`4=4gCV=1f10Uev=K;LK4}6k?p9b)LKk$AIP6Y6ee&8Q(C`$d7fUv<2VS|cr
z)xZ!w^F#RThH{(x8z8*vhhV)<6s!mExPaNz0sJ<Ae`F7A7sf>qqTCtyMod*a`|oH>
ztmAt}k+Y0Di*hFW(~ifXfn_WI8Kq=KaYZTD2|F8M@EPJoH#brw&$W#dY4r0(7*{5*
z0e$&J6sdyZkJ6>X(r>SM>XeV(UF;)|-tEW#b-W4x*YvjU7rTmUQt>?7uiP)D!g-b|
zDB;BEFi{V*XiRMNeh?jK5gDql%ZLcb7l&p>n$x1bJhvtRQdse0f*%?dQ?+Pog*S?2
z5f~s6ISBv5;;a8-?_1!TsIrHXHib|M6BIRKf#3#BMQN)DiGU_Fg_(8&bwR0$f(sT@
zRD=YoA{5hVXU9=i(Z9OBcGq=v)zw|Kf-jnuJ^<w@f}lJEVQP33aG|`K@0@dI@@QH_
zclZ1K_xtoGO)}@)JNI>7_nv#s5GE|F>WmG2w7V+Ogy`Yogv7(e3GE&(3Ob`^hl}%f
zgJAf_pxEJJM<<IBuHu*>;bigovlC7hBZ1k;r;63x+C5c_1SZDu;z;0*IIbHBl;X{Q
zai|~c%!&{29MMDPi1``|%{MR>nhzXw1>3JwhqQB$xPC|n2Z<jJ>G&Y=#UULZBtA6c
zj1CfyL=W-OVYZw0B%Si<F{RSfrc=)LVoL3g*3gIu+maBrL=O`Gf(V}_AzT-&;bBC;
zh$66*&+H)a2Qy;|kA59@ka*w%o$@!Bbz)zsAx{39(e%o9PeeMT=dFv{_(O6@{=XOh
zi2rYoAJ<=HP+yDSpQL5CTPqh?n({nt_1EBD2UFWeT9MlCF%q?R)+~@diFwJma&)@N
z-KS-?0V)e$f%>^1ne2iz&TbZh`DP1Ct(cskj8ZF_=)B@?Gnh6OmSQni9sWQHd2;!N
z-ew8BE65K5S?=VsPVh^bwR`t?Q@?x<_AGS5#0O6pdFd-m4I?VU&W~P!?<}~EirlDH
z-uRWsjcCQ>0Rw20gJsP#Q63xMRO;}HhG=mZq(gMM9j`v5;x2b+Ct#UiBF6PGlLo!V
ze-V80QcD7V=3xEwNTnPs!CDJ$yX<3(;7JanEYw<jQUC_!X0rgV^%;-)qz5f@`yMym
z%}uyw$#}y>*qJTD;4(+zb^ONbkR4rrJd)&Z|F<XF+_&u3)}EWt|Md3U-tIraKbdSg
zD+;g~v?}O|!Q<pA?|PiVSdL{@sR7J(%>J|m<GVDmy^h=wvS>3)o7LN2Fd8(p5viFr
z@;qjh$p6FE$O=AmJQb`2i{RQY^Aj4McHNAV$K!Wx#v`Ncc!>7XkH^>Deu{r_qP;ge
z(cTj~u=fPC_dHR1Pd_PE@^yQ!|4W^x(UD4r_Fm4?lsJ2jKk77;;Ay}tUJCOrm8+PD
zj;zwDsHrE!nR>W)=}>=|^{?7{F^e-ztv`Yiyg|G6iiRf{dk08-vr`CLTpP@4#cx>h
zlz)$1H;KgeQQfXf-v;z@_|lkNCrAf)>6`ZLI^K1FtGFh~uKS{EqFqO5&IG$I60_@i
zE^E)MqcXN1HR}lNt0c4T*InbxI>I>^GwULnSqCppu<8i!yLhXPo*am`>gdU_c&m<{
zq{dry^rRcpzCi1US#@*Ksw+>h>Qcz6>t$&AEm?J=G>xQl8Yv{Bz}#zLCf)e#j!n9u
z*&Um7eX~0@=~A;hHtF^Z?AWARIk01s?(Kmcn{-bO?AWB6Gq7Wm?xulfWYWDzW>u^D
z-4CFk{4UAnc~=A1Bly)M@HP$n7X+_M0;?Lh62V(KFbG@K+Yy{>5Uz?^Y&;??O+r{2
zMYtFd-bq4uCu-7lLWDmgA>4P8wP4R-08dXc>Au#$jR;=-Q%t(S5hp2StJa;)q_dr+
zn{?-%r7LzPL0gTQbO+!E)AGL4zFE~Rh!8XBzV5+Hx+&|J`uExEWYTry-z2y3Z%s?m
z|9bz3{@3{@$SZ49UV(-e$OBo`z20L*Syi^Uj<H$M?(ln1$gq<h+h)<QgvpxRb?QqO
zXA_HXpf3y#e0P1|t!)Ng_E_{|F<y47{BR6j$pyWbO}nDn|DnKyo}k=iZR39$Y;kxf
z2sQ?2<wi7XscGD_%Ng@Q%~5~d>|}e4R{w3Kei6l9u~FY#d_`m2q}d%ok!MpETsX)O
zi&Uyl`j$ug&@B-suZQ*2IXJqw7&MtpHe<~DO82y4)}zA^-B!dgJFp4FkN+YPKQBkE
z$Cq`szc6Y&9$;sVsDG9+o_|Xk<N4E~2!GIc{-kKUPdDy+N2Y2P<RmS9n~tx<_dtKR
z$dIsM2Txwq(A0ReKT~fviCN8}5%2I;fKD?VO-*xao9#O0wCc5I8k!zu#^wWA9Y?;L
z$Y3uez<$qQc?|YS0_<f5yO_aVPk{ZI!MZZo-x6SdWv~Mdf>kBJ{$Xg#YyaG;v!gi&
zfT28{WG}uKMYtXj{+xvHS`^_*M0hp{;n^rcPek}_5`v;-?4qUEyx-Yg0M4(YY;!dt
ze2)1tbuaGeu)d>VJD!iOTXfoE{x>4U)Csnn@A>3>T&COzRm@U#PrX9Ll&z)agqm{q
zl`I4e-;@oEfx}a5Cv)ve8xt7I$lz0>MpYIT)puauL7En!MeSwbKgy$Vaj`*cvnFls
zBV*%S0?91}=|wt(@q+9AJjf8Y-LWUo9kWbex-Rsp3cFxd&%gL|hsN_)<B{aw_BjpV
zx<q|BnSFo_a?V~S9+6;l39#9CnGG3Naf((D)0&;+_NeKVR`nl7SBzwSlqX!6$P-K(
zfG144@W*+=9(@Zw$`cBV2|Qs>U>5NMtzF0sW}Il38|(?(5>20lzix|T0Z>acfiIHz
z22|_%B?MiFI^pbP6#i^~9Djdo{AXeQYkD{@_V7Wx|I?r7uRMYN${1~qWw1vQU_k~O
z!eEakz$%mI_EamX0Y}tO7^tB+iCoMP2L2<0Pb7hlYNdk+{yqu3yH&qs^czIjn1t{f
zt$ZGWuhTpeX0On8g+68xn9&|WE#MaRJlspuM4al!U6?B%5&TO>bS>g3`lgkx)Joe{
zFdd@u4<{n%qNi1HJAk9UPEPfXE=*U+3HL|joBj}WlCY{*Yc+kjJi2RTQM00N?W=)5
zSdQLLWy$)<yocJHub!IP#-7Ig<kQ*HkG2jzbNz&FQp!X09jL{rYzGRr8n6c3Cjtcp
zOc5Src#%z%bGfR5bPCcfxW2^5>9&Bmd^uNMoQhI21XMbXWj_p7Q~2~83ZKqGMk{$l
z<&HM{?OfF|L7rX@91R2hIpS1~PU^NjWajFQcWC0i5ohA^j5A96DVLpUyt5B;u0zww
zfi33~t?Nm;O-(Ml219gHT2HOOSP9EYasXFlF|d-a*8nRyrw_3b!Xm4(T4yEi7<8+0
z8<3J_Rce{&fSa5=IoObpViM6J24>fm8KT?je$+U+oqKeu7Iqs!k?6)YmD*}ZFd?_a
z3{O7#1PxD?h;gtdvP{eSxC}EO+5*L*bZ}wE`5wQ}@*6IrDWQCi%$pL*w$1m5fM~wQ
zUARjQrfMz_r+4TS`#7%RqS(cosCmkCm{GvshA{@W*w)T|`JZeZ?3e%6*71J%-L{VR
z%YSV<qy6%`qMO;9cLSrjC5aC`6h&Bq2(yw9W<?R6L4+wu2vcJE&u)#EB_h;B4Z7<Q
z0gX>0Lp}$n&q>rbB1(M$JD3!<Hd~nsmLW;U@7PsU({@-8h_V=OqiIJ&quAb8$wD_*
zRp*nZF#1cpcGg#&xJy4MVt3A3Ksk&*A)>X5naF_t-0Fg<>^P`6y1~@u!r4!tKkeoj
z(%*#7f&QNA^<(r$heL7_{mng=NPmRZ+J^o*>Gb#X;r8i|N_}I9+vcGsyW%O5p6rj&
zpO$vjRmZ6B2B1Fj7i9ET(1!k4x>dI!Qs<7QTaA(5Y3MI^pGJO{!+IJz-R|Hj97uiN
z(&kX?xQdY<#?Bwk$j{Zg9rCmH?tuKd_U@Sc4rF#re(N*Oi2Ux>Xrq&Q(@t3W6O(8o
z7)7`W5&TIA{wTuvh;UmH!fjFdZ21-tu1`X!J*C&M5fR=y#dMAI8m3d|IgX0eX-0jw
zV)TA}gTlL?iT1BUOo#A3dxA=T7K&;DyxLbo`XKhOSnXxhuSy%V+IaQIK8E<1R@;$h
zPDI*^XLHN_ZTu7e*;ZfpEaUY0!h|EI*B3PZL{Ju3O6J3Y6cObi>@H9$@e0+s-Dwb&
zNf<HCI^*_wcdxi~hX$5J$Rfyd%osdYV;P6kci-=$r58#J%wf?k%xH|mR*%lTv}sN!
z$~p@H#!$MP`OI4x+Zf2$hI+@j*_ygl9XXYh{x9H6y4f-m*k+~1HqnPMrjld->fIL@
znp_bgnNGcsWNb0Y=nD@Io{tav#~#`f?4*U*#Lj9tj8V8e0aD3U;~fBLx-SxmX_01Z
zH?6PzVSRn=3bPe4cWInvxmtTTb!k+e<fWr9G><llh9!dyY#XVm_?+x${sBC8wBVjp
zLPqb!dVW;l=ypA~_jXD&ItrAsQLtv#38C*h3(|5S)Rf`NUE6VH?-K5wZs&Cs4ZeOM
zOl01(3q06V!udC2hSc@>73=($VrJFNKI2MXzuE%VpiTb4`O1x$S#^EBv^nr?qJF67
zWL*a(1HTfCYlUEl<uQK|GsyIK$5^(M-RkHLi`Q~fEiGdB<drL%C?$N_tM6j^nw`;P
zX}G_kUY^d9rM-D!PF%EgJzvBLSmGED+=ADGZa8*|!p7wu22s+GN~5gPNgMngf-=vn
zF8+=cFeDdP*e0I4UXm+Ef##D-Y`%(JT=^T+)CqQrPre&S=WZ(>tg~PYc1@RVsAmxd
zy>>2qexko_qyg_h`dladLSEV2;RZwLUUK_m8lrz2UvZ>kqdp``_3BsOI9b)&Yr=2f
z>7gKxcC^XhYdbWU?laLSoqZ_2v(|Ql6KUs%ZN|5$I}6LV_F#MCtNTaGeMNbyS#<66
zyMVcc&(qhtUZ9p>y+nB^rLM<2P7A5xh*}C2hrh%l^@=V2vr)B(ONek2zBSH+Ili^t
zIREU}`>#69`!CSnFDUcP>f1X{Q3H-PLjyK+(16X&9XG(;-uutE|1Te5uP<#rUH?z>
zdN1+|=>#8Kx``C8e!LuHHlw^9KH4mY9$1s|K(V?QbPssTO-<WQoQkwFo@1#q^T{ze
z3px|OektiLFKy+e&5^Md-9foYYkW7XmYV&_fx+w^Q`_;n9to>dkd9!(6Ge*|1m~>&
zBshmZhJtet2+mdT>l*we_Y5(nn+4Kezh^?*Y@%Hc8HKV$d&FzkhP7Q{x-!PAH&+ab
zT~<N<GHiD8ZInRoB&lTMrA;skrMT!pro3==JA$V2?9&RGH<+NgU^57sml7a<VjF5k
zg!~UwrHhY+-!bW8Rv-S336efbqSD2z-m5+A0uM_P^Z|{175SuPg7i5rt%u>p^o-JK
zH6zc<jv>e~4DU7`AHkmFuwDPyWu3GY`Nd4K!#w4rKaZE}z)sJwYZrUWh-+o5yVPt5
zz~t|t4N-ODAk2GC?qfE!V93eHks71FFJ9!!!NE84q3vm$1Fs16Fr{!7Bh;1xHSY#u
z(Dpz7d<E1Hgh4R)Gg*cOnB+F=*|U!*qbQcQgT+7pkz(ms42Esp2X2GLzi7OW$;-&0
zrHz901FlZsdEa=vbU>3sL1G$mDI10QC7E5KQfkF47Xce?65BnModuRP*?&<uH}1}1
z_&n;@Zq%yY>X&cOumasgX=tqNx-EeIF?sdgE3Jkwm{`M`uK?@n%gfQ%h4@KA7WEUn
za!!A5G3t0fEWmaAfJKxau;O*7$%)sYFxYKpq`&s>L!EKF+nYDynxlBP4_KH5_hC53
zpyJ}u?^G~ggvOs5a?~gL;hK8Ds{Xbg(*qy65L7xsU92!&{2lG{H7XiCAH<7kdOjmu
z_cwU@pzrqiMkHz7M}h+VCvp=M&<;veLfe6Kj}-eLfF@ct*M7die^%SjZ-MM2$~Uv?
zT157*a_x})@95!x*uzT_h`X8*w;k4uUQ+`6F}CGk0(khLsEV1Et?fLi@(xDjzk1)T
z$!BdmL}iYZp_udjwE@{Q^yd!9Q{CGckh1P)G9YJfIQ@Ve{vu&O77fz}<o@k!K+by4
z&Gf<8cxcWv&TIa)@o-%FbH}5iTRY=1quZH`N9q@+ACH~u6UJlLrTTc>v5k#K%DXro
ziT=tI(r%pHja$Jy7z<W(`kTSaV_;MqT$LxCxf!`W58Pf}jRztkLXEsEpi`BOkR!NO
zaTR70i%)Ez;E06i0d_7plQ7@PV3>b~Pjn$oX=lqT2kZc}CN)0k!@&Q_^JF_F=*w~Y
zT~_s;wRB2_X#{AqD<1>#Rl%%<c9=wEP!<@l7B;)(b_d<=*(*}sN0ubmu*Yf8Gxp}N
z=;cK$K*KBXQO;@GD}~hk*_0Y9iv?`Q^E(XvM`}Fz>&-AzAOQ?O{mO19A=oqo%qXh7
zN9FL<|Gd}6_RQX+hM_1(8KrNi6&Tn77p&r~U=O|V4zPT0XWCFxNw3S+0w&T<8H=Z=
z?Pq<gZK$Dj!r1YE-Gh_&-LB9awOH^Hx`4wr+`4(U>pN-)izK;ocQ>-PQVzGohaa<1
zp|`&O-C#Pe!Op4bfm5-Jlu@VfvIn~w{Ny%eiG;YSd|EITS12%<mzqjq=aX#zZFKzp
z8!y#KYr=z>{DMUjsfI<wE2cWyfitQJ=bH{*sley-zGiKi;YA!9SMfL6vW4G6VFhv(
zFX1U)=Tq&T^1Z@*wBGH~&MDuEUD`S2le%<#%6C_nj!*fnWw75S!0={P;_laQEeY_J
z)z0>kIu>i-j}cs$1Rkw{UqG-Y2|P&y&qMIoB=B>m7<eLr75JfTTVo8BW}?qF8`l<5
z>HqyVQ-L3$yE2|bdAX|Hp3p8+p*;N}Yn-oSclEi?orX9^Nh0h&neZ%r&_#S3g2o{J
z7SvOxVQ%A`oj;A9HCiSo)CQKafi0Q*C@o`nYjxANjFy{q1nB?<=V1{qcdK1~W23ds
z=tL*zZ`Is9U{@K@o@J}mpOHrnzj(@RCAS8q`zH$Mdy0-DHvfGyZu7ZLausV*WB30i
zA!)MHGI#EB)mX^x`suks=%8#8>u?5jx`lPl%51Vn$(d7+ld6Rrjc?IFbzsLW!V?5)
z(T#B}DrSxeu{OP>wMozR!GiN@j<aNkv52M^q*ia$LiYO^tyPWWr%HLpAB{3TEy)XT
zzq8&1?l&@pxL+f4R{a_;^K--n8+CWp#l|>(bhe4{BMQ_*{HXs9#swF~qdlL(xFCxL
zM9di5s=2G;Q{sP<;>)0GXBms^&-ie$-U2=z?X6VSf}Cgz{<NL7z!s18Ypn&=SPO6t
zwH8?Q7Bt6m;Hy{*eoPXKN^L6%`fYDV5|~rsCBZgb5@;=GUj{VCd&1I_<Jyzh;fsmg
z2DV2Za48IBQuN9BDXiIQ{D{~zPvbSwfxBZ{oG5vriHVYF(E?pl^rMwQboLUdXU918
zf${O@r%C5GU$XNXQs_v2#LjR^PJ4cH1kZ0kSX_Q05`k}cegof{jva{?8_}DbBTuw(
z4MXxn*D$-GsprX#VZUWbmc6MgCrE-@>=Vpo*1=%UCcvIzunY!!J^}U&gEglxce4c8
z?-}e12K!?I>_rA!%wT^`fc=5No@cPv5@4?|SQ&%8kpTM(gH2(ucM@Q4G8oTb?<c_i
z&R~}^*y04(dkkh_u#Xa8A28StMuL5s0Q-=^HZfQz0rm-leav9X5@6Ly?#X|{5WCV=
zbz~#@?<Pgyt<}I6Be*IFd`JVE5&T^exbsN{ZfXGV@g(qI4ZH%uSxL^pg&Oz`1Yey5
zzFGr6is0NNFg{^+$(@LBVG=^WC_(`uoRx%d)=8!_3_x&N64<PPGZ1_tsdK$F@V<Hg
zcS|bG9cQgyh2WH=Of)k!@Y@K!EeX6q1205y<MF6E)1Df0*{?QC1$H#uZq?#<p)%v<
zs_H}AO+I-_Cu^L1<<wQnKyz543s+vkpj0I5Nvr9WN?}=J{&X6b(@*G^(B@fs9@~+0
zMl+o0a@L95)1ieaXP@QzIsIz}P1?R=h{eU%g+*K&yQ`Nhqur}`9Uvc6fP75@IK@@W
zO^Nvs6p`%|-@d=*p$hP3qFPe)Q`Hi7QDsg$3c!o6fC7+zd|*`U3ffhb_9gG~l(v#L
z>#KGoZ;dft@*apuUKWC&ebI}~6lWlMf0NQy^uD^O9nm`{!3aAL6TPen?aSU<jBVuV
z?V9K<iawd8nP`r96YYKt%^A~VqB3o08^L)CxjrP?U;lpjS#wgCpNrvJ)6N6&@-u_v
zC&<CCPbRuWFcFy#kUN+`cHzls9bTI0#9-}Sn)&|3v<@%LtYWZsFU|ae!P>nv^E89C
zduir=2Fpx<SsCmW2J4#uyMVz)FxbTjuwOCQMGSUH0_>tBsnnCqwf*WlA>ePFlWvt<
zqJe*h;ND5#8#M4t1dB=Fdo=J^1pg)pe5(c?gy3;W;BlHIc@Ba{C4mbx@R4c&4^ILQ
zKgGPmNi|%DI0KS!noqC>yo=zSNrGkENd{ho;87=;3rWLE(PI^-+Uqm6pY{*-Fn3?r
z#XcOGM=P=j)wJzYL^lG}qg(MnZI8NbW%P1Pk-BcBGp5JZtz<_zPW7XebU%ix7)$I)
ztKogBVVgRfUfQ5uskcZgU!j$srarKeHScVO5w_@lwrIKDg1`iAI`fOccq<tUb$n0L
zlf-*!_21B|IjnOt*vCZn!LyGcTHR<7sb_6vJ*MubZH?=G%Qws)!m4gv5gmYHb?pjl
z=^l0Y3TG@sBtRyqAFN<QgUwXayBK2Q^p;lDH1$csVcZZev#{9v{mQEYz4er!biX=S
zw-Doe`k|oD^-qkaxlKL#0vp8xFC>oQH7nRCma12-V59i?3yGshdwJFs&V=o)EcMHE
zgAL&e;}NOjk+0b(Afh_L9M_NUzCNX;uv@vDy=k)6rj>qn$Wg0(egvN}_L;bU%Yx+s
zuP(cPsv&TJAZ_5~&U7*><C)W_bTHTh=faSj#V=Tf$VuC*gFxyh-luh9#;?z&k|!=-
zvJk6xgFdqr?{~{{GePL@SI1YgR6k=<6YjNkR`-9DuvbHOYd=7(#<-IY)>`92DP2KF
zm_E$l{=GVWK-}fpX>@b4oy)Z|qA?{vXNXJQsz*qUS7SP<lRr9*8bdcFu1t-oF%GRo
zW>GqxyIg&B7}H@kX*vuw$B}s5b~}5sLDyp9lCSC!joDQ&B6pr;`5R}SmY-X#mbhCZ
zpg0hYPdbH{PIyuv+`0~vqbVnJv9v<7-K|lwy=@IsAk6V-^EBJtpb=6U^1|)Rdau`-
z8j06VsMHj;f3PO1#H`VknCf`6-dY=8iz+cYR<kxd6OVSe)`o?KXdC?Y8CnAt8Z@WO
zX;J(>+BQJ!?yW<6;z+17@$T)gl(-!SdNLB8P((;dij8hlpelx+168qC^FRY7ICk60
zO2--ky_Wo;4Vv}$c>nppK!bogeZf){k@mDfdJ2(N0a6*vrolfR9cPMpIruW`{dQjZ
zh`!41W;_s1=cQKK#EPte0+S5>ivV|V40mxHZr2#@LJwerTI9s_;wBZ$YeyYyf++1^
z`W4f^#6<mT8R%awUH@|H`q#4d^e>yBu%)2AYG3XV+Sfaa>0g7m3behNR-9;e|Kjov
z^{>CP9g065>RA7Jn8CONSXTzSgTZ<xz*wBD;iC_AtVdnWVC`N$K9|ATy?lK9;Is}e
zA8%!_%MxH&3|7NnmnXmmGT5sOHY5RdMUwtid{U3AGH@|y8A6izdRG*o8zS72gz#Jx
zVebckASWTb9z|G*2+y6ShQGF7gM3nVx0MiKZW6-WD8e*ExU0inSkzG;wA+iU6M7pi
zLWEvP%Gje(gfv8W@B~xGUb~Bl#+S8E$J4qd=F_AvGB|a?23=Q}vq5*ryt#%Hkmv;?
zt6EsY<nPX>v`Sd0nn5+X=jJ6f`t=`M4ZFJBm(|*D1JlV~e=4dS7O8vBXZM*GJ;lWN
z$?5UpyJR8rcbIQ6_%kpjr!vc|-cCogX`Ab(LWw*e>QufVj|hypKP;I}&cg}*pJS}(
zrJ=d$2F}*pfzwpq3UanU|H<I+^A1d-8-N|SZLFY>vE<0opuX}x4MX_-j{N8JW_O2X
zm(2&hak096Iqt-!?Wjv?c)UYe+5B{af4wLVVf!QUQaXIY8V-B8D%4dj4ri3a`9A{B
zYY^m*mqqa|P-nxN7%LQ94YP)Zzlu8#Y^OeTWIX=NH{$u9v?rgdf~DY-?RK>f;Q3rX
zaOGFRxa40o*PcFWEBW%4wDF&AzyFQY|Fz5h^Zjr9iT!Up!~Qp(VgJ$D)rT%lCr}|Y
zqfZ1^HL`1YwZ9uzH9FlH@_U+CxQ&{&`H|kMH)v|AnH33i!hMDCcUTa0J7<Wicpp&9
zj&<Q4!AsAE<y=*0So#voK+TP4gkJ5)Q%qBoVRdK2lLdR4QE`)ws_%R=81IZ?s$mHO
zx`2Z1t(?@Ad^b@0McF!xSH@UCsY91zsXnwjl~)GM1{F+i-)LDhT1HD^ie&_6F&Rgo
z$C&_Xst7W7r>AmMdi|($gL<SM-}C@zheN~Ni0L7XuQ6!43+{4pRnY39bmxlM!?>zL
zyi#P*UZxEDoCZP}HlOPY^4EKLizs<7w{RBk<tn`Haz0oOI?U0)E-Viv1VO$U2wId!
zsesrFy6@a(E8pO4wqZTWOryJUMmi}0gFrDq5(&8u&blN@v{i>%Yd}wHHqdU;I$rvC
z4Sua0Z&t34xDL+T%183py&iIN)LeaWq0;)iE;iv7&8bR0SClX0hn~lke@!nKVa9<S
ztMC!%vrqo`Gg2nFsyXSw)-H2~Qdat`qjI4cCN8vK2VT|*9!uw*2(3ThE{hn08x7Fx
z10Jvqf;U1*<9;Z{Jv@e00!z^CY?(C<>RpD)Z9Yz<C)m<uj^|UX*qc@Fg{t#GJiHWI
zzu#TfY7Bmf1($pAZX*teC+ncswVZnlg}KMrjD@*}&x0TE_Vj=tN_IQ*?%9oA%U#iP
zUp^bU7#_Hk5_I3N1t;4^>j@_q7E~p6vEE~bWo#6rPJj<87gu$M+1*-)apubI2l5+6
zl&JQC;*?O^=B}J(hGp3WRj01$z&GSs@YWhpI;dWmhCU*l_@SwRK|bl~a5j7O*3Ipf
zH6)ZhW&-sBbBuN6s)Te`<Gl2vYmJS-fM9hJ@7J^RQUp9HBJIagSJ2$$nX^>Dyl*3n
z*qC%<W28D<k7&HK5r_ow@cb<Na(sSnoB<fziNIOT<CRQzp<=p8ki{Asm_pmY&a`-I
zEL;!oHj6SkB2GRiDkCg_GFwzKYS7sqH^cKQj`#~irRO#wSmO|(j?qfyH!6&L?v^(3
z8-23h3TC0dmjx;|Sv^1?nC`(UxV8j#LIbEFW0Xv2!3~x|X~Je~fH4o=zu5w?U#EMV
zHGY>@$)NZgW0VZR6Z$rFjMDShY=3@?Ji!e07hCe6dNWjSKx&6(sXo`*zz*c2EX=FB
z{0LY6EPR2LMmcRgQne?zy)}1vLVLY9jvnK3Pb4JDi&hxel3hMpTC|$JR~DEB>8dDJ
zFqDF5WVXTgc2EUZW8kl^8U6im*bR-X)x7-Z3P#M;U}iQDF?(RbTyE#g^qKD5>V)<v
z8NgkaCzh#+mg&(7mH{%<5$T?+W{<1!!PRcVoOHKiW;*(n<t~5C7<eT7YTSMUQ56qU
z3e&jCSFzmh6cv*&S~0=gR=0RUJ5q6sMdjBm(eX{UjFDiFae&idVoYXO1!`dTST8Uj
z-{cw`3s_2h$0#N@mMxSgth5zK6RNR<ccleca5W8>sEo4Ug%e+X)>_}><%m35$yiM{
zNZ>pC`yAI$e(t(hgW>%>fS*sW(EEE}WfquS;OA=tJE>M)?u;z}E&+97Jy`D;d0Zoi
ziE)iKEY=9isnJ3*6~+d}#{lC~iz6YygmC4L5-n992^j+ydKFWys0}wvXZ2`pyz^ne
z1*r!gX~cUjH}k>jRxsBVdKI@3R%fSt<ys@5%jGp%(RHJx@^!3e5fsJc91n(tQqJB|
z$s-unPir|$Z)4yMTB~DWD3p;#EafR{NnMOv4<0TLC!CKg$CFV5KA$;PkQxP8$Wrr>
zO@Q1;3n+d)k5A86GL8Ah&7MdNHA`N!5#K9Hi>NK0$`SDXvj}sPGOkxjTO?fFUZvQW
zUwI=ULf2CSS9RbOK7vEWmA~E^iAW*0<6z2|bhcPmGZo>{8a#7}G_tiC8~M2P7;H`V
zXH*;sWFUF8Hipx4tHYh}`x>=!1hOfR7LICfC9y1AxpOSIY70EfBg_r|8YudpQea`L
z*CgZvO~>?sab{RQ<GPSOV8->+1s0su2V}XERo~i()oaTL=MYyiP((dfH3Nj#s@Xok
zTg59gEIN63m7bq7b_8rFk>8D$Cv<Ot_1YcZ=k2cI3%eu1_*^Rj-(roxM+Ki;gpF!M
zW@i{dtJ8~fUFl|ufCrlq33*+iS%XX3@~3)tYyD{X(P|uHl#inHXfvC~d(9qYMg&UD
z+@y7<HG~r)Eo#)2%D|O0(A6|VK;OzBGu8oW-BHG10Q)^!mX(+R?%dYURR!s@zp6bG
z{rTljNPqtOlK;5=JouBJrayQ3<jnNvtsnoG{+t*uly)^KnC4;hw6*cUc@{(90(RAN
z$2z=tU|@QOQ5z9d5}3BKNsH2pQ#vEvS8;@wOm?mu;{u6FDO2f0d6JsDC45et{vD~~
zrLgEa>@O9ROZ)I^_wka-hqjvpd01y&9<K`024B{90+;s%53II3?mL;)*=vtQDyjqh
zg$1W@aQKF5)XzmuRN)D9Z~kKZBXT~~E2$OLrO*0@2%u)T4hNnKTN2hEh6a@f+3~C|
zFc^lko{t_2HszoKupGf!ilrQBnz@p<w2kN~gBk9X4$)-|^#SY@-nag{G2B?Pux!2&
zCKwE2bG$*^l^&bwM;Q%h2zTFpT0?jp({|&m;iq3EYnZgD@VoK$d%S)uNUI2ckR1cK
zwy}rYO?ysn4-K*>m_xfYbI6S5(3@lqb>|+LOSAicnVCe~CmfkXs-#wLH*r-h!G^Pg
zdzuC52lbUTsI=}u=RMsP0u{0=tr5)>a>J~{a5vO2C-)jF?iT{n;Xu{u;mrVbe;kKW
z#li!x+k>UTFdn<n(%B8K4fo2e_EZ8%phbjX<qnc-!eme}e}yN|c<q;rpc(1Bv;z5{
zOFERbf}ea`T7fZS{g;Gxo1~2xO_urDqvEv?m~4(HnR1{7Iq>rOX0(L94}A;kb1-M=
z1dlD2xF!RKK`SZV2+EEcLH)tLI#c@x+KU&B;??CJw|{oW*+18}WB-6P(tXZw>8QKx
zDCb3G8*C2_3?KKp1JK9_*dHn6Bf;gZ=Bk>=0{RUyWy3+7?1!&UFoAALG=a)my3gUg
zQoXzE2p6+}-0SvZ_u<8Q&8za6E%a*;tp`0>hw@!(xyNt^)N2UQTQp0EOR|KF@s<!K
zS5(KW`j;#r%c^#*87{$^xv6toONd_m#ph>W3H9y#b1We#<;*N0kBKay#Qm_u`@bkQ
zyg2h*`2sXvz|5KEfn}bb8%a(#)eY&bKo+mDL~mFL!3K-Z)f#9zvl~|Elyu?`+6^o9
z)~dm6uj<lGWChhQ`Qnmx<>ee0t!uPsg5k81g#w*1)Qj@R4eU$+Wxg%m9$OlH?mv`|
z6$tV*D7=7cRNVuNWuO11(03*<<mi2Z?Cq<C(>Q=P$ZCO`d;|R(0&Mt^&C^a7k!&4u
z;O=TK=wP@$CT}BZ>HCA}D8_<>fWh(~8p%Ygm-L%CAoi{S&g<u@HidSYa`z?jTQOT3
zZx!292ki+%dqzQfj(&yh;i7{M1HCoeJz?NiQBQH`DZSRbmz}I7;rF%scIuY*PzBh-
zmEVg&|FDJ7WRJ6+3*HL#G(AtjI^rj(>2)a4j(v?c^*LbC9{7irkP(gQ&cOUajQNGE
zg_3BrNX-BjL3;&r8Z8_A*X)s+(aiQl8vR$Ig`Doe<67ehAy{jZYT-LfL^Fuul7(pA
z<f2t}MWK|Dix*;0YB!0P6@8)^FhRpiL3wZih`02pMSZzPs>M3Nm^LNIGpz4?z&Ap5
z=c8qY&GEU`2X-@4`WxMp#+V`b6<|DVjJKs1{(oRUkBGCMt8pZkgIxf#vleGsV6sgh
zaSZDjt&S9&ALD4LC+<Wx2lk@j3^R=Ay77!P;3DZtvfI!cCsM~q@RSyTsEi@|c}RZN
zdf(*r0!mfmaa=P{8io&6#1@>tUTAbcIa4ozVzPe~Xrl5_OZhOA#wJ4rWL3i}&0yr4
zdJtFWq8n;)7V>jH*+RZkvyj`^NB=o{dE|eMz5M)7vzKe*_0?c2cZT*dGnYqMa56>$
zBWngZ#v5DliVe(ter~nEI1yUIu{Yp)?KFZeXpfdMI>7>j1r!RXtmf;-7Ddfv4mmYW
zAuW3&Zt+|TyyejBk@?bE+Ku_jBOMfg$@qsLo5`0}BFE7~W&~?VU&Z(JD3CI7XUE$k
z%5BtesvsRis?aUuE|$3V`Xt<p_P|8(U^ENqW%q%U8-|M{Qtx%Gnw1;n$MCGt(+cZo
z(el`OT@+&LXoNXm@qoR&YUU<nNJvF;MuOonu|qq0c+`$g<Tqz#PwN3SKx%o`qtxmq
z-`nC<Mn=4n2ju9dn#=+jc7%JpG{TNeJ2Ptr>`k@qSu$uu=}^;+C_CHF?|FLr)U)h=
zjeYuM&Hq#O>D_C8qJ4VgfBxI-Q&Y_^_USM7>A%@NeS7J@WS`Dh`t$A6LG73Q#Xi01
zN!>mT{pG*RKHanOOzhM9pJ;2JZhG}UW1o&+`BUxFt-njMPlvwxQ|;3(ul{16{$ij0
zVxRtEpZ;Q>{$ij0Wc&0F%YKG^+F$O#K4tL+$(Y&5f&!M!n`ZFm3-UZS3}t6vFC*Oo
zg*Y8q#Eq|p-<<_5XgPC<z3L^<)RcL}f-=Xd-aH>;1CFu*_N1`)$0~rwU=5EfjtdMW
zNbpFjz*9eR8s%vRGq@od&JC1AUdb~H%4{>N($S8}LI<;um9&k|PGv!vB0Vu3eGb^r
zIX-D#4qmi$R^~bD^QPgoNa){CK^ckt8|mhH<U#XB7x7YI5e3#W@S0mb)KCmH6hjTg
z@O=_|p9D1+Stvpai>`>)VyQb8FRiV;e}cpyOuat~t%f^AWtN2m_^>jT4+Ru&2VIn@
zFM{5^6W9-`2_TNZD-{?ttE8>{`1>MUQV*a$$5j=AFc=^zSAIi1@4Xv8H09304A?kJ
zy6N#31{>Pehp~V{KKYfpBBOp~Az+W!|6Z}jApT|##(OgR<V)==!Z~heu#<eu+fj~g
z7(QjX-Kq6)p%8q~X7G0t<OeN+60oY7yCV^w6o6R_0D<P)XrO}+nhpL8z-htTPtX1k
zi3rlon5D7>P|O-iGplAhRHLdJzN2bX__rN!n%R8iZ_@6oK;6MQ8c(j`epv5eClJoG
z&}r4r&zbsp;t^0kLnSf&bB|j5JeWc9bkcb9(`g%mcZIlzs+q>;qdQA1;=512i*9ax
z$K)T~&lZ(i_2B@0J2=-41HuWYMGAC*zYFyRzTqDj6qt0@Wmw46=ehP4jC-@-Fpf*6
zU63Z&TM*5xqcv+4ZpR8$b@47%p^AUDBc?V!UVHoiEz<_*b{rto&qq}=eOMnL7?iKV
z-4h0BIn#r`d>97l6Lud4efS6e9!3a5Jo(Ryjgd3N1;4>i>(9{5;lw>1AREtccD=x*
zedcPPS=whm?eqNMasK&Qd|W;_pNFyG<p-R+GRv*j?Tkc#48D9CFV@X+!#^kAkjK*s
z4?d8?P;G$fP_H_K+%fH=r^zb@s3gw@s5u&{m7xMRnPpM$!CIwR7Wiid92RR6=(0`p
zIh`|iUV7REwt)p8eXhb8jo*viyJ{Hg=H=SwCBsg%;m?|}$=GvnDcK$Kvcbm0>>=_4
zylA8hFl*sm<<)@)gvc^}auBhE1r2z4OmHomyU`~PrudW+CQh6EKp#V}B^57C(Ia)k
zc)W2KI5+qaUWo_s0&FtJ5a<+qz+~_bNeV%Z10WYi2Vn$Xv4wl8I-K&3G2Y>sSFZd^
zi5Sbz)LrfVrWXIJO%47}VfY$9IqmTMo-Mtb%3<j}UXm!kWR9070yApnLn=tU6@2LX
z3=GfRZ}Va99#fAJZuasLZc1Ybw=q;v9k|4^*rMC>qOn~p)MJ1P?>NkTT+JKT@cn@0
z-`4^IQZ~%k8n}`Vj<TlYu7e+C+@cyj>)IA~+3xwgJl^829At#f9pw9M41UY;#?|oP
zDkdrfsTIBIpEI)Lpwd>1Wtw@{2@LKm0!;26{tMe*)MW=IOJ*V8N6`&UD+m&+-B^j?
zV`Z@9r8yRDa7Em@+=^lCFvSA~|D)^dbcGN3ayR-_XvXWP4H(rt7ScRCHo-sGc<`{7
z`}ma4xXssZW7)U!M^yH7`jm+Wef`#ZphtqSHm|a0FU%f%*u&jpJUoJ%Z*s90Me2FX
zwEh@T$vC^EY}n<7(k20wx*eu5a?kF9V!Db&P#2AB^a$#yqCA$gkI;e6f>bMn!Wq8Y
z6Yx3=k8ZNY%}P_nKCa>>SQ4J4(fRWk+egKnm5P1-?M(w{R|^IS1egt$=f<OI<<qor
z;<%}u_}etp!ImB~&!<a3WGL;}&MQ63;NKIxYwhfAyfO%LO&gku$hO~Wg>|kxf%12p
z-K^gEWH#-})Rwf_F9NpJ(@y(|^FSob?~8k)K)GCH2**o0EClzo@QYg_^xu5GUxS+S
z=3vYlfE%oWv4QSKP=wh#LDn4OLrtlo^gX}!d)~MLe`l@bB{Rll7J`u;+!G<u)#B!!
zsB_ysrvSR{@_qgRODqO`@$qs`yE^abY!C}q1F>7!(A@PDin=?k;d2FLJaC3RpCTVo
zKmF^mNM5~ZSVRbZ*D6YPS|znj$XT`jmSYhbzwXhv`HlRi`Xb|x?xwi;jqFQplzur&
z3fH4kZPI-p94KiBFX6sEP`2VlZFU=vM<+Gv(chhlfL<udrDjp-|BuYEOt;;weoA6)
zv=!qW_k#&@^9`o8U8v7f)&dK!XKbt<*qDE<h54%v3-Pd4a6^0hB2-@WYX7vtr&l|b
z<ZOfa=T}{^$eG}DN#TsQsaHS5BH`EH;x@EhFR-$TwJ_aaQ&_DS4tbTDhr6O04O6aj
zOeYCL^2KD}BgPhfNo>S-5P5aw<vX=VtMV-1B5ROE3esvIw+tb-0mGBpq&4>Wpskc}
zcUQNUu3*|<3k{^=lyLLC_8g(#QOaE4f}i8;?h?*lgBb{#@e;y3A~mcO-g#K<1MS5c
zE}|N?Qt)X(s*B?{nCoD-&v;Vk_d}s#nj*TU*BJr>d_cOhp{hDFo<~{m4*S^GjzzGl
zEw9I_f^}Ww0VAly+ppOp)d&6o2wrLtC~zCAfz@9i7&js-!0Sn*ln_QvlT+gg4!Sq4
zc6u5Xl(g(0#xQVoQQ8huRorfb{)IYwc2oFtJ^r>l!h%G05gzSPzAEWU3a}Gd<CEvH
zbkjb0wgo55O6lC|y>^FTDJJSv3tk(Hr!aOimxVzwd%(2L0L)Trz1wC$pIs&G1L6>Q
zu&UCgv#-|rJey{SxOGFMR%iGAT&)rMt>>@}6^pf3P$o9YE0BQTiF}ER(KCTvseJv4
zIDP9n3a!so-D$&{ndi`JgAZ5?{_~(nWGuELJ{LMLf|oWQi_>3%$Bq6T73%`$Lfb19
zRJl6mR@dtJRBDUVt_J3g3_tXE{$qp3Q@KZ;qMn|haP+g!O3dSOHPjUL)A*rC?fe%!
zEU5R%*TihMQ8XjxG1;n31{i#!aKmgQYVxCOp30FnQMw{Lke4sO==q=x<x#0_#A>!`
zqlaU2-NI-ZnAF_rnCbW6<us-gjus2j>yBszk+L%vvS{bKZe)WiUY>YgwJp6LjnTV2
zSd?e0QCdHwHcvzvZ*GUiMLH9ifWemIX#8^_v=3;!4$0BlA&m=6$uQ^cL-LyYDx-Ca
zPV4_9TF;83b#CJ(7_3R!fiviF5=Ir$=^2!Voj&7Upl75bjMC*A)+yk?qzf~^M(IQp
zjbR|v1+OrQ?t-s`hYlD(pOP0T>9<L$4OF#9%lib}z{h_wHIZn!SfgbdR$^5zp+#{9
zv>cyr;lEaY{Q5WT=#TOH4?jnT9CZ{e2^MrIrbC+PT<K0T-UBa*>5E69j}hK@l<&71
z)J4!1d1VeXe^qb?G{3&GXD+Ylik;!leD83r#z-CSs^iLEHn0dFpe$yQvUmVh%Q3S3
z>O$FnwK=-_zf})Sz}3G!dG)8VOw=2BP#}4btD*fccdgI@oRyroSvgh_;VKGIe~h2M
z`t~qs{v!SzO_|B+qwuJ%KDM){ey0BTV5P1<4v-S`M_8MEczL!y5SS~r=_cSg#!YPo
zV$Ds&KNIGk7h&?{i9mAmb*|u(Y6Mu^LT(MED5`184>rLR52j<pWz?II6uRA-TP;c^
zJ1_y{F~}{1e#Z~zara~(5kgbvi}oBMRZs+4@?qr0iFk*(WFgG?#|K2?20=Q-_d6v>
zdxg+0(`eVAUj=###;<YHf*67om)(q)(d&dO$3)2<WfY3_77v~Q9}v-;2)xS(9^R9-
z;SYrd#ukVT1xf{D4IXUZ)gw{Hmfiy`ZMv4u3GYdJ70`35<J-KR5+`vRS5z$bUkEF>
z3EBt^<UykjeG79o>}-SoVz5I?`mK=G2DSn=u8ZXr%LCowUKM^bw>sPdhlV$<$3VFl
zDbA?Ea%G|9V+-V``2$g^_1u>`@(03De-rE$oNrN1&F8A7rGv&K(!FdtdSSUY+%UA$
zfJFz?{M<;m8#|wszVW#Z_#Y@#GPC)$VL|q8vM@|gdgZCm^g}+^?wP6Bg^G3l9vG{u
z@x@~i5r-LFf_zy&2n$Z)7UYASg$7(CW$+tKmbslgALFN2+Fnt8-_v{qIMz0JS>VaI
z`$PG;`#j{f(bGeD{4%Tg1-0Z2bU9w}!4vv~e95?*<Z;ypdU(020JQQh7FS#i&lD!t
z^KynAW97pdsMC6JAN-rBVmN70o~H^fkmH*LZp23H%(-go3(=nV;a}-xxy!>N#jF$j
zf)mWo32m`5p7X8b7aWWFIq{qbZ2!LX#0NyF-V2L_e37zAMXB>hU;f>wxiC4r(u{U|
znA*GVue%R*bl-o7@#o+7KY{%?)|-0-HzJwyP@g4z4AJ}kBa~s^;bnjF9s>L0h11{k
zN2;vAw<}{TWEd*$2>&TFRU>`He)W8?wew8DC$$J!EkdxxHgh;1sTZVXA-Mfyfzq?4
zK*<Q<HNb^<3vV^v#S>TC@K*6^3;c!eLNH{)JAm6nSG~VCu*e2Hcq&;a%0^L2;e#PF
zsPJaqbuh3m8a1H$;r5~i6d2n^4WL_t+`}skbX>Q}E3L>{Ax^H5Rum}1=o&K*f}#9v
z>ffL>_+9|iV|Et2btr^(q<WRi4J7TP6~3&^K>g6k<JOtuft98Tks6=0UI^|yIa(Qp
z$K3`oE8>G;Fot~6HsR>D{M=m$=j8x`Kz+a79nJ7JV+VG8hZzT92UNH0q|db{u-)g{
z?C*<tay0(}pUk)5O<+;t@TuTx4(!Dqg;POI!9WJm+%*>EdShh~^M<;Tt6CQcxz^6Q
zl*tb_SM{a46)1(dLD5;0#Jr>2m2=F>%!q64%*`FfELiw2#w+MOXXsK~c1iIH`kXdi
zLGK@pSI~Qo=TofsXT>Y%9rc3hbNYA%E$E8$`g8x17t|fkwd={$C&7~`Ey)XtUOlk=
zvWZ?$%RBui;}xuI6R&_R2Xqg>18ww0D3rbHQMKG=k(x0$fpky{O@Jqx^^xWN5-l=;
zMfkK;V;Q5B%p4)O%INF2RS35Bn0bz<WNs6(fQ)L*Lhyu*3+^%^xj~z2%nAAX<O>9;
z7elKt`&=sn`=ANb6rbE>j3lnN(8POy3zq*82}tQ#U7%#r{a~*$sE!fnVLn*f!Us?A
zGq3Z(sy?~}UpiCZLqJy~w}jxHlVcQ9%NQl|xM2Je#>9qnjQ%s;-9*2;@s#;nyiPBE
z3+!u|iRc%zv89DC1&+Wjz>iTfRwTw>INK*#So^D4`<bK6E`#PMgLW^*M8HsWv6u+|
z55_~#cETc{vF}XvNk`d`_dE_m-ohJCzzjKX$P?us%8zeJetc`g3E0^Te=~MQ$KU5_
z<;uUuydsz_8Xa=DiVM*Z>uUIe`I~h0OIWOnFKFJ(I2WBG{%b}n8O^Y6VDd6M`TD^c
zJdw`@|3OiiYg*dI)3^cnbEw6KixR|wD-_r(DndjjjxqAM^%VG^1xW_k6lJm$q|Lsp
z74V*o=riS0GR;C{C41EcGiQj(pcNiz6D->XAqxnk9$wLEn^`PGYI$iT4wn$xo+@N*
z5~VFX2p(QBZSpA@UkOH(6%KUtikCOdv|e$byoYGL9)k5+Z$ihf?SgBIe;|mtje?TV
zh+;M=UI@rv^q~OxTWuCx%LDu3T!XR>i<4_d%U;~%)FV2a6^$zp&8-&m3wpxvQ~iP_
zYkonRJp9l31LgnM_yhg^%>02U2Rp2xf0Ev<4C_8xu^%6;TzXsx)|ov^QJM)^+rSXG
zm}SQdbB|=6q7sKjD}xT97!ZuxaNpbKI?6p_02nY(Vx+=RWZO3Gp)hFvuqu5L{N9ZU
z5WUQob=;SA3`n|UA!o^J<}6)-Mpwe}TiFb++74Bo4D9x~4s#W6U?{}TPDY~s6T#L#
z9r-I=*ADG6A12^+j*z!<4EZp@n)x-1=vM{Gply`D1}J;9(i21t$fV=lX7&WC1FK-Y
zn6;88NrQ<J1nD5JWUMM#D9E|Il#{UDSyU5cj>Xfu9A6TPOo2K^F^HO#+{2h-7oHr>
zmkxQdRtS?fd!!X&MJ-p3*>r)v*5Hl;(D^1}{rDN$ojOvnYii|DU)CN0^}AriI<rU!
z9RRhm!6%&*g1cZ;Fa3^<YFNw)3&wh%^qp|@o7{c0UkdcSzZw2!?Dqg=@5hik-u)oj
z>P`x-eaH{@`1`^;b$wElXSJa0^GR3WQ_)o$*h{@Y2dWhX@}N}(l7EfGqs)qV*k2y?
zuy-s3J>jsYwN{kNn>D&x33Sz{)0J1b1)c1_>d*~pu<iz>wdV}|pW;j@(6<HPfTFZs
zXMLb<Y}K4yk@dCpPxT%q{&%<o{<oPc?}c6pCt-b;B<-J_#y<bu!heH(?$FKi?j=8B
zpF2A;&$Ax?8Rq%_#LV+W;coHwb^cBE`Hc4Ma~CtubK0}cCq4FWwa#<T+&WJ@-}&EX
zpI`LYf1`bFoAZl({)>J7AGgoD$p4akzT&q(-#&k={j$H<=fBwJzu4!$*yq34=fBwJ
zzu4!$*yq34=l>b|+=~8E@({YCi_R>f)XZl!^GmktPPDE@u6#6+-UdF@lEw#Hz)lbG
z!L?vXWWv|YeCYeD_z$(!n#yzen|Wi1=SFOXxy29-0+`dGlWFK3)&rfwLVMEGXUkCO
zt3yA&eL`qgTA|YO(p*ex6}isBIr70^%JTNd49wecKBe0%d_z9D3E~YAPy>hAMHi^B
z)9n`jD7;nz!+0tx52zwh`d+Kc!)4`L;_HBg1A|j%6J4hQ>!}i~5TAf#^$%K@8xf^e
zDDR1khr*6gtOlPn)gm;Eq8eZs+Zg`Qz*;QKu5rz}eXy1&M#_hl-em?cmc|=Fpxta~
zbIY7phS$AaXi(pN=UAkzKNaWb#AT(#&by&*=<?M~J)wFX7VmGJFrTF&*vD?%C&^(6
zfneI$&I_;ayi9^(>Us0q*?HmRd;?2<Bu&6njj2F3rRlzk2+Jf1l@xL1FOU&gOvaQ|
zl&7h%Aj9Xz>#vbzK4~|OW$75jK15i%w@@*?f_`i;RH+y+1sWx0?Gw1X4bgxpR`t&h
zQos~DpAayG=R}o{3z))lK2?jCGSnyS!JGfd@lql@GmJgBb>PBatFTr>{DNA%hSg-(
zVy2)S2z}srkfYKhZBL^#;f76y-7ArM4GxD=NVk-1=;mc(Nu#A5ETJ_F*ED=wj6Y}K
z+l!o`z`(L&sdM_UtqIc-6Wf~Lst&RYV)^hp+*OMX(nuElFgsU;CO$OHhLt#QD<?;U
zZ*H|7lN*r@+tcoqr`XMZH#QBAB-678v`ip8OtN(k)MU+5hAj>4F|jZws_j8?^NenR
z)VtFS-pbOhf^4#jAQafR<*}P+M{uTL3>eWVrZSvD<0gttj0@rubODRIRwyc$J@cEX
z1|Zu%z(*{8tukx?FPjDkl4+nQ;dk!<;4{+)faLcMGz0e<0JP~HK%|AdeV_%QI5`7s
zqBLcI4e@M<=RmxiD4qkMnDc6Y6H7P|&xv?$#N(rQZiKqk)RlN`$us~uPy|e%h#v}_
z;3_7d+6;YWj6}|`hf^?2%gFTlymU-v#LGE2MYlE3eK|AyYa25no*dn$kAJc!Za<+o
zwx3X>?<atDpE~Cn_Xj4oL*GyE9H~CZEjnEUlv|Bj1e8?n;p-AM6>h{$h2rR@0w{NL
zM!Bm@UPt}U4}g*y-C8guZ7mq$w-!p#zW>|($y*CWXSB6|Sn56Zx4S)HO4uGK$Y{H@
zK(D@{{j!N$3*9q*&enqU3<IE)b!r;`rHy}~6<M_f)(FlIXlNL|Nb=iFZf7(1@Kz{+
zGzX;TQ|z6<0;KDZW^{>EE|vJKx<u;hHIc5c{t7<g_#tK~u)`nGPLU4mMLubm-G?+S
z=-&6JSJ@}wGYejEwBh|oq&oWyRKDyEM2wQ1y%fO?M08>iAUl@BmvG&PtCJqfr-n#w
zyaoCYkPvj@9V9-kVoHSFWQ(#E%ET*o;pHBJG_F%(%%UE=(rxH1Q(->EPFDP5gZFfD
zF#d8*E<wh1%E3QQgt$o(0UnQkitte}YgE<9bcHv1Do3YNdRLG=roceD#_n3B#XkZ&
zPLLO^Dq`loAT6rLuVB+Co``GJ%&n&(|F-u}Kmf1zNJj*z1(yg~%;-(5WJolJJ)b~N
zNoAM?FS&piw7^R6n=Oe~Vem2tKoD%@mCLTY8Lt3Lw^$L?3PWzO0k^X_^yx9%5Q?7M
zmK;&(cJ9r1pHsBtAbJj>I}zO-MRy_;let-VEXX4sk9b9hSIo37m?c6kLX;wPNgdwm
z^xJKCbp(K!{4=8R0H!=BLw{XSv3G@ewxAGMZD8KXW(*#n%`_PQW?@17%OtG#6)MBB
z3uRMwA#iW<MYR-4@Jse)n+v7s_{Tf25tZC*OJRdI+sbraVC!oTY(Yej$=xoSFx5~f
ziP<*9-%j`r#LtQ1s|a==z7tD25wV33-H6C*h^B!Eb*o=2i$p+k$wqO3ccDescCKO!
zEn3X4C>w!cn6;@CKq~XnIG8$AD+Iiz#xClRZaU6vCEBn=36ADTVDyH<Ub*t_n{WwZ
z21Y>7X+w52PY87&x)TdJ5sz;}ax_JPPHtx}iwQPNw)r^<b0_HYU(lRDi<OKgD2~c%
zniPAPv_@k$Le?_2#RBUY=4S}Z&yWJidxb@xA9&&&g7Y)PjL)q&j6-mKhEV^|5V^vJ
zV4R;JI6umbG(SUZh@V6FI6p&jqWDe(<NOT4`5EFwM4k|FeunT-#3BT{)hlX|ozxd$
zc>9X$H7|2B+iS!SIr-)Lxbokj#XZ-aY2eB?Q@1nh!5yu+)$!+V<I{~bks2`2Y8lC|
z0|RX%k^J>Adsj1rU`+~Q6w^LqbxINz?+OLpJ7TiaKI52lL#Q>x%jH^)VDgo(CR`qH
zonGgi=`)95iYJU$qhvVP9>>a}=msN|qfL(UX@ilg8k_FT`rftT!8KmPJ?UP@o#|~(
z;Bu?+<$+-MkEi2DPC8XXd%#Lzb)>a)eN9yEu#nETlLkbWF_{vQGzIA(Bzq5(L5zaS
zaEBx&et<LmzIZCyBdAM)u9t~o289Hp0+1$|<~CG-EG5$-M8yuQlBvbS<4O8t+S-vm
znGOUq=_4@d<IQv?iym*LJ4y)YAtrZlu`qoP)0vt*%EX9QI!4`_j^lBi87&}DF-bzO
z`W=lrfIXWTdj|3@l*XkQ5(LvYx~oToZw49M|LO6_Z>N~8h>FUs8QHVhp>v@$3qoy(
zo&#h*XFPIq;LM1QI<6Vnv)LU*chCh!KRkvKJeK7V71dlba%gjuLpuoHjVMLxdDTe!
zzI0K^w^VH5%6Dl<Iay!vlS4@2JPWAcz`K2-ajxBwyASOg%R&M8G0b5$4D4kv7n$$_
zSg}u<l8uvi8BJm~PGWX+5-+nL7$-5?=9B!{ID41T>}BKZWk+Z4G6#Zj_OhK=1ZVFu
zn!RkCz3k}hUFJrxTOG3$rcPtRy3X$4D%gc3nl$JmP9~X3;WX+3&LYmHH|rQb`CxP&
zdsgAa1n3?#bPx(vGps#We<1p>dloZ3B2I0=?pb1-8li-Ty#v{b6GnL0J4=j3Bh-O-
z*f|T*8e`EG?3^XWq7mv=XMGxp;88yscsBoeUdMy!`G)(DuAOmo?LobiZ7n}(h;A+0
zMkqa9g8bfcjbjPYduugbBud@2jpdT~fKajXj3T2)8Pr*sXT);yA}WWb1t>bl=zHb;
zPzfk2YvQ1w!Yn$-pfeE~+gpA+zdXW~<Kcrx83lE&DLc-#mbtu|xSeHqI`ba97#94t
z)ho3e*~C>fBL{@mKbY=SOr5;OhDZapgO@)(RYW_MABU(<qu_-cqK#1Ic1~%FQf$=r
z%o!dsXWms4cun6+eueguy^dokK5Z}gb5``x5GI_ay<}19(loaf_h{Sb=Rkgqpu&NI
z9&9!FyHy+sbi<H2>8;DdU2~U*JJXLfO_hb|q**!|(QxFd3e$bcJd6Xym7h;r-oxz7
zccrRYR4y&^N-9#Hv6<!hVcMWE#6rP@zBAFaWS{Y$?3TVB2NASRQMvNUv8d!<cJ<h)
zhNyf-ZE3inKr#&-BTX4@z+dJul7BeL=AmX3p~F!&50A>`p%w(AY#xqMdN>N@p*BK9
zp*%b)l!rPHj6!+16N{iw9_l1S6w1S+LV2hg!EW`%kK(na1|nE1S23QLuAc(Hj7%5V
z#m8axRvIt7KhIUoHnRjsq#+txD0C0)wTM!U`iQQ(13NBb*Z$Qj;8kGu;S}iGu+KNL
zNIMuScR1m<6ECW#nJxS;qq2DsN#4o=-~hc^Lsu21&)(dze@mkMMmIhGP4?T3*OL7<
z`P%=b_FK)8f5Co}uQj8*D?)j9uNg7Gc<}(1Cn`od0cX7zs<;;BefZ6Ud7q8!I>2-Q
zX0#8TfVbY~08IG2*NG@#vUuEp5|tpGz*f1}{eRcqTd?;v8n4etXrJPxAsBrDl?PC`
z9HLaOzWsa5^IK7dswm9QBvE>wzAF_kYmeOUeX;i43Ewwq-$7fba2nb7VhXcWQAzTo
z;u-ew8v9txK9;eMP3&VA`)FYwc=`q(R`!AUrTGS`o2e3i#&da5d5b4Nbx!*82Dax{
z!Lt%Yti&X(1f8>~b<+j|r>dTo`ZoiGu#=#r6_g`h4jANlCcYwq8;LgLZPU2&-AJb&
zJCVKVM_pWgZX|aLDyT)YVI97J#y3)NDb^CHg{4=_yS8!V3#rzT&H_2Z##Kp}>#lsc
zKfUb1IiUGJWWry8<s-`G+EyA$8%8TVZ9=f7Q5^coJAmjv&nKNH%Aeq9;lZCM(bw=x
zl$KnS&AzPFu^1wPtAQ(j#)Na)Duh~7g<z`@k4S=R3<XNh98n61t{U#)<v4D}W-j;{
zPJczU2o#0W%FJK9$2kM{<x6#MEcKbGbO3@o-$iJ(@Tdcn;vLNyW2ABaggPSg`rxfi
zX_Y7)_erbNTS|^ae86B3nTq);mLo%*=08i6R;x#gSb$dzW<0?9_SVbve(EAvBh)BC
z@z&wo;AoI(7@L5mr|~|mv=;mF(4Ytg%W918PDL(yFy`*l+sHkRidfUV#0g%Y6)e-7
zi!xh8vLT$7y9IaTr3T6ukA?&g!VXWQ$RcEI6GD+xz@=8oZ@os1-7jYC=5efDN4bjK
zph);!dr_?ewQnE2;VC!Gzp|K0Ra9f2vKoa@3m9mOT;%t+<40CK)RO|Hm;D(cqWA3h
zBF@5ogQaiBA)ACTfg2v^Wbg#%nb?SMkG)4y`yjUcNcf@z`GM{nFk933$sP;}Ta4j!
zm2zs*eNNuEO)b2wuc5r!zcE6j6<*!O-$0PZ*g$)7iUVAD3hKFi^`GQ{AM%qyGdW8#
z{T5ca8G6i>pADnx!=o-KqE_D0kAkAHz(DU4e;E2c_B_ysPHiR^nV2^#bO^XcxAB*X
z2K9-(sRp?Ma{vPelob5pIWo#<4rJ(U2w#Zj!DAe#Ep~zjlfpgVCpr$4#>H<t&JXCp
zhrUm}eMPjT<M4b4n+vU@@!Qgy8hAA=h4(kH2I4IE&2j|>PYYj~)KFk)-TpQJ8rl@b
zh9Xv^TB1*CaI@ZEd|wV%Uek&KpS89Nwzg?8dqNFvdINqeEk*KjO`)A%;yh2W9LN>8
zXk?!m#Wg$7knqTZHglZOa~6ks_ZSl$;uZ6<Rg|1~Y}pUD|7TxEsnq!e%W##(MFf1%
z2b9<LDF*J^a*haGG;PAU7{BXdlCVoIfIlCOz|HBNQ;tRS$Eq|p8@Dkpe@Uch&6{t?
zM$!>vUWIzRFU2bOaBzx7wCeiF$0FfRKv2$ove2NGEIJ0nT92joih~W|3&Q7ydxp*7
zPT}t1lyEwNuoNDF1JVJt^UzbYT~e&RwLTR({0VXDiU_O%xpSllMD+_OEP%`BXj~p}
zEJi(IWu=JhW+?J>TyXGYw#W`Yb9fmBEkXnv7$i{E_W(t=ax)0v7Kn^lO;RV}%VBiY
zt63Bu!+CClIsm||pua)wqt&aG4%CF}+R&5y2wUNOgVk4q!YzdGnEIL6`KkO!^J(FF
zJeo<o{4gV|hpUNqzm-DaQ;v)Pib?0?0!A_C!M8Yifwfsc%dahsc;!Kr#8{C(l;4_y
z7xHKK&96A(;e;ch)-(zkp>n&fFkldz9FDYrv=?6xHOWsg-Xv1UqB^3dY<FKWro12t
z)^8VCWNp-w8>-i2mQqOvESY;>U@_yYq(6Vy8GA|P)G@(adLM6Q@4H%iUl9u_fw~3O
zYQ;zjq<wRu;<b1GG=&)GHg&adiUOn3k=PUBsR#yh`V~HLV{kMK+JstU4lvh{9=%B|
zC~yKL`0=Q98-~ieQ7d;LmMhlFc_>*yT(PqYoEj;{MGMShiy`jGNY?bYCqgVhp7um!
zfqo`wVP}HFU%VS5<rTyt<q7amqKDVV9$p6z{q*oRv4^+9!-@3p?%2b-;sfn*kB`^l
z$J*5WgPevY9)2bw@KJ=%5y6#&;EE!=i3pb@AzTtgkP+bm`gu;??_oY08W59jsK*aA
zV_ZBpIr5xHq4aSAKfDd5RsHS6W60T5Q)xDy4Tmqm17cd7>#lLqGRjdM1&lr?o$WSg
zfw$@g<4ORHL+x6?zU8P!?VDBoAFZfGRp1*I?GHt@c>0epGJ6Ec%x^g|66g!G{?UxS
zdK1yq!tX>X8?8}UE+5*TdiyGk%4AbzZBl&Kg!&7q{`6@5=bdTI8I_8sGck<dv54Ok
zYDukSP5TeNuW$VO(%OGt+x^^eb}dLva4{jE?ri2BTZYb@V1_7#EW~W?J~~SZUx?--
z9}J=ck{M&j$f^9~N-W8{KIaq#1<alMipA7vMN858Q}<3lVY-aRlhpkviLI(MIt@2D
zF(lVKvv24;i~kazbg`g}0=sUc*(aSOy+!^Lx%&<M6WSYr%BB({`K$QkfuK$Mvi8TT
z+4bD`bzFJxG;BTw#y!l3PNed|6D&g48dys`t^5*QPvu=Jcy82MbVlGttOb1nM<K_5
z4zLdLHdCDw(7mM&Dh;RP?t`X&16|nbbDcuDWM(^Q<a8?S6(tq4dh5(-0?Y>JcA)j~
zi%+r_UBmYaiHe;$1RD1Om!hwtQN^%sG5g%R0so2{FyFuiP%Pman4shEDg4FIX(rya
zHn2f(t-?$@FiIJAzJaYC^uYs_Pjs~ezQdqxW)#nke2fT9n<N;}RvL)o%ET*b@9+x<
z=2Cm|Fmn~XTXCo54V2!#tiADLyo@V<CsiNdooxnKR0hQjFf>%;MjeC!7P%1z(PQ|I
z0?qSL{rW~4TM!f9fDN!~UUwetl>HcBXvqy=q*Ty8vYB;cq8B@2x)i&~OVlb}qP16`
zc>jstSxh86<%AA3-H9&E`}Df!zY=~YxESp_1NYc>D30~jjQ719Z2!wA4Z`(|)~s2G
zG_duIWdzr1PI(&*h&%VddY&|CDJp4dCTl-0%VbC3vfj;>^%K8F9dEkke8bB(nE9bM
zSo~M>(g2K?%}aP5^9}V*1l1Bo-pWSaMk7B9ZJ_{sO{7;*?k7lFePGlit#?-n+Z#mJ
zaIl1gU<9no7R|bJCarhe6^pHRi@$$#z4JGaJqeW-O4Cn4o%;mW*Mak!FtrsPvBn;9
z<&S7<AAXC{c3S%rI#~O>a;di9_rWB7mb*^#$25I`%l!-5kD^7+7JSbyaJ_$#yxw`q
zXNX(xe6Y^UyEfr^--XL$kLnzOdA9S-%<D<YqM=41t{JNyi#F=G-jhfE*eN`ZM%Wvu
zqb9F=WY9ioPtqV~CJgdQ804?mAb*95|1@5^?xd>YY0Zq5{HNNk`MT?A&9mh`!xOjM
z>6lo0owR0Y0X7(j_ZtKHw@V9bwCso3n*>_%dd>4+4gaIf0RX7@&prYwey|cPhT#f+
zpToW{!0&g$chK?A!SID3ac$~}(Ge2p?{>w2dD_D&AA9(s_7ECd>t=!VWcCQ>;T`Q!
zX;&21N%CgF-WKA}hf$PRQP9lb<sqW-o}Eu&f!H7S_a<Y-NxCzILK80o-9diOUYtVd
zeL$}!qWGAV!Qkk0?O>S&7OEC`9aI;V^5=Owj#Jp0Xn)t?R=Cf#-=CLPHZ0pvx(|;W
zwXod&?R>?Njzb{Vps{-60H^+n@ZWJ;1Y5$(kJ=}}XK;s+Kl+t+>er&ac+Fq~?zUy2
zjtq+PBqs7FV9!&<$)zUT2B|#XhN)R1{&B!1Ptl60x{i6;0cH_$mtsC^GZ5~)t}O7J
z`q(&_L0DsSq0e>AU<yTAgnx<)6;ms14$^BV*d;GN`7*s%rkxy^(IQl&`)x<t?QD4_
z*wiqv!(psGax#+VrA78K1G`088n(xepL8`J1g#pFWgYHch_3xyc?#`cjBu9CwXQUj
zcH`v?YuOTFy#7rv7FHOGM&#1P;!wYRQs5&b&LS4ZEUP||v6UP8lD~Hnv0a)#Y@Y+M
zH8Emq!W2j|a5;f^8@7+eZ}vE*b>KEZp)~9ytQ<P$o7WxIDLLpKQVYf+=|zzABI-Yf
z4>rKa4MNgG-Go|K48*us8%u3GpcAD{M%u^P6<_iEzl7gqy&8%etmVZ$adl2X%VH6&
z!lh_N<sMPrycktm-rC^4;I`>gW;M92caFUMHZ6SxO&M3QyEk1{U<-?_X;BGSMd>|z
z4m@Jn3ZEQ{!HGYn^^c|&wAhTFKv?J{P;9ApTMf8-#SqfQ-k3r^C$XR7#<HK&;Aefg
zeMSm8@&d(_5-Gk%pYXhlOgH7qb3Z6Fe5jjouVp)F!I=T!9egM%Y2xE(88A}*5RJtp
z;|wf%|NS=)B%(%$`uWIHv}sbrOfzVJ1KZ;YapnEbX7^HO=q{o;*uBNn+;V%V$w2Mh
zZeYJv?e`{nJ$o;&^bQP07t&W~$eFzW<H%+%m*QmN>UXO3Z}p~)5G%#KM54kyBK4)7
zoeVhDIz`jaWv%5y$4va<5ANDhh5z&1+l|<t#x&Y*%+IY>=e&VT>P?L&y+`GIu77gn
z7bVGaPuYXh41SxZK7Se}Oeog#0n8QT2i<Ig<MyGrgOQ)3gR%uBfT=d}p`m*sJ!_$?
zBO>5-n1*n%5UiU4?+g5~=`9kH!%s~_3o}1HlfZ{z9ss)tP#6!W36BQAN&;LP2jCv3
z!~{i&hT{x8ij#J$<1PZTadMJfIa32)iQwCkz~^b;a}k^lKNjl4hWGQeX=K81@>PS|
zo1&AJv@@TgYD092zIeTZDf$&n(NCG5<*t8uer~>{gZc5^(!u-;xaFtK&wKXM&d*c!
z)6UOq`;X2~ty7zyrQL|L;hxWV>gN{%ds{Mb@;!Imb=%#3U`4(8B_+25r-MiE%gVb{
zuHuHS1}&EXJ0heR);B5HH21Ggr6UIdOS+6DmFQ8e3_Etj-<29tQH+<-^LQSnv#O=(
z(bkSp`%-Hs-*fjY|HRwx!uFLkxNS40Q!7`b$69GK8uZH<<#yD?mUhyrS!BoaBy~eS
zCpyJv`iBBX#|o*67vrkH-F#>S9)iWHDq;`O2?0MV@pGv$+QQN5gZ-RzZKV{r`B19!
z*0?%p=Ky5@X@~F8Z}rCWoHRPrW<=69ePPz#WPGuTHKP)^DRIq5?bRu4#OQ1cDqN^l
zNT+*Bw@B_(L!>8qq_I~)tt!chH|<4Qg~hDGW;WzD48UCWG3$_jJRX`%qSL=}drJzN
zyct?W=2XVe@l|v%>2~rBZszR*#Y(kemQ?n>Qe*T5#-*m{Ncq&UHm3o`{`R|Q`e+A|
zt0?Rex6<P05Y=jJpw;uCWOR6Q;z~Tj-nBSk%BtDJMs3Pk+Dw_KuIL+AU5hzZ-8<TB
zRcnKbztuO-VY9VR8xG7x6rHVw+Tbo`gIko!W-Ev6aJo!_F;SqZXV^TA&xy`cwN_uT
zHg45gRgJ8wNvYKOh1xu|#O7&@HsI4z**tC6Dk|0H>6!NDN!5y#Y41~w(H9t(rbUOR
zP<^8h4o~Jxn5$X0-+vp8Qd8%+L608*H1C<Z^Gd;BQga*$Y7TsH!k4J7^D;FuZB8*$
zZr))(8?R+Q7qd=RW1Fz{M)rFR4gyndP^?p#EBpTqjH9I>rU1c!>nuv~<Lm|M?%s^t
zZ^Ld(yY>G2sT;1iZkSDR-7rME@r`gM-LROb-IH!&?Y6O>J+xjqOw{ZglhzF<`|UQx
zcf(0#uDs<f=tfI_>c$M}1{dvyp!V&J{BQb1?7?j_p#^>UCAZ)0zisB-w@#08>-#&!
zdQ}?VE8LD@z3O~My((kfxbYU&jfL!ISkp_NVZC_y|M2!D;87Jzqi3>^uuedh$Yzuv
zL0Q5Q5(H$B023HAC~8oyBtjs_79oKkTaciPLlhMi75%-65*4qgsDKMWAi*6G6~(K#
zAUy^M$|~EuuBChW%nV-c```EYKFxGj^*L3&ovP}pYQ<FrmDk$1svxeGtdU$@MqKSh
zuHrOTZjsd*c7j%U({XghPR`FmK0b^M@*zw<4r@O8yNQoP<|9M#kz(?3m<Ycnj|jJ7
zv3TSkRE&>Bx}}&xd?ZpiDc0m85!<9yzAX8;B^mk1282y@H6KI7!d5Ukd1J@s&zLa{
zMh9*rpbtw^gO{9GgBPKBnK7gnelZJ~mlVZIqRC4x5ntzaBEFD{-{exUglI2Syey&e
zG8->Th?k=;NnY-6hrCoG0vr-;cpdl7xydC`<CJQ``b8c~6pZL1g>-N$e;>9Bd;Wsb
zcYC_v(M74(RF%=sp}w-7sraQrdCG}CD?@$n_JlwhlF8Cidm&nU5UqIN(DI%=-3zN=
z2fIe@eLXGwX4Og&4IT}p0JPcd2)0SdT2!^nxp*cR<6a|K?X{6%vf2wMtF0IrCaY~m
zS#80{a9M451X&GziM@wJyc}r%bz#EToecK3l;Ck;;M3;_{1Jc;q5EMbZP~&y`pV*c
z{IFRW$CW3|%0^siIgH9?Tp4dxw&u#UX7hH@LD@m<%K$x(zOx#m4L4hFHcO5sHSrB@
zk?070rjqnj<rQ4H%&hDdjUTc~G&+n134c3SD}47nLs)yWyzk>rpX)G$&(#aw&LNxa
zz-H~U_zaiO*Pj<1R6l;pj@S!-%kJ0<e+$SP8O)s$yq$|Du-1bbEyUpWS&9m@+!6ke
zGxlfMmM`FNS6d*LSGn3-{$)o4fnaq#tiH_hUvkW>u7lNWE&niEHHtZ|i!J{WTXhUp
zx3>IGACHK=A#(K}w(3}{Ze#halMyLdYpZr*bqC8o?Ju)B4y!M*{7I+G>bh8cspbFb
z6eRiYSCd@;-2~nfdR_XjcHj#CoM3}&umJ>ngJ5nOER$f55p0+ZHiTev2zIRvHk4pv
z2sXk78&0r+1RH6CWfQCe!EUy}ZXj5Ff{n4kZY5albqJeagN-HFmjt`R1{+VXw+S}I
z2Ae2L_KoQ2)3gx{Xf8LR2TzCYQ_C5A8G!E%1K-EsXaLU(1D7)RS1Bj^XM}-gGI$$+
zCx(G1Gx!Anj|l@$WAMEIzC8?_e;Q83*U^qP7I1C|!@14G=?^%bFr4d7lUAJs;A_Ib
zgBa`pa7Gxo!I=PFFZgp)2@b&P$bMXZ(FVLLa6b9~Cd!X%qj?@{L!XWyL3G<GqK0<C
zh*{r&q|%aXtEgk?oLN?JyV5yDR&g8Eq{R!e$q<X1e4d3(d;{iUI8U9rWLrZU+@#73
zFv^v5+oN1c%7-NK#jj){P^LD!zZzW1Fv>-if}rl5A)aeOnr*6k!?daS)5edPnx_=-
zDfyn>C!LGmiGk(^LCzWKD{2?7>;M$8;g!-LOCX@sigqb>wbwKT0CGfQK!T;Tc=V)l
zHp#$)--Os9&wHdg<4R=1tlS(x=v%Z+a=a!Pclc`3+3Fw-u_@1cETu9I_wFC+%aru`
zBtdQg-LgHFh}sd$DxgIwAnDo55iT~r*TZtNj;?JT^ff7?7P3r#L(B=XK9VH?Pafp=
zJc`Ioh{6$(a#Cg=$Of4Jw=|$M3YOVlq^>ixyl)>js=E$;O%n9CL?O}XoOtEcOYrg=
zNjsiFc~6O}?&XLmLwIc=wkBX#y4PPfHUGNt*XB)edj};}4NA&)FFZ><T0c72qa@JD
zK7*rWpCoL$K;0HY%0<EKHrO$!8_S_Ye@yUH$BVsy%v93kKtV=~94dpBtJPfmux^;f
z@@Og^U>=f7VE%JbB>ie|7Z4v1k>|IkynTnH2`H$h6m?ZkK|k1N5<EP;1J1>3P#Src
z^ktMqUu@qC(Q-_*v?$WQvyq2d=s+NPK%nVXCLE=o6thj6D3oc?n1U1}DGCxyw82cl
zNi7X`U<yQ(fmXv7fW1+g0x<h91yG9=tT)?y=|Bo_u^<Kb3(%f1(a?+}DOjQ@cs`jZ
zC^6Cg$rKa@DaZ~|P^c(yn{B*owMo)74?Bp06_$ba1Xm`8z7NQ<G+B*+EVW|{=t2@_
zr4{zRvgBvX%4J+xVOBndAIU8l?%t!5OO#M1r}b&b*klvLw8Yg#!m0;x^&ks=R1He8
z{Lk6zQFa+5WtV@SLD{9N8^6Pk+P=dN(Kq@cf<117JwmV(LlCyo23tX}Jp}t78|+Df
zZ6esSHrUeydyZhw+hG4B*u4a+u)$UlY!bm<w!u~t>^g$2wZYa9tOvo~w835@SPOz}
zw87pY*y+It`@jZ!pI|={>?0ejieOs^_Nfi_A;DG?Y=;f@Ntis;><md2-5SadcKn$z
z*E<F`0dSiz@F)f!X#lcB7<ej!cL6vr4Ez*>-vscoF!1XPeiXpZhk>7G@GJnY2m?QP
zMmY`M1PDvR5FXG7X@F1~hVZOLXbK1qhao(A#t^3t*OxeDVL10P4ld$P0H-(%=Z;gv
z$twW<$Ei^8rwqOyz?EU(RF(^;0l3|1iVe@EE#%`%dcl^Mfm>o{*cDv3`z@gzWA<LR
zcRhWy2ZZT#3%7y?gyEeLL5+$28My2BYyL1xd^R2(HLjc>e}4eKz170E`4n80sZUhr
zbUYiVX^$>;KZ@I$XP^&w)e>15ZK7p1&%m7z>?r=#(Rf9le--~-Nq;qRhlb#=xnI2M
z?~m}gXmG9;PWf*58%H$w$8r6MN~*7|q<RlMuiGB~_9(*miXh$gfG`0cIsZSS^gD5|
zpOezB0WOZ>N9dZH_)+(nj{<A4zboO^wBhH030K_Ej2H%!uz2fU$q=JM|McRQkzVcp
z$zi+<EVus89rj0pIaOHvNHEWevHVCh^vXy6($x0Ih3b+1X(5jS8>V=(DLo2oq9XC$
zv*^ta)>ZK&KF6P|+t&+e54J;5%<aJzDR$pO?ZK)kZl(6smTLcsWp5AmI+4ch!Tu*!
zaC@*MidNXZW(s3tU5gIJ3+i<+s6Bf*6`&WyVJ<)~OL>wCFm~c=E`V?$KI8&UwRdIV
z4F^6PM7^gj%D_{G92S^&vxpDYD^Yq8iTJx&INi%Yuwsd^7iDNi0Pqh|K+G{b_#$E#
ztXQHq7x4V06Blp}c4f-IY9*R51P|3>xqy34JfnfBO4KyT&;b_W2QHxN>ld;B=~kCl
zmhCA{EUPST3i%BdRWF0-vbFu$0AzrxRqB9v=ni@+>H>@JAYbSV;e$s8w;xZdUfM-U
zTvw0QY20tPPHQU7Mf}jS(N@jBpn9cRXYiUn@_9A)(bUKc1k_%Fj9t<M=S~t;*DQgx
zJTr)ckL@EL>(8S~JYY6~KQt!(K~VA!AfSBUr+PBJ#gj2XO=f6S0j+{^T5*h=e>27H
zEqkenDF2M2KSSwHFK&*LYj(0Rxh5wYlWR;e^<t73Bws<(48%s!t1(TM6t-Eyo5jNG
z0s-9>$^0A~nmA?)_H}V8A;_aRn2>>P1Te<V#Uszry`3Jk#+IV~yQpdzxVG(T2jhLH
zxYpklqvWc^2k+3Pxsm_A&VOH$e<S*9FFcTeTfsM+6`!to_LRc~qC^|GHSMX5K?ez?
zIHJtjaff^J$r$&BPzMRp;m(1B#2ZV%L4u#-TZQc)IcA3te^fbl<0UV09v4DF;ab&3
zyHdTBNbxyv<7q}I``=<>Td8a<eAHuY*vvXuJQ^Kt>5ZxvkYW{$cKcS+sk3hpi{SEu
z`VKJ@$)<_{Mn&x<`uZUH`E05Sw?Yq^x28|&K%sG;TI5F@PnrF=Kf%?m)h7YHCxEI>
z{d`=!5kvj8mUwrTL0U8DIO@PP$rK~HEuq`NEY8S8PJ<8<lUmb)=Z72o5w|5~^{#c6
z!CA?G(!QPG9#(cA@$^1X^!?xZB)$)U!BtTi^jzhbSb-zpd}~OQyL$7o@lRTd`Yx>J
zT)Z6Sp6_9du9Q6dIJ6B7L|Nr}2z}dt=^34a<lKmT`B4l&Yx9`=;~Z3pL-lGp9NfgN
zmUSC|dVeo`9&1Zd1%i$bae;iYc`xqS@{!4Le2OZbx5y0+4pD~>s&*v~xZ#EywXp?#
z!n~g3)GYFTgB}7~Q3@Sxt>^@<Zy2fwLE~O<cf+Ht_~6kNTF+zKx})&7TmF7%2>s5k
z%1q92c*@5?{Pg7HTv;rD1FRm)*u@QY)NS#2khKDbND^L0ISU*Jq$A;Y!msFkz(MpT
zf^3@z?Y}yf&H-)SGM+ME>ME!82sv_cmMq013eHpz`((ldbj?hX>oL%DJ2cKklMy%0
zb-pDDT|!^KDmsvXb%P`pjexkRLO6im%j>?BKa%j}#PfRatgEJaT#^ZNtb#rn79H9z
z2|ikOQ0!9=lTRPePd<J19OS6`LRy#LhWJ<8vw_ekD(B*du;(DI=UaxS*x>gP`3Y#K
zDm#5T5Ip@kpDgVx+XZNPJ^Qzvj(Bdc`E10)hg<Nv-+n)3!0B94a6MfjD?h=?PQl76
z?HU1GzCw!2t#ShR+l8IRb<+q}0Rp5{ht2%oZ^EX&MfcUGZB&fY8}%|UgJ-qapm3nG
z)<}e!%h;j%fqEp)pO_2cyv8Z1N8wQ^Vk$f&nqPoYOW&xo!H-z~+cE4^?EiOv%cNq6
z!$4}uNFPX~niL=?<xTn$C4~_0dV=CDR|Fr2PuQJDPbii3w(k|5ta>rJ4==%%doo#;
zUjk2w@}+eCh?!>DyqwXkl5EP=TgV1CHWAFrr8q&yB_}QegD~V>_4rC$o9bK2;8;i8
za7L~;HYHD-3Z~?0*CkWO<(Ig7?{+Reg2u*5bS8|?@_Et|hJzRIDfg8lTyDpo7<+jN
zzK(8AXE7Z7gvY_BU^1-3L*kcvdRVY&#JM{Pig}caG6&39-b0uT@+Xmy2*Y*ITz$)E
zMXjYzCkc~PWO9PPusD@V8iWJfe>%v7X%9yp25TNXz(Y|Zw20%{MQc8JKubwcv}jDR
zkJ;#-K$c<rz5)qsIZkCuG3H^|)JXSatf(uAfcWS2M8%Z+EboxE?)78y3daCtvLruO
zKROqGik|n?iDZSvTwT6QxL-ci?Yl{U-837!$1hHxT3YKVr!7X@YxO`<3fR(}NZw3D
zv4_YmBr=yN12;QkJ;P*!5r$2=?HwdexX7OS{DU4TuXjVC0<mD!vOVRUN7b7^Mog^L
zPEvTrD%t7EW>hd=k*vMfNk+^SCfZ>(Vv@ra8Zm*?0fCX*6ur2U6_|~_Av-GeHIk64
zNXRzPwzC~ILzD0iCLzT{d!9*13X)(MBqS*kf~Whk(NZD-XB?7%ztF?WM9X6m@Y94O
zeAlQ~$f><VyM;+W4*((orn({lssr|ed)Ww&RB@11%`k^y-Nl+4xh7TDjNzIDT{DrV
zO+181x*^39{O*mR_~Rg7&^KU%9c;6~*2k|vJIjCkbi~8(=gtHI1FDB$eO7fGtcL+r
zLoT=cEzjat<K^yX`@79%`@4ngf)5ZZ&j$Mk!DbL_oDG&su$#M||6I0D_w%32Uef(M
z=duzOO|U{6Y%;<2cSG0=8*CcEJ|@^q8*DnkUM1LU8?2aM4-;&z4OT+1Sp-{PgUun>
ztpvN<2AdydOMM7zeRB8RcS3$t7l)boDi~Y^;3vbt-!OPJfIkWYA7t<n0PhV0!(|Tu
zo(N#)*-&tI1`h>r`!H~O244x_#4vE;SvvG>0O0yz;Q9<ccwB<dg^_md41qrb@E>8|
zwA1wNR{@+7cB1?^gO>q#X&Cq{gYN|JVJIxzy4$Wd!RG<vvkyAJQVeSbYS<LB+kqye
z$+AxV$)P_(xJ|a$K;T~71U5?XW>b<#uzdv=@LTa@Q<9jn#X<+^@Sx8ZJ4k^qK!KFw
zI#R`L4iz{)QvNF2Q+z4Jv@Eemxl2L&3+dyT^08UHe~|jCl&`9H^;ZnwJ6q_-G<1*z
z_WZ8?XnbtAMk?pFcn+PeI|DPl9nXT4CMU$!#h0LBdDOy>WCA=c9(>@ur$oly7<6-|
zAjR`2=XkRD18C+K&psRAEQL}a0i8U_u8)^oWYfnbrdGz=)CE;3_HCck*dE2b`bX5{
z_H~rsNBIh?=q6~8lI6RXWNz?D+C(yUxVkO782y*-4f-!_I*+ameVmX8%60J-kVebY
zLyN)l;2j{T&>-phj;LHVT`KE~jryx(y$Wi?{0njz?s<tM)cG%I(K$(sxS7PzzjpRl
zk&E$S=>sIQ{wga&^7Ab`kb?G<&)}AW(-a*<O5Du}l$+pzA84T5^wm1wK&8rYg@G!Z
zbr#dqxuHw5;SPfqIM;SJhViK?g!=|+5dmVN;{h};j<jP;nc-C0@x6bfYwdVyK6tfH
zojg%%n+I6ibhCCmynG(YU<n@YU#_x)MP1=pjnuRH{Oz-T;b(zTTxh{lN~%~#RAMVV
zja==;!Nc@4`JCIQjhn5XgI^IZ832^Fo<!RE@2x3NtrDLV>LhFgsu4nL%YNj1x`T=z
zXGCdBa1{wF4v6p)tg{M3l9pQhlu|>B51dR7ioWHsz3u~jR(3xkZ1~0^W%k?4y95or
zof1@Hipvs6ZB4MLtzaRcb#N11>~KMLDk+@)7e=ZS$9WEkw1#{3Y(!_gyGX+gbOdGg
zvY;}1X@p1AIT!ZDVimTLm?cNq-<(z0maA#4HCe6Knp+$LMFn@r8vd0kzPN$b-|Ww|
zdWc>6Z6npCpUYpaHyt${SigN$wuN1)#Z;}|a+^maq}xGS*Ixau1@afnaA!>?rX)d3
zVyIi(*+^v)8N!s*ex`SVRMDL)zYA8n#S|ZH58FQLA0Z!KiG#9W=-pwYoYZ*tY_paS
z>YQkEtWE;!6D8q;965<Jf9E_A2#~&59^1b!nV@oD+WpytOpj44-=?^I?hFo_b(Z1L
zxSU`~u>4ZlwMI-mNXyT?F@MU$qA_v_y1m)p79L!Qe{yh0p}V@0GALG}n^pnj&?x~r
zT>#e0++E&qJCen5ROJo5Tx8vK1+6$`5hZh06&bQ%#hsq3S6o1pAHx;5+oBcs%DuGW
z3dwvlnznT@p<NdovqJG+gR=qu*HH$q32NiI`#^Bx8q-B?I7I~$XJ|IRV-sPahl0n7
zr25B^P;dp$sldqOY-ft>cJP2gdAmGz#|kwRa(r@#{339W|Iy?9Q*NH3e+=1p;VGL)
z@%%cloSI`~s<9K4foqiiYWct8E=t+r)+t-u_LMDdPTAscZx+!LD=}ru3b)S(Gd<JS
zbD`$lskYgBYJm4_*k-5X&6uRQ?gZ{K_B2i~DHAEhV=#?Vh8&ldZlE+y2{7iVW*Vm@
zy}MaDV^d*>jWrSXJotrkxkOn(J?!|VMqZ7wZGL|C`+uCDr4Di`+-uPnW3R>bO%I;|
zy31h&dCNj}_Sn0xq7MOSwXp-a$mR{US*}7W7|@zP^@$Fer8nMXd>8irnXaAZ<SZSx
zSj|%WF68no-JC?<1)xwgtw)<np{Q3c(suzrUZJU^+Ck^I^h}adQts|0_T3%)Uy?6i
zzYbME7CeWUw8Y1<%WEEs;P`yvbi{AOduJoMNl&Ct$JTa0%J~i(oDW>g--uLkgM2TB
zi1N0Ly>uvE_0q5LwAHuat$yn<+Uh$MP%fx-$J7R&D=OsgnplZQ6$#?8W3;Cy;(j7`
ze5oi}7H=8%$tTy$<Q+UwOoGM}YHsI>LU9Mc>9qkd9AA4vyg5M;)`y>6Ai6=z&S3J~
za=t~6E$Sk9HT2O49Zxw=yxaQ+?<=x>KN3m4%<}Gni_+jL0wy}jx%7?rqXB*Z7QYRP
z`gmrtBh^{<Ev!;0E<{_-C7){Hi&t0S{{OhT_VBit5wiOy!g+}cG$mIRWayRK{LiNy
zB>KtUFYxai3CwlCm!bf_87LLX)ze~@UOgwoi?z6Vp5Z;d)md6S8MMbw;nlOK4ejw6
z;@diMk0(<bY;nxYbH6EO#!j0$Zer2IY0S)2&CJIvoMwb<Q3)hiKG>ue+V)(y!AYso
z<1Gn|*1~LWu_yj=Sn3;m<uUrLSd}vYo~c>wG}HK;y?-dks%<Ft?fZ{Ik?bJX*$Uq1
zDtMzyf?W#Jr+O&{w2EwNu&EtFLbWLTDi^mC)(-j-ucM>~a*s1)Vj%s_Vq=t|iSz{C
z<2s&JqlA0hFdn6Ux9So+%ubC}P6wCAhVOC3Q{?8A=m<?z`HKh7312xync*@vG^R&y
z{0$yCsWGL8+t;zH6=BzDdoJQ;w2d~S^h?gaFKXOIVYZVSwH*7Z93}r?wMPMC!(-I>
zOApYCBxN6OMR5?iEa?y0qn3<S{m|$SwGqWI`bvrJe+gOKqC4(Hv}$lL+T8X|h))lv
z;}<7wENpuL@!sK}T>IK#CD*P#tmN98v|RfzLo>wV(ImKDswfSJnf%xvZZ{5wGQ=4D
z#2XJ2xd*q9uq%K5EPvYWds}#53GPpyWO=_vs|DR3qjXVDSaSMjt?@xrf3>R>M)s>&
z{(5l3q2xR0(XH3$K`<W6Y2h-%DnU?&#cErl&-IMbYqYw1lx>YphV95$qf4giiC!yO
z)|hK_B|GVkOm4WTIdRaNIdCS#?wQAK{TmDNW{kOgV$lq_Y%kZ$oN)w~D!edtQwlJV
z(g-%1H5~4S^y6OR@#ZEdO%~R^6^!zZ?b$2JT*+xYqav*2RqV<Xwvt!hX-F%*e-Ex?
zU@+04Hlt)>Fy|-D;HAW1iu_rJd98M3KmrEMWEW-<9}_%OAK0*$&YS|NYt=Y~g^VVV
zFdfYdrc!ZT8Wl50>~c9+X}~n#l0i4sXR|m~RcP$8IeuiYl((wsbJbRb$2*gGL+jpx
zwkq_xT5OSt5SL$xrIz1RE5g2Yv)s3qoKL0JewXPsxu`i-cd`5jZPm$G-PiKJLp#(X
zE&onjT5u1r(NLtw@$t_>Z>TEG!Ir?8AO~+@0XSGAf58TF8Rz3&dVp5?(c8$Q6SHT|
zI-quu6fsHuuIT`&H<Pf*elZH0)QZh!lT6(tRb(7c+eDWGYU4@Kc{^J|bD)LdNf&Kd
z2JM?ly5R2iS{RDQHi5kqQvn~Sp^avwei^dyRgHSZ$2BB@jos8g<i62`2k7|sn3Rm<
zu#3Aq)`kSEIe~`10nOxqd+|n=XyxwbbH!-4KsZS51o;)pF-tYwJ&J?R351fm?XhK`
zXJ-ls=wO!|PkH-+hsIkfsHbM|G7|25s8f9%cw{dv-$(C*Z^&XSRWBA6{R3Ym)K~&r
z+<jIeQO>d_;Aopq)jYnE4ELlhnCA#T|BjR6rRwP-V&m~hoa_nP>Qc0JHmo$fNx|9J
z+)lpgVcSlQcMonS?nUn*LC(cj$I%HdhWdJmHs)tE@biP)`yH|5Det$%3r7g=g|O5u
zpfXbc?s9yeGlkyk?1&uzZ$L7t>HV~2!4@y4!SHz6R9w&nYE;~y(q*F)ifl!T2~LKU
zzg3dxbr+gp<i>Eo8ZKeKi_8VlmUbHPKr;9EI&{#TgWgupSrql|rW|RDwj^{rSkq|y
zGB>6r1AnTbky4QEY*{4-VE(W#)n2)1_cn(`>onuGKdfnFTeurw;iiab|CVd(m5_X`
zz>gfM+z>yfH~vVIKn@Or?!b8lOa<BO|4}T?Ef+k%9WiYYITV03`LaAR`(x~!dpJ0V
zLEP#1(0o!03ap~!0aZgFU(t{p-CYYU2uxnUIg6S}>LfUo!NonZ%4b2&q9Ho(4n*O|
zr$FYSIEB@LP8Dj4ANOy?nbvPrv#?<JH!&FAhk$H*;-VWQU^)VBwFSdNFni4{cBySr
zfV}$g0Ot4}xnqtBbF!IY;_L*RTf=bTO`LxL&T+X{2lLTGkLu%*bG2!feTY_8#r&rs
z(wT~AobDPEHcoKm1pD{V_#}mnPx1WV*vziAk4-mYZ007%{q4X!<9~++rhe0~fmx3O
z^XEkX7;YaJxnTNzi+~$#12X{zW@Jdj35(NlBKJGln`6Ryyig<b2ZX#ZgvJ`7Eg(b%
zB8&%x+2No}Jd}nW+_;Ug2dmVN;~YuFm&zp_7j2dFU<XsYjqZ2x%`QoH8h)=fP+Hbn
z_=3of%BmudB~CW#V%0RaH_7~!?rTE#M{yHe`%zikB8an*lzhMVcprGCkxZE7o9j%X
zPmFIZ3;?k}PQR}kR@xDeqRV5PaAlMgU))e`2N^XTl>e`6l0vER7gguhBtRK1>?~3K
zpO{zZ$~e<B=qc}8nzea<3|Zo$*VAPC(c?V_l>a_A8WY@uOVy!3b_Q&_kIsv>HW0;%
z^Na7i-V)~;q8kjx36pOv<<7b=-&%4lys%@7QYnkbuitwoDLy&%LeE7qWTPe6=sYiR
zmQ6fqbNajGB#K@w8~?qf>WjaOec**}<h<MT7X|Vpz~T1DZ}D6kBoMnk+jaaf5JLYt
zNY>Mo4VOxkjTPV^{&dt|0TQ~Jx56tIZaySu*GqNH4C#{(Q9IYhIA}77o4CX;ExY0g
z^2g<LoU(=gzQcdtD2K3?YC^7>6K!$e2G?wzE^8{xn%AM`8LIK$Pk(C~GB`!t@H0tZ
zF7a(qwEi;HOb4tf`XNtQB!X{yv%gi-7wEW>>1n6vS&rg>VHqPC1X_>b*7v??KR>VT
zeU>}wJ^3rLNHuU_B#{c9*85Gvo(3oDQV%&@+TSW}P&&t96%TVS+M0AL3{^p2G(8j^
zU_&=bj~iD*D9RB__B-Cp3?a_2#M}8D${a42w^-M-t5q{lKBOHzq_2Jm-m-x~I{ylL
z$PdEykZDc3S_Ig)SIN7l6KR}(@tu+zj5Xk<8?u4?1yS{jN5E2j`IokEzsn%_{o|)?
z0T=H_5D)EYYdPO?N4cv%po8-J>J?uip;D$6Zvmpuov_xC)#uuTA}MifjlXrkZCjjg
z4YVDsw?ca)BD)gYeFi2tAE{Kh-SjV0ehAGE|2O&K7apLzym%GEIt(Y5N<WF$+Y&&A
z#*3{%%%i|@kPuTj=o~X+gA+2`!k(N#Rp7PgOV9ERPAV<AL2d-?>XE8<@3(CsN(6qc
z#Gln@TKAL}!VPel$&%+Sz_YLEA{EF3?(CJl+Q^~oe0L2EWfFw&eLp)I1?v>JGU8Hq
zc~h6WI_8TwY%%$Zc>86^UnIa)66y*Goue&&d%8W{jXn&ni}%V6iIRjYIu-9M1I=#H
zsd~=EH!%Cqgc2pi-Z*QxrIYpnJEbMFto2~uC#}bs32ygC`wWAfWy!U}pk@cVLqY~%
z_T8>aPka7%N;t5D7o(;YECbo#TMNjd;e7B~?Y!`Jqf0(4`CoKNk(}ZutJ1Bo6Ogi>
z$g%70`sDOg&*t=1kCyiQGi_B?0@y|1?+*UEm;Zv91G5(JU*w6rfkChby#_ZR`FA`2
z-NApAF-7pBK!6xu&6X3eFf;+Hgsiy8L6cJcY|cL=w50=c;6kVsZ+dRI^o9+foYXiI
z=I@qTaCztMexp0@nq_on^YHHUjt=j`Y_V=zy5S3{`ViwU7WKQj9y$2cwK@1fW<q1O
z@9crI{RLsra%krNezv#VcAnY(SbT6!L+T#+@@~R|hG>}6av{u3juP+Ww&4pO#527I
z22UWJkSO2#fvEXi?UW05b?0e>Su#AFbQ!}U@!iIR7OU=piQK+wzvlKgk$o2>6Si~P
z5V;-qpSi^a(rIgYFkHgq_TRBq_#|KaOKeCV1esqDB{q#|gPWD)eN~2?_jAB|tzYrJ
z_{;x-_lnub`|jTi-bc><-}9cj<vhG!9Fg}+xHb_Jo0KHTN!V?tczJ6ZYthMQXIX0m
z!^eS^5NK2Pe=gUHZyeOY$v&l95fz_kd*$pqLh`J{$C7mtxYvnh#w3Cr$mQV_r?95i
z(^sWDc384u3Mr3mogDNY;v;GY*lzdo9<i6|1+`AQdbD9l-mxoP9~pZ%z#O&$=pW8<
zD-L|D4u0~cPMubiSCsGeX18%~9G5?K@)%hK$3U8y>tl!+a@1a#4B6?(-t*OoH0Ajo
z52}yb<1L7<awS+Qw~J(DbGx8P72=n;=yK@HFAj)}$mWNe8DJ!5<8IX%yKBYqFVl5a
z7>~|716F<tp%Be9TZMVkXXK9=2W&wEg=8z}bn$pJ@w1FyX=#39O@0hk$aOyU1*W}%
ziZ^p{twSeRMOG^Lxn_=4$;#um7_3}Ltej+H@z?^7UM*xV{vejj=1~r^7h`1ajlZ7>
zM!dMWfZJUkD1_V!<y>49g>GKiR?!uFpW6k*_k$}+Dqd26(T;N7CxJ~Mg`xnBYYE`R
zHI2!>s^b3+6%C}=zk|WpzrcmuNAS@{>E?X|nREe3Mu>T;>5plc_ZmX$ki_RL3Rg^w
zqHx8eC>5?4N~rDrg#SIgE$#Gj&K9X*gQyrn^=&_-!S#3`ciOeIDXA#6&;H4yzlj^#
zz!ZQ_yf}9Bq)y-XXB2)*8`~Vs8<MQ@HNl$OU`+_NkzlQCuoeV+nqWybSZkJl2-e;P
zyA<br+S^@`>g;@j>K;J#wGi{&UsA27<+=vufhlH+aiv)PpKM9)bcVmjY`z{k)*+kn
z$J9EIq&F;+q*tv_U;FOI$V`(hW^IQUw_{=c@+S$wDQ*IUA5MlM{Hzhu0O89pgw=m3
zgr<P7;;&GIl^WqlwL~ZnLzuwHKkx(gIpEw#Ox6P?i<5&>ubsW&H7EGVH9hQrjtt1I
zX=w)}oCs)ZxEKeoI(J+jC1;C2cgmW1a$x;=xNU9GW0&*UnE=Ld`02{sYVq|v9Z84V
zQPn<UJKC_%*pAlhJEL7BVY^$pGacs&Y^0(#laG5rGn&4WPINeWeXJ~^TVzdpZaRXS
z!skS+Gn=OCrtn1)DLa*^pzTg|9yE&ibcuR9)6tIs$Q!>*`On8lI?<oGrYk<QR{Z=0
z9rO&%JR4-^(=XJcx5!`ms5)CL|L{zp=9-#*H8F74B=-#t>JwiW?lvGRd7+|(*}=2y
zC`n@GcIraVNritb`E>rVs=sAF?}n@rSs;oP!F9R)-Q{BvvV04q>iUBeWPW}J1(~8w
zTqOpqfLlq6TMt;Y2@Pn)O$L<CcUi^t2P|3;BZc+7kcr)NvoXS*d^y2y$sxd7yvMmb
zGr7S4-#wA;o5a&9_*Rr)_B17IEZCyGOiGIKr_LZB8TUr{W9pb0`9&ytsE_k=^{k*5
zr~NQKkv`J7VC^m^8=%LV3Wt0paE`4$)|5~+_QTdu+Rqd6HFL4T(mvsMbWPVxud#(R
z!U4|p#?kfskJAkozLo5|H!``o@-BGl1La-NYV0J;*IYC`Z>;9&x4I-^qlD^J@uHKH
z3yGlzz)~zp!7I!pLk2ID#5VTdOgu&J$KJ-pM2C)vMCmYvPpQq=NXbjm^@eo#`bX(H
zUJ`gIU>T~J@-z5ivleSt<SRdeG2^C9l|te;o1ekub%~t<K7ubGb}A1NJB8uw6cYVy
z+Y<eyRGh}_EOF>qNn~dQvt!0gN_Iw!FxdI!!*m@-3GD1<cADaa+>)KB&1&))z7j#%
zc6L1Ru$y_vC0~g%2Z)EgK^}s>(eg(F(^q0Iu~Bjfv2mD+FScPvPof@nH{=R)JA3JG
z6{j<lT+PWgxN1mTxuTdW$|W~4`69KXI#m)^S?`XSl0W74{OL11-dria(<K#C@@+h>
zi6b5<yXEBM92%!Y;L$!le96w#OKq3zI4=pmWCu7YVNOCW*?H|cgOh>V({-Lo;AA~>
z(uBi>#qFEa_@M4Fqi{0N4)MYhgYG#F=3qT@kWC!iR1?NQC6WBeWvo9@u^}_Gn<(9@
zI1tQ%p!&niLG85$2Mepy^<5Ca0VP`*ncP^7#WU{{2Q&f{^&Bz+IdzDBY%A&K<MKy;
zr&*R79kx<ZDd&GtSJsxOSj=jnJD4aE`M?~F-Zi#_k&=%NCLbHB(sdF^;9~{zk+A7v
z;$!!Fdg1?;hYSBw`EzGph-&*BtF|kc7Z>sJk)L>>y9;oI#G4H9od#pO+3qxm=@#Km
zgL1ml02ngwHjoV6G~8fFY)jYI8URD_F-jZcsTKF0np!j{WAoJ1nvt*BsbS?7TT6B_
zh@I1d*hz>98yddWz}ww+t--0(2-g~v)3pY`iFv(&<YcMG;G`{aQm8m7VNM!xK)dMo
zuHuB&cV407q^*17to*!5W8|8*O}13#sDwF6C5}2WN2TE$@s$R%y4$WaNbDZrN`rE`
z(!d>ZwSnYl<1m9G&(?H(s{wE%n4^YjY$m;<I4YhBVgTG*ldbNpQJl<UMO`o_Da6T`
z{lv-Pa8CGAgW)}Fml`zc9^q1ha=O&O9dfyW<mB*BgOj_rr0aVPq|y^Lh7@%WPd0*v
zvSAFo(#KNY$Uiz;I>p%P@6H5Mj6J~xOfgo@1xztk$_2~<HG>P71!_DOFbmWuF2I*c
zc({O3r~SErQK#LxfG1e(zdI8lXGuTQR8?@gsvXF+8MfLiuC?10uH#y_t@cK)wHbpK
z-^#T)w%R<d&9&7|;MxLP?G&!H1+FZf!L{~$EwiC^;ntkkP*r=}%3+pvc|fb)_Mgt#
zgZm9>x2(xARLABVnE*Ox|0q-E>=P9+KmFii5fi#cACKsfx5ZW+kJU+*zwksv&A8vm
zh~fU?WJK%-ZK>ri#_Dd8z*7+)a?V!W2&*r*{2L-?7?@0Y>g|7G#|*LA2L_VuU@*Zv
zHkg}WR}d^>()dOMyU7N-o?w6efv{U`u$$TbL9kpKY&6?H2$pYy<+1&PU=foO+)c1)
zHrOPBjVD-<4OU37p#%$0GGJHA-}qDI+1dHF)W28#8EPOH%_&Cfi`M{Qcvx`!2#v4|
z5UvSB7_1Sd0YZ8hLLZHAEg*CXLrB#KodMy}FogCRp#dN?4?}3F5o+Fo1OZ_PPL1#p
zAXs4tF&g1TKsXi_=Kt4eg|Gw=eh))9q!A_n!jGr511oOQQC}IG^s!yWCM|XuoAjPt
z#wPvQE@PA4yvx|6*X=Sk>D9Z8P5Oyl#wK09%h;q#cbUGjwIX*j`O0qZVK}}H+Z^<j
z?Z4UXD_bi%bCXBRCW)JazOoI%nw+YnCbyeS_EoAT8RFYYW%KyFQpKij<6qh09sZRg
zUgKZ6Vs)j8NqUNZ6^e%|Rp^1Yk_<4wGbG+wUg;`3SlptlviPF$%ang^(U*pQ?um!d
zKeyXKe-U{d1Krm!-7j@F=<bYk`-c-+@E0^_%nfFn4bE)B2AAswmj@f{-9!c_P$k4b
zvsD$fI(1I9;$P6}C2j>OlxS$ST1Krt)2%)Wwkq00#C_k*XfTEvtkw-y2OA9J1}~cp
zx=@2s-Jmqspb0m)%WQD=eQYpFHyEWF>=!@1Pp;5ex`FnGd0&m?d+(Ex?8b*U-dN?2
zSa^WEypFJaDuL4F@$t;e*Mg@`v!#wyRKUkG1=Gd_k7vjt<4I1;s@_WRQd<)tiB&vF
ze|i5-L&xqUDf)5dJU7dKl!7kx3JSYO1%LjI^gE+UiZB=v=7vYPWicB>z1RUptkGi|
z$bsJ?QE%2La^O#-h%ij4F8k%q{hhfNs&||L=PTe?Wp#*Pz3vta+({J6caVpCytwN<
z>gFa7>cE`|?@{2+=Ut6(m_(8N9(8-X7|d;cSk~YA8~>Ii4S5LUdwV9kef@`*Pe_2%
z*1_xAV666wZ7gdz+*vI}--amW0yMD^Cm=<e$8m69-qzK^ESyjUXB&93Mb4yI?<;50
zEa$7AVRAL>Ak6jAISr0=SJI<=bRy>IT~l<aK7Wy1Ecsma#iA{R5>Q;Lu=RD&S8Pke
z^#lZpPu~VPwsmrrFFi=%&tmYbnDdgyL@fytwW6m<)H){WNKtF&B}mW7&lEjJBGB{1
zRycX;nGE4>7*uI@$%j3jeTGmHsOCTr*zA09Zl4Q%gNo!Z;4LVV_XGm|n_8i|(c5!9
znMP=WL28xvu8pRh6m=##doRySZUmX%Em4a}UDf4?qrp8plX9jNfWf!2<JkZlr>9UV
z&GMcu_vYVX+|dvtUf!&2!(r;t9{DYq(dlepc=^BRlzuXWpcjDIeP~Ar^#U($(Y3Ym
zgWKnX%600H)~#Gk3dF}wx`jaBLZ(%PR-_&wvFIqAy(Nt@afPC~TEW0{O11@9Uh|60
zJ~XaK1z1iGhA6gT>kthKnvBbH@UT6X_KeQors07x4!JkO?fogZX{h{Zu`4>T&4`Ml
zE@zt&@w!)??g~EL<*OkNvsLn)zQ*b9@Hfe3ggZ+)9aoY<&o-mUYyOM#_gh<%`8dbH
zR-`DR0FKa!zu~)Kv8=(f$8i4W(z#eS^XH=C#awig?JHZ^#B%uQIaHs^HnBZ@45fI=
zI<h4x{#G!59h7gx(wDU@=^t642BeGGfW$A#&}`iE4YBb|L^kNIj@ZUb_gX6c%)_*v
z$gNatZ0DzMr}`btMpKiG7v3NXQZ%y>&nB_UH(f+*Y<o$wadxDNL+gO|80s`OiEKZL
zruU_4Zq|QI+|Zq`q1@2jC$a6An<Of(Vs28%?v<+SVHy1N461jrJ#6q*1~<E3Co7WT
zri8g^udGNXUR0BA#@Oi-3ya`3MzA7H$S)c*E`P>Y+oZda`6}Tzr)a+RenothM&yfb
zm5FV|d@ZBm8s=*S(f^F%tAd|iLG^2yuc^HazAWNvui{HEU&+drbjgdhEn?c#d}T|T
zHeT~Hy#?En_>D=Lp9JRTa72C%Ge2zJvtn%g#FGsyLD|L<W9aFLRG-AQv8OW(eo|i}
zi&6~plf$;LcIpJ?x(Yq(-n?F&z)Z=XF(Yq6zCF@&U2|e8N4-`uHNdw3eQ`3tlkRBu
z9+rnPeWq~kUf%i}dNARqxNK`Wn_R%)Ph^)O+46ZysJsl*F382DNZzi^dA#0NuGS=9
ze0|7zznqEO&O|2Yo`3X9>iHcpk$Qdyb@d+{lDU_P4{=ctX@^zMpX8^Xq<V{OdCBQU
z&%gC5_IzqAvyl-?Y+SafF|qO03!06wBZ!SES4vPco!*RC!G_=orCIrSC$Zv+jl_zJ
z?2v;w2~;)}?`2kU$o!bA%#sEC^a83cWL8G?GFYkk7ljKeRw|g4OE)zmR_X;=c_~{>
zqH$xU7Q<<goJ8$|lc*^%Rl%>dG*idFAg0zvWNIyOk=L7J`lz@wogLYT_#KL=-Td_3
zRKJ&*DoZn%YEDcg)M2I)>#(hEQ&VCp?Rm{q&2?%&PPskLu;-t>h`7PFUOKBKZc><=
zq&ktfNy2x<_TYRhsZ>15BbHHz_T4(njhmnDruuBUKP~O8o(4DWS4f>u+$>>kE>Zi|
zgjHGyn4Uj1Ps%oW-wJ+TGMS$x{KmtYpPU`U&$5X8EF%U~ewk;exRnR1g6LkW_*u_S
zUr+Uw%+GH<41P-1&?&g$=Opvfc2fi5=dtG$Kk!A7>RleGcS+;&<WI%WeNBj=ll)4d
z8M^m#V#tb%#E^x_mSeABh7zdwB{P&5M;mUOItq{D&lc6E#t}o!Oomp!Oh@5y%uqob
zG1O*L6Jn_9Sv}nz98S|sj!uf9tL|z{%oOnJ_G)G}en!j`Mr5XtsNdIz55lSVH8Zn>
zh+d|cS;0?VLG{ltGw$vNGvB>L2jPmD-ONmDH9CL&Q;p8l{24|0<Hi*6=*%w64>Ht}
z8QRUS+^re%e@YDPjmXem;$UPZpMg`cnE5+NgoBxz&cNe&|BR>4XFM@9tDC`4U1G=;
z&kVWaiJ?}Cp_EXD*x55l?r}keaubLlH@|X+W+;&v%8rl3P&U3Ub}TcLOT}LY@=-Vu
zUZ@x<;is2SeJL~aLaM<~#*1_mt{7U+47F6d+s)7D>2}>Py}L<aGsw-0PF8jJecLrR
zLq8#IDkE}JN#qY=Zgx=dICHa`sNSo%5&U#P^@o|8-CYfC?x-LYr>;_Q>Jm2>tHtB}
zAI;69LnAJpBaK*}sY|b`)XdELnDv>u5%n2-RcsD3<D%lX%#6D(ZOL_&KEqGXq552k
zJV~o>GV|1G(q|MiE0~!?r3k$Hv}We}te_&0Ulin~FLSek-$!wPQkkhsuHNt$2~B0X
z*Am?hF0Lo~Diz(^`8nIEeh1TiLl=YYeJ_v#Q%@-{^@#2kYK_D^ZTGIoSBrj3L0*vb
z6%AR3sYkC|s|VufhpfZYi>Slk>tdZlScjovDGx+SJ=%KfDIJENo<a4ldc@G(oehSX
z5<`WGp%P}Oxzb^JJQZB@)5aqgsKc0&zvk<k2CT#In=3S5t(mXVh<ue2BadaV4nxHi
zgIR|m`kzsJRj8*^{aWVhrA`K4eV->CM)4(>uV%{3aqCLEnIo@=%^blGXA*NG_<hf4
zZm!+V8calP4iovanH#W7%HkDVjIU2yaDAo0)Mr(K>XYgdH{V}ra5HrkX)yJb22-E7
zX{zMt@+b9j**{pz(LteRa(&iY_+=|JD~qa$mE8J~Sji>Y=QHhvRCIE&gh(z`tSsTD
zFQNKn%t~XEmFJ#ARw@-M+nJS%)WCf3gl%9ZPATMp3A!n~$u5iA`F+bYH*Z$4f)kOO
z9YlUElfRdWjkzd@>cfhgll=6PRBtsPZU$aqaP!r(q~J7A3Qhy!riofUM<3TBXHnjm
zBKhg3<ui72-i#SM=`>$QaR>4w=b!}>B4vK-wo@#8u#M&2w&-MZ@i4M%#`Ax|9jHV_
z(_LLz*oHDVN_{h}?H~&HA&cWim?E6Pv1)%RhFcWWTy68Hx>i$}DajmMJb5x%#|8qG
znITlZ4m_fN0m$jNMn*$nG^n&olU)sH+i$=sZ2^@F8<0x-jOwZi?y3Z}b$+-)TT2Qj
zPb?ZUemZZR6Z5AA(-7@v|3Pf-r6k=n_8Yd6m&)1(5tXL~Bv0^QS5k2s@1)y_$Q=!o
z^2ATyP4#<u?1!WnWB=_lq&#8pRC#RmKyp-pp5E9})@{fGi;nMIG$V?aKO;vKpj(`K
zn~o!)_rxDufY~g5<pL~J@eLPX0}>x`0rpn$9v9#PBGz&NK7`^qF2FZlJjw--UWAtm
zAef1{TmZ3COydFw)#7$8fVv=V<N_!|!p#NH^h6&nfD$XZD1M-Dsp1FDbek%Epb)3{
zfivAxZ!temILHMs>WRHv0DGnQk_%vi6;)hVkN)paFx^R%S$j_%D}qzYPqKE=+30Z3
zm|qcHxiK4n{R~(U3izD?&x8UFGN2+9aF_vM!I4K8us#%UoB@@gfWH{9Jrr<;0Xsqg
z0S4?21w<J+hirgY28d8VJOd7g0_rp1WGJ8!1FX=)hsF$u4+S)3Ktd>>1p^X80WBGj
z6bfj=fRs=`5(8300qq!&5em4R0j^L$$2cp3V^!BUyfy_>#nN@J7;ooWLIaKAU=-0E
zAskGKVGa(rqI^Z<(g0ysaMqQzXlueCh_~9N;;mpk*yF9TAl_<g;_%*wid+Lr`*y{6
ztC(biMz|mD;NRR22Pa!EEKj#;*6C|$;Ie8*Sg_R}6=|3(1X-nIA&7i|$wIK%1ttrj
zGf#d?#eeaZwg1Ii;DothXs+E~J|P#RSepwHnAjHet0vfN8>~3iij=u>+piHF$nM`~
zR_m~>!M~Z+7h(04mjCQ;5go|h-yhL|Y?g@V50~bT_{uG|>c&{zQ9k5%v$`2pca{&S
zF{_(mbtlVzpe7<E&mS<WQ6O+7TmCTz&FUsteTC(3b|@nD=aH+uwGk<C9gg_y<A)=5
z>??mneD;VxBldTbBN4NZet0Be56(Lp5xeKHh|fNDEFvXQC(s%2#*fHLGTP=PiT8Z<
z>rJps8_Y$pHU!JE!3Gh`L9lCWu%QIo_aVY=u)(e)*oOqmvB5?X>=lCj!v-5gum=ft
zyA5_5!HNks!3G;kuu%k?Y=adLtRKPdw85qj>{5cww85qmES6w%Y_M4b^KVC3sSP%l
zV4o6fu?@D6V6PGEJ{#;Ff;~d82W&7O!DbU|xed0AVE-W4<2KkM1RFrGr){t&2-cop
z&)H!AL$JC8tFXaV5$s?!!d|h#UL@ET1bf{E`xn99B-q<F*c$|UoM7+TVCxAsk6@c^
zu=k=vojKe5NFIhMBKH1t%irk7P#44w8sXP+xJK#6h?{Quk<fNk$5gvD(C+Q9P}X-e
zf)5bZgdx145$*tlRbdD(YlJL7SQ&=!oJL3igymrfPillXKv)`v@UTYsZK*^k3q$Z}
zgl&K@Hw<BsMpy+1MPUeYG{Pc4m>h;MLnGV{2;;&KCTWBLfG|1?VXQ_-0)&xa2)Am4
zfKMWL!VqrI2tNQqW*EXSjqn~I^bJE8s1a5ILeDUSJ{n;TAan{t=%EpA0fgi*gex^d
zZ$M}rhR{wUBmzRyFoaeb;lzCsp+OkJMH=C2K!^!LsIL*;1cWn3LlL4i!g4@38isKC
zs6v<l2nWIt4r_$#0pX{kbV<xH*QtR24Jn-Y|AoFb)#4Wy<q_NC;yhxkGJjlQsLbzI
z7%KB?6^6>Zs=`p2AFD7_=KCrPm3dx;p)wa%7%KDF3PWYSslrg1vnmXgxo?G`GIy;o
zROZVn43)WAg`qOXR~Rbu>D7kHd}y_yGXJ#NP?>kFHdN;7)rQKvakZf`zp~m;nV(s0
zsLT(qHdN+&WTD$0aD1)?3&w=y<f{649r8S_2B*mDWhGsCjy|XZK?R7Fus7K8th=m`
zdbClOBib$}Z|7?8cE(3HSPq_(wW7#;^ofVnqe0ge;$e<ahr%8%fDA7_;{ql*-pmEc
zZ@>k-?PoO?Kt~o&Z~^pUQO*U>g+(bBK>rmpxBxn@7%vN@N01^=b;V5#1oc*AaRD93
z`*H!)SkaXWpt_37xPaH_Hsb=OYL4duM(dw`$cU;x#05}4#ZO!Sl~e5E0;rjy`XS}%
z{T}`z7d}t#!+39eai_A%;uNL+h2&pT@%GD~KSTG`;WUPaJ|t*DfKR13mK<#<uT7ob
z1avISZvwutzvN?%zBe5H5$Ljvqub>n8r?@@jM2ULAsAi%6@(^#bq+Q-`ye&QHyelt
zu|XZ(pl-0iC)}W?+2Czz@bg*KVBcBY;7M)}Z8o@v8oaL?Yz{WKgB$FOrkh1>A>9Ab
zxX%W0uV&mAqK$`lqy}?zgZaS*4Y@(F+2G_dY;dz~a7(bk_sgh3rrDsH8uZW&dIcN2
z%ndFw8$3!4oVr1iV1v83!Ou}fgM4aGa|Y46?ZHbSxj_~;c+G6kQ&vi}k931igAEe7
zL8;jwni{;I8@w27u>S#SaGlv;=L6W_ZrxyUu)$m0psm^9pVZ(s-5@X6U@<p1=r9@-
zQiH2>gMPsVBe}u5W`q9Jpt){vvHsOM*z{s<y3lMILrssJRt-*`)(yn{)F9hz@a6s3
z;0xVgSFpj`+~5+k!L!uh72RNMu)#gt;E-iBxRV-qb%UkB1~+np_sj+^YLKrR6wog~
zOunB26PBt5`dd@)ezkd7Af(TwHvS@Ri|);JemN7sPex69faRYiso=*9k^#QS(78<u
z#CJa%AF|G};P1tc?4syDAs#75QfHqE1Wa1qZ$sN0?reGcXlJXNr?Zb@eHPdMk*n*m
z@j`Blj`8c35Yi_>B&=V__3LsY+!wh5^M`!n_8!afo~7erFg1by+X6cCsB*QOFuvNA
zSQxysYdxM3<Gqq|@hWlfQ(t_hwYq|fvtrrZuM^1<369uCqAW_*;9Y6DR_jy<aAcCm
z?!?U%UHuk7>`<YmYk2VNIvoQT*0B|KE}Z-v5@&yJO_l5fj6gag8chd9N#qtx85X=N
zO)qGj%K%7O!lX1)`6OPSPo%gv6i%9O)m6i1On_7nnw(7yh@1o_C!2e!)ghv22~(87
z6lDWNcvJW?qF}9}$Z%-Zxe0)xlT1-lm3$;=zD_>UMUsQVHla(<feg>bisRjjs^Zb_
z%5b};sr>50h6|`gp173mz`N4)MAoSVfQ$n6!qo?*kIz#bgNKPz^QLf)jG%8G9fPi8
z8~a>Hz<NlG@Keteuw!mK_lz5Q#*N3kM8YyflHo+GlLO!_Bur8hMN%C*Nky{@!$=y*
zBw0+7i^pry0itR*Q)Mw#E==Kv$F)R-rF>-#S706J4^+9?SGKXf|7xx}SR7wGdGZ+S
zsBAk`U)8gZnVX$kQ}vjge$W`RY<hK}BBjJ|<5dy*nCpf~Nl+e$`{t+)no(SsKV9|`
zbP#4p2(GX(^{9*JEM;zT26xeVs}0t#SDv?)#R24AxKY$g{=zy7fOn<ovuniLL$C)s
zt=`D=9C1#I-L>3f9dRyjN#ds8kUx2R_Qa`@xS-qWk9CPGx+a3|o^ku;C3w8&#PI9j
zjN0wp4OyV3DtX%NQ+H0C5>IBg2_7k7^2()r$qOHiRF~nY2Ss<pK749~70g%z*Pnq$
z8Wxr#p7`kU9u!m$x04kpPfh5GRJ@<Cica*jyF(S<^;1PBWEO>oIH(_n-v#}E0Xy&V
zc^}N%#6Ft)lYH*H7lCvSp}4%zm=r0odOP-%=VAn10m$s&{p@^;?!{cPlzfrB`aYaJ
z_l?&|g2#J2&~&>#a%4|sk9QT8oo^8bOUQE>_=E8*B`wD)8s$u&lShb&LYHQBt_ZFg
zu{vA|4<~ghOiPaWG&*LKgD*Rr-&kqsS2)HyYb%coa4r~RWmOMCGukHb(icOXPs6^T
z@7o~xqRsAwn*o&N9iD&+9FFh@qVr|ZfDw-x5NNz-R`Ayxl-yb_z^W5Ja{)F2@f8<f
zuM*q202``!hYPU3i+^zeK0o50T!43r<tylrn1;<bpz9x}R`#7MC})E`J3}7{my=md
z;i8Kpo`-%FZ$&;2O^j1()2wZKzEjdm&vzb~9H+KHv-XPf9jbPYQ+v5t+v9vkt-a27
z+Sxl!eJ#WKEYivBHF4^5Z`QiccV0Uz;*seHuC?cvxS21fap|4-pOvj~hNkcrq5$rK
zD0IFRU;5WMkGE6uf*#IGU{YJ-oijfi?;N*%yz`q61DlUH-~G^2o-C(e)2!j;eZO(O
z)ga#E-CO!sVD3(kT(`<!&a!^648gw?Uq|;(p|=XYjG}UC62?p2`ll@KCw*m$`fwua
zYmw!fg~{GiJYK)JTB^cX<+Bnf6^IhmC~~k?to2d;T($jOh?M5`^-YF2#-mbB073WN
zN5T`06knIMs5%idojbAuTl=1)JMA!DST5gbG08@cYz|b)9;wVKZx91nfT2fZ%a|DC
zYVHny+W?+4)x0_(^wOIrLN2|z4}^-jGa;*?tcAfS!K-#2ft}ws4#sD4a-qr*x&_Xx
zRgcy*4a*N&TjUDK4{DrO@A;eaYUrKg#dKZ`JF<^bnTH%!XWo~_zEQleA)FPBEmwWs
zn)h-bm!{K#-ip5S&8MC?pWNk>zp`jT9fk?@1;%mXgzAkG=v|ypD4p;GvrQ<coKJsb
zc|U{sMB><uB#uzn^<Uy3=$7Th36!VRm{3VzzZ>KIznxHr#B*(<(VJ<~!!)6i%n5ZZ
zWCE1aVz8V~Rblg~PQ>X{2a`%ehroQQgIopY)03}+&8H_r=93R%qdOJJkz5FwaZAt-
zVg*hnxO7v_sKRg$2%JsL|DXFm%=l09>FB+fX?8{IdG3irk=fPC@^`bHA?xbbZPhv}
z%@wvYWS!dP`N${E7e_u?ek5{r(_;}2=kGff@r1vgEo~0YAlJo~|BvH1oS(dm2X?<Z
z%mcgM9C(<wmSBI{V222{oM5MHu;T<PAy~XE1yD>B!bTJ9A{)#}Fc-nv+F&gSmQ1jY
zHduRt#S^Tj4VFr<123H?9g&3XAlOhFY%syr5$r}AYy`np5G>aQ8%?me1e;`oO(0k<
z!DiZE(+QSIu!T0*Jc6YVY^e>lgkTK__LvR!Fu@MLh_GjEu&1L!4`bgxPU&vZ%3Ul4
zV*m5U!%js_oDqQY&oG?NFiGwaCFhGPK(_Y&;D0L&bECqPa=(aXwD6a%G10!CMre<P
zp*?M)y~$|aFtl<L?S4ip2}4_8qD^45JHpVWnrJRY8x@9@YocAuXv4zLt~b&CoJwf@
z!q5hoXdg3Lr!cf0CfX`SYa51knTa-!(He%KH8s(0VzfZm5oEN9)|Jr?g`xd<%s`80
zw10=8O+2dS66%USOd-q>M=|Tl8xH@=AhqGIf6*_<gW!)w)uqaR8cjCU;-=(NjDI^}
zb=%`#sDG8|UrY6`2l#37t6X<B+9Ky^SZRb`iz58GC-{tQCHRaY4Vx9=*If~Q@mndO
z$$}Cx(zfvQN4A_E%=44wo5vX<x-6vJAE=t;`3%);q|Z>zhWHHC>?)t3nsxRWs#%iH
zP|Ys#8LC+wpP`!lbsrT_lm31dFiHac-uozLORA`vMR}zg>Jz$kv-F7_9@4Fvm5yQ+
zD&Lq!>7iN1vEAZX#z9-jER|qs>MY|lFK?F0wsi9><6Lj(EaO<N-z=4fsmCnixbN~=
zDk)RzS;oPibCxoF$Ien2d`{1#Y)ruV@ZS6J1kbtn3CqH}+#&IQ$obvYWiSDDc_Cl+
znc`ZwfvZaQ-FvdSCc&(EawfegsitF17ZdPM7-}J-rik$~A-Oise(L<OQ^1g2D|~fG
z(fB1R{Qgz4(c%58z7C%91qm2L9nFbt&WZljJcH2o^BW|#IUwK?wdH(^(Nc12K5t?h
zlw0wZ#F2;KCJ@RRjfrh6=)MC*DIw>b&{q{p&IDw?6-sz<t!gxU@vm?_;C?Z5KFx8Q
zuLlc3+U*e}@|3tEm2=xfpit$u3DWiML7<CULv9<S>qJo!-_HkU0f|TtT)21w=y{jv
z;X5QZ&V#Hh(JE7ov+M^l=KTM-bdS1N`O*FtZ&~|ayhVz|Fi}iDTJMjbE2b`ixeyIj
zx)PsjE?(9b4XPs_kGm&TW&p5YP`6*RC?k1R`JhCoO291MkUvPu<Rxxjfr~AxV9l!|
z?inv<_6ABmJ5`%jr{sHj3+LiC=&f6c&xs%E%WNNy7t)X^lJb3U-rwpn^r|3hX>4vi
zx-yFrh|C2IX&vF0FDLJd{!Mzw0k5Gu86hYJGi73?EDu}|iaMKz6gQWd<plznsa(jX
z4v=$&uDSx7Pc>xClK+6(1iYJ#uawIXljfvb!@a*{mG|ugXt_A)$|ongK&iVr<`V5C
zfz)Dtm)}Lzo^t`VibIFRiW~FO<(FWad;N9LXV>OU$?^_L98fhVDL<?CznzO6F?hL0
zB4)CXM5IY(Bn{IAU2zE7fQb5x^yU=RmAj*;D<SDKbS2z@NNG7@`@eCm6-*^F7fe0t
z2w!$3-j#SXp$DekA>$5rVJaVadFb3LmDE|f6C8rtsGQ5{EqI?>oB<8Ej1kku1*ZiX
zwIK!C)N%PG?%undi+e@Wycp{9q$Rkooapj6j=47<jGlNF_9YBJWJ?p?4xNEPd)T3e
zL~Lz$O7~HQ>BWI^yx*>z($iAP4+z7G6IYa`2X9UCQg-z!%7vsJPFL3`&Ap0pnDg~C
zuOQl7uu#)&MxOH6$_^e&T>nI8*ftO~%lq%)-lOjFHqXx(Pw}a;wy3Lm5?U(R80YC-
z>s<Uku<oPmi6jXm&!${a+fB49qsaP9*_=)Q1wehE=@w=HO{^=-CQYMoGsCe!0+u<L
zfKn4}6cbRO33#rA2*@$fes&N6*+BwQH38X*fE2UI#||VQNfVHy2uLu|jz$pyXpuz%
zE@J|etryWAX9D(GngH1Gi2$e!m_a<)<Zg#y0mho84#U8SHIH&limrKvYf^R1OAf=f
ziZ$yTG!^(B;5%p0hYc3FShdhF;~@64+&*5{tZ|@xk>Tk*F1f(D__b4kfPc|n5sd<$
zNZ0_j`DaxRLL-9Q9xk=~`yyW*^9E(BUH2q82ix@ff02H_f?#jjV6PEuF2UB@VCx8$
zOR#rru(t`8NwD{Au#E&uA=qXc>^*`tAlOzLtdd}dpFmi(4Yq|~y9oA?4OT_4^#uFW
z2K$g;D+#v42K$6yr3CxZ2K$^~;|TV(4YreDZi0PlgMCG?P6Yej2HQ=r1cLo&gY9vI
z>i5xS0+>PXiCnl7J1pC43kJ^taJ`60aREFUz`eu3w=lS0Zp56sUIw=X@Z2!)Qw$D_
zk>F)v;AITn3*bdz;6)7H4B(kz;F%157Qhq3z!Mp~2*9Jmz@r&F4#3xifhRF|5P)wB
z1K-Br%K<zh44id}z;OWXdn(MuoWbHY34S^Z-0(DkKLoJFE;o~#k;~0E`PYA+Me6U(
zTzOqHeGL)%T~0d{74+3?@`2oOyg!PK{V=blu0OSz>YokPW8?1J80GN%d_tNRM8f*v
zT%S+%{%g^)y@j%JuAK;MQ%y}nuFesUPfRzr#apJQS=|nL__h8u$kP^8?sm|>jB4bs
zd(^L*V)`?V{tRQ1@Din=bJ?pF^})G84M(KTrF_CoO!WE_gPDB;1xgD%RzO-HeJeo)
z`-Net;@bkHo_1Y*E}(bxopVSVP7>=2R9@156|g%fe2#jb<kY_C52`Oa4D|=CUIto6
z*&NU(Pmn(-I{02+$zGpO7*t99ey|T&3U0jU6xsX3?(-es{bYdmn=J2fDe!xIUERJ1
zNDa6b^`_pNiyLM6ZcHk@3pAU%<d6<>oN@ae#S@o~+ufT*RHkFEyU(NW?R*cWr*n{S
zFRDraTRzGjkRNnCabALA)OVudJJ1_Og51wyRL33e%_n2r8<Ya+cD}kDJ5$bY(9)Xk
z1uYG(N0NFDw2)G5QA_a8!u(2ifqu5FP*#F|HW`i@4uW!4E7}y&Hx)<`mA3;O;5AXl
zqWpKakVA=7E?VaoRl5?WjUOL$-*^n=UyppLdHw8YxQBRha!w}XBRwQO`L(;s6Xyo$
zI$K}**?{xJohnWb%7vv?(1AfE)~KRzVv8jZoL3~YfMWwYoD_{xzAtba57NmgukwSp
zy_|87AdRizlrq!1ABgPmABnutB=Rs3li*+?joXs6ybeT?Xa~vcI7!0iIf_W6Fu#a%
zjLaySK5^=VG1F}62gW;sQa_%6fz9ENnDfhjqV>fhgVtQ4tyIx!T!o~iaw%b7-iA^V
zmyi&iP2!*U;eHC{$H@L}CG4UP3n;mS=d5U1LXw#MID3<Y7euC7MK{5H_Zb&@-@WU<
z(7HpeJsj{ZtS|rkGp4{+2L-mamjC**5e2`4XCsCsE;@(e-B%C7Dc<?c&YTal3{bR(
zTa3$rH1q-b$izA6dlG1LN~MIy9;}^d^x)4kRS)i#zus`v%mj<<V#}~+zB(4}_zTvg
zit=~Ppc8jmdVf_}BDNoi3NGT)w-Lrg3WMu^;ri3P`jgQ$AhO3QTV#^Rl)q~lG9X<8
zQpA;G)t-K-{8hH6INe=7I=Litzim1b{O^A(uB~aI={kJ7YWmylYV-eOBau<mD}w*%
zZZu0D2j@|hUpgQ2OaC^C@=FhF4n7F~z|}=|xB!6PeuJYzaFYK3R<3bhksS`Jd`rpH
zMpiEOdiyr|E?#%UJLxCi!A`o4+fgo@tlmEu_O25mr5N_pszQu6P{_j<ABQdVg!t$V
z!~QnqAMm)o$yvT)OHl|3ruVfbBisd%mx1J+!~ECZkvYyz-jBij*Dw}KipU;^<Dsy%
zJ?;ugA6mqHL)akq8R~|V9ywcO*=jdZXWF^t;$W67BW0L_b5<fP_D=xcKj$n>!=VBy
zhkFlryeU~=B`pkQ-o<4e8&{VTS5a|AEGMqwJ<3vvt9TFFZkgU~X;1tzG?=WU(`ZUu
zrS{->-h)%rH*MGr!Ef65+47q<Gk^NTpigU4n1Kf|XO)BA1`evkj%xwj3YKIt!1v~T
z9Uo=-x~=A-aa|r}c+TKQW>CG$K@5ER^Uz?1=SjCxqAJBeiT;T2m+rpn)kg$<PsfbY
zmrohF5Fh5`jwSrY6wSn(`C&}(ZF!rSYP$S5b~+c0OY)G33Vvh-)vskHnwm_!a7(&&
z#E@T?^cIvd24)I<U^++9aLrpn9~eBn+HogGdO=~!oxwFN-nx^%G4_jkwl#s>fKD#l
zzMjcq!QIi8|Axl0LHncNJ2g2u0Sx|SmEcAN%a^@Qa6WKuygnoJJbyn?=f=Yv#yYX&
zMdz95E76;o`nBD>;9O^eUVLbtX`0?0<88BjV_c-!zUq9lea&7y+xLsBN13xdwn?JV
z&rrAF3J3LbvwJ)1{YMlO!X~2DJ3D*#$kxu@aG9Z87$8XLJ}7Q%_5t0VS^f`P?0h@p
zWpgjI15U=-I>7t49e_^JVZHFek47(K<eYEK#}aQhU#FrET7#267)Ui^Z*Uq%XasIJ
zE_CnL!|IvC*R?s$%N6edKgZejfJJeU_5fP@@QRQ<;Hw|>^7&CrxcPj00LKd4bFJC~
zrsv;TJaIbSpBWS#k2`~_U-Oipc`CV!FKjzMPrM}@O0aDS)8Zm+3A7c!D?+vehso2!
zH`%s?Cz^+D2}^hfzoRU;CAhsHJ*=M++!vsxM7%J?*c=|8LYsq`1_@-&1n1%y=m>BC
zldEq32n!AQ-HvzLDPrLza5O^++<mSXv`WK=5Kd`2%Zbx%4_pS4?J4i<`p0;5nr>Lr
zav6Md(U2e5;_gF9;GJdXV#wl(mqPkn8SY6RV=M^W0=bk<2+DiLdwj{sK{-W=jUWQR
zz9a_qi6sv<e8L6E1?YnL8wdr7JL&AuE);z4EbHJ1(~k#88N0wLYB!)tc9`5fl`m`W
z+TuA`L8C(K?P&;1RluHEvIFAL=Tg2lFd#5;n+4BE321jSiPa8{CFQG&SNNZ^(D?T7
zJs?4+1tsX7vT{CF_77HGEh{Ht<)C0?W=JSLoSb>jiBlda6i*G<tvw6w0nm>CnjHu=
z1SNCJN&vTz1@k<W`%NF8*3X0MIE-=fnd9_S`UT2uB$>kK+_mF8qjRwwon;p|9>uwT
zJ02%4cs!yPM;MPoWf8{X+p-H8kK^KwVdoi-<Kntue={D(Me4A>9S`U%SV1%{GsdK0
zkK<bM&8?qADz0xWjElSX3Fl%+|9L#Kz9YW4o_kSsMolv47l4`qeOO1<<<=xXIYIs`
zVR@dM$ghlZZx+!LE1&aq+2~&3DNioV+Wcz_zQGgy3?7I3S|<ku_}{=xv+z)q9Fx9M
zPl=OCM<Cm!ccc!rQD~uai#El9Kv`u`Gq<lnGSnpCbdnp;@|ywyIrQ1AALm@Cew=&3
zXWw#vkXw@n?4CY|6}i9{WXMJ>u+e#5;w(FP3e;TH#_xwBTwvn^c?<FpH=%LFk)hr9
z<)6&m_ul!PE%16?R5I6^-yYjSJZW={KG%kxGrzN?kUW=z%=exa`IeSM<D-IUB(LfZ
z_moGGpMh$&ufKkFlI_`N<^`X9c)UhBz1Kwg#z1N{MI(J}Lwemn8b3!Py=FryH;{gM
zMI$Y>Ar%-%Yu0L{2{xpG^E#s%2l{W^@2yci{t&<SJ^7v+&Utyu;B@pTcCqDYT>kjH
z;>mP3I%l997n0pJo(y|Qq_yIQ=4Uzt|8yH2g5wcCtp#ut@Zl~rmtp{(3CeL8(O`;h
zN=zf$9gCjp2Z1z`1EMETCM7hWF&HMsNu$AzttiTt6m|PhTn*%KXdk?48L#MUASPQ0
zXDogphADOhMXcCo8yVsVh%6ia<sfB$&z#OdU#TwnhTL&!KFJ;S*pclV3=)=QaXW{7
z*so0ejBAr@wY%biQ}@0%^$f`W!JGjDBxP!}vp2P-zMPz?)ful7)tO}ZbGp-Zbq09;
zyPS)o>KHP;ca4!^^rpg~EHAb8$YT6I>)FKk?td%BuL+glfBn*s;AeW$ZBrvf<w|{O
z;Du!V&yEes@OT5d7In*~5hDqXNQ|)LUQy2`x%aLYF1Z6E8T|AR$-R}y$ScEwk~>N4
zoVa+`HF{jS92yp$xOkPiTbW;CX%;@3N-UH{WPt_sef4dE`rvxuf;zBJ!A}nn)N^(k
zEc`w+D5&EN%dC7j)h#l0gRG=CR2P7ZpEz}5(Zp#}ZMVq$7EMeEel2)S0xRH~0h!D3
ziYuVEP6JLMje>IQH_VN3lf6TSZ+porrHXIClH@=Bg+cz6M1FP@lb;i%b{n2jLkFlS
zRWv<s?4<nZW7L$&9~(@)d<~PH!>@!WX&R5KrqFogMnxJAzS;gO=Ae*@H*wLp(B7eg
zz+vT4{W4}~`woMlTe8x1xVGE_M15nY0{wQw(-!Si-Da_|9!}HBa@o`j+tw^Dpq1s0
zT*J!pk6dFz%g#MdqFE0)xquy#ed*AB>;ir1+}P}bJ@&GLZ^`*D-je%Yyd{FiUU{>Z
zZuVH>?DQ^jPnDk;w~*to>1L0%nt++c67Nhp8SJmrvMxsIOPzC3{2uWD;`zwAB5yi?
zCk>Nkqm#lp%XCsWWtq7(b#zRTEi+^+R=2VIy=o(d*c_?F7u2H{d}VvV7q%C)#wI;2
z|Ng%sCS`p5RK$djgKQo$I`3xmnTQWrO^!2jN|2m5he=MfBP;{n0hLZGx<6#VvnAHl
z$uGwou&WrP{XY<OST(M?I-NQqLUz0+CnAO*-A5THznn!`5zTI^SpfGx6QJDIpI!@<
ztfvX~m<{$Y!R{v5KW(t5tWd_w&nVjK0qyfcd?QfSc0Ta%3Bqb9e(eVt@J>X;x`(l{
z#ruFYD>BwhjkN->CPc;>e?rkU9k6abp)Wng{iNY&V?VJ*(+O9$_{|OJcOaEk6`U(^
zUaTE%O1V{~&YCv4*|%G~>4vi==i+K~cjxD=z4c7M|7NT{4oedEOEmv;RO5eAK^T3Z
zM2CDU7+^5YO;@18`IEkU7SV>fIeQhH*Ytx2Ue6C4ieg2z$T;#B9_OXv-_gm5;7O`B
z+E%w38*QUojg8iEtFh4@y~XI5{kPzOUpMtIAaKhNBJfHeFh1-xtA@~#+`ITC5|7AY
zO(%r~sb%mX^Z6maZ8$@eg5_<ZZi-P0w?I?<YUm(rI*^;byn#Aso93gVZVy6<XgMUE
zz5Bqg85xA?=podN=xcF&F!^nuWZ6feaTvh!7KH&k#UE#ib}ULR86TR@YwIY^=T%cA
zY3a77W+~J8<Y1yR+N2Y^c;R4-A-N*}Q&KkZPoZDXDxX_@y54AoV=-*7LHE^zDNbP9
zaPJ}iuxLG>uphdOGR8A`lrf$yM&Wo~#+M+U97O5na`|O=ruxeu)r(+=6}twR_hv(@
z54hD8W~*0pD=<lmrw7pjDG<vC!2&62;(tC$uZIFLAK}!m<I$f*ozE8K@cFF2C`w1&
zTsMe%<?Xja7e$(W(UtO--$iZw85}Qk`C(cSZRKCHiyGw^UF66yy6EW5*hL+X*;?^c
zCiOaquOj1ZgX4EH6~}lZ`kG9b=+IB?x#<&`MqtX>w~VHxx+$F5i90iihe9zSlRFED
z<jyJ-BQkBBWk1i(yjk^Eri1&dR$P)v{dMnKq5T!B-*sAQEdB&)<BxaPx1_ea=%gNG
z9I^RHItriILZ8%Q{fk^bB3O@&fBMpJC~MlEkU9mCu>Q=|RNu4(IX2BbL?czie<$<b
zaffi^Y9^X*nD%{?RWlH(-DY)xd~r=LsP1D{kAUiqH3{&zX8hQOhj>E3uD|yQ+W%9;
z*H3T~NFeb;E+Dh-K0)-3YaYQLAQ8Logxh->tmTPx5iB2rE=p5kd@#dIc4&r~57<R1
z#qI0iDW8#mzA_%~pW?=i%9$TL-PL{I<&$AogUgD29D;$K@UAL|JAh(={8boqP%^I*
zKGIVk%N9+WKIZmm<2d=wY)#EDJ`TV@6o@q7`_FRIWHAw3coJ<ld5~^&pSsC|il^00
z9+p<8=_U`0REgbI&{Il^u=BPWhvUwE>DqA#&S095(@zFjJf=CweZYSQ-{1kn^&LrL
zm?654By&fCO*OdR5y`4ij<wNblshi=HvspIqKm)+nkZlV;6)y5!&dqDnk3lyQcjSW
zJyGJcl;G(K?Dn2OOUKQUq8hv```}qdg+lf>@b&1E<y!!6k$C;D1k+!1Q36+qr{nO&
zC0Tsadxpom&s{!Gczne{Vvkwqy;0m!k@q&df2GA{mhUD2Z9tO0b`HMs(;qB6%}V>t
zvKCj)Z>RxB_gfGj4>Q(uNm{gt!kpq@yfbPRmCkX=H^PT$z@h~)kQN+0h|(@;PM2qA
zU=}5D&#mVIV5G_LUmJ+1HFP)|G35Q}vnaH-of5&wUl%I}1S?&#^5|r!9PS%*vfLf;
z4nJArv5TRXo+EM3DHipR`&yH8p|<?yjF2F12ZT6TT+axDPA;x=KJctY7yt+lp9?4#
zTby6tk5Kb#=LqsH?Sz-s*NWG#rhOjMp*DN%jJmm=8$Nus@;glx_g)QxB>J-A3Kui4
zR*`>`ug1vA;(GLwDI>`5^H}5l%Fi}MxB**M?v<6c{Rf=3sxy;EV>f#_cmk~bl<Ngz
zx|9_O?Bb0Z!FF{_euC^*xT9H$&dfdK#fgx|sSq}_lA6BDC<emkNp^=MTv#+X4Mn3u
zP=wJkMJJB%HfPxj4av$#`R80N*rswlv~}?d>5?S*KTL<@ig#DLV7sx5xTqGQU#gB6
zGV`iI7}@)9Efj>2P5Lqe2+VbRM?!jtqQ>#cQ`5|EmMAt4(t;t`5UMB#6QZr9GUj5c
zqM#EpWx{~E927!SPN!^eYL@xtnLsId%28Mg{<7Wf0wEsn0+Bw-j7ukF!v;}U%UTny
zZhZ=Cq5En$9*fKz4R7y1-U>9`%)|z?&#h|fuSf6IIf$V0Fkh9110%PMlmY9<@rD8W
zc&ewo;g@n35ySm-5+sLZNRHbvq+r1MRv~zQCP=*Y3U9#rwjuDt@SIqLQ}CI5j=O-;
z3c(duzRdU-6)lF-uwy)J$pm&gw#!jWRR+yL-F~fUXS+XTtEbN@YD`nqStg9zWIVo%
z;s1xXH-T@eS{}!5(iX~k1F{q;G+==u1zISjWo@yAn>NKNs1;FA77MZzNTeV_u?-Sq
zl;=Z5MFm&f5PirdLd#ZgMV?PtMCt<E7?vtqq0s!!%$&O=0r7p`|L^A`%{}X!ZD!7#
zSspr3kn73nske!Xq33{8&&A><O&~nzxl;y)3a8I~1P0JrZkyAWbWt)lU;rr~=RYZ9
z>kVV;Dw~CnS^u5KHi}VG&ebD_T_AqF)tl1OFde``H2VQwK^y~fJ@a~6Rqs=}2f|Xe
zXt$it>S>C07QhRkq#ES<`oKFr@XLU8S*tIvz?;j<uq7OJJVuf`f{|bQ??8TUVPHl5
zOg}ABsS8S5eTfV*=p5b~wYJ4Fu%3a}M>2BpxPW`Ifr)5Ve7>z~rL>_cfd4J9rB{k&
ztr~)|+!b5Jl_*>36_ed9OQm~-;og)4X(N>jMA*{5wu{65u$yGNIOGpo#jz-ufE5LO
zSi3tA+FW<!09(b;C<f;XZ13c{vl0R3?!V*j0hT;Q2tDvdl77T-8+^EHaQvc05WCV^
zWQvw-L2M?73Cee~Y{BNqixDju7D=H#3}rxu#a6o0$~Kx+O5g9?L`ShavkzERTJ7#P
z>8a=gn5R6`S(c#iKvu?4#h4_(3nr6EFu^`uD9~wz1G*Rtx>Rez$oMTS@W*M%+cL75
zT}a*o$fC<QAknxAB>4Lbe})nKg|4nx)*cVGy26uXb%g_R&<bDXE6iVz*?if%^|e);
zipZR_i{6gmiJJD^3#icIO(|i^6Pe=~**iMNWAANIv<0}SHI55zz%Y(m*IW)jNh_30
zP>ixS>&(W#RNtUIXfJ?Dp)tH#8dS^BY`MQw$R{sX{UPJEO=l!ee@4VuS|DFiK#(1K
z&EfXG==uc+w#Uo&tgY)eLEH7g`ov=A=eaN2DlW4<dztOoD!yl}VfJj5e$Sq`qYoP9
z(w@y4DA+1~gH8L}G2Ez~U>S;!<L`lN)1FW_?Qr;Do7S*jBjb(xH8S4DaA3F%%lKHv
z6skLR1MS$RgJH++U_15$+Ocoajy=Z`{_7oEU){0aCJ*O3);adNcP#o39@9N6W=huW
z+mDZ``*zr|pncoIq{suVwUo=F{!dHUVPyEFY;#mw$`6i)S;`T7DMRtk|8+eF4ZQYx
z5`*>MEUH;uRL9<1`J%44uRH2JkaEIR7FR5D*BI0%=GGw3KKXv&#FKOm!^Ed+S(d*i
z%gn>f6hme;WcD_4<Db_Mv)x+$t_x$fKdlLg>w<m%B!2?gtKmaq6uhyF^V}Yd_qHUU
z<#w-P-5tQoseJ1Yl7AfU)=MCBBjBIe_2sEXcJwW=dUqI7UZwCz^5D^=bw|wyu?jJA
zbtduQi&^tZ%Oml*Yh?Ur$$dZ;_k?NwWwrULd%7!36uEcSn5Zq4!v(qgh*=0QcD{r-
zPX5S*&g8E1kqJ$EuJ@721FEa8Lt<IKv*0e!!2n^vrP)d=Ex?6!0v;4`Z$jt3f{q^p
z=Z5z5U&XSjGl9S@B?CGO#Xbm#N&|KrhWJloLcGiE@_%Shz*^^jHOvLE+gaRfSMI|{
z2=L0HJwiMu-~+|al=rG3?<LCHNqKJ=@>WpZJCyg1A@5Df^HSbwL*BcTH-qy2Wyt$b
z2!0S5$OEgy$QR?;-t7?*d8I%tupbK8LJHW`0_&l`z>oqEuz(6Y2L+@n!3CaG3pk;`
zqL2bJ&L{;&LV*Y1bK#BxQ}A2kp#F^S{l}g9x5g3u>8%lV1idxhdMmv(;vU)YU=Nl(
z@Z|g)LH=Pu4GP;<93-LJGWORO$vW{j@Yna%vf_S$UzMS*uL=*D`Yjg@0Z%#ll%YL!
zeuC0_DwpT26=pn;m1Ytq_QVePt@$;c`7X=kmZg<)6Dr~FsBb-nVFmwW#b^{#b}hQB
z4Q(U)@aKY6X{G$t0UFXy_Sdi6&|~C!hgk~={+slzKGOqa^=gq)_>58qj;=1pEK&rJ
z=gJA#E2hCl|3ilRehohQpF#U0wus;#J|GD0opx{3^Nm!Q)DaX5ZNIC#aA7C-aVEEb
z>^I!ZUA4$fE=6DBifr%)t126uUNmP6x(g3-%>7(*k_`g8W~<zV;>glnC@V-H1s|^Z
z?SZy7jhZlXx^3Ddhva?2*PyOJ#`&ElNzDEhJJG9hP36sUr5w0B<8{1B(5~UTNQ@v*
zH(YBhUIkfas@P82bpOl=)9z<UhF<#cUdXreTJ)<<vdt!TQkF>I$}7P#PI6@tRWFT%
zn&h81YJFe&%pf%tNl{<P=k4cHdI48odErC7{zn4JI2UsnXDV0hf_Wt|=Ve+%*?cF7
zInh_&9fN5@qOeIC9O`pcEQ5vhZEuRL4sXbI!w<UM@W~zB1>b=%OaEj0zg+r{EmvLo
zB*W4#Y5#YY-fj6Wm%eNJzp?bUS&U0xtS)`?oa<Wpd-@obzHy(wwe+uipj-N+&W5Fb
zp+WG{uQb!r*B_}{`cVUQOP@C|oR93UFw((jdVy%V)k5=RYDYfhMN8Dwr$*@Y>qJ+3
zjMe~}<KWtefQ{-gWh9E_3P6i7&-<u_yS=@XyhnB{R}?F`ccEq6QPT?UsA)I*+mPBB
z)0iAJ?d6V|Eck4%>^#Z)Bo>yF_w-UlZ$bM?BGqR0%c4`+`-?5Y@Gf@-1uc^B&ixZG
zzR$1JO<}_U;ob@28wp|b9B<;OMmOG_8wom{-a2-?Cf?8v?>{l6H4*U00R%vFO;V!{
z@WVE}t*Y8Jr)a{MS(E059JVsGZ6&-s>o`!UoIjY7G`n{^2vd*A-@FC3)>SB|f#-t)
zBw)HZMosW-a^Jq>@<>^;>zPm3)K-&n^xDw?R^O<q);-e@RqHyjpK}}9jl1h422Swn
z&t0K<?p_4Jv6p+6a>sxX3tRKz;Bz;wx8dBK?G<|Nz}oLB=dSa+I%~fT9rfq#4X%X9
z@gO&S|E`U?G?VV1GHEVaEVY+5O`0_ZH3tnyrGG<0Doc3hW7WZZmQ90O#s{Yx*D{Vz
z__$Wl=LtS8?kakNGOlvobUCH(=HnXvj&5949dKMV%D4pXzzbGh2`q6rMqRNM4HRWa
zP*g3PJ|6I<7FJ?u0~(ZIrk)GbLCIM(sAzM@prT2CaAG=*B8KZna&pOI%|QG+98?l-
zI*HQLxH{pSRk}enqCpj!`Jjrpexy~=kGwfXS*eG6jhQ;@!7&c5A9?=+Q?zq*mWPQb
z;$5N%HTaV^lWHgYMOYu{N3c@7n<zW~<UwhcDWI?5?W~~mRUGs!Z|gwMw<75KxhCX8
zjdl1PH6h*H%NFv79fuQ=2MA?nU&2r@`EnuufbAvU!#|J~4DYK$WSM;lk)`=a3yE)N
zepDk`s|$a;o_bWjsTXuqyVci-J0O<~TJm#4$OI1^o4EaqK8BoAx?x6r+EaV)h56&3
zdo>h;&%ae+Pz{^E`ETi-e=Tu+!=N9&pZPgWZ1p$J>AZSI;twJf8ehvHMkEx9fBx0e
zfPb=j{w@6T)|<M0k=8yO{sFph0}bk~mg-vF6Q$Vrb}`ua9*HudoE7R&ax(u4<?K%}
zpd4GzzlCxRy`dY*)OO)e4xCPoZ=P(S4&{x=YvP;!QAT{TOdU~i#$Vx^^C<>=^I*!~
z!Z!`{BYG(|JiZYXe6#6>>%liKMH=zV65%TN=8F^qzFD5~xA4vI*Y)_ntsdXJ!Ob{<
z18hy82b!yk(Jw+-3@}na>jZax7Zv<7T%Ej%cdMCN_y^Hq$f1iN(-7X_L!kIvQ8)5W
z9#0FD?{Gwx2x{6w>7XwLBbxV`ZbVIKM5vL?FzCx>9R>wO<&6s?br`ftA`A*Z%e{LM
zYD9F}xt9)|w&|rqr;U5*&}kr9hfe=YzKV9ah*&#}#Y}Uau`D>FCC^w9oDst_Rt0CY
zjUYxd!;pGFK)v=7P2+s=-_ST;^7k~(Ya*@^IsyLf%197=Uz|bV+}K<Y?iFi_8nanq
zZthj|kb6;vN1x$)TtLxUE6M|H9G#9bzD5qbltbar&4zI3=3ud#bXHLSd8`?DwhIxO
zkz8&qT{-T9GTlPT^gOGm77v61*6{HfCK!_2VR9eAx1}a*^5wH(9rsMV7&dveA?U*m
znA}b9HM|ry7Q`Lr!zQo36jr1C-1)G{!wqWjtueW0IM0G}uPCz<XJNDR5b5xYvQZ=l
z!`gMCwHrivJq&p_Q(i~P>ut#ENqO}sFU^pbLV3SSm^aXn2SHuJtkj5;VHdD(cmsra
zC&MO>4X=*B_GH-PWv4@23sx)BCN~Awgw??XR@Ev6Dxts&ArrqsE$|i;_(w>AWoiKz
z6mW+WSfUmf4+R#66j-blxCIK#;a&)j?NIe*5mA1hs6&){5>Zw5UVVX2^aWN?fd{x2
zue%Ms%KYKE9Pr2RL<dj&5fZ!Vn;O+d(UQgR+PQ7GYbJlZzEp}@3WRxbr#6aAxNRHM
zrA_g5iPZU}ifW@%){0Ifoz5jE1}P;H<X>ZSC60BY64R6tJbg=y;wNft47u{R2bEYJ
zqX6;@FL5&~0dv}s|Gkm_eQdir$4J0tcGD5C3EgxAte~5YfaP}65wJnsbkm;PjTF>6
zaz*532*7E1&J(H*@^SfcYf?+&3gsu+r~e^PogL3%!S0XUtn2>3&ARTtyjj=%)|++R
ze|$4_Z{yuR)0(=!<c7ICE<dLBjK&qSpy#Q)>_lGnYhLzFwJa*(4ui6=-~9dHpWAq?
zBwlNon{O;gY|9f%Au*1Rx}Mq|iuW(DON4(M&-=ZVk_R_l`4Ic`Z4_|t_y>ZL^t<!{
zjc;j1jd#}f_zq8O28qSI)un2yK%iw;tG=4fYH=$y{y{6UL%`ctdKLMP6kTIXWQK4T
zGVIGSoBIP$;t^zZ1^w?Iou_@hOsc+ooZ2Z!BxDN=vjFT@PWl$0t-&t;Fb?$DmIU<Z
z#k!Fk;fcc_u_bTx^On%4ZxA&ADH~cU-JnYMJ1uEAY4WQr!wv`58-_!il`<S-d<91W
zACG?m0elE!kh5R@*SU6kW=k?ac;|7Qb~|ppE-jS_ZO4B3Z}PYI$LjOzs}Npk!2>NQ
z;zIe*6gujqvhg7Q+J)X`Eb<<$4%qZ;YN3RwSkr<|xFoB1M3P_PiM?ey=H1xetG(xJ
zz@<BDb2G*>&W>^F9^tCOEdsHiDhyZh0>{lfU7mIbRLGn+mVSzAyUu2rB?~eHXT#D*
zA_cK*VFy8tLyZ3QbsVUtKw~SPfpV@xqU$Fsu;k;xZPjRSld01R%>tX3)8!P3QXmoU
z5`q4+dz;LVbA`+e4+$vP#)oY80a>UZCBY&^nUED+iv?AkLRRWvIWNU>KgQhIy4=m>
z;IyKC=>{C&{Ps#o!3QN<=}JC>C0~UR=6TkmwnX|Fu&a*|%Z@QNi~$U4CGelWjcPw(
zqEt{MV8tD+Bu{@iW(F$e`Qi8Sf5r;_gRDVl*XDT~+J%Xj2onL$Dq$juc)J)0!Ir*D
zEPIM|sA;Pt?*TQHvC1OA#Xmba05hHBPcr(u!FL>+J2Ku@I;=X{R=O+N-XEmi;1WYD
zLlYlQJ?JOFp1v6Ya15|{hE>}=V{5<%YmDT10(g3gHYoLfqMUs=x~__L_O`KXt5muz
z&7WiJZ)~P}r|%Yc4TSg&_V@&G-3*g&9}akAe1hcK2i{1wjrBK&ZwvdW**}3qxmz!(
z;#9<>?@^;{+&)jrKT7KYj!xb?>$}d2w(l!0Mc83f45T7c#`#^*&N!Q=*or<+k~YBv
z8M7TfvuvFYl*a6nE3jn<_HOlU6>>!8q#Eii;2E&7G!SsK@ZMVA6%cLTR9uY6PCl9b
zxud0j7V<Xu<$RFi%Z#LImaxj|ypwHIP-H8R-+40@V&sz6D<mvq2^ncSoxRl}6W<Oh
za>v_PL@a|9FvL6Yp!<n{{A+?0BEqf^NFN1#rnrBS6It7fN%<9$SxQ6J)M9*6p!GyA
z{sKw5DD0@6p^-OY%z~Xe<j-=WJJqpyo(HS*`af7Bx^`Uw4>jDeqi4FD*YyNw$-+hx
z%Lc?jU%yHfwGmQjtx0n42MsB^Hzh{ZkP^9ulw{fu8dBgJa(0e)09YCb^2Hut@3B)c
zKRFD(Zss?Y(7h}8hWxgBO+a<fJ1?e>VDm;Mvb`Q{b5ECT?qStA-bidoGQnq!;(;<~
zbGvS0gYZvbghb!bg6I9O1ClSBs;+=sJT(^g=~(aGCbkHUWGFC>C6;c+!yF~PTu}<H
zXT+u3qCa;Zz{6LzS1cRDXoznY`^UZCx2cXCZsL@)D>z0vP#hGbZ-aGYh+|h92B-IN
zyd^8{3M$L<A6YK^DHZ`HSU}zi$d_vnvIW7VKQ1^P&Y$-FYq1xxtgsC%Z;sXG{$6tL
zC4IO4PhzH{zvTWJw8Pl3Xxgu-vkR-pehxSF8*XymD6YHREP01p``u}FeC3bP;}1sD
zqalW72_IJs9~W*ZcWgW=G_U2MGe&|V9}*&FyQ}P8au6k7_z!B3bq*`DxIYH)!qDiC
zP41=fph9fxKh)xQ(C+>tvt+(maNLV1I&*_n&{Ud=8OEOQYcAt2H<4a=k)jB_#>95=
z0ER;oIS$2yESMtz(K*`R#V~)BtTg|dh4ZNt>|L^%+F;AfF0a0_)`-t^o6V{O!$1su
zQ)@($L(OTdCDHZsjc~5UGxY7bFIqcF^DXxDTE|?5GP0A;gBDcVVE<%mO+-6t9bJK5
z{5TnDhn#tShe>q3+6GK@PTD=a^Te!EyrA<3RY>G1h{lb^2n%d6TmQ!aT|2w_jtX4A
z8@oLjrjS@xfh{yTpJ|GAGPHji;r1TE^yD@j0&m7Xjrd#Y)=;YOMNHa5=yXr%fW-mF
zWDUR!3j~kudO#|@*kI=ElBc+a5TIiPavt%peW+xn#ooV&;i6fLMyUtUJ0SwsDnr4I
zF>E@VZGE;#K0YOnC5vUfBOzGRIkD_}JSnHCE8ogkffmWxh7|HKd7qm6d>c@FoDx4k
zxri{t<o;b=xhNJHvqHuxvCn4~#VQ6WYq=f7ooE{%0S`*Y<A59sFPa_*T+VazA+;V$
zwRv7a9-#j#sLDDO^hS$GmG$^0Rh4z#r=-eiD_sPot-jGnAT;|0&wQ)RvmRNf^b0oC
z2b<_>$VQQQeyAy0bj5<?6cqkJ3D0*o7_)j7ks9n_r2V$8JN3G-j1EnQo#sAms|ZBd
zN&_alyN1+Y<J0tNuwODH|Fhjx!;t*XpzR8X^Tw`(-eEX7?yT;Dt>QSS!8T`uV&4N{
zRBzGm?iL#?3Q)oHBaTt<;jS_6H?9x60$C7CeXb5mpUvvqJhwtfd!sfiL@*!5Caf}8
zA3v!%Xv0=A^tc*Nqk9WdQ`1qFuu9oaI^UG!v(lgwyHd~$X%wAUTI$I7EwBig8|by^
zg5+(v_ed_Mwu^d$v#LcL_f^@b=denXia#apXEptZozrj8b<rZ|v<1?Sh_1^#rBF=?
zSO`ti+ZH93bt4g1{Ztfj{bA9IxK3Jd6QRupY!62-WRm(y9$U1OULlsXZVfFqJ3j<=
z(l@9HGLy~ht~8u3-+{(hpEFb;_5h57zNQ_3jr(|p5rQg(z2v$~05<UDO5&>hElaLp
z0<c$5O#n_V2sQ!8SMSg>R+woE=+P-*EMOqgw`Y0AgHz4N1a$45!BFO@i-7=Qd8ASD
zn56E65{zeCEUSaJZ|!{7U$36;<?Dma_wj~?^UVPo4cz|rXsQ2b#!Z*a2i|}Yhppog
zX&#k45jKj;VC(-hA@etIqvo5=Zv%ILo+4Z^e+Tx9t@L?7-@6$9%|6+}?JCyO`%0<X
zAgSVX#H0&^!q1lu_$c7Gi*eItsj_m(#Fqq5%KFk>7fS0)voj_4VLtw%w301P5`~xt
zR|^~4&>Q18&9-}^2DP>e@>4y#3qDUhoxM4*XT>@UCc1uUE(qr{Oy~k)Y_|KTGgd`i
z8hZ2hRs9zht6Nvg=A3?WiF5k8@flqmvWpmP&jD<E9*@lRj2sl5>#+~I+V=e5(aQlS
zWQ9W4-k#)jkQ9U-=GD@mTDa}W%MEAc@=SF$&mhIAVt%&!gt|k&dD#rcob3L2#jx*=
zcjx;q&x431um2XLDcx|-+1&NnM*HVlcAa$(gFTn<3I5dfTyv935$s@VPFG5)>voMO
zu<b9FrJ^I~!&1eSD5>-cLx?hQ{_zPRL_tE+ER`rk-K5$^FnF@s2@=_6UHKP)lGPo+
z`UgUo)y`sfpM*C!fWe*~aNGvpj4tTyBM>2K=2`gJ478f^!q5Y8K{ne3WS(VDuW^1#
z<e)=iMyObF9+3k^1aR(5NAvzS<Uk_?x4o*ENIc3`3em__sexG5^s>P|B2XI$uu}|7
z1t<qN8PAoEteLH{5=ex<Jxc(djDK_1jKPwRteMo!tl#ljo|J{z-f3~!uJhTV?NlaP
z%dB*8ZBuq1Yn^+HMo$B>^<1j3D<ihJG9zZvwDA)l0F7%6JP_)IKe{V{74MR#;S&0v
z1-;n**{|AVa;NXa9=U(w!SV{_E0(^Tq`AwKU?;nUpmue-9{A!5TsgV-9;)CQ<&w(~
z&F#&>p0pbV%fq5*K8wFpqezU977$$(Tw$gP5^+;BZb;^{d-cWknQ56x2W2zAMz7`1
ztWB(uiUlnc2<UG)Sp7pY%nO_2t&zIf-F7CGaD>ghgU#^N`)56bGyE1@|4NR<f$)x1
z`$PJ7m14dxsq<M`zBjg5)gReZA2|<FsF(-bK%Xz~$we(a42ZivGYL&cX~CZ46Kf|m
z$U^v47&8CvC$BN@{jtOm-K^i#jLrIoU9W4_^G(6C{#<mJS>GsJbJpKAUwhWkoI~M_
zFlB|H<DW3)U7n&|A0>$HnJr{|V#3ppM>U8*m5pIU-#37<J(=vX!6W8H#>3Kr1L9c0
zH;96#EK8*LaDpK|oPey@yu_<`BZK#E$~$bxJ3x6^ly}sS_cP@sP@dWFf(Z`Q!uU!{
zCog2@x?z<whUQLFa|bA|){u8W2!0?RRY&jNxY6$WGga_OAx;vU`ZE2X%(##;<Md@(
zL7Ce^%G{<e^XDI|%wU@8?f|QEwx${Iu(9G(S9BFOLdAI@wkvHf>&iR}Wg3J8WJ}eT
znE_?uL(05gt1FWSWnN?{e|h2hv(bNh;d-ZS_zTy{_q7XGpAW)ZxbD_2T>qckx5^{0
zec!^<^*<r7)z2#gHn#IMZdzj5z*7d=+5<j4Gl3<>^UnEV*3C@hi=}R@q>A4oChg;*
zXt?U5%+8bQY4MzQZk%hMXuHIgEP0<2AID?L1n$+@D$gTXZKV}y{zU!!vebk;*B(bb
zmNnMjjD511tI*^pdEHDPkIp7?oj0z0s3&q!wpU{Gx}4GL-I)~^8NL2SblIYTOjO0W
z_u0kwwn?QGa9eYhXmpd|xryR*5+_a+zo%C-_udLQMyjj;iKDnaGIJtVw1jlAQyoYV
z*GHNlbra6~E~U_B{M@E|Zb2OJxk(Z~+g4gV*j-WKGjD+%(e>-nn)sQWSkF=a_#uZ2
zG;uMwONy@5j2{!WL<=O5F2}S#>1}KJ^j-q@HxI%R1?6)o;<wR#g-~VrwJ6QdOR^jt
zH6aqa!+IKs>u$q)5KEsy_n@Ao^WrT5K;I~>E{kIQ_}<1EGj#VOR(S^P1NS$<w<1r<
z8hDjx<((e~uM%}^6Qr|7osE3}3byZP&u?E`loqcD&u%~tt)<dGS&wl^TCf1k6S>%1
z6vy_it-7>^ovMnuD1X!zdgZ{EHAU8R1gsh4*cW>#?j~-+<8hq3n*fpNlCN_GdDENb
z@XBLtKsOKD^bqz^j8s=B)E-0`x%E|l7S@msMnDI52X~-~GDKHfQ!v5xaE?Y1U^F#x
znQaD$@LU5=u=zn%m(qd5Isuj+sbTpMp#O!56STzfEU_IXKCC4=gW{G|lL!9Qeukc#
z1ZmE2c*UoeoT5^Tp;YOqtCX6@OFaOkreCd8AulxmO5Jk`$1^)VjGLkdFfmI@yanu^
zG4U=f@lNA-YB^oPb8_H!)`jo#RREb^r-W?#2+B<lA+ihVbZvQ|%v2(>yKlNyFgSYP
zc>2>TO7piv)%UMJbOXJ-(!EO+X(TBkcIVA>kBy5X1Lh)<qUojmO`o|{kOQxoLGsdB
z5X&Nu2hfqxiT2(3W68#5v`x9Z;q6Vg3v&B7FiSgz;5WD?_~O&W$My8z$AF*6Qm*<o
zYxBf;Zh@Hgj&%D&RcRnp_x2g{Wv&2<>_wV9+;dAtj%Q>-GzP>tFF*N&8GM4I<)xo+
z{)#qLrJp7em&~d;`mmuUd<jp{?F2=1;s8e%f5_(7)YorPxa?mF*v{G7-y6#qlO63@
zOP9ZZmRcw+u|_^ysXdOL!Q2#G?yE|!{A|1KYPo+dxmC~>1j^0Ea?5c};6bDiZ|Y|p
z-E8h7{#L>9NUeG47tkeHG_VDy<aaKo2>#=e>yQIon!U(Ap%IY7<S|rQrrf=Yl^6=_
z`eR}9tAt&u+*PvW5kWyr{x-(`0z2Whl$U<Wamy_w19}R@Cv^cq990atUv&>G*albE
z7mueZefU2DTvd!uT7cAz9;$w>O#zo@aP2Z!H}|Q|gIy3M?#UGt(alEij=X786VT3S
zUK8*qGNvWHjv>n@+vts;hu3LU$Ot;8d5speb?ePw1l{M)-8pJ0<yBW6(X`HR2hwX~
zlui2yk3c;uvh*DcH-vVuvBw2$<NjbUoi(#-Tv|OnOda!dF#Qv{TGy;5;Cm1V=el|E
z1H^UJtYS?i8_a@8eMO&LSMg&Q`lC>>hp}SjZdP%qq2d~S#iLL$3o4$gGgKS|6`L3;
z&em5v1{E7Y#m$J(TJE{bD#XU<EBtghc)kx>SOrfAQtW<Mha8HJGUU(}Q~E^Oaji!k
z)vdJ%t%1_9{3NtC5W64PD<g+>p9#x3urvI&(C-`JcO?C83cqVI*ajg-Mtt4hu1-~N
zz`ju+tkW`mIodbo_fx)sqni5u#enY^B>!Xrvv`)_TMD(lp;Dj%KnIU;K}VrnS2hd2
zx$tWo74bca>|~{!{1R)cTA+{km&i~(77`ybf+W|E(3JSNdfN{FAYK9!pA`&1%bi{^
z3*<EO)6=PfKN>Z5)ls~CI+X+){sF#LP`#OnM|$>;^WX0uqwm{eCcUacc?Ps}vp#Rk
zX_`j>!QT?VzxPE3{&qpvSASN<w^rcoBU8wm0Bk3Jxm6GhlLkz!@2n6yo8bN0cZg5d
zxfehgQyXuem(2p`8SVgWN)5nMkF(@{JO!}1ynLuGYBNMx_qX-8^0)9e_gnl;{f+$%
z{n7q<{z$*sPXMgt3JA*)DT4>$8^O0@rVccx4Q`ERDh9C|*#&>=koeJ72&nnFhOaN4
z2Yd}WXQ$7n=m+muk19vNGcsKLKF8HNEr6<#+puvo+8K@xPT#;^QjPuxB*51@V{8mJ
zr)8E5NJM;{t+0cRDgfT#=i_Vt#|E6e#sAv1kn{iq8K7ii4wMfHjt6G+e}J2=4xArY
z?4H4rcMN*cWK<z}pZv=Ys4?eA<VkYoT6}$pRh(Qpn`f5H&tNPDxwb6(5G|K=8XQ^R
z-ZDs64sN2TD>t31VtF#GCB^wjd@bk=bmcF(!bV2~_r_^&#W<Q<(3)l**<;sNJi^X6
zlFAK<#!q;_`QVsw(-n`f)5fcYIB3G`wlhdLHD!|z4uGPesmQG+YN|7DYF9=~vRZXC
zuX=TNu*<n@4qD>jMt}T?T7qz+&Ic<qVx}?R)F!RmEGWn$><<meI*^P8lkDWRwm8@`
z?B13J&#((y{w>e2<EH6M1J4~x)k0c(DWo-wqn;8%vBgiyjKn^O0eT*As-u{}{o2yK
zdrEu)jiMPJ1!)i@=?B0gt!(8G(*-E1sHJ8S$OEk40MJ8^oBk^Cwb=k(o2nZ?3Jst{
z8NgybfGA}EBMz$rfEbXICXUyP%PLJYfW>?ORvJKlgFdP~VbB10oRuvc;uZ8crln>G
z$iu7P05<ReY%pm-x7h%Go}wGTtfM#p42i;aecG=;P{B7Z2v#>Xj35p<M$Wx~jIsb$
z`IXDHh#g_(<$v%G)PXL;4^YXS3%@)dJJMfv{Q$zk9W^1$+p}A91l1F5q<lHDj*MVK
zc&ec!LjAbawXYR%Jdi=8oXJ+eXSp2KpY0?=vI&#h2tIH4Sl)XshYf&Hd?jphN4mZ>
z_zOT!)hU23`;h^9q)v@&fK%PORyWn1YjsoIrdFA1k^NFE1Yk{1Ggcb#?p>o4jcUg4
zA7qK-r`9Te&3<cM;GxQ9UL{^%<!!Y}g8WiQ6*sT)$KARr4z)^>TzH(=hiLgeC<>r5
z5=YwO&Nzm`+v@01>Gma1KkHI$0CcNP1Kq3KgbLWnC;c0^9(J01gW6~V?Eiwil9gIw
zpeJb&Dm^KXJaLkDI%;4`?o$ktKl3folbd;x{Kp3&%GdKX<?AI4gka@s)h<v^P+n=k
z2})iA13_`b!TBj*M=SRjBPi1qf>J9og3<xYqRs+3#jtr6q2j__<ziQG2BK(H;n9b`
z@EQ!x#j}&oBf{`^<nqrvcVfJ)bZ9lXQtMAq%fzzhP`1>~p6&qMfMF(7`Kt!?FLB*n
zrc7~Np2@vCY43o+;^Sz?<v}&hMRcKERE}+Y#Qx<1wYx~5)|&m&X`@B6Pm-arIS)}H
zUIOB}8+A&==PRO}Eo`1V)>cKDzXNIxvoyyEmd0A$1FcrDR@o<OwW1h2^ma?eR=-w+
zbB!05UJN*zc{A&?BV?<nsEJ75=4j-fgg&6tw>igx7DEEa_1%|YjlFX~?GzPw9c=&4
zpMz?@;M&8Q=e`2+fCOhE%G6HDnU5IC_If0=tYbJFfZdnlKnIwf?@vS3R&!7XxGDd<
zFc&{XJPu0mB(&rO@ro!vf5L?N18I4liPd@iC)S9r6!cR)8g!5SiotH4XBub%OB-s`
zhl?Fz**y(l)sNXK>LP5Vbtb#JnjS6&B<a<Gzp;zMF4|4ic5%o>U>)b?cn4g84I}?<
z#^;M1_vmxMn!uGN)C5+f12kk*3!ZQyMW+@#O}4p*f?6=Ph-$$@YjC0ryU+!ehW@6>
zCzZYyEcLGdKYj&dkj*1vcl|z9v1(p&ELVw$J!aMfhZ;T(gX>P#hmSLIQ~5mpyBP>5
zSHC7#Bn5gZx`G&&4LuBj<ZM0uRv@{TCg@xMb^j?<7Ycf<8VWj2@u6h@kHRDt&73fC
zf@55v!K1+kQL1MZC72u>YaajI6dDU!KO7!T?m!PiIJul2;ljzif3<LOUyj!?1@|3J
z)kP^>s|JE@ulQ<u^gCrZ6UI!OG-1kk?yITr{%PZ<uq4CajvHdkO^GkwYK37<5_I99
z!CxYTgQnq0Fg^?8f;ClcZ<J4Q;X$9HdW4HL_x{yl&7Byh8{hmNQ*}Y1*Q&AR+9{qJ
zUjDbb7rXqX?8PoPPGwXHd{i<YRS_-LKLaT^s_LsORy9E%n`4MP_f<x?$aC*sE%IEP
zelQ;$N>wAz!C;igbFo{S(_r@QQwKBtM;Z)cMH6&mnPrGNH$@4pURg(D!QgUX#=?Wn
z<&QK3o%>@%xS(_IUoGg|hzE3IIeIWv7j$kdMaE`hX{-35h}6ci<xnnneK1YigPI?T
zb^La)n~!NMjp@u48q?mZjA<_oVl*EU`Cf=R%*P}X?A6McYWSFHC|%&r4;I|78&fkH
zQxbQ6;Qu*SPy^|q^MgX1{UfqmpIB^wSnmG^v3eMVsR#eSU{4+R2S&bW!9OtaO@01>
z#*mk)Yq^(IJ^#JlB<M6(mDJBn%JYyubvsWjHl*&sRGl+aCF4t8+!&X1pNR-a5)wLl
z`Wa^vzjfjgMj)&px(3FK%R3qzL-{nS?<qp+b4O9un-&~3ug}DPkt|lBs7dnYHCF-#
zuMPT3!vp7$7k{+jwR!RW=ZP0jk{f@^c=5#ZVZ**HxER*3e88o!7UbsIur2^949RK`
zzlSe}bpg<ujPpNhaCQHwD;r$hf2ym&)%~YVYH)S`sd){q?msoT!FBmheVRW^HI+Ah
z!=|((ME|2qEwBs<I714|Q47q50+T}uOj8To2?fT46qu+M=mQ1r3Mp`pTA&3Ku;b^z
znyxv5{L9TXO5hMYm#?4Hoy+G=>dvM6r0!hKJE=RD(@*No<pU@AWsS!h8FG-WQSaJ$
zs1dl+bU&zEqsGb|4#Ld~yqj8i6_Hn&t*>(FfKsJUK6N0t%8v)AN|wG#rCOy({`3Id
ztBU214v@4K4!HaVPtKQLgckT9^3pFTM!;1983BWo#~{z7cxsLlwSm0!I_GKMdSs)v
zv&-Bv4wJ-TT9d1TsW-ypn-RcxE!r=r(3)3Rps!%23OQ<pJf*^M`PhECA`Z{hg>k`E
z_;SB8u5J7myRW`OcsT$4L4qdU<(^)XWE;;;en0rWS*YDNt!VMPfLr{655bPxxy3J=
zTgBqHPM-JbwJx1<w~$LGnG^<HIxlv^OQ)kb!;ytSIMM?FvfXGFV`n(oXat<kjexTl
z56&)`g#yy1CO2+}r^yQfzoXW7nYreN7Vd)4;1#Q3$sHKC$jT_%kE|A|CSs+ICVIk@
zSbKHY-o1kMrkpQ-TxM4D2ke0SHirCXbor^6-`9{ovkdHm2Vw96*)<i-w5&>nfmq=|
zLxoJNK!yQyzg8cYkyWnbVY+dD!mT@fJBG>;%gz|Af8i;VF9zHVAe@O#zsTL$R+_C`
zztPBdCEmSnvZud~{fK1}Uca-e?Vh3<U_FW?&qBIsFN6lgGVtt*rbEt#HqUUnA9rTI
zbhqNx>=SRrLGpCF`%kG`GgO-TT)8B-SX_E3;Arp7sSoN>pI2Or$UL7F4_0QH32_%h
zgp}@(gY1MGs&>Ll!r2G6SOV=g^A5rGx4|X6!qLh<o-W}P&U*~-9px5Z#j-FtR>*W$
zN@N&TELTrr-)WUL_X%f$TIkb<pwKS0(0lNmwu=>V6oS1AJKfSryno|sxcfN9bA+e<
ze@sHt+$D51gOuqHVG3!vZsr#x{$k@@${j$F-mM&Q81CfcK`zhZWY=;hyOy`B12vK<
za8rMj-Noy`T#?r7_O1fz_*Ua4IA^Q45}^y9lH*O(bo50j{VPcv=Chk*NgU#nTqhlq
zCGUWfFhBA=XHxLNi*Yc}RIWSnM4s#X{H8dBI*1*Y{O1LBD-XcMISp>(0r`g?Q-oY^
zWD4BI^V}2I^*g(o-Of+2zct!Mbj^nAcdP8=-+~%n@Vfs)FrBq>j*gt>(UlNQXYml6
zx)Drg7b&K*C=@5t*@@ybFrO_aZL@r`5R63?DgJEdZ=>0_90Ykl1|Ec$ZWPd7R&xJa
zZ!Zg(j-lLMR$SMpUsGoSt0%6@MQhnuy|wH&{!YgCEcY(|4F-G3wKNX*T2z8o73`PN
zGH>3AI`%y(*<EPn^r`BtVGWq_>QOHGj&(=IgCdq^EswD>lHR>wF0xpG*gW?|`H2@%
zRkA0{q>8K+L|p{UvhhQ8XZMnM@jU^{gBf$vHr!sH2PI&9u~JYh`#wfM9e&8MGe+4)
zqB)!AIoNzs`d&vDn@0r8QFwcx{rx`n?(Cr|-DQEjy<%q@T+W}b#OKf};5Abe@HBmz
zu$p*EtKRuyX&_oG-QQeyH$V$6+Her&16_r&k!P`SHAO=zc=mncQX(pyNZjRvt^ccJ
zx@Br6py^gVkAJjKi+{9GG2MC`YFK?gHWLh5?0nYIPEB-mV$Af!CAQMaXnX(72#r|g
zggwe=V^W@Hu+6i;YV)i^kiibBcRU&t4>PTbb~Zrg1~;+wVWo7g44UCvBp5hp`0b+9
zO*Ci_vPQ`>$^f@iaXeD;HXej8fUB&c>m*L;W-ja@ToPYCAj4^ab3I*-1D>jEGZKtp
zX(b!b!b>b$0H_Y-YwjZqu|epI8@zP^xG595gCJM(ii3>j@?h|fy#AljbPmOf>S@4+
z3t6_Uav0t*ND_186uV{dr(=eK05zYIM?ov@E^NZ9zhxE3gvqrJe_B8^2+|=`9LkEO
zw|P=adV^lTOLtfpFIG{X+Xvf`9RV{hoBJ#T*3=n$Nvi#r1ZH0VB^nKG7<M@TDAj$6
z(V<wjNcLF8^h^3oSLG{(>*n=JSUsqb1~oFYz(-#x-i~;=f??dzs^m#i%n}Qf17dfd
z1J3cg2gx`w2_o~Zzk&+or1QFn@c(!d(ClGgq}dFY>sF-OzP2XP>a;4D$9+&9RuK;A
zpt(o{+@;c+gd(3be5j0|!(hc{O8kiW{8tkpWcqw*YFz-4cLY}sJ;ip1&HWAIkLv>X
zzKmq#QeY_-34^8Ryp-*u_qE$=Cjv;98|$xkHDGk={cM@i+Mn`wU$UzWZ5`MXxaZiO
zaM|h!g3n(MC&Vb!zm*I1FNN?cjTd_}<4~Rt!u_TdHBspdw>nz*8eHMg9pPJaUAhdX
zHy}$#>6k=!;7b5((=gD6PXj(_SORDXvVP04-(jrZ@?t!v(RfZPw8&W$i=~0MuJOW>
zpUDD9`gfI7xs5pRZEQt|O+d|VpmeC&4JW|8O<Z?YTvt;e$JmH0W{T@0GeB7zwq(Wc
z;=*4*zZ+65kUE!t6v4+l{!t7c^VtXWExxx~5<e@ynuhm>?{E!oT0sKDsNubtb2Upz
zdfN3*`H9S4NEI<1G>jn<oKHS;Fg3gv%<T<n14~e8uUhFeY*+O3wGnQij8j5V#Qp*<
z3(`>blCC1xRL*A%`a3Ig1^L5bbGQv?(_+`TMl}?SR}W4(b_%rC38D)$<pEKfrOFC4
zkBwXy*j-vvUqrHi2!~;T?riDp-F0@QUnA~B1aQ|ah$y-PYU!?`mQQu4<%=NH(uvmq
z)Y4stTD}NEEmwwwqL#6WG80N=t_QyLL;fy&t|8Y4-@RerD^QiKjy%AxU~<%%u;iI6
zTsdj}XpTynht3Tm&4dyk*O}m?g___*v<KGtl&zvJO81h*SZD1eD?(+RtC4jED^~E=
zCZ{No2lE+In+PGn7#MMLFxpoNfb=i=ooLBpHy97-7o;C?+yx(CffH<hGZxRIr5?Ax
zq0eUZ*rhAH{moDdIwUdL-(-B7f__T!+;5Zp4LO}MonQ&8bUc{dO~Qy>bozo!aPBve
z2@X(G#RP{AlWKwk+LcqsD<(KE{F$g&!Q<?c9nRJj#EXF)j>7bbWnY~)*yC(D&z-5l
zxo);ORahdCKCdnPlw)9Kus-h*M-`(GN#`a82ZP$<-)K-0+vtBs1=~XpKtXz9E%v6U
zyr_+bjnfm7vbP0dE|9-r%mq1t0p`NrMOAOR?^9B53({}9HvC0r!@&Q35d6zk+~^^7
zsUY}Aext!}hld(^b+X`Vl!yGH<2at@<Jil`v0qRXto`kQ-+FNq8$&pK>VYBp)CB*U
zGhyKWBnbXDRmPaXFNeav^y?Hl;M_G@UjOyF18#HI1AQ+i7>Eyr(=_2>{HY!ASnYt@
z-DmJc3+YX;3HuFji*)}O6yA@Wach_}UZp?dLw-w9OxW|$gq?@?>*v(M`+e=?ChQpA
zkK#$$(=TWd{({c88sCo}a30?;>=D;R__L>1JJ-<}AN^GdM)=Efe@JKiZ93y8S;8va
z{p$a4#s{fqyzZl1e#SpJl_+Qg;Hn2b*tLl!z(bLphb|nj4S{IqdPa5z?+cwRdV-;{
z;mHHgi9%=az0mo(s8FCk)d05(ov%TKe&~NKDs=Z~g$gY=@z+$S+bop|mCp*ILXED6
z3e9N!-%_C!KZm74FU-`aQ1@A3sL*Xhh4lUv{wMUO{PX`G>Cee~75dZW#P!mjAcy9t
z{mE}1Bf;cM4KTi#+L==&xi?TdnPgAez1l#(+E<6wz+3YtUS%FX1&H!C?bR=zCC<de
zd$hz+Eb(4UoUA2IGQJb7J56*FrpsSo%-ajj#u*;pw>DMqZ4dQDeom_@uZA-1&V>X5
zJWWkJ4cR%T;j*dUv`L|xwyMQ{yJ`JDh26BjP1iPUaglM;Cc&n)^G*9d+^?41*WR!H
zlYN?fkFrl^_!5PyZc#4uoO;5rzwTq7rF8+ZEbb(1Pl}%@c^<Y%?hE#=Y>x#R%p5Cu
z=GTy{I&K6CxHC&Gm~_&xXq&r2@<j6^Vi4phLb>$4&iK-K@v#9kG*ypFk?(h$my6lS
z0TBBA$SrGCVP8X4*w^}RTheydS<*7lV$<uK9o+11c3D7l`2@{HpAY222wkv&?ahjT
zZ5w<xXp7MEHXP-?H*oy_jhU^)b}F<Ze|Dd0UYj8ByXE_QnNKNq%hm6)yXA<<VegiT
zd{uP)iqA5+(EwW(Ig(SRUnjY=feWsbX0SvJ&@-Pl+7xB9H{obIsV)rlZRNSY@%{Nb
zY?koj2Dv*)9h!R@KjEE$a*sdQ=#%##J+OJwQKHe>?ipsafkdOb@x8}0EFllX8#WMc
zG-IFaWR+|3NL#lwT<n1AUUgHJcUYV&kR{qGGb?JMveI{nt{PDgGD?oex%Wuodlzk`
z713<m&eEW#M;K2S!N+biY2U_8+J`6-4@g%{+Rci@LtM90DKrm1E0j-=dPt>vz@)w6
zY66cf%l=Z}p$a<SiT0Hwl69zJ3q>B{_Q~eYQ^QG%Nj{BShEYm#8XO0HwI|gm+X(3P
z-G7#_eRt?V<G$lwf$Zr4XO4jd(+gW5H&fYmc299MdCl}~kdbhGeH_S9jz*4bEO8?y
z23cdjfr&xZ*iU2PbS-h3k=%#@A~)96jNF(5Mry?27oQ#+pwP{iK47JK1%heTAl}F!
z$W9K)e&(`{?5&3~B`js)5;%|W#-Y3v@h6f09HoZ=tL*tDQGHIr6tpwuM#e+t-!8}-
zSqa}8N5fM7bh1769-DYgeV<9kbkMZ{=<Z@EnVv<kIlNM!^rCfEQ`X<+w{nGzV6p3u
z^Gb20<%77^aa3uIc_tVO?S%rpaL+JM@g4leUlPg3Gd&l3GUg%YlF^U`z1KvKju~7{
z4X-Q^AP5?Hs2s(<z?>)VQDP{1hsMzRG%JO&NaOqSS=dMAguXJMMKl>S?N&8JJ)`5T
zswbqS@lU~+KY5oO2KVUrG_Vl5f9eGA?(Q1Fl~LjNvs)uoo)N7`rQrc03GTWDh<;DY
z8Ra?=qMInO8W)R|TSDKUsHp~^(gETHKoS`s?3TyC7@nDz&A_m8afIkP6p7|-G0;>#
zf2t&yAdDhK42OpgpWI~^se5ewFc~|>IrgAt>62<zQs;e=|1FE(PtalLD<y8#F4DwQ
zgG=dN58)+7p8rmehc3oN92Q-<kz9VS&Kg7h-EuMz^IwDu6H4gKg5soZd3*wj>rctC
zDZNnP5&812vZC-0qoBL>1yF+r_gzoMKMf%C->E}m@C-m;7gETj<*1Cgi^r!@0!{H@
zfZTrbDjdNqHiB{Y&!TmIUFTzLjhUJOOEG#R+VoutZde?cI~tIm6*P58lff;i>be_9
zW%BoL>3xD!IHMl=!ldd~^59k`=%9+eL9vp@i}G&fT9<v&(sBfO-<ni4t`r$1dChdr
z(iHg*JAjY9&T#PCKP7@6EG){{RJ*s+mGu+IBNm0F@=)9=LcJG6R|*e11^S%Ci<W(s
zg2e~|UTh`zL$;qD(V$xxWM-hn4n7pTv#inAahoy56V5wAK%u@o6bno(_O%i^P=&zE
zAt=%pyNg3ms6ilU5ELp9Wa#S*CJ5402+|Y?67<CiIRq9Jf|AVyfuJweghNncQXzno
z!y$lFgkY~pSLd7wA;1HV5K!zn4+W=Fi<vnDXw8NY)O|`2EYTO+&Kdp18U%$J1dA02
z#_H?5#}B<#zv>_J!~}ifMm>5^63cmFzP`;$o>-ty{F;k65$Tpzu=_n}@{6tqE(HR<
zoJhSput+3Rv4Zb8mX}$X&7GNL3*^i!o8>gB4NKQv37^bu;$As|Z*~BS_Gb4v@>c^N
zqr7hod0$c9M9TZlkhhoeawzWyL*BnBuLtEFG~|6xdCe*Bup#dN<(>Zt^QsJaKT_U7
z%KO!jcZBk`P~I^^-Y=B*8s+&6c}FR45#^mQ<jIsbnet8>^8A!HobvuO<ej3tUX*vv
zkoO1WwW7QlL*7}+yL5P>60Tk6-i`8pqP#jo-X&A8O6`nVVz~<6U<}Lnkl0U)c(x6)
z=Y(W`!n1FN>{TJzpY!ZSko{Rm_C=n3;&qmNA|#u9Xr7Y4f^1WWkG6q4do^Syg=F8(
zv!90S?2v4UXBR<s|B&oKJo`4tP7cXV;n}?)yGuy+%{==C$Zi*sZROc#Ut`%fgk-P3
zNZJ2^>~}8)XWw{<ve!X&lS{$bkMiv2A-gCfyNYKQL-xPngK-Z<I{!72!^*B9O<o1v
z$9{rd_c8k(E<=?(5lZY8C>x7qZ#9%{bC0HYX~+D#4EYyFDe~CU-zTaiPulceYN+Hl
zqsUJUT41xw6oz6?KjXLw{M0n1`)#Oyng;6({%J0Kl7d(2vG{z__CFvIn8)s0p7HSo
zSM^MTDorBj>-?Yn(KK8c<c}sFIGw`a_a6qOZ~k}a=%i{r<3W1=ySvWO$+`99p9J6{
zM<;)LaUr0JxF`Mw79V|Hcq~UPr6?rImnyFq=$XNuq5gM>@IN>J_nRr&I35E3FZIwh
z%G$MB*BgOiY<kiH-V<5>zDM9vHLlJ!4jj4^Z)RX`-l_-tt$I4J(f3S0sFoFSy<6~a
z-34m@tKhT>Q~Hc2AU3_K148r9a^iE=+IjNN^2{ZhAkV9XSsAzpeiza2x$t{D{hkKD
z3)pXerrs$?{r6Hag3}J=elMS6*9hM^M%R5OBUA?>sPK1a;>CdP5GDFngR_+{px7?>
zCmuc<nklafe0&(e9gEC^{TC3+c0xHbqtCug$bMAHFW#ZL76Haje&RDy@&_JFegIfN
zr@xec01=go_y@u~?lV&VPv&(oM%<uxN#!2Sk-RdN?5VY;<K9i>fw`<0|BHS4qgVk*
zQ&@F+c=Lhz2j=)*6VwU7XWfJEpq~5+wZL=guNSnU2;+zE5IDf$$gi;v-)k@_FPhb2
zIN37eN_}9><pYkxx00p#mcu{fn4wahJyM+_oRz!YQN{tRmn`va5WN2Hq~iN1J|D6~
zV7cVZdO+IX2fu@+*C+-EaH_xnAz%_z6oC4EOF&2H?5DK>Tlx{_Y2+bP_dXcru6Pa!
zd}xJ%<M3H&i2hFc>DZge#(7GcBQ)@MM7XRi>NNJ@`%*AY&z?J3we>+$J8~7wra<#^
z*9e>+|1|i>8NnxODXM#IrTggjioTZ8zzxvA4FD^?YU%pBIF9Y`i@fQ}x09csv$v~D
zK>fc(dl734;~#iHK4-k8Z<Dfy`lGYrZPq318{e{^(X3<3>Yt^bmhpkwfIrILTwf|5
z((?46uD*lS>#whu2xVI8YmI`oyX#Y;p-fwUE1m`yQTaCpwZFd34G$?ZFGrdKZg^UQ
zC!2oCGCPNW;`sEr<b&siQ2#sMYV>H%hl>B5=^v)38^y6jb-t62Hq2o?@5BO9#7(yS
z#Z=Vq{rmoQHV66JdH<?J=$q9#XFJc#8N~L#&OW8|M4HWg!RD^Bd%BQooq6%xx6Yy^
z<O`vvk|zH)1?^JWXO@z?A;EbAS*A43ES(n*wkdEC405ky!E2CbtS%t38Ppzr6J3A+
zLDSX}WPlO_J`S3JMq_1Gd=jnz_)I9~fSr6gmXVL~@iC0Uh<P4(k@+NcC0BSq%TsPA
zX2hb4NjL3zeM~wiHI$XId%GWjjI9tamW^e$;LNmn2Fd-NL(`EyhJKw-<AiJg<LJz-
z5WvnZX4OFCl;?q-b?*Xy#4H)R=Dp;(Yx3Ma`QU9FA_mDv%K(yQI!HDvx$?(fC937t
zWEfri{VXrN&5T@60&+di2#Py=&?LPI*E2d^^f&&$^E)>#3*vWTP;?fw)yBWiZsw&s
z(u~%a`{$7J77H5m%Y(OG!FT<TeNiTp9pkyZ*OtpxTv4Jwmp#vL&&O8+0d9t6kzea$
zMl-B;A08xJ#h+9$V)643e-WLt9$ASbqHIbeZN?1pJ0Rk`%O5?f*s?n&%yNvGP>g}#
z;cMEgNz<o+RdJja-5#yJ!G*ig^FRz)7e8B(f-915cc%d_jJE7#T8xIVQQyUw@%LEv
zyO94zcTOhQ?!{;xzl+`jfHO?(q;oQ``(>1bt)aZ-6zzhIq><u5;rLS3IJ$0?>OsL^
zwf+pZ^d@tTDe-9p_u+D~iY~{lf<aeZJ$)ZTX3+F@5;dED>O4H5RkVza)8AcW0RV%U
z6tA<2u3e6Uv6}c`(D(#{-1EWQs10W5RR;4Tmz|U0it5J7!Usda`9cT7-9Ek0)~uPk
zc%vrs!RWj_;b2J0O@DV0_W^@hev@u6J!mjXl))_HgK4tWLW9Zsr#hIY-sWcO$|$<?
zQ7q%5;BKsPw$dn8TxAs8_fteHcVa=GZ}36sTt49_cJoo}ru4mh6yJB$jiT@+a$;fT
zqlo6l_l>s_CX*k3Mjge0w`df*G7_})m}{buM01mSD@l$^w$MmG!pKLGfs$iBBvo>3
zAyKilGk0V`pa0-PN+3yb64~C9U=tl#P<jS|-6ujDQb2z8MRH_;-`=P`Z;^K^X%mRf
zHcrB+W%PY_A~IM2x4i8mZmbK``xE{FJ4{~1KhQzoOCOQ<B}x9rM`UOpV|Yz;0W=GD
z04mbqN=<erqU^4V;9FfA*2w&>%VCq77<^4xFgZc+Z8jt~!{n~yWf<gNUtAmAjtmgG
zZ6vpR1|%;5)ddyK$eJ~}8F_t;ZbqJ4qni=;8f8WntkL_U3dmz#CcE8AQRgWt=Vi?w
z)u5Myol7P1DogcMTEDFMqiPgV<>GRxa=*UHZ_71*RQs2crEi-2HUAYO?^sTrsU*!a
zRZGVIG*kRht^H8vkE(Bx-X9h8>EeB!Y^v+C2>bLerJ~RC=*pv@PnNq)EsAq>iwa8m
za(cb`cKRS;$@XjcOC(I;U_``SYxnd8dt(R%M)t-ZFCw0<8&8s(jYF2MZD#2fZfjif
z2)Rp~5B%J*#zL^IF-G|Udu4nYBqCm<ZS5PHa3hc2jY$49RzePs9p@MWn^(pi46?JK
z+8b*OALD<TJAh9b#`z!lc`1~s>+8_7QrL$)UD8;su9)B2kbkRW=C(5)0eL&n%7OM>
zFg0dpC#7<e*}2?dyH>e5tL$@wH!o<x?nzVpOwLbGs(m#JswEq$9U5lVYIuf4;$!bT
z80JG&1;n+1k%C{G$mL%<3-Z!WIPSH1#-t4q*JX7xm(Ftu4V=e@dsDi>HaHm99)NZH
zXUO@iZYHbqt05)xx<v@ZJ5>|eWl6ZOYZ+pj${^Z!kHD7$C-cSa8lU+t0zB9N@XZJ?
ztgq35b#qTCkoVH^L8Uc=#nSs5&_f_G8&QteO?nRCP5!wX8P$KSz(23!s(Tdok__9c
zt1rRo7r<=hr5_W^rkgN=GQ4QR6#HXU{S`K25LY(OeHsg<o4^{k2Rw(OO<gHT4cPYG
z+>kEE#L%1ykbNg(>_20dwLCHVG;pyQVoV#hGowFVEr9XumPy^y{L#N3d0Dz}OiJDh
zN$_JEkAZ-}BKJxaa($b7x2-~MY)dY8?~Pv|t}CA?PGkR%E$3#h?4Ru9J+=-tXNHK=
z8=EGI)Avpk9p6sO5`Wm2?b_$)dL~ocyv=SZmpatg+}mvxzeWyEPi*fPndu!8n3&aJ
zZ>D>j^AOl)vT99YHrUwTA1Yks&L(-L-8OcHY^4<z|Em}SU2=afuLBoI2&B70s`xq5
z?oMpVX0&NEBL0f1NGXt2FIqQouF5*nr^IJ1SGl9PHdmU0a4D>tlwL|6z!@7VmYs}*
z7;$!9*q>}Sos$Az8T9LwdL9q1b5{n@MNl>rOV<FO?MamFphJ92uI`Te^vl1s5~wlb
z0G02(YzgXv{#wQ9#`fgOl3&<D>|+bD&A1S3Uw620hAl(7ei^o9vq5(}lPzxEZ8Kf8
zb@;=^rj4yZv}0hlR|-tb?og5K-tGJe=6~5bHvg<n1*;>vo&fg3^aH!~fC87rztU)5
z!02Y#gTT<3b~EJ2=Df}<K6a;BP+e!((c9o}%^-MbB-(gO5jbHv9!GVJF1`aRwS|@9
z3OBk)V4~d0jj!|$Fc_RPa~8&_dKUW7A!=J`WegzeLiFPSatG*Le(#l3?$U>|?}`gn
z(5BQg<_Z(83zF4TetB`Kz&f3B|15{f-SyUWj1qm;5V=l+e%TE&P2Xjb#ztdFJ^QS%
z${UsUe)2NM2%56t?CwjTs=2PoWsTYBx~dk<{yMB8e#_{>=zS9*KTGC@GkQG7uwTdN
zxq{q(h#B6Z5tBPcgM^4wyl4-5i>oB}r?j0zH0Vo6{Zw#tQcxuo-w?jI-W$A)Zi)8v
z(}-$C*NrB@;5~`uh-I(R^X-ueeE#chc>e2ZLi=!==TWQV`4?7$_vSmJzz#0k6zyz@
zHp)GN_ytzpXs`TekiBxZp0<jU5t);Ak`<&9DAXSDFAU6xQ4>(+1xChA6S>a~($O!}
zmMI{A%<_CE!@o<9G_a-Wv-diZ0-P=fw$!SzrE&27i;1~fVvdnljp6Q6i{wd<L#(I}
zm+`mPf^}$}oCDd}wZU3#J4vgpxQ<H2L#c-lN%jX^mC{vnC<2u8;8dWTN<2-XoYjLt
zMsrgp+k>Rj<wr6vr(rCL-BT$Rg(YY`vKR{21*E9$Vg}(snl1gL^A~uXE1oBaPk{^_
zT3Jie>mB$SYt2@<1Aq?F|C|E8nJ>6c$t!!Sy0N`+O~A?<AqBStw+tq|#0~0(JML@@
z$UCBc;k<bp{Jr4)f9tjG2MfLhqyoD_KJQ{o_cs3Ws7+EbPSOCwBz-Xm`Yqj0oJAGq
zEUI;!1wN#dGGZ$@+DSA$_V|JzdDGb!Qn=h~?k0_&DefNp=oll98l;z;q0-b}NzRC?
z`5(O(9xS^a`C0r6=+F!}c-^%SU;}^6xaNHZOwLuPfp%UoA|86^l&g}}1@9>+*4})<
z|B!DV7`)&C=S^&Q#MT+r7o}yk^qn(b_q8SWX!m_~&3&*5&RvH5M=9F`s~Ot{cX|%;
zl!pN1og8HJCxQDDe3!^c8oYNQ$pfxHh4-}q!SJ32cq?hMgu+|N;N3|GWcB91f|u{x
zK>+f5lDALK2{{_K$S9pf{^z^&%nB*K`e*PVxAlvRU`+l*|00_BVy;?|9&!^_U(oKp
zFYoFO3LNdO36S{ou0IKRS>*R0V|Zsh`;;HAx_~b=IqCFbGlc)`hkv&#<WX*TtTy2D
z;{0t_X=2Njx(j&pO1gG8*O&O!tGu}Zt(L#@@{kVl=j<1|?m9$&e=b`sl-GGv)lteD
zSJVa=N~X3j<$1NT*9$MNJP(MS{D@cQHEbIDpwNl#?S3D=jQJ`x(6O<(of+Nu1adxr
ze}ISdC-~F!MY{0*Eb<3&B=r4c>>$D4!arYM$^@`XSLMTx@uE*a(L4Mj$b;8k;h86&
zO%e2ba#kpx>`#JadA%<!%U?Cv9~wk}{%B7CT^ut=JI_Y{Vfd1F7D6AmQLS;d1)WO@
z+_7*<ylg*A!j%H_yYRbwxeolJj|BhLc6R^1no%Bk@;?T=)a1y^s6kNxq+@IzLuwri
z{+R;u?pJC9jGHWCdCt>V)aY)gaA^uIF~B7^dYl#ZIB|>&h!*j(duW6Z3K9oonFh$u
z5gZT<uMLlGF%$8vR^t8Rd#%zxb$#-mDS{mXFMCG^2^qq_CAr8+hpSwG01^1qh7P$$
zuq)$R(I|ZQ#0FF=i7+VA5%&SPMVcmBIE)3-6)MAW&-VpBC|lsFG@RcAz3<G;;KeLY
z9KM6yihr^J3(%xt4m=j!x?8EeL8;A1JyzY&2RavTtzva9P@T@kI(hCYc_FKoS^Al(
z?PJ-Hinz2LRW4_hu_tenenA}$!w%6kADfCQwSFh8pM~|ap#FHOAA|L?)cW<Y{-dlG
z+krP)W2t&s`G$OKpa(XP4Gq|+fq!BH*=hs3QlWvVf+suDlQ$1zBZ3*A`$_Je{29<;
z-I@k7d??6%+moFJK{y#v-ksxVoK~`tyTJKXoA>sDk<ZV{0s9};B~U~Fd3KzRnakX8
zb5QyFp!`h;;<FhhL9JG@vn?B42c&FGU~1UqwVjgrulBJl^9IVCgqe;T)aO8AMZW1{
zR$w#-^;tD8Pmn)^{J?g$*9)Zd(eaY#YQm_5Z#J^}H2xta^U}T$#Kq0P5(=D~rNjf*
z_-1<;5u5N`@*V8xHMu37(K9i-0;V>DdplbQ5W06Vxb9Vm2XMBN&9R8#=&r?xnwudl
zdWxzfyhm>WQ4MatT@~>_gtL5%^$D)@y-P_~<HOFq1b=fSk2Mbd?4fyj0_<~8%0=p$
z0YS_5wI#ur-Yu+iKz7+l#4KXjtz1H}nA3mttuU2@*L&6iP3@=A)O41(cI`DO|4Mp1
z9QFvK49^BB(_PWII_S&__`XK3K5UcTJI{5<8STH*{e|n0Bj3FrEC}rn)ud%7pSOEE
z{X>E+4iUSFzsZL9a!Ju##*r8c@#S`<<)vS6{)!`mCZ%!CdFf|F*U(5o@n%9>-?Y25
zJX#vJpEZL>2?VW@qpN~>ToPcOdItV>Zf^+HG{THGLIuHjyyZxv4oc~}#WK;P$YIQq
z>44;J9G`qhv7_L;FS}Co#(_WxST>ph9zVd7vdne9xDCj(Z|lNVH#O)!xivyiOa~Sg
zgHYl|CxkPZpCqNr&bf*rK!M_|?svH@U-kmdLOT=Kjt9z+rg%N{xDj>^Z~7PFW3$;p
z`Lo#a{^#RsF7GF>%_q+Ro=&@60)V?R+6unuXgoLtI%*N0=lKlKU!LbpK!17Z$HlTX
zc+{)xU2CL@8a7dkdv6gBbfu7UuoA2??CuP0{F$D?u0XL382uS$9%CH_$JR|fKR43(
zIWRO=J3qlk$8i&z+=Pisbkdf5x#w(@w#-j*CfeC_KB!D*2CBLDne|dG_;-|dx1lM`
zP}pRVVUS1|lj~lXxnXSPUi#>oGxs$@BljqVdtB(v-0y<9_}lsi1^)~EgBNFC&;98)
zPl}+(V*n|VC})Lm{h}OTG_O~bQ$idR7Z`2$8@-hOjb6ZNoAFH&IB_-J3mGcN$W-1p
ze0N;H+eyDHw!b_B;^pY)^f#10e<U4@f=w+O!fV{h3&b$WrcK>ZCCryd7mJ_y-vj*b
zx9qQv%!syAjnmD{f_h_k=0Gh*{OotfAccR&^tn8}qmm9aKjAfzMU>}J2|=rg>3ey)
zJd$zfqx=Q_J9+(lxz9p=uVD1SF+{!lw1?#0{vQ5B|IKP&4Ir_-zm2~&#FWFt4Ebyc
zOKf29+-s4i-#}2I=ihDn>B@wI_+&qUa_`7NM)`_feJTUBNPxK{IlC9E%z^I&Zruu>
z$c83J<ekFqK@TAIbiY{kwSb<1;e`&>nf!4|ylRZ!D@UOWWP3Cgeg(Hjf4DM#)+!d2
z8lS?X2+31y@KFfo5~E#5qwudI*i#nk<$d_-rI+`?gF%RY!sm$QHg>~Xg5+u3uw>3H
zjPQ<y=U{ffi55iH7&Px>1NPm4oQNOaDgpEys9U-tL*1@yvRfX0g0WOdZyEOG6S;^a
z*zM^E-JDOoasem3aD8_n?0pFJ2R!xR^$x^q15oFt*6x{D19oa<zhL$)7P}{nVr=kG
zTk;Gw)RrPKSB2M|x!#TyXETW+2;FtDt-u|8GTO|sKbabWk3|SxWyct8puB@I*X(-z
z97PvL5!X?K3_|SkJqS!;Ot2JvZ3Nd<ktn*_G5On?wy4KI0#(QX)hYO836<TyA69k`
z5GV>X?Gy+O6w!1r2y9b}rl=6uxC#)-@TZVARDER<UoTQ8aZGT{&b+2kw*P)u**<`z
zsKLZ4APv<(nxt>|H=PO$y4fX=cq}_hkrvBt3IH{RRaWb6<#ktR8ZQWxUeiU<YO#Bx
zCc70C5VR${!$f!ADQ}Sq2<kX&eOjmE@bS|+5zCuTD>@D@JzcBmxT&uYHZw7LNrqI3
zry4_{4dba+1J|1ks=cG}l^{17&b{RMNImx-nEAP{hv&Yv@zh5vr(Wt-U#gHJD3(2V
zICRrNk1WAALQkZrq!^s(t%r99JV;4~J@D!@P>LvqJun^*(gba(?lY5aK!WZdG4}uR
z`L>uW1*wK601?Ln6b;9ZP7!>DIYm+N>e}GzP%<%4^4>QR1)B8EPlbyqhZbNS=u3CQ
zhz0m63HL4B5p7h%0sk+n$gWK=*tH3IGd=YgV|#7bXN*3V!zQl?A0=*k_|j2V!iJi=
znIxQFz76c$of_kG2TNR!i4SOr_k;Z#CQj25ryB1)C;7Wcw4BUV*Y{J%yGb_JxvVc+
zpg?L!kc56$6yfFRsjNV^kODo`0$)P`D}J{8yo`~Ab}RHG;Yb;g1W6?chn5jZxZ|Vl
z;TFI{v$5r^Yl~Mer~u>v0J5ewD#?Bio!n^o+hUR`Cdie=q>?knuCg!*^2a<ehb8*_
z3R}c6!<!x*W?1IYVFr&!!3+yMB!+Fm0~Fj}tf(NR$#($b4f0ukBc6MUnwuf_h1@8N
zVnB>b=VB!`L2R)S_O3bqWtF3gx$cr0j=`B(R_+`K`UFb+g|koa_zV8d6ntR~{rMLk
zuT|bQo5njTmnMPzyfydQ@mk>~<NlA$eGV8S#-<M~P{U}Mh8B`Ckf%Nul8LXByY`7o
zw?}VxL?)N}rQ~wFS9_xpGe*!0FuQc3#)`ZGJSJop*i6}lYfR{L8}A<8sDZ9rVWaX0
zCzrEwET0sGo~9S3r-43-Wg}2CDl%Sf+)fZmYfR!&hF{ALITF-f*9{Kpb*8RYe|zee
zmFs(Zp0Qlc3UY51!$Ct8Vosr^P0}dT1hA=p`2HzcoYGc}xEc(9$b*X#2s0B%J@S4O
zJ=;mPDRI;K7)3$Sswqf<{J<NvZvm-Pu{&kdbMxu<ScX;$O|Tb=py49+Sq!?67iw&p
zE~I+~>O!vK$hJWlA=?Z>wjDXL9rr3B+YEW*;@W^V&7>mqbU98lgjX)TVs^%tl{@U}
zlttbaG-a(>TmIYGmYk+ef8Rkt(|_g_-Sm%F%Zb6|zIf$oo8!GwwmB57fBE%SaC1;A
zGxLKWa;dpWZ8y}mD77bGK5`(iB6iQp707|V1G8pJKOvUo0{!#Ou|OMstHxjBl)cpi
zq(D2Ov1BK(fk3(41z_oaZ-`njRW{FjD=`k9H7a2*k5(c-5M^iF{(R&6{ruqf`@Xh{
zQxTbyb{XIAiFb@x14j?E(LjT&kR1d^Pta)r&c0+oJX=9fPu0&1n~CgO^8|VP%ZUO;
zDz|y+l@znvfGbh0^Hyk`W>6;y>U^Tq83LBibxNJe&^m{QvpScTvpV0ywBw2gH#=a2
zARkyBy5b=Ghna>KZudd?;YNyH0=tm}mcXEWGg;qZ8{OQWHCp!9jdn0L3gS9nyQ?+&
zAT-+ZuN(ccp`lT@iTZXUeS*Tc8`A9FA`3{i)<l!o8fMS|+xWe_pl!V6C3dh<F&?6?
ziAkA6R&sy8pkuT2rC`udo&(rxu)>wE84uX2Acp&ZQSp`&11*jQ9u5ISX3uJO{|UYl
z1Udb;wwRp}j^)EEl@%=|05>6)BDADKLG4QnD5wWVR8=o3C@8gz_&q&~%%eb_jtXV^
zMAxY(^$ryg?0E+~awwj40GnkepI5GY-l-TQGC}|TK$Y#Du^G4y?MYdQO<odT`j&RK
zk5d?|{yr0z=r)JGjFir{hXuxiZfHE21(GRKzejX(KvC{84&{L4h({J(<V>PGCfDOg
ziRJ>qDX;<o`OD%|K71exe2S+8O)*Vt1LR?j;6%d~na}vKM_)isDI^Q)sg&1;PXomy
z*G^2NM_uyFF}^rOP$R{G4058lj&+Vc_CPPu+vJIv6NEsE3IHi!kXGKNt|WXFfVAA6
zPB&-K^(4f?I4*?sl5vq90?L<%@rL!@@-W`8p2NiZw8VQ^;zCR;)Dj;I@(&OojiBb^
zz&}8UrSo8(edd9%Zm@dr?C&7ELrC^|u5R=RWWS3q9zgI7@qZkR(6bUquKm+t&#9jn
zkNz!N5E9t<JllGS>d`-(8g%quc>Zb>^VxZNnm6P5M1h}hI4f{&;kbZ{HNxR7On6#5
z1p|=wJm-iQD<HZQ`Gct3BJUonN)i+|Ln>;y$9y%G2yI`6KbgWW2*d$tERkYM1)NaY
zqZ%iaIQ!b1(8<#}PG~`)ffL&Mhye|?<ebpm&nal=!v*}VU%CNbVV%=`K0$|dALtV_
z_3fVv#kzc+%J#!n@J7vGoo;MOU16QypG_28CmlWX9dR1ak(GaYSkUZmV&(lQknbGh
zpP<6>eM%54&paCp3j+gp0{V*B2-@$Gn6;ZtVv9%6XkU5+pMlG<`UqAX?X{LBB7Oia
z-_|v|kX@?b8ep&kZ28l}47VgdqrdB&c{rD5kuG|FK0#vX40-bF`m3IL@%{JNu-9bA
zMZ^J{m%$<Ks~zH0miRU%-l8QA33G*fD&)Gl<)UI_7&nHU$`3=lcKnMMu*!A!u>x;g
z<YqAd{qjfYx|e`V47YQcJ(;djM}Dl;Ogu8=v6K0Q6GJDe$#?T6tn%Q=<i}ta-9VEj
za~pBBXb)CYwWevtdzoYG<<cbOT3gM2(MtQrfPlZc#l-+wNb{lrvsv(Gsh{PnyuXS1
zSusz6>+MOYgoOO9p`BIGPD6kK)1Yf{-GF#dNo&Wchq621{4^M-(|5_wC<}mJj|=k0
z&m;;3+o8Pz)?Rq|FW%y6@pftV47Ph`gPRcGjo60VH$t^<!6Z33NwII)8f4$H0PI_$
zLhY3kLQGmLW^U556L1}zRYGMA2$el`k76P^Y1$+QiXYwi46#`?xmYB}XbC}LWD8-m
zd5@>yT|G&1$H4m{gQHMIW{k0l`l7Q*AQJD5TEKq;UC&3u&;n?xfPIbyWM=i-G^@~$
z$E7Nsak&8{2l~J$1?agGW=<c&Am>19!sv<IV2`wOz+ex7{bo@L`Y6P^k6Q<-8an%{
z&SdvN`rlFW`DeJ$+4j)T*<*j#!T;w2`q0@?<y{FGCt!h%&vO&KFP9{0PdIUN`QejW
z&J8Dpg^LOZ{Y=48W0MBb8(9Krxj+9H*(rzYhq7uCIOQ$9w!mqR8aMPuHrc*S23cMM
zL_Hk@-_h{NrNq|w{(0>_dIyv~ilLAAKtNFo#JRX(jxrYw=8)W}3lDzjn~;js?za84
zLBTJ-nV^~8ZJ(g%*lnDkC<L}vU(Vi~pdgj^is_}ScRGrRpo7J{gX$mD4xr==wZ#V~
z5T**GU0a@nLDkq{kA@(cp22xuGF)3#+ZN5Xx8p^+vz=QBp~gj>+;1HX9Nths;o$cl
zNF&YytX0faG~&Qgft~JX&_lcXa4k9+wg5Vd0b?wyULWqbykR!zqwOeSS)h-`O6IwK
z1AVmP^1V}2RKo>X7z?U!sT`O~a!DL1!Wkjq{THbHANY~?j~4-3`j5f=r}6$-R&f7^
zr@#q~`m#D-*r@1*MU(u)3*>$^oKu_U6|~GrKP;AQ!_&o@@ZU)BxL6}KmrbC89*qT7
z;$>&5GP?sV!Q4Bl!0tf*@@O+Db_Y#RP|=0IXa0SAgTxYB#nH&Th}E>F$HBiPo3v<o
zWvz*8oz=&=3M>IEg8^Pk*!&5OJ5h1)`d;Gav5V35KK8TCAvo@a#*44_nIFe~y>=lB
zchrP%Oz%%+98+Mio@1(*N*t4gIHvN2#4%aqv=`|i-`a#8?qm303;!F<{`wcFXSeI0
zCbG?uzu8D<cXl6D&RryL;)xGvi5B_XA0};IC)`UVGWw|R_n2<s=?VIp?_Dwp{wVd)
zy+9tdk<Mq4oX>lzNf{LWy?3!$jh_qjo}82{;4V3S$t8N9$dlyE1f=(|D!p$`9!eB~
z?}-c{_yr-6bDx7ku0!Or)sBICi7HPaafjk+7np!XL{Hr#6ncu$=EsajKM|D~agOP_
zhvr%Qp}Bx-@GIt7DBT?kDpyvZv}5VY?v3hgC0fre)KSOdOoq2Hq@i>?XzDdO-zWB0
z9SvQ5PpU$9(X3%N=LH%mmiu4bu3GM2xG9X~{&)Okmk9Q}_<Ryg@0w4R`=rX01dM>)
zU8vgYb0g65jzs;d=(AY|`qVvCn>2N1(g9HjJ{!o0Uu>ESf}^8wAW4cNg*4SG1RqGG
zHjs>P1L?>IlE(ecNW{@xd6Wi1YMx1Yj)uE`__Py2O|CwpzT{)lJ#FJ43c2AM_i<dr
z2l3R;x<OcJ5G#~HtP1u9G59uh5Z;bK-XMzkbM`7efD9VI06u^<p#$KaA2#s;l+))u
z{8RS~jsw`w2f*DPSMdRSRizuin7eTR7R3=njOqx2vzGJoRepGC(G+$PrgPSEraF#F
z&RWLs_u@2w-pXAzSjlBW0(B6zmBX4u4j;zyPn}~21YI%{=-kzDK6m)gTo3vi1qgZx
zf9<z*Aa1gN96o%)jRceAd5egj1n}f<rqe?n%(=Xcf25)R2mXP&d#k2%9enwf>EYN;
zKe3&Q&B1Kv#$H@C3ntMjTZ@V948clelWUPB{N8<SmhhHZ<zhO4Erc({@I2iJ`OBLG
z-@~<GeL}Rn95%V~a#+U_Gs5$(9f^1C{uh9rs#6?G{6Fg61U{y7eE^=x!XTWX=um3f
zhK7VDB_tIjB%Fx}u~bv4qLxM}N>Z_uXc9F&Ms>MewX|1T?bT`(rPWFVp{T73RZDB>
zNyl1kL_+3!pXYhcHZv0L|9-#k_ub#`*5rNObI!Xy`?6^u8|d+BHL(P)`$Lm;>z+DU
zx9&YA>()Jbva;^&CKHR>nx|i=GlJ4DOx{BjrhK?&YW;J#Z-R(J!>M=To+>R_L&<Q>
z{`#fgBk%J^8tNZeqCO(Z1%8iA<B$BZTldIF^^tUW&~Sx6?l+taxEWgV2^*tqO(9<x
z&p*-SNnQSlFFPvvCpPn>5~0J1!+vtNvP733R^DFrFy)h&-%+hskM3-C^riBVs^=v8
zNYzK|HA>Y#nEZ&W)laHE4%p%xldH1@D2Kh(4%dPl8>P-kQeQ}tkbT-Yu_7ZS<`kP%
zs!spTm`gFTF4O`uc(O=FPnHBT;}X3~fYiiq69&kPUCv00|08>eL+TrsD$TL$f@X8F
zdY32L&6ezc13<^Ez6O6IyXslQZfk@449TpfWgC)N>4e0)&`+*M!~(bky|hcvlks&w
zjA4A;z4P>ZUD+7&da$Zq52t64*TbkK9eq;#Zm(8!Q~6E^6k~tZAU`cMtNfEyZo>K&
z772@22NPoxp*ko=GoB-aNm3sGKbt0f3c^7eSSm5CpZig(r|)?E`a2_gIf^eZp1qV-
z-yto&;p!I_%}WQ%Cx}tbGzqjqST*ABb0|lg@~yIbG>F%1&Hk6MwDR*xX=P6y4A<<G
z_)gSS_%L(o&G2DIxjrV&CsCILwjdGsun2U1V;>QL==_KCUXY|~6#tD17u3IG!J}E^
zyyT8uepttQ-9MP9y~2B~<h)m?!m<o<sMLOT%K$7(szUMMK~%y(i5odJhf{pcd%2zA
zA%?6;j1vQrtJlNy<y=b<{rQ|-%g({oFT?|whz#rUcEPlE9?}ug5reuag$#)Y;7m*%
zWm>aDbz19N1en(I3IkxKY4Hqc)3a$>cC$JyLs~04u`g%CIZHr)rtyiz5!aHaa5Gp!
z$F)kIv<qh9{aH7Y7t@I);0mTY?jV*R4#l#KCrxA%m^ha+1VDbieVh{}81d(i6K;)@
zKYTop``HFg_I<TY&GwCg_@dc*9B_IR;ea?52mCgjaKMN~m<l**bt(+9UrXK(jiS)`
z33mGBwY+nuMS9)2O7X)2XMtK4xOo)O@Coy4rr~#S{Zpu1(T|~`CR%bRT&kDH>y~Q4
zcx9>PjMt}tx*$I?gs9@yZ91yhZ-_z_ZF2V^zJ#<rf8<5|BTa{Bsw>M7#V4wIu%fz(
z;A(7({O4dIu5lEv!|Ca%aXNbXc)Ok^PDnQmCPEs%O_{;RgO#^0A54TauH6mf*IdNE
zSGdaBA_8%pj#Tu02l{arGzPo0bPpU^i&=@$muLLjsKUB;TL2Z7W0P9$QCPhjmii(d
zS*)P=ukWfbmQvASUC3@Vp6hqKa>ZDmcuuPtPx<z6(qF+~<is?32^)B4KAgYgufqZ;
zv6K-U(nfHbHiEG*f<Llbg8vzOBv<|ZAHLsjJ)APCS_rdqvEtrj1+$NtGI@ITxZJ6J
zVud4=(7IJ;x>ua1u?Q6VcXJbZ-Jw1zhH7df3^l$qF(Q4i`nD$gZ8nD4;}A;`J>XWu
zO&pQ3RoH0OrflEIw@rR^3|~1AOY(>%(x<-ya*4sIyf{uNrxPYT4UiK8qrY+<#Qdwo
ziT(8eabnGsHaY!vIz(PbO6^X$0kf4ILa{m)jNDnnMYg(%lgF;!s_XS*dP}V07;lAD
z1TsQsdiUfm82o2Ldj-1iYQ|S64j9Sx7L2_JUCrqwFc@)2FB3%_ZH=9JKu0fw`gf)E
zWoT|mbHc?|vb=8R&e+Fuqc{&6`xq?nT2x!(yk5nn<57*$3S3qy2ds-nvU<XF^?&>L
z)c<wfWd8R)hIk|;aB>mupiflNfQK+D2~G=-6+#WnO)3%5EOPS^Nr$wroVbOr$hY>D
zi`rKzZs9Aa)wy|vXs&O(Q|Q&hT&2yE{mKWPCNBev;W%IGr9~1<o}gK@R+tt1z!Aer
z^+;cxNG7-&9%;*++L7MWy5=MO_FmnQzE9MSbU`!2k;d}XjCO=QtsLpcMpa=!GYjh+
zrc9RnUvntK2|!M>*K8bX=8*3hr0j1dp{r?`vm1&OAR?Fj#pHaD&6vDZ1wAlLbKybM
z5ybYqTPMuamEV7y3o~V#ssal3%PaNGO|ZFxsqE*<fL8eu(pR*bSu+bUu1aw&U&pqs
zY*=7-`jl#2mfwU&!Q#ygO>O#<q3OAAbcQCYZ0S!aCopxyM9(zPfrpe=pf3E{KlJb4
z{NJ<u-&6eGU-4i5qP-(^A6t`3)V`(hV{fI>$1rScacWmh+0Aoa)IVxgNrpV~J@#-X
z_2J3zfrjdz15<TrHhQP(Qfa{5mhJBmO9fX@zU@6yZG7EYr)(ea3w;ZFTzZ#!ywO@!
z(_{N#-acRdWK;em68?TE)MJ$PB(~qj+xxW!h6iSc@o=C#umY2#@i(C-K)lPD;gq^-
zx`gO1KDvY#tTpNqUNZUV5-fh??QNm}IbovIAb%qzWDJWb5*h9vfzf9%Mfo%5nC6}5
z*@@<z7A1-B)XQ){J~NB)`?L2kj1FlSmxx$jGa~03Vg0-yDdAi1-h8iR`f4%1*uwhd
zobY_WE|0klT^>X|b>ytE*EROvpa~d5nt(f>uK6A$c$ItbNdmhE9oe5X$n)ij3xvpv
z)w(dF<#S3-&1i^7j6hz3p{EFNcS=`{7#R!(red~_o48J!H7FWwK#Wv8brb2oxd;X2
z6|gg};s@<hd3z#n&*jfyxlPr}e{O5=D{I1#R;o$!X=?sdl-`?y3-E~#Xl&lpnWLB#
z&jolxa_2K#fY0=Es7Qp<9XXz`c^07ZIPM}AjRLYOgPqbW#PR8@!46gHXf`5SrOfE<
ziE+4q?9tGWd$`F3>K)ri$b<vGo#;JUV3b09OQ;=VkJ;&XbEl33MD<1?a|gk628$u_
zDigY=aR4#7IhX#)#4<@SSUAU#3kHem1{Vx$a)-9;rkPpTpH&^{&x<t33T5zESCS3h
zL=v)vOUOre=mtL}2?rm?CFE|6iG*d63r0Uq!W>gbLdKd9OEZWE&Xixu@YjXoffNb{
z;SuRBGGrkiIYP$#>n5Fpjk-!5<J46$2U?{boUCV}&IU7v$nD48^a)_Q9<e<!THW>P
z6m8cZOS+|9Us0-CxUPxXuCs;9uqq3Ow0{#{IO}Ah{h9LkhuB*AsR{x}^1*>c_Jib>
zvi_->@yx<%#bqQV4r+i^2YlHojoxO;yN6YAzq~blc>L4ts-wrUK16@(uGf*oOnG4+
zl8_VSx%`>t?3uE)cw|e|qw>@+<)}P9%;=%gkH2^II-Q3KKGU&}reeRVkD}4Oy^kX1
z4^s(RFo$N!^@b7Eda=1W@H4&X0|V9>2EMnq^2TkwY2YK9tHDo$oBPzyn18lH^GCDz
zY0i6h^r3d|)~k`)x%|!3{wbDUL1AtZ33G*)I8q5wxZmn7fw|wdT%L{dF+TIe_*XJX
zs7nmQ0VhJ0i$0nXba)>>B`BsDRg|D_ZPi_bjy*IbDDbt76dfC0gb-4B$aN>uMTnC}
z4%L|8y5H-W;FC{8(aee6zl|o`u#1Wx)-_U!0o-edA$~eIu)>!+;8l&%<_=hciR`(C
zxu+&;b8qB7cY^|WS&44$F$wy)uT>SmA&R*-y|X&_utq-S-k-s@$#qt*|5ft;vjM|c
z)nTey-t=UHme-toOIqHOTXee7obH;I7sjq>dHL91xnCXo=!QOHzdy*R;pN_gFFxuw
zaIVySJlUYst>|-0O5G0nfp2<1uhd;jML|*P-hu{xBt{+hmM|RnUF_$lVLo#x<XY;5
zMlJQ8k$!WaTBM=*d=9+)LJ0qJC5`nnWeywo9CURUU=HJpb#thQ$2nZ&WH%~IxilD=
zo)k>S>%ikgc435a+d(86pz75&NT+&jFi25cng<0kPJdxSEp>&TPh_j6#N=YkeTba@
zFfqA)IH_O~348Gqf%wePh|g?|w%mraCDK$jJ+L*oN#N=QUmBWQU~`PAY%D3LcRT?f
zjM6?BX{2^PR1&odkso4vUbfAzeqyLs>ChEAlvf87Ketw@<S<VDW+1I*wEXV`q7dD!
zDpgsMKoVlbr#h+<C(le!f_10xXX@fJrLtGh9H?O9Mh(>M;^2Y0T}&CM>|*zUdRlow
zz9WHTMmUD@T;<C!40D2}MgNE0XHOKw7q{ilo$OA}VKJ({`sa3b*Hr1>_&xWZ?mBt5
zk^Z?CyK7Y#3cD+mbar>HZr6g5TQMqVQ~U#YJo4B9JRTX==Z{9XE-~jkU-PAn?M_Sk
z_9up=y;J>6)9$pis~XYLu4n`zYNCI9vgo=@C9f#=$|P{1M$g8eMZhNf!By^SKLM3{
z({M^tz_r}p=rrzoki!vO$3XMj?h8;yGC2welq3FZc5A)A=E5|^UlaXB!^2f~%}#wN
z8Dxh1LoE4<!T>7eVgEozC!eqLZ$|KMu31ChBzAy(vjyqb|B!8I2LDvu_rC27=&Mz@
zPohK%Pn3wcZ0s;>s)yxtNIhX`uAnD<b`OS(b}(eWQN(pTj&!;I7%FGavnb|39MM_m
zG)&j29qW|GhR%I7qi@znGwv3AG!yyD#hZP3`Yq@qeM4H<30rfLG)5ouf8XQ(zIl=~
zNNl-<UF2yQA&*<4u+bxy5H}he#yQJB<kxqYIltVK1J5*2RWpfld)~Oef%?RF{zQhn
zv@-$MHqd2TdX6_PYfyW<J}ApU225t>AS$mH!{?WfS=>d1vYc4c%Js9{dG{SAS8+^H
z!A_xIKSonta<;!J=3h+|78OI%@w|Cv_VC(JvTU^1pC-8a1@l5EGU^d1M|V|}ZgWU8
zETYsED(rc(l<}oWgY1s{EpZOl<+Mnfqu3LiGNA<A4ARCF^_4=NO>t+mNhvH!5gdn-
zimO7?BI`Sf%UGXcLm!d%*^yLyH55LO62FVw|8Xb_Oi(d=t~s&1)RNQMDfMNaEQ(8$
z23pdjdP(I;W{XfT9WtjSEn&cjG<F<ptVgD?#~|p@hIOzqSgsKkiz=LCoDX~cKz2Pg
zsm!u=teLg22e#yvwSYcs6ltz2IFP2wKs+7TkWWBc_F3iob>RD+#>&@Je+-A~Qd*?N
ze+`moos!r(IpePi1>dsO$FI~EA<i6Jv>A5M$C5V_l~{89d0}fTMs^d6&j(K^r~FXm
zQo<Vdj5dW{!EvRyIyA=XlYcykErT^hSU=pHR9<4qX_O|VvRM_g?*V>df3f-Og!vS+
z`LI8smW4K-G}jMlk#{+Y&$9XKruppbD}_Iw!o(6bp;K&Acf+P8$A8bHAz+0hhcyk7
z9Bv2(&k^>;urz5n`(g>^zhb}H_m05#O7MHb+4o9x-;2D>QT!+S*a7<3fxc3!mr~qA
z*td?bZyii3t_)3yIj8lPY)R#P%$A(yY0?<Td>7}5($Al@MgY2H-`k4c8^gZ0RsX$K
z;dH8x&<BsO55Ae?o(LagyX7gq9-0*Yr%*T#9AWZKwn=fFOB4Qclx?~NrdbFjdR<;e
zz3XCru|1iQF1EXc3xFf)&Td<FM@R8#yX&yCUKuDp&|w)eN}?qLFfW|{!a3J?P%RpA
z9j>j8_CJUlE4=u>d5-wqLcwnIsXQ$fUk?`J_lYi<!U=@rV$t1&k)TUraan@6ksk31
zqL6Y)G|QsU`;u5#4gzsvb}P{}6xhXte_-PBOM|=M_u@oXu_q{ICl2(Gvz{!vLdw{Z
zIb3_@HpR5Y2SwLUPS@{p#vt%&_(d!{fJ28cv7hCt?p;j%-62shEuIUDrvzleTG$>u
zgXS_!>4kG$0%`v_jw5X&mz58+Rb}NdQznm9IsdP@N-2Yv?iBM&Y=E`W$^B;6Ad(j|
zxrd4cw1_6sBBG`#3Vd*2JPd7$+!2TB`kio+f)-r5L;BEfol7?_ci~#<>(cF5r;AZN
z(ou8ihN$f%#gP>y>R8TltQ!%<2}A?X*-PYBElOgBXcn_5cL&C8uX>=1=`%Cik0O66
z=NMBdj`>G)H=EqMze!$`qIXzXx=6_?h-IKV4^pxU{%1l*6PA#^#2%c*MkmiSJUB*u
z5KMA%W%?DbXB%tpzX%;%-fc@k4jH<t&_6++cUhl%sZYx!r4N{=zIq4xtYLl1W_bg0
z@SUijbW)zfBuCC?@9L#e%5!~G3y)Xc7tQ@S{;gv&GvtlY#AK$+tD`mZj<$po;=3U0
z857dew1jLSKxFEW9vsthF{CRpq+5)sxkQF^cLLHa#?)NwurLHDMw*QdjrFCF`R?>K
zg++p6AHzX0McjWws+)wbWcWuUyy}C0L?eC`eei3f*}=Y(LLVYxG2e$^CdYr5b6c|T
zpCU#LEZ`vdJX%vq#4(k$t&b+MZGEqgep?qk&$iWd5<HUdK-@i$Jd&0^j_ylOK94(B
zau1|HJ&Ah@U2%J_44|%0v93$Vo+L4{I?v*augZ>O%(}iFFT0I)XlFNUHm}E9)(z_M
zI;1<HM0`W`CbavM9bnC50lESIlYcftbIyrVnHA9DVTchV-MAuuU5<{54L>)h#CRDc
zC>xI2jpOo`9~dIu2K7D^+w0s;_!78?N$bqu(_#mUZGFZJ7n?N0b&CwpWZlDPK+HLa
z{C=f~o2G<+6<dm-dI%K>JC8`^k#K7=LvvvZo#73{i87W915ZUZ8c&n)OOn1cL&-2_
z{5hfE127Ls;8JhC0LhkYVB4{CJr+pr6d%unSkgf!`Q%o#({04K@4R`zrrgi-<^?s#
z86bZV-5Tbdh%7wY^CuTSXp*b(OjAk#NGeB~&J0^C6B`F8JBNN7Ok2yI_>@iD(-Yq;
ztRHADFSh3}mZP7Ydk?Jvv?s=26bfPT<;9kqyG3ArIxAnSa<eZkGJ}bZ4L7W;DTwP*
zzX;&Y+3hL9+tZKTo}yflF_e)O%wk!rTp-M&5Fo)F<gVFS4XjtcAhEO<tbTCSL~s68
zi|{Nczw;~VWjD&Ns4o=03)v^O0@@$DrZrSu6aK|+$$Bpm!(<`lYW?K!214O1L@==n
zpTk4`RXy_2i@@YVaLgkGh>mj7F@Jt+M=Wn*PZVA*64tYAwG<~a87>SC1RGUx@d;~^
zuzpYRZ<cz+>_=(69qjsL7+nb6-TI@Ldvvh=5-#h;zpQ!@zSW;T+H5Rd!!rv~wGOc`
zs;SVy9eX#78T`dd6p7{Jn2!9{VfHI<eF6)iIMK`g+mCIA4I-xsCZm<|Cx`1ATrX4_
z^2`sT?o>%GxadL}LCxEhlU<8LmsG|I`3yd|gC|J@7YrYxpGBV&le{w0O<GK}KK?mW
zNy>G&wU(4?LM|K2^qleI)o~m~6tIHwo#;cLQIP@!zAjWiVnX`<cuKWmQ{tahvg{Mt
ztczlnyBngI|DppT*BPpdVt%-X61h9Dhrh-yXRxoQY0iWGG0g!I9W1L3m{8D4ChFM_
z1*o|+{-K&RY}2>`%_jfD*0gMlUwV@<YKI@7!%&|X<tYiuOvfeYbL0IXr?l5}Q1R`3
zvfo9tS3EH9Y>$Q?MqlwQZ4yZC{qR~3MHsfol@X*FdWkiTU!q6<R;ScUEy)PNA*qHY
zp2%P<`$~prvA$M6h!==3IH^C+e)KL+j$mY1KvAl_dOx7APN=fN-zZgaeHX?q$a+#A
z*n8e}%$sh7m=A|L4GKas?pP><4CctHp>u;Sz3$x3j3DnHpvMI-ckZtcWW)q7_9INt
zAd}tZ8|VWlzXHTON<pHOYQg03JLoz?K6Z)C<f<j-4%}qFLszyB!!@souFK`U&DNyN
z@c!%&r!*_V;G*?#OBD+k(n>8t@-@Q}C|iPscK-Z*T{-=!<+589lykPljg!sXZ#G_W
z8wEF(rD$0WxF@<Dn0u!yQ;l$3j^7D=w7((Ufshg?-ND)$r8{`)BbBeeA_w1XNO$m2
zO9P^CaYS)+pbk+)$1B&TUA(^odd`ypQyrYlLn0O5QXx_bFP7Apy>em-os!cdI|j<Q
zG_pEi3ezu1A>VCC&F1GxUL_6ZcD5^JBYm*J=s0CM55?(q+*jmoZOL4_>^0wv1+Cj^
zI_}186|_*dt#8Hxi+nj;$yji;8~1;zP_aaW{6o0%@OR;aFCMGt;cM?T`g7YszO}K#
z+67rg?(c=N>tAw6oe*|X$?sTo5^cXvEUpL<H|lZ^?11Mo&8iRauS-Fz%PU1n6y*!f
z({?pKxL1zrX7Hb;&Z-ObFHv2PZHxouwv8up2Kog~B%(x#Ipgv+VBM5#ffVW67(FPv
z7;I9~Uh_hPH|@2ox`($~3k*c;j}K5;tUTpD%J(py$=~`Ugpk`V`SE&%f>pYCgM%;m
z@ox98FW`jeC0<`(J9@bH>ywudh5o#Cl=1?<)#%R4&enFh`|VxnU5ZcdC$;$W&Wh}U
z^*(I0s=(gLKRwU}omhT0lM{>GplQfzrny*889P(OKO=ceGAxphVV<V|eKd(ufPyN)
zDp(m0FElnOIEbi5XnhAE9ZJv^x=S>hbPUN#6L(voa3QkWY$p^28+C4l&SE{UHR2#y
z!=ii!A2bcDD_O%Wy%c#cCp?#QBp)VnD`^%(=2=((x{Ia^AtxlzhosU_Eo3tNoR8c}
zrcs-jkDMZc$WpbPN{qtDJL^Zjtrd<ugJaKs(AkzMo)Q90;%IhhYLw<7d7(3z*r1#I
zd*>=G>5FRI{FQ;q=5n!z$uWuM@S=o7p>P|f$bLlGY0g^Cy-i~+M|EPWm7O&~b5`19
z*7h4+oyev<vsZvkCXWLsifp6BI=T6}S5YM0o@!QHme%qsh7L`~;RbeytoCC0kj-X7
zN8X{36hkX5s$RYi@sLC6MtA6&tMtwmPdhLTASP}nUvKo2yGdW~ssATmZ$?PYI|DGI
zhp}<E*7&fIx~!{GLL;--E|h%`*qL}y;B4F7{IY<ZtX7Cs3wYfRfw||7im#N<daG0l
z7QJjQ{HM2Bb$`OcH!VhY_{PN$#fwt--#f|5ightoF42)ae74=43faq*Ti&S<HtU^4
z_L?Xq_Bg$3t*gLyEt<XxTPyF);rTx<^-yfsyLo3!=y9L^!}$0ot(A}cn|H()E#NQe
z#9rii1O(GpcIf=5XSCM2GUI#xS#8#y7WvZ`FZMv8HbZ%qch3F9j1+m_#U9EE;&WF1
z+y>UJug?LzeYz+KB$P5)vbUBj|6<NFj5)=0x<#ms>uuC0^d@~mq*W~bGkC%lo|H!V
z9O;oeA<t3#M@WBnm!7D3kZj}y?D|CxS!Xu&mlD)Ou0@<ETI7${K{lPO=_3?oegC~A
zyWeF{pq;#z7&42>u^;bFyx7A-J8II*BkO1_wqEF=vu`7J0)8^CJxQ*g83Qi5Un9R=
z5TIV4R^>J1@&CDzp&-We?9o~v)ys-UrB4P%3pz<9Q<2&QZ^W3K?Jpu1?nLbwg%UW!
zLou)I7I|$49jBhf{U;d)USaT?)O*I(;iaVHcy)9w$3iWsag)`-K~7sI_XX6PW5+Ts
z4CCf5yk6U|T5H29P#mBtl#%IOVRde=e+mY-SIm71{(#9kx7YVOD!z<wbqv6YPswBZ
zV9M@5^hH`oXmlpSiyH`yCI!HYi5xH9NT45PKuKzut6zy3|F~bx%=i<W8IQ*GE*pW&
zc&YsBR`u@T#CAt16WbC+C@Mxhi^~}ouNDcl%jRix9owJd*u*Q(ZK1K}(^@DTc2*0L
z+B?&WCqyZE1vfuMZ}{V^%9&@%52(*Yw@@<Nzsfs)%R1I%-$s7@I_Y<%Hl*2|&9#>A
z1(Sbf2i_!`DQ2N%{@2_+Gb!(xL{m=v{Mq21nH*~Jb<fQ8%N{fkIza$iK%~F+ppa0I
zWpl_<1bjzw-2irREI&Esb!6n&Qw#U7rwWf?o?@YZ^0g!!g^u!r-MX-ul=8G-Ozd#B
z|6MFRFt-6#jXooH?0UtkdU+hOcR_B<3jeV=+#$y?>9VdsrLcGcy!~6ne3!zg{t?f8
zpzm<qhl!vWBWl6Np&lU)b0Iv*c<l%%$>wg3{6JQQ)BKOKJKK_+?dok89qmiS4VpEv
zR49-`z_NSIQG6}fk$=tXbe$0M_nA`NP3>SwjQ>k`?iIXM`<><!LjH@m9%Mxn3J{_g
z5!1TDI&ACjnsnNPMM%eni*p-Mtv%4mwT;!S!@f3MOljr|G?htwIWYCG!=1bhIVd}(
ztkf2w3<@q9?AdHU&rZS1@x3~xLXc#cL}D0*@Inr#XXf)-eQe)7^;2TJF^q!ZCRNMn
z787Qvjw7CtN28|JQymhIHPNC`brBEuaSzs99}iaU5E>s#`U+$#T@m1w8s~Inst$_8
z_l3UKm)Pqi^k<*Gn%Ka-RMA0^yiMs}r34EjPupJCIVe8VxT{ur$i0b&8bBf=KBuQG
z>YQ2!p3^igIpCw9!Xe4w$u2OLRmkN~YHSziUD*GpT9uRlsu*#RW^$N|5oF;F?a)_~
zD!2=)S#@D$6SJAM`bcbIXJ6APVdh%9vg373tzpFGmci}DjW#!<xxHCeo!d|zk|2IH
zc@*ZHm@c}~+wwW0%~~j2&YAuU?ns(Wn^w@7i%8l&WzzVcA3)=$_?plL{Lfq(cAnx$
zx{yz2p;@b~#HQ2wHQhd~7P@MskKCbO^Du;5%5ZR%PukUk2pNn}{<R(Php;d5-gbnU
zbLDOA0tiQiM@%F@a6@QjE2_z!Nq-J%g(b~*_^F__lsOQO=fb*X%I)tX&r&~hTJU)#
zlCtB8HIuUExua*MJeloH+3difieFs|*gV7FW7-UxJDSQIL`BEe^66?WB{Y;T*I}Q&
zK$hm8M>|Y%@nc|F>2c>6_In-tCaQ|7{B&F0Do<#utn#R~M&Hg}O>{i=dj+bmrB`m-
zM9Ul0q6uV303S^|*O%38(iQiAivE$m8Y_=v$Y&ZWZ2Yf{6;;_NRbbfBxGNH_T%ZT}
zrC5V`YdH94Udg%O>Ba~5USm?q)i2Ol%X4K(ef9jt#*%ydpyV`B&PdMfK*K9f^)Sh8
zTk4KZncTc3nbeP+x-orEcaC{F1i~N|mZ9GHio<nnyl|oDvM{f%SlSPFG^MaS+cCf$
z^^b|)h=$Sd;u41|Bs|p}b<u%_BVG;4RSNd*r2J}gPNe9%4loOt2MUYkJy7;HT>c|5
z=k%@NWyg>tZmWO-sDH{kI$iPV;KJg~NaF{_<yVAEuN!lq3<4TmTju}HPU1Y*_TuwF
z^Utuu)J7~m6FOd)5^6f{FvWP;uZDHlukoTVdH;A}>Vag|(mDiMgeh&q;9uQ(ur_(T
z@ORmG;fFuj?~CJw=|9<7!zK2koc;LWAGRJ{y0agb*^lh*R`zQvo2Oljug=*b#&5}P
zEl&I^Lo{C^{{qn!c2M+g5%Y^P#Q1$V7ey#QI1~A(^N#k%pd@8+MX)G*voHUzUgiU0
z{$F#!+Uq(mPwT)s&99!%1~q54=!yz=x@TLGHbH5`G~mIGdZO5QqVzxD-7~8r+=;_Z
zR}5B0$=_yi%)bV-N+{Tf+fl}L=$-*mmwQC%Hb@H9y?4l*B2jA0Ao0CJ=5BYo%Em7d
zU5!O)&_y=h3f4I9qGz?}?qd<-Wuc%1R^N5p)5So~U6o?{U&Qu5vo*l1k(Z<RFz#}=
z`_Y5XV?QtQTaPoDumRfSyC;RrDHf&Movy3!`S01kkdMpv`|HJgPac%v^fUnZOmx+O
zI*wv|Rd!cV>R%yB!BTn%`*8fAkh#CJe|`KjMOPzH8o=JSy@K^%@B5a?jur#{?D6wR
zhEg7T^oke0kN%8i!^I#MXSfmV8Q)Riw_$SK2h41%ys%ZmqS>%P?#X<soUn1Oe>^dY
zy$Vw{mBWVZjJ)CnuTNLJ--dlj8`j?))o!4a(9R(>Pm=0(4}$f=?FyQ^lkFC*hqhip
z^DcQlcewkq)j1>-e1Qk$iYI2g&we@E|HbzUxb!~CDENLI%6>-MD~Hr5NeT(?Zk|)h
zcPeP^kL(})`WnCgr6d1*p2w=Ihgpa5xE4qJvFx@EX+VWTsw2U7;~URC#r|2M-=D_p
z`Mo~dV~h_AQss|CQR+tM`hhCOX9ki4oMW&$52CcobrE^#M1fR=1x}3w7I-U`J3&zZ
z&NGPuSUU9X4(vb|9szH;<MN)ST~I)_qLkd<9rAZ=qCm_!CJcCDHGfRD|B%52_8ed0
z@NU-$1dJDraKwKvxSOHsJ2%5&zToUWmI(ygRDocsqy1LBK(JLPs9P7d_M})`6)fgg
znMKzj5C}wfQ=1|Xyi5XtXg(z5FVO^oETQ0Ky+DxA0R@6I*PNql<xat>Ohti!W0|Jy
zb*r)YHV_ET(o`n#MS)>v)g};V=ZB5w*{KG3AWJBGlH>uyD1;ZD26^CF+$azQPB9TH
z*oh`t5ZQX81{tzFMuMuhSPpiy{}mix9p<e`^RM;kEtmxNu@F)fCz8lepIFe_ug97w
zP#Q{zDuL3B!?sV-bn_ML(Ij@_yo!m_N1+o3*}D!Q8-7e)_goCst}Y1QflW)p_XUyu
z2y1OLWSu~Na@5w97cBSlc~}w9=K(%K`u$h%&6~q$3PZ0cQ=nvRGp13jw|zqPI87PV
zKZKZP%8f+2BjTTvBS`46nz_(32}&wy!O&LXp0D#zG9GC54*xTPm}ZDKGmDIwj^ppw
zMVtXMy-(uIw8&V8$3nX5GP^FNcz3od;^u}lrTJCLl*Wx61%_sj23m_>O_?@!+%(n%
z6I5rmklTK8`Iq4?k<I6cd$~AgR`vQ8w4{(YB&s%O>Ja)TxBu`swAp-$uhUePD^py_
zKcovtL;KJ3x+%^J?yAfEx-?uiD{`GcQ+%gVnc|em>J;0s3Fl^yn>>BO6vGrZDIy;K
zGLQ<A@}6r4VK1vN!cCc?n(z%02`h8eL_M0^r|DeOqlB<+6ax|^ezgX1KU&Hyy8{0O
zQI98tH9xQOqkTE3t1emW((sHRA31N$)mTN&n-pAwoF^3isfc(%q>ap_Bl>Pz+Q`fx
zy)3I8(M+1etU+Afqd%+o6mx0pc}kMog?vs6seK8bQ%9Fh-rH;@d5<T#%?cqa7+ikJ
zbL%pb$oJ}fT;u~ibD50`BPjpzKXTDN!2iJHA6xhzXm?*{tJ0zYRe7+&C=aGLBBnl_
z{!D6w@?eEA4Q?`{TJB~o*$RIPC{OO+La!B%%}iDO9lk1ILYurZ939qzg8OTZ5PvK+
zYkzd;p?6)Vj{@D@rm{;0sW1$i!%b!H7|cWsvAM0OY_vgG6tMYTQ(4Er!lIYL@4MY!
zv#|IZN{4F^56UGKv8J-UBrkqAgfVn44n=wK{80A0aOf2!nI3LY-`jOt6o0#Ji=uAV
zZBd)sbz9Wrc4MZ!zk*3#8~(H|ZQjvf&5*P|*qCY0D{l_&ig@8({UaaqN4Rn3EyGjL
z+r>Y0DM$BIw)zxWmc|A1s73fABbY?SIC%g($|s=az7-1p#r}k<=WY;qeE4Oazc0Kw
z&)?^nNSSco<)f(zqS1`ekLFAej0XM1sdt_y#&aKEaa_HvLCToEV!u4iJ&iqr3M_q~
zqlwDq7-ZUXlxg99wfl+5w1XPxj(?flyFnMcd-WMCpgb$R3Y62`yNx@wCzBq<;{3{D
zVR1c_y~-IIiLMu_Xq$hv*YvueUp(Tuzqle)9COI&4u6|S@gH*AyHH>3a4|;B-RgCR
zYb3+1r7_6I-(?35Ix3tsTGFI;n!~XK4^Nac*m?}q>fI$r+QC*PM%qNPM=bUPQ#=+r
zu7Ock3Y!nX%%+1U+=JS%WA4~rT*-#>T~fV}7Z`V#;fOz%-Niv_&xA<%4m<i4pDs_1
zG+VNl!~1m>xHsT$G{Jcmi;$PiPx$#Io!yUd7#UKc`n;T}NBV+Kf2hG8kbgEJP=@0-
zJ$D%MG+ZscqozC!f0_LZ0scw%uA7mO&#oI&REEYXCidmQ+ZyBp?;#X|i0hQTSdRaE
zO&NEqg@QNu30KFDp_RG1Y{f$1dNVKfeH;27b~N4xL*?(rO66}&zVR&q9yoFGA-r)p
z%|RA|ffZ)6tHRyXvm1YAX8RJM&(DTwo99q%M>tBM$Pk|b|D3HcMJNzt?{Y|e6CD$O
zh?AVw5D0-d>2ya~nH(7{PAtm+-)E>#%tVV+X-=GB#^8b7yF58Au)k%TkH2M{pTA|r
z%}-e<Yy(Ikzcj-cf1McnvN$xA#Wwhn)Rs#A=ax6h{~S!Z!-%Lr`Jd}S{^z!a{Ll6L
z@;|rc`JcP`=6_y!UCsae7o#6<T(2?zvkhgkdy|CqlfrF?NvA_p+4kgcn;EhmrcrWF
z8@gOOrD#A;4Vt4XQ{ianDXi~nUTGH!=d(XnTC*D@<;@K?39c!@ipiGyy)3vGYcjZ0
zPn|YSbE%%Hq+IrK>a=mMv1++_9niZUS0%<obm(-dsWr4b%HYS%ost^kNBzr_VpRf&
zn-D3TN4fmmj5|=IS!p6iPb(T|$*+`qZz^(&(<d>8mg;y8`TE51B6{ep*C|IAqyMg;
z#OS{!1j+~e8uubHdceJ^_!b#j|7E7Szt)^CunD?Ah5Vwb{E9l$?{^i6?uH)>W9*R>
zR?H68F80$oCgfR%d7tMl+^3oC7!SCoPJh!zNWb6-V}C8H!|P=$u_*4g7?^G6vC|PZ
z8#^6+v;IAJ*g(U~XgOp4Y<|XoA;ZugwRMP+*ckE<!A<xU*7QhAUjMx_#xJy^&fC?_
z&3I?fw923I&JmphRuG(dJ)rB)eq!EcMZj&1)oyDS);JCuleES})|ifsX<DPxct>s3
zN;bFS=h+>tSMBRs)R1?u$lpSTYCqqjAhpBW(BU#(`q=gl;^dD9E0a&)lP`kFf8K&7
zA9+6&1G?>f3P*47zUqi$myZo1yZM4WswWK|-7{gz(fyVGvdCMQ`~&=>-t+!bl!?Ha
zzXG5I=dzo@>$>ex?e#YKdEO^ZUJ^!MvuWTsd7}D?(eR6bukI$dpG)lDB}v1Eq~})#
z&luv`$IkbFpBc&>6Ea^k@9>^r!qIlqIFlz<l<su6s!3W-uyrvB)?mTf-zqd_LYioG
zxavSGb1xtY4dvbDE+!8np>;%8U38ph?8Kub8oq?@3F}8$3XbG7+uqLtqyRJKmwMA}
zN!$BcOa({a<SNfC$*&B`Zk1nY&Td?IAg2Y`QQ462-6f){8~d+dt;4u9_Jj24|L6B#
z_KvOT{fw*06&aBRO`;7e`np5M!wErB%o;6J<`)qwB>gWf%CzU2coica3Kj>BzIRb;
zB0MD0B`IFsDi<+#I$%Bv_&aBi4`L})DKZgSp9(4BgZiT+AMsUtSkw(5ZOZ%N?gP)K
z+>#sEZ=`Mvw@oI(1d%XoJ#6MQsb`Y(9GG_Vi+bi)^b(#ufNW4-i$fX!)v)v8VUGU}
z#ge4+La8Ka(xwiq*Tz=RRY=~Axb1U$l!?E}Ew*8A1Lm}t@yZa#_3Rw@;5UTYTR+l2
z%|z=7A7URtBoA+KxDLr#c1Us2*P0iHVD?!{C``BEo%Ho$c);-KuJD9+Tfna~#yNi5
zwAWy=3SKlaxdwXfb02;%-iI^S$NJodsAe_ahfUR;YrGEz{sC>)k|3;4vI0vG!FF|F
za(Kh-Nmh1_&G~UAVQ~XU1p&%8NbLZcW$wr9?x%3Zlh^?Pe=>evr6dak4}w=1cSoa|
zi+$u+6Q(U2JC32{+%(rUXMBZFI2VYy>Tjd)2R86gv7<AZ2g;0=Pm2Kq6>2cyV7oAr
z{smH6!nqXWdqTSM0@YehzvW!QA$Ksn$Ad!t`4GXc_Psx1fnbbAALu8abjF_$3a^-z
z(eZqX7<CBoD=BQX!#4-16O5K0`$OfCY*BW6e1^__T4gkp;pqJo6o&-zK)cICYL+ZC
z=Ck8Cm|b{zOKbGm#eQk7Kb-Eiwku<)h&N@*l9ZZOkm}k?wM|876DmVVL$mB!XY6Lv
zck2N1%6dhk3YALTYjMO$-lkjms4>Evyg-zfvsN}5Ttpnh2@@Z~K7BVVfhAGKTN=Y1
zd<-k~-N4QYV_0s|jUi7P1GH;C1o%iPU&{!!Wxq+sX<-ZbFANR0d$+*OWwJvJIL_YP
zDl8hph;CWOAbsI+)$?xR^?+e8e-S4UZ66O39#n!>d4#gl&^NzFQ-Ym0!2TpyMH_@&
zHoz_r>{o(S7+`-BtcYOO4X~>OTS2fOvmRD$($6Xghu_jvHjRe=6g_g$@Vc|~x(5mN
zj{yc*2#x&9p6iNl;nCBKfBDvr!TDY7un9UG^y?s0D;?f~4kkYy>MpgzEa=e0uR{~H
z!^6-a*snvd+93`){Ovb}6W5duw?l{h*L*wlQD;$pigoD1{$!}p1cmP#GJJ^)Z-x)U
zOH3E~eT-)EOUyY>Ykk|uV8s_?NHD7J$d#h&MTKdKx)|#d+GLY$9GWZN8B8442PG=U
zl`CJppgerx0&!f=l@P~u;mr!Kk3P*vZ_e*A(whZWbo2(5+?yH^y=lxYQhzKzW286E
zid&#JXbh2hF|MGW9SF{279==fN!$C`nZR0Clo;(uv``L>_+p`;8|xrJbof{<TBf;k
zY@Rj-eF*r?LH6eEj8hQ`LM?zD|4wtAhr7;T(!(L_`BvT8JF;6j&|^Gq<K3M4Gu-N}
zPBqEnZBgLFK;Q^2fTCqYmVS!`O&de%PmZ2G(FyVFV6{>Mc`)G-<FEF$BK|7wtGdV`
zDMBTqkg=;BsmMJ=%WvOzpGm11fpzbBeDm0FH3Ca5Q14n{2<A}&cPLQ{_ZkuzQRLMx
zKwh0YzRIhl{7-XTNOS#@<~qYD#rcbzQpgIHKBS`G3qs-5V8YTxDwfVE@2uAKR=Z6K
zCM>;DkEIuCSbC+2Q;IzOQ~iT=VllQ14mO}}*768cxL}L#kOndqFhYV2Gw0lcqO3^u
z?Acb$xX!lf>*i6WvcW+n&d=%gN|28qM;>GRv?+{y%a}$%DBKiGG~6N0uqnI&FZ>BP
z`)2<Wi-U>wU;niM*I)O=M)H&N#Tiqkjb&dH3daX)48ukKp)5wqTY(Wa`U!4?RaqE3
zA1V{mP=2&3R$~x&y-b^#4@Ms!rNlxJ!*CxhlR`AvQcb$XmTE~e<QT9c?tX^CCx~X<
z2ED|0KU(DzX8cXNZ`XHwFNk*ErsoqXwB5HUe8NTj?t?i?EkbeQ6WGD;1YW)z-~<i}
z`fpBPLJ*y|EVZRCZ?UT_=`>D^h!P4Qxahx%iV_MY;-fdvoCpO@0IQFc^?=F^T;uO3
ztqVtsA;VUtvZa)CbL;J(i^$b<5i?lh>f4b@=jo}mXC4E*N`Qq1@?AireHOvo2AGRr
zj}k1)z(qh23L`x<sRZ-PQAQ6hRrwOkW@?9R(4meWMXjTDSOFcb_`TsumC_*}I>>>8
zygCLB^2)!4Yqq5MjrpwX<~QcEGMe9*&q`>113rtv>;$W8fCZ!E&?AIkVFsARZ)N9I
zD$`!{E1ULI@{28Pc4JQMKh186Q|qrTcxQNVg5Qp0svVj@he3WF+-iqQM_7lsejVOZ
zJM4oFFZ*?PS?#bIIu!VIC{Q~rh7LJ?9UfIr#gouspx?16Ry#PM!y33%jHf_WElgq6
zeB%%qgY^B2q(s}!{`E9b)o34{VJ|_BUKfq_Y)|67I(((-*5C%pv(CiwsFkVsi+3Nw
zyH{;gyJKkIh^v)aSl|Hm2k79&z##T-)WxfZpCMLm(?;XhTH)iMs|(`ajgTu&Q{N>U
ziS4UcqQ>~(Cl8&D<woEvdG~2$v|COir<v1GeRoksr4~E*at|7RcmC3UvzH2ORQ_=U
z@{iw^82QIx=NSLkgY%E*3Nk0eS6{*SNIT@_H}a7o=L7PQy7>HbhwE=g`)d$e0uGP)
z6^(^OA;FZp!c`>}9uNu!AZhB)7|5`2v2+`Fq>1g18trHMWi|lD<t3CPOOB9a>7fu&
z8di}k^$tmi-~Ws?C4S2@cZgC0&v@c5QsRrB=`Kpao_30UBN&<(fxk_3^{w#q_4Ds+
zAiDZkJe^ek$_DUC>OY{u)7-CrcQ)D*hxdD@6csMIF8acy25guP*V#1lS+bu!XhPRa
zwnFi#A#*OIxu2;p+6OBb15(j_V91=yj`-5)jU29CqRZ-8uhxeHWykwWIMP<qDlGmA
zJx8iB?ffAq*PFks!s$AXedJ)#on8&jdi%>n?+&(vN#$EDLg8<SioRof_Fj*Y?>Ei0
zYk(`{h?sxDEId03`TdY8hwG{sUom%x!&S-F(J;RO?yv`ehZ!KXVh^@DnCAM<!PYlo
zpgXL|0O^rkmI0D;mo<g0K}z@jA<yiC{y=Cw-*bIl{LY*PPATl5(-pSM;o9$rzbY)A
z0oF+=J%pXtH21?^N3o|@nt7MQyUVe^YJk+`NJ{*$5Wx-kJqNhD>`HSTcEnfB`?0JK
zx(igKx|)`V`DJYU%Wy%PviI%~<9EzG!~XRhf2unn1r0`0Sk(a7NLPgzU;0c$e|G|F
zb5^mFHmAxe%?nBDJ~QN*{m>nUzn8C9vXmNP@P~ExW8;;3Im{If?+(ZQiUCs7k`%Vn
zf_t<V_N-}@(^cw--@(Q^1TC4@>OIrWPs6CbFXn*g3ONXAUFQBGN_{KXd4h8Y{;lAN
z+5RxwJh9lzPJuUg&SRqcA+K2cXD_Ea<aYXeO3Y5rJ%;%<O{4iXJvhJxOS9j}&Uc6Y
z?xyve($Ir!zC#aMrNL~zgK@r1(+u;CIRKf!?h^A$tHu3ZF}^aVndnXc_X@UDu7rc4
zyD9E3+~>tfY=Tm*&-(QCrn!n8`^(tE>`IEC#TKR|EetyX-#PLt%rlOZ)d8nYJRb)6
zGfUNX+Ccm~P5RC{+mmdd@5E4Il0GxV_$@-grcl&pT9q`)8A=XEN9lG_g7)Q^)|4vu
z?zROd$D-2Q=DCyOi=m9~%-_P~Qw-B*5TRfUX5a;Y)PWSHHuRf654|(wmBqoBTSQ4x
zf$p)CBwE~H%q=np^qrV4Iv>liEaizc$n(Y-UnLaW%_gm_U*7C2Q+Au}eX`h_`(zON
zdnIR<D9uhJzI(O|e0QH{1=LY=Pqzr``$RZh7m&;D6T!X{tbp$o^Gl|JW6lR<pA%=&
zxFN8tJyfowaOb>DXjiKU13(`=V2h_O#Qz|`q4Bb!k-E>q{XH*FJ;=y1SnLCX2L%S-
z#liOjxG9DI>G35knd(D4`;X3CiwI{yvT+kQl~J3!AC&=M2A?#R$$b<1P8f$Of%-w3
zO2Ep4#?Q;EGw(oYpZw;~57Nnv)0hfPiE2~B)m)48uB-4b2_)oBj`p5t8g&YL%~T7S
z+%^Cwz(9#aP%iLvFzoviTAP$Ji-`Zc==xJ`(eJvKvWcc+|KkkrGm)|9MJ6(itcxNe
z6#)cs?IL}S^t*i1g~B4P*2RSDcx;l-khr!%->o56Et3p4Cp;9yH8_}DT!VJ6nvO+z
z>avN1vpBWox``CxcKX(#)1A>B(t5E{SC<PqUNjkW4XmXS&OEy%Ofq|lr}W6ZS&0r2
zmQWCXtwxEi<u!vu*Wj8#qJz`JSkXI8Wk*T<`d2+<+}||m8TVJ|>ik5oWd_(=1pA6$
zD-5vZ1bc^I9~ofp6YN=neQJPxOtA3;`@#TQZSoZ&;;WTPz~}d}JJi8X)jB}!um?Ky
z^6St`?XU_uMEiB<r*@E_L!4iSIMrnS1axTc*Wt<Q${QTe;Zao9+E4<hqeuW*{u03M
zLXrTs7OH0Ssq$<06YtyWQ)Iq955s>NswVD*zr<?Cv7PKV$ynDm(8a10djQUN+PO*|
z_P)V(-K!@17{Qw@a?&rvid*Gw{MS^uHUILqPl)U8Sg5k{_|mi|C_Tjc9Nw_7!druW
zx6=k6`}%Lb_QYQ+I@f4Vob>xG=yzp5f257UdVeHQ0>?JHP_PvBeaYyYM2U!aCE(V(
zV;RPpY7;kt%g?Ck6J~KQan1c_F0XHIbEt_*MOmw(!?8^%DY-)N(uRJ~&xxRPuDi+=
z)p|XzU_beX88N72JA~KP$BhXLPw*=j-f_aD%lPP8rH?~aV+&xiPAQJ#ZOrqNN!&|z
zc$NcGi%hkEH`etNgu169nq|;*aCf{irnO1&0EUs0s%&U@x;!%Jx|iYVlYgcn06GvV
zA4jNMUTTg~AC)isNeD8_;CnPQ$fS4Me*Q#flUjoE8~#MD;fbC>I?I~cnjB=@M73yB
z#&@)df;DtG8z?W@#P(9##PA^6L@R6*Y(#z9r~;T6-$UR1rSd?06WN;O^3DAz#i@&f
z$EuCS%>~_RuKd!|+71VB61(+n)yOeyYn*;t+a1?aWCpdvw%Q*HysdV5K`-3a7t4IN
zbt&K0ZQe+2TWw{P0i5$?Ba!^#m~LCo$dv&c)(+^YrP_MP#ILO8)g_y6kbG1vA3Kp$
zZ_R>{pnPs1D4!6qxf+D9^#<4)f*mE;*9I5_9R?^dw2kQK$Mnc5!y_x{b&G>;Jd9~K
z8itXa9N{`CyIi@0k(1qiI;pd2hr`g}s9%TQu2D1qI$*7XK70N8I5}0TBfkP2diYVb
zk!pwO&|!dIhr!jluMC7fiAu^Uep>!KQ>n#o+vUh6*S$!s;GBNTcw&NS2WQr=x`Xq{
z8HHNCtae3`RdA4WPOUy9Le%s_RZoRq&DMW4U0&B%_f=8<RgQ&1^k419znUwzKB(9>
zZ{r{Q&j&hRwCV%Y`058Vip3xJ`iJ|_!_R%_;V-`QaQCH}>ER<sZiXHrHC*CH4R@Q3
z)G$u&_)u$1EV#;S#HGS!3*pkRZ3;om8a;g!`oS`SsNzxl2G)vY*d{%M5aJVOQqdHd
z;fp~patc{tQf-sj;QRFo=?V8uB@Bs()aU_k<DM^Qnp$MAlj%Hc4R*4dMwV9(2SS#Y
zA0cFE=g2ZoMV1dgfXLE(nvkX4j|RS88L2)hdrtZz%be-D^Zxu{I(d0W|9EdhM&{wZ
zv@d6*4}x4`4w%Zxf;h`=Dtnkb#>=md^Y=mh4I6!YP<LbFjeSs+io%WL5nE%aqOh@p
zL+$VYba=q8!vnlSy4(UfM0!=Mfy=h`cLUb=r=jltF5K&nHIfhMR&mDfijsQdUgiD{
z*-KZ|^PcYh_T-H}u}00GQoFB<KQZ3dc0c>x*H-6izOSo({y*H;OFsA2R^EqkuZ2ID
z>6{gvxf5OKx1yNaM{(lLPncg{C|vD#qj~O}2Z~khXvOcTYVI7JgS+ukH=;`|{r=xw
z>Z(cqpIqwjp8{R#J0HH$r7q}-mwN4QzL#3zfJ(}Bm%90hS}ygvA9cr3KK{SF)M{oK
zeyQ)O3~;H#Dg#{VD_3v!QZFc~<x-C;s^wBA7X`S~$B!8<wY|RXQh%|_|58u+LAQ$U
z9aAp#!d=Rxp1X_gZ}VlkOFe-%nwR<cdw>6t@jj0~=zE`?f7X1Te?9nrxX)XC@3SH5
z{@rgBQafhSxY5%Xu?12KQTMvL`I_Nw)}g!kRl4qOT5kSsj+*ely_*>2a}$^IIbfU6
zLy5GGSU`kd(b*5)=!*V!KVH#|$9%8oXnsZQmvvWk`meQI(Iy9Uhb!gR|K$}`gMtUs
z6`fli;EGNt4{$|?mf!3ZJ-MltE4pP<Em!p2O#!ZG!V$w2eWs4?iduL0U(wzBbgSt7
zMY*D<OO-2nq?B&s^tW_ZbUSZ+^sQR><qv%L<-NZ5b?KR!?`zb)o4l|2XN>^^5GjcP
z0}iQ<LmI$tRXtIfX&0r>@I-=c7ra-X93LcmEyZN7Gj*YY?1`BeDJVt?SUF}V)wkQ}
zlr~Vd*Kn7k_!MM&y%)Uy_1RvVkHT!P_wsD7>Cq$uZD!3zzy5Uf^oj0fhxVtM<j8YT
zy4b&S`>7y{mi4vlbUAAH##Bcs`(csCk0Q0+_ixm^AD^x;?nmG6efJ~mbj|y*^!u9k
z1HMQ5@TjfeNX~=G7BFE&S5OC7oSZHW>1npeucFg={&uTu55mCOR<xRN3|CzECDpXC
zlZj`YHeHCM<uk^_)G*)g|LsFB_W1FCr)uH<_S}O065|J@``F~4q(j&o)t4!-0x4`u
zM`C;mR8e|JbWgX+!U(J##U`9$p$VUZ3C~m}ES!&|9H3ZD$q@4TLl6b|lHU-V-?C=N
zF{W6YP#Xv663;tQ@5@+I5?FO0FUN$*kB=HNW$ZXgJ%WUaH5u}9e1egk))W&_fq<pa
zaqUk0&TxmzCPc7qj19F=;t{HfzBYsi15`z)TqZZJitg&G%hZ0y=2(42_zs6tO}dKk
zpPMK_#Xn~wP06n7q)!)rs`Qq9fF`9};|0#;7uXQf?3BLd_cu?wzkJ!CIF{=#dDsZ`
z{yJUd-gJ>Z<YmpYA8~T<5oF#AI%%s;Aghz!0(s2jPv%|s@+elU36!>>(hK=|L~xWS
z0252%!by-+2p*Bfh9^4mw_0P4_?I#eJdMd7>@9%=J&=D&Ov+1WgY^s;FTx8NoT#y&
z!4@cJ@WlF9dZSX%U=@*BurK<QGFbf`yBv)Bv1<o(`yqBfA5;$LWKSem$E-YcvF)Z(
z7sG|nNHE+PW9_Q_yBQh`m-T4y%x*%1aVi@8{RE-GN3KSh0_5jNxK8PcJ5JK28NbLD
zAD&tHiZ0%;0dIU+-&lT7A%wpc5v9w1MNNUevxsP8qI_RxL$&G8iWGy)2mGm?uaI7;
ztN!I1A0}jd*DHSfZKq{MeD%`~Uwk#`c+L3g+K&G}(#tas8R?}+WbK8F8tLWA@7O`9
zI;}q_-+bpwFE<{egVOnmj$U@npe=akrCR9a+s6IqTIy&2I$DeUtF#t+spX@m@P%~t
z|0bd|OG`<AC1<XZlAcz5mT}c*@m0SaQ_>%xRX?ERq<=}vNuOv~^{K;*Iq7$BDZ?T+
zf5;~%eUF{s4}MC&)Pr~WF7<$;wA4HP(Jl3^VYJkpUxbA8|Mz&;gWGD1cl|%VKfmVp
z8}fz3X`GHw*wL(BpkY?zcz9T?v6i}x*HYKSD+(!%7W21|=Z9S3#2PuDA52w*zM-r&
zXfPGXG1_2uA<Ho*JOZoZfOUW2BjI&0BOhd{vpe#)1*9hyJw4gR=*e-UC#{g4q?m4j
zp0xao=!wNZPf-4h_Ms=EwgNq2<1=t^amL~vjmyT>m?f!^R|%hAzM2U@Ud3DiE7$33
z1p}{5qhq&ev5I-E@-p7|;bJ(8c>(yvH+<rmN__A8*~2y8_c<jutzRfIDbY+*?1+L#
z;|ZcrCWkZ%D6YKp0I?Z~$Y#_f-9TL4My$>x6t*|>TrdAc1zCw_=W!=tTApGEo++*f
zjW-JgVA*rAVf3?cB}XHrG{mM=6s4*Q#Z?){FYz$<!vI&iPc}g-a1U#dt%Hmk<GS%m
z43uvilo+pb?1MEF1zwNAy(5-ej-j~Yc8ENOx23aR878%Aggex|kJv;zv57;uM&bM4
zBe}P7`0h$_=~fw!B2&%f6Ylq_2g@#>-lZ@EyEYJMAG1h3Sax~+2IbtX;^5>(RDZ+h
z?>zT4A9_;k>+ihiXW#P`*x$KnabSOEANkA9F;Y*CWQg!G`F_)NufHgz^UtRHaO_p%
zcwa5@qkliuLjQ_tz7J5#SCkrwFueS$VcAeYFeInj{5UXG<xKNT6E{v9$E1|$<3@>{
zEkGUT|Akhpdf#Oa6E}{YJb6m?=<IP~yd@{aGZy?*r}YrO(weQ=16gCUoQTW96chWu
z7&>0aZdm>bWJ}Htt;T<k6pt5vF6!a+noQYIBT6t|@i9C|@<=?C)6GERpkah(0D)r;
zjPUf~5cu7V;}bTYJK4mWgFj$Xtf%-R)MYw8qU^EFAT6~VVT|8LMI-w+u6cHYh0Q@F
z1z#x<*8jz*Zj0|hFIdIooga7TNpG*loHBg1orziUPd_rcEA^q+N2ulwl!bCVG@MnO
zYT_asqdAo8!3j}^n8`uS^?+r6qj^y&HP=Ii>Ug5d^^k?yJa9jqN<sIf<T`=fxT=wj
z@#msc#hbzzo~TdzaJamarp&a+m2wp4I;O5uZqb5sO4}o9+ce&0m9y9{W&MQp{me{+
zCKs)e?fuLq`lZ1A==;fUeCYd^b;i4N`7)Gr2I?!5tm-TM>`ULj>~lZ9@r!>w*tzET
z*KclGpJL_r*{ZSV8{$yvjgi;wL{8aS%YE+TGv4w|zT*w6WxPu_-O_ktmGLsd#S;pH
zx}z_bCj0GT(qyV4P1=t}2AD)m{Q2aUeDJB?d=d`SJfGcP-_m^2mHFi5CYrK)5IKfA
z(r^RvH-a!5oZXIHM0;ND5L1qBsvk1RWaDefRAYY)G*!R-dgnzS{ngjL^Lu1}&GS3^
z)qlf}SdkxTNc@P^oF;X1NDI)lt^0x#aO(=r60NtW`~lC~yL5$;0e0+^$qWNiTHDe@
zyTN^HC#<Zr0F$4jWAc*&f@2G&DXa*{J?MFdviok1cNkQ3bG*Zvod(`PDW&?-FADD<
zmmu$8t(A9BvxeIByu(K&3h(g3XT%)bTcG0|W__k$xTzd$DbUp`GoFVRe9ps0-}B(y
zTl0DNb;EzppWdhAPeo}VdNFrjScK=Hk=f@w@QlEV-c!y49Dpg~M`fX|@hk8~d2B*9
z<p)-d#i^PYNYThap6qyYr=b70H+Ks9?l7E!Vf+*<I;5O}--|1~z!B%gnX>QUi2&Gh
z<JfZ>)0BHX@(^fj``NbBO4WK|)XcG=`V%vwSoMGSl#awd^K~ai{8TwHJvsQN`M&-S
zoZoc&==;C)<u_aHxjBAw#roRf>oC)lmJDc@8G~a4NCxDT+NVi{%W-!L$;}p00mU=9
z<}Elk?i3P@L7fndF%F)#N<CYM^LH?&#@QWYW;AL-FQEXWr8FtdA<eTpq;=34l~j+z
zAuaD`wm4zG{qjMw?)v<fkkiwU{}SpU_^69r=hCEgq)Um)a}=KjT}meiyKzc(jDGlC
zZkK|ZluoEGKI2V~fKA!Y8bJ*Vl|1F}KA`G%xY#vn4`Ek^QRB487ZHcf7!@{ZoTsOg
zk^b@VBaBZXOqm488_vjHj^Yc!NfSzG^y<)6Wp_IodK?bDQl6NMLvM#eulA<f(H_r+
zUN*m4%U2?h3w-|8T%)eG?U$)0Iro5`Iep+u(hEhadZDhnNH6r+$taUYImXfQ=gB0E
zx0r{AH=zCIc_032tsnjSt`_?D#Vy!xDE5gg{zL-na*IFEz=Uvz)XU+XVU_zO-GM^+
zNt3USP6NVvufDBfy{VHXKn8xIf^8r<xQgz!nBW9wQ!tOs$7|e5^P961VpZatuBkjP
zI3^tk4do`4X!iSIGyRTZ<4iPz^+ALeh*<udZAgcXy0qq--beFF9>;p-t%UV#g!R7U
zo=LABjO6CuvzvhSu?5gj*+SC|ym=cSGP}oAcCUuaZ1TsO6lAvKBf?e@&!`0epZQ1$
zCq8+HPM2<z$9|;XxZ(V%zve)_ZR7d)cA?MtSmVe4?Wl$S`~0TQNB-F?9e!&=_^mD`
zJA+^>hU6U5C(Ch9*P$ga{vV+LayL2LkX`u^D7Kx=P+JRQe(G%&>{yIv?-^bINB+Af
zng&n!qPI;dj%bEBf?*Der-MI!fcBfi5ATz})+$ddJ{jV0cWK4(gOfZut^ktgn+S%l
zgjOn&02|z;L^BpKvw=a&O8OGG3~){XXVg`2MwSt0Tw23$M)LQ1oKfcs!WniIX9SfJ
z&X{vNN+W#p5(#7cG3y5UyKfg5&%@K7`JRWU?KPi=O{;GKU+h2+ArKDw;+eRko|2EK
zFCdIgs7VExT1uQlQZ@v9d7#Xno99CVA_e+cbl!2gGi`8xbAdz2gwqo38!rqCo*{Zm
z#O{x<Yt9y)QNlOjg%eB2geL|kCGr|BeK8r4)ubi3seV0{%|5iGnEVD+Ow<$tO4Vf5
znAilP7uoM=GG0i`8YF*ezC+0`lT4$;-Zm<f;*&TJt4Wvw<jkvY(h}fIVj~haPMHj>
zVL*qeB_VuhY;tT=Pg#^)dhks)(?8^^p8$s!60YRTQKBxe!h<e4Qb}~jMHNcVboMpC
zF0iJ25P+&dy=liX4$3I*;-hd#kKzC_%rt;F(t`a|(ix*f>`E;TSB6@KgO~05qCR<E
z@v?nQ>(QTvvVBm#!K{_*qq-Xqx`ofgj=tAnlB<@*sx|wlPT$>#v@cK;=GD#Ya{auA
zq3_ZX7<%3&>Waab_zRQb;0r;;e_SZchPg?bup$UK1%0`Sf-x8ByT$VCO;}b0iZZO_
zQ){^IgRv%W(_%gi49LvTKY4qwNzFVMINu<4v+!|f`3CP>Wz08--A)JT@(t2BC}U7V
zQ5}b0&Ov;#G^n<mgV=2;&n2Yg9Q^P<#+-xL?O#E<oP#uuJQ_#Q`^q=~ri+Jy$7b<Z
zs5rHyfVU*7EsG8DQqb~xkUrD~THaGr5J9#xDUnk2AB99F6N@klYgS53`4UQLDJ4dy
zN^_zOl%y~Olcq<TE#lWoP<W0N*<~F)fyaFEr$_tcPrs<=m(yHl)1*)I^{^>D79y00
z{?gDMmj05nhgFG47gq10kUH0Sh(oVxQRRhBcIXsg=tM#3yx&3IFAn-8`t)0=_4^O&
zmu9~1V5Al8oaY&L&T*_)?gWL-^0#L=<FmuF(p;y(ZkEXo3gdjsUNRH}u_A91VJiF4
z(5!k2K3o;Be8>(;!_?#ZabT@^)T|F08jg-TJ?<jdXaj5{!9oc()&R>SSlJ$gJ#K)F
zA=n;*Jz;>2C)no%d(r@#K(K!iY^nh^iC{AcHr)W5La>npd)fe-MzAD;%{0Jr2-cQh
za}2Otg4H9~JOgYt!OrbQ*s})MT(fTwRvISDIwQ|`8RDA!vi@Xoa0Y-!_<>*J;CKK(
z?+0GP!7Ty&z90BE4z7BMfq(D=U*+Im0esdEe3pa10q}7@@No`)2fzpXzy~;Z9)P#`
zfwysRCV)5ifiGSqa1ww|UiAe(TuI=&0qm^w1#jWtU;wYHghWbxt;R%3eidJv9b3t$
zR?JpCOL%!Dv4puQOL$=uv4j(TjKTtUO0iVOXO&v9)P&EJ(69U1uP@A=LD&@piN;JQ
z1OJ_mruI;t2LdNwU8+mF^oYR3kVXs)J?CjX@k@JIPsXgF7f%WM?FnU2Xy617m^n`q
z{sa!^ZS{#n`NgG*PwjI{72)O?_N(AXP6wPRuyYYU`Fj|4S^~`W*wvL@NBpsz3ox!f
zrr@|@j(Apscahky!pmowE02gZ<19<2sAI<>I>CP{3v=~yr5Ad<tMq`zQ@nA}lpdxU
z^zE~K^hxjg^4Gh+s+qrjWW}w^TbOLcqRLx5*$OVVO(A?IkdhCwD8$d25_1Y{R2IK{
zNR*lb=%JnQlWSCZ2*IO_9@^2E4pcB4<R$3lL;vi4^zVexu>P@Lq7vO*A|0+hkOu}T
zXn-8Ub0}T9ALOSwtxbxTA^Ok1)fq_ARz{MrDq|U>bg>A9$zClV!Hoo~*WYKi$Wx@h
zMW4LyD_DKBk#5mF2Xul}yUrw7Eq=0Qf2g@Lee5m&_KSbqP)q#dd$(k7iBat>ai;7x
zVD#D!dl=6+-TT+4nl?I2T=9BpOF-L^Z~REEkG|kNKl|5)TI^r%{`dA2&;@Arlsfsj
zb4)_PK9i5)oI6?!kyJ;EF;j9TZ%=HM?c-=sN6MX3tFh!-vzt?shktl;YVtbk3~KUz
zCQ=xUD^}FxUw?d)#*)B}7IQvUv_+4-MtYyhCv>XswAU2O*@uIVJOM}cM)`@KHtzTO
z<-YsfYJJW7y=vJlo!9%7^P0bbY9Z+?fVZt>2X=sRU^^EDI<P+HwWrVc>-dfTk#)7`
zKi|1&e^4v;2c^UM3LaL}W3)rvCsZIpO%gai$OU;+6{|gOl21N@&igIYs#ro&9;14u
zoVr*SD|@(4fRe?hntRSTvG9oAVA}Z$wp=!4xk5Jc<x*WitvXlG*cT=`6mNr};dSKl
z&#vk66=)yHev2`WpKYnx!7N*KFze-FJj^&q`E(=y&}<)l(>s3l|1WB>|G#}p=W75z
zUtLA4`(=f=3AQ@rbMG*bM?gH=l$=Iv`O-GA<&%PWVIS}3?5|$+`C@+gO<?P@pMS%#
z>Bjke@V4*#eqB@Z{3b2^f9L##%=I~cV}}2a&)@6cvL)-PoWFuiHJ(3Vg5mr<{b>#7
zFS_Vv&)?<+wVb~J(~SGme5s%Q`}11#-*48uKey-)^OO&Leam+|t3IoFJPH5P@eJ@8
zPjkQVw5nx1tKPT?|83m`P2*>_C)&t!tza)=$LGP>>T#`0-XVhw-XV{{ZJn<iw%fnb
z-%oPF4yf;*JJp9Df75UOSJ$%tuip~>NeqmCo}NY1)6J*}%!tV%G^3P_H|6j0?GzvX
z+c$jYGwIWs=X33~ThQNcFst<hNPkcD1O#N#xVNpMz6T-W5>zEu67NhbibI`#%ua>>
za!(=?b{ijgBc1JdB5-OMY+h)oBZd!Oo~cvN-zkrrj|%z*n@B;ARbc*7bHXQ6zW+EM
z<-DDg^Ns&($<yM4@(&`cBDjKZ64w%LCnk_dedk2iDr5u|WxZ10j$1HcG_B>md75%w
z(Tk%A6UX%wA6J^|TADNu)#8*J=^U6J6FL1`MVj$A)Qsn<#f?#3bBB&>L~3x-;D&ax
zm`u9V^$=cc7JZT_sakO=8y?%=>M+Tt7sjetmUIi+N)F4zjEihdfB4E^^nfIXR-v#&
zmv}K+x47*0Fd0h(9hNO1uDdSC%L}719iwQb3{cU$_`)R0x1UafoJzKbReIIFT2Y%c
z_LxdYniHN0Xg-Tw76%)feAoI&P)}pOG}j;eRKaq(J3jdWFTn7bqB>vBb>hzWKZL?m
zuCiXJs?Ps@g;dtL`feA@q_Un$W?oQP!=RJAL$@g-_Zrjtvxj~%qt-l8)!rv6Lx|RQ
zJISjB+0-FC#fM<gcU!@SVA6&FM?o2aNg0Bc-Jd-q(Gc)};t=+k_z;Tp-RAHip!OGs
zaQ<Z)!t45O5Az|AGWj^{!Bpk@(59t4!|r{}I@LS2r1O?&wPm<jr^3gUv1Ua*ue40&
zEfH!9?u`U!A-_0IjCY2MLgDTzueZz<tj}Dfs-CYHbj+%?J=d5q(u#~zKh{5-GF=sY
ziOSMh24(5fq)1&suxAXgnFL!%usj274#6f7EZ+c|N3e8)Eik~IC0G}NxeTyEg4qbR
z$N*bNuxslP_JRQ>5$puPUNOLy5Ns>K-Y~%aMX;3wd&dBKlVFPo_HP4h8NsF!>;nVr
zJ%SA-*hdD~`+kb)8JP3)n0#ywWAL5`oHL(+Hv>4&54?$kmjigUANT+V&j;`}Kd|{a
zfgc0#-+ti69NY)MA$~=VLO3`az*qd9zQVJbS><5pAp3QY)egVUW*rXubvUecD25K-
z`E~eCO`NtII(+Td;c_LPKY-8pDX1T+;`0Y^s-O1zYYy%M;7_R#fWZf9{?-jf{WT*m
zlt=%w1+nO3BMt|}YH7@ove%H<mU>!aA6|vswSe@^fcNCH6`*&$B4;lEMX_fTKIciN
ze|qs(Tjd7{+=;&jQ%(+ggC2FfK`N6hxz`(t@}w>6|Am?StXjaZ7@j4p4w~q?3ly)L
z>xD`YfXjubiM9g+ljW~}KJ~h)fA-3cKTKh*d!uWq4^=(RC!X~MUw&@sikkVksKx(%
zJ;ITcpF4!tBjgNMoT4(0#nOZ;!qJDGtBoUK&T+%J=<dT4sW8SZTJ=w3gc-R6r<55@
zjxy1k8>#$89eL>tjb$1$1#_)!95ZF|^z6}-v)Ny4;zz~!LsZ(&;qDTp6Gvg+ItJar
zgZ$841k!y|re|`x;3-|wDRLglQz^b&ij#%Txgk^*a4_S6V;eO&hx;`=`PjH=SZk;O
zFP)eq&4~&D24;gv(T{`w2vk^fRm)$SL4kMz;1OnWs)$w&lGAmDmmaDspL{8nlRy`d
zWzD{x9Ih5XR5C&<J{eShXgG3ASKwBQj2o)>oN+_9eS+K&_Hw#oCoLF@si<iT9^?Y-
z3L|3G`v(Y|3#d@J09hg~z~BrJ&bfdS_-)LAScHs7)9rlZUVT1ld?t+ekk3>;<THg2
zS+4K)k(qO2>IlY5loVWZ12}3jAyS!&-_8zC#}Bi=k^2zUeo9e7yV`QZ<m(D>nzvZg
z7OGaWEkle)A%GoVp|Cd;EKD*KENp}<L^~?&7r=Ubj2MV{tH<52DB&1_T{6JV5v(7<
z{x-la5-gHnR}8Sr1QQ5WX@Hdz?DD7MZdhdJXM&jw#P=G(z9v|(0p=yxGJ@4Hz=HgU
z_V?Ez5q!1WK8I0;Vn51wl7s65_@{ss3jyrOX5b*dJe)QT-VNXee&7Zi{7H7eg3#6c
z+lv8w$q#&qgQo!alppx}YXnXQaIqgfjp0wn061J%#4x0$B8CvWwQL^g=(`O;6@JV)
zPj{ZH2(Fd9<Rv0kqP*ZGs$<hc4<0>FDLZ4AADpM?{rmG@7CC7i6`-k4@96y!C35&~
zFcGKwJ22wpqfehZ%Ex}?^0WWEQ;YrQx!UNFq7FhmW=;fGnA|B!-Q`|Q(Wz5VBEH#Z
zcW=J#)#(-4%do)jjq=$%>Z4y<=okO-b}jKA3vNXpt218x$IOja4hYx`2IY^_Jst9z
zfc_^7^glsD0Xm0qC_)}VNN|o#i<mgJI@PohQmL1rMM}EIAyI-9*1aQj&+eqO$x<@v
zbz3Lp6GAoRG|8KtXvzso%AXS+ViF3_ttEhNmr-afO#UgeVr7d<D?F7A3i7R=uwlGp
z<_hxT|6zaqq^PT2{U8z#?y=e6sy`6)>TKWOspmgq{hBLJy$ovg#U}n#CVR>_okt(1
z>2y%1v#F1wrdFoY2&ZGA>D;`UT3O9yFocW2d<aM1k2LA6Z$4`3tid`pbzOPyYc;5;
zT_1s(I$cv!4`eU6*Z6|P`WNUIyx;}OoR*9)iPByYX~Zq}sk-iiQ(`G@DsW=|y7HPS
zJh6Wb{N}eKeDsHfe*V92*5d!0|KHnpsYW^3ca!qwCbDJt#pGk%<pBaYPbvWd#GL`F
zhyemqawZ3`^M=%F=WSXMeN%Sc1lP^kc~ibH*m;MT$j<xBzZE<0!9_P|=T-F-20QO7
zixg31)=VN2P11CB-f=S(d_RJNFFV!zAv*ii!#?(@d_Vp7>$T{==l{QBpBg*H$39ik
z>wj#Yx&jyfZUtkVdbdXV)RX}R`_xY_*KqNdynnOysWy{pvrlFC*k7LYlmA|=MgGgX
zCHq7gC$~N2KCQi8Mv}5y=2w_=VzgyD3Cjj-u;(_d(F&&dkqRDveR)7%k^uIlxexi+
zU*`MSfB#jB{deB~!v0d8>1Tg=3(V(zlqqdnc60WZVLtdX&v!m&U#WRMbLQT1yp;}v
z)-kIX^j-(MRB50H0`&G{1B$phVZ^6(l(6HrS)k*{V#4;=apOnlOv)a`rCrPwq2SZa
zCSJP1A$1AI>)>?#MaGjAf3!4Fu@2)kv|=O;T}Z&e5MxCd6EM6=7fLmGjUkjOjTGE+
z|96y7s&}9BFQSms*Dq_S!-!RH7;U9WX&t;sY7f5)*Ve9G+cp4IK&ro>|HQ@!t?^z%
z0-tB;9zVoZuWY&>?VavbYUXr>4rBFET|X>P68nEOT|w2KO(#?>_S5Cud5br8?iT=m
zKRVPWKlfbU^ET(Dn$KI<oLe|=S*RMgU0B~6^+SW}qJAiJdvDMW1p)0unhB{2a94%J
z?YPActQs*#9HpgX=o^SynF#bTd<6-vr?ZkjLVXF8U;~iDyHy;s5MC(GF9Db%ez)M>
zT?fv7mgtb2t?hX;hnRAH7Ny=~6(oIv&W=@AP9BGb!G}Iq41*Oy;j&<;rxz8eomHgv
zuJdx8{VkO^9UjFYVbTv?Jq$;WI+-PA%{B$eJ2ueYMcig}5&q@*fHT!PGY%=awOT$b
zSDra5)?`cqask{NGf`f>+RCIl<U_4xRNqv}KmKyft1~s$k;jfjJDs>;^0?`cHDI#C
z)z6kx+OG{<V28rSZ`E1r>@W<y8Pp<g-rthyrRisE_o<f_MB1kyKH~`bJ35GFoEfCe
zI9g3WZkVwsKR1(-lc(#Z8x7O_wxSg%vap^X&h$J?Rz7^q%a4xe?)cvHv0Uvn$V7Ug
z<$Q5g5+Yf`<RiK1o2dTEQ>|`!in42}YEJVCg*&*iD?_!qRppYhOVoFJpDVi(x#liJ
zNx;m_UWtm?&8B~fo87GH7_7<|O!{t_d<>{wqx#=`44M(otC`*QnRH{o3T`w8X!q))
zZ1AaG+-fGOEe<moPowEu4RWcNTc2kQ#oSoO1fvPgtC{k0)s}R#Vu{6<eLJJG8gM0F
znon=Esl9s|O@Usapdr<*8MzcSNIx1hNc+tJt$3+Mb6o=x8W?|k4{6&P)4SRk-gP&b
zm;QMRVUY&dy#zZ<uxJA;ieTRmY^VX2POx_g_OJo=Ai)aXx^djf1cHq*z(x@)jbQ!-
z!5J)uU=t0n#|hSqV3Q57CkS@+%^Sp@_|y>Rb=*Sa`J<tRxSzJGgW4ezI^5yc;UTp{
zFX$lpb+A=ZMMyh<8~7QR($wd@nXE%kzvp|Z9gabV`}{ieRXcnG9lH5-=yqM9%uAs|
zgkOh<>omk?G6PPr8wWoM;0}J^kE@jL_ka#>`5DO?UQ;@>f)3TJ10$lS6bx01<pudF
z1<MvAx-22G@$AG{lcxhuO<p*cVmPo2QSMyQ26jZ9VObu3O1q}FXLmNmoO5!N>3JIa
zk+EyhN7uZb2T0jCRAoY%Pb4Pf)1E44BFg58v3f+ZWqM~+Hxl`fFF&I&IESB5tYv%o
zuS~fu`;3YxcJQt?`O_y9UT6jWB4h>?K3^#UZQ$KZ0=(17=SlU4xqYpGy(2BYI_Clm
zvn~x&nIM~r3pARU%__V;`JDRu<a5gQlYd>c$iLHS_iuyZ**X~{Rp;XN|4{cO@J&=*
z-;*v7pk=}$MAo21%ObQ;q_IU(Xkk)QEQ(kkQHo_Lf>@!!vRBd~F+^~A5ET`7LEM#1
z#FnK6L}XEc2NXn>sX;&yC|mR0bI+a0ENRmE_<ryA`SVAUIcFy4-nsXl|2^m2b6jgE
z+w4RFg|I!IC&BTO=}A4pteoP3*CGG|K|EDnaS6pgn`iFR?ndZdRU7~OV5SBi>e@GA
zewg^@$Lh7ex?b8pO2Wq^GW)E0FIb!X$*$QyP0__aJ{czdF`T^N-p2yn`v9%2d>@S#
zUiQoHV?n*%$7w+mPd{0A{%2m8^FIZl+gI;=ZUZNW%;%=d&#v$fM?_Nm-&FPw$9po+
zHGCM#3r;walc945Bcy}|kw0WVV|Q)I$+Di}OIE@y9%u5v3+X)!7U#)3Jn21>i}7_h
z4-71x*&~vhwi~N8W9kmYIe1<ieILWW%v(DO@b6fH6D$P&f=jP6d5c+w(-QinS$yf%
zc>56my)!X`cRV6{mABXiY1c7zAN3ncA%D0}P30sw1zFY!{LF(>ME_n$;pZ|0FSG{=
zyGu6$NL$1y9G+*`Gm3B}Et-Vh&U~5S2@buTxgd2c{F04~rX~4!PMTa-l=`q9c0R21
zZ#s)qN1;pRqGkEFXU7Du(Wk&xjS*Yjz*TL;o4$aXoFfC<;RngZW%#7|swcr{BeW8v
zc~vww((;k^tcnIIP7^W1cG0oo*&L!P&+B}9pInn7UcLi{H+1UwbdB_c4}syZ?g<BF
z1}`w|&@qgZ872Zlwj#4nQ%PTI6R{J8bEc`BJv~`GI#sgRZq1VpGH%F2y*j+FqBzKM
zb}_B5F2DJPbdCRNl6L)AFgNu2(QaZr>oF+i`y&yW`Hm+xrRd&_2u_abwUC)FhxI~=
z695-<ZUs3{81L{D*l=dYt0wirdx9sopy9LVqc1bx;VJAv4NS?9hr$H$H8)S_!vYKy
z(|1JB>FdNDs5E(heVt6+{hq+&4L)mW_~B;ttljvqV%8D{XFi>=EIt9|E7_#$=PPjD
zt&ER!{)?=M$qws8OxI=ROZUTZ`jeb;Hzc2%zl;;J-9ng{nSqIECl?#ii^BpJ?}qx<
zPs7Cr0~a5F`k(Y-e&FIb_4o(Z1MJTykrz_cS!d|#$H;dAIYCG6&d3Qs?x-WLVZQlh
zKz_eYQ;SWhIk^&CbmromiA_=z3MiN&&A8!=e7ZOKwud*V_6M^^PfF9+qbKP6Uvt9v
zzw-Z)e59S7b;?J&)28v?Jgl?-%?@M#tDn5qfc^Y-T65;=aH#}~WH@j28hC;^W;kCk
zKd3LD7W~&#)1DLKb@*>q82mTxzr(AC7Sso?PU^22FFJXz&I~Q@g0cUNy<d@GRBi7+
zey$C*_rt28viGx^Hhr=sdp{;v8;xa6*N$Z7fAXz;UCjQE?EG)d{u^FVnf(WGX!ajA
zPcr+jc=R7N`^zOxnA!iRJBZo;TX$W|{<+y<%>MnewPydHCP};EP4`P{*V_AWaT?lF
zVfKHET}<s6DxW}2swO^ktZx2K4>SKq|9w30lNt{c7Zq`Q$=4BRya$9XMT)*35r`1A
zfYBdQ^*OwcpdUbk2NDP#NX{~xKuBO_C%O?5%*>)VztUy~pkHBYH(G#L%tnTQVLJfr
z&wS6Iy<A3KI&C7s0*72jNev4o;4qY6LGH^07L>cf!2-d021Dx<u;BfNRABy$bGjbL
ze>Wm1kU!(hQvmrh&PfU&f5tge%5p$qLOfqu4ln^M(Fz0~jR?LySM@Ujg>&;@WETZS
z_T%K@&-3u4f)a`Q<`BY`d9_3P<@0KX_TG7Qg7$yPu==_z$d#hQ-PdG>zZ`_&w2t97
znPD$59Mm!FtC2Pbp8~^H9m7!h3C{q-fV$%kv*^DUC+Q2_6sY6!!xHK^a<7E*e`Ji4
zx*`7fF(NqrxZSGp_vh*K-_$VrFZZ83|G6Pqv)_0~cm6YsJS#{3cly{7UsDf#+(9Gn
zg;BcmkIpdXA0PZD;tAfd>Ea38FA!Mti4<<)oKvTGf(QF*;w^RUSy~t-{-b{Fk?>su
zb$)7PLnbdF4dJAQtejmReD~_Dn)Cj-I{Vj@F!rwp{$4%_a7q`=R5fG;G~_u6sQx;u
z4*4Wb_tDhj9I1<c4I}^35%tiwqCtJWwogMjhP1D1Lp*gZm$XGMd{bCya>SUS5OFD=
zjxE5nx_H7u>_13~ntO;~zDGt)nIO2cI|%FY^2g*&82Qk6RT;y>;9z&pL_?TuEPtkK
zEI&tCcL}sn4(Og-!CKCj?53{%mGp!`Mj}}PZ@D=5E>1QA3<HPxu()iy`-I?a@9L7x
z`9_iP4v8m858*LiH~H+UFhb(ac*@6i+9M-5PIs=dFj6Uk-CrrVw+mf13gwq0?ACp}
zYY(9haHX!{3V#LfI_NO;S+At}dVnWs4MZ4#(i5II%5g*uJh9!Fz;UuHaHPVG9Ae2u
zj>;-k7N(9~cL^)gyPk>mIji3BJf(~Nvk7>UBr^aZn!V_>n70c84n=r|*?<RL>9drg
zdSeH^kV(Dl6k$|iXoL|-w;Zuk(lSN@C1pU;>>WcX>0=IsT*KiHlrdH)R2D^9qmM7n
zq%6BQMHjO+?q|0jVYi9$ZLyy%M!D!|1jb&?*g4h=IIM+n5lgA(dtD=r9aF(>5_2z+
zE`Xd}jugnlT6z`?d7crF;OV^3<tJfHwV(bsN3d?;OU6XQS+G;~@~e?{*HweVeME5W
z;xfH0Ey7yl^YemryTA|L4H>2Q0lS6LJuu{o3Y!bw)E_vyUwO1QdB_%DBv_`&o4LcC
zeq0^>92J-4KIO2U<4fqPbZx07-v##p!FA0%d6ZE8d!*psBDjAOTt}}uym9ogS%y=B
zH)e0*g|UlxQ`9-$<Tz(a<C~?Q=g7Z~^QN%^KZ(qqg0l2;{G6zB<e&6&pemvS>z~eV
z1?vxm9RvEgncdwoPH-CpSGkcuJfp+<hqDUG;TUPX#+=?9y$XlYA@VeyIpm|Z&<&MA
z#I)8ht#Im**>>Gc+49sR^KxW5nU{g-Rq{GI;rGu3XgEB80Pi6eH_Z&PJ^FB_Hndrd
zsjg=hSwZYKkYK9DI*V*i>i=ZJ;CkR`uRAtjQSzK0KzN$M6*68dcnsKD!IzAHMWD-B
z!BuU9DsCocEM&C3nZT{87rDS}!g&$Bvg$5Qitr_aIO2IMu_IuhZezM%x-7*@1e@rU
zI6<UQO(Os>b*XaR3*H5I!tk}<69T~(axDEJ7DQr(G=DRP!;;)*?1LzZc^xhBbJJaY
z<b^}NZw!mIu;84rUMw6hc$d;&R^dCrn?~O25oZ&@RY^wAMW@e~0{;K$7?wJ;+B@0r
zeyrNpcpdBSq1B~(=IpUU;_ONYwVj_v&tcLI^{rDByFPqR@4y+gBD&?mP->edi!nw)
z!4Z4RVyuXgg2Q3-x;J{qGg!$So`l=37unvaKpZv|YncO0e0QWGl0@3@PYUFGWmg`9
zTXRs<q<eZJhNor$3CM#&4QdsTPjWTBMCZbeY0z0i10y_}TwF~rjtN{GO)kDcFHQ?w
zEQ0;dG(4uQ+W(Yl_CK_L`Gs9-6yrSBMn-OH%_fC0#`qPC$NKj{<8Khg^U5cF*+0n6
ziZM>ThKzKuJ`0Sa>6Ly{UlPdj{PG3zxli+V?C`QG7G+{+53~ZhYaNvM5MO%uf?v8U
z@-8_ip5V(PpL_-I&jk2qEIXP+U+9kyNFM+7nSD4p(7-HykSUc|cc1iig8K$w#RD>{
zp8;AlD}cbx@Xms3O&CK#gK9qp8q7O?(T_)UM`U7<0vi_X@9s@EV#nL}<AUsWI&|0U
zAMVlFf5(Th|K9cgmp!F>YCY^JuWkCf_LPyF%AWGv)0v$3*yO)sPq}|+czep6JN~cP
zQ{Hq2v8O!kti_(<bk=T9xzAa<J*A(sp7xY2DPim>Z>5B>r?^tW*i#-#31d%5OR29t
z<)cApCK=pDVNY3cpIrZ9kYrDp#~3@bL3_%)KQ0Efr#u+1*+1W<i+>ptCjMo}KVc78
zoS?G@ob{01=ljy`bIhZ4t7mqzX8$}?=l>lY#{V0pJ&N;LFnrb3TrdGARCA%80OkU^
zl!|8yDmZmDmxf;(aof4Iue9x)JmxXy_{n2Nt2UY|=-S|*m3~zxc%XuYc`Vs(nkig+
z!hn47<nul3a{`ejnbvHvNsEvGcxq~;5UAN=BubSKia?EZ_Mp4LgzM7t26Q(Zf213;
z#;4q?E7(%Z1wEK$q?p0NRrL>8_)X%K;gW^_mw`A)r?r;Lwd@=S$m*ha>ndqXuOBEK
z$NiMCXA<^W^CfoH*yHZhz5j>8ynn|(96uC!XUO=WdOvUPkdV*&$La}w@)VhWGo|@=
zd_tY(-|cal^<;?7{xd3!{U@_t>q!TVJrt{|p4=A9C>mt_d-X=mc*)YOf4O1SKl^`Y
zzwKUDANy_14I2FA(AmF7hOvLwL0(qh{CZV=bFxll)8$Q9<6IT5q8qPyj=I-7&lf11
z^7M3g-d;vmS6b*O%la2za-Mu}pL2L;ncRhOQPl7Tb}*x_jV7P@W+UZ??S7W0dz^z-
zE)k=CY{Mn*cOJ2OW)b`ns8T^Ax-Mi$^^Ry!B6Yo^S&*KaUJukenx&|B)YD%6dt}=9
zEmC&wSCpkGGQCMDQc7^L1COWmj(!t|@1r4;DKs<pX@7PREP96h1ig$PZKG$op>9`I
z59))}=HWJF5_Fh1Mwy4ZbEY;Acc%w25BJMc6?wQ{-G|G0gXU5_zgqN}nd-A^OrM!m
z`fU04=sQ24(`T(vpH(MF`s~rkQ$~(|q+lY^XE*Vt=>N>q)CKyKJ%R-jR+giFE61cX
zRKL+2IYb5v7${z)>WJnzi@u9}R;f5gK*c>*rciO6tpOD`VV+9GwPGqRVw|Mna<Wmy
znZv5MR#e6H;Hvs6Rh&6nQgJn@sIwNEWEJO2MHP4VN0N#=kSeLT?-=_yQ!VwUns(I0
zE8DgC(O2FdIzM`9MxEz>JJtN(Kv&kRtF+*PZV9M;{!bC=I{$V1z1-08bjklnJY5tQ
z*zEQ1(T5{DJvb5;E`;vbz&eM}y}+qL=psuY{&n=<389-aFkA@T+x`At2;Fgg2wfB%
z+wJ5Kx&z~agwSms7bJx4qj5n(=w2FEw-CB+Jwk@i#q<anLihVEAw%eP-csKXx>Tza
zhSJN5lXH8FV)J#2Lz=}c82SAe+;X)zcG0i*SGLvcPcn4ppYIKG{yFU*%NO6=MG&4%
zLU@r6)xp2_VH=HqFI{K<2_ye{Tb<XRu5A4w^PWii_FN)uYtR=Aju4se9M!EBKvMg9
zbYptR_2?hRKbr>rGx(>vp7>|02LF5;9RGa$zk`2vs_@Su3O$HYtl6o9K;42upx89B
zh~|z^LZBPcv=FGnJqUr8JfeU=FYiQkAK8eW7q12XU_t682E;!WHU9ZV89PYuPjNCA
zKtm=i8v5<#TF}srS+$@ca~;vpG6fnM76uKKu2!I-)(HVLG-i$p4N;9ly63M4Bs7#c
z7}1dBZ=#{bgC#U{wl^-3^Bc-&=%?O@hBDrf*3oZzOK7N^vESD)Nc~={Ki#91W<9lO
z>rXGet8VqD<5GjypALhE`qdi`ZR%flJcRMA4atbKQ9uMIexXKDT7?ZlT1|FHDnN!D
zEB|Svun026CT<JV+=E2aHd?IO;T}dNw?%`8;5?7NTu329j4v4@pFn0Q#m&Nm-N_z@
zDM~2aR=7tn>>_w50in=@a%x~t$Vl|7@l`Teu`@k0lPz{d`6Ez211_W|la;0kEq~OR
zwioy`^^cNu^^dAm_5VDdDvM>?>B3^U!!xW0)cxzBs{03P--!(JKHWcw5i2f3LBAeQ
z_^(I2raE8_@`*n!M<%HH*F&!Q=k^i4Z-K9X@qIz~;ItH360jsUUBYNrLniNAw^R2(
zj>8HE_YrcEzUNDS0-QC!1_q6~imfgpmn?GesbrCxaj$Zb>z9g)oK0Tjtl7B8eU=YZ
z%PP>TvuYczryZjDNf&d(QS&b|r_a6fF|(^bvR~ky0qo*$k+s{`b~e|<-}Te!|2xCz
z|Kxh%mvnXfKPOqL1do-bOPe@@pn~f-mM*OjzQst0Ch@+Yp;saE$u`r(tEcMn-wg?q
z|E_Pn+SgWN4<cfBT^-zb6-?d-HS)fbqKkja3KRbpMqbr=v?LI3l?>~V8|xWFr&SD2
zhI$5&%8txMhqV)5a*q*|*_~v|k!Hez0g@ALWn4b>@VBo{7){+}^iW~0uMOY{z%LM=
z<w&7hlU%+ehCT???`(4E30zPr`O+K7^$UXxM(R~}Hl%Axr$vNIv79s`U+HQh>kq+w
zmMkgC^+YON?}&VTK2^Yj%??ijo$OE>Eni&QG?If)1t3t7v?i>P*H`|dt>ACXrcp{4
zV0C!m?aMSepa39DQ5ISLO0GA+fovO>Ry-%4E3}Xv%ZH!Jk-Td&?4CI`+~vL4r#Fxi
zBvKE%_i-ciIa$EZ_*-s*<m-MoUCZb<la;1`{D||-st@UgwO@~a!CtGMyw@t-Hs?#9
z4e}pQ!ayZqqi+!8KfezM_Q38;P;a27`SC!%*FrW>6LtHm>5M!H$dBmA7Dm1k$SwTJ
zd|tGhvPip)00&-8f~H5s6&DTQ3LAsXnlE{YX_a`vQ)Geg7Bl#RjDeEB@Q8S*tZL><
zzJkO9p3iB%61!*KGTclbvAZ|Wj~?4uq9Y3%3+@_PDZ#(180#{U-<f+2A_M2G3EZ+K
za0_3OM-!7vw^a=zU*UZg7iCD&5y=XNfsl|7tD$UaD2itQ81Wgc&4&4Xa_pW~g6AoW
zBYmojO3{g|=@)E7Ns_y=ErM%fGR$XNg5V+`v$PQaE2^<QjRd!`>Jn_tJ=tW$?|~7&
zG1o^Hk!&*JHx>!qB9x=t6ZJ&8H@9PHSvqg0C$-bcuSTa^EquvGw5tZ0q+%prH{=3o
zb8cx57Lm3SM@=46X)})=lQ)sNzx}K<2kbxuSeji{GO?W$o)*w;iNpQJv_zJH2N3_U
zb`lD{?KbE5Nrk<8v4n)ZMiyG=Gh?GTIpy>cIyBsvey{>#_uwx?+;Iy3d~0z*yFPRc
zu~pdG6%i4~PZ~XjJWdLm;Y%mT)lFC~W+Em?n4IoDX(#F~<z0v~tOjyEox$r_1{_*Q
zu}026otNB)WqS#vnl>7km?jM1F|z<32)$rAc=~c^!N~^rPP*m-QB(hUoapuE?!o{b
zkV!m|g1YzT6y;eS>lql@HdsUizI1H_eNV=8w}mc{o&?34YACwe(l<5oktyRyH{_3+
zGLrTx)*>h~XL-h%@a=eKnW2%;SX2?y21AA$3pA4;JAsu@p+R%e-|`sUh2dM#vtv0q
zK#aX613XOmn&kQ^IQjZCd0*hfw{Pqdcz+EP18hedh_Bc@w$j#)3O>d8&?8iE$ki-`
zPtj?g0Bdj#8QLb?9z67Z8yY-CUn=Blq8$gHjQUr!KEx~9Mma7jUQnKsyr4g`6)z~`
zHhe+-Zd1P?=LALa>@&{EV8P2b1fnxa?!^MlONVK#Ux95?L%MD1$W;vkTv!RNRcL!<
zR2*~^Y`r>gRezunZWw(|THrabs`sZCvjP_#>g9LuW$D1xPSV>|n{^pwlG%x@Wbp%F
z=%QP|JIhD5763ylzcQV-EdOt+`XO@t#n~7>`QqK7(>_{Q&X}(73oWh%Ek$zZ3ars{
z$izGW`EVm>ut~ByFU%5y7DpdRfMDDTF~OmP(tjo(lrE5=^yzej()ka__JRU2r8C=)
zR=rE%!zOu5Bqk%CE)Z`{#)L9)a%Spia#z(4nj6l>NeQQu#ba^OW8X%u#NRQP1^HnN
ziDiVRYEj@KOepbvc4Lv)?1jsIj0K}YJR65)ALy;6><cJJF@Gjzt~OPta=yt*i6-@x
znlQSrv`fz<x01%7wWOc&p$T!A5W5%NlGqn>>d@baV!yHSVk$L%w*2lQgiDGs^zSB_
z@6Zh7E1`T$^wyuF(cw{c^S+&6J1th?-8{^P*+6rik03~22E)5HXwk|6f&ISeZVPX^
zKY{K0`DWP`zFAI!2LE=i&-qdsYevg<0VKFWG?x1Z!F|Qy8Cxw->}v(TK}ikh9J0K1
zl!~pMxDK@+R9U5=WRs`JR-a#)-m}oW)(Q9$?s-K{x{;2>wQ{87fKqxo<#LxEmn$C`
zbz`uhREw(ut0mAZgIhV2s{`|Th(oT!W3EJ|iKC_j5(AHok}6PPXxj;K^U^jnM1Ct<
zZKc{&GcgC?E-p}efo90#<N{kX`<;PFK+kVO?Jr4!9WCWDw01C!NfKOvE_5%TH^8rC
zlYzGewsvXjp-&xr#u2Lb9PX3kDf3!_7TH2Z#Ew1G+|{Z_CJa@9&p4Y!75+ts`=~f_
zWEy9G;u`+K$C0SJZKxP>B}I{M2$b29gLENN5)-|hBzm)e=mnz{oi~Yz{vH!u0MVOL
z(HrVT|E7f``mTwvAoW>4F_`FYJ*W`<Mke~lDC#ar^!<iF{4k``i(sOgBT)3VlIX)*
z1Vo=QIZqb-mk1Qy9D$<SK=c+=^ccP9CRub7irzjTx}C;ao&nLT9#DwBnEt{_njaAo
z14b~>1^k}P(j*q6=+XNppmj2b#(l5-f`xb|i^J@wok3FZ-Ciua7pyQZu`e)kL@)aS
z!&WTrg=<`nIJFn5ag!>5yjcW`2UT5d&8`|%SKG6z7Uk8F!{leMk_5E?v)L~;gIQJp
zvwt)TB$a!-Iqm5}*gwGRxACifz!hNNOKm72M-%lGuRb|0&wB}_>F0g4eWKKf)Wn;@
zp%u89fF|A?aa^MQ2svN+v_aZ<DPqXmft;0eX#|^<CI_3V-)DEwNX#|{Wh5rJ*n<Fr
z1}eND`x{-sFQ0~5NtGG&dX{?(H?ShTvze>1UJc4U<7!auis0PFYeBj1#*B%FGijUP
zC|saT3pu*g-h{LzD%$f%dlzZ1sAv$vugQj2BY~@)%^(|IO;8lI4`sO<p6Q$vKv9pV
zAC`JeN}hexL>_jF?r2G(oDHZP7;exp+$1wB1BTW*22p010}KbQ$;SR1v3*YoMntxg
zDnDIni+22H&d4f1UOdJw&LkJBS{h`GL+A6p9*X(Ay@z5xf7L@VpFi#)&F6P|AOMSH
z>Hg-mm5`QAoK8N|!XGpa9;o>;RS-w$sF^Y~TfDuk<o!)zpAy8bZ6ybVrLB~>uT@)^
z;Y1R!^<XN#K_z9*0b>_Q`S+rFu>5;0>!9yF{PRBk`B3&xebWXzChs)%7WtS%KC18t
zwZ*|KRwj&p)W8zP(_$b^1kV#_Sa<@Kfx^~kKy7p(&0utP6FfuFwm|U3K;{mfIi5LK
zsqyr$f!)Zvrz^lvwRvGEGcPn2%Bv#BZ=>dgylwodnEA!ObX-G^{_H)1D^+FLu69Le
z_8{89?!+ANCfI4luLE6}M)}2?@9)8(AZ9#|$<)+GF|wMXhcTr^lO{lhNLLLeqLKI(
z9Ge4gkoW8870ad?Er*6`NQ)$C_AB|gIL71RXy%yzYd|+Pd^5Z2b%irQnG2unIXGAc
zHSREZbs378G?okswE>#*0hL1R7E1=?>+(F=(T#xoSo!M*W+}w`O|vvKUo_*0NjxRb
zFOyipF18~VYqxjbenn9G&pPYkANz)hf3(yCKX0YuNzRYG8BgXml=EZL!>V+=<Vrz4
zFVIu7Ecvf@0VX1*XqiR+WG8OZrqFYEC&smgla02qi{Q=WO3ti&sXnfp2|GQmKoJ4d
zO6=EIjsOx^CAF=R0m%bZW<8G?(Kg~40e0&VIOdGv_Z|B%l;B2%EXVY?mr}ckRLx5&
zTc-Hg>%@vi)Cxj=c}QAT2Kbw-BG@C0d}(fEzz(7-AWOkvl~~ysy{IGk1ZonYoh4=K
zOHk*hKFbA4-Ad>8q*`YcSY%ddVQVRNC9;uWJcS6CH)_fl(kJj}8((^q)pv7vM$so@
zbv)KB0*0ft@1rcwn`^{!q+}FT*vu5N<Wf`}?KB~RLDO6GpoaKWQR3DB9XTJrFOrQn
zQjS!zyu7(Y;KY8-`pEgku@>$#974tdm|jI>!fzR!$%)tXhXOpl;`PYt@OGYHW)*Ph
z1+e3MEZcFQoExiv3)TfR)Bo8XlTgoBvK=>I66#`#{m+0I5?Yw%Z@HPZgQlR)QQq^d
zAz;g<5@bsf*pzG=SQ_kjS%Ly4fmzA+GLyg*kN{pelfWcNpsH2pLJ8=&q!Q3iz_v@t
zmct~VdIjs>wnGWtQ?d<Z5-j6n35o*}z*WDxR-KecJ5ZHQN~9gAIH#(KORq>Zapla7
ztR^l@b5`#*8%%~|q(Wias;tPM(QTcsYK(3`0izqCm0S%9#Tp_M+iI&ldG$)9jZ)Db
zK-watjaJcekyePbaVlCK(sGdYu!=SoX{ktiL`55qGz-!SRJ4gmi?Y>{^qSDb{**RV
zMVpMY9Y~v@qCJkZkC7I%uJ7|m3tHE=2x<DdzH0dS%2l)zMl=BHnC@8gr;Pk-G$FsO
zBmct4n}Phjj(mZU-v)A(j@+5qDCYs$Tx;6vanV83UUy|=0m$uj<o1l*1;{2H*(B%W
zHUfh|$6$~dPDT-iKXuZlUcn#O3gn);q}#7C@^T<Qt0PCSu6YW`=M@>b<p_qY22I`C
z3N%z!^Acz|&7-24_iL&YcwiO}kc(At$cbF>#j?vraU%~UX{o8pH<?^bJm?z*9PKFw
zOO5>skM>EJJ|Z_4HwUn~iY|J)FOG53YjbV@E52WR{07`O6p4?JPguuR5Qp*-upi7z
zV85R%dT$UNj(UUF9uP(m%dcIz2p$=C1K|5JP`~z~`0i1(WAf`RhOS?`^A9!ty0x7a
ze;v9dH2#{{x*qsz4P781zS<1<>lEUzCKYLBMSOLRbc%K}^<fgY4{1pNgVB5!>{zXk
zxJQOv6U@*bJV1<OmT|<E0C(j=ybz{afJ(L&1?Fig?%^oZ8Upn<+&@#OwVm3ve3Gfd
zf(t%{J8~5cGbYw68Q&%V@AC!sMC3LL^yDqzItk;0wP}e0kV)m;6(A>8%;2agOJSjb
zr0S*F6nt$lgDo^3olt<T$^PiA`DhQt93T@h&4fw7)4r%cCHp4`U^E0!msH|j(Hk-1
zW`7d&#zT*eo<@F|Voko(CnK!!6k*ZiBjhJ+2(HSy^``nRn}93Xd*^WH%it;-(bRiJ
zPKmXqF>s|YbQ(ZL1=tFJt0DwfgBB8Sb);b*IZXkAt0Jo6Pr|B`PoUM+`w6sK*QXol
z%AcT)ErV7j9^yRCVMSXB+bmOpmMn&@=F8aT`Id+*ij-`BGGtK@z&6<dbX6c>8$o%`
ze-PW)WOQYdBuG%Qon+X?EKAUwNnlj6y~iZr0umevU>i=7Kq^c^?^%Qr?2^&dE(u+g
zDcPQ261*p)t3@qPf+b3}2blzmBy?36SHOOLkp!&*iLo6FB-!LE!`YQUdEZ=>oe!=&
ztb<mC2Bo<ZuFR%aV2-;s<_OkdSWTJ?+RFg8<_8B`9TiqNdu0ZP$Hg-Urdk}_FjvFs
zpY)~BV7dw#Ohwp`hO}8K+BBqf?pr$)Y1FrNDDwNQwLlR<+l@50idKrWFOarCMVpVb
z7m>D5Me`tS7Sf(o(Vj-yD5SlhqCJPS45Tep(Uu^s3({U!(OyAXEYjXm(Uu|Yk3N+4
zu8Q`i4u%ynI56XC5?3`&hc(=cJOaowb>uaS+z-g_>&V|Sat9!n>Bv_Z*?)zQ&*;ca
z7?3&w<Qg5hhTUBb<Ue%eKN$H9ARp6_k6o3lpHBe84?2b)WQJT|sL(M~Fb1>O9~f5a
z82*&%zX18T&Rc&E!)XQ}3p$*(hLMk6hOPyimS(0nt%-!w)&#|A7BRa4qBHRTMQ4cz
zt2~Ix2#%T_1cA|1C2bohJk7I<5P{L$BZdYl1V*o2Ga~{!Z$<=`FZ#?90<($VMN2lV
zEzy0b*$0<$uzY<MEg`Yx(URHqHS!4pv%!s@KURguo+ppBTMr{1YkdIm*qo2U;ISd1
z8jme*u03Dphzotb?oe!<>wU5~&`EgKaw%O32blxGu8joGGy-ZqhRrh#p@v!y)PCE5
z20OMUbVaNqxnmlQbribsD$}gPvjzjE<J=JEc!xLXW{mej)0N=<k61x|{SHs+&EVX2
z|LkA1jN=#-p7;ui6{!1}t*HBXT`3Rw;JYg0Dqi9-uEHqCRV=;{<0?$4a$JQ`Z1D;j
zT4(G717&Ua_=Ng>Trg?h$NC#WzYj-DJ@ZEko{s#gfeC<*%dmb&gNlI(2I`)>Lym6s
zP{1;fhE$meM57-p_R0zjaqZW>0f9UO6gQ*?27MjJD$nPDk<0}4ZbyoRFR?``<6CK@
zU@^Y(O1^YhWFW}Z=xk2kdv|sGetqLz1#kCaq5OCh{#N9B*yw=-WLoGf1f^~fH~$(z
z)w>O}x=>5dE5u!5Jp9|!A>x%Lx*8ED*sX{75-1xsb`cbz&F2bl28&8QJ>8OnhY-nl
zo(uf}5pD=~UT@r+G9)ktXKy>~X47Epg3wojaw_355d13T47>=@ubT_V4?6!{Mbr7Y
z`X%(#MZd11aZ;^&))M_%(<5~BYaxqYU3eaJU9Hit1whtEzh2MCLxBuQs+8}Kc3M{H
zF*+t72==7-Vk3Zk85~X7(7(7Sjl<LI<R!&J7^w4hbOF;4P}05e^dUxP->TQH`L*kt
z;F&?A=Zu&c;g+BL{=hAK$s;VKAlYTPaMBkY5!_$Wk3oWEXU4%%r(}AQYfXS(6)AhY
zI#L$0+tn)1D~I4wiopjJ4UdYqE&<M296MZ*os0V6FuAOdzH|WT%&HYM>)i~93BzaF
z$ur56r8=)c?WZfYH^!*2Ha96(uS1Qs2Q2n?z}4%nzVhm26Yp6f>7^$3VnEYpdr-%;
zU4em5EmmCg%Wj(!!;$IfJ*k0bbXtfj;52sUFUv3b7pdc&e*Q(h{@oO#h<8e+>tB0y
zyi*|7i7Z#JA=Jb>r8fNU@@v4pP<(P;9rJ7S(8xcvi7x+tyD<6x8~o4I&yEw@sOx9D
zHn;g_>u2X@WpZop;g~=5t(!vD&+fTbK!uA@v5U<i>St$n4IM}ssGoiKY*Og@*{>c}
zzn>G0bpF4#Vf=ql|6Tr*rJvO+|H;p4c?ap_UD+l~{*(I2tE=a+<C!*^dLBRCLEiIJ
z={>KHt53e?+coW(XVlsMt`B4Xi~O7Q%U#QA{H|&P)Gv=v)-Rt8&6&-q>z9jgalX{X
z{WsRNe)*)I)a_f<P&fb0Vdj5CedfQS^v7XN&IR4k;knV_ono?kFi#(8Lg!;R{d-8)
zL{}M||LxOU7(dB5n-|X@(?2H7H8U=XXua2|X+pmSI6MV`n5mV7DXa8?b0p@NhQ8|q
zeb-#-yQMdDql<pjYwGToxZ42t8?5`Ki|@h3H>F41cSAQ$S<FMTlpNcsT1xI{saQ&s
zvX%_Pumr<Rp_h|e<mF`1DYBe&pa7<p@%;2b_51!YT9^N+b(s85T%GZ{>y(+s-i{+U
zdYq}SH@~U@zp6REs!`hfsJOKG!{Q8S^Br*!{Jmw6YdFqm$4qH}5eFJARqeop=jrWm
zA9r*)FRVG@r~hFtWgfPj<=3LKtbbud3!kyY;q4A6R46}loA5O<`y(BE#u>pNI`{!+
zvPyq1>_!<*MpJLQ-Mvq6gB`%!3IH9gJad^sH@mwMGA#QE43Aby-IGY&6Qu4bN!=5q
z?n$L~xUUg$3Ny%Ghx=?GADIv_KP!S?Z5->)B0Vb@`DR&U*a)O=vdnxln^CB=u~u)f
zkb!G~)VJH<3mK;XI4_Fv{$AwiDS~@~(M}}FGLRpbK(-N^%__vyuQ)^C#D@o6P`!T$
zM<NrCyyGnI<K%@NhRL*e0bM1HiDfh@W|Q6X0`+B6D!o+o+^{xq{vOUpo8f$PZ0R27
zb!5nV7D<LoBRm@|4TJjVlZyK2lhgY(`Xo}P|5}F8f7g2bSNiYNmiov$L?iDz5jy?X
zB8>j4pS)?ZzPS6P8b8`4tYqDC!r|L524~^{CwlnyFnqgJTBJU2A5=$Z@`*gXPlG=U
zI{nu?jQ+b?ulCsF_T>F3w}*^WXwE&*fSyuw9*1vTrRE%OSEu}UJAc&RbzOU6!n9}U
zmC)@``|~(;{e$*VQhorc_ju~mD>AX9kdK*QIZ6;;T#NZDjz_YCQ+S*#84F-V(k6>Z
z$CFsha+^tGAxwO{9DTPl5<`}g*||qNvH-?{1o4A)7_}_O&cQp(vR_aNLQ0RzrfHIB
zf(q%#Uoo^!3X&rIf5RY*%M&mz?<Nj|mPfS3xI97pG)f<|OdYg*=|EQcAXyd9JRnl?
zbHF)r(k<Z6Bk%V5Lx2S$_|oqq0t~JqqVu2L7y-2!E+qc$yHUzVAU(jpMaUDP?5>I&
z!TK%lT|&#V<|hv<p4lg&3FKL!eagBM&nh1IH3_1;6kQ5V&m;pR$UiT|cp0JC{Dq&|
zax4XU1$OMPwa~Gn(aU1Pj+9b`nAKgX>rL#z8?XmypOXHqO3&oPrfp~%D(rLUJM__E
zL(yL<JABS_%tyyb{;9Loy*PCwPYH*0SPMY-2JlnaWLB8Y<*}qx1%73mkMj|wlgT+l
z74cK@ES`9Ks6BN@e9kG|5j1O!GH54~!=RnET-C>TU)T0QO0izozV`gWm)g~yU-+kX
zb;>VnU{I-nIEK9Hsy}tfe>Yr{O#kV?@R2Tt!&f6c;YMIMq<g}CnIQrgw&@t|lNo+F
zN*FR}u8F~#NDWvxg64ULeyp&OUTlkww_|OClsEW}UQ7&JOwi^|x9|&R%3hB9K#oT=
zUJk}J@v0QF(i^xQxGKkz3*v50iX~tDdlHAo=01Q=1U_e!%Z8L>aS6MaP>zO__yAE5
zJ)D$E{W10wqd1P;;4i})F0#KPm&i67qd0&u{f7{1#SgnQ_~A;Pw*FI0nEFrW!{{%>
zSDFnR7UPCR%uYZTS;OwxN7t~zSb7<AWE6G}Y~bEZBid}Mq|I8lQfe~^qDj1e+6XWF
zx^ItGUpLjXckE?td%HIYlmFwd(Cw{vKHPJc^8Q9X+@{dn;%PRnuoHE(3?<s&Sy(h(
z>o6y7W5Hv$6i*|)*cE$a67=A0QV;&nG8i5}P7XK+LjQfQ?Z2OQYR1bYZU3EW6ej=M
zxqrC-_Ev}MKeEvxTBoCcht8p%hx=!T`%m$ixu6g*ht~yvb`F#n=;wm<a<f2t1FH^n
zb)lK_*{{evTBO1+Sj`pU!D&3w6VVjD#8eD0(|B-<M-rrXr2C?QI}__INpVQYiQCvA
zfGqE$X0Y7y5P4)#<|7g?9ti?vF#bCM<G<q-AwW&V0f%S=j$_nAV=8RzCOWLueCeAk
z00-SXL86gN7>#rxy$uVPfB>o>+5hEZT2MU4y)x)YEk!&~toZpsMLbY7R)a6?CdUIk
zM&p5KjyJM@g)%qj4*Q@Xh6LHvAwdOlNDv0}Mmrl|4A2q$Iw%^yvP1I_Fl+!ZmB%>c
zkRV#e$lIs)1hO0amM9_Vd?%i!htp0h+hq<^L%W^8jCY%LBap6-(U%8kgEAAbDb`4k
zqH!!N%*J8$OQ-ABW9$vZ8YO3YQMPJM!Pbk#!q6&9P(9&u+P*Y@%L>*C8jZ76c~2XR
z#-Tlq@!k^J`B=%e+JF))k<m^BlVHA*P2^a-w<JMfTrT_hVva@Q<jCAV$^cTja)eVv
z<IpR=af;X*dgU*A1xBx{JO{#>lLbsB1t;dK21W!uTQ}%h(0G~+7`hzWlH!@uDm?QW
zVx2!)P}(0V+V4pF0cn4!XlIeO7HJn%v~x&%1!<R6v<pak0%_M&v`a`EgEUSRi*gld
zcBDnCXa<a7xdmxP6)j2^!%{{)RX>ZX4-o9}nGTHoz{pF0yj4ezszLHJAYasxTQKs!
zfZRZb(;6^x3Xm`9?!Lr+yB&~E>By(#Gk90_6NaC33>&WE{fB`3i7v#X6MOtuKyG;r
zf_X7WBu0XW$%f!HD7qa(ShQ(%DyA*){R>XdwP)w|V19}Xfyav>Z{owl6-V}dC+h{d
zMdGH{sxDk&$M_DDPb~F7ytwh#Bo+*^hJ7-NACgaSxUMnse*||DS^BO<{Px<@Vd6U`
zRchi1{>anB6HJT<9Zzu8SC{>HkoXQb_ZcR>12!A~Gw~fKrmNyRh_0p(cj1hX!5#1Y
zZs)`+Mx}f7tKaRK;EuHhbdUCKqX_P}bq4DESHGaA&uV=ir?;rz$MCb-_i=~|{XQoC
zRu6kgygL5*9>g0_a{RN2YIk}-%({^;=}rL$rY}oiu^n07Nfc!?#N^V8=rJ>Pcr9L^
zQ@VlZ+nXeXIn$8h=M|8`#H<M_NMS@s@n&iprWpVOA&|g~4-=I(6pAM%>i7H#8KT8;
zd$qyEX1??W8B9zwN<|PEn6O~q=lXk5#go9mL_C6tA{k7SA$rJXV1i)_D+3ezIr+33
z1rrKz5daf-4yn(HhX|M`KA0pQMME(0P5?}R&0^E71Wf#^5rBz)Umm4k!lDEd770w4
zWH3RdRZ9jYs%2H)S434V9fG24T^N`+5&#or2qr37D=3&)qr9gXf{Bl1FrhP@P__>Z
zTGPoFCl#g>%5#*HOeY8<vgr@2OeU01!Vnhuii9DI@)Zd~nB*&nAz-MwHX4PLVSpj%
zC`i>~2pKHg6C6WSB8J%3q;?GPL6h1s#4}B5#}LjYwPT3;n$(UV`ZcK?Lv(6VJBEmE
zQagsIYFsA_v5jfcDZ7a#U9Z!_KQr<$An(?Z8#5Hp2guiI#SpD_hr|#UcZI|d`*(%J
z5JqwJuAmsAl3|D?KwhWA5M9~hrvVubFG+!>Q4)rT4~ij7;>m-EA?AD(6hpwY6gM42
z3;}acylDtx2$+20@`EZ2L9e}i8Zm?*zI<B75EgOvLCNG(cu+zU4<A%u2tk~18ZpGV
z4-rG$Kks7g{>>p@Yy6v4T7A|1a<7p3YW=T&6F>Z~#)rN$SsfpW3qSO$V@gN}G3Gdd
z5NkLkgqVI@3n8XnI!|B0*=7m|ac(j~i2FYX6(9PQ=KPeXeIHA!L%)yiN5j02yR&IT
z=mdBRPE*A|0u_i<*R8Mdlh1)x8}EN$6V30bj_=UOx9X%;zN;5Q%eUZ{I^!GHsbm%b
zf!WIeN2FB@hUDdaF_wV5Q_OFfG7sKhq3OZ^GFo`SlWBn?v%Yp2iN|~?<ZC=+dnUuC
zoDQ2zGHl9=1ou9nn^h=36FL4nHgY^s^8-mGA)zGs85lP-RXKQ;oBsQ%pA8~vGWzh_
zOMY6NHLLUjUjo(L(h1y%vdy0u7vb<ws|h4<cWp8Ssx}Ih6~!B7kl~pg7wL<!`!^G^
zIm>#YP#9P|vopsPor2h0%(qu~L@2#bdy0jP4tIsP{hK6w7<;g9C5yTxK*#lqLAZE8
z@TMBcM5z|}Bjn|*BC@4>h?LMcNZpxk?Id`T*R<oL^p1S`R!EiDBNO~qzrr6ry^NX(
zKjgYWz@m{_5h>oAkHBEs5y8ENe)Obiqb%W_1qN2KY5}bjzkEVrqn^DJ7q44a$QEz2
z_~N&Cu@ku{+aEDs`i6Cy`Eoo@lP`VZdF^-%o-h5cpM#FeMTDWMdQFYLuKw>G>+9qH
zZmN-g-Z8EHbmd>YLi@ji%U$>Qg01zDchXvofBRRhyjRbKmUqEV^^*4{Ca+}6_jb?Z
z)?%4KG8{YBbgd;Lb}jO6Sfd#)I{8z>$iL%IUDvN{yZbMDm#a{>yu3P6a8)<s7eqpA
zy!%JNeMKnU!<P)9u>KCRn#9DB)d9+%3tfIv$2;#9Ax>ZLq;5+0G)ngnB{;k~-4l^v
z-94*ChIQjC$c^J0FUQAcSj%UT6))0v6WY7UN4P|`XDtNxplaVBZ9KKRiQpb+^!1Sa
z!A;<)$Umgo*Gk8qLZsbf_wRIgy2lCbv%2`~CZ0xi_o*zyDLlX8xd%?1(#q!6#xu`m
zd1qCt`HQN_uB|$SpZS;FS~-QcyZZ}nlW#SX2kKIjh4yV)@J8xM6aVyDdSI~z*4<L@
zA(G#yc0jQ85jYzlc(ZE+_ikZ#mEhk>x-jj+W+Pwv3kAvBiNgENXJ*gOa(^?#9d%G}
zoiXrpAEY5vQCIBlOM<m}_T6^(WzvtT_6_mI+yh&=A)a>R#&&zN+}rJ>f8+1;#xx(|
z8S#yAh{y4bDZ|q!Bc;i#J-`inINvV$yo7a|vx&nKv)AE{`Nr<vZMR<HpMIRY_zaH;
z^lg^+KEJ)(*FVefjotr^efO0io}_~r)>gdtF2Xd#o%BtX`+(hgWzLUP>Eyy9ySqBm
z-Ex!Qsv`2gN;|YAdG1!hx^?ym@>eT=rZ+W%=A!e&Tp0o{(p@cBD`&;u;Y}si99PIl
zn|Z}V)NYD()?Q$y;_sHnSGuRM>Uj?DU?Q*B-)^Y3`?uP6R}b;D+>~K$%zGcA#{^nl
zakwk()~!Tdh|jaTt~Q!=Gfo>>4Je<NxJPhD?G;>?jI$32o<Y@+`H74}!BtT$xc?Bk
z93U@GDEE_5;E$a7kl?-7FO>h*-{FmFjX$4}xXpK?s=Y0<u)Qt!4sk=*>~@gx-SrM{
z%SH~*u)PrHvDf5jo|e)a+S@Wq)852A7s`#!PDFjy2)q4)^)du?r8b9NBGWc?ui$M-
z-!RPQr_)FaJ;|E>8Q{-ym)mz&k&gK$&3YT}ZHpa4M!<HvtJ?7Rp{j;{zcN2)9qS!E
zbu(EDr%7vJi%Y@QLXE#}=Vuy!-Osx9?{t{;Z(lv^Q}1z7POk?oM6A;5qA0kwpuZQ|
z!7?4wOi5sI;_oek*v15*GCj@)&m(^YfIN23R039pn`xch#)9WAqhK9mbT$&K+xe1N
zaIk4aToXHu*eisj_S=Q>%aMr}gv!c<#!JbpuQWj|qJoUX-w6_vA}z?@82XYALX1y7
z$dapD?=Hd<&4TquzVuE56!_>amK-d+4nj`|^2_lIi;E#p%Or06q{eUeZxK8h$;E3H
z(0j?QAe%2~6ag``#|j&#5y%vkk`Xm4k}Qy{{Ze`*fKvrh&O_1*f)~AM@FFCeh5NAJ
zJ`GlnA~E_wG&j*(y?s_4BYP0CuW6cxPs&yW3RP2c%~Iz3Imnlcq!-X@=kTnjKV&Ce
zl#zJB*FoKWyT5{FBeS04OTgqXpm=5<f>A{&Uq6fE-!HiO&A&W4R6ejTs1-<TTb{)E
zmIuy{5sj92SCrlQ!xS@gttTT2T1eh=%<dEezu+0NwnOK|vIOQQ#1(Q@%aruE<igI7
z42d4Wi3j6gf;j!H8b8vlK#!*OPtw~oV?E}YkJ<_qV!+_(F_Ljv@)QvS-lKIl@7V2z
z7ix=wcWN!?hirw~MZThdzG5CT&jM-_(;(~*zVAf?k8;V7A|mDc2582Ux-CDm<Dg^)
zoED)PPU1mdEctP;rG920zZ^qGE7={hp>Lq+y1G;d<u#GgEWnX&x1Og7`}w(dfE9xb
z*0}@72j8vay_~HM^<Maezc9N=YjMukNnF()@|ASTDl(sfjPgSt)@a^G8#<UEgKo;q
zVDIC%H{g8$-8vKB2c!YU`hR<S(e;3>S-PrqWba0H2roM29YVG^b2}M6k<3&AqhGu{
zg7u+zBoepS)vu&-K57485x23+zr3Q`KkWQavmPGM?jO2W)ouUq`JUkW2VH!l-F*Sz
zAK6U4KBOIuTU<bA;S7_*lSlS}C;5`)bY4K2q#*{-KPLY9jb&A2zcw{qNGXW7@y}P-
zEITjQ3?>`Ds)EnhRkFuvBzI=HPde{PE1n(66-|NN>Y`uT(;u)!VD+2?_Jav@21Ta9
zK}^21hW^?Rx?`>~8&tB8Cl-Dvc<(mRxQHo6vHj~ceoD8_Fc(HS+%wEs?yK}Cr+FPI
zd6vSaS?;7b!8OoqtU3sRfL*Q%YpPi&y4|{&FF9?X_HBFlwMe_`n!(`~1=lX3rn|=r
z?kb_YDizNvf<_ehj4Fpg6!-yELh0{?<H#%nn=2>2aIzOippZxgqTRh^c2leg2M6t(
zC(irt^d@z;yDE%w6%O-mhzFlwa=53M1#c9620Yh2&{B1)fwrC+2wG7CfjO}(@a#En
z`96mE2L=OzLxpb52;7JqznvKj1Wz%%Q%}@<Z+^$pGTtthUyHU*i04ao;7i3r3sU0T
zkJcqg`5&RK1C)4>qfo!5D?C|}>}V#C(zF;I-nZz=O=~}iBQl`8!x2eSKz2N=u*vdJ
z!udkMy-_UrF)83~u~dLIg{KKLaipAE+Z+9L0DC}$zefy9HDgfaD1_YNma|=%i?Z#1
zF8SRP;@JT3+z}6O{8pILA;Rutw|!R{LD;WVD}fWa)))NprhfB*ODq^}MFkp92fU=%
z^Z&a-GIV+v`No$ZX()F$OddGmmO=(#2j$S5`zow6GfV;<ngSV`)K++Z)%D-?;_j!m
zhC3e%>Q7bRts#N)Q4MHJt*ZjU(JDS}!^y$oku+HRZPIaT;ib{&>i={g-_}c5?8!61
zuvn1uL=Ude*k8Zb?f;L3+5hjX*M2$_p1iHS5>IYAT?ah*;c`uUxK934zlN57=C}30
zleC}-#)ngfXMVI?uL<nP4Z+0AJf1m%brWCGFPauWqLU!o;T;Xd-7ZKI%$vcSmfn?g
zI!OCvnhz5Vj4Y#OAgro^=vzg7kJ9{gKy8mQ*#|0t12*xDG@<1QaqIv#Ytunzjt0-;
z8JwtCjOE8YFvx!c6q*YNgTlH%T@vPnBM*h#6U?_Mh5AS?NGZu|<|=sBh`4;&LrNs<
z!z3iDb(Uui^^aC_81`;P!|lMMz2xLe4tEiCkQOO3TXGbuM0=Pw6kU?h-Pu<~+D!wb
za*sD~>Od;c*VJF_?XwNe-Q;aZlGD_qbCe!P!_1bS<KpIx_P5LA#N<<CG4hZW5p^Wh
zH=-{SAXYB*Q|3yZ(rnpNdWNVr=BG@S!>(e#K~HJClC3B6lv-poMg+j-#>Q>ISZ}2I
z)gfEtULHNB^bJr+&Ppiph>~p)lZ1wDQAu3eQIa)Ewx2kZ<YP`D39j$4FKw120jgge
zx<&5&ic<wzkt>y)%8^R0?1n3@O-6$1g_IF-Iecjh_)A*_kGbj+++X@R`b%FtJsSLp
zdpM;(aVPzOezTCaPet2{v{6Vqq@wLdS_aa7QPF-vS{J09P|=PeEf#4$740O_{`j5J
z&Z=mqkoE)8&Z}tP<y9l(!wex?#0Nen2zi&zvv^r%NCgI;j^XASiJ>hpn02nt0W!no
z&j>?r9Yb%K;Q%ni=@{Z<hBd%&osQwps}jQt!0@Zi0eZjOimAZhxJE<m&FXSA`9Xc4
zM)6lNpM4XRZcmtF;*JgI_Jrvq_Dn>#Ck?9lbOUvJT9koSAMU<H8DL<GukV&UpJuUS
zg9HesZ$N)%tjt)n8yy7Pv#C<rb$UHpzGu(|1Q9<!gHF*w;|UN5qK{9%p*i3Gt=7NQ
z?x)cHt(6sZ*2iX|k2^CLsAP{vN2Q6r7jf4TYMVEQs?V(P&uQd;XNOk)5r;y{e`-s;
z_3_O#qlpC+@@!Pdu~Ly?SbG9GIiKp}JEP^Q!0B<hkov^o$u~N>#lw~W3;i-j8B@^I
z{T46Vrz0hk39C*_b###`^m*_{DjiMhZ*2^sqf!5}iqaczV};YwiDH30D%IUm!8Bg%
z^-U5BcGW0m*cZUV>Y$rH{4j~a@B+L0FjLP|xKvp^AJ6iP#*~YaerCZ-Z~h1MbFP$m
z+Pi?k1f7arqE^w?zoDXUx}B)#vQ@RI=pu!R9&sH}(f>Zy6+^eK1Qawa^)?YIw2{{r
zTuTeVwe+}6YAr1U)6xkFEj|0ITD7!LH!Up$*U~?2RBLG=n3hgZXz9P!*Q%ujrIxnH
zS0pWMlCK1`^cK+4`Fv@E5L)`?;9B|v)Y9ip)UKuXov2+)e|e&IE&bYw+O@RnMD1F7
z+=<$?^c^Q^*U~*t)Jsbzh^tqI)Y1v!;*}w_bb{zy8B$9ph{INf)Y1uJ@0B67bb{D?
zWk@ZZApY@wNG+Wp?s{L=(ooJER^iytYT6{Gt`4fEJFix#>G@q0YP!j4y_#;gU7@Bg
zZ&L&){j^F7OWM0itEP8vLp6QhQ))H6T)yYERj8)>KE>jnN7WktjP|<+U)K1ex9I%;
zKh)9xzahB&u1@-z^O!tBlvws+ef9N+FRA5kwMDD1SAHK_U#A9_yPo!q6R+v)8(W$x
z?HiY4mG+Hyf3Bl_<L4JO@z9&K_JJLHL)!;Nd{wXZ^^xowaO9bWfvHR!ck!ed=~6R}
z{8U@`KyB}<gQh);H|gRZ_JoOlSYNO9j10UlEdJ|xn&#8(QZAHViY!bKT$c>aMx?P9
zYz9kVcPXn+gG_B!pI6{@rb#V7aVYo;)Wv%((ZqXg)V4P!OnaApS)cR&RR8wmS7lK1
z&R2~onrvN>0rBimmpF?axwkkxG{_wCpTN?H@$8W2WNu?wy9(@FT{KnQ^cWk_(o}=t
zQGT!><onua))z<0#JB{$#7Z7y_hwlfZc*b8OmV~|6xs#%PRKn%UQ-r#TT^Ej_+Yqg
zh{4&Be7Yw>@D8!uHawzmw=YiTPpt5nRPhgxgqzmyCAiA0s3qG<EPgAAgF><+dl0Nx
zm_L3BJzqbtkpyG`QF}5F0uvPNJ_8R+ma`n@WVoxd+`owTO{<|!oP5DM8;+ube=3<T
zZBCw(Wxd9ilw;NN>mW>H5slZN{k&D^vP*DPH=3LZH(NBJb~g*2<`8Yim#&C{R!p{#
zftOtM75SoSZ(<pFbSn@OvIn%0Th~#1<IN=M{mspCpW#i>LQE!E-fTCJkG=7u8A`Lb
z5Adb$Mq!KX?%y4rF|7K!`y0VKo~B2S$CZBWcVOkGao`pV?9ZhZal!+IDlKTsBZIiA
zF&A*VdZQm^Ulm6f4cZ**GCaoA)qNWFCh++6_mcw2*DZ3(I*41}NFsA0`h_O68S&)f
z%qDV+_|h}108bWeONpFvJ^SkfXveyp1acC&Td`9LAiq&+71^v5nMunm6}EWgfyeVP
z*od?Ebt-F<;=H3lo3>qU6D9=j)4La(e_W9i$miZlZc}^luh(gtzHiJLvUX&_<S|pm
zOe!Qo-9($!Q`0Odxx0X`=htro&7$_jK#OwO>yZ<@uWrgI6THu7jjK<B_c4j2HU8yE
zngs7OW*_{sboM*kC&<#+nzTv$eqUEkPVr90nfI2ipX6~NQoO&cOY#26D%>lmQoMt&
zO-k_&Ag5&@$@{P^Qfu^C-r>M#9kRUlVnPJ6ymx0psIt7DGX%1{%R<1&k%S1I=>3SH
zPKn;P=@Pxa`vnT2O7y<U5J>dSgrKS3QGy`3-j^FVPF+UlOLiq&RclC{>-{kJ7rl>K
zAZmeTaJO5(<4Ze368BxSw<gC6r57L=xPs=FoeUUAkzcl3E9&9fgC4#;o|cOe%UqZJ
zd`S{{gll7e*JTSoHy)~Bd!|*x%4idp*xGPOhN>2-I*+i_RoHrQRRdI)E%b6SS9Mu+
zxfQ+K1CJ#@{hI@H%kz}-um*ttPhcZB4-a&hk>^P*&t~9pA<tj?DNl)(=QQvXBhN16
zc|yx$AbXRlS;(^zd1h;Qx&hC0<e85=GqgO(z{6_kj7FX!EzeEBQ;0k^<Z)_wS_02w
z$kPsaCTn>jfM*i&RPUoak1BbpCLrw)(h60y0;H88ZJLS((rD^RvW;3xQFxW?!&>Xh
z)5r`r1H&ykhVe2(17P@<j$w|>aQqd*P@rR2DKl&ahF5e9>t%*Ff#Cxk!v`|MTwr)r
z$MCAmFbWtJ>KGQv3^rgW)-n8eSz_o243)YB@V8x&7;2UhhHknP@UO}YKLNwSD}Fg1
z+wT4r_Py89IEM=`D*+HCukFO3E?M8Zf0xaPf9>wdNqDiU^#$eJYe45-2d?TJav6XS
z83XHoz?hjK^!*Q4#LNr<iQpIcg&QtNVhti<(Ti0p$Tfmj>9^LkCaA9jAN$Z5ke0p@
z)5gE`ZW498r%D$QYlsWp#m#Yn_~-SP{k|ED2Ftrx@GfrJVI>#$5^~i7+9Q=!pW<IU
zcx;D9gSx9ajF%nWl~mh6W~S72m;4YLlC<s;OJLuXeEQ5#HIMNUnckbO5cJABC{Vok
z$2%yp8_9_WQKzzp`|hH5Ulg|!Hb(QMG4W}p{ZHOO@oA?0mPCBj{UF>zdMlo5a*@wj
z?$a0rG*uR2BKZVy?SXvcSf6zC+DrZ{>j}u0?-x%_LwmxVL&Kb>e$b=d?=)DYv;S`i
zWB>oKZs(!cStvN!;_OdjBFUzeKxBs}7eaXoZ?bzHH1Zuede&u-iEPfzaNfmzSiJ3v
ztA3)~fXn#{jh@1@74k8q5cZO%pVFKc|6FS?N!?sGd&%YxLd84L-5h`fc7P|I9^m=W
zKo9W5gR8z65^qCkLU6R(J@=ZR0OV7+!+47BFglQ{q|MFA|NN@y2HS;7qtop03?Q1l
zEZNuDRpaMN0di3FL$1eXm6jDYAjDjsk$g3gPepe3?yPP`dwEr4#`tp3=vjGXgFI1B
zq`9j7h1X|zg^n4eWf{DEYg+lG=ydB&XVWSOi-2dB+(<sqA8jn{Zr}u(5<M6t^q>a~
z&v-LCmhR#0+X-|ij3y8FMbibuP1-ux!s@~{mEwY4SX_Ht&}t6*h;DrCm76g(2y?5M
zU~B(5-J(F2N?RxJV4Riw6JX<C!oZf9`Y;?2d$v)`|1>G!{)n$22#cm-g9F$(fW@fU
zge;t={B{}}WWm^=iFBWGSX{oND+{>ue{l&sgz<sGvGC^Pff&SC-ODd0#IlHGU*MW!
z65n|P4S%;!m1BS`;xlhZcEKkZx#LuJ{JysFz2QksJj$nv@lAJEBgzBgTb*BAJ-&~v
z2s^%);rPzrS3PdYD7nCwb~4BZ)Np(^VdHxp4g8C|7c`ULDKLsRJyzp)Zy_YJwnXrP
z=V7tV)s+Z7NMGpaII~;CQeuHx#PN{F;HnUa0kbG;5x;!&77lBzs&oBPaBRW=7)WSH
zUp}VxfyxFIh~8ls+*O0aAOVL#do~Q-*p9;>L9G7llD?vFdLS1byE2#_1cRQULuFa;
zp&~mln))dc?zMBYK4V*ZdNDq5@n%)1aS3{{KPG)y<@9UOgwrp%xfcS%*uaoX5O4WR
z8j>xRNl7{yEyL0G`V>Wg+F!5X#RXG>*CWR9czdbFAN!GZz1^{)ZtLx^_v#Q|s;NhO
zsSfpscl^)SBW}zEOj;j2L%MD4qm#xwI(FowQDB)FTWPZdiW8r$Q*q+H?<R5eD^ASI
zGF&Hid4{H~6xNKIGG^o?TCOiWuA{I9rOF#+r?bQDvs+KGn#GURp=NQ550Yq*?fZ*+
z{xda;o5~`$6sInNZW}XsBvkSnO}edvuoj9Jk1QB789K3kMT~RSqbVj_5#vQX+Fe)?
z<Fvm~#Q5iq0w)$NNzxQC_HmpP>V-v&yIr<(Vs-^tQB*~Y-+3*senpILd7CA*QnLMD
zEn@usTPVT*UJ>IiOoIQ%ix_Xz7cp*3*Zv#0s!LZiMT}wof|v7Vu4;;^vR+eq%T00-
z<H)U}Yb|1YvT}5-MU1~eTF@fKA0aJh5##5O7PN@*<46ly#Q1)s1ubISA8A307~hDr
zphb)uR_YBflHtWyF}l{uf!`r5Xyw4qkXF|s#{IlWp^6xH0CMd`jQtCeLKQJS0_56@
z7?%UN_9Dh_0J-)e#;yfPp^6xf26Ct(#sh&NR1xDFfT8vx#*sj-y@>HKPg1BN##?|~
zuOi01Uy$%kmlsfTl|QT~V%(Bk3{u4S+Tx_}MU3|^#*IBKVw}=QQN(xyy<J_zc-`_#
zw1nQL%P+Aa#_uh^Bo{GWuvm)Wo69~Wh((Jf(I=5lQW4`;w1}}(FK_hnOM&{uC&#n>
ze_ELR|En`J=fmI8<-h$Rw7+xZtM%}AQacBWpQ9en77e9@=j4KcmIYH3F$Oe7LEA44
zr06#awph6~AtUj30`l>^BVMuzUdXNm<pkw?U$f2h^|5$5`-Jm3nA9<{fcha5SkxZJ
z{EP4qbes|GK#ylC4kVs|wOkM%@62I}sXn)?goB8`iKSf?x`JkGdX4JprBv(CLx^ut
zO*9ewf5!zHCkBCKcntBFuZ1L^e>0vx{IxKB0LzcT&K{D-79Jr>lxbtgbBABy^m}uD
z66gD55uUU3ETEfQ&EdVXOMB5EHX=+e?KnELq$oxOj%_U-p9g@9qA?YYr76*Nh0L<*
zK7$F-o;`DYU>8o$o|;)gw3(O?O|JOtaIX(u@i~BMTZwm5iKZ2f898PAbb_aaj*@&2
zO#}I;WLZoyyJsRI(fu4tln%eja;{oG#Yn?sWzJPWQHJ>l1s2hUhAN-qo@l+#5hM@g
zbNu=`0uS$dI^c7}FvD_=ji(Xd=>3`C!-jtle3-BvcAP}=(4H|m+-}#`KYm&58KZ1>
z8`Pe$29jrtECyZvErs&w+++0K-iC1QG0L{fpmmSUe@X2gqihC)+C4_I&68Od`^NK<
z7-}CGy^BWA1v0Q+#2jVnnRkU#U^03I@`Ks^TOigUn`{#Sh&@e5M!(G)sJc&9se8!i
z9|WXbuL?Zm>1Be?mLd?Fj!)uMPilgo;z6XfRMAXG8-TRyRkZ7nb`#P%sAz4F));9w
zs%RaNcKRzyi&xR&khTYDx2R}ckhThG2`XB5q`ic+J}O$G4j47MBBigtp@eAE%R1-B
z>}wK(0T>?DA&3`ch9fS*@RW|BLT30H7*^{T4$2I#0>cg+!w#8Y7BGCJWB5vD7y%3)
z>KHzxxzh;#1M=%S^5m=1{q2AuPltjI$_!WLf{0f!sL`y(GJ+vkP-DJ$(Sjx^|0vl)
zV-)Xt8c{;NxSx@aj6xW&f0V+I)9q=N|8-Q*+-=m+((q}8qvc@^0S&AL;_qHn?lyX@
zYMJCpIlN4n|J5rYnKfQH|EpJ#yDeY*Xc^1@$^?BaISgK@nXEal@QN<~>&npnimU(r
z|1p2ti8yuswykW@G>Qv4hs@vh_6tOhRDaq{k-u%-3)=i`tKP@_Z3&yZ1%^{^#5m&1
zBSYkGoBf#PJm<^0{I4rQzmJK}|6}Jl|NWbtTkGIh$ltlo>yjU&Kyx1cWgY%q5eEN0
z_fN#54tMI}QCCB2Vht=FwE=v4Luy;=plu5hk6QDnX1=_n%YU*wO#YK+|H*jNv(Sw9
zrDkM*R^NEk+coW3^`f>t6W<Hno~zIN-SHN$9dF-3W1f^6<NCA?<L&858h@)!{*~{B
zIsY6+e${?!2^ZLJQ42YwW+D5nNYFLVtafn@&-=?LUUE^q274$PS^7O`E%_2fOB#VK
zHQCn|;$<tzHM&o6Z7~9#vhgL$sn;ii-Yk$oP1eNE<TVje=U%YMYa*c)sq0-AY3g08
zi(NZBU*d6+cEv*ZuTgeSYDcmL`WJ!Xac_Ypz0Kj?kk+>Ff&_TRIeKmcC%KEFf4u3c
zA1i#jHh|HQ02#Xh;-=mK4Er^;zPe91+(*;=iy7K~j@)8*&x3FF%6arAc-5G-op90;
z#(v1-A5Wf}#&?;=Zv2<@TaeQSd>-7#2Ixt<;V_faLY?|7gF};!Ab)>WDS6Q@wz6l7
zpArID)amblMLU@<eX@pDe}-z7g^&ZxyI2-qaQ_&PeP8EbvRBz^5M`jnBvL{dFiO;=
zl^=bEXpN04m0F|Z8Ppotveqbm8@0yeub`q=pOZ!boM)dbvZMSoB4yosz&RW^X`6O_
zMKz2sR?cs-qXR7oO`7z4na#Mx*|XM0MFedW&3}@^@XfF|lXM@v8K51?3GT0A`3NUy
z@)7=9xBkBsX8reuT~An{OVUU09)><Dq{rmf<+UV_Pkaly=DL`Zc5XuohiOZ$-_(sB
z`-Aj71!SjQVMLAm$LelO=|8z%`ZSAt3YFg>l)l`1f~;TTrS)sm2X$D#PLJ2r4|-mg
z|KN=<`41M<WBo$^o}BN!TO+!9HKF<5X-zzj0gXfoCm(hCfzjxU5rz$OGN5gU`8;59
zLfM(ki^jgp`7D}zeqg%ymqXlp4qvjuh<ize%WuNAWWn3g2>w8bVK+uW-j%Ij7>cI}
ziagE9YDHe#rUYOiJKBdK&r}tde;~f4Q}ww4{G&03vHYXE#`1-`$ENf9wr7-XE9`tO
zgI~Wp%dpYj>9W22XjG;($yC@ggY2}%W^~$~;oj~1ncPoqi51=$%)xEj$ZgIJcEc_^
zn7>>bO}^J5txJr<u#5TYd`+MreR6MTbOn5De`gzRIma0cto3~92OLd$m1V8rOZ<>^
z(9_L6p(2M2AV+jWnk#idW9JdOVGH<B$bRR84c9}J-JR5|<nS!Bp@T<^ezYz8gxwPp
z$D6MgD$9(Ye#i-iv%=ToZ%OtUe>?n&aPg#&xC<`9hmCY8q{Vw7DPVb3L%Vycy<CjR
zO59p}bPm62&scua#<6^E*`Itt8EG~7Cvi{J1}b1-Ts#6~Wu|^!Oe>_PV5x_*l9m*r
zHGtLyb+OvLBhA#q3RYA&5-aX;%Nb<q=wuE2cvErn6zXJ!N&#tE8T5y9LVHoqfUPM;
z{AOVi?ZLch3O_0lEP=@~0tHgLP?rXGp$5(b$BMm)Koz!jQ;0<1IVBRwul%5N`qnem
zB>PMQ?$R!=Dcz+7MwTT*=PrFcR^=}3^*7w5A4Le9XrG~Vmqr-S*vg!x&mSe~=*HzV
zU>zN!L=h2G+~@JRwYf`a;hhFLcWKR&YIiAR`_&L|m$JeE%w1X$%w0<F`Nj~=T}s)O
z>D;9=pH#a`Dcg&NfV-4Qz}%%3!Q7?vo+k|9+@+N5Hl4fl@;tS>l(OAv2)Ij`1jPXf
z;A+5KiqADD+@<tNI=d1mg*3#VaF^06IR=$!&d--DxQy}N?^Ej%6fy`{m-+`UYtZwm
z##ss!z%_)nK;<lz!?2p7jqb-4^j8L`Y*@FWeQO=kGE}rQq`itXK}AbP+FYdFp`r~&
z+E}CwQPDDymbs#KhiH!#wL3(cuc+N2dSQ7jk=%s#AEeDx(Tb3^0cmqov>8Zy18H+r
zwAnhl-<Pb`K=%T$m+9<XyBIkZ$eVOzKO>)hG^o$8C972M9grL9tZf4s`C}m8sv~!)
zMxWs`KyFv9CEv>Ko($wJ`nwtVZhE(l+>VixfXwU2JaeaB2jmDH`N1oA_k~G>JXGiH
zENA3>K>l1uj$^&HW)h3Xr<QS8r2*eJ3FQ%GzQ`V4JlIStHgxhz4$0PDa7g+Rl}^rc
z(-cn5;ioS7eUZv1eLpP_y1bQq_C-@~DaMwqh6|mTQ`IEC2VWx@Jpj-w=<R%Jnq)03
zo|eQ;Hv)VsIatUuk${*-*+virK|q8pkYAJeLx(N6<hNT7qd#<?L-zC*iCyLATc)8S
zc#Q+ikCwQLe$D=1q$Zxtt;_%aLYVyjPt*hNYU(M@3SCd}o`1fcq7u>k`LLq!Q9WuY
zuGp*a^Zg^W6!RbcTeTENEk?hdEle%N@#<QNxBZP;iYG4(=ENr^YilV|Z&jd{;(Z4R
zj=6tXSE!}9e%jx!rI<YDf4i3As@eaq)l!TLQ3ok>EyeOTM%P*g>20J1t%Kx7TF^R3
zk032*9i*X13t9)M57L6xLAoAkLF*u0dwq1Rb&!5RT3u@?PRI{gOVN=ZvX<g4`5|j5
zHq8%N2kFeXkaduDjSEvt@uP7eYbh=o7qXV(W8>;uOY!hz^rbyMsP<ZlUrtukQtWX2
zQlOUN>y!1h6kjQoYAHTfs_>;voh%&<m^fL|UJp%H)l$qWMPHgP1C`m`?JxTIj@tT1
zIcj}YF;`dr=$SC}kEZ|s=s$a>k=lPISy_#uqjBi^M>C=R(F;mT==7Po`bUdc{iF93
z{<Cw9&^UR2dZ_wG!!_qOp3v1lS{SDO(X{aX48eVcyo#*S3xy_tI|qvK2;3h<WD&27
zq|0I;{|nSB7d#`44$mBu!+NFgMk0zTpTl7>c`g}hu1(p5>^uYKwuI7yg|UP}E0I^d
zNS=!|$zlBA^E#5p83T_~Kkq$!UIBYv2leAJ6_2yA=aIoh8dW^~5w5VA;F$`qLTp|{
zrtb}8rj8|h!&uHhHiW!^C6xpeG5Kg)4s1sjNHS&uXM1C?&_geClBHfw$M0pqW;Tjw
z;mA<qEYEC_+U);K+$J9Hp1|GVjk#U0Zg)anj(7u8OcqF?)@3I@7Y@hR4LcoO{uHb~
z3jBZ{0fr^OZzlulGVG#|*F|P`gfk1zrlh2a&H;jVntXy}G)Qjwx)H@f;;2!0YD!p_
z>YOxT(xZ=065QF4O5k>OYQ||7+)aEpP`eW85jZ0C$gHG*PL&>etKi;`108x5_J1!!
zL|Kw2t=gOIcMq-h^$w`ZMpRvP;(Tus#(z`B?t##=Zfn?5npRC9=|YEm)Fkd9@;3Tu
z&Z5kjhs1_Je4O(3Te5yIAgIUTk9)hreJQa_+_$Q4AfdTQEV>@Yi772rT`!A(zsJqA
z6cwy4bclJzne493CK?)uX>Tjbph^@)!oJu=cK;Tz$z@qj7iJGEPVLDR{SHP;!J8%u
zR<ZC%R%w~DiDziFce3C8ShcV5Iwt<m>e4-PHbO3UGA=4XT?`<vLwY#aF@0|dG>7h;
z7EPF)+t~{ym|0l?BzXOtAMNh*ELr-n?fp5ZE7hBxARPwvN-N12cwi)GoGox-%I@+T
zoSn!5o57{ckBSqXxJD}z+~k|0I5p>M?Qox@bz&}yomSX5#^t=z;l9z~ong%K+)Bs%
zK%-DO5DfTa8O^ic@>yU6i}9C*<QFRk(&>R20>$ccZ8=RzlgbPeGR)!zRHXMabG}#Y
zXmS2>0^97_amk7nrxo_X^F<SI`(^D<R!DihQoLS^-MvF_pCc=V!_(j4=}OP<ZtEX7
z_{Ec!!2!P~r!%E!_aw!Ebrmxh7Ld!37#)5rirz;iK1JrV%FZ8lcbVONK%8b)piF6w
zSah@IM$%-9++>(GPc8{^RBJN5*g0@9PBjDG10i@Zn!HEfQWa$xQhW~*%JVYBnE9}z
z`6oY&V59Nvse!5S0K0g;Un=Hv4ya$V+;xJd7d1J1M`O1&h4*szv_R*atnAONGf4e%
zBG5Gtw&wK9M~pO>SvM5F5HcQhH@2$<v}=nj_*>&q@KhprU^bxsVe%{AK4}5fs<BNH
zusf7*x}i9)DA1TTmH4KO`Zv9>RgmU%2%Pa?S2}4L_}bzi@A;|4A>Z=~5TT*i{sGeJ
zS5=fZkP-=$#d3c<pD#sAJ(Z6=b3>{kxXZ~d#-=K}i{U%$C0I2&RP=`_B|v7*|A@QZ
zA-KhTRu>-<;6J@Z$-gWJKfDPO%|SmnUNt}XRRb-M|MB5GDmM?fs%3e_Knqdjn@#sa
zzm5BM_(0{R;^q4xP#GZWvgQ~4^8BZ(;a~KZhm%!xh)L+OTPVL2W&djRBL`Q(|91YP
zZ;6h}APVEeVFGEqGsyfO1_8|A8f4s*$IsZlJ`Cu3Mgp)U+o@?l$wqlz1|IkRz(l9(
zm|y&L1LEt08xTFYZbO?AxwMsCDj=5_-YTAxz!l~=JX6TeU?MYb(Gk0Q1O4c+X-ftc
z&#-ZYo$V~;6tb=f&RQ`rfh(S2#;05A`1JU?Ki$j~r*MV$l7}1X_;6F5A08<KO?cg(
zn4r!{rMR5^eVzS%k^Oy!{dJpY@?xF6%ylY<6&LX|<jrO}{x|ifnHwrA!T(5s9y<db
zcl$-Z!%!`(4frE}5fV2-xh>BG8sHKyc&3n%zDp<<8`|C9*~`zw*b^(M@yxv|ZVtby
zY%D*iOzV;y%Rd^srerXO<;3|pkeRL1MR4)9w34rIW|S}72;SPW83cgOrcePMN`CX4
zIB8>l4xTWTKH+DuWf<-5Eed=LPT><-hO72Yf8F7Y8tt%7+`>7#WtIM3IF&qVixD#N
zkT(7%zB%{2A0E|B@hH;$*=gQE{;}zu&ZfC5oSzbgbShE#Sbkp_fjVvNhJA1Z0ldew
zSP<n%s7eNKMnsLLxzNPn1(*DG_vTLxzKFy<P;<_;IVUKbS)|5if_pEVu`t5+jvj!p
zyRT*>D(mwO@g}9*>Fu6Mp~Y!2Yhn`AMoAG|TZ{xqq{RCH;KUD@Pd-9&Efd5Y(G?R^
zzc;pY91RxF^rn(qDia7b9v;(xJO*ww!i~v{Y9m*i$%KXW*K-^-78j832@uF+<Vy=k
zqaB7Th>p!Fllf-f4L*8^mOzmEez@fKHDO;4UG~$t|NTP%W=@J%AMM3KK*04<{$^Mo
zoVdRM+qCnvSOvy2_a-r|0CAA@R@||_9(&O*>A!5qGEh7{p5sd}F$t}q=$TI5cLeD}
zdza1j@~aUPx<wLnhG4x*Wnl{}2-wd#Qhex%UN9GYk)*>N?i7c6hLMb*cLn!AqC9WS
z@{BdwyZlwygszT9#qP!D{aJ>Sz$L&!>YZv9%Luq2P|yN}V=4y58zjsJtD^Y!$LIa9
z{&`Xm)xG&}FN)?S^igUkxji^jDMU}1W8zCNY^#CY-B5v6v)nh?y@QS9$BmF?0p9(P
z__X<V#zVe8vOOL*hA12NNq@_&M63k6dvHRQdu#&X8kC$ie{eFnC!b3zo}JGXrlj$v
zLF9!u8*C%2<ktshlg=XF2ifeEgR(jL>x0PpF*t`jB8Pm=C7*NQ2?oJK(6FnlfYym@
zPB&7p>k~WCRgKaXDZ2vR-SH-1ZAsVG^A$Wj>860%*t>|r+A=@=Z;oKy%9mVEt7HCP
zCknW{I!ah8DK>%ss9bPW8z2?8YY#!>Q4zw1IQz5kzrk)j>);1h2!@RgegM%-SA;G;
zq5Mh|x#<Aeyuc2HOaZdBENp6@P+cJ2KL>`vW*7#?9RG*9cY$xJ$`-~?+7yBmPRc`q
zB9x&*0|*Tdr-32~H1r%e0TfhJ)GAW(%|HUEJWZ;c2|;E?XPnU)nHiny%s8Xh2O=so
z6xyQlR1rm>puh>CP|Bm_(dNI_+WRCYZ5f<<@Be<^$L~jT&ffd%=h|zpwf1^Ea(cEL
z@(L5w%wf8bd!QT$t-FDl?J^8w%gbTE1)V$Qj$N({%Vmfv-1Wo^cFJ4gT|SjVp1cWa
z;V_v0yK(M4`D2$C4$B`~Q8)}|e-X^S2LKIfE1LzY;Bk!wmU<X0gLm=-RT;+D!2|2y
z;p^a?h8eIJcf&$>i}9tn0)_5CuX-_R$fG$n1wA)@EpSR5_@82hSu6qii{%>R3E@Qz
z+U;`yT?Hy&!)=-km}C}x{5ydu3a*w_0K4h%8y<&4RdTA_%O~bi_!1fFe1oaF0Jt^W
zkI1D;3VCv6bzGjL-kl4>&2ujYaH|+MOIW(7Sn#ccF&5@jGth$SYoRC~BP7d}h0OOh
zW;H<8G;F#7E#2Uy7^^WwG2kC|7ghc8yv|Evu$&<$HpZB}q}ll9|4biWB_H2mG59>S
zQpARLuRgj-#=$+299xecGqzvC*oyR_6&XfW1OqGL<0|6Ax)(;(HaVy%`~<Nv^bjl=
z!rcSF!2}0jmZJX5B0U0dI-6u6Zfo;c$>C8u-YgQdb^ka^R6xMOsDY>X?_3L$Z!-Ck
zD248YT5Iv}mefzB$gxa3-Fts~T71HsRU*#YQX)Q31&3Y)4!!>FwN`=0zfnxBmO_mx
zI6V)Z7C$b-{`H0<;mHQU-)3onsmVWF3KZGkB!rix;tLxk`^^omrAL-Xq1&yl<-<%s
z1)Y+5e;qg^N~Z0QFybywNH)P%*M3JTQ}q;4`+~M&M17pG)pDp~>_6D~iMS(|5jISl
zm521PVIZI!({hZe6PgcbWxh4Z3-b`&7q?xE<K^MC2~`WcE9^jT6D$-V5@{oOtxgEV
zrliE{Go3nJD1O}NH68Hw{(9-5C1aL%$@hluJ>~8Fg&RgBo65&7?{bYCIch%b7N0Ny
zrL)BBWDUhDBxi*fTuHkWR(WZ`5Me=72KFm*&^#&BrK21+kC5xDCC3iMw1Xai083Xw
zQ>?Q3H4t0?KIL*Gmg#j|gyxWlGTRKR5-qI}OYZ`>a&JhipV!oSQ6y@BNUDww;BaVN
zx-cgjj<B!mwT2lakjcHPIrReYL{lAT$ePn#3Qe*}&~Yhnuv!XtSqlGuDLHq}>mY@P
zQIy!|WW2UODknVr_m3cg1Z1i0EgnG9o^m}NamR!<T$QvwNqrt6ZMZ7-P@bS~N$!DE
zsCtTof3jLDN3?vYvSRYnuL$GB56t6A3RQ}Xg!*!W-OH*mo&aXFp^Q!}qhE`RE-a&0
zi;Sz?YLz>p*^-spSc=%9=r!V+eTDFL554s$6xT$?h#w3aR{}&{Pbsj)B#ED#3Y;s5
zoJji+m&krfTvIDKx6SJp(JU>=XCRQ_T!+Eht4@ncT(ubJaGPYW({9{8SRiprxj{Zg
zA*2tc;hFh05YLj@sDvK0;DTYOsYpYb<lHg$acLbpV&lEgg)%3UBz3o9KcYCB#An*2
zqZ{B$xZ%X2GeCa!m7TlcM6FXyN8m)Qlhu8)eX|^COe4W!*hDde-zQwBey(LMKr-hb
zoT#K&Qy6k!a6kJ#1%vsWPgB$e7>pQLL!{rp9H3=Cp>2hQYM3kz?S(&?2UrcwolUcV
z4BO|+^4gC>F74rC+N+QYgit&Y8gR7KJ3?gX`L=ULP%O_+rNE&EDQx~#iCcWUf-xiK
z0DfT}&F{jW!gsBtIqa<S9|x!vgKyA4GCyi&Usb5)!9i^Xdc=Pw8YI+o)K?;h3xcr4
z)4cYRu#qsPw;YJ~m@@|UXqp_aRMhjZD;i)suP`*f3+3~G6qcA@z`unrAXfoB*y%qe
zJGc9?Xg?&{Yw!bezsTZMkIMD~VvzLV*y#W0KMQ2|V-{=~n-v3Q%G?tj4ZlFf0Il+7
z$Rvj+#ijMh3EGAMumeqP=M*6#0t6d43KNvMj)5I?a8lU(CgOFEV~c^m8VfyLUW-5G
z<#HfmQJmZT$0TQy&pJNbW!)+jP)5XzgE))pse~Sbp6pZXHNK9?)ja9L9v_|<E}+Gh
zO($t>L$fRrtZhdODheDK6s&-Pkc;e_1*Msf-;1YWW{#rvR@5hvK7WrNg+}430`<XE
z#kADvht&_IPCv{quK%xa{eP91{o^?MZ*qQw&%ffV_MeIU1`b(umMmzu{^cx>57dl*
z!)U{3(2MvPkFU>V`<FZ}xe|K9f+wD0KZX%mCFe$B_2%B23}}gQ1MH0$=LSXlP|mqg
zd<GRkW#?wteVZu?rgN(#78&ARioqj9=kVB<FQc>=s5}c)Mu9vOwMMeTVz5@#a>@S1
z+(Ic*ovx@c$zDzr&VFQR?wEU){D51$rV?0))4tBMPfwz#Ym}ZR(b)^dW5tqMCx?d(
z#t5CxZN6@j{S+1cRI^fHWX(}`K3uRzRu{vEyJhEBzARe*IlMMG1R182m@hleioq8N
z4Y05}$5NTf=sNhwQHF@jei8U%S#6}V-q%?|KawY~m%pKUkpM82>wL%|ZP^@zw(q^z
z7By<G_qC_&3))P|yO;p54tEa`cpyEX3h#m5n>C=(tj!o)fP=sN8Hg?KYXAp^<Ip8Y
zDRGbeCY0+vzwBSi^}d_TB%HmaVI=P<H_CU7_&n582|aE}@zYiS$3a`g854u=6T;nw
zxE^gGW@}RT5!jqHJ~$mUga3L{lN7Q@=|9t;0?60=HR!PLDJ7HxyXvT8mv-z9;>^8}
zfB~r+O3M~x0t>Bel!pnJD20YHh3unRe3eVUCJK-$NiWs_pVB5jhf{k9GQFltQphjp
z<+rcG3GxV779|$&Evm-D)=%BQF_IL93Uai6+`{fWJbjJwdcNIUUUi#S-9&qh-2)N5
z`~gYcMt*<_yS_e>+7Zb27s<G39FQIv{VCipE@=P@X2-Im@JGzlerisxwwFL~Iyt<{
zGf60#Gnq^R8BTPkKvv7i-vcRZ;c0w;ZUE}wK=Y~%+A9k&7GXe_14`;gmyrX)kX?q`
z5ung_UP{D2&C|MYS%`9ds=R;7($Ru%FcUCCFP5{0o`i<hvWDEPND*0d)1N{8&E-v@
zUhIkvaTDxg`yT1TY9q@%#>83fGl0S}7?TaW_D*233xMIg0F1+k1O<_<h@K0QDFS4{
z1vm{ePz;<o8`<d!w08qCzzgeS|3+5LxF#m5yRaiJ%8UHj>Qk_cx+k%xtb%Aa=OAN@
zvChR@e9rP97i<%)E^E@)h-AYI6nJH0=mo^s8}S90J>R6{eVJ%A=Ok)`FW@a%r^iOz
zsZ~y>OA~dc*9-h{w(LCaUxzpDba}FG8pjukny09<0ChH@##~EuG3-@97d=;}q6-es
z`kjG-_fBJgN54tIAj!mohD5RtAs&QmQtC7{7e%wREkv^jhH>rXTh7N30{TN$u&$C;
zF*X~%Y>(2J6x1;`7e(W5qlmI>`Ph6W#j`TjE7{4wg*2ZnaKYs3P`b<C6;>*}c!m&b
zC#gSml$Gmh6s_xL298f-WG8VSTH50zUqcz3T}aUQds1oqkXIl&e-FIiz#SWvkl#X1
zn*p%_$AbiK<ODFQP3qUKrAL>z#5HgdKVI2P&K#F|R{)cm=`flNZS=sr3_=NUm25gC
z_l_W+HNn}Vqc7hRme6b{;!&&o`;GJ-+7DSCXZAx8_}+hw1Q;|>ftoee*l)e2Z8+(>
zZyO?D2qZZEc5A=I=mZ!dBT{Wv!oc3DJz%RWG+9uF81m$YC6nsScf;~#x+w;1Xi=^*
za#0>)9SaF@d>v%9mlW{iTB3-5l+es<ul=YoP<Evld_4ot_KQ;FV!9N#XrlGo0sC^8
zO#xmgB~Ui(%Tq9?urE&$k=`eRi1f2WFg*MyuFGb+)dO(fhvHZsGW!VP@iC8_jZX;o
z7>p6eFtR({av#1G$@<5#Q4TUbY(C457EMw;d1!lSQ7B3si+$!p8`E#KAsNh-3`J$l
z_o9Rw9f!c4%9JZNBQ%g(>SpxzziI!K*Q)*3qXzr0K`HiMtIz=KTHOFFkT3Xi@mzF=
zy5yjXAs4EnYPqQJ7CDv;gj`5)?hut7ZnaAe^RZm-n<a;SD&eeZWIp2+0B&JQ23^*a
z3!oVwdeOgS$aR(sxoGlG$frjxzh~+Y0S{@5dn7;;kM{sQUXwx2x%s@JK#+98ZPC|-
zX7N{Ao!?!a(p@mWZt>%dim6QM-9U1N@68jP!+PQk$r!vLfl1it-;49BJq+{9L`7Dw
zsS0NoI0I|!&nO>Yd!n>G&JFBjI6Yv~0e%BEzp$f)P&e!ofW9^`qI}u8Ukpwm;fp6%
z3C(Ws0?X<h`JmNzH3p8C14R}~^dmx^T>cUo46I<Y81g?)Lk{w&9Eqo+)(0|~6hpp8
zz9D$L^E05Mzri~$am+X5ajJsR(fepyOnC@z8#Yf=eT}dqepuX*LNcE~f--N`**H*)
zxE?k}HtxO!_E6Y75Mf7F2g@p)&0*L|@L)yXRoS#D^yPq!-M|550s=}iDF@<qeAq}6
z27r>dWFtV49c7ojUjtSx+8;p0QKR=;e7-P_eiY#kPE}|=z$_5jXNfU5t=MCTH-I~l
z#7}kv>PDM(NrAe>wE53z*=Vq~?BX(<?iGlLyy4fE(uWjkerIQt44eU08PYz%$;S)C
z+*qF!`53GknPkI0C+Tx8eByi38-ipsmG{CVHXxrMhbF;bG49K~8d@C!sjJD(eSkS+
zam-f|0AxGuK*`xS0NGEl+siJZGB%te0{)1~9!MdwMfC1d_mq}BS?UGq7+P(Jy{wO?
zvp}jx*~kXiw42R{kRCwY2y+fzaa)>Q)1gw75i5$%AGrW?d6ME440pUKqXG9{-ed;c
z(uYWHt-Bpz=fww^0k@=eSc;a%qi*~Soc`G_p=1^qu6Rsj+FH1wnYj1G$?R_H?rWRr
zE2NyKxpaZmRw55zl|@9M1fDVr;>yKDKkatZcpP!ZUf}uhCc+xKb`?5Li<iqY#+iZO
zp5|4LV~o`>ny&%xl@Gj^_SCRzNptEeJ>elt2q}QXM?Puw^~5VDKy}D(qrCuKAiSBN
zr|?|*FuD1*i@~-gT=gb7(gd5Y$%Kay(2L{4!yM9v#O4Fa(b*(E`wQH0>l4S6>693F
z0h3D4A#a>527kl0<XJ}I0S41PnwdDRY!lSNv(1mIUp;`E^9SlDJFA?Nh5#dif*A`N
zmTJer@Hk-R&55(iZH?|A&FZ?;K0Wg&%0$)OiEfoX1PK5gdizV3##S(`7?P42>Ar#&
zVdeY&`fNOw#<?2e9`f0;|6wA#1T5)JDqSt*3F<}WmVEOALzuE9Mpv@J|7;~RLsCZ0
znC$B+V{os~(-K|<0$C?Tadnl@T$cjN1)P6kc_imnF<3~Dax#e<&-3MR;<zKn3KHbJ
zD2bjr#dIF<V;vv5)i=<%8W!z_2a?1C%m$zw^(2N>=pOyOfU>6=L!uZ|@w>q01~0Bw
ztrTdq&AC^K)TB%C&5|0G0tYVvTd|eE3f3!Z-sac^gHE;A7p<AQ;m_3FRv^ojuaJbF
z`V~H#cjFb(ZammY{`3_L*LMvtyRs@umGm*8XM|<o4UTxjaIygFi_QhKu3lV-M_|fk
zNL=H|02pH@qf5aSG=1@}U~R|0V5I3&`KtwVyO`p0(VSBvo-9Lw6K-MjU`1S88wpjs
z$rCiPU9Zzk=Q*jeobDbzNgNOeez9ID_V>)gqeTJ=AWsYyrL(2UM?)j@7=iTHEbV;?
zNc1S0{-aR|c^+|YX1-@phE$pc-^Jc3Sta$ZN4nYBg52s$<d$r@Aos4D=q%VF2D9Ll
zZANanh~C<Bzk%NBsF*5|Rz|7-=`9r6?$)}B0>?3GK?LaHZ12dDTwh0qvd3jxqVExg
z8fRl3R_vRao$wpzgg=r*GPQWZPYe&tGf2~%TNRR&)dJxgMG?=V<8>*S|31<wn5Y(<
zCS<WN$Au@nE;5=}j7Wq`=d&55b!Pk!*d*pY?1aC^CadGJ;XMYwxh<B7%u^hDjkPcN
zQ|zBiKI9jOTHI-3hf%J?SiG>gr(A!S(TVi1k#YD-{vA5;^3-y_)~Mwn&6cl_@jJHr
z4C^=1NH4!i^zukfFDoG=<NZ@p^wUw_WaOhcl31FBgvTq4;55K1+Gp%O6^~>17YZEM
zeD;v2UMn%r2!I57v1tK9O`jIRpgxq*?U3pIayxK_nTn&*t?qCytzP0m+Q{7saa2YQ
ze4F{Nz)gWt)OX10<)n6%JcRimmI4cNtb(rxlT9l*wq|<D2PL`|TabbjhF|j<kp;hc
zjgbYjK17A^b<ZHsExz|Gcl>s4K9L2zo(BZdj;tZdd283j@?vH@D>!`seT)08EED)|
zjPKI9K+tAV+w?{3a{Y5ljHYPUxtYH3|6BLJ7gFzkd$e-@o1l+SP4n`1z-XqCdIwC(
zZr^G}Pu9n21_8Ro;A4b(=2_?#G+5@l6=PlQ)TDSBvcQgAv1^U+6W<7_R=P6kixg==
zH(|jsgiJ@7i~@krgocS~W*a5cexj<hv2X*DSfw{K&gxMk?!ZCO19jf4`?EEDhdXtz
zY>Ih%m$Un1n>YOQDR1ve*;F}pc^4;fV(P%2<Pv1OTG-Qq;woaL<oHGzuOM*OjiIj8
zc-1e_%4cF|U>`1Yfg?@+NZ)L7{r9xFG<w)bDn?((kr+(kW;mK*SM5`JZ^re`O{_Pd
zhHpH;FqKY9+%1<R<;#t&mM6cxrF(q`qSwU9DHFe2e#N8TEw`c__ix@W*ES~Zmml-$
z_sdU@`ET7XQ(TNTWbdnvgVh^D^IYD#ex)R#e6ul0US)|Z#*yUt3pma3#saToHz9n5
zJr+Gq3m$BWox--{qtUM=)!t`%PM#b%+B81g<r6l+$K>$D1|)cacgaRZtSVg~-OXHz
z2ZeEP(azXK4cL^>ERBeS@!^5lF|kl>Ku!$NH1J6Gp-VH;(E`p(2`$kS^_bV$I42!N
zyTEdFWSr82cM#uIf!CYM;t1u7+RBwkQ!RyeJd_vyhZ~9eC9zjq#Iv0a=Xba;r-625
ztXp&WPN1RzIx@{0THHWkjL?Ns=pLAjZxv?@J93P71hxD3Pos`}sxVpgDApC72^>W|
z`Nvx7$Y1pJM%_ne{oJb+bu@Xamen@s!Pyes3AFwyWX$uV_-8oKT*L(fxXT=Cauuyq
ze(@3%5|loIj>M3wO!um1yy5vx^3D^6@k|IQXBmS`mmqhuA;#w%1!}k5!U9G89++4B
zUf=I<&f%IN5f6w2X6akJr-K?C=d@n*^`-_XaM7~lD}Z9jxJ_E+7bs@W7l;SLW8#3_
zM@!*>X;OTvw6hWQ=9qHnS&^bd)39RKr>w`saKU3~G!Apq1l4@Pt2WBclZzGtt@9Y`
zuTlZLdSQi?L7AKY9mcemXrwG~0hsnL8PneXc3QLRfm6I3@U&sT1F%_ICaO=uGj@aa
zv=3g+m7CDUpu9=ic@cdSbe#}3kH$U#%VBPUqKn8DV<d3J;>zC;!I6Y7R11J<ki!Gp
zvT5*!a!zoc-8fl^5j;U7K-dGoL$DLae8EOA>oyueu58~YFKaZ29TZW~AO-tQK&Oaa
ztx(kfp1Vv^bKvwkDUqh^^Yb7#28-Ir?-tD`nj1K^icj(}iZR{sQGn$(WD+NZuHr5Q
zTo!)gB}4aTS-hb|8d~>zTP%Xe1t729N(1Sqs12wBGKvi)!Xzl(DrwpI#84zri7;nM
zq4q2;4NcTT@c(WYpt$^xIOWcZh$#3(dAZLkC$-|cskCgt48{39(9^tx7(@eaI?GRJ
zovD-<{DF{c7r;VS;o_r7b`+gL%k~2tTzC&<(Yw8Q4`HT%kCY-hHVaL~8@VhVH`o;Y
zmO7Zy{O)A)FHB|4qvjwEM{6-0kq_tLsSJL9REH8HSul}b5vGxxA*RUo@8o5dQa}Iv
z@}G;$)}MWz7wf<S1f_8=SC(ele?O{roL?KMcO_;lm(N%p%vkL2&E-uthA$8TQC#mO
zmId(?V>c~g5ZxLv(O;+_CuS>Ih4MZrJQjGQ1H4E#5;$x^(IcZ&x#w2I9#3*{-|SYz
zeb+1MVZ3)fcFS3y_>RizacT%4t36$kz}lC@`b+8_JUdfC876WRmj!Ot%Z@-yZ^dH;
zZ@TS=WIHMHGYc;5ZfGRxLLn&^8Zx(kOdQE&l<aV7O)gn<%a4~!F8DolB>Dv@!=)gB
zq`mI{OZ55AQ|R;K)>Qgjzu(MGs%Khs(%hOL&22{YOmaTbmaAtTzp<XwGdm`{W#O(B
z{)Kwx_>}XEh-t6s3vchw62$ZrAf`V>!do_N1cEwC4w=u5SIytB`ngu-&jqHHX<=HK
z-caT_U`Cy~I%btY9dm+})6BBEQHGWBI=+PlNXOFJl4yQ7o>a(04T%e_m(>a8{ZVI}
zX=GY}YPK<|xn#r;rtjD6wie^9{dju07(j3`5X;45&`jWvHu<LmglXl?^;!NsdO5{E
z54k&0Kcg#O)aVB`#YGj{(FrBI6%$1p>Wg@0wuD=b`w}D}&o^m|ew^iT)S%`Mx}l^W
zEBnc1KQ{J*8b-09{7^^S>8$eI;YBSW8zC%;Ob1jr-b0Lhjam_dV@Qs4lE`5701)Zg
zXBFtN(f5Iu9oE_C%ZKYFCF;qJt&s*GyO<D4;T|R0%NY@a+tV0rWkpRcInZcAa+NNi
zy5uG$%c!yHtP`Jmm+Ib`6uSa5CI-l%OzAE>@fV0eDibdF3a3l^a3bAIMOWk84ZuJh
z2HDtVF*rGm1y0HSQO$2;&C457n%@Aac;gYo?D64(MrwI9Z}~0!CZ)g6OePWer-?3?
z;*FD|X1qGRhAB5=4j?|;;`VeUxL-S_oQ(rT4NC%3?L*-kT6nGa=@4d)MOs{1V&%9u
zJtmaJ3>KL3(Ht9Hc%^p#8Fw7zOWSb-r8gxzf{T*vEv=#3IJ(i}DwOvm`jY5KI_n6~
zy*F5rO=eFF4{T(7dJVR2iN4v${fKd?Yr+wN?ud(AIu&D+vm~ADw8h#w${btpPJv{;
z<dhX}0C_-$zsqGNkht2!?#gF#&&QNV`ZA%P%Fg)~pIKJtTNv+xZaPV0@>}hRuVL7L
zNs)h<Oi}yjc&pQHgN%f%+kWE^jIiVDjw4;R2{)-h&8|J>Hcu^2IH=Mi6;g*s-LtSr
z(4<9Y;|7@(=HPZ@PK%S@1ptEy{!aR(m%j(frXCXth()t#zZyP7NL+~hpaq9B;guq!
z`Xf%kFE&CDWE+Uq&26QTML=+fS(v&IZS!s~D-rF%oLcm9fe+RC!w&tSOn-P=e^{+Q
zpyH)e8O#yV1cqEOakidYtUpZFA6)uFp8k-nKUjHH=o~XqRjvL|tv~G0AIkKHxAlkB
z`UAy(spNjO1Qat%m7CE|DVnQi#|Aa$zvJahvW4^>Q1JGM6gi(RIlmE~T}D7QaF6?(
z$CT~wi>66wp~6xj(9q6zU7+DAf3_RL7YebFhWb2?bFl&L_1Ji<4^qfvSB`>~cb0b-
z#5HB^_2@84wpTFz)Dv1{#vAh2{@xubHi<#>W*=xU`)&&~Sj5ubisVG3&Mo$@tV0W+
z><zfvw6EkL+!;Bln?;Dx0Vrp|GJ*Y@2iS0vw5*cFF+QTr><Z@@D)F^e+43J*8H>Jn
zM6*F<v5Bnzt<{(RV>`#|tLmbQ`Vpf(4CqRGeaH}Y{yO%?hL$wD&zUBLKHfy@9D0wu
zjcd=^*h&U2W{AO0$Z_l|+?km9E(J;vtg`s6D>kA3R>giw3@%C6D-4@ANf}mNXf}XA
zh8(D{dK_``(H!ez@CSHeDdAc)3nt&raH2hXBUTiK5wk6o4Dki*wOMhVCl|ruvv?~5
z<$;5W5Qc!#H7J-W#(U`>JdUzhA1NJB?}YHc<FdM^PP7ipk>i!nm2BkRCyRkFp2wky
zKy6<wJ9qjHDQdZ5|6WqRL8vW}#K$8g;uF_B7eIxR`+@4ny*@<G(>K90P`X{K>cnYP
zlDb2&S23a>(m>ypvGP=I2b9|Z<#xcz-f>%Pop?tS-i`rXWWu5qhN6io>%@Dazzr()
z3MtYA`=<f`Vj!t7SjE5xDd(YN|CAKBf1Al?qbOoHEW-mWvhyoNEIJ0%lOm2ehMFYk
zkx&fIBzW1JxTM-Kj!Y3{71(;Ty(f~wsiD#8QHg0hzwQC%2s0Ja_jG-=jcvxT2M@Fw
zF}R|M-D(WW1Atr76mK3ch9<b2PcSxS|9tLruey~fh?kRsc%^P1?Nv8vL$O8m2&@X~
za@R}t1K5x2SSsrKks^iZ3yB#hn>}dux`*^EqV35E|FG`p;Rg;y$=6%5*FpVW71*?`
z+MYrz8}$OY0z;JuJSK&6s=dxKUk)i2quT{u`0uS0mQCMbS(u+noC)YxDU_ltuUgIe
zu%Z#K?tjoHQ!IT8Iu-o{{_y*++YweVc*9aQKZWRp=z$zEr_RTdwHTJ3RC;)P+H9?;
zlR&yQ!Sxhw@u*fYXbAJ1M)BmP;SMF_0{hx#O8A9&y9?@1)MM1U<wT9fFUI4B{YoeR
z_p2O<XOJKZBf+taTSKAKV7J76(p;YE;`?_qstG>(cM34o>elt7d7UTu*4>15LQYue
za$su@BsQ)Wd-`UMH4Q^K;4UsB$Jeo+z?vfYA>k}=$V5*;mD#`>i-BL$Hl76AxEpTc
zAG~UXY(GJIiH2=lwj{ZYH!b<^ZR6Yjoo(FIY#WoMycob!*GM4O={tF^C9#v0a1QL>
zGq8V;u>E@kZ+Ou+s2F^ZmbM)B?_t`%*0Dq`6ZlhH+vx~$d(dLxBxi3AyV?GoESpXc
zRPg<~)lCE`Q!-vKaEPF!`*JLL&64S)SFI(urbUP@#f{D6-9Y%bV7k5b3O?QXrdHUd
zrlqK$9da(Qsqb;q_VwD2(56=G_1HOyrOLdZY}zd`;n`rw&^r*l02^uoYWFyI`+Bhb
zj7SBxsKrfNRLAra!aZm!_aa1vs?5+dmaBI0tz1pz6w_%aCI){?zJPHjV`n~c@tqt+
zfvclNpG~p!pSXcPrVZ?({p+Y<J5+H#nlsBcF7|K=zC&6R);kwxDqr7ww6B#A+fqu1
zLA;?Be_uFz&HgO12Y`RI8)71xZ%hDi+2Cf^IZ322q$5+U2tLFwmjAOqAcg7Vc9;`n
zPB&2UlIpg=$!OE>E0A}<tHuU6>X-4DEG|F@E+s(~1c@q8>~yDM@qH#mfP&6op)qS>
z!&B%9(>@X^s<5sPS#;Hwji~IzH!P0NGVeJr8Ybg*-QhdJe8hf12Lsa%M7Wf#KvXd5
zF(L*6jB^JdQ|t#RwY8n|kBsCQNI@X#f$5x|j>_DoDrs#}(`ZZs5JzN-AO=s;I&GG8
zwzFz9?xP5^WDjM-c}Rv$%$`*}<F%hrRMrLf$i8*12R|lIKO@^W(Y88*hrxoIn0b&*
zGEK9<SH3LFvonL0L)slTA-LDGlQnh^05O1dHh{GlB%=@n?Rsq}RYD8sM&l-63!k)j
zo#%XAcr~4p1)j9vHa8vRMZ}=m6lc=0Lt1PUFBZknG>$EbdRDO?_Bzi<YG#h_I<$VF
zZXZL4oveLK#WQmh;;&3wNgI{C5d8^raFwaaJ1h!XZc#RIjRCzKI-qJA*#UKZE;BE;
zMfXxlE&Dt<9I^BURNp8d+0!e;tH3EnE;<$GX<u(yJrK*p`$m8uRM@b}p(Pe%-A-s*
z`VA3cM-$j<T|aE<6&^~IMbE@4dSVsrTKQg0{r)NbeHs70>Pp|sso#&_-@n1XfBQ<`
zw@dy0LSOd%D*pXTSNeWS-_-H*?`NCX_vl0ZUynca`=|K#)A;wrSNdK~{eA@h-o?L{
zuJnDo)bB4`&%V#)-{)QF`z_a}j-P*T<=@+`IR4b{pW@%w^6wk2IR4b{NAU0W@b9ay
zIR4b{FXV9e<KI_Zar`-{<LBSM!M}g|isMiH{we<bD*pXTR~&!p_akyhpo6lKRP{wv
z+t)&mpia`L@9=pEd)|T1bLn~b*=0<PDSO>)#KiB6pzupwpW&(NyJ6}}cMPDAEM+fu
z7t~-*koZ#aBl;e_Xt&?W9ldrv4fU<hB)YazD~9i6)N$vY=v)&iGM4g>$&{USJ+DWr
zyk!7?`UIY0&e%^$=ag~O{(EEh$NCx*CdO_yzK)KKiM3$@DoBnEk6n$v^*0mIilNIl
z6JrpwVp?g9uPfkAbXT-FVeHcIlOZ(o3<)wn#Tfsm)Q)7XE>_#cOYPyMs`XO+jHTY>
zrOJ4zD!r7$Sn63`>J47%ZN1b;W2s_ZY85Z_l3vPVEH#3cV)*A{!ar1MlCe}5UTPXI
zRjik~!&vG>Z&u31OG$dE8OBmoyi_hPm8X|_%vkDAycB1Q2rp2n`NmQUd8t}nszEQc
z%vkC+UTP07Rjro_8B68yQf0hUm0s#aW2vinsW*73xAju58cY3<&F7w%dPy(!S7WL5
zSPFK=v$2s#sl+<2LK8xAS+l7TWwm(Q1)Daiy#OU+hp@~w&G<Q9eqCz$2d-59?bPza
zu2lXnspZXAD*sAq`7e82q5LmX%fEJ|^2<}p`>s@eaccR(E0y=9mhW<<@(-t$|Dop<
z$`_}WfA31=Z%Zv7yi$23wfxj8l^>H@KIcm1^Ha;8xem*x*rTIE17+kBR^Kq-%i7eD
z39V>FFG^Wx;5N=Cs~#H}EuiAuIHu_yD6(WTFZ`%g5b8zV3HC{AlUB!@#b69Og3c^8
zv^tiZ`zTU|BzmgQo>Cz@g;cZSI%alUCr6HC;KqA#C>fj9k-0DMapqhy?6rtlg}JD{
zlmneB9BkA5PLT#BbLWftPWyZ#P*+FYQ?d$%W`Xa$Ffs|g_QJp<o1}VeVwMX=<>I5#
zZH_hnHhR$y-%olBA(aV5&6mhL7-;_m&HYutncH;+oVoECXXB~*7c>bM$T}M*`sT!V
z&{&zgy3%FLMF}{y$i;M;Y?%8>59^k_QVa%Yu7Qiw3dGVA%$!@BH-xORV^5GWQB1Ob
zW?X@CG59HpiX#^@nCg#n>sr15<w^U}5eZHE^i=y&GClH5LRKnrG()=z+KP>ZRy_{j
zkNkia{Z=__-Y)@k$mDK<MuJWmh&8&P?Z`vldQDU?-~o8SgTzrLMZV8SE+~C#MW>_|
zS*@4t+fi8$_)F%J+-4!;{K`TbpNZ`#L2O{NfB_=3xel^i;XQZ&Ex4;=?SOx#Ij@!N
zXNYeO7hEHe_0wQQee@dZ_;4oiq>3pDQ*(_?a@L~6<RU3p9n!AOBhU6;(_ux0%|SjD
zzNh;w$=Qe(dRE_P=pZJl4aC24_-fC<YXS$a3C+N(oWM&0@Y+r<WIS}=HACP~=_jlA
zS`h5LrXya|ph(pz(QYUvqVBz70I)yYcQ&r|C}s}Ap6Q98S&*Z3hkCT&4a~{ncRks?
z+m}C#BqFTf<8$%W@82eqN^4wJ&oZAS8Q#*G#WzZoo5z0mN>U%#s~(plKV&e8wKgaZ
zuO7?%L-0y^rzQs)(_jtee#>0WYQ0Q!pQRp1-5}BV-Kle4l%{+Gl_C_hg;`4{r5trE
z8V_1w)&LxChuNC~|M%m?w@;CQYOIDChlCP+zB|H~6SJAN!MI#<m8(v~AcOGPZTYF#
zssbjyvf95z$8c@Yv{P0m0kL>{bKJ%Tff`0CoQDFtE9=ox-!+?zCa;E#Gd{F%sDA$2
z5Wgm>aBR_jDWFPoQ!{%7-9IGvgMwQ$aIxbOtHHrylp^2kjL9$w02i{UiI(XM&M>M_
zF@cEo4rx18d+oI{AX(NjD$A+g80$KoCS2zJ71n>duGoADRh8@w<Rc<1nE*SCri+gF
zW_f2LqWH++49Nr-^@P{ixcFK{J+Hk>3Iiwg89T5233VhpYkMiWkS@L0+6F-gcB95R
zi9!*CB<64feN@NLvN#o=rpUigajjcgGsVhWL>Z_fI|(+`DKV&#O7`RVUiGY^0-q5p
z(!a+=?}%<{$Qul^1|4VRYMkTHSs!leY}k&wu0|VRZ?;4}C(et(Uy(Rilhv&NJyJFT
zZJQEtP(%t%1E`boxLT!@PnsiKJnzbdU7t@ai&;vJO?>v}Y!`X$XXMDG43y%md=S+e
z;+te(RI;1HSNwBe39IG6C6l;vG?c?;i>h!KMH=vkwI%qzqXge;Vf$3eYFla=6L!dz
zMb$KG0F&=)0*nZ{j_L|;B<4f33OEQ^JwAV!q~b_$6snZRG;dTXKYEU2v5EPEbN3A(
zE2{Ccd6Vksz}4{hs-?Uglu(ODSv6`w>u2%~Jd+c>`9Pb~HPM^D8ODqCV4VuosZP(S
z)h%{&8gyOT9K3cdosLrC=}hS^Hx*beqhCP!k8lK_O~@f6?@{yY8#+NRCGShaX5e2N
z(!}5+#Fs}DrkDbgvUo1~<B6OYEt|H<JK;DxOWOdIFG-G?fi<t(!6(T)ket|5#kx1s
zpO2u%+e$Kv-Kn9A)5xI=Sgk>YU4?lErFvAtl1*Qsdy?3$l2v$T7m1BlOy#I7t?rYt
zNnJ*ZEiU%eje*t%De7Ttt+_rvYj1IWvMrqRuDIq^^AEA+B-2+2<gqWv-%l)dwGsZ*
z6EWsV|Eyv<EZI*Zii)9IQdH+Oo%Pz$XfK0y_%ZDd^hKq9pSh7-&+pOZH!&f(MX{ek
zfv43sQvuY0eth?cr6@#=O=Xk-bgRugi3mCbZ1_aHeHWU98b~@Az|{yLU2;V0Z5EaZ
zSRaThfF;;vuqm_9_!4$=OMOhVy+;)CYwBs4Y_AoA&k;qzupN*>_Vc8ndBH3>clhTx
z%5XOgGVGVkwlJ2qHqkn@Ez+ND(eAUY-m@NUpa(tLiq`3EAagoohNiZG37py%yO!Ao
zdfNsS3?MBG6$K)k5;*059dK?rkP+om=sMrjK*wB#WZ#A;EsRbQVmYg%-%9mOs9pvL
z8Ugts(g8@6BE`1SbBm|Y5DsM^y(=oANzmKdp+7}vW}fJ3H|S9>=xH~|!GJeYy8$V9
zJN2_0^s^gKNlG`E#L8?bzRmwW!cRL?UCs81*p2g2=`Me#C<b|R?5aOS8rk0x$W@_R
z`9!ByJVHkU0UvD<^ysXFCjoZ&R7T)8!fV}FnBc5Qq3KyRc$%7JLGQU)mI;-GSvDR2
z^vHrzSv|7gaXJ-%zcPL?L4`jE8kt!L7FiZACdh$EwG`jte+~CSJ0x|p#nSf>=&qAY
zU*n2L4rTyFY0Q2RW%#@5&m|_h^fx5xFT1P!U*H#sNM-U|h1Mr_)ThO}US{AAX*OwD
z6Y4ZC9Dx^9Hlie(?bq<D)ij6uwXE}SDlDtWrrA3nFKa4;j3xV#oI>Lk?NkF=uEZ_k
ziociz?&~z2tE<`Es8u51;g=U1WxOv#_sL2vCopyIUUhU`Agh}8ipagXz`-tty=L-I
zPL?7lUn3PYpsX)=o%IyTM+~C`OK~2PMekR%z@}r&MF=^&#m)b_4zSZAhtrq~8CD7D
z$W<xMC<6|>uZUD<(2W~XlKk0~Y%-Rk`xB>2Bl35dfyOsZjoi<OEBeIQU3<0?E=Z?a
zHzk~t?scB<XL{A9=*I%r&!zB726)3$95zFHM2PclCRR)eEwZ5hYzs19%xKxeS<7*N
zhBz%rH2Xg~4j~ed5eXOllVZ1}t|#%DSfOYgYhjG^SiL@D*cn#cJspQ|?trTEwL>%e
z(rHK@*bg8ip>u@ka=bET)8_--SjCBpK=c2_qhT!RiBbHBM%Qc64nV4YkkF6#USUWc
zt)o_k5p&1OW7iq%fdLzQ#>RXRXcDxa;*<FAOdXv6*zDU(iyzmSR9w;5b2EEhG-@Ch
ziy5@iinC5!5kg^xdXh6EvgtTKj1^NOoJ=j(7ygK}z>|^7kU~%EogB+MIrcK^yERi^
z-*O=HkNPLaZf~)^?RkAgyuKnseZX9Bgv;t%MD<nb_4(S#&J$wk?MS-YFL8Ph=#2O#
zy!f@^eH_w%=&9_IY4H?9j^@E|-e;Ky0Ix9saG$ksum#==2UsSA3J2T9tAzuwX~dd?
z5o-=kG!FD1G#>kBGkqabjI?NRHtqEs#Ke`QsM!Nx)|CJ&z8&WP;VX5$fBa0Y)dKB@
zV3?C;HgBo+z7i@b!RdiqNIh~Pp^tNx64Hu@uSO(igTn0Lrsmj|v{RfwMzzi0BAy1)
z=@D0s0S4n-#N?Zg=MT_olBq)4*@R3DU_3O&W1xhG)yh3Y1Dv8+9frnT>Q1x;Zbm<S
zN@o_M*P`UE><H0o=AX_3`e~<R+9{jraZNe>6d`WO6p?nGr!X2vGw{;aeuy`_c)qM|
zL6WU-lt9kicg8xmXb<T%y)B&V%o}xjjkR|U*MqlrUQxHju1@Mh06O1-BwG}h)O19$
zqhnqm*-#%uJtCV<D)u81k!%|!49<3*yydeXx)hxajnc&DF+K#kKV8ZAl`}+bOhD(s
zNVXkESOr><*cZH~0FY%G9BK{n$Oiub2tP>}exi;X_36NaM4rb|!obHv;G=UdfIoD(
z7vYOB?Fe5uFNiDq=_V=^*UNqmF+YP8^h^AgG=u%JY~-{S{|vdT%FU==AL~T&1J<`{
zzQ1r;ZqVvz_h=JB3kTPhP*QCPCDo1(72Y6BP|bs>leq70s2yJkX?i!`)?T(iH~*Tn
zpT=7$g+dfCjEbBGU{use>w@;sh)XwdT)LeTK!w-iPnNkabfK@Mgi<Wjg}%7WuSZ8Y
zec41|;`O-EuTM<Xn_4&Q!|Pn1;*#V98uu3_<6N+nTl}!TYQQHW2o<(mucH6*di}C3
zu9w$zhU6DXsKJJdIfm=F%GlO;HveqwgJA4~ENuGO*aul~`f==oY{~hz;QZT?^M5Ti
z`&aZ)%x1nuiZsH^*DRigUTFg5)j0E4C+)%GTalNQ0*$7{lZcb*L(AW<8rtutQTu&Z
z`~5U%zYn(GuOZQXA8fymq5YTJVEZVD@8UIGiit4r)bngQ(tQkCnarF5R*<NMRR7_S
zb9vQTuNu`3Tu4GT@=e)ZJMqJLi2Dd3iYw2e3#;=Kg{4ukALgSKS6Y!KjBoa;C*=D5
zxZdhvU=CLib%A59sAiru8<A%CudVUB+CMX3uy4{#bNJESYLXAz73s{3*CqyY(%4z-
z5%j}2GH(iz>N#{PL1GO2OVWEdL&;NTLXy$!7`-ur9izM@|L>x`(;0nNM=n4UReF+D
zdQz)Q8HyN0uWH%>^AI6A0trdBVPW!M&n})0`xWO=JsHa)VgUDSCGFY8E+)H#3frJm
zDLIUBd=%p@Gl(_X&!Dx~Te9=G7+glTjVHw5ooOUetY%~`vfY);+aKU40Nj#QK#lj|
zU@BU@jE%qfzXP!uS~PtKYkZ%H?u)8pzrzX@ULhIamWWoj#_N<q?uKNQVwPKzD%}mq
z`hE-bO$eL&0b^T@_R_gx=@8;!(6STypH0LBoIvQia^);+G+qJNAle>h!G!Rd$Q{pe
z9eV+GIlkV;Xx%2jmjg{)AaxyE_a3nBJ!lOIuVV|}122cJ!<FxmSO>_HD<Lt7FOQ}n
zzU2P%bVR+KutT|ASxLtQZ=bDwHN)3$>iGI5nk5@jW`$0e^o7n^!rC|0(v&-ECxpy5
zjaSXi1kS#xc0#53CcO)P)gHhu{0T<KPNOE%;#<at%>yQcGY6Ao#7uIw%rY2ZW)+Rl
z%tn}5C5NV(VT4mN_asJW#u1tmBYZ>4!0P|ljQY~;Q;Gai)N<x-T2{}XXA2BSybzE6
z1lAT;wx`wD6zg@_^IcqdR7h;}B!TF$7_kYDfYa=}xZi~51w%?m93S=t$*JhmT<D3L
zj6?i9*--b7A-mg{jAZv=|6iil$C-YqfquVYC&l1Bh$TK00830IlD&xo>f$>Ignx*2
zpcULi@VVGSlx07n*ZTla^dWk^pM~v0ILP}Uz1~Ns*Zbiy-p@d<PZp3~Pdb(UziYkT
zi97y(Td&)o?*Fm%Y6q45udLVVCP$0)N-@6${1JT`3K`>rrNpDWXNoZ%rFB@#c$6*d
zaZy05t{@V@t$rz?z!hi)rdBD1nCTf3_p>Ecl++?%vnN@V@Dn!lrX!&)%QY7p;&S+j
zd{}{eMxi`S@c<V{p>#9}w^zWVrSWxgK`Dw_g~8Ukk=#ZbC6-F<1VKC1nQrxBX^y>x
zz>E!))q7p=UjjV#F5SXl6f$P_8Ol>a3sM~SzuAc#_tWJIek6yw@g}E1le4hN&=|8+
zT83f*Quqd<Vn3==f0R%<exz!eqsDOYO>VJKjHFgMws^>937MN>GOUXA<n%Fmq1|Nh
zst*>UM@`A8i9s_d0nN#mO((q0<Nm#}eJh5@bI~<`7#wWj_n?>3aSu^EKr+Y8#>+P6
zx6BWwVyf1?U+zsfzGS{=D?5=k!z6XsQSv+ML+e%j#_pK5I_qrGx^u!MhcGFeGnl;m
zkbFyBFila5i@o82FmtnJ0S8F7T{y7hT#(fXA5Uo>9$-U&)x<t=@0XvE_Z#N;GH&dN
z`1~By6vl0=I1eIimxuBhnC>TthuDU<-S*E~^D`@{+wmrHtyf6;nGF++)?;*9_a_#C
zc{Tz7Ym5zM_UH>y^wWgne#43i+i_X#g;5Ui3wc>10=5|3Lr@$YA09Xu;Cp<i$6zVc
zEi~3Va*TQ5$7n4Z$^!DtImWy=;#KQY?k~E@q1$T#nKVG|lG@lGF)*0otQLc-8M_>F
zrrJ-{VW1BC*Ah9CIH7f>PMyFQar{eQacM$)_bX}*4o$7Vs~&Vl7V3z7a+?>f#RwLm
zZopSzpEkm;?jK0KRggosLWed}hfc;`mjWl3D$b+HnWjx3mYxEVHpGlbfw&mxRwvDN
zt3^J*oYUmcq+)cFXRnmF$8dBrbZmrJ`gf+FF9r{ziC^Ss8aJlbrdXNrS?Km@vh((0
zG58r3_&x){*R+Q=isPJDJrYHRKgqw2^r0!+SJd@E2vu%%oaHoL^bI_XWNxPTL1E6-
zC6H>xXbNrJ%g1%{EHCNot{B(F<X(PHSGT&@MjnF|G}%fSBN5YRsUgKHsAD)Rib$I-
zIk$;{L1gbZuufd#F}-2&50yfmY;-I-K+2~wYyTV?v`+g|XpkhnRaLr0R1ZQoqdm-q
z{!5`-bLnQ{*L3)8ERNz8iDA75AT%a$hK#Nv?lR;4K8rdKmov9d=jQg$-fuFP3Z|2-
zJ(~S-yLp&7q;CQFJxc!Wk7m%gwTg~I1bBEfs*vN0ThSZi0vg#>G_ZAsfqe=CTQ0#&
zykQYb_tB6%cxjZ6(wbs&x=deMq)0UVp$LAd%m8|noe3#+!fDh|#TlJv9uw;F26Pan
ze7+TpS-uQ(7fvImG!PcTqNna3&|N6O5LtRchtlrCa#&?!q4Vpy!_l)zf4vimsAQzP
zAhq!gym9f_|7eWI$Ak*ri2i}QZ#449o?LPXvYXbctT@`0(ACb=Nq*+#CZm4>mst7|
z-q@7k_2_tYU@qFqk5QFe9a8ZK&jnCb08}yEig6Fyj#;kcb{e<*f!xkxDhhMEn8qxh
zp4)Ydx-i#<YER@;pbLw34`>09tkxzIkwF8x7D$C;?q;A|d*z%1)w5(%g+w-<c(r7T
zkaP`YQ&*990S~Nq*@Eau8bce>M{*t&gCf}yO=^%rZ9|jIlG^0F*}Qnagf|uj`CvyW
zG!bZmiU!C9e74@>IOiyfwV@l?YVMB(ZGuA!thgkOU0TD}XsewrzEGGWRTSpPCO{!D
z0j`H(CC6_-ZDVbCCY{~r`kpkf?Az#87ik0u?Kx|;clZ5-IXeYJh!JKixYjG1fOZIt
zMm+g_es@4@qp?ZE<(tNJXKu7{f6vxloPe*_&0jQ8U;&D>z<n3t(@ELqHky3BrEnLQ
zRB7JXjz&0rr$wr)V392<&}Y$3v~hC5@fks^Oc4mQ8D9;h%OJ@Ro`=E#`KR;l)obEe
zM{B+hW}KJ8UDc_w;5euC5P-%)7e<mMg@-Sn%AJ3&lLU6-Wz$}2uRH&?=Ai4rQLDN?
z@UO!EEW`ed*7{TrW&Mdhh5#HMl{T_S(2kEJ?X7bo;JJDv3xGt?*GJu007+XRNt-Z&
zMV6&D7siGPv2={VO(+zhjsPyYlrS>I-_AYbAjjvH*yE5w2#$PHv$Q+uDFs?thMPOE
zW;&tGiuem+qnmw*-*iANLkoQdX>$19X$h_RKb?lj)}!IRc$x@!7eEA$e@VIiB<M`J
z)DV{{J^au;sr~t20|gQuuzsY_`u*y%<I|WMWztV#YVuO}cA#XLgiNb-od-(Rhvv3S
zd0yLpl|XJIdu_nmP+0Ek_Q9%zC0nKI+NtuSiIpzf6wlbH(y|5wAF=cpDJ!kWK_fu9
zax;s|yV*upQyY-d*D~9|MhSE4B{f?LuVDR9B};|NDxkj`qPW8u&rA^Lbq9O>USh9E
z$y6{O5hextNsh|YH|e*6Igvo4i5DL&64s?rUR>*Ucqry&lhS6GneO1QdTtQeu*QAI
zh9#|g=&70aKKjIiK<rKKC9U(_cmJa^@16S)yx9_i?9qmWW6j5rl1@L`Zim(qHvvFb
zjJC`_lnmAl5+@_^KF#Q4wFx7NcWM~QJvgb%MMeelok63S#@^BD0Do8MJ%5S!{JITU
ztmiBCvYww7pU9YWvyAcET($~V?%YIogBeUKs8}9=-5{;d70hY|`t8Eb)?cx+GwThV
zUClaIrgyfAz3<?iCI2AUS+pI+&i2^Qfpzx4w~1+<`RD`p-sguid-8SCy2t&G-CF`l
zDbxJDS)b<60+%#k0gx<lGj`p={rTi$*9)%L^}n4nbRErDp^JHGyzBYw-Id0=K3nhl
z0^ap&bqL8xbe%!OQ!^QaJbvF}Gw%g3N$L9NWY;IdLE>7VR@isPD;#mO0rfQDAQtdJ
z<l!Jbc;HHdIDFPHh^4I4tMx&=!QS8IgQ(UAq47anqXWym-wYKHP;Q%)1eBSHUaw9U
zSSTdmepeIvUO@&o7|kvly=~ip>MpBBrxt>|tN~HR+)k2O7sahdsnH9V711)}cv+#k
zF>ok-13EvEM9&4;-k@+57E>J@OS94KJI0%D@0Brxeb>(H_quEG*Wj;ATwGEHe;!|5
zB0hQ?9{R%ndDZZ82D8?}pT#f1+oclm;z>+tz?3~arM^U*`;`g)?1n$H4{Pw}1pL{1
z2>u@{5t}}P|DVJEa`?Yl3Y=I91H9x9!CM51R^18@RVCu$?MC`)j#U~k$0F@K5jfIh
zst;7A1MQhDIY0IPfNP`ib<M?fJ#hb(*0sYK!@Ab8b+o4Qb+x6_dv-co*U6L~&iI=b
z583w!$*u!jBz)MN-REheJN6e4cVj2CU)I9`0WSz?S}A|Qy`wGQFNg!QNB9dOGVLDz
zf>mob;|qCmN>T`7=`XnBxxAFr-|*D@l+@qzR98yspLwd3lKNMknw^sR7Nx#I@R%?F
zbDs9!m#`>!<hVmv$__BWcLPdn$Pdhqi3A6v4W5W8_vt7xLu*1SiE)_yBeW1Zs`rA}
z{s0ODR6W#MrGTeng{zkkjW@*O$z+j|`w7vl=Z(o(lx!EGGcOpEJ5ciVLbT1rRxA12
z#a1hk$u;|^5mun8#8Qk>o}jFvjA<LyljXgdlJ_#pOJjMjrR1$<c}GOb`)f+x>n!h6
zmiNz;yuY!$f3m!HQ}WPBnvu{GpMM{Td7w8YYd7v5Dn!xZDz(7h5(T<qftOnpcr{Vr
z43M+YRV@m<kSOp47AS2|Kur{Q2MavaqQK%rfnQ*OC-4<GnPDr=F(Q-iwwyDD-PY}l
zVYgj%#<1HOPaAey?P<eq`yO6g@0+5}GrBbT2mbpO`*qYr|MT)sNaXwy31+m<z2$tI
zDBeWX3owVwMIVQ!=sI5WJDdX6$-hYcd7>br?~c?d<C~zoqXxgt)rP<`(XW_seIg@I
z>u$`*Ol0J10&mx)ojbsuB<=VCy)TF0N#R|Tod?7h%3Q%3e|E6U-%S5u71q0{4#->Q
zMgPeJZMw@X2#LOD@V?)W?E5nZuqPyk<0-RQ%G@|P2WdtBa2DxzC6zoY+r~*Nt_|rU
zDxrB6lIEUBFYy2weiO=$!js6|m5sP-k0U-ll-UrH&4Kg17ulM&khtTEBc?jFvmCE1
z@i?3O`(thBSCj&qW~ByKa;-5je=-(@;+hnQy#%jXk9y>RgCaSH_@cVRZ8HCc5U{-p
zIgNaGoW+fRTI-4DhL<kBKa&2S6l&)dKloY-W$r8t-DfUT585N*vlRe*f%Esd#5EP_
zMlvN6$L@T?BzkrrGdTl=&l0-Gnam>WBtlAt=31qZb8Wuvg=*gxW+CcaYpf@EB`2;|
z3!o5_2W$ZTWz!Mlu^z#&k=2e}>eQSrD0#^%RIA+sJOb*7s~aQ7%-)b6ZzSM2+^pEo
z$|NLClbv7U>6tG+cLF&6LiK#)pmo`ncw7)*=FKF(h~3ELgD`5dimsnoHGwj-tn%s_
zd36|!$@!)D+-s<#HPU1Ae<rQHWHh(ij}U1TOlM{rqJpbmNY0(;vg0$wRGo0y(MuA?
z?7>6nPGGY!){mg|zT`kDH7u2RtZM!b)S>988?+qLE?zj36jJ}?umd&c2V;M|D)b%t
zEQd2+l~u0|CDSgtRR{1gRJP>Z*aqCaU2g_z4jIT_)b=;9;*EtmD~=45*6Gq2&V~QH
z3&q-acL4CqzaPk0WqqB7X*~`*2#fe`VkE_PZ;cc<pF2H=4%|C=&c;LzBzkz_Ki(Rd
z8c#3UUJx$Jk5Ys{wN_FarSN<kl0el6PUMmXF^Cj?flRBlH3tz>`iU_`yJ*crq8`+j
z^jlF<qnUT2fTY8^KS}V@wZ<b0!7`vbcS<U&0ty2)?k$!Ec&9PfC<;2EoD7`BWN2qO
z5e=xbj>>VZlkMuq#C#%ooNZ#4L&QirD}23C%4M%d+bH*1BEOf#i9YVE)5k11dXbtr
znIXk1)eAr$yVoLttcaeC3d*7{v_c>sb29?Dj{RPD0e}Bb(Z?{t7WA=OTwGPsI(_Um
z)w%;^oI>8{KU7Fw0>j)ps6`4hex7U-!^2}^5oFPaCtr63N){_&^uz)%<}MJ(&mUU^
z^o$uQnkJcwW+~wgvmThpr`U1Mu?s2eeC^<~cvMekYT}8)fkm^0C7l@TxU!cnm?DV5
zpPR9*4t3DJd+kqCDtYBu2513d?^(NRucieZLMvBTCWSMcg&5?fLmVoAlq$#GWCeGz
z3W_DCXPU1qwAm1vW>#NG0HwHwV2@+>`W=z#beNiAn2w8M*$z%j2Ub|DJ#`b)g39B*
zLvT;fCUHMC7&~!#EMpHaZJmjFI)>)>0PE1FrP!e$uhBqj|C(+KJkz9+&|4bkX!?3!
za-83erEzvH<l{_?(qGC)IRL&V2T4K0wv$}^%E8RGU3hp?>tkDgQ{t0+X(W6`-55pP
z=%4JyS=Nn#ExK_c$Xr9`K`yR|du`X0)!at;iwJFK_iZPX(T~<HV@e^S4A_a04~Nh~
zGmjPct#(xC&(|tn3dH^5bI&1XUCD;niTI3+O%r93PoWEl$Wb$-{6f1QH>|lWMK>!Z
zDoS4%JR^&>xPLIps@fMOCIcgGKly096~5~h(#k}XK$TS%=FDaQ>B(0@#V}*DT{1dL
zdXwa7V(?~cWrKd7>Db%+UYEI0ML8f6V6py*_#0$FozDF82FmFwdzKv7WR=lM6Y-Zj
zP>_@1KQ4`&o-^COop}ngpO!{4{zwe&x(4aWeXV(0R?nmU>2u^u98E(S>B5KXhtQUl
z(sgf-htAOPDYH;|=98#NmN-AZ)jm3HI6q7F19f4#i2X%Mp_p|#Y(B}{dxqGgAm+xw
zCZ{DzRu8Nj&pb)bTPgh8Ja*g~8($KLJx|9Ciukl29_h|pxJ=FIri)jEDx_#<lPqrh
znASur$Vn+M<(j~+wLfAzQ_I+R4VoblwGXhndbAF^(Vtx;_U^7UVyUWZMwV(5x<L(h
zy;_ll_49DfR%%8P;6j0%zz*v$)P$CK=1e?+FP3GJINro+em<q<5WKbIHH}>_^$=<7
zXV-7UA*{Z!I~Bp&<;qHu{)Q*nP~1gdF|W`_mhyd45zLuIl1)gQhQ(&H#06ZE_y$QB
z!x^Hx8A|)`6~h+Qq(*xZ3%-1$HK|2OH+EoCKa3gocVkGsn31X1edpkoK%snX^(DKY
zW0U@FT#+^@*ktKa#v0~He9%lT5|ZGck!I2T-?jY6(54#d+ULT$+NRVsY$<a~na90*
z8;>^t-xPuaW-lM77-`ip?a;3J2L-xei*+ekMG@XdzDWhd-~|h8S2(@I52_IHMl>s`
za3W<a5AdK9$+QHbX832g?2;LBLPvICmZv>90ujUAoH7rxP2?;`85Mfs@eheD*Oy0o
zq++O%-gAF!VqBaV5yV<T5YuR*F?12SR{Y>}Bxd!L{@|Ni$efbqK@-U01scra^B)O}
zvYaw^Fk>9m{aO(`d%2X-JCaF-xHbz+VZN-k0rdOMGGzS50XvdW^b9=$^TDuQcJy$%
z9v=eR!}?FpN!EXKPHXiOno8DxOS1l>%bM3;YSQb6s$Vixy`t5sMRQ8k^-B{~uV_*A
zH6+hxGvq}RS@tN~Hyf|v0W|t{#pap*HsE22;bA3Qkel>WAv?D#V$pfYq$%Q<^Jr{=
zqJ#%eIv8@pFj=a30NLq=Gl~&L(Le^C&%iSp%UA)^OWfCzf($4_wZ2K1t~RU^t%B|g
zoRs7+Vr#DcPHsEAh%a5%1ed8ww$pBLiN`7@yol8L*Rt)oc#nf=NCWh+@xRGLgQkm^
zgp<h;4{jRrY=;{IS<P7$aBP~$J*CNH5==O6Zd|1`3>Ph@i(kGOfF51nE<v@UIc~VC
zYZS6sr?gMc+iCt+GgMM717ASTAy*3lqb|=>oN--#D3-QKSR1k&G59qT;myA^1M{CU
z8!$17ppZL_zI+M&&!jB-j#ihwsPlhy*=N_Zy6g`vPA+@n;?!l|(QMhLv1K<X?fuWL
z|L*_2^}njw`i~yT*T4S1wf=>n*Qo1a=}*#{!9nRjNO8wEMYmo^uC<cf;*xQ#Nm4N>
z3rVe-W|}q=TU%=-b*+Q3<XXdU2gq!#7cFG#i))>=h^_nOw)k|u)+zk{|Ll6N{PKTq
zz1ufi?>n7ry}v#C-&$|~ywo*bD$s!)jW*Dp4>Zu8M~P9&p5F^(U-Y+hbdI{Wl`?wX
zSeEyCO5Pt?UO$%ikCeQ>vb^>z@BNfKlqRQ2zehnYquCA3h2o>gi8ep+pIkpwhz_{e
zyiD&#Lz!E#jMzfBE*i@?uuS8n=4H?od7?}QEc5rK=4JkFEED|%%KWy8bAm`%WFtFx
z8%hXFDMZ(Xc}aG0{!fu8>yVQF>O7qj18VS>b@l{%>^BGyCd2uCXL}(*-NkQgN!{Hx
z?@E;71Ko8>u|I2v@xVj}0wXL2HB!a6?vE{NN3Snu{g)*llN_SUrL%n$PDs5<AOZZ_
zME(VHveOuCNuhS&eHDLS#ovW=A)$~#QG>$6e|;nJ&TrC?Vk6vZZ=@aA;d4l)J|t&g
zsvlk5qXQBiZ-}~~LN`vgLmCzRlLQ(v=kEoMJa;gBKEu3BGF378m{&a&uXe93Vzu{$
z+GDFp1mX@2%R%LraSsjFWgT4zryM~2QEV8>&xDoLzVrbgKaW&1x_J8ad)E-(Lb_BH
zjxE~ek=+v{@B$o^dQ3Yt9X+JbCm0m;X)AJnj$K;xKfA-^2O82{;tM4FeCa?B0d>Ei
z;!#+!TB)5ayGGC{Wy;9m8J8eKRx6e+Nb4w;KE&^BkM8RsxYf<>rDsi1)cla4=V^L(
zN~k-Bv|r`{H~1ldHJ3bvJG?Sn7NRep6dPOE_^xqGT4#H5MD@ejh<f3Oey(@v7pWf{
z%1wT-ntyQOu6R5)ol4Jmx7m~pF-)0<mtT+N2U7X+A5v-`)<0SLkG%A%yIPk-1;3!c
zwWA(9O*rcLj1<lk6?94Ji(;HxE!wwtVSp+IC~G?lBuy;?h=CKV8#W|*s_53v<EYt?
zLHh<}PRM9$lhzI;h82&N3RjN@DqS{GL($pw8#A~@1gs=ECZ*smek-ooyLVxDmmSD=
zmeHAUPFv;bPD~n^4kQF%oV880Cs@IMoAbe~v%nkLB>Ii_t=exs03NH-)nkSadOX)R
z=b=Q8UpBKIJL18;0G^e!pE<snMhY+{c1F&|4v!v#`U$m&Gm7!bX%?=KjRY(karbo7
z9{XY_r%@1?S=aVZSM>_3S)#`Ki*9v|{l&vaJGzGTx8zCa@4T6b{sIP>Iz)zUUrg7#
zz4W3<?{{{Zp&9bw6`qb}82h#7+`v%TN#~l0dZ^zRl|%3M`@0PN&SiQPQkt>flUd?4
zt~9fp`fW+{8%@)+!O(B%!+G~T`p^US`DP-el9=e?^dxAkGImrTN@q=DqO;$+uGCqJ
zv9m9+eyvUEY#B?e;+<`1)>(`pq&@Tg&;%})K73^6llRVlXijRUH>UAUhnR|<xaLU`
z00`-Zwi*P(Oka1!&QI8B=)8q#tmLK}JD<lA^SK(!Ed1SYRig8#GoWpLkI%G!CUhG+
z4e*jZCn-7WY3TY(hOW;xcD>fv_4`L(sq3qD7`ncI_41{ZuCHc^Z}6_~!C$6wb6!Xa
zpx~@g!WlgsaLjyijESPKTblJtcE69)tEKZ71QzYw7wiQ=T#J5znwxR$ApM@yzQN3p
zJ{mxamF1+I>pUQq4&rj420afGhx0_iWJoOFi56qxSe|G#CXP25Fq58mGf%8CBnC$!
zH8|r!bLuOnfl)Wb+T*Z{(XJ^vFd2kfuM?v0rYO6#q2!)IbmGNUlTV~1TPQhOh^m)b
zP43rdOumYee<DObW9LY(ni-c>jY(&De@V&v6U#e#obujD$@?eE`;6tSPsv-y^4?;3
zpQhwhu)JTfyxl2zyPDD6e8t7*vzqjo?eZ?nY+5tIH&L#sQ7?D=9VmCQ@iOINiE^8;
z+;^8Nw<l5V6)d;qa^*HB%K5O|n#+}YCs9tpa(`}2($zrIZXEzSXXsHoCv0OqAnhju
zk<RUoubtra=m2~jAPCLqN~C?yKYS(P`h(6oalQ3OQVe_d4Opi+g;4*;!;B<hcZ~Vk
z?+xXphbOcszvy8W4+7=02^Zha)Bc+i`e~nSc2G1G3GK0ip9{=AR6fcbU3jemWQkO{
zdFlG6NoA7=>7O?9|AG2wGm`pfPi{tiH2uB?gO+Tvd7USGw~bv|Fj!bnBV$zIBst~#
zPAaXryt@5*#FcB_9xBA%(+5K0eGL8^9UEs0m5*f1<iJ6bRR4_>F0e>}$_DM!CbACD
zQdQ^>{-Xfn{+Y=ZAArQ)QKB!II5!oEJoCK{B6jFZbnf@fu}u621CN)1WomwCUZ%Uo
z${;G!4!#9t+G@?qbktZwxmp<(h#w{Eg4eDp610_Msxay$e13*KufXSd?0G3ZKMc>&
z4a5pnYJ*D7#bXxTn?A`?_%($2BUD(UV&#bgA->gcAk=L&90-TE8V-a#`~?X&?KA#D
zwXWaFl*Iaz(4yQ?6TKnvG&S+`bmD1c;_0{W6t(bf&z}k1?iVFS4_;@%E5#qcWGg=1
z##1KJZ(>x@?P=_b8&lJ@zSK#)1Ik<n<35LF)1Yj$(Zpu}^J+h2x?i>^-Jh~#TlA?k
zA!X{eB#IRqi%r4cUicclE18_94N%Cvn>I8&63&6N)CphwA=5_tm=06z396YB4V;q&
z^uj)%Me!y+z!O%x2|wUAggPsn_<$C!N8$s4<P-dZRf3V1{+Lc-trpo09=!k)@f6nf
zt{p1qOoX<Lzu>8>Mb@(3k|u<+fhov|rQ_fgBS7ColswxHMt{1MtB{y@;j@Og*IDmB
z8NJ$+m=l7ohu4x8TnSymlw;XxEaf4Vl4#!z$x%dvQ5=5sGyH?6STurv&>>tD1O1U6
zVe}tDq7}Sj)6DR3EQ5zYO<b?7FLUsvEybC98dr0vkX+>0&teaz?59{hf?MVN3>-J`
z-w)`wJa&C76MuTfGVrGxuccT!Ix`+;N`{L*;IO34{Q$KT6Af7sQ2B5#wi-B6?QZ@;
zN=CE0^LsI^LS{g=?dMFr>2mQ`X{u4hJ5&THbCyL3EwC!iMlq<iVIJJWETl8V#2|4E
zJ0X?u4Z%Tp@isQWYhpY*#v{JR;MB?dcK~ngUfV}Mgn$}mb#+j3;SfDBBOYh<k^?+w
z*xCkZWsi;S*HO2$AWbZNjtFSrp9ArEVjzxOZY6xwN#KSROn+f#<^6(~Yi=uMv3pZw
z8!hB4xdQ2STINx=;?<TnO$mF<BsLwM)eo8bIxW37JBTfudZccN!5Mh0?4{c`I=`r2
z{UEWxB$oDKSIRsrS7@@8#X{7I#!-|e)N1=&BGJLE6WGDTw9wIN92&U6bptY!|4A&t
zBE6Q`R;{hlowm%x4CA=lUS{0iRHTlZ$6)s{WfdCsxT%9tMrT3QvqUqFUD~!+SyWew
zpuwXXOPUloZx)|<29lO7v|PF^e~QCbKxx6pAuTl3a&i4_Lx)Up)QM|+mU!Ttqup-b
zwJiC@VJXQ#)*EV3!lQcjEE0S_g@@dnA_434^-rm<5I(GRwA&%RSO$gCq0k#9e_MF0
z=~G0eQ3E@T2AuR7qw`D4d@hXoqE;enHWdK>hW{8!`o-a58(uK@uL9P#t$VpSC)SaC
zUy|LqrEat!JNJvF?a*Hl`jPVj!K1MWnw`yd;uoE|6Xlcb4LzaJBI7=UIlFUkceV`u
zXs$Cdua`*$FdronE`^j)A$xLrmfe+SvoO-A?J<j#VVKcNMkmVz%3i>4@nQD4cL&^9
zq~%x1&~rNb;LYoq-VS3b7j;6EN>RPg|GHx^Nl1ywLpcfG2r7$xqf1lq{S998+sT@5
zvQ19N0N1sna*R&Zp1X@(2&3V?_U+5;$f)L=maKk<&>Z4&rSJ_8_eZF{#guYebW|+8
zm8WDUQl{~g+(gP<CP8RsAMCeaWaK<pKA8M{H^8cdy`5qI0-5cF4VROH;6V3!wB!D>
z4^s%RXs3GWq_ts3`|mPtaxoZS>MCy@nDH-cJjLgyU&I|<p^f?roH66sHw);S?BqAS
zAaMpI4o)TxO0B5#B}VblwmkVd)MjdNgK%fuQ0BAOhceX5h}*y@6SeSQvV{^zJiZ?j
z=Oz>9K;qYwxFngl7!o(`Cx-616ow9iOt>q@5ku-#2aT;L9Ap!s2V3-P0O#-Wv|-rw
z9xX05dL#;T#sVE$6zGsBQ1==XXlilA(mqjOCl<Jbtk*J%x|$MkqwCIox)PDR$*4s1
zzD-xkR1YvEqRQ=O=rD9^Xl*q71smzl-O!tt`;hiA6wW|u<9EDp7bqN?X*{NLV}140
zSlj)UZWZu3f67gq(0STgo@UYh`4+Qr7#A2R#Ja`0CW^esGj0fs)QJg;wv;E@AhFf+
znl4r0s8&L=vZauVlv0c761^VfsN_~g2`{$Dm77Qcqb_82Tvm*)9-GAcZ{Xd)$fTkn
zI+P4|IFt>iaq)CKq#!RnC2!U)ub>r9N9V(vZRi)JSPVW#7K4w$|J$qz6T-$ZK!kTR
z5gstj=@oeLUC{0-jK__5fTC#N#7`4T+tbMh++Qd^dDX=l?caa0pl!bk?+WHwnJ(kf
z6#`O{zN?lleh?t|YBQrN`vdeWU6d|}%khfQ11AA+(3=bC1P%U<pNA55?rpp=AVV%f
zvkHrBpN;64iL=8Qw=S3@FdaM`gpU~q%+lI;@%$`6rQdD65dVIw1;!#qILyQSa`g2z
zKSr6UnDe9*8kpm|D|!b7CH3cG&jzrbl_EWBm^r|0CcFU&VKm#5(9R!v$uxi0jy2Ao
zdQhK2u{51Ws(Mfkjk78PX1mbR!~M{?@76rFSAw<SSIhNU)x^YYQy+r$ljL{?r}=(p
zMVobJD^2(?;O)R1G59Kx&?GN_G<RU}Y+*^39BPwPNB#+lkckX>Owfl^dTxPTo0M$0
zx886Q#TkI6+hfx;cf^6S)A}Y0X0#~yT~8>u>5dkCr0$jWqch|&!7YB^Pk^HKl{Zmg
zn-&$mixtkjBNZ-jV~C}j@Dr%1Q=+D)@9xKRk%tF*vK3L?tw6LG+{lz-?*E4HYr4sZ
zU*oiK7YWU`)+=9*7qsX!ATgZ`x#xWIug{@vml$@OrM>$qV8;!t%@cd@tAgZLBO&n{
zO1wLnI2{r<?V;X1n}YqH5t?74zuu@fqhK??W^&2rsK&>WH9nU5Re6*C)z$dbdo7Uv
zs~7bGXa9iaZ!PZNhbC(H5)0(CtbvbT)ZV2UF45_LcroR47{2i7B1H0y@PoL<_TjZ0
z$&W!s>HRGX$qzmRNPbXkAjiPdw5GqJ_XYkcX(#{65b|@20DT*UCU^$y;+YRa=4JfD
z=b{}JXRfBrmPSrnAO^1?Z7L~O8X#q(2baQ!4*vabfBTy|@I!+eubNp{sL|f=e4u+e
zY<zaSU__0lw2y9!$35umts0#p%-F<z`D7!&TF?}#hpg^1=raN{C8&`|w9O-19zc_&
z^uVFE;V!=nRJS!%g@;Y%+(0gZ`s(qCO=C`M8q%xm@QZ6<%eZc1fNwEK>-<;A@y+h|
z=l);E1_OvZu=`)Z?~*TY?b>MdufQ}{@}}|1d(^E)a|j&fm$$~_frU9e1aT#qD8qNi
z26Vg@4{!8L(S!MCbd*W)a&b+WY}$+p-q~W{!!#s}2Vf}3Llkl7APHGcV)UvyE%Rk=
z7q5P*s3%=Z8!h59M1}&>U_Zh9k6?}zXv!9!L74!JKytqYl*yjk)^RS1YToLJz>#WF
z6hdcrRx!(E6SH73v2^egfhiGXV_qKQ<wG81xy0a~c$N#ZCPUUV$eI;sDrRb$m{p8f
zvmtANm_;TQ%bJi4@I4Iaq=f^&VbYb)T1v!!*8j)em&Zj_wU6InQB-h7(;Tf7iwtuE
zwE~xf1ih1kqFG_(u7q!<q(fn8qJTLKlYZZ<Y`5LstZdQLEWribD$G*U+{*IOxKJ+O
z#{AB++&lNq3~2A$_x=9!>+?zGp65B|JZFE-bDm}XQp5t5-jM=WOBic8VXY#p&4>le
zxuY#$6*E>jVO0<o-W<Uzs0rG9c9Yc+m+VxM^AFYB>26^f<n9wo{?lCcTf{CH84p1}
zZHZMmCv1sIPHU95-0AMqRW^MqJOA{}zf^Zh7bzKR%4<bg4IS<M{B5V0S2j(V-&ppR
z%HH)h@8+BnX->svQsnC0c2k+S_%@t2J>F};kGwr)eq=B4!+yIdWxl<a34eyb&k+0>
z3O_^fXBhkp!=K^sGaP?5fS(QUXG8cYW>)0ww)_&16Gx;amgKz1?|3=gILOaTh=NcH
zY7MU5K^8%4^UBc5>AFW9XKZOotX1+9i#3tHv)(nak=Dd7FN!s>$}hML_}XztwHxNQ
zI*eGAONXII_?<HYB*g_9^UgBmhg^#PwLQ1D<nghX*S$lV){5NTlAnLUbZ{)$@gf)z
zf<a7vO*3;*7&>6t1%{*GQ)@6j!wrgn5Z5xf)s{Q%H{REFh|4mBLF=<2#bpaiaormx
zyY8t;aorJ?nz&<@B{gyVtZQUf6Hg|s-_*pCS-oXfsHcM(KRpzZ#45Z>b`GfV3<&Vg
z-UI@MdAe%xA(}vugg>|jV%hlN_ZHM{uzA0=BWqO^5O1J~AQL=gn~nj0Y;)Z$kvF=H
z5s7z(%{-aro>gPO&#jU3i)(rh37dJ!mRL5usm<9>c3M0uGg*Jy3){>)7(GPoNsIZJ
zHK;mM3y&&=6}8Aq*T6e0;3%Q8I~{|(?5LEzn?)BUpWPT?E<6nN<!?2~&hNDN4{6SA
zgPmdf<ouH+^W4$Mm4#ifft^atlXuyi=S4pn+Beu8c{j|Q!LDmX#%p(`Ik(zG|Hck+
zM>ZeqdSF|`V3&QHB~|o6YVSc|v&sP<jsVZM?0+|LOHLEJD{`k;^V@9B9k#@C=4T!Q
zYZF&`7})!|M|f=|o_=YjZ8q;V+l~u^T|M`uCf*Zf7L(oU9qjD6EzP;dmUv<Ik9dK#
zIcx58w%8!&R|@)H#|~{F%H1p{ZhrDN@z<Yzv8SY>j-xB`!eAIkXN{a#HY-+aNFvRC
z0oLXPi)(gRa_<>ovvvSFlK&m|SBmS-FoVB8_dr3f($8k95xb3TN6lbYiw&t_q|NTJ
zz>zy!T(CRKY>Ar%y>|h<`4=0_>JSj1Oe-(`d)XPbQ_epZ@#J3FHK0b!CzyxeuM1-f
z?E$xa;KL^08#;5G?7r74m;5dkbyzE^J~e)e=LSQ2TclBYTkIU{gs$0P7xVk(LGBif
z?5^QEA->Q~i))x@?=Wm{i!?)f<G(*!5|PthY-F|a4zHYeKBuMZ?$aE4Ni5qw;s9=e
z<BI_i1S9Kp<@)u{9o{r&iET%v=$LKEiI0npX+s?&rodKPevRp|eU%NoXp*k(AL`xI
z?z&Cz8&fPO_kR;^1*HQlCY!4*Xrn3ZZ=pL`fyrlXlV4_~3#uy=&9%Wa_WcI|&+!;I
zmlA18>)X)o?Yeg9U_8{$s+!8CxcWOpciUZq$e!nG;H{PW|3Qjd7J4)5?CjwaF{v+%
zf;a2C<{RXM?=kS{B($Px-@Fy8{j3$p32s^6imUyjr%A9Iq8sz%{PiudCgm}~RM;RM
zp$qSe=5>*{S1YgoQ+2{Ked2h>q^VOzgWH|5q-gNMqp6CxahtM(3l<EzjV9@WZ&c!z
zYWf~2F>$3SG3glKCj&Hv(aRDISomNhQM8t9jk*!5s~q0kkwg>9ZJ&~jkwt%I#lhf6
zFjR|*H69wLw@)(x+EJPmBUL^?*OS8S^&Vv(QlDF&6-U_{M#g<VbM{u{yy%q5Z)^GO
z2FP3dNsU)~>WEclyrv3Qrt&X~GVwJ!w=O**jx!$@Zc*$EIPyqu^al_Ab@R`MK6aP0
zTnyg&a7{DQdq`aGn|?7)^4uc3+S;78<ln3FSMieB5(;huU>-STi_O`<(^4isW>L!8
zcjE=?k1iD&3SN_4^BUth-UYru?XKAt2;tL76zyrAX?zdAp!d%*35q;wbB&6CM|aWg
zgV^ttLq$6N(iQI)FU9WsCJp=(Zi9<O5;zfdH6+=y>t;~JX?o#yVvpgqzadJzAuOA6
z&oU4qPL8p-dH~uNw|B!&tIc&AeDCJ(Xt0ligwor)p^P^VC)nheSXUe*&*tR$oE%5V
zSt1#{w}Ogm65f~2-;NV90(FmM)E@vx#l@ihaNeeW3gO8(E6@ZE1K$QX*l|iav9gxB
zfKx4o)aNAqla887eq;=e(Z$UEU`yRPHwy?B)E&)qf(3O)b1%Vyx})h$u%PZ}+7aw>
z?r65~l4_{Dw*cIv1YDNC))3|a!p8v!pJ@ma0paZcgryon$^uqWHzK^MA>056&jcX+
zQ$q*=gnZw+k5d-D#IjRm-b?C|pZSvd06Og@b@6Atq{>rAy+o`1?87KFg?LHGN1aqs
z1Oz;Xp9JvkhkL8<bsTS%f-!Gr5vi-6t2-6=VQ+fbuz+T^@_KKc$fAr5)#@B(uYA54
zoG{QExSh5QxD>Qk!x6%g7Q-r+1$i&%fr&Tz5@QTI>c6P(O5I{dea!%QlOW3g^1QYk
z_I*+9sva*=S8bcDlQ6gC#FZkE&hI+<M^-y%Z7=R18+6b|y?h<?=Gi(ssMUaftAlPT
z4bnl)ORuDZ-YKf9gIq<14!U-++Cj}1Q(ye+AzcSudVvz3dx-Bx>9E7P5|osZj#9=3
zxKaIn$60S(@*cZ$6GqiN<=dL0UEOg<29GC05^0|mvkmv%e*A4!_uavXzW%-AjM~4U
zyopBpdU%Cis;>5DkAObEHK5NE{cf0|hnH`J9=^rb!#zdf%b3{Lm)J)n&cj5TFHtu1
zcpmk5YnNE)k9href=9gSPEhl-Ko}Q*Fiu0*4G4F6wXMRcOnhG54DNqk9l)W_(^yqb
z!U4=w<I&)L(DQlSeo!{)a{GaK9nbeyZc{e|^A}>myKnOi$S0@jobVm`|63FO)(t@>
zeESVoGT}dW)-~Z@avCOlr{~oEYX2Pd*Xk_YgpcIJx3h?Uy8L{Gt-*DVVqi0rGjB12
zA-WBx_V8PIYMZ~HsonopUr#>xXFXGUZ}Q(awSO!LGPR3Kf=ulXO0HyT-#-5`Q~SF4
zmzmlZpYosDPd}?p?Yw8zp?dUL8kMFG($v=LOVRuu{;Y0(AI;R}_Z9Msx<OR^J04Zy
z-t3`{8M28Bdoo)nE_FDlvpFHwypjfWN>3x77$>_R5WB)fo>ca~(Zk3ZPOhS%x2y>d
zWDO7Y3&I-S>(3hI+~?00=8O%PFb@Sxn4CbSZ{<1|^jzPdKPD32SclwKo}T;i%oc$8
z1ekAN%L<5Pn@ljb0p=uFI>G*FfISny&b9QaPa745VvaNjm_!XUgf9T0I)K-zu2m79
z2LvSmLD3L$0AWu6!X6D_I3R4*b89~@RJpZ^g(|o9?Lw7X+qh7j#cLMQ+#NQ7=dLln
zInUok3w87NrU}94uQ(UYsGnwcJr)7MM^G5sakISIXH~q}T+kWi_dkNZ8iaJtuQ5Sr
z-~1h5L~gQ!ld9i)>D<YiQ_st$61(}1^Qv+2O&_Ciu`5+f>ceO~3>s7&&pE@IP}rH2
zCSnFd+?kXn6jL=dLgu(Lj=p48ton0{NOq=)8>I|^s?$K7$_h@=%*~QSjwCC00ox59
z$|;ABw8Y;W{h(O5zq-O=lAZXxAliy$V03JoGu6tG&D6NqYUs7J#M3#ONnf$);&{FX
zIjweQRs{H%ab{Tj;$qA0z7r1&kdz?@PkRIO0WlJ1Ed?)j547-Zu@bH{w%%XBi-V(s
zj9wp1_|}hJAD*Y57F+&PfGBqJ3!bZO?scfJ;2s_$_@}<Gv>%8;aZhZiSidF`m5_;>
z;+R9ClG3DWr-RYeq-hRKK(f(90+Iwj7u^=R!cY1z9-p0)>`t+905>ICPR_Z}m1}rx
zUkQJwi{C%>q2DM(F~R<q1x11NbvDR(qMB)bxQ{BYJJApK5{aA9RHe2w&p_>@hqHY~
zc%<P>u87fNGEuo<Sv*;<Vsf01MpfxHJiaffXcg1v&wc0<o^MJ?rPl<?UZ_9mT&8y{
z4ulW4XoOcQzs*O&L17mJMB5`tK$L(8tM@e|0a5WvGX4Qdm8+JJN_2wKXh{%h(Ia_c
zy-SXp*$m>!yw&<??F2Ehxv@5=?akU+6gOSHrvBIPEZz~DD({E^sT|=YU#IeInzlDK
zE#Y;wX<c7OeRR)Fs7YL{G%f0ZT7{3+)_D2dm-C!<`5cBSE_H7^Abuqk9Cw&K|Iiq$
ztqe_2%3rHtHQuXxk^b%A(YOb~TzbnzRW<Qd1$m0Jvgf+gU9}>Sa$81gj9Rp^ffFx`
zs@q@wQhezg9+L%|rWmD$`MC*_`I-C0cstM7S)&YG*l*?)l^(y3C9!Glsa9AGt;E8&
zqyKw;&v0eMts@%}SOHfn+h+BU#FPgKCMbCqu0+ivuwipw`?6f}OBh(a*<6n6B3P{v
z#7f|}oj98Zp6$Uh87Hv~+WG>=;PegaL7Uo|4eaokmdfB+aJFm`%ML6_Cr!!DK^knJ
zjbz#{i+w>RN9!k*4Ij3V*r({w2vUi4mMR|}vtmu;-^osKa1)pyJ5g0dwOdpRS1VbJ
zMzh6ey1~MAcuWgr)l8%cEJkyHuBkbWY@}-o8eI}mC@Fi=pC~I3Wo4o=OcXyhnqpp2
zNXW@#?l*>r$TRWkpKtOx+E;zsbI=1I>MG@inJ`Y*IC92L=KWNV1iBEpq6WLUFjZ#|
zy4gfq)fl_8vhaA$&0G*XcmDK*7C^yRl)3PD81+v%ky53SR%7zH)mMGjYsR0$W11`T
zq0H4&ADuXD+N23+@rmVa4e?Qwz;4MikRr#;oF6E<^9fa`?kgdkN*EtX6eW@Q=@`}F
zd{&6hTfXXu9{JDJQ6^$SvmoY+JNzlLO;X<fq@$GlRUE2viFs}0U+&18**RNs+;m52
ziuik{E2Z-o%~b~Qdw05Kc9!Wdp0h9>5fT_7r`MhCo}K0VQp+9Yl_{O$P+v9bt*6IH
z-WDZLUYr-uBUJPlan3Ewd8TqTv5}2dz-E}L^SUwnV~;EVRi6W3kRGtfGZ^$g5ir!?
zrvn7}o^<0jIuYM@epAMXo&{wjKc+B;!N~y53II1|@bv(`R7(MVbnm5_ew^r`T2Arx
zS%gtdSfn)9EaKFZYfU;iE~a$glmsm$j#HAflwOeH-M|NyB#)O9<iu^}qMN}}3D{Qq
z&YdtkcdnHxdw>;ZDkrDXd6X*7qt}h;X!V)eR;p}gFz?j7s=poF>a!iGQ6+tb_knK=
z_kk@m$T0*fH^8<NEP`M=4Y2PBcI?wS%rph8oM8J5u-ydvoM49xu%8IFm|(veVDKg#
zq-pa4RE1mC(zIwYLrjZ^fSX1HgOBA3@Pz;^U`PS*Hvm2n06uX^eN9>h2nPcY4r&N4
zKqwDDC})HS<sX1h5`a*mA=m)n(@Q}|`r>(1K!bx<ueKrX++dXix@I5b3r1pJB`6kh
zGVE>2B1&GMCeMt?Rr2yx|KpG56SL6tUT_ay7QYXU=G@9%gw3CDpu>?-`GK13c}QPH
z^7CYghh+5R56Gb0#2=_&-sXAYT5=VO`1P5IG~rIq1$!tg6>Pc^LNpc{43>7yRquV<
z=k_4QP)}<gWu6ZFn+PN>>P^4|C@})h&Q;ka=Ulbfv**I4@U(eRalyWvs|$*AnlH5F
zmo5ZO&G8)Ahy9jw61t`OZc=U;-Q}#;?|y0EhZ0bI#f!oZ**(O9fn;zCnuknl?|JHd
zMr<un@!f&L5(kSrs+4|;ixVP7+ni@T*URp&={~cF3UQu-!~3B)Ks|tAyrCkvSfm^8
zHj5qFZ6O!gmI=PcU(k2e$fE0w$}w1yU9;ox#0Hbs{@$*tdw?wFw?M7gZI5X}J_3|S
z7OD}l*v_Mr?h?pb=xz~sIFr8fD{O8*JVsUn$9Sfz$Lr{aCpxmGPMFStW2TOVYtCpx
z;FxCN6yI?S#<@YJQm|ii;rae`xbVD99z2{0pus0@XxZAWhiv-8J#lo+iKfq2_%oK6
z2-wz5;3Xo#MD0kR^dzGHmQkVFt>>gt^#tB}vemZba@(4$YeH=^Yi%1pcJgFsAHB!7
zgLZ0-x{LXmTy76v;6k`PdE6ddQ}T%Ra;AMDea_*}#YFNFwJA%vDN8ARIXC6m5M5Jl
zq^2BFo1&Q18z?s=Wt!TQ2PZm4Pn-Bi4mTxd;&k85`E_Q96mCi^HRZO~s3}!}O{pT<
zS1|1o`lt-g<j)9>_!7cRv4&7ntdt&2MoqVDHtCvj-{aVnbT!IP21ogcQne&zJYsCh
z^la9Wm^x*;Z=rZXs41A;7oThLtJIV+ApuPpL$trdv}e=jApXoHlJnH2%;%=er}Tx~
zluMGXDGO#`Q;OB5Z04p!s!jPQTT}RO<c#x8uxMOIYEy3GrflY>Sg9#*yh2SW4{S;~
z(LS4LKSZB#{HYMhRUsT=tcIIXL+NbabxU_i7h-H<E;a>xoq&YkKsb4<g>8r&hWrsq
zobedt#dk?e0OTsi7VtR&9|!pZrkC<Pf55U)Ht`4A5wGG841@8(f|>yFzPYfs-Zo52
zP1f6oX{iJC45F5rre_JY)Vny<s2DIpq~^_xNoRRR#+Ax55<)L0&xk)CG!#ySA-M@A
z-yl^!e<5h{od)(%)4{0?p8P3smA@~oTY=%*rFAPXe7dx51%~IB)~&$s_|m!+7)C9<
zA_ayfnzsLMQ`pqYh#+YQn*iaD0E9D|ox<CI@LK@F?;1irAndD?QOr`tO$o{<{-7Zw
z1HvYbr*kAmi>HI@;)f#Lx+p8st&259x^?kkk#1cqDblTrXNyQQbv=j2nLeWj${_c7
zYB)TO^Pn<nhANe^D#OHY&rJ}YF&eX+RFXK$Qhk<AT9#;~T|ky7&XS|gQj_b8q67Rn
z%l~s#hOHu3m05k8OEGcKp|2Vf$6UBcBGW8Ti1*jG<@h*nyEr~hCFX_TK%N(vsN7s4
z>d@~xqQ)apmD#96TI%}+83uBOkM$Y4QwE!sfqwzz>58L+7X$Dt8`N73Dulyu@iDb+
zfAX(%MP}SQfoqhv;js#qQciSW$nv&=hUDo0c&_*@<Uw4un;&nryZe6p_&6yw{y50{
zF&1NhkS+5cnvhL)?w1oQ=qR^4FOW|uQKHS|h>Bpt;t8ZS7@^e8)}(9Vl3hv?Hj(XZ
zRM}Eh235Y$AX+;$2`s0}bfPs3CEgFJ4HcY&s;Zd;9iI6T$+6-L!nO20R&)bE?f@nT
zei%sMh{eQvsu3@Nq#7M7%B-GIt~Q29GRW1Cs0|^KraFqkz7GEMpj@rEg6K&w5j_bk
zQky^`wIq`-W+l**Mc>&>5AbUe?)|G{SW1)*8$pIRF5d{TNy?npJ3=Hk#Ir#(U=KWj
zwsLe+Goxb-<fqt4RR*4^v=xwyXylXeh?b>C11BWl_H_)>eNuHIlk9C##`L1kp9FoL
zU*SkwOPz=m#HkcS>(TxUAqpZi3ii#45A@LW8B<UtX%xWdF$Iw7^>?;a_%cy|GYcu8
zyN64C-(a*NrT{NINWloEV7?x05>t?;QXnoFTzwu@&vGTizE>|r!j!QFb^uZy(o2yr
zB}Xqa!j#ztHUzBN#p*N{qQ<g!6Z>f*QBuBOOVVwL-<XRM!QJ)3(4Yb(ILedD24cFc
z3_LhU$)y7Yqp;KnXh49rQe_Ms=hwV}N9f}Q_2frQc)WU-AZ(TaHiKZl5G>CCn@O-T
zg5?`vvkCSA!R8rYa|yP9U`_+9kYLjZR%C$9C)m9NTVQ~>2-cfmiwv-Z1ZzjI7Y(rI
z2o_4P*9@?i2zK;!ge^6|-X_>Kf_-3sy+^Q*3HFfz_Aiq^yE5q_90Mnm#7w~lJP;u8
zdXm9y0Q^V*_(KL?m?*$Y0>JAT{1bpz1c3iw@K*pn5&)Ji5%@I#p9%n<;@q<V{96F{
zw~MN<Y!o2u4nWwgA@l`=%>f9TFRH?_YXM=k9|A3-1*<izvl9f?zXFOmbe`zk4d9&t
ze*5}gAn+;x-x^>%`YwZC1n`R&NHAv#6wHBmt7W$O*w!SQL~U>N@2yJWqLs5#1*0^R
zWNL#{nHsQc$LF$44S0n^b4hZRq3q&cR%NZo`I*TRNqO6|01ddNH>axFJ&ULIK>i?s
zWn)Roys4W0tN2y0FQ+wG$b)_>%fCbow!{N0|GI<aUv27;e<62*0v1x;f^dKakyQ9N
z^;rkSQ6QPpuBVS<K6{Kc+4X1~@j~+~-E@`+>|Ox;xY1z>7cBTi+5)9wXU6k(jQEv>
zPAYL*)IXpXjx{`>j~}bM={Gac^>_)h5q#61>!t^EdRLDF$ycmC3^#f-afdg#Uedgn
zh|jg{CGAnYluj&sMK9+=pP7;hqVSfce+=-wqA!_*cjO3U5ZvKAF39+b9!Ia}{qdH4
zP<i|Xx*h|$$~Sp55#p2$c|l&$(*yLB#6WGd@FcD4QaLsFBY6cqlK=5i5GBH&FtM{Q
zv6FGFIJB4Zhr~!!P7HX}naBth<xW7jN7Y#4cK$kBZRft(#wYbJC)0Ym;h^qG9rL^~
z*>@9pZZe3M(bXHxu!6~|MEUW__{N^on96?wY7*TXnxs93Ta|kzlaA4ee)amdf^*2`
z+y!gEE0#bcyp6|^M3Cp<rBT{Ccr0tucrhKbw0Ve}3O*0}$z}5|n3C7R(}ykpC!E%e
zz&XuXW%(%JS2q=k1s{F_C(A7-;g30`%H|$vMK9k!D^I`QPqNLq#F4i{NPubuk!}(i
z_Q;w#icj_A6`tM0V;Zw3TBX0JEKMwJlr{nFS)&~@K-vV3XtRB*>9h%q;ATSOIXpJV
z0h9B+q74lK+i+|owjs4p3~#tJ@lI&Ou;&K&H)7LLT_flk^a}EMs*G9o(@@bK)J0pY
zEX-`Aj>2Oj>)s8<@or!>sdB$)m`n~Q3CqxtCG7^0up7XSI1t^JCRz1z<&81455&>u
z-EHYpCr(Dunar|T_Hv!hvf1im1AL-0=fobqr+9aG^m&<;Yw)gM38A}!RT=v%Z4Bs}
z?em#*aG-L@doxvqlvig4?h@uga5g9Qh54q-iJL}V0xmL@{q{_h`j@8MXcZ@GaQCuj
zf@3EK-(H@g?d6}(*RO*!oHvR_N_#Pim8t3_o7=ti30=ECenM^cJ5Ly;9fetRgFn7k
zcZ1K)@@*Is#BWb?5M4B3=&&rGlwv@ZdTZ~KrE2JO;Jdy>iG{+UT5+DL@`sowSpEQe
z)_c8K2mqv=e^4!}>cJj(4$SXehd-X!5W4@5G2Z{H8qxh9owB-%cv9J8GFTX(o}b{D
z0<Mf%lpc-p09USF6wp+;|300*%^`DPX&8me(a8bK5!$Ozx-2@e2Dk}us{@W~)Jwn2
zAxYFtMO~;mAwZOJVg#;!gMN*ua}v}UIunEdq<JU9n2mi}f9ZA}g)4X37OSS52K2~8
z$F(tPuvG2s$w_Zd>b{`9>F5Lik;-Ty$4{|F5cFrLq-g;r0WCK^9ZUeQZZlCs1MmO|
zB&-x;(@CpadoOa*dy%@Z)rT2f_cT$y%TQ$`>N}pG#^yY3E_@<XCy^lYQ;2b_q&4h@
zB8XK?K>}-MJ`jU}$%?7QLn;M|$)`%AzNf5#*|6HoB8V~MynAi6EGg0g6hI)B-Q9OY
z);J0DAI*6CrneXuJ=SOriWY{^?YqWz|9_Zn--=0xwkd>e--nQFy#E*bBoK#G3B)RW
zo)1It{=Zz4KrB}!5KHuEH!}tEH3~*B1-W{(Czyh49|h??3bIuSWPP6TL_v~9L6S;A
zoE~i>OJS@U1-mE58+?x=T0B!A`6z%1%oIo}1+>UHPivw87Zy@LXQ9qnIiihX3h+2a
z3hrhK7VFWDvJ8Zrv!V<no2!Q;JUFs6>>o|Krw&XxsF#6YN~K;-f+?r;G7wBb7r5+_
z851J(POUJdIj5v+Dc53(nDOAqBS1_dJO6}jGFndj)?CyE^l!ci3o0(T;ezjkvateA
zGHT$=@`I4T1axptU#LUGGMSts?O1@f`vxKU+kFV?n)O{luto-0IKf^dSfl|KL9kf_
zGaFz{2sV~r%?+@o1WP4YO9QMK!8#JmYJjyMSQNpoF~C|8?2l&<*46-PL$DtS*4_ZS
zj$o?^*1-U~o?x#MtdjwD6T#*XEY1MyOt6UryTt&DCzy?32?khCf^{KSZv*T$f;A)9
z?FLvcf}L?AEZG3-ORzlzOEJJeGtf^@2?Pbs6UzAEpr;fdRJfVJDFD7M06c=hHv-rm
z0G`6&1^^x#0DhIhNAC*i4eL_|ZwBx?0pP<7ejmU;1c0j;{4{`n2>}1X;D-RbD*(Lf
zf_DD{gt7pHG7X_4Agl^NSam@a8btuY`vC|`HH4$XSYl&DKpBqnH)S(`ivqw!41OQL
zvje~_&vE+!9C6McoXg;c0Q^t@cpro90RA=reEWF<cL8ubDS^cXQ39J8lcl^rQhi8z
zeI(tDZ;NNOu1bsuhrgaue|d(|pCpz$!6B>UWD^?==be(pALs%4{%qo@vy`Fy%c9&i
z5`<91&UPB9UaZ@XB>&vRi=@P4s8XtHH7Qk+a`6GUSsztSKR|k28RQA=*9X)#>;pjJ
z8Pd_ZzMwd#t)G1l$*VR_1$os8l2;9kBYD-w4eQs}`fu>lO@{nsetPMIf0v(rZSY^<
zr<=_V<fkuv^>^~q=D}CWPyhI2Fn)UKSAQ=*Jv;5M^3#_tbp3ny>1T}m^vvUepI)AC
z;HMjn{CD_i*SP;{e!9`P|7(8wsj>gp{B-!(|IbhVFY(iJ3hL&kCl=JrPumLW=BK+9
z)Xh&fE2x{FK9gTJKfNcvZhrc!{JQz+H}dP|rwjAz=BFp+*Ue9-<=4$m$LH70Pq)mk
zo1Z>6w{CuV|J=Iy>5{p1^V9Flt(%{A&izaL^i{Tc`RUVgz5Mi#a=rZYO1WNs`USaO
zemYmKm!BRX*UL}$lI!KCuaPgqPoE!n8Gd@tz{~K{s|H?%pMGIrz5I0Uz<T-V5d-Vx
zr+W>om!H07V7>hG#R2v5)B6Wpo}V5uOyxy~3?qK}=#77spT2RTj-R$p)bZ0zCaV0j
zX`;$cA06uBr}qt2`RN@)uYjLkHkA13w}%?|>F0*3ZEy{}B7WL2LB~&5$ME~_#WVi=
zH26OwH+-WkqQGm|1K;iBp3V|~R@u5q?C;?EtzaK`eq)bj`uslsX&tu62LEXXCi(kM
zJ2tg`|7kNvT*iNzk>0j`^nMK-htjGJl2iQYowwOY@9hEf_PGqb+cW+Wy{(P(#wkDT
z4o0dmzmMME%8c~BmgP@x(Ukh>z4kw(cl*J=Lhk@SdTSr_r}w9a>!)|}y?=?`AoI7)
z&sRQw-z_!LJ1T(Q&X=Kg?LB|P{C)8770%xVe)N8w=}+&>$@SA4`Pb+Tm=BYy{>psF
z++?J;Z2-O7AF7|;2k!n4={@pS=q=r7r1!~*{`6jZ8G4ruub*C{Jj0~=L>*uSedtAk
znVz2#6DbI`njnM%IoFU#%rRL&HG6!Udx#Z;7;&lb$Bp*1xpA`TAT&QefiB^WCQ65?
zZ6r@4kasBCra<8C4G<GTcE#$h+f5bA?I`+C6@Jp37tv}O3}e!q)ns~|!X8Ld#9_Sf
zSXb7DbYjp9d|3yZdAjv;{ET#RogqGRRfS{KhF>RmiBkUA7eg}%0vt24N%j(jdc37p
zJL)G<+{W|>y6!s<DAI>kj8%lHJZkN+eB-zCjbGAv!2nAq$){wj8ts$5&Lh5CpDb?t
ztq+PD|JT#$#t&F&&e}BRQFK&fci$M9X1M&T7hj8ZqxG5#2eK+_jdtyPW*A@oB^_E4
zUpo(}1W>$3ar4~Bl+)#3p9f}69ytr)%fEW@U7|-jY~stmMnU8-@&J>o;XveH^GXb9
zf{jndip95AcL^1E$0fskSEN*PO01S*GTwJZN)t|r)>2xUG-cTY?bf=1RAq0!B<`vO
zA^N+jrf)C<wG#&Ly|Y0W-a7|~OYC0Kh;8&J-ai_f^!JYjCcK**&p}v}0oI6MI|ybm
zz#<8@f?!t}U}l27NU*C7u;v7tMX=TeSWAM9C0JVntPR0Z33h`4){bBu2^MRB#Skot
zV4Vywh<sw?qA^Yf+<$rtF4`Gj%JKn&a{>HX0C+cpM*w(h0QeAtdjWW70C*>ZuK{pr
z0J!v$cK_)m5WWaN_(DV20|-k45SD5t-KzlM#Q+4*xdjSd1n`6a<<cJ*{5XKiF5<Ca
z#g!2$_Ga{f41KTnlcf4yIhso9X0uzP4qE(i2=fSkZesm5Si8!O47xAKN?C?_bNEo?
zOj=<gEtMsy>eb=-R8`-zC{?HJCM)g?(spavnmGJfRcE{b{JoA}_}Y(O7^OSUqJb#;
z1Uk<wgDm1qGdJ@;&wfh#3+I{A817WNZO*e05x_M7<Nt_i`|Sl4s3`nnPT9QbD%f<v
zKuvs=gVJ3D@7Ke{mLPs5$<9R-g&r)Q@$Ya@=Cq@i>u3y22e-dQxYvazCk`gvEx;@z
zV|0$Lw`Y%xAoloS50NyhPDBN(Q}jXXj#`7LWI)Q!K}@ir(xZbKRGw?$*zjm(!QU4C
zPU3H?_y&oo_yjexP}<~yg82n8G4T0CK@9kE&lKPr89ao*H*s0%ToweNH(LsjHgiWZ
z%QWA+#oVzdCMlF#5{ly?hOh|znLrxYu<}8d5y~wFnJahBcNMbF(prE(KpRD%Vg^N%
zfV?vc$k7%CP(i>OPN<{y+5%MNWY;3L$QI*>O<RP3`HL_hy?}!0rU1T({jewoobqRi
z?^hXlAR)g_$gzZ+$H2}6Ea1FdIBy|?yAk*)?88MQix%Md+=tLg=)-LOj^OVx@GUxY
z33upnU5CotL*T7|J9L%Wp&(Ldj9t-k@opKbTFxL?_SB&*=QD`;k?j(rfWR7#GP}Er
zt=y(}+@;z*5$hrvLT@~aVyd{E01)l0p*}h+VIQ62P64kR&?%P~`6wZK33)RiA7bEk
z0v_SK-*Dbv8T=iAk8+2WGaU+dAcm0<9azraOZmH)I~3XnO|^viI#l82*GO82S}~?j
znP530sLRIhl5yduLt+MZ@x7b~y5p058n6&ClLC49*h~}fgt@S!)5D-46gG3dSmEN+
zRTMJ^I-w|L1OUG%iYdfa7sZTZ<fjOEG$7k!vcPQ+LhLb<MRE$}vd26OSyCA=RR9Kt
z5i^<%70Upy2<mas@`nr`(P7j%W4Lp&b)BO|^<3=hoLrhCZ^z^@J~-{5?JsJ`kFw@x
z2|yLv3Xi&-L5FB<9@D>b0cw@HjK%uZxn;tAk9>fUHzbT1&EHG;yMn)$^Y<bChCnp@
zzU3rac-YvWYO%3x455ARxQX^X_2KIzfy=n8DlQ95XJJa!@ER=-p<X-08(dY0uh$|t
z&Fb6qYC@<R`u`xK^*S^K{W^gv>7UIB|B&d>rnHqM{y@8)!kt_NgG8VP45|sklEcE)
z?KGU%uUNR2aGJ>Cj|tp0!Z1UG-ev_c9m5GdN&LN<O5C`UN|YIt?gJGwD1!=|pjMWp
zt1O#fxmcN~!5L0nlow7DWl1<Ty+{;gcSk+Dla!Dn*1&$0ys9a8g1ZG_!yzcJ_Y$_F
z4(!p4J%+G15cb^~b~D6o&e-vcT};@^3A<MvWrs3$bVJ0xp0K;rQTC5l@p2&S)`Y$G
zdsWr?YD3viwIu9AgdIZIuWHzB3}ugC?4$_9KKVUj&#j~EPK>>Tuqy~#`JQGRFfo1^
z_Fm0h-Uu^%Lm7V6XK0HVT5^W>Il~yru!A!E%=E;rX@%Hk#=hUmy-wKM2>Yixu)8pJ
zbYsNcMA!#3>~@HKHDh~Qaj!S#`DoJC$NKMS%4YK>1dq!W0)4@tJlbH2R2~AX`PA90
z_kqIh>P(v5E97lV8$&jK&*$%4{$9x6dHlV&F>XThX%kw~n0A>W+GXBuOq-CKH=%bJ
zynw*(aajx14X-h6LW_A5S`Oc|yo<Rb${VZuPyxAbDI>8z??V-hp*e0lsGlrDMlyMI
zOWbx3V$`rd)0~Pj4wuQYm_v=V@HZIM&ePgxAHQjdJ&|Ld%dT06?5>IMB%E`P;Ma4e
zdk%vAXC|oRn_WX|+|#_yM`{YcpPk}qx`uB%L*ct8Xg`oklMCV=0l}f?cEL-G>>_}t
z8OPf)%kE@RLru;*5d93Q@<6?!I&;AkQKYguIbPhSK+PYX*iodl43!b=i6<Qsunl_o
zlvZ97D(_^D$8#&Z|7MaQfl9Tfv4P_6ZO)5KX+>u=2Joy?D<siId~!SrJK%5t5-={H
zAYm-%2H{l2__lS`zh&Z;)}NuTACDre|C1!DKZ5JG{I&XRS6qKZCtdv!TK(}{KSo~>
z^@GlWRzDnlmudfmD{jBOexGRRlYUgc!u41A>URjHM~%l;XZx?X{)(G*^($Ka@m#;m
zQ!w46Yd<oj^|ycg6}MkszpTx_Pj09Bvv~Zo_2VCL`SHKv`YSr>>d*3xzo?(Q@V25`
zvcD~1OW9c=&)EpKbfcg1Z^zYV!!vs`989olDWgQqp4BYWfIV5+ewBnqOmKiG>-YoC
z9_3U1fMZK}hd<!ZQx@|F9GQxXKj5@gp5zZWsFg?f1I~D5f?5xJ+^g0jwoK(twI2BB
ztJVV_acVt+6;f_c>w%A})q2GFqcl?Mfsc#LxgPj9$scf&QGVtRxF;$<@(1?HX8wRR
zu6!vzz;a17UR;YyPkEbh(AnM#_<`~qPDb;mJpMrEFVp!0#1Bd)6k2dR=XyJjM5gck
zcjFQ`no|S@IQl+G0;Dtj@N`j*Hy{JZ;PM(c(bB+L${r)zoR>gnC@$~GILXmMcHLo-
zU3su%^H%|Jp*fAk9jgTt;V}y+g?3(4>=cROFibW#O9ee4vK=ejVlLPZ#~ErS<rgQQ
zr|m)RFq>R*DBNzU@>$xwLf6T%Vmj}}Sm6jPmdLwnbml_z4kBiC3&}A&Iq%5~DJPB8
zr(BZRYE6TOo<}3(va*OzKf>V4_9kb&c2kYKdQz7JPsHyBUzMv5%kk?$l`jd_PG{(t
z!eVp5Ah?~jBNFp+vm{3w6nE$4Mo11bxh!#sZA%%{n_Z^ZUAamc9C{?cF0=Q}t$M7X
zE2*Zi_{k{DAkK2-ryi<@6_>1(hD9`HmlCpAh3Ck6FESjxOSO>91zVXFf(DZqD*WcH
z#4Vxk3?lA9X%+PAYQ!+7ln6#G>x}_$8!mkYEibo{>qSs`MfsN?umhF$%NCY@u^2vr
zLYo(9j1@3cx-jGL6q61*wCEGXO$?aw)Q+x_*243xdjxDP=E7BcWlGTQrQrvA`|3_M
zTN(g!M1D-b`Lt%=zKH7B@LgAaOn|n)u*Z^KDLMp5P3)mEMVg&Ccv8$oBkeq5v*t6q
z1p*0a9k5@jv*TND=pmIRS$pGq)~z7N;K!^4T=+<@VC|K*+_rS}=?LgZ2N`hg`~shM
zY>5O7R*k?6xI6VgN4;ve3)NG!N*^$oK;ZlW)v*mowcrs4$#o0|7IPu<kf;NxKIX85
zPOLK74Wfi*NeOaUl8pSODsE{;axJKAsjqYsct&xaP@ejx)(f%ahulHdq&~N}$srQ!
zne<?o?=h!Wh&pG~l)m&HH^$!kb6mdW!ja(H1f0f*0Ulscr!q7C?lRw0#@oC2`!(td
zuA+-MEHZb?E{ImCB%kOii6tH*Inr#-gUPNZqv4V7p=DhqJH!W82V^bxKhBbwF&SUu
zOAvC~YKe#8nOv~j>B{lrU9|;97~wB$N%t)<$Y7&Rnzje4Pmml5(3n{0(_$3|CjL-?
zz=TIVG51a>&Glqbnrn)jCXVoSm9Iz`Y}y^Q=$T=9khx$k4<Z)kr0HXWs8O&I?J(C;
zNbM&=U4Y81qAE3B5kwq5=}1yrK?H=KpL3_yipvyMS<zMUeBqb>dg~x#FF+Se6`1H?
z+_2#lnn8oq=*k!cNlC4x%FjsYv*<qHAnx{Y5W_{{W0*MBmpDcwj>E)<eTkFHl28h0
zcjhX0l!hhn-dK3#yr?x$i*2y>%(El9hg8`w;F-s!AuI=kUI7Tb_$BIp0NjNh54Vq~
z--@|C>&{)J+z+{$llPFt0q;ScY1%(o+CSsrpHcA72>53R{BtKi9;GY)65O;W9@4Id
z7o87wol!k0z;G!q->%w3&*`M<ggwP+vC6~1isOi(=a5mznV(di|FRaJiB8n^f(I$j
z;mjcCfBvxqoAWIAzh(agXukhIjOws!m+agcza=%kSb6XFu2Pyilcsd<Dd~>RI6-XA
zRMaqtfPlzp&MC6&enLAD3c#OIWf^WtGr_yP*wE8lePTeLzGJPt3W7s>F+xkJxnLI@
zsm{~3l8d3X{EH@tdYoSlv2LRw>TyYBABwgl{xd^lSG(zuY`$ZMT=+eRf}<VRayXJc
zKSC3gTpNaKf%Dty35nl_#NO!)`$hH8ASnL{mnIt0=a<%qZ@aTb&absj8zq;V2nDTb
z2%~-YqTL;{&E^jKF8=#W**s-ara8Mf#qi!{wnXk0{|w)4F*l3cX>K-rr{z?#d3M-t
z_%~&@Mb2LzCMWL5*(E1_>##1AU83^H7}*&sjv$O8ZBJBkD&dD%YmNv|-^=PAFM4BC
zQkpYU=C|{(4L0Y1bWlDJ%M!ZNh3DfFz6eKf!ixU~Tf{&2K!o{Gae^ru4gcILKAQ~@
zfMyM0XG;=41}52D1JZ5If$7A&g~dSF7z?#%<$#Rj`2#cL{EZ35d&0Z-&?@O)<CeY7
zL1LAx;#JaLa6#q;xn5c&t(04?6RTtre)eshJ3vxGXPoxx;*76|r5Dq*i@l8esh&NB
z^Mc<J#W15zhhS4uApU_JW5o1C!GA&+ZE20Zu;H-)ZZc#Pz%~<S1pG5XY|G6`WL!Pj
z6kQ4g<jP60d8N4;q`3xzf9DIuB=yQ((?cTe`DDC=H#&^T;vz*8dt$ZYAF2{g*~YxD
zpOC;8kGanKZMC@H#itb>srzcT8+q?CIPET7gA3TRQLUD)cK5`^qcuu8s)zy!6M~Wu
z?0)%|>YwGSAKckt<$JotgSQD74Q)E8Z{OL<ws1N?EJ{f@_1cW{y(BIA$udryAQCZt
z(Z4^w9aq#hzVYh<#}^JR-}sJQr;hLSJig|*|MvJ^*Cy!rKHBxaG`_F44jkWeUFsWO
zPpCS+heN5?UaZlL?{-cssQHh_*Y;U`<2&@L!13*NPCveHf2EG^?L5BSy8gGvx34wm
z_&(qHzcjvIwF(^H)}8Ac-zFjI_?kkf*H)j^jqfoNCBA+3KOWynpVT+Lk9-+8zC)_@
z;~TnG9p4*xe1~-YZ;$WDtAmd3%A5a7<Ga6Q;P@uqT;KS1lGO2S&%L(iv~GMOIdS9Z
zUViaC(@}?Kc9Pxoge-1<j<Kp4ZP_Mh5y|xzYVA3sw#Q5DIbKhDWNZ(JW1?CDAAs$7
zB8i&wkB;#Y=^1IPN1gI3cyj~QAe*yVc9L)n1Pbt&&M}IV-dAZJyr$$#7MG1{CTBaQ
zY3`#wjHJ7KgnzzJEgxp!>^|pTkrH+RYnu9HE^S_K=FCWm<NBf-J@d+erlry5!WtBm
ztQ-;|mu*;>`Lg6{;mSYX*j#YCI79Q#H!>H(+ir5+>`=)(|LKP4YzlbXSfzReD5{mK
z@jKwM`ol|BG<~`Fb{omL$)COs_0#ui6x~$O5YjKJr&+yOXGGBx;bOk*E)G(}()x=?
z<Jv*^k$)-FTsS%k?zjWfL0dFGR}ps$K(RZIr#a8Sa}~wKnyx_mYb0v_k<KJRLET%p
z9G9&pA8qTc=;aOchO;q{!z-v<0TrTd1w1aoUw6yYRkS0;fy@VRzwWNdE|f+4yP|lO
zy2t_kuN(A`{N2u{IZv1i-O)Ny^fI%B(Xf9WudIm-?4trpy?xZXF_D}RWX9X-&)N!~
zdY7Rt7ZfojND&R{FT&G^204q1$fAimFr-hDoR%=_O53$T2jAC)Fu=UBSS~ApNuA$k
zj+oM6tgHc*l4ei%xo#va!qE^tTh24N%?nna{t1gY;z)K^MiMg?X*}D33ZN;+YS(Ta
zX7_L!N5EIAzwGKOQa>Wr#{RQr1I?NZcr%WJ#%A*@Av#<B&kFxp(o~a2DO2{*ETLh7
zS+X`PaF&=0*EaI2w~oqs1XOmluQC%>=75YRmEl3_$!_H9b{2=t7@6*?!9ar6&Du2A
z^`&yvny#d<AdzmsFQGl?)!cuUTlH<z1FmVLN$e;Nkn(ycI#dJU%p&}G5@I|#x#TSW
z(R!jGl|05D@E8Ly`cW4#rg`UhVs^QXCT7RRG%<1Cy_P>h^84gBHWx-U#_c8{ZxsY=
zlX9Z+Ry_?r%mt?!={DWD%L6vu(a%`}meQAz^)9834eQ=&^XktU-th8UZQn@n0(qvM
zQg$`)?Y8=<VRzp$>i%@JuTZB(M&Jqzw#<~8FZ6rk=ZK+fF!cyN4JNbR!xBk13XX>j
zwEP=HO#h;*Ryiz){&m&=h*ejx9&j>TH$QRT@JiaGJT0-VcBQK!OqbEI+QgXjkv1_F
z@@X{SSvrlUyh^9Bx+8G84@UQ(ldeFLe2d8c)LO)C3D^}@e<JHPJl+^u`Zfk-mwp%G
z@#rDd(H~d0k#Nem`bXGZacQnhMJxueRg+!Q6m?@>jRk)<&2MYgZ<nv|S^PHAqYYu;
zIh(UQ2>BM@QQL7>(A^r()+McshsE(2<Qa0})ak>oYRik$0uC2-z9_jRT>}<QSfhH^
zUP>!s8{_=*ZI7ro-wjCbWKwfa@Xx%U{>+!Irb?5H%uu1^w{yD|@hTDH<>J0^4OC!A
z;zEMVATcyFB#UrJ?4VDD-)mzQ(-58ch=vHWt3yQkd!Pob%=@9M<aw}8BCfDvQPJbU
zDr)AN3)lV7RXqSdM<nH;OWl2H`TBYM8!F~OlnFQ!;fTt+u1D}=e|O6|j;OsY>)0Fi
zx0HgPc86MOn+6>B-(2jjo@ndEPnlj?e^XY#hZb5u&Abjv^^Z}siBsb$$A#)GqqHD{
zeNF|9JvcIWa(?jSkIn>5{yune?HPPFc`j*upl|6sOzh@M?CSSGQv+gQUVD)Zdq|bH
z)dbl4>v0spSyy(h2}($D@Z=-Gldn35WFP2<=2G37>&>M)fx<<8-}MB$%>e5`uy+Y|
zzX5hH!Ja1Acmr%S!KM)GAp`6|f(;|sbOUTE!EPnk69(90&4W$?`=3EuoE<b-f4wSr
zL!kIEg%j>FGKE)q=+=H5<mBISu6yv+Ro2XR@~dYd9Mu)Adjwx~<1GFs^26tFeZi6%
zhd=Qt_g=1XiGPhBo2fmE{Q)1C>sZe=!ObV19cYTkX)Jc#Xi#SHv=YB!A^KMX@j1p5
zAwDhQS8kfK*4{~+m{X&n532a=zwc=}B&&>f3cLFW^j;Mm<UoJ^J!12twJorX?=)}o
zU02CgQX49-ddt;yjq;|etIhmzDF>@ALbX#YS5>2R7RwN4iH5e(CXmQsR5vlqy_XD<
z_$HNticyf*6Dmi8Ugu=Cy&&U*Tb90RLucgZw_g?DWy3!+pnAb03{}8MHq8gzbiIn}
z7q1ti*0F*J^e|ViJUYyGVJoBIVj@<&OLsYPNWRQqQ4_`-VX@?M*^k7Kh5`KDgMG~;
z>2E2QekN+-Sm_?77*jK8*+5B+q^&A9Gc{e_)hRa%YH}F`w2f72bOE<jYEWTV{C&gZ
zM-AN<jw(}`nuSaatdNFO<u`9rl@eDK;nS;m=N+Bd76eyhlxQ6_`tX=cO#)Ms>`zS%
z_s!wML`@Y_1IHv&Q*k@(2Nhh^As;pEnHq(usbZ8G9W@e})Pbt1N)0H-!r#^*e$<q6
z-`vI2q&J}Q;C$!d7;PFVsX@Tes3Jro^i}RQIfST5XB04;Q>ht4)MV+X$!2P1Ff~?{
z8mJYh*>s4gS<cjeEfb5iN8}PUR-WL|KCZJBQxh9T)WoSuQei%7lE|P0EQM5R&|FFU
z9TDb7jU|kzxs9o@G?X+`HKu0HV?@m=wqgU-MW$xqTda-~O4O7yN=2xT8n6fx)PQN1
zN)4KuiNEJU{iuOj(LUiIQIpNofF)uiRT;xoW^h%YJINM?S2HM!smW%PTpcxeM9q91
zH4B-V7yYS8XKJotYRZ`!FcIPvKKf<Sd8y$^0qH!Yo_~|5iC}6hOpR4XO*ByxtD`24
zsYzsNEGjisJa60wc)y9@-Op#5dUOektC$*46XkAe%G507S-hN4R_SJOG0o!5x>;P#
zvv^O4A2kb^8t;DKs*2c;;4<8(lUE}>E|#9d4c6}b-R4x39Y6B!6oCc_n$RB%5;S?d
z@@2DlR6?~S9&=2$xn{;3N^?z)Q9!S`KbRyO@ElGPe+<?LxB6Klbig3Y_#ki*8D=ln
z=ZWO^1v#-IXO*TejnzQmb36rj!$FPfw__?$<NB!MKBQA`zX180X!Z;6KH<IWdkc{B
zFp|UXJ>{CJb*Y6^y<z;JVhH>R6{D&*^meA7y~Dp-|M3gD`k^+ee*o9Nkn3NpufOVV
ztp8zs{R_4FOU+b&71v**uRlHXZ*2d0UHw(Q_H+HPQ$qc~p=k9l{~POnSYJQX#_exP
z^=I?M%MH=h54-f=*8X$4`m?q9H-PK6aQ#+&{c(Ti`0MMp_~w5U)sI@jqJB{E)#`^6
z{BLW2jjn#w7pC@e{foK&CHne-pZVL`udjcxR)1+E)sIo4VB?W=^=JH@?XTAFKa$q|
zNP2J120gG`sCj~&xm^Evs{dj8ef7iBJXXG?NjwH}gbRhEJzp~<y?<Km_H+{-DaNqP
zIS*^MAzh*)z*^<Wz_>Rg9#um$s;N(N?Rb98*$9uqMzyt*-S8T{Qqo_eKZRWReRmS<
zYXfWz!M-3^sR6d0U@sHwTLWw>!DbU|mjU)Y!NwEpfC09bU;_#En*sK-<nP7ht6H6G
zWc!)!QsoD={_>NL^f*fa=am4QSM)dqfb(<!&NF(PF@Q5O04Gn6(+6;-1mLW$(&1PE
z=e??+9%59S)29Va2`T4x>l#GL)TV3wQl^&r8sCM|LIY}StjC!PI5j7+#;>~INIV##
z9|>@GY|Ni}l=8!lr`!SgdmQzzW6e=r9c=+;=~1j>1l4hqp^h5@>Uj7U%8%lX1E)m(
z`+xDTqvRJ|9cuvR;{crSBRZVt0q0Zz&fQ0J?U@ER{g3$L+^H{TFyJH{!S*;ild#HU
z5LTIRW<N}@-3HiBQ&2(HJ4#SNR%!6$V+vLtNfo?msNhAays8tzf`<M4fnc8*U>_4~
z6~VqXz}67#6@qOsz%~&qk6=F-VC4jxK(L<-Ft}A4JGs?yT_;!mAv!tyxc@-Nzv>2S
z6X4wXt3S?b$8<Pv08Y^{?6040Mmlm0bU28{VuA$?1N%0?o-x3l_M;zOW)@`rrfWh6
zsCxKsM)DBtK1GM-trBRm5(I6O9<2h<08&7$zwE)#()DPc0NU-r(C*NqJq>7a!O(i@
z(Z&PX^@@KFr|EI}0Z#7#oPK(oYXGN9u<9!I>-WEt0<Cm^5VWm&v~K`y)qejP`{)<x
z`+#$^Nbz*?WP&xoBdq-ur*ys0U3+>{+KZ3M7Vu<_-p|Me0pC~}3JAw)gj^sU5PPur
zbe>c^=MAu*e4q64q-;H}tK%#Fz~}zu`~h2A<xafoZt(oTc@g~?#(;u6>jAu;!I<au
z5RFd!UI2FM!_XedGst7}Owa>CPFT5{YcXrO=y6I%9f6)EdeY6%m`R3W6c4^LQ41>D
zQgNvNaL(5l&uCo^&oKVL9LIcJi{G#lR3?WQ5|yV|Co@8s#X6Zce$z`LC*#!XIp=)+
zSh?7*Ob|s@9@mW_nAYA<;YBCLAQw@t<_{3rD2@07q)E!f-Sh#1F6AVDfDBIgnLj{0
zsQkzuAh}dF^9Kl3l`r`N<h{yA{DJfE4e?>LjD?%B^0Y|SrNQl0dDNH&H%eukF%52c
z%3v-Zu3Sp8N(PkBQzZlX^CtelIn{<gu&1Ncb^t`e510~XcX_>OiAT+gioxpk+JfR7
zE9;M{_O?GD#znBVWtY)&!)VZ=m5OQ_9N=-4ZPnd*EI*NGEJtiZ{mb~{mC0U=nks&!
zXuk$(zwXq2rD?y?=@(I%E@-HnNhzKJ&9=hE_5885m&8F=2WUj}fnNgn!&XfRG(x$F
z6W49+<$r$wGa-xY8e+j)1ieJ(+$0hr^a-70S3^DT9w+B-wA>H8_w*QG({AxyHF}D~
zQJ6TumzWCn@0fVMkD<HIa49K*7lkNtSE20s9SN?4FtvIt^MdJYg3^>Rmoeu3-T+tf
zjA>Tp0}c|LxzJ!Al~IR%6g;6cBT?P?XXv#g0TiE;K=E1T7b=0nc8+LCB|A%$(JTH9
zJF4-pn%D8GPAmpIuG5a{Tho7FM`a~DDvM@E71u(uqq5X*M>PvCFa|rSdoFKBh5F?G
z3-(j7m*NceQ`P|csaUu-NB{5JPh}V{qM7Zl%zi3PIdinTW<Ry(jscRgp})a?D(4if
z*r+nGVztF;ZYSl<j*uKJN(V+reoN8>1pFFZucL>b(xLW-%40`yK}7hk2iXpmrUNnj
zk;U$sYLT7ga*5K=?%X7o9FLUaH|702+q`mprg=(nrg=>9pJJ3HG1TRf-F0hP;aPLR
zM<_6PG9tbh)=NaDdG>H}A8fU^KQ2amYGiDtd8#O2wml{;)9fh8H1Dn`+~?@0Ht|%7
zdF?MY)3LPn$51|Sr>oB)d*WkC&Q;_|NBO{V+6(smUkGG(e{W{{3g?ELEuzpAEHM0<
z<^u#tyNe5pacZ#mz_dxsX?VmH%|g1S3c4!Ci@p&*!;dx_API_f6z&y8?GVLmE!^Vh
zhD`y&4y%L>2f|wXEayM2NRBws*O~3NI(J~vIU<{5v&g!oa7#`zUB#l*ot~HDi#^S#
zVeS@($P8C3()^9GUL9T=@XUpv22T-lE~rna{1i6CrF%k!_ua0P-p{4J@8V4Q@*%6y
zGXS~w<3KwwsaYrBzAp!3J}ZQt64N9Jw3iUsZI7`iZ!PQ^Ae+fa!N4}GIFJpwbI}hQ
z<{Azu2bHZ0AS1=UQS-GYPbJVWJVm;+4I%-sVq&Z>@g~D$E+B8Q9~==YDaUX3pZz+v
zKzZf}EF)c2z+D|xT2;~N`gnuxkPP9(mp15^oHz*+Tm!@MYeHuBxl49ui_29_NKOKJ
zAHZFIbJE#TlcTNd?m1g7`7KOruJJB=d{}QeOg7ugdfzGj4A~7eZx-kq?C#_VHs>F<
z{KK`j>OHzrJlCrB;KgIo+$|Dq`RhaE{IU>R{&|z*l{9zy_GDK^d75))?~JgSp*H7+
z-uH#g7Jt7_c3Exi^owGpCilKyfb7nSWPq)-JHPjQLhJjkbTpt42j*>d_hS*Lu(V4_
zPO9<Rpm~pkC5tACMfJ>JK~R28#Po*o-&ex3vvd8NpTz+*TP*le*wQ6uso3@B{Duci
z$!}r<>iK9qETPTXj5SYLl(>j~Jdijc(>zWrr76P`dy0Q2B!-FapEJ#qe?he2C`g_1
zN@5KDK+Hvnrz!KY#Etl4-0uS4BdYiz)0|nJY2GLDA1tR$#IsTS{ZXWgHMdXT9Tb13
zZWZa@$aBijRaj!Jxo{G#@^Z#oPk0{joxT19Wyll@cArQ*DE@lHcXr9$0<eQ?+)6ci
z#P^fpm|E|+S?*XayITyCOMVWMO*`cLk}$RXu4ajUnuq);lHz3V=A5cIwQzWwpX;A1
zyFz7GuEp*=8~?p>cZF4Sbf`#wTy`~)T|;3M@@qq8=E&|R#T=^*F&6^Qn!K8($S#|+
zJn3wi$<c0*yN^vSIT~hnNA_|J?-iEZJ3TDTY%l43PngX-<PW<uKM!+!2F@r%6^=gg
z_~bC#crhQx-xDTx+$!gvx0wG~BAbduQ_TM?j@azEMwBk<2*{hWF}`?y{~7ER7`7(6
zdst7K^MWn^7cqbL>8bOy<N3RO%n*0aCbs-iF?UPE|FtG_0WiX8?r9g3T{ovWtCM?Y
ziHVx#EbBc5=kVEN*FWNH?rEKE&Z^|zQxR5^48TuBZ+Vt6lY97RH5$F2Th~hpX74`d
z7-%yBd*rN@ojt{dbFbL+Zj)UL^6*r83SC*bU!nMEqM+!Obk$pk%-3(SbFcE%VNr+c
z6?AVV7w!XX7^}J9Q%Uy>;aY}1$pkNFi9c>DD@E3^tdyQlXU3#^tOohKcM}BGlM_9T
z{>gcLI!n37ZLU;_Ty9i54#|aQ>prj7gMQK0gWc8gJ)dad-(2*{n}66OSML#<PK4Mj
zYLup@;{<^*F<_=<g&o+u4*1ykvr3Bt-BI<_YzfaRk|lGqBx`9>>|jmz^j5Z$5_f?<
zqUT!Hz9~yzg9?bUrddZiFYxJ{oXSG%0#{N5=&16kvNV)VmF0fV{NiA_u892uvZX2d
zhQZRr0fYJ6MToETdz#J|3;DY-8fRG8d&~pmLWaD<fa)oXuD^GfG*?%4;g`<(D(Ko6
z#*rO4iBS+GW+Ovc_Gfp}jb|J+Iv%)MxaP?=n1_PyIlz0)A_jVuws)QP0+3<?4v%T7
zcK16!br-p^pu2ByY2BTnb@zeB<N-<M?q2YQ+TDXJ)ZG!RI15+b!0t|9g|Z~pILY$q
ztMt2vG(@u1`zo{sOA~}+KGEHPuawX4iq08HDFTB_Vz7q?;2&~$U0T4(WTKxF=o=hT
zW0*(yYt#BUn)^9U>*r<kpr`foNoDjO)Xzz}e#U$P_Swuf_#MF$BbvMT%c1ARiUeCa
z79Ic)24gkcy~MHw2Nt`=)Ohh}78N1HefUDPR~<Ac<kkz-7-J#9{{idaMx+}Ntv&s1
ztBS)-0q9U_&sTf>-?z+#!yC~vm2618kL_Rr%veTp9qC#f4`LnQ>El(dAl8s$AXi{~
z9ZLi26tTF~Wy7I8mBhWYv>~kL#OY;8)<?%q&e3LC4=4-NK}|HsNfhU#XM=bgB6P1P
zE?dsSvQv&IO|lSAiERk)HkxJ`z59h1-$kDsWfR`xOrT~$o`YY(zon!^CeUwLKWPAk
z-avb$pS!CnVmN}Z-q$s!2ITJ17E8o@S}dY1u@fh7BXIc5g?SOQW)gVKEO}L|8So{o
zw2JD8kaP+O%A*JKoHi|SKVPp5J3~sNG}|w?fyl0hRVSeMlv&0OyLo0u_|5FX6Ew3e
zx|v<YP2V%4jc?~5t<h@b$Y7q<Fm3aAS_5g|V-GrIe1*1QH+YIVr7Y>DDHA78*M@c;
z+ZJJV@b@Vyr_sG9j7FC{fclRvrn<x1kCA)|O78GaN7CmKQal3PBplu4T>5fKXAeoY
z9C=VTx{n^h(N%Csy2B^UV}Hzopf#{ftbU8N{?eLu#MK2PD@&@YNxBCg&+-T4QRY?C
zdW|ryB|A-ocN)-w!Vbm-b@g#|LD{RTy@4wB3)oqmQ62xe24HSGD_1fXgrcHF&lq)&
zT-S<5VgD|enz=9v2|Nn&>S4o@N8Dw*FIDvEP1;~gXuzIucy@mEvbv+sXxve!d$tJo
zRpbGTTY3ebpojPbg(c3WlUwJ>zQa}YQEsSY*efe|wnG->{M@ccNIDrAy67xMJJ>6l
z`Dw0+n)_Rx`Q?)D?5x0DAND3bJfHT^)ITKorhc(R!+qe<Hj?arcmhy4G6+u2@C${y
znF4EP^-x|QH$-;SvMP_BsWt?M)rK%UoTfstHWiw9)TxlnnW(pPnT~}?L2M`g48z&*
zxC8^Zst?dI8cH>%Y!*WhHV-@}hrcT5wVP9l<AI6KYtj*N%)psL!EvwvbHQ1O_<{6w
zQ8bU9`+-)oyk`99vD2qdoaT_7>DS3?raQ(uCW$2RW%Zfth3mI$ilYo&PkZ$tb%WMI
z0=vVn9%<O9zjz>Uqeh*{;2U-83A~hH$UgYVw^54*cYn%%fHv{~&26k3pdU|Fdn=on
z{966`&cD#=En&u1=Uukd(GM6}U2^|lYV{4{b*)~p&(P|z1^%u6gj-$INZ0Cve^z^O
z0ytX3q!AhSij1p4IU6U)=tdoNQz{M0+3A~7*-zn=dTyR>N_A<30jbdMz2gD6iJ&s8
zD}M>ie9;YG;!jsn6<8=VmYub@!+Oi}$Xlu8xKW_5@}aM)6CLh7lA{Y6OyGGopK6&Q
zvaO<8lKr!R0#2Ag0mt`f54>+_Qb(!sGlL0|mfVDlijpGnjrldh8}m!_{v1QFw+yh?
z2^JAq_dEZwCJ0+@fGs0fIl)#LV4oB0bAlBcU~5f!#f1h)ep{(><yn2Jnq%_KQsty-
zeezY9+)1h&UxSUkt4ZCD?Y9xkWq>_JuxkkRtO2&bKv*lRs+&|<NLEiuW6bigA<G9;
z+;)O}VSs%`u;m0>XMlZa^4D4T@iYmqqm+al@OFLL|G}kFLudsEdjk*-oTgW6xQr;L
z$_38$0GypF4jg6Q0ZvH(&S5>y2Y~Zk{pCCryqs0lI-K!<^KNxO+$udzKfw7s0EfyE
zr<>9i5Z*UTh$tMT8>PzV3qg~wI`3ax=X1Jl+Wws=u}wg{+`f98rGV2Z0H@nI9q9#t
za~%fZEmLlqcLx8q<G-!uX+8;YUu$@x+N-^aW6GK1A|;xi!YlTo4!4q&R^wyYHteNG
zQ8=uWmExoFWn?!n$Ge=PsXoX5a1Pk$l>*2yN#v*;3;#Soc{SV|s9#k(KnCJ7>v=DD
zRNMgN4%n+|B^Y=C@6RePaLaMxE>X;21?+I0hCoB8{FvBiE04fG2Yt`=$fwpE)A6aE
zV>&+dfcStX@9X*5{_8!cPN{UT*ATgIWV|mD=}j9Lbmb-S>1pVZd@th254Ae)B~qWp
z3cw*`_8xlGO;R$&ue8K!daow0uHfY$F(g1ARE-y$B1%b1tj#$|A<u!5lS;cix^80b
zIVUXsxTjG0;c%QFvT}y+{W)E!ssO?(r)sa$6a9Zdo3~a_o4XIH@eL97&hiSC{&&T%
zO4#Qr^G#acVt2mc(RJqnPqm*00o==#%~y+|j^Q@kU!iM*@7mr1>DMmqsUGUYXr)ty
zp}WB;x3$7=1mI?_jDuP_^MpFHTUU$k;{MSgsKqA^f?nGDdo?@jEZ$A+wJ0m`R{`rS
z*Qn$6yhP*n400L7UIdI^*+L+o;CC3m>YS6F3ED)pD5G|F*Cduo{C6Y|t^8LnO-lyS
zTXXsjUpn?~{I`_8+Lw;X80WguqQuNUG18)c`TL8K=Ny}FBI|LI+1O*EeZk<cV@D@g
zCG^*ggZ>B#E>kcB67Xl6KT5;vM;6`0#IJ02Ih6*!lHdZL1h(_J96Oi%5x_#IzSW8)
z<+3%;#AjHdC`oKj?W9W#i3i+l=ZUUz*(8x-PK8f)8-2(S!vlW6HyofLTgo}paci(U
z&w|(S4!x{?vB1KkxuoTidYN$21qx`0v-37(%YPC)Lnw~BNMOWwy;u{ms&Ond16>tn
zYInX)!S2TJ1Vd>l;=9S>UYX%gJ!!McUyc(s$W6hZ$bB;1+JKl?kOWjPnbEH7FmfUP
z>7(R286Z4D_p+q+5F=aB@DH1@(F&RgR^Sz3^tlv^GMP)M@|AKmmr}!}SX4VlD8T}K
zjMsW_BxiFy87G$&&+qiH<cgE?%PbK8Rmp93qm*J^Ip#XQcy{YuKEuf5yo;vfudhPd
z4&bdLN^E=L&e5r?JH&lYEjR*hAs~nQmgig;n6N6%{h(;ZQFulUYu-<?saL;gq2$QI
z$`_a@c=9yc-6=6m@d^(M;?%xsJmkkfP!~5l@&D*RHOd`f6wa<UIc`Azb+T)aSOQ^5
z5DaXLxmj3=?Cw(nty4z*gl~*s!#rJNg)BG1_~OfimMc{<Wa`M7R3+g=&e>UeYUP|T
zL(s#xCB#sGvQH}j;}F#B*A=kJuYjdN3V4qS0E2<G`*mcO>++HZcwMGxYNiv)Q=F*-
zWKxWo{2JTGM=PF-c0H}+Hr+>SRS;S)?B!}}6^ou$tI1GpLqn$0y(Am7`pa&oU@kV(
zHF%X_fEwvn12`B^?hkm30jvB0k27G2KVTLE=KBNiY10KEef6pHOzL{mrxuyiwX9G5
zC#M?a&WlaK1S7AR)LmAe`ZlK;MQZ=zRHJAdU(@DngyTbZaZD~7NZ}-$xAiYgxy>q7
z=907VcD3W+Lh`)fLh?_#tb`KmWdrO5f*rktuq6iAD+Jp{uy+iwHwgAI!Tx1{y-ToX
z2^REH^%%iEH^7z??0$l+Ho#U8tRKOGDxTj!unh*-I)XJM*k%K4Bf&fu5%!G%wuNBd
z5$s0;YzM(UBiMceY!AU+AlR=4*x`VS;ZGOUdtbW^g3bFTc;sC~s9i4*HU%JT*AVst
z!dC$Z8#RQrfUqI}VXcPnG9Y{yfbhA7@Him66M(QxLl^-FuLdBzp&=vy!aoBLp4Sjs
z0m4%O2(F82h~u**U}+P8katmaZT}-6JQ9GAbCIrezz-;&0M7UToCozdZos)a0B3|A
zXA<BH48R%0#Eem7K<ER$w4Il1&W-W=D*uFY*SXP?iJx$!S25cZUHKKk1lD@(*Nz~+
zcF`~591FL1M>*VeOL`I5GZkRs+<jsLT@diR{dyOD;L-32e*gocyv-kYH++FV@U(lH
zKk)3FwTqbbTxB}{8ly}Szdkb&J9B9pJMmFYiC>!M{aED)1LBmu0Kms43M9hu7!s5c
zKoL1Ii2eN(@Sy)}i6_JbpkQB4OhIu@w7>mc{w4)(QAd6hoJ8Uoiti&UIoqf|qF(P+
zXMCUhW3uc#1<DS=6dgbp0eqGzy-t(XvtZ^9057|@Sk&a25R;Hrc*I=r7LMBkpzbF)
zMIb*86xLGXz3TJ3s@jkeWA;QXw0X-wJ2WlvqQlldZ)RUf$~`8tLW7)m&~dO{g@zKl
zvs5|vb$2RG)oS>FP9m2*Cdp5q;r5;40`CIq+~EtR$<pc}#Eqe>)O0!)0(v|yIjjO)
z4B&Y>@Xx1WA=HFba@<T$xK||JG-~33aOAw>jCv)GRgM?a^(g06O>@kuEG?nLF(T1$
zUxIfToAV5~!>vmfg>?JGed|wBRNss**e5_2C4L<Y)aS_VrWKwAh1_U!!B@!Dd+g#~
ziafRJZCo0HLl=W~TvcUO2aPU2o|e9NQlO8rQH<XS$DsaseY&AO3M=O&p1iz1N~zN8
ztL|FC>IlBC@kp*BWTO1W@zEWivAbWU^|UBPhKEkL%n645@h@RzWmrp-t{q*LWKErt
z^RV_N@I#cunhEZf*?BTWmjNljjVEJKrcXqakoxurE90(3PXQPqh97_L-c1Z1rt|$z
zd+J4<Z&6sWq&b|y=&}fOjZ|O5mavxwcnFmwdYo8=()s?{W7w>6dJHRO95pH}-pB8!
z$1vh0Ki6DBV*Icl;_y9ePBuL}01iDo+`uiq>W^40x01P+p0==hJ*Ndx*Fj{lL^I{S
z@Ez$h;P%&bFTIW$*|RsmU9oc+U#C;0{M<0f{0#VQgqtHM#l-JJzdxeT_~XX?3w$EE
zauawk)v;CHS>0U{1DYxZ^qyq<-P(XY401h=&1B_eDeBBlkWB~FaZ@q|Sbf(|a+PSO
z5b{>v7#7trmPJ8_k%uswhcJ(a$L30DC&n%b#}6fRQ2(lL#TC-sr=9B1gW7o-u0LOm
z3mikc^Jk@HxAWe0jkP{NG2<Jn#9UaNlA1m&wSV$(*@+q&(Wxm~XFL`{ondp?+gbBw
zWJsD1B5E&1icWJ@vzD2o*Se;X8uTh%NnWMCu1y?2)-iFy$dR%$y{)|F{`)6P%$_!J
zJiM;i6RXUH4MM47Kr~xQZ#}Ha>m(6XDLt)euVeTuw)$R)=29NdW87}s;nz-)C8h90
zEWA@8wxgT&s-{|LlXjcA@U0LkV!0+koBU0jq$#nfXoV(<pS4&OszG(=gvlM1Up5xP
zZZX|nEl8}IccKY{Y-MSbWT}*7=+SOrN|H26e%?-$#Ocv`FeR~iN=OSK>RhQxNvukV
zq|bYm-*pWW+o*{ly2SP-Npmkj#N54Iw@T;l;@56{o<{n6oUcCbCT$ggif8_YI63hf
zbJ0YI+x4#y{c{nl(9)#qi0||zH^$`arOIh!jQwU6GX3ohO#gLsA(%(74hGou1p5cU
zIvHR$5o|EQ;ta6P1nW+)TMV#xf?Z9pUIy5$1Ur8cVf_rS-UK^9uoMFfM&8%#rr7Kb
zQspmn=ltMg-DE5{SqB+G;!fc+P^*>jAQKRn>TV6;><WP}AOK;mhVUaGOb<YKRYUk3
z5S|G@_#X}7SwNT@fKaF*Oap{R0}vK#2txtE8GztqGk)Bvy8zB(0XPvC)j}cx;aotJ
zuSYZl&*uVR9DWXuX}B(en1YF)se2pn1EbSygLS$B#72OvkGar<?u}7z)lZ{F3zjB!
zaoMMhx?n5`5z|>4HBQq@!Gr7C(V7aXDn(}1(>Qk8?SJ50mTySnLnmFwH)Qzn4XK-n
zZy2NF8<LoBc=0aMK=tPvl0rzi@x@qDLd|CBWdpSnqdz6iN?uK!n4AHJkaqm+52My4
z1$12zs|vBsE-NE(2OjJ+RHux@0_t3yI<HbOvMcrr?qBNBoy6+9cKD|N!z!1Oi!MBy
zB1pN^!pfznWUA{!3-@8P)`!b5a;mQnPb#Le?wTh#wGS=ahj$Mn?a~U?w6k#Ejl2oj
zt|brZ*e*Q$Y9$Ieg6z7pT3K|I*e~d0<!CuwDUlc3TTZ)mtUoWdC{)s%_|PstwUl;w
zTsm)-2UGogA~cv-ZB8g3Y5sK-a2-in9ZgDgC&}$xhf$#S5Z7T86h0zSNg3{-$v2qH
zaVS50tj;B!_FG$?S;@nO8D`cUtWcZ~WM-*c8^+Zx6E|pnPx)=M%r7>Ac$pR4Dp;>N
zT`9P~tB>JV=TrjpiOk%M9D3#Kpl)V?t3!OiF!@$zjmfw=-`hwtOVZ7(Lws?&FeErv
z4{)V62B%k2raxDo!PBbmuR5-N;kPuCYD|8k+=!W%LmKmP<3`;mXK+5*U(xM&P|58n
z;FxCdwYhepxHjh#HF$0Q;7BZRdH)b3ulDNFpFM&c-)7WILY*OWmv)6ZLvRxgsxzc<
zB`yENbNB`Y&)SC!XYGS5|0LLS18l0{SdYNsqNPgZoSw<ik|QsW|Cgg!QktP88`bg#
z!G;-Ng9%nhuzL-#y9hRkV51GN`w5mtum=sW@dS$}*i-}Tq2SEQd&I2N{)Sn`7_vM-
z#r;gMECXx;!Ac31ZGcS<U}V1hLwCXt`VdrF{s<7+>TzxYoHYSB-t%<Ghbs*Lp(;Sr
z<*ExR!mrB&LRbKs5OINO!TVGR;G7L8<kEQ^C9eXGCjh7E1s%=|z_}QJBk6JO2AmTC
zIFDV_(Gw3i6YG%jGENlW%m~1lbx~JW<p%=ip^K!NQ#4Lf#lbyc=2o5J3+^dv&Ybfp
zzNCGj(^K$m4-JZS+e6}3I<1Jm`9kN;BcU=3^<8i)+n^n95nFY~+l4LuIvJ?9(G#dp
zbu!9U>ZtG?cX{hnoeXT}CtFlSi5CDrT+_%%Qs%An)5w7HOesHo&Zm(vUSEgrxVv_p
zs*yn(Ft<6C>xxr4tyGmV+OMP+e!R!}lrk=uNGao#iIg$`9H@_RdNb=|RBlsyOO#m&
z%CMEMOIrV7mu=px8#9#dG&rprvlmzBTH+Jb4EtI)W`$5hOTAx`@hfx#Cwm5C$7ogF
zy^KVV`{(zPJk5Dn;#Q#k&Rah6Hlw}=<9;$<C&LU|L7F9qv70d#5QfLX*-<*O_w(+4
zm)FH#(HJa4T0H4cJ%7X>_w>X;^>oqCuy@OJGwj7OoMBi2v~<SjL<&@(Z2$9|PkKL<
zv*C0a_PHvmmp|7JtioPBIusP=T(1qNZ#*|GguaO>gYi5={ynhKKYu`te(5P_beR$|
z`i$3LAFs-DcY#C~;^7%&y0Q~o|Ese1wJ26V`=y^)u!}kds7;dbJ{cL3EMlLz0F{ef
zoCn;E`UJZE28P7Qcv|?$bM1+q0D0~e*%y{7|9G#vR<1#w8^`ioIZ&Sa?w4^SjL6Fc
zb@wAkzk}kWfkMo>P~sY2dxx%ZrAcjaGs}{!lO||9VkaxHXQTpSh${j<ja5?vh{jT@
z42aW$gl|Tkgq<ad;m-guZ?qjuKG!Q#N+|3?2D*<X$ySDmuW4iGJBuY<C<YUpPQfT*
z&f+xYY%?=wOZE|S1`y@c#%gb-`DAgXc{a#fz(ojgk|@ZO<nb9{FqZSPTT2p*sT*0>
zKL3xmcY$xJ$R5X&kd{yiHwa327cJNdV#}g779^o5y%!RwiinB|3W%;^g;c6SDYn&K
zL$Is(SeI44yMC2b*LBrz6<4Jx&=y>Q;tRz`MS&Z_qkuv|XnyC+nR|0@5+3gN`~UA}
zrMYv?%$%7yGjrz5IcNTiNJ`^Y)PFZ&A7x<lfGltJVX=B!c~{^NR4cx)<w(?5eH6o6
z98;wCb11?)3kV_whrfub{~Wa@($0>+;@7lNu#Y9~582`DBl?UE%H1JWhWcaoqB1^m
ziSGSfc`PhxR#vnaU582|m=Zan^J5{{l?}L<H!d(bTXG&O{S-rKWO%briTM<TT&Q};
zfivKM6zX7}y<WME2O!D8I3Ui$!ef78z1`w9w+WTZ$_j5T=o}?f{mDd5GG%TVCdKIg
zVV(20E!a8hJ<t_UUs-`X`W>-)e|dLisRP5hS6Q+dyN5^rxMWR^$rl_woSHF<cM~!!
z)&bpBW$3P0r-aktU!?1ixy*WTv!1kSv}i2M{fXDU<dMj7Hd;Pshfoz_WVd^>+r&`2
zMHD{VT6uV^d7D^yxSTys(4h<|Gnx3$n;ybmoC0*QSj*5SRZFoSDjTfAAXuLc`%44k
zPKv<^)_jX7Zz_d_^TGB=SM~kM%8=FTJmf!5ZU~s24gP~}xyXu5jqJjIVGHtK;gt^q
z|A6>T%ro<oBXp4T%7-MmF_H?S0zbv<X35+H^!rmNvWz-Gk-gOyX-@qYP0%J+zx!s*
zo&{5M_Pjgp(<bSCz4Vi`o~~J@u}O*n$jR9({7DX*uH;<Fo++@gm=SuPGXkdUzmyJX
zB7H8ugg%R7Q<b@F(A#y!DJupqFUi%pY*=0$sh`G=-W)%TOZhbZ>Py`;9v)IXIs>SQ
zxWkTokliQ(LjyyO6r)?jJMKRzqJEXVv_PFUCDWxYX&<lBmb7`eq}_X$)?52}(t41g
zbs01PmB)cRY!nM3EALhw9EOWoYiu!lNxzsaqt{N+9lb$$;e+3}o~b5aDzyVv85iJt
zXKK`5-;>lRtN0-?OYeMx%AG*jNhEjECFe};!GGz<<<2_ID!F?18=b3-c$042nCeC5
z<2LvU8aHOV>R(G+KO4k5*Curj6spccaTcRcR&Nt(BDimLj1`{P2|w^|)Y<H}3w3r$
zc<pnsvfc{crER(a=I*q6Ux>NW&MbjGyZtVI>_+n9p1K(!ujH2^>fo}c!)`qH4*Tf+
z|K<3OdEvC<yW+evjPL5$`0mX*XL5!2fBX0zpB6v9tNHl4KhurxiVt<;``CxaqDido
z{8zvk*0P<QVc)Rp&#<rJ!!fXVpq)VOjiPDI6DID0_06YQF-Zls1HWCYEOS5sSEd82
z9PduF)6+GVKe2A633mi$(<^h^NN!|HNAXZj+Dcrb*|V_IP#!pf^1uv~2TBkHcW2lN
zh2>}`g{Cq0WV*tC!ySgN?}LvW5$;QOQa}=a%N&pJ<)*^wjsBrW3WX0^B=ZSr@L?&m
z(>mTc-0r`*5Mv7!4&GEKx0HT|_Slf8Ti(V(6Xx3p`AWNc%}r>-C{@<mBmY%P!zO>B
zEO?9*Wi!N3tJNb92l;xmnMH_(E#r%S!a&0AuL&=rl}P~o*^*ZR%hm9krO+<x#DIT<
zttc>SgcU{<Z$r$i$!=juXWWXPfMPr{4-XD|jEf1nCQ^hE-<%NTu(Ibtc1MQ=nEdA_
zal|j3KQU+>ff2tvfw?EWfgGfKn&9Z;l>w#R_SPFF@%_6l&5PLfe*b6j*iJFG0coFs
zq08n<@>VINbQa|;V(4JHH@C?xZ*^C+E-4i1>gTxQLRHnnN>Cqupo8gA>OQ~y4B@hb
zC+=i&!U3gdC7jT2!jHf*ZtzXap$UX8rphFNu#ZqTJ`I<fBc<tZ2C)_9ZVcn~Baj2r
zW;k1nHs*q`QI9-^PiE-u(>+4nDR*d(b$noYzGFhblW+G1iWP6ZH?!D(QK8(&C%bKu
z{Gi<@UjwHNZ>A_!hB8=Kx-dTcQj3y@%O`J^vcC}DQ^i9GW5<2Wc%1|}AB!QEA~{>U
zaw`RK5j>$u!QmNN0J%<*^AoR76!w~1y~4P#uX;be7gxas)stD~pX7mglf?#p1%KpY
z1&axRZ#0GWq$t}qz!^c_pxz*3aI7+XHICr~D32#VWkf7+(h2>PGG3lO#576v46#j+
z7Y(sblBW!DfLvTYSd<S+@@FhY&0(cv{Sgp+cJdPW1$Ff{;4Jw|rRzU(Oa_QAm_7nK
z38g{`;0K(YBANGdBQE~HPJo7DLeQFz(YkO}bShIS9`0)L=SMdPbp>h84W-wK@>lWk
z*Uc4WT}`D<q3#-+D2J{pPV-0Ls4IUS8H)2Yy1^yXZNLC^VhS0^IK*Hj{$fS9LA#^%
zz$!wu1$YwVY~&B2`WL)p3*5to(kK60%HD_L<*WXQxr9Q!<xZ(-L&2Jr@%|$q8Da0E
z)%8-;5m(oj4#Y5lEeZw<1TlNzw<2y+N0n`vus}sI&MSVx^6teb0qc~$Lz!Y*tw?$Q
z?>Wp6PUOt4TK<s1GOKeK5GqtXkI6co+aNr4Upg7DG_FGtzY&f=IAdLCekS50CuBbH
z4%697<_&0sf`v-iKl|xuv{R{U0NLNXTf?GmC@<p8*R}T#>sWh*>WA4guKG5A73r-}
zu2xc*d$ce&%4O(XS7B!;n_tgiw>}IHUj#t@0SS7VRN0up;v2E^0P4%#fk~}WaD0Y4
zzdN+7bdNV!QXfgF1>VW<I@|phx&z(wZT>b`>`m~W$bueD%E5ofXJBcO&+%U@JP%e$
zZ}thHYL87jL<B=eqUu9tUimn79E$UeDF55kzQAr|vddU*dZLVYM!h!0Ynjq{cioTI
zrf7CjI$IMAp6x=LWr^5wP%p}4a0M8NGDnp^3`W7AEhZRngMU;3a#3F(&QXs3lgz8=
z$*OZbdaGVkQ!=k!n@$b5_i23tX3f6i9&7;6KXd-<nC@VoEq3q@lv(wH%_>r}D7`Yy
znRsU$@#iMks6l`Dd5Rme{e6WhkM+k$Ec0gG8|!zUjYLPflU&Ijb)gf~EA=_7=N+s>
zzQrUtL=ilteG(B$H;yR}PNdHqx>Chgv&<;?xp+M;O2;R&P{<jUsU4yYDj%+7ho~~O
zO==_(><jgb_|;R|8FBtyEWpg{dH(rYvx0F^NNTlaZCy*vs^P|Xu4HZE!AL%vN{!&b
zNUC`g^}$HIrw>MQ!$rC_h5w`vMxq7{(#68E@dm-XO!?<z5$5L-7M>~Armg(Z<ThR%
zzEHI`1KV`+BWhDSAFA58p~4?{&2DdWIZWDPRKb*&cqknT*^zQRZ!V9qgwIg1_GR!;
z9lE!uuzd?J)U~e*wGZFiLIK-6Stnp48?M=sLMP<bW)iTOm*4N+A_1Fuv<`hs=h52d
zEu9Ny`dd0VJo-<P!!zQ}S=CKE>;`K+(*dt|C5J64F8Zu~g$#G+GW{kkry!W(iZugc
zxss_WsWgf7NDqo1$Ml(Y)MvWl?Nj+F;2W`e|LJv_AK~nO=E;$!$UAgY0U@a*PJOxO
zWuUH-jKxtP)!d*yU{g=&JWHq8<NF{T8>*Tt@v2TMG1c3(>MU{i7TkH8#!5Hw>uGZF
zQp+rHsG_oR_sQNdvoX~t5P6Pe;Cfm3R^9r3>)JX^W&0krF}7cMZH(<>E7S%H(W-^u
z(57<A2RZDR%Yt#RXW5cWWgaz3o<W52upE7PY!YKwj?+esS~f_>>I0t}nPkbu!#dya
z#yp|!7c=M2pZVZz3+_@kyoX}VO0gIh-ZHIOBmPCra#+sLEWYZ_pJ7;ad(QYxtM2~{
z)HSQ<S^cV;GW;6d3})eyR-5UFJa7ZeU^Y+he?vD<XT71Dr#HMo^OTNWx_QcM^OAXx
z4Kb4pkU`V+i@)Zu%Y7C<gf91)jmUp=xlbZhOrQ*pGzgU8XO2drs7;lRYch>copmf4
z4G%k(^bL@QBKl-zA>`_33V*ampKN8x{Y~K~P9_aLl6fkr)#FcO_4s-d(<)fadaVMJ
z*DJ@=60C~>mSWal&}%fEN>1vEeepNIa}UxDFk1rl1mS!+^<Yv0uQfy+NoUEKP>~^7
zv!Ym;ya%VZC+(9y6gcD`jd%<$kFBVS<DR(TCV|tGtC7&x63qSHI;Cq&U&L8u=xr^8
zO2fXS-E)1y<0mg3*Ol133`z{LlrgXGDKsh1C`a)3D*XL8{obR%?{fI9oZNkc-K38z
zFb1_4`I>IV40(;+IfmI9rMpKx1v4}J3`U^vTQvyVKaaes+dp@|s@p%mdQ~?s|NW}2
zmbI_O!b9M^fALxNnz7P3O$!eZRUUs<3lD)8^bf;l<YK&a&EUE2;<;M7=yFZba@DeU
z2MM`;$8-HjpKG9&3x!Wbc$RKjQD{~y{DXyD_~jY8Qe`)ivAgnI3*D7xTTI%<ojiWQ
z`oF37<)^5NbN5G9(4XhwPk0YYZBkace~E@k%!&=wV}H|i;zNI<q577}!M5G-jM@xl
zZzw)9QZu58UC(ouv0(rtCrSQT1}0vh%b|2ZjDMl#xFSXe8`<b;-N+tZts`pJYU9Xm
zc$)mRF16`;`^~3SGRYs{>G&~vg6BHcS(ob}Ef;RT%I}}%7xOq1Zsi~Bp8Oj4V51T>
z$3{c#f6r>Q|9{Z>|2_2@A9MG78eK85#~zRCoGy?x?2IMiuAr=6Mz`aO=JH1;qDspO
zW?t~GQ_-kC`}-?&e8kQ}F+owNVq<dWpL0y%4wE*XkF8Lf%wGK{<0UZM->=}U>|-{?
zu5o6+0yK7xBiyCW_dECq?=l%NMnJa65FV7K#|jEc^I)nja0x>@_7oL_cU;Qer|@+(
zC`gNl!*G6loI2$9cV1<v;$J*3UScb6@DJ97O9Pa{2{|aHhbk{$qFlc+#}v6JVqxi#
zT>R&Jz2yZf+BC;RYI$YqH0lc`t@gRmu$QN;%!$?6jn}zh4u<pa#KlV{@1;RPU4b2E
z^}o89Of{ZNp|QYj#%R?%sD^gu{A3s6Gwk2ojbzHJKAqunu(#vA!Fw`i6k<qlO&_%=
zv)Cu^^9JVTiGc!U3Cb<2b<QjU6@N84%b?`U9Kg_;bWQ2Kx1sY8vow|DgQ8Ors@rf`
z<_<(KjlQKa^C(P1@cg0)qDir>$zsx6)`VdH?AY7YE9mWNG@lXW@07zm9413hjv8*6
zT5BP!JQl6MOb23S`V!3<p<eJ+X)<FDi-f|%ka#H;Nd^gjE++h;Z7O{;3-Ctne#Gog
z^;ZY%l12)6Qgj|k=&73hJXxPsnCO2jy1|clb#vJWvOT3}CR~3Yf2}-r;&_yw-m!NF
zC>K;=P=s}Gg1`6n+4JFu^7~1p_u{%<{VsFJq6o`mqU{d&Q+RNX%Pw$ecbHmJUEDn0
zOE&U$v-T1>YbrmUxcG5|g;dr&qo!o`S01lS?iK~)h;l@z9<92F;Rs3rZ#T^~s!UJD
zG@rc7E1&WP$IN_cCa~qK%t8J<&Qhp1yr}Z*-cgLBCiA$16-4+dGarha_=tmzWGu`@
z^eHCY5je;da>10jMZkb}u3@&a44e5RwVL^1ZmW8db{-U}_i^KGCWNrLJLx&{Nm{K(
z8)qS(BnoD{2P;Eb-O*l6oL&lZsn2tXh26N6XcUyF6wJ`0J<2H%H46UyEK!iBM?-^T
zq#!3ofjve+j!J<|p9h;<K|3r_U{Wd2o(4s<3{JszlS;t^PC>IC?F~*ry-A}0&m)`y
zOx4t-TApXjCVpF~rl?n;b}dDXSK-o9-r*@_TFOWKtTcn@d-WMwUvaW2->%Y!n?>x`
zd45q#spBabJOwo&#jx7qZXIpXj%TU|7fit%$+<;X7CHe(qJh?=hQP-G)>OcgJ25%G
z0Ob6U$z8ktPG-YR@85pfM-5*i*uM?1W`aFIuq_7I#{^qIux$p|W`f;7u%vM(@(H%x
z0Q-z!g9x_60Q-_)oe1`w0roY)_N-yB9}KW>3HC9;b{k+j3HA?yMGUY#1bd2LZ3fsr
zf-NN2F9z5lbJ78Oo(#`DXQ(QRU<VAay#z}q*dYT9&HLkGH2#W5>)pyTOF(96PB5q5
z%fSl~{A~ib&q)GLLvVV6(eelmb|QFi0{9jV?u+2!1n_(g{<S=*)%0u*{szI*62Q|q
z_(KFwJZ-EByRx#J$Et{XFi}Hz7!fW_K#(+qn-Jlu1ca+J1ScX4i$kDE{lqYC*o|U?
zVn@V22_<zoL2Ws-812v#!ZzN+!P^jgTY?Gt77l(J!42>M(i$v{Ahv-Bx1wHLx*nxE
zojL~Zj)FWc<3Je%?H!Se^=W-q9*g2Z@w}CEzQHwANm;4J#F(apYvA0nC}Lun*!y=i
zBsiB$$6y^z=p0V_Ul=z-NQrdgxMj-gH6v;9RB<Te;Eu>O%FI9HATc5uMsgs0UdBp{
zWYM4A><>vJGqGCDF&NFpC)bb(@C@a@8_7(VEz07b)Ch_rID)8T@?RNB-x@mFvJKnW
zMxi;ftLjUKU_1s)O%_k_=jV?_CFggg2eIJ`ZzdDr???U;jk|xv$95`DbXs_wyj2W#
zyWm0*R(0!A(cBzu6@w{P|JO`Y<Z>|p;%o<LAYXqu$0XQ02|b{fCZgKWF3G7N`v=D2
zZqrQ}T?+?;R56e$%AIrT`AaP8;^KjzERUDi-oTY^p>Cd?otN&$9lCM6-OOH($Wt1+
z_GM>xbb6r(dk*pz<Wcw!Kd6N|Z@)Sgh5z1|Dtow@<as+~hduB7{#UCp_@DYaMr2@4
z`}pKn6NScNdwwvbqnLu);np9^{QT8wi1eu}GmniWQ;2Z>%pQBlWCf42wTxjXy@yhW
zb5XTP<Oc#f_YCupdsuNJO4jUEszxq8H&Vbpl+=b^japZKrbyO;BiI??d*!u%WO0@;
z|B?1~!;4qr;vMHo3$c^g5tYq89EY3Zy_~dQ!5@<0$(XlqPkiqxizS}+y{kv*?Y4hC
zh#t4m1kaSH8an8CL?8=S@)c0>o}>9-QwCP6&Jew->9woZr>Tcgihol@$xlz?=S3qw
zPaS0B=kgcg`T3i_o|&KT37(msu|A>hHXF>zOB#!8W_;x?fW!6j7}2!mZMMF2z}#cT
zT~S~g=zW{1Y6o_{T9|%5R-Ul<`{Ns0J*u~r_5qT2{26V$pzd{|d?ozL!q(yEoW%1n
zGM!;gHCXg>DhHz#irI(7&<P7Un+#k!gk5{(@Z%r~ea>}46>9qNEg`$B=AO)M7!_!m
zL?>roaJJ#SAWtBlIE;BsX0aE-=;YL0DSiNhYB=Vhk3%)N))U{CvDl0rGG%z&#BaVm
zXk+20K$cmgk!RQ5iumM6)gq9lMI*Q6K-<67x>?f5qx#bfNoAAsAaYq549LdOaMD@)
zI-PV(+DXTxo^-e<?nM!JD?co~r%Cy<0{o;CLo1!fPB|v^j2<M@Y+$=3)oSF0RV3+i
z@f<Tv(gj60Sb9C2WvycV^vn#Q`kye@!Us)yaf}_~Tzz2Uq<Q#1|G+6XAvWbCNL<Ad
zr^XVY&@lm)czY~yCL}(<66eJd?~RM(%qOL&q&$G(mlI~KOGEgn6cBO~5H8ga)*-^c
z1caA6RD{1E!n62^3@Fqgqp^$1>K%R?doNbbF&Wn?<ZnZ?qjixHd?_eXEGx(bsYz)c
zrbR$1Q+8CSZZ|Czw6*8Zh(0Oju%+XsDf;*GjO)kHe#Z6V*5~8bkCiW;dHonJpJn~P
z>C1v+Wl?Y}Nj@fJN2O3SMXHQ;7oPYAmk{T7LKWINq5+TS+%8lJY->9f86;#`Gld=&
zQ62}CPjE=Vq72ya8BT<R8!=FnBjt~`FPMU1B;miwb|KrF3IA9#nI+F*G5brgvdM*$
zal@aFL|KtpfZ-N;q{4rb?6Fcy-w3nE@?!L3Xv%DSRB<xe1&PigyYML5A$sKwv?mjT
zQ(Fc5_%@-(csu-Ug(5}gcznHW;ZNbQfG4#a^vNgDn9gVZnOPI<R`zsY{ynJm`UZYV
z@^)W#s}yQaA-E`ijhAti>$8v<fEB`xI9+1j@$v>+AB!b<izt7}p3prh%57qHy9h;!
zLD4LR!ehO`;WoU?Z#m_a_lu!jDWdt5C?D`SPnGwB+LX814n?MCSiSNWNQm@Qx-!!X
zp01oqL1V=>DO(|O@m*YK#{qPKki(MvmGUP$Bh{vVKl2Rn(x$+64)dl8Pv1U#NAxXZ
z139Y6dqJxWpLi6i&~?}A40%bWf#EA(AjzAh(1Ed%d9&2g!E7jhN<o85z6qp=)!T&S
zYoU~h0nf#D7Wu0s(#L2oC~w00m*c35En#M~x+g_)ddAon{3sr45zQ@<`IJ<-AtUk`
zjyFBMI@W96Ahw*6<o#&7D9VSt*~i7uaj0-(`K$>6&j>q=IorRy@=h$X<)9?DOQF^j
zNj@$egCaLhbb74z$-!CH46jhM6aL%cl{fl8uK2_!?~V+K>1+4H^pbx8;(g|mV)id$
z=u}Dsitj+KGXLVs?vO$qDa<!#ud>|4b@)-T5N94Jit-p+g`ms4*@w^;)8U`&l@Cbr
z_b`q^^&bHmxmpa2w@dj&_64I1(<ldZq8Yd;v!{Cbv%EqUCT1ZRrVsM`>0V4lVVKSR
zt)laoe=#mw*+={jsmv+E<UGONN<Pl)|L@DKH_GpV-P&2OdppPGG^7AA-c+a-lY0PM
zozRei$<|acnBG}L8`H{qSWga>u7R~DV#D>c6MJ@ZJ58or*D)?x)4^>dMf0zbesT7s
zf0T~3d*ynxXKi9HE7nWdTfNQ(A!uehK0c@TXA3d!@{d{n1Mlrj@dhWEz0PK#YLN-2
zOh_8M5%~v~6a5MWt?3P|>21fZWjz~f3nn782>O3=jxLL*cLwHx&WGe40M=)M6oBJ`
zCsl?zN|%e~6Yit+X8*{<sx5+jLXwIx4IewrKnbM_v}SLHf0Fn|@mL2AV|9ILaTvRd
zzc1Mi9pGicdIPo_s`JSW68w_n7GHLYSbem71a?ztjwFBTlQ)Ogpa`|?*ilxNP&E&k
z6ZxP47On6f+0wWr{25!^4@-kL#hvE_ySo+sk=k_a7za!6gf?JI3IB1o>e~V<^SD-D
z@cw#l@TPjqjsHkn^||XI_g2h}|G4Y*xwk^@dawMo58sGw=qRmVughMA&r%~5lVViB
zR{<tXL=q<9KjT~VI}J-OXvIm{r2)HCsK!hA+->e-ZNy(f^-4$x--`Eluu_P@Uckc*
z&@@lyR-6K{x?s-udyD3FF?%aX-?+8yeFm+tkLjpq;~MS`<;4#@A1iNgRBu>Z&Hip;
zaA5{kro8lwaf9S72{)g_0gsPA&)9uRW)5vSw6%+JJNn*cNK2z3oWRSrTFEpvBXZ50
zTET9H?vGI-p$_2vdK0-~4UMZEyR`@Wl$Ne<Whiav88Zgah2>@JCB`WLbpi<s3f&mr
z8($J<t5$4S*gsSrgZDsqvPxK4XcsB5NTSZILgk;?5@aOVP^5hds}dwUeev+`luUfL
ze0pYa(yE}A8CXk+ln;js;SpwK4)tJ<02yVl0c93HFn><17`z__-wj;swj=8cJ<Ouh
z4f4gIg+E2Er~c%breUTW;ZdAl+I`=d@`s-^CA@ba%9}~#f=y>Uh+I=a<XXn$eknlL
zgq&iNp5hf`3l8;{2#;d4;&ZDX_xf|F-`H1`pW)i`pNt8xhf5t9z$~WmVK_4wPD%2y
zO4j~LQ}q9s3c#PC(gHXoL=pVEf>jScsQ%N@xQf&Grb^@dMY{2MkBtv6;n6x`5zqe>
ze<akspep%9U&SZ-m?uv&(SsBqNa80}&TNgpf{2pK<n5&OC&}{EuQWcq{o8r_k-`Ub
z{?})mUnwyE66y=z$F%mRP!RJue-^5~W@0LgFlsNW{>@srCo+WkH}3o*1`9Iqz8Eq8
zLc$uIU$D=v!-JN6qJEkF+MB&oJHG5zQvZ;=+hWC*{ypL|%1@ot;|r8V#}`sYeaFZD
zEaw-o@{~<jwpx9nPck>5B$*+anZZFBK3k11hrHj}L@JeO{H?=#GUrBmV*i~$znQss
z^A^0Fy>>h5JQl|pw}c!~RzxR=<@mfkY$SQYGWNI&3WPtTkX`{@Ew(V9vewRCrbG#j
zzE(mZ-P}Y0q0#VRQgBo@Y-y>etz=pXyqAt#RV$jmWrmGmulWad`RL77nB>VW5Mk96
zMe~=E`AcsnuHAr<S@td)8B~(X5vG`#5bTu&5;!?3eJjcT7Uj?R{J}>@^9$??hO(y<
z>^?h<2pb#`jtx@fdJsWBEgcfcBKeOEu>onFisVo6I`@~pE@pr2xAXI1uP4y)1buYm
zy<+xWp=uaAdma<BzxSH)<fR;5&N0GvJZ@(1lguYk(J+l&fnXE!U@H>^Ujur7K?}U*
z{UWrhy54`6*ZGToR-FG-0UQGgS$j@LsRTr3M~0I=5}WOgYq!MP4T#vJBc*@yX7Bg+
zWQUXk7(n1^Ml(<bKz|=EN`GHV=6$@)87fo^j((bmf>o4>5I7ohML8ro+gY1&l(K|n
zQ`w>M3n{camA%6NQo0XSZpcPV^{g^YD&ybj$j9FSyL9H(BT!f5YC5l>9~uZ&ir3tV
zJX9=Ze}yMIFS$1Yzewh-z%PtG$^3=rJT5G2GLaYF42-Ev;=gGA8c!ObAECP=z%7!z
zUgH<Fe^1LVlJoP@tjI9rm$UTm=l&GY`7QSEUjO;jzse8Gu=`jH2G&DgGrqZq_{N)k
zkn_#^2DES|+|LG?fPZ}E^*a7>9ufubAvl4O&H$KyKZx}Ho4w9c{;6|nC5`{jNU7+I
zlwK4Wit@_o`9I=^1@#p2|F?`;fESQidZ>f~P^fy1t-dFq!Nf4w;)4N>5f0+D?$Y%r
zm>Lui$@LF;KAgz_w?Ih0pGY`7$8flicf8J!@M4IrPMjOOWLGmKGiyl~uXBU2{O=ZI
zwXZSGGA!B-VfjVOp+GqrGW%~w&J2aeisq2mavYWkruNB(bpy7F>ixoU)R#{VcrS$W
z`!Sf%7{6WqoM|aY|FBn-zeN3m&*>e@^bgy-W@u+rg2Nc;AAIr#DYSpA&y1QJpL|ea
z&US~r+1t3nqkPuHfcI*s;4`j&*o|eP{^3^%xKY(Vv`ln*`=kD$Kk6TLlm1~7(?59S
zA7c6kpL{Bk>XUx~f_>)Ccv~W{I<-IzJ~QxB3sZc+(vtm&H=n&5g;MAfEQXyE+WZik
z96w_Ft1e|~J&eU6|LV;?f-}>G4#?;!P70>X$B!^og$=e=wlcs5h^o2lFWLSVgC6r=
zfGol^s`A&8yjcm$cmO)&HUAi{kI6SkQh7FG6b$y`MGe_zW%fbjqC+r{X#9%rfN_6t
zAWXzlJB8q5l(I7iqqHBV6jdu|Nxx7=)8_4rB2qOnqF7VbDL3k%xX*`vO%adnz;+El
z^LrdPbCfrr0g1|@2GFAMt5=O#0zEn^(<^^Tnn9neFh4_|{DX2C9PMyn%JIQ^1<d(k
z2o`kqaDcFUGM*)`JB5!#bV%9X2~|bhSO{MoIIMh7!`wI{BjfK&V<Ie^S>eA<Y;M9F
zWwMS1)pW3xGrLhKP-G{`Wn)Zdq-JVTGnH-$lS~wW5f`fHs7HPDHFA~wg>o4ZgN~f_
zjN=abfLDW~`-9X29e>;_D^l<}IKvmV;?2wGTwh>fn>XK^YhQS2tuL6K!%w$(g2#W%
zUgsYFbg{Cr)qwoKXWroO99WQAHN}TF2jm`4POBt;>UC}_eF~1;xo`>wL2jqNpEvsl
z^&8IFP!v9h)e3_U$rdZu=joOgU-oWh1GpPHHj*x7e@lTUaOE{1hKn9Ml5jtLHvRYx
z6W5RT)9c5(bN%>5vY8}Iw-pZ!=_tnPb>zF58l@>vl;O@#U3~31XvqKi=vg%6Z-)QC
zri&_H7G*N+6s+gzRN!%EXJPp)w%we7^XmlY?{TPwu`@+Y4~uggh>V+-><YV1qaIgc
z>hW*SNj;AHuR%Tj|D%39-=f!#Uurp<ems)?AL++GRQ2QUFj42^Z`Y4|`4*l`Kkg1#
zhjaCK-}v($>Bp-~di}WD=^0~MoLoN+3teQa*St<_`4z+=(vRaRuI*3b0@e{;c^6jJ
zrIyMs&x@6fMK4jPXdDA9`YWCNawKwr-X26g5OJ`X^NZKKON2cImRZz~!(`mW^y9lx
zKh8#IuQD%;?9@bKqUy)DC((~z17Zd8W%hQiA9n>(-TBtc#d-P#GKqd%m1@qWAx|>i
zF@0Jd<4`}GO|m<<IxUONNJ~3Nr>1b7T9z*e$v(8X@dee0TPx{29(<jhi^CNrojyje
z!~ezD{O77S7AR-+Bgs#f*d-ZU1;<P&VMCObHsYtWw2A)IGvLy7^k)P6!}WBdttR%O
zWQIG?E7R?SU2U-|CM=#tQ^%ypLW8nHBMOSa^R~;4FVr|&gy5Ct#D<+-7jp~#bA85{
zE5Qn8U<EVW`RSR$G7K-z^fI$pnI+nK=XL@S<rl$P$IsK_64tv3u--K+*(KX(sdlML
zwF{P28Z&o*bWBv2M0HhVR?&t`Ud@IYXOs{2$_*f||F-(VcX5rIe!ur*dPoyxs3D_#
z5G-1?zqLJvUJGtws=9L=82c=y61#_~#O}p^X1mUPxRP{a@ZJBkdb^)#;TAFd+hY8u
zbjE*1)GAKYDozwG&l!tvOqhnNV$*Q&lGEwN$g&!XtJjzXEgZw;n!L;S<|UPH-Zb(J
z^-cLu*r{UruiwhAi6pFsLl>)ey;|?q_<FH<<pbd~_Z#_jDW3MwEr%=IP#zYUB>JgI
zuXWo%Qe{$kNUwAIGh1QTF?k49^J~tkaa*zYtQxm}L?-C<ZE^CDD1W8OLs0lx<snkH
z{f(>J^0>M!>on>%^jBh<wmz}_`ZW5sEcV7&Oy9<|9>wRNZ<`jUZ)0x;<RsI#<t5R#
ziShcjY3HDC%Q?NiEl_C6@3c7kEXp>fJgK1Z_-*>OmmVf<TE=PhZI7rJar!oq@hLX3
z_&4a=0-fCXg{H+>XV$h2i;Upy`Ooxin;#;LT5(c++nXv>uW!p^;zgXkEdxg>=N$BH
z)8h1Pc{+Vt7UR6r=-XWJ`nG8?eOvK=pl<_yVI6$&S=4RksLxEMZ@d3N(mv(z9y*P_
zZGr(UQQyY-=Pdd*H%)-7vufMULEn5DecOMPaY9e4Z(E{b{4e!wsN&%IHm~#Zn5qpG
zFAlD6dy(nezVgYx`kY&Z<vnBCwpkd#iXCqnW9C1;>~A$~8-}wj2&518;o*F5#E$);
z>f7i%qw3q-&h)X1e=@4uKBxFnN%d{td9yc*c&w;CT0RS^$Y%{Z%+51k;2|f^Q1)m%
z&ukOThheF}uGgJsP``G8;r+JV5r<Fy7HIaF|IJ&2=NSw;<}-iq%ic`qnGN3TUwqhU
zuv{*A5Z1ABzp7;$%9I0Mu4UWd#rO0yE!%f^O#SGABe1PbM?Km%xE_3M(6X(HLBFSk
zk!#tMM-gKFG5o$JZ@{>f4`Xcc9n-FTtfYN|TQ&?Jj2bG}m<7Ks9@?*LBYwoB(YPIs
z6GUUYey#TdOoPT~VLbRX*ROqt(Bq{ss9wMJjlXxIeogrpu~p3)){7*1<z66>ZBdm9
zhxE#|ai@4Y;x%laa}C=qs9~F_)3A**XxMHlB@J87Z_%&e3m;6shVd-ifzC`y`S?uQ
zwU+S5CazuEAyln3aqZf7OuGh5^S#pI=i0TkjK5BxElaRhe>C^Nz|gWH!7nMem}%E~
z<rW4ko_uTWlFMj(gVrm#z6@3m5&tovdhABhuW9JzU#QwOAk^YE>eqbEO{FXTzgDj8
zU2r5mK0NbpQT?e)b80-9sj4q^z=p=+-oRj?Zd@93k&v99(TlLE15c{z!1J7Ob;G!k
zp3Gi_xkojd@x>0^{TZ_przk}14J{>09BJag$C#<O%+7apn?pZXrQoP^=t;Y3Ii7_w
zor9bMLbs4vICG%LX~cMz2%QGMW}qoJ9tycB_z06`3ZCT+rfldgnw0tF%oLnq`G>3c
zYFuv36#QE5O*xmWhNs_>6LZpJ2>7-zc1N-10FomHyDhqbOu!*M_G%Kt|I%bK>21J;
zYP=wKS1iixYVy0>(MC6xmgaUgmd^FcKg8P?@c4~Bef&n)%-!-A5hv`Il)q65TGvwm
z$M|@QfeeX1J;1Bn4+G`RpM@6ax50VPlkd;$B~(vAWAyVnl18kVLB{A=OOqI*_gtF9
z7`>w+i7|S(;>^bAtGT7PO(`oHX<~+NMuc}Ygc}fHbpk@Hge#Jlkf|Y@j|k^?Xig|u
z%3rTl?Z*FjE%}(_4%ObD$Wm6!CLa}t@(>4~H<X;L9y;}N^mO**yZ03t?8yh-6K_xM
zz5mSi<lo$M4*peIyadL(f>7sX@e=xXX7LiNjc%OdW^W*md2QhAk(^CJ)sfU#Kt(=v
zrQj`0S(+8&KR27dsk-?)*F*ES^xoSs2=(mwY!<K7J)JsNlD}aO)48D?!RZvxVDOep
zO=9+Tgy)evKbt_fG&9GKPRisNx*1-gPEi(2;3f6lEIc{mUp!KqbY!I}Ed?V@j2=G_
zci)^j3xF)<dLUHy)@Z9DPj09_LkcW`4nLwuXQk`i+cdh!gG6-~=cM7~Pa}mI&|(Yl
z2-rwkigHB(dd5&d_IqZ>=z7Kyql@{tL-h`z3pKdPKR2I^u0eXbc#QfI9bNoE)e24*
zixNQ50q%?~kaJ;y{Im-!kk>rO7D$HW4Gwwr+L<N{51q&SX5Li2<6{q_!b%plkl##=
zS@oM4K8^fl%JgWB+&iAV0Eo4|!>Dyfd#&db)B9lhJm^thLGPiG=Z;IIAV-f@$tiGX
z6uf!^QDD=fE#efIVie#watcf;1>5yI!7QSHF&d*_tGZ#->(K^q3Ye!5qace@@SGlP
zB&VP@*7GI2dQ6Ja$x_8;5e*HS#w9!@LrWROQ|wyG)n*o8C&Qc1j#W5~tMgGG)}@o)
z%Sa1%<vW=)3f8uhNuyw0N1@0DKg?Xc#~EC`uO>I}6oM5RU~YniA7U`k0P_&+6M{`N
zz={a=Pl8P{z$OsvX@Xs2fcXgaAi<^>V8sNxg<whFNplnICIf6L!G;j*76a@?f^{KS
z(nrtsKgeKr7+|+0xW{ilN%6cFx?p$uIKeS{KL<}kaBBj%|0x1H5iBGGLCfXfz6j1t
z0MFpyU&oH5p*Di=<KS-)e0u`;b`Jg!!Ph5$Sr))AAXrQQiyXWJ!TAYb7MlRTGY}k1
z2n%qEgWU*jO90Q{y>=mM7<|BX$OJg6=8$eqbVx^M)7lB>v1T%n6M3YBd!-`>D^<6U
zSNft`NG_PG%)bR)(jzXOeXerN1l5_fXaYH;e?NdZq+`BO6PTxaroPM!mPS%WuL<N#
zE^=q`48@`q*Dj4TRqa53@adUz<K#WnAN;53I)Csx2au?;<>#Nz><>QvC!@Slen*1;
z+uXDGzg_zq<dtUT6FwFM*dhlLSZpM)xEqTcW(hrO9je5V$NW?eVJu(Rlcr(UC^4}G
zy;RvFGPP2mh+;T-v==i-Xn8w7nb7i#E?g7yQndy0ky%O`aqm@_ld8z#u;UoeB`NN`
zDav1O7#WMTRAD;1ldARvJ<2LW^4a_IW%%aQyjgS%8m!SmzUfF#4u9VFVH;BQB2eXJ
zgy=~_MTL&AG(BN$rkG^Hg#rf&1sPl@C}zS69nbLbufSC(-foDU&rl5q`^fW5gxcW1
zDjmMSeRe5OY7!g+*$xDfrQEJQgs>*|5W){)Zi5u?*?edf2OJhsI!kcc4u#XD+>pFA
za|u3ykmLn~ZN9;wBjbeo(!1;5q4>J6dWU}mzC-b=&%DJqxCu3-p;oJNwAnx19W02>
z@eJPXme-Yj6XQ30k7D(lLiqb-sJgz??lZSYl_5JE@$Hf4@x3G1isdhqU72i_Bdu5>
zYFF)n^W<J;=zp_K3hl8@2##{X$<&5V6iib^H6E<%lrm)UNR<~UxQ<+<2EJv|mn47B
zV&+m(E${pKm_T;D$;9ImbNA)dCJ@O!x(}WGS(IR40}w`74!np*vNtfPq+XSa-qZ^`
zQ7)A{r^!W6P9mwKMvwLlmr5#_s)mIIp#V(XUK3TH<_c9hnx@bB5lKhIntWEQ(&5sh
zJ;mwB(&$LzbU5^A%QzkO7#$RbsoO;w9d?xtMK4#)BRX0&DXmqN(hMHn7jrsd9^Q}m
z5<I+x>d~BzRVIy&3ZmmrMW^-grq}3=;@U8tlB1<u&Qok!%2*~Gtjj=u@H{@vM#KIU
zPD?JXUH5C!n5q~@r>T%97t*o45RUDWD5}!^_n%%~yZ-*u%WKa2PcN?xxc~I>n)&|I
z%WJzzPA{)*EIGZr_V<$0%WHoqIla7AT5@`M?Z%SR%WGpw&PiTtU{QZMl%^{{Q23t&
zf$UojUX9?b3E=co1eOsTO#ola!FMCLZ-P)Xm4hcDSV{oT<KW>4o|yoi$-&(aJS71<
zg@X@V4&b5$a1jS@LGV=x;HqB<{3e1ICJ1EvIrt9<ZcPAB<-Il^!5H=kr2(VB)|?=)
zVZa_Pc-fTgE`!`Qj>}lMd?_Ee400Dsd+$1u<=(uGWVtfs<?Gb&LJs9|7fE7>8X2wy
z4qD(Mam=RN<s#|M+)I=0rn*!~E=QT5A-Y^lZX1AdTN%H<ROPi%*XiW7cYBh&HYjoy
zdF|z|jq=)eH|pfI43yXQ-I}A`d4bG^8f&Axwn+R9@*3%nHT}{~3lrB;xqgXE#MNM&
zA6V#7Gujlr!Nrck+@Dw|$~gTd>X#fk;i$7>8#xkRV*wEa!)t<=RLBA$UcyedjSd#5
zL>H<)&uczF9lZ9V-puEQX^k0*4S$`3!uV!(D*s+p7%x3uWK!I7&!#YD;q%Tj8x+RF
zigXHNh7d666vip4!g!)PiNYB0OZ~B!KJc}~7!MHNo|B^MV-I7w*z=f@b3OAy5|+J=
zdR*Lr-A&`!mLN5yV&A$O#}ClL``r3_RK=FXRIv*oQTjbw^RR6(z!CuD5THg62($ab
z$}znN7Bs+Qg0<hxU{4xg=#g)n?>}^?k8D@u!o1y<ptaqnA>4)t-zFe@r6F962%8cR
zHfeg_0f_Lg1ccFA2`6(f{8~rslz6&Z4=p6o-J?k#Y_aRq#j_`?A&n-ER*!9Nj`)>8
zv)jGr=V)!5zW9qceeu-z^H=|y&wT!R-E;Q%MHDjVRy(Xkm#NW$D$2@C{{B4n70iGg
zM~h5rd?x-%-4(O5C^U;9kP-98G0=ZS9R2gIkEeh7O=qTmU%@%AN0s{=-oQe;ulgu|
zxHT}=8@SUJd%lAyw43Vj6%Sl;g-G`~wfy}KpYwpfSbM)CJyQ(2VS*|CRv#P^x(2Rk
z56+Lu_qRvV-sgOBO?&mWB@H55S6~Z}zf-o27^#(x*R+wBSS+Z?j=0A>`WE109_t-R
z!$H(uhgKSuOYA0px(G+l-~yYH%~qF`zg&lbpbB8|>Ll_|nm4aQzUi{-=UDt=V}DdE
z>54D3Eli^~UGd4@x$e+zYhi9wYFbbIu|e&RZa97u0^YH9Y`xdnTG~~rY=W-oC=Ew)
zee4mF({#j_aOUCN@bRU{)dwT%mE3U&4P|2!WT*U#RsX=X>~S$5)PDp?1%4aLPfqAx
zD$#wGH}F9d-B|%*X@<@ofbz3+|KUO`Kmy*uae;jIrHR%1{WphpS#x(#eNw<PNL7%Q
zb_HqMj`k|y$dwrXbI$E&cwTSGHe3<9D|?5JG({R?_w`XlbkkchcA>5)4d1SNWISY}
z`dE{I6RYa|exYuA=tpbre&c@Uy^Qy_g7j>#qj5?&QiSnOXCpm=*6GmE-$l9`I)1ap
zfk2y}Od39tGvEJkc|v*3m1FWb_Xt(@cc2v_PzWTu^BRT9nNUu6CEEe?gA{%cawOrW
zVzjx*Mk_;$Sb3_4uq=&Po_v9JD#1IgFlHy2z1OM8#fJCYqIlW=KWMrKIq`wy%2Re>
z`6q1iK42CeVa^FH`vViLfnKi##-DVyEbi-USUfb)N$x3IUt{jNvGSau#r*-&RW7hb
zeh26EKu<{NEq9Wqo{U_C-(4YZcle%kGSU;!uCqqcp`7&BH2<YmQ9h)zFY7rWI6O=D
zoyVS9t=wRBe!1wdH&}MkC~tWJ?vr9==%mNlu;>Vey{+sEO)Hc;%g)H#Ok9B_U6PL~
zo#2=jvDfBqldVsQmB+2Za(2xN4Gi>j1GONzoMf*ae}yml;&Z;09i0}<5Q9^pqxO!4
z<>CT-+_weaU5pIY#$!UTSD}T`k^a<pIlWTCz%eHlUotV+3(~w#**y8)r>u*&BOXdJ
zkuQw&=WaV1vX%}KD;qn+mJZQ*xU?r)KnDD8Tjf#c;B!4YwxbD90W_>u1lAMfV`9re
zPr&*wx3gXdqQ##FTP2^sxFrj}3HN4(nFgN?W4y;=^4;NHC6(>&MWdzQc&j@w$tubX
z?)>hH)7*gzpj)iKEOMF@oN5D@4FE!ri8z5PB>4dV9t~3<h3|l$t<2xY%KUg{p$)x!
zEON2lUxz&%dgNMk8f%lYq+k)@=2;nAqTA1XR(Jl0MIQ$QuiWnZWbxPVCr-YWZLk~w
zOPq9mvgk-;4Jx+2a2{WLKKx<xTfRC_4)Dg4&f|-Y$layjq;z-SfpmBN6^qZ4ph<yp
zn_LEKwjIqg1_iDX<xS3x#TURIS|8-A0uMp{hLg??$UhQVZioDK%%ARNvHpP8Ly;i?
zrzp2T&i?SnK%X=4U^_A-%byGN_k#SrFn>?X?+#40%f)t9%;CsDl>nfB(`o8=Kz;}2
z?}hoLz$CUSb2<j7bo7EhxL+jJ-yib#$Nc>$KQ^e`A(uJC7#%}ZItE}z7}}FSPX?5i
zf#sdg+Jk;1cx>SW^;Ze%$p}h9PbTEg#QgoW{Lm>Ga&d-M%wgzXPEda$=nV8^L3vqN
z-T<vU=%ftjqzoNhnJQiV*npj3yoN)0!?C<fU3u8*@+`S5OEl6sK&7)68$eeQ`f{MW
z94v2Oti6JLDwI;JC-5Sbz`jV}8R#1Y<&DDfh8W9(PRx;ua}32EhVkG8_GAPmp)U{0
z%fs@98q0%D%z;kKiKDZhO6Pe<XKfsPuu6=^<zs$)S*#oK<Pw;#aWuBcAQCpZ@CAG1
ze+ztAVL|Z&pG-RG4x~aWoXv~(z#rDXX@Lnue>2Sg7A}A?Ekkhp=)iffTm8epFZMt&
ztrsnTzoM3TD7A^9b_;r;EjGh>ptu7Kfm_02v{`IXTt^$NLiHEyh_ngL%$r#NHl4lW
zrtz}%SrN9%`RiZ_epiA$!`W6|Btd8Qol`q0n0`I(2jc_%pBOLqe-`j1*b%cP2h-0R
zADI4xZG8UpCtyE7ykz@<<lI==6*iM+J#zXJlH4LW50wY>^@AuR!G7d3Z<3;$q?Qv<
z(X)llbwcoVSoERBCw!Rc@RBdWQ*ghK<hF5gugAp7Fl_Atqy&0FvCX2hxqJ`&McKem
z|AgQubw7I-_Or(zzvygSoHa2x3iq>jaX)*P?PsHs?q{NNvw>c3a6HhfjFrr7QnXoW
zX&)a*f6R?eP`9&fEB#%s+$cGlReBBbGBe$GFq!5Ei_s)jmfKCG{YZ84PgD@grY0B0
z4>ogA90RLT{NC;SY6eBVk~ENXMcJCkPa?rGu6+p1P;z%f&ezc&-5|;lG&?Vog2M-b
zAcQUmp;oID7!9X~8x%?Y+?Tye5(+-U5NqAhUel(G_a2GD!DNWE6kjW<5S!|us0y#(
zRUic;wY`V`cm<#0k(KKDvOoH-l;i_w`Tl&wZs@<l+@oS(RAxmvh}Bo1q%8)mjbu3%
z&VfR5HzJtdALYn%Z8f4@btP3#z9?{d<iqSiI^|((l-wwP{!eqHc}{J`60-^IRwvuo
zk%~eymv&{z*2W^UX&nf<-`zxl_i0WS+i+~`Ou}W+>6(-|gW1s;2(jNBd0Th8!^e}2
zCY&TUGyGAR=q4)EjqeIlcsHSLQd(Zf?+RO)ZoeVkzV4kyG71@$NjXYW@qO&bZp?>X
z?s*}hdLwrC@$SN7e`KTku+6kls0)o2J`~_v7^lceeXCWdYp-nTS-Gc8l7CkG6LZk;
zRFc;N3(a9X<f@t5mGKD3<kj{5Tk)RBjBAH|4W91ArUr@?-QY0LH%gG?QR$-GO9=P{
zn_Kp$L)VTH$VxH<$A`w!ud&DobQYS1D#vl!^v$hz*LX718jI3Qs7?Ls5NcKL01@dT
zF<{L^AAF&1BXTaR+pfIL4~&-&XKxbkI3aHmLwl_LE8)~Ae+j=N3Sli();pL#Yal(x
zD|>T5zOm-Ogw3&e;L8Ejz&t)y+8WvkoP32CxEkh@-7YpYQJb1T8n`;}fKB$>9YS4k
zT5!JERa272OdChIgu0{Akn_-j%sI6}-QkV~G4Mefi>Fn$O_V>_ia%>^uz{rPJT(71
zF<M|}O+de0WC(I{MiJDbo?nO`xDXn+z#F(w%<oO!-$LCu8~UD14T@3d0bk&Qf3pK6
zo|;`19o-j>k&n45jtMZU3vBMnc0qVD<l1%+XpFilq89cTxlpi0s0+KDiconwe7j7C
zkU1WmO64rdOmpS6FSr?sUXMmdg*ZCyiuUdcMUUL*syHfm0uyb8)f<Huq2vSDdZ<_}
zc{8AIgvzf?6Y37Rvkw=-TDJTmfO$+IR!eWJu_7vzN?tiLlh&f$s6sZQR37LFjg5?0
zi<frFK@piSgH|wLC1AfAY;2?31`KbO<W#^%&yc#iZLW?Durt~!9)ffAXm-X{-V}34
zp`8J&YXc_kf;UcG1u>8xSYRV}Vddr&6xUP5{7$8#eDc+i%cyF9^1LQP-a(L;*#~zO
z>ZCN-GSZH<n44jt^~(8%p+(9-gh#*eLyD7)Vu3AN0n7)#gdU%qW^RtwM;aw|Kl>#!
zyg#J$fPE&iO6Q7({Ba!)26S%`tjz+<KsWq1G2k`hgF&5vUqi&NA;&}+5{m*Jv%@2M
zIy>YxK=cMD*hTYJ_WpWheVbcub4Q!~1yI}#X>R0v^9iZ4A*+xnAE?raf&P6a%G3L{
zPn6U96a=RCu@%Vu`%Vn@?}NGsiRmNOm44+7^!8v_ad+rPs~B)#4xq>uZ~?lfuY>Ue
zFiN94ufcz*TV98FSYs`gFUfth(%tfnHh#g~=5u~p`aLR2glgn`SJhFW3a>>9(Qp1c
zJe|t*?#kAV+>N^PF7~F|ywM#Ec>^mpnTUTkPLfw_VZUo8*d+NX4XZL_K{RG-2fve`
z!roi@>T0upFm}ADxuaeTEZanryIz!+F)dGx8-~s4%A21y-$emWHF|>SupDnR=4sIK
z^ysJ;>Y6=hv+mArbAueW#bttdoHak~=5@InSDQ=a$Z9<YKnWAl#Nar)SiR9d)`LBY
zd#`ybtZz27KPLu&9&~VjjzF(8pFG9Z?v>NiJb@``wnDiVtUIB$(x0yLz>?&a54j;D
zXQ@G)pE}tm$X;8Uk)JvtKXr19mp!(29PKo3u*hBryZqF`>`#4nd@5-y#LX1ikduu2
z6^wV^337iZF1;@dcwgH%dAh>}{M1+FC$ID4(yv(YVxTh)l+B%e1WHFLv4+Wk{`N`o
zbekQDuoncpb|}JYW2!?x^c?h_340GaN`~PQs+P0)R(~{PF1^qbwB~yGV8CG4PvWCd
z2*V-CJy67jj=c?L2ME0(=x<NZW%j@z76z{|vkZZ%2A+A_B)MuEWiE!yc8?JZj8sMS
z)QAX%PVA_H;cqT|jdAidu-pa5n=uzGuASIZ+isx%8A6P1M4K)Xrq5plVyFaMF1H=s
z4#>@n!SwuoLt0_5zq!!-wL99t$O^3Z(!}f#Rxn!JHRGWE^B87Pa7tfGJQ8xhCpgVq
zSaTC1LgOuxv%d5tF^ZigRK3y>jmjZc)*;K}G-Bp0Byuckzz1ie&BV*GzSrr8D?0>#
zdiBxLbeujN&5^X+`baAN-m27$V+&cDJFDJPQ<O%WU1W#;p95<mTb&qhw*zn6Veq}?
z5NztAxx@V)${TuCk5xD+&?|M4+{-daPEQ>ln38H6FHf=9CIx$?B3oifl5-Q|ucEZ;
zDVVX{-O-E$u$#e!HXLQDxE`>sNpt5Neqdsu+~UqY<h$c5H=6(aX!VcA)vHkcm@Rls
z>u8p&bJR`>jOsB-_V<AK)4#{Kz&$;HJMZb?P?xjTNGFLVoG$=eJf(|WBC!b&96s4z
z2rDMcuP(S^x?x;Jv!_N%t9TH^j4{Yl(MFGR^Ma8&c^Ejt-2r^JVq=V_SA>Y~#@Pyk
z?kMD#za1Ams8tN48wA@KFvoC;b%bzW<rU4Ua=Ua48?bs<TaD}4C>w70Aa)+31r2h&
z!`QrL5-`C99igixq&@Hz?S8l3g3|JvlTljk7P!CN1BV@t>;`%HBQ7uB-(Gz*_P7QY
zm*GI8jJjYXJ;Zl7d?P8RWASyagOL&gx7pc2Rq2c&M?!nk#oPvQ@YhF#`>Z|Y2oG$W
zBg|^%MpKs%!*Ku9q*%xpAXNQuMEIZ{cgVrp#mWcUO{J+7qs<+qmy4A}4omJf_^1$8
zG>F;Pw7V*HFM;EZ-BmNnEC$OCiG#na+$o6WEs$^(J8`e0;6KU<Hp`ANFR~NLzK)-n
z8!5m7-6OBWo#&Xi*O?Azfg(G5a|MkHGtD*Z!t^%i;)QnZxZ}<2%%jx2a`P_~?}UYx
zL5m^@WK}pkOoinJ&g?Le@z4Xy{yJOkHl0Kqv5V0Lx>RTps_@B+iqXAIWqa{pog0#H
zUkF^+K3?wC-5cl$?Ajfqm`;(8Sz*3FsxL6fj<JqIN;-Rs1Ls5KkAly<F6K-nRc>%Z
zCdA^$n!iN@xX&bWgKzMrik(XeYI@nF;J8EH!OiZPUY&4-A1{x-KnxVxCdi%(pu&4?
zQWTEBn}w=Jp@4A}qpviT?WgEBK;GzKaGFHBJujR^-jA8??L>YclRfcw7*=3#^AR@;
zyGa{%kMQLWh1EX^)fhk1{l1-@$GqmP$uV*H0BrwvVJDzhEXs74#mX;_DZgHvV~RUq
z>d$v<7%SU*%<qF&Ya&j;${*0tt^)ph61x3?ZX#C|gxi>b`aXvkygbD@lRd<4Q+8x#
zvs)?tehNscNzD|us&ESm#c)KB$J-3A_l&cxONjUUTsK_B;gE3(RpuD@8Epx}@AL-A
zsu8Qdj2l)em-nF89=Tbi_GHm5Y#+c^Ir(d;s8m2759P1V^)~TWTB<TdG`=Ki@ChWe
zV#pJDd|9uo=B&yr?nFKyop^c~eOE9W{wnr*EqhNMAC5)(My%~d^gV4y`ldOcSLXR=
z&!0E*9#Iwth-;A8+aQTOc&ZY;mesbBKUc~<ADEuvz_Yy>1k1<z83wnp!|&Cc&U&J&
zRi#s*?>0_nhLzKqWhFW<<@O=Ue!*Zjt1iPu^dKjU_t9}?Tj`BrU_u7S3we<_N!;0%
z8NA%OvE(79@Fme?)^&!0{jWg5St#M8Lg_Oiu*gh6xui@S)&rK%PIsO7Yhc9t*uX3+
zHLRJv)w+@%i-b`f@I3eFQQwkU$(>0)$h0xkWn?MIoP3nA!$y)T3xD}F$4Vx<R^DyX
z=zE5hx~*32w&!@a4d)inN?mtiKeBx0X3*MrPVC1m69Z*dd};JKPJF$Eh@Sh$-$L}`
zml%m&MMT!CL^sp-R!%hQX(ZZ~LPQT!dD7fneIa$hog?PlHT#}fqFg*ce81%PcaHEu
z5_=(4ZNm$FRqIN8mzJFam$4$TO7@O$kc>Z-hb|)e-s8MzPoW25Q#gHj^zBL^`bt##
z$~b+OsGT~q8_gN))LFMdry`9SL79E2rxa2O9ANKss}n`utGxYmZ<D9SpV=Fc$~d74
zpD(L8Evq<<6-3i2mB!Wd{U)ceRi#nkG-j_&CmKIYN8_~;nAe`!cib~`{_I&elbc)_
zQywgdtwK-q!D8QG&%m-y6za+>%Kb0kWL_t~o@r&zL%p6!&qTe$szEXsJ{~58q0D?r
z8L@B-dhnxuWjsdv2(IAW+yu1brZclHZ*Z<dtUP5d?IP55a@Q1^BHfu0HjA~;?S`vO
z($Wqh>+XS6Z5y@Lp2}PANTpRGm0Dk%%3D7zm0F**whOg>ZC4y2;F2}JpEC2#aS!@u
zW9u7T84GyRCDKm`)h{{N)jUiAw>4<pz*I3G)(1z|S2jtZgQ*n{TGE6SA@S2a7~ci!
zk%G55aOB>!kPl@uqwT12@|jENbt_^p?5$*Tg`T@oZoSwzS7uPlDpL70tD)~&-qL!t
zrOmvh7q9I{E&V)==89lX`TM6u_&DB0@bg*vsm+qQDVe>6>Mgz5*+ZMlt6Ak=Rc-U<
z<A5P8YX?%X<*{N*sjQ*!b9!8{)qMw0iS?$Ky948W`bJA`&E){e9?G8$QwFl~W6KFy
zcH<B^^0m^h;Ph^1+s!-dukv#=*D#B*M|{DB4(xE27K9}x6$R{NjGmfhnQf_rYGXro
z>8pKb#)d`y&K;fdiAl3A2ekH7&g>>K3CC8{z<Sl0mJ19xR6(!EoBTImv?n~vVNiNo
zXH(1p5g+32Opj^zAQXIh5JC7q%!X#|2+Qb9^{Ee5!>1X?I<GTz+7SLqwGy_edv)R?
z)mo=HE}$XUs#%=}TzM7mp)Dd_v-#aP)X0fz1uFF^o4VTa=cqGaeH|3{9<^HfZoatL
z_=2$2On+BdXsGNKYJ-JOfjmp>y>VPqEu0ZDRYo}9MvP$RD|MblV}uN?)|=0#(wjLW
z;9n(jD%UWDu)CznCI>DQG~=M&&cp~v4=}=v&V-u9<rltrX&jKpi<;Y+?+6y+03;tc
zpoBPJ73Tof7~%kYMjeN;jB~&=UQkVp0}ur{06{7T%;4E-d3`f1S_O;)R&x%xNbRjX
zsUy|id06Y6DZQw7R`XJxvvApv$lcnRub$iKyR|coh26&26o-v!xlpZTX{?sTS}iHO
z7R1KVYI!XgHX30YuSKNqVjI;`q1IBvYZ<(@Kh@HY)iM{Cn9H`XbtMyiI<~|uF)#JR
zdS7SWF4%t#5EU7B1utLpS`lM1daB!#nNv}Ar|CUhD(PND@HE48?^jX?^$hsOBk)Jw
zE(x9uth3T-gx*Z2V&{VFF_1B5%3GU@7^tKhaf$YbJ(HbRP*zyZF^e+ftxFksHN0Eu
z`9}U6?~dpAqEbuU@}}BN@6mTX@1{1jo7#CdWiYEr=%$~oS~ulw=6$nf{_J`FYiG~I
zJv~e7sXv@YJ@p>%sl0Byr=W{m-A>y@&?Db6nW-C1ZF@J$z8#u5fO=&6C)6XY>C_|Y
z)AD)Us7F{<=n>4K^!z9FNIUP5_jr%g@|M@~9x-*Hy`c+F&!X>~F4QA4y6_&E+l6{$
zka`r@*-2&3{<Dn2S6~H`ScK|7_aJ7i;oD1vDt{@LFY9g6UN*<6-i2zXm(Iz;8^0?!
zyo9K#RjGWAzE^Q7x2jZb=Tr_<h1k)Z)MXW9uiN}6bul4!mL`trmQ`yHIt`Y^gs^=p
zdZW<9L(x^S3h?+>#!M^!+Mnr0l)8I0xvPlTAg|zy8p>U3EX<>i<gQ=MrD-6JrfPy0
zSAneXU2PJVo+3I1o=<{TE47k6)Xvt^G+Hv!sMW4C-fA(8T0KA&yvAF!&E%e$3l_jB
z659!amnw6510+pq0$7HfnqDH()uh{8*$R7>-<(0tv_IWT$Keuo98Oa=dp~CIWX{E3
zbJ+=)NGwU?9A8G?6`bTZRg&N1B==uy;rpLiJ0dyeEzpMKMS<v=!QPr?%!9|l9Hr9|
zB4`E^_0mkt@n8l$se#XauwyP&-l`I#(03arCZj7SCaWtE({HVfh)Ff8f~$Y#owqHx
z>!I0(1NdO!H%O~kI96W6kD__B+bP#B(@u57D=T?q1rWoyq*|7)o$B7{Pm-#l9!0y-
z`ref{Z5n;g=t@niRh#x4Z(3hf&KPD=Sp%eu+h+Rx^GVJiDPyMJFd-&)r`|6<ClO{V
z%7o`C!c0Domcn9e&2wF8{ED$D6<ml}MNO(#o7ha>TX_>r>0F5Ev-W(dznIq#YxGtJ
zU!&ijf8FeR<`myG4=Nv`F+XsTP%U?(#)(p(+>V@;qfGj=w@KbWXN&Ews{Q_Zq`(6i
zOgF@qPh`C3KkFTH_Y8;%lB$kM8<#F{;7Hg`d9vI~M@Y74GY8Xm_yDh9c*@3CFJ(R9
zLY5M-IN}EuwgtnE$P{x!^YH{unMU8}Jf}IdVqZ8^;lb09%eYNtDe@hSlk8te=OPOi
z=<u)7_h%C5vbgwcOOFY3B(cE?luiO2(gOlr4&TMwd1dWf8-bCZ(95P-^Ik;(F`X+<
z%p}!e8$haarPIQZPEuWMOs=2H1#~gp6bo$v1x-uWq`J9$uPxKb^%XqZ3|?P_S*ySd
z*;tfZiTiD?#qCaUW#_PNz)_K8lv6_D(h!0q*=J{A0$8-a24(2Wr=oyiW9Jtf!(aLz
zWADo&BP$C3z?rY?;2*d|DVzBRE}%+?f8dq^^P4_!BUE1DAGmib&+`uyZImGYK=Dth
z;2$V)Dhv1r%HPTy{(+}5<wpL2$7aRLKTw6BjO8Dw{!m8p4^-MHL)7+I;lrV}2S2*1
z?SZaPI{NYU;Kw2SKxHH20__2Gp?XqUOwLz6?nkety9_8rX?Q=r-`_{?NUcGy>2Bg~
z-TKta(zvW(i9;WmrY<e|)I5$}6OW$H(We<w-8^+h0-ai<7%kPuQ%ek~*YVUcL+Xtx
z)uuQyrmOVD18z%;Np1$f?Hur4e1FYOi%Gu*z+4WfkI(UYwT}4CnWq*N54fKLn&XS|
z^U=n`pYm-V;)zx9+3)7rx5j6`mjkxP14?+gOo>>{%UvB`?i`-|&3M3F9MBqH?mZl^
zD!#Ms;{YW-$9%Ql<Lf9@yEh(Crgm05;9(9}9bb7l2eidkzEo{se2yy4Zh3~($05~y
zbiCOvRBb^6{=ltS<YWdr-h4%!mCW`@G0p64(lk(9*>Uoix~JbaZ}xq2Zksm~cX3p9
z=x$NgFnMSJ)A@@0>Y-Jy^L@0NQRjOu_awLyQ(*^{#=o43tuu0OTy%_NUayhK6xGSe
z%ob?7Q%T&eBN26oTrsF@PygRh>(EoX;{u`<kE?6D61A@!HFheKP8?0HLGxzKE{h!`
z*{WB7flkF?#V)$wc=z5Nb^11JwQ!9jqiwe`dMWBZTVwjqmlE`!4wiK{(|?|4)PMfg
zmX7!@T}uz0Pc6mr)q}`~zvKeqDQ|EF$kKCXF1U>y6G;g?OKa&z-H1{a+YAlTIQ4Kk
znUPUO2YOWq<djixiObDviwteUT<j*)&FoQ>KNk#RCDX?JI<G-(@ast%j_GG>_~ol~
z4R7y7i;*pUcAw%B%c}TEY~m+&)>ZtZ`XtC*)K9#dX7MY)`~0_I&lyf2JJPAgo{Q_T
zGj!E2AD+3Z=8rRW)pP$xU6uBtuB$%jd77>o%)9Ej_^!(2fUJ1H#jFby^bGE1@C;58
zx#NYOl3qDZ+?6!`+6F^%I!n$pg>TxePiC42*I-k)aF0H@A4~q7Dco1lCo?(S)yEWm
z+mOr-qOJ=~;g)bx?B#otCO;iXn*5U?xj#!D1qANXCp%bjjww8Cf6{0s-UCUyYS)3J
zjo)}spUl+DuD+)5gf@LLQ?9u(OyOojvcQrrHie%*q)$GdC0}X^&p4d4l@pIJANsz-
znRolOR=s!oBo@MHOvf+^Nn(IaCD=}a-EM&0O0Y(P-EDx)A=s+~n{R;4BiM3+J!F7A
zK(P4)d&B@MC)iYiJ#K(KO0cU4_M`!}oL~b9_PhZ`p|r+W2=*5P>;;1DzJ$SEHNajb
z*d~I#Wq`dwur~<yz5!N8uqO%DV1Ru@um=dX$pC94*i8i6W`J!b*wqC4+5r24U>6c>
zrvdgI!BPpf*8tm1u)Wy~cGv(rK(NgOJ7ItwCD>a8v!v)@9Rz!ZU}**zhI;_mLj*g|
z0P9Y$TM5?J0K0%-;|O-40XC3eLkV_?0XCFiX#^W-fQ=y7fh-2Q$^g59VA}{b&H%fb
zV08qWV1SJ$*z*Lt)&QGCuyTUkWPnX2*zE+n-2l5aMHetb9^r2EjBuF36+a|hE;{Xs
z#aohZF*SMy0PZJylP@iXMQ$KVzQPpVvXiYLUtG*+Ic}ikmz4Mj8LmT77KsYg8p_QF
za!uh8hvFkxjMd{@i8z-g;7sN?sQpoTBF>lu91q7~XXS(Y0cT_a&J}u`j}a#`0cV&V
z=M}{1lYlcok5h>_T@!EwJ<e^2bE+*K$E?T6N1THRI7ixaIK2_)hXkBmdYmKs0O!*L
zoUipbTM(x?0cVRI=QYInFac-19_KN{c`E^DjUML?#CatF=M6p1Sj1VGfb&;9PCvx?
zLjulodYoesz<D$QC#c8y6mcF-z<ETE^AE%+Nx-Sn;{*_Aege*edYn5E=gtJ2c^rqG
z^a~JYdIC;~9%m5Z+?s$ho8z#f;;(xF=eh)(oAfweB954VGg*)GHsXv)!13sDo<N+D
z2{=wY&hHWD;sl%#dYmG}>7RgeksjwF#OaZM<Iv+o!+?{TfYVKnvjcH{Js6K;(c`>}
zIBf|yKOfZLJcT$r4<?mHbJ~(7*Bg?V8s2pg2$F}AiiX1uvo&`9g=~#oW74m&_!0`r
zKLiUIU>}<F!S^%)v^$A?7g3hC3|Zcw;yM%TeFLnHV3ENjrWjx!nc|oFXCl-^Ofg@g
zKo?a-;=A#Z!@6$tB97y5JkB6JP8Q;HOTg)NM2BNVoL>`gEP9;QJvgihILCNh?11$F
z;_PB6W8Nt!G%3%IJA%Jg<L~A08!t1})7aQluJXmndEt><6I%B(FdoCgUNpp(8^aR)
z)w0?2*&>H?*|8GOxZ%DrO!l3|OXwU|LSxFYXn2>2fO}0w;NMcXUL1-KH^%`N@#+}x
zHD1E%IHWsy38;e#KN<(TikE=E$UOjI|6puNybx7xe&iGjM)&pxCuV!w9G(ujB8zwt
zY#@#u$~EQg2v=B59A$PV_6yPqt;X8^eTZs9J&m%Kf3QXME&Nbx-L;fz9RszZ!|i{s
z{5eWRH(1n4eu)1SPU)nkq@DFwg#Wf_sWy%1?%J;&+OJ;Puio0PzS^$=+OG`l7d<@Q
zq=f&(Xor-68Z4i~KG9%TXt41rb@01LOP!$o@@c<{>6cgDqxjp{5L~Un+}baX_UjC#
z;Z<CoGNLV)-QPE^qi+9bol~u#CxD=nzA|f7nyJc{sPm=3VjjqJP5Wgg?ILKOMRyVO
zy+wBsw9TTs2-;xLT?D;n(Om?+X3<>)y<pK@1pUFHy9lbX=q`d5T67mdcUyE9LAO|R
z7eU1q-9=D=MRyT&g++G}lx@*n1oc<jgLglI+8+F{sO>>E|HZ7k2vYb5yH5Q0KrRc#
z$hrRCW(v&aQr-dpUioxWuUC~-2XfgJsi-`2AeU^CxupwU@hD3<xL8>TzariEu-ttB
z2a0u!h0Ev6RzSIi|C*r`@n3V5G5lAF@;m;kOvyfwt68Tg{o$kH2o;Cl=^R+g_UHZd
zffp{yVg7-aEXpqaffp;vcK(5vDNH_RX!!9F|6rDL|KuNR8GXk@eTEk$%Cj7Tmm|vK
z{DYZYE><bPN-KCCyaZA1;1Im{P^R(^yzEdU{;>-4jOHJBsi9n^md4h9wF&rfzDg*5
z*!ah4CZFx254@OA4)71Wj8J~qM?IRSe7O&YkGKJ2VXdgI+EIEzRekAswNmB!S{$|Y
z(W6nH^CZUGJf;-YYtwG!J~qilVrVN$d7M&a#!|{CWx6q*1iq&&$)B-jqkl#Fu~dxT
z)>)Jn+C=#VyBI9WK<|ICsXixdrHT0v%S9RN0=Xy){>u}aii%L`5bEZcnLo)F$_tP5
zHn}QxWw_-7?)n2MH3crWP*>QgUg=y@;KQF5u_;tL=TD|U`cjZ7Do@xJ6nNyeQRbS0
zaWw^QPtAf!^gI;0PTeo{Hq{gq2z3)DRva=5bsKZHRn-fHEj8D9;(|F<9`EA6yYhHi
zX+vW{p?P$gu%ci*s#5>4-2q#M%P!>?+J&bJCdA6FeizI3#uBVqy`dq^azn*oGt4rV
zu%fZ1V4@qNMw>i>=a4Jo3s=p8am+cbv7pGz-+CRh6w8s^6^kwDP^-wCh0vlYFgjDQ
z?>rhsEA!_*a+-|(Y)kjC%gI2IO{jC3SKEZ@^Vuc+k<}UG`;3lZ!6}*D*P_*9?os8x
zzs+TyG)*qYtl4vBHo5xEEWO7cGsH5Jm6byZOtndY2kaEV@nA`BmYiYm3}T*T?5RGC
z)QOMhG<q^c6Mh!MuW6{2#<>g?rWCw_N^pN>28A6xkLeJ;SH9?(Wuhqm!%rQJ#zKCo
zy5@k%6pJq%yIaH5rR%Zj<S_>o>}(%zTGNG!#n6p<c=$e6&E<<;E<##fd>Lt(o|&<x
zH{rkkJWiv$E=O1|zcn~pCkHcYQP&`l?I?t3zuq9vmS)6a=M6&r7fT!-OB@z=uu=UK
zm8YTqna54ssfHui6+a>jifRuuWhm#JJR0TiA1E}@9m)ax1++f;0q&pcDDf+vct0f8
z>iL6t2QC2?DPk-_5AGbPSYqi~dcN{h#9_jqw%u{V4U`iWaL<p}em(2lz2l6mGblOh
zyfg2A%R09IPRcre>Y=jEp%cki=jEiV^WX8TgOn<lmG_1|@OOvWo<GX@D3Xq>@=}p$
zP2baSRUbyd<wIX$TqV5}&s8rWSM5wCu9`k5DOYVGuG-Km30J+@>&#p=P~)nxFf?Hy
zfvb9ITs068ta`5c;JC_Ff7z{a)pNUvfpXs0aaAQx><5X4_$=z0Q#xvOMyUgOpzg2G
zS?9CHAH&WHw+mU=Go_fGrAu#xbRO#Fa^)|q_qzTSO>BSE`tBX<yO&d_?=l8vb9{}9
zORt1V?@_t9oAQZ5T>J#_Oc_?`(2X0q6^G{vY`{vX%IE%KtP;<^%I~ns;Q40AkC&sY
z<vlX9O_37FIGQpZ<{2;G8Syl$oUpQt&41Bl+<p;cyb>~YqKsR4#vVK)`V%T4%J_sn
z<BO0{gbnxN0rYne|J$4Y{eRrO349aP_BcN28rB5a!XB_lfnrkyOj%RtGJzDTAeKca
zNTEo93MmvpDYn(dP((!^Dk40Whl+}dNCBm6EiTBS0wN;f!ql?KQVK%zzvrAglbIxi
z@_oMF^Zot2M>_YMxpUWZ&poSw{rbd57zUx7FbBvS2$Ly|nWrr2d{%Ywo$``?3!XZ9
zhh}v7-3=p!C2VdO@IwH$7byB|xs?ID`J@5<(LecABHW~cYxBG2F0cuP{9jN6P-Ye}
zaCH&pjTjEj+SSm>F27e|@>rvzsKKsPNkZHP6R%iweJ5o;%`RqcXGA30`vQT6L;)tq
z$_ZI(jowJNVp*v-(rptZ-WSHZH9@@Ffl9nv#)VKoY3DJqpt9x&sN29!^!I}?a@`g0
z^T5-N2#ZgY+wLc$1)ofnN`&M?+1GIW9$O!)^`Ff_TDd#fwF8nTV+!2dN7*_a>Tr3I
zT^H?OdisTQ`BxM8Cplc_lU=9TT*lblN!HvAF65O8-eRjLcf*tPKnCAGI$YHdgw)24
z&2mV05m%X{V|z0$cR?`t;w3SzX&Z1&IYZqck5!~oeY}cZw+I>>hLKmLH{?SY>%6Ku
z&hbk9c~x}{1rQuVn)4p}5D<PuuAAN1+lH$E0(Jr`S-~qw*H!{SS)^y)Wtb2%6np*^
z1e)D4xrNf5-!UEQ>AWgk_DrdChE5=<lk%Zili2GJd`y~qk^S|wToDW*)HRFMl~)zy
z?89ncqnSO9jVC$MCqr1B-=!c{XT|;A3O`6^J0)4#bb<XON=w@?Xn!_>LG|J7_BfV4
zRTv82ZV2*|UhIt~zSaNSTF3VOR6R0!_<{GgK}f1|j-pv+#N3R=q7X6GwG@-WNl%qj
zd*pm8j-q*1(S4@~0sB0j6q5*75CQVT+6#6#T$zw3cO4pHq6-ZeU*@lYC-*vD?<L7o
z)e@*<enZww3=k6U`swRqlwPQ;WN+&nJb7)5Ql09ZC_thi3=?3*?DBCN$oTb)w5xqr
zG=jw(c3V$|+TDp}#ul4%bB2M%?etgR1Z;pmhWK3@fXr<KAtrm;3tr-wVbSbhClXq)
zTkU0Kmi9Tw9@rr1k0_RHUx|$w1Lnz@5vlgFon(lT3HE?J+Ts@=#~Ze;9<~nb9;9yV
zyP_epRaKc%i~M@U3VJ<~UT@%i{j|9juWwwDq)3sdhKAl6*035xH;s+xo@Eq!&oV)N
zV51>_FFMXNeG*@16a;P*kC=fp4m4(!mvWbMi)>OAv|lz-nw5?gC=+CpswrM>s~8Q$
z7m+m@r-PWJC@KPdU<9-YIYg9ujhwp?T>9YGB%3Wq%4W+&`{?3NE`*d;#?NedG`C9E
zQ%w0OWieihI7-&IhCK5@&HyIH@cqL0h&1F29YsB&kEao<!LB@Uo+hPe7s%hvklP6_
zO7vouoLefF5*-T8;b3759*KrVVBqPNGaC}S$gPqwgH9PwRVk2FvYuNdFX1D?Q&&Rm
zI_QoSX64|#YaY5uzkHT>O1;+hlDkCVwfkX2;YW&M&&dsp&^({}BFF4i%=0tT$IoO_
zN>*p)Srb$<n%qD&qin@lYCn%lF<Y8EmD~2zVk#@^(^N)c<_BrT&KjoDZx;UmTR^10
zt?83#(tmgwjStJyc;IxUD#?UANyhrBY5b6*Skx%_-1wwh9n@av8mhGy*Km%TZhTR-
zpNm@1M1YftypdzSs>MeBm%fILyoM)6JwY?H`Dd6Rw%WMCS#4H@S+y$G?5@SCh~bT)
zOjhggS9)xF?YDWK2)4`ZN7JC)f73mFevZ62iceO0)OowSCg|a+_3<pn5`D4m3a3$K
zjE=I^6Ths@R&Nom-s)?(XVM8p?YsA<o1bf7isZR2`Jxtc{dO2N!p!Fyex>KP)`|}F
ziTF3>_x}+Qs5e`l=Y7A^44Qpsa7(Cap5NwJR$r`-04tCo<c3g^FldR(r@T}{PYQPM
zQtf&2c_@W=Vk3fl-(Az1BcHYkI_6%4{2xSSs$h7oU0bD46oGtwoPu8t_v7B8??|Nc
z)t7sd8ko8&Y>6R17Z*g+W-lZn1q0qx>e`w!E_tO{qKhz{ISi}s^F-%NfR$k8d`rbc
zUPe?bATJ|B{?o|J^l1Dn-gjSpj`%GrI@@l9{A$wvi|0J$tBE6eewpg~Zj+aB$}VKk
zozJPh`%Y_+PHEW9VuUxqA7D4z!8h>EkL>1BzK9noX66($$O)si6ZlRzWo>fSZILmf
zz<a_WmjbB=QA*{@fTqL8V5h?HHWn1_@7-pMe{?@!bo73J4R3)!+?91pGun{RyA%hx
z%BhLmL2lf{8PmaCk5P!*lwG+9LTtF|M~IM{MJ+K4iLe9b6<5mE8^d7h3;whU@NWi9
ziE3#%W6H147(dRwC%S&3i?-`G$=Oa2{J55{g5{CX3<)2L9?O=hdL1SxmdhKOdVB4B
zlzQBRdfc~6>2bnRatSQ6Mb4Qq(`$SV+vl(8YFFy&k!O=MT^-pWKvyw8q&&S=m{-_1
zd!AMGFxb0o4m5!t&SO2CXTo}&+0@NO)Xfp4N;e;VmbzJLi}ZRvRG?Pc5U`6wSr3z-
zgGsD^NzlEd0KJPUpMouJ+LC$)F^y9?2I$y;pg{6Y47;#!2M8Qg5(;T-6uT-<Li4d6
zlb*uOy5wnjv*JdIg3a3T+&P&auB#SbDwZh&E(J6d-f#(}nrA%YfqVKSNX<PJ2O($m
zHNi?WFvy)2zyN%2Rlu+GyNq9PQBBWjYI>T!GL2x%G_a)vyPIGyX<+{#SPz1&)WDV#
ztOdbd*T7a0>{>O#-qOI{zzOV8U4-NO_ERJ$wieq25(A!smA3KhIg}N3uhUs@?P2ph
zXGs#Qu#jIP*$QN|Pn6&aTEr)5V<OB?0lZYyW5g0(Dm7y?seBO0lpmtDEYP%N9<}pc
zg5_&qxde+Pm`ejIAXpoME!M!Er2e&~{?%9dcPsDTAJD(UXQ+R}^#K=><&VI2_<vwm
z-nfRJwQ4@wotpF{!TM@ov4I!T^1znu=gDHqMm6=&)D#osYpQhoB8bs{lRjsBarw6w
zeTDAj9Q-zbkNANXT_W%z057=Y3x1Y^rvdnJKXB0{lIU9{2OvD^hwzw!&=nA7`60|v
z5b6R#h95$vj8NV|ryj&+I9j(0<@aA!4`LH6juOgauBeL}VR2`ny!wh?7ca{#DBK2i
zUYC6l?!O`<Oa_D@el;}xQ$|PxgfPEUnspU~j)3r|Uk!JiB?OZc0tk_Qrhiri;b+DY
zmv{C<NT`$%wgE!VN?(MR{*Vz?0m7m`K#g8T+qC~NQock=9oe<4q8<qByXIW*@Z_Ax
zkGA4CmhvfJ(d9yW82-NJM}q04U%!;!ub88K|9il3ohXNdyycLvwxWJHgix;tEjRMI
zTqmU0+56?efbyrH`oIeO07ZF{7AoI(!si=v7+Qr<U2^Z2WS9V4bj2_R!GEYyJFgUP
zl~GEiclcD=!LL$*SBlBv&wrt^<@)Ul(p^PLNBCbBX+Qr<FYSWAxJ(XZaTRuG(N_3p
zGyJmy{`n04`HHvFBs~k4Cq!-y07!gV5e@&`LA`i3xHFEEn}n^>tD`|tAxmH{NzcMF
z@U!d}GTRk+oMECn+>@dg%Yd^GKq&pyidaFbztQLiC~PEmjm6*~jGd)WI_n}xqk9eV
zKH1#~g7`pI2;}g{kXium2qpXm<+g>$IodH;U2!N~72$#gmO-qKJPe7WsN=fbX#z-Q
z!+|Brspuejwu`-&)64uFe1kDT^$q#c`JITu#$;K=soPU4<HL0N?B=4|5k@g6qkQte
zg{dM)8sQm3Nb-DTqOKIe@^;mUTczMBB^Xa~nV3h`GlDY>bT3))?vRBE1toC?dsW;*
zXi{#nu0#YAS0v{4m|bGt!+OElM|9V9*I($`1$wSrk>PBVam1Lt1)o7&OM`u1MN4&l
zkP>`1dq+$OfZ2%FcU`vE*##*z;#~Xeb+(GGGopJb-8$Lj4DF9P{>HYoJKJdQoo#Z?
zGekn%-9}+z8T-ZCDl0G>8YLR>B4fDkGee^~Vp*I5voM&Myz*U%7DH#di9sXjp34|;
z2DOrhyepAC*ewid!_mqsO|iSOjhK6y=NE)btghdsXWP+Y7e)3@iaqv}As=i);&LC!
z5S-??(u53HB&n1d(3Aa$-TjD-?CGZLiw2NI23hPy*?KUxiDc`VUG;acmm@v6!Z=1J
zd*040_KECO<!i82eXm|*XJ~d`<@_x8Y(a5_jRAf}z(6%%TSX%HKOw;GRmF)u2bKr4
zC6&_X&5Tk#=%?d;n1lNOc$y!$EeE#&a3l8MU5_wC1*e>P&}>ZK8;vCv7&)s01`SA`
zYW?EywS&<URiiggR7S5WR^c7J+eJ2ds=<S?6V+oUvaw@d%6`3kEsb5t1sI70^$=~U
z5E<ZK2pFs#yCLBJhJd?O0K-!-L=`F8QFw@tLi0^*6eju&(o7Dn+Q`7^eqa*^e+S@t
zIEFSFEoJ;}-$UbvDi8DjY5Xd_`gg}K_k0cGH~D-G<2U5|&5hr|;_HszhT`jv-wVY)
z<7Z;y2LqNvgIK;h8n>~L4TvFs9&kZ;Zj@)ip9^=usSrrb9CMJ&!{#m{W7?l)T=2l}
zcl>uB`_;w^H;Efwd;$N{iLs@IygtYfRD%7UI~pTTcb3GhRUu;W?l0*-(eU0bG4>Bb
zUJ&ZH2BLs~-LlU@3Ma9sPp&lY=V(lP;=a}4o~lodJ!#0NsK=QR`j}Ho>_vT|;ta-+
zD0^8*6fB51L!*#rRuUg&WPip-8yR(Ee>kG__OkdW6QMAu8KGvoJ3h){cg06r5XlTk
z76r+QNLD}+0ZBw8D<Fx0BsDlt>9H4uM6v643R^fS4oIvG@w-`jVJh@^<l8%+N-p@t
zsRv`n(O*WhGq`uM?wZ3jRX?~WWIc2hf`z*V8hz5eibZ`rjS~dv`Nrox{5*>(*{;dI
zA-bwiq8TohB_a9OfNk2xc){-(bL`qg&oN%VFPu^mm~aZiJxf6NT2PX$r-qJYE$lJq
zt3<e;NslGrL9Z{4MlR#hMl`YQb)4PL*t{Cn+Z5Z%kcI58l84^~VZ&Cm;iQB+D?wC;
z9M<DkBKcqQ*<b4T<=kF}H3h`RkX;IGaG)VucVk1IdW@`L$YSWnjc`OuAO1ww#BQ4E
z*!cO5=Z&7V_9%AOC5QViw2y&!^AM=^(-IH<w?K?NYsfD`C;Mx-=s$&65AZ*>=u1U3
z8z>X=4zf1a54UfKus;L;(<R4lO*SO$5_M(Ch5@@Au0I`}&x>3C3}G)FO)mJ%0m?O}
z**^7h7TGn}UEfIe9fLJ>oGcpbt{oM@2{FGordDJn>we`rzcUWkX=xk;mvBvl4fZq0
z<xI)3)rR~d0+;YOiqg{TWu+7)zmz?KzTQ2Cv8<iE@$!ovsge$U%_u|O_AGnejx4t7
zGaRwk4EfIqm>oD`rRWMyW|glLiw43m?}*q{I5-k>2-sPTt1&q7X|X7D?v6ByC6&OS
z11%0$b|j<AmcoJ7(t#O_u%`*mr(qXH95XZ;XoITHGQ1Ru^~6fqE~HSn0D|q43ZJb)
za~#*eG**eOJQ-}$SW6wT^BKdG5AH(tyfSSsJD%MRJSyvKMf)Y#zf1e&{*__>#NL_k
zc0PV9i8?q(?%z;V_h#_kv4iEy>-Fme)~_Vqtt3^il31sbc%PDZm*%h@g)1EbBWWP!
zCOX|3?25+7bry(aW)xkGMAt~YI5j>ZG7Hj1xZ;eyMnpw@M>b?6WuW0a67eWTju>sq
zt_yby&pviVLMru9S+pRTzmEocJt^nQXfz+odWH^yLsRGg*vo%+vEP99T9^-zUAex&
ze1Hd~ajp9b^3WGeH`!gMAi`oi-jUFN3&JaodLOh*876z4N0(iX4RHO4xWZ(#fZ@i_
zY=ukRul5xn7cmc5KhWXo3M(D;$Yu!sW|V#cAu1)_8>lZG7)jIZnq?^+Xcb^8e9|Ov
zDTBjh9Z(u?H3=1OgI@{Q+kGNiGJf?5`Ik(3I#!q@(?=ya?<MKcR(&bAMk&OAv|No8
z;3!klyT|+5v;9rzNAn~9Z|TQB_WTv}BevvkLO<4S@u43dfAzmYKXz}wdHT_!E~6j8
z^@x6)EK|{sExTp<k<IFrjvXNSVckXa!?Kv@$Fg*y8%y|aVR{YpBh`m~v@`XUjTsz8
z*(SDt)%2qw(T|qz)P{asxTK*U4>J0JD;f>H-Bt&wdn={Qck%f1Y)AmXLIj3gyA3?%
z{O`Mb$PC$8OjVPa)a#L%d`@N_DwfI2<YFQ-o<*^O4?p&|q#p+l{=cOk_kHnK(2vWT
z{wDMzYm*QCnDhDn3jHYBa`W`#yHG|ywuce@ShHP4KNfr@(~lmkUTNiiq90Y;iGG}Q
z5&cLVPjn-N|BB;l$$$LVxEB1!;nlUFAM4KFkpCF}>0iWuq<$n5h9MsjVfd|3=07z3
zWp~sA4!F<}J&1I4E)h3+>A_w@{+;M8dr8EEM~o=gi)Er<H@vr%h{858Z$JB9pCIv5
znJ9>{mqbHSwW!-B8U|D&QP>VdfxYw{TL=zxym5g6EgNu~vz|EBlO=8aI$Ed*iYakS
z{W%M6c@Et%qEc*^=%E)Wx4?8zR<5FHtbz)dj(hBs>&ZydG5BBLC$be1G}!a1b=mcK
zEN`JOxS}QGFm_{Y=g@#uYICkHMRFDwUM5X-6xUy~SwKU3o9JeJ><p^&L9Y1rdN$VW
zBZWb(%=Q-e(<;Ef8ElZgggt9A<bNZRC$T6a&0ciB$>ENOsOZS=%l4v2tE95hN)M++
zY|oZvAX!_E?<K6X;|2HrmG&ZRck-^dLa>iSIY&|UYLvCWQBo9|@i7u4yE`!w%@gdd
zv5{>3C0Zc!u$9ad;&LBl``2YKCLBX5#JZDk7O+!L43Kb4EK4{`g2;p_C}(Hr{Z$~~
zf`>G$L|2{&&X=sg(8WkY{%)Bp!O2zB?b!M>RJ9rzJ;MH-*h&2ZdIbG*^mf8)&vSYN
zJxq4ZpdKPc@^&$~XwGW1fv<#Y5K7mQUDIpm+F~S4)Hfhba^L)@6LyY$7RZyjZ-cZH
zs$wHiD68mh!selo!!;fWlto3LMD;F=<GV11Erb}8P`>3F24A>U$Ea3=Afj58pMrNr
zp9le#Be*^7+`%YU9rUVvn0-+CbvKc&zFUZN^(Y|H_3{`ZS<ms`BKBLeeBtl4pa0l%
zgZ-S_uonAy-m5pWpOa7jH}><TZGXvrUiRVNV?P@|^x4nNxBc(#=T;y8HT!wkwRl15
zTYV0<;cc6I_VdLOWk0{Qp6%zRpVNMxwu$z0`a;^zyHjZ&@8rLqr2g;h=k{OTU_Y;|
zTZ{et_A58DpC9@Czp<Y?ZTU;~^RD;)9{bt$p3i<x`t*NyKM(%!ui4Lem)U-vc7^uy
zh>v~tbH`7V{e1WXwx1J9X+OXGG41E)9-;kwZ8+`Yi~RT0aG(7w`@h5DA`eT^Jx7m<
z57;s<AB{u?y~o#JfmxdD?w?%X$qu)dmAzkYIhtsU4o49oy5((?-Z|KlD>@$dF_N|5
zkhpLMR83Cg6|%duUW!NXkJ8Ecu^N4dkN(YVfNgGcK$~1=$*HRIF0pv8LS%Ls@*NoQ
z=38jKzcMcGvJR5;=Iv$eiqeZ4Ur-c!-!c;OyQtg6NX+k|OHwp+-<9E5+TF>lV{F=w
zz>u@gvioEGV0&2twv?@!1U*|c!Fq-V4tv2SQp_dm8H%iyOE3e9nV|rs3I?5AvYEkU
zja-5i;8q3~0S@Z8WGjQCGS2S0X2^d5|2X2!&&*yDyp3oS5&<Qs8jLXde;&)tV68v~
z!hYXJ1lE8A&<93n8vs|>tHqTb)-kplQ`l}zNshf{D9Ay5AiLi~Dbk)rFn1(BHW=CJ
z2v@f*iMNi%XDDl6lH9-~rGZIG1BbE(Cdmy<QW}_~G;k<uU=nX2TYtq!D_HBwSX(X`
z3c%7K85Hi&{7>Ga-N=Z03*3oCA@3ly($ReDwzCU<05xT3CEI;xD$jY8<*1I{vL!`;
z_&7VGF;bJO%mFT}#~rTAQW3W5PPXus`al5<Tj-AWXlq`Xt6uTfssHW(^>;&&QRs?o
zX$%xr!<TlwOJ7<t*T<h)ME&(Qw9lpS#Xx96du;_bq+qbciA2AXq8|10M6`3auwhS8
zLh(b)qEnwo@mv&gW*LE8QDpxUa3a83REaGqV}uhNK$h|pj^u41HB9Ixpnq>sw+~MZ
zCOUFj+SMOS!UjiHZqqs2i$zUrVp+&ON>7)$PcM?dL(D5>+s?Vq$fnfB_AO&3%8cNk
zgJF>_7R3ZkR?#^`2#`!88dDEIU%^aEB2&4AiO{%i$J3MKhK&<1`8TX#?HUHoY2%7w
z0(ioJS3$CS23womhW?yL`j*pD;})0My56bx`yK^vxxx3KwK4C2V?O)Z?X+lq>zjlg
zFcx`Ez(#&dTUDa78_X%I<Knbr1kuz&#;bty+H+vHz{6i1gt;|eo~VrJXmqsj>0{H{
zj%lh?Z&6Hu3H>05+7}6Z%z3}s!#>*2`_aeE0Y2KS_7nNMJJ3Xq3{qB+!<`{9B4o&S
zA@?xHjB+%#iKU8==A1v|qb;YHLwh+kU6}b1QWN!}=}P0Sq}9^ewbdRTV1ZsWaX&Ef
z*aC|fzW#xqO~qUaV0yVauA5L^z^jks)lcHpTjFx(NBAcDWAJ*OcyOn9rBMQR6q47)
zQq8*PM73R>kfd1`#=z^MZ5(W=zUL?KnW&bQ2bu{Z&cys1&xBE`|0K<XHmFSns{qb`
zD1T3nlY-2jt4q%b=>H*V{XfLKzQevkWB1d7+SnZ;LNeH01gq4*&JnB?!KyW|D+KfG
zMp&3m4MT&WyuLpZtf2;0mtbWCYpj782=+F?T4`X-3HB7h%o<p0g3TgWM-8mK&exd#
zvnv$C6W3GKvoS*X$9~4*o35y0fqnxxZ~Eah`ICp32As8k6Xa)=e&kP8J&OS6b3YvO
zRk9k7l%@hgqpQ9M&a0{qB>~O^Kb*tY<iJ3;0m2v8d=b7;5JCZArys&+93fTu<r#*s
z@fyZ}t7s1YwB}J9jZ(&n7+j5GN$5Rt1&P1S6+J2p6`grBPS~~;5&WIVik7NksnZH2
z^eG&|rWF)wD5X7_Qm=j}R^X!bzP#wUhhhWh*GytrNpAgjd2qRK##LJ|Yz)MJa<~_m
z9q!4I+MqFZ_JR^L#=!0is(3LeO1zl*5n@rCB*se4W61?2+4bCaR~60lxE`visJoGm
z*WFbG`ypP;e7t8v+?WrZj!~)yYrcxtM0XOSibJhDbPVIn^Gd4VM#3&G7hWfx=H%-b
zM@G%A)np%z`owCAtLGC~=SR_1D((BHH?Ypku@G2?+z=_SPUAt>Jd}yZhHODzjwCqS
z%J?G@f2j)pXS+HO&nlsofp}W^#3%aq<ME7IQk!@@uf0}tJRb3OipP^OBi3g;F>)av
zPmE6j<EbYL5ozHn)bi=UPw@UEehjz{OC!-^_D%<yY{KOay>q2=kejrq!B6*7*fJ`O
z+dzzo$Km=zS|VNx5L{v>9w<HT7_0h3Wh+7O4*t^G4Zgmj;iM&hLHwh|wTgfAs{eTB
z^}SdIhP5@-&&Z{R=u5bi&%RO~>QN$->7`p<Br;-@mPOHgt(+DsC|7Kww2&9OrlE38
zj(-LAhOYBs(S2rcY&ls`$#|pC7uYNm&%pB?qg_c8w|4^L!#|)rMCUDcQ29|d`o+(w
z@Vis_m~pJUfeODhmEV)b%3G+)L#TZCcvhaPs^{dkPC{;<2*KHfr}QjbiSs@8nCRMo
zf4bw&g4nLE=&D8+RL@>+G0CVz!}tq0K&)fK&XBdQJ5v*ntrqLqz}NHpD=N{{Q%wPI
z|6|0SxD9<^nHl0s82i(3JQ#~MXaPTreS)6A0^XCLrU@_CmL@d+OX<O&MYUO<OIOxR
z53F5iA=#$-(SsU^tMg?qaqXW5#ImP~Sgwy(4@@ohtKqNNuf5#08ISx|Y95cs&NLpD
z2Wvkb6PJ6(W70SnkG87ucw^vyZ#=p@S)1{2uBdrDOp!Dm<|)48f${AMf^|H=YE6Ta
z^it(@&f4wwC-L1T57(Rl>fw5>w!`Jazx*G^>q=p5#w-41|M4p7;l3Yze|OwZzQ0CD
zOo&F^7vMxZ`XL#0r+yjfrQ(}zqru%iIo97^yXGOi@Pc=}rQ-lbss^xU+<$MqZG56O
z;}^2L=JmF^BMr&gNwFIFwG!IVyNbvfi%0hjlT*W&6(}KEhh=3>DYdos2A$bUch3kt
z1bM}%r?H(WG^<f<<wQEAKk`eQ7N|O0j{cfiK#>m0Y^|m^d-dX9P-=Gx<f&-FNDWYn
z4I{d;e{x`DRE#EW$Vfq4r_l0{4s7bg&-$p>D?J*SI(w<%D!-V%3cUO!_G*AMYArl!
zH)JKwYMPhBFiLBmmOVt@c$#h;{nBH-D|6LrvUlwh9Nf+e)=M*aVcm3%yi@kSKoetN
zLJ&FqXMYN?0lHKi>lI1dwh|p8Vn!#?xyxCG;*E@DV3ly5!B|_KfgC=-{=4@DFI&~>
z1n~{SCgOhc<(D=eM}FyCvJ%6U^FJH^9lm8mZ-sAp={NfR*AE2zejob&<WcPV!&Tp3
zSN!jM|3EM0`>pu*htc<ef;%B<?I8FfN)mZ=+5yGL!HtJ<v#PucE7!`mue(2Y2iTvT
z9+Nkb|Nh)6VBSsIh-Id@+(&J=ql~y|9j?nh8}j>wH?<+>`)tV1Mrt<Xa=sxGHpm<D
zrB(hLa{5SZ>{!i)th*uLhK#JmhHST3-jGcf)8=|-ylO)lSIHZ)vWUQo$6v>P8uj-V
z>@N1s95a})nt{qka$We3()-U=dXn99^lXTO>KF>({bct7cGNVTdnI0g6nX-fHjY}y
zhN5gM$?3M5NJmHUsv(qRQPW#T(oGFxWg0(iCMaQJ&N#ZUg9j`<-J;|uf}ocu6@>j1
z+dM!ZsP6>w;5D;T?dMcD)rP4~wX|Mzs#)<=TftAYNI2CjHJ)n53e#VE|2~}SbG}8Q
z8Gz6E7V#XOZ=&`-_-pa??}LIziGR+%QvOG^$D`7z3X8a4NqW33osf&iscwX3X$CKz
zGY<B4Zh-qxjr_!GPkZ@^Pws<}pQ{@A->m;Ve&WFewc#h$JzFzBk=llaC2ef1fDxOv
z*RWsyR`Ro%kKT;@Y~3>?KU?$6_2p-*J4;Jy>i>1tNB&dZ_0fC;tdHiZ^-<dMzqdXH
zJyNUt@6*@0|F+`y-!Z=To9o_c9$I|8TTR`2VUS8ygS4uLdXQeJ?I5-Ii{*zc=htSu
zCN8OYy!0(;yo{q`{rH#p-y#3<^>B7Vu2b<Z7uF&-v2d`Dyy*y)r?Sy1KBOw&LFFwN
zDJuR|RlbJGPo#o8OI5yf?Z3kxt&dUoqd$)je{|=l0Qa%$u7~l9uD2du9|`MWqiQ`o
zedpg|J=A@;HtS*d;+oe(RdZSo!pPdoOS-$g^dtd?CPp<hv+wxt(UU7VwYvWo)jS?j
zGa8Sx_W|<;`2wDU<@z-5V7c^8CnaCNb|3w~jh?UT-<>K4F9<i7OyJ+S;-@|sq^GP*
z|G~R>9W`<<u-C?1@PHG4@sw`X3jOatzARq)NsQShy6cJVsd@<d9f?sWU3<l?QaBi|
zY&}!o9#aNPpV_rHVu4|O$t1&c_W!h!bB3%EVG{fkvwxCdMg!}s@x*gaGAsbI!}gcX
z4=~JV63ZTkN7yDAoZBYF8xEdLD5!KkN`W3AxC|pA(&=M;1gN3%pHRb5aMID+T{~6%
zKc8UO{9Cf_s=fV%!9^hx9kH1^h3u}NeVfgy0&@!N<L}a~tIm0#s<%~DvF)D{SCr_P
z6yN@AoU1hZ1BMWfE!sNCaIl0O&8_UZgLY6p=WT<~JkSM(VJWwABfv<g-z*&f((l^w
zfvzG5B*DjgT;{yZU2^^Tss6F1`3V{QpPQd$tNyR^Gvr5_pAoD6?fJ=jh32Q;s{g?J
z^ep;o=4b5Dn&xNX$p75@RK4<lou7Aqp!r$<%D+87Kfg@#Gxe4K!2CS#uI>Eb^bA+Y
zlpOB<qWca<5qf2wU?)H1?Xc&S>Ve|Ed!&!Bk<8OP===7E-Bn^|2TI4NYks+rvg^x?
zGTPSV^-WrHz1!J>ePk+dcxH@Hu~Q-TQy-<Pc<?>`{6Y>Gt-^`|Tk6j6^|JT~Gl~F;
zaF{PiSL?J8T$vFeuwwKWxGknqx+|>>#a_cx4{S2?iJO@Z;jH2#L<l7+RJ3N_i)Z)x
z6!C#lSL=lcvFGg!VJ|pm#kubnT-)-F2d@rcL!M$tIKZZ3xFLRbe9;75?B~v|U<9A{
zQ`PE_>`n2m<6@nCu;j$NW5KR5`6;4n7q2OMeMP63%GDu|!7bkPlT<GZ4sM1CFGJ1P
zs&Xe-fV&gfq-W{#*mYQknGa#rSSz>bvWJ3Ste$l#L~5CPEA%)kmtkQB1q;T*TzVUi
zTlYKbyd3_=87h5W5RG=mc{_46cj@ERqWhML)fJ4N+g@=C{L_HXiADOCwu)s1bT>*%
ziLKpzZ^eJ(zV}$x4eom~>+xB>{}nHgz3G>jR0r)%Q$ZT@(~Hp*?vU(F&pFs^_I(O%
zL=#^Cd(-e_*PIlGtGB<+sYe=~Ph;46C`z1a_})P~_*hqONrUe_^dj0>%ip^K-`l+y
zzt{Ffv`KZi<}prro?bfOfwWc5=A@3zF_MgEZ+de`S(6<SQ&JITSU=DPc?}tjZtHNJ
z^)`@O#(bC;jg~R<hA74|MhE~4`2sm8ZAdNW|G#qIe{A~A-1m1pM)R@xvFqRWhv9h!
zmy!`Fz;`bP`&c%=+vRwJ$e(_HH_sD>{HgeAC&6!i*>GiXslI!T-e3&vwJc2lqL#w`
zZp;6+vA=`(-xdrcJv_ov47aU>m=Z~t3NpVY5#&(Qd7rrTa)^Di%3<hB3fk^E3fTYr
zgWV+EeIn2jJ(=<DEg(J=tVKOswDQWbSYh@VKuKoXTn~_U7eeU1*?OR}X(325Lp$6}
zhL9P&J!y6nPNKLMrIb@14A3mz7z=MqQ*2E42q4I;G1bo2eEeWt<-lo{SIXK`4eja9
z+EeL7_lmZxJ#2ViOJT#iOLZImZ566CEP`_c5Js!$&LaY!!>+5F=(=k2y{@tsY=W~R
z!`<M;-B2U0iC1o}ZRL@*t(>j5EH!~BlV*1y_mk=TcM|^{+d<L1SfrReB)&FDo%YZj
zd(R+}ZnJCm#PDkzSeFAo7^KR+ckwGKeA)ZP9pQA#dUBAD{)xx8VdH*rC>!@Zf}*>S
zrmyS-Zb8WcCWLzfrUjf!Fd^Kp_pql)L0+Lgg~2KBwNkC`p#5S7aYYAtznE5b^2rZ(
zE5M^<c-1Su@L&!6kP4o=fHh7BN`~|MIF77%d7q&zK{)7ZPJx6aP6d93fwwPF^f?Cj
zL?0D=<|`;U=?>-5s`62<`1h~>y<8bY`S1MNKjdC@ems*OJO$vZl>V>qh3^OW9Hsv%
zxW=Dh19}&-L#5L0x(fXG?ek2mU?;aN&aKy6AdiSjcS`|_rRC3>1io=gArEc+@0tmu
zFABlWNpDY%5p0E-5kZAxB6M5{l`uVfnxZk<$rFM=;y78zP;|cu7_?M5^)a$7lI0PI
zZtxl<Sa6fQG+KJ=Fb~ICw5fM3$8^o?xda1k=VRt#Oix^;BTMeEEqZF3VKV5g(@bLV
z)cEvCm{!y!nv|9e2%~T$DRJ)X5b|N@cDWfg0jt7HU8s=2>j!Iz5QJYe2l19f(z7Lq
zT9OvTTapn(EeVwqxD-sHpb}#7_*t{kXFA8thL)7s%;PhscvBbb!n_?2K-6`J5s)Au
zdjO^Uz$oqan)toM!5Bd#z(q~F4_4`l(msWhqFh(B{f=&=5OVN*PtXaG*kW#YUP>8O
zuqP59OM!mP<i9XHB1BI9vOS%0K$i&Qq(XM;zKMQ9NjqqR3AIVDjE>PvBn}JDLPXP^
zACVOVX<Zg!O9~fZj%{wmADTKl4Lg^{7AFR3$yZ!0mLb|2e1@bj(C)%~%(l&1zZd2q
zm%>a7&if#@OO-&mT~-It+R}4Z0MK9XlrVq-X8Hhv|KK$UX$`Ov{yn2k`G5{a;}D<d
z;4MZPrsWfr%ncvfDRYA|I$c6&bj*01(g?Ttx_2^8O$LU6hLA&-E1KcVS!K6{RNmG!
z9W@Z#j&8w~)^T@f60TPZ_h>M|z^8#90lrkUh~ilvFm~frs<ngf2g|1Yta9uLTYF{_
z(P1nTR(y;`R0tMm0QAB5Yz(G#VhiT$#44}!mmW}36^(x&BYonySv*zIl!w#DDMN8j
zFb#zf^VegD>q<#r9XG6x2QpH>ge`8j2#dQ%<9#WNnH3EQ=V0QnU+xqM$1ohf-ggur
zx-d{N2DNrZ<iI%Pa<&B4H+hZlD9f;b_+-QJjbq6MaW!Asl#z#x<3`XnOLI-+oI@k3
zj2}b*#}q~d%ef1)5h@mgX&jA8ZXY&kk$eVIX!Nq=(afReTt1p>;TKn9uvj(_b=zBj
zwn(!VlWQAT`D6XTVyFctY#@$cA&%fVX>2_>!x_)dleJ6T9;4XkFuRhOKfpGW8uJIB
zbW#|9fO@3M3n^ofUt*%YI=P?f(gVCy>o#&kC$BAa>2Y3a)09d&8h3PHn71%chP<En
zi=w9V1TWRP6`kUxDVoyryj1J=beWfGvnqL@bm0ydYXA5=VwnI(U#YFNP#&SlS)j*a
zvrzsoO|hINLPOaN`5mr!JmurA1Wt6KDK=tpq)@))Ps)GtBKn|YYkW{1(gjRS@sF$c
z%4T|HlIE2O<kGT|U{f`)$pp(MSe6EsNwAEXn!#WWf<3H(%_f+IU<)*`c?4@huzU?H
zmta*dAk3wK6%gzQ!4_*^PZF$zV9#q{&k*c2g00ZNUL;r{!QRlo{^{rHvyr>;AfauL
z79*6e_H*Mo$`ePVNhilKggt)#Ij>)p5xxL~=ly(dUQ`g?0tB}o!cz)@3lMVs5b_m-
z3_!^CLzt@|Bmu&MehBjvgxdfi(+?p_K?nte@qP&DS5>Y`KaFKL!~AgWQ{#LBI0=3@
zb~VlmfOD50PH&EbG%Xu&I$uTGpqNwTpCbK5R`-jU(LzNqUW_=+ygXk;Gf&P}(aay`
zt7zu_`6`;ZlRw}hSUrWY#2@J@n)6!W;E<l35<}mKIYolb$Dkk-3mp8@bT^waMK((r
z$N#cP_fCoNlE~EgvfWZYjvz|ir^p#Ay70eJBs2djRcbaR22+(mTfqT+X^AcWRCYvu
zNw(S7pC+$t3EccI%&YVy$6m@lLwC(@Ge{~st&ehvv`QtckPT*vM;_KhpTEkacN$;d
zCH)lGy*2-(jAwd=-1N~IasrOKc^k@mD{ZhyeR$zFy<;)n_1{+>b#C;{$fLSvkvu9Y
z>*nN9^&#hwN*?9CzvE37uIX(Uw}eTe@S2_iPced5mh$2fywj%&&UOs^0DyaV!SXHM
z$*|<WwgKgr?7B(3mP*9+%Hv)USKi}Z5!d9$Wf2##uxcS!t5lFC4JWO!xkf2h1{W-C
zJ_>@R`8;C)h`Danj2EnJ(_D?b3seHK!0VIgB=BO5x<%E%$^su5oJ!_}DeJQDt6AnH
z3*g!x^%20C*!qHx7Ut9>f4hCUEPo?zR*xKNXu~A(9ww&t1hD%6wWBeXR}gn>#Ek`U
zi+=DC#N9f{XS^;+(wv&)af_#+JZ@1UTO^xR)*~Yp|1Znq7;XlyJgc^q=hRx*w{QpS
z3$48G@rESddzAmq=D*YV?<D>^wxL@7w+Rv&ap|4&{8bM>#^4NTx`~d645{8GlJtGp
zQ<3zE43~hXHxlsqo(f6LkiO%E3wx>rhE3odR+!n-M_-|q55~bdz-u&@4-Q#`GO`YA
zy%yI~t&g5m-VBIKJ5_mGDsRhf&c#Mmc^H*9AH>QBsmf2gkydfSHV}-VF6cO6>jEa{
zi8?>Zwb8AX&nfb~0YeyiTW{OTpK;?i?NEM;s{CPhAbV|2>)`HbLNA{DJ^W^DkR@dc
zhbvav6J|`DtK5Y@7ZkC8DwShAdDvl2c{CD^EM@eERnXwgaKdMo`3A}SZ#2TzLFVKX
zcr}GRro!F%_Fv+KjX|95m5hmjTV^5d>!Q%dlF3xtOs3k&MC7FxpX|ihkF&GTRGXG7
zH`RU#Ms<YhJW#>Q$33Yw)mCmv?YuVGX6dC_v@(s-!ZbR%TXc^VxK?a>8pSs~u%D33
z(wH>aYx5qC{`;M=f#z={G|a7<r~NKjewz*OP?*Q=D)<KsPS$osJys{9pV64klsZE8
zGJ*t0QqBVMGCKE<NMX_vU;82D`-hW#>c0oSuh}2ZO;;RGXn)-9QlGV7CM!!&vtsow
z?^&y<FSRv$p{1(6qlN1F=GRc)hQb=^yA|q-RModwQ(sgK^<}8)lSg!f1BVhu@qQS^
z$VV}yq|iDECy|80C#093kHp{S*so7KeHc?#N%3u}_EbNiZqIRtmUWTabLfd0`uDSM
zeeY`Od!~l^3TvuwBfMZ$)i+jC-+&tGv#RUk_81FK7J9iQwD5B;&`S-En=o<nNlr_`
zx6~n8(j!HdvQ3!lOdmIE%EKUKE47)uIbx4;vSPBA?I7=u9VU==>$iYnQo411G-g^i
zJ6slYG!R{)zLafVi~-1)jQznRiM2rR6aKfA(G{Bx=#mIkiR>{2$V}Of3YobijZ8%{
zlgr7>SA&Vnn25~$%*o81k9Xqt9oGybGll$A<b-CPLwg2jG0HC#s7Xy7BsJ|R4U%$Z
zS!T%hq-JA?cDx%ME8qKq$HX8}ocdLz`rte{T6P&ZKAPTnINC4%lzP5!vT_%&DZdM+
zZ1gdjvPL@W{X0N*mI^g>qZ{i6dX&K2a;?S4A@bZh$4`c-O^3Nv=JnU>&+FiaqcIN;
zn^$YVc|9EDo!7BJ+IgMtGp}cUP#qr&M`-3XV~A#6OZmKx&X?!){b_#l%Bt)uBB@=N
zOfH?K;>MiV)`c5(y@!d|7CaLv1Q4u+sHgYtY4Y^mHHxNcPdDWxi5NvE$)Ybc)7xN_
zJiWpEotL_4{M})H8`h80=YOBwr8G&e!~96l;D09agAX@o8E*F(d2G9vChCR!@7a}F
zbsh57mv<$|**fov&e^D7e|8Ht<X_B9W8V#rDPgSGUF=_jG0e~i9=-WQ9PYc~4C}`l
zSsVJY>Ww<PJIwALqR-7?XSzEUd7Wv%3f(JkUgsltdPGP1Kk3k8*es(@vy}Stt_05+
z=Gx2HhvVJYEIbghklj5!$5`X~vBp*O5Z!IT=meM3)j83E!5D041W|`zEg9{uu!^Rl
zyFb_hHINpKj}|JzM0XhWN%@v$JXQUPm-{2SbM#X54<-RR#yXW>g55%je?;!qn{eP1
z2)tXmz}?cG$J+kg;?uwBIlldCeS`k3NxO0XRQX>%>Z8v8^1Ofk7nOa_ZdAoyfTm<Y
zQ=XpfweR^2?R(0lQxBqj&w)9xXoA6gY+k%cfUCfrcf;?%6eyd_%lcDUs>3xe4a$eI
za!d$ND&=<&gu;Otc1mIn)<E0hz#1snuyo**8ccxJjw3stoGyw9P=mu{0`wdQ-QR^A
z=KdG_e+J!@|Ib+N|1-AM@pBfQ+=b+nT?QTQ>3WBIcA8;*;*`Sph%gAPxNQJU(!)bd
zn9z<Dy~m55z@i;&lOzSPfxskb!wX2V2a2(e*EC~fa64TNwxjCY7zdiNAVABzqIb5>
zyHeLs(1t5gmLSFc4KzYW4mA_Xo9f8*aL+6gs+T&G-V1)$^4}8vdzSwm<G*yTS&sPd
zyPE&5<-d5#E!%3TyBxe3ji9dF#a{)_@JVG{rwk_tg!<C4g7X6X$NsG3e=;Zp`$8+n
z6p&}ocT1(^8=5IylJ*SccLz9kQY2g77(Ydi^FA@J?^g>^az7<pExAt*R}W65G~w-L
zf)WG{t3TU^)YbTHwLa*FP-4H@Z3(6$dVOLHMr_PQOi+Ti%$mgRb;;wEW7@{9KgmE9
zFgXTju0WfMSu!9xB<bNDbX`jYCL#^A`=Hamrq=1FeA*7E3`%ySGq-eO>*Ne6tmF`Q
ztR@R7%w*mEG8)hg0-vK2dfvqcx{40)*CGUNFVR-^BmOY~PR9(^oz`>FjKeuo>CY2f
zuW5sYTiKtiLLy;`UU<J5Dl-LcGhx%(Oz25v9w}>LE%a>V)*Bh52hWel(h)C`1x;!r
zkF+C!3@6wK&xH{l>}7E42a~mg6#^9p#kre2!IN*$yhsb*1Y3?Zyke9>p{{!jDZF#2
z9n0i)t)%DGyj_RLs$^ZnF+NJI<t7!!$H<eO2~8RyPkOvzeP%?Mp#T%tvyFgn%DQJ-
z*x-t4A0;na)(VNfs+TQFjHGWjaf=d>q7M#_XeD!pz2jx>FnN4d;*|8vi5l*(BmZ_v
z5Oq3*4bD!nD5^luD+(7~XIM2C2F3stO2|LOj+dAA4F+y+wLJ+!2b@hVnqk6Y<9BKI
z;=Y1i-Ui2zjI6<ki>z%qa+`DMxsbOR*D513AV16TQ)RzB0|@I**mPu6;iJl?HT}Ev
z?8&Q&DjPZ@O?aTv14quN2T0Wd(<&un;Rz{$7ves)K0qpDt?t>%RlQmph<*W8$ngR7
z)Ps1bRyCaxP=!1qpssvOKs7e%VKMYG93TNT&S)TDYbBJw`KMYlta!siu)YA;KLjow
zcP*gWdIu|x<7q_guIRYZ_-K<*Ubh-G$PdpSUt?g$u>?D>ft?}P0D@I%U>68>8^Nw=
zV3!G2mta8}?Q1o`PR~PFxCRzXTHE~utFM9S3AUbKO*Akg!CoX-YYoigukF1iM;Plc
zAVw&E+b_i7dmO<m=>TD+AHr)2!m&7p@SGpQ3)kdWjavZWNk4?e3c?CNSm1|{#}V|>
zBY@!aL&&*Cx>4LNBLQcUAI^hnoF0Ia>W6cpiawN5(NYWes!H{8m5sf;xk}OSVPUXX
z=_wzFD}Q_Wef)PQ|4pJ_$X?v_UX^|p3Bky5L<sI4ry>OL<A@OS8K)uy(d+>fvA3vS
zuj>G<C22^j2di|j>ky7^4^aK_!Gy<SN`5_9*2;c1I0jvpvPcWMaj>j;T?+vB#E7hl
z{#a$j9{M>*KZoh3n-YH@cd)G5oDJ=`7o09q6b-RWN*gR+R!1n9j=`kKh5jYS{>C-A
zE%QsVo8kR}G0RI}9J-GM{p|(P-x{T+gJnf=y}@+veYLHxf6c;^6d(6|?t&?TvoqLP
z4`lbReu7$f0VrMyRX)uL@{4Nw=BXpbXAYm6l@3QtC;6;;sxO^YcE->N7lRvUPO3FJ
zl4C^L-HGhVof9Ob>}kdwDx@B(`^ffe7^(z=<>!u+^I$a_7{#eJ2rpFOO&}miBqft`
zq2?_fMdN80sU(B_l?5l%N`W7Sx5+L2wGXiw4p*ADh3$33U|3iSQ?Z5be$|YJ7?+;?
zS09;u^yUIQnkq}HodcrqtXwTncqC-eFy;zciLIrhaxb!CuFVmL1g|+}DVZID&|$&=
zlCfA(2vdB9rb4<jvlFtiP`NZ{3^B!4$u_3a-zjUh@7a_+*VkGrd%o`pn7zPns<#I?
zF#1*pJV$oXi6PEr6g7L0*Zs@R3h%_i5#GXkSz%i&oZu}S&kE~c;dF1|G%bmV@W{bt
zm$At!Z|d<SPED2IA9Da9%nu<<K^OrDm#Tdcpaex+QV&3osudE3Bfoc)Jo2TZWTnQM
zB(nYJqByj@$Vw_&(B5yW2%_?#w6C(+Ez+zcd2vrkk_pN<sElpzcJ!6BQKXoYS}KaU
zNU3)c?dPvs#>)9A0{fS2%<wATS7dl~+mB_`<X^JVdNckd1Gd!UU$S~+P5SL2LskAI
zT)7<+>E~afRcqG?)GQyh_D7#y$G^lhvL=1@r$bPm{e6EQ|B}aN{4eXX{ryXtouxcx
z4f$^v|E)fA-m72Uw_NrwDO*kpZ-z<HA%}c>l>^`6z<W$8b@6k&u&?)x{ojxVxr<3H
zPanqCC>!xRV8j;-UQJ4q>8O2u6Uxu4X5#8JEHALJ@{d*JzfgI{I949))f$X0|AGM~
z`TAo7F}hmZM&SMutEc(;QwRgN)eFK4RdAKO&mHbb$wE=4Efs}+N4ccWbIkX9g)v+?
zNd6zwYK~W+=o3GLp7ipLNO{mSjX%m)0H3ddAJ4=QxD%T0P?dk4>F<v+dH`4SQU5c2
z``=pwFU+jLp9HSZ=uF}P0R~&RNh$0OoDme4d##RPX?#Q|D@o1G3BrdEQgVdRf$Qwy
z4Oup0rjy;HTc>-44GY<hkNKXe*^W$t>^Xwo1CSRs?|cI^yvK=_I`)V`2^xEYk&rcU
zXgK~soP3|njGzncVd?4uxX@nZ?g~NtfG2$i`zsZhg;El&usW8Lp*ULjbJg3%?(zkE
zU`F}_Q}1<7;;J{R()>SkbP30I!IFLpjHR?Tja_{ix4;-qJvdyO8Mnd6P7bmVA>a@K
z$0x7{wEshgqB{j~3+!=i2t95fCZR+?CxkT-M5*XkW-1`!^A1IMb4J?H2bDKGFU4~5
ze^AGe`}s~;s?mBDo0P=t=?^IVvGV?q(?n*3k!0t`KnPq!P7w~56?#L8CSqVfzr;I0
z2^T`o@D4<h&;ukv=tV*Gufbn%DxgO8cxbyy`xHza$l{#Qh5p1DMIwzW{v(J;`wvry
zGlG^%mSJ=kfN79!9Y)kFQfe{G-@-h524i?~YGQc8kh5tklxN@#nQ>SEu)A7Eusd>V
zc1QkLbD>tWkyY0MUe@0y{wQ+V`0EBQdyumy!P3WUZpue{Fj&6QyL;|Y^)BHaxp%$q
zp*v3pJ2-54q*nc7Z~^4K4~j4@#t-W+-+_$Mm41v9iGm3H9r2YjlGKlkO<@&EgVpbS
z)lYuUByH;_-%d94LpH@}sJMg2+}BI5^@~CEa-<J^6Z5t&ftr@y%?{|;KiT=qX07=x
zq+q}fJgC&0){k^}RgGeW8uhP=z8t9wU(C&76zT#C8P>G2n8_KbM*V5M`){BZ|6K3Y
zpFXPB>Q8<3;_sEH^x|=`8vW^zIF0`FPddz`R+DA@=|d@g`qKc5DMqal?Uy2}L?ikV
zTe#V%XuKQsC5`vo_cSWeD}ChgM)@~;r_ksf?_n5(GTgHSZYcRB&K9iYOW^1k<vn~y
zmrt71NdS{mn_yU<l(F5%9&{L20Gji^&rXjkO*Df7Fxma6G1n?MZ>11VR=aynirsx*
z8ie}luLLmuOnOOb25IR`KDenIw-w^{BitDb7wRVsA=xa|pdTEK`oXVawEDp}?oR`*
zob-c8v#*XK{h)EM(a=aRG!l)Xd$5_U3A0vDm>(ZdPq@TK{~4>+=YkGYbjL_=nczKx
zaINnSCPo+en)>Mhm7X=|I~)4+=eIGw`p&3P*VlJ$9(a9yr{?^p0AsKPrC&OcDr<Rn
zuHCvM?c+snVo@n=&<3<Yv%ATM=+yMN<K|46i8c=Q&FqhH&be9X>?~=c?AU@JzGJ}*
z7E;cH;tuMTmzaomY>>dR0bUR!HQb^|5YGQYbw9Uq2|_=+d_Vu@jwmjl<xY01b^NT=
z30$>Nv<^Q8+9&`@e;kV9j!tkp@ew+h@Cr@h2T)?jECgKcxjqKSsp@=&vzL#?<S5d+
zV6Tg3kI&>IqViQ;#*bbLT$QXi0HBOv-F`GkYW}Grmbm(SAFuK#l#3;jM0tz<5EI2k
z*u2|0yxY0F+h!CuK%W63T{{?sC-WgeCB`trU#LSlMm^#g%r?uq9wXPG*!W@nQEwu3
z86?Jdhm$(X1Ujstaw%`HY_U3ba3JyhyFwu0`#K?z@O`5YNT^>T1QN-Y@=~q)+Lute
zaL1vVID!U9eme@~6E#P?QhYZZ@d@cDRDMxV3zeV8W3X>$g1w@Fy+p7E1ba;bTS>4#
zCL-)j4eWJ-eM_)+HL$k`R!p!DHL&*tUjg?rF7pVL;<_@f!{sLwDN+#3fbggv!ebo4
zDtWpvgjs$Fa}<Q5fRN#bkf|Vi0tol}A&jpk@iOdB=>@<U>Xpsla_VlEms1zJY)fkF
zNwS$xMeL%NuCj|mMWP~-Jq3?FNLbSg&P`ag>~EVQ&iSH;ET`GpgO1CQb?}Il1vzi^
zAPMauffEvGSr3`&ELL95??L=g2IOEQA#T(BlI%wIywW8=Je?xQZ>zJ<puA77x>^t7
zpFPeB{mz#*fzB843gcR9We;?;i}w6jKf?F?I63V4=g0iM*FQgoiEe|z)IuyPfe2ut
z?yP--9P!J3>6jR^7mDDIZ4mm};Z9=p@3(LLJ>2g4%)Yg}esavd+~W%j>-SGGOy3qL
z*jK&b@j`O@tr+2}4l6h`$>2N;@x8uIDA@0`K)kNQ$+|C++i$mT{W)Y%Y<H8hXF|~^
z&!mL*UnjT@XCKw_3+(NE@b-T8c6M94Zl4{j9P+jqD_#@}K6BQ0=nk>_KO1ICMMFpu
zx#ky?a)4g^X`#8mcBxKhc&^0jkE4n2136fg_&!hH<F)^(cDR0r_&%o+(f()1y=i3s
zGc^S`xH)F9>p1}*S;N+SAz1u)q=yE#6bc89tihP)=iX$o^LChG%wt<m#yq<?Xh~SC
zPkzmBxqTA0?~l7R_DR1(e$8ZRU$YUa_MMOpwuAP0&>xA~S3{$Q@Gm#>HtOw<s8M%v
z(4V1N`@EXR@9w+($M2m4Y+u9Sn(@1<oicuz*Oc*#8HD4<(DzVxYH0Key{Kj5LzPBX
zuA@dj%0Y>tu{^))-`5^$LdTo2hk7lR?4g#&-Z&oeR&;<^T4LU{eTmvX&9Hum1IAq6
z0QKFlC%C++sE;Q8%cxEP?t2*uv&jY84-HH6nlKqd@8ORt>G4kfxP%^?@W)(1VeiOk
zsu<i9KxF(u`{vxnnnyC&*MYKLh{ZG0Gt<Y<N*~8#c1#~X&1;3yH<&mhv)w&{^>U_}
zb*FA0ZoyLwGHoe!TQlU2D8Piq$HPoQY!{mEEJ8*~iN2u~lwf=j_)T_C()0LtDJVCm
z`y@L`?8MJzp=kZ*yC|D!7IB--2;7-JY&0RuMZ>U;n#4MtA`M(t<x%)v088z6U-ihi
z(l2qulx1kxr28=P0a&(RV7LW$MPuzytMox!AV>aQO1gJ-X)Klwr_k>fS*E{5rE1ut
zw3-C`-@F0Afk|^<<C=p@2GSgeoB<vlVe{1;>~2TignCMHtSArm$j#=}XTMR20dw`3
zg$)%5w4Y&jAF^rm2MkM5AUx6&6$rQVV(a-^uNYcNxUUlgBtg?F=NJe8i9mM09f8(T
zwUYD`TU~2S0u2-Y3Z<#7-B<9wQd^aRdkiEBa7I`hvFDv;wS4(UX+wWZY?sAAjDG=4
zvEX|r29&(NM>O!&8M;6+4JBy78VXtvJ_-b6J-h<4?yT_KNGOc+7TQ?h4_KJ&Ep%x4
z#Z+z(VUse=j9Ik%88S>!5C#LnC_jX;ib+KmKp1+B{F`?lAjQc}{`(34{pi4XnH|N=
zP>@&Y;bsWHW|nSJy!H70nwTdG@ZQ=)dXgZIRj9~O<D~Ud32suPRa2@w745jad-tx~
zy<D{&&)%upj<@!cMMHHIROE`UbdlAK7XIbJYO7bj*oqg<Vuc$0;=+?aczJ|Z7taM3
zCKJ!4ZE8b2ujz<*GO9I9CZ4-{YKUj6PnuDh5j#H-^LCmX6ki2{8)Xvt1d&??-ifm?
z6$x1K30_*yNI@}OQY&G5KmSh}44YKHZy+i)KcMv%#HfHZPgxx0%llicWl=`@xQy|$
zCQNaPu9P<7#_X(#<DINXWAu>BjUH^!QZupCFNh>@6h)Vbd;57Mj*OOt7Iq*hV=DVQ
zivOJk{nddMA<NroaIaXSNE}Z{dm>_#fnXz>b{Ad4Z6t9lY((Vj&3j1VXp=m>D?OxG
zL`|fnwwg%mO*p^8qVcj+0XF~1Yq<IAj({zFmv>9|g#3^9Lg7Gf;eY^l@8y2i#h7Z@
zXlojqtnv<i2)9+syW0T>&8um5pV?2l`NV!jEozev_hP%S18%z$(kGorrrPmE)z-90
zZ*-E4g_d`cch_SJNG00kPu1?4#tWNz3vE(PFL|qu?IhnEhj*e|-^nWqqEYJ43lCyp
znY4%f-XPw2?t+n|KimvHxxEFip75V3UVq3jN$8}rdp7w))+55cu@_voGZM)~=lEFg
zhg9lY4fQ3d>bpl(Uwx|Y5uf@7Kz$}&-!r^E2i3O{>f5ZUFNoErXg~Xd=kP2Q^p~Ni
z{d`GO@*z<9mqR-V0sB82e2k0K{U568e<JliTif1z?0*99|NYQj;$J_utK;{j4y}cL
z_YJ#G+`tahgHP?86_(5E4)xdHZbk=b`Fqk3U;XWJ4Sbg$ya?d&GJLfk`~!gBBf|@a
zsN*T}_8+$^fgz}!6NX^>g+W>$((*w={M#P_NS);RBmKT#AK(!(T(9|lB7MIYP~KL3
z=Xf%HzY^N@ma6>oWdH9+f~WXHO8=8<((lV!k5-V}PBQjs2@lP{+ZZYU*1DpJEaPCM
z>jo>UQseNMgdae*%&<Nwb$d<zBg@!{#}0@3qU&qCcwZC2tl)rjqPUq5=PD(a53y`3
zIEdu+Sy(r_CD5QLMibClqrEpfunf<Yfa`dLUe;2wmkyvHj9uEL#Vg3?!O9*$8~*7V
z&G4YO%}Cb*(v5-hQp{)4-Txq99U~e0rzwzw|DYg{cgfoPH<|(=T8{A%;VcAo{;bKM
z+s~fhjRd(yAT=@=ip%2jq8S(skTl$zG1MbT{%-BcoiVt8dI=esuO*}NHE3mCN`d(>
za3O_WWH%Zfk+0{Ly41G1(6-{_^l1~)XAYkWTnKBOIZI|jvMq2IV~1FM!8w3!{fKT!
z!bb49sOTF&0o>Q47WdZ0;tqmRL-wZ-kKM{HyArgyiboAZyGo^Zi_pkl`oN;?pg^(U
z%yMkFNP4#L*l=kSX>WN%Mlf}-hs<hqZUP+~IAdB?X1X(-vsq}1$$Qv>x6ddzyRse*
zh?0AFoB#2vpk{xo=?Z?82SD`e%86)gSF)(-OXRLBqvw^pD|@Lc`4NYL37=v~4v*+A
zn`4e>%z3I!-oTxyUM|YW?GX;~M(H(;;$fkVN5-IbNY5ia%8ffljlu8)_;Lv8EJCPp
zwh-PpksB)<<Bhv>OFe2_@hv=-Cu>rft(`MP<s}0Lifs0YD}oZy056#aDi?dveHg{l
z45}<>Q9G=?>AN6!buEop#(TDsHx{*0MNJQPNs_fQi|{qISI~DyqlAjV0qiip)0k)0
z!{S?gnpZF$tqi#0Crw(@iAIfjPng_qCX;kNDKuVL^7!S@b1omhwIO_+ZU~`qyF)gd
zS=dO9fjR;10}qU!#Z6wk$qF9}rr}%3-T?O7wY4siLn-&NE<4#?l!QW)6z$-JKGd1Q
z;Vh%UI@p;8D@7Tsrh*a{b<Gc?087EJsJxRau`8M6kyAqbIVSf{qUW=`f96o$zew&B
z7Q_1o^bb`JFBs*1&Pg9XHDEvA52Aj8X3$<V&O}iG83j`MC_*1$bMZbFMN%J4NZy*B
zkEA||@*Y(8ao3S3?q%ZQ_Dc}@6+Cme9I1-`?m`0`pfzZxvs{j}n}U60U$gLXT9(Tr
zQu%WU;ia)h9c*-YOqTI6v2fZ1xS;No3Jmg?Oqww>eahtN@^z4nj%rwRG%QOr!(vno
ziw%aw?4A1Aostwm85@=(ooHBWFf3-Dsek|bDDKn)J>|n<16MSDhUBQ6u5ehE@$Pb`
ztP*)xR`PP34EDQ=KihctSw1XyY@o4K7!6CbOhRTil!pWQKW@?#PPW^nXHN76NiF8Y
zq|i%DzTn%@Dti-VfH$GNXn{#2dw1%#G9<2b6dIP17Ap<Wx!Y)nOv(_o@RE|nhZ!lE
z8^Drj^3{L_PS$II0$r9{Ya~40t`zj(ga<>`W=MD5%E>hwD{??v!=+bf%+JHo8pG&N
z4C6y%rDt0h&0Ll|;yHZ8Z<mAbgfvhrg6?CxQW@iE;Y4tA!l*(4mtZ;V#wZXH!x+i6
zd|E$nExqbeExFX3m2&e|)AL&1yklYfY>~p~7LQg--DIn!wEBt(-c<I5+Zp*#zHo#`
z(S|o^Yb@vT%I~PH7NxDcwp*@K+p0QL+gWO#5##8>f(|Dd7f$U>3Fqxi4W~7=i=Ty2
z@<-mOr}@Y@^+#;H$?&q=<g?dp^0@2N7RsBPMor9>n_NiGOL&t@!g&+B%EwOKdSqN7
z77ugIoH2d!J?WerPg3fBCzMEit{|^HiCUP2{BJ1nzd6AFx|br8D@{B`L7H=9Ly8PN
z=Y8Op5h<&l2Olm99rxs51c96yDoO<&1@T$`0Z)2<eH0H)%UWUPR4`W{Bac*-CP38j
zm6bxzshpA*>Ug)i$nm-x*Ns6Z-$>3Ip_`&MUN;Dcfjcr3Z0C`wvtTb~NhdrOWSL}A
zvMXHRhAx}ADJLUx;S{$UT2#nZ5?>)D)a933rr}phu(`kS=-ny2zN&CC7lCJp-VMDd
zWb{%`n;RIITnYrqqj!Vi1Hy3Y^~B3%@rq1(C3?3U92*Tp1&ZFC!(TJ&>3iJe7e1i#
z3A4PGEdj~U1Hvrtfa$T~bOwu|YjJJxFw1ysAD1q@@AXZEv5`t6$rclqx>U>`V5>@N
z_yf=v=@tF}G){VkKfoa)74Qc*h@~9<0PKl0l|KMOCXM9}!1zjc^9NwfrT9p4itED*
zp{Y`IBndaOwDFOHXhpzGO7%I4HZ1aQL7YrGo6#ay1D^?{Nyx>iRvXQ5PW!AcU=IgW
z`2zNH0C}RT0N-*ok=82bdyZb{ThCG6CA^KqcA_rXG$;q<Yk=>&hl9MA2kF{v^sd%H
z_iO&{GT(O(@Mda5O&{UtD}B*_45<A2m7}lrMVHjE>eYY>4lw!xPIG|C7w`uMto8lI
zg&_HMqAtC{(Kq;_Ukj4?4|QoU4<xTu4%UIvg*!l~as4RT^Q!`yNjJD0u=vf(0a=kg
zfg@?(Mj^8|_ebNW^FbO9WlTrVcO}98)W9wgET3S|K`+chundCL)4;-m5#}IRV-3te
zFblz2X<*F>)`VcUYGCaMR@Dz-T{W;y1Uo{oJ2kLqf|U@gw+40>!CoWSKn<)v!3qgB
zSOZHUSSG=SX<$PMmO`-68rXdV>rSu-G_Y|5GZAd61~!>sSNkGtmIgM1V8;kHPXn7n
zupI=;)4&!GY&F5$8rTyATSTyDHL#}$mPN3aG_ZdVY&gMQ)xcgMn3Z5}YheEh76OG#
zeD7kwwJ%l%EdHeu7x}?H_<`w~4?Gy`YvCvGfaP#DOJjm#g!0pueH9{}%PJfz;GFWq
zX~gRRPDW}1I37QoFph&~&DkJ^bHNYi&&w*DF9E0A59h2JXEop)^}{)?#>oeqy?!_c
z)i`N@v(pdffEuR{;Oy|j`9h6j0-Rz$oX<H99!eK<3}=HM&K5P!Uch<B59fW3g9p?a
zz<I?F=M6PZA>b_a!&#=rnFu(K`{5L+acqDy&kyG@HBM{5$@0UQqsFNc7*4t$PNo{?
z8^9UmhcjM{vleiM`r!=YILPuW0-QKM98ryv0XRMVaC)h6;sGbp4<|~EV+Nd-emKV}
z2?sg*tBjQ{|EdyPcgk!Z>B`+Y0WH*JW^sN!jG_K7Z!xls=~Vm{7291$LF1I7!DWAa
zEWZVIp?47URRy|9`RiBZuPe%5ErOJH%~EAud^eQJ;L@|MF@#;<O+p^`cpDXu`)wN)
zkGrdlipSm5M#ba4+eXFXu4<#=ahJAH@wiX4QSrDBw^8x9)7q$b+_W~t<EFMz@wkKA
zkg_yOios5R8D^Q(<D>I@#1&4r14m4i^bC=>+gtEnCta!&BUFTW@qx3Ij<Z5r?nND3
zc6Mp*znhW6mA2L)sW-Xb#ZxXDw6*wGoftF}z!Km^r043$hQDrrL4J20S7KhB7%%Jk
zXlqahlgx~C!DBcW<5>)qAE3&6T2q>qy<8|I+Z&5gBu7KfuvXa0<q9}Os#8bh-gQ+k
zYpT!bNr!Wc_Yqy(f6!AOkMWO49EcuhC3@)QI;9ZUQR!_x)ebDEw1PhX+bKPb56kHm
z6?>jrJ-5p*$!?|2KfvvuTUC1Ou}3L>MVfT4UX}kq<ZZS}{rF!QQg=Nm;=laf$`^Qi
zHEufg*L})glku;k^pL3(&sY9hq5QQ=`RfPeuXFU5vO2ef<F=_#5Khxye7~+F@K5TG
z(gXU(EF|zA<?a36>TzkOg{wwy7<(u`Lm1^JWK8IKY&dm&-(l=}`8OO1#Q(nb;nA{v
zcy7)}!P(mDb+r4oB%ye@z`c&1w*>M!0{<?b_>uLr_Tr~I``U|d?s$EBafhMS{ziW@
z``HdxEH`04JFy|z&yHzW`+N?vz3ic%l$;J;{rl!_5DOi*CD(u7j{5I2P=1H1{PWv=
z<CWK#pJ7gC3I&nH{vOT$PGf)f=YOXthLtHwkcfGe%>r0d`bCMba>L5jk5GOFJ?3K$
zoSz}5xleuuy%I2@O#^Sh2s2MeTIaV!q`#3$>&(6>Ne^5M)JWd66yCIj^L?9UnuNJf
zq-Hg?r>K6w1P#-EO%#*_4WwKPoT8yGZy4GENBT5O&l|?Z7#n7W;6jnfu_v7ECaK3u
zRN8lf+GkeUcd8!Rqc(_Qi=qh%&Bz}0qbLki&24RhVa>cMc)`y{;aYkM$~URXAC1B|
z7<z6XW~{A&nCT|sV5IQMQ)^p!+D%k$<(1oNTe<je<#l*>4H=NV!GBlq-{<-7V*dO1
z8pXiOEWP>kRZqoe2nIDmF&KUB>8m`{Oz)9oG4}H}iXoU)x{Vip<t@}p<DVwW&0=-o
z)l}kwQlxXKa`YN0mEK;$5H<EFdY#(9)5umtEG(p+I)%DOnO$(Dq{2!`N5M6f4`=0Z
zo8|0)203=(Bj+u$fru$7z0}sytNgnIMN0!Qf<&4s+yjIt#0U_e1B%-MsTh(C@mHbR
zhHQzmN+VgNcGnJyWjOG5jQ!B<c5Unj$XzP*Q^kHbth-U{2UfqVuPZ%A%@#K%r8^UH
zoHNH$Qp0xR<7Q4)dhiO4i#O~8x9==&8;zMWX}zIGIosK(N~{Db4}FX)5O}bM#{5wm
z?BTVVf;}WWrn37y$c`q(Ewd=p)=iF;fbN%+Zt;@zeq<*vn;3G7Y=3;E5s5&xqSwQ?
z>gVGku(Po(2Dv}Z^n*|hhvY;vNLLw>!XUZxYy`#d&iNJwzdMMBciwdedzvX@cR*}L
zky^^Nwd&5`!(@06d}rYfSd-Tek@&GXNJFx#PsG5|_&z3~ykS7CWceU+)qJt*`0GYv
z@Ng5+hEiv?7|PFj{S9&ab{OUH+i0W!44t@%=!@4ZNTq|aD!n$}_)ac^kk_DDa$d9W
z3&Ml!FN&tnT=DrE!J(1T7$fb~U-qi3Nbgc!?goEBeuceO%BP_43lqu{wfRjxxD9vi
z6ew5cH+k{4|6_iWRc9>1Uy<J=HjMBgzsV1BLfIPfn+#c?3K4Sbl0}{0B<)U3ev<?`
z$E1xN<@_c_gMWULhuBNSQ@ux?CcnvojyKM4vZ<jQ3T)M%G#9aZaH^n%i~qFX)~lQ*
z`=rkQlcvrn&E)8H8F~PF(RgUsGSxhti_qjZ`2^q=6?}h$*PeAzE3{{wzXRA3Z+?@<
z;S#f~CE2sya_4pPn=JONe<pt4>z}pE%S}>B1P5Cr$CX85phYtOluSt<P6xXO3}4$$
z+&C+J=9KZ7l*U3?IhcqMLj-C=b#TI()`AS@ErCLHKzNP?A#^jh0X^k^V{8r#)sYHS
z5z%Ku6!M5FRLAodEy_W_`u_DDG6BVvbd;~8tXn$?<v;lL@Wqoi(ZfAL;2xT&hmV?W
z(8Fn}9_nt;!w&ORJzRG|)5E>m9{$FAxVS?nPIrE(hkIq25Xf=IfIFcRd0_`AZt2}1
zk<yFx<gjA7RkY$wU-AudNt#wg#PZt*Rrd6e(ugXVz&ZFkzkER^??=8+(ZT-p<ZacF
zqkZy)QuQso>W8&e|9Q#6$-y6&=p7fYdLjGe_T6!JvBiH(;P%2f?Qdi++?050uoON4
zuciw=mcn;gS?MGdnc<egZQ6Iz#?$w;7xuZ&577F1+f!op=R$%BMmg_Gfr;(P&T5At
zek;4>leM`a{&PG|KQsrr;xF;ZpKvu%bHAU|%J+VMr0MnV_nDsCZ<s$JV7?8h8z;o7
zd>fv2H=l1~J6IyrI^RZ|c06tR+?=3#qB}MlxR+;udx3z&$h|xPG2QescQUbEz&I^F
z<GKHec07Bw^c~MdO|Czlt*dW5p0(`{M88395c|^t2>d{~KTF%zra!m%^k;SpKlxAN
z8_0jIUB5qnWBHGCQ}Umyx0Cz_esADEU9#Pu|61uiUDa-O-F~yw!p*Kk$KC8yKFX6k
ziGs?_Ze2k$9^l1?NmDy0J222ys-QTaVE}!)fhdVP(GrOS7tvFR9$Tc>Lj$?l_16gj
z-0UDEJ0yUD_4unwW}$0M3Hf^Xgnle<h2`Z?Ua2bIN9DVEvho$GdWxxhD3IW~LEiFJ
zR6YQFcL%8OT~t1;w@<RdhgzX9<Ubg<bK#Da3U3;~%(64xT#mJcn~T|db7{v4zreyM
zZ(&#Mb*4aZi5vARyUxt^bBTLcafyosgsI#m?#N3dvH0dCRix0eVA)~qowG7K`|4Rb
zO?&T9Ijk+_g}3dXBety<Xp+W@bhW9&3MXm(bsE9gHw)tDZ&iyx@c{zHgX26|*v~Rg
zmNjF_tQphC%|I?}<BXZ(9$?#MCUR)C3=sEw!y5#Mn-U}_{2At=zfOR-#WPhrnYqHE
z4iGo6k0wCeXPhUyVv+;Ir376kK%BySX#&Kx36f_j_zX?OOWPC<>FjCZkW$BM0>piH
zn&wn5?Kw^FOx|Xd{h9E*wuzo&{8{neYuXpKo$9_Yz=YdqIh22|D(_;_=Hnbm_nG_q
zF}x)zydabJKC`(Y-e;ovk$+x&exG>^v?jY6(0yjWZGrAHH+l{f@9u$q+MJi8%V#%N
z#k;#6e>T*c?@DBpH;a+exkiWwaHyG_`6{m}7*FE|VU5of_-Sl}r@@@#l){?VP9O8k
zIqiAeu(4nKxB54T|90^P{Dmg|$^pCUB0J!=q(asE>P7S5YYx|GhwB`~U+E@b{FOIu
zNn@b!WY?S&hpRW}GE`zxycx$|r1P<UiB+3lw&w4R5AeNDJk{{MM;qVhd*583?=9b=
z{odb~-}vCio8dPuoTvVsJb!(D!#97p1BEZ%{NY4@=R&yUR?7XSi4Xk^7;pS=BX7L%
zPaApTjsLSzP4UJpN1EM4yz%`LYKk{*y>_vNc;iRU-R_My&eccvY$NrND&DwOdGx~f
z0h;9#Z#-ebb>fY$zIw5Sc;iD@d)V;y^o=*(tnvT9;*G!YEZ2YV-{<-7;%8M{#CV%5
z7`V?yoPcK&u?Mab($X9`-gqw#JibZAJ9OlQyS;Br$RYK|#!YH@nkIki6F}Jac+VJV
zMI%&;B~w0WYk$rmB1P^2QBPyN{Gxnif3T6ie{o7_qAH$|*vQwvc^JT>WO$?>{7wyA
z-$?EM%o?Wy5yFoHxC^p;K>lRxBrHKVoS!j}yJLU~yv+#mI;#IZ0Ctt@Uv2dL{!{S%
z+hus6AAAMC+sp6_HQb$~&&vrhEa+-jZwtz+YB;AuaimQU46kmT1<k4hUtX(fR#zjk
z1^*oA<Idd}D^>A##Fm|h54cl8ARR}Zr><e?)}jyyv?CZkDTy!YUJ{pAYLDA`I?Vp{
zZxZ+<<nK4+L&j9JmVk>B*XUe0By)sQ6Q|^)PaH6pYjoy1)4j2R;mu@SbwF;=!NvG&
zA3I#t(y)n9f}?Yltn~$V12Q$|AxOh{2+~a#Ed0&`>>{v*f|nyyaewxK8t#ug>VK53
zHk7%)d#Wx1_XoowbANGp)jH%QdJN?L?YMGZ7^no-mu1?jx60pasFrFgdJ#>o)n6}N
z<b2~7zYq`jzy{U!TmOs9BCg@!_zl1!+O+ya3H6EJ$SOtjZLc@4nE>g)REmVugNh<S
z<;F}_$}km1O!&tA;N49YiX<WZO?s+#Gr?Av8Bw1PFkMaq1&*<x>QC0bas3)P)~NMr
zULD$IC183(*+=<<0~YRA<n>Wj1#EpMh?Ia<6f^Q{jMY;pRi2(JAFVuUY$m13GwQtI
zz8pUB(B;_Y(1r%c%ds}xet<@b9jl+P>#U)X4YCGfK4_2xq(sWiS<eQ=P+$p?H8EgY
z21yW$?q?&08R8nW*#rWCrmqi7VSKM>NZ2P9g_OXVXA|8INpNC{<XhFZVk4ZG^Of9%
z?92o(&*T@Xd&ePAB0qKy%R#p|Tw1g-ZXu*5R&v~w_Xv6ciW|YCS<<^@M@_X@;7Kkl
zFw4pNFocfQJusIBY^6MatLb?yAHZWsD7210;DaPJ(?wH=;&qsi4;_EVS&1BfXrHtB
zd&KMbgYj{9U%2S;+Qab&RPKEU4}NOYp9HxR>e3UuR2#4M6ff2KTAb&l+K9K8g+P)N
z50oz4A=RWZRWw*{Tn(7Wr;o<H(}cwqp}d$P^kg(dbMy6r+T8pDz|HIHAlN1i>|=si
z2v(wjZ6;U~g6-76wi2wW0m44lz)A^rgkXC#urCN!La=W%FxcN(fyYW7;Y*anZ&)Xv
z_6q?PUo9ha0)!rZB9mAJAq)_@_#xb`ApH9E|Hs~&Ku1w*f51IiAgmJ*aM%Ne5VkNu
zmV`wTvh~1310qIH5|+d$h!GMAh!{+Q3?Yb!xFG_vh(2&b9w0)(l7Q@>fE%*Y!>|M}
z5Z3wX)~)WYo-G6V|IYW$`8@BD>8jh+wcfgQ>)zib1TCEi9#IIk0YL*N0)s;E84%QP
zBB-Mfya@#NC{7v1GdmZi22!JwH}EPqd3~>PllS_S3MOs+am+|Da~mk=L_d)fT8?~m
zy&e+eAZl1NUac%TW@L7n^Vu(>H0zkGAbRr{z30wu0jM4DRTjUjjM`jfks2gM-eCB*
z-_X4#{G#n^{PUfnQR;mR_nV);!TpA62<-dv?DZ$Ku-qh!#usjZ3;lKw);5Fu)URz&
zk4SET!yp#9z7N$Ofa(B_+EU)#D|W!pqRD?rNsWO6oRcaWhSI;~<nRA?&xdml+|T*&
z=QDUd+<oT$&W9Z<6<fqyCQp-%9evF~s;2kFAc6z{q-S4Q1nJpZxjn`cPS<K}1q!Ou
zVT1wnEcL(?mBv`>NoH{V!K_+@afMRGHGC`Nkz-quSeOIKlYp{DLSCg$)}KUFj}o#E
zqwv7s*qZK>1-q0{BSvMUjZQ&TANe8giYl^vKb@@VV~4^}wukjuZkBa;FvZh{G-7O<
zdHbU4HFI1f?<KQstxq^YP^L1uFAIT2(ecq7oGh7N>*!(wIKbGqK`|QCYT*rNw@CHz
z<m+>AJNsH-wcu=oC{zU#A^j-q`WjjwN|7v<pS0EwO@F8bdW}mJ&SB%8cG|o0$Dq3T
zl>pEzzocrG$GX5^Tfy+p16-)4jWqE|HF1!Zg<WGTELqyTm$0zYPCV|U8vl|IaP!2$
zpTjPbO@wkf*cFQ%+U)ulk;etv0u<woOTWtZ%%^`vzA|MMC+6;BiO;W6^q(H>X<PcJ
zDiB{ERRwZRC#yizYZF-s(qR``gwi1oa;pW&V2X#`1JO3r0BVpR*Y>ob7b>*&s|H0O
zvgZUUL`bFP>eLFps&mlMa5@nR6jAV#d!2}^pa~!7prA1jeg_}@z~)Xr^Vo?nSLU=W
zHgM*&P$SpIwB<XiR@5v=a!}MflJ3x7H>Aq*?({Vak5hfkdAQTx$Xx}c>;9MZHH0>U
z6`tvB;W_`vE_VJjrvG7or?bCP+22>$-*MA8{ZMq+b-OK)X?OC|@9=jNZNg-@|E6K6
z3EH|+(F7%@-(i{eI$`GWmCCBlkgP26ot4~D4^Btz(Ug@A`e<H%^eN1PQ-Z2L8g37P
z`7tKK;VLp7)B8t)LW!F<VVK?rt{flY(i>rVBwPX{a_RT(g$Q)hqg!kSY^pcq`}@I<
zF{?}m{nSt79T)aogGwCi0hipP-+ZRT!5(m?=KcGy2YjdO-?0a@)Ixf&2kgXtyR!#;
z>}k#(aQ{AyJ>cBpc-|f`k?n<F+znv{K*G5SCwssz$xHm*kH#MGW%6oO_JCiWW!sGO
z&LP}A+O1IR0jC~9d%&}Cvf<L$L$Z84l9At9?$RFc1*ljdH%=$-gz)x&4PhL+a`{_G
zzI=bys0+P68@oVj4;T*zff-k?ApUSIkM@A)iyg`zNx!dIAIna}3F~Wc>*Fy(L#4iM
zPdi9`v42ykFF?L=auE3%{)i&qaTNJ}1s!CuGJ!So{kPj8?)1H(Z<AM=aP?Vzo7HF8
z5QqA#x#qDx1sk2}Q`b#>`n#{sceCR)Sea4_xjqdY>l5s`J{3PW)o1Ev*Y(+OD?}52
z6K8~<Q8@|~!7Rurr$?cr+3|D|Hk<@g`kZtz0FOdv$Y0rh3JyY)1r)rg2teff&EfkY
zT;rl|vBpI_<<Pi<t4iYxE*fWWZrs<vF(1`54&Jo>c@q|Mx9*+k{GRn;JUwa!C^H;%
zRMPUxIKzWTBQ)c&b(2GtXWwL1E*R`k<#|^;jz`)Crz+o#bgD8PkM=hm=7*d9yaMls
zah1DL$tov3=}@^F<sSQU$9kvAr8-xR_GeKg?a#BFXn*$pz_CAR?DZj+us`=#3-w@+
zQTRrH^cdE(rBc&GtZ7$LxCle~uE2J)E>NNBI-c)xb`I8x8zBN(crcWw;1c=RH*yjx
zKv`7IG;i%X>R$}=Y}avs+M=UfM;rFron6P;B+jlw+^MnaxE86=>|bR2Q0p5Z?Cg<q
zyu!U*hXQz_vFnICF6-wz?7?kg>mtRj!>|YKI&%AJ>^gLNWTpL$-T2Pii=6PIo&15+
zAq}EKI%Xgp(uT^APQC;~s?Xo6ljQ*!|8cWCM59M!jc_?cw^f60t<D~Y=w(|NXAVvA
zC^IzX(2p}*H86*s>tGH&8qA@`s^-uSJ;8a*EGsiQc>XXg|L#q4rL#snPc;Y{`|S~&
z%MaB;V?|5Phbb;UP*<gzinmXGH9WdAZy*0^PA7RC=*4yj&bJbz?oU6?O)qPy#@nY(
zPmQ-vA)8)X{|-^TeHtCBVBRXVk2xRy^#zLs!G*7l0~?w4J!K>M{6^%2PFab*pceQZ
z15X<K1WXHkei2scU66=>(}+>p!mW?|&C62CEWdQurDl2t>KD%3NcHHn6JeK~cCyGg
zTHDdbZiaT0o88-p+$?ncLyVgZ0{fvERwn=WgbKX3&dERIK08W&sUAKzq;)%SeFgP)
z^zd1@)2PHtox4+(>}KqA^zaFkvUbWIK9k`)@cmEN0zM}_%|5WXm&SBGN-44XPF%oy
z7qA6fwSD!$@0noB*;jvhHRQhStH)eP5j@#fbMZgHAS#_2L?sqJW&-9BmPnb0(Nvg#
z%%jhFU>?~mAps(SvZ>bSJKV9VM^pK;qw2T55v)F67nq&Yu`3~*ofHc3Ds4tLhB|IL
zn9lc)YCm<@p!H{8Sf1h-|Lkm-=lEy)y|!n@D{XUO+i19+3nVi_Ur?VcifF>2z-G)Z
z7!0;)w}e<}>|YZ`ZZrUU{fTj^YBC0Q>kZ0r3$C<jMD5WEqdK5&ej3i|c#S<P&bw>u
zzkhLYjXl=+8oPdX&1Ux|<3`=e<;||}*9yB04ir}(Wg{sccI%agU|+yuf%&LjTf2|Y
zY~Xjr&cDjLV#88gAgey)&iF#9ya8U{j@h$6bhUoe`BB<PJ3nS$a-1K#PkWvp&+ff1
z`~6teelRCMvYQOD)gW0lpaS?}Jz2$n$U@Vk4dkgnUJM5=g}5@|_td`Y4YlptbkS-4
zpQ>X1@2R?dvIucQdc1XSn0N>*FA2V(<f&XWZ;bV9|3|9gWdC=B+W&=+dRJlpx0~7j
zz3;WX;gyrl-%G^r!94K%z0vG@9pC?7u{Z4Z-}|{w%HM_Uo3g8F|ArDUQqsTY6dw-m
zm!<>(132m&FOjgzT=hgj86Wd0Z}+|GQ~qRDX;c#xjva!X#_89lo2c1{BkOy-sOz%2
zjEz>Oj_cB&YrvJfEH3{vY;82ge7AvpWmod&$$RI(4q&alw_sv7B`;8aJ;J9VFeEQ%
zrUV*}2mHKPnEF6uf8mV%b+?7EoqN{LRMyWGTt~%GoSM7a!Kpcc`84;4DUI!65N!F1
z{1E%I%<9^gATQf8k2Ab)SR%8!S}gmsc^J=$^IuB<4<WMUk^#(-P|LFtl!`GNQ=W33
zY9LKQR!i_8g6tlgSjWz^LkN|I;ke%aW@zvQ0^mGBY7tTRIdq3qFWw-8?*s{RUP<I0
zTAlguz21TfGjP#LK2$gX?l1bEPf@^2!q{(m4JT5oPI_+vHvm6<1HmiiQCV7cqdEI6
zxY1-*;YQQYA3mI=iB{EeH@eXn(2eG$LEuKShN2(2vO7{uRf0I%9tyaR&q>TwC6}fb
zzJ{Ux7ywflyW103s0)zZ3KLk!zZ+6HC|t|fNr2AlHS|5;Kd1Z4K|G4qFnG{;G*jvy
zih=(`3;@vKIaHRXN>>h4*j=Kw2E)m!a3j`<MjD%57A7d5PwNl3vV8ILb7i68OH=9C
z4<<DzGzTZSjs6FP!vOx;oyF#ZfrraiBeUe4F&`~?BUnSV_g3_ZXwO%8yOs){%Fx9B
zgF7^g4wl0{kP3J!8Htf+HFzsGq@(-g`=PTK|1VXI|5q9&aCO5I8@t6y{uFPqWF)Rs
zc@{d}V}*LEq>)wfP&cKLG>Y)OtR`sxd_#)ZU!jdpsMhb#?Q;F(6;K^l!0E4K>9OgE
zthCXDm5zRSoQl4k$t=fG%`658N(0A!#{+o=3tbk#>r668n^zg}5S~MR4>aN#Hy39(
zh?f-6VveAq{;U3E-6r(q&gcH?=oxnhlPY(yGj1x2Waf(l^Vb<<tEp1AeHHfq;R`vO
z>@0>OMcno>h9k9KxQ`f)B20!Ph~dcMTf){*xu-%Kzfn};H-54;3={)1+*y<<zG*+-
zq6hR?DU}@1&FTSt07>jj6O+}%r%7THnmAfb9Ho{@vE8Fu3f4(ZMp;?6@q}-b=B_3u
z{IuJS1Tz$ZSAbxW6T$0@z#t_7!MNM#=yq*1UP0Q}-&5@G@9gg(_IKB4<%%*@+O)eu
zjSaVWJ)YWYbmUI$snX2#MnOT#dwso8jm2n`hS%f5M5aognlzW3QS}h_kaF2a>*1A=
zC`~fqRpo(M%7&jRjfPhb0*KHa+iOZ{3#gy0p`hIV*&8?H8sCsEuaj$|;qIT8aNPa(
zU9xFd$vUp?fzr3@P{a@=NyG|8sTC5XLoBhwtO&uKJdooH@<0XCFD3&AZz*rlF<;7x
zxEIn>OcP?$($Qc$h+5vteCl<E9g@KT2!R!DDDtbYBVkll&NN$$z_*gkmK=p&WfC5>
zr=!ZF$m4MKI0ISJ9GPVy)&<6IDMg(gu&m;q9LpN?osm=7$pDOlgIma!O0Rq&x5$gY
zkw5sOf-#lGJ))l<8=Qo#N<JJ$q5g5Nk1$&@6>Z~jY)2_;2O_ikKg}L11;xghG>gSi
zV&=)EXpRicvPLS+x-7l+tx=I%pjjeQ^EQ_?rXQ`8n>8UVD`mv^=O<_yQo|oLrg&35
zHdw?q%=-n~kfd{J14b_JKgcSbijSk%V}?$#jiznLVQpYo|GBIUZTL3)_Zy>P7ED7G
zu{Jc5C)?rA<u;7UNE<bV3=f-Zbd=<#JmrT?S;v|Zg-zM{Gd2aiu8ryx%cn`C?q#g*
z`|&Y@Js#C5R?4&~5^IWt>E)~`LnFART=<$cCCG<0C6t9fYbrOT*5^hVYR0rt7H!Rz
zR437Pu`jcy<~+n>OHi~8MA3F`LL<6Ohcd(VAg2Bqi<b6AjD3?N$7f5%=TsI`XO3LK
z4_F18$Q68X1@<+o)(bCXj#aAF%9p9vWn+5m;pY!w4=?g@>fuGSc>iUrOTWg)(hf|$
zt_F>xJ-mYjXxqU8_h2QvRd(lkc;;8AUYFyq1+e&QjVTlvX~4?miV=QPcQnE$N6}EO
z8L#+YGw7?}c!14VbP$^n=<C#sK>88?7M-x(LHO90wTcT3N1GAB;-E!fdK6Z*TR7j0
zt*dD>AT%3DP%FEk1eLJ?HrMqvAb?FFY!M&-f%gPZSLxDrW)uvH@e}L;CV=!adw{tw
zm9Ym{)6xd^Kx1L8+Frp-Z$8_Orvk0r`Z#9PueEW{(z!Y-OjaBK_|#mM8l_2{&Qi5;
z9A>dpZMcTHELCfL4<WDcpiA+{l1ZPv0jJN`1g2ga|9c3CLa=9f7KO%Y0v0GHl3}-8
z-fSGd<uatwyxT65#XByOcW9F9)8zJoH3tp%zdDu*2Jr_4-XMN2(B}1d7xRv2@(y9%
zM9lj`lXn#JhGE_bP2QiF*BA57YVuBE-XoZ2)8w7Qyy}=&uF1QAdA2`kUWF#_ir~(u
zUoTBq>e8tHJ%wNp5KMO>n5hti1Ho%f1aB~cKq(LiGMz<Kh2ZjMAfmbrJ{~CT1p@cM
z#{;ERK=6bU!IKKXEFg%zORo!*W!!cPw~U)?;g)foE!;8|ws6b%S_!v|&z8u`_>U62
z`)W<f2ez_twUJ6Y!L2~Zg^v;$Z^df)+RG??On%$ik_=lAd&R<Dxe~;^lBK*7A!V$V
z@3n@nmcf|@LowY5ari~sDg1MmFSIKwbOB#zOQp~#>7muKcv^$~N|NlW<V&}TRYp9>
znj-&Vz|@WMi?i#`A?Khu6mP1y!fuYdP0rIqPJVtGAT2{3R<X~2zY0I!od5iyRq%Q1
zbUPgl^%uO5&tACDl6&E0d?7`7Aw_=Sob==>)Z6`_yg<jJx6*_ztI(G0r(E7%%%xUu
zEVy&OPd93`-CBM)MA*vk0-68laiD3*(Y$#$#C2)6fii-lOg>C42{%QtAii>X6iL_W
z|7hkl`pvp>y=Y`oGj$~(%(o4_O`gB4G29cv*Ghq=y`X9&&;J5uF!9=YwIh^eQA}Cr
zY(m2BoWJ@dgx&VD0A$A&BAiZHlp%%)OQliGR9*5eK>^VrHS!}hvTTQE#~Zc4{Ni<u
z2yOHxV8>>CTsgIZK>hOT3ytWC>YpA(mCLV^KV-IvgpAWK53#EH<(DYpo%<WM=qSw%
zTL)~gbm(XKhOONujX8<aMx}%iY2i}GoU5EakN+r}GM0XUlX3V|?mF$8FXUyrf@Sxe
z%Bi5|vc&dNwf2l`zAf+TFemH(OlMIDjA9&@e(Ml#FXh=jrMf*S6E|`AL@Ow&4>xtb
zIuyc8RM;Kru?5N<YQ~7klj$9*Is@i=woW;)qYCR3W3ZrDr>uEI@MxWq-H|&=R$u1E
zIwfp@$FtTQL2zZA61t-*>y#nE0&ksi?h)aBtW(x^;H*;yEY(=2{Qj86I^`ucTiYDu
ztW$D+kS#67{oukiCCU>Dta1_j<UN<-)kQQM`Ohz@9t=m`_ymnc`jYOoy~7)H{JBA{
z+Mx|vBarV_pth%J6GtPE4_By0AVn+WHIlc&*$Cw26*4o=-hf6RcPA@GAcNQkHZ;~4
zf%H;J3}1l@Z0BSSKZ)T5P+kga;17^thwIek^yPlK%*H|bQ`|Cpm!xa%hiDP?oj7e0
z#Y@OG0U|+PWy`?z^~8R(P}HwY;KG*I$ZjTe>u8_`9nR$`7L}yH)qNenSlRW`jeQ}4
zf;VKs_A#^MbA27)?|1E^?el@P--=8Bj+P-P9peiGV>yDk`_P`6<tIV@!(9G&ESRQ0
z$)yk7r?t0d?|-;PYYT1dvd_(aIs!`Mtb(lp_@$nZUYAQR-y5QqKNxbGak&Tgx+woJ
zp-ceEZXD(3dqV`L`aT_{T<x*_-(7iWKsk`#|25@Nj3iT5Ga^oz!Lak?c#RpWwLPI`
zd;9shTKijT-MzHso%7?hgLi$8YReuGMXk9eL?ISb9h@#3c7k}jaVy$#b^oKSkj~^A
z*1myIYu<i+$sSw?kY2#0&)gH@gzvF1PlJE4C&XJkG8U8m)%h~t&dy4YNEwwutqLJ7
z{ireC+N+M-!t7OLOmS6bhW4rhTMEk7Q_%u{yR%oV7Q(UY4;E_dRWJ6{2p9}{Pa3~l
z7BF^v@4;TRCgr@X9qd)#`(D1Ter*YIt%qJ!>{T<CAg9~kKx3~uaEW|}oxtAtE8EFl
z700Jp6tg9!<FjLzIzBKLw`%cKHP0G(0-_63BapvE%U!t5gJTlvh?)=S3AcF|3Ojf5
z^TImVdDcU#MSbiJ(&e}A#SprNv+Kn|%6=6Xeje_!ERc0O++r;)_(0a|o^~C(r^UFF
z7_M2W8QqaERS<6=7?Tcx3AXz-qH%hXsV)P3R8cL-l#XS1v4+~Y1#F+k7^{GsQSjAW
zde=LHdtVbs8Yh~YDou>)C@639N|bUM7?M>>gJJ-heyWKn6wHMgQnY?;Y_QLa*kC`D
z$C!Nc_`A4HOq*ql4YMUjm2Y-3y;l+w%nTyx^shsZ*0~{#RG(T}?Xs=(N}y;Ay%I36
zfV(WfZn3I-byB*@3RaMLWCg1d8{mt%Mk-uopb`@f4=uCIY2(!3&|F)^!W`PSp-k}z
zS1O>v`<yPlOH!Q{V16gb&?RO$IDL^Ecy|^X@=IWZ_ws6OoL+Bqu+-b0wV}@DhS-L)
z?<gwFE~)VhM`YyKv=pi&wj{Mt8k5g1f|KMK6^8S7eMCGbK&lg~W8+4G$B9*jvjcV8
z{@XLmoRXg!C9Gj{ZJwqFB;Uu}%(<J2k`FqODUOp+83^YmSxe0Hz)t#KS=S34CF^=?
zZ*GJg_2V4Wrh{{D3hSu#V-=ilF+}O8**f)Bo58J|m0JAguAK%sXA_rZVo3V2@DD0}
znQGTbrK_rM*97OVn$?o0;UlzWsmcs|GD|+Vfd6fVzMuiE&{BGrl~{05pC6*=Q$36e
zMlAP_N*JISmq0oAA&d(hk3+pW3bIn~@t;y@^vs%?=$SQXUKh;!Sd;gDO+E^yBCH49
zaT&4UD@}4kn%oH$Yvcn5cG3?F*L+~8<^zrBD`A3ln43WLYA+T1b`QhU2cmh*tffYp
zpTkB_4pFaOgyiCgEs{s@bA0}qjo@*41SK|tHRb!j5wmdw#r1^G4H+>u8v>O#=NMl0
zK=^Vl)+}ojyj(-J-w2+q*l&!@%o<M)u;a4FDmM`M(*?f$@_o8(yt7`K`$YC96tqWO
zoz4GDq_bcSn>nfS%sJ|hGv~NJPLBu*JHVy~WJ+ryVY!-vBcObVbzZK3t22VeqQ`y;
z^ke;I@I%Jyhy9l1$NDYV5Bn`Z-Xz);$->mw5tApSyh`C*)lK3ZcHv0hW7aG3*^Ih_
zO6!&&8^!H8pCSW-{3F+720qVWH7S;BvV+w`aYFiZmW;+sYeLTBEY!S;DAvRuwMaRl
zMS@X$QnLa-XZ=Wnj+4HJAd0N-U#N}@Hn19Yu@SnM(vvQx!4?NbAhd)LjJD+%G&!Ox
zpex4!GV%c(?J9NHngfMK+Dw_HWAH;7LB1o0E9Ivzcu5;R{_|<t{-phsx77fG2lhJo
ztRIGthw4E1c;>7VN?JN%L5jdYv#zti@jF;am3}C`><}<;JX9V6$NMAG1Wi^hMqFfp
z<3W2(1IM$N<q|8%;I9OZKgxtLNx=W$wQ}}akUxH}Tu?qh6(14)*jN6t4eGL)M%Fh?
zvZx)ZdbJ7>jKhnga_`m#D{L~z5v))O0#-CS*B446jXg)od2S}?2e$(?>507!sE%;`
zZ8J4MH5I)?`tULcH{E^#1>s%%LNm6UqOcoM{h5%LfzO%#So=lrmo(a3xRFXs(fWGT
zO-$Xl8CIX9Uket_+vJ&LvQ!uS%c)I9LZEz0K)wzpK^fB3E_duCgJNMplcbWBcw+#=
zEv;b>u<E20>;cxj^bvai4k{I~2YOAByOO)6n6Q$&rbu7OT~j=>673S5!lHLz!O6AZ
z?!$f5^)5AE>FO4;J$q3b=icZp%KD=&gP>Dr$b#SD4a(P?@|-R-`?3!>g|qMHBZ~!m
zs>sNlBG?aL<l4*5fj+Vv#HT*Z3UP`MKa`OtYf@8Ls@9e>-A9%j_|&mJ@~*(Aj)&A~
z+u$hWQemfT_Q|(g#dYU+rM_T4A+ff&?K05&6iu>XH~r=v&}qjpopzcKQySaGAXxX@
zp|ZlV5-KYU@!@3!@B$-w7R(!_$$J{}Uc$UoP2RJZHxTpEG<hR1uN&sQq{({$^BQAb
zwkGct%)47m^Iq5FO~Skrm{*|5n}&JYF|SCIXTiLcnD?G0?;Xr5!n{v3c^_ilE10)T
zleZZ2p2ECUn!J^m7m0b_Yx2Iqyylqqqb6@X=IJnRyC$y$^UiFhd3!W@J27u3=KZ3{
zJK*DZL;TzojMhx0l*gwV1?zw-j@PS$7!741?SUrBiN<mbX{az<4QM7_bEHYREh7@0
zDIf$%PPT}H6@qO*5a&cNL?QSL2ojtK2HeJK0RNWW0GdcAnyA}cbA|y;m=jGGo~8%T
z1Ub>P=V=}S8iNx}GoI#hKB1}UL{pEa*#$KATaGloJk1KAx#C1qd5fdT1Ddl=H0ODm
z6refkMDqtv(+g;Ra-uoF(>x3`o1JL3@-)}-2+cQ6G~e?y`+(*%Cz=(EhVFh}0?m6)
zG#~ObZvo9)B*j(}A`Aa+JuP6^@87LDof6{v!24lph;O=s+ZS^?_|?VS4t{1aw}T&D
z%<bU27IQoJrp4S2{>@@;2Vc6F+ri%_58vr*byy(e9CCIE|6M^Md|@`=3DW9<7?>#~
zLqZ)ewjCZx!+Ikz?K1P?3Kn9d%WPB+=18HlISbpSvt<y%dhja`u#S`%-}j2-%agy0
z@Er;bc8(=SNq@3r8h(3!k!(UxS|pngY-9w~Hufu)oGdLXl7YlNroT`FWsWQ-G9b9(
z<`-v&$d-p1{iPEBdQpWM|2jx|ij|it4Jbn8=&95QHl+3JN=WIjBIrr0orRSC-RfhP
ze>HUR%i!WyQ@a|38rt;xELvn;g}~3nuj+Os9<@PQISW`9rdazp6gO)Y_7|{8Ya2C_
zJ~vd0NtH&<!iL^Ti4a)xp1``yBF%H-FUiHXHfiEpx2~HYtbbNuwp(kzcjX%C98cl5
z+uC>v*S~l4hy3FU&;F2O=RH`wCX5$hN)iieh<TGFA**$6PNI;_wdf^70{YX^7M)(>
z(%I7?UQ-i?_H=h@Pwgt&v*6wPYEK_+{HciCNzBy447G<fNF7&$;i<9Q7K7`yDDk?~
z_6&85KefiOJ-t_YZqM$y|FAtKY|q_?Nef2F?O7TGKwolu#P7Uq&qp`4?OFSsV|&Ja
z?zug8-np;#aO)*evtHhLm|cg`7EJ%vyY+IuQd|FOPWAuK3eWZLT}A!r{fyj%ap*J;
z7!xY20JOjmt=JTGgNEe6z$8=1fdPxCDN)~OdJ_l~?*qjupy&=Bn=lmz(GxUYV$b{r
zF0mc%J;NY80K6B%QKo*wdWrd~W98wv1NWX#?qc}Le)s;@8*XU(@9;NH<G;L$@qhb%
z`!D+?w|y4`buNQCN6^00f2x>a?J;Nr7)qnQ2FFn7Q|Oz9jT02KQJNk5wTHe50qSs$
zy3yCpeV$!RD8m}dqq*GG`k8rM+keZycI>~7%RKkr#@YYCKmYP4jUD{+hc+YiHOOos
z4W5GJMHT+lef#HcsBoAcUpcnVywr31{wR8Ieg}IhX&P<Vo~A7N1Z~(Vc&aBiEP1uJ
z{O;D@+V(VZYR{C<Jh!Lz{k6yFz`w=9SID1%f##w*n_49Z(d*zkHhibl#@NUu!*i&A
ze~0>~uXe2e#wDKXZ=Ur(8~<?PeZ@a4WbqFR?+<T!>~SsLv|{M9Cx`{eQt%JIr1l%S
zR*KaprvLP%8+*aL3pujqyT<SQ!|G0c=Pd-SDXEnGWr&QM`^Bmh1vhs#`^^LU%6{jA
zCU^zxo5X->uidP00QPMn$2Urz=N8ZRu0_G~?ZVZoky0-=c)s6{uNu#H1g((^Jl`Gf
zy2JAwXHnxVWiU7Bfg{mNJCoHV!_ob@ork)}FuuQ3R=AJ16!ES*{N7_TD1L8~mSi|9
zeAMAwzB1&08^1S+6`t&E;i>l#%qfRktgx1kwnNv~{p{}!_P3b*UB~`@-Ht==%{yG7
zqW6~8)i}03e;5z(Nz!wN(eBZIkb>U(QQbQ%Gm2$O0~NF4B&h>SJT#CqMNY4a&Ze6N
zI^y|g{Y|Md<c11Sm;mu{YwPF52Kz^EL@z41-eZ?M#hEJ5NJ1K1^(dD-;Acj}r=(c@
z+Kg1r_cSj5BDENXTeyH9z!Ar!kNpEm^`mo78k-3hKHGq<$p5V`!Q-ymEAWQ`j*JCN
zg3Ex76Z->P_}sy-J>!G+yhb$NQtXCR8)5mPjeJKo5b(*AuSpZqvf^^G#xtMBmLsCa
zKd&^T5pz|O?+;n1^@@*S;fxLrG+Tmr-%Olq{>!TiyuEM__NcWN{tvsxbFvq<*ke>b
zwWc{n?mBXT5_hMXe97ALWgh8qLQ2*M1|z68B14CbKzne-?%DV;c>kJ%{i(5Bs_JY<
zKjFWa)f&wj{QI%TP@NK#2c7M7*a$v24{5}<dt4)iOf)J1djO@Wxoq?dGiiN7O~m9d
zE@Q5Cpcu)U&Bfn%b+&9~Ja%@4i@>=MSCb;{(VdqHWV74CX~c&KWGmW{CvdK#?5%7m
zx~jP|npSR0BJaX&2|#YaOtmx%jxLRDW)Q4z-*st-ap<nAD;w)Hw6PXHPxT1S*NcJk
z`AJ8{83k)cyXv$A9WuU%>yWe}xkH8(F}rK#NYiUFr|esJp+fbhX*F53yKYE++d6{7
zP#gB1FMAJWu$0cfXPqR!7bN{TNwzsWG)cDC?!=sL0;J88&}%4^vp;11LThGm{z5$x
zBLwzRs5Db4GItVs>=+UwH1@Jo<oGtt0iWCFGb-P#PjkTMKELDv@wu;z`FHTS+xa6s
z;B)U`mH_VXxfkA!QSrHrSsHxqtD{}wbJtuV<8!ALIslD8a=+tq*Glt%&%JMP)%e`C
z3T3C3D-+SG)G|Q9=RP(OM=1V$1;gjwJyF&eZ(-y^2e`!N-Z|O<pS#~;4L)~vngf1z
z>&2=~^XP}DP4n(3Ek1V*(6LMN(WZIiS8YAvbN6>Ff6F3@&+V0c^5GZ$xqb4M_o}c@
ze#KW%?2{X^-|p;_({IM8_Q{p6XzY{ILNxZt3}0V5_^E849BR35`{arlvVAf+Gt%NF
zm=ycu9oeXvHcAz|6!T5Cys%fWclw&#*e9O}0cNd}<3E1N*^g__tNpa+RZ~*<!Q4ry
zu<Gvq@&q)#QyVf<^sy!6EQ`7*ee6$^=O0?=>JaXr5B}(kL%iU{j_21q?|MGJ&U*d6
z&fj5*zA-|hZY&Ch2nYh(uO4<;cNhAD^QX1-AHK**|64`<cTcIh{x0!T=cYR2r>1;z
z|M;mteCioL)ocC53&Ehj0C>~zol;s$uk;riPHFq^u}_`G|D7tv|Fs8>7rpo$XFSEb
z1r$&5@WQI_6dSyT`h-8?yvA<~ck#U<{NBA!tNPy3$@smoasMm$jc=yikA7y`By8Wt
zN&gJLaaJSXarcGa_`;}v55KYbC=S2z%Zv0l_0Gk3NBqX?tGvW-oOlss5(oUoS3i{T
z8+X6?@8CD)zbS7xFTRYMhffUWJp0tk^4>ClWuNNj4Su8bLcA8gapMO(eq&wIJXiRQ
z^FMHh-^h<=v7o{?b`6G@SD@z!piM9Ge|Fy!0!AzYv6ouxQvD97Z{kx?7ZwUS9-~{t
zKlF;AaCfKAR#3RRP{8Cf0w!Nm${#7d{xk<XzEDNsbMaNcyMxLh93LDe7+T=ac-~`S
z3I=L}e5d%|DXuEZ;P?Vq{bJSnO@aE|<LdW$t^*#QTE9fOe(c+_Irmek9^v?2V-7El
zp2+O9o-m7fA_FX+<pdAP2f|izdla^!$nQJt@V7fZ<cpVMR6pc5GE_fgGJAe&Cm(BR
zXHC#ybDx=yiz8I}>J5s*7r>NLf!->o4EF()2Xll0<x%Z}mq2;z=xbhwuqt-5z7=G;
zarY25Zet_VeXU`C|HJ++ZKUYJLZ$boaxig|$DlNM^3Mw1uXofK8T#UxF&xfXfYfs<
zo{OR3Qm3t`{rcrGg;|738Mkk%6tx(|cQOS_zqSR_Kjz;IgEvXy^v5EYzobTAR;lCh
z*$jA^WH3&jJ?9NRTbi$YR@CCNF&FyT7Q|<ZV)$$Z9-j@S>r0_HU6UZrF#ApCDxJC+
zP*eta%!H}i<svtAx1||5q_zdL574uRd0(7*_CC<qz=$!?a)Fxc3#emam`=Mv!>q+G
zV@k0%Ls6epjE@hoM@|<;)k}!&hJQ;DzzrIcc7anb-571;@YxnHV_psyppnuTm$(3R
zn3B)H^kWPiFVMN}OcyqvRn~})ZP_EI0;6>onQDy3vL$t2Y2)hN3+tXM*L?=7dmVWq
z4ISnU_L>}cV}?$nr%Ze+%n?d!4%YcyR_8_d*p)qU5u#}m*0Cn6!}Ma-gtO<lCghAV
zDz1UxPtDGs5gTA<S%2P-;s3pZ+C6Iav}|&P3f=g@WNrl)PR5NtLYg+&RVa?P1q}`r
zZ0a|z#dA1R=jTx6UZp$bo&pM$f5#;bRae&$HvYKl5?P7`-WWSC)uV2&Khy2imTnI<
z3f5k#ZjW}y{7GDQSSE4ZF=dk69pfiy6@7!!nJFH;^ZijyVHc6ED(pI@J1Y8`u=l8^
z>g)V_g7RLd^mm%$dneQIJy^a{9RJ>qG!@=xW16fF`Zf)ffe|W%&?EW9*)1K;|4ctP
zFNf0)J{&3I39VshKWS+w<?T6Ap`!gnNRKODi%mn#)E^Pr^N33+a7tyo7F%WQY$v>*
za-iYye&)`0gHKTFX1o^fCu26%Ozwpec)Xva*;U~EOp(9oi1)L6iehMT7-)FBpIb$4
z@P3W}rANG<%|#A)KbMAhi}%xD$^+s36b+H_eqODlhmq;zk2Bs+`eN_#eg;;?3oh_}
zPR)|lU6HT;OL#x!*|KW%@JO7F<GOQ~Y$YS*$@pKE{X}=}$g+eb_U!Hw?`Q1|hdJ4L
z7M(@iVHA11pPI8C6z?Y-isJEpHWxbJ{ahOS5Ac3Y<W_<ABRrzY+4-$K%h?5|Ibr4D
z=iK1^JT~}2@O~n4tHS#Uc|>!6_utm8?(f{<{p>u&DQAa0tHJxRU5^)B;Qe%)$>IIX
zm>^&7Or7w5g!i+t$kTo$<NZ7_*b(pN;&{1gr^ajXezvBd*xun_g#+Ht$`tk9>5~+B
zjl7%UjQ8_Kij4PDFdn7xI*%%NKO@-(embBz7YtBJj84G?_G=dpct00N|7-Amewaa*
z*;Gj9@qRv=;T_&jIO6@ZCuLl|5wFGjNtxk-HS>Tzf5ICs0DVHpiyS@+hv)M!tYIF{
z=k{B){#_~^AYo3urN#4k6bN`cpDk}`@O*M1pU3lAf(6rb9?xgyTQ2c@c8+zx^BMV;
zoBi^gN^O)+YXpAjMM&rIe1hKM@O<(im&fz*aaBIx?@R<r9?$3KbQgF&Z&k)?@qE6W
z?xwu=fRe}anK9i1p3lg(4tPF8rz?0qO$IpN`8+nAwmhY`!{CKXSMR<~wWN1npH<@B
zmyG9AAG}B|yoPsQ>GPcMe5O@8+;<%;px;_p8L!3j*-+q&=d-sLkLUA2!TsX-EPwo;
z-<QpuT*ZA^bPM&q>`Zgd_hsFWaV&Yq5Y2sAbFBa&<M}Mfmj#H*m+t$%Z2L>H`tr-6
z$dzKkl>4#|h9V~u_Gs?QrVW*KniJVO`Y<>5Wo8&e1<$84?*Z|A);Z$&?9eHAKGUzp
z3E(shnA|S$eA@q);`waa8KdC&(B0EA4|M=#csyo!KI;$1D@SCC)Cta6I~XDY?z*!m
zz0~t&2NlmJLx*@i6+bkjZo1Txg@FUmw`J7uGTggmJRekNkPS$Ouq)p`k9a;GaPJ#+
zf~HDFw^dqE*+Ed=c7^AY;h5nT&!;+q_%r!s>Hx3sd{Sk>i+TbvJfAJc8Zww>3l5wE
zo=+(H9wSCR_L2gcPRgvrXMsVy7-cM+2!@5zLbj9otv}-VWZn;+PXxpB0b?OhBYZ6&
zo==~{9b`P8MND{-hYEEmv)GVRJfBa~5ja5}sVEM=2TISt=S<dyMRFTHXKiRM<M}k|
zui*KNG<b#QlPu3DhUa4~k3;>4!^C>_KtsXf#45wtfqE1FiXg=E$z*dbNmKwO=4pCB
zdi1)RIVa=!P?V<68J<rvL--ksFh5^&_&rp4hR?@YM+M55D+Y$S(oDwlxhN`lK2JRC
z6`l{;)lC6@dscdUG~)Rf*u<ro8l<5h9+DkYWB8oJ&|q@qn$2J}YbsB}Cq++qKA9?>
z51bM-cs@o?<HGQKGVT2};}QhpVr0C4j)(8x9TYsDsc)u&EA{GHyest=wP@Z*%v-C;
z`?l7<hv%ci4@}a0AiLIm;`zwEq~Q4kQS^Ih<Fkn8Gs6LqDF{Oxfc}uf@1dGOd@g1q
zST2uXB^$vevPSuxc(3q$7}5~p`81X<fCk6^i+Dcl6Nu;Yfx0>q-%C_=qJ<E#iOrm3
z7LGWTfz3ow7iBg*AX7Shr31zDiGuPgc`zhIvYHhvaQHoxHR7|8q3EQ_C^{JoMaLj-
z63@hW#Pdn1hKJk?hUbGS>Wz%6K%gIKD6&!9p2;NV@O$Vg#pgw=Ci~@@9A!0mST;4?
z7h5HskK~U*Qgdn9Dx{CH2t!#{8mr+VoS{Pc%-@VWb`I-hikd{}NiPGPG_||~B8|W&
z7P0E*vR;mm`Li4t3o`fPGu$4)-vIp7;NV6ws?Y5hMD>vw`+oY@3Du{%z953x_2odX
z=12!4wY_?jL-oPFCk&UN`apGN%%ZqFAf*P7#ug4nRG$D9)n`8|DS!du>=zK#2P!{<
zaBYOIiDIZev?++{b6h}p9s@)5DQ5+Rs;EB4nMfwb%Y)Y{*=t7jJr@2ZN=Ee&8LCf1
z*+Oz(Kh;8VQkDwo(~Sjw5m`a<{Y!xS;(YQVVEC+m_2m~vZy1#^V!S@~0F=Z}<Z7&x
zBo3wrO3T6LTn5_%SWtAt*0Jg}kPRn{{oH~Ml{kV9tz%UU)N!Cg0SG!IMf0FT&(Mg5
z-D1CU0v#%z#eojJ%GP`_*7mqudkLS*S?z;h!(pI9Al7L>hkyr2AHAf24uw`@phJ)$
zgAVP`DWF4{((C7ME1*NrB*{F2#Vmk_zU%>}rqqQ!0H2WBum|8&l7T${&zEYk2iU@;
zd#UUy0uGy3*aOIR(rNYpwULgbA_9>UGEj~?be-2+A`DIQQCXMtW-98ww5URpS&4Mf
z^BJ$Rj3CEP<+=n9ny#V~Il&E0cM0b+%N^X%+b-dT-ecq+IFf(h5{GD^OSqw>tdLO0
zMy+s(EwqZIY9qIN=OfEOeCm21d5_~$HzPXHx+>9$X5Ms-PQ-J5eSr@E6eZnq2~hNn
zCRs5?UUS=J@+sGFMxn0Zj3ywQ(cv5_Dvj4b-i$*yoDG;aQIj_T^A=*>6ir?Z=Dmq|
z(=>UnV_rJuP1oeTiFy4oZ?-0HCgz1<-h55oT+FMFc?&gpA7S40i8ODyCT|Jm{f2p~
zHF;lP-X_djtI7Ko^Oj)VCQaT3%$tsRrJB4gnD-*)?bYP{gn5r+-eFDNLCouddB-$)
zzhPb@%sZ>eJBfL>UZr`LG<oMS?-=G?*W_Jwf;#F~&LE0Fv>4ULC|Hf<jyN(s7!74f
zeSxNp6V14*NJGyFO@ZdwtBy3+Z{Y=SfOM-jAvos*SaV4s_!S8Law0gT5Uc}&pPdNK
zC<N~V!C@zYKN%(tY%9_PpxNa_bMO||-Y0;j*okHvPtyTtzICG6$kS8@nlGGaR`WEc
zdJ&ohPBfqKG@F6u9VeRic$$xaCeMjxCQmaFXmXrrrtmaR0?ms~G~;-h&Or056U``|
zrWVi)bfS5Rr#aV?(8M^=B=9s_fu@@iO(dhC`|zhg)7FWm15fiB&@|?-kl>OGe>Kx7
zSV-F+=dh5dU~w&(6D-aqbArXM$(&%ZJDC$KHYam}#ka|vV6iNj6D&SR<^+qvWKOV{
znydjvN{N$!k*If55_z=MCwaD7jNmbafLc;?j*}sf+Qf0*O`*xMO+{Un411QOi{lI<
z{*IL)kIu&;Oj4$x;2|A}m2J`X#Bz8@#j!FT(pr{`_g}FxIMS!FG9J=<i~u%vX-2FJ
zW;8Wcz5vULMVKTi?a44n)P4etgdi35{W3n%;HNo!B%{=g6_g=$h(%@d)`w+$r1Q))
zuhr$N46f*;f{%3Po`RipHHLx<omcWMD!&A~^Dkc)zpANtMjz1miACO23cBp#*VTIp
z=uxQj5_!Ygj$tRYawsk-20Ib>uC<1mNuO`3#bih!G1v*48Y$RG4`E#<5;8}832*R|
zPHv0m@RMF0>m43Uhyz|lwM<9<f(0Wy`xkT^@PCD$)M;Nlho7``j5qj6=?-`g@h>~J
zXLqXS_B`AF-@#9+4Yh}5Ox-<C?~Uj1la9XVE&j&xYuffqALr!%ky3^Khw0zJPx=vB
zpx`HsJ`&I2Ck1%jp0iiA?J0f93IC;v_G}dY9sHz$d*eC$r1%%STQA)m>fgwz{$qz%
zf&Y{65AbU`KkbNL^U*Ky9DdC*cnXpm^-9Kl<JY8LaaccN9oskSInV8Dc7N@2i(gX*
znxf#>T>Lqn!>{?^d9T+`xx@My<Ane6Y!&z~@&6Wn&As2^Rs5PXYeR4Rzph_)z!Q4W
zY5fnYV*SVcuj1E?G~SPY)Y4e=k6I9WfA}?1PPoCZsY8ZKgJ07+joK?j{}!*suc?`K
zpZGPu7C-EWUo(8Y)-+Q3ezbyL)8s`JC+6M@?(u8pcDyhAnn%BLi(m6WqFel$J~0Y@
z&5{??dQE?!3jCUi4prmVEdJIFeoa84JN%l}{haY@-f3C|e$5LW>LTOUH2l^Beoc<q
z9ez!VeiXl^`du=d<9yZOJUjCL$FK1ozs7LtDm@ScvcCcBufYCRp2WZ9^e@A&+4?qz
zUsG+zZQhb)#oID|%_nc89ba561;6IEvfC^(mt}_5;_z$6u*8RIai+D)%g_(!UQLhq
zH32%+0WT}qphDK@<tu_Z?cGAw9HW<hF&-gn0;6e=^F)2@9cqV4)&wbZT{{l5<`6|~
z==S4iEoP0`a!Z<%#bMS=*HwjC!^Kn@(#{*KngKdNaDi20dP+5SWoQ)vq9xhU=5-{y
zm}54t*I4Kct<CFFcbGN5tmEu;pAXmAydJruv3Y$(kIOnbg|m5`C(4GUGeuW!A8^5&
z`&ty;nhaE8S#=_w19&Mt70&^@oE=VmK-^l%D*EGE_c(x;L`(1Bn9|tZ2EjVg<;A&m
zAzIH)9hvIU+v7>*?NL{%(+<K<%a&oRt)C~zZC#ka8_}MVrgp`1>e=OvMzo{5sy-db
zU1gKk$GbWk(e~^r>ky(6a4GGm&bhQTRbH;w6|KxxR@d0evi-PUkOSVz+~??iYzlI~
zTbcaa1LCbr3;B2OR$gEjD}c9BrwY84u(cfCN^zJ5Z{^LFF7Z}AdRE3;DUWl;Tlu)9
z2fUS(XRF3r`8ZB?Dwx&<$D?sI1#e|s7xZd5yi~?pdA5r@e1jPId4HF9E6=oaz*{*u
zOoO-LALL*k`t2~)=Je%?c<7O5Z^sEd-U>v5ka7m1&FR$_JmRhV*3zN;LBqVqTS*W8
z=k}w6lB%#DrLh*6{peHdw>$gM>)&zqqcb{c>_;n(YwSm5yp@qdW&6=}G52jhS`Z`K
zkB%|oF#Gx`_M^#0<Pyb8H1?y>M%jL}2YY9quN(W(Y|1+sx3sQ%<^k|lisn$fl^_3#
zca66)>KQNaR_347p11Z6cRK$*Ud8!0;sNnWPBwMMEBPw<{_#pW4F8w#O4k1sui}+_
z|C?9m)$|kE{#*T=6aH;t75KN^J@+3ebkcLQh3Fq={h@y&!Qp%-tsrS+z74a^CZ%cT
z8(4=4+VLPfCW3Aa_h6k-Ilg;!y0YLHS_{JB(OG;T050>kML>lVZ|{u(xVrup0PZ15
zEB`@^%0x>kg*v$bhA-`4rI*1zL51NiV&PN?7)_A0ExQplD*|ap77oi>D)u82KtK!|
zrSO^ys-HG9vVD?lLW6^&$^adM77m;ylI*bh{63Te3<i&;(O|Bd6`TZ)av5>q*Ud$p
zdijDqf1eoor_BKJC;XzVm)t-7i@Np@^GXBoeqwbuQX~6zESz5Kx2qIOD*ec5C{T>t
zuFnIQZnN$NnAX;BZp2y;d4D}kyC>airlvhb)6PogNg8<^Nz+Lh;ckb05(McWrVr-Q
zZ6C%6(gvEYFBk(hq_M#Rbk-N`YP<oyzERRWB2v(u*BVb~$S;%5+8clM*IBy&hl7}R
z)Eq;<7MLvgSO!2qBms^^Dx9a2ZT{gzgx?Q67)aKJM9zm%`PZZM?-h%MnG$RknZT-Z
z^nv8isjuf3Oxd3qxIDCZXr7LRXaWz8DE)ievtBn90#z1B;^*v1fz0)mO1hTP4Z*nP
zzDWvEE`wl_L_lc^`~)s>4SK&mUtLX<+E>E|n$t(RYKPOQfh=({q3uZlwmK9q1!np2
zM~yCmM;&CwhFW>|fX<cG$`qEWwTYqV7j)DLAxd1NU7x=Q7+cvkQ0ACft&tyzg--;a
za_DIG!(yRc{@ql}D+?sAW*@VSOe{E^-Bi^XHG$`j>T?H;4(SJz<t~K~x-JE^fPLw*
z?Q;#ma+Sc|90}gV2~8M~zcj2%m|!7o*(Pa)bud<gYBxb9bm_WDIgU`<oc@J=icKLM
z9E)tp!=iEGIc6RXQrwOXbdL^%FDFTj>Kk43xesiJ7p(>NT$-BPy-j8RH-~`i-(Qve
zO%VTzCO)GkCX>WunwX&`K2H*3XyQaQ@m1~7p~XGCtEIDPA6a_V+V>pqa|3yrFM;OX
zT}PTP?s7D50nG<aGz)l|Q9v^jO^g>lmFn?)bL1YLZwyi=cxwlFw2ia%VCNOu;SET?
zDJK~Ef!1fPqO=0*qprF>Q~@TpEeGroD7^xYO>BZ9DwiL+N+r+ATRr5&2&pL>^C0N}
z%l?&Qr>pxDNVM{#XLiPoKnmbID#_&E7C3AxY5CH@(DER4vbQ9OZ_~suwL3a#Ciu7X
zsK@l8&6-lt%l3)JpYl^6(M$FwaFq<7N>}BvN@}55U1Uap++GR$+q$#9nzVJ2_L*0I
z1|qtbXgMsk=|xvf*bvydea)6JM8cS0&>W~@2+Mpei2MyQ7mW%fe?yr$>Luy<@jAL%
z=-zz3F0K_GaWy+#q3tk9p|wk!T+u$E(56gLXwOM=UC~C+?oq+U^7_<&5<0(|+WB1}
z{@Wl(j8+q)NTNg&6V*hscGjBMsl2*0u`!voJ?&1>#uS1fjakSZhj?WQK{p^sB9As7
z8`z3MgGz!?EMFgthqiBm+4(vWVKSmCdkAyb3Cn-pU@BCRnHkE@%uXaBh))P72?jo)
zoAgYiASe^|+Cc0cWx_)D9HWWxYGNG3f1`=R)Wo5hSv(yYR)@{vAqHA?>o`KdQ|aG+
zNmgwz%8rckDJM#~H}#Ct2PvhGBIN4B{HF5bIckwW<j2Q5I?9h4{l19jMd|5kinv&t
z$%9MHA!NhbZmhWg+|tQ*+cB7~E0|wIMl+x+Tj#CKA|XG!0UcxhlA4ddW(VVrKq0G{
z2too8PYmq7qo{WP*%T|K^&LRz9UqvN<0t56ccD7Qb7Y`lN4rQGV=9UdO)MM|NGcd$
zE^0m&V(=6-EQZiEMRf+=f|GQe>7)7!o6x)euS82_w0(R)^pi=_>W;K8g6OCDt>`m9
zs*Fq)buk(8x2Fz|3qKuxQQJS}!knB$-8q<VS0bodW0Rd8B)3SdhEa1KIPO?T!ZCYN
zsHw0z`AxVk5h|frag<18$!*DE<en+tLw`IsAVhH2cRl}`K>N;@_1%fgs{8Ks_Hy4L
zdP9_c_S01H>E;vAY2*`i*(auY@rfqfC#DV#zeolrF8rd}KdBie-392M13hT}5E&SH
z=MX-@916vblgdewN$D8EQnn|XNXKl13z8^zRi0moRj$RVyzAwvtNeVsFt=S0y{bPg
zPshr8&5QCLZYOs^Z!$xl^3cJ5-@w||ljpw|rLPZFOP@MK?ciM2zp1Q$U+K>G?}X=-
z{$2MH_V1!GeE;?qr){V3a-@sbd+g#zZ)m$XV_emh_6v32#mBzXcCo>W^47Gaoq&gm
ztYmmCTy(!yTK=HrGvB{d^(O|lbzkKU4pmO`qCB04^6ph&mp;PEYv@IJ--OVsUXd5l
z^ZJY*;8|Ae&LVX7m2~yNI*~lu+SnekwX(IeHMcdjHAdAn**~W>XZp`8Jp|ZRA-Rew
zwFtpm=(FWL<m;tgFJOxfsY!;em{g2ODib7W{~>8kc#d?l2~}Vu1I>j|L`rFR@o&n~
z3(22N7N+HE_Ul!<GB3~%EwP9^7Bw_cq>nnoet1IIWMJKV=_nCV8Cxg980=Pf_fLk0
z4O1WtQxF@bt}FYaz@!ZP*fBUz1|h3CN>6b6?9eUM+u({Nn?nFVs{~M3o$FHHF4SN!
z2zDwWgP5q}d&Bh=w4!US(Vc1$`LpR=b*CDV6g^n#9xCrs4)R(9r8RlmLS^M9nHA5P
zJk5$XcA^w@Sx+SVAK5s2Y*Dvh9O%236wyCGN<vv%l1QRkdjMtpEK|U_B7sP}u-7(x
z8e6^TDsA;+gvD&Ku|Cder*6IuqeO2L0@L-Ei?8Y5fRj8KtWY*sS1M#|)M#1|+&h!f
zHoSl%7R1^Y2<;1XXx~$hgwZ2>1gS3hZn3CK$Y3tLZojux`5x%!r9s|&=VI$HfvI4k
z$#<eN@RAwu5RHP6oAVGXHtn@bDopJ@6CSZfQZ>VbKr~f7HBew4D3Gmxvnh3?ngX{p
zp!6#0)Rk7RQ&0GVN;6YgDJUc~@(Z=Xz+EH!ptLE(C{Wla+81WadC_7elTe!9j@OYy
z{+0a{ej3jIc{h9Mr?(<|!v?h|v8)89n=~#2MDcT=$a%!as4b$kQv2Tex3WQ$A4X25
z*-h0s+XS9Fs?Qy?oNW>laHFKQb--5K;kbZ@z9^|C$+W#oW?T<sAMO5z8Am?7iAp(z
zY?^!*ij(j6=n&*z?C&o4Tg6Pca7~^G4BA$Td)|x5a6Bli%A$W!iVl*8MUv9JC_FC+
zXLK?wz`PtI5lpNC=vUYzX|sUxn@*drInEDTOKyIk@{<<QE5oQSS_V_SdKjCl!RRto
zm=j1&mx~{H7z`c=|1g4{S86q~k&s`U{UcBFI-#LbNvU*jj853pPMvEf%{bSFhHB@U
zK0k*HDoh3Uo7@m(Dm1GFVW_F1({sn3yefBW8>M64PV=H;+qVp3o??YjROr>uPGV|7
zPv84M`CfJ9do8{B-i8)V-vj%!@ZaTujHfKL)8sx0FoH0U<dCA`?`39)x?>>zoyZ^^
z-q5+je?4$jz3?|j-pFoBRo?82D2Z>SN0e`Eoyp!J#CY6Ww%|a#TZ1gSwN>@XFr`;~
zm0qba`kLJqQPrE&bd$bWO?h+QC@=c+#pas+gfnF=Ur^6pE>4H9r~&|HHuV8}GdqQW
zC47w{9u!3z%%o}=wiv1-Hd(5{V-(rj1K_%WWEN|VlZ)ZdYA@qE)z1{UPhYeNGRE9U
z7JV~w=y@OtM0zNpR~G1#$v3hWfN&m|X!$#_-34)7rJerwhADEJK7Ska_C6z)-1Qan
z?&?GfVaNMPw=@V9*CU->FGl_(>Jtu#I!V;`J0KPu1jT-4RtwT0zd$Rcm0iN<o?cdl
zXb#Y>8sWdQXH<e){A{#^qUF!T$O?V_EI2siZL1{DW{YIXyJHxiW-7VhYqD=MTTY01
zC+>(v9e0UEetYO4MJI(HWcP9Uz}R2lU-K`4`g(qc^!3b#$i$myNEh|vO4Ie3#j)3-
z$uRsP;2(0T-{L1m9>^{=Mefcr%n=KTB#}rO4f`V*(Cq={$ntC}__+swl4n*^5R$hC
z!1f<VV=X}gGD%Ig;=MEK^q<u#_VZKFu%u0tXJI;mDPEtD)>H$>2>MuOZ+e2jPzhi@
zQUk#JO<-l!u<R1ubFTeuqI*u%rVwSaE(vyZ!$5H#!2A<7CIexASue6htz0LN5Apb#
z^a=qwp%$6m0kE^$Y~gTa;MVN)h<qb(PrB%jHv-%6n+5jlp|<C$T6(sN&P#7_suxS|
za%0WXgTr!^7p!xo^1ar|_fDsH@x3=1^U_w4Uld4Oa7mMFDtscaFuHd^@zj{`-{Zos
zbNup^RKhRqJHmIGB1`r2N?^At91Qrc0JCE+g*U}f(d6{J6;IElQ+6pr#KOp`g@t<;
zG`$DsUvJv-ogqvWR=P)`a1uuT+D2CO#dno21}OcvbhsDa?8|?1OGMRe`}|8$P!|Eb
z)!Uoz9C^5ELFi|@+z3TJmHv9pi^3<f!c+Nklitw`Gp|p(-l_EJL0S87_0WJOwowy<
zHGAE9S|e!%k!@|O92{5g$gILba;c-VSk$NgZ~*P<wv_y#;&OPgH1z35Nm8FDpNkQs
zKEtorZ6UT`0Anwc=A0l0af21W;;e8YwAHrNv<29z+5EWUc@W`V+XY!<a@GDuVFDf*
z7S+M?S_G7<zVD&$9&3chzG})F^qTo;5UH!%9=Dm5%c9ZiuG;Y{J=s?d9w+Z~pmlAd
zkTtI(yV^a($i4(Jr9m{SvNmSTAz6;+$zR06_@LaJCxxtNhohmJdGnZ6yWB2ID~DaP
zTZ<o}(D9<>w#6JgmW2{LCpCW#Zb%xwNMEYcwrhg0DFI(gv>cbd+Huu|Y2?a>@U)p3
zUHF_|!SB?R6m+dg`q|a}TnZMXfB&RgZ&(M!nm~pRHIFRQ=dY$;EEU_`6Z1+dVL!Fp
z67%jE#!nDSF8PXt2U*I+^>=W8?`vwcV?a^uZT*WHl*JLIRkj6fv9=h}P5N<L=#I+C
z^ZoRJwfB*K2JZ`u(bucJoBT6)ci^>t`ZxUc!N0Nl0!?`(eu<GgvVS&5mS(jParYrL
zF;IK?LLak*2pV0;zD(vw3E6PAWS_^Y<iG}?@S;6AI@n+;^815sxzTyAgB;b#M;2O*
z?1XDBilSnaXp7<aZ)~uU$x}wR^3<2GYuLA%M#T}?V5`1}-qw$~mTdCPj-d9N5sqS%
zn7vFyG3th?-DO^kA|2lPA+TGyYa(KliHK2V6r=jP5~Iu-F)Ec4qeiyFu~fw<(N;4q
z{4^&=83$PWF3^@GTF#h3j+#g1sIp4(EP@<mH;jMDRC1ZfQDl3*DXx<TS!`93Sk!U1
zEKrFcP*Hh`ic?gYiYDUJ&*UHT&yMmGic=bCY6p=%!2yC)E5M}6QzluS5<#AV#nQWe
zm_So;T$wzTN(OhEB2O8iXOlrnO~T>jC99`Uvf9<%vt$*<BrCl%^loRt+7czJsI&0`
zg9d~Z3>KVH`|qh_rKeeSc390+vNGbyhSd1HL2v=L(Kygiu6kaPtIANW8Xas*pW|Ad
z>Yhj>qpIbpv(hJbI)gk#`@*(a5vqpUMtH}q=A3rqR=0<EvB%913=;_V$tn0<Kl>2R
zbBs`Ul!oVQ2vK;B5p7vu34Gy>=e+!YJcr#+{9p2$MSA2nM))T}<~LD<-{cT}b4KAe
zfy_WP5iO9ifZ_1`22Ao8N*+8grV~M}l;A{sPG4|QVK_OI;XLGn(<xKB-Hho%>X6JS
zH1j$f>I&nc#4)?z7#k2E7LrjLFA>h9L>&5gkdAVw2;fjr`hqN~vKR}T;ct`EIq$=|
zz@W}N2!pDxFsPDX8gI<z3#VCVHsMB>LADjCsTW~@lqG$`j&_MKsp-*9|0bx_x#OJ!
zTiT~#ON`&K@z?UFBfy`Ic*mc1)2d~)aj>67ekEE0UGuA1b!2`;fzZdIu^aHKGK4<I
zCB*Y9d3wl$o&ONBEJGL1EbGEunPsi0BrNOCyQp+BioM99%6fsU=4mJ5WqYWsU?Z}x
zF<(>mHHK!@F;7SK6{xVU4h@{m(Xw7A)v<)90;o#g+B~RAui9WF<qc=)e%z6>EFR<q
zXX#xV)rdws2N1sbvNPWdtm-`KHUE6>h9mzp-WUH&`pdDEKMeGul|yO)|NI1+04!9f
zLTsDZ%9Yr*!W|18`@k$T>i?8~rq*;Lul-2JQa`(W6(U>geamYFP%>qbdsUGw2}HJ-
z!8#|AZHar4?X?>Jg2?t&%LfqI-f<S$Ui4OEOP}+9Ew9ZA_;=*Brk%W%*S@%>%4?;6
zXyi5Ut&k>vNg3W8npLO9C$UUkYr+=jPxW2NYg4QJzap<)y!y}Nwd21z@|yvPUhtc<
z)d;`I`*9X7vryOSXQp&EI@||}wgH;`5Z50}ZFT*Lmi?@^m`-0`@B^x#$r7ZxTe60V
zjxpskS%Rr>-d@y>KQ+<qH~Uk%1kILfVmq6<1Yrf|1H_`q@~6`h?5bIUd&v^Kf=lp<
zSa2Q8$5XQ&COuI>mte<cjFpm)fn;)8S#-2T@}m0>G&OH4TXbUHZ6cIRgR~MG;jCLl
z%degn9$V25zW&6>T@NIW-0{1w^{9;6v$!5$=<?%mNzQ2Jc}ccVmgK|bWJ&6ANropS
z@Jo^^r_ZgROS1h@x+I4jGqEKZ!sc-Gx~`U_;G~)!gNsnxAFkG8AFzK6#p=6Rln2od
z2o`1XWmuFqSYO!I-T$&Q9dTTiYfN4&%O`y4vP8jk_E~tfY%6|lYaqQ*aQ(U8j%XCr
z<a2S}eD1gpNF4?6xq@QwzsQ{0FE0E#S@&vxnhLW;v+g?Tqsyp1`kZJvFP*+%x8rh#
z*G<z(Q5jt}Wv_>NHvcO@P@~5}JwFkz*=@bO>(n!fy@MZnJ4N)OmA7=DfAl}GuRp!;
zTOTWsbu>2rps0`Ak$Y9AU%N#tY7j>&<V`iehk$(gbb>efe;u`$a!~X}g}_7{sIH?V
zlGuSJKBp!=3;2gLae|sS9`L_Is2mPjSyc`PUZh=(=WVzejgsX8S&hHjwAKmglGndI
z`m(%mhXd(Tm)(<ED`nD0f%LaZccg6b=-=*tM}9*GZ}ht3zVHTr%cO^Ggw&rt_Sq00
zBS=dVuE6ir@cRS&y##*G!r$}ZcP{yDJxn^n3brWLkKosP@DDiTTEP|8I-O1&MQ?pw
zK7hL#ye;-l$hf3{CFod?`%@3Wx)91aME<e$w)MoKLH%tlhJRoftZU&PSPoX$HEazP
z<@2KJol*b&QxC7S-%(HlLLcxGr~M9;o`GU$#a>>F6+5?+5NH(hG~37s1EqLIxM?R>
zl2Pi+l2`0hE$%3NBbG6nWN7^nwDCg(5Q29nTDFUpJ+NO!!1ihcQ>##O;Tj460D))$
zSQ-G25tn+O^!$^(1UwBxSO8ODoPeG@X1sw(22FSjqe+FGE5ihCn@EDrUr@UsO2V*!
zEeojo4?>+$uOM_mX9&D3nggz3|NT!rAt=!t*s3oQ1EF{qc6fO?0X`G;)aGmxm<dQn
zVy~fhE}9yMgcne&r|VmESuMfcI0^RZK(XYwzdjUP-Rk-I=mT}6Sf4=V3~^SfPv1iL
za^=NL<;7@ypkJ_y7cWV_#$U6;3#}nm1mg3n@5Bk(ce22q4uUxo8Y8`nl-k93VM4g=
zPA3WkENGmvlv^8*@6Nb`^ERoh$G<aQdJL?3zC1Lr%K1{B^q}))(UbpZzO3k{nJ<R8
z2bnJ?V;^w7tc?9<^W|og7xQJ_tp}ek$+vL61a0r(93N9NUqVfm>n6AmUw~nQ$=qoA
z1dh9rh5+E_Mif1*z}&d;IMO7++(;G+ePxnVNX>we%VZ<Hb|6M+&+%%Qb(&!=j^c*d
zD22!1FefRa6{Q(wqsw8w-492LzL4r^c+uy|Y`IGJ4rx$dFNW!2B^{<24>C;ORN^pA
z+RFLY@z<kCiI#097^p*Rn8@%<NyM%Xg0n{`^}}U-Z=`q&-2H%m&m`=7QPcOeT^O*F
zt{1ZFh?aAkD8f_%G#${V$gxq{5Y2U<5jrqH?(rZ^2U^au?z8+VHGIqq`}Z52K$=TZ
z-P63XQJ;JRyRF|A(rt69>Myg|`~Ir=!~^!%!;f+OH8bh~`s+;Zs{3o&^#|&&{@1a;
z>X&%aU(E)1-(SBaK45>H>&^Ao(7q4QU*Grg!vCY<f%>aS1@_m;&EE9a1(Wyv^@aHX
z`|H2Gxc+MY*aP%eLC>oDtJU8R)L-YXVSjzQ3Hl4-2sTAmOv}W8txkA0)*lFYx+8uC
z^$jU2MQ_8>K+t))^xs&#BcAzh^c2t@=|7QPaOni{O}AyvP|A#AWhQ%5=C!M|w?Y9;
z!#jRoauqwu@}nDmAIPvB^=qT*6%>=IU78;QmcagL{Q(okYA)&;hw-)4_|JcI26Y<*
z5u$^A34;6Ov{i7?vKyE!y+q4Vts5|h(A5<Xy1E(!+Ywp+pAf*gL(fs;wSpTos-*ni
zZk$5CTFqn`9;ia8u<@-$0id;bCO7Uff7DG^I(fpItE2-!T~gux)C5kTmcPKb{Jj$b
z^}rDeqk?jC1`1h@ilYEUxu6-`;4*n|WzVeFdU!FojYvJsC_zxS)FA+V4WFluJ`Jyy
zQbpVL&D7WB_TU&{Q*$gn(Nby843N?RbcJ-eqkoUS;4Jvpy7q+;l_n%X6H;jtP)a94
z70t*5IXaig(W(!vt~zL!FM@CsAxCR8Th>s4++qEJW1)ez=JCM(MIB$FX}XJI$r(Sf
zaA1U}JI{JN<`jJ4angk72*PAS4Y`w(g{)D`e3*5(2v?n?W<-cbfCsso&1Ak5)mgqh
zUXW^b_oBm>UGAj$8X>9=SL`Bb1;X#K5R!!^l2wmp6~=}Jm<!2kq69+epn5>|A1cV2
zHowp*!WMA;uTLO)o{VuJ>J0`F?&!tBagvyKx8C?x;<URuh$)q4rGQm8L?YjtR<;wY
zV8{dKb3#^Qe0#C5u2@o1iws!6x2s8iRf@V2@zL0@O7X@C+p8LVY2IDG@rJ@ig|T6G
zifUhkq}-C@;-TYWjs3QMV%Zib0JO<5qQxp6u<F<Lt}7NjW!JBb4YQY=@D&f8D>><F
zIY8dfudOTA*df-a)RaGsR>5@RoEW}^j@EwmoAj#4j4oMF9dt$7FP2EvO_sf;l1sHs
z;ib@%fHi2@AN+=XZE?DO9Ql80@l}0hu>k6F8vZW=?kdO;4slN2Kv+Ukt7F&t>0hoL
zPEuyk09fhztdey75s5S>DX}n3N-Q|7&z}hyN`0^CH*PoU%EeYk#X|YC)VstS`Mi|<
z5M@^<rFOno>;=X8d{Fij#o5zaNtW%|W$F5t^W~5D&-aTVe~%OcZq85uCDPr4eZrJi
z76`>+HDAVRTES61-P8B|O3>@{A?0ho+UCgqw`|pmMcvwOjYp$S=^au-dZAA<8pe_g
z>ATi#1vq2Rkdw*0l4d{L7TED73@ThkXv2W^EkY|6vYA|nGa07r8;smvA+H1E$%Gu4
zT_#0#h#+K}S}Qb{w-B1H@Og_}s!6H_+=2yS^FO_60A(8V07MaYewy8ZTMyQ2pg$}t
zqtnoGUfQ^<9r?S(`psRyAc~^;EfMMpb403JeASLzMLr>x9QPG{=_I47{XcD;m0n={
zIihf^!4GC*hThN^E_ZOoiW}rAh&N8s`3mfeti~J@nZjg>5@|{-xm?>EUKVZHADw&r
zjX0Q|(N6O-F1#3O^SLrug=~elx^a!n&PXy5_LDhtAU#%p<fpiTomm~P#pyR5FzIfY
zT3ziI*>O(RfViT8_Vl<`KgC%NWS`XXNAhN!P#-ee$lE)~+xmi!D2FTqJRcL`)VB8>
z_^F++jJ0_k1lSuk4MO%uMrmvb-6PhOz#hS(vli9a_jnB1^2s<oy0E_ho}d@}1(%+n
zcrOj{FZHRQo(4{$s;8}jf<HuK|B|garr>W129;^)I1MY+O0HB-rBV@CsYkSx>M2)h
z;U`$Br`=Qv-2{2Cr0hnD1A3I7DRR4h*2g#PcH0C}@s)K`J-HQ8cZJ7(=?o65d3~l(
zV%}F!Lp;M)U#pGJvdhRJw}0*|SkvrOz>qH02obb9l(R_i^AwSZ1hP$gMrSW}C|_%*
zDvSPQtfPBz9dC;MT<Sz4qT~o!w97MqRRK40pvxt6aG#q@LCt~Bg71R}H%&<@q`8P*
ze{kg(U<)9_16bxUh-H3dK%w6S^uxQHbz1b`gZD-$APp=$)LAai_C1=^k@}}P)Jr-?
zl^`I!X>Vqh*Y-38^lx9gj-x0_-N=Wmr>`SoV^#f?a}EXRsBe1+U|VmcMkulu^UPy-
zE6^HpC);vtgKSw!so5>Cqw&56gUd9YiOTsa-}DgNe$(%qGDbTUGx-3iIr*5at?eOO
zJ)4iM4*LwDS!N?gnyr{Z2}j;7XEAcl|Jj+9q|bkiIX1c*@!4lPu}WrHu#)C)_#1@u
zIrpvK>(#4j{ocd9yw>j>?(^XKz2hA<`n`djA4I>`wDSY%_r`bdVrkYn^Wgfu1E+DC
ze)tu4-uqYd_Y)&|{XJ@(+tJ}VCk>0NQg0s-`Jj4xsn<W!+h1<4(c7nXdJw&R`%Vw2
zx4+WypXu$R+j%iz{y6#IdizBual&M*Qt=n4UckOD&t88*eM=?TWAs173x$5u7+_UV
zw}a~edE^wp2@iulZg~?JO}Aeo;%QkI8URl{C(WxzL{Rc~7WwP?{G9~a2i`QPx(M6M
zD-@sUM)db7u)~xZ`;Z~GGzhjOF!=+{dS|7EzZ0g0d?I#6*8uogL}t^pn`n2}Aeg<X
zFQ`RL2e+FdFYEIglHaiwYpi~4$M(_swcD@zRrAX_sb72Gx?dx|?5<*2iLvhjfn;~p
zkrK^?sS+40_ew3FIHNGCvY_~lX||aT=i8!z`*UyAnApR^yS3=M`q^d_8ld_^ek0ot
z0Bh!!e42Z+@x(3;uT-b6Os&Pp+y2J2wqt;`4wOVb_?YJp{(evS;F({^2X|3m#7Yz+
zQzf(Rcquu){6(pbqGCmvL14U2hI7>sYDy!;eF;+})&ZX*6bu^;<g5oA#1Za0fDR{J
z>z1EQmWuF;w(g*>gXKuJ`X_(wEbo5MDl#Qe_)|tPyC)qsa&jd@<=0Wnt4ztdsJ6Pd
zj=h~MfdN;q<noE1;UF!rtzfMbEy+@;pMl8|0eA`<MGZ8!LNVr|vB3ePUP0=3#`f$T
zsxR0n;H0r{6MJPy6CO>BJexI{DkJ;p*Vb+&=G{!mIti5kS)*WQ&Q5S0ZncNC$hLue
zA~Evs36D_YUd?>zm)koiCA%gmnUtA*#YQ;ARdc(O*%8218elvMB05tmI?Gk*xie(H
zPlmjPPI=Lg*IWOlg|Ze%)SU&&hh$2rB~Ubhv_?*E`<{{epOdcZ<3tG6id9eedX%hp
z0rz@XI=Pd4Y_nL@=ha~9qxcm0LqP(rgcnQSw|G==bUvhViuo6mo=$(>LqI&aybGDY
z8EEcoY7-9{XR4byC;bR$M1_9A*zL6;>5E;^5W<7k2IQ9P&%Ie=VlUVd0`Y)aC+1T)
zpaSN+M(jXCprXO>_?L8cLI+xgjdXyoW*%#B-LjiH^;iq+u}li)7vhuZ>;hVkCc1S2
zU4<^7OLvgoTdc`hhB-5LKo7BxV9$|OH~1NCLjt6lKVuIrS;0Z;R2;&@q7^-~crA$T
z5Bur$cwK-#zoi;-qwv*GvShQyp$W;8!8+Nt2K!A!{2aJ5sExbx-S04ROpqK0U0Th&
zu><6na+G}^#BS(s158IM7Sto1Zp$<kz8Z*M)U|j2MW$`|Ce7^d#oqVx#ZSj~aGvvt
zj@}a4NzmQXwtY_b)Zwt{J@ynR#{HK(6+_QC;(AoL{Iy|uO|k`sTrH=v@}in;;RGEd
zxR?dCXrg;Cnu*E*^P^J2sx$14*p(S}8MAc~5Ike2*p)4n5%)bP8w=e$fMfs8GG#&p
zN~c-klx6PlvNCWQ=-2w^rlkt`#rphE9mC7F83Y<Xjr`udsS&jtxA~ch;we-MEk2I!
zP!#YP7V2Np(lB{2d2RF}D*43+0nCfJuvcQ?M2Qq(?)9pa-2h-^2cf_$O}|`jFDTB6
zF&DP6jZPKdnhSKPs74|Od7$z6;;J1qZR=G%&j~Sn3$<@NCT-J`0U|}T=6HdBkB?DV
zWngB2e@V@!bYP1sgG0X>elNx2IWm%sMIGtlHZm6N>0=)gsi{=^Vkbb`&fi9M)y*K5
zN;5&#3^0!VQMwcqmGy!C!8(ipl|+6A=+wwi7X%g=iu~Tseg~1?YuN8VP=VJ)z67w;
z<f#roXX`1t9>lZRDeb5QzxsSLDis{Vza@X9G*T_Ak%rVP1vTEXqj1pcGavG5T<k=L
zdBkTu1nRTa=M6}{dI6LBlVn>%ngJvI@jjFY9%a;|6KAlbAd&?4H*yG{8`9%eI&*44
z?%a)y;03TTHx+h=_X3Z~oQ+-S#0n1le>n4r3UFZFFs8L|Obfn>SI0C8);k^82IE{T
z^%^|0o^;34Aiwc5a^KopIqs`0w)uN;HH9td;c&l%_lsoXxNVkU!#|`Jl-(9?HPK#b
zzqvEuw6{{`V2vZ4ojtaqY$l8#1iISr>r#UfSl)nb-z=pp%JBHh<I-eA*(XFxEhipU
z3oC7)3@oqDtlJ(Ndl1bwTW%qnP^pTY4c{(}YA)D5;cN>(+JkNHvKa1Poz4qwztWx;
zmaJ0F3mqZo>*Wjdys)w(o)<O-;CW%RKb{w!^>=$-Fj)?p;Kt;(iN(?@ile87ynDX-
zH+R84MiPjuShvLLBNjERzdBwZf_^;@a`nEwid-E<<Z5<`Fh^ST1$A|RHABie;g@&9
zNPZ2`m7Mph@e^s``c<^xnjQ*%)qTO>Q$UJ)T$gu355@YFoUc|?dnT#yh*ecqxP|+2
zi&(inc_;dk!WvXv*nvH63d?@hlvj3_EL2}pp4~_P*5`l^{t|a`=vV3&1g~0u)1D}l
z^rm*#>BC&7Yd;qWY%0&L)91H=L4~w}a33}tRv&Xwn;!p(7l<I<v6Z<nM*_d8UO5h}
zyC+@S?W%R`Y@sjk_i;VGP;6@t#V+t%>@l5YbUV&67iN;8O3l489g4ax4fI^p&#?P)
zZ_B5;S~_+LzAouW3D(;J-!;v?th#HC?(+CyAI;Qfg}H4-q36QR2-;RSyq&1NUFsLm
z$MNl(p5NAcdRsos1ZX0NvALH?PQT^k^lSTFNy>rg7(u7$sk_`X<<igIbDdt3PtSyO
zz$*0RYObH|N2Wdvs9hCdLsFQvsTU=d10h7)w#gf@y$m<v_do6-`%i<kk7~TzPUmxA
z=ivvXXAF&0FXI5|*6+arcjo#_nnc6T1MAm+(8PIDt&P$$e1z_+ttvcjH3x8CUGoF(
ztICV=*4nEKx0gd7ankGj_nWZOPBWIh=A#~}Jv-eSEEOh;UB5QLN56JQ(ZK6@w|pj~
zMqf|R1?dasl27!ml^qO{Ppvf&%`z$w0tAzNsCY%ZAie+J&QxeihMAxHhOeNX(SiKj
z90l^*PoR>8Ll@j2S<aL5tn~D2;2c0G@^046evy6TdqH`*JG=~GWuzkKmuns*FTbp#
zH5v&uirfh}hgn1LbHkk9NUlcSfS@$=OWCimuUr=7ue5c3XWMj$sjf7_-<jg-Cxqgh
zAXA(=?L?9KF>{VUiV|mvy`K?^&lHMJohkm9#@s4srE{Lc3cu=1cx@S3jl(eeY3J;D
z2f<?lvm>0dx4%oWn`3rk=j`RH1WwYV8qx-~`nEt@T`eXOTSss0LDBb#4|+J-vru{G
zYaJa31I)I2J9^ij&_KVoc)dW59Qw~n^mB_9;b+-WMfmv^grBRYsPNNc845po%F544
z&)*55e^c&+Xxue4`nIG*%N9ihGSi#Ef}PpH<QQfb*S9gv4Tk@TH>{%N02*QR6%X7L
zbtPuq6>4I$*K9dxw(OK3JRh932AWFF`q~;hw2y4X0c0z#%<956i{AxQd!IEIjse3z
zzr@0}^o+G#N^RAP^jK^sA<;6rQ-E!o3l(DCYk@*m6Uw6pINAU0#$LA0=k3!t`>z|)
zy`WwgD1Z#hZ_?K~ut6x-oEJ1UP1Wh0Kth06mVkDRq?rvx{f~QZ91zP&feVR;E?IB(
zxnci*n0peiCXc4yK#+J~;*DA>R&2o&6cM}%2>1pQrD|L1iS@#IYfx$x(LigAscp6Q
zWn1li*lMlyDu{?jJ!{ooR&CWc#`{3L$iFkY@0A2d?bqk|zvuZXd3W}jo!On8nVl*2
zVIQ%c%b>{R?ZM=>X|l({=$;Ad!QOb&yJr~$M}PKBxO*P=ynFI?B8X4K*ntrkY1i8s
zW^i~|rJgWgJONh<h;=wMr2feys<@(oSd6X8z#FC^c*6`1PZ+1SY#paRa<t$#P)uSL
zXtH@5ZAXM%Eqj1-O31+zNo2UUK;cKem$38TYO;RQUuMlUW2<W>+i_S=Q~abLF1sB>
zK%7Zh3erIha&b8;aK|sXp`}HNmdMS;?C9ej*XpRPIQtt?nv7#9qTVvu&5fGFnB2;`
z6`w?fB1Dw4HyR$%z5za^ANIIGZlc@1(YOMl55hRC+cK0HsAYdZkNgpKJ#QaLMmS%_
z?M`Enli;=}?<B$MR&T6gZZvXcMHhnaD<U(D25M<_6a9;7l5eK)D1~!TCLVGiL75BO
zREKSXmC(0D{9QL|_8M(>jjbvm*h<mg+WzqXSwN=0JzHltHEMo0Li%IG6Xc66Jce3~
zXGFIjd?-$u$=*P*0-i?gk0&utBfP?8CmS_IMr)A)3EB?hC6Hmxe()F?=w0f+RRypD
zSwG&|Gmx_wB;TSxT<=8}x<YsjVZh%(sYxUqlkKEO<ad?7<m}scm0o{o1fjUVp~Xu7
z+23w+UisomZ=(o0)Hz~D75<fq5bW~}!m`gH$6Tq<?|V=KY%|((4Z?i(?Q#58A}aO3
zN$c;s5QsfDjCXWs@m?y8`FlaA7=9f*2_s-bA{Xd}34E#c0M*4!I-pa8t{~iSz<?1O
z9X*S{m4?bT$3F5_dg}|m)=<+t?fa~dbr*hjShGUvcbyiU6V?6d{qJ|2&wl$e{aX1U
zx7);guVHtIxB+^aZBX<F7G2yDz=}e!h+rzD4H?~rm7M7PD71#~lCavS|8l2?`4gXh
zaQ(g>z9~P}@x$miemi(ira<Ha)|VrsJB;TAc|6Mk=;WFoQaRS%w?<0+asa6=<Rz#$
zRjxQBfD;>cr|a01Alko|UE;g5BfS-^@8ieH6|D^_L`7@#*W~u3^~%omlmuV^fT0x%
zCz0&>WSh($0?|>&p#JBDDqJ`cOUTJcc9R3HNQJ>;=q4(_UR{dvEosW~Ev8Ta&=2K_
zL%~~$*+c#Vta6EW%m#$-dY9mhdFeUfrp)}QgNby@qeGDU__!A&_+FdeMPID*<evg~
zJiX6$kWli=ommTip~S)JXZWaphSsmQLS4T-tN#J3FO9DetgG01fhf<&<!^5y<qxs)
zvEJo6sGr2jQ^ayl|9%<1Il#AK@Qq}6wLC@h8(YsMz@cnA0@Z1@adI+!w*qSS_zo2R
zme#zj2H6vTe+n{}Lqdq4=@ao!vNdB$_b^vI-mwv#794}aBZLPgK=Ck4K^vvv*K-<z
zLk*_^=4+~7N0@FA5(=m)L4AwVZn9m8-U;!%{{FiS=U1+H!UhR6dok>sEygNRx@Tt5
zEbFg1D#@piAzFGsz5)5_ohCg{H!TV`c<`fyv+^a7aLWCbaP}FCE|OEYv}y^5N;Yx7
zct|!kP_l_vNH)p(BbQQ$^p?wH8@P_zt_l|#Q`x5MD70`4uc>4^RL}$XUY<5<?hyH=
zpF=x_2sb56xS2(oDv^bo)<>vt^O>S4g6Z@`B2SM?ZgnZqw%xaUa|FGBJ>;7>wS04U
z+ciJs8+%`Ek5sMxEivD$`ursFD0>Ofa1XwO*z6nuFComfTm#w96ZQ2{L*YN+iPj%5
z4R)gb-P9N(BrpM$c%pT_maeM)`C@Q5-y+6Ui9Sz=E(J~U9`e5})ND@;Gg=FEW*hm}
zU1BCDwQ+P`ElsCXqIVcDJl)7RUgI+NNR7z;5oy|Fk26P>E2Aut3w75(n$WeVBG729
z(4g>+QI?{3+hsofivHQ9AX{lJ>8&qOdEJDX2{Pm`eg4bH3@p$~pTiyS<q7Pz{cQJL
zGZz%*HlVp7OoU$V`}vX^%gm4#7p~P?f9Sx`FPh^p9q?o{m~G=iVO}ugFbJYzw53MK
zXmQp-AB_VrqJ>lN@4f0l6-*>wQ=<Q7L!enCT#F?XKy0ZDJlBg&k+<Q_SyUcKt|0rZ
zS02_J<gHh7$yOCy0jIhfn>CR`vGhrBw7(74Wc?BduVZ$M*ClS&q1<`O1RP6_4p%hU
zU&R@p71|!Ugd|5=xM{LQLy#B<Ty9)&7X*EM{x;kSf9dDAuhRf~OedqgNuoVf+apOk
zcO$%Lu>C^*oJVdXPLKVx9&dkyEK^ZAfL?N~G&=fHk(Q6Yq|cv=W4evVbhU%?;a5}S
zEk5!H<{yP~|0fuhg$;`cOMRfCr7xcU#U}fBa-{1M3A(gB618)Q)Z2s&<skVN+Vkjt
zqtSXX&lvB<9<$rak5J$qn-cBDoNBJ=^7w1u6*k^&Ib^gCC?|I+d%Bhktj8nTc_+!g
zUgt+$-roNbL|h{fq`xihLSSrzEinr8OW*=RZPG02zO|Ha!H@F>@b-+jq`bL30%}`+
z>+gu^0kY22_$Hvq*$sdHbkXh3FU<ZSsVupNMwk5^zy@+TU(wVE275vj*=?5DoYoU9
zv)>>D<RRTSdMym>!wHkLm)){z0?!V69F4wqa#IHyPDjw~1ai6|taz>)i1DwV0x_N(
z<9$PU&}un%xZQ(T62C7tb)b^_p&iu!9t#{nW5qi2Luu>z6j1nl2YX62lYAibH;BF&
z!?yy$0F-5p4lP#S4|w}5gU~>$VP$H3JNkwed+1ZbAUg<sX*H0uj8F-#TA%5!Hopi8
zl;iC659kMk1_9N-IQ(iOzM%`F>c(n-7jC2&NPAZ40ZYeAj-oyU>3KQzIm=K##(U&d
zny%|1CS{M)R6p2&e=^vgH_*YpUEtyGq4NKH4fRbHaM^N8?vx35J;*?BP3C6K94JcZ
zyB?eauFy0c&D8q%hEANx(RKP2Bi@^GKo=i4@VZ;{Dpp;SYT=Gyss5T2COrHGy(WdJ
zu1ViFrPs4C*j{>;5?Xh3-LNQC?s^eypT4@T<A2xNUia1Ypr$nQ-D9Qncn>w&A2$HC
zb^QR&Kn2wfr+Ep$H%0Q*j{p*gV<b>(DSa6jMu`?06GpnPAQ?ol%T^dVetO0~THgW3
zaBw>#xN5ta@Uqy|LsD1QD*Whb>3aI+psL1Wq{fX><FESDcxPzb5z?F0&)Lw0qi@DS
zfpEuMbGsAs=ErdBAt5l$siRNcPqwD<SRtf4{G(6afpyXTe2w}BR5jSX(qKC?&O3M4
zkD)&IUG;cqDK*_x!oyO38gJ`I<I~?yW{n3+jd%8^@jdIRZ~XJPG}d^4)cDVL{Ahd{
zHVz9WJ}7mBbY3nl=K_Y|H?CB_F1gD^<h5tD2KzIBi{EzOkVy3T3ptSiGsyp+0aH%Y
zog_~9@on_3=)}G?`XrST){}412gy;md@G@+PS|(Ih~<o)th-`db;yS%<im!p9CaMa
zkqC45WekHiMw;g!HsWtC!>KzrJc~%#kR9u7j%LS#=%bD{i<V<jrA`-2a(1jzF?*W&
zeXQ+*aN69C+al4Cm|E$Qu!SXQ3lo!`)urM?R*$Txx!YVFXqd{%Jy_PFGriDvMJLWx
z0*`mHFdYd_?U-<>5T|xynK(7}noJ;9BR56vv{3Zo{TtD;30?Gs_&YEt=C9BEa!{ih
zA$sp)x<p4%ZNM4x-lxs+<p1g9E<J-M0$wJMdW5}vI}N!*22Ln%zH4FxWV;VT`MFFm
zM7HBhk(ZzegND8^21h{XB?0f&*vqA{Y1j+Tw0P5yupo0hy-Y8ml^wK_FtlGgIJ<)R
zWcdI&Go0g40YWBhkmfnvUEMsJ(h<~L_V4By5#i4~b^mOhGt+RME&D3w=^j?eLD|6H
zgL0bi=1cUToTfS`AFi*!m9n5mefnHgq`A3UkmhQ>B+}e)MsuSt;GGCyGAK+R3FZ+7
z^RNsPLt&;%FasD&a~WoJLs*Xi2J6#sUpS|MV8l%9F*z~~DbZ!F2Naq{DL0Q6@|8jM
z9>;q0!FW2(>}cQ8XrI(l$K;R;!r))Xd1be>)S3vntl+4a&=PQNLrZ$l_G#4DPzMfs
zVIUZ8v4{-LI~wV5;2}CqUn1EHCP&C5@<FKRPv6*O0WMdFxMc6_;xFn8FtvxgA&@U$
zb1Z4%1)<QyabRU|3m<MlwXy92sB(TePIbn18mSgHm<o3~M!gS%(M7OLT7Ffp;iN~#
zpjw+8lg0_(l!-euj!>UpR6#d-pIdeE>JFUqT^e{)|FaK0?X5%bF;@QARTWl{&RM@y
zkG_>_k+y~TZ+7CGcfB;WcPl6i?sY=}#znqZpPoxr{Xk7%B>Mb#i=@kPXuI(nM$H^M
za>}U5WBKU){07U%pEb^J@!NV{a|_=K?<eBCp1*P0Xxq=1ZbeDiK2Qgb+2Q50F}e^!
zRO2h+e0(-#BL9LXL$a+<rTgO7Pna@hYz{1&rku2gx-i;&5cxTds>VR#2DXmg$`oqQ
zER9aFJY3+acs-AGr)l6STt?${k4i94yb#yVp4?u{8-PSh)r@anp_@kzIUCp1Cl|~*
zebi!mgt#SOj7~?_=LryB{my`o3yul7&-;?14+qmt?Ko+2fFq_obpfp*j?VU{l+~c(
zvOK)Sdk8~>Bv&%L5IVfEds6)w9!U5n9lpjkfQ-#-j}<$8I-hj<T4gw4oes|Tqf^*#
zzxtvR6__?WPj@FOS~x<MJx{us?sUt^ge8H=H$&Ev>jOicg!-+n`XMrH`n&_z$2zw?
z?0}g;5Xs<_(ORNSiT)cRRY3d#5B;Bgczg52YZ+;dm@aS<;#u<0&u({;-O@#i=Z+AU
z0^8im@T0gHeU30D`#b?uG}FxXaRLk^gC3W@X0slrgrcBz6Y`U0_JjChk6th1U}9iU
zfmzWPaq#FK28&Pp_wq#->cF+X%O>PKc%k3w$W{GREj-3wf~+)7Z`mQfske+!>xb#v
z{Da1#lR;_Lo(6q(v{AFwOxW9OZ^mz&I%VwCaU(~MGDiPKz6J9e#eKpU{j0g=uhbl@
ze9`|o*m1{fO~N<)J4k=o%@ptVoueQ;ghKxTFQx2jakCKmm(iI<z^gz)VH&h4IvTz0
zCa1P-um;jlXdn%tCe#BVA{M%=#eIU{C50Sr*m$eMfQo2D#WV#fic*MRJkUe_1bpl;
zYAzdF9WWN10DS0zvcrs;BD3A7OR?A62-{a;^sg!Ubw+KX^>R*1%>$MxDGnZ{UzB3o
zk-ZtFKemWYzc2-q<R;BA9>Zl68=RBfs`xxGb=c5^LDxN|9z>`9{Dgku)W>KbGLt40
zV~U&YTVQ`T_t=8wnQnNj8g0SksEsSXLJqjTV58Yg|0G>M3(#SBR5|ZM>lm;z;q`SO
zqnK@X&5_sn^~WV`b%{Pdx)v0iGZx(mGFtCwP;U>~>h@t$K=MF7eh;tj>jdWyeUg(e
zIu!)bgg^X&x*Wln(rnsx#-hK2$Y|cZamAfxOKuG#Yh8|iw=)=RznkMLEa~K5lkJk;
z!099DS<haQa{37IcRg*m5tKb-JrfKf_wY786mwfbs+nzJ<RA$%#g}KV1D_rpr~!9=
z+yN4>gdy6Dws+`!KSXgt<02n0lm%V}7+0C>l$k}zb2}A8RYt7*@b`eu)=@E+nzERT
z0<ujDdY2&!_{ic^jvh9KU2VvI@+^~MjvH;bf<A3p)$C$rA9YX&o%B8h*P+%h2226T
z?nmv6?rp}=DI8?ISrP@g>ZcG{<M|&!)`*Z~4G1^jdWaNcV?m^{V2dk4b&GnNo*vp|
z<O=nos$@AWIZFg$*CLs|*}d_n(l%UmyLy0nSO2s-&k6m``?0H^{;&hLp}(R#@nE^K
zh#U-|e@P;6$QrkM!{h41r-hBcTstYjIKLq<6Vxz|0L*@XvD0%~mX7CwWV~eg4T9U*
z1cjY<`w;G0;KvyGV;7Zh2jYT$sq=<HY+Lyv5!;U3@D%Mvl`CNK0A@fr9k_U*u!mAn
zmHf$tNq-hR$Wcv!r776F7m2robS=FlTt7i?xYqS7RY{{DR7^B<h>$asi@E)TgsqKV
zSFhekbcpJWaCR%ncKNZYhE+i2_*9W5cUO!scN8R2Ax+}REyo)&*>lo`@5l-oHGdNR
zgE&}3<X`s<S_JU1r%-bZH4hvBC^u%E$wGbZ=tUUF0xvs1&i&T9K9Ax8EKsaBlcP=A
zo)Hl2%k>c2C!wL&R#W5|-6f<As3avb-7{|>84*u*t(IYVPY>d<f5YyCMxG;V_?KdY
zk2~Q9+(sZRCtu*k-N~{{sQ91*=UO5y!~AV+#OqPj3vkLVE<jzj0N0%U=s!Q`z)_sD
z%o-NlT0&OYRZ1>#III7ZsAAPu)l<a@X;6`DP$T^r)UEe@QU#7McM81t`Yk2eEz`ra
zOe5s$E)%})4c9@6|Cd)Iy6J^*$3c7th8IG*0`Bw(B9N0`cn>aBlE@N?ME1>nUz+;$
zt;*fa_k1%KdoIFM!H@aYdcT8=Vuv67%<Rf5^_iqrus{90|6cW~QcD|ARf<X&RF!^u
z#*fBR-s>R6slw<vAFwkw2hLhx8FE4!d<M}8b2U-Q<L(jy8LEh>a~^|!vY0x@tBk3$
z6-YB}i5yesYZ!2j7@5pt%rCCMP!eDyQdlDGFTiLE4(gvj4e!|OJkL)!2+U6Jn*=A(
zVR`char*qt@J@gxlHlX7WS??=dk3%oh7vdo(&RxJ$;aE<;NuhW#|-lEG=9vIKaM9K
z58y|O{BfrGh&XXdaYPKalOtl^DbHgh?z93X9$+3k?FrNCJoWn;FN6X>$Mc>5UC%2T
zxwe?Vw8k&Jj-E>5gsrD9xm^uh54ggdrI5bh7XsxxgalbkuT7&~A%a2>a|NS1M(0of
zeHH%m3H$_qKIgk!71<Bam)<qsHP7{ovoX|z@N~{P@Sk*z)LEEt?F4<akt5t%at*zL
z7Eb8KIoneh%Iui)K&tW0=VFZ=tVTMi;cDoF`-KzoJ324Ge^#(c$O8KOE*eoI<%11+
zzeD2*<p>tm=AA4uiVtB9Lm3_rohdI9+?b?hEe}-Mr0Z>RBn09dM9m%Tp+4*3jjV3+
zq|Ptz#0GHHPK%!*#jXgNB-s__igVoucJZGdzT$SZXCp#gQ-ibQOAFRej<A+h?@3#C
zb(Y6k`7ZGA+jRQVgt0gdcAd_U1~r1UdU|{}&ddL2!8yEO+pc<ea^|4DR@$&K<?u+5
zvruUEiI_(aU%615twH$UEwI`4+I)!GY%{=^Iw0mc-oY|`7;NWOuTwDy&(HOKx~eZ|
z9D<u?^8&j6XHZKYoZm;)8jmPz4p>gW^@m0iHJBV7?i@04>Qr57d&wE_$Bk*nZD}Qn
ztc_0PgQu<&QY<ft<Kz*U;%|r+lPIv5Y<0D*&SHY`{huSmxP#%4NA+>;d`ztKx2vV6
zzZ4OuMki{G*6rkk+%_)*w8ee$=5`C@a{e}JZeRvNKy`RG@i2}Obf2KyKo8>{yWub{
z#lzT*-n0gzJ(&Crge?xi^%~V?ev8`7tzO#9&ioIuHnW`nLDps-;UQY5sLfO>7{x%R
zu)|cXV1$hV4lCPRcy_rS7^gU&q*2n#L5bc`w<a8R(-X`S?}8$-w^9*lpm)QD$EYqO
z0|H-Gkp0uzQ9+BIT1Z_*k{=p3nuPnbQ2w+ps?_N?uAf8O8=@BwY)d&+&q&(Gyg%eI
z)%l)WfR=W;?lx|cFzYosrVl*6-cKc@K^X3HXbVw6`Z-Dq)bvenVq_p8?G}=Or2Z^3
zP9N*s-k{CfS_9@&hs>u)8+{N0X{|sRV|sg7Q@rC(yp=J)(Z2U)pm9Q!y#s3N^LHZ?
zT@;ENHo+hd8`<yHyTM;cU+@|E-KQ+Mw??NgfRhO7!E3W+C;(vu@WfC)J~2$6pNDw+
z8|*0IN`8=_?8Y!YvWPFb8EA?>F)OjZz2|W=5n8&En^{0@%OS8-^u%FUcEH~&cA?AE
zCV1wi%l<aHkUn&Ky)aR;-SuIz?Yg`cihSR|QR`MI>>bWh%27aUU>2EBNQ1~^=tG;~
z8iL51#oLZR_)pLwzQ!>fA_Vl*c1Oh-P`pZq_z2yfuO{j@6@e<h)g=?5f;4N-1N!WU
z{*HzRm;%wbMN}Y~qpyMj(Hwme)rMfPPIM%KbLoymTT%A6pf~IArTF|KyOC09I8A)-
zLFti5lE9=w?i)1dW~S;5f}`tXS2CqQapQE%q7>+A?73fw3F15{vv^h~)yAnWXb5*@
z`)7FG_xOy)cqZ2~OM6ge5UDu@tdg60fzNRYXt*Bfjeko1(asvE7ygWHGcFS(02K9Y
zm;f+582nBDG#0so;JvrWRu1~M{tj{ll=N-nW@^&+Jz>(6oAgO1K(7Wt=VCwaKtolK
zff#Mt`;A3sK;PDh45ptgxi^fanEY+DCEt(fKjY6^Qq6Gp6j0wrW|^or1f#AE|E?Eo
zv=8vDW&>SfDQemHcp<ycTyP#D<N@h}w(X)Y^kvYtm4=yYYhFVXq2sn$bDDe*6>V|g
zFU@aHCda?pFT5W3g@=lM;pjfLC0aVx9?KOqY1`NN>mANE33`Ok<AlomHWoW1)Kd#3
zPDj1emRO9n%~tvF$t&V25B=+kdX*b!l<}9@dK+yQ%#jzA`ql0F{DdID&sDzYb`Wp9
zt-%MG`-xCOu6my9&1;S-*E{u78bifFvrc#8i~fT3e)uG4dy`w@dXvA&+IJ)CT|w4c
zTBQDFaF-RNM*wvF6Uh44VCzr*u2;io@9%s4Qz4<ZYW?ZDk6s4rzMZW5M!N26=(?XF
zA23`YIV-`?u{|HdMSCoKA}l;FE_?zme6Y0ek<W??zh|xA&jPARMz-c9>LJ);O&gA?
zS?s|mV$idKcW;GjA+|nR!^dwG5h(Au`X%o|tX(s?llA%z?qm%VdQ<(<1E6j72%C%H
zx=^OtHjmtwzPt^#01yA$KZTFKp_lwBh!khZPDKI{GUfihoDg>OiW^keaBPYx;U?Xn
z(yvb(eDz`n&Y5-tZ>4kA`OsUA#gEbQ$0+4|P{7bH{qBZ1sf$GXb$;xnw2Uqn0rmpG
z1Lbr`IaTCFe0z?V8!?F?rO%No)h8%C_5#&mMCIkgfG27-z08q%iD$k1aoCSua$caM
z!+ot>C*NKCe4m&ilC799$Db}5y+ECrqtO53E%fcEF-N>Vh&XxpM>qO`XQ4{vZMM5+
zKtSTmO7$s*|FJ&h)*KIgN(P3(_Vj;PipmtY!Koju1+1+)wp8&Ik$7Gt9XZ$H&tBO-
z6A^jjVR${>YXbZ|i2Usebv1T1bdAPaz4IY@wRdVY()}D5qJc)d5cxp+JI~V#YKCxV
zF1?8kdxG50e+L=AjuVnxyMmm1IY~=k5Z)^2#A>|HYP5wKs2*6wG4%lII9$=Lr{HQm
zCkhUXQej4v^i;_pJX(Np4e5Ow_DA7^U$407SxIT7N2P;yIy!K0YsaP%gr~aPc4OdU
zmku8okS5>_$o=vy3Wt038Fv5AkkkVi!ZG%7T!wi6_IzLVC_ERVDMCg?Qumr0Lf<#h
zDIUemp@}1gJ7;ai6ab#@cQR;AW9c@UX=WQ{N{?b5;+U(4r$=yK#ZCR@61=H5D4{oX
zygsf9r?;cHd%dauJ;~R_!x<#K#{BCwWV%DMDAPrWRwH584yvgqFh5Wj-E0wN1%vr;
zhkQQ~UueKo({sn*1>wBXUJ-|fBp3pOx)CBuuf49g6F;=c^G-ZXT1_ebJG{l%MlRiZ
z=6+_)fy*&?LgAYkFp&TzS)3@3{K5$dyj>e1UH{zD^>4vGj@yzf9m2(kiIBk0QaQ7&
zTv*mlrC7KKk?6Ovk<8_-C2?RwdC%2}uz1VWRYpK5rNOqoAp*B+V`5%z4DMp-mci&c
z#)w0;sm_}v?%RnB;cX81v8fg=ru#PkSsSj>wns~Ciz$wF?)RhZF^fBhl=I0e)DhNa
z^AAhS$FSy~@~8PA7`g{R<z_KjQt5+K^t7doNKY$YRnXIs?>*@$%MW_`^4{o)3T`ob
z2r)I6h-q>*5>vwYBqXL;ZT%pol}Jnnzwn2c##;O)rV5LvsBv_!A1g9*QHRQj=)BbC
zqpZz*f7)!hh!W^WA6G%3)`p%EMT9?X7e6NvsBU=`1iDBX`Y@6H_xMBq&(Yin2`GxZ
z#6*!O5Jlpu5Jl?zd--F|3=jDO!-eyn`Cp&K*Fza<;iKTQs)dhBH^mIj4M{J~6Cm$<
zMD3-BnO`Yl`aLVAU0z_JhilD8x)Eu@Wpwp*rI2=7xgM6pfd2EuRLFxF@bBr}sDVOp
zct;7btaMAdD*tgy_W7f9Dc+T@_!C0#ON9SROX(pDu6aFuzS8=227RR^?o@@luT=X=
zYghr0neX;?K1tgX-=0kKqrEx>^2S$LyW`n7?`Q3X`qA#%e9CG)SGB2hyd7D)HN^Sv
z@?-w_%JBlbMIRJOLumv1R#x8G^HY<tGj{702Kmw1MQi2A9%kr^?TMR2pdanMTSa?y
zMyVHX&CcrE8(@|8oaIYl&+*;#o@un{zO3mCKbpR_&=b#Sk`{(Fp>2%$pmJ0XY|LYS
zqIq1{QGI{;3oA#>qip;-*4}G=v=_5bLe109SB{!M)-+3RC-m~8>0cI9&oVow(so5p
zgj1zg@JI-&uJO4GI!KA{a>u8@yZOJp<&TR@{^;F8lt03kD&&vHzxI?rG8OX2Hd+2C
zK~J2|*g0+q53{73Y%xA(RD;ck39Lec(&{nwRURyY@Ahs_q3xxy_KLSx-`>b7+N<>|
zZI4CD7H0a<o<5ImQm?LPQ)#=FI%+;|?nk@d%@=cL${8~5b2Vf4XCHCk{CIIYdOjU%
zyEKmji+pR6=IcCKa1I<_jkaqZ_FPQdnkA`IR5=&Hq#LKc9{!q(k8iK7qu0YMaP@h%
zF})s6ySJCO2BBnxuj?UKj~ZCwz^b-&F<$;2oI>TLEPT2L%GpmgfIApy;x)<CH7lwL
z1yO@3qP*3L)qi4}AM)0<c~sLCCs}0Yq2H4$%F}<HxiLw=;Ljwz=_#F;YO+s{OU#>l
zKUipunqzE!Wx~RyqJ=h27-v_wOTGSu!d;4B!kr!`+GFolYLDG4+hYZP?XgsCyd3RO
zRoi31X%_;EtVG?XtDW*bLhZSz&t(_@yDT5SRqyBz!?iz=AR2v56R*Uj*^|5Yu+Lfw
zsqHBXUSb?i;)K5p3KH|Q&t@I>%RY++xe6g;m@i^WAje6XL)*pEJ}Y0)kN+T#Y0{gi
zoN%$8uQ4&JY}%WCTV+d!`Wn!-U}lXq(NxIr-1Y4-@SgNLCBY|I=XL>mZ2e#uf1NI}
zJ$5y&#}jCeU61HKo6+A9(~emt%Y=O&xG`i<CYUF)n0b;WDO8vzKjys6llX8$X`UP?
z#`mkvKI!$q!5DqEa{Hv?Mc?+xsY?4~mY8c&I5v+Z1@y2_?%A6xt_AhocFe5AJ}Cis
zu2JhD$~B7r6I=u{^#zXv0ndMqh6`hl&k<Rc?qEa6Vz#Shtt1QOSM*OZ1?ssTCbOxt
z2fh(NGdvWTNt@J=b<P}lPHD*6rq92>4sNXB8D`sQV^KwrBDPI`N6#pwHEW+q-}fd&
z;L|7F1S=)jxpS6EuLZKwY}(ewqSIi_njUr=UI=u7kp{KGzgruOwqwTl^WZcHoDQ!B
zj+tzNBB+&Y&#a-aXZ~}0*0LOG&obKH3a2jysHdArbKA&L{L0wEtbn)zCWd>^_WctJ
zC-PJy%P7&%_4n)WRzQ06c-&~Co?$*rT{7ztOeCUnL*Cp#@NL+K3sws9*WXtgqkF?9
zj`}Poe@fjOJ}19vNEVunf`(<$FIvt~_l7vxy<q{zRyq2&==13E0`%@KmceBI20s3m
zSxF{)%u!PhQo#~KB)EXumV?mq5FCkRJN&)n6ZCM{kO;|Fve$rzLoRwaXi8kG5^d)_
zFpTlo;5<5<kLOV`J&<%Cc^yddsq52xX0*S>IE1dGC5~Bl0|~9&g!9+d2gokB1pky7
z#2KmKRQ^{YU+}g+Op)i62K^F!e*KyhW0^*;S2Tn#!hG<>aV1}5E|IMIgzmK+*((~5
z5Bk}XAA|w^u?;Q09Ssn9GyV@5UzRlTMYiuJ$d75Lf!EKMG<^Kg>`f9+%+IDTY2cL!
z4FbBF+Im+YGHu(;nhNrbn)xk|0&gYevE5ERru?+|Qda1iC9=XVulUUh)rw7<EgewC
zN_n}BQZ%CH5wrQ?F@-i?{Sq^1eERX$UPE8^w(u^$<!#~3yCs^dPLAxvIj7&E7G9;l
zp0Hy%wHsDJpg13P&VqgSd9E)fBy11`Lw$aDRd(GYGdpn30BYBL|1}?WUB_!x+jT)V
zxOBc`*KGn*ndW8Jy(j^c5pmghoDC^XHojIR`1Twv3cd*pFPY!_A^6^&(SfV3=?A2y
zA7f1i`P1}@8I(98mbIz2i@OzK7i^`3_t*Q;MXwnh<Qqg@uIQOsc|Tu1sk9eBKi&Q5
z=jZ9wW2yT9vFXmN=|8{oqv<)*K?C6L^`^Bn{`*)bbNuO~(R8{LZ@*amQam?8?4kzi
zqKQ9Ud^1fw54tGP2L)#h+Da=w`aU`|nf1+fF5%5}e)JtXt@`D8^NuHlCHT|yZ&Ryp
zI>GF@@~6J_qv^b<3gRt(rh4M-lPUJYvwr6J(@*GBUn@iPd!``TQ2x^D7w4$}o^>C<
zy02L4NB6H!sUCw*4ijglV@-eHPt(1pP%B9eT1npJq<5!d!lzYXC29OWegE==hrOh-
z<i{^gMwbmx(s<-Qe5q=y$uAegbKzJ9ITv=}&t6;CkX!TTYtdz69sIq5{O#)KYVT^R
zcz<xetcY@gi><RY_;TD2|GCYn963U&a^(1V61BQy3AKk(o5-?m-8koA(uC__C&<OF
zI46iE&SLn_7TUCHkaI2k{EGfW83wE~r9w$v>a?-BuEJ?!#pq6~lMjc`PC9n$CO&5Y
zfk!wd@6~-O9cv^Rt1Ddc-}toNZ8vQ-owa&2wj1ZVUwWp(tUy^p6f0jJE4grF3C-EZ
z4`RE~_{EPKR%@&q=%YzZv3)VDbivNt&b)mf&s(>KMVG1Vx833OlI1Y(-p()BN*^y>
z&KC5q78XYr7Qf)bp5%teiplzQSNQn8VV3b|k(S!)Zx0tR9Ls4TI#>+H(&T9j@J*%n
zv^O!jH%jjisyo?s#hsoZM|wtsbl*^;eSqvd?VSA)ea%WP)<JJQfwtts<e!xMGG3pu
zBhAt9+nzA;>O+1*98b`Huf9@!nD4x&fT)5#rTv{%_m}jK`pfpGKf_brYFd#4NX5>T
zRy;C+>SEuGVY*ml)a=DE%J_|H{~X)TEJD3{A`z&T^>WiOIohlpk}5jooEBDm==R~1
zqsI+$Om%vvppn>A*J0$Jg#7aat(Ow?>q=<KOGm?kAmpc^pz96lPhh@(51I7O=rVF-
zZ@0B!CXYg}dZ4{v{Ung1fxTJayxgI<Zfl0ff%BpOAvafo`YJWl7@taRxhVk{MiqP;
zb*=|rP{u<lMJRiJnGSF2pKTNXMBcuf+-6b&67AXAqSJwVX;J3IH#vLz1vRfHmZfOI
zEPbtoSFPo@XFqJ+8vv(8BTYMQO9M`Hhe)SG8$J|#YmN&?ri*F*l=`>98u7W$5suWZ
zE7gvswI5`)pQuGQMs;lsZkLk53?2fk2o$X|&t@y$3w-~oB0dre1)c6r=V`DFF@zI!
z9*{3A%x+2OfD9#v;8=L^3qNSQ{dh{MYoDX%dF34hC_7ksi`<8zqz?4?gDa%Wh~Ax)
zjwAP>&NTSaOLiakp?UVIgX9-WG4SgQ1SdqVkV|7E0M{b~;8B`sS~&Ksa#p@F4s5^a
znQ>sq=YF8=`dEs#dDV6>)~kb?pZU?j^0D{e&!PKY_;Y-k?vFpmwJ~1)9E!bBpO2X!
zDx2JQV?>{f^8@K=ncayTvC~{rTmj&u$x;&(4i&vIwllE)okV{NioXXc?PBm4pU*O*
zglAY&ft{p7J4zVGK3?ePnLksJ?`R`x_Hse72a==FRt9G;;a=Tws@t=1RJWJ)3f1jB
z%|VJR(5%fsy;{yhJV@b`9!1tK`n)Uj1)rzutRy(L&GFYP-4gTWh6mKP9EDA5#h<9T
z`w{-uVjtOsiDk**q=WUKx|<s=>h3<Vxx8}Cjg#^Xh{sL3*|yDS+r!&_66dl{xNm)T
z4j-VKY?HzxkaSq6K@`XF@JXPg9rWvl{v6AH%3}BO2FPjSZ6>wm=(y|<p5+t~&U^w=
z+!-3L1o#aOtd@`#If`a_D>@zoin1_$J#B#ApdqaVkd{x=Y`nbf7vbBFtGBW~@+6XI
zx`cybzYM9(o}{dOvOVMzRoP2HNoBVEXeOI8plvWbq`^aMZg>Q|uIF%%e+wfZne3aw
zX`;J*Lg_k+)C8U&l?RFxk(!QgXYu~RU@}2-4eo#<$TarG_D>-XL0B+k+gqpt#JFVu
zNT1M4&nQ_$NVZZ@-}mPvi=J|^OujZPvRVPN^~i%51xx4#*oL3<R`D@pIwt3HrnGG7
zG}kg)wglC((L^?<g&A1ua~!=?ahg<-DM-C4UJ&9xr3CT-#FWHID(a+g>N+6b(YyzP
z>Bbc&*go`QzYWjC%hr1JWlOo&R9;sYNhxM^+iunJ*QT}p^Vgj3?vcNq`%uAOw?4iH
z{(5v(_55{t#69uXh7lB73nPKQs>9ckHU8r(ZQVWM>+w|zeC_(^9`My>W%c+f8h%gs
zT0ETMYhZ*w_!{<&|M+V5?LFe_p_K}Jz475a;OqMP)#K~MVfTcuA;T!X9(c%O|7Q71
zBHhL!H>CEhr(d!fl91ST8*PV-kgl_Whuji2)HM}C;t)Qv90fa92ibmbk)~|1hlfKJ
zGcuRg2_S3IpnrZiq>Hki)94q1(!_Y+qS2nK>t~OtaQ|eqXP4&}nrz|WmWY1#p5zNT
z&3ls_yq~>Jh0#{GpG{lg%Jr~6+i8vkgzbDaQ9rc?xLx!IJ5deSBQHSf&@QxImk0!5
z<c_2>+G-eW{dKO+<6eM%6y=r>a{82Gxw+g`zn@)8I<C>rR;Pm5>w#<xX4^U5J_+;7
z;ihMD^o-!GC8Qn^Cg<rOwTICjOPaKn>PVk1qhqp;)i>J7ge>9ZL<lX1F=t;e$Dh($
zOCX0bIrohAI^m>iB0OosT_1q2K^SB!3S&2--UMZ?aOM0lwMqNau;@CSi42OM_!jnK
zE(cmAvx2D@9VzA1nnNyBk=J>f07oq$#JhpK^={zY4BnCAh8&bI6{CBf@qim*NHu+-
zzaxAy2<8M6rwRTqm~E%b@ptC6OLJ%^)A?8+IOyE%23&#t01rIi+DqjrGCm@K>2%qx
z2!bm319y$_=dv61bAWv>dAp7@d74xiOT+cF4>uS5t$)59Ix8^yB{}8XX4_rkf%9ak
z$o=mE^rO!YCNN}77oY)%0cdq=X8+{8fOjaBMxxUEoK!yqCuJmA<7>vEJA^{-1kBTW
zGyo5R$aSxRw-xaRoJRML#slXP%C_s+mDRcfjfG)G+ddQ*Xv7IcexCD4qJTT2^`d6R
zdq7i^hp56W)MUF$P@0=UX6Xt|bF@c%8|mCGkou<hQ}ZG!!#BVy@eLfW<Ky>`-G~rF
z7&Jp@X|E~%uKxLH7@JpI=k{cs_ZSb{MYLj2DMV~PhFDVTg2{H?9DjHIZfCq(d@lu`
zY@~wKNjUf*LATl7b1#whjPXC_o)%|>h#(&c{g~K%R85lk@RiKR<ZC|0_&vGL(%(il
zelqU}-n|D1ii{ruBt!LP3bcusnE#_Q%?;`U`o-Bx72mV!d|Mqq?_Np1t(b@YyL?+a
zCf{qmt=!MLW4^6tC;#hwTWcoLd|N#x{|EWD#y#P0zOAa)=lM@7Tc71^{=4;wm~^k}
zbL<nkKBp)C>-A~y6kVS;C;kWPv;A>@*N5ikTX2rvxo!);KZ~N%-MN^Wl(#=)z}O)n
zLg0Q>0u(G};qVQhOBwOBWFt}D_wcG!lL}!&`lfPJ$LqjI>=sbB4u<&9&bFM%F*D5M
z=oK?4m17>=zoW}!KXvBM`kbHdE<=S$T{<zDLaCfQ$%*4sem%h{rm`%j+Nr#rTFF$J
z;8c43G+mm;%cXbSUejpo|1?&0_MS$z(Q^vfCUT|A!z&#oD75x!INL|;H}@>~_?Z0h
zQS$LDetc5?IEsAy89z>uKTcMwA=g)k@0G^%>clxe@zPU%!2rU9J^=8J7eKsQY~cX_
zXzTU_XzLbR&;USl^3&DXrFGSFwMSni2nqNc--&YtvY!Saho>n%SL9Rul<vN6VrFp%
z`*gi|H!43kpUL;muRA^;HJ3x373rS&bt!+K8OlWSUalOK%CYwnH^8a1nFC)Q2=9*o
z5%6&_@#+V?q~NF-$WtL>l1as<IHqMT6HY9F3iFY{XmB6logYyHHk&}d2he?G=rv2E
z;FmhuUMWDBWr!D-pu>2DN5wgE#eD@>F+7DpBuWrSJkCJ`jFM3$`97nd)<^iM)Y)bU
z^G8Meu<My)B*3i(I3vXmzTdag=%sl%0kyO15`bR-00OmQ8kkEdEUhYitwIO0-7d;2
zm@u@0hfuiI?O}OOlQtTXT7N*T32ZR0*>U1s2z#=?@1@RsJI%LNN&Qy<b{d1tp!Ki9
zw<+vfvZ6knf1kb**2w(rqCc)wJ{HQ;Sb30LfggJKg^I?^*#=6siL;3GMe3RyZKl7&
zc8=3RyVGRrwhxH#@v@*=8yEQPPVDIITb<pSjL*<lwd%r?i&54Ng>!-J9*1XC`Sx`K
zW!wqzg!{gftkk!XDfhh;iud=&ln())AF4`5ytKRY{5^Rg$bz!~ao+>pU#9~TezZZ2
z8WhUUtjZPVcxHkSAF0e*=7&nGo>?@1jwtp=4R*prFW#Rt!Qcg+{ILY4ks_|Yjjg}0
z{JB2p@nxtS!z%Asg!H%$zV%|?)-Iy-Nbs8uTUIj0JPA6LP0wj^j>6F1nGH7@P>YW!
zW;>vLKHUMYHtr_o6BK68XZu}UQ|0?zg|Pn#)#@FHlUDE91!A`Fkp3{r2Q-YVDumjL
zpi-`KSKCo4?P|zGMoxnM<2fnVLFWaym=giQDno314v}#bK97+<uaqm^%)^S!c>*z0
zf}k78yywJSjoshn^%@EAa~OIbeNMTbv7CeQp8uuXHtzWkKBw5z;{8ZSc!H;|vsy9&
z{rQC}ZdW%yD(>Lb5A@!8p?bwqTpDJ6`wRwszs&H{pGAfb8|uHV>4K4x{JMr>ybc+E
z6QTM341bND_1X{LfbwWoe!YN|SA8GIeW$YfKz`Hz?miHjd9U|@y>HX|z~Pbq`aTdi
zg5C%0BmaZ@z`B0_<UT-+L6}_&*GDLwgYs|O4BTuI_3Kgtde+RYvAs_MIm3I_(ZAd$
zL0|AY8i%C&!cWEYzEFZmvQW&A7%$1ktNys=Egy$eEg#1eL6Qr4=%n=Rq?Xos>c~Mj
zCkL}oI@*+^refBVJSOF%z|Mofo+FI=0|oX?snUSP+;w{o=pWoWu081M-f;x_26vVk
z^ajzJ-5}CcW6zO{UcmS?i6*9sViqYnXiz_g3MM-8J1Nr0&+2{Lm_q#>xlZWLMy_<{
z$d2_AA>zqZ<719mkC?dd(NiEUbd|-081R3<kBRcf1n_^rk7oI!NiFmrW!DCsP$!xQ
z{X4y`4U^rH|3ef37~yqo7{LH|VHW@lfNMh>yCLXYwOo4X@{rb3b$RH~lZr2+bLcs_
zTQ6N6(%Gl=dO5$lvqz5i{o$b;cAjoY_H~}p%`S(zJ`ssuSXbB>&reX;JxpWX_W`ke
zuzbK3=RxAtHrGbOLZg4%^j|?T?C*<bDwPano=FhuCDVmY5a~`wHOfGrbtrv4yFP`{
zrvu)>qP3CG9xrtL709m5)jrZ_8t6g!=P{aw{>rIwLUHR(?18D0VQ36Y7^C8AKDbp9
zD(aR+s7POMKY@`b$=OVc++GykR~(t~mw$sNo#0FYC$Kib@?0OP`)}r|6OKIK&0_k3
z27!_gwK|C`euTXE+jD6OiT>#-32Z<oNdnX6Al0mZiXG&Nj$B##vP1~|x1i+J5<UrE
zThMJI-$4m(SrQXD@fsFNX1k%8+)y$!q>iKIQ}$k9Ol7jS7@gqObAHI)FDG{360NzR
zZc7u8bYUos<jzayL2}yM1kM8Y#V^HD94Nx}kzwDQM{`;D9Nn%b#L<Z{Hir2#x*G}L
zATG+V1t7y}HzOwJl1AtERLihU=SiaIlv&vAV=%@z8REuVx++4)nXm+4N(@QtD$c3}
z`PCzl{DRbs&bhc1hM1s<CUO&N=PJeOA7Mz-H&M5oALv{=C#i?EaIQ40BiRTs#DiEe
z#bLcV1BV639s@A-MPyI#SeTA;t3dY9pFBOmE*AKK?8Oh`H7rMQu=F3}!-p;&Kc>hZ
zlhr4{*LT<n;A)~Sc<qjOxO~-?91XTRo@a;sws^Qa4*+v-<C`pczl{@`#ZoV=1i=tX
zkBX0LO0HEp;dWR0ahd!vK{(Am=GIjCb7iB0>;!<U3>$NMQ;9pdCY(7+{lnD+vK9lF
zJiTg;m%QB?NT?etFYqo$5__7JkDcSCpNOO9lgTk3pq~Ti`@|bhg%C4G9dS;-E+;^k
zI^ONJmb>-&Ux+dm*`yX9rbk7hw0$1k>tjRKRlR*`i^N+I?`V{hhz_VPLz9k>*YO`B
zDQ#)Z=&V~1=Ouhux)7QPdJ<0z@EDR$jOCPEw*o#hW!fJ2H1(-mJiLvkqje}F_b?#$
zC`Rs+_ET~XmB^j5QgV-A<c>MyqC6J(&7Mf^aU!{^N%0vb#xxNEBM2!@f}fOnBA7$A
z&qh;wQmUyNED>R-FschB!kaY|`U>%W4>2zE>k<NbYRFXfCIEgLjfz3f<pVtfOpdNS
z$v2Ze<qFUP97TV<(4Aq5T*pkd%k+NTBFE$Xq0ja|#r11+DnZeHqeON4R-f%}p6$`T
zOwWgbLem*NzdYNE-h*N9YRby9y~{O83Vq(AV!2v>wU<|&zxy7N&fom0lK$#u7lr<+
z&g_4#zv}&~r~YbPo*x_MBi;X*{;E}XN+eFLk{*~oNqdFrlg6m@N&Uxq>63a)rb6)t
zT3Mg;&}32mjju|dl-E~<%>@ri*o>Vji9(+PTP{)Pf3lUbKyz61=Hl@bnW#SUmS*GG
zIZUPu{G5~RrIPCUt)!A#9iwg}En7M_-<^W%b2LV+l8T_+q;yrQr0U5P$I*(5y82K_
zowdj+Ddqlt1128H=&{7&MX$GG75bJ{-sP=(DEEKw@>iAZkF|K~V-}pl>`6-h&j_a3
zx4(t&jlcoxw<Xj8D+(M?;*`Fg3FvDDzMkJPm~@a8GI)ES2$G4RcjN>rj-XjfsgG8U
zUv8TkmD^@suEK3IO1PXy-8R!DZ><EC+h&wcx6O@t3iqzes@yd#Pyrph;E|P3f1V#a
z`b8|dT`uD8!R>N-EalgDje=jR)}QsZSEfHpuJPaL&yJezRe$#UVyZuT#q_WBXT@n$
zf7Z|RAL!3!#r<#m9p153wmvJh|K0k;^}E;gxv+??Pg&Z(UZ2)Rx;~$!{RiuFIM(0w
z!Sm|ISloNokHEujXt82G&Y|PH^*epXvGeU%=j!dlhhZOHE=ta2!mTNIS`3C;<CEf9
zP$v8}g_?~gCaBEDlUhn<<5pRCh~)NUS3{+>cGVQG{e5juNn$7azf=y6_6a;bZgw9Z
z_ksl9>%E@zStI$U;2^J0*=IXQWb>EB6QmEe!0KoCsQ)vqukEF-FKYY)S$%1IA-xpm
z)2Yc`<8K4yEyeS%l5(;2Ro>;@puDp<fA8{%A*8&Oc>Yb6<-K$!o}B2d5>HOHki?T$
z$8s2}hfR0Gd1*D6aO7+>S+e)3{S}dZo*Rwyc4?RodUK8Trne)b8NE%3@}xIk?_(L^
zy#hmfL?*lilfb)gsv$9NUO?^a2neu}+psZ5)0E|qL$hlaT`DKk3hl%d6zcN>G!SiO
zs^NzOI9robAvVmmMElfGpwg0F_@dTiyI?!Z+lqve-vC$m?32p5iZ`HsNW6nDd#Vby
zW&3fOj_ibnt(x&_R(fqBWu>rQDpqQBpTtUs$6&Wz;#I69jGXA@Zu$efJQY$?aQ28j
zhJoUqY7DHYfli(>2Anr5+-_HZtGm~W*qocOiUYq*Wz%!jfH&bpe9Gxa5B>zKC(`es
zI0b*Nda7FfE{a3`EQ|Ba-=m+ZhQF`V`r+}u`MdQ~9{k-QUcui%PkHfQO1y%<PfhS$
zF1B7Wp?d!b&7+e4MD#q#f5Nrx-}z6p3#r6^!q#1>Ju4F)nBe6<@ya9q_)kQJs{AK5
zw5Heefj43~1^z=e>J<Ccw^^0=6Ug{sn}N`*yNU~%H<h?xe<s{nvGKEj>`xf)Wn{rd
zG2TGm;=xXFMi^{R?G!b&WT!aZfbJ9!(+l9~PSGq0qeuadyc>@<APA=6M$JW$@YWIa
zeOL}L;Kw%6X1C|X`0eR_Y!h+q<ah0`GL)xhB;q(>;4s#!ab9CR9w5fEWE_oFqySgE
zDl`JbzrOxY82X0rQCrH;Q%OBv=fn8ncs}Gj?&EyeJ>2_z_-;5mANsegULJA9Nw-%#
z7M>c1^2oL>>P>XeIJ$}c)=fn|zc-f1=f#n@C>Of;kVhJg^Wx|57{z{deQdS+RlOM8
zZ&G7??^kQaR<mEF(E64b-}}|fu^#)?ycorP_2^iy@xL6S*sr=)QZBaM$h-Wb7==7?
zeT-N6Z(0R^|2(EL{+8vF#8{PllGI3&Pi_p8<dX&6NUOhl$tT%ky!O)^X52qJ1c~p1
zN15ga?$e}AtC<tE)b#Eiiq9m_TFCri=QkIv+2}+Ix=?B@4Bi4N;AdcGe&QiX4Xim<
zsfpdMo%zLJUr|HzG@K9H+I;4vj8j=}s&*<{npHBDo|{pdU7jLMW5b)3y7u}tja@Z-
zP2(@l*ECLYRN1z@7VO69ar$*hvggG->Um+wrrr%?qAiDkEwt-9v23tq!sOR|47L&H
zXPn|tp+yZ}ZVi8<I!0x(c{9z2<MFd;J{*syr}=O^9+p<M<8d=N{(+$r=dA7JAfT_1
z?Ee73c>%mDweSf5yx;|}Txwwv02I)04#mc*V-a1KY7K;1rz>cvNLUe9D_4w%>#{-k
zvAM$gKqqW&P7nW6kJE)VUyK#K4-T?V-7hK+4d=$kz0ZS>9%tu4@9^r+gI8c*>L;HE
zLo#7ok<u3e$Pe<?hi5~#OnNr_5Un~J3JucPko^Rn4Ie_qiE_n?kzOv&8{d^QuUnd^
zJ(c&5lsuK&(Dt^*NIFl1_;MtkUCl$)6<?Jrp3A_BiJ?ARoTrVHT%3K_6IMZAAF%y6
zWn{JIRnx9`-h9|qecmh;@4q9fIj`>0`a@&Y^)p%h;t?L_)v{Pg-Av^F5h{O0*|X%W
z8Ys8L<>dqfWY;v2YXGU{YK>;zJh@Cm_Ph?=z>d~yVlyzrB$w0Vif-Z7tnT9B0fv~H
z6n8NrnE$Cqf9*Z{8{SRo&!Fz_N7~<?532iH?6bdZ!)brM{AVdXN+T8e?3ahD&)2;9
z37iESYmdWu_%MT-IvmNTPMqRo9y%N>Ov>|CY5(b{w*Q34_Mb;(`%hD){b%?+*nbMW
z>_6lDvHyhqL;Ft{v;Ulp^|t@~jj=X^I`miDfBJdbe+Du84{1fR{|plCKP`RlKc4=y
zn`0$kdEA2z5B1oCs&|a7cY@|65ETg4vDG`qwrmMeAKk)@_NslXytcHDeK8mt&w}wq
zX`~G%cBs6MS)LJYyn%bz3<5c$nbLYxCe#@!ZAGJKTW>T|T93+zyoE#<++1lrDieMh
zB2|o_71Nq4tw&|T*F%*4yMB1@M%_;ryj+Ooy!q$32NnGD=#XmnyMkEUuhx0&S6x^O
z4Te;+-+fK%H|wUZKath{=?Rbh4mOevqs9C06Ta+KG=M(_s81y~)&2&QWUNmM9EA6R
z6E;j}-l7u*)Cj|X`w(nM58eV0Yf(dGzvmt^F^d-Y7#Bo8Zt6w_!UU8O8RYDOWKQxk
z&Ct@1uQA9>W{NU}M<lKXsuVJJwnZT{jC!9OxYN;xi1#gN2IxD|BNGLtBQe`^1>VtU
z_zIePLPx_Bytc0`ICq9em@qnv<N#JcslTcxbh^)%pIMexl!Zb30kJkhXww*$8iR=p
zrjf8B^J(l6RbZ7(G!1s&GnY}@uHy^bmLTD1a~h{}8iZ`h(MQmlbOvG^W#-XZNz0~q
zw`Gd4bQ|W*E-isrOePw-?yl#4Z#R>1BnqbZ<Jq-&Yl+Sje>eNAE81Leo=9bnlsjg)
zZPSTVwt-1ykCYc2oPPw2E)bWzOxRQd1uWM#I`kGebUH1FVDlOqOqP$qFn-W0x-TW&
zyR%*Xci&6uo^?ux@k%o>yM}V14neer(h|D!l^DRl8o{={C`DY0kak_ES6c*4uLBW2
zh5Ssq{l&2pAObdo1ke4i84bEM4Wg#!=<{PW@WB5(#ADVm1SH#B?CNl`sYp!L9Dz&J
zFE63d-OGwKmf<)yh@uwd5k*ZajtB=x2J0YVm2i5bAER5)lp;lE2hlnw1a|6P?9Qjl
zi|dqqAMPrN>uDHXcXS!3bfNjumYujQwd9@~g;QNX`rCal{om{jig<UX_%qq{i14AK
zNGPZUN*>7kceGcP+PfcdM#4lb5#S3eU7K&ah-;&l)<ziN$Ly`49WVsiG;{n7%WyS0
zLhQ2$_I{r1uWS;vAv^_vCiECV>9LZLAAv(<O&}Tf9$bBMK^eqbzai*DJFvacF-OvM
z)>k-s%Q0Cu_N4c_q;d!Ewx!Yg-G}&bfZT6?^6^FdI8^>PgnXQfAIHld$E{~0Oe!xZ
zoWF$PRu5y$Q(v%-vw-K*gv$Zsf_31Q=e@0!<h{2a0P5fN1o%Yu{{w(G$WO@tAIDLm
zu5?+>HSR#F;Eq<T=HY{l=`M(yVlAP#F$>5BTWy3u4rb0ZR`L=Y3qK!&5U`K1Z(%}F
z2)+9~aUxb8j^&|BhcXI!fSkLSeV4X7FN8WLP7{``zwD;%PGIe7NV_j6k4xB)^Ku)I
zou&vyo7*ClfioQqX#si>M%EE{98$8zt@()X)pF`_dX{|*)f+&hh4}xlW2OU5eb%TG
zmW9Etk^wyYI{SjprZa^%n$XG#Fvbq$)Q+2pX{Jqt^oJTtOGTOwCh~*V{(FP&zwRpb
zU!(0V*?)oRH*=jJqz&x9q!YSuO&igDCPTIPwqSasbk*1UG?a-WV0=;k`|-6<jxU0a
z@9Bngd|_$}gy(DU2c@^)V)!6<{~hncbJiUPAKS<u!&TeED#|@CxjS;M*HtBN(~=x0
zd66`<F3v~m@5NOe+wvnx@e)PaalYoIczH_#&;x*@!tItEY0V9p>>~7ONag%?$B<iq
zu<~kkqAUk=H?vkJ2HBKBYA7WAsAV6|{SnJ~*-!pg{4wC=>iNT7-;+O{uCL;cISm#3
z5pw;%<&U@TcJ$(poAv(x@W<Ud9liMDiF)_WAJ@A2px{5d`okYH?o`Gf8Fv_eyyC0%
z1zr8+55t{m_~YVjPyXmoPvno*^(cYY{!QYK%wPq73<?(c<EDW^p7>S4AAhrtKmPh3
z^2gFQs^^c1dQbj%La*YFA@vmeasKju%OCS@dGp6Fb^rhH#~(Mn`6IsWz4OPR&ORvk
zhtB@+$H1GF@kiWE#vikMwLYq|zx;8jyc+)4SMJFlA$3Lm2&_v9+;v3aj|8oPKe}i|
z{`e(?LKYoS@W(dx@$)19A%C=7Q9Xb3tK-QZ@pV-E(Y>yMKlWVsZ~0^R4R8MVzV`ng
z{@7gR%^yu`-#dS-?c{@k-|gfNe{?RZj6Xul7=JwGtM$ZA{_@BE>(%hbSJyrH<9scV
zKmMvk34He<i9f<L3jS!I5&7eL2KnA01%Iq$AD0~Z5BWp?TJ`+VuBIn{G_9%Pk7l(M
z{PBhBzvYi!*Sz`Tb>06T{&@SUH-Fp=zIXmu-rffV&u{M!f7HKP8Gn>tVf+#6tMyjx
z{pF9<SE}KUrB^)pV^6TiAH~6xz&|@6@dsDYQRa`UM3SbEuQSL62Ne8~&pu8%ptR<~
z`t?<LnrZO;W4kIfQNO3t;U2%-5v?;y|7M=*hg8kE+xpeqi{8z7#0Tdo+aiMo^QC=h
zRzFN)TPB>uKo6GiI7ksJwEz|yG||{+>iD8lTHaBoJ#Q`I!SsR-7H^VLAT4WofIfd6
zLPES$`<U>E&7kfBHcnUML$r-AH`<z5%Qcpjpd>M11b>sAFi573Mp-r4P6{utZ_D+A
zuHtuP>tGBtK&c6Q(J%0kd-V&SBOi>KA5D=b`S`=UKIt%e(!+z52wt;;*X(D>^UNCF
zde>lS2xCM~blV;nYQao!8guU?Kb>K2mY7b7`9{3$DB%!5nOc)JJrY*qL3uUW@Qz;J
zfLFYu>x<|dzsqEEMi&Z~lRI;&h5CZ}4>~UrvU?BGW=mcLjd6B8nEa>3)bE03Uo6l=
z-v}>)xDeqNLF8TZrZ46{1U5sy6moKKw%OFEN$A-2IN5b)lm2EHU;rxuL3!JUEM|_5
zY)F<y_I^6+O^v0g$sT6C8Iaw~WNYmjS=vWO350W{v%g(wyuCJc&NJC=2|L!|Vm<_m
z8B9RvTGob49g%xyv^8q>nIdmVt2l`C{Y<F1hJj+10NkJ)y^KagbcB&1`UFArqCTBD
z#>JcO&_|#pdty0{d;;;i^!Zx@=(%OvWsE#%wjDMWRcLwpd>xsk0b(f^m1|A$muAi}
zqIQ$~FBl#_MV9hKZmro?WQ@FNj=!v5m=y?ChZ`n+-y3E}&)(+vQnS8qxlvPL)+dz{
zOzHF2Yp6-G=!_PhVEt^g{V1#k6|wDv$#&KR-?o#s&9-ZN{3U(CGDu)m2mzUG<;KWM
zCR-tl#caE5j4aYy-#~@=WxnWymbaDjkvsSszobMLf_*(nZ_twe)YAq-o?)YHr&&{!
zeb%HIq~jwmS(?Du!Ek#7-l#-0x#TA6LCy_G+VT9iIL1r7^?0B@{~PindME5>-A(o+
z!ihC_TdoeDZ9rfJcM%`IBl{$PNA56ME42EBvtY>i<Ujo#4Fik>sqwokaVgQisqH@l
z>@m#-*ylFW^|$qG+23YqsT<&kX=WsC8m+|!WBlIiKTP(aIwP5yS@Vm@)=$TiL$Vcb
zyG-@vdV?lWUytx`5vfpQ;Nx#*pED6UB-2FTf<pcC=TN;{#9L30i97)laZC1blRdy>
zPb2fGYqF&(=2HqSorGGEH+gG0na_s=+8Kcsl`^_4md@l~4||s0z+rY&Fl|F%1p=1s
zQrWu#c>5fk(bhBE2>t>H1HBU3|BH~B4%%(0Y_A4uZ#!#md$vp33OaH?F<nfy(F8+h
z2!;qtJ!6nhY_cA(7&FfE?j6xP@jarwXDyRGxfYqRwk~g*TNly|)H1-QP?IgWt^vM<
z!nZK^76ISF;9CTIi-K=)@C}ki)Qux(PareBLoie^W2Ng^#4;f3X}Wtx7n1%6f|CQF
zKSDBdYe0Vi&|d)bR|ER10sRF)e*w^64d|~1^cMjA1wel_puZZVze3Vq5$W$H>Cf2!
zUsLzGn3BW^FQr}r`?4b63BJslPnvxu0!)CTyiI^XzT_*v?0<Jf``=lzg;M$InJ~I0
zZ&b90T~Q@Vh2aLG_z>=q+yvquwDuwVgtx9zwE7q}@*2W-PI6+rr7C%sZt-tJ$uiIV
z9nfP04;F$T!o>C(M%x`@<TePgjaz*nU)qPB{gI`X2JqghNa&e8QqVU<7i(7_VF4t&
znYw-s?P<txY_>mSwolcW<Ih<hG}~^-{6(EAvx)RX$X7>ATIaF_7uni?SY;#>3j_OH
z!X$a?H66s@M_=r`>=xD=uv@_p&_O;0yWDM$r{L{UkitrZ(eGY%i~cH2zC~vjuDuU`
z>*niK{y+#HydF=5q0VD>+H;lpBkgXY@G1(5_wx5W2IZ4j`KdUs@^+z;yGN<B#JhYx
zln-R(tHg4(zta7+RQ^gWozjcsLs62ylJR<q?5{K|?w|WBJ^!Yszfz4PKm3*6yWRdD
z`72EaczFN1UE!}p-{TeG`t5J)>;2w3@Ad1uj;-JQw<}-2*?|gwn3Qf__#X)Cm&MB4
zc$Zf+Qmk)~cX_|YiuFAe>&u@d4iE4<ynUo0**;UNU)Luf$x-Jz$UFMYI~@&oTDKaD
z&erHzOTWA*(e`uVPp1f%Cfm**I8Q#MoK1w(a0FqYvl?^XgB+D#m|Yhd5%a~>S&&@w
z@&bsLNLXW2co-hwE5pIjDcSaUczg1%Z3)WCVA`*(x26)oa*<BI&Jtc5oIwnvMELZj
zwj2S5o2m6~fPUc;6w+6sZ-<?JPyB&O?w?}~lVdG?J??l5&8KSom(twbC;~cyx}>C{
z?+B#MOwzBL+Y_WbVfK`^oGJ1+6rke<88gibei6L}e-#?P)s{25OTjnfOEEd7eJ##J
zsPz(f;k3v)mqHHnm2A@RW=k;i0DHPAT&MDmrZhdQI`3#YC*jUfaO%lt6O=Y^6Tt+a
zRbLR^h&s}+Apwqs@h{?#_TNbnhw`lrUM+bJMfZ<}GTrx3^aY#IqSWG4<5aP`2gj88
z=&q)}-60($m6I*oo&qs2Yv~J)lTY>pt)or}cz{qEQ`6EPja0ORLmu%$TTUb_X&#>(
z@i`CsTS!~_g1e+4>uo}L3y{cYvi3yVAMCog(kIbXLT|-MGQAOUYhN1<72PBtw{n@>
zn4b{5{zG#6=yft|cZo6neD+tK<o4#$w$kdG9rFn1x5#XiD*6`=Uv$eYQlZgqR{P}#
z|D)wzc({_~-is91;z~oQ*KSLIy3F1Y(fnWS!DXP{Xz|T9iDVbP<Mu&Ab^L3!>($qj
zI1I`qJS6}fWg8@-_@x=_?k#RLl*o0q-4}QGJppWW(9e~iYhyiFibtjXAy3QUwur(b
z4WuDl%luaygG1PVsFEQJ#v!B_c>A<42@Od-aSZYD7^W@$_h>LxHimNsPQ488HwUf8
zataB)lgt}1dMCL$3fsDIzT1IE0c6<QA5Rj8-E@(!VQc*zHhLhw{1YAa3!dFgHi)Rp
z(3u=vyL@0|d@9U{@<pFCTWoc2U&yFOU+t(O3t?d=oLI&oX+4hnoY+5Gk4*<FS&!9v
z`P=}KToa1j$JLX%e{t+xAKf?lN8R_Ttb4Pb;?+J)D`8;uVm!7oRvE=1-0zbyYy6`j
zY&cNK5Kh;{BVMR^A4oEm21ffl>VO?3%$kf2*bkA>41ZK2wABUjXtLw6GkbE8!8L$@
z#mZnd1sFM>@#tZo&Tjb2i$V+OGz!5$aljxZB*YQ3!voG0AWr5f-0Pb(PRdmXW(Qt6
zkCs!4{_EMc=!G0*pf$4f)Qva}<l#)_dR$EVEe?eMAek8E1|H{*zj75~)?^3s_F>@(
zu2wi3m;~5EAk0k>C{Yu5+u$Mt)FeoMM#gJgU218_RK?hwj>(XE{nQX6rtLE*Bc|;(
z{7bAbSLyUOcm-BkgdC7)`DNwO)s~me7gzb}R!aXypYN%0jfvZY`V8Tj4B^_k6yaI)
zF`f<muT==gH*lGN@Ulw^girH8c&3Q(X%fPxsSsYm5Uzglw;O|sGLjxBeDD;Kv{4jL
z0vTC^$N~z;a3K=Pp3GO0@k4=1GVYGQT6`x%$K?Mz1XsSUCP%Nd-Kmn4M7r&|PwIBF
zm37NIViFhzlP?=wEl8J_S(leRy1eZFn)c3TYg(UT%XKcrb4`tO4>CGNc&zCI7yr$g
zE~w>eO`oeJOPDO=b3YuCw1DAtB;35W&^K-xt8im<q$-i(nFf{cJ1&9^9|5%3ut#b>
zX`$~GZ|1e)tP7c!GARzhk<};OA^Kvbu)s=@ZwRF`&2mxXhe`>f!;EC-herw#`1BR9
z{`q-^b$s98fpvq3^)SRb)C@B^a%KGXsmU={T_x80)ugfry+tTx5psdz7i^33u)+9C
z@hVLF+{Eu+z&3G4e-qE9cy8jx(o#x)BRw|p_s{*CO?*vlADei=_qApEV=tRK)>LgE
zD{D#w(kjn?0_potF{906m|?`x&*_aBFO)2G{Tq}Vt>p_P#}q6{FNj^wzu2GPV6BLf
zb%J!K8S$>Wa+a(wvt-{YSkfmtuIDmzG^XhIIN0m7_eMwF*?)r$jZbt0d!j?e!^dYN
zJiPL?yK2%1{THO+oX2o+AH~HhHT=MZ#rbb=(V?a<Ty!B{6Yb_u>rJ;lf8%YpJJ~V4
zWx>v5z43BlQAH5y6Mi}+Y8aBK#@RL0r*Z(?F%oPS0eL$K1Rr^n1xXwRIcb#~8B!bs
z^Ibx94hHsks$PEhes-`Pmrnl>zI8H!3Jj?<;Wkac4WO`u?3`(Rp$~%SG#+^00595v
zYXvB~KN2Ld|G?Ij-H-f`-N_j$XtsCsfz+NlnZR^(Xg_J?Er?-p)ezrU6wfnKYn_&n
z1;lim2CBZ(!jvIQ5h&&nuUs~uXVf2aaoST!TcDJo%0FDC*3Y0$<eu(s5XK>}q@xc3
zU`Vjn?0*jQn*B#lR6cw5{&067n?0R)_7neb;(tGb6JHz%6JN_Fj+THSt;oHe2}Sn)
zIR9qet6%xVYi;u}@%*{v7%pMC4zCZJf|b{Y_2idrm+f#u-rl@~MNvi0VBTH0;FkMg
z_^f~SO{d%KIzcKwPAmVcQC2=c?<GBG*&nL1UuaoNTBZq5mffXgfwZiqsw^k~%gzL2
zSv^%*2rb)9%bKdn8qu<^XxaU$vSzew87+HIRrUZan@!8oRAs5OY$z=os4DAE%O0j>
zLsVst(X!UG><uXEgKx9?l{;UdWx=%UT~)m|X_>1AmaPncEie@-CffR!JKv?HduZv$
zs+ucl+1Iper>e)2fGU?*dlr^h?RIrW05u=e?=;%ek#qhmc)Dh#Iu$UNe<Uz5PNcK;
zbP!`z0~|$usq2TIQ`G+&>eoN#*@smL;{cfHUNC<tVI}~~0WX-~^VE$jO5g#Y+za5*
z^RyA*SRou>`keQKsdYio5r^%Z#|ifcqLIv1^uJu=Ibox+e&KFXzuN`RK0a2$yah0?
zc)@JHrWk7uz^uK7<5;7`aWqt|zJXH4tJ+F<Mttknr@Ww0zqI5EMO1{)5*l82#k2Db
z5<tZ+0`M96Nn1$N7o}no<yR?0E#Y^7AhLl+6Xzv>jR0`W3t-_T3Se+9(0C5;&kL+f
z$c4)Ly|9yeMuEX005j=~C(IlrdB*}wmVg+X9*9^nX_Oe`>2CEXEqg?@%4S*?Ps<)t
z)f-65TF|ngs(O#pG7T-uRMi_s%T5JQHd56aMay>5vZqw_#?i7bXxUU%y@_6k48ABX
zWY?WQ%3g@Pb3p`X2mt3VAch9e);p_O??`*@Ld&|V%3{5GK5<1{!i_sf!w0=+?63sz
z1^|>wG$yw2%~cWLX#n`Zi-JCq05SmJwX2>j%)cfAbOV5C*F0OWNC1riVC*%|7L3<L
zfa|3Mp!;>t7J5qnhXA0H7r=}%1s|^ln9MRy7}E`L5taf#uN$5KD;TdtIKPCqvq8=v
z^aCw+zCv1cqAY4Fc4as(z)vUq2LeR7y1U|Bv91^=B*AhXgfGLKyW#Kc@Sh_14?Mkf
zeh2@702xk5BjKb$9nftyO1S&`ReaT&>6+$*$U4r&a;ZW1la)re2D&WlYo@T1eKojx
zx<<H$x!SohTo1VhyIQ-_5r&#ETrFMoT@SnJx_Y>3xw^S(xVpFkT%8yIqN^3?#zm`l
zL-+yjKUT$ZE*$~af&(T4M~Ev2D8%AbN)O*b=tMJ%$cr5KARHZ9toA>k<&PPJ(f9z%
zN4fQ!fwe(BiE9ObT?PU)gHguzC$-1K+|PMu@u~?vsMc+Uq2NDsvtmS5PM?RUL(mcs
zYo%JE_i|%4w=Y-5a+Qt0aTVjogdqt5?j6?hdiv*zK|4vRIYNFdOX2v@+6BC3hnonu
zCx3v;Omvy>N-?0G4=qgyO`e+l<has=`zDR$7nD<3b2h2({2UvRYK)O<3^Go!K#eY)
zr5Y(vV-BmKqcu9S8vKSqsS|R>jv?T-^iZiveW((qp;dxt757%Dlcc9DW49;VH&cQ?
zNzOUv3u^d%GCUbm7XmL2=^KF0)Tk!$t_=UE_ayS5#<u~g9wy5*`p%e|O?sFn!KVX!
z1*d}Vr5aHzfsc{k!vKCSr$SQ5RyC4hV^l~wPsYz8Kk%h^;n|)L#yJnGr?sQVYg(~#
zx1WF?=rLA9%hq46ku-JcBnft&MlnP-rKe=r)JaoEkttauc(ZDJK{&n^9G(}7@kJDQ
z(T-w#HKEVmtVS@cQC2ATNzhW7&>T@CR)KtFG|h}WrDC~C%9QNM66~j(a)??S;(eTR
z8K>&7z(<D?X;>z>+A3h5kYUYZXU-(BGe?aVxyRB=?kpHPYstAH7075V*B)e<F#(V<
zWjw2#-JQ49mUjn7*Qc+8R_`yeHEe)9kHW%p7s=M!we*V=+%Dd&347id;fD4>#T;v3
zxA$|dZ=mcqQs%Xvq=Ma1NSM-A+)_OE6G$$@2e@}yZ`PYVg?BXi<qB*hbr$oQ1MU;6
zHR7h1lg{a1E~LLyKk}46#_1m~yrSQlkggra>vIdO$60;y`6~Ua{7UAx@R~I34lr%I
z3#YyRb2{yhb#&SsnHv0C9{8Z-f1>jD!b?Akr8dA2U09Z=F<7*`Ju!l}Cy@Q!K<(~x
z!$avNKOmHvTh4&02Xl_xorrlf)mjW1?bxrhmA%$>^bz0j%|I|s%`)WWLfAg4bh;sE
z(i`Jfc!BjhQ&)sCGu7TJRJ|Jp^9{XO;ifUEs5v2v8rQ@SL>O5!OE@_JGg-#{lp;>%
zxXtZ78NYLI>V#=)d<9sV4&jerG)i^F3MT*F7y;7cXsuG397%qarD_c8VZC5EQazVL
zN0*}zV&g&t5Tm`n0oG2ckr-jNj~A4+Y-hd)bs|)=VYT+*M*C#J$c}Y`(B*c8TgnOw
zDxOfV>0pr32&y=2wC6IQYA{Q^Vj};c(Wz?D;`OXJ9dMo@g`~=&Nvco_cwsu?eA@vD
z=aUxw8=PkecfO`L&r;$1OZJ#etsGmc@m`67jT&#kg+34zaT6*uxmDpN!@kibSseDu
zb$tw5??2tAeC><wA(I}gWmTLgE#uaPXiP9)Vz?|54A1x&R0GcMV5_TFdk-o*jbE@0
z_6fB!c>C)}xbR*|Cfsj0Bx(aK+o&r0j+R}!hGm7SvQ4z?C@m{dl@-ylO|)#6s%$$g
zTS3eAsmgZKvV2;0NL2=kZuJdgDU0EgCDhqSt{{0{F?_~Vhybn)1mJP6M|_7RfL#Dk
z>YYLME(Hh`J^_FccRc}~lmHe1z#uPx$0UI90MOS9pq~ifYEPzayE>xEcZn_Tig&kA
zXs)hTbA4}%05`rT0CBgacZoWo0LAn(!n_hHm^XTzzBMGDo?@Q@UYDL9W(kj$bd;kL
z8H7~nC#eu$BEDSg#HyCQrg*v7jD7rue3b4yz?B+S@cL^W{@HvLEF|7n^6M$D3!dkH
zRrMtXOjI=Cec$@)dWEn17M{O@(&0fBrslEj6(WDB0B`c7yTeIyfhOBbgKc6cq^wr?
z!uO%?lKVvPrG4nDWXkkC4q{YB-B8M#MtJveL%6=-D!wE8<7fp&&dq+6y(d%U?+67&
z{~hQy*kqp_1+S`59yH;zl<^VppeH5zJYQNuAEp$F4}bNp1}vYw(Op8ILe23PEa`pn
zdUoP+&KvD@!r{#dA1_#rn+pmnf2gt*f+rf-Q{b1r>nL>rNq}4{iI^2e1d}-Cm#^7D
zFi}op+X;tuQ|J6UM=GQ&2x7J!)qAJfYW#bycXhvMJjn$2aW-H2J6-xsV~g77gG?Bg
zx89B?aHb#eL(i^&ef#(ZnnUsiJeNqQCxsB5T3JlZ-*>g=T#tayPIf=YkktOGMiApR
zEH7suXNiY*7u9z?6}vu-T?@MnSKKZe#`To*f>jmObI2}=`3GKxd=ZNH@RuvZ*B)Zj
z_xWU3^pP(Da5fD>iL?872l+mJMtL76Vwyp`zG&A<*Mdn?r3-;RzZ+Z{TcOPnpaUuN
z;Wht9-J5_%QDqIo)k%O(SgKK$fQ$qT8Zg8}0n;qnO%kYv4n{#m1x3+_ikN|JU}Os>
zk(5mfDk|=bI`6o>BQrWt5g}nozy$#})R9FIs%;?wl!Pt)pXF9{Rd+y!@B5$U|K}M)
z*S+V~J$09J&pG!j3=Psl>OIqHUEQN1S?dI|ypu?>zy(sM-gt%R@QHVf4*mB`i?**t
zacrfeLkl7BE)z812O?AyMbwgqjv6gGaEmM6(IwlGI|dI%ah@dGRld7W?13*-i!L-?
zajiv;>_A9gEQJQgBE9op1{!ym<<^e27KOay22w)!dNJDm&Un2CDbN08i~00>qiu>~
z<zMvjX+i#dh}Qf!TI7e$l5iFB0nZmMfkJXO{YD%2R%c884_LC=?zb^m!10P|-#BcY
z^On*2DPX<Ams>vNi+>tu&4`sF<qCGW6tZNA9?|w2?T0rz1NEDoE7J2FMfYD1oQ!U{
zYGguLQ#)U)vZiEzcV-yXM62aax;=cgCC)!5Z>8{z!Y=dHe<~!WD0HwQ!Y<rPH%#mo
z&xDp!PWiH7)nPoy$3+kFu`nPD_7xB%Mpvs<i6{g<`~wMrpS;LI;48<QSqrHh`@K&K
z(r@Tg9E)<WSwHYw!<>e8HJc9nWgqcjoB7xviC_CNyta5LI=i)#t6C>59QxN8t#hi^
zue7bF6H=#_>L$hcxevtUPOVGVErc1dl^$O)3l4`S`HAZFx<9u_{^(J^rt@=nk$&Fd
zkyK6Z*{|)chr=u|G#zCdPhbSVz@W|6&{J{>9)(MX;3ahfj_-K1-I|0WZ@-?2-lCsz
zT*v|6BHOg#>NTR8P5!X8CGzgrCp?nK&wzest@!-aF1)K>tVH1(3RBkp7o4*3(J8wT
zr`o<Yf!F4hZ%4^f@7}s{qqA6$(R7WtDx))(Kr`1}3V#zH7u2qe1?D|m9oD(9y&v*?
z&0S)Rhk_%$LSlMr8D`&HTBjHA_kOy!Kwqag`^5*FBbJq2B64Peh$TE(vLE*d>pO~V
z5=7I*AZ>wNTGw0Rmp2|?_^pTxDm7pytnI|Zlll)H9@)|AGQdOb=z?9Gaes;LFZxiW
z8$%_UmkoPX!y)e(9r6pKBiD&W4i3&uF?VDUeZhBro7K+73-xvX{3;&D0gn!n^!W3<
zUf(y?t2fx^o;?L9*xvD6fdr&t1fOiP+@8rv<zCzF$Zq7x7XCd-(kNf+n^~C7sA8YQ
z5zTM^JJOz#+~^Btu7wT#<d3GE{v_`7=f9<$zUNuq=^q@`ce;GI59W<8@>2X6*b!My
zV@HrRqlFe#Z1YOttKET_MfjGnFh`;DN%3NO!LZzxULdA?&`$*|5i@l>ylFFC?DMPb
z_-YJEZ8@thf6E}y)BIDTXVqdn(GwB`gL_yT1>`sMU;>ZPu(ddbB_x;6)~;^Hvit1Q
z6Wj+zkCsGU*hVd~MxOzf-5bb7I)cR-7ef(zyh37ji3t5L@h4vRCAxW8CG8#E5ybfH
zpkA{}>o=Ykdx=G~N812K)lA`EVKvaspKop1_~M9Lc8n;Jvs$UUU>`ix-Z*=^@E9I^
zLuVp9(~9qzb`R_jwdi8lH<S19zA;91kc9*2LK^~Td`~DoOq~=%FPBj-)dpA4m3ygd
zsh3Njmvy^idf93@@4Hejmr0=yknt;>Ujz^frI=-K=^Mr}@J;tenT-mmC6*=pXR#_a
z9E(K4cOQ`*?WgYqB(gS5p9))|3=kqU#9^qgoi`lh!mLdkYXxdA#oA@DtlJx}NBNiA
zr_O+03?wQNYzCXKaKrm1sw`(!%a5FpIO0s&5&7n7Tu42y>L<0l*G}yoErqt8j6@Ej
zr5&D(+T*pC!uI!d0mR<eRlqpm`Z>Ps_eeNM?>&s>d8L9ptQ&T^myi4kUOwX_F$+)p
zbY`hPN02<1)*A*s)H@Q(1l%ap0<va900kaf;NbQXt1z%1ARZbXG5CZMZR)>Sn4hiP
z@o%P_$14qCezsO93V*KD*@#;X^f6sm{z3lQo#&k{f9>Ajq5s$N*UtXZEuCBb+N|?9
zf9)W8!~aqK+R5ANDSvJFi|DKVujQ}pQhnsV$X}}j9>zs^)Rp1DxLla}z@i*+WAqqF
z>m>>O2oUTkO4+`Xl%HgE78eTs(5jEfhxOfwMo)x)F!R@Kh#71KvY2xqd?nF=ecDO7
zK%fNQ`IVV={22sFz3`a0fWyP&ahu8i7TJ(|xhgZmU1f8Zp1OVR{qXledC^4xS-x2=
zpF{fKL~me{=80_Z4w=+2t4+YwR8c*@t>{vPF5RUYcb~r7iv2bU!=gks=BtN1&U$}k
zsF9F>hNs+fAB4X*%ZpapsLKj6hN(CpSB(9`zT0!(X=mvBzL>t{3Oh`8XqM4`_S`J^
z>y#H|$8{$!`WtL)>QY|vEc^_ufIk48#k8<=Zh9ve)kf)$@FaPdajZ?UXT?rS6%lu|
z+<;9yNdp!MW+Sxj4`18ioiog~-)H^oj);HhAHH+dzs~f|G<c^)9~6E6KY=ucFS33H
zK-XG;76TB*o*G39Z+Pk4+{i`#VQ0oD<6q{%yDbKznfQz;5qvjuq5^EDE&Cs8BUjl=
zk7dtw(F<pHz?uh*8pPw`(qqmAy+lfb+x%T=!=hI7XwG)``?uk~?e@BEf??LGnZ9#)
zZBm+~V<A_}gyj|964vvE-Aht>qn1#H`XO<jYNzZdfg&;*(c0*gq1X~1ek*a*p8`{@
z2Y*>;(3u<$-%UmDz|5qk>V!zJ;0;XCFg8x_@Fauku>AU-xSJCYK9?u5(K}>{G5GC;
z$bV3KeWiYlXRKZlT}*o{ovw!nApk7``DwealM-16Y`xO=Yx$ufthap~PQ(H{sf8_e
z>JFV_jtWzY(^m+dk}Quf&WSkJ-*GYTN|7kDSx{}&dx!4GLRt4f#7g5qK(1)o<bL7?
z$110>NVbf73R3YdZDFAf92;lRBBx=T#jR3IoW;!Vk<AzwWitjqVOJ^~94&Mji)IQg
znvD2+kp)W;x31cge+B8a+)`7?Y|0#{3H^lwDYZN4Mm{cl!VRxHmQ$^bIhrGddxd)%
zcLE3A((e*}dW$)YIi;q%ge{`5xRkC8@{Rj`>-xO=lx{1vlysE_Og4bQWN-F$SJaOc
zbyM+DrA)I;ca+ZU61fc65Pw6sZBBK#6P#NVeyv(rt~hJthj!AqcWSMupJT|P3l!TS
zirv@5?K_n^vy`AG;y)C2D0Q{iGMpmbp-gU2oQ;Y+yfM1!@%CYTQ^YEgyLe%tNX{3s
ztzP=7AVwr71~W9O1!+84SA|jh$8Z1GRLi05c}b@e*eW<|+HsnlLi|Tv2Pm%mEhjqk
zW8dVV56>SY#p#0={<@O({?QojBHLr)E@C%*O{1~tfw8QJ#BchS-Z3^kLExsZ^A4FE
zx9OX;ci;NMO<$vLPu|S!M}NsGqYQl?mx_H%k{~Wel%PL6#aJ3!vWWCk6e1S4WU1Ja
zBq<;Cw6G<6$4yor7D!got`s}+*>7Su9~4$l;nmT?tBf5v8+T+be{-l$j2OTPQMzi)
zFJ#3eL|ITym}`5XCgjJ38r^&)uj`wy_;sG_=DDWLcdaN4&9&Uu{eN_SP5%84_t)6%
zE$%OM<R9&?gI}G^{#y9Fb$@ker2Tc^sJ_374w?4Xk-zik2Ig4ym&M)(-M9+XE&1w3
zI%dDpk6Fvm_vE41^|xm={ud|xUm5?^v~`Rr*o_v>0kNONEQ}W}NK-NU*qxkxjK+UF
zCl+frqMu~6F)LvFz~8&d5BM(g1Qr?e<!TRxzm3wDG&6m<{RkyyqU{)`>Q4=QN8EFi
z+@xvQq}DBGXQ#kaOrJJS^9IriEB4Ce>**t=*bANer*|PAFbWjActd>zbDERI3TAZ^
zYb#+ZudPWU(b`l@^TeOkpCQ7Z7f6aJBGvmueclodSt5%tkBY9I@&a-Qrj5W+VwdPf
z?Sn^K@+7MzgiPO@82XHQ`UUa8w+Jq!eeP(&gZiywKQrOzI_~Z~a`4<5MQJfL)j5`C
zZS~FlB*W||I>9;B7>4x8Y9O;;wi+XO<bo~C36Y9EN>1Yya@H><`+)p@Eqq@OVfT|}
zwFVL*qJ;oo$K+O%ELJe1gPk&AGX3^~oJdFmzNU0ANJ+V<7>TU&G=5oV+aKD-Nqn2P
z-5MV{F|_T>nwo1)>1Oe>mjkVJ#o1>R3suf|?M4K+k#CD0Z>g_&ROpTtx~#8CHeS^Z
zUv-?(9{C3t{$QwzzJ3~7ZHdEBk8GWx{rhP>vUPCSh{Ht3`W)8jSmmz<9dl@xz5+*1
zE5pnqP3!&&pDL-E;}s@xugx@0l~nD-%Ut+`UdTj5`$?3~nK>xdzSAHu3+i<~FDl;!
zTiyO2vWQqu{9$O$+D>u#j_-ytisv`x&DeN;@8gZ~`qR)~in~i;omKQ6Mm?TLP`E;D
zo|Td$)D)L1lzWkRc5UM?oiLPj2G$kBk4&2s8@!%xu8JuaoJ|S5#qSI}&tir12e}*_
zT3}adpU_=}dihBBr~hxc`BJ!NarFEBc5OfEWHAFEwmM1M2qWETw>{2Nky}yi`<lv{
zwb75$Ek^k(I@m!iR}@X4nB(;@*DIk*t(Pd~T%=g+?JykU<6*JyK`sg+WaDF0^k*)r
z#G<{Aao5@S23qP=cMRXKiNU>GG!4Q3{TSb^Tm&f8=BK-*P-cYkd)8v!%}`HxfM5M=
zq0ap4Qd_7k|LSiG+4z^s7HVv!Ul}$67IRf9=4z>!D~$h7SB)k3w01nsSH;>)j*gAA
zNUcLHTdGz>0fk_fVfH^<s2tVpsMh!ze_Ro|%3z`P`^02A#+Jt(W4l{RB22%af0B*q
zANgHFH{&tvVYS4ei!MYHB|Wy0Xpo)24RRCsGmtooSPfTw%ty)&L9f#gAL;<sA+-at
zitt*&)%{uynlz!c6g_{3@F4k8ncG$CwD$O=Wn66!cg8_r2AE=Q)M|fv?@)xPa!a2F
z*di7}m>#pQAo?MItrCl^78%wLRaX5a-xX{lIs_)k*BP-<5Ss<aGnGMwJ$#<<Ss#Zr
zwc3+add5+VXAj6nip1Sg@OeJYP-UX+RJ$W4Z~t{-^axa+rz0?@ntJxi`4qWK64R5q
zDxKygq#a(LE@3c%@dnzMkIuoTSP_nNDV?GelVBI=d$pY%CGkNyX6zKej#k@hfm^MX
z^uHHLm}fDWgR4eRvPGo<scgz$ru7hgK`wqCwC1%z1ge%0&DpGtB0QgGYy$5xBjG&a
z%Lf|rp2veUq~A0QYW@~AkFobz(^jVo$Kj(r>JE)u)XUb};T`@xdZ*gEH}ily(4e3-
zpd~QQ78oy$!8khxW4j6C<?DE4^`sg{e7S&YTgG+%{ZU+j9>n8^Q32!e>vXdz1+9*s
zm{+awCd_@vgRk9N*_|*=jrkJAvQLT<TVg+MNYr<?WlvElu9S-JeI#Q1kDZsxmRB<+
zYx<B0MtY9t#hUv+%YU{cK7Ytf)amM&1<~lcGp6g)<gfkj@?S;!7nFif`1+Mh=^a~q
z2HRA@)MZ;r$tx<rQ8X~=?rVf_L@s{;ei-4l#U>0~W7iSxYC`@3G?T{Q+dIQ|pn~y&
zDDvI$IWzivspVrnj0WRg`6vhDe$4{#KT&`s0^kW9TmD+@<xGh<P~;yhfrJM3-%uce
z2IJn*UVJi3%K1KST*@_O=w{Z@J#&V|c{N>7R{Z+zOj&d8R!nC~LCZ&nPHbX{?jyPV
zB!f!wZP-rj`iGbsD|`m{z?+#<)oKZwHIf;dRTABZf68^Wmb!IZx036&Sn59Jx@BDV
zwWV%5*Ujd-otC=qxNZX1?X%SVD8<@|uQ<i-thDR*EQW7+G>++g+zj&(!j#6r3~n;P
zJcBS9O|dXl0)~i+A7NgNgIRUL^qy-G=CwG}^|#D0{SoHbIG7jBFv$qB7)r=co-OIs
z^`Y<a;REq-03Y7s2QnM3$E`$1O=u6+Efs)C!d3S_;(3qw_gC@nLGkZC{#SQ?rQWc7
zN3<MyA(BC{{A2zX<=4$GWlEt9qI`7}o*3t;d56dl+IKIB2jNi&^p7YIE!iu_9U{Y9
zyX5OfL_Yi{b9Jhyc1XUqyrQk-ziF(A{NMKwkbe#>-j<I60SpX^Hs&d2^wP9^@vBH1
zEPjpGN^H!?OwvZU`He{NG^d+0>t<*RY`pL2%N`%jU-s-hW`AGvb!t(ey1}D<rl?<#
zQ6)fsu04OmN#|u6sZcy7FDVi1E}Bca)y+o>#chSKDGn;IncKBsQ(QLNF8SLl>V8fT
zfA`Ob+J4p)ez*S+Mo#ker06j0Ib5^5m7Ia8wmK#y$POF4Edk!VkAm?ZR@85`fqRW1
zKdmA1wihU#dr|aa;;ihKpM8Ptm+zPowO>Br4P1%b66r%cHa58UGXmBn@&}SZv$zj%
zptl@ZxC?VMI4DM1w0##CUeAf^SR6M_2NcH-)?i^)RIu)EIT8Me1J^+qy3eU3%Gpx-
z1X;Vak}~9=ub@8v{5{&<shvpxsjJ(a`8LQyH^Hi`tI6&CwiM{-Wpndhvk1hRQGpz9
zwc3B-7~!=e@KvK>RA6z8wzD#l2f~nd_a$27-S;)?vu^LrKI9{<Oc3R@4&=Gw3cZ0D
z8PWNe%JZ@3Ih>C?l7Ruh;SJ15Ep#^fhZ_0B*FHz7Ei6+pnZ}2Wc6z$txJLt62_-OS
z>vMPlSK%S6@h%PT#uvl;{42v%Fi{27EnIVDSH~(-pzs1JEQ}U<trWJi(6F@E-gp?u
zYwI|>8(js{K~o<VDi|xkfQYVbnSua)Se~`mPbePsOGQ0G48@i5d&858VfUs75@^43
zG{xz5iph-@qYIxEB6VSKD&?ip9)J>W&~JCk@4?P4=37R}N=1>Iir!0ZfxCKI@LblI
zh)>yA)^&L&&%g<iE5Em)@);!b0tYQQm`k=RDyTS$4uzz|aQKFe3TFN;F;lKxwGzeX
zjikNvsu^Q~1E{Ldb`Y4t9BB57cE#KE5s&SF5`Z^^li{@mIY$d}4tP~RpnZSpTFjWB
z9etbMLrf*AU0Y2-3O6yst6qw7^2PUIe+AiYpc!gGE`2`?Ucpdr@O~F6YXdl7MbF@X
z%~MeAkq^K1VJav>CaG-pP-*^rC0LkC+MR-&2w)PvI7S}wL~4oXPF99`7S`dB=5cPB
zH_{uJG)W0ux|RsO!q^ttP7+_Z4?pux5pNN1oJR$QHjGg-8(`sLp0ZTm8)Ego3~ODn
zI_i~u)Pg#2+DB(r?DaP?(w!=UrFLQ5TI_8A{09NfXT@I6U2aKxV;9VaT8pDP37Gfr
zH1TlJ@=Pgw4`ye%Q=|<`)80N#9wXW}cMOsUETUyDVe5enT!bg6OY15M-{!(_cl^^<
zy!hj%Sq8Fela6!ptl4&h9~Qq{+Lw>=E2iENYY(m8KXp+8Gqd?F<;sQ0(&_Gggzf9K
zAGCP)1G4ZR-2EK>@NDjWDjqW5{pfc*@}tZ}|NZtsx_!M)U$b>T?lxZZRtt81=Y6y(
zY`^5z;nEtP#Ny&EyfHnC1S`K%TQqbZCtCjPKZpJ}!HVlCShskYMAj*HA&n)fL&y42
zt)pOc=)Sd+8-_U8`5VS^@;DD^I_zsYi4ODINbv*NBbLtiVKr~aHts;5TGhg0Ur2?g
zO;Pj~uj5V&VXdyP)V#_y$4jARxiJTU#rzc++QP*=8{H-u>gWt@swhkng?}_=?Ve<A
z<jdRGzTBcOwkNQ@I8At6zbmf7+90iwAAJ#T-PBJoV@nXER=kRKui^EH<g~7aCmI7%
zvN8#15?VseHm!eeV9F%2WEmAmY7$W}^&2-s?qj7A>jg&#@_%nK)vXY9y77u40tlY>
z9&eB$(#q<0Kv5GEMYCOsdu4`Q88XA+>q<Uw2en_HK#nHQZVx*|{+eA#{#w0qC}O$x
zF{6aiE526f1qW>}h+?FNDdg^jQXF2mw=Y`L!Wp7<pGi8raByPu9!Y(RHLpNAvW3Da
zl{A3s-KBHWhmjr>0m<QBk@Gj<s~IH>?nsI#t>emc8Z8NTq}YQn6rH>Mo7VjAHxHMz
z!r%Ccvs97<s|~xL$a+4CO<2!r%V7I4&|d5GEpN#2VsR<BxF*FcuD2i06i0JF;!RoN
zg{7gNXc^jkQs_@bohNDT=MPJkcnccRedhs;Zgr6dXs@QdDO6O<$+2gsf|hP01s}lN
z9F~l-@et-lN9Uk+U#4CN504H+!*Co?^mvR8wu1(Hqb}<pw|d3$i>O_i5|{-`W|jj6
z1C|U?%l97363VnP7p$DlW_vxP%v$XV7_Eu}z7*1CsP#g6BY|!32(0_wmy8x|>Ml`5
zBGya3?xveV<6BV|H`|{by(e_m`>*sw>WqWEtoD45^K;sT^5SPtf+T%}got6k{~Kx1
zwNYAB1cke)@a||~F~)zS!kN)RKNME|o3s>Y8XwhCphdlzZV5c)B@-eh1;T*2a88ek
z<2px}VH^lEAO^;GU0Sowe`<38u45ci(9r;>Lx2Q)T(|*gn299`p)Ec+0OA?mUa$g+
zHeeBxRhQNeeueKgl8dHl-4^lD{m+~E^q+x$ZpS}k5QaCwpwn)GH<ke7(G?+K0m#t>
z5Kc6y%(Vger(FflOz$pi)t5Z1Uqx0t%sBn&X0z~(_O<cyq<S06FTIwuAW!o79q8!|
zEU<f>Cw!N~As+5-&QB#8tfy*+$S-HeE1tlGh<1Ctj>HiTefVgmq>DTGf2<E!{L|U%
z14ivTM}5GJUzzj)AAfTW`hY%P{;@uwCU{QzfJcIS0$(?NkTu^h$y2&1YOvL+HFPbk
zs5eqBaEz{i)}3k|=X(vd`hWoP;IJkq{cK{-<f;*)EAw*8t9>c%()qVz(4TO^N}CcK
zokj<CWu8+}XSlq<$qM`T!{FwPr;~Z|%p?+=-bo-C$>$vv97^JkcF8L!Ak=vSlVQb=
zEy5ha72D^x6}b#;FV{y3EB2yDykC23F{UA$12W5;qS3)5_?Eo!aOi@tHDeNVI)yu(
z0-esbbUKPVmCG-J88kZn$IE)hQ=sFLn2sy|YU=n3?sy9PS0Xx|jUAWGPXg8j)p$7v
zJnDW7uAGjCQZ`CU-IjuUMCeT(k))Ju9Pe?~%0W5;0`qefTfO$_#AHlUv4b*L23)yE
z^D}G?+_m``8R4Yjr8(7n7aoA6d8yl_)M$zKRKIus_f;qfqv(t09!P+A1DEZR$a_<+
z0(lK{(+2YGsdz`2EtmU<Fb;fnCEk^{TDP)*FTOt*h6gfcS=7>At|zrzuC{ztAE|Us
zuH;()gJMVT%b69e;LURsIRoC_G0%mI+W|j{;<pNB+eO8;mJomeLpc+V7l+5W)1MZ4
zUXo($3y`UXI=Or<KCtp4EQrBRdiNu5NWku=i0&up-Iuh~y>Fzp=#kj2JBHKQK34Q+
zC`#%@U;7c%j-<zqo2TFr+Itq^GdL_^I|zi&Y{PLHc61y34#MwnX1E`$Ax~gvI=--<
zmJDsf7nzDK(vGT7)Pqw@*D1j{le8ok5kVJrw)|>lAu_Zrg_OZldukjf*=)Y_P^5);
z8~T0*-gaba*=$^ZQ%Nt4A`>pYG$lAv5ec_PQn)CT-#v93kj!BejGO~uh56C4x?Ilt
zeQ6u?H=_0RN+4^MvRnzkG8|fiEDWZyOvMasff2BjT}hs@y77v0qa4I-L=MO>6K=U<
zf#j(xU?xx4;fnxO?SE<Kk+jP`XR4PWn7mZ%IXi}aeO#G|&ULvGbp~5vRA6pyns1ON
zFw><t8|4aQREHnU&$Zd*@?o&7u|7i~pM<iyNuew#GOe$`%t_G7e=E1}chEoB9!fE{
z?SXB%{BSduJD_Mbd5s%S48T@U8*(j+qw^b&<Vo78zx9y}x66T>*0QT>D!RHlaZ`Nw
zVm*oU1K;bT)ABP8#z%{om{(jEAMa%0ubUFd$QZN9*46RU);TcxIcDgfy-`k1btq7v
z3BM4B6EK_{Fi8ltYL3LG`4gYv+^l8~ao<JA#OD&fyO^5B;ME85VonPAU8m$z*yXvK
zL{5l({%p8Bzqpc}D&gnz{Ii!HJ1;friHGfKT{%)XNeLFFqC`Z=JJDOr14nAA9%htm
zowOU~CDXvV^oYPXMvvt{q1q!I=HmIch{xagzew%c-)SF1rh@p!HHy%N|1{Lh-s@_<
z%gF<`g}i84?KrOdZixYCY|H??+abCm#(QidrclN-U;1p+5{y2HX#t2Kfo*~b0y4aT
zT)E1fq9-B%)>^JWC(rU~x#A5Wrlr!>e!r522l?~)c2rrmm-$-<{!cogv0I3ZXP)qm
z-9|<yJV6ZC%b)x=6F#6K6H~uzvfkLrRn^crQgzG|`5KK$d3tJsNrZ;yO7Xmc)`k+C
znCcA<ymSF_7ZcJ;V)MtoOGaZZxvCazPGQ960qc5=f}=&@LtzAG;{)FM0y|QeTe+B$
zL)Pq0@&qQdNyT9rbT5m_xhQGfQ;wPE=F#~52`kE~>G~=gE4}3+Mp)_WT)O5(0bDNs
zca(bNY8eQFE{YR4>Ry_5!#2BQG3&_{W<4%p_UaNz7iO+D#U04d=YY0~meakT$z%cr
z%u{W6aqZAo9~73aU{ULl*GN{nCfO`2VWys#@vGyk79x(|2W>|ZUKCU~z>EYTygX6N
zNg}twt9X(5qUsISH<TpuAQIXXv@p1g+XWXBye88Zz^I7uraFLj@%=DjAKW|h{@bSA
ze*ayHs-!ATO|E#nl_ZRB#adIJ7lzGjWUP;1ZMhMsqTN6)E}~&;b^ic<9M4b~@70EH
znZnO_<0w`*(2FV5X5gxma8i%+XCVN_DU{Zx7}(Nh%$|zaJ}~XB2Z{k-#J0H3l?Het
z&c7!`aehtUtlR&(czxI($`YgmU{*3FTlxHh^~BGZ&lUeAeXDSHr@IL4_<dOt(8iIk
z3*Yk(9=z*Leb_E06jT!mytkegIc5Y3*;>Uy6ABo37P{iF1^}z@b5R1LP)aCtG*IZO
z&0-Y3e~nS7b!AMajxRBFTq!!PHg}w%wKI3Tlsj6fcl<s-SBs7tsN*(9$6d7MdvRy2
z7a>*aT&efpHDd;JjW&O%i;^ooOq4|aIJVdlCuIpbH>G;jdOi<E%t~gYQ0b#ynoPYn
zB`~!pF??AVPcI{jTLh3w<NU-xPxv`Ik&&H*|59L-4|L0q+4}wk4!Y*=1(Ft7kuH5m
zMq<YPD_z|qn+WP<wdMQ^Hgu0P{j|Vc{yY_~?m^ZlWDxVsf=mKyitc;=NF_L+hqAC1
zJD01<do+kejsLnMooZ{j2(@iJHksOGz-TR%E0Et0t!2`2&8w(;DKN-J#pVSshZU$8
zL={Emikk3PjDJrRx0ovAB_8y0xY?>A886f=h>7-Bn9R_KIF-y)Gt9hug}qEndVyvW
z%uNXMeKTGMx?(hN8*EG<-!~D+icdsgskv~wD6BRYek%$$nG1J|!mZ}Q{i3kaTzJrO
zGl(Tk7W*tLNf2={a*dL97&)YLL0id}rv&(Li_~KLr4(naf3jCS789S%Ryw<_<R2wh
zT?;2x&ETRGUl@c2_3QAJJRWRR9jS)1*Aq;tQ(B?TMsZaCo$CoM!XoaoKIf=+$ZFy<
z<cgP?B9S5Q(s>QU7#>28HJZaA7y+kmJZ>&dq2k_B=r>ET5p-kH33G8rD()+V)?sm;
zC{Co{$ay`bP!<Pv09in$zgYEGI?pb)*lzW<(Sm)E>#{6${kZNSt{Y^jyPWHaxo(K1
z?n<s3#dR)A-B7N};<^G$otx{<<GN9nx)EG=bOoQumb%eg_Z`>WXsH{^b!)ipHcQ<t
zT=z29Ra)xGZLyYHM^Bn|%q4fjEbKiQyQ}t_VG<GMt2me)C-wLlKNbVP<~V>)4S*U1
z_$Usb+5lLA0RM~wc-H_}fB=7s19;5<xD^4Oi34~>d<fEBZ7{+tii25XhUtPZ{x}%F
z8Rqa^05drbCZ|zHW*Y+Zj?3O~%TXO*B?5Sl(sB;J*n(xn*HoAvEzE<$8Y&zcExgY9
z{&`1CvsQ>*+!vQCW4alpFTzZUgL&YHj;CD*2z$l7o=aO+VgxW{!Ag6mgwr$7;P^}U
z+OK`S;e|rw6Gi#&dEz?oY~_dFX0sr>nj3~9!j7(y|HTfF>ka*=KO>u6{{W*zHJe0>
z52G!R!P7n#KrXTe{P9S{Kz605A^(|I;32et+vXfV1_NP2S8xex_!a_$sivI{8#*i*
zJtF(1jVC}6Hy;7sjRI7X{T%}=)d9kP;eYPpf36j<$e?H!Jj57N!w%wsy0M7|<T|zA
z7Meb6|3c2l;nF^vmL<9VZNnOJg!^b3e=?qh+RAC{zt?1vzl>}gPhe%B+<M;$m3TI4
zGpC{93=f1i@TyTsR|_{yGYzX39txd5%gd@=<p=z|%d7nt#_0DpEXBbc04NtafA!b%
zwQ}ca!d6FXD}Lo_wrL{%t=qVN&eeXsp9{;~tP%S)l{8{4`y;)tE5RaUz*bhR&}Z9N
zti*AIV>h>wnRF#E3z*0oQ_)g-IV%O2nLIW%Swb~#sz`k9>?M3xVnzPS6f(DFCCCC@
z2jb9mAiX9TI*?ahV#NpiT=J47##GBX5D)1<yqK%chj<J?rN)ncC8b943#8Oo(pX3)
z2Dxjlx3NIqG1JU?=txGACB{xJ|GNlTc8Q*iV!>^CAgrjU7R^Rc@haxFL@Ww}ccr5G
zB7<&QaY^x*0&7+avMmZ`<$Wb_JsxbOW$^FuP&vtl*M?Il$6hVE6oEk2x8AL*A?mdc
z?`FY_m={=bywt{}U%a+GBl+E}h~yLyjQ%psH{~whJ(EE&`V&i+GoXm1OC4o9p*%G`
zn?BjA?(yYX<|KHlF(>ki#+;mZ!5a6gqBW|4R7Qr}a?v4`laVYY_N$ipMRHW#!Oy!T
z{uh(i(3hkNNxzStNWyWe9+}G`?&zJ)Oy>7fJN8ud1}CLr7nL?izxpS`vV+>P8M>3J
z%Cd7Ui_V0R!p}uQ<}785S~ad<Gnm{}DBFCnNUR&@vUJ+d*sr#Do*+876Bf)nBCZ7d
z_$$U(MJ#=};!C?&Vm_~Bu+t`H(HFo7zx=#0*pEJc78^icah46RmN$U?S=s=P{-$pL
zCSkiYN8gq<K=(FMi`(;|3C2=LielIB+_`Sgb&TD;&k%MEM|A8S7T8VCXbHRJty{)!
z?=1#)#m^boU3bpdy~)^px}31P&cN<}1$JLv(h_!EPJ`WuD0Z8kHL!d4*>lD2L&h$P
zv3vKhj@=gmyFo2tx2#pm*u8eMfnC2Sc3sXHyF-lK(x(Z#E(UhT1a`|WZV9{dPJ>-a
z6uZUG7}(8z=3KEWe3`I2{1jm~`;d;^&jP#SeOkh9X_9d)Jd?<D%D`~SO$LU)EH^Ox
zdU*_yJeDMm2QxN*V{GnZY<_9bv3XTsGqpu*HYT+^Ry)TVm`sXd;$42OWAzqeSNkMk
z=QXf<UtqT-y(R4OPJ^8*iru=W4eb8$^tobJ$Jk{scK@i?v0Evy%We_7n#7i|d-+BK
zyYwh_j&sKDJI3yjWrUr>z^+bU_xMFEVR!XuuuF<!_wZ8&cGI6aSL~8rA?$vAg0P!@
zP{*!XVE0?^mazLMp=IofZ@`ml3Sy@{X<+x|lV^in*~V0~J;_zrksX66cfN$N8^hRr
zc|gbRX@T7hEn+t$LDzShOGz48xB+=xt7-I<rKCCNWr@1_Cr%~m<+>Kr=w@@>rIxx&
zxULh|Wn1bpxvpsm)eW@N<#649xNfkeZV=a1bKTXJx*=TmD%a&(>Ren`$#ot}T|q*N
z8Pf`WH>;%DQ*j?FXDC<v2tc9EN6nCW3a`)%7VA54pY1JuCR_T{r#{qhoSN);l$xBd
zC~z8CxwDb$B+Khga^34(*UD07<4+HAU5cfyHP`)_>tst^TdupF>pEHL@Cw4JD!5Xp
z3Uaj{#-Z<CoG#%*BRA)21b8bB;JKqZz;g(&I4&t>YNHPDAOa-Esa2jd0B%BnhvNXw
zYtjL75g;+nd2opV&=mnn;{e(n(*cf-1%Oj=0Dn8FkHc38@YG53(lF-vr?{_=7>P$;
zz;+FBnMu=(p64P!$78VoFBkx~Ai$$>0Ns!40D}>r?eSQErwxE^2v8XZ(8)-D({vpG
zw2E_@e9Qp&1_2&Ik4ZmjLhx3Nve8nyTFz&yuJ>TTpGIx;tt_Dblru<ZLnw<W24W6%
z$3LC%4+=%0w)m$t{<#qUbi+TL@Q;jtQlfetl0*{zY?4HNFVQ8DF#K};+ZH}A^sOXR
zH}zWWL{zwtQUaU4HxXm55H_UV!m?K;>Kcb<Ch8XNOW+sAP&zL(Pcqa_8QN@;Tc9(!
zrv&7DDfZwiLH)%ke|`9Rib!9tT{n?jxwTcF>!`W(7l$*$SEC~-TKqL?eJAn=)npHn
z!YMJyPO+VRA{$>y0&scuAW8Uw9+<#I71=G>f1uy8M{Ptu35>l$2iZ7G^W_QLK#?7E
zzNV^}yc2#1(lM0sXo0lm3X&Bg7$KnYPm=Xk#Sl(faYDA#=sSg;=`MI-v=9gFoqLkW
z2!ORDWR$jFYnH8G9FIzS`j%vpkok6nLbKOv+W}T7`_+ztBGE82*!j<l?kzz&HQPU0
zKvo=hqOW<Kv3Flz<Q}IrA^v3>(prp@^=ONM36>>FE$eii7T{LzuNM+eGeUTME=K59
zdtsnBHIPU4dh&aDUi3E`fEp7x)n^ppC+?b@rQe;-7_V)ECxDw&%=Q7}P|JXJhdf5-
ze`s&PKE<2Z5~FY(VR0vC0&JtJ8~$2os2lFO?LHsIrAG~q&b~VnnSHklJ1e`%3BnSD
zs;)d8jh=<0P(}q?2RIT8m4tBP2reTy?WSXWg{zAy2DolLhuy+!T(q)dy~PApUaVkc
zMYVomzR7ff4*ycWg@I`tSqK$Ob@}O&SX(qVeTpYg;7|f3=mn^i-jO94acd~*2<^{3
zodI;Un7enyl#j#8i1x#}-y>L=AqrdTVchTZnljJa`4?l<x+k!bCPSD4lmhr#G(FVr
zn4L+BI-7Kf*=P+6pR3qw;RM0&r0B%KR=0GPqLw1TRuek$qe*3BL-&I5;{7H=2UMLM
z{NAKGD;-Cwv!z146M2Nqy6{5@=7WK>OZICwKExUxL|S{}KBlX*k6*Zt^*YvcgI-dP
zV*DPup3c2JlbYkmY4?d1*63q{#6_qz>mXgPE!>cs5X-85R6%^nI17(d#C*_Sxo(1`
zZamjjaNV7jx=CDj57$k#)J@^KLay^!>PomShwJ8A>Sl9YXRa%^)S)`91&(p0g<CLk
z5`BJ(xWZ4$=}os<-gGnf@;28^w$$Cmbx&~J6ieNmTsMpBN-T9#<E{#ukMm^_ZO)UU
z;AsCfjyY&B!|XtqopCTf3mDS-zl$(m#KC-HhFOX*8{=R;6)?1%rXtL$IG9usz=0O2
zf-tS)_>~khOgh3e#l2^c2<g^ZOGJQ6;*$az06%&#DPSDH&{L)_T7xkC;$U_(nZD>*
zgsH{L^}B77Bz!Vx=VebZ?YxWN;T>DJH$|DQ*OIPhZenWPkqCKmAa$xAN8wNO`<&hI
z7;ZzJBv^{U7WzN&dnDXffLCLEqVO^mdw1@{On60<{)t`ux4T77cP%hZ4|2M29A6h9
zpx4<XFRL#9KE^OnuoRa2ow}vi_c(Z=$GOX2PyRc?*To*5j(0YjE*YekWNU%7>?8Zm
zCBjFxK3pgUiH7*ZSp6gD3h>wHqd@&TGeCy+i5Y-K_Jgs^PF)K<SmJT7Ai9Y*(xnS>
zCI4+PuA^zfnw-K@b4tQs``s0+Gf!L9P4H6pzRX6<*}`r&4Q-5aW3D?}O~^DDA1{Z_
zjqtht+;wcKl!jiTJ6k7Pz#KS~&O3lRQir16U@rCE{*@n4VbH#9MFHsz($>5zaLMW_
zN%6$^pHfRK&q}E!ZNl3UnXRUly^l*wnm?f+XD?!sR*-WboLaop6WORtuEaVI=S}rE
zKbv<YoVd!UfcN6G(!Y$A{NH<R```=c3|{;hPHzNlEf-S$Jouhe?jrn-@Vi&|SitG9
z1mXVsf)?)3A79Wybb@&c&K#Yf*>K%zHv)EJeVlLC5hFENxBzV@;s7)Q;9~^%R^$%*
zqj_(CGhcImm2TW&I<$;yP02#jv~JhxURUz9!v8tl6aeyg5f?rlElksX@4^#4FP+@I
zPjmmt`LBIw<*EAxyqS!SDL^hT>}ohm<Uh^NGV+;4){DFuBU6>h3OT7L&QIjv^kj*$
zHx&klX5lQ3{i-uMs(g;W7deupvL?HK9a=f(dII@bda6kDy2$WldIIywD|*^6;MIpn
zlJGnYb{<nk3%Y5w8#aHnmUX;2;x3(!TIk_6$+Q(-<tSVt%d=K|4R4xMbjx`?5jPEY
z(0-Uip#=iPv~>;+?M#ucN~v)p#Tr=0ueeCO0u!ug#fizfBPr*u+KATRXcr6u$eOtV
z;ap6F{tzL2O_|twunj*cEs*e<^9uNgBGmF_;M2HA^Q0p8^;+95B#dMm+tO24M^|~y
z2<5<$E1HBbQ7VK94Bb@`Ni^+FDoIX~EGB3a;j54XU(K6KC;zlo=9B;4R^}1B6V1=X
z@Le*-G<^3aM2Bz7kSL$8kKr3bI#U*)l9&PfvCuStec&ZD*ZP~vhu}nP&>#InIF-;O
z98?jXWe+J;=`xt2Z+3juE{VikjcB*I&6bSj0z3x`OmnbjA<e-j3!`%|azTOQz5#~)
zAFE&z+~d$vczyv-M=nms#>Frlk$2gg;gYU2CoY31dN_Bq7u`ud5?a<NJjhT|CrTz6
zCEF5Abe2lK7bPV|$<GOv8HAF0Q8HVU;DF`I6~84=vW3&_nZbi&_DuIu`uq(a@SZt-
zv^ip)=JCcfyS%1pE|a3uyx%F&g?z3)$F)wL<D!^3ZXRu#W49DD$19wcIeyH^bL=wB
z@u_h<$BLNa{x6F;)^`C<^}dKbI@OCzQ$3Tvb@zhkR8N>Erh5JR`c(ItYo6-w9>J-G
z1*=`%IcA<|Bdrj!iDHzzAxd0E$-6eo1VhOhQBq`-Y_i2}(e0vSys<z3mvz8D%%=T$
zeWH1PUQ4FT!)my0vxRHl$Q=FOxb9O+-6pP6x$bjI-6vdkKi7R}soTnR*K*x%OWl9C
zZXnnFYN^w>t{c}iS?Ye{x>K{LF3F--mRRS!hwB`cx^`T*k?VR`>QcGxb*{^`)C~~&
zZ>}3=sdEbbH`fif)LkX?-&{A+QkTbdPOckesT;v{f8x4AOPwc9Z@w0}{MX~u$UP|x
z%u#LWFyI`{i<3z@i|RjPwLPxdZYXk#5a3vhDp-&%d5LmD=W#L+&UxZAaF-i!62e_{
zI=CJN+>W6D*Zy>Htp!|~wi4kQkDmsv;kXW0iEw*P2lt)vy^|2`lehudY5-h~05x#{
zxs5Ol@rIiAlllj>!FI>u1ju8?7w;Pa0Kdcm{9*uXM1b$(0I&q7@_(>;OI-C9QN0MO
zYvQVF4263!0{rU)1sGT^S+ylP3;5#*6BnsyUzi_V+6LrvzmiN51u;sbt|RAod@DvU
zXPMjG#90Q+@0p^_H9t<$?#D+@I3Gg|dc!vudGD?luR73;%{gBdo&H_#Pe^n91>DAN
zCVn_|1T(-TS_gA)sam8!Pqz1a0k;d9+wCsUV+?*>U};xZpobj%NVL12+l9LujbAA+
zSw=opptInM3rxn03q<R#-K_D5<f_~3<=^`ss2ypyc>`Ah$Lf$M5^?G5ZlrM^VfO}G
zEqS;=`k*sOzaT5rVFoJghiU123I|&iVRcW^E<(kIXvM6VP?4xtya^R>L_=2+h~LYq
zIrf2J-(Pk-!PlegxXstGV!OW^oPHOPA6=WAYFH^(!e80ZTJDIC#qswA#8U^ZcFR={
zI9%li<O)n4>8>5=uz3PKJ!mo+$j0w~dLu@0$uoq)`$#DCp%d|e@I^84zgmzFhs4W=
z=*ms;s@9@AB=v-k{r9srpflR-L670L5gojgfloJO4z_LvyY_Q3%R~2fjgf~iUPamQ
z#93q2t-wbVKVZqf-m3NdiBfo=61dQ#HnZ0DtvfO$*^!9hX#%4iimEs~YU^-kC2%$B
zPugoky_r(DwGwDeV{F8^u*L&CyY=xvdHnkLXsWRciuG!$cr{vaqtCoP0#pCX^)c^^
z>w}|hWpJvZ+Whp6Hnv;P9qI#vRdPm6#;bxfj!az!pXcwnHVwybD(Z$+sg5#&**xk9
zJB(j|c+duzW4UTXic(SS%Z<jb8RN*=9vwfYbKZqYWF19ya&GlE04o}9Z<^1X?WObE
zO8yJvs&z^*sg}K6qA&Kp9sWVxrl<`%e7;=eO38QD_+`0D!7B~)rtyWs9lVokJT<$M
zh7Xx5Ip&>@+Id=!6J$wJw{fCKMNL#k+bhR9I8s>#&a{YUa+}>7Sm3~jC6{7Alk=ka
z1!4l381V$~LdY7)<d8>?WMaxc`G4{KkG1svxcy(Kep-l;13$wUTp1#8N<jGash?}3
zU*rHP*=Q^Qvb`QHSq~bA_X(E>m?AXM94}J)A;=^wonpF!X|-<!$5@$diLv5sDNbA2
zY`bliO#6EcE_bbA2?vU`vybELj~|Mlz*A&ITXA8u6^9;eCEF5hg#)wg(=L776rN?0
z(ZDS`FqVY5fe#x{fEIMp)*gEFEJDQnNg=oB7&2wVX*pxtJtJ9H^!j<G{84`t-{!67
z&py7*y)T_(e4AO1n&R91vh*C{+Y|)<IKIuE5$6=&=8X|NY|}f&#JAxT=9cxH%i1tX
zITX+XqCZdG&=@$qL9F>3pW{Jw;hI;>Yo3#vQT!JHGl@*uJ%KhcDGAa3m_YR4XYASx
zhk$;m%I+W{2ZjjoCT6Pog~F&4#@TF?1j|OLTWs1WE-iNnZ<I;Kv=v!4imSzql0dEA
zBJ7QZC1=_&BERJ3M|pwt)}zRo+n~i<%qA21MvMT68dR-Y;4C)UyZN-y^qkfI)kd40
z&nw0y4~pl9{)iq9dFGGlVb^EQnjU`r+_}@k-H%x4;kChYp@$a)&ygNZSI=Ua+UK1+
zJ=`{&r|FsYG4yaO2dql=5hvpf%$fp+WeJ8#9%Y0|UN#&<{>)IkfjLE3Q)JXUh_5YM
zpN6lV)><-xiACcNVc_KK*myvK|JUm;h^>dtreI*@hr*TEFaCTi{4`#7dG<C$id)pr
z@1XVenHSgFCvo)YRk|faI+bc;`sA?j8hr05gFa2bpm6c@sa|{HDT6*uZGk@FNR&Jk
zrB7ZX_@)TG5H<cV(<xltPSI?I#NH*ZiDuc>W-CRr_XT;Yj*_=M%bC1wI$QFVsIPmx
zUDvcl7V>t}Bj-ZiE_&n~$=fd~Hhh&n|E$TJ==2||i8QW^Y16`fizSWC6=$*Mp1GR#
z+>UeEa}%%TJ=Z6tCHpcuCvm;5_o!Rq*6Ukjw1VqYcN5GO>$S}?v0m|hNHNhvkt-CI
z>)t2Ca#eV_M)??hy+*X^C(P@0wXt4ZXIiiIn)-x!y}o6v*P=75*TD0_;%1jNN;Iz)
zr}!q(e3G?!Y{1st(dB;lNnY;S*)I1a%W^+fZdva4E;^UxK48%~F831;pZjuO`!IJ}
zZEpKV%U<+b_ONNIZ2j-Kh%X*Gi>)$kC~cLdbJ;4F59O_LytO$*Cgsn&@fZc_z9rNF
zV9en&UChsqqZpb>*#h8eJAfcZkr^)0b`L?js#e$DPjMFQl$2A%OCUYN1Ujio7o<qO
zFT8;(MgF0+$i>ndj)1Vc00hTN!tIKq`j|SmTvg`@tlnV2U7*c`o}f5CJ;md!n=vH(
zZB)K&>3!M=GyL>7&GD7h{RMIr%voU|JzcvH;0m3;$>jqhkx0Sdx#=l0c2aU{>-mSm
zOe&F(6BMc+D2W3E__pQMzV>p}n3UWa-*C!|0#bfVe0e4CZY?JhgLd4;-x`Jg@Xy#1
zwv;2cMy_}cKueExkQZSrS!uIeRWnrnNX9n~*Ho=~camJyR91I>+5QF(9E9%`WwPyS
zouW#`q`PocPHD^W!>dM;#-gthyvE^Gk1J*C9BOUNzNCVjYPqL092T%`IIc!dSv3gk
zwf+O{%8@CxBU2>JF_=O`!g3xGZqJJp)(d3-!bOEq_T(zSttch;<C#~<RmaulzFWML
zYt=2Nnebhv1dALs`;**igBzY%KO;Nx2RA@>gJBIec$`iCgV-K*pIZPYU`k|18`u=t
zj^K2gtFk18f`??f<f@~Q8t0)Iz2&OI&FhrF>ITYSRkdAFS8v6il{eahH$<F=rtefD
zc@D-8_gmS9)LVF0nDvL_M9K>e$=<~q=&cOtDwpr0DI0Fb@wy?XMBwWR1FJu!=p%B~
ztQ1#ibB9^O)J9inqYP^+&+aa3lI6#1T-)mb!-%Uil0f&4a^B~1Rmkns<gz>9*(Dvq
zxqSEreh;iFS8mgcTj13jFlJ5xPLaE`slzNKU#)eO9+mS0qwNJ1o8_0_%?I(@p=15c
zTL64BbbeimTy@CZ_i%x8oBSvS0nL|csF$wTV`)V8d%S9TI;UPEyKPLHs07Z3j}2$7
zMWa7$!5Ez2G*))Oq{51+#E-3Y+hKv)JSxa~=X=x*a@D<dSMx^X9ZMgCjWv|^nC2S8
z(MHuYSZ#J#cgbiY*j5ILfMLVcbzb$5_F)nWjYAUs0}9ov!k2N^NiDaPENvG+TTB-c
zXe(EFQk<LSr!;P}Z35B)E0WWOOyIetQ1)sBE%*;<PMXC$dtVJ8|MCrt_%$iEO_Azw
zE#-AozoA@mhqP^gM|g#qykWk1x$3qQ7~UI!ZuC@lz`D&>x7F-P0-~MY)&VQCjYDmK
zQg3j$!y9bp@RZfye+}v(jPMrO>~q%q1eKkJc*@qLxz+V<c=VL5Z^-#x=qF*nrMh7Q
zbO#>Z;c<TNKL8z3hwhpmu^U?+^m4ufibkclfs$P0R@YG#U{Sm@586ARy@cBpJ1%s7
z?EeMHom{a;!W7C!<?_ej2P~g*OrGUdtKDV0n{zgE|M@r?Zrf&eq{bUq_OZn4Z}S*+
z+2{1Ta+KYp4mP05Y7!8PLOa3l7C=4DP5w7tv-x`ADwZ}iS1W<VAM@s{2EL+>Hm4hg
z-Ra7mo-*B)Q*EJ#!FE9XHe1`QGum`)u9mAd0XD-^+<hC|&Q0?^cS*1hGp489vOZ_?
zYc{_ce$5i!nP3%|9GH$Rg|Lq=bgP?j=sdP<NQIEzCBO(L*<b)0{0;d)H3WgekH%R?
z=scQk80UPcfd<1H9O)>i*zUWspzpTA$(ud&#$!197?>93p&(~Fo{u;`9g&{G<g5dF
zy3K!p+Jl&duXp!71g)_#camg>F6<6Eu996D@M+TYl=V3EDhwshBn-;Y8k@g&elRJ=
zD+UTCqI!%NsR9@(kJ?d*Y{K;5la;dSW<{+L@?L(>Wy^;_E(l(0qeg-9b>aov$EfAo
z`2|Jr0$g$CYMAJ9?yFM4YWT?Ja+sb?{x@lnjRA5J9AU#&K)ez$HX5w%Je)8kvY8S{
zWBK&C9(9ukR-oE&bO!)$q6Ls;(r@3GQV{H6E3kd%j;tfJ0?WR^e!c24!o^)V9Qr?x
zAV&trbx()|!qu4{9B(VAycq#u01`aTYX7TB1P4wof3-OhQEOZohZ3$y;l=hjAHj>)
zA?Fm?#B0qM{wQ|EOUs&NUptV6+u`zV-V{#BsSdZs-&?iH;YcWebZ1oO!;#4gZ<YfO
zj~pO6n{Z*+j^RxJ5(`*h1v#6S;`&R*^=HSm<Au$0fM3$Q311?X3C<KQNw2MzE&$xQ
zn`XM8aBG3O&E0o%;pA^&ReON6`1*T;E(el_0`(K5HMnpc4S8Y#0(JPp|0}%$ZAxh)
z$d1;-Y0<fZCD9}HD&vS9V7-5ms~X(R)v)dwOzW;%Uw8Sz5qRi+EAVcv!SPj>ZPIx#
z{~#K->YUADJq8EZu_s`I8hOJ5_`9^sD#ySibZM>`JSt`8x9j8e4MiUH8@|?A>q4<&
z-AFt^Hn;<A+-g#~TYhh3Qn4G3yCe^?;Dx~l;B`aODc^Ap8qn^?43VDT0}c!~(I<z}
z1C30jCaEUNS&y)sb(86=M>n1Isuv+oD|ZCuqArgm9W^flp0nZE#Y2TCsCiyMNzGHd
z!O2Awapj=)UN&CJ&KZwAznQJ~tmaK}m(3q4&4)RhqZH)qEyy{r6yy8i^&&7@?gYAy
z^h_Qx)VPb>ICrPcOABV7Y>xM9%Pz^1!dGL^{lR1~Jv3cgcnN*B=E=?^`{9l!21){Y
zkSJ<CK2T5Wv;Of2$U1XCNSl+PUEG!9Hs6}cGUV5(9AtJ2z+3rQ`hby9sQ@`DO0BfF
zSn&5V;Cq@WUmIFPMm8vu^P;JhHblRNE_#-l?+Zjuvhh|ACE`@_isB0q@%y`=<US|0
zup;8~dIOW~m@f>EeZ1+F(f=)iY>cbWS?}wZR|?|I>;s6~M)*LC&yCE+=vYa~ei`cG
zt}qe?DBXE98nVm@0~{9H-#5p$km}~Cv1iWflpfJ@jP>cBB~k9{7&n55ZorX*0GN|3
zPQGZf{<QJ6rzq<09yL<7hPLAT+??+Va*oEf_bZBRCr*A1ydA^6Pp&|4W#M|Bvf8=8
z%G6gE%L~vb4fY2G(pM%=Oj0Vomn$*!LB;o|1sU(ft5&%jJuP7@e?TzkPfO0HjT<OT
zLIEX12`24;Z+n!ok*taE|71?j1#2~&VZEPMd!(bK9U-<2<92(TU&}$h37MGdwVi-P
z<^Q%&{n^v^l=6NPzit8S9MtkS<nojxoV)`{&8bAC?37JWHKlAT;MXZbQ4cB3!}7yq
zzh?v9{So|u$<KW0MRIwN)|d#iUy#R1tsEGy9+rI%t+3(%NZs?hQ!Z#9S{(kObsb(G
zVE~ai8MB~`_oZl6nb;gEJhmU;`;Wj_6so^sQ)2)^U2v||ZHUQ3GwJsh1DT2$P=KNI
z^?nyrhF4HTqi}K#RD?0aKl$;Is-GMxDP1^Or$)4gVbPY&n~kejesq^%=vh{sK|$7G
z_v$`wYDfv*mx?BklW0GC1AlQ9-uGKBPB33DjSl2r3A+YHV!DP|-!^N@KetOp^wJY;
zv!ceQigOpIo*NxZx{~aZQ30hlWt+{LMQa6He-zjHejDbOYouJ=N?=TeoZ1bjxBXxL
zkTBf)+I#xvhV8%XdO>O2ujFjSBK)z=i@C!BGXd?bN{!Y=Q9oB|>f0$fb?Vmi1#qSn
z%hTY$N!5qtl4_|K|A2U`^lCgJKhVxuEI+WdSoUoz&X>RW800cvzawsWb&Ucq@6`aj
zzUvz2(64<H-9dMxIKS5>w_4-hX>bs-ul)|U8~**KrlQ*K@Y?F=9D<W3{1VV3k%9MX
z?Fw>z@TRAF1Aop|g6&*|>d-A7b?O#7{&6V59xhLC=uXVhEaDsX%aTM1X^<3cYrm|h
zVW>WV&RzcNOhHF?`ENoR3>}SECc9_DW|0?X0DlzvlBn3QBV&+6jf#>e4;1dC!W*K6
z*F)iED!e0FcsmrnONCRTh4)zrSd!t$kk=Uq*za+!N4*Sy-Ux7BoFhYa1TAb1YKd5V
zQ5=QrDXRB&!qz15;=(82Ay;3zpq*kmJvj;(M#K^uWY}{LxFxNkq#nr+Jnkxi$C)J<
z<sKcF!%q6wXvDJzEyHQ3bHm4Q7n3uzOZ%iFTLTLmR%fu*t^CNq_<Uj%B3}JnQN>jW
z=4ylYTzaAJa;4@3(5v-VD>dQPO3hE014paAiU=v$-YDvK+NNRk5xmgz1Pblp*0_n)
z8qb=Of}r3PO<!Oac6n+diJssMi5}-S@}g$UTj;F8ud(|sB7dN(GR5VLZ9U%46nV-b
zNi*Q{0O)vlib4BbNc)R$jfYa;C5643M~U>0qk`=k^3~&IKPF<11`7NI>pivDLz}Fm
zI^RUkkH`y>a^X)tB_v2woX!4U3!ROC3OB@X&DMD8HsGl3O5|hzZ~U#-Q)V?qajuig
z7p91a`g+_kI7ZNs*p7O0ycSwIDlnjlEai}pW@w*{NR|qNvuygXDSc~{nq!Gx=OOvw
zoYs7;#162>l$ua$G8&>(5O}ub=0oWhKLWoiGI8@wS4{kOA085!4I)DOLG9)d$?V)*
z2qa8HBAx9C+@@hxkDipO`59JAdR5?>4r^_P)<-Hp5-g*`8DA#OASDqUukk8Vu5#P-
z{tDII(8{BJ_F9@;Rbcb?1Pbm^cNVHA@z7JhC{*iSOY?sl%D1sT7r-hg%w^e$R&v=?
z{*@$GVAk=_YVkD|{(#(^chDfH-{R-jXss!agp%B;MmQ3Q0TBfmW^ZhqufTao@yYS|
z0y<TPmEVe9*mKjTm@E+L_@*S4AX?48mHo8Ym0Qn}u*_n8U}Ml9j^!KH2NdzzE8<M!
z^)KE$pl&~LV_)(H0IJ$!C#-w)0Jx?V6VP0stF`FaHNOuBmE>U62E$47pgY}L^R41F
z5-v2k;tH(AY@(KxrNGKsv>(V`=rBeS3gq`Z@j>1L{%JXzK+^K|jFcVnCD-^zD8alF
zXg@Ygsn{-;KS<IldtG`_Y1T}ZG+%26o%ML34U>);>B)y1QN#6uA${Eo=k`45y=R6`
zt{8`;ux$NF#rcI?F%lmtw)^^FCM@y3S`e?a7wLV+3)Kdlje%EHAlC_>5uHLmu+<$r
zfj{#UcBYv)0kinh#M92A%v1BkMAIzRv7=5Kt_mL?6*VV;30^@HwpiGZaFpn-3_4M~
z#e6j@5(F%Nb42uN7M90WdW-d1OLUkk-h$U!tCFcqn9!i3kM`rbzEbEYvYco0>90=s
zqfcKx;k2LLaO|u<{f-Hz{qz^!_~TC(DHsP#IOC`9ujwmMwg?fC_sWD8w}D*oi6BaL
z_IGKSHY9hd6=Y$tAPenk1xGSq2T-#nt!r;eND+FQLuo%S0-1>OEz#Ql1y$kmtY`g;
z!XSQ<cC=j<ul&#>{EEyGXUgI#FDW<~p_Eu384a)ChDQp{+^|DL@ADyO8j3Wt1ZKKV
z!kj~`X$bgu@Kki#;OifrS}gcyJdFb4RN+xGkxT^kyW`zjx9~b-N}_(O^j)Xa98Xjt
z<#gf{s*PTdTo&~_26Tl?<bxCNCK_gN;B7Y*NUP8<OZ#L{eS~ggsiO0o#!-@X;QBtg
z<6sF0yR~*Uldl~`>3r67B<MPTE`Zl)YXMr%01IV#SoS8Ad2042dg(Y~I=Tp((~IsK
zR3C}^n)1tu7!6yLf9A1nYm9Xl5CcLdku`MI$mP!^h+rAGqKHun-UK}FwMBTP59i~x
z<H`1k_yjz#k&~;dA;KNJhnz7Rh%?9e0Dho>g3X{T!<YB?rv!F4C0r|pA9HOI22U-e
z59cT^#bN_XHdLovxs62@I#^O7{afBFvjus^IK0}ptCA&=mhIc-(=?bs<h~(#zy^|P
zyz(mzGn_P}fs!O1<S8F;fD$Z0>25qc>%5qfNa>H!IpLodQhXNFl8x*XNQA!*-GP9%
zfVT9)sPBNtKYAf=d>mx?J=dgS;aiE?Gyq7$5F@EtQwNF8JyfQ8g7fS=XTvW<`DC60
z7sMd`P05%`w2TW`1=a~LDM)t*Mmpf%G^nS{EQpWRiW_7bkqUnM6C%&OW3ycT^!9Bi
zWj8Jaw)(Lt0gsuBTXX@en($Qg{~F$cMkZ<anKd$AA&z8gPuO7z4vP~<CKv$I5rF(z
zF`+fG77BVzmLtZ(ThLRtp>)k0u{#4()9uAem4K`S-I~|g<Zp|z9W?QW!#RZ&dtqZ-
z+Z3E0QU44ZW0mOi+NO%_3%>DS0(nf8uAOQ_VHUz0s8bd(Zt4LHe8mAw{8q1ddys_y
zvUp~{1MD22{oBJ|!Qs_<G6*@3O(r2HToS%2JQRP7#XsZ2y$t7>7cZ}mgog=t7&;g(
zJm2KElC8=3*wuh9X(i}g_&k)F@E1F&>_1OWCVJ|lhG<H{6&J8<G-V&kMuz_bUbZWN
zYwS@;U$HfK-q$64PvdTo^sxwktW#h)DS-v49(9|iCe#KmA8NFAg*lr_e*{5)I|%yg
ztb%?Hls(XXz~yeq)2r#oaQT5wHYnHug8O$U@PC2=f8Qeo^6G7cwsoFf$2~PawjSji
z;P72m0BfeWpx4I*>NXVkONm~X^aTE19@|!w^zqI;{8zl4k-fI9?3YdV((6&79US=K
zSk9}4_v@?vh68(34kqR6d=x6yT*?Gja~JhNe`teD+qIqreMGE_e|z*_Z^AFD|A-jB
zjI$m;5Nj9Y{+HwTTlU$G-!;Kb*TML0J&W<{9XEcCQNg4Z2Jpe_Oaq7^AhgtM8o)i*
znFdh0MhqYg)Q@@kkj+-~U(=L6G5YP5w$cToB_D{wff2B-N)gGj_mMG6ke{qxZ_P)V
zicSxOm@zV$PWMZ^fd}lKvW<?M1411G;xJPHUwQ}hK$623#>iKwpWc}2!Aw~gqQp%)
z>JXg!64D99xx?QR9-731@AJZnYJX3l6#2nXk$lzD6z+i~SD8zOSg6MfqzFaB&g#T0
z#ze;o)fb@$0oKxBsonrx{}#8{=3Y{?w1HI?Yu)~7SJJtpnuw1zAFn=qV(5IgQg&V#
zxmk8yZ{OAGpVgB7zLkyj_lZhibPNhc&mmXWOjCdk!(S*iAMia1tlsa~wS|1Zd@lji
zh$eueX!*NPTI^`n`wQqg0IvaF9m0o>LCNvZSwe+b(L<-dWxW4I<4d+hby|-Ea^VZV
zU_N#hyu>Q9h%Jk69-{tII(`{u{5(*QW-cg%0*AR^eC#Jpj`^eqj8ED&7_pxd{iFw>
zaP?qvFkTE87!@JnBg%%Y;JRlmbx(0!IoG{rse6^{rf^-AWOiD{@IB_yl9!|jF0ri`
zv0o$_v5-Ax9m`AF2*`E<vRXi5I29}8L2;_L7m!a0$gkrdzY>u8d`%UQAH{JB9~zoX
zMKY$%L_c^LF32YOfsTycz~nS<;Jyr?2lku;!oOIltHo`H!30``I{^Pc^uhu3!ly8;
zI6yZ29HGItTd6pDS`K@`I<H!*tpa|PUMF51eoG1Dfj}}kHWrMn6JA>6nPc<#)9A{~
zRFEEXJ&E(5+XCYipu#@U!gLE}uW<~k3jw$A^YKf+jh2KpPZ;^RWhHPMkf;V$?tiS*
z{L&83vR>aEksnCvSS-)nTrA(YNhsm_x!-q4!rsSgYY_@hor-GTo+I+=Y6Xt$UOSYs
zzcfky)}=#j&HjN(*~rv{obB*XDlc27^u4ypRl0A161dUfsvKa0@i?UP`ljqhS+RW%
z1%uf{-=j98vEFw~UVwY^s>iiY_cuf+h(xm|&>{SH>v@tv=4ov>@h$Q-cvme~jZ96q
zRg%zn8ytAE93pI?H(mCsqzG=a`f!Bq5)`xo8k0c5Q0(Q^ayf1$kNUZ1TfHYzhZaZ$
zcr<O~+zkFy)9UIF?#B7K;5FzJTecn!rO)KD12$HAIfj=G&5&mA^{SdT2acm87Yt%v
z!x6W<AZdeFozbKO+Im#)1|X?dz#?f9`NMqwIOB?3iYqeX6tBn*0-ew-w8q3OupYS=
zk8#Q4sar>fYVh9F@Snwfb8x^BWHvSz+G;$#jsep$yt0$MFz7x6+)3Gf*<-7Qf;OXr
zNgj{d4%p@~cEl3KaT>^1V;qDsJUB@CPP^zExq=enh>^fiDBmwxMnMB{>wXgdZ3mS=
zyCcA*bo0;+lw#XNKh}8ytv!MH4uh?#7HpMZnvx`A`2qK{8Lj^+@T$YT3YTj1{3`^G
zsKpj&ZiKAXPBAEy_7^r<?}29)vilf!&i_2oU(!dEN1A9To$#e|LB3MTzG>7>$aJ7*
zw0NMSJOj(Ltf}MlZpaKMWE{0;w-W4B3jaN>IJeDg4^xDh$)u2jLJ0zM8XP#$jW)wS
zYCp8=L+rx(sJ^*_!L)8t)<m!O_VM8IkLdX)I}+rMtqpPC4RZZ(nAitlPUpja!(m>B
zGr@9x?zbU%vJE)X04?}W5fhvzj`t@vVEyUrp}+73TD#>`-~m&N3&~B&2T_do(1qkC
z{Grw;YLk-lv4S4afg2on&kL)fP+jk-3Agj)e4=hE-2?14Oz*Us*n7#N$ZwbTaZ820
zzBrNx{C29D-#$?QOjKXIp#0ox`_|iQn@9cBQ?s}A7-zdneEr<PYw(Wpm|Oka|2^VQ
z{5G)Lz-@Odv>oxFQDRxGBm7Fv_Hc=Uv3P+}eeHo=`4Dl@HD0yB6S&cix6w8GTB8@Q
zI`ne96v9iK%hTv@w!-o*92+qHb1%2!AG{~KJhe9e@^l;i%D_L_@aVJ^2HJQ63+(^0
zd0=#E_Ow=P$Gob9u|_M49A@(n!7u**i{5{1q4)pU^Zx?9|NFy7O!PjF=>2@6_wN$D
z-{RSJ5Va&_>vIco_KG|=C}xBmco|%_-sN$ADwj2yNP8NQ_TAnb7~<WnmEfGMNZvOQ
zd2i!Y@7oFt!VVyoZGgVtw*ww_<3lPu?3Ujf{cEusp3(!OHT)Nui3Y6Bfa(T#Xu^kV
zcxaN}YfGTHTHfyw{)W&!MD6z~A4SQ$fp7?80b1lG+qY*y?me)oMyms4CHNO025$Rk
zHD9)S)qC*4fe-K%_rQ?5Q}F@5;+|CbJ$HI>9z3N7+-dkPe1$s$tKlo|$$*D!e1NaG
zCmUdM2{u=o`<wU-7+4(C@|PvcplV)q53TXQfVNR-TxtB7WpMg&E@#DW&Bj?_kthH7
zya;{J97p84q{I<<J-*(5LEqDuzAHfAUl=lx;t|`m6RnBDE9-Upu>X#}E5QftI*m6j
zh?&NZg8ec^(D+eMHU`UK9!I4Yt7FmwqtetdFo&an@Qi`~hQkz&%7)+Y-*A}0;km`?
zh};lxP7%v_7HrjV2>EGZFpTv}Lv8=m$*f-?f0@P}oh0&?*=f&=8UOcDeq7(8J=Vfs
zr{GRS=SlK*{~dNe1%>7dAB)dn;Bq)BGz>|NRoV?oC#fz!oy_)Y^V8c)mcgKC)Id3k
z$tTO^ma9hCfqt|@*EaTE;;^S4=PvTPm&-Yi;MDZl-e8}5`l9&IKV|6%V8RCapUQ)O
z`Y(Y(WC(%Rnq}ASwr63WRFFD$$>qOFlCH_#Ro|b(&;Tj@nxbYN)INbSypMcB2Ro|0
zFNz+~iw<gk6GaQT2v*G2``nWDC>8r=b5Tb?LYu=y4{%XCESe&^rF+j?A{?+YIB?!n
zc!QT;Tya%f8mTl}C@*53VJNfPLYF}q{7SZk`tYw5Tj&D*)z%j3$iLd#LMTC^8&NXQ
z)@3!YU)oBT)IGy@OL?`YZUf&9!!Y`;fc|&83Zzw6N$kY;>aqS9(Le4gWJNM;luSVG
zpEi6k5N-dZ<(qw%z`Ii<U#Fbva1VN;sPz35Zbv8+jw@{<i1;MKB^#fjmKnH~^qA)>
z#9G2*0duabCB6FG9+@1=7Q-N*PWd2PVg1%VYWzUy^|b4H2#<|y@-AC%Hv+1w&x@PO
z=cyAwJsH02MWc_@9&D!)?IUNi_C$O3zRf0^mz{-uo6XjGwQ{+d!nx{T@_&!9*7F84
zfe43yWg4n{pc~A2<${o6)4cNVP+`RZ-xZ^RLl5BhYR_Ci-G|c)aw0k3Gj<hsK$AlC
zq{sOmx#AQOt4ms;wa8wIZ|G5ze#If9eAhIAyJ4yO<^gBagomPf%v08!I(@9C=3pY6
ztLRc*_Tx!UFzHKAu-!K~M{!mR`)NnJM))(X5xoi8{RV%={f0l28qvbI5r}DRlHxq<
z|JvjH+IIo)&m9%jq14$}?NnnYWvBC7|2{G5s3W7uw9}I^X#mYr0AkIrhO4N!WHj_z
zw|8W{mJ=J|s>P2lzbpx9&^|-I7Pt!c<MrqBLU|{VUB=NmWiP=~U{7@d=1zQ9BsUb9
z%=K9DBCjUXcTZqIx<cMLjoQk@==~DXftByu>2`_VV!HUcjVuzyRk`p_WnWy*$;$4v
zF30J7SJ4op6}`08v%~nN+s@vw3c3g#N0&_UV7l<xzI4+yMH%8tFY)zOIG}GEM6@hF
zeTqHYBi8-}Z#IzUI{&;w5hLnp3pgSkh?lr=ce@LsC}Nfj#zZ^0yf1E;_L6S^BBCH7
zMZRu`2qkWro4}|j_VD>6k8`?(aZvSG$3qd0sfjG(&Is_zXqy(vIjZg3+YLK?@8ksP
zl&tZwlS1_rIv&$th%tDdzDmyD<WcJt{Qu5X>9}i-T!;ai(15;Kd-{BdejBL~$W0aF
zEufh0(%NK-_xmypgb;f`i9=#zD9!Wi7tvb8I8v}0B1LpRHK7Xm;d<>$#JJ*nUoz@&
z)m>Ptr-g_HH}&6YjWgTmzrz|)wlQ{57OM6Bv1l*s9daiebQSlb<qc($D;s9NxCK+k
zBYm)NT(l6=$M2-VyP}16qWvQk&WslNt%CIs<bKfJ>(~BLDC^W|q6J<WVW<HJbz$T*
zP+bI62ZTzFGkUy0RM&^08Z8uZ4urn6@j*}5wQ%sW@%Ap?aF6<*aQCQxZCz42{R?AM
z=sfAWpb$1JP7}EdX0>OM(OSxs!e1JMo{fcPYZBj4nCCo|=Nz{=?}l1hPC)Qq?vW0N
zU_b{a>@43+7{z^9msb=Z7=6?_w~=ci=YYlD+qPp(TRua{ZEugZY7%^GWFx(b;@o=s
zRx344iF716wOOC(eQVOYc)4g<ama{ceqly_WeoC;(<1-#1&q84kym^ZP;D0c)A*MW
z`(dBdx+ztRfxU(Q)&&0hfoj0Xp&h@?z@GxUDgu90^IGwDy%UQ+q8>A+7))yr&S@8>
zw`ZKsTifz{4r;y>=M(lDx%6HFkCt0&!OQsW^3>Jwebw`XlIgyBxB0$07fz)!-dCR#
z_tk}={x}rk{o#*H*VZqeVk9OZ5>rrleRoXntdIOZ>i;t>zW+(we{bqP*6`*rT_(0>
zo1{|artzHR6a$TN`3JP6tYa2qKgstj_yJu_A9DekapTAA442@?ToC=3?)ZE~^!akj
z$9)+6xQ6|fkNc|y?xiT)CM#Tp{v|vP-A`UB0h_gO!<3jbCxRjB&Ij86R*y8D$8B0X
zieVv>V@B{@ku8Re(zG^@_od-suMLcQ09bARzCYd4etZ}?WrLfJWtbmewdUxw7A_SA
zQQ>9L!YnJDyrP-&TF~xVw-1PAuefWPK4zE~5$1d<8TODH#EGfH>m#9)ILT^VXqWic
zW#fN87th!<^bJ3t2a6+|hQ-}%qNGu)I({k8ana1i{~FugiOqkNj6#z5@?UJA<OAM~
z1Eo-@=;#&x7q|BegGPj>U{xhoh5h(vGL}3WeIuTbp$Y*p8~+sJpWDM0JZk>I<mb-l
zt8YTEarmdi4EZ!b8tK$ieuz8CDJ$6FhW^ojr9X=Yk`H!>2PA9SeS$%9X?vdgf4F-S
z@FuGDad<)tghHJlMJuutDAE!NEl_9$w52JXfdq>zRxc<DR8Z6k37{ZU(<(6pQMvA3
zy^3D9tM@8aL@X_(EsL_MAjl#pObC<$UO<-Sd*An*NoJC?^mqTi?|YvA=krK9bIzRe
zp6%VvyVU!cA<1t3mr?05$?p%$N$Q(yPBJ#=>_x)vb6YW_m;I+X{606Jzjb%By6*>c
za>SmA5eu(Z^&RR5RaDl=>K=+5xPtwfS}`v<<pN;SpJaDe9CiofGJ`rx?-nT3xwz^5
z%{jcv4;$l14y&y_)b}$%dGAY@#M;V?9-j&B_B<AO`(0FpBCZ4?YcScY>>9M3iIO}L
z;PcTYlF>#RS=dK5(11STXp~MLv0900Oh4f~F(cdco$T7pR1=bGi1^irXvzZSZb1>m
zJd=<^n{6b<8g0I|o@bJHmd*2siTroqh3vW8$UPo`+GUGnKd{Jq#EmQNYgy`oEFFSX
zL(S{+g4MM^qsnQCak6Kmi8+r2^&YZoq{%vU`Y>DRZz!K6h)YT^jTkzjL3K*E)gI=Q
zWi-mgN`PAIX=6Nnksl->{gK$d<hVgd#}z-ulXwK6L^rhK%7g7r`K<<@&j_u6oS3%H
z<|<5*U3VuypV82#xTHIDXY)Lq%A7}Yfez%Vec6Ygb|rrl?+Y2<DAt$k$`zoWL)?ku
zxDo~ZNCqDY{rSEaYDn!a3%bi#Hv<>Ex*da*q-m5Re%Rpm1K4p;MMA-C4<VHkvghIa
z;sv7x46BK}z0$cbTJW{y5B(oR+`ULrYHIy{n7;yYrX4v&b*3FT4c2Z3HwB-f)c*$;
zb5RjK6)1<{Np+zeIUoDZUh*_yCimO|3H=uiGgZQ4hcTMOQ9|^}i67C}5tGPj)|C<q
zxm!8s4-*y@fs`(}j=-3izRAA<qeo1Yf<B|)Jz<sH4rnERiq&wDLfIZf;fGcY?X=q^
zN}LNC<sNoul&jq#q-?ENq%(Al#mDz~;IqGBUXev}g1sh$!~^F2M>Ai;@1Br&=kqn4
zC$Knr&Fc7{yyN#mT#<l&&AkEX*P}uDRRk~Zy@A<V1YSNadD5@+$Akhc2WOyEdF*RU
z2)pJ}oa{br$?nO_3d#rJJ7XWT<~^n??}@6{;U;QO4mK$1DPRd&Lc5MCe?JJsZ{Fol
z0=a+}KZV5)hZPUvW)2;cd$9r|r^8p?48*hlP=syxEBJR$_}f=N5o-=AyN{;`zB~BC
zYi9wQKCaR(W>|RBM3#DIOnJJ%tG#<Xg^=%1_R5!!|4hJtt|2l88+D3OHvv`KPYBv&
zsLiE?#Y1pRd7?)zs_d+hkVG7q>L+QmY$Rh$;+1xJ0{Ofou<e_2oG~fAc<<kSn;sIc
znTH4BzRN|recqG!otzmFUM|Sj!I(qpJ06ISk+H+;S!n6U&mbAgk$8nvt9wBPMhJ8S
zA_Nvd4Je6+k_0SS5Gc6?ztx*?h^1c<Tbg4Ge@RZwdZH!QwqoLiKFpxPH}#>A@*bh(
z2r+s&m5zf=<DH1gT7Z<^pyt+lH!}^NbzKD6{Eq7)xFL?XE`l3k3cY+d`0^qBCY{GO
zX**@@FR)2xgmHlnss=#H>sVn@ScNUB-H-A(R#+QWVO_x7=T5BfFL>147qb9Tf6#s3
z;sTpzkx6zBmfd3ji;Y#XDR_pG_KQ()Rh3lOEfjRMh-_p}5U-T}XP;bQjfKgTO8kiw
z?l7i!j#F_rGZdHe;y-<Gx`qLsFVOXY@j8_6_Zfwf3P*qHL1Ww)<!GB-yl5)$+vp-v
zeAYm$M7+wxKo<+lh=Itp?${cIIJZ{lei(rCsZPC^*0<y1P_;aP=w7X|pjR&y*eO&4
zy$c@08d<!?oxRW;v*Y{fJ3ME(?A<PWm&)Izv3K?O?pFS;3wzhOFT6|S@7nZI%{%wE
z<Pd5{Dwd#|sF%6cr?2djO9@`^xUBgDhqa<5VbnV8CR<>vWLaXM8y4se;Z)vcZ}S3g
z5h~?b_Vxf-K&HRZz+1w}cJ_98;4Lnua(AK%>Hz4~TY|RhLLf+dSA+zRkMwnr-wlfw
ztOm7eZAGU$PscAj+0bNc@3L&6+%7Of*m<}4F-_Gp0i)A(97{07KGBy*%2J%V0lebF
zBaj2GX0b7<O~}MV%qsWGqmsa~${F~Vaf6zXRqnHsX3V5!Bz26vo6UnJHyx*%2%b|P
zO95vS<ww8^z*|iLsHY3|(J~q1viOP#oDpPtz*qvP<@aW$Ze7l$i2{NS1yGVWo^~da
z^G$)zq?+bCYva+Uv%u!QUjeozml)k?*+ADR2r1@yl09=V*OQ{0U|enyyeLxko*+JG
z<orU4^XQ=%kO%qhJB%71X$ebxt0x9mS~C_`PYo{fxB8$Lms+DGFf5p3e4}fi^iebW
z_2ZMad_XhSz<k0i1kXhA>i1c5EwALD#c^yaoJi5Kk!D(DyMcbh&KwC#ju9Xw7jknQ
zU!m?}zt~90jknH`cxpcj2WDJ04<6lkVqWJ0fOI0i(h7!_5KU}p#rDt<ykrptJslsQ
zJ^-w8^kDnC4eLmDZC8e*C2D=HB_C0}0?Cjw19py7JbyIIDa$L;$Yeg>SDj4Wtdf(~
zjLAH3JlGQmI&-I~=oVXO|E!T(lG`RW-tpi?BYDRyc*mPlo6+%f?6|Qu?@U$)GmW=7
zw>fRLKdzm&R>UW#0-vnskKH3vf!V#F-a#bD{#un`&fK=}5b^YV;43x$uzO^@wtlKw
zKWmtrS-bEMLYEZN!~}JGB6Na2?B9&RSiFR4XziOgL@y?(Q}s1(eROkLKdSIUM43a1
zzkZwcZAnJ}k)|yfr;Xo->F3K7GG82x;eRxB11MDqQ<Nb8z~}D}`yM1eYGOlR3O6j=
z-}v5|6^f-F?$?aLwNZjoCziZ#XyVx1l^l9(+F=i>^W4>Xdh1wl$3d$F*ed*vXB&sf
zhj*b%zo%Di?_5gE26%E-;&|PD)a|c$0|n?kXm!<rbPXUr2p`&9hm@Wo1sB!qy$uNO
zC#?~6sLp<kVTZ><_h7FSbt0MnexpNNdlaP`=lm=|TsD9L6a>?gcH;4gXgg%d&J6`<
zYwBrB((&AUkU3{q4TmMv#`$4n48sNP{#1PTEoZgA%r0hee(Y^|o>C#Ii7|b8le%=N
zd`x5eHe+*~_}xsE?X8+Pv-dt0I$!@WH>2(4*mhWqeA)$>gi$Qv>zx$(B8ZTN;Q`wQ
z7+ETQ3<<z}AiFx}TVNpyP^4AQ?n-ucEtkm(EwDIU`1w`W#{%n<MeEb)GP=jp`V?u_
zC+TYIgZaPPM92_Z)FwiP*uS)CIz#N|=b5-MUOB!E#Eo~uvWNX6P+=2RcqOdD8-WTR
zU<D66`WE;e^Ud=)d~<w{^6(}&1hEu@QIJB}cc<?T-vr+{-`IfH-{T|wewMsS;2Ql`
zK1~<sYWkFNaxY_@3X~&zS>Xa!$X;&cFAMogwnGLrx<ej5!gk+asLvQ>4x)qZwYp(5
zOrl2m3s3s|8Z$^qh8Yry7f-{Dx-t<DK}*9>8!|nW0e5{*$BLeaZ`fn`CN2i7yO}m%
zfovE#BO9AQ4swcpknFi*itHYu;%yW{ei#}sfAY#gQ1^Xe7;^)k!WBnwYN8n)Yt7Id
zUX%733UJA;-x1eE7lzQ^JU|4)_8`OWI*0f!I*}!%Waw^BPloOWVL~c@72edqNsuzP
zEUYHV#M<B2vx)Xon`(bPZ~uoj!S=JFrOc{@)w*=lY8DaB${~^nH%)@}p6i(_sAdLh
z`tW(K?Ty%i-FFK1o<Y-)rSxgYrnvK0GpTH*NbZ4}B}m(;_><y7E#+q5mY;zu^umcA
zcopsJFqzDbjQEc!m{P_aWp&Sw54cC8h^Rc*ndK5+N8_k1NdHVw+|}^{V{%dDH=8aB
zdasEiK^N`QQd%*IBtd!dLMI`RIeW#$P6FwGmB)AV2vnZciWytXP+Piks0Z2Q%xlHS
zX}n;M!98zOdiG-GQYHdE2sclAp&Yr9S@b;HiZ&OaC?f-81_FZD>BaNs3-$!=YYvRI
z)txM7R*R+6fN&Jgj{%%{7Y}&?bDQB@oC-aj#Vd(r7;_@+Bq2+yCnc^&u7Kt$fG-hU
z-ZJ!&RMCTet*$y{^pQ9eWuT)tHchE$*{E#j9*2sE?NHn1E-ZkGJ)k19D-5J_6?Yhg
z@~(`8z?odu9nPf7Yja&tdU>z-LsNv?oq#ucMmO#LFp0ZA6e*u?2CQcz^%KskSW;zR
zR!D5)Hj+<$P<NGVKEO#^r(Vq<ZC@T>m(51>iiUYkV$sQMnZG;8Zrg{4q)g%5wmu#w
zkhAgCCPr~u(Fy{U(-E5lIHYvFauh9vqA@{r0txp$09qxvl@OGUxW+NN_=&cHeLyxv
zThEQj&a8FZ2~&&r{RWB;I$A6n3s|)B=KL7DPj*#jyLS7Apglf|&n|hQt0^3-LD9nt
zLz6wF6vmahI0Zw3QHrGl(YYn_lvvt_d`zw~&3hBnX`aES`HP;-nC3D28GZQaO3$k=
z<u^s4T*__D>Erk>=8&WKO7}>TJ*9<J(f)*$@yOcD(7Wa12^#)U_iUzEqw|v`mhG3_
zmi@p#WF=sBZ!&rSgfV9WsvXK~ZA&ZcH~XtgHi;!~v;C19gJ<?`3LfF*>nE0uK?925
z8XogzkUa-}hiKSiGq6u9MNc$+dc->QS6_ROE$BT4it{L}1CTZ>)nNb~t|G(St<uzL
zfAwg$^>_58sy6w))$IouPqk*VEDzfsX(!pWwtLlnGF!uJd7U+vrkE#>$I!<zd!1M|
zF$VgCrTNK7JvNMqk^Gw_zm-MWSd%QUq<Ihf*NbIROy*`sRxmy?pg8K-(N`>+3FGi)
z-~3RF-RtWiyM9Slq*tV5K&07A9*SY1TwTYN2a+j8yX!|nk%S-bK;>>(7R~!;45s(<
zMcCBP+h!Q*Mwa6*&|k=Sy=|Gs`*Htd^mg4WXuVx)XlJI2*U{;HsVh?!CVY({h1Sf)
zjdb(rI@C_O)uM8Yey&_+!muu@m?5I`=w*iI>!V5M_$t&bC%Y|It#U%_#mUj^HuzWi
zyB(>oZrxaeMPK*CzA$~cvbDa>@9P0|7KheBjnf(&pYl<Cou7pp=>hHOac#q8HG}TR
zYQVLp=rMf&Ys?U643&>-p2o%|Q)3-J?ZS)L;4;PV!4)YT*x*iT2PZ;J@52CsubZ!n
zHjV4tf$V@cyqhj~zoFVys`&O@Q{vl|J!Zj+&3j*DUwJ=Mzvk=-^SQYSi&D0S;iW~;
zzwa-B+_l?)@%G)OVPowhxUg`uFWong4RmvBb;T;+FXDOw^gIxYBSCqwz7r44p~Fp=
zJ2UoUhH~FFjR{8eTk!<Y$#+8Tvvl?V8Bg9~fK?WkCKBU}QOGEap1Y5~8bj`+y81}2
zZL;fo<;T96#PYLjD1IR4FBYNAPi*atxdCse<4Cz5{FPB|{q@sM&iQq@&{NRyk(Nj)
zXFRd~2N>=)67I$?U+mJ1{3-o*o9T+=CI&7Ab91MvP%8%?A(%U8U_Oj6e|0DvX2%d!
z5}<fWwTz*4ZphGI@xFLza=6{nB6`_)6q+;qE~&K=yB-eCk&w%##igvUz7h&CRID$x
zISF9Weqx*O&$j~-m{GBQ&m^$l-e&PBix&f@)+L|3VL7XILp-u-5|Su;R9Z#VzYLA}
zw@66xSZ1&!G7zB{5qce2BF2uyXm(dnDPrZu>uAA|fpI4a#APpH1__VN$Pz9wUogpI
zi>I)U$ly~5sM<=lNh(dKSH`25=1)84>l<pn%_8!lf`wUrI%^B0%&np)B^rCRC&tTe
z2dP>ly52{tImTke({~{BxM!elH+T9H^3q$FC?T9=I+>6wmOV6$^Tz=lw~1SYQx-Ig
z8am2t>7`YIf50UpvL-~Q!QGO(1rtu7<svn98@FiRcug>No8&qsyZ*py4QBLg1yRPs
zYAY>fp>6vdqcn7m$sSLZ?MIcAAJB_6$7uAm=l)m7CLUIDkJS66K+-Bb%-BCR&n?;K
zU7H(#R?U=z#(ZoPdzC&9Q1CdAWTupn6?)oMW`%x;D!jn}XW5Q`T|LU|){8MoCfcN9
zt$<BBS<P~T^!w_23M|^9+tSj6w_9|dg;hKqzn@LFT-mQ@3(Bj5@S^;R&2=od<fOd^
zU1pI-P{;e*(;dZ&?TO;N13${r-V9m4!a2hkm@c?TZ!E+Ee$o+y^4PkGlAsK{f#DY>
zF<DqJvf^-5zhx)m^z(7S>7FZrZnYRh^ZsK&h@zgC$h<gTIgx|Pq*lyD6sCse1#^+T
zP0Ry^kG?-Jd5G|WCd+IAYLpN6fB=a>`Q)MYL=zwY=1X8yQg@~ZvJ<d@(brLv|A_hJ
z<@_3IY)tkIPs6?lG3H}EDLv3cEr0|wPoc=2LGjHTnE?x*%u_6yU6%SJ1(Zl7kCN7n
zna03Z-g{XDzDLhZ4%dlIqL-H7%N%%_M=!?(U*4`qn{&w(tU=kcHbr1vObauezlYaZ
z6{uqit0VI|%L8?W_)&E@Oc0l?G6a#635|%D=egDMXnfi}l#hzPCB6?a!*sFaTUx~_
zQ*4II>rh3GF@{0BSE|<_+O3vW-!^-MW9F=B(<N7Kd`)h`Z0X4>j3S<=<CYtbC&@&L
z<4v%=v&Fww(yp+%C&WV^lcyo32keu{gODGl2(h@gG9C~fNX{OY?H{x^A2$?=?AhZL
zcWWY3sez8(7g(r4tLr2I4VXe_zl=I}W_pGGVR}#`cW%5zESsQ*LI*<k?A!f=_Mj1j
zV&YxPu9K3#N@8ePweylPw}?y2@dA82x1&SL9h|e8-0p(+G&2LX{4trt`&^Sp^1Ey%
zU(9O0bh+pa_}oD9j5sB6w-Dv~HQdcYcH2k|OuJSr{aZBNx1cU~1=4{KU2w660!caw
z#3+qQgwP3q#q87(qdi27a)BCkT`mXck42?FSu)a}&J>p(L&7uqQ^e?x&2=<Lf|7zH
zs7OPC)^hB%kU134g?Rk`7o=#oF_aXcE1ZrBEu5~QLf3LC^pEdVD%6(KpXy(lO@Gd}
zZJPdkG*zWPhdv|v^Y7aK75a17+XVfw%_90!xdQ0V4gDIUKgVK-{&Z-|lriw5wCm33
z&z}DQ{dqVa=+76|Hjn;{{*KWfDI)zjUq|%E`7EP9k}_*Ja|Vwmg>NGiX!=zsQ16{O
z3Up(D0)4tAK!G~&c&IA<soEQf{tPb;r9bK!L$>{`Pa}{ZWW@3vgR~@Qn2rSH1WC}t
z0TSe$%HzMDia>o1(92tcFK<ErFM8Ry8RY^_HSQ`)VM3_BcqT6%ip7({iVJvgXDl9#
zSnSCSlHMW1+nGBMEa$)3{5O;T_U6CW@?Y+^z;=yTLg%50ozs4^nF+_t#Xv0ij3@(N
z9q-@aiIN<WPlI3id<Dp|_hLT+@2{Q}dKLcr6aTH`zaQ)2dG0FkJh{m%_#WbZ2Z$h)
zw<?$w=8zTXsvm?c=&Ue8TlJ488f9ee{Nx61bah)r3K`1g!LM()_VX_r|GZP+a})pE
zSi!B}m4<aGLhwooL0$TydL@NVi(U-Pr=!oWY(RT=p08GR{eZz(09TME(R~{sN+vAv
zqvsw4xV#OsHyMx7c#&LjGbt7lfc(Tc_Fmi~SKztck0F7irabr^U~m&&t{2%{in8XO
zWM&>ZG>0(wQPiybUaMm8YXE%{60cE&-FhVcHYX;GB*F>g7(Bfd>saDhVKrSVCnlrF
zJ&8gI0}Ai*5uxz9%1QJ^5z2-0@dB1o8Zy+KwkfORq%7u=;~eXg`RytFf9nYwmM${L
z7VaN~gr#qME?ZFR5)M}ill=bTwTVfnJh1nMn!{TXrk>f7F!g+T;vXP7S0>yjgz6<s
zTrWX$oJ17F6I(S(3VcZ(hJ?$NbL|-NPT=x6W06Ak`|~ws@~k4H-4lQs<t1eOQ%SH*
zLglEESTzJO+1kVm?mC@{zfo%w6X5p)gWX6Wb1VkGI@|v3FlqMta4NaABcbtH=3fkp
zIrY09<l1IxL3f;h%14^)aXbrXt@2wnV)Bu&0ZfFyxsS?~9}tWC5sL?|m>8tW?8n28
z5T22}A83&{SElp~@ey$J#*EN<Z8_lJ+~X0nDXH`_DfqItPFeDvIt5C_zu=g^q$_+i
zQ1~tuK8pyg1_v}LsAC(8)Q&CQ$VM0MhYf(NdSgDW{`gM@{xjT1E<S)Ej((FuN~%TA
zr3;*PQm11ci#$hV|4?zvC*Lp}vy!(k?74KIQGHzj%a^8HpVI|C+KouTh=w397u*O_
zZah~REtc3@p~BgSGzb3-v%bUCrQ0R?@`*(^a^)y&l}ro94w=>pJ!Fw}&7gGdz7)N@
z&@NH(SMuvAym3jsK;F8U8^xyw;7ybZDli2~^tSACSq7t6Vs42R<cmy#Jyv%2!+55W
z7xNjc!z)c?)6Zs-m0SW#TxyVAustzXDWV=LwNz=t>(gruVfiaSI&s7hHN!}f=*EkV
zIlj1HeyIa;=6<mR<5Q0IbnYkZ@JV$2Qd(g@f)|!R@QrxwVRbK7B=@86Td1H~F!S>4
zC=4x7y3-zKbyX`ld+PkMOCdiV7(g#u@-g{IKi*nA(ORxW^<XhPW3-Eft+LnQuf=r%
zfOcX0RlG@e?YFwldT045z<dDyw0(42F<&eLf$0;vMhOh5GzE2k`wJt~w`uBwlo*4X
z?6<TE;J;yQTpKZx>~6`^E=t<rg{}R)Nx*m$TQJ(J*H^B;&x3V#{Vcf@p3k=|KPGdB
zBSS31X<-*FKAck%?1gxcQQG2lCeEf<W{b(F6ibdE-*C#n{oiPvhT^UA)J-ta8)>4~
zu}Q|;;m2Tt=P6`U?p~zWGS6dn6LG|DoaZ*mfuHL9Fu6&#<Occ42Ao_#$~d)F(OM60
za9U9yTx=C>^%hrsX$8SAx;6n;^G={>E`fO=s2Rlec!U<HW;`Zi9sz~E{_1#hV}cV&
zbx-gQgCDd<NdD|1K644DY?D~_bMd9FtMTGm%-I7ydWKbZK>p@fy>j^{Gt1$_^ENLj
zXv>HR^n+9L79ByGN%ml9`*l3nNjJ$eC`0PrAUPXa&%Pab=;Tw9)1NSVq~xzbZrgbb
zWX8CQu%v(HV#3Y9`i&4xmTD9HYpqVeM6(-A@UL}4g6yn_wr18k4oaB~_7rHo8buGu
zP#2c}B~x<U%mS0FH%ghOF<-PLF{UOrMnJc=Hz=G)q0#2L$ro#7e7{L~n!EFvFftb9
zj4q1F%Gf%09PHh#7T4zF&DN>wU7LgBlS?nyGXaY2lC#D%3bU~|YmH+((KT}AuTd6H
z=N|>4dz)>^du8YP3$pWK{G4m8?zlwXEXlPQ|L|gTA-VE+l<Z$`bM2CyM=p=@bfzS9
zQu0ALd5>(Uw7T|5=P3tXV0@TA^K?D@+wL?@%xNP|(rM_R=CU>OtmBX^b1!Wn?81H%
zqWTbje;_+Bmlv!q5ewzaddCSIEjhZ6at{L}yl}h8GtsalpC{fF%Xa!JGk45MSMPg&
z%4(<qQch{DDOaY8WxLK=GSBFl?a$mXd#~0%ZKR3cRskM$58J4$aTo>X1tZErl32R%
zqTjD6kK1@|gdxF^tRnQZP0HRaHwrws^SVF%eza%FgO7X<@%UUE^G|)~M!{7LTXI?Q
zMZY$`qo!@Ovc>hQvTIkM*%{QVy>qsIgC+BK$9LXi@WT0P6lVQf3V){U^R-Xgr!m-m
z`CGF<4krZ~a{q+^ndl?Fqwt5yQvc}N<1_kN`J&a7TfsKQeamh)Zd{TsgwaP${%^k~
z|91~VF#q>BHUIZ2HUIbA7-vJ5c|+IXIZi(B9&LopTlwU#4S16O>?*!cx$9I`vESg_
zjjMKwvVTv8FAa6@nfUbW25s{1@zAcC{Ci|fw(~-ldD&#yVo9zEX8+z*msQ+gaQ=iJ
zZlZ+HxF52UPg^o!>M-F!wxJ$B7N725pse3r9XIH*e)|==UZ$+yJc~DF@Se*ucrV&%
zX8Aw$S-86fvT!Ttk087AjF`XsA)9NS(Rcs43;1cyPIJ?_!&~cehhwjfXW6I5$h``|
zUY~B=XyWgIy2RgrVO({}c|n`;`vA<=7?$z-d&>5GMtKPcjPFx+pM}N{gTFDuUojwb
z_JzNAOv!F6zQj5;cdh*_O!+*ZJGc7U1>>doYoPfW*}b+lQ13?N=o&MwQC^IkSu<yt
zZ?6_#Mrcnd)6}2+i9UafKNoA+pw@Dzg&|vvxi`;?ne)5P$(`{+{S9F|YqOS*c3XC#
zL~_vNs>jU3uG3aeyY(`lY@VXL(CUdhi1Ghq)UOi09pmYoDm%9tY~2sY&W850J6b)R
z0Z9VdtTM{ZO9`U$Hv=NvD)`K(w-3Bgc6DOa)*Ee^TY~w_ZSFR=xvaYanao)%M4KnB
z0ub@{#Eb!%p+P5~m7G-<B<Ce*_5>T8%JciM)7i3A>5C#>2*5pd`8H4Vh1)!xFUp3W
z03RnH4#IrsmZOBPk78Ei!$8{FTMq*{+YoKbJmxrL&AjAj>FWy=fTiBP&C_nP9$$B`
zxl9cH3I;#hBEJbdnfhM^mP{R^JZO`t2l&bVpX5{Lu6-CMwDL%l&2^qldE7;q@(YsT
z60A@XPPv}mAwO}L_=&>_xBy4$;oo*g0`qUnY!FM1W7MVf@DHYJ7fXAfzuhg!d}-qU
z%d1t|58%z#q;NlHzjchKT|Mj@SiH`yY~5iGUdk1npQB(3v_F*o-U;-#@`4RFB`^k=
zm5viukL*_u$8GNMyG&Ns_>C9v$RL_6sUWt0uPu2q^s^h&a@#zejk13W>*~hYMOM$C
z&DpL!ux)GQ<O3K54h~7e>;l<eg<LXBmt1)$3U~@+D1gzxl(sfcyPstP@&ZW|vRA`j
z)YE>&iL#ub{dxxWYfUuq7jou4dp}@wcFUf28<EW_3>}}r>Jnrg7*5XI<T!}~;rX|d
z&swKejd5FQVTiy>6V|y_&1)V^eei!pe)(Mg|1J6DUvFN1dG8#k2YZO}GUa-PT{Fg$
zcyWxU??sIKludy=<m7`OboOS^MttHkov+XrXU2F2ouM#%20(<hfTqri&j?Tk2$T@1
zd>+wug7}mVeG&XsHjrYSM=y`zsUmI37j4OZ!jUdqE}C-cMN?Ziqg!D6ZK;Q@4ndQb
z9Y<}MXT{Qw;d}3Qm+@$_`ExdOwYMuh=V(WH+&B7SKxk}*e{WYNL^!)kM#L~&msDw4
zg0nFy2KLPDFrz<@@(enN+&rG_F`hUeH9(Ut#?Fp|Q+E)<XD4rwh|+va>f_TOyKF67
zF1yntSE_EmQwNe~o+-Ow6L!M)elFvY3V_sX5uZkrY<P1v*L5a4d9yrqZ#IYprB!0d
zhfo0Li}K3AIp0I5AAc*4Mve3&a>3#}itEU~JN@yq^X1A@AV$<;yh!J7m(_?Nwq&0*
z*(V!nFxm9^{b?u3zZ=eXT|Gv9tjmUzU1!87k99!WsxQl#ClMbWvv-3&F9hrX=UhPA
zXLAk2x7N%m#|avRFG_Z89_1dib(G7#-IVQ_W5`-k#6*Sx$OVGTaC%PCa^ND)W;aw>
z-6i$>Ty24KwNX7+7SG-O%+s@f=5y3giTl&FVx!8FI0n<YR-|p>@OTCpN#<~`I?o6Q
zR9{8MbjcXl#Md=c-aIO1?$6o;^#1iSU_h&Dmx}s;-8di{F2Q&b!t#qF{yR(f?`$LZ
zZ?9O=32i7Z!~WLg#{eOYdCX@H5laprdH&Ln?fTi~I_9$l@GHm|xrXnUhXTe$nM5ID
z4q4raiCO2W4Px#do0$7M4Dlpg@`<?$OqmUMl_vz-&|Ab37hxHg6X%6%#AiIjktHU|
zZZR9VG6|?r56?sp40c-GpX}f>K0PMe6Bq4Y@4VPmd>XHPvTlAf2745plr-GE;<S<G
z^6?nJu^HKZU?MJboi~*kd1SlxTU=X|FQA5NkHzJ)xvqG}`Y}4`v25f~?OjO~CYEex
zpn<TR3HumtM!o4|M~eJP37YY__Di0Y>km&7P$NbmpiqT?hWEMT;e)`S>I=<Evl_Od
ztO<hV4z|#@#T5T(5}*2rzOuK;MoZu~vC+**>$e|o0GWL~>;_=tMpVKERV*~W*(mI7
zQ3hY|`(Y_8uCuuYukQiZe%bvD3+_c15-wEF(S64sfGK@!Je1x5HOr_%qI@u}Ka(rP
zuPQ4Q(Xdhcs$z%Yxy`S3DVEhk1H8M||53ZcHO&@te}+Xprp}F{M>a*~wRgu@+uVNr
z8m;}h&un!aa_#jc0+HPyJz1%-&&3RK9uj0ol~td%GbEu&2tC&9Pl}X;&iBkl8G4+E
zc6U2~7q`}!aR0>M<YNSLz-?7%9Uyz|Fj+k#{XxZtwR^4P^tYcq$?A!&vLz$`0G#QC
zgxRAdf2|b_r}1+a;EY3X*4kA{p1Ae0VGm<7HZgv9n+g84ZX^B9MmTHj+W~>Bg!8r0
zaY)LnwfB=f(dX&fBAma#NYkz~((NG5&0LTCMNUld0+@`}*+?RNH#2m>`OP?3zfH1x
z)i$<^b^^NCMd$(s@9Nr6N#A7bnEMkpBdl*&zhqoYb`7w$R(DUa>_J4^vl3%Gxdx>3
z8P&{0hH1M%YJuS$2f{&td?n8?Hu~fSpd&B?4KrrjWtSo+SIA!n6i3d=E4I>&_P<D#
zbx~;S=c)(h;PNP#rcp3mR>Lt&GY!ny38)F^X=em}b~mtQrgpn=`gYLt?EqF1*xBul
zU#*!n_HLs+gH9kNWAb9SK8$vs!wNFu29mOuoCcIoT;0NwadO_^kp9pfKC9t-*}ZfF
z*Z2G=yO#byGdR}RP~ob!WGHig&TjZVcgZYt5Lsk&M9Z$bjUn4oAAbgenJqSAXvhH=
z%&e1UeYNq-F4;|(z(E(kg+(!o#c<{nzpU*iX5lY9`-0{Fh4w%GIIMm3`XZm~LP3V#
z#hmmc*EVILkjXqaC~`R(0X)Fpq@qDf2Hi8V-O}>rC>y_L<TrI5$%NMp{Gv|dB;}lM
z6dbV_Fo~|`^3K%z=~5JJ)z|z{??1QRVDHAFmbvi`rSecqF$vvB+DEq#O$KPKg^B4~
z&;Z8uv(oW&Jzemb1bb)oULrI#+P^=d$Z+{VzTBtUp*Qu};~z1_)(A(sP`ErS{)Y|k
zi>tZSZ3bGjQfm7oyvrko*1eJvbz=Nb$~X#>+S{KYu$1q3fg`ymQwQz&+kAXmfZm(_
z2KHtOPX3HQ)JHYpF|NihRE2rkV03DVLx`U7>`Isgt1i)H?dGes)L_%x7HbyF8p-4v
zR;<N5k%dmd9jCll&tnAQs%0tBXX{z6@4(XK<I<VbrOVPS9XBIVww}SSnD=+!!=k{4
zz}7`4M)<H!`Rf_BNqV3O5e-uFO|GE-hUZI8Vquig%Ru?PuKw!Q>ct;K@`ny=nkK)s
ze86^1yE*BaY(hN#VH4-A-IWZ@d9wjigR6Y*az-O(uEuZu@6Oz=I?b6IdHTONbALa1
z^)om8AOF>vYxNH{ds`pX&K}}_9sU1Fat%t9T$k42Y$)BoMKxz_w!2lft2IW5q0GC{
zHqZS=o9AI8b0|_?f1hkvF#N0RdDw&@5tqErBFbQ7y}WphnSt!eOJLCj^OEG+JaSyK
zx`q<et{fxl!<7>UUAl6Bu~-n#(<=;qA1zWABw*`(0<F7pl0v8mX=VLN-kZz`;NUVA
za%^`IyQYR$-|<%)*el!&H@wNLaDIKyOjpt$szrWfD}VJ8ywc@cl-zk*S4~HT<j&E?
zd36l4x(5bApY2}GI$iu;SOibWIXr7~1S0@5y=*kU+;Wy*u6%il;49IUJi~k`Rzit)
zKD&Hv)INv#kK=)%5Sf=TX(i<~1~i7oS?)ZOYHaCQ%MuiO=EYNDj8%#G$Qr!4k~!fd
zkr^?DD1s6ROPnidnJkG(*cuC;iz%-GzcA~~bIg=v^g0$qKZ$B+bF;T%mLLhC1+}e$
zj)-JZs9e7?7=Sg9arxRije<71df@waTcOagFtG#tozjYh_?PL3k`MoDE7*4o3o^97
zk)wTz4ouOF!h$y;Mc{@>NB3I<HH!hZnU6406J(3vVMe#gy*FzNlgKh9A1zZxy{nog
zk!4CgH%^-RIT|N1FH(4SO0`;ig9CRE!*2o+Q$8vslcNQ1GON)71G5^Pg7ya#?N<I8
zkwH~j1x`XoG8&~y6eZ~(E({qTeZH<Ixv>;AF<>68s@t#H0rQmHYQQQQ>yH^|)cOhe
zyjkHl%OI#;1(Dk2hF0Gl(of_ReWS(DsLY&@$vkRFHkn6Vo~a2HW{tv7VG9%ESgf#K
zhsXqJEc{qKEvLXwAXeCjbAEqwVuk&yS7;O(<yigI-E5tIH*@PiX2c4>+`NH+skw*6
znwk-a7WR*88PFXC`we6|9mp%5^7j-nVMxHhUo|Z7S4}(`uO!IOgvsV!q=;WhfJK)k
zqPe77faxQ43Ah5L4?Kmwhje%kz0HmdY4hFu+-`YWdv2LkIBOyp73`wbby^uPjGYr>
z==mHS%?_>*S}-PBy>HdN9Uslia*JR_UOP%NlApw8q@etiz#`jLkE{2~j5pB5-+F}~
zOxz)|^NB{|Z(+UA_*=(&hsEE5t}y=ASHJhv#^2ibRujRgb`!|B9e9|3<>%j<u^sGh
zp>bSpfn=zV4Y@NoF<sV*R3!GqIQ*snEg`YRmv1pr%iG{c;%_Y-%|-w!`$`3<6$eNP
z0EAm-K61|N{JlZvu?Z-*{>?1#jW`)ix;%CY4#(^kaqBSLQ=|N6We>V$m51hWTs8%9
z*`mLpm0g~S%cc<Ns8L@2XPB9on*RskHI8FBHS(eN@cai;bh~E&w-+o9#q#M?fanW4
zGU2KE_wDr*e(=vX&4LQM()r07I3m)19M?j{^V+wacwfu)eK{Ttb(VK52=|T0_@C=1
zhepD64j-|e{HD=gIOsP`xeA@bZ(?Q3bY;)7vKUtOlCJCpR#sO@Wq;F^VYnN;jrQLz
zuu$<d5p$LR!?5&1s2%r<+B&ykohQTUe5S2q#yW3?)%m$WQ>Qi7sSOJ`TC1&d<Qb^*
zCG(Q$%El9(Ng2vou(EPp*&0@Mw1UcNbY<&V*=AO@Radr|m3_*}cInEtv9cFf*&bcl
z53Fo1D?6ks`z37N4_;*BBqDa{X&C4C7enXb2W_3*SZ94$of>VOFR;$4usVkVKI<=F
zg&kq>j`svAJc<=Ig;n_DvSw9mSm$t9ouk@1$ynzHyoh0j{53&;1v65Z$6hlF-tMUW
z#f$>Jfxa|uLVAJb<8p)F$J6d8i=GGmHj0YTC;Sn3^kV8-Zo!J~?t6rQ5l=Y&x(2&q
zIfHAwtNHJ@ya7N3b+1DCSN#2F{C5@qUB`db@~`>tH~f3RD|ZJFm~R{(1hSjnw|NzE
zRR4N8Gj$z1EnqB*9I(<JMoRgtrUm4UWxVQ5YE=wK_1JPv;(=MqdF)Q5#Wg|@jZIj1
zgTTFM+TwK2=Z=ZUeJUBt)u2`VmTNK<bmy;uf9BnOHZ?ue-c%<qkl{Yl$bbYik8Gon
zf~4(KrXA`)Y$mo`ydVh!w(~;8RT!_2S`>_9lA%^&$)dKs+k<d+YKUpNgfTk9C2&t{
z;Xz~&kFL3iGfsCOxVi{^@#SEUJ{F>%CDR$t<D0y~nb(Z3(Fh)fmiY!cL9F1ZgJvse
zzMQ@)NnrkOo{q+Y#I%eXXoEF7R89#Ee$Qy|hlPp1F-8db>S_zFk70Y5KuH##+C(!l
zE7AB(60vUSEgrBy+rL>oDJKWmboSD&J<`mIUAFs7Ql-*oW<_zO-*4Ds&tx7`>a69W
z?;&%=iV~PjTq=2;#lBiFQc#li*ZX|~gZ6L{KWw4-5ZS-8zg&H)pL@y7$A#=#=Fj3&
z?*NxY^QxO^bbH(Nntqm1GT-)jl0fsRPW780Sy9BKLyB`qaE5sdTx+J^ag%m}@kJlB
z`(Qw17AWE~82H-vAo@S8i6C~bqL+<jVB!5NejRZg^1aINCjmh%)d}Fw1qu_eu$XOV
z)JK+KEQo3~Eli`EdjFUl+SJi}Q@i%5Gp*)MYJA4K{MD?Qzz1_GO6~<l40a_h>(df@
z$f0;<q&)TH(0RPT{!UPxAt^>B)3=7&pSv0q>6JJE`EaW{!3K=Gg6-q`RDAEMM)xOd
zT>L6K8f6F!Na8lY9~=3)Gbwr%!}ot#!BEm3{*pp*kA#=vS2-kt91=9*zN?N&T^=Tr
zE3uy$gYJiTr1<<|V5W4=u5DM#@Z~UiX;wjg;^jDo8YK(}w_bU(#Hb6jl&?$Uht@V9
zQwiGq)3UM6#$alBUzbrqc{M0CFXh?$xH#oHOU@=oRXG+1L;EGaPjX;`klMg?Kv_5^
zMK4UDmmuE-nXqA_RujvS8l`19`bGus1DXB-6J9*}VoI=io_q_>@^L)QmRD0WaRhL4
z1tZ?Q!rLL$biVT83(Sq2CmkHl)OW2^uQ!?;64hKIjV!`4T1~j{1J_1A2K!B3<h(FH
zE#)ITtb9>ZuZc;5OZ88h#ef&2SW4l+wfGZXt`k&Eg8F7tVD{BFyZDDov>)yj@V32{
zcEZrbsp8V^Xys*WL7dztWi+ijb)4K*#^o(%Wk2f5cCa#gS>xPcL0Kc*A(RbcWs0us
zH&&Lw%IbAxCs<iDD?6(zJH^VBFRARDt_(A$hH&OQAI9v3z+8P7#@cP;#pAGeeOU2d
zIL}TSxIfmB!}xkhTc<7785~w8Q(NcQ0;tnFtPZ|GP&Q(5r?BEqy!b;bjtwg|@#1H(
zI4Z2z%lY6uWhPeGdzsmtH;Sci+|5{zhgI^V{QBe7DdH2)nSniu19oGz5K3%AI!NXn
z3=MQp+>8!7KWElvDV)IUvM@2Mr%Q+3sP#%8yu%^{>`iQj3#8Ox6c#i5omO6X<%(bS
zZwSp$h#6!|*33imwloR%&Yu|E0lKYh{Nd_wPg@p}Jx?q_a}PBao$E-zzJcYRlQNY+
z{yF?xlYj2MNcrdb2A|E1<)15hjPg+UKG0QoKUm>5Ug1Se+P#lGDvzU)|GNd4-@X$l
zP+okCP-VcV&m%Z$r_;-f;L9O+{^@02@a0Gyzp(;0^_TO}+fTovpZ|~MNUeYh-o^h3
z-Stmv>l9%fJG~j6_CppdX1W`HTzk_hl$`HV1z&$AS-Yx8h{E67h_Y1$#yf003&b_;
z4mF}JExcIL*}$=RgvGyqDTra{YvgO^i@{d^#J{y)D?;O6C*#+(9G+*{FY@T^Gl8uw
z!j~+bS`|iXppxFslmH1-I>Cc?3IDv9*Bpue%))=}=c7X|!Z$&q_EN^yfut&7op|2v
zwx=}hu78S&SNY27r&RgtQ~1kg#7|TO8eLVq%qvV$y7Xtaz!{2@w?(sh^maC@*Gvq(
zzl)GBZqu#xBv-a~N6HsR_0h^_9rE?cFjPx>VjubzZwmmj0%qz|uYM7l@6G$ovt|tl
zf&6o_Yd1!6a$Q=7QO}j%-zFCccCCV5G!4qm7RYZ53?y~qnOHEc@_A+Yv+RO0WrBWy
zLL=>$s_k3V_StRHw>=GwcOvjkHjdZi+Y4(Sr4yxBIQ%cfG|}{XF4puz<F5*Tf<W==
z!rNcoy7BgNdHb=U?d#*)0T0@CEv{s1$%W#1%hEOYln1*FFJkksZ^5}J8bkqPJkS`?
zbB_tbc1}x-Mvr+TaQ?oYy8L0avU{#knmRICa#k0}nYE(l?{pX!Wk`lo${TlK0v`Jw
zN`vCg$~b39GMG@YYe`D-MHenlt6+?>TQW)J>@1K{qh?lo_0YaDcpJ^`HYh9|NOg)Z
zocnr-W!A)`%3q`5!5A+M#h7^|bNm!-@x*qzxq1Gd7CJGeuZIILYewRnp86XL-Dpzo
z|0*#wbR9Zaai!0nquFh2<?R?Zu2xCzQ|}MZ!+eZTwuVh1P!#1ms9b<~>Xa5(ZMoPs
zB%ZA{9}-_;<$hvjcso&6*McNe?sUHs8IYV*t7i@f#N(34eDbJr@pc2+K#mq1?Ltx%
z32dz24jswZ@2|6Pte8zeiK4M~G;L?oU@WIoad2%Sce9>emZ&Bg>*Hs+$99fQ=Y<k0
z#5st?DThied8L1jjhGM2bqR*^=hrkXR`<Ltt9!A8nYnHbWae7=G~$t#9;$=6j7jCb
zY?R-x8b|T{#1m_ocw((n+_37H)jcN*T628vTaB~5BB?%*Z;JQ-SX2Ecvi@Uv|DFXV
zrTr)x8#B|2hH}b3(aiqic>g;67ZZ+xW=WT>9zub%Wat9FYp@Z+b8q`uW*ZlmzFU{G
zexhh-E7D!^#AQjf(K})U3U0ImxT+eaG^+suW8YztJkeP|^(t{=GAp6Gr>6+v$tTaz
zJzEYtbng6k$unD$oRz?^?3BdZt&-V5$FTm!%?~DV|NJh=2;6-Z4RH5$j|5!H<^xwb
zEfR1K6L8}IxH+lRISY*)w}7T+Vmm1a!Ib(xB0$il`4HS15duSCdWz!FAo?*j2LsXx
zg6qDw1R>}eae-PjAA)bEMuK2PlnOzXDUi76ZQL*Ri2%ZD-)TT-+wso`Ahd2C2<hkd
zT7|TozB`~*i?-D-<NoVb8DsBBzr4jFC>{qJU&fOe0t{pEozPLY4VsQRcl)n*5#3)x
zM{ht!zVXm-O_iqMs;>VB+cW*(&p0p2Ry#6TvDsVLm8oe>VL)i<S&lJM;jBAbbmbXD
zQ<b_FY~h@%Nf;5AeMiF8IV7D~R?qNdt0slS!;xp6BdifsBr%+SO4;-$C26D<sR!ld
zOGGbTSv859G4cd1XzNJP|1*Dg+$xox#BArMl*}j1l&B$#ahH8^(PgHF_R~~~`zB{@
zUHFV|5Yy*6tBvrv{dzTxWF1F%M^$|<&lOX8((#V(1F|ik@DgtcEU|+LBfQ7U&J89E
zHo?_LwKXh5_@u-v-wh%8MysK2ye+fNo|98NtiLe-q#V@Y*bl*hYc!hu;`JzG9e*%I
z?ZEf%M&pwVDkfV(oLjwIb!O${@XU+*>19af#f|hbB=h1I^s@2Hiz_dxX%R;NoZi2N
zUAQG&QY&=F3hgh2R(LW{LBI;L!zvsOR5<tmRM-WNz8Ig`*UHx$xR{<i)NPh>?_4G|
z0KfCl8KUB+WDvSq1TyZKlrg;ECpi!zH%m#r;OBf&e_s5R%s8QL-RqmM7eoFMO)JkM
z+o&ge@tp8!!me<_XHxd|C%pR8PDWee@$lYs9Xq@U{~h5oDbw#}ct@WJ^Z_30rxCn5
zqSg`w;S2H42p}{UufFwT0I!~?(X=}Gzi(B=t1F>BCA}y`cyed}rG8hg>0{FkktXkd
zgi_@ij#B4n8!r0q8-_NQ{y->o!6SrHV`~{oji<2c#DA{7LhdqdX}-HdloaiWmOarU
zoE0&^Ap_P)BCPW&$2#$dbrKrIIws7{QT)GyZyvut1mDEt9HfTen+*%h5u#z2zCF3g
z>>Q6=QIB#Q^x~a@kLuZcXEr;&@yZ7?*)dEVsp?GV_4EAo4I|To`Z^syO2+BT)cLA0
z#`$?nQbzSPLcd)`Zj-rEALihtYuU=1!p@`QnsoK^n56u87dwwhy7RayiU(h4CL@}p
zq;$aWX<dHK)ByMMb&-H;*?izKA_CW!fV;yeyXO%jn#34UcM(m`_Xa5l!S3JxhyX#G
z=0i|+XCw&LwNR&r7*Uo0gU!QxeFzHIdP@+B=OZpstL8(I8WD;yDiqH7@xtl}C}Q4=
zZHkudD9{lEvA^JtXxZp%2M>?I!<q>KySydo>)fg<ex4nwEljJc+F9Kd+YInYzY`L;
zNcW1<FqrxZ;yMbK%QMdh`J>y(A?Cw+<d2ToFd8egcLjars!{&?n6XDmc%wQ4aYhlk
zTo$4s1|`T!m`^fbn?OBMq{R&L`z?l(GG6ttUM2U4Agi>^<~m9+iA#$x{M0QW{$%6`
zbQbxip*ndnppOPv00OZT<6ilS5iCjvUGgqRWh_Nb0F_l~P#M}dCi&tU;h&^1e0K0^
z_{{36Q9imag*B`qwNDy#syH>*EVy7NY*-S;Mt%Hx1UBlW*CVh|Pre?3jhgj((`?ky
zOKL`dOZNg|+#SXQ-FI27uoo+g3%hu#3RL(SE368ukaR_@@CsJA;Yvg{DoN?|Pzu+J
zBurxn_k%1Q8)Z~l^MdEH0&G;0a=4DMQAS0X%8HA!7#p?c`g(sv{wYaKZamKz$kFi4
zO?c8f-d#cG>|dK?p`0#0T?a8NV(j8b*(GEH<8vqj+Wp_gkPvbb$a$M;i$FP-H2#o9
z8CFA`>|T_l6y53fJF8n+Jz2(b6YB$dexU+wDt=YoS%kMfwZuPRHc!&_ZChCGoWD?5
z9P67w-QdHb$*i+?pBW*j37)k5WvTsT-4&_7fxN!~y8aeIe;L$YbJAtZUdy-(W57sa
z+L~rKAo=Iees^w2(r@<iSDGf{%LDl<Z1<oAWCJ7Pth)h?cDH;EQ`#2XqDfHk@dL~^
zCFhp(F#T--+aFf<{eUzcNkWrZk%w7VrcTCfD#c4{f+5!P<7=`o#QFucExttS4j08f
z#h9TWVv=f=(X}rg6e4iUuePL}lvF(5Dmd<GPDIe`f2*>xnx@&iy8i0HKucz$z4Kh7
zvwR7o2w&1>8JSQ#|8_uE!^dp4BJREeT9-vjEp?A*IRh!eS4l>mXZr*koQ_AwU{upC
z*Z(fVPfE{=d3b<MeoF`FES1HsD7O$2j4xlspoD3@9sVEZFEZk6D}T(QTam2Lt2?oT
z0CNui=q0*6uZq^*p0A760sZPG0{WeQMFP5o9_Ta%^nJe(&=3DfKsPX;Z(%?m{8k0p
z85!tX8w0wuHHNKo7aA!CwOE3;VB8Eydu}MA{xKz^K8}Tz)fv-UQLTx}2j__d(PT+1
z2(_30#}Nd*<qTUcna!t?-`m%!6ND43o17ac)TW7DjV>=TGoaLr(y&SJ>Vb^<k;P3r
zDc5em9mlDoFKan$mJG?<S~4i?s^DFBzctb;vU>~+8h9C=ATEp2m?GlH;@1+@qK6r@
zOrvd^Ew*nh*X9Moj}z{(Q|9keXY&MQP+2oJ?Y2i)es|co8F;w?V@pbqGS7>p*8$Un
zR~<&NWE2G`TbPuDgKh)gP4N!puT1bX--}T#(UB$}v%bT8#Ou=KEiS2WEI=+IpYj(y
z7nUz5;wjwLVkAF>YOc4bUp8Yv4G)tPqYX<ZmQ_F}*0hs_YW%)xMBbH$qGh+eWxTRr
zJaA*4`9{L%cV}V9gNa6x!I)zb!!8r10~LdfUTzbZ0<8cx%*t<QcVGFd1w;J82A_W}
zPZ+0s$ab+Q92?=bWogAS{M9@YoMQ^+@zc;377t-mNIpN;kC@IcOYm2RWM~V~XGF-?
zM(O;bVUdQ;O0<fl7cqFpgUs;!y%(A$47d3iVaQMh0dMWiqQ{P@MI!{o=}v^sVEe$?
z@}!S>&myRkwuZ8RWtY?u)9}q3i2{$4FV(XA5Lw*?@1TnWK;l&Z$hxQk@I?UtkjB2M
zdmg{)7W}HK{;Qp+Qo2_Et~{W1nu#rahE-blayi|~P|i+ebjv*in4^Ba>ygn}JcJQ8
z^~m4q%Ls_KRlNRRh6GaKHn}yY&SJ#UJS0NAL)AZ=j19=kklc^C&|;5H+vn>TuJjTA
zS{0JRwL)MPZD^lWD4wb~D=y{+hPBKflD3E^{jPa=0i#3|Lau9xq8Cf95aBAo-k9{&
zabA@bc%+JweXs|{_kc4i=AME1sWh!YoscZ%ZdXR#tx9ENQdtDVV)$)mwf#3J6L<d+
zxqo&Uvao6C4@Y2sFwjd8DFRZJClgRHmp+sHg@R+f>(@(>`!Y2>)}W-Bs?>~Py`}1o
z_mv((aHN=iQ7kLC9U!<hFINXa(v>rjA!yqe1bm7SjP$q<aXcNbR9aDD<+FVq&9-H`
z^2;PX4>;43yC6yYD#wauri0MmHAmvUs@8yA`kZ{^(!ZR^tTD3Ky8>n9OtMg&f}cwC
zas_j8byGszb7`BDUn^RZ)nQhsA6)w$%p5Tzv>+}xLFnr=KPkj)o_SlL+q#GHc)&?u
z==Z04g$VQgYj=EW#pbdZhc_dHwxseyU|~-15~nVc|G{{?RL0}skd&y;7=6j&hnO7y
zrI17Xw;5)&$C41I*=(b8HD~=^p>fCV`VxCtMa#Zs7?-6J$p3LANIi^`d0r5L>xIx3
zBDAR*mwh{$q@P!&9z&*Pq$$Kf@NEtRMrAlFKEiBsVZ?gY=HRJ3&eH^30cq6e4EWJM
zdvfbIVrss*pA2TkX@OrFn5C2NGI@=!U{R{-ZNb*5-`yd;#kK3%`mT>hl?VeCBL*<v
zh>nkc$<8Jf5PWFvkWInk6hqf!Az)6ehJCl@F*{!Ng=RA>Ob{YDuZg9L6Zp(~S&F9E
zp{p8O7xCTy`MPZR{r_NH^6DC2muo-KtxL~BT9>D_z!z$Pzx|ynXh8DaDobG2*7V0I
z+f=}&tU^6qkq<@HD)msLah9w8<7ONQ_jEJ&C3WWk7o0bv8C~sqU+oG<tSo6xKRu_L
z`B($KE$rmOtjkGa*`rpr0!Efz<DfDk+DM~#ytHR?hClg2E{93wI8T4n46v3?Gi#|E
z`e}2FfJWw?j&FTIJmTFaaG_%jFvsPOXjiT8G$Hi+j>p(Hec+q&cn-|U>(P8%9XWCb
zt^<nLlNG*P(ySrQtXHQ!inn@AbB6fgRJOuNgpifjdTJnct}bCX4_RAGRS&JpwY6FO
zKNZlL7VUD~;}es7i9!9}271GFl=xC|R)K)?-4mk#pX5u11Co0b+72;;x9=`fx=_~j
zK|gT=2qtpibS~O*=(6zf@5<%-%!2Q=fL_+e!9u?tPp|7=ngkP&vhlBz1YZu%Z-k!N
zHoSVqtLyUnm?t!|+)zHd$?p#mbbl3Bs$%Lh4?_?|k~DJ*bLkm>O+xYG;{?ZU$*@&L
zkz^P3^<J_)qN`^l|K2*ks!VS95B@m~fI~3Id)b!xA4hKhNGyF2*jGwSq|=`|tBp`a
zEXkqhZ0yeaI9J*pMunNU4D$@-rk%@8^TW{H(-M<(`m3yrQSODQ37G#WgJeDB20<8c
z&XQ^{I@+Un>N9KVW8EZ{h#Vw8p9!By>{Io_=GIn2y;hc`9?@`7m1zC>sfH@jgrOdZ
zRBtt?dJ~sE0%IuMCoV&r?X2on>1&CKH$<$S;g|k}%7T;*s4%JBfQnw8j|u}y*W9Eg
znrH0DMRJ;|SNh$+7EH@0IE?=4OrN91mtrgZt#RG*-T;Y_tto<UOYl4~+#O)2S^T4t
zM2b%+1UV3(05XWaf>@RvgA@Qm5XhMu#nKp~AYjz?7DjgNlbC4?%ghZJd*4xupjaf#
z&h3a{8@-IOUd}NxQ^rGpkpdIL$SuswquHnn{ms`W#6Dp|kPQwPHEs|+uajv9$oYmk
zBwMSlGwOKN47WWg8h5MvLJ~~!u*C8~>huCe8oi49rPTuxi|-%_%F3xB<d!S`GY^WT
zYYkd%4d1LY=s4qo4Cc}5oR6gTLuz7}IRcf%Gt%cUdShA4p%hjds){J=@-PZpj`2Ib
zjt%aU<2ILKbDdVoR_bVL?cD*kE}Mh5&<up;Q9K~_p5D{fY2pu3wP3MWy6ZaBm6+l9
zTuaBNuU=og(5yW__^dxa-6Vq#<7m&UV&{kVAO{pej8q)(=Sw;qkBR6q_^#BaqGM4`
z09Qb$zX0L?{%f9~^jWFmc(LTb74>{X!1I-p&4PFB6_T)*J{7@va2~xJ9DJFsJwbd2
zh|d|ct}d4)%p`s#^zs7Vpy0P3iw_f2bTAeqDSa%Iji5I-N=i`v?8Veu^ze&W^U!~Q
z=HZ=u&4XjCK!!|6Q87d#?BTVf*p2P{;s~L9u(~A_s|o39&|EK-F|yOg(XGWg_RZVB
z<&oktwR~XU!w#nUFjOO!KG0Do;S_1xY|q+!i?wMDv>7;P$~rMpn**9?^V{30&0^N(
zg(KJ|po#L^)HV?-&WPCT`8XXqLgm7IL`Me(0y_FK2hkA=+Yp={Evuh{Ju^g>p&Y%|
zD7b2sTRRx}-b5o(D+b&0bR5KBn?$h1{@5~)0<K^~<<kQrZ+UMc+<W|W8Ynq`)PYPG
zV`HGj@)x4jCZ4(`;!3_gmS!l9LGjaJb=Ic_`j)SWG(CTGAfnDV73XRcfrLd9IEw?M
zHGmI_rV!79cf02m+dd7uvi&$qbzblb*_mtko}~f4XWPQH42+$RH;ai|c~r;5(WiND
zH-n8ke5aWbhGAY#n|d3Mu~OJC%i0*UNKs8uQX9R$%?iE0Wm9MW1#RsbrL*P8xE{3t
ziCq<t<J?P$nug{-ztb$}{9Dzfaa=3VNECG>FY%G=;UhWJ$Vjd!T>ifU|4jk-_i*^@
z!{L9lfQ19p$4NnbG>bl_>MC$k!>c9qs>b;Fr-JnL%#;kD@%X_vp|NYE)zj{I*zwSP
z(`QR*7o;_D_d2he6}!(Q8O})O4@+s=C1*uD>HM!!+Iq>g9XPSp6oG(Li7OI|;McW1
zaWQmTC_W7TPpObrPoD)X-uuvWYR^7J+uj+ms6t?k#z3Qm_*jT+&)e9bu8aA+iy7fv
zoME4--(mtx%%uDY=UrA3ZQ%LMS5b5>Onp&#C>rz2V<az|dzKK-k>30y3>~y<81TEn
zRBV8#q8=C_C~NDOE)6#?>e71YjC%l^%^ZO$)g4Cky=EGl2-?HJcLcPDthec5y<NWu
z(Bh&kmm>Fe9jkQa3CmS_L;HN}al^zEjE@ApdnL1!B~^N(W}ZgB5vIFrc`8Yx7)gJ6
zcebFMRvH;<TUO~_sMK`lOnKR6a3tmB$XG$!<7*pbL3wTt+uUJ2GJo)N2UNORkLlz8
zNp^ENQi`_y76WnxrT<mh-=CIy_4fbxgxWunmm;jWKghGHNh@Oytwejn=dbwJyceOg
z&wEgM{qtA+T8{L2&hLkDqo)XuAO^7SkE8Wtg!6yQm<F#FIfvb+mM$NCskwrT@o8Vv
zF{n3<XACMZo!JGFA$vx)^NDB*G>2gY#br0OP$fPl4(R-wtZr6Ko|?-=uUgUb2OYA9
zQb)Tj=^4eV-Hf`l{OSe9@O(_l<w~MMSOvxhL}en3?-bfLoI^`1ke8R`BndfgdwMip
zyN*4P#O^1d9a+g1m}8WyZ(_MwGthfhQV-_TTt<k2Cm8rHtU-qfi~|USThj;>Ukf4J
z0luXDpjotQ0ZEVc4C@zBS;trHz>jeP4(GpFGDIj}$7n{f@Er_VvK^PJ@Ri_li6u*b
z0aoVR4&3x2cFlInJY<}Q1W1a8S?+~aRfC~UC#rLcrjGbr7c3kek;y*EnQRJR{qk_&
zqW6Wld>?2)Ci|!|AB%T1P(ByU5v-a9_;aB*h*a=k!7+5S1@@)V<m*N8vumR(87l4g
z;xt61<14kNvC>4l!b8s0UgZGdQ4fy?@@RIFP~Jr|Vawm4rLW$Z4fD1~d9qEouny7`
zNXcua3gIWU2)<Sx@&xqHS)}r}r>yB@2(SDPteh2E*)cuR{QwD4Iw5LEuzU1j@Wjr+
z9s27_&ET>Y=9{_gU<gDru!&EXUh&h>6_-tINnuE2_vBRDgXarIxa|X@adButTX~a&
zQEtn?z_IhZp@t|VHM!!L$Zj8Fv+&HZ*rj;R1v=K#6)O)vg7Fe@c^Ok_ZDhct%2-1u
z#krOk5yQNjC~PyMM!Rw3Zi@6v!EPuAF(c+;{0)+8t5jLn4$~SATuY2cZd!%ZeK#DW
z=*&X#k)^~t6pHqZg%)x5rrgp^_B#UhzGrjAwL4_PMY;P<x$<z!QO;qeb`G;_SZ{OR
zZnU{ON#7LCBzDCir|rvyck+{GkQK7E*(;VT5-?HASbt$|_szMk9gfeTla?`sSps&n
z5jt|1tcF@fb}LNY8GdHbmWmq~86&0PRW`5;j9v^|-O!G0^=FSD`WkNlQa#N8G<udH
zK6Lzi&;wTy9|Y5o=9jwvgkw&lF)!DQxiYu3!k$n34vu%DY&b1<-yv82isLoLIFe*T
zrOhqFc-zbBc<;5P?adXxl3~E79|A$i)@FzO!Ca4ogRRVUZFGEzgY7b%4YmS$aCDFi
z4HSz62JA)M8l87OUgXl0YeL7%kM_Ucw5a1<h~u>z;!z`+U~|8R+t)VqJ;V?80l0Hg
zWzuZ7Jo9=zut;dP;b}Sd4fZ$8b18n1;58YT|F+HjPiD9ByEXZwwEB>r{#z_%R*NMs
z8qvJ_lw9d=DLefJD`rjDE{ws{nQFd(C^>VhRm?kWHC(WYBTmbeM_ZyqRXEkmEY3*Q
zj5f=a$65jy_W($vT$Z5-(vjCO8luH)l3fRFnZMhuGHOK>(Ikk;48LcKrq*J6K}=E~
z+qah8x5dK}0!dd*7F<&N*=%uf9*nFOC{0CzHS>^TO+aDnv6@lQoj|iCyWYgH+Faj~
zNM$$+FBo3cGrlOQ(18W|jq_B)sGdPuEg0|@{sLNrOo&*<Xwnk0z~clEroX(O%8qm_
ze9I!FZGsc0?05*XX_qp5GyjmxzyRD=kNFZ~Bv%88jQ;IcMPgr#W|G$hA(R%YyabCw
z6%5*Q(2<TBUgR)<yI6YDCBNVMB;k|c*+u%0Qvo8jc&)D=ly|4{R89HfRlfcah~DC*
zjDP)bFovDd31v=J^4wqy@PHcgp#CjL?{-ZFdbjkjj)_(;D1q`h;uzV}>r;dDFa5>I
zBuW7N^URJ9r+tU>HMGxhGtj;#G_<eoO`?69wlLaP+9DF|JE2lCrTT#g%7Ab}6&*^b
zEOkI-GL|=kQ0<a|P`wd>P^||@m6lKck2&J|cK+{j#PMs1BmTJ;<A|f4({aRcGHNrJ
zu$YY&Q;6eGkhBk{43JqdnKh0HR##<M{uE|kb+g{Ss>1b?uQ%CO)u1FQd!j3(mMk5E
zAbW}hwHN!Tv~$*>C8XRJOK&~x_YYk~!n{~I03N)Z6=L{o4@C%ml0h$T4ZgeuUiPGy
za`2_3=iz3aLF2kQWz|5~+LO+NvUoesvEsjCarL>d$fZ|U@mwr^hYZF$&K?EFpnAI2
zdTaS&=7y2VOt+rCyUy=R#_MUU`kJolbbZyo+|6PVq$<1SVoZYJ<7Sar=}iW$St;gi
zg|Z>6te>u|4=cNol?~LD^=D=N2dOMWS2l>19bsizy0T%ctd^BYx-ttZ`<RvG>&mRG
z>^W9epeq~C%I2`LDY~*rtn3a}_PDNWE-M?#$`<R&78pW<ReigUvGsTsm5MZ2wU76O
zF6!TZVU}#E%3E0Bg<nD|yc(#m2rE1rR-yJ6O)qz0oiD@c4EC}*6iRb2)=Bh+)+yB1
zxfbh;53BR4woY9t)OjYX&WhujI-9Z1Q^!N=v^}8?>O-t>*+&QMx0!f+?hGEE0{vIV
z_p4vc!LRo14|7HhRJa{0?4rlvgWXwzlCZQcr1BiETDccio(7NJvFPj0?EmnFWm=RV
zG>UWYv9QR@s5Dew7{I(LI*9=zL&R;4;oc6sNlv<yf}xtIrlaA(dm7WDds_(F55<yw
zEik@p4#=H5u-r`gxhn4*`1O9oDtim@;Z6Q<Cq69a54icgPIw4rYvyBewrFBZZtU+~
z{4ABjOhNeL-f!>+hWd{*Hq`#t&`_-|zjp`+9&v}a4}RX#`-UMfZu+c<e|8}@UGQF_
z!dm4ozn}7Ze?eHi@Q+Vc8&L+_3=^{l3$`1AZ7Vmfg+;1lZ+s8pKZU+H{J97Jxy$=J
zFUr>pxY*FdfL|K{1HK#knTY?4<=?9Tk7$wJ&rIQ>(;M)YH&qMJs15K{SN!xkgMI-^
zQ3Ufwg}g1nkak{lS7!!HYCG@bz#CM7dk+b^FC23zv@gZ=r6|%E=&4re@f%DWI&JwT
zb5QAm?k~&g{k}13Tq)m7{O3_$oNuAF(oY!}r&v3}4fy6SnqKW=l;Ui&;L8ilV-w8B
z#B6pDC_?6A8Eku#<U32-6Yc&7`k(O!-r!w;B4q?aYAU1qvrV$AZMr5N5yq=Q`&niX
z@j49-T~9#b#yfLMVbK4L?D0XqXv!YHK=yA4Iu6y6xr&T8Usi)(dF)yY5#;zqYe_%K
zy)XkU=^gz?oU>#YjP{rDjpicQjn8xu>?_uX#p$?X1W?_?yR}sJ)I4ThZ48)KAD+m}
zt0z5@C^YKNKA+N_G)V3{fEyc;P&|JuZ0<t9F3!hsTD(zYZi>M{XC)S;oy<);$-)_B
z@oDNWySiaMQ~mu9kNlYrvoRv*ozRBP%v~9Hn+<UNaIQ6Gxp!>ChuWSLP!#|eC)mHm
zyu<HX&1kZ-`T~~+QEDg|*%F1P%W~!ADA{=#<iSHI503K0B}nC59uy_lX({u}yhkM0
z4rz`0(rP#~XBIl$y2dBYus;IZjM9WEw@#oaRHI#;kJ?J<iaBf1H58om0Op>IA7AGW
zI9FEPVis(M^Eh0J325^q*5Kr1dE21cK-<^s6_RVS+MVP1+_ZDr9v1)2_YvB_WZ5z=
zizUyZ_i1ena{{R`Q6`H>Sq*M|U(ISjao;JhKgQcC!B}S)TJ&lO7ou)a!#-D_jTq)f
ztpxEI<Z9Wun{1#!LM>cwa}WB3FCgA@oKuGOKo+q&+dVfL1=^)QB~eTb(%WVdD44o}
zM9nb-V{H8CJXj{h>WOVL9YlrAHdPO+vAK!Ctl%IOF8B3E{pWp6S@|#Cg#(wA9Z7KX
zYnj8TYf|KCY8jX&(y;-+qn+C14+Txk(67VH^u^4{J?Zz}$t(d(#E$YOXtPXU^}|m!
zBkjc#!_cE<qR~si9o=&Q``u1i$haZ%$rK~GiQ!?EaDm@A*&15!j2GqayvsD>E79;N
z_UYv^DaaGbpW^`hdlZ{!NhdSDX9%Buv2-Qs`vDF*=+9k$*-z&=MpDhp3JA6!T#f-o
z)e{In&Nr#>vC<(NYP|cNg8G-ECt4HcKvn<#=VVpYPs3Qv6#TQQ=)QmQyB0o-t_C)Y
zQGCBl(e9V5(1AH}!uHfiTj_78bvdS7Ka|{j=Igy2_uLaf=&GWZ*}<1tnE!xY+JY~w
zAz=-;+shrw@S8BKfj^XMoWd(iQ95IVv0)X)@(Pl2sTWij;U{i&@I4W%YP!?QzQLDf
zeN){U)V}_OO_{>f{BaFxU(aEMmh?D$PBE~slb@{f^EmsG(mstbB?(IFG!_s4t>{1)
z{siSrDtq~CH1iG)<REZd$Iw~nZ(?bKz)TvZL#0L!!Td~=&DkgR9h7te<NvE~)={Pc
zyeY~G<N$D_V&F*aJ4v}W>|KIlLm*XXN@nBz$ir%l;QPDq{Y2fXJbaboQ*)yIn86aC
zy&0vMf%^Uw{#04b3yWD{u#pyi^4wQm<`wRV3d<*e(cHKrv>xk6^z)7ST=nzywkGYq
zvT#u|{Cuyc{u^oY)vwhy&$nQ0CN-zcsv%9ZIXvKxe9^$#{NagawE4&oI;Tk(Xj3Co
zH2KZYA<R!Isztc}Fkqy53eHo-E^#mj-=xS6gk%4%y74BfDl}w*yFAehFT&M>%|fFM
z_Xso`3|w5huo<o1H`vS-SgN6XV_jT&TkT>#V&9p~X+4_5oTd8Bi^~qQV7AY_F20(D
zS53a_VLmk;@ZA3B35(>O0c_iT^ngTVQF14=eW<4U-O+Iv{c<x}9hc{*<3%3zZE|u4
zHbB|?(-pt(13*N}9->?5-_rK^vXPA{FVcLFLDLrd2!Miq|L?&^%>D!TgaBi`p@2-Q
zdtoG1fN8X+Z(kLt6*nMIwFuN>Cm3tF0Uu`F5JzI+v{n?S^Ith)nWdMZQfcM9U=T|j
zaA2JmqU@8M7g{)0*xV1N;x`%i4X{Hdy3NM8_>9aInT@E-H<J15I1TW<X+dIBR#^cb
zAmj7FD}Y@8ErER1j#IVY;)5(Mi;aPAx5lGR^kLe1@AQfj#Im9mlCz<$So&ZKCeD5W
zHIOySAb0j4EWh>9z*3@tWeS7k?_XFs6V@4F=_N6us(1B%i(NmjD<ItyhFu8ip3v%6
zosiz~ktgIHEfDT-AUc1cPRPqI0}yZLF(7nKuaqnvfVjD!X;06yS5!~WO<jSC{T602
zx|3HhDIZ{kDtP1`SIE$0Et*ISNu=|1OW-`+9yqdbk2T{^eKvskoRCU?z_^}5qh0h1
zbU_#1Q2mSf&FEmv0CVGQUU*Aw^V$H|lbh4(g)~CDl9oO4bX>C9BCJDGA;macD_cJP
zxW;w&X43ykOtuv6O%%`(mV3w|e~zzbULGX)x&$0y*YMZ3<Lg#B<x!JR-k!z~eJA*?
z5&1QV2Y+%eHY#)c$S7B79O|vE#E1dfJ<qTJ?ay#tC3#*wIawrJEk=7qD!IcK$cB+K
zZ0`Gwsy{zoWRY}?_!E|a0t3(a1W}`-0~!=g#aO>g5MFq|H-Rxmjf9Us?_$t(<j}e2
zUOjkxZvrgO7})Qa8gCg(+kq%2U$FPHg1{E3zt(&<mhk>=g#LVe8>@XEuf2%ZKIynR
zbgup&IeYHUkTA#JQDxN4EbbKL{ymS0e>V<BK!+u=o144(n|V~ItAReA1Cz>unc`>)
z^gDR%L|%J9GeF<kk1=u+Z^N@4x!pwG?i}9kUi;PCo!c+ClNxLHfzGVm7~bwv&1ko4
zKfV!&z`soUGW32c+6SV20w#SW?}R%rl0%lk=;%n!3H`(F!{%$WQtjc9lu|+cn7OrH
zF?O4(7_++0`Ii@C6^vDp$5@KY@5QB$`2(1_xtny*)B2U3JEy6Y9`dw)rKLGnpSj=q
zHh0%Gl(N=`@z#&eZVHyz5XjfgzB()gea(&TwmRN>58mFaX0&JQ%XaZ{Yva54q1CM2
zDBf;dGur)^88CD}KW0{Wc`Z@t)o+BL%$K$FBxfr2bd0GfhmJr}a!mR1E+8c-KC>^`
z*W1_2*VEVC*Ui_(ccbqH-}SzZltYi<hat+%(2+0IXXf%J0NArJ07b0Y(#NyaIa>Q-
z13}Q^%xq59{%25Q`q3v(Fq5jY7;PaVkPkh}#KOd&X-mKaUlaJ#6Fd7AHTGj4PV8%n
z*lZ?of)_Ew;=O$W*}}Lv+P$G+MkDu^66o(1-rvOL^mjU$_1Dx;+6S8M%A3CQNHdy#
zDLFL99CuAY4N*MIJL4a_C6MpMmY0cJyzAe2LisY*4Z5Z5_~n$J^`O;U*>4m`kdf4>
z;>Zp)T50>F+DbNIl_oT2o04`i)Lw(>r|Cmg$U&^+nMRlSQ!;FxzMWCgS#_~B((i4&
zHZ%L~7fVtGmhW0gqECO4Wb!zdDIrDkbab%+y|a`FGkZ2s<WIu(z#nu@;B6K$|FDNU
z2}1TcOXrCGl~`ZvABN9b|1hh$w`}-Dt~?QyJ#$0QK`cY(AO?W>moqb~Q%WZSTr4?*
z)}I_^#Ub_NN;hV)1=}FZb*u$L4YVE5LFt=ZK{@%5x*Nojzc={(jqZq&-e$qOm}(Go
z%pFp4XQ=LwWCN194S5&IVMGA?wLt?X^oF2Z4dtq#AFMGsL6irbAmY-rP7vF*P7s^5
zP7p`c{o#Jph@J(Mgh=PKK=xQJmYA$*r-efTb6Uuz$SUYHL-w#PmZ_TiD@ZPu;>7A+
z*g76Xg$(pzL(jIJ?J%xTma)80P))U7`zvjm?`;-ANgRfBkyX9W*6$}nSypW?tCpBK
z0+3mSa=bt8uG|7lqnzzrOoYD`fVK(kJ}U&wFshCJ13O^J$ev_YPd2*#N;Egadh*mf
zAkdYfr+|{e-;)~1{QjV~z->22vt*gimM2kMM`VG?cJyB~W!6Tvjox;Yo*XIV%zz)G
zyuLn*nH<J*b>VmnsQ`OGv)-OTW}H^M+tZkn4qQcx6=GJ2tD-Zj9HZxFBG^~9b94#X
zSK89f<hq$rC0UW~u+P;RRaT%;<;I~Jqsp%T4{z@R7e%=~j?W^<is-DjqOwFI1H^<v
zWkZvdMP_stvD7HdG|j9$MYx-mH)^4rGp?Cgr~CbO>YR?<Os!+AD0s_jnPsJ(Oovtl
zH3e_%|9PHwX7<7Y8-4%3^Et`RJMX-==Xsy^d7k&V1R7O7#JsTs=?zX2ZI37?&PNZj
z$tH%_lis*G*q(HrAp!5)CX4dFUq{Gf|J!e032!hGLCi8dp`|>uWxRA2{q$Q`_9f#|
z=0Ec?U6ZPImV)H9rFaAFEGzl4TQ5Nc?EWTpmPtW&mRoIn{y}DEc~JBmia|wZqq!eb
zkHWA-Df%ka&a(cYI^QVCdJ~RqZV8!wUS+aN^`iNhqri@7KNLNM3))*+lL~cXOZpv=
zr6s1ls?aShufE!EX(`yH&jTzi?S{ip@P056k=eS~DCZWe^_(heQgM)pr8Q{`Mky;|
z#+8_14=pQu==-pEnPyoz+xjOgD_cA`@94wM<QYL{-V+p}mTmEo^1SSj1Eha<a?sC)
z1H?oJNNSLOes+j|es++5vF1P*%*ThGA#nJy6C{))3A^V-`4xt?WZvrNr=o2;K!=}j
z2S~Yy8B>bsrypyL1|3gD=@)y-aX+4l<|@AI%Wk;zrv=Z&7{PTBAfzCk+T2OWP4HAO
zD1mr7esDiZ2ZQ4nB}ESwJij5Hj((7Ea{!KJ_k)D9g8@$)Mf1;&5%5>D2WI%$J^(-4
zi*iAD{2YNUTq=I<4Zu%VBI0M2hM)gs`1v`*&m&L}jGuo7C1Z7z%;~0~<RQzSLP@^t
z*Rw60-c`Ne^!A)3Mcva@RMd3~azwfFV$*<Xqf~udf|Ag&KUXv4BC|Kw*ytkC%{Rkp
zbkSzSSdE@f!HM|z-4QUJSN7^hN8CHZ*xhZ5tc>3NW1j#k(<hSl|9chgPj;r4F6_uT
zh9Paoo#d<HSLUNp>79afwy8a-7-&x_NY&CF?;zqA)I6iU3g9#ZcXTx~EA`9Qa+ctJ
z5{sz2I^a06nTZWwzO<gqOMjvVS3QGYOWgcnx5mv2Dl5=`S_G5cc%@%3(R54;B9u+O
z(z`5ByIeChf-c8h*}819LT|d0+Vq`~G<~ioLy^aaUfpUJxBgS>qMh2sg}Wl?;vYR*
zA3dj!K22@<jYygv(zBm_6tvdG=EYhUD)Xq^6iF99ToHK}<$4#Fsa@=w5<wRaU%_C|
znB6)IhUi_WR6&^&Nf+I&2tZn<)fvM%vRdoyfUNbFrS=vFy?KX3hVA?GuQSxIw@!{=
ztoK|VxWP!AeWy8bw%_!&$+M@tVdU9Kjg6W-+wQpldA1uDB+njOL=wlY`AnWQe%Yct
z`)bGkC-Us;>I#p1HjF&`j`>f^v-AE1hrpG0MkvpImY~bCm=8@J3G(dCP}9t>92uvD
z_ZQ6HGkNxsvQ5sen$Gj7dLzfx*h#weNX*&cFG;tWOe-2uVq-F`F7O6Pw@g%Hf%YPi
zZl^Cr!3&2SAkVUJRuf|rbW}q3j$1A^1`4SIpCpu7n979Iyxx8x)ioCp+(j}fiYFED
zk#~Rwe}JemI7mK4RvqgIQ*)VoDzwJ|OlU?v{rx{d@+rodYO`?Kct_iXQ(WuTgj37X
z{|k9EtABIy=z`|uQA7ddswv^+(GNcO^YUoaG+iEja$1Y>D1O_LJi0%&t@7vt{ldzl
z_e}N6qu#0iZ{*Quy8mf;^nLCx$)g8c8uNc-;Qy68`c1bs$fK{s{J)V$X;Obt9<@!;
z<<Xr}{-ivb8`D;Kv?@8QJo@!yzdV{d<^NxK^i-Gs2lD8OXbmOD-tZ^o(NitSql3Dj
z6AP0^4TJuyJi6#Y+Fz4L7ng!OdUAXOoSoam7~LKje?}fX@fNTm%OYvNzlq7C2tB_%
ziU;;zkVonBKP8Xi*5%80FnN>-r<JNa8YDDMXpQ~eTB<S715{=}9v8tf^yOO@xZcp4
z&QzODkEH1>om+2uuHJNCwdwE1M$mL|XNDXN*R?JMee+_dBw7+l7o9p&j48ax48E9M
zY#Pof`}+l6%zlu^41E%GCz4l^n4!<5L&<mZAJ?~RqILHnw!;dQzGq>Fji<+<abt5h
z<qveFa1U*~1%4~+_euQy6Z?G_fA4_bUeTNH&GY7ZE#6_?q26q-**n-f(0hY7!#lv+
zUr!A;J(}4RHGZGTc`xyH_jdJ~yq&%A-Z-z3Y>Wnwjgj{zZ(lT`%l}WU5C0B>zv$dm
ztqfF4`eO+*Nb-(?A2+I96f0A2i(q*_if1-T55qY0FH<7<(t%$RzxrZ3Hka$6jp<8S
zzGv6bL@iYky5`JIx3L_BK6Y<<B+95~t%0NBbTRST9j8%Ho{f|O2kDGSphyfoe!iRD
zpL>QZ?%#*nYxl;f*Q^c7<^*Pymk{iq;aZ=_GFJoOUrle_Kf|PC)Tg0;h6bZ`QEXnf
z?+LWu^7~)SU^5Id*qRpJ(rr|+X6aVQv0G^8m<a6LOdXlC1v)L*Sl(Q90pB&y#j}+y
z+`(n}+}c|V`ic~-Wf#v)lXEmX!h(mi5q_bLaCcz@BYYr^Wd(v!CfitgntJ7j6egE~
zP_-nDaqK2#ImWegt)HR$fw_hn2Sk>fgIE4>I!#T^p&8}nu`rp+f4_wd)I%@sY+x{Z
z_uI^fZ1g_rpyEH&*ZBK7K^|?iVW3oZ4{0tfaOu-pBu1&a=G<4czGm$CiZrCp*CQ(0
z@-hyI(vdtZKMTfFv>6W5f=NE*qD09xajiaimF3xtlUWo(vKpp9ifA}2n!lM>sfT?=
zAF7OFqI77faPMg?{~l}eh?4RcS@C0=lV}NJeA$>$FFFZ%r5xnY1-tp8)2{PU?-?oa
z-cq$1Tgzoz8-0R44(wQfF+Alp2gl!{c+D3bmx|%@6H}Mak@FwkS3)w^Ab?=Fw?D>G
z*q_{$NfyJme^BdFU-={k<?rE@%3m|;l7Ln%I%!ey&eDZ8#f$|6v$>A}nYgT-ZjDiS
zRa4_#r;)iPPC|5iB&|gv@f}0O_)}?|{*i`u|7c93aSqrONGfRlf#x_BxQ4Dr6JRqY
zlULL5(1a&tCfdd4Md^&q{h&~~(9SugiE5w;`DU1JS3xdO)b#a~$UZpw1n%j{6cE@Q
zBjR}|k?eyRC|LxJ<!X>IThe6Z^;ejt!RR%K)z!ElAn+w%0CFSh9xVJ9dC}9Mf$kPL
zk7K#9W+Iuzlp3|lUF}tO8_K6Kw!M~519J+n{AKlPnFZVbY|>e!@{QQ0Zgc~i5biAI
zI1x~i4d;JF;Q5ch+L{{17wU`DFuqW4rnc-0^{7wtdCxcjRObFBu1@#s6--!RVv`CJ
z^$N9hP{AHZr;gpzs3sYlb%EhX#~qo>N4!><j79Wvy!!I^cKsYSDi*cyhwYio<d3BY
zSkgATv|g0HQSpH=gM!(=Oo>g<I)W0F$p2yqPNeP17q?{*X5^q$B-rJoB%~W}sHKH?
zN)+LadP*&s%v>}93$#>Y#aKKC$<_T-hg|~MRBI7EYfAVKDLAQ2^)r&9RGkVAxlr}L
z>8`$Cp}t?GzAsYW|53!=SE%nds_!Rj{yXaX9qN0EV_MDhg6zzTd1-=;swkXa40j8p
zs1D;K<eFoQp3M_vNI+EH99iencUF$l&5n-~lO|)J$6mO>3Q^x?Ld_IPxjB57=qTP~
zfM%midQRA%ZFN2jn}n-}A6|(c7W+RmwQKSj+91Dc!_Jrm0Djg-aH~tKeF^e)bW+$Z
z?^C<1P`^#YZ&w6<+gz{d@TK0{j#heephQi0IF|XyXDOvZ1U^+)M1|w{BlE4=Z(zsy
zdt3GMqDj7GyR_Ag&OfwYbOU@<LkoN3rSVysJJrmjEHMD*NxTtor_3H7xKjkVomOQs
zqql%G#VV2wy3Iya=R|~I1`WedNK$fy01Qi4J|0;|*>?+d49f|^u=KD%n>&&LjXs#%
z3dAUF!%5<llwBhtfY#qQg4Uw8Kr4e|&^o)hIr<g}yu4#uhgbF3h~f3bt!;<b(h))M
zGKg(~*A}6T@amHn0lfa(nA&D|J%--`yu?ib@VW)K6<8`vh{AN3v4XrXnR!AK;s^3v
zN-fuZLX8C;Csc;;N5T2w2;Se=5Z+rt&NGbo$O2ZqO<^_gT&q)Y;K<GDd8QiH-a+Hs
zsg@REX%QZ{U*D{sXET##h<Ftje4HIoUcNc-ID4CpGf{3I_86;X$CrvZwsGt@c|X$Q
zBq|7bZm|X(C+kNr<ca(^LF8FNU;RrzPI?6&C*cnTyht54B7n4q9wd2OtEBy%;SnHT
z&ILlgRc%4O=nD+_wpInQ*wdH(X?pQxVe9nbAB7Rqi}AO#onA~H9z-v8TH8V|Ub424
zUYyK{0A%iSZKoGw&M}Z(w&AbP_l~1mhu4vUKzJehl7d&~0bu&in6`sybxshNQghn^
zray+a5lo|oMF6J54Q&V02Mr8NC6$@M`^j}QOHF3yz;s-A?+PF?*`|I%a4SE<FFJ`H
z(UhS8DDz17kkhz=c^Su)cRI5GrYLaBrC7hbf?qNlnR7kV%}96JDGKU+NR)o|UZd&@
zq<*L}fT2|yG1t%3jiRe6Su}6u-7Gf4Og0OXO}@9tZa6KNz0NH{KP=UQ?NIR5QRIN^
z6+GwL39j=7LE4L#TY|fL0t>OjKS}XBrJaIdFYiKsK%x8$B`4*}=#4rX<;PBR*JYQ|
z_6z05&<5U!L3U7QBS^n1pT-9S*_l+I%GnGTv0oH*MR!_tz!KP{i~iZyT#k3!OR@LI
zA19G<n?8W@g+2^u;tT9^;bQOec#md=nb=Yk!PC%A;QzbBb#j<tm*6_NfTasp;(2xx
z13w?@!g1a>40^QB+YXjkkbbbG)Ciul?PyHQPUjFVs{0`y`hOmx9TDn3hcV3MAqs$C
z)=-O_A3aL8{l=Ls(F>w8&Y<dTo85fa(H%<>VEDod6LH3Rc?>K;Cq;r%es??0awgwk
zbaocye7w%f!klS2=(CoLH)!plXtK8pJeuH_-#^dRFH7{)wzJ$@9h5z&Lx3$!g0Ik|
znh}{Op|p7e)-v*ohru$!xJ%-^mmrqG3_1()tOhoulhfL9r~$hKm&>(2%fE4I{&6~$
z3oZhYe5hea4ySmB9QR?`4foKzp{W0dM^fE)f$0)%VyHCj7w$bH=ZM1&L7qR&Hd=>@
z@bu7iG(nW={b)?2DOQk%BnfIJY(ahi*7ISLDE%R(9L2O(Pf{*U^Kr)jq=N%GlKFrr
zKWG%?*(P)=vq|YTsn}>Y{9%(On*{S|XZM;s1I00by(eI%wL#d#*BV~hrPGLnMsIK0
zkD_!HrgUIU6&opZ5`JVL@%|1DfbZOg^EJ`^vOnHc6<=0IIA5>DX;SSVM!LHLT{$b5
z&+$(XcO_l085($(Ohn}nUxqGJKudn3-8T_6%+iKY(!`5Ma&Rk{aQoF#jH{DMW`}_7
zxBpZsXEz-84>%deJlZ|&H;!g6Bj=*eRGUkACdN*=0Z4&5l*ciwf(YjlMuaJ$t#~YG
z0Q^&P@slUXZ%++w=EsvC%zzk`H`2vWVmAE#0)A@|XUNkpi}A<lFkDo#H2fFE)waq%
z`4PxJ`9Yc;`D!fuBwuHSrv>vgkB@BoVY%2GbXZ=@Zp&d=o!!R6@~W%|4$IXi+J0Eh
zKf(5J-dCAn<d;a`l|7<$cwIUoV*YcF&~{iI7#swvF*mjaR#)8EMp%^$iU3xf>e>#g
zowW>BFRb}1{HJVf9bWfXBZgPs{I<g@eNYg*-pFbTyzb9xBfQpSMgXrnj<+3Ny^k|^
z)vRg`UaLak6-GaRunW}>R1eqn18Dph0K-BoE<zZ-H9U|UHqi~>z)FYvbpxnVj$Aj8
zp7)n@1A{YzbOY}XYKv~5WKbJ*1Li@0O*bH29|7Vd9c{aAK=CrfS+O$n&+qRKb6Vfu
zPv%6tzenV@eSa5TAGE(cnQhtMa%LO%_y5u(0Mq>6+rGaozpMQ3=K=dWko_&xF0yv3
zU;^;O4`WN8h&*O8rLt4kUQM#@&w&)P*}~Rd2wMC2F!3T_={aX7K{`UV(#rQZb?FGj
z!&FAz5U_yhxPV4&#S?=T5aYkl@<~4^?+j=?+=Qiuq>4iSMW()PEqxYO!<KE=r<#3D
zOY8O1(8$;8#hf;-*Lwp3*6Z@?+pu2F>snv0E=rr$>&GK(z25vJSf2r;{<M&CQSe-B
zC%7(l;TMlYD`07lAf30l?=gzi8&G%=Q!aY14e~d~AuFGwgbrWYq(=DI#4qWDAG?kl
z_{S;8#?E6bS7>*yRpzWRNPGnivN_MZaeilu`Rx1@pc&q2DDPU#4fC@Fxg%QdN~4V4
zJDbF->4sG-f&^8@H+Y9NdEX8jOrZB88oa$i-%H&DDcb9er4DW}Vvu3!L{R&3*OBhD
zWZhmlOThfGAPbo<op-|Kp3@N2o=vuZ)aGfhWSi!l!lc%&-y3~Cy9Di<y`Ko~u}Sc2
zKj5G8I0iX4W$c3PcMGnwMt(^RosT0x-tH#CTtF;qut_I`lpn~;pb@~(*lyk=!95<9
z_V-}`z)J+*c3~%oTNU13>i9rf%p>bkIevG66kjPyJ3w-rpE}Cj9m;IGVa><xHpyKr
z*<I%E#>$AG-kmyq$=G$qV|4ZwTvd(2&PKs}(%D0BXLbcq@DzxQnY#sd_i^MeQND{`
zVgV@2=^_3GkAf)JAnsHO<oHU9IfHj!K~XZ}ciW_O0*JM<f2xV4@TcpIfoU+C@Gpg`
zagbCeq%;UaQOCqDCcTr?Gs*5=V6=Q?r1R>cO*-vO*ZoN_k-AO#pEB~?F&{3UbeRZU
zq1}!6*afV^m(k_8R5Qw*)_0WLv#%&$BDc$qnpY{vU7$ESYW`-MRHNB9brIw-bqG?Z
zal*SoH2=bvq0yJ<9s%O;UcT%D8b!S~8Sxc!kEfgzQoh$xNmibvVc4YJqB|cyaLk7>
zq7#-3n@H|#fo+*>m{%>xm)fMW(D!$?Ap6~r{=a}tREoiIyz%Pz+N1a`nj0P0h_H!(
zzml<E0Pi9Avs92e!`_1Ls~WPq!1voj)?G-U6-Mott09VCj4}6b5!{81sOj5TBltE7
zJC&R>RYt!2e?-|f8vq-<mucg(OIr%0==}n1?MZas6kRW(#;|U|EuwVN+c$W>6}aQa
zA$}IfJ+~J~J-@e0n?<u{e)4E{eAfbb;&x+!Y};<ilRM;PcbvZqYZHR*(Cw$po17g1
zxxWXD+Ac~vMe_-M$!yd)$R^4!<-W})dc4EzhApCRi@5XrNV(^JtGOHRz8NZwlzMKr
zOFxL_Qw#UhSfOC4DAkRWx>pOX8W{hpw86VWyBh`b#s!DrZ|L|(x-+%?RS)~C8on3I
zRr8ZaxifKp)x-XB)SKi%mh24NUzwr%OE7O+AOpeE>4kd)j8_>Z8tO#fMsa6Df!w`1
z&m70Q@1kwfz1}8OiRO(k-my^7(tV)oXc5pAykC@K`2?VN^-ANQEb=?3u0|g-iY$nk
zz@>Fc^e44G407+!EXy*+0;QGjH{uN-u%xq0sxO%+Z5KVY@nS|ba)pV_x{_t=n$ADi
z>G_6X9Qk0e>_B4g`cuRC2fLf$acok~bl$NJy_f3p%Fj3!AoFX&MxoDBN&$=)TNqC*
z{6dGLC~XLd=W*C>xFGiaW0X63n$0|O1Ly3AddY{OsSUXNILF@=*O_BJY^q~GQ<!zl
z0t-If+PlsoRbhU(2dy+B&vgF#it-BQ6{6vL5%Y+;){y~Z0@X;b$wG?7_;ftO2OT;A
zTX_8^25(fxE{aPZWU1#LZt(qpAWGk=tcN=$t~*)}!f7xYrhY4|!S_n-$LOA!pCGyy
zCW<na%}Yv0B2x7s>@@f69Qf?5E)xNy`8n{PAXeuW5>r?@FKHCVmmi@6L<<Lpah6$}
z_jn5Ci4ngOC~-l4K)lzjy!#D8`#D*HVZZX#$LKcd*sI1y%Q|CCFqj-2fJseA_C`-%
z$`S&=+5qd*&yvG@b}&yZl*S9pY8lAy@0bBAad{(i>EKrack4MA4G+cyAsfEu%Vv=k
z*uZzEV?6MfkE2-{p{&(IVK8fMN3Mwn2(n0%Pj*gf8o+Yk{p`~v&*U*Lx7Em}tr?4-
zetQ}}?Q!s0)@s7qA}n3eJxTTR8w3ra{WyC{#wU*aV(XPHZ#Mc^Y|Vo(e6-k-{>cn2
zPn6dBRC{gMW9}HSD+8dbI!AdHzOu=)K&qabZZ|hNd)ooI2SR&fQ(g1$FR7}%ED~#|
z;4q2uO{mqZRn0$-;MeexbBk()4IP$3hXMWl(8b^1H6i_FV1Gs&f5%^lon!qr{+!B%
z<bQ3g|1Z5B>^mCzMtT|~A2QD<Od(;D7Xo_RY2v@gwV?^4L(WCKC`S2f4zqYXq7?s(
z_Ik`)gp3~VgaT&t$ed1)9V)hAjM>JFP0AaYv3hufAWQ7^vFu)DPEcuOtQyjO4f8b_
zBgzjakQE`b`Tk^gtQw?#9!AskDJPa;koqBLA%EXAvU%M*jV$DEO<^(VO>4jAn6Jh3
zJRsVmLmHeC+TiQ{27h1;KFJzvuQ&LH+F*}7u4z2p@*c5GZEX4S?y-JvI~zJH9#@_)
zl8HF}?AMi3O~@CRl+KlnKG?07sPFct>ebc{V3&XCAr5mhNUBjKmK>B=h=KsynFH*D
zAjrwV0lL27%kyFOWfgq+Fv=mIMU!6Kj`EdKeCHs3TTONXV@xFP!1tMVV3xt?>`LB&
zX+h^{a2gboo(4tZx5MRPNmg&Oe1%zt%BHDU_{9$caVg)&FF687wX3q1#~YJzjClmO
z`|nJ(a$@y*TI*iOFXH;X9?Pwzh<9p0V|OaXv#vq!fZvxj`n>~e<|EFIz71xtv#JKY
zA_dpbhkO%TvV-2m?4YBo(l~DwhBvb&O+%_YjY14kvO!lx0;$z-zws+8G3~iLGbRBc
zjG(OfT6Nk70dn9~$1EU!KXj7Zcym-WQ&5KU3rF>|-;~OwNqX}}<<=k5IIVR#u=U{v
zE2sRk;Cz_Y)r{te25U>Lv*^%`%IP1{SUU55Gjc@Fv38bwPix7{O-fb?CaJ~#*4_@Y
zNtqdLHfj>{mv3)zHp~+xe|1`zeS|ieYes26wMmCzgYKS!`4D?t^sTwl5cHz`UGSn8
zyeOUDk#m@RmHf)QICG_Q3>;+P@&%fM{pmJHyS;rWUm$!4hg0+h(yba4*ieGIoc!nJ
zlmFa4AzRIqTaKw4vL_}@<ICH_ubS5{kbh(Ei!I?3|5S?Z=CPtOjiYOE|E@eot2Qwy
zArBFL=pPf19!*O!VXR_RepP7zb8BfQROd36L_@$rq5XNgt0M4cdG-5LElo(Gy7QCS
zuK(FUyFM9qeLU^@zU=(N8X@~VxygQ4n%VD&1L?lPLfy>*xBLc*f3f&#WS8X}5cDe0
z6J_iaBFHy&8qTfFqN%B2yYK&dExAw3s_zrJ7$H7B6Yk4XeSD%gW+YwPGlDhw`<_%5
zO9L%F$|wpW#)zh@5$N@Vx8c<rXyaE`m9Cvj@G^P3s{8>=&9y$kZa(hF%`F`=fSYrS
zlv0#cwbpR}O$C~zHS5rf;YClH*0T3w)g#lER2Uln_B&Ec;_!kU1*h(XExGd4)d7xz
zk9A^fl!<u>&OUmKrGw1Es&Y`(@xfJXM;QxeQr1V4OQH1~BKJuD1VkttK!xM|h2t>)
zIThaJFPs8}F;w_~zwmFtdt*<%788DX1?-LL`cU74EqaAnSmCQC75>(s?XH`#!lZ`K
z3U@VVap^O#!Y%OVjq>)=qoRMgB~5kV`gjZTM-X4rofJ&U%W7dJ6ne+#K7^+SH4;`{
z`I_qOa6~ClYsO*Cd%Sl;FH`hp#;LtzDHGP6pf7)Y6{_X<ow%}^MbMhvsp_}A)NkLz
zZ}mX!^eS3?wfNO$<K?=J&OyV9(0pR97%iVz`}QoK7+nz+1>_UUBF5oN3;Dz*H_0c~
zopcL$YWkCkE&Myn{IHqqvA*cW=}E;_+0FINH$XD8ryL2%Dt1>ajtUk%oSj8zUa^vp
zykZTr9#j*3362syuh<bKRn05bh<m-*Uhbp3Vnj;MDHTVK`Se^x_wPy#%qu2{?r6#@
zmIV#eG&TmO7HcSZ+MilXa4un~#q>@VzT|z+W(IKaWv@kZp|KGJaxYdXTaa^c@kGtJ
z_*IoO7U2q-5+ZP9{cvY07noN}x<KU3o)VC!Z5k}D>sw$C&yWXHApVS!d)BJ}o?}9C
zwdHff{0;IfN;h`peNEDhvB3ek*>5J2{?9Tk-Pnr_xtucLpsz{PU}v1@tFoK_a6V1x
z#<rhskwe?fZVB)DiriV{mKN?gv$k;K)Fa`iOCnga**lnu-B;I#{?^yAv#0rv4l227
zNA1;)W<}CbXY8oOhPzMDX7G;M@a2&-{Q34Es1pKex#Z9gj@-!I{f+gxT&VsXwtIn`
zc0dO@GM#%qMW(aLB0HmT2-nU?Cc)GuWhSl7Q5lgU0C_x(w$sYT^D#@dDAg!4_lF1f
zddwoYjKF>1R3zY@wWf7&zc)A#+(>=s>Raiqtr(v3lL`M@Si48IrBWIxLv0`Wd-iy1
z(Es&tAoTGYXZHwzWZIU>lFhwA5*-MyYO=WmCcu_{9jhms%OU^Eg?h5Nfdgr!*AAp)
zbC>mD$>tI$*&GhQ`jZxJFp$OmKutCm9J2eLLCNOMoh92$X5LujUolO(RtMK^eXPbx
zCTJPwa`cRI8`f&Fw<8IKV#Tq*pK<Q~-oY8?Mhs&9?_)_A_hwqvxnRaQoXg%{*j#2b
z$vBtOB;#B{NX9uIQgNU1&eqg08Rw>-nAp_IatsxQcv%ji!bmdCZTTXtrHpekln<~%
z^BL!I6bUP+8Ryp5O>CNR?mtx6e8#!U8@0Y}!lpVl$vDS1YJFXa6*!i0&d?R@KfCG~
z=W>+S)}^TmxM$%Pg0cT|nOeTJ1f^6hOn^c-SG<>adHh5F#Nj_N!~m#?0FpUpce`|i
zj1Hp>EQ`S}&t`JXZjTe2;pC+c9J_0FaV)ne>w5<9J3tQF`%7|^lb+y`1mysfs0}Qu
zc^dWlY7^=($}rP~cWywz3@o^hEE&C>^md+yc9={6m^5KCGitmVhOVZg^C=_L!p_eI
zEYB4D3|^+FFHbC|ms(#JFdiQI!>g}%Ezb<~_h=yf9k6T{k!7>F2X5?bBVKL6w2XbY
zM|&)#d|=~L)(iE+)$;{Gew1{>rjLNbDz9+t1IgZ~DU9WpD9&JYU|Id%9;ihA6kCE`
zo*ZZ8K1EgeKAZFzd6tT@GePr1XB#}a0`{|-!&lX*IVt64ryIu5Hm-mtQscr7M*s9#
zH-yujt?rJEk25yy;H|H9W!)my@Q;Pm@IBb@qyC0358LoOXt->jnhH83-<%%7B}jaH
zWt<iw;xUzmuIL<r_&91K5^+q(YN!wmRy3{3Q-ynE*2n?C=N-``UvXWq%xq8ABWE4<
zEhWn<AA=DI%~h1?t&pWGu2-sFh*eV-=i$<6vV1y|<<q;7ET3*LI+kK-fc##D&m_Os
zJnUo15HDBQG1pZ=W~bTZ@$Ju5mq$C}p6(RE@}yO#hVr>ZB*BO8<;AfY5N=X?=@&^a
zRaGhwbO^{r(dGM)vlURQTF5WK5O*P}#cOJB$D^kIgO{L&u?i7qDbp|ZT^!4;y+mbf
z1oH4F-Qto3LAu3yr;&7vn~9G}@V3aue8;SwKKvNS)F$)+Dbz59B3AHA5J7NTpYi4e
z@M8>L1jF8D@uksMI2rh74Oti&*fyW?Si|@e5(z^PF)r=Gad<&wbi9u*0`THxd}isa
zpN58VMEMTECa3c&bK^wwFD&1~_oxJ0sW44d`YpJ0*9_Zh;ezvL@+-+Z0Z{c3ljlIR
zC_CCGD0@C=^sVjhU(a(k=^%!k+_vq4&r-UeBj*@w@oj)_N5omo8=RAD(g|Jv#q@Wh
z0`+&uib~&k2V=f)`fLMAWojg>=^^$V>7x4ye8Kvuh2f(~K=~~I8jJZDUp|tq3TGmF
zSF3dTjq!Rd;pph+G(8jLb%U>-jMH$G;MxMBUb!9-l{T%)HR;zC%RWbz$w@3zI>q~N
zA_dGu3RpLWDBzBM#O?J<5Y_97SJVNF-^Dnj^dK6zoDWACU*wx3x#??SF~CUgo2j$=
zN9A*CXR!{D&i?P=a8Y+=G~3$$R#R*FthFn#wGIB(mWOR^kmlWUT>14<I(DGp`6gx0
zKk?p#FFO&{TyGB6+iR@1|BQs*4*GlR8@9I(g2o;gf2c2O?S@;ZwJF%zOs%yBWv??_
zYY)+C=fOFU7jOnVr*G;UX8+OJeulaG3TK4b&!e@|debvai9hXg+T%BL()RfBkUhRg
z-{Uopk`fxXxm^gz@j~Xi=Iwm>OX?NUGir9sGY9(++6KjmYiW=Ce6vQ!lT;L)8XEx}
zZ>&gdb^E=iH$6~o+89aGZ$;4b<9gG)+VsEMN6@qoLDQEn3ndyiN7D4MuT#TBi(pxI
zFmzHg(TFJ~<dnbNP0@%Qlbhz+i3`lN!{QQCgpr_V#1%Bs<rJGFl4!(QejU6m35Z9`
zVsA{0O~9>;Dx{5XH?q_^H?XCEoi?bDc3KGt(#oc9k(jZK#9|Rw8;OxZn{-rwdoK^v
zKUQJfVf4pxziz~ia??qNDc--WNWDN^%%ZT!RwHn{>4H37L1DERgjKva`F%ap+dlr$
zwWJ>?w#(BgE^(0_s4b!8xWpT2AYZDXIHx!Vk`*cP_LE{*{9cnP<c!52#c<TnF+n89
z{~2DE%)nTYG+0Ap_^8DQlh&dZ+gi@26X(1tFn;lmdHfeFfbrcRVs+T*m=zen_-hPc
zJp0>W{s6{T1_m%jtB~OH7Ol@&;wELXQH##3MlWVJo;}*(r9(jUVut~ih9bZUY6RF6
zo0N_DKRW8cU%zEPq1SS(m{^0#0lW{E-(gk``$==`kN;ZDmko+TnXysyG{%UoMuSbN
zV{wYp(gWkaeq-bFYk(iO@xyCG&u=lP)~wov3cw8%q;I5T9m<KG!x#W|EgbalJP=1T
zyd(V{Y7(X6qWLGsIQVOm4utR@YCPEVfOxR!e=Z)Zs)zpd%T$U7t7@X&XX(OL;9}Se
z$Dn{^#@gUVEmGYG67z_tvL?+52@RWpp<%PM(6H%xv|_d+_u913u;!nUC!%G?(6B;_
zp<!F3X1%^-gt9p3;QTb&e{eE2kF4$3c}73;dV703*o+3Fvm;$lUZcjFn`aEXpTy?~
z;uSYJa6{tEhTrx!nWk>brr^7d8wfu{DHgEdZDSpog2B&}4)oKHs(lDmHT%$sNi$TW
zwMpk~DZhpU*LG7P`JbBvElx{rg0w7Xv5vG|cBE>-wM`gYTMb$qM<cUdheKOpRD)~V
zq|<iu1yt70aEyWnL|j@=4PTk(3#a;Fpwoyw48HOU^I)1A2wiRF2B$|y*UZ(ZaNEGp
z74VeB#d`mBhNN}_Y?T!(o;IRu8!$Ci$5ii!xhkeU^<xW|N_*l@p=<G~0B}H$zf?M@
z8}_P_aag1XAzjxo(zU$3PP#6O4JKXaorB9!lSo%&&C{<X6u<gn8&IMBHa{wilA>=?
zQNb7EM+H}V7IU4&S^tTSCC3;FwtgTy{fZ5sUy;RI52RmLf04@Kt+P<;HZ9aTAj0Q<
zL_ip6>(dsjh|;mbJ~B_mibwYTDf-2iy|0Ew4vQ2MR;F?_Pt=okw(q`{O+WgcM-@w>
z^2HlzT+L<YF&=`(1Fe4vH3`Iw;E{>0CCcQln8L8(ool(ZY5Gj2<r8mIFxW!bJ>ni{
z3?qHCS2=ato<5=amhfn+8cConA2i-e%;S`b^R=yWq!T_z8qT;n3Nbwt&wFI~^oZ7X
z2-4X<6VIAH{!{U+5n=f9rKc&L^<sK(!9z{qDT2$AA6kaX?nW)5;gzogWY*JTkITNW
zaLUYGf#wl|kLGfEZgsMdNZoRb?%Ch|^=h<_NWz{#riNE~Z#B;mUpUmr-n|y|?j`o_
z=w5pFcF?=m*}EO=-9Llgy~Eyp#@>At^zH-p?s@j^)1Y_%fv4cfyMNavpZFR~e!=gd
zw*wpW3cgpN!pbHU-mhg9<|w~lg%@f=E4)&xweVl8u%t<a&3c8GvBH;4D%9&0=3)h<
zmf*Vb`!Kg5Z+zd%ZAhKgR5~^VTw6$A`FaH&D`e5*&{GY=IOXTFXb&^=2>#y5e(%HI
z8{oHhqW5-hk#{_Wz%KL_U<hp093x%1`=6Rs$%KD0@#56HOf+G}?8z(yc9i!D-8^KF
zT4~$70K*P%y7zK4?M)fWVqy1I|6T@vS%pcu0mvNXmc|G+@2elPi|y(20^(t>exG$d
z#$Px`iH@YX(H}F*lw!rHw$W)`X0Sdm*q&aH>d^iqL?0i{m}~A8nkb%4bczUkwQ^;B
z1jAajB9+eT9J*B!WDBsCmKlDdyWgUiq5U;)bk9MXSnpMV@?^DUs>T#A+vi&ac}A9C
z_!%uQQ8Tq^IbMcuKx%tkRX4mi*^J&wYx{D3d(=Du?NJZfB}I93%tfE~eL%D&e~Y5H
zBpLg>7Rur@Cg6h-frvccouzQfgO3=0>#Ove&aE#J%v*T(HBopt&d3_&PD|4Ul}UrD
z#z9?n53{maj}P(7yOA+`^kd{Fup$=@&1(!ErM;`cz?Wel5LZJx#~rSQDCcs!{6GSJ
zv-cVJ20akycsMRd>zG!|^lmK23`U0}tsN9F_yz2Q`sO+ta2;srA#}^(lrfb+k>k~K
zsq7iQwGUtR7CU>C2cT4>UaOViuXp44mBmqltFa?r-h;v$RVy~Afkr7=Of9I7rR<%6
zvD_Unmbq*!78nb&I{6B(H8-r&vK<5*nq{vw5?Q%(HxbT%2N6yrzuJOSFAKjQzPAGg
zF*9Hg6WJiX>aQ)xU>rowI$zV1yX<l{h#z;gd}f`xsM)dI`vOp@Ll;BI*shD3shofn
zD&bL8*C8X7vtT@3zlYmvSL6q2)X16Qvs01m|9_|Y4K;Ut(}!!ei=&rYgVbO9m0Kd|
z;P}5%n>v#8Sa5@t`x@<ymBuduPwTi$tN*k{{8Z*uveWv^zN<O!rMj_P^;?Wu-8nnc
zUu;rVsKo*nbAHpj=Eqm?FGf!<nXScF56KT8R#&s=`Dn;JB#h^=yVEB*s0}&1=1VoQ
z?~NyGTXh}Y^Py_q<2evT_B|{d{eBZ`B7ZBhTN<YR9jyKxu(c1@+%S$<*f5?}hw<r&
z)`v0rLjsSQh#(^G<(?n16+7h2<U;&a$RF;sKdC~9PJY=Nq?12BgwdMo^EoXwHxf+i
zq;NX<(g4>CQ7$lA<tfp5<%jqss1nH7_g~INP7&VT(}U=L0nl5EcAw6>H`5-Pl0`}L
z5*<HTfQI&r8q(3(O>__GsoeWE9s<q{YH{b;Uji%3zqMi3r=g5^xSdfxBv4b1!kf7+
zf}Qd0Kba-BoD==A0fRYs2Uvj3?`3hVzp1>!%8Lgqo(nM<`!bG+t_6j#6c{VJ=1urV
zbC7ony{zuZH<fRK$_J_PvGNN3wF-U-25E=kX41{6#dRUd@?WOVoR%cy@%E#%$JB`G
z082Q1&O8uHcI!Z;kHBN>aC8_*N?JQar6+{|I8QbKF6wM9(8QlaX)ln)-=R$D(1Y{)
z+StrK=j8!ctUhON-v*2Mm`(cC`HXiG5Xz6g3Bv@wOoi9@3zLHGUO&PW&Q}I3Pvg9A
z2EBQc(bOLJ<~dav0n-GcmWh%5Y4M!AcV@;u{n2q}ByjDKt--aY3fC#eBY^9L_fn~H
z*~UIvZj6w9@b_0~AMCo3mUF`Z*ayA+`(Vg~aQna=&2c$p$M~{0R8y~}&ECM8eT6mq
z05*G*zuDhz57+FQ&@Av-nS>eseWvkQ>p9w8>MlFv&DM<{nsX4sv|)wCO+AF>&lBXL
zEXrAy=r}MOHd;3Azme`C*-FjpwEs4##hqt=t?s`sLR=lPm?Cj-JI%p~FS`#=L3e5D
zfGWhA32G6$DYKK6M6L2iRa3b-9N0HpuYq0519acfTK#fZ#jKX#|4u4bw$ITYw;i4c
zoQ1dlgm&1vzdX8&Nxw@T<plIV<_BK3#mh!VH3!`BFB5QmSp?jt`vY(X`GIS^EgWzk
zP?N~nrK2iX$>YqXT^HH_<mT<nG~fZ$aFVZ7X2zM2cnyxELiIApF3*hBy`(Dt-soF<
z8x7(J4DBU0v|5nC(J<iik1qHuuK9>XnAe43JZ6)=K)XL}&gTT}X9|mvZJwG(*64z{
za=s|a^V0=Gt#WY@Gl|*{GXu$BUb5fs4YhIP0ONQ`2zGjTO3<8Myk!<rLzwZhrqEYq
zQ8gYDF$RFDk7oLgk-_!~sP7oe^c`0C5S1OGU)d34uaG4&eFy8QHsg#f8_h$?KSA#!
zM^YwV{(d8~+?l*SGMvmv55~zO%AT4CNYO)Y(dk|k%zT}C$HFNiJb`>ymwlmHlIS&z
z?^>{nv?PtyVeBkxs>9e>ep?;tMH0;94$!?hrY->{H?fJk$0g^r3d6BN?0I6Y=U2C^
zBj~O(*YWsOOcUnX->lcIHcMiB7Rc(Ek#LGhZ!*5;=uF@({f-+ZCHn=&bnc$1OW#>a
z-xoCXK~MGdXEVd`OVT$M4DfP_Vm>jZ2|r6_yMFTXv8)xVbViwVV=@U+m=Fh_b3sak
zCX9kR=D`yPzaAybq<B^enc0n2&2ZD#-orR{%eX>RBqkRsMznMQwoeF2Wx|&mV!~OR
zaB69CP^piueSn9hnC8I5!brA#JAq>=OG(AyMA{TnPviM9m?nd|Qlk>xo#R-1)jYBo
zp`62o#nyJylE#X#F<loDMX8o|mqsxcdpb<a+j#ebQKb9L67T<|NVSfd%?Lo3Xw`B8
zvujnW@moV|C``Hyg?7JW*c)=SWRot6^5|rnoaRvn=PS&D>5LTuEG}b8V#&b5M#e{Z
zMjMm^d)dp7$d_M6XSDVu@ML9unYjilNykXTF@YtCz{)|PxY2Vq219YF%jAG%awDkV
zUHP{_GblW$8zV&kLgn5a%TYdHGRXq)@4JD(e^)K?XM2^mZe?obV4$5RRU_iM^Qx~=
zkF30e`e2Ex&cWa=1_n2TAj1t?k}1@`AcJ375SOt_DBtAhHhrnt`ds|{j)HHUVBYCG
zDM*{qO3Qf%zjCwSj^8Fc=0Q^E-84PGzRcPS&;Fjkd-qa~J>QMiaVty@2r96G6;b?3
zZb)bT$<<H<WOg-jAN*S${_z8_t83nZQt5j^w=c8eVP-W~JG=5L9|7=mD18K|ZcWY8
zND-#`vaPG*`Nd`U<+6)JO0KVLSx)~&)h)*=9tkML_D20K0dot<3FxOPn7w>CYQ1sj
zETIhU0f35oZ4;87tdjKffY4T*CZ#fxo=hYizifAik@PH;3MG?^Zm9n6l~k3keAXG}
zju+xV^c_~?KpwM?OjhMte&q();flw53DZ<Sne+gZsmdUf8E`C@lvc&#!l4Ypt#mFd
zYNo}v0SyY#!f%2g{m}e*33L$c`v&>#`viA%Wmx+@SW&_4qWb~tqYk|_adk0ROrH5S
zzC0U#)V$1eEDw8HhTS;T2H&W}ECSe#pvNAD*Wkn(yC(3&>-B9etz$Af?s|O6+$NJ1
z_ZB+vI(fnzcnuX{4!mD0T6Qe>=$wX5B~QYTUON|hGQD+98}k^fu)Ily=g(<+p>(Vu
z!DCH1jG8RsYsiR5s#ewyWm(A>2F+_0gC@R|%6aeb7U@}><}L%tshxhD&0NM#u4Lt|
zW$ffScej49B`bEd@HZ&*cJp@8Uu0r4F#+ddw|IuvU*654d0agd16=sy>1mM;7aEm>
zd(kbXQj4Ur;1)mv?<Ic!Tq6HDK>jz(A6g(MdHpe`CLu*RV@(37Vh>W5q$pR#DObb!
z*&F?J&}YWG3S%&Lp*S7tW~nK8F*P7(7v8qQXzzHD8S}^7of(iHO$&bgJyQzFCDHuK
z;ZZ`hXL9XJoab=6j+u{%(jjEbzPUabkK$o&#IH`7@Mmpjw!!Vv0p-pi7k$jDD;N0j
zg?`?35zPa`kGH3z>rzooQo>FxkO&sip=IkgEGXJ|ps%*{i?5KvfOc5Z2gfjjZSEC|
z@jN)N_A-^u?90Y6s2<L$pUp5WNHj%4arfB%66}~hLAtqPJJ^mfvK{m5e~zhn!zOH`
z9kcJhEgDb1%251)GQg5$YW6(CQie+}Obv~<7`ooWqurSs@V--B<$E${m4A?FmAA>k
zt9<sxW>#7Lzggv_OVy=(eHAUVZvZWHz8t*JB{#Od(9>Upg<k!6;6j&e4_fF)KhhTZ
zWECxR$ybpqbc`!tp`TyE7CQZ|HpCz8cXY6Jeba3G(O9)k1o20!j*sHn8h>=h&$WT^
zM=b|x+Yo=WBYf4S_@j6IRNH#|(TmTvJ^rZYStepglmALQ=()eQ4zF8(4}_N*Z+*C0
z*fidH*JEvmS<jz>VCMd%Eik+Fmo~!eqaP!HnYg^|Fzd9O!R)(9ZH>3SMQI&g?<o=Q
zuj$^l!>ahlAXpvzsV%Vj@TWGyD(Z&_VD-wfw!>=5G6t)ZJN~cZcgG%K@X2W*e)q43
z1GiV$_}vv$r7iKhi)%)4e<6PN?7abi&ry^gYugaN`xE-A4e`4l`LXsd#qZv<Cj!Ko
zwzTc>yOWnP#HqVI6ICwB01`BiDvewo?%S+9%&!~|eGZ~pms_zZt9i4d26H@<Xe*ev
zIWG5JsXmKwdHhO`AZ@cs(7`rmjMco(u~3+L4g_M0v?JTPHhx|)`AKEDhZ}$+-elhB
zyhf1f1MIPQl#rb!XbsqEX}k4COPr$y6SG4L72fONJ7&oh-XBYl0ZASsdF>G<uT@Yw
z7R<avZnG4K(uxtD6-pNDTAv&kpHb!S3Ngf<YoUpAbQa`n(v)7SR4hU1Hbz>9N~ByP
zMhI4;C22uak!>nn7{@tw+vLHj{Q0$RTy_fPw9sgiul2?U-Uq@mREzRg>-Bn9DC40g
zk{9AcbM>rj?+*d%6Q(_-Z(#kB4}<LGj{rz0BXLra(&$d*?B+lCvVkbR-Z(EQZq_d~
z=%pOE{(|`gUxpd7L9Rhq@nz_VQ2(Pabr-*K0b+yjJoH>$AeU7!MKTK5J()aYmrM0B
z$4MB|9AI11Me|0-oiL7^IKm3ST<x$EGTF@AXI*bItV4wKRX1(5%KK3;d~<GG5LdEI
z8wWIY92#@h*rW=<u%i-(3!`?#r0fu$uQcy)w#%rf^sVDp?h@qB_F%IV*NSFUJ^<#u
zRFGHFdLmAqs_BVK5fD%{Cz#*ghFGCt6Tfmq$Fd4XC!9u>$6=`%OqUevLh<o4nht%&
zK5@23KSb|u_#t|LWO<n0tMu#;{z=N(vk5lQkf9X%k{`YiR^{Mu_mFqG!K3R)g9zf^
z6K|pz$P9A0>7*O8E}Gntf*#<N0V?&%iS&++7u~nU+uS)mJ(kTdTkk5t)fihM+NB0D
zr9pHxB$f;nd{v@UC%O(ajC6N@e55=6vAm2;)0YnCP1dL4;a}TRJ#&G^JrxiC!f(;#
zG1_7C?zfq%FzasSlY*-%e)>|YY_LjEg3A*vxYk7jDmjl?7UjoP<;QVKsf?qZ3q&>B
z+li4%pjso<m=Q+wV*!f5uPlzs$=b$0v4tb`8PJl=DVuFm*GZd4x`&k0qL%ykvj5Qh
zGM8e%@Zt#|h0z7>=qE(a!6>V{=d&CgmYeM<KZ>q(7ev>&o+Y=6p5LQH-#WXrTXg-}
zP~aZ&3hj{;pB<LL;IT{l#rpku8HfDv%Z2&BaTNZwy>S6%9{&a|!W*zo>l-k_$N{_g
zM>t7b)fZHHn<op<SH%UZ#AB&wu5%v68KDYevqip1nzuCGJ>IaWFplth5TK^dW8OKd
zzxsU+zj9AbW0fF(wFA)x9?uBUS9SDz(QKo;#An`F@}uC(HL*2AvKAn-ss8<huqHKN
zwtR_A?jvMh%9njd1bw&>Z>Vf;!3V2tm%rLd+l^m2JI>WOWOnA)h;}LUu=2S^i>qNM
zzs$3{HmB5QaD9)%skN9D-gP^gNgs#${1c<u*FZ~hvKnTMg$CCfF+mpMA$&h%wq-50
zXicfI%A<^V<(v4|JiCwQlr|b%d+@_e(9_5`oTw$`gw?!>Uy_6^8tU+4{)tO*=B2)&
zP7!bXSyYe1r~>Iqs_kwtH}7>{*F_<J_!{C@B2yJ}6eNBT&aKK~g#Bj_rS=p_eLcVO
zK4VVf28=LM`Y7!CAw*J@jMq|G(AUJAMKg@Bt2)4^IUR?>0U*zUUf0>A6H0t6<9V{%
zIWz6jP2K^l>(j4>{gw;*c1L@lsTk$HBc7DzjSJ%HcN#XrNrEQ*uJtArh<8-7*f&1(
z_c@`Y63}vuDGJnl<a=1L(Q$^2z6x&@<>`{XCwJ!)$~uf6|GEl(e&wBUu&%el>Ch`z
zwmuUtSzn8n>TK@e@zM#KJN|Lpzj$rx+vK>%=I;I)?2&kJZKFyd3fw)@Mb|ciz4tGo
ztFc>251YH^YhnuQn#yR=bv}`I{bs=31tVP-9qgYiUty6hXZ6-a+s#{?$6yFFlsvgZ
zzGQnQp5Sc(s#o?VZc%sl(vj|-Zv5El&Mape@|57Jydb#Fr<IJe0~Xis!(K~7!Q+j>
zt5?{kKnX{?qgRb~_go_y_P|o~#C^LI_v^cL@NfLP!(pes38brw?aiJT@}2gp&3xV&
z<4pq!0N7@qx@ojK{_la~&y&05NhUV_3O0T`Yx#0a^p{h1hA%_H0!Unj3EF`pvA7O2
zX88FfD}u*j*kti}Z1VEW9NP(-3Z&)R>Gz_MMp3#^ujTSYVKpOhBA%!)RpID#e(=7*
z(Hr*@x3RH8kQY<4$OTD@tMTU|3*dn{C#xi`BqyUH2p;ZuIBhlsf3r^irb}Z5zY-6a
z;c=FfI*WPZ{Ovj1?6{odk~oc`paZ1m*C_Pjpe66V29|u4U;y^0G7*<N_`JjO;!Qd)
z-t370c&iTnjekpDf4jMnFZ&(uJ3R1D#-{fTe0d*Kq2C1m1nFN_X~z`|uOv<Y%msYi
zhH;GnJ>ypZ-bgT#_V(U@gy-{l*C&)wV%>${@#M+30X_Cy$U~%rW5Dcj9<{kepSC&j
z<*|T~(%3~8aLXWdDyu-YO#0EDvKjjM2YeiFclR`kzAdb)D@uxO?##biq`iQ)Pl_q9
zL#m*Q#>A2$(N~Fymtna?&w(g0Wv@-zC%{1i-0Jgocl-;Y0S?;=ShX|L1J9Qggs&@b
zxjrF${iG*R0P`v50nxnAaUC3M{}A2rivUH8(?jP6=Pk?|&)bS<jD~*<CxRj0SB^HO
zoU%==93fkugeh7V#S_=qH76M$%rOWv<uYza2~dkKTSmmD;*7`O>|=FDXV_H40mQ5*
zP%$SDP)C%yU@8ERDW*cdje_LS?z`MM1}h+4o_maeK9bAUsSWHZkji$k1`448<nRMu
z1LBvlz7`4i8YbIV2I#uc`62DQJirC_2m^j)DQ#%C3iYiPJ{J*K@NHT}wk%LyGEbB?
z0vppP)t%W3l{eCcxGrFS-Wr$Z?rF#~{Als5qhZO*zo*RD(sCM$Wzlfxzbn<ucaOb1
zDzp;rR;#<nkhkb|tcZ7lqPfEPw&25s<I7&cJ3voP@`<R?acuK#XDs02btswpHnP1}
zGYjeg4t-8=bPwrV;7(do;7(hE*4~z{qY({L_G4^&+B`@3C$EGp1C>50aA$r(fx8Vy
z&^*{~uIHaLz&oIyL`TJXB-@Gn<3}&}e1Md837!ulze9c5Q_k5_&I*RzNMvDS2m6!e
z*72r}uxDjJN4XBF9DqI=oQLh^Q+)YL&|uA17jUbx`mV;Ij`;F3&UhqGjT^mj85Q34
z_<M&kF3etDG(3*czGRPe5w6b2IKZJXu);r#bZ5SXyd3WI0(W;fd)5Kd#+P)5UHF<H
z?Y5<C5$Ndo5bv+06CkfHnZDE_XGrOR=zpBr7u>VsEsdM74|OZ#F;1fhPM$6N6ByVV
zN>1fTCoL(P#i>79q|LVSO1=!uvSGU|g?)<K{&_kH@UQ1^)ChNy%2n3eQ*h-0GQOTA
zV?<9aaFx{<`^j|(Rypk*w#r^xidQsL*`?pa`kyi4F5P#UtREePe{COKu)r#R1pin+
zf@R*&AexUMeLUj03Od#JN%{T@2qlZu4-0MPO6M_}1!kn(JY3FPGF);jjkmaG8FCgC
zGoJDW<fVYAJTWT;)(0kOX{@x#Wp(O4+XDM+qqfhi?nyrLiIN}GMQZdQzDmnCYBDA=
zr~ucBj7{oz+?ht=N#)P#*?|JpKcj8Cr~r`ql19&sBjX<aAwY)#{I&=b(I)NINFnea
zuZo8AFrl7#%$zHj-~N>7;it{e!yoyw%P>6hg^TF#rrSe{(jGOB!lx*nt9cZ@S3WGH
z9114UeP@DD?O_47Js`}DPOwX}6GeHn@r=b_bW9ZFG08&tE=PA}-XK*mBbT|(Sk8M1
zyfg)u=N88@qbHPM_DpITaN0S@Z@MhF2aakOhS>@JgXt$IC`%`3WzD;B(A1!3wWzos
z{hRJku6wJ+JCyfWKw8heX`J^ZEio#LqR`3Wr740xA1W-!*^k+R$oWCR>kJs7ZvC4r
z_ViOByBi)4U7?Pnaw!um+%a!!jgE#!EzoEKHQG^mX+BwXnI>TKcdN~hX#l}RdI*|d
zqc%ULp?sGb3!Q}OYUSh%b_;a7-awOl1AA%nePaW@Q`!zP_*gaGth@h)Yi%&~YV=h3
z;4%y!KFWwHyWU##@EBYQY35F&z~V3gp-Bi63jMHRo3C0%VVaGnUPrUzYkoX{DMR+-
z>;7HBG#*WQmT4_F&aTM+JuzHl@;8iRSeb}<F~+LBH=>4Jxmbc&*8llS(0G17PH*n&
z3r$DBM>0J&f_`B~kZnZP{o!bahVOO9`^)~L2jpwL_UI92-t8mr_45hgdOe7~=-Ofr
zzn-SLW@4_^>Ev*W-6`@;bHaAIC>C#7N1z#&D34&Nv@eBU0co_2@JMO2F<(?aqu{A&
zckc<hYo+B`)Qy%W^F~1%>7Yy7igRqF&)ptwr03dGOhTa93k;Ss)rrm-7XFJo+jKQH
zi$%^8^u!q~hP>!@7NSE@`$t)(jptcek#hQxG!8$eR2#2z+OoUZ=dk?p*rXhrbWmA5
z2*{l&BohIqNtn8N1lt71l{p<7n$9+s+KFhk@81?~w#n@gE-=gM(Px(~5dvRd70c<)
zyg@H|$Ff+DCF!vokdb}^Rii}I*0Y!udoaP#)P-pni)~Ujt2PY--wb+1IE{lv;ifS^
zh7D)dAKf^N@DbCmQNWIe?HGn8@-{wCvAKu-^qWdj8kIHSu$;xfo7eI%;2{1^aGi|7
z$wc3e(;MpUYSr2u-XTo8#z@+Q(@MHOms^8$P5JOXYIvx>;Z47uYT9sz2pdk<8@~BI
zc3N$|E|wEn0DNG46Daq)TR87J+YXr8C_2GLb%D;Og8XCf_ztcy5e5wW9~9Pns|Nb)
z;qInUlEVOPG%QjK4>C+JGH_jgYdCOiP;Ezz+I5%TG_;7NxQMw6d&iqG+);#4bnLsw
zCKV|c<I(DM=p|kB)!7oOFFOyi4c7KAea(9u8}E0wHyv-6zXgr=@$uoto7%#7d$94o
zY-)bIb~fGzP5OAxAM``>k|xl^tq=mj&!|o1*KujIAKwqzk7a1~1xNpVFES7G=pYaD
zXc}P_cJCfo2!BfFC5`0-KCf;Srdwgrt@*qi%%o%humoN!Z0hIwhu_po=B5QM+30cM
zmMlJ+5&T4F7pyBV3zT0S(Dt3UZYG|s+eV(PTSCzK7O|zQW-~Rgs&xm4(S7C$m68hn
zCDul$Jl+wPdSJpIqu5fPQR<8*n=UnD9voqp+L0tEbH}Es(V+w9bOYkOd*C&^Rcri)
zxG;@(YO!&nGRcv~HMO!niL-iaJ#t&Y@r<8)o?v>M3xw(K4Bn5jcc+5h)v|Y!*t>?H
zcYm;V!`ZuwLGRA8cYWErC_~`8M)od_y&D$vE}QgdLy!N1-dTg*<*;|V*gG-kT^@V4
zlD#VkdWZKDA)%DdFpI|`<)%p(O8HEvN#rMbg)6bbTTLp&)@v0m+yNCDnpBveSJ;OY
zY)$e~9MUVS!3y88fFY-!Yd(C#56?vuzTuGut>G!y@O@1@AbOqED&$}V)7j7p(^O}N
ze5Dsw7}vzv;dR}UxDl99GKCItm(a)XGggRcGKP4)!dF<~BAb2vvtjav{O{Q?c|*Q=
zw&lDb->B{wf-(`?Uwb}u0Gsqh$i@n5nk+)mIjzFwSV3%JHhbTBt-@JgQ)?!m#|N`c
zWklO6)F7)<gGPZhPvAcoHrTt+J72AYjGOY!u8ZUdbNWVR1S{2g??z$jw;Oe%SV76U
z2S}ahwR*Gg)#e)m(vMsTuZZc&)SG-%ZSqa1rv{SH>wAs5UGA^bnYcFhMvTZ1E*=B3
zFH$d|f^E*5CL9yovlGzRR+I}&cDW!CT|=_yvQ{~J0#~ZjkxCXIIBQKN$1E62KfK_x
z%L|Nl`GG{0Gqxs8B(@lhTF^oS8Dg|<IsE`TC}t2heB=S08>V1kV=1Ks%R2Yc*7jUz
zFnBdkC1orKEL~<`8PLw;ps(KxL`3E!bF1(+cTEO9@>V#?VitEG3(UvjtXQ&<W`Ps<
z`U8;VTyxXm)I{ZqU4EFXVN!y_|2r@lb-gnD1jaG|xkS!^!%4T`nWI_c@Fr{09KK6*
z5}j%6(;mHcq1M5cl(-hpnbpy3<wR+Rvis9MWM`j<2BtB}p}z%YDMB@H1X+p_z43oN
zKhe3ONb(a|{}#@$3bu08GTh2Ge;1>m@YvH>SmZCf71)hUhe-p|{|M8-BnD_;K65b*
zOrnzZ^3@>(F-CQ`NK^`8q%~)nP^)tnwF(2Uf)^jzE-6y_Z@;MKtgO79CD0i)SkLJ5
z`cy4x&%5f&>)1;jE|)8|nObt5$JIJ<g99A7{-ze59;DfWlQt|FcAX&4HlmozxX_FW
z!L=Zna~RR!WrAf=B?WDwe9G0zdr!scc<hV=%mS&{15z>kN=6+&NW~tIiYdvb%QHvl
zXCQ~9IuwbuFu6)ebg~vsc(al4{mt#T;GN?832MTHo79c_g`ue%m($iHy~5~K#L?;l
z9vJ%@LGXSQo-o76YNia>&wyC_7;_4|_eD~o)jSo(kNexFT6WZ%<I~bTO$GM5=3ZYY
zu<!M0XV-A7aJx?jwn^DBMN4N;HH8t!Ndt9QB`6=Oh2p>vdvYzF147K^W^oA;&>@Cj
zqQ|IT8B0t0b9WmqsjzLBnx7C&%IlO%qPQk`H=O*cShjqc64EvFyCp5E`?lfCE>&g#
z8|_`EkNfOoHtwf0Gr6UI+J01C+q(VeJ!>PjAMNXDyZvbTiXi*ZH$G{L{pkIlw9$Ta
z-A56a0p2mA?e?R+XD~Csn(P0HefGYuT8GycUquYBhrez+yh=X`g4c-^ZGqR9E7}OJ
zuK$hzUjLrnc6dEBox#hT5guMd#xc?F^Dp{uG~D?nf103t6a1G5|D`Xw6`(U(005%9
zt5NxUFlN!pEfnOrM%O}gb1y&=v8s;U!!5+)91|m=9c0Ea?*P4jyL6K%jWCKXSWgq>
zRmAn5nvaPU(*;bt7DLgY7G~wjjselikXyTPc0(=2lU&NNq)5P!0le(lz~wmqBjRF`
zqC!mBCal&5fWES2o5+ad57BcWnk5Q5D7bcVBi%iF>q*aI1@mr!&;QY8I4JPLe-z61
z@nt?jRbVot{etI6v@&NdE~E#YS!&RJF4*5)9Zv#|C(+RvCkT^EFxFh<(^5ytgrYFO
zDjQbf%Z89z>6G9(-%fCyHwe;RjEo6Vb%GullNZdJVPHGaL6;xClX9|kPvXnA65gwc
z;C^`&&4Sk3r6E57Uxi+nCQJl(1o$4nGv$j%;KVB5=O8<{yQZabqukM%1Q%E|K*lKm
zYfA#oOLRxC7p1N6m{>Et5e+9q&!Ol7X-MyplC`%H8b@}`w4ggx+77HNwtp+Mk5R(P
zeY6Y?Xf8ep50*1iF}_cH(nxo72J+-0zz1jn?t0I!(Sl)%2w0RwS8RD1hXRMsKQ$Ds
zHOO_54(0&g{h_@+7{)0bKBPEy-SGFt503dX83He<*jAW>PEF1p>e^@F!{x|9q+gfG
zDHEoqash7~hZS)u^LguXUFi8E&`mH<u#0N`X@TXRE=xiaGE6~TmPA2N-ESu)BhR5G
zqCRpLQ;(;!vLa>AUH(MWSyZ^3eTdO8P%0?j-=4Hx?2AAVpchk1Cx^aR(n|~eKVPu$
zEA2TN`|Qq3&=W5w;!zLW{TXy`?UKX}@x-8ZCQv(hLg^eE=M0Sulc-YBWTc{5jO2ED
z?R6$7C9b(n)i&n8&q!IiN{$lAFg=7E{cj3O9bqH+B8Rd!LTjI|9))y#EjG$qJ#5sB
zCwbUM{%vp8j6j~`k(;dC+DU4U&t8MZI18Y|`J#MBGg1v={nn!xw=FkRs$otCDAE*%
ziZnM+cPP@JmU1;yRo0_O!@U<I(sZE-jVKZgBW9qCm-sc-%{ZeZj6(1W3BsBOOQzlX
zz?7Llp9&MIauQS2YfQfU+?8anK?*+1TP(`<1kAjcvd(e6;5i3W;hX_=kgh!#LDVMa
zo5X%|vII|U^u4|hKltDS7(izjGbW$syg8p3ytBVXS$6tT!QAM$+a^ah*nye0_p@Y)
z9wj>O-i`Q?&7E(snPKx*JNAmcjW+W-{<#YB>~{~W?j;b)QW9glSyH;*lI9<p*`p@b
zoS9VQ>{FAAT4M7#{<(E{OB(c+FY600;TRk%?JPZEzzckL{3c-QyW)ITF%;_Ah>#ta
z41daY34GoO3>J?HG|cU%hV^%O=pYxoV?y)$6=Q&HJQ71Ntn|)QEkhm*gre}M!%y)D
zp0n+2=7anbizsY^4c*ld4FJ${2+0jXwS`b%q#S*~CeNWL1n_>~kV+sl&z?F#q2T8P
z<%}kA*FEs^O4Qb>IiqKU&44}bPPUlXIEgs`8IW<J@2x|?kgSW?x}^SEPV0BzRRX6B
zJs+;$7}jsMtAv*NMdA0Ao6-XIyt$Syf1icLp^?bNlnyZ=pw}<E<a5fC_2GJL&w72K
zOMYv;UfZPC{3s32?+^;)AqO-%8m-e&PNkoSglGVzym?0&5l<{YPYUJfJN!g6K_{L_
zO3A!-xJp7z8l^PX5*6Uf_Zt`uHTvJMLO(=u5=!S3agOnNp2S3o6+)Qd4>^1ZqXmG#
z*7LcXQutN`WY0S>m3`wtyk*HK5PuQdm8)L3;3G1|mp#R4<LP;zDLIq&tCYM^`Jhgx
zXu(u%F}u`MFJO5SyW|WaZ+<Ne4XMZEieYfT?XXK{m8;(jB5s)zQ_0l}H9y1@{rdvu
zy9Ok|%{2$OH4`R<No0zN=kn7y&0oEWZrRMI__9LyB)4?PU~Wzg@%gIG<|hyo|5b{D
zBCiXIARKP+ei|e!e(rq>D!NL;ByfI!3UBil7D3@{R5-(5cn{`(rb4H`&=D+dpTr#K
z?$2nYlpP~L;y!R8R3x`v45;%jtaE)69nCAGlsToiN1!bGOO3lpjiqXh`_&qy7cm0L
ze53N>9u@-RTU4CefNXBeWFAPF<q1s2x$-Q<w;2F`$~NKcmCYTq;FD1RLsW!ydhi?6
ze{@P8Y^9?yHBmhp`Lf3dr&>B5|NYyaJsu6zTg<vaR`ry`b7!?dJ(queEeMN_-_|61
zn$Rp?A#V{>zM`GlTJ38QY_PxI7LbEBY{Q3M)EE}^Fjt<7q~VO){O3E%Rb&_Vl@Hn2
zTEYLvDA?BR4ehDTWsme}WgL$lwW{NYQpeFbl5zaAh#04IF*`4rFRN(BLO$kc@w%G%
zYF1J3VOUK~^vg>YJPpw{a|8dx!|gb(MS91$waIi6!ux@j9T>qW{nnqNvmrU?Z0Nww
zhWh;@T0RL6E2E0&Buut}=!vp`9Gwu@$F?uww7vG|i7<Vrr|rMKY~{2)tQ@(O^#QX>
z2%15MGeEY*li^zL%vwKkI=8jfCAD?C>=bNrQi6s5Vgwy#Xu@xiM<4}0fXnB8m`*bV
z>BhI?)3AU}Gjy9(D#z0u!3a9em_seGP?*FU&opd7d0;O))5y`5kx$f66!Ya{)H6-t
z0?srnq<GWnfdf<SbPY^MS-I?jkJ=}~z?vv?GZ4cn^-NGHL^0k&mvZcXs!7_7zyIHz
zH+8Gk^X8!P=}U}K6f;V(ew-GH7Y`fzMIVWjiHN+(+F^4w9imE#C5;R4Z}guxb?m&!
z40GNLc{I#<vm)fYc^xWtdo+wzxA74yO!XJ01k?6e6wvOl@>C8S4%3^YtG!o!U5u|M
zHd5p(HN<2`wB~US%`@h68M|OlFKu=|zcn^+KkJ-?Z=IfJ&Agd+e;LT#CL(v69L(KP
zvNbg)md%}XGl}`~%tU>Q*jK>@d{=2<1NK|h$_6~HOjnHxiWtJ=WDS=ciP2itD&@VS
zjNv4H=JI0!eO=MiK&e?S({n=_=g-E2_}{Y~Gnc@5+*SqbbHPKtF!NwW76S)Ywah*P
z!TWF&fJHHmNYk6$Jiy8+^~EhT`#y$4X|dULA5gO&=Y=fNNZFd0z^^PS(mHzrJA3rE
zaIomeI-AzCv$B1xyMgyVO>Dzh=nW+6lhCNgL@X?2|H7+7<vJPy8llJ*XyP^j!?N2A
zziI3_MnGlkc?IWZ&oN(^((YzIdydhFm6K!q>^aM-i;+H&l;O9^Te}%4+u<izgb#fA
zT$Pk<3?yY(xW*bx%ATtOQs#B5EHmu`zU)IJ0vOi(G|LEFlr_>l<mzzr3~!Q((UfHd
zFg>u=SGSF%>HH4MZgQfM_@PhwTRFRQLiy>rAhLF>5EXRCZPG>9<#$HslfE#W@+X^#
zp`MAm9Yfl=Dv8GRVl*yqNE)Z{)9@;RoT?9;NBTBzAjiQX$?XE^+eBv=`u14}eR~@!
z-rx)q+3PAQwE7Ekp|ArL7WfP8!Bp*;K-T%$Y#?oqHDR5v!Mjb^st@DqgeHXX3ib7^
z_`0(iX|8$x>ABq_RQ^e0H@7_-0snOG=++p-NqzFvh7;9>osl$b8jXw@u<+k+W-L4=
zP9cLc$Do!w>~dV=NS{(WjD`*Y7A<~tzy8$|+WePCGXH|s=Kq4;a5ruKku+>7NYzz`
zj;nRup1a2#)Ly5W??!NIQ&bDesfOBCz&oZkmm?{6%`%OAG%81*iC`d4+WiA@-qvz2
z$-4G(usT;Mk}i_$0oqG<kE~jnVJyy2rBcdcT&)k~1xln%B7;dZ=Or)_MNtW_xr58+
zg8flO%F(cwi;Qw{G%C*Bzg<f=vUK^%c&4tbtIt;;>$DeHr-p8Uid=K8^D5D|K_lZp
z&_ut&t7i7Al-qg8LoHs+e$A-P_Q7eK_fwq9hM9dBfyIYaGy4S2{dET2j^D!E*Q?Mi
z_Z{~!2#n(R@?Gt@Rxqx2od$)8>gu&y76BAq9i{HLyQ}}?j_ag%_^jIDvZq_$aevdl
zTC9FG@#zSLSw9kuDtdfHUw2x20`Zy|bFMY23$}dh1s^-G3KN9#T|nH48+R5mT|U{0
zOt!>wtd5WX(q>}mqo^_Ok$94nr^im@vU6QR&60aep&%EV1XtAzp&XS2Cxw3P{Z<r$
z`(^cL+pnbj3fvb<2N$!WgFtsvMil>w>C(&HV?4#v?KJZl9CxQdJy^EpM2d!wV^8kJ
z4(w1HdU9?9WZV7#Spr^R473Ei)X3(CS)&8yI5AtFqlwnST~a8xJTvgVi_hB@WD275
zkN5l!XV4SJI+LyOYhCD$z|cWZ$2wFU>%aE1QzbZM<NdMWu0ndma)Efhku`nwPQdd4
zYICn#Ks>)A0jt^N`6gS+dAh_S{(FmaibdK=`5F4rC1!CJ`jufc$L@Z41>*vw+s#KE
z{Y1I_C^^2C64=UFf_y7bf(#*hyyCnJ9mT#?2248UE3a^D@piD8f903#F|@X=3Uz!X
z)e$fjlZoG6q9HBq=@u||s1QWvE@MlOxMKthxQ>mzc>Z`mctO4DHLU9C?IYB%yioPQ
z^T%~rXTkU{jYJ2}pgnsXqSiGBKOELHzD`b-O^!}jYov#HC=z3~b>)--8zv~Lbh>EX
zHg9{&3vz-Rt}aM)fQYR;=Z-}Glh5u2SKrf`V(0U#HN}p`m<-fA;L9H8T2Rw$9g)g;
zr?%YugZl9t7dVNXizArC%n_*!=mDU5gAwqN+W=H&)d8<Rdz`5wJFcT_1g)H+MYY<H
zG@_6j$!LDbYmF5dqBnev+VJmk1Pzx%!*mX`Ht;CD{maz${~k&E*R(qDN*zd-s|{yF
z((qQRf5WkZ>`H*ptG$pR?ezZE5n6JLdZkapai4bqymT<|$@nr&eHqi>KYv?Wf+_k)
z)%y(P$-hT1(mvK!*~n)DsSh@MT_g=}%JnaSh{g%-9^W0KDb_t=;noh+=3jr@NBZq)
zt!+oc4s9HoBKch@f^k@KQ|VY+5qzvUX9$n2M@xWUyU^e7L5^yQpQD<L_HR`9H-F(w
zD6F8uNBo6zw3MUO9O_N0a(Z($wFk+>eEB^s8;+mYui1iLeI3Y5|JxrbQq|}cqOih`
zO)8iUunNV>!TwOea3HioXP?$W1y=B}(9`Fqx5PmD6;u3EYZ|l;O7Z&-8|eEl>H7@-
z_vy`jKdphumFPMUoCYVb)=doo(&wevQ5uxgpebt2fAJsEj;SdEy-79i0sw2!g1QFt
zS=L~}%bI7kD$J2lDb9jsO0muy{O5j*ROj%Pc#FLccxQU=^Um;2SM9EltX~z?0$D$u
z!)&kq+cA@){K)}Uw|p5M<jO9nQnMBNFnK$B<GpcuUPUgTmk$js^zsxoAyMnq%FP{h
zThPRsc?NxIXlJ6tyv2;}`*+l=gKKUJ9hDs`4p9dl4HW@<{R4?_X&~)!An2&$HP;*s
zSa{`1kSJ<?_OCOkj*M8i(O+1BAKnNL1UYRE%E3X1KK^Q?N8gHti~WVjHY?Y@dC}*6
z)O#<i-QC*f-i~Swx=el+KJ(ht61pxv^#*)%qq+d7t#R_+!2yqsR3&{FoXuAU+DpeN
zJ+Z8vj#zPC|9CC^Pxv$w3MFX}Giv>+LuQb@nBTlez7v@Ge4u)>O&E_TfQuYsk+$cR
z`xe-3^5iTG&Vd|cSARTk*LvU|YaQ34Av`dU$HOp?osogutsK9F7|6{T72dcN25)=O
z{4@Vbg+DM0i*KNrJ5><-{%8U^%M!GQ14~|7iXzsk*KzQC8C|YR=S2y)xCe#Og?7#{
zO;ojK^35=cu7X^ms8K^HerRaiPHWO+vZ{8+i1TteW~rpxV4}8=IpEroCM&Ohdo6hh
z82>-!zC6Ch<BR)-EY}h@_SmDM60w9>LM;i2+;BrEt+llVwU&g`PD0&YLD804ic+eo
zN^5HoYiLo`YSG%a=eqVKLPFj-bLN?6kKFYAectzvrtWjT&ogJfvz<9JbH*j!))kwQ
z;cv6kXoG_VIAP%lCoIZDI-*T@j2P}HpqsGn3H@7gukG0GLf4j}cajViFhzhp<$LhT
zvMV<GGvUA)Z_Sh-sj+6$bGZ6AThbe3cmU=kR!Mhvte=jXZF@hR0Q#%@<sCqOLaunb
zYl9$C^@nM8j1S`gKLGUB0D5!4y;=kiC*M+jXT=K^UVCg9R@h=btcSQK^bKRDABDG=
z@UA!SW6VM%dwACSzw8J8b$&kL|IXKm*Sui9QM~5<3k$v{c=!y(p5XJT1=$n4F13Jr
zf?rO{$DZIN%?rLKxKDHJ-fMalG+uM1dGhjtYEpzfiGclIw7j0qRqWq}`x4lbzTkLJ
z6xNR)7re0cPE!<CXi7l}>-mfV7FOq}`6#U0;RP?O&EZ&B$%UnOD{hz9u(VgVub8xa
z@3;4!U-07co2n?T>C+2RTpgwtu((!F&PQ>zY+CT*@@R_1b<`v8_}a&9P+q?p#Mibt
z)@b5uuXFJD+HlW~PJHcqLW+ZThr=Phb~R9CBzrg-UQC9f?(L9bY}@Q>+=#JVeC~gW
zv0ZwyBF1*=)Pls=?l`r8F}BN2{ckb02TjaJ<uNrbc#Q3Xjj-~}$qh3})?&i^H}QzZ
zlOZe|5?<KhB`gBGW1=7anuTxoa!w}ykOvr6p7#j1(lFKbrna=fSY{9c8-iA6#L#<m
zZ3Cuw#*w+e><?g<5ljkt!;(6wq(SY|TEH24lkgrmx4|YRmXXad8a&v<fPF{|&MC!M
ztbo?BcXA<+qM7<{!fMksW`C=_2T84mU;8xAY&>^BOflRBkx6eB&xFgx?|`uz#@mm_
z`Dl+9yjsQP9;A&KuD6X%Iov(A*+HxQh$U@XA-vu-lrE#EwFqsK85Qag0C_Vf4Hw?_
z@-ao)GoVn-!meB1Ci{WCR>;eWSbBaUIyDy~Qm15lSyJIFZc4U~CAACvhuJc7s|Q~5
z2p5pqZ$;UiHaJ`;OdH@~a=JWB^7F|;FY@`6EH6A2nUdv$$5v9Z$Y;))(4}b>nv}=e
z#4X#pzloZZK}}Nsv80aIPi?^>GAEtvVN%{tPc?pSVjBN!Vj5S}|3<4|qH!}K!$iNZ
z(nPI5jS}e9l_ciJf#VE;Es_eEoHtD(FwPKI*pmSFm~_=z*Anjb)t6-#V&~I!Wb@uF
zWO9wr5tIuig04D(Dvv!(t~Yc9fuxLGujvT>A;lr%8|GXDl^Y)l7dEkfhetwa-hnVT
zhQ@^V)O96O!n>@*Ve&{<{w=8?un*MXlN)b#2D}gt2&EhhSDtj4o!r_aR7<{->ni6e
z<0_?f5yaXLLwBAQTAL=|FMN691$B>g$PNQxtfNIB_6_faq8qy*3iw>s8?}(SZ2Fnr
z>@%L?XIK`^C~nEb*Pru``3php;YspP(ckz(=jE6}XbGbi5Z$23)V5|6qMeOnte@?T
zvHpp^vG#h_l(v3m=Nbxt(D$B!vB8I}JF@t3uEUnpf9UY}G<IKZ;n<X151Ty;PEB=8
zt3%9Cr*)sRg>-nzW{Gy%JhE(-HqN-2cM{(reZn2uJU2$u3fjS5Cx;$tY7s~eOtAw^
zv!Y1H<#B_?z9bZZ{UFq?5Bv=v{~qhtA<gr))!x=$42jJOjPzTw4^I8g^^-NN>_-hE
zO~QGb{BEQ533$;coX4V3285;2c&51QJ2i-;Wve7o>_Ox1<m%fG{`5TCp;$PM@{)`S
z^#|~Sd!%D;VSn4tUOdp=sf?AzB9v{rjbZ2c0!T+sHvrr0F@&@X;ZE+0+*o@%V!Gdh
z)%H!LUgpL*639=Y)nTjsoKSfL>~75!%0yv6Au|RP!Wf0QHEBq-PrjugXdqD8i2V<8
z33~ytjuM&>cKM1`W)^Pw>cxyHUlNRvy0xXG3PDotCDVu`bJ&k>!HlSj^V<k;B+@6X
zzzIMagxLpeo(n}VWDgC79>F3ZVd%27A^u=dNANiFrRqNb6C=ro-jwL7Ms$NzVH35P
z*cbc2njo)qg<~z$O)*)@T{k~;u0<%1X8D<vyFW$2JANiwC{x=g3Z=nOVMHJ;k$OdV
zJikh(b2Ky+&wpw3F0NM^&n!GV9N4NnY+Mf2bR#un#aMCYLhvx0*@MN3I~pR36^Exa
zs987%?Ote!SA@V+*sxVIZdf~UA8P;IPc<3Apm6z!jA#}X7Sqd!&0<m>4G{&Mn82hK
zbg>}!V}nYY;QS1Ah5U7(7HE6WCrZ@z+97T2ERlb0uNTz~oKyk=G7qLZMaF(r+O!k;
z(bV)L3*6%@-pA)CK0R{ZwZf4_j#1sBh%!x4y|q=^it2S6{z9W(;ry%DPFKBAGWDV^
zdz;#%6^AhHCd=-lX^oDi9FE<0*E=PvsAbVU>mN6exa0e&X5RI<X0BaY;>`KiY-15U
z%^vvDTXe%M+tx$8n~2mqq;bD7y#u5jHKeV{W{J9FORHPXn+Nan{8_6;F_S^;z6P1}
zi=d0R$I@zv`U|pitWq7CG7AlBOB?DxZHEK9V8N2Q%7i{qb0Bs&E4^5ULliqOhld3%
zx0`B1dawxA#Y8>ub5$WqJz&8>ADERf6(9I1r};3M14FbVrqhR}BW~fCM5gm;%xH-a
zXGlWzy|pNn$?z_?6L5>X?;X!5dUo*$n=76~THqT$Ft@`+!Lv5@hDF6apRO?8A>!At
zPh5l>LTR@s&wy;Bs91>B;wGk#{AtJH*d8A>DGNJ-Qo9yn9SX6+S_pOTdP5mc^W+UP
zdm2;)Wx-a+fBmxg=+&>SB}^u9C4;8><R0#JrF5`@Fylx9x8SlcZ-?i%GhykFchT=H
zmV!`tH*Fc03UkdP3$FPOSfca1F{Yj-#-*i%Nm5rXC{;qv=EaAU%>+rOxanG*D(0Wf
zmtJ~oLf924(f4lCM2ky_hTqc;Y5w_7)UKCkYX3rX?^5aZbnnt)i+u0WA`2aix)$Op
z{5Yk+WzqP+B)a{3OL+)<S+j!lQIk#q=abCFBk`ks@T0S5^RDBc9R=??WHlC#oO*rX
zf&G(}B=Y?LJ~kizQ5>6-ic!TJQTzN{dc(9lq2K+C+)hvri(`sm9@tYIVLjDoZBGT8
z>);Kc{!g`NZ<@>w&Ydwuac3890u$req8_%izWy+8qu-=g(8bkc-4?jv0O_hJv*VJ*
zK5MqvXK@!A(M+nqWr~UEDI&}k6RUNjKw*)S*6RKyUiz!2YD>R-{%iHtLb~>ik1Wl;
zE}EvdlxDsEmS$_+G#`7*(ky<5rnw=P5AYKv{-+N3R}Z~3m&wx%7igOCQkvfXEzP%e
z(~R<#b^0V(k6W+o^NEdd>Z5jawAAbKE!%0I|NTp@c-(~l+UGAd8T9$9ybSvMHD1bm
z#kyXdFM|xV+D0?<`~}ZYZ=H^_l3N-2B{xJrLuR8474wo+j%;iMDUwP<bs9nC{8x_V
zR3D8+;0Yg{O6;!m@YlXGIYQ|Rj(D?B^v$ZKX{3k3P%gH#mP6lR{pd?!%4VZEj$!0u
zHm8+MTDuHx%_glhyjIVubxeGcIwF8iQps%8RXdMKYQ}y{Z9n{m`RW9jJq=#r=?DFl
zyQ07hyB$WRq;Nf4ja)eNmMi=N59}Gj)+M-OyBIuAYuRsk2Qkylwmisd@bHxKuQzxo
z>LS}&a3H&_WLKpttK>IZYneo2m=RVzp|v#nh!seTV=g61Z^IL-*AIc>E!Y*S@gd`9
z`id(^X6eqCSuA~HbS7QX^%Xmrc;bn#I1}5pZQC{`=ESyb+qRvFZR^YZKHrbt>#Rnd
z?$f=xtE<l5)kak)5B9g#T#-~}{pDD7dm*R=>?}~sB9-apuO=CScgf-$l<^+ysIlQp
zUYO9TP^_?Np}OORz53J*uso~|ZO~IuUIpA3G3Z<{VKXeJE(ms&E8!!$ZV+~rDB&Zt
z?f`ZbC4q*2)gs6WVvH=`DpTN*bnG?PDqo-p-*^`IrbGCKVcZK`FN(G1Po*34Q5b2;
zKj*ik#L-cs#ZgEZlgU5#4zdCtbIG&H5MY5c9+zj4C&Y=VI{~H_#YzjT{z{ls8Y#-B
z#xN$JFsheR!8E=@V}Kfy$g}z@z(Qawt0BLN65E*TT<V>47vFdKv)guS2#*}O&&a@%
zGk;_n5B^7{Fh_{HkE`7i{>6+Z;PAlup(#<oLCUaaV_7e2D@k7h^so(b{vo<#!dn(J
zv@0KS->%0N(2@_rb?7GzXsH6(IP_xzWGn*=F2ntH0npv$khuT+5CJPiAPsHgpcY^`
zpWMtlW8U`b#>jwodtHR*bg(~tHD8xJ7s?h51*DWf0R`QDyG0&gdwwjt{GkQEF%o)R
zJMay`SQfob6u2H<hl^zQO9VmyFPy~NEr}8J08T!u+>KQem5B2=OiYw?L@J2<bVFv}
z?`S~G8F3jPW7ne&I9~*mnTGq}0f2>Jxt+-%aY5678g;Ohscw2iz!|e&wCo_A6BwVR
zG}@)hcasT}PZ2>61}XuvM^v^jX(_m=p}9_|N6=t^!;mSrD&KwZ6%QcIgnqWhEk8O5
zV5<aqAMd6|0t_?z&AbumkpRlJF%u&j&WV))3tTrp2zdmc{LZ~gK8HY%cPOjTtlWS;
z9V8vC_k@*8O@}q*v}|+8fy@<(N##kmok>JbQ&e=uuLE+<DD?weUs4mMN55`SRoYYh
zsVb<Rel0VPyr2c!xp9R7Fq1s_o>(JY`goMdE0kML+cY?2#edb)*Wm`w)2Kd!X#du<
z{~f7>>xbcx7*}l9sfLHD)$6R*pqF7sHV4zJ%AwD4mi8}=Bp%jS{dBYnxeBDpr^?km
zPVzt(6srB&3ilG?v*ib+{4P<|!Rl43fOhpA=2P;ZtO)exLAKu@baHCG23o(gpZvMu
zFzuhPWnpH$7?(KF*BkOM`4i>|iRBur=o@|}CMIo27paG4c1S27nBcHUL4<!UP1W3a
z7rnaIu^T=?o7=BW#<FipFolgt+s%jEn|`1l0kz6H9dxly@HNS=rCdvd&e^e93Z+Kn
zd;xP0{{$}(IaVI_!)fIFiS6Jo)fdm_f9NlFYyuS<)GnGT`3fxrg)$V@CI@dwxW9d%
z61vBMKEr}D&byVT#=C37_)v%Qo@hwN7a=mO+#E|;;;NCOIKD-*CjzIK2~}Yx>4s`-
zF}+)fgL*L`ctV?lKhLj{2M#*AoD$9X#MR*+37rCwBbwYO+xR`40`vR2knDzSbq5D3
z>DQOGwQm}JJW$4vLY%&R|1wB(-RftvL02%$R`4#CW6;PvG@Tmf!;c3O81?H;3_<cX
z*`}Hpre;&)@W&$XPC#;73_08~skghXGR*h6oWD_JCFSg$gN%&QkBDnez%0bRus~z_
z+BG!9W0BdR>zXpQVOWW%?mK79YP;-2(*DRQzgr4Dph3IEpgp|!6I9tU*HNfx<X$hZ
zCD7;&mwH-R&!iD~K%;fjPy$6)=<52nBdnOE*>z;pS!T#wsb7QxWU!2Bu64C{L+r>T
zL{#6MV8*@!4a{rW4d1{)W^RBhWeDU0aNPw-{}2Qn3g|JDCaD!dEP?dnr!(vF2tEO?
z3PT*{#C?&en#i6WDP}QCSRDY-1i2oR>~iH&diG(8CN`b^ld9#svgfwz_~^#VMLX`A
zR$Mc@9Xm|T(>V$^96h-I_tFQdBMj=&wWd%yNTIVeFu~%7w?saeR_Nqtp(i>mbm5zO
zx&fZzMBmZlToIdS0G3A#H1@u&QOmmq<B19*PW$47gyj)8;eu-0;sh*uLmC|}cC4-i
zOGv9vul)dL+&+oz=G_b<D+bF+d)d-FA9L5=*i56FKspFXYAv?EdM2(cJ-zbzZ`d}l
zaEHC#2u`*EL@t_an-sA4nRd?SO~<87Dq+p_l^iZOXo3&4;Vae%5z9qf0)I?0yDF{!
ztTgk}8-j-mi9)Q^JZSC;iFAxyjT)@HwktY3VWN%}YSTxlgEx%f_$~_BW=^sFah|;y
zOD{LWyzsQ*+;z$yIFbGRjtCDOlKh1Cv-0qC%l|J_AriTwMDx}{;k{5tz+8mz38Z|<
z5^VFT^zJZVY1F2$HqQpu60{~hlL?Mfz2#0-`qqxb9XggvgT!5Jmg8SIEn%yyd?}=C
zKKA-Aso1omek-67Z6)o)jONgDhD%)+oi7O&Qk<JlJ>JpF7Tm&O%jGBY@I{+twosUj
zuVC^qe<n#DO(}60XkQ9Zqx6*j3VTyU@%#zY;{3_I<nlM@E={)26AaoOi+M_UjCQ5b
zdj5ifhw^(I%j>Qa=7RzlnbCrC^nx^k)Uc)>TFPl>%J6pCY-Re;ciZj%Bfc#SPm}4U
zggOWD6F$8Uf#&TF*?ewPEO5P|<-|!wJIAK%W;Y`Q`vmWKy%lt_{?qL})AIgLDa9>g
zg!0~$&dZ5Xip$UGZ_56)8CQRp_(kr`#ArXbafeM?geZ@W)pi~(9ZO?Sq9KDAN#Rc<
zl;)RTgf;yCx~yV>hk=1YNo-<VPf2M%FEP>r<zEs42h#KHVn-BWAV??3KD2d6CmV7r
zx65!zY#QwiV}I(qw&y~4@!_l;P_-e@6bI&s-aSk?#+IyU;gURJs34(KV@IiamWu4f
zblze|9c->nB13}RI?@G#yg+CZ-ClGkv%5)!IR#qAtlBt!^t+8Y&lzi19W|@kb&l0H
znPe>Dfd;#ch4^J<4G97|_k5rjT$NV1v~1DbPD)u}-H7yubNx4Cp(7&Xez0)L_Q_0*
z5$G%NlLS>+BxZ6&&n=zC(OPpGpf_}?s!66-xzFX)Y;cvzuk>(HRP0#I(R0HU#ujG<
z85A`uzRG}2C5dM!n@x&NA?cduQm3cV!3hhhzmZ6&*G9A@blND(Ej9dTRGc_H=u8i&
z=B-y0aGa4DrHFAE%Z{IwxtW$<rzrIwcH`vjTYC{#=iEN<zj%-Q{-!?0Ql678O~o8H
zIgY=rOii1uu`_lsdyX)q?tWCxxxF+L;#_nHl&xR9uc(drthsAHE;lRIbk7%5)s*_<
zum_!C1*IFKMY9qHaSFkrN}&XuMD{(P1dW;aCPYbbE*NP8jppD&^;6vur7w{D2MbXm
zZfM+uX<y!z$#w`BVOO4uqjI%GKFi0AugqErpJy2jpb;k#SlElX^C1=U`Pw=FGV12;
zyMMxHxu5gTZG+B{5)Kw}>U`1b7=i77>c(ML-4pPHRuO{EVaJy8CkkUXg;sGBHdRM#
z@~xQ0vVcZNQm3SG4AVkXwBzCxY;=?8af9qTwt$WqY6Lf4OptZJwbEUX)n||_z)llv
z<e#n>xSyh<<N+R{8!7;k$&V_PD2EX6Ia86FvF8^DcxFcZ_^Lkn`7W(H|NB|jQ+jyk
z$(zPD(3iA%C>e%iHir4|)c`RC8qf||LnaD-58gwbHj_HemV*VDb4Wp+vboAQmda($
z5?!=Ia3&q=cc1uEIaq}sF6y`|&#BIaph~Q2*=nw{&aBWdtc|YapSO5*>-;iq{dRGc
zQ|fa=&$@`iEui?ZqF-35v-ptwUObpcC~KQ+N6nei)qG6<>_?RFc}KXAGTqqQ=^QN|
z=QxWoI(+5tf3xwGju)`U`szDcEw&2SN<`R6b#p3|Lh7_%7hJB_Ba+?Q`J7?e_Suf5
zrBgk>WeDPt*5CPQW%jj%d9nSuAP(9izX4ks*a{6wMWS>*-t8XU3SEr%;&3ZDAq0+a
zL|rd10{j`)I(mLpxrcbse|VJ}UfgN_+2xq;1wDa=!Qx*!t5iSZi0koPcSCNEjs0#A
z>&^sv;Ur|@2v#;bcj`02{fH6k4kV{RodweXTl9BS;?xPgl;Huy`lkFIGR^^NuGFrB
z;b|3q9)tW=Jv}OERI7rA+KiBS>>n}-l+3MHpEiH5sy3*v4bWS5QzR#pH<iT`p1QJQ
zCj!;-Zy+z*-}I(-C#-ULY!z916vcM!(Lyu>@hipVn@lFkK>>`JA6}!g@4P630)t;H
zw1kIsf5?&A`u5U)mR{{Bb~2kk9Qd^Yj;UYZCi*h6R+QgsvYpXe1^#-jC|9gan||^4
z@dc;XXS-4)UlCmfelXDS!v*8CWVioyWzaIcHTwi{=Hh?zrefK=C>M8EEs9~tu<Unm
zxcLO9{gR^1rWhN1WBf3(RNOVpB_d5S7zg6z5_Q6LnzQZ|<}eVhpppoKL4-uibEN%5
z<aNOqeto(5iS14o>-}i`d=4Go!XaqUM$l<Ge_|ze>aDTYh@%(3uFNI@jUZ%p1oxE3
z%)>{Ziw5cRCu0N6r%XNY)0gU{yD;q^kKD1w?<*?8N*1z1@=-Js=08(CA!f-q1RRXs
z67B)3a4CS&mj@{3{SbI=F!i4RkD>*FO787cmlf+s7V=}|Qi!aACq`10;Pj*8S-VBp
zvq$pYTTkJeXD=PP36Fq$vEh4qWiRbCU20C8&QJAfyCEpUT@pz8%QFET-=huUt1H%#
z-iK-fH8<a$n2bEDPsZ=kcsh^%mAdgrd|VvMHu<kDXmiIsr<$vfX|E|Dx1&;@Bud29
zFoN=UWW1G$tl;iw@n66(7@Qk7%4GP`J)%DtO1?ljpEAa0mXowyk-k8a7EINUX*N$t
z1<HGNaOrI-!k-weaH1wnch{2l(aw=@4(JxKFz?iya3H~3_r*f^7&<~8=`~8LWd7@z
zjwfXP!k$h;zG}QzKkmOqUtf~oE-SKmeL|UUANzN>mZ$I3u0UTkn(kcYty#|XL+7l&
z3-*ZlVAM7}GF_)m(rXN)1vs8y%Pqc%*Y`X=Y@|pM$U1q_a$EnJ`jR=G{z{`foFm2u
zKRU?HP?*0Et}s9nFw)7xd=k`Y4P6vmUN|qZwD@<zyiMRgZ;Dc!>b#*g@TynQ9--z8
zB`0x(KVR4&h6+)Leg%a?ZLs;IKx3eN-#2CdM$d{_+tr3ibf-t#g&CJEOdaF8sWb5E
zVboy0Ocr+3N@zoEkchkIvdO&?gTj5Ms-36GGDmIT?a7)#XF!^~^jiWd;Tt%Uz9Btv
zY907+ggQlR8iuYa#7O+G=jRN#o&lWRDp#okO3G?Aboc!D0l=si4RwiOpmW056_Ltd
zeYM(vhl@yO=tBc4_TNR9Z(p)<A9YT@N@io>Ju^4UnjCoWo-9sllYH2{yz=haZt$6|
zCg0+WBN{*>AwGxT*5c)vGU~<^TWN~CF3bWkBwQx;Lb-_D=0`FW1ht8{Tdw4!u=L;(
z>U6AAFGXq{zP7TcmwL)g5NKS6%tOza1xgljlw7bb5tpWT_KP(*;DdP6Mn?Q<=5S#@
z)W-32gKyUM!S#S0EwWPOy0EOcS;_D+O4B{6^;V{QFdeerM$k4;zxg+}%ONL3%j3h2
z*4IrNj#f8wpLJEleXiD*gIe<0*#o+kDM#R4vr^+a#no}QBev_kM0TSpW@lGdSh9}p
zHfVC02Z(-i!B}fs5ssuXa|q^)rgs@;q4h4I_8QBg;!Kn3%v_P>p9z$G5wSWwy+6R@
zGM|{`dcm|aT4muK1!amIYVChkMmgUHBW+QwC@f-fQy6<Aohq=@Rt40tvj!q0mA!TY
z3$@Bl;gLd_QMht)B$boW3C9Y{l34|ATa}ovD?w?MJG%nVdTkYuTXY=rGh=X1T{x?^
z0_%K@yJ_F(1klctTXL&vsx`_uT)2f=l^*6FV&A`ocP~_W3d<(PVIp+JsH-Y3hZK}&
zVnJCx=WP{fc{hv451tyCC6zs^#3hv<iH0PViNk-=DLc~|bSN#hgx)A92mQB_ZsHq~
zC%++N;zgrO<4&nz@t;rN;E&1Q$;P;HPylo6o>FRLId}jRlcjpMT~8${_;oy_U2L^6
z9z;(}T4O~fZVf&Fhsn>{i{?xaP%&R&?A;Fn15kU+NV=mWz^nI(j)_+1-4Y$HxVnnp
zE-Zr@)~!`?zI~=jD(m9>3@<Ee9d49V4&a8ZJh);FPR%fb5U<?{VcaDm8W<$sA_AOp
z4O|;!GfuTCzk{wEJFlK?vV^x!l=$mLbK5k^TelrG2#fEC%sRO$Ck`inC698mI(#|A
zFq*CLK8u*IwQCXHW`DI&j{D-fzKr=^B3Ehkx%ULy?j!Roep)<SdA-mzC(FOkdD0PY
z;%TiAKk54DVtpjnrWTTX8AnLrqK)6HJkw3nkP?K_n|~y~%oQhTWaH;dZ&P}gF?zf3
z{5`3^fjNy|lgyp=nJG?>=85aRduHg$N!;a965m6jK@jXQmFjAW+vxr(d+*TJNX*v0
zu54C*Injc-+w-CxpYD$N&C7eQv|mi=m1D~PG6^i4JJNmD(oN)fqs-&s-hW+5;qjO7
zCfWt#cDna}uJ3!kDoJL|gMYYv<jCRG752TDQ~1h$wuHlT9@fQi#@95BxO0EA#3`Wi
zEuUsQd2?KpTw%+NOqd2P&!lFt`Rcw^GvycDJqdq}9bQpMmr)oW($bACIEi3MQP7BF
zZ72l2fIbnMnf-ll?<4WG_xDuVVr&)t8ZmWP{`#FY>Ml{%6h4<e<Sj2|i`|St(<&^v
z+KXSb!+X#Odpecc_D-D5DEwhaZ+e^5pt-7I+qWRKY`>1(=;=*y=9cP0Gk(;{yJHNq
z6f1e+sie9wT;z%6<K;z=emT=@HqV_^eF5G%J=%=w#ARBO$*1D&GI)AH8fw(4a!DH6
zqlNUDvENpoaF*hba^_`)_xw`fb=Ff<52*>YKd3;cVtdv@*QN;-otM4*<=BKfjP_n;
zB~vvYZTW9e_YoB5!7(W6m13=02lysHs2R?11V^cvA6qH3YM<a;8Cxm5`UG4rh_&Wh
zB?qpT#d;UlCZ`{U!d)sOq6AWj8U9^7^2-1N|B(YiedOm0pjQP`>j7y8#O8r;?fH=c
zS_(ln4*ZM&S`)cewv#7?jV`J)A(WQOG6ZE6n?kQMD{B|MtTJf9LhF`VGkEMfV?Ll}
zl_2Lke%^p*4Y21VFcna}LAX_$5cJ6z53Y{zE0+={(8}S;a-(*<q2C+f%60jUD!bZ`
z&;9?k1V?&8VnnO|T^<S!-;{d~R5RQ)!3K&{|2sT8f?u;sJnZ=MD@u0d4a!$!Z4~BI
zso)JzlmLnvfRDI|eO|fNb5ChIdNBVDqx0?_l1AP$XO-|Bq>G&h9i;xp=+<p1Mmw0L
zxmUDd-11!=q{y3_k4aqNxs2}wUCWufUn=suG_CihHNkxyoupKsO74<#pA++%L^vAN
zP4sq&33m*3iAsFDCpsly{iLwu&#nBs5zQM#c8;79yKm{v6d8*A{JXcj4QPiK=~oXS
zW31bsF<jnvw>Mu1V1i{S#r}lKpqoWgvM@o}VrVRlE&RJxHa3cEL}?0YSDf0gh9Br?
zk6fe*C6;mUcP3=wsBJhkZlZ0=Ff0J;fN*)uG39O)_SOL_<OY-R$#k=(^I(D_o4nOJ
z(&#iA-J|g|t+)1#wD)sYLraAv%M_xA3UQCXprN$$psmIE>{u>u-~q+ta#Y;y*{O>-
zo|&X1<%8yC+-qJ&UI9zClBx^Xyvw_It2yWWe!2AeeC31Gx=ve>wJg&uHmGtuN!csr
z5$%GaQ>B+3KJCJp_C}F~J&uHOOjMf^X;LDmEN8#Q%l&qM^wdu+#U^eRmQw)&92{q3
z{BKZ?iHvIVCBVXQK8d+CURd1!6h5O}nJc}aQ`z;?0047AI;K7%wgA9tdp?x|zcWsK
zX)UmlL2rL3ke%uq2$elQI*^@^VL3Xkh2N*qJm28sR${o|ee<13sX~9ETM869vy_^o
zN4$pM%Yl@Ou;ps$1iLN#eM;%rQw_LIjN~XUZ?^<&L)$ubR<ezax$Z{D3fN=v)DLSV
zYB%n;KNfo5FTAjq@n~3Pdk-PBuS3mfNPbA2SaIdw)8Z?8V7kJT4$t`Nzfn&ZwPf#v
zzIs(WfzB0OrKEH|DWq6V%~FS1-|t|AL)FW173?w}shZ@v)$A@llurogzrim>j4y;=
za?~MzZ&k`SlgIG%t=HJG%;lEv)5?2bsU`QI$hfgL6t7SfZT8GVsWg+lU+37&I!?;Y
zo1gj=ZYN<0QDjS(XVVqgozhJSB2sAi#7qt917^_30~v31Sd1{j(@M2;O>#>hg3S1A
zx7*GC^j)F^WxKWW=lW)>qkXOgD6kz-X~Qn7qoG~0l@;2t7284Q+ciY?*^B<|Gy2=d
zFKUbdmTwm-lxs!uUJ9a+QekpxZ(m^7pmE*6_KN1$cY+e6-La8#?F7|Kk?{dpNbgcf
z8w4f^1WIw_70wJ%G%&#K8KVW`@x!)9pmn(j<<-#T&rr%k*D4kUtro}`)wZWq;0(qN
zx;6HQ=j*>k`!{K6tqmz`%tvWs-K}BT={E^GjvYkMIk(<FDcfOX<Q~)^9x;U4V^Qwi
z9_sHiXzkxt_oE~uM~?prldKOI-+3J|Zb_?C6#hFd*SO;(KW6;X?nS8V?@7?cPMx(C
zNNWdyOzXQ(BW?0<I7JJWuh_V;{ZwJ9{R#P=!wKR3obLW@z9336NTg)_fHCqnKmUv<
z`O{+T5sjbrV<Es>7?^yN>+C7^z%bj7K$|^;7CX)?O_3a^a^k>VSrRZFgJjV<!RaDg
z95`3SH)dQONa#LLC3iva+7jKn)Po>`Ox-mIjREIBPO8ue&(PX?z<L2YV*EswFb+%Q
z+-jvH)N6e2&&3MW_0SN$U(B1gX_??Ia#-w|)eCdgrIMGumB}r#eXi<0$+MlUTb){(
z>%TnFN7+7PsRB#&mcc$2xIxf0G4&;<!nAggYvoF;!KA2ij4_EqAUtcea&(EGPxz*!
zQ{Vh_aKap~4%RM+&|#8Q5pCIF!lO1EXo3tIB8Dc?X&2ZR+4TMLA&gXb9&*rz-M&?k
zV`I}ECSyK0U@lLsx=l+IpPsiYYJePCX0^*O#<sTb4!&Hc;~}EHj92qY&CLADGVn+T
zeMEb}R-nD2Sv;sKNe&p7@Vsknd>F%Tg*%((9-^f_xZdu_%ECOWy<A#4I<BikXt0ho
z8+W^ew7wvQ6I-8`lUR?Qb~b;@uL)?fZ2#}r^i2odrQ1!&F6smND{a;3%*4X>#s|_@
zGu2fXQ*{(mxNPHyOKRUXV*2XJ$^)VeZi72XZ;2$sFj{q8^f=FYjDD4#N?xe+3`cva
zorLj)K&D>7OMYyqJ!gsWPhfgkthA6iXF?&R(Y%}rj<HLS71@|Xj#ZVwBk~x&PTv1d
z#|8Z_9d{wH>JVfFGp3Sb)hN&eYRo9tBt!UyVhjUZFNv)bRrgHru8#GNsPp(=I!>J;
z;p6*5`y}Ui=CO^6Cz9=pZs0Iv9-!lT;D-eGQ3-P2N(b5omXlAW=gEp_2J7d7-NT6_
z#K#VB^2mYg7zB}BLg9;qocYRyenth@TJ+gG?fX>%j&nfZeMvwu06Ejd(#M>LZUlf$
zCO`WaVLmPZB(DmXhy$NDpraf_%999G0<hyP4SX^}Y^e_h1oPxpQXYfSoaBYaJq~He
z;TmHERs0;g%r35DfK4SB`xH`#2&$kSbIGYF6Hq}m9+y)QBrFfEGY7&cjDX6s{4jP#
zuhUCVmtT@2EDx#U09uyC2ANy9Ly}*H(81VqGEH0__yqx0DnM{|ch!dgdc|Zuk{nP@
zkUdY>J-@r2SkVCO%$~kT4t@{-UJDSftE<gLz|8r_<|xQ8NDV*O%8>RI4oHp6p2t@(
z81A=cEp<!4X^End>3pJu(m66UcU=(o46Z#mm3%#{=>ZK{HV@;ApYkk7|DNgFm+iYM
z$YX))S1gZTR=nLe?{QjOgD`he?F0KQg+zETKOjH#rf|z-5_ya?Or@<|TUB*Vz96US
zsLJ#PGex8tS`PCDbIF>@i;J7a;LCQu*4O@N_0`XGiS*@4{MwINT>7!wnfQ6l7R0ON
zUUr3J3>Y)60=!H!sft4&po;avM)?T&dQ2%5@@}$q37x|m$SD<khgN2h>K5N*^ZB+C
zMlCH4I{AGvM>`vCmlZ<2xZ-uYvoD4|7pMPFj(y~9_cZG<P;Aq^{(d1lSA+Q!ZqjYI
zrDIF=*3zxjUBKj-SvRWjRjwWS5i60iSF+_4mCGVNbZWM~c{=MNR?&~cJQ7vBeC7OJ
z&#__xrsxhtteKSS40)<^L_HLI2UQ0~BMZ^UQ807Yg1gVc(&>OThR5qJn#Ac|r5GVI
z{mSvbvwV&v`sCW|z%E#UnTOn>A-DJzsMv~cAp3XtD~sGBg~EyW-%4cQ4|p(^*1p03
z6AXlY**1OdN!Q+qriE~(E6PEsZiDH|Ik%q$PGvjH28aguW&bq28cA1#lK04$^T%&u
zm$MjG3o;Lt{dAd0gAlhShwOOpPH!OIHT__c=&4{JmDn81+D7H}1ZU-?41WiR##DHj
zy+3=l#jrr*lK!~tH8#-ay7jW0ep)#-k<L>U0iJ$o=6DO%es0e;#N;v>-!LGC-F7^2
zS_ipGcwQ@Hd6IK3cS_5!rz>A#FPk*BoBW;74n$_*q0-+eF+VWhDG3`8mwZuoK(Z~e
z+ig<W?(imVnxxzw!AZZnk4llgWm9zgK-eH|hr?+RowLstR+W4ITi_;*H+c6bM*S{x
z@Hgc~I}0DC@L%ybjvI-_&x<gdsPJj9L2s^>fBo7Pg9t@ms;r~MU&X9gvR@HECIpIV
z)(_sQcG6d*jno@xrwWo2xBVm)(alzuGwIt_mq2OviAGWgUdm$DW&DzM=Y4J^yZw+K
zWg-eSNznmq?a8WMRNI|gUz&lN<2<ksnZ^$+^!<1WYX}qgB|DCCH5mmv)TS;ztn{X~
z3ATD&^|NMR^$dENPU@Z96L%@mW84$ja>E^0p{rI_h8#M`b<Rz?{O?!WQJoM`KCF)z
z&tEp@G$ZWh=ie1$=2kTAt_y0L^*+Q6ZF@7~hqeM{$-j5hmc{mj>-!HVvzZ<-Qe?hc
zRUb)ow)``W_S4tbvZMDo0VaFW04OH_pE$w}9AXKA-wSq+DXttipq|;!VU>vQ`47O0
z$<tH9jt>&xz^t1x0-_6|*K!D#&#p%Xcr^zcvFZH+_$&f^_WYUvV#|QE8|{N?kenuy
za#?P~YXBcJf*u8wmWB|(k;(4`w+0h1@90p7u+<*13xDvc*45koB9W1sflal(^8wR;
zL58G_`V4tRaekwEopMEq0$D$Nw^J+KmCYF~9>+KL9id~06!(Zq#IrAG52vIT-&f;_
zc)f>PsNGVN_F_`zs^RdIs6`AO1}m>oz(R`bhP!FI_NIRdgCXshFb^1d{BN#a&C9#x
z{<8Otutm(Qn#WSZ&^TSw@7iN$J3FD2&LbAWPU@d*o)*6a9huy-`2<b)h1$~vc-1Nb
z9vZuK^1r&JzM0ED@6=37KGaK}s?@+(>s9;{aXNJex0Mrg$^P7W?`?Refr@?}&R<Dr
z_1QnVqFvSsSY>*Up*{3C?sCYVtskNKPC(XhlHx2%Jg*Cu{}#)gK$5O}Jz3IOd!^eR
z_ovPE^SP5|v|&)@2%9zj8rav!i=`G7|0TwA*nGA?9bk<A#6x$tI9@xE-c84ATgFzs
zteqkLqW1og`>tWk`n#9884K%>CS7a@b+?J41V&(?rM;CUhWczO*STN&P!ls*Gh3&L
zWyRJRt)3(J@9!#BtVldV7;Ey%H}LP0akjN@m*_Fpu^_HcP%E;KGL2S}vNe$;Uk}p0
zW>}dr6P~xly`|vez->m}W(NPa4c=acMEIH7#cUo6LoDSYtd~`0dZOOA7T#}7_ot8J
z)YLG=V|kuup!nTi`X_f(RIgpd*C04M&sz2+A2F3~0%1*`F65)XsG1-4AxzW$O(y+F
zsc{1TOt!>vMR}Y<Cj`v!ZDF8XHm8DQonyVjr2_Vd=hqI%gp|7p%y}~!f&h6XB5x?v
zzQxm0vSnyzH?GuD^@@*gvps*%kWb;sNg>N1d!NAm*q>b;4Xq*B+}NR8*o~QV3!RF&
zZl3KO9%=JXWnm>wrwx2*zx?@9nz?OF4?2i%J>yN5jmlKx**<?INSM~u{n)0+{$4XS
z?0EiF<%MxYZT8~i6@GBHH1(y$L$O}#6@KwfkRTi1_~klwlqr>ei}n2Zy<=SyW`h?C
zckk_L(+6+z^ddp6SFrWhx5Z-J&u@#|F;QbjJ0;&;J8i4X+)~{9953Ez`nG88+jIN!
zF#N^;VpKI|`vSaZ^@!Pj+$iL2c*MQS9-5D>iP>#rqB}duB7x&kd2_4(u;%qFW>{))
z{XowRFnlj9|4r7DhAgPMWc>)AyIq1QH0rWz|44y6P(v1Pl6xA7*-GtTg+LE$KGu0~
zV;IAJIsaU%9b)!xSf*RLSvbFVC5dHe+r$^R^7%j%yfFa1J1Zte6ZpPPU6HO6z7|;U
z%cqEz8pkL*wfhLeBi-s-9ZL05uWy|qXcYnfhXW_L(dCm^g^e^7s{Z8l`(}I>%ZY0}
z^B(<5z*0hgfdu)dOr-WSw53Lb_X3XWh4kJ2k4*DV0%iSM*@oH}2+y}4AI-LTtkypU
zvZxjo*NtQm{uqnO#dAE3-1k3_x#Ob$G<I%?3azs`vy71GYywNdB6`vQ7=(=l>^zZJ
zwjwYDjeaMWo)D4YDT-UfcOq>zz&}mH+6a<aLgk$1O?+uP9y}El&+joyRy36f3z@9~
ze^q|ERz?dalt79GX+HF*FV~^J!0wTkR3Y*nzTXi`E$khMpvO13%g+Je%zseUIuofH
z@S)<7O6<#q5nSi(CrS!3VPSOjCbUUXWG;@|)V`ZOt%7%+Csh&ET|9%})#X9<mh>jV
zXa!CSI5S;Oc0=wtGe0-g2|eStTrZ{75||JL(1-On&R0gWtNn~t>s_<THXaJllQ$mv
zWiGfB>3yGBMJ2#@!b(#3#7gM~;y?GsJEPbJFTYl2?LgS}M3(aU*K$bUn)|JX&sU#h
z0I5FEaj`4(MPI+0+zSa?ye?Ly8>8f9vkqE*lJ)cp)232@w5Uiqx2O|ENEi#Fch6ty
zcISp~ha@2C8nKFXcKmtN;NIt3n)ZfI0dxGH{{*IH5ls}HQO$OtqAHL`!*t9gKXave
zG~=_@QK|?yY<JA2luDKQ^{wh$p$aKVnJ1f>rT!Pr$2h>;q8En9?p^AQWp{&bE*Fnz
zEIKLSqapXrx$x%W#=3V8`>)4vno84N=i|&MHwn|l-TGo$2exGx2gSli=uFCOANgo~
zFP`cwkd2O-jDVE1d+Mo`#l5>D4s+hR!;<U1*4Ve5O17&q<(-U^%r@0MOl2_%y+G(~
zd4AM!_B~O0?;ceJ)tMa*@4R8RFy@GWR>2R6m56{xY8m1K)U5u-0u-xW@oSjm+hh48
z`9q7^cd-yK{qL=H|7^k;!3On+1u5_{GV<41pxIWr7$w=UbLq<j=fZe(-2LeR;oNaf
zX#AUJf1DY_>0DqJtO!f)F8Ooxs_<=UG)%#pVn}yO_jHU&N(qMvuIfWEht^_&ffB0d
z0uOI;*3xYZO696(e5IH4v1t?NaC?4oqh+d}6BV(yE=n9eQe~*YXv}5pPgx3D>pEUF
z$bYOAa%k~9#=^6u^!IG>pzWMcv!vCCAUV|M%J=mN_Zv`;CV*PYr&30OoE$r0VGX7J
zc(+eH;Z19tItz_(FH_8W*1j}#!UjvfGX2#g>a%Y1;Sa-NRi_PK$oc3u4I)*m@lmTv
zgQR!YjgR3|=M6$WKSMt72h6#wcGinln5pRD?3}Yp$@Y^0zBSiuZ9ng)ACEQdv9*5e
zxaL>fY0ObZ$DJo2luJSh+HRORzbfscX04Gs%h|ZBe`7W<&97ml+y6N0wNntk;QteS
zX2_1Gx$D3pBFg?ZdX5N><;||s<$mhtH`qYLPoW&-z^=3+$-7<(rsPy>&{qW5XV(B@
zRT}Ilz*J?7EE)COg&~u=tCRg*q=+qM%hn%re{+q>Q;R>-S__rK@t+`VA02JTiLHiK
z7!aSz;2_V!T;`@x7P41z6@^tQ7EMgtjuffiEXZ&9;WW6$TgZ7-bxu3eoD(<pho`xS
zSwZG^IrN!vhg<x1Mp!eHUZ+|!TsUjsc1c9@x^Qb!;UA|$Z-6xwJz*Z;K3G7gt*an>
ztq=bB%Qp1pu7(iuCV0gntAj9jY!c|(AMDlu)>wF+@4mEUlaxP+ZTqds9rBJ)b~OH1
z<FZuVB=tpyo!al0b2(NoI0z+wS&)+WQQe$gvFD}Xz-3@??KIsIGR@4tx>Z)}C}ud&
zRW(J_;k3Q{`=K;8wbP|YhJ(X-`QWmweZdecRX@$iz2-W|$-U`11>pvcIA@pUiw)Hv
zVH;a50b}Ln*osp-6=EVI73VXiiXSSoWmU;!^<{epi-a3B9DE&23V4Xo`-{1r>ls=>
z=96ba6s0n_B-Drt<*3cUXN|)mpJIW^+TSzX`TuCt<d9qtsURMC3@(qYEB(b<crAi`
z{3|CO2d7WUe$7g~m-_)a>HUYP8+gw(J@BrRn1W74ux4gJQ@F112T3=uEIe^AAbbLU
zc8TP2wr^`;s!2ZA-Y9<vx&CR+d`&jUb>6H|n$m(e9tqGMP$)6ZBYSp1^p2*Y{fE-R
z_5#Jj+fDE`LG8&zp&d@q16$H~c5#m#M+3WeCT?F)$9Lz5QnbXqr^KDF3j-m8Ylg~?
zDCO#ryZ}`0srLk=0m+7<uq`iLMpQXC`Hwxp#szmLkDEJ1TBU374LDi4lcYB1uiA=}
zB^pK(Yt3|Ee}#6nNIi>=#EXSxW<}zd=n@(H;`kbb757KTEw}^(&kUJd-!G61y55Hb
zAG@K`>Q#Ce9GQy<>8l%AjkY#<-1B&&Plj}F8bAkMTmXLS^lc3QzI!Rd8{vFVBhCg+
zv$ePQzHyx(SPqpCYmGc1gPewYd-}_a7~OzjQ<8EbTZ)~B#8`i@QOi2-;7&f27jcPd
zVAN-YIuK1(aYgZ9VrVL>%*E*C<Z>iWc0JBrU&t-NcwGYO(Z?5Q2a8>azqk%<-UwVK
zGk~h;W=oJycJ%>Mh!w=>hZe+vkSagy1F?QuQv?6!ybE91zGpIZDbvEwpJx6m4jzbl
zj*fW?`<j(Pg)%B$dMih6*pKXU?`V;MaVY|cAbIvV%e>naS`p4674fwGiF%g4ZjxMG
zkspkkZq!!^zAv%PWB)|dR5w*!#!4Edx>j{3J@6RW@?n^-kPZ(X3hHFs(Y=KSEwv2k
z!K?ksyu7&{>PT#@`iHyEO}{$HD}t?bWz49~V3?EEQ^O}5?u4Jyz`4gKi;nP*8R150
zV<#UIWBex{qmT}o9Rdcbbv&<`cT^9pD5KaJNP!vB1Vtkm(%I8S>N(bH=qbsTV5KUJ
z@31@umeEgpn)zX+<daQJ<YP_TmXf7FN_LCbiUhqIG9NpNcsD7?q#6PB9^!hdwb2UP
zB^fo4V8l2qMh*mccm+SWO3FEXJN*o0k~Wz^P^J9=zIys5-%uIJ(jG*s^u;A(W3riZ
z@M;n8=vret%{elv#weujajL!oUnh@e*y@F8+2{Q1EOoC9$s`Rv(X=%WipJJtXNB^N
zm<7m_A{Kcm1kJyC=2tY#0PD`2^lyrZP8+)P^7Q?A3gv-0$fb8k`No-+KXe_e=Ibef
z|1uZC+Of2(u@0n@o3jo)!)zz+q!1Pb>K^T}Q69=Pc<K+$2eJW`-KlnuRJU~?Dt9U$
zYFt4~@kBo{<~>C3eP9g(^)~Z`UOVNPPaiG9D{}Nyxa_!ZKuFFdH=VF8qK4ETl77jz
zTX@m0j7rvqq>$W2BE-sC^PVDq?&-9yR@p4=k4%P&a=M`FXm4k{J|~w}k=4bR)S>oQ
z|LXHoC;?So3b}uk<<&mO1+?ybNb{fdX*Pdsj;OYwHz9Q-%v&*ym0`z?(MPIBBF#K_
zc&2z(7ar}DBz@x@ca2|L*`FnT4^r_2og9hePskEdMb}jUsmfy$h1A)`C@GB&<W#VX
z7t!h@fQ-4+a)fYvtBuM^7!|RLLaWFLi;5!_`BubZ5}y9PL}XNxX*lLr2?x}>!iA3V
z8ncqQ6k|g<6~zLN7-L%k>b^necnQqkdZ3hpP{7K_xubAaMtKtf^(uj+s5(ok((iN<
zEu*{Pr@V?5A>)5m$ACsY!1S0pSXg!S1k$|!1>!d4{}+hE_+KCn!>_IlR-Jx~>wkeb
zhFv%=!OGa6-1DDf8bG66;Cf`8SWrb_^Xo*<$6X5ow>q>e^lx^$Y}G5pZdZQr1gM@u
zIE$Xk2%=w(KR~S7O2VK##KAKl{SM-=Yl6Uh06odre9y+<&oFQxKfKft+`QD^`+fqn
zmH{@7e5U_R)UUGV0|I0Wp?+IIkk+Q>DYy(tteOYeqrwQTwwIaApcWd-r{%cS^NwZF
z6xaQQUG)TV#?;lqt^yM-1l8*Vl0xemf$0^o-hK?6V<tc&ML8BwV**Me3gB5}9Xsr*
zRRXif>M*Q2_84W(xnhtN$e0dweqAB#swuENvMv#Jl_3F7U{wQsol3q9u~3(43;Y~W
z1B8g?&7f{Xjm!4Ix&(w*PE!#Y3oxu}Q*Jp*#6AQ?&uB9rJ_m`4RUlSCKzYqECIU1P
z>|CI^DTb=E^_?fMftV4Rdsc~l`9UvfueZ^S=7}kc-J9~M3bZVVT@+ju{l8%6cShuY
zLwpwSe?y$K&_rDqqRu91rEN+qZ4|@GrUwN$H3Nv^ha=oE0?rozh+G0PS)k;GAa|W)
zufvGJxh!VnJzj;qUT<PjCHMdpGr%-^4<>*X;n!g;bc=L_k!cIrpOMvJ0~23}9y;uv
zt9LjYK#eZg@rTfR03N_TP3)(3cBt-8P(L$-o=2f`NkhPl0$Aujzh#gaHLz>+0g?{D
z^(|SYKeD7*RH*6-AxncGsQi*N;hC1&CMe=vt_kt)nap)&!Kj`PY$(7~Tz1*3NgJi*
zFBm|Zr|?H2xvEhLi(hM5??wkvkrE!jl*!LURoD*(AYEMsLPHnEq~jF=I5mfCY*ZEQ
z!3TJiy$I001t_Z_`n{#meG@vw|39Ha2f$VhqP6FD_#e|j>)&bxz;BybB5T*Lf(P7A
z3CwK@>Zu!Kr>%gZUVnLj<AeB@hpwWp0RV~`lus35r%zh_4j&=KkaaOd7948`G6ju4
z%G^P6ff*doXj2M8h%1K%NM!Z{Alf|!qb6bVsUxz10&Ed-fKU}+d`*h;5L&1p^?)D6
z`uS8)@SuG6%xgTVKA@t#0{SP|qGFnQN##}V(po54s<KAw>g=K_D*KJ8C-8HDu4_Sr
zL67&Q<AF6typ{Hg-(~c?d;^_!t0y1C68(Wptu<!vxGapJqN7_lxCRdBCQz{YtBPz6
zl;q3q7=F&X)4yS?(KW=(*q+o}={eQO7xcbvF)3?&U)WK19;C!vSl+21J~#ek6ZCYW
z>>^dHaM<=_^E(vEpu#OHhktRw^9~Be)F{w_2Si5|s>TH^`u*l47ejW|vyF=V-~_=4
zDd5_br4zFNyt{+?dh}%X<{@$=uZwI?A7sU?fKSA%zEBL*q#pkPN;n0kqfQ}l?)ufD
z%KT~%k3(u9V@n?6Rfb=X0Pyo3!SnGDZ#xC}4!R?KGAn?l2f+mz8H4b!?fzWpu~XQ@
zx**&urk0;s70Qy)PaTtizPbFfnJ5!#c5v&EMyg_#B@+Y6v~S)m4$ld0I+=;NJIx+n
z5buc2#cmKsich<Y;y~o(5f|Hm_?yME%Cg~(@dTp0JbOIkIF|A)xICXKbuOrTs6J*k
z%H0&|AOFx(e}4(4iJ4nU!sE2m3Uh|;A0g2g=KWTx5#@g6P31}DAhCfr2t`EWUJhl-
zzr)P!SxzxjGR<BwKSMb|&HB7oo9om1RzX)^Mp^eRhF|y<*~tI$6~$4g9~PwDcMVRR
z5;vR=2<^9fXE;K-&0D`kfu4LR)_KM0pf*j9>_tsOd8C8Wfi{~86>N#$BkOIQ-lDXD
z_xaFk<{-JxTYSMGj%xk6(0HE&yZ54v8jg2Zm(9Iu!Y;A>RdVaxA#>{U)9J{|R|(T(
zQEKxvKwVb*vCle=clQE2r_wIY-0WKsC=8n@1!(3l@QfFmE$T9mz%IA*hH)Yd`qL9S
z+KWv@oRdH4d%^JB@s6P4E_lPhLF#wVrMm=&!6jRV3BW|A?xTOZ*R%U3j+7GXwEPyn
zFvu9KqEjoykZSH37M;_RwYQdT$DW7eD`}-l&^{7rSs8SdI1xFI%t7Yq$;Qk@<XzqM
zg8!3Ejh~O>Q@3<@daIVXd!=77#Wsxgi(aIOpIc-tr|Yk^9DyvcGZ#MPb`DQhyPY$T
z^uKN1$m{8dH}t=<oPv`-S#JK4O1-WRZ1<1DwXH(CvxIdpT5kTTUbb!?rMjUby=pf5
zcq3q;7#YV8*yq>CB-**3;`it_188MKdfA*A5l@aV)T<%KQ#_QACc4C%cMWsKN>%=4
zP<Eq<5#_+sDv16Yd?R)RQ?C_UYQ}oI@J^6cd=A{?N>n^7#h9E&yKUX|zsZ5AM(-@t
z@X!5Xt?R7b+uNO(3+lbCtS(T&C7>=x&sVQJrd<keFHn)<+AnO5LYt}`)HLy+XKgT{
zD=nrou0^a_$vz<ZkSxI@o@Bs|qOkHD*M`l`Dnz?9D<}AJ$q(qWgz0U7N4G8u8qi@g
zq!Sq08UufMWa``M0LSvYiR`pv_oPAcII%`GJP)d+qG9qJOxsDs$XrK#Y^s5uP`iNi
z)RA#rU3U+zW6h1C_00Cl*Sjj`=QvkRTDdblhZtEo;}z>#kFSCH6rR!n8cyp@>0J8I
zb#f=G7-*tCLe`d3FW}IbBKDS3BMwWrmhr(wYaNKd@wm-vgT{XqfwM#`kk*_*Lih(l
z3INzQR~}I@>M!CM2~9AZH2G0ih*p-*`CnkHKF)}$e7z%oPoMDzCyQf6>z;`4z7Hcb
zzwN5~&f*RW9Ur!QEr;XA;N>ue9;CP>f;b{U{*Jf$QO^7858cW<rJ}Q6#n^K#Wq+VZ
z|1THnO-Wz>4zO~XH1v^ZHO)hf)u_YBjyc^H{;lHWO)|PiCems%OYK{WD%IHKf^J0j
zFNyt3{e5i)@qO;|kbM|3k*xzChTChKP~o4qG9<QJIwUbe2Z~lRrmUG-3UCHDMe)u9
z(W{LrL|4@ZHnGclY3uvwU-5CS9fh>+eX6jxSr3bZSEgYdc#$1WSnj-!!ne_(`;{kD
z#8)K5wjmiEw4SjY#1_#+tJX*-7W`;ik2{$8=fz3Xdmjskvd6`@;a)l~78IQ$NA7m6
zw`d2Kdl+pS)>@jI`&P$cMKc~uLD3Dwu(Yvg6B=Xa8T_1cf4FS0Gu#F*<|;$5w>$-T
zKfg4DPgFcGtqErWk}nxboiOX?v?-`IySMf0;cA_bx{0YaCo7yV$0b>BOzF(m+YP!|
z*H>#4Xw0GsiONCUZ&2KMy)Q-P&74=QZ}Bq<_N~pUB)4wp(D${E^Ubm4{o{d-c5H+Q
zNaUdnmFNA3Xhha`uOmljOx`Ofqz)K2sOfSgrC8$uTr!GqL;A79tf9u;mW2bWA(9)d
zU;A<E85f^X4lISKpC9Dq=o!|>mHq0rL+Y+8t?Q~JR!X+_QV6+L4`-9BdH%#Fmxv<D
ztJ*qF*^@sY@OW!~MSCZ*66r?{To{$roJofjd`2iAO6zP6J-}VM;7H2IMSBFFIV3bl
z^v+i3^wyM{hJ<in7%VVlrc<2B&bOx4{rj)kS#;pdXsnK(=PS>7jb$lt|K`x62IyGW
z0F?_4IsR4~qMPh9utzil_+dVkPP;uTwb{%M33l1c!%9UZB;5cb6h{o?m!OR|(Z9X%
zJ5hClpbDrlhoYS+l>eM)ZGlzjAS>V)Vji_Rp`_5NM}oA<2oK*k$zoD&q$uZ`WWl2}
zq9C_~ZtRFww+e(4{m+9;3-PG5WGBSsGETVLl&{JBD0FNp(mEW~&t_NwN2p-zc5sI8
zWm`83pd51ec5RuK0XtI=S#sJ*a;TFAmXhof>Ae9=HRN2aRMz4StW2YuyWjKJT5`Up
z!l?>WfcMZyqad+;S3;>W14urT)?ER1h^1qPTXAPl0E#zBtNY>&?@m|u7u=)ITU(*x
zL#}s_c~&6;k6>dH!1e0b3;xxMFeMi$LNH0GEaVK<squYQy+{i|2S>$5j!8M0=x~Sy
zcJBpgA50MhzD)Ou2##TSIwHb}BA!$D?)F_<K0NQdh}XpYE~xLHKQ$()L(}aR;t)vu
zcg9~6`yDiulzy3X6NY^kzuu)$6ja}SlD*^p(M*Yj+U13eK&O3BY#VXV_&~$0oa#I+
z{^7s$()dbo&pj1%T09faP96a(1A9*U-ip^aUOKdle#|jHeg49Hy8$yVzAV@EuOV(U
zTI_1(p?>xJ#l#JYGOYYJYTzh2yz#%7!sTNLWz)xZFt-asR7%tCqYX2KqiygPRo)Ni
zET2lRw3G=<g8_1wsnjxZZSB2%-hA!A14&L^Yr)DY6?9_hwzBY6kQW6q-d|(3u%CE#
zc*c&(-!vH71Ja={SkLW&>nj44APCHwC8tYNF+$WZ?d-X_JWbo_Nn#hVG}~R3eS0+5
z891mze!x40$!_x6)`EL&H?YF}nPic8N5TlBqdXY=6RjH=jURtlJf?VRd@6A}7QpGQ
z{KR`ake=6DKPTc}Wz6{($%pU78<s_})7|E0(ss7XdJV2yD7G~7*%`Jpas;}F;t}m-
z`-^vb$;LZ-rtZPv_I0LzI`7!XB!R!pCoNv#_>Nx(l(|i8@^kU}{vwCiDC+5Hoa!?p
zgu5|^q|GNG|HkC@@H;H4ujR;sG=*Z~{DvKh&rL|XOdl)K3|HdpwBm;>x_fviT~7L!
zIeB9Gmq@W{>kFoLdUE;~>S4)J%L`_H{wo7@wzhsN+nHUz{N`IiJKF0-G1@17p5*R@
zFf6RDlhgKOcYXfYWOvtI`Nq4g^~CsOcCS_pHtQGNu}22Pxpn^)j3lo^U}sr(`}kI=
z)7VzuTHCp`Mv0!SZN{6;XP7-D>zAi}wZq+;Z~S-1Sa;kO-`9KWIRWvgz~u&aY3`a2
zk^MEP4a&PE33HB8A-NL@0Sj8Z0>AkVS6sUJ{`W)K=5yxr_>h%A{`-vik{^^#>w>3T
z@(H@U`!0N*Be<D{y#t*bxo!-FqmP{IwkK^bavbhhFRs5ket3Yi`HZM&GTV4pt!Wwn
zapxqxJ@q<<bl=8vP4D<@r*LPsIEh=f=nCkNx!82Q!?gT9QQjEu#B|>e4lvd)_QTSy
z0*nk%*$29rg(3;*i!CYE5gf+}>syOYsnK?M#bmA+ci3Br!M3YIUVY`(7gx>i8%gk(
z=%4<@)c%)En}#iLatYI73lP>pQ)<)lg7bA+)jic3;m}Mdm)tIBuEF{xE_dCqz$8)B
zwtJ|1AF*DD6NsJmz+CaS2)HTo`}+a8YF2E0p=<I?Oy{+Z`nIcjSf^8pk?}nca=&a7
zg|@O8H_WhY37peA@;E8nySs`cw-7=CI*Mm6TV7m6zHi!D{+-j^)AL-<<dxz6AzgUJ
z2g2s4Ua4?J#wDaFb9Bq(s_r_4X}0q6fz`Mu>=dHV!TKaGr^Mx9_7CIp!|G;@>B(*J
z<;iV?&3E)%1Ls(=G`2|u*01sY?^nBKlYI0L<go+Oa@EdpL{qOvh^wN;BUYZ{U~nQ&
z1u-|gyf)4__nGf<prs*m*SZnn3Z!4ITh39hp5g!F>#d?H>A7%S+}&LpXlS%?cXxMp
zcNVS-SU8PK<L(ZPyL;o_xV!u2`_CEsa$nR_HBw2&$W1CW^X8pPugASZ)sI;rG5VL|
zu!QZKC8!)8ou~wMXWntdU#Q_-UcNVQsjWMGmk$1d-52}-B3*iy;(G#T9PYE>?^>#i
zD=teuR50y%LFWhAXC?0co(hH%-zj0=paW~z0?%Fin&*3g8n$mMhU3O4FuH|7_qzt?
zz43auF>CFxu#J#HKFCIBkLXKKJ-QjL3VvKYm|(>0U^PVOPV7LipX}0nhdgJnfr$E-
zOfUrPn@p%|9-X8FR%hOy-nn(B{PtgXe-C;FbUq%&UJW;G``h|SdUD3{fR}o_lybIG
z`ts-I-)-!lbJ@V;W}Fn{KNSskf-i8X;w~f=WPs6qS3UN2tVQ6j;*SKT|E`IevOVx-
z>IX6iX^CN|EWOSpf3Jk;Tib)bH{&&qJ@mE0m_`h2z38y{DXnnbdDfX}QKafi?DIkB
zbpb^gv1Ol3&y{9Zp?!=+I-bo$HLc(Ow4pIi`N5GW&;Emdr)uT4_ew$4EgZ3(AP>-r
z=yzmuhTzKXv;bI0=B?^niMpS7^De}C(4q2_-%feJ$Y>V(a_Ldj%Kq4N8r?$Fta@Mw
z$v(J<>pZ%689UotIfm`Wrc7ZCi}rW6R_zhh<AOT-BSJm9ulEKyyH8)~B69s&JWmBD
zK$QlSM{kI*lxSWY<<1$MdS$qSWeQpRx%r0A{IHE?mv0w(dDP=OWe70x|EbTy?9(!n
zj#x&-$&tPbgJASYNH;wB=(xB42i)~wgQ_i-aC`!bGG|ilcc|q8IT4A`;!mzoAp5R4
z)PcC}2uX`o`wc_U`S?v+<9T{<?s>~W0%ofO?S<Gwz)_J4MZiG}Ye|jsfg5c7*UBL!
zYi@VlNyL5Yyc)Bd>)^zb`~BTfHTiWbBSMuX9aeikp>9m?=L{&ouGnR?(mEwo7N)~f
zU*PuV;03mASGDUw^hyu+EvmvV=zn!}zlR&YrE{`5*RzD1`%j^U&lu!s5WR-oq-toS
zcHgUFy`3X1T?dzU{M1O-gn5!h(DX8g2|L_R2LF)pD?d&C#e+F6*RawfsEYL54)zv0
z_8cW^cF*kWvgv*`t^ZseQmH<<BJ>>fqhNe1eiY$Dz{=(bDvMXnEx7qXBF8d{>j0{1
zm;^YGhuL_g;TD{7%VBK#n`1#jX9>nG$o%vssz7^ci|91$ai=EBL6Q30P!(Y{b+O23
z<{LEhZpM)(lfibT&9c~jX8GoxdRN&N4#88gNi;=&(|z9EMsTF6go0r@%kx=W>V;E<
z;6;7*UyZgTM*DkeIxE`^ElWI~&^em+Ut`Cv6|)t;1)^~AxcoAF2*2Q|x*7{+AG+6=
zMLKD_0qU#C$a>t!u36zWoeCf}|2l!j=o%+js$c;d>ZD~7laIm{srUSS&8Cqs#$=15
zg;0D)Q*C(Yg=Z)r_xpywafZaNaLsaww6P!Rbo7cf^Fhxr2DFmokTvsqZhy=~@^tn>
zZAg-*o0%^qTUJHdo01qvqZoB-sD3OX*rquKsA)j93Z7^{ng+~AdU=18HjsQF%5CPM
z6aH>JL6hzfZUrw<(~tB$g!i7`3fX-4xMDo^&=Z>1oKQ(I>2Ecx;ymew8=taI+x~e(
z<X+;?pE0xiB_+(|0({tcaG`S=Hw}S5gjw)8Dic7(fAp=8V;>qLA41xGN$(Z$S;E@Z
zN%|TiQw3+%nsn`X@%q9mg5O<f%{Y~tam^pG>({=2DM1yn>S3vyEKA{Y5W>}hpHS0n
z!cLrpl)=>Izy$tfqgskXcq+P{-@Xz#L4m!q2Zr-SxP$#Em)^mFoq*^OBoKPWr7%JR
zn_yzg^y4N&0Aq5o;#Ty-ELXHFdl^U!znl#ZDGG<*Gv<78s=sr>I1BJiRN+$;t`iln
zn>fo{qL!UEQH0JH*Gd`VB@YR6IT8ufn1<BZO@||fnE5#!okzvpNF{{$D`!d$^U+v|
zRCw9<_ut1c8!H!*B;Y)|N-Vr?5Sqs(S4%%B*Xq$5&POG#Ay`WoGwQ5A6vJcQZ?ox!
zY!0?on6?wwoFNbDKTk>BLhp2jwTJjuB6zooYDi*|{Wvd5+nKpjiI2;&h*zdFd7G6%
zHFBYvYF!aU?lYV$fg|(_Ngr^Hm*zhEDQr|(G)=-zHS5LXE3F*EffpQc;G!n1D7~T4
z|Ltbl6(S<#a{d&lwEG(uW-551%hti*QPMtE>tFkr)?O&1K*4Wsf{m1aUJD&oqW4fM
zz;7#WD?C&gO}}j|#k^4jS=NHVkdrEMga((uUD>{1iiZ#8%imXIx=zN(4Rq+UMTk3<
ziOWHyjtdD#W>Kr3kL8dX?UNflzdRHjWfYU{cTBM>pLz;>^Sw2<&$wQQzcx_8$w1LC
zd!qnl%9?y??lZf@mCBPBPae-c&sea{4&m_iJhcZH#3-?Fatm(V59@Woui(*}7q~(&
zbhBT1Htx;ZWcTpv+&XE0DzjRjCmaY0*P+1TsF6H;O88~MLefU{%0X7~{;}*)=zmIS
zVl3G8L3iA^=66am@pUAMUR10!H3Q;_KpZII35y8$)&GUVcmzrc|GgVUK>t=94{HJj
zzp*km+<;`E$lmz{VS}V@hn_9th;CNM)@1(IWDSoRM}(0aFWUXf(h|miC5i7(J}QU@
z|0pSo<-?>|b+1U5<ubYgH^Ct{(ujRq$pgH{Enpq}6xbPSYMe!jhV0Xa)DT&$;Fz4B
zClu+O<8=N`#HBpFFBM@dWj*=*vSGd^v}jxv#L%ohg>WtUcHnRaC>TU~ZwsU{aDd;x
zycB7B<0mTqS95iGf+I?;DU@yJK=m_KSv5mf`Jj0rDQ!-nDy$Gst}2XBzDi<yz8r3*
zSuX#)-QQtm(a8_oy8Q{i$i66?(O$5#B==k^H>G(~icq0mYzhaaUK)qW&LUST%_4Te
zH*AyW6mo-mQSG;Buke6=uS)8>vEe4OAY12Hg_2v=1^sC<+xb({-@72`)M9Z_Y__T@
z;X_@cf8P&vAuESmbMY#!iM|im@WIw=#T*L7nM5B71q|a&2l+>`WJCI)C)RMsC+ZG1
z$@IYIS)Q!)o1<L8^w1&;@p!s#Xg>a17$$N;17mHZX?Xf}EDI*LAeUg_+=B!by#zLN
zORFFVhBP}76y_=f1@;o3qj2={ug}q@np1W%Pt*UgUA}Tx>w!z#Glt&*HIDG_uwA*4
zMS@cN6Dxcc&APm>G&cqLbY2$nEo$CUJl2q;6_U1!W@hdC5x$thQ2-Z5Sy=^Q(*bB7
zI(AQ=aV0!~u8lxe&{tphO_Jnc@da!))`t#>#?aNPolieh@2)}xGadZ<h@ddYx`pC1
z<y0l^ZOWAY7UccGjB3}4W&Oci-$KY+Oj5acDb$|_n`?a7zd-qr0o|yGmoz6)qnO4a
zHA~~GCvRI|zeoAt&0*r062qHSzWt{`ln9`so;Z}{#$i&E8n+Cf-kvFFJ?INrvC3S4
zP;8u?;vk=Rr(3a#@oqIfwKLr3aJ}@COGg}CG_T$ef_8P(T&SC(u$5V35#Gh;-<Vk*
z_lp5c41avKRu4tNe1H9<(>b+6VLDx@tUMea^A^IUKOHpD29!}G-^*w$Htd_9v!IWA
z*R@IQrnz$%GJqsc?JQ0E)?p&JZBaROMr#cJOs*$+CABV2yQQD581}B$j_E*}auMK(
z_VnN}U@X@DB)}U@s_GfT(49*Y=K!kSFTq-wes>H!?|;CK)!-uzY}T?Rvo11=S~$9Z
zkv6Py$}A*trIp5RaFe!KR}@xhm(fYElS;srio}(^sRDj;FZs5wkyKgR)f1o0dMEnx
z=e#~XC|KM0T4#-Z5`fB_M8~ps-Au^Kq?&rFW9)^7l`R49ol+*Nl-`99Y@<>5u!J7-
z?%tGK_ntgEw*2u@{Po0M^B<bOaPRTM^z}4GW9UJ%N#nV`+xOX{*F76;T-emW%ejXh
z%*+OCt<{Si?#s98U;#jc1|678(BtA@umIMh7vt3w2#EkrCJvc4F<CJl3U5?6^g+-M
zehh{u<ljbpQ(G^nXmprU6L>vHf{MOaKRmo$_a_z6TeG+Ko31cL*jZ7_Nyqdz*=ncZ
z!wrn1r{C`4^)5*l)8_lL@7z}ie*`I!&QkSsS3PSDKb)G-Q;#Fw6KL(cF?q6j3$x<J
zN=B7hJI2huYX~qU3U@F~^w=C3EPo-CQd$h}7=j>DU#R%1KI%)I9p1UUuhwr+<Kl(v
zQ(B{#-#Y>*i~j;P?>%I$qqFo@EP)>~Os1&$e#qoQeOL%GT^h57V@G-}@1~sS0s$vQ
zd8kym{duLjd`nb~zQ*RDCS%3cV1WV6(9!)3HsbO94S4C&ti)dzrXzJ}$r_$gO|&Cy
zx|60{q!Vm~dl?4GV{CA5=+S$dzB>d>tJ<g-fiG`~W3Csmz9US=<7A9D??Gv0w*rVL
z$$Se7LMTI=8s#avNfE!fk=7QO+mY70;?8O(+?vAGzmLl7`}~=XtP4qxRrkURj2tN_
zWWhEfG(VY7kR=>L2^}XLW9#ukD;dVh^CybqwUssC%(JlTxso=lWXv6D&GeNX5XZb}
z%^VBtFvni#%sQ2u!OTOj>ixeHhSxu0)k7uSi>-VQwfou+&ZGZwdyA=GQhEpyN!iOI
zd0VafH7dD$mESzNqQ?5OX$OoK?8FvK(5VLvta1U2!$k-QEX5YgpPS;JJD8`{5C;>=
z6-1y1zy|_WZ=5`^h28LI5F8fFXb#N(AaDWfNdxjJ8?qSEs0l{tAr$Ti5zKKCOfLyi
z2a=38-2OEz@QPu0Cyo1vl*8fxq1|`+<1m0AQZ_?aL_5q@nxyUJX7+U-&-d*`Fmm>l
z+Q;r$lHZ%uGJ)oBzTi=V`uUKEv{N*lT5^hg@A@xl>4RcLfbRKY6_<vf6<j9#aRE|E
zDg*D53WE$I6O`#B6m|Dz&?q^c4?Pscbg^#j^ww2=`=bIW^`|2DKh(8aSrFt8s2wM4
znr@E18d_@aEqc3|q4?ve=e+{@uJ*G;(qD>0tE~SjR8e<_E>y0pZ?Y<kCm1ee>PaKr
z<rY?)wOSc2xa98a;}x*Iw-dG27KjiW49PaU(>x*l-_Ss7D2KjkWAh^+<cTsx#j5vn
zMl(;dA!S>C;0Z;rPWp##FwYxYW1gA<nJl??9qoO-(s9T?-%<8+tNsYUn@WBC`8%ZX
z=HQ>0!Svqjx%s|m`frnF?x9db29gxBjX!w222VYh&67FCEAfLKnkxX>7U`b`)uq``
z=ccaFsF9iJ5wYBvrsds}EL>z9`?-d0A-rc}kIT__);`n;;DvzPL3N$z&m12(2gzt#
z4^Eb@^G2L|`B8ug@gQWC^{?Qj|IbX#TZKjPu(FY*_2IEWPaIHJyuxjJP*(O@<tE6a
z7KYe&Qn|_p|E0dK9XbJBxA5?UmahY*c6!lnHw`&7j$gKz0|wQe*RDS40$y{vC;~_%
zD`}6l?<9hddK<V__qhjeMk-ypMaIrAOjvL0o?iPqp?qFA^6VKX`#a1r%Qo*K4NGbJ
zdIK)@z8rlkdBYcx0qKtVdJcZxE2~D`3(6BGcoIm_n*(4j(Nt|YjTe}{Cg<IQ7wwvS
z&ETWbOFdw(qdjFQ_Q&ukzxKMjj!_v3=H%h8{(p7(MNMz#_hz9_sByKgQELRel*X8=
zrCaP-F7<$*WOqJ*-^aHe3oI?D74p=2B&9RrfEZ$iPa@p^Y0E>3|I?N)evtgXwdEs7
zx~o!O;&OXPhr_-S|0+hmNH>)0U)JX?nEB;fagC%3t0G{^Y6X7qDcy6@${LaPPrNuU
z8A<Q{|9BosKuVTewCYOia9yNiW-pu5F-@fFJKJ>g|B@#CBa)N=8yFc($%-A5%F_tC
z+pK?&yRMSlRKyq{q&FI;I!vV}1IH``(QQ9@7t!TyMyz@>Zu%&H&9f<T@tdt$QwLxi
ztnnEP@wB~URE7?t^$0XHt^E3yicR-Ge?&)=JPOOi!9`U`ZW=zR9AXg6%F5r0cmJ3`
zAeBAHlK^+c08S*_uFK9o>&7Eg-rVO0ecE*z8jx>2`w<o>6;rp8gNO)+1p<82*sf6|
zpEe;@R==7|f)vZTl^(7{nHD<p<D#5s-K0=DGVi+&lnk(XTnmIIu$%@p2^N#*bl8ah
zZMJQS<4h#LF#o@%$?WI)0V0%kE#zzoCz!j6Ev5rdTC66eq{9*!O5Lv9h4HJQ!z(3X
z@#H~T6Cw+|+)hN~zmFWKUY4ifT}?WUIPQmAWK}ZP>>9TA`K{menErs4Y(0Et!`=Mx
zX`hn%|MO0E!gX}NW;F2Fc)cuiLp41n;b_BaD^Xf2?8NhSWAPq*JS4p-91{AnQtoGb
zp{9nGV-B4Z;EFp!Y!RNN$!zwVJ$0BAaML(ixYi+T_LoZid46}Jr^9b=J^JCan$M(8
zU^5*}QC~6nuD<|s*l};MxNg%8@Na1C-m$oq7r)n#ZNX+wL%yVsw1nMsr~RLQ@-w0i
z#gFP{bZZyi)T+EP&kxz%W#rDkM`KuAb!+2T*3(j>bTT6++K7BU?s2#g%q#TD!R%Gl
zSN^(fF*rNWa^A(t{c$Lp{Y^G(TwgBby7M=q{_~a?>xBlznYart)&GD&Xw;c0_NT_W
z#$qSL2`|qA=j8W<%Jx<#Kp?Ru7rY_E;$pIi#5cB)LPIm!OFCE`o&1mBLdi&JUDgL<
z2E6}y5$h%yNf%{C=YBw$yhn8OouDdP{+rRr=UGcta#u^`)C?NW)JFEtJ%cgV<eJmr
zf?{-ny_A-gJKQ&yl63ns!_7M{^Anev-3Fyv=ECrWC$pg6Z;I;s-$&Dzd<JF`PO#<h
z-HLy1XkCvf`fghr>be?v>W`d1+||8k@+YW?w}gCH?WZr-|Czg)mo-O69@OM>Fv<ut
zAlfuJ(Km4T0v<}6cL0Jfs9VT1IYC$A)a2-0vNpa7Wj~$dXx#H*f7(;;>L<<Y;jW&Y
zrFuH>z3$nlRK<T<ES;AdG*sw_Wgm5IS><cc&c0k)VOFJmiZSWW%HG9mXP2ITm%qCZ
z&$b#gT}2rZ{ER@ElVx*9=RwTwP{@L=iX6*=o{ah+{mQ%`Q1X>|VN@bs>Z}epLuO(a
zr6LU_4PCdO($v_T|KPV30n%Tn_GrRtT2N7z{VroYyQpy*Gu#CQf3wMId9lt5I1un6
z@e{m!ecjdUUcY>71strmvRY343`fe+>Vzki0iK(6S5#ZyMwF+}-exB{yVfGUO1b(M
z#AFJuj5zL4qCT&g%f>igeNG9eIqGrE$5ol)yvfYvgs)wlE+DM#(v-_-=lW;dMWF~e
z^r`pb$|KCHhSXWVM+7%T!T8Z0Upx(3#N;LKos*vx47TqADzxKAbqb3x@KXxH(;L6E
zLn1QN_GD`C8Wf2mTq9n|oj{9()cEOV=c|49m46kx)}F<Jv7P#w%d9ocuZq*YZt@Qk
z?IdBA7sE{LRUZ>G9G}PIB;<Yva=Wa_1$*fn@9FJ2pCy(SDFU~mFB9KA4`RPDy^IZR
zpGus443>Ckvj6)t#q7)OBS_dQd6*nX4QQXpIJ^Fk9|Esp>m;Ci#GrRcMV`jK2)ppi
z8p-9wdH3W^z1uDMGE72{3DXizeL)8d=96j{y<Y)1kwPK4_D+w_X&Ig;5V!@gHuX}F
zp;bl{EVfCslH_`Lxopohe*e~`gwX{ztve^4|A?`ocpQKKx-UDU@QR#ofwJ~%Rp&p5
z#cBn)&j2=`5@(Jm?LuGW?CytlCl^*<1*#~vVarAX0=u;upeFH3%J3%9Gt+@KCoP(R
zNb<#y{x*sf_&NciMa()M@tNW&V?Xp)<T_&_j*$&J)h$I-nafgNZ&<rg#ZZV2QEPX*
zpAJ7D$|{@+Wl<@Iak;9X6<{f8o}0(4zd1b!&gr-k!DT{={6(B(>_ma{0n#_UM>D6d
zgE!2hU{m)={eux9LIJXaCbw(xL4)MYJ#4=Z$yPCE2iKW!;T)otmvl<9H&imQ82{{P
zvh;D2O<=;&M%N<40ic6D0t3F>0MG^?-#&|gCo-gDzcJx(mx&1=$)(BMWaloFaNw$-
zyCvG$&QSz}tjzGWW|ZqHGAh5-=AIzNT>U_kfn(x~MdtuBenK>^ZT2f`azS7w=wjQ-
zkC3Q6WHo>6oWIzB^Ve2+pA-0t*Q<SgU*P70?gQ}A^s#Jj=PyBDdu5)tc+54<Rer$p
z0rF3L)ODtKh<m-CpqJU}ZW#0$1RLCIIQ*?3PBwl)o<TEyw5Xg`kABj15TppoM@2Da
zrg_pmD(YU4MLBD29s7)1uE_Z~E$nQQkO3h+oQ&;%NS-Zlv!0Mz);L^K06Uh`a7`?q
zy&Gds=Y}vyXN{)UIlA>D>`|s&lyW@!-Y?j=sQf{7T=r&8a$JaFM?^#w3x)3r8xX&Q
zpmsEJDn76sKw_Z0UvRY8(+d@8S~WZH`_jDH%zZ}IBltwOn{e+O=_wUH_bwa<`Z*fC
zqk&MIs{%+;o)7f%c=2cj(BFh+f?}F$znW+T$Fb3q)4Y5nrikO!gR3UJ?q{LM9^KK;
zqovHeX_xZR3)^cR6xXK#<vFzF`aIa?8-J)QHMhiWR^#lGYh6kK4D@+3reD?@kwFZH
zwSyq4y#@i*DpC_dE<0oshFk5N77fTcQtmU@Os_${@s8<mHGb~r_<z{~V{ktLYh}sQ
zJWJ4r!19iGS@XCk8(~EZf|%3MZ6J+7LU_G!p@B1}S-s*0xzIetln<=9&k)d-*Eg@o
zj5j5dzch^mU5y^|Iwp9SWS*06vM&lc+GQZe+M8<<`fq!Io-frwC#B>#(9tDKdN?kW
zTjlmZe0q+*;}S9&Nsap!mP}$aY!SgBI0RI8*2rPiL??jl7T$GC(Ta7pTXDmpPg9}`
z(O%}&edkhttwF7yW~N$i)f~p(np4Epvu={U(0}40h^xZOj1|tG_Dhhd-$X6%DP))I
z`t)5tb|>o<8eYZTS%#o+wZul5Z(RXX3JF~b3q-DQd<UA!A&bX}6S-HVMVc#Nj5)6|
zo3o4zw|nso+4e3HBItCpW}`h98F_2<XOuNnp`nO*p(*-%q!x;}a{kFI#y0_Tz~-G6
z!?LQ(J6b?g%FDL;i|7FTX@)r#L;6QCVIOf!qR*!yLoi9hESU)T5eu)xz#xuV5tnAF
zNs1CKMSsboyLO~I4+ib3f3i%Sk-0*oIf+yumwswK3yf-FzKdYepb-YGL5E{JMf%WW
zD{P`b9jIqw&tltkEckS{4Z@ddUX`2?Du(lT*JkFABrHWc<#17byT-4?4O1V`dSu<;
z7LS#0Y`6Q&lTpBF?sfCWqVO*1t1fH|?rjSS!StRZF`NJNbXl%5DvtcdXK<SeKW<;|
zU#%VwRkC$lxXWc?I<W0uwVTDv!K7#x2tXHl#`o<Ux;#*A_gf&k0wj5hkd!%4UZ@rk
zC>f203Op^d6OL8cF>wOlXb!0=-$)L++rfA@p+{6Zwf&q&yXP<M<{!d?G8o<*#mmQ$
zxtzBP=N6mHp;!RaVhe2ZRId*nn>I;4tt39HsHrD72V5OU)(<q?XVG7ZrK6J1q6Xy3
zkn)qmFFuAm&)3w|c69~l5ux~(uJMdjIRMhCsu!yz&cl?Qy9Wl|E1)2R{p7~!#TO>W
z(fQ(cL4s+boyQT#15yOQt(>p9))NExxJiGP$*YZ`Xa|>z58On9!7y9>>#jb(S?kfE
zCa}MDEtXCiea>~RKX37T)k)bHZab{R=5eq+3K+%t0d)Z84#O2q{*M2CGTi<IAz>Ge
zOSYxh<bd_4i!`A=>s)fJE><>%RjT8RoBYuvSHJlHo=HHHC~t!cTj82a!oAW#SjC~3
zMOm=mVG$AOST6LWh;{w<<am;;?Ae0wr(m@JeHJNd%J#u<13+YgN#9#;cwl3j<0CB=
z(fl`8alsbxdy%AYw8A>2`gn9iJM3QVopvorh3-Spv$2?%zZn5KX5=<#ITc<K*l2zl
zo{magwl6o%xJgZ!&yMRP3LE;;|5HP7?{v_Mmep|=&$_88L4zrFu3Orf)>L35i%8;~
zS6o{oiAY<8rN#T%){m95s5H$(IJjSW6&fn6KOrtT-HGXK2Z!-li&%EUVY3Z;OogB}
za>1=~ao|T*6XAASTsLcWu2kG+G&^L@zuC;`j57I)O3vpvGP`=$d(yVnN;Y%*(0fvh
zBFI+-+OCg&d8G``=Vap>#Jrmdqxh|<%<tVN8E+a}^ZU3G`?!63mh-%-g!yn4nN;dg
zBqG|qNb{peTW$xX-=>XL+uwzmWBqXBRVh0C!vjWA<T?XhD*46Yc6@gGy?5n(b{&r<
zHwc$A!KyfM9gaGCStAd(t()XN5&IRO($-!e`7!=(A=$wOc7SmbdeERuSa{j&ebdK}
z)PGKY+kNFc{nf#nJ7)yIDxco@Rkxf4wo1(RNAq04LKI-v$Q!AgwV@8%emhp#1T%BN
z#{mh=YD}XQX9dtP25^`H{0A@0#&dZ~v;eVl7r)uvXkHA@rl_iT7d{u-U9)TshhsKc
zUs*g36IvH`t#F>SS(#^LH?!jEcui}0_eYGYyJlO70K?8<t5>Hl*)eX16{mTziK~zT
z&C6vQw~fnX{5>0=u1zaGq(_Mg;UepWyH9+{goa$4$8fNr6Lu2C*~{;L%StSr9ZvAQ
z<bQh;Sxzi;6kjfa-emL<-Q!tG#x7MDq9#|7E5xqXteCXmZ`Sh0Yovs6_gd=be8y^|
zRVf5N{ZyWlQ4aPrPs_FaaqxXfG|O5eM$QJ4l`4<~)QwIB67VxFWal2U^ObXvKy>oB
z3%75Km5!o3Z5>^qLm1>M0SO4SbFjbTZ}f%9+3T5i;^w2Dj>q=LB`7}}Q@tp=SWJC=
z<<sA3^=-NyMaaDZ<NcjXMR+iUFm{E`w>j6FHbyM&Ne&r0L$c@dLHs++ye0-9{=?c~
z5Y-yoLq@*=nFm1~fG8z$nPY&D>(G<O<QDz*fLYP499488wZES1f!l<eo1WKX8??V$
zs|UiCtV9ckCQE^?%O}DCEr;AS2PXfkH37ZHYFVTFh*(w_pmWl~AHbo|NbaYj;6SL$
zAksjtQvfY&*Tw;jLP(d<>qjMfA?dk1mst9o$$WpHHJ=>jKy34Fd(PdzJeLS*eMh6~
zHhaDlg2Uk(D8eVlfD45Zp`i2y1KL9vqf-8XG!7B68c?8re+0=qJte0r#i3&aDan()
zO~Q=_IjNBSHU-WKanYkO)`esU!1lqD7yqNDoQLQm4{`#o=psNEml(xAN1&^qRsb)d
z`*=L&dklr1G(d1#eQ-X3@$to(ZV5CAUca6+1b9Mll5c;wpT>4(c6RrQnL5g!_Rf%v
zSot8n(9nh%%o)Ue!1EM#Hg*!cW3rj~ko!o#(3F097+UNEZ6v8QQ)hVURGU#}Uk3EU
zh*$2(@j)`J$P#|?88ex^xiWRPte2{FfqcdrFDuVbcP|Pw#NT+YO+8aDMw~nzHf-uC
zYz#IMag{cDTn87}jW3~_snbxqeZsAYH!8G#2P_Soyzzok^Pw&L(};Re%wZGfhkje>
zPha)4n&3L^_dy=I7|v|8`}O*Xp#G+$hIgmIiIsnUF<seqT{@yz{G}N=6Z}3SsXxGT
zgglXv$oe_$@#im1V@lQCoHZ2ViDQ_SZiI&#OC<f9Vv97c|5osNpW)Lq+V<}>o$nnd
zWF5@%o-Ln3+v4ck`fsAR2J~<>ZM{fBRGO{LIOL<)B29UFeNS_^GcSJ~WT0G!g7&6f
z<`NzeP4YYjd-7+m?>mQ4?rV`JVVmRZ%74Eeoh5%6>IAY({6PGuS<~UE%IUVTJ#Op*
zrp;S-lCqS|c|)71l-!FA{B+UjHj{A62|3X#f|IzDj5hkjKbwQtcC`@u#D<H3ru1f&
zSOx>OLFDc8#xP^U-9wk$(?ri8!;u~<oSw*}mUG2X(N~!@92(Q8au%n;GA$Hy`Ura<
zxQin+YmX7l=_>qN*9@Q)d|XMMI&|Xs(J*f|P5s<j30ydg86BbRmr$s)0_n?N>E{e`
zd8;%g9ZxrWNs|-)*p9(=L3V#v@c)&h$IkmTtf|i~q&LQ-%Vhl#CdL%?L0;vz=9&~k
zq~ld(%nMj&kFLcYss@VHXOHK;)L+{AHGfTi$jJ~PZ}k^QpDbY(UNRq)5;00ov!-S6
zbsBHN_jnBhEG<XOTKkc*k#F;Q=e9U%(WJit>E#kTZ!fe>E|Dm-SHsKl=4MenvIbk&
zz3ZMk1YEmbu^6WLe@J6>qliFJOJg}go8XzV9=6szf^Vnqcaw}5DnBdSpx<_b8_HcX
zQgnHQ(M@Y$)zIw3G}L(s(6;`G6ZiMbBNp-ZBpli2+zSV=znW$w63N9!+&r^94Rv_?
zh$>}Bddm25eg>uI@4|*JZ~Q0@Y};v2eYe8MfJKWSQtd*ytKZhmQ}%0OEJ`dDm=^DQ
z7QwsJ;Jp2m>d>w0tR850|3H>hYu_RoZr48MgttLezqV&Qq59o=wA^tsZJp?~zcgoY
zJLXp4CEgGn@RgWuL}htwL<K8`-juq0*D1bh>U?rXgiH8bE0qB@?i3B$WDTYa!kLby
zL`aXDiVjWXcI-q|;&zO)Wa0oDXVR1{RIr?)p#dv(Ra>S2p1eo*oeuT*Z^p%WaN}FX
zANndo0qVaQwFY!m=G<J??@lU7DR&day)<RXp;8sE()t@e@wFjjN2BRUrDN!~OLHzp
zD`k#481qQd^+C0sGb0OdQI|HD;C^)qbh*kOzXL7aWGLvxh#3!lHKAy3e<Aht3y&vx
zO(=lpFQh)r&=NBO%dC`n)$hM|=jKDRh)9#|p}~23CCdppsTu4)#46F(nEa*0--biO
z+D3WAH^xS*?pWX)e0X~>Y6f3yDf=d2>|(99&^%$jrWPlrwtzFu?x>1*y{6`1*ruuN
zOGI<SbQpPv&KyvJ<GB1{4m?;Mcp=R`m^74#ofH|CkDas|&T_Hys5aVOJ~P>0K8uZ=
z9GHE(%R1QZ1G2qfrqUEfvO9ma$aH<)?mq@dAHdU64j=5BQV$=DnojX>M5VMi*)=!0
z*!e3EWu_y=PO_2=Y$b&!30)B&eWIz){9E4h*<G$ne@`2&dw#HjiJg=u)#Bn%)aB-w
z&iHCkdRn=Q`2BWA7pmRm6}p3I%fC|c=7P(^Zjsx@#V&<6Bgphth6Qohg8j#^MU31s
zd;^UW+t()__IL{OY)S@oc*FT@`OIfvZ~4sW8|1LXg9%RT<i1AiWU|4{g<J0h&=?><
z#x(la(Z2g%ul|7Lz2)ETTwgV_^1tRp$BMbO25q-P#W#og9i!8T4el%YK4SpUkG?~H
z7TUgW|Iwc5WzG>1=!-+^JP1@VL3{kBPM?w^*P{zS+0;^JsrDuRdo-XTKHcs8=dqkO
z7b|Dthx3TExaT!_0mW~pkzYA=3h3z{ynUj@pRxTLBEMhqADi7x^D{m;7NFlb|GK}o
z{5<KF-G6bUHu#ix)A*F%yW0}8eQ&9i`^;kCuXO{zK=TKOUzm#ux${gs@pX=eMOQfP
z?$grIivX2vV3ehWc{-b9c*k4y=C3t;R5hnKOe+l(I!vE|q&Kn^9h;lnd<=x-P9D~y
z(&o=wkyy&sT=`5?S}ZmHtE7mQ*v3CjPVMe<Aof*9uGRSb;q5i7Y3=rqaM58pnX_^u
zJJC_Ao!@8OY3!Uk(~CW)S`+)>I>oC>c<l1j+MwcC%>H0u9RUa*tm#TXIRVuN7Ze}<
z{LKfFJn>)RojFiK$dhK>n2It9yiac%B?^z65N!uq#OoljqeX!V3SM9|A=(K74jjT*
zkg^iC&myQc1icu{I7SF$VK7-OR7&f~-jAP0f<^}qET5>rM*?C5YqBPx^93p?k?k29
zOcL5|>%%!rS4KO*!C8k%dAx$X9(_JCPANh-UoHn=tnpIY_jj6xOMi|I;<w|rB!DO0
z-RijeRCULw)5^(^Bqi81AEv-`kPhlbK7H@0Q0*uW%RE~OdiQ+2=Xye?ZyWH>f(VGI
zO+Q~6i&BetZ_Cb<xsb^L+=b3$9|s1=Ub7Qy5>*aSwO~}#JvML{v45P^s&{bLeF|9L
z3YvWCpC`NnP@6t4ob5iV(ndbd$#PbVNI6Q_Y-v?s%stuVe~B<X&29`~(W+an)UEx4
z#%<ijQg?r*hzsTTiWSGds9(^Jazja|_<8V}Pd2C>qLec=u9f;*Y@JKJ%S|w-3ff9d
z*0?LR%HR_juj$G=rq&edtHe0&Fcu7PdZrc)Y4Wtl?Y7f5d2R|tS&Cb!d37p_=0wIM
zSO5iAtta3<0W_)TQ?aF*g!l4{+7wTCtKS9CeK9y}Zh4!O4Ub~lp1&=uh+Qr6#zg$f
zIcrpa3P@E=finO$M=3%v#hw!&oZA$(ROGEPmPtR9bc6a5l2uVy^C13Uu?V7!hb?mr
zxVWYXn&_jAPk(LHM@dvNhhqy>(wmSvX`v6ekm2+h_kueAh}G5;X&}^fqg4zT@1yYs
zE{79otjL$%Oin4(v=B{!qn|bG<B{XRi9_}2NnC;Ti3KqyqdU;6!uLb<5le7E0iz(c
zNhP$vfvOOBFtYKakU%9C(m3>0$UKlx+9+I85VHoEoEcC=2(K_RuQM6K%j)CxJO8I2
z<YWM;`9#39{O#64)Wc7D-AhvM71JbgjJ$Riph1^lf;IW}U3EZ=nR;zRoey~t3Bl+N
z#*NBJ$}g1DY1&oq{FRz+8CAh*DVOBs8d3o%`I6BaQqPENso{gV;x)O0x>|euv|$qS
z7UsA??eyVd)BBbrwWbYGH%PfASVk>u|MIhX^}HomvvxfW;WqtP8Tg+LscUxFG0U+G
z&d<#m^v>zc7Df?k$F{~1nI_35%*gVZ>OwACCkZ~L0AUwXx>ovDnL*HA_Mj|P>N_+|
zD}^8^!PV}ry?)T_j<<;lvS1626p`IBA$iM(PN)9oW1LYqdf=Xa>tXQTiMpG%OHD9n
z&p(4Yd7X5cYjk7ttgzK_&Z3~J$*zI&E9*g~+*StDLJLko*TO6Ir!k|vhp?0|wjR#k
zX9_W?+nqv@mu*^_!U1`OjMrkjpL7BJ9NKgN`}Jc<-7zZrj)W(yl0D{JqNy`*R102!
z$99+Mw)PfWY6t>mb-G-9MJ{lLEh!|w$Xs1N|3#e^1VP&>UF`p0&iw^`F4HRAcmE-s
zmQ}AW=y-mC!2Js+ZbP&i<>(Dn-=@R=0D7BM;?QFu^D?AnPPfp5jdaVZmbxKDxPRp?
zbyGrJWASu;5Pt<$fv9&c0HG0v?}p&s@4RGY=x{GVNS{-QBqLXm8|3J4qmD>0xv1yp
z6JUje&LD6p&K)$!c!vS-7?JcOWcU0@$h4QeE(rI0amWdY-x(d~C2WoZ+jcyJUYS!E
z=6l}jhmt5gPwc~o*iZV=|E7MVIsZuJt;t<qE9YPg|F9)1Z83D^8!5X*P%s45ULRs(
z`96{DQbKxE?N0yDdJVH3#@v69x0B3WMHvsbd>`>O=&grU;OiJ_d*rU^F(pR$FzbHg
ztNEA8mRPyrP|Oox&^w@V>2C0qEzs=6Pr!iZ{bl2@cq_MQDogWf*yz>^n(9Ju<Vh`1
z)K-tH#>k-DTI}~HuB2GAsqo?<c1O8`K#ft`Mnp=o-fh5PN3d;$b9Ch?rC^OwdAs$e
z>sj54pLg5wYtCtzlR<AR&B=b(3xVIYcRAYP+_?UnY<qiwfecDX5rJ6eLTM_Bdx^Jo
z@&b(fIPv}8i;Ou`wTMiI($pQM=qam!dD+*DprDTftE8Hoc(NeU9I<$`SQ>PE@q&R`
z1+iI$0RkQt59}EEzdW;+$>ban9u#BC5q*uARg?Ce`{7w2c1XbcM3z-(7HC+3e)JEf
zxfYFx6%8F8Pn{zbGTL9B>vtK^K(uo)P#vbd9UJ4w`l3c7CiaAoZXV|5azxv5#3DYR
zFWkK^)1z-|CL-z5N-usfVr>h5C)kRnBPJ^?^&-Mq_@MbCgP3>Q5k>)$ECP||CC!bB
z(_^3TCeCrnHCB}UqJfzvG>n^{1IV3RxZzb4%DvC-HZ0LzfY<*!wyXc5<EJF6dhv#r
z9Zb1-s$_PdDS*cW;NN#K|Gwc2P^h~gD%s$+JyJNup1;a-FX=@H*$xTgCg${@*=P7)
z*h1E~Y`Y(c{xKO)f`HNpzMK`loE2nA46wvJo$_AIstUUpU?^FHtKt<+C9Fhm<UNhq
zpp|ZK7+$ww`g&{8vzE{M6;#<@&dOJm1}y#_C1V7+Thg6R(Tf5e7z?N&s(1-g@a3Qy
zc~xUJtlweUZ>w4tI{iu`dXVmJe*r8BJPvt0N-#VQ`y6B2=c3$8c+V9KMFD5B$7A{K
zhnGcR$)R5|(mGye>*cJx0}aCo2~8Z<D*%TVV9^BdGtuAEec-}uDwh|3pqr6>_<z?F
z>ri*L(nGQL7^Pvq6#zK0)P}S14BL(wyRj0!QRctu3?K?G;LtHakgRGNAd2OgMvMK*
z&i=8gN)p-@q|uL&uf%Dd46s}`|C<%OoMmW`c;V|l_SI;(AlASxQu5u~8Roh)^s8sj
z`QMGaB78O^Q5SXtEv~5DS@lmII9U@$8^((w+I%OdQF7O%<2dGMajQqkC440AVmO&!
zWGmC&L-Zcs6mLV|z6?er4}ON&Vimgrp{_W{5zucqRQ?&V=WJ%cs;Y`*c=N-_pnp5Z
zwJ_R#^gE_)xkAk~J_!yDU=AzmhMIh9W9-HWXfu-P(3&w9-D$KFb3ulcrdqnEqiH4I
zYO~p{d8r!hBYm@n!TGpl;@ijh@Mq)Euf0N@ko(qx^euHfM!LF(lu^pT8a$N>H#1p^
zaagEqZ%l9do2E}t1<psKqa4nM&z70dw&Byds>AlBsObnaVnBe(@hITCltYNXL3NJn
zcINxfPapq=4{gw!|0PrM)_VZgb7$6NVb<q}Z$VbTlCPx4$Hg=smB)wi0IX&6ZJaRd
z`nY6yssEyQ(=7m3Or8H9zqmUuEBeB!zlt*POD5(*tCxb#EAAAl&g<@>w$5vRwzo{>
zyYn5N<L0U$=7v41kb>XczfE8RBh=%|p-=a}ucJBWEHTGFu;=o-xmfIf%i4Vy5p3Ik
z7@m`RIC8nlw)hxA8!iJ^W6;{ijXBXPK+Aq8s%YaO%a|xWfy<{GP_o;#B_Mra`j~zL
z3J*Az%o22;kY$2_4z7vGL?dUA`F^b&$S)?1G~8UYlGdb^dxEsC9JGH}%Lm$*{NJMD
z?40q=`oC4hhd4d3KNy`iQcD}<N9Z!l0G+cI_W%akYkWT)<sxdG4v_|NT?#1FRm*<B
zhD;-;p8^e0tdcyOU1$QiP75VU`0PO;xM{Dp7?dSc$q?=rxok1O<FsrEnv|$y4R;r_
zLo+dS*1{cFC0oqw_a@UItOF-ngssa5A@A1)fxO5$BKyP0Q#wM7cDe1?OiIu*`;0Ns
z*20$EP%<NzeFrRDwSr4lQj?9A^w@$ZMeIil&Mio%zDanp>QN!#z<oTj_X!F)wL4OK
zvi2E}b>Lhur=sIP80R~MdrIIT0DnP{UqZ&rAi$-Qrope^=MkX&4dtyg0rCl@eJ!$C
zDEUZ>F^Um^2&n9RUSwE)R@6Y|J`b`zTsT-fV-B=tIAB)v3@)54bRSI|n+PVE@7;(T
z$Oz~nRQeS!`x(rH7K;dEjdltsm65`N%ObS}CJI?SYn9dx!fiq3{Sxx*gL4-8Lyne!
zpT~>#fdf~NV+Di}I=UT@!<&Gk3Y?KAGxI4&?+Cn-AoFDIt0MpRh6SgcZ4K-flJc{m
z{=?EIL&k><Kh569C4x3K(rE!Wf&=<c1a0J@kn`b+O~Qo+If;_3TW}LQ!d3tgMHGg&
zqMh*JXrTL~Q|9VW;a)?dqs1h&pn&$YVRN%R6bW)?RP&m@k%AybsTzMAu~3J~Cb%Bq
z8v7)_5q;ba4KemPus;*L9aj6J%Ylt{_XSKH<MvMc>cC_qnPCd14d1(@saawQZl%MI
zG^3ebU<#I=5}^0`?GJ4i8^#7(TT1YksK>xg$`#D^5BVgx-8&2__Y)HmiOba}9^c+S
zOO>vUxWky?79*0IQ`1>dfyU4kQIbiY5!)M*o4+05zg^Rqw*6e-W%{}9M)z%mZ;tPM
zgD}D=?rx)Ch_P?rQMQbe%MucFN#xnHEkh1z%{AONiU6SGBhU+~H}kQVOkGZSH_AN6
z_cJ~!!+U|ZXQ>nYo#7n=o@t(rmA&?p$!fsh1K#x#LT?Gp>7QfYl1cXtyIJ@U?JjZO
zpE2ds&p1olHPfXe0v}Q~Jj<QS8;Dz!07o~b;OSu{QYzkQT9y5}TVOc}`W`2w(>Y%r
zA4T>8NnQ@_-A-*_0K}7B<fj*xx_|aeS$3b7h_(bTm!cF&TzS?H_H9;+cCtg6CPBN{
z=;;wLcbocAu_niQN=)qLKWhw#KNg0waWu-E);G_=@k?rzi|wAp?P^T>mGVZZ`<0qU
zE&9<k(cmH*PQzE50<4U`@%%G3{w6bEG=ydK<l4E-gc5-auuFY*Nf>3Evr8y&4VObU
zyzS|eP#vd3Xh7lUz=)Qya8^*Zfk$p(2EB33TA^vP&c5{I(Cd9|vX4homJ|ucAF{x?
zfH&5~Zw@(PX36nfXIeFi{gL0JN3YCJDGRc{9IwR4Dxw|cuMKLw=$|j=yxJG0!Bp~A
zWTwt_`)#D0z|6YTlXI4xV3x$jnfVQW5Sj1~1VNgj<G&KvECmT}?#;Al7bCu$Xp91?
zg0!iH3DLC?n&OE<`#nt615C*v#|u~+!pozanTH%{lSn*1{Ki<jwy<`5PW?i=J>Y6K
zC}z7B9Ykvj&+)5&h{6M*jteCdxU4Z?;k3*)a6rzH+HXO@fmP?oZAW5qj;1?ijEIgX
zYDX2$AWDx{=T6j&z~VT-;k@iUa8X0P%z?5Ny{tXp;k@iI;6c_L*YD8|Z%JNc^Gw|2
z-CHdSDnv2?1`CalqouHl*eE75%aYL>0lNd4)yekc=l%<MYl8+Srr;0*;~CeDp(v4H
zM3}Zw{P6Rr(0Jg1-S~M3XbK2llR`WqT*TM!)%c><DrAB)Q6bj*rf7yrV;XuhgmIft
z+8`Wj5VHa*-n|CKhj^8TC7bNfC=XuKYVvHD*>A?A)Ler`RLfDWnB)Ckr)Sxe=v(s6
zb#TUEJXc2uS{2lInIRJ`5-eI``|pY3CaQ@wlnIm>)|>jU#)Mnq__l<ZQ(q!^QoVJw
z(I-Z_-qQn;1YAOFPBf$*(T?2%XwiQ<dOtq@P`8?5v_U&r+H$~=ZF?aH=O+-L6}ZUh
zg`BWBAB{vu$VNu!$|n&}6^~}#9sPMRR=%ERAV7sKX7$T6h;bx>k$lGhc=Js>I}e-e
zIDF@S@Y&fKTcI;(zWP)6=Ub7OI@8Z%@BVy6oX<aq<pQO4<fr2QNFDPR!Z$-3^X0io
zN-F5QmE3$Ek_^{jaAIUeh;fqlp4(}jmD{&E3ld^`*$AO+eAj!n7Rr`X^>uBCBQxUn
z6ociHRdT{tndRoWex%YHHHeqjbT^8t3iK4q(ZCY?Ds~&I;uxHduAJgDHRsi4eK;Jp
zP^+^V!l>ti-gF?&W8ckojGT#{nBpwRZN!(q?I*x~(k8(4H4mt3!H4UNd`UC?wzHHu
zLe+a}el0aQo?Bfj6ONuYpu3H1ko8eOQd9vTO-ipUcu=}Gb|Sn|^?cpG;={t;645u<
z)ge;3Oam#(A_Zn%+g`+h7w%J4FD&W^OkDcuDs(y5GVSzE&j;+p@GG@1@WXo8cKGQ3
zt?Ig(tj=Y`bKLo+`f<$!etvv7H8dIVk1dbC^|y~P@5n~7gS}`(LVI83UiNs&MJ;uq
z&(J*r%55e@u?3#&@R!Bv4mAO=HU~zJNOaQNG#8=o2f{#?o=1hOp)%i)o7KieEWcde
zus22fFtlghANJW6d7Z<ix(Xx-a(Y)&k>$D{>S)0^4I+Uh-whk#o1{KM>Ja&F`Z!Pm
zu+Qb<ev-Fuzqd`@Sv8R!&zcjSDzlEl?(De<`LI<qiN{UBF4KpTotyb&azM2z*tklD
zy+2d(9xLW<=3EQ!FyA|u2}V@WzuYPhy+1SZ?+D%xW4_L@WKAZnMZGP3@O{kZ3s&5i
zFX!l9e&`02KP7xrdJn(27F-3KE5@q_)bIDpH@46&+U!vAtyvCH<WrU4Fx!mMLXQlz
zKQh>EubjtM1>a8j_@Anymba`CB3CgiW>xy~-@O_>dR;PApES4JAwlmiIV|4t`gu7x
zQqmtjHdgKpu6y@qU=u%)8X$SCsOo4<TmoDyxn|nB>l|z`?QBImt7H-1mzqE3*7K|0
zSshN(*-o3Q$3#}!_+y&xrF%bD7jHD|{ZhyA2Cbs)=P3wGF(iVZAx)S$?l_^?hgJ%x
ziR_V+vkvcIZ6)+Yttb~ZuWVtPc>PIc!;;&(yHo++f<D$Lo4T+c-xOumOD4@^*4;B4
z$p%z53j@()y@umXPR4p{ax+O6OmIyxcqA4wpNx#aN__IZB}xynX*q3NH!Tui#v(d+
zc33(QO)+izw^N4j3v;BxTf-BmvXmF83nqPEbtR=kehIBFmG0g!7AuT9ev>lsQZF;8
zPcPzm1=1~eB4KhcT<=^(PRNBVZPhHGmpbT!f;9Y4;h#TG@p$oVS%wxZT2_RB>6E+b
z=MyC38Rdy^`3l|K*Z1EKbj?b7+*#u(X?`Dw0+C6m^q0-om6oyB(`qm8S%7%M{Lv95
zysfT&VtKCU!_16Q-{WtL?Vk_6`JtufA9k2*RbFOk2J^jVkuDWvjtt!^Wnhy5`QmZ|
z(Qf!wQ=0|5;!19oI*FQdj7k;ch?1i4aNa#aTP3N8PoAvm7&a}}^VUeT6%sGXM4jPd
z6DtjYw)(5>>O>SIQvhpIQ|(lPS1aVRe`S?S7v{28tq}PSyiOE(V-fJf`KbI8Y}@J@
z-Cp7OQ(MAw;#79p(;t=Qb;ohQ6ffSbdZNE6F*7>FSn8QY7Ym=&$Iw(#I_1*}HWLPJ
zh&7LTQP*(w!17L23cC}@UuesQ-PUb~uS{2tabjz9*{T-+xT2xmC+2(pnm8IoL_X|E
zl6p;wCOZw(GEEj1yPc3yAm8}>T7{x^i*nY<8%54eza+`cRwix|ara1rOu%m9@I?^p
z8jJ_ctr_!F;$#73V@!l``W}GFEqn!}#LnRSEo~nfn<ZQlKC|3DNPReax=}K=C~)<D
zD_?7=#vEfmb7KV@vqH}ikM0`XZL%CW?R0P?5MQHzoMT)4r3d^;o>(=XZ*)X|Ej(tu
zgXD8G>2G<S-5$w^%!_Ut`spR=#id|2<4`FAB|Y?*h>2h@3J!j@>^s&Qb@oDvk9*$}
z62}^RkS;-ONea)6f~SrDAus0}ruLzT@3D{)X_?w>{-yAI<GRyZ2REs8ne{^LuO($+
zN9V2rlPJVLjR+($&05eUugl*|En?#sdmykuV2?|dlge}vtPX*<5S8c*=>G<^@wUCV
zzza~`|CEXf{&Yb&mA^{p5T&6~aTlUUkLY@eo`S7imGj&`;JhyK4uP*(hmB3Y8XI=}
zE6rIhKC7wmbC?Ey3S}jJ^;UYQp}zqzn5U?JQYSE3otBdAD?7Ilxm`8JH|nV{7Cmo7
zlg)#W^YT4`zbW@c%}4NNWXH|+ZTVQz!RPliWy21o<Vl>K;kICOj@G`r-zXa=3l6aa
z=FaF7?SU<kV5lGK`b*)wxo(coWs@B#+S7?R4~wq`{G45$;@f$UO;pazc@L(ezfHi7
zqq+1`%IieB??orA!ltJkn0~00tPX1c&owR$@z7V`mb4zY5k-XJ)j{}wNV?|W$eu3x
zizl{i+qP{dn`~?w8{4*RJK0RKv29~xTVJ-me@@NZzOUb#t~b@y-RGR!w9pEBX~Ae*
zzc6H#x)y6u5n~NidyM>=W)NK}6logNOiiSc19qEA>@3vLd5*vJ`XVS_sD3s|F&p(w
zevKWD;H~<c7*34qjlY}bL!<US!g`(1@-Vw<j5WVZ4_-s=>)*km&gmE~PAo8B3uJ%!
z9q@#Kn$yuFt~0U0S&R%4*;T*`HEueCALV!MC;!S!l>M+jEov+X)434W=}P}PE4LQ6
zbh$=p-MvOo8_Nso$F@Z&=nM054&_{?`y_d$WjH9|u!1zGL&T9fAVKoIY?Q|1KxhyN
zm*1}+4PQk%n<nSHA3D5PG6{s=tp^Fmm$V@ZgBQ0!HTHK}xeA{YIfn`R2wC|(x+G0l
zL#a#YyO3#<bC1ln%5yT{+~_(N#uD*kvi--y5Y~tvOoImA5?(`1c*}nMQut(+3I4mF
zOQP$wKkwkH<H~Y)2r)<cz$+<6^a=n0mjrxcxhI0*@^Xwq9bKW;Y5p8+`#0c5NQ(^V
z-Oe(YK&XBbB~p@AgbfJ;COD$)`$Xk0qm1LueHbmOm3y|-t3!mhr2h_Yq}Vx6n7#xZ
zICIE=9r01n%1?x@xRrfqaPL1x)5vc>16>=Z2?o2lCs4NsPzGfjwH$Z(C)(?vskIi@
zl7<1;AW7K$U;t5YpoK&`GQ9B7Qv?9)=BCe4{}ny!B6I};fj4aB;s(5H%*fw6J!|t2
zq?d>3j*5S$V=_c8_&MzS1I(y6o`NX=S>zX!5>fPz;0d9><VbT^y9&uN?Tko}0&@V#
zfEjTq)bwX?UeL9WTYQICL1NHuzF5E>JEwo|?-y3&|1(#t23Z_IT`<Ah-%7sah}Sa@
zz?)BPL(5<rAt_V<ts%CKUmHj;IP~$|^iNK1$Y5#Ef@kXic@0p?GzS^I-sQD#W^}(U
z(X&!u+Z-~$KBTPLzxsPk`aOCPC_nA6LRE!#e0&EcsJ-WZdukI}fdHIUrn*A05BVHy
z+(XXM_kI2To1)nj2#R@%fKo8u6=<=?zMO~WDha{9v>)(2fAKg!?#f&c*&P-HAg-AB
z2vO|Np%BEs<OVp4s%s}1l4Wt*C&Fjv1vo42@G(1KfE;K3<{s%SF%nv#@sZ6F;D9Sl
z{T+d}<${I_qy9@tlqh&kE&j3?sQ`KYe9Gdk)ROv{?M<rui$&+-782smvTq7f3c>Pq
zN)O<`KQW4ZrOcwPH*Bl%vPwFlRClT@f(||zqEaD?Z#8+u*f`GgyzbYg;s>hCRG?K=
zv(+1w{<?Ak59?^bH6fP~AGRL<s8S3$_E-y<D1Vv>)pKGt=6?<mWQM=;0<`(DE9c1i
zLcX9}Z5Q4sCFlKdyDSA?P$e|YZ*4N!Sa3e)aTz#C8p0*cVV@OQf74Jfau_}A3NHRP
zp2Rm49CGT9YUprD@fV#azb*ofzEzUafABJG)qtX-T7d-Ssbi>s!}}M%CQJ5`C8Ly`
z@wB|c%L2GGpSatFqCE>mvtTm!wKrpzn<9%F;b(GcZnl`V<MO#^qWk)DS*xnQy8Rwl
zpY-;uK4ZnGa$f_%pE{dgS@D_ZMJof50|R_;zG@WZblzbW;mY17PfeUn!#IR@g$ZMb
zZOg`-;Wjl0(5GA~ml6Ub;t_9X-;5FSM$NXa^(qUwu0H<3%L;>8FPxHUd$h4^g)xcO
z^|4d?fCBwI**Z)*D_;ZRg{~2ftUC9GxyP@HE%B0TxKn+LvIlr;>eTl7OT!cGFVY9T
z%#aS1>7NF$a=MvYKu7+#XUNa6mp*4_|KY^ue0{^C#+M5j8)uKyj;%0dy&)jI`qU9o
z>B*s(9%=W_J#P*3ge!H61MiUZ;Hmz_mQ2Dv&f$?KCX^Sy_737(ei)K%+QE2H1a0Wq
z!Z+q4{^)fU@Ag%)+1JZK5rO}lTq=8D+b-xOt3eo3z*tr1LyithC-1_JAS@=U#Ii8O
zGBIsz3;=A?gjwd*Gu&o`txO{`sltRA`}a`3a@Bg!y_WU^%s;=0zsdO-4lBR}t;fqB
z$AabnI^n#(vPx{(U$P8-m4-GI2ImS4eg%f-#RfJC43A5Uev^#p_;Zffx2kpv8fgV9
zE_abQ<AAVVNDN3r-SgjU>Y1mUd~sGF7LkkR@LmBeRgv3|>YGfF&{NP)8BH%w31SVF
z9W%60qBtrOcEOmgxD(#cI~HFAiIvCD#Hxeti9A%To?qrw{I;_<MLj9IWzO-=oImbU
zL;sNWy1RyDaKB{XusS!gw@geJk+!WXHfCoNSt=+XPf(q($k@Ip;ocQ`Q?xtKOeNoO
z>+z$P9qqn4KuYRhpJ3y8_Cd4c_A9fb;;XA{8U@Y_Pz-?=oXOLn1jFSi)$li-=O=Mw
zz+Y(2xon$3sVVzbM4i@oU@B1AyEBAEQ6|5AiI6>bTfV$--f>Cy*hZJ7tV}@m_=1t;
zJ*<HwPJ2E6H)_uB^lN|mb%K{3pIcXcBnU}hj5OMzE>vcP8mafkv2osiBF+UzQnV6U
zh{04nM^f&l7aH$={;*1dXSYM(>wrT8QoV{+sCu6;DpRD7{<;5Bov+zY1fMNI^jfd-
z^LF?0{~MW#Ve|bWlc2Qw!DQky2R9k=rlr9!I<r9t#T-c5odQkiR1UkCcF<HOxfGwf
z*dkQ@!9mYw9S1Mkh%(w$w(U=<_87b0vJ~k~>I?IGV*KP;v}H7Y-!vO$?P5?2xNpXK
z!=)oaHVY>=h#I|hQGyEEVHA05LsM;H=q0I$m2?x#^c?LY0wB$!gS%t8V`6lThr9D8
z1~P>eqt|h7Fiqp4iUeDt?V(T%+E*ZHVg)}-ilXg#$%lvGo{DV9ggnzTitY0yctedj
z_Gs%hS&EeY2+IqD&gd7MT@4&_+(*Ma(7NPIJAA$ZAsJ2~FLB~yib~qI&r3hV!sbJv
zTq+>yZ-9iJdI2ZrQcv1xS9F1%Dx{rNDtab@r1n9Cxe0c%<CSr!)K*fp_-Jl0`+>tC
zkN8-QqE{z-T{Q{`EkXF}ZQu(swl#G>M^#~znW7exo5<?Kk7VGHyqE=#BPnUO*&^A<
zWrMv4YrOzVH>h(9*#s~zwQr%9*ZK1!&%)RD6n4%U9${EZ6tt9~$8+5w=XA=yN)7vB
zWITqdsP{tH?xMw&M!bRxI!SC)=TJ(=TcMMzM&K>HnFcM5K?&a6Va^H@Le`Tr5xI$d
zbDo2k*%nCKM(lv`i?JCKMj)~2KP#Z&%l#5!x>PJdov%m_Ua_GaXM#zJ0SZR9p*Qk4
z1)frYE{A^;a@8@$AcND2=im{MTgCtbF$Y$IKleF|u`P1ffDtFs8x}Kf*rs?jmT?^S
zxqxv7l6Sw6qK(<vIh96>u>`rR={Y?aF@kY$UBHYwQM55TrSS-UFy4T0v{L4VFcF+t
zm9qws3u@|BZgjk!GI=v9!1w-@Q0OlemR%P!kcX(*Po7@OgX>ohfeu@9!DE6i9J^F=
zYgnPD_>JllSblKLU0ty@ZRoea=AL5^<$3j$%{VRn7hd`c!y+*6p+s<=EeQAsJ0$pV
zE<FT!uKv0NOWap=S+~r2`1rMXawNPtGc@=#%NfqRE7x)HEj_VCa$YDJqhBTRT41$7
z;ys1B=^1D)!>2X%x=^%Z>2X6`4O!3>d??sbhF1Tg(Ubh}%}~-U3Z4Z?LV*IdWxVTc
z@|0R{AJyWYO0Fm&cJy$i=6o4$8u|I`Oa1io(JB`A<ID5zbx5KU6!_&9G95P^rfS%Q
z*3zNxg5I;HH8P~aX=smFxVpoOn;Ww(W!pe!<d>hy^rfP$ww%r+*i$PG<eP1`h`O>%
zHXT1Mr9WyqbT*3mDEJflu{_9ZV!xG>w_xCsWO1|HCEfg-v`MD(UTYWI^6amz-RE_<
zz<8d09b@n#_y-XgbTGjcTObsY0P4a!LbO8>-TBvc!B-tF&Vcs7Z>&pshSXWc)Fb<r
zluav;jZ@xTZEGweCZyh3c#y5J-;3=aT6?0L|1qXeE;@oC9siVyjxFd85U?q72)yNa
z!Qw#cPsZFIpaX0x8^AxPXkNSx?;F59(trA7(;ARHujumPh2}1)`enWL9~xEVy6Gr}
zDSPO|-M?pjyL56&kE%<Ko)HSJ<OK~1$q!C%fC=0oteG1)@YehtN)uEds1R7R$P22V
z3+F96qT8Sp*@n2lf!;PWQ}>pMt6`#cbP-5Fg>h#rtUGX4Lr5#Sz?PFO_Xvta`9%|X
zHFbwH<r;>rWXXjMTmHNbi4hs8>AL%zzVly__@f=ZaWUL0T#TL;*Pm~K<YGVn{@>~&
zuY^vYvVPtQ#lyE_z^+fe?XR|iX9eUoFapJ!7t;GDuu!7`+RW5KE9p8G_!Hzbz_FRV
zTGv;}aXVGp{>gHMejS|@3&xfXx|b=k)~il`it)XS?hair?dSa%e0$@@vm4mXg&8i0
zm&W3hpahaE>x7-R5oxiDttAwZg&!8O{Gngn{Eh1C*;yf$X=%3dSDvTO{LOCNqZB@&
zGBp0qs?q7@Q|j*<kf8?q(1B+q-mZHHH#e%2^U<rA9CdLXxesmlzhcF&%M|US$Jd(d
z4|SZ^n$FL(Vjr}i8s*B@njlnNVEXiB@MrJ8ZLH7R1+lS4KL@0j`_>Rh&naBqL0sO?
zFpBrdkBx?{AJutl{kAy0DmFE~K6F1cuNY5g`TvvQzS}?r9enz&ym%_JTlSf4mUtd4
z9+C}m__b;zY!I`T=<pv^FO(6?9S=vc8YH4(#kV&gld8-64pNu*AGDR|bH+yrayCRF
zU+z-yA@4PZWYrY&`5c$Rsq+!NQ6E3hS3(Yi7s4CCY}%8^FJgE4cM)GJ?ngnc`sKi9
zfxHuHEsPS06;DF!nEE8au@!*#&y)#3)*b~buvdtj=(gf@6=5#r7qh4y6R`8^yb;;$
z*sReRH(RmOIg3Aay`!f3q!{_JDpP{=+?<`219+KAQ&oR~oU(Y_4yPBiXdA{*i4mmF
z1T@&Vszm1SLrqYVGpH!;jM*h)Zw?JXZq@OQc-3g`5%ayXWK`ZZ@VnIV)tzkBN(xf<
zHSf*Op*IO;5K5;&LP<~IKmim%q*(F&BdLRQ%Al8^=||HjHA883aMSkajRsjNsg4zy
zsSO4RYBl^)>EiKQGT>wRi=gLoZXj*upJG!mQ;cKRTv1Drs$k3LdM~<JDs%sePsq}f
z%UQYiY;4#v4Fl_aDy9hQO@k)_$4kv6^i}Zc>pll{aSOuWv;F6>(+2k484SB+`yerP
z&6c!7`AwGn?kOih-qnUZNxnsqy+dC8eJ_roiKz^sk);el+}Uc4;-Sm1AgW&9A5+Z3
zHg23GyD2xk-cz9h;2pOk##LI$C9ad9dZxjip-QWslCD~D;30duP=b-V(5sQU0AeA1
z@gH!#7`9GIFz7nFshDB)BGI<~g@>efgS&W-RxlgYPzxQ+5UyP<nq|SJqMq>zOZ@5Z
zQa!qL;W!0Cw{jwS%_71=A|^tU@R+lrY$0_GQS->Ta;=9`Ic?)Yz@-D5YwSj4-a5^t
zq5(<sT8E@|-A~1FHPmr$OgV#&weaLlj@EkqIIgBzJ`Yw$J4-;axsk)y&BE07wR(MQ
z?OwYvrR9Vb*SG=?k}~4<Y?e*q*4-|@lOP6Z>KE=b;3I%Zh-kv3b+%Lpi*`k#j7bE7
z2o4=EpKiMl*DPEg6KftE7LpGSYJ{SjrdS2eLXh+Z9d$=Eq%*9Q<HBfRZTd$~&oZt|
zy_f@DJx$1=oFyO-S3N$bPl7JjP}!vQu}Sg~h!zH+6jACS2;WzQM;ig_;oUt5S&}38
z_RQk{cw_l_zMq#uf$q>UUA7f^NjdR|e7F7j`I4fqFITnd@U_vHR^Qj#Yw%$rSm2=!
zpSDgr7hqklX>uz5RMhJ}>X)3Y&SxJaLt|RhHFAOb*C08Qaq7us%qQU%*1k7gfa>R+
zxRfX6Bqrl{fgWOS?e~uN@f#t?2cgAZf5n<F_xsOj5EaXsFWud`IJl3iUA-^Fj90;#
zh|e_VmM>GwFGJ{$Z<+4treM6jYY2gfCOodg*>m^v<rnGO{sl<wd0bwaF!BcDzK6da
zbHdj;o<HS{W^q-c!;s-@Mf9xUY&YCh-3&({wRew8i^DkIs)R%If;C842M2I>-LZxT
z1NZOG24QzMgSwyogVQB3pW!tn^zX>IUa-DLquI!w#Z%#d<-9&1sOp|QuDG2I170P)
zPy<FiA+or>h@T}j2xpVUob|_g8CL;RzJXUpynacFmkk-oY%^V16HiRl(Ao)@j<mO&
z?K=LkD^3Wy(OO)_RopfZ#($94e;ZjNjR&q^AiNPYK*c~ml7@W{SwKlo=rdErbzWa0
zr!IU%&w&0D2}>V|l*0x8XC$f@j_d^5uSq0l7W_@@AeH&IS<xi)*YsZH9V1TGevGyA
zzLXX|$l;_XB5g*tA@$a8-Xks<k;*=ADoRB{b!*MshFXy}u)AaW2mH~~vPW&FQBHZ2
z%*RaT$=TrI6w<boTziLv*V?l^LlNrSfT$d0u_nOLL!{FvH=S>M&*Pp#W4MTO;9~!Z
zb`c?ZKFsTfxu~3&#QHG$c9)HjbuZvaF!%Ojdinjc%p`o0&sI7nAww1?CZSGND{s**
zy(4ond6iT!1u~>{;KLYA4z9-4lK&M5VfnDV)7TuzNH*8G&ybR;%c!8kEgL?UxJLR#
zW7jO1OJ`>k$2L(wZa$J)z*sUqqscY8eg026Tg6aGnxluL9`wKvMdJ#ByePm~QO<C`
zBj(Dfh1j{;2FkYs)(@uXFAm<u^x{s^z;+e_fB4tptl}%`8~Xg39~KC4Z22F|<63iH
z^CY<0ANowXT6g_Ut1AIrt&-6*kbq?fAbzWL6+&<nu=avbVg%}&+_?+4USDDomak>x
z$_)hge=B)<Gol)g+n}r|)I=+AoJJmVrMaRE{ePRiRYEvm2!8z9j@RFF|3UeTzhZFc
z!mNgRELctzVgE;DBJ}xj#Pl?ryKM67D!J;yQtwZmKeD3c)o|_s6&aSk+s@^j#4@j`
zx3_b=l*D36P-I3W?Hf9)re>~Pd995eQKwuJRntb~(js~+q)n8o>y>C#*=dd6T?g#r
zALc6k&sf??((Rk3w%x`nE^p3DUIrC4wppIqzdqz6YO^nD@g0SCE~4V*`(Da)Q-#gW
zaP;-G$!>Om5N^&}EVVdS$$4uXL_nP?J&fHVZn0q9Z7Fe&Mp#PVxVRWHPi=Zrd3c4f
zf*!K-pX`&+NbVumgEh3MPVU|2xmqPoN)+0QsjDA)@>|qFg3iLhb$!m-!C7Xg$bLB#
z=(`J3*#Jxo4DrA1;fhtjQWAj&SYEn4FiDUTj`ffv`p9RsQsQ$F<UA`ZV6RcbEB*Fz
ziB>@ktoZjIeK#8|<g^jr99bJfK4q+NDJ`207b3FJrJCIwmd$dqB7~)y_Pg@3Vxv-a
zl!p%0)Svpqc}k*jL09c9tBXLoE_#1O?W0_2lb2)K3OYjfJ(Cj+srz23#p8X5nA5wh
zz*t%Q6X0DQ)qFk}zX{GgRQtA+L2+bFGy!!-M+&TQRsA{tA2;%VaNAYciWR@pk%)_B
zP=(hAb4;ewSyULUzq8!~hqoRXH2P{@63WsWt{eYl_*Nmd80B>;p}tO{l<B<%j`Zd!
zh%K>-(=?9ab0yG^DDpAp6Wl~PjmOo<VlO_gbS5kB3@?>LZwRz9n7VYex>6URwtP3)
z*4pZiS-9DrsYnD_>87z*sjh#gUaWnmMlOA)9;pBO?nGZEgZ<JVlJUW}6AWLFXl5o6
z4gsVsz$p8YjZq>1*a255wxZ+l0d*mg2OcHJ1npJe?z<xibkPnlfC?b#ZT-qqjL--f
z`0yJGkd3Gtl|VU|8`ujP*tY{19|kB3U1LDo467v~1>+|nlA3@5b$1c8S7J|Eaa~l~
z2YB7WNQH>J*=$7@=C%@S!|yxun1XOl{Q^;p%HN=^G72s!sX9X^(YP@Sj+Hj#CVQqh
zR3j1XN{0+M?Mv5gvMMBeHmBoWI`i}h_E5Z$G@s^k2d>Mu2X`yclI!`}vF~~flv5dr
zDxkQDxU;LER@*C9uX7UIx&+&#yEfB#_r2n4Ui-}XM;=69yyC}=|2*<&ko!7isf{-4
zF)Rex@ZIvC2_HequCVs(wq=FGyH~fdPn*uIlQ?xKAv%4AKUG7mg5%__#;|us&p5!6
zTdFG*C9(;YH9Zhr4CvQFy^uCH<ZlgC#QfoqVNblrlZZKxMkqTK_G8&N^ol?H9i%E@
zzq2W!@S3)E%=DUO?98Q(=rq8Tb|!oo0(rEEtJRk<&rs_7DS`Q2fb{rO*bCmdgTQ3<
z%?j84ByVO6E6OYWQ@tjo{8+s@rCjzOeEb9Se-QBxF8@I~&612-$UnIJhJ~uJZ#eu0
zHDgn2aw}I;%(L(MB=m>v1ST9rT$NCsSFY5<4@8Rp^(%i5%(tEg(Fq0#Z!zc`23+!i
z=nUjv_{YD*6Oexa`)-==OAm<uMLIwMv8TeZAfTFvPHKc+pQGYON^%cEw&qjfL81-h
zhcPOQIN!fsj?q12+>3uC@!kowePS`_zC=o0sNE}m+KW`>+E`qbf25CU&n>~yByWyG
zpj&D7$i_!01zdgk_s{yI#3~8s8{v)^k6fx=Kc2<9#{ZzA7EnJ<jldFvHyjD&qxa?;
zra;Fox2Xe4%i`bjAc1#jl=VNw5)+R(<B!c_UPD$E?>-Nu=bC@FA{1~*U#}x>SWr!+
zU?X!i-FoWmp7NV#T)O{YNxNcqEqxs?<M7I>Gnc;WG5B7mdmAxH0m>q#I^byI87fF0
zb~mCrYl=2b-6#{p1PMs^BRYZ!Ks`F2Y#uxbtrhK|6b&ou5cd~(#VGLuevyPXMMRw8
zoy(I(jzo+Lw_iQ+mkVTM%e8Y-Zq{hV{YfwUZ~eCrUp|k)=4_U6@RT`pLqe#pU<B7-
zzHnDQ^msEQd-|lL2Y-cRP+_QoF+;PDCXksT+DTzqmi*^3E!&9M>Ry>FiA7WkRr#oV
zwuR#?9a%CZxP~ksxN+TrDtW+gwZ~EQX5VvfdwJN<f>G4>jqf4&X0<4-p!Xw6D$@By
zJ`N$#-HTdz#2(Z?HFtZkcdE9j{R0lI-4e~6jpvek$w6N;Zpi_E4}Y123t-hY1P(RK
zK8l|*^DFt~+O0I)I<ax5j!mUG1+BTWsJS<9sIo<XqPa^szI;<82kB`!tQATi4_g?H
zZwqN`#`lHP5?-Usx~@NgFlE$FR3FX~1Jt8X%T0uM?_y0cTWc2Da5#~*kbvfpb)SGZ
zSnso&y@E1+H9q}Ui2n%j{`@HZ;-#=J)!&r4x&ht?>*}6zKQgzF72G~w;+igWR8E$C
z(yccd&8y_Z@{4Ip>_Vg_#ETNfV3U|gP^J;M(%*Fpb@_}ng(-=!RTl8@ano|JSCt<&
zLSsBV4Fx_n#Zh7$9V{nMT!DIgEZ7HoiiaqmPW>pooqB7{VV&9zkvNz>@SL*6r31b3
zf`pLfX&$uNY4HPVniJvmvqfDx_Q=+rJo;>~1O-0MUCDgh2lVuqD8M{sNeG)-MJ{So
z2pcmZSn4#CXPN+ZuixQMwQ}k$+fJ?;V1lWM*C>z<T|X4-CFAg`FjH?4pVrZ_ZK`Qp
z=Sjz<SvVHMmJMZ0+V@S<Kh=GezXTUjPOI4Z$Z;c0eQmtnjGsKsv@|R0ZaI6m^|p2o
zstN5cd|Exf3fk2SO^3hBZuL$}7>uXu?ygziXwwM{t$LQ+ySN$zIH|~tMX5M!U%BC!
z)nvo|;eF%rJRUoZdDIBxW$fog<lOT7>w`%nm2r6v<{mn#9r2r&lYOhhJyHvjI4sG%
z7n-^ksimB1S{7L_LgOn^t^T%i1CmAyVhe#3y_%tdb^o$z_jRIO=C-#<domhbb%Z~L
zy?(*l;1|RF0s%ozGI*b5@(krKje*Dr)prUJ81#%s3+3v#x;aZlTir5-7FTT>N$M<_
zqJxk*s^-i))NfuqR7)n64UH_YA_QZ;F+tLT+ltgEsaD>RNiY%nWF&CU1+1=>o{X1<
z!ny7@;?F?Z-}+UeDljjWQgS|wNNc2~QC$V0uC8xTp<`6UI;P2|#Vjzk6{Fz|<Lea6
zxaX7wm;r_xzv>Q<NA{*bADv(ThSF?*DHA~wBtQ5y>N}sC(dcevpaiQ8ABgGqW;qGu
z#$n?U$iF@h9rT~|*S_b$bip7fpt=7}=6Mri{Ni)BO4-O=D^4C~U(Itjr~+SI!oBBk
z<IG_k-<4}(S&Z)0>z;?Ip-Vb$Z2bIYgI=l$vRdO5<=y_KKip)^_L}R>Oo{!CdQ?fB
z4aVx6CU=yw3t}A7>?BL8sl7_&OzMA>Vrh4kVlJr5yWG#Rk;uGKchwTSQmAzGZqN1u
z^VTg+`Y7sItz_tpK!PM}hnyR~dGf?b3nDewfj53Xu}jT$k3RCeUdgxC7NRHJfG6wc
zAfwPN!LTWrTrS!_gYE*sO>@MZ?Rd9#$usmqo9B49_Qg}EkzQf#v7w$9SK4cBd{nre
zc0R>kP)l5jJ&q<r&-lk2>CBGxN1kmsr&(<P0vyyZ>SSies#%rXU^n}*Easwsu`Eee
z1^I`<#F<t_*Xe6)BMy4@^fz!RxC|Ck=G1tYBJ$$*FPO5tD316=LF1xbx~O*Y^I@an
z@v-JM#D`Pm2EB)JCfnF()5Rj=j#FiMOTGB(hUSrCe~kXIKcWXs9xkKTdzvjCeb{st
z_N&n<(*w`lkkSX9=F!t{$}B<XPJ5m=bI1IS%jWez4hIHe&Fj;H_f~l%6X9EJAfqzH
z&FZ}|;U{xe-h0gJ`#u}f`<pXm-r<&V&&KXav0eTYBBGin3It=n)r+t^)fXzyq9%e0
zxhFgk$Eg!4bd0__Abg+EtLOt9u&}~Ibhx~4>MUgKVpcp6c!RX)2N@h!2*V+W-9iRF
zMJ7-iaPi#GnM;tCboc7B!gEB<1;VJqZN<-_!}x{1DV5ZCk7x}A;U$hMvV&{HX8Tsv
z-NJNm4U>4SAj>&F23wt1Fb2Dk*C&kxN!<E~`X8NF2nMG}+`<PCh+4rKe&Rhwb**k0
zrZ4pXRIN6tOl2QYPYn)C|B)=|kepaVPWx#3MTtzj0)ziMWF+cF16anf0}1}w!c1cs
zfgssIgY$l~EP<v0*W;))3G@Ni`>3qM=M@s=puv%flfk!)@$rhI5Wz&m9%Sjrxdxih
zo(A!EQ)3uJbp@oH$!og~qXAl&2xq}7QSabq{YLu8Z?OM&#{vr{|F0AsPdZlgoOkfZ
zp)ZTL{TD&+l9)0KkCS}3P({u+H#<N{!J+Rxx3VX;s}dvYJxYjc=+XfW&;=oK_iapN
z{R@fOL$h$MnO6>61U_Kqp+n*s1yGX<`{0H}4EoI*7rBS6ffo-@QuWv;?3=m#0Vd)Z
zpcDf67JRd)|8CZ)nqTK6x2T?!2dykr!N?B8AzCqP#9=TR+c-v?Z*e8dAPCP`H27^W
zY_NW5H!U64P8JpL)T5%~h~%0f6WUYB|2tQ+D_<-@x8hCW?LUphqPm`}8w|;$m^LN1
z6My6Cj-L3Q!bjOdT~ZhgS@IHb9Ud#$`8q+eW7R_eCFHnuIn7=fh7jxAxv)USC(Q+f
zt$U5NxhT$ssBC`hJJ&wCFF_T?!4Dbg<I@l^LFyBco_OeQU#r`MDE+B?e?0-G<6-g$
z+``SD4NbMnuo>C8^ATRezVJ}AUXOEUA#9O^lZ5Z9ff5pfBA-sy^!_irjrcg&8wp|(
z6Y5{a3CNrMo5<EYIDe&S6-Plxp2`FNgk|wjV0`xPn2$DxFTsM`kR^xyhF85iIF#G4
zysOV1y$dUuIFzgR98z`9Y)({XBUaWE=^j<b<!z<HDQp#JUTyxRM~)Vh-XVb#nF+TL
znfdLm;~yR~SV$os{SWtMh4Nfd(b!K&(b%y|IpnYlIjS4B>M07y96J~_XAYDU&JJ4G
zxoeV^_ndSn>wI(Oc|2<@{{<_#b7Tz8CTY^~+KZ>|@Po5=8L^F^k#qpT^U+M8072N`
zJnRB`BtIm8vOT*9JkbKuckvijk^hj!PDZU8WVR^&0>3=m#j|=iXqytZuo%-eYVef`
zqrtm6yr`e-FnpDSJES~My0kK#V8^=pqQw3inST2DGN#k3v(<mEB$ZjG!4SOo^Q94?
zX4t7N%ODP-)nuy7IJzZmPxSS*9J5;Vbw$jv`^B5Wi0o)Ts@a9=L_}vMrcPf0HuH-c
zI`WH68V7B=P9&b0%J01=ajL{nY@60JobLUv0rmKZ$UrqyT?SpXLo-{o0}13GUw)+&
z4Ovc#nn?0*30SNFgKU*9FG)@OPZi5W`f2GZ@kWZ8gdcs1)duHKx;_w%=5cWk8lB)6
zjq+GJBfdYF*hs8^Gdh=Gck_?Y5X>=~V39FvF$7rp?jSr_qJ%gJf250Lj)YGSH(n1L
z|NKenEGbB-N>K@&8M9AT!6w+_D(j)ERpGtQjH{yi6+-|YV^G>xkkQY8x0l{jRu#rY
zU@dDflT12?+1yC?6zJFeU9wm@R0Ee^$ks)DrqO(VcM;#W8Z%vr@C<@taM&y0=BB~m
z2Z4E$!H>_8qXkgsY>2%!-m<ApL1<<ZD6CylA{%4?@j1~5sL%*wHDN&X^{abIygt!^
zal>cYuN~_1#YSeJ9Z|P*2`n7^E2CZAkLYqni#XE?P;K~O#UaUEo!fm44EZBph~-3d
z-Hzu^VZTRMJ)geY0b4blFdNfjRmU^<Arh>@eB&QBY70wQXotszY$g^eWq4#@hK44u
zTp9hk*BlHibU~bF7b*xW9;+mGrle8#n-bbKxA&V`dtNt_+j<wG<`<#VGFI`hl-SXy
zN4L$|1?Vp{d1NwuGI>guRdC(vDqN<6j)4P$oXUQ5{kzLqC3q!QIA+cHSW#?YWf~`4
zj7+}nQi5Dw`iR3@`hyV2OXsJJ0K#T6k_{&%8XzihHsGtbAVR70cIA$z>-IfJyY<2g
zS2Gvwa2aTF$ju&!Um?NprM0rC7FWo5J=vg!_=Wp@3oooKz0xI&Z%fG<l~AZ3=2K7V
zy8Igc&h}vX9?m~`yWWpz+KB8gUqDW>?r2AQI`aMh^j~R-_IPa;7v%O{N{O=Pu;QTE
z7L@rJm6W*&^Rx3te{H^YZR>|874BCrXBzgJFP&|giKU)B$(nk$b5V{9)@GPm7Su5G
znk{Ic)@oZ<`RtudLb8Ok6tQWy(;l5poXhSTRjdqQn4He26(YDcsfAtA5Eyost+aBG
z8=ti)(zKrRXRo9h&_mOI6f)B<is^b4{P%J+?54yRc9MpO;lPqmwx(XxitV&0vVIU|
zK8wK;(v-=TP=;X#?e(CH%Oz+3V;7VGZsLlkw=5WU7zO(6B1MMl9!vp9sPD+dKYWls
z?;J0{f1DsUO~&(LYTv7+@$!Da&Tn0AU{`5~Frvuf*u6PXdAV_!St)zVOR+$3Ah9qG
zn9{sventLPO8pu*CHYoLVIf3`R8twtb5|pOn-KYq8BHR|wj!UiB3Os4SZ1~On`TX}
z^|5T5T^M4UH9gk(#I6V-oJD=_-41Zs#P1lc4km^x;;FW5mIU7Tv;T7o@CiVgQ2AB%
zA937H0ren2KVXLzNkj|Aq30*UyiZ{A&d)ivJfhMjZ=}Hdg=3>&TuF5iiU6b`H-fNV
zO3EvqYNo;HLR7>^k=-+ZpTBk(xqjR-i+B@x^!>nvO(c>-jcHMAB)+U^?)ek;2uKaB
zro>6YkI1!<n~V2-X~uZcX-9_EpX4C<IkhK2wr%A{suHyx4o73H$nvSZ(i^tjVzYx1
zld_!Vu<T@^F1}v<<=}Vhp7ysm`teG(r1)V-g^8G{G1G=6mv-|bs45|MgS$P9XTam{
ztA>ajB`Ynz<vvpr%b_u~IZXsRv~x$I)|BOtj4}1thn|b%(@*E0<jiF%^gkJmvzQlI
z_KYi{X(Q-s_MONZemee3lbO_Ooaf^#Z9$e*_7P>slu?c*#gs3h@=AzWDxqR&5~ZI<
zsK{HP?e}^Q&FOyOL?YlSCwoLi!c#|i!vHiVuDmR87?U^Tjf(%ff1oaRC7A{!K##m(
z=JZ*gQ@3B`bSVdT)j0(tDwD%|7*ada=RY>y26T`(-X<iO_Jv^eYb)%Q91ppRuDRQu
zBZ+zFa{|2Ze_`Exui#$H%YJtFG$d^<Y~MG`f>$)=6Tr1)-2G8_HrFDwIaBKuSmFFM
z_N{0A%}mAk@sY#x!^@BJ^Vi871dG5Ao)aJGWrXz4BR++Oi?ob8WNClpUrI@0IW%N4
z8_5%D5wv*t+yA+?Z=8OyRyhbat7u|L^$;YnVpP4(AqrRrx?hy0{ORNwSIVo#t$~r)
z>dU+Sd;<Bbc>EN9pI>bb#Txw@W0;J?TNA3=hq(INb}rUGk(e`{Jr6mgfo}Tp^AvQ?
z9jUb+T{YS6&B!<!=KAibbDMVKD2<ek$ZCUj@8~Wfa(oD7G!f{qooy229~Tm`a=vVO
zoOSllgrX3i)Z6r?yEu*0!8@rXcqW6a`cX~3T<`a72!ww4(3ETXMR+qjy?PZX_!-y4
z6{wiwdLHM#V+eKw0hx7XZfcTf;jv_rSnjz*UADS$iZK*USgr7TCAP~dj@oB7M~M(~
zLnte&!)ERTE8w`#HZkujHEjKYooByzp6&^|2%BUcyDZxbUm$sv$W1!O?9DOk{Yds<
zKBu_LWXr_$@O`|rHqReB_Sn#mQSgg}ld^`SkJ}|v-NAj<lB2I_ZME}t=6YPFw9eVq
zqinT`PJw6gHJc-onI~sz#q!ZpKVuD#R6Q$8xeS{P2UOnjY|YHE-_orlqDrA@)pZ2c
zs#W+kuy<;-Cx5n#F5AqvxA+eedztnLr7c~KnP2$#15FdOHMnHze|wRzt%rTvKeggD
zL}#19-rv=^4M3v<m(&@_lb`{{)ET3%FPdFyKqR9xo<QW-{|eHC+6NTi3?PD|0@vOV
zNu!~F)Rb{(mns-3Q^7BC+&zwfl&Rf2eO?uh=eqVrv57j1sVB2fmIeb{u6|&QLH**O
zaLI-E-Fu~X|H$R&-Li_;Yuygyd{E<>dZR;-X%Q3%tX=*27TvYwuvRa@J}Dz6#lR=?
z_h1>oP74~6ek^Ugx7*VnL*LCMB+#CpJ0{Vd?>L(48+p>`v;()aI)HPt=#So%T;f88
ziX5JuM8I2keT?0hOtIi94O#K$CPqpit2DxL(wQYhj-Db%(UZkBrj_~K+5TZZl(yny
z{~^`Ktry}Anayx*eYZ4)X1Zo#Q*C{-4n}SLu10OW@=C_g%xU#2&)vdi2q!1i+94;V
zN>F#lLCPHG@yS3>2jB4E_cV3I=f6<w{^_&;p{bSYgt2DMNUNzu=n`@m7-FCIdCA$)
z;qaf$OZn41m)>Xmh|`I?iuUE`*y!ybGNtQ`wq!KV-)GXPP9Q@{LPY_8aczBXd9%NA
zR9zeA$Wh>m!J@xnLrsOm;F4>In$3QrgK?I#7Fw1Xt&Q_aIXVa5d9pKYW2hYSIlZeL
zyx5|z8EldBSq@6>=bC2*e#KKR%b8}%NcEgk#RQJ0GmG_C)BtpwqKxoyjxK}_R*vpf
zve}gZ>R}J0*vCnlVBk2*@zSIl4KtqF+|b{R*GC0h+2bXt!Q!c!*zXrfH{l-;{{w-4
z5NH4WUfF#Fq%U-|KrvT1TSFVG94~48OP>liJ=n+`pIYhZQ(lyzgrPhbVg*VQMWX?>
zS+16!gu+p~4V$ot5diz(fr58_u26wlJ0G`Z-^y1Hdc1<HEYCif|N3RG{a%;?F_E@l
z;${>_dLDeKSD`!Xq8+dRiV%T*BA4IFSCmJr?*$+pk{x#JjQS9oIK96<p1Y5(yO*a%
z_RDkY5E?d~xj=6XjQHB0j5vE*p@eX*))cLJ)HamE{qh`Ke%rAkqT-|Za`%hln5>AT
zM~nTuw+r?df4ie7d4~Nba@H5$QLV!vkc~7SLG{fvE+fHdushM{m^DGeK8d%ojH~1x
z_x_~7+7<7VX_6UZ)8;1xC0(H#B@685VlMA1hxWC=*0$Uw1N<+L>sB<z+TCIT<2L+3
znNES47Wx6NaDs}OFV6EE+T{-8tL_%W?axEs*oz#7g@4k#Mez#RmT&*^d>*K$#ny(H
zCuR7^bEAPr?8o|Um_O>`?~h;^pJ-(4`za3Qy^HTm(U}&sMv*Evht|i1j!ReUG;~pq
zI#hI_I?U96OxDI2DzL2uGaHOU@6?fxOT%lDy!@Ij*}eR>-%WO3*prPc_2rHpV^TVO
z1^+Ci*p5rG^myE?t%A9Fznk3Ow!V!5$E|ICRNb;LGFBwgd3X}WJMMYo*d*87L$-Pd
zFW_M%bQe9P(VB#$VgwmPr8i^Uvkeyi$@eCGWDJ`%o|!~S!U(Dj{f@hU{EKhvQ>?%u
zcpIatB(L_DC20yrHvZu68U^V8x(*YvnCPBM5Gp54Up{34LJ5_VAoZGqyA#o20LHO*
zw^JODYK2CCK9dnbQt1C|VN=0&6YTcxG*XX-(I5VD9Yr(LLtt)S?88m{6;5tb>lq0=
zEJ}X7zddlYx%f0^{q*_ud3PzpK4vW#`%>;-+#S0Ao17+(G0ys~BsFibAcZHgE2)Z1
z(0XWoS;uc_m#)x!v?1YOR3Rzh;8h_^0%ZVBx28TMp*XB8B;mk%W6L}g0dCeEw=A#Q
zZA%J8chi(KLK3iQi=RQiX{#?wZ@gj4zqMPLU^0%7lwfj#@UI7y>+1NBkm8^e|4Z17
z(``Ip8f@0%3Iy`2-`_?6sw@(6Y!*5CZsKw_fb;8bv8~BYoW#1+GGUD^X{hJd58+kd
zmU?IX6Hxv$p3l|RyKkvv@iGB+u2W;t)N+zqp?J}!R86PH&~Xl@X;V5$>f=HJzUb8r
z7Jh)Jl7^TC{^u{X0jyB#XL%`;jDo1jy@BN^-Z3{d$3^8O{&cCz1-Oc05<{m%tBx41
zu~^t~*IL-6@rQB2nzS?j&t`*K#81l}y}H+Vua4Z?vInQlJH@lZ&e1#t`sJ!syO%v<
zfCc(vr!1BcCK3ub5T|uH2Qk<_c=B3B0t*m~4QfQ-+|CXKBoihL{~0VJgvEd)!5pTG
zKy;6hdiEK8?U5k!Joh&Nwn5X3fScbd89eC}fv0g>AQ4P+<85GN46heMbE7Xb1K*{@
z6AHhLaclf4ij$_#u0Lls+bFQFw(F>Fey>%5!^qpX`pYM7WurT*GVSSX%wmqei9wJ#
zJ$-lt2v*9h<q;05Kp9-A>#%EiA%U5@L;ni5meBcB$i|7%=7u;O1&jE(pf$^i%fQ!Q
zw&UzXQ&mUU>=nCpir2iTAYXDv)6SQ|0U$vQequWTzv*YS3oLKco_L@h5W^A?*Xkz%
zmSrggFR~+lc1dFzVWAs^Gl&eVeHam-8M!tUk3fgttaZ!}X@NVj721#X`UL#lM#B_a
zY3?2;xu+8m^KhwD3trB1An|EbMl0A4Y!b8)Lv9Rg8s|7ANk+?NuU4FP)<(;YDLzRR
z>0gCRx9eD1ZqF~Hx^dS>GJ14kh`LrHLf(C*RzYU)orrK4e<}pvmsLH!ZY9^gu0F-i
zsmGAm;F#=I))^gE)`hTptK#BdzM_$z#=?^DX%Cqq$1;eCX_+^w1=|ujlAL$+FGeq_
z;L6#({(?u?y!UBY$mOQvdnmD7HRxA0L>PaZ`ZltX(d*duyYR7FD4x4I5vWu{+V7(n
z+wUWAYNTs4NG{pu-%W8X<=?GvMR*GS?t$bJV;$&|LDw1r!F0My8h_Z=N$0-lBAm)D
zvaOoxev7JIn?;mz$oRyqoojez#d31qQaZW2(t^Ml=5w=fw@UvQMqq&PHXw%;cFpUv
zNxqRz_id&ooQf#2rJ5QA8crvO%b0TbgO_rg+B#c~!nS*;T^3GvzZ&WT*Kk#0c2c!f
zc_KPBLKObRi6-UCRoJFWrnhXRcS3RygHM5`mFJ18;ZH5bABs(eBVF4K1~YBj2K@s;
zgD22N{Gzllo8feLdE^q@+mnKmWxe>-XOt`I@6)-634*wUF*;oq$|jL2ywb4Lp1*-m
zA1deq{0m<=vq$#AN?(AF+q0^{=8etCZq18Su}9A*uH!3w7dTF_bL6m9WZJkDX9VwP
zErvk@=M~sN0|L?&UIbb3bHYKs_8|FrWZv*}&M?otfbuG&yTf|AaCu=m$}m&OYD(i5
zE;>wOc_i9FBam=)iE64a2$EF91{6FExQ6B;aN0>Da^$X1EeHhKpcSLRN+&Jx!6jmi
zq=8Cej5sZPgf}TJDz{NpTjwlm9-G+^FqLCw;JnAm57^+6X*S@MQ2Nb;T>3OXH-Jf-
zh|aqf*$mXE)WPJKGkOLWpb8FjN<~@&0GfiMXCb1MAOWfnKpKp`czD2F@N>wYXa{>7
zHCt3b*2B9Y5gqCt=F;DnKA~p`qH{Cx;IjXWdXW0A!AM;ofG`QaNr+C71CjdbGm!%W
zm<)-0hUGX2gwjdVZF;{KnvT~DD)3A3Adj;XICGO*+ZOPa@&o7=Ry77+X==}lXJ3in
z2K@Axk5-TaFz0^oq3HFLRQ$HhpZ4xOpI3Zr)zKGrEY)Ojlud<xhv~k*Zl*UMr-lTV
z*L88e^epP^-<>l*L~FsXk<{g|@+TQwLuGvmc1lml$+uP5R`t#(4#0S7G4<LA4H?_7
z4GRl~ZjMY|QRa_K22sMYP_4=fPOAGnd(C%uY~rh*bqtd_^-ypxJt!Ug8Z0TV$M@je
zLA?g<JpLtMSv=$R>}D}UexKL7VQSf^bT!ermAl=++aKTLh6I@l4}4czds~H=6=Ym=
z^rmAuZNI?KK5O^U-@3SDz(nwawS`++UlE&=s1WhADNruhXqpizIKWLG*gORG@1ORA
z;CO+xy`PxGi{69`5rz4{(g)%_1N(h9^%(H7+j`f21HHg}zg&2xjNaRZxWWRqb^dT)
zQ$Ls4e0QD;Z>x5%__s>XU>p|8a6{1r!*X}WH(VMPicwNdhsy)hcn;XV`8}5-*oCJz
zJ2-d_7Ka2m6I0ORy*m;1e}DcG{!V))`j=MqFD*ClUz*}zHY47<jUHr3&~(grzQc8^
zBQ_dBE;~ce_j3)IDsi>nw8OzbrQxRu@BYa9*VY<0`JGnxla&gu+sNkoy0X~sfJ0lu
zcU!ICk{%b=Ejb3q#bN+NDqf@{dxbod=nrY)v8eOk=m?L6Y2$7?B#MNkJBQu)6A5Mh
zN(b`Z&Icz3ksB8Fv3&Z%3HuirG?-HB?M?i}_Og4N56>eZ@y)U5Hi?NnQ!qD41JTbH
zte}1ZBqCMzxye3igMBsD<!zl3138g|wkZcH?|<Pu<}^73{F-mEF$BG!9UQnFZi>)J
z;2*xN_Z}PWaJR%o#k;|`7js^$`Y`>xCo4aI0lN-WwXe}Vx*<hLiS@}>U&NRCJB5|4
z!#Au<R00kZ=;U_+AuPod#aLu(L`3E;N^GojvSX6HDz$+snL0w;^2Lia)z+M}-We$w
zd#s>@`7a}q0=GFCxsGVtk<%|%ElUFCQyHv88{1EJFWb|{I8DnuZw-%I)^*DUT^ly;
zWY6-O4yNFIO)e^)!<^P%8C|7z7S9Y6WN*_wYi(Yt`J&f;4|5zM>XR|nWs_(|<-*Q+
z-9=Mq1>L`OHz|K^6B~W(7VH>4%z4iqid}hm_-EPmWJ9*Uf7(s8o(WuC8GnLb=ML(n
zkd!HZ20K}=?5`#bMboskW?uvKS*U)OnJz8G3k$Epm2!Yia;$4`=BP%;k8Q%uBB>Vc
zuouppn|QQy6(0=bia0_Q>SXSBqir094nN&bL6=gkoA3U(?7+LNW4k^wtf({NV|`M>
zxyfOIc_HOCeV*a805kN9yk)$8N423gz6DtR)#Uop^b0FDp>Q$*U&nJjj}A|EHtrec
zr&K||<WK7}%&~JmZ{lWXGWyI6xaF@JI-+Xo&-xv`<&g)D7yLc@b^dsnHO*~(|KMh;
znC2@%pn!UPsq=qH>-Ou?6Wp3jGVm$LlqmEhO%eTZp83?K{-B$mOWC{d(5Gp@u72g2
zRrzT$qW^{nDRMF<qW^KWg;?GBiD%%Cxc$n0b5J-Jxxn@pBRC(^W*Et(>t`lJZ2HB3
z5VvAvE2cth6Id0urTa!a%L;S?m$jK;f3iPBhaLx?Zw^{^nl+l7{gnj1RVFw25l#4l
zy!fM{mdpgSyR4QV$26o6dRUai&^U|Djjnu1UcZXl(a<XVa`B&m=<C)eKQSkreJ_3a
zSdR3jpf|3hBKphU9n9oJ&|wh@vvh7!&5<Q4JL!q&j0AMXCGs~VU=p}p`^|qHq>l_Z
z9SwuCBGX3<Uegjj00^jEO;_?SN&F7qyQdV7p!-+mvNdE^b*KG2O+45ZmoIy40s|<N
z^7^<4yrK(wKO*s^@_G|jU<Kg~Qvi7)pHh}!emI><km&m)di4z1eli!@Asm1rL7I-3
zHlhO+uPbS{?5%wcWDz9d_EkHYHr}S)hiPjSGe(w_>VrI!M#aBA|M{Ucdsg|d{vL~E
zVW$67m<qCl&}_O{N4DP$%x|)wsS@f%jMv1NU}~D=FjuUP%tp;|<v;1aRCPNxp?%{q
z&+$&W?1gCI6x-e^lJQQ<Y5otlu{7B&u2CfK?yL5K(Y3CcVLS247bNBbf`7I0?UGUJ
zmu=XWPTY!{210|aqwAM+kJC^zA+w50aafA>0Hx!WEsYkqFen0VdC5L0%gydBsSRvC
zgQ>IB9HVC&-z%qN_BA^13CnDR5?1qt8;lpO1nVs5c1wuF4Lwh2@_0g{LB8fsWm)%l
z>Hed0_%0$JjY}b)INTVB_r*Vu_p5jBtV~QM?qxUZMK_a^8gs93>oz6L0#%eTc%OQY
zBgk^OQucLl&aV7c&LFMa<mni@pi;{k3P*UXEgb%J=(?iLumUI~eS1=*O_*jt)npq?
z3<ilRgcu@N>xuYQ-a_z~h7B*Z{ZQ{jh{FcGg-d*s&_GQJW?+DNTELac?;V{0tMws+
zbiCP4tnJ7RmMj9<$WT!_Rj=`gIzcnZ-_vyQ-<}`Kgse9YlAkPj$>91%Ntv>Qyfnoi
z@AHq>R)jb%-G*g=%(ycysi#;-37@*xE{M}B6#1jh%&XSvqiqlxnfb7-;y7O6QJIHf
z<J~^wKPCt>3pYnLB^NL!sGpu>KD`5Fws{JO>G+4+Lz<&KCp`OW@(5Zxu<ZjNO}-$Z
zou3opu4gcQbezPlhwR0pg_@X{F{T=|`Xkt-(p-?LQcedJ8(ey^Y$@8au;~@udrii;
z(uvw4ZnSGT(KH<bPP@N3NgQ2|YJ!ykv~eI$eqdHi58M41rR*RfH5mL}!lM)xAi4Jm
zL$!Ueir@vRC{w*Ik>-cFqjEkxDV?eCbOWT?r@zcu7MGc^W6dbFGIo2B8Sd)Je$U=c
zI5<h0S?MQs=#G+SNHa(epCvpOqfq_FF^oI|f^ugDRE~C=1{NR}ov2_bJCX8c@VgxY
zmaaJJGlrcjAtMi^R|I4v@;imTup!nK6fugCb*+U|6ottce!I+OjC9`BadGv(ah2%;
z|2$il213OI{+@D<BE~A7zvX)RC^`aN0NpPikYU+0d$u+6Kf1k>K37_{i~pPc1$>#Y
zawHgW(3l;?U?;2YI+bo);XB+hHWdj;fkwy8P*S$@Is@U__B6ygw3Rafu%eSML2-ly
z$ld75K|D1U9HphhTncO7Wj23|bBM^NZY0(l_>4jz)f6Alv*%CGzDt29IMZ%zc%urq
z0wvslO)6uX{4a9`rCqb-9hGlh8i&0Ex^!FgNxo8aT)Hg|hHz=zwF=QF8{;D|qp#$z
z_q6PUMFqR<Y7tzeg(yRj!bPEe{V!0r6%`ggPnb#1+<#zY=;w4`>;wwNb(}PCb2waL
z@V@d^5q%i^4@^L_zj+PkAP!hmJNd~})LRQ<dw&P3FMB6jD9d<6n$HWcY~W0mI4OnY
zM+vxK!Rc<1;-6qGksy3dbd-@@v+K)7nX|_Js{vcEdFRgiX`2q6*!~TY@6t9L2${p_
zsa);h{t#;q?{V@i!deV@CBBy+4fvI5*?BXfh3r>!yZ|rNR7k}Q6i!f6Zs6Ve*k0(X
zSCBRI8kWce5SKK5lZF?(@>--YYgz*#`;kP?MpIEz{lxf<InRoYKNWk6(=aQyfsoV3
zR5XAQu=LUN`q^%#G$cCqxVyppdN#roGg7P<gCI=8*Iwgfx^W%=u$l9)G`i2n9c3yw
zdfVek?!Fk;jHzHJ`{nxT7T)b&`&D%ssA<l3%4;QkUyKr5^YLeBYJN{a`uNjuHv5ch
zj828IBUh22o{825>FIeSqi0IHmxK#m?HcB}%-U9PJ$4n_PxuPWr7l5jF8xP9Q))QD
zDm1Xu1Tzxsk_L8;VA7WetJJ_Q6KpHNZfjuI3ATh_0UFco9fJLvV0AUHKr;E}60D&H
z1|C-Lu$$qq9}--hb^h(~+=U)3xyCUHKcjP@%a2>Ok~WRwk6UUHE-DCL1H#`rgwqPb
z>ws`jhj3g$7zqfwbqM<ugk(V2q(j)MAUpsFzvvK3IYNdM00>LjPuES{;OpI8@Dc?3
z%k?V#m&DwcrbG#8j&ts&pgVIb=P0j!QZB(6zHC;7#}<Ds=bY=7_uEXV#}qP;?6HB#
zvs~I{Q(V@W=r7*Duw6gFKP$Z7MN6SCdS45bGG@^a6bSqBA0XmOJ!g?{n=5tYe`QJ!
z^1m{qk{tfHpH!4X-RNhF@%HUAR_IQpblG$=JzC|-lrkeyaNnoud3GZy2FmKX1Ki$j
zKRdnxHPDk{43H?<_kJNdva*4fO@|k^Q(5J?VM4Ys=Ab*2cpf*Hf<!5p-e0f0!_5S)
zug{Z~B+6P+UP&0f3JFLVgcQ=}sYI@jah-?sDn_tli12Uj3AV#)jTB{G3}>|T#dM<U
zF)o=|rRQdn>>LF@**V7JqS+yE$uyC5>yl}vN_uYcN)&#VAy*=`<==ON;?e5wK~c$I
zl>}(3*fE{XlhK;<WQfI|19O-KtSGTDvy%k5L9nZy4L#?PTY|P*%LiK>MBpddJijMe
zVNmCjJ>m3wuuCr?|Db3}Ighb$=&@$Mc1Ud|QU@(?HrbihW-sg!VN6!_;EvQmI`6*+
z^$=ltH9dd<*rzK^kWy%shQt_QsEM1bnxQ^?@tXgJ%rzJ)%<pGUQ&U#$Q+|<xcZ{H0
zn~E|9vgTW4Bx;%uY*YoM8~ANLC8mUtv@rDKE)ht44vr~P@<r;^^infg>usjw9n$I-
zIR${gqBFx{T9Jfd2!nvJC&9Xg8#8w0HqK;p_rCWsg(1*ooXHu|YcGRSIte}dcu|P0
zeY#VRMzE`Jzj0?Es%i9%I-<Y5;Q!7}LVJZe>A@h{DX|OS`UbU|iQa63lhF0+B(i>J
zDcqD-PM`5x2QtOEwq<&o_F>4^(I81LL$a@?8~14cD!T4b^&=}9`46>f%QA9@I*0`2
z>xfsZW4wZIeg`NB$Vdu9JIC}wvdLV*S`1b?ic*!@M7KjA-HTX;NYdCLQT`)J;y7*8
zj{NM$A^z_ZJeVJ_s1N2g798IN_4xKF<7>AZLOo-@<Gq6ptcGw_Y5uq<t`z6xLd@&?
zg5X^(qfF;YMww;;!5K?T7i3lj3ds6vX8nc9w>Uvaw`UxQh6QX%qi=R}qfmKv5b2v%
zmA;AHty4@=rj?}3=DDEf0iSpF&JYc~M~f(!M|aRnG#;QcUWhpeZVW3^Iz=Y5TXgbd
zR=Q|7B0BppE#ev(<@fg|VHaAEo_?GZtiK0B@{)3_Lv;3H%HHgJl$q8ueed__EAm#(
zqJ;$;7TTN+>$Tmo6&Zs2A#Z!Im2%JB^mti-XFaP5z6Fi2a1r%M6vu4A_3IqeD16q-
zj|(~bM8kG@MWStdsRWs+J)qCQc9ULn({J|YsY>{B1nU4}5m2?=xfpFFOpVKF23E~@
z7ucVfyiNAcitOgT_D`<=$~B<I_?U;1VShL!QgA)YevrjI(EuviRYqYpZl)($H1tIc
zJUZOQ`Wc66_?vA}4UcAO_&unGcTnL2u8%$*t<%TPtMzegQLU7F(!&kwy*jyU=>OgH
z)<o9jf`g{FLAJ?T-=@?Z6mwRdDCb5iTYH_p!2i%z1p5S|DASt;cQ*>ftp$a-9k)AN
zX^u*%xYJD?1Ih{ZY>ap3l({=W{;!X#_k6)@{h7(+q%CSmq?IH~A}a2u5kuAwP{a@}
zeh|AD1l-{*ez}bdXC!_^WRv(oXybuFRY*st_(~uvtC2w7$&OO7G7xb;o#HEj$lq5X
zf%MDvCxOfi_a}iAgp)PVA{$Vc5+)l^Ap4jtev_$ScMus+wgjoSKCa3?0$^2oaPzbI
z?e&CJu#pYQmbcLybJpD!?N6SK-mQphr94B7-)1U&ALF{R;_QYyu;lX}G-{6RxL(fe
zI3t)z&?xsrL&nJ+EhCD%%8P_?wa`tle*Q{xoVOQ-9B-d2NE4>gfkiC5d_5i=@kc5C
z#=DT9WSRQZV#joxnk#<=JEbt8yB~%OE9%-6GuueX-F<cZXjm<AIJePS9$Xv(3^zoz
z!qXhb(i|70w^nL6?<bQYl}W)~vHjUS98GQU*RrErf3_lxUA6xivKq-$u)G!S|L#@o
z|L#8fzq@w-x3L>;ily$rG3#mn^X}N>?Jqiqf&y^FlOAn%z(Qw2g9wCTBW60P)oWv<
zSOK=1ez}q)NC7L!f|kzci)of|I#}fyKDx?B|6<&4!)?^-M||Mtxsm=@*v(rQtKRf{
z+D&sBqLE=4ZdU1!p?-6{+_)`k%|8Qz8~cU24V+D#+tGaSpMqC-$_<tV_CinQa36c3
zm6HPX9L7-S1P<BJfh>yF)fVN{JzpeKglvj_so~6u6m*i3l_aG$FMv@j^b@Q*<f+Oe
z0VTNN0kW7VZF}I19|`WOmhvWYrn2+BL^Pz1*2IrYuWA_i9pzy_{&wl1nv7uc#7K2(
zsiUi@e_&6!evqf7?aOOW{}{P`>D(NMMyay$L&_YqQs!WMO<Jfs(XTu-tDRiSlsRpx
zoTQgW;v~I7leGM*JW0!yNwVDUZ<1QwC&R<MwX=11;4vdUjC880P~BkHD>GH340h(S
zGalD*_8pmiF|v2fs4*kQj~F%~M_$Lk(s&jDvAisJ=?{XqYD}j%ckt<>pD>Cv5?3Pr
zb1#k*V=Bef*_nCG#)lj<i-wEhwc}#U4z>~Mi`V`VW7dg|9ZZm@E6VrdnfwkH-5on3
zX0i^9GEHFr&n&rU$|@1WmC%J3pC361D{cCmy3$dA!PqbpZlM}%qM@#dINpS%iYC0Z
zEHHrkbQF&VT8184tEs3A?B3v@g~QL8EriK5w*V3vZ+;jEM({H4DII%cW=}!-&`7%E
zO0G*P=IHu_w2C2#)oQeuAK^tsbq2kRH`!g+<k|PEf;8x_YyO+$*7r^CS?|&$NT$&2
z$K#<{9-9xMKnKw(mbwDRT!63((Q!`NZ)~R$Ok#(e?IB1T?o{}1pWN25T^UmK?Sp`H
zq^~~}e%w9YqZ$2#*{xUi^`867ct=78UuJ|@^YwKPJqhgt&5Y<JNS}O7dL|w0cJ9D6
z<vRti0qPHTCt2yZIse=xb5-X2YL0rXZpF6#4~J3vnwUx^{g0Mtj{HSq>BwiyC6O_g
z#L@C(<h=x9*0?%svF>t5%ICB5-w_blEPB={lQuljD8{cd6<X12n-~qd0CC3shTe9(
z4Z@^4{t#O*8wb;^2TK^f=#m^+QK*5neJVmwE{`|~-I*P1gsBIgva}<ho!Wb5cP>O~
zrm?X|pvM4`&Djt2(zyn1Q^0tC&Y}!rc_Pwi70L)Wo;<oIWSH8aI1u}JPTI8Oj8{4k
zK_g5jk=o0vSZmZxo=n1U2lnV}_NOT<Ok~@ow4$NNhSy~+vYwQf60z+*He1HHQKpG+
zAs-oK%HA|8*|cwSO2Ovr$7T8GQi^HqPMhI|t?e#b>G7aGc?tK_&#~AHzoj_`2B$e&
z*nZ)CcrGo*onl%sFxd9$#TQ31D%3lWJu`&~B%@N={+8m{nX{ZV5OjEEf&h(dVvXc9
zu^Y;1=araU<4HdR9~T=8@I`6I&u2U|<kDk7Y%dvzeS}V4343{vfo<362F5Bz7{YwX
zLnDT<cUgv<kZI#>_ridqali{y11?P|D9KLc>j}oY$!54<YrE4{`WKA1Uc;PLHpAvL
zr;UyG9$U<T6!w?x)eFF!)9UTao}N-D!XQgi9Gh}VV33tFXpkkW;+)nn7kOnMQ<`15
zY>>Y3z&KuD($cY|KI3gj;~jsi2aOjNJ1wL^Fz##^HxoYX&hKE|*}H!S%RjrL&G8~=
zb*1bmw>eTEiE8g6{F8Me4=}@BEn#H<zqdQr%)<@twnyC*S03}=|7MEu>rMIj%^>LK
zkgfDqkS*_)!R|OF=Is#r6?P35R}r2k&=$YlZc4piHypE@dR?%Uo(zJm)9n?AhT15i
z{mhZvO0bol2x9$sh;^xtBe@;)X(>n=3}&`D&ZNbk%O1l1Yj;%o*h@@i0X&P*i6*l#
z!gP;dvfz(<j1i!Mhp`!DtVnhUImEC_iNL|YmC9ILNw_^;%2}Jn_)0LCF#3;*6c9op
z`*$?*FOYbKE3DufSzDDkqv)8AnN-Tiv~Cbr3I_Nu`-^Sn7*i2rdb2_8M<vT)j3BMu
zag<Hl#UiT^vzcu*>FYOu!y)MzV?QQ3*5IE`>v@qaJ*Hva!CNby9e0(y3P(n2V_H-?
z-DW}1Mz6#l^>PSP0VefQ>2&LEu(jyNz{Xg}Y+Pd%QX9#v<AA_0Yr*_s%dV=gV*W+T
zm|pDI0gQjaA}`}N<v+~&BYi)D={gq5kDluQwdN5;tx>5mp>R>L8^aldIPoeR)12l2
zjPt7k9ma<gE2O>snR2s3_w1q!ULk`=%~hTAfm4}iv-YO<oQKn!o%J~lm@HgscDF<Q
zzT8;K+0^bSAmt1yRUi4KW;keI(}TxGYCSdzIegLM5khe*6_xfdDzP)W{y#l1?5^xS
zz1_!DFuI<=Bj|mO`sM6vY3ZkmNtsIxomMaLgZy$!CKnX=BIoGzIRAR>BT9{q3Rc<b
z<*a4Pw>8iq);}M~^XB{X=SQgG%73qW>|Eqa%$orR|G*%$ulUAOI-iYB8+R?EmovKy
zp3JcNrEWJPz#!2@KH0^>`Lt!&#$*fc>(TtZ%z+VX|MSbG{toi--h({NIYX-50p3<Q
z!0UeN{{YvW&2ju}_8#o&Q+k2#Dcx(-TtDYCo>$8G9CI+mNry6?R|m3RRv*fEUWvJ?
zL%EUaP<GFnt3IEsi~XNZTd(wx&*SkmIghRS^LUBxc|5S{^BCn1<vd>Fl|K$J`GbyT
zls|T6k5M1ZD1SUNRdqBsQ6J4O>gA90@BGUjmwwdBA61;gUHLg2|ATT47ysaM4x0=<
z_N(g7W5EQ=>9AOOJ4npC%}yW*&SQIFSBvgE77dd6JpL*N!s$2Qd2DkSTZ*Osz;XQP
z_t2f>j?lFSuxrUJ*?9he<2Z%=mmSCQ`AgB2bo`p`NnyJ-&ClU$nh9gus2she%F+AB
zvv84RBOSf$%q4z^^hz^aW(D4(mv4K}J@)@kNAN?+5xnXr`3R1f^?!8)*MGLEBRD6z
z%HuaD790e_dmAxUFZHI!LwEc0dc6A@oM4^xr`*h??uQtB62fCt@R`fp(SA<1nXkdo
zbxUMNSB^(}vJvPn8KjXvz31BlS?qi}bXj-4ahGFGQ#$4z)XJ~Qc^CWlMAYipc~>|o
zOn=rrJe<zD-|XzHdqs8DB`v|TuJsW*>kc&ach<cVARBF3yrPR)tm14kYR{&5LZTqO
z^?41>rpTe}Z2Hm9+2jdjXXTK2Y8|>7-I=dr&?+mWpHC?M%KsPLdD3>&ox8-5?)=PW
z8r^xq)2!oT{dD{)bbP^w|4YYj{QZB@@m1Tf<1ar#9bdRW)A8j`L8K_zni3&k51266
zp|T(HlqH&qto7r|a(dexrE)yqqw07*o1?_B7fb?H!BYm7D_fzlgu?kClCE%;AXl4x
zF6OGedp<gJOa-R19#8jWX!kP}1h5}2%SjYHZ_j{D7wfgCcZK*jEKKwkTH*a~EKKtj
z+O;BOa)oSAe?En6zt{?2nX~&<86go6I_d)1>L@1pa6q_r3w)wgnmOMKlg*r2GV!H(
zpVnZ_cNrpEjaR)?wej|s{%E}YFSZg=c}zCmDsCugTtk1x+v#e5nVtQgi5HAdgnsxv
z?)__T_Y{h|DRo5hI{fvZJN4jw`f!TUgD%R~t_J>k(9E|7tdfQ_j2Ko)aa+aw{B47(
zTmPjWwmyqmuRIE^Gh!F_ms^MXiKG2?;3rHuG8C%Ct6pZXUW3K7Gn03hKNcl0iR2a0
z`8b13R)>G|fhO^j+&JlMBctFbmwKCw+?wPV6d~FjT_aehx>KiyW2Zt68Hh5`#UmBU
zn4VF)1LcnOuA}N0r_6<RNSWrWuHx0o_jBr>@hAZac`G50h%jS-67X;W<R@oVCdM}m
zg!l%jQ(skRgOEm{4RLmX?!|dS8{Wdh5JDTaPG3unJv_Bq=S9Q6t$d*eD*gL$ehn6S
zpTUvH;z|S_WiXEm8%yxN3-RdFN2goeX1dS!e-WQPIFaJh<%>m>!p5hgpFKf>hTt2t
zlovou`n)`X5BLa<@exQ>jNtz)zWxKN-2Y>||CRdw|22qmjvIVlLJQ4&k_j3=Pf~|D
z&v*-FlT9{-IcJYM?Qusj)L1~BtwDWUi)tH35z$tuG%p+ks>GKtI_U#V*zmg)QrwPU
z|JA@gCRja!eWihYPO!7N^qQ{*wuoRm3HGxF_9MZT6Ktghwv1pO5v)W5TT8H42)0oJ
zD<#--1p7?`D<fD6!G71kwh%0eV1H;}I|vp+us=1hJp{Wj6=6p-umc3!L$JR!u%iT9
zMX=VIjBYJ-8Qm`IA+I#XqV?<v@2Kq2y`!SWX#qGpbvR-BR5(|AFq}I3d~vStqodR+
z?E!?-I)n=f!ZJWOu0v?LU)9Q7zzNu|%Sm=vKCmYO!n=ocImr}+et__X4k7C=8KDy(
zJolF`!sX*KLPJ3K=eRDlMx~74PJq-Jy3}hI6olUZ;kXWAz;zknTR`ZgOTG5;O_^4+
z0b$%tl$_S*fIKwP%RNT;yo$G9{%Rn6WzbRYO=SvV0AU*b>=F85f*^T5gstAA9{hcY
z{q2*m<huM}Wp_we!hX7*WM_j57?5i{{8Nl}&GoX*BTY=@R|}<)>@QbO!0rbByibU@
z%w3HG>Blzs5yXGMwslno&=1)AE;svu&m!WxiS)1{gMA1;e&>iFal4~=7a(|58oKm`
z5~eMk>p|h>Q(MSMPh3j_1UVet>iQCzz@yT!-aSr<Qvaqm>-<EHsMu4pSb_9R|46|F
z4}7?u4bYA~uZJ8~zd5~vbI@PeU#>VWB6jL21#y9b_(3{#bo;$A8r+BY0E$?->kJ#8
zyPw>7DFAwT5U8;m{#k4A4oqslj!o9DfZrO1HVXcE4*nSm|2#>FjM!gkJhmTVW@acM
zOnwgek^Lh1WI&X$t3UrfM4?%B3QfIL8Vgc&jJh}TlGrD0;JfAqEl~@=&gU}vmVN=H
z6@t$Mz>60yh=Qc|E#%tkM*#_-c#HOnoMHGtybF@6xFD0R`$<UXS1#>8=k~yVcd-Au
zK<#$-bSJp$xu?7Dg+UEbB_EV-eRRg-zTZvMazCZ2K096NpB4$Z3<ZUX)rd(Cq(usf
zr?Yo5h2nv2LyBiV+=1$~^hoy#k5U5SiWJH}z*P~}omRzy<}p0qhlOsb!;J|pa1Ni3
z!s}OmFo83S>^D-la7M}ULaAk>U(5sweNkrw2<8_T%^)R)b1CuK(L|IIgO#i+&UZ;h
z4C8|jMqjhf;M?0V?TSTC4RSa9t9|MAe{nOOAkim(fRfKfbUw){m>LaHpkZu(lZgL9
zFQak?SS$?6A%lqX3lU=KH-V;Y1`CH7tXqs$uZ5s+{_<`V^eqg#_)G&F9mI(C$si$L
zo$)NEzBh>sW74g&s*Mue4HPp=KXqgCT+Y{RnAEEm8O;xbs#9#p<IB{KFIXAh8;Phj
ztsr%4-7YrA+XSV<@ps%FqO7XJUEx~3%{kZtx&>xfSZ9(G3`tWP3j(EydIdrw@-}2D
zLra=i?a;oZd{cX4+0Z^wl1)8w53LPPQ{_5Qurx4{#(TP{dc1rtuW1&a(Qm$=55g$l
z4@Pb^oqP9WKTB*p*^j*Dszc7R(UR-iw5s>d^3LQ!q9-1rWpjA=ElstrFO|(!e^7M8
zO+_!K8$7dK$`o>99XFY>X_m~-G!}ZCWCvbOUB}V9-wp1THvE8rt_*D~IF360%-d}2
zAu$Y7+I2d6JKhINIW^dsYovnvcmW2<=5K|=rF=b+ZapL2Q2+aOMZI2p-*zKQl(hTp
z8tmH%A`oS0L>Ajk88$ZRMCZ(K>c@L6upb!AXR$elh1s1JxG-vqKb#W`@nfKYnTjL~
z;ceIa>7L{tPc#*k^N7!vETzYcHfMHFm{ip1rl+{QAm357vfkPqf7u)*(qbkzCC+-K
zfsh@W=qYDkr_@i3FV7ijcep6NircUHYVB7W6CL~9kKldOa%{5DxDm})25FR!f52iZ
zEFgOpv~rI1mkq&G@HkuLiSg%51$`iB-Z>rynZiSpH=|q0!!-1mgSz_&7%v|eZgb{P
zxNK%!43~{F1m`ryaM_NdwDGcWKJl_~x_J3Y?fvyMt2R=81N2M|euj)VZ%tu+E=+1u
zIIU+viOE)3>Is6d`KGMfd7c2s`6sYhi!-Gi#n~AFtfJGH4=}(QxP_WNj#J5wJ5p#v
zqfp#bnV_<|uoYctj$_iaJ2$-C#vXqzCxnqaIsRtOM%RaEgy<oRtCofAAgTDh7{)?2
z)Z`4>R7YOR_w%(}_bquXoAM=|Al~nK{%;BsW6A<y+S!D%gFMb15W}V1b<JTxzY;8M
zZeoPoIr4PRu*DpVISUDhBIy2liovw{SWw;`0j_>{W6!NdF@F6kZPT0`kFuo{&>-gz
zNML7w%nVVyn-V=6+`q$uIcsy)RW@_K=IW?)NI&3AF0WL;oz-Ba^j;{1zmgrNq=xbj
z)|SBjhV7UMStUk`Fho&VvyjO$<{++GHkhk1n=!Y&ySHxrrZ5pAGtOo>Wbd9G5tlt7
z&Cwn&nK;hi^%+`eU|ULa`~$Z#3LitkF*i;$9F<x<1;fo*g?PNoaWhcJs|?QhMO~O}
zG2?~T@u3iHnlsz|DaA{sMOBC^E4i1>7GGw{UuJ|!z9N?14pe#R#KNW)v6y@5Orqn0
z7=O|9#tb|KcZ#bOfI*r(O)S_2cD*<z<KhZR*aIV#{z3~aE4Mo$q_l#oHphk;P1t(3
zJ1Xpsi_+?h(`cNFODi~ww9F2H34J<=f0br933Ra)8vj7Ey$hlp=4zUrR3JKjQ(7;0
zjTOg~cw3wKuKNqTcXJ{w>ZGl-B9PDOHOT6aDaA0-!0n*X-bsYpTwopqUpLRc<TM^-
zGz}MJcGHrr?yFYDY(kOQbk@ypu8Q5<1BVZA8|A(-<2Pz%BYK&Q-Er0KIPFOnaoMNH
zE8g_hOZ-;R&gaR_omJ(|U3jx6-?@Q&=cdiB!6_sqMha;KC&2M}N;=4XfCKar`)^H7
zzUV-iTZHj8|9k@irG`dW(ikthTifHYnT?d2=*2L&kq}KXetdF-Xv*KoXCxc$3%6Um
zG(~V*L^w7e6AajIiAQkXeN?Hq^E%uU%linxD-tpwLN>0Md?7I}S4y9>wfG)^LPQHg
zodLc06%?tLNZzJs#z+;TbHU~r@37`_>SD*-?=W`z&PZUl_j}oG+j46q5~JJ-hD@Q1
zsY4@uJ(|BFjiiu{j0^wF8jc7++4A5|DctH!w`M)knp8QmrK(xJVUQ^v$G>^u^%~4_
zfR!fp&CE7}uTec`y2`ip=VK_=<!X(fPxtC6NIyKIwrsvMl`NaVWZ9fJm>WT(0X0v9
z+E0s`JeZ82!P43ZXar3dQGNc2XFOyq36{1z$kg9{__N241qp)m(d(x@t~a=9dN(56
z?#Y(A;~!V3Rwd3J?n?J58Q|&(`hAR2t0^CIPE=L%7p!L2CUrM*nt3(ui(H#as~1ys
z6`4IFy*|dBu42%u;VPc{1@}Zu3hR1btAS@Pc74RHD>Kx^?<<M;fyVAf$qu0?`f#<8
zlFTYanNXAtHXLA$?gtdR!>z7Ss+hNUK#O8PMnlH7fn%JLzU@H^tF%X?3bheKmEP__
zLjU047(vtCdB)4#$1r~7Jd^0zk(dZt^@9y@SEO&0-8hbN*Kg<Do+|W(46j-)dw1-N
z+uIzc*dfgC2RO4b?d&80&5ZRiErth&ACX?`Mw{oUhXwSKKq549?AY=)Ffni2^!3V}
z)lvbI?68X6oqXh5R>P)cH$C1O;1e6%ki)9RT*1hZz${VjLW>_f@*B>baTy0KnGT8i
zj1h2C(+WqSXp29S)0(m5oSyFg`sU-?5X_)(A2lHY=DLDkNIf}<$H$I<^hGC3`Oo9A
zaZ0M6z!v5c&=MP#dQY?YVBn{J^q{fh=Q=b+tVoQZ#k!zQjGXThbDqjt(cAyQsR7cH
zl<rRUo^R|>^e0pIlaD#Pd1ghSy0==We#J&9COwiZ1VxrZfWWlsI7Q@V=WkAD67{n`
z^bzcxieT@aMM+Y5zRkkW&w4O+bU8!Kj((kFMHds~U?+~WbiipOL&ve<D(zYG-Y4ec
z{DY~eHaI$ho|=Z~6-CEXR?Cy@fZQiN))4M`q=wlFnHJ~36maZJKQ5JbWrA1XR4e=H
z^0*8p{H9vj|3zDQDyp@Kv!+KtvQBh^DMa3)$RZ6P&d3aOzIQGXE>)2cHTgL~?rYeP
z@^g~rYmK{_9A+?Q*JC^<%;GkV;`uqve)DrS6v@hSmFMTosvy-P4Dxe^tMhZ3mHeEO
z>tT{j!!Y9SJU=I1l^>Qa=jYrvI^0iw&N%w?@YzKCG>r0dJ_w&i;HRO+3J#+DoWjI#
z`YFB6Ds(q;Q-`Ho_ysBjNFVpzzJXT&qotj!`>^5u45ZvIi3i=DxvKn_AH75qn8(iT
ze{L~c=VXiBIV~CzWwwPxnX#-sN{m?+7s>OfRF@Ca0yoFEaMKRhKM%M)s`jE(?dABi
z7o#NRd^%2*2(({Zq~N>%@6!GncPX?zh_wy=UrqiOjE8nyf@GVpJmc)nspdq}ir$#s
z0x}~dI(x%~6L8ep3m2l3)K)kp9pA5ige;_>%CoWz>GMbMMT6d$-~u20Ec`cRZo}uK
zV>V02-VXHd5MIWgP1U_*xdH%?lM5qp3WK^XqKn?SO8Uwywm#{`J>;nbYc)sR*@W_J
z&PAq70nCu(a)Cfu+~RD`CmB0|)X~!;EM({Vv=b%J1RS33a!+xRAU~19#V~SugU)9G
zqM*CoIW?Fvv@bprh*dx-&%qg%XT>T?con0Sw_-qT#0^eKHtgJ74d26mDK0JODbT<9
zwVxT?;HG%wuK<d<Dm@z>g)|UXrQ~LhoG{|K=OK)7RJk>L{75BP=!E)2fnx$$9Yw4H
zg4$9+)a*@pIlIJ?b40{MoYLh-Dlk<-oRX~)X^aW_cz(_-O}5G}VqrZj<|!tj9!G`r
z!y~FxoAb04_++~r9!m}l5z=H%c|?^abBX#peVWV%y&s;GdZ<6#<ntk1z)*d7p{w%Y
z9m%Nf=`o)VwMju&b)|$O$9z|7JO1wKCSQPs19T}$I&gsQwV8)FV3sc+CRkoX>e5Go
z<<+S!?Lp7IMjJ^#5La*EQs<Lds+5?feBdP9wweWN4}~0Tn5_ihn9YAS`%8$4DoHdf
z1&eP&Oy^e^EoV1Vf|4w4Ld+LlqTsnKQZRD6coSlRuY?`)xGS^d%)L^b2hjkZ5rpDk
z;u;DK$|`=AS6FnCOz_$?rb8$-sg+3^q6pSfN``=s^e};}U|awtLm1AVq>1w;Lud@P
zOE&ymznM7W)c2ppvyJd%NuueVI=1rOn#=N((zY<<?V=<>+MNqJ*;*oQb~yFcNoj+9
z<o?kQ(+$Eno|ZFQo0jwOASErQ-+Tc7Lw-(+S{RGd<^tJBxj>qrSyl;rYq}PFJa=B`
zDHO-?S&06}jWSc*K%H|diz}|VGMA=x64HDl`M0tZ|JHX?YfL9=45jDHz#t+gXY3-S
zp45d8Ww}j|zvcfX{;8#$pHqa1%Jk{j*U=a`6lU;~pA(*g##HMg7*Wu^iT9M9<AcKZ
z8q75V3vAL1WXE#Ol4E-(F`?B{UO_ohfm2z0E+t1K$(NGL%P7TCS(u-D$#<leqN4;&
zQ{RMYntJ9*s~~Myc+F2!{4#R)C#`pHiplZ8&|H1ioXwfST5@TxB7+o>wkbkBlVW!+
z=^;o7>--IoUqb$INspQg@uW1^6eZ~S!3j1W@)NJf5ZMAe>PZx&)N%0E2lB$aDtIAN
zY}3G0c~V-m!i?kb6Hi<fL)36Tws~Is47uY&4HAVk$8{+qTf+{=JQT?j8+*IC7rMD%
zY%RJO`2XI`vIW@9H|kS2f10f6=DJRi0=jS#5<O+)Co0Ps&h!Ky`={Uhr5h6+dwKp+
z2#+q4{Y9d$zliZ|k^Dv2)_Jyd#P0M8y{X{WTadqW8SW`l!B6a$t1I2TyEUMC`_UC1
zlx&flVNrq$^OqEczR{U&vIBk8n&FotNRi1RweUYlq{C!MO@^YO>b(K<KB*>xtQAF&
zO(j@+4eWk`Jx#C<8dxO39wS(^2G)^a4-hO?1B)S8U4lKTfpsI8JDuJq)xf$F?014C
zYhYG_{Y)^M29`pw4++*!1M6c@CpZP(RA#+ja81+YFKxhI8O@S{o3kmnrF*9|P(e7=
zj3HdsA<X5W=aEtwAiSyzJ)f;0d<h6I=@4cq2>F2UFC9Xzf-oEq#^?~T6og)Y@SF}|
zq=L{E5C-cIp5h3jB>@on>JZ|u$!qm!C<KOG!)K;q&brn!;<_F*cq4k~bxnL%YEWB9
zl6uO8_h7(2ch2>_AjrW^pq5FWy+zMIZN3~$(ORdZ)@><fpoog(-EPW<mFcPj|FrN%
z8i~@K=9DE1gKQEz&<|)*>dJpCfFF_k2fkF*qC*AWLT2`tb-95Qr!T@u8n;LvvA?YO
zXLH(t0G6eDe}eM6{_$XiCoTS3&N=9AUDjQ7j@T^e30|8hJ>8swcmBQ<Ex0q$7%K}G
zPgEmZxLc~mpJPHJr^5VNN*gVay#AZbsQx^t-%FVjym&k-*2L4u?*(1rp(bJSqd_F;
zwrqov?t~j47lk~zBuS8kT<}S3Kj^Oh<sf5PO<oTAu!*0SgYIubbHDmxv`~e8)k21g
zZ$^79U4^MA--V%kmuhDJ4`=_6p8cd%bo6IB;P2=tl47sJT1!e7ozsFT*L^<_x>ug(
zo<|VXK(K_z5M$1|J1h3XG)GUHqc@W}*@<Nq!KgYN1k+RyOryp4ji$mNj3%EMm*mXu
zY?Ri9nT0gNIk={lkE%Zt27}X>kQki??$w+hN!*2yBwN&Wah2QwTl{uYKExTMIWF5u
zZy70Jz+YnCPN7d>%eIP}v91`uTQsE}up9moO}!3?1qV&}9-JU{kg`*=^psJmOaPNj
zDMY?t&T4J^1Mg25^d~&K5e$$GE-cv9+T-DYPfj#)unv}iPdMC^p8)CzTQa3L1I4_X
z27E&ZeX?Q7%}J9O{~PPrPSLQRb!;bkL7PUH^0x{q7woeMc#ks8k#LB~%y4PKJfo5P
zO3Fp)k?!ntD>#@PjPJ#@ixm168oT1Wz&lKK$8&716T@I!wnF0un`0~c8SWZ&$K#3F
zY%4us?B_^m+sBdIHkefoqPTfRQ$+e5-}t#G?R)gJ2fS+qs6_>5v+5c~z;2$>4m6&I
z5q%1cF`zQoKuWQJlp>b?Z4?b#Y-|<9xo)vz8oalv?wjWHV1sw{CVRF;V^Qq!>9_<z
za*W5Q+xOt_SJ>a~I&LE*Nrogm<at34ZB8hseH{E~0j9Sl=b{DaU<Bps;*ji<(&mUr
z^lQGuz;n4R@BNXqC7d%YBpofp&!(AC6?@wCKKuFfdM591{E@!+*(&@XX;cIm{anvP
zL~8HX>g;zm$5q*W$8?clqMV%;(q2<`TCl2tp^D6IlhJy2<pHwZk)3XGhIHZqZ+2QU
zH{Rig@QM@|@7`NL#=Bsx@eU?IG!--s75tm_8X*8K1x*u8MSZQ@w<{K=V6Ny4-0^mL
z2kI(B)7|&aEq=*QUCp7UWRVd;CARZSz_W4(0Iz&t8l><I>iE1B!VT9^jgEu}8)H6&
zp`}-llZJeU!G<S1R-t$(jY|?v-J%BoO!?p+OJii@GIcn}#L==1BpjA#mmmDvKr%6*
zr2Jfs#s>27q9inagcpM?aTVoTzGidmkX{(whTkhB`^Wu}q`AsbU(k*%J{3)yz{E`X
zVMcn@p}dr|>QXZ_p6*ToQf2zf5dOgZbWLcktQMn3iq-4v9|nH$((8ftc$ew*;y~Hf
zMb9SL*=T^5E2#ncIE|9snThsI29G@iPS)5WQqx9*ns&derWr|1Tg@<dt|-XA?N33w
z(l!dI36(puFfU{{zJIow^g(Fo*dIxPw0O0@hU!p5#eXDK*AQsxc7vRs7q2v*W8!!K
zdQ})9hKc>05t6)N4k;UkUfZ6Wt^@#=qckxYQ;CC9Mk)&T?w0fNE;$K%2ELVE_?-3%
z<rl|xaUGcoFoIugJA@uVp-c?6yuxPXW(e7XDZ?kd4h)(aOp5nza5I6&hJ}nNX6ky*
zDDwD6b7yxr+K+seggKlkmW|~P>9Lqz@OA3Y>+(i`<pO;{%J^;uI4NkRj!3)FCWx*h
zt8WtHS$H6lp~qw<?NqC2!b(|Xl)Dl-J1>Efs{ASS9jVzHL)%2+nVE$?%(&ZNgo5S4
z*v@E(Lt*-$`#yS!qO^XLFxTcOgI7D#;xC)>k1>TXX;#7`Las}626A#|A7*0G;Uo}~
zOzKPNW$slPQK`uNEkj(E<mV#or&yTmElgsCZ(`v9Z(+Jtig(<mn>RoUsTu34YpO1L
z<#E7qT#~NU15xaVYnKjV569TUF*dT_HpaIk<Hu&SWfmi|4>C;=8EG-vdJb9YuFnN!
zK4kR`D+Q<n1N`xCg#o^PR|fd-x3y(}uVa%zsW+^g4=VNrX#Dx%nu(s=iZekU%OPz6
zZa%a?^>I{vNP{^k)H@}*Y2xr2?1K8O;2o*dXj}JGiz$CYATn0BP07br#b>))dig11
zrJP^0YC5D^#L`NmJzg@sK7|KER=IC&cw>N=DTBvOS;%<Y?Ai46jYY%b_|rFo7FNsS
zfSG>Nl6ag5$#0mZXJbMr<0WzGhT6|!Tzlq{3O@~Tu5FxkSFZh-x}iSK<T%Y(hOTC;
zWPXvqCK^!_kFK`ft%*bTMJWfpMRX1U79A(E=(P%qUa4ZyC9tC+?(?!}eB8LneO?y5
zL&Ks`Kix1tQ0uD!M%<Tk=Mvw-)!n^ZlMOXw)+#pCd!AIdrkwR134=Y>KPZH(GZR?n
zydVA#S!db|g>{-UHE#>GZ9zLKIt?^<5n1O5Sln<`nzPPudWG-xpeWg&E%VQ7ru_57
zKfCJr=O;b=@XuvF{Bt2g%<kzY-|sLi?C34*pk;C|@yCTSr3xeClVf#xu3l6SwgJMk
zcYq1XaT1j%DtX*VJl>~@{Tz6&dOw%Tvqw%32(w*cR0&4mAQ)M+f)RLS`WJSbX)FE5
z*v~n_qHKiK)7f5Y@_jXXZQk^|?zP=v-n}L#(6$))8agU9{fPu6Xm7<9#zgXd^4A_0
zl-}QRS3&84N{c|kq`dGO1qw<NYu-!|q$RPp{4_!S_Slc!OsTes!q{mOMImOFG`4<}
zQf)`b_&KDyYU^LFmSuq7gQ{&(--lj|KUu;|MHv}#W6~wo*r9Lzk%{{k$}Z^|gGWN3
zx!7$_z%d$HG(qGKg~*SDti-hdFNMsl=jC0&z`G!@JI!!LW?%Ca_BBt%z7_yG8rjUt
zzA#Pfpk`k7wM4_d;9DtZ9<i@))Dk9J8m595IS*T)=3!8XkL0R&SS2J`OB<;0u#Z(d
zj8c^sCUnsAvBD7$@6Oiex0o}%!~e#_)RF+B>d@IJDYUw171A7kNvTh37+FRr$$-%)
z1NOf~_d~RdERy)aFG7@7UslV5=WhZ(n;t6&j4WP;b_m}8iq|o;jqb%7hPK>2pCNt`
z??)hfJKm2#_!1WO^A@K0T(iEV5(tA>zg=@~`7*jLn9%QtbkbuHT<vvyFp7iA0o?Kq
znUAU#nCi?+;sTQ_gY|q$7MM_vuSRP6qe-MteeKInCi2?5^4gCLsew2)4J)1&EcKd$
zR~d#>-^v?Ht-O^vyp@-0(n{!EyPxv2TyYa#aod_yytXk^oFr0$LRAKmga4r2;r)-3
zgyMPzs?k&i=37F(+d!j7%KdqS_vf9A8uX_l^+)c7mGUr}pcj1qOOB0hj}33tmDn)%
zd6HR-PYN^T12aj17e3mJ+?d4W0n+|+gVjp<yhZHnfyWzKD;u~KwNsLlz&3Ct?BT#a
z)pi`lo?wCH+-rmPBUppZzA7uk)Q{Yq*^Wu=R;}@R18wmGw=9BtB@ARoOdA}~rkFPB
zF^?n4-}ez4^R7S|^ZOgTlqZi>_0+#1$&2|gpSvbc)`0pynE7JPc?+*0b*sLWO{e8n
zV))#AKlqG?v6O1RN>ILff`2u2a1Hv_*nGDwFixp>Ag{P}O)6ex(k!`LtR-arhm8DO
zY?hj>ci)9Kg*+!OcUd|8{D~U0-9yzjk4&-Qi<2QEQhEx-vAnJi*17S@%zrz#xeE<)
z{v-E8Rw`T6q#w&0`HT2qYkG1QKj+1>UHoL?vURCG6W1rF<tI1yUuW$8?bE)e!TSor
z3P5;Whp^_fEH-}t2#eWIcYAk)`+j%0yS3u*0)0Fu$90qq-yJL)%lRb+kQ2(P(~`dr
zp#cA!{n6|^6BLIdn3ARFEOIzz?3W#m?y0IqvnNUu_~+dSLvC`Yq3R}G?Z7K(_j)BW
z-H-A{K?HJl;y*xaqPG?C1;(yM@^)?A7cKV@^~jb+`HjZ=Z=S{8F7jfa<~VlZ4G&=m
z9AmbO0k_E9H>hy3w=mq@K%Hb_RUkEyDgDZEQ@u@~{je@?B2)T=W3=0+IAk-)A(^9o
z{Bg9@wP7Uh_gMbP#l6ZWNZl5and4+iy*bYIy{ewa@WNHz!f>f2FI=cDtji1M>{Yu8
z>Ata?FTm#5OL6h5?W(x=eNu<RHy|e7Y%3fVCYF~{7*A=K&Cx$B%`r9H=IkGQHPH~9
zJydiKu!se_vYVoNQh7M|rokw<n=znSTfY8QAZ}bU-Y;>JGNbX6c2ngLD2&~bp8z6f
zXRuX6MfjM{>aXg9b+;`Ad6=b#9>pM!A39fiFnvv4)x@jpVET{jT4KG}VW33(qxY~y
ztmLZ<`nE6k{iJGA92kIIBv;?kp>%%#|B3}1xWVh^0<Gbx$U$<Y{aK}n5)b~(X&~KK
zA8&7&pN8uHd5EeXP+2(1<M<b=el@RtKxM(MnY(Zx;GuGqOOv1t$d^!0u0R(*j<LRU
z<wk3?i{q?S{qEh=Fwr?P*yikKPILAPhxpAndOj}dEhZ@xhBSYcIBy)vkI?dx6be&K
zb500PG_6QsN>p;h&_rhndX7*Nu@&Z^KdW6m+Eb%hL59@49)_Z)WWono__mf3guZ1|
zpq~KR_c({i)Rex9hWXyXF}to>4dJGLuVaM%j--o#6N!}E;?;GZ8OTZ+2YtSkti))6
zV4vokQl&}tnl#ht=M6x6L@ww~s56<9BXWJMszb*oaC53+31SU{Tglu{V^M7zOyQ9t
zhDUxX@VIxp5#$Yz#0^+pCPztzyYKbUpOkpXB;R;RraK)I3$9kZT-Ske^57+l+<^Nh
z9(QPuNcTB7vg_gj3M)!`fIi&Oj|Hh!$LcLeG0OAQi!ZX1?tY!-)Lubw0zz|Cq}EfK
zAjg;+{GLjiE5zr%-l;^$+`4TM2pGVDZ|?Nvv)|N-<Tytz6V9le3iphYHuJ&(tZ;5j
z$@(hut%%O4!S+Ik5TRr%lIcOXaGn5G{h}{W$~nA51gpL{HbIax_d}dWv;X?Zp<-HD
z7ckU`RQ5brExXwcBx){=zQ7pUIwg_H^;^Uk-r2$W?;9V|G(vPdA{Gv#o2sekmkt)o
zQ!%NCefSI`7$avl1gkq(CC_29rtFBYK7|SJ__iRexi3=Xn$KYWPdAHE2iQq4qXAE!
zGPi{)Ord)a1xp9p9sh#=oBI|T?@*Wm8$X!@9rUyv<P~st)5a4e8?Jaa7u+4TGolSo
z<nP+87af~Sg?+G-p!|SYsW2f9@0^80u;WeXyS;%zqGJPe#k>~&Ec;c2aa?Kv<Jg#z
zf5Maxi5U{}?gW|ghZyj$x~BXn`YYH}Fb*}0b8KXe(+~t9Rc>Pv4R9ogS9aWyR<3~y
z{p{;+Sv`4`b+c#WRkH6&xq$kSWD@wpxR3v8g|??s+xZ7g`CX}UyW^7Gah2Eq4WtO`
zLiJO(_6Tyfz7*tcof3Syb<YRvGYBi7MjBHiB3!dlRla6vfZ*DzV4b<wFIH?5hP6b&
zD)W!kInN-t-t_IqkdFcc_f$<$ohMk)2u)F!>juF+KvNX`3oGiWDN38fiaKbDUS>1n
z4)dkivcKqkOPezVdgDnCXEP0#z|A5?Bsq@2F=LkSwQ&f2VXOdig`4s}!bj-fR+j5+
z{!U)7K31i7p9DcVY&-37H*+_2H+GxhKAXF~R|K~~d*`IS0d%W2STd}<fl5uiZPB!2
zx)a}z3ZVFu3tO>V>2WZ9_S*{jY}Z!)8Fe<h4)xKy8xVUw$6n~g4wl~Fg>$y*<Ub8R
z2m?{VIfLz+E_id{Bv$*NSRR1fz&Y7$?>;#!JH+OANX$zz2fG#`LQ*h9Q`w@*d@@rU
zgag%a%~t9OwB>mWc1I<>=h86_V#`Zi3Ep5RyD5d~1eJDEFBjZPewOXpv&deCHpd94
zzK)K!Fi0sO0t29UfKs<+r#(E+gp&FFfB@ti&i<YZyycAOND7m0l=A6Ii8-OFaORKh
zHH<?)8rV~i3R|m#i8JD?f^y9iq#UVlbGl}_u`?4i3wu=bW{Y5d>S@m?zwtg981J*q
z=C}+ZS7FePiK;-nVP=gGmTD#r%!KSz3(lvbf3)cMU0Spg1n}N*xWZ3L<4(X_o`M$+
z90#PsJp*B}NCi7VRf8v_*_ju2!bCDMn8mH4V;xD{|GLU>3wxx_6!{fDsm;GDJdAc>
zHfJL+ueViuJ?N?NYU1`OY1jOtddb~X@MkD`(4^Lk+2Xy<Q_>ggPfUpbbM!$`pul7%
zi$Pwt1ys-xx!*#34#DnNjNZN!Q_)B}W6LYSuJ(&bK;ylHyH|9ai@7S*b6Gg&W+eXe
z2uxY*x+54|bUv+cWEfKGv~;{ntYCZfHg#}NC^bZ(Q_~@!^A2P!u`-GC`fM<pciIM3
z0G%qN6>}J!d}tJmG#XzM8s#4GM<c1JPt!C@)2MZuxAp7u^sP6ldFwY0`)mDm-`1t2
z)bP>6O2e6R^$j<udBd;zZ8%D97#3$RHT?)Ro#k!1-Fy0`Lu%f19luTg)&%ow%?v=E
z8AaONTb4vzmtoRRD+2|^+2i;(_sC3-NGCN_cIEu`ZUl7pjHid(+1z()(OJls49hyL
za6H@;(e^xDvLCW=i<i3R9iiv!T;R_vg05r)Pg4Re-^KXCi4DGo*AE=aBElgjV(Co~
zed%==0A>ILEMC&r48rPQ>JwCwuIzzAs-7(gx)KMEPD_ujM7DAMpjBoY^UmG&B(q_3
zM0HC$?t5y^I-Wb|Z<3yAO#U#@H!?Ak1FXJ);SAthOHan!E@ymXBkS&a-tMk?zpDLH
zWjAA&*X;!l<5=_0!W#$!)jq^dpk;ykaKKrM04b&%a+{O9ZSKjsrfbt&U7K=av11^0
zSYha$0qQnm<TekVv2c$0_)j2Y)@5QPn9K`%JmzhD_B;9k*RR>U#GZ=jEubk?n#7u7
z_5N@`srS4?Ki}astapx5Zwso|;jQ<ZiM1q_s@`Z;&1zV5(mHNK3N{txYIgXd2ziJ9
zzN|(&TzVUJc#q0Il^&MGUf1=|RMVB7E=}F<Z&Sb4SlQGNlc;QJxX5qkHdshB;^h1J
z!Zq5@7_;l-Tlo+a^0*k&3ajce|5|>9o@z&KtJ>8gfE0zXv3slv>gt9l;eh(@45o<t
z@(s{c8)H>$Xck73%lj3Ytoux%Ni&%yO%$3i*5_x-PuS;g%l~u_?QGqx>SY|Di&9>}
z0lEYPuoQew7j~jYzKUC<uebA8y68J^x=ZJO+Uu|L^LbZLlHdj*x?;gv{BxhuVji`~
z-?%Xqbii<x@ug;07o)#EPo9N+9__8+r^5evTSNCR?(x_CiEPxs#5Sx81P53f`F0R^
zx?xDtv@5j0pwQif=W$>nYnaFbwRD4CzE|n;owwvJ=QO|`Ig?AxZhyU3RhzuiEC(jg
zMwNpj=pK}IuO>JnFylmeIBj+hENBc=ck+erz;Fnjq3o3~cz;c<CLQn3Ts;e!1aj(9
z>ZCS&lE9Xij(G&wgk-|IdYH;H(^fdsOTDy4H2LR!*Wo}8*x?I!qLFU0N$$&=f%83S
zk3zh6#wu*Fg`O=I=2SJ&_5ScT(Ul>BfA;8XBeTaPKh}snZgwDh{PPc`r(Z{3*Y(tN
z*Pf<J!*=`Qi?4^&jxYXs(GOqTaIq@B$ORpLOtJruDC(HJBRf1_KQb?q%i9=M1+OUB
z<!=t+LaN|r-9!BIv-}2-N_`Y&RWX)wl9mF4g2%2>B=2l3R`$pa-5v>>&G$$<n(@bX
ztM<qad5@%#)zVu5?vDAF{`cMSNy92O!RHP6S`?kR5I-Du|Br$*8mZ?@50=Ds_X)Fd
zA!A$DI?7Vmp<W7q@TIWdXDMtyPfOvLpjry6&g++gB&e3c4nIpF`FmUn{dOr!;rLhj
zrO;Sj3Se`$J4X0h3NP>Qw-h#U+8pzx%@z*W?+eHbMg|eRL+R16H!J8!>59*S)@7|+
zFuPl^j$PpL?FApsdcmya)^HUamPi0Cj3>HV6?V&-I_YgHXw<c;nlj(5sdQRva;_R>
zT|$Uvx^&;`5rTXp-bCGKxznnIqfvw#&kMxm5x!EfKAz_W{HNz>rPha+X)x`cMOmy$
zNLwjBX^dask|j*ds*SEAx2oB?b!b|mk;z!&Ohw-~iAsrE6e@LoRXL&W(<;ocMA+Dg
z5h}8NR40(WLL2v%WqnvXa-1T{`)7|?G|ht67&dDqG|g(2O!=6~4Y+v((eBsZXm7(o
ze0)HH+_Tu%{4JH{Fn>mQ{%nP?BD^!_bNm7WxrZ8=`J2o@s+iQ?`4OCkd}b-2Jftyx
zNcVTW$)3h*Co<|BpGX)uPGqOMO(gF+p=-r6qrchw+=x>b)l`|fh~d}#NGkW~&Rv;E
zJFD19ZHPj1wp%rV%PbvJ&U=kB<q-O!|8^Bqo~2{Tas|kg>sI{lOaP=nTfcdIAT8us
zzLeTTdgQCmrpPqOs&`AboDKTr?4yw-Ct-YVmm{d=-6&T`+}2xN3w?F|8EEX)URc{d
zhb>+yTa$PRhV$x%44*(ARFO*rvmh3fnDSS_Q!QBZy+CP|3r5lPn@<^p^)hCw(#wO9
z*Q;9yrkXAUKCSaMX%~Y2bbfgjUkHuqi-TMIoz6s`h1$c}<5t$eh`X%=biPlI@KWw-
zu>aFJ|HJE;l4DFG%oZU9tFuL%fRFNeq!G-e$t3X)Sf<KT=-!OuMIo^)xl@?n!Z4@2
z9xdpT1Da3vQeuibAqYFJfgK^(ae|%Jz)ljZj9?cvunK}LBG?TL>?*<DCRkm~Q&E8d
z2%AJOlLpp+V1o(PTmx%Duty2@cOXbCsg;GIC(+TLjUo`CEeU!mQ2piK1QQ5$Mgx-w
zcA_D|E@)t93ATw~SAAN%K+r`5y`lN?D#6|+m`4M<Nw7%-GaA(}!RY&pR%?l(p>YXc
zW74jxq2%kdZ|zdy>_!}yE@6in=SRR9rNh~##&H798XZo=X%)^3fYaC~o=!Hrn&vF!
zadl>?Cm?>I3%r}|R#nylaK^fQasH*oxw@0#4AbF^Qse9boI!5f3?U7W$Tu|$=^8Dh
z3-u8e=rgT%2)dh~^)*vhho)`?!5V8|jR^K1g0;}Vnh|U!!S2_<S`%zI!6G%V2MCr*
zu#Os-g<u^B7Ndc6BAAI_-88U=33jO-!n$i<j}UAh!K@ls0>Rc0Ow_=V3HB+$(lszU
z!SV=};Y01m2|ALX!!%z$&3>)Kc}_HyrdF~8X3o|tw4&-tXMSh1{EIGmPN{;h1rV0%
z5HhaG2#Wy0cFh+dO+jz~LQnS7rxWe@6KkUM0$?=PJ+anWLFf$#CLO}hmGZ`D2M7yw
z2-7dA7PJ9y#$Lh&oe+$KdP=jP2h)-bC)o2E*t5Ea`KFvz)&1pmR`-arx-rhFP+h{9
z1xT;xUbxLy;|v9yNjjXDDpZZd0nQ6Lob76yrhv0nhm)YNl1tkdLMI(7>2gj+*aZj?
z=X6<<+=P%W{R9Y?bv4{PEhEeYgflvXOA5k7Kscd8a4QJ?0O61hVe~oGNFM~8!Mc7v
zqsFNNIDK_Em(@)8_*RB<{IqTgPoGmw&o6+qUsuslHO@zXvrUInd|uU94&W?4uUpV+
zoB@FI*?C;AZv{ah)kBF)GoU?hkI)6B%{lMwgsahQ)j-%sFp}b{s$O2&0zF_Q?pPPR
zdFlEco&RMNn3}WCBDe$bC(pjLyVnhm3m*7%PjxNyqNYoW{yMAVXmULZH4RYJ<bJ?4
z#ell4Ty+bmI>;TvE2sH^vS5s|=EaynY8bQ$>Bd}`su}`RJg%G24rDo_N8(PvKTXsf
zx|eqdt603(qR6qX68Pt5fxkHC!UyQUZh<u^-~V}xzDGJ1!avL4A9(NFEq4z|xC9ZI
zM(G~wdPm?-58~4Rm=9k?J-1C6{(XB@lm+jl^itvtkNZiC={@HTclVJy;%@4$?@n;n
zamTp>++CFl4(wqSSlkb|8!0rt-yQ01!h?dhY(0yyGmn28E%yNJ;$Q5csJibsyvw%`
zH0&EsQy8?S4aR)fom0axt`lC{vpZ*+?amj%v{9Y5@)9|!)8uX<zhB~w=S)}PIU7b`
z%y7JveJrh@r0V$Kbr8+R)RJ<D!W+2RqBH?9MDB$mW(VkR@d@qx=x}?%Ct#+E{8BK!
zgRQmWTlD|e_$F<-%lHhN#JrM99xc7>P<x!d#fS8RRmU6p#(QewdsgBt28gGIls<On
z#AqJ&oF6gYfR;-%&>AS8&jR$r^Z4gOw2i)@vJ9!|A&VRWogcA;C-j+z_47dJb@BWP
zsjmuLU?N3sfiK`y6I4EdshT17Vymz^mJBSA=s741LbXT98HHhcRTcJpN}Bzw_x`&&
z?%4{OsR-Jp)i>z5dq2D&dTWI)l>`vId0S23v*loW0XmcBoB;$(MFLJo0;U21a}AUV
zd=?UGYB~fwoj5=QoK0mJ((VIDz*HpQTu#7TnSdu50bh+H0?ziO(**9UndJ)@i_V&m
zlwTO}>|Ww+YE}#4^?jz+#Jgih;{96Wmv{%-Xo%<jlZXdxJ@ylXTWx^#-SwS7f#_M(
z-;Qwt4eAL({$^AD*VstNFKgML7J3JDDO3rBe^r1$_z6`8!k?3-3{{eq)^JP@(wN-K
z{f?=Qc1+E2Of#Y(S#vt{L|GL>y{jUF$G&9pRl&Huw0%FViqZ0__+`IpRb=s1ks+^&
z3brc7b)!`=T08mR4@fr^7`S65(|2hYLy(Fsfr`)bQ7mZ+>taH%ii}m0u*=i6CE=+)
zNWyQH`6c1{RvHriv9CSOp=M7dc&Qhsi5w#8&E2OC7-H0$xlcvCbWXiEHT62h2KtNE
z;neHGeHprtoo)@0dWmZo^_KDhOlndK>RlO9Tk3slL+XwF*)R19T572G!CpVqYw4w4
z7^hyiih2XNWMq-4m$+9&y=YFoFg5kgbs_3me5p4cs5i0!Q7_z=dZQa4^@>(A>ScI$
za7^P`?BHb?wI$$a5eXQz)Gq;(@6!<Qi9PKF8_y2p<J}uuk9+qDRtHm*XqekXcG_=w
zL0u?dOzdbnS!v&)#Q3dY!1KKWw%$_<KD_?PTJzy4sW{?Ce)2owfh{y69{z`)LkyzJ
z`I4cmevA408+3@Z`Gb~Bu)Jg%{h?Yi>a>2!A+|QgZ(2W7L0`UFbiU<&v|47YV#IsG
zOT0jHEr|E};93(ezBdx@#*co97kaOTc<p!lA>JV`@%D4#9TU97JHCsECkdQ*J9nvw
zM-ds6-%TOj%xIrHZ!(Q~^9N0i`2uY9k$8Q7N)%Rq<t1KOqgoKp_C&3TcPkl*_sb7{
ziMPMGhIp=>eu%f$OT3kwcqJ<0eYul}w@D`6zjvyLw}TUJrJ8uXI{Rc`l4+D!kBC>|
z3rMbq#9O|E5pRf>c#aT-PpvfG?aE!lL4L2?RYSXyB&6M|-}|NA{AO(g*TY5<g(w?K
z$Vw)qu720sL8+nALCP~Zs>%+YlEyt=>)CBhJv_SDZx3&TYG${=4w8kS7s~9;_s*{R
zog8^~%YWzEg*>}OzpG|<37_40>e(I9$tOXL@>GeDYZtzNM=@+Iq!AD=-Alah8q{KI
zJT$P@#QQ4|iTC+;eu?)>Qw{O9Z`W;&<cR4=x#Wmk)G1VCo4cLs6f)UnZddCR*#026
z?a65t-H|I4zNDF4m5&wk%@u~+{+{iK&%897TE7-FyOCaNntg9YnoU^bmu8M88k&8)
z%@56na++npduEw3!G>+4%ax;%S_8Hz)Y9DI1yTid@OO)M4S&cbQ&U<RfJAy3h&0Gc
zq=EH(#GC5a#-9GQWgCvikVbvJ^-H6XjWslyvb8;UomU!sZ@+fEzyz|KKHdwOHdfdM
z3kQ1(pJ0XcvG93s;d89;%6TZ9;4OSnYmy8-FJFVrUttkkb#w;L5Cvg4Al%VeO`Bej
z5qbea&;?(Fh6+MkK)6lz(xK2XQ$a6{H?=2uQ>_F`)4*&5iy&Br1~!Ob!329o0~<oH
zGv^TYyax6x!FCYrMGb5W!Ilv$R|Cr?*gS&0qJh0cu;~PQO#_=juuOuzp@HQQESX?$
zX<)MnW+B)+8d#yh*YEKOBe;#H`I5e0Zh`9;uGzYInWIK~ouj?1LmO~Ip1$W9j;q%V
zUj&<ikO&Bm>Ja)~R5jF!H`MK-FIo>Z+SO%*X3?QtQJUMua9k&K&7D;cegcFeI)v*N
zWrVqaa9Y>I1qERuARN~rd~{Pr=m!XI-t<LyTS4dq2s3Zunjd`@=MVC%dFSr~0q53E
zu!S1f0)j;o><0~O5y6@gY^4Uaj9`^#5VlSOD<;?>f^F5nKoV0Ag!INaS1-w<8TK<9
z%_*OEI5?I|!HNg01OBm2U6!$$0M`D?ez6WHSZ9|qtS$br_Fs{)$^mQh6~9<p6s*qx
zYwZ<&)1PN^nIA<tX*RqQEx690GVRU7GLr+p2H@{rAZD|9o&(<m;8G6cEZvm96&xUL
z-_jx|-Q!ydhE~_FzNK$M>9@Y6z<cm+xTX}{I<Lqbgd_$VEY!O*bCuLG7`(cem;b@a
z@iMo24F4uqn#*A;z2Be%B$t;jfNx-txMNjGb)+F2{Hpge;LlPbFCPP+y(3WP9Oqn%
z1>f-tFn-@sxcBY)R$H2#>-x~AWR$DGr(}?Oiuz}Y`vu-B;NsGEk<_c*b9hdNbMDsi
zXaMfy@So=>IUj=8l51wc9Brltw>w1r^N{r8266&Soddobkk+*J{YnGo>&Lt}!@!K*
z{Yxg3AnT{h2F1d4NQLsvSFCu2fs(7S;;*UL_6;kB(PHsXh+{n>IR%jQUI<ntvaed!
zYn19=){Dctz97fM`N}b+-B6BsZGqn;&Y#rN$T2^x2U(AG#yKon$*XQq@~U&Y`!O^r
zOh%D!{Cci+Q(1=eG%HY2t8<IReuJC<lZk%y+j6B_Zz2>;1!ZQgdHb3z)|pWXbbiff
zxQh3_zo)Y1wA+<ZYuXjWBJFyA>X&xU1#4(GX&uoH+A8~qE;pxx)oRsC{AOM_>A#Jb
z7QgxdP7>z`diXN`PNfH^K5LqtjpTb$L^EKpy9Jqe(l9`xvA%&K?+eu^qQ{eKJ>K`b
z;&=!D*Y9}$RaZ0K*Gk)CR!<SSo#vbvtYmps7R*X+7A@fm2F#+}OSz>%UN8@qdKb(N
zzF=0$3kIyBf41g^2Hz#om^->kd;y^*B;Q%shEtTaCxzdJ<uXxTF4bF<zew_H5UqxK
zPj*4-g?-|edR^*hsFz#<t7W2Qr_EOgH;)r;fr@YeC0-XH67IsUUc#w8gbLvnw5q~G
zXyXnporlm)4z3Qc?tbtR?$pg%5N>R*+7hny!({*Xk6*&wFly}|zv>A$T_Id9C)_L*
z;Wih0U4uxtmBn7dsXc=V;a+Iz*E0zDK+;VG)3^^v=N_CvKA`zPy=h+ReS4!8yS8Iu
zt#|FwXe8f)kNuKwO`wK+TYurZ79Mob8{-dOXu*x~{{)k!>)g$a@qh4wmv@sfeqcNq
z<JXcg{?M<Ct6lT*s-LgdV$F23)^^RD?u>)}?jyg0E(_2Mdf!_8ni;CB8MWh3UNi5n
z^*Ro5&E&83t{Ju8P+2owTKM%FnhHd|*>o<$zO>m~z@?6Q3HNekEeLnJXKe}h(?dwO
zN%Q;?uF#+%+<({T374P{PVF<42{&|&*Jp@?>$}EFIJL`AA>55Hzb->l!A!o-bl$?(
zXrIjm!cFz=v&3t)Al!x?wIy6`CnQ|_hkgk+NYD^&<Z3<PS}KH7y9;H)J+RvAE=0mL
zUhO5E+FPg)uC#d--a_P3FL7V1&RaO0e67C$^`7=pFYv0urA`~~#-(0Qs5O_0?@0ci
z_x+MD)YDpUJ!^z~0we<=k5UAo&=SU6_IUTm;48IYseg8_b!Xq|fSpbA-`UZ3TC3;!
zrIl3(LfR+1MDFa9C;Z`+US}Upc-xhhs-N(J3EvS~g|9D>Uq;jU`jYD)`5uM2F87kJ
z`Q=*dl#d^+?M~_UAX3ltZ@<)g@V16}-B;*$itkfSi@76?2zR~6>*zzmNktaTYfiGC
zPa)igO{?(p<pv4<{e07ckZ_wpzZ>S=Bu6gRf^g5p*OqXhQAoJG@A@U&g_|0}1r+HC
z=lj6QV(x?^!j&xdI{A=rKQ6au-dK@+d<x;7ZQ|F*$63rG?g}dLrQY}C3UUMWlDyPg
zaG@5v_JO!s@7leQNWKr>@k_p?H#Fp1zf2Z{m`u}be4s*0v9Pa5Z##_3K(*~-1Kbl%
zG%8O(7!)_#!iWU|g(!?z=5?`wcVf^oi{||Y*}<leHn6c@2OFxv_yRgR=eXNwfiHav
z$ZhmH&^L<cD<z!=1=4SXMX)3bb%PDm+oH`}s7v7mUv4I$?v>6Y)O9ilK8Aqgi0QDh
z&`l;^KLitiM;i09*G-1YD&uFBe2s;J*jI}Fe~(`;8Q1>@@*O$Lcg#=Fjtl};#tDg0
zz%(<-5kuLupg(Flyl>%=b}!|=DD=-Sm3t(6qLg`<X7=Zadd#mUDup~zEuasxyzF#S
zMWsi4bpu$3wBDa?`!e*oPupVQ!`{Let?~Iz1wIkR?f;*E>FS8frMqcxUXAuTM>|-7
zmg?fYXdMQlrq?<Q`W%COPOudk*v|xeonUJ<u$2TGOR!Q6>=%OdBUqURwvJ#A6KsnH
zR!*>H1lys3Z6(-^JqX*Qf$b#N5rX->JGhQuM>Vj61pA6$Cp55Q1bdTU`YVhKHi2Lj
z8rW%q4J6og4eScRx)IE%x#=R%EtnPrtEYhl>2ATaJSUsKKmU(KaE0g{cnZR+fDoiZ
z`1_iSkO>HX=x!1nR1h8mgsnP+ok|m}0b!l4iOmYa?T;D4Y8}G7N*Uo0AUJdviRLN@
zYXIR@9fDJFWPS_?({-NCJO$w;K*-i147@HQWB@|abzg)&3c@3R&|Qa+bwjn~ntV)K
z?rEKa>UlNVnU4r9O^5c0;$+(N5xfVW^FqC=Abbr7dE|vUz6;mQE<wF+whOqX$_REy
z1KUrqMFcykfgLB<+XTC+fn6lnB!bn^tnUC?--8Ke*1#GP>`{WX(7>7ztTn-+G%$Dv
zKzlzEG=Mp!%DjFy4{pl&%qz!QreIA2tS`^|`jX&qne)YU)yxc>M>F&Gb-%cC)wu0B
z?zHQETOX|W$ZvnhT2H;;7t5w#?E|bw{b7-0H77}NVJ-&Lt{1CDjZsiv1=Ra5D*iF_
z7fo+O?vRC3q6HVe!=Q2u4dcK!0Qi^;1XofDhrGxj?$K(mPzMfq9KLD5N?ZfsAMp0O
zK!taKz=xp#u6S>a8PcT?`tH6dikAt!PX~E<;1uq!@kkk;lfUMCj^e^e;YEjYw2wJ_
z!oS|=Ek`d=0WbeP2m0?GrS=Mr;jnkS-=ODc055+DzUk_ISnVu~<*;W|?ZY>%czH^W
z{CYf-v*&$AosEXVN8GXQF76n2XXPae@P<ey8q$Xi<uNjSfq!;ATdvD1t%fcl&(z`U
zXhD~6oG0(LIri~n{?623XRc9n?3G$g4`fpGj9_Wdq5uIBuilaBv!b-Z8Q{L!^$8PX
zTB5{?xeh%4fDFm7>%2-A2mGevS#_Ai$?PF8GY2!#yOHxEez<K`ASN#eqYN@3_fCII
z!1woT&VJF!rXpKkkle#Sa%YnIMArVQd#HU8ZlB$dw)PGb+-;%a#=oMBn*A~S2>O-e
z)58(?$kgj{{$<F6UiE#PTul6pBq^K-12)5e9oXPCkP93AQ(5yst9LroI?yWlKGaBp
z3j78Ug;!`al9+G&#BB}@@Lq5TAop8lfHy?#?AP2*8Nfr-4t=e@;1IwKl>ve`vhU3x
zZm10Kk+4@a=Y~pO!1Crem(R>+#QQ~_tqN)9-<35FiyZV|t%+B+1rl#lo?qhqeMUpP
z%U`vJK2C)`e(3FEr@u85JiFQnUJ_NaKEloys2`ZdDfF3pv8S#5_cUJH(>`DMndSuV
zG{^C2wyLJN&R5*3Do^v3FV#0O_%z3<r}>LOZdUc3&0GAbcdIX;G8CtI>wg#t*Lg{J
z`mb7$@I}l2NWvCjNWz1!`X%Aj(;5=i{nC5K>FMdp9jEl6zIU8L8for01;5GtseEXr
zzbb2fL*m`Y+TM`p-5keM*Z-LA*N&;n!m92#we+ryumEm24)ESHIsFAU9LsCt&o9*X
zO!(Relh+35yl)t|<ygA}_$?hrQ*Jr-T_A5^s^*XhA2TW*=A+npw6f;6bo#fiEeQjg
zAqh9k^h?5{l7@umKlgJ>=a#{H<${~t1r_xcf6lG2GWGuRx%$clryhPOQ_m)FGpt|g
zt!ct-vA)zRZi3Wn1k`(n>XY6+QVZ(c)2_DE+t?JT_xcRK)cfp|hI&gs^FzHuUh3`V
z)B}B4rrw0lywM*>y=OjC-?`vM?EPx$HSh#f75>4fca|r0)`fqZZ;aG?9;o*$r(XKu
zT2OEI1OFd$?;RJ#@&AwCAt*NP?AWn_9V`)JjEABg5hKRldy73{Zz#4Ci5g8bYV3)|
z7<(*46KtTd#NKOcdpYciSo!U1UbC}1TMo{=e~<6yj~H&BubX}CbLVDW^LoAJHJ-9J
zBOhVUK0%kgp7%KRqF3m!w?}4AnF=AX7ra7Fg&^#eT%p`_LD}1-WbgPpFTGp{%3evz
zo+crpG_n^9>^-LskoT$w?0s9>Q}!bA683V8*JZEVU5>qvmg}&$RAx_^4<WJlbeVF?
zw8-AAWy(zrl)Xht_U63x(o2Y-`|DcJ%DtMbh*qSCaPE(Ry{iiQ=Q5i;W@I>fv?`S;
z0yXoZR~|y+fw8(YUcb%J_~-}2U3T85B_D8NZglx>-9~-Do9Km=+t9`yQy6`~3o*=^
zWd#lF)5pGi$pf3YbAZQYpVdm9_|zEPCr<f?d*XLXJ>M$6d#P%x_`0PTZ540x+Dk7X
zMC>#47pKVuX@$SI+l$0LBgo|aaM1(u0!n&J-Wfka-h$D(<ZZgek(ancZ^2>ac2q|y
zc2om-<Cmy*R1a9<ZbvncSNN5eer7}@{lRH6Bbwt6ZVr$aV`k)ayWjzNw~KpB-gmhP
zd2L7OlK0h3j=b2#dS<+t+fW^;*ia4R)nBaIP+fJgyA9Pq-qn|0`q>dpXriPhJK{4;
zlsp6E^^(aebKV2;ek$fMdF^u%@`{YqC9l>Ej=aX->yW3~PaUb)PYvXGeXrV2{bZ55
z{nS9-@>DOq3<=A$1~hX}lN`|qGY8)Qd3WTW?Y*-ekk`Mc$K(~uNyxhvtxI0oHIBUO
zi#*?1d}yI+XYuxh8SO0Y@xn_#+n^pzXwqaG*f61KHIR2-ChzAnY@Q6ymeEG7%0)7@
zQA;yVUd~P!Trymj!5vpin4G(^a=SeD{Xla{sG449JaA`BE9~(*4n+-LeWj~m{;S+O
zF87_zF3$`$K;QaSwE_C%w;64Kp7_j5KQUr2%_zC41`;u&WbH!n9sebhcj%M{KM=dW
z$K<`qM#$SUOqaY1mpSr;1)gt!Ub8^80eb#|j5a`rJ@wK{ju6)>G=`n12A*LIyB3hw
zQy!XUp7emcoP|6l?~km6yh%fK$y<DhBkz~_I^<=rzqs#w)&Al(^E29C?ES<`Fa5zX
ztqdh^g&HW2<aGk_n#kle{o4cbP89H%yvaU<yaq#b$?JTPBX96Gp6o9U{zkRGxa2o(
z_ZOdh<fWH6VVTyICgQ}XfgYHMGZZ*`B>!3qo$$b=w>bX?y7ZcO6Xtve>oQm70>@m<
zd70j2{A#Xpm$7TE@h;=#55079J64jk8g*{R+AQ*KQ!%im98)dw+)Z9X@_pFkRXht}
z>iR%kre2-nn94Di>@|ki2A^$mc)QMC<89k@_8KqSuCv$JvEBV%<6HNoK%@V-Ad~a-
zeRaJ05)*hiRuuS4BQV`537iLkQJSK?6PdtoATY#9BHoX;k!W#gE>ofeW>K6)tO|!!
zKx`Lcp&V8dv89OB<FGo2#UR#z!#+i<7h=sgECMk*V(mDr6=IbU>&#*85wjwut%oXN
z&$r^<W)AC**hR!fb67NDdk~wzVPg<mf!Gudn~2y{#Ns*3fmlDp7ID}D#3B*<fy2H>
zEEus>9JUOx{D`gPu+@mAZ6VkO4qJ!VRm8S%*sq%GnOaW8rsVFUaZ_@Drr!lB#XhED
zc{O6LRH=Iw91V3-Q#GkJOyI>RNVU-lC~tIX6yE5B=0@j~V(Y0`qDE{HOWc_bw{vI`
zcjhvI-XJhpBQWn@#f`$~jmB&0!Nw}Zicqn^8nH$!i6?cWc)O1@Nj&wKz&Q}8su8H~
zQru|ENW4)+O&#qJrPwSgR!k%2WVh=Bx4W#l-7O~22n0@R1Rl5~fwCZQU2}`OOdtyg
zoYx4<XGul>j1UE;YLbd(GJ$;{Fb0e5zuidscMdaG*4s?_{!PU4bC?yegNT*jup)@9
zLoA5H$|5!!vFaRF6|td+eZpa(h_ynjF^4rkEEKUQ4vR#r7-AhbtPNr&#CmZU_=t3N
zhsUHy?8Qcl><vrN-9tW{Np%LPUiwnQ9<cl`km~V3SE?72$^%lZ^`&||l%!n4MX8n#
zb){M}sY4*uSYN6o%dT4vQsIwur5ZD-F(6f2Un-pCNwoy2TADm5B2}A7RRO7>$1JCa
zB*O&#`-<eQM12u#!ebH?2}e08SOY+EE`uWB=%EwAf&d<oL6TW?ih{3Nh~NepBnds+
zDR>pYIpP)PYWQav{PR8hvjF}f0NHpy4gQId8i53)uV@R4TkvT=9q9Eb&~h#K+65E)
z+GwFJg?qN(Gk?m^>rLTn@5OImxd%mNlbK3XkiSV%f1Cnd&ja5)XkuIVX-d;y6n+}T
zz6Rk(VJp3US-eilCbJABlGQYy!oSO3gP5-{j$U6aUU#*p8A_?+G1cg6xY*g%(beA7
z*45h8($&J%+||t0RC;I7z{j+K9w6&4y)ZxmC}NLdIZQv$hHHT^Irf~-V`?@H^Oy=m
z1#8Y5pPYih8qC*eYn6QTLcbFa(nYg6*dCimj(#G`9LG|!4obp>l9@X@TePal;o0Q)
zmGH87e70!Yx3>{n-I|aO*N?*czg*&ID{5zoE{<n%#YL9Y)IXj|d@<tEWUyS%7d^d=
zWKZuJ>gmOLzOAP!J-s8^3E@)}^?Ws+-uHOs-=kXw&fc_a2F~6$*>I6)`4i5c4oMYq
z4Hj>l@a4!sT?cm`)Y~3!7vETvzkPBV%HIchJjxSmFvlM9hl90a$TN%=`HGiM8}d&Q
zS2<$yJ{K%_AxQkYF8w=L1Vhb{@x9=T@quM+;zzqETWiC+x~2rk{sJ046(>az7!9kN
zpJs(o_Q~qTm%f6cYf6}~@b<9y2kF3bgvhf*GuboONOlRYp)Olw`Oy^Ro;i`_>r)`l
zzmdL2n36o}rh!xVpR5K>;k#K?B(EI^_Z6v?iB^()Dk~)!m>unw*?J0QSNgeU_KUX)
zX75DH%(mv4eL~lb`&LQJ7MiVPmTXRIB>RikP=78m`|V`q<}{Jnsgq@9HSS`{Z14>O
zkMRW`1CQ}#9~HCB2DoK5$w$HLP`Avk_LG^-mI1SAuNBPB8ZI;Yz`-$_mG;@bD<x+4
z&eAe_l`(sfGK*eRWVUXMa`&3ZY{eLvS&fsHGJF1-fuHu6w}GGbZ*LW|&-%M%_IGau
zv;EvMn_a=|pxo}6UG_@BZ17hyvx|9VX}Cbhy+UHPr$fu^9>(l0%50*7*;^Bp+uKBD
zPfnDX)p&3zv*WKCIC1yU%~u*H?!hc7X20*}mf6i&6wG#W%j}TcGP7rLxo0*!O~LH>
zp)#{UJhN8XXSXern9V*DnQa!=Czzc2u5j^+jWZwbcIxAeE*k~Tttk_fPTpwIq8d6u
zd2GDK%}W_Ba>c;YyV1*}@9Ev*rDC{tU$+eZ;H6*~gVxao3?I)WGaRB~c)W_?e^MF4
z=|c1nnc)jFIfhTtzT4sliQ%==AEd{i@nVXuLXItjw-7fIA9c)4yJHvmGcN2gq&VlW
zJKmGS(9=)aCm#eWi1+M0T!GcTxE0Z1TrHhO>=cI`7e6K2(1o3B0v3~O0Vbzc8d+Q}
z$FKa!edTv-E*7za9G0lxoIkErqgEL2HmkY9V7Hl0b7fwW=FIq&AGxor#OCfUC)j!p
z`$@mKs<>ZfD}H4W_mu_M+;@omz+vC(H&^E^X|5-JC64>b3~a6mVsklcwtjPw@6?Wf
zVyV)}K)ZUwPA`q~C_fWe2m(GDf%-2cfsr5(ta10$W&*82AV?$7mL2$169nuUhe&fK
zkPifG8i66NB!Q>BM1gJ^e@9;?a0&$4X#{4xmIO9~z-Z0JsYy&=4hRg@2&{c02@D2-
zMVg&e%b7qk5SR-e9m&GuBCd40?z0NFr#wh^6{kB=l7<A4O}174!4qk$!uBCJ8p3en
zgfvn7J<7{J+;a$Df9ZTIuS2cEtSNZ>4NL{NX%V-$^dR?07yh~>-6M+LgGj=H*x5_I
z2TWv6sD43u7;C*UZ5^g?=V-ZgZ`%4m*80=Iawd=SbNDB#+&UN_&cbl9s<QPHld*L$
zz0j?Mt^YI_TlZtFFQBaxNib`i>*VDz7>>^0;h&QxMe9Rp>!7xCkBPNzr>#rp0a=BQ
zXzN50DmA;BDSQyFp007M(W10bSmC(7q%Ecn!WO%*7Viwg7KvCx+89}VRy_Cs*S}$W
zRlU-eUZpc3A1YKYjBQ!^W{{j_Cfq%McyZbYt~qNNt~tw%EH8g~9sTl68`FSXpG&VF
zw!vZ=_rH+cFv|TwZCXab5jWy|9~n0?RH)p+g0pj~-LW4h=>7wtSlLB;>_Oj-VO<XN
z(e9^d8Ra-0;W!U2S2!)_rEsq@Z2IvXQ4UDF)Lz{rZAzTIoVmotL1=qr@_*PVR9dJV
z=jIzl24yh`aEPEI**5h-bT*-Xl`JNgk8m2QE5}Ec%|;?~=f!UdUB?9}zInh>(nj_}
z!EPukr|(Bp-?E@e1wDPOqzz~10jREztZpe`<}Bkc3>2SFxKIhS6{4!3h89`Fy<>x9
zVNpTU&$6Sd@6;<Jh9oudHAlwP4vU#+HAQESh|3x?y09s_RYY84U(w81zM;NpcLA`r
z956hEq=uXp9xNz9_H&7F%PC=|-9?FkBm!q;V8&AMds!slcM%YuM7))0>J`g^MAW2@
z^nPPsdqo$EeQl1;Gwt+<!lG3a_gh=>VY7uK9<V!Vi~m}zSuJ_sV;|zL@j(9@zi9QZ
zBCEM+vZ%kmq-K5@NM54U|IK{Q^uMzGf2Ds(9sLK*XKMO#`nQsSY@GgeJ=DL_|4jd`
z>$Up-`VCXFdyKOGERcaFi<SD1`^Gc<$8Gyx>A(DEo&G<MskwI&*Z*Z;#`j$RpXZtW
zN4NgZ`u{qe{x7Rp81yf~`o9b$FXH<DT+j3`>Rx{`Hp238g1Clp+!jZwgaDWXMo)K&
zvsta9<nj&SH!`>17alAtN&bIV{J+{?8=KND0)|9!a>-`#_lI$I@WC45(<a-KlYO^t
z6xEJ~H5rVWLUessdZanczPo>wP?zt&H-50cyk!sBZ;#7qj~n0%)lh@%al@^4$4UD>
zAzOsw?}&Ymaz%tB+a0aS1~^WZon+aO*vB$h{I6T$Q_IjqQy=&z<a8g)kleo0>yq`K
ze;>;vaXA-J>gBTrmLd7;h#y;(we_(?@9z_Cx$wBrwAAQ{;ET3GqvAcE34a`@VS*Nt
zra=qW;e2f02*)AC{P(PpWzW54=C={0o;Qv6?iE>Q;33n9O3kJ{h#o06b;uWXUWm{5
zukb9^nGQ{jQ#2(m?V`fs8>jaPFZDRgku+kfC=gCG+SkW&A#qybh@uhZ3lWf`AG@E}
z0scfH*cmFCtDtHSv>zb+H0(iogyY~=v&$>wbfn{^IHk1HJ&tcK&iBNHF20ZJ`)gpa
z*(AH;vM_gbN%7NTX`)xW&sHrX9LF5zq}sMVew#@rvO7lk+M&{|(z)IQed|s9?a57u
zXWh{@*zWjS$XoxlsAH4RW{$q%I{Lo&-i5zgh?nA;hl(mV9*Vsn!f{ckWWv=gQJkKs
zII1I_nV4Q1cQ+gD=RHgo<Knme4s*O9k9a;(>|4SwUc@?&YGJ_zcqBm7x{2#4&gAjs
zx~DXu$!9_x^Fxu_roM3Sd@1Q1cW=^kuT#GE<Rr2uBsNL!G<#Sx?2ZgFq2Z=<TKMDu
zzeBlKE_R<&CeQCvQ@l@-Rq||+e7}L1?bHpL^ecqhtF76HBf)2*-G=@R%x7|ttR&*t
zkBsl_PY!t}Is?i73{o5pAK(fA)uhwmt<vf60qk`60RD9N2INo|b<$L%(NQnWvtw1F
zz0J8-5^_X%(;ePNy|+zl)Jr5d^Sxp`6_I$#MIL{=$W#0XqZbj}RPRMR7T4I}j)7%6
z!Tqb0&SDC49E?rNA+ohQu0Gtl^5A-=NK1HHWPFt-=cyJCg&Ma~wOUw-76TPpgq#kG
zeVfDb?S5XJ{7{|<(h!8Eor53;EHvD*V_lqht<ls6;;rlNZvwZri&Gljx?B;7fO~@P
zy9e4^=VTp)-8z-D1-Bi)&zevWIJbnKhnt@7gg1q^9<vK>D}MK;W$JR`br2aUi~VIw
zW7=OtUCth_E4_ih_e_BiImsR3!uMHSMfgrjUPdEPmvHfA(9|~4=la=`F$$Ll?=qC!
z1>K17@_n%n#<zmrGn+^XHBDv7yYmJ0AaNW5bXmw3BcUc&I5-`9;a6=WUvL2JzVNLm
zS6OBEwMpGKigaJ9rT9tNFP>*L(K{-yzRrprb-_dnbQDqhrVqp6Rdr3QE55rsk(Nf#
zQCi<?B6XC6S2}OYSJP3H{Ugk><E%aQsSj{nsUx})wvEaIyR4?p^g@!X;o{G-Q@Ge2
zoK@i$QtOjOw1cDyJNLcS-m);cWwhI0h@V~W7ZRBbZ)t<O{T__<uWZsQwc>yxz83I1
z02OmiHGtO-X_R|tTB`Iug=6o^fU-Y_Gi7sph_c(US9EC-M8=c3>ha_eeR($S>Wi$3
z2gzGKg9kBqf*kk+lNX0cPY`rS=Lw2t?g^GQHh6;Rx=%1WtMvB8CwN?$y!dY#GA{q9
zrZY79XX3>dXsq+%r_vHx%V!ZkWpFm7pR#f`c-OUVHefdo`;*Z?`ex?eX052bO+?#F
zsNXIK+ARM)qxSfL51_V|8Jm0DmNZxNNL{J9!LKqia7F73T#C+-9Y?M1?dqFwG=m<c
z=pfG5WlYit=Z~_F!W1JMd8rPJV?>Hi0A{aE>JTt=_3MK}SB}UyjH$RP$fFmwiv!pK
zjD_G7EQMbt%DrV%7QH^SGYjoQA*n)qFzG@C<hS@nkMUxe=t8F(>Wv*Fqetqn_3>^=
zHg>mP|IoQxkxbmJm+svbkYG-&cjv;T8>Ga%(cZwEQ3py)ARTB^Ytn&6)@S<u;J&%o
zLt=9SHO&pf=DLZ^*(V=7Y*NQ-KAk~+U{FCz{((ItexrJ&5rYl2+-dX9Cy09?{*L?Z
zE5z<iCzuZxU@+s4`Y*(Cb69r7HX@dn!~78Y2C+gMmJhL!(+$EcBGv)1`y6)Ltj@r7
z(xYIy3I9Yw4yO2V7ZC`v>=U1UTB2pnkK}|GI)3f}srfI|9{Yt#nMEKoO(Qc~DH9Dc
zV>L3jUr6e-1c9>}fy*>Rl1-=%0!K9=lE0Zi9uP=;Ny0*r(+C@{xwn>zZ!H+Hbn?a<
z;|u>h&G{P9yohGucuYqub*eFT88KfD^VaYm^;UY|9-_7E48tha5BTL2PF(>To{ZQN
z4troyH{6>woE;i&^HxpN;+K+u@R=wO_fqlZ8<Q6wLc=h=LJ~-n*2HPbO9IX%n)^R|
zDSg=iU%sJvQMcLs`+cTc_i%8U)It*w=&Ffj^-PmmC=UXyGy>CKO9DP1FiQN0=j(X6
zN>fKY>5Ma4;~LH;OlXbyaRn*_OK}gI(2rg;Rbc*o^0m!fF*;!r8dHhuLBS?he^*~u
zZ}#OlD&#AaqC&etD4YdAzN7-(1XF8_NWf}Mc-9J~<AT^t$@MGr`tTs8p;btt7rO+}
z1-jn)JT}E2@)nj8*Fj|5sDNhEQY}+g!C)FU$r>5g*FPfmptVuR1G+?wNKTCTW1Of_
zr?M7TK6>6xMEW67%D-8ihtW|DV?L>78vP(5E>~H5e3)RbBShb9HZ5^P&bSt7@n5Ao
zhNZc3B+wVqB5m5~N&D>%;@wGxgLS?VZC~jY;Pi2=vBxzL=l|yFSj+BC<-tequj^3J
zJm0fr{PV5<fAxIdG|Axk%!lo<iD@JPk}RC<h>4fSI%*$Q`97oUag%(7f&=oHEISh0
zADGMeU&zKY;#?A+*f%n6h>hk$hL;^kk|9Ow2{KiNN@<Xvcf^iAn&d#*Ix2D?V~8ac
z3H5nl4H|N~QAlE=kR!s91Gr~vG`~zUqvbP{y9z~DX(_w5L&8i6HBD0LiBNN)2ipR7
zUbA>wYx>LMuuAl)R9kn;R^t`imaVoOaC2Kk++dqTSS0dghplZ<n8Nf(DA57=YDe;y
ztR1BMCE|A>>tb*ikhBv@*TDTqS37=TMD0@53K&<}-3N<Q)sU&m{#{z;57L}{)uOk>
z%?(qwV}vR5N4iWETh1|6r9Ii)HdA9#xhCjrZaY6gXLH-W2|AnGHcW88xoyQeDdW9v
zxHyu}(`09S%LIymz;um3{Ci2@m1xR3C%#t;Okn~SL16g%bSc@uE}T!mOzQWgStfPM
z<~ZcKO0#jepRke2oiEM8%$2CzfztfpW<`WsZSg1nGmnh82NxHVhM2L9_pg$aSonRX
zN5+qWUsd_3Hd6vw^FXERRN?ykwDd^F3wo@X^%pO(FNnj%{XTg}weV(fqihlJpW7qi
zM@BV^AKVW78&H2vs?j}=)aWJ)tf4~nwsdR&r%JiDWN2ut7#dp9p#e5>p5LxFC}hp1
zHz?#H-i_Q-V@1_RV=p81FXrP}VVSFcamnKWq5Tok&5P8~uYa+WuYb{|JR=Mqn`GcY
z;at%`gr%gf88=x&@*a>$>R+_M+1nqlwG*DSR&a(%%L~fVv}(HlbsMJM;dvtpjy|EO
z&Q>*0AGh~c0rKX{<lURchKOXZj4Jo{zvwY}#SRnlu7&8=zgS$t<g_XJQ6%X{cIZ7(
z!oRKPm<j#pS}Vp088cf+W2VT)ysdge<tuN!p)wsePVbs5@-R^5;rd(;I#Krv9`let
znecEfSeJ*#-*cVF+)AetrI=VJ5=_{M9-HJ&w6`U8qBIljL>pQvI+2NXBEh8SL>;zZ
zCrVR$w5rkE<Hu^CI+7>E@SSMo994l0cb%y0d5_7vaEOq%sG2T$+ZJ);9sELvykjzX
zhbeg{739Tyf#hA3$Q$y7g1nn1B=4}2yyBaYyo+j%R+*8!lWO2c@(yx8?jugpCuH(^
zeT_Yj(|3cc?>egQW`({dTcEzXBz^yEq0l#x>bp*<@1RYn?=H1k6{)_P)j$>0*V0$i
zcaE9qyFFe<-`TRhGl{;q&_R9Eg#fDWB1vD1Qr{I+-<e8%_ijXe7pc|SYBK5jVShs-
z=n?4KN#@r(o}A$TGazqxd^LhBhsSd3?2+gLX@l4#4jYHq$B0ekuo%QjAm-q(X^43t
z_BDsiLhN2N!RB+=9P0mxHqLY17;TW}3jQC&R&m%e>i<D(Er+e9{vX6PaM(J;K1FN`
zhy99JX~cGL*jB`{BKA9n?bP@*4!)Hvsjoj4Ever$u7^ELU=RrWsu8Hpthq=KD5J6F
zDl&meAW&2zARCN1KGroD7cl{69oU?$5oo|RXCDTE8iv`r0m9lky4kvo*w*3cAn=hU
zmG)yM&>I9QX#~>PEy6*-sky~tCQt?hZfOMGuv>V6K#JxT&zQiiP*LE{E4G&uW*On?
zCbVe1{h1pAOc>!Hy`EAi*hD;2&fDb2N)6^8DSW(;!aANyFYb~rMme|2UmNQDk$#X&
z;Tq0Gsw<_O(^Xe2u2D+6`b)tPiFS31LUKALJW3vV`#OcBO7^Z$io+NyJlTkN;X;ay
zlrUQe7bucmkeUCj8lqXBQjmCD^z$KnC3{`H9+&KZMzS5ShS~wRF#oNo(hd;UnroUW
z*5(>J;JrB1e(|$`9dIM7fgJ!F>ge+PS`Tr!ogl9{zn$U1^4$M~$F{)Hy~Gxn9jI#y
ztewl*0=qs_FVE2wK>C!HfV55@`I&49kfnO>&*ZH}x`sghbq0pOB_9Jr;40QTDh14q
zmznE0-2>*XAM=>Gd3y+RUzFEnZqOW#xrq^4<~A_qls1XP+$RyTO+uKf6d^OGYm!|4
z$-pGJ;B8=%Tt@q|S9g)QZ)N66P4l4Y(VC-~V@^}cr^WAtzr5vi`K$6Z$KR)REq}8a
ze={k6a~1r(Z6e!9gg;jknLk|<Y4MK+Ceq(o3{0fcSPChjo5<fDnZH}H9`M)euMgxe
zPXgiZbQxX#9?a(Wd*4{=SR2S3kpsaqfV3TIOq~scvz?7)&SFezXG8xrdd`MRUV6@k
z8zg%pcVsvD*a4tw#}p5!s&nK6sk*m|P_?$SE>-*EII7Mx%A^l+aU-P<a&{xm2dP|7
zhppCIPdm+e>*+_hO4!p?<Y}7B)7O(dsIHagaHd?38k+vxNoa~GrAyP2SsYCp!ifXY
zSF;ZIvOiXZ;%w7T(Qf@5u_heW5V7irMRJ%Ov4V)T;IL+hz3xY_HXQZ^V%HJt$YE^}
z+mBc`4(o*2Pl)yAu<nS>LhMTp>x0-}#D;L#0K~pPESkfHBK8qtV>oPt#-9I^8JT}n
z6-~s=8Y6Qj6ZioH)@cNOXN7#mgTMw&q;4A%=m-L9v;xdb{g?=7?ATwJKw%JAsu9@o
zS`tXBA_}b1Y)ku@30wey#coan+fgNh6T!Z%LQe!!6>4G&pJ)(>)+~HRGl7;M(EqK%
z3Eg51TA^cdiS}tvW>tSoFZY1UkxGL%fFgE4sw++1tQ4u5OKs|=tVSe%E@tZX4@Fbg
zoQv7hWNEOEiaK*j&TiKkr6qpU6`}mN$Mv!D<FBqt%8$!j#grfCxN<8$#t7SOXw;9-
z>Biok$?R>ZJ_-EHgu`U3`e0i`d?Qkyg!F#LQnEWO32TF!VZ(K1i--8zRK-KG*)mZ)
zWa|$G#Y1{gJ4sVKq%W%x0NJ)7slwkCaG!O=UTL3oq@$mIvMr!%-`>$|yLBWj72r?f
zoHR?OtTmGE_k&EkfF!890{cO_;Yb`T{(Yk>{v9fUHnOMP4qvp3AEQLsT0?g$_OyFd
z4<hWD=mhO2X<314Dd{#`p<6Q9Y(JY?K+<mTHN?h=bfCK_32h-zZW&QdGMs$UyW+=n
zC<TV484R#pw6$G$JrTcMYu_%W?jxaP2vHXnK``5V)gJeV`xAlPha~&2YY7wk{lwTY
zGVd>pgugV|PkFMKq{1`u!mgOyca$Yjq`q^tp0Y}|*msWBQ}i9Ii85PJ6NPL$ZxoUk
zhMlPRPX@(NR?^M-n&K#H;NX<xL$E&}BKD9KcF_CN;ycPYJooNL^(i5}DHoGtvG`69
zExzLq8z6#J!TDnKu=tMBLUv!e<nkw~(j`YeQI{^6tteeW0?+j6Oa5q3z~l<`ergJs
zTqoV#;E^k{N2YNo;p-`xc;pJ7l*cpMY`ZL`sfp2DU_VjJ=q#qutqgB9X1I;sY6!hm
znatekkGkbeF*u6RLItEqe<lkR%+wf3jk=KuA1bFS4p=o2W1s?JP7b?kQtpn2A9#|j
ztjP&8q0Z&fn7wqPD`_c_YiSSO<p5%bIBXwcYZ3d4!;%n-L+o!3JBrv4#LjXUtk+c@
zKRUnr3opxo$4@iA&t(GVL13~*z(QwdKjAkJFlnamv2Udo7J$G2jlfq-U^oc$)Chd^
zP7?S61Ohc~$*N2s1O!ToA6+FOgXHv;f74wBlsmYgTA&k4F(1ILW|`WNn*X}pt$7{X
z)l6p1)6;SHat?2~U>P(B<#R9@QekSeZYT|vO~t=#znMvb6^y%;f`iC(F@F{A^Csd2
z#fu>iSY^3v!MLQc3h$}~nP69OUZr2qD%`7v0{%iu19^A8P>rhCHwz25@1c?bLg`hK
zO6%w~E893uzWrnxe!D^ze&e`v@hkZj$Ec9Ee2ezg<Zb`L28!SDVvUgN3+VM@Uc9}6
zyPt!kgCHmQ3a_`3QKUZ`MY^hLrTNkU#R>yT03A?*hTwqW%LbIw6L3KBrvr*Fyx{=V
z8y-}fq!$Ij{xaGt+{)Lhjb@jR7p(_J_E+kiWZ5!1J;`!bZRsRSn{=sfW7ta(ohvME
zVldgy0zhmMI372DA+9)cN~3)$ZrUz1JT0B(V`a2o{%sM>e)&38GTJXM@24Xh(Bpmn
z7|r(6k<5zB?5EqG4NeGc7#iv5iTml^3zLexhHPc=QaagB*Ua%)xN;bNuRaIK9kPU_
zHZfbHvqr>?3UYacq>_48MPH{!!Vc7=NXJtlCDu#1{Vo~E551TU5<-kA7<O;MTKjI9
z2jtQqlj^)tO+MW1QU6Es;id$5k`H&VCU(3%HQndKarQs@!=?Nf;3@Y^FA_$Mh#Qhg
z*KysND%Wwvni;r`FU>P>9pB4h;5v4q1Mlv?^-T#QSl<@{hI){_uzH8buH!a85l2fQ
ztFEJ^`WVj9(y&H(4Rh{Y$L1O;*YV@(8Muy@&oyuz-|;eV9p6WP-dBTdri6VmbN2>&
zz+C^|JkNjm5%XXC^z&av@#nu(*D~kcX`CFQavJXl$-rscdyawA_#d-@)A%lW_#&H$
z<LybAxebGmIayf)4{ezcrH8gah&vB$^4EGE+DT?T5A8J6YZ~aa+RXIIKS;_?P$aQN
zhB1fe__9&Bq)HbY)Ou(~)>Gqx*?LOj5v}&Mo=3E#u1B;S>NW3kQLi|eukiy(9s-Os
zylMS!t9FJJp-&)Y;jo;DZADDCTJ(2_73Q!4h>b-|w~}-h#L943NyHi;rdwsYJYrQi
ztO8;=5Yw$d{jep$YI9f(jUVwbbFhsp0>NsHeJwD7)*x_6E5ICVHHm=6!FH1g<O6|I
zS^?%@ds-L-GzR!ZCU6P_j%Wnxu*8AQAW+fJLJtt;6s8tBFEED*3<iN1jlfhU&<q4d
zypz3vE;}uGb*3zO<p!ixV-a>&CD%s^tK3!06{zs~xpMQaKJ#2!{}@|<ANfSuXhGVj
zG^kzV-El{Ra#e78e(<uI_Pldl`>;m37aD_KR*~$(0CK6ZZ>kM!B5^bZn<!Bnj;;1e
zVK)0dAxr<XorA9I0NLm7y(E)yR#WjOSyW{*-suM>qwRkcf3H<p6@M>VIivXdX~%zv
zzjtoP$KMO|^B{`6XrspyTGM4@Ld)f=JD~**<0iDwN}k5wQ!A>BsJj(2FrpUB{J{A8
z$_9M={YoDXnCtSZ$IRvV0pp)p_2ZvI`1of9Pvh@<DyWR8Un*o^M0J?)f${e)_Ar+J
z3CykR?Lknq?1m2vik@0R`1{63m%m>JbNu}g<Z1kUe2~hN8W5C$DOF_p2gct&4&&qR
z-Ftb!-<|az$ltuhnE&CepZ_t4&;JO_Wc<BRpwhal9q7)wb58X*{(j8H$KOBd=>b){
zfBrzK`g~8Q3e2KQRfB;XRV~YBGX7qqyfXfttGr?SeP67{@%OHcM4qP0Jo)wTApSmY
z-G{~B>n|cSnY?sqDms9psd71k`1`*R#_{(P5ytWNtr5oY_wOQ%<L_f5jN|WJB8=nj
z4I+%=@8u(m<L@~ljN|VQ?Z)x<({|(d`wqK@@%K+H8N}a<TQZ2hzxB%?{(i+TgZO)b
zUk35_@BK1}zmN9IApYLgFN65|M}8T^-wXI<5PyH3JA?T9ncV95`>Cn){F9Vw%J_Q%
zz5EYc=Hl-wC~_DOF8)59A{znWjPijLS&+hva;HBU<&#sYaq;&sD%xKX{r@xmUb7S$
z{BK>=bmH&o`edK>@}NE$I8#SFeFeqIf}1(|hSK6>)qO~DvS4L#vah$Lr>l#TUG~G`
zWIaH$xf=iHwx0h-_B&6>naTamM@o9K-}y|B|0Dk0RXIHI@7^ha{po56_x@cdjA-cZ
zMLSrrz6%XgT8UvwGjR>w%0kb7DWTlT0_VS!P^|AXb|S3ro{lrH6AK&JiN&(8^<C~y
z#fd#qp4e-3@L-j)YlX+FlmT<eoL>2LeZ4uoNl$K0Z&#d|KA~={#FE98R$`vw?ySTE
zWA&`Wa=J{NQ*>lsu*Q>)?PP+9?TKyMwkNjL$;7rbv2EM-Ost7*_09j@m;3T{_d2W2
z?(=f?URA&PO2dSr3EgHHL;6*Wa{SL0MB)+CQ+m;e3#|0I!AYW82aKdjjEPR7>&4)z
zc*>)(jI!vP<KZ{{x4N1dzi*+B#??<>@4{xYP{Ni6Bb(<s^IUr*rYCli<1JbJps7vn
zpj&K;RFZc}ugPmOKa)dx4w~xhE4d-SpV&2LWZj@O(xDZ{HTa<svPagik8mx{Ar9v?
z@1X&-zaz$3a@J9m@T?HAFX0wKa4|Vbv2gDI02DhQBpty48}`}S*S9@gC;-*7^ye-G
zMqO}V{!fw+ILM$r_K-9sYEDACU<(g1h(fSN_4nh$xJ#*(kjh^RCSF{zxgg5jrx0+B
zCV_^HUHu@&Eu*#xe8kZZ`Vgl;L2rCS=-?aO+ga(i^{^E*$-vN}fP{~8|7v4F-u0<1
zN8+f1kOtwcDLrtDQ+T5YiMU_JpRUnq=rJ8Hbb8=RA)Ko4+<i<7EQ!cBr)<Bgn_`dj
z*spcnZ#(JN1}$X1QG76}hHzB#g-hz|oZpPG`(VEqbNJM}4W6%Nycx&Rs2L1y2#x3o
zPHZSaxilk;AHKo493s$!dQa#HQn>v4ozOmS9mMfQ>LR+_$6+|2*Lz9oqH2B=*?b?^
zez@&3wSj{?px0yBF{OSn^h2{ZKeb(IBs+%%r`YIHAN*wvjsS!(Hsw}0wVpD?fEzp2
ztcuZ;kV}K}HC)aJJfu(dVSUTP=rRwRka^W7VRY(cmV8Rz`}gF=9WsH7094bIy2TWf
z@=*}h)c3KtsSuedyJ;p?%fcxrnvAngEEb#!N-GGrHkeAFycWN)oaX0h2jc|95iP@g
zdi&WToXaH98B5w+uIZ(f0E0{WH<yV440M-RU*}!8fsJEd7MBh;DnJ<SQjV5l&P8Si
zM(^*&4=bF6_IehV;4B{{mYwldLe^FbJmZ=tGW{cyKTcEAlL+fJ?O`jZ|Kc&VM|%Y<
z(JqzD?<H~H*M)*vrL3$BxSvH~k*4S{Ds+Q)-%*3tX88*75E15JdU2Ee$mw+TB(<Lk
zQrq|{lqT2saDVC0BL0AF#w?t$7Ga=JUboCY7uQ}dm~NWrh_lygt@w>UT8%5lIfB9w
zZeLYg$tdq?%J2P8cI6<0AGKV4#gCd~r~;k>Qi~Oq;+=oYC_-z~Dnbh(<pO+yFfE0l
zOnJpf9NR&;W{gsMqk2pP`lNd7b45QPXAo=scjkn-O$Bp3&Ey2^G%?+NMji{@eodZ}
z#>f-I!-}wI*ZqnxnNqDqej2IE>6RrqooUVp-DU-J{S&X_zq!_a)>BcmvkBwxXmp`k
zOvq=U>2UR*1S|OUyvuML>4QCD=gcO9+_tbL_^9~P#`EFR;<kXW7-4$6dKv-_w0igO
z>76>QApv1qj<9Jlda!yg0_?bSPLpk?HO_E25=h+vV+1tb&^35u-N-eIA^(HAlyC+i
zTmG<*Uu#xF98POY;cg<fykT|{Q=x12$ZtsX4dEaC#&F>;r0#)(pZ6-Y-)9AqQq5fq
zp)<3?a?4lkM$`LHQP(Q5JQ?A96(Dmfp^#aCw8Yn08apB6@lmi=6J?jifEqRB9nET?
z3i4|lv^fHc)*QHZM1Y_*l$MeSCE6S$1qU;*hxj^JVh0RCh7B5ck(vLCV1*h6@TX2f
z9Xt6N8km@wFXlz*_!dH~Bt>@3kFkaVXk-K2rT598rvFB}wlI$QhU!^><~gZz3=cqI
z1LSBU<OTKp%j_G&k;~_TWm|%^H3c~2MFDKs0B7laSg6mR&F8X?pCTjLiLOh-zh(lL
zSe+LVFdFu=(<O;Z31gfTQfuSS3wvs6F@eaMym%u0Mxk^A%QDIaLl5<pXdkeYy`;5p
zD+-Zalv=-Nzo6E78!YI2jKX1DY>^il{`ljM6I?d~3>*yZfl)DZPn=Pvt|-%T)SW0s
z<Xu<xq)#vE(|59UK_oY?vH<TK+>gbq>Bv{2^|Au9)YAYn)#p--a-<FgmQ(4ExUD4>
zmA{u4A7#Zw&^#|cK=+#JLvRm)=UVSA1ym1$7G4G*Q^XZeTeZzvZOp-0fSG!y0ju*z
z^i+lO$Nfwu@Qf;e31U@oa)Z)uRWWO02-8bf+sr<4N^cZ8cL|h!;`I?XpANc-V{{45
zynP`O&^g-Z^cT2MZuh5sG23}<-x%zBSR_r8-hNo5#WAiyW9F2#s8LIYnX1m%{o!IK
ziFWkvaKfUw&l=nA=)mxGQWiAWqFtR$qQ`CX*Kp-@{9v2?x#02Pn~=o(q)(C1{_u5F
zKJ$rJxI4T@kt?NPOT6~D31tkJJtqj*(r$Wh_W-+iQsEA4@igB7J6)OX179K!limiu
z*G3-5!+qwZyK8+^MR~5|x`24;M2&essXe=Gt%m!mr&S%!cH>(`Y9B)5S<LhyVa_f0
zA*tncbh6v$Lmyv$){y3LueIjFyno=o0pA%26rOE7<kNb0W4J#{GQZY+dSzoS?-C#>
zLF^LX<i+>&vsNu_9XY%E!P5<@?gRNl2;KztKBx-B_qG`BK6|JKyxR=L1)LnRef?!I
zFJMfus~Eo*(eV~q^Y0`eSp}Y(pACWX^8CYQ2O!VO3uLM|(mPJX^NBQgbJg(qyc$mg
z+Om0Zxx)VoVvK)^vGc+?-r`)TE(AKz$Mf{D_tZxog9&~w!ULUpvV0Ev9zSzJj`qsF
z?i)h*zxz~vJ!+@@#9yH;ea>^cd>;>eAs7e`ed$x^)wVO4Li{eK>!&c2cZ3JC_pIlF
z{cR%x5aVfFfbskDlf-l$5T^blODF`Uek)6elW<7#;+`)Y%PPcTD_9H3Z{$Y&IeJCW
z+DB+P4?`fn0vHUduFiO@V&3Yc)*Mh>EW_DIw!^LxlJVWk5C+fOoxFAV&T6HgRP=^$
z`t=xGK-J*jgg2w~oyaTxrPJ{}%>0uBPs(b-+aRq(<$*i1qL)@uL3QC-iwK9xzutkX
zcWw2Ul{acl1UV~ijd3W|`Rg2!O4^b*=r2SMU7yEgi)GS{`W7;{LTVvt%Nk}URK;S_
z>$HYFR25F)xQ0BGi$k`SNASpNf`i68W*iZIA$$%S_Fcpl%7lvRoN1_p)ID_YQ=*E<
z1c&>a-XtMhf4@#P9E$7_B}`wEUeM%;`<%n%r#M{dfHA;C6U}G97zI^Uj6P*Bm$U`C
zo|E7ay*?v6qk+1<H5^H7Dr|5{d#Ps~2Sxkys#+-NZcDV8=o}n_3j(mp4p1bN2Iva!
z<VjkCQ(>gT0MeQPaTLG;v7LII9c&CMWI$;%K#?3+A+{5tvxAN?h6D)s32D!l0;ysj
z382cWfMR3@77{yZkvYb2*RKZm!Np*_5nwn53MESHz`K|{K>$ths2*`C=O7`GtsxnI
zP`P`dKFjV82@FH}3K{iE>;PO$w%ftu%AHI=(~!u4Lcb+;2wY5R0YLJvJ8@y8BLV`f
zARoWtI8oOsoJ_8a01v`O)e=SwF2reIKyf^nTNTRd%MNN(kj&#Hyn{|*Ytt0bvYh8p
zb~3$t6zMuRiRB_S%P_JEvw1D7LA-F{R!?eB07N=*F!`V#HdHI%IT$f9`%xJ49lP%v
zE;)N?AvKo{q`n{Kr|~XXr0aU+SU-$mlu|V5t`8RX^G+{%7qyC0Eh$VMSA2*@xYiR3
zjI#q3PyF_U@z+&ftVfmkP9H?)>w1ZVy$Sn&_RA^FGtCur+dRGM`Vnp;x0>{-FcA)G
z?8%)=;EZlZjO;+!Jf}44f#N?K#VU^F^d93VjEB37-ClXQjB4I0$g8})!Hf7$Z-2g9
zTAlWGZMW`%dp}RDQCVPEgu@I{IE$EGI#GzZz{Jt`(PZ+rg>mLbTHSFG{{4Y-O@~S&
zoy)U+q6*dW6k2)K3yI(``#Mitrw0<xu4X9%iG193rUw{Q;7A#q{^mhh*ln`#u_Z0X
z3IA}UIeC_Dqh+p?snGrzL+ETmb7>tuyZJ`Eg40NOAo`V>ejuxw#}Kl)jAuP$e*wi!
zNK-7YEtF!od`My4b^KVJ^)ntJ(|f&7(i0>j8n<{?I_<C;4T6$VJ+WweJt=j+P0s&n
zJhjeObEhvUd8=!U3YiZpZs!!ys+QwBUk*Dg!t*Z3sP1h$CJ|t)?Bx>e%CG3<(p3)l
z0j>~`S~;d~ZK@Pr&+7Kq3jT-t-Ed0$p`sNHxw@6F@)EHy?EvgB@<l9lKs$hJY>=b{
z&Gn!7ISEK=6dK(tkQ^?+r)#NF3_B^mB8h*?G98NvG9n<aac8@q^qUOrk3WH4S<mx~
z6Du97n#vJQO<e5}eO7gcWNS9WE$_mwj5=>A%*Hg;h6W`?l|Gt3Ryw~%&=hZ}?}9IU
zCx2iB!8l(nlxvMO^5-`T4-Y7oCrPT-Gt*~9UPS#922U`}aH9CD-k{t9+!ME_5im}m
zsmTQ&uJ^;l#Azc@eV0{^-BV58D{Uu_yeQX++*}otb0!(CqTF*}%rLQ&ANqApFx*p(
zI6<mW<WDTGJw&Umjv2@GFLiG~8w+#RP1cD5YS`s{LzQ4oSNLYdhGkgXGcqT6kDHq!
z@=9P;#WzLSH$laBkz94-&ag-;enZsoolZ46_RqRG6Q1(>K8{p<{v#|_QO)lx>-?__
z`Cgahrpoz#VZLXHZlvYwIA-aAyW-7OE_`H`VG50b_OHTc+~PK8<cK|**(S^@W6Z1H
zm{hdX9NY<egXqI?kQsYP$$R=N!|Pm;_)S8QD3uxazkfzVSoe+Uir<th+SB+aiVHhM
z>qcH3rP9QX1@0m9V`7%-rP9>QsQTuq_zr3QZaYvdYSY#uN`D`iL{Ci1ygvSU0(Lj%
zc~W+B+@QR3sqISSWgyAaf>E+fg<<5WE%IO?^FW$m-4l5pawPS@!(RAgwONg2-FH&_
zo98`Qw?g_eU+lq3#H|T@nTW2;AT_GgyDRcka`W5r$-sdu%W@XHi<(2Bn#VY$a`%Um
zj5p#RkETRg>98>~ie-Jg($y@2q1~NnZd$qH=r*91JMx|IIhct*K`KOjbNJytb5vRb
zfUYjj4581KW(+h~o8DgA#hP^Vha@#+u<JhSZ<0hNU6`Sly@vnc5013&^_m2a166-F
z#x;xD@7CvihWrjWIMM>O;KSfvr#HRiGqZq(?Nfe-d>ou$_4owt;=S!noJH+Q?-Nd!
zbdq)LCgC|pbr`SHhpXpPufg7oRU+@(d)_`tBQEv9aEOq=W;`Go6FIPicusP^{o4>E
zZIBR7Oy7i>G%+u%Z{dxe?=0jmjQI5uv^9_lx)e0f4sTW*fbk3m=|4|+lS2t72k}M5
z%noBw&LKd?{)8+#;I5pz{`L3kL+SOG{jFXKXJQ~Oq>Pm{AlVea85aeB+ASp04$pb5
zJs_`#CsS2f&>#MZuIJ;l0W|hBRHbLO!OGMd0LO*qvDCi7IpU+`R$(SQ^!=4LT+7|v
zogOz#i;05|O_Cmy4U!Rg3c<mF82`4KvAO>!-UXBJ3zFH=@P&}MoM(S$55DpDgP{Hz
zPddiTy7L*r&$E*}>1xHoYK(EhYen~Vx4Ot|CCr(1p>=PMKRj!}T5!m^wW7L)<2oos
zUo5o4bJ!84%#AzMlAHV14;r0W5nY(ztq3Rt=`&46qcbG!GfBp|J|d}4a+!|bm=BTq
zh1rcM7oWFGEeK-mBl8laixNZ<QZW*X5)oQ-#gkM8@EVVP9l7m6M&&0BZ2;{B(sJvr
z2JjU$%I!><-eybwzuFmLTR}VB)IG^9k!MFbp=U?zoD<`Q$VG;i9l1{m+Q$!+XZ@NG
ztW2*q^t>If3f(LwQYsjRE@pZcb?Ffrs;-aWZB;)C5wd>k3d?giDSR|4`7K@oj7){x
z{v5<F#V?B3tHP-aBUy(XBCuXC3Ri)ndFC4E0ah$9deg)KHQ|9$)t+>VOLVDF5kt!^
z`Edtv5q=j~`t*;@+&r^Qi)8RolzpcQMY+OKd*GdgEzh;XnahbV0*?u2D3%JK`yic<
ztZ{4PvC5_162y(!ilyGNuvbC4hu($Wp4iWutBlNmL$rsdw58}&ppXJ6_KJV8clV1W
zmWFD2B?=f_qK9}*OJ3Swgz)oAer59d0*3D(J~dxK8HS~xN$U|E@sFs6PmsnXXiE<i
zaF+4eD*J^K2MGL!6MGGko*HI81mL#ig`9y1PYw42N&@`8f9!8Fvj=B$n1j;(cSQ%j
zMZuOKP!;Ik@(HLmBeN4q8AMtIniMi*ssZ&r%7IviH&2;X&$xw8^CY>pzV^O7!lg5k
zhuN$!k@Z}`718xvN3CKYzF~Ts<~#k221hyI3#v6?9mOc<8aGo}y`ag-7CC*aGSr_o
z+sT8;GiDvFmvWMEnWBsp8AWhh;hmA>c|^E__llUZ9c6D=n@i$0C}EaNwCZFBb}a0%
z5h7L^HB`7{<D{T{_An~k-8>jH*^w4&6A;0|bh16jZ#u*>n#avLG*bEG-BKdO3Le@h
zDhxolCca<99;<5jbhXN71E1EVQOP=N>*j1ViN{Z1kLZ{p2SwV-lwBbBGxG_vI{%RK
zmmtm0lSv*ua5bqa#(}HFwLp8nd&L~@c6Rp^NnU==HhG&(b`d_fK1eYEkORFj{xEOp
zqFiS`W$yVUj*-CjbC3Pr91U>(=7jTWU~v7{w>>KC<-kjJkcmvk+H1INe(bb5+$Hpd
z5RY6PMck8sk6vX1M`z)(!11MLr&vJZkHM2I^`*^vAQuirDPo(dxkpSZuFJfyG@A)=
zn-yVy#IoXSffvl>UyFEl$XUOO>;>iEh}QdVR4O|HcT1lQz`|w-t@?I}<cQ`^)qHT4
zC#7$5tJg?KQ&adlw^>{GuPt@bg8LrI#&iBg+MPAQFP#JAN~XVYb5VnDLSZ^hMHHlR
z85W%0=ofC%^}Ly~xhu^8s#ZAp`0U6y^5po^Wt}p;R~GFeua_P<>kib4i)sw4D^pLK
z<9{F0U;b_v<xToz0`StVxdUEs_d-1p(lT}B>elDj*qy|LX}0GY29L}Yw^lFa(N*<o
z#@{Y2#{IMTipQ3oASU~g%w<2-yc=?$zUsU5vPXHg7aZMGQA)?Sgq-8LT0bTymxu*$
z+T!F=yCwH*2qWYp*PfVdY;}+)gZv&@pTa{$pq6S!p-K#s40w7iwx`b0<TZOmL(D#Y
zK?UWFJ4wAyOSS}OH+yf=u7m`ekTS$9knT@5NBkz6<llYD4ehvhu8o@h$^`t!%kn9=
zivrCKd|||Mh7F<+=Ez<1;K{m#Lhy)|Q()7#{so7zCM?*CEYRGHqP}g7qWcgGfH4nY
zjgr_q_~3uvEAq9<+*n1aL2jlhY)svt>(N`RKpN7mDTviCo0bR_O&pRA5D*FTKX{P;
zIqT0A^}f*bN0;U8wJOLDp-14;wF&+6UfTCs+B?xBc{j;S{3LUixk=IOjojrek&1gG
zmVdnT<8zYD8jI3?#V7Hhh)g7vYMJX>o~Un|zn9YHsND@a5`_SSv%HFC__63x7hoPt
zjg?!^vWPaFoBaniarP!=*;P5yxrFvBrN$5Qc1{wc+DmDsNX5lU2C|Pa>YU3Yy1OFF
z?IOvJLZi^xoBZhj&)C%NaTi<b!Q8=jqC7I&!Y!9B+W1|UU!Q6J!q3EW_uXtB3EU(;
zTmOB#tK4$AXA-h)oA|84$y>mGV0|(DtB|Yu{O(E2DWOM;nR+tM7;J3ssW>3(OHy)`
zdJeKnKkE?=ODmTaAUE3a-oOSxe}*K32fv3LqiUfM&C>GcmaVm<o`*~qsityKt&t}^
zL@cZ8EnUGK-bFAu6baOyvYL+IQ-rP@@+ib33me{3izYYfT=Nd<m@wUkSt17Y0!R~4
z2Kf8EAHqaMrCBxVYHYrjuDFq#g|!2cSDMuuY9PYh<Q4E^!t=;IiUYfzlVJCFw3G}M
z`V9j5J#qhtUK)wBf2R);!)&gt(11@)n1YF0b8|3~fbh6riiWvt-;~0k)em$d>3uEN
ziGjB$Li^qzTg~~cq4Z$fG2C-$Kug|I^Y_sSc68ex!{VRIQz_Eyqo20<7Cq6+=f@J$
z&}B!Z4Vf-sA295*Rjf)bG3=u3NrlnNdJ7?C?E;bICj_rVOI5Z-77TPJmzsACGwkhW
zFm6vI{HIyyLUP|Sg;K?$4k<y`E6SUR#z}X>*iwLKB|hM{5^aXXnxuIyJS#i0Iblr#
zzh6$H5I@8DXJ-~%eV5R$!iK{BA+eJ8xLS(%)>VCsE3lA=lV7;7UYMf12FusZzCGq4
zdV)e9P5j+;lVSKNf{%Rqr9<q*#CfXB4HDjR1YJvH%cL(2D-Cm*lPW{jDq1&AyHM=a
zZLiPv<mE_8L*P0AhYYq(ElQKIZcb)2O0|Qu?qoi^IrxWc9m<9AVot{9aZF0mT_K*O
znOi2Jsn?}teb0U?kl(IJ>369@?sMKZP2Kya<>x=fiZrpeUz$@Min;Y~3J*#dc)l4D
z|GvD)q4++TzBfm-Pg``mp+!S1;NO{Ye)HzB?B&}#HT(9ldb}=*)JUgM>NnD#AtCb0
z$E0ej<L%1Ec$oAHBS$K)#y6cICC&ZaA-1Qo@*#DCJ9(mu#}4bQ&ioXe=~UmD57T=3
zYy4+*1|2nBxk&1sLvy5&guAN+=FjrVv4!mW>4+z`*+&)vl&R;`8FhOh1+rCql-m}V
zOKX0e8MRp2$6eY*<J~ZI=s^*0<Zk1B$r~=iA<Jtn=-C@>-dln<gSDc6$2j?S1mgVO
zu`YB-xu)TlF41Eo9wCve(wbZ?(Knf2BafLMXMHv6YL`ynRj({aLT^qwhnN*6i`k;{
z{*l%SZnHd+#W0#Y+p`iPQoSYhJ05eefSUbgN-m!$5Hn`lmSxtg6YOq@VGKIg*c#1G
zWp6}nGd1sv)|&KEe~wNq&6FNJE&I!}5ZpTdwi5cqFi7H{kG~Kc`QEpsWh$w|QzF}^
zFKepWdftL~l^Ijhc#gZ>%(LY-t>V6##JaekKRCuPY0SHA`I+j+;xs9!o1_~$)_Tr&
z*X#P_M|H;1&HmRi{XqSV<0RA6*>SY?U~JA;uNTs?so-~w&sK<ZN3Qh@-yNAVy88e2
zQqWTIE9-LG<TT(hJUwXG$?DFlX9=F}iMs7-*h#mY5KA}3{l<!FNf%uI&A>A#uFFRM
zhmy7e*>Y94N!ZvnA*6MAfC5`D&Cq5$o!iBsYNh7=fU4CU<2~L6=`;5s*a0M4$zQjO
zomI4)e+!45DgW9`i4DR0LOewLvZT1kuwd8X+z!OAm)&fauFD~4L8>1Nzu2wQ54RJt
zB?`L`w`DYuCTJn5w;GCd)?zWaK;<1b{@Mm0>s<)k;p@SMTo>uP(H2XzMLtIHAv*_+
zIlofx=}Ci^q%F8V@LN5eFtYiviQOXyW63!1>hB2L@#+=A^>^zKGC%t4K>ZuN{sTEg
z5b_Fdf|+s(l#XDK96uo^Hd7%rfI|I$t$|{c%(##(R*)r|36LGYzA;{FAe>yj04(AP
zY_vImLdYmkVkfCHv5$8?)lH+l61!|1vL;A~J4VQy@|qVGbM?QJc$BbFj70t`zqAn|
zY;wD#vtz3v*;P4KS|LHm$y^kw%@x#-5z3!8kN3=ycWjn)Vxy#gGTtnFhB}B>f(O3@
ztiFd}1*85p9O<CWKm1V0_FEW|$oZ~%P|QJHEh=x!8W%Et$XAxmgv*xCBnmBS#5f7<
z%ea6ZIjg2z>`#V$KQeklO=w5LEbO82^Wn!v8mKRHk|cG?7zTARcI^i;Z}eI)-81W9
z-F|qE$T?qF&I&bero}5X!i6~g=DMNkZ)a)@SSa8n9*|S9m{0>2QiaWD1!g<tSqh6m
z!&38RpOF;RVttj|?yG}Afe1%N>sKT3{7SL?Z!(NEXuwzReB(Lcc3>aL^i}>}ewt0s
zZ?H{mrP!XQiIBgAc3O_GpDv|a%b)=`Yz$5E2|Cvh;69N$Mmv7xAux1ez?moZWkYR*
zQK218c?3mmgx<hDJ9&g+LMetR0I&;X31GM=gCM*B^cOTF{UFEZ6gLy5C#=^afL@37
z%~H*k;?D=$aBVBO6iz5j{4<*t1>k1a9~yX_!~No!AT{c+TY~!dV)|OELcEBX^~oHw
zk2arNM7rgdalOjXX>8cFl3*5cL<@G6kP7qoj6R4UEBJ^7pO_dUmtv^DW3PUboSR(~
z8)RxR(06W!H(gZE_`t+V$_rvwKRuBY!~gSh#TMn-7;q*;{2=blGrs6P;B=_KHM;=^
zlgoQ2B;d>VOojgrfv==@D8&y>m2BxD0A4_LjdPCSbm(Xh)LSc+anzQJeff?EMF0l$
z1}HH9&PLd&tyWoS#ZbxBZ_cLM1)S%3s5|;21SD0tj4`^r@Rkm2JEC^m6nT~=T>nfz
zRoDT!yF)=LM7#RUu#7(0$&!rk3XABX0_7)WGOrcc<LRy-W#_detdUqKDu4vW0Ph;s
ztZ3~J-@t?ok208@4SN;et3#ftly<mR*RePX=#uDK3uoy}^dX4^|3KfVp6)Dv{2*bG
zAG8<(xy7MLXIuB)hc{It{ReJZ`}x<;)(y0yEhVVj4sDVKYu|3Xv!BzL-XA=(Me0aC
z9<iK%Xmhc~ZpQz5oltszaytJ(d`E(#o;p@kE1nUuuhr9W)Ya+B^e6pOG5cSuo3zo<
z%$-kjc{a`6zn5jt8NqE(<K4Rg)6C9G+ui%E!$1RSyDOoFb^yr)GCRqicVl*Kck&iN
zX3dOC>51xjmwoX9T`Y#7IJmIjav8{9X&2%s-;bf+e!NMifK%EJ84W3^U>hBe2))b!
z=TU2pL;VZl7h^=w@k0pE6fo}>X!Io>=fXALoHWz2NO~QLu&lo~RXWI&$uxD7_`Y0C
zy2g0#s`2BOS*9&@-q2Oxh%fOzREl)F=jX;;uKWsNSgvDPW{zA8S-K3i6}vpe#aOI+
z_RpdzfL^|?yDL_cwN0fd)G?6{cC(I{X2ciu!zeP!!fJJ@KsYZ+B|jW;=W(5k$nn?F
z(^fctgjP{N+~Pi?tLrdugQqN+J&2$I90fSn$N1K>SAoWc32%ol_l9#1_KaTki2YY&
zyqQu4ygHN!0zG<Gmy#_3r9wtul|Ul*^FJ1-T!rf&9zeJ$aNyu=yX~eP_nNUShj9ZD
za=&1lnQqWl?Ev_7XM$eNEn1JGQ-i1S+BL%G%x}p7)Ss%$`2PZgN{q?V4;9~r+TTp_
z$`rRp9^aUxW0KP66H3q?eqvo)65srg34C)!M$0^=drt-<2{{(|Er%?e{GyVIOFS`G
z>j75w3sF2miTt3)5T~S@GwI%)L^D4G^KUQ_NBK#@$!mJ$O695PjBagB9Jj7Ek?Ly<
zC~Gxe#=^9tR!^0J6(EcA>0<Dn5|>J3dE1?qQLA{NKfM3C#2b~6H+y{2A(;0P*OoV%
zna5upx4v(w?l*-kSb1hTqp>uqhAd)p_YHI6T<R&x2Hrez*xmOs2WpsbUbW<Uv6E1#
ztu}EKQv!zqb0xDx)_6%YcHr`iMVpk>DyKorBEjtxJtILSLau>5$C+cJLX)l$CP(KP
z4o3F+pvFbh?2Imh;q1E^-QYkn>k2J`YOMAoR!MX+ysC^im{6w+b~k*A!%5SCB8Nd)
z4v`fOiOtip9S>JDnxVVxUe+4hml=TarLQngc$;%XUIQk&AXZ}UL&P(~&23SfU0Xt)
z0V7P>|F)>{>i#35pzB?vv?ptcsDhUyaR(005U-%sR}#3R)xU;s?$z0ZrwE@DhJ6HU
zaSZ7ZxD)+YHH7q;GNuXth*?8G_A&V~-)yO875_T}fs=V8HfNaLCrMnVMphR&%?Bl9
z)MH_-GX|MEiv?w24Y|b%WF@}-DiBA**+Kz%@qiEK<OyEHbz=J^+QX2cL4Cd_WoX`V
zQu3O9=DUrNuB=zj4epx8^vck~C&`xneG>&59NDtGD8`exb+fw*mZEBw{;(e_I|O+2
zq#N&E33-B@P+H-;a4zbitltzO@zj;zDdcn!#91D4Yg26szP8IpYw;LbyC0Yw`peVi
zO3=l4)oe*+&=qgYjkP;hd$ZPn@0SXjLW62fLUr>-S&U7zD8Y6Z4_Y>4!AQ}~91mJ&
zy7AG?l9VU0%^r~URetp{rBkaa83W?U16c6ztyL<i+-Nj<^)kW*3JDm)(GR3y!XZh_
z-spef*-;sZRzAFf#`ZkD95cN(gSF`_xj(cgk&*%qsN@tf%O(%@-UyO<tCnVT_MKF|
zA*uRDn@kWjBwn7TmAo_39k$yr=5$KX9o5w7kL{uv`?!-kmSmPH@f?np0Xw)3-zfjI
zHG*dvsK(=flQ1L};qlL>4-A^Kh?CHWQ!Q}P5EaaF2&eVLK5@N5*9g55f6eJQsKanx
zLxx{=6$Kc=t84BI{Xv-p>5?c`i2^&^BO}yH?4xVbEM8#IR;eeO@LXU2iN?D*23_2g
z#?YnY{G-)x5m$8VHPcnoX?<@5*H`v})At%VTTp*tl+^4#G)r+;W@YN-HsWL2=K2z%
z|D=}xOGdvl=ca`bFz5Q{l0Ie*s-RWIXz_$~&reN`ZcAaT<RO>sRFo4thr`iB0Kek_
zO>Osb!2mw&7*E2Kb6@$|MOgC2pRG02Lf%O(Sr(U@G_xQ%>t>Be^<Y0X)vk3O`SE0V
zxgAK@D$ijHtMppE3;pioyPqypuXbZY8#C%Sli9HBUp;j`O-wH6v6NvkgMDi8LHKVh
zR3y^+_}RG<B{x^E4HWe@0+Az+hiO9;djC?07;4Nej~PkaX%ued-|+GT6_9=QP6I^h
z<&5X`sVCXF*hqWORzTz?veHh;<a}@wh)K9vV*}H+q`~YAa%N2&6d7Z`D7X+MGfu?Z
zjU!A*2Nwgdjh3ZPn3<>>i+licaMn;(k(#*xI^vpoF0kmw=FwFh);)|QW*Uw;HhDG!
zfARsPZiIzYQI(LB#X4`zA%k*n&Hu;MSB0;N>LfA-@(^6qhlv%+5{Q%j{EpW^MGO~8
z=F>I%c|@6sfO(~w`za6ak&yUP`Ffc8#*}xA28lkOI-`YG0M#ld!c?cS!9OvTv-Edr
zqWvIN#{*Tz^oaIUJrI))YRie0%e|C5`$)LGb6P%f2`_Kte%~TF$lfk=oHd~(HGCCi
zzttvYW_HPs{6NU9-wkEoDrDQ13;qAlda430uYdV@N<K&u$bet8*J+eQa9eSW4XvjX
zn~~E~vevfOiSKTP3n&S<vMiDv0n)0sGzKc4>(ET)_Ek5sfBsGP7WrQqs+f>JCCZ3<
z-zUx-sCN}@Ic>=5c<1^^Q{0qNE^SwPN^e&s8Z1nyKPSGo6Mf50srX?$InnzL_Ub4c
zY4|x9@;r%>>i@EeP3!;SX^(}?F;~5)IsHo_{fMB_WC?Z=Q=NeZfHn?O&vqkhQ&gzA
z4yIGh35yt}L{9fKAO4ygztuE2)BDI&zJf1T`2a1nT%e>*U3fa+d^}>4jN*64oMbI^
zlPdiqqu#%OiR`f0@r2jQl#k@_+5=wYorZ?ei;IteRfTV}s#mca%v`Kd{QE#$D4UuY
zo04E2^P4rL73_OWHVrftf{t7~fq&Y#Nf7hd^~ll)q)E8#4q}3vRgrJ-8aDD9R((SF
z#ZFyyxSP<q2lC&DwbF13=Wp~@ho|n>X9^7|?A+VojlDC6-=;fyP#W>DhlMVGjZ_^E
zKuQ3GTw?lItf5}u?1YSBN8l%B&a-rguXV_bEC4UUJ14s60EZrY6F}bN51_@~aNPJX
z^6l^=k7E04^W`ASPx`L$^ATCf2+mI#Q`Z<{fT{4#mpN|<X|N*Dd|@X^^?mX&Yh67v
zQ>I26Xa;8g604yLadWpf91l~K>~~AASMtp3F;<e^ivc5JBK{#o5%eqjs)%>mbo&(Q
zZuZ-4uq?L4@++sl_B@e)_{@UEpCwsKJ8lC7*OTkuC8H&juG4<C2XP0i3LNu_!DNPm
zObR=qTXax^ydP@L>Wi8`Y~_w~zEI$`84ZW1ZBr)a4@Ukv)<(=H?jlP>U%K*px^4@K
zFu1yg*8>>)j8o=aXSpZItsVTTIthD^W9Y3*eJYE(fwGH<3tCCRpchJ8-(1Q{t~mdH
zQdA`-aFY2ON6e8R`c~<h*3#8~5v$U^P3FJ$gAP(n9v&Q??gt9m#yFJ>^Ul)}8N2m_
z2iV&O_9&r~UeUnfO(5FsdLyHzvMG65N=$Y?nnw*wWFL0_G(|@Sn!GxMBiK6Nql-+~
z#PNe|#|qH+<KO-p9*xESNB2IT+1H~|?MG|D9%TYGruM#Y*`}aeD&K|ltG&7@uvckY
zp=BCU+!Ialm-teI#uGIR237g4!-c1iZZFX(&UdnhsQhxzyeCWPIf7Fh@qrWYjB3OC
z9^N)2{69k;5PToF@~5_Sr{dEDaar8<a3Agi4y&WS$o7d8^vx0LcscB(_G<BybmUlH
zqsYTGza7g&y7FPs>T%LVeWytJXy9BB7FqjSkVymBT9GZdAHsD0=?4@1Dw&R=baW0%
z@D2Ph<sXN+&JCWdZ8hwig_(;pEE&{=Ow9Z+#lDE@=|OW6Wx=H+cxtAVdp=yvfX5(|
zVm}Lm(^ZZupp;v~R=lKLFYBQ(hI|u;`~C?C)7+l=8Yr#JAL}&Djs}vCVsiW7gqU^w
z%!0f5kMKdkSc%aLfukF-<dFMzH&8`H8O;ojA@O_GQ61Z<YmHG=>o^<+ld;89&baYD
zRH(o(Kp&ni`-uA8vn5j`n7P2Kg+=a}o>A3!VC<ho4zqExeR>_zE1U}<);b<d<Dr~H
zOXm2$sIascL{p&16lVnKzt+)tA(Hye!aYnlYKepa!`uuv(vYW<sc}hoqI~tu7fa=S
zE^T3-24P2sQA$&)y*>F6g`tS7=$vqV4qRR|d<PbHQjHBWf{nYsX6Ht}9Y0k2yCILr
z2zUY36gKo@)pGg#uvIIt?=!x?3W)23P2VSO21UqR_ruOIkTUU*3b<nuI<n!iA%N|8
zz;k+T3treRcMQR7BKiF=dSA`36-7pZV8U(&h78NPyvlSsCA3-9Ur%E|6+69Sob0v4
zkf#~B0S)LTwU8&h_7tKxSX0YAxg{aYb5@*L6rRDqDhRwvgC|3BCsn`84^&LI)$rvW
z_vQdee!sa|v@TKxY#;qZQa^w4!sxFTFgxgk8)n#`Dq>pNZcDv9Wf(tSx8hb@?`Gm=
zAQ1KVnXRA@DX{a18;5ct`08s>hM`D*&Vr)=482@D37&cGBclfweNJNs>EfLBuUAg~
zM5h(o(&~zpHef}T+a9}e2TF|`)GQwU(8drvC~4Rx%zW4nBa7Y(E1bt0>x_>3E^+x3
zIMD0IU*af(S5Rk+q7UCma7azS!f;nVh_|R#Ke({Sg3n9v(N{&pOJI%3OAzbcSHJ9g
zKG!h2zqWgBOE`>--$Q=y<*`~^dtgZ5*RRSS@m(NBeFXVx$b!~gi)q;QD=7c#7NH!%
zFJFPz8+jSg-`yuprO%lIXbaBtH1#_OiH?q0M)8J_L3%cP7qtdoGOP6^DE|qk;g_ub
z_YFtqOL||%iEGAY!y2_3WY3A61PDrRGUbf{{6a=;5=O|42m?aI5~es)MgVYPW*su-
zsCB3l2w|8QedZ82Js99F9`L8F#x}1~BpveN)CXDmk_hFpJ_pzzI2VU~`kqRfoMFQb
z9oYh5V=kyPHg$qgsi2?>8W!!>KV;~V$=F^Z-y=O7Cf@0JB?_Fby;Qfj9NTGW1P$D<
zRQ>s8vXBE{A57<5$5zyuiG=k9U+zSwKt{85{tcV+eBZKBl5~x34wQ8GxT|om6_M4k
z6x~0Qb88rLeLYaI6$$UZpxuYn#bd!W_iNCYe*}%8g>&yvLPYL)8kfrsDEte43{ZS0
z^Pn_Z?cnL}4uFLBz<-rpDZiN9VLl`klxv?b6s5Eq@3G|<HaNt1WAP0d=+QG)VYu6-
zdLC<;fAT;|eMxEfMt@g1(XJl$7>=RN>h-&#>o3Hcm1;*`sq6<~+*q`FN%v*+!->EB
zh_yiOx@5n7+AGv3UD|8UeoWfy7K_8?)iJ|ErS}QLgUxT@r7~GRRS|}a>L*@)Bb!^F
zxb=#c__~MR)r`6;egwM3BR|&{<Q1_;Xcv>1;@G7WXJ}O)=I!`PMfDqV7fBEq@|%WD
zMqkBBPN$GtPM}zbHg$#Vwq8!Oh3(TPZUULznqnALpFR)Ly}3iRM9$b!=Nu-(vFg(s
zNqa;Q_I-v@UDnWtD2ZD_2Q`RSzSrk*pGywmk+dWXu8?Vf*V_@aNSn@MnvV>m8vL%0
zmo=q7Fa@{>_vw=DjGq4@A&##>8ykQWfC2u)1E$I4!^6Vjsgj4l9RPqf@SMNm_u(@U
zmhmG)L!0nR^RCZX3>g0?nVQEV?z3VBECy=hDvQodpyHKPN1Jq|^k-m=LK$Pmeq`aR
zE#`U<zx56)_<5ABl~2YiJfQRaylU-_#S1ToWshZ<^{it%PWqTPn|fm3cmB42@XUHH
z06*#*T^9^;NanMLnyc%q#dPm2CAbaf0E+hX@^oy4<}z1AjJ8ryMIZU!iV^ft%JxpE
z6>M>!@O4Ji@)7oh@{Z3oSjcYXncwkm%r^WTbH;=3?~;U<zVJ>Ep?{CXO#K#tY0~bU
zFt9;p4lkc9(mzD47X8UzOBV9;biAHs`gj2|9h99-oZ0FBJz)UI5>nghDYW~GEsh2e
z8#Y8y=U65E%p-PSkE{uk&=ixf1T$An$&&()ri)tnS+hxQSKiu_AeBaK3Lbnlejv)a
z#CEB*xO{gJ)x-H>oAEPxWCHVY;~YGMsP{g70Okoc1i#RghOZ&3@cP!V2=%i0CV^;3
zl}>Vq9gQXj(>4wtkNACKSDk0mSMxDp4X0up<<=2nU49Wa_o~eIWq{IG;853zh~0)w
z4~xB$dqaOoj;8}_Yodw{8rT?6)+&j?)fqK1?KtP1P~}GRy?S%B;>fo+QeFOi!mesU
zbLI8i9D=MRO}VOq$$AsINh8_{f}^6DqYf8@ThfF(i_F@B+c;^h(OzZAT5=K^wpB=?
zhL6cdM)$m0OV5XyE$mtL$!zXPZKg#zAlk@uqHXQs%Fyhf+|MN3FVPT$<xjCoVpmWd
zvW*^PR;B$jL1-Ep?aOiCKidH<&7l%!EkqL}G#AG;wjlu8TjrnzNh(JD3jqgAy(9u`
zOZebd&K$a)i0j;E$epw$axj&o1+u=Gparj9I^1rj&Mo{w?EjnxF#gYZfR^OTc|aJK
zb*rwSL^^c21z8D8%*Cjb3F8?W(%|O|<n&-eUnnpzjS_*L7b6@1T+P%yFlTJECXN^1
zXPNAWd>7h@Il}f!pF9`#ky2l5o9bW&ni9|HkvV4k*To{q4k*p&qetb+M|=MD)f6P0
zA2~9HWDIaerLIQP8h``{8?{InF=C9t1Cq9BgPi=VnC;z}nv5qyzkZ;d56PlOzoqBc
zNV^}aJNt<V4zN{+Zvb}-zl4T{{sVvdD7abspoY2oF!j&r*mp|~qTT5uNaIN%wye?c
z?K4wPgLI%Ed0KW-WXla64Ji3p6b~uc&XnbOnV{@C%qrS+hG>t=#)!b<o}D?i^O+@J
z>{Ncw$Wzat1zY!DKYYN8Xq<c!Qw_!<d7l0%TX{zatNba7QtdS>OZ>K9IZM21&r}s~
zV<#F2B*>WV6SB{ZnW9n$4rpb3*;soC8JEHks#>*6Q1h*8rHQOk#tyW8G-Gyf#$&uz
zA|B+uS*{2v2$~xahncf8#}7JXq%vz3Ii||(dI)+88Si4o(eSy4D1F<ON*i#)=Z5!q
zT2wjS%KW~pXg>XT@^2;ca4@Y?5${_QyDuW*pE$?jQ~^mdr|v0}CA`?-40~<9JBK5!
z4GM8#>3)}l$@IxzlXZ^zjJzKcPTXa+sj^QT?!`T{_?=SQh<3IalfnV`>FX5TNK@wv
zZDy4}(omp$Y99k9ac58t8jdLL132cM0_=A_^88p%7_hzR7(kQVo4TJYUj0<}(V#u;
zFJVddzh3lCXbEPq8`bm{(oMbwHg$IjS-p|TrM1YOasT<eNRe*+@r+~MdUI-EU!gOW
z-OXRpN=S29+)4;HgtggQ?|c6KhBf8FH<+C8uWju^&MTHZ`NJ(&3EOh9_`Ecad&2#Z
zzSJ<%b4YF<OXV$Ngs#Y&HAYja*aELM-uFMrW{uXA8nygZ8{aa;Y(V12JLnn0W)XS=
zUw()96|(l9wBvroowKqui%eupoEoxW#9X#Av2EE=GGjvK+CWx)8F(HM8?De6_+|*H
zqk0z8Os9u23^)e|rdhzH<iHh)4dBVTL;-Bk+%X{=tW%ZRGy1$yJ!{*=rCVTK0t3|>
zW$1<=Ux9(O8i5Q2nW*5?=(IQ(Up`7#Yz$_W2*gCU>6zGDjo6oLA+E!mkzD<PZ%&7a
zg(~bxHh?G$g5tD1bxfuwWeM08r2};0go*p%5X={h_|wSYBxWF~poW?mf1n@zeUX%&
zc#C7lIy8<#AzcF!nOO{$jCiN??<alBWZBZf8ik2CAHC^hq5wC)iublDb@>;kSURDX
zA0sJ}H}foR@na=B+gLajoOES-xSea>a(@iFV~;x-p{(Pe{+ePq1+e2jq@rUd&5<)p
zk`oQcM~79Bzl2|I-G!ljYoy+Dd0Xn+^jZ1k+s2HcP}RTb1Md2ii^cI+c8Bol(XT@;
zgI|UbmEBZWIcQJs>}&{o9>k#}NaL(h7sVHbLV<&`BVhj%^jNSxe|hpXbs%Ld)?Ja4
zU5S>Ldq5K;T{^mcoK!N0yEk(x$9GaRQ*|2Ih5jjK02j7k*-WD`;KsY(_@_9<ad;*&
z#Sv3~AY_8h_*AVJpKX+g<?KrFN)Bg`gMAJOtl<h*2VNR0J4PG{y@-Fdu66A){MIrn
zl1$hj+oT$et(xpHKA^}{bRFx!cx13fzg#wgo-(4bWvy#Av+F;%;=gI1Uo1m`*?uEZ
zI@Mdg__|K)9nmCyUK9rk+ZV2zUhPtwXaJE>jWXwvz|qqN$64vOMMa^%*&JD4bEtTN
ztmIm4`aR*2xZLJrOZif#KiMvTtmOka^Wh0RKxTCc+?x15WY;Oi5!4d&|A}1=I_k@u
zQU2k>SsLoCWw{d1Ynj;pAXkS`Y0OUVpEUlH8q7Z_i`I(r+X7&U*1q^veV7arx?--F
z^?<~;9F_M;|HjXey+~JiI~54^h6?IO6c1Ua-75IVe;vhbvV<9X9~w`XL|ldWZEi(!
zH_KQA!%O&NYD9F(e2t~4dzI09QOSE*lo=-1OfsxE1<&HV8GECy37+%eCT{{oS}uw1
z!W}z3<<RhNWz?V5K;1|`UrfwdSJ|5@jf}lST&0bRrl7sjym8E@9U6Zbnopm5(CCK8
zsJfG{1CxCH&M>;TI7MW*@;MZK5NS}q6}rv&<{Eqcn(~}f{2E3K`-m6@`@B^&zY(~+
zNgPG}NXM!TQ+SHUZ1(zk4sYkGkKf(Pdk=`(W45u;GB0P7``=UsEA23rPZZ{r8RnTL
zWZBpGN?8|8h&uPLa-o(UYW~cea%Am?MFV}`rmc2hTIu&;A~CL_=bo_GJ+Uy%w-f4I
zBPY3=$wHn;%V8@_L9H2O-y9V_vuK%{+}u_x{jE>-F^Rj5OjDVC+i9@NGAJLC#HI_0
z@AvAXdjQ_?6y9Tx3eGa#5gfa3t$)o<`rLRL+Xf7b+*%7?B~-)I@?2MybA-xbSqr?&
z#0&8ryB1aX`(sbrCBH4VI~z4!W=*MnuonNZYm#vrC2V!Zm~Sh5K;`I@oFDgw)rD$x
zU)S2R_Hx#hkZQ{rQcFJEH#49<i)#?crWc&hDX5~RYHT~RAq0EN*ac5?JHb%l%!ka~
z8_Bsv@9zHxCzcwP)Q->D${NPz0jB6R#2x=s*X~B`GciusiOb<}PxI5BKG!*z_YnRe
zK-oPiX?$c_-%ldbhpOLqHBSVNvh(vBTiRVVn}<6h_aUmsgs|-;XY%)dW??Z|bd(3~
z7yd<;^vYz2EeBp^C~E^?*kD!IU^j8<eL0ly`Mo<p6!Sn)uwzEBo*51BGcab&>pq+x
zLbPB47+^lRWr4zAYvi6ge{qSS!EB)VQV6h65d(W6QQqkx4xsw-0DX5E@NHXK;C$HG
z?>LI;eg0q@*kB~H>V33e$yfyEk%;k-fqO&!Gl{{3I_i>tH5u0rHEOC6bK-pG(XA!;
z65i}b(UE&@r&FJWLs4?rQCs4lgVP6Xfq@T<pP_r0xtEDUcnTm`1c^Q?v+nXB`!R%Z
zc4zYleN&!pXyKAUL5L=szI<!>kYKtE*XpN|>R@i;obu+a_?8~$tUun&b~(fafI9ZP
z6&@||6;!S@x$O=ryBu2sWqF$qJ<JxuaUBppye^d#b+@TLUH!^9G=}6(US(p<!xfL|
znbDl?{0L>W;_qt1?TQwGUo8spb<@z*qmin`Ek9N=Ufs6~F96CdH%;>sP4nDU^XN^=
z0M*h=X{-Fd=wF48d~yV*z{;PEYqa&!R*p@FV=-DkgR|8ma+eFqC#N?yf{^!#XJrrN
ze^wrIuChO5>Go(U^S(R{dp2~IpmTq+^7}6;8ukL0&WI7@8ckK4-E8D+VETd<#<y<s
zpO)B5z#YSFmH*v+j5g83)Ijw&5cK5nE7v$O;kgJCeYdBzqw4%DHq$056&j9}lHNQ0
zx$!{$z&7Iv_rRv$Z>6Fbd~CD6Fv$C2`+hx@x@BKq{y>IK^&;c+Vxn?KPMMs%_otsn
zYZ&qQr%rkkQiXS4OtIPWRE?LOKX((NHg{#XA$h3m-wAXG2{gTBNW&4je_mxlf|$Ss
z{A5|_aZ84~#qsJ(^Sc-6*^T}8q}=vltXy}#o+6XxsVvzQk0rTn{2Ud-m({(jQI&80
zk5o@rL7yH;;vZR7*6zFaC`*u~`}eOnj>;f9mruHnO8jF%Cs<XN0kiH;KXzd_1&~Kr
zTS>sh7gW3}{rj^Mnw5Q4Vd1P-2E+ATtTy1(X!Tw(^TY52w5S&RDHvY9j(Y!O`eBIS
z%N=<J3f5Z$4OM-?!HPeQL7AC%l(esD|6R-`9DfMFd8ob4J2Bi80!0w9vJ)vN-7`(U
z_EJ*!pMWk$YfeDp|3KOxMYdxQL`J5a5a_lFWD^ui*7hkl$NuqD@?rTA&>##V>RZxV
z%RK{S?o96Lfrxf8KgB_;A6E)2|E-rI3{v?oYH_gb^Xm7fp9Rm-wi*A49L`G8mwkxj
zfeyv7^TG;^)6RMldvPlrel1PNN7lt^@=SS*jg0JT=HY4rnEOP*8s=fL==_AacTfjS
zsR<UsAlW+7<GGz{_{DnX%?3kb^`&92<yEEOi8JF%<!g$S79t?Rx(@L%E@~Nl`cLAm
zZk9Bcrb74<hftJ!)D`5!eTXUQzzByFHH>HnhEddEM$ye$@>x9%=V7&M?!S=|_7_eX
z5qY>Vffu1Jtc}^1=C|;{*c4$PG;fjOTSvY$q!$*JQ6MeJA7%#oAA!U~K-<EEBlW8f
zX7nw%7^!Jl(IB)`LtXEIoKNv}p5XbMW3`DTpXuh9qrl?2qmJ&G03<4UW3|+wTZ=>u
z8d(<{!BTaV7rWj?_XXIr4v%Jn4-c<nJe*G>{e6VL7zwjMGj2%HtK(D?nk=y;3{1q*
zCJ!qP2<g8PSCxSAtgS6z>wh|GN*+S1<HW1|a?a<rvk{V7AhZOuN)s^?c*y54-jj1W
z;idoXz)_ZtzDa1ch(UKqTAJT?b!y2la8c}MO7@5rg_Ue1lzxh8b!k$`EnA8w_8%P+
z&YVDWJ3s!F=)MiVjck#M5q(&2-YBy82}OcVq3!-%uF{2>hLv((A-5>|J@o~5o~ma5
zC}3E*m4hMO-Ypit>wRnH?2)=ps+Hq~BC!C|dc6S}UM_@cTf_TvDMZ=vLCySsn0m+P
zN}4b1`^3h?wry*YOl;e>GjTGpZBI0@ZQHhOJ9*Cif8S@V=gZY~s;j%#=?}H4cm4LY
zy(1b$x0LlZ?MySus;}B9;nAoKp3asgC}jU|pt5*3V}{BZhVwzVs}#DCcW`98+hlXh
zGCI;)<g+CQt}nztGb3*gTYt5%dj0#G@mv-{!>s$&X4)X_O|8l<pIngEfbn*@yZW9S
z?9;`hXNuk$(PZ9H{j^ofzYmo|!<b)P{_j{ljL7FK5jEeAEhyAj`J~jB3B@HU4|gyT
zVcRy~Eqd>BA$l)xRP0toy4`m7*;6_};mC9Cr#<{Wp@q7H)M_<VZVOUE-r3amUt+$|
zCF)pXdU}(?Tc0*oDIf3Vn6#&YWp9sudTlu|O8%P&)vatq_I%FWWkE-y3Q@v*a_(g?
z)wS)l)CE?(qj3L~g{}a8`uVnAoz_07R*d;7F%2UE(~i47#P1ih(;GOBkn(BQYuC#}
zHK~`v!NS4J$A=HoXwSFo4;PyVnO27F8;8(xpY$QUY6x??aCO>)fyI<0=C(D^Ln|^c
zdX_`|$83f_%`fYaZjm7Np0iRRn3d(-gRj3MIi>2VZLb+~BGqY62Ns)Nadjt$GZBp)
z8o%_eP&nNdd;Xq`y@O!mMo`G&_+tK)D#1mtFpfdBTC*Jcs@p+GDk9Ys@Jo!hanUP?
zw-MIcjJ_DV&%kAF4b+c`=l#c%#lL|X34fK>;OstA*D#8|F=p%ng>-j9@L|Mxx0Ct8
z%pmwQ@q_)=d9Sx5mF4%%XsOFr2~@gE*mQZW3sySjP$EpgY(y}=))yspBcvsLV`cNl
zXib8W(w}ZG9f0>kK_UuH`*7#4dSg`7UEVr$sZt3?5A;jFPXqxIS(<6ff4<Ee`W&Bl
zGBxet8iy1_@X$@q`P0?`0T^)T!1ABt<whWfQp^YEY?aUVI)hA=UR7NCWuqOOC+@D>
zxv1pSRWe*`xoXXG3QI7Eey@<(c~!g|?%h)4cz{g@3!X=NG+e+vgDKdKc<5IqNDV;m
z&}ir!ss}`T40ZD3<0h-Xes>1X-xv*EzcSe?uuX4`=;fyf5413Ofq}Mv;7?>Z_!!B|
zLf2bg0x_^11tcRSg0K8msiCT;Y0<t-J@J<;&7hkB_mO*R%_!GU!<bCcbS06XqYOi5
z_T;0#B^URo#m4lyqvfarlgr7&tsSAdVHL2H<w14xROP*+Wq)m;#?GATGN`m;>O!(A
z2*wf=mXZ?Lg;xPdzntnEk~$;nu;i9NO&1lP2q>+C>;6)`$0auYTuqD(t3ai+J~qq!
zp_6b4EvU)dQu!K;4=k4<<PK<o^KZt=g8|$@`~N{&wB+yubf5w3;BWW<u={ZSB}ghg
zf`Arkz!hr`2S5h{07XzH#Q@&Z6#C?U6syvM1z7lTWa{TvaYeNa0^kj@T;9gYV*qgQ
zQ7BK6@+1xe=3Ux!uPPNrM1f$KQi4uD!JJysqB9X~a2>o{6P#%^&ks!s%JsmyajN&g
zMALjaR8w(o><Y+rDLdA_gdfSQ^qVZ!)6S0q+Npt~hK5>?>gYmlwl&h3zJKQ~;3&P|
zP=~kc(+}GtPAxyB0CdLmc#u7GAPVV|bk$Ho)P`oQHZf~`G5`&5p(j>!CM*Ca6Vz^d
zObw-ouC06s&sZ<_fr0g<L4}h8DEEpy?~3}iK<$<)uHO=4#r7eM+rLNNcHiN^dh8c2
ze|s+QP=2-EZP1psyZNQ<rRAmdrTHVdrk@J3jNCOWn>IfgRI%$@{CpK<v$-A<J5PFx
z#(ru;WKx7xR?21QA&QM~`Tz6Bxg&gVAZ+CJ?3EpJ%!INwS7j3O%)1`-I5zJ4?Rtsl
z^l`<<rw7U~8>eeT#E&U#az}`Ef5Xk2inlEqn>)DAw5uIh<|f2#qSakFo%S97=8`JS
ztC?HngrI&lPage6SSo+~)%L!BHvda)IO}U@5r4VFTDmDbjo^q@v#HR1i+8<H0RQJ}
z6}?G!u2oAt#JQSkJ*@_3bw>Xm*9xM#OSnYzu<?nqMW4&wC*{vJ&6b8vL=GBx?1Mhv
zvK(AE?8}lf1KEoubdz5zD<42(h9keeO6YfvAk(MN`o9DsBr9kAT>+#jN07lYi=jbH
zRm41ND5J@XhoKvgWto^*mHggE6xbE~K@)s!S^P$2!WyVgXa`G#?KN>PC-Mx8WO7<^
z5|I<;5?Zl}c$TDPb;+T-i0TAO)n)n~8m(ocV<Pyv=;}E1ybpOUx8sPCck&tX?bNWU
zmuzKYNG|yXo6Ul4S~XSoEPX1}_9De+F$ZZ8WkyOhQ}vY|y*#ba9=&aX>uH!3!1{U}
z2AdxoM-b;IYh0=|3@M9$5+i5>T~LYhnf`z<bQJ-tVEiE~&OYq`9rt4d3eg}bpm|w<
zwCSaESwIh4Z(imoKo`KIs2e6m>#$J&>qOm9weis?m``ec(9jFaq2}@~EFB%}u#VMH
zA;wchRyImY#<7u_A=x&sbX%VFDsQ8LB?j<{o+tUKSP^=QjGEntifUB!Qe4TbZ7D0*
z2FLd(L;BupcRNNjL!NXY3%*$43pPQ7fSPA;a>`0c{TJwbQBFwfz3lJ@mqN+3f<_e9
zyw^ckjj0F`$-PSI*RVl54Z31)Oqohet;wrRA`1HOsTOj+=%8dp^^IwJaYEZ5-iBOf
z7Xup6`cvR|?jW&#d@BFI{EcZW!C2=-Hf=4A-R@NKKPtu1D$!p#Qi#$jCjv>j=IKfQ
zu#DCEZSgR`HF$oW{t#h@C46!V=$qYcmoYs271Wn`6@uo8uuDZpK&EukB08v#ekrAL
zQF&4$8XVJS8!3CH49~n?YQcp8#l@tT?@%DN8=}Xcpy3rgj;8mWpwO~58P~@j$OS78
z9)ZSFCBsZPQ^oSjD6fAEtxeZmZjy}|)+=4r?>w>*^b9Q6oE<jw$z*Z64}ZzOMeC<N
z*q#c+Jq~i)p4Fl`4z^(|LUhfsg=!QiM2RKr*Q$uh%*>Ic-cS4cg-QdX`xA+Z){(<G
zd%^&>OZLmMAD0v&l_G)2ADxJ7;QDH{h0LJ(@U~VA03?yoxydmo4k7Co6L%#nX1uCp
z8QzX|UTXGZ`XH|ICbA|`R)!?Z5JLg|q{ai2NyR6sh!G=hO}4SAybB+>B^*;;#if8m
zAOAXZs`I{4p1*Y1ru^KR>PZNqnu2mmaHh3XxC5ha1r?BEA<lKZRJ0*=Tyh+srrh*l
zHguGcn0>j)D?Hx=e<CdRDJ$ldX&@e`EPzQCY1rb104iz?c@TI7NI)=zkf|E<&My#X
z4Va?2Ei?am02K*93EO}dKmqM93aJ6^9}l_%2}TCki2`s91Moo{BmmxnX95dgLS@LQ
znd1O^5Ta9<dJ;*?CM2892MRs5aw}xpa(nBcvTn=A&9KYTMR(H0?S?nILjT?=Y70ZX
zMkToWs*OA@t+e5a>RKko<X>>k(Thw1h4qZgz77wxP`6+;FC-5X+cZYerFstAbs3}L
zc)LjBXLyFaNAr77)+L!M-q*i@LcB%i%hXxbl%Ifi8xMCI=tHX$O-MFDQD7TrZYWk@
z+b*zSv0fd8EGSgKC~W^&NwSnCwYzT0RvxQxqAez#Z}8-}8{|7LGtnj32^3O2x_>pa
zIgB%j^P|CeeJ_U$>-39eKPaw`uvpT&IfqRw{oeEX&Skp0rPtGap`>`N-!5~EjovQr
z*qA@(W<A}&VAZYAzUF2jU`0|}W%B8x6<V&siGwxyxnZZ1P^evO-h33trXDiY&Kiqz
z)kx1KR8Y^aDeL2QrY(frWA`=jwt9olw2)Fd3|%V^Sz%K7>k(S<wgdN_%p{qIOfBMk
zHI(e*ny5}!h!#h*`36TQbnROr2PxPxl!afPIU73R8ZI?HLK+Zc$Qx9BZ6vf!++&)a
zeC0wQKR+MLoQMUX%<6_Tx2B`%4x>X-?y4=Q{g|b8ZQ6&@&3Q2+5`5kkGttS*-?8)Q
z-t&n~gWDaGk{N#*1^uP>DUENX@2vh$ih;sk|DOQuu;@3dfP%j^vXSy+Z(=7c9X(-t
zT8=PjdkXfSxFTfN6~)%K>AG&@mDMm+zwv^hLG&PkIAknddJ<9lgY_kBk-|H`15QDA
z=vbFI0Xy=&I)c4`dO(dlIFqvv76|mw8wjKYg1;@Ofgo#gIjBLT0gb)6KPW(h7LZX(
zW5ekjNM>zo7~m!X$p!6Cv)Vzwxy_+uKjGGRMPv^H^s}(-oyf9_GL2Ss<^dnaDL-=2
zv|{tZ5GwE(h2W@^x;U>YnC+75>LF?II~G3~f$Q+uOslWn7qQWN%Qdyt_AvhN>im*E
zK#Kg!tfytUXwzMaoxv}6?$J9=igW>+%n=eiT-ZqT*ddWCrzxyvV@{FyYthcYrY^j!
z>W59gXqsHfld0H`HbW9-22S)@)m%c5SDhB)J=%)8S@)n8MG|@fnu~a>38{1;P`yc;
z*LlpJC=1JBt3^x8VY1jKspteV#zNg(YG(aVa?<JH`^0jyVw9Ka9l68-T{UT-cB~wx
zC0#byWT^;e43bu^KMs!xH*bz%MSDfu!NxN*tf(!p&Hnx>={bL!SXkuMywZd*VHsP4
zz)-R$y64{VFMFcoX$<wuTN_|hbdmKhk8hKpKKU~F+YL4*`?qaR3adI&MP1+9Ar9sU
zvKX_JB>B&`xltqaOrtu@{A1O}OyCLZr~*^S1U3r8PhYAyai(>|Im3hJ4ATaiKP*M3
zC_XQ{aDqXFt&>dc7J`ebX-|0yO3Y%HKNEdwp?)P2u+6D22d?#<;8|(Z92$VS6<PR#
z;abfGIg5Kyi5u5F8Ctgabk$Oqhn<=H!q~iFgCpb@V9nj~>SH5#Q-q~)_20AQtsNgw
zHPHTBY@~_Z?j2~G64AnYJG&rECi$6f(i0|VI)D_>3qCL-D-o&{7jMufffN}NkJA&D
zJGEZqVnZ0{a)bTZNR1D&F{^cTbE7}p+Xasg<$@tvHM50|=u54lC^ayRP{|}hbIz@4
zXcl5nz*ZFvAxvH+^iOnX50GSgWO9>Xbtt*RJ^_!ERB@b?Kf1#d6q=MGx7g=Ysw17d
ztJ+jxLqM4sTxUw9Ju%vqbWs^VVv;7RcL*z=tSE&dCMC~L!71L$hdi`z>QX~TrVr?$
zGpqsDS6m)(>(RkrT7FDp1l(gLI8;y+0-4ZKtwW+ONkp|}M74eG%zLF}Ew%;@&9oHR
zIb%=|);sbP%+a^m4C#IqRM5|g_=EdjXMrw5f||qiWY4Z5xzj(7;poE-iAD^X3s_Tp
ze*cb`tPe?;G^vy)3m*@QpsIRrT2%B6`rZ>u=-YADoB&g9ryL*+%ZfkOlPvSVeHQUK
ziLtM$wo(0pmG8n=2UkX2)WRL!w46lYx<AlffmfW3En9g)tH<tgU3PO$>D+gXC@Nd7
z4OTvs#PxIS<AAklUX>JJVH0m3n?`fICu^5d_CzPil|JmwHNimO7KkDE*5uyu<IwEJ
zO?1*ixUcoZCOF=_DPOJuEQ|wyMorwF|3s--LUou(T$K=zvmk#eQ4B<QLe2`~VBHQ2
z<7g@>(38e@6jkI5?KsL7UE0TsXfD|oT%21Xd-Y<5uE)eWv^2hWW^1EUXu^h;54P;V
ziIt!k1hY3V1~9&&fJ-+?f4<{hY{Q)Ue3PB~j23mYHJbvDQ}$C8&$ePuwbleUnRApn
z#Du>`I%U=5YJip`%2$nYuj+`KP>d1kj7~pd!!A;4ihN|wuvX>-aC5Y`+PPazKy1xy
z#=u^U2L<OU5vKlxF7C-N5FMmamPs<-u;q+&=B|w7XHv@CfmwWMXMQJta2^u3#eE;i
z-fwr{A9tr8i1a9fC(O0Az|?2NIHS59G>*%@5LYX=!Vr+k>@5^bHcewiuA4us;8WPf
zn%hTxs5)bs1&@0lIa%DCXrP#+IS(?809UGTEEi+@R(5?ad~U5Ufp=V)nQ;OWWD@)<
zHt$h}X<N({&3Ch{6^bjh>2PRYto^32^C-~4*SZ{qH~a3~u)`j$8JWmurkHtE2ZuKP
zZ4<u}0j~1(ovd#=TiC(=eZc%+!&;zk{>PniDzy!Jh=RtBz6flfmLuBIvkN=tZf&Tp
z|65sTeJcz?XqsrrdZumqER697k|#Bq-n{2-Z82VOOn=2?akpXGqAeS-)ATP9l4)^g
z(JjYj$~iKg&&YNGp3b$+QWqG@8byn?z+GQ#UFN^tuw0o1j!kS65L2MVoy6v$d(h^&
z`b-BG?<siZ>zkre@FMfd8xQ%X@*8@&z0BTGiaKqXyJpxvOexn8L9VmVxN`##eODBn
z#D>xW#6hmS_7WPxXyO_Xg(zk%HTUH_ats$i9SIoDuN?{D(UN+SsX4H4ifg-H(Xw|^
zU$AVk!S)D1VT1t+C1l2M-}`@305)m7tNNdG1sv7hh@(#!@0!!34fnaLF~tT~|JzZa
z<4Ysw1>aWj?oJTq5Cs5t7laJwO=UptT&?3~S&Eyn4FmxZ(EjckHQwj|DY)LdyZ^Qp
z{(|Pg!lgVz`giYSsT=r11JF<bT6fX_z`#LjGZvA$8o&eGKNw=15g>%(?IjPn0^vX0
zX3Juu*z~OVPkWszE~u?h6b0pM2}N?GD?s4G7c=*vN9cKvE=9uW+7Q{J+uX!4;HrhS
z3Cp*jCuBn`po!)!*ZNf#BK4*nws=%m58Q~41};H?Y!KI0dW`eTXO=m%bpLf9E_}%j
zXpaBO!#p&Qwa9zACtXTiz@lqbm87qL)g(67*%#l_E%J}*29*6EQsa_}T)J(-w(v8p
z3s1Hw2n^tSPBS4HY^tz6>)d#cLStehh{QvaWT^UAg9`@Bx9)Z@-5)4aU5>dfd?|tV
zPkCJ5r;;G&+|Sl&&|o^y;VR*E^Pe5%Gb-FWS>-i(&Ee%l>8-E?E+P*|FReFak2-lb
zB`^%iD_+p~HGR|~u>BcMXiXk8N+&C-Hy$_x?XZkaf3jTA3E){B(FrmS>kjg=wV%NR
z;QF<OAz(wJ+|z;k>@dNpUo3?;9;h*Wf4E74V|0VJbHQ(``kE+zP94{wU0CkXZ!nFU
zwuYx%Z#;WobeCQVD~ZjtaIzi9dCRn9`Srz(=i)f)6q~O*1BZHN;1}Lw44FZ3r;j@o
zw#WB7OfsbohCE$YHNQN&OVDFlv}fKFKV1to_{HL`cSrwzf3B6t%<rFha*UfYw0Png
zN!Ljc3yk)LEYFOe7J_vydHvW5nKp%~JQZdbk72e?8Na&)2(R)E!&6(&#uZfb7YOa^
zq!^J;UOwXqI=_Er<+gt2T$$T-SKqNVZ=1iQuV0INOk6%U`5rxa;R8o(PET+6`YHBp
z_;#!GQNR0OuueniDMXEl_VRrvfoOpe{RB*yA9)}HieZjkWgu@rdqhEM{L_!sr)m99
z|9IpK0lYw%Bms0rN3T)<Z;G^IXDkC)Kyd`XEa#aF(94%Q1&{?{5(AJi-*?af_Q2oy
z13>h0lmUe29H6PWeqnCz!P$#s+JsF`H#Gb@$cV#d6`rr|G#)ht8BOW<t4DTV$yp#U
zspMY}$roF_QSX0QaGtH*Yfg#xpx}#VJZMx_CSq8>-0z0IJ-1%;hj72^fA0empnQ>{
zzljcwV$N!P^|pgOD`u%}N5ChSvAH$kl9!AwAJt<F>6d;99vrPL8$GrekTz<}H;Hh>
z+<JpeRr6Im3n~d39tu{c>noNhSGt4h{>xQp*!mv%n9b?dO&7fD2;@H>w7oTZoJNHO
z$(*9hzcy^i{p6Vx)DijYN8tHp`f4&uMg6Y1w$1jV!aCaUeOh13#5(GqfWME=nfR48
ztJU3io{Xox3bFq&;*c7BU&=qiwEdB{%e38z!8w7{JxE7N>E4alYHFVKzU^d@b^cUO
zxHvVya&2gq{wy}$ak<N6>7^Up=iSSoz~!7aj>d5*N0o$#rKHhDA#SLe$sbI?@!Fs1
znfb9M>zt|69N@DODhBD{ClcrljdLKfy%=hwKWZMRV^IFCkh)5<5nbcTHy>BIzR2CA
zr}?W1Ue+;;(W>~RS`AfMM_hFlDeB@z9{%#C)*`f|LFwOFv0`KXUpRD1D<sFpy@6<k
zpi=gCg!DD-XyY@+bd8;x!F~FhR)H4HqybwD@*mR9Y-4iHb*NPD(5A;+tJq1w`4{?f
zZUm->if-A7x?-9HNvm9|2uYiC5+=`FtMp0uVynh-Zu)i2Vd_lEwf!)IGMS`l5pdYR
zu%QxoPxFKd9i%@axUwTP7$091KmZePpI-VK4=@j|%@Pd40crpY!i<brPC)iB5!+j%
zfx$xw<)-pjyI8<$`N46}P?)%yMZ4vNQra$PrVQZN%8>hTmZgwOmYQ*t3MPx&nP^Hy
zP8A$#I+GHrHQhGtb8orv4XnqsAKooH26eagHV6y}F%XJ+fW0@WZ1pT1Ap90y5==EW
zrGH~HNGGweA-N*O&g^jws)c#pE;`??-d$N3jgFBGUv7xCk;egzQ7c)fJ`a6Su5`5N
zQ+Cyl5N-QcTiHnzo;3aFfn2oFgZ7A;K#%0J9&GvM1*Y@0<~twnE%IiD<tswb-R~n}
zrjLL|RWU{dUyQaiqxiC=TF9hQR5Pj?-RB@>SR<Bi_d6Fe5-ntn6<r?el>Gt%Ce5DJ
zyOE^>X_m^HvIhco`58FR<={gH+n3-ft+cR+8=ljW1Vdm4ZzT!q;|D`j5e56w1Wz+q
zqd_XbcCy2|ifF96#|sO36+_MvwN-Z-P(jXKi{5qKh-qR{;Vn#?!j3mkqUo*JO6<-{
z;RU}kMxyb^z4F{tbEF6Ee|P^xRO)&_tGc#e$(|29T8EzJ?quGk0H^v;E^tuAHiMHP
zZ|VUkYwv{Ulva<Uecco1JKQpez&3+BqM7N!g5&f0$4s-~7qL{N{6aW3`yHZNm$`fD
zHo6NhuNS>4J4?aJCp!VV7_|Q|U^MeqTI@>er)WK#NTbcTCR<j~b>g5js6GE?Dvi2*
z$yvX~<TZ2J0<E<@(~zUDwXjxOe&9PhrP}7#n_r$JKi>u%rcT{Ap&B7t3D>O9AW&%O
zlb_VNM6o6L4(EAYcnC4f3aK)Qt|+!ODk*Y(K<7!BxTS_>lTW=eAoNot)ZpHuQ{-mT
z12t6W`9$5<;s6<*Q|2gK{8CNy?ocBo)kP(yNZqhxycP{-s$^0$naq-Pe%JHbGPFDu
z*aQo%c~{~zV%k0s9$9AY;Da!A=T1j3{oI&nUWs;OT{TjV56-(lr}PS`>!Z5gaeJHm
zwQ3wb(!rfhiIMe<YbuaMM>yt|Uja=?8&p@VsP-oj{nsj6(yKFzV3JQ%T{E{Pc2c95
zCNd>$EO39Iyl<2y|AIbgamPee@rkV&taN8`)avgA-x!WlohQ|}kfyTS(#Yl(HqNKU
zBZ?6VI-{Y#0=y>{7&us7C;+Qp&EW{5N60Yz*a5PoOCRI`4FF>UX(R{`z%U~cV*)}F
z4=4cRRd`Vp03-}6GAVW*C%_ZVpW6nK1Qehgj2(ss2@UAs0@)et7~1fGCDI0Tn9%D0
zdhkJ*QW|UE0D<7$&SYS8AVT&adGt60NC3y#8%4+$XaF{79<bN|E`UhmMyH&`pAay1
zl9(h=D{CYv1!hz5ASso7QV1oh6k+&2n?OcRUl3mLw#bsv^LNpdEg&{;+yb;(`m2q&
zEeA@yPBOMmeCBbZZcd;e+?gNguIkur>rsccS|GaW_$HZ)*8oG%?5hMz5OSGC_*%P)
zL?9POu*ys8o?h~U>!yLhmyRn{=i|4HGV1Z2nJ-Y>d@%&SxMi?OVoF5@Xj=^wG5b8~
zdD?AKIU<SON{1;#+8Zha%~RC`$%kU`dDEKZ*SOP;<#^5wmS9;OnWm3`!gxSh;JK;<
z8!U+v3<cLNWN1T~N<CpKNhPywA+fuvgcscW1q?1-7<}ENW(T&OFq-2}v`5S0O%!ZV
zARfWMJ9k)BC~)Z)IJ8y6p&gx{umtlKKnJ68Vkx!Mkcsa;Q;Na@pA06q!kvb!?=saJ
z70v9(^qhGJN6^D0uAS!)C}!v!35RCZ1e_vj>7j!W{8$QWItj%MzxRPlA^y>xeYYHw
z+5PHAvc|&nF9g}FQT@p|h-TwLV{y{p!AYD*MjsssPAQw`kW(?@_@Hs#bA;9j^*{S{
z3(WD-!(W%_1#VxqOS8*w%{Zw=IB6{{+iCR7Z-^oU0nsl}&Cw9LJ9Sf`_9KVglhCQO
z%h*n>=kzh-{o*>=d08F<Q|APJ2aS5oLx;O>6fw_q^^IcA%p=TQ`F)3W(c``lIy*|f
z-w3Tb$Uj>yYL?>0;|IAIN(kJXidl|o1Tbb!YU)=5ozJj?!RFvoaVPtK4<4+`wqEpF
zz3S%K8n1H}R(f&eS8gDMG_cc+%|2ZbQ<l(0;?0Ru@gZ@CDOhB6+L)mgrWs=uzMur6
zi3`78^qOxmm>|j7+?%Zis%D^!*;O(Z(%JurVd)ke-6+Bu;&QDHw8S#z9fR-38dosG
z8cK^`>1Pu2OTrFe*2<q?ic&-{4Ka)&p<;zMHrc*3z!`dh`mba2zm5vgbVDp-p8u{5
z{O{V|NdKMEa-ZzS8obU3WzN}jq>0MEnm{L#|0Ex=FlUg5JOO?J>|Ghest9obHiB*I
z@0f+S0eq+&TQq$n<kcLs03>3igj|p*u$@+i@V|6Qb*O+G;le@y7#(B}+%5{aMxhBF
zU_iH&4t@q3kN}v$Fb=lk(1}t_0FeR^bp!tO?cuFv8dN4DAOGtCP=YAPfY(qB9?6D8
z)_!0a5CHCA0Jh9a|Ni@Z$J+A_`28ir$-8xgA4L_Ft}R>lB_$x{@~49#*#&G=NmclG
z<ntdBUQl>OoJ^cxwamRBdVXcMfaSeD%_ygODyWnbTm8R-D?D9TsuqJgPa1A+aZW{~
zuS&jHDYps3S>)|aECfx~&?5hYo>3v#Z2n;~hy|YPtsqa6OxvihW2B~lx7<kE>_<WK
zHLX)$t%PBkhxIe((6|14p{tothks1&R65*bsZ#?Q6UnP4pIDfFt7ChNR-Fy(4u1J5
z+O1=GDx^Hr*$dMB;&r0>5)<?k)`A%6YuC7N5W^BN)Ha1>@Q!Jw8Atn%s#w^kKy=~P
zv$}u|AcBVaP14b{CPB^0CeP>VaQGce@|CJHel@vuC)<MUAEk4z{YdgtK|HsDYj5QB
za#Z1u1-}b2@IZ^7rLiJ2BX}0qHmOAcQ8`b4n(u#VQYW?(sIz8mxw3mMo8R#|F6Umr
zsYIGtD%K2Xq0uF6xwkODs`(IZxi{cI(6-BCLRd@N^Qp8u+FuQcs|@1CHg$K~v3(%h
zF`h{FAt`u3YL%ta=jvBm)aX_!L9tu>RbG3m)v~YkSHHm4ZzIRQx@l!_fM`vJskyFN
z>qNs~MMssi+@ft`B7j!=(mRgyTUH3lw=2xRVIr*hh*GO@rR11hEU34ENkIDvnkII*
zYD`r8BU>uPUiUV&MnJJ%q)F%9?r6F#ov?^kXnAt(nP{`uiu2tvc4^W|q3LsC#jW~}
z4b*xfju<IA$kU&&4mTSl{ZLn5m#Fhq#8K&0$OufH!WV7*=soZ1{1z2s{K0b$YqaT#
zUd0d2BCf+asoOz8(FlDe_xObmWvUbxH1~0#h)&fAV^+2ZAL>Ewi4`?UOX|UKTGGL-
zCz&pheyoH}BC=TgL5O9Z!WI(({K0yBrHiV9mhM63!ETNPMZ9{+f|bCM7l9(K6aC~p
znC?ilTw}D{d^G(8wus!%5VY|!al231f)|3vk?AzW4K6I|luP{UJ+?N-Q9XsZ@tD2q
zZg+{=)YO<gY((lS!&#~=?Gfg|OPmv`t}exb-#|`g?>K3%6H_%pngES@Ym{nBidt@2
z@#E00@Wo&1_F)reP@H;Dn?2&*3GEv{2#v7Dd@dW3f9?`OFUJi{ywXwP)&~iHFdUJ3
zOH-nNYlj_eySlo7%Q8^R5j|&*H)$^iQzfF=gm^H*7%4D!Zx&2hx`#a!2<dBC(rr%j
zi&;jf#8z~{dFY8Cxh0HWkbvdw?TdinQZ2%<m%Ywq^wW?mT3=vy$~~`Y8Zy?jtt<Kf
z(=${OFW{2Tz=d72U>1X2RfgYhROD+4JU#ivT&pgg6U83o7rDxs70L*6l}mj&=TkDn
zLI^5VT0sON<kZSGXa<mv^hkV*DUZ#iP6A`ZGzH|2g6m=x)WQ-E#Wk_UBAi$v+q?S6
zYjUv(^0-jtCD4aKe@EcDk4eK5ZgfhRcyOh+J38|^OE~i~W{7jC>9B=6V6pv=9i{sJ
z*invWfiXKrmerQl@)jgVO}<0It0d)>EZ#8&r@H!~$wNNMN&HqJIqrdMC*;iaAfS2R
zMUA8LV35k$=ECE1GFZ22)?hC9un!#AZ-7A~Ak41<l%ZM)@Ch;OLj`66$ZH3@@MuF+
z0D5$YIcmZ{D8P1DL25#6B{uN^nc&NQykKk~Jz5|R!L|~YNI-&g`I`=m?;G+C3Ecmf
z75xSYKmb?u9a%zSfD5pL^N%~GF(3wv!RGk<g2V#z-<z)0uq=(OC=0!&eZQzZTpOGD
zOuYWYBI`A8nO{F6n8EZNKw|MesR$UuHT&$3ZoR)jZ`vB%Rya=rzgY<3G+(JXqRjG8
zhS-cVPq021iv?Y<jw)Ct8gY3s_jg0UQmHI;a0t$<dPHn+WumNLZCom!UFtTde4k%}
zspI@el()vOAhCwVvnjUcr^MHW@|w{C0;DINHvCDAU0(b^Ff`|8S}VK}(X8?j`omdu
zuJH@q79Za8Trs>+Afo9@p1bier@{5lhuqJ#wYlP6>e}eqsfFhCD4>Vz>d?H{_>5Rd
ztr*;l7>vv$Ke6GTXZ{)mD=8AV*#Dm&tw@q1%h?Gv)g09<I@KhksDnVVUYa$;JDA>7
z)XQv&@O9Qz?rxoB3|Jd&KOJ37OqV)%aesIT9%UmAJ}iiPt18Ts<FG?5TUsc+q23(2
zFVJ7e;OTOJu0xpj#=y6YFx7Fqq)Ty3zA`_ydep97QYG>Yx}`gB^jbwcYxZr8TC{((
zzyDV6PTq($l}5TgsK4!J)%I*3EMAJ0$U2}MJdBi_OiWWyim--q4M0;iysM;`<Dg=K
z<IG7=Wo<ule4Ww%DoltY`MMWVw$#@An@6%z0Rx$(Jaw-C5s4l!XZ(MeQ5bZu_wqL~
ze&^VGdCwyZ_1|l^F9{0vj~-sZ@g3~*&tfGD>R*j7N401nxh-9*5TAba;cxF2R%*Ks
zelCAt)N&Wk{horX-*SIH>7V9$DKB(479W`}qkn#?u%BD}!TmmYWW4<Qh5p6*nTd0f
z>y}mOahUPfk6U$;OI9I#zI)tp`QiKE)UW8<r2OZ%;Lw5%;#;a25DtZZ$vpoa)|vOS
zpYmJ!HVyo$E^YlN`|Ibi^c`#U`3=AP9otsyHwy$(H*g_8^_7*k1|R)o9roFlzjYV7
zrxSs=DK7ANL8aIer-UUiG>&iX+<O^cnRWPQ_Bw<{*f|F}KF~_t?Xpx!VQFmG(xO50
zC_fCHYehv{bi>1lBoi*AMRoL|$Vni{)2al)>kD1Sa%-u_xI_Ocb0lIzrbSC|qi5EM
z+j&JsRXaWC5$<((4kuXuJ=c5J9(0w5<JMq@#oIVZ;=Nn`QNusnzP0MLv9}c?M~gv_
zedsZf2;U<T;{oI!_YkSmeP^j1hm(G+vFb3Bu#DV+44yrvY|Fus)PHP!&<PHt%?W#2
zE?eF}E|(VQP$piCImPl^=2jG(!t|V5Xiy{<>F_W*_H{;-1kINECPc;w7h}!kZ>}_e
zcdwu&EasiS^EJQCrj-9f$>rp570%102dD%_3P1Tb7uA@HxmfY8h!^OFFlL=#CUR&t
zbAcNn3U~Ft3MV*TZ4?Q=h&Gux$QK^{^jPFPaD2%8Q9Snmash27ul)0vaCk$dV3@fo
z4g(c5P%{#vlW44plvxjjI3ncD-n#KOi&$9BcU~;Ap@avhjtRwP5Ct#CVe!V+zK5NS
z)<|LIE*4iC>9q9+5hn$0B$e!SS(2x^$7uMN?qFdwb9;7YF7~EeN~{T9?bqfonUT*3
z6k#tgm85XtM~<imxBUH`)HJjQ8^4Tdvj$vcA`3qpcfPr$2*2Ph$XcjJUvhV~hQu0V
zZOOsIZ|NXY=_D@~HL>aT$fAWm$}CkL2fU&#N-kKlQ5LR-lBlZX)3z1zGk>WvoCwOC
zW-V{c#$=_Km97Hj%C!pRNXBGOPAS->X`$l@N9)cFw6X&w)0wf|@5l}hnkS~i1RU{U
z?u8fomRJ{Q*w~0B)?u>krkE~DBIL%ne&ATH*0HNv7X4zeaf~DS)oWTpMJirFuB4`y
zhE!6EN%1$n7w8ze3a8AP$p*6~Gjg-3hv$$oqU=Ds6&X0vNIh6<iTa5WjxyGHppk%y
ziYctfg)GQ%oNziUHcQtmB$6D5gj2vXHcXr4t)G<HacxaoW#PJw>d{&atxa`CHM}@M
zeph=2gL~1#=4jZ_=i~&z9&HbLp$SgNSZAJcw*{hfg{r34_Zd~k)TbNf?^BlOytttX
zpWE+Fhu5Sgnab3G{mAbNc3<9F)`Wb?8aBC`>L3uZy=xp+hFjQ_Gs!5qHzoCbH2iFL
zDMv_cDu{)mN(@13GEoj$^DbFY6pWX-WMW~ElmX?|(bc;@fXLo^`^>mecWB}=2gdjt
zHX73~%5<9%qpmq2RM<y!FQ`W&T&`5Cq>8k^*c2y8OFEK~^RkKj$Z?34@#3VpFRws7
zOEbZDq-uP9+l$2Q;g4u_*NrLD<%!*VG|wBSzyn+vm6u};u8z&pKE>JKT%W9<NDL!~
zU&id<mMVjo(xy_yS*8xa-l3eZy*I($a}v;Ry+!kHbLaSX;I|x%GUL+YBI~UYd3MW6
zu}MK><)5ySDD@fR<a1ZTv*O8@8O{k@1h7MhVy|@eQa!3a9Vq;g7U3@DkB<qVY-A4u
z7C7HGcL;1-QH-bMg+%)e+SeZx%E}NgxLSf2kDMk>l(e{Uywo0TrJj_hcGJMx@0T0d
z3(W0_v#&B&CN=_<gfib)Z$A@v2ACdg?KuZ_D({rH-Jm`VE>!}3<8%lqh0o05PrOz?
z-cGzqKMqP`b0!#k-?+UBnV<TtMwd?%p3mkn681u~(g?vT?F3g<Y#UQeq^bjtFbteW
zS2pDJ5EhR%&O7b+(jD|I7w!0FT@e}aWWKV3`c>tNUg1*v7LN#*JPp>o^%9R9PYg*>
z@qfeaxkAeJ{X7TYHwX{@q~$=Ej(ZPHp%k%dA<VJP=Mn2qBp>at)ut_Aa<QG0;eyw4
zRy%`#ZtB=2sKU9jP2b&0Vcj6T+aW?9dz?+<GjNq*(ZIuhP0dY8+bMCWyfQ(lyW+&8
zc3r(&%0L=`iq0B@LBiq3?yP4~x63;sr@adPSiB<&=cYXGE`Ek?ds_v?=c0UA?K${&
z6;temY>SI-S!MM;RaNr0$&O;J&hC{a(`9_!IZu0OlTSd#_Ub||bTU4uh*;QJ(9n52
z>3^i^zWFc1j+}1I+qhzCu%|5b)&T^$KVa0FPN_;Ji366#yT7$Iy-f>LWWOp0hbmt{
z4?IibvAdd-JTViuNDa@@W~KK6r%evP-xB_9>urWMIA`A_Smn)%|32^pyJS}o^mPdk
zvksnJL9?=+ou=el+aE8TM9++vziS%v%(QNrI?~Et)0sj12m|uA{CkUfL;4#g)9NOk
zbwdPqKPpnhzkiTn^GnJ`<lBI9@~8VNr*dP9as(gDG)_oHPDM*tCK_k^&-p3v1oE<C
zo3<-*WF}6Eu1W#jXH4!DIq*%TxmQV&5QJBy<eK13uk&r#Dc>PY8x@*j5-WddIwsj3
zn4Bv<(PfV`In?DUx`CMTasl~qAjaw<*Mw@iollpXDe<i`LM`Y5MTx>Yx+s8<P|=>8
zs|`ccmoUpB?m=x<v@uxuV^kpvNyzwWO<p`^*|<tJ^zjnZEQlZxB<%|H=tfsH6CLm(
z3y^6k0i^&lIN|pa!UJ=G5)uSq3IfRh<YfXz3;=$B4>~}`hC0YJI_ZMeWf#8z7}y7x
ze>H><ZAJ+pjXjtUDe-t0H5eVZP;}_QAx~{4pVG+Yd^ee&<UzpqA0;aO68@WR#io$}
z8<H^w=Q=p5^WZw%tP9vNt-K2i%0xvqY}04%RiJUhed&9kdjcm72FEJlM%DdgiSwn$
zp{D-|$wZ^QI>=JC@I604>7*ZkvKbu(qmG(LrwYa&7jy^Fx)&3G3DHwHYz60zPP)jW
zGh(42E$@<mM2Ve}^ZQK{q5`T%Rwh2)od$f!ukg}x4Le7W8><>WD)4$+PWVwK<_!A<
zOYN@><0+Hkis9CH?NyWU*cNZLYl!PkLf-t(c0{_JZO^>DN@YXhzQE-jUe*teo@SOI
zZL?3&R+#1-pVD(2MX6<jG(-7CN+z_mvs*UxP3>%N3m*D`bZ4Wt)j5ZFA*E_7l+pyb
zv44p?=Y`1albdRaes?hqL`TS@f^&%lp0%%5P9Jcd9XM<er&T6P0y+ZEMbR=7p<@M9
z6n>0NU}eo6a07AIi;4C(+MZf18(}$ae<^jt4aq&Q?;9e2kCV?eJg(feWKkB5CTk@g
z{I>V}VD;oXtnzlGXyO;+Hi<NugqV+XPjH_e2qCVavoAcssx)-+{=u(TUvf2+aQgE*
z#{_b_gW$gS-lS~*yKBp(Qk3#sHa7cOs`C`}_~rdwu$=R=*F^nHb~-l{7>}BA*0FE1
zWjoNx(z1-F)1KqK&aTX5=v#biL8=BlGo=<)lM&K@*K1xX?H67h3x7q?<_^eNqcPej
zqopL6F4Ck&(dBk@t+G1=FAgl*B5oE`+&@lmG&-qnKufDp@koTyF=8tW;(MtoZRm`#
z5+t0W;I3|iZ8kd>bv}Hu@8y|Ic{&&E4^J%RiPGr|@YXX4KDq9PR}a(Uy{y(J&fpi<
zbuw1b80S@f#LsN2&E6DQow~X_nYywiCT&R^yXoNO>RwEo;kA{EYpQ=2((qePp*Z*>
zmb5M{KU;D+daFLXX%PYY<W*8Z@UCXq$kAB~6Iz#Djh&^v;P6-prpD=kthOJ5Q^#|T
zHhdPbYO+c10-Vew_cqe5|2enpqT6Y2eDk^>_QU>lZc*T7xWN<mAOPW`{Ku!BE<3-w
zkfUSOR7IKiQ(Ms`Xyj=@=b|S33E!<Y)1=1kgO*e5cP;2{1)xP|M_%mZF!f)f2j^Eu
zSovm4I`2|9wvo>FQK481d26$iPwQBP(CFGJdF}5y&H%@GDONk9q`>clK>UWl%j7`6
zguu?mz|N$=?u5YphCmSy)^b5wG(2`WW>g;7(`sF;JQ9ErL=T}2a}g!L4VF9I3wviw
z1EK~S)omPQ@S>?=S{zYr5m9Y7v+P64){2--^(^_baf}5B<!k8GCTEi#ym)b~FkTi$
zU1YnI!|&6s3oK=F)}mo8OVY<xbRkV1tXgtGx||I_J~cU6dJ5mm(GfZrvcx>H^Ej&h
z+jH;loy+b4{NDUp8dE^aNJFL_<g|@m{jH5eLl_=%_RObk=g!2NTKJ5h2Z~BtNVD^!
z2Y!x;9Sxqpv%tNj4d{f_Srlerc%YU_CWFRzq#L$C9()^CF(-{raAxwEnf~->Z^l#R
z*AH2cOCUKkXzx2>%o5N|Fy2(Lg+pO0KVwIECe(BfVTFX@)cP_Rq&~SrZ^troLx1HG
z^={*vRfh48eS^?-!~V=7>58E=*+wM0{NnD6wSA1CS<u;yx8(?le7}xCKkbsI7Fs&K
z0!g(+uf*|Fz8Fr&{oXO%dOJ1f-1rlrwaYbV|IIW)qzdj*t@TTJXRT0cbPvs^F`)tN
z-irJRr*-)n7lGR`q)2MWur%SiGl|nFNz8iAx3IDCFA*+_F{y?rGKvrsy7OTcHrr!J
zR4S7np`iwjsJd3;pbsf&AwV^*8cqod9S;fCw}Se&hkjEpLB~xT6hpz0&||6r;zk@V
zgNSop8)XI<`AE;$Chk&T#0;$PulYX;4v9OF=-K(`K_t(o0wU&^I)8mOfk`eP@?`r?
z3eKhRv=ixmG0%91`5VrHmpRuLrbE4<j5h=m?{6a?49|}}=7rVz=f*3`MIxT(J1s13
zV*<G}OT7Wd68D|tNzbrJ&ymt`&-$D3&!9=}pHM@Ntp!E%mt**oSzl|DD2tyIgqd8(
z^ru>EhGli!7<r}FRdE7Bq&^op7dqDKm;*|`A4H($H>s!cCLG)&vZ+`%vW+0dzJQBT
z_Xv|D>?=8DWYds#<$=HdoyMW^+Pp%8sc0Bn`hiS`A*CH<;Liv$BMq1^8(Oje$o#0N
zwS=D`02Dy<=tBMj^OpwQq4^Iol>|W^j0obxssfzB^^P(@azXl^wdhsuJVT~jC9(tM
z@IT3CkD=GKZz>g2Z#hx^X&VlL1G3Wvuo#fpRRa8@N$YFG-Z^E0Kz>OW+}Lrg^@aSN
zNG4-f5-rQ6m}!~!ceG$SYC3`!8)tI>vBiHxSJK|ez;Xq*DctDN3VOtEt0*P2wKcXj
zD@I&clp|M_eA5*vXRl;0$8hqX%i*YM)V);k*i~up@}faW{7jY<GJc{Zy!Rin=FmaR
zDoc+$aMpJzbH-&r>aqly>)&zI5|968m1nY2RBqa>yJ%Vu_7|%w$)`No(I$Kg^FGgY
zWBpjd9N)Xhh)~9ZU_1N%o57w=AS?tdg81Xj{)6W3Qnhp|<)6<!%%U}ls|p;U$JD7W
zb*A?L|9zVG!Tph8qd6~~%1TbpTC(}|gj<)1sUlLU`0@l)(5-ws4ojDl;P6ZFXaz&2
zF_`0qNoN3;Nu4p6BJHHxM@)S5$*HLc>CtdR#Md}l-;rg|<4XLcH+TEEoxR4C-I9;6
z_BsO)OWqou<uFW;$TZ|`KT3Q!yf~9%p*9~*1$=z8#jl=STADOr2)mp1DRqGxBwwyh
zrPjYIde%F+>0bXB8}l}i&^*zLsY?qN%iQe~FWTU<no;!)aBLL5pUG>_*%yIt>thUR
z$uN-UKd-`>n?dr;H87X3&)gY_JJNfuYnFjOO*IR7P)2%ctM*(=Do^})RKwJJ?$IGs
z*MFXO9}&@58NDI48QUS~>$-jVd~)r2UbuDZdLFq&^s)cC+;$%v_!PLd+w=X7Ub;QR
z3m&Xy!)X5)d#fL=Umm1o?09fAOG0_OpI8qXTf#>u#Y?MtmZlI;{YZFmjL-*K)x$yS
z+u7AaF>p4ocBW>oUo@wruV09#0wwc5f%{KTQ@Bm*kIf-2`QCprbN8;fn)}oGp!bM?
z5HT0{A_1=8#<vLTF}fgoTtRO98{?q;Y5!<D1cG?}56vHpfC~X3lBObZNCO!I>@?fl
zW%1Ip*Q{nT0;T-FmNbK_O}(}DY2~SLOY#;d<O>>L9s&qX{JTc-XAG)*NMR9za|*|t
zFbjQ7qvLEwn8m$7t(^Y{GcEIwyZb_PHFLMDeVNE!zL}DXeQH`tz2%6NvFA>@GQmR4
z_A<Y1(U==!P<vE{*2efJmOZsGd+xhorLF}Z>A<Jp)Y~lR)cYYx8;<=wXK6Xmh4pp9
zUg6SA!$L+2PDwvj<Ct1{gd|T!C-DGso18<~)zz3Zsp}(~M;Ib@X>2?GN7;bICUo%Q
z_0jp+_AY1}KPB0IojdUY8v5AQqQPJt(XS@6ChuCPD(zSxJlz%k|H9Lt$MjmPwEk1l
z;y`rTyOcP<7dZ(oM2Sm6$i%>b!rQ-KzN0R5H$dU=I`(9{@Cl)mX8~i%uKeSo(BM3#
zdtIoU=YW+7nkp+m|JE%aSVi?*K~=kCL)G;|v}7M%$weyrRyC5O@~>N48S&a>y2U|Y
zPH@P+VHVR9jsU!$oe)}-svQ%2@x0pn?F$HByWJ3e@vH7@KZvNaL%+cZ7JE50q6m16
ztsp*+Fvg3tO%=H#%8@GgNWpHkihz5Q>zMR-1D*V60HKOc^chs6Gv`g9p0ba_KBe0t
zl)Cp`%Nvot*J-cjXv>>{D~<wY8PbvxIJ4$^&DDXx_DWJ$07wI<F;moL{z&=sF?v6h
zI~y9c`-&MkI+pbeY!rxsB*_8;(*D;!p*m6Zr!MJ=!2_F7e>A^nw2B`s>1bCXN;xCa
zVwUWnFw~_5E`?#gK*I^;uv;HuO>~HFup2RgVFOkPOlkv}5t_kNaZY4nH_XaW**5U7
zsmS+IBQU};WGRBOX^|Th8pf0biqu~BQZ14xy(82-*4KfJ_?g(N_B%^VZ_Vf~3PO*6
z`lwVrmR~TX{G#tc-rOs<lw=FV??E41!w0BN-=uo9pU+@T%8{ze6(?P!FjGF_e?uI$
z;}-*U-(sRVOW$MAPWpYsDK>YzNRKV$TR60z@nP^we8tP6`>(?oQ$u|q%(Is#C^>ZX
z7~Yq`Fv})HS9zwkv;&)Vp#S$>M(zVcZNLQ#0|tC6O|S;`ch+2~A~&%GT2o_JClH!i
zX3+uRi=!W_I&x2~2GK{R#d{WqirUWL#;mD>dh1|2IW5>2?C5Z#t^g)gCUmgI7e>Gq
ziVcGw<nI|xkQbsy;(K_CkIy6SoSW}#_C}nHHDVoWBrqAMp5o(>jcHHA-z{;-y_>Hp
zov&{*8=mbIqx;4SdTv6mv>%w9TH<F_9mV#@9{1kz>m$#G`FHI{wv91KS#y}Agk4J=
zb_qD~kBt~ZgbsWDT^fxiBh-&5m#f_TL_b(#4C)V_>6Ub~Ep-*ito_%<P_1>>cwU8!
zz?U9KTm7Kb@JXI@9^7QwWGbf7h3l@sNMG!&Zpzp`n6(y}joIcDa^`Ma2@8q0skP)_
zcUa&5>G(^M$X^6LA5!}L{Xoz0=B)~Qqz$j#qXdT10Ikm!l}E`RmmDg$-uz~-OJ{+F
zKCVitR6@2J7=4%yIL<HOOAF!+rL9`ZoSxRd>JLIx1j=&Ey!&tO9$v&BA0CNFc)VBC
zFhPNCLn8+dT)_uETe>7|*U<ruVwM8dk)e|7pX59iX3C|mOJ^54|GA6OVdDX5aocoN
zSF6ndgyENiUWG*%P*8+Lk<OubnYcecN)xU8cWi$Ni7*SwlpN+*Am_hW!4Ia%WajFH
zxT$V<F_#u}8p?!Bg6)hG%ooC7hl8H1-JG}+N9;f;f>Ui-*wWaJ7w8?OXO+ABKGX}e
zv_$B0Ef8hN81j)mOC{fv$T;SSD!g^J8IGGio>j0Sb9HIai6erxv^tC`=}c0Sl%y7}
zo&B;=5Im4q5)4WzyF2@0EhiLqgLQB6mCzvlm$b#FGmCC9Zkr88o2Bs>w?zG{Rq{bQ
z&b!mUyBMi6KuXeHlxeS%leWOz%kiAC>X7NNe$W$2%tOw~aTxG%Tdh+YPnU4*4JsR%
z+E@-`%5`!_I(he&56o;6-$>KsGaGLG$a0rDvuR%&;=yLWZTMy!1u7+d(fEE5QQL;5
z3GZ{MTMh%-b&3cfxsuBd9939y%$+#LRqy(AiU>@T-34<x-|y77TjB(jkBY|)XA1lh
zS2nYbLTcMx&s&&Is=g5K%@O?`k6NV&ADSam#U9)_)KACzDSGGn&03{~nO<_8WnZT}
z+L)`#D_sK4qwB_Xp7}*us#YfA&Tks=mam_kM_jLeF&xuuUY6%Zyfp*ab}0lTNyvMJ
zb9m=u-=T)Izsu-a;?}w^53nW9$wu#I&dEewFKaqQzx<>i69py_fSn4x?j<y^#a6IO
z+J-6R4bBz1RdZ{#T;Sxo4<7qEMIb&G#Tq;hjy%Bs>UcWolx)O6``jVkerz_bJEFSg
zH+k5V<B;(12q}y3?%B>RT%}aK)uvN40uFpHYcL~T0dNBLY2_~6sleM7=}jHc{K8M%
zqEokoi4zbd{hU#vSEu%Dd+iWkJUzN6=$fBA<|mM4&3)!#o%G%^K4!c3h(({DIOb0%
z;by;9jPuBVFg9E!uian-TiFVB>IMatuuFQu2PA{b*W-YBBl$al?(iRdP6C9Kd-?wl
zP45^TN!Rvocg)Eo6FZsMwr$&)*tTuk*2K0sv2ELC|8u?f^M3i&K3A_^T_1YYu3h^)
zj<T8pfC1#i0F|bG<N#`902Su<3hyYNX`N|Re`|l!D9}CDV-)fp&z6iUv!XG7(b6H=
zq{&03dahQrW>m#uQ*uJ3erWa-hVyhb)`Y^iapZ5vRPrl$zH0kw6eKg0Iml3m^3oxJ
z`8r2pRbEpPasBD+ty9*98`^|o!rF|g4fwk4@r3n?m;BUK$kM@;{{CC5L<=a2EhS`D
z*fFOqWecaWBjz>D@_Ds~Qp>;mqpj6l{Xr@{G5Wpv<mp0Nr{u7k6ZqBr{VcuEoK4Ub
zCkX6{EE}Ax9IjAK1?xg3K0?_fI_Cmz%RJ=6Qf+c(PV*W%$0D!4M2kQi=OXc#FTT4J
z(;Js7xRd^r9d4{(n+3L;{bBNtlrNW%R)q#DvNx{g+{MrGY}x6IrA1mEs_F{IQw`rM
zCWcI?^h;YVX1Z|#_0RB>9FaRcwDvdwyVrnmp^bn6qp)*Ci%#I-aux?$Q)GsKzS-1d
zW^smNPdp9{?_%%mKh=WB&3`GSkpuBErm{|(mW=g_j8Ze@kv3z^3SJIN19aLu9uMxR
zZPi|3cHRv+gv+{A?A4LJ2SyG{uTvh8FXE=Ai4Bxj42%)yn53pG!v~e4FyG(HfuJQe
zZDK#h`6FmD9LNW4oq2{e=i-Jbwmu{)OKR%9ERmblRGX+Ys_{G@een<yGODqAlB<I=
zKxXRAyB&N`*>CE-Mb2^FvJGP#?hH?%)tOXir6aa~P>FrFkiQU6bqh+f5-)UHf$a!N
zqt0jGe1F}xFH=+Dy6^$n@3k6(z}B_Ybv&9*YBRvZ)Ix~886xO=tDymL)OM5O`_(dj
z?LH{b-|cBF^fXSryHc~%w^&)Jb$M9;Z@S(QmyFuHO*~`QM@@B({{UtnccY>4eq0-)
z{etNN=7?4}-MKpsWRJ9KD=r~S9qFFy(9adnTncuHfJ+H8*Vv9_ah01J&gdW`8u^aP
z|Ki7grSX4ZV>r2)XbB_RMpm(+TPl=E`E&{ThcA%?9udxu8N@DYGD!ubSGUjiH5=p(
zOg|K`GQv$@nFjhI@^5`@7yt#h2?VV4bLTAr)M?!KEiv^u0VzAghQk<O&qkZyaWKvR
zc{RGg5VM(xIzdJWkDg8Bh7X6iql*j?_Zy(f06c^Sph25!NMY=V0g7(THSV4>XBF6w
z^kn+WY1?H~Oci%cM9i><t;r;p{#=y0J!UekwM$roxcFJi$i+UZr2-Q!_0DGpHb0%$
zs}qu_eJR5q)Vk0ThK4#b&@<)nPNq#VheZq3lvZ+|Ev)_{D~_$c-f~0Ta!p$<zIflb
zds5Mkp)Sr#)!xT~-%h`K(=B=r#Du@sig=Qdr5%eyd#Cv>L-SQsj*gd+rM}o9L-RtC
zg+eC0z6`drK=H0bljy8U*Mzy@WDl}Tw6EBS=?9yWv5$%J=UP`9_vzaYc$6!)>>2@I
z`D5E9J67}0s^^Q}<vG_JvYO9x(uGr6($Yi}vEk+i`Be%UKEjwQS{7jMRVe5ag}Y)p
ztg&OIiG-h$#sh?(i`rA%^^GP+3O|k~3We%ij%KISLyzK1MGfQiq^%0yO%my2Xa4o5
z(L^OL17Le{cR_<yVq2wmhc<)yQTswruF?h+UXDAydk3>`r?;9Mhex{4XE3J=72J#x
z!<l?G2L>@)3gUA()lY+?SzzCN&p?BhglLsojnMOJwMc|ukxd*?N*Wz7US2GIMSG$u
ze2~9@uDmMz@H99$(|bXhL-r=Gk^a@jImm~FOvXnhdVR1R#o&79tQY*V1=IaS2fnn6
zx4+cx>E|JZ(?U*vu{kYwFt2a>2TH^>vD~hc$Uy1Mj^h=D+u(|;5%TuevsssI57XLU
z%d+$OPL*iPr`VNfjJN4SXs3TUeRR2ALONfP45<qa$5Xy9`{BxYT6<GAeG~6Y++Q$r
z4>2=l<wcHFMf;!-eU)rfp)llI)MH^Ue*{s+u@uMpA#&`ndX+3Ih%p0&CmynQG-DR|
zCnB<U5aS{F=J3Q%Vs>VQ2{m;^I8_z6Zb1yNC@B8#wIA(0DlaI%VPCr06yV2y6T={5
z$JS4P40s1`0!Yq+GQiosxoAlr%(ZCZI|e;#{kiV!;tXAjDDF{9`b8|Er-X6;YYdD4
zB}kJA2?EP2qSsOk0T~0yi{sP+{Sr)PG23dnQNan!pV0d!^iwTx0QbSgGt0R+8)|Ny
zQ|taun4G;nOOE$+!98o(`8`o`Rz36<<gE{H=^YK)ku{20)YdQ?ny2kR?lUX<^IqJC
z3^A5pAkEQZ1cKcw`<N*Kx6~^<4vAQ9@54!Kc;&=QGM$EEph-t7!}?J48m-M*uNHg4
z_t9x5`L}a3T(*OHA*rVw{yV~X*`-0QUH4x=lg<T%7Hr)0iXV5x<z2@c?s$r=oC~49
zk#Na)?gy;azt9T{j)9*VSMXPf*X!K!d3L0Qc96w(%`yE0la076Fu@%er&j2ayYSJ1
z*{^Efu3MdpbWNca$uw&^b*W~_o3?Y*VVQU!{pdH!{nR17TRa)mUo(!S*m|!N(=UYd
zJ6H%K7>pvA$O)xHlpq*}GI;;D)6@44<bAi=<M6!kFed9yFDSN)4M2PL!PbifPG7$#
zFPqhf?)rt(%DXv!H?`Al3X@;x4#)M^&2zx=!MUalH?qrSKcDRjz(odMf$!5+TS!|-
zrBPKOWpn=KuhyX;OI@N_|H*TNd+CBqN<J)<F%7T3+v(D}9CV@mZmJf?!)5z+;pIGi
zC9dS<;&axpzNzf#0`joxZaGa`^K=nW)hBjf3JjB+tN+#g1nO&hcfsnnRKr}g9E0BE
zl9jJs|5qoZpheb_LCC(NrNsGpG2zzg+@N7~$=E%7NlxG#J7Xz!BwUj#XZ!@&ge~<}
zAZ?&6$}3~ZvYW|%W&D7}eg#baoH9LPDU_uu6U*#!g->^TaEecNZZO}sQcB75rYhXG
zlRNf1ewk_#F+CE7SaBFvmN)IfEm{=43F1O%d5(31?QJYP{yf?E)*rJu-+?_;EZGjV
z{cT03u8@iB8*Hz`fTuOk5>xH^t6}YkMZ}i9VFpiHS4RsupXf4ZHURR1h0DXa+C##0
zLS$`8Cq5+BuA$fsk!x`PFJZSk@9Nqzp4*+wmmsHy&o>~qT|}`_YO6~0@nBD_x~L9c
zLcKIo_hLh2#Gq_k_lF2KayMy6e*nbj^{2RM8IQ)k8G6MZy0kDIYOa=W8%91Y1gwFL
zI)Q23RP2{e+Ek5;cD!@FB>HOK__F7bN_vLHg8aQ$9j}ONmR6d}u0t~${qW`$&+D&%
zF1DH!>=UDzBO|bmyvc6JsUyg4Au(%0v-zN_dqQyQeg;DQd%VN0FKr@k!_Lp;f5bUR
z8~pgw<cq!BIr;AkWbq(lygBw!Q{DHsQS%sSS}?FNvnUVI)6GEgwBlP?xW&@j7#J3*
z{YCFZx|$UD0%))w^I#$Q0fqv7pBVuI`}K}hud}h8tI2L-`x_5AcV;I*2^oY!D@HQx
z*zax0l!?(_3QrJYitOK{K(x^6an=P>lC#(<w=651@nn0(b<MAZMK9mv51q+pwYK@8
z@8Q1A#IxG!+<(KG_O$C7#=nuHUzDAOou~e17{?Sf?86m!(8x*fc9+&^c_@HP{Bl2U
zz>Dh2gCQ=M7nol$=uWEG1Q4p%wciHi95W9ckOJd(R@o}T4gd{0Lr=!Y!vTDN_p-s?
zQ1XLJpaUW?cenv2uztU+cs<Afox!hWaNqsPe#HNID{%hvRuDs;!27XpC>i>g-WA<D
z%5naD3II>iVAlXiau(5GkUfh0)*dAv7}@4iBN`iXXiy}%7gmCjQH9oPWrtCxB|;Qj
zkdFznYZxb4i)zrws{SyBQ&7!KTtxGD^^9uubBHsgrpF!vv>6k!lL2`3+d$C)Gur=9
z&4vISfEjUs^!%PL0D~sznbhKz4*-u0V8hrU0%Rcpjxq8;00=OC<Y)vBL@gBH(AW&U
ziHvbBAJUPD8hZL+a3Kly$qWQ42gcA+Kbi$y!XGK|p&Cs3_{16mZyu_Owj$_w1e+-}
z1dztWHB*|q4n@KSCqL!<OP*FlwnDVn%%T&M4rH5o-zJVRw79%cQ$ws&C|;tPDVseW
z$XbEz7behUCvdcse1~H9^o+-`8GW^Uj2Ow2BUIR~A+Zy<2SkqRhh8iUjII~%Va)F=
z=OW{7Geh~87Uh^zuRJUDGwyXC^)nlU2&us(&n#MKn&U#>A*7DhenaM?Q3g*Hcaahd
zDSDa`oDx>>w5{o^QD)D}6v-EHKYq?!fnyk1AwD6Ot@l;jj;2LSI$3_kS)mP0>u^6V
z*OL?#7&%0pU~g9!6g)}ix>+sHt5@iCq>p}-M9tS>m45x2p?)L*0Z(&pY@g+Ouf!5K
zst^h?oWFPh8l_Xgfvx}X3OCB$dm`d$iw+vK6&#k_YK4;9hr#p@0v5Qj!x)^Xh6p=w
z|4la?ep8%;gx|LxU{TjWD-ak`A?(=tINkh=2=u&E<d{$xdI^($-dpCS@-OM4e{y1V
z^5_r0i3_XFEcutY^*F&E1)SjIiU^cpM%Y4%U~6ZTt+E0UO6cIyax)Yxa7u!yQWAgF
z9NS+Ntt!35s`lt)a3Q{BwJ(9g25$g##@<ZeONd0?bILDTwj-8<yJ;kx)Z=ZWw#u<q
z_!8}<8T+;uTpC@0){hI^XsJNEV78IN*EUk5NTyer-)N@xOFNlAU#;F+zi91VjW)3z
z+ALsp>-F%2Xpuu5wWt14JDjqAZIsmOd~j6O54<??#*A|~67M5E@N#++1m!i@y%AV9
z^dHhjkMH=<+O@e{VmqvwGwjwEr4pt(huCX3L!-4h;h;W4H%CVBl^xJiPSvQGF=#O&
zMA_0;{OW=kcqOEHMTI+lYwb0T#ovk>570xR{ppV3K=E_8)eGx@9-qt?U57VD;Nm58
zxZNwOIC}OjLeD%Y_P(9N4^P0w5pWH`kp(t`sgijrPdWk8DZ<r35497T-Ss{_2F6*)
zlPB7xgE8h(WA9Fm-4@54p?MV&Tk@!XHS1J!V$q-DE7AcI4vLB^EB@X68t;UIOiFw=
z&r2&U{-TfX+o+Il7bE&dR_+@?>sd2~t?-s0@1(+1O!Gw)`*X^#hWzwZt&jfBBj5Mu
zBDDpwd?GPwpoeY(ZRXHmf(J)^qpa@5@h5sWigS<W0Nv0bM9{dcLnelOn<v4@Vf>xJ
zRN5cmx5&G<u!pF-7@|2Wch`S$#`sA-CaqDjf@>~TJ8E-L*H@s{HL6{N)|SV}YayMC
zMVIp+IM#66E{u!SBkOO<9nagW5>5M|ua^xZf$XnT1MF>NQ_M+FQwSDWO&7x@t{*vF
zwCh*Twp&)1I{n<0z?-?adY8{fM{dVIF{Nt!c}Cg(k+J2?^s!s-{{>$JbL>`b_;*}K
zeMe2$caVu?h+RX8eup8^WZ^T*@9!A;FE}Q@<2WNz?0P<v3$+WlQ;k&}IrURP;*Z{~
zD!e=lAR3&1#FP5#r=Qs$wHsD=JDOZjXmmjKRl^G(z#vGcZ=JE14G@M1&{;(pPzE%j
zm0+wf@Y4Yr5doj8C_?N2PFN-QP0a6$^%}Gvl2ycRGMm)|ku(Fmk>5Swgc>l+V{+>Y
zfJbu~#2W%cg3KH<xL3%Eq={X(h<!)uf1^^-?|A>O)cUWi_%9-bzoTK```m#+-={sT
zKlnHW$F&SMVPp7>z<&?`o@z%k0RXFCq_)jW{5E(HwW<K4dYAw>z>7*6!OG<KHTfnH
zS|1r)3Y!1B9t7-z)Jg)ZX7+%97ftAE--;n1$jy)vjR)OwZdl(r-m)O^Irv`9obWQE
z@*F5}mkP|JVR9KgMi31%p@eZ4BgnTi38NB50?(2Zb*rr$8cv=NTc>kFf57&=&@~yk
z3i&ct@Ky30@Lm|FW$L~CMZVzF#5$);2={`epz`KNIruhP0ywBw#wdoi{&b#4sV7TT
zhLEVVX&3C~z#|diSCnE4B)~6D$f6=_R|z3l6(m8gu3ZgW>t^@78A(Qz;G2z;%+FLl
z`LPc3`O$~pT>X~IWnJ~ix4ho}z?XWfl{ZxnapFt52J86oL**@zd*!DonFZByOOn!8
zCwg>SUt~2)d~@n=a1#ym#__49q{zm|<HRsdHQStxxnA97?KJf;SxK_Tqgx7U!fa~f
z9}X>Pm7nTro;|kID5@n8#h<-jeJauByw0{PgeGy<PX!o`@p{e!0dpXYd5v@nl1+No
zEoDLN=!r-EPR925-U9DtoE<ZDL8>!3X#ol(%y4U!IiG>-4|G8uPsV?ts23W1x$sfK
z7}{24;$==Jw+cu#|Crji=-l!*nYjHhh5P%H+D1*h%g}x#c)=VCjt2Ydlem*FKhA^g
ztOYiB!Sh!SDy)r=6idV5UP3{iOH&vhN?VMq`T0n>)(EI>oxQi=iR5_Er%xTl`9E-o
zqP7<S^K)T~^EYEk6DDbk#c#PlKynW{%5aY*dB41(KNn6K8AKbZ)h11Y6KZQ=GNC3C
zv0vLpZR8t9SetaB$6>_dM|kNDRV<z9c+<7cSEcK#LOYmK*SR@El`z+-jsruLYdGrK
z<%$h6k_2i*W9aMzcfPo%ur62ga%VX?QVh%RqgCiZu@%@59IoPr`=97NsO}hwuNz0)
zq2)U>6uPgl!WZ&lH#yv7gP!`|Lv-rUgkpjbB)CI*C?fxnETyQ6<WI#Y$MjIrGM)t}
zxtOui9_vi62tNqLp912zT~J!wPUH3x+?`OSUBv4q)e2iDEy=stl*De8>AtBM?jhz0
z%IC5w#gE7y@mmhjTTIDY5{bfA7o;L})k5aONHdh}LWK+_6O@ryAyVUaeQEoQBG>;z
zS;nWo;h4kXLbnj1h(c$Sng;d~b{Z8idk(qiJ&kOR2z>bny#-~8ue?U_TUpUtRZ08y
zn7zVo@mrAOy=^a+h*-sl77LW)LvmV1v~+I$=^`#2V5SY-&0S-m+Z|IV%J%b&Le@##
zo-Ga5(5tS{Em!U-`PON*f_6;l3um#L!jI&=4ial8&!#W>7ZJ!`390<8qL_4x-aqxn
zqfmdrJKOskO-K2o9k~DCS&_KXCj`?sBFOguEB442W$8)&cgFDV1j|#jW}cCm>H<R5
zm8(3G$65SQ!WDP1^{>!3$}$aWuIx%T`2X3^w@v8F9S@&3owg5TaTfWM$}3dV{>nZz
z9Fi7zi@BZ>Xdug8&4Gjz*kB3SLjlV~HU#8s9HC&?Twh>}U)j^q$ByzV5y{45>lw(Y
z#zv{H-lFmSJ|}JfqwOg7r@wDe*shXNPwF5Gseh6=vf0>>*+jm#l5!j(9Up8B9DRwd
zD#<>rOxCs)Vg$b<$hGxlJ3wT<!yC7-r(11os8lk~Bgwsnavh?uE<+ombF6CYA34wu
zEMv?44{7O80gFVpuOAqmL`7D$yDGUw*K1o(jEH!r9@J~5=QsR6D>}b9-~qh=TnKYV
zqZ#!7tmwXA`qhXe>Vp6+kehVC%Dpgz7mS~bV3Ix;SQO-cPz#9|L?cwMo?y}rHP`}3
zZ?1vPvMFUA`8U(@C+I&bdf*7`PBQ@7y&5zIB(JhIs`WRR6@cIVB|U+}w^ddZ>{qvg
zGJ_WFrVo)?^#vrh0C)VcR{*xa%NWT<V-l8S-d%_WaHiAa1y<{N&vu1%U|uIdeV`?B
zuLPMMOT)H25BtsshAk8N&+-cKE(`RpU&HE2{!?2TO1nF-Y&z!+5f)mS>ZTS|Kl7^a
zF^ikGbmv@(2<%ZUd8?djBPtQ;8(8OCbQ7Bqo(M!oYahKDALA<@$=Xm!LV_Glmzp&7
z!6q~loc|sg_H&R$=>Pv(^ct15fThU#CG^=Pm^&_r@XYO5Zs>K4`Wie-S8i+cu=?oI
zZ+$@Y72aP~ED3CqT9-G!5z|Y1y%?Sm4FYg&nam;8@NEdA1A+~RpsdB19G3f5EYf(O
zcW^4f9jEfQZT){#3kR)jp37aLi<`sazL(X}Zywz}_CZnogXHferl2v9vEK*%)xn=O
z@sn2ETWdT8Z)?<aKh(7O!6j0r3O}BGR4rm0Ju!ofA-@P^nU<7gObat{o!R=gwI`ev
z%1XrV3KN&f{ku8IFJeArBs%jI<u%n5b>xWezw$y&b=Gk{EF=}^;VgM-Lc+A>QK_MX
zW=d}Q!vxP1-)Xv*_OAKJz7!?tV5qgkXJN*vXQ9#=6;RXbULAH|`iuB$Kj5pOU-)wx
zih(7UZRWg34ms*?$+E9?oaLME{87&wP#jqS$e58qf=2$PCcpTw0NxXF^4Ox{Bm)e+
z{#1L@f`7PHjsMHx)2#~>m$@k_*9B72o^5~d&G*O{27clHTlgsLF6hDk7LDiemI8P9
zmmhMM-}ugf(eQ7+5G5woGd(!ppXp1ZRs+@SWPnt4-|li-vl$=@%kiSp|HS4mkGR#q
zR96|`8Zi9}4eYZc+0<gIs^Ua1=Nn(SDPsH&U*S95{Ki+<=ud#QOe{h)+Q4P-M~+XZ
zp396cGR<%0Ip0Da5Q?7VCz|2|-O#rz9Rqpd5eQg*sM%2mKB?<&sbLNrHru|6$EVOd
z|7NWAB#UvKM%QEFbnX-o)fKenqoC;9*0Hxx$`m6bVRngqj!kn&bE~MuJD^dd&8Nk=
zQ-)7pf|cZ8K)MJXtfCq%%Vou#K}z{I0ZrZdqQ;O=`waDg+a=N#i*x;Aa8o#&96(%H
z(`?W{;fKGY{wau79F9+-$6mzj5IP|i-*7h!g-O-bf+j<h#eInQqB-^htyWq~2KOC;
z17b9#P;YMgU9R77EJ{{}z8$D}7V#v7@-<|v?69Kq;rm9HkYw<U$I%v@7=<^I;+7}>
z*4jMnlyOmLH*gcSp{*;cMjh%L(lPX236J2VsT7_(m_m8lR~NK~7*BECZ0YaFcwpWx
z6V&Rn5ckrYVZ@!#Zvk5p8S`D8+yvdD>Xo2~V1OqhCwp4cOv_5*vvJ#-_cDAt#A|$P
zvNFHYz1LTi^%>uYDhjMg;+r$*inOZw3!tH4v?3NnDL%6tog{H)I9K%c9^QjJCaZC9
ztn!J7)9L+5D=*&WC#N`Ekpw1j+GMSJP~%l^0P{w<*_>&hz7+jl@K^A`xmZR~k$+46
zL6mmYmVn|O$nZ>iBZIQO|5EZ3dZr#kAV8VCIXS?us(Ee(6sED(A0@)?_iyDPMZ_XO
z*rD;lG}Vq_041faNEh$y`FjPbg5`K2gx5_{s)u`7Enz2qv7fci@x+8p{b<Q#*Yo>3
z(AS4|ZgOHZy@APe%5o}e)=*6Dxg80Yg(Ea%?iSM*6>_h2p^Xk@-+SO@xm5a&r<J>p
z#q3eW)qXB;HJiN;^Lx9dqt)}{PK&cM{-a^B`%zFSLUfxwpz>FS#6m5@jZdc~e5DWj
zq|jMHVhmOm(T_)#co#$O=&9;ss$;B4)cYN=psr*`n=E!Z*#)?%HV;Q{no9A$N4A%0
zLzx%rxy%Yq$1xgDryqG_fF5@pn)2mFV5i3p#S<&Pr^o1xm#NL3sKfR~MM7%zwtZ1I
zk$#bBI-Q*Uz+S%RCa^VyfB2#o3sidD5rM5Ty3tj)qM_x8N(`H77-RW&b>aRXgS|C<
z_K{bBRh<oy3x(l%_k*@+%)<z_VeY9r`rB$wKi`x(*~f0QH7lcMo=*_rTs8WcC;{2g
znJ9)?zOK!zH(eu28IY?K>x}IzBKi@VD8jbS6MFK|nNyn2F2#YZ&uRVR)$0)2(3;A7
z$PQN@1tjk&x9)>sw~xU-z_PWvIaxs61tLBzl{$<sok|hhw#m;jt=SYPY=>hjh$CKj
z^+Tt<_vXV0sYP9~CCNn1PH^&c>1C{*YKu@D<M_z;k|V&g&Fy}e*L+|*?pC)sTrFSW
znaD^)m&n<(*flRko#(jDhID~~*j(FxnB_wt1j={fL5|`xa5;fPY$s{sOmZJ*<hMTS
zUJ#VnAWRGmr$4ZH4OQi`ta(Yi3VcM4Q$UTX_3G-NyR()F8tl%^;g9L!=W&p(jLZ|r
zLp`E78nrZB_5&^bsRvy8qXPSR6%G4k;ocfNllq~#8m$is4tDZtC|#nh*SGxF)R|YC
zyMl~e3~U19#kUoYcbH?1Aci3fBcE-9oP7iX!XEsCZw;C`;DM<bYHm6&{$&J{ryOc7
zb}L(cPGid!{W_ot?R|k>+wyXh6Wb>4)H2JK;R<Is0d)JvoMo=lF)KU{hDoPuA)gO6
z*j1?$*Y~?>55OF=vdTE4pb8lUQ?$Ge*Ou*_4sS-OQ;Z1$TdxnJ5Ac3S4DwLN=^P;3
zNR2Yag>GHJqg}hXQiuf*K|CV-96vNu4GmAE7Ir-q!0hcDc>sO3AaX$%1Nk5d0~WYE
z75;tj?&4fG2N&xnk&?2~zExH^G6EQLT|;iT$CBNjM(`xc4!}R0zcbxF?Gd!!+Zb_O
zdpr;fLb)N@bY%IV7YKsk3#Y{kG-4+Xz<9a*IE8j5_*F+CN&;Iw)ovPM$GV(1E;WJk
z8de_OSfPCzanSvv$8behfUPpFO!g(C!jaCcSh6kfA%gkATViVR$$+@S{77$(N@2`!
zdTGqCD+eA_p8=noaoR7jsI+iNw!i$<4+rsrMnt3+LUUJC0QSxHt>y$q#)xn@Q*AGX
z-%0@WH(tjf9GuXH3ajXSPPbsSjjTd6FU&Z6M&dEUOkQ;iq}Kwb)!y&RboLGh=uDVb
z$lH}ldJ}`oV(`}iUrVWBKw7Yyyrww;pZE^d7cC1pSYun_T^IxHU9A@GBKyN%qWIqi
zxosqg743n4>g}t9l@qSHh_v8uL9S^NB`6ZQOvd5&!D95J`B&K$x<u-msY(>7Z;KVR
z{oe6)!VPhk%W4cLj(Se8-m1?ibcD85cp5F$T~%TY%`qS6nuR2?xVXq^3iAM+p@0$s
zzf*Vuk#c^&Z~;K3`qr>k@hS9;$V_vuTC@Y)0Md^4%W3${zbjsh-Bm)d)(=6@^q39G
zLqyMrhc}q9?gz;uw=OaX_p{*~Mq+c&AG3_g6x}1CH!9>7AI<os-oB{DRg~q^l19uz
z(*{f#b#zb#=&@Bj@d^_^NF^Ec6^CGCckpgFhW)1ha_8pN!ix^a&pteARY&d%Iv4A4
zhB=WSACF+txU!si1#GLRj+wDNN8EDbUJPtMD2->rZ@aq=ALO_q(K?#tr&nnHt8G8F
zRyRM`FE>s(As^j&In>c7G<<r*8k@6(ZxzZ2_yyBYuk<-{L@iNwHYGnLOtgEe&xHU<
zRy$exm~B+;0sn@##U7Tpg@-6wnf#hHVaiWYu(9AwwAxJi4C6d!uhKG`vO7L^nkpfZ
zu3hb>p0Q*{aZ>WWhfS}=4I2R!4BuDBF>Ub{@9RMj$Bjr_37l&ET7OM(*8(2aIuX%A
z=#G7`gx`CG@29MRNT0N8O4>H@+qzteH<UaxuIkoELtSqn4KM%Xkur781c9LzUcaWs
zLYa9gvs>eJ2|?5d!3TTLTAl2En`T0(az9T_wvMxiojv3*_U@5?9uMx~)pMMC97V8~
zh%IjEG^^$#s+qQE7jDWt$|;Z;pQ{$bkn#1_L~=3hc!%j=TQ3XVbhI|h+<ck&*xBny
zr}Vke)Exgb%_-UMs`EZ^(ess_G!+e+y}B+{_97j#{mS&b3{*nFedlZ>oD_Jg!aeMR
z9_IfF_Xt}_@`xBhg{)2J%u=p7Heu;f?{YpvZO?X<8E}K2HFP`ztKdjK_ZrMQ88w%d
zlO;So2zzMtU<?=5*rRK3x+}^}pw_3Z&Z*76C5WA(eNYOk+OrKfMbwkE84d1-r*2H2
zx;Y&GyGqSYhHSh-iYK#4DdK#%@>(b_O{Zug<5C%m%WO<e=IxZ($^Kd&W40TtY0N=}
z%>KMeT7PYO;^#%NHInMVzsmxK_VkFlRgkhtTGJ`@vA`R*>D}qy-xUi=4+he{I}Jz{
zj~@{`J)^C9Kt37}RU-VfE8d3GXIOKX6Q+iJH2&#H4zj5$v6qW!+gizpQ^5S!>jb%b
zkxE9&I(?AiC(&*6AH=6CWR#lJo)h#rALL#SVfS*<efSSCB_5rRqDnpB-|v@ApU`V$
z{tAiVgunH_L+LZm_nO=z%Xk(x@Jd2AwrA|XgD?(SWn%2b`?30UZL?!3>lWO&+j8+Q
zp+V@~P}{qwVd(?YIFedApGuH8M3fa-1om$r{}iOZ7jU2F8;xw8d%V_QAH4}0iPXV9
zV>`LvflwoBkVkJ~%7~JAt7}5TKzf(;qh;L#qfQ`K57%G;MM4-U5^EtvdPoe19!U<%
z7Z85SO<^56Nt&WXGjW&;jJ0%Lig0PJpl=ACDhS|whfYs*j6nK{JP{i;6!Yhis$*&&
z!5$X${il)roXp{*mo*7LbF81C6alEvC*nUCQT^o}FKDm1;X#RKI!hDq6fog?Xkl=|
zTJ+VGhM+LC{LS#rP1FvYlzb<O{H;j%S@I-cf2ztKUCCo={VINWNaYX*Mc|E-;H&<l
zO~AHj=BaCUC3J5{GOgquyMD`*Y9;=AjoTLk<SJ%OEz?X3tLIw9Lk%6GztQQrPM&WU
zRE@TIX*@eH)&(p4zNKYeJgcW$=RW*ijbXpE$tW0a^HAVhP5?oG3E~0?l9p-Yw*(!x
zh5~)l4r*sb2H>6-h7c4LpC08pWaPu7oQ`m^-KI~I_{{w$O-l66K}=&Mk`+Ez_|mfa
zRpOF3dA=mw!0s%C(WUYs@lu^vrNjDeah00{=lWHIPl{-HcuLX(laxa(^O~#?H`lmH
z7WTsN$^dxdf0!dzt$R28tq1y;xY^s|uV9k83|DP-PQ5T;D7J^s>j?(~fKV#9gE5dS
zQh_Jr#Sl`#Tvtu^KrSsy-!sBsPi}iq1>YU@mqfT*MyZGugUi_k`S`YdA-o6PnfiC*
z_vSL?)hP7lLhMX~?oSh{APwhQqA7gA6PyOyg8I@@7Q+ve4b_G8jJ`CmpbV_E#WO~s
zh$yuO+Eb?;T1{=iFir7nq71lmzIoFfIR@7QOwhdJl<d~u`4PyxyZPZ-$RpN|0khmT
zrvk0J#f0bcEA^vsP4(vgCK5d5P0-}hFm*y2e*Iv76HQNdR=C2xzh%<i5nBA17=Bqj
zSlYd9KpDL!+BfaevMh7Y)?}+WqA{foO5F-_*^ml!lg6%rzhMW}7I|rpPU2_7ii=>m
z9IG^T@T#9MXDo8;>aV5F<rN%7qZ>+mfvztmY>MHJK`yAMSRN;}vMe`~Lfv&rvLpT%
zdTiSp1O2)eK9Drz^(420v+VAL^$q$?2sbL~$F*K2B`bf-x9F7|PNQeJf-!073%Ag!
zqw7k}3HkO-pL6F$(I>73n^d3q8j(2#K8!dfu&vm?YbH&z(99rv>O=G~PtKXljE@`n
z*NQ#)ZsEiL@8v;{_qDbabbgVM$1;)&Oy(xk{cz;Rw#6&>O%lsUajQ%aNl8p;^t&w1
z*AF&5SCCgw$Wy!K9#gVRFAbmBQPEuyBNxf{-!VR?B$PL+2_D>{LQ#96EgxhR4Q*CT
z_ebjVXJ{3f;W@?GQuu=aE0;NlaRVT!+7orfDzisHH6@^un!|4rPm`#k&$-Fzx|lVs
zP=W9IQ$-@*>y!R%N-XMxJi6o8K%<}o1PK>kU8s^g<+F+194_3=+o)2XI)gO>zF+^~
z*}H91ZGYkY`SjZ`HfLCs7mnNI_hXvTjP{ikng?N#GBOLbS$)}zRK#K7rf*f(bmL&u
z#vR{FeR_0KA{kM52?3eh=g>S)FYld=u#XMP=U6HxpxbFSx_4@`-b1oy#0Q{WR|aQr
ziVdp%X6hs!l_%l3<*#-%XI|?RS?!+UQ&E6=RR$J=i$6HGtq9;1^*hcqyBNmytwUNg
zK#_t4W0U-418c}#;WN8Nt}(`POn#^aZ-jI<s^}?vgZ6TIdUje+W>(><;43)B)$8wV
zLFkO<<XNg`R@eljOLATA`C+?tT>5x;Q4sN`p4ozG9=LUNTxwquY;~6!2y-!sa50&>
zl`{K#NUddNZzR7}zc>PjJ~y5Xn$??ueB<+X;;#mz*J<<%J*oaoA2_X1rZ1&6X+5i$
zP$qQFoWX!Ej`+<wcrgOkhROI&Y9f<%0UKG<))Cgj%6M9kg=PUS*<(_vR-a^rE0ao|
zogSV>S0UQwNhBP&scwXfE8b_3mRpPxD|m+14lDdb+wZEY{HVcmLZoh7#3$;3*pD+w
zHiW846fJTKy;pgHrcx>$#HX2wUauZLf4J3~v*Nq3hIfe~y^c_ZNVunWTl`?N4r%lE
zA4@Lg?AEU9x%`UU41aioU>&LU*9qqDd71&915uaK@DIM1g?HS!@HEhljPgasB1QN=
zYB`NazJeYcsd+5$V>Tu=;2fT-um@h63Evm?zhSOmM2F`S97<OZavd*_16q!2&?;EX
zqsa$!lzS5&@>!SWIl0DF>D1Rd16<uX)*mS9^oG1VBf>PCNyZA9k3^;V_CjD`YuCqS
zfBFur1`eap>e4WSAacYtfC0AhyTR(u28h*4T#CDI2Hq{TriN=^f$XPmt@I}Q^SOWR
zCW-nV36QHziqJvsCH?F!YZLy>Pb%kBKctp&;0)xhh-s*i1sUV}`zTCa6tW&91O9m2
zjs=+npQe$z$F751woVH4KR80{fPlMY!py^@wg(@93c*1&B#*tMH9m*X4`0vn2&bXF
zX;C+DGw}rHfKD?{gXMU!LBhYlG!<O`m1mN=XOqWVcqs3Y&qS-QQ1$$^lBsbqDO1iS
zMD#jfL-|Lo>x>M1a;_L_ZDLRDoyAelJ>;cOWkV|1fS))n{zs8-Ka0cjlkTY`4_=E*
z25YbISd>|hFGF^9#tXsyHmR(o1`Uh2IWTb$;tF_oxCHGmT7XnF!6rL<XnCX89oh0r
zThn&zZr32YFj&gzrM2=?8ZK2QD3zL|73IawT+xoB1;Sop+mTRcxL8;7qZW;}3Yzv$
z**PSIEOM&nX!!BN#7M|XJ15XjRqf5LU2;>!Cql0YWYy{#XKKuJc^M}<Y1l@xpbkoT
z3Uj$<P<483#e=T=Wb^>k&B%(C>^Dd!sjfE!w-covi0utVnXg70&^yfm$Q9zJuzmL@
zzmxYN<qL8_)x;-}xaIs6C3IMPqQKAj_BAFC*HNEuC^hc0=zUEtu-{A3>=rd6-wuUh
z;t_QXw7!yM%qJsI4-CJZ>tAN4637cI2rD><5k+<0BJ@nnD0-DpCnnpX!Z%-=P;p}L
zb#PrfT=?M^rAS@j@pb*#+WR2{{Q62YkExu?QoZzbMlc0hz5@?GYjVGqpL<H)FMVl7
zK5IfV*MSaAt-wbG$9KJBuMR$RM|+^9$9K_2bL9)+T(SmC2;gqsXMMf&RoVSoo;Z5y
zDc9TpzSXXN*64$~SU;=-Ie%m<eL_rL`esj=f%u0JfdBhaV@0n8vRol;0Ox>o*S^_s
za`=)d-Cv4ZKu#_JLtrEd<dtuHfA1%qBF56!aw^TGulMTQ{{|`{EkG6}Ltupv`@7!y
z$8!(&=E)cOm$eTt5^fF17}Nl4y5!pit_?r+<ScIi%N3q_mg+uhRQ%udDh-|~>w!a4
zsVnsK8XIIRUq}NGIJrLMSbQ?xUYtoj&-iApo3cpJl+zif^JU!&$~2n6H42-LIVouS
zv#*UEGCh`Nt~K6bcBfriavh#8`9Q^v^=4H#^p0E?wcCym7gyXqlCG`G(#<Xxpzq(!
zA4`M9@rq2(WtDDq+DCI$3SSY+8Fr{OwB>G9Kvf{;tp@v>nr3#&m-A?0zAx^R*@@n^
zXU1|5E5+Gj(KK^lzOBjv)x2qj&1w%7Kos1r;A>H;*uU$ms?xvfo<pbTGgqNXxA4FK
zH9PmuTdMEdh(-TH$lDZWcMMZ+sx!eDDu>2i22m32H%LD-#;C@14bD5SU^kTvzK4!7
zN)cabp5l^H3xjU$Lrs`)azXB)q(X>X^%7%=Ds^TfHIb^DvymttzGYauv^Z<!?=1Q&
z|EHx~zj_CGRMWW;NFqL45d&E3>{*5!qu+K*I)VT<igePj6=|RQfP|ec<Emw7Y>gx_
zxG#!M;P#OcD(x0u6kE1pxSoXQ4uY_KNv#!fOsXKAIBk>74~N%<DgoM>)=aY0kxmD*
z51QOwBR(7y-RD}+88i@5C=h8?zy>}Tf3?~unPptew%4ju+v`Qm-wJMz;Di;Yx#fEJ
ze}>6(cRsvdxudYIbU&kf)m?u5q&kS;JBY}HxD_J~HmXpM-Pm}Aom3^YN$qAU8OwO9
z9E{RFwnE_g3`kCRPzAMN?i!WU*DNKGMahbHD0uLa<mFcqQAQNzo1qEyOZlfbK!PE-
z0w43M%LYWQy9gFnWv;T>rY07pc-vq@_;gwbVHJ#Gj+%W$2#zJR@YQG|=^PQY58G+R
zDoDU(O5(a-YYgsn3=VAzF}cjAPnOm0HVgL(M@r_6e(+NY``69dDXeU=BNey1?=~dm
zb)vSw`KCQ1o!W-cQ25$p2~0_;Ejs7LEj!X^+ti?NR@AwMIjpQGBtmI=^k-eQ(*?xh
z%7_`bdjE{$P+fpqRuHok`pvw+J}E^k+}i68eOQD%UA$YjML>a2E_|*Vf4TXlL)eiw
zOHkGEYl^wL!aug<nLk{Y7p0szmI(h+rOdEIuNgU<*>r3jAJ;AUAzOZ0mn9=BY{bk}
z6j^KadzrA%S;v=g2GBx|4Tgr3HYXF>BQvkTjhl*0F)5SnmUwkerpLOOz?iIEnM<5_
zQnqfg?(T6QuT45n`m-jQ;7ljjXS<9H?XdpX-SyCH&uQeq9ee+D97f!e4VlB0TZC$n
znDz<sKMuK0Gvk*bH|L#QSn8}M;Fh+uGaOKv-zyGUP6!}|(d$-@ZG$@&i;pQ@zPbwU
zib=Cf@r+*l9bb#O=yp1w_RWgSCDu^U;rxD1bc_|{yBs(t^Tucts$Y>T<s)Qvr!+3x
zxT)!324|~;YuJ6}JhuDWQMA~&_}3SoxaDoocm9lh?QBLaZVL)}iX_2l#7SCAf4YuS
zYutc1=SaP>5EH{WDN}{E&hD;>mEG9gC`my;fWZ8$H7AQKMR_NJ^ZiF($F`Gk8XuN7
zEynfIuB>U!LN)|fnJsSmdW25iD8*H}ffHrB9h4|{Aa2j3gEEv3gA<uM+i5x|#E5mv
zXDL;pO&WKI4%a9LJjSXX{%<0#@Gy1O2wRbKcFy+i9ZM@}cy?TY1$e5o@Ai^?hkrv<
z#Fu5;;)NLh5>>Zg1}3SRJj_p*je323#9z~V=9$$6rCae0lT3P~p*G5}n3b4I<EEO-
z55PhbaZ8TOj_X7w=VbfU`PMjSyt{L}B+<7^g}IAvDVBrfxWtw%XQz}D+>~9BziN|c
zWezV2jiS2G$Kof76SoS|rQC%cYI;oVy`UWB+%^R958+Fms=I|_Uv#TDlJAAJ{$xZM
z@mp037{=1;t`Y0t?eDX0E_6B}U5OZ+DOrCT<E1n|E}+XSQr>pk-MX`g0}rWEg~g}Q
z=Ivw127l)r>jysUyGj_z?F+D0KF*DMdms1&MoF2j9*C^}8c_pF=4z6s@C+y+{d{bJ
zaT|NeCI>1t+s-tsC&&xm_1qjnv1`)n|G+qrb@VbHWslMI;ph9)kzMWQRzNlWfFf~v
zYI663@YMX-EQ#cl3{SrMVP5O2kZv*&R?Sjgc9n|x{`ggIG!?C^`@x_571@B9&)>ti
zu#|7+f(+vy8T=WEuVA86`}B~0|LF$f?tz4DSDDD?@$VDx4SOz$d&OoE%(vV7#+#UY
zH(&c6EL#@G1k$6YBAlo{AxALvh@GYpKbX8pemeg{K9|k=R&ii$;=Sg$eee$A*LaM9
z9X3NQ>d;#ZFJs&cc~Lo?ya&`n%LWSYU=m()zoZuMVJ6-?_>a230|k%l&`Za*B$Mt0
zaLqRbR5o=r)qLX?a8(vRBbRWCoJUlgd*<6IHC+`|$Y$Hw%r-exHYqfp!K*6N7PCv8
znap((%daTW-KxDIM)%%0vdfri0uMXb$>YzFeABLxOgs@M=6~GXK0iwk38brUtJruU
zA?Z6K_AXN+TcZC(1mT4q8+=0?KeR{^CFs==KyPnpI|?-g?bk*K2scld4deG47Ii4H
zodI#8d$?^w_o&z|w|Qu~@F6loZ22NFd?GY!x_b1D7cKr=G5cMzXJZGW3wQGgDJS;;
zOpN&I-g>Jdn$&o~0?^bPsli(%jTkVpx=GbOOF`Z^DX3|0lNUN5cdueOf^(l?9*i0x
zgmeGBL?`Ra0hhy<t2Zqmn{`YqO)l*qn{osL3ww@wXnY?0het1m#sJ^}3vbz%i)u)}
z<$W|eNqGq-1^`Wm$k3>^V!6#{-g&#EB>y04eGs<S^#lI|14>OrYUoUkk4FycE?Dus
zLpUv{YNJVZTHTWEWy{qL@m=@mlNyCcU4ZA{ZsdBXiMwU5Q})H@0jwBe$r`^WH*KBW
zh>nK$8W!!t#!)l5FR2G-rf8nmM)n0(5C*^SHD}qtbjMg&R-xdg#Fw}YLLb0Lirkl1
zuC-%_xvIDHkErDC2R2Zwhyp$ZFS5ktil<BEHj$`dlv|z?pvOORMVx$lr?q`_jA=U(
zc-NWZGR8)VLMsVn4(X-W_j7+aB2BIhyf+v%EIBlU6nJ{Knp`^0ke=Z{dQ#P9B=R8r
zUCjH!4AP=D$rp{tvVR(1?NL^AT|=W{I3M0(m0vof3^n(X?XYv^2yApMPRaf3f|h-{
zUzWl)MI7oL?}`9@ozPMX<hn%kDSftdu^@SMMQI4P89}_x%z+(uy|saT=+?-RDhRuV
zk8ewZHk^B>zdw~3P!^aNHR&Cg6&Y+I^=8HqtKPnl5IT_X<h<p}W*)23)5u4q?G{Bp
zBU+n@4U6Lo7+M-NlWcH+4k5c%p!ez#7LsENiOkn%Z|9aEl2J@ep+E2$yTdlY*fmA&
z$NYoc$H#MwCn9r^i0BYB0Q(QWmD?>S65Vg>mJ@vk0qC$Cv=hW;dy$cseIr_gngL^L
zGS4{~#Aax&BL!p2%9yT7j0<pH{&bgb&!CNF?BxWXff_BVN&az)j<gdPhs5Y%{$+ti
zSO~dNY9%hm??=-bJg*V{&8Co|BEzA-w5|K<2hXFuz>oz#Ku}HT<R#aHNTT<xX0Uy;
zyr+Ec(2p1I*I0r|#RTJ7&ElZxx|<R&7NR}yv0sDvEd7T>f@hE=VWs;kDQfGU@t*`J
za!>4isOzsbW(JgG$C?G<CzW#~bdz_8Zg`5lJcNNe2N1`gU6UNRWgbxU(@Oy_UGiYx
zbGhN^Y_Zp22<TV*87Obh8@JxK+JA?y*J{>Zua|DJWT|;}>HZn+BP*?1-bhNCV&{?t
zV)diDf#dM;NhBaGC9LBS(wsF_5}BuaXtyqzvoAfR3@aB7?JILW;HpLYR!(c0&%fOi
zxk8m}Ra&EIh;3CnyvZ%L1&;@(*R)2GP7VLwfNJF=k-fKicPro`$CSpvy4tP&WgpZ>
zmbH&evxN{WZd*-9R|e&2?-sNKe#49)b4B)!1%P#Z1x36&z6~ui&i)ta7mh|#)+cAr
zSH!bNjzrbdAVGo?1nAn{te?D}{FlWH$CIZ0TJ_(#+9ouoM@5i0C0boVQwUb0*8;gS
z3ORgkZg3Q2jB9Y=mMd!l-fNSJQ+T})io*sGiqM*~bv`X8E(-+C>W#X*cMr7hM-m_}
zQ-KWQ5Stv=NH3osCDc>*EGIu%O}mXAZR(AWa&>0b%pqy)M+Heo5IW-r-AzDl+)jAU
zRo~~=c8D-v-l2J+dm8{7GA&(mo;wxZFO2n<#jhS*Pj3UZh~AKxwk{%iJiP6GP;?!F
zRXegX{Mnd}cVLspQmmW1n)2zH`iIq~p&~6-6MGxJZ>V1I+ZS6xpx)^r2QB6UjYU#5
z3N)iEbWWXAn{t81h{i+I(T`3?n$o_h90CXi0$xR_a#A$544ZYV{tfI}h2(WNdNBmp
zm8<0A5EXE$)o$7mnvpTd8sYBp`n|XvaMuZ4i%7$ud;Ny%FV#3i$=YU`Ocx1A9q<vj
ztH5^ZE<2`CFfRO>lhI+wl6-#Qcg$&av;>|U!?`inza!nyL)BnDe)-&WfQ!dp-M>VG
zA*K8D(GU)puUfw1R{sT;&;9&urZ2~+xlh45Z~xA0xoHBA(3?Y~_PfDBgSd|vwPip%
z6QFQ$Yjl*7OKEeAv%ZsYj*4%6)2K83^0pFkrz7<Yv&S}=^lOmQD2HVFx5Vu4X^%PV
z4&Zw>_>b!)+pLsuAQhDg7c)YgqVv%ZUw)&Lf&q#t+bnmmds>r9{pi3atpX0$Hg^mT
zDlV*VxlMs3hZ;8(jg|N6H<s~gfLh1T<yuVF+=rg%O_#AdL?Dw#>{jtB=mBb-S=k@G
zC0HIJ#R{$pmb;dwk&@m^OTD}omNbN@IG6v>ITdpBlo4V_2%H=NRJ~06trSV$1hJP0
zws!!Uo&{Q;4(wm5=x=^pnIWZam3?@@*`=dtf`1WGMF%?he_IF10YE{&;hrRUKd;ke
zRr*(^&%KT-?{o_^bi6-EAi5HMzo+d|DCiOwuYHI+{eXH~MOuGtdG|^eJMUGyQYm>7
zwPu<5jAOx%JS}8(Rl55RRK$MQTtT@fi`)+}RDXR?P1--+O^VY=2kfd)2?wY=UE1ze
z_&8~|E!sF}pMu@3CwDu-BMF$VF&h0iuR?z~(vWy}E$#`wexP7gzzjR?&>OM{$t@@R
zlE9WmF^|&w<1h9crtiNPvqX0-CCFap4U@PNGmj!8p_^bPp>#&=9WI$o+mQS&r~IY~
zlT))I2IjsH`ocmoIW_y0Ad1KkP+Nl%()#y3l-h=ra?ga3G26>v$S}d6*7i%F&G%2W
zCBiC-?$b}ca3!Pfi7r2zDgI84+n=hv_?<cZi)5JPUZogaA(Kemh+N%>5X~gS-~SJR
z{&oCUSA$jS7teI$+}?z(V^&DrGa6<!Vqv@S2?0=Hh_|R~q#t8ZOpmM%fy83UbKNAG
zehZt;GU)c~ztCM-@WQxWhb{EnfMI?W{8!7;<<yfHT=f^kM+q<ieWQffOAC<)1!^T+
zVIG#iU8x0bOfX;);7^RLgj`Iny5UM{XqZ}TOea6J=xpMaRdH;Y<k)8F7jtB*H#$zD
z_mM-L+CY3u(6zdhY^gj&owoV_%ie`-3_*?=OD=sPfs$tsd}BaPawhR4rE#ixO9^)(
zR4k<l*+V_m5nTo{bf3JPIQ;K3^sgqYuv$vH+T|4C^BiY<Nw%A3!D+pBLQ}PDOqUhS
zIUj58mm}swuCjjf<O!eZE!_(_e6u$7?@*4bRpGZh&1ruY7y-*XcHL2bvQ%Qg<x#~4
z6dbFW_yCmnpM)BE1=PE?l(pqlO25PIf^zrlrH=rXioE=4%_=c#Gu@>xrMjKmK$ndg
zW@Ja+7Qq+}wW)RYzY9_+TN*+?6=`#;jq*M}IbMU>{!!v*SBp;=jZVRm$z6{?tiuK2
z?87{lgn$wfS+SO=RMMfnN(Z1x=r18kohqusT}u2m|3%&oE1c1GfwI-gf=6U>EV*z?
zpKj&p<bu3}|32s{qyby#BE2+;rG5Rlfp;?(;CN7M@iwP^SbV-J1qQhcMW!SJ7txQy
ze=i}c>b9=4h;^HiViD~&-n}?EqV-h_zU=b}uA7O@T;tfu*t?BHz(>BtxJ`A;r5y$^
z+%3)RA;ppgm9tbKzj`$#=khos>=7>Qsq5bhW!`(dgE+p4nsb&lSWmSk3+J$_#}&)O
zQ6q|oP9x18y5d~=<1sJZeZd3z2sT!6aBas&(4<RAUC8y-WMUZMAav^R>i|w$KBnC{
znm`qYqYE)0k?`Jr7)jQpBawKw_vd+biPgk@x6JxTqagK(#PO~}$ko6AjJfjv17|>(
zzc*%ZRY{C0&JC>hT1rXghTHMeXo_Lt4<b3(chPrN-A^)_uexy{SJjQZ`oxDAKjhEl
zz{=Ysb2+2x{1)SP4FUY_k7oH@Bjb0jGURt>RQ%4pT7%zNgZP~-DDHTSngjYGE^yvz
z&0RV7z0^#Y@~wtUw|=W3)6>4ykm)_XZC<92^~!s0A31=OhX&F5PzAt+0JjGL-0qb#
zbj(74#2^4&le{4~3IWbH`mL5^>B-fUQN~L@E~o3^p$CG`3objkmZ<I^ZL`JAK;#yT
z0U-kRnw2Iu!eiqhk6CxjRyj)M{w8^|;q^3t&uURQh<XuK*r-I21`d$RhNJMZVI(WO
zp%{%<EAA8$SLtbK;|uK0M<~x_hc%>+UPz*^8Vgvgd^TTcM>>(?r4FHfnVc=2lOD(0
zMV)0VRNikXbs%9UA0)m`T%NxnOhq6J-Wg5M1tnO<H9K({u7*MuU3t?Binpan>g<OY
z*%cX|n2#xP#WOy9uF&IDYOl*jky;A)hmpiVk-@Be9|qYBDKlasFiciIPcb1ucFyPh
zF_}nqHT*CEL6au!yGl_}`$~33YH8#<pcD$z91U%3PI{3v|70wf4PrIW#G@AUS4J%p
zbX&ZK$!R^95OZXXuG-=_Y_vs^B<ICL3FEo$3NWj_@V>j2BoGdfMdjL1nat7{chdh7
zhBp7^D#}H)5crKE@N5Gh&<7F7VY;3c@I?y&eh7iPAh5AHY(G@6y_I1*>0lVxUV1Jx
zwoX966Bnv>7X6mm%YYu<Ug%jA3UWIAkXH~A(e>OJ3UUgCoQsgX5i&UxWJlV&fRJ*M
zn}uohULe*i&OScmFnKNVFx|}Fy8S>H!}Qa$&7|Aeo~APVpv^=3!)WudXUXw^wLw0&
zj4w5$M8cOEQlkBr8dBm)W%E)(ye6Av6^ns|KNfV6@Y4#wbOcx&1h7W|7>)p&g8;TF
z07(e2p59ZPU#X$EkE(25alfE6b#M_h^+!-&k^=A*0vy1kQbnFeJhN~YiMXmhy-@E(
zci4e@!P4yF8OJK}rPZvW8Y-|5&sSB@3v@qZMK0<MmS!{1=V>`AP$!<GppP@qmgf7Z
zl?ep?&U*v$Mfv1m-yE?Pl|C>OQv~r6s4L;z))FyDB@Z9i8wT+;u295ag-Q&PJBD4a
z5NTy)j(QZ%W@-Hjc0DnxF<^0q^yUhGQApTw<>bV^C<!ZwhwBW82JwLOx3g3Xt_~D&
zPe;-a=pgx65vj;N!6$iaG$0XA=u5p;P=PZMe`ZL=75*Y8ABCTw^zS@RWz9r&#BijR
zw?2c4y}t11P>H=+44*<2dqqsjo2A#5Q#?v29xIpo4++r+K>8I@RM5mqk$$^Cu_;mY
zdrzd+hR8%xYD-M<ZgpJI^G}ihPgnFi1IZR$g`lhP9sw4a<71II$RaZdS;Qut2NpRH
z<;P?lQBwlp9vnP`bEj$7EgwwUIC2i!5M&vo0XLTR^%cV9BHUSy3w=A!qYA;^Mkz%4
zXm=PiYjq`P^?euZdl2?*L!q%CWXBbm{z4KvP7kN!9Zzd^+&PPMyy+}-Je;+6sb9S}
zr>q_&PzW3rXZlMZeCN|$Vc=kUIwACc=JxlOK;%4SIBhmKLr9>?Pc$UZKR(frKu>?7
zA%PZr(!2y}uUt{oY5}lpZxBy!r2zanAEPIO0IUkYCIlE56cjR80eBMuZl#fs|N2-%
z0&V@cc?tBe($qw3YI0Ct`3k@Q1Q-iHJ#$e8F+o!(-Fk{jkGm&;1j_bIU=@ONJ*yZz
zfr%T8M0{o$6)e3cC^85+spLLMfjdl4#8m+UZ5kh*3~Kchl|es^54?}%e^DOIy+b9B
zc5M%X6laV7wmj-1YRaSQ#PH;i#~nf*eI804ebS;lda*(!k18sfkw@1&TJq?AO?j06
zZ^|RSLM4y5iWcQj?kO#Kv`kYTl?KS8O;jEYOlw{qIWq{meBJ}>vM0)jGHqFsXBrYx
zR?VPojKwzkVH;*`xIrcY*Bjwdn~_^1XnQ(@yS+uZ_0=7La;yG_FlhUkCp5)}cL3?T
z`~>tppn18qBP~#FEe@w+qjtwtwBs1;IEA%0s8>sJYjawl+`9687&xpdZ$@rC-z!jV
zy&X=Q=JF77tLZ%rx#fOOLvHPPPeX2f_g?dI>zHC{j4lF3zb{BE{YwGphXC7y0D3B-
zA_f6E2Fa4^6#&m144bEN>*n_~<W`6GnwML{l%`(CrqY7?%1{87B0%q8xwYUJl{l}B
z4v<?@Sj7{g{p8kx$EYxRbhKJ-r83}qMk{jbBL+Hrba--Ww1dj6>qnC<y+D8Be-v-^
z{jDl7b<5T;D6jVMmg22eJsuEm<#_zRh_@OZ8&14c{NsM{R@XfqGTy48)BjuXR{Gf?
z;;p7G`~N52YQS$~zbo~2!XS6`Q^#AiIa(ho-fHw-@?tmo;!FM1@m4#I)Q1~ymG!np
zyj8EaL&RIPe>-%%)%mwV$6M`v>)(vGn(}Z9@m7N#ZXw<(?%@{Vt**^%A>QiXOkccJ
z=eIN%BKKCf@m4Elwh(Xi$jrcat64CIs(33;G2P*CSe1CI{l$LqR^PMw2d&{nEj+x0
z-G65Fi?_OCsT^;0@-W>;?qm(RUvJq-q5_BDeOf8FVz>8^Q$7*ick3p~`;r-gnwgfi
zEtYv-k;41z$oooU-nV)&^1ctqdY0K=*<ywLvF!~t2TUgENf?eKLx~`BK$0WtqQS=j
z?bzjbWMCw}3@X};19o3bIbc3=zz*=kNws}sf`tM-etIZ%t5nZx1r$k)1FBW=(~JXV
zAO|!f2b}B20S!U<B>zKxxYEZD8>Ul!xKiPV8I&K6S(M<rwMIeE&3Ih0s`Ly;&6m<Z
z^W{7PSF89KhGwJNT3$S5Vm}k(+rwEvH2v{t-q4T$qcm+N;dGPw6HYhyH5w9Nth#}+
zJ1Ma{<#lQ%{gEb<{+!baYgmt^%QmeJ;*IgI6RuUM;#!|kjuu7hzE;(JN$aH7NL{t6
z?i*V71FhSvs;i-OpU}Dpoqt^uty@LwTC3_J>B;L7S{I|L)9V7ctEEW}Jm3m|+uRn!
z`tDEw4m|__y@CMxH_6+%RS3`{2p~ZLSc3qaDD&L^YG}#u&8uNah7=|2A{!g-8Ps!<
z0+4_J*9QUIpa4W5K)WCS+3jMGj!bLT?P8Fsr!lvSa+tH~mwK<8rV%Ebc`$0*BK=M2
zxG$7=B9#|zETRm=AYE5P`Sw4D`Gt2h&7p-a3{&EMJgmquOyTd%vQK9T<?rKs?HZ-K
z7E=CRB*pwf`Fq+h%HLUjMk%|5bW??ADpPk!(Uah(qrr<QklG1Ot0aiqgx(wGjv;Q5
zT3~S-A55abszp+6dA+^A-$~K^57CpNrHfL$e=F`JxY8Rz4y<p*mhMaQux*;{QE&|!
z@Ev9#Oh1C6LfnvAEm_wk%K@pUAE5!MPYeyIkN;b`_>e@EF8<oLVd&xm7qp~{>lXy*
z;+N<D7rOY>)<hD`YhD*$HQ!Gce{#N`E-tI#Fh_IRXer`$O+|cOkRtxDpBQTWU&|jq
zeZ1uUQ0E_twe;~dn)>)FnymgcO?@1rY&G@irfo#Z@X18VSZ@M-`WBx)UAi}Hefs1}
z8v69UmqO^%RWF6sr{8!fG}nCMrLef>b|uEJeLnD`>L8xCNdY)D6_ZT{0eq#X%ReB%
z`#}I7DFFXOfY+MQr=ObY)2BDD*3hRvS>3!oou{0u9D+?*g7oPe1)w_u+|lT#PshO=
zdI}kPeht)Z&%KJ)yK*LFt;vHGZo8Njbsij^Hhtqf%5DD~<flzb^JH!M)t@Q1tsSJv
zzy57~dT9@pK7D9i82a>Mb6e7<g}K4{blTkiPM`jq3rC;+=}|v@y5`Z4`t&<d|1ay)
zYbS@$r@cl0pXt+|d;Ik2UKoU{)~7qw5>D4PfpEIh&jsq!dpiDK)2DZ=3aw9nzACgn
zy?Rw>eR|QV(E4=#s?hp$_NvhObn>cyQ=k51QVaU@ib*Z#(~nGQL7&c@<kP1so(nA*
zW<B?B>eCnRX+fXfeNPMe^k?_9pie(@PYe2V(LI6s^dmde`t<2(f%^2X(^UHOkJDs*
zdgC<8x$n*J)2BaTg~Kxx4*xPMx;-O2eL8bC<?xXie)@E)M`V5ao9&dt|1luQU*b4f
zQnrgP-yO|y7<u0)xG?;Bw1MPKa4eKKfzLTh16pfmB@qKSnJidLhP@Kr!ua~O0^r<w
ztJmw%<5TViFFhh40QcNs!?#$nYbBZ`TIMb+RRp<~cVaCt&$cX|YA@U&%#)6!O624^
zNvDdOyf<<xU+z}SZog&#!ek{<es=4u1eUSh1fcc;p>87y1*Zo@tm3hPmC$Pg`M6>M
zBw2&tS}4&danqsV_P%$E_j!`(nGs8aE6*#A1s=POk%^_Dyn5*#WNKsXhRNOr!ywK|
zoW<m${WdBgqcl>;x?(@>j#k7mc9rWH>Dx~wuP3FsH_F)?ZP**mPo);K#`bzx=Iih+
z8GP9^5IL!*aBnm(;BJy4lCRib-nh~v!f!#*AeUK@bV=paC9zog>O}w2T=BSEQBEor
zVZ{h2Z<5PrlX81vUT)-k$tGT~^}c2mf3wy!Mt}rc@{r*8{V$vD8cC8~7fI|rzH(`!
z)aus$940J4W{o9H(#8I?<Y`vom5#EKQd%-Z+DQuR^R3<=p|vQhqfxi?6DuA#JZtL>
zlir{sS8<VHu)~-)MA&bDe<S&FUdNhPPMa8H_12N!OX%-@^6y8;?_55o$<r13X!Nv!
zf15m!R_}IS+XB0|@2cdzM^5TSGEgK`(TqT6K+vs=BZBVLQzoFx{nF;PpaxFjdoXi|
z91xIgMD^8VWViYlUcYTHbJF6ETc(DtGZKP?WN|M6FDgV5apGyO-Zetal}N$#BmekS
zjAc*H6)%&xc+`Jg6Pmfsa%m+l^_=mr5<VzhlsJpCn^c;jHdVjdO}!4j_z2d)fG}Qk
zvKQG%N{c>fc>s)sFaRw#{d;>eX_}3))H95xznz{y@7bVtI-4$|RZ7pFu=5(??^^oY
ze|lcyw>$mLYot)FXCgQtb9OzZ%r75&l2UR~<7OykKNCk%<7PK0Oz=(aO){GsifryH
zoZLd_)bp`gN}5>mw-jk4)Vlk?PfuHq-qXqx<yq=ktmLTX%c{s%YY*R&f&|XJhRIL%
zMaA71LobeJ=gID)60v7$KTfh0;Kx#ie^?q^AYV>8jRF0Y;&<q53@bdIqR3L1%$q}D
zbM~PG4#n6;Ppl%qWA000qUI*O#7@68Os37QOi}WoS%`@wUb_4nFPyfJgG!FZwsUhW
z-=QJ2?w&4R?iAg~-yBySoZo-hmE%BU^ZPElV(7(jb9;%~1peb4Ld}VO7GPY<uDtey
zjuUq-*li&!#zI((#k<{7bGpYcSK0uKT4@aktjEv~>F;^Oo8{-<YPge>Sar36EBayM
z5I|+x+{xHX!AgtkZk^~BW^C<I?inl8xRV|}H%&a#`!ZjdR>D^<D$!XgvaZh-uUab7
zuE#f)HS)bsKUh%fxYBlRcX6xW>eNQu#aE7x0MNU1d}WN_X)C&+cHYs_ttpm@_UgoH
z%u}}MUg{~Ee5-#(a*Y4Ii=6$#*eW8Cj6(S?zU(d-LGcn=ouCS|{tmCRNv)UWj8;;;
zmI437{I2jQ(#K?YTuvV|;PE;7C=}G0C(awF920AWx^&$J{9$w6X7$#RJUzC|B0V08
zH<VW|iDhZ=>m|c|a;7LyRm|iVK5@4A9mFRIBVFmHIC?Rhem##<a`#mBB6=U84`^OF
zbMI^Z)5$G1{}OHfk~51nPjdb@Orb)RxQH^>r6BYAvfB_&z92#nYi;6rsY50goakyQ
zJ%c#qKELBxIJ&jwNt~r>7+H#JK=>y-pgohbgvv4fB57!CR0`+Tdo>F0r1GNl$>!vR
z?{0|J5<i;V4WYOu*4#svR(e0b^Mk6~drdaiH{>#gobs*qbdqb#Cg&P6lLMKq==C?y
zY-j-~#mv%_hIr1Ci=c+(6!aYiN=`kSZ6Z4(Sk#YJU*F9yubN*=xCD!&kD)nb27PJI
zEWDvLN*6Ox!Tq{FbUB_xj1^%{X_|sc`hLx&pkqkIJ%Z-#CM7``J6wFj6B@3n=qH*z
zT>Ks#_SK-5d)BCG{y{CCC0O%3n~frgpD16Y5j~O4%bHvK{77f-riB%^;ACmUPYRfO
zPuy-5_b~o=S(-JtHN3MKhIUCSGZO9#@F%Cd9&C**ID#pd%GL<)vHMn@yn&{&jfW!V
z;&?onR!GkO)JtQ3j^}K>&tmOFQuKLZzK$9OdQ1*#Bw1rtkxFS=Jq$fGovc%u9>|(b
zL4$g6A~vmOP1o;HnkJ46XqqEeK$5%dKPRnV(+x~jXvJE`{JgC7vt4QHJJ94^oQ$on
z<!I}xeXXx%t-ns(B_v7j=cE;EomO6!)?SJy`Faa^+Vq=UDNzC$<$$Gj_%DH7W+OhG
zD3N2ZWr=4ApDRmTr&AJqzi@jNsj4Q(&!Q=Q3$Y{elIv*#j0r#YL5Jj~42)PaV>1;{
zW1!8XvkzOTV;&xChMf4TAfxA%8ZH99j*~D6(Q6V00#N5!RTlVj<6a{&sibecxTDfp
z>OxguQW*ON6e0u5sQQMwd@Oh8O|aYv#54}c3Dx1eJZbg-j@*Y4blQ4S&}r-Yg3hN-
z3-oFgKceYAN3vC`P9Hw5;XYsecnJ6T(#J!)&mVj|w3B26t$SWo_e_wJq@%(=w+p~O
zBfWthj7SEMA$^1Z7lV8t7nzf!P;w!_pFseB5&%kx(hP*z9R#zR!QfhuauBA*mn^^_
z?H=dn2r){V{C~zvU-<t_mfjgBGn!Y%QJ#|4%a74K$qIY)>KB;LP36xp64%5Rk;rv4
z67Pte68XwL=F-OeB_l1L>)_!r{>h_61`@ckt$Y~@bel7t=C08%XwRysY9QxayA0Nj
zxpebkH)frNX3TPXllUi}Rkt@xr)saGe|!A$zf)4jHs6Fc-A}=9SI!P-EUV3eQ4H4R
zOa=qlmRYEc&S|M|ypk-)tdT6}Dso|mS0^}Q68Z9WfRJZGi=Wu3`8J=6z*N6~_?ktZ
z>(J6gCT~Kqg>AbAC_e32{?7H|l$L9w^iu;{PDHLvG)SZ08f+2YY2(P0#5aTUA)OlM
zGR$4{Eiy-sz*_0<!!0=N68+G@@PfZR=iQtmUL=W_8iD+?`O3b%Ev1e3FB)#C)WO4J
z3x3Nf`-3lgmsml~CGvX%v~~*;)vKr&EBRVV8!d|l(zYfoct*R4Ijo7PXsA7)&Zmjw
zR0-t7KS_?o2c&O`@+#?@uAs8#ZE7js;I*;M3{i1RPHH`lllzaRz~oM>#?wJv49H>H
zCwk9#y1OF^gJ}Lb6b+LT^<TB8D`Y)pm6UFrbBx~K{$v~%q<z*k2KV@fUvGs_B*Dt6
z^;->PR(Q$X&`7TWW~NHlG1OG~^rn8?N;Q801tkWw87=N29nJI0>6PuAl^A0wy`)P$
zg)-FO8O8Edu~GaY&u<jdf=Klpj^y;p75_q~ngNK+BGPPMU!dj-##-M`bXG^xRQn&f
z;&Ds;W?k{k0n_#ZnYN`XJge3Ihq~&NA+K=5p^22{C%R*EC>D1~t#;q%4IJ^n$<0YU
zg_E1=#f$C}V>tT|Y=$_)()|q95!s|GzETgSS<2v7I9Nq({px$sdUHi`FlSJv?SWi6
zZCB&{Elg@XkgP%CB6>E)$X7<+cVq%?|J^M(ZyX7a*tyY2Zl}egB1+O(u%fOdNnV@o
zY*3zAdeY{Q)Nb2JFJ^3gz8W+K?1zPoTsu60lcvl_K>y)O-^C;O9!9q;%Cz*ouaBqd
z-uecn<E?rsl|vmT7QIub2k|yAG1{;1A=6BK>Q-q?1=tGWjjN$)=;0;o;Ux6nz5~XW
zjY8iE=n)yT80%KfNFZ%XJ^GPBat$iL;)SeuXAd=fFFUDc!z2{&XR1l=TEFNNXLp-(
zo&<W^)Bm#2Q#JG=w5zRq5*2nW!Soe&h0iyM<Z?0i#uBMwe3Hfv;p<TxJDdYb#D1po
zVk1(?Xx!_w<FOr@MnXX+(Ea~v4~gVSDPjKq@d;#)l6LK%1RPULV4^d;<Tk@<`WIj3
z!K*b~gVw#00b}#0;QD}mfd86Cm#H{8vCz|ts5Al&;rPUfQbh`<*gIB7t)8^^GRZT3
z2j00OkSjGr3@%s<tOYObc%Gx`IQBvBf%=9F)CEkbJMjX3TM5?h_p3k5$;Y&?+Y(gJ
zv05^nh$l{Xqb+k<V!RDKyY@o#X<3nU;D4)Qlb+n+VZ)pdepjN50XlJig91!-|F==d
z#E74=>%DYamK@v4Cmu()l!+F(1Az2y1F4^tXaJsL?R`dA*We}pEw!5J__869i0(C^
z<{GT<YdW%0cfd4sG74W&I4>`lwh8=*oq}$^zz^Lil<z{fPm#U5;L7?Lv5~$lOn~Xw
zEKnaR`8H2ma?NTT6~XwG*}ri%@~Ix1=}*3F1(}Ar2KX(A67Y88+!@xIGm&_=fOti4
z9QjLd#r;UQlFlQzqR6A5lTvr_JviQw{WJVy``KUtll^B7{)K13wZK>)@Q>7DGUsfZ
zo}W4LuR(BZh!RXYi|eeW?RF#XC+P*TolQiN(F=}^dYkER@d=^)l$~6$ux2dgw1ZM{
zRw7A6Xk@m2)Mkp1L@#k69!VfIpvas5uBJ%;30zLE$LK!4c@N8U<+9cfvp}nyNPfod
zIcOmZ(y*QwgqZM0T72=Ww|W1y>lK2=|C0au#;jof^};;rLpLA}M#N!yC>+fHZU1XB
z{rWf1{;!NlU@=+CHtBVNrr&3F4L{2oQh2Mcu)lf&64}isWWDyz#3N2YXP{=WLsBJ@
z9s%wnKL?$BK7*6?zHrP-Yym&FI3Sugh7J_rc5NjK{A4!NH<WR{CeUqPgH(L(IMI|&
zbydu$5^0B0eHW|#sjJ^+w1pLZ)m2W_j``PygGw2##QUd6-4KevcVO^hSHJv%C`M@L
z$u)9qZfoi^_<I}bvH(8i3v(lWIOd!fu;0QdcLvB8u^s1WVKVdS*b)tvbwub~x*Fhl
zOQE~C7}15?l3Zk7^hbQK12hI1)3Qy7<Gnb)yXH2#yS0;A+7FqMIMs`?X?il7nx<t&
zy1$NUViECMV{P{$=7Ocl486EjnwZHPzo77xUP)Or$(aXaTGEl$4ph~emS*`4Q|!;}
zEgbcdv+p)DKd0iD1YAmfXW#9)P7oslM4D<a+E9I}h>XORN1GjqJ=8^bZ$=WQyybTe
z<o988ApX{+9~Wq!<De9ZKhroe_!_)<gDZfC7#-zE0XR}OY5`F_bntJo4BuBrTuv$I
zWx5Tc3rGkS$)lM7KQWjqzJR1-QU|LEY`-s$&?L5I<|}_>*(?vCn)g-)$99qi4!9f?
zX++aKsvJ%UbPx*fRX9aOkp`!jR}@aV$5sPErF%Si2TAuRJ4)8vA>Vxb`-e2Jquuq&
zxtsi<vKOV6Ri5tb=SBIH6&~p9pAVEwP6oMd;d*&d>e>2xV-H<_L<=+$y~LG%CUPLj
z0ThqxQP0-nL&USqRQqm98#Z!(f_(1Ia4MdWP6jH;Ok;iDLiP5ch}OzL{&6eC<bh}v
z|1bxx`?{z^hI3b=nPYVB;{`{gs3Y;J1ssZBvHorfyTA9kX!f`2aCrUor>z`~3b#L#
zc7KT>`eTca%rCag$qm!Ih-9Xi$J)hkkR7_?@%-+gc(SU0&XA|B&~NI_453r^<aJ6u
zX1;Pn#74jMkG&hPuxU$H$9dQBmDL#L-ZYqVMlFNZ4ELfrbRhzJ{vGXnWc|`DQ;(rD
z;LlexN#_lZUBs)FrPmk4ark#N{8hE@@V1%PU2MRtA}@@GFYHtUk2gUlpjXu>y|{e6
z48mSEPa(Z5WxYJhdKt)ixefk;eg{^+Gyv8mNw3!3*ZjstrFrAVfbaF;lkR)rU}FG2
zjXDLNDTq%x#plc#icbW?=l%H<pEu?!_`KW1@Y(yk(){1T!snFlg=YitneD@8DdO|?
zeFUGW44=6RDLywad^!?*WcFUff`ow@+5mQVedLqxLo4g?0w;p&XIBUNrKWSG*Y+C3
zxgCV`(kH^ycph6%_czje<F8rk>3&1{E%<8+A@uLCvDA8LdWy0STneq=K5(r$d9Jd_
z`yjDn+j-L0x2J7vflu??Ah)>ga2Dr@S>K)h`uZ?#uG*-|kZbcvH=4u})`Kj4I_a3e
zQA;a&V4{G?DV-b)jX%?<w8}u<T$V$nRXh#6F3zFSD!D-PyL+5Tt2`#HCX!7bVkf|`
ze%3pNw2(q}csG1S`0lAp*%Wr9P_d=j@vsMl%$9Yho3y{oK)E!-CzlFgC?56>CT_PB
zg(m-TFQI{ZU#2wh$bySr+Fd6*y5Qs;WSo~;b8pW51PujUJfr!L`InR^&6pH)dk1YU
zWP4=*&#eHEPWOm$Ape#rM^qkphsv`yyq^;L11r4PUMWnGrr&y*>8u~J>YuTi)Qy@K
z#|82$?{<f`<Gh|=Ji4N<T_ww83yi{ALcyJu3%c{lqRBumLl+I2RZ`I;GGKlFP6uqz
ze7b1<oJ$wYZ*$|+_objJpIADWE4hhG=t@D{B7kMt7RXyyn$?P1cv>(u@Xu9m{6x1g
zwR&T4zBE{LeC6;6FpyUkyv#YXo<!u^@K4@PE>4clzdV?;KA5%6rmOQFcg`m_dhY)v
zo^#KR;<)p?VR&8v-#_}D`?EOy@%QnVBdjyScSgF-ynX396V_Wt54VoCj=x6`^O6f-
z+4ToXDe${rmoK{k+H?O8wt&~;{UrV@>3YR5H4BUn8?uKD(jXJZTtPt>g$bRh7&`SU
zy(lbCQEJgUFTJ@xKG=y=_AYejzMW)`T#`pTYPiMl?mD)?nvKB$cGf-<piOzhwAvpA
z?Yn7;vH7GW11`EB55^;p*aq*c*Rh4Ta1bi!X!Z+rHT2BESl|H$pNeSO&X>g^W;9e7
z#-rXUZigXRa<^|t^fs{xhh(OS<1~T@{87H)d#Z=!VfXJ3CYSO0%kmOI$!DW{l8Y3B
zez-r_2;$4;&})Eyeu(TiPFG!y`(PCMrGPSkFqTb4!XTT;gfO~L!Z_APgD`p_Vcgjm
zNEkZk$~`y=_g?Btm*jC4eig<g4Oxx*z5Q;iwQx2*Te3QSiXvUWCqf71(1BIlWOJ1m
z$pM1XsG}DZr*hV1e^DO4hq#+E-ERYKSuw>A)DPF``0|Vh8Pi0HX;vRaRNM@xA!dkX
zABJXfojD^n573vf9S6<%_*x?2YgwE-i;&pxJi%#DLZC6{PU%3dq!(Gaihm#0?@#jj
zjUemyEbr*V0uuzO-Q;-YZNSN+kw}7L0}#-4ev|L&yymaLL@XJq@Gdi|X5)Nzs|PxL
zM@JTK?DA*u%C7!f_{VE?0c&?y?@(*kc}+b<_6K|)Y$P9?!g)pm1;jpiAIv_szAlge
z{!9)<05bww=gWtZ9ldr`I}J=$BipuMSk!mS;^=B6=E~7Y0VcjcS1r6zLYLy_p=iF#
z&ssG9H!As#JV0pv57jY>!vXV4rYe6@cvH3dsytO`s;MfvD8KKI#ziV3Cs8!ARA^+N
zZ<g<0%|BJZ2&P0@@4X=;%Vhkaa@<fYmR7VIqn$`|@k(=F>$<hnT=f*q=6ddqXKh@*
z9b|G}x??xsGSwMyGh}_|2+R>Wj)=fs&ruOLaLz?0d=Eby7ZA!IF-N5!MI~d>Qut|+
zHLhGSEpb?FcAAlMclrxAnq(U7LTL0>&i!uCNxRjJ^4X2gd*R89Ab<spveWH31Sljw
z)1Pe^%z0YF!={G8l+F?HBco4x-NSKjFvD|)vdwhuHg>6sbnZ54{fMplah^V8g9X3x
zAS<5RitW1Kh;3$t_xTF-(kHA?Xw{FYG*vU>0`k!*_7lh&BH*KzdAB$kK)_SlkA3%y
zpIYr$n#b|0s;PF8%Ki$f(gIK}&+{8b<Z%T8zogo6SVzmHJ2PT9M@f_q5&$nyK!3PW
z|Hg3sFDVL8I?n!_v1ImpKSO6fYc^GY{+K}(pkHUiaq90AuSxsPp~cXuxQpQY8xURk
z*k`jj>4BS)II^#XUxEg0scg^EgNe+7E@aoZzKL{*K~X5Xjd%f0y>#oxiXNb+t_VEM
z%&7dSYt)c7voNUf)Wev8Snu5-ThsKo*p!Xx{Y2KkYe^3f1lFb+Z?r!uMinZE$U7f3
zgNUvfL~?@=35b6gC!QnT#?CiBlZ}j-+yF1`SH^3C96*U-Iu`LKVxzGTGjSD(PP4ck
z=>coQ>K4zi4>7V28B<R`B;H0<xF+eh5Aj19h^qoOwu^An3imMCx1?V+li)DU7l=m~
zIyo-+G=Y>BZdWn(r)lazmZXsGv;_pgN$>m=&pG})Z0UVEh^;GE6dABN>w|lRnxmje
zq|YluOLzQjG{irG+IoN3@rq-#!hrG7Bcfy`A}RJ;Ni}ne2yF>k<EhA*$Q;=lF3};$
zr^j67E3(S>#RnZZEKY!FOV+WNP2wVaXtIWjFmH16#!?TjeA@01ED5p;r}7lOL@PHy
zrN^ZhLgV^Vf2>F6=K>te3is;d^S%oG{I<M#`q8WCXFsE#!_CqUf6<SACL;Z;`KLlZ
z0@9C9oCA2nWlB7yTp;mK(Jl@7F@SQ`GRpbHpK?@t$+Lb4O*syK%AsC$ksW9j=v|o6
zJtr_@#QI>ZP;(dvEB1!Rk+8D$gs@85G7Mx*#HiLpTt9@M3%!aiawlofMaHD&>B6GW
zMO{1|^bA24@5ig?BC{{M|IXXjM;AA<!YU}#h_A!>$MtAo2f<+=*$nqPPiNRbI0T^t
zV2Gy)CE$F2_?`y8SncB%(e-BE(x<2Y^a{5iOMle&z6r!lQvWr+qEuev7_;v4RI`gr
zJJ%1<T<vUbA3HZV<Z5T={h%}ZR=Zxw5b`2wLh6H!#T_V{-op9MYw^Tpw^V+hDGKyG
zV1}yMhTF@1*!j<<zIgw<vOag79n4iByODb1(Hpu%&A$3~TMgl=$ngM@6ga59ZA>Ot
zg|jBPuV~euXeZaVQN1tw4?C<w9hrZ#fq&K~{0E*=g#YU({O4MU@b4>9;XmXdD*TV%
zPlf-X`{M%RH`V^(n_zuC<pwjYatDm>PLiFI_*|Y5bla3(H=R^^-HE;aC6Hb#D`>A<
zr_o*?WxdY8UN!tX9f?Quf?Ms2p6+WrGLr16lE&|0jn86@cVdml+^^PW*!|T_wg;C+
zjdVpd5>2+;E7aBD#0$K&LFz4#FraL)0mH?X<GFOJb99Eq;f<QtI(3&Dk2s1OmK}v@
zSSr@moQ_y_3|{Ra)EtX0;O9j5X=UP4z3>#90#6vFu(N<K+La9@H}=O8eooRI<S+7f
z_$3wa7u^N?o)hqVwt%0vHy#Sk!9zVf?74J-Uz(N)4;SFUo@s!mO@gB?UNAKkZxBoy
z>^BMzpPwk`&dK*v#_Sfn8w5wqM8UM9_$;|(d$cR<nw9@{pX2-x-7dj#ehCZpJj0Xq
zLh@;Kq;iEgRW;*x^91n%44mM^08fm*5_Anhl`rb*7;o$<r0&4d%f~PR%Q+0>z&wLh
z++ihma&H%E&cxVK>n!39OX=aIIecYxfhFi>?wr(W9J@{<Fv{YJwdc7DL-{$K+CbU<
z0^WWQFXi5yQ@+c7^MxG#n}fN!@2x#Aj5ek1x2NQ|CV2~TdhX5<4;CL)PB8KIo%qf!
zc&E5)uCB)Fs4-X_)dtU7LitvE>(o;u@*8l6j)k6=FF<D||IWV0b1c2Fvz=DmRcp`l
z(Af_A@El+m(Al;eacA*Szwwg$+Xk-{$J%stc(Fa{?+xM?-YZQa*)2zbo|#r-{z7MQ
zRAC@Gx1@t81>CD?aV!CKfB8K?T{)?L<fNYRbY6)^aUUEWWp!+tXf<u-U0G0>>s*qN
zt2<8agUF8I%BqV$$LF5Mh@Zds2mI0Lx)_edSoChfm?!%ep5@5D$l<P*4quALqzfdp
zg&fd}$Jk7A1)JljPPlwfaAkGC1A5{{DYt(DN8I!AbPv9T<C)$2)5Gz{8v3&J0IVjm
zT57H6^Ug6*<y)7e3(mVUKGD?=)x{Uz0w(@FRn(<}-2bd#I%kg+Tt&M2h<L$u=R~_l
zFl_-Y80e36oHSa*#${e^KS#uleqIlobH3h|Ip4sS;SDzhIbwgSqc*}O&eywVqF3ZQ
z78o^zZq7|Hcv1rRV}Y0q!xkZk!}ZzXshU%<mSr$d-Wx39DgKFl9EORWTJ|FcdYE9^
zU%b=i9Bk`-O<32&BC`b3M!xKJat!BR)}2jON0ZJ5U*y=qjdXQN5yUHk>FWGBHr?5I
za|Pg17$Rve7Ia=IZ5Re(Z7LWh_O%P;zbt8Q6OR*z<w2>#&|_ZUTy{Oq`!{_7&J`6$
zkfdkQZboErHVjr*oJ|m?7<}L99zZ<#JE6z9%W=uFPK%vDfpTX{pYyy1Uqgdk{RY5&
z2MMMhoZGv}_k~tdEnha4oIJT8?7XH5J?je!om;4J4^|@3h6sF)n}(mch4NE;8OdJa
z$|9H6OGAdzkIoVMPR=c_mp>YPk8ze`-chc&G{LbkLizabZb=~Lx!^}nLA*x~12M~u
zM>{m9;R8-%8b-VNrdUmlHh#nz7!w;m^h|E~DSPoq8Kn;_A?HCfAM@IDzpF6n7l6?y
zz(^1+hJc`19BlTH{E99Z6&O#MfHDQEfq%IMO?fnflZ3g)ysG;{>1B=AT*De14Lugb
zfe;;eNVT^Y-A@|KxjzJO$F<4DF;LJS3os>?YuMoeN5fS9Nus(tTWK5==s-N?#DHI(
zfF2T%39V4^tBBL%lmGSh-*Q}VBsdM5i~juhV9s+3hB4p+s20($;X_xn{qeydKeT2K
z>xq?!vE8-ol%!><+nIzrbsL#-S)CtO!s3)%(UXr;*B6aUBHE$i{3F|;wbG3bbm!PX
zzYPgVK~Blywn|5+E)E~vth%_Hy0#8<0(G%Y(cNdpQ-v|&VqX$JLG-Bw5rU(sU2&YW
zC>D1Mg!s~h<2ZXZa%fa^+(|d!W@6`m92?AihgV-piD_{_wV;T=;JVTu_+3$goTvo7
zHG~G<cb^!CiuEw4wz;BTJVv0t>P|m-y$eAXGSCZm$8n7R`{Q#mMiZYex)OXkDEO?p
z-5;M_M-_aY#ZEf0PL|(I@cEyk1fSLc_^d)u_h1V8AjQX@UFYSBo2=rG<XCCFRRpl@
z(#b_B%w!d3B_>;V1Bk1Dyd%+{EzRZx|9xAR0CFuxL#{bW^jvW)=!rB``nyLYFSByu
zrQ05ry!9J&_8xTe8IzoVg&EB!V=Qims0iMmgVrLT<zr+E<h&prkX*A{&PmX_7r93{
z&vz3e4by7jwevSqS-JjPUoOOb81&|~?{mdEb{j?py=z+}_eg(0Pi8tlr^hkjcOKb?
z-!8rQH#(?hj7k=AokPfdQLHe}M#H5KNkyzApF~|-ojJ+|R}ndbi@s7DfuZ&`?f{U~
zU(Pam^3!(=awRj%scY$s)S10T?MxO~3$GQaU;Bi;Mgqv4uMp1!@s~VCU#}+huTbX{
zCc{#{zJtBKpS@neUVo9jewe*3vDa6sUq8!UM|OsGGBJ`V$qiYYO{z$QzCYF3v=T`I
z*+nm)!G=}nw~~g>qPYu*N5w3CiF62zD_^0%JfuH^On+t-{gL;8fh~i#Y_7M+(Bq3Y
zl0(qG7Y&g?ui-h8k)*R%$k5|!H=$`y=0|>$t}?AI+p{jK*}L)h?kE25hU#_CY})H#
z|6X^5*X!!pbY+s>&NkZ{x+~}{>f>1|73su`Fp_qbCy=WfjOuV>Wt}#E|5E~8s2xuC
z4LqM@a}E%kQ{f}_qqq6121WhY!k4utTHp?=coEkt@S285%!wn2HG*R&P*WN_o)>CP
zWC`n)aD6`Kyr8QAW$Apb_-AhKOE&S8P}3MGl-J|JH`qZ6W?dpCu2?7OObPI}!7A2y
zB6Cu`R#)FMR;R)0EYh=t6=$T=$tceoa!to*ZXc^-a|8UgiRY}2M&sNEtu?12@vNhG
zLU0`Y3)HE7R#(j4)OtDm-%&@x^6N-gKFtrn8)E9=pYin=z#nrN{uzJSaKXYajjG3g
zv+FURRg_>lU%ba^`q`f3w~t5T$x{UpI2afhHF}KUx0#L<pRl<KVGs}6dLQM>{y|pM
zh6cfL)i^KOCLZxT45Ji@MzFY7a2)$9*EQ=B=)f@-;hSk>5ZGhJ0xK~+0Z;XLJizxa
z#P=@)-@(?P2Xq^Z1l_*~x_<$>bx~-1{|q?Wd-=s0QTyB3!75IG`PU)BFn)T$bfDOc
zDQ-zRh`v1)1<+&@XONr{pod4*X=s6XPG~wPc+(3}MAk`pNeSqyDCUu*^>~x%lmo}T
z9->(8iBACiIE{ENq!*JY1+MU*53x?Vyy3Xl-(M`-^OuC)jl#0VWoS!1J(<woUUIqj
zbiK81Gg7CuccZ75|M*Z*Cw&2RsQ4{w#8&y`J;)i>(>ng~t2iAsr=qC&-^r8hG)HAS
zN5b#X4bFv8Ii@X(+gVIk7UOw1&;2VcriR6tm?Kz>6vR<_&(xs&iq|2Cg=|pY)!-Qt
zR3C}08A<){22YQ`dfW?+@_-JB9gKrfI}0SDYTtQh)JRv~-pqgEG*L?1tT){qwdkzP
zwXi|;{h$M5Vlqo+Ueu!Vc(BId1}h>Lk1uC<J|*c;sCp@V3S$z4PwFl}XSaYC5-mT$
zk+iZ6fP)pj4NOm5X+rM<g7}kA(*(=EDRR*i!F87x2zm%C<?99Sc3~&j0o9%!Y(BwE
z%!wd)#q1s}#%u%*0w&|)KBHWnpv<-#=3xA81AL+-b8OV&od`}&)NW_*r|zn+(HHlG
zHP|HVY{F&O8CXq6FcmMrSfznV+i3z(nag+a%h99lEQ(T%uj?_d6`0CSX|ywDqs8=S
z6z{r$5J${zo47%6cy$YYaknB{`zq&#7CjRG64+h68-ziWD3_8cj7!XQEzw)P(GyPA
zXcI4aQrP=6eWgu2D&259m|N&A?TY8CaOGK-{Y9v=>?_iWdz7p1&7+)gH(Q<8JBLMO
z4vkt=1IraE;Bj%C4HE!y$Z4Eo!St(XK!CHJkICt=I-DvOn9XSRt|w?*_S^#SHu0*h
z_j#fBK7m{{Rxdqw8$ko?JF9C1g@20TiT80jVP!enV|KQvObhA1i%q<O{r?1iwfe7w
zWmSq9l|1dJzoQjB($-|Z!wO5v>TKoAi-L}EdXK{2Ao_0)D-YVMZ2$;puPR_3e4v#6
zdy^TU!Y6`%dW{Z!vaUQR-6`yJ3*IflPRU$ftLMwf$$ZB)5KBLKy2_2@ir<eGqYep#
z7fdC3W)xV9=LFN)CF88(dC$#i{6@QCCLsNecE)WVEynH36}MSUHH(wSxMDhvc23@|
zAMLblH{>|2Q8}5Tq89H!ctXHG(e-LIZ7psG#J>*+Zo5_7X*HeWmoGqL8HNSMGuL&G
z*IMHlf{sG(_tu@)MmpmTWt+wUnc{itkz(BTT=9U_bYbbw?qTGZ=Gl>AC$M_lfIrO!
z-3i*=0wQ|JG58yZ|43Jwy#6l3`UA!LtYE5LoIJ{vhU@P#tUvo@gL6KtzemaXOH;2u
z!SvG-C-O&`o?XKMUulR{ch>6NV%^y=+S#ct#{~7R`^mEE1crC5)wBih9R~&XswU9P
z?0+YSh^YoLk?48d2K*xiU9vq7Uf}0MbtvHHZ!O@bZ7JaQ)s$Bk_pz)q$n$U0X+og~
zv%K1V<O2UqwV>M}^xQ8v7B+CjtxB_WO~vVgV}vmxbr<|7<yUPGdXH@|mmXUxIPW%?
zD?o2?m7EiL?sFXF1>JTi7)T9jSnO7ih))rt1x;{F$=CPHarj91#wJ)No_Ce_<#-Yy
z-<n3&J4cY97~GdICh97{nzK0<0J~aXP!1xsCheV<`gWG^fM<DooxGQbISI-3w{w)9
zXfEi>wyu*M*`ATA`9;U?FS)wixjnxxJ-T#gMJHpfYuvfqp4%*rBfM3&VOT|{4pwJW
z{YWwD0Bzq}E1=8kDW;d|OS5j{O5C~5n0gTNChO(HLh25iZVP$XK#q8iGFZXHt?{(B
ziW{sjQ@N=Jp#$`LM;Vk!$maJQ$SMDYFP{msZu!o@<~vt+RT~zsJ_LCCzuYErEELA2
z6ckrbOZHus-Z2srlzBG%^L>%Abu@IC+f{ImF$y(Dq6Ej0!ypAp;s0j^)6V&^0;6Gf
zJ_tSx2PvIC9{9{rX=Ud)ZejpE`fnF(QEeBHy@D<DVPn8~7b8_ff{q<IAJbQn6CiaP
zPyv=cx|&F@87Qzi=fk|`>99Y%ZopK-KXJPf<WN^bz<b0c$=lGluealJVvxtj-bZi@
znvz9gzjkr{v0pzCX^p+$Htn7+NzCkE;b?lPW@0-!<D^JDL?ghjt@j2efxj_m&pBQ>
zIX?wGO}}PpY&h3tHhWg-pY%l1q=+QW^O~yWP5QlNta&luay74<tmdW&yj+d^9Q6Br
z<W7Y_Q!=>JYN_F_WX{u5acI31D@S;*_&?OWd3+Q_6EHlR16HnC6l6J+5Ee`@LZToE
z379|vGq4L$QKF&*ISeWgVWUB=U=kn3Wfhgj<53@P#Ya?BL`0N?BLPGOL_m;Jj#-ye
zB!nybbyfAu&g^ag^?l#p@B0I?(_PckM^$xobsbGfwRPRzBtdsIv#G_r*v5)+dmn0C
zQ}2v89V0fF-1eQG{&7eg$Js-cXtyJQ3{G%*2D1~u2H<5bq7XS{g|fjh6K;?qTp;a$
z3#6ZtQU#!le&WOyHsgiPxt#KVJAn!F%c`B04bBd0WM!3Hxj$xbTK5j_+q1j_0%Nl~
z)MhEwMLXF3f%iG$))kCRHg#FH%cU!9a_LH&{~e4mu|+-H39w>Fg2ZH<%6)7j?%rIg
zt|F|hVp!{L4qBrar#HjGC=$edixs`Fil)e(C-JDBnGjVp90ID_P<Q-?T6-QCJq9?x
z;gloXKH)AI_&Y=>tKsflkFx*DD%_o6%{KQDc=XMHI>FWn^r)V~TsR0pNxPPv=*q87
zeYS<>OM!<DuH(Ev?V>u)GP3$V6>tc?B35pY-?A0P(tp5s^naGl$P{J_$od8(wv;0V
zekw!ah=HCMb|Oy(Uwn|CloKkLrh%x0SsCDpE8CIDM7TUDZS}PES?t7}EzHOcHfL_H
zFuc737HH3%%iGFkZDm4R8=$QWVMcmR%8`^KY<*=9M31)|qiY1^7xkWKn98Dd_@>j5
zA<tTkN~*N)r~Tw_u+ZX<Lc2Ya2o+*4$K-Rhg~07}BHX8g|7i}}O-H~5^$xhr=av%&
zhf%PyB%`R<n(i5zO4|)aXx#kq#t*`b9K`Z+`Yd^WmaTO+M}Jc?7~qbipeW_WQiI;=
z#TBKjBe#Wg#1`S3-_8&Frh6_!nj3lo(xe5ECY2T1dtTfNekf->Hh(K~MY`@>^7I9V
z5aP_rdTPId_{+jylg#m@7!`g;;a@NgA%;-H_=CqV-l83S%heAoaoR56bciS?>{I`2
zr7^XqpqgQYory0hhEs5Q$E#BM9V)0j;~4KQ-{kHDr|&(T4+fYtF>j?j>jF+i8~=oq
z9oj=v|H#iR{GsU1Fpt%{QYy-JxVyR14i<GnA_f&f93xS<rHh09&SK3gl~`B4)*ZV9
z(V=uzLWuu+585emFlwxe`@i=H^?%o*#^zuwp$Xay!+a#3XS6&#5Ne7$Tw5O13IMKv
zA$Zse4QaOQ>YRqO7LFZ;Ex@i8@#3aClFa@z27aM@$IcYER_B@2VGR;6=;~F7VW0Vh
z1(*U@5N0X6vPvoCi!dW2Wk(KBFUbE8CPA|7##^Wsj%-HzF9+a$yJ!+#m2=ClSu0VU
z#W=tZ&<yrv#$e7+c7*VgTr)p`+irE<g+L%X?Rcg*Z?)Sl1y(}K@CGrdmD8#jUpNwW
zgHQK8K<_0pVg#bb-)oK3h&$@mT1`d>X98CdsSfy|Pb4OA!@F_eBFvi%175l5@`8NY
z)GlWYG^TIzi(+X3oxdc7*#lpUznSPUHCtJorL1QgKSg8`zwD3cL)v*7z)*lf<JdN7
z1uTqiMktj48AQ}mO$`~4l5@nx`+->PWUP|S=yg>B$@AtU81D#F8fPkf8%vp>U7*6{
zZ7+(}77|eDs9M>;82GGfXw0X737DFBwM1DnV7tgx_Nv$OK+CusGa7aZ->x%spK2rB
zo=u661NcBngdD&dQbKb88)9blt%^wye51ptw?<DQF|d|V@1ZacKEDo-2mrr^0rc0o
zuoVEnFu;F}Zbd&Yn($*zG}*{IwkBy7_)~aMb6$iDVe<q?u6tTNzXc0n#c$<szAZ^c
z`!Dd9V>9@mkgJNs@oa=>q4{r04;N%B-@BAmKr#6!cR)m9wnh}}NL<YCleiaHX(huS
z5u*J-SidY!j=*zr<!Cv%+>n#22=%n?#)OW!tiYy@ZH(xcLkYPu#l=7C8%QRIX*YKk
z1RV*c_`_wkV5cyceRxh3?R+ZvyMO~4!}uzWXh&gtdiT5m%j^+8AePS}EGHNLcw_92
zsq?aeyaQY43})gOZwr&+nCcp_I!Lh{Z<IkMC1r#(@!NtpLH9T}B6f#v7w0^AI$kYg
z!mUpxuOENc2nU`mT`z87`-SeNItH40FARtO7tH?$0I#q|e;=L*I#bPjn4C@52$bbH
ze>31_H7x%Z0-^UuyefxP`C}*u9cG4}$19RH{~i8_*lWvCsv)t*X6~Bp>C5>4K#<ni
z-z*zmJZ3TpWUvZGd@ZCv1trlFpMVI2lBEiQ%dFEi9u3rFu@l`bz~R7!7Ym+}5~PF@
zAOwa~TeHEt5xHpAZMo{ln74bCE$o15qouX+g8?qAbi+kY2H(>$a>q%B;ICw7$ccmT
z3^^G7U|zmYrG%hG^U#0;C;0Ft^Ze=YNbE2*eBa>Vy|$?LA(en^iX-eFGC(@mWGOyi
z9-Gbu$7bTk&4Nd5KC%f(7aiG;ghCb=*-BjodajN}&}CEjeZ025RWOLHc%^raUtexf
z(djg}Oamef;vgGD)}6U(({q1ef!@FVau%r9AGko;LVS0DhB0a*+A|ydXHH6<{&v8<
zo@`Hqs28jokMO^21i2hHH@UmuW!oAlafA2-+^vHe-?GKuTJlV`23=!(aSb|Q6@vsL
z3p5E|p+4S(XQAP;PXUEaHiS9(`WY?E3EnA%hR85`<pA}5`D(cRcVmN(4x6i~T`oFT
zn@D5Q?1V!wzUS@z@*u?O;z6hx*_D%^9ZE{i(>%7_kR<$Veqh3vNc<p|>zdyE3plj4
z_AlVjsKm>`p_*eR9QxNe8hiU6lS1vsHFCCTxY81F<vS_yr%BTol1Sw{iW>QEgp%?d
z?k<QPU|set23}FNtDecp0x5(66R(gGkAuRmsHLRrh3bq(m<-g$ZM3{Sq?KrE<X%a(
zMm#V2(qW(`ncjwMjZWVPW=XxjmvJo@$hekQW+!O&Sr7#&27HSJ&EJN5+_g8$A9*By
zXj+d`VL?avs+25&MG?fZ!$H9#RTn%ma5n<ML#>PA&Wk8@9FH<c9l4s+VdrRmP_4K|
z^J#(nQolKb@C0mgG_k@|`W!FKG?l(&;bL+=6O;FgWe@?cp4g)=z=GE+DwlcKo4zp?
zisF<F0AE0$zj7GblR)RWJoEEO?i&MLm-a>K`fyWsKx&WJmByy7IKqMoqX5XGBQahw
z(L=lhy@(Qc;iC_c9wb@cOzost<Hn`eeH<s~QIh_1E?jF|bS2?Po>>&Sx-$?{QIMG2
ztkBZAo>Xff|98T=7fp4~Q{7ssd(~72oXH&072>%z4m%Fq%Z091YWiU&2n{Bo>rrU3
zXhN`m<IQiaxS(a}jD@#84|CW3QU}=2WK!S!Fn|R*z)ApkEet@*2WM5^0szPd=a>Bb
z`MDugef55l(Hy58cvx7rPCry+`Wxv75~~`0nt0H;8UlQNoqixuc~J=~x)eVS?tffe
z?YS)u*n4)3SvwZKOSM$^E+t0{<P`2Z+Wdv^U8<ScnH1vRb-c7}VpYfduE{2>ueGOW
zD(0?D3dXy`-6VKhL6;NXz864!lND4QYT<lz49KV_+C?TG=!xZ-LWHPxZ_SGn{7rQ-
zxv4G!nV90))y7{=JUfpsOa+MReH9<%higpxt$tq^%!^vjKFar_76#eHi*ofAkgM0|
ztoCXUQhtsm(b}%<w|sx#qBPCso-={)$aGC5?hm0U*ew?y_68!;c`94bRcw<==!ctB
z!+y9)jqk0?(00}KCr!cp>Lek;_zl9d9pugqh{F09`kTg3$H&m_vc}N6!{v-&!yz1l
z*4>dOsk>*Y4Cnm_{jFc_v8x}QzKk*C)n3jRro>&&7@C;J@Y)|Vh8|T(#{4%-W-!e+
z%K6WlWwib_V<#W9JZMq79jiw&YpP3TytC`uU%Imm)e#2`owcgRPf%xPuTF}b|7AY1
zIU<rrt!l|xhah_<*wOI<EM6$g4x}naWjc@g8e)Hy6FJfi_-t~w?Z!(<cbUug>7Xkw
z-1|ec2PP6Y6`vZI8>jiBb>D8#aX8ZgOn&!_hn^LA{oUAve0}Yu<#$mXe1J_zRd`qv
zzA^lGoHm9BRwZfiVKjHzJ+uRaoIk&<BlNQcm-LW%NrxZdOKJ#{dhQ7=Olr`Xc@E8z
zo*bFY4p+4_Y)h(^Jl!BT4!ori94vv=U!H+|1DQ5sVeBNuFT?k4r^|4$>`UHc9FN>G
zIV%+-w<K_0a1gA}DplJBP423%OInP`Jd;<q$qGBHe@-v=_lEeE&%}jEc94Lx_xX19
z<<W%=F(fD|?7ATYa#QHW*)!~z-;1`=J%S-AQ#pLLs7DZMy0gMUEbJXD%wUE0V4)l=
zluY<lLOudVndItwBuv^W<kD80`aJ-Q3<DUc11tc5+rj`EbAVjc0|4iPnOp2?>!Xff
zZWgQBNPlEo|AiwCevNhV2ob-hQuiabsk?aLqm`P!-9OqdpQ?Aid>2l`_3oEBDQnfw
z|F|3`y}8ZhFzE;O^3C#GI&PNR({Z!RyxFi>{&tv#KDDAgc_DPaJaP15dku`?*on&-
zgYB}$@b(_lM$?^lcm49DaR24Y-!G>hztkA6zpODhTVKu?cJDTgq0mobur5zB!~-SX
zibrMIDjE^roAP-d6Z47Vm(=f-_7e0U({}a4omzh*awBfsgDeSZ)W%PRv!J5>rmzyZ
zoZV{is)k~YSaqWk7k-)3!N65uVs5fW&|6=Ng$cpJ>rAut1Z_^A?qZZZIfV3QzD|5$
z-Yyb*^-pOe-1c{x)X%?33L<v{UijZ{BF2Z%_WRk!P0i`K-*&MJxk-OG3>R{v*;DXB
zPQU$N=lO#ecu&2lseoAzY%b5k4psKtsrh=;saD3lAWw=__DodabR<I->r1nj#!&|L
zLK?$VU@lUvL)RFB8(1p1EoB-aWVKYL!j6mU_%H-EndZpH06^sYHx&GpLZb4e>Y-xp
zem4AAc5m1Qlplr}4}@hedn7F0=TutK*+OU(`@=0GBrx0BvYrHH-?pqjf!SLv>rY_z
zWXsFS@-7Cn{AA63Whg3y?M{LYaAXGqI1zU5a-vQHSPuaE!T|Q^03QNCec8(Z;3)uD
zg^#`4-i-YHY!Bq``N_KWH5SD5WJnF$BY57pjZ_E9Qlu2X>0Jl;{<qW+TxIP+ZO>fJ
zf7#Ve{9V^lqjI17C;tD-zV`7bqkZlAm1g@|v;7Rlcc|CMmRy&NMz$C=bi4YmI2F|h
zHmSVEJ(5wkwXDKj0MoNkg=;HxS1GNth~=X#;Bt^zQ)O{qUy{*EDDDJipb)sHa$gM0
z%2g-DnK2f#;pbHb%hkh2;=_z!pm~?4fs1h!$f#1OHo?P1j`Cer>2IRTvN9*7My_5>
zo<FPYey8#LV%Z5MzMEys3Rj19CHrRfo87`Dd;6Ync36`&yG69j`ZZX|Xb$I`fl79B
z#?Z!F<v^93RwI^;VHn%DB%`NLe8j1ok}40xI6WEHbL&Q@rB+_5SvSh3_n~EDE&f=+
ztr?}8;0)AZ&B-h_a=~c6yEmtNzgRwkwV#Dik@fR3nJh+l0W1^QOYU80!znAr<<dQM
zPVXRl$|jjysu+ab9~bH$P`V;YF0G7{(>91@qZyUqs<Z)v<dl_i<!>?YsVwzmU$!i*
zUCOP;OQyB52*qoh-n%VEh*}MzxqrdmwI?pb5EF;lPTj+mK2)Fx=jpz-0>#Yc{yBfm
zo>;U+iOn0B@TsqLWw<<5s3$-8KN3#52Z%nwaMGRG<6j6T9ky@u36o&5v{2Jd<qy(&
zJh3;xV?W!s)aVvQngHh!BgiR_iWikro+3HriY<%*PYv4yrt0_j>dy?|;h=q3viic$
z#6FvS!C7xW9ko~EvTL1Gd18^_WU`1C{<<i#y!(H6eg5q;t<RIb|NH9`udh$>=J56L
zH;rWf(DZWFXWZsXtdF!gbbV@mqS>DCxxPLtcWdjDIEX55{oJrVEqGzZ=l@UE=hPw7
z`W!s;e}8>$+o!G1woT#dGpI>~^|`sp<*d)zO_x}o`I|!5=gv(u+dq7&uTRHa+WIIm
zRet)ZVSU`Z@YPTMpRCUv2TkkK|KR@v{<c+HpVW=v>+@lw2<!7gqsv*J#Eq9&AM3`@
z^;x`uX1nV`eSJ!Q)z-&1fGV3WG_22NUU>eK@b%G+mqQcc>J9=-a;gz{uI?J~%Pc&!
zHSt(5UMYAENZv=7WO7LTW<Qr;@zD0ke#4<HE~Nr<JWAfCGv0x~C_SFa$QC3q`vm5I
zki?t~(7}hcM!JlBQ4qq;!eaRg0y?nb84k_PM&pHTu?q2SdO?1-^x}{U+dB2`ofo@1
zE`J%@d=zcWx-pzb_XP>u7og<c{n~9%g289uV{3%Pf7yC*<FOk8n&(Txk8FLf4MTu<
z9iSlqToo{6(<}zV%T&_b=~s})b7+l=x071g_A$40Jfx1<P6v;BdDW?p^xMgSylCG?
zNjzVNE{t=HocLv5zTi=Y1)qcqzJ8x^!N1*STySn;gUKm3sn1=Apy=rkc8qm|Pw$Y1
z5vI3S!;3m2y-zdu{r7AIUkO)mG*mx_n&*S|#@T%TU%)Bqkec!f&Dq)oN#^)~$q^XY
zMR*uLt_)>V_+Ra|8QOjGg$SNmH-zz~<giJ*iKZwS6+kyOh@euwra=UivbDiQRmxA&
zyu7lW;o4(i$oQC!jE@6AK^Q=R4sh3cjYg6U2Hn4H)%cU#kEZ&O4-NdOJ1-pmVYodb
zDR?$L&%;iJ$A{GOsm&0C2rh87r4c6j3f-!PP0f**OJ4;yR7<|o24*u1tkG6Nlehk7
zrk^~n&JM{jep>zNcvEneY79hoVP#{WLv*S3+>G`EOb&8-ZgP2MsN&+-Qx8HOTCohW
zUphUVc0G89V6gwD;k9PNlRYsGa9D#wu+#IXYDiFf_a}$yO;8JH-lpX#ey8M}VnDI-
z3bPUKhDSq<ct_5P6EvF>PO0xk(>&IbXz_pWZc{d1wZ}SOI>-GlN#5Sg*`U;+f5byH
z?=lEBM%i#T{TUCD%_L83T-Tv=e<#{vW7uy9xRl9$t2fZ^WcGVK{~gDEFXX>%kTACy
z-rvwgVz#3xWX%<qUV%*XP|8}hUGq}`r_!l>9Hz{DlKoM?VqNh)Q-_QdCg{x0c)=e{
z33A5(Kpq1?|H7Y%bIzZiBp6K7&uk`yII)?kmH9fa-NlO@ov+=0+^%QdLfZ&h(E+nG
zRG(|c@Bdz)46GV{vjMc7bt&YwMO_YZzr7|Ba^Jwmvif~~-)!zrvylE!_h*+}s!P)?
zm(wL%#4i2kC+gCT?^8T8)BLdsX;h+zr_B!Dr*5#2&Yv|Arw%($-Hr=R<K~%xu=Ge`
z`D=n87%q*;7KM@Jga?Q$KS#3cF^oORo(7mAdRl0T=(Fm!4}k(}>!HBYsyYNyL=(Mf
zm$r>x%hawNFhViIr|EHACBMO9xKm6KE^hCh5zrhhDykUgCb6UUg0T#dcONC9OVf$&
z-V^a?Veakmc^54O^+IxxSDV`+r=Y%B(86G_d0gKV=&5(kSfr=^@Rf1L7(H##=qaFn
zusujmodCdkjOeLiBT+}*yNsS%a(aqWKj6h#@9K2)0x#<Nu30^rDJ-;@_lI03j%Lg&
zeT1bMFv7-c-%qKyD?I)OLlTJU?L_6HGKcPgl%Ft~IXZGLLsKiYP2Xs?-LIy^J~?*E
z%7?~SN*RyvmF+0zcT0lBB2<y5mJl&%_Dz@&8ij*LS~nIb?Q9y8r^K>{t?<=X9R*R4
z8z%slBMG28H0#g26!dGLxBD${a{}RZmiz)+$TEzI#e`sL6NQMxTB))&2BXF_vr-mm
z1gbm~<Fr5+<H!Hghpk7YgF3=+@^vbo0_Ddm9EdKM?FAF^V%;>T+gzc)BbKd;1w|p$
zeGYX?jCDWib(^8?Rb$;|z3ykID>2rs(CZFB-DuvIFJeu7*$s7)@x8_Rd%r<l5`XVA
z^LsH2KUACXy|@P2drhJ4&*g@?R(f4?sM}_&Yo^!T26fAfbyw+izkkT;-Z0kL^}6Tb
zy)t9nHG1948L5I=upGxwKCvx76b<xdq(ZV|xIzT9Q16TbCt`MJWBl3odRv43mf$_v
zsk$`<1>q~hpnO#nC@&qZMl+-E1%dsP_)kDKFcSexJ}J(mXa0JA6uu6~nhqh9_3zEW
zDyJvS=^06<0VcZa1N)B+o;YEUw@HSSwyvl#|BQvdlZm$mbyDIF;uA;OF%-3|cP8$W
z(zZxq-z|_?AQu7Napd78-5R*GP^i=FZD>h?fXk(4*wM8ZPEOQ34CE^`bn(pNU7v^1
z`by74iDdzZnAFuoU*Yf3M-cwUDBckMU4(ssjO<z__V&LzFy0}?MND6WyxrX!@9AWv
z0W_uYiv$^OJqeU@gdG#ho?#EZE>XsO>`u=+D3ZC9Q?A4V#uV$T#j=6zpyHTZ8Hkok
z0~V)JOObq&QjICrzn8=TKG=^a#;v=Z<jpt&ZL1^vz=&7+n;7Cn?ZEC1RASDV`>X7B
zrTxj{u4y^eSJ%q0zI!lO+Za7qn-6lVJG~j-$=;atDVsv$oyBYh4Zd@;O>7?X6GJQK
zPoeqMA^h2941cy+Pq1Dkr+x2k3;ES$MU=cl7$e5`Y%(VOK3;SXjJENJnzlJ!z}N@M
zt2lMQ^=O)7{D3oY+!{SW=jz0Bk>P4<fli!ad!ck0p{ZE54`m<1RE#i*Sf1+i<Oi`_
zJu>_9P`vW$zl7ot4XX_7emJf(Y;@=N9--{-akWD)DiB~i7RD*SCSG0eEt3hZ1H|C*
zfYQs59>nsFz&pM;69@q3;midL*3~m@iMhPY>U;&wh&6G5L;%>v0g3@&)KvmX4F$ft
zz_gS7D)bHEMxKljxq%V&M-Q|6ByVn@WLkqjH_!$7Z)KIYkYVt!V^NF_*h^IuJ2RZ?
zA-Uz#cgwb11&%1osPJoe_b4Nilub?sNRxgVto>$fqZ29Q9#peGbLh0K)8CiqxzhW`
znxQZuVBitFwqC@Zf;}vPugqrP!J^NOv!bF})BM2{t6#OD>A8#5`3hT@<`0}G)t5Lx
zDgdl713Uo$k8yxj0ARn`1W=0np99pKW&qBsLoe8OpC$|d2B`jT8N-0@SxLz<d|7bY
zs<`mN{=)YxCER1(ZPiMc==SBm**10WnHv}~R!H7!zDWROUd}cU&#F5mgQQl%{pH27
zUy(i3#ZAtVtE+`*ps^nBviFxBA=yzqbt;ib&<(-i(B)ay5Q1t#@`Ey8E5;&9W~K`6
zQCZ^R0sZ`wWbfcT7@|Km<ypuiH?e6N`|B4q{0&q{X=@&PsU#!1py-d2;>4lR7Kow3
zehrVdv0vN9iaWNC6}SF0>ueyv=;Q}<=jr1c6~Le;>W9rbK~LDvZ^1Aqkee)idt9Pk
zt98c{1(2|wJjDL;vd7tPHqs|>q!^Tpjnr-&=?5^<Lwux->lta_YHg(BXr#q#q$-W{
zfw?r&iR`bxrCI)?@jl1K`#{)utrr>Zy?nf1H@(PsoAL3!a4<ODrw-zHXPL&^V)89g
z^-4b8H(|UOoelia{!FAJ6u6SU8jayn%Xf%nA{%eXR5siP#l`*l`5$K+;9(l=%g@kg
z-(-LNtwQD9Kn3IOINr%&<Bc(l_q$nV!o~~z`K}3h*(<vvjQ84OG~V|P1jqXy`0efe
z384Fgni~X7%$KWI!z}~b_1Gb9fg{<X%SC0Fx(j3|NsrLmyByx{T7%>wmfes0Pwzq~
zYz>9%bb+i#salFjR$_j<4htdbhWh2ncw}t5uqilmaJfrkSZs2cU=WiW4al@#EPJU1
z9UYL{aYA>p)}WLAM6>;LJx$!v0`PH~gRM~GEbxf$=Wm1Y1`nyT8w1L)GoW%PIENd!
z;dI+`Oos4SAqZAYwlyxcXegZx)k#*0n(LJ+_e4w4e3HQ3xki0*J-1_J*i$r*Vb4th
ziRV`J9uS22?5I!gxK8kGZb;qE)kG!jv_9raAqYBZ2Tb51iipe(LwJS*RfVdgMdNJF
zX-Gc$fXUr0u!i<1!y3j#(HbUm;deIcG2iO9VO+rk%(AM`eu?r|--a;F@9^nf#J$dF
z890BEJ<|pC#obNWk2_#8;gIWe6oAn(d|mzZ27oETjVVw4Z)`N~b$ObwPB=nx1bUEN
zfuD$VKTjs^$z*8*2g(F>?#MVCI>o>SW0^p%4NmtS%^{A<Hlt!Si%fO>fi}=B2y>j(
zO8`QLFrsX7w>BVper4t%%<ganF^xbjle(56K?p^+LQHO_r`QT#09+I8cG=U@=@}bT
zNbXbD{s+_{d&1QrgrCrh{%uv%h-A{>p`TnfOFO1buvlJ+$Mr*MY6}!Tt<LlXTy}Y(
zj_rGkVzK|Fv;}pK5-u^7u{4!^Qc`Iu;mExVBRD{pqHkf7>0RJZQTYB7lUC6*f;@>1
z%he>E@FiLK9NClZK}L8?TNQ}S=_NpQh<Sk|<tSSqK2p9;s^L6Po)Dw2lVg7y#C1Bu
z>{45dHZInzM%?~=de~xVVa2a6qwwREYBXa=Pj9qb=Jd2r=F_vBjQfK#w6}L0b_u$C
z>FIgr+2HhGY<+Ed_UhA<oF7No9rPIr;;&&|f(UU<v_3yEzv+1V%LB%#Y0jtSr)h@*
z6w-*tZO2`BE0QRmE8kk-Qj@|5vvn>fKNpCWK?-bkUkC-(;R0hk5Utx`1o@*_J}ych
zNcui~AelXl19{~N8c3sQxW;1HhVyU_p!IzPd*aC^cwBn+k@<Y(-!QEF%jYq(hrbi)
zO9QJS0cNGG61@{qZAz{6^=8Cf7QP(2f#Zu2RTifQiRsd)GUb^|Qc|pWqKT41QH5)w
z2l1KRyC+CO*~&pMB<woQIKxwD71a5U^BLY<XPn`Ul&JU9-!FFDn)w{8T>noUf`2vx
zE<@mutIUa5XpEK>;;nI(#C06$xrJ=29C9}F`t46l`nF5`6{-)N#h$goc0;ZPqp;9;
z3kdgLJ}A69Sa_GQb<U9(*At(aevZE5hVK-fGk1dniqAZDo}dN;)Pv_kJKN!cVL)8~
zM!Wz>c*M7cO?lQA7D$ee5Ji$=IV27CeZqHRK(m_(E#jW+6U4ZSs<qIJT;iucu*}DU
z&m(uo3BFdb99^%cMtjWRluYR*3~AIul16x!@kEm7)-;b!)7L^qXf4GgiZ6%XrgP;s
z!Gwfj8Jv9B%uiPFZ24*<lUH>k-l=rzRL13Yiqj4E<chw%SCDR)7*dOfj;y3dD(h(C
zHmF7NP+oN$=Spr&b!{A#rp^Ll17P(fKFU27ZIli8DEF92O~Z%sSFbQgW_LXnzA0(D
zye7(RunIbDs(DR70e-}Y6lD+^8C7ejby<eenp|2f0Viu^jHeb@#fo#CX}`Ih{Yo-A
z3&ls|(wVh_yN&D_pvoRGBzZ!U6`(AdxlM4dW&mqs&yYPK5WiQ(3;y{qT6+{JazH{1
z0b0#~pnKr63`vyAz!xN2@k3Wp$nm^`@-Galx~k;csmKmtdP2^3a$vP9?WlVI>w7n$
z_{1Pj%weN1+a9UBrheYD0-^-2Tfo+azTy8=6U?C7a5xF+b~Dy(zGzv>PSTIVWtKDT
zG{webhg#|^3AJEfJH#q^v)Hz!LV9LV``s4fk*A$5+U36=at5>w-U+vX=cM5C^`<-G
zuOS>CC5p2xfLoqJ{`n?=_ksY&J|uwW>57BlRIECvB3_{U<wktk98El;&{Vpemll{x
z_e9f)0d<9%_BQRbdvwU)xjnEx<i--J9#0qf{V6cSdauE^21jrMAHgc^gEWXIm&YSL
zSwoLF`O$zz?0FU3RT+)YId9}_%sK0y@y0vuh~rEE>AUmm4k0|+U1lt&OCy?;Ly~r1
zA?%I7!EU1dH2T*+VXM_c8K-^+HZ?xV&eZC4|8SHOq1~1N-c`<QpMUb7bhRBcdFG6H
z^iBRzlWT7e-BezDE%K&P{%(wc&z^V$`K-=_y=($~&l+Zt4|qb!Kbyrw)<0h_Ea`nV
z3LRvAfj`PRr*bBxLQT7HoxXK<<LLPhKe_le_Q`4s?w~1qaR=RIa^>AjbuFoGkE!lg
zsynj>>r_+SeyZC^b;nJ0hb=)7qyvrP+3<11q+b3oj@`<JAsCwNN6psE{AbhiBD6bS
z2)4`dF!mp|dkbsVf4kP`E!5~0|FF^Da{;}Fb5;XPamjzk!eim55Hs&wsPx#Ki^GWI
zhu>u|@nPa{XCurSfN2p1V>iOQ127H3VCEWON&sdC$<|-*y7(oF`v_TGB&Y-7tug49
z-@6>&N)Nu(3;e&a@YY~qE+eE*13iI|=E5J1kdB|ZPKYROZ>ll$a{D{%dlfbHNaoJ7
zhRdH%0JIkk==Yt_i(bKAq_JMiV4qhDgoBaW>cT$@B;>y~B1pp;nuZ6|e(<f@Q-OfG
zuI>PQa0-6V7W|;7E@U<4Y3z0`_z6{jCaz&6KJeG^fo$bVhyNh&r!NKmOM?F(QmPO1
z@xE)IXH$Jw!ymT~B47H)`=|SJ(IL@)zdzq!=)b{#xBo%^b^a-mveE~cT700Y_dn<Z
zu^9ut_&|8`ZG^|6Xof^O4%PMvJJsd*+xoBPr8uc)KW3%f{9WK8^+sNS3p4WJLjiP@
z2jRDwF8u1Q^m*#?j~zj&_kJ#qqgwE1kPMTc$;19Z{s#U5{wRFZq02rts7W8FBIPki
zdTN)u*=O7EZzQPqK=&H6CNP?0&_0|&!LI_fOSBL)c4<l)Cw28KE#3$PM}**f5aOC!
zFjXxkdz>HMYY$kv30ML)`^|sBRKa~6E3D89=d;33Ev)!Tvi?QW?FK13{0&mp&Tjm<
zCCnzcktsJp=8lUVxPKy}`Jdi&1hZh;)X^UiPdQ&=v>4LuHFLo>thBmNb%IXOGdb7k
z8I=dIv1jU;v;O!3MEc38PS4a#S6ZD|{;WVjv$1yb7a+0qGYd!*C9hvxcp(qdOv$cI
z@_uy#{8L(GWuJHVb$R*#x~Onfvmu7AkP6th{9Abb86$k1+W}UjtWPT1e>Y@EvkOK8
zN04%epzG@e*FJ0%SON)Wd>Ch!(f=<IG!s8#Vf{Aj?YV7P19kKpj5cjyR>4>4R>A!M
zAcj4L=Zit}E2rl%8=jP2L4oL;({l@ED=J+jLFVbJH2ryCH7m-6Gtq5yCSvEgX%2Rv
zYX_mT*@>=+Bjiw%wg`@N)0nj6t^^o%sB=0(PjxLAkpC^bs2UWK`BIm%eaAkJ56avt
z4fc?pAvQb(%&J9vy-q(B@q+6?CuOqf)+`|>ZzCOzepCP*&3#zdKUkQ<3S}(3C%6`O
zn+_Fo(6$!PSgBUG{1>s^=Vky#DDj!ed_kIV$ORnop0K66OZPvS4KUc@v2#uNvd&4K
znN~&*?4TELkCdxdq2juFHJp-wH#C6rA)b$%X?wKuQGm`zM=o+cl9UVlVyG#0?--nq
zrdsK2^x$Xlc!6h_PBA3xIh(DvTQABaejud$m<iJU6-Isl_M~d7szxv=_xS2QjSsOe
zTmmtL4E~!-4n~`wRr9ks|Dxn+@AOP$li(N2ei0~8DQ%VD*(8EzMKgaVBR^25ehNo&
z_$ph2mGml-h$kK9W54kL-XVAzbyq?Bzb!=5`aA<oTd?q^VBw9X$$uL2ZR7OUsZYPk
zt<b_SY395j+(C7$4hM1FWzV$`OcR|PmMuhoX?r~xzYOs?kpbtc>8PEUD$!z3Ux;iq
z)41A?v4T`nR0GD);usnxFb-JMM`y`d3&Rj)Y%r*m#!t-r(<XcRz?W6LY_R(GK+~+n
zqL2NH*xaq&96_VH5DT+{g_#il9t&N;LTBW>H%-+puQ(|0jTs<8BUJSY0B9WskfPJ4
z`X7*i(S|1yzCFf}=A>A*ANeYV#DJU^*?j+?FwIU!LI^{Q{sgu=?jun1aR?H!_U51l
zt|ORP?RT-YkAr<`lM7yf5FB>67)R|E%)HLOA+1U2YP+0v%w3jMlF=3THyn!b=Hs+`
z51YFDpJ3`led-vwuJt!Fk?&VTzQ<lh)fRr>Jsu*;uA^So$Kj|q7dFSy9N{3oaJ~^e
zoKor3T*2KIG0rn6FJwxNe*_3MHGxobA3brk)8>!JhI#!*@q*6WU)Xd}CiE=#|6`-@
zmq)TkF0fF1G><6STkCG;$K`K=Zv6+)?ff|YSm9*sSi)?{7(8LCRC%l+=5jpRL`tbE
z**8;MylJdBVTCziQOYK%L)A%fVw04y;=~O+;m}z&s+&$`i_5AZ6I_RiA>No0xpGg;
zkhJa%-957*OHo#b+H9q|XuC;%VXrscwz4PtyY)<Ypr{Rm*e$IBt38|lC8>O^+v>7Z
z`#wemx5-PhkYBum=B}Ee@CaNr0)|(3C11ghv>ObSd6uC51cBb*KnpogR_TmnL40~)
zG$^a~gPIleZ2qgpYWH0^>0^^c@7!oK49jNR?4?f{qhRd8ywg=`0otxti;IQX48>&c
zV^$uJ?RWLaTvR(_Y@lSgt7K)r%%y`c=Il-t7h6lt)XnV4*O$$+U<kaiHc)v|T((y7
zc4uw2SSK!S0vSR}&IG1y@i(M=i&gANEZY`EQaQ{;%33w{$q3)LiP8VxZGR?j|0Qbw
z-Eu)FVZ1^R%hus$<8%}nad4Z4dGuoiX<R*I;RacRF)qoE3;~-sQ>wF+4Ou07X68V?
ztgHwLvnr$xrvU-ebOg*6x30@!*pdvvF*eGUvvP+&2Bx*!K<RdK7&(p2>98(G*;uq|
zY#9FKRWkfzEv#iN6y4{vRD&)WBAobNoXZ0*4Fxw2m^AU3Ru-du?d8v(Z!ZI%3kzQe
z(Yii=>kzt86-!FH%FwUOO#SQao7d-e!L&ZHWn9@}{7ApQwEh}4`8$~Nbyn#WR*76N
z3K_h+fPM9uQsDp79GN`*G-kAxLb&9*`SA!8$8hJr=eeP$6k&&XlL7jsF^H5JAKVDC
zKab-d|2*~+g8;$3khnN6j?r+8Fyp4oFDzv{iXO;GfeUMG|C&+kv;@?luVV(XL2%zQ
zs(%cl$vio2)wDhA%?x42jqDY1@ecMDgU@I1$}aV}`^ZM}1A%UdM)l8-XH`?0o>kMf
zvaPFh88VS5@rf5XAF<H32f9~{?;IBlHbYuwcB^Lh1y>H>6I85W+qZyiV=skoPOro2
z@@D)9>*ZAT5WYRhUS%^7>{jVGHb<GWiJ`%*gq>gA6@qdNmBZlQJBQ3P(A>(qh{q|T
zdN@sXnL{xatzZiUEzQQ$H%8ObTG^$>%pv_<YVg%M^_WLM+g@DWJWPW^A%+zW<DJ7V
z?X^qDrnSd<A|9h1AnR(reuaPAT)N4_Ib`@FaU@HH#&bh(XUuzqWC<L|4nWBvK$!@%
zjI8k79bwf{`Q2A;_}$l)92$dii)Cfew9a<^2Ix|J!=r(_twM^72GvM)73^W+;=wky
zy2=8_JofI)p0MMkR3Lt`^=%M|9$Pe%yfJIo`m%%A7NYk?j1PL|A!6YN{)dVfo?%`=
zSL&hM1r06q`l8}^H8N!HaEI039PRV=%F6l-_IgJU9w6WQ9Ap~6y}dDALnH<mA#Rv#
z;wc*IM!C}0P*&D34&KC-vZj8aLGA!CcP2KmgfZ>wk!iauE94Gm2c~u3;O=E)*!#lx
z_5805{Q4@{vH^HCN(`?sd2MZx=D9!j-?-UY(HzmjXf~scB2^mc2_h3YjG?Up6%f=)
z_BM%O6jjaMjfue-nzq@uiEZp`0$|Z*mxWN#B95X%AwSJ-HAaa<MXVA?=+Nx?NeJKH
zr9#X#PCxiko%-2qGx5wp*Beeh0ORFRz6%)HR37eWxE)%Apx}a+ueS9P+3dL-vg!Kv
zWsuDkZ~qmt+3}WvYzW#&G9l0(acCh3jnmAat>Mr!IW%A<hkl7e0|yL&zLi6-2|_R7
z&>O;`J9220%G_~uIqV^~zYx&cH_3qn{Ap&b0-@Y+q+olB@6<VPFYpaHuZQTcs{LlL
z9rOlxr1_4ocfMbKGhU0QN_W8Om(v-qIe=up(!i2_62e(hNLwz}mhVFb=X;yKj-6RN
z{c=0gB&;)CpfgW~bjDpA+7bWl{`UTB{Bi!){#N`$af18S;O>vgaCSD<`m|{pdntuC
zdU^OT@eKn$6kV$?c2SnTl0~C|TCaX6Nw@^IbbP~zEz2)~EvH^LV#})+!<Kcg(@F5T
z2f;ttbRL&b>4te*TR`|(Zy`TPFrpXLHzUb(=^^&-e?fkX)?`N)G7HQ#39im(rsBaJ
zvPmX8J(I1jv_HkN<G7`tbSC}=F2<04UHoQ4=^wXPHc6#_%)rF3HL7?g>*1_(vj7|C
zfbX-*OH+dNb?WlrtO!g+-U4~)8}Lg5wwUT~ulobaN;i;)GLfD<td7CEAC*1bAV_8=
z=nEm9cdE<tSS{r-U^3<i6)cG5v|lA<yDawI3~@TIP&a*kAW&XW6c1gVbq+R7b~+K@
zkLcXSO3*7#bnR5Ol~+ue?NWNOPuBWh=R;{RT;Niw`<i+s)WB=;{FGI?N;1$q6HgcL
zh{%^}V%cki4P^yMs6RC4k7FB=r2Hf+7nGioGK?+V5SvpOU}tZ}(K()B%F<t>1Rm3U
zm--Pt^l%o^U5XWh^QjGAb_lZfjs&o~XIlqDvqoCdIq$7@NihU?2kX-NxG8sXOtg?S
zJ11H8=3tVDT=oNF(Pp~5MTO$9iY&2tPN7^~UP98W0MDuLp9KHq$!x7ki!*WSvq22h
zWQ>L?J`H#ADM$PXD345M^Ss(BE8{aEnQ0s-fMAVBNtsgG_o8<J@{qiO<q(-k-T4{$
zpDO_Q(CR$N0>O=Vj?`o(JOi3oWzYCbIeok&4%<}pU&>|YvCGO~Iq_GcN8~E8?1Naa
z);=ItUWk@UFIb$AArm|zTO=4gBG*acfQ?RzDv5nJGUS3eOmMehYY1UC1XaRLRbdEO
z_DO$qPD;%XCF3Y&-v9^~qiN8~!mXlQx~dkQm2GnAdHbXha^>M@NFAf>m6n{RFWw?`
zsARIp4@@5Wj@%&)Dp6a^PomBFla0-A%og^abBj%E-r^^*`Ou$q-^cB8+In|;ZhwUS
zkJWVC;Qo)G3qGjp!O~vg+ZUVuRF_i3{!Py$Csc1tm8|4Q6wST7hV*@&(QvS13m}#a
zsiT-zR&~|kK){#D9!ra31o7#;w8GcVbtxGRHe{<y8B=U{U0>uFT;$JSkssQbCq?HK
zgHuUs!QBMo1wV_)jyF*7fjtXp@yV<h<2m5s|Kd{isL>6gXz^X1F~zR*cL67hW)Y$g
z@!6fq0V#235CbIe$@m;a_9K4>13Ks!&>wqN1&a<A-f6!T*?nLR#}R?bX#E+o^Yxd&
z3wDH5c_f-mhot!GS$~F6e|i1cq+V?O;kL!F{x6%?zmTnev0?p@yhE1W*9%RZUB&YC
zu0pBuOth@H3QCJJ*wQzT!ll2O$HQbp8zp7nDxW4&&UcPG1sm@`kMpLuk}0<fMcbFd
zCsg4Rn8npj%So_)V;^LUYC9tg_5DMzg**)ETSzVC8JXuyADQoN=~9v$vKQkqWaTk3
z_6@br7MbbvFkW-enOI|7?JBVh-5A*HR|cY`(tt%G4`{YEriQJygdWh^YR9>INEoJ>
z(iHG@AN(=LNNx$2&w3PaDHq^o*zS7;F(42u6U)&4ytIm8zy+srTq>=zPr6sCJjyVj
zN>WaQU_jE3Yyo~C3^4jbvt_rjWd{t{3K*~zezpK)7`jErfh|(n5AJs4|LhV>2(TIv
z;DCM+lKLVWg*S)Kt}-PTrW1pmu<tWoo0T72eeh4h{qc9)BWRVFJdz96_Av7<wqC>d
zGNghno9_&|9fzjj{Lj}HH;|cnhORH#tBFrQcsqRT-E?P9K|Q_m0Q|PVZ$JG$^(*_m
z8-6P*eIFY{Ti<*90hG1s3@_dCUp>;04ce*>C}N`K-To+lJH5#5W<>)iEVI8CNT$88
z6=H<$8wl!$LxF(51JvSw?fi}4PfPf(F^{{q<KOx{$!WFOeo$ILM8cRN0dK@|)yMfS
zN!>GtZprf0Epw=!6Y?(-FTM0I!};%>7z2i)#Jic?q?|8Zj-XCfhEhT@;4j;Cf5Y2?
zt&BDk4e<h$o8ZPqRz_GQ%14cHx*2Eme$JV)96j8TOWW^#AI4LNm1^8_e^<X*Y@w5_
z>=|K|(?{5fJ_eR+cX@7+m0w+n=gs@=uuWpwe^8NrKw=D+aX?0bDks5khAWvEuFbIJ
z{`@~;6|f$B%RS;!+(!h%o_kbI+YQXhE|$&JH{PS{kcJ!Y*m^czr?>m}_`c;R!~P#b
z_g|pDtw4WBblE?H%;WqS2@q&;=vJKoe}+xC4bopT6ZuuK{dXJ09|!>X1=O#ekH`B(
zkRKTT?dDP*vvL!cnANyO7FAXT*n+z-W57s^Vwt3G!2J%e4LFTGW_idv8+>=#6E7Ye
z?7vItuCq+GDIa7KCR}NHh6DcWQhOgnr5}7M6R!?vcXcT~^@$5$8N$A*eE?be8szL>
zGE{M4rt@*%qlVNoRE#Tm99X+-`H{GL{0BPjK<iHBEI8S(-^*1aC>%ow5XRbVV);<C
zLrFv?el&!MkN&$%-0n^Vf{=hxY&tF}^D(LgLnDe24&!ht-OtI&E?3%tqBcG_t)%Q=
z^}$lH%*#2s41}N}Cm&T0Cub=29b3!q`C6uIGUF2>k&Ph{#J6DBgnRo?#H^t|oB279
zXAz1|xSvDna7>Ia?pa{x{jIQA39{18Ayd3`jLjCa5}s^`L%t~VP%>u)^!EN>E90fl
zZ$rNN8vOnj`)%NstqbXRu<;&^iE_j&LUCd#D<;5&`^cqwz6J;^@VmKm;CcQY%;(DE
zCBpuxU>HQ?W{CW;wp>A=T!`M-n4$C=Q@B`DHmPqH(jJ2eU`2ias#^+o(18tFY{6>v
z)f*4tIjmkt$o~O7X0U|})^xv0xnfVt-|Fb6ETRx6o?%w9Z}2>3*X~2q<l}*W9>ggh
z|Ifw$Gx7gq;7x_NZk`2PneZy!Su$2BCmwc7aMJ$QiiYI1`p3J-;@H8#-3)@pP-4mj
ztCDHA;PwyC#G_=y5EhavVxkaahQRo2F3SO^%w_ZE*n7L6=abO0n2=i?b?M$*r>7{-
znRe3M9$XIrkgbp8Ne2Ut9tZWC{i4GRwvfRV18m12YzehP@Yh5c;n}g#<I0oL)&!^0
zJ%!7sAjjuR>5~e;0H}iT#x+I1`-h{-WBHXpc{S>n#SX#gEwG;yC&oT8vJc$jX4=PA
zXC_RZ%q^(I^50`fMofT_r%LG$J2J(x^H?|@PnfVTrQ)=Jq6Wt;mhI&#RdM;X^eHF*
zlxT}hV_y=RXLg3Kw%5L@S!^YQe9PS{{5!r<3uM2<IG~JT;R{unH;4AJs0z6%69;AG
zs4MZH3@i?#Suq5Qb1EmL%5#j*owMMP0r?y|vTu|seHjLJC+09-x6Q=sg2$8h-$pT&
z38K51;3=maX2R+Jbm5ejiDfV1F3E+{JrJd0(ny)HG&xYkq&o=G!)4O-DVw-i1>=B*
zKs;ctBifp5X8#S{3|y=U-xDK7=-DhYj@DUIM3h$A@jlaIla)IJJy_3bJgoZQhaRwJ
z_MCW}98xDBX_KIeg8wu)@Uhu9P^~A2O?3{#hi&?DH>Tyj_fcAI>8r`^(Iedx$B&Z~
z$zGk=e%z?81=?D7)K{zkR;<w7!?@N3zUiiAZj8&^Q3!dd=sQ?uc7E_X6MsVknct)N
z8nZ1#uB>Cn&pHbp3h?-u9C3{yP-o;dUil`j@en2Hw7$lRX^n$rVi~G^OIPwWW@u%f
zG+wIovu%s9%U>>IjYIR1{)P3H(!Tp!>;2MGwBGqJr3I$-E)1?WaI^WGn~}a?A*gV@
zTG}`({G|9)5?i<e8$2(eXM51YCU%{RIOIZl^xR61=q|zbo@BU?r2ON@oNOBb#k9JG
z2Yx^xG+gFa@y0EQGaYwJxS%0NWYUhR*F8d)KgsGf4^c7p3pxBNN<5_ahONl3O$X8K
zN<_CVVZ5(A<{X#TpreV0&_xdz5~3U^n*SzSxekmHHLP>Jj#$Swb`x{?D4e<c2NADY
zN4$W2(rBsj7(+a^kY_Fj@yH(MFX7vde+%CdX8%S0qVFf=3n8S{95(an&)=f}HT(xA
zK=uC-f9JyQUi3Q~es^WR{W0w1sR>sJ>aQ~#g5L?!$i767T&mUW?61Ek<qa~RSVB08
z`C9<|{{X%r96_(-?Q$%eRiI(nmj$6%*5h9!m0h?sNvQ9<IqUG67&t&wVR9-^OP>e9
zEuYCijF#?X^flO)EiN9AjD7|TRDJyoG9`ffpXFB&$MqM2E5IVW(UH82@|Jcjyno{T
z502_8DY^El%(w!5OaG}AU2GS~bdApTCL5d;?7Ar!X353`0OdPC!E6)Dj={CiIg41n
zHkx>S=JJm8<wpt~_(it054jt+_5|44Z@Qar?bVq*C%JX54@V+)4*9hW^ntFhv~dCb
zqU*$u9}?M9rNM^(n>G-<C|PjN0J~(h;VYoV#1`ETQ=hJ)KJA=HeS(hsaF^bZ>&8s(
z8k~nu+g_v(gX-(U*BJeAvNia|P)C8f>~(&LR8pMGfZoxZvLsI?E3z|@=vh{@6g<RB
zirY}eG_kx8qoOUkcn~8Q^xvg3y9?ser7e*D;kF#_{;mz)?*yt5P8v0!JH#3F=0PYT
z&w$*%p6*N3KC>IMPZsi^@apS-`Y|NXI=D*1&sFY;kv&&aSl;f8bq%#x{R=>2%m!1|
z$D*ycNV7Y0f`jAOq;ZAriIdozD!J{YrR;0jV<wN91Q@5!a#rh$%<_Q`>Y3&E*4j6l
z&^H_F-(+8LjhQ@oBz&bhGwy*gh9zxyv5ytk_c7HTGQj_i*FHAn{s+g5avKJC+r)|P
zA*KOV*)Q_Vm=EBJmKtwCjc1Jy;^vt<b=*vtWW>#%FV^TM^XnPNSFI>`R5IBYi)HN^
zFr>3^q!Y{9HW$$P#}4fHmqbHsTuh^vODBzNN3qjWY<GGJ;#_IR2vy6{5LFl8xys*V
zE)bn0r4M)Hie<@Y@zM~|x0Yr*BvggFAdX)w1P5S%)>1~ZGuFF2JyVWo=NV<Ua#Ve<
zoZ)5Kad-2;>hy<_r~U4qAB>OXbl63EYp|rz4REF9!O%sA$ead$te^<e9!OdkYDkl%
zY|JXz3pS8z!3MH2)CO{GM0=V|Ipv$ko@TqtvQqAFZeUvXZDJW1d*^uX2Ai6na+K{w
zyT+RAA73JSnvLvbu^c1|mt_su)X1fkHvfwz{_jLxP2x$T3TCBP_G&9SwN{>IV(WPe
z?&ugvG%i9U(LFqps91&xS+!`Q&0oX=E?bd7O7;N=+b{zTx;$r_|KA4!E>L!{RV6j`
zvnBED3o+Nj#tl1jCQtGngU!L^4BSyVJ+$_|Yq@F+bEWo}Le`gYvZs}#w5aq6br?{@
z@bQ_Y{%7F2HaSXs;%to0&cHVK4-2w0xq1~Y@Ynk4dO`fZ$6}11i<YV}X>6V`?^$II
z+pD|40<DoPXXFki2B&pj<Cb&05-d(-j<N;~o{aWRu}fZ{^{L2#D86XfY1s-ks$lcP
zR(}p5_dJwm%GXjZY|h1tt=USQTJuEXAT`2<{kyvIWv(y5GytF)_6!A8OEuZx9z!eJ
zt<d*W{S(?C!0^i5iHTRsPDqwIslyg$TK5y~?pfYP0%Nl~{E(%bDB8#A1^Qq6Z?x||
zUS3m_Y_zU@9rOuoI@)3gJ4$4jF{7<H-%Ox7IFj_4$<qs9Je{AwGzc280ZN_z4HMQK
z#~&JDxq+~LmMf10jf;;(woqFmq_DD?G)`ZCRD{9W6Bl{nOcZy0Ab#}Pm71~%qQZ02
zi)5JpzhiGPi^rkEKp$Q*5=mLB&bpf{wJ83_BHZxMS|UA)+g_ZDY<q#>^PcZ61Z^+s
zfYW(jhZUjgaWy*~f>f|m=TTObwTw(JDEgg0$w=>TvgK+iRN#0B2;cn-dv-lUgTZ=b
z=UkcWF(l8uwUVbF*kd?7kEu@243%}=sr(^}eYcW5M&IYq9;2fxu}+><XRya`iq7M#
z1iIuBU4LdP#~Ioy=!mA=i}$7emq|3)eg-Zbbt&V}8K7Z}EQ4MTVC`u4LCE2;bL+Jn
z?`*If9}Gr_vdIY1$S)I~H`pIGGh+0cbKwq*@t2?7oWD4g?v=6uhjlrp7sj;Za?YJI
zL-CpHE}cQU%OF1gRbzRdHGrWz0V`Z-fVg-^H%|}jLN<zU3$<$^9R#oj4+2S3;ks%X
z9CSuIBv;xY_AbOT0Yw_ykPBd+!=zX0ByMfVV2XUO&E|us4@ZjSRuUkDF`9HT>fw<S
z9vC~`ZIDN}WZ9reP=1iBt0@m;wH=OMXr&Cap@~)tN1NKaVeCXMT1^^1(ydD*-!-Nd
zVU$&5hmC>5^643K?6SWvSp-cN#D%F__2x%To;+g0$nj%Hn3}{SsS)gpCSht?V+!H;
z22vVkV3>ms@F^P?hM@E6x+xTlgYpGX=rs2IHCn$m(DOFlFDnIS(n3(vs!?chWfxmr
zb)e4|0525`y`~&fmzKgacjo>G9>U_-9Bc%1`!HEw-?F?Zjd$cIZM<VfJv3(Yh;b9x
z2(OWrPMA1iQ~@h8jdyvY;5tFCO9bj2t`FCp+D7RItZA;G?(}|_S$8UyD~<lz67|tA
z>f`&hE{`4e@EE>C!FHua#I>!MyxFiIwSr+m(u)7if-G>@qNq2$m$#$d#NDrt_X8)6
z*8$^w))_k9>MLlxwkY}nSq{I7$M@wui*RYx6^GkvA-AY!ukz?x{G3h(db=RO^r7iA
zf+c(e5CWiz!jEG6ne>cd`PtuMZ3HDet_Bh*$NGClYEwF5-1x$YliZUz))!51j~hQ`
zglU3X@`04_fvAF}Ys>b=BR$N<Pt4(xhZR_HzNF+afi2%wm1(ED2ZV{;*q3_$5<O1h
zk8e=t=d(W+xLjDszqOFcDJG-0$ExE!>6i*fggeJMpib2WdOS*_ZGM(1$`77pt{oIS
z%iwsm(G9lJ=#KL*?t#(SVRU2X(CBKTNa8Psp|Md_W!kXMwKRkwIWz<-svctV`G{=M
z*mHX{A5mO1wI4_23DGp7KaLqjR91i^%8TYB%IDgQ42>DSJ;F!|uy&jonuhdTLmE;(
z|Kv7(NY8s{NCna61v89_s$vuQsEX-vdp13mQ154JqngV<F_+3;;-hM39M#7U;HcJU
zquRhnmA<?gjq3aRv{5}aa?*rx6CMC;yq0mOV)vwxBOWvJ;Pnk?a2xoSH|T>~{1gpt
zTXf|0+D1c}Ie><u(&Iutvg0&@T5V)P47Cq`fg!}u$od{NjBN8*99b&VIlZxdsgHgP
zUdq-$_-X=n@|gPJJc=p_omT6n6YqxQQBUv(KtFXqe*j8TxAF(zAL=^(0K858X1am-
zFN6mz34<ZZ9uwz4+a{J%Qj-XAp}yc1dqOLg@Cr4w;%i=UJhb9lUQrubQOPSxLMvAB
zR4e&x-rlb1BVdxK6i5j;^LaK`rBiK8^y^8{Oar&uHPB)c=uiOVH9H5gnsHi9FIH1R
z+o|9l4wFF%9ZKJzj_i??ukoiR^EjMN8U+=qC7LyRCkDPG2)-mTI9m3Q7<J&0%W$Nq
zc!bP{&Ee%XYB9P%gW4Oey=SdjV-DtKIGX-;G!RJH5henItY-JYg<fcU^vjcnGcG0%
z+h^A=4?D?xef2n99?qx?tklKf^byITw;Ss-+wg96Hzwn`Fd?}1|9}t-kws{V?f_d<
zHbqr9Ma#4)^1)H5{_{b+$+I+R14UIZdzP}fX!0+^Tr@S##k;!lVMzg>3`t3<^ba$w
z2b%|ZGPo13c6tiTaj}a8I7VSIinHpXTQEnMe0skr6!uYd>brkpDD11vvpnrRe?HxJ
zaQzhecI`)Hl*(KAC)2wMPt40OfF&c(;fE>o??qxqZkiA;__`m4B&FKj6<i5aWp)sJ
zSF6TiD;CEIzTZw7i<@9Eq(c4ESS(`kb%JmFpBShn>v@dL_MXKUo9!*r6>U>|rIX<6
za?03}c0upUKNYb%Z<>nRVR3iC7he;xJDW|#EwDIA@V#<6;+Tfj8jG7@ac9AI%^4ii
z_~&p;kYhJErau6-wD+x4S7)j_OLaY{u7PPTqAXa~n(CUF>Kakqg=ewuYE#{nRJWJv
zt~J%Qp}N&n*V$ATPjw$qT~||G7fWdFk)bCkq8EzlUGvz~^gS6G+9LIg0j3eabUqUb
zbAu7);4lW$HVh`-2(toUY+*31j4=NNnAk9wCPtXY0p@IND2&Ajb0@$Y3xlbtHNe~m
zF#E$`_VRXc$8QEOKVnIb_xtn#$>Y^q`sm7~uaa0pOS3>~h=1ZhP*8aBKW*9G=qo;A
z#JP@$bLoPw=>f#KGtc09y>G%RG9T!@lj=S()qz`C1Ui_15S#lSy|T>o$`aEnIx*~{
zS01BR)|y^f9r-IA4~0(DwEc$3Ja7jDn%-}QAr-_klMfjHmjU3&LlH^0#i5ArUpQcR
ze;T~+KVW?SDt!NX!Iv8O`&|wi-p_#d?R@-CU(7_BE-0UAZ5(FZQ1*61Ea|=Plb(XQ
ze&K<D`u%4I0=}V4M)9YDd2|K*>I%OW!!HN?S^&Qw2%PUN_+^7%FJZL&YW1$hWJ0H5
zPg*|YBge{>zRC30phObOazUE?t$?xn{_K~p4{xVAwd2c#!qpJ8yCRAj>B<}H%p23h
z<K2@C;_;?Q2Jv|HB!hUoWRgKV{&12(JpS(_gLwQbd&pXB@pt6;n;#iLLFs<k=%cuM
zpiLRh0BAs$zY23wYOo71qfYkhPk`I>IR08M{@Po{*E$7XLud7tVXsB=*B&yycJw~|
zH4wekUH4IxJ`lInjr;*bY;_fX0I^#Al0Sebt^N-m_|}`Iit{RR%4)>&Pc1xrfrS)R
zC|0xwb?RLBa@ixkfHUn>(J>!pc~DleZurZ1Ux(dCeO<o6(AU1ySKn|{%mTdczTnS%
z`U!xoIiM?8JA~J2OHp&LVE{h%fSVHSS_Fp6x4Y1=e4E%q<`))!Q*KE58G9||i0+2^
z_Pvy?t5AKJ{mLvm;=a;Xt+fZmPw;PIW96(dihye9RleTDozNxl)<Gdr3(^Pz`2q>g
zA?oI2Oit~8lsl-R9ON#zxD4d)2e0(w^K@c3&6AypQvP;41S1_()YXgF%$uSx2G17C
zn9Dd@j0PZ#*Z9<MNANsxWB_%)WipS~XtwXb!7f7OehJ9V<>M@50Sj3+hFLXhSC}}p
z?`ng!tI5uFtZtf-k1Wu$fUH*7(F=^K$l6uQ<>0=}>>}{5H>0`z>*EpaUtcEs*Hmu*
zI-2ZXQ-k)e5;+5q>1!tFFBad9ro&dUD`wpS9f2Tw?kjXbbda=jVi{&;^o|D2A=<AN
z{bAwutLKUi!(_wt!%bYP)KF7+wjZn;i#F*QRCxYzbBM9%IJl601E&Ctw9+4TB)g{?
zZ3q*5TT$EFW8clVi8t;EoA_`?+*eoPlI&jkKfsE6ABRo6rNC;x?L!r6`pazv%7a_^
zT-%7&rlFrMDu<0Hj?BW0_qx?$Sz;7sTM5e$*&?+bbHt!|Jw>B-r$`D<v!U6DB~FRg
zwg@O6tR$V2m7QQH)(W%arR)e6k!vtuFniYQ#2z%;i8;MV-(AW;F_L|v*t`k3$wjml
z+XB{N2?lGiv6_AICGEv(N5TMy!(kU~@U&ztF)J~sH(*>b^o2B~ZHnVjnQP@Hi50kz
z5^JdtO%jPKNj!0|H}>)Cg`nlOH}*q(#Q61ayoSt)aOU<bLTVy&!~xqWHcqi_@m^pw
zL<DSxV(#o<Ro@4uhB)*Zs4RJ`52CQPBhmg4Sc5?Wq1L>IW^B{nXF|pU^ABj;9WYI`
zGl|^a*WVj9{dUo0#nvKPx5LL?bqwj1|4M*58g(e(j|C>#RChO6m!)-12<zO8d@@_>
ze|-{%S@w+iKH0?I=5zk`hR)y6*-1Ic_}k?f?i+1~I}8Ns&%e0s@Hj}&2`dBlF9l9C
zAD-$`#!x~kG#~zzNdM4{Ncy&$i1d?n(ys*4zyDDr{n(ofq@Vfkw%nkv>gl!-Es#S$
z4Wy5Dv`3tY7eX9if3T2^m+A6B@&6q&(Rqlh2IJ(;Md<tEQXIQn%Ac;ZV?}l!#8qP3
zU$9IpdjV-5{A2$_&U3*&Dc|59i#DQ;AIL2$GVRX=dI$fkq3EC0ggZqd#cxH5-)giE
z{XVjNXbXo<@2l7rfb_n~syl31?~6yDrF<|sEYNhC;4DjdzCAQ~aCHuo=_GF>9!Q6L
zSYn4J(C-BHdp7?a$L))=(OFPZb`dpC*`lSM*QnWMpk`eEgMCm<INwa9j6Qe1&FHiG
z9i2V_9n|8X4vse;_aRJbkU$<V69NY{D#fq03;7y&HCC$<hr%Wv;!Ui)E{QjqHm7aS
z9>zp}bYC?Or2wM8?@%7t4D!XOT~5zTa8;S|aXtHW#%?gUu|m?4cRz;-Z?{{g+QM+!
zm9!k|xcfy*9w}c+mkP+9g7$IlUoxzJ(7z<UTO|LIq5{}Q=i{n^dszB3N3Q#Em(q>m
zzOW+S0V3nLZb-&*HzMOqos543GJa(el5wAI1~Q)VY+HUEA9%`0#zD*O&@UG~38ei7
zmW>8ix<L3&9vwwwOeVq?BDq^eCSx^pM~@HN(T6=^+R^<{DLb4>lAmqauC(*GMnQXT
z!#;lhU)#q+?Y;jG?cdI{+K~M_^={g~GtrYObpOtUTs&`Z`IWLLahqe>&j%L5+X=9B
zFEnoDN}gSFUfb#*0#9YX+jgSg$w2IxK<sg-;yp;jK4%jVd$LaKab{xARL}Ghgb17X
zzD(o+OTu`-FRwEmu<{L^2cY!s&SiUaI#BcD=MLfyJ&FDGcjnZetW$qnDD@9Kr&E8X
zI=&Ze&Q`T!FT&=pJ0=PG-rbBBzSl8{qj<a7_3h8Ov=1vo9WkY6En;~)wAP%#ZGD=d
z3EqC0$1~F}I($zHaL4gC?l+`*?>AB>Ueey@KrX2C2U+2I1A+sxev+lns_74KE1x&i
z!h84yM`OI+P$lhpL*myPU@tY<_BXWeS2J>DXO~=;XKWtW=v))DulC#m#sn=t4jShi
zW{~WpGqxBYJBHi`ark!+S%UBkw_>8iatkiNU~B0VSb&p)(FQVj(}c%lgMV>{O0-fH
z!>m-%e((>c<p*bnDk-hWaj+kp1onelvXnoJ_Jd8Aj7R&y6Xi8Uon^~Luu8>fZ*Qah
zV8Gp+><1ZM)!oq+yO<TI&Q71wefq8J_$J!h5A?=#&;r@5k@d-TdipW4+#*#TZ73^e
z<Vs%?IpswC0qlIq0d$WwMh?e(0JqDm5kS@eWAxj*_7T3i2m5mx?;F=W+6Fd&Uw+}&
zlMqx1%0FY}vS&b{oIaqq=nC1>Ku+&(b@$W4*ZiU0D&W=e8=)^wp$4b0J>#ne!Ey{!
z?Hf*&3!xVu8eYm~<^E4i@ug-Rw&H1?_Z@sU;z*!vP1|7ZExJ9+Ro(D73qPCF&kp*v
z`}3$Uayk-Zo{6+{wH-L8jqcuiJrs{e>13yp3VQ)#AO-y59l2g?S{LGga5f*$MIWh(
zF<J`*InRTp@~S|0z;@GJKj?St0kv=d-m%ZsB=Kg;ZPf7>`{*5accqT&y*-bULNN}Z
zX*>0D-h=Um<fO^LK5{Y58+%(<I(KnDu$5it5%_Brg&MYiUTuv)_U3D-d;@i^N2g%N
zPpe<{$BttVGqzZJZ|H;8?Fk6*)p-jc^RsTU3_uxe|GmBdc?500*B1!Oc#+9CJ*;L#
zm$23-IHU-^JL`;kXd4zM2)-kfn9^Q+(dg5!QFQSS+1&b{HHwe2-nCoqC6(NDTqV~Y
zPDE^>{<Tcg8*1;w4kTqAnEalRN&K{_$7Isfi4+nJ%XaYE1a<FlAG(i^y9Rd@X!u(h
z)1j%IgC79M_w^QElPPdUk82|7w^Gp@WI(QzJ|IslE05)8KQ_G-vYG8?Q=)_rw2os$
zYg^iambD{8uae?+f>?H^MLU-MlI`FJ!<K}O)(jmT2WjZIblk)VnoVIR9XTHZb&L10
z1VGRw96?hl*UR&_QcATvEkA1&nP(ufsq_q*VfY(Ih_wi<6^Jspjo<Wi?Tq@sm=TYT
ze7J~xU%E#6s&M3}hekdC)?HGNR0Onp!XPgLtl$uYdAi4`Xu7XSK6zx6*K~HLbb%te
zLawr06~slfd*TL9m}?SjxH$doiK6+k16t*Q6`GY>9&N+?N{8ChUA6z7EKfs7f&Mzf
z(%y%n;dUAB40}T&1+lz47}Q)vi}7JnAHi3QX8uDRO_#^eke}*BvtONQAAE<?sgLea
zbg6y^=LqH*z5DE%O=A`13&+{bqvw2X0615h-Iw_6HqmUb+V|3Cw{X&!vEzzIJW3jX
zIGkwh!xaKeYXU|l!fZBT`6k?Zhp_ooVBf3BO0bIM-$0>q48GA=8_w5hrr|(<U*2%p
z1;Ka~7K7y7PVgNRf>ZSB^=yjnxDW^|Z9@gGLqYZhBVTBVFWw;dCYg%$OLE_ZNH^A@
zBP#0}fGFt4wBYO<O-6Q17xXlC98Km&an2e=Xi{uIlM;?5Hr+|q%U@ua0)Xn{2MAMa
zDMwJj!Iu*q@@<;YCva$OIoHth2ELq_{S=nd%8!AKmN(%0Un)&CJNdO6S<EJU@{|cd
zyW#>1_0SqcAIybrN`TFA>OmI~tAyB3hKk8i{QIf&oXM>*3+el@BfF4^7|{JvSiG-(
z<WkM-3A7Qwm((4@=ne$Nss6wp0Eg8|{(!M377YvECFpp~7;JcI#vgDwP!(a!f+=8{
zYdQcJE4Fg*R8#3r8pyE?Ap*;q@ofZBA%ymY@Wo{9B;ct9ICI3ktO26iwSsRJZCaxq
z!8>8_Y!BWEe+ICny$4X;*QUBJsqT8JTWP9WPIV&HeP^nxrn-}bShvAcx1Q>@Qr*v{
zx{Xx#HP!7j)j>)Z^Ck6&I*M{7sr`C71Yd4l=q>iJI>YsDdw|IagOQCe=Wb>&J;Px7
z@DJsw+X0|k7{E<Bz*hj^2m{FEUqN*HH^6iagSpWN^9aDinM4qsM@>E(2>6@&>EiJS
z8mh6MSxlA~$HfLj{#`>2$iH!@0r^)AH6Z_&>;aNMHRE!~i&+lL677ZfT2HYDe*<cr
zgoNTO6gx<EcnDxiPFeg{0Q17`keG5Cs{mp^omNg3Nf@bWdX@uIv%`lWUJG2e9x2K$
zt0>9@{h?f11vYT1gLMg_z#a1^QltI~J}~U@sZ6asKl|m6)jh!D)a|?~Q{9kB!c0L6
z5N3?$<)OD{ftTF5(&Z3tUYL==wgtTPohINZjh&SBcq~)%G5&of#=jrI4y)3rQg}-X
zfxol#YlNJU1uu$=Yan)h@I39ADzW#ol^S&xTWMuA8)zG91l}@4#Q)hJm2yN;dD^mj
zSB?#pze*2FvT{mJyx>v}bH~Bv;+$1zcl;BiF;Ol^<(tH^{xQ1FG{;J6lj;i4ZApnL
zof}}|*8MYwJFN0Xh%sXw=y4w4rwquUit*1pGCTGqI6Y~yXT0k2Jf_NNM<wNVS?s$7
z+>%6eIIL6Oy%(L6I!lV`Ogt|2wxD}br9k0gE2Z9`SNjT;Yoe<Xw;$GYEgpm58<HnQ
z^4zB~xn(xy!$|Y9k4R$QpWq`8v5&BktC{R0PUUEMh5If5gtc;}on%Kp4(Oy{Wr-F#
z?li|fiDj+v9PSdzD=^TKI6KQioHR~Wa)dz&8?^6Di<WOVai=uvg2fc=mT}t)(Dfy}
z|Ej_|I;9N7Ey-g6pEh;?Y7P;>@C&}%EqXj3QwPN|Wcdo)=TEDXhQny;pohRKVMNEm
zhTa5Bo~7Y9xz}B0-!Qzf<Y}aj_jA5;uueuv%0R0R3bg!8iM#6cCc`$JqU(6Ja@;t9
z%JMo=vL(O-`bU`bA(z=6xTrM;oHR@#JLxtbsKo5WulSqOuFJZN+p;3nN`W8X&`oiT
zF^0t0x%>iO(6aub#?X_e;!Zi(o0RNtXVTYXLtvgNRAjO>yw&CDL&AEh)AN7|;WE>H
zn-uL-_QB*ggO0?hYwyPCUn3{}D$jz$X36x1a`h@09D9Z_P5Xd60?~dKoRhu%Ymtup
zR=AE~AIfuj#?*4xnq)FdJu9c}p2W^z+xe$}cil&yS|=&noQbtWM$;Q=tBpi7?IWB<
z|9iwAK&hQ9ryZMowM)5<&sdJ&J5UGNs<QQ9bT+VdvVvdmhvx!;AOo>cfWN0_2o%`F
z2Fc&c4>1@FWW?BLoxJgwVg4A8xFAsI7BDBcml$DS(jmF@!WGkcLAa$vKfJ5qmxm24
zhe_oPAZiYbw(=|+^f9>q6DVAgRC>-jb8AQl=z8+IDZn^@+to?lz5%IHy+!gSMM;70
zrHvP4xbuNXYH6p$ry*=5@B=HRdkgk|us35o2#|w3F?EBKn4=h8<=FJc2YO@1Q-7Td
zJ3QG{Ho_>Gyfagro|zaW+m&`6mQIh7y&w-)tdlG8kUT4(AxAYK2i_)3Yml`Z{$?w+
zfb>(@Z|DRFe7;B7L(NJ{Q3p0Tb<)Oj3?+(M4)Vs_0zI&@{?#$i=_rV&LvZA$HH-8h
zy?F=VG|1khhBOUYI10ctm&b9GV;w{Ai7N0|XPVy`WH48#zYoI^B*=+7WfON{l&i`H
z?!qWn%|_POVu-@<f^GNda8>b4F{|}6qM=XAY*s_lg4LU^57$e{a7f^%I|%u5j03}%
zrDww}2za<roO4fx!*3ru7ve8U-hNhD+08*(qEc>^3v>|hvIjMqGy!RPeDeux<Jw8_
z&3}e*U*}W~$jW*3@SVVg56Q}5{0!S$nqnXnHp&P5NsPY$C93soXpG;k)}YhSo)9>Q
z$Kh}$?voR@GQzN-AL&8$UiKMZCTN{0o-+@=o(i3Vz>l@Wg_6TNdW9<AsRd&9*Bgjk
z;(^$UU&n6vex}HTrbVFpAcH!m0{4H&1S)xB`#pC%zfjd|E>dB=T%HGVU7m?~uC&AM
z{@@jn5Mmz!_mJ)@QY!p5o-b$s#X<RZh0K;rT)Y9?XzzRh<A+*VD@EUv-aeI`d?sAO
zPCgXLg&lh~=C{FnnN)TdZjPt`D(7T4Vz$zv-yBKQGzMcI8$Dw5m{AXd#-J)QF6gp#
zGuOhz5jO<eE;g~*;^M4EFse*CSjSFTNjc*s(Z&kJ<_vQ{Y-RoMrBDO8Y?|pZtb*S}
z;a-Io(2Ng(j<r~~EUDrt)v8Ft3Fo?Z+L4+v7jLG%YATR2^Y;;L1d^;XWjb@350PF?
zIx&^b;S)j=H;gs?RcmeHUScgW^iO4Ll?h30JDTn%`f$H;_0zEyE$?lS8f>c*w6)2?
z+j2th^tz!dj6OoitWGYSSs=LY4}yFJYuHr-X{v*C%t@&c+oQ&QpeN(F)`^S{StkNj
zuJp$WCjAy{<=0kRIghPW--iQYh&MA2vPQ;79M8rV^t_VB@eG3wrD{!0yH7(Zy6j8F
z=ppJU2OgV&0)h!=BRE!kj<J_}-*A6~<h}O$FP^-&CqEHps_!STlUzdBX)j3!coG1v
z!ITHpYT|DFf-qNYH-MDIb~UQIL(p}$aq7vNG(E5H8d7`AYM3PWts$AG6V!FQ`u>KH
zFQfEql)GK&S&O@Q`KF@Qj1Hzg4RqfyrDCO|^kn~wwgzHzcr@?}<Q8NJ!*-?-HW~gP
zzf#*_q>lk?%N%A0X3IX*`XEFZz-o+V>I(!QmXlbv4sm#@Rqc5z+SZnRr6YAFWumxK
zg%^S78Rxr0@@CwK*WDYzGPAk@CeP`OvB;&h0e4R)?0kWWl9_egoJw`kLBrKGkf$9-
zkA`ASh~Tk8Jpl*V_8~-V08=;cL#mw;%Rk$elu~BR&m^wIyjt_AzPppglI|Zlnfp{5
zl)}R-Iy*wKe3D96yOXCi;yS<xT*k`nHyH1NiydTCbf=@;-!Meq)K<F&LH@GRLj2{a
zd)jcs*pp5C#Tuq{3g<7sQk$c`<pl5Kw{aQww27eTT8X#-xw=Oo$LV0WKkcKT#>jC7
zegj#uCC@$V#Jnq%KWXsKzD@MZKo~vGTJ;hqP9RP2f4L9HZDf$#@*}tyJx5xu=?Hsg
z5cUpMSb&B12Mb5C!rQTMLa=bWnMRv)8jVx;Il#<1jEFzw0Ik$Y0C+15;5`mtRo?)B
z7sCKP=Ku-nOaOQX%$YO%z0lc!7P3`8ACFRfp__>b9PP$2R^8u?bRE;8b@Ktc`XeuV
zAUa7q?`7S2dv593=*MnXHb~z8kGnSkkD|&NhO4tc1A%G~rP&h*ng~duENLN{Kmt|L
z(I}{KKnb!KMuZ3*3B!_LCj({Mno)F|cbpmA#(l&YM8JiFB|%U&Wl>~@P)!2~d)U(d
zJ?Gr2uIg^0e(yZr|3ANvbgJ&TRdvt3_bm6`v$Wo9VN+;A%mT@>A#i{(gZa;m68r-s
zPdBDulXb>N_x2D(TeN5!X%pKDVq1yncg_4aN=#=c54c*ZL(+P{?vSS$@(?=heaw)8
znDP%VIDw~t?h<fC?O@^OMvXv6-8IqPt_RRjaZ{rGIA5hC!Raq5c|p0J!sYrKUyxi+
z1G%1}$@O?PmD}D*PiKTsToU&!1d?DB2S=#|_=-Z5@YOslCZmo49f;yGh~jSL2aoo=
zPJG8{TBa`$N?S$uhBA?&``NoLtqR%o-TrVV5J^jM)?Y^)1!#KzeM|&#q>O1=9Kl)x
zC7^0&J?(oU5IPT^&?{U_U={K-p94Vbl?<AJ@#>tun%sH1FU_tNmOepgGnN;g6DS`K
z%r~cJknDNPhNO-uht%3@AR>k{sqqk(8hqyXe%=r1<_z=4G+%EEq?_jJzJ;Ol_3Fr`
z=j-zWe$9OKG<SLm8Fwqr0QI9MQ<5X-9}6a0g8ByySp@kya$(c*HDdo%U#0%xB6QXv
zt-J2E^F<Bsu1EhKvK}<|SDQw2e{KF_Xn%csPt*N1w*N2m7qvfAT>hB7Y){e6nbpJX
z7S>k621qnDbvwpNT)ajt$!8C+3PRZ)adGfv*Khx0*Uatj7S{f_Uugg9cQoC8)A{xy
zQgIkE_u0z65z8Nmg7%KESs?12Cy%Yp3eqq^JXk<3away@lgm%C>-!z3zwje5w31ZQ
zx+V%W8TNun<0rz=*rXZYW>kI*IU?6Wa22U%q1tsjX&$Hs#4|3GfvN%;c>q7cFA)#Q
zB3Vtr{=Biz-guXwE*ga%`&i4Btkn;OwQ<ym<#=?137F9kyy*5G`~Z$B6it8}kQvk>
z4A0|j{g*zYgh2Z$XpUjo!s<GM2WRYV6#0Gl#qxT_t$eVj8R0l83T=bZe|QL();&R{
zC9}fS4@HpPA3PL6dcX2e)6#oTK$E?RT|os8<9S2%3eiyEj<5>-^a_W%z;R4ih0k^I
zUIi82Yt)oqSc|m(%(#B4zrT|pE@#sQ=9IuD7^8s&khs!haHt9Ic1fC1hBb+J>XIwH
zgR(t(FmYs?>br%&3lLnR`nJ~wCP${HZkI#&=d%WSLc5+XhZ8-uWz%6K?7D`~lQZR4
z^8*{>2OSx?1NrEj?fHk11=vDZz;)<<{v~sJ?+R;g+%L5E^?v_H^gqG|zJGT`VXDz)
zK^_3XGI4U3+41n*K>nJ1Ao_1^r2mdc{}7R-CZjV%W%(rru=BQG%>eSv44}F#V*m^9
z`^^l%b=xm9fY*|KBLk=lX8_HS0d&_H!1oVCU;tk~5P<=_|3Cx=u=s&r%K&<I`~?OO
z)$tb?z(M;jFn~%sX8=gw(0|R?ENYU-`zC5c-ZPP?_=}4MBJVaxBk~vye*Gd5dCZpD
zfTmv=<mH7Bd07%lFFy}$nqH>%`OWll3!|5*iMEWglVW*m3y?RP43-?vkVMT~Q!J|!
z^vGg%vh_+Pt-s4nx~<n#QMZ|Vnl6*r<#f7C)fWM41lW~y(el_H*@p5$CU}^nIh8`)
zauV#ww^(%B@z@FcIt`{XT24x6zE10H?|`@8F<4Fx?3SpL9V4<6ZD<`}=PU0hS_jyi
zo%m{O@&I1|y8+J0BhG*zMI<9dWD34pf(o}?O&p+&e9Im*@^7B+t(ozGeoor>ql*oO
ze0FtTf;OFgNT8>tvZt=EU)^=iJYU+(3!N_?Wi&lshTQtg`ZO4)8)Slm%Y<f3zb<ro
z^3krkyRJXot%-{J{}!~VRzqdRSgvn}$cwXPd~TZ?HvjMbh54WS8|MFO`ut}@4FcmT
z35+&G0<tHDkpS%GK#~@RG&t8PmaRlj+1NN6(+r-_G=rTo*fz%`Iz4H0^bUv9;Dxfp
zC}p0qPp;622;vEH0VArr+9hH*%oP(S6;7Hqandwd8E&7PSu;F-!fe@bN-U4D;MR&A
zqrXE4N}MB=Peh@iKoVK<dC+faDy2ZDeW#!;v9|9-Gaj7zV9^G<77Uqp8I7v#WE47-
zqoI#(XKajE1#+i>%bfy}J6CV%!Ob+e^eBSPMBA{|v|sCO9p6KfJGp`2TAI~;%p`ZF
zm}Jr{^eh_8h(s)}0XYO=j98Z-*~vA{p#RvU>LK_J)1q2-f+#5tijrBZu)h<{kN|@q
zpo9TB6JU`M;6rancY0tX!n`IJ<*rOWOt6<sFz~@J3zdspsI*p}WMk`7!#0hg0$PQ8
zpu*X(3U&G$lA*$ZunIr(3QWI*3g3lQcu0T4v9_$jh(_3bja?SUChp(0iQ9EVC*t=g
z?%HVLPTRT*6?b=aC9bryzISlTz>%V{y6#=I?W`Ml#gFSr+}*gLHlVMUgY^FQIy1dL
zRvb$2Ck8i7?{j-KP4ALpvsgCU65?pHNmh2s$~o}#4t1yr^A8a*y7|C+yfL>)+^3?R
z99U@Iyu|k3jAh<EB$l}=%NWP}PzCshyf!!(zr3i8F?RX873fZ}Q_b#rECA-UkSsuH
zUj^G7nXq)R$boebyE#qImz^n2k4ZE{aIOkeo`qoD-k7)?Z~x8gskk^<SqCAUzxT(m
z_a9)Ft~RVla_kn%VHWz^q*iM8-!_K%j2M!)LcTNQisUXy6I`7o&#)vms2L%V8$Rd>
z;T`7K1y>i^sTmn>t}({9kX0G87UvUxUk1G|h1Hfq-uF9tUp&2!G4hc~q3;_Md|yyJ
zC|7u<hvrhv2%A2a67aZsv#ji569|mul+&ho@ro)gf7&7isxnF&8%t8oiqkEI-rW{h
z!+Q6O<ZYiSF7KZzDce}Jz}z4GEp>aYjZorh<Mb9-7})7JQ}iM0;O&O{zZzrAZxG!;
z&G%?g<-bS+cf9C(ym6|ejI^=&D=8T1pN-^b8vn~pjXy>3-X?qF+UIzO>|#%~Z!as~
zmR{Dz{~)_`wLxz}<y)uYbkXbncB$VO?w|KZF-la11?K>G;r+W{kf5edIU2yY&x1*N
ze4Wq(&piHkqPGy-PlF*P`o38L6LD{*s=1*iN(>*veX=@-y+W#q#=hg!&)D>k;k3hg
ze}i{MKzW*WSZ~3?+k%CCS8;}Ue?$59lDC0bHiK<##;}&fVF(!ii>4}nf-22<l|NAx
z-|RrZyk5sM`9Y9g7L%Sj3LzZzMRi+zSW72YX!@1p>F)GA!IoWzT@Lnse+O+oXb-GK
zSSP1vF!*6Z;%D{1bc}PY7PA-ocgmh_kka@DeKQtSEZ-RTs!`=KP-B+9U&=mS0>M69
z{o&)C4E)ph{VT3^lIIS{|EdCW-}*G8{eAqqtyu}VWcj-H;5*=u4~?Hcx=$3Kkt1Wd
z;=`3<GSda%Cj)*`;KvXzr3T~?su`I!jF*pT;EzelW>n|{TOny=qD^dz$^#@dP!3SM
zZ{;U-<ZA(L2oAO&_?XdsG+tdr{a>ITO|hYTrb_qw#^+K^&-r^mod-hdM0)pQq*tlS
zeI)j}v1g1Oo}uw88zlH<RN$RyRg;_H!N;?Ou+hvIo)Rt948snf6plYu8uo)sVvLbV
zNs7}mC(Y>yxW>yh>u@Pmv%d7}IT)?H8Q9k$y+DS{RuZPZ4ix$QsX65*i&_N<p`~e-
z?*dCyNNROK{kR3l@jCxH$ulQ~XtrfH(D>%qx&GI+2j)EV%z;<Co(yk9b94O7|6O~!
z2HV3~$egah`5h*3jQ)STzu1apPVsg6E9!sUU-PWN{wkyf{?rBgE6)j*$n3jQ!oM5+
zU+bT1&4b_PJ43&t?`Jr{k~#ACWBzO3pJ(_!57+clXNdPQ$F445^B5(t;Up~uMZBS)
zKSU}p+&e<Xma*~t3}E8}g8F=aRyYz1(}RUWSm8h{l!Jwm$-~bL+&otOrWw<YU19q|
zGr5M|Onnb3Obn~=IIqxLT?iFMff%ST+sA=xGa9O=UT`XBoXTkx>`!w%^X;-b5G6hf
zVL5Y@t7yL+%`_9cw9O|)OASuP!I|kYV{HLx)ys+UOYpy>Y>+M<l9IPU9Sejmh;mvE
zO5#`FT-+wrR72CG?@!@*W_wWnn&o(=St(TqT86>~q_t#7h<<y${2hI)Io_$?36#J?
z1?_JK>{G1A1Rfi32}X|4da56PJB%Nq_$1}KApy#?2v*1BjC@RUMm`3rcWO1yaP_yF
zIt!VlwI!0LmE;*^%UT3Ut*Rw=^=T<#r~8m7SvIq>+riab_COc|&}G*%w6d9swSGur
z$&2CmWD8;HY^CIlOJWGEhh<KzfGwQ+gYN+}U>*$_Q4clp5dht=#Wtoo*~yS2S!xI|
z#Pj1?9l|n0dTae5gUWf#PHN33hkFYl@>Z&;gj8-!U1E!w<{%2&j<7NX6GMD}WWAA%
z=w{=H`s8-U0@typEiGv!WQogXwG_)12;jSP!Bvo1RU1u?>IN!@P#mpceD3i$@3!d_
zPTMn$MZRB0;jp#+*Jw`Rs>P0+*Vr|z0b&^#z&Sm)Xz?djgKrx&)O8k`$`ty$`KF&g
zc5;OrsAei=wbS!u4b;noibe4Te|mZz%Ux%(;RWcj&n7f`ZhA|p{G@A4)zRqGJ(Icp
zVpezLFiuAuaIm#j$+4H=Hwg5<Ax%2`ZYPJ|RZ)q8zdEST2UL599=PRU6PJ%@3F&E{
z9Zo7A`yQg?^xR!m>2it7cUK*bPCaRscg}vizg1`t#Lx1x_KaZd`SW0CkEnM#>*#&{
zHl~i>Oj(v$*R!^XYPYCFYKi|dt{<v%Zt5ZAIF5;BPs7GFw2(D9Gp$;5k7w`ky&h&r
z>XX?M*VQNPl5oN6^t9vYyquP;vYzls=2?ff$~@~39F~l;0ZC&}fh}@X9a{ijRCZ*P
z9xcfbm!F(0PFo+k{5`@}y{*6RGf2ou*bmF#_7JUNH(S~M1glzqHXG6;SO%ZZu{7o+
z>>KIrvs|h=8sl`dPjV$?dY^)z2`4j^lSMyGuE52!xa&BZy=`+W$7GCDvCigyJ9WFi
zh^^2hus2qA<|tcol=UiX)G*?e(ayNQdY?COxm<N5M)qX0iFUW-5$;j4dI_u-n-5)-
z)ypb-hxEbN7v5P`b!aSDYhytQ`%DtJ&D<8tEuO)F0nOn4ZE;#okM#CuEv}7`ER4^!
zl9ZX&MWbvOK*}V`aQ~n5Z&701C@J+42Ey1VRUMCm{!RD^5>mA_^0V^FqFXap*ff6P
zv_z~0I|58cJ&3%|vQ<i8-=5td6g4XyVreWIAh}1_qf)oCn^JM{8Y%hyh74rF58E<;
z1AB`Z``v}?cMB`HleBrZG627qmQi$I1wk7wt6hAx0gT_$D0|xY-!;p>B%D&sDUOk6
z1a3^)*%Y-WS{6av7clu&X4$yEE9LiqNDvocZ=WK(+{y@R0FT1753IA93|$dLTadO=
zrgK{)_pXa-(GAFpk_^2IDk+<5{to8-oWMHg;E9QL*Vm}X4=o)MFBBiY&)es1nN6{g
zp19leG<F-LuY+mqYDs?K#Tw-LhQK8}hgc0yewL<>1W$m*Mr<XG7#puG5o^Kr4Wvrj
zpJO=>bH7ryG{_0{rH4v}E^5!_9gN6DcP$%{nnmsJVkA)tBq1wt{n%{Hwq`EM>Ic)c
zA5GUHoBA@k)?+~mD@akFg#!0H*ePN2J%x$p(4CT$c0Hg*ydakCz+>=i8><zvTcWmP
zwS1px{wX-D?uNEAI<lp@U8*`5!`^y8^0qH!|6Y<D+n#AHdHZLhx5NQ7#yycIc?Y~R
zVH8?nTGcCUI>X52h55_nviaupOty{m4tblAba$!hSd7zhOk6}^KF-SSBMpX_PYE?@
z<t-4?qS)$G2FsRpPGtgPP7`cS&y#kia**ju(cm|+?YLyw2=`2pQmkl|1AcffRWX5>
zA-=ReBmO&B-F1Yx4DD%VgQLviww(odlfQ$^nhkCNUjzSDC*FKCFswS}mVoR&$|^o-
zhxk$^Dpxl>bTs1n4VK(F5HFbgo;MM`R(V?;B+zoNO#!dT_|W~xz<LJC%^A#eJNK)o
zVl`uvI7uiz3L!vK8zeq8m}1Rz&zL^q@?pE#?C7I2Gq&bDpcV;1W(HDy5-y6HP-)uR
za2Ktf&5hZpH4Qt!YBhw^Iwi8X@kpSlEkIi{(RMFeyWhwDH8*KP%}^T}&a|Q7s12>9
zcyw)knIN~W4cUJ|cS=tbymR?b>mv3}?|g>%44XPPfUZ#~tQS&1MVpF^ozukrVJA`B
zKkN~C|4_5#I^Cv6aAU`8kA@pUj6pKV3L;iRs6k#4l&l93p$5EIlf&j^j^|$1D_cP%
z$jU~Ui3B-yjj}bd1mYq^2#d4_#OmB$AXYb`SZ!+*t5>qwYAgX_5Y;gG?M&DpJBC!c
z<V^1f5T^~9N)5yy61Y5F!<bg<9LrC#dkvGPYi<4yoe%{Vb6fbD!Sdo>D^DfK(1O-7
zDrYKrH3&P|+rCnAuVK7>6jPb9ES4d-;aJM`^JWp%^JYxthMa+G=&2ZXznLlNTZRN&
zEtu#e5hT?N15;tae=@Q@oW%r8oUCllgphg{O?ILvL7GdB%|)%Um;i_q%ic#z@Ue-x
zjDwzFdSe|M+d`F1f2VROOF5Lq76x(tZXxt1F24*?-81)+O^TkSmd<8s>EOT`arx|)
zj>|=(WMxC>`9T`0v<{}aN>*8E$hz~smM*qNVxQRP?^ywlGR3p~Hfg~cObP92DS7{d
zDl@#gK6N{6sVZ5H?L}o0Xx9*j3LN7Y3#v=qu8wU9n~-%mo~MLNPj*9jW$_)da!nm@
zxu*bS<UME7M{j_n$l#VbJ~IVWofFRJ-m=F9*gvE~xtxh<Y3ppx=mM1#Z%1Ze9qN{u
zj&()(tbc;}K0TJwVus&Harymhz^m@eZRzr3_t*Fb!TujUxDNA&#{ya*?Qwe2WbeYD
zieJY>HY9y4hvhU4RJjz;w)7$`#6S^H--)7#-RV2cE3Qy~HOEG=Y%A{I??QFvTRHg$
z2+vp55bg9#w}J-bOg@f2j*d0x-8OSvaJL=oppvi25K2(l2=yFm#AhKqitJb~izC+G
z<L#5AXMI)mtgjG|M9=!#8TPBe{DHm9w;5L$C#B@`;4_S#m20Ks?`LL7RR`EK^h?QW
zG4%635J5k7KZ?Gf)*Q=Zwk|#Ex<O9fi{PKsuQZsXNi2W9q@0nx{rfSoz-GOxgOq$4
zD{oXQu=40clzyyXyJclQdvK@h*x_mmxl*TVZ^O85mO6mTj`L#KD=4Yp3(#Kkvf@tm
z5bXP(m6ESW4#q65q231@(lt)y6tuDfz8414vKBW0P_$ZDsnc>e2fl?LO}^-Ah2YET
z(QW{{!WO44oU`5*bleQ5fU@!!YkiC=E5k!)hU87ZHFuDpewTYRZ2#4LA|BMznwUgx
zasCG|IzWF7*m$NCYOxb}A>$keGgn|}!m7`@3#7!ykI~oTxl93yr&vM7tTh8h-p4+B
ztiC7sgD<XpWG#G;v9sY(felPc5*IGT5J6WYZ|i^78_zzKLs}G;jc0ml0dKOV7d;LZ
zr&IM{I%N|fdB9)rCHfPu1)mrtPjmS`76{B8TxN5yv})AwDaDf}-f_Dzi&$AZcq68S
zVvoeqBg2Dl96H-IsXC*JZp2@92r?H`nCssZtj`*72djU(UjN@vKi^_%aqVfn{)6lR
z!10dY6A%N(_gR$b3(JB}jF>UKh<%|@ub&I`8wFGSveU*E4P^EE>-FQI{$_J0jXrJe
zq=EfSopjP-G=kIJRd$-u62s9N82l{A8{a<u1dndCw?5d>)2C0>>w?d)-b9Ylr@^|z
zr%oTwP|}0*l;xP(7mMxdD)<JP+c&-5G*Lp@*8;wI7k`56AJufjH(9sTWOT-^(H_|e
zYW-rtgi_1kBiYl6p3>`nAViGT^s-?3;J0<*AJnIYYl{C?L)|68x{zp|)tx#135`@-
z>ET9;5Q{|bjK_mdk8;hJ0-Z7K3GH0*PF%MGt=q;hZZaSb3>B2a5XTns>Z;##hB&qZ
z++*&<^PX1+oefCJG4-zgog)}a`~MBF9t<|Q0{KB;i#yP6W;=x`>#aweN*6qg3us?D
zbxQwIC46ZdeW@e=QXl@MAMRkwCieH+JIwJ!@%@a!To`VNFM1ppk5p4tG5N28CvHLD
z8~3Fa;=&Ix?$eFaP5}Rjdrq=!3mk-gA&VsSo>LknV7xRoPk<6w_rx1WbPSNtU-?|&
z(ZJf8A7n$qGcp=RMJ!8*ikR}IB`0?tTYUXV)4LcWq<3{MdfdPacfgDddD3HklF=c5
zlJTWr`=RN+trpXh_h0`>!;~KnPrk~Z<gQO0%ulju4^J`<5uE+tYveo3=Q{7{11GN6
z(}wSz26eZ;;i(VIPcc@YJrzs>T=s>D*ji#Qv!&VFf~no(%&%e`h__o~M6PH2OjsNm
z5?6G$_DpZ{Gg;$Z{F(9EGeg52pZvFJoqWP?dYn-n@8lU%u1|eG`E{BAqic1f9cdyq
zk7&Z)pJ<{oB~lc4qQ18oOxte@@t+r$-)p&06)%>*01@_(V%8wVw0}0R(S4aw%r1!0
z<4vFF1Bz+?XUTFoaLDsa?gEfGrDFMCcot8ahGcUc$-XJYX({YKjwD`cV>B{ah|pYL
ze^z`(v<=UNles)lY8%#c6zIH!Dg2&T!C-L59XiXRK!}4v<C%}o#lzvs0atecqWLIj
z80ccUObuD}am8ovd&30Z4Hy&B@YLm^>pVqCOJn0(W(vN&NOTv~N3XR+Lqerm?ct0P
ze1C|dw@K(k58VU7xXTwrX+6Y4L>~2NJ(Pm~Ih_y}QnbbX>v*~;erZ`R6Ti@7^|gtD
zwIuJQT<E19>$F~?NYanTP)FsOI_gK<T1@Yfh-Q4_qK#&JW1=x4f9d>Owk}#+4XIN$
zqzg`O-(K)X%u;3dg=mSke=b7)V}^vRtOKV<G(R{6dzY>Hv(?jrt7PkZ4EIV0`@mTF
zLX|}<>y1midvl$h)EvkW58FTBPdS7wb080MmJ(2BU+N^V&Ub=+0YlCSJEJy?kf)xC
zNfh{D9t;dsu&Ec9bSJBcmNY~qK23S`v`^GrmNV3?ogi}H=)?>x0&@#K5sFo+Ux0}o
zxCZ<<FD&Lh1kS{Kt_ZLApgZ?&@JOm2+z>Ju3uL{ay?5gFJNbJtOt*J24=fH*Ga213
zUEEzDx7gZqJ-G+w&u|6ujs5laqd61J^`B!sweW=YX;Z2*I_c^Xk4=a?BQz)geCU=}
zne0EL&+rX1uQS6r=IMwzN5|B1_O3B6vv<8}Tq<-?wcZ9?a8Ywco!F83+8Wx|amOO`
z^@UokuVF}oJ$>){-TC=K(;a<fYm*&4;^pqxsU>H7@(wRzS7<WI*yvpNxEF(;>|ce6
zp#1HSzrOPT@z)i%o#h6ekM%Zk*k~li&J>$4Q?uHE2rt8`v-;ZwpXFNUnfdQ@qt#Jt
zG<_o*b(49kdXOz5bX)igb^95b3Ai4D_y^U!1%Fq}9d%6o?2LxVha5btnoLp|@HJkP
zQmtF5T2(hM>|9NzIX47>x$0yNY+SDw=BfAdLLU?&`r~fx9J+t;V9>xRU)e#2{jBSJ
zIfHONV(%eb36}kg!!ZB`ABwAaaWrm04LDaz#h>uvbTksU3w#gCy5aQ`j8z<=uqv?i
z4DmW(>D=b`{RG&pZUNDz+zo-EEPzhp(E2GM(3=68&7s=~DwaV?LS92G`vjqhiNIy7
zM!)QahlY{Ag{0I1S)ya>y%pUBUnN&6IGMIQ5+u`mGZ~rQtMl@gO<IXIef%Ycb=bFu
zHNha?J6yh39{q@69p-v4d=2K$WDM4@(+B3ksRkWqj{d^F{Eb{+c|_ATY`{6(>+<!;
zeG&ARpH2P{Tz^<X`U7k<d+xDHjt#D^QgW5#zGNkfb1oRaY3NDIS$AWUSO%es-Hl8X
zK$6h%3u5^vTsCH`PNWupbEv20Qgi%By5>?-N0&)88EN-UpBB`C<4h~RL~QU7!FOJu
zQ0In-Is2Z=#1WLR9Y1UBNZ{>wM3>R=)Q(Kn4v=l^<L?C9@d0m#-hdlT4T#4Er1AAQ
zqQ#d7XAWuuF(P;9@F|m~PUOo213IqE@TGyjFTIAxI{)yX-aDrcn{|b93u+~;e3C^&
zg@=KD=3q}An;`gY){>R%V))eYkYruzsx?6h4*|^dZ+shtI#QDk>K*ejZ$eGREmNjX
z3r0G4!9uYLtg>eW25l^ayJDl*P!H;2!v&6dqrtfk!=thFq_?{udrN`=J5IrHdIrjl
zXRNMAvQv*Zz3FrAa4>D<WC%Zkow6IyCXqJS)K-j(u_v9DT6pn1wm6pq>)}<f_s4`_
zRYNpHc9I?Ii$K-xwC*nQ5rNuUU_S$8>Jqa|^$r+ufP_W{2#rA?tCq*1&?t10&~PV_
z(8y4edqIAe0XH5nh#6o)Y8gFo7k}dZBu&g*OoTJR^jV$2KB9G|XGDWn3S=txHTYYt
zKyi{OR*isYY%i+1Jc(w5;`=djz<2dp#C)V<z;^vc*h5AMG5$nP<ieL$_r{H7;BUOB
zcC{t~#wKdXY92_W_56Yp6`T)%KyFQg+vb2K<rVOOQAR@$PkqPnvo&||9Y@yme9lb|
zs!KfGd3VDb$E>COO7r{e^oB3@M|?k@TID+jM|yuog!h~Lq0qMn;&YVF?*cKa*sZcj
z@(i_Mi0h&lc4;S7#0dk>(-yRZsIHYkU5OE^I%#EX0P@CQvFA(74j?<Oy80<&6B#j0
zuXiRNqw{0;JT}IIB%VP)@@Cgd?wWe1<EW&pFFL5_s9AhA0itU(2qwoAJ^c};Ndn%(
zv-ib7{;Vo>h*-Y8IecWjjlGc;)6%wp`f3ZFzz0r+(CY}Cwf>3dS4+u_5`;BWew38U
zj9J=eJSkP3ik1S^vQjU*4_v*+8@KizZ~Gc><fvIg?u%>elV!}IK^gdTdK@a+;<m7#
z(OYao#kO&q*w5%qwzEUUl9(;<o3#ZzH)3)e8;X8#I;vg047q?{e4L&rr(%(m+wnln
zUB$%Anxf-mSy_69^@)NMH8#<Hk2mHDI-Ujl{UhG*Cn%__RI@fE{dLB=2AqB(6V^4m
zKS>utf~lnWhlZRNv1ueL%_;gd%qcD7lbx)r*y?UsG)9NB;fMCZ4LZ(&@(cO}cuu8$
zQ+j8-xVTD6-XK{vO5XlaXf+Xtf`qv*ECj)-RA#ylM1zZirAi9a@bkhfwjd7-y$};^
z70W95eIvhL!tbx~`&an=RetY*_PeXEN`WnsJ76jKkH1+3oKS3&l+9A|PByfbqHcbt
z8DHge5b8<+S?Rig{YDpc5tlz5xDa!P)zw-Ge52hIwPe*{UvZ~D(NHXj*&6|1lLDLl
zOuMLV^vAN_YZdTjN4+Ett=B~}EI}l=%O!W!scda;(Cz1R$qZjG?AW6%7<iH|UT$eQ
z2p0$#Io`Z(e`k+jRZ~N0KKN5(-cLi&dmOYh_|#1P6s+enSHxf;Uk+xdpS<231DM*;
zPfw<qB$jVr>=utGbCkxM<Wt7{rqyEEfEda{Z~&1#8!5k@!M$apB#sEltp^E)T^;pg
zTpME{x86Gbbx3}CgiqR-pM$g3sT|I6Tq7EXpr!2Isjvk-qwcvfqi#7+?PNp0;wpXl
zZYiNk_ICMJ^2U4zUvXO0)a|%`B-*lez^`)$B-o4jf&Dmtu*u#+L+UO}&9y_IKYE6)
zb+Ti#D>>{u*2**%8T2Ab(M6sX4Mnve$ss(m`j=A)f~-*~17f5Bpm^}jgwBw?G3$8f
zF~HPAeH*0q=!r<}$3ILLG@31QUPY(L_BS+T5-Gme>#Ans{ML_5zTU)cJ&c22SQ`a~
zB6HDuwC-tRkc>@jItdrn#)#z~bM9f6dgIY;1JjECf@NdD0~FHF@e_mHyY!uS*QDZL
z#({IVSpqTz<c&;>k=$UHVeSu-+f!ioRSUL2(Vu{%!lFNYv^!leM1ShYm7Gqj!5Eod
zZ<tj(ak-l}49>q;<EBp06;<#zw~6J0ao+(ON7lCPb#|EBpyZSPVxQ<9Xkss6HXw+W
ztw_30yTk~r6?lIrxSto>FPg6N0SWYJFND!1Oqiy$b+W;y{qg-hjo6*qWx_6%V>hI=
z7TfBj3u*ub9)w@EI~^BY`EpGS*$A)GY=kp(`~L>b{{JG`{~u|>I#|}NgXir6g$eEd
zF&Ht3sUQ6bf+mw-6<gki@dIDK2BS`<pIH4Xa=iTW*D$Aho7)EoYQycAdiB9O*!79q
zj|PKWEj_OWw1naQ$Ms?b*HgTBq(4^&l(PEZ+k-y&6AqE8w`sJ&BR@lR@`qtW{cZd=
z_}l8C8Leu+Lxvp-o0{PT2M4YTA?o{%C*Uaj^E1uA4bF=xaO}gX<i6b9mBD_yxl-A0
z$D$Eu#p%u2zx!H%o9BWb(!m@jR>8k}swRuOD$@f2LBNA$(7|`63;yQp;!$>?o(UWY
z@I&WR_K(ZYTr|+*!L>nkb6@K2V#>s&Zj6PxFLf-s7d!yiKMB9tntjWks1>z=qFbS;
ztyUyLQFGq1y6;0;=8Az&6N<%Fj$=o}(T+IYP_$3OF&f^q_j`KN(a<+(IKH`q<M?lO
zp|%O)$ngvF=Lh@c<(cTse?NKi$5v<BEEu9ZNq5f2jIT*x5y?rwJC34GIz2@~j%Tte
zc`_kzK4($D6`H9j-}e+ak7D#8mR~~sLJLBNiWuzxUVs4PjM$s2>2(I)q{V_98__2}
z3F*2{^T{s)eCN0LC7*n!BOsPnW1;SoU!W!gj|jkl=l8l#zE$(dfBw(|;Xe6Lca-jv
z4|l&qi}k@%dGK8F_YDaNqZ4U8IpSBwMF<J=VO)feFt5f%2nn+wuIZ34DSAK`8ygQ_
zLYQC9V7)@!c2=QJScN3L!e*$@F|5K;JtWM>P~i=B%jOWe$j3JABA=vo-q({a72EEk
z{loV^H8{)1omTlG_sm`bKldqZNS;|#8wibu(P@j>KmJ}vsDJ#oR}-4_j~`o`@GIhB
zj2@MxtOxUb<p;LVR6Eqd1_xM)L1IqTS_>%6vB7r2)uTPlJ}krRXtp^lUaA>}SwS-v
zJ(*TL%wb_=8SGy!`<KuD6-qUjF+&jasGyIomBBRVqI&FS>Wck8_e9Y)YiVyx9Lb8l
z<wX-&QN;Bsdh%a{<uQBFd}kB}rUedMItKz#pKeY&<#}A6y<rC_&iOb9fYJZ-h!S|r
zb=qX71kgllGV3^Aynz>Q<%&m=p2&;RG*Jz8&m7Q+CrHl06LQ6}!YERLl9)D{7#g<{
zvnwkTB+~)a;utWmu|oSDg3Ahh@LEd&J?Lc5EUUWd1tw%*S=AFyvesC+ar{no{E?mp
zMA$qo>&n%WJi^$NnJV^)zoqGDqW3CvhBqOK2bYb2wcZ&{Ey}pYQNp?b^13FeFH&FR
zv%V-0%lo2V(9Aria@3i8J|z40vsO&~#g^{TGFz)*`s=L%TV<z3Ow$WVM70&cXh<6J
zBA&tWCBf&Hn8vKE_szpRY^F}vJEt7OhG1G`>a0Ocb=IA)N9e5l`2S{SJ^lwnXO(rg
z=xgt=iDTsxC*L%2_Q1sH+YI|SBVr%7YyQ9M<7<MUk4H67AN#TJOP=YwQEk;F%5Z-{
zZ3VQ=^c`hxVxCD$j(2*VEOrk55SRiRKaj=BJPebTN4epjECxZhhzmL$&lZ4Z``9Mt
z($HrAJ3L>BGT`~-MZ(h^1&70wN^GQ(buDyaCFLk}IgVPf45tVtaj%0FB_whGy`IGV
zxa2-`)ydzTW2uw9aXV8lz{;@_SB{v!{Q~5Bz5vTh=Xn7VxSyw#&lhk(d4a8^s@a0_
zOwsp}V}~m-bUoQtRys(E1@?+?tHyD#=s5cMm0y6Zw2P{Ifa&APlWdO6k$A|RnDu;-
z%lLV2c+6}IKT0<xS1Wrp3Xjsa#o$r;=osTsdTxx~Th>UuWz~A?kR`0QrvB>Q0{i0M
z*k6n#Ta5X7BlnkYB=M?3IMh$RV4PpoV%aI!;!-aDAJ4Dp$Z04Omc*8_l}5U{at@XZ
z>m|=Jee)FR`G#12Wsm-Ue*S&47v~?N-8uOY=3ha0$n%FIrc`*y5@A-B-vp&$8^x(7
z?@{Jn<J<*0>XcZv5CDQeeZM=Zx<Q7Hs>hAq@qD8fb^$R%`w-myk)fkvHm7cfJ>GSE
z>hbeH)?YiJzjoSKckK{ZZ|$Jo+KIijQ{VpC0an;INgl@0MaKOo9Xs@o8qz=S{|qzW
zNjCT96r1`7a?>lQL`7tbT>Z|pAU%RLXOJFa$?T;Uz>4k<>ejie(1wK%1`9{C!Ye{(
zw02flD_kcqmRWtCr=`;Kk2M3*8nxY|2WyyKog5ajs;?eOy+2gw7FMALPq2romJRCI
z!s<M5Mc4nUS%qO&LMzl<3%<nvisViIJYkTazR?4>6+VRPSLpg5aIMhw%WyrfhrZpA
zr>1V#SN|mL{K@_de~iDg|4w~}pf%KKt!e*$s~-9N+%|2QaC{pnzt6tYThR9wZ0h&C
z_{n#A8}qyK{M)<8(x7xc=!h_BTmnUi1050W-!4Nn(bbk5aWH9n#!sv<ZA^S4T6eAC
z>*-OFat6<|XGzlFS-Gxu5;^_EuxBOrFv&V*t>j({r+#C6@xIyscsG%wXY~k&fQf`X
z^Htc@FGF`0?=UufTQBc3N}!|;xcClL$-IzR0nR?vu1}!?Uyd0qYifk(rLgbSZd1Cj
zstpYJ$;KoB{8zwNg~Qb!p$xihz=FSI2>k4`MqPtdF?H5M7_R11UJsLvsZP(bXxI@#
zmvso|mRUMKO>i~O6qgSl=D!L0u(CrUsB!G_YcQ+|<fe#U*Tb7STu#DI{G&ceYo+=!
zT!*HqwvtaOh9r9b+Nh?y&v%fA_mFix1??fVvYS5LZ0edVG$DTXmeIu}eE&l^>-3c5
zfqVf;;Pgz-&vDd=Wihzffm^6K-pO{zOm1cJ(-i3XzBN4sig3-tT{|81Oi>ns+Z^%0
zLG6@3Os(H#*xX2}&PtRh?+&}l(-Z2@=EiLTnM0rnmN)iKHR+7t8al$}2G+tTw~I)C
zpvf6*KU}1Yz_7ECPdghg>`DmQ^ugBTcvzE565lpqGi}*6ZC^tQM)HT6PCdFH+>N5h
z2X$ik71+=KtI`NTuA8BAV0zt^QQ;dJKVjkMU?HP}^z~TySg`O>R=5-k3xb7DnAwp7
zzM`B`GuK4it;piw9snK`2EK!XqXB$#7#LIiG4PQp2L3lLdCK_2(1Ul1WzCIYDvRt+
zm>jfUX__DXDnsT6#z795A1-uFgZZ&_M}+y|`Ze=o$$B<F7F=j@eqc1pkohrfhhcs|
z6iJ#N&fxr5yd}c?h!6vr2QK|p^JB}U2=imrr3mxmol6nsN5!RIo*zsPRTC<&J3jy%
zRe9a{0pP={uRA{gyl%BNKO$^x)u>1RuJ2*Rt7)4ILM>i(?9;Zix^E&D_4(gvORM`c
zwU`m<UE|Z2H<IMDtMwbH`XVFPzgOi6leTg26#lktMYVwn6ThQG+SkwqV$tYCk(|*n
z8~3Yl%IGP|kT9dXCtKn%S(*C&Xe*enS&3;jKIJ9vqjo&daeDi@zI#A0`zKCJOyOok
zm}XtQ^()q_m9BA=@|@DiPkE|v`V3ZtRz*M)ZKHxTQ4Bl289b3=n!0McwoMaEJ+=gA
zmhw8D=2X)Gte)`RK!R=5kG_mVf|!U2KUan)74XGe3W=uPWBgt{z1L>p-?Llr9^Ak5
z6!3V$v~nn}-_gLhm{DZ<8b*<IXOJSXmaCsuA2>>eg)5^#l*cW!Zh=I_M3+0aC15qX
zv07&fnA=lhpm)4<sFxWSy<Tf0aw}CZJQM|<v0qZhU=t1qya`*4)!dfg(utZdiZ|gs
zV>NgNny^IBn^0<K0u%?#3}+Q*LAiR#I$n~Ymux0o%<3HMg6Op?nY!sytws)_=a%1X
zvP{w$OA4v-&zv6x`u28{zKvdC?)2XgEMoHQy9l=11p9$tJqWhP1lvWhW(3=3g8f9W
z<L3}|&;;8{u+0QJVuBqY*uM#O%mh0ewq`gBHUms%4Ecibq1rIJ;TDYq?h4?mVc;|l
zZd}E{y~9=nBRP0KfbWW!8yvuu08R}9r*iNc01nR!-j28YSpdg|HSHM=o&ew}?51=c
z>`SLb5r1-e=1Dn@MzO30Hm!ItbnjD)A5BcOiQVx~+L(=`wfez|FeQy~0E@-MaHfLL
zI|k%Ga`ScB%|{X04GHAig8~`If5F#`{OeD3`~})`!t}@N@Fv>Z^_`jaAU4zQgLHRH
zqdO*_&()B84kbRPCZZ+nZWPbm!{#}N=!LNnMYKwk)aOhD5#8ZT1Q8u|CW44QdAey4
zoq|HPR-Mnr#@F*YBDz)`x1tFVU8`oSh$y0$HWD}iz;8id7DyMtgn{M}_S$mIvUWmY
z;kcQzpL$&L2n%|Ymd}o%?QO_cx8&h}vB?(?c6CD%`U(65p&G2howrBvq<LgrL@PCK
zo*hI=5}!z8f4%T>vY{mg4ynTI)Zk;E={CG$zT`H%tElCy#Y(PjTwMNBw3dBOd0v-n
zg>>|_?O+0X{YTsq1fvI`T~bQW#G;G?V{a5`XP(xivCG@gt<|E7LklFeNBI;Y7Qy>7
zTerJ7rXK&Qr!Fc1yF6}e+--Fm!mh<<+Hg#t@#Hv4D45$#S~YnFyPP$BhQXj6vqp>M
zt<dfR6cvUgzK>y9fQ#sr45a?KI~ycrFRbTfSy_*KfN4bRTYp=IE=ZEMz%IM5S&CYt
zPAe`K7G(>58?1{w==5@2of+sC^h;_HP4u5nc$RAFz#_V@;Oao7hT{f~W9!vz3CCW`
z^bxFDMI%_9ku+0BYb@BKuBVS>p_cYMy~MrV4w&ZC5VnD>Xx8uKiD?fTy{$A{3vD!9
z2k3T1Yr0jbwe>W5A0;+e2&)Dv=hkfl{%4pzdUa}_FLCrzqBv%0-0Hon=DRoYKicTc
z7(Z(qD0bX;k12RT`|gDn!U-P-i#@{UuKk2hMpR^cu-qGatQ{ecOSg88US1ToJ3or!
zQxHY?6i_+0{Tr}xr~#j`Um!k92%p#oR+1G^@hY&WS^0{<^I!Nn;-L&QS5>x?nGB4F
zI+x$TtW&4+8z40G@$ICD7pr-26}Hj(SFZP%j|%=r!0lJi%p+#Y&|OgruNXBSI~J!1
zKJlutxD6KHEco`BirZpwvfz8iq(12`l#dhBA9Mn^c3O~YLlD3oSeO+o9A@xb>I0rj
zee8m7|J6_~+%}*^)BnrAds6xvbA@IB%@n;DDo_T1^ujiS1offTd>@C8K=W;e5xBh7
zFajsH8b;v2R&4}!va5{GEZkVBPF?<0Pvk}2Qn;}aY*)R(3R6$g-sCIn+J6fJ_~ZE_
zZvKeBpW%^d`Xl-3<M7CMc;t8NC-tO%99BA}%J^iR`l<2B{`jPSFjc)vw{Ph36)oD9
zRnVgCqY9q&<f3ZPKUScg|B@Dgg{uEcZ6ov`ze-Yfec2N&?1~{0%;HMSOmk7doU`R%
zdt!{Q<F2lNmoM9*1|X7U9gmt&quySjuPTexa{g{fo%1C%@CGCJnJv`Qk~)@y&%H?P
zANvF?VUN6Ms6OaR&0VoCuf9GA&QR^F(Ek7*a2&~IUt(`{HI_wf(MGpnGmb8~qV4%Y
zd-pbW1yRV*24Lcg<bhDEZe+Eg<N@BoRg;Y|rhQMYOAsRGYhQ2zt-&F7{SJ(b$Yc+O
z6zYcyu)44B6v#7d#U0!;49`-O^;yX$rK+Rx<kJgt9#2`(`iTjcssLM7UzNq7S79Gv
zD)O@LC2w4mq^yyuE=Nh_+viVFs@=8Gl4YM1SR>WcfL&_PzB?1_yPI3-1Rm}i`MsUr
zU*q?!`TbRXkKS|cs;g39qvXD9Dftf?Z*P>6e}Y@rFbR@5_L7x->>`?$JmT{E15!;j
zG~hzaP3#?z2^a0QL&`slST2d#n|ye{2A*+)NVjk=Ba@OeP*e)Qe!CE?2VfV4+gCqS
zI}jQC61*KtrX!dby#Q<gXxnzby5y1WJhGy?<ISECnCnZ7si#)@X2)XN{4E*sjs6(+
zdksc4d7sl!?*z+o94M6Omi1EAHBj`V<T~+LFNCnPoW%W}HZT=-L>wol<y3H-LhO}|
z<Mj{0JYJ=OalBl!gJZ=cr(vAFpmBl#N-$1?aGbj4C?{Z?itY>PbJyVTad6!dUM7p#
z-}%L`e)%>h`GnJPfc49Pr51FeyfcPu?#YNc^`uOQW<!i-rkVI3H=So1JqsbPQMOg8
zIvgW;huFb976!6Fz2yxWtpd|%{W%(T64uKTPG&2oWXB0GiO(1RxDr*`!&0)}X*tOV
z=<7Z>{6DFgDg6YcDl6G1xf?8*u(K&-cRZQd;=4@uwLrF*bs|eqvy$tj*CfYUNgTEt
zPjybIm*Zek!7x@!RgG*IFU)^Tsc|1;<hDx+R7V=WVKiP9+W6tUYZ{InT|a?iN7v(N
z>^6f(M9FGNxg;rDq~u-TQsL^&exqC+BxNVNh%U+k|A)*AF@vnGf!rH{?vjjm;2hz<
z2}Y_dj#MicDLwziW`m1F(76ft)F+JrzGsWEmLSt@S1^qNR)wBD%8peMj@eo~ID+Nt
zfUcjimFw~&N$8E8f?IGvYi}RH!=P1Gk`}CDI#l#x@qVag$H>s?oUn@c#)<gGBCB?|
zG#aa|*G`{Uwf8$i!V9dHjVDf$=k-`zj+E~a%dT0-Le14oTs~|V>kamf+-oq6n1tPL
zI&Z2|-`!8=P5pKT&zpMg)KDtlE|!r6=vc(<>v#|^XZvy{j+`ucH@Wvhs*qKaL;Gm-
zQijn>heP|Q^f2LM(Q$e;<t{;;a`-wpB}c$%?$zty^!+}<Y0QowPWQnz=m)|6N1J)|
z!rGpirB#8IpZ27vHrU8j)?Qd+5z8h(#$9EfTvZ$6jD}&+5W(Dv#ADS@*lT>ZlIKIG
zLropWi7yVlN{7Vw;6LAE52mn^r52{#f*3W2r2p<<(=QuwnRG)@9Sd(tW4G$zC_GnI
zqXvOeUju)X<4)yZYNdM1wVO3<qCnmFAMXFYu(v?=p@v*+w`sZ9N?Eseq0DQLxYYNr
zbYUgPb@a&?w6|k~q@5A+G2QxpNd7f3)ZTRL_NMJkPkixf>`kweuQNR?UuRy1(^DW}
z!p@sQ6LuoMh?K8)(K|hVTfW{~zAzkAHJz^WLBW)+^HbK(>h3)qe`~tV^{eQhs;P9H
zzGV;m*Youz?vJn!CSqZTZT97Tqrz>ok7D7kN!RIOW6)%}&QVaIsdSyULxrZ&b+&~H
zzb#$o{H5Ar!?l#CDz40su5<cY?Ii0#4nFB7CHuiK5%ZU|{AWo1#kf#<>9eJ2diiq2
z|NHck_vUY;my4hOYI+IDZ@ue7MlbK}{>}9A%ICjKFDpO&@6*e<JrU?-|DFi+vT;uY
zdiiY6uceo)H-CX%dcOG!^b+;vFVM@uH-0m{-21UcFIgWGLHt~5pqINVHG1jA!C#dU
zz4Xe9NH53VG}Fr|Ybd>3-PAO_JpWnK^b(ri$`t=qqMUz{r@3fn>P0un^Nf}09vF<7
zDd4%~Y^`tEEv*bjnLdbV{+j17s>$)(XCwR0=CZPe!ZB|wJyaqt-#9rW$KP%NvgcxO
zCo%<h@@%)M-$)8%TPqn0JKC(2hiZ<qO%|uGW#!Jql*yv23IaCQXO~}ajdL>X*JjLb
zk}ZCDD#x<JseG4{@EwGRWvda{GsNz6l&D3WQE_rAmvfYL>cMZ01ag!EpaU*vPiA_D
zL!{^WOr=^@d`?iViauqZ&B9N{4%;+P0Pm~vO3ZswG*7l{gy_#qH@86uB36?%+DDl$
zrpLBt)l&n;=6}yaM{g|u#&yftEb&VpYbLhwxKwqBwXr{Y*L+oQ-NI;La>7PsThWi~
z5zIPM{!LM9*>ah_S7Y<Pn_B4?Wy@B7bD50?Bv!SkPPR;SuaiRZC*;C<g#5_oPl6OV
z?gLjLL1Tcas}DuXHI=l6HLic|fi;fR>MDWjM!JTz>OBFvp2@CT;-y&T#%+KtXu}CE
z<dv`iR?k*{Z6G#4@)}&g-h&I+PPlq~KwNI)UuA0@o7L4`3RH%a6*0|tjh`)@)?D-V
zV!w_4?rdr7?-X8>)pJGTm(Bog$y;YwCCg4pIRn0N=^r-?1l93*_J=8rXU^O#gybK}
z!)=}`G~b<`frj}GF{<*PtqnL?Uxmzf%*8Xzs(ZEBA=iN(h<vkLbt(=M_^=6d-Du>L
zJzA3x6q@|thJknjWyOdMDRROEj8dM;Zbv6(u&J<yO$D|5r0aLa`OYTN$sEghIpI76
zGOjuh1Jg4}@(i)yj0Y-nO$9vZpyRT7y!r^t(AG29=bTDyd8I4Io6RPis;uYpJp)M$
z=Xz0R*|JY|SF>ri)`k<GD8ly`@KtbaM-xJIeO)bEUabGO#UGWr-H9>&^CHH#H}}7m
zY4n=9jwuv5N|9Ao9<}8#aZIPPz;!N{SOnQSFHMHkqyig%i!NhHhU|IB1|?~5jyvH`
z;OL#5kHaE9T$w4h%`SkSJou5A>K|WPJW3GD2Q#@}TAVAmT4lQD$FPElVEO0Cwz`Yw
z3gQbNz@p$Jn(@JQM?8$M<nJ5IcT)t1G_0LZu~pbqwupjgG1*pWf;3lhd?$K;kCySp
z8LPqBOU<cHpjatT^U3vTvZcn!<3s<XE`6UiTCB3?sRDWMQ-$Kg+l&5=+ggw)S@AoQ
zuNY11*NSBfbN0Ty5Mmq7v#_Vpv_2^;C;&y+*39a2T{r3`^efgwqt>ynVKjjIl>R4j
zlv>$Q2RktFu4mX-H?RV<+rMI;;gqTvRR`8Wzz_Gqt2y5O-^$*YExNyd%r0>E-(__7
zXTR-tfo1$I-Mo9J<k;luT!Hr8ZI~t@koshWQ);G9fj@r$Omze5H~&gN^N<{6Qa+m!
zXz!j2KK!zhT?qC@c38<vzIk}=drY0pCW!PJdslZ!sbb<MmM!JuGrz{OIdRx&+4E?A
zj%Qv0q-VU5eSdHkn=RQN30ls^q7&>TP?lM0fq76M_hz#Q0-jsy*%ymLrZQtFuP=kB
zhp`)AUlSCpl|4Y6150>y&$=T_;@`Mc1AToflzx7=li*KdPd-jh{;WUw06YmYP<?}*
zZ2y_|qzt9=4tL^S{Ly>iD!tFSfr5I|`6B`U6aGoEQsXNJ0m}X^q`z<wvEps=3Ct}9
zi)nBa#5W}Ti6Z02V;}l&_4nfLg?S${ouRY;CaU&7KWm??U|0CO?0r<iXa?%uYmEUt
zwP5_m38;gnsl(syiB}owkhkd=W!azjc_MGix>;fViC`AZ^al5e=TRGZ;cGn3JI@$$
zHq*Qn4Awp*(VuFL-=qwZ+{1FM;G}Pp1J%fhCoF<j$d1jTcQ$)T&XbLKnAs${I6t#=
zZem9P5{(Ab!nXo}vdW@w0ER)l)PJo(=OxKADh=ZhLVsLhI)S>QgGC_n_dIHq20w~%
z5N)mmr_x*U0`Jde(|E5Bb`V12_0MB(+?SKwXb$V~@OH861fC<DmmoeqBVLJ!SBgZu
zl8Jcj2I9R^Wg^}jr4J+Cqq1W^a3ibh4-mYA6)@t(;2rlFf_EVC_R)zKR~5gWejz$X
z7oy)B!9>82vuk(JQJsLTA0_}RX4jJh=qX%mP!Nu6CPca<=6H%&N6pD~4xW=ImV=uE
zc!cI8A2aq@jaXKL4EI`ChjlS^*e2FtKT?PN2$@!Y&-!XF_SKe39Nrwoby8rho8JZv
zZ)-scezck?f8|H8({L_P7^R#K5`>Z7n0^>(#1oh3RHjIhl9?-cWAK&eg0qR0<oQaj
z1p?WrC$*QCyygESB*PLT*Ln4fT%R}%q@DgWT#sSbx)(#d+ILX^53AmB@ngU`b>sUK
z6X7LS?~weQKrF>E!h9!W_fZ<1-V!^T0pjxGtQkT7qQW$%r51)^+iVMkPl3o2%JIPc
zX&BjTILN9PnQ=AQ@!i}lA(?1`<Qe&EJfhld5xzIx_`SgWQiQK<3&u#(=AVHbq|lcn
z&%;QKP6`$fQ0>bCWb#TmwHS%2M=Jy&+z;vtTucn7c4y^y=j$zw)ZR~vP3_Hy)LvHI
z4p|2uB97SRjKvVO6jye0{-ZUHg46AT3=+e6^GwbT140{Il*T$g#Sk{mo&NT>qr!7{
zzKDgH!NLqy_y;V^2^Kod>)LaCU29icyv)|MN5ky$rUkSL>PxJ`xUiM+IK4s*RLBhk
zg3cBX{#}bNI`Z$dvOWB?!9B;S_UFalKHb}7FKpVcvBrSR!jPcI?lFiUk4t&DLO0r)
zI)3KNY2%;baVhoCj^&S|-}g+k3PM+RZXW1fkE&Y%9iadIpFR2B3Ab<3440hBM`(fz
z<}TczhsTs68$NJDhS#p7$``WPBI4wYzJQa#8w4^Od33270C8$1`>poW_FF1+>z~Ta
zS^&hP$BSISwtv+E+nxame<8Fsi8}VncXV^ati<AKIwr-YE}<r3Jez6?Y{c!VD7KLL
z>5JSd01#M$PzcRqAFO|LTnn;si^nY?wW8e6GlUVG&3dVu#N~7<u;}?j%6@^<Id;^N
z2LvrPK%o5wFk8fLu~#Hnf-ME>MQG|G>RhdFOTVOsyB-#8WC<s>ElW(ZkeOs9e-Xr|
z#Ha~W1x|}A1^N#j+rS^o<=@*796SpQPJu<US>iD<|NMeJ9*rM{#Ke5uN|s6m79LxS
z_E{FMN<jOkLJJwsS;2Tt$<r;Bs66)MqtxP3x_yD)8tlX@lJ}#;*LX``qw*!(ZZ5tX
zw^V`ypMSrKmP%X6ri}Fy$D)fC6MUOj$3oVyST(Kasd1Aajf9fhOULP*=7iI3j#Dn-
zRJoFHIuNubvl^|hxcS&6jzm4({(;{bti}*0YZT#RCF?65wsU~9s{yBduOLntQ5+|U
zTa$HO-Gy+v_PmbMpFcpH64_<x2O)#xZ$=17QG}302-U41gmR-IBgE~;q{j$@e7aRQ
zLI$%jM5ve}R7~Zi9HBW~3<$L*gqCUut>6fC(#+%fJg*x!PMb7+G8-E$NkY+6LG!rV
zIX){mJ{g2hcaBfxb?~V)<Fl1+f8_Y=rgk6D@KHHFDwWrBd_L@Kz$bk%;u9au@k!#L
z`a7;}NBE5O=mT`a`!p((884d@#ARMA;gS?hxTFy-qdq5GQlcZ{g5}=Wx#Otu8Fags
z<03_qzeP01B`=zA$)oaoidHgUe<uSjPrr<~RA{)o#&NN0BBkOvZER*e=^8hwm~tx^
zQZtC<H8F(DYaE#rLgtUl37I9=L1qcH{zZ<=Qo6PA+ZEL4N)4F}9GMMNzLg`>&WOz0
zFCj7*Jcz9rm%R(i!ez*%S3$a#l@#jwm^!DDOc$ZW>gM;!JPyV}t>QN@$<$^11}I2<
zm)`(?Q2&SD00UIL{06?GmcCDRjVWd&E1GnhG*f96FU>HO*6>nO2$%Bjc&RD#K>7E)
z)RefP{6}7Dc5UB}9SqX_=l9e=xFOJ<XgVFSvaT!aVGO_LT+O<Rtr<~89Om@SWGZ5S
zX^3Y1uo0HUf0||yC}$WdiGll*AVdJJH$g+J$&)~Tc6w&!v$ae?j-%0a`{W84G6chE
z!plp@$pwt=j%#f>l3;90<=5C2Ng6yXS1jv-8%JCXD%6ane_p7~*(uYfjhixU@^mtm
zX0vzFw3$<;8?!K#3(+)tHCfKBh&TKv0SQ954&UcS-*0f*v(fGC{MKOWjW*z#lsBqQ
zU?b7NU;|$JVozP<GqgMW(=dDS*y{zXcv1c8E1JDH-)!$v1U~4gRq@82di5)VXT?~_
z^E%nOd)%bv6d#b3FYwZnQ4dz&EhVK9O-%w@ODV9O;OfPyuLxFO5xKgwU>#_s5p8p|
zXy?9#=Z$8y?XkFz;Ole2Sd1!VMn}Q-+=Ylimls|%7VC*SvP^ORx?pjC!PnRj(USM`
zOUB}MSbVGCn|j$;thc+z6+E=NyAoZFe1g&C=qS{6r}re-DHH5C!I~57tO-^}F#l?V
zHJD)M2)2b_*Gw=94wwEPf`Qvw5Y|YrKNGCE2}VYZ>2nAcXM%ydLImSzUzoA-kSm%k
z@(HE``}&53KuFaqY=R0s!YbUXSNH%bbO@`^S+Af#g}AT^HoZatRIr3qh}A2MfC?8b
zhgP_JS*vg}RPcvYxTIHzg$l>vR;f|n8%#F4OYrYno&GA`QUm^8+^TtI1#R5ziPGae
z@@kJ%(AqEGHxRO1{SB3swYm(t=PiQ_N`K2BgHqly$e^BY8D!8+Zy97zi?<9i=<1t6
z%Wja1Kfg#}D6^t;W9xug^P*-souYp6qS3M&9(kWX($@IMV*Qacby3(O&+td~SqzVi
z*B{AHAAC`>mmbNla@9<Jm8TBkSMh4!7d1QXJKm(T;3Typmhlyrqd_y^2K#m}TEJBe
zXO>K!xN9ol<LBN0`|XQGb-onj;%ie+`sVNzIcxCx7pTE~jSXJ<0yNk+nyLk_;DN>b
zfvbYyff9P4ul_*a-~$u*1DlKw+)EEM(;uL#8a3Nd%S#%ADNG90ZZBvi?CoFZsV}tE
zi$}?1`yb<b3q1ZPAO34gsMiYA!(Q4@m@~e&V63spORp?Yt9Xq^#?u-5{qVLZzg8Q+
z<mF!)Fur%#`S*eo8_-}5HzSfHPl;9CH<)X1sFi_RmuHOCIblM~J>D2#m=Ld3s;NPn
zZ&7Yg|Md|b_hc)_vdfQ%FOZSOu(V9~)tH&hQ@_Dvep$+;1qT^ND#=nVR~?U9aELwJ
zU8*`13&+ME|9%jYcyK)TA9e+Chqg`@3%6&nlCGaZi8#I2O8m?96;_~57SH)6i$5G^
z*Y%UdnLFcI!D)7JfnEG?9>VPOAIPrG!j)^Fja{yj+|}_AqNvj8xa8_AJ-IDUvTTL@
zd0C0sECs40cV(XJ*iuxFhxFj$I?~&vRu;ed!F}d#%XZ0qW<IyX9+N2uneISa@%i_m
zKa`8IyRMYZxYQB}HHpN(rVIX?C|-i3w1m(BvSU9T9?Krlsa*DV(D3ohju|{ZX5Ma!
z=-wcCW;9^plna@b_)Jiwg`!SidmEM6xFNH&p`GZy>vloN7ME8J_r#Q9RzJJAe123$
z<Ccul00Y;j3POgsJm49!BGb{}`p1lSe8uQbh^^l{0`!n&sN_JTZX4MDz*a}DG~qRj
zAXL6bT-29+0t`5Br@&{lxjf?o+=xd-)>8^~%PYkfI>KS1H}2=`)RV9`e9Yf_a_IR5
zME&;8w}LV`VXN$3p9EpIyy&3n8J(Ex^vuZ1v7Cb5-;S<*;rrs{sqmt!a@Eyn*?rXl
z33}-iFkbpv-xpU-vjLt}0wx)&v_hxlz|6V)P$Az{q8}>!6Zf3g-mCOK%my5^(D?an
zC|MY6mY2K-o8>(G(ycEuye<0y?|jJ{x7N@BIgm2=XJ0q?l%`J`zdfT2+z<HYix#Br
zF@CV*MgL!O99PA%ZKxYwaV8(uPCCV}b{MAJF_>CMMi52jN(-(mU=N7TzsHwsb~vhu
z&jFL3%&)8h9kJ#+m81UK(O-Bj+|+{0-+S*K0mo5U>5>SC7@)1o3$B&ItW?g4WrtCl
z_Ko!R=`+&PrH|}spXiAm95we#_6&ycI^l?#za~dHXUb=-w8zl?^|E_igCnY>&c7r(
z^@u+fCl^o0z&E;T$S;_)5jubP?oSD5f(FYI@gG@<qU<ff<lMRHnF$s!W^1FrWT}O3
zjald=vgbaldp3LSg_8&&yB+UB^so%g4DYUtfh(m-2E(KFgQOLcrcNYhOa@)`ZRN0k
z#&qrdjbynjT|6YGZg65?B7Cq7dr($>kW<%zZvaNj@psY38#d7y2~Eg|0WTQuqkL<R
z)b0K%^nb28aJ&W2-58hl7lGJw)dVZWsGhtS#x}k`H&EYr%2DbV+px=?Y&)20C;`o%
z5i%#U?v7U{%mTe|jZF(S1womnqoxx3%v<UDi)6C(;OXcNseNYAW&t^0u7Ptxcyd4m
zi6`h|WuF$15>6hjEa9928ccql6f);lW6&`O&Z7k!+qw*P>f?hu_1#(F7g%^}urS%I
zx-H{zN1St*;`VOH=6%Ux0HrdJ|2eQzYg1Oq(471iSY@?#z#lPd18(%L=me{+UeGFD
zl&|LmNx=*YIA|Qd)qMqAbUrZ~urI)!#=qdE&j5CrN|#AznVh<jU7r<83|n-?+-0_b
zbJ8@(d5|HNJ%_;n`)OG*(tI1yz2t0;gOS)d!AP^RcPxbIJDQ`^0<8ieLiTT`at2&s
zz@wtZ28h?c1#~-!4)8ICMA@rY^&&=<@H}CaJvl<ACnj;QW$xFKr-M^D&q(!KN!eQ=
zDG#zK_Fz3k0A%D@?_Vx^$-oja9yl716~QUFz32vi-egu^WXo@>(@`%e8(dkECzr`2
zt0$FBUB~V753)ZY@%@wzlILN_(bC|!z2vlib&hhvsrZAh^+&T0U6&C^D>QZ~JJy58
zF=#E~!k>FH5^x-Y7v#E<;FR#(TL}~bIJj$$-fNciur`O+`I|8rl%2|Y>Wbufo~M&w
zt?(xs+v~}Q$y7#MWo%pWW?HciPBX3`mU)qIEgl=#O*G4NJbcylJ*%AKsB?ABR64MS
zVrWb$d5!-olJAU7jD-_xoNBoDEGO?Zim&xz+4ft3pijwFjnVAoPNg0f`fP$$-Q(?(
zVm#XAsp9J~RlJrV{?eN$c;Qfam=e>6{T(|@$vPLq-o*qi_B0Ao3R@;)sK;ZHvRigv
zOPev>sT`D&f20!0eJOs%qjJ^BXgR?8&1Xt)k>ec#=`A*;Za4N9oBT1~vmfX86vgld
z_;voEACvEwS)<|WE<5Qv7|&1(W+*wf7M+AMYV=t=-~mGy=tBzruk~e)x6cV}6v5^y
z-<OX^<d~a)l2>4!fK6=i@7rwJ0qBcs-t0(}SpE!nY(TgSP#uzgHV(=<vFyQQ7?h*G
z-LlB;O3?L)$KF8wccjvXG1v28Tx0irDqz;oU>SMYfP4gF2pE^E_8A3o)d@BV>tJ}?
z2d~QBKAWlY4f%e82}Dfe5eMTjn#Lmzqe_n6X=BU@#;GLhdwpnrkR9K;ZkB4Q=zUd~
zKS=V}kR@ozMb=|-5g&$i*TyOBxdbGg6do*ztQo37P0Y|)=N-g4`?z%0dG})Emuc)W
zadD7!S{HNHS(7nh+Vok|v^0CY!pF=t$iz7dP1_rH;82f@Fw{lgTz{DVaLa#Tm}mVX
ze3(B7ALc)Y5A*onG|Wt2`@b>1d5eC<_ztA;b<WVo_vM%L@hyHSIKE?F(nRCR=`&m-
zaflUZxGpH)7a|KvG+r<aH;kdJbZ%lBK`gsqF$n2YYRQ_X^_FA=ThhzWk``J^sxzcu
z)|e_w<nMoP2@%w7P5GAx;&i(=B4^1CG{sqN==EQiaxs4kpK|YpPr1e6Q|__fH0Azp
z%r~{XiTM^B_41bJ&pFI0c{1X`VpS}Eg>}4dnrU28aa`nx<AUL0uRAU;_xvx6%hbPy
zkIN_F<MMj=xJ>?ytl<A1zn98>VSG%3Qnt@XoVOBj_L`;>=av_cB5!Axt6m5a=igs2
zYtX-$|KExOKlC^9{|^%W8~pz-|Nr9u&;G)AgHDN=uS&F|<m{=xXr0un11a2g$@?Uk
zC;@||2>&@=T=RUy&)T#V>nZiC1wDhos}-`gfWtRBSo<h3iS98x4-bWd%hv*KhcI6=
z7J2(gY9LIt$DY@w+A7zS3F8WjW)_&tMP9mzjtvXA!2l#$r<21M{>-glqDT|9@eoo;
z#^b|6GD8?Tl$u;hw`()$b`iC>f~*o=PkfDk<TWZ^!mSc+yfRQb{NAs=JCjUdH0*YB
z?B;0(R@J``V)v>?*Qb)k6;3bI(b|3^p|zWTafy!B=dW@@n5NJ=KzNMgXw}p0w;Zho
zYQ7N7(X#S0eJh>m+xVIOU6&1LZJj~ZFq(ma#0?bYuI@l+)lCVa^}}=epiP?Q8t<Ai
z9V|(1(XngAv6G^MrbUF^kFRj6nCK?3%Ow+qzj5sH>2@>6u7I#8)UYe&A1S8tQjT5z
zB?ES6o+i^64Z9T_yE&RENm~PUZ8Yq_nB<8d(Ky=^Rx9`iD=Y#xhw~H{<MhF=?NeRn
zx}n#;mdlYXl_~cK-^u}(cHGV1Cn;;xon=H;2vW!t159P2Ia#T6Ums0m6(7TKNQxmG
z{-7Pl=M-pkKWW@#$df#ij^k&#rq3Av#H4Yi<M>x^AY_ta=qq3qMt0`|7jxs77~>E<
z&*Q5}`f%B*Gwft7gAIw@$HymwZtvr_QVdzk#PH$D;~&hU@_b55IpEWahT$4kNY*kM
zs;_ZWXKTat_!Gh5TCm74Ttz_=+tiLQe2sswRG);SU*;AwF-=UuC4|Oqj>b~Dox*Qd
zQ0pr-tTynEY@qV39IHJS3|Kuioy=xpIabzK!m4=nO@!6+lY>}&y-+7HFs^XTE`&&Q
zH|yBNaO~hEIQxyv+RFpBY1<9?>eJ7fdABW=cy%nFWNCDt5lfS-P-|l`Z{sYDcdL_v
zZA=Zeapt(0zy~Inc=xQf)W%}o#zK7rw*QGnpcG#p4F6{u0RqO}#JjwLZa>eU+t;YY
zOJey5yvINC9+fYRr4e}KykP|VPvHn0(6CcEcF$-ge=R5J7G=-;kxc$jNc}N%NAW*4
zLQUmgg~Q?1kOfY?SV5@O$C}B9j_C~K0~c)|=rEJa#Kq0{f<H6F&*S)7n-TMF#__c`
zqc7X3JiZy>JLQ}K-z!ro++j10Z(cLPw@AzD-f5!7GM<_=bEd{5YBJ(+vt2`Wuc$LR
z$VFIa#ZZU*`}u~6r~c1u^EAt+#+5eX(`*slS2Uw(R;e{?18<mXwMY$HFhS>KlPArX
zG;IRR{_b3(88>5+iI<HQIW6Fvhdop<fG3+GwL=-jO}BFPx`DUb$~XT7ZZafr_*QCS
zz1HLgx)+*LlT(`WCZ{#0CePF;WAo!d%CJ3XqFx?HGDsOK+fa+)CCCho)Qe7wxy9z5
z%xF&RvN>;70o@n!W-Za0^&W553?3yw9mJaj(E%nxCR7j&dP7FE0dwf7K!DHVv+!;>
z<@a`Z3Uzt+rWiftm9ih=e~yQ!mDL$#C)woOvLFLZ9q-G4Ez)}MYQRH^pVZ2aAY^4D
zeWjr_Z6GeCMsL-S*iH8bI1)B1N5XC;B%aph>5TE(bRfYtZUUdD(~G7BcMsleE$Aj@
zaP%N9%1RttR_Q9y5`y(a8j0QcES<TaP{yM|g^OP_=F?(VLL9JGdK|E$);mcqw4$M+
z;H1kq!(D8W?CMLc;WY1gN?Up}8O@QwnEGzMmY3F^qPKkO4Kx`W_-I21;N;^Sg&$*>
z#aoF@TY0%e_qkT;z*4OP7x509u7#OR&DTx!rcH5;n>=;A7H0N|ptbD$IL_3#vQjG0
zTT<8yD(41*0lh)7;VmRvH|><-BYFn<mRhz{Yv~HQujDPQ*IL@ZTRM%$X;&AH(^@)i
zW>F!8W@jz!s+la$EHY94;Z}Uad21wH!W4Rl4TFK%b!9vPy|FQOaiK`Ju|xPEv>?vf
zf^*!Y7JQvU<tZ(Q<6b;v;JC^YWL(%nTl=&i^qyMXnb3Rhv7k|TDN2~0z%WWnLnTai
zj#>f#YKD&5E6?$TPgAHB5-#6x=}}6zOtYoYBNQq$)L!Esd5y}KaMZdOQTx|qTKH(F
z?dGUWUEPUL`|eR4wOu8MS`R?2sw5P(F)azT-TbR*I%=yFzWBj+e?-T~N>cdxhtT<u
zV^>eNPJY`!SU|i|TK}}<EWahOnU;M0bJDo}nMCWKmfHHKC1LmE>h65~Ggim0BVl(7
zVAnW56uZSO2s?>?HATnn=S6(+(=swvSniEIKY|NSx*f=|DxlUEYFHKX_ZL%nDaWed
zgaNC|6KUO}VYPx|^?Pkq*AcLSqd!e@-K*ncq`%<O?mO<1vZ7_s(w4AmT*w^+S`s6y
z#5RP_OoGSulexU5+d_`?Zo=k(hNa5Cqf&W2$MRXf0n7G;Wqd1bWz>qWoT6cQ$C#jK
zE}z#lg3%m7cnN$sUPrJiM=+&T6Lg0_Z>;5hF1G3R(7kjkwIY7qN?Q!^kK|E#ek;Q6
z?c)aQ22P;G5MdX)cP_VAX6;%93x}0=qr*m>+WJpquM90$^Z&q&8(V_E1HXYOsSf8i
zKz*u%-vF0U`|um!rfPS71B_m6$8SI`sj>V9)CIL+Hr;?Gqx$&`=veALeglf4x{cp}
zzO1g}H?S^HKj$~FkWoM2H?U??|Hf}%iK<rc8(4g+Zhiy%3+glc2DVbvDf|Yui`23F
z2D(bU4{khUD{ipI$CFF3Jh2&xu_QB8EWd>VQbGZ@azI)rpf3kxgaT4HKnexi(JUxK
zO@M(MpoRh*98ez$7{UOha}&n~wFx8iPX1VKXbaLgATJb<(JZJXn*hT&z#0k|&H?$M
z0GR^{LIF+=C=3PM#{tEmfCsb=3k5vL0gFNbc^ps?3K+uyuZ030<A5chfbksgUMOH9
z2iQUZPc##B!>Re{se7_hFYxpC!Ze7hi)Kfwhmc1{lIGEoA_uC;TuF+N+-vh>$L6`;
z$)0ifIi6VsPRCiuM>rUtP}fcuc*Kaa<j;}f#PErZi>?B>rl$1kIRbDSpaZjiv?zHq
zRj1=XQ7Z}48D1>%`%`nu14XSo_cwTF1eB*6{4G~;>z?}?%D0#7k|AdgcqOYj4`Xa;
z|2q64g<W|6NeH_@wn<LUvcwhemo;NjNHaM8_gRe%ut5Wk|M~`e`;guM`XaTV7jFX!
zAS}6om)P|>3A`kj=R$;%1?#}fwrK~8b!tT4h=+X<{VqBjHx_rm;(mf}-|>jP5r6YX
zjG#X1M8w+NP8y4E!s6Qm-_es18#v=sMCXlxb;ja2EKU@BarMSx5sPmTe6Q3;e0R#}
zh^cViWW|{^!?9dex@A^pb+Ze;Gp8edap)Oiu^wyw$+N~{J^4<vbH?J%SbT@z+h{88
zgvGZDz86eRG2O9vkl=gpLd3!8axr3Y?L{=1`<oZNJN^}A^zQfob4H~vAlQFQuulj!
ziC`;Cuw?|33HFr<wvu3d3AV-r`<h^F307l*ttHs`=Mna;3ATY?KN4)43HBYqz9QI<
zCfE*wy+N>pCfHtrl@rWof*mE;6oQ>L!A=q^hhUdXu=4~<C731J2)jnG8wu9J1dEME
z*d-6b+L~ak3AUGD9Zj$s306h01QV<)!QLTQvI*9UU<$!fO|ZTMdx~HV6Knv%?k8BL
z36@T<0R)pxuxx^LB-s5XSPsFiJ%_MIOt1%|Lz6bOxv1qtD8Ij_;0s&`%ZZ>@m<Sav
zhE-_1pj8+K73#t&T+l1@fC|ULDxA_QSfIlGunM($g#)>)!mh9i`}7K{p~9B13Og?Z
z^wePLU!l&rusWNJb!I`Gm0@+(^E$ZAIST6hC#=pYW1W6b=e@8xpBU@3f;xW-tMj(8
z&awMgotMJu{KZ&jE!0^UR_BHPhq*U_kD|yP$9s|q3?b0NJs`&<L`@JOQD8GBff-0h
zH_U`^2zUY_2yz-G5(OlfMAO@hi>|K6x~{9cuIufpD2R{=ki&yh1w?Lv4#N=+AzYbX
zy;s#e-7~}C?tVZ2|K|gl?s~7f?t1T4y+e=lSHM{qfm5o-SpYbXMBo(bamE48)Cine
zdYsz<=bi|h2lO~R;1opQjML);@(E6E1ddyeQv*16MBupeIBx<@-w2!mdYr|8lN^C_
ziyr45!08-;W7p&S4scpWx3=tj6cGD2PRr(0xnw0Avnm4~11~)N8@_O80Hx{qQ^CNk
zB(*LAy*Wkq>(Mt7bnT_^S#-$t=eGxNO8LLg!_Ob!`7!$Z<G;xBEc!ej(kId98Ss23
zeVzc%B7J@f@U!W29;Bz!=S+CMkvs>I0xbhA>W34`4^~YW)reK4W<2SS4}k-g)_r2C
z?}lc1<hA}Knx;vtAI#86tbd!KlUSdhp_5pjo}rUiAD^L<SZB@9NvsoR=p@$BGjtN`
z&>1?3)iFaSvG$&!lURGq&`GRqXXqr>xEVT$weew{#2R>5C$a8+SSPV=epn~5u6tM~
zv3~xrPGWuMVV%VK7xI$6Gmr$GB<)e27)OoV4%I2aKrBfFBe&@!@e>nd0l8MWdmLB`
z5?H{_atSQgNBUg1Yq>z)RgxoewPm>;*XO!CR?P*%uyTAXHA4UaSlP#3K<HJzXD<Sd
zKYPK=btQYjAS&;(7Z75V*U1YNTvg+_XBZfSRb>f#!9Y7+_Ja324?)J$SS^r6m2nIR
z@~1M4y`b%8HhTd%Q%PelAX_Ru)jGmUNA?0Tq|$=DfZV8Dx|6<utf-t|FCZT(``HV~
zgvt->1>``b_RgNvV$uX!@=g5nm1R5m^1sGXdrAm1p^t|{?J560O|_?-AFHmL=P-60
z4o=aXbZ~an=muxvoiI4{GbkE)njOlJ!!o?5&(N1<$kQ?m3uS1>GAz(%Xc~hVdTJSN
z(w<Var{3C=i$0-$J({zx2D>c;dz-@S8jO8EeW&_W^3*$oUrg{xN*4{*EmZA$$Ixo8
ztJYOJk7hV~S<P_%vX<c%mf?^33>|5PEn0>jE^DP<7>%&C8mv0>vE8HT$A;=ZR!1}Z
zRm<>3D8u_KLkE3^muQ9sT81aIrzN4Rg)Hk&>vdW0qgn6PGTax+;9?p6rO(itW*DGl
zaD*~gS%zYLhKr*xLt8CF2bMwIvVIz+oBH38m-^4hysm#A{(#4&`ZwVZs@O~G5C*?%
z=r5G;GA%*66bw=_Vvys9-$P?j?u8UE`U=ERtkQ+acFy}a97NayvssNWLYF{37-$~o
z6Ubz#NThFr)ZSXPhy1=vh>#8-FNg~k+o_ii(&noMSIRjj7k0Yv+1-ZIg`y6+gN35r
zU^zGW##;z|yW4o=a42A94OCOUSAKtYBKoMf?Zz<wdf?=4@<UfL?cF*TO(b)r!(e;y
z3`DgR<)I<dUa&yAs%h_*KB{T&_CDdJy+8J$roFr2*I-X{9rnHa;(oWIc`v`%d%MB9
zw+gI#yD{rt)&AD}jo!W&?36K3QNFL=0fT)nHUCs*n5cd4!uf9B42x?Oy=?5AEJ(Wo
zDN~mTa#k|B<=d~^HJdOj(hj%e5KGsgTS#%qB_K)OF@jV-%-6eTzMR!lklVTBJagt?
z^TM@)+=f8N<D#$KQa!6*8$lk~Ae8zW0i_}E5h>hM^e|fM7(5kXic%8j9A<xo#x`z8
zgZEq2SnCn9Ak}0RniuU?&9$Q1YY_}m-fHmgDN1|5<!=r&^#a7pqQ+-%AU1CnYh|M7
z%Y$<GvWY>k)eC|*Rrw){Ah&eMImzZsmwBNdjnB?Q3pbEous;oN-*RJp^!^^DUxn1m
z!jj8NIIwU18R^uIf^^aCd&nZztOvbbG4*obW`qAxuxvb~e1=tO5~w*V{|pdAvGll!
zfARt}+JDSUb(q@+a%87DM;=Dr^Bd*I%(;%*MJ-*9^NVg0<k-NZWiChKqD=63EyW7b
za7$o9c>j^%Bq%OHA}C`U1A`*qvG6q;!iP2ndPMYpJ2E8$f#z7iXp0~<xTSrD@5`ge
zn(Up*=CAA^eTRy?j&Y>_+`h*ejs91ijbs8ex-tvQ3r~TybZI@IULJ`QkP-M8T!{LW
zSix7&1cuR@>xE#guvu}QU2mbWn}yP^O@g#BpvHsnNZ;g3=AA<63DS3S@Wj=8QIyUL
zj>acOi_(R_O~&@*`x5SiTcv!tE6Lb(t4I1;bodvgjPND2&6n@}#*#0)zp>`ZqB%En
zxOvegzz5kSuz|Kubkr5Kbjt}_-BQ9gqO@6boadjJPewCWE-;h%<MG`U6#aog9@95s
z@EdXS#eBKn&RoY>Gw&Nou=1sT-*}`QqT}M?AL@s|1d$qtN$uAPrS+u#A7Y2LC*Q3V
z9JNmzBERAFALh%-MYUTw;bOj&u$JT(95stlhWoNen)@P|GYc<T<;7-K=40kXn*klG
zzfp}>N2ZctJbZbizRDoc)F=jP#m$ZRa{INpj$x#}lW>l<zvz}~L`N;D?`V>czJ*MO
ztwQN}3;ztdosow&;`GZW!&==4R_&=fAi$PC7z-h_7Tz!T#svlckwI>sxf3lSH@z;<
zgVkr4uf2!1r~TG^37Wpy?WkJRYq+m{3%5LGD?~!tY9&+5l{pIA)81ofPx_X#eoIjz
zS^Z7I=AhuXPz0`c+d?mZd*ZEvuRV?*M45WVMH(O%hqZq&nS6e6b3JMJH!jEHq~Tp?
z!^seTEtWQ#=I^9#GmP6CD?h?ty_kB5Y^!ujIFJ4_!DF)E1Gfd|g>yUHzU)u$%H~|F
z?>5D8%tt-=dn!FbCcypZ-fT>Af#^R9gzf-RcreqnioV=NcoW?63^GZR4}g_vK9SO-
z^*}9i$dhAz(Oj3DOS+0|Zwns+Yt$4`UPL{7xn(=psi!GjSRQnsepqRV8Ts-*;b7(@
zr^$jDLfOe<l5Lr=?RY`I{@!HES6p`v?|kjN?<rtmo+bUdY~IV@UehiDnW4p`&|*G`
zqs5>i{R!poakQBCb;X30F%#UXs|E4Czd#wcg2({1iBgLv@sde)Km`Pk3?vT<zQb7X
zEv(?zud`s*LU34JPuF9V%02l4vKNauL)kWEwOK9O4rPC6#z7I#WPz1yze2f-G6F-c
zSf9caQTjH}Ga9_G73m-Se%ulqA&_lbloH5KLnJ*I;Y+>+9D3mV1%Doon-@Jm9W1Ov
z%j|17^tjzb9eU)+=BFX-gvoW*Z!hZ1FMmAb)x%+;UOilL)*5i@@lxSyfW?<DhJ~SF
zw&9=tg<%F-;{M8)Vgz2G5MN9tPk=PvoGY8xxMiygVh?hzvx80cqAsKg!$_s-TqWnp
zXHIcgsk%Hl;SYpH7JZ&04<=hUA>p3{hVyS;o_DMKI9V8^soC&x_!xes-UYQOC3Sup
zM%%@|*;KeYuwmuj_r`Gin-}=fmpNm+R>%5zRu8pUfj+B$7aakd00k1l5gbth;1x<b
z!dNT*4?PLLSx@h%`^S!jQ!E<gj-Fz<rs65q#eX<Z&!P2`r-Fe|Bw@#$;h3E$=4OWZ
z%MyZ_LJ~fVz&thuG5^UhS1vgfq<)kpK0&y8|It_vd213kp8)%tVT6t#C)orn;s+c`
z;K4!#?7vfYgK@TT{=oboJcB6Zg7>^e!pjK$3$au!axO>Bxy8~Z%i<p+{qmb5sydif
z_0r#IRe4fX>c<%C`_Urm={`ewOM7}%dwPyMg~ba&t9C26s3yBQ;UfmYUTSgsvSP&G
zMv;&Q>9ipAOBNmHo+x&cMH}e6Y?!a>tQc&UdG~P1d|Z@vxg8f5-9<LvS+u?PR+B|B
zv)YROQelcv;czQFI@T3+CmU|&5HtU3Wm%>7<3Pu-^~OI3=`TYuNVi@@C)016fMit?
zl0~TZS|C~G8$>yWlq8vV3%;)RA<4?@nhcBGy0}|ll={7S!f@H#1Zd!bB{M7ei8}~G
zjEyDjjHT@yAtyJ%-rkp^+tCRHJWP<C$d8<_D>K);@C(92kC1vdkzumwh6%dSip&0N
z9$6lp_~m&qO|@BV=d~j%UhuVQ9F@(<<|QPT^&S}0w9%kPdO#b|xs!23d%a0VG<z|b
ze557^7m#5izq`oq75Hh4H$cOhLQpJl&~XFPN2Ru5gsNHjvgW8+&}}ZM2k5O>0y#$i
zJ%qythZN{HKJ|#0x=lo{6zHsD+$4x7G=&p=LoFWZ9Qz^_!K*ze8{~ky`4s59Q)FS&
z&Qr(}>Ad!#&U-n~g6*G$&xmp}w{$Ylf%1p)Tr)^ABS4NIG6az&8dqa)I!$)m07yW$
zzgLUe^UI6XjdI>_>iXzQ+=~dLkU%y#OPbowyN5u|%KbiZob$e0Ncdutq0;5UDMw;-
zXW##gk#vRGwDH(G3CH7=ztQn{e-Ya@iX$+WQ_Q&xvvd*NHf&1j<8;Z{lpfks2l5o=
zpR0f}Kj7@h-$;1B#y0%YSWPCvD4+Q_cEbrLL`V}Akc8A-M*6f_5oCfPXRXbVTja<@
z`WxGrBgf=AHZN+IOE|;sgu(@;YyP!z3G<!_qR>sM{1FRDHk4b4JTo*xo*}&I5KEws
z8n0Du316l7`Hd0lSCBFVV6%f8+(_jk>1j*3g(w~Mn2u8UK)#bxX{jTAVS~rFsL_aD
zjPg$=zwiu^e&+F_M0P1_;B(EN3d)E7K&qnlq?LbW1*+&bdCJf7<=f%7kL<JPB4=+j
zdC7Hl-Sx;z_y6zYr53rFEf;Okq@_(EdU-{8$qMx63i47%-Z#o9F8x@aLlTx5<fYfR
z|CPKn$d&0>v{jRqHf!@MM~*kf4~Z@>#q+)gjN;Od=*>?oz0_jS&0(U0{(B*L>WLlK
zl%*bsE=%<^wD-E?skW}nw$NTCO@-R~+vTZ@u>LX1Q+M#b8^Xk?pX-~06*G%3VT=cR
zlNt|Jl=C4JEZINF&m-0qU`(d`bs!fd4y>VkW4yi%cNpXK-T(5auy}p$d#@g^@8{gB
z$LkBL{|L4IU?v2*Zr+SgP}^<ev$++}YV?`=z|_uM2=;JYw$7jK(5cY_-a5nD*W@s^
z@0pjv+c)!`tGDk`&h^IcETEA)=UAO($BHIl$WD)Zvj{X;8G8hsNMgh^Y;`~I?`F$Q
zKQ>J67l1SLU)r0{0h)lWnUoiTWNQFdWI)^}JI#cxF8m(I&QekzjPD3OH`S(VD+fb$
z?NJ`eNyLMBp1&nLzPqu1j%OJA=ZP01#{ceXjQ@~pj6ZbG7{eTJsB^$A7f*D{6Q_9`
zhrK<t_@#sBpr<J#2P3m>A>bk<e6;Vyh$A#!a;QCh!rHU?PvPxZc-Ph2lW>jp82M>B
z<m0SmTljK_r4$<VoaBiR7IGQ{)Jv@fS5bULB9M27zhX=>@9hQSb7FiVN8?gRH4vTt
zl=ADiUxL~!S$spiA7*?d;%LeIGZ6Ayoj_6I*$ggO*e8~IY|Jn@r%#F?3s&J4mlMd~
z^vcg??OZOrgqrCkSthP14Iit`CKJ?lB4I21s81?$C<|08@1cS9Zf*Z_n~p=x`?n2E
zSEh?<6SVmX?#0)GdvSj0%pi@kXQlTb@4MLa<(HFQAl-)JX)^{LdZ=Omr<|%FJt0*G
zTEd(zB_H6t@%SNSx{J>4^n_cuu<;)_z&QRJo{t#+an~4s*KgX-MuqmXVv90oEClG%
zZ)xRY$hP&ex^4Yol735jah-lkn>Q)imKN5&+5L^}Yx-k&`(7P;_4f64{#WZ&AnUc@
z3hUMM{%>BdAM`V}XJABozP<D6?YVc*ZyK)x9sO|%rNxSY06jv4wG~U$5!p9EKU(!w
z`q5fHAvysH+h2FzZfxJ|=fc}}bj;P;w{YP9uzl^Ief`unm<;V}VQAmM`>(5gt;5>)
z+Oy&9OSne+Ud{du^c9*p+lt<%;rtQX>X8Rhh4+W1xg7_*H%G`Hnd<y>IaLk#14W9a
zYwr?$6Ihrn>Td<(YXKD<*$Vc!eElA07ghJ5p%`1=VLwGB#}WN?JUxuwE(`CkpGRH2
zzh-7#Pk)UW%{t2l%*bd`LmTZV*61wOXo&X!ox>3}WG}S&z65NuRo7;#7+j~iL=_$D
zu)Q|cUbe0Y%O0J-XdTwx*Z!buuN~+ANZMZOa4Tsu-zH-IXa1)7?=teo1p?f+Wfl~8
zTazg+7LX|pGEpFby!`}k$?AkZb5FDhAHHAZry1L``<d|Z>pJr4<M-Yjzo|Wa)b^BQ
zaNe$=)jGI9zf=7#YUQKE=YFlPvHpD`>VI#+)$4!M@tfwK9p>L%q;7V@{2P3w`M0YD
zoqwV{)<)(azq~DQ!{dGhZrCsjYv7yVvrxC*?!or1?qh6kzK^swo3$5RG0YqhKL1F&
z?WEmyW4q5}L~ZvnwY|cUqsvgN)a_B14SQ7HL@_gO8eg`b<Jh)q0|Ug?syl;!CxI5&
zM4PZ;>h!{S-U-ttf#U~Z#iV%?rq6zGN-=rsp;;h;ItX4-!FS2#MuV?y%%Z7wp{9~L
zk*c%-?`UJDh{$QWlT)g5k_BWu3&_)WupF$QvT5AHd^q;<CfjM46Ep%N!}8<!&KwO0
z(0eeAS7V3_n1dHM`jkBVrnqDsbd5GjQA|eC@w6^`>b+4s4Ufdclu+W$23NvmP+ea6
zh4fy1Q7~NXwkW7ZkXQ={Q-hi_f4eftrAD{U>(i5++hzBmKKOqyF)#g)n8Fe(Nn#j3
z);o+J`+Wrc^IU`e4Y+Q3W69B%aE5`%k!J<fz<<SX=u#WS4pDASm@_gNoYU}D6y2pQ
z0y_vAR?zL6WrOtw+`Vm$87Cb~KwinPqq~M0rwyG@I267-&V<o_(62F>WBrn8M>RR9
zPp}lcKE!!|m#<J@8ktK4Gz1-anuzwO&;mM>(1o+K2gV|W%(E$;Y)&Z|i&1e9%iCMU
zH&{73PSBVv!1+(3BE-Y}6S+{FCC7=PBJkr-02OQnpC@af)iZrZal!U}sF5zZ62ZMc
zG<V6{^w7K|Z}Z_y(w#|`4`2R6Q!rQ$imIAvQcW{6UCv#(`u)@~_UCuO%q$Mg%=sko
zjl0ma0$LCPEC%}z3aHQn>S2(<{)57N2AD))BPr}T0}SF18E5*rCe_MeM-MX7m56wm
zF+mmK3qUv>fp9|m!i#{gHv-}3CUr4A3JBjtAdJ<%a3>&u-Y66H(8o933tr+3)^pk_
ztLjBp+1*XO)TNiAe3h-P(KmakYxHG?n2v}w%F90-3|@i%*qsu_e?J{@{v%%F{O7jc
zM6YiP@!x_)$h7Eb_KU*^&4$Ziq}ipTuS4GJ6ITD#Pleb2J>ly0&$>qa4f_j*#=^!7
z#r<V)Gu&U|Sfd8e(5UC#+N~3jFZi-Jbj<TAswn2B2h}L1zFZsC&hXtByk!(_8%~wp
zr|9;d=E@g0^yJ9q^WY@!BsXk6ThMq*BVACEEGTZrdH%_>ab(`7;O?*xR<#!*>|Ri+
z`-6*uF<=-=<JzVvYdzgDDJ>N0cJIx>AYJjGCxVItKn`szUMVAyKojS3@CxBeQOK>P
zaXdK|BoS)eOo<`27FJA|{owT34^5Z{w7SOGW8Rcm)3FUVvNnJcTWNI)2Hl0Q;Glgf
zNasbksDgmqG-v?-$4a=>%P8#Ws;G8L=V%#b<+U!FBbZG5Y-biBt&-MiFWoSiM;e7D
zHn1vVkXUpPu)=}6?+NHHfy_jYNOs?tk+}QPP_i-^9B*GWliotv4O{TTF;t-yw_@Cd
zf9acOFgr)IJQEF^x|a=*87y9)s;*%Bb*#EUEl`4*3v^gWMX-ml4j-vx;B`G(468$h
zR)>jwDJ3Y@a3Js&Y&LUQ>E7f5ESjVQwK#r=*}yt3Lrb~9Qmk5vnO(1@X(_E)N{W_Z
zV<|Q*B}u)Mb!QeU{F5y&6H2l_M(_F5jBF2~Bb_cs4T`qzGLo0^qjBTUH0d|~-<gmo
zWKo#Y0L!8<JB8&MU@i(XQ`j&AY$$~(qYyU202@wW-%{8Z1FV3;KBBO@46r*X?0E{i
z-vGOt!ip(uvH>=M!tSN8X$IJX6y~I`Sq9j2lh(s-DQ$3dPMVFY-x3ix?f%P@LYb9M
zY^0}0Tn<N=ry)EC2oFXe{6#}}1Q4EyKzK_-C;)^PBM@HH5c&c_MFc{HhR_-i9*aPD
zOhY)<i6A^2f$*?~@GT(R6M=BgWtEh_3kdEAgw~hTFZ>=5f)UZ(9?=k{1HuFN8WI2!
zk+#8Fj8h3eP!~PnFU@|m02rv2AwDVIz}m0E{Yq&;z90BV@MV8jH~_SSZk{&))SA;P
zl|3_V;@Fi(SrSC@3XFtTq*C*esBuEev%R=_IDsV)h<<i&vJemvi#(AWw_`e3P~msn
z{VBsCD1-ZB<Tk2Ib7K<aKCH?O>?uuYlcWX%Yo4U?CYKZ82{szXb{ZJ1=+?5zqEv`$
zE#Uc5>DpzepVUtYg5%*6fmW=_Hl;FA4NAT|kybwcSIXin{}x%C2zkD{-N+w&@I*L&
zu+({V{-A5G-z<OJ>;i9aRK$(NOAoSX686BH3`a(pf`u<TgfcD?ZWMBxtDfe*Yexwh
zA@_xoW<LZD=X9ZXzXMXiTg}OQsw%36#YDHzRxKX{ZgvQ-&!>R4M=D2M>)=)$m)e|K
zemKc9hVKDt52AnxMqzwNLLqbM{x=7xQ9px9!wo$(sfAF<X@jXOoI)j-o0u&8wb+>r
zyZv@0h>Z^kx?#+16n_U@Ln3I3vimkV+bqhu9+auQ_cU_9P@Ru^&`HqwIYo_N2zg%V
zq0W+JEKdr_bA|J_?qTy|VFdp>@EZK@&A(xOpw}9i=a;*XeLQML_A#N_Wi<&h`Imyu
zA#s=>j>=k4|E;N^+~NcqVHAH%9EF@$ipI}-q=SO&vbbgYnmC=vTHXd(#(CaJg@lrN
zJyH`yA}pVw;~X<YB5p#=JJ9e2*K9a`yOld$)jaP~ceSrFe?JR>F$8zJ;IOHc^1!V<
zIgML%;)DT}GQy@!Lk_W;@+VXql-8@Ya?DDmkh9B!WMbQ<%!a5tgad+-`SL?1wQe-B
zJk-rDFER_#Y2~dyUtgUz^w#P`*`#U~dIxJpW7Df_VKwF97zdb)NQYrQgDmoilW>4s
z9&&()1z~=C?_ud4=^V0QR+SZ09s9T)LB1Tl#mm$@ld@quZltW>c20-JGgfdDmU{xa
z;iC{ExJhLM-`3|j#~~w#y^7}nud9sUGCdl)`XPLDF)jY?8z~n!O+)yGae))vl;w3Y
z9&ln%$MF%oH5&7*rqmgEK#~G#jOc7Vb7nGLmZlJ{1X#Le29^$e;ySx=Xo?p~Mt{uC
z8@T#ddSXy6BI~k+)3Yucu!!vG6!wDwwwb~_6t>*}`<}wmDQu?!wvEC%P}pt*>?aC4
zFHk=n2G}kN+eKl&7+`xT%uiv54X^`T_<2O|G7SJWoG0ADsR;g}J&O<48^FyYP7<;i
zxD|lYBEUl#_;_mqc0_<347?G*y(7TA8Tcar_lN*@XElEoz-=OGzJ!4b0qi9&WP8Ku
zmY^~^f+^Yw2a!KJ6Gmn_3+D+lU)kMTVY<BE_oi`T(;0S#^6$<n%kg$+y3ae0v6B&&
zds$~SpsQUe)36^WPr!G?)6XpEO(TZJ9;2+pjCF*SxS~Etr?B&qN5knwR>sxo#kYyq
zK`%nQgzmJQGqKZhrX3{6b8SNTS$bejn>J#G31xb#D$`q(dwU0iy3_RLYpj&fc(A4B
zit%VBx?&7@Uwj95Ut}&Q@hPpb!M<+8uEawH<&3?jDp-e(HW!8+ZIX@j^-Keka2H3J
zgnzhHCgEZ)dSGtRbH{@tj?i<B2j-NI2;(8N(A$IPary6Zqa2qf<zDr;{3)!g@)_x#
z`uP#Z<@4DYVT$rRAWYNqDz}k_1X^jY?K-JEFY@Oqe_~NCbW~?zLq|GqD~@O<dRAp8
zOPqHEn3k~l_e2Nd{A=wEpMR_RUw!_$dt80~!PLWz45G>nwe!oJqfqr0P9%V5`3Nb%
zlO;fkzIY3A@MXJz;23XI$P66HTwQZ;IEBFqskKrKJv8ER*2dMPQ$NBLY!VmX?Fu*p
z1|;R!r`>61;aP>Ux+w`~U4h;=99;mV*}@RqcsCj3-fvA<?=r^~>j?LtBKbd30d0Rg
z@zN^U9&6RAA69ZHb1iLXQ~`WxJm5pmFh9pV=F!NOUvMgqqHh$iDg|yI&7sWrOxHr2
z^7G{+F8sELt;ia(+GvI1zJPmH>`m%Y9O|-^eq8NKf?dF>lN+Ge<0Gp9Gc6VRIDEa`
z1m?F(*1=S`XRV>*Vhxbe?9Hwyt85h}_6;TWF|4vTuqMg~3(WP<*Nls;C0lHKpo<Z3
zs)_oF!TxJ$VQ2ALC}>zkFSMhp=+?u%bj~5jdJ4DqxJdR`P>L?A1SU_OY6t7@vUfSk
ze_B2AY^x~Gwh<P`nwuUJYSv;$)Kr5bJ~t6$`7rxrF<3)zZ63!ZuQ;S+VK&DV9~I<W
zc3ZQ@yN7JqSC;7gZmC*vH1A12&58-UOEz#)i~N+*eJ0`D4#AgY0efbp<ObmEAbt&z
zg66?XO)PGOMvXB;`zd*mClHBYF@}D;jcgsH4VpfP`U%hjx#+cme?+ozD1zKPSYQe4
z73KReunyVi_TUCwf1yhv-HK7a6zxCIV6p$_x5BjRN2K07(tm3quqz8%yAnLpDf^Bb
zB)fEFys#n^yLO+DUL{DVUQ&o$b)l8+nq^&jav?Gy7brsMg|73=={o}xgwm>C((Awk
zKiE1O4C-4o=d-y$E2_^Q^b3y7^Lv+MS@McbL7*XvX)5pCOrGwwB#@`=Q~8}gP35<p
zUP9&&nX?-L&4n62x&<gbALL(HtF8zOTBuub&hHv{)q|NINE4L8xSpJv<qG!SWQ!f-
zmKTto4tgJ8p@WD(Pv@35xjDu&j_~gor2ZX`UB$nnfc_o9y#J^f76STr%%t+bu+E8G
zxI(#BJ)=F8K!jDdoChIS$(U{u{7Q2{`bO{v5`^@%CHoii%d4jHvn!|a6Dv>gb1OLr
z>ck;!A-f5vWxA6s7>X9Rew#b-0EBxYlWnm(IgRwapY*#@e#|?|Ey3XkEZp~I^&w&t
z*{~s$I$GSDlMV4XbNE%iil*HVMmF)#aG&{6k0YzHsJq9PT#35G)W%V|pzOc(mmuUW
zuk;rCa)VP76=^+@;)=c^Gb9I#j~mf<0IBn~%JNFwa*G7PL`HY5mCQ;j$TAj0wbu^}
z>6^nBwK~uWh^1MToY$(BQM5Pkm-Na&0@R3}bDJ96(tgtAf<g5uy8V(n*@gx$r{TWC
zE|flD<%({gq<!D5pbbleDsa(Y0xJ}<8H=>HEx22`<(|3xa&K}x?r2Lm^`KoYR>(r(
z@q8_~UXTLd`gEG;>)l=0e2nxOS+VjsMU;N<q+TwJ1(yirTfD8ICoPKH`<GyOWl@s2
z<TBhtENV_BC=h=U`267Fh0R=F1<@mhQeIj7H*dBm9S0YxZv-s3{&LgLx=I!%w<J6r
zVP&gDU)OcQlC>BxLSNZ(uniAvNv}hm(k<DgX_gAX8g8KkQ^YMD%8^dN@Ys~rI7!w?
zKYVNotf%LHy6z;b&jwgzWDf#6K7RSomSvURR{Zk(_zb^yP<<)N;8kJzaGzGwFc$ri
zX@;U^<TpNW2(rP1&hYc)B6P+1Zv4}ofvc_Km;1B2ujmdt?BH6rZ-FI;UtT}hmvyWi
zNh&?uAWCPHp1sj63A%>irs5#xR7`6rkeN@g^Wt-1(xX`F%d-yiB@i;=w~B;iw|aa+
zP>cKC!=1Q6C~az2__*NsdS0s$KJz+}%vQIfvT&LZtQMsPv2^dHVZQcN!+hq--1IuJ
zri$|LRko=jKf5X{zUpA!>fUH2f5&XJ58>OmzqOLTW4^VY9!%ElMl1cXi=}?E$5C6f
z+3l$ICh20iEpyAHRWX8;M#HaFSp<T11R50J*+yPZiV1W{uXI)9B*$0h#e*G^((h6e
zkrF3c+)_`0EGbxQ{BqKf1@VHkA>->u2T4DsZV)CnkrDJCj)k4;R{#E3U)HZkWGO!)
z!u_G_wvvyytz=&0SfK`uf@2%#FLosCT!U4h%_r$(U3G--`wC6Yin;M6#bi$24n}f8
zzvJY*RJOkP<)@me1bI~hhm&KAAg$U2j}_xAzOg~a$->=2aEKMFJO*xf$?mSsPo#gE
zz7vwc(_l*~cXZ21LS`qv>}M=sFd?9o-qB=KNsB%5s&7%U<Co8mFKy~JKXVPtqttWq
zaF|8@CHvscuJn9&{yG2F6V8&LsdO9IJD+el6uuO0icH5zHvXv*^dk$C<DD6e^Tv?x
zuCq`>>%4eZX=AtfuGR42oYd+Z^66Z{NBz~m^|-U7$yE9yWUK>I?0D!8SL(?eM;-r6
zGJMh00GauxI+@Uxx_go6mXed{j&lg_4^V-<9cf~q&l+_8<4A>>Zm0VchXzR%(8Ow&
zg#$Z8iHINV$U5McKWuR}t%sQ2C6Bk{yjg3|8QFytjC@VL;H;QtAu9zU5jb0RCj?BM
zM@p@7ODC0Io5KNmGa)m!sGmm~80brjUL8FzXUMyP<VEKwE&1hQyrcGs_;Z_0wPZVW
zOPT6`Qfm>2HZBFhO75g`JC5BDOR7RJAKONHY(zYf!YTvRfF?-W$hHZ1!wLTsczvot
zUmW%$7zdJvY{tAt&Z&dxT4U8sWRFA=r3SZem{mIIChM21SPL1B>R=sTwh)Es305*j
zi{nT5x?U7lH?jR-n6GP^Sh~R^ChitXn-UBAkc1$xTW()+6>97_4)CSm#|Z(xu1MiT
z#}2;q6SN8ZMkKsm$bLb--6P%ZCR{#A6_E?vT6DxM_u!XLuz2L#Jd$^()g#4_nv9Bf
zWmI{+9$!~K`7}n3%<*Nd#|0|w_M|p}fw#D%2~I)_Q}TVuTSUkA{8Mk4052Kw+^Giy
z(^gucoqVZ`724@aJ>{9aWrVN&)~RHFxxpiK*6QP@^(k50k{!)C%g)j`;ABFV!5M=~
zs&tj^Z32c6=s^yQlgm`+3i{ph^IvmxNz~;_&u_%%ieVN}x<kV%^~V4jdSoZhQBXy)
zzrFLe$(slR%GEXz8o%^wx>*p0XDNEBtZ<PD;c#XY#uqx%D-HC;mq5r#oiR_9mZwcq
zCBM9u)MjwJE49Jps9m(t$<2><rWD49wiz*4?UBxirN3MvGvUB+U)O#4zO0~FT9cBS
zehl{bO1j5m`(b}Sg8Tas+}}?$kiYFu;J$u@Ztq9P_P(BM??;QacpQiLG9Glh4ue-R
z|M6ITVF~+4VFyGLm_*x+WohjjLdt_OtnE(>CdEO~ZAj6lhme9!G{BGfgj(EIEDlaD
z>sydN>2+_L_;RpZt@o2ZQ;qao{6eLGq<aeE1>ayRSsfb)^WYtt?`z-S@g;ms`lFdA
zk*wQ`9=`Nc45;Y&8$~L!i6DXWAe+YBjiS`qBat5;`40%vPhdoU&`o&x9GK>U+#_Fh
z?<7mqT}!h2X?DLYUm}S)uu<p2kqGSO9_h3vbt@@<4_U5+Tz9ny!EfA&WQ|=+<ez+&
z0|Qv|IYy!9wQ~E+Uy~P$$5B-{UkI)hA#5s;YjY);?p3+cS<!zemaHPU>EmDtnP3%>
zfek`u`)OzE=M(gI6ZUr#^!Ekq?+diQn`nQNFVv9!ZY<jBcC7U#lM3w-eF?STW@+j&
zj~wHcNHgMLyTLH_j<1W3U?Yjh2OE|v^{i)db-p|X%;3k=T1hX|SYZKr+d5Oo+~o9g
z6KIG;76o7S67H9kXZ@z4q#U0)-OZ*vc>c&|b3T_$dQoZvHpk_4-s$MkK=K>fm*aDq
za>$~|^^G)PR=KQ-eP&C(RJMhFrht3~Mn(@N3%87xSRnwIw702@EVtUCcX88zLqgwB
z6XbH0G{%BYaY6@&zycJ4b>MWLgY?3MqEt%;sYz-$yPY7{;(`v<k6%76KG)aPlxzCQ
z6|BN)$<J@25z(H<y0|I^lk(dlW}a_MmzZ!Q3+{;HO}Q0!10v~$7|~H#^mic$-N%=`
z0G<T=&XkieBjV}iv5~T<ORGTPC|FDPj`~>ykL<+AA`SIrrIRi9LcXu}1+XV~tpRE*
zrtTq2_+~2I2l%IdzJxhW<@@@b0x~9=_D~C@bNthl1m^bjBlES|>T&!CledsOY~Y`K
zi$KKST8~61&Y?^Bj4AV^p7*3)&>b1WjIF^L>ygfBM-bNG4ZO7-*@M0z)AgH%)BNIC
z@_$GJsncGP>r&A!kK;67J{a7dJWT%RPcO)RP}<bpn^1nXC;@itrn*3UdR?FyJa4L}
zM;pL*X<J3buz0$)r_|+CK<5?4ll|gRLcDjlVHtp&M+hz<x6Q;vLM<=cP<WHumvD}3
zCOgQACyTa@FMS1u$(L{n5(pE_mr8gE=ofwc8gvAl?pGeUjazEtA#4tMG4qr4bQ0Io
zh<G<)>|IS*5xfMRZ^@->*Ik5=o_=&huJjY3eB$JvTtvJnU+Z<b{0CwO`^-Pka~XQ_
zM0PQweZB1MY{{3rovp*9dpiTgZge}g7b)Oy@zikHTsut4*=*Gv;0>3|wfu5dJT9yX
zSA5B1gbyABODkBN<EWn3&uAY6%cF@btEGNMuiO%SbdgEt@;QSfPvK8M3yDNlV}+v%
z?H*w#vVXXVH2GoTO3&9qR@gj>vLR1XC85(s`q&Scp0h*@J4Xv7xjw~ZT#-*EdB-OI
z9mC=u-9h;@N)4+#(pItb0NF(ob`T=9o$xq&NIww@bvEj3G?WMQ@pJ?E+x|4{pQmvD
zJVnKy(+%)rK225t**{MMz50pKD~{e*{?HrFfm+FrH0Jn*26H4=V<3JtJBfLuk;t`w
zxWrU`c@#uzh-|OibvlVdmpP~EcQ+X)xYHoNItgz^D1sDJkA{5gww)@D^5ZJ`Hh7|*
zlbnHb1a4*sC#wAJsd$b^x^3ac$ATUq&PqF!HtndXX$ojFra?rJ30g#vdy|{1{xANk
zcqWTZC57Udq_F$%W{II|Wc4)79$^yElZ>e|L`g{R&c7wf$?^l3cw;Cr*>LpsHgrOB
z<=2x*T;Np$<aG+!36STt+nBD+&*1f+d2_E&|I@=^klm!;3DP)=Kv-|Ggwo<)<?v`o
z%ClnU=h=jsycF8?aCo(5s)_6r*{y4`=>Rt=#~wKn^!TRQL^&b(Y?TROthaXxHRjD2
z0Zv-D*`gDs1<6a6s?Y2cd|7_<M~NC}bqA9o&gc2^Q(%EWRgSGn^+Q<jlIa7~g1>)R
z2}TrZzWzeTL@o3=eW8!gLcP83Pz#;2;ACW>*6S~H&o9vm9blrep59Qq0S&dW8pHn5
z9jf6@)H=O*?vco9{Dux6AGI2wHG$QbYo!J6^FaIi@3OOk&nkU4o{lWIJr?Y}uJ#{@
zEV!spJ<eyVVp2*Js|t6@6|5?5Pr0&HMW>W2TUA`V`MRts9%p)zyi$4`0?kBd18mR`
z9sq<j5eP}@2C29Jp<RT!L4}532ZYD2Xm-IX!DC6(>>|)QkQ#^&+!$yUNDRaTx-k_(
ztFq`k?!8KR!{H#DUbOnIm#QII$dWF6tG_a$EQJlv>YE#V1&Gfji>VFxU8!1G`wHCS
zEg-x^{~7*)988C~uff&!aGPN|#9jY%*t9Robg<Cra6e3iu{T}g8UlNz{%8`XWl}H5
zyp6OY5}>tueFx24k49q06D$enif^2i-e=!643siJmw;-VDYifo)57lx!Eq-~niq<D
z9Ba~a2`CLC6#)}GD?QV0)d>_8A=s9b1{ac+P#i$2toUBbkg_5Mv(_mqdO=z7!H}}z
z$B%2uiszIegv#pl5Zv7idI<D_Z;#R~QPo437q1|7v=HQOWqMoh^Y+f*R^P^Xdr>kb
zSG<l}{$qOu=?i?6T@7%i7cWRnE8+euxJjq$2<tYACe$IAwo;99;co|n0gt9P5NM$U
z14*djcuv`HHVHK^2TV7pIDURMiBX*Q*^^C)^-w*Q%&#?N0-JK&O%rb-i8^`u>f`&E
zppLJFj&DXi9baMP<T<luO_}YTX9ysBjUn#UfekSmU&4^gH4O1%@u4BUHU8>DyrEb(
z#1l^%hPXpl!w@fGLwrXMb%>W)LPLDVllmd<*yDdW#2BB~X%7u?r`HWbY_aHuIB<pz
z@#u#PL;U?2b%?({qYklsI33OLwYnj0$r6XuqP~cF@QlML9ai2Ost_qIZvG9VxvOc9
zV2hKxlNM(svj$tPufg>ClQd}PUk{?<3n@SzM$2DY6Se%_wEX2zexk1Yzjym@%CCM+
zE59Wxe@OK5-^<1F$3ywOOuF{}SLF{4l`o5|{nfof_v@%ULrB4+*3hLl;ZgQYAhVY;
zVNJ^ZZ}9rt9De;xCIx^;w_w-b<l9eQgw1+86?nq@6<w{o{VNA@E8|#sg|xi5E0i}c
zK2%<(E0<@`XC80VXC51e`pjlkpBa>l1(~BhdD7xwk<viL>Bm%Y);HP)S~oT@{UTdP
z+A=VMv%BTuG^*8{#)5BCld=ziF<XJ*%O}i6^KXd0J!^_6{S5X5<xjzppRZqERl~<Z
zSCD0diRligc5OE5Gx@sh+7h%%#3{Y>l_;WiZT49YOerKX6JOqiX;{1Dg?-JM4v?xQ
zodSxHJ7yDxH5F~!(4dgTH-@@837jc2H&;v?Re5k?#9z*6&}O^3LE8g#i&PET$~tFr
zN_rQaL7T7t?@x~;C<olWzhgC`Tek_0J$!j$gmqi9^LB%E8=?&`g{<39m0GiHtBz*d
zhIzW1u4UVXXkRj=>X2<)S))B<+lDwNIA+_%)VK?<V1s2F;vHZ;n4+Z|<8)fhm~xJ#
zSXc^3%yz!~5{Ll7YN{nIb2O^xdWb3tlPZm0IuJCUhZ;1WwIGa>FGmg8xRDyO$z74(
zK5pQ*k5FEG4uzdGz>ZPaXbL-HfHhFq?<nk?0d|_gZlJIW2H05&3*LaR%Ldqa3Ohhy
zoI%O%5{1=Jn8g4yQ=_zZDXgUd2EJI0y!<Lu9zLY>-%on%!w6wvGXr-7@VW@_Wd=S+
z80Y$i2yn9|3f>Oj^AX_lEcXfkAB_MXW#Cr;yeAAyC&(Z6Fq}sLXG_E<KEFi4;{g0l
zgz;S$mOBH$t#q2xW>s@~d{oV8i}Kb{%FPd~M9v`nSRj)rLc?lPUJM>)Mq57e1Zvc6
z_26kFH`S9)QSLpe@*ShtlSL88lcq5(C?b4~6t;N{)tGj?ct!j2CO%AGT8!}j(DEAo
zAI{i+i+y=gg#X7jg8Yajy-q3RqWOLdvnRhltiBtB2>&nf*YN*x`Wp59U!3oqTM+Gh
zFFn}we}2CAm)())d*@Ht|FiSG7du5c-+Qvt^_=f@*nOq*y^FgH=X+VFPvc}w{)(RO
zh3U7Uzi84W^8DYX<aS-kZ8`k5hTQVA-i1^P5*F2WLz#Np-#Juo6Xbr$2L9@_i(hqI
zFzxb42i=JW1?ELuFp&|<sxC@$`;x1TYHk;s{St()z(=2k3FaFboSKu^;F79A+wH@U
zw%a6&QQK|I6|~)M4F*H&89uGn$ygzwG^?8Pw$qhY^kd*z(0qeRQtC;n9ijPVJn#Ph
zcs#Om|JUO&Bkp>~V{^0r-;M{42I)t#Km92EN_Hqb{2BquUEc17{&A%6Wy_KLlS(^k
zi%z(GG%yI+lLYA}<r1M-V3&$C1&G_1$CEgb46m3u-|BThtw0|L8S$Z(2o3$xYO=r1
z*V~48Q|iy)UP!k-<zj0t;*g9l->k98`qWKW(RFrB!$<J-|F(5D93BMmhYaKj9@*F6
zN{Az&1kB*nyu(QXUEPral)9c>ICSp==u~U}Pd&Qe?D2Kj4VXz#4xx;HC75)3R?2K$
z@SxGxVGm%mVi=1M;~Z?Q57@vtdWTu_2XU)o82J94T^J4irE3>pqaJJ<Wy>6aiM>OK
zw;1_~)9iq>xw3mZ;VgcMI6+kyf<^fX5Oy?aW-S(Fcq?YZptydaOvaASb;l3AS>ifK
z#0+<knqI*ltN`m7+#?BcA3?rT5z4pVF!N>LNyROvc;qPxD&XG+K2yNshajCuKdany
zFD_GWD}l&OrHw(pydVypski|QktfV5hFitx6Bl9e;Y6WuYK=LWGZD!kh9i^}#BuIp
zQ~I&=%G~r{NCH@ba)F0b|L)KxklKc@3la3SQqk4I!~=oMuJd$uK|E^1SD_#i`SQo6
zk4#`Z09%9@T<4bicpOs{{;BaKLmt1}dn4y6X_`=!lViE;<d=WvEcvdatdczK;&XPC
z?exCOlz68R&TG9pb6NxcH2CR~osDFV`NKWrv3_z;)t3<_k4a93l1Lv95FBGkF%Vdc
zU*5H2E}_;>xJrXP_;MJVvP#z)2n_cHgmTZ}a~i{oncp0Xc%qfo2ZP99yDTTPZpf*~
ziqa2*V`$SO`?%7Tv70Y{gM$+Qj97^8=mxH&dJXA>F8q^;sAzb3B46GKO?SQo!SRcU
zus!8$zjhU0J&?rZw77Wnk@^g@5lIEL`k}JN8axiHBUJ-O8qUw0LQPfLpjWw^jDB6b
z?VX?5;e8-|r)Le$ikZnVT7I<&&sCMx@h|x8o9P#E*el%0rXZPHy5WD?1Q*F;&@PFV
z!!PgMB{$>OB1c)Bw?EWvqAOUFLso$~^liWMvx$NCSUD<~l^1wEd<GrkbLt7_?iDpX
za4}fp&Mc1TxF%)te%<_bR`ib2ZGYsV4lL;@Qft;jm8^$sd^z@F^d9oF&aT88@ERwa
zERcP0nliZBoWj*FzZ50$UzejK4$x;WhQti6emttAf*F_Gg02V0NQEzl!-^{`F@g2Z
zT+%<)?##In{c~0svhP~!KO_3Q*9^cc%9_LMD0elsev5J(ZyGIN#FGJ$B}k>o9%Tuq
zT;6Q3e@>uw#Rdub03M9ckT^Kelo=2|x|N!y+}lillA#j9ad;BCJ&Y3|)Nplkq=sKw
zFe=N6u}FvZtc10y?74gZXyI7`TRo5hl&`uX(J~?a;ni@-s{9Mm@PI|u3{h>$=-BRn
zLh0qBZMskr(qVIR9W|W8a$0pc)0EDT6CKx)0<+p+fq8RvR5F8PtH;A#U;oR^umKg#
zX#@JP27Cz>>rNZ+Hz+cTHQ>?>7+3~(Ol6N%t=1j-YHddx*1um`u>#d|bQSoVenc76
z0g3dQ_^VyZ@qc)dkz1RRznPHRdHOj#7v^vpSN}=G;lTiwD^0OMuA4(d+NQkqa}t{T
zTNHO3ZCAgKdT{}>Y7>W`bO!4DQ7`79WzNs))xs2bA}v_dUX9Q)nx)LpQd}(MuJ*LG
zBiXOWeqH2unc;lc0_U;72VT@{vJ*xmp?6O)vl(B8K}iU|I1$bY-^TVIM#)oo;pxsm
zyzh`dB&3T=M$aT@gKU96R=5+&m`YZd6HlB6lLa>f?T-bByko2AjF(90^Kc^c*?8(M
zY!CS=Sz=~Tey;+n&}>q{vMqesAUxq5lRRGZ_2binrRUoSzMS|5fgfB={$FtOLoP5Y
z8!UVw#B7^t@!WC~c-467256@LsM*D0c9q@|1F>TFx+<E(c1zLwcrs^O__BX<w8<7V
zeuX@Xb2~`89%ZpS=Z%#VT}DwZvdCi<x<92h3X_ir4rO6J@S%UR_2op<35r&_-U<a2
zeHa*x%y*Nr<-yLtlhUsiz9T78eMw!3tAZy275Vy-%fUeq-RaTi0*5fidF7)iovHS`
z?t^^!-N7L9!Qz}lZ_*|zH$4SUY)D_eaI<<eu}A5>At~hSg79Ovy2(o|lEJ0a*@c6M
zJM9E{l;Y;|D#g@V8vCnXJrUcjFb^8p%4`eD5H*$KcYHv%NT&^KT+tzhEW+t|0zTJN
z)^7WNspZh)V<;X!VlXHtU*bPB;;BK@GkPU*S}gPh18-tBsW5wu{+JFmgN5x4E$n&e
zTOhQ7|1x!)XMu=P`l<2s!ON`kU__jgv48bb<w*#PO{PkYv`;@c1Pr6&lGgE0EhiX(
zJ;uGDPf%sp6TTyRL60B}^~_v5y)>&c7q~Gnm?<_$+mk|rwW?DR-kr98ua}x(qB5>b
zH=M69j8pG243_>ROaJLzgMI|uKe08=m~FTzmUy?EL3s@e&{8X*r7f9y&iNfMMPh-D
zR+}yO7$T!Z`AnB)>raRkg(kOT7$0BtJGOh+t*ntb2)rJ?)iO0g+E@2&qmBIaon9P^
zSKKI+)@btxB=qb(=Buh*{9HhVtw+8=y$g#@!iIRtc?M4h_`zqc?}PTp59;Gv3vypU
z%1U;_*@@HulG2I>st3E6NalQ54CqlwKZw#9!QW^mLXt_4{6gtwvL9uc!069^BvV+)
zRA-yJ`P>VF$?qoHpXfhqh7D)puXdm&E(qZl60C^yMHp{U+9jkOkrLXWLA~T|X90QM
z+ZWQM`cQ@CHZBN$D37#=(wzjy1yK+|H{0rV>?_)b+m7Rq_ZDq_$qC6W$-_bT4U)w}
z{*!eEXkzI)f_kQCmr#DpYk}x`b9ci*q&ZoTNTsG(+@_0yG~OB>R@#?cn>>J1{(a*w
z!Ek%<X?m5vJiHamn9851Jk2l8v%()c{7DmP)>2i#wFG5?6Ve2sCT~1)d!;oKfl4^x
zBGalIOEIA#xs81WPNxXjN&{3;9$2~<u14F&!L{X3luirCgMjyx>2-nIFyN;kB~%&K
z7F=EW9#aHI4PW*x*`(^1#lYbWl~?6C8Gu2^URP1@A27?_Zf51sh8CP)+9f#Fdk4Z{
zFl^O=bR43OT9xUkCe4$Qa@2MRd1uSnDiiLSP;6k7&OYctu!<+lizgGVJj%M`tm-3{
z5|-6c|BZ>`!t5!%*n;XSwV=FbEYe`~UkRh^<ZYb^GF)N9sn+VyZS^4`eG??XLlwAB
zBh=ALdQ93R;vwNi!G9vbonGUTHn~dnE(V?Esji5l!rb&qA@LlX4LYXsb2fo7IGhZA
zom*b#O+TH>ui7k{E{KVzhB<m~;>%`&0RdT+Q*#r)&XqP7?GB5dK(e>8obJ!TC+fhe
zuDk~@HKrO+;{yHiz;oJlA-G@=Q>%q98riZG9o2jpwBIeA7W@}uh0=>AWXm_fnzRWk
z*ka^G$3{Xe&kLsQWIdkuln42;&1lh;1;R6@RG+kyL0FH2BT6%Oah~$CAOehkqBZz<
zg81#Hl$RR_`&+)#i*!0?r=1(_Gxq_L4-du%hC|a~J~MvMZBpRfuA3{$;G1>RWPQib
zG~vtd1S+SFFAl5sci{gyI0__|g&?uG8hr&pX=G!)>Yb`UkbYD?$c7g;T*|i)q~3n8
zM<E<8Osx!WKQ^t>ECR;f3HmWg@Z>zR;PCTH+rnL|D}26r;9kO$+7#Bwt5IeDjOf1<
zE0$g|LD)Oe$-{hI?V(N<9N!3h-VV2EFX8!iKu=8)d|A7&gQqlL2M?EK9)!NdZpE0V
zr<B1b4g|@FVBdT3NK)Bh?AsKPYC4&B>H0RK{w7jrZu&9xn~UEId_i6f!$%!G)eoiG
z<_|TELNY=6axT55`GS!N7aj#IXD%n3OIwvQ>ykL>r}{TZk`d|8+F{^kf>OT}?nFWO
zL6h+cT;afKLr~^i>JQQqXsh>cvEJi2?#&%ilGT?hJ~>=AAJq%0q+7EqFORw!HTw$Y
z&z+>~z$aABg{$*0&lYcOw*#e{X56=}J;=U&p$Ei0stKe8It7{q+6CGKcszLp#^<ja
z$ya09t4%3ba1bxVoXS%hlc=W*p>#n3SJYjQ7r^CJk%O(x40ss`V|VEdA{@y>oPs=j
zd|0L0K&5C#Z;cYW-OlN9d#jX_+w6Egyy6X1wu_=KQ%vO{I8T?*5&M|rPHRABCJgXa
zzp7+6Wp>f539~270wud@r#+-g*%AB!`sPoB{Zn9G>%rNG0P&(}4*>t7sk*2dEi)rE
zT2z13P=$_bTG1*LXjRbZ`E_FzB1s0Vzt@?kW&8?Ea_0Z)m>uPtG`D0YOczu1qxvg?
zFRoPw4qrFX*VXOmtIjW<36z9TuS9y!px{D;`%ML!_TLHRfx0A3=|%HjNSf1OO=sGi
zC6$Di^GyR6SKWhI;NmKgJjT<<P(zN#aOjoaCd$7P<gv`(NWTG8GlzOboT>WR#;Xic
zVNlp1g%_AuMaR?ki6&a%Woo5fVwGyXrX8)+(KSh`->p}gXiaLIH&2>b6dGo44DH#M
zSkX?}v-<-uy)xX=M6FX_$FIj#uwML#zIJA>U(h;LnpmgSnrK~XY5FEw$NmdO=sLAk
zEp{q%Wb|q>$Usp4_RO`n(tC|znm#&dCd`T&XAjbXkfTys)KZ$AG$DgFp$9a9)WnKi
zZfJ@X3ySk4(z@H}Yj@U^lo+gXS`0R2RdPlQZAu1Bchc(i|0rMQt#oh=Hf1ip`{JCJ
zvrtMEP$6!`0Tb0B?fR<?MIWfCGG{mFNvy)2R~}$5Fawl3*$e7R2)k8vih=MHak{pT
zi+1_6m(%MVsi}Kds@;&fo1;WBjZ}QuIK8Io%rm6EOV$;~T)~ej>?YODM6Q18MZLOF
zD@?wTs~0cnlRIN_I#++uklYTFZ{g~TqC4PDr1WUpIoRljg*JMTBvxVK*ihn~B=LPr
zd?1uKi6p*+iL*nAvy4LS3XM|Tyc+anBCf4I(5|hT0m5G+5Z=@f4t_-to{vCyNkdo%
z2oeOwr6MoRhY3IH=EJC;b@L(jXWe|r_*tC~eSW6uHQ+57=3whORF_a5%>?CMCS#tj
zRn=`Wlw;&M&>Q0T-H2IEC_8JZv<_=q8K}?a*YY`)&uUfWoOf&0GrYgSx9*_snh(&Q
zL;5c-VPA%=So!4+-IpJ#4JiQK!@g%%M%E_bm8c*(_Ap<~NoAEq#`|B@Uvs~mhpE42
zSX7_?xfgXO9r%o$F$hYm_TBR}RK|XmU>VN~-^Osy=YTlcK>H;XuI#{(8J&QX;HhyF
zs6M4UKLy0C@kFjpgPj7D!I9%LlL1WM37Z9aQuNJ)BR3~lFS#lCov0KL*@g0P%8i?n
zI6Rbx3&kzU*zag%QD0O1I!Skg4leA`L#X^bei_cGp?44Tph~6_!9g6bPZp5~Z;BwN
zxjr%pnPZircHmWKAskTV9Xt>$uXOP*REne!46gD>Zds+bKl{L33w-g}jkFR@VBase
zrFvz;-eAyJ6RONuMr*?2w2T2u-r!ny=BL;je7Oa#2thrPh(2n8-an8P*zpXkz`G$X
zd81DVx(Hv<7#K$Ymrsw1yk=G~@y<}<7~^6(qOI5YE6HNo*`%_bF5XWH0Oqq3JGW|{
zE3H#T60BTlZ#@KFF@7mCNL`5bh40{5S84Xcr?19U@_#t1m41E&$#od{TD*Ay>Py3E
zD6_wy)JqNJL+KR+dmqnKJO_Yd5ns_nB)}Yv=958JnrVZ^TT%7YYRc9SoKNwHQ*}06
zO<e+00?HVGPO9V0z~>qR@N8okE3&B>Bbz4rQDDa@<ve%*DCggqUM^g1Nf!9Eh3sWi
zrQJBP=TI6-Umw1K(NIeEfpaklOc5Ij$)M>@#tzKPV>A>_RGQXM8mhLY*rc+I%wKso
z)*9-loOCN;2#U0B#U5?T8dc27E72NdWsNF9NJ>O|N@xQhHWDsv`g%8O-b=LJudD5O
zn|=Rnn*I@M&#Oaq?de0?vsZ18qVbGfX?r}&wb8Mj!_i45kLS-C28uPTAdWUnG0|yK
zOj~uwe%h)AHdM}NLq&mcuiZ@B!clf-5NoN0vNgaHVbg3ev}rb)ZfER{KUdeZ(W|j(
z1uEw@UgO*tJ6!mg*0d34HFh{NYSWgQDOVyu`^Lx6_RV!mCxuM1C428h?VB}2>4!Uq
zKKwiSHGw>KrH>ip(L^6p$m5}3S#c{1XHD{ov!~7>?BiH%0gPl_I*~TCB!;c73i=M`
zT)67gM%J=Mwqs@jitkgPS#xa=c!sd2Q)g;c0uP0_)Ag~mL207Ah*RQ+#&gnoT*EP%
z#t6s_AQYrI`Q_`~zJBE?OjxpD^cm$wQVzKC^2JU475K{jOUVzRkOH6EAQG9`Mh(1`
z%T0YaamgiG?t>^Yy_&p<wx)r$?!Dwj`cA!JlNB1vT9*+^%WSK*?!!+E%=hF;Xov-^
z)A8ONnP8R?OXZqrbXvZ-hfYgpEIo1=A8lG9&=*&eLg!%teVxXpCFrYwkQ2+M<+NB@
z|7kRRF0FU}UPE-#a@ChOEkRlYF8t*)&|9D4*1EDeFyg<DqwM-0>nS4+)m9E|q3jim
zh_Zvdz&upGWiPPklr`)Hwie~z>;*PY<sa+?%28h0Lb>#5Iv$(FP2kI$OmwQJ85nSL
z3{9PDNR4Ny#fDTAUGzcOR6sihs0asiWZ%g!q;`#=Ouvov)1Qayng02TEsE%1Vfap1
zv;ye+PSo^$U&WRi{6{LP|HyOHf8^B_elIbF-}n9v%-Uh9@av=szm^(1$RNP2MU_Fc
z_&uLA>ct1mJ#**t`eZHg!!|>5S4{55)xUfps>E`iLB7$fERu;J<Env}6C9lQ^-CU7
zozu_8)t6n0ioW#{G8e4^cv1<T>O#5|2a&zaK6zx+6)iJ<ps>>h*a-?-L1B#s*cl4@
z3x!3suvkK2F$O)4CJLKEVa*M&SZZM*Qdoik28$uo?4j7~`?>m;E<_kVTv8>Wl^>CQ
zITB%<a9l%p84&hFARN#TiUHyK2!!n#!Z<*vi$K_<Aq)Tne*{9UhR^{JRzx6tr6HX8
zkRW^zf$;4m>N*(rg-w97@)DK#hzv9FOAv$VKP9mGy?Curt?fu-Ht2SwybZb?>5dJ$
z9qHB$x*f^BLAN8d+o0Q#nr#TliLgr^T8XPn$-h-6m2F<BN@dfO_2fCwp2or<pyey+
zL1#6Erz!tfNo9q(%AWz$he}_^K>V|_GM;2*9O<nqW0qD%u`+2Tl@DPbQ^v3t*t?WG
z_Vo-U8$QBXp^1f5AOZ_O2;49=s(je~J0>62f55R=LxJa5&6E|iW(E41ZC!zbF(Zh>
zL!M>_*+898K4%$v=rg=QGvsL*h6Ocg9y@)>3f781YQP-m5@-Rv(=*UUcXNLK3f8Y$
zCO6BJq6}tFP9@{*AbJYew6xc6us^x^I_yt=I*?_If88-6{`EHd)#G3Lf0MmT|4>AM
z428=EvyviRNXDX5S=<V^0z)#?u+J7P2DH&0)zF?UVeMJnA;SLW8tr+t^6Kp|#$Spt
z#(&-064irZ)%dT3E_6kKO`e!S6@+AG8azzIV6gve2|UWD%&M^r4|S=@D799te^H&@
zy8DpC#?yoOISI`o?h<dryF`zvN=&>k%#pCko1?!++|TZ7;r_7pNB#XF_<9#jo6t8^
zX_Ynb7vp+@YZ|aCP=m2f<jYRP!_8?zGFs5myES>flecx(u2E~nFVt&P@!Vd#My<t%
zDnZT@1bK0RC~X$~_07S5tY1m+q}QUQ#g?h)G1g#dv85i)6SVfDduU_4O3S~JI4xN2
zcE0=>;Oaw8_wnWfR#Zd02|3icO#h!SR&L)68;zJN=g=s+DJTh2&iHkXam;UXp{oql
zDwcUGpq9erZzo}-=V`)<&|L=HJnzC9wPQ8%NS8eFVvA}^i=nS*+-vXmc-jt}ashD2
zz$&M~^n{15@GY?LM^O%EOWYq@GEt67cKz6^#iT_VGC|F4rZ7`o*lBE3ck$%!25^e}
zQIdAEu%<m1vOE6wKSAWEInB?B8-6H@JIybKtAmsWio7%=@mRPWVv#zWS})tlx~)it
zrme#H3{7-0C(AQwSj>sEN+l-NxfQ0+9R|BU;B>*I%t{Ka31RW3s1iR^;CO7P0vX6s
z%X7_3fO9D+ng;s5B|v!vpqW3WgG%R8d=Wqetc)G$FU7Nb2&XWO{F-UkcHTA!`*JQy
zduVj=DaH3ak9bP;sP0^#HTt*4eSE;3-Lb{Bti>5rJ4?O2*+g5|ptiV?zH>~xglh(B
zr@x|*qdfLp;3~-MjN5cPi&GB&Yy+!h!~lmtc)#;Vhe52O)epFRx8AmVBsFD5F!2BM
zGJ}~Gm!oJ+511)Cz2Zwd)mby?&|q$WF?EAUGp2@GyMklZt5rv9>RNrKzr~<6HI5io
zq0+>v@R1&^JF5a-Fkux2uqssO(dMu!l!U4<QCEc$wF=|)na0v86lhf_P^;k7qkSGr
ztB|5q;gglL3N}4jGOL0$R0UXWY89+%6%2OhEol{SQ@|?V6QFI<qZP0!-~}dDA&phx
zZ9Uo!6RpDQoK}SrT@@fXXf#A$%OpyRmhzoRFYiIhHkM-7QueVFr<M|6DdV-2Us+1X
zbUnyYLZ<62!1|ofIXqmD$qpDI6y+dc)%(p+W3Ap}5VJHFCO=*Pc`A>^_-+mx5}~HO
zx%y`>8US$=(2c7<e-TBhmAg<JfiPepaRg)3mS(?3VJ!@>I0}1`!V(NH3x!RkFx~)b
zNnyh%tgQjon!@@}SO){F4TZI(Fq;9^p2E)ljIbLFuuc^A6NPm*z^M0!?9~*OXn=L2
zus0|y*#NUs*i#gCvjNtV!XBouUIy4r6qZk6w;Eun6m}bhr5RwoDXb%f-EM&OrLYS-
z5jMa8yN$wjQ<%d5>rY`-6qaRx!R}}j#OxQTt-JdTaQYPyJ#_#B-wNQ=2=EjJZVlk^
z5#R+3eBy5eJUasX4g+rj@LwXpl??nbfIo=<pJ3qU0K7i}9K&q<=K=WF2=K2g_ZR>x
z5nzRZ`vZ7q1b8O{cLeZ;2=E35KKD9^&k<lh18)cLrxD;!8F&SN{}}=PCj-9%;8!BR
zDd#D80f28f9}Zs1!1n@paRj)5fwKX8AObw*0tI&ma2{+)gri5-2(hYbgqMsr;!Fw1
zs>ttB|4Ka<!<}SJ`p)|0D1gG#m)g@y^eHe2Ujs#$o$?RLU8|Y24=?W3)Jt5>YI^5e
ztlYt#EQ*~J^@$0D?;4e>Qxe{#ax{=FWllE*GoO2hh^jjS{jo4ASpV{ldOi9RJ~7IU
z(gzBiYe_O5^ug<R<<oamx%8cPRF4g>;}dYvjt0^xAdbR)E$DC+Yy5g?^)jeJ*;j{y
zqGLDQ*9Mj5Pf$+|bMA!LcUO_;?*73j&$YHh#J{V%x;*#ozpq<9wUY+)BJ!r)AWuJH
z5ix9+mHgObiz0VLx!N8kl!n*;9<2X6-y7>cusNxJHmg7K{R?Yp{jI~Tqz!x<!tl$(
z37ag~jqNZ;Z-?<dn+8Ac%P-GGakOVM6i4H#bHP7SE(bcHrNs)zm%$+@9NGfsk((YA
zscS&dH<Y@AFzD0fM#x(){Tb!02Pb(a!N`|yjxoqvMVx@%GZnYvJpbfpgi^1dw;2mT
z2)Lm93+``F(U_TBr6_NG*A0_WLV*O={<A5l$!Qsy6D2FV5p`3QGa3gLUc-XGw$uq{
z$}8YOY0B&er_X+9!aV9hsmHu2v!-M1d$HPsLwmQ>BuYmGP&k*{q#wi6aX~uo&U{=^
z!^HA`tONysw8EawiuGtMOof!vS5&8jwoLqPH+C<g4-2b#Qo3?rSP#bnw9>$^Lk<A{
zzsaTrhILB^-M$;M-(gIDl%TNZ`10v7l-CReg<bcdoihf7C1^uUp`ftP>*i~Rg(bOq
zo30%emY|u~bpZ<tI|M7Bg@rvwefnTnSXT5E0>cu_Q=IP31XC_?I-VC(n(28}OtI>D
zUQFqt=Uy=-8B=g+xHF3t{>cQ;^4%8`m1VU>*G^hPJt{f2A|rB#;XHf*JuB}<VS@~?
zObRnmSdIbaq_Bfq5GER6xfE7MVfhBwFbaF0!bTflBPi@y3L9^LjiIn23cJq$yNkl^
zqOb=Hu=^=2o5CJ4z$Q~zB8AN~z^3W$38a+joD>^ZzcJ$UeBxy_ru_>q5kfpN!bY)3
zL+}E^)Ch!EHH6WC;EO=`hlX$)Ap9u;;ZGVu8$ftE0^w;5q2Wb>P#l3!tRZX!gy|6o
z(=~(-0O9Tkgu5@R*9<;D7#@LOy`+9&CLow1dUBqIFdPsbB(H=j;PQ)8IU1lIMg{1j
zr~1P=(a_WV$+mMLy;5lk+^D**ee(@C{tjf-zsa%lb)fqh0TEBL$rAzIPS4$wSeBB{
z4zuXGkA8;t5%ezMt~XTOvJr2nOh)b-DtnUohRSZFzd_lJ3^-EL>4$;NSVqM8|7SY=
zuosIo<1?#r<Zo0R?8zd^gdA}n3|@)<xbUr!e!mtR86N+%^6LDD`<>r%o{YPi=HGB*
z4ASpr%)g;qo|d8>AlpR<*!~YZyIM~b2&N!?w1x3g9wf&uh{vmQZP;A-{*QR3CVT<M
zX;UW5CX8sFZ7LD4!M!19dbKcxPS>oORr>qCqE~A;Dt(aAVtBIXqw+o&7L}K}N6p2h
zz6Twq61ukTXF}KbuaT}T(<sR@m6DWbM<OTawIxuJY0UrA+jjjq#fhTFVH%_HZ5*}R
z_O<Hv=14Bs-VZej>P|3D6iwFavlY$Oon@RTS_pwF+?jAp3G4=6z6OjTU@O)gJjBz3
z2eOEEQ>|3jccUWxWB2}URCNE??I<9sf9!MLj=G|M?41;LE&tf3m{wYxGWm}n*+gid
zUe*u>1H$nLgd-Y4;vbn-oe^Q1ro+ksLTv=XNbL)Io+Ai@n?jD|nrYG#7d<4m=QZly
z<=`Wl&zBTM_*j*A`n;xY2FVO@)gyEjCyNJz=uh9Ueuvc=*YEL*;p_L(s;jTxrEguw
z`i&YtyPZiNKU=T}nHIhb?%Z|Zv3XTZKX)12a~6Y6)6~tHnm+0)sd_fsIJ)%g%ptx_
z;ryVUIR<P6DA#ON?yKrX*Jqd~8l2Hq%Amuo4K7tQ5DO2W{m2fgx6Zs8KSr0W@?f=%
zZOtn`JRFSh5<Vuv{o1$)7j1W6M@Vf=6TB_e!u+KU7FYk!8tO+9H)5hIl<0)>KTPz5
z65YmGc@I+sZLNr;uj}0rN}z5HAq5b!BM`C~f>mk0Ow|)rr|3UEpi`8{|9?&jMc=k5
z3;(PVvcf;p85=)Go7#5eK9>0FY-ay!oWHMBhslrU!{=|-%4^8KZ~o`>=er2{W2I*C
zD*bu$x6z*#I{Gul$LJ4uZwKompg&|^wO@_;^gZ#PQXkPseVT0})aTi?{|WV3@W!>N
z&tG5tUr--^6zbE0QlCVP`mC*vLVZ4{z5?}mq58_y=dtQ5Q=j{)e<Srdxbzy-XWi0k
zP@gxKUW58Px%3*;XVTK&N_~JoNBe{sI_mTFJ1X`0=tY(Kyu}a)&Y;xit-%M?_;H5y
zd!)*^exLa@eElw5e)aX6@cPx)FD%==IJv<kx1C?^94SDsIJjkkHB22;JPA{w<cqf;
z2Vb@e1hc5I=?$Ugsl|gDnx4ls5hwjSi_>Dh`{3$dALCtlzrQZJe1Y=BVyePkpjRX;
z+fOHzWgSkcO$Nd6TNBp1%yGp!!nvGC{*P3^leZls0jQOv;p$tR`8W%YUa*qJMitP&
z^fmM{pI(T^?I8k=<~v(;pJX=#u6O%r4&{~sx)$1$SD#3VVte%tQZuqm(h9{DV};N~
z5w-*BvXp*Y?MpB_VbzJ7nN4YPWHm6pZNKhZ1OdKDAJ^W{aj^ynk^ifr*jg;a#J-`#
zJ_Z}wH?SrOFC}sMuNhZfOGY30K$mFS0zFw$zNsLqaxcV8VZMTJLEZU0T~Nm!(mVSI
z#gFF&c>-A-4b(g5*Mk2@0w|Lt{&bq3V{S8*f3$8Y|6uJ@ew)9%vZ$Bq3oFOsx4BJG
zu|V6UywbbxG{34+Fl`bNw+p3@HF8DGO0rB%Mg4`+JX=iq7V=WUKVK!Jj%;+699k^M
z<E+k#enf07J}D$_E8Wivri~=w4%MYclSt&s-<vq*Vi68IXFhT;NIl+*a_hi9m#IPH
z>@30ydijy5?*}WtJkOSFssL}I@_a(o=3ANifjhZ5Gpe8Y;=v%S>(<&)7C8RI!#{br
zg-}=Oj6bA*6BuUnFPh7*+UYTE^(1~%vVZa5iuN{-Z}dq|;@7UyeY|L@8dA}|jVPPX
z4wK9~==X!w0@yeG9@o;CWJ^ibZCr7^M@~2^`pgch-s29b_r$u%J|;?AMSq~VC{>AM
zq&(?Akpe(%$!ygIA&1|#Be#4fU;Z$eDy}tjz?_`NbRjw};RdV(-@Cis5u|a&ED%A%
zB$RGDryP34&KzxG1OcP}6RS|#*ru?vAdj#K{(WYlbRXG@+n134&k2srkG2wg{oqKA
ztDi__CE2O^k3TVzOve4nrWZSN<HP)w3Ucd^mQ$p&h+6uvHZmUXf8~EUIhz0FkN@$1
z?|->ld8Gg4$6mHan2=tV|K(1rqwG8}n0PJ!%P*8&$^Y_#GK2r+RWDQj%YUCt{VyBo
zqm9tV@kk$6G5Yvv6#97Z%JlKNXylZ4uSz4OJ_Z_jcX2ctd5F@;UsfTF{N6w#H!&KS
zebsti2c7)(o!>?$KR<f?bTYQDflhkoUk{xuc;~m!$z2a#l}`F^{jccc^e>~#)-hjR
z51l-`<iDqrZ!U>OCvWvpI=OzLDlh&o_LscWX#2~^zy06uFJF~J?k}BR_z(A&&sRhl
zu{Ty+&;HWC<VyR?4JC&C<=z+Q{*p5xB7UPsS|>^yfk^@XgLpytqaal&|9S<^cIH`F
z;G3Tg0)Mc;>Xs(kTqTQRS{5b1o%oPvT7WWiZ&A)8ZFSm9iVHYzTZ-_I>ujFM&X@lQ
zHw9gEK41UIby;v~^DG>6p*!gg1ZU+<FoXX34!WOQs)AO7F0!(q4t%e5_@kDZ3aL{_
zYM_vOuO0o~Yufi94*kkrfHQ)A?{h8Z803c`X9mf+qZV@>({gr!oVNl_2bxm@t%gfZ
z<z#JVcJ4pFihKjK6QE~@{hlgN?7vU-@I1asMa&1pgg`v=4_L+g2cA<p{GP6hRxI;B
z?qlmCihoG7#?F90PHJ1qTut~Fs@86^rg*2#d2qsP=4wJ`y33dMj^#Ly?;*T`7MN9+
z$5&)?qn~MdQgKMheJ;W;3Yu(Q%`Zv^E&iESk*M*{{7iEd@}XHFl_YP2V{vBx8O0OI
zWM)*yJfXB_uX;}?0`r6dwuxb$P^w$%Z0yFDMfZf#eoY(NfcXoc0q6<kvG3_=X0<a#
z=U4_?FcXe4!7=_5it>+-ICQW<0~A3>Cg~*Ekus^_XD9ku`vT4Iv;X(1UFWFWF)lGb
zH-~i5%~}C-SQqKtru;wd-a9a=qH7$!o4SF(E=UPzB#99d1WbTHViHV%z+Kp25EN9T
z6N;f2HV_19NrZJ-#0qv43)TlL2#AnS5>UF*Ep%pCIud&Jn{#Gv+q)?|`ucm{?~i2f
zotZoBoH=vm%qcJ`-)>XDo|9=llOLajCi+1WkFAvCuuSJ!s(U=@$@B;REtEf(9k@)0
z7SPyoAxf?`qE>mBRt<QOK~ZqFdO1ds)Pd;=iYSvjhoDMuzQE*9iR92yX0nLxA=<vF
zau3n`O_h6yCT~jaAxv-jau-r62tKyrErOt<y3D{vZ>_jbP~Ej_orvh%So*jy|M8|z
z)z28s^?E%_jul+LXp$RXa!VGM6XajtAcORppk|O>V$9PgEbmQC9;2bD4wm<xChskl
zH;(0fsL5Nz@_MtpPc?ZT32J?T#@NLN1lO~=d)gu{oN7!qOs3oWM4j~NSy{Zb7z#YC
zD=<!xe?fskx&p)G0)wHzqq+i*%LUS)K=%sS9&HD((%F(V65!Rg1u7&fS)f9)Zx={N
z_SphSJ~p3z4_0P@vY}WQnF@7E32b$!@*_z9LbXE@pf24DRc=GREI+AOT*Vbi#$$0L
zx=^|*Zd#~w8*(SzNE>thgx?1TEKuDC&+aSv3t27u3;Cr$s&I1wyC5Fi*V|u6BDxm%
z7L{&*hk>)DV|;|HZ}-q1xZTO1=lFa-GHZ5)C*58Kju<gah#47Oz!8h%IWuhNbZZDe
zlM_?nQBFd$Btq0~B6B7M<`;9;E9Mu2ZNrCgQk2(PGVlNfEzAo35p8Li;KZ)f2t+gt
z98JVPYpw!=8bhT;r2jsz82!pw?U${w#}%J;B1rpl8o}t@UXBClF`BZMJH--LipsT}
zDPyN-*e9Ag?ZlW1l!!w_+7t{ePv*Q2&h5%F?JfVzwBG`snqe*okeU(iQPNC>cpFi$
z@hW{s|9Q8<a)*c|XZ%IaM$zt~$M~C>&X(IP&VViPyHvq#vqjU`QVhI~{F%ud`YZj{
z=T~#Osb1(_`mfJk^QCmt^nhRCf0tju>M1}>+L`yOn6%Z_Tr4YLHI;<1^S;>v4n*xn
z@UDj<`lR!DE_lc+ItKptPLh!?L<rnXv_$i1ugZ|=mO;>klJEc$9#jjDZpUSK*JtqV
zVq+J80PinLIJ~ndz!h+}01Fc@aHnM2JIdh3CR{IQKwTd}-9pfRo428IP&*s^El@|v
zpnm5)^kbN5pZdFyX+H<BZh{t>8S!USiKfCgWniC^fSs)cw$+)k73$11oT~!nT6kM`
z3jpxlz5)IV06ba)a0c(jGPuhS+^66{2KVGS5oqLtj=8y?HfO*_=$q9*5b6jC4*Co@
zkIO8*sqmBxdhRI0k}Kc+ZePnBWdIheTFbHEZ^2)(U%x&0=hgqG;Q!A558?m(ZNMKO
z{m|NA2I+z08FyKhcIV){92@A+4$mGebC&h}7z;^okI19jNLLUB8<#}nHHJL~<pQ4<
z!l|68mAYF(^&Qvxv+9NMk_u|moNO?N93@xnsKcs84PoiV77i`n${au56j7cz!l3x)
zfpk&DL(67+&JVfmR-fop9<7wj9LGi{u7pw1@eSm`N;T)FE(X?<Lwu03zwfVS(1Fp6
zIR@75AwiI>qtMTeAjoccB!4@Qu5vr57}?SOUFH2tk#sB$k5#tRNvq{8^*&AaR&(AQ
zSlsjiPl%~#o6PJw^35dY%@9E{))wuhWa@T7afrp`RmLFJQ#1UQ(KA+{EE>FHH4_aU
z0)tQ|Q=$ct4}Ri&6^oLQO+j!q7c<?{l(ig;Yq^==+Uq;C=SLO3oa$*tQ`iQDPt28=
z<fUrU7}-lz&qu9Rc`nA(R?HP)ruXp~U&Jv*P`L+!bd}dcJZ1TDNQ~rObCM;;pMA$D
zm@;gjZSwfx6jQ>*mBaIG!^hGjG@Vs^WyP3^S_Lqy!PBebRb~W>S}*JZpB!^C>>0^j
z7wzEKGoSZuKF6N%D$hQUzL32y;(gvB^?4uf^Mh;avOX`)k@`Gp+*qm4ck@0^7&T7S
zXL=mro_8=10mXnN6s)xw2E?sm7_c-@!GC0RJ58=YUF%{MCglgRUeDm@GKZtfl0b$o
zkWZ4r?#9OU`6;f!BsVaUS1-glmD?XkH!?RmX6^<k&7Til<ZghHB*Dm%r)we@S>cDC
z%#6@)(VsVA;1Y1sZl)yV=6-%82R=|NpS{oEJy|OCWCia@qU8ST?x$7mzjA@Z<&7C4
z_aM`cvEPpT0F;mLPQc|D_~RP{F5b3W4rjrTX;;wv8m(PGZX&W+$mII-QGyZ%nf2_D
z)KkLV&-0!}1n{251hAfVkVw64v`p$LzJRB)apP^Hv`GCeCxwzY9mP>*bPGrVW;1+-
zijm53DujOCv1@Swj4lW8uJvQ@g92FB=1W~$$h+2lZBy2@{i9?t%F6GN--rT|xcGZ5
zzhNr6-@w-SLf(g~yq{Sxkwd4e0J?~^T`cuw6MNsm`yvDitPcqi$$4~?Omc83Nlk9&
zq-6#pShbjQQ{bP;kf9;ix(H-<_a=55DN3quS>%Yl0$qe>xxhP!4_BnCH6DEGVsdlA
z)#s*9t^W91KAi@=tx1+Ca)O5RHpS#Nf@_T?Su!Nh46v{nQe-+5X&X-(solnVD%<$Q
zKtWMZ0&D+3#m5~WMix|U4rF9FkOL!;y{82-V2sCfXW*{ym}@Lx308qt>&j(#i_Gjy
z$b@&fqgo&_rL(y+89D^AlD`0Ik}voREH?5Ue}UysUgj@AmPiqQLF@T^{sQ|7d78h#
zwoeA|7c^z-HJeGVG#6t<U;43$%WI^B*_QH71*oP+o$)I7jCIvJV*&S!m8MC3hZkSr
zU3?MGkc@5QjKw^|=$-L#Wj?t+<r&4^8DH>>P2L&*@l&=mO~%(eV~2OfcRXW}cg6}f
zi6MFIHO@SF_VWICTrWt?UWCG~dxO-%uE-#P6;YcL$u&Rgr*LhWjOTd9A@7VCJY%VM
zMgh$zUmu~dw^!$3L{)a4NxEVis`5n!=p)Cc!22nYyCbXV{gmX6EIeD~j?B#Ozn_i3
z4xjh#6uN7hxdEg^+BiOUzsJmDG&agZnf<aK%gfQ^jbwQz-o?CUG<joK-cKxVq9!kw
z<$cBSrfBjevAmaA-V9CNRF*f9<rQi2X0p5|Sl$boyysb7N0#@ZCeOk0qFCOmn!Nce
zFNo#6p~-uV<(+y5^WN3uy~*;nvAo5ay!Tk%*DP;|ChtR*_d3h_Qj_;7%X^mPeXYs+
ziscPpdEaaDzF~QtSl(()-U^o2oaL2h@_y79mmwpOcBkMPaM9OR;hOrFI$17#<r+%A
zH@=Mxe57gMeVy_9mg`L9>rXO=MhUJTb>7$x@d8<-B^21HE3i*4P#X$t))m+)7dSP9
z7FeSzuu(3s844`d75GsuumlQxr7Q5ATwpd7_*hrqOSwQc6nIxx;3K&}1{8Q*SKuAF
zKr|GXrz`N9T)-a+Jg+O@lnWdgObblY6)2Jmlt6)rx&mwD0*j!)e{=<w%LS%GflqV=
zzLE<JfCBI73VbXVNQD9mbOqj*3)}?-Ue*<8c!Q}b;6{CQ5G~`cv(W$TnpDYND6my$
zW#8+ngqF*pKqq`nee;I|ffTNW8{^b@@SM+{XTft0eFlXHeo2ANH=!ppS3`8=U7Gft
z!L@-d64%dy{0{LATrZ-?zSMQbkNqC!zrXv*e)o{m`E8nt)7d^v#p$e@rs8zIo2KG)
zmP}J|I&V!=aXRy+sW_dP(^Q;}ZJLVH88MArp=6QFr{RhN`J4LeULu*MxP#bGWN&%R
zRf)jkL)YDP(eL_667n=&!(h8m_}Xa6k=(h_>}myXaE{OymrI@|_iz07515v1%Jluh
z9--#{jK-Q>#Y*lvK{N0Cu~d27q&)tlJZ@1Qj|kj;Q0feQIxRn)<E_&{!c@_eQ!K@G
z4~OWT1{s2Q2~%q{yT17#wT0C0E2HEY!I*m|N3nT8M~MeUsXPyE9i_T_D&{XR1o91k
zL21Ls`~^5J@&<naE{n{iF9lPh148oZ$Ugn@c>!RS$kWi58J7*R-0KOR3ycxT<S!`d
zOQSF4U80Q<a^%3)n9Ud*Ytm7;?lNx7yG!jKu3*D_7;=ND;BVo#ymL%%s9}TS9(jhy
zNH#+=QqZ5ESa3Q~v|oZ)Wb%a;T-`nM13P1dDMtB!Oszmfjo|t%e~9*<$fu8ceB3g>
zj_0<n>@I9#PKBr7YOTD{7RNL*S@<YB$r<4!SDUwDRE(JN)vcI$E1h{O+PLd)@nf;J
z?KgR<MqemgEZC3;%JX#JbiU?8Qz#!3D-UZf1wo7;!Tos<M2*7Gdo1(RlNdEmYAVWC
zQ+29oDpqdlZCabFsmGgi-YplH0tHMS*%rx6LPk*H5aJGSN7A+=y`{ghrLYaBvYD#P
ztOr$L)pzs6F*H%@j|26UId(iuu_Hag>c}@+lO~%@g@=(VL2X#8;i|Y+(S|)KI@+RM
z@KyQ@o&iBMxHE<E6tm9rU%Gu~`i#R6K5a9EPb={bpSC&MG_FpA=MyB~hYi5@;l6B>
z?EokS|B_L(%N7f2%?C0K>n)KtdM2gpvvtpKJ^{WDf61^P$UCBqpN1|IchS%C>SP)=
zfhM@6pv3HcALEYgA<vG0C{8_$R(nc`#nF=@@MJ&o-6%ld5K|#gABxG$#};DqPmhEM
zP|oTYPp9P>IxSxtRMT=^t0e5Gjni_TK119&X<8<jZ$GLWOv|mp1c61DYmlU#m7l>Q
zWRxnpT+gI-J4}T@H?+~^R30QvMWA%54kh;y4sddT_W*Ya|JnfWs%n6DdkxT*tZ{j%
z9$a1>^}xR5u%0(uf_1wRraSKCuk;?Bf7M=e4LlPTznKj2_vK*K%l>DPm;HE&&i-ds
zHTFL_w`2d4Xj(qQ0dN14CP2?mt5UuBGlNFGc}kBeOn?IC|4*3!U3l*HRGWWWTXWUs
z7(b0_^Bdi3qS~DI-0i3~`z2PX+I&LzTdK|T=K0u@CeN#hYIEqLe_yqEQy*Wd&5sOX
zThOVt-tm6_wtjP8cZd)D=4WjG^ZL!d_txt-Cyk8w@ARAZ&h-Jdb#rT?-~4Fr%JiF)
zdu#NYr;cR$&BNL#`pv!Btech(G?<o8_oL_Y3Qzg^h`iQxN3`YQZU|&$ElfK3{J98(
zDd^>5yvpuF>G6wgn<2JgSQ<3zP_x-o1kTYwVYkcR5M1<FQ5sY<#Ji&OPPC%;<%T+W
z=f9Lk^JmKWQQr9_)9E2;SUL{j_+Z%2gC`7NWy_~}mAyQUmQ7@t`@J(0b7|(CEOWJY
zW{**@qW7`g1cv+$EBK0c!6DDkT6Tjrv)kwnqU;(!*3!vuoE?D-`k!$vy!}6G^wDDQ
z=yL^lGiTtCAHZsf?yq1u)|XO-abc7Qu)x6(guI&+6S!N1Sk^6$Ef97n0bSfIGINC>
zg{iPOp9+(%TLC(+Ppl0Ks4hGou!KO3Mt6Y4*^ScGIQby7V|Wx^&NB5-b~$?<Yq&<*
zZDMx|>|VAn5gp96>QV!`oP&5(;SjINOx}DJf>oJbD~1fWkuGKt4>pcT5%OVd&sT7T
zaW6RyH1!-PT>rJh<*^i$Mpztm%hwrfjYMaIG_fpTX9%`GY$u(Q{yXWU1f+@1loDVB
zfE;0EO@@PBz`fsYN{}iGzD5sEUKIsYSrH!Xb_`Qaa-iuiti)cfcO*#_uQ_mDSFyRu
zit$u9X&CmfVxm0U;}!ZI)~&K4givefp>(&vx5IqN;Wf}ra~-z-q;o@@Fj-{JH>|6C
z!(ule+`}07D#p7@@Ue_Chm7mt&|~9ga*v1hy`t-Jy()W*C*G9KtjD?=fY0Fy!!ap<
zIYs>L2DbP0mG)A51+_2f+6%3sJvs!ky%XEXweeP-@?$JPK85KjxCkT*zDK~Od@7GF
z@2Vaib*gD?u+P?Nt6PKnMH0(e`)!Hb+9$Pce{7f1eYLjIptMGc`&D>oL-j-DhC2FK
z2(_wd=mnn*<)|8p-$gPmd!VU{b_G9L>c`Zenx>lhY%1IU$2^_ZE!xn)CFw}e-Zz5s
z)*w^iBdB8VDq^h^GHpe7MNw$NC*HT>iww-icRmF84HJ|5LsaswG4Xz}V7-yq2Jqm4
zw20AlmfZ$~6;-Z|ezUN0b@W4pm8+v~D6B*so#riJd0%PrK4W=vS>89Ay#EN^7YA=~
zw_%e=gB}pPS?5>m*iFeN$|X8!uHCu<@wcP`yP!anP9=VtTwoa#7^f>xDi@d!1-{oi
zKdX=mjDrG(3SU8hydhT969e{v8xi~OdIiY+jbUd!YbmMlw-i(utoHLPes_a7b^Pw1
zL{qn&aMo3nANv89$(0`$*-+2f?Vl0vdD!0aN~ZmmCFwWdHb;WLe50xGHH3yn#d&OH
zD$a_Iqeeb+d-~1Tt}RmS-_vNZXVOI&C+RnfN&CF?o98^`t>4^F)^8Ralyy*JI|M--
z1bjl93CMI0^j=+0bW>JW^AB~aOYpV2gvwVJ1m7@37pJ6|iYEG4%cr|4t!-ZH-P$H!
zYxzJ`Yq`F^`u47J?DBBzve^H~j6LBM9e#F0XyLM0a?78>+#uQsSFerHVV7tim0(w=
zTm`!_?JdtS>_T{O?1JzilqcfYMe#T+cf6(KtiQ!m3ZeBX$FBbpzbr}H{ww^7d9rf+
z;*-x8jf7tc&<ksWmz=4F8bPIbMO9F_b;mydl`qCu2bGufP#Il4RQ^qPEPVWS;eqk5
zcjI~=E3ZJVI61mATY=)roMBmmhdzz!op*~XyJdCiI%;^%Fpc8mkG_`w_NtaY-PH}u
z?f;Ca^rT=aoZzRT0zAy-iB588_9aiVFq=RS=0ELC5ZVU#Xg?#MiuUO-wyvoVLJPR2
z2dlAAQZUnDVSJUep`hMBfQ8M+R)>WSJr)kD0d1K7Z{S~8-`l1Khy{h$Z!zU&1U)wz
zb*CvC0C`7(_sYB++hgGQl474?Hu||Q?EA3_>|-cb1a4&+A{0#tRAC=C@EDmUW8ds|
z6a$akcf7GL!{0~yef_oVvwi550AD7DI$Y~qC9d6L`Uh}r)zj7C+KYNz8(9NfWBv{P
z1$<l5=XUXp!~L}zbno%6@D)Z<2Z<kUR0WBT>in0G5LJ+f8(keFUeiNjY>haAf0Z8y
z>+KB>vAXrosBi&2ez>kxV*lg?k56w_1&_$ke*hkfM*jZ;9&>tC4i6uUfMrC8Bu50_
zcult=Uoc#zirnJykz|E1&s?aoc+49k6U10Q9|SSkuWELH0(X)>lUttMf>Pz85$clx
zSA*a6piGsUEmYLtLl%0O-L>}WfGw@k!-1eV97tN=Uf**QTc2pRJmeohyV&gN&~Ba{
z?MBpu1^t)kaoEGRyZ&9zS7P+)wdgnAs%p`9G5!Oy|M{@$W`DkZ_D9uZ_GkQS{D0<c
z(_dV6g?5w%P36MiHE@?nlKY@gvFRXL(&svM`$ENpR=y;CfdMM%<;y*=p(%6ahUWiq
zM%PeqH4SZP>8l}Th{PKT5uu^f(8gTWTtOONzF3Joc50;!4fWa3(?GbKsUN+PBGuhv
zt^UfOVHI^J45i<$0vivqv?EZs)Uirs?-uJTYgAQbpBB){K<k(c?dWxNpuXrSqvHU3
zL(!Sq7+Yg{it+`#om(xGF=K;JEE*`h!W0P>VG+r~^HpXEP{!`!nTM9ZOJS)hXEv+3
zAqSmDHqzy%K>VM&`ek{f4H{J@PWC-gX5B=#wutg=C~_8!$Wq5CEj;1_Fjdaw{U4+Y
z@w-UVRD{YPr(BcRv9ha?N@_a%KGw7&CCbYPVu0!bJ70T${a@NYB>1p@utfN_<UpTw
zzART<JVR$Oahhl7ELYC)44r)mhJu;70d79EHWsVKR30|{U6xm_$-Bt%X0f~qP2P2u
zm(B8mH0mi3C>`SevAo)vykM5sn&p`_d7&(?KFe#U$*afm%5yNUsV1)x%R9jGnrZSt
z_f;zlKXaWaS|BzLYzsb=b;{dqZm7y6LzxJj^7bTknZ{6NxUS4;F8t3Y<!xwz-*v+O
zbGM`dyP?1#o#_6gT;N+MuuoUuPr1M=P+*6yz+SmPE)>|LE3jQI&<hF_<7;YyGeIED
z=AmMFEIi-Ap2Oiem_65n=NnFZ4ut1(?D^VU`h1i<pMmGS?D;S}|ID6u!}D7D?0(Aq
zBq}z$j?sVahuxX(9&U@fn>)kZ*#&xZs0!^WgMXk)?E-Ow3n-rpE@!x6GeE(8Cn`U<
zLtSu#<PLPbBIUycXah=B(37`&x;q@yqG!SL9pG4JiaQj3Z0L8#Jx2cIFeM-E0g(1M
zZw7B%e}d$0klYFWb%%eCz`rM;6hwO_-?wE!=^iqpinTk<T?>Bd!@s6-pq2Me9`neG
z&9)SkF7=2MRgk(TQdGLsnJFq&=`>E?vPf6n;5JhWuXyjE7i1RgmqcgZFp=^uE$7ja
z&cIHEDZ<L;xS#xqvBW<d9wy94i56@vn7XiI4(>Y6$%jPy3Vd{=pBIaYZM8&u1@3sB
z9b&--^OK;lK}t^?L;YIXK<$@LqJm6k6DY_C>%H_d{_gvul0(6nr-6Lfcf;7gwOrbq
zoai7NB`WN8ah^o0(O}6m+P}488a*n%EG=w&?(l5+AXSE@yw>PAt~!+onrm<wN*TTj
zX@zHOtuW{_54%j3w~|ayG30XVq2qGps@C$V5=*;8_d~1GLG)=Pn3gU?4ihWlmi}W}
zNv7iixl;(yo)s>x8Z&tEkl{2*<Jc~V+Z!)J26;mmdiiH+l8=H&+R0f2r<Klx9o-_w
zK&))Z(;dqUe4~+|QsoPLkiP=!P|7wZgO%f()&3#=ma?6O7EkzXbprEr2j|DJ3Fzt0
z$b3o!-ZzVRW{YE?+J3<P{z=54VTu93TUKVv5l3FK>b<Y!jRU8}91A0AhJ`aXnE7t!
z<xovFN{-Tqpk#yRrOZXzqHNF*i&8YiB9*de6Py+<xLWA^g!T4Fj`YJQ5M5p1l`e%J
zjvkX#&Ev?siBjmMR}*FZ@_B55M1^wway~J$dPozK-vgsRx$mRdFw6ZCnLR@BXW;Bh
z{Y}S2$>W!qw2|A2p-+IbCU;9&Z><5(jU!EYJ7HuH@5#d2DoytuJh7lQu3u*V5QZ*0
zp_QEd;k2G9VOD2C`C};pM4fo!3l}H}M*x2osnsj8QT|NvLPOW7p3^sz$q`X{WlbaV
z<B28$o?!r>+6sVbX%zK#qedlp`Ti(D{zy`q4DY~{CcmqtiXQ^{U<GBAP=vRA44BM6
z$ezz#l*8<)9|CZf)eIrw%nW)4K<^by``FcwZln^uiZ5R8gC08*Hq3yQkJ7%a0;Y%<
zAA@}{;SWsyliZ7o@+5g~Y!m#=qrX!B5gv|i#u@qkLcTIjpx~SqLysP2@&5EQv4r@K
zDz>~FZHYaPQ(-S9OZUpKd+<>PyWc<id$9ZQZawTwg(E$<u(}Pc3T~zs)A<TAkv*|K
zU^h5{!S0%oZfeT>!8oTIN!wK@Hmd{b^Dq;pH;SKJA5Z_h_doj$a&j*;6u9pd&;ay@
zB9-osp|f#+e0e(E9~-Im$HD=BXMg<oPkDcIzrfblJ;oN2|9(kb5$U?U97afY4YRbF
zMUY9)v(3yTc|dJ{UzHwE+bg>nQ&*JyZL-ZG2IR*O6pq^u(KA#(zDZzI$-w*S2?7sw
z8+g#np210LKe{mt10iM(-_t0@Zdoqx2PesZ2cqPCj?UuHY0`cG8^p?aSn3K%d@797
zqIq3m3z%Xg!&e|Qqa|qOH)RJmXW&<~j+Fy&*c1%6`iBWpPH-{JF-SQ_X%5{xA~=L%
zYPxqoj-o~E!|mob6^yVS`CUcWcV|#i9EJ4xBw5jhIn|B$NT$zF=KVGj$zRY$3UYL2
z4uk%^K`jJXw>yID;mLJ_y!kho{-T8u#|S!Kg&-rEW+W}Y$BAnJL9<}uRzN7(m2f&1
zO_og*ep{bIx5MY)$7CsXhtiiL^o5n-*!}U7IC(}sdFGm;H(#)2WaDr0<QR#Ok0vdU
z?kki~nU<&dm+vSh!Rxbmd<VKFd;f}Sa`k*%lUC;hN|sWGKrfja=n1ct>nT%HK|1wU
zO_J}R^)OXLkXO-)ue_5WRos2sNvs$?p_S(aiw;|f*&R;nFJVfoQ%k(+FEOJN-iXJ+
z@WS>ut#92_xuc)8x}xuBy&86OF0E%3F3NjoN2NF!sO0=XeYRSz`>XZ+z3El|SxB#r
zJnKcTetrD!(5vzTGQCQEo&j@$Khi5*JS?tX4Xm>09LTtD(SCrepD8imoMz36s*+|c
z<}@pYyI&J2%>un^&fwa50?ir*j&{+qlJe!_Wtv431MjKB=oFpZz`dcIenEsO1Nb)T
z2UW4aS9I3HzLsg$Ir3SHD0O_dJEmyjyGa_}h5e-XZU@r&(p&Zoqgm3@V>HW1>sUnV
zSoyj{nJn<B!`~DZ#)FU09*lU4_5iSrJRN+T?v=#>;!4Fz>@b*xITJd)m4F-IzAj+e
znahyy=YEKUa$7$`TYaRqe(%fZBjlW1rKXST`{EM6ZQj}|7L*SH*_9K>l6}XNfN$TX
z$prEoS<nilWW@8Hia^GY8LgyvQ4?E9q;g9EL$?3}C6J2wOBnfvXSf9*k=p(J6BNb-
zlDXCI?=7d}dii>i*LwNzvA=cx-K(5`c|SV~xL&;5|6&@pKN{9+GgbT1f2;kjO8bsk
zto`+#SlxOJLwksF?&3X6TCXv%UhkOZ#bfNcyUO+YgdacV`d+Uay0i64`Hl$1+d5mG
zF|{~L0d{2}>>1Z4F4d7x3yW4x*T9&sR7=&<JW7sW4t=dF9iyAeeI3X<%Z|~5b8`nz
zrb(Kff6tH6Oq`w*9l?5BAA9@-O4qISM5}#}d~jy2cLF17DJNz6x-*2m!ikv&1IL3i
zvl#h86T_U2Wbv1(gL48KiJ2dq?fH!8B(j6^NCPANratW8jCSxtQl;p?{ZjQ2CQU_G
z5J|LTMpz(`nE?Mv$;`pm8JT$|O+{vg^-;(S-I)W2O;VGYiM<(_ft(r3)nulBZzMA@
z9FgN{N@l!*EBhcbFW&Nbh;PFV@dqEP`mAxJLW*8FI-H)?f8jK%&aa$i@kzdwEKTyI
zWbGmRml(8EBgt>64&nIC${6Vo9znj0kx1I&80io`UOv&h$a53PYrLHpa&Q`3uXo&x
z6*##Z86!EQ*!HH1U?!4><=Qi1ByZer@$Y}R5vwMcF=Q6cSVc1wdgy%~^(|imdXXjC
zJBUNa28cyxOmns(PXB_$<EGU)-Dv7toNlTYY~i67i_X|OSe-4;2z;e(><YKM!J@Mz
zq0<~+Znd8xn=_7jEN}{ef9CXpX#v9YChieXP5c?JjA>aJ@y9aa&$yd;_0QtjXc^iy
zz*4ZGpCxJIbFmi319US^v>HyrIezRWkEgq1>KUQCy~`N^u4A@~j$lug(Ot$4=j!O)
zOD84>Bze+N4~OvKASSM|UyoJJn-DY*?ue2$<t3MQH5l`P=qgHdH>T+^fW`1S$ZbTs
z+k)bJ@%}im<gEXw(#4L}tHgz(<6)W=P_mvM`x{=4?;zmS(Kga4vx#7J2o|_2bS8W|
zUX}-dgG1ui^(aDb>VPIfW$<wX7vu*Brg=vZI5+5Y(Ubk4j1<9AR>qEfWnp{@)$>P*
zgg7)U03wt+(cFQaxw<=22+mX%n0xnhM7!wXzk}}C_Os;L8M=@*x*taQg9SEYkQ^+2
z6GSG~=m;O?WVW4PKB8rInS{iduy$OEK-xz}X`Af_QQ8L4cGB$|R2lZOo~%J#498s=
zG%NlLC>&^@D4i$ROiYWzQ&L8}DqcA-XSA}b6gf)HdOQ|S8H5|g;g?N4!sDTN`E!u$
zY0dHsZ;@uWoKEfh?6<()XyS+z@Y3v#>|QXnLl*2Sw9tH*-=QMK&r*t?TTRZFaf0&`
zJC%3oV2H>&)XB8m+QBc~5&EKMbHTL`)9fPX<j~N$R>NV>;Z9hUZIyd$cZanDg++*1
zFqsIpPu)*-nt@sGxqDyiWHNW@kd<v}9e5%;Mab(k<pp=gODvJ59e}jfCPyxvGIw*U
z;R+F3ga|N>yf6xS*Ap<6#mGCz$KIs|_gM;?2gb@s_y$n637t_W)v6#77e?B^3m#xG
z$dgPcb%_3Y`2%Pz`2(1dDA?{|k(?9hCNb7VH;ER~Cea}?%!g|LAMrsS%+~q`*jC`}
zAE1Ays{I3;zQ1b!0M+|5pg+%;<2RF+*HP@O#-G8P!?pcwt?Ta>=~eeP<sa+sk&^2B
zdwrN!{MA{y_}^*O#Q$#bPxZG=4f^|pSAWmW^zN^<n*RP4dt3c&%KO`qp>iA&tC9L{
zW~;wf`nzhVw!b}f{eAnPs{7lr2L0v2A<8gTJl9IV*qWul(l4cZ2U=#S*B7Ig&8&{;
zMr+ayTO0bNyQxb5smvdL3f5ybC4tG%5yH38Ll(!~V$nfc9ZC<7c)A=h5nOJ8^_yyI
z<3T>ECa7T`Pkau|u&s_sF_}f>rb5_(XlKH#ju8=bS2t6V%1;!QvSLYB!{ok$>vzHa
zU$7x8GwG}?tMiPM2Za1H7Ds3__hD%}lvz|<x#Gq;5yNFO)r}!{M9EEnMA7}B=;%f%
z<il|VhYjMD{Sd6Op!h0EW6Q{g_eCHLd>ejwh%spsQpaP}jn_T(f5~`r>)+0JzirOO
z`$hBH9Pf=O+VOty|7yIm>QysdXNr+BCRfSkd#f0tZhUu6`CkIh56rg%&tuUHp1(!c
z7@jjv!ws>;zQ<z!OSIo2FP%jx%V&tt8I)3FBr<mYBspOWL0#r|8-}omb0^6!Jn8d>
z_zNuKj@2xblH<8VT0tVvm0FChSRHu~B5%dEWC0`-q6I>c$_H8WzDzp(bqr3hwZtEk
z6YNn7$W`GKYXkq}SIE{{a2i}^mOKH16Qlk2M6qBF&U^dP22gB!f)xA!hv-bL*j7=q
ztWs>t97>a7|0v(?ls#Y&<roe_3WXhj4XI1CdQ51#KK2rhDHunxK{b+-#NWqAOgNHz
zR}4v!MzQtVGx|{k-_|Iu`&BZEp2{fF&LsFA1!yXgB^PlNp*}{D8loSCB??Dz`gDRc
ziYq@|)Q=+cwnovevQfP6ud;TJ08LEh+5`M%)WyPqBS)u5@+hvtx+ko{!<0{b`5}^A
z8;P<{r#;_?GpF^|<eca@TOvwlEVxLt{+Td9l08Qo8Lkk_GhGe*nUC^BkV&E1a73p4
zY-VhQmlpO5^uV2I|I1Qx)8A5X(|~r-V0zs$0!*U4W6!v(hC`yMlZ&3>Q3)GQ=%jfE
zpa$#Re(?vftKIDZM|EAb|CX6_PO-<N?^gRYFMG_3V!@G{R%i4t7H8<*_;OIkF4ov%
zUP?EO3%vsW`&=<!GEEP?ME~`<#5A(6phor;dU7re5R)$E?Xo28u|;dn`=X<s#oi!V
zv>U{N5+g+~%9gl5AA5r_lhP0HRz!>uFq-}l6mb~LY=E0x3b30joJ^Qjg>GnknWIy8
zZ$0D1Or5o`jeO11`+G(&L}xp^HflgWy1@KY6<oV(LY!+0=s=eRTwpY0>II{ALY1<n
zS%8ytILG35Wt+wY?!O~N09S5@>96}vFL{UPStlm_WSTveeljD)+%50yB|4R61Nd&E
zPyNlI^l4wV>EMBE)80!nD?A=S$ookwxb86(KFF;)07bc_C*l^lVw9seu8ddAJ>QS_
zHn@8VMWy{Ai~!&)Ah)S-940;m5?`Z;xD0cwOs{Jl^XDLT29aF8B9fa#6WexX?zIJ#
znx=a?&1lLp=BP7JVUOljbizERCeP0Dj<CF!HF<E;td;+b;U0TMGCCwma1GEYeb&Dr
z6|jW(bl3a6Tp$JtEYTHM&NV5UkzgqBiB8q>bGg6?3IMNA36f!)_jDJ%#Er5eKpQ&t
zq}mZfnW=D2D5n}0`z=e!ElLt@QIbHoH-;FW;i#+{<BT+06zHQf88<i52x=RFs*?_u
z4#pbgJ?wX#&9q;(B%M}3Z7N)hP$;`fbC42w!g8MxOV0U=9?GO#<Hj1>st8Esh3`l&
zenoomD-wy&J@CKJ9^W<`JH({zwEs$oDt$aUaBZ)(-`IC&gusKS<}iPAX|#i-oM=e&
z0=7P|^3d&hY=KvhWp2)p=(oMDe)?_ikvmm86e9(VO|#I;z4I9tBL&ljGE(q7{dJo$
zz8<Xqi>BG}ewD2MVAcA+G1H@7|F?LAC$nVh>j_}%9v1t}!ByG%=CwjRRPAXGS?H2i
zwl8J1I}E-oZM{CvD?uc!Y*$0FWGXBR@x8S*h^PdQ4{7jNF*52J2Rp(>y1$+2Zts7b
z;__*_m#OjgEqPZvZM9$ZWphh+HH@cbF`TB@vAq)XMSR_h__`PNH|uVgRVkv{UPRZu
zGP>@xByF?Zqe9pDh_A4}aeRgSjd<;EF-;=aMHSoMSU3(AP)%e3)l_Kfg<?%i1s`ya
zNh07v1hYEY*bHrSKD=Miw^&*!KU}RE0}#b;u0{&_h$D4@sR4f9nQ&pC%n5f>FDEe8
zA;Sr-rG~hc%2aE~L#|g;@U?_zpFJcb3{^VbA1L>|o8!E`?+t6(cQd(iB~q`&hT$l9
z-+NTjcep_&pPt0NH}cW<j^2IGY>a)sF+lG7{d0Zvy;05kp6s*l#mLq8V24*@##CmQ
z8Ur>lqovz|vJKL4RaEm|+&<>2mwn8!8u@p;Wl;Hdj9~ULk2i_{6BRgIYD`p0PBJ3+
z#sEeH-ycu~KXgCcJoWT&T7PrB%K4!yH(4Yhv*dW-oF`J^gX%t|I3Bpx-<uC=Ch<WE
zMKcw~<88W6qUf~<>zigx0n=+94&;Fcfidc?@IMyde=zYeCGk=4|B8u2l*GX_@q7{_
zj#U!JXxWUpvd^jM0%bFv)0v&zcT3`A20(!@9iy^NE|3ZZzR?v}B^S603Vg2NWF(Vv
z?+Gi~4xCI4wgKRz|B-Frp%&F`10Vjs+Xh;ywgL5etA0NSyW_v#4=5_0$Ji((XW44&
z@g!Sqz3H#J&U|To{d`TgzIK?F+hBQ(1+Uoqy_Q%RTVk(Xla?5_VxN06Qf4`Rc-)s2
z`)#lq?XRivOtNDBuUHM6;UB`WgZEX3V{iVy!!aFaTn%QeG2aGexjwmqwqhZD69jUp
zFWPn8dW=4wWX~7i`5=2f4$s@!^L}_<PoLdZ*9&mE$Z!?FPe&=%IJ48r#S@-vE!8`i
zX*}e+N4c?&Mk&i(NBt_2SX$DZ;%?*arcTdy$Gh7z1qmsU2Mf6tM9ZhT+xp1*1G0?j
zY9h#~Wyd`3y38M~oWpds@=>N4#AKSNh9{PFLm?^om3YuXtL1@MANTpPJ(CnkV7igK
ze94Fc)X_qSfI%X9)nY#Oi|X*$n<gn*;C<I31s*L>6LRt|u2Tt`rk8U;gx4<GOSFp0
zK_~w}4ko~|TEbe(m17p?G~{LMC&;AB3L6sxY|Qg@CAEJ*36;75n#H63H9W<jLOHjC
zn(D(2s_xnlHiF?-Be??C@UeMg2GUW0%2sJwgff_pd@vE2j)}mNC2mjgH6W;vG-3k^
zfnjh7vHb*0|CfI$BMF0%tgaKqolSE?Yv?F*HqF8pbGs>S86`lRXthO@%K9npF^%<8
zqQKNiy0=zYKfTjfGV*z)F;n8w__Vg^{9aFD%IvC?XLYtR&sA;$CCACStl6SNFgcR$
z+)R7wop>J{$sA1Vqa^mGi4!n!fRgwW#Q(y?kxJqSExXVhZKF<*bCg$gHSu_J6HR#b
z4#*DGWry<YWsvRB*<pDqSoX`1jegWs22!mWN%MVABgyP3#2=&GxI<~d_%m)3{;;)u
z)=yHaI_4*-S{?91MXtPBte%4nnOfD*J+XqU*tOh`nX2^M6D#=8r;_ec&{~nMZxU4I
zVLHTLo@0x==%x`aPH>%%3c_G8%uy>)<vHgt6ST?dSRB*M<i1=~&a2NZrPIuo<ZfnW
z+RfL-AHCUm#SDuBR)A`OfI=O)d;k}SQLheY1Gg4eNZ|#DF_UX%8vU==iem1MgK^;o
z&h9O{KSsjGgydRR24F72N)NQL(t||%No)Xwl1!3rjqXR1-VbN$Zle7#4`ws*BFNtZ
zqIDkNHMWBH$fpR&$bENfA0FU~TUYM^K8^Ig9O=^oyqP3H&Z}I#c8efc*{u^8%%AvG
zMg$5^o|y4#tlC~HMn%_Gonat<`MQzO^~nJo-is9ghCfmb0Nd@a27v3&aRAaz?*)0U
zgYNxuprV8ZEQF9*9jHjSP@y--Y~l?Eh!YgUE%S!A@-g38t*V^w|FBs-dWp{JVolD+
zEN3&#k=u|awhtWD=uoWq`zJZJi_JPsO5#a7Y0`X6JRUmR*3)dZqpv9o%;?X9)qveO
z&iv1OrQJ<SgJy~n%4ONV7ptb%-M1C1rg7D=YK{wDv1(v^+wKbS8sEPds^*#S|H)7_
zM=Oqbg{r~zr_pD<0s0tEu`mFR=^AFOtTPLVQC2)Y>nk1+z~Aba5<_`o=7-Gc7#e1E
zJRLy~Cg%7v7S5rUl>k*hs=tEJ#Omx49qcxlnh7G@?{5sVB%QN~=`&JV;{ARG%3wg)
za!4#HuiTP#oz-4SemWn?>f?30zo64j32hH=y@h&#5rR%1Qa9ck{r{Jb_rSRtjyE!Z
zsW3DN(2rZA55;UK$xEA2U*Tn(0DloI%qU&F6GqK7qPV41;_r+%pT8|uORq^?Vq}JU
z5Q%MOCa9B6j9^^EgiK)i5^Pp9*ah{5Wv`-PnNcIjGYU1drHvrV{6RLDFjlGYKa<bv
zYc$ui#xODv6%-%>kQ_Viw>lvBO?bAu+{kB>d^FOirj3}%sv~*<WL`@hYx{tXwQZx?
zNbb51_KXAtQQFbOU`$L^5>sg6#paM`Q4&QBO3h{l#YJZ*GnlVqCG$O!Xlxi17^N#P
ziWdkYozLiYAv4)Vk16h^?uN4A=8sp|-t*`dnF$CZOYkrQ+3)h~_FGV;yh~;LVEJl~
zr|68W5%Pp@95;f>u$iQdL^iK6q*{URn@)4A$@!GmbK}}&`UspSyJSgGxG!hIK}$6p
z#Kj%ea1b+3DjdXXz}EmHz=LA+WBeSjgq+EHcC^G2V&p>Sx17W412LMc5Wi@F#OA43
z4kz)!ay0X1IrNO)>1ZE}$KL2F8IMmHqc_@3Vfc<OMlZ`9sSfpXxSX*Z`^y;+pZQ5<
zIZAobfS<hieJ#J|Oz0zWFo1HFFEBj4y&5oFKdykGF0eWpMlPq84@R!T$=hY*-oD4j
ze9pe7CX8IuQ<X7t!YLn&oZ~W^)q=}x3h&%3&+2%dWZWDpsP*wx{2VTW{3CoB6k;4y
zSTn;Ri83|+5-am@gDO~=mfoz4Ma#-)@TGFb<~`2X)GGI8Y`pMI+V3uu;(pikG0lE=
zKT3Nw`<=Ll?RSgHVk@CX*(+4^DC97wM@xr#(W7&Rs-Q<hGc@$5M@BXDXvmgo7Q%%i
z%0dVPv2vC4=+y9P=+U~DebA#@NB=u|)IY+<`so%?6MA&uL}m1-_=JWY^}5Jbj^!d-
zCWkl5E2lkA+P1MedbFW)HT3A<Pt|~7^kD@I)2@5dqu&C3(4$X|+%7!|ZRTS>uiRY|
zdi28a%IMMf<38xojq_|)FP&#o=-437>LH$#zoBY+M1I%Nqusy%tMsUm`QM{Q&tA~c
zBjxM)Ui#AN<AtI#{jpFZooP5<{Db=MM<Z`X|NTlcrvDDVHP?UtUo_rXM{Z}l8_L;u
zSC>~kUS@B<0(Y80S$cbWl|2f2{>b+uZ(O+LDYzPhE}d{2LJO5YByUO2(#n+Yv*gc)
z(9hyG(+^Frme@BvzFxyW)48@^Mpr<*bUW6FsR%7q(c#fqvUVQ0Jw?wVC8@H;MU#??
zdWRi~@6&1zJezm>IPeUkZR9F#JUaTkzKt4cbtL#dlp?IUABb^X5-Isb;v3DSCRN)x
z=XoTbO0y2p6Hc~A75LhGn$fc*YgP0N;dO%yTZJGEf0#25=q2ix4$Mo`$%iZT#Zv7N
zG2!iX5AkcJw3CtENADlEGFGJFS}rd|{JL)qcE<RygkLgx{4b_2_5Zw`_15PSTW{7&
z|5xct)E~Dq-eDKnc>7=czdGJFzu(SyZ5P;hb1qapULHSoj|FJr4U+i{V*VN{UxvNI
zSU6r1EwP)@$|?AXt(=2D#0uW_%d+tfn(Tvr9`b8Y2sd1?my(mof}jesY-Ja<ad>CL
zgIK>1Bi-4c_zN83An#1v&toLXRm->l=>&PBze_JbQsRnMOHWr)HY<I`^f19xXfQw=
z!mbdapj==+Fz$qo!|9_<Uly+Wcf2K;hP-G+U<l{D%J`jAOd#uj)OgnaIL$bvV*)#<
z@RPzDk9SZVRCs9X7=BV<w_4;i9ChmG_I%V8WO0!XX<wb1?jm8NV0)yGsMz=UR}L8-
zder=o44KvZOd|uQXAySuMn}1uHw*v!Zn7g2*}p9kbqQHps?L7Ej3nMtS{rNk(OTV_
zPD%v%>MY2DQ%e)%8gmBwkWSW6wKKs?d&W$ZHXg!?3zUk#8B(d(vqoL@r(Kn#!7*fb
z2b2a6t|g0AzgclnUw?y|idAFC(5(zVG<W}^PKeq=$BFb*=~nW<*lX(fxZeM?o)3k?
zSL^vuIGkRuYK6nAw<Muy-F=kjaOu<qyK<(aA33v^7U-Z8yLR9OV#pRK5Th#)BNzC5
zFV`WU9XnyJni=}~ro;^8!B>lK%FIxhyNNqNa+Tt)<BsJ@1BmeCh(^k5CVP)C#%bJg
zS;`wh)*XrD8UibLcGmJ(FMoY-1Nnr38A7%h0q(-`@=zfKWfJy3AkOuh?a(8Xk&>2`
z!_lb{^9WTxGz_##BFAy}I#T-e+JDnmUlXUwS6}}`rq1x{cd;y<xvu|j3atOR*}nUK
zpe^?QE6OXbw5$66NNw!@;IUr)fAH`2|M9u1{=eOU_5aszV-<UIojmLHk3gPfDg=M<
zvh=FNBOTiVcry9Q!$n;iv)E>HiV3f_d{(*e3Kfn%TFDfSDwUeF+o9H{=<14O`V<Wr
zO}~*?BYg@#R=WMqNmc1nxTfp$DVp#6@AN5(>i7`DjIUD@eG30yE7PZN{i4#RnEGcV
z*Qdz+ldYm!->CE{p5lp@zn1hVe8^v}-qOimj^FxM<u9*SwENfOFW3L9QXZ`3Cx2gx
z{N#yF-u&dRmpvX0KiRgJ@so~au|gI8^G-j2t9?*=?$1S9)x(1Sj{myn=g9u+es0Sa
zwEwbLnLqY|xACS9-j{FuyYl~={~o++{qcWO-sZRCcFs#(j<NGn%CY~e=fnEjZ|nSj
zl%M~PRy|(P5x8^gBlIULMs#!{>*f9Vy66c1p5|ED24Ib@3#<1j*jSuXVql3!uJ<9Q
zYQQ41{YkzVFDNdz3sT<-uF}W)X2wRfrbhwyk6Qcez<AmV({f=wkEatDN#E1vB+Bpg
zSpVa&|6cI3U$;6^&yRToA%epQgwDNA=v+Fd$HBZlvCfx)(>HhuoRo#|#z4-_>1mmc
z5%h1m=o8+-?%E9A60BPa`4@UPLeELCK2{~HO99qK4(sMyHLy0im&EU~%&eFJFnbw%
zD&E?YC6F11!@OZjXF5KpYNoY0XLW-}@fOOoHm0xI`7X)9`ApQ~!zVf3_>hSrxAlqq
zP*S(V2TG`2?Y|mW6Ic89ZIQ*2mHQ7=uANNF1H)<0C_h!m{LKXhK}Q`CR>w%AyOHMm
zj3STChBgUFr)^JI9POe-$5>)XI%~0?%QSVW08<4Mj^;X<fBA@qf^4TH_MBy=#{dzI
z&6b&H=rQ$scSGi{t_&mtGo<82>1*NFy%2pV#i$^&)L>1zJmHjSdBFVvMJXptFBiLi
z7oDlYo_<6iBQ7-)z(HLn`Ym(Ybo_ENP$#62ZW)}4j!uo}>==xHCtoBUaAXQ6&{F3^
zc;^@dP7w$349Y$yJpU!j2!xDoJcFL>5}u4t!HfXNXiYO<$}yIQ|0?F5+C#q25x9a$
z>K?{Eg^{*<q~l2J9*L!DMxU(q)P<vAeWkuZf5==q6xXvA@<AwqT;DBKaelW{#fjZg
z6~ECZcQ|(}X(`xv6}nYM6El;J=bb~}l+dH1Kbk=k?V$-57xkro${D%TW{|v#C%5=i
z?T^x%9&miQHA;goCr14f_%i6y-^7=&>hYxu?J4PS!5d$`yCmU@;en2l2a!H>DOt}m
z2(u-NKBr+mcaP?`805)c5r)S`A`FkyAF_#7?>bSTlI*t!W?O>AwcijHtDxvpTnzc$
zClV|cLvmN1{O%_{_0=VKh;ZhK1Hu<UVKR9ng9+NHI0A=^1enlWDb0vx9^g;1a09~2
z3Ld%B4e0OJeV3)6!ec60#`ZHb>q^dvPBaxRL=yfSW#GCI${9lG7*pZ%SVMoh7Gl@u
z?gYmNG3ln|4_G`~Y@IEhvW)n0_Z=F4mZg@YKPD~dl-M#p?;=_(b$6!3S?v{8`w=qs
z!VwR4hk|{#YXSua{a!O(_|8=LxCdNALQNCTy5J?g*d0!bTK#R&F%;6tw&;inp`9qO
z<2kS?Hi%kxqEC#V6PtRDLH@T23GzQ&kRb1Dm7<3HBWH<+iyIThv|@|CE=f77!iPGt
zzu=7{xond3*d;B}^j(M<2eJ_}4$>d;6>Z)%NWqLSa@Q`78SI-nyHtp>;{YPc`|xGE
za||Qqek38v3y>Vnlk+}O^x09dRPEa&Sd^UOO(XHUMEiciB1`S_y6l<1GZIC*F&}B~
z(-nW4_MaiN9%!I~+pwO_l;)PQQdo)co4NliFw`?_G8N8Zu%~F|NuM#*<at1}m*gE0
zi+0&MTMdUSNgFJtP8&E~wgUM*X#r`#I+6^MKo<W}SjBcjqlUBi0s3Ba&^9?U_KKzg
z#How){1wS1-|mN?y{7bhH9kI_rtL*VoKkukdTa|cQV!L$u}bti2=4}ukd;ye<z(7Q
zeGl^LYJGEp|C3w2s@j#e1HuH8mo`w?Lh<cY7B{_kH|H>d$pHF^%LE*TkM%$EG(j-l
z5FO9M+?S`t7)?b_G9Thr$Gu6z9uYEOldu#}0%0)C-hg5h5Lp)F6TwvYEz_M>dljMs
zZB;L!7aGnn(J3s9mMJK@NLvLlGRYf%M4}Z|oCQqO0jbb&0V<S`xlc2}%za3NU}hbU
zQR=aad4~ZhN!mS3O46exlc|Ux?gtaD`&fG4mP{{csUY>1i`vIS>3rF{QyNHBq<C86
z$tz=-RK>`I7#qI##g%?(RQHN*CH_kVviW9nI%69|2hB<&nT{_4Ag)^`$fKIpqAOs=
zbKonL61j}d?v|os{2;O5#7$T)5g@c28O%H?uWuM7fMzv)UIT6!JXvw3HRplfXmYhV
z3h3THOMiKruhC~%;#-Fae6GDj$)=*Gg9RVhKROtF=9+Oi<ILLX!LY}}EJTo7zfm0P
zhSSXa`3Cm7pHDM0MiM09)e<heVt!??0@a+74|Brt;$l4Xa`p^*#4ReeH4`1VZ0cyg
z#;f{ei+1G&p(HM-HH7x`&Nmf32HCW;^%0R^_8y^Kb+rhBlVIw+!H>{+eu(1aHh+11
zR!24gJJ&Sk*}*w3%~CMEAI0NwSf(4D0NMZ$qXFpJ2`y=@&cPUWjkaEAP8&dEX{cZD
zp{kGu?%EEHWC**+kD<nR8DaZ!_bkoUMhR#HIcP02f;5=}8@E7r1TpmSW-LB}(RAVj
z#T@e2AlbIFPxRgNOROSXsp3kkT*Ys^iqf>i2ws6$wvKzcf_fZnm@9urACSj(C!%4S
zn4EilVvv|T-Z-(Iye1OK7B~ThqC0ZhT*u9DPMbt$$_N!0t@a4UHhzS6Mwl4E6UVcA
z6UVoag7+<ksVFJP7cwUD)I?2chakbn(rX{2o?pHUdS0t^>3tX^Exlm2^cuq|d#ZkA
ztL&S<*eXkQE351Q`kd()mxUFs<ydeC*_sh)U@5u}pQnp(9$km0MTSM-+eh+evC)!r
z#`XlWow#6e1f0WRC2hAIqgYZY6_*UVS+&zwu*sdbCQ|Tf>0LOP-cnAcLpNp7$za_S
z>4*>R3ZpB8brtb{Qg0A=--pq6$=1P??yoa|N&W^H2vXv;4H&X5T`eQq+xIaHD@%(R
zJYsl98A}_}BTEl^=t=#89fO`>VD&k`lOCOOMWznBWbY4-dBE!4hd@0Ide(N&S)>_v
zXm%KXS0b!49+JYD5ypaY<AV1|no3z5#MWFB6t`+lqIyAO76&v(mxXBRTWpGjL6k9n
z3W7w}i0f?-(81^E-sIVx%>-~hFdkeI<f99{FM)A^jsrgtq4j6)Xbj4elr_Lh64F1A
zA$J<?p|&`-RPeb0KOLN;@OkIuQ~~7!$d{Cpgr6h%XNWxK@@iWO%IKNsT;99xHk2h;
zeYr{wVwcEcM-uC5WFnMSBf&2?Z4D2L*aISNk(Mx>P`6+FX3^2GWq%M#Jd%i-pmu~2
zoizPMpx#$0k$xvT93?2@VaD>UNgmsi+z$=TSN44Fe@0Z|Gka?4e+K5|xgR1G|1;wm
zfc9^1=7R!l;w<aT4Z!tiMK;s^g4wG>XRiz8H@n!=bS%|O^m_r0#L)Y)#r`Yt!={f=
zuF*9Vb+A)AU^QO1DN&f%Qc1jDTl3>r8MBr~mQi-q)%~jX)o4$-z<en1&{b^f=S#ix
z1~tnuF<nWdSeE)eCT1y#4|~NRu8``FgZlUB46xhZWTB7|e?p;5w9e(s$#PanB5|*T
zO3KyN=s-?N(^?9yT{qOpQJDOo;A*IG`w@xBNx~X<aCKo*``g7{`Wx;tO!T_p{u&d#
zZn)pU#L92D2Vavo=9bX?N3MB~?=iVRZ79%9SD=Sn;M59QAVpUo?V2=0o1s8FeI;3U
z9QBYMcN|r&J2N+^j&q5m;|9&??tu-FoF?77f!&+^xFA+=fq2wa3jcsdcD)1tzDIOl
zFD;9_yCe#h7s<pzN7u6&rqCM5$6J~SGKu?>EPz*L|HMl@x<GX^zJw>H(L{H+-1nDw
zax9iDBazBC<B5%DhN>$Xm?>~E)T2E6%<Gs9E<e_@5Gl#)r7`y!d(6YWyN{P%`#KkI
zR3_h`>`4lUH{v*THv?xIfpl4l1Dq3$p%aZF2%7)&;|`IpKw4V-nT+^j@x}4G+*Wx%
zhwfVKXUXCX($S6*$vJl!VH2TyOD>7uyaEf(tYCzvksopa_Ma@URfzPhi~TTVN$zUx
zoUkKpMn$c3)5{wsbSN(|P^M2{Oiq{x5(#!n7AeJneT!W938b=JqQi_Xh~B{TWt~0V
zn{lnlq{PBqrq@c0C0NTIuUbA-*Ydei3;4)$PFTx3OuN#=H2V>Xv$U?FK!di9U(|Js
zQ0n-J&k3@rM)KT#1|vEX3CU5w%99p9@`<uKMiPr>qcwTtdDHA~DVcGkT`ej$z4$48
zbS*<FB-fLms^?N9)^lXFzMe_JSjV(FGFU>_`vglTBC{+YmRf3v-|QNpZF1c{rO6qr
z$#Jwv)AIF{)r#x*HhsFwP<;m+>#FWR-UG`F@x`uF;IE_8RVMNnO{|7f@tfVz+7#%e
zyS_FJJ}&hWT%UnX4n$}IAVr8tS2#igQ<7%8i@|B_rbuK}!hl&ocPH*f@#U&9Z`(_m
zFjh;K=s2rA1|0vG;}2#gRdD}jWgCEDQ(ajt4;<Ww$qB)2kk!$uJAJh<_RivH57Jp+
zVeF^KGYjd28i+TChr*e1(zfCP@^`Iy7%71X6_y`d0X&GQ%RZ1K)m?Fy;O?U3r-B?n
zQ1fd;{+jPVNh`>-+(^0NxQ75nEo-Ur-(~q}b7Ekw;-Fo3NhEk{GQtpxT2pLy$BWKX
zXYWS@GUy-^?%hXI$@-pv@PRqKQTjFp^5cGMCb(*Oz+I~?Ixf@Edd5)$pLR>Zb419i
z>+XeF_-4zPF*Q0x$m>{mFz>;1M+QX`)~OKMDf%&-N(2>Zsf(QWmKB-vl#f%>Yq-22
zMk=gNu)-c=DJzq%!Hi!1^d$d&ht&T4I%Lv~pmP2y(|#P}bnGsy>DS1GX4+4?*I=`Z
z%bHM%7n`D%lWOO#S~S&#i>4kR>zC18Fu}t-#ye9(AE6Wc;(=!L@aYbAgIg$f9dx_|
zK3O{aC|y^y`caaOb{=^Q^%;Jc@1@T$^YnZ!*3ycmBA9%NY2nE7OjrkDO!U;t?cpAK
z;2cr3+13wZ?6RP_We~oONkrbA)*dAyBe{GFMCi1ZL1gKZOoYVLY01ow^csGqqA5sN
zfhKU9syMPR$f$^(;)sQR7pM6SH+0Q+>_Acbn#ZI1IMnCIuM2|0(W^$KXd_uc+X%-b
z4F@*ZKb{EJDY52_)JZgRb!v-K8LJJDcoOZuUA@4IGq_4qyf|a83Q`4@_ns#2EtYqT
zVBUwCyhSW;6U+NlllKwJ`-0_trOEq@<;`b#t2BAb1#geiFLJ(k5DEJaMb#NPzW8&w
zz?H9Pfwy%9e&q$?$Q~%LQCDE2T;Mw>uv}MQxm@7YuObEYoci`W-I(NHSLmxdNOEDu
zZwfB1lok<LDcP_8v63-T6P=R%x@=GAeFcE)2A7d`@u1u`j5HvycwjBbt_Vu}jf%dt
zndE-p<8C@z`wc_sM1GhsL)Vghebz;XaNTrh+MQicNEU~0p73#kC_3Te1Tp@Ej}yd`
zC#pU{w3F>}PJKZkaIa3owYywkGZaYH6-f3-z6+K>ftI=gEqQ?mG8+nn!`|iR7G%eD
z^;Sq1y}>IOSUumf3z-EDxR61q22-8{WkMc_96vpAl2)yTcR;j71!ntU$_%wR0T5Q(
zf*vv$wIqqdFaIx($ER98rG){EhK{T+sqae&(hra+hU7dJ?nC(J5PXRbU%*t2)}yIt
z9;cJ&6T=Ef!6NVlUayxTq_3>S1QVl$EP}3o3O1N^m@`_3T{gD#=Ah&N(W%F=UV7*E
z?T_{H?fgERW%zV{Z(w;oo!=in+N&nc?+;f<+S6k`qnNQvM@RO^1*}k@OjqD1xxoEU
z;0Ij+SB0eFT?+~v&=oi!7jS(_3;e9Qq;xlzPq1UYQyplHWB|Mdx+R0$hrg2uQ^t1;
zgMXjHPI$h~cMOd)?b}c$1KV!ddWOO4!@y@KWmL*-k6Dwh<wje9m7&MFU#<4*nf8sM
zeJg4E%Mr>y91-oVOgo``Xe;i}un+8w6lJZFag54bgly{_&JNkMR@<P?rsV;N0c%s5
zPI#2F0_at+RJ8vj+DphXesbjs|GDqz*#X-q*#C|okhl4%f&7ynb5&Sfk5YPvD~*Ja
zI`8<hIynJ`9FEoK;gBsZ%4_@QM$Skan0J?H%}9g&92q*Zg-~#7ps5gcLdpf>-buOr
z0+Dh1uc5c>dviqK_5-3pm<wkGE9LiPsqQKA++2|A67ffc=RdBfNuMOC7m@4F>qBc!
z;x*^6nxm?&`5s=gw!SkLus-I5)#~^VWA}niNFs-b6(Di~?scQ!U<MNhH&Vyn^2M9|
zBF~S;ItTpC_Jd2IK`P53a6e1d^a@9120HswRC}64DP+zVdK71I1XK9Z|IlX9=4tii
zc2UjM-ppM`PC2La#0s3Nfg!ZgitSB`Ii-IxAz<gLPSIoU!GwUz{`4UPd>a!pl|<_b
zzIr?38Qdb<U)=vOUA+(LHlH7FN!wQ~DDaie24sV>{wWLU`c6k6rtlj2xmVK;)y57*
zDIJO|OS{S>fN3D06-oucb-fBgR`3xgWc2XxX9hhye6W?B-ulvZNW)HedRvo$r?<6`
zpSz8o-X6qGq(VA*hJP>vKKPb>@DBUnUC2*|4~E|2bS(7+n&z&>p2tG|;jPX1S!BUd
zMy(zwj1}BQFV4$M@_DwIW=rM^i<BLh?YmZIK6)gjo9V<bpj;DxB5nn^sQh50@f&Z&
z55|ONQ<-Uj=6+VW?M8uoAEs|I9(wWF!{Oe$X5Kg}YB{!p??I`D$HmZ8Xy)EF<O*qB
zYkG!*Vy0Y=neCH{1j(3@LOSwygmk*28(?X={o$+b2%20Albb6Da4*BibW=$;ijvd6
zV>0Qt7t<Z$Q!NraEOScJXs#;_7@=^!g@pb`;&T1|!)E=>St@&jGhea9qFEYygBrsl
zwW2zB9L>K?cr@+#&%vX0X7%uR>7Y+|JbSQ4@Cf~&DtMfI-y0rNzm)AizU1~FGu8GV
zJn`}jm3=s6Hqpw{zVFHPk~@G1+2(=5gSq!5aldl`9@=Z(R2@L97@v#reRYh$_XRP&
zFa5DBvhoUg%rWau70q;<U=%w;M97oZ=YWqZo`*28YCkY0vTKpf56t^))>c5yYcjd8
zd?E4i4}HOAXYX{C_puf{aUD&}p3n7zIqLGMF_VVBaj5`^yuxm=sWD4aW8_m4KePj#
znm~mmez#ni8qEnmTsK(}Y-%LM;^h54CZ_rRDktW1c44yeJv#jNG&zfz{PI1>Ss)`z
z+~<<;r}^h>4%SRlIq9v(6F;4%ito)<_Y!4w%Tu(j0(|tsk}}Ij8g_nJankGj!VkW5
zmFM$Se#@4Mm!31^g9$GxvOsgpa4QTJW<IQRk+kg&A>`m(g;PH*5Oks%Hm;qnAZL6z
zz@X`62?ko4&_)N81RYQk*?M21oKqI>^>I%)4->r{?@h+UN*(XbWDI8LyL5%;>ez!^
zk7Oe1rW~kisII_Jxxi0QppVBR83aA?spd$~<5OAx@lyuR{ZmyyZpjljOy%~B+#bH*
zbiOx$58td5j3NhP`w5I#XUP&Y1er*VcVlcdhC*L~>j(0<>Js=@C7E<jxW}4wF*jNS
z6MTLx44me^QaD<Gf-2>7gRF*fYwSft0_gZ#-|IQ_ytX>nw%5Tni7mK%mECXYZXdv1
zw%Z4A-`-s%aA&~KMe@Mg6g1E1VE2p+ySh+dh_1j8xxg99SG#(9R0^t7KGA?T=MxFM
zLq1`Uy#A~TyqP@l__KUJ@bY)6l}S+u3}*X+X}O=Iz~zWk?gIQQo(<OI!Ny5-`In9~
zb5ZfM+T63jpGyE1{(v88b6OhV(MeHd<~5w~FiU~QkQXECxysx;=TxosL8Mb@K!gD0
zZ2RcfKLT25<?k7^7p>EsnQP&e?m??#5Wy}Dl5dWrzVuf5QW{_!=+&1ga8W?V)Rk5j
zTSYB(lv=vzM^q2Bk<OWlz-^4{9uHi*Yli|K@G_v>j_%lflyQxLJzn5?zY9NNVy3vs
zvVAmPi!|}cwY9*h9A0a@_cAzXE`{qCxGF-3-w7O<v^gP;#BV0;kH961vQhOFkXpI|
z(-jd8qn4-7{kJ=oeV30N%eJc~J67-;mF-w(7HW2^X&*}1Zu^kmf9I>PeIQS~GD#z!
zD>yAG^LOVOoIkYo8TgVBaNp<-usE4?4y)Psg^ww`bjagDR~vcVl?|%kT3~MOs`T94
z!EO5(Z<v;MF?tHlPY&6U_Y_dYFm8YRS4FbGNTo~_NdP@HxI3iJnC4eIFBJOn%Ev}9
z7hjAYa;F?Q4N`O;{@fGxJq45tpmJx!y8{4}erixgp1oaAiX4<{cK870r#q?#Wf)0W
z;2V@-BnomCxErhd1pMa%2Cr@tRV?hAA4o8s&$DADD*Eq_qIv5L5{(B3f2MPlz^^Ew
z@QsDIVtrm=LjFOP4_BC!A5I_el%#DR^#NOTtMYXAHj-|)eK*4+uK*rl07a(h4Hazu
z(1>!F9{l~<Jmyk;*;_^y?D+~g!IRctQmJWqnqNWjm4d7OrrEUvK+kfzUx=wF-Cq#W
z$~PKJMc)ZbS34$@Ax5lP+)LT@ax{D(rgj>6OXU#;(i$fSvQHFre8U7WYP0xVY2ng!
z!?#$52rn?lChP;1oTtp_OT)C($n<q%)`FTk=s&(9>p$kzlk^|&8#_36vZPFak$n}_
zCHSs1?S8>ET=H|1Zd%^eFE7ipso-io(`-u!v`~j!qf20Dz)aDw$#aOc7|dGi$XhH+
zyR&_}fwr==uu)@e?d8^%({<(oEqrP6gAKYF=QEa5uY<1{f2U0iXM9`3>Suh=L*6q!
zZ%!pMzR{;n?}i|0#_RI&zs$xjt{Rdv9LUsU(Vlg;xT<IG%skuRAvq8<MpopA<{HvQ
zS06t<cz@RUcNZi}gJ+$m<EMwpMe%~tyUNDTN!j}*m476okHHV^7%o@lT4#_3!U380
zk_^bUZ6rXpl>vFiUyU}wh&Igx*B<=>;^274<P)6R;%W#^&mGl+^QBa8aISs65^ydJ
z^aaju0<~ah{Ccvc(-lm;v`Lkn2Jt@w*M$eXF0B>sPSBxRtdV1Nn7KzW|JVnttWNd?
z8J8OFLo>8NfUm(UW3cec8>Bhk#mG*l!m69|Wml4=Irr`n((jaT!Ikdkb$+Z#{d}9w
zs=EGl$+Z5%GGZDTV*WNyT48xWS}2iGuc^X5w7lC2B>&PJNhtv>o@{h;cAc(Z(ck3S
z=4omJOxM&Fq@j*RMDqy2g~DyDCWuwjjaQRhmUfqIFkLJ?dv_Tu*AjM9tsWYLwcIVZ
z3^%3D@F-b^dD5B->-6x$R{4A2tMn0*+&P*qY;Y=F$Qe$n7&b0%2(QAHu5aGmihUl)
zJ}=^*)0$ziXXlKQ`(L!ekJBlNP62r)25!4Q3K!j-eL-LAzifY~+JBiE)ZkAcDcr}+
z=o~JV&|U-0#%~lAXgti|{qPC}*5tD@6w<vsUXcE9t_10xy?fhoM~xk!fwb+q8b&gt
zpSq6PyLXrQ;Lk$Js#c6nk*_2c(#dtT(w#cv<pPtSK$HjD`nptqu^{!UF7~Ur;M%BD
z&#iY;y1r-umHFMo%7&NvIACXCVizT`GswS6tJbo9>jqPzMmkhRC(~uu1sFegRl4B+
z7z%9Bse<pgDs{353Y0Ka@ZycobdJ*W(=_q(jXv(DU*A~C{q%DiE4iOm<}MKDj*^sk
z-PO;sa;e{E9kg2?lzSKWxLoS@Rw%GQS77NisfI70!23Gzd~{8!!2tzc$Jc}qBeS@T
zS=Au`Y|fS+fz$!z9at(Ex9hxzJvH1O#?xxU6KCk%J>;i!`Kbe4+LD6un%6mR?~au7
z8*^7;07-W(w{j48>2*nNJNtEZ5NI}9CAZDxiM2+n`E|yuqj8Q_d_`%l;L-@Nyi6@r
zVytn4xERZ~Jd^D5cr;`tUlv`$;f-&k0T<*`-?!Yv4J<t9c9IX_Tf*>up}n5kFh^6G
z<Jmoo%Ip(lG2~tAeNcel^;MqGmauc!n|9xhrbIHsuJNB<?=|Tl7W^8U>i0&f4%-)B
zWr;70RL_5JoO5~B=)rl_PLN*hds2!o^q9WLf}NEd=2|<dKFrm1RC1Vm^i_74J2RqE
zeTOXN2Be_EFSl!F)AwCER-_IbPv@|K#o4WbCiLl8G4nd4SWR87mZuvcY|ShMp1|BD
zD}b5q?C8_+M*O<YrscMdo`UkpA$x2SMf-NL;>%ii00hMnxT&_#Q%g|5dnrvOJp|wn
zX2#6mVc`#Y=7dZxjiRG7(BY^C*y;sofUc{Y83|H8e~*6dIs~}x?0chg+b$h%D19lV
zUA_*zX~B9^gd$~)?H7hFdS5`HTI+OY254T0v^yKQv7^-yCF|3+G@yiRNM)kGW3OsN
zf9?*_wVxw`iPkFn@N?xu9}+euGmNcLW@t4WDixT}aIYjW^p+Psx|UW9az5J5dD@{F
z*PEDT!-};eZSj`*HBow`mmHdk{sUA7Ckdyf3kO;iLc~q4Xol!+rPjaJxBtc~Rn3Sj
zbA<ibbyO=)WK$uP5THbf4~e5IMWyRTvFyH=*lJljOlSYW=;=Zvl;=@m+$DOX5mB*D
z`_swDh>f?{PoT;#Ix61-UIPLbu^Qj8-zBK;cN6jY6)G{-XJqoan~_OWxETpFGLeTu
z_>(*wr@zXr%V^<3g%+CERB!EXB#R5dP)}BkYB!%zuPsBh@nz9pgQFXr^+eIpm&6x~
z&h970f@`%+vyWqk6V|yv+7LQVG+gi;zGNB~O#dDZ$u`;Q%%7DE{>cIt;_tzdY}4N2
zREYL$Dg<vH;)>jHwsAx9vL6svju<y?M9%OB#zVB?68N_%+mus6YckOaHqqa1P-EcO
zQ(iT>>ER@ybz!pL&Y};a>D;-y(T56J&fSqdG=h`_`mh61TGEGDNV$hT>@R?czCo!T
znf)a=cCj_1sS)E71;o3H<QYsgy;>}}p;&5=o+_~i8mW?nIlI9X0@wxB>jq(b!;sH$
zrXHppA&rV#2w<GhM6{PtoFmVlZpm6L2W067M9!Id07{--izQ8k&tmvmEZq-F)9n})
zhf3)QEg2QI@g5j3CX4KbU?^ZJ0CL+zoplo1vBnQ!hNp2%<KD0UjI^d0t&X8)Qw%L`
zss}#qP_w;rn63_M(n;F@OW8)r*fLJE-vWEfOo15$Tm^%GjYezI@w`*+gv_EdRTu<-
zdY#BkE^Ez-MDqjDUCjD5>h)%lJ;E@sM>uI4p>DPkdxWc!J;F(5?^$*8lD(&MCM*MP
z@5wC@T(6;<lPMI>$r#$ioX(VmNqq@k2jFWYMT?OtTFmVV_~)O!#=4KQT$j8>U){m7
zV(k<o+27$9dMsQvm(d8zAocySq@O^J{Kzq3J~DG<EP}H?J3bAc9?9zK2Pe$1$1_UP
zn)cS1B!Pk#IBz6PPqmaZ`q0T&1)$vUw<O-?M&Vt8#nA{9M9i7aNyL)em*ho*YlN2E
z^YP=Kv30TD!c5R?ce{JXA9S~fKPV;Cad-O0z+dt@=x!rZ)JhNOWnJ+IU?~fNv80!F
zy;E>K%+6X}SNc>Xd0?gY$xf?EG7lC4UTCbL)8d-yb+Ti(k!JG#bbcGD*grZX4*OmQ
zw|^X<;;_v;amfI+{9U#F6Pf=hD-%a~$e%aRCnnDE0b)SQ47l?JlPa*Q$&-i$Gg(Hj
zg4y2q+?Y~aiqF@)>}!tY)p6ur?c(g}>0<9hF?tOjVeZwU^69(Lf_b}W|HHnKtel26
z%yz=;Yr+5zL+tBGy;qtE6cP^f0Wn#Ij)}r1QEPRx=6klIRI+}yA>pAlK1^G(@1xB~
z6T0Tln~2&IpVGvyll{Y>FPPmT3&r6~XtS&xtUfa7*+|r!d#N5AA&TQ_z0F-T7Dgu;
zz%ub%@g>vr!ss+~5K|bPWx%<j%vBz^b|;jP1N%x5JeMTerdpl%{(d%#&cTQ5P$K(1
zPsqKVj67u4s(Nsc83=bFPS%Jb5qTBAVt!Apb{DbSD=2k2xcp3+KvR*aKDz8E+;4^g
zwM9p7<2MG;{%Z76s5fb+sc<*sP-thlV|DPJ8@&P*$4iW2@?8AHRJa(*+gXm)5idHP
zql7unY;inhB&(umUUG&xZv!|%fNsYjqNNe!ElkTZBIb074m2$v6A69{ERK12KJOJ{
z?-SilbXW$71&42nju7U6!$HR(yKaH~g%ba7qZi_Yyc)fT{@NOFA?{q90n!5Qu`(pL
z2HdO5l;g?R6*L6U>Xl_dxBAI~V4Ov|I(}&$E~L%Lq3pba0f6i2($z9i(bK(1rVIkR
zEPB!gZ>-+V9UR}{r&julxIrgV#IElU(MjuNvE)ps7{77Gk?E%8>#}w3SsAGU$kVSV
zuS17E2N8}UTQNt9CGZ=$mGUH^t!c*G=p9(XRswEVuYy0hfiQ&m*pERJ7mt|=!4iq#
zKlpY%XEB@sS5=W)EhWbTdN@*ATa!kRyfElKer7*H{`wG!Y+(`5L}xcoc9+Pj>7Zr4
zKW}xmX<VVyYT%O}w-bOJDk?@_XHdr+1G|TSo|=l@1o5C@Bi)P5u!!(u7>nxxx`gLT
z{gFEp(3%}PO{!M&_PZUKhRfOpz@E7yt-HKSbUPy`DT|^5mfQUnik&#1$n@_GIQ;Il
z1m@NVM%I*%ETI-#ynq0$7}i`aS7S|v(F<j0VUT@u>3=ydJP4x*Fp4W76fg#qJGux+
z3ZIaM_l666`|3VcZ}0=VU4*IVui6Y}7UB3d+lEU0tIL|4t?D1^7oBCcHdOuNLX!uD
z6uE!kidX8Is#oWLpXW{Rd!dz@Dd^^7;b>d=)stLZD|Xrn0?9T=YK(`1D7~yS2Kwh&
zTz0H#CWMvz>~giuM5zYDJD1z2qiVk7uSnwu!Ub0wBlsW2j+u(U@8686(LsWONXW>V
z3d0Nvny_<L;C-rY^9!7`$|tHl`{>4BYII><)n)o4jp1w*N0V}LPmT`<U4_qq)2o8i
zFPEY`^LmI{o>>mJuLV=1)6hto4Z>8o*&l=+bP*Jz6DW=Dui3ObD5YY0nu`8YvJ#YS
znz%XJG>jgB_Lg|)PPclK)frvav^=10$>9KtVH-UZr+B9BcGsrs%XKyg_RzmlJm>+}
zRQQLWX~un*c7L(j4_oY8Qaq-@?*!)i8cql?ViM)@dgB@;lNX_z%M3mdPdJ#7x7kuK
zozynXdJew}7FUiPH*oymp-&GM<2P9x5BrO&@NLBK2gUfEVn|6|U(lbk6qK6NP0PDP
zgS;fA!t~-4kH#PErF7G{fN0%_cUYXE4d{0P4N8vCA@9LHPu+#Ozt9f~iYNShK%XND
zdKPy!?06{|w=KkP2byMl`~UIwE^tv*+vE5-JY-bx-~&Y^8I%mlE|6FtVt}A$bWlnw
zDoaZxEFYvZsfCKpj5>E5weRhDuf5+lD=Rg%GR6mJnXgJQ%XfCBlkY@)F~7am-sj9Y
zGXv81|NH&>e3ChPul-(o?X}lhdo6mX<Et`~gPbub^ty^&aha?T6^1UR!cZquQr1#M
zAafDd;XK7Dc=xiNZs5^?eSS=zoq7ZCUhvL&&qRt)B|4o+U6fW?N$%CtZU#Bv2LI%q
z6I~VI;y3=uZ4_JY73{WF{(V6=Y23%>{KIXMY+m{`)4vZ$&(tk23VO!&!M%Nyce$EL
z?MYj?Ti42BI-jIM?NqY1?tUSQ9+`-EtLRix5~H8bBnsc{oPR#4HzM+}i=(GmIy-;s
zSh>UGFVj@cWn%)h)A}e*H!$ge)DSQJ?5o0YBOhOZ8~KY?+Kv2qD^6?Wj>n$hC~d_y
z@<E=BLRiDW>nvgZ5ok9H`-P6Z2xs}^S#muTK2m*ssmI@y72r~=27_ga=+|@883KBo
zBx|r4IWV}vY-iwMDtHOhyqYAhzX?Z5s93){A?*zSb+w|N%D!qvJ(ZD-4mJb%RdboA
zvLS=y&Tu#Rd<(cPh$26Aj>;}dZQiGj%Kqn7zoW7R<hRLoHB49-VyFwC|H&(YhZ-9+
z)Vk9I^wNi+hkE40z@binn!hE<>j$Vqt%S5SABG<4kF7!tb?fFPhMM>u9qN0p_=ox*
z@|)0AO2`HKQgrj197%qD#3KR((Hs{lHZPODb-2GDCklmo_2*T;8K(fPS2eq17)3d7
zI!Ci(-o_oX7M-{Xg@;AwSGrx3Ov`+CTEA;l#r`fXc*n4vx%Pju)ExuuoZ%>g-@riO
z1ZSJlaf()N;5C~vme+4e<&-w^>Zbf-Ki!mIVzRz%DB?IaStX9E$A==0yTZ6Y`D;;z
zFHoL<^$Lzg(oT`xCpgxf^ZC3Fk%6wy*Wu|_G7zcqgJ3)@{~!=g(@zr6yFLhwr`Zg=
zlM22PYVL{P%!(V}+B3Lt6|UgfEKa&i_7|X$JM!4Q{b(l$&YV$KnR$8r0k`3%^+{^!
ztACPKzQW`~z=fwXPY-$0dkogUb0*hia?&zL2ElorL~cakbe9mW{o`=hC3Dy=8H~H+
zqV%Q*eVLG-nq2~y_e*clT{7?A{#{}vzrEAJT!W!{D|$F2|EW0~LY-se^m5O-V0P!V
zC8wAu6kRe4Mb#kwD=}*iD~3ZS-)X^N^#S4Sy~C*=uTJkZ?;qsAHJ^G(kY1mh#Cf+}
z!-5CiZNA`d=N123k3*@w=Yt*~TvGr{05FPHYsYHu@K<{~Nt}v_5BL-BCy5VW;uNi{
zYm&Z&pDt?pew?tU-c1(+d-3a4pHJ?hbM%O8=+ezsHHF`U!Vug_CpYtRt@OlO+U}C3
z%ycMowZZ56ocDHv+wlRoWs67?>#gx#u*LbD*Q5#d^BjE^Ot0i`<CPp-t^30(h_y9T
zj!Th9ZoiDi(}*q3K1BtcG^U2vq-Z^|Pg{F{*WCv8W!XV4qSo&Ix$FktxB0&_^qO6>
zvqpOVi6pg2)&qH=4(t^Gn->Diu1F`~nh0Vi7MsI8z#!Uc8>Fx2qD*bxW)N-Zg=n+h
zZcd0MEdBN*MW7Pr7O53!+9}~$ct0cQ(t<5Vee!+sJ@TXSUGfNdwEO_G62P^Y!BMFe
zbWHlA7ZoRm4NV1SHyLu8e5-tmoXRW-7}RD4^@~ZP!cKci^OhoBGCq~$ul8T8z=tNC
zKOC}2=N%~F(24gDo!Xv<LEGPIRu}b43EeWCA5X%_uA7!oKi=-hK1!t{4Cud+Ik##n
zJvayb0>z@+mmA+|Rxr7TYD8$nl+Pwo>1{W)0`+|l6Gy^%X>xvVVve}4porr(Bt5<j
zxp-2Zlb$%)hl=65qVRHaQR-Eb=eSWsA7{|GDSNYEzsgZhn;xIhl-+0&3K~K5kofI2
zvc%D0qO(TyG=`D-=S+3h+I|lg`F*0V##CFKp1WMHpDz^Fn0$lkBMb(?KAflDjqE#(
zeP3hW$?W?o`|d{Nh*w454$;=g&;49<UIM9b>OK*a!-L4bVU`;~LuvDc3yyOfJjj2N
zkn~#UMt#H`q>i6qjeXmK(l>@oCj|Xl?|Vr52dUB<_K*~OJ{u{<4A@O|oFWJqE8r$P
zQ{jV@Cjzf!s(cW7onk)iN5NxMGb!Vy;CMcDRN06rql5jS3yyje=6R8C_idBgkU43T
zBgntkMCT4Mb+4FxMidIp(6IJSc;bnR2|^4LzuDxuYJ@X6^><-@d(ypP9z3~ABew>v
z<%7X%xlFr$uW|bItKzilXPM<+JIi$Kx_yc3hCL;pmOH>c!*YYkxr_V=w~h!{14~Zu
zx>#-sy;iaiFd-)AR#WOOb9S{^D5y5s8p5V^7uJN?8g8;g+8TOV+ZALLhWV^fqHm+g
zR^5mm6yY4EOR?AN+$ePi4Vvr0Sk=K!e=<>o4FWH~8O6?vCeQB?=J00>>_LfzddEUH
z-iND_wEo^rP7r?$GMGFkA|NIMs6Xf<;e`)qz11>$V_L}*x(j<)=leeFwdN1@W9qs6
z>;!Vc{YcO4?XNaVx1K}S<I)&XLS7`gbI*U12^{7g@&{eEp3SJ1Zd;$MP}V%@rwU4Z
zCKm?S-*{cK61f2T0t{qwMs$ra=z{SuQ-bw#lN1@1u=+TLr-+5gjR!r0=#1W|xOTRA
z;+cbQzjCJy>adk3N+({Sqs(t`m-w7_kx?pM8}dPq_5*!bJd5z=a;<tuv|&Sea}d4{
z*2Z7>2KKkqdTAmKT&uVVH@lxPpfa4$h1x+(86LU*drAll)N?YNM=Q?yU^K>J*G;15
zaD<sM=@(7pR2=(#A8wd4qR$AYr4K0)Srt_J)n-cf3@AM$sPtHW={xnMH%rI2W9gen
z>6;AH{6-UFp{aN@bV3^3Atpq04?;<6Y{0A#=E&^Medos#4y;I=g!IYrTKgE=7K3Tt
zwf7@9&QdbWRS1T8gf*i0@Y;uT06!yAz)M9Kh4Xx|v(fAtkPHHHG7(+LP)uYZik+2x
z46q}e2SMs;kl#`tu&I2@vQXnm`TOH>)HOezt&yR|v-7_#8IS3^zcC)|a4O*O40}3r
z0gb4yi0+u4wE?eZVihB7ZmenmZkl4by(TXqQ#DX-P0D*g9il6-V~n;$UsB>WwZuNq
z!9=Sin4S1?e~EiY5il3OJ=6OtaGICH1jh)xZ(o#F-><Wtzx|s43rx+K%VhDkT6X4Y
zPEv@c-Zq4Nw|yXT4!Jciqjapl&U4W1fnD}K9Mt8$w|QlbcG*53`_2pY3i89T#~Mut
z<&j@<I4^t`Wz-X(eBrqo(#2m$s@Z+(X80o%N+#QmR@e~Pf~1-G4}*!rW-2@PnVqMA
z8=L&Wt(<AzReH`pjjURZSGgj_Dwg|0{5>p~I(3p_c3+B4jnPx7GL{?skRu*_d;*MR
zoJH=b8}FruRG7l4)<>yDziMlN@^@!jf_D{~b4ZI6>-^;hPn!A&nDi?>stLA-mOs-C
zrP5!xXo_{RQqUdz0Kxkd+OPLJ9+S<<QRK(;138@P$)nQ($>+U~LiEIp(U`G*O*q-%
z>z!!nY}s}PlKO@3P&?;X>DD*nxe#w9+LDU$!AS{Z6gxAM2h|j2#&g~&K@N6~tKPtS
zlBxFo<ags`kXAAdUCd2o#wZ)!h}ZgtrSXN~p*9kkD6w`3?TWk8Ug;>{r6ypID~H<O
z+&nE2&1%jKNDYd23E@Cda2SPG)SJw%sRp1(a6#QfEi+jBKQJhP(@^daps$Df>Xuma
zy$t>zX&eS}U!`VHVs@Q1k$g0;56eyn5|~IXEQRi&zCx#|K~8{_f!dTD-6iG~B}k-n
zW;FFM)lM5G()%=l)fHH#6aW(XRmd`r6L5&@;DfC~<2v*zFX5ziPX<LC)J}h4!1-3H
z*px?svL5Vhw)8>MBt>11=O@~<ZO#MtS`EP(`?h#hfY@DdI2e(2r0RN;bEnC3I@**`
zi%hw5SMpp4sv4xU&)5SYRYxw&M5RY;nJ~97Io*_W=zIYUuR52Ix-!ACu}s(}IZj$0
zMS(4t{l${rLecnzz_y(uOhVbR^M%4!zZLUWO-a9?|E{5~0f)`mQzdIsF)2Hd$qfIH
zMmdi9pzJRTu&krnQtU4Bl_g2eE!HndMj^K8p_+MXcN4$Q1fkh&8`0xdEJCDv@AXkH
z%SL2`rMZKS6IOZiXS^Jiu?Hem**2GImO^)5H93DYrT!(Zz2w9H=8|jY^m4xmclJ5U
zKyYAI>45NITYv-O4~x!0vBl0m_4+`(&0LrQUW;oDG!ouLt0cD*Yr`qPxY(kM<K&M)
zOV4sYTb;>Cx$q)_U}o>>iAqqc?m5SOQt$c5AxLwk)9_zUWmA{!2V;->^!r(7f4&dB
z0-q668{iecr!f-5NK2?|@XX|5SDMK+SrToB4?_Sl{uo4DBWxI`I5qLyc91lqiCmO~
zC2$Kjk?B1n!U`sc5N72I9MdUqAic~+EfL;kU=13u7yMuo8JG>h1|%a?Cjw=e$smRx
zgk_=$RRJVha9Chv2}nl<l1wXcj7A0KW`jJy>^vrV8p1_eL%8K}@^6@BAo-WKb|Tzo
zvFkC35HPT!5bRU|d0vho<<7_v<lhD;8)O2mFJ~#13ASb?<9yaBEm>axy6C!3V!-C?
zqt-59+_w^9auGzRoDaT5>d9zc#YnHTGHZ`w$8pPI3Io#VdlWFiJ{@iKR8YZDLK09>
zhEeg<B0cBRX&mGOqqy_vp;SkY=lzK)1}7RjlVge$H93{ImXnfaGFRAv`s~xx_+NB-
zrProW(@|qaJ-L7--P?n6Zc^W4f+c7N$AMXSQp1xyI9Ha<7h&<pa|oMrXj!wDz3<fE
z6jSdbH=(bvM_^EQ5Xr8zEi#^~DNN4fu`dwgjj^kQtCGxQNXjL!s*CbSXm1ob9MJ|E
ztZBPY4sGsU%Aut|<R6{N6dVIF#ZCJ!sNx0)w=`lyA7sR7SnNa6oz;CfLOQDP;-YGP
zoXcsj9&*B?J1?U)#?(xZq|`A<$|qqrpq9;fP)Z&a!i`Mli~}g#Gz1AZmoII03Tx>N
zJMCUFe_yJX;)>47eAKjx#|{kdN9n}iewru_FF!)rf((+V$Co;sBzVzC@FmLxtpC*j
zH?!!MM>TuK*>$g=@(Qwyop4gf#YDBY1wk{?MA)^yl31|g+Xv9&ECkw7Zy|S!=M>Qs
zx#&v=!ob+iT8mWNy__oO$OLXWn83ltQ-oM#6_mBii^Aq(-u;oj7Z5=LRsu+qMV}#q
zGjOU<iTNjkDTlsSz!5o9QMoWt8Miu1V-2G`EeOyuDi4?Q)<eD03BwJXH<BszQu0>w
zEaF}qk6N6Qpv6H0J?D`P_{8f152LgsQ=gU;7^C~S`z2rxe_wwGz`gQd5*IiV>wdlN
zOf3K5`ZH1W!}VsO{`0>-6Td{!IC2K+3I0|wSb%69N7%stU!K+*1K(k!Iwkc<ns#T*
zUmW6z=VVOm?@!DoiKUoW;7`og?V%-<ZI<sQduYBc$3b&;lN@CF^&Iz|K85362>|Kv
z)J5k*(gi!P5FV)$exc99%>PwJYQXsnZo5t3@#8NO7}|{?jLZ;p^va=WIfiPp<mn_<
zcu6||Z9tO0Dj6oL607gWhOnw~Y(NjKw-mc3P;<!(s7>Akl1j7l<Vv3064iLC!Wwfw
z&UPur5@);A#u7_-fa2`Ggcqx=zj?>;U@JMCH@o|!no_sFPwt!}A;~wy0M4`uMd#@a
zy*MhyfBPpOogOjOD~`J)dX5-H@Yjw4d@*~sNhoY2R2BZng6_P@ApFiL>E6$Rguf4H
zgui<EeZH@tJ|f&e^;z)Uh~Jhc;P*B9dp!KUN`F7BmHmFBm)WPH%)T>|*;@-irduD;
z*I>DW33&12X3YnRdAov`w-bta+ku!@bAQoEz{xCiHo5L33_bdVW%O?yM=f6*Q^{>j
ze$eDR3EaTQP)mKo6G_a*oh<g@!r;ZW6cbFJ;zYT^P+lun7>wiyFv%6}%4>j|fqRzZ
zsGgIk;>m|dHndOnR`Rj{a$g2e&EXwT8<(50*HMV6*7k&84cwW-t?vVy|Ma~{{wBo+
zd|8IBbNx-$1~r*cEiYHIzXp`3mR)2}FE0x51l5j-gZvWK0{!M}rMkWCID%}>i{OeN
zpZTfHr+#XA&YS8}RJBwxD=e*VR9s>n7*5Ll9(2z>)~Hmx9sn>@fGzjJLg-GizmL6w
zz2at6d)Eb3cS&vU38?N5ZSd$z_fwMb?5*T{7M%^EtyZrDoV&0^O2GERnG(>Con@#G
zOvm?ew3`}{qatf$g02)Q34pLOH&HZ5e{hp3TNoe9V<-RYqkrF~<0oE%n1b;BnWu(2
z@1u(E0$x9>`g4|hsZlb9k}+CS&I?n)UQ>*P$8ICPr;pt}92W3I%|Z^temi&MFmn{w
zS6IC?eN+-m_2}-<>E+bsA86z$bTTTvy@<l1wK>6F=RvX=K^Z$Xj2>nZ7N}VdPmnUU
zNy&4%aK+F&ciaa%;q;D)OYO%g1vbnCbRWC%oDaAcY>PeNPLYN_Pfx{^4Wn^}HzHHJ
zc~BA_4xVEg)ux!e$$B$s;rkuf!qLr{Y76j$J7t3a&9n|X=c93(ocl%3B_mXhOPrFi
zM~a>R@`$(@w1(FMYAD%&5qxX;bG~3}pz|cpubC4GYI&|0>A?&KefEA~zPmde3vEtx
z{w&sda5&G8$7VaxW>bTj#g3PRZ1&lX)YJ*xZ1B}0Z%^JD7L1DcAdkIFDWsfBImO7B
zXR%ebbfDp1Z-(Y}zjNFNW@ckK%MG+yLUYRl3<@TVNetOKu;x`Wc@E#XkUL^H$4G6{
z-MD*aU^iw#H-@&P8^1lAsMK#yF6T9Ga4Ho0Y@TBWiXAOLFtdbZj@4u?QZkpZ%-5An
z(l<jGN;wB7M00TK!iNUrwo;CN>0=HEvwH7`u))8=qG5tfhzKCkc;%zDQMV7zPwcE%
zWj8-bKYbrKNnn5_-S~D3CaL<N&}*e2q)~eKJ>;+d2OEjWzmyk%hG57mZG*^FL1_40
zET;lXCuVo?f9!{k>kMmG(6F$n;cvBISl-cz*RB7j?Sb{fg-bg1W((?fjt&)1^Nirf
z2&s4XXk2f2Yr$E1!6YwYMmVnr8{uR@g#^0P4=pn2vBA)7u=(ZadRKHD5bTFK(icSK
zJT+gcK(nP<V^PL&IojmgOn#@BvyWMB9#l1;H#hU7$u_rvvz#!whDaut5K#My2NOB@
zTj)YL>jG>PZ+XY-@7MRf4V=@bVNU=3MhoV&--C&aMr4tj+U?PV3%1Q3z|9!~_LJ@#
zxX<$l#;wAt$*^?s&+Zv(<}U-Adl0U-mHz^n+Gf+Zq5-CPwQz$nWpA$BPio8K=42E>
zw72D~8XwyGyJnZ0c@!Zey#YmQNzpu$t)|qJU0ZqNdSm`a(3tUI-n*|WV;1a(+jCr#
z<Ia5`k@Ic<h_zFv{i6aNn2YPiPnbS#+QbTrxL$p5zCn3#ZrY#-q~X>14)|wdnJ{Uq
z|790R*#`eqtI6<sN{*xNxfCkI3k#kG7d-GDkf%pC(6_4WM#2%zy%pFZ=eI&4@C#v@
z*A8cWHRpw|>Z=CaMwX@1ZK6BkOyw_TSC$apl@K%(qVo-=izmd4UF?VRCoyA-|J{)+
zdgLew2;%u8TFm&_c`C2!#N0e#O?{a#rA8|!-%3`93}G(B=1ST~x)ISHp4P*owQWU?
zZI<5W^M$X@iu_(Nsm7c=;G(4{-~A*!0Nau8JZn9wa%6<Xk*4C4vom05XXZD8P}@Xb
zmXXTkH+1(UYE%m^E`jOkQ5w$y2LgLRi0=loh35y^ZMglM`$W%aGLA!}uVT_g=w*Le
zt*);(Lti~2-ykNPF}pie4bL91+wye2J0JSHHQ(v69@O?XYpU`@&KhgxYYC!Yf8|$%
zMC=;wOmeHMHt?L<B~q=~Ibb)23K5-_-3A3=cf%9--9|)M1`GnbbXJI<=5B-8HGX%j
zu*Ohzsc~+xZa#o#)U5wDpNFjfHZ#HBVt4X(VNJBb>};sI<g46E{t+Bsk|J_<?f!Ju
zVg^L+g#AWkbhepBats<H=v1fU=IQ4VkNcznKXfKz+oIZDGrM8JiS2nciZgwqvQyc=
z3ifZ&?Ou_A+?*X%_}iRZiXlH2!dLcI!M+@RP-Cl%{?VNG#Ynw>5wr7>$+;8W7lG4e
zlPe*a;jzfq0s1O0GBbA31e5b8g6k$g>E|fB;G%?^T>M4P$tW;L@<`F945`p5g;W4-
zC7?A$8QT=xZUn5!Q1E4Ukz)_VmyIHSMoeljIX9U+$0CMiCv>wE<hu(1Wp?E|H(C$i
zeg=FoOjhtkaIAna@#HRELvY5U;P}gB{`>P@FiNmhwleT!AcEs(yb+p`8bJLN!H2-!
zKDg7&d=2TV$$8G?ISRe$AlQv4zwmFmeFQ(DKQkvO`%Q3kgu{rh2K)uqQ+^@v{V-X7
z$|aqWUT@9g*1~CZdPL8W2+^6)uC}n9LBU>nF6w9AKjpfS*?WW1u)evG-G=+pOjsY7
z=Z*f6#p1~P+jC!;c7ML~gnzyP;Z6J*I=-4%d0F82NHZPQ$7)6@Z5tWSDI5Vl8eU9U
zOEN4<BWpy@DMD0EkwYzMFJMQyzVDtQM>U~;MZ#BGP5fC?(r(h}ZGwFsX{5+4`pSxu
zJVnl}KvVK4{d=7Bmz1j}<*WrF-v~Vgsv^Ipo&F>wC(i{;f1BFEHgx*Q<oe8E201|?
zk5Fi|`M6IVfiuAax*~YW!jqE}p3g163eV^C@8_a|p3haA+|f~lplpUGbWyk=D}VBi
zLx=U?r{0xMuCezk6e_1h^htCle5a*PaulBTlpfii<v9O?5LaHT*=3YtghZ7dSf-1v
zzU*1KV88bY*vXDcmZo8prKobM8oKieRVDccJolS`^>1dpq=TEZ<CPbb5zgW+4Wm^G
z5wylKLJl$yv>vD-yaY1oM)g$%rItTSJ!Wy78te_k2RAGLPZj92VM83pX?T@5hX<MZ
z?^kD%NvV^<&uh4Nb2cH_cdHK;S&ID|j1-bP<|!114bhp|3_^2;!;SdLh>>CYEcADH
zq!FI$6Kd?3b{VljyFVyx-jW%O;*Rg*qY0x|Ojexy@7zjAMii;YBounYaaJQ5IDd(_
zcp`iqp47Fq4Y17*Kw#=UWc`M_A`Tb32>%NbkGo;^VGGdb=kSHX56Tji2?ywQ%AeN&
zf)8si!blR{5nLIV-4O%Ho(9=agYP?&t)apCj$8=mug4oMI(L{;PdMu5^o3VaXK*Jh
zrVC-4okCc?=a}FGk_w$CU{e8<^v(C3IosD&Fzz|6MfdEPQf>#Ha}{L)GCc}T0SSL(
z+mtT4+M3<7VB}_@@QR$F^S4l(P70XNw)8Fl5rx7Z#BpcHS$@uxy-%=rtA}&!PTM!M
zou9}MW=cP`=Q(+k=($W5Gh!Ed)#Se`$~Y<aDht$4`lR<qByteXIa?O&{e09?D}A_Y
z0QjkZdqb2~K1z<7+~JmH1!m}4yhJ+EA6$zQ@I*`Vo-Ru-u$KkW$E1kYbU`oOWB4pA
z9is{(7XVxde72B{Cij7KWR+`FUkQwrCSPaRmj}Pn*;h4wl@K%+mH_jYaX?66C52A3
z5I7u4M~4MiNSH+7u^=FzncWY~?tb@v1|ppmxEYzESnfpd%eM)y{rNc$r3>!%RD3}8
z$2)gHXvsXkFz+Tx_$;Ks^D0*FQm~pJHI?P9M9)N|g7J45*u@@9jX+{|&O&KL2}Z#o
z%YK#|Ae2bJ%cZypU+0j<&lWoyq~A{gZLl->1XWGnq#+i+3-&_l0jF?U2%&NsCf@8%
zOx3Tq0X6K6Qgs$t#VY}_+_^7;U<FuS>GdpXzO0H}cD9MuGLTgR2?Kd$D=?6om`4SW
z^Aq0jh3BF;bM|?`UWDX+5OR!Byq05Z$1{$R>J%-=eoEKU2+tTxtqaSa3=uJP<dY#H
zrVe~EM8wooOnlOxSfQVVou?FRUV8_bhw4*-GVNDSE8F5l09blD5MZfH-#?)UVmiRg
zmIGmqYGFnI%q~a?B;4m3^@Lky@^qY(__Sz>OHz-HK(2=oay=}FT#q#3(TQHyHmGd7
z=V<uXTEe|8#3oV_Lhhq<p55Iky(09!L8bS_etKW6r}ych=zS0H_eG9vkv~i5eSd}C
zBej1|P9yAmxXJlvaq86~$MHEvGlq$_Jp%;399?8rCZ`uV8w;IBr4zM;uz#r%_Ge~F
z<D&^-A4CYd<zAEXpvhK~ZgRC_M7<c)bSdmU?i!X(;578y1P^jmdT!~Wq2>FLmbWHV
z%e6ZBA(PgqB1E=fM%>dvDdN&~A*G0imbO52^R%fsDI)7h+`o|LFkw3}4aY+Y6080Q
zB}hCIt`Q`@GEpN)TsHCgg2W?h14jmrMWx7=jO=xhj*QN&rc2YpHL||`QPJ1!MOjcU
zP~13oNeg<>O-$5`zg#>1^6QWPsRP*oEu*9S$d<JH`VdXay|gWNZb8fP4_N^%gGrF&
za<`!6-b1K3P#=zT2Cu<{&#xTw0gr`xCBm1q5?xWg5(8pl;Ci7}9p#C`fK#m3$q%h#
zMgAbX$D+aVs20uaqFOa+QVtrDJPNjZ<BA4|^EOeLVol{1DpNGm8a4HmH&<W6D6B6Y
z>nqM9++L|Edq?F~xm8BB9EMMVK&z)!2zxFW&F(&13sbL=hU89QZ`5iqaA-B=><fb3
zLM|c0T!k0VLE|5y%b<BbW7&fqDd_q2{^QNPo`H!2z`3u{Gp26_jdcKNs4t%Qc!;BY
z)Z@*wa>dHIAstI6XU)JMMeT$}dLH4LegiNgsp|Lg#1PH>hKZT}#J<|vkkpZbl(`ni
z%l0Iw^6LQC;tVkRs?xc^0Ch8d=0+{Xw^5J4ALq{*)lyeSGUo*v-~}O;cRJp5H_-#|
z>vJRpoYs1WU~;YW;fZ5DxxEUoIEU~oqC5x^DAwmRiS_A)iJY9^y#}p-mfH()t}(o_
zm%3uuq)7jyexzD2*m<E<lo!rcZ!cJ>uFM}dv>gjTU=ZN_h81Tb>Cd@lMAH8ql*oDE
zdh9()OL_kQp<Zh_N{$SyD4TDlqDP>jE_AlMUD@CE>~CjY9T03+X?%aGl)oC2s-z=z
z{e>qC*d9)ua--BAt`Wsrn3VpSXTT*=SGWwo+eJB9?kUI0?c`{=8!S!iZ)9m=p>+_I
z=)%&nnx^o7M{iSA@OSh!cNh4jx6*`j95W?+B0I@X)DG5%CThwo4a}yqv^P4Wf5Jr(
z%pL&FCvqiCLEZZ*%1+hVlN)%HAJ~&GBQM4@!tT6Sl}eDmT$n~%itGd_iJ`C%Yr2_T
z(<O40Z+rK4>~|ih>!CX7)4vkX1QZW!=knwRc1m(6=3Rl1AhyoVr<5fxEPzaRxRn-|
zi3Oj-iU^l~|Lr^`mqhrJH{dCDC&?idRgr`odva+6NF}~wf*pj;wqs>1ehf*S84=Lt
zcYSEa>)`<zwJd`REU}4YR3lkWH@jvUinAL9d&MoFcB?Uff~kR5{O6fmPc?vE-$hpg
z&jEO`l6lbQgJREnpp1R1buXy!V#BB_0>|y7GH=~2$S0#TdhNI|Qy!T-0a&aCafAO+
z0%%$Y57-KSZB!ix+LN<zwx7ehQIk&*kfV;p5iT4@4sNx+u%P;+a9ZEt@Syrcck~_N
z+KMr>i(<xBalNHv+?0sO1F<51S-f}@8>AJt5kZE&%inq)Y2B1jUFfV<>m<cr8n>iV
zjGPC>*FK_F?14MR#iO8H0)!<!F_GTE@49f9@Svfk!_aKi0v(N}+b|MzaOU|V3Vv@5
zUEUbs-zISTX6~KjEcLvvrRWFfNTav8D9Yt5Mtrok6LTmo3ie72o4GuBQ8?AtE(>Qn
z2gCx0sqBSptk-4?B=q5I0`8%_FltsUhS9B2g5QnOg<QIa4s#4U>GK~k`;g!md=rJG
zd3b00L(0sgvUN;!J%^5TV3*@C5A$@FpW)dqhtfcA8V$#h9$_hbowPWY^28;|=7ko$
zy{Wtl>!GG=9j2u*2}R_k_j5Smi#&1>125T@82HvnDFplZo_K*@@ktIR-Fzc;rn;x6
zrc!sm&Hp8N?P#9Em&$S9^x%LzQ2)_!HzjdGY~-x!90*I+n=~CchWsWpEH7Tnt`i&&
z_U6>P5)vL#Gm=NJRXPQ>O5lSN2Q`NdDz7(_P7*Z0y;QRv92jM6lgjV!qOwMieVEN9
zxMG!1ChZs2u76MwsIa+r$NcsU8Hs&9u)$xUBO`Wp(4|?7K8*s-j?M!TTi)VBK`rit
z7CZc{7T?ZERH>ZkiZ{C|3@AXE)LE}TqyBo-AREkU6CN+_$evqhRA98c2K@48ZNEyr
zO==xD(X5!^fAz!D%fPTQR>@+1oATF&F&ss+Z1-YpQhM|E1T=quMEb5|F`KW&&CVBE
zXrVDJ%nodC&U*6(UfBjvb?rQ=<T%VWxWqOQj0ZH|&K;<+>AMQ4uBx`lC=;eGM)IoD
z+>F%e2mD$bljlg}P}=}QD{Hce_Y}KKh9Xz{{4as{6=nQfBz$3t$e(u>&VZuUyDe6&
zs%IVSGyX1(nx~6K&EuU!SYH-TQzZ<bIsleKw$riUm^_Cg#o7p-IY(Nu0W8=@@dmSV
zJRfUzR`T&MfmobI<sujcTO(&xvPAw`ZWEoY$l7jQ2(DKK6X3|=Mfj6+!;YXv*%++<
zt79*8)1^iSfKNgv@g=;tmg8~ld1x*JyfS7j!bijSgd!q&LvIDu<A#2nL$+oSVb|9`
zKzHY1N}&#e7c%_q$~(heo;2cB)VHhU+u`{vx*b+3^w#fudJ}F8$9eE%luzy``42TK
z4Bw&bOKEp6!nOwLi!^&qIdRs)IhDOhu%GDw2S*Ndvl?o@edcL$zm2}s<bFGNrltGs
zB|NNFvBT=Dly*Epb<~EP*ZaQS%BYoc)@XJg8Ch)}^Quq@&nUjaR}b_#l62q0)J1NI
z*?nWpih&%wV9JB{FX>?3Ad0TR60Brj&{8@#>gUh)2S2S_Rb@NhKSbwl>lryNV1B8+
zsF=M=6bg3X3#hYF7dTDHX<LUA4=>GaPfMI-T*iSA{;o-OO+>fR6wbE^mm&N7^ek5a
zxkb;60dv1Ql4$_iys81+(yTwzoNpoLhGckAq_xkl*RCPBwhOU%uU+&nUjABzG}W<H
z_~2*)>vaG|1lGo$ojiKJe?V>cKK-mT7Am5Q1brGN?TFL5xr0;ji+0qpp^G{u&DbOL
zpB+VN9Te|(19(w=fVLyAGh#Hpqj8l=l&spWv_X&4<oC3x8zK<Z_KV*PyMIB}-Yt_e
z1J?7>xTmtjd6#}CyWpuz@*|e8H`B6^6Z~DNhOlvMZ8Z@j_q7FJH@$mCt*z#o+`(4U
zD98AA=+>{?;H<}sV#XeL43I8$H723tyTk=@keLF#MNaR@Qb~8mPn+p_QX-X^)@{0w
zGJ5I83n^xI+}ZDQxMl7+JiKi5NMWXnM@Toqp4d1(-&vQRT0KZu6HzdP5Um2fa8X3I
z^CJ0&R3Xm0A^?Nt{9y*UMqh3-tv6wA-X&EL@Oy<dqweJw-NnnD{rb_L0c!fsRo|u)
zW}L3hA|4dOCCqL#^2HbL<f#7y^=%wJVu;+lR&^P|UK0V)e2n1_<#yukK-px>3s*o7
zEScRgFOmc)Gmh7-ymEmP9J`}A|C-X5RSR38S)SYp;%P7}$QdgMwkhbDv@p4=5|J_>
zzcX3<bqYSej(=A%BswZRdq)zdK3+rfZ+f^(i$)}%1tfgnZIsY#N^4-bG%EAF20~@f
zcp=mw-<uusu-d=PqMm8cqjV|krm^aXbq73Lg8~ltyubs#p!xGX%-Tsg--Rz)=g+$Y
zH!sUn?RmZp&hrdYQ|I|??Rkz5&{pBSOzJV44x>~#$?2Al8{A=_a*|tkLYqhPgri%5
z$D%oB1wFj`Ax@c`ML;7WtKemK5gg(Fq(A*fI732jDw)1zaFMCQOUX%d>IHG_VfMUR
z%-$l{Q*WR|2t9p*>ED$|vYT+j*me=BPB3;Ih4+P<vbURsAxA{M&MXuhF?o(hf~Cde
zA&E402zD(ZP4pa#Bz-EI3w<g~g#P_Of2R=!<w|k(DP`F#cav|k^GpE!7GkNER)`H3
z+H(*#CS7PB4*Dyypn0(hQz$w`k}!7=8TBS3InRvdY{|L_US)xU9ce*2NPadM;oL&*
z1>USGzP7%?`BVt0iw*y}yo^ERWo}rl@G__F`Ww8=b!6&$(gIkR>_gUM6n$tC`d|pG
zw{foujuF7qOosP=qkyMLQF$7|$83>r0{Jgyq-rz1mQ!>L&vGXJ?M6<%WxAYy(VT6N
zvykC4%vUwzgXo?vY-&#fvrjRY&N$%*D4IkOtSFofSTO_;WE=hIM_})*pk`Fsqxf6w
zyjHBmUlZW(o8A2Qi}roj2>xCpD=0DiO$mX&k`{kIDx|K5pkqUw5x0n*-vEE#tpq-|
z@D}La&7^xn$?sT`^Vj0+MiqbWBi~KqZ@v&)#3>k@FSIY>Os?V(IGiucEs8bSwlE}a
zux?P1*mG+lhdIFc;1*^Sfj<UGQW)pQUXleQw1%Qj3pjIL#paSv6>K(+_?y@)*gv}D
z^EHXl92tPubxG%+UEv7Kz&r;WhpRsgbsUaSd;0OGcoHuDE0e5k%rf#N{R+>pT$DMr
z%}wWoB{>mz)~W9$ohKwix?-HcnDRmz;e|A5Ttg#K(wD(3ao0&2OS>ErD;O7E`ddGa
z#-h~5Bw(+D{VX`$tmL4QKC4U6G2G-pd|f#Z>83HOn<k%Znta?e>#lPU{xa>jf5HO~
z!g$3tksO3|+Ji7155n}ogRr=4S@8MSx{Wo(#BYQ1uh`Yz^yT;oRB~8M@3;mNz2g>>
zJMI(OGjTPXi8mBz&cu$|GjST8iT?8tq=QnsrvlDH8rw6jXk||Dc^E)V`e~?1{Y;gb
zJTohRnkdI1c(*LmoQKzf&%?o;0bwYCGdWM12t6?odSa&ZWOyigV%F1>hw}XNgkbM2
zCQ484ok?j3bnxeyl(zi;PEVdpy)Hdrb5*Di`M*t8jOu26<YR@bY#aK2?~wc`g&vaH
zGqFp)Z?i%J3UeMy7Zyjsx!8{!fA<u_@h51Hzddq0-66M;9&*P!l0$9{;0Jh}MX%(P
zdB0_4PH5&m>Z4H9YC@PY0gFFEYIX25QmdmY2(=p1j#mkwZRP-OPBv3_Yw6?6u_Av+
zbe<w?m9%6FJb9@xjT@rTY@3}8m36k6dEA^kl;XPb<^J*mcPQnVCL0SMP_G98lIhPl
zjZp3AskYeJI{#Et^L4+cOh{S7QbaXHVGmyN7X;!5mv_N|3QF+qlCvBICxYW!h}6EC
zs=(hFhL)>Pr{8iFdu7XY(!6!Lywx;sGR@nd%Ue(L?xJ~{ba}KJx&3I~ce=b<n%9-)
z{h-U+N%O7^#k>Q$JW%)QmFLsX`0#oE!uCm=x9m)yZvEbKRKJ}rl>xwzbAbRAs&>8z
z03Hd_&Ogbt^SEG105c{CW{ei*S}cJn4uUDx!t4i_oFJINTA0-UlZpP?^&%y9C<0KE
z0`Qv^BB2Vv_rvaJ|Aa;WE`F(~m98uMdpX%J3O9pWeJYj%d?N@i*qyC8fBeH@S8ts}
z%;oR%b;Mvyyau6IpQDpdGK|V;5z(2<D~-v#{&(^&6t<}nbK}iPoHoLYNX1^G!OWzm
za=(Q1f|`iiP~at!%?>P%DZ7699aOA^;u29RY@ftns|MVbX5B|KYiQ<8BvW3E`cS>R
zi;%e!FAZ!;X8Hc{V6hi-;EVlVxibO7<m5pNJrn}qO#got_t#Bqsknb@ur$CJO5ES9
zJV3DaV)6jwhX_VKGX4<@@Ixdm%9ODmSfQu1tk8O3g*s$wSfTh}alc=_PRFqd6`s<S
zNx|}d0RiKle^=#-DnZ_FX`#HoZmKHpf2iVb$@|+)`FryIp32USyX^zz`2V)x|AD;!
z9b+PwPnZRAhGyU)=(q1890WZ8rDfaM=~tMnH4OVDA7inwgHKp;Ki(L8X2$sG=L2E`
zl$)N|Nm%Vd0~sk;um#EWfBv9JxxW2KDABM^G3MN^yC?vMN_AvqlAe?<RyGSyZVR|s
zLfsa!^_%6xvg1DOWNJ5yYW2aULU)1CsmjtrtIEVs_XpIEZTtKBu_OJOlBdmRMnCr5
z#3uD)Q{K|+$1EYFYIiC-hzZtKOi~4F8IuD9Yl`f{o1u|U5NzJcYvmNDi&HOZ<rKAo
z{rlE<;rL(3Ct@<$eS&s!s52smi73J+`9%~9C*k!XhaAD=N^#0!67ebl@2S}Rp+s|i
zD1qC981nW2mj_Y3JV;iLdU?pa0VHbv%Yzu=@}S2iWwzkrMkPg)lCx^yVT+!Q+y!)`
zRG}j!NJqM=bfo<ng^tW0`2T>8Jd_YDbnA$Z%n6SRYq$8y6>^sVcUrCUgYFW01MU(v
zDu48R6gg495E6CFvUQl2Q3kitDwAU^(sIn^?2Bfmz_I3o{gIhabjm*uxJbC=FL1->
z&d3Yl3hYr#Ec7Q1B8kO$fe~W#yxn-8mj7!-c)PoOfscA>=%b!dTF{RHw7?h0Dw?z~
z{{)yja0i1uy`EoejuT+vhqQd6_;EHTdB^@8Ly2d)!45ht_1Z~I_s~`ZT=Y(()+N3Y
zgZHs8bwAfoD?HviG7LX1!3Vm|cTJZxQZxRuTymfLJ^`K5mVn1H3_&{<&Ygy?0S0uM
zD^@%7i*`DrUI{5GU5-2FQ>Yr6%|YUCBoWLN!_aaLW(GXOv4LjOss;N5J}90Q8uVei
ztI!5WdM1wNz~^}?A&%i<I5Qc9XQW}2ik9MTuBE!Rj}nt;6m%LK?dt_O-1=w(sb)>u
zQ6IkjWu;3|fN)Xzb5K0~{fy+3HGvNE)|+c-*L7A`(B&LTrv>{fKt@Y^)WHF@_pwt;
zbZX0jhM3r~gD@SP$q{LCNB0o3zqPhymGf-PsoCN|F?EM9|3D<X_T6DlJtt=GB@Fdm
zupKL5Hd;7PeyhmuQjCn?!LpxVDV=kyg?mj7oovDJU-)vdcxB2RcQosAd00?lAxPv{
z%9yY~e!_2twVYa!W*@Rl4~{pl#;3s`6@+yBE*Ft~>=;04kP@H9v1jf<xt%_Ewh5wx
z*8(2KhGPJDojzM_-{G@#lpgMq7|=hmhF~wp3-*n5bal|$6Npo|ZgtQgldjIpZ}qE#
z6|mKr8SY=59pNEX2d(X#)Y{I!I#>*zCjqYvPEPzLdxG6Wdgi^m4$aV~=fI4Z{giDO
zNqiU+OZ|!W`F)IoRa#Bn?VNYXeyrd&ge`FmN7#EC<PmyWhV9@T+`|(>HmEL;*u7P!
zA$G3-%(EJp;RrKoKl5+Kz@Fm4prOt?fcD|z{vlqjy^M+X`x8sS{~IPw@F$Lk_+OZ4
z@h48#_i*tQO%Jbdq=!#m2^>Y*HANQjGXNN`1p@TCrm18Nz_bs7NxVko9WO$52lBC!
z*ILcmA(D@C3ory6Q(gcuDpI|pYr=QI_LSR{LHsV@Xok_aU1x{6BK~B%%W@ndb2Vwl
zQv)Hl+Hpy0ZA!?kkI-s3jG`ylO$QtpLpvpM=z9~awYBd&+_|4TkjY6eKM20;bKipB
zZuo7>J(U&op3t2;9{?s%;HTjCSPJaP3bC#$FtOa9_!voi5ff+l6Q2qY5AD$`NiUy~
z^FF*Ma7n5e49tM!Ya}oq2f?h?!W;mYw}N2)tA+UjU|zzMT=9N<j&T$Gaega0_Y+oa
z;mBl2n_HEm8ZxZ!2&c$rsW2UJD>WG#;*nnx<Ei;8&#5_5MQ*(RBfJ1Ua`%^Fb8AaA
z&Bc$z$T;55(3i+2?-%s1S~M$~p0IGROCMHqXrkZu*A&hh4ev7k1^+Bz?;c)YfB(bl
z>-ekfIiL3q)<9aMrk9WB$75nQk|-z1iP}>CXiYW(4;cmkxfnq!RhSpSz9oX=uEW5r
zZ=c9{U!f(vZ?YORR6J68seK}+wE}J<Eg&iE#Rcn$oebM+k5C7NIFks2n#!tv%%6!9
zHUAqrQEh%n;pE=z^+vk1?WUtXxr|^qDe_S`E&2}m>-{o}<J31E{S0K_<t+O($fm(V
z{cZOm)q6i>5dXrzwNks!kD>qfR`}NsynwAB4rLa8Kr2EU(*HL}SvgFOB=GQzWRpAx
zYHZZL0*ZP_!!ZhWYDU)Vq!-1KNngq9yIiq>bh#tz@_P(X!oxKUy*m2uu%?HZzaTW4
z2`4uO?;1LX-UICK59F`+QFu25pK_ku#k-NCQ+4c9I#mbAUz$5sb%gx|u-tcsslCSr
z!bbajUhQb^U66@%%e#Wtm)`tf3!ViEY(TF=iQAwPz@d8I0A_DF>-Q~ce>=fH_sc_7
z)EfKX-<iEP+i7NROQhzBQJ%CWGKm^4N-H9hRN1ZcS|r?TU^?5&ZJ;x+u2ed68xjtN
zqyLwbRb0D}MyZzmgtmWqTeDWET`0>j{F0HA+d@zO`h@NXt?o;C@nU88{C;3Y9<LDu
zb@(YjpQAuEa-8Oxs-$jbsiH3R-;9}mNneR|qPjc3^yuzc+9y)@WFZFz!d?qW1HYmj
z1a?o#U?1>)Nc!<h`hleA;(AJo=I%>@d+*!~)V@Gp{Mwfn=$&{R&3jFk_aB-!gyy}i
z%X^*X-9qzL=<=uuU9Ld$R_XFq(!BHOnD><~4`kQ@aa5TmN0gqqNY2h3LE4q~)HpT|
z0KiK@02NyG%k2R3a1hMxT9^(1lN<!|C*$LAkDjV0Fh2+Jai3gMc;4>;;Pq>MdA066
z8(yAVgN>i_RWnDDS?JUe<Y?PX&Ywi*wPLtaR)S}BsOZOkQgo_7lSIoH^z=76xq=z+
zYVIclrl2MwJq>@MK0}nu*=L{nhYLD4GX~>-G#D9V)qwQT*8MbVD`Y)LvgCCc+d$6{
z%M6@pH0eT=UxJWt&rDUPtH@$kQD6vXB)#-{0_&?5^@nw!-uwX;EgPM`GZ(r_Gu22w
zR2RBOdUqi_F1pYyn~A#MJ-ex&SSUbU=-%)Ib)icm*;5y~rBc*D4#`)k&V}y0KaE@{
z7rJH^#v26Ka7hIhu4BzEavoVmYFy@G1jW*fJ<|Rd^j%vx1N$_2vcFI8)<2fI%zf^^
z^sT?%vHEKrAR^IhLY?zl;5s=bd`^y9H+p+szYXe68FAbv-`SE1#Myxrpo`hxhttEz
z$fz&Iz)1<9zVi)<fzl@2>rJ)QYjyvCwg6kCXIj!$XK2g00u@}$TMU@hGS9K>RT@T%
zU@fBy>O9)A1tOC9q&F8B;N^K&eIIy=OOeX}KPo}TGbuR>;uM#gYHR6b$&y?VBtI}`
zA68@sr>(M_QS9(F9oBZA$$5>1cl!055p2ul&Da<s5h3EB#2ZT(&9tac&;ExCblVzr
zsiOqgE<=n}Gw<dskErKXQ?vhOW#CGq3*~F(7R>%jt*Bj51$&-QzJNnrXN9t(Vx>qo
z_C{6Uz$*!ApMO#EE{4CEWMjwm!Cu7Vecm5zHXhORiEfPo=u`H$T<C*zb~`!|`aNT7
z$AzFKPDs`6Vlqded{LLGzNiPZr$mA7V~sEB)@>-WQ%W7Gum8;$q8BR!+G&c2lvhBv
zXdWrdb~q9JiP#$2SUTDoVys=(qsMc1znO$?$)uuw#qa}yzAc$a=LDY*_{b3h#xkWC
z8O0s<FG}W4*FfC8n2r;*l!Z3A0mLs-RM)?Js^bpok_0?9<=f^)aKe&*^B4`>y#h;S
zoRpLG@zD?~P2+|{fJqD3ZMmVIV%LnUV)uX^u$3O`23tvRoNoi<s<KB|8^LaFOMcfE
z_TY`yVUQNi&HNl-pQ*xa_aqC52PZ&<RCdb9)#k-du}+#qc9P(rW*^iObgX<&V7#D4
zw8L8mY@zh!GU!WT4+D6Or9tN7YM#b<2`kSe{LedQecs#2x{=wp^a!Kq`R?;dO~uqP
z1*>d|QW?y0EUHFs<dlb~^J%Rs9zz48f0Hk%$94?{qTi?O)LVl&1=!7=es(h{M1a3;
zL4y1xj4P>-Hj^3g&Ly8@kt(@4Bhg6^NN(IWWIY4R-7gvY@is1+R)0Dq&+Ljw!BYhy
zSUZ1)r!4*6KI?<f?Bj-1inc9TrtB@1KPeWHAWRQQBi>yQNF!jgNc%;FMu6Xll4c0S
z)Ud>+Ywz_*X!@_#&Io%m^$X3_f8*1Ey@v&mx{EEKaBKKxDt5geSTW+x#vv`J_@U-1
zw$BQz7-cmRTT*dEa}^f`Rh$hK$F`*654mP4u6i%zRD3bG1r^`Tfl0w^pg>8W`aX#v
zEQ?)}v&>IiD;?p^OrtSpaC=IbWXD2ySp#m$M2^$68}}-ugA)jcWpdV$&H2*3WOE+*
zPQN)3TLni4UQ3ygU%(R<UOvDOReczXq}6{u609zM&huc#o^|Lo>Ci&PCBT85WzN1R
zI2Ln?lxUi-hyU;f+Ti$z(;VEGvXW9*)3~AtAgqfU$%glKq_%mjlj)7M2`1t;h~nd{
zrPShuKaBWj4Mqszc|-Ci9|C_uI%$<DXXEe*4hUdKqZrz9U+NV?y=lY5e1Bpd#DBrW
zVt=ApPsUzR$=Ee7A!AE|E=Bb!z%Kw09RB2Y72rz%sB5II0-7aPYo7{4Mu@>G-CU?3
zBk*!#o59HHYdxB--Sb*jC~~!ZPzzA~vF0j1SrOQ6jBPW$B^9@Wih~b!dJlB1Vg_J;
zNS%{)92$KqDaB^s?s*wI5cA~+etN6~l|#b-NqUG}nwsjqHK_XuP-ay@3%WnzY7e!n
zv?rm9|6>b$G}YuAivpJdsZM@Nn*8NT4@!0B+`*jRLoMh)uZo_Zv$N3u{VDJtJLNvb
z1%8C$0{<W>T}fybL=MXThMvmxH2N;%pmg_ZLeKJOSZwwff?S!)(<v>Z7R(cIjeu<#
zG8Gr1lks*&#`4Dy2Iik%>&ck43wXMMold${X|mO3fsxgVavIr~KP5IR<*I?%DwoPn
zkSqIob*}I4-UZER@J{QZcUs&k%8mmbNdfNDy_tnEEDX6Y@8>BCQ|!FZ%-ZB#hP7e7
z{qoVwY?;Y5LlpUgAmL)jY<3<gc1qH*Q$8OAw*vQ5Xmqv^%IW=)eS>QtEE$PQTyJ(>
zA`2ZT|9G;*%-09kZ;OJ!kI+IFY@wDuha5K#$|=a;@m}VbsN)u#g2?StnW)2rY$U#d
zp&`91AQ@k?z|NxYS0b;z+h4Wcg<V^&M)$4&`!n38U6&<r@;GcHg_inP3mZwL;BEwO
zzL8Z+6L87OVI}|*q@#88UQ@2S*W3#ho(JT9<o~eG`H<JLC48t0*mF$@P1`c?QeA3$
z-haYN`&LjHXEnzK`nFpcSlwSF0fStEuuLDy?~4SK9rot6vcsPAwEa&)Qz6Z4xpQgW
z2wmPVnm3N-jnd_n(7Yiu?|xn0Jv8qYn)iq<?;)Be&^(7OZywD%-yQS*smohH^Y+oa
zrMf&9&HIw(eXh&<gyy|Q^VaI}R`G!{)v13{NhU5y@=<auKlCT{e@)B3tSkR~P<ipR
za;E=&gcQyW^4FTH0@MJ&KY{>+GZdg)dItcwAPfJ9Gqj6{((?f3Tu>$Tr!_DS0nG8!
zl>h05!vJ@4{$X6=0*6s@O$nuDgu?kj(%d2yz;~Dc+#Uq*&^66O9srnO*RThjX%F7e
z_28AD9=vu{Y2Z~TyzFXV1J9`dvjM<yHQ3!B6<7*OUzL?PzZ*c8%7LH=b(^{}eE_Og
z(4=~=P=FCqTLAbOKXbR|pz^r)0L69S!OUdN>m>v7e&*K~#wv<G??*hU7CGio&&Ub(
zvAlBng}VR!)r0d6WQ7NT>gz$Mfx5VBqmPow>dS4ezHiQx`np3EqC6PtOz>;v5M6c<
zK3i3L#Y*4&VWhm4_Y|iNr^0)Les~YEMAr09u9>C_q3MrU!B5!V_t@VRoZ1c4z72tP
z2_tdn>lDuWwZG|D>DTjTeey*4J~>71Eyu|{Wuuza0s7ua9-t=hkdUq&-f1rzkMx@t
zfdv)V4izgJZWKmsWWc4;TKvUm^)2rmL!~0nYR=M5CEKc23P<4Z(h=N1Mxe}_RKXGr
zBr&A^BOVQYYap<^^G6KqcLk!>*G)EX&Mk0M(*Tq7ZpY5b`X}k(SBK19k?ypNrAmof
z`a*0lEpUnzpei@CGh9V4i=eE41Cz$1JtS2vN>DC|t9KiN4>5a1C#0`;cE)YpGfum$
zd&JQLj=FhSkz9p;F$ib8n^T{yQT5G4h~Vy~7OL`%TK=V=Cc>De0E4rB)ZQF<Dx0ck
zVnN`#_MlO%ub^sxakO<W&D{vO|JLNnE2$z!ky_R%+znIYv>u~T<e(2u?c7K^7bN&Q
zu053Jf}#ri<gda~<f_V4IZ8v6_fl0konwF{9R#YJ|2&LLanxEW+=K#Dm2>x9RFy-c
z1yjLuxilb|@i;nF&YC?&MU`U$)gcOj&DqCjIQc-OO?k#1DfutJ>A0m2Ve4y0`dim1
zZ4NC9rL>t1vB6rPY(Z90nFHjOL98J?-LD1Ln7GqD0^1OqY-rto`Uf<GSJ(C}X=ueM
zdc#EK+LdRlnt2yzd6+7yn`&?H_`rdoZsCp07PL2jw3oMNQu2Mw0NUgp?APkVhH=el
zbwn54Mqqw?e5PN!<L?L4?%ed0Dz}*ga+}kZC&k(=RJ%iWWLc2><P6pCm{GsePjsAY
zM!zFED+v=08lFb!3bN7UTdrmbCDut45*44+2#Hh-niQ)M6#2buV``EAQ4A91|4heA
ze0O?@uYb9J0HWRsQ{Q{|xe$n&ODcpwc%d~R<*Fv+lvWc`uF-_}&KNZp3TfqbV+c)1
zJqA9EyZ-^~;FJ>mPAaFNJD+#chzcowK}Ht&NyUSfNW7twwT6wazh9eO6SDl+2vWRw
zy%cXfC0z;@Oah{Rige`dm-=&3yW3iTk{`%DxDoC?b4{M#B8IsW`anMwO!Ny6X|s7`
zBjnM2;KVmk(R2OMLrUyUDOmW%bWX2h6dY5i5r={!1VQ@9Iw|5s!SQsM201Xr9>y_+
z6gi1p4}<ds&{#pR9`|zPv_kg>QtnwiVmE;Jl2ExNuwu3bpXFwZS%mm*lEBa}b)zu<
zpx{5E2yrG|9=O+t*67PrnhSCdaumirNyzdYx|xn!GZ|O>T+BcWsB?6&hFD_1C7#nA
z7npcjdmY3ScoHzoRoF-MCxJ|dtw4bTG<9rqjY^&=tl5K4285!$PVza--Kmdg+i1`n
z^{y}s>kvAw{8)A`rsI?NsswJ3%hD$TX0e)``O)yE!kNIH%=ibJ_&5%BX>lf^^;okz
z=FIXOPTIbbs@|%#V;scBI95$54jT1+OzHrlCwLdrkz5hH_=dukdnzW#EPYUbS$bbE
zq%tT^4JhXzP5se`hKrCcw`cJdRQmR=s=rp`!wMb>4hytyp|_NZ7-VO_3ALY{*@3)D
z?kJk~vo3Eh&C8;BM|F7zX<h=&`(2lJjOKAP?@wKxMDvbEW8PU^-btFbmFCs!^3Kt`
z6*TXXF7E;tc+;X6DK>i<KaiWv{GiL$d@W22z*GdmbY@q=vC^M}6Y)j`T?yN$0N(+?
zm7p4~TvY)63jlux0jyv(%#fS_@Jdh<ub{E`LFsYGUKW(SOue<50AL>ZR0wYKr~RFe
z1)lbx+m=4>(*n{u`~>ALLXv%uu;ioO6SUK0&x5ve7Z>Pnb#m5FSK+OkhB%Cs$_6SM
zOvmXnz>ow0b-dc`A6A*b(E=c)?ZHuXsypt<GTiBx=Vp<+NCVmD|1o89()ca<4XkV(
za4F^A=+;}nLn2C(x1@s)%f$o88sMXXZf!#N_m6C&_cJBmq?6~q4R}|L=jSeRUwdAc
z`MiphGa++<vPROx$S$0)hOk(!(S%D;Qb$I1xz0lO{H$NVLZfu|+nZak&=ZdLxK8ca
z69Ul)Y$BvdEvY@~ct|vAzQHp=Tq^iUkglY*purc8{Vy8)Z%~7%==o<$8oW{4pyzN{
z%UYZe)M7rg7~hf>KR?<-Ei2s~-o^iss{KgNehAu+Fzv^Mu<K#hm2rW6y%E<xr6udH
z?dw0oH0{p5Zo8wVWQD@&ziw(lyGxH;537d-jS8{)g_hKwapZr2WMM%K4uJ-5Y)OOF
zheI}4zlkUJqh?$E@zKCmi=ov|dbgm}p`lxCzQKnd3AvXBwxq%RhyFKv>CT`b=0S_w
zZ)}PF_mBoZ|L}G8fBdTb*rom0L_T2V{S^9BZT8#n(QJoz22IfoP_TPTI=tqfro-9V
zcKcknU29Og-J#%H$t`GiptfC4qo&<ejn`{;`IFfJ?ShU?x}_!U*8Hkz*Q9NCz;)a0
z_;^SH@_Db8@ISxy2%%&1aQ>@>bl_R4`$7qsUiU=>aGHW(X`fehfyd``@xl5pzG;t6
z|Dk!m>hku}yty>*H(lNlnm3N-oz&%dY2FZ;*G8uoYQ^+lG*8gwwGGl4{liC@YZ$8c
zY7l?^K8xOmGxcmO;agw8=zY1{IjsIiUAJ}xm4ES+hIhXU$~%I>3_7(iw*t(JAec2;
znAQOE_9+_wk!${`Xk4Shb^lO9O0^0ygt@g*Gr~^*rh5>K66X+GcL7XroWrNJJ$wvc
z$}uH3r6=lW_P9Y2y)mO&>faq66XwR!^v8QDx|^OP-3#{Q-pw2fp(GFUJ`7qHh@a&B
z82<SH{sA<^fJ0t*GU9z6{(*MAF8F5w{4)<q&y{D(&&adn8D4lWU~<+_iPps3q<4@a
zKTOh;Jd8RCf8!KbDuI^z?>3@Y@t(I+IJpzXM)IOvxU)un4E}kPLF3S)8T8u(8q%3=
z2KwFPE`5K056-&~dORKKD}aAu)b6g|WmKgka*|vExry*kENizK+I?;p6_t&Z{>gro
zN>#v@-zN9a)>kS$u0oE5{0{oouI@kUqmu3d)-GbkYIkTVp-fWTE;{Uw-b&HS&vg0~
z38!r@nx~^Yb+Ezg$}+jeNTTC_U<V}^xh8E$gGQV`OGdE|=kye&UdlKr+8X$-CtH87
zi^3R@O#SuQu5`El0|P(9KO@>g(34JuIT#FOz{dU%{KNzC!&&f?LE&IU3|_GI3l0b!
zEXVo#n_pEafNL+0B^Cp0O8oRcNuy}gP1+G05FRX`t@j7fwsv{cwzkf@gdr~<B`E$&
z5gb_NWaIi29N=lG%Rz#HW7=?BsNq1@EImlM@6~dBS-C^Ml5#iEa?qo%QOz*!usQpf
zStvNh5Ui?-fY;}x@`9rVh#@&kjL}HSBMXbDekDbOtEMH{D6N>4z}c?(1pBZs`qHE%
zqZ-`*8<~6@WK$r$Rqw;&cA1@r#nfHG{P#&moZi&k;<&S7_8CzqIAi87LpP<iRNiHP
zfaO=#7z4zKTW~LoN;W9QVpPLIF40oEpQyx+rqHW36M?$Wp$ttbg`}~dSA(wcbZiTk
z_S3xD`P~ds*iitwUwUs=0;fID;HG?^Z;LqYn%Q|&OuZ~D0BM++r>G~rU&QbZunxU3
zb=~8XT7T>O$#&T%I4*$^Wj}h%Y`$C)e5?Kh6Ppgw=VL^<R2t|Z3wkDq;6CD00B!&P
z@ZCa|6?<<xd{q%J5J>y>R*-gyx3;dz8ZFqrhEM;TDT`b?1IC|_>>314;-X2q6tT%j
zlZG{j&N|07ntEy@q!L7QRY)R#2BToyfpvPs)cvF(!}Q^z^PqPLq`CWr4GP5U+yijN
zMR6RWruWuX>=)XTd3)$TJJHS?r$=S%@mAq;<!?pX(ZdklacbnFc{!XMBid?=V)i+~
zK0E@0&v)uecG|8oVa~q1`dVJFCxBa*h`wq0&W3!CWXP|tCTI_=2~CK_1p5sDRoFKy
z&2u^)%OOaau;p?Xt%d<a5CDT7AY2E~Di|O_2Vl?xkRF@+#sXNR4y;XZJ*{*A(ZK*w
zI)HY80G6#}R(9%OVp}#X9fGFil73n`1$E|<ep)&Q1L&tEJ{UkhA>D!j^b?X044|Ko
z9x8yn7Np4?0cx3c0_+k=Cy;!ab`~7RNUAac3P^aGA2}F+K?e|-=0}c@08wdv<Om7S
zIxP@6LV~qT^CL${fS5Eta)bmB(samyFrlWU{q?7%W11g1Lber`=0}c@0A14j$Pp5t
zYnmT9LIQM8^CL${fE&{M$e{=L<O%{Lrg`511ETERg8eQKKzQN>dnCU5-znODZxG#?
zIY5EV<iNQ;HAbR;<93n1a`yoHPSF2k?-T6dJnZ&4$sGygFJ!{&%JPLdbug8dh?)qP
zxT$iPFztc?(j{e@Es-^a9r?6#LdBo=kV4+FLSf66Ff}KP6`Ot`9&^Ig96->D<51=(
z<ZO;mb0VP3F;eDgB<4h7&K)F&;4Delgq2utBM?`jFd>SfK?aD5`vv%)@|UpeAXT(V
z3o3TG5hk@`R2m*+V)iBLboB`F?SNCIe1nmz%1X2JL{@|y*L4f~1+XGXPbP51j^mbr
zX6F&YW3YJLgaez_2e~qE#cDk*_tww9uSU$SvAC-Sj<%k!X_Y3QV!V-C<TLiz8hk<#
zVNmucJWDho3aLMd<1R3c#l-K!D5qxUWho<^u`RSa1s`h|7xfBUh=Lp#o}N2V*_lev
z0s=2nz}{}f2XHNZMrJXxFDlPcOBobq3e%WF&4iY*Yrm0lGj3W44CoiJGq>x61lEwY
zqbu2s!=QcEe+zb9laNL(^1zjAFY^2k-uMQ*U7k1_g1gy`i8uNalXYr=SLp1GUrX*5
z&+2lXqd7w%XA!ArQK;IdpKYFZs#1BUFj9~A$spdzz;5(tV|?%n0z)5z<WB8?7tZ12
z4?!?;;ruijFQWI+^xM_+mr1(ZPwp#c$Z7Je@-57MEM7_{Jd>O#ca!7g&dgE`FF)~+
z9;L>%B^V?{0((VJ{~9n<&O_4kFM!Dz!RP#YN0xwDnWNs)TXdcknS*!@Jt6oWT~*lz
zFCo@5a+GrW$gUv>TLbJ?6zcx>lIyheJ=%qZQ!B2!z>#pGzCL(*Kbk;*O@B^>H2qd;
znbj6L#jV4_@a8_vdXQ%9gpA+UVurj?v~4y#nE&u5xE_-9w2kzZSNnX5;$P2yzazuy
zlxzZXwJW-7O_T_(qPntuQz)!S$*;OLcFvvot9bI`X<^}CoO%&5yNnnRWvpRFJC@|i
zi*;1bX^U^QPDme-dCjlda#+5Tl+Bw{Mk{$hSoq1`sHA)ooiwru3m1XfKU{Q^{W$Lu
z-8o>CR+MqvWb^Ts3EnGkDRdX@A}tMQJ!6<MG*^m9E)Y58q1phujELsjfZIMaAUM#M
z1(}$Fs>&>1FKaG=G!xQE*8p8WqQC3Rj3`%LgWC0a>7$KmwKWljG5TsDIv%W-x|M75
zz|RU<vI+_CfRhiYDPtuwe;8s&wP#79vz)N}5*cO<>zaK6Trq)M%Oab(e{5`aRQ>s2
z|AoFSMb5uW*{212XS~KB3iJUSc%-r*e+}ZmjQvIS<AVJyoC-4hu@YUtfZ?BzKK9V%
zN5K!>PgU3QEBn)W9+>fL=;BjZ@u{S^{HU&fxU_4?(h3Xj!v1N?3kxGi8rC5!#cLm4
z-J0!UTTe4nWHpd2>Xk?(feTTuE(A*=ogxe2{ffW>Wnnw;qYZQi7X1&SCp!5G)iM+q
zsrQbewjgaGC-6@ou^9wLW2GQ>8LJqivXl770RwerDtYulx}v9k;30av<jJwReGLv~
z@ED6`Vi+_XD~{DD%0(%6i=y{nCte*p@ebo!LkU$|j_-n;cJ{hwG<e}e-|X}Oh?0Lu
zn#ek&_hd7%4Q(k;ms;LNX{N$J=rMg@+|U*1?4Mx$dGvNvws#Qo;LUY<V}G=+F>Dx)
z3vqFzw0zz<auRNi4LCRjN3S+uayqzF<g3ADXqJf|Tn=^x;5GtI1!2h?G%Gt^lyOqN
zQ5yBBkpus|CPFn_6oTsMH<v=_Bllh4g3L8J%j8bzLrB4mVQt9~&IbJcH&O8X-TpfJ
zuKOSgT`w(L6NSOLNYWOT^a>``40RRWXh0w0;1eKBto0b5{+JNP0UmfFpVh4o0X~KZ
z+el6kI8#cc`QOo_s@v-B;7MR`V5u-Dh4#w+a@52@8p4VmTGgE^a9M7QP{pCIz*@PN
zvt>sT_H<Vcom`ZfYHKMr{b@jpTd)cus~7i5KU|ZA>vKulg~?fDVIKOeKR1$~>J^ez
zA~N3t<VWP6Ge|=Iz2w*Oez_b5uF5KrUVH`?cypfi`H(r=CpeyGZa$Z36PGiCw^B9b
z-7v=Fu>|{I`s#kKR02}}<Z!Lj-x#ia9}jC6&IyY;krKnnR2T|`HHA0w9;ubBAsi4T
z-BM_42($FGHSpF+_`Z)iDJYdZACXyHH?_htaq5&uCdpa4%(pRf+Jq;q6Q@lWFL&2v
zE@YV%6CSZl7!RJGnZHrNu^8o4)$wxM09m83W>DY?8{_-Xl_8iPu)-6zQMz;Ov%nSp
z^1%eOYNg&c&;sbCE_4HzDl$Y^;kz^|+&>dn_?@->6`n<s^6w+-7@rxi#I2tq39$I>
z3i8wy{;e|93SYFE1MK~*_i2r0tP}jJdQq^09TnJr{f?{pJ*QpOZODt|9zRjiWI&Ov
zG%sX8krgy=uPzT%2YxpVuz)pr@XCoI*DPA(h_1-5w7Q3Ao>!Om8_mn7dBNsudcN3p
z1<kX((}G-uZeuDSps&)36{JUB1aZ}CND5dRyCM67pzL=VHQJwv0Q0XPn6N8QMZNdz
z<-nZBuWCAQ3zRMmGCzCpDzz?)hV0=%*~7I)a?*zcW&lZnm$dN0C`(v!9$Wxy0}HQZ
zlvC9D5vt}?f6=1rp*%Q@Fa+HbXS0U83i}#1#Bz$0j(r*Qxj=FzC*?hI)@O1Jfg`}g
z4=FFORrUqDGO#Bd>W=O!+B^{%Co>Kx4<6`!);SuSF&{I#CiW?IRo-eKq_*%@|4z*G
zz&3lKQy)UckDEb^T~GEQ+m&afU$?+M{9UqsLWs1>a%%)YXO$*!CjKPS*HcorPV{u!
zFhaBAGHAE^uFhpfWuAd~NKrpXR|x1E({kwcN-2@n(Cw9Oa{i)wZ=pKAw&wX?qmZw=
z)#DLj1CbG0$6}~n_R?b<FWR=0qCMJG;G*_X%w2d4?s}s%9@tp}bKjKjBl(YE{+JN?
z%j8Ev|BLw(wE58XT)SMZ#SSGJg6hT`-y&`Lz)0PghXm~dLTbXzy#i2)fl$zju(TV(
z)JwAfCdLOo)$%yi78gC}5LP0<TD&b_5}+i~O2Xg7oJh;zq~F4+Hb0hAxC2W96*HKV
z;{()%v%c;D$SCm#JLBI=zk&$?i^k&f5VoRH%=QS2Gr;1qb`wSPO|f8A%<KycAc$dM
zaAKyVfuP~U`c4$br3cimG~I>zuV@$M{7Sp<6m+49`m6J3{XDDxa@h6je}U9*`x-ao
zoE%*|5HLM25i$PEJ)+3}Y<6Cf8vgS6z_Hvo2b9n}(cWYG8cWT&h1CJ;GrL6Ofq{|U
z2*a1%q?jG?5#wo99;EIcH8PUB#Ce;6v(_6se0#Vg*vIo~ObqY^{5mEE_yTreV$+KI
zj0+l?*yTOI!V5tzoG)nb`TV;CrhO31{TCE@$sPb08Uz5yO_oRc9I`v$N3C?ik-~X@
zA=T2Y>fGctgC71y|D#G#>iHSfBj-u+pHcR2r9*vemnVg@#Q#85f6`jyK~NRMitzr-
zak`g}KYnWTd$>g^zEMe0A4HZ)ACojMn6Kak5Gq^6YQ9-p*}_k$o6SvV5umMfGUUvX
z$H))K53;9|1P`BX3J=?@@4-<|u$iCI;cU03aI#VEAtykq+3-)Mwt;A9AYOGKdu=6?
z|Jc>3DV3y^R5)~arIFRXmw`>Orv&(K*WK@ERJ!xv5gvV?RT#i-8Au7e*zAnOJBfk0
z@A~-`B>E5DfDWZbp6$<V5IK4Tkscl*2Z1zu7Ug}jba$JKFshJ^7hU<KXfu~zo^P82
zhZ{V;SA0c5<LL^?RQ*wuWtm(NeKfZ~qjX1mj)_v4C^QSNj}%T-^p-<n1(ZkujLibx
zwp=<eJONI+K39Quoaz8HWI*zU1a`K?lVJ{^!?YyOrx7V+tUo<LXzHhP|H20$>B=e9
z&;JsNd=2mmcgfcv^j<YMf*e%oa3NdV7xb5}(}U{ZFD1dAYqnuxfajW3m^jRzI5faa
zhG}-YNQ2%YsQiR4a63Ncql{KEWIqs;eXmb>p&kwZLwo@d+sH~X8k~n=Q5g-s{pK7L
zB4@3SQzlNDcI_C_VUZb-WuXI#fDI7y1sIS~e36#z>x@{s2>#C74A`iriE9p&G~*sb
zSo;1orT0Z|lHR|3je60iop_+hPApo}1KTZ`r*5Jw^k7XlVT|f<c<D!UL#0R#_RA<e
z^AX)z9p{0>M7y7Cf5w}DySk$H@E9eeM7HXg!wIQC6Iz`UV)G=SQ)DkgCRZkmj=Tl`
zrfe+};<la>O3DBC$NZj@!<`d_J|57MdoJC1P8c0?fTf)klXi%$YozlZ8_C{m#Ui*b
zrhf9vmKA_7%w2TQ*3h2`G1o=nM&cqw;Vq9~qw>LUvumbg^3|GiW(G){8l{&%*2)A&
zGl`Qq`-tEGCkrN5J7^@enHui%*O2FzS&<s7<6&F4TA6doC1F0q_wepP8J|j@-1i)2
zy(6X1kov1GKRjcUDSKyN8|Oc2q7BP(Rq#dbWqbpOA2p300EQ79SA?kZwU3${`5xr6
znjG;2UCEi+l5o7xIg3v9cq7QvMK@DXLQ}&M9LqEn*^UT-6}6>u#U(blJJHH^!sTYV
zRysHn1h-kx0!C*Hk*=vySkMJlsH-n@1vfR3UW&F&o8vWmS(P{D{+HhSf0`Xi-iW?d
z2<0aG=tpYN<-8)UojUCw71O3#ri$yvPnbS#+QbTrxE{VAwU(uc8y=fF^|474(kcpF
zGt$dMVM-1Bvj_g!2LIF*IqJ)Vxfp+ZE+GZv-%-iw<X`&GaLxp>X@p4|5yVJ-eTQIq
zayxc^^KHp_B7OFqr0?V^bZB)HN8jV)J9ne?$a!HZm`aec<d+yrev-mv!U3|K_j%Ah
z%=&e{ZwH~NhR;6cM7~a3H}Tdi+3?4qSHz1)#Ee~#1V1*KoV!gPZ<Od9m27bCN}emM
zsV)<ykpIV4pA#yoNh|md>1IU{C_vukRCQpi5Z{d;3>@HO#`cMx)6wRPokbbdW^z*m
z-oH$kii4iYURNevgqUspNrE}KLJ8Qmt;n&>l72p4_{t;l4Pw$6lXIiVb2MUTc0zl>
z4lma7-TA(<!lbSFPLFjTn;)=K6Swx|z#fiZpW|7;2EG=;vYE&UBL53indImWgWz$l
zp`?#@$Fd-D=8PQ~KG2IBNO>AZE;=2%3VqrQecA{?<a%mi$dS%$6YLO@KpP(Jpf>27
z;J6)3fBfO$<hS606b~09!t5KQOXG1yma~V`Ff}IE2m^?x$Z*NEqkU~*djp<yp2HD^
zP780aJp-Y`8^D(kL6@nBO$=$q;y1yoNt^JyB;fos;tk#VGG5rpeIaRw5-(3P_ZTcM
z*+0&0WSrkxMC}-lQvEf|cU?_ie;~Ye+L6Ao4E#IbC~fZ_^O;=3$*>YU;APZ>ZiJ5_
z8zwEdO7<vVw&3oCb_#&q{O2I+-J(PAWEH{3`VqWDhv1eq47<&|q{D8LD>Ip3I3$w~
z=RP66hbg1hL^@zF0aE-Q>fQuCrt5nEe-lZJ5O0()NF;Phv}l4<LR3Q38zw|iQEf#<
zL@6ON*3>qM8e`B_SK8{g`=ZrvTeTF4B|#TU=|=6#8)H{Qi}~Mk?tO3Go0%lj@%{b(
zpTEyXX6Ekqo^#JV=iGD8$+X=umR%qie}iJ|jSO3*U%cN#23SeZS!lTj)-If^-7Xc@
z-VZCc*QnWIY`JfMqtT1~Q`+q{C-o*w16jRYy={9fhh_T%vVN~^r|Y+a)U`A*5q^}w
z3bFOgrEs}e(n14)LR*k7kzAw+Eq{fMANJ`u(X(Clm>iAfV8_#y`{b~<{R8P=zg^ld
zmPqAZc@6b5cf^mLVtAQ`izSeTO}2J>0fYpb%zL#gDtyLX9bwA$#&LKsV9C%qf+M;N
z11MXI%JiH$4iA%l-hxQUsurvZ%C*{Ru{L`VS-Y2>w%FO=0hR|!R9k_oQ{}p}^|vk)
zRO_OkAKGp5dgzqvv6AptY)M{zQl4Vqi_v+G$<g^T#K$9(ysSkEH25-@OkY+8vIGj5
z=ypDR%Z-k#b@CQUd*8E#2!HyKnm=XsBut93KO&awGmjFimHgx<$&q~-eMlJB;^{=r
zFXOrbc4oPvRsH}Rk7@+#mMcQaE|YEF)K+tf8ebk`ahmLd8(+yx++wmn(YP`*@%zj=
zKU?+-*1zjpqTqG~h?Uq9Bx1@o6MnVtWg%sU!1vq%2dI{wo`hr1*HeyN)1n*49IllK
zZTC)YD`<XUl9QR<&}mUVg4UD8$9hI9n(khFxf7T)jDinaSz@VJ?z)%D^F6<*SCoIs
zGYt25d;8EcF(M8Im4J{3KP?)L-3%?wTh7@-=UOYZd@)>RTPq{@l6Yor41r?cW^qUi
zH8(B*FFLK3NQW^594j(tsmwYKZ&VdFF;vK9?!`%C$?Tdkf;E;#y+k;cu?tIFlOy7w
z^k~jir0o6IXhrXxOa1o#CVQ7vWABTitL^<jTC|U~jro2e621EqYUklvz@wf29vfF&
z$J7Euj>ni<FL6{ss5jYj4RIJtYr7(r7Tl}kyBf&;Ls&emUOw@(F4h!J3$*E*mc_|&
zw7y~7iOG=QMSQd$w*c(gq25nw(XJa4Oq0cDNSjX3pDN5@uD?yiF`anpF?xqtTqw(O
zI`IrkoLCs|V?Xf!-F}_)`M=n&1DpMu{rbVfs{OkEJnq-8&P)5Xu_*1=^v6(86>OKt
zMm5m~<R(LXbPI(RK;N&T9QsQyH%H~D4wR$f_V=g;hx{5SlKI~za|@f=iFDGhAsOhX
zMz08(EAHd`w+-fA89RYs=$c6(*6ZfHI=}EQZz<lwmw>+o=MC}){H~+M?JW7TK5zWQ
zk)0Zl(xId@DO|iCQ%8<3lu}2#^5>>JJ#pfAz8Flf=BAh@TSoK6pW%0Kz|I%1#P3rk
zj?LwZm*Mxq(c|;5W6Ln-JZQ1dJb5f>@!LtEbFWVr!*O+fF+aP$VC3Y{a-ta$X`TCA
z1BLZt&7&uee0uz7A*F%2ClNSCkIbDoVf=LR6API;!170KhBteO*To@A0U-r_UPYQd
ztEUv5@oB+U7gx<yU%fpA$8=d8tfjKjQ=stJzKbe6(kmTVZrebz$JVl4kxpd0*#`jb
zyqNt$94A%s-2cHy%F~*0u7wKAF`fAR3aYOdRlxKWj{&7FAY=&rk(p?Ci5ucqJi?vu
zfz$Whhsqrus;z*Dp&10>P}`VL{Y7S!Y)UB=><tMwFPiv1rN*`pTZOE{s!!v<$Q~R&
zK<&lv13f6s{+-A^c5r2;r_K$~X-h^uFaX){>*t<BLiRl%ElvW|=D$#sK>cR<IjTp^
z7wc&ZfcXWePk#!vMss#nr!|_riY{V9GBMXXOf3CixkOJ6{Sk}k-+5xZ=Y>}VON^c9
zLr>J_A3pUW+vo~eS$<8QS_?7^J*dYukn5&ltW$Aa0_>$;$#d3%Hksp#L)bB=)zP!z
zeRejGb?T*6C^XZk+bm{n(}5PYMJwIEeP@`1pNu@D$rtX$U8B{V!lt?2OB2VJfD^ho
zGr`Cpf*FK7AB*u3ipNO<i==(cXcfr7*a@ebq#jtQ|ADzuqB-X^jn@Ij9C)eig9@A*
zL)d_7(>^Y?3}iq&Exf#CKm&Rl29)asl8I7B_L-q3M=nI>JuPN6iRMggkK!?IvgP`$
zK>dP%I&>zJ4zF_RnMDOOvoKotQk<eA0>6qF>R{0P5HJ>tNh*t8A+EBMUGB)yv)~o7
zS;xs38XpL>Ij*Msn!*qmF#Hnl??l}!S8_Dky(sy=gYtW-of=pbLrJkb86v<I85D1Z
zn{ixP@p-`!b)#uFxrudbn6JDH!5ZSA2M!@oM)9DG;DJ^i1Px|HBTB%Eyhc75ykbA5
zkGEDbmraOGj3vuwc3}mq8n9#$v|5ut=t9!KXyBBbU6~<+hM%-P%na&@=el^$?2ASm
zr}UsCXRIL^bBYW-$VSU&8?8k&dfRFM-yba|9AydFbpz`neNeiO(uybdgHr7r2Ktz0
zazx#as}}Vwenh^oEeWn<%4&6HUeq2#_}s`!f7D&56`M?kYlm%d-W(-gVr@tV@^W*!
z<4<Y)^qs#SB%^U!Knp<rG_V+G2+r6Q1NyufMEO|3-o&+EsE423-<SiB&7*eFVV>QJ
z!)zuGvs@l#`XE9>2`wEWzEQ|AQyg#OyOc(p4^zw+ccd@p7H&nx*r9S-X^ZkRo!5VM
zyX}Rc@=TnS($bEHnY7>C1eZ1!KO!HZWBz$yH#X)`bj(A5=!<`j^Q^3TuqW^FGuV=|
z_xKr*)@wl7@_?c`=y4EVZoxtHmk05*auC^74&qh6gLv~EAowA5E$9mEjaShcu%uNj
z=|Ire0tT*^B$ioI=Mq_r#<4siemWNgA2R%Dq}8MxOBYV;QWD33;_XNXJ3pX|BWhUv
z?%XCMQML;4UOQ-)wizq7gIH*^Zr8!<P%RS+k@t<`DDS(@*p(6!^o0ipZ{rj6Zb{GX
zmbAcw#CeGoU#@83ySAV01vw&We{)>Nv1LijAhRcHIrW1}Zr>GpvXLB4!}TC1KbMBz
z|Ac|Ry04i_xyM9i;Y!UVM8|(9BatR~tUL5v9Q9a-_rYmOcXg}u9J7x_Uv)1&ABWFa
z(>#Np*a}KSoxcYMKWuY%Hu%nL@I4;B>}T-bHRSwQu5M|_sZ15+jO`8Kxtk#ZU+emM
zi~uoRD-DzocP*TJd7W`!WzBG4Z{9=EGHp|HHn6-~bYSWsOl?S?1p5VggYL;*KyP_0
z0HA;Oh997RyIV~xZ#TppozNJEo4Xk|)3ay0u+21GMJ)SPNi2W9N5Tq#)3kLc@w;04
z+0hT}MyyMr9bVleVO>0%TKT*Fu<qMP*#sD@e--SSxf|}+da$|9z6AT#(iZlr<zCXu
zttjk8->@4VOK{X}ieeqDDx_PTFS*2yoKIh(#=l3|?}N|bzC`=qg{S}q67)WP-ImU;
z=}pMMc4|vDemlMoGG2IqWAB<wK(H==*tm>I<XZ858`}G37((P4O;`;NV?Zm7cpJEp
z@zBUc@ydeck`;9tol*1Y$pEON8OaP#^XRO|ArWRqAnAOOY+!wVByVVajt$C7*Hjk9
zbWO$K=rB$EzNj|tcjn<2AuT?nr<-So%toNh&QLgw@oceClxGuUdLeT}Vr~a8T#j-!
z!kIPM(-mO_g*M&8VD;rYm)w4L=&QV<cjeLdAU=5RzT`VR`oiu}9(|g7BytXsPx&?d
z$jnRW%ohka^;5NA>UH?yH*2vq=n=~J$C<Smgrx;YLKEDm*XZ!GcT0Bdo!Ho~t@MM?
z#Y@6)d>1$1_y#smjxV!;e8^DjGL*scpL3~^>onj=mp3Kk`f+}97{^B3(2=IbX>1&i
zvT@w*;*TQksH-~AB-n$y7@W6c2)}!VAJ}(o90=_1ZCEwz^V>x$$awRg{J{R3x2u4C
zNMseT?-Yt_`_g(`+gtUOYg<{L&S%M|e&+K`Vj%MwbWhdudF=t5PYj(;zaRa~=hRzO
z%%^|7D&{k)7S3nuI-JiK)qF<P=e+gFe$SB6oh8Ph78}Q(f1GeTPlWg((J$@v!_+?9
zTFumMiv*e)v)@9w*hrkPVI7_ygDX2RvNYSn#STs%M5xn^QAnK<e5upwy8c+$8GoV0
zcEwtpdwHaC?pw&OIXCMNko2&2hwk5MKt{o5FukE8YHR~)uJoUW*<LWPxxY}ran5>-
zB`f~edrLo!j7`){9ab;-UfR+Lta__A{cY**D7PI=hx&|asCkhns+B690K|w7$lb!5
z*q9x7Fdn6yF1knBztODI?w$SY-{L;B(+|I;7VY&^7VY&Y-G28YKe#@tLm;?5hOZje
zKZ{3PPvmjHBX;@0^_$D9!1aIX_{DYeOfr{)Yj7?$)m%#I1%~I(C3@rewO<3^m6pEH
zf~$h5c-f9jML3)oW?(9Y(+O{lP%sq_vCcr=KtXm|0+gqY@57d3ji~2%M9)2>a>r|(
zxJ`{&rBNL(yIsAAm_xUp8GS%SJwUs$WOQSQa4##K@tQvlsd+fY&!rN?HXSHk{4P*y
zz8hO0p0&6CmjD)M;?fpa_{QqS_<0dOtLWqV=wvS-6a>;oUDAg~_=;Ibg)gftd`<T!
zeC0CXtAkl3e4Q9Wgs=5esqmG?%0!q^_&UTXgs%^f$*ZVxE`3tHC9d}l1TdE#OQ<2;
ztA({C5h6Db5rXVb@kD(jKX25hBE%bAnFwKG132;iRX-xc_}a2y_Gl}$VD@xn?P>(G
zzm|CkX1xlk6wKPyRS9M{r~3$Izcj+Z4-Uh@mwxFjn0=7oj}7@g+@D~!H@phLY=1cS
zuT~ZA$v0Ao@dbKPg@#FjSu7jaj~Dz2X7iEvtpYc8gi3p<0c&Kz&jH}Zy^a=Dw`q9L
zTiELyNSnJC`4RSZmC4$Y9(8fr)-UmZUUbMyzys;-yJtLtgO^q$j6z2l1`LdPnetGT
zICt9)9|Qh6U&6J+K+m;97D@bTH6%XiNqmAN9>K)1p2U2x|6h#<!X%Z0!DoFO3?8~n
z??uzZN6Ef-{&?BjqPHKrIMs@YP$1RE<hO@hKnDd9&|0s1KiWO|uqKO8=@8uM<gl!C
z_GbPMX?}mz@cPm`p5_fw<qe>DSHHl#;i|l$H1AiMm!ryig63_YdHJfmT$=ZGHTA4C
zZ?r0JB+VN`^X#g;=Y5v=+*xUfFIva~{dpD_=zd!H6IJC8Xv6hs-hWkjpOato_AZ?-
zBP$ATzE3)(wO<BJA8>jD=a5{W5DNV0Q{ZEz@5BL6=2aixiOXHm1Uf*0MLq?b%0?of
z%&$IW4w4ktV0GHsD^kM;%<yjSig%@)N~yrtP+(xCcYzXlXfHv5DL&mspH&QPB9w`s
z>;K6rT;uyglxy6Y#ur#j^Ngyz-XY$AJ#|shc0*|UXP>}ezh0CEc%_gO*g-?BwWl5Q
zQgzUScHV&IEm!5eO7pILhI!jmd8IV(cbfNuDsKnP+eq{Fs`7rMdGFA?-&J`BXkH1;
zJEqF}lje=3c}`W{DVmo_^De0J&eFU@ns-%|cai2r(Y#7k-d{BD=BJp)sUA1qqIrMP
zJgq7(luCeQG*73>t4H(Rr+HDTyau(r0o~-9+wDyA+1OuSQoMm`IGKR=KRyxp4iQnz
z8Rk>fcv(^Pw@L8S?=oUWLpq`jA>MTJ8z1yrcA7N(uFrGX^OqG^`5ZKT(1)l$LPq79
ztWN6)X-}!sT0olD6Ojl=dq|!3`FX{3>Oh|>&U^Q{@2a#DM8YaLw_f!w(DJIHk!?_h
z_bKzOC^hmf6!=K=E-=VR8$l**Hk3*Cp?STPWrjnUPCjM2D$8_%GVwlT=E%ggF%+2O
zQy^BR{MROu0=l!_1?FCpTG$T-Ci}d8i@B~C#%d^2_qtD1NM)HtQ0BHzJE6)l`B3JH
zPno{grNQ)p0^NK%>TpAvPHQL-djstCC36vAyvoy}IcL~$x7+)idipr+ehGB%oIomP
zVM_N;cA;g_;D;pdyWefSmn3w5k*250>F+^0eaD8k$Qd)(>pQ&krDh7^gCr64jhXSB
z^A)mTod1D8Ps5)lA?8bp%P8A?g-9(p(XR`8tLJL$YVCygWzNUss;yAx!QKsiKOG);
zds4LG&ID2>RhjbPbm?i}<M3yMGXk19D7{W(Px0nLORG6`;&`a4b-u!e1m^F~|7aBb
z_nVFuG1AXe5GJI`4?>H;H8>#_sS`rZIw2aWb2<EZMcGU!6rBRe6X4Gbud$t)MtW(Y
zO!*m7!dy}*M5N6m&Dj&`yJ4K*bJUpte;$B85NFoq>G4G<9I9b{tkHJM2~O#pci<aD
zqH%(!CFezs8FR@sv!UiLNZtZ}(DVyzx2Pj#kKg5Ql$Gv<O6YnSJmR9gyqs5ingpMz
z&N&_cfN6l}no1Y66p&#8%fTNbU5~hiumnW6(y0{Pvirqza*$0TaCE9t;CO0I3(nO@
z#*^7o6>AC+ASbZSvH6j#`I~*?J@MGUJP1sKR&vZ$G5WK@)&|an>z+PD6j=cEucyb)
zp^tp1gil2rFyVZk!^?~M@WyimUeGgtap194dNU)%hRi^_22g96u65^Vcx9!pTV_C_
zh^UNdN5rQaN6Su1Bu!Nz0z<IR#Z^aNu?Z+!m+Uj&gO2vVGu>+?1axEQ(?ON{VZ}I0
z@Kq4nW!vhi>^V$omvXT_PUcz>aSN7jIEY#xX}$e!man6?g_u~S8@Z3E*YcQW2n63$
z<-9|4YC+D+09mriuUMoDheZ|&RD&_zLocSXMBZ4PJ(%@eGJ$pRPISIpas@OjWVP0#
zfhVkYF+8}e1!!@@NNsYB4vU_>d+L-~;^vFzg)oD%CkzQ`-)IsKx{TiTtQhCcc0oKb
zC5~ebo552Q032hN!Q(L}Uot`iZ&w8OR%6N$zBmq^3-W6WEz;-Q8d=nj{GG|aRGN1E
zK$><t8hxf+->w0_ixWh2OEv-CsXYSk)FR~$Cr<(2S=)}fZ0h(%q&8`<1H6u%C5nq?
zfXS!X$P6U`<#@5pm^hAFN}5tczC<tilxdT<RM92>d@KPIcFQkm1TWE|$sePmx1I&D
zV-I_E;u)Mf#!b^_I!5bFwzy3iwmACr5Li>(HeD_fN3v<eF!Uez30t^0>c{1xB~x~O
z2)_o)k9^_RZ~_GuS}^H>{XIaD)C|tncRi2knBy~Wwq>WDST3#v)HHcevmZ(P0~517
ziQu7PJ0|9O5=Z&kcRKg_xI&R+eqQW8#;?quEEkA|0&RT?+$R_KCyx}MuGP@^_X#lg
zB!JvH4FUNeKrmi1dwps&>=Q4uSH5I3qe*&K9SK}|>d6wpm2C0A!f4%2z!gtDQj%Q}
zZBal&q5z$|-BDT|V%Y6TNfE5ulGPfSsc-vP_ov_Xv+kL12e9t<`>fh%wrcU>cCrx8
z$9xJrCKq^bG<#mHF3^V+h!d?)0O16iotd7-iS;G{f1ym%yV~PV*MoAQGX-!yO8Me%
z%AfJ#&H{RBK?0z?xVC^&H=X!-0X6o1BqQGEJx7-3xKg`c)La**5a9_46zGeXPqJ>z
z9}T)I95OkMtH!Y(un<P~w#<|>d@+a*88)#GzouR5bbiy1)|+YOVb+@uN@rnR!9G?@
zy`L|6AJ3rk8h+kM@(tfx(B2YvibHbaSmaEI9GP_aLRU^4NF;pM>t6IyuI5N;ccD8c
zwllMV=2Nnh?|Dd@ion3>%%8;GAS_jv<)5$TmL2+OfJD`XN{~4g8cN58uHKOw>JAN^
z@JlStA+b>TTO^Ei%4TG&PuvfT_1VOogta!Vy_ZwC@H;z!!f;+s0>h=M^Cvsqw%az?
zFc?{mN62RGuM@20dcitf<OII=B^JM8D%Ed$7>>gsjCP9W@r6ALrK%Ta4UOY`UBez_
z4$pKFk3l2gmJ_-efsgB{H8~+1dhxT*PPk3<VLo_lNGauuuTt`ViTUSE<}8ib%NXGj
zn3>ylSe(wEXd#^mYLo%i+3xfP3<Oq>`Hs-Dr!52_W&X=#1D`tU<M1>v5&GsDNvDtu
z?-B`<vZ=m=5K$kUgEKmEHTj@UjpqE_nG^eV=M-}$XFx0P)F@BE)V5S8s|-bhwv?k&
zmpBbnC;0ap)mou%pw!kuM&tT|4d3KwU!U{{UNn2j?{PFD-dNBP{^ROOX5<v-cf<YT
zGYWx@f}ao3OpMmlc+MPQv}eR?!Cms#K5KC#hpmO+vlc5{xEAlZa4j-PpFLAKU)UE<
zq3Yv$)y|e*GC)3GmXki6Y2@deBEw+LoLl2NF*1ss&FK|{9<SN}>BBbA>w<W8UEuef
z(Mod*>JKinq|~f6*($`v<`xXq9W&&U1H7DOt51&ZuTu`QC+Kr*eJO_-|GGDaDLu~U
z36C?@(JiuJ1cB%(_3V$_k{&a?NphWgZpnTs;yFt+5anc{#BG^H_hZv>l)L=$;drjf
zxos<K!ATX(6|P>c=888Tzdl1-m`GY6l!Av0sqAtlCc^Ii0?J7l^TdL}7VKPjg*DLO
z;cEQHSkDQzAC0yHlGBR{dM#U_Guev#!|`ZrR|ZE6=$*DM03aTmjCYLS7%L~7U3bBc
z!b7!@*-Vq}`jP>sn}~I%gH2g3c(FMn-SrI}ti0<>R^Ii!!JKp_)4RUNrzkB<mYr{l
zXHlmemG8t2vHxXy*Qdw3K3Jpmjp&t{nkIH;G*Rscr&EZ(8^Dev)p|RGFJ8sL7Y#{4
z6Z2env<@EIOt!P)37mXXV>*oc$;YN<bOf2UqvExF{su8H1PEXiz_=tzz-Yi`vie&I
z9(*zCIjVw5pGhq^=VFfD+&zB2Hu*eDctb<F;xQ*&ToWO57xvQLy`u+M1&FTN<i{2A
z1I+%&>@ET*_25+129eEe2JkbKk98s+5#dfa@;UOcsg*QUQH<#3hYpp@M9(CT$hHlG
ztDJZCX=&a(oA=r^0pQ`Ff)-V;<=}gg6^IRO<_6NHdtwW?j1<(wr*v7CuXmtNG11FA
z&?}gj=}9!H>CVjCl6Ro{h7-Co-Y1A|fm|RI3XJqAFj_8f;&I?`X+-4~%lru7buh7N
zPwR!ZB_jA5G?nYqSNA(ofvHfS19h{WyapMd<1Ho4V&5+a`;#tHJH6-}O^Maq6hiId
z(UA|$*h4a0eO<j}J<?`Ya%f6CCllam;4@+ZwQp#X;&But&KOO(=QOc^HK$F9m;F@%
zSp>HwY5baU_YP}i1OE9)d^Zx=^$#+GQK54M%?|fbl!G^Gs1&8orczXSnm$36p<IYa
zb>Xgh_*N)hPZGMELp?%Qn>KQV1Kt(tN{@clvI^dhel~g6sK2=utubHGMM4K6{dmUp
zo_D3l&0)0CKu<UDfU`U;dbC{2rmCfW3yEnSc}s)xR#Q)LUs23YmZZ-1lT{0|n)}NN
z!>kxj)>7s1mPTL6GOx2nM}IwIZi(E=s6afv>84ZwY{m$WvHk*>^q3p5gd-?%kfY^k
zF!CdZZ9KfjPB5jo%{j)3ZPFX;+Ooe;Ilg&ah;L5HSzNBf%#xFYyOQFkyCPJv(|^SP
zXcb@t(|sri0~cM}uqQay!^GFeweS_G<9tNwd*RWIOo@OHby@0Xo3~n8t)A^8n09UP
zo5#r3TcOHXNpqG%&N5k*c4*vXkd4G`N%80(1=nA824uATO1TR-SW@d+M!<pN%*6%n
zj{?Q!c#3@c2UFw|)@P0^cx3G8@wtL6E1B1Y4LIJF;~S*u$=AX3YrKq=>+uqxt`n4F
z(%FR`{~aUs)OKY}Dci(1=_cOzi((T~Zq$)v{ZDt!_0W3yhAgQz>BSYlKAiqqcrcZ7
zHCs;~>LvYmS0~O@j~)_^q%ZN(1nr5Qh~v_)Kcb1_i@#=iEA6Ht%DlYMk1;Q?r2lV@
zb>%$n2GZARabJ~-Ng&dLlT6xe*b*p*-e;7$-)WwQl^F)1EiF2Z70vR<d9bq6fSnRV
z6Bo_NK}>Ywb4E$asCq6Vdp)q#!gW)>h{N}-9{(ALT`*Rrr+)7+)l<g-a7~%DC7mW3
zjD9ClcMdw=Ie^zl&v3;McXQ831@UKrj#TZ{y@`hN9e?p$s;BGYptsU0GmcOc=Ri?i
z*J%5}*$M?2Ks-iVhd=6{xY8S;y5My|%VhiRrx(HA;Z+yKu6o{=Z+qD}s23*=BIn>1
zTK5yI+sd==T6)M>Jd&|A&iSD40nQq$Ew+Nj9=qfB4sZ~a;vQL4{SiLww$#{xN5T20
zPjBzYy?qS@Uc5sE9h510J|*eYlb@pJ=AJ}yV28UxRgq4bv&^p&@x3~|Ke3)GkhM{B
zW`)$Xj0EH2qd7<jh5$Ttn_E$Me4j<(LH7IOhvlt5f_{xB2U;>A4Gc)daO37#j#juF
zT{-7-Ko73>(ZpFsp}%`Z1OA{iK=ZTLL9UaI%>h}SV{_~Ta#ES)p6*xmBppf4hS(%D
z(S|lrFH53h=Fzzl9qU47Q2wVpneYEp)3IW3HSTG=4L06`bFSf}#v^FsUks2MA3MQZ
z1U?Z+<1pH|31j5O=BOHrz{Xl}uJN>`aN5%70W#J@Go*=Vxe0T+r+PS6Z^60R)9Q>>
zXzi&E9v}z~n!Ps;IgJX~jgKSg`R$$Ha*uk9L83A74@xw^t(Vxu=rL|L*{+DspH%sP
z@wxQE`>uU|GkPI@M0j7<64K4E?|N_`p(HiS?m|}%3J#lk#_fF8t=u>g-#|Bxgt|Gy
zDe6{s@bH7x-2Z(!CYbxbQ#9yFAoqX2|GWD?SdZZD|Hl5meE;{nzx%)E1G@j~U*-K@
zf93t(Fo{+z8b)DiXs^8gV~KqG>it1@``68)F}*xd%i5Q^Qc?6pJ`%3t3GZ=V!M&+y
zI-86_G6uv<UyFIRi{i}s(VT2b>!oywXIyClzHXpgspJu2Fr2T~#qq}g49jRD8%z#E
znC8Dygvm!N3ZaRAwdl&QNQ$gV#*;(GBVLG%=KNU5@+DblQA|w{&^<Zc7GR_?JIt2+
zN$8z;QedogMJe#XCTQ6erCLvVOJE+@YfjO995?M!Uwg(W+EvO8^YP4*(yCRg+f25f
z#CE1Q+AiyZ_2~MLUh9GBx0lfOOil}?op9WDx@9UrsoB|7P%h}G!zY~@h-&Bo*l_jP
znx;2RVsA^peXdj_8}KLxG&}^dA((hfe5YPC`D_OokS<gMa-M2H%1=_`_?%7Oaa6l-
zTA*x9j%v{_k@K9nRfdAht+HFap7uwQP4;&2M*9$iKRlgTunc?z=K?_p>r+g}tA&wl
zDh!eI!4v3+y0M|?!2$HvPMlb;FXt;<++%cCFz3hF#*~Vpg{}w54i&A{YQ(=suQB4x
zzGNS6CetV))A&X?4ZI&9<4^M*|BjbD<A2_&9RFh)Y5c9u;`nEt@QnYZEoA&AW7Xp?
zBI8f?j6Xi0@ozBV_=z;3DHB7iM`Nv(5$2xO%1FNCW!!Vj(jORJKSE?=I~P??#jT&r
zfZg=H6K+?R8Y{kfR;oChRXqAG)j=gN9Y-8$KfTa>=98fGjf$uG{^7^j`k>7`G_oQ0
zlA9qF*j=R~IM{^+;m-h{`r1R|*|q?1q`U~=Fc>y1;H1^hpsn9NCf%$YotwmooL}4#
zsN-xSMtIm>^cJrDXLAEt`yPS<ci#6MEyEwL@!DQs<LxDnH-?TkQyy;uj5o_KuF&xo
zk?|&b#(Qf{Amd%q#}BSFB)DSfKn77l2C)f1?y5(A{Y1dK=_3m2Z;mo3VSJ@gm)sEF
zhORa`YClAWzZi=}CZCsJI+ne2?a~(r#U`NI+^mjdZxK?=^bbb+EWxC~&?t#FAq>Jc
z<EZ(NW1L$-!ys%cI!Nl$I0&6+T@`(qmBs2G(;)dK^&yL#QQ1)WurhGAw21wEv=IaS
zIs|`zc9w6Dgr%7Hm?v=vNt}s^PkRzalEgeroZv}(*2|*uCKX?D#B065qVlG<eDl`d
z(sliQD6qsQ^h{^@KL0Bya9@>%7IET>y_unfY>Jk^xbG_W>h58LlOD;~kQ~>e82>=F
zKRcEshdcnIfaA3}c8R+qi?S;@1|o0iT=iY`ToJBFB6-yzl2@40<$0XA0_6`Dh;m6*
z9BZP4H4$T=9FKo~hoT^nzWs1KTFTtC|LJ%t^)w-?0LVEzs~P2Z;*6B1)Jpu0TeOE!
zeup~bRfZpV!q1~9bPvW}LtPhVqsnbC1o%*MI*C8|;dCMz%bX5Gwo|Y<wZo`4#w^uw
zdm0bN6^xa7f`F{#AYc3m<9Kwy<LG-Qo@d_RnOj6W$JPE8O(`z3k@;IB?9F+O8XKK4
zpQzU1;&zj*T+HkhN1K$qE`Gt3B_>0>7xKI~v;~ns&XCpCHBALbWE=yo<|(Zo&V~X@
z4J7~%t}|Q1F*<tECdh6rp-38d(Lv5eOF0_>?s$%g+iFE~)GaN%)CzkKIh&|+2Z2yU
zy-k^mkPYynI`YO5Lg_jK_L61HGTMGKIi4V(7?ed&?a?9P{e3w3akZNNc}64iKi>lJ
z-^}7l2(}Y>O8%#>y<KuoyE*w5Q2z~={>JBHo2GKCM>3#Z7b*QG!^8d~$E@$fr4NRI
z-`9=H8X^uca(<nJ0PDbxuL_9!P_zV(gYz>2IS%He!*L+<(^b9xee`%2&hzjThAfEJ
zmIw0wcL-GkXDbJs=^ersDDMIv%KN|!Ka{ue3_p}tGs6$%JvY62%KP;#iSo`&BV_S?
zpMYG3JCd>c<4_>V#|AFREfq+C0<Ej0yjoG8CYiX&CctB>T(seX3C-;*)7);Zc5*P5
zf_@5us}(09Jvbu{>qlwj<rXM1%EVPG_UK3HX||YzWzLB0S=sF^eEs30{ir|TQPP1}
z|4ij%sb7kN-6@JD#+xKB8afX#eHgX5QHQ9Z%Y@&^Mr%r$9thsD=W$^57+dfFJ=zug
zz({vZ`~biBFzmbU)bU)lE91G4{g*}fuQ-46`Rb6L`HX7B<|EI7Djf>l&E>(9Db=A<
zTK+3?Y+~5smz1$uE?S!6zGR#Tjgh&i01jW+p8cm*yFIs24Z*SQ1l((Vc0BKEcz9<@
zwe9^x+j{}p+u~~Jij@P7v@l9~hek$<7@tKe^bT%;CcYZ&CtfnRbv4<i>e1`(Yj_IH
z)|%{NbRM6-k_=4fDesD;{4n+Rn<e}Et#=OYpM(_Ae3DAnRa`oiL;P1AyLKv1jguRP
zv(NPr#n}PgyD4&D3(hMxgol@)@wED=%sMr&o}XK)UC%>VROg(Q3O6O&w2CH|lJ??#
z+IuRn_AYhvZEuiZ`$rs_8xC+7?tD0_1*aZABB`Q+V5>wLUR$W>gW5x{`K~=(OO>`(
zRR5O2OF*k5pf%3`r>*uL1h86y$l%b~)kLK)*-nz<0jBLKOwSt$iL2zyr_gVr(O%Es
z9sg|rp>P#`{lv>)at<biJePy&@eP7YOZx~NT$h%KwZXKe>})+Daf{IM5AY99xSc6G
z^Y~nh89;FA{`9pvj>RuDY5bM~|L-NG=3`g+?@9&D9--xLf^~W&X9=H^s<~rH60Cjn
zA&L9Qk2(CZEkfIYm1%QM&lc=Mb!iJaYY4nA3oU=O9_IzkZj#WIY7Pk{HQH{7T|*=n
z0&u^y;@%T(8lKc>ukZR$Z9f^0#J4u{!`X)!sIBRvH)s|hi#|dt*rw{(#hJ;#V|2wo
z#4$6#$T8PI_Tovt7*Hb9K1*9%YPJ~no+BibFhX$<qPbDtQV1Al-5PJ|W+p9LXGqsm
z5JR1tcHCsUWJ)}WZvE~3jv8(CDvXX)aF9<ZP@yPZ?0$=!`ZEb|30dkT3ii5QpnWTo
zfOZ8a+BQmo8C=c1^=qbXWTbrY9nRBt95?NBKS$^H1be-!a_o{F!i`fHv4novVzh^o
z(?Q1qml$oO#xk*9X5tQG%gU=g2|zg+pe!tarE~gv0KBsQOwAtu<&D-YItV3j*yLz;
z6~YNzHfhR*mUreHpS_?_g30m7Wm3<2hBs<TdoE~Ho2=0q<@y*M7Ol8D^_JUceNIp0
zDtJF&wD%^=Zl*U)nr>>rIsdvtZ|8M$h!ms|tiRq6N1BjU#VcvmQbYr5WrN9033by8
zWyeAV>#?H{m4N(zQApW4B~oy7hDY<9b2VDaoFnunsr}aj2q`!&W*VDdn_E5aCF&~{
zc#|i5#%XD(;mg)Mk9~>lXTcsK*un+JEP@4-wW6~dVu2pxAA)m)eqJ*i?tG;m*}Yq(
z`}O~S?bkOn%KdsS*3W*$y$bg#Rqs_oKE3uTHh4uG{`DC*cwlMHww@k+u%gY5y`MJm
zx=>L8&@rx+H_#w8{$9SC!GCu<Q*$J<<*x)e2{I;UI!0X1Z25CKnUPVmwbz11&5UJd
zLJ1O2)DTRc9hyQrB3nPDoG)ICXfT+dUTQ~fn$u{zY$Rwkz}~37(Gl9!c;hGrQQ3oE
zwqS&&K{_yuD7#2D-Bx3ni)^}oNO!o2^a`jrOV0Bp!wKT2Z<gVgsqtSFt`JJjn~ypl
zaQke8Y@@Uhd=6~x-|UAhyvaVNC;OrMmjm!lLMwKA1b2j9il^}}_k&9RP>BrUk0!Dz
z5T|}H^_HIioJzdO{+U4lRI-1E(ki$#PC$LwZgJ|H4{*$jvl&9m*OD&FvLH2^h_K>d
zRwM`X{rN`eW{Z002WMe~yH3C|RC<HU4^)TPnKxliTzaa-rQVw1M(5@VT5To%{tN?E
zL$xe*wbiWJTFhQy$Y#pC^{jd+N7WHKSoIur^*yXQMz^jgHXP;XKf+=^{dNz`5;2RK
zV><*LUd{Ompw?;H(5XB%Q2_^9;@HI}+_K?Cn)t_3vO|gdpL2bS25eSf7189n>}VJt
zPZpVP5E{bkG^E)O+>Yo`^gXQg8LpjNu|Tev&g()AekxuN$6>|yaP^>KE6K;CvTkqA
zZ>JBkPD_<_S9{g1qTj1aPPpYddur$pEWywqi<F`M^Tl3^0+84b_r^#Wm1=QZ`F6GH
zy8r1-jTfKM#dB5Y>w?`cecq^XzZl-AdB1RP1hrpwzJ6ExW#Q|0yI(r4xU2n=Vpr{#
zPaMJQ7qcVC{nE`5{C;sS3Vy$AU37Q*rJ*f={qlLw;P=bqo^-!-jjVFN04`+0e%UVA
zzW3QL@1bhcWd9l!rm$~xY`-*lmF*W$T9f_Kn^SKX!0M~7unl9P8>Y7Rez_s;c}2Nj
zzLxh(Ty^{9jQIL1%Kh@5yk8Qk*)J7ze=vkkf1M)yjzAH<mI~p81uBGJw=fulw=N74
z;rlKO9^vaRR3L3li0%hzpPC;4(%$TWNc&qbNV~BIMcR@GfAKUIAin;P3HbUW;42Ym
zuNxr_;tEFoc8fEYJ;2oX@B+iAz)fl?1Q;}wmC2&E3m$r(<GDm(sM7e=9_$h&5IoUH
zcmkSiF>byBPZGoz7EnCNlEIy(!jlBQARE4bf($F<)BrDh5qAY|OT_;c2LP+ghY?l_
zf`L_ohbgRn*LwMffXB8(dO?jDPflW^wY>KAGL4DPxM8gfNyldb8GL3Xk>i*4v!|X0
z4T8P4J4=_Da>jC@q8GgyV^2rb>Y1hg8Xv~JSTjEKc`;yo2!A<ve9#rE@L}%!VDO>e
z{2=k+Kl1{>hwiDt<AWxZ;=|5x1wQ<1cx_l(GrV418Zf*bdntH$<;+vTYj1Hd@LFCR
zB)qQ72>@P>uEE1=U{?ySreWUum#GW0GHu(80H~iCm<V{Hm(Zn;gJV6O&Z4c_LNDz2
z3q2$oF~yqKGq5Gs;vKBC<eVi^u$@8o7UD&iGTfMhJ;Bpf#lj`P!fB<Ij#Dk1?KE39
z+wbDW*>ur#s5}bA_mSSQLWiZG_@Cub|H|uCUA0yzbh*yfs*;}y1iueDYR2zx9ZLM>
zb+urLbChU3dui}!ZJVt^>%Zp)gVx*T28q_qX9a-PYq|uF)-$?LIQ0zi@*fZwe7Y^F
z89q%G1x$Z_SsXl|jy|UX)WA8x0IK<%AOSVGC;&i3J`_Bl_9jt4z0Tdud0}5zGrYzu
zRKm+-zZVi8T__7ExoViTas&^vc10?fy*Vown2nhgB+NF=2mofoItLH4n9dYtr|z@~
zl0QGVAOQNeAmIHq#U4DY=FCvR>T*#qu-Z@*B&_b49ssOXbqpR>lR8pZrQB{)#r|6B
z4KJ1a|22(OM_`9~H6s6CVlZs-ye$8ZHwZ>Q^8Xp}>U`z)@{#}Xz0`b<{12Kdn5EGk
z?oaLq0e+=NfS+Td0{lmT3h*H+z&}4tCBRqC2u6V4G9yR<-Zn!agx4gv`w_x_pArD#
zm=h3j)&_$($q5v3xPRLGZ}dfHifh&vZ7r@*U$n9~D1Fh`;=9!sHF*B6^hNq9Ds;0=
z3kKZ=O$!p;noSE{Uvzlt-RX-um;*r7o$Z6y7dhHfR2@?3?>q{YzIB;bGkt3~uSWWI
zX>PFeZDsLY(YFr^RR{<8_wNzzxFtx0``B`K^zG)P0FY+c1Hsd`><1{)#9eRmzqvoE
zJ*UR|qm#31zCS9R9n}4iZT4N=AN8GmxA#X^=HAu)(ai!CwmwrB47PSI3=&)anH)TM
z+&nq>`y=b*ySqR7c|riYWI}xK_eUM$=`Q*EN}H<m9l_GqUyEv{uU{3_NMDy01xsJk
zX5STk?K44zv1<#0!Pt2PL1L`2;O^+_>*E8!oX)L-r>~XwQOqg5)TTy#;tw;F`a~sN
zOn~HMrCxF2b3y7AUmdT|D@IHVLa#V_T+Mn#&3!@X6?YlvYQ1=|O)&Z@`}6?xAJYSt
zr&|{VFHa|oQ_0isJR6KWJ?_~c<>@VB13>F1?+sp_Zh0>Sl=FO>!1d+lrYi9}({3;T
zKz?DV37+@WZ2do&5hRX(HCBP+t;Yv}<8$+C#_^a|LE-r6mUQVpKi9^~zWiU~`|>F@
z<NMSp0pt5a(}TzNw0sr5fB8%>_&)QQAn|=)UI6(1Y+Ug8o)|}gcJpji`lCSL<uca{
zuL^U(@R~n0cz7+%Q^89!HW+w)pC2T=T8$0>UK?8k53ji`D7=i$s^Ar@{-#Y~&H9^K
zg*EDLj!q6rfAjI=yVc(ewA_{cCOcQf?(NJAhTVH9FGzOp@x0&#look+r@xu-bO1P8
zCpvij&5z9~&c1y5f2qHjT2QlmF{q$M`68hpSoz}U<hznD&Wuzc9N^!-N4QqGK_Z-U
z)ZNJ!DLDZk&Hkpr%NMUTrAU)=@_(eC?lYlg`gZSx8tEH1At?H`^Vz$lZ<7k{ioQ)7
zp+Yz3$Y9XztC2yX+l-OH)3=95-W`2g{A2*A+O|pX^zD3OimKln3--SB({VNPPtT7F
zn16a?Lh$@k){`p!scb|5dO(H0F#MB!M3DT`@!<i$>ba=k`KR<K3adIt|JV1WXU5ii
z9&H_4<9W1lY_R81*7&<RkA@Cc5r`d6216iTd@@J^G3?2^JC8md769U8Gz|Vc(l(@s
zv**t?|9*deKc?pW{o$B^_jlei!SC;aVXFOoY<MvH`_th;?(dN70KoKSgW&h~$OaTl
zZ4cdzJlj04W_aBg9WcDs<OdJ0(xEDNB|aVuy#5&$B)lGdEC6_&=YxmWmpp~n^gsUB
z^6b#un)$s>xi#{8y4;}nz28UOEx$K6@2>d01w&Ni{N~VL$obZxL6Y-@Lxbn{`VYN3
ze($Y80pM&(Wbpjn?RpevxBvRTlxII2Su_7&9a$s)kTWt^{y~>}SNubhK`Mj;{QLI^
z_vnxy5w7WwyW=0m4h#TkLhA<4KkSI0NVD`n8~ObVc<QKt-OAaf(j^8L07K&h$B1~r
zF&P~>&xwcw|3h(j6~GsRYvXi#f35Xq2wx1awcga2ClLUv{iXJgGucy2_K{kQLUhMu
zJ1*GD#P>Ef=lVJ7r3xv#EZX#nN6=%M(O#dF5ZeAUxxZ2KgQ@LtA>|i=@A-?-_Lwfy
zmZyjJ>zX}ATewiN&k~z%ou$=S-h#^DD9u%0`bLNvlu<nB5ggsQER2J4WB~cF?K0VJ
zCYFjl`rgaQao{G`x(uEX#2Ndmynhyup8unENP`{`60eK@z2heMVg|3nMFv5t53nH1
zbCjV$9Jn=!2bXFhL5NVYcR~fSF+;PI<u!b936=-1)Zm24WGCA-M~i+NE|3Kj^S;B?
zYlo{RhXR1|qySkzeja!MSFIsz|2WvI@pKhom+HU|wFAQKS#Rsiv2?5@IpEgm9_Akj
z8pkyyh3th|q3l$s03BP)1cc|`A~@`GM!BiSaAmkA3n4VW5gdh8QwQZU_eWR^>d#=|
zB(V5OxEI2{)oNd@YoS#%2-+)GV>#D5QV>4?fH>$|7(q80vg35^78qOU^L^g;KOS(V
z?Ba{Jpv$p;jJ93Iw)-+|zZlEzgbMcAWY_f432iGOB%CSbQsE3E#uy;~Y6ElCwn8X#
zhi2N!jBRgbrd;Od<rAu7O1WX;``pNMq&}RPQjy8`sWfWtWb!>Lspn=5b-h(~CKOq`
z14i2q;?fux<uQ}(tO?S}N!yvWzl4-ae923syt5P>fZ8gJZ7-Q@7@jWEcG=jrjJLjl
zC;4Uc7GbLt+U_8`yLVzK%&#XQOXN?3(AwZq#Aw@@sVTFZHE9NEg|?T>O<?Tc6YW>Q
zwnfxNA0rt5w_rOAKCc#kgJZlTSdZ4?iy^9Z;!g0_($!?|Nl-6bu+1XmV+%w;)Cuk~
zA!UaJ{Oge3jn+G%{5%Y<T}=M;cQgtyl0{9~Wlrv$cu?)%dw{)jvjO&^X4?L?)Y$$u
zbF6lNqjNJOY13%ksxzkiWckx%AFc%t9+{foO}2hoa8%t=uwAD9EePdI=No7U{*el0
zIw9qz<($dhPfMnWg&|(#IXqa(1nV&}kzp_qw<n&VJ;Y@1OXfo;%_EBWR6t8WnS{1C
z1#2al&j*0lz|r+iyiUPl?npkp{FU=Mj*KVN0P**X)@@`!mn<$-Jl_z(K0|A?r5cQ6
z$7!()^h$Q_33N9@+KpAV7tY!%XYG|+TrytQ4+D(pWU`IYf=8504Iv0Kb)L&n0uKPj
z<nw}iN8(QE4=gppWY35oGY+j!4*vRZ+(hUgNpG@c)Yn0p9@63<EgsV1AT1u!5+E%Z
z(tv5GpG=lLjm-2GS)n_V-*e5!Rfffyj$u1@CYF-^$O31CKz{^fio&745a=%i`U{8t
z!lAzq=r08N3y1!~p}!F5F9iAvhyKDzf2E|qGSc5o(x0;-x*+VnyKg5>oZRo2n~zod
zZ_73kIH4OGUavRV9}?_Sw9NkuxT?AI^KrLHb4gg|@rrT`UBc8wK-j<`G-1%m=nBa&
z_keF7cuiV%p`J0Z9O$Rcw#P7=UsIaLPaywuO0Vz*r9@O9e=_X^zBGah;YtY7^AjT{
zH3RZSIF>wqHX-81me;{;Oru2dbFd*Tk2i10<9`)P&YK4*@CBUVoX^x;Gq${j9@hKX
zQ$<tCY|&yMbi_O!CTKSUA^%&Pt3T$3e(I2Z2*XlRYR+`@cIUMeZQCttNk#^CQbsx{
zEh)7$H);;UHbdX9b{rKck>DK7{MG0&Ua|PuFUQ?R+xGuzTp@}3OyrbO$97yQxeFo-
z^f&myLl24J7!N`lhg`)Qmzn`_-~CAnbHz98Y%E6xH!yLh$&s{RMOXBnr<MFA+jbM+
z4lwKcjWTZvHEFJ6yf9M3=op|O!#-lPx(DztmeSA%j_Gn}g~qNHt2N%KmIw?(B?UTI
z)0!S8Rk+~$8Qs*`wu*hu$8xscTw7&FfxlG7;#?;D(8eo%Bbj{`8f*R|fKR1gL>D>s
zi%ZQWaOFj&y|b_@CysIAj0Nz}6E1}vo9v3^d}2MDO}^2&T*>MHU#<tBo!U~6l=~I!
z^vNO>q_!;eAv6Rza*^?Q%1;C@*J1R(Cjbv#APV-rIyeUEAi4aF`nQr|RoK&}LA(kR
zVWq6oM9vJML7cO>INt?0dt0>tJ0_C_$P;k^`l}XT(pi5C@Ti{!c-SYx8BR#G4ELU`
zY8mR%=qFXJ!7&v)?`l0Jx?_FU<Bwaa^;kQJtjA+#{H(`F=l^m&8an?c>*1sCpz*^5
zJ2@;N{4w)!3@om==Qd^f1fSSaMl3E%jWnJy?6zqb`w6zzOUoc!ig$b|FakE(C+LNe
z^L+8c8XCn@2Vxk8Gpne8VtK0bwYTJW*$Csq?c3$HSNs}J&?_wNJuryo#oVP1Eu@~U
zvt%vWA}WQF238~6bw)7{2=N6mHCw+7;qi{(`|CerIXOZWM4yY1J)XiZgJ6FaXIIh_
z*zBhWmD08H6OQGdmeq!1`ILItTuk<v>upue+cfl*8FF5t47itOfwcZ+%j&pne#vw>
zgjPG!j`JDvlQG(YxSsIdz*|3B(MA%TK4eKfSP}x^#jBKtE@YXlDtzn>YrwBLx9$SJ
zI=%RRhhJy@2^zm{6a<4`<uA(k)$QQF#jn+|e(-B~Y#{j6;dE8_)#!9}_|-i&Q2hGg
zlsA4oewpISm2EP9^<hazwkhzd<7J9p_p{6`+W^0$_=nbW`3$X0_B_IVCS=-Y5eQ09
zDj?MS^erI#NX;97FX?w~!phb&I5FrB#`+c`Zy+(xG@?g(N7C7Ggqkln7E7J)5t5!J
zQS+Bh_@m|-eyDkZB7BqUUWtAWI#Ct<eh%z01$(+k4U|Fi55bDG@c08YNXa-DSc`|3
z_{5;H@RTLUmvtf5?r+7^>|a?cCY~f9-r^_d+IZ&ro2=QYixddGw=(@B9ETX8D{NN|
zxa_PgSSx7A-(FfW%a{!joa!*Mg6^^03hEz?bVxC%C)Nu`z&f`m^zl-BSkl2*)`5LV
zCGIV<Ky1aD2#%S0aqi{_9GkOlIL88~TD!j+T`fykj`{@%L)wYJ!}aY_MSnL(RMlTB
z_Sb;*H@z-;Hx@_Ui1GCMK=u7@lKb6oob>xe)%U>wf5B*T!<x2Lhf#)K$b$eEv-Ke|
z3W%y;B7A+kDdj3(JT?UNIgM!P_8->kgn^o}ScC<VRgbBBq9xT2ip&Jh(p*ic{JmO3
zkgy&I5!hsV2pKSEGivY1vV$w}q&APGa$@db;CT4r3LNqg!FE9$h)L#+wAB74T{!V!
zR_Ya2%8`^koXB=<STY3s$+X?cw4E{9&cQ^pn^7uSx;}*}pA}Se0i&XH_ntS|F2b5-
z3yx(p7)Pr`us0y)B^k@L1C)wpF}i88ow6il+HPgqZoqn_IhzsS0RM;cjds>0Kk=*H
z$w^-uIj_;sk^`DmyPYtkYeVt)Q3BW%5ZWRR;1bWT8E<G*c1oWCU-ao^r*!0-*$|yx
zc3NvpIYL#cOO4>wh{m(9GyyF;`yK}lM@ccuVWjatH1$K{zinDAjsFtYN9+sZdS8|E
zF3m}RoL3QvGRUy&2_*;3NM@e@D+U7URb<pTpHb&po$W+S^if48o<|4x*TH*w$wA8w
z*H2VA?SLpL;jbOXsI~Psd&^fUeE$eFQd`l+{Tlj`zJ~@KDico<-XPtEUbm5g*G@d>
zoK+XXPF83#FqB(yRv1;z7KmNOY6u0nNM!cegf@c5d=%wwV6bGkZ_6={1{#{YIg%3N
za$w>d1$trKNb~3sqbBB#7HmQc`88p}L^DYuzw~mz#di_$%%G+nPpERY@dh1V{0*`;
z79uTd*Fq0k$jpH*38CYQzplk`v_}?ycQEUb*M*JF?u6kfuksVajO6=Oes&re2@Ye-
z=n16nWV!F3HGcX&rSa<9nN~{~lQI$s`F%bWOZpKUFyWJdi>9_`gte7a={Z|Sso;xa
z>qA%L4QYh<7|YzXh+wWU*(wF=9<HyW5jmIk3T4hzVI9+y@&ey`uSruW@IChmCHqkQ
zY;KLwZQ%ZiY`j#6xXp<RwQw7;orVq}drxqMB%beUGv6k2xR{x8jxT--hHb5=G(sqp
zqk`3~pZttacCi*{?QAy%>#<uVM=Hed<cyk&Mn~umiThZXI>B15&lC6w<)Ea=fc*?k
zgzN23=XHbk>&U{I4v?iDd_YH%XNT^GzZv^MKNl*b?6v$Xr0gc+@toG^uUBWZ5kjXW
z$CuWK0j5RES@@D!a?-5D_urQxAa*+g9?~q{Rp@qHdyPod?qto=5Fub+#Y<RG0;06@
zb&V2MQfOKqST(;>4XkF@`@ezJ;qaPZ^&ekYO$ZKFOds}t53h9>1BaL3h}<(c3CT)=
zU^|Ubq{Ye?U3lGC06Ur_UohF6M%!;<!Ur0TP&_$|h9rcv!fV%51I9Kc#GEgN@a_wq
zFr;PLE*iZ;O%SlF<q;O&T$JLQpRu@HX%K26k}ww;j=t^;o6(!SH~?Ub1NP#HKVoU4
zif|Kgu5VyCnYP>f8Zro~YJT@Z45OYYxf-tcAYc5(-)?uNV-^@?h$Wkv5|B?I>}O=t
zB{ZaV0u84_4%gqZHAKjoq60l&0U`5=`@|^1jbu9V^v0A!=J9Zc_>soa6|{HLu9s;n
z=|aj5GsaXcz<7##BRJP1<N&*VPZk7}-lkOslrGf*h8?|wVis+{yqO>tNvH#t5^Lpl
z3P?M23RAv`;Eawn^u6^NvCGXyglpM^Tnk@3JPc&Q-gH^Wc5-JCl-Z7M%y(i8Fggp9
z?ZSEkhoR`lL^LL|e~X?TH^k(+^z$fBKjWK0gPZVnT^VpI+5m^pRnP`2-c>mw|5yxx
zvrey%0%RK3speNvwa>?}c$(7)bC8sE^dU~Xx*xeKgCf00C&Eh|r0Mn8fSlVjp21Z)
zqNmu1+Tel}vDakc?v6E&ZQQvS3}lr>>5qLrH8K#g1&xpogR@Rc<7N#ch?GME-2kI-
zKF@>S1^I&J0x6jDk*2RBBhGE)GsrQoL-{X>2Izn(juO(0L|&jFGJh<puue<mW@VCQ
z1!c2KNqaf8J;Ap<cdD|zRBUhVb{dxF$D(a;-wN9UL#~SRTEpm&5afcT)eUiF8w&62
zw(^pSx9T>od3oD7=<-5zXK_Yi&5PRD6(hH5??aZdPkz;{?^#4!e;8Vi4xsh5XI1E=
zIZV*$y?ux_dPVxB1cFYBFx?`dlUR?;SD_<;?UpQ7JgSlRmt_JR6v-I%*!p*q$q9t5
z2`B&i*Usb3k<ZTWN;orfm<2x%;$=m5x0_TWLo07WD7%w|Nq$P4bSW0MGdaFai=B7H
zdP}-|$#<b1+;&9OUW6fyvKG<sjmet^z=F*Dy*kK@wo_tOAYs3F@WGlFaH<m)P=)D$
z7g-M=et_2I<@O#F`MnNVGTTM5Y_JBxuNyog{t|nSe9JD47(ux6x9UdxopQu&p?uo_
zM!a2&;pTj2I0lXI%eH!7-SZ{?gh<SD-#3p#<PQ!hqt^E{TN*-RV|CotltXpUN9y~2
z1qOY1kYHBdJ&0M+iu6}H5X|a`>3qo~j1f85P_VfjWsOtzQOyWpjaM$f$nBlUR~!9`
zT=KKzJLQrkzPKWUO3KMMFtDM9B>f(uCi6(w2(4#}2bw}#xkTYhLK_E0yJHt9mS2G7
z|D-)UjD5n8kAj7V6xIZij%VmDL_+rXMk)55BPMJCphI^<zfP#FEXY&y18F%XduaTo
zSf)I*{b91*6q6QQaw{mCf~x%l@?164<J;#I69Nc`zqga{i3zVV4Fry;>IscJ9a9b7
z7AgC=ANrZpu4cTAJS}l0U%heMO~rYzuc(V#uQowYC+;O{_w^AV{F*$%Z$E-)9iNA#
z40}TAdmSh|*2luGoO|miW#Yt}jUb{%_vzR`J5K`-sCAgy+f;{HAZqu<a?YDRA@??d
z`kL&0CqZoIYM<=CuhII+;tnX_x`w)hTG;DMPp>mPvOqhO1v0!4ySNPw1Q=3m?eSAo
zwV^V_iTX<8*$Mm&B4%{Dh5fx$r}|m0Vi8+Mh^=6hZ+S&*o&6zQf-sWlS}r)cpSz!I
z<zF5+2KV$w;rlM~T{6@`;PS;C5m^2K-0oxy=WKuiY`L?chOr-5-PwfvbhUEDIfnxy
z69vESb+vTPC(GiTi@axr*lzxDNtK)+@(0PNYN0yujM$3gPypu-)8M(i^z$~H3+4ZK
z>_sue?OfGEw4ESBd=EPPl>Dipfp@BDK!673aGbiPYo^o6CNZYuxZ5?|HC4`<&8Ac!
ze)sBe+#~{Lu1nD$v7Vm0v4pvI8P(&#jBv<k;K@)}P8En_U!^-Ko;KyuD(fbQyMB+Q
zQi7O8n11AUR<*%lmKGm()BDpt5+&b$fKd4ST}a`ZqZJiR|2m$aLKdd;%SwlDU9ExZ
zRquF>g520<<gFp7sv|121W(0lA9vz5fuJM`y)L`wY(VaUNU8P>?DWi|<z6nqJsv)f
z6i<TU>-GUCu#~Z)97sCYL4a1%Z+OsWOK2Q$?fTYu{<jIh8gt4qa-7l;S+ZGQRd&!x
z?tn-BFOUwRNC)yv!{X-CNV~8)*NSo0*GnkRpxsm(sM$3#XMPQiNF27Ah-0?xCR&{h
zleDsJKIJyxgU{H3rYh-nOB{ebO)Q+=oFl&s6bVMtU-1x~HW}mjkOXp?>glEUARUB&
zH92CQeZMn=#!XFw2)Xxt@CMj`ME#cn#zKCX9Ff!KcEXYB5SWB>NOw=xLUh_8Lm)zI
zh9N(T3~m@Hl_iDc&JvT>L6q5TS-y-)FC-@3Oi53cnx;xk*T|SqC3Jp~p>rQV=g@rt
zKxgWam>S!CPu*^DAnnEm(C($DrFP+hNo*HLyA_A=W<pS3+AXLBM?sS3DCkTQ3o$X>
zlb8naA2Bi0lW0;O8spjZ-h<-#o#fDX(kIyL$UD;6_X8Ao)Th8>tU!YJDHP~Ke!7gV
zKCa#@WH%7C!~?OO@UaPEs{>R#NE7u3=%v)^kJ?Bo=QObvOI*$pYg(gs|BS)%<30iv
zwSWEeG-?kltTpG4ot!(OV5G2a%*2Uf#*gmQL0CU>vUz%kg6SQEO&wUaV4tnC&Q9P!
z%S9xe+4M3JewE@ccrL;;V1!#LfUjFH0}y~;`~(pf6HDnkA2OwEc5TDQvv&AKv<bc~
zecOQsUIlslc-jEAgil47LA|w9C*7AMo|oolyC9|<g`1-^Enb>VK#@*|cE?x53mF=E
zGm5{Cl3#LsYqDo6-|WW87vAwKDtLH0rBw;&HU<o&^(YhlExurDuB!gm=u}1ZFq*h_
zv8p<)Ih53t$nA4zw<d{~g|)E<S29SMM6jeQA&HxdaQ;Nj#F%?1XJT<n9ZA?+DtSl4
z_tnQKM(N-tc<TnrR_WOd3}5mt=<sRhvqZ60Z;<BrV&Dm`6A)=E<0OJ@FJ^BYur`?>
z<A}-ZDQ~yF0Z!Ho*^%$e?aGOxTheVD&rnnkD4O7fqTIn4ZncJ46R@)ZsDmxku&EtK
z&&0V%dee$AtS_OyhaV;f@wbz&x}9|ifby2Y{6QD8sRQzuTVNN8Q#Z!KiD7hPPzwgZ
zXuVCC><1BfNE(C9Lvy<_fRRNa;?8xj7<7uiAEqmnFWt<o<T%A^j$&M2Ep6h+>s>j?
z%b(FPM8l%53uJ|z{CqB)3ZXd|@K>lP!_iG=?dM4CQ?q>PfY9Xlnmv5F!4`BG?O%c`
zIZ~j!SU9OUwk-f~Pp^wbFyT`a3BJFvGbBe&InGk@r4&@$5`vg{X8<TFlS7n>%FZEd
zxoR`~eoa~~X_DTH1B2h=XYgX)M8#lJ*kJc42m6uoXiGJ0YC_@v`fP;%C$lMcAP@}b
zJdfa4)DN7;ItFyevq6~4&a_)Z!9G(*s6eMf;nd{hy2*AHUThq1L91j-Raz;`P|jG|
z!UKVsx^5E__(k9TLj;UfR1WKSn=Fkb)pJ&KBZ)DXnBht6MH02QaS>nVl#2*gz$$@b
zA+;M>wv`+UGkt=TPjyR%C52ER-;F}f=eMA{Tu*nSNaE|au)CG2?p9EEK1cK3SLMCq
zH57iy4%v()40>DVbBz57hC&3W2*hJsNSW{d!4XB{h{k$Gl&`Lsc!yR57`vWO=jAiO
zlNXmji^Fbv_c}~2FaZkm^(pZ4ZQ43+guYOw3@zsT@yL2vd{>$pM9z4evK@MQ1@cWa
zgcUUtLR1sc>h}xqG&9LT*qNMZtI)pwBvN6&2N_N9KFBiQuBH9qB2<k0cWF0Hp+D}E
z)zjX2rC9hoJ;j(}66krt!y4(>;7dSiG}_Js0oTi?M}*+`41wk9A|D_y0_gxT!7vo3
zhg4jtt-J`N23NN9U@VQidO<AthVI#wY|k>5)MPtvF|&22TNd7e+|0CH60L_Wy5;jm
z65|_V=%SfAVN{>a#*}URqDV0E8b=W7`<nx*vq7kkv2b{4EJR@^_+M=eehC_eGZYl>
zBek4^+%l3-+X*<({G-S4Y!!OE(ky`EEOCDfJZYQe^IXW%9G?sACLf8V;=)GoXp6CM
z@kG?7?=q`s^w7_gjeGAcBI{?#wam{{S>qE@!_|-RjXC1?L}+z|$+ipm;(AD^;|g^d
zTzZx$i0?yUWAfA0+*QvN!P51vd)T*Z(YlK<6XNt;loM@0hNQNKjA#6$l0m~q3GkSj
z^8V<&5A=)#^OLU4V^?o*EOgXea^nL+czf7Va5PF2Dnj@2c$}E`Y8AJv0{Knob|?{!
zQp?Dk!LV)7#ID@>2!PeX?SQJibS8TNk?6XwdZ?4s#~txb-YGwQgkm2>)%O8I+`Lb2
zT1T3Gb7@yk(^p5i{4`xV(57>->6tq5;3+NF{S0Bv%pJQ!Y<Nq)U^~7UZdwwrix)P?
zMt0E?J65FW3nouAOSXE?y4os=ZdDfT<W;n%M=1xz%hOtLt`1OHODoT3m4)@AbH|#;
zPMlCE*s?s@=|K@xJ5Bibq(=93^1yJ`Gyc{$JTMp%>MO>4sjzF3<=#_pWeSV4>7<sk
zZ5PKZ21~UHLYLa-M1mrS0OKWt0?v6)-xV-^-2<ce>L{#G$#qL@Qoi!RFF4S`eRjAJ
z$!cVfE{n3nKlF&pe<i1S*5UNXs{0RU9imqITZb#PIp0eon)njh^vQ#=TxbS^dViW?
zgYE5k!Ox(g0w2_zFZ>N^G4?NO%B))+;>6b9(#u>$`s66WxYwuY^%xa)t_+j8K71{N
zvH+tL*+41s89jCsP<ot2FSWv>C_T<$^f(LVmG4Ce-}xzqGugjFp1}S{wo&s4;d_&s
zqoRqd(fa*VeIveJs~vt$y7vL;a)q3ETi_bv^N34s?<N#WP4J=Kd3Y@p_2^XOQ^)j3
zCFpo`Q&T2^)&Ct1K`($!52p)eot8kT|6z^y5`_A3Uh0U9m`ZO&bvXY<HD5LS=SPWA
zA>Ax)2G0o31D_ISw4E_I+Mk}%m17dP@;-*_shfLzIFB_+ASs6$n54UVaW|&F16wpE
zDF2yA#REN)biwn5`0R}4%8Gj*OI1{4V%W>G{Z#A>6&YhejV7a-k`WX6448}Z6Ia~K
z(uH#G4HVpa3h)%|35PKCa<x3g4?rpEtpy|DKmd?Givj={f|7e`20+UnVi=r(Q#=$P
zoQGRzH^5DaEduCf{r5_SG};@^cg!-J>3g6)S@zB!iH&yq0C{gG6_C#^@&n|`2mQcm
z!88?+&kgni<kiplsW@Po50E>XWgs6r<^|-&0);Ygk3!0Je$j&xq#YNl=N<vlt=14o
zZwv$kvx*duUaqSd1YLH?dQNe}*{Fcvd~zb~1ht+I1<=X9ot{n}3$T+};}nJ(d-<9>
zdDhd3Y^dRgJTjS5--Pu~LPM{G0jDNY_7}b*6u<MA)ZRjoK8Gh1Kl)2*Zy}9*h0}ZF
zRZ#rjO%laNFf`%=p!i?x0E%xmq``ae;x_@&>~Q$ma}CMx7#Z%Psd*YX?5KI#6NW5T
z6Q#cg_jXcJpP6#O+^g4|)Caj~=Zz8pPq}D53j9Eoc(z5b9TwMr6)QFG`jTq)$xsDv
z{}($@ScunnKRwxU4p7<b>7tM%uENAwp2X)!;%nyyNP?h8$e%|Q07W#<uF89!=H;9V
zNI77?POpE@{+EbOv#xu~;N}}tNRJbDLV?jYybI*Z1wMiT!+Z)<+@KxUAbUOe;bBU(
z$dtx$&R4E^*V<AkH9HXMeMNq{w61U>&x9ykYxBjcIK>5~tCcI;3Cc0KNDe8okdp*K
zKe#lioZi$Yh_8Qr5{<oEzCc8<=B~j^B+3#CHcAS7+ZobBHz~u_*!7^Ry?Rt=Hr``n
zENinjYxBpYq)kte1hE~<_<Cs@FMkj8Y7wo^2ALd%Iq93JiN#5<6YHR~KQn1glWj=t
z&yvAjtQ@F3X><gS2#$Lc?awOUJ-^caj5I7L8%Fyx+MeLs-t5N8_ENFEx!Yv>Gtawz
zzxNN;bMbUWspQ<+$x+eKF+c#xA})O+)v%5?XnQAKH&#?oolXVW!zW$$DfjC(PxsqN
z_vN(vAD){*hkjiidc0fUGf;hrgWuOorEx?W)SDn*Z>rM9!_0P?P@(}sS590OArsF<
zRT0mGZ84m49IEWL#VdDp%?{tMZKY!V#>MnOf#<z8d#@fR!=Heu0N*9J>3L2kiB_r?
z`@n)!$O|GZ#_pouN_NibN^9kL+22U@#Yuy!s{IFIU6(5A=d=2Wk1OjF>?+TO%70p?
zg>tj*r<DPprm^yupHP+$mCJi>#9u8$uKH|ixN!~pctlrj6SDt(_IP+HrLMvMA-Lob
z#c}?Fw&p`He+ynO#<6$!HAAn<779K0BK91liu*P#(~o%U4TgL}&d$n@sYRLM?99-T
zv-9Z3)S?XDJuxW+49ob<4XBiU^i$cetRf$+$@JxE@rAOO{uDDJBZu-JG!xUo`LuA2
zq;3M;3}X%9%mY&|J?g~a8>(&+$_aHubJ%S1Er%<oH$gaz`kQ$=jA5Tj$^!Gm$s;C=
ze0H>8%Ze4&=Z-EMHF<1-S*1EShIbs_(VGg}B6io23ryZ%L*(WN+GM!gWJd2ny&g4Y
z4TeVYD$?QxJSsPZ3VL<}QO^9mfq%Fi^f&1J;FF{Gc42GAP=+ENS*~@*HB>|!evB|A
zY(V1YyH28wO}zLXe3R}6WYKM)Mp`>%D&E@wUut{85T9<HO?K!ErWB3`;;i;3H5KS7
z^ql@2Wj99kNtLPQ_M*ek5;lU(%}P+T#K$V@m#y?$pVTFrwKeXylS@f?d4Ilx<dT$U
zdvjaSF~Wjqz4etzKjfeV%FsOO>LPw!a|G6r^|eAEI^Qox@q~KuLSw}{j|O;Rx8<Dn
z+scES$K*DgQ+r359D&KLIA<z-f%fBx0lv?_)?#ASrd@^X_99a3^9kVua(!+u@>v0$
z*cu89yF;ISO297LAp!ea@-6KfjVqF5gC^kBZ(=zxU4%2+{tf6)Nd`^Oi8H>ThqzuW
zAm7r8&s!pBE0cE6qx<Fp`PyDDn!cgR(vu6k&vS{UPbDZeR8Q7>=i^<ub*RD|vybD7
zOD!V;r*T#$O|*jQVy&8KT=7OpIK3NwVp4Vd1flv*njBvN!BDmBeSS>C_N`FPw~IrQ
zm0g4?yVyo8O}$wbf9G2j{L7KTYWWxIv<z<6P}2UiYTGZM?N9S<pP!;^KZ6ZE4cCVr
zFcO0lz#+4513hHkm|ul|H|se)zA>asBD{Xm@r%Di{FuNV6_68{I<!)ZKa0TkZ}92K
z-WL!iX}ifD&)flC7yGW`IO?ayK2W4C+{EiUDIL@*FL#;=?ybtF4P?66Ldy3=D_jqf
z-F)^)wIcdf`e6UL58%}@0(KzvALkgBpj>^yUiW$#8K@}*2Kv2VPb4!S5I&CYA;zoU
zLoisvvP<y9M)}2GpeR(9!_1UVCLUz|d`N2qp2r2d<|B;&JR>;x;WNsVE3%`l?~3f-
z<!41=JS&nR0C!4&PgcZayIJ%qF3N$!)h<dYU6lOy$)bEs5JvCgDiJ*ih^r}$nN!@x
z#~u-$F4zVe(yY@#JM=pqncovM=?zMvT$n;HxNrOj<JWFf>4Ye`+t5<ODGMF^&P#E0
zMtrTM+Ky)R3_o@>n_|><G(})X;|6Dd#yqth&1XIR*wGY>Q`^yCO+K%={9eL(PP^$z
zEE{$D8DtylJ`F}AM@^2%tio<+T9O8qd11%8f@L0QI!nBBmP1YtY{HX4SCFQh>ZJ|g
z?EVwI%$136-;w-g5Fj&W8{o7ePUX;|4Q%;Qy*e8~MYRGfzeWT8AM$g=9XM3o5yyI%
z{SLjOANejpgO^nZ@-ofo135M?i#S&kR}@1Low)sTiXu<WYvaM2)t^gOdLOXthv#{}
zX9l))C6mocuA8T0>@5b;<6|jI1lrt}KR4r4UPYKERnP)5(7w{Pt7JxG2HVELa1Rc<
zob-J>v$^jM>Pi?C=zcgl3rgD@O8LXnD=B|ik*4oIal&ZHk3mcD6eL%$cAs((mba~E
zdE-4SNGP%((VVi1YHdp>>)?7Pmh-eJEuCc*U9iZxUh<mSKQ?Z+!G>(+Bu0IXqdN?C
zn5V%iWzoYNpJpBg{pjwmV5i*o(`b5&lMF9$>R!Eww>W8ju1RxizQsup|0Wzsraez<
za<qS;X(y@S3*vF(DL)O<yV3DA-I<*h-}N***45e5>;o;&xbb0{Pt$b*ZCW5rlVxxf
zrFfR1b2X!_aT$`H8YtZsKk*@8Qqn0PFN84!p<(^EkYRN`p!W0u%1SgJvQNtwO5AWO
zSRr)$g31))dz%{(8Q@*iCOAH0R!|qkm^$=MDH)%(YytDK$1h!Ut5mF|pk+<B&I%<2
zdM}<!q!;~0&za|HrPfc5dL)#cCJ8`e9MsLk4WoTZGO{8j7^HN5!Qq9Eh!3NFA<Xl_
z%uZ1-2W^%S4?PBbbcdVq!En@kBBL(5N$vIvz@Y_SY;jXcn1fGPy*QQluVPfj7UG9L
zE0n&hSBCiL+<hA3V%yE6B3ceU#TDb^KB>;vZ)Y3+8xv65)1Q#qZVYX2s|=v+5&xBM
z5W)FvymTt&h^O#bNmMs%G;-Jz)I2R`lYygBW$#BXxn<isSy22#L-%(M+|U0JA*=JB
z-{-SFer=^!4^`Ppb8HUP+5s>BQek-?wQ)EO__Zi%!=6C(DHS-{n)~maB=wKFlsPv7
z=)d`wRF9e?jyxE_bpFaUImmH-?BD-@b%Y1{sL4l{D0bNS_FO}nN0U!g_$#QDSp$5J
zq0rx_dF$_)=fy)p$@!{zu1%mLxxO4ZE;QCBbIS6XQ=iqSykFp>ybn7tz}E!*(*6Oy
zCg=w-v1$|a1Iz|aD?UTU;w<;Efs<_aazx{DzqWfD?<nn`pv<Shiztl82UiKSyf0!n
zR}z>570QN0^MEzag|rc_Bv&WdjD5zNRO}6zA+r`aqUHAp&ea79cZ5IqEuQsU?Up<D
zIYpOv@tzMPWx1ApOBU<1zFwJ*E|pa8Z?XhiBLh8Xt(%aSpY<eQv&oT@K()!}(#1<Z
zM~J3?@2f)%Oi4`Sw{1**dz-AM(OqF2HGdAu5!*e_t1F7Or&~8+8-ndm!5(dx)laZ)
zmF2ASOg~H7&oXH)2=-bY@oFnJe^K0XLu$Sln+K5zUV~Q@?UbB<Gt{a=-b<#_m0T`3
zp4G!kO~RMYh?7nzF_E57Ix%EjBhJe*OV2jB$Mh}JK8u{-_f2a+83R2WwL8=4Q5y$G
zZDZe~mK@<;NA?}@<yEox7!<rbKOiIvWzNvCmp}dFlTVm`(%#L%@^RkyZc;aQ#Cb-4
z-Gp(H&5n0Bba$Lv6zjt^@+Dg};M#pkDD5pDdrQ*gbd`F$F7EH`uQ!jSlK<Xj`R(l)
zc0R~blUCgR7dTT-I?^cB)8*doE<at?uA$4ie!HxvuqJRszWRh@tq8YXV&$2OZuFXk
z#PbzKJoP|4<A8Vq?Ub)SwJyC%A3*7+5$-?J)%4R8;Qi+-UiY7VtrSB)jp4lYtCs!*
z?UU6M^{d@LC;NJOG=l#(Onl6fID{nHF!5<m;z*Kc#>5Gp#Anq+@>fP?Ym2qWu$?=6
z$gJUxRN(l_q(GDpnVljRD1!oHd<w+NCfzHcKvS?;2zTA@3URfT#fjEL$Z$1N$ZJvW
zQ2An&S)ohRy+#$5I`R5Sn!VUut^cWPCVxyb+OGN9Wu{>)3`PQS<RCjHa60WsvP4o6
zkS*@)PPYn%pNLoPe^RVJ6syU646xt&F~|oNXxezBGi$nj6bJ|9THogD(B@k}(LkCv
zd<-%|Qbhrk5wamoryRJKj8L;hY1iJ8jF7w>R(r+&!`+p@MOA(OH*Agz4ld~A0+^&|
zrr;K+7%0da9Td&d(h^fib4|f0cL&mO#H`#ZOUrV}O0zU~K@i-xG)*hfOdpQBrnoWx
zd(OS@&3iL%h5_sM`~3dD&*zuSz4zVqoO{3L+;h*ttB+XIHhQ+a0Mwh#XY~z_-Of~N
zRNtP)8#N{3ejhIF_m-{rz0ePQMS>PSlb$L0TEnygdZy$}%z>yTb2%AC$7Q0I8MspP
zsR_J75jgrk!vEhs4g61!dJ4_{x&qK_YiJ>qNNp%Rx3J8{?;PL%t$?TdpV8f9D-&Me
z-Gp%9YlMyZ=Mgr>_i2X@P@n*Pp+ji!omHITIft}Ib*RcowOTq8L8mj=-?bkAb$m(t
zI+LRgZEF4YH2!<_K~s);y#tqfL|i&6JpCux%(DEsDIK`jjdXtog&XX*=@EN`*}XyF
z@?SSKiey((W^cl&c%!%Dbdp_%QN12jOl%gDd(mAqU~^UY?u*M5-G(r@f?mhN9A++h
zd3}i_jOK6fVnH|OC;U|uaoUKlud<#At3<ejp3;O!l=|161b>`j?mAyxCG~YXz5foZ
z+x=N;5LGOMBwUx>Nkv^t3&GoOdWpslqK=-Y<%-1gCBa^%=&^g<su;IPhV@?WlRfA=
zk7g=kq&QP3r=?rPnKD}F6u6nO%3sy@Y&i;(#74m1n^42*!E$`}rIVi-vN|}^x;d}m
zjb9Nur64GYECl-3>Phg~B_R8yl<b9<zF^`sb&zEFk>%VKdfaP@ir*N}Zb7F(d8LPN
z4h6APuY{f=k#cVc121{d<A=-YgG6nhFUA!!0&=<DNhl}PXZcSbPegK!C-pC0R$uMm
zMp^?U=}-U);4@D*TPR^>b!~UMrJb$tGGyNzLN@Ezq#Mi!gw45uo-J_4;R-5hS>(ZR
z4t!Bxsg=oKelyX_GHl3}jj-p5@ONno3V(UQ`@5Rt{8=u_^1NNc{e;zKBUCbzcFXtV
z`+(W}pACU$<vn&wZ``ujB!cEHD=?`$?uY}7u$%c$>)wvN3Gc{uwAL#*Cw!yJ>{!vm
zz3B7Qwrp-t(yt|WFgM?S?jdLWktj}lb*OyPMGq?P{W)%QGbt;<Gt@0Uc<S9j57g58
zr9{i5zS4tH%SsM`cxv!Nn3KXNc!b|N*eEfZP1sM;@WEeooZD+)OO4(0Kl!4lzUNl9
z=7bMdatcD0soxtb)bGs=wtRBBB3YPn!wgaRy4fiJx<(O-9=uCM3*Q41Ti6qut7+js
zhMf|&SmC6Fki12~3KnS_-9j>pAe@Mio%m|3?X)B<hbnlX(FG5dBxgx|&nmBJ6e|Z*
zCG7djgUScXD;IatN$GHh<O8P+VYRuq{^uR#=~rSv_85w?$0tYyBM2NL0!T77-@0P0
zO$E~TX9aU}QD0Ml`kJ^-Qzt&dap{+tn^?QP#uWWcE-aBwS|T##yQ~`(OR(O$lI-UZ
zM-9_TV3l+q>_i|)AV>D1?wqjfvs#?EB;qk;7=AgDboObjSaPaYD^B>er3^Mc<$!lz
z^%C)}g#|EFL!%2m1C52x)8MqxXbBgqPdY{jxlW~vD%CT*+x%E-mFf{9J2cTsY{FuE
zI)HyVHipj;yoX)?Y2@h*;+tq;bX)rD7TT`$N_$QSYDb1vkc-==Qy1t>TbnEW+j}s=
z)JZZo?tIi4UFKB{y%kMI-7~?yg%zmo8ScnKq<1vU*Kp!tD-2i-k7?KgXJ&<N`HOl3
z!l%Mjom%-+qud7UiSP~Ser<CUCoIpP4ww%jRwmyE(!IU0LA-ymyXALy-%a{9l>!0j
z_43M=_Gvr{#(*n&T~}Gc>U93r^6g5QKWQUrF_FHioN6CTYC56z?b&Fdo1l?f=z^n=
zl(}L*x<WsK-Ss2PgMPGm{Z>c9GQx{<f<<oMyp7`+2G8>MhgMddxJD(G_;iE^Pdv2Q
ziuU978eKD6Md4}Nq4GNV5+*)xPwb@>lXD))o*IvTmu#YIoP=?2rqaa8>jh<QIF-5m
zNLHpflsV^ArWzB;`w0F}zzfuTbo9c*&4He6s#9N6?AWP=9&D<*kEKmj_|Vgawmc^`
zgixTeCk-wCh-z1q!6S}yRH;t)W(!C4LVZCmluY$P1_zzG|6G|qC??j0K0UEieLC<X
z)u;D`?v8Qj?%hSGPw(rbPhY=Hg}jz-Q_-heFfqxV*u%kC?1pFyRwo0D#cnv##E?5O
z`nzL-=fX}l?>i)evg1%-ZHbEQc?hS=7^e}zpUT=)B7-eLLqc<I(VwKXB5>>DR7aGe
z4%DEFvUw3$N)+8emd=%=d|ig0Mka}?OZr(0>oe6$ZYEWwcYCcdSF{6ag$DseF#Mvm
ztZKFw3Nz+_>omxrj_z}<&5LH+%ixp^0y$ukH63yT<QZM(h*kzMP~>H6jBK24X!zWM
z`qD{ZZ6du%4zSjj-Xz;H=on@Ul(b~La4IX94Y81A4;=`$cXE4bw2_MACb#Cz4@6sP
zxjh%!OE%!-_Q`SN5RO6nWNH@7?1j|y@uh0nMO$3B<DcLQ3XEuDjHH|{5f*m5Zr2n`
zimNJ|2hUe2dH#|XtRj6_G=R^?!>j0p_gdPU6Po;`(wxVyqF2pF)tm8^D7&tEzMCpb
zSH10s5LIv6W(3Rh+^wGz_1vu>GvJ6^&;1$asOMIF?h~NYcR&7npS@E&(RbIJhc@L7
z+U?^T-TN@;ULtzJ7))9zdQP-p1#Y@IOSD5Ro<`|>>Z^@8$t+ASoMp+wUR93=F1^2q
zBdC5ovhxEJ=IFdp65bU6IxKjDVb$Y(mM!1T5W5IN9Go<X^2}A#S0f978M~D9vFxe>
zocR-OzzC5BF^<7zYSC2!kK$?(ywT)W>00@Hmp7DoACO&iw9B^^Zm*<gen2fLlU`}e
z(bpAWViYIlx33F$rt2P!a_I2AQQY>|klq%9<%UV_CYO4c5q|Nuk5S3|s`u!9qQ!f3
z;0Ph|qzCutKfiB({?}(+AV<gjsz(D}_&y!*fc{SJ6Wok{LkBwkJ!JeNaQvUR9KToD
z#@|6X{u7>zf39r&-<NUxbJ_U&Igg*kTbgzm18A8~h+8-dd1cIc>TJ*U%p<s^lX}!H
z43wxBrZ&PTS3=m-It1D!1Q^<P3D9L!#OYF4RceJH#hl&dk-mSB*-CzJn}&x$!BLOV
zk<jc>2#S`ON|HTy+7lhnv!23KGQLwg^{)#%h!%Ei1U&V<W$y>nBu1o>M+L+4N*X9=
zJ=2AjFk19$MTR_NwDW-jvAi72`5M!JTQJqKa88GQP*KWk#zdFFU%sSwZi(*@NU=zf
zvzT7CwSt_vGDo3WAv=@anr+Oa5x0_FYHSamy^JNce@WplkMRd@zKOddhAzDe+kURy
z<B-wZ8dQRNBk60UNPIo<pebqwt9NY2ZAV9(U(6A=Mh6Sqm+nYjEz`y+yump*8|Ru*
zXXDzYuAPn3B{zmv6};vJ+ZRqR<c^g2f0H1=kDTltIj|!g!5=L|ZDxJwc*RN1s?4-H
z(#veSv9rjLrszlCtE{N-z1tQ2j`njxI$5_b6gkT&s2NCdWNm!(z5BECDVun9hLI18
zYS~2N7o7ATO>}lbgs)AMDmwL%ot`1Whb;N&J_>peO-n{A3{QT>px9&+%MF(dK;XF!
z+JEqB_8*}8OgaZahj&TlC3#u{H80_#c1_H8FacqBlaSQkgT$+_h&@HKqd0~C29m#g
zh<F!<7hpxhpoq)(n7pM&faz^`g83cT2AUu8^sOZift$=!(XtUAbxq5LK*aoZd-UN8
ze8ge0(fi<EJ6XtK_=vvlqJgVi#vDe6j@eKWP@j2X=un8IvWxnaA|k0Z1n+0&(Jjcf
z(}3>*2E}&Zqju`DIA2bTiKH-}HM8==Zel0A-%K`|FOrJ0{3o32h-4iTAF)UH(pQwb
zqsUIL%g7@qc*N0^xrvr<LMc?4NA*FLnuqOy0ZMLA2|5y@@!_jsdJw2NMcjzk2K!{9
zQVf^Ybi0Oar+T5~k#h)<^^}vqz7QpGHU&EU6TJB#pL4Ye--@~fjIi+yej%HIPeh7t
z^lY3tvK#D9iPN3PiO<YVeHP;b#p|~2HfU}b8XPg?ob~N$>Y(*W3ovMM5-kR8?6fFY
z$<%T2S-dSJzCljBd3V|Y*itf=w&b9q?05*Z%xg+8syJB}tHt5H3vMt>qa=(vM#m7s
z=M?%9gs-7m(!j_oEy3_W1Fo1g;D$}3H&{M}IWV;U6s9%xS)Mv)^d<*ZUpW8Go%P^E
zg#H;|Fl9pNkfP=qC4Cz#S*W=+pD{E!#BVIL;s2%>AZm~e-#gAm6))VW<&^juOeGqO
z34fUDo<&YXF=CLnA!@%-mvGjoxo*^TI%~)|?+Z5++dl)KunYUv)f^Yi8FDW8l5TDI
z<(!TDZUbFxcLM*84luwqGgT;q;_e0bZ7z0>uMT1E#>DCZ{B+egT^Rmd&Cg)zt|x05
z6Cjccgye#FKwUuF8$!4$gpWFzmQ91%{4%3Hm<og#%-=4;!L5hcF>3xI3FvrHMmTT{
z4YZd}19EEkjhsdUj?>Z8=9{_=aiQrm<7lLyG3aYE1kZlBdO6*?9obakBeI3ot3W-4
zi$FH{LW6l5{%MK1&J$82!gvYly=;d|b&FPK2GvDHinrE{fu~neo~A4a{t@^lIegAN
zZ$9dXZpK>=$zI(C^gpYe)c!lIRTYQBI(lrxjU~s%@|3v-vLd2RZKxZMrIZh;$I?-i
zh}7}J{&S_fc<cTyj0K;G^e0`8I+NA|ZW>1xy+GX}`m+9tQ4%wcPHAVYst9G&6y9i=
z3uv$ByosR08YuJshw+j4C?RbP#7BZQth7mp6L96e%_i*5B(l$+V1eu$yEH4h>He0S
zQ1d{cP3B?_)i$mM^>!xJ3B?FI8q=_L&nA(huo|db3WQHc8Xk+*rzBs*3t2f`Qe#mE
z1f(YHIO4$^R$|RX3gHt)kH=kDh1+|$wP!ksv|k`XbSm0s#p}g$3U#RQ<nYfpf_ub%
zgZVfOwHuB;ZplE<$L&)ZWe8pnO_;gGee_}kdoht!!{Ho4k99HLH2dc}QJ9TR3ebTd
zIxR_Nz`dk11@1%9Gd;Sg*bJy#_^V-EI~W@yv>i;r*cdq&qmqItI(sE*|Ihi#wf}$k
zid~kFV~8-?D#PX>Lg64<Yls5ked8lRJgk7;U%wfFP;YkxqSToeTQbCl4qi^o=BU08
zCLshSAq>sK*ejmO{`7%Xx+09RG7c~UqN(&@_ZaXg3E9HKC+f;k=`(}WQ0e#fE+<l1
zbVN9Ix9~zsZu<*RPtDNlj<P6(nl!Xe2uQ8T#F7GG&h%iiZzgE9)&S@Rpf28=FRXZ<
z9$NwMfRBo>U|$msb6k)|Jx%1{EBG;zd&qRKxx(vjL|M_^&#)LAph0U?pQ^jkLERN3
zs=KOkq6UrGkf`apehw0KT}M(GBxRbxo|)Lt;Rsnn{yVOzG^F#OAs~<)1Jww`C==eZ
z{CBmWviX?JZ~-BFv+bJANov_j*K%o*U2u6Dnx=qBRd$K1Ph}TleYdhp2*@rvp$n+}
zSTnTiKB`^sCGUD*E9|;|a6@XP1|MTs86jbef}RYfY@n%7T71if*4*~iQ0#iEb9Rw#
zuykm|QR<JR@W=m2HbEiu;%7oW-SfiPo)>~H_8jA1O|>g8K3*D#T6#J**<gO<sI?Km
zSJY^}$5D;u7&zY3C5@(}$_%mk&wYITWu@T``pYqJcL0>`Fo>R0R7`d|sK(EJv<%L{
zp7wT=K>owTWP9QOlK3+wj<6?!GuZ9Ra0dkE)b<^aaD#(~q6Bu;hs4<V4I<>Vak}bT
zT_U;*dJ+mOb~4ZHU=s^ypujVzQjG4f%<+!Nq1yXm@SJ_apxXQRl^=c;Z~rPz`Bl$H
zqABov_^OjrZ!0`tow3$dW?a253bXy-%QNJsb+mP)wVibsJLU=fg}bD`1(WK-fgU7E
zw^o1V*_Cnf@>E$Uf-%C1;i92&Rw|W(pW++aW#@F37{EKcH;y!-+KC*EVHksx3Cp@U
zG$77xgZUAfoGU&0L|n0krpWEj2T`pPb3g;0-m(rO^xvj%*5l0=bawRBvy3B9PS|;_
zbpHnv;VL#YlnCc{0Q(a03ulhVU}Olf)O2(TJkW62s+ZL2t?q3(VXV}uE~70zep7F`
z5^1?8kZP_YogQ?T((MBis3voM7Z$HvCBF90Xzl$-)Ks()FSw>s`3dZk34Xc;=Dpj+
z2QHbi35N$LCu2>Me7MQ&(Y`CXRnvAHnoEK{<Aq40=H{lV*c7ScDx93lwam3hypQNw
z<QJODn@<Um@1or_E-*w0HD8|mOvGtYHT7qb#B0cTcM$?3besY8<QoRffWo{fmsFKM
z@pP<d3RoVk1y7>|ISyKgteO%0#vvmHQ_nLIhxyH^$);K({7(n)n!Wtpb5uuB$w@~+
zO(Lkaz`c$FPSl9g4vOtDhHWXsXtQuw@DOxpsI>!q;089L4l7sVo%$%I@gO>+^R`^r
z*@qeiC8YCFxw@=lejG!D_|O#I<~hnNiI%rwSU86ZFj*0kD9j?I+pKOv=>GZ!3J$^*
zmh?J2XWE#Xh~^-r-X1P`N$vLVA!tm@r0>Sz4<fr+`ghcdjW?a$niKvE_)DenO0;q9
zY!A%%;V^pT?O?96X<|os3#%awcFU^LkvHY|L>v_bduuZX{}uD7wh3fOT7n;>K@Cw3
zqR7~0u*g_s_};!`^0ivjwdnM9u)8$6qxl4%bFB*BYAccj5rFvycR|(C4pl8c0HUg8
z50NiYyGi>M5!tuq@S0-2!F3}Ub5~P`BbCyEyJyurl4$9rO|;ZWjIhS*e(I$)OuIR9
z2wB96r&8aE&5E_9#5LF*YtBjA4yefQy_OsxqRi~HAfu)LW`lr~fTA3oWmp?s6NZZy
zr)UdBixhVa?oy;^aZ0h`?vUc{?i464#hu{pE+x22a0rroyx))9S9Z@_duC_PS;<c3
zxeOM|xn=(@EQKz4kA84e1Q@@6La`Icf-pOvXq5AOBj#@P;zb<3tN5x+5F3l{$sJ67
zV@PI3cOgiTOm*4wVEM*@OX4z~h8&vu_^Dp)Wt>PV3Ca0ooXs$lgyrq9@?Z4bWnc5J
zIqjASGLG7lgkve(*mcJmhN4Gb`Ri3(q$XviC+4X;k1b+P-mX8!!q$bUW_;67z3AT$
zzZDxFxap*t8$y1)`ZIC(VL{vVP=fx1wTaRPR7xYv4ZST8Egtin9wNk>IYc||w#FQn
zq<JuZl$am7=w=y#N=v$`^=KjyMH^}MOgl1^EpLAaR0N_EX>n|@Bj<--V=}$Z<tr!%
zbgFf)+OzR!&uwtuf5frTL0VGTWmq~{8d1^%RqUx%V>fg^5`~{E1s*LLRfpN!vACWw
zy|km~g7Be_DWz3;dA2XYb0rEV_x4N+B?%#gC-+E(V$N^v5*DYrdeY44=896X7u5_#
zqOR8~i`YKB-lR5U$|w)3W{AEP(2E|QYm4si;j=#bC8{i=6W$XG(H&v5Wtt`{gw2~r
zQyb%D<iATZ+BH#sVn(Q7XTAE;OicB*CeS{{ch)N5i8*Zp@-=x?=bNf1qmU=AmL{2?
z9MM9wGOOU$#6$?+NQT9)=?iS8mr!(NRQ2`{NFkZa#bk?kDf!#u--r@&utvUkwx5p}
z>$lqby(jKmFIJ`v$eMk@+$@*3R^m$Gz+_L}nd~1N5WaNa?|UEj4Kn`V12+|qmC1cC
zWHN03#K?n()5aZ2l2R4pfte7rP{39%^N*v~>Y`EpA7=+?nhtEd95?@J9L9%M5%b44
z3N=i+rD%)rk<4N+dzW`|8Wwy0c>InugY_;bXY%PT6I*E2HZ&@B@qG;c{KlQP_UR!x
z^@GRK+ztZQ3<jNoHTeRg5b0+(!fejBiw>m;YHuUwDLE5_-Ut{#X65B=s;Ia3hEi)l
z=Lb~A6?*OK6owlk*piu(E2dT}!bDNSg6YeXx$jXfjX7(hL^#1vL=o}Q*{Ms!9Qog~
zNsATi1bl4n_!=8Y7$1KjYV_dDDtUL76FnCF#rtGbN48{CqxPH2ApFbktDUXVK^&O#
z#qL+m-x_-zd4Xoajy|`%M6<JAgGhF5I>afCg8@C;pB^G1(h;}Dc)r%{`?c!N6XN$=
za-5c^Uz*eI=$(gZAJ0zzIhjFNQ|PUIM#;A%znlJzWX5*ntirs0`TG^%O&|mFk9x`Z
z0y`gqsn7t$hG4POKz=h|*frVLI*h7dp$*24J%Z!iP*g>{RfsK9M!?@Nhog#Jmga8m
zRLo{nwWqqFy=Hemk*((Fck>}=2c>PtH(gKM=RPB}5P3?;C*wC~{PF+zL0s}Y?&LRI
zB0iON<`yUjfeCb!HcBrNqBt*0DRc1Ap#or)G`vRf2E_O`CmLoWO7ViLGYi~jyoqyc
zjm?H(Ql!D!+kV6KvCnRR1;2A(%{&cr@WfE}NB&w+p9V&$5JvXWX9Y2fFoGjhJvN3H
zRbe{6r<V;eaX7oDG`!DX2L3Vb2-J-6!k~1s5jF#4rhBR1{ZU1c2fKBCgdf))Zs-)i
z{qbL>tY`}1JwpakB&vtN(nJ`XBJc?mXCw=MS2h2w(&EFRm_!V$r$LoubFCi1GdvcP
zT*m5Y1=anrX02NV-h>Bufq$SmhvR5&xK$7=Onsv-d4%SwcjDXt<CGzWK3<ZLYjuNZ
zAND98@2P~t7Z!;TnUmxj(JP_^@X&2>@C%iJ1ms2c3hKz<&2Ol3pS^sKIvU>DTQ@{~
z7hptFi+jlY?&;U9-C4iU(~MWjBeR#{X;dgO0IU^;+4_{QO@=o5+2~%piX1q_2(!*6
z9pEnlzz!tbnWnJnG@yT}04WTpWd+%svC{BfdWHhHNm=$`nz!PO+sD1zp<*}%#SEOv
z7Z_hn3nQ^;V}N1fU*<tn!hs=)4?`U+`0$6^<WZ&EuXyk`slJyV6kw@Iz~~-dc^+Y4
z){VFC8%j5wG_N<bBjbgxDg+Zx1U*zyt>74ytyB7OR3*wQ2e%^5NBJzQlz2rS*QsBF
zVq8e5E=;Fgojo{=f6cM;CDpBb%n#>e9m*Tt35jl<2JsMmyyeRZ;7?Q%fX2{%gqXNe
z%?g%ndN@YgiYizL$?pFXWWK04J`)JY!cdJLVG!Pm;9~^OcM8SN?|V}A#;(m_+Mz~c
zbI4+*Oyn3wO`2~?UqRh@Abccm_d^<|n^V8pz9;O1HceFRIm!qP(szBckq-_k2yonx
zI?DkbDv_u%R~{?5;nYr$)_eQY+zOm16~7)7(*y2KzU1fF&H^-SU0Me(23gmRzg*cu
zM&X1OF^+eDRLQ0mLanJEbY8Q4MVOLtpsDtI;l&NF>oOaX%}F*ZyBeDn7$)BZ@|l6L
zO!Mv8r*Qf^6_OafD*OyrHCkCcn<P-LIQog4KfQiq3u*D`Yk`I0J(tLiu=Q^iKf83f
zqTAH4wjK(^-ljqUPn*A2H_c#^j{p$q;OM!CoH4crH`z*;M|HvBZ8R?+lTW`r^we(U
z$h6VoMbW{%t-``myuJ-Psk6IAicedUra@FT(_Wn=6X^r`h^-lE!TU|&zZM9*U*Xh;
zYi^H}<Y!6?_u4C|<T>b=2STXaQAS<|&sMLxqY0g!_M;5h=BD&_4&bTWTZa>q(~Z0~
z_dD1hV~vx%rev6#`q_pnYmTt;B(K=vQeR>2Ei>U0(M!+o&rh?1|Ja#jBtTuU+By8Q
zHJ<CCgxEiK^|U^`U_rd}|0GyP%9@tsE=`Bh@5gKVR+SXw*C)l0U*x2*oeO=q;sm?S
z={!`Snb*WOSUP5~IAvtpHJ7y%*bkmYmQLAt$6-0ePw^PluW4HiA17*RBGy#Z?QbEU
z{nCF32lUpmskdnOfpm)AQ~zkV8AWUgDkslttl8?wvUb^nxMMf=?&4TK4gvgILJNlt
zMBM%v%YF{?t*+ovmzk08pGgO_H?(;H_6VAwI$Yn|T1>$WOK9|dQuih|dIXHC#?*53
zKy*ph8yCHmE6uX%MYG%46(3z6lGAlkSvl?Du+tL@PccD6maY7BG2+`!?LXw1FLt}7
zA=DX>=U}<WFO~`penri)obz&V<I&T;zetsexqZ4Rb=NvS{J{)!Fu~KX&vB*w_s)L|
zl+PvFj-hL}ju`yxZq2{C<9AtiQ<!<i;Vjb7)haG!C}Q4m->|MYRu}$bB*Nx1&itCw
zW+lp%PHB_?KbV;02U(=2OB}?Z)~162qI%Ft+uTcRX~OpCJQCz$h>GPfc#POa`{yw8
zNn6=r?5J4IYviE{aj&^22R(au-|WLUuTS%&b@htdhaJjMr0#I=QWR>unX?7m*U!%J
zm7ZUx!c5#g(dUE~#nPe|g9Htt((C+6m58c1(74Dxj{*@Dv=nApKcak)zR~9h|3i8p
z!E!`<*Jv*Qr95)(j}Lb&8*9bgHLU(+NM8sGrA2CI7?8`3%XpOk!9jlg&L*^(-Xj>f
zbSax4$q6N|@lh|1K#`%HBJZ||qMHB%bKj){`b&*HYI>zX&Q%cg_dwu!s;)jEu1-+&
zdU}kLHXTYk9V0kVBuP*1hLp;(J^c06NKz-$@xHl~Fn1{x^IysOrs=Xzf+3<EKbu1%
zMK)Oy!P^4$KTa2fCch-tMrU?u<%Yk3GB^l|!vdb$$}lg0enjc~JR2f>34hlzBhQv)
z-eqzB_FP8M|0<?F#j1YS$5W>_;c-$746ka=IM(#VC3JA7WK+npJh5O6nER!iK$%k@
zL3E}eeX!@?m%rLE++4Uj?S6MA@Aj;7?6_FFT-?(-VWT(17dOw?I5CE;^z*uVPpFd5
zp&Mcc*)jv(;i%kch445>NS$0B@jy~(AfyvYzr6+`JJxt=m?wOShTG+?Gv|caL&P%i
zGj($IQ5dg|)s*f44nK@O$$*o1AcPY>dI?ME`*tN>Tag_Wq;gMFzd&V<1fN_Hy5<E2
zBEKYH2&14p3J?k0H(L!JA))xYGjUwRe%n+<1V(uawjv8M5-p>n-2F>%_+Zpx9{+M^
zSF)M*1W{kpDmwfyRr@x5lnX)}wXPa~=s*M@_B_u$q!p&X2;OjE!E-iVR7Co$k@9*Y
z6efF(SFPdyPs6*~Y7nUerm)i{?PxQ@_q<|3F8syf;s<xX4p9p~26f*?O-?d(@Wk$^
zSg0!6QNx6au^iu>BDL+8&gur}EaUw%USgKGb5+11sk*sD5m!Z=TktKm!jK6svdf}Q
z)%Qiw+1nij`D6Na-{^Pl66&-Hk?|lMU8FKqMI0HLkSVMii#ofP!EC7;mCg%)tj_Le
zLa^z8>+Sl$6SrY34<$!Bkn<OG28kmEn>%x6+ZK)c+msB^FW~m0m9O8sCi0j1s&YFQ
z-&H&ZuXQvmEU9f)o9;`+{S*P0@0D!+Iu=d#I4ybfaxrX3rXnA{K#$Zb88S%F5QR#C
zzQpMxCV>30x0bknB(0Jw@q-59I@ME9YTJOy-iPB^Ss{VYSZ!84WW8QuUfVHrDH6rI
zW*5T`b&oe@Ff#eD+uAivA%m#fv>T#8!{xgZu43mqnC$2y89l^dsqTg!<FVaI;^^fp
zhxRec#Nt^ju6D@wvxulZyGYDbs4D6M%AYlcJjm8AyY#!w#oILF`+WM|A18R**%jLx
zn|xhn4g_!;pOIVC&E*_@f&Ioen$ySjm|ag18o}11xM~qMuBT`uV9Z3y#jTIo*u(#b
z$7fm`^{01#OBqnN8zbuEVy6E<y3G07w%hcJg#KAeZgv-AgBOU^jPmHj6!))l$ZNaF
zL?W5F8HJ!Q`ya7pbV+**eeUs*=qx{R4)HG-St57=FeLTM)A26tNHai>M)=FNfbJ<5
z+4#rf?am}Yq8Vb-wydUZ1DB-soi88i2ZuLW0QMiuJbZHbt=W2>+%-idSy%`(yTMIA
zSg1TV>{olAuS~;*2v{U5MGhy(87bDT72d~T8{7Om4e)jGWTerL_}fw8tht%qq$75K
z@J9pzW`mlM-mXuq$N}7zdmqEPrQCdOe|@-`<DFVLEgNQKyL%F84_fSOHsZ?EmA3w@
zXGC)?mro=Kn3DnPRd60$32)^r5}f1fd=THIMM4?i%Eh10;*me`{tGg`5nA5(;rkoS
zw))o8m-@i-*8`0qg~;a_E~Z&4^q$sJ3r<;^vIuVpcX@fCoo~I)3AEH1bp5uW`cKO-
zMl{6qa=tNgUrU{F3C8I~(n`IM4ROQ`TTt44iD=sVo={8nZF*B}aJ@D0a8R%7sk`v1
zSDy-%a9Q5d2RDUu2ddoUyS&YmJ&tlS-jLASsO2l_%Be&7NT@_|A)&mYlyP2LkSG#s
z4%gOb?W%j2+@56$QaSp1|8LsFi?cs{4^*DMLOWnzX}!^=V?gCH6HbV}!yQ-Lr7%kF
zPnA+(&(6Pxcw1FgqL<L9tmzKw`pf36sF)n7g6^j-SfZ0@rd5PDf{OLw&HEz_am}@1
z7SZ=*b%I9kb=%P5-)x;N#!`s8LOSh}z+wsi3cC0jUeCz&pxnYaKw0RCr)>*mqDF{H
z{e$p6T@kuh{QJ%D*`2;_)MjM<7K4Kaj$lb@(eYhZ`>X3p*q`?z;?|Pd!053@k6-B#
z4SBICS?)5D6Hooa+;@}LSCfGLW(DVUIGQPZ06T$ah9q-2=4oJ;WZ?1E{y5H67kKeW
z8%RRwwKol48HJU!mx-<1J_{2*iLKSbw+#ht<5#O)gRtViHiqB@UKnJK+84TjSF>>0
z{gg_ncBQ*hO`1KTi)p<WyJb4G_kl9oKAwmnFXU|$ES-Lm124kelMxYpj?8hi`d)U)
zDK58H;ZmD$6HNh`Pz(kw6wM?B!@fthRx&z~`E%<CAKCK-MTBZk)FY;i-|=h_=syqn
z0|cGkSgKKVUPx{^xCs>QN7mPnT{;Hlh`yQJXZxf%xi9p9U!_Eg8JvtPDq_J;&<w2!
zOX-?82|09Zn_w1BF4ofVD_ULhi+Qq&StKqRBzLXgG$y2PDyh)ZV8ASb3eg)8qW&Fk
z*CM)K_gu0wwj7H>z<2zRk>4`q|Mgb1U8?j&lFW}t^H0Uq%Z95~vd0>G!S&y$*rl~z
zoBI=iDX-w1Noo8iQl}(m#Gs=PKBTT5DXqIZMXB}kGt46}?57LE($P5H3bJ6-GRu;+
z9K#g=KDgcQ(@YRI>+_Z8+AmR1=ciaGuBQEW!d+t7M@NEuU<kRR7?G3QL-hx(hhs$F
z0}>ghHfzqu=k&i$vu-n(ry+^C1;mfOGtb0Ex!rq8ANNYSwkMi@lIXoZWaJuL*2e>K
zyyhvlnIc3L`X1wMQ2Y_KVU{fm>w=z5&va=ypz?c<c>8M{AJ*P*7G~h?^J7zR*-tNj
z|DnDm5j8(!;4owNk+*dyHnd-AJM9}Usp#}NQ8rs7r<pu%b(9EmG3a~Z=7uBFoO!UU
zwZK=r6Y}HELZ&ltOUcpvWtK)L))!?mfZ0a}6$~2CMa&nBBiqDIpR=t^uBpND{Ffqf
zs<)U(kH4%Giyce(^1`>L%ibH%Y}{%IK4(Y+?Jxd_^?c$u(&G|t4anz|;%zvQ`YEJQ
z*u)6_mxytDF>a+@VKS`GgkwoZrt%(ZNay2Zn({&zxA%Pf3}b8`C+CnP^NORVP<AW3
z5Vj@j88B_N0lso$iAc6?zk1fU?Wj_>m0ffcVk@A$+qW`{A4ae_a5!KoM<f*JqTK%u
zOF@<VRSQIvq(6Amq`x|EX1e;M(`xC5)lwWtjk53}cypLgs=J6~L%*kCYU}0zs&`{q
zMB+{)`Gx>}i%gi><gKu>YQehgt2E%BQj1o4Lb*-6;_di4U)+DulIR`mZL%voxPNfe
zD#$7D!o8&qE2gL4tTt5%97wX>Ass4|%KLX8)o`l$85nP|0m1t$?FE%PyIk9%2fq6!
zTo9+pw`okHGDr76NjD>!qk|q)s9aTjekEknUTQ~fyOLsIr|4L_=Wv`#LphaO3cMoM
z=*a2$_ajLe&qvBloj+9{0&aJc<*s&_(m#$8X)*Qq1YXvZA*+%-WGY_p?AS2%%;ow`
z_+2#6eJQvlzUq7XIqzgw|GQB{X&wv%!%T>XLkWc|zZ;-}La#*8j3yB<Q-EY3OG{^H
zChc4p6)ivM@mu;zpCmy(HW6gHXj2(;Dc(w7X+so^rELlIBD?nMwl<V@rjp0|9BY{b
zs_LR8!RO+j<R`G<PDIVab&xSkd2@h?21;BA$>CCTyOjLG%;XTVbskC0^Qrn<&ELpe
zGoqf@&t{{{y$D`PM0DsL`jM7fDXBf4>(Pq!cw2F)1v22;)B=yqPBr9ZR?c#1es%!;
zj-uXr^eK-5r2z-Y{?X9GbyI(7`_H9mcoHQ=dyxy}3{bQL?#no$|C3es*+$IcvWCAG
zX7Te~#Tp)Ed_vWjuui~^#bAhb>_i;y^m~@eY)0~Ad_f`(`*32mt=F<dW<RWKr6eeL
z*?*MSV+GsI&Wv-Y+20Hl4s7}HXk_<sb`;W|C;zq4Ch~uajmmups-FD;qN2yTQ~06z
zo9&uepentE9C3Y{RUx5+zn2j&bprVI=h3!NAULQ0y&5$ZK1a5QtnlIYAw%i7g+Hg8
zVRLC~Tg<n^##VS3F6mj68tk1^vSPOLo7Br$`(VPQzPEjhI0z?*TTz9`pbV0^2ZvPH
zG{R?b%G`nv-%*7EN#a~TSNuU!dIQ)FXxQ~DrSV<mcz?cymW0zS5lcRNjbHNV^-Y1~
z*)xvVV+u5pBic7fU0jru0e;N9qN8xNli~U)2bMe9hEUo2o5@#$qzTG^l!Qwc);Fe8
zAn<$hkGMUPIiqC%t(2bIfx3P;<u;07ZiNYr)7LaXiX3(a>;bEjhYk-JT5RtWHg@ea
zSGDGVI}9Z3m++T{g>iGk#vX=_X9CKr5zWzr1|&{XwBEge@>-n3KR7(5<kO>3<O|a{
zj(0fS-ZMCkrf7~{1FB6{f05(?%K?2KPsE!#midhukUqzKN9*!VbvH@qNY8LHVH*;P
zClv~9!eQh)=2B(Jo;(lrWHfJ+b$2!$wN1rm`@=FlJo)vDF4H<^1f%f}jNrMZGakLS
zXrIQgBQFsK%*>3zzR2W%FTVl;#-ENY!X&yA2Fw!A7z~w#k20NPoE+KQEk?lNtI(Vi
z7a4uRAv*e@_}vo1p+B#+4iXe8wwyAiacgomz8V1HN_1vb=Q<Q3JDPvy#_lU??J5^}
zH5&~IC($@yOaLUV!LMsdy!5SdbrW7?y;G+<Rw6qxc&4PU!5X`|R^SsJ2$Br=W9CxK
zKC9-gpZvAnbjRyskql1_>co>l!ad_e`xE}YU)iv};<d_L2T^2)xr)y7x_IA@E+#B=
z^kQxC(NhGLc1*K-=h580Ix?v{o|04cZ%xE?2LN-*?<+Drw16qbC#*3r=89ZSU0mJi
zLVV{KqYuegF7^spP91f~cJ7v%Ns2~*mU=+7+UAcEL`pG2KV{wkMB)-epYu5i&A`*D
zd-D1`fARV%30lDLh$vN*IV9|~%;cTSq$|!dwI)5oONXuJea%;K6W5nFRCMJ(IYRvb
zSEcVBg2Dyt$R*%Ma`2;Iy5?<d7ES691-(*XWimgCs-70B$g@xk525Vlm;B$KPc#YM
zA(7kTM~C{ks)mtZu4RRn9uCnb!Y!|K29Fw6O`^nHt9z2gNRDBN^H$-HpUy~c8aR&_
zzkxv>r<FgRFP2I2RJqpg{ZG8Ezl)9mp%Sk(6%#VqeE*Sem+A*%?c+0f-X5F~yx+!d
zo=LUe9p6X7vJkVOa`3|8vj=WDOZ!b859vR9x}YGsO{3jZ9AAP&dUcNAjJ~(NhW$Dj
zK(Ejm)8vQId*f~$LATN18lf{N$%U3{PTfvLq}%5%MFd}z$8aFN@j5(dvtlWU@PVma
z;lrhtWE7mMYt#W|Jg9Ry0l&Y{656g9hEsI4Ezj|GtuDPnZ|)V3e@kq9Z?#pI9?Feh
zaon0)eW}&=A3|P{!aKs-C6v5NYWx!a3f3>qF*WqGDd@(~Mfa#0wt45M8Vu{!0Uc(W
zSM2NAUoMa}{@bpw{|^?8iak0hHYtHMY$&OLHFwBu13JcNuSgYdez2A{$+%pop(Zr$
z^jbsmy;Tn9?$TR{+^+ajCGFdopF(cjNkFq*!ATwaaJ+!`&iEGR-KEwN9<MLal458L
zhW%IH1yf_jhvNZ5Mc>9vKRMsqzlA=&yns{Aiv@EA-^O>4S~nMWG5UTca^v;#(1+u)
zjqJ+>QX=1!%6^@bu;=RsYZG2AU!o&K<D9ii_RWe7q}O%{Enh8#UY&|z{^w%qqcSPk
z7&1Q6>V>zf7$0N~ocF|#>P3ZROo-F+f9bM^w1nt70D3BWOEgWi)mFZ1qfD7-D>J+%
z_b?KryLFs$*tA=6*u)TwKYr3gv6x`P9M9ZDuII`zS@coiIQhho-Z+kK;a7oEUu<gf
zg(S0*ieJ7WM`-rZi2Ub*7FCsE`ZKK#p;E#kEtq$fbhuqs@3O<DXd&1mrs3IZN&ZAO
z(5A>uxQBOkHF=Ztr(fnPl$9J~8bWDXWc5OkUoA3TQK1(oCm&_`YnK4%oZsvriTR>?
zCp~<=m2CHYrAGYDtmKrArTvo`a5LF2-W*NJJyzq+fh8;GR7zzf?AzT66Rl5)#+^!P
zCqdm3z`Q2y*ZhH+NvlS{-haZZCciZTLhxrv-=J6s5e-|)Go#k=3sP5cp#C8hcQ<4x
z;*B!*k+>`3qOO{0WSlKGxqb7~t^6#yL5S~<e1)CHyPv!^)^d6XjWR`hI&1HKu2<91
zR4Fw|7ioRNOwjg|)+>NZhBn9YCTvxSrhNvlCTL)Q+v;T^npY=X`}OPBT88v*1J`$0
z??kC1GS9-@V@~VHcYrZUy=fHWA^d`_4on#iB>8!lV*Qwp?l)P4a(*eU#_+C*JwFl5
zM$|jy>W%9!?O1@Mp6BMC=V>db0uS44#Gs5wW1`d7T{fbf0<(QleraDy9ExSi*klCm
zKoZPS!><7p*sYgXfuPUc;|%$D$_b%~ph5XVEDB-`4Pit=8JB{87}Ht5b2A8DLM@@;
z(;PD>c&=5JhVsv-6``_y=_zy4kqe8Xj?^uT0t!G9u8#Nl-$kxSl<jGlO0)h&Qwq@7
zg%^%Yh-1tAej}Sd;;3kUt1oep?;t6~AvkWO(zI5!>HVO`>@sg30_!-H0m@p_B1aVS
zcZA+$mK-TGG~0FQQ*n1j%%CWF#+kHrf10<aOEm2o`RIpl#E_|5^+qbrR$2s%^^>-X
z=wvB;wfOUyvgo#e1qPL>VgHCpSaMr@k_0Xzk(7|~SXLS1#AN@o{K8~ENO~dPjK1;X
z5niFG;H-e`fOC;|bmZP};lV%sSgUkF{)D0D;cB0`k@KBcvwO~u7zVCPCMg)MA&4MB
zqR%V|=VJNY3HZlQS%cCJwKg?<seuqZlF?HsdCqSyxN04(^#Aw+7(<`eZmbI!Wm`B3
zNSDLn4KnelZi1%XN=Yi{%BD}3Ww!i~(<bmZ-QQ*B7%oMUNc}VeY-99byJ1eg8GL{H
z=I*4uH}cxCD?YPwZKWa~Z%g})-{TKzFF58MNma*Je{$!1gFBLT@bkgm(p2ZDtJuZv
zJv{JPZ=>S$9!ZAOTZ{ww9L?nVnE`^Pa`q|EMzToK(NM1{`W`992A&2%OI><o-@p~t
zIsrobf2|q^!|%`0FbWKmswxU!0g-7<)f@T`PtvbglY2$be+}TT)qfVF5?<l=A9()*
z?k7W~DhHXiS7VvfBmd2sL@JMaBxwBEqrVA?S$h{{I{HdA1T9pe>EtP(`oGniKZo7@
z#MDsg*4J^rQKGbhD3>u&{;lIy1|q&1TKwN|>p#Qpw=3rDl*>hb)NQ6VgyZ!rZF2rB
zX1JBj3pG}MZj7z5Nz*f4j8wNtT>NT%R!YRFW>Xa&kZHYejwX3By1PJBQr1!a^t<6H
zz=8Z64eXw*1GL#SG9rJs8PGABOF&PTd5yJ?R7YYE7HlDvIZJZ+E2bB#F74aa+j5Td
z&qS-f?496*A8g-Ckpft9Z%QL0kq|W6QkAX`CP<E=9@^O@g`=Z*Y}d)ybLs=QD@{Bv
z31V^As7Se`WzlD}t}ka%tmN&CiuN%dh7af+U|P$!l1FTBQIDrlBofyX{>Z`5GLK8)
z0a+kE{1@DojGC~Z-D{MVCw!#@6l3%2M!`SX*IE~Wwq2{YtV6yN5W`1b8BNwD-}U>F
z>&ELMhU-Q+FVvS#Pg3gpBwxqA^(2^FeNyo0Z?o;>^JDUlNmNne$83>u^=iSf8p#9O
z$q3oH=9F?+e+H6nx-6n~KZ9o!<F8KyLf@&fgr<Sg>PJ%N)#$~|xXek&b89;LmNXfW
zpEhSACOoQoT)XCouI<d&<ll7kAc;El@;V$%#{vOe)0hG11eD)GF(CxyujK=9loKsP
zQ7uHpv!RXy<8ve-B*Fgd!>LTVk5t+un*`<0R79fP1Bk$$-nLxV)*F_1#@pm$j?0LY
zg@0B`Hv4yL)+t8?FWw#R(h8Vr)PIJlKS@y-{wq!zv6?F=!e;o``Jvz3qQsqdc`nGi
zX*YO+r<3ljW<mi;n_+X101>-u#;y1~-L5g=o?K^W5kuhGR$ySSg^j>>MG3mrDFT78
z=s4e>zF7$V7v?Y=6PE81Z?Vl~CW}T@wW)huP#*nfQ<1-iDLi%ITE`={dye70z5Cj8
zQQSq(An3%CS%a>@ys(??cXfLaWa6?^r$Kd9nPadSM8{o`2o($ni1>;<Jjz)UgL3Lc
z-6a3=`SJ^=C9T?TJtLyofBZb_y}~J+zf<B?Lm<eUvz2V0C||Nhp7Ey9VirkVdeD$I
zU}VqoX_p@qjcPXQL_dtvAgoKWyXSmTCi{MBRQ5!@6t>$Nty=`^jv6S}dPay$zYd9h
z>N=e7pVfuE7fd`RAMO@^RaGx_7*ZiO!vGDi#P56{Cb}dL<D9%TWwIjLRcj{H{A7Yl
zq=KaGfU~`u%M?z#u+Q<iv)+nDVypSR2tn<)c$)w%XL9(!3n#t>S;!PiCi}dedKgk(
zy!Q{EI=|wk0Ke!>tn}Nm2Xg4o(IrF#bwgtbwn?|wzvB#kR{uJ4Kw570R-OlLXLSVt
z)h>s^3j>xHpQgn#1^FCwu{x`DdCxd+Tz%(_jM5zYOBwgwa$+ws<fyS|!fVPF(B&x5
zXx`y0pm9ysd++q|<xSgL<b_>{(r2=h7TVV~54T0@eiW@^ryuEn7WLf7i}9_*y9}(E
zeCpTe&zcndGJgCwZ|Z7=#7T2C3CY)g5#>EFl*&$YXc!p%D)D`tDjKpBGa81M<<#t|
z;p-pDF(!s~QJf>{JD<?d8Cr@|*7G15(QJinQKxW6B`x2SVC(p%fLGQ~wY}RiS49TC
zl=aN<K96{r<`>f#tEM`?8FY8%9%AN5b*%oVJ?W`ev>qf3z5VDboD^}^LPb>Oy1M%_
zWmt)qlXEh6IfHgJQ*wLku0L%)IEs=nK-V5wa3iu7d;})5N+MDYEfBF~iyRz@Y6>V|
zrADFAskekT^3B|Db0RZB{0e!ktB&rFXX-BIL3LO7))E{UUxn41h8=>50(w6%^F0ZU
zPGVVSziIo!DVzcQ9k{eDl&#t5+ecRNdo`&s@ou+3)$f_>*Ol7*`aFMsRzjfgOo~5k
zA+F@d+Ca{7fhw-JA}9U{YrCv;FVU*HKbB65-?E?+rZ#^jYzMuGEh%!G5x4RB&R@bd
zfg*3+wTrM%aE|ldv~w(@Z6ggy6|+XzDqQB*QUehX5;~jXKL&OTQdb*h;erswhPo8Q
zz8)|qWF7b6XdrXVwF+%AuwQs_+5l{id+$p1P94K-LhP@+XG!nu!V7-<(~PpW&r%hq
z%bQial0UyI`5DTAP;PRt6l*I08WfjyW3A$=^<tfTWc)p{^<6w^YV~IwtAa1*IHz=a
zWY{8-ianZfryL`8%GOggz9P4f7lm(IaB9z)BTBLtqDBELs<TCj8!O?4lj)Zw&8xml
zJsz~7WPNFVtNo;!S--1Gnp7z*%T_AF^P2)k)5QSUbd;x<-Qul>PO3@00aB#f<I1n<
z!-019f$^sSJt2*|Xok?XMZLw$hE~>h+ljuE66=sP1p=wNz!z?w7#jP<G)udP3>|gm
zm7gJj2vnrAt;|m;Z&F-thTNmQ(8jH=RqO#XlxrxCi`N5Lt^um+o``-<MRUTWP_0mj
zj4<5z&a<w`;5E#$EN+VO&jMs-OLU69ON92^GpveF$T~P1P1rm022GsJRB53t7dLz`
zKx;{JB_C+g8ghDZrlI4%O#^yjAn%&c`|R@2RK+oTbnBs)oTML(Q;xGiD)z@2Q4=`I
zsV@8v7$Rv}ATm?B8~f$x&blc@?cTFwt%BdSp#JZcT7KR{t+-fLsnIb8N;Kawo`N%}
z$EgaQ`V<Tx;i=5y>F`N~MLcn-ez*TM`$g9RTIT1_`i%U!5nU-lLI<5nY~lQ@_W5Qk
zYA-DhV~6NUL$yozO2e=#`)Y1k0C$%Gp6I=oninfv9;Wm-W1sP?nb~FH#6ETVl^vv}
zV%T%y#AVo1#<n+2)No|bR=qjg=e;*W<og`2vSx!4qxt-O^?u`NE%^!3_S+Ti2X*$k
z+nC2SdvfS?*jon{qP4F9H{{)GgTT6F|A5A$nk&E);KBAu3^RP>rFj;u?uGyH=Eo_B
zIZ*3v1NT2D^yHp{wAhmC;CgT-bNKpG+A3`A33VM9!+$92BdS^pZ~8uhc17U<U!U!C
zeOc%|zj|4+`uR3uPS=!+mg#QONM!7_09D-A(;hUT6iZyA<+5y_i-lN<)1Lk9D@aeo
zfGaopxLv>CqyDXJClf<zmk~(}MPAyNPcpD-(Ot7rD`@$uGKIG|+h&1rHK_6NMFqNa
zd<}4|3f*g&<@c^LdTC4PGMaL~_Ut^TO$BzgSPgi0LJhnYD_&go3~F#!ef}CvJsZMq
z+nlnhmx{@89#CHjCFAeL3(FkVJ~bA8SF1M-50LVsty|7iB~&tMi`fLQGhfWV>P)_<
z^4lrnNWsx63Z~cF{C!-~7t)M(v*U`qRnAp{&dyav5Huj@L?oU>xsE4@5VGU$n;mXx
z9>el|L<go_mc)<p+V!ZlW3w3A-svnW;P51ai+>%`1eSJbl+=GFmioz5uC-i;oVvP<
zBCZ?T&?lF=QX-+&kCKA>C(d>$P@%7DNl@<{T%GHbn=sR^N#clWw}Nn$i9@?O=;{c*
zF?e6V`24~Jjy&`<QjK1HzIyD+%HVJRk*;rwvY8#tANI5|dwKoDKN^x}+$FJcHB#mL
zY}@v6B&!C={C5@JC;^J#O)r(4>Wh~8v<}s{@3)}wfmGA}iFk`6w%07%E-`%MRm;LX
zG;76m%F3t7i+$g%f()5VPHzTGS!-6ipotSIvvjs3>}ii7=lq#&_lG#31SD0woRYPq
zh_uTOIdHzc)-N%aq}RJI`5;7K#;T=I*G`X_Vbq@4d&@HU*(@L9?d?#%m5(V};x_{V
zeC#`EBZ+=`MKEz-c$9k1g?V`}`^GOssca0a?<kVUueDrf289c$UkKF3I>G`%2F@`h
zz8E&XAnpZ_@bf1Q9U1f_=B-sq7dj>S`DZNp%=j(bP73Z?cS0r|Yr(+r_}2?>S_|0l
zk`hkP>DZ~`SJnhh=!Es$+UrW0cb+V%={ne9t1dnz87t{RJp5VBJB=R~oI2Tabt>;i
zuD87@g;h!T%nMCBfu<uOe6UX^ops;bI^#Y%HiC)3Zna<??mxGp*C^HZV-Iog0a^oy
zvT<n@f8GslwMU6H)5*&h-jv%#oolmBoxIQHot8PT2+MIafV3YFp0H*UEIq}!xPBjU
zP^<JnP@?$T^Rv@9|JV0bbA(#QfF57Goy%$|cteH<Rl1G8Qxxw<UQ_s;5w-<jRFjap
zw@jNa>skZVF*zLJl44VG1rP9M^<j6f_$Kq=BP|c3djXS1t#X=EHX~Ut)7H$faSNd<
zk*t8LLpM3$KSK>V`OQOBDjN!<Qvj4+5Y@26_?PWduenK`{UhyL{R+lk?UflH{qCs2
zqlFB<H&|;V)s=h&ZNXqT`a*I2vc79hF$CM$KRY3SAF23|Nr<PUql}}Zqui-Q#_}Q;
zd$jp#_VYW1qPj_@q5Y?=p&Nhfp}}g_Y#)}&bf()Ixz+m}pFn{Dnc@~U0LSl%n4N?}
zLN4TFyrW$zKFH{}iXC-N_u?C*A$AGy$>lqa9C!d-@;zb`ZYXhwPic3zy9yRbj+YES
zW#u~*LUiekH4wC-gPrk0$IG~G(s<8rqy%=pk@f{Bol#OVefs`;u2bB{)(ZZeYL4Gr
zgy9~hAkVVyKY0oPO)4n<_#0{8Y?!%4lT0mYLfAJ7myBvBsKd>(@E*{1WM$1THTrUQ
z&AwtG25)jpjDP03z}j1OSW<Y)_hs|jc7a>IZ~RC-(=&ii+7!G`b8Q4)i|{%LON;P=
zd)5k%uU%-Qjknuxf%-c-8JN>Obh^m)&%U;P9AEQu`Z@kIh8UNAKPxS_zi`lQ30{;l
zA8+6LC3J27h@5dB1Rd@`h$0$a`?I#g;owL|v|pvE5aI=|F753IArdhM&x9#`2cQ23
zOPsVcF9-5EZU<QnGq8lR`FPgrS*fEYhd84d@^iFg36#X?V43Rq2!MVNUZR8J5JA%%
z7_S^2lo?=te{?e*_z$617m)logDc1cE}RaQa~~TB^mAFifcOxN_JCZ7QwBkeqBr5d
ztgf?Rke^4}!Nz<L7tHUkTn-SzDh(5P6uokor9pvrWnBn71G-g1fbEZE7Y<}%L@?~j
z>tx{4DSHU;;6KQnv$MmSRvivDI%J1IW27SwOYH$jaDOMs-3=Lr&lRCHsh2eobc=>(
zAK;1yHF(rlkn{?b=ck|FG9K<1DE78C%&!fv9L8GV_;3ocn$3*|a{Gt-cn`sc`^}Eo
zhx>th;q49n*^f|<8Tb3=ryZjY@TMu9gN;(JVbH<>6?`(MWOL(rGOiD#)S>y{k(!19
zFZOzMwJxpX*~iX<@!7}m6;Eg9S67ghb$8h9&+zA`gCs84nZZT?aO#ES3Nn(%SP`pB
zy|ZDEy6g~Q`Ao)m1yM&AtLfbB2Z6#;BY<Kj+7z&tYrnK-fcqV&AH+Mv_`vTHMFv}N
z+S}YHholXHFj*)rAxjQIuUnfqhu*t)MFSa5H4iqL4`|?bnIX?Up4EZC7gLHb;8e1!
z$NolV`e8TdgmWeUm}XkQ@VsWK!}zT4_6i@mnvUlusoWgkPGAC%40Y^b=_VKnF6#Ad
z*ZAf8Xt_<=YlO4t{OiWKVc2OG^+g?R{yn-dJ2gHi|L@o1{c-6EG7eONkyj-HfzAwY
z(NiNFD1U_})FagL3L?({y)RMU-7si<ZeI_124szbAnH(lB}TZrCkymG00XY=o!<)r
zZs=@n^giWYK@PKLcQ^k3aUKJ$a6y~dQh+C;dmG|%P!A9-{QPyB_^r=l_^Rxe(ZC<l
zFvAaQBOsvA80dD49zK|&1k2gegH1d%?`~`<Lht1~t{j{MA3S1PHKF`{+|YaMSAW7@
z{ULXTdemb=J?K+_B^uDB%4FatN+nolMK8z@Qhwo()z0)x=Def<Gpw)TfqLlwyn-~n
z`m<(s<zUAIUrZeXEs*bRtS3IVXN`cO_O95KD%+Po!3=eVS0HhzigFjj+$t>3mjvdf
zTmGDT-?#oi+RV0y=U{ZiqE~H!A%H5kzTPK?w4jiC^VGrKDb?HX5Mxy*vn{C2zxs=N
zeKVGi&?F(u<_T%yMP&)%$x+R}j`k-*-?s*uHNSZdvJw$f_$Y;h7`N^*Vj6=rF)$%(
zuK;$Ib+8CqB;|zg@+O2}+6;daC@x3B%o`!leek5%TTF;DW67Ste`0fP5legyal*Na
zPhhEIfv#FX6TDUGSO$lG%Z_Q^q29$`oF<(Ppe@T^Ig^dhVx?hNXz=DHXOWSy5cSji
zC>5mL3_(>E9GU(1Dsb|e_4w?nyj;<PxIY<%e}6n3`|V>Vo0qBb(VxG?20Bs}${#-Q
zRLWE_Cef``(1!4uN0;;NrHDTqlbzPxY`yo;PI=hU+8PqK-n%V&nEeJ*7CtbGKvyN`
z%l{&<Y$bysx*+m*(4Y>tij&`Y@9*HphPX^Wkxud2jUO!EGsFnN2GK6cO;BWCq4bKI
zp}&`b%`|p}`Onxe{cpoYbx8);_88ja!tY1&@Kc=|higs>2#76xY;<6Vwri`7y(A~u
z&nO1iRwL;3i)9a(>F^(3&nP$PubEu=U_M?T0%ORnG!UU=N?ZGq#L<`gnuLQbyAw@B
zSL%pm6WYnEnT>Mee8ytJ0vDJ>oXiq-C;mGWQvXYDKJPa(5P=_l;kLuRxlGx`1Ve-^
z>x4it4?9<W01>o0|3NX|=Q`Aj<br<vAuxj>c5RKmTJ~1J31En+&qfe<0O*a2e<wT`
z^vfr$4M3KdGbD`$L<r-Ukpd#Tbloo-i$B~`JYinE7!4SAhq$(be#K>#KVmNPHGF{~
zQuuGSf_@dg2;Y%hXc%?E<3YbRmRc@IrZZiCkHZjAv3r(a)DD7AnBP2(v4n3OK3jYR
zBDkER%;rf>=wIk$p*Do74puy3zE@z*;5XW5&nMIDnXI`l7J9@i1@gu}Vp_4gdfbsr
zza<zuWzWz1XWY%O@lKJu<(}kX(Zl`KL8e4*Kv&`c3{k~S{dHxJ3Wk-@r1~Yv#R9z>
z5J5NVb&refUzbf<so6$&9+Vc0#qF#}-#s!1tv|i)!`ix!xQ?e>bM9u2TSfMTiUJCk
z2W5?V55TyJ4Hx`@V+9?;^Yj%P5-mo(MSh~d+i|^gPXpdM+PxLs{pEqWm;4U$1$gds
zF?r?zv+LNojRJJIz*<Pbt!*0pfFRKQdkFHn4FnbPW%;hf)AH=w2k?q_v%BEMWDW_8
z;bJoL2b}U^Qf>|Q$+Kizkf_7usS*P$=+cDcY5AZScd0V|A2t<V8!Q{hA-?P4M39f~
z)#y7k%u^3M4-8(b3aIp?!U@5xb^lPn5o_u=9o*Go1t}L_Cp|3>-UTyN$ueF{S}qOr
z@!sHX=e*VHJ5DI~w8XF49ZTTqn1i&DLs-1V-a&+~N%{cmlck$EO_mgtkV;s&YX|oZ
zGXVTyGJ*RECFZrSSv|Lo>jC;m5Ad*B58z~}d?!bBY4l?9Un7&}0fB@;;ysFvXUQe~
zJ4p2D0R`kEM+zDQ87OrzIr&G$v!t9gkf6(`JkVni_?4oATWA6u;`*&B)B`N?c`FAk
zZ2n?$gIT77K$gM5u?q?Op}98N^B|}xF37`o5Vq!7@`&K!d2r{?+o4gX&<`kM78wLg
z)U@{jQYk4(AZEBpTRAT}V?iFz`0&@5#`^si({f7qC(nZjW37wWshU?8S4X%ubI_H9
z2LTHIL6!Au55T`>?Q+thlL-uc8Q|K=@tzYN0=%XU?c@-gz%)D$W=hyDR3L79-GJhQ
zcUApZPJ;kBk58IM!qNdAUG1MKs;j1Gz!86VZ9h~-dem9biQ%Mf<!q6hd0I|<mg^vR
zA?pLY_`h~z=<ns*QE%>a<Y~EO3IJy~re&{4MNWA}dz{y(4FOIT)jO^yk%>C$Z9;^=
zQ1=il2#ewGKo9M_cWJxV+|?J8^)@mc++}G#9oJ8Qy&eE-Y5@EsWD-^biEmx&P@90?
z%I#eNMS54@w<P7T8V?1}66XL?@TK9gV_r(z1Og;|@pYK`UXJf<=4AH04%2J1TtLT8
zQc0*sxj*}MPBdNa6R7JD2jW}z=yW-`W!4Hm0gVQESP#6YZste<;9{FO$`!BSEE)Mu
z)S+?x7Xw^N&V&T6Wx4nVzeSvSF=ki02ELS!!y8rB;cliY&&DNbJ#e?m16YmDOUXqn
z+*jxITM81ycRA$|bY8O!_ePUUIe22en7k9~@8dnE-OkBv2=#lJe=(j@ym}mYF@}F1
z0suk<pdeVrYfRBJFD9eVUPtEX(_hz)`faHU_({d?xJvuJAh@idKLmb4L<kutt=NY@
za+APn#FCysurIH1VSoLF2Oh=Tk@Q!xAD|nm{%j1=rRcc+H-rqy&e{p~$TX&QY4(VH
zopPeh!k!1660buQE@$m&3Dri2%&%96dLWVr9eQy2yLJO8+1NjUbx9rtJQ;YP8-oDW
z=9WGHZ*%EZPJRjvIHS4yN5|X?u7{`PElFII2gcLz#pK?`YZOTv;d$KvOTHIiH^8Us
zA#O9L6p^TdKrcVg!xhE68<1z_740$jAGYf?FH{OiPCXBj^O(S1ggW#cbKe^dJWITb
zhCC0>XJ6-enb;Z%Siw*ar=y;Qct-K+deZY?A2paMC|74QCunG(ukoI`AAs}|yTqq#
zJICQC-H`XlMeJS+IppIpB;3PjW$a=ySeU3IDe?Zn^Wdg(_Ht6S{<Xs-&~QeMSC31F
zhGl>dSn%<~0Dux#qXz(-&=~@t?T=lk-1)u^P{^+qT0t~}tsK$32+xDL_xG=pWP0fK
zz^-#8n0aEu5rKIp0JP-+kKG?Vaqv8c);k0HGNUZVwj4Y+LhARf`JZ?5ER~uaH=0_W
zVWB0g#mMHK>nXs)tFACB-$HatAg%=VW7ej#At6(}Fh7JU_(WM?$O8{GDz8Os$~@fc
zT~L4$-TTA#Lv5b>_o_6h*-5OP(Rde2E6&0Z0&Xx{Xs)!cKkW2}NJPumLxi4jSj)32
zO`>Qqav|mR_Di%JY@;S+a)YGCdwgTeAvq7UM9lQi-jlbt<#5vKeC1KXO~JARiK6I(
zKhf;N{o<oRUUTLm7d6BJ8S;L1&K|A@n-TS>up{zvBGKwEijDV%%ClR08H}oVS=)!k
zKC9;WszFc^Qjy@WdwUDVdE1}dv5QNj$J}`Y(G5*H^48WmUEK@~T!zgjQyR9#1C~Bi
z?>Fm0>%)8~uX(a;1xWJsN9I59e3(excN4JT1^W`q<O8S>k0eTmetmEeypw0sx$6qW
z%CKd|#iC+gC!)x{=}Ak_yS($2LT2b>nXm7!@LO{tl<#wqN)-?-BPulLPG^}Ro;B)E
z7uT8g^Zb)RjJ7#NVJpkb+w(My%YIw%=}SS!m%;Gg>O#VOqRE{Il~_UCdw=>qQC$FQ
zQPjSe10u_cF50~bnF;lj8N#WI5#M_0-kj;f1A^b1oj`>%K5QY26J3w^w=!<~XuARd
z?>;UThlcJYaq_3V|ATn*s_S+pH%yY_vh!(>J`DP?hk@JYN&vhK@YeTW6Wzwi(}I7{
zr-6=HI82qcj%05(Rmyt^&=@_r(^B>y?n4wSZ2l6xVNJq_yAYHSea;t=cEsY4CeLia
z{MVY~B}{#qYaGXoIq$%FCDl)qnC1@lM&H7`A>cflg(f3}(y!e!X8?_Zp!q$%h{h-G
z@3g2;uf3LkT}dEIzSBQMeXA(Tt`)Qfm{S6sR|zm;;l$7&ZNm;#q*?fOWD`h7`Rr!%
zGNy!TYGbQw{}Dh2mF<_HRE7uk8Y4oGWW<VRivYK-&mZfj-!Okd<tfl53Hg|MGy7)6
z-y{=%NV$4a-=f=z*KJ4V?b^QOfvnlwy+!i-8xAFBA_Wu-G_fbdWTBRXFT^JOw;rNf
z&*dpIHMuhmTZ6MlIt<ZSh&N-~Bgk(>i4{S(mNOFLK8*<iyELghF|;GwWM_lq7^%x9
zT`?8H6d}k}@v!fBJp}oYzt9#tc{GV6rH`KQ?%zr?OmiJ_0TI13R%=_?uJwgu%-;ok
zoBpJf6+O|iJ|OmG*J`uS-@j!mhU%!yVXo|#!{?G{qIl~DdEOZpQxi;aHtxW<pH4QH
z#nQKJHJ`gOIb+ow>U82yyKJML^L1!Z)E^?<>)Dgy=o@ICek68&FRQ<>^?4^JCBW+T
zDxLG03)KcOf%vx;F+G9ra#8GD<}ud~UQ?p0gMXs=<7LGNo#^A6-+!WBzoWqqRHjW1
zRKz5fEK@E~76=04_J8p0C9(X=sGxclbv-Z{T@~RfnH?sHfo(pQ_%DK(^as$p`hCKM
z%KMCb@l=~&|4r(vYsp9VZ%RLy$9?7m)som;YIz(i9KzC$A|I3&j+`2@H2NLdTDsa@
z@WKnz54qm<qdt224@>uA8#BvHj%;IEQwQu4$FNB>PTbs{w<z5kH7Gxqllm@XKQ}yn
z>y$U{*O{lBFyW@|;1A+5-0`1fwywIsQK|&1eo!6f1^ql|+i9-G9qV=A1xi{A8nLKH
zEnt@IZH3N4SwF9`g4P#W_L>=dO0V?yh~Ye-m&bX~sDrqp8JB1W^W-KI_T=XNZS1qf
z=`q6V^WZlOke0V%$_DC$#)bZ2DKK{ftXI<OP*Zgsya7}37;<2kJ$u&n%PD!j^J)_U
z@s8j@Sp|aX7FGSsp0y+B{AbV}&QQF%iA4;^GHR}sBeC}prD7-eIp>PAuHP_n6E#FA
ze_#Rz$s>n^<jc=KE8wN}B$K>ZBHQ)lU&cu=rj{3VaSg`DN1rhW+qr41R~Gn@98a8`
z?j@7vgqN20>!m{WnvNQN&CS>HD2{>v&3`W%uIBsq%Vm%6odmJ}v=HH_%{S<3zFMXU
zI{<5}7$+#QQSHKvnt0wkknKIjQXR>;IP;`!Oo@B$;_9pwENP1IZeMu-T=p^y>{KU9
zf?Ln#ZcPBmSXD_`Ay!fOE=4zP6}V9Lqvt#seaG2;#KknP>#71GdB69&0pphn#F3%e
zId?><{;O79vi(%Qv5!m({=ECnSH)S*QN^c<%JGq~>Y^H0^4EkB=ZFrRT*0fS*YiIB
zS3s!0puBNVg)sW_sWBvl6g3ioX*ey~Tvqht8ClUld(jwL)SEY3C4?o(h`QjZOhi6%
zn{c|hLVki)lb;aAp<tX4Aj-?8Y%;tABHJcJ@&ySze3R=SACNk-XdOhZ3>WS-KMUZv
zUs2L$K4ShzS^lpyUx*;tSWZ8y9%rx5bU6UO=^d)uq2uuOvUV!Hz2rB)K6>=)BZf2|
z!<&=HuQ6jsr;dItErt9FW>=bNRd_SQlL7s5?dn^oDL<w$XDv)gQOY;+_Vl#9730MA
zhK))cGIrF!5u}AMU4ZZD2a%kvT8zGw#`M@&IB9Gy_-}~F=CgWS;Z67a-g*_A3QUP7
zo8q7<vv|!B+u2*X(SGFr-Mv$Ess7EzMH29x>f0LsJ)M)HJCRMc2#&K7*}?aAY9wc^
z0N!1p0?83XpU;rU=VgnoAV`UHQo>-qV=vT_6f)<m)nx8TJ$Wk@+9dz!UJ)8Ch>OBT
zcZ`)9-97Cdw3_-Yuu@i=dC>4YrM?znKX|4v?Ew7)H`yn@vyUd$v^_)o<*mV+N6^5N
zQ%1N>cEpVARFa`3#U}f3x;c0!lGV8a+p#<QqUaQHB|hScwF~a|`J4u{+r3Bl!c}yn
zZbQt=d_m6KlutNIm1(9uUby|6?o~?jCM6BFU4}tje0bBYzHl*^Wyb9!CDLGtYexDI
zj@@|T8gwJ==lsron%FyW%`_pY-ud2|*r^knc~wrUnV8j~8NLsh=F4S}ont)NIao2$
zbB!iew;`^Xm%R_H16p0i1X7apM3<Rnqb{4Yq)Rx6qGYJVv>jP)ayXHA<0H<~{nav=
zH)<f%nD9B79)m5<Fz8(<W|&q0XQUx2Z{leO)|Jz*LcbP?H&go{v>Cz}yW9%<{TSHn
z)8Wua7M{8eJsbfFsYFzoVmK4?H+W6R6B2oXH}5u>56m@~u4u+qnL5$e*4$_o(ym)8
z7z%dT*hQMC`8bn6)gj@AtQR!oLn7_#rhf$2-UQ0@m2RFjm+V?wrk*v=W7pO5C~y!D
z{4fzC2;J%t8JQ;6zt#zEg9e9&$@B%d+X=pK^+oo&y7us|=KkRL3B%?*3y}UeNdBZV
zSA|F<0P0%`)YNk+D#8oqkhH<PWkQHz_aikjZDF`9oSFa0r=#$aFKlx)=;#OgsJ<?e
z>D<CVPZ8r7|1Yy17n|>=!8Woo*tCPFANUDY=bzRby+PF~ia>8r+U?Dt^7UkVMUBAE
zRzV)#`w@x&<)_|YdSugO{K`O=7`k>M)J2-_Ym6!~>N*uMFIeBON&kkSv<$R8py=1P
zbzGF)0>WZnC#{D5p2>a(Fnm5#u}+|qMni@y`h{?-F7=s(9>9hQg9lUmHdF@7;I1h|
zmw~iliY{7-F1|v%<SxGId9i_2pq-rCS&Yd`>gsDJBQ~NeYE7Y}po(>*p8SZ}!ihoD
zdlxP1(4R~*z-7y%5EksOZBtyAgr>MIzcdqr{ndt=z9qYZA!|}Nv^YjMbND`7<AJ)j
zk->b%kaN)|(R)%P0E00A6w(3UhQa2NX%6BN&97?>miS0M=T9F(AbPm2r8=9pOhFve
z2j3MoZ>I|6Kt89?+u+?r%k)GA!r|#E9@8@CNtjp$fI}fAS)S6E;NeJz8(UNK;1w#6
zxW@{&koZgL$Lrikh&HImSxj?wL(W`Mk>3jUSlI3qZ2m~*6pVazcsYC(YX7RC@~b3<
zyK7s6<r#D}-)qS(UXds}LbW0E;`LBL1l%xxNB)V(7HaNnz*)nY+MKX(cb6>u#<Y5z
zwFP4IMpDG7Oppiau%F4o_;iZNs~Tl-rnJI<bc*DYg%?<XE8S4t>S8}f`!D5AGzMrM
zb`7w0x&_uwhZ!pua`b=saiPzl7(0}=OwpUBgp*@-6-keexML*zu^X9maOiW^I$*yP
zYs;r>X-U_|wSOyImo<qLh%?_2s%Q98lP!`vH9d?=tx1SgIz%&e`jFExEgLq~p+>;k
zL|8v7jJyZu+@#jr<mC~kp?>mBlBM+`Fxbj5`JxpA5n}UM@s4nFZp$?cif_$F<xV_W
zG?J_z834~o8?7awLuU45Uy|5KW113!oAglp-B~kr0)&Y~6=j7K@<A7k#;{$4Yy=R^
z*@ok`f$2aDp19=mDaq`-jkt^Ftu%aoP(laUse63t#8B2;YC7R&-qJ4wP-2pZ5~mHL
zD3M?{-<>xiIkFltWK$j!CRx`ls!5MPJ!~T#a2pxcLEJy0II19cCx&z4Vx#$iF7r+D
zHR(fVvI@VYra3k5C2PL3YV*x%*qisF&0lISHlM(nfAE}I^MC3xeQRLzahyuq?+&%M
zU2t8k?LVvA+dkMH+a4vg9n0FD;;QYf)v;|}t?f#(w!5je{jsd=d9>}D?Zmd@S=-*O
z+8zgAON}xKWd7^4QNwmo<{&Kw8+M5Dh|!#`m)f6J&EEdYw0(;-_Gel9&$qd5Q*Hm{
zYB=^zT<Qp?Zd7I6fW{R~o{}}$oHnVKnv7sg7PfZL<PXp!;U$7f^tz1saIpCZ6eHo4
zy<<0Kq`2tDtFoE@wH<cj{dSJsc*#XKGBPL-C|rs_;I-;<AOJNZqravC&-83FWEXPb
z44|3YQGll3d;o@YBZmUCFb2@{u)Bvl-hWR3Q!CPfC5~DgxTyPqRCf)id%h=ihm*Qt
znspf$s&XE+@{`m`AhgoLlUDY=QxE7TmP_sLNfU2KO(3AzpY1^tuhS;tJ!~RaIf`MP
zG~q*==;C1$N23&@@bjdJ&)>!-5<F~ThSUVY{bf5mXrklWo>5bkN7P-c9<2_I<n)d6
zr1~@ISUox9Ta!aRwK9kY+1hpAas0-SqX(yr7y|dH+5Gll&qP|am(G03-@U*`941`j
z2Y(ghAP-p#S`Yxyq$^@4Z-$H73X+iw6U@wqL#OCAWT)sxk^d)W-_(uC=2GZ?rcjZ<
zkmVE3Z+m^nfI%Y$jvL2sN*l@kipb$31b*}2MT6e`^6xr(jGCSN-E*`X{@5XTn<#9M
zHj7JbGaO28PVKvTLF!-kIjEJ$onpn6oGRv6#n(%%7|c2&vhDsmb9hTal4$8{X+2Z8
z_YMG~Jegs<WI=bZ5a7?m&<<n`zeEX2H)k)AgCq7>gHxD&CbPS?<roIVg?8Yha&%cM
zP*i3a!*cK+OE<iRNH<u}Y$Q&jHCn#GRuV0f1l~djqO$-aqn1EuAB7t)AuUE^1VmAl
z6sTdj%{UwrHQv*_)e3D~K)~3u4Q}e;TXZfA-lvfk?W<|Du)*k`;LQj5oU2tpt<-8O
zl1O|+Hs9a`IgNdyQgowdBQd1tQg^4s=}zp4&)kzbK#p&3#p|{nF=*}^8XPs`ob&B!
z>JZ?U7H-h&OtkdU##`#dZUxGXkN8t;GhX*oFQ3?HH-VVrE1uG2%z#94Dx}0W*c)#?
zlJ+fVuKt=G!9jz&NrP#1jhX_&9{~n(JfP+!MWHX?E%cT`IGjxf9s&kAe1VU~54kZg
zHXPI$y)|Haq6sjXM`-j8^CQkeD=Jrzc_ARP!7nfg5jY9qvPsB^&&*CuWcpSZ|89fk
zhM~a`L(W+kzt%skp+S?ANcb?(Qq8bs<dAXW29lXij5tNod<_vri4~8ej*rjcVaPf0
z=G|$VVaPWvbjaDH`ZPVSDdA1|0Wj>Mv0(46953*bP`JZky#92&)8CJz<K->$nDtz5
z4LMl*!?-6BsnxOurR(-<V7*g27|m%Qi|6bFJ#IW9Io~e1_$O(829ykuZ3KXyi|XTa
z0R0;+YY<?YFDEv+%x^4|%=q(k8P8UN{{G45Jn-dB4>YJ)JxumRA{vWk{N9GBLq=V~
zJzjItsOxl(NZ7t0PB)rW4{!ScXLK|BG$JCkFX>h=>7l_K7X)2gM*i+*j%!5L^Ohm%
zN@{2FuhA^%0;uVsF2Gw?jRP~TBwaOc!hL`*V**4D;>`d!r*tMG%nczMOb8z(q~*e0
zgBC=a7so;9c#;FtWi<apl@d!}E)q2*BmwtQm<ku11y575L3pDtQ8fHUPJ=HzG;nJ4
z)NP0h?K?A$8q*|!!f1OWT|4hqpystj>>+F@ESXo62wb=X1X~pv%scQ;OU!l9jaA~!
zC7XfiZHMW}qRSZdf6RRecvQvG=$R}q1i}PJWFRa75(u&-NF)KG3F{e{KoG<TC_xs3
zvP77H2nc~B!Z?he0^$lPDtcYes|d)F07(Eh5QVS^0a?y4hD8*@I<Kp$&zW;(CNc8=
z?|tunUNWbvy1S~E>gw+5s+(?im8;8w>CFVE`6f&sm3>zp?1~I8t|h6~#7mx~pgdco
zmS<1z$xx|lX4@&Yoe}Lb&~%6mt%um&%N*h*+*q-LRJNR`E1DI#rV~q3u~#<vk!x)g
zxpsNuNe^>euGz=)E-)C4a4uezC`<G&$_6d-m0t~NS=*U(d%67D3gRm@-sK~<a=paX
z2AIR07pufpxLRyka1N(v<W<xb|MKdk4u0g7hHshG`^YAjF|Ww0IOH_STV6d>rM#*W
zVvRNF_9*gd!c<!7nY?05oAjmymuJji9m#~&GissrH87mKNF}rysfE@QWLV}GmT4*O
zTQ7deuYbgxxTL$0R}Ho)@@nO_s^k@uKk}S(w$xQGuU-khTX{9Jz^}ZTw$&rAu58uF
zE14+EATGC*_eB32@@wVPyOdx5UT$@zKFsf|l3VAN{!6*_e06eb&lD!N#^0p*<0nXi
zwG{|0iG&uY&*HcN-I&~B3Z!94y{m4ws}tLWj(oXVE3_@3q+iTvA-KM*iGttZaw6Y6
z;IpEM|E+;`uVZ|`^#q(!W2ld}1u~<@BRn=9_MynC5KD{E@S(IsehOrCg~{W?<StH2
zx?t(kC%0D@A?NZSd(a>Bkn5u5G=v|ilED%<BCDU#LN3?!H8dsOSFqMAXMerOeP}Y8
zB746AviC9O<@9AMM!n0>XEoisf8IgfZGn;^C44D2m?3}XrD{6=`=?pwzr!$muYR3b
z7w|kecNv~991+y#3kTVk?**=N>mQgUjk4U-WVz-)ORWmb(v-3|HCfL1&oYFvoLh=n
z4r#I+&}30~F%U0bQI=v&mLgahHAm#1RL~K5y3}h#3&HtTg}QwdGKRXa%uFh?NK@uk
zpEAo`a+%V@tjzr`?<Y?^|Bw+%0ioj`-Uurdgbx5=kq<(aLUsWlJX+zmTkVLI{LuP%
zLF)Adya-F~55MEsZ*6&>otMi?fbv$K_pUJDf{YLj2v=Cit_NMouDQ+@Y*@Rj&c^Vk
zldFTPy{nxw1U|+(1L4m|=PgE$YnbzI_+xfnfImTU^btOCcM0;Dqo0x6a8fh8z=A0z
z{au%AB!0M0vGg%YQJF0~7za4Ue;9@nRtDER*Id_ZSB|Tr>t47W3P6NX=|;#&x6A0d
zhu=eNp^!G+zGkVxD(b2cL^)YR8E$dk7^5O$Fejp|OeRmipQqQqkFGZ~@hrr=KVs1`
zfg4r}-bQ@$qu2uRPAncDwr(#UA3h2NKX<QyR%!LO*Aeh2^43t<R0H*psbi;rX-G**
zl>ElsI-J5DInYk$1Q_3Ebr5`wkW-nYVs(odqE5`Bw*w@rpAzV-PSPz7XHsidEErgL
zhG88XhOGqGDmHaumQ=fFyh*0Z8y~{^FxkG#^f=uGos4fQXzjORZNKu^9}u+03~hEq
zdWun>HwTO-e$|2eKW!rU-!I;sl3!uSKhFqK#UHUhooKSpiyCb28>7d=0bGUK(ki^N
z9X9eud*QM<^mFzl_3SJN+-m?d^gYt+=`EN5GP0JP0M=N2%(^qOjhzvVLqH+0otM7s
zqB>AFCtb950$crYeZYh&&XiPYSdz_}!U>wD@2g7JM<D-RsJ8Xi<0YRooAtPB?LY7r
zN&H=Ci~Q}`gZ%x(zNAr|y!hKZM8jW7Rs8+j*^9q>{qg7O<A=FVApT+X%>9>`dy6%;
z>qDO?PX-!y>YLilwtu$%H%e*gX#F3g3WF3Sm5t)@f4it|Cyi3kC^<UPHymL|7e0Oc
z-cPdeDcT3H)gAVOsIb{?!p&kB=_Its7l)zoM!)#0t`4M+^<gq5JIk!QfcKv_;SR0@
zQ^%#Gn9y*i<hh4YQ2-wdhDQqFrF^uB=?2)Y{DhQEiO_@R5(O#pW96CDdsRMl+Axmw
zLcVt+*5HlQbK~fVNWaeTM5M3heaM18=y>#|VMFf#v9uJ8fqE@+|CHyhV_0Mj5HRdO
zOQz(G>$Q<>?A+(jn09+0iLHKVB(^59kvC~-NlH_Te20=B9iW~dfjEXD1!rggNj~HD
zU@9UYO>yZlaq_gWY@m6{DA!D~U@W7#;M@b}wD6?mkjeHv6T#A*{=ovtI<P`4><Ctm
z&?1KXchCp|TcxLHe?)?N-<~5RL&0J=NG<r;5-OdXMW&TA5p_VA=0Fs#yVvaHW>8)N
zo^@pow;U>W^$--JAkRBKk-vQMSPTy*;|WnZTG>R9g}GF}w?C`k_I^#Fe-iL^Y2ovz
z-89vywVQkJbodZ7$(&j0Cb=EM_JJz|x#_t#l|_S;rhj7Ew8^~LEmQnV{YNoluR7LP
zx$6fG@^t+S3+wvna{f-vpgV52+`p|=l{{;iz)G8;+_Rwx1DPH!*aZVov1)cC+|!!g
z${XRC{A{p#m^%xUqJ*vhV2xI%Ga2w0rHe}=ph>0`RBPYy8i|qsGZQ5aFAa{HUeuOO
z4+0GiEZFEpj$WGn2nms=9--$q0UeYVIgjw9i}$wWluTfh_{OhF#PRwU+b0(MY|S)*
zVxZkT_<6<Y2;KfW?X~o@e&2Y%2Ja|Wi~;usqX8Hwzax(2ejeh;3PWvNo=xve?K8-*
zvGGB=EVT(_t)vg9(Onjm#NUE>N|hbW6bgc(RPiT%%SknR^zSCJffbK7*zQ5U(FQGD
zSm%A2hvWGk&24EzxQBHle6%5%N{atkdSxg)vH;ZzC?}J%v?yBsSHkU6==7*0G~WWg
zahom~IzlmIqPIPShNWGU6)rpgU>X-FTx>8$P4T!D3gFk#de5uYQ_|Q@ex_x?g)o8W
zvJYUY*MKaq9!{^an}2MX#Jd@Hh>h0PpqoE?tQkJIO9b0F5zaC}k2(vS9ZlU1hHz#_
z!h;_ru!1{H`7}X5KQK({xLPUthI=Qbh~rY(!e5#pChashU<R7)lM)Bn`?3b-7BXM%
zLNn7J`xTs?_ZWFLvgbtcgAi;5#t<^5+|z6hkOu=id`W$;1{@t5-Aqsl9|HAnt53Sm
zmKHGhoYL%x7u>1tUC!QY;xc}~EGiMq+v0yt&AX*DEZ@Nf>gpCa5V8Z<A4A{WV&2{W
z521b<AB@!AeOD$APF2NfXiQ`@rsmO57v_zG%Bw9sG`xk}wcyo5N_@8l4RK%;RYJzc
z55ym3`mmuTzAH)>b;se9EB6YxLQ=ljq<HZ!P(Mmd<MN})_+TefKT7BBg@SUipq^Ne
zNB@ERBIPIXGU%pK1TJC=c9H>6>D*t?zW=P$z5^Yb!%%C0ZnjQ-3quV$!$DUwqJvJq
zCoU81sfqYp-)w&t-1Hc6IE|1{6XoGZ#j#*K_%}$<-v%~8$$*7;y(Ok2IlAKsPQNG7
zBX(>TwG!vtr6$6*Xw<8~pGr|P91T6+No3Mjl58LaRMLmLo-rr6tzDG5Q73j=??Zzs
zK0l~Accs}b7?wnXZu~TpR{`_=SQu8!gT#)W#186phF3WMWuQ7!dbS^1h@RIhQ8o~j
z$jWF2bk1U+f<heWh8N$4n~I}c3q9>>r`2cu&}(o!jUKxufg_~mipAThLYmKP#C1@P
z`!aLqHV>!^)^-_&f;F(%K0OS~#?jW;kpChsV0WaI$z;6_Js=5mJ+Y9bne91=sfG;$
zM#k?EOLu?{nb&J!2<xsnk<bMZqa$%b?l3Gb67%-lqv~A;4N&9}oQK($Q^7DiL3j-R
z8{WGx`6OHN`dfZVsZ;q&tpRHj1m!~6fd|1C_#3=hf0HJcBNtQ2i@|8N4)W}QgGV*2
zV7y{HU`IZ`f4oQwTP9d+4@;yq?UK)^G8Ci*&`OcRhn1lqJwWgnB~v2yD7_<MBj`VK
zaT!e3SPv($FR%T})xOPjQI;gbhQ7@MG>r~T>_`~U6xuzwQB!R9OQIv(B<AgCPez;R
z13_(ZV{=1zU>G-&>x$d0Fg0&z3qMO791vl>aCn|+iBdlo?^=he2;7i;$@M0JEFd$?
zOrwTa!P^WZ(hoGjiFso)ZfB<+OctbDPhEB^+gVzvB`HPO(aMJ)Bb8@y{Lv9GAf0Hh
zT9H-LIz_P-_O$bXTX;CwXAaC%lV_%iew5yq;rtU3AM_wTz!HNo@nKKmaIHQ$l~n?*
zurig+;;~*%z&L@1rH^yZUO3^O22``#`y_A49S@GHFRS{6*?v5eSuybuPvQt|DgAjV
z*sMCJsoR|@h%)n#$OELqtofbEx2wRrU%~qV@Y>ymHR+!g#Pf~i1rcqJ+Pxt!h;S!U
z-O{^tcr$)jB(aqz<!ha2JB;fNO2dlyLX1D`YOlQaUym0z876nJO3m3tuW25Hr|b4d
z69?M+wo%05ci*B|EFEaKutfQIF=2QMA?0eZ&hns~#3t9L5j_N{LoaYoX>CUjWIezp
zj78}}{}x{7g^F&oEsW;CwR><5{PbP|3Kp#G)yFQlxqb?h0ENx($!scanmB2~<ngGZ
zirzYEIvcJ79Ua?v9*o*iF}wqZJ;iPP>8jmWmflzUw$Vjd8}())q>cOxD6iLo+Lj45
zRPsUu`2eFA<3$?zS`D<DzaMHQP>sFn8Vb(QA}+bj_(UoHkSzHj@!syRfh`8#Tujd!
z5JmeH`@@OcCCwcW=m{4=ptH2R9T~FnA);geXk&odI!146jXeM^>l_iUM_|K$(Di<L
zn8GB`xA)yINUwLg<Myu}7z#cLR5hbVmca1@n|;@2qRf6RP%X1p1cJ;~`k$KHGUi{m
zZGA?rbm!F?wC!s{<+ha{bp<WpD%dkod6jz0gL#!9*4buiJ~uq%U<>(q690cxxZT^D
z(~`~_>Ai4lq|Vt1Ohc=bwgsJZyK<mcqMu~F;+PD}_eEa94rz4++i4k<%=wi0^0Wlh
zyA}k&ZSX}`qW_wwL(O%S%$bz=t7%ko-=LFj-vRuV?q9d4=eTVV+Z{-stgJzc4oGiS
z%{=+{HHSjYU29VF4?|Sjq3VmTr4%3Eh!uZeMGcCdip6tpv8wag`{FB{dv2(2r$TTo
zY%MrnyNT;&U5g)YnOA4{S(8p;;$Tl=ns!Z^b5pe@P3ghbkV!YaS3fYOfOT{*fHQp-
z$LqIMMcfNG=g6n$1gyJ@r|!<$jP2Cx;pHTjF`}yVFqk{_L}6S4s8<-7SJ~R4L#5SH
zgMHxY2J*58%_+q#uR#}mm)1=9=aSQvl0mhS4!%-@lAqxvOO;c?ecrNJAMkxo<!3aU
zqifsS&-mE{NzYW@_y;ej)E)~{pPjodc=zlq{(?%6`n5C5x9clZ-O>ec&ao6{F!+f$
zh6i5%d?=n}rbF?##%%@XcdQ`iyO13&jGbHHpI6}XOZbJ3I{5P^=U7Od1^-OfDamZX
z=tDP(pxe8w{2CEIvYZ#85V+C8t8;vD?>r}$$!{d<u>9x<(+QtWxPWx-gzR%&vz=fa
z=7i@@uIF5H(2=Gq#0g%EoXb_DNyWWc83lrhe?$I0L0-K4w88j6<nl60dZ9O+bGE*x
zt$_Ee1D&s^i++m1$>S!qYv(G<3}a=w4Dur~SAuJ>>c-a97H*=!e`f^z6Q*u~+P$d-
zu~ToPw&0XqN+rq`M=;7f7eHCkAr6=p;d8%3?!E9@r<X8~k$tmY{8c<kk@d0cOtbDP
z%N_r-G~_&<ebDWV*vqt_gw8&Gnp;L**1Y^t@cSaL2Kfq`=;l^BbF;vuk=s<d3y%K4
z`-IuiY2;stf-8~ki@?ApCEIKdirqGv)WFrDNlbb>rDK_wJtU+sMZY-3lvMg$2IPT5
zK7N5z%T(Imv#RiIYUqj|5(VkVQf2PHTxHi-P0a*nHoiyv*LO%sCYmm~aP9r>f<M4V
zN}8?MWcwbyykCQx-n`N<k-Jlo+(x5da?Fd94j#PaPP5H3f+%Yb>Rc&pg{epGL+@IS
z;nCUBr;CHo^c+tlZQPx)_Uu|rE$JUCz~k?1^!{v4I%CLRium-37Ow9c&BLDp1v`1&
zr}2X89@Y3@TL`$+OFCmo2UW&)TzWJP9nPN-WnYbX*Mp{qESRgm)j9jwNtULhS4v$G
z%}_9mDR@AF&b0wXqX;jupBLq8Pf^UvkpydoD+I{E-)7JN>LuX_hqL(2=pm24+m;4>
zN&9aRq#A&w>+R@d0nhE#+RqnwtV5=rqP;eZ0@0lw25#8F_ed`QJKp3^1y00Yl??ZW
z;3ZXR8Xk6#5BWE7I>r~Kvh58VabT*U@9q*hREbtz)0fiQO!;(WL@z9)jDyPAU+!3_
z;L~_PJ{bZK9EspwIzRe4w7DUSiZ+BT!4eH&%gNt-*qexJXfPU_PY#ccGBhwVJ*NR2
z?!QU=!%fy5>G>zZnM(P16r4M~UJN_VdEQqk>3o?)4?kIanS3LJmdW(Z?VzncUqVwQ
zlMnZF817kK!+l_XSSIJ;qm+3wz>!0w=De*KfM9aR_LR?os7dc_@3u~Q&jj0+o#?rx
zL<(*SMh+>$yr0-^HNHZ<ADoe8)`6!+CVzf94$nu6#c_R7V3R5)70*54dJC9*_#|VJ
z>>^C|nZ~?%tf(Y7$~`^Ndw)4I3y*W5y!pq;0|Uz;j_aSo&jaTkg%W2pfy3YaBp2hc
zD7w$i&Q$V0c!uZikMdAC3;up?S!(V)y<lkq!w-k;+V$uQgZ$UrfFVqSTl)5TIex$>
zlsd<T2#Wt?*uCQnQQvC5220r#9Ss~Ppec>1d3ET#7hOUqPE?oh!Ob7quxXPnPaD`c
zW1UBi&;@Hc&<gTES{F^HTIs5qdE*)io`L5w6+VO&pi2Vsc0M{f2OY=10gX{w3f6>X
zUh6W^K15Fr%Oz`L#d*18jYL71bi#Vv^+Z~M+ZyR{UfvYGJ9@r5Xq=gUi$0G^!8|j)
z3!K-TbFI@LeBeRo!Vz8}LeVLty-za~5-5NlXlVpbk_&c$q}JMB^vD8jE!m^3^%5Nk
zuLq&K@?)nH6=}7p9;`aUS$^rxqbEH5JY#x<mqFc+T)9T@^3F^l*+MR)etOc6wz&Dp
z>b1p2e4BuM+8;{O-Sk$~sSB4T^NK-|Ns)jG-pXCWT@S&1EzS2KRnGU3y_wb$$1q)q
z@K1`X8Cad=pDu^1U{_!G$K=wx>bmN<YP*8rvn}2c^LF^|s%pGH5ThFJDAlD7Nu<tX
zOJAH}m~zjoZEnO<^iS%6<yol|&gz5tsL?k>*}ZUWF!#6LFWMiM#L`lHA!j=x6*gev
zOjjmu^1P2bDaP+G*$pQ906b^co9wf~lviXwh(#6k#Q5UeQ}YcQcKALY10U32HN<4z
zM8mYup&9Xb2^uz$tXo_CeZ?>>ygmCG9vwH)U|}U3Dl0fj`(dNmo+Gh=ZJDQ)PgnXH
zw)}3={b6eL7b+M7?Y+v)N%JLZOE96sZ~(R&(uff!+)(B5N8;i2AX|-}aP)CcY*l94
zY2C^IeX&AxCR9*p?QPaoz#?v9|3_!4h!N!+$;O6neL>~83|qpK5|6q*i7#|DAh;vE
z94#=+I)=AP)OeWkzR$0b|K}Ao@c+DA?f)4}-`m4^waV@D=da$q+viQsYurBHYr7k_
z&wnkxOSjL13Tm(wJ^R4jyM6xn0a8b&*HQd4^68SEX4_?gjyb@)g>}c=SE#9@AR<nz
zN#(LQj{Gls9O4A`SV@g8Y8t&>G;eb~`VN%aT(E|UwsYtTR~i63Q|y>1Y4ajg%f)f0
zYSh$GnwA59&Dd_X!%{>(wOW{9X-0mP&Cy0L#=l60M-IEvl@{|fSasQECsTX%*4L!H
z%rC3ki@LkL)^Sj9!xeYgPA&6Q?ey~VchOE23;(&DY`yNPogV5%?bNikI>dv=pE481
zznJZ_*iNnmptX6aJ=^KcixVtXrhxN}jrs|I1={eOG^#Wh4bixHnIa7+6p|r~jX_j+
zW&1!gJQSnLG$!NCw(BNanY402I4UDiw8nqf6FC$Wt0{5|&7roQ#K_QEe*6XhLLSY{
zj)a)v9`YIGSvWLrh=C;;6{em8jE4LzsFM}Z&a22s=5JaSGVli3lvj%GgEHV@(5D4A
z-0<e5qmuFlr5N%Dz!hlT4n4UtvK^F$_GBwHhV}6@k79inCbfQ#?raseqvX-Fgf&=a
z#k`1IH!(phH4;v0e0tTrrSi0tZ3s)bWN5&>ErE@w*2U5X`{-uZNJDd0Q&JeCG#X)3
zoxuISU^BPw(aewSUI@3{Gis>@?G|dH_Ld!{270?o<@SQHS`VY^_Nhz;k2di&86@{e
zYJU{gc78pE_IuoqCKmVjKf6bYl6FQ{<sRvyXzm{A+++Uy|2|foX@p_v$J_+ZAdO|^
zIN!MAed71o9oeZ;3LvZ|??=vCiGsAWR#OTx#ycfMawIZkE>Q8R{TWk`ncjxx!#vR_
zz1D?Jk6!9RR($OPtBMa&ll4B*@z3l1wIwx<_po8<-7oxw^E3;8{DQk#_;2Rk<--5a
zb2V7_EAGGhh5w8DNv=JsQ}tJs@;T2g%jajSmCsM_^~mS{k&OOxjz&fY-d~-JK9fMa
zd@6Xw6RKKXTeoZF^`GzjFUafL^S$M@YkpPo`kjPo<@NNp{*}BQccWY*uSZ?|7xMb*
zUX8pi4X=T`p5E>MmAtOptCH6p!v6>IdPRmGiJF^H6M5aJWmWR}dJ8VEyZbA>bw*9)
z^%pJvL0&Iw;gQ!#*O<IMA$ZH{-@0n#^_}*9<h8Rse_zy|<n^<+V^s5h#ISV!#)yGl
zT-2VNGNZ@Xl&lE$bxC$Adw2V}o{QA-U5WLS0<xp!q8iKf<F>n(>r#$Ju0J~GZsdBK
zId>`7XV0pET#tyqd%1o%j%49GH)A~ds*gPXZ$ZuU?e9MSU(mPP&eX{A?s3)0@+O@A
zlQ&|#-oNEwB%-`+OHjDKxE_xhxd&9dlLG$;zq2uCwolDuM0fJ@nh-+ja2r^&t2-ZV
z4vdU>PI+4*N~epPz)_&Iq-7KN(k~|pgA$642<MeVv^fe(K+~5n>G_{7xJ|kW1u@Ou
zPmcz)4EZ-ge)yGmL3(lD1-I(4S#2qeX`d$BG1)pVsmwY;d2B|JX&iW@b6)BbAPZJB
zojGT=U9~=-2tt-%?T7Ero?n7v9^Orr8kSTrX@S?Eeys9VGU=2*%#X;LhKZd$iJdfJ
z?*%3w@UBF1gYIlQ?zH+`D?bBQV}xdu$~f9+x-ZL7kLZ@lbF+tH=wL5Q5@Sd}l~=|H
z%B#rxc;a^~(X+z;<No{mg*88~c%k4f_u;QvRQvFdS$DAypD^Q}_u;xuceM}S+mWWz
z%hzI5@i%<r!Fvm8CJ*NPZ^(mtrfcLuyN=b#gF2jn{a34y2k1H6R~Y1C^|Cz3`Dc01
z>s;0H;Fltj2XiC+$b-Wdaf)xRC(DDG-&HLSejwz2OPM^F_q~@qNRIH92g9n62lw4^
zyS?Q>PmMh2jq*VDe$Ir!rD}x1YY_iph`;z3L#h=94n-LJ89}o=$43}g)WYC9jy9%R
zVbHIYEDU<KqIrMdFO@K8%M-W#6{Au2Q-qDM!tYew=h-T8`qmap2O!fsz3|TlYSK1J
z+HarumKc-fi6B)pyZEb8+ulKfCommT(X%`8XxSbWJyR;YP>wcxC=?R;6jPfa0c&&q
z0wl<bgTG#TS<6O`W9^H?yz31NdClN%I`4Xzbso-8()mMQ9zZt?i8MDgx|3rIrv&Op
za&+692)Tp8bfRMp8(YKlOlTPj9>hy;qFNf#CJb-RDWgiuj|mcFs+5~Vb@cEO@)p>c
zHv-dcm956N6@D5)eO8bDlCNkQp?0hi@0bk^kffQ^bn>%{D4%l7Np8zb**SV?G2Jm@
zEYjOv_q`C-2JRTkAwY7m-kfyXdfwGDt)QZs0LfsHLAU>SZ+NX?3qcNp>)K2-4{Jv>
zXJSxXAZM%}a+WDqoaJ(SX1CSlivOqTZ}Xa;gPLs@UAwR<s`+qR-yvf(6tsai$o53(
z^^TFS7qG{c3bJ4azxZTQ_t>a*tm#<88}es?!ZB_)IPfZf->LTcdDmMT@}FkE3-(w8
zQ*E7XeWKU^3ZVNQdyYQU-Z{0jmT#%GJ*C1E3=<fI32rn^196mVPC98=*g;iCOLZO5
ztd1bLj<BlgcyFXqM+IJAdrF1?({jnb=~N}hvXb?lfd!p3*-s~F$IJhyzkUc)^%oDN
z-984^w=&--tD+;J*a=TDgU>l(%@`dWw+XG@Z6`K^Lj!4RPmFhcghA147)0V5BO?UY
zbe8o6%6bs9vUb@7PX#u&fP4j%?*|#Qtp}uzg`9~jXFBC{YIB0^w={@ymMb}XLTbB_
z6caj5`g9n)AU<_Rv^R8qO_r{$Ow~Ji|LUf^0bXxl``h>NGkG(sLF)W8dT;p*e(#{)
z@51kU==Vza{W1LpZlya<;qQ6y`(>66mONbUNmrV(!r{%g6UIG2JTvCQHZ)g3+!*pd
z2K41D3C#nYt32q?Vb-QHrnM!sx2qS3ez$brg&0A4Tvd?eB$J<{xs-Ao1H*x$SkhNK
z=~e|MrRF^#SnhFkm4DWCwc|gnE!a?XHKFDm{E*zxec3M;7KW=vLUB1dSb2;W`#vj{
z5F;6)*569HVMFk5pA8oB3oQoG9=w<R^u&ot-pM|t5%)I(6RwlnLHCo&5}VP|8}ZJL
zcwt*D5`5ChN?6vLzwjBx2eU)I`rVl-@gM%GduVGgiA<gjfUoawhGz|-$ZiQs9tFv7
z^W>|4#BhI*oW3*<eLb}F-3R$LB&g|2ROlO$nc$%>mFT<iDbjb7{gI~LucGgZR!H9|
z07P&?ru-q(_Z=kPNucBr-t=w#RH5(VPc`(t2l?*N(6_3)OyAfdRr|ej4e5J|=zALS
z{g|MluL05b5CE*4kRMz!eLW%hah|-vCDR9LaVEIZDY$Bh5p9=6+a>LKmnUKTmJoMm
z(N+ZUTi9j?MR8JzXy{$Sk7gircWF>GH%M!Bo<iBtfr)541?276&_tkEN13B`D(6R_
zCapmRk%ZQqgnw0k7}RgXrJNJ6#+k@Zdz1)pWZ#&)K~cxmmjt-`;CZcQC@-FEra(44
zM+{VQs!k2-ksJmFM!|XEguc}}RoPFm=qf|xc)~oRZ0bAz9#T^qpN|pvek3KgbahIu
zyQ$%22$-4z-`lm{=T4~890OK6hLrbeYS>U@=u^5=wf{*MZQ;>8p0Xy?s-!oz5FoN!
zJ{-5EeyxkIa3y;5VT@9Hrg01T{I&1mZs_H}!5VPEb@U@J3oWE^JoU9nqP<>pU&DrO
z?Nf8_j7c>tFSb0gPG^~z>gc~Z)iIdSmTK5g!VoU^HT1c}N;2CsC6jxXxo763S+(sc
zl?8?K>hfx*R#&aHyXY=9C0(@IT?0Mwr#0mn7WHDyk7XK`#)JEy?rwNxQAu09Ov$V(
zFJYOm9Hz|T#-og8r|J}qPq6ZEIsna)Vg!|ZWHTrWBDg`E>T|G(*NYH9X@^wa2B>Fy
zTd;pI<o_(-JEej>IrSi1Zr8d5Wi1hx>KL(_fpTv&nbnQ0af{Ir1jDJ%aSR*uj-jg^
z&y?rhU_HBsWx2{4?=qJ5>{BiaD>Dr6kB6wr%sqP|HMe9t>xHJ%AH_GLG{Qq)J(Wm?
zMcTbMw`zu|%$RNT-zHd;ixpH-uA+OkT*u-#WX>ycqTkTcSv)jvztoz9mM*KU2`xRT
z5zPwSxfu0*I=w{3yAcdL**hvXXBgXSyowfz7{tonTfQQJCr}tT$9xA~wqRhM<tK4t
zUHe3Lcny1Iemr*+)_`k93mVa;C04VQ8K46vv;Fm^yh1%lXe#93(EEgKLwQF1Pvven
z*f7E=P^?K6MGM#7J-0O%HA|GpNMvm7i3l3_ABy^%sSRsI59Q3!8Is{k-)P8&0(i2Z
z#0pEMSYfL90iA50Cz<RcM6>P&944)+Dsb4(N-(zjcrnY=`O|rRxI&`*fDEt3G5(2<
zv`kW|to(wd+k<|dHMM-u&$FfwOicGA4)OB!r+!+rGMFiEBYdt#&ho2~49N-zhkOu5
zx#hc);lcb_uyTfQDvXBV?9<A@LM+$MPe>D3qAF0&2A({aCHs3Hk@rWOI?fsdLH8Q0
zMi{KCZz_ZJ+;JRdBah)=O?-|9Ym_ore+g3^_sR|4Ni|SIPGA9@hOmJ;jAt72eL0+|
z#Ep`><Nf5Ccu-3W0uO4+*~=aSF+28m@AEbhPH{*$m>oGr3{}oUfnQB&A7EwN&Y~L<
zX%}0ATv?)hJw@|6dyA4kWyxko!u1dDL-ka@DF6lc)%c&KpDUX)#7eiNF`F{sB+#!(
z^`^9kKyKFVE?WDyb!GsD{nd5CHWZYjZ>@w6-svH%*Rk0Z4%vR4jM*%Gz%f5~Tw)4W
z{8j0=4vyD~fp}BiEuFOvTe@ncF0SpWk4Ldr!7a^Z^Sx}&+@`tr3lvVV^I-6k;6KX}
z!INz`QV$z!khvI72^vKEydnh-6OHiHGmh-TQMe73ScQy@->x;6gDRos!sEBC#14gL
z67fI7tCpFOXqXI7BRa4gfF7rj5s~0`A#gIB{BUK+oa8ht+#ev9W44_aON*fMrS@2u
z8wxvq)weK9A{#i9d*V~vb{el(ZJ-j{Ie0*D<{m1;k?`=;Way8+by`61jBtF<1nrGM
z1}{qHYcS-I@@M>1W}Qv$X>2Fhkk<c(L%PH4cp=SJE{*->0+XwKGDKaUET5@>9<B8d
ztqS|3U@e?&ZpN{e{CN*QLg;l&O!OpnXNd)vIKh)RUNb-50J591G2?nkD_34p{9N4<
zm|R)tBX}+=2uA_oln+9%TSnLn2v=blgClQ~W4_0jAEMtnKf&c8Vd_!Zaz||j-AtO-
z0XO1H<kW4QAocBmus@7gtE7VUzqEKD?HZ$`(JYtqr(14!YH2?_4NbF65c-t#jWPO+
z@`9$f!9UPd6+v{(u2}-w_r?2QQELm|ISHDzb*g<pr9*V5+J;oRqF8ccOm6FG?U;?&
zCaH#^0ZgNt{|=oHf8=g1xK{YO9E*~c0>r^KKf^|0thP@_fqC=!_(EyI@K%DWmEzIR
za_<Sc;gxQMkT6?*TqDrW@Z{$pxt7KsqEXr%B0E0Z79xjQ{)%TXAIBA-3jc=?PMLJQ
zE4JHsi@-Eda(!q**M|xB9Z96{m9BcIU%P+EyRDm<f&0<>!UeN`ABRD*=8n(t6CYJ>
zkPEB!f7Fm|CEvM==V`Auq(h4*e#85s5ulq%w4*cAT{b*z={7P*`;aUU?F5cX-!*T<
zo9yyoJ>M2ds3bhTlk44Cb>vq4k)h!J|CqABRyAh|_X=y{+dT|s5(+A*SvFw_gH_W2
zcT6C`<M&9tLIoeX;NZqKI@*|;H?Nm4uM78g0d6TLE;HHZWtw#;(^}Q0=SbuF_cATm
zMLJXQ+~XLTcHaH!T<Z5r_L({O{>UvoqvV%eWXwGYtsTc(I|`i$c(r!N2F>^`Iz@f2
z$6M+FJ!`3dD#95?hX7w3<@z-A7`^KOI}S7XignW}J2xZ9`vD;N!o~BcW{vp3Pbh=v
zU$9l?YOYaws7n(;RhIOSNAn(c2nF}KL+CfIU%ae&zrgj959<g%_C(frADQ0G$F8S4
z8$1F&qUH+CFWvlz_U+w#p5Ejof85R6F^xu|ETkjH<eSX}=M0}4s~KE6M@h{9VZ0B*
zcm?6+4TkWrN3o2OY_-^e5vWL$*|p@Wtn6AOL-a>fS6QQY;+4ay#QwEp3G~T9J?Vpo
zV+5b~EIGV~;dP25BIh9X!q$WF!nSF=<wLVCYM#;Z7qC9>-#<Ah`$&xBIS&l4iT{K8
z;ACxH99yf#Kpcq|gYgy?hDjoSPUQ8zjtx|{rj|57|5wU&Y{4E&TZo}!+bias*G+Gl
zJ2wu_hYngVxgxyY=aufD)1v*Nq4$0YS8wCYi2TH7`k_SGjL5BQf<>vp+9ramU$f@=
z^;c@HXX4R8#+A=5xXDulcjsH*U7Xr;YMfz-iPh%<*NTsHtyY`<iFUi^nI7xfS!GMd
zzohm?2`xQoSPfb_C=@37c(9W~F&mDak?`lEf4SYZViIoM`$6j`7miOBD841z)-m~Z
zKHiP@?}w!&m-yZggj}(_F+7}#FCy=!+zaL07>{~HmO6jED{_ABoOjpUV+9rPa5%;A
zB7_PxGfkJRdTgl^56DYh15f|adiMzMUDPpLP(8`+Cz!ZW;<enF9#Yz;sLJ*^U6(C)
z@2=N*Unw`n=kYL?5~WK4{QdjEm>L;UEvri_Va7q#`4E?{De|erRaI1NTp&P@UIoYU
z_CVsnosN(5y=9w7=8m@Go53)EEnT|UaDj{BYuLXe3pQ_Oo4SIdmO50RJ6+GXT(B!e
zEf%+Ssdi+pAYqrz6mXYKF%BHd3MN}YP3chk#9w0s1#gp%j>(4p>N&6BHiCKc+0xiS
zIg-HfGBeSvyMy~jfgdCE50cLiPAcaZ9Vyc?b-Z(THSx~%@*#sC{{$oqGdyOC-7f?Q
zXme|&C(lw_mSDDLhNamb5Gf)aJWo@{!86$nV*EZxy>=GDn!&Tb0r=d{WZP%L=YBtl
zMHlOt<4aR*`%-hu=l6q<aj8C!{`$oi!ppnyQA|T^bq!wlK^U~Mi3ZCN2z2uugblja
z6E*11!Aa5k4Ef&++Gs$>W&T*c{g7`jL<9;|MFeuagL}Ax(q7$3x5++)^;>jNnti4o
z_`Sa(h|5>912CZ#lD#3W=5TUIk%E$c-<ODIZed!3nAji^qz!)SCfjPFr=j6&lL~T{
zgFo5F<t)jwV7_IyebfXlL^6~fQ`=+z`}cp3Rc$YNadeICML!#J_x7S22W#v_+Yh}P
zd(kWDcWEy=Fs%m5!<kxlZ!h{$EfRCj?2qyCM^Tghd3w}8zt<Qrs>c0P>+!qqr?50l
zKP?z?H~lnd$X)i+yMt=bPszb|-%q+=>Zd(FsqD3fu?>=R%@_obQO@H*&Hlk2>YwbL
zl<rTn?NBV7%y??U1W;!<BWr(0EV>gYI{LfCO);jIqv1dCnp3pxr<c(Wiu<pNx*}0`
z85Awsk7nD?X4@WVy6d_-E$Nye{|bop(p?~hO<QFV>|99l!PKhqN^irodO9XF_sPQV
z=Y9o0TVg<H9!b;fG_|@pFsWOaWne$YND!C@`q_?HPx1RTmL*hbN<qc;vuxJ-X}aAY
zFHLzxOlB@ak`78MZh?W(ASU1&i?;A0wm#_@ZI)4@y)KjfCVTgRj-a-tYiA&QsO}Q}
z*df~cuzs1t7KHt#B4=%rZ8uvN>ZQf+PPOe%%{>VV!X8)<io6$uJ<hglY4dFF@D=@>
zFu~Fkr@|m_i%nx7ZRpB>h|$W+Rp>2vC;Er6fG359a<ox=I=}v&K#!x7yh@#+prxJy
z!($-RaxmHgcOpRo-@3v^`YTMwW4){H^f(Bd2l-j%kMAX4uIMrXya^%R9qG{&0jsGD
z;?*oKvMq@|2K`qsQV+QK(Lyl2^GN6JB{GmCrRWv+k~^BXU_zJC5`&4vlwcwere8MH
zov9<UG{_)To(VwW!Kq0mok=qNfqQOYgk^d=dU*sn`6@aSsY1W1mS*9sWv1n0iP${L
z1l7|Nwqek72mNq<5G$>9HAhD}QAn|9EJ<lPo;>y|4kSY%77c5OOpkwfvm?t0ZglqX
zGR5t+u}tY<RvbC=j~p|@GM*LGqsN#rN>PW~Q&Cwuw53~2&t^V}UPj-m;G6y3jp?j;
z_UWj6<Mse5|L^luK9HFGgeL$!FL$4g%8S*>bk(AKTRr)jWk2CfRyNOGMr2gVWPwi`
z_N@;fvJwM0St&e5MWP(*;Bj6&YrRQcq;=qBrvy-$Q3`1dDQ|0@7vj7x-^1g)vqECW
zPF4!J9ZQ9XL{L@$Cor47b2x$PWCGW70&`>nw>lL9r+X2&k(a%m6KGTjY(RMzI6VZ0
z$OM+8#ClweF5yLNBy!4R^2+I3;^Y|vIeAgwE>rfm&qq$AQyDpft&=A+8V66CI#{V9
zg;xPtq3AG$$_UDTRPs<cb2q0_+}s07VdaUo^cbbE5MEepAkrlUa(dJ0J0p<jT`beP
zERZV8l8K!vDa1~-Oq;@pP0t!TRVlxy9hJX~6RTH<ZASS!^ZbUe;J-=}1w(_BXrTL8
zsZ6(A(u=&LRYciFnbJb~-pwhklqnU0sAWNmk;i_~InUUiY+<xMG+~BSsi6<AK?vew
zUZJ%yWnXyC)36z(o`&rK#Z0!ahHd8&6}&Kg5R!%ZHWV61--+DYQ&tcsH#>+bYbVnh
zp`vx#R7UHNY|A92c=T4wiqGb>RtjFU9z5%zbytasRw!oLR1K|5d0{z3+bWsXHT1oX
z(^^KGf-TWvFp28SU}|CzhnvX1eW7&w>EF@23s5Fy*P;(-QfVCjfUzKr;2$uGB@_RE
zi6`~qA0Q^AF8l+;nbewpKz&jKe5icUD@#FH3@u)Q_Zo4O1N7d2;~Ws?4LHdGMsL7r
z4v6vwoa2C4Z@_sD*yl}dMT{)idB-<9<LUSbF#DgLFx@kuj>J%3p%ZmGt!Z{+!BIng
zGOIH0CR=(3#Nu^Q=>zeCvkOaHr?ZBL_G~=_6>v3Xs_p|~QRRcS9eJlB8QODwU>jTF
zS%R0~vM>EAw4hGr8|)QFnhSoH-s!Eu+dddalUCwpB($hU)TMYK=ZDq9`@4%R@bdAw
z*6Pd0XIuXht^0d>(F$I1J9-iN$6^13=8q4-x@S<`>!Q_luZ_kw`{8V&vcSU(AXoM1
zYL0DCFeIt8#Z8x-BB(PpS-xejT4qP^qdOB7TJdyn(-0`q*(6*rZL4(S|K=-0yldd^
zxDi9Oj&UU6n}kwR`xBsLFB%5ZHmMA%1;yBq|2?i-ZYjjjOy01SGPMcZ1(kNXm#bQK
zu8Y|Pv1gbezZe=tdG*8xR9+(M!;Jwn+hxTJotSO^EdcpJB?%nr5ih8j?eaT3ma&%I
zPX4dzlaVCYNuQN|Z5WOotc`ealU8um5&;_VXP=b2@xJI<qyT=zjHF%g)kZj_tTvWu
zW3piRo<7Z^pCv`})z_m~vc5BO;^9hz=+9SzBFG(0IdC&O`Cs%bDv|Yww(%#4HgPl1
zG;PfI2@ocyG$kr~#+WRH#82CJ>1V7Vx5q-$4u|t!*4|}&WM_*uJ<LXO>L=<UjWw1S
zX0~NRxI?6$kb{kJ#EwLtlRDDpC65-TgH{j%e6=|?>c7j5r$98&@Q*R=!=vE^2NkJC
zETnB}$LCqM#^Hh@nimNw(L5VIeB8tBZ7m3XJSiIrN?P;Y%A4H_kBh_R4|U!bDEJ?+
z|7ioR82OWPKjSuE#9QstN@0c<&jrBJbk*#LS@|q*GZ{VMyIS+}OmKV;6^-ld@n>3W
zaD0KUDQ0I5ay09X%N7oq<C1xRXG+W71*AuMg{!HseoQYj?EH~CTCCcJgL`6gbOu*N
zab!!KPO$b)Y5FASqG_IZU;R*)78(cHE#29ku|%(oRy&Ua!ZufQX?sxsgFt-0+Vod*
zZt3bXaJN(;lIBKdkO0D01-ye<fA=a(6r@KZ!iC%|glf6ZlZkbn_w>FZ3pfCvseP}%
zBB?37QQ_L$uz@JUfHYqrt)e4z=moRj4lm+VyVY_;6{BJ-%0NDPAYlUcCVE_o%~taS
z9a7RGTyVC!qju1(1lC(iPWGNM!jbww&yl)`B|eOa!##<^SYnFN+lYiEcEH4Gp2Vrz
z3&aL^V|YQ@a=f|V402cDG&`1Ktpuz{pIgYL96Srap+4Y+cL<yTU@QB`n+>5EL3HCi
z&j&LT@w!HgKkAC(=O?_0@Irh|QaHu8qVb;s4+$~8)l3}x)3Z#DZk^@9FD+y$mDk9>
zBR!U+9r^3wrpTyz@~D>v9%~NKNg!OSGQNB9@olnOI(v=pulV@>3SFK;7^lORt6Xxw
z@;kn1Xg487Rik^>RyMllG_3LHKIAjHAHQ71=w7HA-Db_`p5dxybeGWRzGfW>>E+7k
zzGlcDM#FSx1nMi$CZ4f2-}iy1^HaiqCBn}I`aDd0+>`hiOPmx@{Rr;lh8xHW(v72R
zbVd0LzW?4P@KFGN;1m6%ga&vFFXU^$GWrzq_8kJR1TY$1;i6w~)PgqrtJl)2mva{*
z1^ImrXbrJ|7H6r&bP(_x$<Xmuq>!QI(gsDaj0W8)9Tk<lHPo=>qU~G!=^JRCWy`>9
zF${g92YsV|bX@G<sOt86<!;bk>X_`c*!l_7*thVLGf;(p6KG6_1@oBh6uM&z9iZ9Q
zM(cyY0(Y0*Ph598{Bkw-ieFU>7yW5T7YzBovTus>?xf=~jPq`70nfK9<*4sJLe%$2
zPcJux?|VJp?KL-vYe1grLD}a~;FoH^?*rI**aKdka<x=v4VE4r5rI<$l~tT7_g#n-
zSPvZIb4b}8<e$3YcJo{<SuQjnf`d;@5P3Rbgvj&8V4ukIWfhU?%B-)rR&wVyTu=RG
ze}LezQbf0+mROjWm12<;$ipvD=xS4*TW=_cuP^vm;~EP7(^SAiO~7MF-NFTdUbe!O
zz?<asS$71Cmbe`~s+(Mp!ImL@k2JSE9){yQx09-l_Q!#s4HtuoP9+|ZTDN9Ox+ACq
zlZ%yNk~Fi8=t$Eq6YWDQA@q*znM%<XhA_uay_i%a+V)RBCE8qKAg9FkCcRJXthJ|L
z7`ETcNx#EGc`Y4=d}lovgu^Puyq%R8WCU(T<@?ipn)_3{Jl%&sc5v6Qmgo$hyHj+P
z`twA?)E(MGaxim+n-;t=t(T-e{NK@!&8=8C{NHWTT{pG5JUA(Qx21bOhX{xNMg45M
zt*1Qv;Q4<5o&OiHoYuyo?hyJ8&f5{@TD?qUVx?ei2yB&3Xa)t|QXG)J|1m(wo70Pd
zj~HHT84R0OrW~s6y&lTMPMr&uB78i3$aF{^rWKFBq?x~h+SY6WTi3=-A8Roul^Y61
z2MFBcO5RvZR=sC3N)26As%ifB7Z{(CA{-S06*^X_xGDSTCwufroAD$>IKp~w>OA$z
z`wDt;z^hJ_UOlg>x+aIa$~uoa|65umF?17KM!VI;WfZY3T|D{nqhkZ)RqPzwlLb&=
zVF9vSh&)eAsGvq0tfS?#Qm4@U72n;2c0DaGpq26hx=*Ld+nIeR3wjrS3p%2Gr}JLS
zUvg>}b40tPR#Rn4_)@;^_bQiiaL@o(iL%n*36F%O9v4Wy<R~c;Pf1i#{zU0sVqzN+
z#gTZ4Vad~MX?4yF@EhORaa*n7>M=P=a9*I`E{j7^b-18b9Wb^A*nbo3iUxL(VCe*_
z)WH5CST};**1)b4%t)}>IyEd1M`!Y_dI)QvfrS#RoM4d}SYv|iB3P^j7EQ2q1nZ=M
zK`dykj<NQ(93my|0Bf@qx4o5+?Fxbc5Z3!3{GlLR_?aR6=7Ui0j*RdFL%@OHtn|UU
zsTA{}f_2UZ>zsnMK*2iTgLQyM^uZl>hJv`o2XX!_xwx)Cd-g4F1W7??00@WKr^fz<
z_7oAaq-63j%SS$b^Seeqwv$He^OcVy{m92Gm3;j3%)gb7b(9(hNT+{Ngk!&{RuGPC
zDonwOEBy$_Lal(DdFFp4Ad|HMa`{(GKsKsXBLR88kAS>!+K+%7RE>aaaH4tv*`a0v
za<`9w%s%Z$Kwhs#KrT970|EI9ue?w#Adhl!n5Cqg@ez<06#>a3H8ANo1*Bt+f9beX
zBOU8tax1}knWW=W`l_YlV13onv8%pn>3EO6YUy~RcGc4Hc<rjC<Br-@OUDmtS1lc1
zs9huJ_@N?h8ve-IY?Y4y*`Xj@{(&L<*9YOEg0K$|%6$+Figf(^2U$?v^ufBL6k}7c
z&ii1USFpw@SO<Nu4yvVN4+U|%58^^a_=N-QGkm0@OF_8uJwrG~($OnkrN>3nO+&#W
zI?z3jF}c}|$<5~=;I!>xe1$8T&Ku3P`^{i*1Iln-iQZ)U3(Sz8>Sk~}{1@zn53$|w
z;?qH3oe6$Rd#**L-ntvCayBY=1Z?Q%_pc8X{cS3`9caqCtuxysF>jwR&=DRhZYMmq
zL9|^LlWrImJ&!wq{iZE4z^s!Dd3l&haUjwPP8;$8ZJ?tUOg%x`aWxVS><8Prx!@!d
z-Qg7c%%6JSk>2?GxEtaZfQ^*YzZ@h5l_ctp4|D|mE(g$IdN>|k@$)Aw2@9VCn@})!
z@la7Po2A7c^{RLNV%JM-RDTszy|a;pcT_!}@}1oCPvc413F++<k@(&sgWF+=u<Ob6
z+Fm{jNO&gZ_k{WEStfE`bINam9YMvk&mwkHx9Cx>amy7)rx}OM0z}*dac5{r599{h
zyG3bMP_yk%DPSjUS`+DM-3h6v2}#%-^uGmL#4)-+^{UrSy0E)B20fiTVNCW|3t#m-
z*A4G_FS)AIW6c&JN3tCMmxsv8?gUofiMyMluab>Zra|=8DHBY#0Y;O&kM0_PuZ;0M
zX_m5P$b26u3&2Wn&0-t=Tx?D78B64teOG0?r~k)Q`CY_3&K6|xW40hKywk|DAm8V2
zK~^^YD}5H_3BPF<Wd(JbdSRx6KcF<#J-k@(w<0SUA5yQ%)t^JQ3GiN-4<4)H9MY)s
zd&(}8Q_T@1EosUFKuihHX;x*HQcvf-yJ3lqbei1_OKGmtEZ*1Xr74_qnUhGOvHcE{
zrOrhc{I1ahZo?Bsa_D9%tqnshwPXO>+I&rm_oo6bZf!M-TWebQULsg~4J?LWR)TfZ
zz+wsZD8agDU>yjSOt2&kEP-IH2-Zgfdyrtk1RJ7(4I-G+od&Q`8rUNQ`+;B+G_bJ*
z`+{Iu8rXP(tsvOb8rYLQi~gY7baBwKgso{0_^gT(I9LF1h7b5n4nA4Tl`Ov}zh82!
zZvpH5s<7VXSStYQrK+%AP*(jZfH$WqyjcofKfueX3U4gddR%G=Si^l79L~W4fCu=1
zPu=AF?_%IzePXdbbc?_{0Nf8gipEEW1*UGNg<&*AQifY*N2lBm6Ul5*M`yvgd;-P|
zw1+3+BPMx&b%5=!)Ypbrci^=lS}0DLrpS8?ajDs2jR(gB7`5+}vMO&;)>dn{K({H$
zh<O#_6enG8gm=X+ojT<ca@g9zgih1uf~FtGn#H;Iyx&_md{LK|eEL>ebq`y<gj@S(
zcQzMX>l7>4dwYNjvgD7e&1qQr<ZoOPfMfdmcfupS-&A4OPA7SX<C@`AsSd%AVXPBr
zOu2=V>a_q(*lNw5Lt*RKuWD{<V{%Ku8Fo;ej7wHZQ^7e@lUxgvTL{i)5BhDgZJOkU
zn0&9`{KG$X{2_I6159o&I3GLYm%xuS$q|^`NpPO<j~!d4PHu+D-2~^TGQaG6ph<3w
z$z51e`Nxhv>=%3FVeE^qZeU-;YXn>;5`L=)cE1MJm0)uT)>8xPPOwaZrD$MuLz&!{
zVEr_(RD#74Y@i0#pJ4R}=2!4vx{k2n8W<Qk_-PHp5g+M$Mm4S<FJ!~?g)`nbmwr~^
z^Z=aWKYQaGDkE7bN=*P^cbPZBPYOcic7{;sgHWm<90G)mJ_y?tgbjeO-Us0u1z`ms
ztn)$mTtTn^!Wtih4;6%AfUwF3VYPzL6%dw{;V_y~3BqHXM|eEpXOyo$sve2;FgaRq
z_Bw_|+>1r1-ygHY2uys~lQ>*WjdJm_)Okdv>dkG8sv|zVy#JWIlFb2x9ml*8_8gN-
z7zqfQiKrFVsuzl#&!}WvE6CUkQ<8(5#0%2JCg@%<1AhOGzY`vRn><a3o6$<CwevW5
zrT9)x-3F3E((B3p1S~Uu)T3>MC@s`MYVy}_gG0wPO?c{LmTI!?0$&((i|dqX!6tE+
z^H;ddvz1CcED%X>7tTQE^gv3CVTsOeLA0cywV7;tRQK2^kL}T&qo>^e)w$wjELf(F
z>~4;BalL!~?sn;Y@_);~@kikkjIpFo*rzK*#sUCPy%P3WJTS9lV;}iP4FzAK(Jrq!
zpVjPK<3%8%k7Vf1=NZHmp}@dj*M26Xr^y+d<Z*bHQeHIB5r`@9$o%Vmm)y?Bc?%h5
zU<)a@dRDh9Or3JJl;{NuM(J=VY=c>QJ6~oTI>GlU$3-jMy+=-YtaP{X546%<&p*&g
z_dWiBR=O+s2U_Xc_y;!U+#{;)n8rR*zSg-yu`Art5Jm|E8|IO#Q`o1gA%nT<a)izb
z0)~fd>4OleAn38bONdXf-IXr$4<oMc`~z%sr9=D!G<|6={{UNDX)F6MC*3qGFHFg=
zu(ruBw6@fq?=W>{8C1OX@F}+`>4fznwdBLpUGWvJTu#}H5}?dE6%RBR!1)aQ0@x!2
z8>7IU@W6T!EM0*O^T1jXELDN^rC*-$UaaEfa<Sac-vkQEBy)aDAI{GMwIgf?Xtx23
z59bX&$qKXCB&$&89qY-1TGL=X+SEvGUyEU?FE6;6j{bs$m%4(noH+FGHJp98p5kCk
z=?y7^aFV&&t7l|VnQ91i#1HT#(vac*SBH^tq+05tukV8SXbn~JR34%{Inr?ka#>*j
z^@M*qYWN43X4Vw)d`9VmUCrrmM0#@<Z&VUiVt}9(Ut&Q8+wQVdXH)>S;_PXBcEXeN
z$9O?TX&7t=-t=ms2Y`mAkgG4t<;qmUx*notC<h)R0I@Gbgjb^&4tY=fik;LjaJ?v%
zgW_y}($7w1rDKd3E>9+;UXtSx)FsOrG^J7V#U$KF5W$bZKO1xk;n+t7J3(r?9)NzY
zCBvX+CWGP({-2$v1Z|cl4ywBK;e#Nk;j>WS`Z?xz%~5mHQcjj4px9TaMCS@YsW3;n
z$+kkS!Rm^fJCL@P>a;Vzswyx0RjwSz&!!zzOOEvU4jf6H70k~Vrcw~5EK!gb?odhS
zL}|tj^+2Ik9s|e)6=0ooQEL62eD-MVu9z%^LLz@uAw@OiX0-6}-u!YrUmd5!$8}{?
zd1P6#mlacR)cT3*OX%)vlfiDPRJu5sh9Wve1hUMw+Zg?vjoC@CIh*W}CusKn04!6;
zlg5_k$-P7+%7B6NoKR}L0{jPQ-!H-@(cV4Pu%UlcexaeDA(Ie``$pGKE$JVngJ`+-
z#Ju@&g5kxBV4`?b4%qGJM^DpTjV3O0?<BmQW8w^s-2oVboAC%H=||aDZjMo~L^3^N
z{15UA_&D%xD4nhwBrxe+$k4;g_QdUVmEE#I+Wp_=I9@i&rr9R&#FkpxH@fA7>@itp
zTSZ#ZA8flyM^r}KH8U#G>{E@55?0x@?}M<@!_2k|;3#y~=K;8E$Ko?y9y+Wqy|NFJ
zqj;s`DP{)yl?i)l*vRv}bVuAvljB0OBlz=GOhY>D#M4Q{GTACD9px-=+Lo)Fwp}DU
z0aci;?{-JxzCJ@ifQ1X(*QEo=p*$c!sA~t^&9QX1;w2OOpiEH(mAGh~qq@+zXvm*J
zR)xtGxMlfDP;XiAxLbB%WhxDdu8YTXeWTk5&aWt6Fyyn2@#v$E!~W+FENro+uzWna
zNdARj4h_sku#E(JSp$1f@IKtqxk)n)l~P#0JOA`?&Gs5UB?^;T0>TSE2RyDjatU|7
zgi9Zv63P^W-vD8c55i~#VGAInu}_!-*e&(h%vfG1k_Re{@2*m5aQg_4ugduSr?`ud
z#@pmoBouxzx$*u>F}T=-PAYdRo`^1OCE((hH2!YW^KJyr8fDwZ20_SDrnrv_S|I9n
zyUXD<e%Ca?l`Ps@m~40G9m4m=A_WMr95yJ-&_FOW5ZTHwhz)Tu%4DnMiV*D&!mtaK
zhL=PNE;dnXiMHDDg|dI_iObSOTO}anxpizs23MB0(hTRpr^;oUzYd)vgbZYMXjZvf
zgWncI3aUI6f>XI2=V1sLJwvE5FX&V!C`fZ$bcsCfiC;A5Ra|(o+^u~tkMHR}JRC^x
z>0d04{2#ujPq$g3gP__V>EzXL;Zcn@4DPQx4tTV67j2K|!Dn`z+#X#F`FP`v25Pnv
z>Hc#8IH!%|MJuV)GDWmqcZE${mfNGV<ry)rC`?Q$vakgpUbGKo^6-w%a)$jIU_EX4
zrs0AcojbEOV#`5-?qziCzx!p{py@XmK<Y$6&t@ORz1vn9w5=tins0;)Z0m}mBzG6A
zP`lzrL1cn&Uc!<-Q%V9qj+<LSp0-rdyGltIbRghHIM<mLUx8l<Rx084OBCC{xCsu5
zAhrSgl};YPLT)kWwpIj?wqFnD<GkM$`B%>?a<TEsuXgMg`BcC*L*jStjKnhRFZz!k
z^}p`#VByFAulyZU9*+Abe+Tb>`~R`OgV-IBcwl^KiI=|vym3PJ=I9E9afKdL!K1+y
z!+h@NJ%d)k{^Yk3BSIPSUj*x5csHPSb;lP<4Ex2#Nj9F9Z-OOPdRR|K>)GTtVN$Ss
zKgAuDL_w}twsysZ$a<j?94bnxeGOW72|WUmZ@<VbY>pwn6%<y)RKlQs@orHW0j`E1
zPtt7X%sm;*kar`<li6&$E*6~(67AtkJ}#GEtm*M%J+1G0CU`A+B486nKzU|p6Q<%A
z@^^y*W*;9N#d<j)t>Cof?KIsjIK^Kl_^*ML!=sWq%uGC9FQL^WOu4bQa}pT1mUINR
z#CE(m7!M8!J*{d4btjDbb>WdeF-A{{!DvjgPmY#MdAA!(?`T?ZTgPZL<P8kuZ%r;p
z!)G@ZoU36#d+)Dr*O`8=$zCs7EGnwYjgLj0#3tOJ`}%gQ6tA6hS+)2<)0?H*!=wAy
z`*yt5+flCql5>m7#RKJHoqetc#L^v5MjF$*A2i#X;(jO7N4wQCIUaWRVe4;4chSi}
z@xa-lQ-N%PA1G%)R(GA<Vx3FqzjpyqfHTCbI}ak@+8L9(lrFDf)|jJHK+zXLqfRFg
z!6wg-rlJe=Oz|bqg|Mfw?Teld9;AF6NWt^9C3v%fZYl6dFdMpPjNa-v3X6CKS%Mos
zHvNlW>P!6?J7yEKF=+4k1@iiGCDpK{*sQxGwki{g%7aYyUbV%fX_B>(*>+a6otHZP
za@-A`vcN(q)zQyAv2QCW)mCgRMduj2ir|&MG6`ciR9H|5{SBm8N0@Xaro56coRxN&
z;Aup#b0AuD_^UstHus{u(5uE@T}#0JfepMA7<jnv+lFphMn~)AduY^al_`Wa=}@fM
z7OjI(N+WSN3`+|PLW@q1Zi__6Y`A8IOEj1SmL9HbE<dX+eK@#k*W|P&Dt;{CS<Zth
z-T0cdze+d0W*wdeMrljn7Q68+)OH)60##+Yy*GHpwGFIvv4uN102AkV^q1#YV#P^R
zWuMomvI|Mg-A^#P2DS)brKM<@4{-(0OXFrXW=*jJ?`Jo1C8#&XP3XZD;9%*&bxir}
z;P%!|+bIYw*7<#w6RsfK{*WOA`yj|Vc9?YRL#|_sjyY&bk|M!HnOF*@ZGy7^J1o%k
zlm|T919rtj{7k#-%s2st#8Fd(Kz#s#3fSN7*epzH=V$BaRuaW8F8V)yOAmvxxlZ_F
zn+T8HfnpTl26@N^Ogg^6Ifh?zVG@sz7OQ-F1C_WMEK|R?fdTb@<GszQ52}4{^Q;QI
zoIHuMd6D6@$nM-sPp0+clDE=pbCH+)?1}2{29Bs5@&|tacS781sxmSHTR93^8S5|<
zSQtzi(>g+MK80AN(!$ZS6|sYc7BjxwO%6^Y*)P`s25|KTtkHx;DQ5Vm1N_q#{%NeZ
zSiL&2oNs-aeIajs8p1D4@9*0biLh*G!#KiEl>S&x_$ks8kJIC^+4-6nf?>4`VT0M;
zW=I$Y4OD3!wa^6_(=$r@qtzG2Ye{FDllZGrzYjYK1+Z^>bf<Rxde{@-LZG05pwQSK
zV4JIZr@_EZI5;m+DA*$!`dyOTueL+4^)oR@6a^REjIK&-Mbh-w37BBAo!0nMMM=Ix
zdiks7f+q(qtJkGu%498r<Kn{O?F3sf{HnFI9mFRB-@UsRGX)#m?Xxy^M0@~Wjkvlk
z42Te1Mz*lDW00=_(vU++`bBWp&QKS3^v6aKpSGuc<0FK@qbQ1~VmltcM>>rT&$~sN
z*jB|F!gdv5+?k~#;qk@bX5pN)pkoAv#=2Ufv!YkZu&4+j&0gCCI+-J3G($6ith=^3
z4Tj|UA92Gl3Fr)?mXThp2p6bIX~rr1Db+m}jyvNkk3#pKlWv|37rgyRa`h8qv$KU;
z4jM1olUTh?SOwC<E2%REZ6gy2*4Q^#Cz))!q>-%2A;thJd$psTkd}0to@c@;i*~t=
zh~bNPo8$QF%O(lh^^{WZMDooT{MDjFT=-$x!80$?M6<bfJT}ei5aP>=$PJ??ZQs&V
zuqR4ob=sr%PDbA(XocN%+Y7F-a`Ck(*TjD;o_o_xQi{){;-B>tKMabW1jP@cSNCBM
z0Mn@0@U6ij(A5HHMHn0Pd|DHMqT+Hp#%KGmVKzV>JLxqp=pFBZ;`&4gJ_aY@G*0)a
z<sFE-7mieGS+a+Y3Yx#uTySkwIgbD26FNibn@j$fJ^n|H7<c$Da6xMC!N$qu0ya)M
zEvIqPlMQ6gQ27()bJtZ6u<(+h;5C69b39{*NogoRM>Bc5j7nG)M?!W1Zk0FV9}C~M
z!^nRUM*fEHaOCGPC<YgUPFa4QZ-!y)&pHuK97Ie692_@n3S=`J$-Wsob!}~M(Foyx
z&H{VZMkn1)w?Lz{00sbtFYH_dZaD-#1CQi$a)6SjfRc_xNeI+Zn^O{^rljJyOvx#h
z8QnJG{ezQHq9aP0YAJCwJn4qm9|@DOw&1!-8#Lf;Fd1t8axd2G&R5mE%&Dq*hEj8u
zy5`AH^P){y^O{<knxARN-APJ^PRS<=KPbO;D!(=<zdl!fy|4Uw<CI3ea9M~;fPH`j
zW21KN+}iHWmPEEq-?kc-5leGM<w&5iDVGr=Qb^u{n3Scg=i8Bxo`-EyCm(w1cjX{u
zI<(BHJ;!mKYY2qUc{~nR+ppZczK4>!NQogIj4|1sERLw@$f)@~4`njNli2-W1RDjt
zqEkVsLi_HSO(Wo?tj-#tA<j68)&-OO0k%fAT7zq3{;SkI+q$66itfCnznAlHF8OeL
zYbIx$<gy;-%FGQo>&&)0OtVdLyM64+3<W45@_Op5`6i#H9m$v(_cql|A%P-pE>tz|
zwFj68HWA?VLe&abzZV0<5ug$P1`bGo9E}l>a9{y8{*r}sj-}T&f0NzR{I8UUgZAF&
zVD(xSGG{w0t$mXzSRLJpTY0_Ibsb5by>sYjx9hNSx7Ym&dRer07xU&xf~5)ctz$Xv
z*0$pz$E7#1KN~V}2$(AMZ=-NY5ZcgwFImWix4#Vo;AaXWb|3iQVLPgxl3{*FzR`!4
zyse{)2BUN>w<GymJ`YK@Vy^%LaTo~$+9r0Hm{;5gZo9e#w`XH$G90rNS~8e)OoK^R
zDjP5+ypC5g;6D+^mC>-FpOCt^pWtfd?N9!qXuAMTi~`QEWof}J8V!F4;JNlMctb{k
zyc3>J>cRGtuQta)U>CUWhXm6MCZ#{bWJ?YYu^@QGQ7feg$U0gNS7&t<<T%HwuwP)1
zZo_cIC-BXf9Pk(xtSl*^e-rGyG#<5E9fQnj@$n5FN$t8C+q)Q=wqPd&xOsuLfIl99
zLDa@Gh*~T6ENQl0(S1t#_A(02TVB@=^FOA?Y$n#WuD4k+iw;yj7ALsn$gKCUEY1-)
z?|Mq61?>dqMhtoeMDCr}k#ESD2z~3lj)Id6fO#l`Iq%c3ZS<@v%+|#B`4N*enuGt!
zq4gB>X=&D*iZ-no---Bcn__}olNzihFW&_%n~-u~ki9rwdsXq`=<PWt7;sr<#rcGB
z3wSAjtZSij(F+{k^W_yA!MAZ7zrvdg|BySll6)R|+x7{1Ni89tX7D!~7kkH+=o}pp
z*M&cbkVd{LdxA=v@nnx4Qzy&<Pf!YhbBqGH+tX3GV4|}f_8ZdBosq1>wb8i<F`8}J
z`jV6|9E+Ib2)<~dvm!G456&GxpR0&8cpjiLJ3fhC$BSM^>Fa4=C!A`lIC{D$SyrQ?
zr*fGMiL=ppdwpW#m6b9Z6Q)lZJ9*M<aA?(nGc{wvbPZEm8xvC!uUS%<n!AITy5!5$
zCF0`9AmW0aRs_%CJnHFv2Ry+*ri=kpw2{)Ixc911HB+nKMyAqb_n#Tu{b#4`p~Td-
z6*5zn9zDiQo-h{JXpT&!Sy_^XDfd0ZR0glPTw&_NB4R2tz=x?!;^J4%R5pE1<exc2
ze6GyYVqWxON?*pAN{mr4wf8M#s!(QXH)pEj_Hbg#xm<Cgd156x(KLeB)af%kj!6e`
zR(A9H$`n?P6%s4^d|BB?v^O;q?dA0OG-pL3k}t`uRPv%LDP5r5MZ%P56)WyHk(D^v
zOJ^eYC)$BOYLZ$k*UX*q)2Bg?l%zyuE3CX4L9Ae2?s}J4X~0=Y3G`tFlN`YY&PqCc
zuIH>|kQ33&K+Z}QFFK3Td63$KciX5~=|-%qky%;CS-E$62(dEk6)h_ho&Z*uw2HDm
zsW5XgoS0e1Yuv3c(|0>Dv)-4P^+f$coS8!Ue2+7;n~2^gGgHQkE~E5v&djf^Rm?p3
z1~L;SyCXGncckrQ-@MPitPHUameUXe&%Dz-9-TUKPB1HfU`?FN-bS261^IA-NsizQ
z&Pg17Iyona<bX6Kh;t(HqD4wiCx@g7b=91_^*VBrD|51#a}q1N$KCRh!pX%~h!b)1
z)NvEWOq!Cdb&flu5plGbSG!T+Xx&!gXqhiZ%ZP<qgNcPT^m&eRw2mlWFLSg}E}GH{
zIY&vYR2+Tx8gg_==BQF}70W#jo?j*pw6WvHO_(ub+H~%DaLmN1o^^3cL*k~ASGiu{
z=ExS}hFp5H)iFci27U0b{^8t&(dTPv^a-AMKoSRYZoqz4<W3Ds$niFC^K_Joo7=09
zo6KO&O;#{*(^i(y%@l6NkC`-e%oK2R0up-agc+6zEJ-7w?=&E$vUttw6sCeXQ`x>u
zWfK>9!-<Pr`aI2<T1><*lbKq@i(W<PYdBLYTdJ6fC8qYtOqFq_Vq`bR1C}a-4zAU~
z%`yAA<|RJ<WOn*<cFK62Yp}ev(dGF4CjJFC(nLdWt4E0BOT@vB5%gI}Sa8gQ96&4(
zC=LF?B&Xx2gkM^yIGFe<a*$Gsb0F3t4x+b55(fn@DjYN*vfHqqH<x*F@J1MMAo4m_
zaSqaJ5eMl+Lk2$rJHbiLtVQ|^|I8w+Y?*@`URn;N=W-4jsySG@5;<5ebFh(f&}RER
z#KBI7!a=4?_U38R$IP5GVb%;bs@f_{R2Ybfjl9}r%BcE$6OF3ET0WzykXWeTEbODt
z&iu2CC@+^el6cV)rC;J4r8HM@^z#bjD5^H+D7H3n)LIs0mzO9Uy}wlEXd+{2iq$eh
zBg(pRj<5*s9*8*lZ6k3MSKEi9IIJ(YCm&@g^f{MvB-SP&T$^*0!HdqI^h`R1OqkkC
z#gRZ9Et5G~#W`vvdsuJj;mG+Saa58L>v8|Spg!@jidUAa@DaiJSX0|aB(EXD^Ee;t
z>GK!P$3~*JQ08MdFM2nn@8f)Y5UJuLaXIpV4tIbLy`K1p+TM!zc*L&o(TDhmWj|vT
zmJ&U3xj2+q!ZN^P6!FvV8{#KS@52u!If4TpB?hACGn}&*t0&>B=lmq<iJwGDPoYPM
z2?v|1_{n+&`N@{~$>IF8l!fx57ZkM_WH7CiOejyEkUe26OVSAC5YAB!=O~*vnz4cJ
zZhSe)B^FLjCKi^_=gS%Nxr!)XBXhKlbF_}q*K>}7)EupRnRYiaM-u0#g}l4@+9q=}
z*{ZDlY<DwdZ1$L$V<%fR91W>Q97&v`EaK>$uld%-m!nI>!cWf=3-GX+eP(k8^>s)R
z*O9k2b%-M)rAN`Ze?r$LDvox&L|dCW^46vfanxMaH-BF&b7Y-5YdT}YD(jo77zc0G
zB~CCm<0KPzF?C2dXHxZ9{Mw<Rji}8g;{UstK63~wS0;WjCw?)dFXO~pjVj`66Y+&I
z@w++k&1Aj5t%vyRC&rAOK4B`?`^PGzSB4PjyE*9@xNG60@1x4gIO&Htt>r{|4*!%0
z>yk`*B`3X-(uEKreRE?K>E>m$WkHyIPMFyd{M8HO6dBGCHiInQG&LIDMs0)On#7!B
z{gCX<p`oQL{sH4h8pS_gdPsx$2h4scm4ASAle+N_5ZO{Y{sAkJ)Rcd~8Y_kJ4^SB-
zfq#HHBwhJ{KG3fFEdKyqRyxc-KvkE%=O3^Gk+$;>*jq_o@(<WEO7HUz*b7Um_y_Fv
zB|H1TMOsG<HirZ8ea_Sm=!tNK<|wx>4;PxLNgc>jvoxvcJT+UBI)bO>Xi`UGs>fVf
z0gT~*#omA?IAEDKU;+oM@&;saz#4DB(;TqQ8!(jv)_Vh<;Q$|(*cJ{b^ajl0fZg7J
z*&N^#U*I_oDDwv7azME^AddqiZ@}{$aLF5B<DC(vNnOfQwQ<Z>U}_-R^Dp5C8TGdt
zND4&dlN2y*A2T7xGGY4E8D?8fOD2@ru4e3$6UJzSvXu*EJjsL5WF(a9t&j9sFzKA>
z<=6RwNuR&x^99p$&Zh&BlE{y+)aQLnD7@cD5eny|?n|00XMn&#*!D2u;PE_V;Sc?f
zmu_626D%M6!Fe;$obh?2xAMgg{I+qL`GMbq{8M}2x3;PSzsn6(H0Rkp2Yz&z$`|*K
z7ZS~^t=W=3ZR&(+6It_X+S<;S4f%MlQqjBK`V7{<Pw*_yiv@nXca+o2kM~CNPwnyE
z+NzHCI;&YIe8F?P$7ONJM=DtiM;n`F0a+_Ik}O6E<$Q-rT=+Qlj!HcJ^bU!qMCU=J
zRk(7!d_i-@SPt~$k&k#!ZhB(cWb|$$+C-0X9T)=C&86oSVQ`C@GnqWv$U`&z-=8dV
z_N;35@a@O|p!=I|h&^N?gfpR?e))X*rE5~V)}o?W%i5YIQjyYYzco_k<S$A)@T2x6
zxzrARj@p;hA;v|YqxM&y)i!{5*A1}6rvaLU!j1R_RRh#n<F5gl@dgl`KY8=CaekFN
z{iG+JQha#YnWN<?<*s=O-r&s>bc=NAYZXrktNrox7`I|h(WE{LM>-33!R3kS%FmBW
zh|_2Nx(l6pPMusIliLc;j*>b#6q92F=Xp(XI3{-#oNqh*I`Vl)<NYH9lUoZ;z00pF
zi*H?iy->{j!|y}<P8EI$bXE9uPVt_`(@-QP-zPW+UsNaGgUOu*=dFu=Df#A-U#A*b
zm(|IwFgZzZM*r!Tz!QJ^ZSU8w_-(4Rzx;bK{0mJ^*M389qBOoqUPQNF$%_g0ss{E7
z!6p;zO$}@n!O{u#jt2G?!MYLb0}YJaj3pZh_8$%GLxSDffUxx%*e3)lC)n2-*cSxb
zMX=2p*am{FBiMEg>|25@A=oYrtdL;Y1lyy56%%YY!G6@h_7W_SU<Wj?p9t2BU}YNE
zF9Z_^_L~NFm|&;BM%XD0>^Q-86YQJ@_B+8oA=n=pm_)E;1iP$(RS?WVu&Wx_p9ISw
z*i8-W8o_!I4Bmr#V2=eNEQ(;iYGC^Vz2D`9{6)9T^`&)lnhVaGSG<ji-B)CUMSyV0
z2jMRTVIm-$@j-AZ2>k%zh!4VX1tA&`e)2&$s2~IaLa7hJj|#%6*$iR34?>B8Py`6y
z_#kXk5Y_;~=ROD<6omPJ@SzXFX9~jOfUw#J;R6LB84zCeL3mq1Xa)#NeGpbE2sfW)
z2#b6WUQ`f{0K$A9gy$86O@J`V2VtIqunG{S`5??x5M}|wlRgMj6@(FhFvbUAqJoeB
z2#@$6j8YK70m1BpkbXrrbib0r5K=WV+JM5io#3=w@w-}_{TpSp@FmU<P%%C8<7Ywb
z?<Wki#0t)%J`|)~l__`zD0twi-!<iN%_^a+_>W!no80so687X5U?1{?$3A2%OMD0u
zr+N~nXz6+RnoQ5hS&W{%Yd#(Sx7?<MfH3QCpI*5tBdi95N3MD!G`S`t%majwYuwy~
z>+?-ks`UAKD^>cudj<L%aejnK*iI$=-2b8NUEs1PzW?!kxX9!6dAww(n53wbnpm2k
zmY|~h*ke&yQJG)~Y2HY{s7O)3cs`FLX_l2G-PB6U(oBpBZ(vvLs+B2TswFZtP4UWq
z&YUy5v(K(r-+q5zpHJ+}dC%^d%QJK4%sFQk2~XND<_Pof&2!K&<?h?Nny??}*p~>a
zYR?e1H)3HgQZT0@S9knze1CmyFEV_I*QO9M^mg4EM%9uj^T=)br+7u;=a|Bw^kK=`
z4*ZU^z1kMSvd1!fge!ek@`AP9iHZ8z80`Uei`u=wNie4z)_$373Z(M=Y^+MG_Bnfs
zFF2Ids%A~FB3O*o-s9UHlt}~pv$mG-^OdLe*N=+(JNt0Wqrv9J{ohlf!7}J8Nm}}B
ztnvBLdV}3MTME^(?ik}WoW7o<^(XlD(dNGBq_ceqAy$pno8@KW@fo8W*S?)xC~4n*
zUnptceqJbP-*zmNv~QaiO4_$|3nlH_>kB3A+meNn_HF(`N&7Zup`?AwUMOkbCM=Y+
zZ+9=0v~M>ql(cUN3nlGa--VL)t@}br`__J;q<w3?Q2H$>3#H$}u?73<`y8shj0VKF
zu;*djFzB!S^<dGtg{9d~1zI;*d!Hq0yMPNu2ZFyw@a6<xWWZCkB7jE&Jd)ru2)^g2
zJ_hTxaYmU5+GtCeAynoKxlAvkOokRYOT^k}JBtQ7{7xDJChu<}fJfa-r1DsawUhwO
zowkP(rI7fF5}={ewon4Ja@zYdrSMK~P@;nCHz)xbH?3r*6m2J;5};YrW>BIU5))@i
zF<8dTlp-<RG*g(xCDK!jHgKl#%NrGUo+1&oE2zl61nlKR{Gq5P;rDkk`!J06<u~*3
z4pZH3?tQ}>^yp*Qpm!dT8g%z#yg@M_0~T3h6#0mXbd!s`PDT7ikz%8WpNbqiEESpY
z7!Op0u0U+2s+nRGxQhyGk_#kaf#G@qk5S+XD)8iC9DD5$+g-<AX<*OgA~ub%hjKaA
zsbiZO*slm1Co@ux1rDAQ1%5lH7bv9yPPu>|3smR@HX8+|QGuO*N(Ju10!#D)ON|28
zQ-Ni2fh({;j$YtVqd;>ikS!Oedz2R#trxh%D6socEHF$iP=y6z^a9ry1>U3rt>pqw
zV}WLR0hdwW5h}3%kW?TI3-HS&c!AopdI1j=ct<YK7Yl6B3se~e!l^)>Tp$<=l<Eau
zIjdWx#%RAhg6qX&H|mST^cyYlYMfk06vj1Q*Sf*>^dz`<_)cnzvdH$dxf_*7y@m4V
z(JA@`z2W2Tg^SL0<xv;1euxe<E;Vkxc8k~aouZqtc7|7V9;(0Q7@gL~pb9BTsFad1
zok}XD64c}_;o4v{-K2N#nhaA)s-1r8Ef)rS1*yQ}A7NH;Ri_1U;$lfdZPs#?A`2CQ
zrEQqrK`bdj#FA4tyd)!~L}E!TyE%K@<caAML5B)PO5@=wBf(vF;tp?hE~gOT=e3hR
zBV$fsW2h*`u?<;ha3vfnk7I&_5)RW4rH(7%1baEU2_>CBE}JCSo0|4eO4fwzsT50n
zk`YV21@Z<Hxwkm<?-j9%Sb)m#Hu4i-r9OEIvYJDzikq5?h@~Q8H4j-U6|Ann^lD<Y
zTCl1St38Ar%b5p|RhK*T`V~SkeP0@9dJ^N>uww}$jy2>sZg-r%hL*VvjyFt3jy2*~
zBaZWkvpnMX2x;ttDL)(y3M1+2^`v0pI9a!ZB;!Gk!SO504dcP7M%!jJM^3Ae(~{-r
z5u8)j%wV%Mv6)QvjMa)lM}YjEEg#x%!pXE?un5y7#9)PBa2qjr#mB9Y!4(sA20Jeo
z2DIIIdkPNuO=;}wyO2W{ahOro+~DxRNyy<gVR1<uW^gMAZWV+a9T6PXVOpUp)?-45
z!&u#Fk(#iP!QsoxY@0BJ7~Fvj&R>QMPLP{$#{<Y<EZG3=AO<IJqXur|gNBHyA;jPW
zOlJ^-rGmi~x)CBVm^MLY@N#<wziWyNZbJq~H@cQHm?|^an;2X{3~nO^Q@O1Ix86a9
zb_fP{VY-?abcYgy;ksQR{cN_}uQRytHSx2_&a(O03?)V@kkQ=NuqBh_-^|>J$Y?lO
z>QxY<$=ou5pE9BqUVJDqs$x1R6dBDEj27v(g4B{73`SeMX4{fwO_0I$$Y94%Y{?|K
zC4ZTK3>FcC;)d%aJdg6Bg(FNjg2DBet{?`F2nOqj!6;#F{z$scV8N@pxw+}rausp7
z8abT)Dus*XF@%W2p~PVwak!c|R8?^Yw}QrTk&TGMXiUd6LJm_K5r-3WQ@?Op|I&00
z8@(#}dfF7ducHlnn8wKH3S{)?E68YkSu2Cl=k7;FCy>qF3Pl{k@KYck8Y;p>BN$zb
z=~7~JhhTIUG1^%S%H9T}zE=dJGwkN_Cd6ndwJ0$fD-X(}>B#6VVziVPjpfJV+#UuQ
zLl<F?O3=v79fpj?hY_QyZkR_i<lOQ4xwi8a`x$bU6Q!2Lv_8I!9LAJ2HaNT~J;<=C
zAR|IyCQ7b3lhHpX2|3FUoaSIUk2qZ|I9*SiMhX+c-S_F7=Dw_(5E=r|;V@)#J$*V-
zKZXB#J{fm%Q^;7^f}jFz29M+-+dDA%ASHJpZ`HztP@`9Cn16&!2=6-<W0)2FJqe9F
z#bq(ky2%~cLbSP0SVT?7;Q$t$oy<1gdZqeMrJ~6+E?lqFxhKfJ(`l(x4BDujp<2Xa
zGMADnTGu5BtGi@+bu#9slGWW4e@T^!#7dQjN-fr{?nnw8e6Oe!ni*tGAX9Z-KT(@U
z8qr9iPrCKm^rqUBT5D5^>^FZ5*<X#xC#W{-k?RVq4cpGstG8kP4ysMXQN1?x+AR;D
zl_!i}kAEhd+}>G=C$}KrZ-6PH%*7T9EqXDY+ycYeqq9kM1c|AXfYGLnqXdk4Z8Rm|
z$EuB>1WYm707}5bsP&>m5swc_30QTs)|7y?QfovBSlP8xd89f5J<=bP0I^BiO9>G5
zw67@vlB%|q5+Gq~>nQ>I0PRgm@Yu;OLc%XhYNRvhpDDOicp#yg2$6w=10jlyeNYX-
zEp}Ibgow#Z&i#wvrGfCjLlm2n@-qat*l3*(5sQzU8xpG6TW*Dgiq%xkZBB5DJ(oLF
zNC$FmTY^^v!rO%ksYlN3L~x7kSLaY6#mTwR1h-g(^#~PGshrz~;1)ZvzM(?QmU9OX
zygCqmU8uBqkO}cbu$Yw%C4$8^Z#WSw_GTU;Sd8|(M5qfS+(eZyTT|Rda3yePCKJIK
zNVppav$ufSK#r|b+%N4p?jr7gE*58VR**|$;3a+^x5o6Lm-v*I+t^(jQhC_+oaTgm
z_P`^y_7Izn*jfsVIBIL*u>Yv72}ZWbIH5Jq?xEBu$86F6v(IjG-1d{pj@zPR{<gI!
z`M{JN&a-2bno%cg-@W&QE#D8Ev^Cf`ebV+E4=&iVY1nC}_;Fe6)BGH7y6K#IDxQHy
zAnhR&EfZ-9(sE6-9Hbpw#A&llw8xOP4QX>tv^hvyi8Q~7_Bhf?kXB-%%|lui(iWL$
zPa-WDY0sHxPa|y*(w3TN&(rxo(q1*uN|6?VwAW3v*N~<?#c6MuXm23xbEK^?(cVVd
zYNV|<(bgjEDWrX9qLm>n2Wgv3w2zQB25D6$+GeE1Bkgk&Z5z^}koJ{{_65?MNc-MI
z`x<F~EabGGOthUy+kv!d6Kyxr)*|f}6Kx;T79;I<6YW=|<s$7b6YWo=r6TRLiFN{M
z!;l8o1Q@jQNQ*{V6BDgb2&XkeS}PN+1=5Zz;I#H8T3e)ji?mKAT8EH8TaqVFipT|H
z?(C@4%&{Co`*grS06by=%+>+z0WjSHn4tqsC4=>W1u&HWG1@Kwq*ws=>45hEFxmpR
zn*g!e(*W>V07*I^8vqFwfJ%UPZ8QMlEP(5Dz%>B4$^z(jQrsic3IN?KfGc&t(K{HR
zg9Xr;07=>o0JOFMF4X~V1HfqkxCoG}Jplm40tnFoQvmR{#bV$rnG~dIUH}}j0FLT_
z9st;H0n`v+g4P58KUx5LbU@ARU^-+0d{2N3Z5sfpEP&5+z;XbTTL7C0kfY57z*-C7
z109eCfRz@&niCkq55zAm0WdFFFe_wCN5DL7!Mt!niUoM;Hiq$AFbibNcYw*WU>+w7
zKbd_8FxeK&!!o8AF!x(9Q*|Sl$pA>P0Md294Y!d^34|~co3dXsrA^rnnbM~0^Gs<|
z_Hm}PDSJ0l+LXPPDQ(IYXG)tgf2Oo4o0%zX${x&=Hf7^8rA^r#nbM|gWTvz!yDn4O
zl*MF9o3bvM(x$9!rnD(*oXJo6yYMT6>$Trg@U-lfui>-|T7k)(-=)yGIvHSWO@ZTh
zMy!qG#SUw0s8|QN*o#Ineyh$CmSVY7?BG{YvHOi;{QjLgQpAZpoXvSsq!ao<DZ<3#
z>J;g$zH5rG)9H{Ro!YlZ5hghyDbo4<$+5!l<j`2@B)^)nleO>1N@x0?P<E>J@mT3}
z|J||TvXK>IrE~u0DLX@Za;$XXUockKCOk4$I{Tk8Rx(sb9V;0E+&WgevS#>L$toaj
ztYp5>lM>t_sMA<sFK`KEb88+aCAgi(nR_~-doY~n#qABWA5il*LyU0kV8;G>Z`_&e
z!w@*_{ytqH!XKU32R==)dCIVP%Cvc!Ve|B`%~P(;(=3~(IW|v)Hcv(RlV5*&LVtQv
ze|k!PdPaYG&gSWb^ZEqBe`AZrNKIZerX!C(7a7x4j{nI|EB%8LT<fN}Ss$>?u!CP)
z>vnkjom79YpNFPu!ZLXba=1Qrl>Z?ox<JuEWXGE>dJx&$fp><5vkm98d8lP|m*J7p
z9=K4sCJApRi3|wSCBk>pMI{jJTvZ^MR0&bmD{&7lyc8Z=46n|LibNNM+h9BnE^Mt}
zfYwD*?fetoRB)diE??r%kBN2Xinv$@KW#&-TVi}Hoqenf?zio8qR-dbu7cLQ-M~-{
zugZX?HKLFf_xt;Q7>g|uHrNA!wW3ELK43rPw?X{eKYOA=oSs=A@3{3{@dmu0WIQmI
z-P5pk>|tJ4vg>vG&l}mgl3pLU@HE$BXnhTU^XGLVgh(x8im;5k{Voy3)_WHkCLHXg
z8wiGL{V8)hWb&ekjB6fWTioAqE5E-Zy|4NHj@!TVDz*LS{tonidl>KUXvv!P2G-B2
z+k9`wl6!6M?XZhyi{lw?^O=g{*~Q26aJOTW|9X!<490U-cRrSza&v-N(3R(&VO=>?
zbY=7W)(W?E_4vn{NBT8hG18|@oH{XU+`W@&q#IF-ep6_qW3+nT9__OJ|7mCwi!01S
z8;lyX@pHt`-Z05Jw6kXf4(sfPp(QRnLT@dSM(91zGrvB>N9fptI6}Wk7bEn}65A0P
zRL@7~ra~B@k;Vw^1ovMTHau)^)JNqY*3317EyH%OKCU|efQLX7!?x@JF>IIKA%^Xu
zJ8*>d>LCr=Jjx93A%^V}^V=xq_<iQ_yRMIU{4V<}aQu2_G(3KHr!+i%;d?k}$GQuC
z${xbUE02HcRQ)+_zk`k0)@;mXcVPn|9;Tg}SgG1(EHwvG?<zEMZ_R7X2RmH#_>}&k
z5_5e{#F*>z>!*SB$<1!KKFuy(9|-38kE+y<RU!i_@v4KW6!siTft1Osls7A&N)W#j
z2J5my3T+94^))V&Wb?uL&ORKh-Nxf!b!sb%Mc~tyiy_`<KzsBKXpc_<+hcN8!|ieQ
zo`2Q9S4oYL9|u7(S&OiW-@k-aJW=%J<1_90(q?`g9>D*#7XDXeHq8H^i}U}l`t#uP
ztRmNnA=(_O^}VRp>c=k7pWo+8{rNGlJu#E_=f1tzpSRyD`g6Bm^yk-pYkv;EDxf{K
z1-8eM=?%9>&oTcGf3LqlV@wi*d*}-+^=J?^#w)r1;P*PWm$^POssiit`GXDDXUyII
za{ZL#!QN(hkad!);G7~$fn*nOX`)ygWy3C)JJdTTz^VK%#SjLQ*Ts=A=r)AG-NXN1
z2!lB<npVuN&{9`FDpt&*@ir^wbc-N(6<fHD&xD0*lCf|-KwtO^I<t!y+223Xpaf{6
z|38WH+*ADhU5)ognIfdViECbW*1ok%1N?0CC9`oN_}R!S;_~~%iddW^R>b@yT>Lsj
zNh{)1%520k({1LLwmkywU)yR~|E67J{Y$>c?+J&W^qX=O&QVBiW528XoDgMZ@5Da!
ziG2=o`*QzG_Cw2v^*YY8cAv?{lc#<Q{QmA!Lp=Fa$)32+bAQUu$yH_!z(Rrd_h9*W
zEdS@*Qu$m~K9-jc{9R()bDQ>Qbfvj{PHYZrpPo}2ZlCfy{>kr??0+HHfaw?dTd@8M
z4a;8-n|LL=b^dx@G`k5jgR1~e3`Y6y=fBu65%e`JL0C3SnKqtc1V{!N%ehG)`@ymI
z;;ogs*=@L1c2f|Kb003UoZ9UJf`sKQ`!&+_HJ<#+aEO}EuUvA%lM~3Pm3Z9Be&(o*
ztE8JFEAecZpGe}V@#v@!x)@Vi8!s59$a+)I6r<CW%=-;fj7GsYy~HNC++nUO_^mAS
z(1eeDJ_)<z*~u6K0@Nk0XohiJq3AJ0`FBH4grXfrH6|aTq=sCA7K8_ZsH0lcVLnA<
z?svtG7$XS82Wm&d(Z0BV;&pI4g3(cpgr&)Mg9ECUMwTX1v!@u<yPmz&RI^wI)=b5k
zeLRUGiaM+{i^uR5XQ?Vln0$<qlC3s|6m?+DCOD*U0LA@o+Af*T>>JThMD^f(75Z@_
ztc-K8ZgL)xo>>(i4%RbzCBP0m!S{!$9xJFG@mP<O4`2_iwyDQzWV}ryWV`~Ci>Mxw
zfwx12Xrfe)U6@bNMEX7cCDj8$f49SWxPwR=5KA&y8g09hH-NQf*@wW{p)53=S;76`
z#*)Gm64yY2O{G1?;@q38T|RcdB`*9h-!HDh*A%PT!BzOGVt45OilPLpEHDY!#!b)z
zBn&w#9}73-*<F;H17~edi{CsaXLB3C_{)@<J8^+J_7E&k{fq^wFU#D+GZT!=c$WDI
z&m3iBdIS8aX~7E7lCKAUYRe_0_2&hkKLCzc0LKa7)Y<~z7enX8yW^cPQg^&M2D@X)
z7||UI#^B}d-MP~Dur}R;9+5wOAT+_^Madp?Mg(=Pmp#{pawQx5dRK^FFMkab@8Lm(
z@<RDFoQ0P9Yg8@N(~;kH6a!a>vv<}0#f$%@{h=Zkqd$=J(K}U9GD-VP?MMReMpdlk
z@2f)3x(bRz^$b<&Wd#-4?bF5jA@r$F-7V<=vp`J0Q!kAmeQND%oZ&H1$?W+R{tR!u
zLq&z*;SOB`@4pL>54r@%+aFrizxyw;{w4ie`5=3wE*s#AH?yx04~FUMyUNygE$L-8
zKxlO@0;p$p6)5pxjo)d%#s}^vI-Bd)t=uC2q+dk-x#?fmZ-h}lj+xoVTE8TyU+F!D
z^il*+Apre&Aps^np#NrE9-yE5z_R~MyU70c#(!PEVTNp%D^<=SpJ~ccJL&A_3so-9
zIzE?0n(H@rLty>pjc>Sq5f`f;`<`oEij&o=U*!m=Lj{2ew)WYb;dWrQjO<>(b_yWU
za#yV?zF$~2wKe>}SON3)FTEuHbWm1A{%J>6%fhd-+cB1pm3bBZ?aivMKl?9S2-Xsk
zhP>YJ_xHm0^UdGy_Rqhcf06Io$nS-L^83}c@;hIEwGV!^6XACSi12puJC^V9s@)*j
zWj{y)^#xB~7NFl-ZyEphUS#~=@bC9G|FnI0w5#WT`9HT0FW>Z)|Ij{jJDS_)>Gv)3
z-?)p+e<T0j>X#Oku+iK(h*T<Xz}S9Ms8o_BT|mDy<3UNk)Q+D)kK_8K*<YZ3>BLP!
zzm)s1&@WAY*s5Qe8xhbR>jK+jP-?^N@ww;!ex6aQn9egmA5&<1R`K{X7d@+ZPYFD$
zn10#+i?fO?3r(7rC16XiexlI4w7Atq^D@kGRxzT1vkIG&hrW37piZ$ldANpWMjM&k
zO$wF*RH0N}1EwC9QwQTT?X_#@G)>pB4829@Sgsf><g!kKQJwOBD@n)Fgfd@l)zzx6
zY#*@xt_>Vdf85jXc*-5|FZ2gsDD3t3W+Q3}j;OdMFrpG+L}e?Z{Es==&km1$A*e4u
zDg)mr7+lv1Z`~{VT<|iR0ZmYC5N>hR?RRC65??eq%7uOHBco^YjW*$C=UoN&Y>~ow
zSBiY8`xSG4D)J}pCtT8sVstm9sHwItX&*Pn(VxRcY@4ZcpR4STcH7nDL`Bi_=qe`m
z6v;iP9Fj{jI0Rw3lvvv#Hv79AxGg<GTjaii#b0{sEWR|wmc>bpO<r@~e$fxjI%F>2
z?n53_<Nz(a<_r(cYKP?L3?5WQ7)#yL7#LN93=Ib`dW}%+4l)>RI;BBB#IKwtC%WU4
zg-564@^wB28CJ=6S2)ob9-T=+lIt@#Qeire7+x(HULPcDXhug}En3!pmCo>-$+j&!
z*lBX2EB+i?*5uiF8!@_`7!^)*hG%C*kmUFb-cy)9LX1WR6Qj|=$mlL&w2xqPe=nWU
zL6dA5T@_|>qPt>}@a&WrUD+EMjV34FQexEb?2HMP{GGug3e&0NW?Ui|T}+JbAVy<^
zGhLj)=$Z%Yo$1;Wr{qjm`T%m8B)c025vPlZQ{hBsxOkQZOODUr?S$za#HkWOoH|2D
z*+ZQ67OtN2d+MA%`+&Wx=i`l#(-P$L@ds>NJ(I5@_kD8fEg?<~S5J3{<Nyth`^MET
zy8kh7nnRpc5T{oOm(O2%=$y8Gph1_<L!roU5i)#!qK(Vv@?PY`PYf3k!-mUeUWnun
z4ddCk*+ut9#sCQPyB}sS_~OI{T|Mt32J@&zC)&7rHX;T!VlYn;sy5;3c_c(~hz6HH
z<FXdr51G8$&d*1$HdsM6K-|f)cOk~=E#oMLE{GhjjU>B7NGzrV^rz;h1PnuMCMDq4
zqdiCo_|0qMDFHK;b_XS3p4CQ<M9tC=%H)=B{YFw`URim!j;(jD!n??ci`Ur{9o5$7
z>pp^8{EO0UeZD3W+~Qm`Ekyjh<lO8F`K#rGh<QWKop~XDwb>zJK9qAGzmUJ$|3bt(
zFXxsJ+~TjcFhs0la_+MPxA?0qA$X)I_hrg8dxEV9vD31?6=I{2EockNYW{Uc?nU1R
zla2pQiYO2%WbW3{AQmMzWC?dQU#7?K!_Txd*%FR^CVQ_4Qs8<3l#MPdh0hC+jS6gK
zBl@|_c~1JdaG`vD3$V`}+uAVPoH4@AJWj06W<B*f1!YD<J_oVV>|Yi-9v#bgMcAHe
zF#L)Z-OBe|%`0%vHD`!oFc3P~*3azizinN_-al{an04g|z7L2Wcj1_!QR6NUGt}mF
zGwnUM!cW?M{0;l;L3Or%Ufb(zeaP-TW$QzB_LMCrb5Ha7CZ%GmQ&XMpq4>8*n`ENh
zPw{V&mTjUvNbzq|IBk}R_9(@_MVik<E2Q|hNLy&4&8PUcNPEFVdzRwgB5k>e_6o(n
zMcO+i+A4~Fi?k0+wD&3gEz-7{Xd5a1Ez-7|XrEF1TcrJ9qJ2m4Z^v@l0TXR6#lJ<`
zArq~J;@=|eq=|Nn;@=|8Ve)4>NAYiw*3?7`BmXy~U1FlO3=Z@?8gN!PVN^%4O>B>|
zfxFz^ET{HTQyyQr=C?g7w!h1uWLRKHL`9xLRDUfGP%Tf{qFSF4u0eMJD#RWYtfTq@
z>Uf<k>O`Gz5^4dc-|SJp>L{%XL+!Lj{ZJ>|g*E}|Q+w1WI%)}^HrS)e>xARb3_z{2
zN3GORNq~C69<{VixDZ_ls1keBd>s`6s62broI2r5w5KyeW!j^r>!|gBy3Zb!Rwvww
z769sYd(>?@YBHdP+oRMv;b1fzP;vICSREA!s4MJI(S(ZBPG8PY?d(zEI_g_MHLlZ7
z5V_PiEnbou?~RwF#@pg0sZouWq{e~qlGJ!ryd*VV9xq9aZQ@aCY!)v`jrD_3hZL**
z(vy3j=qHWjk@00u>GTnfBR}lfk#8(CX=5Q3;?5e+nhU8~5fl=h`})3#95^QR6uv0q
z2)0d;H-hB%GOVZYO&LJ29g4iMB|n&sJ%z7IYl7`k<c&J{#hmCNd{_SH(b4eC*A)=t
zC$qhW@MYObFinvaD&#k_f?$!_iyXFu$l&cVuZK7)ozp|8>2i9Y3kvjsac<hSpd!0f
zi8wDEf4y{G`rG*^@;}+Cdt7YOpLXd_Kj}}k`qQ8K(|P^LQ7@ia>Q8O-rzriYyZ+R>
zULUD^<ZQi8XdmCaQdH}uEAiAePUkk5m8w<fST|hDBS1I;;IX;!7{ng+_h;X0YtO$d
z)U2;ux74El_FP2&ef7W4S3*!1ufKZ&{CZJg`OqaGd@@1RG0NXJ%EPTI$b5xVm!M?~
z1Kr*PS3%!4q{JL>3F+gwI)`st3Zhg}c%Uf^+gDIprF1m?#^Ncxn9{M7c9P9W45f2I
z4OyK3Mkx(Kx~FQZGW9Km)fnz%_f%DZEDg88bGxW$qyD6H;lawZk2`c^jTxGFmr3j5
zjjQwe$46zj3O|Lb>%^t@WsPajC$rsz>VJwi3X}gku+my#N9i*031CL%JLf4*35V@S
z4C#x;puQ*r6<K(<Guw<TmLmUE;w{SxUE;<gmTB!6moUcG!)0_6r)H*ke8a=j6RL(s
zPS5iA4twJMbQSh*u8=+0THGC0v3aJEqFl;(4t;n@EKWHr>jwX@t_tjSoT}f$dpDdy
zHR08P{N|dqyfoZt4@9l9G91l(f{<sSu1kViaotii)&j42W(a4n5go7+FI<*u)m0nX
zUaHmfv?<f{TFpp<xVMFmH8ZMIN>zdoN>rs!p2sRdI3;V9)>8x|jMS71oBFjFh>2B+
zJ9-}5idDi<x<ps(sZb@Zgi69HWQZ!|Nbv+K@!DnO<1oESQCdbjUZtw|4k`DiWmUz8
zL)F-5VgsqEQJ2M3mm*fQ4c4V2)uqI?F3D7vRH{on_p+tBB=h^=s4nZNE<*Je4|U=C
zsS4!1TGU08A`e#L#mfrW%JI-?+N<I6pvy{|4&4L216AYw<C5xBLUn@p*zK@Rlb*vm
z#n{%Vj$%3~RHs-TMv3YKMD5lsSSOq%mgq{tSf~?MX~m#Q3-5hqh-4{PVI^L@tdKn>
zkFuuixRg!hWs}k#PD#tjm=5X#-Z?2v#IIb;K}+zyEk67ClVae!Sge_9@w})a5I8np
z)6r0_(ACbB;?8FFhHX-0!b-e4S)nVocqlb(2<Ij<B{OUK#Hsf)ZaN}w6Iqtd+mCG0
zxgkHdtI{<4TB8B|E!B^brccY7c5Bvjwa;HHFIfGEr{GO}j;f8n@)q~I_uV)pD~vs4
z6~yQjbkg0ycs<`qZOQCt*3Y}u!iuaLJie{mfC2h|%Lhx_!qM7R&{KNy&pEPNv6Z4x
zLQzOmZCf#)dVRlf<;w5c^l?`x-netF!nqVM(JkNm%sv?_g+Q#tdzTf`?r=?y76YFv
zOHZGe0_{NRoh+~K6wJtMe89X4OH~+5&l6mQaGj^97xvAa;qajhJwRBCAszU*i&lM3
zY(Af=hX_MGSLo^1veXv(d}~8Gt3>h2!7p3JGzds!qFIbVN4>toYH`0suf-@@@5{KQ
zW4MEATqMZk6`#`7JZ5sJGa&6+haW4#OQm6)@vEqPINrGQ$^Wh;#+x_p=2hz3Y?P(D
z72;-SdZC6dT#YRc_eCpt=(^3>U(X)0?r^zL-gC7q;87p-7)a14p|o}b{f-K@O2(>H
z@hUU|6a)8HD7J&X>vZTJa(o=BcWo!_wl=I~;v-;EgudltJ2uSdK3+8+o;70E-5TFO
z*U|lV^{wc)hsjb(O4r`;u3L|39;H}V*Rn3#{|f7}+z7l*U36KV(Peyxu(C0BSrIje
zMm2>rv@m?62yfAbE;~Y9R!3b{M_q;tH@`hf@3Qsu!f?6@dp*6d0$&)3p&8+VZ0NEh
zqRXO#M3-%&wvTRvT_(;#V;f<Y!6$9HteT3&(|73v6F%gipou(2pZ0PqE*yRLlpZy4
zI`1}q13GnE9d%o(-fc^+Z=l=g&OayhlN*z-x1^Rp5dyCI<J}f5MQ@h6t;fr(+qSmH
zd*e}v8WWYnX`qBT6NVjDN6nE;^{k`zh1VD1rQy(F{Hk%V#78>~)>X)4^EW%|T@_7d
zp+)qn=pcMm48E!ayQ+e^it|MBDE1VDorWe~Og$wIgI7>b!53|MDv64%7MG<5>ECg{
z+7u1eJ9t2|pf&2ai$h}<GHG=Ah}Oynunv0tApFYqOL^rHoWZQ#l?C|3IEqN(b<WYe
zarLgkXLx3L1h5U8icsyLZXGx*+JI$`REzsYsIw~-Y>bG=AY92=8#bRG$=j|Hb0I=t
z1pW}PXcTM$U4;*_-BZm<_*njRe~h#-gWfsP#teEB&-56Xs#)8XrrVU<+!7Qh0Y)dY
z@{!mVh*=hkln}jiYXJPswv=Z3T>Zp@Hx<{Q($8FbvNr}pOm#?&$?r*%PN#V0t3k$u
zuH8k&CdkEJq+&&KvDc^=Uz@v7u?)G`QYw}sXD$;g$eCQfD-P6n&ie!_kw5uSkdP!r
z&NhNAmSNk2gzzkKejr$>466<j+Xj*IJHb}Su%iS^)^pBKPK=%t3ZgEXUozC$8-e4I
z#UWR~HjT|U+u--i@=w7LysNOuUu>8?+ekiw(2of^F&YzUdA_Hr5&V`CDu;JgYF1x}
z@W3$>Aq)wfl$wsmO@wAhh*D~HnWEh3P6Yom9leN)n^4ws6}V3@rV~!sp3XEjorG{{
zDxQticj|0I+ue+Z82%AlnXQ-<<Y(~!ZW_`;O*988$Zthj6BDfw()uH<m5J5@X&sQ(
z-b8DQwEE$k*4ae63~2|DcBP5d4QW+KyV^v%3Tba5ZGee(Ez;&AZHS3>J<>9fHqt~J
zj<h?Fc8iI2Bhm&U?Jg7TcBFMe+Px;)Sfm9b?Ew=l9cjNMVn9I?Z7R|}L)s%I+6<(<
zjkGx?+Dw+JN_3-)K1CT)IjmQ>QZxRzB_h}vG2>m{3?hP^2?SiP0~7%Cwg9d^g8`fP
zB)FT2xHXX$OpJ_K517j=n9B*nXT_%g<Fa5n$(RhlG`C>fgyGYq7cl2f2VxvDCK@n@
zEf~nrF(H8Y*@CH-G1W~N=1U9aOBquRm~so|V;Qp;Fsm$>RWc?EFwa{sFUpuCz|6B?
z=E<0zfO*7%c}&JQ0W-;hnIvNlGC8^CP7CHv8B+n65j^K9u3r*o`~964J=;H_7+WPK
z=FClu)mKn)!Y_1kT3us2=7;^F>6o8(UjBKyIFEnl1t{eTY?X3!-aqjLJnx6M<9UC7
z2=#T%^?2S7+1lLhxHuQlk}C{vN7|TUfWOVKDCxK#w6eAiX!;6p41LGmPp~n_eVJ#*
z8JV$x=QOl^o}W=K{U)PW7u1Xml!qkr9re;L?*tRFYZ48eIj{7S-6#wiAhKF_RCISO
z-uw5qM(z0NU!zzPS80F!8l?~&loHwyM(^`e%^$o+s<fdW?d7`ppK8W}e%Du78%`c!
z?OIcOEci}tq4d%ER{Rx_^a@3P#X-gVitk%d_$=T%j$Xmrp&VbaOu<)t_~BkrN7zVc
ztGZHfHsH9F60nWe7E*%OWiBN^ouoZX3D9I|lPLkJIxU3~po7$Ip#<nywM0trhK=ot
zhY>m2WyCjU^>UWIh6hyxiBk(|C50OMyJbg1!mNve@?t9_VsDpoiBtPbAfebtEu|=G
z8>4U#N78Qv^zOCS@CL1olUuW>r4(eXHXk|XubA2rS`(5WrfMlIac>q)Z;T;E_-%DV
zh!`XGu|(vT8Fp<c!oqbRSS-Qf3C0iG&bvjJxZ`ew#S=^=7(Z;==@wz*z95)Nuq1+k
z*s85|i=(?`1mk2p-=LGWd2VrTH^(imaLaMyAtIlD1~N4JT^Ib6-L;@1`*Lnj4d(;?
zT$bNSzt3%Sm;LpgxV?BDw(|h~M7AG@5~oWsT4y)@el}nx>x9Q~aA(jd)=xDz=})ox
zQycy1+<EczgZ{Khe|pjI_T-~>jf?*f9?=1*Jd{<H_Qr<2^%wG2Jn?&fv%g}YCH~D-
z7m0rp{;%SLbQ8`j9{=s!n??1HjP&}4M01CgrLlG~KpOD393H^`@Pa`8%X>A<zxUGr
z%)guQAI|yT+y7tk|8$L+|EKc<`9IsUVgBc}{m=ZzGyYZ1f2V)T|F4>v|6k`=&Oa~0
z|L2$dSAW8d&ryUO$)E4`YyYu7->q~0qd#E|e7}?V```Eb$KO9NyTR|9{Z+U^s*`Ko
zBs~2+!}htAL){Lqf1ro1!2|bpum8RP|EKd2iioBl<h3NTyjDl9DjBRsKMWME3Mi?a
z_xkp0w<;*4x#^^ZyHkYoqg+#Tiwthp3QrTn+Et0uIv(GV`jQMY^UyP72}xd~qnZnY
z>u=6QFu`#G7+kj<*x)^Bqxo$`E5*%JEvI1^om4Wo=G-r;cW_LR1KH4TrUFJ&g^HS#
z(0Dc{DWP?RbFrbP6gL7k6aEXG4Tf_E*!nMQYK)9lAfpopnEe+xqko)7M(c>t3Su-F
z7)=&RSyH>=ft#du)m5xwHS>w<5k^Nf75)nkpVb*X7H99j(3?0VXPfFcv;P9;bO>>Z
zr{`;pE2?;Ck-(F4ev)b<q#ITU;@*eRQB6dXZa<@QIw{V!NndaxqqNOPjuY++Qj<P=
z4jJ7=jOsU4@kk+ohv9&*I}DdCB!v4?W5H-QgVFu5wv09<M#;(Ml4sG$CSGRr$XR4m
z4MsNfo2qyykia8uK-e8|%cdK`eaR_)Rgaz48TH0C=)Uw|7&2Un4EKvQyD@Nv2NT2V
ziQ!UWI2IU=4LrvNgxxu|Y+F)I42Ox9{rr^9@aF!uExWf7GD^NSUp|8^8zZ;u(`S%T
z_>6w05Bf=9G$!zH8W47e)3VWva9?U9d~LcIjP~kp?`z{FPRZA%Lw{`2X!5ne-~VX`
zcMJ^TRU&r9S$Z@#jtM-y=JT1&>9uT=Bb=B*g~Lr&9V`i)-IuRz(BWnkUGPQ@H^tWq
z_rO*L*Vi(xxjS8`5ypsnAOORW{Om|NTn2>Q;W7lM$)W4&Ld1yu?4;hVU9WA>@uov4
zHg6s>+JYDjmq%>zDI5qn#AqHd%9k##amYi)N(G}Uq<i+nnJh3EET+>d4F*^Cv!70}
zA18D7$|e1TqeEkZtrK;~mKKU}f4F<48-qpp@G`$jJhbFIg-bW<i9<*7H*T^3wH>fB
zZ-8Gw8920QiM_}fh{r!~3$~YswUV~d7C67Hv<05gR@wqjY%6Vn$F!BUz&Ev(w!lN$
zN?YK5ZKXYWbX&CbjHFB+ioA7O8yAapY~X{vA_y6-LVm}J#baeA<(j=P3WCk&Hii!l
z!6Qw%#lhzD8p8*N;L)bsr-RLBErt(HuyoL&=PnI4pSc)5IKk2>j^Tq7Y(9H2;xPwH
zr#X7=JHh5N7@e>-SUT0wb2kv&;#Krvuynek=WZsr#jB_?SUTm=b3Z3|MId}T!Bb7S
z-x1t$3)U`zn?0iT1PftP&OI2+#a_wbrct27%~LV_LZ=Ne=ywAnPQTD;Gwe$`N8*J}
zOJZ$<_a3#s0cp|SwoWbG?JqCdaKaYtwfBtKbJF&cId!(^CZ}v2W?ry&m>G21_T68e
zw&nZgGhAKi?8T2M7MPAHp1>oFKYDW7GbY+Xr0qc35)*AP($*sFB@^uhq%B6;G864(
zq~#**O%rW7(o&JO+C*E4v|&hl&qR9%Y0*gAV4|%<S~H}5Y@&UDv?Dz@ZHtLkfwXUt
z_KAtM6=~~{_N9sTDbki8?HdzqJJRxyw#!8O7HQ*=_Oprh1JYEa?Kjc(Agw3TelyVy
zAkB@mKTI?YX~(bRw4)~4A*AiP^1^;*<yT(7&y3MZk*1jZcFrQL0BNBnn#1DL^Zh9i
z{Il872&JYf(3@udXQ#xWSnUx8D7OGAbik(oc*g=*Pk?akbpX6>0j$yiMF4ow0(k9|
zaJIM~08d*0&*^~S0PtG?3kVRcbp=4a1@O2I2mwHj1u*NBxYOvsVFt*s0J3zzCIF;a
z0F!l>q?Z72j|DJJ2jl_Z77O6cQ^FA`1pp&0fE#td^#B-b0SrGS+>bf}puYt$PzRj-
zlL2~K0N0!nPDeihAj$%W)&Uy;(9Qx7ZeGdSvjDKTdCk8>2jl>tkp<BFlyES*0|4g(
zU3BIL>40kiaLfWYsk;?j0sxJ>?^Nk>-s)y3=dEZa$$8H=ljOW7nn`lr>}Hajm(@&?
z^X_jZ$$57*ljOWn%_KQ5z8T7SvCSkouSYZCnbDH%kP_B8Y8x>g6TxZ?PDswOeTbYB
zuKmt;CMXLV6gnsQA^;w#eE@LZO5Hn$pNlNx?_gUiZ3#Ttc<1orhgk%R(Xt5^=$*rl
zACd_ctKCSjYDL~()A2(eg2ijy2^Q#`!%rZZ5KPq+f*nz0{RbVz95@+4hZ#SdL|C07
zD|G1irkr5O+Pef(ObRNxGiMROQZ+w^Ez!yR?wlD!o}f*prwr|0zOQ)|b$oHVnWU9i
za3VXhpdvd$wyz@ppkYnGKj;9Qhtz9TpTdy`^ij=3ejdReCmD~A7>~Kequ+QeHXfH4
zk1raJtBl9DjmM9S#|q<dyYcvy@mOs<?l&H5j7RiYs>0S7eS)<HtJ)u*L@5pE!@n}?
z!`n`_#DBcxBJm&3xBn0E14AwpKQNZZM|{pMblSg(AJ{gae#0kO;-9s-Nc^*N|D}En
z$45-M_rJzR9KOR`zZnl$;@`EtNc_9A|GIwvIDV({@PCcpIb*xIe#<6W;y<>!Nc_it
zU%!7mK36aPuj6ysm*)C?Kf!YUL(7ZY|8VC2zwx;v?Z1xC@4qnDuaTvGpSv$||H0{t
z)Q^2n^&R79StqrtZi<F;EEU4={-{;=Zo^VXO!se?&Zl5~8|AC=_`Xzq=k!(97ZL<!
zJuyv|fLRZZ*%6!WI$UwgH49W5Rl}l^_(}p%J$POu<i$W9OD3|iXcniI^}UAw3--iq
zcjb2tV;?K5cNIV&>XF4E=QyT#P@cBU)j@%9bN<IzBP2T2xT>u5KA)&no6xdoQ#gE`
z+E?}Wb*a9-O;ukTmp{wp^kp@59&=6ey4>vB-llGqWk#wjHxgKLxfyG&Nc<8jm|q#K
z=5LHv<0`Y)@y~Jd>$<x3?ECk?|D87!hkUFShiq1TiEav}?Tt!Ozp7D#)jDt7sp;<8
zRK}a0&b-A_JfdDL>*`q$1^-h|)~KxOH)?~`uTHCuO<u?8tR|}K!%x-xql0Th%i{Uo
zy#mBS^&3qs{Q4t)P~}QIf)dM;t$XWHTgJW{BYmguMZe=J7z{E3eXFLw1KYdsMs9`5
zgexVhqw(teeGc{H53K#2YJOFncKl>}Zq2TaDm>vTc$)WbEf`V6f_+kaVxL1I*j-g+
z-barzNn==4a&6-hPyN<Waerp1L-PjpR&tKs;1BtO>we-6XB|`vPh>YW45gZw?8Ga*
zzDljdfe3sPy|s3=(dGdR-g*)`>1SKLTl9sZ0!3XYx=<uP7GUWu@EeeHQ5Wf;aP9da
zioyoTtWm{1D<N|A1Q8F)OFDP6J$s@*-R<$W_4sde>K+jMS9SnY@K9M-IO`C8%fMJo
zt*Uaq`<4Pf-uy~75FESIvWdN7Yn{LEeL+3BPwlgbocUnm>ljg84}N9Mcxas(FxyQp
zf#+~ncso`Fc$3#rt!^;hupi#Qm8;;m;PLJ7Y}CS3-*$E5;bz`GRSCWw33=7C5?$*m
z(i2=$E7D!56@R%hDwK5iPa>OtE<eeBY|Y}*UDI}?yRyDYALiQmX=33gS<%N5UFBbS
z9H%{(|K-`ZKV*1ZlsoI1MAq}^iI;zx==&;r51x;+Qq31Pi&3EDC#+;PTS=-|2fICN
zs;OOCGSWZB%_iW?aCKm2q^kfuxlUq*<Ns!|ZvN14XH7FM4ClfL!1tPO2w*mQ{Se%6
z<AIPw-}sJ-r)pS7C;skpK?Ta~YgzeWzVT71d^SsP%?k5WjlikOpY2o!X1lX)_xete
zJ8`3c2u8`neCceenKhivDZ}}cVtxh8Exv4Lt;$4fHfipKLkG839$Z~to2r8M%xEU`
zcN_{In;bQPdq8{ResL9k3X^c*LDi4LD9Z_9)zgl*w^80U;b-}5hRm<n<?*o!di@kE
z%@`H6z1gUM0dZoJBkOXw=OSM9HQOXA16Bp#j-&4fiXYYuC3C<gU=+AJ4?kC5U$YI>
zitmJj!Q%yg$DL4*Gi)#0=(UFNmuND+{7B8;>SXoI{*~J~N)>e#wgv~4w)OlgH_%rS
z>WY)<eK)hOtf#Le)D>2^=8vlvyYnCSfR+MFUD6<LuKC-~3q8}TP^tp$I`>{`;|%lZ
zr8dqm?_JvPodA!Y5nK&}_vct_rDy4YE&#}|03Ol-K>(P*lh?%!h*7j1aeG9#)?_VY
zAap&pT&=sdQElVeu-Z^Yu5C^jx0YH1TkFHx`hovo!VmtdJ#CU}p4wZlFa9eBa;3Yr
zwmeFKc+Tc{2Ekx8a}tCNzSG@%#GxekQ$h-Vay@Y<41}i<Y)D3qVgp=bi|Eg^!pCdB
zhIQbMuHsly1Tci-(S-b2A&Tn>bk7O7+gsdsD;LBZe=@O5_5JSk;kLfE7r$Q>?0Hm8
z^^IaLOmzCPnY{EJ1YiY0?Y<Eqp13Wp;!Y0EOY9BB&Bm)6_l2nbT&L5Y<qYx0{hj@x
z>O%zp93^{w$5h{FHg8<<jk><Bp8uPr#%*>LL~{e1pVf`$g4OkJzJdQ#*V~$!f6f6*
zNB$1BbPbAD%WlJep-js0x<;H*9h%oQ<dh`gu=+RZpn&(USiJlSRKnx)f)hCV9jnE|
zrYO)!2|n*ux7T-waU2!tjXRmu0}{SE<30qx$|jdlZkJnewM@jxiPhd4cO?5DN;6j;
zY0noZ(U7AYe|lLf`mq&jcJN*DA@3E3tX1<um>Q5D{o+XYDe9*hk5AJo{;sbdRd@(y
zsKeUk!|my)XW+1?99IFq&;)!@KZY~yJ}0zIKcEp)ReU(VpGO?7b|lwySa>}sQ+S{T
zJT@gRk)X!A^>73Qx+AmlN>mD=X$YpP75wWKR!QMxJ9C-1C+NB#geBFCanmP`o0^qr
zx+iD_xs!%F@W6Kh3g!Jn@gAB;o*hH}mWH1t8u*6BT%t&3wxJ146y30vOsE{-R;@aa
zY1x!YE$+8@f_@jxN$s|M5w_-49m!=>%i0B!QU;t_cYjRx7&Th;?-06y2FATVBLruJ
zKj)&8e-YI$p3bQ$Lb2I~YUKrNsFskI?dYfoVLb8c&Ita#NN8Ke(z0CLf+8zz`c$2(
z8C=W)L6-d|78bq?Sf)iZVz^c*?od_=T+^92h)+k(K3{9$Y#xIJnTIjIyC@t2EJp+I
zT5oZ`?cD~jh8Q2^M0sKZ@(xb&TD8W@!TQ<ND3!fi4;;dcv_MSo^01wFt<z)-!D2Sk
zT6qC8EpmEbZP9^(4QM}pFNRq9^l4L4CSG$j8)6-q)HNkzatg~b4Y=H39B^oaH90C3
z2V7+k47j!20?X@*wG6ln{?X9+<U5~-$w*2T8FpLzTBpT9WML!OZ?Pu6C0)AK>ENCS
z$);-w+H|pMwHIa*!Bj2QyS0z#W)dk=#%1W0sSJYc<5{TBE~-y5*5`x+>r+jZ*wL&~
zUSFzSpK7eYtUjb~HP@%kFz@2^aRy_3WHT>TpE+q#ecE7sxak*}R;Z7lX$4F)8^GkE
zEDZuj{@xT#E4Xs}y1(}s%JCRVaOHRxN^lGRwv^x+^2U_l+TpXu_tjekwapH@!}L!m
z*J(a@r(Cm*!FQBvj%fK4<(dr)_EE0+EdDpjHCq=P;<>qC_6gqHtNMy0UpxM+X>Vg<
zz<HUy1y+Casl7LcpW08$iPhERWpG%%VK+3*G-XeHZC3{Cim((J<^tGWfT_wJqd7ke
zmyh?kbyPePi#|VP>*JYl+SVoW_-Wg-_RKSO9-%c;&e|TTcR9yp#Wl_Of##oze4zO|
zm-nxG25HAkw8Kby6lrxP+Hs_%Anlxqb_!`jkrw2TY3GsF9cf`ES}^*UHbq)96U~XV
z!_7FYrHR%YY2P5Nt%=sk5qMzR`y7g?VcOl_u>OcV7bwR@>3{(MxWoczrvusnpos<0
z;+(i0tL|$CsJFy<4AucV0dU*`sMF&;t^+`g1#n0QECRqD3t+zv$O6DO7Qo+U(MyXD
z)+E3j;5paz?ZqVa%dXnPT{wO#+A9wB_$;&Yh&0Q5dPJIKK0G4LGOLeBv&<_;q*>-^
zmVoejo!MJqwwv*D1Q#3j+=RDoRe{Jpj%8xVykzY*_6%2iRn<mPk)c%NO}WTbdXZGE
zGkfM&hu6Rn69e=)RI~HKPyBwZ-4T59y+eNIkGtWWHLLXk^rTm&Y_~X2dz(Gg?2tam
zq)S)99zLZXuI)vKIZ4{%yYVom)9NU;4XEXBWBZ#(#Z~Z*f)iMzcJ(jq=>RU7;78t$
zLKaYxNZ2io1^d&JTkEx3oB?*(EsoUM>HN9iMbz7#xIGkTuX8~~_GN+RX~+NESMQBG
zmVFr8fuBLeT%{04l|LazW051we1|eUEHm9Ueq6Le+;@@aE~s!7-qTo7iiSls=T}~M
zV5jYm=GR-2X}=n`)m3m+W0=S`^8jtdkA?@_e@1dur1nj2xH5{Rq^MLbt;LtD>SZJ<
z^9Vt3g(FDsal2fFPlDu5+7Py!bM?z_s_##2`2mpCL!y8XU&)p|1*j9)QwA46;KOve
zBKLF9mVFVS!0n1@(_wdzJ>_2hepP=z8q2{;V&D_p#$t&6k-+^xx$S-c+)253P&Ss!
z3t5ck;?QMzv5NLvaBGMp!eLCLjQ{xt9<PJ;5#mgit1<Vw3g>Yzj&eL5=F4Q&{`SV{
zvw*!6icw4O<oY+^m77rCrjl5#H(3Ef8DA(5X~G*QtEXrxlg1KY-5TK_&%w{D``b(F
zJpk_E-{#jl@YagwUu9`2s5{_p4pk)cN65LGa>DhTG=9lSnj7?*e52!^67Grn!&NYj
zEypE%$TX3L%uk=ekQq05;<(I|spDYCu#SzS5yLkQ@`zz?Wup48TK2wwIbyOtvl}sQ
zJFFunS|2g)egD@HGg%rjduFl`^Pa;rVp{yv;D`we3LG(us%=ILkM8s@M+^uQ|6s(t
z<S>nxw$*_n=3C{TjTp|GZeI&I`xRL-g&YuTJo#IkFiHx40@Wb|hA?ERCS0cKtkfK}
zzp8Tps^!!WtLOu3E_hQ45hyCeDmnoM%m9Q4rG!{TFK)jB>P8a5b_ZKUH^4wVQz62w
z54MVa;+{_-0zQS9nn27U!2E)k48$BXiF?&Z8;!KzOtb@v#a<3XANI4^^9frpKe32T
zwM70H$a^g0Hs_IC3gj@$wWJ-1JR8Vv3)xNNdx0EmAqNwAD3DKBzRd+DMvelqW|60o
ziStk(-v9~S^gC`Z=sP31W%(iAT3e&lfh+k!=PK;Wb_6v;O~XvT5jOdh?J#@k6dz{$
z92b`8w<7JRiH0A)?scRcH_?tDtr%%1O|)Z3dk|@-O|%n8yUlUooj@GY6q96r7HJ)k
z7HXn7P@;Dr&1s^ASS0$JPhrdZt60kqvlzRj6L~U_@3fHT6L}Pn=UB*#iF{R+tzD#_
z$Sxqyw2)^K`A8)rKWHHzJ0}blw*%myWz5}FhvioTd5Fad?_DB43FOyUg5L%KlVNiv
zWN`y^5WM8AuDCSq{8tfNJO1=*Q3_?oYBgV>yco`Zxca?mU$g9*S4583-+l$cacxIA
zuk7GHilY7YK`!Q_iQ5A4+S)r{Pq8p}Z@sSRpTTIgBjuNjw|Q}@{^Hw>7e{MxUkT~A
zH+uq!Rz*|{;Ul%SRL{3wmFnrx%bnbTPm$W89SAHmfRWlR%FK8b-RyTgy0_lm{_4eh
z&GDGqj<DE&9B$vR{l^a%w~vr)KN86H<9h9z(IE;ymGwW&Wb3RJY^5LfP^?l0VgLBu
zj1dpB)Eb5EW?Xx!m7S|~fW6M1aRK+?4G*l(?mru@&*WVV*T=L!sDl8VewS-q0^c4K
zw&UA_ODhxH4sk2F>UYrfD+*qW*QXuDlpfv=<pxB>^SkY%VYkDb5hWi#jQ(i2(k-U6
z@Kr0Jw1^*FL}?K}I*-yKJVp+sw^2HS(mY<JPXuaXj8Qt3(ilb=gJrV~juDSK(o?ks
z4>wox3)bZQjuaAhu-1Dc$f^)=7yPP0R#nT$!5UoCI(p-(U4_rM4Vg7wt*U_UfI>D>
z^*3{R{X?A)h&PtC5vn0W?>^rj17!qbSV17US~97Vj9Wp`77pjI(b~r!IY@oyL+8{{
z@cRa#HC{M3fo#f4S-eNf?E@sY(Cc@-c2h+JKW18=M*emlU*csLVmN(zS{h4*kAfrT
z&s++fxnPLZ3)K=X2tY^5&|g{(z_SjjWwcbwJaa97_)zvTEypjAs~4p6sCs5!({lTm
z$u7Nm*J&9aQ}xD8*Q?hFt9Rezv~ha%8cEgL)j;*a*_Y5gFtpi5tX?ElFI=x4$k0aJ
z&XvoKskn{cE^p9@IabHia{H*sMyCzZp8JSu^@yd@GABM_blS)kMy+-<P%Ed=X&?0;
zh=D+<R!*r_8B(pfQ>_+Lt%T5@0kz7o`mdJTM_+d9wHl~x`H<Jj<qqAFg{KGn$F;P%
zQHgC0R056w8et_?w~s+HYN`Z~L?tFjmALl<tOWYBmg^w{Ch(o5)u*-GK47vjUkuRd
z%f;_0OYfSF*fsaFEWK+EG&5>d(Lk-hDTii_io5#hM;}ltO{!I@RI7O#WCz%CJ-$FH
z)GF2L09$VB04sG(oOVUI=o&Rs>Y7-o66+hN#4e+2Uc4?=KhA+l?2;;xELEbaOm>$o
z*Fz5^LnV@}9<$}P9<$P~CRQ8&f#{m)fxjAzrcPax+tjGl>IP~BVK?blGq$o1`e0M7
zwn?>0l4^ByJ=Q9@5%MhJ6eK~dctC|ztVN!vRS~93s8&3pEji9Zt@>+EY!F@Z#e=f*
zJnx{-niy4C(Lhz;CKo4G<+?%GK^0V$^-@(-sVd#5D%+?kB9eg$RpB8Qb|C9VL{;iA
z4e{mqZz{|@SzoJdE{iY+gYTr4Wlc-r(Z@0TI;&DEDKva+82xU!JaTJ{>d)j+;n8Pf
z9>0`UTlJmUQzJeMXV)-dYXYV-h^<o2mJtKJpVpJJWr=|f%q(eaFr(4?;3ymgw=SSw
z2ID#iyzEQXk229$Bs7a`0Z<PVdI=>dV7Hsw0{Bq1UrG1g=~2$n`T$}tzpch7nrCB#
zZYSU+TNMhK4UgKxZ<*U*1vMO`L7fC2D`GtshV8bRt~c004kY+@EivA_%O^L8ILusy
z3_dsX!f?`0MdAyqv2EQjw(`n}KgK?soMRwn*fv2#WquKa6ho{o3?(=o1>G8mIi89s
zPW*1XL;sK*<-D&p?fnRIlylZ==cFj-I~+8>=)E@OfPJs+!fu+`1{u^a*@==zkbyeU
zYh)V$mk-O4vK=E>Z$1Ap@2%J%>aE2_Z*ga&&sLH{6SYM+RdNS4ZXGsmyc2sXlI{wL
z55nHUziWx%=Gj$xZz&XoMWq)~plHq|dts6j=N{^<STWc#^xkp@VY4SYv9}`Wg%h0E
zTkuJn-ioGT8T4H;l*n_M1Ds!@ZG0~R0-PW3F9$ehJ$A38=8q4exl`}45BAyjn2I(6
z^T<XZ8I!#znTkwI2%;XNP&PRMJ$6$f>#>>-d5^6SJyv4$7&n1y_a^pOJhexW7?#w)
z6R?3-Q;(HUkFDl#{u<=9`L?ZkXJyd4*3-K(=v_JZt_tj|Bh*<d&?*BjPr=U0qgLNW
zomE0F+(n%QpS0<$#Z;`CzDp({@F5482IjaofXq|oZO+4RJTxg*(JFs$rF;Mqgtz#*
z&RcF!O!3XRjRlWyj)8Xk1rafP%Lt*Pe{&Vi=b7aZAVZ`2`I%3+_B+C9z_N!>eDi8-
zi3o*T#vD$lZ&Ou?DIV7x?NYD^#WjBzbhNK3T-nv;Pp{RKv;Gid4mL8cXPLkA%tRw|
zm{}_{1uRN^e`=4ejZkV*>jR>i7Xm32NICTu1u2zG05V)zWsYYqNBm~3^JuW~!`43f
zdLLKuuXad??0{$#JTo`gn7y^fsn~kC*o=Uv6g=}WDh6wVmPExW<YEtr2oG|mh}og)
zIYj|MEU>5Lh!i~M*?`~`JhN1eM8R|32nbriGvARTQ1F}&0)kcW%uRCS37#WjT5OYH
z-^igTc+SrR+abda$}vlL&YuL^CByy>2v@>0&r)W!oEc0m2Ssvb6S|)_Ue9U6b3k&#
z`07HKD~@nbg!M>0!g}msHsGHLlXcy?^~x=WAuM_#g+)(PKt@ieOzfuAbU0$BxRBCa
zsi{74p)yO3nkjCiL@PBT{xVaVBZYAgeC$GH-a2-n?>unaOlgIbD;d|Oh#f9oO~&$0
z`-^l(ov;nn{>MpMyP(JM0HC_Y3$6N=DYn5I7{6c((roW)U4gW<CfaJG%|lwbiMAeT
z8A!8@KQS6<pPOjgkQR%yZ%wovNQ*$)ZWC=6(iEf}G|{S&c2M(PFjmAiq#ZZWjv#F%
z($1P_bx12gT8Js;1E0?GuggMOGZW2;v}B~UG11&e8-%n76D=HRkw}X&(ISx+g0!9{
zS~SwM-#D$Wi57#j&yhCBM2kh*YNQP_(c+Qz6w<sVnu@d>q>VPwl8`nAX=6;ZWTeF-
zZM=z=YKfuo{wZ8`K3&C@oi{9}BpZnQCXiQI$g5AGAroJQ9$#e}0OKtgb01)qSTIWo
z!`G$3fGM_MUXU>zR@oj2JwX`0P@QBlb4{)VlPhDs0n7sy%oG{(Hel|yVD6SNe!zGv
z7_W@EA20(fm;o|oC}5&3m>x2w(@NXW6zycpnK$8()`DpwV|D_j&T_C-S0`cC0OnT<
zrbfoh2aM%n;rTmd%p|~UwP3c%m=S<kXThwKF<k)jss*!L#?-&TFpDgh#WLn6z|6H^
zd@|;Jz&vEZJR)Nj0%n2*GeO2o0}Nadtc%J_Kz?OPtWq{In9hZk>}{o=qQF)Kju9^v
z$B1?2Nb_Ke_EXKkAl)1eR36$JY@5WgFU4$#BkkZ%5dOOgJS}|hMQ|AocF)=$-6=pi
z=MRg1%(s?RT1F~2J7hWe0k0TNui#htzD}>;KgXW<ibQ%vFZ~sb16~nKui#e$r_(F=
z%uutIzv43mU-5g2Zu|&4C+){7vTB6H7nA^<g;qfc-VAFf0V*hM86|j3_-84>W2DTZ
z1dj<nixNCg%5+NbKq+aI;DJ(-Spv)zlPHtNNEu2AzUAw-Ho_3fuV566`wn8c)`Vz$
zH-BzTgdv72{1v!C)DNbLQT?EOLrAW&siXw&wNENh3{NJFKq?gjv0PiS1~;FnM4UiG
z5YM$)YlLNDHo+zkEQ4VD+&6iR2t{%u!7>PzLogn(q|X`=iljTiatM|uDgv-3YeXm#
zg<yFE6ZhtUc&;6ISJ+Sf@Gio{9S|j=3IHpASHvrMmtZ9XTP*Zb09!<`9L-O##RMxQ
z7>MWE)OWF6K`htCv4q#ZR!4wXu6YT;!^{kRS6F-Y<4<@9=Z!mp0pz0!DzYQN83J<2
z-`ta5Sps9H&DMSOp13_2FXfp+-HbC{`~4j><D7$;eSWH)kG~+;DdN+e`qL2o=`#H(
zOn*9XUOauSKdsQ8p46YF=ufxnPgm<t9rUM@=fqR>ISej8YRumH2I7NXHPn25{eAbq
z^XrHm4WD1HEc;jI@eRk9AN-^3q5FmTpE<<L|F7Kw`5&{rVgCPE|DX9c;>*wa;a~Fq
zWrCUiYc2dQ`LbdDd;WL+jrj5(@A{YgUlzds+^!b;hc7N-|M31lwSP!beP>kg^zlC$
z?v1O@8b?+Do~o@Fpdc%%5%?p!)ZzrT=dR9fs^(WY;eNc@+CHNS4`ny?-&|Kbz25g=
zU2T&MBm~@CSNQd;oe&KJR=pG2l$W_nZS5A-|EL?4S)Z;0Wmd54<m?iGK!m+e{&kQ3
z<ZZ}n`b%_$Xu)1zyUD0sddaQ4R)bZ4rc=Yv?E~Snjqa|wg?;z#&F~{GN;d3iZdLRD
zV4Zf88)`|OS=rrLhEvYy0dBJr!!e9u_uatfH$S2RO>YWNpnb$MhZ~uRVE@K5?>1_5
zm#NX_aX)L|o^g2XOWXp8UjQhhT=O&Q$s?PP%?Nq7MXh$HKx$ek`27RJtUu#Ux(b>)
z0tN!aKk<n86x99Wqr%|+5C2T}DE~|tA=#POfsNm550|Z@D(0}OFb}8sXqeu2)Vu^@
z3>zITz4okfiM1_EmF?&C{o(=7w<_SUkv6=PJ3@GTf6(V^TkG*kX#8o}uj}Ivm{K7$
z2V5<}?-x<|c)XAsJKP%tR?~ZzGI{i7fSbpgF@Q>Vv%sK;<^w4VtXSCi7{SB1guB*_
z2#<0UL7-><Lr&HAkhqr93mvk@>-$UltmDCYFed8YP{=SGtcJL^kpBi}pA!_K!n0mP
zm8iW{o)1PjjvgE4DnB>Mv3JzvJM;F>8dB6Ic2sf7(NULwlaRmP<#B8tTGXb!XX9@n
z#}ZuA9LI*ZW`)Gzhw3ZUxJp;S6TI0*N4fI`U9IHQczj1a8~23_^@p@j9d(|Q)jWnp
zu-AVpn>u!SHXaW1_%?es);1f}=M4J@d*QT@@O0OVPtslEx23yw))XFc6~e8R3H%g1
zz#n3i!@iIwzsg;BD66`r2Q;^zHBw$~RHQ@A-+5Bo_HKI^kI{Drwmutg*!-;1{VA-;
zkElGp#;5AW-<tv3m;ZQ-eW<1Mp^b$V*;gj4ck|N2m@wk7ML~3o!iubY$6VzVs$++G
z`7Sm8;W{O|QQjcO`Rsmb{)q6PK3}s$p6jVi>J>NF#pnGxOZDI3jxXxVMA@99>g79G
z>#L6KEMov?d^7xJm}JvlQ7~o@>;BVPv&Z*>tn6hpe~a4XC4A`Q*R`D9j?F3I+?hUq
zADi0S<gx!RP~*Ou(OfO=3)=^!CXc(!{SmGf_v_WktMEYf+D~t_hQ<n~`!U$>ZZ?lh
z5)jyAhxPspcoS<#@EU;83XzO_aN+G0+tf0{RezhSU^d^Xe8(!IZmbJd%f9#=|EaFG
zx2gH3xI#652ji!wQ{8Y4#UxVWzEfQzerGF{>KgL9S{!nS|6Cy+QEU~2n%V5}kCLx9
zW32-hd9$IwSU9cvnzi=$5|sr1D5uZc+L_>TC%RoNhqZRIVv&r|){(9|DiT~R6WyMw
z#7KB|*3D4fcPik%)0Q4zn<&-i@ZaoA@Ua$ixjk-H4zA4g-yG?I=mf5o32wD2Arb}B
zEj)&iH||vSCP<8mJD)X@eJh>fkGVX)W>FqrSOQxE5}?5tYd6swJ^q{68@*AHEIEQP
zHbQ?T8}IB*C$m4sIr5jc@f41Y;dWl%IJTICtm5oCG>neK7-F4jatFOG=0tBrYk%_R
z`oQ@}*efpP9d+E}tLMHWWYD24ewI9_Kb)F9C55{i`6gVZZkRDK?V*&kso5qE>M(LC
zkLEKM%!)PdJIF<WO>t^KNP%eC<9%3E68A9SvE3_Co6l`!u<PLlmZr#3s9*`1NS~Mn
zOjN~pN}D`BQ|Dy?d2{n?H^99fWt_S#;EA?`?~A;?NUtwPKgF!z9|}#sLXpD!hlWKe
zdaz4!O5u?M&<bHC|67U2=M3J@7cE5&=<rg6Zc#vv&)w2ux%Y~S&Me%W@c5UlI8Xe<
z1>!%hM_XT28?b(#HLyF6dTfoW{w;Zl>s|NrGt^GJ!|ofGnP%y*@*wQ6NWH^$t-}uE
z5dc(-Bk=Ef35^1@6#9B)d_-ndd^mhw|Lm9`bKk_0{J*(9cj>!u-wfzu>YLgtt$oA8
zo!a-!p>EVS5Qt^gQloF6@%g=MJVpjJ--}O+VK!|_3a}61DOf{hO@A0d2TU<FB=_lI
zHR4`@tVS_dqyKHf8pSv)HKM>2;r+1+c$Hh|Co!0m;!$un`(y{!C>irpk?VdPx=C*K
zt6t<aDv?Ip;rqmBgVW$LxOr8Z`*|zA>jqY}AKpVv3)d!m{+<|jo8Ge<ci$+AVh#Tf
zZmH_*EsGr&xVaIUvogM$QnTOW<K2{JcTsBYILl9de%;PB>(45(W_^*uweFuH?L`yq
zIYmBn)4$T|ob9nwu_;?etLWY|5k8Q8uOZ}(gYzGrIn~IVVwU_KCWqt}+JQx&@3uJ5
zOw~P>Hvu5U0(kqpc*9EoD7857yn0@|ArAnHL=;u(y$)-o-fOW|^j^qXvq$p5Qgko&
zww7Fhx0ed{;uvjnsqB#qzm9jPNISX661_;QR#GY)4(65$hlAWw?y}%2`~XHI47-5)
z!^t0a{2KDdty!RuBXaE;(%D36*OsEr=F3d<P^ip|5;|F4&u(i(JtNkDGLSP4yq;T%
zt_^9e1ka+#fu#}rDn?KV?PSljp<MHV{8ug&@r}#bQ^8LVLZ@C!g0J(hta}$Ul=a&6
znYv;rT6=OSGI<3tc{%%QUQfZcn9DspBGc%oOUW}+8@@oFSEi;-OXrT6Ny0Hx%qM>|
zqKO&8HmQClZcNv(uSWRw2^uFpv9)GPzSlP%r|TGa;$c;)aSBw>VC_}e=uN*%jH}gX
z`fDpfr!0LEuVPWlCQnRH%bExazuHkP<7+O<;uiY)wPB4YWC|NPZ4-=;I>1IM+G!VK
zR3X*(z3SVf&0ZBjNBeZ~WF;y>IgdG*&LbXI3m(@KkC%urMrTTpN4CCXrcF-Q+1VXR
z5l<L9cf=d<bAX*>J9hqBDX~+5pRX3|XbvOdj)+3TR}5Nk+lV+olS}m5YYwN{!~q&Z
zY$ZWV&YUn@!*-^k8E77#weR4YJ{8m(A1!u}od=JpCHNKg8{kY^47b}9KZTm*%Law(
z!EvCXNp#E6c)aB(2Ca*df~Z!>K}PHxaj_WGYBANSwO9wAo{zU1d2|WT3j#%%ApuGQ
zp@d6-5X=bN`q@rJ`)w6oXSA5uil@*%<1w^PDY8)^*xH8a9mE!yWG{(A^Q6&Htpr>3
zPas>!j3M1DePeiJUDI`J+eXK>ZBIP0ZB1-zVjC0Nwr$(C^W}ctudnOWu3B~a>_7eE
zRPS1=BqtguO$}9@4>_x|C`=hGC*7l127K9f`!KpuJ^`F8wW%?b)uC{`vItD`${)og
z0tP5j*c^KtS*DVO3<;v?B81a|*u>tTl7%#_=TL})33=mC9v?h;1^bekv7_sM5|jyA
zX$BQ}X$sW9NSA2>;4#rCNHZ@=$Du;mw&#)C^dJ{R3({Lg`8BkaXe~kL{#-ZQBG#un
zqc|;k@5?Gr+mQ`h{33;!ef*{AX*=Z}WHvmaJdIq@M;BNFqrU|I%syl|7oH7!g``_>
zS9*g~q2wO6>jJ`L6@{~Cb<Gel<IR1Ne0KP(Z%>?x&*8VKy9%N~7s*ku1G-_kNOM|2
zotmRQuZd1ZO$7|9MpFRxQQDA{xML<MLj^pa+2n`vu~T4A4x?}sC!m)wHRSa<MX!@!
z)K(ViIB5`ypj^czI(wanYd6NXSF=u%nfu#mC9giw3V{|)Gy~4*hK%yCINecOvFi1x
zm|e(q&+wgyp1$wSoQD1k;q>^2(*Z)q%!PEW6qddoic8IJL-VxhF~siKPNjWpJfNxF
zUP2TlykJFxDZg86E5g}1-V45*EZIISDkHS^GdI{KAe^1RLV(C7BAgxBf{?_fEu0<Q
zf`Rz|q}+lf$Ju5b<9;&#Q*vX6`9CGM^T7X8a-$d03J+&Tv?yVBS|dTdlq&p;YB>Jk
z&f@!1u$NCqq>5R58-0HN6>IU4gM<U^naAjH;?9Ky`oQS<sNcg#CjvUq1On&Q&xr-D
zqXViHv$sU=f@p@4xA`~i8fl+{kP7WLtH$6Ba$x=p)MEr3H3u9BWZwzSC<^He)We1$
z=!<XP1_ft9>zB>F0}15JTdr3!dAwF}IQQH0+tH$`)2fwqIYx_qvhjAjsP!rR2Vb}O
zfts|d>|Ce~*f<**1FD_&adruEQP{yCF(bUk!EBa=H_m?bsfBLu=(Zw}*6WgEdPp$*
z&FgH6%j|4C#*6@nDa<9PczWe=Hv3rTtw<Wvqcs7cVn*zLB?j+_em4d0&3uIf?@c8J
z1skF+5?Tr_-Va<BwTP#n{W5MwdoL+9sqy6wd@f>87^ay;TqIlGcRBoCE?HCi_1XyQ
zo>+?Oa>khU#;Oc?vXI(CSuwHz-V$t`I3)rAA8J0{H9N^a6xrxH0?UlJp@SNoM-Kjz
z+F#VXIx-LGe5s1QMieKhW3OFd8?$q}JtcPLzSu00@r%~WOR8{7JOuW{tzYb{(fHy9
zE#1XB5<2C<z}1tE*buj@_Ev2%HKi%P#XIi}o_gjP_Ik@!rTa;!kbu<SEr@*w-Emu$
z>~#^Tm<Em19$~u`5b`xX<I)=we6R%n+9M>-2|c5US|=7qbUHN2froY#9<FAx`MzV9
z7d39^PK&O*BWQ=ZW;mEybcQ9863l}r6-xe~Y9BPN+kMHN&_#{!v$vfh^;Sls8_!CB
zTn!~BSg!uGs67ZM>6fRqFrX1{tVM5KTaQqRZz56W2+eAlpYI*a;+D|&8WJn;*crSf
zd^T&u6=|mJPl`a=QCR<4n*MmBR8X}V6tA#wo>E&|^_f!h!H$xy3UKVIsZu!ze$=T-
zX|)BJ<7b@Rl1Rt2K&Q~+nlp@RS`=LmYhagrUl1)9)!Ky2Y}yokhqGvpf2s_Jz|p(U
zpHFi(O0nEOt`RF~6!UOB^{C}W1oxW<F)s$?2HnXd*9hP5(D1?sdKm}d%nRkK$esl1
zUX}RX^@|0rSqIq}5@0<wp9VdWu|;UmB)nTrmKOPnP-Z&dnN?}Q7;Cbwfe;>W$eZQi
zMr`=a+b_e=cW9X+)RR;(mWf<hnL&xskaRzg|8Um<_3I=$f=7Wy8MBGRh57vXM>~nU
z1`3mQQyuYGHPiqswCL`H)E+-@?O5^B>JQmp+~d5qt7WwHM_@Oc7XIIu6Gj>5=b)3i
zW@cZYa%-xJ$%LhzboU&VR1E<oB<A8RD`Z`2=>t-Tw==SNlq?7%3$PYsOOO*M$Bobo
zAII4ED<~zHZxgzosru#qX?)o${%PLVhn)2iI4tiLmt$#Y%0k(zqz<R=B`iG4<OW0{
zHU~ynRNDVvBlzPaW|#?2fcoAis}crsXgtRB^Js|aiW4qsXBuo-dmcq4g0KoH%DVpn
z!B7;MIXQLO4n+oTp?(6gyKI83W#ER;;1C5xgjlIb^zF9tH;IoI14FI09rtP#hK|j0
zFhP@*3gLR=zwXO5=d4R=R<vc@m&erQj4F=1$D^0Gp2uRA1r`(VDh`2P4Nb5J&%K)K
zpN@p@k4G*lO$2Y}Fuy~lI^A|n%(p!;bwirEe%zDCXZj8}^zQ%M-v8Xqr!4`kko2?h
znd#WN)%OaM5cLPuVmu&;N`sXt=$?C^mqn15ETH%`QlOVnkd<=KE3h5}*d1+e><I84
zHP{_ge0wS&b}TETZ@G^5iiZsMOU+Y`+852+4EH_FS|XE4_}_8)jSH=F0c6J38W7?W
zY?T5`YmG;6B}*<<D=sdnG|9!uP6i~S!QiKbcyDa_e8TTL`;i8G+_C4gB5rq&VLu$u
zy_{xqG3CZP;oCPiSO*)N(H_jO>!7?edY4MvzI~qFV0N+o{NG6;8wiVpV9WKb*`<j6
ztJoFgsP7Bqs<=#d=f*Q-o7hv=Gg$CUctfIt?cBA?<ik<4S6qsZ3djEXM!&YN*TRMj
z^GBv<(bRis`ab8+b9M>?k$h|`@&5pXp*v>$d5o2N3MDsoU%nP}J;b>W6hdacZ_7AO
zW7S$sAV>=%9uZlO#8`{w`#`&e#opdb)>uFOEcIg#EnhEn%Om7|+=y(DA{VgHC11s_
z5YyS*3~~>0ww4VviX-r>De-WCa$A&h-IczuZiRNRWuAYBzSKj^Rl;gDCp_M`5`6Vs
z2S<21%(~pSyA5b|_>3T6f=C{#B(<zC#_ut4*ed_IA$Mm6lYLE)tD)qrjac$fr9nQ%
z1PKrZCivTc_RQUPm2K!;wXdTUL-DmSKxwY)*&i&}0}-$Hhx*f1%l?}o+kDHG-p!1%
z>iiK1G2dDg$xSzQmMa`NQ*?|miPPaM^WY^OwL>9EKi3IDo>3OuA%Gow@)#3F-cQS}
zEtg=-=WHkQ26%vLSD{XiIrI}NDAQiTD$4h}`-$RM2SHml^8h>3*x#|ORmF@HaTO`u
z8o-v2EKe$H8E+9DoC!`*$$3D_M0XumKhe-2GG#em7t`&=X6yNMnEghl&+)IWRj4g)
zmTh`eZ7DtL<hT0{UDqC38f%WVoeic-_q(Px+Y4%(ocf0<xuMtO!1zj8pg2bTE$no9
zR}Iu-m4&3|tf(h~1wmn_VLqLh7DHhr<E$?EC&!#xnt64?mnV8jr&WHZ*qdEpr(J#}
z@lRq*uHmupTYOC%^-^Tcm$Y(DbY1i(?QNQ`s_8uSIUQJeowHUeyR@L5&*_AY@zdbw
zjNa9RKDU%+eob;YAdTkoqb)+0V_k-uHW3t?-S}I1Q4Vqg)K7+PY*pK(hX@F+Jr|)Z
zc!_vk4f3-Cfs-!__(&6|+@%L`-p1vY;neRDNJAf(c1F%58~BG#5myar3PdyxGBO9;
z3`{f$A~_H24Q$`8s_Co6xQYXWnAx-;m<#&#2g#PG2FR9^6i5$P|3|XS!|xrxEogfe
zMk05cID#*bP$cqimQ<grMWQXr{2@~wrL9D%+h6AbtkmPiWbza7<rc8u8skbIe*V@*
zJx9_+HiX1nAN}b@{F~3s5nEF$dX3=)_TyHfs)0F>gu>2vnqO;0t-_c$&h#3i#%}&P
zqIH!Ws*E`wwQ<J{zYktF<jiRjmhgX*g@C`6{NCKY$eBA?fd~Gg3e2`!5jeaLh}`CY
z&DW;Vvkw`_4vR$?CGd{`kG=L>Zj%UT&|oh)US@OPLs0L2p~lj)`%QCyxIXTBsk^OL
zLAlGeq1ArW6NoVAOlpuSyA=g_(ZEE=qza&GbIJMZ;d}5syp=J0Z0~)$e{W2@G(Zpl
zCiG^393g529YHB7W+f%iq=5^D3|;%HK)5I#Lv@k8vEk>FytI@IfG^V8WVNI!V?#!>
zxjf)G&UU)qc%R^ny}AAT)UDn=UlyQtnojeWn%HQ4-f-GF_I@wA%N08Sy6QA`c3E+B
z7Jy+ejb*Y^HJs0~<4=5GgiwN^6l86hc89Da){NtUkOTo<HO!Rwkq|M$%&57~yzm6N
z|C>8O6!ALD2GZDPa92&X{y8>S*#0#}hS;r~C!Xt)mk}Q-au)yW5TvfA%X@=TQ$Wo>
z!V~@>G(-_AgZ=C*U3W`_`vUpmgB4ustgFwmkfs@8lWJQL5V$T@cgSE3(h8q?@aSWQ
zMYDZDJszFVq~1?nyX7E5UfKCwJf%AXN5BkjzTxHCmqiA>%_g;dyQ%rsrB;=)JfXTe
zZdrkDy2h}V|DZ5DLsF$!P!yW8<-<(Ri7*_5Qc*ShCjFpJxzAwbMJuc0TliM@7#dsm
zbz;TJ{)yvY4AwbyHT9Gl6*XG*J-lFR4X;{vimVYLIvMC9=`MRTnOae3Z?**Ra8VNW
zHEGb$8EBaMG>d)?fG_?s<fWQjogBYc6(_>M7h`M`ya3kRF*XBnN<6T**T==v3b6TG
zeqFAPH`(%xrY=yt$R<h!u)m9Y(xf8yy2;xrb7+)gq;Q1o1I%F>!PhVWB2D3IxO$h(
z>@USDP>Zo5tF5;&*KuNe$`8?dGfXTuS?natzJ|Qkkgjwf<J=}A(*DFLc*?yru+7bu
zEV4;WO7YXJpe2mv_v@Ry=a03I&XFYL40BTAb)LEOmFo_7o|)8X`GeA>lG18?c)_O`
z4bM2#<d}gKRP+zk5wgcbk}du8o9M|!sMaQv$T`Mo%22J&n$jhelE-OfYKrIF=M0`)
zM!4=Km!6RDnBmy5Os!gWe{bZ~*!9ZjHpSSl*(6m#w8?oM-Dit?i9fYlvr<)ZYLU-C
z<HpuGMpU4U{VAXoj878Nq)Aj&HvR&X2Q!~n$@P54)SX3Cz>IylhmKm()ZqZ$aZDc3
zG#SU1@+;y=JfTePl`yJC2x>Xg7`7q0pJE7D=iGByXnXVAq`YW=?a?r9-N^VM_892)
zyin{QZ+#-&1;SGT+}p)Ebij&>1N(+Cf@6dGfD|>3^8G%~lT4ah?=gY3?&*Fg$*_}9
zU=Dhbb}gX;%Q?X(D|GYK_qVb#grx#Jz!FdSQ@mGb;oq!<K)A34kC~JG<~k<~0-dv9
z7~&$|G{zvq+Ui+7yHF;SL}FeRy!CjQ79Vp~S+mn^I^#xsuUX<{-H*Ed<=u~yUejM{
z-~XO_LchAF)#;S4O}gG}R`@2>@0ke>yx5FaJ}1<fk_aEX7B$nWy-1^9sqZJhExK^n
zUcWD2r4`=4-@IIChd;d<S^hK3KPD+{-=_;F;m4f)=UK-8n6m62)ApJC{(5$x{miNt
zO|a+C6@mR@ELjKky;Oa|hF{OBd)?BiyYRhIUM(+o_9oOB5S}>o$l-pB7-HA*tECgk
zlsaEN@1**8&hh=?`SktkS*xf;m$dZ3{bHCXzuu$5ucLC{>3y$937*XAHuZZ>J$UOA
z6vCHHm#(rj7tF7OM9<V}4N)eV6<-wzc0HS;*Q^*uJ&&I+gb*IN0hLo8yM+Khc^d1N
z6dxNzL>O5h{_wV;VjVUhzMwFo{U7A}^u!v<F^k=%m?l21B|)-1gb-y0J*em@XmsVC
zH?VssIE!lT(yiJk@v3e|os`=sflZS&f+lMP*=&JrqEdJ}LFdN|Gv$+K8~U0|6I$A=
z&QC!#?gm@QJwR?QOW@p0U1289(f(d!I^f!*o!Xe{=L4Ri#bgcMV7+S)K%33|3X!&f
zGD>n5#>my`cWcz>r4S2~eY(2YKvh-81Zz<!0m>-lFOqyLnqz{aE|NEqt}c?Zf*gL~
zIZ5_Vs{6yytB+bOOzr$1)EPSe^#A#q3yu}!`%p#BlS+-g@g&+BtU?}iOAbM^PpZ0L
zk^9EcopGcZ8>Pv&u7&f?12eNPa_dZA`JECzO{B^xZ4}$9FRmJ^<knER@U9&kmz_zl
zTNKMtu4JWnTCg@t?X!n(KEAB_=EL^1Vbq@zxdA)ssE#Mdl?UP4Geg^GU6i$jWFil(
z!>|_#E);J(DsAL?;1mVc@PZ~d)4C<dsd#sc9CcjTPrlHWBm-ve@<gUy1jkDdmMdlu
zEFB^+x;7i&PW|!(=o?L)XVnD_NdJmLejH!5S-haezSK}Tz6-O9RVfyam>_8D?a#@P
z;|`Q+@+|i5v_!wfrjnh-cHjKFgFSZ$h!I}J5PO0i6UJ;CHOFEWNVHKmURQLzQhk=n
z2n4KGjyNj)WD%(A>=c`@OeD}X`NxX$WYvvJlrUoJe9>0L68Zd@<#shYgX<U*lT?jw
zyi4aDNASraS8w2mF``wb8T3nZfBD?u={|WTepZfr39ps_+Ve-~wY`e?;u1!9tC|CI
zHcX`mKc)7NkO-T?tTu&fK?i^_I11Rp6$Y{QC@^lpP_994p)i@e|9n+XAcv<l3)<E3
zbQ<Sz06&DZ&7U(owE640x&6rs*5#Xtv@gM=f3SUGdpK*EFDHKR0qbN=9#%TS==xL;
z^cudaV9*;bdBh3(uBnOQ_XHh875dPVxjF@ezX!bV?DyRKT9}x}2(>y27s>)e4_MMP
z!5i=_iiJ(gTiOSxx0zQ;4jQY-Q@8m*zXklN4b|z$w#-z)3NhKVxyg|@35fr*fwcDB
z8r<;hl)B{ub#)ZQf+=X94!6ry{U+jmMr97g9k&>!5Pbh#B>hTJ@^!5rgGr4SCBR+}
z{wFoqq_^LBUoW}3=q)AVPUmxcdY<n+g{dH7Uyu13rI@qu4=!$x^pST5tN8KJN%kUp
zx_))k%Ba1K^xcM1ny$T>L$**>OPUx$#z}s?7KlgYZjSkKA2RU7PS&4k-5tNj&^c%-
z8?kv)H8^1d%?08K4QU=Wf{!pz33CMPc9Q-9PXnkDIRD<?>uX5#1aHb>e+*P8h~$+A
zS)SZ>cm<|S?xy^_If=g$CdHeo#zvOX2*lae5+%Ct(fHxMfwoT=okX&CE%v1FjQ9n=
zXL?R5rUY{_t5R%bnlC}X5Q4Nc>|Om&c3Q5yE7Fg=0D8Pg`xf~Hz#qb^OnKz+<N(}n
z>k2TuA;>}M>Pv!!<dCtz0DrA+u26x}>`}@{tPDbDh^IzjME~kV9S`G2o}XV-JlnSf
z4M2N<B5BaczdgTeR0p|Caf5CE{iI(3SMLljC4dE3o%Wd(EpwBK8YS)$ao8zr`@_FQ
z+N(6Jq4{Szi5FEWFH#yGw*R^PT<7Mm6Nt0gh0=R*<(R^!K)Kt5O_}c__9UOuIl-<%
zTCuZn_}X!wSOqop?qeE(R-ftPVvn!vlIWWczG>RK^j|FZ>9^V?D{BpPx7zPf1@rca
zhxPL{P12i}u~u?UZnd{#3*V}<0@SB^UwsP_T`d~=@hu=7vYO=eeX9hUDUVMVJeAng
zce82WZ&*j<o`K7e#W;K=fGtFrI#YZps^I*54FN3X;n4nj67IG*bA6!}XsTPvx~9VZ
ztWAePh=%DaW!C$2BjwR2b#5MEWr=2moGVodHY|BxgSh78_zYzW$Y1K`G{rbmFWFfR
zqylp=+69gPbNnp$R%e0lG+2XwL%%2sEQRy)w16|j^%J&BW25YROKx#KV7|v!b{?=q
z`o>0y&T*skI`t5hP@m*LpB6cS?*2hYk6}6uPx0v$NBc+mU?U}XFmcygIv*trrJULD
zW+BN=nDJCkc3iRLQQ$aQOT$-wPLN1giu7lyhH!z04}~(_Yn?8%mEOFfnV#;=5+cuU
zXJ@?*MWZ=W8@3)^!541aq1yMksc6`GL=ms(Vq=oMrEvh7t>Lgu2BjM+rk>9AffL-K
z>n9j^QoUD^wS)>tp2+(GKfTT2T`LiBLoG?d@p5C+1BkAI#p`|T6Dd0NhJ^dx5RY!`
zPQ<K5j=%DJW;My9Rw)|EpJG!dXhIqQ>~Xh5rp;KM#YIEnwBB!!=#y8$h%+ZTA!Emn
z*mWP1DI_-#San|O1@<w7o<REAZvoOb^stxh`~SrA*1|jpE-!aiw~*@G-g7p#?9|(9
zn`zfP*;Q&eP^Q8&CNB9nw-Y)iQ#<Fp5RBB1fS>R`<<Kk--4X}r*LfhkGTim4u(@p~
zQu&mGj6!1Nkaf^ClFShTru@iVcp!OLY3t*T&BUGM|Ahf5B(N-UC&H*6;jy1|zJTO7
z#Y8v#<t;*Rq_dL5H*6tA(lQG%!9W{?VC-7Fz)<+^C48JwMbA6Y&;CpteDaKhS%N9s
z+i<qRn2;kr+CZ~r%{GXRO^rru&uxz2+&>w>60}2aee3p)0Q-VPYeSQ|U)nC<#5l9p
z<9G5}#x#pDBTP0evRQap=r{GvbfDKkJ^a_>62@02>1%6Cex#$8X5cleNoSD!X6K4u
zRv$54W&E3J+nxFpXBc?Y9g*Toj^PE7#;0yP<+U&N3nlBd`Zjx<o5gpwU0`>zSa>^o
z3nz(3KwJ)8bKdsoQF!Iqu_G{(+|cNqU#q4Tp5<*fEWRIA3=(e;FlS`n-7A@3aiRek
zk3tH^P}`!c$Pl*|8a~4M3-5!yMKk_jMD-B;7hOJAoSFL`V_7ape&a!J)CPl69^UJ}
z!iHtjqu*;oF^;CIHKf#$=an2E0as~earXTnr@BV4rx5#U@eZo4?gb8!SueLoVvDKP
zEh+w+6Dx*ZQigm6GFXDXxP-Po9FTu&6l<7-;4Q11QiG*vfzB9PL+<R?IZP#TcQEoX
zv4}28xi%OJrgsK@8H@y@pv)^nu?%1_j3T*`V>}K(*^?yO1`|!oCt_mnC7$@-*~_q)
zj^GJFigqY6xB^qSc>(JyGQH%rndvfSV_;*auuZ03((Cva-N1BsnUd5oJGf&N7~`;_
zd0Rcb9p$;4w=`;#E#>lVlqP9<Mpsly)>?krAEz6W*IR)+P&8E*N@2Kcq`dr1H83z<
zVPmFUGSt{Y8fAoUbrtRytzirof_lR}UX?<M5^DGpPSOu|OinZ6`pE2e;n)|tRZrC=
z=ZfD?OBn}JTn`Q_ik8i-As6X!0tUNZKPT1{0#QDWWmv=QR}o{#gOZzc-?E63fOMX<
zapqOW9r1VlO(yF`1wGsb>N8`Ig8xOXZr)r${h>h*3o%NN2J1QwmUIT%7!2lL<tUgC
zy5-(3TZ8O9@s9u~p)^FQtWe0GNNE8MCaxGYSF<QVC4Og2dBToJW-si{cWC~dnhCMH
zTqeALG|Men%{FYxPm+Obx1gR$uk;`e&_of%7bSKI7C4QJsCJl<NEl<+VUpU}F8z*Z
zcixX03<8SWN2$zXK(r4j{QCT9)!N6xzya4AeaPk_w~xB^NfpRTd+W^X;ihcdwj6_e
zsI)+%Y)6K`@S^?$SZkCumF!W@m{`5rybj(#|E_at>{9j(ag1~peWlU6SX-o&06P;G
zwal(g(2He2rG+<C9a}G4J^a?pl0D;j^QcAwG{pI22nsM1-a-lJiRm9A{GQOflswQE
z_eUO)8=w%ZPZazf^U|DRP^^MSy%WFQ(&t&=b%gy$;ug#i=1KBlq>JF&NY$!<HZqN4
z>e6d+N+3~qKx5f}jGRq)3W@b-;@Zj_lS{*4Xmqh!QgRt&TF2nxL5Ve2)?TS9ofrOz
z$)u_N7!1l}mu+e`7{~Fwx=p!EIRH%2+ByPe4u-jU6~$|-p(Jvw!?vAECk?l0HlbCT
zr93;ltP-8I;W(JvbzbeAO}5}y+E~7ZN+MuMG-^{Xr_XqrrtTkrC!`KeELr{qG0}v&
zPBZ9RaCJQ5g1pZ+_d-?d31(M7u}LGIj_d<+Y)j494(SWj<Qh;%{@-oy5f?grzOtru
zY!TMzy8;yL48^aOb?=7hiwTjcvh%?t4^n?rM%=`-NFFYOgn<A-?M1@UbKjQ7@jtWu
zzMJrsi2uR31odetmYOS-QllLO2urQAf>1}<nrWjHLI+n}0$@*+9lR1~c)?(Nwa}(u
zzy%aJ4V5^_(WV-LC-TI0G4tXeVLa(zwxNQPa&Lmg436cDhxCnZ;bvZ6ig%I>>xCzQ
z=PGst1k=$wASCPix<89Fg{~PUVI<yU>ie31A_FsD3$>TRZdRI(Z9UUW?t*TtXs(cM
zejbZC333TiZ!{YwHdZb2Eand`*ClN4axXP22Mp2&YqU#gRdi9a$;4@D;weKO2^|;5
ztAF?MQ+$u@2~G<5u6Mu3+~lW(ACnR=U%ieF-bE|j41rSoz1289sE_0*_4ucqNaWCY
zQ4@;GT*YlIqmiq;x~V?Hs$uGxJF_I=T==2#)kp9a8zl`>Ew7B>RFuRr)ys-#D<kG4
zf*P(qzrfYk*MoKF1V^aRp%KajKLhD`lNu^uaqzLx%Hlbdr}KyYESUdhfUo8_lvj!$
zgN#BiCf6`Di^r_ItR^zxsWsxgOO4b^4;XkNhW@AQW5#aQ$?R29_Bwg%Z7nvY92R`~
zFCJxsaxU0OASjFl1^E;w$&3>*3Y5%WNSo^@v@)3OfpNUvyux66L(Om!MQ@UPN9*s2
zPCr~Zg#2E7<KJS{Zn2p@4UsA2;15C_iWuN<Vq>J?R>uWIZLE2aPCPfyYVki>e;Mh8
z`!9p%!%o3ws|6`g0wS*&JDRT7s85zrSUk14qnx2Ske!_3m))afXAx|#Iy(PmXg7Py
z`QwprH0!8F4T_Pthk>`)#fTB6T!P#f<3$S)SrCRImrL@IOvOZG-KuN+?x<$vxwdXL
zJ?6feOLb!(-jznX`-P4{u$dDeN*o^mI8bG*IAn}ss?MOm<b#fh&4YQA0J1`uhmqfG
zdQ1!<0?D`M9r$WXukAK3xJ9zMFk*j#_%`c+S9njq&GuOH&5u&!`n;7S>aMvF^rq8T
zvhwR=kL+{Jv*!ajB9816k7pf+3`Tbw5FOOL4C0?F$Da-DUi<R4r~W6VB6S|anN;zD
z<{uyH%u2N;!cAi1LBI}n@?|NK>QfRphg6z#-81~Q&7;4?i)EM+pM3jTvW1ePzg=eN
z2Rkcp;s^RWw9K?4Bi3x|$lY~89e)~Ny4Vfwla6K|v{LZGi1@k(z#unF-u9Uqea(%V
zF<CKO>5(jyC#kdM|26o-!3`V%=O#Fb9z+t~?WoRZhd+KSaF+q;2uO%#s(BmQ-@@4i
z+&>J=Q9!G}#a;#v-vFJ6S(JhlfZ$V*ZQ}tP&1s~u`cAmm?5_Bm+!jI&J@r*N>dFW-
z(IM3EsZIVe4BiOpX~4yD4)Mq$k!r9F8#uB!jFHt?GH9wMPm9YC9Okho{FYNl@OGHh
zOc1V_f6zTeB9n~@&XOzu+_@vcw~WBI9WipH-^G>S?GNbkT8ls=p+cn17tAyB5m3;d
zX&Aw^|CurUb0Lz~AjvQ_L_ZmZg*-{B>&(ai9GfuGVY1PoYOHI)&l6)qVLFTeOkZy#
zU`H@M{uC`;mxk{aGJhc{&ZT225sscU8RPC15CyXX+%5>SlC-CDZm(j3nH+EQccSH+
z$?zKCVQ5>{(5Zl9G8)Srwx8x*?WUv^x!(zQY<|NWrEq`aM9zt{X&43EV@%${mi88F
zDthZ^V`YQzc&NeVMsmez*4H!nNZfum<FODJ4e#;I8Hhm<u@F>zNizgtM`h-EU~Z|w
zzEP%@^Q8FH%+P^f)uY8Fv{=(@6&9hrW>Ns5UGpiVpFXu<HN-}GCB%JfEyRX;EyNwf
zrhui<Mua!7X*TU!(JFBcCx!_ZYeTg<*M;i{-77szS1A1kW+k7rP~Z=^UGa#nf7s-&
zHUr#IkJk_zvXTus?YA1Sr%B*uYrdEiyH(wG+NBj)g467J&mPI=%*{)Qw&RN`fjK@i
zw}0_hT<z18EyovM{Jnf;&n3`5@wTM>^y=sD0MDtb-v44A@}Im9AWtK6Gt*&RL2rA7
zbiXNwzq(dp=n}~Lw^3}=I`CUUG#|4q<XJS1r||~D!Z`cWNDF>GCi~rg%eB=(yaSJ{
z-sTADzH2IfN&GOQO3RluX{<r9eW%lZi)5z{DGZB43cC2lhV5Kfdu;~mUe~f5j>Gl|
zMRbc(yA<iw{pL$p#+saqlcz*}#`_@T$&qUWYipCXSX)c0fn}gdHOA@QQF7RUL5w!?
z#%?EGFDStuFhpBCjxTDjfGmv{{I7e^uX~oSgxGK1sBh7~sCY%yQG%2$a@dAzLp7u0
z$h_2lk$d|oR7l)Ah^PXbMx(<7%i363WR>YiIU47}JT|_s7FF-MeW~QSm0QHOY-jC3
zZBa-EJCN-xG%L*}XzyhH3DlQ5m+dm@E%u9aYIX)1uwD#}4POOx+5zv~mUUG$cmAGs
zF#j_=4M)Br%?f*TFtNE~#NS;*+)%_y3YOeGYtD)0L|~XyDTsp)52%fM`pWPUUZ1AI
zj&>2Cf``!-y<QFMde83ZvmDBZ8T~+2-rrQ|W1W+(L`ryVF&v@SMP21%Q9Vz67L63F
zya{7zpWIlLW99Q$swG+LPQW0<37zhfAN{J=hpx^wWBZPxIe1Um`P%od*?WmiVRc>v
zk-fNR<8>zeOvU}DZgE1?6B98Bt>|A*>@jo@0R|Y-tHoi!qToI85P0waLC%;b;Lq*z
zN2lso+OhzjDyC@t1E7k|`|^dN^_55;-v)aN7Vsu*tfcAK*~<9J?PgY7WmrqyXY*fL
zHDRgN?QismB_{AMv~p<RH{o6DJ3IrLF9@@%u33+(Gtcf>g*)ww|LN@Okgu_E8rZ_4
zrUK#ueiK<}sV@ZI_9z1g_qxe{%%E>;K3Pn^Ol2;)9mCc=Gz*^C#p?UQIx{k+r}#qr
zns%K|zZ&M*_LzM&cR^YgtUwU<{;dX?GD*)diwJcdouY1}0rtps1kZrzjpS{ss97{!
zE99x{yLF7<OzoOug??Q;&8ISV;&lC{m;-w@{q}oD=PlEItqSFPI(P4(wHBWDk;{F{
zGN=6p?Al3y?a<p+Pvt^a#H)z^nTpMo1BY*+fMQ$iT`zo5`5V?hg`ETAT~DwXr~vUz
z-Tu;-jj+Asb0_2Gb0?Z0MLCl3@@7UMnTdegS?XzK`@MQ|=mrk4Y~}lqZt;u1oc05e
z@2c;6=8XOkL1FmK4(Aw>MHkoTZR~vS*iWarK6R5t+k)y4e!m?XHnP$R?y|3LNJ*j~
z)V8x~wi3^yI6rxLHa2i?7xI8E%WUgL`XASQ2x(DY1)*{|Zu8C6`zEXDIK7!ESZ*n(
z^ozP*KXQQGgzr3&z`iCwZB%#wB`0u{pChbaRv)j~$4igdiqnHiPQeBtZTENS@wU2a
z0ecK=0Ev~k?eqTQE)&~+`%|9zG%;TdI?20e+@&S{^GH{UjA0xdP@J~`-YRCkCnVQI
znL5Uidb~F<wVG_qBu^xA2E%l`_vhILXx+6IG|R7PWa^1f5s8=PWHyV*%(Pz8XC*vw
z%Hchan#jE6-}T^np*xIls{v$CO?+&5%f<$M8z^4q9o9_-c(9X+P=hmY?a5)7Tpk_f
z+5NN#u5<i>yj4T}zv0p;_N>4Pt#Fm=TY$K~HH$`=SN7H<wqNl57e>e^`6$&!Cj~8C
zv}6=y`puP~B&LHs(&E_(&J2mzkR3=LHne-)#HKqXmF5AaE30<1HDJQiVw!Ln_btX6
zC^*cqxJ@hLQMI@BnEiR-8n}7K9RY*ZYo9q#JP*I2>u6BaaFV3=X(lM^Ni@Uxg^$ZB
zF=kphf%D-Y6FQ-}pYM&>sFwbQ6F2jA{q(|-jgZ=-L5s{_i|zG!OrI;Qt7Kc!N@O5A
zBaB7cBVElU&6uj4{HBH2|0<2_ZE@%2MGFXpHrGViCSZ)F&kDIbMavl1qY*k5XA_LW
z?vA8$#@xc=PSGsKnrWrOvl8!yYO&8mE)iYUe}Lk*W-&%*PKi9~CWts99O!3lYxQb)
z1M9}ks`_6ol`(g>d9WZ+gB>~%{CaZ&=uDWl{1Y(oI%^YzTxAo}5*;nSvBS6#+T@~k
zO@`;-xQUy4s^q?sYC92r)1ra!6<IJoY~ab;dz8N<xzkN3>|kYPk<ia)g3J!t|IGfP
zi@h4#bw;&D2g!)cK}cEbsxhmV3wmPsCdKW?Ap9MUuv5PHJOdm>_r}icSF4~W14&!d
zc;P@*^mw)(mWaAA!JFxx2rgEc<WuiM>R;sZo!I|#%-vtF^sU}k&yFNux87ny#n29@
z?Y7xyf)Q87Y+pZC3?h5isTb?kX*11W#<$<ZICAYHIAR|lIC^U5o3JV4o2Wdc)4oiA
za<bZp4F2K<<aIY;VN`_G(MME}j#cqa8Z$*qgxBdQEvdx2NUXXhJ}Mb2<Xzw=KB^dd
zE3xC6+(uLgjEU!2w~*jQ)ln+3OUFkGYO*9os~8t3siB)tMbJW<aAX_SjYiP^P|rXA
z3OhTz!7fHGPKe9E*<~nV!NCw}p|L{+0~Fnt^KZHop&)_>F@o{(>?vmyN16Z=m@vbF
zyWo+1)_FHv0NFZ#EIN#xzi>WZG>}Rv2uwdM47Bhrwxat`KBFK&G@vg5Be=wtcqIzn
zEJ=uR3@)s$_F+GHPUB5p#)8(nvWPW#%7QAoNJU%P=yc@==Wh9do-BVL9j!7R9QKM(
z9-OYb^q|)=jaZ{D{gK7aXpz#|X_^WJ$yyl~<ZkeUvMm|@$CS2@Uut&k%~dob)+#z+
zX^Y9zTJ%!^$l7{}DZ^aH3x^I<r!HJKv_<q1;n8K|M)kMGNKp-M^DZ8_>}~XV5zXb1
ze#}4WO@$3=KNXaVdWWz%EVKef@%z%?%f<Tl5~_Qh5VPThGk(bE86BhUrm+Qq^g67C
zsKZwP%kf^?V=(Q+Kn(ba(fQ5DeGRwyPNnaegSlAhRv^x_BI(Ze&7bQnDr(1OLX15+
zanJR=;VD&W1fM9IG2q6)5L5?qK5=%D12B)s2!!-$`*9KQFk}kK`^n8Zl**v63Ezd6
zh`2ue*`%O--E-w290;C^L7gY-?c8kS#MYF*2VCeg(Zii}D1%p<4JhMD$whHNP1~Q0
z5*JCTG1vVsQep-R=ytV;1+N2de+_EnmawlS$F|<nLOc=-41(OD)a#$m*fp&-tP_$%
zGWL2<;y>ndBeIv^x;bYAbY#16z;mXVA&;&tBq~(hZMI*3DfB;;jD#?R;7doUCU;AW
z4B?o3)AnP28n-5PU;i#B?y-tv_%k50s!~qjwcjgmp-_2HJohEkpCSDYImmV>>Zrip
z2-@Z#F3vW4X?MP_TKk9}i04}M8$UE_erYCe^*Xz8qIYgPqpkfayAi}TUmjQ1w|j9N
z1FhsJU#x+p#|L#7{7IuV0t<I@7M-Os{jY^dpizdKQq!;apW`V^r6%EcI+0cL#7Z?|
z8l@#r6GEywM8zk-7&~=cESow<F}(l&*jWxZ7OIsI?4PPMzvWJ7m`7R|_~1TcMW_bA
z0@_PEry{^isgwwfM6h=}UvUp%dQ}ZPxV(ArVw(HrZAckXcUI%9r<&skpR>I-{TL55
z$YUy}o@ttkDD0T4;2~Rx-eU^TNc`Il<>2pe1^&SC#+Z=T8|{ySMHj|Cz<fN#J+z@I
z6Qh3jdhbk1wf%At{3p@Q3-Vi&s<@Pm%|7B!pQ8Uu?RPOf$@d9MfjNUc53PQ$9E@f9
zU0S7CBJ;#b(a<#C5exQu&~~B5=RA30w3j;S>WEANBkro$r1%z~+>}(i#gvqg;R0cG
zI)dEeNoAXN6ZmJ^S;SpnmuW;Db0L7`{yM#A!p*e#)yWuD?wevabxhCVz9Vz>@JVEg
zX#JV>V}IMAgy&02gY)k7>-sP2_BZJBR$Qo$U6Mm=b%$i0o|*<O?8{hfHTT3whTIGX
zLdr00p9i7PHU!UDt}5x+4IcpyIRa#Hpl+%u{1rJW3%@qXF%=xPY#{YA&l~bk<y$xu
zFblEvPCe1FH<-`)z4>|X9NQ||WC-sOX*3=WZ(3R+w)S{y<$g;oRbVs)IhpqgmiPL;
z_6N$=9;)V~p1IzG&HTm_%k|4^cRFnSHC`xoZR99IbVPP5PwJuxj)>oFyF-yCVlZk{
z%Gaix`!n4`#>J*y)D!{I2q&%l>29ak^nFg!knk?oGoCiWVfM~HWw&iJ77AFSi?4cN
z>78~-GZyYXPSA&xlD*`N<r9ecpM$g=pUKXlq;rRR?qq6t3LorX`}wHw=Gpg?Qt|kL
zG3kxt<idP&nDb&}FV6U~%xk8$-zhx*Xg-1jQlCm96SPvIq?x1ASFp1dBpsF0l+<NP
zYmdktBsm>lb@zu|G|*NU$F^C^<jj~Y&s&%TK}>n;WzA9<9pVuona$q$Whp}JD$UbZ
zB4wSGnLGld50I=NV(5U4+IQ@so(oWAU{D3xFbp0GXkclbny%-p%r&rHXD4c=y+(T}
z`}b7uf_}3=SciYE4SEE=3ceaaKLb|8=#{oSaIThOYIUM+aWG>CBHynnbHQ9B)M{YQ
zs_Zcr@H-_P3++-;0^6qjNk4B+p;B_`$G^UR#;c#Pn-hVPlySs?Ae-Py`iJGeDHH8E
zdQ&0YO8l63Jv|uFi)sdNlBVV1+$wTco<;U8u6~S?w|qKzw)LO2j86U$-ct3pO~z)n
zoaP^!oW<u1yJdT}aQA6d^K*Dg#>|81I>{A-<R;4dRAc4URDJN5j}a~{JGbmgH*(FD
z`8vPwKDnmh=`CeP(Q}`}DKd&pWJhOJqFRc<<YPks=0#)?XjR6>!zN2;V5o|KA`O=B
zCWgm*qqoxo{QBY)K@nFRTc{Pd!ghlW*r(S#M%O#*P-b(ZL$}M$U-qkJ1h2g4_exNS
z28U_k^~V2P+-8S*7ovgg^%k?z&bjnaA2s7`l@DB#Zt6M_v~TfMyNC;@!EPm2t@y0m
z7mhI)v{l0YU~n<lpXp+in<_KxBCBj-Pl*5BqaCl)JkY|ib<iO%(~;{qrVP;`4d8`@
zvC}}?>Kd)B`xM$WiR=T(yWs>(Gypo>6O2r({DjlR4AK=_t{BmVG|+~&5A@f(6tN7I
zu!zyv1BLY>g}XDnJZr>qk&KkW&|&`N&TQrHbc|w-b_(Vti4p%i9tK8^4u&pBSWMAe
zU&&k)M*j1!DPW-quz(H&DU|nDEDwij;EXUZU|WuDWQ$EBeSHl~#!1_~hP8PSHu<Qj
ztaolhjrs?+UHpl<EoGe6|E--Ve~vS^{Q91D{#|AVC;%JXrrTGxY8JE!TQ*B{(Cng2
z+D+X-HhF356!=Uk6i^M3n9O=mPv2^SLk#9%2&{EXO@9b+?%BIy8@s{s1Y$G#=!QeA
z*JGIUpY~0ncjf&o(Q^FUc8GvPYe06m{64G(u;^}evqsu+VAK_}`?7HuojAPtN*jUg
zjT=3N#a{aMes96FDSTXKP=7sBP+q+2)ug5{h?}EeppFSV^qGQuYuCTLY$w~+q@GVp
zm}|$ve%RH&_kTChVtg&THxS%(hb(}9<C5KU`+$6(OT288K9YSfuwAj@=-hPcn*I7P
z40MM5YTo^cfWHy<eC@!XKkR%&nQpq{e>PkTJaPKxOXGco_0TG{`?FW)&t6BiZySBx
zQT!a68T-Ed*NETm=CwE79RI80=wG%4{l6d4U-b0)z6p}wHcA#&Hq9UWzIE)iE`2ky
z>vw!bt^>a5e7ipxHX6Sd?N5DEM869fUwg~*zg1~#G&9y8do#GN1Eap0mXaW6A$_~@
zAB3P#PJKD{ycyfHYTtKC<Tf9AnNp(pPsW)}syV3D2+?Q|&jP(OFiH@!JJ0?h`Zz5%
zBF2=Bz3W$STnA=#*0$pdkUjPmFT6C)a`tt7FY*;Vbx*12yz8yDWxwmmr$PE{%XirF
zUJm02ZO633OlMDX3B_*U`n)evJ%?{sx%I!S{$>F0?mXD_9I{)!|9A&4kZB*bD#6}&
zKJtOC&3cX8vSTk8r8jF~WJ+^m_Fa6o88qi0<vr0I%4<~c-6~J~?xPg$L~C1W`v$YP
z65Ny<H!$8#s%pIT$VQzkgn#3mYaFu%pE9gLhiY3|^@X$;gmCFr#VD|HKojN9Q)(f^
z6e*HfJOK7d`q!fgR~$gSQTu+(>~`_@?{HBx9=|mbm+P3CBK$as0*KiiV!?rTAWeEM
z&5pkp+ZBKXgEO*MLotmK{|&kyMFm0*FEdpd>Dr)Q0#2SS9WCtnFSGeDZyiI>1&^~N
zsuwt~;J>|llQ9r8CIBq81J<Ki%0Qu_VJuw~cTkieYFw@0+gmAxJB)h>1W=~~RPh#v
zs^7mX5J^Jvz<<Yy3GR|6TA*f3=I|Y_fsbti?>l7sHYH)SQ*jQXqx(@5MTqi%O6Y9R
z>``IJ+8T<!_)e&SasNf)Fuv?}LOBY)Qn66#(_S3^Raas@cYd7!67?1WGXE+k;o}*6
z)q`r150b6;Tk0lmGJXw~g649xts%U(*1$b>;a&Cxp43o^ZYc_e{{GNY`=sWugL<AF
z!ArW8Y#Fzk!TUM<hZYPn;7TVf78>TYw|)Gm&&ckC1E#<sIh^q=;Tk7x>ARg;RPiVo
zwJj;Gwlu4UanHfY2l%>;sF2#H=FvBxK9zZc+}N<M`ix!w4@PUml9~6x)49nGdp1d!
z@nc3|H8PbVgr*M=FKp;RnyHiX(0?HIP8!&vMdV`Eq|0E;<ePYpvIM)QMMbp?(9tHX
zK<rSvx6FheC<u-s_oIrwy7>;5yuN1>totf{$C;Suh6rBUNdsnC3QGs+pWSVTnmIk8
z=eePt$cUJ{L7~etv``}?_|*)$C||*dOPDz>Lr!z`Reyr{&H;LD;3W)O!X7@bbW@O<
zm1BhjN;W06!x`~`suUN}wAaUP*5_mQ(zG}!2Qt&_@UipWx2skAAvVPQ`R)`v$9TR?
zXpC6l?rr+y{tZEA$xSo$D<lNh8-lc(Bae-Vwg+|Fci#V)_?H9S-C5ue?`Qi^KbX#)
zE%4VF=8US?<o-+$e)kiw95^yTtNlz&PUQF24s$a?q<A04ybj1p4&Rv6_vAbb+0~N_
z+&%O@PS{ntQ1{B1%|mT8l!@DQaBk$ZjvcPohRdMF_BpgOec`ozF=Xzb^@Uf3d9_O2
z*=2Li$JLM(XqE1O*tUGZNlvQi2r)7L+LoL7aB+8ULng2lDtD4mEE>{nd(gEOkaVjz
zkNEWuImE4>ozJiRmL}XyC8Rrq-b_a~P}!+2?96Y)B8^$jsl7~c9<PUf1W#7rwSUl6
zFUyu343XuOv4RXCgq%tMTWUFW;0eImJoq)L?Bm#D;z}b$&IbH|`v>(tVMo_C(82dy
zM1Q@2I5h{X{BgC2aR!D#I7b$8rt(4brvMit6otG&K3A9phEw`O$?Z3*5?ctG3U~-T
z1u7QoWXET0i-0L2YlF#AM$s8m6$r1|tH=>mcbHJfFXuct4!Ph8yUkpU<6EZi558zc
zfTm3x%iBtq`*SByn0;Qh6$W-%6=08Y;eyU99S~R*kW5x%-M1P6mV9AiWp`yl{T}wW
zjhu30G=pc-(TYR4xllQWtQT5cNTDqzo#9HRl6u1lsIlyIFK>q1h=X>RcX`vg)mq!_
z{$RUFbCTh^X)@LIeYmOT=-k)3k@Cx`d~+va<6=4;*AiT!dPUc`S9M)E2WQzj<GyN@
z!mnMY89Z&P#kRb&uS*xov3V-Zh5*_iji0EInZ>(iwv!lEP!n5B4aMXej78IrgeJ1i
zD^XR+7+vv+Ys?Z*R|e1ysnZw32&#ii45qF_N+i#{AQn?2G+_c*Rg8QE*4ZcWm5rq5
zRxpo|pldoM>Xc6!+o1il0pp8lLW(V6n6v`U^GCSzt-;3((b7;&oD~1}=Yl55*c+g(
zL=hvh&L^URVJy9XRyY3f*>Upbs-@Q{ASVZ54rWQywQ7SFZ3`q=^?z-?Xo?!9O7409
zUQn1wIv6ftVidGGIvChsVK&876Qxudw5ktV0I!+S2oj7ypm5oLZ!<4o|Gms82lbWb
zGH&F@0nq*m8Tg4A)F_@n!zgH?Wh2Av=FTkU-xMm|KnA;F1WyU?_ECut_vO#10q}r=
zDKLU1g8Oh3p&9`}(808drM60?E})T(D+8ajCqP*Ohw*8MdxvpealUM$kh4D*SH2Yg
zNOSr@;Kc$N;Q^}LozT|uk0bZv)cvHTegfkFidQ01)=@|g@dU3pEV&{K-=C)A5QSFz
zxL@I_ljez~gP&0%Nm?Ictwcv%@QKsh9`usM7~lSt)?rK^H2b+VJOSO)%E&8!+9V%^
zQjzqgrWiIDFe6M7rn*6k2&GX424-$aR}qE&cp`n0wQ#+uI0IEhZ-paZb^am4_k%4E
zkcHf7I%z!hGwGn2aS?g=yD)+B$N^K!CEKlmWn4VzTLNm&@gP!&TIDO^3x1}D0l{>P
zqZ^n;i#R$WS7{NLqvvoOG-1XMD?imyw!EgKfU0UD6?}sS!y3Qb<v4uE;2xyYYA`do
zgb<f)#F^cF9rNp-8tS@hIE@XuueYu4{g`G4g{a(v*?|=S-}qDx<<y@=UYeAtfS!0=
z1^#nB-g8ZdCBS_}$_Xu0>gn;jj2Zc^rcJL;A8G@t`icI%I%P(8rW=?m5m@!I@`%<Z
zGN-@b=FfcVQOV8J%hmDJXEDBnl213w%(vjuMjnlxs^{Iye3JLiWh@<#-Rt%wq(|4Z
z?vwhVy3!ve<Jmdt@*Yg}K@4?EAFj_Yu#p5VUXG?NU%%@OSo-j7q^8^`gJ6?-dV4`@
za5=PO?;9GoP!?die-ID-hk!@aJSmTplt?010%S5+G=YIw*66zcG`9^$(ICI_-;5$X
zC`5+9+l1qcb16}9t6E#EbI<Bg(DhbM0cb4T-XL-_?hhN&1{4HfiG+K?XiLwBOf6ax
z?!V3LBmB6Q9c}Ts3}(Uxdg*7K>}s{unywq}JKSq3EDm$~&B@=fr)sR`S_bk}r8dS`
zsj!KOUXaL0XuRF;4CboMO&&1uR8bPr^o5dS$xoaT4YqbzgA%|-#8O&c&9^X^8Ki^P
zj`O)FTRhql{~{rIg}o_;ZD(Yp_@)XBKobZu_<Cj(rC?@z{bre^H`c{xW{6U}jBmJf
zAo)O4A@XSO#EX2E#D)g$4P8M<J02_`u7ta9Gs|`&M3N$Le=>aAbywR6OVJBXL4Q}N
zG*W-Qlnb4saG=F%OmW2UJgg9LjnqRa)L$4$5Tf8E?BhT?biI-1qSO;@tyPfsn-GyT
z?Pw6o!yL4S8YBn>&OGJE3W2FXX$8}F?{dMHlNVUXe~)`gG%_faj7XF5fNDYf2BU&&
z{1A=nxly?=9nzHTpd=b~l&P_h_JG;wdGX#kgLY2uF&Qlab>Dpx=k}ZW*DV2QP4mKW
z;x{?tv<j@hrR&#C3pge$J!00im@H9qiM`oxYRoM8ryA^-Q?vvqdd#<pK0&us720UF
zwi4~MM&9sgx_Q295_}#DI}d3U9dr@MWBL6YCas~6P9(UQ(;N7)1uL|<8DOmFhTe2#
zdjQjcVGz{CVf~~0zf}Wo9@SW)(q-6PvUs4~v|JV7JoXK3KMkx*V3LKV>6xhWWX4=V
z;t66Bs<<Q<?;^Cyo;XNdht=m>P|-|sF7;xU_^BTMNc_Pu20>Nl6ZBIBGKyg+{J_z_
zjQgR#qw8uTtkHJ6$5~dv#Mq|-V!t4euG4(aP6cqsGx0IDB6P?I;P&L6z=%UyK*N@`
z2F}4Z9q|?2hx2c;6=wu@T_XFm18iTLbKrtoF@imW4R`<(HGl~e=W)BhKGDcNv^++5
zG;wXTA?UV4pIjt6B`gXw0?^<sj9@dcO-C2S6H8^^8vomb@wuLtFB1!WulqVyMpM0H
zh@poch;x_u|B-Z!(RFlfJ7{b>Y0x-1v28WB)2MOM*tXHwX>8lJZQD5U`SN`4kJ+>D
zYwk5`&HS3#`vM8BB);$H1@Ub6F21F=!l<k5rw%F>{P3w!H&pA5qv{8ew{7aT$5DO<
z?<3UWfpZYCr1^>hfNyGZFY!Uc?-StztB{0iDn+pU1W?@d$Yr46E$2IUMi+Z8zNj<&
zGH3C5`(52O)37S}48Oc^jr`&)T7@x->2^?K+0n}(Q<H#yrhBF*a(L!2r=Hj{#pc~p
zaJ1WQm+lQn7fSv4aq)M<l+u2xBJc!a<?kl+ToYyd1U%P=r2))Olbt@v>(yxI;daQh
zZgJi)L{SujmK(z2z0qLcA>&r}_N{JXaWs$qecq+8Td;X*S5c?v{+BfTk?4w$1<?pl
zw~q|HIq87Ic*|rIN0q}Gh8V$m)JvnlSEc19wM5Lssr^eQ3iWY>NmpZpm^amxGj=nh
zdb;Zsdy+Mok5m3eM#i!9r~)A8HJH%^%PjZ4|II*E>b!o=WDgsLDn?8q!Dv8=%>B}O
zKegTMQr}BWeVOg{1*56Fj>QDO!gVNXhc`m1yv|`e*TUYWiHS`9t6!ST{lXfEs}rmD
z$IE~ltW%)Mt-KcT2m)w6o`ulufLYpr|K=k|y%XS98JP+L>s$Lcz%uVFX`Osf=LpQ)
zSWE17XvWU`TN$S{xBW<Yg@#L3otX%I5#TuI=lzh$X6WlGk6+WxHw<&Za4fG0R@yTA
zZ*hOa;ymlB_K^!^#iLk|=YnslziI2#ZlUaT#h2@%V_rmO`YoY<%DmI^++CCihp9l5
zZ<S^^l`3QZ_-wQ;&TQ05a`l~!yr=0az0Y&IA*IvqwQ`PrV;8hl=NuZl-d@o^YnpX%
zzGZrOe4gD@l~wJz*5=W5WpOU^+E!di_u!zQ1I&v30;2`KKz-m>&AB+tZ?pNG1lZtA
z<Q*Zd1AJpZ_S@>7zA5slYteb>D}M*W>}sMWM1@bwt=Y`KDZHV@5b7O^YSyB50{`y=
zg}txb8Vue}2QwJ~%0N-mP)U=bV{G1l03M)?Sr^pDsF-S|B!y#p%$v)!l^;ioY3A1l
z8`(!)J1)sb{lH43!SS%kM~>u;GbJUuJ<2*a1DwaRI9YcLLGd=2G4Oe9579u>FW1_^
zF6{o*5Drbe3J&9#PY;&!r)3Sb1o#@>o~-A)cV&k8fmPi69^Rf2J7aL`v6<7dkN1q>
zYB3HnaS#qf!eJXZ^ZmRpKJb<I$a%|23_f;?_1(Shekb=xMcOh){h*@vy0qak@N`;A
z^f`?m%H`qq6F$n}#m}oPO&30@?lK~L`TZ?z*-ov-$d0qxZVv<?QM?7YZ_+<1q?CJB
z`SK`#=szECZcQIcM)9_cT$|HuY_j<X`VV&Hm@xuX`u+%30^GZD?0meLfcFM1fy>Vy
znE?eFFCScX*g&6zZimw8lQR#&a2)>a>B@eTBOd{O-jeC-V*)PtLtvsyK?|_nsM|xZ
zzCiDq>KHH$ydTlK8m=?2l~d>4KN^A(`WUHT)mOY<fU@KxkT8D<s{6Yx0qEi)=TrkF
z44eNPW?SN7$y!>`?)#~?A6(uTcTy2{QqiS&j`vuf$vZ=`HmX+*Q=d`=FbER!#v8!(
zKtvIIq>7D<TbmH)7;>8*G5<;f608t^h|(SSeOKwMcLEdH+{jq5{rj=@S8>hcZQ|vb
zaVw+^JgW`Q8@cPfk;y#ZN+{!bsNLvbN2O2b=xZBMF6B$jSRch3q;W^*@!a5emBVCu
z*`Y0rQMmb6A=^;iY&DU~Nc>En>axQHptHR)y<`QjJ15X+dR((wc|N9LApLZ$C*YD(
z!wN0U@9${D#pO1VWPf7FZddkywATliu4XL{W!X5cFHvpzehn_a9M+QvHaF0rkj2s%
zlnh~#R?(q2g#MdaByC1hE7I*TE(hrLXSAA-o?5wvdM57+lWyeCyd%338Vl!jiSLr;
z&3wbO)WozzDC@n;-LX?Dp}?HFX2SH+#P^6jiFAxHHjopXdfOY=--tfzHfT}u<Vy5&
z6y%Zg<U%tX`1~GyUnU)3-`P}#SCX<mokeBW!gO_=@vFZ3T5z}r^g{5SL*_k)e&hSJ
z6aMx@+GjF?u5M5r1r+oui~(LdI}u$kW4aMv>ww&VFXLU=cH2gGr2jm+>_Aoa)sJ3V
zMEuJb*f|P4sh0F!5YyiJnG0n|IXxRie?rtimg|8f<&|EVrR9}KS+|wrSk!%<r(w=Q
zPAVF_J2ISaZEM%Ng_t*MQ!XiV8z?zKv)!8!N*e7ujtb6=G&$`{i|TxR-L+PpZn<v|
z@1_r*t9H`PjiIFu?>g85{^JH^A0LWIR=%Kjh3OCeqaFSiD_fwW2fSHu;f5%$)9jRJ
z{nhb8@8Bmi_M6?u?&@dj_U54Ay)Mdy6qI>A6s}+tZ-(RUZ>H|QEJKwWvivteF2I)$
z^(L?G(#BF8AWUS(OA_x(HN1AO^fKUWlVQ*Ze%17&&K#(eDgw{R9|m|UARkNFB&q7S
zhXB=;AFg|?66tndEXV`zDmkcsZJ*7j?CKyfcP|<i)G}BhvJw!`lH6Foi*<8m8}|Mq
zTmF*Rq2>52`-=p;BMH7BfI>2^kG5}oUG|S(56|Z~b%XJjyRPDM^7@e<J%6tbJ$iDv
zj@<*9E(xZ$MTG@Ld-eER4B!fhH&9q)H!~R@ch-x3El|Yt?b#`NyTO{o;1l)OYT1O6
zxQy3jJg=Ee1ev=pmg70u{dBIXpce~{sO8yk+W<F0YeAyN&J2$X;M<cjFPuzIyB`%j
z`g0U5ri@-ls}NA=i$4IYXjUz`ru(6c+-Vpegmvcsx)EEFu$s3jT$68))bo2*3$Omm
zT(l9h*%WJ4IauQ#=zf%6^`D^d-{K2eRV12h`LOIJ1rMI{nSj8Jd@q_DNII(QZa61~
zcjCKn>h~_smy>0mBW!J-SAb}33v(Qpf|7|Y;yMT^f`FGONe;1hLJCt-pS!RFIf{H^
zfII&wqm0qjy2EPG6o-XA0Z%;}F@yZOVO2=wi#&@pF@9YP0cBpTX6$~59(ljm52wIr
zh<Gla7#k%Ied(!TyOt_6*_tmWzWTnrTwb{GSrR+)vDtk*a@zaW-h%|y7@v>z@A?<9
z7KMC421Zb|a2>yh5(E3tVKK3X=rF0Q?P)NHM6e=6hmcrZQ>=uXTi`m@wD%jmMPoJ0
zXKE<u*y!PE4O!1DFPMl>5=C$9k+r#EasB{`WC24@rr(g>iaWnKWOPOg_aoo6j~2Jn
zj552^Eql^pW{DkEy*#LNC_V&nGCnKpD4e^wZ*!YGi?h9x@^pk~;{(>73f4>n>6wso
z^Dl=@`%$b1MSkfcT>jJkt>o`xn}tiFq5@rOo`Xj~_`$thCMSG)sMJ}K=(AdZ^YO)1
zT5d*-G@S{4oO%7Cb!fw&V9cCQ_^?_yjj~xQ6ldTO{Md{N;jE9@p1@Y}m*=g7nxFKW
zWqd1N{4w7=b4`y?v<x;M{ds+?yqHzK=8KAQJZB`Z<{q$KJ@4#n-7WRxyC7dDXo-+a
zaKCrTM4SC|ygiT`t5@b?(+$^kt%s||RquT*vZL-nSQ_J5@v?SZ8-g`&w=k>|*4Izt
zBq>jy6!UoKSuuOKU&EgbUlQB&_j{r-r!f&rcfnx3d{$TFMJ%7%mCulW*@MdcfNa{M
zm9x5T%|r)=l5dn*w~T8oGD^n$E_MUQa?16TaLQKXCCn*fS<~ML7Y!Q`Fe|v9CL`Ni
zQR3}8IM$FPc2<a~>>q3)Gd+eMZ;(ke0fC!NU>~yEaxgbpCnPiAUhl8#PGI|K0<p-3
zxJ%}9;Br{6U#nJdKS`uvnBLAlPQl*6J7I`wXycIW4K>WuM+}oWunPC3Y9`d;<RD}}
zY-!=>AKNV`Y8I~l>>0CDj)cc9dT~<;sG~uwI-Tk+%TC|dA<#4Ct7GxR86(Jg50B#q
zJ>)b-XsgBbNW#iO;Vg2roeX0`kZSj?`Px{x1y-*lPgOMlG?8inn%>7{Heq$y-o0mx
zZ<jX-)$7SqODgtIzo>Zs25No<HSixbGAAIpf&!rcI5ff=P^oBk5p~U&tLN0^0d=Mk
z^f0E&3aqO#;!T96!-`M-WS%Idyh=~CWN)aZbV^U*WICaBa!EF7COP@mh+|E3bvD%J
z;dOcu)-Yq*xz^QW>(O;*)V#SPT@tI8+i4dt;!g}?^7$7y;!osbT_S0JpEdP<5mSY%
zx^=$6458oiB0yb|=H0+jU(`~2(P57H^&v-!WGiyDuPLrrE3GhMc0mWnGQej9_0cN2
zZRg+QDY~Iy{-K8-59)(eOtn*T`$_Et5xj~WY@LS+4?oWU4}gWTQ%p5fN~OS*uMAl1
z5GPflzW5dljvd^~S(}iE^lBF<j}kdGUpHkkV_{bZT|ZiWM{IFN+bWsfVS6B*xctIr
zamN!+^;2K)NIFqNKby_nW-^hon%#Zwppi`>y#xEdriu;>8NB10Xj~IPMT5TQAzQ=*
zypVM}Cx(6NzNuGPUp;~H5U$8Y_GJJ1ByUiaT`sL`%kJl0X}68ynFLA#86C`KqcAPZ
zrWj0xkK-dWa))M{KO{hZy$5YT>wP&@u-3mnT!q7)>$U`m@D!~ZoQ{4MF3m4`4X?G7
zo&F_)sw?4)PW0iGfQyadH>3z7$J8EfjJkL}_U)7h8?=|Rw|$AzdGT_+cK08MVKl?+
zMpu4_nto9<sZJ<oKp0QItXZQm^6Bdcj;}+fR*AI4WlAJRj`)kbL+@lA8-Afx@PpoR
zw@^8;<s?pB@D&Js^QMpI^FpCIu+0+_r-J32a{s~m{Kg-76g4<LW4U&l)}o~JF>WGJ
zsKbeb1P_q4CekY#E46zr9Z~e;vux^Y-OgZy(S#lbhs4ac<Z_vzg03F`3DBxaD|K78
zfzwmI9o$G(thu*!lN=y4D{jZMsCwjZ1&wpfCZJ!>H3fBzmpUob|Li`tG;8bRT1S7q
zDhZNUWQoRqWx#KwD$Bc@=^No#8Lu^E&uHt6A1|?;7C`c?=EaEc?lGr#buV^#^8*x%
zwCq_c;u>Tn3tgmm0ifp4VH>ZSgpCS|=Fop1TIzo3j}uA6Q@vVl+fy9&bMUhh()pT}
zO>8^FaNOtphu+-tZogbzM-ie?dJNUSV|^Ep845K7-?L@WUqgYDPU)C=mf|)`+00jH
zG3n@nM*wzAJg!&RF@0WdKqEgd%^`y9VR7sXv-G)B&Qyey6OdQrojF}*Okg4VUWjlF
zUC+9&YXT*MR{F^CzYgNsU`e+6U`esH9`bi{=8DUxO{R(xzrC;zM8%CuYA?$>^+>DL
ziv|+#!QEoIHJiqkpALsmwN6%02)g0yf)!X79j5Ja_FGLhU4A3G9HH&4oBp*^M!+8U
z?fxr&EU1^S0p@NKl5Xi32SIbzj|pMRqr7lPRdEu+5*EECOh}R1N(mMfULyq;9yv0g
z+E1JiBABjO56gDr2tFr3<V!MBy-xU1i;5|q%F9$Izjc66nz;NSa(1BB701)Mjnk31
z{qi1EH{5@_coO1V70&w6T<$)q`tP&wmh*lYK2XY&$O0zei6xJy5TIKLrv34dR?cnW
zd}o>6hToj-Dc`T*I9#%A8MAWI$}{5JE&+U0nG{U9DbFar{lKrk&2fL8E`OdTOJ5g#
zKq$Aj&Eb#USJ_+=R8v0B!7qJOkoKzk_u{pr<MqsT9{r2qQR4WwK<vSz#IDErAJDQ)
z9<`{;(@%Z(1^0s+F|*iA3%p^g+?~lSt&?B?l1s3z{u6kL$SmRKL`Hs`xkdH|q0i`g
zMWD=6b7`P<>ofSW@T}+i9@1wGpJ}V447=jB<jS+@4{X65eCoSV%WhKQ&BJg;0j<0g
ztq-T$xM&5A&qo;553$p!m&n@JQO3=*vB<0yL$I8vX6C;Fsb@vO1~iL5Z<rpdy9#?4
z5F`C{D8hWx7|;hmQ)X~`z83Z0ZUsBjMBjZk-$5Fj?iIGLJF-Vn)*!SjwEDJFYQB+B
zmps<HD>NPRgC=xaOyNZuPMfTFt0!@V)29r{?N(EQw4cHxhtYwX8|s|=p)BiXMZMJZ
zm9}R=|4l;`&2%<ZkxiQxf2MSuA2qd|nkTKQbJ~cf**MRy|JRr9|6kuOHJy+1{LAu{
z^5(;&m20W(>rG?3Dre`znqFCkM3+m-8RhYRu;ufAfK101P$Y=GRoG?$?E9~;{f2Sz
zCxE`8)V8cq3I7#>Lq;?QC}DBZUMGzI3eRzqcioIcX#23JY~?)vT4-CAfemmjwe@f)
zm35vUDCE0JXh~}K6ivQERsZs5r4?vR(%|H;O=^#bWjGXWx+zRPqilY2*Vy|05?W1l
zzp_Gsc76A(VH84b@oEj%7Nrnr^+1>KT>Clv(cCuOJ^j(#mqA_9wyf`tTGBS`LQ~R)
zKBFday<5_jbsiC&V$-mVr2iC6gtoTSv=zkmu<dBzwtD@91q0wU>7wemz_{1Dtt%Ed
z%JQ{CHmI?l7S`0up@6e$PRC!T(z>a`;B4DDFKgR7Kk_-kGth86{MhSfjk0h*hxpkW
z>ie+Bzu#|A`6uUjZmsHLQ&TJp<0Ff31so9htT!))1G7|=66!sl;K99qd%oX_lAmI*
zQu^?x$@HRPvm=E>OXos=%d|Q}UjSTR94ZFh_qS`UN2|SYNea#djXWUdsjgUG;Kp=W
z-^U8+`mlIwr;`tabTK1s{7=6t68|k4T&$FU?=;`p(w9VOR2kHC$oOb?&4=sdCT@JP
z#-mdp*>yU;x7!bTUoq{ji>P`c*}Pc&95{5X-M;iOjpfmOqANdC1k$}pdhs>bBafn!
zOovTAA(*!_jHg@5SPYg-z}%t{J<Gg=`K8Onu8j)ji<4l!k>9<JO-eQlKg%_DjTcAE
zw_-)qo2F@U&m^1Dx!@d=M~vJ(ps7v&`3U2vJ|dZ2k9?MVI3s)4Cno;kEjC|Tdq&+#
ztep;6YFp@sZn@G}0?nTh1L=614|=@>C8NK>2{AxElvmVSz{F;WM&J1E!#B_Y<2Fd|
z0-)|aNXq0BAn}M*c^_4P@?7cF^09SB=L5KQ_@qnbzYgTbYUTIt%}(FQ&h>0CFERIo
zhj-lAztnj7zV)f-bfmVQSOph9LGDjzXMmaL{^MSw(+ctR7H%ldXU8VH<lpz{^wld@
zz4o)vT{*#?1}b|w&yKD`_vjS_RygJ&vg;36)U2?Q6WvKUXr9P;MEYLlEAaYj@O^<5
z6i1B<+Mroe1T<`!Ih-!60oGDW_!+Gz%v=CWoI;MX2H4ABg4sKVmG<wS-Uf~XaRADG
z?2M2>A(NQikx)R&gpL^{7}^{4kI#!lub`!O2FOXsh9g5ED*=9|nirnoI8(3s#+K9x
zUgorv$1_Ljp7TODOsbH)?;_(ZJd^*3>+EGl`LbIe1Lr#2TK-x>WKXn&PVUI32=N}p
zdDoh3FT-IT{CGS1&G&DpjE@EFHfNaA8&bDEsDHYkbFoK2Z$Jmm6*McyyssZyKe!qD
zy<l#2z*7z6MIY=mio2A}PtQg;3p7Z=IC(>j`q$3~ZpRZo15`<YR+3`Ipo6%3F0vb1
zg!sYclf9zOK*c7nSeKCVagES-)6}l_e&H>KkZC3dpVgTU^kTOg(9wRYpfa-%_cYh1
zI|c0tQNxTf0te+y?XR)$`(T2XqswtRB(J1luk~1?)K9d+`=hfT2U-?L-*H&G0`qE8
z@;4%rNNmigfic8%EC+bket$&8TS;k}t*dB@<(fn=5kl#TvNO<3*p`C~n5R4&ZkWYi
z8DugF8cdCTink#b(u6cP?zQypfj@z_bnmj)QgfrN74?D=a8Zf3m3Vy3mH8pwEMIun
zWv}V|woTvgvMmvbDOI2K%b1yJUn-Y=6%Gg|{|!s3U4W_W%e6zL+*a7hOH{t+(RPW~
zkhzII{wMNnWbhgxj_K-yRf|y|)A)frO{@5spD*PK4n-jAW+$FSDyNmZ)ar&f9~VC7
zry7_|=w{}(4kFX8LMscI4`C#}C{aTnKA4Mp@1w7qwWO_oesL{WLN^iDm0~)kczDrp
zk>{5<a2K07z~4gb`raWltL(I7MmTy#y`^Ag&>ns`ff;lQ<RBaB&as~O9okSa{Jm=`
zNS1M52bV4Eu(_DSczOdkyM}JZ{P^vdFt-+}{pG*?Ixjw_2Vfb&mgUb}U}z`%vC>yM
zoX`eUDX>MP%|A%=<du-3N4w7rxH1{3WG!VEwwM&N=4=s_p@r;nHo=>76~y_6x7pa=
z;_ypk0#@}7&U(GKBwgFTUtrRHl^9H5nE2HDql}@;V~t&>rKOs`{dVHK$vw{Stunl6
zU9?S-{GaET8TMIDb<k@)GZK@1y=RMS=;YPz77|B$sAtO71@V=)QKDxH5G7-yzmwDE
z4+_x7@xS`v=U0;`M{B63>(&AB)kn^M^&w}gzvsGBxkhz+5m<*<^6rbp5Z`+<6p`0H
zr3Nl6d@y!!caR8yBA1a87XzkcK;JZWaDm9~k*esfpZKn4-VGhKmxa=^HnlZWu#GMF
zKI!XTDe-@&f2B=+x3NJYB#N4rN^T0&4Pe2`4Dfbv!DG2h%lS+S)bC&EmzfOk^{}Or
z&=1!|sAe0fVGlO+k!7IO)ET6kp=M_2S3wP8cDAyGOL+oW>uTsqgR80%=Gf>~%PD?d
z$6_y&C}#m)X1D$n7I2U90x0p+UvOLc@d*rS0|us1-PFbdl=Xdsb0#icwQOnL-J0nW
zE`Vgp`pL+`(Tl(@{OReJ1xrTr7jDLwjJD%@Dr!z@?*>}LptOG;)q?-tzDci<e=Om&
zWOb+Y^+yx!B{SKVDwm+2)a$zT!YR6@D>=QhTC$Hf_sP9&eiO8ijc5VNw85LJ;<jR?
zP<^gL%&yc<>OCzyHv3*gaJ4F@vN-a!RXw(J9sqiAhMUgH1y1$Q&%bo>jX!9{!)0H6
zXHm_v{`^Dh3y0gN0S(E}j57y&yKF2DA>r*rIS-Ff7aI8udre_m0OOiY7-T|;k2|k%
zL7JEgC>(+{dK{+|dV}h?vo0_Vf)QYiX$~0FWTSThg;0wl2oC7r;RMu(1u}Y_D)^ZF
z4G*xxU#e-z#qv4w0wBsUMXBYo-gD7o<fK>7G?>EAMHm-`mNuC7>;4}9RT4|{6=GaE
z*o&w}>4q#+M5UVG%1ip@lj?UvXhKgw`F+0s0(V^9&5)kFp0U_Z%fdBpPiq8KW*%32
z?fSx4IX88}BQx!hJ3bi+<M*kN%Rf^(Yw7V!EtTFz+gj;edPuht{VUP%dU_wy#RR{D
z)8I^cT8})U@5gmTt3CQvO6Bk)t)i8*7lXstaVl%r9vFUxxHwnL#<<n@Gz3G-)uK#t
z|G@e?AUKsA@dAvnZQ^^G`W_?NZ4m5UR=Zj`LmIjb&WWwwPPKuW>zqq%!)pS~OZ-bN
zH~-c0R*}Jtmp{11kmZ=ndgQVHSvUC2Re=W&)5F^Yi(pf;)l&1()-)9ekuKz;Qex%{
z=e3FFEfFDuU?GF=T&Z^yvK*JaN*!&}r+JUlU-+<U40(hpqw2X5S07Hnf(((Eok-;n
z5jmm4{+twYd^;m5cFYwkKOHeqCrO)-pmtk1N%K4c|HHaaQ{Y)%KIHYwsTt@QK`0jH
zv(G&tOn(CBWp?&Vw^(g`A3waU(3y1WszfDP5|e7gbb~T+JC|AiN2RUK9Yd(V%4Zo?
zcq~jUn*hy3i?GOv)k8iFMQhqZNBN377Ef|wkhy~ZR>rh3JJ0vXp2@apg1^n>AGkg*
zG|Ps;8O(eDTZKfi-_KbtVDDLiz+5IOGAH|I85`+9xK_`=`p|tQPAt!#cN=2pO7Yv|
zy5i>~2Q%0Kd=u|1k?)@DF^H3Vfqpp=J544pL2b%2Ok^mN18aZa({X7V`n`KCX1e*C
zxZa5Q2Ey+O>M8MEeI>S?0?L>OA@I*I@DuUy&&GryhgKYB1{C4G+n)a%qKIag8fcl7
zRqcEJY_32oD#ZJ3MfNia8IIdBz`|4npM#l4&c0GwYM!ovjr05_bx$rT)?;@7cHQ^G
z`HcD8OOG?2QUanuqU^p=PNbhw0#2V!>bL!`jb~>0C<o062!IagST7y7ckn8K;mh?a
z`D@@9OOBuyt#hD{m@hZmPb!rUOtf~$o?ev?WGz)2Y&WY@FNmdee*IV0r-#FRkuSyF
z1h(L6eY~ND+>ZB2o*vG?&Qe`%%IeU+$b~T+p7!kR#({vnFQ@C`E#9v7MDw;XqS9<_
zzNh<kl>Bu6L^+V7?i(BJR`^%k7Y-42Lx0rdGok|VYq_YRjtoI)RfD>`YNRaJntkm5
ztqI2^wD`rbqv~#{t#U`s@+&yUh?Pwqm6qU5W2wKa$reSlFvOo~pd@+1#`NAF{}x2k
za4jjL%*$d<nD~iMMT#^i;=;qnYGJNLM5H6<&J5(w$WbqV2YX-#hcr8Yr~#<UHDOkX
z&p@S+mH=_x;DL7G3v;xTAGb27I9f9~TPC`h+2HUXP0T5S{`=6t=O72gnWRE2*YMhd
zBSH)MRwhY&S^25>p@f{Hn_3f+53Jm3S?5Q4vd2u-#eP!7-?;*;Y7W2iA52PnQ~!h%
z-36SOE5H2dkfeq2c9A*Un%=i|Hr@CGRCoQ&&cCYpv-lOJnC^3$@Xi<htu}|+3kT#r
z{S0#e`d2gQVKBVJ8SLuB7Hq8GD<v#wk)*<<VDyT!u%ctDD;}*Ru@4$aS^HRh8}xlG
zd!F7!fml$vhJ^b1cAlEGLwG;F*xMIOX$OCdV)HRNm-YvFy?x%~j7J26yq3s6@3jy<
z9g}-}DG}byS#||^$Db7}t+!VLK<|dZ2nL{+s;cMd7uQ~2`A!2qEm;jdt*|I6R-SFO
z<tbNtO@|SW%kQScU(t*Zooh2Nvv27YN*>$LEq5=R?$_t3N*7zeTXfD&z~*ysrLUvz
z(K}}(6b(ja>~~ZC6wG2^7V%Lj@DR!I(!1a6Zflu69N1Mtaq;_wsBjC&#C~-Ko6*v`
zQ%meQ3>E9#RF05caY2`TYr<{ex(m!qKO(mK_eT4k?O&5X_z{~jcKu={nn{+ah{a*Z
z@-!Oa1-I-G_V#1rzR&><2ic9BYM4O$bjoL=l<nQNX{c!xlLtPWTu($@o|Eq_ia243
z6^U!>_v(&k4*?cx@eyIbV~tcKEJ+dWy?&Oouo*TdhLLzaSA4{mq%>3mhQ&pyu3SKJ
z_8F-Q2J<HbT6|IMONI=jxof^NB`fv}qGkeoRB~DvHM(=Ss_@9IK!;ddyb!t%WzxR+
z&=3Od*b;Wrb6Vs;aoV@Uhx^Un!KcAy6yOwKWT&v%(t<izy{vec6ndnJx`-ke5~%4T
z7U)5gqq4LH-`xHNL5*SX5+4U0C0;&0pR^dE`j$zL?$1delW>GdNJ_ArkHMr1`NKVN
zO(W(NQg2E^%vw+?A6BGj&5ytmcm7OL$X@B-qFRuKjc@CKghtsTve&&!6$WGOM@~)P
zbGrya+fVq5+>%kku5nAS%w;$LK<LGeDpH1u+PQzolJbk!<)fDl^<+m2G{cSbYHJ{j
z<WT=*r~BLb7d^2L$4Ha{>j+64iNA?Gpb^CT!z7ZGVD{%{#!+2P1}l!1AoJp(j;F4M
z*X0lapsWL@DnUU*`kuq)ZaYX~QkV<bOZUclUQp6e`SlgXgsCOZ7wP~h7(uT90o<U(
zcUu?r)S6NV?H#6Am>$|>`~=7r`V0<3$551_A$hZn+ye8tzV@S}iW`A4)L@KE%pSo%
zdQU6`c>La+Sjd<Y3G@g60^pAO1&m`h;mCa^QG0#YK~*<{gb=ZVEd67NMi(-fDq76e
zKhsS#xqdnP@*ZJ=tMBhpvR(PbGLbX9fd2se77b5%H9h$4h1r7AYPvVOYhqZ0tQ~Pz
zv>8^Q0U2f5F$SxFKBXZ1X|53X>rGe$!&{g7@!_dI&Nw*H^c79ZjHwtDb$u)X;!Zdb
zl#G#PF>n0_;qii2e@N)SSqs?P{PwJUMG2<GlCmInFM4x>)z->HF^qV;kQ488DrFr@
zHaC%IPLQ#XgAqb@3g4Z<)|RpMo<;v$O;xh29^qItt56u(?q<QE>|0cizyj!1AP$%d
z2PN8?65smH?fznO$2$h;iZ2@kU!HS;irwkVAJjxwDl=~u#gJYk3($_Bw)!~S_;pAi
z){Cb5OLXw}L78$|wnHFkm`FSj6;TlLrvlGP-?QLp&*;|xRs`-%N%Xa`tMJ9twR?<r
z0?Q8A%0bqg${RNM=2uvsQAc{y;8)A#Ukv5)*9_q--8OP_tOiQA^T3pc>9yG6cN)~-
z-z!s`h722o@pP+5bseEf%cMWG3?Vjfn^!CvtjURO_+4Jxvi0EtRfX#8KCNiX#yfLs
zcm5GGyCuFh4hHG`x5rU*O;T0o8rGtrv?L`hF5aF=E1&00iuG4d_BGy5139c0<axVc
z=;!P?P<I^E{vEMQBRJu8lM&YBW0v_Bj^a&Frubtnv~>VQ7Z2jZLz+5(QWK8p8`dgu
zQl;>!u=o?w*iqhvx%d<Rn6jdaTs)D47U9^Zq6wAK629p%mKOM!h~iT<S$hx*Nz$ge
z$+A*Wcb`d@e%-|GpviV_MJ5?taGf)CdHzT)zLH+Fk56K#4EY;w`D`Qh$sCnP9zJzN
z19b%&yoQIUc&E5gtKu^rCblLfHe9fR(5`r-NV1|E7G_Z^lp)l~Xy@0O{z}cGi5<$n
ztbg|;GkCVMcr@o<agSZtSw3}BH2s|nVNEAaDb7uSQ~TIi$aPa0xfr&y7L4a|-?G}U
zv!LsyRB}~T^D(4&totkwd49;zDsiCrWYJFs=1|Gr?+lO5@jc7ev7vM&e?g83h3@v2
zUscS{<fGo+uWKuGTIn$D6y+CrNHC;mi*(zv)HM--T=0lRvYVc9be<=L{$WI(5(4KZ
zLO$62enhw@5nOLkQ)N^+k6S{)r4Nt(d;wYfamFKN$Ok($qmVzeXD#+mUwV6U{rR3Z
zJio(eI}?n|T3y2Y*$WKwCmdc1tAfJFCT59Cj8P{Vfjl;aA^Swk&Y*f<6_iH*oG1nH
zfyL_@r!UQa3!rxe6SZH&TB#AjGk8Ll8Am9My~ClnFu3KNau-p7-ZAETCGw4W4}Zt0
zc9e*7$yWQ^!{yRz@OVbJpp9PUr7#Ko=`wBqq3fIN!nH_Z=PuJC)WH1+xxmGz8|Q0#
zK3$b!s5>aQ!tY~KpV9|%pOf7MA?_mJPk~koxZZQ_xnhu>1*ZjR3x~Kt=B}6iwu4&P
z>%h~*K{%w82bNL};B|uIfys6jE@IG)9#{XBInESe-=q|7WSN48wr9slPb18i7LiaO
z3>9WhRrvvcSbgb92eyp0dqL$@f66o$g;r+@eHT?)E20S^N=(MPeESyuOv=DYtdlRa
zB_ZNl9ZxE}H53)ED1K|qRaP>M+y3sIZFa2VD_&{&>C;@a`ftI=lTinEUB#~c;AK@#
z19zRCsRC#sm+i~BojiYv_tpU{U2n=hKt(J_@j>f5(VJxQXqbJzw*LK}Z4n2)Ld_7V
z*}h@HS1==?6-SIxabphbq?$a)&ed4{Z43hVs=d>z?f*ajB2-v-5*<tq_@0$TTv4Oo
zQT7S_%YfOr@+|iB?zPeaHTWSP2d<RMwa^R`m&pBp5xXAkT)~o5LUt7#L8py-x~VQ>
zL$?E^8iajAmXN0M|4c#SN_U^zD3PR0V%y6p&#@#;JA>~O9k>Ilavdub1^O)d)?zgh
zrIhgJDA%+%ZKyP%Ctc6FZ|?il!<M9?I}Zk3$3#RH(P}$sa*yV7_$c*r_>P240ZaVo
zdW1m>4#+aUU}>IAaJ(ckebN~aX*BTLHNi{FDu2b0nsfxrU*hW#CM_@lgj>(o-zN&x
zx#r6C!ZxRk5G0kgqBUA*ERs`EIe8)j6L>C#k}z}AyFdG&1-!~x^Z#M<QmEF8y-^)<
z;a=wS7bW2-DLdHNj~T#r*+4O}eypF0y}`gZqyJkA9D`H76dwI1@8|KR#Y^viprbms
zzfgwUcS+>38_tN_F5J@I&j^3p&~N+OXUK@N1?5i-`1*8!i}oiEL5+@S3kw8fmxci|
zILyVGqs^>5V0}MjY$bNT{vyNMf$*9M(khLuFgZM$%?3aBe;czh1s5e`<C3evPL#Z*
zBQbdwFi9V!Bl3CH7-R5Qt9VJB;dPM_7ldO)1s4Y5(76cCJ%U~t$9A$#%+T-N*bh_9
z&D=6Cu~Rj&A>u|UiYrL)IhvSFu<vv2xixF~HR{wIVDPf^@Yi36p`zOtoxe>n3?i5t
zJGiyk{ig~OHJ_^vSl+66lTGSFS|t&sx7m2e?X>kQQ}$%`(mWO`W);<gDwF6)KG?iY
zY&N_ZwX)s%JQUVu36;U!!ucpw+Zq20?N~R}ui#8db?O1lmxYF2SrDsgpR5ABDVz%y
zdr-<dANKrZrwHjL@!?qUT=IRXm^uGxO7@Z3SQ<OGpM#&O0cM^}aBGf(pI4pK5m+h5
zV7C5XA4(#yZv3<HP4AYXa@c(+(F?<s#4TZOKc$X$gUW~IbfADG;NZ9f#{WCsNBZB@
z^M1CN?+%DG904X1Y@DzOkwXCM$|*Do{<$lJ?gPO}F4zQD9ygIV6DND|xCNq#ZtiX>
z?tlY%*Ne``Gbz{v2+K^R;Q#}CW{pcbcTc^yb<XhYHyw}wNaIbXvgB>U;5}XeYhdoC
z2_?UKQ~6ED7#EEsXXI`DU3l=yu9>R+)Xt#4MJZ(e&_}kj`m@RDkHf1@J+;C|<)1GS
z)H+ifuz7IP&DXP)z@-wpSJ^j1E*dL<;iGaumhs)ez3QV9L_Pg+xiOCt0y?`Ba`(Lr
zry1PuK1)39BLV&`|KKLS?(=oVd5aw6e5~C?6#4sYiv18r(y#>lrJ8bsU^}VV0U`Uj
zs7Ro2r+ddUq&n>fAu9;_N}Ah2u&7ZJ_ydK64}6b(e<<QQsa9=jqF;f*W13j^=n^gn
z3#$A#a?s+=W47>t4#Boj>Maq^Y62v-kHd}l)a-<KU&HckBw{b14y_|#aTIGrh58J}
z;9vpld+ldy@Q~AkO(dOPB!8^8%vmVKFKqA07?OOu%VF?Y*{qd%a!Z*<bpZFva-95L
zPx=n;%qwqsBnvT@3m(Zymg<+`b}Gqli$h3${K)McKDX2%ge3j#j^ZrVX}mynl>Pim
zXOEgv(}x`6@<2-=!IpRBHm_-`)lu=Z{pfMKf^lF6$9d?nuVI{Lfur!qQ~c8Jdl3il
z`{7&=U8sbwJ-_;X0lkF%;t6J2r{CORnZOP~7{;?XpQ;F}u%81zJJvVc+f+|f!%1{L
z?c4w`UIE%c#5rA5KO<TQCL)cL@f8Hp0W=i+RIVbzfsYZ`o*$K0;NYp!HJC0~L&!lp
zxILeX*QE7)7RoIcn%RVABRz;5M>Xuc5Fps<eZYi~TUOGjw4so`YFM}e!rkC7)@aL+
z{?aw3c>hT74}0b`&dfC4#~K$eX#_r=Z{SfBVy0w$wEINpT<D54$gH;CTSojA!>kbx
zIbvcu=!#BENibAYRkmG@<k3)|R*WO|Jfu;sb45iYA>8BpqX=Q;S-#WW?UB0Sr~8E2
zhm%qvX0wQ|sQN2%#S`|0_P_Y&4X7NL`tOL<lH4$;Ad!#Mx}~bXp%iXn#$|^+_oCNi
zQO{{3ZjggVFg78uSd4#{0ep}6arz;7Gt2(lo~1oBFTDR}c9~I7ua-CvH5PS8*$L%*
z<&bMRq3tizm=^(tA2kk2iu$0ag(LI;_}t`yG4E|@V`>i7rW}7q8W^%IBIb_7ntz$7
zEV!+l4Bh~kegov9eSIB?ohf5Bk`$L014HNzL$D@IjY!;m8TY0%7qO2xre^%sS4ec6
z5@F!UfD4(XRqZhy9Nwec`gh?QafeSE1cx>0b!a;?E0vm3EwaHEQYfBsPN+cA^E3&V
zndXOCC$LRD5~(jK+Zq2U*bvG`_!igczth-9iDu=&iw?<Ma;*CL5N)-MNoY&8S|J_l
zK*M#Le!ccmHSw#9dL&n(1|(~uFB*`OBWAyzBfY2mhIUV%-lTrC;cit!<zIG0SE%0p
z7dGO4y`PlpA??Vz&Em5I+cm-CURK*1)5JK5)odvylfBx#^ly3%YsNH&FSS>);DA^M
z19-RJQE$pUHpUw%5R7>HU6?n)%wLxzbLr*cgYzrs#_(zCzSIr4rjwXj#z|^oT0vxx
zj3&;9XpDQhb^?|ad}o^Zs*nHqW|UYem5^fY3FSqJ_Zm=(`30CM-Jrp%3GW)nHf}oC
z9uIU+A_muE2P25=QYk)9=HIj{uB=S#PvL>T2AC1MPD#xVa~5Q=x?#gZXV>u;`WI8H
z<GV2q%Ro+()Xw!JlF%XXy&1ps)U&Ef7-61{uN%sAFYv(OF*hSA7!01C+UWLT8lNVK
zlE@bGk;{iKx9iBeXUe;42o(Br{SdC64G9E5tl49Vg>w+{IFz%8s_5EIiiUbv5i{{^
z;kzbDvF4%oez9tVmp&+5fQmQhbUMZf6+iugQoukRr!N5x5HQReM}UL?AHFjbRF+o+
zoAa4;axAjbVdPg?sbG(V=QP3NEgIv@pD#Q|-u3?e5H#lC$PhC@89TwCgh>6CKtlNV
zr|qrO>E0d0*1#V%9|5q*H*dR?==A;x0zU|D5kq$)L)+;uxaf`W8BfSoS&)(Uqr1@!
z&GahbxAkI-j|te0<SAALqKsDD?OhRvB`fXmj+vC;iZdGWRnw|1^!vzDt+k8LfJlX3
zzWtKY<>1sVhNX05#v{dx{yF`+wy);<9VAnkft55jy?h)M0dTXUS1|?(EdurJdNLr5
zN!ves6|1I+ckJyQXcQVzG^{<OWWv^c8##lN6K4fXf|!hVqSFCdc+)#U?&f?m0gak>
zzAc^@H`EbD4qhCqL5G=#QkrCvu)^qvQhq`Za1?Pph!-LUan#?zN&U#gR{n|x1^rBN
z))O~CQB{3-#KwALhoGe(gcFwkE1IMd12>K)^c`*Fv#ib2%-n^O)CY9^mVN#5Hey!P
zUKD$Fc2#zEMhpL5UJrmwc3sAU<%<Eo_T<|+1^rzIk5<A_+Egh%1&?{j_=#daVUUHf
zlL}Im-yD7)WWS5Pb>B36d>gxt`_wta^u>hmI)S+<g+Pr3vwH>aC?LEiKr;+p1|Z_?
zPKS(>zhBvF0dC~-yXjKh!v!SqRL~D0qbkHal()l@?|bYm;q3EkWy)uG<Hrtp35>Zy
zwBIde?_Z$H?%myoaz6d1o^b+9gK04uUAI);dfyRzVD2Hi)Ztb^lQ8#zSEbXvUXg~~
zfiGvAAamrS?ufqx2YQGf&XaU%F!wM%m%F}9AlDR7QJ{Mhw#2{~%>AP#LI#Zc^fAh2
z;(+Q-S);v33aIM-1!|oA_#QMgI_sTq<|SaDNJOX&wb;AsBrL#{N&Sr{CkI`TEe-9)
z%g05?e-QuctR&?B1F-Y*J`X;adThy?L-NU{rEHLM<|!aZ!dpQinzHbte&lsM8zR=d
z?dt_EZ$rU)*|R})*{KVi9`*KwzQ90IZR5B#3Wz~rtRJkQ+>@m0z8U$9{Ws;6ulisT
zH2HHG`hvCENOE*N_Em$*FFc5js+ExM6Welc+em<*sz2&>B7Q0FVESrcwj0qy=RRQa
z;yzq{V38kScOAFBXgdyqU>TgB0EmNUaK3!7i7)RKAF#xv{&yu;))d;a{&$4aGH!Q1
zJ$5Qz>6Bv=_cpJYd(#e((PzeOBjFJs639K_%eQ3?GZB-*efPG1*f~Q8xIYTq`#`?u
z1-IME!v>k3T7t|yUif?)ftoqV9s)5}1yCLy+0}a~4h6ZA;`PyP+R9-Uwb$V$tWC0P
zajtOYRQOPhS9$@u{0<dlM|)eMqbROGMG~2-%P=7f!(Am3nYwY^bVq3qc(UudEfrK3
z%jbMONBBEB?9XeM1C_WlVgDt~d?1p&W7JSZeK8+byj(dceycZXzl7CGA5cXJlc0my
z<SkmjpV13r3!BFRJxdlbp`7Nt4h3K&f<=0#aq@Cm^6-#uFCWJL?>prF$e*Mc#F9R1
zFrgAWVx}EN?z=Ex$!|+Tib9L{AjW@%KeSj9e17s?ky80xY|#7CC4}}F!DwpD`WpIW
z=t-bxX<er)9^+k%JCVLX%pB`iW%bTueL6xNsGBU7#N@XX&z4#wXge1>bxIWf!hd0N
zKhi%h`U+lkE~s(W*Gzmsko8iPH|g1~f0(7{l*6C;L{`^$uxxH$$pbnf@@XG8rrc(y
zAZu3e13Euzuia1S9XF2)o6)cA_3`ZmGDf_RQSNTz0xlxgL}gl7TJfqM#bMn4EC(*H
z6{hV+R40uREn24>*aElNM%x+YX8;bxZ4MQ3-IdUv8kDV<{;zU(e=q+^e;zOL%Ks^N
zaOn5=dFLuvwN2rhYw$t!!ux_xktd+*;T;wAPnO0cA>)c`6icAgCM&T+LEW3u-TkeN
z^2Pkpo2oUHOyQ0gI5Vo|!aK$bypoQmYP}_1q(CvNvGXwcIX9@8{@jo`;)hc6u=@3w
zV@AFt${Im;s0>Hs&;qD+-tY02$8Vwt4fp)-kOsbNk-=>rvuvj?u@}6rV^2f@tn9O0
zj40oo@OfiDg;393|4eZ0y(sx#@L66@uirO*w1T|1AFU>5+Lo&io_W_LM<a2NHpD5O
z1LwLW9Wp!1&_Hqoh-Yeu(P^30mWWQwD)#ude1vI5a;ivG#CXW8kSns9mUZMfafRQG
zbo)$MXeMSQ_Uu?}i1>N<DaEI(4}BR`du%5KxRU9SV$T<4`;Bj0enfL3k523wr(+*K
z9{zb|UUz)H`uRxi+1JdvlI1`MbGk_<Vb_CJ{CyYS{GSc2Y)b5!NLQdpn5cRm?tWXM
z^aVh+pZkvy7ZR@wedAaJu<6l-mXJryzl~c7DsFuW!5$92=nk@;SLl|rFv|<^aQnMQ
z1m3Sz%wcAfTF!sudV$pA5nZ<X9%FmtFVEa-tf5{E1{PhiQ{0r!fws@GnKZqhp+-v%
zVyMclu8n2wMl%GiI?e{sWnEkP_-;Wka-nE0gv!`FY_6>`LntBFcL`mDQN)P)z6i)$
zUq(W1oz+X`H$wm<F1KnMq+^H|X6li`bF)cm5glKPCL+FBN%I~V7!~pkBEB0j*Ck=X
z!U$ND5R;g~vmZ2cy#rX-I#hEfGSF=nAFJBxHpdTVtJT|K4QL{tW{kKYDmL}AA(;Tq
zDz32Rk2ak9>3mMDE>Ee7Rw~YB7}a;o@8MF_LO0X#XK`!&q!|WJSf~0Tk1Akw;Mvu8
zLq)zwp_y0fFQ(h`6T8nJIuEUPG_=<QN(<9{$vK2_WP%$gLImse%<IgB!F!n8%2;>8
zO_6@1j7VClyQR-j$*&=8UtEy|xPJ@ZKGuBx^#t=<rDo4T;At4*bl3jlbty2pG6cgI
z0UD106RdWmQJ9@Vqu88#KWcaM8+N9<{y|BK^j_gg{jLn5;Lt>(F%bytAO>(6-9BRr
z1iXBstTmG<HyWX(_aU?K6}Qxn0Mjcy`z30o$D#U;P;NV#{tK=9PrL?}w>8{-0ScB8
zX6E9_Pehab*aO<9ts#OkYq}p8gLvY=A^GLMm8@zWWHJKdX@hl-Th_w(!{`7#6?E1@
zVftGpN_1UQft3J$B&F<xzs1?l6zjTEvIRT^%{#`8!PuPm%@}n=X888?aa$C+=Xtji
zU9qc)NYR+^kuMM)GUWhz0|;JC+kD5&Eq$BRWxg#816}_Jyt+WVVLOM5Q9+%<Tl&de
zbGxZs$4KtsCv=(?)}0(2Gwgy#DP-SLKJqTy&-aR5oIlXF^%}t(v$MrOQIM$FLXzOE
zjmXKjcUC%86q+kSpCxyAembcTTdad%eXLhVx<kP{6=#YMTCaNzWWi%a<QzweP|zFI
zlNV;TFWS9y|Ah3Q*Di+1N69LT&9)aBaSg`$a3AD_scaL1v}Xk{m4soO<y;2Jvs6E<
zQhl#`*fXI|<wec3jdo-do$s&-Vd84)@68}t{t|BkEY6_dGG{S{hbV4>v?480?w}Tf
zDr8bU#4uHtE>ER-LBNLJM~7bl^f^7h=bvDD?&VP9@n1Z*tr6ilfc!{13d%8{j=^&}
z<&e=YvcSweneXAH`TK}f`5_I?3oVBsCR-#iky0eokwJp}4FkVTTKqR{5oJ;1wRD00
z6TejXgsCoT*@tWfyVQhiq0NjnWV5iN1y$tTRAhI8WaEDmnHMS%QFrFF=TmB}`IcN#
z*0D=i%R}w{#rPxaLse!b=UJ#?^E2tOe~TkslOQGIdP73LP1b@uP19;^UcE?^F3pR;
z&?`m;e5m-e4{YDj!p84*^`gSrYw2BN$ef*Ni2%R0;ja?N%`2NgKj-#zMuc6!pt*pb
z#AVgj%k24~8|fVDQc#v&aDBKM^z)i`DX>6*s1}r@Ap8Wo^$q$?)Wa1bAv|1*MXCvh
zvlsCzYJ{@I-KZ;q3EQ=T)7Fe>;{drF#Wo<L-2UEDCnDqOuiW=GNT0H9Sic;Fsc$_B
z@3Xvn=8HQXdsMC@y|IsQJ+bkHKf~UKpGPsz19Jr3v3#;yBKL|{e_XmGjk(7HE|1Bv
z{6lHr>8rFB{QYZdHt;3Mv1N}((9Gs1IS!c7eL@7G1|f1B(g168E1aRT7Oys3iE4N`
zBq8Ue7-{&&Ouv|{MSQI(mt0x1-AMQELZU-9SWw@kAbCeddaboGe#!G#$=>kG)%|!S
z7GHf;X%MG{5e@4|h9Cp<Ms{qCfRG0V*zA7MX8Xp8MRLwonEuA5ab?A3gA6%RiUs66
zlt3^cgHt|(%iWB?;CiF>?6Lphl+s!6xq+gK2(()tk+{rh%oF8)7QsAzVj%?7A5`Jw
zw|LBe%>7S5(?SoRx2#ja#;%9%j2YikzFglxInd=N_XkQT&IhN`e0TUP=;gH%rP~`H
zOfV)9{AT|BhUm85&5-{#u{Cn%c)Yc&Q?T_?a7aN{!uzJauohkr*j)77>Ne%-je3zS
zWrg_e(vT*+2ZuLbN7bB1e%g<e)NB6ZeHUE*FRfjZ?%{DzUpLwi;ntcH%SHYTr-`@d
z`<tgUvTqI7;J*JK1IDcYPMwbTssePF+?%$>>K$q{qQSHKAJUx7##?(5*;ilg>y_v$
z;;e!txXjCl+Vot=sYDr@ld0~n%w~D|3onc@WKaObl3{}Lanpjy_l%$x!K-nad^QAE
z;=3aUo;BuF+~JVAc~YLW@YGaVltLjfd+0kac%n;sxrt<9Giq&Baw5Ca-5f>A=3h)t
zZ$Hq3pzr>zkDM8Kb(-yFZf`b%3lWz8sjV~*&#GS_-J2Si&E6wT*${&xi28?i`Xd_o
z1Qbm%<c87y`{YpT2vkl=ucYu=VI;d<kfy+vbQ}Gsm<|tL!1fp-7ECMEwh&SE3;NWF
zF8w9xpOh}N1wb~F^lQQ4y;#CvTgd()2Aj|rRoIB`=)1hUHT|)PUgW~dvc3GE4NG7*
zcV)?>KIB(2wH(SS{H=Q^&%tzY=^BlaS|Zl<ugrl2mah2m=@8^{9qbAU*4LtjOG0SK
z%}m`Cha_p3HdLi=REoy(<RGOF@&@Tbub^#6WqVg-ey<0^cKdST1FR)XZ?=7H&O>Du
z4#hx>P<Ec#&8-Wmm?25XQyl<2cbc%s_Eat^aj0JUn={w3EwbA`0kIkHnaq;*B>e;=
z%#ZlEqeGT?%H!{l^B!}g4RQ+(`K$|g#@&_mML7C~jCQa;-YhDWks7$y&4H%(QcK!}
z=x^oKxxyb;H<xt&-5)#UVE4u0a`_f0KL=K4zBf(<{~@XOMGg-BLm=0wUr*!sYa`B&
zLLF1VNj!0ia%Le~tV;Lq=)?a3S3s!00gj7O-q_nr%Mw0J))F*<CwGwBOZ2}tr$j&R
zbQIMOu=U9ovscIKYQ<wyii?ep1;oYcYXjh-p?X=U8Bix8ex-<bF~nz*lXl(3+W*a|
zy4&BYj`mZhu^}Uub`RA4-@d$4`v=sk{rmKR+CSb%+kf>>(tb5RoNIBEijF->Z*s|6
zZFWs%D><4)n~_CT?IrKL=ew7fUEM|=?!(+~5kjHHTqh+CmC-KdJ(V0iI`5N6Vd12(
zgq!Fk7bY*Y+r??@-HpuDIXuCUS+xaWdKPcw_~z-<*SB#)C{=t&#&rP@*<6_vDlYj#
za-9g>NfDYC3^SuxMaw)-arx0n)%r@$QrMQ8O?wv7@zK6)Uqs%?Ox7Y;$rvF-uv`Nl
zL%oxsqi=d<YQ;{G73+lAMH3~{m*Hxyy7v4?WuCd0;F-Elx(LtS;YA{BLF<115qT2T
zI_6pJv}69+>HuRt{!qX%Z?ZL9Jq@0tgU_s<l|qTrI2`m`9P|a)?Nq__G6g2haN*@2
zKy}+M0*q-I#Rm3QHLR|L$7d3SSV0Okic3|D;>I8vFLk9Vv6&eyi2YZ;I%!}PrGdpd
zpn(-C8fe^<(!jruN3r-AFq2{s$u4qayc=&khPR~{l=<zM?*!nt+Z>enZ7g^rWu*>F
zJ2uN(Z;Wbdf4K?W+Pfb2k$?X2_|LfW_}}F-{%;2w{{w-?fAfFy_^<gV<3F8_e}CWc
zpFqa{9yb1i>G&tsYy3SCKI7k*jsH=f^_1dYwWNl|m%~s1{?extRf6-;ew@IkSFVe|
zR`D4n!~mAGkh)N<eMCyzXh)>YTLDI-{MUdZvZy#*yD{am8_d3Ak&0s>ps!Xs3}f*6
z9UBX>QLXqiz*w{jI2QJlXZzNP-g1iGb~S+BA64jG(~#*uk3=c@8?EjJ538^DVu#iJ
zg4kho;xx_4Ik2;vPz*u;XSX6ab`RGyvsY<qL{H_=<vjGiVk9#^Q9fv+`XHwde9&9@
z;CuX_z48IGSCMYg4|rpUb($&)$vovdjCL5ntYemM)o<VQR&CR^6{WF?e{((`Jf{9Y
z+g7~c=eFURVd{dXkjGe5(})gG&^6zJqE!XW)E0zpA>Cay(AWP~p-9_KG^z1+m4t*q
z*B<#wg?d`VH>?OKVal92^8I`31n;*bYC~#U&Mjakw)~}2b>f4z(57Crz?QVYDSs=Y
zpqolZp)9q_+?lgw<9^$tC`igWGqz+5c$gj~8gQ9-4VQ`M?<Rb2*Pr`v8=0N7^kGKe
zGg1>1d(p5aYGMVmler&C@OGmm>BhaBJ6}cSz3!%K(Zs`4VdLk&#(q9gbnH|SJqbTU
zZp<H)Zp0z^8|Jm72tfrT-t4PD{fu>~y{aK!fUZVxh7|T9hW9rtg{Sy}671iis~GV1
z4D}pK?49o7I3_|VW*kP`&0^RRQykZEfxJ^C9Gyas{te`KfF2wWecjMjT*ZfEl-ZXC
z)tBfJW4ZDrqSf7{R>1oeKm(_?E;v4<73Ur&t-s>aft3*fJCM*-DJN7@&dMQZhoXrx
zYMV|8BT@Et1D|)AtRju?5Ox2KCZur&GB%o6Va~yUNCOK;%5a>K8jY9fqB5CmJh?sV
zK1rUds7*ap5nRQ?9{C6uHUgKPE{~lLMKMjoo5?NM(~Iz=_NPgXjX+Y);V%{E@Jku@
z5lP6h@MpeYE{n(vU5qi4)@pqfCF1%^O`E8kgXi@jRL>nl41pXTscWUjV|Gr39i;zM
zG{B=JI2T7JT6>edLPT6ZGYq1AtASmbsiJD`GQMCju4)(~-s`_)7H)Ze3bAfsU6qIY
zw^T^l!WaCTH1~*DaywWA>D%m(1p8iYn5$Kcu%5zscp+(rzz^ML)=2_CXdm>F2oTox
zf-8AHmM%RO)dr(ItJ~=g&WNX`jKdxJOQfk5$8B@cX}*9)J>OCV?*dkL(=>OEP~r|2
zJTMr)3F~grY6l7(ODwLgdjyw$7wLmeivO9(2fQ(TKm3^Y8`Jpa`h)OeK4=tOxuzU}
zpIwS)+38ndZ1!{H*C^OG>xHC!w(UaFPu2+FF9auG&;nzg2*Uz6+-5K*9k*2og%_;6
z;J7528$*X^Z%C$NG4+3JB33}6OJ7DOF5R}3k*4^!wNq}K;9IoC`Gm<*c%3f{MaS5)
zfL6Em2%u2=k|cKZCf=*r+CQU*0)wtc$SrfP)Bvoc03B5Tg=Qz7z9J!6lFnEMS)i3w
zmZTd`_{Jk=4zCN(MG((EqP+~jYJe7%?^%&h3}5g9+H1K|O;l}!6l(2+1nH$kwYAV>
zB*sv**>#+@#9s5#pP00bFX%z8I$aQe{sf>ufzqGgYOA5YpMd^;6A1nNCKUc|Z3Cot
zgpl5q4r<aPR42krvjEZI!j5BGWd_1?R04UM=32#)3&Emio3KHqGIPgsqO0pc7}Eps
z<vAihyO@xVkG`KbHrWk7V|F9KHQ56{WA+%YrtwSlyYV-DH_%uK(AW;!uVT`ETT{WY
z4@(uGc6TiPYRe<)SBpU)w1rCpqd)sLBT$OffLrr+LmQ6WZUw@F_8n8xoXQUEQ?flY
z9ltV;qmnzl-i6mZ^lQ#|@CjC$2{0^4$E;K2d%a~_^EN(7u4))^RtQcWJrS9cs%(t~
zdzk?sZEklwY;UzYAUY`G{4GPZ;^$W*&|8RmE3K>0V-1lSLi6eEFLHkEy=7%j+19o0
zrMd@Os$--vP;f;gc}+<i(Vdf`M&e$P(iNY>@tJM??l^aI6(jHiGQcL~m}}Q3M+je#
z@w1{gj*(W@L@@2z7cBd3$j<Tchm<KeT17K%L90r(m+GZ4++Canx_duve0)(1Zn*<i
zap`<fS6It~&CYB|^lUZv&#s)`z?oWASiFS#T0SF1aHxb2M(H7ac~=8Ix<HV~uO|DZ
zNwj-(wivp58Z?n?s_1;pmIjsTBRPb#9!kTwE1ZhHU=}%>L=S>y#3oO&rn@peNIo++
zrS29j2bqkus8ny5<kO<1seI8k*o;~Cdh6;gtiQLg^yR&MyVo3Mpe5-NUpNMawj$hv
zMp{1oVgS7m;98A8K*cQFz=PbfzyBS#BB=lCy-~~_M{tfZNrOpb<wNv1M}3~d@;lX;
zZ<K;-%V+w3t-jJI*@x)l6YIH>`e0~Tsrq1u>E2h&Okf&y<zUDaa_z?+s`DWRc`{2e
z(Zn10z<xziCQ-VN=&Z-!)<l_!%CjDi-#PbPe&^iny$2EYlwPp`Hl+5kcXmL?OJ7}z
z@Nq!6^aFZz?KQ~pRwAECcf2W2yVm#w4gPYsGAoTz5KDYxx4*s00^+%x3>*cXcHP5n
z=QAN(ASRY-?usl2N6vUW8e!eU_--PZBkrKak6#ZUhqv>?TO{q$0(NX#-6a6#PIajh
zb8IW0e-SYEjwa{dROp$AIj<?J*~MxZWv8ksb{6kap==LJoW4uZpHgddG-%eMEK=%u
zjiMq_Mnx7qR@S1-xSpJcjUCIWsF@7kOQ$`44iRkQD7~=~W2j{mM*l|S#$elquMGFQ
z$xF>KBDLliMD0NxWD@+oes=)Ni-NlYSYFJzyKc*iERSqTT5}$D717VIVzx)NP(6YG
zll%ZCDf`k72$1QuyfC>9%5bDs(b0;O`c%<@+5MC1K1N5Dxc(=y*?89zqhjOfrCd4;
zyGPSuFvwH9=_!xDkJ5(9(KR4rO6NPDZ8VUsx#byZRGn=sy+K>p`X_~+wEh7pSzRBb
zgRu*FuVZ)MB0Be+2!HtW<7`nhJ7YxWV-jC9NS5Ht&g2r@DjT7EbAHU-oI5DK7+D(w
z4J_g{xodi2Q(tlzPE97L&Bs)gtprr}<jgqcH2_yi;#iUhcN;>O0QulM;bcEJ`6n#M
zg~irBisG2w;diDQ=s)!=AVna}W|98CM~mnY7W7{&;@5ZOGX~k`E8EB2dez?5>^j}M
zJ}md=KLFn=ImIUgkcZhhJJRe-v^b|rqWxCrJm7F|>F2d^r?127ZE3w4r19U4)aPHG
zJBi~OmRKjI<qw=OdEO*zGCa(iW}RexSai*bzBM?1ahF?@9<y1kkJ86ExmK$UH<m<M
z{c%$I0OaBd^r#}b#_2`q*)8<#Gw?h?sqG>68b}Yt^uIB^3rip3c52{xmfjuY5eJBZ
z7x9qzZ#PYB<IeLYo~DU>fz^W%N~dC^<Hgi0W(M0G`)#88Xl|Nwi5|IE;%s!yT#PYX
z$<DE@)WALwhhYX$RS^4tm*ufosT~VuUrp!QluY?xy%v8R_VY1}9dr&MG{8vROiv%p
z(L52RE((rw(zIZ_42@#E<1FdoIVlLeCPGrAH|Ygfl0|ed>ZC_`q#$T;7aiy4(ZJTn
zZxv1QTaJ^JgAO&<J+fnfm9$^S04r(dj&-l33ze1hKWAYbe8g{|d_)2G7Xpm;0~oIW
z%tZjRcO^ASD>7;bH@>ozteRv#fMi*P8v9dMB0vQFi}`;q_3n47>5@mL%O0ZSyGF*T
znb|oRrszRN)t6?3a|Ok=exlQ2z#J<4V$Ob=6A3v+ZO->Ia4onDL|Ra6y=%CuRTq4V
zJz;H{*Kd-ok>J@Zc*<c#D;EmO&3wjXkxxHJR#T+TW<m1$ZC@mTMEnJ`&^ZX$<pn%l
zaX*(LC;(p+q~Dv|aQ;L!>p1iWnRRpylIR^0#~6hZv?6_siO!Uy72%vpak~C+g#V7a
zK(mdM9tp6Gq|!N($N8KBJ!&DRK>r#+%^4!sqxrywet0$WyzvhY-Q1?e5?$P>_5qlp
zJ?-l>7+Ox5#wn+P9v1o$OgbZ&)>0Y*BrxV**|UDCq<hxGTfOH;M0ooJR!-4z3j|!V
zbD>17VsNQBmqUg+S;P}`%raxvQOw#yvpQmyQJeLj96|<y<1muJFjuSogbb={BLjg?
z|HbU6l!Z7%WqsvKsp@hB%9eZqS_GzjtBb$j_QnIEQr7;<bx2uOEAgK}>PvT=LkSfH
zx0p1(XgA8KDXX~adV?;Fe|ej2QkrWB(p_5JQr)z=>f;NSVaq(*#H35M=PS@lbdFcw
zL5dZexs_1#_02kKH=%5E+(0TzHWHKm;-86uF(uXUFSJ9cuM?_%<nIA^fERdvV+#1Z
zhupX&Z7T-~sJNt+6wSKhrE-(_!W#tGSE5#S;pG?UE*!Zz>JI$afMGuT*i(n^#E<=a
zSAF=gX(t2mW0x*a+J2@)!{0OeHg5~%s}{78uZz?eq<c@VS$*d#5&!tUg{khAv-=jG
zorqB1w@7A9{<WB%H`a~Mi-He6yZv@2d@hTq4?e?A1j6S#=V{~m7Hjtpn2aP8;9tb-
zfZSX^fNTFdAd;G0^9*D+ID^YT$}M0|T=R_Hl%Fo(bvExT7ae6<e<!6?H~`U5wU~4i
z<9B(a?>1@bM;yfo<iN#2M6L#T3yhq#ncxcRHmom)vCTR6Xqgcl3X9ePbb-K|OhQ?i
z;p;Cr(%dW3+O0=CW?iMQerC5sx8dBew}cxfg!s*bF~w>zjytlmEkGzVkS)c&HBLFX
z8(f^gF}CW)2At56zA-tT`9kc=Z46<AbRO4vYKA(7`Fxk8_ARKN!!QSe_8`ktnN&hR
z2QyYV)g<hb=w^n36uIwwH}R%4<K9F9pHD6dV1cbWwO~(8JGIc>hm-GHujahr8*k!C
z&M%jcaU{xYQ%hp&IDqI@8qlq@_ZNL+GYx&Tk4YJ|mS8t1-*kj?70+Pl&Y_Icr*jM%
zJd)gGBIi)0(y{|Ss)bZVcVm?A1uctXW(BHBnYn<sQkR*UW|TMrs39_a57vxymtM`u
z_km$f%x+!hoY+MwlXOR6rj`Ksz`DU*R22UC2!Q7+bLZiT2x4hGzJku7t3O03hKZ1z
z&XWK5Axd*UuGaAy?Hw<nh5vXJtf}XCxu2<hyxzH`8n2&!z2kVb$p0tf)qMGXb-Xr)
z)n~l!`-6?w3w49D@rwFGGhW}ErQ`M4SvoL-zt@b{%PhI;_derwKQbmHE(9QOK*rr1
z;ekrglB%+E3r^u_9`fa9$oZ(Vf!R477O0WX?R`Q?MFY{XSu8o%M2z2&cXBCTv?GU~
zU6R9R7hl0!r#XD?A<pa^K$x9k!Yzy-*LzIBM>+J-Is8&|yn^?AEFE`T9mLORV$9*^
zY=Lw$p2J#8a?<&Ol^KQCt(j(AI&)TB&ES8yXwmIAJ9b$*?lL>vLdl<c(V5)VoU~N3
zh2hd=!e#rEp4>wyD8e<^HN=yX-mx+bZH+3-xUkv2gL=|Q9U)>U-nKqiTv$wuE^SYV
zx*ei@GoJep%Xxr=R#uGl;GNVtArSx`?@_n+7bs;Pl(3_)+}h=8I{!ljG?29JoKSKS
zTGzXkU|%9})-Eu<IURR6_St@ePqxD+<%Q+8rlRg|T3?yb{ZV|en-_Jzx*LePKd^SQ
z4oLl^&ryr7{*)YC8;NNsUlekD(Quq^V+3crUGNAj8f+!xz>lDZZ7R5<JhZXa9feH3
z0awm?1o=7#y{qU-$%itft-3aNr+*do8Zt!RhDdbAkO@<VaeORb7M@etb0jt0b)`o)
zr6>JXbXA)U@-(}(5nnF7yb(`o+O@;>x>DL>754?T;VKe6ihJG{FPJbd2=lJ#+K}za
zvM!2lO)2h$kbIOS_gN?FTj=UUV;2w)w@^2rXxBo5qH%zt4GYyMG9ij0RVeEJW34D6
z%H_K*Qxv^|?rN|ehNVZbJ#TXaORrNbMFzK_a!taJhli29IA+6YYHlL^+OZ3V7JW2c
zLwa-=VhWMe8j%!EZSVn4vwkFa3Ry_-6pEF^LZ>TwdGR#!Ji*hs1(3IkqX_Bzos6en
zFu8~&H~Y@_evf9pFAyCb#TtTW=~4;L?jm+IH`wKx-|p3M!ur|P$+NmWJZGw~VcLS+
zX>(^jHVx4khsTqNg5!ue_L}IpAeP(?CAyJHOW_6n`3+=PfK54G3@8>|Pw7P06Onk*
zzZrkZbNE@Xn9OPVOj=(qZQZollc%JupE7IORCk0|{_yM(?4_xK-J|25$7|+h=l#b;
zkj7ithFneK=d{R4<7YpJ_mB3%KbUsEAI3H1m$dx9@#>MSBfv`t-@q20;f%<L-;&`R
z6`T>jBctJAzF@4L6j=EW3#_WOz#LLw_&+SqP-}U3cL)HCq(Hv#A}}!ZD3mY6_`C3(
zi4@Ei7Qw4u;f1S-%ivOS9V_V&UpNiV`$rKcv`2;5QlX?qFW75zd;#?=SrcT<h2LPl
zusiXe5{HXkD_a&`0>k0lfj_WL&caRNer#OW7X#5l4X%X0;{tjmzlQX=GqLJ~uN&AR
zHsP@M8j!XQ2R^;mkl?h2ReZrdQe&}Esbx$ZwFrT0>FBK`JWwsxIqDktLJS#FM=d7@
zXlmJ!UrkZnk?4p7sA(ahx&^#$Ahk8$h?VtvJh<TjzVIea1weAa6&=Tn1GLsf#Jd*8
zKa1gD?krg>dbXKeoxl7#f%CWb0C|3I1c%!nIzqL$mKez`p)=A5mW<YJkQ~X9`?BQa
zG&znXN0MZ#4P=~D(X&giZ!1PiqNQ&NCAalx(_tM1zd_cH@EdF!4(nPZGzZs}Gka)(
z4jqw@(6}swW&OmmW_z>FeMPg@k}Q!=KPtj<*B_%K7mOufWd^jQ`!#{Y`*5%lUL{Lq
zg6rPyBzZ1NM%z&lLvjIoM?_D@7<#QBlO3~$r3|2&E}}us+=!Q;*fp`5x9E}U3|WrN
zm2O&rDWZlJ>Cw5OqX901xqS)!RRQh4sptGddK5f}Gr*qmZDZm{=Piwsrq}Tcd+Bj`
zS~Vk5N7&cNv{j~!Ut?43))rLD$Eq|bRTj1krh!k4LJMLIVoJSU2FbTDiooI#Ex3v+
zL8OLCxd!yD>Rx35(jZ7J{EXIkmDQNJF%4^M&T7mg-DTBgdaHdph*tahP+Dy!R!d;{
z!bh-f4(rB<I>5t(5QHMHjSzGj5FJM>vA3yBP^bVzJYOJ0Tm$X!(k~&s4|dVP{EkrM
zd?t@e&$Hy$XmTV=p3jo=XmT7&&L+v$$AErP1<x)K=vN^03)_$$DcRajMEY$fBK@MT
z9V@g1yLdPKG8w)^0-eZ`d79jrB@bcARXZ8o9upl$&Hb&>iMA&0NQ<L}JX^zw1{JNZ
zP-WczbOeVxV<N$e*>Tkz3-Zzt86{SVl6_)#s^4Sycx5N;;dau)Ie?E#n7m}C8Xt2a
zS@QIqYJALzW67C2HTV$hTNplslAAD}ZvsBx7w`eU6d%JxI=8~<mloFXUM$)36G`sF
zlH0Omi6mS2^cxn(H8Kay{b$h*8?Ehd3Dd3Bx!a(Xpf=O?Ctn1)z=fOA93u_Ljz@|P
zlr_dgN2V<wY7)yD5Y@S#H|S#=GmN7AM$$39U@f7h+x}KjCat{|4b_GQQms|SQg<OY
zj>b|)-BZw5>MpObR0O_v^}gS$F`oL~Ydn>^n;K7jtO5AY3ow!a{EIYQbX=kaRv(`<
zL2?zfMNl8~<TR+;yz1{7*;UgupwtRCZt^%DgXx6LRZUp&rpF_V90n71;7zSco&vnE
zQYq^bEXzSutYwn9;0XDf4u6rML}2Nx^N5G8mPg>pJyOZo%`!5jt(cL4UpAs&V#B^<
z*(T`&_7o>QT6hHY2GYDWAkQ{;%K<iKNShCV{2R<(P0}wxRGSnhC9yBk@Cz9}PKsj5
z_pDL#xFp`6lOsxmRD<X!7Gw9C9c4m^Cj^kc<bKh9{J7asBIx!Bo-zTXG9P<NA!%+U
zFa}9;tE^Tbsi$=!JQ}P^2phUN64}tDe~?nQizQXTA}pLX-rXII2HC5%Bm4$gTL9+_
z55cy!LQ=f7H^`a>e7KiA2z<tN!LdU~+6;mP4E^Rx?_-txsLnUYkIoTBrH^q+A1hUT
z97X%MS<qb}eJnL<`Zt2~Zv^RIGwk08xqqeV{_WNF?}~r_O6C4F!v0|k8)5&*1N3h%
ziVsPpwEeJGDUVh1qdMOpKmPx|e*xlA&JM0uJW6gygkL;LzG!JsMFS$-5q&hd8wBiS
z6VD#Ir^UP$Xj|U2ETJ#w)aR3n9w?sXC#d|z#UXF-$zQ)C$1rrY>XJuEOLmDFYi}aW
zeM<Hr_cQ`4(PqiZG3nnQEBApT1;<Si#uT_(*bPiQNb||%6ls=$<K#OhTZlb(15{}@
z#dSJwvCh*&aTXEa{C<H~1L+LH&v;S!tl)YmvGyg^A|D;sgF23st(hXF$_5;B`<Mih
zuC=Y`Y$g<zTN|TyaP&CQ!`cwIabk-gpp?}BZO~O^5ig6aX<6^HvQlvqg95i(2g1|_
zDkyoP4~i9v%xz4qBsvn_sN<WbRuZ*TBowS8;I2&AgkUAuJNE#&{zn7NL6O;5WU^dj
zFIr^!KPiv+1IFz#)$E)VEg(;lg=>GdImvCEZgEWmfqYJ-JKop7`!<k<%PP@^Lm)v6
zMOS)srGUvvFmtwAy9%xhqdBS48Y4PeMGO7Ma<&+u@Mr5b(TSQ`r_CS@z5KfeM&}zh
z4=ka(k!as)1m@J@I4#EFeFeS6amy0>msoO3Z_%AMJB|w_Qh&a1MF?;+cr6Dnl!+y$
z^k_G*^RkH(bz8lyNAL6njdaw_2HI|s9w_a{aSH`>1fxy@`i+*_Mk0qe+~iZd_h3%?
z({=!vvU?F=U8QoZVjIY3$h|Z9huO57UC~~f_6B0oPBTCBgrJkm{Gb!iU~6-<2q`(M
zmpWi$9ox{B9eCi=dfFJYGVexA<&!2v8?2r13DwSIJVD^Zs}31d+J&|PLvK4L5L6Oo
z;mN}$f((KwXl}*5(1?uqQ}M;vox<y6-`)nbQp)ZRBuVjuw>VtwetRo{a}QLlk7XG&
zh=^k%tgIJFkpw;D>wEEz1gxngRe=0!z$fufml1rOwv__3CHA5hTOurI1$!~-O-T)K
z+ci3(THeczZ~>R*i!HORQpQ#@8C#bxnTRQwSaL=`tV~Z#Ylk@|#8Hpju+NK07p$Fe
z<bko4*!o8B1sDxQe36DHNw#w!F{A1ICCTy|#TFTQKp8PXm-~tIW3VLMu%?TyA(ha(
zC;E%7kwy*u^TsrJesO&BH1GW4$kO1t4=OBy?H=Zr6VDNxI%4)jBS?vCEh^lBjCs--
z>s?}5DAlNiycO3EXk!RLcEzWJcl{GZ0~Pgc;R`Ujjm)i+WfE^xB%8eW6q5D`{LpGa
zcSzs|RU?TsBglOJB9dMiy}W}e^D=!0R&ys(b9x5@NGyb~%t>dh?eN7>wZaddc%9)K
zK`bG^TL*zxb!r2*<BbusgW{4eNY+u-9HxF>!8HjAxJu<ZG`EPYhGprvV6RS{2g7=(
z!i7yLsn83a632G?@nCYmO*YfmeS%}VP;y)kT|?!|ZoxH<UDbNxXVv`X=R9~Eex|_4
z%=#mT|Me$$iNFLSOW2ab-`oNJHp5n(3bo&|{RF8c=wb3AJZy);m+V&AHy8xnZoyNE
z{fAY}b`d?pJPI_5@!x-q;4IGM=rre0wE1a*3)1&nX&Rw0(K(hAVZ}pc_e$d~Fj1~r
zlPtkcdF?0CN*naR8Rcv#IOh?#9S9fPAEYxxmF*}cRhfXFJ76N%%%bRjioK@N*VzY9
zayafQIk*zKbtg7H4|Jy+d*u3-bQ348o1~BnWOpA4xf|oz?*3=v7R=anW(Yo|ywtWk
zCoOJAZfQJ?&$;w@S37u~N}p$AdKNspQ;-ucBiaec00M-&2YV$g9pIkMUP(VXyG3^p
z>;otjL1&T62fhtRh6DDB0om@BzqZ|rXd1mbijtMIaK8#AhowjMt5C9E8o%E}gwjr{
zqga1l*SGNEUt^D%NVbie{J3Jic>|$rD7})3$8GV~r6|<85SKq?+t9>@o-aTvjX`|D
z*US)%9v{FQL-`Gf)nV16R}OtDTb~eK#}|wx@WjOj2)t$|{GUzD5H6x&!U0D(H{8{v
zD_%P?DEHWjK@$jxv3vMs4+Np@X746K>=hyDAk6iHC?wPK4MDeE(CwxBpGzMuI*^wQ
z67W)M@scTm<Dg(adrQ#W5Ix0a-3gd#s`V|MFA_b2uBSKU4A$B3(vUv$1$LIHW108k
zOAvb*A$qpsH7R6}m;ONb=PJT14<O8PIC}9yW;u;7;^`Mnfi;(3Y+-_<+T9rqtRkT`
zZjil8g4|&$2*|gFKp{CRgxJg20Yt%QWCI+PqHeqBs1{4AgDi#ROXfJL?I(iGx)RY-
zg6A2~%1rD}81~^y+K0><IiY|h+?Ep-u!LJQ!TLB%`&*)?T(no~mVN^(kU6#lRx6#Y
zr8}97KQxLZA@5%uWNmG6;A^l=;EMzg?QB26v)%jFRsAON8O81hNP+&^i)-9G{N7gc
zTaFS-Y>7E(4{VQnpo4tDhTE`XdCEk)$7pR!$*=HvRPgcGU-`6~tSR#hBCP$xTuqQs
zMC)JVO%o+lWLFHnO>L&~w<hW|Mzf-0Kg{I&Oz6-%ArAjIc9<O%@x{`L7VSB&d9$-W
zU3324XCm6$&8woAJpi3fX!eGJ2j`e?ATw$x@L1y_`JzF_<wIix`yvC!7ofiudksvW
z=W#=D&5JR+o{UxRxArFuI;zMLoQ(zN;7Gr@^6AswxzeC)FbfCS7!7q}ch4Oq>UNrA
zPYOu~V2%J!H`-`+JZzF@NHDAn%ob=cM~oC+a5sfA=si1_GQnO;NtW!s0NCl(nqa3z
zYZZ3pHg6C8&t&eornb8Q3u2QXJX$ZQ0b%6&k_nD7``KVYcMx_Hk(%k{tRVAk@O8bx
zK(+GtUc=t=*!ykrZe57ax9Iac+_(hKZajZk`aMh!!Ldh(J&5wFwJ-dl5)Z^nyC>K-
zk}rDPBb1d<v%tOvYk!z%zG+?j(_q)#0ptjivJq5P;|89i<Tm<ii3PE>60lhbodS{d
zfi1rFAawkbcJKw8iTn1OqGN{``?JMy09ir7xfE8t!A2pritv$1mGc&f>lFUQ87#!2
zC=WtFi5OdLNxIB0n}JJj(hXn~Z&+N(11w2p7Jg`zsH?H?gQ|#e!8&qk;z3r2n1${a
z9XqA9r;##Gm>uWLm<A*pY;pVrjpqyhg-2P%WC5un+Jj<ji^XwSj4k2qZ!qqp<b)nC
zU&n42Zv2)JUySo>5O37OPjh_(5g8&!xkXoEJ7?C7HVCnm*4Ef|w5~Xa2ct2keusVF
zZ^3aCF9|>YEome0z{i7O!+@9ga=f3}&y2S!9HD|^i9sM{0Ki*$N<d7rokZ~1?Z7<i
z`DIUFlMCQygsWAM2uMxZVNJ}4|6MDejdb>o80lObVHn{^?l8h(?O+(`>K%dnng|Sq
zn6%plV$XP37fyi0@SE8&+#mqM+fi^_&SCPSE{$)F!XkW70?cf+?Y!AJ9C+mt0*tnq
zB(NK<awni84`4?;%6@8g2AQ41pg+LI4^j1}3`;tRUm?p^1^q$a2Nf|y5V=l=#o818
z`smw$&Blx1(Ukq%3Jt2Xxi$LRAi=o^q=DpUk=_d4Y9zJ7YVaqqPJ?ngsLKmw<(0DX
zN^NdsE$hAuDW(@J5oG1G=wOj~(&$|S$YtXi{oD(%V8@pef0)kXMrLPvBj~Zdnc!I5
z3}}0CBO@l6%#QSCMocqdS|p~SPl{%dm==R+ahR5fX>pjA2xw2m9S1N}GxvS>(*(<i
zEMl1NDUUCP`T)V{L0BJ<%;He2F9_=k!umq7zEG?$2<r>N`a-e3P^>Qq>kGpALb1M3
zydzIoVA!yrzKWLgKJKL!z{S1P@(&N+fr~HJ-k12N?;8Fpi+E9oeW4&a1|A!bH9w)r
zn|R~rKhbfR3t3e#+nZ6*WW(Kki8CbhZNjuQ{~@2EsRY7FJ12(|Pd_u7&@ZAMqdwzu
zsq%$-?%75qlWitcSfrX=??;mj1?pN5#F_#1=LONU?NBcBpcfq#PwL;xOcxWe{slp_
zeuR_Eq<$JoqcQ!c6>Bt!Izl2}DiM^>MVpHTRHk=|;7dW(giO|il~6S6(6DiFq_own
z331p2fi(f)r1EUq1T3`?{pjKMdvl7nByv?-_9z8Sh{GnVWlhM!FHNc@M6xE}n#)R?
znn#<E%bE~_O)#-0Ae=OWH33Uyju<zN>_I+S$C?l$$9@&4%Ox7nnO=H;FD0F~2^eVv
z(-NU*6D{pc)`V2ngh*_Hq@zthIBCly+5{}ME&b@VXgUykIr+%QLBmF46C$w*$5|5u
z{BoVD3B{}l2Jb-Ru+ogO87nqn9cu!@NvW&}$Grp5WgNwV#F{`ti&e5Fm@q(N6{AG_
z%WNZGx}Sc;vBJ?u@FtW+Knhv&wc@pBc2*qm+M@(Zc@mwCIG!Un+03prL~6jIvs4|+
zW@(3D_>8o=H#*Ud9cL#hM(kJ?s~h2@=?~G4VS#LBKET>&Vpo|+?A%Bl?U)gPm#b=B
z!D{_DNa<vCBRZmMS*-@FbvdgQ;iStGX|1?NFh_tNvN4EbwUU^)iL6$G8A?cHHQ`^@
zzn`M$M*{O66(Zv@`zr;PA4T<5<I?Q7%@+>VQ*>s^-x1Ssw8;wHNWHWklTu2Ld2kd7
zA%So>0~4#ZAM@Z%h)$TYK!Dv7#IRJ}2&)uqJtcxGxdcxarM0CI@_mnO?323@3pDf`
z{VEOkjcCnRi|AJfh%;V#mVMe4Q$ALGN)`yR<ppU9Nb(jy!t;pg0*ZYKSR0^#s%=UE
zINKzHx`0DI1#Aycz<1kN$7`gWW%S$5_-&=O;|(+)En~GhE=sSdKQidNAMwTvPV<pP
zuIZvQrA&q5NS&r8pRZbbJ4gbtb}3VJFj1%NAVT<d@W579?RCjrs%mSdw%Sn5NAKcC
z&H_ens>AJl<SRz#>Wp7mMx<}XL6%|g%{a_52&UB;M_9%o-;Codqu4j&PnPkqZ^jvx
z;TzPju!7Cn1)9`L%3M~bUQ^Z;b?Qx>yo{<-bwTp_u1;+bByT+G)TTl5j;Ky;86<Dj
z>eMzYHC2<^fygu{I3qiw@!%o5FvGv4sWDu|?7!7fij?FJZ;}v6ubmx+)<NfVYU?0^
zJ$uTNH1Coo&rS0t(LDd~T#z@I=2dI*uF<?MG_OXJ_czUJO!I<+)OjA7cj*ktGidVk
z#KtJ)7n;{plh=^ueMj?JX!4rTyf<lHYfWBDnzxkZwbkUAXx_s#ucIcf9nBj`^I|o5
zooU{^G%sG0*Nx`!G%rb$mq7Ebo+f!|n!FU6caY|Zn!F5}_dU(KPm^Z}@{M}knMJ`0
zkp{1c;3~pz`CgA~rvOADKr=spFa<z|0HJ;WO%;ISp8-J4O<#Zz1z-~bT=xUGeNzT_
z8v!o*0bEl6o<e{#egGE~fC&h2)DPga0?;1;4)_5aRsbRp;3q$TJqkeervOmw2e6d@
zP##0tk1${R!4xqV<bI^D5axY9n2#9@vVM{aVP5rvd4s_qhbqlPnB{&j&oLMzY$*d_
z7Wu&}VKB(=OC1qrmLE(mgF&%Gy8Q{jJam(s`MDp1pZMP^P7z)Op3H1NtN24ssW_%Q
z9a5f-C{JgVr_0LIP34KOr;csN@$^}9j6^C&u1i|D>6kZ$`7HK=tfMrEy&$hEjbbmz
zI!PJqh42%J?1gYA_p%ql>$GPtC~Zm2$qSkWHGrpYbj-ise`J>`FT#_>an0hmL@kE$
z{}VwhYXy1?F!w(Z?6lv(g7?Kp53w}aR21!qhOso+3j~Hv?}J4-r_$F{sSCa$_lHi@
zUM?>9-PWd{*cL|o0ou1pcq}w^<1r7r-+oDY?U_LSH;7y0tF#x}D%oWwa&3bzGUQd)
zEKLM?9M9u&_$SJ9_^IUnh^OQ#|3kUil?>ZwE79WWeSj}&VlX?Z@~S<He}*61IJZG`
zl;M+wTyQ{LR6#tkl*h9^=mk-P;E^;Fl*>xdR1VLH8dTu!uC*_&79D$%J=Sj+f75s)
zV|GQ?6GoZ0kx$uG+|8Eni3d7U8ecS2Cwj_~YnFb4{XshlRfkGE#n7Q*(bc2@bSM=&
z1YhVIkV+Ttb1(DJ4~d>_7{1t&bkRC^a9(l`ZovgniFR?xdR!>HUc2GUW(;$@<HHEK
z%kHn(1u}DVr2T|Wxbd5Sh_#nhNv*y&alW1x<f~YTpBy75F2#jW8h-`IWKl0YBE_s|
z-)3U&gHZ-{E&-|OK>W|rN2}2JXfR*cj)@v^n;KIQ<;VA_h$3v5XPw%w-#qJFjDlE}
z+Ck-~l`rfW$`Q9J*^1|YZ0TQbP_oU|GA{^;e%INJIBpod5jP_(Z^?9S9UexnCt?$y
zz8&SQW~k>5>({Y6rtGDGZ5(6Jtrg`6BWN*ihfxuWi1e~aP&ReU?s|?uN}DsoW$gi8
zXS@1(gg=8<a5v>Ro;pf)PriYA_iWri+xB#^&bFUxO4`08vbMH2r^Wo(>dtKsWo<Xn
zw)YLx_QGR&nK@-Q3$v+5dvpuNoQXf&N)EIEi&!y}8EIWo&`1S8R1A~$u8auGdcUZt
z$?INp4O6g?o)X0qUTTCs!;%*khIK2|0?5XDIN2es6f%dZ(XyF%KPQ9XR;eF#YH|(e
z=7c!JUeJ<)pK3{Qm`7fJPy+6nEU@&Ie}}6hjckp$$G_~mV)h-4D~@y@OX+^wyNYOD
z-jays@$mR9eT;#}H(K`9DnI%LQE7cOX`d_!GaOMzL|(kO!U|gUl}8&<5yvTa0RDcA
zsvWQZ7M<XMbf&A|RLYKZ9Q6fmWTb-rVO;6aT{h~OZlGh)F%KPIcsaFBr4z_i>jbhj
zLg1<*MJMppI+eh>yiT1!PLU!|Ke<jNZ?3LOppGw6gw!GGkJf2F(h8}!zNIv|&X*>4
zb5!bE?VGWWWi0p2_?2NZS1X|^IMzs^Ty0V)7f8yhPzGNkX>zjUhAXq`WKWUMVu^&7
z2CN|sVteg3vJRzaB&H;~M*T+f25IsJ(7YdM-cU{6V4C+X%`<EA1e#Y!^X}8+S!mu&
zns>h@Zxqe5(7f@Qym2%yp5|q1@+RoiUdJ1gZg=7;zN@D3pAV5wMrb}6MvFU1^G0j(
zM$)`en)kRS?=hXP(6gTf433jVyaViNsb56lT?#-q1lZ^YuuTDIf&fK+02>ql_uByQ
znIFKH3cwBoSnUV!kpl1u0<81{Sj7OcrR50V@&kBL0ho>e%lrW5RmoKhL4c`Mz5riT
z%g&TKBfvY=z5q950C#I`#?flo<DL60_;OD*TDfhlC?Ool){6D)?^o>aC-kp-68uo+
zdCVsf%5EVIg%@`_1b6~}mJleGckd_2W!E6Lm<{|Kuz2KZzV(}99^wzfor%z}0=8I9
zd3Rh_rLo`87ZR^U_=Ym_3#0+;DO>8zo{Z9tk5w)C@ng!}$4K9>CzJHa$H>>8mC_bR
zaVwDT!a_Ye?0+}ppXpBzpkWRFrXdDAXtF}km3U65qGZ*i#xYY--2RxJ`BwApTty2a
z-<;eOO1Gq*Zz>M>r_QlW$tg>1J8PQa#(#@uLWPnE)t;+ZL)6i};lT2@ViPe?n9_{-
znr4L3#PQe+Cn-_^91#dG5&+%Pu(2%QK;avz@C36<QzNWOOWWuI1{?^|X{tFpFaTQ4
z8@qE}o`ykw5hA-frNP6p$&QL6zITZ1myLB7+809Gclvb&nK`rOOfF4rD>u-(*xR@e
z(zte<dj@{W0wH|r{Zt(YAtOK_gn0anankc%zcVLoOJNZYloq=ZLYt6i(P%4&2PD#-
zZD=c(;0TE)oBXO16&~Ur<7o2$3#$7|%!`4%!2ae0$1j58ih$Dx1&K{p14w;?H1f{>
zJ^62KJ>|d8|F6n_E9)iyeO`zB_a>A7=12MZ|MGV(jo5#Z7@pjSzu+Foc)imfsQhpF
zI*sNFak!{`hTz$j?zoIzuL=@~GMxDS>Kc=lcYE^UL1{%gcvv+5x9cT3zJNqOsnhM(
zY^XLZZ`<(-w0NQZ67p`RE$&Cld2s%Vfj^(aKJNjayQgUVsk<`v!q>^L_TGoq1e)*p
zXPSBxS71T#SYhyk@onNy@7IADn;|3qdWGcY8w^t2&9zC;s8Wur_#vRHFy=X7(tFfV
z*bSSapSeC%7h?^^3nxWG(c$TeoHy~RjAy&Os^NS|a5c3Ds{-lRmu8Y^rh@#yj{|bv
zJTwzVZ%MKJxNb`x%gB_XKGt#e1$s`7m6`*vS17E&fY<7_)KPx}Qvbbm)*qnIOzGo~
zv^Ce-NSL2kzpaC|a(h*y`Ayc>!0OEZyM%v9b00_X=S*+mJYn*?#$I^cI)U!&dp$l*
zo=r+PT^1`hr1PVFI7L54{U72UBS>S+;Q_>iS8zojp2#>~htP`q#2v%K5hgNk!D!AJ
zO|Diqq?NrJA_s)`La!PguJvH{6X$<iC3{wrT}N-+HO${j;wL1rR@c!#()yBLhAH)x
zmYKW9Lzy{2Y7e;;cfqT>lXAi8(|0H%WRO<BLw)`v&WqB<lzfI|bePA&9c$y~C@~u4
z$fkTz$obyrAcZe@3ullsVL!Zz&QRhcB{`Zp2$OxJ{4KR!fId>H{CuR4pfgfz+mq-a
z#oCjKtt=X{9GYwJ%syNIw@-higmdn20dEkI%3Nj|Q|tWavg5a0*|S+nDl|^&^}UJQ
zc^(Pak?wvCS+|f5y@{8UNX!rZ!NgVc^e}g%DNQi#OH}GXp$+Ex_}5lD<^>YQH9MaO
zk7uR3kgHd@kD5WPja0$w9-l#bWb~oLL>dX2SP8hs&^{#+|Kus*oR3>646&Rt|EFO-
zaYKBf%M7fMZFs5U+lRJjNa_@gic|3-kkldO7i#faloVP$u8kLFq>4&2>Lh8zB|H^U
zf>09Og2hoO%?d>RO=VYnvIDFicMPlR!s1?fUojIKwpF3h6RT*`7Urt_XKVe7?IxC$
z%t0@#DGMadx`@R?Z6r6WR`*{m6PWuizesv&w_g#-{%*glL!eVqId;nI?bLAM5r-9C
z)SDJAu#hrVUy6?EFLT4IIoVg31}i72z}9aCVC8_<|LL2||LL44uYbG%<3;Sb{l|;!
zcXu4Grsee+uhlPT#w(t+tbDe5ycGZR>>>rZD@7ba#p2a7_{qheZ2a-{aS}=W2hy-z
zBzQt`T%%R=>KmdKzsbx&{~N$wr$^7#!Q(uv75+Yfe<5*^4t^HHn)L)j%p=t*#Gr=G
z$T-(`ZwEjPi$Adcm17=1kM(EE>crAEils%*1D4i%;~%~upGW1tLfOREA5*#bpT!aj
z9%J+I{~Z3#{ap+GCf}+Zf3Lh80Dm8q)(3z6TpIlSv{J@j+RGGG56n{GuPaMTpQXkh
zN-fui=nQ<p3H3@ILss(7Ii~2BM&1Y*WkTh#KIB*&oz{_lp(i$1`S=@L;MIUD(I;Fa
z`Ixk=ZvbC{HeUvYtor%e5KFVYSbEH7)fcPeRsUldx2}Zb2z1sTvO1zW5!?jg#2JOw
z4`E%DqQ9e;u;1R(9QAbVx7EptyhmA)ubeOtuWDJ5VT=`NApHw+EBed(DI%ofYfAi&
z*I4|IN7V5@SmGOxXySj=y8qM!T+hx|*JnLT*;=3VZ11z0^=$I1w1L$#|4*-H5w~lZ
zkNc`>pN}Cg2AGenx724oe(KQ7$NsO#qx{thI`ztDs784eOZ?A_D1U!)S%k@y&!nJV
zncbBWL7q4Xl+3>z@gT<+gG_fEL%1psAF1T*j3XrYRSdP-U+|WRWAV&pMH5xPLNh6r
z>ND`PDpk=JIK$;oe7b9jhtiy<B2=dcNtbMm(OnOeWZUEJhVidU>crH~D5x%54tUxQ
z64{!rns8l!jB%+fSQn~XOy(qyb(&bVmAa+bCcCAHq4K@#g624l*9E{dUe|>>;&lm%
zN15BtAPsBdbv>}k#8~DmwRi0PIA#pW)<Q<7tu;3IdQKE4bzDU+QW7jzNG(=TX8CZA
zYPc-}Xn?J4IZ;%9pvV#+=1o%bN3Y(?_#;Y2r*8YKo`HP7UWyN}YDRivw)-ho<pA(0
z#dVI?k8J)w?Ug0G+MEYpqRYUQX*Avx?GK?uV9~V`oHbgR>gWoB^O@y|%0fY=dN!HW
zQ*;8Jpm9WG03ghH7!#y>nVd1&b<Cq_9Hb3&(aAM#T9n$KN3OyW(>=l$^>^K)LH*2I
z^+3Hf?!Soo%^T~3`mu$9P=9O%Mg9D#e*OF3!ar~cM(HCWSDlsiIQ_@qdnX-(Umj-u
zObBOTl;%-cEKoeL|Mm8ty-nNC2WbDzXKDLe`n3O>+y8gk--We*<g@<m@6XyldWyFF
zS8oMu|5%y9FgbQ1f5ANIOJmTjyDMbfRSbQe5P2zyi!U#{An+NL8_0bRK7Aj8?Rts%
z)rb97EGs2}GF?kRfK0>yz2svc+zn{XAiXQYHpXmu?wFHqz`XGd<kHFOil6!RdiMJO
zIwRZnbuwxn)5&C520PCxP0nhXb1@%sUiQX+a>;wQ%|&Ng)5)sEJews}Wk-3>D~S7C
zcp&JLuNg5-$1~&laNeNoXC;q2pl-w!a^DriRMYhr0L?!WG;d$W(7c)XX))7XK9O0<
zq+X#)lvMeigE!<4@;pRu64%X7Z$eqY{H@sH@dU3uH{6*OG)UX>WL6Nmk@XzKL*=9>
z@A^s*c(KM)tB-L#ZTK6P1M0J)?+vh?HdHU1j`ejm^jE4KXqy*k;r!4^TRdPAQ}ErH
zzwQ*6zkcpwefaAm>*~W_=PuRo*E-h7*B|oJ?*NXq?K4Vt#^xGn<RlVshqUnA1zBiQ
zweW#EjEcT8;HW$w8(>tTwE9JR%BAlDOwGgJ`6}nMlG3A!q%?C0NJ<kt+OzwmZ_x2H
zL#F$A1xH656i2p+s(HDcC1y`VdZfBApO70UL$K>k?Jv=;E>MS_JTkhEngw{ejgPX-
z%L3#wXWeFsp(cSa)I_DnLImwDs*@b{Q9Mk3DuUB|D0f;~PWzWPq0auXtAHaf2I$}I
zQJVgJXsU1jy2jL_e;2>4Pyg~4*U~=&>)-0}QHnluFVRcL(drdT(6{CiOHi9lt+yN>
z$@G?i4IOo-yP=`uD>u3+hK{)?U{M6Io2+|YQg}csHCfA5bm}o(!nq2(5idHI8qv-8
z&r%p|hqWt9lB^@pJ%X)mntc;WkesarG$sy^l4f73=lB8=s@V6a2a%61E57BZ<tFP;
z*s~q5F=JSVNVNHltV35IJMI*AC}rz)(xJamV$4PF?X*MmI%e49^L;pK+Q^Lllq;^<
z4w_x^{&Y<8+zlP2n@Pg13Eeq%&I5~q)cd^?s+AoYT{s*kuxb?cx36;)p8S)H0)IW=
zD6kWz9xwH%brjy~9Dov8bcwy3D!N4WH+53uE@of55Ti?|4uO^xQYwsiz+eADcqoI^
z;du%&ZgCjL7llX>#7X|cc>WV1pZ^HXUa&|@s?(n~4+T8^p|Q23-?yA2r$4O#=i^59
z;Wp^lV9X_}+9Bl>XAx8(J@zi1;#ghM)ThV^&cq0Eg7XmOrM+k3Dsny4&%G;U7^Yo#
zmkOmH6ws5~l&mN@>eEXs>7FeA{!-g)=yu+cV2)qDla7va0t)U;Tb@qh3Vuc&g)iDH
zxb($@3h1@fut^gb>C)Q(gvp`tIJB(6bIfX%*%dRhSGHP>9MMN*_R1(BTedbvie15w
zWQq1C3clb+j+onx`-+&`=``kcw;`|KXTI<g!b}f|p@9tJEI4MwvZ@hlXf|o6s%r(~
zS=aCcBN9(A)FF+-9%0#u+8s8N_323qU4gTx>O+p!xrXsQYBO{+v+-JCvhYN2OMOs*
zxkc(j6qv^Kp|pezJ<;ms;rFNl^T-CGz?`@ir$8s~6o~TWe(5b*cT4|BbVljW6D$%P
zn;Y3u&N52)HDjZ^6XrgaSTWWoo@;Kc@vdr)ur-4r<?W2#jO_@(p2!1FX1~7Uo%q9<
zU)F~|yk!f-A3mK=yV8EFAAhLm%M~qoB;`7Ko~iY8et{hSs13D?&f}<NjySkJ?8_s|
z7i`$s{Q_L^1Z>UP$bdSAfU=TG*=<jG=!*ahnfOJ0WTii>fn_C=wAreWl}6{uvXYob
zk#}OWiYM#M5_gV{;{5q-ww~^RjUU$0)nUpy>I$oU9o?5z*E;&Ijox*XAEsJI?<vr(
zqdlPtsq-qfj<#Ju*3qyqvW|vhUiB)?IvRv&A28+K#HDo6yf#W%M~AVblcQvP7||>C
zT!)Sxt`F5k+B*8%rZk!t;V6c+wD4pf=2_M_eoK5Yi`V8#SbGXr3u0A=*EytxZxgG!
zUPt3dGlp!SR&^JPniIkD4E)Ve^oyka6s#I6w)N+WihV3|_-8&MB-ymv@jhPb7!qhr
z+mz(Swg?z4X>7iZbCj%$#Kp7R_B*tJFB%-g7i|~HHe<o-aHqE?KihEergg}N+SW-Y
zgM+yEa(h(}|4NBVzssnUO%OvLr5_cbml4RDL+%<V=y>-}1s%%}9gn<4&=GxvqNDG6
zijHI7Qgj^rwt4OL3aYcBvvgIO@f%&064|O`NbAjHYn7~Sp!ytirNaD}{4_D1V*)%2
zxl2qIh>L@3ZNs@VJYlm<$I~g%xg;`;FB%bSKhZ>Rwi2*<srft|hkjr))OC*;%H(=Y
zl;6_7!)l50O9K2(kMS4un`sRnU;z+5t#g6gL&}tX&xL93jSV?#F%6?Nbup##TO%3a
zpOx-oNfjdl$g51A#vob`%!GbA7Z{aDWL1X)iq`SR>LXe&`=maiby%)OwEpl(CjXE0
zUEgsnlFGJ`ix1-fPC&80x3Kw(zMmV-Ye{@RfA0|yw<QWKhMiDou^4Ib=o^F<S01Lc
z_*oI9#nInTS{x34ee{J!>RURTl>gaLWd<r$e0^N00==n7Ptqz9SQP@RqVj86h4i)8
zewJb%Xz*r!4ZP;r1VTicfV}dMk``C_QW6p$(*o>$tFNq7VzIo59%*@-aL!E#t>&(9
zwtLQ?5zyrQ{)+eX&!{~DBnN+)_0Ww5REw%LqOuAU{^sCcNPGkj|7Jmx&PcsDs$=VK
z^Vf-Xu~D7qKubXTF8Mwp@#R6|wrdy5um;RZzG>&*RqLg5ZYD)CU$|aRonJ;Oh;Dg9
zK{T^=VP23JuBWc*%T?e-mMgq*P-YI_JtTj1JjXA4CWPwpjGMY}#4!8tqq1Rk&dk{}
ztqWsf1xIFI-WXC0l!I5i;Bgy$j8Tl(Z$T*)Ji8Dmb6b0Vk-07623#th=AD=VPRvOM
z>BJO#bxN=PPN$}zu_hEkHClw{D4!#Hc0wz~cC_MsM-?kYvUa`9I3mX9Y;PTiiBHBZ
zWB~a)7iALEB38Rys|Bm9i>5&;-%^^&(Ed0a#M{&4Zr~zf#9(AA`TReb_RGxpVyvpg
zbygLv0NwN`{bKyxaQLnwoCJIVgdUJQujn`#nS}q4c0EPy$OVjAkBg=GDIMp`)ys5q
zJII%Ae*dd(y6O6cx`)gTQ|YGkM;P?+E4<aQiKGAJ3C=;8LQ)lrw1nMe&X?w#^y#+X
zA%~>fuhrgjcGF=Xd|J_#1bhPO1>#-z77}mIV3~ODro`KBW&q;t0~9;<4~2Li{KJQM
z2L`KeU|>n5sROu*m|)@yFK<yMm&U(bii)2D-2i*tlJtE!GoLPr_T73?J0KeBes@L$
zUfMCc7MMtsn2Q*$?zwO7=EVG4lz``uKtcU0_64aXirJO0b5uM>agV6;N-+zh&)*0m
z=B^85t($C!J9b8IPBD(jV)QYPC1$gM0(xhcC||iJ{0>uxGzHpF%ba<+Re(8Dc%FG=
z(Rh#{A+vD*e~*a6A8A}}{5y!wjcA-3<vI<4G#x?qA+w4==qdU~S8FE_hL5iw=vmj4
z-`^6ddr-$nSo$zbjgGR-bf4G^3sp;Wq;E9S*o0<zt8j(QINXPnX51LY$+vW|;0e6~
z;YIeWqglTS$W=;vO5D2yFa0!l=@Ud&=BCf>?gq?F_wD?$Vos**7)sk|IRR)p5eWM3
z-xS)u_csk~Tc>;JI)>17D(4;zbExU!H(>sB-#+(o&Dwu-S}kjTn74`uZ54bWaXBX6
z(^<=@Z*oFUiuq?>(y{e0#mKo2k)-7;>GnV)D*r;E%=N((rSU&YLm$Gx8C4$ZXYjre
zH(zNgs?Sy-=pm+%KyKwx<W_dQNVt_}_EB!-jn6CCO|{fdn{#PMUWfsUqj&V+()8XS
zYc0G*ZdHE#4sv!@FK0JTdtz{}V&>f!FkjKuL%y0zzMACy>LJvByhDZ*iPAfyxZ!)z
z--V!mAXl-k#`o4>47(h-K-vxXuV~|Ut?>0*a!Wo(fM@-D%H-9^*9)IRfXDr+m~&eO
zcoYG$$!kLR!9JY30X#f(un(sk!mNMpgr}l=jS|1|w_M71Kc240pryI8jr$MmNszu~
zV8a*~$$pDvFOdGlvhP)AFJXz{-oypcOqQriSH%w!q){yS+~6pt2+01pxe~twugbBd
zpx?uE6*Q=|#nBHdyvPZ*CgyjRnM)GdB!GWRW@hGZMMkd;O(fTb_LG}KB-X2Y;0l2{
zH~Zjm)h(Ice)oqi5Q4l-%#Q@mHgbK4hte|mB5OC;ZHlf7)FJV8eVm>ze2p!3S*(Ze
zB+-pDTg*SjaWGK%J9TlK>{BtF#tAo~7iCwgGg_sQZ2fjjiL(+Tt&9k8ccWk`rT1m4
zklx35>3y_@pG9vjcwcCSgaHuy&#2^|sjgA(6yf=7#b4^{Kr^I4rTQ4IqQ;Lz|EiHM
z*KVHzBzju0rC-kZ_`@b7ICwTChu_l_(lJWi@1f>TceBimY5ww;_dJW9V~o+BTn$cC
zpIix!-DbyT=}hg`Q9kEavzpf9{Hpt#^*O&PnOw{HmGBsqE{~_G{hNSXWO0;<j-9gN
zVXndKnngU+O9yNuu$k0sDr}_Q4em}#P)}p*OiMYu_u7YbB%XaUYDniw=y$j`=bpwF
zg^UQIw^K-rH)lfMAg@*pqk(AkY6~+0-%fFnz#%uJq|caUjjGgK32XcGA^qK(8{v=J
z=E~`?yy*afcfDRGf_KuTFgqLelw!e^@`7$SCoNk}FRUcvg%#UWqNbazBWk)im_Nz^
zTSo^)O*bCXYTz4pgxkBIef}sVyo`a$TKUGK@>;oqWyTEj+H>$lLvtDpoo+J-_JJG*
zoT3hU>+R1M_VSR(J$<+>O#if2m$!5lXVq;9R4|dBokJr@_)}*?jDQ+!%jCano_{56
zHnv3!vR_`9({P`yKY$o9KneqEV~f4Y&(Xm@v0)BxZEBm?8-uHcJVpNgUXsHf+)e|m
zTKfskRC1Zi7Du#^_n^jO|FU3Ixwc0w9us%%$@vXY-EvHdsnl`ysvw&_z8I+7IXF|k
zOTxcg>}x+H#~Op|VB3BCcZU4SwCSlq_DX2_c3ZNb1g0loZEW|@pgnU0()0}zXwx@O
zP?}zxLPEp7EMx!wgMZ~ay%WZ9%YXg*wYs|Vi9RgdIX^k0@cI&q;GC3=7``8J93^XY
z1?9G0LjD$1(h*f;&I-}7M@-snC03^BbVYQH)G-JcuM-$C=A~k)42x%f{p)j%)EAa7
zi3Y?c3Xhg&#jE1K<SjPpHqEyHbDbq5?Xy*;JHJCZ#nz=l>x7JWk9K_V{uNBJf?}Hq
zV<yn1SdwaNr}@`d1J>&N8sv>nur!%lGFaC7gZM@(P|?qm*=F4hDVlW9))MP@czCjy
zUrKbgNqZI_kqh4<-^Zethi^KE>I;jP42LqsvNELLjQCUT_I~%Dw+at$7wx54V$#m1
z+Cz1TgZLtI-=H*m@(T@Z$Fc6j3m}sZ*1LbPe^2J@lAg4k)PMPt0>Ttf97K@zIT1|N
z#KRbdNxm{mFz~<E|IB~V|4xDXf1b>D>qtbxZW#$FN@IQ6OYmW(_-J1XK0@P*-9c-0
z8l2Gk)2#j9=+G`=Ni*+NV}wa}E`^EWSrTh@&d-MK<g6g;GsVrX&=*#TCFv~E-xhaq
z{O|4`{PcOWd}@fXw4r^|bEHFlb#0=Q?^$vWR0ouQ3f5z+ZyoL1-T?Le0QIf=pQi88
z%HXmwaGP?x<5{MR=boq9k@3u1+&8GP?KD>N`E(stW5JR9RUXN{GC8Mv$M0p@$MC@8
zr=8F8{Kod(X+2brZ|eW>_!it@SbMQy)%s^p#<wg$ecwQRU;5hj8Uvl*HD8auLFff<
zMR8xfT~XYlI}T~{G9n5u-b_W|7v83d`@U~d#eI)AoBQgcRr{&$M)~4cx>3G9Ht<HN
z%rC_zxhSM_)iB&Q#sU-A0v-hnZBfhd>fHWy9k2fN{SjmWfpO7XE#7ux7$+TCLJm{k
z+!P5NkRHs(NNT0P2j%`La`Xtm7&3-EXTozLdrpPtw(L0$o;mg$3D2ia(r4KSC_Nfj
z6FlKU`($|I&A{O|Lq%V?v;bS~NQj5F;Q1~#DPbuvhYhF+0}i?E5feGz#k}8^(6ik5
z1a@AX;<*mVn^|&1g4!NNBY&a~P}wMrL>dS?UfqM-pGn*pM2PFGG`w9n@uHc9$~&U?
zn}N4qPR)!6;6eF9DAj-^DmQ$xq<gaeCO3Q%QO}rK%MG891bV|KkzQeWb*72)3$kAL
zKGV;~3C<Zt5D86U>;<vpb}$CDG!kDYB!0>vp`<F<oFrKs=gs_}<0ORSXGARs!-cC)
zYt4RAW=Xom7qo-2hdCGDh6=_>!<@Zu3jObwY|Su`<sZ^BOGy06Ux=$vOVVxr>FH43
zFjv<LRmiWit39p>(WVuoeP(CeCd6O-bwmL#ogEdyp=X}i^UO)d`NHNze+k0A6CLL`
zA2$lRi`10Hv5E#SAWlc~XUHf<QM{DuCOL$`ji8ho4dLHn{7ZzH^^tT*Ai}rV6*8o>
z4=2Ssj9eb|r^H!%$nfZ0jrg}CHtT0)zirg<Djfym43ox_8-Us7@I_wxk3{Cquxa-x
zBIjvU!rJJe?o-(pqp*m*sv_<eF&6o@Dn#TnJ5hp1M{QnB7Gkb66-4wyHAF*@{TvEg
z!@R<l2#Lc<;{D#lv5?q@Bu?=rPKLye&-vc346KGrl-7=7YB()GvI6h|0(A2O=&AtB
zMu2vH03X!I02Tyzl~~O9)2x_OHaDVTQV@yNNwD)e#{Nnw<L$$OFb+`H+Z09Yn%gu}
zPGEYQpDELukR+ipGm$Uss1O~lIE>)Tj`vwuj$=}boIvD;5VezATP?X&Z2@xI@bsO?
zO-Q=L7oPPaw|A#$$&G-a8wQ2ss8$IH?#D@i2@db_<zOM(y@l8wA;HlC;M=~<fY@F3
z9TMT$z(ly665;QT07O{o@YP*G;#VZ`A#dVDNL)n{XLu8*Ybm4+S=x_E-C*P@n)ngW
zJuJIfW<dIC%d#(xglyg~`;{7+y%)2WvwHxr@GJy`EHnv@2aION<0huvON;bdqVWP_
zHoFZ2i=FH&Dob?SULiUy9KFC;iI*t18GvqW=kNmKsXJa^#5N_5lrJz68hGnrdIymW
zRniUXqaY0UR;=MK*!{^W`Tpb$dVjL6>P4mcA4d?ymFE6r8*D@VR@@v_YC((RtatgJ
zaSI6M7ImIj@=O5Zv^CGveOusQm8^{HKLUx&&lO;+YI(_sK!A{HYP~4m-)t*ymbQ+#
z5NAo&=6@5-WY=y{oHT9<#Uj~Fk4XZ)5~vXjDzuwo+Lk3HvBb+=mBd8p*YR$W_y;6n
zJah)z?STl+-Bfw)KI@p`#@n3+IF;J!k9cE&chFOH>1$n8)t$@I6ybi97J)m2v^z^S
z!aEgAKb=56Et9swJM!z9W=FB;*zVXz{iun~B(p2*i%n=t+U`~OBRWdbMm-XdHu@2x
z#7wjzv$oX2|E$DA>Lo!9`NAXrkG(ICkD|&Ju1Y$j1A%Igr9r?%8%$&|(ST_Qk|tXf
z>4uD;;<zy)0Tl(I8=^oG>_n+4T6y#I>FCVpxQvYY)EONFR7@w31XN5=0S&SWR9mt`
z2wVC)=iI8^63|)x`M%%hPtx7@-nw;{bI&>VtZ^u6{=y|U$X`hE*Sd%kkZGb34)Cht
z0h~PBHc*eUH}IkPfMDnTX5Mc?dMd_aph7S@0hJ}BEj5wS_N>}(rXgrVmZTp2!LebP
zfpqH`uB0fsEb!_STNh&>FHFFPKd@~l9pE#zCek{xK}~nVpeDQL-5(m%2t7<Lb;B|-
z8G}(*l!k`Euyj4kWdsf1rVK{)EO7{arttcB()5tk3C4K3>f=%M@$8NmPwAsDo?B-`
zjOPQMjfc8nX_-Rf;UdR_DSzs#baP`E&s6ps!<rH?;&mP*gW^N!%DtThnKf$vFL#CG
z(J#NB{lNLF75B3slcMUuZ!szf1$I}czJ~lF$^j)F$lRh{$i+E&+v0PDXX=she*0k(
zG+r&Ns`0k*o?=<e;?W+_mt4J^MwBqHjtrY$fe)>JuCVG0ajAbPt2*zes<PVATyE7N
zr%+IX`bhM@sICB_36tU6w<4tiUfKIHqhPy5`6K$O<Q_$-bytA;wK&^g6FiX1xrad8
z)#0|QJ8z4obNofpmxQ8M-gF@{eMzYJ<IammG0NzF{8F-T;pumE=Etm-NEmsQh*5)j
zBDjM-HTtXzZCK09hz;93)7Y@}@GbWrJRuHr=6`L<050<o)}^S=!*{J0rhf0H*FF)d
zO;aD6V&Igy@D0}8Eojq1DC*8BER?^f%eN(O!wT$S%1n&kf7)|I%hKD5YDTE1p;MTK
zWZl&aJFU7pgy1sNGjB2LtUp8HicaxW+DC-1dVOTzD=Xlu9_lno6BCWEO3;^QEjI7-
zA$*hoYP%Uw+o*8U==(Od-^kj(PwlPHzK5D{vG%(B0Uc&hUuDLdDKiZvNzip91PYQH
zEy*{S{3nQ36OM_xI4&<oTH3&5E$bKWWNxmyjBG_``IcE0?~1BW!ZJcG1j2fmkw?y_
zf1(Yaw>*avp2EcH#+CI>n;DZ_+-J)z$UJ21pHeYR<SCNipIt0m<n*E(UCb-lH!R-i
zR9JQjWIoZfK(YsgswW7xnZce<wCE~0hBk4yCvdnm92;&E8!hKd4~qU^yl5{o&mSTB
zih|;rA=2+`_`i5MAj(amUmYhlpB4F9kw5FcT@*gqBzljH)21MY%FG%}HsnC75qWA$
z;BK0L$KR~KGG1)RW5<pdlgeLPxlU8~uE}M?$8#rsrNX6k9ic~|;ArS5<=us<Gh^y8
zufJcnC$Sh_Dxo>Qtk3y9ea=R5JE}aYS91FP(WX|iFF@4j?=<>bLVt7dfaC(rc;X%|
z993NT1Fb9ze+rxrP^_Pcf7<Ny<yeGO$rk@!lgNLiM?d{Ku!HA1$e&WTLKmitQelqM
zmQpIX8%y(rZT<qlj<yp8!pDsge@sek#{8%g?Y1QMlmed^EG<a&7s!pCouw;KKxLgf
zg2Sh3;3-cJk#DCIr``sO_U9GG`XVzq?Jk^+?g`}I4b<Mo1C8U&5;CS^a%@7?bAbI^
z%GHw6L$LOT9V1~Czgt`v7E&D$Gn=pozQ|vRnRU$G`c{i1e=qqDC1OTi|KVh3=3#kP
zZsoxWpfJHw;o*i-VOq^`VQvkFiR~#vYXzDYvFT?<O?+6#iJRSp(Gw44_{I6piJ1RQ
z5%Xt@s=W}o-qjo3mpl1JrXWkx2F2_L1z<U#?ho$Alr;tnkN{6#IOQ4rN?NbaGcy<%
zP1Yh9)K;i^pbIlG%+-35e4E9m6{>C~+0%S83o)<gCTL!Nn`m!zL-##I*(`dY&aCx{
zmY-(djScH85us{VhTyN$c(qNEFS#GasqM!gkVUKgD)0y#z?k_e*?8NUW()-LeVet>
zrQ!PvGQoejH6-s6&CJOR*N?eZE#q{?avC#0gQ=;sW?=wo>j*$?^rhAbr;DZ8`+%jM
zB&?K(>7)Hel1T)a*+5=ka+9qBI2nMYnrK)8p2`5G(+Es<1DG}zz-Etx75dmO!uwK>
zN^-3P3o^-`bD7)i@Hv8|`KgT#+3#tIf~UsWXoI$`2B0a$$u}S*VRB_1ntmUBe&Kwv
zWSZ!+^QXIUMfDlUeoWZxl5@H_8uGiLs|Dv$7Fs1`QVNA%l<b>@svMJk7WwVC@`%1D
zU8c+u5m6xAe*s@iwC8Me-yC^l_A-4C&QE>t;`qXe_AEG+tE>ltaCtU6<s83}x-W<k
zlL1q}wNI#eJf2~b=h<FM%4mJNMgFMxX?VL2!gga3eyK%dN+?_TSkM1T+YKCu<X4lW
z%$kerat-YAMk%%J#CTy&G7pn)f{8TaB(@Y(Z*iyNCf7Ro8Zoua=^I!%!JgH^@|8P$
z<8hap9CEGaJ2;Oh*jFE*{q@7_EiS&15@&n;7VRadH&Q!c&h(e>VKbxw`+8U66y>aD
zl28FN(rl2y{AQFzG^cPnwRo9hqzpIE>9bW%@Gjn$!V6Ch(yc{1oc`VtJN;A#P!Kq*
z-&I(a4Ln)!&RLTDjW{gdRwkvNLh+C|%xNo`;4`VB|4cl&Gt|_G#M{Du0`x0XY02#Q
zTs^VWHZlE6WC<i-`qJAZxFHBnjzAv6e<9xGTf$H9<vfIT&ysgToM>-bknT)ZMepu*
zr*HUD(OYYl?570A_@^His@^61bR_T!#{ia6c0r$%CAyizAmBh*;zT2vx`4F&$?3@`
zn$96nq54M@;mR9;LWbW|O?(o6h~^wx1$aBW)J^6*_snb|X?(8Q{bno2k|<*$EnIXQ
zgl5I2ml<zy@<+t<ZEE^VOn*Kb)=??o8172obh-O9SjP(}EO+v%VHRAh<X>oGp8a||
z#yotAKh%9Qtpps*M$W-D&)7#pNQlT%Z=&PNvJk#xAYi}=IW|r74c|vXKNuj896WxK
za*IVLHRAPIHlQ_UfmM!_FCogcW7N0m42q0sB===lNDtaR`setS;ZgjGO8kljaI%4D
z+PtnP^ZlU!?t(Si<<a!=M*vG|)E5BByT}Ze=nruN?e#!Rlx~vT1Cd4mgMYiy4~VPV
z7%)^o1EK1st{fR;rMTqN5(1_-$OABl-X>IEWJiMY7ot!UK)NA}4~W%=+`U9!&LIM#
zsijuR77-6a6qWd5*>v7j-HOJADdjz!@<FHEj;848Gg^W!U{uX`fBJfom2>e2aA=ax
z^i!DLF*@r4I=g|`y~~MYj*O(Y1szxL*aTnik?@>z6z4wxYj}b!%HpQLPGAiXPmtgM
zkOeTL?5gUrpA@RzO2qk}aHj7=#u*Q_@JW;R_&9!x=sjLeV{cVgkB4zBJ-3w8*GgEv
z6`$Ah&anxq?@QPvFfXk_)dm8nESuJUg(Tm_;o1U+Cn{OMO`jI3Fw?!HT;W1rlM5a6
zq45+V7`dY|fWC*?L_94<(Ok1rsZgCtsp_(ycgklaVf@#qgGy3QOh+A*C(V_9P+E$K
zIxB%3aOh+qINP8Ew;T~cg;Q{~<;!RuDc?iZWDg;_Y168SKIv25FOpLT?IDfX2HaC-
zOJ)sS{qTdOhLsv>k>p4ph3F03x`3G~gkf7l#8jDPcG~v|RpWF7jGP}ZzqY`i4Td~|
zz9J8iY>y-{wMbou>eTg&lzNOYrNhnc%qXT5<$p+Dmfgqbt6%3ww;^o>1V;Qguq4Cu
zoC+|iG1DyW(J)b$JlrOE*8^xyGgE@Z@cC*5ki_BBS_svLkt<k$I6M8P$iuW=sOpi(
zWLDWO`Cx~`)H~`hZGywp%nnmC?4Kw<Ls&?tIzf0V=Nmd$!FvfiPn2h0;9S)|;0UtI
z0mB`k6SY^}_M3<k^|%vGq0cm&*ckFQl+zhv)bpDAOdDv05yLt#h)0Lbb1F7l)NHGK
z966FYm0^f$87tnu*k`&%I=zqBNR__ShH^0}EC;kCH%VbO(wW&%xfj@qEx=aPMza-}
zTLMXNLNgCVO;UKeAFNX##bB2s;KN(rMsdl*oDZT}1T!EZm$6}q{Pys$Ue<@T@}C>l
zMFDX{1RzfGCCd}+0~_7h(YK@Uco81keiH$YcSpkG3j~kF6MV^VA;PV?UC;7?xT0dh
zCGtBCH;cZ3pRwE?L@l;zgPHvnAsLhsScU3`Q4cXM4kwO;#Jyi+8>!z9q|io+ksBF#
zANWtK*sz$RI{}aG#qX2d8>fZWOQ_z8yjaAVJs%AZ7*FPXL^6D%BAVgXQ<no{9NZ|2
zW_J&QVqB7diSQ7rHpdt_$+K+kzLGqWSZdkLf^nt<TJX>hLtm(9N;x*3<2oafKXb09
z*s|SyLkD`~Jwz$--9#;cEEdbdky?rvs<gZppkGXA-hLOdO2@GskXjlT5Od(X{wP{G
zy~4@wC8kV9w+YnC!fviN@G{aVYlriV{52eJppykiU*R4*wgWxY6RrSArU8W2LEHQU
z81ol+f29v#FD?L7J$C`4r3Un(*RZGx{umUZC4`rLEW$bOAk~y4w~O|3LbVJ_tBn$U
zqgKC067Q0~jOGjp@0uYn{<Yf@V7Zpu-4d46A79Xubjc*@dbWsZuyXO|4G8VCoC@>G
zl6-|`(Ox%yAWXFl<&kEbvpOA~aN1AIJIol@DcFIRrJm*7SB2TO<s_|&$@VgoUiSxf
zWvXs*&%>8Jud|OY6T{w+g64?HXk+DVNCOP&z9z3SXDH^M@m92P?gNriq)Lhq)AQ$r
zR!-Z5uYX>DJxbDI8og1-2HO}O>}tJrQ^(eiV(XA3?@mmy0Xwu)gB`*@u<GMqrB&x%
zk63j~^tg6Au6iN>U!eM8Y*S{Cx_b;&;*XK&e(bX4BRF-Q5BF;9oo|ii)Kd7a{-997
zgIIYBtGoxlOYmKLK%1ojG&E3}VeL-s*V<&XVs8k|QmERGgmyK#xHN>OgRe#rZvg*j
zS6~vd225F$f(l)SR-`3s0u<q|>oq%k)3WGsL<7}iR6!Yz05v{Gt22gr`~!T4M-W~Q
zsy7xyfL2bYpp}ZCRchE5GWd!wh=Q+^`4RBt865#Up4-EdtY(-fG&z9mkMi+^2UV|d
zCHFH>xgtLrD&Gi0<!d@rt_P?*r1g!>j|A|kxkmtejwJY848wHqmtd;_LX&MVuStj3
zXbnFDqNe-^5EZJ@g6t}E2{7G~XXT>yl}D0~f7B1DiuR`JK7cXxFHnGXTGe+T*xe0(
zqU;r!{r4zQxh)%Gak;Mt#F(8~!|364mFvhJ)-ziS)-XG8zeg3GtBDChqRh*Fk2l)x
z6PMPaJqyXnqwT|wiuPmf-lB4&=$p%9f0fMM*8Kxs`6G-YXLX|x?165WByHcC%jxM|
zYcWBj`s(d0e$k+L%p!7R%zScSKKH_WrqO&Jf?Hn?Bi~aEN-Rpm`;X#oD2uN%RR_xh
za96)BTYNA$6@_t;{Y_MyU9ugOYnC&3TR~7!Gu3Ht@cf|tJ+sEfv+=^fjj!+VnXOtc
zU0)&w>qYx!sC9qiyq|1G$198D@SXc7D*18QE=3G=@A<p5w1(WteUpL(nOkuEUG`@8
zM=r%G1#9uWj>?bNVjYz1XXn2XSVE>zqsDfnrCQgulcg$~%9iT*Tv)0V;rOkh441rM
z0jWn9T*boE-71keDLF8QLc4zZI7dFrM!<Zhd`!Ki7Zc1_MBk$!SDvAji)L`bGk$ZU
zI{`CBnJX8~B-iVF*z~C2tcPYWo#sUhNIoRf4S9oFK70TttJ)hObz=8yrWky^n;suK
zG?~aqEuo<g?qujM^z3BlW_^4(xROf`?i)6^I(5%57~J;IgT@daxPc8Zt{cYp3G4qv
zmTLv>o@B6K&D^LS`75&(vSR!MiL(1R<pVCcO}*s>=CBr>aP=h)6N*)I5-rd53`NV^
z^Otb6Je{*K^o^J}DkHUw1T{u5vYKfrtRMpmjC?wyZuk@PmA0<MAQ_I;x?``pd*Njr
z!p7K``<7^EBw_t5_jO{hb8h;j4R(eE4K4O>uNlAv`o<VpRXopvN<9RX+HyTi2RE9n
z^z%s}?XXqVMzKO~QYgO*Q;yDJ%2B8Cs0DRuNI7U?zJx`8WZ~oJmM80}j^Rd0_H-DY
zi`ixjQG=t%Uayj48j`ep=H5Q_{ZI%7D=wsAbD=ZJzGw6}icVV@nj%}(hHv_W-Pa}M
zHu&ttAT*pZql!ZOFt7gC$h(n&*X0|c!iX)Ws~e7<=m5)<@eDnS@$byKpZ2p~_vzpw
z3VRppjCVCtf6mg?pZbQ5ySI}Kz2@Fah6j6%`9OY>2K)7VRLvilC-kdWvmzY-E6eb*
zyC#cmU~OVV?6^L9;r}LH8IA8N%kSgdmz4kx`}<&)^j%NF7U>^>jfARqXj{+WF;prn
z4Dl_|AF6%^`&ty&O{jiShxVIqCfA5XSc)E?yVT0jRC0f79&h$c$C7tacv#jli~5fy
zauJwF@p!2)*Mb5lI8BdVo5`s|Yy;5beWa+&PjR8}A*fzAhOuTCj|rY2yZL%`AeP!2
z9Ky5pc*AK0)M+?V5Iu>_|8T<Tdx=Fv4CyYS4Dyu^sg~~a@LRABrc3J6WH78e$t={j
zN&X{=lH4l!4=1}a+Z}R~qjGme0qQXvF^Y^P4hWN!T91kh(`dM=Zi>|5!0+x8ZXUt8
z)9A|TLS2rZU0DYvxktucS(!e^AJXLvcJW)`I%$#UZjW*Ilb!rV(d#z{5;0(oyckXf
zV6|MQe5XyU{PbhSQ2_ju3KdgO-m(fMWWI${4KZMu1vdHlf%u*|(15`Q9553#C<boS
zFI4?L4vmoD`jL64!Gw-C7&6Gr`o7batz|~Z7s+~v9)>GtGSYW>lbBvB`p?FT_N{^!
z?TejC)=`Id9XS-`3abv0HLoz~M~AoE#Fc+0!-Iy)xfrXzJ)&-3MgCQQX<-M*&ritr
z%O)F}1F5$#Lok|N6q-c)2EkVf=L;^^E@c5QG2c&h`Gyb1j-H;xqf7b^RjikMp<oX%
zse`jCR}&Kfr{4r`5DNUbB6w3B9On~Ty=UU)S-ow^Le(7T76TepVgFhso+s>f^&p<q
z$7C$22w_DjK%cbQfIjK;Zl*b-FSX23r2;N3&5}Q0Xv|!hjTaY)z$80WnQcP7D9JOM
zU3{&SdKQ(U6YN<QlxO}5A#78D+#Hr?uAao?A*fIFjFk8$)R>Vh<mDB*KD~*FhciUf
z4SEK@$7B2f?GCiZLG1KDyHTB9Pqps7tZd%-U{Ln^1Ln#-eAi@~T<ibQQn{D!I>nYO
z*ZU7!b1M(<`Q`(nUrn*`U15P`XatoG`6MoP#AXIE(Ze3f7=VQUvwG$QDko6XAv5z3
zDG3PwFT<lv0=yOMIKM~qMpr#wzZktSYQjq8@KMEuz@z%oL^!G=Ix3jqwDxk(ic&B~
z$d~-OZn=AeZdrRC7e&PB<f`T(rcZ_;K1BnQ;dJaZiSodn_4z%M;dJ$6r%U-Cs`l?T
ziN54GJm=_cp1aH)XI8Ro_?eWuY<67N{AKsWb%QDs79}e^g;fp{Je49QHN|9MSrMHN
zSdvcxkLx85FRna0vjs3}jK8B&A(B1QVbzb){9wH_{Yh*dGHI$`+~QE4!~;`ZgX%Y6
zp3af`z3>!fgm)=R%(yA7+EC)x<*Ts-^%X7|J^?*UZxp>7rlPjoH<YAk)2B)NPp&ab
zES_dVm1mLC8zKc}4RGcVj{sZiKNl~0&+)`(HK88YDy|C&%;aOD{kZVN(>UO@p;CUk
z;Qbw4YPYcblU2`h5n^$*7$r&@T=IS2!>uq#DT`6jbi|1)=vlR90*b|dAQ>pT)0d7y
zZPO8^g>m8%q&wwDNoQ!5eEAztz=c9_#f$3{=tB1L&Cw%z{9!8H6dF`DhIEJPb<{Y7
zr`?2Wlsr>)jqudXQ7ddKU2*C4y^5`G_AgoAF8nWF-{l?G_vxth{axhxE}L-a^_?cg
zu5XvDU%0+`ra)4si~C6I;y&Ez;x5F+^~NS%_Ki(=Yy_tsd8{QEdwxzz@&&R~OryiI
zLQ<9(_J99%UOz7dIT43tr$Z^At@F^<0rN(CM*>wmJ{Bz_>io%9P$RaX_$7KruO)Ng
zyUIjfbBzJC>)A}{sPPihaZAzh%O#(e{O98(?|I%S@786^DIK@;xu`95^1B7^3sGD8
z$H*=HhiIjXq#5?LSiW;VE-CI`O8I4IaU$=;eO*?BYJH5cS=~ZXGB<@sNWV^hR^MUN
zm9eS%^1p!v$Y+VREVyui3+*wxiz9oyG<J8Vv)zpvitsc7f%bUE-MzXDcDLuFEy2=g
z{Ftp2<>OX8NE(h-+$9v;!`RZaD-HP^{D5YN&oe}}H@Gj^q>7wGp&b2tyLcD(%;w5>
zAxo3t^bPMRc{gNd9?EPXgb95`?02H%Ei{|OU>yJs+VGc%_PQm{!=Y}I_#?;|uPNpM
za7xXtF{Ku_AfXK<J`uo7!2o}wrSy~Hn()4VE>x}6jomFS`GDkahs|$?%|C`l920%R
zGsBB1*}riLML#<EV@_fGkFM%NLRB$ozL+LnPn~i~tw#~Ce3&fgplE`ee+uPi<vm6D
z2&(hsz3PhvsA6apQBm*4bBv)&Z^{Vk5K%QE7n&#dOssDnZuo_?(<!K|u;5e&(^Si0
zs^u1;dN&y_4t1p;jGW(>df+iOzxJ5<O^BMGX#YlJ^AllyBF?XpfpK_#YM_A76V0rc
z%`6y+p8WZQp7d!UdYXByl`Hm{uElA&*t7t44{^~G3Z#)D(pW6v=`T^(*wU^;Dtl4I
zbK0u_pxMy?`h*7nbnb$d;EM2lof)POJOZPHQV+K&vqpPZls^+zB`p7F0!6IZ$x*}_
zOzdOiQ>Mr`cnc5vD%ZE~xLC*<E6RzsrtPATH7Upyq8psNRoy#s0QVjr5x<CT!^#xB
zcM<^LoxTrt@H)GnqBP)v9+A24jA%^bgJjHq^5#n$^IxuuLHerR{<^0cEYC}8CvfU3
z4i?|02b3|->6Cmci(E76ljSI}>9b`y>LuX7B5c);;8?0YsQ4BuP&Kwyy<;RRo(jc3
zgo{t=#dD#z<E*#tKB`saYY~F-ZT$>~>NJ#M^hJm2K5I>MXF;#(o3CLain(gzNaj^A
zRb8il%T+(nzon^f!Z)Wps%{N=U$2J`^+T8%*`Vt8{kdv&sEb9RE*=SWF%!ON8R(EO
zj5%bNV=tKw=8!F)PDR0i<Xx|lK4K(#8l3kW!F~GUaPsS(i0yg3{q4{`q(6<arx#6#
zus)Z+B6Ii)hKruJUKjHyJz1njpxBfzxT?n8v#P~y7g_kxgX*7#58yIenCD-lAg?Zw
z<4DqiZ-|VI6$&7|oIG<-t}|6P;>XCodNj=^{%ZtPS>yF3M_CiK_dP@H)P&kTa2^sV
zz?JS@9t@UPNS8wqs3Qh52hA>gAJc<m7=iw2S%nsILlO)(ByXPqA-5y<oQ7O$>B9T&
z3Ar5=B{H39nlW-c6y;(T?K(y6J#2t(JE%{ozDk#?$sgD%+3#h#@6l=|Z+qKTqx(W#
zfx!`Q5beEj5L2!A`uk_k2)%w+7j{<{*})4(;GC;!e?zeP1NDW2q9&BAnugNIUacBK
zIm&*w=|f42(}$7~$A&Wa)9!32^Lrbi7U$eE-&0z8f0-zk3=-GkvbdoLepy4~yR{46
zzE>@onORd%6+{sgEK^1t8__JM&z1|&8mGr1JqW$`!QSOMXpFHj*Hcop#V4{*xO>#;
zd(cYQdaru;?xAQ|#a?1Y!)^I(8<J)i`qVgmO4HcyS#fMi&l^*ES)Y>S(<C;fmoFPY
z!DpwkdCgyV|IB-4EVv(MQlFbLTc3^S`vZZBQ2llSvjcotpUAXNF_gP1kF!Gmuh~|T
znIJ&KRC9f<g#ea{d<h>8VW7R5{hX@*tYHIfgbyCy(iF!g(8S8O>ru-FygGslr2>8X
z@&Q<9j;Bc_ytZs~2$qdQK{#p+@`h@;WT9#tvD$nc^Mt~EP}l1}5KPn$^&j}O`sQ`a
zl`ZnnAkj+`s%uSL$1tJQjV8maF|u?s;u11N>+E==**rVj|Lq&W>4uglUI`uSDFDmY
zt_z)Ni*caWcZmE~U14Genw`S~>a6h={TS(I`NN)<I?H$B<Cty-_cTKv2A<)Ps|Off
zEcxV2`8=nC*vkyGP|Qs`Ma%}B7X9EB^z8iLCYsp6&6Si}IOEV-)Y0#-L%W+}kVW>t
z78ZY8caW)PwsG`&3p=z{{m`;lxW0tHJ~=wH4ulB_YSy4Bi|Q_7kbrMc8!{MWnX7)1
z(a~>Fs4k0VJDM9+TCSI7M3q*>hZkSn`Q47-B{#hb+w^+n;+uZs#~n9)L&q_u#Yb-X
zVRe2kMP_~FuUVmD7GnC%*_QAC$HD-0oO$s<>fxXJUSg2XeiS=MWT%oSePcuLSLTl6
zeMYxsyyTnpWLwLAd+|44{!hOdL-hjd@9v5_1Bf(OVn*YIu1I_V`@&BHgQ$bQ-4T4B
zH(b4is_Q5vbRskfT-`<t-Br@18M?mYh|UJAzAFGvXJQZjC{oDT4SZzCSw9~cBO&Ao
z`bt}*gQ$s$2XcX~XCjNcQ}GZk@ZVU>{MwxIRpaaPuLACBUsT&9YMaUh#-63Y+{FfS
zd(>cV!8P`db+Ed-qw0Rm>V~ko=}~p}u(~8xH!G^{zRoA;JJ;z1_mWrT*iVb7r*Tm|
zjbU$jmDS}()#b9fCs~~oRae039%OYBqv|HGx=E~Va#Y<UR(CzCn;KO&1r30rw*Bo^
zBVO-E-C@uF*cuyuV8a=s!3)@6Rfm|tYxM?m)km?xTOAs_8)`5W8@$}1!I?8g41^o7
z!H*ppq@Oby^u-1P&c!wue9jo;sbq|N(V@X*p$1=L15<|v4}@OvJ~p_cLxVG+2EW4w
zKXzzv^LeAeBiJAherj>rRiTiv=lTucw0>GID$udo%x`uC(fGffZunntjPiz#I`H2p
zr8JY&L+|DT=!UA0h6N6h*;G9hprD96AN4m7#d!7_gJLN9H;eiRbn!l~B|tmi`RU4X
zcR!}p%uuJmH@F%I+9>^%8LC6CoU0Z=AKE~@Vy>DNdTKCEE<SQ<%fH?cq=-usNHAt#
zEIJNs#GXK4Bp)%e@A_iY9ViL(4o`v@pr-T)2B<DQf&p5U9>D<p6@I|HuGHh9{<iM`
zx)vT^wu>z?s)Rg!>7ql)zwYmg?&46Pb<=Ba3)Rk2i~Ab0cJwtuPv4+_D^W+#Hx`z_
zX;*<$u4?hzTZLx7zz~-39sExv?*{bwQcW;O$^Je1lhgWZFS3t6v5!ATu3=*z<8|x$
zM654i{NY~#LG%K?=iCz+-Y0a=9O0kt!verw9Z02xq;{U|nk}?-59wW}sMGbf=hW12
z6zmk$sTcnM#i%dP^Dk|2$JfVkO5s$|+ZMlYA!f~62)FO)rlk_!=m_o>6;etll?a{~
zYqdW{W!=S5AiM>l;tkgt=2%Z-5!r5d*I;?Pd%ub*aA8#=1u;$6^T#mr4#Vhb=3}9V
zbc^9mr)FePL^`d4h43Ab!cio;*PT6)yRe5_&%@S@*JJBGqoDOVLy!LB%`A9b4b(+u
zX<{}UZ(h%=lfFKfO0AsEo>BH<QTK7;3*;#n|JrR!ljL?`Rl=)(WrCmwi0dA-9DZVd
zAN+*2D&3dhPs58d#;s3z#7rjm=-MaA-w4*hQYJ7~4$P2ib;(CiDK5grpX|1S1+sck
zrFhtf(;}vBLv`CtQ9hj4kgihV&q}FVCfc)_+&4w)DfgB}+q);2uV?zoM$}hc5$nNe
z(O%5`2af^Fs}B<o<wzs<-d|;iij*C4>ut{rim98!zLu6KU(2+xujNJ<(I)rkXkW{y
z@swQ`;cwYL(%<rr$ZI8L9tzwSM^Qb{-r;vWGC6fr`~VI{iSjBbTvh&?5u7?8egMg_
zGUJ%=q71GFTfa9!n}@BTpl4<3{B8nC&9j+d%n^0`NsiO6JJCV$OvKLtN*t{7`DJ*(
z_E~v7h8i%#tFB9AKkzyvXC-1#33%-scn5ZAq(v!HzfWUtHM5x62i2bj2wcbf5P#uy
zS0?7}gHNPU&?ohCV3y?#PGv~^8w@VVVh~?|=AmZtii6FNNRAlVE4ckzNLRbHlMN#f
zx>5(B;|zqFg{m#kag@3nx9W?GFz5)?sP%L5^&**6)L68aV5i>G$CHNRNz=!ZA<;@l
zjwj>N;~5+?9`r|u1ZfzHBVsI`ev#vN11~7Ydww6(%=k@(Z)i8`l(YQI)HsB5v(;gl
zZ0pL@rMpdZw10o{GERoQSU;7I5}pBf_UzbBER`z9UfT4m=7M2*CYXR!{_R363(~9I
zNIiWRU^fuYthTRteFCR;AI^lbj|1QGsfe6`GSZ4XEMsN;EJKwaZmpsj<9_wbwTKP5
zDNGnIrorzF_?^psCw%!D$wZsrLwyx`4h%bIge(6T%O(xC67hIrFVK|hv<z)zC~*17
z9ze;i)COri(SW<2t=%px?1z+?$Z@|=#nx+$MIFA2Eo%OW%cyJT-c*XX^1&JwKIU!s
zjE-Ne$H^_{>y#oBo_{!@ld{DJn}BxJuFPx|S#V+9UP)M$pBd-Pd9o{za`zWbA5b{^
zai?7GIiP)-SyLAszr;!cpM3Nb-b~h#r}RwmY3ggsf<aoqcoY|;7=b%nn8%@#9y^19
z=g1SCoL;9Iam{>1EVnEM)6c-fG%Jyd2<JaIDPhp4b56z1attf?o6#A#jA+f<B%4I>
zD+(1%>^l0uV@&*7q8sH|@q$;Ti(j#w`o!CP$Xcn4df-AgU3Sg2>et*9!>EsN4?c`F
zs`NIq)w6~&Fp~#0WejD~7bg>gyvM{HO$>ULli0-wF;&kD0y#a{Tn42`U{}IZl2T|v
zS4hTuJ=O=)9_?b`5y<usWs8T^dC&8(ItLKLp)ijgg<n6a-+K0t_cA5e`uNTLL4=#C
zD|Ur5emU(yj}x0@Fq{0V`&fx(yyuDt=?XT=3E8;fuRNUSTskgeoVKY#^*yLSdWBeq
zv1{#kibsV{aTXN5PKAzeVJ;M|ph8!;&>4N4rw5H2#T6VJ=PAM1^FA}wpgq{13ry|M
zU`o(P`0_nAC<q3Fu^JywKPL5Gx*mZ#8cQ9?zGQZTdQk^bwE}wAK14moEc|mj{^=eH
zm&A7)z=alhs9JlOl>>YSO)Pr6C+b5R#O@~<YNoV@n0nkw_3J^#wPkHr#<E(~_qwtU
zQ`7@5?AKK-f9T2#FSB+se)X2Hf)3%@2;_!9Ebmm;m9fm2DSFnHW3RCM+-aTX_<n9C
zSuGEHENrz*_I*?JQ$?n<Q-Dt&{ntL6Zf<s)N*X?wZ=nhdhBW3j6_&bs3nR4XNPJ@&
zI`ZZU&u);Gw(BxE{RBqKfzVGsx9X5b^e)Qb%EvoCMF}iAmH9@cc}8=F{yT5l1SKaM
zVSU=!{)p@Wk@cgvOvT~2OrI~_N-^D+uE$l;wS{-pWgardP_>vT08fm@y}#0-6tw}v
z<&Y<}X(>>=gNif4AaN}P9XRR`{6&<BWvl^{c-UrM0H_<*0W7c8+oY(4*dQes42KH*
z+RXNG_KwtOe+;FFl0CTlm7sNA<`(sV6KM1o&muRQ>sZ2q2z%QM&OMl=XsE=wdRMc{
zMb}VI@qpJIw@!xs3bTRaXCrsYRI#FOkoL!GxwYL4$l0k5--Gw9nr;^fBkj8iO)_e9
zqh7SLkGcQ-!ts;<Ev6BKZvejDc5(HLdH4Tj_Wh5|Kug87pO;L3B5TR8zl!`OQJI)6
zp5BYY$0{7)>4Ru$hf3pwp?^fMCVSnVu8bUDjQyFF>1oS`TFH_*GGS%B=*weqz=*2B
z_l7*wo&W$Ia{9)4mPxQe2Pg)YW{tk@nx&-|j=}+RmlP}cV=2g#u6n*A|Hoi!E${x0
z{2QD~DvOeI0xgb}9N@1oCXo93`-VW@rr|Dm@o+P`WXe0qu}gbZG~5|3VowJg;%B1V
z+eVShB>8-YNTzD{r;=bm-{`rh(4s(nb7LauODsA~17alEH+Y7ii{l}ox+_X1x-*iT
z&*tYG1C&~*N+JUy56j1Lf|l96o08<Z?O2wHWtfg~%wn|H`3FLCb&GotI(Gsbzj74e
zIL_0(KAw+=#|F=*c<iEX?QlGEqiP>$MwW+C-G~a#?prk>h}vAC>LIkKxjSP0JLbF4
zJ5pcyB$0F28w8)7&YfPIFP~A<Y#m?l8jv<eu%W8P{mJ`0Ef0#MDLTlR?pEek5@{rn
z*<v*Ev}k)YlNP6O5dlkq$kuje>g?ZcPwg}wc?rYShB4$Ym<gGZVtjv!H`g3QdoI9h
zBut11IoBd7U7Si9?1kAi#$$1Jm*l~cx4>);yw2%LEi}?eua9y0UCDLs@;e;hC?NU+
zIT4<}LP2C~jC(?{F><aVkKbZ>Ad88SV~Y%l(f7)hV6kst7J3kd9A?)fTj8}c;IX?X
zHije@Sd57O`f9?&BYLcOM_UUlHa{6|r`qI};6>yQ<ic}GO26Qef6`6NdJ4-=k_PK5
zTHFgnh!&Wb(h8_e0UhydIQh6RV!Fy)Y~<NCtKlDpCtPa&NmL5V6BOru=8l6p5z1bu
zB$0X~iJ2!$W~VX>{ymC;EmW7XP?hY5Mfpcb7{3)|NCK&a+tsU6DVD`hQC86}Wh_t8
zEc}QrMZxJ8k(gBA+E<8z%g>yl6se8n7sHn&vD872z`wgyz;4SZB8Odrcfl5Yh3_hL
zqAAoV^`jKDgE|anb4qnh*&?U?1o~IAMhLQ2p(>4T%RzNT3Jy!CqNsq13uq}F31Jz@
z>ycf8t>TJhScSmLJV*S7nEt)E^a39a#{m-n5`H0QgyVo2s4|T4(Q4h3ipSe{hA8)B
z!5iQOfyvYvt#{P;gsSg}X@EP{Y4!LOIFWW7AYR{a)<-(bIvEdW;}x{LSO3DX={7@M
zL(_eqGZcq%oG4E)2e811ub93QSOz{S{K!!#2}Xn;IhrpYja)yurd?-1as9M=qU58$
zus;lE(lZ!xN25hdfkm7koA%IKw4RK`g(0&`h}b3uHxngrvg`wZo>;teE5U3y=n9J*
z1i(C1B`xYi-|!5r55xEQ@@|S@185)i@HZ~yCRFByBe*z~nQ&;nbK3XKi+9R<aSwWs
z{gpa?Fzte0O5Y(ZJ&!Y7k|;H-$2r1poZ8}793SJS_Cln81&Tg=g>*;E(99SpA6`7m
zsmy3&);AH6V#-wv5o6yq4=$bG>90oixM2{zx(?{2Grf(SuO*2F5YXvb{1;kX?WNfG
ze8{j%_9OHAy5y_%6)oTb8^|S>;>QGa(|L3}m%mdNokQ0S1L0UG&Vle$xjq%Z{VhWE
zhbSiS*0;HU)oYiUk3_r=aLNTP9P#8XVj&uW^A1Yh3rUM_1m-|Y*YMd;e9s;jFh`QR
zppQ0A8~s}3BblvgDm_~dNc^0+Vw>Ugr(@Jk@ugM2s(yuW3w+~)6tB}aJWdRLAvRwi
zqbekc_EW-Bt7&a!1DvHt```L<9>U8+v0`d3mQ9CU@&(Mc=tCLA1fS_4HfCo%ir4Bb
z2C|GqndF8AsO(~af6iV`n>i#L_y^&rfx!_Gv&CH;pW>$;_2+*0j>E$1bpW$0w$||;
zbZKuFo6iBXc={CkOyh7oW*BihG+jal3B;y6g>j@J&nJd8g=LX^!xP!E=*}IHF^gP^
z?Qj%u;<=ckB64=xHD?$-C8@*NY|^Ck@1-c*1m|9rB5)I&do`aBXYWZeK#hDv1h&g8
zJpBN&JaE?7K!8y^9K#cqUX(uSA#UXyn}{)wSkzM(Hb&GLgVN8cTcPL^dOgrxU~E@l
zT32L+Q3Ao5Tu)l6^+4UsBAYY8WN2e0hEbG9X=y~|9@y1~fe?NVzzVzi4X#7FQ{E5!
zsXBN7;`D=({1d$th?GF-6JgeKwUI<$@Cd6HA(4Q;HyG`6DZ>GxBE@ENrtg)~x4}WO
zP^Rbus;_@bFpv?%qnd+(kN}r-iP$Y1C7QXnMItxEFtGzqQXlM38+fHNT@#m{izY7H
zp+q0o_wsfixBo?h3VcYBqN6q`#P7mI%&FYq5LVr7scP{IchnbJco<w|*-XyUALa5+
zUqZk8M{{fDa%iaojPva_3y00Ps+Nd*myRE>KkwQ2g_Gqb(bv8F&WQB(a4~wPT;jA*
zqB0l`JTnGc+~3LxmUy8jOu87U20&C7t&gaTL$0;EnjCNCG+3%GqMVo+zT`#cr*p}*
z5~ZLg|6L>{)f+uFsbfUo=1@@JGa~PI@@L4Fce7L8;*>Y4yZK!d?n#vV2jeICaw@cL
zE6|t|_EB|Tuiv2*(=NJ09gutrEaZvhGvzu2OBbQ1$q#I)9~B>JLEHdNt7D#-x?c40
zqdQ3w*7b`>{u}+%Ly2gS<G{Vt?@cKzkr8D!O2-Izl>3NXsA4nL=7%!BGJZ0Algzh?
zlqjhb4Q4p5KHoNvhp+ST?eMt(KcVn39{wx_9J_$U%UAFHHKX=sbUsImUW>j0-`-&)
zON|g`U8(!upWGP)q6yQz>etcvUCDL6&(KRswmxD~^p!vL=d^c2zP<Lg{<;7~K)Szg
z^SdW@k}|O2vs5l5xp+Y@{5uqut|<AZ91fjI5y0CP$^T=bByW`bfn--^^Tizw(I-yn
zH-dAe`qAsKcM=qAFBRP1p&H{W4Ahx{YLD++{AaGzI?2Bey$-FYJNq@NKE5iDzr)~F
zG5Wkvm`~4OiEqY8oucmFx)J?bx9hnsZ?99YUAaGadj#+s{_8q=wHSf9&!MlumMKGE
zkpNLIqO7ZR_!AJ^b!g*@hPzC~^?9H_8v8qa)2w(0^P~VK=;Bxg*R`b=D8u+rZM2bK
z2{4G(k7=~fX#T&lhH`o<PcNrD-9n1nP?}apLxG-{dkL3UpFbAP@ppQ>gHFeLW%PJ2
z>wLTe|Ml_ix&A*o-g%Rw#yfp-r{kTi{>$Ud{LhZJ_U5SZzJGJ4<Nf&HzdYWh*ZnKw
zML{4&8fnKd4u(N7M|Wgxo36u%R7b-UCST_#$oGswdL*)R*eKq^=nBHBBCCyGh7l}~
zJ&+e#bp44F=eH9@0xy>CLCH<^<@%k{iqg5N?)0nJOzJ5L>J>s8ln^_d51T)BB47CU
zf{WkfO5FyiV*Ik+*)HEb$6TpjIlOxXiLc9B)_VX@5EF*};sH-onC$FD80w{7sCtU7
zcT;SZ%AD)CvVbI0(6&iR?;euRbR)x3PQJ;&Qt?h@vL)n$4_HM5By|p6M=ti(h|ppI
zl$QZ=4mv)y5O&DN@pj%6d6Vix?%gCNCMi)R++29kyY004{JDM{a}s0xTr9qsj7fi#
zdn_2Mhho=l68%3W<6u+2Lw#`1$Z%)Ct6bw)9U705@3a-FeE}HvU}!XvZxU0ti{3}u
zI8T?#9KPK%O7s?4<1)9vk4oX0S~2}sZMl^PDn#WrOYX8P9_Y|9F?AcPzQ}(G1veUW
zw;k{812~o=i}~Q~_;N>(!l<+Z*QmX*f<VXH)^lEeQJG}LfYzdS&u)x{4F7&7+M5@2
z7kya;#LHKrA{e<?->8BG64{rU)wfPtaIvg)hCZN2i1swbMg_+r`cl`4KZ!1XLzhbb
zPhH?H*JU-jb4Wtodc3#6EJe6zO#-T$vw>JAhXn<C<PGjjKLf*VclvUc75j!C6fqB!
zd;$4a7R<M=1*K#KOgd~oG%o;HAPsp<InNpj*jt=Z>`OifpJK5>pV^}CzgX4eTxe-=
zcn^$&JJm7xo)IH3LshW<LO;%Bzp!9XwEy%tRXo#=BgaPjk$FedH<QULNsVjoN21%`
z!egQ`M!gbRF%7QzWHJfF)m>Nxq<vc*Q#y}(ktv;TfX@hi6BkY?5-}|Eut{kE6)B>!
zFhd-+FkAGu$BVw?&El}zEOb%jH;HS;(ZD#1Xy4?12(id8;JIO4F*<EJuy1Ghg#ydp
zAnyWp_t%^e61k}dI%*b+OmLK!VMIgD6Imo=s3BQKUUqm*bHj^uH+mxd;jYn~`j>Gn
z!4B~{O5|^h%<i{|EE>YXG|YvReiASDz>j80LCi4<yEIO;H!iTFY{9#`UG(pc6XWAE
zH|ACyl7xcIPG43d3ufIacu|Q(!K{7k7zFUGPWw@G4-|?TG0-Ij!*<Fl9OWFL`mbEr
z-BI1u9rdySfG!Fhw+Alire)FZQRc&fPZlG>SD#j2PDVf1F>1+a+~F}!`9YKpL2Yue
zFXsS;sxD8)d)NFlyagc$>hY)Z00K=1fNgDq?*N7Q2ij;gjq2POs8e_6v;-s3Q||wT
z_~`{c5<lg97LA|&ZF=|CJ^!EH{S3WZdGg})?w_F#CGBDQFxQ|D%CUcoKK$PY&o{<J
z!t?CLPT)Bren9&rU>fEe1Jh_r2aMqjSA0(a3#??;x0>{T<>smyw?}IJ2~||yx)h8D
z(Ytg7h70i4rD0A7tKfZ1KLnQXl{pz)*<Ro-otdzkrb;*ryCpffLGtCGIVDip`KtOU
z+4L`J<J_wO%d4W&Ehfg|!^it^+8<C&_DSgYTppV*-8lvWVpg?t;diHSWe19VS+9vo
z@`(s=IKAHh0{Bu3$Pp8vg#zN#=mBx`m^Y?yR9Pc-O_pP=g^P}-=z@dQX?u*Jgob)M
zfdrhu5HH8j0xz{4j`*_P8BSl}F?h~<5Ds_^9Qj08qg9dXBl$dL^(B({F0pb#Rc}-d
zDg|aqaizp8l60&e7dYA8;n-y!Gmc$Ybofv4WA8D3EDg@vso8Me<h|;k!*trxLh>yX
z%vdH`gr1Y&Ut*MCqziEyg=Vp#kTmOcES}{*cRnX$k{~4xdJ}zU!#dBb%4Es0$jZ3~
z0@MH*FOFG}I|8GR_T%oT`+tF6Enoj1rdQ{t{(pM)GxVzM(0`m>eRID-uUdZm58Y=_
zAI{=4Aaoazjt|ummQV_$FGT+#0P_tbaI5W@5{C)g2AD>WvfDx_%u<}GhXC4pr&C0?
zj8ef34{qCD-Qu1ByfQA7Ro(6&(S}e}!BGf3r@R+CYK|Yltw7*7A@PS@sfStU4khQP
z(_W!sMpp{<a8~Uf2TUcj|1-3QN8uRF_2mUiQ@6`?9*kg@Pp>tiT$PCYH*nt~nH_1$
zsYMEz4N`tAdiO2RSI1YIj*8wgm2+D{{kLd;%B*3kRPzL1@1xAGl|LGzO$%>%ti6-a
zt@L90m!&_kL}^YIG6P221sw(Kg=V1&z1Ljw1_`Zw&ZFf`jpsgX5W-Wi4(^E(-jCpJ
zgo$|Up9x;FOjWYB>kdYG2vz8~AhRY|Vv#pg)p#}p&f@EUEG_E16N&^M?nJkfXZ^Tj
z6&+cXB^X3Th2B2Ij#2@0^jMoqH<=><wMR?fGPUXZ{%A#P>tVFUmcR^n<jh0bV{jmq
zTf^})KhX2pJVV*E(JpB!GezvP>dn#QJ2H(~ImnCA7?=zU^=Eu!cj(068K>15OVNP$
z2#UjB*wmkkjo{$vD}PTW=&QL{<IY~fB}L#3%&_$JZ~AlEN3j0U`ZHachqtEF!IBj8
zO=xJ?J^WoxJ^2@mB46)lT_5KeMK^o2feDsmkU<fN@za}W=}Cz1SbZQKn9DUP`ZR4%
zOysnp$cIRWh1ymqB&XSIfDQd?t}A^%=2K!F0er&^(IKl2*{?ng9f?YgjTs#MDuB25
zSc@^;EXimzJixB_C*NoGqdy1FnKjY+Mdlyn8#Q!N$kXU{yt+Og{0{w+ZkojWl1_2V
zFR8ngIU6Owr;gv?@}HX$+^yfojsCVy4D~ky`x9AzDSCf>W}wpHp!!Ka*55z+8U4Wy
zk=$kwy|FN*p)d{2!YhFX5tWJNRzL6Q1xx@S-97_y?ObMSK;F}hqsz6Dq*w5)VlGt#
zE%Tu~XqrC&<_@T@3;Is%Z@!*VxQz`4InLd6=}n%w_g*VJQ$yyMQS!Pd`RclyNcrmA
zK^^6*xW19k|J?5q(KmKGfV6tmwPsk%1gCof7pbD~2IGa_)r9E-(0t&M5@y_o{2K6M
zMY>aO&C%b!3nfKXC`!SihN862@Ec<<n8g6=YJlFAGTywBcMp(|4MV92g;*jR%vlvl
zX!)z;SsZeq#nDjMo8GD9Sy#rplSJPltLoX+4WktSt;&N_RhXjWr9oRpVWaF@C$|=v
zdCbj(1nnFOqu#7Qlg3@Rb?V?Bx^Z`qFzlISJA%xAPd-PF;CsyK5^RhwJh`tMK6OW6
z*nxf|+nP=fu=y!>TUzS`_W(2;xT&=+&hv0<oyp^Ftuwp3D1~WqQCbpki^>9XZfia7
z>2il2h!<`x-UH}-Wu}tA+;VuCQfT!~vH;_-`@HA_jzGE1jFDVrRAPEYVlYTpp;a(_
z(p0y?+uXlX3RC2w6nLk5xl(A8i)`>_&lB2jMekmK(q7ue2oSJ#&+LI-DGAr$htho*
zd<fR0kUm&v2Q9$g!gSoZPD~N#J#ZdwH%dtxiqL!xwR%hWU_Iu8=jI6IrX+W1t?S{j
zXoHMe34Xf;9XP_ULQtfyGpvI;WJwb9BQ#<ZznFw**A@=ieN}^_jrHNca1mTR&*7_H
z*Zv+E&0Bc-VZ*Rml1cX1t*JjQRp3@e-$VB9a1D@;0#pKnliRu>&XW#*O`dG{YxWeu
zU*2;oYSVLD8+f7mPh5l%xI<ZxLVD<0btGU7e9qkng*LtLQC4VnuYtley>LA%<lS!q
zeY3*GoEMd@PUTTm@&+p^?u4r<$uj*toc1$|UG?0RK%L_9mzD9Navhqt$m`W+>rj}<
z?qZ)Q2i7_+G`gyL=>l`Gogj)(g)!E^Cmez8I`VV@jNg5>g$qBJj;0|SqVc!&Y4jL|
z50v4-M=txQWFHvP1vu7~f;)L7@3}0qb!D6<Tl*ET`M%qF2gXfD00yA-?m5ql4pn)R
zcM~ssvc=bXi?>$t{|MKvte(KRuZ(kFE>546B6>ISqVUN^U-HJKei;Vf4|Eav%_~iw
z?kmlnH0oBp7rLE3$#$`}X7_e+dQqC_ZN%ytpQ$E+YE`JMryl+SJ?Q+gz1^J}MzU%$
zrES66k&ada*PIUqBk&&yb|;!ik}nsUVe-mEi#*99qt6W@AegQ^(MqTg&Y?)zG>hQh
z#1uIC$|OAf^29Xbe8KtqTUYW5dlNsDgtxll`7;ONf0Kmx*;|p#mE)Pn2>4$;6Rh)A
zl(64o;BWX_N21T(Lr9cv#BhPo&lOar!S4+C%!N;2=NC>5qv~nUY?h9rJGUp+O)~U%
zWZt7A>Uo5>+&vK^8W>Bhdo+o2z-q{O7N>8zm07*_ZpfpkwkRuhcq>vkw;=fzTG3bN
zs%ZkM3!J_OGoWDxw8(YfWZjoRiwq#5wO6oc$rJ7sV0j)CS&t$#oa(?;poSte{QVVV
zrmdzzLrE!`21FrQ@>NVj=I*X<5#IBrwdPskJQ!XsSyC3xB7OQ`5=qbMpa`kMzGe*M
zI4z#Cp&wDF4y3$q>fC|M<JtTcnJ-|`U3$@}H&Yq^P@+y4z;RQFhLk+MBZ%}vy<q^y
zh(-G@Ml41{O=*Nav;+-bVA{&0Y~TGn-1_2;{Rn<heW-kh)AuM^9Ib?_eZDy;3HkM+
zlC4(0VM4z+V3ofGR(ZTqTq1hw#C+c))C23^5!_r*-I^=>X+wD`_5$}^y%$l)uftw$
z4E6FAu)GZD>5dXPKEpPr!t5XfxDQE#w;VRKyX0G7C6f57y9F$RE$j_tu!W0o8_x|w
zf4ON?Rl=%Z(-z^z?Z&DHu}XOuk#4*@mr&xBlCof$w-|}u0U&ydrisdAGmtx>+Ka5*
z#_in@b;bb|R~F5JwzH5G9i%R83kH)OgiD7`S8WlKLG$G1fo#Vk+PHV1Ww`;v#040S
z1dcCA;v~SLE@d3eRH*I+=rJ&WkSo#AaJu3sdYWz~dU~aq=;>AFD0+H}PEOHMAI?KL
zV_ym{$JCVB>}Q6$?WHq8@1hd+Q&bz_r}7|Mp<8K%98P8aG=mC@WQ+!vm+Fn>R~Q$V
zl4vSSB(0}rHL43~0h4e6)&6avcrvYdK!KBKO#rB0_JoKqU48n+#ij&k$kl0ZE~CLj
z)8afUwRfXEm*#{#?v^+9=K|A+_EyH=8{!I2=PPqk3aSsGk)iO^Qo6X!u}c2^7%ZRU
zBL&<_eu6JQBM|_21BHT%b1Kt-Zl15Gz{u^SRjUEIxqETCqdu`Kpn|x9WiuJ!+^fFW
zb13KH4`Sk1G)#8cPkG+b1|m%)BTo5@DwSGL>R{CRoXT*ULwU$TOu%I{!MoshcJ(38
z!T?5Gkd#}dF$x|UiSYE5bj6Msjj&vRA{bGxm=Ps~M?|~ws-$>kDYy3iG@cDelDDhh
zJdU314eYh<9GB0NQIPoqtOsEQ*YqD?MRq4L#E^l{3gKseuRj}HpKssq*$jP@Kp!IX
zAwnOq@is2fU(axVQgnZCZ722tZARK+v8m35IFZ}`F1j+1+18bKkvM(bmrkd3$2AbD
zUPRZ>6YU+&SNJ+DpZf*8NxrfWps7`O>MP^Mz<aJ{7MiN;2mXPv4_?1Syn|m7-rX$m
zn**;AerxAFiJ4oR@-b~zzTCR>01T&sen<M(EpAG5D)~(Unmj5Ms>q-5ehJ+MeK|pI
zgXBNb#iejAc%75?JAfl80FI;xSQ3Y~Msg5Kat3NdZ*81t-|BhK0a!_rH@k<5&}X7C
z(%M+2iEqZi%9}+Wkk09gvRynNq~Z)o{#^2|PlQXVQ^?<qwveOI7P27okTKq3C1<#L
z`a=^Z@%1no#vXZ5HPHo1(7wQBKjQfo`W2zy5>%H*cRI<JRgN8x)jN*aAL{?PpY0#+
zazLg_;KB#HQ9LbzL4?(h*%l~~h(SyxboIcgV6gMfgTUNP?#<*HAvg=HothM3uNlkl
z%|08;?_t!fU&ikVmO`swnPdgl3jR%m?}ZugI|ErR_zm9+Mffcu>jl5jC;&*=q*+it
z4f>h}<?uOiR$Vmx2=K%Y?&XOe+{ZJ1@Wide4^AfeQHAb!z4N04u5!BN^c{6E_w$5X
zE_y#FW)!&NhN6t{1wHzH9?SWCIOS5D-^Mv1&aWY_H$x&tR-Fs8A{VypOX9+;P@bZf
zlXLl}tULwE)AaH*EPsQQrvcYy4smT6$hBSQLo__Y$e9v*KmUG?em|e`bvOKyq876+
zY3g|VqTG>zK7>7yy#0Ai0^`bNZSAMu`u|k6BUl<Ep922vIr8{}mN!AmPUN!&e}tEF
z;!{{=&}}+jBM4Q0<Jfi2(~s!KD7swUMwiP+1JBTsEwDzgJXY!kBVw!HeW|lMpFx`x
zXcMQmNeQt<>#*J5Sv!;auh1?H+L`orX`yyF3iY?Fo!Je~FUo+n1WSo(FIWyO85yPL
zd$UE3WTv`BFjE)jnbtjovXmxDl&)llrcbHswD)wjNj2*;5~@ximLC%4sMJH7*(8K2
z43-_ZE~07+t1=7K`N)Ue!|v~JUY2siZ#~8lzqN?Fg!}?_;taAmb-Y`=m>}cIQ1Hsb
z?BqlVGvYkGwOc|h(s}GG&YcIHrF7QWpitAA4xMS;LzO)BW1>N&U3yT@buuV349XU2
z@fpp~jO;O9{Yc35j}HmfI|^DpelSwdf-(~C*lXJ)jDd%qEFpPIfON%FZDG~#L{+~T
zsy=p_s@FtSqw{WO0-HFY+K(F@#0)7N>H})0#V|Rc`U(Vs;qWI?+yl@nJT2+rT)N}L
z2d-n{o~-sxTF%y6_Q00MKVdCz>#XH(^_FO5t2XK_Jx~}SKVo7zCO_gmS#;3L37D%J
z+3|;A_afiO3SEvgoOH2AL!u-}xy^cUPV#6BC)ovf+j8I}OASu)(=J2xr16ZCd|X0X
zy4e0savl2H!%=^|V)~mC)gK(nY_bx#Ev-YJwH^C>m-YErOrMuW^=THW4!2{UaQD46
zjnt~ZULlvcZy|D-^`W(@`no+V)naxeA*t5ELyVJT9Q-l$hTD;otY<jpF@uu~^P0!h
zKA{#ct9wIO2wDhwixX3g7BI#M*y1*5vEpBnhux*i!>%p)XXIg5lk6zmRP4YRK?ycx
zvau|B#pjdg6=}cZIkWq77RSLr69B>Lm=6*tsXO5H4osFvF`nXdgir6g6W$l)FCW8S
zE$+ZyZEE}H`KyV<V?kS>Ws{JvN`tm2+JeuC88Q6RBWF<;KK23pP!b-559FWTcM<=j
zb2LMo7n7HTStaD-vOCjXgfFXMEymZyF)R|(W9Tf>UrLiWU47y5m7;LWA@nTl?Pw?@
z@t8|4PxCHH;oO&rzWJy?D(%iBP7^0#bh5k*WR6fWfX?5)ttV9ntU_Kk_L6N}t4LDL
z#8O+kGO^U%&!=)7`I!iQ>3>U!U&>HzpP{Y_jb8BjZ^eiGqM)-yPtIX>yA^YG#NNkZ
z`n${M@9RxQe@w#RhR%qEI`=sffnBfnIgI*@;HQxNq(BBJUFvN}mtawTm5lKMCWgdC
zg8K@>w0VSSe?u(Q{lwWMI+VhEIWIqwfl1J%7*VVXmIab#Bq95i5y5_C=q!^bO}(RD
zXTM&OFy4urmrYF8bMT5>IWL!3xE0#72A49t-r#L!BhT|0z~k*_5FQh5#t)_Y<TKLG
z%Y(N142chu^<-R9)-$n#tfz;kr`Fe~&c^~bgY~@ZP9;67rbkP9MjVxXiKM58=gnA2
z&m$p8&nv6?bAfwx30aJMxr4ri_Y9+5T*T<*t08*%cRX{-!zpNb^9g(poFiuW){GdH
ziSRT_=N+Lo5td(|k#_B<I{BaAkVw@D?QgYcj~AZkLG*cIc0FgoRKiQo;4TT?ErcC5
zEyF@aH10w>AZ0<WuFp9cuaCHDBCE*PE8vEvPr#k$@|9be$R$GFBEZF(1TM}!C~)~w
zR5A?#jwt()6mFjjFwdkdO@^|@lN4eaE~4t$av)3;QPp$h%@!RppGRuegXrBRd2?>%
z=E~e<8KVEkL^k8#IDDWP)&e1TC(WZ?eSd<53+y!nGXJVPM)Va~ozoYhS_DA#OUc`y
z%N5#O)vfOF6MZ(+^m8Pzpz~3z<Xo#h*><rjKgkn*V)6vRldNSIWVX_G_eh|><AM6#
zzY^dHy8?1IK%AbJ--%jC;yaZbREkJTi!*+ibmBQ^n%$X7N<#IOyHcE9oO`iq0QBD=
zKf53pyS}mX^z(Ba=;_&iRbC+~g&9ask%khzvlM1SeKyiPsL!rr_p9HZBzpS0lSEJd
z`y`{M(+hQadQ_Be1q#^x=6s}pJ;a7WUF6_rbQIpxP)Ovpp-?vo2zyVin2gs&d%p!a
z^_&^OZ~E4yXK}aYcLfk!hDAt%n&qt_Fbyy;J<Gs!(}M4`z48f!(4L}&lXq&XqU;+Y
z`nUX>{r|1#(*0Zi&HjJYS^v6nD1yYEy_-nvH1(0XZXD2tS$J|%9j%4f0=W)#JG6i=
zR&^4#kWZ^mZa{;>MIs}{qIxh_z~33{cZRx+{f;F5uaW7r?)Cy?x@smP*NgQ}xBfXB
zJ|p)t3=eU61P{ze*J8i`R07`ya3|lI3!fr<P7Q;~G-$?Dl9Bo3S%24!zbJgk6H&hk
ztXpA541lfZ@O&rZ33ru&{M5zZGv(jh-$x2M+20b;JC1WFs8hxXy4G+&Y2=C;^(a?k
z^=D^9){EW>3*5GU;5vqCI43IO<Tmeap6Er7%#E1h;90-ZR}s__@vkx|NEr#MYXAYC
z1M2<M<A~Aa&jJ044I3yC3X*cIU-*6Mn7V$P6x;w<*F6c4^AQvt9YGUOpF<VxsvGdq
z*uw{<OJ!L9h*J8BEV=fgclxu?f7)xJGKR*BZmqDgU#ef$lA&y*`I)gEwwsLg`tiQV
z^@v^sLWTlH8}-)fgyyujEzW_C0bIV|Y6EI4v6)J~hpbXVP35{p6k}M>dNKQKyXvt^
z!SyctLHGP(W#9q0<tim@$Y?Oh%uZ~PAj-qEZ_(;96(*hUn-I*Gr8aGFN7;q;e$-Ml
z7)znf|KI-X#l|3LP2OlIVyRSPLUhF1Qz2~-tP^u_H-vR~3h>;&^uC4Dx_*j3)vvbo
zW45#y7c}AZn=t+yTvz6Yt}7Mc>&ofd_3KKJ#nDg{X>EnK5EAK{*5WOsNH@4DVg^@5
zX->J#5Y2|;Q^XE$w>~_M4G({+S=;DZz%KUaJ9t%<Nw+@KjoU8XpE2F{{vMw04_jmU
z%X>B9m-d&f_cx98hd<S4V*C3_W$_VW`ip|US;Xbi2D@$6`g~i;aEeQh`<zQL^wj02
zb_6lLQVAtya@pI3s)HO$)n?IB5uai%PPqO2Z$CSy4vwP`Jr-)W7Ke}i5fo8^BJcr|
zxtW4;Iprhk#u9q_QSE;%^A!I81EF}^g6_9OUkNYTH;BUc4HU2pvp9;v6Tig=(!X)?
zKVk&4478@r7L^Ch;+O|5?oljkEav(}Yk&2>Hz2$&F|%k~6d{Vr7h$<K&uj@yW)c<5
zvj|ho#p(?8a})6J7(tIFjiifQ4)?F4lRhgtZQyw{9rulDAq(<AW{rANa3H5!Xzcq(
ze@;t`2$NUBR3a~~V+N_y<y1zW>2h@x(V@4!+k61>wl4FBX+`3iIqo_4%~&vFwzzKO
z+<Ei^x`{g_W}bE``EhMhW}}qU=Dtz%iD#+B_3pT{!iS6F+LxYo&*8YF)1r{?$657Y
z83mEsU$VZx4rLeuAD%cRUhj-+bNX^miAl$tLP3r0D}fI<<y!5FnEN!~x8POo-thNI
z4**NTp&_HWwO2xg21hR;ZYcb^ieqM~KvG72^<9vHQ{G;e3IC$(jY}xP@=-F|SZH>R
zS!i)jCUrR?0H-Yxmwj^`Nix;aUJOJeik3db)<ut>{szuwgVQ(5iuqPO7-lBXv8;d-
z^<V;HwYwS940A^nZaKpgW-ZIWs@@G0W59?{HR$*d<6+NLF8N_IdDxIU4}BhuQ6TFv
z2b}T@ZhU?I5G$u`A`!=Fb>I8_X`dH885xeHV?0YqJ}D|UP|i~{UqKyp`cZMsQ9Y2M
zXm1p%>L?`9H=@7I1mMA=BeJ&{&R`agvE=+ejtOPpOoS~wj-h9S@yDI=e#(a`rk@i1
z7fcAtJ&-l`A2g{mw)EpDV61<?iA8wv<)mQ_EJ^X0br8VdC$3tY#ho_dxprG%aT@CA
zDi51+1LlE(&FH~4WAE$O6i(j+*o+IjXD~Uv2&=edJa8Md9XAD#4-kFDR_%Hgnv2EM
z)st*mF}m}MM~85F#5!!io)oIz;`9)G@LU?)95zrADm0=8!Z$+n<-v9BkSL#_oQRJ=
z174D0HZsgccAyKg1>-t9?Rz}m;}0a4!;qIm=KzdAZ<geNHgaK?UGN=)B0@8ai;uY*
zzh!54*V=x1ByAZe$t<(vKVXvh!$7kvG2t>B#_Mo#4S>ZpRxXfBa)+^l_z|3%7}pXs
zVrQx!{jEQ<<iZu+NoZ!VErs*+q|CPzi%mVfct=p{%3{CW0b@|>zvxE}?1MjL$fR#I
zb6_vOb4QH7a<o6Bh(6#5Z%$>78GW(=)YgVUtx2ew%rh5`6h;@KAx`uS<S8UuB*ckA
z!FK?0fULiBVZ>P2Oewup^0%7|O(sFyi7$!1Yw-n{L0q?DU(O98C0z>v+y!;#r~Nsq
zphVQ<q8UO6J=B^{5gS|}Cmh`N(GhYbESJxqf1k1cBJ97Y@4pzi|03=Ge)pJ&$4kTV
zj%1s}5-np`TNiY3i&>()ydik_$$*D1S2K99IAu7>v&^D@pUKIe6XmIvj!BTO3=Zei
zWUhq*>H~qOeYZcS=dS_!@^L@RPU{iaiI5Mg@r!m)dV-*OKfFc#`ZKoU!#`m=Zu7Do
zU;gXp`whzL3`c)BlouW|>CSZO&8sNfw7Z-B`|(Yb7sHC*hZ4%(PU1B^oYa3;(39#%
zkEe1M^Y@_ut@x_;QsGDq`A?Og&&xF8$S`s?_Hf2bVQ(!Kq3Xj#eCHDwF&;38XF%9u
zxee2|OtSBU)uHN8hvDG9;`FJg92b^t$AqC2k;+>`QK`&OTD6#>*_*y+@6O3pmwrJI
zr{frOz_T~FhXWZ9<+Bm;h<UKwk62C!bK*`26};%JwF0C-+gi^)w#$K4{aCC+{9}bz
z+#&f)4SGn)J8fx7UIq-2Zg!Z=8r4^s8!-*81-YaQ?Zzm1iT7YzzA_$;*V%j++jKw#
zeMPz4EKdZGsiy#T)}S8_V20hl<X#**9E5(YwY)g}7_8`Vv?|+1?na0-$GB}N=mq+i
z6;{#Yc?CwF;yoCzy%C-t%!e%R_o$A69EZ6!V7$f~7XJy^It%l4h7&c$Dep#$Fbq|(
z=B+o`f1>biqbPjR>^(k?-y(XCm+LX-9vQ@O`q!<4(beis<Pz^gE^(iG0`;{0XM5U3
zVTxN+_b}23P=1t=xGmJ#owlhM3a}+6;8+Gi#|eavY=jPxP^}$c0Mn&9S@=p=p1`ME
z$9zr9Svi?673MTW2FG#_aml;%=vsAB>bddutmoYs5s|fA@;T3r74S%R^|RrWSfm+a
zYNfjPM)ZcoxLVqup%F}hGW6P8JmUk;=_wX6FvoG_q@5J;EZd>nYLR;{rTNiF^#_Ei
znR<q)@ObU5Le;NGbUX}s5nzC%^q*imMgN&NmogF^(<S?tk}&>D(Z457vVZO=f@`i&
zML}LMH9T`Kb7GQ-y_l?$62hP_Y>WEz#_wQ2tbruAIOP*gg*5>3?wQ~-eZp3Dw^MNL
z26BOE3P)ttM2=5!CU6dAN&;tZUOZHII*tq?YD|)Sz2^rfuTJnKvp)C$aWZ>JNm@sf
zt;PWHT3O8gAbA4V6s-Ln7%C1J#HGwVbZyu-bT2u^;_d_V=7t>D8+8YEhurL_+=Ho-
zHe#wIf3(+ULFUFl>xE!2gkk1ldW}ks)A0eEXmR>{z%;GyB`m4d$}BY0Ta<yoJ=cYK
z7?*RD^2a?N$C`#IkboTlh9Pk!Ug2jWv3N9_bB`~m4wg?U$ZU<YKbw7uWARM?+}K0E
zEFi0V0)7?C15Zl9dYApQXPed!?*7_PY5F$Nzc-%z7Z0oD2Zzwb+nm{&FP~LEy;k68
zPzXe2&h!JK|8P9Zg3+v|*HcUNu@NkT&|Lgk1~^ctI?kgAyH(Po;saG4NB*p39rK&9
zKDvy;NCVX2T<oh%WJm(TY<o!*r|((5d=$fIcfMEdPWI~J!SJNiqa9D`CJZSsjB@|D
z_*yCTc%eOOh5N?XbXHOE@49C<vhzwY3~rM6COoec1MkHZ7zA(F1ZCi9q%2idb|q9t
zFCudk_3(TBxIjD#y~FWrvrdc3t;}8t!N5szj}<Xnv^NXYU$h&s3l(l9FI2sbzo(Z4
z9b?L}gs0!dU%^In9djsRhW*TvVdC^=(bv04yIh(s0?chJOQgrOUU~$?-i?_-ME7#<
zHs7y!hg^~&PTwfXS&fpCn}%<gfuWRhgMqu+L#9a4L%I>QDYI~5M9nULkFl7!97d|A
zSl>>Y7!y*V_1%74L}>Se^ph~M+cwo{KjFzl-i}mrpJCn7^~efD3V_1&2M_xRH!wD1
zNED~O01s#?bqAezKGOW8AX3H!&Yvb8*?AfmrG2g65s%D9I#Kgzqx6W3C92wsX^&GL
zOXVVC&|jx5i2Qk#HZyejo(lzNaF4xt(v2pbLe}APdWT;=n#!qX-w7?ywu>&%H}6C&
z&|0+~e^OUYy{oE6Q$z8B81r35(eh5B5faM;)~*UK^$6z}L%sOUCpk9a*c@XY$AzPI
ziUzkqAWPDz1?7aMSyC>RVky49i;;h9r`or%3&(D0=l{fzPIQ1z%5{Q#f||Ux2c-@B
zfa8p782UBuQr~}vRglpcIW8l$KCXV$js2z@;^sB1(Lg@pY3$acKRr1Vbs=JQ6k$d5
zj=gOQS!U(LMdmimj?>>qtj2M*xEn)CDGW57|4V|IvXFs+Z>;0S3EXkPlJNUJqd9f>
z7Z!RkrleF7hTe##c%z=|Gn&@My!KICy+72U?`@wKjnZ`^vGnhIEnMIb&30_Nopo7=
zU4HvH>k|FTm4tnE>M|?TB?bjhCDx@F-Q_*l<qNFKkMu52^oA~<(7RklUB1k^+|%3W
z@(FynwU)X()jO)oWav_x0R1h}`+F7p8%_PWbCiVpSYOYE`a+zgzRCLfYjj^Vdo1jy
z`V7^F7kz6|$8Gcc25~@=sGz5IC|%n5x-OyZ5vma>>6mHkqfOE!GZhcIU}TRmKi8iN
z^q}A?WAlFIsj{GvJZ;PWz*86-JG#N0p$31$1}@||EZSIYjMi1VK^vu+v`p>VP#Uur
z{oe((tF*z|K+S<E%Q8YK%PxDRKi!Ak@}wHsG_7j;pZjy2twL*U7d@|M7*bz(lf|QZ
zz!MXnw<L618~0r3wl?J*yeUzhEGvr>_xE#A0$u%@cION1n%3JB#y4U6Xz26YQzi=P
z4t+Mg6x-+Btk0-8!oPl+^;ql1c(+mGdudB(eCywh?W<R(<2(Nq>&@-f#}_r<)uH}+
zzaQIQ?b*)ybFN|i**fbl*cj^X<R?adxe<Ln+-aX>8(E)C^HW3ixYLYK2)Cx7jtPap
z@Pdc463}>@dc=|~>Okso7u5B_I{Qv{39{)cN&e-uS<oMU2(Z5H;RJ;Ex;6F$PP>MD
z$Q90L<Zdxs^zDtFuS0D=fwl}X_hlLSfoZzaG2H&2n!vQ2Ptd0x&v;E1V_tZe&Weun
zu}XO3`ajgY3w#t+(kR}O3}gs_9w3kbK_?nDfdGkuW=zn8yt<($L_vv*4>T^~rvkzZ
z#08SzBtqMc@U6P*?z+mZkHuxz$Et{;m?4k^MC2h4d4oK97y^Mv2(Qeos?$BMB+A~q
z-~WH_{ua~I=bY+u>eQ)IRi{oBj;8nyeKgr2BN}r-A5oKyjY!f)G?3yv;D~O(5e*j5
z+;c!(e;14=Ib=Lo#j!7BJUg_S-`&-Pq8aSGql2-m5!qP25ZPFu-UoNEk=#Brkqh&e
zUT|_L=?dDAGD4<k?6r|o^lYm>paX-ha*7I4uYQWgr0P?2@H#fE1#6d*G^CGA71+oQ
z3L&%f@pWu$lb#8)uju3ZFl2nctE3;=tPO6)T%~ig!M%Q7AKY_ijaM^UV@+2(TX&n-
zZ2j<)Q5)8WVZ-XB4Xc|Fn6USMV%Z#@pOL8DU;g>^^ia3R$=cYWk0+|zRZi9u{MAp^
z)4V=ewcR?P!8;4tkZvmsnW;Z?V>9*9bX-p%mnrT6HB5c-AI1pA)vcu?CR6%P#$=wH
z-obo_;wO}thvjy(LYJM>akPK*RpRJg;p%a8zo6r2ac&1V8c@J+)Vm-AN59TxIC4)*
z<l6aP;rNO>;6L2pjz+iPCw+8FQ?82tc!ypsMV}tZD0<>xeO$%CagEMr<GLe1K+eMl
zvr&EabOiqi<EJ6>wLdeGo-a2C)@SBb&Xt&b^>by<*5@iWtAn|kmdD04B`;*I`e(6G
z9eOG;;ykK^yoS%AAJ<wd-jvzdE`29jb<^-{z(gsg@TgsUAckXkAW3b(gaBk^*lxtQ
ziSwbK1C#Is*Xp~4Vz8Z17j_Bc8^Q{rtNyZG#-mz1B}LPJ=DZ|<uL41Y!%tBH31ynm
zo;lx)U$yX6m{~YS9u6&y*b-e|T`SRW6~$NIYS7FUba;Z|>)%F04_#SFoMQ<^2Ew?H
znGc(p4=mmf6)ELRo0w83dfKA2Jg=H3s*nO>`AalBtkjM?u0ylO!keLY>Y&fa#_X+%
z*5a*+%7dJkazI#lSvyq`5f!JS(TTbZfs3v-0|mv|%wZm)KngMd`mMwldL=`X#E<r3
zZn~;}8Yo!qKRMDzR^X@B=E|v`*sJ}Ng-nZ)x8zfh)~olRa&BQt`E5%RIL&#~h!g~J
zd?KEMz`K8l^0)A44n<iNnk{lF%cHvU)lZTI15~$`(FQADeODMV)7Pu3-j5-xI#AWp
zYr8RRHQOxVAx(Y#j1eDj>Jx7oIku#;0kL;t%1l8?6Eg2pougQek%Uk2SlBt7g)ihN
zFRklB%*<<*38o9H$IWm&k$zUmGhP1tiRsg3r8jij%vU`OYGC>vQb$f<$SE}!^n)tU
ze^*_>DP*CeD3)LKdskRQJCl~k2*#qmldVwzU-beNhf+ZTWeC3tD)^J39TnV!ftwRP
zP2jxe0B(Nz5p8}z@j%_@*KMJFQQPb>bVksXI{lz2Kiv<@B{kIknfajEF(6OQ6kN4N
z%pgbo_hLFA7SB(4n#0sA0s0bbwS1L}4v6<h(AOAuTw36q?m7%#XWKFdw33Y&@GUS5
zptge)=M>ZB0kyqD)Ry-No-?g0kmr4h8cumn-MwPBn)vZ<KaeMN3{R9#i}DV2?VnM*
zIV-r0Ljpu6$SFv4W86l9DHv2FydXL-H{t7_u<VRha$aFmJM|L74xr#Nq9Dg#pJ$tw
zl*(7{N1U#Q;`BznXZ&LH;r2f1N9_A49Q0hI^UpA%xTrV*W4|_uDL>)4mmiP#AN?0}
z-*6nOvE)G6CX3g3DT0b#t@SQOLSYPR2Xx<i_a!!$+TGTzuao7WB>a>w>&H}1z3B+5
z&!f`tc>p}CuN{W}ybS;G^#<j$r!NkaPm`}}SQ<qQ?A+Jc0blOpi6QauuOr_8+a<?f
zAW&bQ(DNj;uU!hUuif!F+Sf$oT2xGXuuB9v4|{Kb*IKx#Q2)M&^Wm@b1d0+MLwVdp
zr#Llqps<EHA>h6jd8p%IXT)m+*H%t)$3+RN?`8k%BHGRXQ`;mM)&QAp!Zg=-Y$m1D
z3Z6^R(DDa+^?GeLk${@|0Iht>wwbJKwdNzuNx>aA34?(nO~9%Yhdjvfy^IYk^k;ou
z11(U;7{Rs9DA;`b!XyK;!Bu`lG|Y(LX_F{-72O5!XPQYc_(b_3vzT(ukwk=j0?$^3
z57Fkh%hwC5<?y|_Vx9c-#`H#HttQdXD9Oo`22+xKECaR8@3<AC#K3R474=cxY~p)$
z2aaYI<gsQ<J5---)+dS%s%@>#-T1?9yX>$*+X#Pk-pm645+X1pKHn=w)GtY+yMn78
z59*w|7_k)nF#-0KVbD*LW}Y!-!@qUx$VC+~=uf+Y=sz3;vUD8+iZmSDP2$1hZ)ny`
z^~xU-ICbhj*;#YV8;lfJKE}?Ptyz2hkxra(z(;v<;6Ya&3Io_6eBK&hP7Qoj8coM`
z7W=V-13}jXpq&O}SQsr{_##L<+ktjY2!;lrofAMAjRDGd_k#qsZ1TBfM#_-o=m`Q-
zt71pj5V^q@gDDDJ2ctD+6Q4w}A@&L>7X&%AyYL#&PIr?M1^+eUlG+Qir^h433{fC+
z@n)EdUX(n{f|*Eg-VWn~-PYzv4)GVj3_n1KFmW-|0H=u6JMTQirs;35B``rwko!yW
zBPKm@983|+RxNSGa0g15rnCEDn)V*p9p=zM{>GT{ZvkFpc<~-XghyXSFi(~Haf|5x
zPWVd4wKl%<M@5(4?-(z5PIQ5f-y^u=YejdFsvW*Q(1mVxX@Rhdy5X8%#~ce$)R>Q+
zap*U)3t-!UUys84^cC-UzaSMAgVY-B?#J82Ehm8oKL!&Taep87SUSQ*eC2b5VC@X}
zqRNr?;5rqs=byR5?k-owl>P1Ef3Q%$X^3x@#L66vt3>k$6<u{IIYnJW_Oe||bBSq=
zld&%Q9!TS_7$^}Te5=h;@%IStoe2NzAil4S4UY)pezVdLNF{BErSzVB)wS%_tZx9#
z7ca;YO&Ez7831n9evVxPQpTH<S!T&?{BPiyuM%y`2YjjF<Fy-h0wFodB=<xWh8zVW
z%~Kw3&66JnCbUzcbmSFH<J=>@C~^;^qgK1^n<978=XTzH&<+z~+vr#guk7+hJ1_mH
zr4J6mAFZU?3YFA5@@$Rs{#4P61Zvx5r|Ns2(aSh@R;=Cj1GI(J`<>mk!;y;6c>50k
z3dWZUZ3~nUwmjQ8{zV?wd|w9RlJkgYfClw^bt~-JnR8nC7jMU%`UFcBXX+T=A=IoV
zY?LP?H3_(@_}61zHRLmnq=U$8S_Rt~{-u!yb_#dUcl(qj@J-CmShW_H7jPAKT=rOZ
zd^T@3eg~7kQ<1(i%hFC*vNf3Qua$S7C#lDnPd9I&W|2FNq8E>I4;05J19y&596L>8
zl(+*$%De-3AouYYck1VY=U5bAnGi18ega8;74}n=c>4*wH)Pw#S2<9*u>AxI6=3fq
zp(`8k9iPeYb(Vh-V>MR{V)(k^JmS5peY__4V7g>GCh*b;!S<~q6`mztI)<@^NPkk|
z)0Na)Z728_F?(u7g5at%!bhFQ1w*rt`9PA&&_7y%L66Rq4w(5DkD?IuBm4)Gu4N!!
zYC<hERd9LQ5W%2eS`lx+9S9Qw!{1K8-*?J{oo0E$cOY1Sv|Mb;M=>Apc#sCqzjTq1
z7zYF$PXz57CKxtJwoQE1D-6(qvF;I*h>VTrl?ev`)_Deie`z&wkXk$+g;~eEWbm}5
zRd5f?mXr|(B;~OKCZNW5MbD9_aqiT9cH3bf!_$Ji$!<I6_@mwSy<Ogpm`-mA-A|R&
z+W<$l?ei8?^kK+3=RD#4wO`A3I>sHJ2u(%az6JBOq#zjHemE4r2*P$^-nA9IbmX28
z4K1(@IJ@WB@(`mp5LetqyRRHqk0=FxD%G3v<h*)wSp4}A`o^Tz51AyqraseD<c@!B
zoICDA(eq=}827+WX?w8kDRO6h2>rQem+L^0M4E4M+z#*Uz%+U361o<&ThD2QN>W;$
z?dZJ6aXr@=aU)XghB~`#lXC)K&>}*6-VXaAysCGk!cS2?U}xZ9J*O40_WX-@vXAST
z!GQG)4R-L=ZahnyX3qRCGw)tNylz5LtE8k$$`dd{N$(eFDywLN=}uiH$?E~VUb}ow
zvaNFrg|~vdPvoW3AX+UcRN|5gmH1)#wk`aN|B7PYTW6GPjm{%>!#O*2qxw(q+U}0K
z7UW#$_eQ(zjN?{#2A~J@06&581H54XFB#y?yAj8auzWavRRqHBt&A}vuV~826ky_V
zqL2dOGVIVN<pJO)y!{*8J!~Ecw3{Z!5Gb(Ay8t)!>060jlsI#~64x)!wtn6dNDym)
zAT~QeYd<U54m<A~3*7|X2Xk}CZu`lRX2&i|m$0!;kI+~#n)7TP{>76Vj+X)1={$mg
z^liKN>g`B(1?HU0(STqK&7f^{yR;1ew=#I{6(z}Ay|2&&NZJI5H~}xg1i0B&Z~)lZ
zB1zr?c-sIIAlf{RWOyqDCZHgQ|9O*jd^IAz5cf{|I5r?1??c!#;hpe-_%6`!eJ5*g
zM|`7b1Na_7mQkSE%pCLlYxQwZHcK`Pkg^5&talUi7Fa_D5C?iiwZhysWAY4J9kq7c
zN>sBSI(<Ie{|F`n{>692?@z)B0o~J9hu??B2c3fGHX_}i0~1cj5cYg2y+*g^DI>Zf
zj6B<>dAG6lu+W^UXsEH<b~$fQMw_wg*95z62zDLh)(yUX!J?>OQ50Tm977iyM~8BN
z;QiuOP2P+Zl;4;@3V=Q3cofU-5z7A!-$=GvM+vD83UG@OnBn+8Ae*qeN7y8wPu_l3
zkiUV|?bt5Ds*u}&;+oU<X!ds{wSS(H)j!X6W!@?rUoDJpKkV=CPSN<^!2TkwrCoyU
z8<2$&KlTIZdvyMn+CN_z0nN|NOVyk2ae76=4|dxYCx8~rd6{F(Y%lY5TVgltKqKc=
zQ9c9QQnf30!@p;m#<~aot4L#O@ChK$kD%YJb{T4a=lGWT?Y9RxS|~qD2Yz-7^0Vb3
z{LJ?|)_*|49e@NNjQyevTg^7d&Ds!HJic6I;4KKl=9`zKH*d!N!>&>1?3Jh7W6saK
z8)TEQEMAXbYnn9_WPhB|CZbagXS50E6o#6kJliUlfuJd3)I5v#PS`~Q_nd?AD76d6
zj-*|bhqxTQ65SImQsx98jjHMNvoQH{3&&#8fd0GLH&PpqoPf5GgQ7gglp{|hYsqHG
zT})1?B3+=b*WlbtNvj%!F9O=s`NNXD*{)2qh{_zR#Pl)|Fi!%Lq@f>Vl}{OS*as`_
zU%>L3flGe`0-^-c9c+O6?DBq?igS1qd`Ye{;`&@AE78_A&w=<`3-~+c^x6#@McYZ|
zBLJa4talJkPTA$}C6rL$C$#oa_`htx|A<6rf4!}Ze-Vw1I*g;vqjtmhqHV8pevUFH
znTDA;$2@;}WV}i?6>2_4bz$e}n}w7%p}M6UuY?-~{~AfI3$0%OtFNFbPbpIK<eo@_
zf`5bHx@eel1Se8O0UGe?T}BztVSP+YMz{1Eb$hhokZAKd%0%}Z6{a6GiyWn*HAk)h
znen_`d0YkDHi_=kPoy9oMGcR3`4Hl8btn$khmQyF5exW;1AM+-(OYzRjJPd(eGB#b
z<n9pz0|?zB*^VO1-3Mz05W1e|c|;tvk41cLzQV+9gz+unbBk#Efv^4?Ugu;^)aC8J
zUtu)bPS%d3SIVc+MAn!Pm1hl686FF;DF5gijn2cEzB-R3N<hax+&(i<Wn8Xlh(pkQ
zjkH7lC0qc4%V*%98%MSPtQxcdoIe!MMM+zC$JdK)J9&tup<eYwSNx1B%KPXtSfqcV
zgjqjqf^xS>1maI=MRSix#|{^SlrymZb%l)|7y_uP7e&~@Zo<EEbAbPM&rt^3yz}BK
zQbgo#uo;7b<2)|fwmK5%deHk}`j~CEW0Hv1A!>lJJp%vkZ<6F6q?AKI6TD>e03DpL
z%ZDY~6~{LGD_;ofZ=M43<bWL8{&`=ZJnEqj3O29vnD1>|FQRQ7@A?~s9I~73@~?p*
zJP4xp-L0a0FHqn!fQDzAMBqQzHE$bA@v<)rneDZ3HgWD$kK}$T$?WSF?vKv&?OFK(
zXy&AoPh8LUvU7rVwTa!{W6thmr$bd;lD+EnQC!dkZlzkgFoE-ZB)Lmr>K}l5=>Jan
zt=Fo8>yo8>zDRlHU9~FRAh{TB1=<3ljWLOzxD^&$e3DoXRoU!f&U!NsZ_&^+PBYE)
zO3(ub278y@f)~8phLBFV)M3ym@3Z8S9G2fCV06_S9J?-Lmaa{Ahx+EQ{OqCn|FEuM
z`oHA<tda=28PCCbb;Z4HKMUc8M{)ANB%d|Xet}N@c;^T+0pUdlyK<*pnPReoK+VGL
zbQQH5<dS?;O1Xk|H9Q|tieYK)6jHteW^<QdI}JPbPlEiNWNUNW2!HLGJdv-M@{|OW
zhT<#6izp3&b}8DLoW}&)PDhU5E&)(8S_LHoQ%lOl@Nb4W;;2I=>!PeSRa1fu?>yQX
z_4Sq^$?*TlKnYV3dn_uux)$nsuk*K4?IZ1lbkpj4JUP|Xdv_{m_TLIyt{{uSGeyC6
zj(_PW$2`u=zW!nOLq=e0<lXB?(@Z6`9VB?ooaPnW4$c6=)NDbC{|4y(8%)4cTcqUG
z!e=*#DO>Gwt(XGxN8A9rZ5wcf^&)bGEsjL|D{otpuiToi+>sCLIlkhWP=;{KZd>E%
zCc(<bis#0-M`+(XMQR^>MUdm+pHypt?>3w9i6Pe5EY#;UGt?r!@OG*CN)_O1IEG?r
zS!;0K3(Evn>t);*#UcQ0psm0-J9KDD);F+7Y5^dOY(g!3VZt}s7i!@PwfYwvvFdFA
z-4~7aIfarUfiN%?Wk*&$V3WqIb!PshS|mgHv_0jx=q{j10bbUXO$u=1r<ojj0?2k7
z3~ieUlRBi-k0Ej05B%;79!1*f97Ex+DA!C0m(PRr_)r)<O19Gu3BYfIEf1zEt67i%
zQ?k?y_#2IDx)~OFl%U<D!*TV5O;w%bqBO2{yc2y&$OMMQFV08VGg<=r(G072)C4mk
z$w~0<sal}b2WrX0N*Aa@V*K`SC2*bT=S->UDkuejy55p921uyZo&pfRky5sS;EA^w
zfP|Xt@=g#Y9k=3Nd2NI}Ur9~MSB9f`Z6Lq+x5NR~8kx!GCnqS0-|<!Rw0(@JaF3YK
zpxtCo`DvUx^?HzyVDtA%a<kpG-7y@mXvo{c_LKP>Y+<(V=3UD#_A-WUL@^z;xWi}x
zYT~Q5&<D^hVGJO49I*KqNluXDaVGB|L#N-i+HHGbc&Z)0y$**5-(DBN&lEdMab_My
zGeUpZ3JZQ;)W0v$_p3dOnsG3|wmfJ{wrzIY0)OrD=16=2y<D4T`(fS`ezAZSG@==_
zyVT%#97#=1i5AXScRcnG=x?)KJ|n^E914H!@|p;EvH41Wgx9ZP6s~0ymtb!P`pZPc
zGKJw~0_gss$hn==P7G3mGzco30CPZ$zi$w3KZ0@})S1ZY#0YYsiS*YZb0-2;`}>#V
zD2-AMDh4B?7?U&M4Q2^w*}_*P!n>8I8Q{$<lW$17{bQYl-HfDjiF&=+2?M(mXN`~r
zz896JF`%QB2?2^hP(;cslj0NPO+rc?tiWM{Z9lv2$=i1dwiAw<1^JY&|J|9VfO1@q
z)LTR3RcB;M_73Ndbi6~6HI;{x+3uCkiGe%Onh;oBQ+~hbIcdZw6>^(zK=^q48_{Hs
z*SE`W#p{SUOzJMMpi`BIQS`!hMO?uf)O#y{!PQc{b-HW;yIHb!!h)HSOK4}JNTc2j
z7!xWezbTJ**we5rR&b9PF4ztLI&eDzZf85?u)<$aR)1lCmE1Er-e1Ev_9h&KqAo5^
zpo4-1q4I3lP++5Fo2(H=p*{@ty%)(bIy|jqNA~k#(2@A6F8cYzB|OeWVwX}5(jlC!
ziFcv>I^YSwOG9qJOwf3_EZrm7&hXFuL=x{$81j-Y+z6UuBFLu_U#LokLlQq)B`=ka
zxR8|2aj%d=3}y)*TW>thNVd&@kpt&r#<_ENG>G>Qe!JT*DL3FDh?H_zsNP!MUAs%T
z=C|lxa0KHn99N&7Pbr?qxQ*v@zAoqD@&0K%9rX<s>x~qlP(;rr_MwoE{2oA!b!UN`
zgyEpW<dXb!e`Fu|>JrqKrm&mZUmhLFsSmE*-C_Rc>aEV<cynkl-V(b{aQD5D(A-Ap
zj+)iNr_3CA4xDFa?}gZP5Hik?wog^!FYjX)fhl-d%Wr#X`H@(Ie$XIYdya+YaDQ<v
z-&W~3lQJ>Rwxzr;e2BuRsi)5M#0dHRY`^bOij?o{hxcszSFeBe9-)2>&T{(t^cG*b
zP&&hJ+fhDHbd{Sq=WUd7qaj95+>vmpC+ABP+{J#|nfZNz7&n-x##s~9kWIcn`s?Id
z#L@zjTQKCvMWCVdZ1G?f4+A1wboa*yeG>^Ew$vE^WE15l#r$4N|1NTBZY_F|b=hc&
z%<pCFD8E<VivkxGKfDl8#?>y-;!$bUPF-Nt+!RAItSWH(7Eg>L0gpazZ}CJqN40p2
z4imp(=Ai6Fvj$<_^$w$n&+XGK5O_+NX_04Hps}MC+6{zu0|5wLY0{iNdvYvN%j|sJ
zAGSCow(({F#bN~24b=0kbddk6Pd65s@{!-L$drFzm9_o1z`QKR(FbOF*s>_+h-F4c
z48Nji(4ujJx)lafcp1X7cX>bS-HlU<Eb=(ZvM9$!s6TMgxPi-z&UL;Gyrstz?@>I+
zN8h7(kfra1#e-}qG{-o4OsOv%h-tAXuWd-sX6-}XuD!d3`u|dF>nP_S%r`ayQ;j_+
zXkl}m4gtdplfR<v7XJC)A)Tx!99Y-Yw5Y&<!CWyG_QpUN5WPik7Z~cgnzh)6v+`gc
z!@ySl8dymfr1~wYUBw^`s_SaeAnD(9yr@ScWD89E9R?!Ylp{CfR5n!RE#d^vsjyIk
zXJ)_YJ4CB{Cn(pdc#-EQCGAD{pclg_2Fr%FE2CN5i7ryTF7oV(^I0roIYzE3f7Ki_
zOk#{9mZp+VukqcW#p|tTH33EnEg>NTwLrN38u^UtP?TWsY&qpR7KH(Iu|W|uh>*8%
zy?_omf^8D&K=cG;L=_K2l?_By2t;MdA*vcXs9SC@WT`0-fUU!T>)v8B2Hpoc8;f-I
zc@7cUSR}NMe4lCb^mFk5l>&=0&LS6D<RZ-MJ5VFkMFj(KVl^^fR4^zazV3VPQar%F
zzDw}{-+GtD103IC3Xcc4^_&nMudRTwkWS^d1t%>eWL+X9Dl~UN@NPN=E-bX_xeMSo
z1}n^l-^JSR5=yF2UpRvV0r#9Tcvr^vT8PMiKTFu3rR>j#1b$%+$7#H8VFN4J%nA+$
z3shFn#0ofrR^aa8YsFzMHc{7E5YqaE7DJ#RrdoxD$?Q)C`y;SFCG5{s_NR>fS;RoR
z7Wl-3B>wAbXv0$XKa4?_1PgEO()8m<sGWTSJnm+XmOupfN4v2gBNhzpKtZwH80&-}
z4PcO72}1I)=GVjHKO!Lw*B~Y1ok*5x^(nkM83Jic5Ylghkmg51x@=;QGSJgGI&xrL
zf<T@K4s3iRkWCs8beAqR27qWisd*>><gQ>(21f!}ssSm%NE%%tdoni&q+hTnTqKa0
z8jz^~WJcFWAh!j9G#(BB*?BkuNS+3yOuHZ-6FH(&4+h}W91e_Vc_f@Z1m{JHGXS8F
z$V~xI{TZmYf}j?&_KEN~Hxkr=7zXM!1_~ESw*aU<3{*)F)Yli%sC|9*&BJo0JsSY?
zfd*z71A_}KHnK;(f?(brK0@!&680GE(OeDGN(KrSYxe*s3j<a6KmgQV9=esa|02&h
z^AX1r)2D%!kQ_w02CacX!-XCf*|D-9G$(_G9eYFvtb;OZpms4($SisUK=oyyh6X_m
zKBS@g3+I$!_dW8I^ViU^8w1dO=*pm}3>q?;o{=3pFew1-#bE)Al?{u)*gG1iRt5^0
z6(0cAPh0;%Q1|HVznC&?ykn-b6l8|tn*z|LY0!|v0W{=rW=^}4jI!4k)zQFTmLvVP
ztTCXWZ>{J#Vzfv9TCa0lZJE)ZL!~;0a)?v9dG$GHhYhX^X+WNFZE8KMo~BpFcs=8_
z>epgwF3)kOKA+vYJf*(Is%PiOg;X29DyTPT^{o;0sc;HwQ5@2uL_Jg0X^Rqd1Zy!l
zq{USA>&{zDRijvo86hpoRJYdRhW0JW)XmeO1>*#PMl5)Udau^*rpR_$`KzqylJKUu
zh}8j|H>L7lv8GGIo8rP%54bvQO6AwFrXPkk#f7TA-FZ_gKQfJ))`U03RjEGFc~dHX
zk2T#K-V|4%I;``iR6dP0Js92;mz>)CT&GQ`{8rYqDZD8zF?D6<O{u)~X=;k=Fr+E2
zCv|@3O{x4V*3_&u72ug9jnLQyN65-mMc)c5IIb0_kp(BTf?bgXjaorNWI>Zwurjis
zSu0o;S<s>tycSt-K`U4kS#Vji)|G|5jf!S(r-r>XX>Uuy-uBeq3Sn>KwYT9B9|mY|
zlf&LxwYOpM6RK~*w+q&yR2Le9PIEl3=Wy4r%f6NKE^P7pgRckB>svVQ7ahND40{~_
za?SY;Ym4VQtUagW*Y9);WJlQR{`5MX^TxJ@zV1V>hj89IT05*gE$p?0UZ=q)JFfjh
z*z3OZdMM{LU+A!QUfAn?^m-WQoqK_z6}-BbB3S&(5E{YaeHPu~SyuL0SlP#{>_Jxc
zWmuUO6(fh0dBV!RVr4h7vbwOcHLR=~EBhv_te%xMzC>l4!^$?YvMsD^dsx{PR`w|?
z+Z|T6gO&Y(l^qBx+r!G{v$7*$Wd~W=Bdp9DR(6z?<+HL=VPz*+Sqdv_4l6s&%6hP}
z*08dlSlJmjm0bxdy8yq!<3^0Rq$i4ac0zy7n|UcRu*B#<g%YfAYr6_}1S;H)6^68{
za7&;<Kdf*=y9$E?70!)^3fHu&aDAY{_gJA%y9xsW6+Xra-P={@9jNeItPtI<LTsSI
zGg#r$#mEZ&i+Y7(tkBf1!cTz;!?D8Ab``vV3O%vH?sgUS2P!n)0~Nk&S7BSA!bYsH
zwq1pWK!xR4;q!JCz6w-$0V}*uVI45Cqx(zR(Yz=L1m56QMyXW;Z*ULuz8?ApH!trC
zp>J^4^34tW#J$S*RNyD>P`(EPKXG636$O6cZsfa5`#CSE3<IcY&r^Lj2cAoO*94vg
zA5YJseA?GVd;3_DCGtF}z6k^L7!#v8yjXPFyFu@AaL9s&1a&{`KY})Xb&K|c#E-Sw
z4-#WO(|(XR^mpwCiB*5revo*!MEgNvo=f{d;^J)j0mD?E(w?TOk7`dPYKitFs72aS
zhMK26C98L6PZl)|pOjT(u)yOWGT$hxX6V1!+2^Vf_S?}#^*@#Xs=_K9s^osl%8IiC
z#Rst%w1s4Vi#SXBHNbbRq7dqs{L@8(jG~|*6%jA$9fG`^2^-7FuH#y@E6}ikHAJ~D
zqTy52aIQsimu6tpPzpH)e_x?KoL5ic7+rIxa*k^RCAUOS#?FX<Fj(t#@0h)Q>~(C+
zUW#${XxF`dcIj)^utZLcek>srIaPQ;Ks{BO5P~6K{CIU>H{~j;S9<|~C6V_NL2+mc
z^DlxgE&EdxUS7j;=jnDA6JIFRFD8cD+sKTse7z`u{zpnfdk8Oz!+HlV?qV;3Gd2ug
zxL4s!sxz-ex}eEbXO~{}%=sQoxZ1g@fvS@7G0v`}tU`LnyJ9y+_^+H-U;ASe$FeuK
zIZta10+Gh&G9a%pAWIn#XGx%Z5|yu7L~Z;m;+Le9mPrb!xao~zeI14Ns;|Q^{dmX2
zNY16&dav)wmOXvm@fcpv22`nPG{E&8S|a$@QQ%|SX~%;(m077=StDMHMsZWJop&4*
zs#`jZ##Di>nCcjNfA&?a2flx3!+|02)#&`<%|g4ll3NC7T+$wm&pwjy3nV@95yZh<
zfe`RJhJXx7c{01B(RcCn38hCEAB;_8V>=@%d5wX={rIzkTZe;tT4ICiq7Uu^=wb$R
zu{ffOpG>AMCQ}z*W?i&E7p)z2v8&JgAL`$?V_E;YhW5{bNrEE!7e5)7N+xvCgqK)L
z#rm}r550aJ>y#rYM)Oan%o*rQ-<>iW+WbzRFWp|<*m?epodO19rtBG`#$r(L)4sLZ
z_2e$<pB_%&BC~J<Gg)icOZTI~tm#_*I}=L?gvs=N-ku(AOMj8x=(hA_><_NW(DQ<D
zeuL>vaiyiuxu|1+sB{&TB1;7Bc0I%*d2PnO%B-|sZt<?x;tguC>O+0;zD0!b)>8Vj
zd|4;!H^$d@N+^A3>r?pOTc3Xy8HvOM)+aEvrHrYqY`+?P4-)@dMEvjC&R1>igTJ(D
z|MH-o<>#7C7EJ}Kfq2A#YRcG1JU;YbJK|}VpFqaY4xix(hLHJLG1?ZZ6ewus%jpCI
z{w|)3aZdTC8t~mxR`z=wI=tJA?`E)iZ<ernyQc7$zQOmevAS=5$OYbSo5Ii95)J>^
z8qL>jS;Y71CnyV-;KzrslM;_=q+8f^@q$dfDybC~)YBFvA6Bn8qv1uEKl4H=Qx?+*
zT%MDH%pPqG4nr*z({^WDh+}ZX0DVuU>eOd=U8cV-W3Lyn*VrS62VUbt$Mmno^F|k?
zWL&@sodQY9-%2#sB9l;B@)Nwq4+fk_b|Jp`=jT(DM#>|LRg1l-T9Q9=;sJ`{dgm0r
zLQ0x3g?D(S@H<uX8%ZahiA~}2*PO?H*=RRh5fk^3o6{J@sPZdJ{`Ia4-S~y?qe<J{
zch1_8oKPC~f?(L<KZIdM1f|S`aYl0Z6~-iggR2$lK1X$X%%Zx+1%jc$e^6xJLNnlB
zfr=r%`w7)sSw<7}xfztJqG~t%aOeA{B&ss7)H8fF#uW5c(cB2oP&5nZZaz*GN{fwx
zZHvH<-V*%o>=(V=@WT}UB*XhS1(>0a;)^svDN@B!+#JzUe6$Dpz*k`mL*I+cKN_o0
z*Z3;RxHgkr2@Q#7J3Wuk*yYh@QsLLmn(7*77T$Vw)l-OjimXAkCVMN|+TADpf(~9V
z&<@5Ee(8QQ1$MOveju&XBuROPW?QKao8(&Fg{qC{&e{t_bOvd$sCPdQO_#&<D8iIr
zWN!*cnFdw(JQxA^5Jdp~l*vuin>7-#3i1zv@@F#f$(v!B#9)8`&*?ZZy`F*subIM6
zs|gPZOlO96C23>&dh!&e@XeFGuU*lD?v|Fc!Y61cC~jH-DIURd0fz7c|2$eWgavs?
z$;?RTCYcXY9r$uOz>gIz_tQ!cKdDKCo(|!D!@K6wYvV4umd>&^!1kG@_WBj7AJr-`
z_fKcgDL>|$*v}{ys!me_$UC9_H5ue_^jn3`wZq<5Oh9$h`L6P5Ybe$(i=LB!wY42%
zt%0*ES^F`Z@=v%B<8KDqfF<ZygAtLN^3g|(Eql<I*cxR{*z$y=$?$tZQgL$*|K%yk
za8yV<2gCGAwpPAsJKj)`zhxnQ#*qUah51RRFh6WneS{iB>eFmhy^Vea?gIamyu_v)
zyvGB?CVRCAJ@o16_-Tc{Ivu|1TtxB*^t5l;G@|r17~E$je%SCmCSt${&MYmmHuskW
z<<&)ue2D|6Y^MAbwq3JlOYToi#BTP9o})(8j?*Of+es)Xgs%_DaDq8vsgKTzrWm$q
z7_lAijArLyAYc|8LH+3&C`GF1;ER-P#8x}=V_aI$v0UJqud;RJCT@-X(>n!^KN@c|
zrL@iNDY(DFa`n`6(VVaMEKs<OYk)%_Bd3)JFo3XM4JE*iU|_jApt?N_YEe2C5LC^&
z`zm!8ogM1|hLK!B84N5}Z+jkK^qtj5@EkG%;{<j@V5m{)q?3~J6;pCPB_&5bXHU5z
zdagu^@?Lw&$=S2vGc{PA(uDj20~5Rcf;1NNG=!-~7sEsRb0)mpYdb2*heW>c+cECc
z6w3UBE{0y<kg9-N1({KF7sL0SMA0=4nAPX37ax%&<w=Z$ZsJ{+iBk<cKvywN;}7{j
zsQ%?wEpF7m>P>i&@U$TR8Jm0YLcth!{83FwOK(x{|1b0&G#-P2ucYq)c<&o1qt%RY
zXQ`s+NHktLISf2d9SU_ZPQ#sc`D8@AiWtl!BG$*~U;pEa?CU_n)PsF^9Yj(-)U-hQ
z3{&-HOwa}@zeg4WEx84<S9t+rVk{;Kz4;biBGz$xX#y&tRjvG)Bs+Pxkg|a;-5{~-
zpou1{%b<lY(K)m3lH4Oa7^eF+yL=w+pa%QTI!+z79dPiXau?GVw~a@AQIbEU54fsP
zSUA}}5V+tT`2_61lDo@8%TuAl4<x01PCgCtfiHf**jb2WG!krk4ucPm%KvgCryl#`
zZhs*EaEN@8%p?Z7K+-J2GF66QAS!gKb`+ph<c%BpaOrzQS4FX5jurl-8Rqn7ZlxFo
zZizV>;{jD>aQv&aJ~E?R8P<oZ+Cy6)UwsD&F=$QNF%%s*U#EjOkX3;jYNu48+6g;s
zBNc@mZsA{(f&FE+rc7k3T41NYUf&0WTNBEoI1XjH0JM$q?2^&x-pXQbi|&dHyD~jP
zR36Tz5dE537LxccKHPu0PO_bI+?!iDZzRW+HH}f?nl**Z@gpYu>k*ppFI-Qn4J7yb
z-KdU|`@NOERakHZr-A?N8koqbg#xGg?lx13jbtQLN`L};+Vo^vrXRBbz!p6nUOsH?
zWB`5s<Ne=}bv6B8Rsj7U(!T#e3YpfEL>izFM}A05uD_-B(Fo&dBq8_Eg{MbyRW%}?
z-^gCS+aD=Q1@cc0KZ6sLSr+sWP7svxWJ<tsMoq!sZ}bu8pD?jeh8_V2z7Kt^s&P~W
zd$hL)^~gI7WyD*3>6BgUw3-h+@@3-Cm9u-u8t0<FwZ4J)W488#XBXXYyHkJ5>$cKX
zOElT#4h~4{;C=#a{T9JhVd5Ocl%NdL$V<xO$ta;_0Ncs{IVLFeVdS1;*P+zc+D>k9
zQvk-}YTfu_eoPq_lfK7$3$2U^dfqQLUHO!fV$?(TvRq>rSzaBH5>4qKVUo-go$fhe
z!IV0%+1EQHf6pWf+7qW>M!{jkVh^kJtCJ{0*<nl$m(nP>uJ|20L>s75r$l}<?8bAG
zF{)c-Tr|h8K!ks8JfCHlQv%90G#64%%w8rLfUhu!Y8eCP{K)s;n6OAtVgwfQ^P<1l
z0<Ep^7Ldc-^;`!pQ_`xLsybspG<9Qws5}HR;oJ-shy4B*_WD_v(lrK$MNr0L(2zAk
zy@y5QXZLGO>3anCvw>LacTi-{P@jM1rGkjGsy7#K^r7E>Y|!p{23k7m1lOpxnJkEU
zPOH1vFW(L8Xr;D}a$2ivD&E3=#i;*n>(BXquScY#P@&i6vm|yaEV}=4OM$_Jj-Pd~
zbh-k07bN3{(e1a+jBmW%Nu=sH-zm`7rLV1s(xasb6h%GAPer*aW%bG7D+)|veSw9|
zZnUJ7nm_@pywHZUVXC+zLSN*kL(gWfpTa-Z05alwzo(i1ay<qTv%8Zv@+;yn%~|CI
z|GXU-k9{3H@l~;?+sNlIL>RlKY6+DOydc+RL9HXSdk;*i%#7lzF`PzAE)1O)+__d?
zzYzM%MGQEBBw(AsSe9d<yW^u>hojliiDKMBmrGD}A-zX)FDhNYJS$QJ1(S@e5j=;x
z;EDk1cl5$^RM5DYuQ2u!>hpSO$bgETgIxd*28=L<KDqe@(Z4RMjbEHc?!?&~;BR_<
zC`LT~8o&rhEOE(zk+sk!uM0;*oVU%}OP8J{c}8;Nr4pL&tDMiikN*ESpM$SzK8=Qu
z`F#7|pU*gbKJV^uK3}f*-=0rpg294;QBBG{#?0}?@>mqPDKkgAX&$OYhzjEC-<t0;
zZNd3Y>u|m!;{jh{LH*ndb<<9=pe)oZ0E|bBk&sib4L1X9?~fb8!S;%*(m;It<1oGd
zJ5BG$oyRI~P69o)roHx`UPDMHrJu!gvnQS><C2XO*K9H_fmVAkzxs%yl#K_K*UOT@
zFC}8)%V;5b6&fJaSI08jg}j{&q8fkO);X`E8%>m=1Jg3?z-{7*hnNbB2+winC7}*`
zFh^eNe2dI1_}MPoAJ&aAbZOanjcBN67MU7~e`BGlY2JK4iy=yh9j$8lOHn`uFOyA#
z7&mMLlJXWAUozi9ziWp@#2AY%7rrxj3k;}!cyq`y_i>3qyCr^3SQ!ktxQ>Nf6y?(*
zsE4A<Z@{FY6c2U;$Qqb1G%FAmmKXT^v$%EhqtAk%LIQx}X3(|hzLh%ap#;Jcc5bXJ
zU7>rzwqwq|Ud&07pWYbq(lHxWV5=R&X*R)@YneG-@H9rlo+^O0=Q?y*a%WL&PrKo?
z=r(S`m`IFY8F%1+r5$Eu7J1w8U4^tA^?S6hIrn1VvjKto0wz)BF@uswrx6F8jik!y
z$75NAXlY;0Ftdu;M(G4Q5EN68U5MBZ4ef)sR=86+^@*2ucb2caOke>_Q3TNF-^}*(
zqf)dM;jx}&D>F2Rt99BJ&mW@<dqVnVe1HBJD&9ct3ME)MtS;+Eiv<eszGnJb3J&-r
z2u=st^4KJLPQmi1%aadwx-=y6dq+=rEe#_Yqr}8hv_8^leN5KZM{7PvwND4v$9c)n
zA|##?JjY;t%%T(~X0?wLO~E~AcwK3Dh{sG20i8)Kw@>DTq--Z~u9?hYrl9ZY9g}dm
zI3CV%7vf53&5`S!e_#elTq(;R2wf>@xKipcWwgFhlBsI3H<RwpP)y1US|wvC6f!K4
zc+ZCh3Ja^H{pp;42^42wp{lVikhR!7379&0L=s-?7L+tenWCHFa5Apx+n#gj)3Tgd
z;a+Yc9!AH<fk|o<J&iC)>wadET3~2BmQTX*!xUNViC1uTCJg05&2f(TI3;yJs8V7p
z>^5uA0zemST^zH{n~+VKnGsQpG`(Gq)A0Zq?$Xo`?gvsvYg!t9IUT+X6LVLX8BUYK
zO-^}=Zg1PdY;Dd#qTw7%oLk2X%2uz47YJ*-%^b6lT5xtYEXLVUm}N3P3FilJQ${Ro
z6^6%ffGm&z9IT8u*r$ZMx6o8&PdOgsTNEdqnUgS1dURME>(n&lAs%m5AY3}~EsT{8
ze9Mbz#b*Z0LoeK)Kpg?LHCCQ*j?;prpVoqmmX_@Hk8_V0PAA~{HPf!S#5HCR*Z7#M
zWuc}OSEbG{gs>~5jrs>F-t;X8{&ANK{3GRsQ2r5lKBdS1l9U3g9g`^MDMiNo>h<Nf
z<nW(mN9EW&bCOZU=BqD}{F$90KDoYx2?WdV&h9HUUi4DHW`cWMhQ@CsLyfp9$Zvj>
zl!+O@Zt(T_AK@WS-XIt@!*dRA89*CxVYZ|^EMQJD&#4$m-X?f_aZ-A-ygj?}Xhk-^
zq7evqU1a7&qF`@HDkmlGL7p8y0AB0@n%RxydkOi<Fig&OTr}*pC+;m$k`CH!Kse5r
ze4CVHbPUdMPe<Cjk|UpX?m+&p(c6jYMrSX{&@8xWF@&qx_eOdRx-wm&Th}d^J@b|&
z#09b?c?2+kK-8_scxfb+USR8lg3lFa2&MNJh0@tZ+t~^ro3G2F1jA04P22hT*MhoL
zqOoz}Et^#IP_4ua%>1j!VUi=_*M@|L*d{2kl9FQ%nSw8ZQ*by>5sms392S(G^bFkp
zFmLG(GaxDVnIz>Qb3h2vxqPSc55{f<^#9kyRL-8bpN#qGq3Hh+#h&5FJ=S9MyTn~~
zC3TJ6mTz`;&9~W&j-g?~%g%P|y_en4hPX$$#rNm*t-fTs*La>XUF=ZLJ{N_CQD*M%
zgUei0c)K#u^e=;8@Q7$_##pz7rbQEj;Sg#g^PM9<CJ%9?$g13DB<YganXDNDtY{1{
zp`B9Rp!R$gHFVe}FgaQu1Cx@h{E7*9#u9&z;7;9wX_<kaEMX!O-b!=y!!Sl#@Mael
zn7uoRJCQ4xT|OqJv;{M)ix{4?4i}rJ&B(aU8BBIv<W5b;z~GVT)lW!<GZ>H>Bt^Vf
z;m1wVbKJNn4^-%$_aYzhi*h~oIwp|p8atE=9l9Nu8)mK^WJk<i!26$O1BM2`lRLyc
zCa6A1+aWBaZt^<ysXG%mSp`vM5#vob96Z9X8?FGudX3JA!(tZ$8(LWfZ0N7myZu`H
z_(1R-yf!YmzqXQp+hfc$^Q6>M&*EEI4nnZ<5}L4>CPP|`ksZ>=BS3Ruo(Wo>VvN1s
z%S4OLbI=IVok7&ncAG=f#ErEpx0CA+S_i+zT)pb?@l0E!jD){wW_gRA6=6SKW^j(d
ztsZY>-;GD!C0ahOBNvRE?>@mb>Xt`;E+JgSZ<!P4y5#<x@A*Iu6$0q^AS8v#G7avR
z7chO#b$0o7v?BFEW5;{VEQ!&XtOO4FPMZ)5&aJ0aNjSi4Zv25gdRi5;diGXkD|sO%
zG=@}o{3F=jZ_zIA(*<O8-#z$^_m|?nm-#+AfS|yi&xx+*@tw&#nF;(4BjGBm$tz55
zlv1vQ##sNBuPTCaP^XQed=f)AU^op7;{ap~LVsc>LjR#Kp?`=j^wU|tntP8HVjX^r
zk&Qp%*^ceBGr^02ebe^@Uul8~i2m>!vumU1UlI`gPYABVAo?e56Wwt;(_6HF_o4Cb
z<Icl>CY(3(z2chrUK5%z=)Do%^~yVMrf?&+v(8<DZM)-Iiuch=ltIcsM|Sd$pmP+-
z=5-#W0~HJt#8#l1o{5VQdi4f*pULko)zmB?&$w?y`6WcR0!YJP1vRGj5!h!efOYh%
z=U_YU)c&Cqnv`r(MlG1vBZW@YE(sox_F?U}M5NiYVt#r|c_L8ia-hjEZYdp8dN)W)
zBAQn%%Z!eJ7|9+OU=I2}P_(vCdpTxEbRCSAluXh60gdQ2V1>_rj`*PXZYb)wyZq+O
zVenH*>Z$&{0<FE6yhE+1#09<>$4!^K+AVO+UJ<#p<;M)|*EI&y1jJ)Hp6Z*>Iz1d#
z=PM8W?CRXeR_Dz(!s@Jv%uJv!r1#R;Ldr3+d|QZU+KDjxI$8(>cOJ97m=$u#8HLAU
z&d0?Cb!>*aVuD`4!R$AN(TS585y2CNw0IjgRY&WI0)0`s<`!aZ715{}Cn%#$tdkGb
zrq}3CqI)%S<L%o-87n13Ijrdx7J_3^6@qRN<^7bC1aMOMAmXHl@=R+UNZxsJ4q#=q
zhLvYpt6MalML`zp)b2_BDL{<8+dGF;APp-o4`)~z5*?O5EK>gAyNCaF`Mb{<2<pGP
z$4&2`BTW1P!LR{-N%%`KdTLj)OTB$RQbz(X&7W7h<6dZH_uSFM$9=sNPli*A67=*x
zhiWkR;N0Z8+%!XdZaUVf&mBQT6M9URn?bO0v*BNHAk!qCgf6)~LCccqswJbpKZ-du
z7e<BW+oH_5m~QK9q)By|JpnJ@FkTgniCiRk77J~bYhm52wg<X-$Ny<Jy|+blvqbCW
zQiGl^vRzC7d5$F<Z$C+a4!!sF|6zwpB0E%XU>)KOiIMrcBmJrGVkcUCZzI=5aw|4t
z)9+hZdb-Oa5x2P|r2Aa0i*1ZA{y*oR7@OGMKe0n^!MjJ&7?J~HsM&&uJ+Ef4F(k7w
z%(7yIgs+J~Vit?DIsW^ozM0jtvYjN{t56?LU13_7zg#H$x8mVgTj-ftJst6w)pr-r
z=@m&)c4bPoUA}@s+gNv2YUt4ya3$4uM}IE2E-%%DSp>83j^*e@4`d+Uu?D5+uy`HJ
z5T$>VU(scyN5n&{34$`{9S;V*h~_O8iMiI`cXZ>%S@ljM8aJ9cJf}lKx;BH(>6q$M
zMxj02qwWWo>f410XgqkGnfq@VL&5=X?jn66P!P_^@SLVS7sGSB_M8pRtsk@JG<e>t
zJzG)Xnt`0WhaiKXPRWMh7f+iO=IB_j78~)V!k{fR6whNT{84)d37j{cLatDN9s8~5
z;6G{wmVH#noNT+bSy_hOQE%ewKWeYfUa@jh!t>n$lI92~n^wI?i?$VKP*Td^-{fpi
z?}hqxVTacbB=IbKS?KxoI`l=d+fF%(b1Sok6TQbJ;SsiAQymBK2)k29={5QRHf}_{
zukFu;9bdnlzExb%hFp*xU#F}PIQ6Mp%v^+|(q2EEfH^8b(!CBtkfK~054fVtFh8l+
zMD^jADFja~)s0u82w8eM_b+?&AxC|p08^;Yd;Rx&^t_0LXQF5?dh@b1lHd4xwvR6Z
zBs%JAB2ivYx(tTLK;Rhns2kv?T98lFb?9qcvuZ;j6FuRh`=()j!%=l3P=?vB4ihnZ
z`Jm&gi6T_^qh5lhzGWIY+?h_~@EsQXHJ{D<#Y;Llti;!f_WDP74f5o8=-i^!)VXfZ
zIVU_$!frXR?gx3)t>bC|kq5s2$8*?|I`wUVdXmq2Qh>Fe$w$Lems=PJsyz(f_s?g+
zWuJjBvi<ez$vDhI1uV_d59CW%$M&|31>t+!EEC%W%sQiD+sQixf$ij1pR?_xKKB+Z
zpHiQD+t2MJP@cvaLX$q@meM6n-%>DqPrX%jTw+svayUcRCl?tO;nfe?tG~djC5S)a
zE5ctA@Sl<JsOJHEWVjKZTT|fq*DG0~X+%nYsH0BECDd+IeQlbMGwSXI47Fk*q4va=
zgjyf`QTxF}_?EJ2yYa=kT!zy@7p)!V8?};}1)W>|C3VgTGxHieN*KR(UJ@w^CLDQp
ze{W8`k5awijRkqP`rha+*difNWmznG?jS#A8Rkd+{!Q{|`WO5m;q3F<;mcn%n9%x|
zkE!2KV2gT)9GZq;cc+ZT(ehO&(Ww{6|Dztt9<F2~o>+i7_^8%ZG~x^JM@@nOdIeno
z9CZ}mZ63`AoqWMcfxwn*-s2BBtpBKyO<6Z6p3;H7qQ@@+F|!2&(a~+WlO{8K`b&yd
zz;Y{T*Y3kToepvVPbU^>DBR--y~5-`rt_6odV>O65%hE_OqP_X0=a6DyA4L2C2uDX
z3t(rTO8ho`k0w}z_zK1N5+dz;{#wzt&oQBL-XM<d$HeVr?m|tDBfsD-w3Y?l1jPN#
z!rX;oLinwT@!Jr0p=YlLetS7p^N^<fR2xb%of3Y)24H~!K<Q*_#{=m1KhXc<30Kqq
z&l92lSrPrONY+w&Z95-D$F{Ht3t^`V=BfW8rVp20)rc|ZkU-}8qPX<+RW%ZycZj|D
z{HG{7_GlMy0H9NV-9FkUDv8kX6V5-Qu#?O@Yq99p(97&k4Y<rg`g9lT6FEEOryrqE
zj6NFiJKqK@Ey-%ePmIv5EmocSt?I`oqO=R3{k394i^gvQ_OHO%33F~DSHklwG$uJW
zQQo$8&Q0Ae?di<9i4G6E!<chZPtp+sh9YE<(~Kks3d&r{cxht7pX^b$Cz7L=g-*EI
zP&6yO9@nPlLxWJg-uaoJOhS(#3p;*${H6<jlqKH)Z9H0t&b6|WFp}`lbqX=`7HG}h
z-)Qauo!sx}X#E@i2iE_E|J&Dp{8g?0YjOQ2|KGU&`&`xfAB5{axs&zpIvU0CD@?G=
zzGC{%g;;(e1(0_4ef+-z_iI23rYkmP7`8dR5vqr<ip9~4RrF!BRD3)NT>`3V?0o)7
z_R8H9Md5Wj<rRaq?o0^q3P(bEqg_7g`#r`i_q|Bp6y<fkg%K=d^iIE@v5-4MhV_pl
z#6tKL99_qmbG_j1v35zw6(Bo$6nbwb4%0}1q><CytliUrVNN!C`@=6gxqD+qJ6|H>
zL5b@_c+e-O8IyVajFs~RxzNyKIv09bt1$PBHPl`MTKE<;$D(*%k*p5dh7nmSGYkTs
z@43Hr%94okD_i~k%8V#y*OqL9$q|)abAQBnR7Cx6L+d+#x&EKGvhPQC^8NW*xv`V-
z2caCO$aSHMBhGc9tFw#XZ@9k}KdaeqBI*y-;Kg(TuZLD{(#zZNFV||iipW>>K$Ew|
z%OvGyauQ{k7musII|m#{83!zM0Xu90QZJ6hqw$9$`H6dmIo<E;6V&HwBw*OKosQcj
zxA6{fi#pC7mtABVv1#U!Ik83VxJ@~>`%Uw9N%9(~<lN&khr>(XT3ObebB^R!Y!%$b
z%|aJ0?EB8ezJ1~Lx)sHk0-G8Q;8)CuwVieNgwnHud&F$X=4dkW&(AO-gasI5iJ&O5
zncW9;_T^WIv9=A)9ze>zc%<hqjaX@e;Eod|<*5cMBBMWtDqSOA{ic!Ah_j`Q|BrM1
zHO&F8zbKsRqrh$9t5!rXd^{Ut_HnV^6Z8)68=+s<+ih1I4~(vyHwyj3$0~7`8N;kW
z|M2x1!@LI==G~q9hp*@v@DHaiY2Rgf_UjRRbAbi;rtt<dMPRr5EX(g?2)+N){cq{<
zZ}i`j0R7LqKG6S;mO;t?L-hZmp)>k7G5UA(3MF~Gntn~__5!=Yic92jkGqQ{y;0BJ
zOd%~w0hYIvJU#;33$(ysLA1N@RR?I1bcDrwrY!k?0DlzZy+i!nt?>^LlU(o7apD~B
zyN`eFRf_vFq6xi!Y!8|E#m~YEZw35^f9~0~h_VMUE=Vb6)M66>5=VnIKTNGCz0^BY
zR!BOa$qEvm?_;kXQ9F?p_~%Fw4*g&%-i^H_pdLK$3E7(atD5|Of~m<*1PiU|i~IEr
z`s{I5ZMWCj>3J<v6v{Ap^-rKDfWjci->I*)MzOmIPntxM>hT~<KTltdW;`XIV;)EH
z2}!=-FSfQjVH%6~2Jj+62loatP?Z5v?G;og0%v5px-g<2x%~65*7)`au2BPX*|}RM
zhDLV6B(GEd*{we(tG?#~$4Xg!*|F01s+I0*2e#L~FbCs>FtX3%S7gVc)6%a({Hxu9
zIX``?ueY|}i~d@>yc=`nWQ=nUG>cn&W8DKMiMA0x0R49p-2;EHjW^Bv0h4Ol);RY9
zs|=_A{PY^O0P^`2HDlbyn!pOszwUg|w>u>N3A_y~01NyQV)Jbc4%J@T01HnXV{<f^
zXOGj!pFo7re>bH69H<_j!>?#ygqzo3MchYCsueUI6006ZdWSFj(rYGxa8o;T6)fZi
z(d9Ac*zPt}{KdCCU~dWFud+Qcv6Fu$tD;LGkkX*_OkOjSd>1R&O00ZUEiKqwYh_t6
zr(LR|+e0mMf#`y&Hee$IUybLG$|8(&QN5mj2`@=XPaY~EA9$1q20~ZI*z$&^@l_R^
z7JpxKtt+wHPC6#T7B+c|?SY|I=SkR`hDLRF9vRKAkcJv657ks&$ad}!<x_UUsWHmD
zp@fAMq_!#if(v-s>i8R-c7m?3{3cwr7nsw)wC&7K)Z|;(j&?E8#mOc7io&R*wyap^
z&4N;BK}`2Y<d{jfQA`ZFvj?;_Pl6h0h;H~w{!LMw<`{%Q@!3%;x1H`W`L=eZ?@lFs
zcS6#PpvGIKUOdNSAFClK`=HB9gzSSZ)O3M?uc%7Gu-Nn<=npJ31bNzGm}Vk<CJqUV
z-+g={AP&81Wa5yZltAGg6o;}|+6)wjK)67WC>zzB`uYg{(cJF*-@jI}{ph$aw{qT%
z?7p0Ilw$%#tK;x5Xpn2zbwsqMbYTL8IYfg@^ZgYs%v}mf5_5QvBrf)6l0>#Pgk%^3
zU-hOY2|@2s8nSlMd((fYzvqls)8G1@(BCn7f9=Y26G?4-qY?jek^_!<O~ThfTh4Jo
zDJmi7ye9Yo>yo$hCvV>ZSR?mMmE@y>r!fX^NPAAj3F)Wu<m1_u$I(U7KZT!GAAZ*!
zUGyp>=yT$ZW`4RceG2brK;Jx1esv8x@BMRlD(AQsT_hVs!x=Gg3rGeHj$!$3!9OKG
z(UUJXI1lS?+BML|IZ!aP(cLOny_xRFr}^FzV6|6co&cmzB0}`nNU|~_oK5?Yc7Myl
zHX|}4;fWi1hxm(=BX5cE)n!p=km9R$6SGC13A}6Pi`VpRSbAmZ!B+HVz|>AYzA6bS
zDt#j5q8YJx+woVS`c)b5qMDHX!DE*jL|c>Nc1q2-#XHU&F9H^JGWjTeXO8V2l8-iF
zR-N|pQ44YUWI#Xk%GeYlAknv-FZuR{%SUCgwl=2)iuG;6;qxT~@B5Ut3GS>45S3cZ
zvquNSq#2>xL>!4poA|2Jun)k8H_=Yvn%4kZW;LE)cz0l+4dSme>j4~|Bbsd!O%)&b
zR$^)-!9BMGgW{lRQ5g$lHGV2OI5K(y>}b@I#wJ*&nf3YA>lv+V5e;X>#I1m(Esm^w
z_uWV<8}j8XL@QnHADYTx{f2y0CnQ6iKu(-BX5Zh?tM6Brn*I1y^qUPydDy340_KIH
zsQbkj(crf~Msd2>+#~Sz9~aq$6^*O?`AlyuFkk8RC}zQg!Wn`xhise0NLVH6&J{<f
zQ88<@tZ#zWs2ruQ1#72<%Xc7)xJLczj-R`uDDMIx^9l>m7^5ENK#JMrmEeW%`oQ_e
zGjaVnUq4?jUo3KrS)XZ#BfiAYT#vEpfWCOtrL_{&x!*@|A$`3ZulIH9J|-W2aUfJa
z9ADj1p3Hw%7-egkX_cFVCwG+y(GO?9vRKAfok9Yw!Fy!_pI3_#L?NuBMXxc<n%xU&
z6;}qGgb#{}m_gS<THyyg$Y;q-`ylfXwktWn#Y7?CBfLTMoQM<C*K`&jC7qazFeDZ9
z2z%lN@)7P8>La`-zj}{j2>J-`kqq0U#BW4p;4Z;7*XrzMn`Pvy?(}1rj!EbxyeCKA
z<J?aE!O(CwG~}x>)uU+GD!SHC^bOyiP$25){F(V|?EsO7;b0|mnd-7{9gC}J!cEYc
zqZC@nd5f>6cy>sR%*Kffh&+OWX!|mVwj+QkQQ-+|M+A8%VXI!V0RHMn5cdtcsFrS|
z_p8PPb{Ds=pp3D=ii4#U*OEgM<<TyaB<q%Y(Oqa|{@}p&tfG85AaNA+Lr0tA-h2G|
zdJj2YXg6L-&PswICTT;gW<yM)2vvCZQDUBU|Mm#W4u_5q&+`3hQommupCx2`Ngz`t
z*5O<n3LW4332c1#2F4d^pTmSgG%)qH!%-ZHt-K(6fZ(<7FvDNx_QqiQmP2@`6f`^j
zQvJF^?Z21b;rD)l{vNFTAE&?F2Rov_s`$?4C;#7|zfFDqZ=k={1MTVW?LNOazDWA}
zOKm&)8`k&g=x@aVMn8tDq@U-t`o^oQf8PN*9O=NU4Yfco8_zkqz*7clClU5!WgMvW
z6JbMGQv#~&v*S7V<eH#AS;yZyw!ic5Vb;k)&=O=K;Znh9+cYm;DBU6PUl&G+29TvT
z^X@Gq`iUhtPaW?x9qlq~i<t~t%+#yiVsL{wp7iq@%wXJLY9+&FDX~FRK!>-LnVns1
zGmMTQIqqECTz2Kiway>->q76J^a$Nq{tB2)*(8)QS&M}s!hDaBsPnFZsru#l-^b?P
z^t1E-HOn`#FM_r@<!7w^;C&Ia^$Ybc?(J-@Sw6hT`WyB#_%T-r|BrirhF30W#~&ru
z40vPC>i==xxOz`Vym2c3pWu!E>KVctJJ=5_VdMRu;*EQEx95$Edj8wIv3hko-q_n5
z!W$#}oyfAJ#K;9!rNAtET<fFcBC|5iC>JH+udeV512l^Z{AKAMaE^3WLyU~!4d$Y>
z?;L>s378p=uf|B3s_@c2KRG4lS}?M~`UE53X0}CK&~`8tS`VrmYc@#G79FJe<y4MK
zHh|tR86l1K4c45bG>A@7z3ARY?oI$LtZqM1&jC10ojnOHIrXAkI6065^Xxh!M~V8B
zySz`3Cp|s;-q#=2<9bmRBXw4<FYgcQy~NiI?^Ou?^^RCuT17K(obpq|ql5X17cU9c
zpGx&jKU;rXHdG!6l?7iM-am<`KQE%b?tf+$<ZlGIi7s4e5pKFtIv@&<(9#q2@~&D8
z7kRh8*c_>nJ7dWP#<1xcl{xfh4ZPb(F_LT5jm;KNjeNBMt!R?pLTXI&R`PcYzmF%%
zJ9Vq%UFt`Ty}6vag4+#tWlFN7P?U1fb@XzmXN;&gxrn%hCwA_kxP=k!F%&27l=@W3
zUM=!Zjdus~8TlaHmcjL9MMjg1%Pmb*%ITb7NZ@V<rtiG&{wO^FJ+KP@M2q0cN`loY
z10df7yE4rzD$|m`M(dsW@}LCrXOh`UM7z6PR@J?q;97r-Jay26^!2}DAB;(8s&D#?
zofey7Fsdv-cHRnfo-De{L96`}v&#Q?8C$(OdM`QP^g#z4F}lF2`RuOl+8=LGBt_oA
z(~-aW5Yr)NZy`@5{MetmGAF*$Ei@mLr1zB|qbd&g=lFUceFIaXbv6guXz`8Cs>hvL
zd?QRvm9kfKUG_V6*loaUj*0x}7E<eh7cH%g3X5-aJsRWWvr@|8*~>)3Ug!;rZ}gfo
z5Z{O{IS1T+fwI$Ue2t;|4Wn(%bjycZZF{4^R#397{EF=HM7?ObeZky;={EmsX1e`0
z)LgriqxeDwzN#-~zg$reCAfQBnlX}7;uc^4SQEc+gLc8nJt|>3`KT-w3>W-|l-b3I
zQ~r&3&igV{Im??1=#9I+C+A&&rYctB%AcXeGh{JhFXFHX3lmXJrjOp_TCc=t8^eAo
z0$><47V2*__UF85Aplk(#Ouf`tbOx|_3%yfPRLJhsVpz%a`;#3fS4b8AeEEcL$h8O
z$w_>kD!MiqHH#bu8+`ke1<6-JlPa3rPT@Q+w%y2y3obJYT^9K^WP0&DplT~$wS=q+
zd6atz0FSKSHJoGnGIf`Zk{A^(v&M5;o@^GlW(F>*GHjg9ZbdjSC6R;Of}Vksl}+)%
z{;0PLUi)&~4$SENWJ;m(BNv)N<p9T!k`>2SZ>2ah{iq87=w|GIyh~WH7N<CPtwC^)
zlpG`39W4w9cvE*EjXMXR2kppzVF9!qs~y;x)sN8i-92)EgPd=l)*F7_hhyOcyJG8D
zYTdUKN>`g%fvRShIp3-r#1)dTT^^B?TbDP&!g>Ee2bq13_h2My4&35;=S#Z9<u$ZL
zCJGthXI7|e^%0md7JpP<?x!y>Uc2yHtJdc$>1OSz8J_6=V&|tGvHGb;F|M0?dUUXE
zdVI;&&GydjfBk>`yQ3p6bz(H|Ggo;US3VVUSLCN3p__@mp;MNKN`Wv&F&-3@sU-XT
zV?H{2*JH5VGlu?nydjnrq=~k*^M~T07p};SQpk#Qtkw^n*7U%GC$IWntD-sIGWgsG
zj(^ERWvggyC@%a1AJ6$JiZ+b&mSx6lT#O{gqR$*O|E6*u*(yz1SaZR3sFmd_ApKKj
zIXg=0^5m=q8c6D7(FoDDasC8RDJm{dvi>5kaUG6cX4G2d?@$zsn4H7see3=&gKYy}
zRY8Q}LGa6r&Smlmp&JP9ERy=c=sfvL7YoDN;9Ck~$$+t}V`Ev$#<DbQEF~R|#a|H|
z%hJGD@VaL}|CA}pd~iHV1LMii$5RqEo@M%Y{t-T&xgC#ZX>dHtLdKKDm5V?MY2?ip
zN<XlPPZkZ0lv8fx!(Z+3t1ry$Nr7kNI(1yM*13W#VZl1Y4-m$@jQ}s3D=z?eLPzkX
z2H@SbV4q*TBM6W0qQlD;T<b~@*mnRdk9BUc4lDxRi~zjh2=Byi0`LxW)#2p<ylfqw
zkt@#^T(xES>5Y<m)C>Q;&!65Hgg2$kZaB#f^3^v8)^UVIIa2-W02am%E)i_&=532O
zK@H}g*JQRiCKrg}KqDlpDC04rAYYB!o0``ei)TR?lTUD!sZ45z{gl#@1ghSHRr^EL
z9HqcI>Nud=IRxs##<Z%2>e0n{zWO%ukLkPbo>Xo%<_}Rvo{!~xw({FMs@#`VZoU>O
z)14O6dG-O>g+6A`#A;VoSK@3g@V5>JjbbFc1Dah$F~&eO7!*`UzDEG(D>Q|KlCL1*
zsvkz3WW^!^!qk!*5QxNppv2T4w2c&_sHwLAb)0WRxN^c*V^B%;4;7k%LeL{y^$(~i
zkE!1kX==(srb23(itssVDu-c0dV5{CqiD~6rDqB`;9VW^e4s6$&3LUr&4yyV>&nf`
zdi-0E2=Uw%{mW4~4HLEmw2vsp29nwE%6i{_no!_8#I_9i9NRR66|`x{r+nXp_*2pq
zG1v-KZ%^XZK(*s26fuY(NVqp{0W~mvPy6+d!PWzwE$yEZSPSF3Fz05VUxDbicHTCC
zS_W&2L0yTgjsPz!C&0vC0bX_x-b+Dvx0-c$WdJWjgGXe;l}lPj(+FPj=X*lo2|;*w
z2H`~`auMG12ts2g2=!ZlN@FX})u0LlHEKTg65tgF;hmZtfJaUm1h0xXEgSOY9L)iw
zyg&msnSgytLx%ky;FSd7y%B_WYm?r;MGRiD4iEi1C<=Y~Xn3u0l@V^j;S%5{lZl_4
z#${17JHStBqxJq_dr|LS#68y~VfTZZbgm*GS1Fq;D8<MpP+#J!F^!?x*c_|TN^Tgf
z+*=VGUkH7yb_T}R%!krPnob|tY-AH9_xv;(*^OfWRblbE5s(uA!PX><R^q&}U{M6K
zyur1>AQyuMcpto-aKb1T4|J`MmIbp&TokzRx_KVP-O~ZOfZfZ+OSZ+5lC+ERcR5M+
zAowV`QSb7wXFu3M9|i6t+yabcc%>aUr!s%4W-FPmF^|u2Z4E5fSX2H~oPd2Y*-Daw
zwi0M7L0jZV*Xi~TJWO?t_1zko2S)?#oTjduukob(sbP(RMw9Vs&KTWjBB06}2Fv@&
zCjp+MW}MX~jbB`dr`6RV{3kPn=g9iQ+nwAWkD!mVF#15JJ@wl&^r?(U`ZzZ~NFQk-
z^gk;|A3b&Y$N>5%Ci;L`u)r)V9rgiG$-pF-3Eab!xfu~wE1HRW=Id6g44jGRS7|1!
zp;jxHiMbh9HxqO9nYc7hH(zCRIuoA>KQj}9KMu~s`%M~p_{IBhCa&@S(oBTdlfw7>
zxt72#{yr>qb$k<TvPL-<1D2!JFIygK&f!-S8CpC>XRj7dlrtNpZ&z7bv_tTfK+){z
zEvH<^GQ{ZFCRal-S_Cmju?}`Rg1vkiz%n3Fj+(mMVngNFUIrbGvo|bCGbSqK7CdW3
z`Jn>Cl@=I0YF9aT0(E4;dJaTZtuIlo3$fT}w)qPTEW4nbHHwlq$m2_>ZdX<pW1u;v
z!s52Jj5b6$hxUlV0_vePAZbjBCP|}v1t@#8)4g#jmQ%)>(f&CWM4wqOL3L2?BMR(3
z*QypZp;S}^5T0RPG8iA?v;{{<#)g+BkK`2N0#~cak>P5M<*S*4JhKe+l3=$C7zWbF
zsi+{WCEH+dbg$1vhcK?PwAZDMt51pwRF49*IET0zjBGf`f#FnA07*c$zc>44mFvU#
zt`UZlYu2g;hC@aWXsA}4jt%s#H+@cX&jTThzE_ln5ppm#pf*_hDK=QcGJ_*epi~y=
zTh%$I{C*O_Ktc~pKP8HQHTrkJDcQI}GY-!&a12h8CCls_Bw`$BV9LUfoNU3PMn6&W
z+0%Pg$hi_gt%TXm5Eis8OZ$LhK~zx!gcX*J%LpG#qI{k$WK52$uAi+h<ZN8XUzA~l
zrt)l|zGl&o4>%<aookTusFgQ&=UTGO2FEQ7Vs18Cu@ZuO0ki9>zaenB+4YqqJK*;x
zCtm{Akgc<Z$FVuEhHPXFW_^{<!0zSwl7rxGL~ui9>--=)tmXinAMn-Pu-;pFI!~B^
zel$rRAQuQ4beV)$a2eP9F?hbsJ2*sgtPXjfdnNe(DXKGSSOOY@p9+T2coN9w`YQ$$
z{TSsOT^=1uZhVy+pm;wf51PKMmxDDiP}0ifXzXb9ZoCqdQ5_-Af4CfJ1TnPf*-{_a
zXW_hOuLRlHsF2O&yO3ueGqubM`L=pju$O?gmGBww>dV0<Ioj25`MCP3$}B5Gzl^x=
ztrS{oJGVzD<FYb~GWco=Sji4a3XPd00rJ)RIXVcq7xmJdFHNLhH>Nj6_**LFlO@Ax
zQHfb*7~{^f`b9pkUQp81XoIe=WnthcQ5PuJfqn{X7^6Ya4M)%ebLeV+4rX`8Pei~6
z`Bv%9LP6R50-yJdpxDMJBMy${SL7YM<QiuNVxNdh(s?t6r`V#p4rU03I`z>Lv7D$Y
zjFe8KJBmE-`?57^@off`_2gt`CPU-p7t_!}_I_8gkS%%yxXeh7S;*>cWM(Rp`bR8{
zbUN3}TjgC@s*Yt}py|3}d>b>1tbFzJh5)`P8((HY2GdJ(l;5E^n)x!Df`<$=1?6ZZ
zVpEWVnXS2?z6|)u5EY)`ClRs#9m9``_)&ibKcl^|L4_J7$hEG!K=|nvz)y}sq)=T`
zJ}#07LgruSc>YPBSf}X|5hSo)7u)%l{?#!Ngp6<U)z1Im@cCD@`PT&eAPFoFlEAk>
z0^Wy0NZ@@Wf#pUbf$E1tNTBuxodkYw?3@JV8W{<^v(n1!V;~fwOv0}i7Y$OOS(6Bz
z@q()+V~f{y2)eon*r4~5<FUFF<ohu!KP<HWY$++*Esk-pPqYpNmRwLtz*cT%S~y?*
z{W>GX62VMw6o;ajWUuSgYo^m~A<ECQ%wqes*dpG)LW^2mj@s2h{LTm)3f+IxH^14)
z!nxxpt*u@{`do?RUbT$P9muo4erBJa#;*yo+ozI#GPOhfWNHWc$@64LgvnYBUwDPS
zaHqr!Daay1`NNDNB}qknrE+ROUs-q3qD}rQ8l3;d-kZlaQLT;RlQxC0PQg;5f&_1r
zB3mm(TLDR=g$blkl&f3?<yyt62o)13i%>`_j3I!EsMn3_ie6OiRoO&nSz1tJ6Ildh
zQDI_a6-wEf-+7+r%w#4>>vG@k`~LIe^C4-@IdkSL&v~}<EW5bKvQSm1Fh=>agF=i#
z<ugFMN5-fMm4gB)RP1*e1s5B!%h&^u#j6a=uPc<H)8ebl@>pfg7*&-5&(*;%4^d|J
z*7M6+Pr>lJ5mwpvQ)KbQxsb^&xI;%yvUS|@EcK6fwD@Ip^2(Tnx&!N*%N8|VQNkm+
z!WJc0d;pCvj8)kY8!XghZ+yAJX1EQP;@^fpsw^I>vJbX8mM32+>}6aYSehT-i7ZXw
zkA~rkWxc^0>LHyh(O<VZv(-P|#r&%N{>ZtD^UG16STZf4`5*MfSaHS_dokg8Q}e}$
zvB#@#KQ_a|FZ`g&E@@nLF*E+1Pf_6(3k}F(A$pHqfDTfPdvx>k|6-5+s%#wdTYGei
zvi_FXJ#xGq(F3OGc4LHYH{MYH_&j32hw*CaStF1glqU|eO%JdYfuP24KdxSxw}C5j
z3*~nQM_WzgkWd6@2rQuYdeZ*tWT)9AY;1j86*lfa)L5W%pvoC1Ok8Yg{R4_k$r!Cy
zeQ#S118()bn(Prm&zeD2y_B`{kQIiXrXPNKy~AH=G7jHtkd^k5k~vu${+kDJ_~yv)
zd#Pg5u*1gTr`JFH5j6ZX{qS4C@cmP>Kqu6VV+<x&O-_%3Mu@|zNRO$|m=4gm_i0AD
zN~W3wkEOD27L%WonT#<t0e@zjNF8nzMl1|g(+$Fi6eEm4ymjUK(JG{-8(Qjw5mcb3
zX6d0-dEpJSKA;f?*_SRygpQ=z$luF3v!AS-cs)Vg60!7skSM<7Hu=dQM{IjN0p$om
zdtkNxfh@q`f2-9!@H&5Bj!rpVs1rP{)*<|Nbbp(5hs%Z`PYm`6HYsqQ70v%BSHm=f
zS8D{&FboL?G;bqFH4KZfj>g>hb#MsaMf24D()9hM|B?Pyz82jdYkzT6RgS%xAXMhq
zMFDQzn<*`kec3~H6Y=9WLAYlv7N#0oHc)7l<Zf%su+MWYq=FSemCzKq&T_L`e#=g|
zhRJsgzVq>WG{oCmY^O`d#df-^8*MLyAC%vi`@Z3YQB|pZBbT0?;<5&#SU1}QQUN5)
zDz!rrdWrRhJX8RK$evLC`Gb|g{jGwhl@#~{M}f@J&&r;Wf&g}J>_NJy#c+T+?ZRx(
z6$e&Pt^B<*vlU1VV{OwfqqgXJ60u>~Y-`{;Dx+F?;47=(4ve&ps&cd$+dXJDQNM+-
zKax_p5aC}wuFM|SK){gDk|O!eTgJ7PR_5lohPnn1x=+eZhRjwF3Amz0XC}e6xrj2>
zR+Xo>FXmZr0zFI}_X8LGuTGtjah4!_p=||R&pI*Itg<b&B@RMT?JjKm(N?z)?SUlJ
zwz>s0M+F+N)q`G2;ZNw6gDgFKy|Wsk)x}#a^i~%OTSP6yJ)3n4abuOkS~PB~N19$k
zEBmHM=1@go)TQwJMGxSZKDa|2Q?g-9D_=|zTx@=k?eRu!Phl%qY#u>EzmEr-LB%RN
zrO#Y!2kzFLeZo^LscGgPu-l^Tr!n6=AF!Hp{)G2vsHgNBIp^7c5VDa$UeA^RUJXT|
zmFghK$H#go700_Idc5vtG?7Ko6@&Ri@F-y)I}fHt0L%utWYyy}jDL^RJCLF$Dmz4w
zT0(z_N=%VMGy_fuJ4C2>!+4nN5Dh=b4^da{?8nax>uVuDkZ`)@3H)>&Rwj+mPM5<J
z?{vM^l(vuX!uLwYmgpXt?<(k@38AC`;3W#mIR&OhZ-ls<MH!ovFN1*6Ck$h)v((nf
zYU?6>Yl*dfm9=*Irlm7M_+SDWFtDvhCrma`Xc)RTTHn&2+lQcAH=Uf>9Mnn?U9C>h
z!zY8>)FD045+r#+3SGzd2Llo@Fa}s0Oc-Fj(iJdwmR3eg6c1w(3`lj3X&zPU_l>R!
zrKu~U9IfAXj1tGJjdHNs;c8!lIdx2<#If5{@2D@pRnLyDdU>X`uJ#xD`BN6;W$*N)
z>%H|3kiC1eMQ1w+s)L_*kju0Uob|}+eI6JG_e29e2)ui|7GgWnNmCi4QivC+8o_-2
zvk9mE;ERbuupF(f*fxPhvVSN;UH(t(CAdsmrHT_xrHm@@H9Yq#rOb*9e{C+~{jcL*
zspnnoPxbRReL63DvnNCEn0kQc>u9E&q49%Lt9Pnos*-r7D?a{5`S?ApqQ_pg_IGY^
z%cw1u2GbUInV%vAtq^EJgBN;Li>Oz5bAQiknnk_l%piJA<#X&c|Gpeq=f4JNoi8s)
z6hd#SrG0qmQC5nUVCYZI-USvHVre3SKcdUkr#W3t(CG35aK?C|rePW;NtQI4%+Zis
z`sc{8TStz;>sM*HpJS4iP$Z!-^3RI<Z!xqu*@(j}Mr41n8F!mkmlOh9U~;8Et95xq
zLXwROt4w${#n8viVjToyt|dOfcw9#?l7A<?=<!?hVhSud5{nlqt>^<<7%DeXisRqb
zK`9a}bx?{VtkC>rKVTiW{4d}k<O{%P^g|s$K7E(0S1uvj-=}1@9j-CWFn}~7Gu~_A
z2S5X{@?SP$pfs>^A{oq4)B+g(#szRga+g&l1Q~2+_bP{*V~D{N#;LTux4W=X-Hb23
zu>wkV2vhr$E-O5uJ1SgD_<1UHn@(haGXo^69nP2m^-*}&>~E~3RqgLk&6GA9A}27~
z!C_S&8-cyh%xJ(=Q~~!VQzLQiSQDsv`46x~3W>T}NOG6wf2i2~=&@maOQv*AXe^d>
zVPymTQ##|7SL#4O>X-*W#V<dy&%yo&I;R63lp@|xkkM;(1p6OBfB%E{$6A2-e4qux
zT=F)C{~L02>CUKf%G;bJ2d6<Sl2Oh$33=jTQzQl*xZm~#SNqe0vhCYE<D>kxIs5`X
zeer~j9yD_kK1B!ag~(V!_MQ2k|BARh-!0oKLLF5M)a3`##Uv}gKErU3DJK3S?Ufm_
z0?uB@@TSv0xEBNq8G!c5$24ku-T8aE3&Ce$L`Hj`_7zC(n(Jq{Be!e^(Ti{MOkd`;
zUpFAT*B(z!Zs2a1;n%tHx8B1Xo?w2<kJJ3Nv&Y0TNUrEIZHMS7Nb_Dbj<>AZGuaj1
zAQe=&*q8%vK<kGuqwQbfw2_!%PPASl1<c**a&Myzb+Zq)p*vg^KQp?1%2g3;nwPP?
zZn_?932Qe`1$;tYO7B)i@DJ=@hled;WQ4Qt1(#{xv>ah-E}f^3?lzvMB6gk_)&qm?
zt{sfs-MT|PO*!l|Ip8#H;YTF}wGh*a-TsGckf-bx7g=ySEHP;JZYe(66#^;P1py14
z=gl|Z2{ij^62#fCs&wJ<IRyMC`xy4h><7BpJa?^3ROw=mvG=D7$}`)ofce>o9!Rs*
zF`5{Py1G9fn=)=TjYcw^&=08R4HQHjfD~;q*^)w-<g)UqfV$59JzY=-qKIq+dd~F(
zAY0!Q`!K=NmJ3>L`^cy?0XKY;s^MOxnH@AAtB@-aAOI7{cK+FRK*dqdo!*&>ou~88
zF@{rCRHLtU5`iF|T}KE0Y9dMojK7<GV`{nVu&2OPwVo*1C!FBMqhDc0zcSda*F(Qt
z@@4XMQTDE}f)Pz<z4|^PJvZ{9jf@@|y5ab_prWtXD+t_7|3zbf1}1!dRwDs^z0IT-
zK5sRlVEQ`MO*Pa_qB<Yd`3!Z_sO}-En`NjgrMiJs7ckVxRM(B_o;TDzLv>eB-K&PW
zm#FUCIjnozQ1?%&+edXD80y}mx;0eyA4A=TRQD#;Ei=@8Om#D<Zk3@9&W7<az2yl~
zi4`g0YO4@TWIwAMlt!cq%wdE|$2CH*-$}gs?@oQnNJw++HH<%ZveQ=+^u_c$<0SQK
zQ<i<s`hDVL^eujiQ)+_+&>-Pdbc04(11~hV5Yxk_*nl8e83JwIjOnEMlCDh`X!B!?
zJ;7s_b!{3!n|m%tx4B>6=BHJxO@2(9JI>O8`z!0ALC)Fe2Ctu0Rg-T*gLyFxI#jC-
zW<UdLb##MvT7$nsgJkxT0+l$$3br3*<>K6f$HU=JOXFjkkE=_013dQm@rVYqBkLk)
zW0FDeYS7q2K>icTTUAyeWXHS(OsrO(XFr2*s~&_?7Ca3f!13T!=n3We?Li)Oel#@f
zYN8qy(TSzsvd>^rr2AaxKA%6G1wRUduf{y}7Cg08Ee2FbF~@>S=+(hR{ClCmdp@eX
zyp4upQw~*<&BoqJE9MJ${2w;;_2acht5{{QN}b68WifA@^ADc2fg|ou5&@4gp$V|!
zkjNOz&=>2s(De0NQ#Hb&Je)|>#K~W^_az&;0h*wZMjQTx?ux-#d}tUeMx3!POj#1t
zVYS6!k&YFp^t;f}@-3<Of`c3A1;y+Iq0z>rg-oiU38Bu$((X|DcVk&QD9Z~agw$PN
z)b83ksa-GjZsQQIYO5o8V(B)X0=zD=ckwHg?1^RI9u-_)8?GxKa$!jy)}u)?_HaXN
zJO4xJdD%zB(pQi}9c{O`D2vJ{ZZB{Y1KC|rZai!vyE4u|WB~)=0Exju%x%)BA>FzA
zC$JJ8Xz{bssVGG=M*~5x38sI}KI(lt)CKVWX{o*hWIMpoXwh;8?;BnIepYgg=<5pH
zNy*HCoc`mG$>=S|2Sx)ppxiw+)+^2{O1|}lMv5t)s&^z?z_#uh7|D9gy5ggCbYl9y
zU=z6E(<{6v^972}2+QtZ%kCKhu|6=$fsJOtMtG-<`q_OjY6>c=$kY71Fec6v8n7ui
z?tzhSJz4L_cT*6i`<Gb-{)p!PwwC+9EwHKiySTsTU`fyAh?x8E@y)?7_Y(E>zK6fF
z4t8e?Pmu-}&Wf@WUlUpp?aw?619X1vlFvEiOML?jND59$s{3{NN*f%9$?Rc>Y1~mC
zH4Qn`8~{!5##TBYXsSWbm=HY@L!O-xK&{fd_3b@S5s@y*-_46Gv;VIG`8&EPJAD>7
zk~$##pv1XiQ2wCH_XW3nNV$J{3YhsbZts|P1?%4-KEHu<{aPSB&MA5zCYYx0NF>M)
z1FyJ_Jst9fLTSV+*0o^()*pY$K<z7>m6q&B{310L4z7}wsLbe0Of1{y-4fc#_UYr}
z^}+_;d8I4;;AP9Sxai5s*+=(<2}ZswCm1Q1AMKAm{TB&I%~rOBPWcSOCwvRRc@VeI
z!Dt8V;-{Zj1w(R0ick&Ta52h*R@VrmE3-tj?hQd#mP}gr{-7&sX`-tu%8h_&5|xdh
zDPw0$;(&r!DW3qv1EV;nWDZ5!F!W4kCvQILvXt6f*0H<+6hID&Hnw;p;A18j=FD1*
zIy%71+)_#T=mOzl1R$6HPWIhWg&_y3QUHeX0fvS#St`FL$x@EhO*MFerL;~1$%+oY
zBcoc`cn7GL#-zEXUq;<hc8QzG1t1-uYe`wy+YVJ!q*Yp!#0Gx$N=>UY3!(J5GOpAt
zIK%5*ltdYkha(4kOZF-=FM-GlULZZV$)w(1GK<N(Ir0&d@6Ics9)ixVEgeMMedzZg
z&RNZ`Ct@YqJ=yUk+OAVm1pe@Fye*kRcQ3$?K*ZA)^CHe4Vjvqu=rPi5{wc?V+x$7l
z%-J>GK_E2MD)wF}g1ci)#O?s5z7VIr3blHx%~6u<?Kq~{*hqQ%$rJ&6v;;7{ndbc)
zbh*9fZ*|!us!OxJ%iCF(!QNbfqw{~MRf?lKh6$NLe{e6>9E`l^Eqsxf%vy>aOEJc&
z8q5?bA&%+l#(LlZ2mLG>1vFMRPhq22hCD)|<S$~Vpt4p9G<$PqhOjch0Cl%-20h}`
z9JUv|>)c2&EB;14I3-1WcpvSZ6zFpD<{qksS8xB8oZ~OHf#1#mzgf{7+gH)5Z9a5`
zkWucO9#%kS_)0k>oDDQv%X*ST_jW0enQInE++B#@`tfPQ0d)NJ<djG=9Xf1D5S4?9
z2}n$XY{ueXy=d@D*c|5)h6F2&>v+#oG3(g)OKTmAmw2<fcm`Nh(k7=E(1>y_jL6lY
ztj;&%B&<f!o`;JU%f1sxD*=en?f=9spjP6Xr-+dpHN~AHo_^h(U9RdT&M|rePBiuE
zCNA*+8NENUs&8kUap-gP<vf4LI#N-bj9T+SP^iQfMp3FE()9IGjHaT60$Vd6vNbMN
zc<Cq<j))WvXN5<x@Zm^dAuHU0h2BV^$0*2sUaR^4f2hqZ_-;&`fNU*JKsIX^ydfOj
zpo`YP3JtD_X>g6!;M@nSfv7WjaWldZ8XI~n^e6<ld;&hkz{kVzaTSku>7YfvVJ%1_
zCzRV)kn#)()!DT{PLF%8AbR}uY$l|%30)PkhEhW*NVxeCyOOmCC27Rmp$r>j*5FUM
zx;o5zI<=g7l4sYMe+(~VDS(<-c2NXsUklXDk^|iCCkPq=^G(3E$zNg203+F7y%>xe
zRuOy~$$uJ0brv1UGsJHOMnK|>fVeDI7{yIt#HG2w2i%VI<So>S@z^y78LLwABn<MH
z$EC&Ejl&Eybm*7?kZr1a3qphq0J+uTX|60RXS_hejAQuQ!T13TFw3Ts%rA0YKOGL2
z?(_7gTe#oF6O6twmL~ui)I0%jM2|+#bR+dClx_RW%J~Gci(st6cYgs^VJc%4!rC<y
z;2Go=_86|AOzJgM7q)N8`W70)u*XDX$~lFQ4{l<yDZ)5>f^P%D1&DUQ8MxD4Oo!fh
zb7a$Qj?!R}vyf*4K12FkRrQN=!1V}HEv<)(iy+v(8}L<K7c$oyE@V1yBe_+7Df7L0
zziru7*L}=CQE379G3K}EJ|@jAcdiIRY7>%gVb;@&ZFGYLL9)Ri*8S*3xWVcTH&_s1
zYoLEhZ|w%F8;Y0O4HknpVX%L6?{w920WZ1E{e(AG3jTo?9BFVBlK#hUtb*Sf<ayO4
zH+!8p+X2+=YV~Sq$40tZawsoONECvFc+H`DHFyo1FcZp1-us_e|5-bKd;Lq_`2FiY
z@{g>4$^XInqX!3WL2ttr46ahQpw)P`1rNd&_~*a~%Qhhrfje@PcjjEjHw43S1)tW|
z<A37*u4cy{yuV|Uk_swdLV*C3J$#Yw@1{zaVP3ReGaz8@LyIbzYIKVVw|41&<kqeY
zG0YKvFb`mv!)`gqZ}29c*A^}K0KqVM`*+RQ2kCqKQ}ZR$fyiUZBd5Y)SGY=Z>|Zy`
zm0dMuH_1CA@S#xJsMz-@kBgY@hdkWzsVBRF`;rvsWi6RvO%x{XU~{ylNj;0xy}KCl
z)IEE)tssQfs=))qId3Pxc7lB4z?dXDdEhPN+VU8S<sS_iiYFPB=r_#Y%L?=|ALy3U
z4Wt6J?qk$wG}wBqLQ@K`?Zg-x++GCGFt7vM3K2O{3?CC{)xI+c1@M@%tOx{5_L8Pn
z{}ih^T#>zX>d^337+yYL{@q<Q0mb3Q6bS4E<pN1Q@Ink4!Wmfpf*qZ7FSwJxK=Kc@
zTJnJU9%aNSxgwF5j<#B*C}Ea!>KGzFBFz3BWSF!jiGnH;@z_Fddx<uw+`)1#S^$Ca
zBVnqA!Jv0Yc6&6O@BqUAqr+thB&ETCWiq^hu9j=^#B91_lOtw+3Xo8Gtm2XGq?Ryg
zbN_@kBQT%e&CSO4%AtEwgs69Ro|K_`r|w~8=iMohQABuR&_%<Wz3sta=tOxU8N~6J
z66?~yE^hX6h@0Mz@w!L$*C)lOeNFpBd+V4t87ug<%7s2x8zBh@eBzu>P2@5u`R}tq
zsteWyumhe!oTVAa*cli5KSV*Hh%{u#(?IZe#^L}^v$3Pf(?r3g(sfJ<cJK79PXHAI
zrNNwyI8Zs&1n$HTm*VaADR_8|cDs!|&cnfF5AS9ZOJ4=*ApgWimao7VXf!%-B{VA^
zWy87wh9!Tgy!TiNciYQJvyrTZ_u%|4obtPmQzGg=m>1c3=_W*dewPM)?p6N!7)>ls
z{smVOQ#MMZM=?yYX%miQh-To8c@<7goNc3P^GuC>)bWggR*$Bss~U9}l|7?VBCb|*
z%DFHf+rw>I56z-_SYYVkE@Y)iKFHVy$~6F<P;2x*LV7ok)4M=t6NW@8bozVkclvYo
zn*)PQ*&DqsKx5Nyh(co#tU_o^FBWsG@<9h!&!CbtTGh|6O4}6dFXK1+YZBAn{k*?V
zA59U0z#pN0uwzt5PXCnsW`++LD%{+Wqe3GBWIPdTjOM#4u0V?bR$UyWli_bZb3Nfl
zXs+A@udk>LtI@q0>QoAr@dlNGvT`NpWyq&coYSw)-Sk`^yPKfzw!j75hDTC#o$M2c
z8gVKT=+f_c($v6t0{u)O=x2%~zj+VW&j9wx*hZ?E%Ldg<hwEciGvyj8RmW!>4u}oi
zA4!R{)hPj55k$@B5H<TzRYlWiPrWLdjTnFAHHObtV}_K-f-dtI78I6a)Cy}It9aja
z>MH7ik(_OnX%DAp@*QYH`Wyif{x|L_C;f-ptH8#$ZEcQktAV;7CYFI@3z{4U*W?uF
zH8~h>FrIzMIkGSLeL9?puUb)gvtE54=@oYTo0K={#-Wk&CM~wmXjqEM8_)+Bl{Z6o
z#Zlh$!NNNug@0v*H(=rYk;1>T!d6%~CQ|sAQKj;Qro4IU6{`^ZEJkbN&~z?7Xpj-3
zl!=6Yy#Ey*{?XXrI<0{d8l>v9HdQCX;o#T6h;D(8P4KZEd6acQAXdR;@Bt3vLGU~c
zF5-3H(08<AXULLN6zeCx3;PpR+W%WM0(j_M(!_)(;XNYCXQ2_Hd*E;21VTeXgF|_t
zfgx9@e<(N9KI9Db;Tj(#^Bvgpq4ZFvP)B%eORoAM!&s#;bdGwUdCL=pP@|9;?xvx|
zZ$b9Lk93gTH^r=-4Q1C4VLtT5@6gb5CeeMTL4Sl?8%FVV$zgu2><Z-ac){RK!I@i_
zB)<cS_LdNrC5+;>)#B3IK=bpyK$;&i^5sdrfBcYJOXtM7EJTayuu|ke6TRd}=v3u$
zCspx-*=8Cki$6>S`|4wkS>Rh0rNI=-e!z2rmdM{L3lE|Nxh0-y_2cd1E7IFMn8Iy;
z*(({(JiI?BbRM#)cE#NpyPRc$0SyCH4)V%Y;+6Y=Tj`~60`bU<I{}P1<q<PC@1`rC
z<TdoBy~?wP(ateTn0g}<NiakL%G=Y@-KL{@i$3{Ue&f?W%jH|24>vvx272^za<mG=
z&VA1snRnVDb@!+CH^;ZPR?!{$mN0aO@%I?I8>vHg$>iV6_0@`AU;VprUEoC>u0znl
zqjqF5H}i`kK0~0eB&KlsdVo|TW}CD<4rY6BdmPM`zda6S>$$yt%(hH*#8kd`fuWs6
zF{V+gHK)w?putBms4pX|HkbtsuB{WZG5qpE6lVJrB#H!0MO>&P9Smcfh$qL}45*7I
zpIY!QLS3uhATTIW9$2g@q~CvoFu-l&b(yu3m4aL|L5%X=0qVOwYhcU|O(BcEbjdrN
z@;R4$xi4rL$OIrAi8N`Eix)&LkI{Q_wB70~c`~61_;K2RCp!q(0gcUF{wLM&N~3jJ
zqE{M2Rc<;vr#49PA(jfd#;L}})0?P`i?RUa!Oe#9F*?n?f<N5;CzLu~G*bVpuW}eX
z4>VYLf;-(IL1x&(P2$FIy|}^f#`-oraM`THq%?`}iHAp~L^_CoFEB4QvFubM>OSfg
zh6!@M-XCp28^nW+^>&T>8xtmT0EfIQMNr=glyJ99?32TArVlj4TlicE7RK1FH#$me
zA$nB+W*uMq7eS{@sG@OjiMrzzUA2pTZr#D};BjG}?!#DD*iCQ8I@a`pMO{+|UPX92
zu=a^Uu?<HfSCkxD3mGu`FG}_{W9>knc!aUAo|_PVvngwMylm6d6m33vV2#XPWC=CX
z$_`oh9PQ=3P*zCxG-h2=@U*_XbKsAs{6^<z;&lGcM&#y$3&CU<%!J3j3;8!FJ2(|g
z=86fMb^($&ieH+DOZx&9yn)+65Ig4q8<rEw_l(w;^sLhmf~-j(e$Wj7EtAy?ke`*a
zb})pf(iuX$`7RkkgmY%C;!s83Ky}{P%Oops#LM$fP>}0)`5#kA2=@0?RB?&2==z<i
zh8Mi3vLyKxbfbhBgDf@erjm&XjlFDlC*tO}Mt)t}{LF^DAGdtj4e64c>EQDlYRrEJ
zoIrowem0a*ihrURq#lXiaGbbW6YjFO^hT!W!{O+GM9IYTVk|*VjnUxQHJgUcN=Cwu
z68@tQ-EiU57OR{K^hXq?)s<JOVnuU2u}NGq%u+gyNI|6pgwxBhn--b89UY&V7MWqO
zvfQ9v1#@#mV5M}w)MJdb2N^P|$b&68dLbxN7lKF`{h%JL7=)c?t;SKQOvnqv<DwF=
z%*uo!XEht9SuCB71L!g2RJRBlaO*z-|MzgQepfc*WjFj2ZmHNAU=wuP6Df$0KgFWP
zvv(+aDz4!0$C^)mJsxiP3?l>f_;_Nsh~v}tg;pWsn9Dzu!3?*Qxuy+pOAI%}n#wF8
z;%_jO@q?+%7u5;s&DRovOlA82o!AySc&Nr^8|31OB`e2IZhKk|!)@O-MfG9^!(`v2
z!g}_&^<+0ljV+0}C$*KaFSOzu({O!3Oif}<yx<Zs_D-EQ*QM8KwbUa)9RzxuelSCr
z*3MZn#m>$`YYaajmV&?4%Er{-hg6EM|JmzS?I;2V^zv@9NlG)=4{V@iE#&N~LpjsN
z98dZq4J@o*G8as(TreGFFfoX=FZgr(+IMqw{93Xmo8I(hYDC>@pgA18h3JaIf)Ha0
zCzdI^)M_X_&P&q`rC=S%IKNp&g9I1w+uRqH>~Azo)DF`EGo+V;R)>sr&dn%SzGR$J
z@KK8M*RKi*ZDW(3&^CafGx?Y5S{mw_Q(beaYi+2zg6d9JVqF_Uot5f#QC)jOU0bSK
zNp;s7>aL}_*Ql<Op{@hf&7eBBp-!T@QB?P}p>8YH4WPO`hPs`mXeWm;+$#WiqOG$T
zUphR7^?mHJDw2N)4epI;@Uzw+01fuVG&rm^7!3`+j%l!4YcLQRY>a8JS!-|uH26HG
zL50?!5j6M@hC%6_vjJD(8pA4F6|)MTR?{i~yaw+>*lyMGU;Ofr;^Tb%w?rZ6LidMO
z=iWC|Er+U5HNNoc_4vZ;3@>a?J(e3En+}ity9T^fYVasmIpF<5B^!g~T=e|To>%AB
z(a+|0<a~64ybHRWOoBE&FW`_IG^8&C{g5i*g=%)F3(<XftJRmSdYW}K3V*f|jN`8u
z#>W4^8Lay0Jww$yP*rv&y4yi#)ovezZu`V|k9=`PZIA;EK06b4ail1x5@NaMw$%pR
z5FTz$gC2+@n@y&BIJibIxOEpXHYTc*;Cm1M{+7NqF=6=g5%eBh9;sCH3Z}Q!a=`32
zuqQ&(Kxmt!@8}9BE`;I&`0&EVVE7oS{nZXWh8vYsi(e({qn-27NllsZS}+{y3Ju%9
zM{EAtH09&@s#@u#RI@f@Wz}}oyy#ipz^csRf2Au^=aa0MT4>|<-54W~!s{eqc%6nu
zL!pMS%SjUC++jGE-x1%n4;FI|j~uv;yP~w8PwpEl9@5z}QUBX@@ppK)#vYU6_PF&q
z>hYn6H2Zji{0cV(WWtW}>m@F~YWB|~BlgcTL4@5vA}lGuG&Yj6{K)WCQJ@1HIS&-D
zP>2Kyc!M*Ai#Q{5{AI578c>(k>!`BQE(n~pDUPVV3YCN_HQQ&NX?e-Zn(gyw#{9A!
z8woUf#a9NaXT06gOq{sFOU4*NLoqN-PIFcDWi)$ke><qYhT1jV*OK<c&Dm6Lt{&xA
z1t`D5zvz`;$CYV!fyr|fpPeJ31j~`prGD<#aF{}OUCB7870npe+K>;%vw$60N~GB1
z!)tU5+C2;4I%bO9EKI#6ZhTn=$7nFkc>v{x6FjhJj$O+HvR7vyI-6KiS-tyhwZAFd
z6hU#6rD$z_N(4;!@~`|#)wbogH^&cRuvs7;4o$)RJh}|y;qKRK+qgduzhC&1{9D^H
z9skCy(;3zn{}S<UCB~6?2f{iO|F%^q93-Rq?c(Qg)Ne;VkE4Fu{&^hr+p5p&SHEr1
zv}*%P86d2Q(XRE?lxH_UgUmWF7Lt`lrS)Dcj8qg~l=`hZsNaSFKK)xPM%Jm_+P#>n
z9e3rnxm*RSC@-qIx2|&upH|*)(7knNN4mF>N|((lI!@$GU%uZa)D?f32`^v9_q9>h
ze`o?J=vFDvtj`bKB6^%;6kwFIxBQ5c#cQ+|pRvZ_%@-hW0#YIaj&ph0wVnrERqMIL
zq5`VLEuYoP8@U2G&>RJT1^1iF-k-sN=2(3mPYhJY%^(LFZ8f(qNEO&S#pksIr4ewO
z{aJmNj}dTas9ZgRgM;Qp^<IEBCRtgNwGTC&H~-zR9gBFejTKY$$TSz^JTwNCGmxi@
zYKo|TtIOZdW-wRKUoy0?#J^-%=1vi~O`6-@%njk^zEx)Y%#a~=3PS0<9d+9MhhW2y
z`lSK&3#rbXz@H=i8>!JhEx&<F-c6H;Kk%Nh18-{Qc_Lf=ts%&=hoVMpQb$b#24|El
zLH(HDPt%S0<9X_sd5m^#)K~IR|NB0hFi#KO44qyCLK={&ediON=<lm(?Cmc_3=pT?
z0+ca*4JdCId8(KS`zl$h9M*@%jrCSK+7xMV*~l)bNf7Qid^OFzcf)Z>=L*kG*Yps`
zqfAXLAn8*Je1KrxFTIY{K~>&im`KqLDMILRcH(Zn0#vQ`3LxiAf`7qWk~gBy=ul`}
z#Ri))74i{ofCL^cU#-atx>2*;IjbSiR!{_A9~z_jsrjm`q1F@#8G>Bw-DnqhEAIfe
z+>=&yq(1FmEAML<242gz*CUVe?ZH8aIKRWfRXW-V!9!qaRF%uq_j!fBl{r1wX?$bU
zJaOq@(-KHd;cX{>QF6FEqrBvT!+V9~zbkqABvjja8&p>$Q@Gnd%pWQvs^jr-z@Gy|
zygq`W(d*;g{sw=jG>O~er!w`JHzF#&{U03f2OHz{ei!fk#PB~p-h1Nqn8bU0b$HZx
zjrRTs)n6e$TTS;dHz7a!02%h%7yuGK`_mNdN`_Kksyrzv;y6ni9s5c(<A+nj&G>h4
zj&_egn&mdnkPW}8TlEa&1j&XcOyz7b)?V^;crTzawl=s^z?|CGH&?H9ZFH^s%{;o+
zb;}fC4XpX+@mHe@r+fft#+J3f>Vg}Ce*|N7a~UlPy8UT+elH?kE9#fuLIpkyc5ag9
z&UH{ATTfEU4F_&`G#ERx(+qm$EPgxk0P1CP64lU+jSvHp!GBl@_e&AD68#S3l5Ol{
z-+ir_9sUCKhM4R2fX&180iIbxp1DxtnbU}8{swsFFAr%vb0Lg*pxcZIL@lHzL#{c(
zIol}8uAkh`mG94m!;I?pG_bP=IXg?20<ESe5IYOStCKX04)f{O51krPhj6?NWfz~e
zYO4-9`h9Cv=|aye91}=!X;bdG)*L_f*a6P;QtYu+JoZ@FGlKi!0xw~k7pt!f6Te%3
ztd?5N?{=Al=Z5&*NSv{!=ERLN=6xg%d+vQa#+GI>*wUDySzgP>z=KSV@F0^|;jjNe
zWy({6UYP=E@L1h$s`DG_W>Vc}R5#C1M<$59U#Gg~4Ry~5(MqZ*wWQ#IjaBRu8Qb$n
z44XW;Rt=Mp2n|NZGze)84i~cq`(qj$&>B=ggKaSlwrLF(LW2rjT;X=WN8bgE^L_B~
zfcBTlN84z-cF#`Lkc@J{M*xV3;?;m^gY$!r_~XfU(G7TOjlbLEvvOG6+Rm)OuCk+C
zmCF|KM;&+B{wV%`@<Lqv@8kIY&OeU-JH_oWiTC*GoqwEO4aM=oX=t}UUf=J{puU}V
z0>4H5#S9J}KNwfZ@(6!C0fuI@4<Ih<E0??rEr<f<t2s47?MkvnjqVz6#f#N)q&EgP
zvuzw%sWSMU2z5Hhsnf|Q>Qob<P8T?d5a<$4nff$QCr`h+t&E<&QVqDs)h%$p`h3GE
zJENSZi6Fsk=!={nE$44Tj3!qrj#XjuMFS-XBS(WR)bEv&|53DNEpqW#*>+c;KUxeF
zMdSmG-+U&K4@h2&$|RtH7zoBc*h<#j4_n+w;iyN9mThA_rq$KsAnGwq<zO>5IZLKN
z2!?!xq5C@y-OQ%Z`_)UCjI7qU#hgm#3Q)T^QTf7tZ)dF;Q4(`%*^f<l%MO&$3fHX*
z1-fpv0TCtoDG~itjlJDqdhR9_5ZuvXT*yGH=InJO3$;TU)BwrDD?BLY0p-m;Xn2*S
zDxZ8E%qlI-^FQSH9rjmEA-~#`Z;kd>mvYR48uc+;rO^c0Y^S}_DWw?ytXy7&1l6qt
zQXzHPIDMLLSq%a^U%g$v`y$P)i1Q1o47BxDCLn-h^odI+8NI|29BGfgS0;W26gDa$
zm}-oXtlZtf9RG?f$O$a6Hh#LS0Ikw+y;kYJybt_poKBx~P@}Kc&rFR+^u1mv+!j?h
zC6;|a0y%xXC5Fbn^)DoSuNX+*i$oS@QQbccb+1z0XsUb1Q1=Ga<x}0i40Z2PT_)8n
zG1M(q(S<U|kst&|UQ#tlec<PtG10b$)~W%=UVEHTz}y%Td8ek$dJ-D+k7=+$YcL!d
zERAWfLTk_y8oVFV;6ts!RnXvd9TiqCp)!PfG>2}7uVL^pLi_8EILfWt%2GAlsysM_
zt{a*?rK+~>m_kG~G#KeI#MW_4Q57xk*v%S<E3Or)j;kGiX4&9~zTywk<MZ)IRMli6
zQTGl06ZAN4k6zwmv%yjH81lCGiZc_`d@mX0)%{I2PirPOC-^FU^_{;sp$X-L$udD3
zhDjTFn^H+Hd@7@SovuHSx2r2`-gY2#TfJ97KP881OU^g;H0QZx62#~6DU`P{zf5;E
z>wyIMDPr>YEnn7{Epx>ZQ^~|Of~OJ11cF>MY?}VbsPPa{nW5(B@U~)z5cD1D)OZ-7
zK&!TMcy1a}D}0ZcboPX{Y4<mG)H#Y9*(m%DtFOl7>FTRV^w@nh3Ep-nOO;GcXzIOE
zTsjb^o?LRsQgYtp+auhw4y*53XV^bTgeH~k5KHmeRQ_7>zkpN-d@dzQEUjGUV!K!d
z(Ruy(>D6n^o>qP-%U5yPciuF<bw)X*-@135yxn&wk%}h-rGUi9)-K6+q=r4g$lWP_
zs(b}>5LJ4oS-!)fcHER#`t!3w4Sa_aC3#Cm*moh(AwFN_PpOsfFzZ@w$Bgl;Wg@gJ
z*x`3Sb4eb^z@ca)>*JCXn4HW2PU$}bj84WE@-nM((+r3OwT?;ACmFm-kg1owNAguR
ztgbMzF`aZ3^vjn5DF~~ZzD^L9nA9mUY9pP_Wb9VbmNS{8uwBubD9_60z|%bI#l5KQ
z{Ld1R@pHJi@@Zt37ztv>kd#G?bWTScvfjEb>O9dS5T7jGQv(I=yN?lTlwRm$)60%r
zmAp>*r6g6r(?){@j6;=4%Jvcp^Y+rfxbY71)r>yV5P~}bdHNnai2RcodsL8|mwnXJ
z(^=IJAjsvbGP~u;mf&8bjamb-6s$d1BeSkiMtSfZG_pxVwxDB`1ep`z-!xZtm00?5
z0=kE~DlR3se3wja`Jm+6CJYF4W;{?(stER$R#5YBJ4wt9LL6lAwxCpYOf2n%Nr8HS
zMp00l3m|CuhQ3ufZwoNUJcwjqw@+=39yv!K&Oz$)d&7CA6EHG}eutLxE2n{NZzmY3
zJ7CAI@=U+D<$`4J6~eqgfgutDlaW%{CN_Yz?oR2hisOmShmT+V#iMCBYv3lFayM;R
zeD%$Do#{`{_YsqBzC)gm%-0-$zSqx>o$nV@>zOZ`tHh4Oo!~0X=3CANu-)D1#;Ez0
zC5I{C4$g1Aetzr4(jTBl`G~8cHUU(zc*eE~g94q?-O=-N<NQv#+5Ga#j(P4Kpw7)Z
zALdroSMI!w4IEQ$H^&I@$023J;OF*+2M01cxO|mnwk{AH?1XaqNtjnpxBP@<V8Hy5
z1nIYoS(0-z!nzKpeH8jEH{)0|xQKJVf<!^P*oRtc*4F~%4=zG(pm%s(CqW6W-y8n(
z=Xc5l<N59UWS!@?#glY?_x6u}eq9)YjFC$VSn5u-0ejw-?Mxo{;JLu`)s=m~Q_N0h
z0zaL3kT?zR7sRqOv<L5JgG7kIJWRzkm6AHxx$w9BqSn`F=<5VKe{|X##Od!BeScfA
zzZ3>6yQ2=n0yA{}!=F44-z7%QgG>HKx%F9qfuGe=kw6<aHHDoBm%Niv7C00wp4khD
zNBFs5WX>h;2N2q=d^9<gL2hR|&O-{c!G7JQkc-J;l;T+|-BSxrFa6lkl#8WgYgRro
z2<B-~YqKf=*QR0Y+LZnXF!ZHR*P6^o{BPDIIciOAc*d|M4dSlJ<+*jO$;*=rYtoso
z$uSp*t$aQy`Zd`n@HP2X;6CfV^5O{2eAC}`CBUJD;mhDxD306hdHzhhyW_8sbpY4M
z(n%Qqb$`?%FhpXj1Cbo$h(s*?p6!Q*Ow#75$mCtAY#$;LNPEssUjvx7=^|qV7=EmV
z0}eRyobt{@m~<~YY&>EU7sN7)H>2E#t7%3jJS}qNo3)(|e#och0?Csd<Bl8jv)dq+
zz5)kC{^ifiu9bdv1LorF`pcPYc5GYr^9de-=%d%o*&B8R+H|8C{^(}wOjKZfG0gB*
zmwYduU%zN<86P%}2>%Ui&Jm2TIcJUmHX9ObigQN-3LdLN!3k>3jgWNNc?oL5d_%>#
zo!~rW)?#5~9mKh3p!{-eq?-n6H(}_ex$XtptAB!;GbobwZnv7@_eN{}1b**F>Mz3a
zFP<^tcxghNIKImS!trOFJYQ`zf5tkRmaO!v2EObG&UPK~q&TY@SP;=vnt=eKQ>I3s
zEA@L=DVDyD49J;3vw@j<24vgp2m@ll^{X~AAg7hL{lI`6hjD2Ph-*A&K%R(YK>8=U
zI~6-z6(<;~H~~4?VRp$*xvMs_H}x}%W<56iY1U(kcAhTy>tj83J{^bknBe_w*5g?8
zGKq7)0r333R)uAaF?lBRDg(YZK4ZW)d)3}>w7mU?_=`5Djj*@bQzz{G+e5H7vCr?8
z4_5ygD<9}t|2pM^r2hl?p#9Uo$uC#WishI8@x<?t5AqpFD2$O0fHM5w$p;y7WWGu9
z=i4C8eBU4U8}dOumk$bK<O6lS|L^64zs{=fkan9H=aBAr{Ljk=1_>ZWK1dSkkPi+l
zV@G(?^8c283_ET-!<NVEJj2I|=nQ|_vtIf!Dgm814fG@7f1Q5Jdny8;3GwO2gJrSw
zqfyas&<}R}PM8_}_-ga!&HwxKV`W)=pgF%Z4rtyy_V>~c-7@_a{kZ>A27K<N|0Vs{
zA2Pz;>@ju1-s58k_Oi3<qaSYnR0ejVkX)qbWJkn{2C$39i*NsVyqK*AyDLj0VAmi%
zUOYY{7B4>gSbcQB-KnUEVZjD4tz<3;;FLb958ielyd8B_gxQqBY)UnJN?CPGsYaVp
zsg9La`uT85{bkSR0<!tN)ald$(6yU^K-Za$Q5fbER@RQzj*%2FbFogT2ljMpMOF#H
zy~JAUUpq|>J<over~feE+xqd|@SnkVg+U|CSx46ibC(|_nA>nuz4-2?bFuvL|31E3
zIQ=*Aowp<w-(C6WZ{WKuj_>~U{`>F$@8i2KO6tRRZ%vDX@A^OT{{Y{OTf#tY_`jp@
zU3_?G5R8R~r2l>TH!Ye$i=}^4<Iul{e*+$darx>0i2hBjm;OB&kNy?@UU*3Q{qS)A
zhd}>6ih_rX9YL@ms3YDps`I8<1hGs)-BVcd^?^)b33M?gd+b)Q`*8aUB{pfW$w(GU
z-$6`VoF(}Sv)ulX4hU;n$-|hFoq)%l7HZD@Pr~b5+247FmP~0Y2*syd{-*oMe&D3%
z$Goy~Z!`apnw-FZaE|PXHXB$kp$bl}QeL>7J6o%70L^3Qt&AP6>6c5`XvAmNN`W2^
z5AQE1zl;*OsS2hCDNI8J((5#2D;u(v4cQid$W0&~*Z;(Lj}G}g<6UtN8*eW*UL32l
zvj5E{a<!{*h-eQ>woI>(RfIkgGubk6vnDXpP?KrEw*^(RW7F1vhFfVf1vA^CcRS{z
zt400O9;M(4iq8Nxz7X}*s?c@lIyiFUQz;_#oCi|{8dJ)32|{j0b!j;}2ftF$kgf>=
zoS0bK#z2o&yYR~J<2`g`n6{#=Kv#xiTY~r9l)d0O3AL-ArwZkVe~A2556_3cdhGZH
zyRh$7yJ*3?cmlduJDF}Bd$Go$Ufg!irX1^&z<c?)O9J`7bhD|mDt|zo%>rIIl`5%l
zIxl<}3bEwCb7J)UztMlj1%_@H-Ts@!rAdcRNkVD4SUMk~e)R0|CHu(;_LNLe6)!_0
zA-s+K42=ojegIr%CR-%`bChLpoT41+mVlQ2SF-)`7c<;i39Q+`0T7NrEPJ*AYzbzq
zKr@_s7&7n9@VNyyF|XqpkB1@XL~i9<LN7dcN%E&*2wH}>UA~=|gd@e^-xl7Gm;H+;
zYoNc^ad-AK#d|!DuJez>%bQQ!8)iWNEtzoul;p@iD`^sD3J->pVC19WePzqF_fc@o
z>9s)1#<g<?n!V4q84`<QA94_!=ohpWgkX6RMG#De_<kkD84U4Ug$SvbA*50fRR+(~
zJPu#Nz{FC|Cz3r^qjljf<?#J*r`^|L@jYo1rnL@!$^q%Z<NLx;B+fz99~fbEt^qX^
z8$#&Dd5jb+G7SjiWQ8R$XB|fJ!U4PddCAJyn<2FDdZ{4S23e~ZiFopU;{z`Lla|Os
zO4qKqW!^7XIhb--VgFu{{7tGW*fZ{Ic;-vV-$?SeAfvA;rAa1Q7I<HPM}m)q0X%ZS
z)|zppLuw>BpZ)EuF<3X58v@HXf}xf+cFF%SI_LNN7-Qp?f-&%~;#40*HDTX=%4$D)
zBa|(qy62W70T{gv%8IDn%fqPMo>Ah(FQNQJYWp(fvc~eSM~P2tPh=lE62;2xv&0su
zlHUih;iOJJjO0|Im{E;hnIg$Js!&U5`Z|iZf(|WfCM5`K097f^qn>vik00+SVjlwh
zkqjR;_(+Ej2Ylqi$4K^3Qi6k;Rx*!&FXZ1#_;)$~Mnt(BEdR(Ru5VFQ-zi{V;?GT9
zWbrhv@<FCNC|H#2X;{^_m>hSW94Qre3+0m)2OA{8!|b_0Q!jKO5A?YGxg*{3TFJMz
zp|iRij3jnTWz}NoOZaH!=?q4N%R|jry+z7CP2p4A{+7<_+maJJjh*509N7nEXL*6U
zt-1aIw*G;pva{llImfh-y$4Ee3p91H7v=fKS@YymE?)(EQKc!5K}=r3?Y6wK9iBH_
z6^9dZGxmjAYV_OXTW873{?;>dus`!kXLY}1i|3bcmHZhjP3SP2Q#$A=7t8=Nn<pjs
z`yZwFcQN`ql(D~kJt6-org|uY#}=7A7JnHmKq%37Ffm{*gUbQm!J5RrMUp=Ni(g#<
zZ2~V+n?s3#rU7hosK!*`&$R{26>Lr}zZcyBUHvgACqp6VPvZi{Vm%%lxGr0P=XxeW
ziGMBynyC0ilIhRvjow^Vi{Ui0X96&L8cH($!HSEhxL7SNrs7#tJWnl#Kb)00_5_nu
zFu6!7_!#DveNHSZgN6l@J*;RkFM5rNidoSTUbKvgrm&(<c+oa2`V8Qal`iL{N2s)v
zN>}mHOH?|GO3Qg^%LFW)O{MF3X&RNzqtcDM^j0dJPo<lA=};<tkxIAm(ub(@6)N4y
zOD9q3LMq+EO9NE;7M1SDQcn*?h`R<e1!YGe<2w8d(MVv_J9G;pyYkVMH-k^fUp;%n
z!SQ&f?M+r5Hc@=H$43AcdobF$GSI`i1u6HsAF+!SAo{L^uu4iZ=%*{{s9UX6*gNkv
zyz}5!x_2IWg0)ScwsWBEjfS?L=-Yk@ZFf-+jQgQ&14G+c`nEE(eV^Li1Z}^4NZ)q2
zzU>HTJC)ithPEFX+NSH<W<cB9sqObiS=$+gwq||XBxrj*wfzsYz0=Tk&t_fQz2jJ0
zvP*CE6tum;&~~xD?FZ0y3$?u)+SZQJw=L1Poepg&zCf$4&~}HR?NEK&zp}QWiL7A~
zG<?s{u#>)FXK0uYKJQ0Z!xBTo1bxFqXxIUGKxlZEq2b;ybq&9L9QeGW%Fw4pu&>=Y
zt^SDU=*q=75^?UAH2|eYlzaMFh2ZKM)KB+OBte-pCRG4LG^{!t2K5^F3*NxpdwV~&
z7<j-+<-u{y*mv6o>;YEV5T3gcm6jLt<fB1|1cL6Ey^kGbHG9USqH$;Xb>IffEk5tK
zn+mVKt}g%U>Az4=kc%Z#Z^i&iK(xPz1+50KgR|Pj`IsF?L?O7e0Y+5yKa$?_kxX&U
zcAx;<gW9*=3anqUBDcm=FY<9^a4<<wgOmEsTgJ7PR_5lohPnn1x=+eZX4u(R&i+@_
zfbqE&jzS8c5jy5{DNk=-jIONdY#%CKhn#?|9(|(|S>d`_!?YC`czFd{Z_W#}5Wu-R
znTZ>U(?2E?#$!>=r>f&wqZq~``jAHp3}x@Ds)SeZ%(CZPfk8~ryp!>^+t?TzR<8wm
zTj44gWRuD^dAdmzhY~Y(K+bk>i%oViUN8-4@e($S?Bn8`bATooA(qcd+1tJQ*Fa(#
z<=U|%`JlV(Pgj|RyzDb#sWXY9V^|iM#Ihv(G04KWHL<K|64D>B^ok^&VW?WUx1CuC
zHiruRLh5Hw*P>!<4D@CQ^eBD}7xLPF(n4Bd7P9~B7P=H;Rjf9Z4yF&!%uw!A2<$&b
z_>;_3y|=|pf-W*Y+qaQWUC8~CpF5O^n^~mB6hN7DCFm5C(sNg^SI(zmWK9n!B|nMr
z<4xp)iA{{r{a{|IcXbm>&1Tq(-kqkPA-p3|ZwTKDo`C5k(*QsFGLu7_-j+It$#I{i
zAPljcn|$Q=!?fxsk11*SJXDxgo%eeD{0i>I{MTtWZ0-QH)Njbrr)fiMstbN(W2>lj
z6Pm&H$(?k4^B4(f1R#Og6v!d_7%a8s_i;e6{wT&-&Vva8f2V#qKSj{)y?+ue=k^5s
za(<N%$wlg`vI2M{E0eEKPoMLr|4D4{@yobuBVMZu8_bYfP`rmc{}_f1&>I$v^nY%t
z4rs}bh5<d%Tz`;4fBCP@SPBhq^{aKAu^(ndpRt~Fi283bo-q$UW7kpj1H8J9GuG|<
zy3d&HOzatJbC_ZE7cODotcDYTm^mZF%mMM=ilHzsQs_21X1t}oLz&)(Q8rMYMCDlL
z?j>o;NNA7~<6a_Z4f;TXY#hwNTFI~B!qPJs+3Qd(h^`DJmL0nQnH3NvehHY=KVev&
z{LrwxvT9E<5V@OD%}DI-y@QE)Rf!bgVUIL@Jy1BKM@~zeUs_~-9gJcB!2=bK%^SB`
zh0qG)(D!SuGo`FH_!avZa)<8KTsNB!P+d384JZc3D{XDyGQ|Y%gtOm<;rqgwZ^NNZ
zAxYC2?M<SlkGJK@ARd6F!ez*-XHk|U?c*Mx@9;-%RUd)EXLw=9wsqYH-Ym&?F%fAn
zTeJSw%Kn9<!s}ne{!cWZz?l>ky@FJJ6%3or#enE7W+I}gnprN;KUT4kDz;I@!AJ!u
z24|k6FA6?8lTsbb1dUzQOo%pXgX*P8oezNa$|FYUp&5j?WHsc#rSy3aSSQau7r0vI
zfrnBa_m0gAP_{gmnyFWF-(dI&z1S;iI({Uq1hkp4iAm0n2#*NL*gG3TifVS)doTW8
z5{&N-R)F$R20ymmb6BnN_=6OxtfNG}L+#nO%SZVt1@CD16Tpq3$+^H)_{d#I@chN)
zpUoX0DLsYnph-HnM+)>ZVc7fk@>9`MeS3fM(UAdZluWS~3ZCX5MiwGF*1aLP&GoV?
z1Fp6S(4)e8goTaj@h;Y5WH_adqmpMfhDCrU4#tk*I{w6Rn!o_|1ZH%br-vVZJGXzV
z1yfxw7AQ9(kFie<df+MBAWC0}QGfC3aP465vFl4jC;NoAHBVIye_t*6)@4De>TRLh
z!Ikgo$nm@ie*Y!%`&z?s{R|AHYi?l&<==+#k0^M~_fYeu%YTiQ(z+Ln!U$uA@kTt6
zW=17R70WPogx{AOUA`5{eV-v5c-pfT6c*HvJ7Y|7@cAHk{bzf$rj)tKk6U7F`YbhF
zt~Dhz?k|sR`Vchr`{o(>ChuS=Fu6#%r8XQcnaqGGxw3B|df~u2{K)tuExCH_IKYWL
zB8!~K3WMX~P=}r4>ZcChaksr@N<lV5kXvH>`gZaL&6V4r!G@RyQkWWuN_%JkX;NeL
z->Cg|<j5Ob@@6KUkQy9Rv_+^m4+HJyo?#E^RNOo-pQKO14!Lq1$&e8_U2MU~v)tM4
zme1$OC-dY(;cb;Z(4&~51Ku)j3HN-x1K<dus01}Gg7+TA47~7pCXxZ`%KdOxFuVY-
z8_Fwq>FU1#dLK6ft{Fa_$2m8vGGqc2wECPiTTObzDkX1*$ZOkUCp~&;T_1q1P1N--
zsoi<k7#*v%`V?NboK{-1o>5+GmEW{Sr1O*0MIz;Zb-o_2zG>P0OfpXlBa853QT=hM
z&hzcGDo@<ZcI)R_L!AFK<??OhA^Ci&E<%-68G8TTFg4iE8+cMFp9kD(xRI3(B$Z$g
zAmm7MIByO6WEESO?aHqh0Cj!Zx_a(MhJlklF0gM6=6LtqCE*oDASvf{>e~T*Bh#M+
zeP==643=CFk7hT6E(T-DtjnlyV%&#YzTlP*Ib{Y(KDxXtRs?TysF#W^;J2qYaB^07
z6B~KbKlq!{wKt`~o6>L=U1%1=bm)j44kX>iXP>V<C&6=4sIuPkuvL=3#?fEW&Vv=s
zgBED`?=Hp?>Q96<-ifeAorqH|c~72vKD;e9-0{NbqrkxQ`IQ8www0}~U;vpva&Oo*
zeZ30n=qhu+2Y|AQ0cG*WU3mB~29)<qgUd(NVPFJngizCJK_eaH-ZYIM*NXACJR)bh
zF5kB|95cSskp#+Dj;SA%)r8D8Wl<(i$gG3dOb5Z~<|{Og%ccbGBQUlqt$6hZS48{Q
z>fqT?A3S%jjSJ5d{|xPQtZx5g1-wMBb!G1!*9wxe%Uc-sQ<M?lOmdoWMwX0n3Qo4f
z#M*d%E$MYdS8+Zsqx*2sTTC~_Gc=xF#RXPK5h|HZN~_hRy3)BLF8>^?g@l}Y*l*E#
zrIfMO<$r1kG8IcH_0D!zMX;eu-sq}On&xF}bjsVEC5Ir{=_W{aS`nS>bkittY_pa3
zb`o6ePeK;b6ca1hGfMP)3+Y6^hAgDrcox!iuJ*qU$ZoSoEQMUI`b?zX8`evo!qnR=
z&$JQp!a^?6(93XX*VeI*u|jhwW<r|^-{eeTYGH21F?XQ%vv-)-41NrCjN)JVN|HZQ
z0TfvdZa3i#QbFHLSN4V{(;10j)TD3zfP&78;ADLb7i2tWg{P8-mIH*L91#+Q&?ixR
zN0j{(m~G`Sm}u&PUEPh|WtXMwn>|*Szm1)4T^Sd11%TQ3)Rsc1iDuW8u@6pn8prmV
z5<!Q!p(IQ2wA1(=^R+Emp+ZJoI-e6bLrjYL3!1>Nv7X`qY9SRWb;97MwA^b6eX_*F
z81xSrW7<^kybJf0D3ReScb%<;FcZ({hjAMXBRCNbQsWRBCe$ANHmu1j?UU%fdt!35
zymCjrQ{ISP?x)cL{$>SCPuPRv()5f?fqr3MO`{1t8B)0OBZg)Q%rhj@w(vp8KQP(V
za}Hckcsm8J#=DumkdaL*Z52#H@nbJ95KGS@^sYwX#@bGU{f(~WD(t(?9Ymnth<~ij
zBZ$xQ&!KP^+oTGGLHq?*#m`M$8Efm#L<^w4^`1^bUi&W))LZL8eP1ryCp&=p#XQsQ
zy!KlMW;d<z+~^EE8XlF?{yV1}@*XC878Sm~Wlzw3wac`_<y%X+cHeN6RGxE`)Fy~C
z!Z19>I*$sTMKB&{Q72v2gzZSA;V%85-)K1WG;#c6EuU&#6LbYulR&Zn#Xjp*Y@trl
zLe(H@*uhsQqa0RZ!`+dUXc@B-*Zk@fSN-ZX?Q*x@;>vD%(sR8t@C2;H_fGj&SP8ZU
z;_lOB)!sHP(^{H+d2;AOK#q-9!ezU%^EOe4gh4<yKlZ$(A((vw3Sa~?b^;)oW8o!G
zuWt~ST9}|1a00Z6Gs}>6wQBl-4&w6sxygAwpF-GrJm5Uni!J9VleV00Q+f1qLecM8
z&Y;CavF6;2IaOcLJoIv&tngo+xeV(P++L%5-<rt#j;ilFikNzJJh(mmyWqC<-y*w}
z8nauSVYl|VO<%j)f9cLPAMo7b4BP{|wa+Q<W4jd>KNI}IouwXr{}C8+uH*t+MKqlN
zQia*1V_|C!!PWwTt*>1bAvTM31X~XegVBDCqrFN$+8=Vue)P11(VlUezIV6Zm6vTk
z<>}yLL?4EG#3`Tg9?}6<dlw@+zI6m#9{_NP1Y8pwB814!6G}IUr9a@kWP_68bcRoM
zC4e@gg27FABOs|h3}j6IiUOHXM|EdI?bvS%-%+vb1~9Pu<TBg~DIqgdu|3Ar*x4t^
zJriORCA<6|(#DSv>e+c<FSPB?^S?uc`Y9sRJS+JLo|U}*?YG|5NpNEz?e<l_iercN
z7WAvSE|)PL*8uL?=rWymwXYbQowC`JmK%_OL|5d>8~KT4ZP&84-c-r78>4E#jxPo?
z&9c|g<$1K-Qc`iQ<h)6o*&DGp=XxGhz$WO*yzI;4ZUC+agZj!Bl#@fzIw+M@cpBbT
z(yM1zZ(~dj6dY{AkXk~o+G#zF@W;lV%Z5Lmu^ta>WcyqZF8@_rRqhUSPRk3}*NaPY
zlGsR&^$Jh<CY0)eKfJBcrkuxjam&G8Vag4Ro~C6GqZp$ur9liw9H=|{;<%2mxavUr
z(?DCX3bFKVhJ9}<nbKS6DwYlc%?v|Pm;#Ei7Hqt)MUB@Pf4~C*O>w|Z9I;FOijDYd
z{1VFw!W81r>XM(L3@5`W&|(Aq>OGrd6<pIRF%JvHOUu8;8gm2Sz0w`%vV4CgYoo-5
zG2U>0eLVHF^`wOv*3l}2mdD`V>A!%)oCERJzEMN_&O|W{QSCA-Sy#Z9Kfgw&kSW_S
zwX0DO*Xu4D<cLctI%6I?!*(M1YHKi1(ASfLt+V7wp{v*C3U6V1z*cmtD((HOY(5XP
zpelGBTr0_Ny8uRvj4j#1IHuKI1-b^XDW1g?CbzRoUZ2<T7nko+*ki-RbZ3Jj@j(=!
zD)ZzT?e(GY{Km$u@l3T$8iojLHmy<c9uzBk-}868fH|Cqi{X+_L8Pmq8n?V9xQCU+
zW|1(=vg|5k=h*PU5RTpoX^7ye_zOv{P|D!N5L7>};}P+xqXHdA#*fxO5_b#hOriZ_
zq8ZJ)YAx)vvI=0vSHq6PPP{+DXr3+wy6w1DoG}(%>)ER-Gd3wBJE(EG{e^S|!Y?r%
z*}(7N-~x9TNpNt{0Z*#;S;Lee-y83-au})ZQWFk~O9fv|;|a}IfQh2`W`#K8FD5~E
z*8)TNS)6exfe+<48_GA=GZ8O647UnwnwUVrciAMC-3q56&|~lVOhE8e;Dv5HkJ_%Q
z^KYxo-xP2D3EUP5=YM^?`SX~qQ4>F*oA|Krj1!0KWJ>pQ2$(o|lUVu$=o)Lx+$Ax3
z?t(fDnET%A)QIAKBoPN;1ZiAFp<W>>&+U(0?KNn3Pz6FkS%Qh~fh=fOsSLe^bqa}(
zn6P)Qp7omDMqMwwNQz#sJ|^9IrC(PEyxg*`E_l%|Tl<(9oKh~IRcGMMiCLv@1>Gur
zY-ba?H4NZ2n*u!&?zBOdR^=1wC?>l=EAT0rz8)}}5mo+UM7^kTBdvND_SVoU)vP<e
zrfi2e_nM3R>|zsegpju|ETow1usn#87#=v4Cm#v^iaBz6e=-ejA$!~#%3z~r9Jf+g
zd^OmSyh7#uu>5CM{vj(5rG`>MEkntn=Aot_r-d3sGWO!NQ+7AfZER0a<C_n?BR>by
zXzoJJ`BDzs#dOFvmnEC+%2jL(AbU1d#a+-nxct5BCDU#cJU<hrllSUsgAF6})j%I!
zWc!Wbp-~uS@Y;v25<0YPDe!=pMeMX*xhoUgp~TV-4Ixg0`7aqen2Z-{PWj|3*stsg
z4};4LnTb3{4>(Gy);LPSSB?9D2|)LGz6(s<#(p*)x0C(s>JXo=bXZPTuVu(!55p(y
z`Tv;M^WO5{rUqcdTV2w#t5cj`DF@y1PwtLq2L(EJ2d<2+Z*f$mcC?LU-wytr&cAK^
zJDGnA{2TAcI&!o6jyzy>N4hP7?<M?uA^)DozhTLI=S{NPp5jfBmcwf>4kgci8M;<l
z4nr{O%6#V&yiIr%(n1t6CZxfYBXp%)16e)6VF4~ET<5+Y7%*o_;c|mM3$V=!I4Oam
zu(M=JQf*haeA0W=6}U4jWq%`yw|yh|s5{0FzmF!`JlRaaY<p++#=u0AybAx43O=zz
zTD0tQ;#>u+UIKP@4n|WlJa(i{K+=_;dt%5&b}E&RTE)xd_hkb@B<buNyE~p{3}A{l
zqo^UF!7P`l5-2ofQVgQ4WMp_v;tg+zNuF;U-f3}eb3Q!PZzIsp%GJl1(ekKrg??=A
z>~lDbvTC;Uq)7!>rBTADbZHZ-C@)}3LTzi`%M`S9mRg2X2s93jl&`)ZoMxqLhqG}a
zaCw;7NDw$aGHPe<HiL`NL&-?qCW2*ZReuN49sgo{8XZ&;fW0YLj2JeMJB+9PgarUN
zVbaIk4%p9em+5$(JfV=mxl?SB)5U?G>G)~G&t&`*Tva(;cp^|*Z44-h2?Ufv$XP4r
zbg|^gQ@SKG=1scsBP_51BiEV!PJ@qhU~jvanwp%m*cUr_;`0^4Ci`W}Ml5i$mza?z
zsJURku<oWr+Dx3wkaV`0hPklKbOKir=*-?fCTo<ls$T-b@^BNLW3j<Uve?3G0q)-I
zAE_W>dD%qHDsi{$+C|1KvlzGRs!dl2!Fjasy=dXz;tS7umVq+!g?9$ZK-i13`0uk;
z;84nzek2=dU$I4LXXt|ck<+;dKS$zcK7KmzGaWx|_?gT;&7B8Um3E#ds0?<@zHDPK
zG*HgzY#A(1=?wd_u-ivipzaI&odzGQ>!t3_rjkvjzO&#PHfF7`qvX(K%XTdBT~6?h
zbXGluw`aIPv-t)wiTQb)9c@csQkphVh6N7e8fLa|$>WDftGO&-ljO`6jQ+Q<;K1da
z7I5}j*qoIOOu_E>#87+E8t~7_s8%LjO=&d5<Rtl>OhIhnuvR+Ka<x<%R|9y+$alO#
z8H@@D8#x306WH1tPCi@vcliq%s4uvZy<k9~%|-qad%Tw{GSN#IYdP7X-Bg@NRv8*H
za5CiQvhb_8u(FXiOXJt$Vp$Pq>WoKwJfLrRgeBIN3k=g4csZ+b0rf*l4A@R31CCa%
zm93kZ9H)T58f~ZdFGSnvS<A@l$+1Et)@LPbnzFecc|G;JPh@L!A(YJ+n~I^p*c3z<
zoBO4Lnov7d^X^cTSsI%3Mq`P%yl`px`O-{5*?)`P^!DC`{I&2#ICRS0{Ea*B6{GBo
zI$TuEh-$84teO>m7SynQAB28O4gEG)sNR}lr%C<Pdz&X&w~>4zu)&p%jzZ8$`8AK+
zQFk!>FYc&282*QM)DaBdID;R~Q^0#f6Ww7F+t1^B$I$b$49}OwJg=suY^YRU88<EE
zfy?R=eFF`)#WdJ+S-rmf1R89*tk15Zt;UuZ6RtpwZsZf;(aB`t+}ML0X7Gtl3}2pR
z9Hx8B)p%n!zos32&&F?lsdm6loaKZ_p+)(E6@q6eE5DDG$Mt_3N@g1Vc5p3XflH2S
zFo(hcP$ukTT&XhjatlyvkV8HbUEVrNCe!MD$QesZbRNWXKI*+C8{hD)+6{$8nf8kb
z$G7`jyEyzQ<gY?^)xVj@7$(ra2z|pUm3P>}NCg%|GwuS186*tT+Kg~cb_F`}fFrBB
zK(e^y3dvNFo4t{hZiSpY?t=WLdGbb=sXRA(yIahuau*C^{QY(pwEET!tqP=+Jo#If
zX{|H+OIEPkT~KUwF>c(nE+_juD>&dT7}<u+TQXJVW*=o8pK})!+92wIsVX=77uJHE
z6Um+@|Kc*OcV>UZ3XZzix|ude1%+wZLH3)8KtHqbvSyvLzoG$uB|-hL^z6M7*6(HG
z?l~+I#_eNEl_donS?ouZOKyNRxh}b%1%iM>ptC%=pEXY&#Kv$Z6JPF4XUIJ(PoC<?
zlSfI61n0ZtJBPXCF(X~_ph8ctSbq-b6~sxu{)do*6+JotLx^CZpLH9L|9UsNZC*`{
ztF*={0=ohlH{p%TSmQYNZ!UQ&Dx=QeeE^p>RwTDX7VDqDXUgl4Qvi(5*aQdT7aZyA
zzk~hHXa7gC|3zX8^c-VfWJZU6V*)X16nA*(ttPtr9!-gEniH=J4%-*gtz1o^lsC4<
z8aS8D#EuwMsVc8|`XfPHDlB3g`BV6&@{_Ct+_~NI6IN)@4SxDcs1isx`-RM|jMhTp
z(xk-YXn5z5{7EO5Nl@`3wXW%ctzqn=s`{EtCP|G6p%-h{4Fc@nDuVq}l=qG|6@o?K
zx($1zR@|_MA&gS?PUWHA<PuTL%GQ8Il=4%bRJ2%$cpWpqBBryS1wO3s!Fa@eS@4I$
zRn-r<O;#`r3P!SmB3@9;3Z8-`fbZE@_S8cDa}ochR0zF~_ej7@2uB>v*msWuOVRz}
zAp252W@8NQu2mg1HbdEcy(t>TvR^g)z!6hJ&;|ZQDnPTzM|TY~eIdVq_vZx@in32n
z%Y<t+9+SGq!!IGkwps#g<PS!Idru#N*Kh7Zg3GAe%#Rp#d#Agex~08@Pii#tdj8Nt
z_K=!C%|_BX*$3U+3-B5f%3Cw(&*COAgFzuc`Q)yMlOa`(!vbNPQ(gY?7QC^=>~6~4
z(13F_$x0hbEQ~@<bR)0gy_SH-MwSQ+Zv1Y58(Rc!fMFPqh1W$2?FJpmdjvj>uCNNB
zR}D4)q`{nM$!eb0$V<sJL|&|?VSDuUeY8K<^Zf~=jITIsu5XJfU%)LI_hFnZTHc#h
z`^G!fE&A~Twnd3I>bI!u1>+X^_(PZfDjMxY;*Ia&U2r7p8{hRbz8xRL8K0HE>e;`l
z<I92Z6=dkg_tOI7_<ra`4~?jAe0FX9mIhL`*FCyf3vhIq@kTd^zv#?Rb#(76W~1AX
zt{+|hsL|!}ht>>@@sC&8gXzD})gV_<=~)G&|Cwi72wYi%xcUz(Uzj)#A0y!-A3hxL
zfpWf$GPR&XFqt*cOTgM9jcgx2JqOs2a>{Vs|G4u;4&`>CB@b@^Gf@?3z@sd$)bS|$
zejpyD`w0N@`1|t=dKcHZKgxXEpZWiavp?V7LQ6gL4t0MTux842-SqqO?tJ6^yv-kK
zcSrpF;p#mkOQ76?9RhU(rPlg{r!>)0{FYUFa#?p7V1B1Gd5$hxx=S7RfFjv*16*a;
zK!O4rt5+tHja9K`V^swDm!e><iIV9;iZ$h?y=bpubNN@{w&uwUQ>`x%bkb1p+Woa*
z{s5%jRmL4OF?yMtu_^q8??NMSCWfpD^cWa`+uf7}lIe8#Fx>=7$-ww!xq8mF)4eWS
zV#CegFt>c(E!P<B!xYmvN6C~X;jWTg;XSEY3aT^8A+tQN2rS`q8>Y=IALf=H8f{pD
z^TpJxP-`|4nvD#xMXWH6taKDoVg1{()VHnWZ<Dlc9MFvetkno=DIqb$Qy8@~9L^|@
zUcz-4RY3nj?{h(j5nGqNW^s=ERi3;-0^RaXZk2)lFboVN0E64uiwO+O&kz`-Lq0qJ
zgAOoEhq?w2PBN)(F?{faF!;jIBp1X(qcB|yzlR;QfJy?GDzZHoSCp|MyvcXI;e@Nf
zj?oXh+jNd(Iu$;Iy9)tO{K@FBqkp4rn_T?eBei!AgLe<3h2tU#<Dg;Tx_pgRf5iry
ztf>}9=`peNTF^;U<_e7fVoP_`Vs0i0g65VwQN1wSZW|cr+zSo1H2?fS(}t4oyoq9k
zOMziwRM9f>>;2IcFt<afaRoBlN#QN7>~k*hwsSb9!=RgF9J-R5u}OIdlN=0X4YPNP
zGsfV{_Mp2!(@r#BP;D?w<?ZMWH0$wvW<=D&Zh{{Rf}q9U5lgSaYm}U}f?QE@=s-!u
z+a>3Jn($Mv`#gutmA%eR*rzR28e9hQ<;%h=N<0tT7FEA|_?ne$oU1_?P(D3e8?I#1
zvfJ*EC9_*Dw7@b}3XS1%Q~CzhZi?NZEnpcWU}i&~G#`f!Af@ieWVR#0hoKtW*)UHO
zgKT(RNW}O&<ro|fa^5(_rI}{=bjjfZC2QX<x$x73!+4>v-%(Oo$^JS!VTWO2&rJLs
z6AK<ek-T@s11Lx@d;kRL^K4v+_gxM6ot=^_iSFwF0@<0Elu;gPq1n%|@k!a0o{>4?
z(v*Z;`D<s%4+oqj>)v*jTx8>OmRw-tbC#^FWPkDTrKxA;RB_$rsS@0GuXW4dI-?YC
zL!iw9@0_gX0QE;IT@1yrs$k|0w&m>{27F(R6nV2slrOIV<&<)vJBH?{!dSf&nNCns
zKhERSlSC4Br0{klkhJaDOcljVf%W`^C)XTmAE~_mF{#M2D6C39i%O^1dC7-PhM9P8
zj;pD+9s%l2;`oit9`Pz|42CE=ktd&5PM$a6MFV@`M2)lU!K4YDe8qmvA`yeeen9!6
zO)BJuDmP+AUvJq-7lL&pty%;u?afR`RIapuL|7AAfF}HGzRJ5-5Mw*G4f%NAe6*eF
z_C1^z*^jnEd;0u5xx%FyQ~DpbJz{#Kv2wK5gw7ws*3Far{U9e#B4p|rWOB+Ioh1j$
zoh3C6Z=;e!eM&Z!%wnbd&aY%@LK8~kDESB3B)`j6GVu;Z-h8aYSL{geJ}LQcOQR?}
zR=58N1^hB_0~{9Efhx0|M6yd{-OW8CgWmymu#|4{G%h)BV$kmC5bCC07{bqMsX0ST
z-~WJ3shPJiL&&z0;yVPdxzd@?SbyI*N@ssPOp;Hr!_o%8x(xw1JKEfHvtX^nL?FqZ
zDuI;KahFt4o5)ZjJ455IXHc}3E{_9A_K7-ce4EZ1zl-Fb9tn1o%$uJr*0~qhjP3=_
z<q#1~x$!G9{Wtm_(fNk)rbuwd<R5Q!R9Bj$0(Mr1?rJEBIol+Eg8Cvv!|V+y{M;tJ
zI<anN1ODEXoB8P_{OtQhQrCyAN;<4cmbOxk-!X<j(sKUNG>r_};H5U*OLOU^(mJy5
z<?K1RD#(}J<f{_Ss8&YrPvFEvsc0PzPrr;Qns2P`n{4)UE^*t_%xYpy#L4J6-xw)f
ztKegugw=o`lw~a&M{Z)Q%AyX<$Y&UgoL+_>z}89ryA+BZ5SXC2dfugY+hPhPc=dv=
zV6Y|5U+0=$i`lHN3gu+%Q-3rI-TbkM|L}H>F#*UR>2ut{1Oa_eiG5cUCeQYUV}GsF
z-@hgxg`M)?nvjhZPsZYo5z#koIbs8+Skb?xtbE!_sOW{0-Pp{8+@}rV?;H|;PbRXO
z8QgCceQ`7?!7Ez1ch9~9WObeRLp!}k&U#+_%VAWx))8;4E`8_HJN|!t=l`6(bJ$Fj
z#}Z$QtM8P$kZ`p&7xkT;sPXPs<LW!F=8d1vjn#Kf|D`xVJ%eCfA@5dJp8}X+hu9_0
z1eyy0o@`>-CrFuBmm_{UdI@qc`X(w&eE5)Lps|m15|qQ2TcZ;1xv0j09+gnNj#az-
zbD>vgmDNlTs{TLb-UYsiDtjECv?&AxCMZZ$grHH&LrtY>BE?N0g&9n-DrnbdT@dT4
zON9igmbPpfWgG+S`dHW1UDwrJ_WRvk*;fTcY<RRql$VM;<SCB{k++ueYX0Y(duK99
zi@M+6_xJz*{p^;>%$+;u-h1x3=Y9N6IuDpjy@`Ng#n7GXY!1$_5C`C-Og!~QF=$5)
z`Eu$PwRlpeD0~4!e6`P;Q>o;|eswNV3Po}zd&w$|sM$wF-(?JPDlLNzPXYJH>v@nt
zkir*=4S65F$x`XPaTSu8z6;<de_gEvD*Kv?@+M*azI*b>odADZ!WSST;zoDiSglh#
z2HZljtmEJ?qaq*N+AtfOJ!^0_eQ>ty!F9*MwKXAo4!|Pjxu-OvIUiTb9_}GGH>2Jb
zbInbpL|gTbT_LbIh)L=~fq6H)KoCuuUWK;s8TdTbV^uI#)FP`56viEG4R@8Ao3JNT
z308fbOFBMx37*`G-k|Yd-%q)yZwK`KFTL-7vA(OZ?|OXx$SR6)wX`tSNtsRWs|xXS
z%4{9YEaA&hyZPvifXzMaN+A(x4|3-En(k`GdPsj`%7GnBk^cBqq)3+|d(YsxfD?#5
zBV&+3;-#c<1T&8JBOd`a?<QsXg)U}TbqAFytQKU?3Cl+3cGkJnyqwu-M?3V?m*&1N
z&hFd0BlP3M=F8DP{cnrRz&2jlDX_mjKNHwh$Ibz4^m6Xgf+>ao;#tHhE5&d^7Xy>!
z!8ACS8+IxkrRcr7eKwPl?+XrYBPn?TKce;C^In_IP*BK1!8Qv=L3UA#<zuTcJq6}v
z#Fg}+B=EBpu+738rYaj6Eq?QHJC(He)i;K&4dT?wq!eMej~=&V%#O5Mr$1ecj#}%e
z<AjAw+|g`G5bJsMvm6&BCBZS_i<PNV!B#BcN*ghfvV=vPQQUi4_m*5Cc^;O~4d-e1
zJ;}mAX0Je6XC|}CQ8*}J9jx6kDPTcria53Jz^4k)wf)ko=-<PuK;8<7@AkL}gV%P!
zRq&=9yi80HL%XMl<$I2am3uy$!v1XiYKr*T3V3n=o*aZHdo!MVEMc7|@5%7r;71EQ
zi64TC_!L>JStfbc&;U_~(c`*IeHn=3bsls$i<ekFBH^wjoRlM{9-4Mh!B&`^k<Xy)
zLP;&-uo#K`bm}KKYyI0pn0J{H+$?8?l;w7$KaC`xQ!d1MN(+E4EfkcFG;X5Puavsc
zwGb#w7xJn3co6RDxlG%;UU`|R5@%F;j}heJyw3+A^1j6+HA{=E_$0a6myi7gWACzn
z_-Bdd19ZF?)_o)jO)L>@MVGN8vn&)v@`f!%5Z^F^xPXJWh=VA_qO8s`ihybi+bSPL
zcIURnt>TM~>c1&GqIhF;gE)7xh2rCyn=np7UZMv{1Y=C|M+J9H^IbA1j)5aRM8Jb}
z=3tf36&N^@3|c-34q6%T4qFfkn8LFN<HOsg%!gNcYF7*u@U_hp<MJN%YFUplh#2RR
zd_60^5Z&EU%T3?|;K*uwKNVwC)fafF$nLfU7D+6g;Hn6y!(NrR+ER233@TdCazs9{
z2V;tO?xY~E3eAG9y2{E)IiBcIQn22yZ1C6Z#(2yPh{wya<1sf-@un<)=M=_G?p^R@
zO5$lO0?M%2eA3xWCyIa<#gwObD0#%W_h72n*y9d3g^H05J?1J)-X#Isgb_0T>?;U$
zvkKs9Lk^-hBNjx1L7bDuD@8jcH5b#d`o)GOKT*zr7&uZAO$Ef_BYJvN?+P&{Q2MN5
zf%2p7>?(_al|TiN5Hu3x?b`TRJ5sI7Ea4~XH;B;~!TuI=_EU=;rq|LbRne8R5((iP
zj$c(kB*#9+h$NwL47G}!fD(md7f2y7A~(S$o;yAS(s=27iRayr;ybOf+K+vr&;lH>
z#g+v-%g1ZvcD;QQJAH7!1V_N+g>OyF=pzW(`89@0>MREp4*WHhh0E&G=<odP?dY*g
zU5WL>`p~<iO?(_PM9jj)scdIn;l7}{fG`M;Dz(@nIvlbZh8OPFq~>M{6;!rp_Aj@j
zFdBGqI`U|j6j|w^@HX<@Y#%`RX&GMBe~5faq_&VDJx1!3iP0STq{<?@E;8bo+B!zg
zweiR~HA2P2)qgSz4-aKp%R`y`$~u4DPQ>v>#PP;#9B-5coq%QQ;WcmYkBXzKLYH9-
z6G$GX<Uz;AdyCeI^;59u49H_siU)mEtgH`j$KBoiGPb){!8>B~S@aCFG-EsyMj9u7
zUpMPIfz{kW>NN$a7kUHJ#X|k!4gF%ieo?1iRO%Py`h`!waO)RN{lcza2>QhlfnU%;
zo?(J2r4tsD*e@}7jZ2Spf-)o0SQAuEYMZyS5Ex4AWUO35K7&{@90vP_d1L9^E$wRM
zFMQAF`-uT~?%fy5d-M^*fTMFGu;F0E=x_EeJNQ0jqfabB?=LusN|9K3a<(E$9icH6
z#S_1yhtG48nZ~i5(tBwf+ifDC61PEhK(2Gg$#sTR80{7sl#Yx$I!5g=r^Nel$ZZae
z+kr^+?|}@d;_!+XeFyi1DM;>3beoL+1?wQa2#-K++7B{J;>P2t6sGJI>l1hYE{krc
z8O;f4m4vG*!Dk|;EMnB>KvLUS&<eybG-zC;s96a2p%sYRj1>@aE45TpGN+&wDN&@!
zsy(opNJcZKG>lEoM@nDw6c${0pXIe~O*##Io4={6Ag7w;R1=bE;5Tftw`o?;pzrYQ
zBSLsH!#SX(j+F6zcz&mbNV%xUC3Mz62<BF4$=4<I->6&lwKic=;D7U^!25D>{UvQ^
ze}UA$z~qi91%?uvE`Vb-9y*`3jkebIE-pBjxD<{br3v1Pw$>b$Vz0l##v;Y8?mDZG
z5|v*B{GVU_6$N18cs9u1jbdyov9CMZsB(4j@-eDwVR3X%)eS^910%|vvxcHt3E1AT
zrShat{Hc`z#WjcX$dqS1^b@j1B;Axx60ShF%oY+Evwe~=yt0zezIqRL>a)gh#OQ-?
z>MF~CZAb(6Jcj-yykzRE#cHylzL>}#w-L`vAV$w(hw4~qoQfwcYWvi=nbcRZv~`Ss
zZ)5TA5)11Ns?RV5-bN{Y2sn&Y$YIC@N6)=MbjGTid52(@1{ObjENEF19MmLvi;jef
z{IO}sSZ(wx$2y50?m4GFY!>m0qZrus4?Oc2cST#}74k5C4enB?F3|+7*($P$W)>qB
zMb!8Ay)iNM^E5kJ;KLjtv6tJu+(f+s%1;aF<bo4t5$9Y7NU`^kLS!<qe>y!z(2iL#
zt0HkOV*O<lSn%&ROnAB=6Hg--vF!669a+nabl8Zjz1a(ZtoDMf6o9JZ>Jj9rVk09U
zqZDj~otHU3>PrjE=sIh98dZT;9;I3rMjNXx9#QO^)t5&j$Ys)`Pk{lo{vw$_Wqv0j
z7)C^K$qTI@cQ3+8N`o4HJ`)M6V>BY=ZjT!FDAS6Vrb5}F4cdk;Qk;grJTl88)I1=?
z?sNN>GAaUee9sgkKfasi$9HqeA(aO$Cjpd#4Jgk@+8zgv5_v(7JiD2;Xru`<=2w5f
z#|2+i!==g-=u50Uv?cxRipZ=|p{5+ZEoFS0>BG<U{ff-*2Zre1F9k|irhmNA^zn%m
z%54Ema)tubKIFG15$?oycd?vOUSJ~B^h#8e9LA@>;3)pe$gB#X=0O0iJPSCT-#Z6<
zl?*-x-HhvW=qdm@pAOwJ6LkMZ^i`g)lK)y^nr2o-KENkJO$ESEWrpFq=ch`aAC^EQ
z2w#%4rBgT@(K=e8^hCYO_Zfhq=W5@qt^EpDiNYaKC9Azth%bGB8#HHHPyLDJxj_&X
zTKsh%P{u7Wdc-COW`&Ap2kKsCRhEpHRTa7#b3pABbbB-_()Aum$ECnf0ZbmE&A|~>
zRpDJ6DsqFUcVXJ~$Wui^&7Hwm*zI4!=HehSQ0qvnM0}kFn0ZK6yU?^a@w94^l+R)F
z;8FJ1pIFcY4hvC)ao+Oml_Vg0m&5R?mq(tm3gX<yxpTh{%N&zP%f3`_5RW5e0!U9+
zn${nF(_R~81zx+1di6Gmv8yc1Bm(lVg@b}Qj3xE%D!4t=)9TN+hMFYx$x6%$(v{~$
z1bGP^Zz#XKkunk44z<*#`3k!Wtv<Vjz8QKBU>s_bEJ=K(D>8|zi{;%g*~GNzl9QQf
zqiKiJjNA`B|A0ekI0oP1iuxlpAbQMQa|(4jK-jwXun5MQ&F59oL%nsKFh9q_`La3&
zGxKbsqf&Fd3#gM?PCd$##<*dMtCuI9JjKa9<+e#^_b<*7l1-B()p`X@W~^>!JJWcV
zP8J)iSKzNX0ay9tCU#A1teb0}s$G?Y)tJtyDyR}lt6^tzfJ)v7%~n@;S|AEv*n){f
zYIj+L$SlC0QecGAgbu@vD``Xdpm`YZr#*XH*%8m(lPr7}7tyxibPjgUs>m#O6-3nv
zac&P2`bgw$g4*By+#eO+hcQ$@Cq5FIw-Jo@Rg^sXP1(3ukKweqlA6Q$arpeQpqf8U
z4Gg!Bhd)lWl13=75eocF1>WQU+v3T4a)eQl>fu(Q<^|cZ9qUZVk(G`Q2!pr6Xfw|z
zShYea)&s=Ji2|nCj!hVXTL$*a`LMqocA#Gl2WEaa*LUfoSKgmPT;`-MII*w~U=K7`
z{~^(f6cJW|%dl{|)`X>4nL)<(bbtp$kt&!5r=(s0;Ean+xDHp~Qvhe28gk+kI6dl&
zY*2{MA|NBn2@sfF81)KH-I}Za9GMjWobGK}nsQ@l24&X2G1ezwUY|-T3%0Mz4_G3{
z_bpMyB(_9w;?8GF<jGzl^ZK-X-}-pIcYR)d$h1DCnd^fSQYtnCUFCCZxLMqW)wq%q
zUZf*5Yus-#@-%EA53xPfv~e=lZ#wLsR;0DR(6`IzB6)U`zE!qIo<<_O8h-khN(>9+
z=9Nh5k{1Gfp%-BBn#ySU|3GKg(*%Hfc9k;$f>w3GEo$J#BdtE5pjYB$qd@|RGH`8p
zFxK<iX9@+)`%Wq~T5Ndi#`kVfi*EFz-UPJ+>O`A%=$h_=ukLI&@ufKY(?fh|S^au3
zif-?>sKFbLNV88aaKFRd@*-7^95H$?Ts6<eSwI?7C+Axea*COM+{ScO(hS|hus&94
zKB-{B3J!Lduk7=R9aiN?#VNm8=3%uG=*`nsCeqhTfTOU=sAyD-ooDW+>A(r>)BE@6
z{WB^(cblF;%}NE1aLYjVAJJCTk8H6X#gSm_Ep`NC=U+h2!-5Uk3;FEu#y7$V8Fq~9
z-67WhmGK!Z!PxW`nFrW4uhg^CR^oXgv9ONoPWDA?=kdCS!+`Q*Jo=AIaFdjHPlVSd
zOQq<+jD)oK`<w}B-^0{~5AW$GBo}5Tq{aKU;{CU2u(EPr71w<Jiz&^ct)ZSe7o)Ab
zDb3Po`Cnj=LIcHvp;>Yp{Tr$v9{ML8c<8M4Aoi^CoQKR-f0~ibJY-g+zZrVCU@O`=
zQ8W-jm!qEK4eI=PQpsnfquq3(FIh#`5qnlYVISfv^QXo)Hg$aCkMKrf*gmF<LR&2_
z$W?#5D{+8`{5jLQvwNf99$wKN5TlcM7LQ6i4`EJOe9P=MWN*a!DABZ8M$tM$C54%Y
z(~f4Ol~Py{y9^P?Xu<MVv+{N(weM8+E?m4wO@P~(;KG7ZL6@DYtF~)b0Rg5hIxZNS
z<u)Bg2j{c>2>YcgUmDmi&A4B1=V}8cBT3^s5*KF$Tbz~E&5@^lLd{s{Ps;AE;@tgh
zuh9ErGJ(GTkd>oo#nDy}R_0QSCUO5rbd1f8`w1pBd0E!^HK_$UJC9W?`&f*v<m=3G
zjLKE|(Hgo5@$UFIb;40k(0d@X0*y;d0a0Uz)Ap!MQeHF+khn<WRO?Ym_1XUKuaZ{(
zU=A5wX%>9ege%2#hWI=3WPq~rc*MDX#W?v`aXEftlZ7e23Nq*uZ0DU8CV}g7Fv$-`
zdlT(;G4?3-p#Hd$b^`GSj9ov1=XxCZafSDQr$2IF1};A*Fc)^5tl<Vmqk@M`R$#d8
z|E1Zw6WE?n@I4P=OE;J*%z^<tg$L_Ez_A0Hti{6W1(ql8%B0`Jkt6}5I-25^OR4y%
zigr9@v;$Xw`2~!o<Vj_4kuOF3Hn$(unTWY9lJ^ra_7a&oO4?+#ALCLEpeFeXDON~D
zQ6<YEDZbAN(m;U^9kpQkLUHt2L%+QeR!lHZ000CFfTMZPPSeJWi9U_F`4IzRu4Bku
z@2LTUQjUE{+0@i|_)n&0xr6m$C$nD2>bpn>OVnq{Dx~M(<NC9>vd&eDmWxgd7oBU+
z$TT?wHE7F&mX_e4M)c^4f0Y;Xx&~kZ$<e4t+vHc4hqvnaBYR5SNPiZOHin&M%j9oK
z9|?G#9G8|im5rJW_67`+=(n;=ito+~Dz4t#I2-6~!_a&OV;*U6)CY={hyzl5XC5$=
zzzD{X-RokPM%>%Qf!eroF?xtHD+9XGM)1nYHhJ(_Y0*xjM(#?nUbNy~IBS&_VZCMi
zFDSmF$&s@bN=b(0a*Oh%#r#>0>|Gla$DRyYw4gZZBt~6aA>j@obZkR29Gp5nt-dR(
z&ZDwN$y}gs<6_pw2}dm&wkuHzt;pL+vJ$i+uDD9^%1%-?UO8|N6C%J5C*Cf@tNapW
zFFJwv@n4Ge$jm>7|CeARO)Yi8y46mkza@73Ta2NOZrDg5zitYD$`}>p2rw#mOJx%k
zR0ai=N3e2lErN-trTFc9(qUTlnNPHwNu~UCOI%z{;%(!6W1^r9k4)6MXhlE5^k=#z
z<-#_01e=c6Jh+v34gO#<-`Trh-_-_Vx7o>>kSr*P-QBhTYX)vBQ7?i2`E#dhsitv}
z>Smh|a;2K&NMjD-R*5$**4OS&rO5UWYSG(-zl67yPcu76HY2y_rW&9Jv~f3Pa6i#5
zC(uEk;-{{^rktGLw#+CrxFzy`W3fvEx@=A*mQ%g~3|uOKR@!5ydYJ;34n2^5k%cZD
z$b)z0k&1uh{tM0#h7ZqHUvQ2Pf9Um<2MDS_=TObTFI;Uv^==rT+IZ3oRapn9Cg3|K
zh3o_XqqedzeB5-}vCaL2gnMgt*zIa_n>E;GG2OZT*!=|MZ^NBJx!Vd~q;v)ZWp9Mi
zodM-P?$3tuZ}3j?PRxJLx*pwm*Uw_JYgxaGL(uQ0Hgmsscj)&{E2eAU%<$^|==M1B
zo8dzRZF?a;7-@f6612-LEQUC^DV5T?T*Tw6M=m*ynyDtOPaa0}j@<SXMf7fmf3#ij
z2I`A^L2^L4V3Qu(+lWsi78cvP_1%F&vNq{U-j{qbIWrl?0K6OLZAm2`O+J!*IMD@(
zM|tx8<h_a00A6xp^1|eBBc0aZ<W<QlD4o_w=o)_BkSt7ImvkquNe)X6N#-Z7OuCYn
zC7sL>*DM(8!yUF7i4#86+3&E^;H|@VU_11I(p(!@7~n7f_j}lL@7E^wJoG`b7w?_@
z{_FR!>Zg-^1>>uKThG4Q(7+Qo@cS?G`@d}%nB}ja$0OTirImTb{Z|T)mF1LYkR^WC
zo=x`CW004u?k9Bcu<psCiS0%-@ksl3CRba>vSh5=2;$d@OnA)kl0%Gm)_+rV(cNv|
z6?6NKdkD$zpVmp#<XaZzc01r=J!*2@6M*Q4zcnNJ6Zd3BO-|)6B`y-rQ7_#_)PE&Q
z5H2alSuq1ldMvABsYq4Qt`}e?Hp=9Ar$#n$R)#}>M#Z@!C_)|%H<dlzb%v@1KdGga
zyl|qRUv~u_M%4w4$-bHLCAy?Fhn@<E4OUCB68G2b+TpK@zwO5muigH-Hi|cDY=SEu
zZ&a?wL(LAD0t_h%$wwMvpW$xk;4xWUUrVKu{erQcAKlM<0rdxKUT0<<81QU%5To~X
zjl*9z#Zo6Xk8u)+szp+(fQ@XfqEL1ae6%apTF9Q)Piz>4*;mI~8h7Tns_S+|Y;pgb
z@s?n0w1YB3q4vos)Z8wsXie`*h6D5X7g#U}zZf_osW+%IB*}X$e5HiuOTThwjx@Xd
zEMWJ{K5)lE4A7*fos##Iq#UbmQePm~SLIF+kcwI6s=gwkT8wfAZ14c`y~L0&OhzJ?
z$T;e<pu&~x=w~;^7onQ0EFQ4tXDoqh9*aH#f?`(HVEh=XDo2?q(siYY;dRUEcwf-6
zizb+IoNC&AMO31jy)~(h+1XZjn5?(5`tL0B9Y{7#zZ!P>l^Is7ko54yv=kmcx(Wo9
zgGfpc;F=%5-_hQNt{`ORXXXkw`sS<SJweM!9T3#5q2WrK8l(ig=@Qvx%)wwq^&&M~
z>Q@@*a7Nxi3oS*bl`*Ag>ywmZ4IE34N||#}$B<*Rl%9u`Y!*sQvq0{X+QeQ07o1C(
zo|lb34$?M!c8>AcZH@HVvdGgFfHd&U@(%Mqy1c{p$~t_nxJdtA1$-|*{k?zI5z;g~
zZ+!BUgC@H?Lgj&lnup-49TartdInV;zF%(oe%gHJ)>7j*6qG^4Jn%&-Ig$I7mzk7L
zW<?7jacK|4yfxA!r4w&aao+ts5ZrAHcPk?A)0tK?L5{t?AdMPkeKdJ`GLXA+n<Ic+
zVZsk>=15XR$djVXX^l#!SFd17Ql-BOD97Uy3kCn80W>rgY(%ci#}*@{*BU;y2!567
zkx@|2JiLmu<;=Pn0|<3m2;F#Y8Y=M5>dwgHeho|BJVv6^t(js0@xR1ScnX`s1B+G1
z&IWBDLrTd{n!BI!T+3zd4(e3%dS%v&$FWNt&}HLErdMU#)aTI^MSQj1qX+6MEwp66
zeNo39WxMwL&4fLb(XHa#cLjmdhrC9ee1I&Oi%_NE2_mgvI*WX+vv5*x>^R?g0(G}^
zXso1J-lr}43XgNNyJ`oQv*Wzne4JkZlUzAY83t&+63dH)Uj_CsGP1(<orn5Ilx9ym
zy#@~TrRHVAv~cJ~Y$Li9REF`h1m!cW`a_Upm@)))7nfSFcHG;DViZXH0gj;{mAu**
z@1z#$hK$c}QHp();TZzc?OiLzw$iZ!Qd18Xx>>{~oJ38;XA&BPTA;<OPw@yXlhlh9
zd>exfW#!vsZ{0ozLr$&qYBewO9>&Ec3{FuG>P_k${YTv8sM)IC)qlhtj+#%Um_G$g
zuuP()-bRCkRcJ#OE<ko0KdbM>u-LrFo!qgXba`~_GF1@s>K9C2{SIF9<Bb=Yb;ilm
z9tkR(lg_|HG3~n458r4GxT<Ifv1lXh)EL8>)j*WHlFLb8Q^}+c5b4Ox^jFv@zCRbu
z5|dr!$*Y+C6Ily#j-4oEc*ioU(c#dfpgL?Qsr?UWHMcQ;-c|J*!aMXgQ2FbF5y$z6
zN$(Zo_9IOnv6eAn3LZob;x8`%Yw@B#QiDb!DNjge)IXBx*NQrvBX~jV#_Tv#-{59I
zZ`V(yc(N<m>d&dcnS!(CW+}mARpr6h8;sx`OkR?qPhBZb8e>JxM{Kbbk2_YuN`7=@
znVdU@%su&jm4b{Bfxot}J}xxuy{IFTQAf6(+`z_{jf?dmrC88%K#CQvmz00Gh#+A$
z5_N{vTe!Y<)rin~>#XIRcbtP`Lv@xqpTdFEg{)9Cc|l4AI}9gUE4n)Z>7OEoT6CA#
z(AB7nilaBnpd+%fOpfo)8}BVVKlGFzuy;yeP>WxQqcY0y=gM2uIt2AmjnT$%PqQ!W
ztIVSl;4ISuWjO>ffH#+b(iKsKohhR5U#gI+zD$kdJE0})QIR%SD1lq_gj$_ri!y0h
zluo9aXXDjC{5?<{4TnoF1sX_^>KwZez7XV}9CD0M#O6SbgIvheUc8{3&!9c%|4_$i
zr_bPPB`k(Kfnn!PGj?v$v2#;r`_cXjq*b)k30FIhr&lSk9G8AQU;3HZ_MR+=bmkg>
z7%-6mvCa%ciw;CfXF#a)35fZbxHXaCRt1`-^VQp}qr80*wL3<Qn2@l}+VsDIMpvE#
zjizUy5yo5ORejSr{`}sAKh`_{5Anw!&kTFM`46y1j8364d7WWU;+D*OD17}YNI70E
zqAx@kSeBpZe)p&md*v@%QmCWMq)*EvcIqC|%FfqPz>1+Bka88(|LHU%?3swcnR5Lw
z*SazW+?Ihc&)>l?rqPTsi*$@xlz}lwPw$<ZN+oVQZ6Gcp>KRg}0o^P2FUi*rS;XA_
zQ|8n8IvLJH;Br$dOO&%R9;zQ%Fp+l;PPP(Qe_hTUUxxG+h~He=0jtEhSh|QD7?PJ6
z`UUosd@|xpI%pPSf28wi44jL79B5=>^bb*Ynsr2>qh_5Na9Bs=)U=rS2s$Iab9Mkx
zK(4>idmVT9`rFx5Ei_Nn0)46$bhf#!iNS24JwNR~&8Dp+Hp>E2qa-o^gd66hx=#X2
zXU?a2TJGH>&Rs?(5F+n`vd1)PMB$*C&qk@iLDmu7YgYe|QJsr!4dn>%hIv%4=%ae2
zvr&~jpQc+uD!y0ksuV((GR6<SUzMd(`qSpVg!qnB9Wvh1>=mf#$P9`eJ&x2Zhs#-<
zb9tu1W%!Xzq&xYmO;@-)01dU8J!XZAFpj@#s9eq*X0OeF*C-1<)5&!wo!o$APV!<*
ztC5Bbqtrh7!$1M^<KvU>8`zpn83V)D)jtdrI*+fP{WaykLjBGsMp`V=?vSw>wL3jz
z-9VPs?8xfa@+`H^yMvJ@#p*$~mY+kX<HNl~o)Dpq`D2<xp&zc#@$p<od4Ipol;5U2
zJHHL^ZzqvJjCc+huD&2jwFe7@^lj_&h|S!trWD(Wjg^)A9R9k8ENA@cOlPz;e1)tQ
zo29W;x0<_%tB7_popS5}N3^x(Csbd!v?~VA1wJiURlf=g;z}v>WQxS?1u13^^DDD*
z@GTHVNLMoyIQQVBrl7ZZmUDqcR$77}ca^9@$s}KXaMHMZRO85&lO^7GXt`erlfL6m
z@1R^)?D0oxQQy%{se^C?l{FJ2WwRb80fY+ktz_#v)Dln7a+Jn#0Cg^df5MnEGBi~Z
zB^%?EBTa5j&Z^&+loRR<5G=z!Lv^%2&rlu3`W($v9JS#yg=C@0Z~&s@T`Wn;S#>Pg
zZ^N{+?=$-+UUA*{LLqs+IFJ$27UtKsc2<d`o=1mZumHhd4TuF?xTHSe7^M`RQlIQU
zN~u0&^|m7+Ew-7xq&RITQFdt;0S2hWp5$BV<E4J(@c=${!m(v>v#K-s0A6YIpg8wW
z{5-S=W0jH=-wT3h%5W^gL%4~Ho=zrumM0K*R_Y0)QS==7c|TUtW4ku(-~EK_;sIfY
zek_)bSB8;VE9gDT<xlP8*zb}*SEBss)}C$z`ExN7n-wdn8m0tL)quH$(7NEjY$kBR
z*#R6>NC08ovN#vP^{=#WHxxEaO}SReQ5aNQm=B61Bkkjbh}5vDaHX6it)i%nvg-S~
zteV09vGdf<OO;fEaD}q!a*|bd(&jqL_+VXB{UR-@euk8xBB)-cY@_shvhq#Rk>$S`
zSz*YljGLY?C`G-fH~G~&QC_V^dDTDSPDk|yF0kTIV3K9C)T-H-X9`KJK9tw-v^jg%
zInGeg&j0P5dDeU#Wvq=|^?4ExbQD;9EU`Z(?GL!hXavx$Bs0728bE9mRf8B{ItiG?
zOhI)k3aUQL((6tR*7cQ0HanMBad++r-CLp#8^Gn&HKWcUuexEZ{xZ|a3S!<Xe3-A8
zhl$@qW2=@615N%0*EZh|#}0GHvx{@zCFW|Sn|u3}CkJG%7s`_X7ZWH|##TL^W~;1n
zZje=@a3hxa5X&&BhY{Izd3OFrY(@U(Eo{JRW>w27rsqQ)p!$T>8@jlycKe9X#b;_k
z5b&FbfDzEe6puE;?-LJ?xA?-(7nn!O96lLyI$86!2yji)k?|hLRgV~e{RpwlK7(bR
zl4hBAYY+V%S>~OcvCKYXnXl-|S?0;OLAQzZD|jTVJCkJ&qLXST9HB9eYCeuSfhp^&
z@Cd9jMu02nMerxLGrp*lvkyK}Pi3(W^Vao6W(e7WOlIf?KQTkQ@9H#5|CRe0SMx@y
z7iWfUhlbh{Tg}YSabI?-{loj%YmdNd<|07f2W4VyU(#;={ndfO{EU1-QVCV0=EdDu
z29*rXWsKXzxs(9sa@L7w#4%YJi#9374BTo5HrIU)KE{E#>jXXqDTqBZ6PTGko!F<I
z{NenJgXho6+cnsf!^@prA{>sF^|+dk&gT5gHGx7QeY-G%;SCd9cE5VN)34m+k@b^$
zFAhpSseeg{hyColmic*23M@RO$GZKIr<^ba+iQL-$40SyUWVH?#Sh5pD8^6ZGdoT`
zaTK?@CCg??qjjnTIEsfK5U7Boos{IGoN1@*71c{oK?>mi@n%Coj_+-RSLv7vDxYe<
zT4oW*!f0q%yLLt7wvlpOIZ?1mbNv@f@Rf<Db8jX*y=h{0aw5Xhnmr8R+Ro^B`d<?O
zPgiX+<LNCo^LGtA9m`*f!)x>Z2l=*7jwGPop3sTmHu)9n`ym6QehAVH86YhhnQ6Ff
z;4iu1rObTtlG4Y;vMWVu(ESrLL<M8zZa-VZgIKtEM!AIk*j5))si&ASmmIRMeE<=7
zxjbo1k;I&_QC*CoEiI(6thtkSSe5QDi(W(jRp;#gfrs?|c`Om@e6?R46Tp*z3<43W
zs~od9gj}|yeZIs<zjuuo`!#hxzEV<-N%7rXBGtV;Ld}j~Y*=sf1eDYsE+Un@bQyPW
z#5$Rgm5ww^yeAvpa9hyQ+TpYycn{CycAjF4_AAwmf2)ztvLVpKHYdtR=FG@c-?=@V
z<q-LnxE^&zQM6T@ySN8#F65TW62HSbMT3?dA1zMp(Yu4w-Sw1EQm=h04I;NY+1q14
z=oVA`TV(l4!<(m=^qoChb`3G*2N`l+W)0j}#(b1uIO`XvZL@60HK>GP+9GYa@8RAQ
zgX@$DuE{LHLa8`+M|UIZ0A}z6j>n08jEYouMfLWp(9QdpbF-ka;9&9^f2t{<RG!JQ
zH=z{?Yg0|S4RB(4ndJRkj7=i<JlPXa3or7==0dZbvrodkozvC@DfyYVG1MjCtvnO@
z?~+)JMH&Gg4qXf^l(VE8&=L<*2!a4hNkx;tp&FShq{VH9pWnw~{Uhg*cfS-*<x=t*
z>@-(WPD-&pUTG<7nGz-Ch~zys<44ka#vRMa>7zhQM(w)?6Gc~Jh!&CXqR(+i+ABNy
zqFlfd;b8D>@-lS1H1{xVDJlecC*k*jnc~owDAi}N97#<d3SnykW}-xC(nfCIlqyk<
zlmOKMe!W@S+tOFKC1xFlgGBz0rBCI_LVJ9oGhBF9B`{5g$({x)m$<SUE=puET6JNe
zo;4QgU~&jwCf#0btj{mV1gtO71hz!w9hc~ntR;Hqhb+-6oi5RaZvVHI=-X}o>r3?N
zmzhg6s`-a6(aUU!fZvZSp3m0gpA_(!^k>u8_&%qS2zEOvDYncx#IR4kQe-2?d_F&8
zt5l&5+dLcN@SU>;Mi17w0%~Zp)jzwP?p#?MZLJv=@P0e}gXGooKfrs@gSB5495lD8
z-r`@1|3cf^&w!3%^SQLBV)T&|OZsG&mFAMc&E_>+E7l+AiX7G%Ievz%VG!3asO%y&
zV)hzdpI(8WW!H3%v4$fum+yuz)618&a`4`?7W2xjq?LnN(}LZO+@b{bqIEF6cBgRd
zwr|N?yJuF?+FkoY)~+7c&RCzwV&>X9_fr_`2ehYf5l!p2#~DzL2D|P0t_37Ld1Pfi
zEuz8}u?*H@@ELv8uEJHjI-t4+`)8k_JMLmY$s3Bj`=&P}N2K+;#<G2i%a(3mz0SXc
zJ=#<I5xN3+_lc1w@g!rbddGLJs<R7A)uivt;Q!jryl2b*XlLTA9tn2aDJy}qoh<O#
zO_>Y)_VORTz>_oRClRuHB{IASR4dNLJ;G2UgFaW3Bo|ZGNa%#ziZ3nlj1z=`<MH&j
zP!3oW{2Zv;AQf4OcR$PQlh~HS+}YWz@6VWZ>Qk)$oC+hh%klPHEcL7$p#?x*XI!km
zn*d`I<y|d_V>hD}Ssb-lf}_8_Cq<JKZKH`kwuvTMTBMHz_Qtm~b-ifn_F>xlm0!TT
zMfc#O?bj-o;iUDr7Dve^jq(9ox3T%sSXN*db+kKS57v&S^3+*$y$cOt9~*-99}VHB
zxuzjpOG9W*Pwy>?^#oGpUb?@{ZY`Haa1cjuSo>SNuTWw+!zNx&w=T!5I|y=IhWdL*
zZ~j$q@M(1VjJM@V;s@&@$9`nlAVrSVa1WDxXr!2ZdNu%2{d7res*Tv;<W*DVvv_|@
zCh*+GO(~23P#h@wNVCu4c`DX#A*QqcwX)jJ`)Tz$8Ie%gEX5N}@0MzZ6hGkfuCHE<
z#bnv}t6&L$Hjsqcp!w0-g)9Y%(|fdfPx23PY^)8CK&*e8B&X9!7uHA^d`cQj$$ZcQ
zCYON`RA7sZ#>Sy)%4oDasLr$j5Pt8*>W_lTQG@_S9Pl2iz6_y&YXD>+bH6n4YiW4!
z%_FscOat^)^4D_Ya2-q|L)GY1ONV$$OsdXIk*L~;JZWbfiCB+wX=vc)@E>+vMPqoB
zyuyD>HZ)mGO<+=*C@nxO?E%$?#Sxa=nbwbFq*)`^&nm-~RH2<ejiq$5vnYtjhkXS#
zTtvwfnm|esW4(wD&ngc-vK*lphm{YotSU;n6(#C(<n3h6YSSXWpU!IY6=k()p^IfD
z>Oa;I9{ijN-zuNV@nqK$<s&(Mphro;mUCydNql*n66TrKBL}s}gt~8#g{~`B-GIe}
z?VGgCmz3*(%ZK%v*5*9|__G!>D8~;wy(a;GmI3MPxc|j@XHKV5iM%tE>Z-%$66gI6
zo+K7vcCOhgP^8I_!AE{%9V%%5$|FztrFgx7UH=2GUt`yQ#OwL&`c=HHXV-J_x(cqp
zt4MTujdpy%G(mrw(|NtTDoUatMQYtS;?KKd_CBSR*KwxI{N;31V+9@j<)-r+lS9-W
zv@#2FB@l=4`O*iRAPq#HLpXXO%h1Y$g+_p8t;b`?R?tW%2z1kjh#_YAO?rVIpu<0_
z3LaSo`)y1<E>9%R%tTnK1d~U^ta0i^@-7qWhgg|EBt@j<w?dB=F&e^y!P^qb!)y@w
zyp%Ww);U_^R-gD{Q>d?6>Wprvy(EGBf^l9^o=40}Ii2*jjZU(D2bGV|itU&(U#)VY
z$ps!rlTxxbCC0{4!(DBZf?X_b8KVwc9Q5uE^$jRPU<_8Ok&{@CGdIvDlnnk@T6D%B
z?kmK4loT0p2h41@P|?G6uv_}LB_$zw4~WnF7vb#zAnRfTP44_Cm&E#oG<BZ<fq#hz
z{P+#Hz{_PNF-95oPvW^r<+X-*?lsz#>+x7W3PLN=_qE!Z_xs|PE@yDws~7aa0Kj0(
z6=BA0pthz3?J$vIRD*q_tc~o?P3)p<9qT!;KS!Pj(_`xJMoUweM1;d8&O-;b#MG3T
zA4F`eM9Ym+i!ZY9_>b7gw{Q9~McTO~wEsVYRd!gyWqx&r8+F8`+JqZ=3XC05Ewa*t
zc7p|IHaNP_LWmX|5pvl=SIw8z0rUcr`knX=9EZwwEpJ{fB`Bh1;Vnj!51<J*F~hLk
zXdvD)Hy76Hh#YCeh;+vSYxo|_;Up_U@@~vGLzQcL0|9YRW~m3&an9s}27VFXV*SNu
znfe-<I*gB%rr`<0M-ty+d>D6<$Dl~Z->H&#$%txXICsL`#3#^1IU3oOD@{5H8zne+
zl@vdjBY98OTxe`9Z;KdhMG}O6@K^n7NQ)xNoJiXu`w?@ku(?iQT^cE}9>``vtHFO`
zioLc0V^nL`;t|%rhyN_4nq*4zN^GoUndChh-jWyxJr=YsAcR2v6qwXzWwUmT_e=DF
zaNz!cwQ^GSqfC2+azE^(Cd^rivx!;j*!b#?0Z}bhuchQw3#|CISiI4%j(2^CNovHv
z+SuI|??)kp=)<lySciWqTcmF5Wo5i0vNN|>dF&Y&V2jaX_#c#LkQN{$B8ru=qz9Yd
zwGi4l8IgQ%5r*H8PQ5$BEk|KbA*%=w(D`U8{AqF{5aDjAA%b>1wJDXfWAM>?cW+5$
zkzd|(IrdCFZhV);-wcRk$KPb@CqI=?+n&PBX=fofMEJBl6_l&9NT|7s@F*CoaDQNU
zDYs5Z>+5E+_;s$Y%jfC(?5xgN$>kVu-Xu>NTSN+HJ%GKbx(Rys2{jXV@8y!N!o=Rq
z`oNhLo$4=fc-KY+-n)-<m#D*pu2)0XR-s1LyRI^I4gGbl52gM>dVki;{?xGnG!DVu
z73cm&pj>0+dZ%*p3M{jkER@vSIm5GqWdpg&TPSElA4LQ1*nmlYgZ6aPw0<({c3Hiv
zQdWC0n>zXZt{JC>4y?m$5T8jZd5#CY`$8>|rFgREhCh_lZsXJm2U_ZuVyY4$tkf-i
zi;m4`H4wVw@3Iu18Tw9^vTp)f*jrh(k4$5!$MEj;;Q>q)H6u$2ZgFl+j_#cnX>{vM
zVJG_LF_QF1lCgz7^11K@bdwwb1NlVdGTqr$MLTzAW7HN6bd-r&50zdk#}D_A3!2a2
zXxkzn5pWb2tda+vz<B9C=v^3}B8HYRA3?ERcirXe2(ShfI4k8-#M<Y1NPW;%2ESfp
zj*^^RJuWV343a-$P<1tz;Mw|H8Zls*jFrw*57rcs)B<V5om$uh$C6lIO*C#>P&tlb
z@68{P*efgBgGv%)-v{-&=;+fph%)3?u@g!~pi}~CDhEm>pr$gQ#OOnKuA%>9->TK*
z|F|sL7<QLf*2?7n7`G=*6aNX^6xGO?D)VYNp(~S<((*GEP*OH(7nHH$M#LPU;UX^Q
z{!Gen5`^u&i7WB#dW5d_o3oU7OP<84AOU0kd>h<K-k#xfrrXu9&eW54GZCQ0EL1cK
z+@p+La4En|o&)3`GzGR1^U_A9<bA_cWio0Au72rmOd1CAEi-?c?cdGJys;d%a`UX2
zl;lM%bfElPK99*B4qSaFT9DRLT^l}4E6y<jg%>J>e;4XdFYFxZ@vuk<RO0v}OY7M-
zdb<<o?=qmjfZ%<G1sSJ7F4aN)>)dRR*O)<$pBv-_9OO52kl*MW<ljsNkY^CcHB|ub
zo1MUWl>x7v&2JR|>(PPr>A(sdfc>HK`-+hEd?#S%cMj~KNqm0sK$W<Wni4XVW*Mmi
ze<xGAUP_Zw$Iir=@9XK*LMG%adm7Hx`BLOVN=_sG+@F(mx&p~ME-URp^+!SVk1Q~0
z&ly=Ai*80NqjsSyixe)c>y#97Eyu#;ENHP?-BUI}e5o;+Q_v{0<gF#@QnVV24ZZ75
zwb$N|k#E2<MVzr}ia5CiXvF%|G9Y6cfcfrS5-a*bZ0OTFsO+jcm8#yD%$1do;YzH3
zghEEH{`(_rl^yks;R_RS5-<SDUC^uuT8*}_GAgX{6pBZT)}!Qaq*C{xUdltVy@w|P
zJRvEYdG_XOe*y#wq-DR@5O7)K)QY0^+TUj7OYn<RtuE6D;;BX?#B!{M6-LkuuUf4H
zQT1nupQKp!`iy)dI=rkd&G*3TCI>WvH@_pi^CtiA!<%I^PuH(yG-fp%8*t_ktU&@D
zOK7}6$5IIMqree?XLUX)abkG`J*<|UTX&+tbTZ^r6C*P$z7s<kEcQHqd_r>+Um#GW
zEMfqUX%&<fW_gFw<Ml5SSsJ-^!&p3kRtV<Y2aN>M4pv}#V_aY{-IMWidYM})+<D2r
zcx?ARZD*_>oj>{5MC8v;|FfS_UOHd<Al8pF9VVwe7fTIex^oq)@u54)@Tl;s5YF)R
zX$QVSxOqO^9GSjZl;PFaKsBb5?u?uBFo6QjmKJ-ZpOCD}cv#OMoeobD;gnHxt4y=J
zMI+UIJ(CB=BSZZ4AK1<MnXEpazTQ-PK3$>vrAC@SQ-yA-zTE|_;G6%^4^|VaZBc~$
ztIuO$r7pPWHo3VO=R=N-bzott7zV)sA)fiXDTqGkO@#+_DB0~YRd?spr>z^?u|)T$
zbn~1gy8px??Wg<-rs+2sPku+xXhD4PLTB}WBVYT-U1$yYK7WHki8{(SA7o~l$#520
zcZR|#Z8GWmJNFNAGqn)NM~@XWCcDl5&;6T?x~}W<Ol9sInPu*XLhr&O>7M(zKhOXt
zIw$M5T@N6v_uE0<wh~{`JjTuF6M5g9cL{pm^rsss()Ax(Oo-6`6?DDH2yV<}!Hwi4
zn!>cX3!Wh|;!Bs8JXig;5@iJy*ZrJ1rGU(<6rjkf++vlKJM7WcntQx!s$E%b*6$DE
zBRR?)@b0=F^T)Ul@P>;J@GEq{TMh5lNiR{2Npop4ImVM7k%Eth*=f>;>BDY+i8_y(
zV6>eEze#_K`q^jK(JA*U7D7a#KnaW_o&-@~`8i|msH{)Vvc@4o$)HcskE72;aAOlN
z&0BypC!+^Lo*<n9XnZJ9;y|g-1}!^+gT9a`S5RJwcbE{G5i17nTvJv`%v1y~gg1~c
z2xGc?%9hhIR@MQ=JNYsb$bqB&#UL!H*DN#G(HIxsl?Ur>)1@pM1{~RVz>$ptj`%>;
z;VP_1e1Bd+V|0}`zGe1FRF0v|ZJ;>%BRB!ZADP|GejOWpl$!W+gC3iyF|_k5a7&I<
zd+b8Ej~uglP|gb~Zhv#YL-9vh>-@)oS?fIY-c*V}L3f}1Sbm^Oc72#keF9Z?{etm5
z>I{ccpx)9Spm13Mv-)8tyGfauA)(5#rL^Qm<&TWq^CjwB10gU4y@3$VFobydKSKx#
zWuDq|%+hmXL@}At5G`z|%2b+4l(ypmamm3F%eIn1pJUP~LX4s=AjyT?I&P44twdRa
z=wS=5G@-}&C6*+j2MGQ4qykNn5~9bnfjMaJli5guN`j$B(RZT<HTDDN=!frE<@nzJ
z07XXU2J^E}WV8aeZi!UqBZ}M-v*t5ZfMaxXAfKbiSTl+ox|9kg6H7!W61*GL8yp;1
z;pYdC(3$bl-mI505g^g+Zj(LN?9VsI$j5T@+}?acFJ$!(hjrr3cj*%5nD?vCbZ<Tx
znrRga&E9+m`eu6bY45X_egZF{zO`#z)eQpHnjHmV%LE~0S)N9DI-tsItkx~i_iuto
zS3jr1=(~6^?IC8`$ZoUhT<KEtU5U4@%i2$~zxG(Luu9N1Imm<Vklm|7#;=lm)-u#L
zOh__HX0ejV%xRtp`hH+`Z-XuR1+cJPTbH5sx=otocaq-wa2NE9w>In1p~(2VC7wVv
zR_xFPc3B-r75~iDZmV5BEl?>4b=9uPl!l}%RMtA$ZYSk>==PvG$-_jSA{Q!1WYmuI
z#=xc<G1<?M#hX&F*h6`~KR92Rxm%kJtWp!m4Hllwc`_zK=Lwr8V-}Rj*c6NSs$7|X
z&bs&pufum(jQ-L}V0nOf-7PR}hZ7z1ulPehp6Vb{r3s-QtH`5NiS%64=JSVjo_oSK
z!vbp=k5?Iwt8-KLi7zhaUkhE9D6wYOXDZlgz~Y97^;<*tA>f%Yb|?BXjfl-+vbhR+
zQbwMFk=sR4GgOH>nkvp&9GC!fIhrd7Jiq-C7b23L%aYvTF>k&)BQ0ni(<V+sK{GqV
zeOWqfr=EwAsrfLJ^o=y3O)KFr@Q_Muo{QizA9^0qfsU2W^Wt;7dQr)s!<5v}OUgG^
z*eDc7@5r6S(LJG`O1zd?P_5KTQ1n6dYo@%l<m;g2Y;e#)iBaaX%Bsi`^v={U#)p;j
z!GSMnKx`B1t?(s3Of~vx?({1w!VOb!t~mgCS1d9@iXWFPJ7lWF11G$ygFlslPo>YM
z{6KiD7Q!~M9`mYYe0)`MwyqzJE#WKhFPd0w#3f7$ccaxQzArDB`!B8@If00L?;Bh|
zB1Sk?W5=6g@h025L6zYHN~|9LoH35X-8jUwJq%6|1HzbfuoNpA41A1DY?$Ek(1s3;
zsoxMDRafQ6?vjxR)Jlr=c^q?jWGuQ7QF4TZmioqUX@YPk7Gg!W`D1*M+SG5z=rPm>
zza_rd$Ug@ih{>NUv=~1_6A>wh9I8Hdq$-dT9u1r5mjl=)A|<!JiFh7U{i5S0!X2~-
zc2IH*baCr|%sOwrbJTh3*u_J)rBXaTh@7Wr%ZG<iK-q{TTw~jK3U=z7bO4T2mv<tY
z&Y+wA^i3b!e2{LIq;Cc@6Z~C@!QC*o1GOUxh@ibrXJ-JMnPLrm+FEQ-k;-oH@M*ol
z->^a1Y4jEP7j1aja-Y)vV|W=<S&c^-&R_Iah~4YTPhOZAZxmVKEb$%+RgbPKx>l$<
zh_)7eMlMG=?ubq>H^A_IzN`}|^KrU)&LrEfq6sqxU`@`?xc?^JKQIUGzoOGWy=Y;U
z67TxgNge3P3NvO>x=$PPVn1UiYKs|5p{;*-ppf(=Z{V$*niE<jhoGKAIiX#EKQ2u=
zcp5x<vzEX4tA_{braHHFv1ylU_wg3thX*qHjdDk%*$~SuD2P80|IR?fFH4!wee~IW
z$XeN!pPN4qs<n0saqEU&Rq9nib*c^7Qdme<<W_EO#9ZmvVXq)*LbCMf60Yw`rwj*L
zJ^Bs!>xza6RS8)wK@LO1w50>##}WP`w6+9D=s@+hwm@uLDxk=1$^LlfX7im9@A2W>
z))w7R`?|!UXPY%A4hSL9p+fO1@f5VpcwxT&0&){yKhxPeKgBJ8C7*9~WFf+^-}KEE
zNX{kS%>H@~`J$~ZMwJ|}vuE-2V~N&+JP#jngczxPo}@<8;ZBrsSyu0I$Z9P}VY`8M
zx(=(IVS()8f<6A$vA`{f#rv^CcJ8w6$I2|fc`^EAtO`vd_a??P@M5T3>o?d{n9kAw
zeH`I^v~gUk<MbEUju#o_jIkWgTK|Fz(03ZOgv=G|H99KAD5juJ4o$y|`M@54bEVV9
z|Fp0Zizl)d>#NCF_#zELY{;?xuIM81*%-P|ulkU}RvVK83ExrU;#V32VxYOWewAMg
zG)k$s<XsbTqlTt?aZLK1zwYG4e({&f;CdZgcZchEv28u+Y8v6C@cW737FJa}5A*f4
zS;XjN7RKzkSsmPl>F5J<7PI{#z)ML(QSeuR>vL2->zwGZs6ZI;Rodgf>qq{d`51Of
zI!PZY)UJGzm1wTxJQ7VQ+d;wDbVrb<*g+zRszavAO=*X#`lT5nR-O>qS7^b0?AJc2
zVjZ&_MpR5%j0zVsj%<;BlM#m!1(?c{7wIl{=1S3R7nx5Y{q704`_CMp+Wv-|#DMcy
z!Cqz;T0+Go_2l?Q3`yDy%;$tnR6(m&e?g8QEz-S6S&gp|_qs|$!_xDT3-Src50OTP
z;qw<+Zlgl$iN`I>wbmyq+e!xSrCiTvu_&5yP>P?;l_F;?5=-zLj1}gmols@(nxHuL
zs6+{#kHP^JDjF9n`WAuI{`OaLKuunabINScJTV5)*k2rArGD};c&-&o0AAdkSD<CE
z$%^%GCm;tgDan^&J&(U?gWqUXh@5pydqR#M%!MN_s2spuEysp^A;)@rR?s>{B2Kun
zF)*d0eW1rT_;<oLl=8X93H&?Z1pTn$liI*Hz-%^IF_+{z+536uvW)yNy(MKL`Yn@h
zGx-s04kz%!@Cz<`xi7_@`p}{wfmDBjr!>z-^Cg+IpzgJP#!YQ>{rS{#5ho>tk(rZ2
zxjJ<0XSFQu#i;5p<-uPgqn9t%|B)We5>W07sx?~Bdn)WC!}#SyGEj3q_`f$%)vtWq
z!C1{mj-0WFrgDd5Intgp?I->Za)=vAg)dA7vf`VO*YJ;1s}Bl6Z><(SNPVFxVcmZj
z9f!Y2G+L;h6l>pmoEkVN5IY|JI`KBbLf8wZ`Ea?pi7C;?IE-{+I@Zd{VL;c!6ntS(
z+J|}te@Cnz+Ye(3&H&hFEJ0-_%TGScX-3~q0DTid%T7SwL`n1@S;#_ez~O_0!w3G0
zIZ-3v$^OJ+)uc@@=b_N?X&=H{2H}=ll*0Wwph)Bf9}w$bBcPYH;co@7<CJ4sSc)IW
zl~T*lKRB}QOi66m2`Sct_Kjpo6r?gx)@(lvp2fct&N6gO5xS<Z5I_JQz+XG7ZQdT<
z04N)BW#upIEvNBS*721t&<h;XXDoPu<10>uM21(UiU6c78GKd-Y9OaRkz+F)=BbE&
za)Ig4;b)DB<}Z7kV<i$9359MC;H6mqya^?_XiRuX7#qHXkQ0m1Yrj}v!pp+~$IH^7
z@|6@n4fN@B&a}~fGS`^$r^u<Mp!axa2;k$l93P3{`hZx6Q(95F)9|N>KUtVZqDLB0
z&1feb4qf$)7OQkn#z2(FNNOVdYfn6MPW(gE$ilyIvHs3ZeE4^AAO4Wr@ZX=hfTJEj
zgs9ir5%r!p--LRnDEj^urN@3UIhH8xgnYj>kgr`wzN&2GEBp@R`#-`z0zNb#1OF~G
z(60&5?_~G@UFhgH_!kEHg<ytx^a14!bC(RJzz#XJCIj^z?afec0poW<JrM7zw6*g=
z2DrF0oUGC=zt13&RQ{r#Ot#WsjRlt1znX=XRT*f>Xr{xUncu!`!c7Y))nVB7&|Opp
zfFnT8H0gap&-2av`*JwULf67HZ8PKN=X%$Oq`yk{9$u4p&%(q$gf}>1GEqqwLlqpC
zE<8HfF@QIC{0w3#?2<$%14~({7jKhTKjM7UJG8?VYPU$t9a-uu&O|ceOpx~GheqOD
zcnoZfzikjoPtt{oHdvv^5~lGqu=Ya4+Al<Q(5KI@pt761tz@MKosLyO<uoDhFF5kz
zZ;rf=W+JZ~>wiw<o&TTH%geLrrKDV79Pi6*LGP~c0Xlzle0_4RalGHl$Ys7kE@@#f
zRt70lYPF;^bvi52re18hC21&11@S|<I&Z99{3d6MgUt61NOExSSz^he2Wy6c07wim
z*H^K6Tw33s^%HnSFPoJ51ev#)dphA+C6#fQVzj&$BYm7aW4y$ZNI#j_7UXQmd`T5a
zl$_m0^6+^QrRdoo-k+3Fjyw<K$k?=$@&pLQ8A9O~SoDL%cQ;c;rj^=y;H_ogC{_M|
zgOdCUb25ykP{)C6a41jf8|#~9@Xb8*=$?$TcCef_iewWTq+Ea9-rTxfX9Bjw94VI`
z)7{2>IsUqRJ?eHH57>^HpEQ1Dt^2C7Zr429X1Fb@V;$zoJmi2!&ZN3SsUh}ZG&s8A
z7o>1UGQ}tp#xSES>JL)QK;c*;l%PD>Hty{tH*GR(+-ov)Wgtr)*e9fA$ymKnMyQjd
ze^k^H)n8L?PNkAp1Y<o1TTl?yZ(r+6b%4{5i^=TjxBJzx@Q+n&@LNX3`p~9wov^K&
z<0rMhqpsX?m|x`9`o)H^rSzuQaGOPFtlNFowrtLA7JprBsSujNyPjP|<<UcT@^$ic
zbTY%thP!+4NF=k;y-HWQS6MO!$t#!Ej7+5v2)hA9qn6{c*6lvc;DASE^k|Mh2Y*bU
zCOf;-?fwxp&=J5=cd}7@VOituJXjjr`Z-eiiSkk1?v}b!bHaC@6Y?q!d8HZh3LWx_
zP9a}W!~z278&b26ggS04@;Lz3yX=hza_e?m>UOmgK(H?M1-8&|8cwU<;tb`R)A_(!
zI|Y5M{fp42LG#^AuFm#93s&6WJuQ5zsFD@4HTvLpaeb>89R{m28>^W(#h*V-<*@$E
zQiTqXR91(~2-(_{orD)}!A0x?W))s0sWCEFsZo<5SXPeyfO<-32p;(c8iJ{=QlDOi
zAvhp@u@zH16qxENarOH+Z~p?ZeoGE2@QvC^I&O#8rp>-$bTu?Gmsk4L0-G2es80&4
zLyi>dTlCFvLGAHeYE|T9H}Tm|C{JkLhmQ{zq)9!VlPv2~yY$6METoh~|DR3O`M>)g
zO%=uwe$P~ee`=nl-=NOH$Iim^JoSMoQTsfX`Y3V==IQ1xi22v|JBIVr=Vi%qEVUb`
zsGCty59w(NHfZ7!r;zYiO+>N?E$?k9bajrI(!fee|L;x%8`IOksuL`>=!T_ClslGc
zVm5YWb|1Bo<pHa<*oE)~Qml^!6M6)do0<a_p6@k_Ai*xW_3UtC7m?g@>L$KZaj#JL
zE2;-`!h^G3{E_KJ(r3l>7Y!?(BIV<|bz=PqLc5IjZ!*14Bw{wapIBot&6a_B*JD5r
z%-quU|G&%}kipw*j0~2V$)IFmdBf=6-f1F8Q~TkKrm2m--HznyE_>^;oY2)-lT&^s
zYjP)h`K$PbX@Z^g8$<;&;lTZ1bVHSA#BEixhSy0JyF6)ZP<ph{1AKr_Kkf4In1eGR
z7tRD%UES_l+p@Z4b#rdZP5w9o0OIaq+=9W4#Jjt);rh(O_2^XJ(<#+oa|1#>0bNJQ
zTk9I2Hq6b8<>OzBj@{a#$1VB<OGb)5eT+>4Rm}s&z6kr)MwC;W>6}c<iLBPTQJD>!
z(otC;XrDjYj})>O=c3Di@$B?ec(#~7tIT}%$Bjb-?REa_8G4qvp|$ejo(#?@;znO-
z!kdHYWa(L{H1X0&9B0M~zP@!x=IQjNzWBgWw9^HD`KYDiw}5!$EOIg~Me&y=KIy#8
z_IH86EWicPcgkCxH;iJ#T1&=&5C04%<1asD1MZfS@oWP=o6ny;koj!Z=P*$r{w$o+
z$wb{4=qYF$MjNwL1G9zFdlLYec!X-a8NGenwNTKm<h{L^3E}F^@TKlQ?Z@VUl9v%3
z$zTHlZNoDs+Is_5jAKVr+jH*-VuP^2BG$We^=;f7KLWR5^OPpOJdsM(o$L|5D@(P=
z>MH8Pa!Vi!>!yo>Robt9c|H}wJx(mDu3z7;y<<%?mZgby>SLxGWj1^|`z5_t5Iki%
za~#r-PvCsqY9yG8JgEtxZguD~a`Op;qMA3St~SkkAeU{)atmXX7jag(Oy8Ad*}IY^
z$TJ)!Xm_jL_hJ(Kgd?>yBa>46K4DZ{ZQ^$Q2CSYX5lD3gQmp6R)~r?dXJIO3D064b
z>?b6;rLw=6qAwn8&-h|0u@i1I`2khFXwQ11jluX~#v6^biN6uwa{cd)3`bwATe@ba
zCBy_)+Ps&UV^z0zdZ7hec?+$YRcWi{Ot=|(i(Jc5>{7?H#iW!nzAae`5AI<P=9nMo
zwfKI-p2aerDeT$h?Ab2`v#&a)N6IvT4?d=w!2cW2J#jJoT*MoUX#*^o_d=32aBI(D
zgZgB4gM$ZIgDUM2Y_R=cc7xav*5E2l!Ui=*vd!>^j0RU>gB|cwyKi(4A<;zPv?I&@
zfD<+@Jz+B398EXxOy8UcH?N_a73rG~!_AB6=2PjLPiB7p)xG)v7CZu<SNCSZht{Tf
zzue1;36i;BHa4s4tl4bdjBxL6Y&NyCW|e#ONxuQxJV-xBUc3T`j&<cGyzYh9Z7b+H
z2d}?o*R9LpdM8{bZ{qfL`qaD-bFRNiGCc0x+Ebx^h7DAEoVUo6jDmG^e<HtsaO^;0
z5|=Zj-OX@2={CB$7Jm-n@6jAwig(0hcdYK$7ysDJ@T8`*00*Deci@(k@iA>W`&b=(
ztYbaASLX{tRz19#)kZzMzufyn>fv4e`|tD^;PvntAMRKWPg0JM<8DCp^$&nt9`H8R
z43gAw244WQrtddMYvPQlN{n--Qs>C8$LJviZ(<<^BS}4aO*+tNGK=c#$v_<Bb`lY&
zN`Tb7(tY!5Lek6h8!@VT)UN#@)X!jAw7?t}Pu>)hU{+4jtQ2xv&&{L62J28M()K{;
zU_fk`oX6e^s#ThtY7UO5Ix_Rmst@*P?VHKJHv7<K4yQ?#Hmb?$5t8p^SHR&3h12zK
zP?3b=ip;|3#2;g_?Fg`Jj)JX}pSIYeSJ#$eJ?_DryTISts8$TXVY3BQPl@`lMlhiX
z?>=UnO!lPl(ipxDm5~F1cg^%WM~e-Z@#o|Np*>RbGMpK)p?`OigQ7#rui#TN>Zbl~
zG5U@`W{Kp#sNN2ly!zq?CbRlG7)!AiyLNH!$ad6?#)2-7Hnk46C03m_<s<a&oj%lr
zFX-d*K=>jCX835bUx)as-NC^J!u>k*eF5~HEGV%Y)}OH3XKG1>p51yc+~)pOX*99(
zVs@1pi>;YIjT!5mCF)}?tt5I-tUmxvegC##CS#w0Ka_`O(lj<ncASAZ{cSuV#y}r2
z8fEiV;{BGX)06`^_k}q3KJmqsp|4nOazG;h;Rv8o>oQB|T3nPLu|<)+CuVjf%&K|G
z_-^tE7~nJM_}lavLUZxidtsZ>E8@J{Fnh(1;ZHVBCZ?ba#r3Z^UL6Bv_()n+xtjYx
zl;du<Yj1WXe{;X`8NzuPP+&Q}-x|!tjNeL%wdutj6v|ivUcmOCMU&%uq1j^?B#pI;
zFhDLaXR^y(T)#(GLWDdWg2kd_qrz-G#a4<6K87hG{>(EFrSVCfWkYvy^y@8Sg{?B8
zsC%JX&6`?YjGTmj?N`TI{UgR$L-SAsDl^IrIGJutB^9`!du$gw>#A-SLXW_eeRh>|
zA8?@Id(+W0n8`aUt{LSXAgy_QPcu$V&qMAxS03_G)N{@p217eVj_*I9@5QHB-*1@v
z?kxE?^?lx8==-;nEqdggzd^F@!W`UfRHrWJYJ>AAGIAt6xF${SuV%c5UyMUjM5g0s
z*;(t+K6(%~^`5iY+{bP0tbtSeGd392j;h;`tCC1@y};_`l_R=UaKArivKQIY(aQzt
zY;m@~AH#&umjK{vuYTu&v=|-t3gElRcg|T$<L6;sOT&Efo!?1%Y~X*s`)jLloaI`)
z9KQEqvOhoG9a`yQ>|EA<M9e`lKPl>Qd&z!yqn{DRcg17uWOr(p@T+p|_mf$k4~N!|
zvAx>wel##U-&SY-eYL;-LH>Qc%fH*dkL7p3AW<JW`Lm?kaLkladUv^b1@mg)iewMZ
zu!m={4TXuITA>ApKB8fT3d0&vsRb>E*z8>Qct0KuQfcF-@B!`hsd#gS17$4M?7W}#
zgH2uIAfpNkW^8#D#|?P0pW2im8GLIx8e<NU9{>fVDu=aocj!mD&I_mpoIC&%lg9n|
zj(+K5fC3u#i_xpNbXk@`gRaa)yd~%9$1y>0zF#S}A|jWTD6{Ocd8BA}nP`|>%2+;k
zG`HY97o?KsPsy;aAanA=?JH&Jd<S{YeZsas;|TP~h5C*e?~&m<iX^~x1rI4)y??ln
zzP<iRCWZNU-HGnIQMuz}xJS{n2UsZHrpcC!P%n^n9sZ_bArEOe@R)@zigy{GN@0lG
z`$(5cV#O9{V(Fq?GPFHaXz|%riqRiiOiPkaRx6;%-3cKgP2}?!VYZ!0JBI$|qtrcO
znjXQ+eBWu+uoeSzUF_)|a}D`V!k#bHkVTv$nC7RM%@4Izp67MT(0iN(GV|84=c$!;
ztL*|kpct4=t?oAVX(<CIm^m9uI$Q`M>t7SY*(>j1Ne%7nq<$GwWdwjyxJfzwEXAK#
zVbRiNHk9#2Uc^^%QHNC=b-7-I%M49F9U4jf=NkgcdVpgBAdoZhNRwo%JZYlUyS}!k
zB!1}2!PqD7x>*;(jF-`F(q}=NeQkTH1A#2+nDhWBPS2M*@jh>R5pM?4H%G(Guju9-
z>6^D_9vgGcFj0@@f9gGOa?CiBeY8Bq+YpquV4I2#Z6<Oj^)hV;HW-tl1Mi_1J8=##
zrJKXjH-~0+_1AX2s~vYkS9o@2HfTSq3))Mu!C_2S!jnHBCTP+WM$#SH%~RNku+htE
zJ{d>F75u>m-hr9?%y-5!E4SIdFQ)m-hyO`TbJe-(asN-^n~$~#KOnyOX(uN}H-9zU
z6yF@U3|P{;8vSB#AhPhs!2_H7Y)7JWsbCIlCjHcCAWD8cD#b!qUbxE13U;<-2Rpwn
zcL;X=&hwCRk5DbGc5<cR`HX5xnec$scbBmACI<@+0zae9l<>&oWp|yt?5-VM{NF&N
z#Cj^v60@ym<X>Tvyeq4lkTnHP|8~7!hq+&KJ}b|;`d^2lBlb_}r^@u6KlVpHq{QGg
z_vw9CnfuPlzl8a?I`6+y@Bi873GnnMRw3{}l+iLkCHwMuvM2ahg`=Pm**!N#=lD1q
zk-SomSF)@F$=I5TD>i7}Kh+3m)89X0tW}KdA!YJi9;_Ge=+Uy)z;zb1n_rjzA-yOT
zpG0K#gjPqMM8O%on4ry{?V<A|Z}7Tx%;!$B9AiueYC9#3RicM)RAw9vvAnCk9WEG^
zE!9yA^)np~4Ly+U4R$i(&aXhC*}{(we6ID$fulp6fOHr(*(4Z*q?QO&CMgg%SFF)%
z|6vP-7q9m)-<w$8-;S{@RE{TW8Sb7kwtG%+gUrZF^|CTL<MJG5t@A106^s?67$6fv
z$N8jqBKMJ1?>@e@L7KEmdUQQZWYBKKKmfbHZYfJ^9j$Ih&kJc%2*7!?wM@>P3BZKx
zZt61KY$DRcM^BbXxz%=eW^0f->u-R^i9I=_F+Do>ySPzt-mNJN{y(Jsd?JboDNGbp
zi;04+wHPR~0MBm!5?mUdC2ec+a>hTgp<=$MvFI<>mDijQV@C*i$NEM^s&}3d!e0WD
zV&f&FG~B}#xb#`8-m?G=<(w}Vr&@QOYt@<adS~n2UtsI*OV=nG$BU`pio?pWTy8se
z4HvWrF4Z|Mb5@kW?5tWG`|f$mN$C=pGy!JrcstD;V*YD_F>^pQXu>|oqwT#Xd3T5W
zYU$8weUs<&O>QGRL$fOYd<O#jxBe)_!HiSY3?r-Ed9ruKtihOyNNfmdn_J^Kq3x}4
zd+1F`wQ7+nt0nvjhSs(EEIFaM$>l&Cs*os9ZqV5PCob>%I5-Y$7Y^)QQ|3obr$SF>
z0%@u@na_*fWk7m(CqQb=gtUr7+7%(a4)G#Vt$k(*zkv`ETrb0y{9@qC<eH56A+VC~
z!9%flxnCJu-3k8_>)WyeJ~=3A4g>${i{WIns6czg^FRo-9kZCd;>R!dN^6sc-OmpG
z6$OTh*{Aj6H{U7fAn#?IM;PBLE1#uLBYW#8dyZKDXL1hyN@fAc$PX|T7E_G)FuR=A
zY;{=#J?t~6?8eaYck<!TZLrmYl=3<}t2=242W4ffQ=LzxS2xJYm*QMZc<xtkwZe*)
zN%7seQmoG}3tE#GaCs)ulrMRYiS=utnYV|#_K-K|w$^BgzLqRxQ#P{<uCcsLN7&ZV
z3vD|)FSJc-i~>mF?XK9@&2_cc3870E_$<3guWR%HM1PdZ%o~8;Q%5@u`3yFkvV;XR
znS-O-I($t#c@dVN?V1HXOEgEDEbm!9fSu+6bgacpbG?iE4n+Df1hu1Imt}!Hbd{^I
z$QK%vmFwX4?Zep`5m$80Md)Jin9J^KU1<&9NJ=v9&@y@*IsQae<wQ<)7o*SSba2oJ
z0Fox|M^B>&u=%~j7Xz+=vf8DtYPf)L9>-CKJ5Z*SebH6nu2OS+f%_f!`0+YcN5n6_
zw6d<M0RDZksn~XidB8JC3{lL`I@_7_&(I7;*Q9W<1vAdGR0Ue`m3*N>e)2H(w+39j
ztrT1rzP#?FRaUl(^;j@KY*-&TWf7ypfXQnbn{(bj&P%MI+jr$an*<9L89|sZD6-cU
zKbY(5{+Mf^Pi**vr?@{glz%Gx5_!N}YDKrPgCNkw`o6zyxUjS@JI5Jd!<+^N>6TM_
zcF8u6r26x-5J{K1*XgUCE`F`-;D_}>Sn|XnHjrNb=p{A)zkI#A1|5-Jj-0ZEZjPLS
zmHRWEZyR9m0cl$&DR;TW=ne2r>sX70B~X?!F~s`*5Fv4G9(&1}e#uM5>zNMpC%*(a
zBd6MB<Tg6Jx8zYTRDZz^)Xx&?R`)PEG2l=9PV{bgSu3q-PXYB7YDUr%%~yp2p^viI
z+0p2obY;P^=t~`2`H*K_h`Vqp9hz86NqcNyd#b)MG?RX{j<MLp`Y*{hqsFHBF2iSH
zbagI^WOEvuEWhJA#PV)C%9$fWVOvIt*2+3=wkvVwLzuW)oy%as5vWf%)hDeuKlW&<
zrib|Mm>h4j_{?bm+xb0y%ypo9!yS>|OJ|YUP2O-v^ousSSSG7}Ux_M9M!NT9-;?eg
zz2JIO4S|I#8T1k5j<I*}gS!Uy-|=E`$?+1)#*#s6#;b)#WbX`TxQpLgV+|GhV~?UI
z+%~_GgzXUC0IkhMrNVYoB`9c+e7TsF-hwUOiZ5J=suQUz<9X#j4-tU(!;F@Xeo@9a
z@daEFK8CZ*rNlf*#GtnNEw+r3jJRAtl^9hFuvYm-O<$~mckmEfvr1#lDrn6rlAiB+
zt;->{yXw*eHZ#S)d9@SISh6;WGMUKq{A8wr#o56PIdKzbI)SSCaw2WL#Al}g9xoPx
zux<Vj7bBB-{SF{@Ayiofu+sRxGqT!Cl{HQhR3A`@r){x9OQflb_9!5=tTZ>%>CG%W
zN|i&7)mmls28!8DEz>T1@p8(!2CvGoqOMY;Igk1_+*Me!!!KMeaD^J%O#}M3r%XHP
zm-OIio7Os@J;l5kI+=!(2QqCD&JK0OlQ(qsUO_U`&fx64a(Bl5f89>rU0LO~WlFjk
z*?&fx^*~R|z;KT-TH_o+g0pry5u8qW7NqUSvz#7?3XW#6L5Q^Fg+@f$y3qQBZ-uQO
zr`9G5I*<;aQ=7j?(<#&*B<{c*1<G;0v@`AO`?tdPWp5K~lu&sm6iDX)D02)<P~8Eu
zCYDdo9DRc3WKR&OEviMJOj}OzlLk<uH1Y8%a(;R96LNluZ5&Ry7M+WqV?%#Wz7*d3
z<#a6jae{(Xw6PN{+<I_U1>Q2&_nC(U3bA$uDRq{loM65HH(!{8UEs-i23_1({uy}3
zupdThJVMQ5X)d#rv`v`YO^Pfxt01_%E~_)#o$Ciu+I$<=4~+2u`(0}2AJFLVgW}_H
zOV)kJMa~<k?!XF)ls`=-2&6=nV#63<e|mnlWegzuusFs4Exe5KnhwW0Lzve{M(*P)
z%u@+ern#V1`(rU$3swYUl@2*_))Kx%Y$z7|bGjs*da!1siE8|~lS3)f)FCuZRL+N8
zI{OTZJAr3nbO(CNDPIPa)5ywI(4mEDjeJ}&56e4*#RZh3+Vltep?+#?juNli)n0e9
zdl&?!S_f*~&PO0UYFB<bZ`NJ#qK)C}>6M~hV)RPpO4r#7o6;|c_2{Km_dcJq9q8>V
zHr$%SKRHqF;nB<<@^g(ILf7hT#+uuNt_QTb_92E=9)?XvF31s*mtxLX_QHjkoh~w5
z2^($1DRGrcbAY@{5l`b^4JU<~4<+mjMLlXoNxC)E(U%=LpCLJ=7S)b>b>og%{jFKJ
zE9yS&AMpA5#_;19=hW3-SLC`T^q}e6dH)Z0?*iXMl|7Env}qflbON*`AeNvJTVA#T
z+DMUxKA1oPRT1mEYgt4=K{mmnP>N|+X2&S&>aMG<x(^lI^|dMj@@ROpfG<GhA&P(s
z6M}#sr64r_bI!e!Owz*Ye!u_E=lA>V$EA~*`#ksDbI&>VJj$qVI%NLE?}GkuuD)M7
z(mi$&VAbyLu<s)7e3`4e+}UC`&Npg*xR-96E8_TjgcquIilc`bTIN>njh%LgQihzr
z%GZ=whf5}-y0pInV9`u%@zG2>y41XJ9_kkgWBP?F;brN(#Av2Y02y9oz}_2VFKH?r
zWEDc45^j6vKf)9dt4lhLW?HDdSfWQW4P=Gxh{K{+yCn&s^s}V%SU(rL9}(;RDk#4!
zzWf7NzAG#L<lOVC?(gBM`<|K|2XI@0>YnZ5$38f#muedgrB=|-tkLn^CS$jQ*{4h6
zKWP^DwDL?OE{y_d{>P8kuXRhuGm-wweo;B!rd`HgHusC>w?XSIJ&`CyA@QQiLQ3G<
zF?deiAgdQX0FOX!fjPzdbV|%_HALe2pnu1axF}pN^tEf#ZpuvZWMeeD&uy62XCO4I
z4Y@l@K(mO|Hj-DSQ+5`~lJdvx<${#QBY;^_?&m-2*w0G(2}~V47xCvRc((E93V1g0
z=VEx)wz21Yc>a(-6X(|zZyw2Lzzx47H-I>U?$Kc2aMW*JcpxGx7tZ+x01z1Y0Q}MJ
zfdPjOprwS;gtL3?dQ4d{@;3a|?d~iJM|_v9FXcoDj2wfn0AoO$zfa%AUSDg&c-!sH
zn^NT?x@P&14nC$>aicpYn{M$!kS@`dos<;~8@;`CpEhJt=xB!uUueVNc*UGC^;-mX
zKdA>){&+VdJNfZy==S8##sXaFB<SLBcRF=!ZpW`RADjS3WR?K!s=JA>+>}UIh=Z=-
z95kmcK+#e*ePv+5N&7q%>C05ESf;3oL|yi#B6XRL1DO}4CHF~7005-3ke2UBDX#lU
z@Q&-S>%Kbkp10c|r%{J-n(SDIGgFCKY)`6QuVJdtGBU>Xw1zwDrm$sXj53w0LUXl|
zqhJH0jZ<`weK3~ovFaS$V{!LsRk0;jN5?73P~Op*PFYO@$-1UMke*nhWZGlevISYX
z4&!#zlx4d7^KEbpWDrj<#v1xiNYr@ULiq|_`Bu=KFgOQUjPNKn!UNT{T2%`0hQAeJ
zx~@#tIrM$W1-eqBo>Vvmg0~;Y6xNuEi)TcCl(f=IF!;`>cr~g)7sl>EDxynM(QYUw
z2p39n&!tU-LBs>epjEsvvmKoB0Z#h`f>UnjlXJl7hi?q`hnB?qLpC_n6l;YhfRoZ8
zoX+-Y2PeDB-<+$@B_2-5w5mb}pvp}ERV;gZe!J0ZN}&tIs@R1hF!P@WiJ9-imBN-~
zsf?;E&*~3V*5AoA!=vgl67{`?c;2#q6oBn71UBelz8QY4;8f^Vki*G(Vj?X9QJuOu
zNl@ZPD!)xuj>~FIuD>Zo+t~vp(sfKCCBwWxjfsU5)dCF{3(ls}J|-b9cz0lUCY!*F
zZEOPOWj*)=a&Q7BK7rc#D1Hn-&`5=cM+>L(!hNvt_9?9JHLUP*R#=P{)<JV27Jii%
zwzI+kR`|^4df`iX;l5aS9xr^dmI_y~!Y8AJd-1|HEL_10Z-T;x`)-7*&m=2Xu4SQP
z1H*f<W~#6m<(v4G>%tppfJR9FotUxV)0lGJx}esk0il~)?NT2`D(|n!PsRv#h-wxt
zneO^<Xf(EMXGEtF$*4i28{)d980=5*CREv(Sj8NxA}?sgWJ08A_jdI!rKCSn{Xmg2
zHB!DUCvC?^(Jij5;9I$QJyviB25-FyZ&P6Vg)cSWV<||;na;?%QjmEwQRuOjjkq&k
z3hboqH$NBUfDAeVxE$cS6h<q%sy~!f(+0%Qm9kn#Lvv`}xA=&Bi^JAcOtc4KDd<+#
zYRP6aFWnIiQYuw<^;~<Vi<s*M6x8V!2<4#3(T+eu6j}Bhd8}$`H6~)v?GK2OWa{VA
zeFqqQDR%3dxsdbNJUzpnNE@l>t<DAW$pu_$SkC}vLbZ5pC2`sb38C8Eubn49RNtg?
z<cGpUS#<Q)-T*IS76l!)&+g~>O`}cEZ;$OyFzM|Vq42F+7(f>r64FEfQ@gJcsli9c
z*XHuISg*}X#Z`bqJrw#IhU#8K{slTBdokaa`r9ZjU&i!=Xq1A8DQy}GmD@;SZ;GMk
zT>|P_+DLoxTO(dy60J^nEpEaM$7_)*LTCt7Wljn0^#yQzW!jmQBIfm}9SaC&k6)Y!
z+GET<_j)`g7!v%THN$$d%h8PMQ48y#d?l-W?6nhR|61dUL=x6xc8B&7sF!F=(wi?b
z7<*t38xvI`9nk;6IATH?KW{1QEgQr1m^}kGwONufb;lTTYYUNJI`WzwV+1C@_PkM~
zi*pM_#m4=K%jYd~qVnH&m$PnuQifEI{!gJ{3D<V8E)T7b(Hr91o@#50=#BW^Pbj^}
zP?}VNcSC9F$or@B6eZ=@C@e~YY4{hTFIJCo21!g$Br(?L&fg;FX_bkX)xS%np@c^{
zz>7~d6kjPY!vPCZJ5towVM)Gm9bWLEDN`zE+45tg1nEVt@$jd~z4lWZztw|bclOy6
zX1I4<0x)hp+lI_Sp?=cBc&VnhDGVdXT6G;0G#PQ!<|l!mnaQN+zsG-?jGuDp)5w|I
zK+LJWC5v1zlVRIxf5b#|N;7;rglV~yCT(I>I*erG$ZaG`U5z#R-3qeQXJ<L@JaPcO
z`{)*yoamAseG|_&zTXfbbsH!T-*Wl-mMhqW_D>z|Hx$9%i11ur{H)@8f-E@Zu4h^I
zuH$W5V{InTzru62zxoVse@t{gW6K{z4WMpJq!AtDpS!>6obBJPw@(I8#x6EM7o>x$
zy*i$iOb7YaStYA35I#PUF>rbiFZ$rP0&%zNXF<Xberr|y6YVQoT}_4H%}+q3&skAy
zv8<pmo_>T<e<HLpk`!IPpf4X%N>!?xbA{l$#-)z8)y<hG_{N~egj@ZUnMpy)PryjK
zl<nwrqnz?6N0FU>^{<E_Uo#e)z2=v?i}Ww2Wo4UNITi~@k37?q_WV%|3*StU@GAsL
zRJ@ErJ4vM*Q2k*gu|$1{tPdKcM;kaVt6p14Q8_VocR@?R#>JvHOAeTpz<IpJj5IAx
zt}X_&2<pC8feH)R?QvhLT+#y)yXTP2k{=~CSeA&q{1VsWcKlC1d5{IP7$t8xEsJYp
zag%qpEUnxm`+pb}zAwRtt9`qnHvl3^^8!>&%y$Py=i@NLJutslQ<BTySV3k|=zQx@
z<sF#cHqBG*Ds+n*J*pXhZs$M4A1^D$(KR=s#4CTQ$qid+$IDXLQ6}MbdT%%8gJUY+
zN3Y;FSjFzZ)GESiCq+m_dz$gse=y%@5}A-_)2%X>15~}(wAER7V6Agi|8^n6Z?g+;
zrX1^}02A77s~lTh`qLRoYesQagY(8FW?`$))tce~gW^GsS3FRslrE6t{^XXn$XGS~
zC;uFDoW_vTEzaB|sUG8_`{zuB#lJja^p9yb6XqM!^?*V5Ajj(-s84=`ojB1(Ip6Ym
zrZyYh^Cx(WRFq^T=2eYL^LF0KJxUlQ-PN_PG2Z;zbKCd$4^7oged)-zQSJzkV9QCd
zG$BP`2Cqr>wxZ5b!>AN~=J6W>I1Qr*-ZK0~Bb4fUrf@GWc8!KoUvmm$oD1ugq8Kgs
zI@K-x9kFDWJL~4!le%~ZP*zF<`5C<`;UxP*OIw7uL73<rfi@kY&6~jn>2EylZ#^^X
zlEj9FB{npcH$(~kW?*(d5Mo{cnZ$bs5yD$owzS1&3=AFL)*aEdfFy>8ph1n#%xBQ9
zV<EBQEhkvV#1-AGODRl%^4_FND%V8EHilv`!$YrxvYmL@_I(~(nZP>TdIC8d9H4Jn
zJBB5;eoK=X!(!7J7MAgFghAifiEcac5>AN=pBNB7$wNQ3MZ(F@3tH=`b%=DZDF(qT
z?xc$%|EccM!<c$-d8LpdNPpiX`G-;v<m6f9iR{rJU6MMWv0Y}3+J9Scms#4eM~@zB
zqj*<h%jU)DQUeMO9`#OhnY3hnvUAH3r~g2qOU<<FX+SL6$aFy%rxq2lc&`8wjGL?#
zzbm>%Otfpho)pG#6Pdg1*YdANO=z+7<a(EWC$mcAfGb9ep9J7^HmnAkKxm&FZv%Qf
z1M~5XN#3IQ_Y`{6$tkckpf9||DRe6b3R<)sue1BbJa^t6+20!R!m?biH+pbILZc5H
zXZ)^Ns(+R-(>CKZvi5XmX7$3Nc}%dO=``>Ml^C!u417y4*WqlPf70PRQ+o`J_tA&w
zIx3r8_rNgN(B<Tpc^{y~oP3O->0gsp+|rC(#WuP6zCyHb8R`z0C=?nT;PLcktXkCB
zF(y~4e}`DFpxNWt;5*pR;_D1l762F$+S|R^n6qpk<@qnT1RZ6TnHU{<PG~1JJRMBf
zZg<4tLj8}J4r)Femj&PJt5-joxhcMJ2gO|Y7|$}Jt6~Uktm@_u61>-+bBIMd4F`bb
zJj&<eM~G#bY7~mmBT2o%W^k!svDTB~?O;k_;|#`DW!@^^lP?^IM8f|BUj5`4#;aQx
zufDWJ6hec~=m8yKPL<d4i>Q25M9#|XDTIpIh0~Jw2JVLjI5}@9z$6eQ5lVTKz@Mw-
z=%tF1y7b6gv<A}!NdE&9le`!CAFS-`EkQcaQk-k?O=gCOHmM%jtWart!LMbxfxK#e
zJK7e(CVVRsin-o57JKk0F|pK#_t}J^kH;0QILa{s20_^%7h9QzlPD7gvTLh5-C3%C
zg|O=e+5bR(5@P~^0qmd9^lNcVpEyEIPe`gemEoJNUs!j;AVg6j`-tHZ+@%-EiYxM%
zUWAE^Vmouqsd2r|Kf<@ZcVJXLPONcPTn*0=#`5DBGITl*WQ<*<7XuJQss4Em60s#{
z@!j4MwE1SV1kK*g*uK>8D7*6?Lu`R>cE@ui!v&O;Y3me2%>?lmMm7UR7S2t0xdU(@
z+#@lIR~%v}huN%czJYwqrgm^DiJSEehuOj>`CB_l^~k~cTf0aNNd}XL_~EY+^mULy
zZ~+L_Z$p@@NFr8wJ#H(P@?E$$>U*eE;pn=eew{p+Ka|;(cGRw~m`Yd6Cd{ht_(%%W
z8A>iQl=LoM#Vr{6P>!UK_U$oI2tTgBP33Pt#<#B~LTlMjA;cr|eN}?naxdG~FB}u&
zXVox(88IUa&Fx_5h=Y2M?>P(!^xn=&&>uYRKXqmnu=^8=fsGb@iCZK$u7RzGcmsqt
zc757ijR2B4@-y~BUtUYQq4kPux#mziX%zL1qYYDk@dthCtZm;v!XKgj!&qj4UIv39
z-h$r$FOVZ()>Fn(H$$mVCHpYn_+d0wXID>XzYx0dEb24k<xw;yqUjfq*D`Fv9;CTf
z%?nO3%(IgL;FNr)e}$cN2rMpTxI3oZh`qyTly$XYqx29u9pMLVk+X;YtYbg7@SiN1
zH{mr}XPbboEg@kS4w6qjz`&SY$_ayd6uBca2;+mh2|RpDobr#XI#UQ2Q(l=fNZ|fN
zb6Lh-D_TOy+LjNylRl7awM_j*3~T``B>Y5K%H|pY3>`94?L#sAR@8enzHNZF$Yx~$
zC`vI@c$}m}Y_m(9ZZC8P=2b!wTxJl|4tb=~Gt!bWk+}6{|2&iETP3UWpzYyHCKU+U
z7Z+kIG2g3nGEkxCQ8Sd}dkRn#OC5V@sGz;WO4UP4Xt#O)<;zn0aGTBdgm#%J|FkrL
z8TmW}$p4PWm5o=EOHxFeFpe2KqY<=JpG%uDuASc}wiAGMLJ^F00P=1z*U*u@TC*OI
zhx93Hw6_n70$sYHz9a#o-beSTm4KgUf!Z*+eZOzK2P9+!^Ar00jUD*3&b{&chA~%j
z!<aO!iw)R}%i8(04&?=8?O<OhU~h|FshhQ$f$U1%63G!rF|C%zM2SAIX>OI3Ez*)n
zN&eH_@1Nvcijss=`upbJj72em8xzNPwLZEV#S32=w5+yxEh~qwXFt=It~E9S04aJ8
z-9m}{!`D!%*4CaMVxBU%7{(|;Y1%7;FbfS&VuTv~?~&w%Wu8BYQcE`sLW{3t78_`o
z86S<IT`(<0siJul;1i4NaC$hE^_0>GH!(;z!v?)6y8Laod%r~mZ_9eocPTXCR;x5u
zWSx6N)zSO^#3BYQ3jaAFzC&{(hJPuCHu4jy@K7*a_z?FEJkJn)JqsE`w;E%=RB3K;
zPq<tBZ<u=%@O}k^S#bnAEN}~(2lIN8`Am<qIcQH2pU+6pnM@X0o%t4TLobYBOXwsc
zMZ4F-RJ$lp(%$kG#q;kaz;=(bcBCLZ_V!RxP~~$q(S`dNzXYdHlD9MJ2c(AeNepZT
z1)W6?DT=02fKh_LukoZu|3qGjYpo!5tkO-ULaz(DzEbXY@;FN;IAgPJS-+{QVWYP{
zTIFwXiKkutj(O1H{~J@e!*2CnT?RXDN?E^6Wy%)cu0>F%Ypy&%z<L{@p49LKf?I6H
z<i0K#UidHZ@r}eCZgC4zawc0efvh6vN?@t}BY{k6QKT&-wYFou6d1%<^+Gw2eh=Y{
z7&3;1DlSzgn@w(Yx|!w6K;H+++6%KeEFkX&*U9}9&X?kMc+tCgvn!~jA^d|!(%l8k
zPGz&RZqNKO4Cm|YAf9hy=<_x`UmYDX$~Nr}Dc|wvh`~LkQpGOHfg+Kjtt*GMmdk*q
z3<E4%6m@r<88!H?;kr7WL??<F$)w%W(%6lf9{nc#AtM@7vDQoy^~f)vDw<kP$CYmT
zfHtq@acFE5hX#`*xLFeB$#yH=#<2ilL>`)(Sn9G{>~c6WJ|7*$rzvTlkIuUXr0sJ@
zURi@-X`b%gQ*S%`7Pl&Q+jA4th2IXLgmSo};&x#)V$AV_-;(8ldMf8<>Jt|n+Ce*=
zJf0`Aw26fY8%2(8lnUG^RfJBeC@bsHd2%uC#E@L=G?S_EN2p0u)*@#TFs)~pN9iYK
zQnZfnEkGa8eid)fe*7ff>A>2~=^(mZg@7T<g*GajPuhcIA8>cXbo)%Hej=$beL|U9
zn_D{KLEGF^_}4ynyx!TvAIF@rqMdCJ+IeQR>x}Ru^mSVVTc)5(uu)2tR=!c><uRkm
zeSFJMUXRLOzGcoySOyyiOSz+Hk+;Z5QT8RQFVdF{B{BNqyUj>jo?aA%|3~q@FV=Rx
zFXscvw%u)!aBqt5M$uAWe_!0Zi}rU#sZzASsg_%m;K?m5!DQcHjMhW3d6-Fjn`V7>
zccf*F=o?zU)#nbml8y1-l;D<7K@ey>@WR0GIO}Q$0SUJt0~9=q^g%^*MZawzBQCWk
zGY}gF7&%ci#{%v|nPRJUFqu;H+63=xAfEXc$d%oCFBnMqfAfKgq+I`T%-9m`zT10g
zBtilOnNPlIi`0>x{{m{defSk0k>YZjA<nFp_gRD#d^vI7n3aQaK)WiLWmC0DOWgMS
zdJsA4H+m%=5oy2HrAtpC?1ESQSZ}0eH8L>p5(Z-v!*-}U8Xr5bO@B`0`Fzhm{0{^U
zJE=YZB2+y5oC9L;yW}IIiTdO?U#yNG_vDxV334ySy6(=p?qDAECx0TI_b=l+h&Qv4
zUXF^ryc%BqhF(_1Ufv$h=e|UaKl?RP7Mw_bZkOvcKWae!O(qoR#}tw|<Im4sFN@ZC
z4QsvHj=Sy=(F;6+1x$>SZ}yzu<G(oC>?EvJzyics<M4^?_S6sJUA3$oyK1piQEY{d
zf5C3RD)}Xrj61I?;Zz!*OQ+I~gi~o`)ZqOql!bG`y`rJba<vEWRhMvTxMw&k+#?$C
z=F@@SM#5=^+q3g_{Q0Hq_Utdma^mCT;IT%t1hyVebc}sachwN7;SV%*)8z$lN^S{f
z$Ku%p;f*6G)qf^X#4STmo7I>Za@JQA)MmS$9dg!3@Oy|;da|+9+>Cm4Ul(Yj_&pIC
z@vX)~awfOzUh>mmf$=XaDKV;t(RrdT`+Vf}p+fjFV}*uuR48Vj=e<5uzg6M6B4?uD
zUQCK$?d_G_xeTr(H<g%0SQdoC&1>O@5dE>JZoXOYW;Tt1cWRo^DTE@$T|e$;MT$Gn
zO^+1!AKFX#dF}lv)*dRUN#UAshvv}l+dzQWQn&Q)xOR9g`44>XUXUREbzMA^*w73>
z;&^|u^WLvoffq_Ymst3C4i^i%i)i*Z-Jb5OJ0YTQi1GWz>G5iq@b&AQpDiCEe;gAK
z-#wRr*grwq`y&$&9}7SAU&@DTF8p7W4}n&v3*J%K45hpu&O*j^A^Y2I)RnZv91TZ0
zsI%ewcJ{q^VQxaI+^Ce9bpewyUpt(z-{b9Txo4u9MrrA<kk#Atr1W_I(s+Dlq<tQf
zH7->mp#ruRa1i%fc;*sW`A80apDq`yCx7iV?Gu-vhc50%fC9R1Uvm{^1aPBpIUn^E
z{Z0UN&CG*e6YcrHmq82LcQow6JVHD?Fria?{M+ND(u!|f;vrYRA89wUs55vySV-B_
z`jVZF7kPox+JwR#5$t)p18;R(VB5^XOep<!C~GO-d@1!C<ca35b&KBv(`><n%p~+t
z30vqoc3JeF`e&hiy_RSXpM{?-Xbg8_#R8don8&KPC&84oz5O~fq(&v!m2u+67%SP$
zjIqhhWAfQ%8dC_ri{UqAKX3=`uS6_(*<qs8#oo?_sMLYsb&oR-*%y&c9-!P4%U|pV
z?5eL2t+EejM=CNXeQOsNCha<@eFE)ZK3$Oa3n`vvZ;`O9=LI6!{*OA8)1m!6p&N|f
z-(0Dw*oOKW856};xYY*>-D-6)hR*1w$5+<#mG_LwhedYOq<^bP{j!AcSF&1CD68Wt
z5{|fIwk&Ko7aN`d4Fkqh+puA4LVi+cKOfugA8nr-eWYlwLmPT`pKC9`ukgpv9ja6E
z<GYL5W<3C<V!jG-@*?^ymGYQ#UVD{G0X}1b#XrZUYa-D6*9qVZS}}c#e+`omx6ln~
zjg@D8=rL!2pk<m_Mu?46?O77dTs&N|m66;{*Z|Y^Y=#!<YM`4Z8=dco#f6$wZ?+&6
z`p%=;iEXLU9)B)X_bD}FP$!o<%nrONmsoz>(Z<}uL85OAI3swo^e{`akX83PO!H%U
zNESCo_IT7WmJr>jK}Yr9OAXIU0>LoOb_1Qf7@NT?9)7(6z2x;O(>to-q8Jki^#VL5
zULo<z`NV~BJAqkSK<q4tg!)orV=Qj9*b?sKQCh<$7^B%Uf(P@h|C&I@l0{<TCKjT?
zEjG%lV}$O2T(B8m;R8@SmW$7$KEiWK@LWyDFhYf^V9mKARIp4<Q-@=wrcIQoDZ5>S
ziX6<;w974i>hAY}+hO|JJIEQh8G};naw@w(UNwZHkQ!1^28xBG2rmv?bF%JqlJpSf
zszu$&wV`j|Dd0R=1TVj02b?~=Rk7*q*QZCCD>j{TO~MseK|zFE>JuziptZM$JMekn
z6`pS_WCuWEZ9yZ>c=j-y@uxK7-q9JugkiqDk4r0#yT#q^e%m|_(+}Q@1HS<Rxm!8z
z+s{)_9fNt;T;f`nf2{>6UHBa|9?4iv$#K*^8F)P_)twT(*$k66Jd;Y+xwt=`!F+(r
z&P3>c^D#HbQw#{kxb}NEM&)|cDQ48zcn0>TLx|#;5nqB_(rB0CL+N2l21{nL?{Z3S
z=~A!osI$#X<%Z0sOI(K%FxGPAwRrncT*YJBKMQt5!kMg9{X0dHk9fp3@=C@i*nZfg
zy8pEF=s`3|TTPa<jdW77KS0G=@QH;&3g^e?r^Fagl%X)PMt;ggiD|bWFKm?^Yox&Q
z6sqP{_`e@LRDg-#Psn>VY^=R3DnJS;=%aiBBl$A;P_b}MJUzz}dW~-=LQa{5(&8c+
zLK3u392=PHK(qZeS-sMYv4}C$hwQI~!>|DP^L);}n_gu6d12HuJYRc_xN-`$YE?Et
zV{&981_+@Pq2ejP1F~&ZMWk-Hy5vz?zh7WZqI%Q6d2JYLnu3Bb|4>Fon63<$8S$1E
ze^D!lMzM+w23<#~Qs5CPtR2O{VZzFLNah0C=~1u7XdB$Pg@@N*{_{M%#<L)}d(a4Y
zy|e@k%<Py`7M<*5<twSaZz@?{L0KsJ`+Z1qv0PCSer*u(tI9Aqd<WB~M<=8^(HVd@
zb4B-Pd6$~Oh&tv*T*{pD+O#1DaRqTSb%jY%!wZOSEoGuvYIu@N7|U#KN2}D3oQ9S{
zx0+C^TjL(Vkk^~(RQlNA@HCOaB7_zLQx>^-ih4IsNsj#aOi$h!d8xh!(cHEE?atUS
zCJ;{oHeGbHEVJVSgJM}``$jWyALW_2rTURcf-p8vgn{k^?N^tf47+}`a?86QSbSTX
z!E$Dy5AW4Oc0@dwFq91f!*NBly;j(;0n;Fihl!cj*>)WpFi~@)YUL4eR35;9XCP&<
zey@l39*aEUAp)MtP|bJy&p5EJeSWB*RSP|-0bnEt$^odOUSp+%wM}U)Yp~K$867H-
z71)!8$|b&^tDQD%I<iT2z#f(Y7o4FKmt{%H8g9SSaFj2bO==j1C^F(5A`IRuJjxKF
z2h5;#FHL2hZqGX1o*%XU_!X(r%JM@P`qMoSZDXVB1>id4!nD9$I^nV&=gGB2%4xD0
z_`f2nF?;$aux6(~N`N&x1xw&jegq;c(6XJSWqWln(#<B1GH5rf8eNdoTFCVMr1slE
zEU~c-jqHGMozw>PMDOzBh%4f5SgW6OvPUq`mw_f&-xo$u&`7zXxq1dk2O7MhyIyGj
zX*7n@(M5XfBeYuB2LAv#HI7Dl>|SUnG>0jX9vXon_(d@hydM|g<mO^T4gm$Y)OL!l
zHK+A_M5o1`Lg;P$iKEahT88ywm)Y?B6Hy>TJ*4WpfI+3D#KKlzAv@4cJ^`$mvK>cP
zr9JSfiTM%A=(4^W&K9>4aw$PgB$HLCerK{Etfpw$qXuQ^IYeXXE8HYuR3|EHw6-n)
zNTnHT<)9(P2#k(UZ$o3I=Jj-=(!X7N{3F^^Sy>p+rIi=Q{A{ehPX^-Bt}}K?+<;o%
zic$6ar#gFQ_)m3_8m3}?NHuowPQ|3ZjJA61Q?-{bGSf`vq_E2BOcQBMC&IU%`kP5l
zGc``z`L4inV7Kz^i*1GbNqq%YRU6*N9DOeXYoHv~X7w;f>AoN^wKaW4LUSR-s+%WJ
zI)FVUuT}M!8#elShw~EPp`7yXO>Wre?S_DP!-Boc6O>k{!>)8l!Fd20nST`R&gf_J
zQSJK7ES4}7$l7@{lz9;yi{6Q33!&cnsL*iza*R|%h9eKt`OU(&S0*zJWo~S}|HacO
zqs0Rduyb(WYgckkI_ibZ`RD;nZIRHQlNmY08lk5s79t|%ZI2rev)f`*v<zi+KCESQ
zHw!H#qRpFcNC-el@MdaB8KR(?1J{U(g$^$`w`Q`rF3k{)2?VT|upQ+a?TsceddmPr
z6DXx9#7e4_HhgCB9tIW5!S77?n?)S1K?xk4C-a){(BUX*8VFp%Knlkq=QT_9rDXYh
z6u94!EJUJqCYMk;G#GnoX!NFHct2ltJctAJ(Qvj5)blvFbuT4PJHch*s&jz*{dEBD
z0R&;61q34G<*Kv>7)z*U5@ksb^-4-y<HQaVIy-Q#&c<VBE5%>foO$&*nv1N3=I-T=
z&ms_+i``1Kd0fEsj;xeeVv7OTFx4#Qo$z+SZLJ*C9__y);t~&GX}&TbV>g%NGLBYX
zUm)aqV$VRji(Sc+^lfDrRo7J%h)rNbC$@W2ov?kwDbc-(St^pdnyHMwSG}3hed_B(
zd-N?!7RzS=e?u<{?SORt{q)WI=K#_dYuX}V_b&qYdn?W<<vy~8q+I4EL&|MrxS00h
zsFc;g#n2Lg?Ov|p_y7vgjqJKyF(C}^@ELWa5PIqlEC)mWvH?(c`Ob^b+Pps|ddpg@
ze_C}Vj^^sJ4EB>n59xaqMNb>>=b-{+8Ud=HU7#1y{(3b<73j=5vHgKX706%Kol1Va
zya@X_eF+N);JuoX68<>!{8u^`M+v6?bhhr>IsE1Me3Z*IZ1dSmXzcdr*fHpV_E2dC
zKdFk7nEeBv$5ido*H1@6W0*7O1=kM{w3JDd=1#)rQ`hf^X!lQqe`diy;k(0A!&AbO
z!*_(MaJv6`b7v%c4V&<rBQu0>XZHM$krcEz{9xD-9vmJXz1^9f!fe4zJ9C6^FKpp%
zY#}q;J!}bQgww+pW37Ss&rlLN^mPvxu!hHtj7CGAs^z4x+<GLgbi;hS0d~%6CNoQh
z!%<~@*DNOKXkk-NBYOO+E4wK2?m+XTVq-o$ih-eQ*KT|S6-P4cgk?kp16}W%GC)|K
zNz2%zVSF5rE_}m5SO(&0_6<T#&;AIV9FztHg`LTlq_Bf|cT^=A%6~W&5hOH^5Tty{
z0E!pE;}<Qz?P8e5u8SFZTwl~-ya<o-iJOe!n0SPekz<=w|2VR{%IC6j!lR~@Doy_V
z$<CHWlk~(Ir#itbmHqIh*w7+9YQY5If&0yJpp4}E;`f=8`nTbsQGG8ofOT9L!6DjC
z*$>c^T-_r3*IHbTAEkho&Xp$FzrPjEEtgc*qR!1}MVVs6118@ZX~}3rxk7(yXKyW;
zY9B?L?YTK;l6}viPB)Jfd!`&9ofx{33|6k~g-nt+kB3O}V%&v;sF%)nvoH#HtMz>w
z-Ido*<gwH&I!T;B8Dls4DnO7l@-x_}Nou$REjHEkoO3j;J;~Z_IE#h_`we_hCL7#~
zX=c`6j1}4%&kC*8S)s9AfV{p-cdt@Q(BvKMRBtdhY^^O}x{D1k+*Ww+l1iIt0IJKR
zY%OTv_eBn~H%E>%kpkRt%y(4!V`KPc)D$E)Y@NUIO))$^x<x3?E=<M|7h_d*S)w*m
z=-~3qQbud7QI9K5X)jvY79q#rxHu0+n5H63W5)~!#nY(?pztn>oiwi#2*z~I62gB6
zRBwBL$Fo5Me-;t^sEue<&7(j<d2AMK$EXY;YJ6O%DX*N4u&yRJGKj`r`LCT3{CgSw
z<pxd<brPxetDoht+L{fDC&pKy@Mz<c01%^nLj~2eFtUMEy@%7-op4~}axZCnAC|?|
z$R1fOv8Xkc;+AH!)X)W(6nL^o4Miz}ZmLUxfk(*dICC^}b%4ShW7zpX*E0a_P$Ma&
zpe5PT5(FvM4;!x~2raI}K+QpDa1%-bcsT{UW{sZyc>IZcLF@8EHYvi>Qdt{@??2uQ
z<T-qleNRt|Ufq**Y*u$*cthW%GLWWpCfTVWEe%apL#Xh;##)LkFp4(u=g#Kva%l6I
z$yixT`ni>V1sp@@U8+3J(&Ds;Qo}CMFlbh}B+k}18Z!L}oDK6;HmnFnac3*CJ^AMj
zV-v2(5L5h$EYep5?Z;?Et~YhCA}fx=ip)8}ApVf4-HP0C6RgOM{QKJ}2`gej09==1
z1i+O^KNkRRL*;NGubBkn``I;L;oNcV6bgqm1^0ZY80L9QvJ_W__R=(JWS7$F3Tif~
z-t)6p^fCnHH&9%ijp6;FiOnc=TLHU5f1ze;S)fmHM~-S^UgJ1`TH8W2WhduVw|XCs
zjm)xITD9VBXCp2Lh%Hx<JCoN=X}&NqZ87P)Qdm^YVoVdquTlhg;7koZ7Hrl2oy?Qp
zVg}n2AYQuFf#fmH^n^a-efj0j$yNI0PeCK_UH;RZ$kIi6_+0|U@K0tUNyz-8EFO#O
zLltA_*(3%u`6PzLs*~#P{n>lycW(o9UKe@&hKRKAevu$Z&^xUyM^Wf@eR+;aH#Ney
zDN=1CuoD2>a3`}st4FSR+sKKNA>Tv48!BjD9%9HhOKgXn^KJp;T*1FTBPJl{+GWt~
z5`8V5h0IEbWyu95=*P}x&cC3tf6_@{KHpEGG0L)(*|lNP0AY%BOV<GX%?(bGvVzB?
z%3#Q!q|XheHXo-}&oT{E$g5HNMo|hJt<qzk3W@X!;dDt9xhgnvJp)q@6&qU(CE<o<
zt;%>5FGQn{<FYiMF%+b8H(R%z%Q<lt7n)W#^vus*vIB1mbaQXqL6m@)ZfNju2bziz
z95A<=5H39ieHT}R9*(XnjJpI!xlm*SgO8VzheS}`67ug6<xU%DyvL==#!y#uYTfEo
z?>8YMISx3DPzAHt#(2_}@WlZ1lz;RaB7|(%9Q;u6hnsk?*04!8R<OB7G$6z3&2a@*
zF6PQ7n|AsuQZ7pMjRXd-oi5L2UFce{UegPqSopWytQ?hczAM(9O7V7)mIVE+slGB-
z<P(qMPK$SxF{-uKkh%*bi>!*Jyg599N|HoDSr4KdT1;b;;bfBQa6<;1AilNo^mqbG
zw@~c?!qJ0FA=H^BSM?1htr$3supC1Y-ecBMV?Vn@>?dqTAYD2U?H*180l+OJvps}J
zGzoxO{H|DB_noL{2`mo+boPv)ykclRxrU`oPG`tsGq~koOMTuaw;U)O%44>M1^t-_
zcTH<xRz$fEM7ZT#guAA-VJjmnkM-tqoDJESrLZR%N+w6*Qo$8#BU`iS{Qmrd9LE16
z8)HK=B>$;y-roLGl6QdrREqC%xq7P`5Zk}bc5}#@Vip3X?!nW23)VzmCd13<kC)&F
z%D?v+*s)=k;GIKHV#nq;06TUGXUAMu7}&9N?ez0HJJxs^|DY|oEQ9+$7{=G#+tYu_
zg5yi}T^{ZFK@)au>MjRQkCF}Jt2P<Nw}g$4=&nA#aX7wUHjOXEIKEeg$Bpl%==f~W
z@nv^3zBF&9|5R6BA0-C4-N}YQETEANA8Q=MtvHAxHi(z%VG#ZKAnfsj`20D25YG(J
z2l0D&T4d-y)!W^F%H-=E?Xb$&``fJd4`&#9pMkxv%A(#U7<+$dSX}QnM0>w5+Ix>7
z86EoHP+ma1{Zl6(XJPV<jRj?Jsquj=^}UYKS=KILTt!9Hk)4ynFWw|_xQ}GeZBY-&
zemXPIoiegVnSm#XaL>*UCl$1~0`n`i&Q_DaqOKo3+(jVK>Q$uFxFu3voL??5+Q!q#
z`qx?YaQb`e*tZ&&nifm`FxM_?+mECQ7-pT4N6XPTw-ubE7AM$*%b4fyo8zfKM?e5A
zrNlKXzBhn6Y)&VxBVSrlljM(d@y$UMJnmk)83l^HG1<)Y!*o?Q5cu=(oG46L`0fP2
zx&ZcZLR$8c_Cgu~citOq5qDttbG79{*y)dSmKtW`Av2SXihM*F4DgRKG|&}GXLglP
zXwZ*A<zGQ%slhDj(Ajx7m7Z#}ufI>_iB#HY)&9<bY12BdODDTP<?Bd=8K`GFrxU>1
z?0ZP1v8j$Bue{94l^V&2!Kpn6gV)2?RW^>n-xg%h*z>0}qa`;Qj$fps^hD^@JEbiW
z&AbZocYhtPFF2mf=TR__RA_J6&aXndBBFaL79RjE=2CVI_8`@o9II6gBb<@Sh&~|1
zapn{}_+1n-cZbHZI13l!6evjH6RE~zUfI)`>dmse7fv{<`wqSz0|PRI_~F!WBW;WJ
z)_xeyU6@bL0%t(FOKA#c;y=BZl_S(I)CM2ZXM6GY`l{s}O65y4id3I`X%HixTd&K)
zKmMRs>^vZYKMB#NmOLYUq&OIJaWkdKm<2C(Jo~z6UDl)vq{2e`-Lk&tJL~3e#feGG
zomJcV9XrZ41@#6{-$wLMR*sVFO=io)kZr@WbtYXYyOHgmqY2(SRcC8MV~xa|O4lC9
zW*_SuLws&3A=U5TSV{_WGjU^ba}bB54Q*opFf-?bZ+B+5a~JSUVZEsj=CZ7RyR{2n
zIvZgx19PIqQi(#-{BzDb|Lx3sT3M@o{w+>^N3>#k&iRq_H&KKCXP{<iGSki8Qak|9
zgeCBY=2oz=pi#Tq(OZae3}&s%Q3mF}ug!^%U%lWEnsm9<J1rDI2%yy^iF6)rb%xaw
zm}f$n>Mx#)=<=FksKW06{H8mMCZ@*pv{8IyIJdkP`A>lWi;<$GCF6L)2#~|6&651k
zU*JRCgXkT-1)e<OVVA!t1;04!u7<u((b2O`&)tkd9T_pC1H%J<R}G=1TSH5?;|rLQ
zzcs>*2=#N$T(A`wXzivmY$YwaorsNvZUs70!R=jsw}4sRka6g8_eBO*ly~?o9LE_O
zQkx32fWgmN?W5g|Nb|<__DCZ&RB`WiqtCk+eMv6uLvd&xVs=Pup+mJ;y19hxRl|4T
zfb!go(wWJ<dyRG~l&y<yR=gdfBLZN*<qSy-(h`gRbc$Qq<4yOUPW7e8k&SS6Zj_aA
z6|8jNf!Np{!pSvk^mS)0>HMAv&Y6-5Alz>n2{+R1+wLT~-Fq&h+qPvFak~99lCkk!
znKF9AC3LY-zzX|k>V+@ng<rzL{dnPLE+MLX!3Bu$9(6Q@WFOm#H$=maOraJojCQ9V
z6RWX>uhV({L)OC1-q^y8u`N@n2X!BfhVGr2bTfS~0&iRedaI)MY&M!YMA|vjJj<zW
zg*E~zgaYjf42(Lw_r?N!=;!dO`G6nP2Rxn+`0qI2A$-7#?HNM2UsN$U=Mbkn+KfYN
zZ>BZo7`JRCe|>ayju09Lt8BC<o^)LWg}5<$Cjl{rli6jfn^PfpWeRODx^8|_7he&J
zJal_53j>1zICuaG-!OT^?fJe7WS%TN{v*_zpN~Ga=$nCASICDO(>r8&DJK423MkRc
z&c1@z$@-ZZ+!THdc~Dk}5qMT8{dLm9hF|3R>v;bO7_H#-LV0yYe#7^*H>3SB&;=8k
zEoamD;}P310&!%$T)p1qSU;~2cSxEGsZuji4)1QaT5ZLb$K)7kI;Op|9trh0d8}dz
zsnhbq?<IH&z~U{KOp8}GM-T7an=jrmT)g`_v&9QvlwtIbrKkx;`w$GQuC&USv>wAr
zFzwb}q&p;Z>oM41U%~*^5}nd+cuk=A=xY<>heVSlO_o&?$}=#)#d`qPCQC~OT|y5{
zCi*L&$(6D_Qelys8y8P|Lr?`hh$Q|~i2sl`P$jm4Ud`}4nRHX|Wva^`={BoByrSGJ
z;{qn2PmM<zyQxrM4m}Zf_#PCzW%S6+2k<i4R(tW%iv@JLst~aa>|$)7v?$-u0KCWD
zEBMTwy#2^TR(O>CVVhpu&B9bs^boJ1IMQ1)d7QLpb>9HLuLKJkF+zPma`E!@#x)rO
zAC%ymV*N&6XZ(G`{w_j6qjTXsiQyIL74RA_t;iAd=cnO0wtg&N2S$X7dKswm0dS2A
z2LeoSGtiB<w(gQnLS0QCAfYc4mh1qofW#MxrmISP3;h~S9gv-_$@f1nEXiA2SCf?C
zt0Bq_WrxL=ol0e4Za3%!dc+r)!5VW?)C0`8LTpk&BW}oVP`d!kk(uqYf4nNPQN?=q
zJygJJK=F6ti~9`4kt{xliiXWl?veO%9#$@d{0Hqv7GBFYc(K)&sR#S<c9vOmsw8h#
z-TY($STc1?Vck*|jpT_&9C6hDhR7ES)P%<k-Tp13V~A0t?na8lp{?GK&w{*Sq^3s<
zg>CVL-!K%GmdMwIlim^w8tXU8>a~TkRJI0Iqmy@}UiqT<%FKR_MNfhyFO-(J043H`
zQUkoQuREJ*5w3<et+>9$oAhQ9kx7b4H2$=K04gUK3_HC-BoG~14fALyM3Aq6O1(O&
z^x0xwDKwD9Yd(IegHo?YOO2)lDrWRmr>($${afHX9ndB{`xn~UnWF;tYMOURKJ$g3
zT!FYbiStfF!g}h*Z1Qpme%TG=nNcj1BAip6!2K+e;tiUw2U@64LKE9?ax92q8?nb@
zi|fDl4c7NdLhlQry~`GP#5jvo|0jXWzlmJaCdPn%)RK1z9Q*sa<FTLXRL8J5eiK^5
z{Q*3mwZ`G?lP`-xsDH!|B5w>u$h(j8(KN9N;Q2$hGw?nUU;p}-#rR=0+=T#MGET&K
zv;@t*e(fgXo5sOtl}D7=!ny4W{2Cj;P-~fnlDV)$LS32RM$41|cqH9)=Ky{rb=6rY
z5Gu9Z$?Qm~>_cWIdr!s<`EM`5lpkQTX^Q{!FnkL8qx?ndH;lhn^j?lo0iX^{*dzN-
zrQJUkqdx{l_Nv6&jr7N4@l<3laLcWi4-mpR@bK2ep+Yzd9=`s1un<m%hn87Gh2`v;
z7Gv~lhecd`n9z-Syl6PM*nzc{%ah7annoL<8N{jAA2bO(-ajz(=2?=wtgO^E(KTWG
z?Xsh@Hwk5<HNb{6w%*L^t7B|y<NbG$YWqh~^nZ{|tN(<N-o<Uod-zwb9^-X1%^xlY
zOj~qPI9$1fWf%Dk%f}&c5I+f^(jH7=AU@F>KwRAhpnQ4OP%`US+tSq_(3jmpm9ZXP
z8)zlG-pbw?=kYhJVd({2c#K9c2*QvsNjF;RF&x7I?e*hAyst*GTeaIMm^SK(3Q_e`
z+yp0kXFM=b10?9_)%fXejp~hZQHIJ#Z~4yTlEE|D{PcWxIPcR3$&O7vGgc;<2t``7
zk<I&fR=!L8(4DtWc5IWS(c8$Af@Sa&H(*LvI@~b~7o5kIB=7KW5unW9^GOhW2>&RX
z+)4=K(0v1X3!#~$^=rbpJ+zmRk>2m-VD1j?w7`PKpdMYFB(vZQUJUs>(O${IZc@0B
zK$eSC({6jkDhf%>LNx)vKYXFPfFluom*8aZHKp<<FGK&SB<~a9XX5=uNTNsZs5ZAc
z)l9J2kLelrK6h@&><7q55BX6@6+d$49gK(0^f>6C-xl;N)sw8jY*=}O7p^dn64(?V
zYh5zV>-qdKV;rCREL*@cW8~$R5x~1$#sR(;0DfN{2>wY?7ufE5vI(a;?_qHN+uJ#b
z`N|fP(ETy<U{=ne{rTKG$t%v{c2rrV`m02i)M(0`iN11k0f5SWt?QF#BXxx!_gk1s
z7PYEV@wRA~fH_XkU|Vw~=?dJ-c6K2t2l2m6`)dpQ0?07O-gF#m+vnNziiz%s8r2&S
zvU*H9GLR(OCipRoqyGs0vRFpnG=XgRp+aetF@_&#6;**~T#2hy#q}^>YxfX~xx2p6
zI}`21k7>8SJe2h;#K4=bu0q1nvHVF<of@+`TN+6gNb$K?h*NxW_l#rhzJywc(;XhU
zfvE+}%il}~BC_u6b|l`ud-+?s(a^pCYL9EM@7K5nOg+Nr_?z7_xFGoi)P%l5g-m(5
zs>}JcNk#k=v}&HMa0Ct}v8`D<x^QPCoPsJw2mW&r*D_Akwznk{3f=xzj;?w%Yc?7!
z!fB!0l`!pvuVD2Wc6mD`z~?Dm-3Ha;@NcSamj<$c6SJrdaI1HiU5-QEc^>76D=v<b
zJ5bM)q=)18b22WE+i}F#MfR^XyB**7!r?2=8%Aln8|e9UTe4$q@^DJ4Jjz*@GQ*5c
zB>9LQ_f96OJ+#rCk`UC0^g;?66atF3JZ}<sFdsJ(u4c;lCp$Js_4lGLQJ`Ezj4Tsd
zT-8mwMK@0s>j~6a-GP75KzKq==8l5_a|Co0s3SQOr1BAS?KM(;Pclv7uT@D}a*ar4
z3kxUOGg{V=?VklB9N^ecgAN2j8~%hzXlNua?%ID9d|x-&o?*jnv4~PFNlTnO2>e+Z
z1aqOn3-Wt@NEMpu?HF@Rg!z^7I7oGK?HM9+?Lx1OokA#eQ%CAV5a+mYxc2XEX~e|j
zF6Xow5dNAe1%h_!>umP(9aiwJ-R!se4uNI44PQ=#(}L-1sp8tkA%fP371d|$HnL6M
zCDrf7Q9?B&KIj^QegSAjhbD`?xW8C48naOr0ubc@JG}Es>Wcc4+w&;o(00pe8enR8
z8!PWt!Zf+%G`X!#<@-(tDF~R1PRuO3k@oQ5G+HVf^BpT7g`dyNl<r>ucU7u<?^3=Z
z6M#g261AR&i<aGJfSlmOJ@}hU9WUq(38yRQ)1A+!%lyokm8(A8-g-XecJsaPyz|BJ
zP%26okGcJL{<1G|Jj@psvuJUg^`^2Gu_a~?i`(&})bMCBffGQ8{DLJ0u=-C>d)CZQ
ziI4+WO4Rx3A-BjhJeJu~_ceHdwrV|P;N_a!@Ego?v6ybJrXx|OoXLSF_*fpH(%SkO
zJ^8P4SZfU$)V45Gwpz@3jOSlq9dF<rZ{{6ilgX^(OOFhWjfrl@c%4E~FpP)=VQM#=
zD_}S-^;WZM#H|)@5gQBedX%yRh?q;c6?l$TnR$RSaMsU*ilLV|M#cP5)q8-1?)Kyz
zmY23hJr0|sdK(NBZ#Uh_2|0K+S@xe5(RY(P*kH5<54I28(wM!nsJW%ldp!-`db^Je
z6n%$nYe!l#DgHq+x45^u6w{G};88HYvo6P1QavS5L@z1jEIMfU+pM$ha0L%1yCSHN
z!@%dRz@Y7NARWUe3vMxlHm!nFvXq{{f88f6PN|#eB>dw(X_+EZ^o*H}rN^B>cuxrI
z4{-WTCbWCq;Bsv9GWys}R;~w#ix}^oV!Sza`p|n4ogj~BUw)lQiAUVr$I+wAgDKsE
zP8tVX3i>(Xv<w)oqcs6vrR!l@08CEC^CIJ~^5~T){<<}?9)7wV>!pT&Vm$To({v7B
zVIqY;YL}vC5oQgBmgm0}dWFdP$Zo9A8yyvTI`jrBbSRk$z1>kEf9P#isF@XdFTRlU
zSS~vL@iKpBW!_0Fa~;M*Mukj#eq#*v_*gP$7bGob6T4)ygpRaJg-k{Fx3O?oCpPK@
zKkK;Q2fW~i(Spm`>D*_Y(ffS~N`-!PCb7VCJowhb`1$v!xq=m}fQ<#)!e?d%{ky)(
z6x@#EEMM`|M3;||MfL%L)}Nd%)`qXge=4Gyc&qj?^4r}&)P?s$@Si@>kG8Oto>maH
zXv0DRIUCT4_NULXxpzU}GiJ(D!3HxP27`P>_Tn6VzZ#dH^J-X`4MabV-!;aJO^M|*
z)iGwVQ7rcYl?C1lc39eC(Jhsp1lg8_QT!d=rv-|d!WP&M=nd*|v`O`7g6~oLV-gh*
z(^4aTq!%vo@c@RU0l?^@OD_1aA&Gsd!5{BaJkt>{lB@AF1vaM&lO{|JnCgOil9Nkj
zDkU?~_7WtsA7IO+6}L2@H}57_^+XWV8n${zs&7AmxE9=(To9q)BXQ>+@-dFn-kxsN
z<Z!kWTSV`nNRvWU!uzHya>6-;Xc)-cpj<c8naqfAz_bCnb*k*h5KFu+W|pyAqtr_@
zTuQzdVE$6hX^dDGimVoavJva4PcVlnWit>k?ui_9Rr5mzb7L$AJXHTcKZARd3tE7a
zh#Nm}-;N)o`aj?qrWWP5i~;b5B5M??68<_N?`a=5DI1#a&@UNucaAzd2hxviC$+(E
zJ7*a1f$KC78-9Y))5e%9lgno+fC>}L;>P6hUS+)3t){t|2ez}N5ht--uBPh;seUD$
zG)1RN)!(A7v{Zc*XB-|#?U$)H6^;({*`eGvvn=_hiqQen4rth!JhlQFC1ndNPOV$*
z?ra$i6YK1ZG?psVjw^7J6>8hY1p3_U41QxO6|pA1868N!5o&wXSyqp7+~r>jV`@Si
z-Q}vj$%YbvA_u>LL!>3#74Z|dV?An=C#Xe3odiJ583~puY@lDp1?kx}mH_zMUk#1(
zh9U5Mbd-T_Os5Q?{rwV;CrogpPz}m)1SM=KyxuZIBs~({O7pN-LM&32{tESYQ^OZ7
zVz>s}v=Axr8bXSekPWj>P|GcgZQdTN*gaUxkE4LsZgq;)<^T4Ktae#!!OSxoy_bh_
zObO>XY2(c%Wbp1SboswK<L!!fO8~nN((FYpT{=coMTSsXVyRp6ymN_Ice)prlpe-|
zxS*wAYxn}72gP-f+m-E3sWehn--uWeX#({14w9A><(CG=JnyV)?d_Bv55n_ic<v0(
zjb-KySk1c@s`yrgi~OfWss0(D3uvx5%<da#^q(p5Cc)%RZhi#^Ej5JDLFP0X0kHMJ
zXxOk<tC*Ta8@YoiynIclOO9pgsbm@8p8IzM#@XWSW&CE=?*B(567C+24@@C|k8jTw
zqQD@7UFHplI-~fDe|S}y5HrFU@xGW_uyHGb3hmFBtdT?+N|#Qm4#z=X?)x@cpRH2;
zFz#JsMK#9hLm+#j!44u&e~~4}$|pN3kK;SvW$$BXDss~_F>MOnP#y%nN?XmV+8P>x
z-IMB>y{+3`;T|#BUhKPyF3FH3%R~7}CL^+an!;=4Q_+S-Uw31CCw~)g+CQKKJCz|}
z7IzG=$az6I7&56PUU5UDQ33RghTv~rLoA(RJ41HeX%YcPfr+<E4UPOwRrJj!dNa&!
zT>gV_MyutO{?>G<9_<t8o@WE{7MssR7?{E-G-VKbE#W?kfb&ZOmap7`1D7e_%}>Qr
z{c!ZhQd-@CqCP0cpvm@#iG3`-&3MA>aH+Mhd^4?DZFqYG0I)o~9`G<ZbT3nXtUg^X
z2)>dif5WF29)bK1eVfqk+Zg!vFnzl@rZ%`Kp4|vXO|!C5f?zc%bai~W&!goIH^$1X
zZdYz~v|JOEBlq|Yt><=>F~f>m^yJ?<5k#*6Z9|w5!O<qN!uTgE07^i$zdWg3VWODN
z@WNTFa4jpGcMH=v)lgwp^1d)r@6>3a<cyegLY21s19p3G?ejV0(J2`$7oPioF+P>r
z6a1-4`yDTT(etQ(MEix+nBq`-{9q<i2BK#0`adS&cwEIph1I{K0e_+G-GgeW9l8+$
zS8I0pER&Q;pFWouKOR`9)wo5q!h@Mi3A#3#zfrchlnm*HMnpBUtGS%rHT!GK=KH&@
z;x_==o)>mT@O%PkhntgnP^65f&w-Sk6U%|}3`(OI5Ctu$2};wRSeY$ImXxD64Hcwr
z#a6dtkJNAhg(+y{9yuV4Ovu%37+E-qBOfDoXeMI;w~|Y$4pj3V$oPU;nE`*|l@R%r
z^fjosgi;~2Jaan^NDZF~20J5qgCS{Frx`}owjx_-F22A!<MJWR#nzd#W_W2}YlVb?
zEx9y)V3W=<u<^!$b>jnb={^%?J~ZFF_+ixvOi$tRM`Wo1`Ku7d@oFw+fe4xf{M%HV
zD}+8~@p0Q)a3lUob+!g7BFZ(b;VO6;qL=r?cIWh118LMiUv}jOWmi(!J7Nv|3SKUz
zm-ogRxJNe_a?;)4n|wQ_YFENyhW^@azy38^AR7xj-lktK>Mf*1^a3XU@S&D=Ewn^i
z_zVjiXwxw~&NKy1h7-@^2;t7*3-LMhOpXvW9xB?vcGG9EmuBtK4cXkR^Fsdl-Dh&z
z`3Ez7zcSH2Ojd8pM~0@*t<KIR^J~;(0!M#8nqFu%6A~Sq7v&iooI@{=gR|7IlU(A+
z$ysXn5Pz(U2GN0L3MQ~%8R#N(TKn`qrXrQyY8A$9bPueuFh5^r;46@&afNr5$8kt{
zxGaV1ANS){Ue7(hWgz-+D$k@V7t1(|ZA7-;c`aTRrSzCK?7Qs|k9YzLSe@z&lgF{2
zMN2UTWNPyD1<}u$4Wi$`o;xBm47%gO8WfhsqnvOB&nCJ2XGJ&Dnv6GUP5N@Ji94z_
zk?NNuQ_!CmNpte<cceKfQ3k!?X=tg<pktq0rKXuKCZi@)WB_MO0Kf8+OwuQkEsPcB
z^)k&X+|{YvgZYe2G#xzCE65+#lej)dFEy->>v_6!qa}Jj8ABzN;{v^z%&6Scp4hS+
z)B4n!1SQB0cC`57hLC`)k3J$YgUCgk&d4n4CW}r1P{Q$8G4l8@1^@51&qaOAh+FJ7
zZ?95iC>-V{is}<Wg+xsMIUPBXup!=(W35!5Mh<LWx`Jl_=4V8-)&rQ24W!%T<x!X`
zpUaLd_b0oQk1%TJQvE%wfJXdPlVFIJHS}9rficRkmjTXv1rFo6((M~K*-$@(lyAjH
znHVIiF9yk?B_K8umf#I`>4dVocBeZU_N7AR5@f0JgEk+;3V^<K`YzHuzy?D9f$4bv
zdKd|?1+}URNd^N5X?y;~oYR>v-Yul-J3}CHMw&_;UI1Xj3bgm`4JQyExbzt2<_o#$
z77<#8or8*2TqCI)4C)BxlU&KK)hGeR5pC(XRKZPSrDeu|BUyKwgapN1B@Ve5sZpiY
ze_I#yt?$VKdaHQ(im4_0euS@mwVbOi<a;pY{ZSmvoT2C7NVy=%psWqxS00;6vhcr@
z<M0RP(k{46D{9*ac7<BfxKy(EFJ>+Z%$@4iyG#Z?G|u^eM&A&Lsh=qyJ!)CB4>E=J
zw{Z!O<Hdbj!k+=O`9|e>uv<v+G`y;axTEK<(^)C*UbDQhAB?<WAKliyX&)f08o@b;
zA)@Yv@XqP3sBRl}wESl|A57KOF43J20wZ7U29)Xd<RmbB*9aO!x9b>-Hg(x$$fA9K
zBlvhPjbMm<0Q*G4&|VeT7^Z6ZFb3@-3-dLYs`Z1Pz^#o9%i(fl+`5HFMI*0QYTpF2
zqcBA?Ck~!GoYtLB!eJ8+WliV%^cUN;`!+G<mg7m?$>5DsUE9UOounrcVYU#cR>y_%
zGT!Q@YuPmbrTM^6fBCGXOa7S}Z`55A_2@y%!5*yk@2?%oy@4pacRo8EL$9*BQHf9H
z>C9LNRNSaF<YwSzd1JoTZupfR8{KeeZ%ef4_Far;w;s*@HnRUeT;4vHRzAJFB=*uC
zcN@8wnH8^nCtC<V8~5b}c1QaPet9B#*k9GCANKi;?6BYP2Lpp}0e|`SABaDWS~Uhz
z=8Wyog(DkFmn}-CTCZ)$jCph1|9$!SycwFgH%GIUh9g`Wr@zXl#4aDp=+%TOKZ*r?
zk=$&u^9!F-6>P153h#F*5$)}}y9=Zw7-lD%DR`|t5AR?!`Aiu^?Vmdydj*-fT}gR)
z9>?RPI>V`!n_S9=9`Q$ab!)-aQpYK`RJw0MV9?d@_aHDD-h1VQOXj)uw7B*S$$5NT
zFu@Ph@*NCc_Ma}8+q7f<&W>IzH{nQN3{G{t*(08GSMSBq?1537hSBtAqdDU3jqxNS
zn)xqD$S=$A%69~-KzV2&{XFxyIGX<nn5G?fo{hK`tV2~Pj`k4NWu05j)A@z`{xhOg
z&WrEg!uroVPyaS!|JH$6e_bVZegrGB&aLO^+%W!#CXa&p3!0yz@gKqQkGHZR^f}KE
z^zk3ird}K0e;?Mr?L7V4jQwksH2*4n{x;UR{pZd<_hZZyxo)Q3zn%4;`*ZuB>ZblH
z^!{^M|AT&R|JrTw^B=_e&;Pmo%af`9O1=MlsO73I9|rvcM+L1EY;^>21lWqlamJft
z$Ug@CSN6d5BX1J;>N|wu`owiWSelcW*d3P{?mYRXSgdIvdZp^sWT>D{GAWzMVq~H{
zKe#7ZG1-CA!$Y8`5ewQ%@479W8B)M`t(IF#r<G?`qVZ30>0RTk%&Ng{uLxu|lId3I
zv`Ky7^F(`<T5b#UDGq*<QaWum1}yg4Yt-`G(ty2gTKS+#-DG3h`20%!M*6PV!|0S!
z*fHV^erqZT3_4O87<Ac~K+!;FplCZ~$Z`fU3n@28skn*k+TcZZe3%-@?16u0!V4h6
zPtb8zD(=HaWE#aa_=J2^z|>7Y6vd-*bt_QRLhag}Ov{0%QmLr<8w*KaNjcM;fw`aP
z;eP;9fy^!bHHFH@{-#2wa)ncwWO4@FgW-9+*{PJLJC#}s9sL;VsBm;(ZW?^5%_QCz
zU&;C_3bs~-uPXIdeJD#)VD1R~LF{r3exIp-x9bKhFr*@Ukt_2UrfweRPA@q~kBRB#
z7dB9%5I^MOhd23$#fA^V<m#=SKvA~8$Sz3rk79}HkH-auWniGKJWT!vkcwDmO_GC0
zlI2J<Ml|v7IWsmetjQz(;PMA8Wd&PZ&1;$C@LKB>mvrx1x^y<=S16I@mu@+Ve@t6k
z{xu*_ZuT8?JDR=y<mP6^Pd8hQ@j|aA|20RO@5eF_G6u@kJLSAjrx^AZaO_w7kx^I>
z0G1McGb4?51by>d)wfw3JER5)FW;(f%f#m*_H4!HD)!t5pMS@mZTP&DJ=^j5OZJ?L
z&uCu(&x7#U&Ytt}S!U0}@OdhRq6i@0{*)W>YolBI0TXXfqJ=dUX8jbMU$^7Ze5V=z
zvEo0uvT{u!J`~H%&I(rKno4|81utgu7ns>;0ipr^B@2G#_b>3DJbBv!+U*O1bomaT
zcoIRv!BPJMYD%7h#ZHy;;_QDJJoo$J;aP6su&ZBZtVsFfu>7Qp8HI!Li>Z7jhj0B0
z9hbi%dLqdS)=q_^-nSoWS@}xT&rTR#;`m+~o6uh$zHaq$hyC@xhMhoA{sk&;<7-=Q
z?|6Joc;YnAgz}51yq&Lqz0hI#mQr@YK>0VRd@je4`Y+FRRDSji3F9Bc@u+@jhvi#t
zNhqJsaLqda$|@&aVl$O4)!{R{Gr{*w2Hy&TFK5}GBD5IsR3i!r7B}h@>hP60#O#L`
zy-BjfSFXIzjTSKLrTSg?A$T^~pu`y)7zFqll7pe5m<5b1m4)1*CQGA3s1~qdB#%H5
zCKM2~?>|M&%xT>SW`Z*8h(`gLJ<~2bzVKd233&$D<M_og7>&v9YA)mJe?+T15s6^t
zOk^Kjj<0;X@ImHjHc~Xl%1qtNco~s7<*ztFSHN^cRu(i0EJW*qbxVar<AwRjASd2s
z+7U_2m!e9tdb>rY$gXJ^mOgke9TOe&`{KAX!_;kxG<)L|Y4V0C()M6Oqi=w7DJoLg
zdWapC!fb#Ijo!V-r4@~6=iG0H?4Q#r_)_bN#5Uh>*+0gbRIn9()L|sRylYyE>-Nu=
z)f+6u3x|ooKmQ>2+wR{d$>JyQ;wr|^V{}^J44x)6(@Cx-bpL)Q$N(pSfp)1G;g=Wb
z@`Q~%v(mWv`52a!Ra!E}Y8Mw$b{te)-fxNejHhw^mixV((d2ndfWvD#W`Q@(T+qVP
z{kWFuxgo-1<MuBmQ{3edKlSwcpl;v%(F-%Jp1^fKc=~N}`u9pMaZSm>%x)kfw2W0u
zJ6Zd9!P>-9gOdMkUD4%2O~|9Bw|LZREU>CqxlZn(^b?!mp-gp|=*I?nyM}TwjkB<X
z5@{}F4QANz6nw$+XP7L}RVkIW@1&d<Hv$qnSF;rqJmTq&i{dpJrrX#Zq9DuYz*9HZ
zZWU$!_LJI@<s|mm*uuoyD*~+jt=(qz0=dyjF=+jJ_sD_FI{5$NvSZ8au5w^l8QvO(
zDuC92SUp@WLP2w%_QHEzg~|l}PR6+W_gQ#W4jGP{grp<*>f`|i6*T>(musi|zk=V>
zAC1TFxcjTz7?N9bB)3M9+-5{_3nID1k^Ihg7?Nj;x<>^fIYsnPr{Q&0cytt>r4<ob
zJSq441kiaQaHfI#VeB6RGRtDq!ps7aca_q!tQ{9HO&D<PRe>ACjjk(l2sPS-fV~Yl
z{kG)-sps{aSrn#0SqM`EdYX_ni*koykhkr?j=>z8<ltdgv^MA+mm}Y>9H$y0Qp2@~
z*0gZ(`Hh=8szB=(@$L=v;mB>lT#yX8cfLo+ookdi{zv$|(82J#@tyYgeH}Vc99Txq
z5b<D{^>9bo#5Ug?&oBJnhu@px@cR+<JoqjDm-zkgTMWO;<M6wX6LE^fh8C(TqcnWX
zlwXAJBq%ASQ*k)o)B(;@$YHc&dGUSrF+WPkfKq+uCfz@$Ti+q37c}d^WVKlhY+JyG
zU%nZJ8#lu**$-#h+U<vp@6djb|Hu2m#`nWhSFru?=3DLe19wJ6_mKORWAo|u7|3E7
z(=mm(idsJc9{!2~&w_V0!|Q4DP^R(C+&6S>EI#x9P5b3{ar@<#h5tXC2RFRV_DgEq
zerY8UdYZZ5dlw^2;i4&ve#ZVd?24WTa%4SbjOWY^?2WpjJYa6H5O*JTt5Y;m<L=WI
zJcJ0p=YM(*+!RH9T<`yc?}Iv^|8M;-(f=xr?;D14`u}=I^dE06xF>a7Hpy8F{@<kk
z@%+sr4gb6R`y>DSKZ<|1{h!Idx4izp$-kQm7=G{h=ehWI+kef!8}4fWe=sb8N4?YH
zQD@}J>I}<jbcxbx*6EgE<Ue^3BzBLoM+@HE7LhRp7v@w`zSb7F+9H_dOA+zcr?=tP
zuj7@=p|4)c)cue5EhIeEp03H!U1V3k#%#$RuF28uRSi)<_-*pjuc3He5_cDv&D{?5
z-xoyh%u2R)a057G>v?Yg|BV-E8CvkEY$5zo`@2C&d-<tsek-@gcsy9#YJW04d6X1t
zKOskcNW6&hwp>nrniJ`MuAoIb@yBdr)ZKv^E9M{b*__f6lij&6&9&exg;wYvE_5+{
zCLo$M+*5apKBg_-dy&9P`7+(g2xhQkiN%R>HkXkdmPhdkB~7KntwMN*92nVhJWtTR
zJhna3F5fmYzy}bgN|v~^b??-%gw_<jrV1|$yRi?S4AU<QnceF|w6)l)9U0wSV0W<C
zBnFV9^_$5Wm(_(#1X{$%1qHtc;?qf1=V&rdR_6|+Tn)Xt*-a#I8<;u}ZIUP)P$28q
z)b~W>5XpJM4J;mfF20aHcl{N8#!F?jj#<jEOXdn@V}bsn!`LLQ=aZN!EBlwH3Cv<3
zeH@#Df8EUX;~#IP;0Sn{D3tR^y)Qa&fN;b7!R&ejhsW)oap2wA=ibyG<};vpp3#BV
zuz_bp2d+#sj`k8Z+Nm9l_O`Kcqb)V&x9u1oZ;ABl2p@m_#D9&C1HS(6@NvoyfRFB@
zzXTucwTbx1a3bZtp&jDm?ZqA7<9XU&H!rdMEcRhg$L&W(b%^g3)cDmbr#V!w5RrjU
zK9=*g&6-0|sl?N=BPdIwgE8#sI)*xTw?q40?DOi&8G7Wh=*@VOMcBiy@5?V|Ba{(6
zQaE~yl6CZ`z(^Y-A32<dR=v~UPeG%$Me8LjiupTDjbXW4Ep)3@@TUNi7iYOJzbF|q
zWGv?1Vc{W!JgZFt8n<fwA4eMq+1gxez1KH=dNf#ckOo50yPX<YhOo(I-86SFZDJc;
zBciPzg%BvrVV@5buszOw0ciVT>?}Un8w=QES=@l=bSuVmZx`s#*Bz$7U@$f62IL<(
z=)?2b0nPt_S$eF7X@ytE%vy1_O~rkLP%e4sa|;j0bJ+rQ^0oHyePsE;e>K9d^WxjY
z2hV}ef6ea@-yR#;4&Q#+`i+07<Mo@e=ohZv(+_mKexupvarx(6zdv8r;rcBq``PO^
zebdibzsRDWvwm})jjmtDOyl|qGylW-JuxS7{rd0^<^dh8-zOv5tzV+O%$;WUh&wIb
z3g`^4E#hnhq5E>P6Z--hQErA`R{F)#u9sWn=5ia(6h7qAhg{iTVlE7gCMTGoZe@=<
z@2I>?zm%bH2*dFh3$`Z9E8n|k*Ao0smfp}jjvpz6fh?85nJ_3<Ugmn-j{ha`q^Qh2
zncR9aUDM7MqTq4Oa^&9Hq7KT_J}NW}U$Uga4A7-m;)6&3;!+7vYm&{SOq6WxW-%UT
z;g$fs&ccAaH<Ksx4~hJ5H#mjO#B`$Du@4@d(7MYab;IOn*MOjNy-n)ogm#_0T~{uA
z1K6xDl>Na%w_~qw8UDb%LQ#1O|Be%ZgKV1FHEn&NTWqEDaq(snKu#Bh-~@Z%;Pyzz
z_D>$=6OXdarF^7^&m}2}bdOiOg266+Ly}c0iDwk?rtd4v5x!UsOtTO;pxfpW8n!!N
zZ=eY;I~%=J`|vk6;aT1v5B5)&a?9)z3kvy42_^~PF|HrpevuGPb1Rg8J{lK8_K4rP
zm1%%j<8m?ZYx@ai-~|61+D<tcU_(s!GxHWZFg=G7Tw~fe;>lD0#u)b@e`dyR{dvJv
zQ1G1gVa(vrtxhqMbHwU?j23;NGFl{AQdSIN-W%{3WRJN`#f7#gdHNe|%q}i9)m@#-
zGmNmfX@KW|)NY41yK-z`(Dw|0BOirE68&Gr!#H5yGuZ+r_7KQyy-oWLXo4%UzJoT=
z$I#_iKdZ^50<NlW(j6&ggoaiwdq$5UYy@PC{`4dI;}9s9TQo4xsXwuRK);`sgYoB$
z^oCf@>Q2N5ni*;RWFRB0Q)RWniW>`kW&`d`X*>}%avbr_bwHN5J?66m4aZ6qLOmbJ
zQsI^HWa-@e7&h*&F$>-s4MR#P8mP0T#PN)`;E;d8=-8p3k_XL%Z!k9e&4B+|!`ZBv
zWdk~zHiG`@D-vc-@&Bvz$<{Rr%%C-&@qt};4q!|e&%VODOt%|oJ#065xXyM}-JED2
z8Ixxbn2SYUXNn=DPSV0X<=~#H0mVisYyA5z06y)71Hi8JYvP(jIFDY`(Tjp}*LA!;
zB%aWyt2k%*{Vc{=PHhh%&Tkatc8C~#ho9%XV)q9i=+Hi%Yq$ApO@j339zj<O1*Teg
z^7vgC5rx?UVjz_2auelN^RKPMWZZ$*s7e_?V{D+b5L30U_n^0}>b|hB#hGjJZUPAr
z69xLx(8g!b8v;&HcQ3W^AI0s1gg(E;ERajP0vq{4vrGI+H<m{S4$MjL7xM0>5d5W_
zwT|Y?WY*VYzD429v==6{MJV2^)4!^Y9X`|Tw%SR2x|R8Cx-eNFvwHj&b++sl_seQ>
zY<6o=id2qh=-`Azruw&7lsvK)tfOS<j`ee!pc59b^U<$}#6TZ4Iy?)$5BKBoVyONj
zygq^y6~ck&1tDyWSjRz+I;9H0+J}L4?RmlKR&(1!)U%mG^kIN#AAsnWF^IA(595S$
zLlgs$8Q@tlp2IWo_TyaprP$1TVu&xQveoD~JN$-A5r6kCM;i~GGwS%KQf#xFBmN%@
z?*!)8P)B*t2%DV3%WdjR8{#$e6S`ZtThJUokd36pzp|dKhro58I2y8Dw-mHsLU(I8
zXA#RD9%(|<u*%g9SOxW$fe&a!Zmn=nYk?yveJFV}%WBeMk&<r#w2mSzTjN%3E;gRA
zYUxnRc=!iL1jjfH=Gj&@n9=^ZLrp^MBDZ)P9eXg(hI1vuzLtXTjr>u`FqfKcZwUex
zOw5b8q|(ozdpOa$N4xRnV>kI$1ORkJ{d{|x^@BGI)yXb@Q@)F0xvZc2TF44Z=ATz1
z)XpX-xC1XBdEm(@zlQ<D@n>blyni4oz4ZQb<ND9V{&VB{_a0;Yy8x8cWi=Fq2Y57>
zqiOEH{PSSuzvd1Bl~(79SkD0evO?B=4>%!U$`>Kxf7(HJh3ah9)t}E8yE2hgkbiw8
zcJ-EjCGFzcYxUmpovVy{9AgX^_jkU&zmfY{be8rvU;*3TO>z6%zmm3h?F_x?8skI^
z@T>ZT^V#^5VLlCvG{mO#x_{+DVut`h&9!&J>#FyoGa~p^x>S!~Sg+5??JL?L^kqZb
zv{AMzeZ3|hH+ISbJ>Zh9%f(J#Ip=*(ocwd#rL?hA1S32-SI7(;VS_z0!LtMxsS=IK
z0x#249)!aJ55EO9wotMl%)M-!T6*cxmSP}sc63h1pN+9>F5@j_1&!`N*C`hd6|`5!
zwM9y#CDSimK29yVv^~kY=>xM+Tz9sU^kfkJ{D0hi349dg+4yd<fh7mCfdD}P6AhRM
zYJwnH36c$)FcW4&6hstSu~bT}3c@Z#jS$>KnU15@YHRyhd$+c=9<7av*KPtiP$2>3
zmP?LVmLmZS;mZD>=Xq!L%7&x0?f3ort7Lcfo%ej+=RT6T7wf89xf;yBK1CL<ZR1y*
zel_<E16TbWycHGcaa_$z_|!<=m57O|glv<q7=L`9!BQR-+1jV)`&ta}(}nzBJCTFc
z{9HGI3v+J-0$I7;{k}#CK8@HG%(q1Q;nog0VoT=yQ(H3aYS@yWmR@*ECa;aPB@cJo
zl6!(%a!2<qDPo8}oKudLhtslH_H~4bWu=(<QB>w=crNcq-gaESyd)oZcyt?}3z&@%
zyBaPaK&v|Ok*)wAsAmkv8q7uo)Um$u6P<o9o2~Vk8|pKPUqkvGvwytclwTkF*9bTa
zv0@E5rNSs{bOO%Hqq3Gwg~3A?9H$=ae~t(;h|d0G5c{Lee|d#A|0lz5F?QY*?X(|T
zzGB3UmwQ)L+-$)8blnbOOGZ`2bc2h>pe)R|D##D20y<G1r5d}*Sq`bKIImg#(Xp-o
zCGdyY4ap+A&sO-!#!`bUK8E(4ZPZ{B>Vc0th%usREGySGmJi!l#{bDn%6mMo<@f6Q
zS*`D<zFr%_z>MxN(EYr6hKB{^fqyGJEbsdF!owR=1OGfcFcslO9V$w)QH%zr&-tJr
zbAo&)Ac99=lqD9%y-BmN3|2{4;=f>^p8Nz8dc#B@QA-butX@86fu@{gde%%Xb$V6?
zmnyOvS?a_t<PB$M<p$y8PAb&}#E%c{#gVA}E~ov74{e7|Uvo`5|63ig9cwC^ZE{IP
zjfZ>YbBzzq6_sC8A}Tu94@vF0-9LEVbFiKK+$Iegdh^y#IOSI~Y*``Zydj$Fybcff
zBrm7=_!Vbp&zev_Cy#SbkuZ$baQfPK+Pmp2^cJILeQNj36XdFYa`WQO!}MWUJ^>{V
zxx|F)YYDCIUhPu6ZzRa|57Fg=;QH#5c<X1J@-kare)siF-<q#4u(8_$x0=Hjht~OT
zZfzsZ(b`NtN0@ZA>{~i;<VFHV^nL6JJ`Cs!A0}S`eCXE^<tvts3wQC$uwAT(+{F>m
z`l9ap`AfE+bN(0Y=cY5bpR_(-DS^wAE48)mGcaK?cMjWB+lTRV88Gk?Ch8v^y<T=d
z=x!y@{rC-A?@X44RUX9FOnm97QoJM9L*e(MR2F@mY|Rfx+z(p}-15&a`K!~kWLzex
z*K~tHkhS<<h!1Z(&A=YdWh-@2pRS*Z>B8_w=g})1{_=GZfgQz((lB(@90`4;-O*L)
zH;t~Qb!u0-wEJOn^RHTQ*kBAspv%4FigZ!YV$7s2^<6_hgP7B)XEDHh$doA^8x9Gq
z$EH<UQ$=rT$DqMVtTkC;rtUCy4jMcVYEXy`c-DZrc{^)2b<?4iP^&gQ*DPk;pwe}X
zUS`hlrt?w~CQ!ina5<(d+>3>jw*)^G;-?JKePHBbKCcW|G>9}5A2AJurfF7RvFQpn
z17*TwZd{}l{%Qr&3O{zoFheZ=&7iuE52g!q*TM5aVfx4cMcSw%4MDxgNSm&lOb^TA
z<kCh<xno#l{yW{i7?C4@Mwat&<5y}MpB6~f_q9UQl3_CeM6NL5=2l{=_b&BtSFjzA
z`(G|-R&tpKX4Hx`I^hL8i+8oNSVeEpS-h&9#hWqC0>;%3f)6E-5t+Y5*g?!1$hKs3
z#6b)QdJ3@Y0kgx8VrCWFoVIDh!tAXxLpxD{1+dZTN+m|I5-CpHs81Y=8<5LK#FRxT
zD@$bFB6cm)3{3CX05-jA4B=H3mQ2(SZD!QmK3LA?HhtPK^2h8BABE<Ng2^k|phH4n
zVwxBWOv<#;4%|L0B0px-{S88geuF#CrS@=xLjV%G#7*Z?yI*3hPwg82KGY<1jYEBf
zZgS<h)NlAEKa<8bYhnZdeLkVbn>=_K+qAcC8)kU!()O$2?B(p&OJ^^-U#_#4xL@Mg
zZ+gF8>Cg77Bx1jQSJ2~r`6}6dttcO+)ng9#zbZ^8VuZ=1qxHa{tdq*v1#Hw+-w)m+
zb<c;oMmS?ueI)()zvSP$EiT-@_qDq&<gbq90eg1xg*8Vx`BH_;ZR(vJy7d6Fn$Ez`
zWceX8rb_ydh`@TG^_UQ7EY91f)r4>;uJmBa4trKFH1_EFOXvo*TJHJ`!TKrZ{#sX_
z7gZHx7%KLmS3+JV@7<jMn;3tBTW(J<U{oo&q>BlF7#G8or=+hG6VgM)C7ge}V8Rax
zD@qs_3}my>X69Q6EzmI`GVfA`&us|h!xD@;F6M&Idk-d@u)&FE;cO=uSh*ZPr-IC?
z?M<)<2#Pk$#g)F&J|R7rv_wysv?{bSje>POSG~&++Le4mh3b&b3Eq7PrSh0-MEN1z
zZ5@3C-oHI&G?#!3UfHF4@ux)wuv~Kd$_|zh@bDiloJZ-ZVCKEY9vo=!S-QJOZ(PwW
z3IOTX<@iTiP`*PejxsjERKiLXs_!pLp?>xHR=j+3l;i&+xAoxokK=QeI4-r9j_wp2
zfJhuKKMETQ0*q7ypjec?vLqd=JyI5$^)4g&BklP81^tnBl(VEl4?RGR!{(U!nH7gS
z8H**#Bl0|01lWRRUG4=BucX*LxoG{5<8Gq(HO}77yPJBkgu2LEIN*ZfOOL}loV^ua
z(tb}TKdmUBH)F*hGnS5X$dAL91+bJuuECT|_kT39^45!(%$2K_4a^9hua#P;>3frA
zaFt%us-%1nQIbLP^4jTOwIF^)U$u0;`B-~_QVJ+6ZHKyQU|0=bi|W5eFBcqsVURpI
z<Po?^=6Au!09q<|S%A-b&QTDzLVm$0)HK%RW>$ndp@k>~D?Ai(K*J53Pnka=Gg&F*
zjL9;_=^00`UReq&eU-mz1`(HD8cAF64%a<P)c{81It`Jr;_eB5{%s7$^cR17LC5sJ
z(+;ZH_YXAq{}_4Ub_MI<Cc>}27ED`b2<E8ziHrH=+#p2z<3#v7Xxw5UmH*70Ov_Da
zPu6`NVmdp_N(*;(=;pr?(dC@JtjhyhmoXd?(irS)OpfW0@Jw2Fe~rlT3ds*~4s$6<
z`E_uhNC7r9o(8MEd&eAaShw*Qe~p2Y$meH&ObHKxZ%R8JWcJfVGU!HdOvtOS!m7%E
zk;#l9$_{edcr-u0N#934jN$%rG2?|?lePSzdi+j#n6NC0EDW+seWpFg<}uMnAfBmD
z(9!-jK!go!UJWp>o7lWUF6$x*A%9C^Gc1Y_LfS`%yotm4HLEtq){<EKnt_dtKp?RH
zF2uGy#ztQCeu!<m?(HzPEjIrgr7u|7))V&(f_^yTd{0{p#yMPDaBEu(wwXE!am-h=
zebXFsN$*&?f<<{fa?I~M%uZlx@vvC={VrW!@NQx^eZkq>Sb|`&HsY7|9`ps5ARq5J
z`cKHmMTy~;M+eOrxjo6pFE3;h9b^9&<l~M$-Q?qaH^$nQ8?@0HCh78VxA>9Jh~=st
z`+}M{WK))y5hWozDk=%Dz@S<fOhhzEI>T7;i40>!hrwvBe&_q>@c=k*w-6W&?OEbt
z1eNqj4+|<``;{HJ0`$Tw%;$g5JQL`h`AvQQ<QcGxe!P6Unf@$N!!k1Q=ufNfXehuz
z88Bbl+b1FpwB`nV4%uPbyZ#}zz27Se#)pNAI}5`EYOEP70La~IrfQv}Q_?Q=_YZfw
z)Mda`;N<&IL=R5>QB`0Z6L7wO(BnmER2H%gIy6=?wjo0c$)F>cPPg|8Z9%t2+}^jZ
z4{d5NGDcfg=Ywon&)J6kGwb=8zlZg379%ewc1QX#)}kSy={h7S1D-d>65EfA>UkM?
z+A^983HZbCfwrDG7hO*wuBZ7>a6P$HfDhMGWkq^^)lV^iWxyL7a)`@~Mi||X2rmpd
zlTyH#G9X@C)%CQhcx_dKMum8o=vB>nfUWApL@j@36u*%X?rG^3bWh8k_zms${wX%U
z@p@7>expZxn!#{tg*gJLKJEJ_km?wX;N(W!LF34tkm}?guszvzYd3n+ZGW=E_h&AD
zvHh`V{9muw{9ocl`M-$qPE5YU^B5d^ykVC)p8KNXX)ej8*yFw4C)W9gV#<1na;_jR
zqr%;(n3^?MxBGcwa7uE6>^4Kl@b~syto0Ve$fm3$n!<#a5?DB5I0J^)MVnzwLXf^V
zb>tQnZ?@^|XhXMnv-PP_93sHhCzVtuU64+(+Sl?(Bl2E8^qtY-m!fflAsidLe;@`n
z2*++3SJ^Xb%d*;&5KPEg8Q?K7c(+Gjfz<3UED#3mcg<(e-abC4zrDbGlP+bx7vjXb
zPj`kk-GYeee&^cQ)BW@J*mR4=Q+<zcdZJHwhE_N@PRAt5k62`GKdyFBB45+toEg*y
zDMgmzyk@NSL-bY%)H$S9!P@Q|SEi)(6<QBXRfgO?#cJBJXy4LA_`Jnteau|BMU*x{
zBiDAnB@#d6byPi?WN?iw<Z3&3CG9xBqRtR8v`g`C4{Hxkk(;2GhS<5<qC~s3!RZs{
zHcVAag{4+|orQZ6<2!iyM;KO2y~q+p7+cr6uHtHiMC&@&Ak_QScwCvHGJN#AIR@K@
z$nE&Af@!Sdm1IGbE7xXVEX^*4Rp&6WglM%K(dyWJL9|+kSQBXMR5;Z;E$lpzY0$Wy
zXvQHZ`B9Aoq)$CD4zI<rW4=9t;yyM!2F2x`Kp)&P#Z-riIh(b@%sqP+>v$O9u?7df
zxsSoYEmnYop7C=8{i-jzM11Kp#Kd1mO_zr+r(NoJkHj8tS-0^b<LLzHq>ytCebl^x
zc-|dI<(`hC$_ATB)Ac3>#wkAl4EQB~>PzM?<38900P#Mrlyvg)G)xQlzV%GyAk0<j
zRWn!~i45!J$|c3t`o|v@WrN+?`1oK!IxR@+d>CjQ3GWWdIFVtqc2@QiU_$URYg=sH
zSos~hwXX6iUTWpNK4{WX$o-<xZf)gW_7+yJ7dd;KfT0kQ7pp(ttkuJnEq3dM$IXJ&
z>X455GaS<Ag7+}Iyn%ZfwaV;yvGprX`HKPTlLgje3JfVpka{_=-a=b+{9F>VcVsw}
ztQ-7h@=`|c0{K?!`pWj@oVIY7UFBEk@9g$;(xSbUCzmJV++gZ<>)Of#g0*3Bszd6<
zOZnJ||Myxx$x~>ixR1(9>c?Q=o_UP2lyo>y7rhddRoB_An;$m=Zt?X+%J52Ev30kN
zd)Z^JhFvH=!*j(=zMr6ntki+kD7<Psukc+s_tryvpowo)d3Upsmp1u_M(uy8RIrhE
zA2o7MFicZ$LXg^cYa92>a@w%=aQ|YsQw{{qGAZp7T%FbP_-w#5eahtN_2x2pcD)4;
zZmUCT!Ci4ky9DpCjAH9HIJz~()<&GMEkm_cbsC*-V_$JJhi#$mD&LBfmpfLQT^7OG
z;z|-_(<h>2+9*g(0?y7xclk7Kus=OGKWRuk4sJcpJ#!5-a46*g0I-P;W1SFKE3}>|
zlZR}yS<hB(;-1CQ>%keWuUt(<LIwA^K93KNb{7oc=M8|cV7pG6mu&}r0`34nPFW`_
zB-_sCY{fWsZx@_mS3LJLB^FR-1OR>}@=C!#9-yr?P@Lz%T6aV*N|m%?wx7vBpjvqA
zna969MM(oV7B>Q(oxTzFb8Y2TQG-Ety^5`^xSuxbM(*Xh!i+;zXN=BT?1}AWYpAoz
zzx%mJ`m&+JYj$M<QSIVeyRbCv0A3jbc-eUZuKAdaKy&UO<OBErnN$h`MpH?Ke~?~p
zI(Z`%ats)`Cy$X*_0a&{fmXFlPOi5B-0$F?-O`0SyO!PT<CSZDja|si*rV$m>Pjk7
zeq#Ys$KC;y)E;dX-1*UlRj5)xU$v}fuGGxCjC*4-VfafT`~t0Ovu`qJmAf0&4h37I
z1vi_QXPSAe_uJ1%Za@}zo-U_~%Js86V_~e}8E;=7hX3W<@pl+F1uH7nba2n0Jr9F;
z(=jh<;fI+l<v-P&dLG8`57ufa7pj6%&|7wzc=tM^I_~wsIJ`y9RmzN#8E2XHBF!jW
z&R3QOq+FbcoC-rdeuqQa?+(OO&S3jXOVElB=CW0Uck|f`J#>=*2eKSkkNv<QaQ+<l
z!1@DTWeBghOyln`@tmVw9w?=<qQhTuH5SbX#bM1r@(6t8c4l0diKPBok(E!u`hHfA
zAP)i>u8Q1bkC4;E(%`-U60JW4yQrXej_+Xwf%@IsUN^9$S%q4(R3Q>A6MUG&GnTp0
z)3o_@1FO$tXT=9A!mR?cpv6q?jj$F}5#;07DYXqS6;slqy4H&_@tXQl{i<%T0c%pP
zSiRC1ZCfalFKCT=f@QJUbK5|JZ!u#SaCr}Zixsj+SC{^I0I?2%++ha4$sfl;Rq3bM
z+E4p(HGP_<kBy931u;dOYb8p*k`eHUXPCS&AH<hz6kk%p#242LICH*KHg$%p<AUlU
zG)6F?C1HiuO+MoTq`hc}$whW&@wwD+RzMd&c05et2a`RPUu87-Ux<<4D_Xw71ivuH
zK@lR>i$pH*iUL^XMhG67G_GCUa4Bna=V${TrC`Uiyp}OQAD$j<&^SS7km~^+Gm|a1
z;dBfs>-(neQr3M7BBiY1!<dwXb&6uHw@3M9%GPf3OJ63i;Bqq<pR1?t!T%nK$?#T2
zsQIMIkTjD<YufYC0};~93s=OJW_H}oxLD^6A$W_WPtqL7VyKfI-O|H?gp8hr$C&EA
zFp=zoPPPb?GeV14Ke%T-Qh#kBf4M%wpD%)51YPXT^Nn7X?%iv_dw?n5(b<4q239PQ
zs_|e{gz$lG$mX88n&Md>$f7|1#x<0RO*-g9M_?`fBC`{dnI#+NaSK}Jan4puX11ZY
zW`lD$re@pbFxCs1XG^U^wm8d*mAeD;iZeGBOWRy~HF^%Oq+~ymW5Cy1;WbxZhp`ET
z5KQ0i|MhcJ)@zgcVv3RF(B`EfUZQKc6sc5V60B<;zn_;&FiP)1k}!=vGV{-!Z8l-_
z370;YS4<;?Q~M}=8@aAjVw7<!a6-M2Ir6H>j=UzD)M~5Rv%HwAZJuZ29`erP=6H^C
z3q1y`7+?UIRr5LkEFwF#PAFj4Z_4Y)3$W-H*qvtRHrX+EzDa1T!~KGdNhqnvG5Ehn
z{s^#N+=4XRuC1{4ZMg33nD=eO2^;spcHUUeXPy<U1v{N%ZOW{`JbUJLo3tIbi=8jL
z(}M48gLhn0(G>_$zPrw%@y8D7yhC~12#cPgm<DN!2G+)__7?M+s`f7DYB$W|9$E{l
zYlhV|<La7$%kj-c#2u#WVG3-#oZ1BiK*`n;Qym_|5>si)U9#Q7&-_&k%NR~EEK`m*
zb|%949Q=8HIs4hD{k#xyZnlPoj;VVCshIcad?2uV`GYjt)vW#1TKinIlC9LqeTRDQ
zrl1U6fmSkvC%xR1mQZDdZ?qv;ZVE@!ia|ZiDnr4j=i;yg5xPbI-IrOe*mU<EBY$cu
zFrZl5s8g-D2lLgbVa}WyX+(?oF}RQFlQV#@Cor;hk<Lcm!%|zE$RYi2$o@-q$853!
z<Ldf<e#r*ltd7xP76RP>{QQ7e2H+icX!tKD+<p~f{2y<;<nh1ynvFj`V*GwF$Dgf@
ze=<8X{))pd1*ttufna42JHXXnYp{azO2>Jf-4L9YStN>pt|Zs9=6}_i7gEhNa^NA)
z3esPk)Cu}ajG))Yu-|FkfEP31E!I{%Hn?K-nxNl8xB>6M>1??P*_yq58jPe4`W7W#
zVEPRB-aGU?;yiftxYW*L@ui<fk~X_h5$Ewl|5)eo=`=RM?_SH!BUDce(>dXd1-|vC
zCBYObJ5G+)Q>g4=AG6`(0roK;KKj{59*gC&k2Cd3WXUv7ErdRl#RLawD4cKb?+)s3
z|1bGZM&|o{Aot&q|9!^)hJ3$2y6%5RzF*&6-*CR){2j#xbUkXBaXI;ZpUAnCe7_gW
zr^1wxDO=k|8+veG%4K-1rG0cPb>;eF5i&~me1t*qr`wqK^*p9Vc9qy;&WalIV)nWo
z#^2x8<M<=k__?vi-+uHP8UMbX$7iBc!sfQv>%Z{$41dpOxd(_e6|?T%)VeEF|J2V&
zYEsSXK}i+}Ol7;-9Hz2nl7i;qI6aFJiA_9`O0{Ar`iar6NPL~n@b$q$hOhZm8TV#9
zbnk=r-M~xbh^HTJW7zv57&)CVaxP%x=OX*Jvi_ec4AO)Awje#2&=#ZzMQuTPP{=;o
zE;6K*hP(}ioYzgh)WsQM@L>7!&7yp>Ltdt$wzs;kQ9ErqV^RJU<`g8UjeHeX5&diQ
zqQXKQcK1Mn0*jUq>g{9fP|{H%%Ru@`+()kF^zw@Kb3WQy3Q>OJ@#peK+0Q@Lex4ao
zeRK|UfPr=kwN$I;cd~XB<dGWmi)lxOB-+0-jlot`IHQRwm`@(LpbDm$IlF!v4#xi>
zaOhXROqn?=;SX&<UUQyD&3$pOA?U)naSC(c{J~Wb@+0oECjwtJGDlUmV<}G@#kDY3
z+wLpQ)$|M}kLqd_xK9P_S=_PUebQ=9QyN3mw+Pa1wcfAaE02cDs@Qyjx|E>5Q^@@g
zU7lFVT;>TnVcXG2^@whSzK+ddtv0Xdl)0J_`nE4)s7Fdqqz2U^^)dWW5vlZHoAZ;S
zJtCDnHo~%_F_B8ILs3ZO0`w!4&n)HZ!#$374I8g8_IN+>UEX+_pKaxl9>=>!JNP3p
z#~X2(<7w*~(DV9O4&;P=vB#@bdmb;Qe=>3VfEVb{l>xK=2G@sanlz>#qX(<V50-EA
z{Ax&r21W?;l>1WBGE`YKY1qTO#R-=7ggMJ8W9>L)fclJ8c?R7utG+1dPN{RE^W|O2
zd|!L(-#6bE4#$}9{+0jIe9yi4@0;(y;C!v2`Hub9<~yz1e1qlbmjfX*;sj72vka}!
z)vxxT>)WMF`bK|@O|E(>Y|>%)@Z$6R?Hm8*`Mz~1#wNEsdD-*r#pb)=^=|VG8Ymh)
zEjl<5$qT~+mo(MSeKEFn_>=z}JZSU1`rkO;8NL`>>#F&e<~!%F7n<+Fp;6Z@a2eD6
zqZ(tn4b_p;y{J5-#dBy@3`Ok`?`xF$k6*;Z`ycI%!uuDAAIWCp6<>6`ak0lMyUg*J
znkuF1;Kjyk{5<A(JNI1Pc&su($_E!6@6OocJ#?AlF)k-%#YM+ExH0B<UAw!F7u(+*
z|Le)&9ZhATlF%EtxmXVGnnU8r9YJ0&!r`6qItj-P=)54=#k+aDk7ms_Yt14&-Us<~
zmT}>%=z3Y2y=>vd?SmMz(vy7<7K-a#rn0RMuDSn?$Tf=*Yfdrj2$~0J&CZB5r<~o-
ze&)jycXapizivZ}HD9BK)~s6*ubLKVMcid%R>TqHt66n%d~hS1*YEdV44!`48WWyg
z-+4iJ(gq6yCniiV_H)8d_QVz@G=XN~{@B6<i*rl(*8ZR{;lxc8wN2FE>&g8wHgV^H
zFu>9D#gXz@R0vd1JY!0e0c=h$XyO^Hh>R~m@l1=jEZnb)XPAZ`<EKdB5K}H2xieBO
zyNJFeLf6up9p4xGdOSYO4FCSVn8$Z)M>qXeL_HE_uYK>aAJ^TN=V{~K;+#Wa5B~Hw
z>}=OZxLB53ZZp@<P~&ke2s*@Asw(0P&IcXxJhKChd4jvaBx0Zz>T`ddiJ76u@Yo<q
z$Mc%i$x{M>s(ho!*;R)$D(hXmpHIb4*kJx`g6j$#igXO&MM`{QxPFmO;698!_K(qc
zNuT-zC-~KS>Fm^3jT(X31ZHgxP<((hCCt6%IaC*isRt-H_~Y+iQgHBXxq5JLu)BGY
z`sj2KYcpX*mv<0-$Tu?2B6$HOFEbZo^(`u%?!PWnA6%<@%*(}{EMj?=>qbn{>0V>O
zr24l{s;V4oFjO2C<;M*Uz-jBy739DfBY7p=U{5pnKY%5in}5M2yv{sIp1pCP!T%dQ
z?=S}DMj6v~P9jxsdQ4StSbU>=6;`4Wt!JHig4E@|B1~W07*BuP_4G5x%i|FftEwBi
z_U{qoVSLSYX9}DQVKv_a@K~$D744rz`?(bMvqOt{mM3EU1!g%XhlWNE<_+ML*;$;w
zpJqP~tPucA9M+@G@<~+%HySFAV0v3#fs1KXox2?Xw@LDCoywws^e}AGDs7u?>#W(Z
zypEk0Cez=ke&>dP!4Xhl?*ARajyyGb&;DF=fjx_akC}QhtEVu+noCa)s=o;zQkurc
z`k_^zt$Y4}XYn0Deu^Tw5qApm8x+XMtkHt>so*`FEaa^wqjcRo?jcX4$sJQXE=Wnb
zD~FJWc^>*JWC)pu(cd5~6TSkLn8!Km&>XH7*Bs%hKQ?r$pNUrWHE6ZSRLL4E$^~8<
zSKB+#<nHXlJ++Zxs2kpZ8#&jsf;Tn=b_<l%ssjF-tcun)*VS~QKP8}dqVvXa^}vkH
z0i4`JGjjm3IG5R!Vl>sOHffDZ@sDRc6avr!hMlSkb0?d$`aIB|^G$z?fL03pkw$R7
z;{PaQ-(O&-WqIdun>}#&R|>`*2q6HW7V?0g78$-1=mD!tP<D+bw=FHGCRl4>totp(
zH5D)A5Ww;8Y5J^HTjMa>=A8`N99a;KZ2-TPV}4Jn!B8~BVwj0V+SGUVZVB|5U*Jt6
z@BSFiIBs#j7=h_X7TzIayF8$2VF~<6X{JBRveh>ap9|zQ17f9|`$46mn<~P~e@A-5
z)takLcP$?mR_}FzA<R(J9PpmtK4=Btws5t{7Vq8!-nfaEI;&0xDnIwf!|dS`S3LzN
zQJ#l{T%mC_-bHlhNyj8?`G5_={g<WFytKXm-g&+ke$z5i5yMqt(L;a*YXdJaYROgi
z>Baaor1k#H=zN0ihFo#{+bmeOdS?PN;PLXp3_%`<n%J4VtR*hk^L#vIfS-w}l;?<6
z0O$l`wEs6RzfaB#a71?r@)GD}Mz(_@Ldq--852nq!)(h{5tsnRH&nCq2#5;`EwFvn
z^qhJB00qWQ11*T}VMN!je3+d9X`eFI2A5*hLoj1C>5k0-eK17h<G!DQ^*R{Y1MH&=
z82;)=gK7cNg$eGUSvoeeXwBk+&1_wx4XST(3XLEgRoBf=VJCsj-<S?C$>zcGiJ*N0
zz>8cz<o6j65kt<yawq2_J|bRL&f_tsiTix&qFjE(c_WCRLa<ga=Ptpto@k&ws_s0+
z8GJvZYo_m~`+T2J<3$-*|Iq7A(&`^#Vicp7zsY_>C!jU|1M{AP_NGPY@<7>s!#O3H
z3V~F4ck>%}^L<+UMLcu);cJdKC-IVxZ}oAt1$}wtjsRC{zaik=6VGov=-nGHwZa=*
zZC}1m6W^yZ;(S-ozyhlxY&-<ml6@BBsrj(#LUODT<OO^XkCFqEkmu<Mk7_Qrj8{c!
z1e;a}=##~l3z@3!z_t8o3PLC3130y_7=Ubn_V!E_=pa}93j>Qte^sZih+i8;qX+S;
zcejbWUwOH}$XoAGUBeM!0(-p8Asui?tJODd+Z=F6yB*R=QD%Jr@_gK;Oh)9{X_FdV
zZ_Yyi)n<{vP0KMbG)O?g)jWiz9iz(p!`2W!ETlJZCB8g>nb`9&0g|dv4bIf?u|D@d
zkLOvLRcOH4#QAKD>O?ZKKajN$uVID%Tix=5UhvMnsolAEgLf{S?%bO_-Z`%NrHFg&
zdYN6ny1&5ndlawV6SqZPzjyD8zJ7oB9bCU3EsVT=Ke{ja`qiC*>v#Xc;Psn&U)c4_
zg;9L-qy0OPl~{<|QvsZw6ZT8ykT(&nyIn~<R)_%p&+iw2rOUYoSvoGrs{ntp)899O
zUs;FD1kMDDY5i?D)%2n9{clH(M+C@tOB#KhiNnvq;lFpG@&EMg%Nu`mkK@mT@d+Zh
z>Ir880ky)KX7JqvpMvbqA@$^O)Ns}L?m9;s7PeoS5an(FT*9aaS3B9r2O0~yxMzQH
zI%<CbIC_UWssubh&sumTc@S4?8l=-RAV`&8_~ydP9at@ld%*(;5z#tXKx;Zt%-$;1
zi^^M+<xu`L`|~G{fu)VkJEHTOn7`J&CPT0ua}Kgq6^tT&la*cCr#_nxJnxrz8-x{s
zDxCN8bpVH@?-!GY&=dJ725E~g9R_>T7#iMH<4b@?{$9+nn}=DzrDvB1xLQ|+e`zpr
zOuG6>+2%mR@6Nl}0a)~SKzD-~A5TD8jdF7xbo$Z$Ih&oXE--+Q@VUQlgwU`Wy>n+@
z10usJ8Uolh*AV=~2r5n{3!haY<Kv7QMyq;x9LA1>wQ=rX6XG=fyodRWzr^``dbK{E
znOG038pq5YmqyZln=vvz-=cF;ock4nCQ^UAMWgl!YWvMN)xWcS?{Iz}&VU{BZ`m=g
zHd7M+D11foMFuWmP*A=o$YSUH%bW4MgB+KPgGWgVl{eE|BZb>P4o*Sqa>gHt#XS81
zin9mbyAs}BWkZBDzyXw88E}sM@X^i4-JJMA3Vu-^yAS_1s&ls>QyEqNN03fo=6Ja`
z()MnNwk*A3dEC^Yyd;nmPcFHaN)`nzksb1d=n=hKOPgW|b7@{K26^!<AO_yg>XXQG
zR1%t>BVq`WP56Dbb07E}#x=ZjUdTM}kd6x81Ex~B;AYYKJ=HY`7D(R1=uh?QQn(9J
z7m&b8Wl~^X<`yi8d<=s~(p~Qc<$#1lQ73|w#>!P97(D_x{lb4T&Ya`{8;gI|$A`g1
zNh5*Dy?FN{K>aNGFs`lsU*>uI=o03S7mXe0tBS0SbUeCp4*DaOQ&qKb2y=rzrkc7K
zGI!h-m|;O^zI#ksNQ%ZNuy6MOXF!<0C{OZX`H`Pe4Ur-xNt4%`dXOgHQHl6I)n;JQ
zBpmh|orW-J@}wqBf`AzN#9Is`$GvA@q5w#8Btp`er_+ItfUT?xJ9JI1bc#L8lV+4B
znYfoPT9>M>{+i3)YMv!K!<!W@9ex}-*u2v4g9YwJ!X+A4GieVvoXo={aKalfP2Y4R
z&D?^7GXhpyrR;aXS#KlHdv5dEnr7z+6o^FQUOw{>Ol~vFJl&6XKMD|VJs_)jnQNt1
z7rsFPR86xhEpkxkZ=?Tr#d!fHS4P4^bUw%qUU|w)^&s;>tiC4^wI#E{@sBdulGp6-
zAHqi-QS$QEt<G_xVoDNP)hWuDLeV;=4dcCeWlWoUnb}aWMTE;>-5Mj_d%LY_d6L0(
zGgn(LD5gd}!4NrmRJ=DnHap~r?5!)|>*Pdhy%P@aSr*=HOBAf@orC;C!=Fg&rFwYm
zGF$862+6@n3p=qy$#*afUNIFqtj<OYSEFFeoHC{nsJ}&&zhf51f5+mSjgli3-*gw5
z%`_3N`U+?nsMn^$)#Q^C>1pI|j8zrTpk@Tk1uIc{3vXGN=sW<doOHs+F^MpY--sit
zxsbD(e^;->iB-_5E!5?H-g`bCgcc(@u)A9ftoo*A3+B34-yB@36p&PdH^i)dR+2_q
z53@fGVGa{QCL{8rzz4dA%LWiAQnio0>WjsI`N^jV`bt3u`|-JH%*%<Y{$QF_nYI$9
zT?)@kDrP|>g%#VGngd-hv-*hR4bLYj=L^bH_>h`AkL7I#T!L#Atc_gFgBUkiTS$9)
zFQt}@@Dt^g2_u)}0D)SH`kQY0yP1Nt3F!|L{;<;h`yo8^l?VhQuZ2Y+!B3~Y;-$?t
z#9(=in#0~Yy!rPBwh#(~-*wt#XWo42=#{1uC|>%6_xh9hy!xI96x=}6F(sCu0!*h+
zVx}MCM+S$fzW__2@~Z)bCiMSZ12j?$s=KnhRC*irUA?)d4j4$^HSgsJeHV}we~DgC
zg}E2IZuTFfgri3HZosv6QwF6w@Nd8doPfz){pkYJ%-ZOM1o&WiPM{=*<B?EZM><=E
z7Kb7AxLYHA$JIYfV*0Ziib;P)2r^TZ)^Ifi49i98z^)LDXHowpP{E)e$!jAO*zg~I
ziYl<(-Bn;!uMmIYs)<&Cok11YLOWA|9hx1k0*j2F0<e<4Ac}QP#0r9Qi%r(L$~1oN
zX9D-}j5yv{$6MEO%JUQ|D`w5aSR-9?(8hlh0-gf^IRq5=0W0532PwnYLf`9fOXna5
zgY^RdC;&Fr^WI|s8@qx5J9Xi((PYTmKy<2*&pd^`(^kUfK(D;Tu$|*E@~TNNo)$9O
z%j8i_4y()JO0-!YG;!5Wm<)zug~vE7Z?V+m`aBAsAz^xH5{t+3KxaVEjGL)Yle-Qn
z5sc~op`d)ADVNZb@V#>!AU$+%WU2|woSqJ_@pM)d(d-wrgqNCQ_|CilpSel%_+CH)
zeAwJaYIAQFGFxHp%{2Euws(v;edpxxsegfUJzNwv*Q<GB7ouLAum9&cYxucq5IG|k
zBpBEDo{Yzu9|5XaixYpYx5ZFg9RREm&jdfSs+{Ev|KbWp#ae;3`v`cEyAMmq3131=
z_!53bG1+>iP(8<CwWcRUtE`?5Rri@<(N6&T@4Pjd1>a(@6TZF*txZ}A#B1kr26e-k
zb0CV%$;Mbf(gqQx#Se4z59RuYLj6Oo{vkvEV9`Ic8MF_(^$#uj2ao>YP5r~K^bfSM
z_t4FqsVSb$V)Q&4U2f+fMKWV3`PZj83RPw-_W|{b)UH7A$CnZ;upL@o$aMV;DfZl_
zvyiGPx8+JN&?kQG+tj)BIQQ(^_}$pVNM}?P4&7b~dua?tl8yVj7D*Ni!JyVpXH^)P
z!lw%V>RD;$U{=~!=?QD0W_i%r_hmXdaqb6M1xUe^$#L*zfi^c2&aI7mwoL0Om+2`E
zWe+rzDOqP7$^%-OR4mV&)<;ik%N%#=S$^S3=|Q*gY}}e7=7F02kJ;)NU!m2(3Co8&
zTzi@!N^{KJ)8$@iWCi{*Y|?`!hvc#Vz^Qp}7zC*}9j8hr+YChS<?8(h&jr{Hh4*mO
zpkJ{=@fL%~qUoXn&6Tn1ULuVB=o<`p=e)-u<i3a-=)HAwz(0zgdj<r{6R(dpsQqqA
zF<`(Yo`W*>g_pEfR{amQ{_(9Sfx=fc=}wS0=XSzdAL3g(Mu)%kZSAdG_SUzww{q1l
zW?<Im33rGn<(G!cl&EMbq=z#?5AT47BkAFHLJ#kShXd*1L!pNcMkd*H29xamzTZHD
z50jciHu%2QAX}}*26uOB@I9?Tt~wVR%<R@+B{g6=DRm;YS%ObM0N>lRCE&OE$N9%<
z!T593!2UqMpX1NM{4k@i%}3A%|JK4^t(8Un+0cOoe|#{4|A#{dYA0)nvye_Dy?rQ&
z_*L*$Wd0oW!$Bb5$$v)_A&&n$%5=^v1gV$yNKg>nx$&d#ZDRJ`NA-szrz=!tUa+py
z%+=D@A>P)<yIYaB&B3yA-a`faDxJj@x#B~-(FgqPAw(F9Lj0{MOFcRsi=3}U`4<@U
z!@#60>kGGw%A6lpn{L@0n4*jtgNj--Wm86p9}G`3IE)8G>9@?7`4^n+6vcEHCeCEk
zUQx+VFs(i7eEDzvZvYGW>JNYgeg1*X0T%yRt_6$0&h>pXlf{xXpuWR%cZwG7VP@eT
zc7q{O9w!0(y)VuOC|_<?cR?KWrO1@XH;0&7;a#0C5l-z!jusx_hdQ3**yY_rqhoU+
z9^yh4q<nvTjvfY1am`!wxaLoaK^z^1<ggXf$z+}>wT@|VW*4InTAaDI7{t)MddT?N
zVkU^T2zos8YgjDcMNfU6CtRN}jV(xoUDg>bPj^Pk!x$@3o(cl`ogtmjCjzkCLeDIB
zo(C87(k&oiZ*XL8q$LdwE{WT`9i-c#z+#^ejXTB6O%AK6-8n*849x3J>4fV5oTny;
zAFt_fWeUcP0$OcxHE+RcoT;nOvq*jQ>J$ToWzK@d&5H0?h~z&})o1IlS<FJ?>dqUn
z0_IQAwk3VWOJ6Xc5eeJNj2=7W_jILfZ=taf-{9T(@YYGf?)-cdBgDDC+Ce%AG0P~e
z#E<;kH-86ztnJ*hoko^D<_`}W4OpHb6&c&_e@d1KnYjtg5fvmul}KN@)DLr$49v(Q
zFH=zfOujJ?2oW3|`)@XC9RQO&$6aZLNj>8x!phhVK`C2ElatLLhM5`llXmjbAyM*?
zM$9(dc4uIrSv|arggT%#1z8L;CO*z01oN4e^pniA81&5<Z!mP9*5Y{Fv;}5c#~LG7
zQ%2dluD{wl8ZL3M;Z@+*rXrP=i_O4P(9ga>*pD<Djam<6QEKq{8iO$KFM6c1^jeTX
zvxMiXPY*_*&krW6Pk9&F0u+d`<h7FW`@f84DXvc2-bL>zbv9h?XlfdS1}P4&`h+)%
zOVD2sQ{e<jjjuM2_`u2^5k<{@bu`I9*+fxM1|p*Rz&IuY9hizl@-z_1m;MMu@|}_4
zMAG^r?OlA0=;T=KwKt{`mAsLSKRsgna;);<-rt4h2W>lR-U8C&-W`uD+BzdUeUjYe
zWh}n3+^kl9Nv>90&0i_kQKKM#%g|A8qT)-=UU(M%1ZfNF<e6#$*HKx5@}OBzo>Vp6
zpasjrYx$R8WULnQ5*3D@PJ`Wwb~#|w`yq`Ifp?@w2%PD*s)@#rNKM7rPmv?u?oL7a
z64qhDvYDc^2SfGbG_(3$<M{ybnk-jfg+-8`VH(ZBK}_2jjhOI}Ch<Lq?6O0ClIbuv
zfnd>FOC2HPwfBr~9hqKI`t|9SZiDhi92br2#LNcXTF{31BNn0Bag$9t9+5vH<=wHQ
zcx(q8HCiyXVx|qkQNO`_Y=EYQ5}G2NjCyWpib3BT=}Q}I1W-|~=J#-tbPT>%PzaZ)
zG}dn5=@0=$CJ#!TgiO$^5EFDa`hOMS!|#P2&g)*7fK#9C)4edkKh83aXTJI{{ObF|
z*=UYuz&X7^IX38ZF1kTtu)&Sk;4F5?>{Hq5mz4KrmwJafG-R}THI0SJ6^0&Wt3TEr
zj)aG?_1z4A3vjrNbyzizmwv>=$R8myR<(S-fk`S3X$>!ZVv|k^Qoz<xm}7E&SCIcf
z#hQ^I!zo=O$d3bKw5G755pKp`@CttZ5DBD$RKs#7s0hrz+zG6=<X%ayen>w6PVB4R
zc`Zhq{urO5PfVSy>b{(_@@s^8^#o9P9qOAKj0W3^a|Z#(Er;7k{pdvu0pU)9OKQ>Z
zR4JN%Ff6>?CaLN>EpQq1L{g6evPXT;(5erzP%~_B^~Yi%v;l5hx$hNX^_FI6`ywje
zMQqK4ZIo?ZdMKW9a^xCag9LfGnN_K%`;r!iJ@_Yt&xTT9Dhba&Y|z|s6)I8!!VKoa
z&%o+|p{b5qcRs)hO}Ya{S2CVuzB(Be?oYzqbtR}jcc%n5MZF$=i2>Eh*sP}suV(#$
z;l|wehH7~A4+G$}w9yPfK2w^)GC;}`eS*e!-~Zv3P$`XE^)CxUXP|!6Y9yfAw122U
zYoq=0JMEVb_J@NTv(GR$*sA5c!I|7JiKli>)*epv&n-rSXg%R9#XWn~=(-XU$aZ**
zuB&-#lQRbzQN0N`HUG7M@4A@3Iks@_<lTF^(8u1|<l3w?yb>D1AV%h<Ok5_e>V*%O
zr0_KS4WAz{tDWdlhP$1@yFCELjWd0lU{2b0k9;CUb2GaQUVZLz?16?uTmFBt2ma`W
zOR@)^x$(bg4~)QXq|89ac3gG2O<IroOUa3KZz|E-o2h_s6X$SudN2_&u}p;|qOgK5
zo7KC2dY)VY^2PDatU_mMv2-iCW21#3mlB{Nb;)()9N^zQ7nA`TxawO7b$%^)&&LTM
z1B%SP0peXY`tW&u6M|-rt9Y*XG_Hp$I?bcQ#33BtdoWHtdOcdV*OW+=e>ITshZ`;(
zK;iF`QJVvT@hDCO4i{y=gX)4oluysh%G{T#LJk~fR~*(YVtI))-w)Z&q9!VWN;<s5
ztfpit)#<2ajv=W?SnW*Xl!0goSoC#*)FJ|(yihg#5I1j9Mi6~Yf~8H$MbpY)m}oGQ
zjeb17^#juk-JaIx9nsgvJv#)p!#AAr7*5Fi7Kouq-$qPT?>8f|!7az$&1krJVj%NU
zDBUx(C;j+0a{gER?7w*aBYQso>tdY$fdA<EXZ)DXKR<N-h43GLf%8whtn;6R=Rdp0
z^H0;xf7ieF{BQa5KX?AO{`2R5G<g0wJ)eJejPviW=hH0wPr<;BpAZa~Lokp|D4|Cf
z_@v*(U;tBn`!X2}4803rp!eN9!N9V93<gTR9BSxhFa3tj|IE+-i}(N9p3i?ojPp<Z
zkKX@Z{oKF~Jb3mQL<4%h|CY<T|99g3pV{O6w`li&d-(lFUQWJK1!n9`BR_tI>Pq85
z__UO(8;6s_%ZnZgIYOn~|FZa)qO$`oDL&?h+$F}xd_(a6=zkObvwDXAYhu8E-~TN9
z|K@V}pOnjj|LHj_w4n$1Pto9i%fFZYUH9w%;`v|Q^Z94SIRE7T==sn2!{y??q{}-0
z+wuIT^?3eC+WBw#_n!Z%m;a0BpV9OAUlrs06aTaP@1HOC{QF$i`IqDQ-`3;#_tDP(
z^M5n{`_g~${D<{?{zGG&zxh9U{=5Hrx$;l%%R2uuJpZXZo_}xc{5K4ZsCT31!$XVr
zxA!NI`G#dkhQ@!LkkUP;Tc2RQJKjAZZqx-MpFd~*052XNU<kdX=WM&GYXD8@oz|h<
z>J@6NmGiq~9o9K3|CQ14h!=_nc(xad2f&1$QEXAj`Tzc2X<@19x{bg1QpV54@ka#5
zN81<~@A^XD`gFcf4LF^37n#oXgz)J^`Ky<sX$QTScblAvHo44P)9gy}50*~5_r%vU
zGxPacV{fzoNuAIL%|dCs`yjlrybTY|-Poo+lE5-HKb+9bzK&|kpZ_sj;~D1ffVw^D
ztorER(FoAcQD@|;e@N(HNEW7TCI5x}38>&E)#F({r=ItojRQ<!gIjVvFst_KS$f2r
zMrVJ72Cq87HD9$}Nlpv?cyuf<9&t$b0Uo%|EGVXz1*zB~z|yhLoKwyu@?|)q1_o~q
zIE?48m94Q@OZPq`3$L=^J&=HoiCD)w(rrOqT)H_BRsRSx)QaPmTAcmlUN)&0rA?3)
zn|;3_G&LR_H6oGJs|MXsBQDAbS(JQ{NJ`|2!yS?D1x)r=f*9$fT5<&*!2wt`j%#`?
z%2DGgTHgVNt2952`gnZh8l2t~#q=5=4oi2xj9_oe|K|S)P(t5QKnb0t<QyEGe-aMJ
z+Qn6Gr={L1V(JL#0IV22G`yX0m^c8_;N}4CJsrneo0iz{yto?Xt8z+xVlW=t8i)0q
z6Q+Jln|eY1)dnr+K!VEAoJTs0UyITYEdB?eLo;SS&N(AseW1=b!RlF@%Ue%7^I=!e
z{ysb%Rt^`&A!BU;yeW&#80(tTAR4=boRh8${|Fp0lMUxj!`mQr1%G#v=6Tnk%>gm~
zCfqAbLmj+L>Oy{VAlyBnuv@%NhajB~>gNTl1ebGMQ_-t)Hf#w9@-T<I44`qBD6yR}
zHbpD!9kL5<pbM^nLs!=m%p6JP^VY;x*E0{;1p|(x=NS0R&raC51w(Ft2i|#{vz}?k
znLb`m9Y9G((on5GTT|<!W?Y5)BV>M7resm+0Eh9g;N6Gn`4OeEeFXa6!+DC<)2?B>
zwbOYIPxUQXqUWy$qNh822b57lDJm3OU|wdE9;1%~$~fSH0em`Y>=(emt{Tmeq#nf9
zbl&&{rp-Xxt8W}!0nvECVLXcWx&wi#oAzDHS5E0Lt*4xJwELhoYJ7>snd5%UY*=PS
z>d;*Gb-;#E6wa%8Wx$oI$S#GZo7^Xo4F0}0&eDssByp+nfM)tenQ=b*&6bD*H<a`4
zi3R}8eUBw+W|}`oG@*MTPt=iYUw~M^u@*D{X83b-MB9e*y7yc!1oa@IO$s7fXB?8o
z#<p3$6hj)hjuroAOF*lib~u~K>1I(D%nnRgBTuzxCo!Gb_|l1ykQzly*s|94E_vA$
z{q1}p54925;qrT|{2&@~gQ-{y&b}~3iY&NRtqSx<&kpMo#Y_b!#q*7mEFt{QYM53n
zPc%3;0>NSPl|M$SD)j&mR=XUgeXT!vUWooR+PK<ALH=NMu-%pFKp2U<?GpuS<KprD
zt)ckzSpBI7y29Eo`b&6xgmkc&s|9AkA!lW&A3-~Z^(0q47Qn0cmddQe#XEhE1Oj3B
z4dLlBe8fa~GR$CV$gGA%tCEGhx(mBh6%Sx8RcpzmDmC0ojH+K`Q}qkcxKYgfM38nO
zRhnWQlj|HAUIb&i?q8+XznCl-HwbWhnD+v@E=+I$Ei-;Xg)9KXQpvBbQLR1SA8{~N
zYRUOzRR-aOoodGUWafvZ-v9y^<~SGH|K41!IneAr-DjyCu2cCBFmfXKhrF>huqUJk
zE>i1R2~5Gl%c;m4^K%RJq#yMx7l?(LF$Pi@`_+SFK;AMPqdUHe%+B#ee`Y?OIw~?d
z2f<h0;3+kA_b+K;A42ozEOA^a-1j02ms(;$DI~SX%r_Ph6M+7KKzMq=A_H^G^}+f}
zg0vpp7NoPQf~l1TIj@k~Vf~~2CzM=CUEYw2d6h;8@<dx;U_@G^etKFYmNsWNwA9k(
zM6M??{su#A<a@{oQ3EiC)F60|0)RF26xFAt-mr-BLuT|%soq4#R>C}^^E{LejfKmw
zG&GrACnj+Vl5>O6euWVk59UyHq40RWW1{hEKJ&aFA$3R~t81y%bd4)VFz#?zAILJh
zu41NUnY^wKsg0J+<YbV6R0!j8!qX1?l?=2vX2OmAq9Oo)f*8WsAW#5+$AY$BGll=<
z`U(Rq{O@ckhW~{xB0TtSJgxQw_kk~J&eL(uY1g=tD4h)82ZJ+L4+f-RTx-H20#m~#
zLE(VU=6U>PCfFF!&o3(2CMv((1>k4M&%)qm;_5K?*>oZJ*<arS{J`mJ_p|rX2cZ8g
z-;21Pyv1*Ye?h!xcIEnyakaeBy$2Q|nltdxQ2!42m4jvW_78xY3`bZ>Z9)7lwUE04
z=FQ-OdD*7|6~MX;oxyv2<^6PzEw@G9V+t`!v9NpmRCY>)yrwhL<7{$CXN{*K2^;M_
zFaQ|Kn;h~yb*fS@0;H8r-~wuz*{`eNS1P=DhR>;^3ZKAA)if`A0E;m@q=Q1vW{2?<
zAMo;xb-5E>Ht3r)iK}&v2y~c6n;A1s-@DlN-|64av+uvvzn^2@F*y<lYv=etGw(ia
zT>f`t;c~qA**OvZjdNyF!JE_Zu0=qNrUtaJJ4}hd8+SRsB?Q*TdR`pkIdK1-@SBW6
z@FOGrV}PA!pRe*~BWoX6$G%$pgBhpKnzGIL<9^y4A*X?z(poX+_@Zpa_2e~&5o@30
zs{sb~{(07)$KMQm|A|{EUHUKne4_y~zIoJy{K1AOf9vqGx_LjH6+VI?^rsm#jhg`X
zs2Ct9dBvP|DqeC1j%vfQ#k_mZInmh82kKya;3XPy@lo<I5bu)nMIENzu>Zf*zISQg
zU)H_{wC_J--+O6a6$HJ&T2dal&ls1#ElBIMN#Kd)(}@kk<Kk*+3=|sMH|zvJSPnEq
zKP%||3{I+zw&IZy{u^l{>C0gM)pRQKCD}g!Pb{=y3H#XA;E^2Hh^(&)U>X33y|UH6
zH=-UJ7P`e~%u}@cs5ygcc>{)?gOG_zC#597zc*ZXJ`4ZPpYq|QAeu3eZ#|7!dtj%f
zT@;kLL6n-+(Wo!8p5m(g2-c0ODa}qW^N()@<99Euo>`G~%u7z8r+Q{HlY6dbMpN3P
zCOo$-fYO~!9weo$5ZsL>n3{7sFDC&fW|PP9Qk!Vptz`isjoV}YOvSPrfM`Tkj&nZ-
zJnj`Sbt>v}Cy7f^XMQ|1h(9p(FBOi%!jip-f0zvX!(^sJsOfMH;JFXiooeM98&Hbp
zHy-t!es)`+K9>9}%1bE;#&<;dF<zACmg_ky!s_J;T6&x?yI*>go@xiOE9GYY=Tsk4
zo-!wD8O<kP8S>(M9O`>8R5lEis}FTev_9(c#>>Vkol)c61>?c_WCU3$U<ey0A(I)V
zm<sMEH0no1pZdLk{*1e3`3A%L^)d9zR4-^u7LPDn#)@2s%J(ed_^d3hdIGsee~G^6
zW`9oDdZdRe4ry6B=C8rR%akXHy^=`Y&!e(<xxXMC6>>HKZ~6t*t$vC)ro|wDKc23h
z>5Yb5=MvyuR-&2K0S_J0Q9VD4Jdl_Ce9lJgWv4}umyp7xj^1-+@hi@vzyg3{z(1V0
z1)iWn2s4l`=Q+m~X$$l%-40&`rNlz=XeuUJX@mPAtmq1RTjazxcoKYD<Q#2wAd2w%
zeefM#HDytKdt^y+wu#a)J_n;!GmyRS0~6x1QQe#xAF&fP9o-|tyPwbPZ<7b*EZ-yT
zJ)IBpPwdk5AH!Gz;-G)x9B&W)i8r&jPMDfQekc?WeqohI3!KC_GM@j5PGz~7rLi!F
zrLhn*kDLJHbwgAl3+Amj9`P$`J-!l*haH$)0vTDkU^h!#p(&)2da=Y6wJ=D~Kd?FE
ze)w4L7+EWL;~J*P@DLMh)>2l?*Lc>+y^&`Pn_M`{dLu0Y=e0+l7c#4I+Fq8kBFLsv
z&#u;RHZ^QqVpCrRHZ_&4OG(?!yfclvqn#MT^&4al`8@hyLyii6FkH-0VL-HgJIq(1
zeTtlXSoc-fcR^o;hHzhnpKOcrRd_YhR{`Wax2F?z79iYiJ=&kF0<HKr%5j0!mpip9
zfr0Yt(BuO8ymaE)Pf&iA$t=;Z7F9F+bB@NC@F4b7&y>~!S>e_~vk3oTun6E%WZ8l8
zsMT+t4*+8hEC*M;0iFQ|!qqeqo|%$S^+>saWnz(6Vkyy@X6_lRE)V?s;m$5f$%Qc-
zj5Kt!AMkVA;X2P0tY1I=2rti{Q)-<(Ji~RMsH$>!T#{>N5pb}>jfGVQJcU(Vg|2lD
zWz48jxpFv}7&s~!D03@LQ=MS0)M_7|>%5*#!~dI)SbCe&<Or<h{*k717fgv|u)xNy
zjlh*tHjK!v4&(1(&p#2Q%~SxY;mt4q$AD(Oo4y!;sSd7$M=kIOF=hsP1ov1gC`WNH
zy>Z{+aWbCmUpH`CcuarXY?jXW)jypF%HhrPR9P`~rnkp@v_Ks>One(APX~icygjE2
z?A4PW^l3fzBnq?4iS&bJwm=b(L(u>Dvk3p^DRRL$@_!x>bbfxp$k5KRFtkJ7&(Mu)
zRS5l@i;MJr<^`jd1+YYTKTip0_0#q7L;lZ#oZP#+|MM@<|5-3L`r}cIV*bx4Y+W$_
z%}mCg2KC>fyhQg;M^rlJ{VlPQ8DZ@&Wa(Jya8yUji$lk=PE&VK#u=$43l7P10cUl}
zk$cd{a^za*v~q>a4pOt_5oIV0B?$>0)O<DEKYhQ$cv8qbi2*!X%EW9;;V4=csF*SB
zi1UGvoBAR3P+$|~?pOqaGIw={p1#BNR#3MQmcDi;(<HF;wH9`izL^0QwMRkY>FRJ|
zT~`0i2sdj(_hcT?`SbrT)rU-s3$G6;ezfHR^&uHE!7`z1^&u_6`jF|Q8q?}SQeD&D
zB1V2}Q+r>zHNdiD117DmqEOI>%+(&}oxIe<x2k-=Lsn``=-tSQhBl`A)2JRXrtXHL
zv9@#7W03PI7;UIHBuH&So<{&^5apz)l88uuydC6~$?)0iUyGE`!#eV?P#gc9n!lcL
z*TqUu^4^1R2?5mY6IjjxLF#P-dSinJX0{A0OZgd7ND#zU6=Y*sO6iyY@0QAA#$#E^
z;7!}BcD%DCR%uE>?j=ypqDw4IIWeG@rVQ#&FIJy2S%YJ9Rb^H>t4}E$?ElTwr`&xW
z+0?`7yfSve{l%1*->i<@mrPV%!}rs=hsF46W3inrvq-;7`J#G7oL-z<WR^<I^-=Vr
zTtqRnAWM`Nz`a+o_G~Z+pSLz~)%TMK@;TxLw12+$*{AG(JoiQuY8(*u+$}KeQD%M>
zBjfXW@zyVRZt@}IV7Q_~yka67FUV3=>b>XsGu{H7LRL~r!jUT}^w{e|#g~|KTuKHq
zxbj!*r<b&!B(Xmrt(BOy1fI?`2A={jt*l^A7lxiD!_(*3)0OP0Nt8MTX$P!O65}n-
z9Q-V`Y4M}H#fF%bvlwh-WpaDcfcr=jt(~r~@Pos8-Weu;0U*N*aBV?0=}m8daG%B+
z9&_zMnUqR7X6;9z5sUE*7NvX5!HqDg@X^gnwrFcLuS{4tGRL6aJu2KJ+YNsJ*KraB
zMVx}2%70K!5^0n4nY312he5%B=P<(qrG3Ku=9%c)b8=rG;6OOGakY0Q`Zg0A*C8G9
zeTJ973Vm?ZKPDu-hRO^(a=w-haZfygk0|96R+RD&evTRC)!+BhqIYQwb;)#=t!s~%
zqZV_uOB4CIhlHG?FuKSUwZV{^3c1>^F)J-x{|t3pJZYyI1SZ;Hk3e`b6C(Ot`kF|I
z$!<h3BuAxLaJ4O3N9u_<OdR11dw&nb&NqtEO``OeS(;{Hw$F%rO7)kePEn4NAB8ow
z^Ku`q_O?V6bnjsFLlJ;A-Qe%1%fo?shqO(wZg7q(Q-<^tTK!X$A+sFvn5_<L!=gP)
zIYAk+)%uv3d%3=&-sox(sj+LL-^}0(h{_{L2G>}wb_1^@xAH5z6qFep*7b~kM`XUa
z+W@Tl&`Vd?xmqF7Ze8p2q2vkQzMTk&+<ArnTJ3vTBJB27SchHO2EVvCURr09HrTD(
zxa!{{xXnE-Dnpi(%Comx*iV9W3-<)NsVq$^Q%qYau#A4Njju3QI&oZQf%2#kj;Gyv
z$_00&DJnm5Zq+iFn*|0gHv=89-!dc7>GR)0y`1rnRu&oIh&tfLxAQ9+4O)WpF#I@<
zS3V+>Cv@X%gT3Y@vs4a;u@C^dJUuGEB(efXyZ(m4#AGwR#8t0?FQ>Ngb2o6c%cxM!
zORyJ>WpZ@`OB`1L6CA?!-yv58pE-}iswzN|$rY?k&U=b6ksNPb=StwMjZOz`r)XWj
zcr@}50r-Do_g)+PuSd!&g|{qAT(nM~2XuB6I&=9%3E7N#oG#4TnUK@Mzf^B+amD9(
z>H~EM4D#EXuv@C$Nvo>45il>Tw>G#rCw%D6b^&=V8`Eue*)hqWO*(EfZh-ZjvBP3!
z2nvuz#k5>dOby67!;x$P0(3jVV3Crxh9Tv&+r0<l;iQ)HIcGqq!~Q{%GFwWe%08AN
z&SEkb0fy@X{CB!&UF-VF#wPl0n4lflR})G0go>)Svt;%}&4C-C=-k?RQd)qNHzY`J
z)ui41F-b8${sBzJ-Kuc_8AcWOU_t(%LAQpxz97T<dQrYM5`H4><v_dSi4peqHLwY5
zpr^(#`}<FJkv)BKqF`OKxWK>dBK@iJ!rCu-ZC-@^Jy49T9MGz87h2yBa@C{A`o17>
z@g83#e1!Fwx;&`Vw%GGYjxjI2KHwpERFdPl+Gat1dYyq1Kzan}X<GA2o4LyazuNP?
zOSajvw-m1|N$jS>ik9c;{OJ^^Vuy7cQyvxm!-z6AYBYdcM8Ip+vP9F;+ZczcPNb|E
zfL9AU))<|=<=G$vN}mE>nTrnqW{%jn;v-zG&CJq}<k3*V_?untB8}UP41#-^#o!c}
zvx2qWHNpmr66~c-l=d)wgz{aw`VwN3ytkAmI{p4BAOc9+{C4tkI;H+p@5uEIYR&+&
zB>J-jC3&@mE+ft#*zuKgWO$?70DWArKFl;gnn~5$o%56;BVO=qFSCn@N{I!IyBSV^
zQpjodgrB<>3pT^pO*ZeI_^FCXfQu0}ewjSoY$=nbN8b;JwaN9B-vJUguOSRtc0aC`
zPlP8;!5JTgA#j0wfJPD()9q!l=*a+qdR+$eY4=#TRQo!>$_-s*&}ynhHFpI9u!LmT
zKGfedNylf^Q(xC1D&Z61YVPBuM$KNz5$)IrR2cSqec>$+Cpr)Lo3SMfXll|jZie;~
zc#{=0yGLk0JG22J^&J@FP4}_aEX^qf8V}@^lyl!k=NTS`GSjUs@dM-gETeI$n3q;c
z)qfgE9SrB?t1fV#m(qP6!mPr(w)c;=pD}w?L)87Q-5$KJ4Hv%O)W7;<So>J_dnw)T
zInYY5?&7M=bibGC_q%(&rRmdjL)Oh8_Ce1x%*axVP>KQoV50mx0%LYb;NK;Q#)d$H
zyDO1<64kJ`+?L3>pP&?MziTzKh9!wyZ72M7W+mDc(>PneV{>;Va!(DSln!G6k*9%t
zTG<Z5Rplmhl4`f0SLr4Tdj~Byc1+r60Z`t=yS>@o1Ayt%mgIFr*BhzK1z4-h0}j}f
z3(%a$yBpGZ>v7k9ngte4VrakmA8cmRvl4v=;3Le)IN7XuDamPB@QI3yjS;xoCaQWa
zS02adeTvgNPSg7or#FMxt#N1@fXRJIliQ1vyFIVtxeLz+hGG*!9K%&(4l(M`w;!=y
zRadV?w*vO+ZF4U-8<yQ9wdHhj?=*RRoYBj@<84)yGB}Rrd@onz#csITHbR7Zd1<RU
z4VL7;2WNJ7*IK&9A9xvxo}4((-Pvo=Bpc$7nr3G&n{}%B@iE*xEjeqsch+L}t=v1!
zt-e4L9Cm&aSJcFM_hHW5<JfrzFsnA>0&||nhgrqCJV<Qmeko~Yq6cql^k9P^z5O}S
zgBd_sM|62<efh0RHnHU!>bmM|E8z@m4JC=>OHBu^l|hH0wx0?FMC(m1kf^S4NY}n;
z^nafX$Id%A-lw7QHU-DKnZ|?OVZblw{MmRjU^pCHkZ(os4UP8TDXJD=y#~j-NwdO7
z=yPUF!yU9^nr2ZR#4AGzrzoabf-Kf$fK0I~1LP=s9iqHl7C0VpZo8-yS)j=hQAw^t
z%^#4VhGGEcQc+3UCAjOdfuk)1Ui?cHu43NyDE#1%o#_^b<h%j}G*dcCXji~#qzl&V
zuCHJMG?A&m!VB_UmMPNgZ8!nrBp81i(u3O*ZTWRht6fPZ7HKMgu?>K8DgY<rC#TA@
z&Cvf$%OphqHZp8^(qUSv!`kZF!%`e$qM*X+4rakemCaYU6B1nE-Camc!sZKOPEE8K
zn{5HFD8H~4PXg_|Wzq}l>GR4`V6txswsL#puo)r=xHoYzngVO<`tz$sXC`jDp{Wb_
zkEhpayaq2l-Kg;zyksrRUzE70FwYY)A0@dL^cne1UGSaME)QI8m`zclEvL<9ZF+ot
zp<!uaVfLa#@~>-t)#!T4|A#RC9om*A@^GYZjO!e5d-8$e2_SmF*?Kw|jYTSWduMQe
z6D?CE*ks(`L^v3e8K6LQ9hhcUW&|8_>u@gsl&%8WT!`;Zk!OFBQ7X;$;2ZW&EJ%_)
zv|*w$*@BjRM{!Q8V{S7xE>n`%lR6pklal-y!Vricp$WtIsX*UnTWI`L?92kE3;b`Z
z>nrM&JO-zlZ8`1GC-#H=PL-!Ofh0P;DFa_?0&r@w5Y2(Tf&DSS{?y}6NN^xr_0uHi
zc_>K>VD~&x+io~cPnovg#jxQ55YIpp`aOONm=j?1ywBN{LL)$DuVUpkBQ=++>$F!l
zlu6Ya*sCa+AvlNs41iM2Mp?<@&j3GN)o{E`uD=khPJ^vbN{slHt*SGgGRfMwNqFFV
zpqczA@%f@kbWi|5mfAYDK;tF?pm2D;GqG41Vk|apvjysCTJj5<De0^90?oy?vIxfS
zM=d8S)31n&ZiLWnS7sWESKf^cVd>}?@A@4dz%2t77n4(Y3$xqfrY16Ar3-+Nis`lj
zO$=5;J0DY@QqH6O?<P!RM)`H9EFx;}a#Y^i8P8kW7T+DLs?G5uM^ZLQ$;an;MUY6J
zFr(hr`n4#v^W5amL?tUnu&x%l$-7xL%H3ot!N7@9rC>jaK68BiQ9<EDzjeXgWkPR!
z72fwxC#RXc=YT)^f{3zFwM*^pJ@LSeDHDG9@Myz4o_nYfEd%!G`gh!N``7GWIMD_Z
zQcAyQJx;#i<@jb4y_cBVTcFu>5}lrX=r&WF7jP(}j)^oIoY|t=qGlxOGZK_B$1s0!
zUO-e5+7?3p0vRu0X3QP~GwEuBe@$JyyAh^y#&sB{a}6-+%Gi$=j*hN(CXH!9VH>X3
zNeZ!;WJYQHF;wQ}V5a0wGS{8q-CgO6Zs)y6<M}`Xs;}L<&rMO18%ve6M&!_g`%%O#
zFs%nZT3l~AF$t!z9#9B;hD&ck9(|W+ZEy|^=YK}?67U#xX3AY}t#ch=7SXw_=qxk7
zR55+6Z2)c;5T=7MLQUY5&RItr)L*3c98baEEy1Y68=9OE-o%{U8oY7t4{=68m=i}{
zBY4lnV^%s1=1wAov!29L;wFDuri{u20Tp0Q6^(lU=2Y^JeT%^yWkFRBA0U{UqKrB?
zrO|ZIz(CLF?9VHYn_=_5MwM?~hq`0`rhq74!^_jmV$NQ4XG@}_S_jnMz%RiFK}So(
zuJFNKIflF9zb@!*gW@L}C~T0W(A5;B008eXbGKlfK=d5B8Z;vL=CNqLm-AtNCk%?-
z-;g+ryZgJi*t=`O+k97WXM3}qHHGc0Gwu?0HjNO}F*I<fKi<zSb38q3<K4S^bJhD`
zRz%>t`5)OD?NoNyK!rF0UQD_56~31P$h6DMJ@G38^H1y69?QJzPtx@#8TylK{YkF=
zBwv40s6XNLC*}H+nfjAC`jh$klZE<|3O3urRp^Sq)y%~J7HO{8SI8Djvvxb+sb7V|
z!?+rU@f@HH5bY5sy7%^Wj>bTj-I4dbk^VFm(&9+u4m2RrI)E?bw6o2?B86H#tH}0^
zg%<WTUHh8BzGiD*bJ^E??Q0?X%4=WC+1Huc*E#I#eC_K(_O*gdOoerOVcn0B0Vs%=
zu4d>c(*NGbQ;-6%6(Rg_&1ZB|&>ZeCp2VFKy!+wfc?|suuNpj|ZY)6d+_cSsSooqk
z3|}nQAi7hhPu~s074k??IxprNiK0>{)`X}O2w6EWNBGzRREp<{THvN*+>|q)R|*Kz
ztE=`RV6Vmw<;TqatMUF429)p$zr6>qu;~=h4!o)uq^OKKtheH&W6<guXyve;=c<2B
zFP;%|4#5_6^6oR~i_HWeKL35Z_fR~dehK8$1Lp+AbP~8J4cYqg0_cl)6>uOH@jU)J
z{X9yL$>-po>E}q8#K-Wjh0&QV*XIC6&YWm^C#NFGYc#S`1r!g|4<o(~U_7H9Ot|C|
zJgjS?&>E$UR!pm7BmAT>aBQ#ji$qA>>W!QvXB*}}5FXhPS$JfLS&#0(q9a&vL|#IL
zXwUyVqSy$BjyWPa5()CskWayS!Fw!Oz%nJ%v&<LpDZn5qKpCtgww_!*Bku^B``vr8
z4MB&HTp{xmxfoa@Tnx|`<Ok@-lpdnD%>UxNkoh(9zer&I1=i%=uA6ydr)XVhc3qEV
zF(+kFl}@5VKnAXD#V+P(&<97BsY>C28jn*9dTso+o43Igg7Fv?38CVUnm0(UuS_%2
zGUqfEk%1ts(VY#{9-R%edgK4M{0-I`!~G3*{Nh6X2F!V-Cw~Ks_Koy6(284Ko4Pen
z?cr)lG>yK6GT~B<1&UY|vocV%{DBU`{#jx6^sg_$KOg}%tQcz}IxM992Yyk^w;<P;
zPvfDtu5}Hw`jCRUsHz~xPyy`e5f)ROd_(9i38(fs<jNbgD+J%z6%u6U4Hn#@_kN0Z
zs1tuc=bU&7<Goaufl=Wu1NMvi3!Llf<}Wa~@f-3N$RM{?I8|lr^`*MMz}b587s%H9
z1z5aa7^V?E3Pt)I;N@=zx9LC#)1X(ukAFg51p*5+3+9*C<5|e^Okxu0=`%lOm+Vtj
z-hrrd4=-sn+9*gRAhq>!$XqeT62hI5b9JTPZO`#a3CIrN^}^~zn1^*U)(cC!MQA-V
zRT*-7nOv~NVO_sy&(eNn%8)I^)=6d?_j0`rO{|}Z(gtYnYVjw){e??}=Ey5iV~0BY
z1g3h{M|3^w{}Q^F+QQ`1@<cnl&Y>xgmzh%D=T8;qZbmInnLNA2;;?RAoP~yoTj339
z^IJw<iU*c;<rGUWoR-CgF6~>UB)6bKp?JK_T={8Uv;XrL{HgAIxsE(KHERu5Tar}m
zai*YFG2iR7`P%W7+PY}^^>zajZk=fU##dauP%-D<k1wL@LcW))`3E$uI^BnR3S&wP
z&0MXwAo0CK?63&cHG3v0rtc~RYx={J6$jhm@#s#eE!*(u0s{J^8s^dQ*;md<B6NY;
zBlILF;FYNsa+IsHNDZV!9<!u4&l9qTh(=49B*u|F#EANmIMj%NnC1G)wsLY}!{kJR
zI&d|P^cX<Hcz+6Jz@R{8k3lmSqE8UnV#*Wq*DfjGYLD|uxkVdHDfo;wLMd1d=Pk<i
z(I67qM_V|HeY6V0jRql6<*lb&`^c=Kj1ic}xxEdD<TBJHw`HJFdga1IGRfSC=IMaf
z+P-)=^ao>gp{}=0Q-|`>2Q8%Ty3?%82w2+}?c@WKENqr&V$+OG%;i7mPotIhWOW|o
zfuejhKYkEby@O7)h(cATDLg8l9r6dCYPNu-iSDjGOUHkV$CPsl5Gx#%cg3DA1A5aY
za?g7=9xJR07~Pu<Fymu3tIE0WhBu8z;Wh5bsjQRAti;0n&c)NA-_>TO=$V{ob9eSx
zYWoN~w&ygUUsrKWGxtmH#-oK*T}JmNe6g7{bGR3_oOZjlnR^C(du_%xe3^R^?F=w_
zqDv5^tSllRm^bE>nnbj=KP=II!^h~1qe@%wa5HokT?POm16_m73}6fRpch3XtmbO(
zHy3uT!HTO@kD{9aS!UGIE&Z9>Mn>Vv`DOsaKJaQ`QX(+jl<WZTL%WL33|M(%e7tLn
zL%P*}BOAJJ>~{?j?|vWNr4XAWbf>U3ElWJrYHR}j4xmx5drDXtX9o8Hwf61mBp+6q
zn`F*Wq2(i+F`g~a*c9;iF>n&P-i&N5w7b#|640-L^v~Uu=uEEZa3$k8bT#=C^F01u
z__;-0S(M03_1PZ#N>YiVW)%I<o1LY$kRh^>q#~u%5^jOKB>N-lzN-nl*VL4#BScMU
z86Zclb|C=Ex+Uo9u#Q(2T6FcRT}h)mMr!Uz`~&!~Z)ce_yDyGs@2lc~eNiFnu&#CO
z#U4fIz#*68q?%BfZYUz{ryX^PD+}43v*9!XUc1%1_~v=h`tOFqu7)!CX%9jJ!lNiX
z-Ny8U51Vbu!T`LrXp6R-E-xzlq!*fkZUSRzqdl}mXkQ;=CifHh?Nk4cy*GhxqS_wE
zlQy&g3JH5yl%Q3EBBY4g%GS_rViQ{S3W(JzQ~^OrpbD~>78-{D`doNEeIjlJ6>vk`
zu%*y~$|5KrxBx0l3<wI8BDDG6bMBqVOqMn*zVCaV|Id#!$-U>^xifR_+0VIjM-%Ax
z(d=0|n7p<2^%b|>-fa4J;qyHjiT9nl_&*fyd*)lye=gqluU%9Of1F(O|Hb<@E`N7Y
z#QTnY>Tihm?QndrEZ%oXAl~;bWxOxA8I>`=dU?EWdf0g1>{=G^JF}Jr|7uy)Bj1KF
zalaFS{O=bR{|hG_K!es=oyFLMEDrczq9D*%9Psb_Wr+j6RTAo#Tul7$CznZ{-w}xa
zeQbaf|GTcy_}?ckF#eb0i3mcZa;|z1KKqF0Hzxz}lMjvOQg+kyL8#LJS^wWy-KWWV
zd$qn9k0016_&#VyRz4}wV1Z-i-M<UB^=hR89}1NjCeg#{P~KZI7QCgKH1?EV9k<Zz
zZP-F9$PD7(x}L#<-9O=YVHg?gtDy3Cvh30OAjKH->({iy?AAw%Bh>S2l)f)<|A**%
zhaLYx`rc_9rSHqP|3CU34Sjz=LEmRB{2S=|t=<5AcZ_GWeX@+U!-m0(y1Ug7LJVhh
z^qAYPy{hP1P|o3{R~*v7Luqr;LQtrQO0jD-ZGtG)b8AB=Rv1d33-lvO`VIxT;_=!6
z8m}PfkNW93VU3dX&hsw|Nly>hX%ze_D*Eo;4u`ndJZbu*o!06KOaUb_wXe<iB}DH9
zeb&gO?9mm&d5-uRI$Pa4tz?n#7RZxGJpr!9^mc?wawq1_YOhumRogs6)iMy31fli4
zsfcfmo?pxj@QcaGlKtnM#`wiY#SQQaT0cn1FXa58v3f6W4U^S-$(bE(y_eIEMN=;*
zdVcg$bCDm7SslcWR+=L5Bh|>T{HWvV06&@>GFaqCl_MJAM?+Uqe)QX84e_H>5<jxR
zi<9!pfgh<{QSl=~M1G`?$d90=pmc7zk#ePZTTD_py#~3`=%Dj&j@i|xCHudeAI(92
z<OhBvn*IM0o~Wk$sPz`$M~5$vA88ps8prsN0p`^+eiVht|9_7kDf0`Dmi!I;=#4{r
z!{-;~UDo_U-P&wzRw*PHZV8uQcuDz%<Sw<A(%=Nc<<Tk@&&;_jTxfvAg)Sk#(7WpL
z=NI1DTjUpCzS$VRaL>L#{Q^v!rJ1z8T%f+jpEJbzC#z)jHL#u}B<imRr##TfX3G*(
zzGk1pPhr4DND-{Yqd_Z$9R*OKV{e4`EoxE+`VYQ|?qo~Uf$tl#8qrIBf_lj}>E{0%
zuSAHG&`(zaVOwa1|J??sj~*0m!<dmO@bSBU;P^3GI7YkpPar6YY7lUYU3<(&@>m30
zir{QXb^!o8eO|C+H(34Q8}OQHv4rJeVd+vu^#`qQE$u~j+(}#alUDan)(U^DHRZU@
zwE&UGN66^x?pA-bm3Jan>GO6w6&}6ms?u8h+pR9YddAPRfEzzmYfJf=Mj2uOlNyCT
z;U*aFe2Z{NS0xT7z)rz;F9$3SLl+9)0)wtoWmnge528dk_1+CIw&d7s4z?E5o{{Rs
z(Dl6fR$x7xe=8INhV@J%v)4GU@VZnqi~-dd_f)OViIb2{$3!coDdcI3kGX@*eVWbB
z@qoBR<bnI0&EcSCF6FfIH(zg}=0q;Cy@w?x9TskUt{t9VtMyf4^;>1G2<PcP=1-GK
zIQ-{sJlt;k>NfP$!x~}ZjJ<wg`+Ce+6|P%DD{yq3P7l6bV2A3Zb47ka{bSn*8ba88
zSISoUIkP$NV3221Sb@{nQ_eV>`mRmd52c{GTHW8Hyv^SVaaF&rgvVD66@9b-Cj>c~
zgsKyCi9J@gq2*o=3*BIeJ=TK-yh<ouO=~+PK!3@82MRbZt!$$bnz5U>hmI6RJLyeq
zu+bC!KDNp0y@o%}FYa#XJijrm#q<2;k%3F3dg*)|$E(WJ&Srpr96wU<bs*Bf0I~@O
zx;MBEbtXheb&?1e-Kv1|=wK!JYh*>x+4BrJUz47mNu`<77))U?fIlUUEY9p}x(<r~
z$EN9Ryiq!ba~P3}hM6t&2+nz6O0LN;sU0~4SvfoGvXUBSCpdGH9=N#>TnPnuOehg5
zGdSE|6M=fAnFtgIyP~=9=X-#S!%X4{o2L5o&?7eOcd1qL>hOfkURX|w9j|$n@_0?(
zO?bQ}@~RBCAdI|IcED!Gd+7n2ZKMM>o7&t3W-kPj!?Bt+JXt_GPZJUtgp6}B;*pwd
z14n93c>r(1>>H>!Pt$?tY5u9AM;AmmPg7dkzR_V$)I2>-cA_Symz}7&e_VtUHFp}Y
zkmAnXVNcZDuzoj|QtY=UK{`>hke#S$xLt9g<{iM+#LG<@N6*bHemM9<&7rL4frrD^
z_m2W!b5AJob<NvR;45M(K~jQ{`DO_thZxB}6Gg~{7{Ec#ggs5qgeAy1n3E$XCm|;f
z$XQj3$jLF}e6A4RtC5qCbHqD{oJK@Wz|Bz9e0MCI{u;ndV+7pHNebX5oT&QoXc=xk
zc6T`3G&P8uD{8~x=B^2JgN4P-nkaA+);1t73~t^rR)(8zwUFWFz_Af<^Op9Ao41(5
z;^wuVQrukjO#nCVXSg{lOM#o8{UyWA9b+g43R8k{b1m!HHsy+-dQBICpKFdO@l*fi
z#p9;|aFpWb(-c3gkkGBf&wMLr5K8>~2jJ(mH6niI!$Qv7ciwMxXA*_uv3!c3AFKjV
zVWgn}{A@isfS)&6c`};e=e1TS_KT&MMI3#zrxHio=gDyNyKx~nYIlz}dS7HXif>rN
zQRJnEgeEoNaI_b_52G(FXbDv9_B8oDN<4jbL>N4M=MEX3YMRUN^tn4C;OU|^h^LEg
z42!3;KcaYA`*i?M?`C-VO}YY4+tteO)N}{M#?;Bdc-oTnTsv7jAMir(Q}0va=hU+Q
zB7Q&Zq=Mh47X<VBn75+f_jitpir=5RLCNpOkC5SO_pukw??;>rhp%()xeWaNx1nKh
zwaF+MuI6cFxau1j0ap*{5mygg9~M`4uBEtY+aAjAO@kD;djDw|uFe`sG4kmLf^qd8
z*7N8C7t8PS1tq?gzxIE{?{}Y2@cTFNgZce^D;nkZ8-_>6@9*laq@`aBmEor6jtl4a
zADsw?n?K)m8TkF++%UL#|8N;@e%eHan>oWH;AUn^#LY}oSlqnjeTtiFz6#~{3kNE2
zbL*cn+&nOhVqoorVBD-?JwHyk6n<a+s}etruQY<6dy$@QWc1X4*r!`-RRg7}sn9!{
z*Hmc9QzW?IgBs~3UkeQMeIo`lGt5w^P$IFZ<R8aK?9(yybr~%+<ejM<!{Ipgsdh-9
zBgotZisdtGejduCYky~?Ha&5w&3#<hdncj*a6pg0LMp&brTF~J>xj>(jM(0rXsX8t
zOz`-xArgu0LzbE<qVaV~G+uhGgvN$+zBo}2`=~yr&Tp-*D!pN~%EI4b^Gr%i<*F-c
zyRU{co{yWWAbp`+Fztv})uigxPP4^DUzpl?jRlU&2m!6z9uLVUkQ+Id)2rFK&`oP_
z6%CJZ&Vr;GaE8paCFZGFdtNig6pL;xJroUMJ|W>o&44s?5@+Y)a%Tq%8DMf9&{L2Y
z5riU}Y9!r^1IcDI;AXrT?VoUHnwOr6z%J)}5;A$j;d<G%oyESzbmP8?Er3jBoBIgZ
zca1{*QP{elVvpL{f$m;<=$mlWSbS@oFH5n3?}bg<1Z%&rbKqbPoA7uzb|Rd#hXXIB
z#0DFgUI_QH4)zLO=lNXOc0Q(t?F={X%Ei6BSGkuZalo5{TH(!;n&Hl#ln6Wf1)N{G
zx$js*H}|g1fz3U-j&APNeWlG!mnIwo)Wz$^=F%<P`Ce&rL-Wxb+N`<viVNP)Ck`t2
zbM8wQ#&4G4&0i*#Q}COD<@6aH%yRx*-YCn-85|wUIeL|n<&3h)SWc&57tV4re+$QQ
zrryy2%Q+b(%h_)Y!*XiuG90z~69O#fdwT?yvnw7Eb62;pET{5qik1DVLRn776a~u}
zeN@JBCfh0cmE0Z7a)z;<iFeCc&IQ@)a(@c4f4p#k@{lQjoP>Q0;V$0(aYSkV7)2R~
z%>J=V#y=w1KeCm`nHtIdVGOc=SmpMQ+;GUrHEjPl64w4Pl9AI(vVUZSvwvjE?H}i5
z$T=`OlKrCzwSROCZ~u6c**_}7*gtMj+CRK<`^W9f{xL4Z{=s^-jk_fK$M-?@kLMf0
z&s+}Kzh^O4o(!CX^-&-{=AeyVfW7QMtb-Pa6N5vs7MH{O<e#G$&Q30>v{v{MtVxv-
zz3kMl-hHJ>W$(5N&hu$&ke`fo63UwNgcFFWZ0fzXZabj*VZ{+R87svx$>Pa`GlfoA
z+*Qu~Qv5e7tiFNZU<<2yzZHD1<e%@~=+oMcIXb(A*D(o(FUQqx;3^I^vAO%S8m~KE
z4*B`5v|M$1E6kv^F`$YAP3)dTHM$@8Nou{l?<BRs(Ib$iMgEL1LckCGOB%@E43*WD
zo~Si@+d!5o-z5<|@7?!uA03d_5k=XcqE=)5{LPj0KbvlKEqJVKaH<@fY1<>2`-t_$
za4B0kU6$9TuH|%tyl`A=JB~#bc>1LZoy*YSfv4zYdo*)shb=LctWZt<Sz)O|aFN5~
z@WU2|i`B&0$$m`nIg;(*P2W47)hn0+|2P<xi{PX1Zw`)$2Qk>{sy2ha?;H3c`Bu`N
zY(r%0K8bd8-FY;4z#t@!g43HI4^~VINgDO+F{y+Zdw2W)cjFO);-Bw}E*?QI#v>S{
zcm$(79zl=0Sgdy(Lj!~j7>}?Jk!w1{BNWKu5nv3#{G^?_QRO~^<lppfAgx9&<qMrF
z1LF}oU_8PO8jsLKr_VkyNY^SMjy$sFCkG*R=vt-Ka@A=V8|zz-GZR_g`msnD-~#uF
z{!aCN2zl9RS9|T<4$eI^XHaQdt=)6~ANFp)T3o;Atm;i^rEPmyD-Jdp?C#eRLcg-L
zc%7D7E1zb#-JRYNsuHDXt<`BXo!?(>g>CX2`95fFzj#&AF(fTNHyO<L>&yrh<}V&1
zbV>XIp$T?=eBjWSP1cHI3HGF|WF1(=-9*q~CqW0G7QdAo)0GT@*o2Q*gj}Frk~;hd
z$Y~>6?|>Kbedf+eG}71v`=SP76KH(E1;;-_KI1066#vXC@);H9?Gj{~t+#n5bcGaB
zoBD{Z6i*d!pR~GuspZy5)r-4T3#VRbLpWLy<oH<C8zKGP#upHoWTF9*6|vy(Z`{|v
zaq2JNclWP3w-!ndT3zQ`>7J^vr5s4rJ+&#-xD`x~9aD>sIoeVz2Zp}clc0i`d>yQ0
z$$G+&*CSV3x_q}ktx9v9-|G6608TVu9FpS9UH{JA5%a~V{A8)I=wqza8<+K3O=P9#
zu%_)+&iyS-F0;|CR7~Cn1nGQq0A68<-x+VMu7(kuE18V?1Ia&Uf_!dU!Lm<bTC%;=
z?o#;56|8~Fr~IK?d>TbDzcBI-&<%CPEn%xo{3?&bRB>BkzRd%~Z5AARS1+u2z8N~x
zP2@GeA#s9#DLpyCBs&dTSF#7M4n>~H1g=?HvZ6&U)C-GICbN15PsNq-TJrXBdNW3R
z{AP1|p=zeVGTbuCKUFLIB-Fz>E`(6@O9ZLOB-9<QM}dbOTd|&RgG#Siv49z|R25b(
zYkDj^u_;<h%_bsN!ht(B&yDSF=uK!#hN?`XE5?jEK0{klPP@IGU>^5aP-Z95lig8i
zC-Pa-cD+$Pn`(2vm56n!X*PXv;xYt)xHMQVpmZUKg8(C_u4;v+i5o<dMZ4ZqMm%d-
z7Y_hA1MBd48e|KXP+=ijW%@5)ok0+%<g*y4UCqKDydOcI=jJKrl0b~>+?tAUrjK+?
zjC%%z=(}E~V%&EhksVfWmh-gZTlH26E1v;uR>AomWQrbS3LFc={sqHKY}j%b=IVbH
zz5Xc0^@l+W4MBR00HKew<Q*a*x(>vGLFsEXefxT(<WMTt4998;Q?dwcNhWV&jhdBy
zzEf3GsR5&c(Gdsl!q>#Tmrk;10pe<pM5|}A*6NurFcBFJ67hAC<Rfx%tA8W6)S9wU
z=NXRI8vrbbY~$7-ulAdwqfLOH2Fu)m>h(y3b?IkNbUaXNb^kzaMZ@XRHzBDwsNvgc
zh2ann0QYhX-*%DS$}fT?z`?4bELj_RUS}<SA;fzA3D~Lp{90W0Zm#0@z)>B4;87if
z^gg&DNPgUD?^Yq6$q{s1*|i`y{%KQhvk?h6rQZq1%@)tYATaK>xc`LX$|QNQMcGRx
zI8);fqFD8|s=ubkX~2o9cs|Y+#}yxI@umph6OJxOP>B!6{ey)(2&jBh@*0%ff;Zv)
zH~D7c?}b>-17UOtSAX@}1VNl*0<k%xN#oJCpm9Q=al9g6=RMdhI$_SVb}HW+@*dsd
zcOfo=^cD(tlV0yD<fjs#^?4B>6#!z-2Lr@Q09^r~76Uy{Uoi<=zpF>&&KP=ysKgkA
zrL)_ic47`RngkbX>^xMVPyg@9Z_g|0N4zj5y802}<TrW!2tCunuztjmZF{kPL~FHN
zj?>_;X<A9Zs;<B@`Xo8aH)Q-0yZR&xDgM>ot&Yl9CcEc8B43@ixQ-C{Y9o=auCrGB
z+5}{)SQN1IC}8!(4^2-|pqd{dQ04Ibt|U5xE=ZJub2st)y>E#OMYiQeYsFC_N*yJa
z#ByRr*_-jgZWslk)MuDKW><#?gTu&Be!4*+KeZ^ijPg@%pdQ4FT2X%T%~Qxv7kZv>
z@G)7pQXzeB=<yIOF>Z1PhOmPQ1kskRS~Z-h?)n;P)T-fx^NQd4aUV-X^mG}2!pV)g
zL4VrazuLQ>#(Exgv0O<FMC|Dugz@#m3Osf~s*|1v4U5p@YEbt4R!@)PR-Vw^sbZ~?
z<HD6sK#YB@J>{^j7+5TM>b2xIR<WxyJX}EDXROt~31mIjAt*7l2g>0p!k7b<^=SPJ
zoj#!k$_>?ExuG*qZs-ivA8Rn*rA8{V_l-5>TgNqE;=-vm80h;;;@oDadMwo%I_Uh(
z<|!l(ai6XGAzksyKx@TfNJK9`=$ojlgk<+jI!%P6gj3|6X`C$-R0!1BQ{=b6de6gp
z&l5GqR;wk;tu^3s&*O5>OXZQih4M(($s%_dezdZ>M?juFEZB+xmftzO(m57mA8$h|
zu-M!wHuwEnTAl@x)aelxLE)5dZzlTfb6aSv;@tUdP&n0Llq;lDEV^y4--i{KG-O_3
z$}==Hv3foYP5j(OLldt{l;SJH%Ev|`6qT8ykdGfp6@_B}r^4|mDjb`ca9kb`j?1ZV
zT*`#wS|%K?_=^h1tw5T%|0^o)g_Dn$EDn;7fAT~lALn1ReEj(j!SeAB`xWx>zvo_}
ze0;j=MajqBrWYe0A84<XkBgcG$;Z9=gq4peDlqx@@mC|u$2liZK0X&0Rz4p1EERM=
zS|!TI6A7U3#1nG)IN?OFe5_@|9$$s>am=fiPd?7+_aB#!yWD$m@^PR1|6TdG^y%p3
z<F962s(gI#<uLN`S1(5+AKz8jkbG<@Y(zdb7B(Uu`zHj;$8T?=^6@oUGWob@8Wn~0
zSu**!fHj`WRLI9+>9?9}+M=Xr=(j<n-vF*KZg7l#e-)tLUs3w~bdYhwU92!}Obt)G
zce#Uz_f@6Q5bxZJCf+f7gNe6sw}N;dd^8;Kel#rcek2_6PVUqI@xCG=@$R9y7~*|(
zD<$#%L=!~3AMP2JcvC!BOo{iVe<SfMR}jxnDe->lHzeKz)M1JD<4Y(NK3^sh?^P;7
zytfw1iFeL#!Nfb84ck<P#5;ptf3)KIBO4~(-$WqZPu;?Z_j^$g?<X1{-dD)wy~gPG
z*l`y}za69hcj@=$MbXpmgc+Agzq`E<hJGi!5Doo)>7G#fy;`E*^GL6ESqS~sN#r>n
z08}CLTO$Ds1c1|W`h9FOrQi2iWb}L8WJ;=YEi(H33Ty0ZX`Ft8eY&<M?AxUpc-@S6
z15q^r1vkhjxKX6wFo06<zo5tcD<R^!SOtSn@f`swzJpTnrHqRI#i)2%9i`%6Q^@fo
zz6u40kuVMR^e`fs1uEX6m{M^wrQ(xl35-#XQ&MgYL(0hvgIu$W$trm1THT_#GGcD`
zJUCTG$df4{2hwi_Qf?GU`K>!CDTmt75C9;I+(9XMDy8HdoRpF$E3W?#qvXm}O;u3x
z97@R_Y#X5DxiU%)-QKp0lAD2&C(9}MJ@rYHl2e93D7Z+@4RUgB<Y?4_oSYADPRY4Z
z4A~)5DaiRNCQ8nYvenz&M|H&|l$8Iq6iMk?1u1=(lJe?bkd#kjwq~=Elz;dHrO8RJ
zh@|}Izmil!%p5r>FaCv%l}PzqHtetENXj3j*Uwd4-xh|HuL+RyFCvigYBM9{D-@(W
zgo>9Su1*34SwY4PK*rnC^Cso=dxV01w*mV7LLQ^vC<k2t0e^4!e;EP4CYXTt2_oQg
zMf$CEOZ59DIsJZx(eEoI`fU(w4<)Fiha)54uSx{`MMl82kqCJHvtbB$Ha1QQG)@d9
z;PJwbV?zn}M-l-qC%xX4K?IzVmBno&BK<r-Y0ig*ij|-o0Cg%r%FV)6m6Vh}-&dmA
zM&Z~5O0`P@jb>plYn)0NFR1=e>VK;K(SrYE{i70A|7iaItABJ6^^em2j`~N-{=@Z;
zCjS@LKkEPg>K|Qr{iChN)5ZEng^kuf>U#<Gk0Q#yT<>V?7loqq3*ZX-MKZHrYz#=g
z8>!^GFxY-^CYs=kHjf0^FYcM~_XcMSst&ea<Zn{gFS<Q&iS~=4rWa+um~=AfBJ39h
zDy9A6+{qw;_uVVP+Ak;`F#AQ5MUm|nJHJDrceZFiRtmiv=CJ(trJ~UL`*9-lws6RW
z-o@Vq+b?)FtjSUodP_W)&wjD<n*R&?#S8X}vtPV#{Vx-LFTj4GogKaX!Z!X=?H70R
zVZ>h>AC3Lury&j5FDiyKV!v26q!IhYoFT#XiyPNbq4zbj%zjZjmddwF%rg7M&#ZB#
zIXe4=kaU6e3n3}gevvBLFE$6L_-0DQmju}_T(t`O#l6;wUz&v4FYMF8*)N`Z=<l^(
z%%}*mUp)J{!hSL8-b=J!tctxT`^EBO7j3_I`Y*l0e$nIiAaee5hlcGJx0Ob=U&Mcd
zr2M_#!rCv+JVI&mLr;mM{AvOy40=#b$~W!`wqKO9VYfYnr2OLrm(P9?Z~TwhFTT&Z
zNc+XfwEr>!9=-j7D~jHJu`vIV?H9{R!Vqx2BpUn0m9~cL7b;sc_KSVl(bzBE&knX<
z-19Ca<@>Ie*)MJ!MXC0t>t*%}18ZD!{S^(wNB4|I{!W&Hqk9I)-+4^_{w6@VzoC@-
zg<$#nY&7!sKPCss--jmtz4G^lPlDy|10N~m@0Z72qWoQ3mvk}m_t7I4BY*#VO0ST=
zX9__CyLapG!O=Zs@^{JOk>&59+mLA2{}NXI9^|0Z_tS+U(SDEs3Z6na(bjDXmcN^`
zVI>QZXg7KM^2y&rJN;kC-(3b>Wc<f~|1$D@A@Ls%UqJlF=u3|Om=iAkV@_1@ADIow
z-<Hfq<ZokUBl5RDBUt`^`z;p#ag99wV+f1?xJDlT!5YscHZFf_L2r&GzvU6LWIqW`
zZpml#dvAb#@1^v6SrGlcKPvjYYeI1R$N0aOe#fj0iT`+C8UK-Ysqr7R7e&8&9J(0#
zef4oA{r==o5dD5QA-w&hmpuMsRs-=Ln`!*VPhsiz;}5d<kNHyk$B%@5Z@otm|FJnF
z{(}wMG@r(Q%({&6A8r3n;y?ObWc)|+|1SOBJm~`BKSo?~{Kuo=;y)gZD*hw2!T68V
z#^OIx8;k!)4T=AFoyC82mB)W%v-pp$^7s$d*thHdcz(;HYPtXFQ<KtvMeoOT)Oe9c
zqkcM=rnb~ebP+bq3H+5!3#4OG%Q`8kB~#&#IhmpRbiZA_%iirvn%rWrdxrgC@Aieo
zbx>zjZ%8X`+sevoYHoLHzN7QQ@z_<4*;s%btE(S_eh!jX4v5Js*?Oycm$kx2_S^<5
zc{lc?ePl|^O3_P?o$RddGD`OAN{YZ&^f~&9me|#Qg@=S=b_ulON3S)sM0w^=bf_7F
zk8l`&LH?YnWUJ*8vTWR)PEhZVV9rTU<%Q(K#BuW|{R#5lRO&*`iwO2_TlrC1uKS<t
zod|2XLB->rtbA8HKS68l{yoyavoVkc6XNsM0SegoIijbVBT`DmF@p7*B09P8oW3b7
zQVM|_fn(d&t&U)R+wRPxT@I+iBY^~?l^YVH+?YUYqX#jVz`HG2)yM4J>ey+@R=!`H
zl~0e;LS9Yxvye?<;!<iI_ai<Yq8@YMmhtH0M(6pI7V9RMRAh5yqG#M=@sIDenYpgv
zig1jj4Kg~M3kiLc)syICQ*VWXm4SXTuXkVa>XUZ*T0l*St5ocWg@%q-_#dPfw=4YJ
z3lsl_dIq;v`2B%AxJndl$Aiy%qT+l7eNqjS=<s!x*K5b~6^vZUHl1sRT0CEYBkN77
zW(O%Z2S0Q|KO3K>x4YB(!7<9QTy+{eQdK&iX2>9o2H)DGV^+EkeA5)?x%~hnX^UN5
zVeNKSs%K#N!`iJD)9uPhLp+o-$aeQh$adQjKnBuhyVDc&SWkqO0jbWw%Mq!@kVd);
z^lq6i{Bx03ioWn;kiK_2-{*$g`QbOf4h1p2^_6@5w9Q7^2+oj=Tk%&6yzP$zoAZ$9
z8=oC0eNb+#5D3ZJOqPs<OeH5|Tj1!^l6FAyK9=0$^7;om!Vj|&34#nI^zS=%q_aMd
z#+PXi2`G^2)kjbNmIdk`^#5A)XWwwUB7bif(TmWfJxor?4tIe7ifk=+L-X(iY{wWj
zp82==K?GSd^}12zx>hk<^&os({2+rn(@+_y9zmn@G{4J#gr0iuX^5WwD@uBLJ1fy*
zqa|7*(bb0(boIx4IbF@a2kGkI#^`FX48IztuQ&YvfWAJjpszi;{tfi?!?*Uy=qprb
zr1X_0TSAQ5*S}l+RT)WsU)P}hZ}nFb`f9eOY}dKIk{oJt`z5Q2et}HVq!V~5FTog{
zKGvdZrO}YBNJ!6c5SNZ`A+)x+NNdSMO~cg7bd3QD2Lq6a0Aw2ogozS|zM$IkLY$Rm
zRT{jr2nJ*XNOMcbR_!~9+;#B)*=h*cJbb&S2SeavTm{kJ2&v>`<a3t+NCLE7cJk@$
zK}jdbV~x{GE-H?a?a^3qAG-UHe>M#f!tHwaB0g5TiepR#ickfftK9@p@LcWWxn{8E
zibt2|iq{iTEv(3Dqw>BVO0=KM3eCN~AbB;H((7bGuiySsq}MakkzOY^NUv|{a5?C;
zPJg>W*J?0%2!l+d*Q9GTh&+Np>=E1sPoU(j%r=ViJqfkQrKUBVVQ?xvd1tB$ccic+
z8BgAUpTfqmc=8V2P>_>b&{D0E4j~y=sfcH6;5@kRe+A<aI}dK4KHBr(e$_=d53aH6
zy&%8dc3rgBb4I!z(MS3Vb2C)J)t*@LP@C9xWvK3u0lEA!x~Iwm`SJk24&YBNMEJxY
zc>i{nzcq|t@&Uk?0(>QfKff~+J~jwG58(en;lGIj-URRk6#lK9!RwC=S${2&;Dnnf
zd~p=;n*lzS!jFvteks83;t{@22z;{;_(Fhxg~BI9F@G|^Powa^d>st034zxFd>V!S
zGz30${=Ksad>ab?bQJJq0RQt72tO&@dMehn0DOC;mJBs+u9Wj5ynh(~3LW1kit8l<
z{4@%m5Cyyz;L|AlFFT^R|Ht6|Dg38F@Prn64<)I*>9=U9zV4o(<vdL`Z3C4)9=LUN
z7M3|fQkG@ps<X^E&OIZ!Ix7{vD(+uAPl<Eyvbs-UP!3M$U=#8WYg22g)Q(nG&ulH{
zI$Y1Ws<gt$eHxYBGn?o?<Mo#6O!0z*UuPPv)tPuj(wFR-X;wMflA%QAo<{z)n>_cN
zU#Q*C3=YGBk+>jw1QgK0zzIy=%Hnu1mI13x&Wfl0kAy4mJhPfCt=iF)^UTx=lgUCj
z*G!WNf13o)r*vvO2u+3Kss--nJy;(hm3#(`zcFaM9macR>V=J&c+D~1FH@0F3$bjH
zbBFf$WzP@gDR_M6I9IhE>dww2FE4XhJk*`G@Y!av8dJLGAvIxju|(dt__t-0)THYE
zy=nF}HqRrq93NXo1iEyspVOsRa(uFIy%wIx+2V5NE?-R2F|no@<DYObEIN74HJd)$
z=_Xh?dA6<QkZ1cs1-${QXC$m916EVyipPR}@FJaBk;A}oWa0~jQ#NU{cjjIqXvm1P
zp~cHHq1H*0=i!5I@h|eBGc*<H-!OLP!qtz*tKfCdrVsLI^=W@inpW+M8AGoG&vN@7
zO|U*Vf*~NmKO$Ze{NtyXOO82`33iz>l73lY<#ja`YJ0&iw|i^{<E^^%?Hr%Pk8Jxn
zI#1jcR`*^Z`EWDxTsNkt{Oa5>-r}0wN#!sSoWuKnG(+{VYVDt0KT?xFAbYvL6G~r>
zN6!J4Y;DRA4s6Xw>hXv<D15t5Z1y%A8>b4|FDO2<`|ey75A`v12EJSkkBe8u;72O`
zm`gv((WjDTvK7oU+tozq&L(2jS60`?cyf0(UHSnyw(~Y?#gSMdoXVe1Hs7y@P~8O#
z2UV`kYTak$9!<FmM94VO0xlAJ%5mp+oCgZV!-=YrwB@y|*D!e`rQVTFkw&l)In5G+
zI=g2P)Vcd}1?n_=grH9Uc^7~>sk=3*fc%5|!BwRf+)u+CnOYFYtnR^NM4DEoPcvC`
z`oSh38APzkHi>fw;RnILZjS)|_3s29e3Q<P0RCyc1)pj_e`e&WWDAljO7!%E=ouN&
zBXeh&$!9A0<j7|p`OGJuQ^{u$=l&22qPss_LO+(lM|Js$C!mJ%f;HGkE7ZCdl*4LT
zEdU2a^@6=B`d_8;{9HI05o#=-XUqD1vyzIowxWGoB%``-$pa$-vBix=Ud9qN1c_*R
zVp~gfdSW6aqmvR%7S|l3%AvD*W*C4FPWYr5kXt*1;UTygpi&7`GL7tWv>~8o@?y6p
zt5NhU`K+1B>Y0?ti5K8tL>?KDtAZlPCP#ZRf+Hh*$smUw7lwU?*8p#&5k}_YuzVOc
zl?*FX;WhHfh^8rYL^m=5zzwjjBJn~+cK2IY+uh>&94Q8lD<b2%rO>r`3C)Ey=m8R5
zgq_FtVX3LoI1Cp4C9E{$p?xL$ogMIW!*usa*UzzmX2(OWb1`$;KuD$QNG(^ei)*@v
zb3dl?T}{@8l4#OSviCpz_&dMF{Q~+>tvoG(@7`ziET9b(5nP9B;o^iMpRjsZ5G0w@
zbuO0E*=o6pLovcPQ@Y{JYGKjKaO`UMNUhnVahNjr56f`TFJK>`_)e3RM}#Vi)s?`6
zUN|e&;{M&@Ivgv5bL_Ra>SN}#X7^z&*p2tm*LRI5P$%t7cmE-r`sh1<hWq`*GIk%!
z@R9sUZiKc_R3<k93leXnjNJ&iMBq-Ekvoyr1~~Tl8sy2p3(I-~X)8`#gEQhjU=ZsV
z#B2t!jzW|NAj%oUSOx*VE&SL-eNCm-X-q1IHrPrvm3qgGWVt&K{<zTZX0^(9C282q
z8us^5t7O2=U34raF!Q(%E#xPLA}9}rhB{VO_%j~<OoTsE;g6I2!5ZFz(Rt1f^2NH?
zD^%Fnmv97)qb(wkYfi1o*_05mT48fC4GbU@EIB;H>j(k<&bQ2J7J0aVeKQJs**BB$
zJNsr9UUkrG_aoO<$fLr(E7k14$0hryydqRzsiwlnfMhC+Oea0EdaWpb*vO9ObCNyx
zGf{)-D_cvB&At{S4J#kVBn`qvt3c9NViF~d@4Uz1aeJl_8lB5#pz}90-h5AB{AxNr
zpU*A~9e;KB@y2P=c;CZha1qY~g@}6mnykS1-h7(AOzUXF@t**u2z}<`$se7eS?|!3
zX22L>atk#yYt}#_VYy7Q3SW<nGEI)pLi47!Osy;VF&0SKY(kD(5C&=>4AUU&`JfrJ
zB~zwK=<ZCQy+dwNtAvDg*p*AW2!WjmM0P%O{qZ4o71Az3NoN8z{RFypW7m30FQJ#v
z%b7qkk3sJ`(rf3}QyNLov3CZ)YAKSBW6s`oe$_JU*rd@FS3oPjz6?A4x)S*9%_dYN
z!(C@_{TfR~IJR-T3#s4+*P+-ljV|LKFc(yCQt2{y2+rg@pDe-G`wH|7^7Obq#j9Ib
z17RATMMxZp#6(C9=l-)yLtf4|&X%qNv9^Luwx&dqy49z(@R~#mL|gD{1N608!!6}J
z{T?U8=?`ncw@8a-KhRAjzk!m0V6Jl?x44L41O}(YFr0TSQ>?d4w%)hsdY94lmeKXz
z2J4+b*IRaB>s=<TcavhhdvLwm?(asZ(1UtHWC!Ys?^h%JS39pEe`B0>AiYi}`K#5H
zyhwS2URUx3yn`Dsl4LDVR#&!O4Q1%as!`zJhiPjz5JcMx@iKSzjE7+{j`s-kItm@b
zpx4QvHvx1n3axSQ1iG9;YZ!F79Qs{=R#RxLuDAd_&bV>NKuoA0;%EzDj*BkZ+0pkH
zdZYz=FQ7!O&FpR*<8AyaJCJ3s!jF<)bjA4gT#peEvz^sL_#T8i5Y#<%)bAJS-Um5k
z7DziIK*+prJP|VYP6q+eNkyc#P!nI2kl?7^-@eqqwTzAy7Jfd^dAAGxHl3)K1XEpb
zVZ0FeRMzYLCz%lM2KdugJ@JNi&>J#3|K)p~l6u#HdN_{>wmoilT}g}ce!sUJ`IA&r
zrb*R3UFG(IBSbG0zWW`ueR6!f*Bb^POAb(kR?S0X_SVAe9`yC<ilH{Q*H9nmDxh6t
z6Mq6-H^{oU9^#8z30;Fo*Laz{e8+>RuMK?=^|fISD)hAxG#mqtd;pmewKao~Ipv(+
zH8Yw1Gz)u9o+3YU=}%7Bj6VzM&wSw{`1uLWhAl<H8>EF%kur_5CqzAwXSyV?SIabx
z8>?MqD*7Kk5jIR$XK$~C;9<3EDQlO2ox9i+%L354;<jviIczrmJ(NiZW)rT!bHE!Q
z%B^I}?5m{^Jt!Y2%QLmQ<8W8D^W7nV45Bl}I5NqM>mtl}g#^A|6+EM_h1A(W&4fQ#
zU3sIcdoyG%c%x)>T_uq3DNbq~2_jR=QL}BAAn`LTJU~$!VU7{dy9o%@x`ol3!Njpq
zPZ%A>Q++)gWA0v3$z$%&tLN(f0quKL(ML&O|9{fH6^g#s;Hs&$`1Yz(A%IO)MW3mz
zq>SLD*Gv9{0(f_ZZKkBMr62a0KRE2lTu;NUS_qpvwNrV!)dvII%>Y^oZvep15P*dY
zKqt%xfXB$sC9?g1>ipP;z>Fd7gsmq|`T2>a)Z$~h;=5xQ{#kAOG_K*-J2Ex`@{N>0
zvNa6((#UkV4P)NbA=Ak)?`jRhJXlv=!|MX39Tx2Z>+;1iw1ai!H@vROkm+RWs*GjW
z3hOFtcwNtiTbEI>E}l+j#C1(=cwGezt*d}el<MHfL`C5yx=Mn*C3IcI$BNqe@+62J
zFkA7lM}UOPZIpz>G_)`^nd;0YRXo{d#Xyb7ce3FfgUQUL5oW$d8oV)t+>znrYR(S6
zF%l4D*U@Gqc}p5y?-L=j%GS%%*$Da}LBg=)ez#y7+1ZX(RjyZ&Dj^wH(Hm0fRE|#L
zt6i^Af`vQ*wAv~cNN#H8xK&cHrIktwrprZ2bhRRCxGRllKAD4kCPiN&?b}29ZdCMj
zr+uH$zTS$yp0w{J+IOp>?<U&kqJ8}oeaW<M0`0RX`ufwpY}%Kp=o>`)deOdYMPC-}
zYm*ZpO)(M`e(4;craznuONFb#Hd89>hjIPShaGoq*k;(Ax{|v<N_sK;xcTA75#n09
z9)|hD4->*RQ#{s{^Z^;jSr>NXxVm5-FySxC1LB0o+Y%m-_g65$GYlYJxElcGhX8!W
z0JK6X0IUiD@G*d<LRSFzJ_Mi*3qfus)VG1$zK{@P3j=5_`~U#GLjdk)013jU05CcP
zVCgxLS^f(E+#vv8pA(toqX4iW1R(Cb$Sm&wfHMSuo)^X#<xLML?ESBLPlek1fBHOv
zy<gO?WmbPZYEE5{O-^x7N=(S$A2bsERJVA83SzfVVR{xdB-f$y9N)~wKO$IN{yDnE
z=@_}uoa<h}xhh)PQqJlYCaD1dnh|;ylU`b+=J?(=_g_}`Mxo2tZYrDmK(<HIj}WvN
zWWZ07iPwdjxLN4LXArYmhfZ8MMlrGc4i^2a!bBAVX0KZ-evM5!Ci(MtJif14O@*5C
z*t*9P?eYtbZzWsC9IIjpvu>+Wbqc=x_ck!OR|x}f5#)jXXmkGzCwh^UaF9lka?JUR
z?=I1C&$%mvpI0|mu`XT7bn@nXsiK7ux*e;UGtC5|hQ0gn__?3f$FS}Zq+9Wlu7H3)
z{=wvuV~&1y&unu>(l2PgiRi!4s3iYQ(N_Wg4VfdC`G2?u{Xb0t<CB%+3)%Sm2FJ$*
z#@Bu+AHNE?IGG}YOi@Ip2#Q~dG+%sRzB1W-Jb6fzpq8ja3&2Y_&m!QyH5Ej``$z@0
zOthrH&iepos<QI)fp0=GQFlxxnh(6Pq+GZ78cc9G!=~2gN|vfc>ia88ilJvYw!%=b
z+92(isrdZJ9-nIii$3{9GrGLuyUD90Fgp+?_4B3ynC%2cw(ycH0_i#!OBTH-n|!r<
z*26tm++Sq?g3m?#PKlkK&&EKMl<QC}8A_hpp4$r&R&t)H>MB((H}5O}Pa_*-b7>ss
zud@0#5xQU}5AbvEDMY=^?l0zkF}Jim2H^Rt$O!*HT-Wq%zF$DcC)mH_)#fVSKUjv(
z{(4x@>t(p0O|tdeH2p62Xz}QTgSBV_`id*itgv}ztE=Mjxc<1Bj-=mGs)L9%IMSfr
zMmABocRnts!o7hk$5PsXgODx)(Vs47^YpE_96>|YLe}Jan$VVViMGVp_<XXd&lB46
zEN=c-TX)!`WMd!DEd;lQr7Hd&t7lG3M(G5)yAKKXkLsqftB+V+)iL;zi#tQgOiEwf
z{HFks3Ks1}@{*+{W2cIb@(%K_OZA+;95bO9LKGiI+XHoT+Q8SpFUU4>#lScW?@3Uh
zX;qlKvN@Q>>2+TrqkZ$q#O`gWbGOY+Ej4o$zr{l^wfHu^p3eIYp&zndh<OEvddCpV
zh)n;_=?sgh<8(1~oGzx0)5X+rx)>a%>HGvjWPZ^t+J?_8%}}OxUI)e*K2>m6xVETu
zpKb9ZY;jdsE4*=>y27ek{gqYyl^6Dz#dTiojE9<W2Ym(U?!)sAlZQ74f3x!#X6=Z#
z@##Bs96ylb=LnqotZO@&(eLT!cU4;}j>p+~m7QG4rmnEKHmfsqpOt5MH02goxz$o3
zkn5c#Jy5obOWEyQW2xDwwz|J^T+5L;<Hbd8aD73h-05k%(*^k=WYE{JPWM-wC(Udt
zn3il;pW^szGX!3_s+mu?77m5D#aeMVHY30<viW|!gse{B58fE!58g=q!M}q)IE^Fo
z=F)k&(0O~Zd2zn#oG9kYC-W83`SKf?FYB%-<}0!lpu$9_EDD{nFPn0FkUzYa5Z|xy
z`O#!8yuGy<b?u-v%Hpm9cUzezU6=758m_6OSeU;Rl2Lj1?*77cC>E$2wJY1y2kh#4
zaJ8#<Q%lr9$50ei?x*tgKPXuz)bKNvC_5jKNPTlgnH^Vh1up8O+N|b+z4(Nld4{#6
z{`;T}IqTnGtaMSi=fHV}P~n3C{8f}=PeyaDYhBc12#ZOhW6Gl*qtz964493DjWZ*K
zC?GUpE2kmlkFYEoHC+)Rrx$*F6}*EREsO|Q7!|NEGGJkJz`_UtA#x^r!4$Jyebfeq
zRV$xkg1C0qCcqmaItfsXvJXgD8A*QJ-?#I#`m2Ozk4Hq9YJxCz&b`z;>lu}5a~~Gs
zU(`gr8OC)9ue}}wqckwS%JWB3>K)wzK@h^i-~4_WjV(q=JpZfTABgut-x3c&5jo^v
zrk2mr^Mm#796dy%>N5>GeU3rbDhuOK$!|0HZHABr@|%3m<j8LhLL10$@;x)3{LY6E
z2lAVI&nzOpiy+j2{3hS$!!FS27vo2(1@vPPZA6wx`j*i?`mu;M&R;|O*3d@!LE|I%
z`G_<0#9q$5h<?y$3H|)dblhf@6gxqNqx6BMe10(+^wEv$Mm`oM{=+>A<3AoBh4CM*
zQ7r!Bc}4uk>*3-*AYKaN_aV6LOdz;z)awlew>|QnM#ZP;E#wVYsx#ZdM1<jJlFEGv
z96!wfUfZ<>a7t$y;LLUM$@20<{YVyHw)H*OzGDn<jBP8B3ns-fSMIb<ZB%2>&AZ}L
z8d>%-`DF3K@+qDmQ`pFLfh6i7UZQ&}jhjg7gs1q3cy(1L>Kh)-rW;B=$1kbL(yJY9
zatUWM2q&%rpD5?KH&N?|U8Al{DzAiiY;<daV-24bKTcm$8SiLUQ>k|Lsi}-{PQ=PZ
zd}g9ME3xTaL|36s7rbSsx)LL%*rW3fc$aJ(I4^q+x=#7&25=;`7UHfJqx{H>j#a)6
zu)v2pz<v0w?kofAc!tk3y0eVrg3iUhe=rw}_ddVUzj1H``ZxBCK>x=65eokXJU{*}
zatmrlYjSS}eCgG~%_z^Dsi}-}XhrO(&Z5?G@~GvZP1WLeukjsCK;KOpqc9A=zfa*J
zd5!$!(@bTtj<#j+;`o{QLekY>k;g25nORGrAg^DeQ3dPABZmcP#WBv#=t;aD*-nZS
zxt5FeFbhB3i1P0S!93)g9}U5~Nn;{woJkwi4k89lH-OL|8xZL0*Ef^Y1;?7;0Jw2?
zdRyEar&6AOMV@aIA{)Mfc*jkEMZL+LB;orVLSBKjAk!#gf=%3HQWT@A;I-fC%So#7
zWn*3n!PxcW5r#^5o<3Tl0swBV#&@c5bm9uK62s3*XnI@mh4y+b#2yh$uRpB|rq}z<
zUo5>QI0^WgGz{t2^}~>U-7t*OuUDRt)2}8k%IR07@_FM?;|TWS3zTqqvh)m;zg=Hb
z5$k9VC41xehYjv&hMI~P_}axit&3Y5pm9J<BpUb3Dm1Ag%3I-e|0J}gTSQoSpo=Wt
zF_%#yf);{mwT4Be)O;w$pA5tP)?`ImTxPYf52gm>ezF}UNLwf{tEZ5uXPYFBA8c^v
z7|LL=gS)tMx-`v_h)XbCIs7(czhJ(Gp@nrQ?*BnUasQ_cRqTI4?_zO_8-lkuozk2A
zwj#bY%zjfl+u^QDly=%p;!ZQLO;u&bO%>z#o-}r0jjaZs^Glm)YnaVco)o8wX76Od
zBT67Vr%h5#S&Xy0&yrLFXzZQxG<mcIIR=jG2oAPHpDpvM5Y>N=BhL|bL6^w8z-xY*
z#b*+nzlFtveg*NM^rf^XFD2drZzUVv3ViM2&hFAQO&@gx=zzC^=~+Yjh2w#PlG`C1
zfOAXx<^EjUFZbl)eksVM`(@fw^8GU6rAvtSWReey_awh)Ovs1p=r1b4U_@FV78GUo
z>IDZ>^uO@&LMAxU5~Aq+Y?-V69U^GV32Z|Bn-Kn)K_rbVz14FU3;xV%YpKp+p`Q~>
z7T04&6$EEG4N#+2hth+v_8%+&bOywKW|;|ODuJZYpGJtVbV3Bu_LfvqSnv-TVQH{>
zrmzUmERKxHBV%&u>=2c7q9qOF%#&t^pwFy)0y&jH7Gl7o9%qM0r6GDcdv`XwmJDEF
zpIJqA_Zu|m^E2F*cnt_(>Y<~9PCbR!uzFUbV#Zzx8MTa#!k7S?yH6sF`~Y8<r`;Sq
zUEqgLK@`bL@Y?A0@C}l|>*(M$c*%}rU>O})qo>bp_EYT6J}hTfEvEx_(1DwAppFbI
zXVmcgV&IS^@cL<F<7a!Z=dkd2Q_x*#1R|k2F(@JGto#QD5a5V#uq6nIh%!NGa8^kC
zIwLHzo%8!*K|Li)+tpO9Vn2=xhov8UzeFKVEB%5P9B)%K3pSji6@v|*(Tc%_H)v6+
z5`Ny-1vFpZxA12l8*CI3SocQK4f1NJyxD1m2J~XMFJV!Ocp`hg2e%-JpZn_QlX+Ly
zMohI3xBnDa8KL-l-k~Ds_IDsxLO~BOo^b&dK_@KYK{7`e|9}|JXy9{<7ZA_5tZN`1
z@tg|d5zTyda@6sRbN#^k>G)4n4a7r6if2p-#3RlQ35JxdKf?IjQ_}T)0~(5l>>1(y
zuavH@h;6ia(9_FfV4vp!GTR~L^SsXHc~qKDFU@zNCrDpO<u><U#ao=;`rfKZ)5l;e
zB_M?G<ii+Z`ScpK@2T-Y?~ig98$U;DK}+;=YB6fEtr#^)wq@7mYL)QYqHw{JZJUv<
z?Tf+%Pg<et{YBw|C)dM-|6CLycybL4oJo6;zBoErJv1Vbnu`cbmjnVcio&dsU?>^+
zgi(_+fVqjnP>MlFBF5XXI6I+=ZzjeC#yV^$ew(cPTG&&va6jZJVn`lTp%)&EW8r=V
z_K?XSq#s0!x<Xj<kTUG;I{7;$dwOa!jAerXGBC$?;h8m9mlnNB^fe-=*!h7h$ZZ@L
zH6{mw&Af%6eJS+uBrD2a*IQBky1^PneA)c1r{wWvGqx&}r^2m@__8~;2FI6WVGF*p
z*$JX)uQxWXks9IU2v=a^W~mY1Mj?03Pi=Rxj<NVM(g{&Rt9h8<2QdK4IV?;7Pb*(%
zvD=C-DnZ;0(^L`Sul6lhMlTHM1*NO536!o%4DY&kzUEu4bjeQgi!Rx!(`{AWJN*#9
zB;}q7FWVFvYU{6P=n~v7D5RXQtS!zwz|p)aZ8%wMu1cj;P2&+Y?iBS?`pesKISSvw
z@=k8B*z6c)<)5WC&LBVPq}UKY>K(BW9JDhBDEz1y{A^=Ji613_bh~G~At*n}$|oeE
zL+;q^9-B8FJvr1N$6S@5=5|;E4!KPkDaW1LIWi!fe<Ybq>PWMB?l$9uQOqY(o2yrc
z%$F<9$3;7z%mF$hbiP7yzWiwClQ~4M3z_dD*iJBIDw(oK=1+(`pUgqJXH{T6x(#f6
zpF|6dIxjiqyunup4UAZUjX~xOeI5pjppJod4+gF`>K~T5Ci7M){IhFRqJNeKwu6hd
zasRB$jj5H*m%+cj86V9rx<v~>%<-%OnqjT@1)cO{KD$cv&6C--2KnX(D1Gz2s#HUR
zQMyVf>x*7_g3<#54*8?bSA8A9)z*wIOc=UEbjTldy5X&H{3BHT)QNeqcZN$;RCapD
zTunWAq9gy!Ma@;RO{6RN5F%}A&inmRzQ35y7=><1^n8P@V1^OYwlE%>!Jb4sPCnrO
zMSsnxs~XH-JWAx9*bLBd!5KC)nI=e@LlY!Zqy$N2e&ns-v2G+k68vE^bLrGv=+r&g
z)HvUVeHzcV1b^7fLONf5BlA@sjbeR8wgO~&bjqU8Df<S}Lxb-BjIr_cq63UvVySou
z9;5$4u5vTGO5pwV5IUHmn7@q9zebwBEZqDw+JRle*K-NAYzWV|B6(cs6?Daqv&BSh
zKzXf9?Q8`G6vvCc?g9H<MDvNR_+j9$5ltxGVWgYqF-bzb4PqX)pu|UgX1t#BJnVO!
z1!uG0`<M!xjhij=4uH4W<{7L{V)in-XGkrP_sG-OVdq=p|3d}4`%BWW*RI}eaeV<E
z=ABudwmU7Z4OUCVZ*g|MGyXqDu&aNxxV{8{{aKza`z@|Y0^o}y<46yo2r*FV$eL2?
z{3n<LZzR_tbgN#=>C!iIygHJ{oZJn0(2yt<>lj(4c3e;19cAMO2^%M(gH<3PVFvlD
z$iqz(1)${*MD_p%+?#>)<mK};P`@zP{(3st{<`wyf2qH$jP{kOBpVXxqmA>+X<xZY
zvM7;0iYU~S#4kQTA@P?RKL{lKwFvquMSEvOf3$~v+#l^>pY&(`uQ_siSjK#6XkrFW
z$!-OPwJc+G7Rq?ztFwAA4_nZAc|rcMGbIiA$L?4f;vd7Hj94P`5@8==KgQR_N&Yd`
zZiM#1wB5+3nJiFH=fkuf<H?sE5&dVLrC^L88ib}UPKAZ}h(uj`K90H09(<V@7!>ve
z*?7A+ej^zJs}MdpA4kp8f7Z7~W5x9_hr%9Al~=01b#?SalkiZKd!|xP|00#>>3>GW
zV%)VB-P+6>OVe(YD`-ua%&$<t&=lP6ISu618v@$kOaoH|onwRv<T0Ukv4p@F11VoK
zjUr5rkVauNlx$h}Op`m!ME&v;p@A%?M`>CQ8isHeq*UDF52O$^VOP)<Uk{;wOU3qM
zXT({%KzrE|f`2ReqQ1AhFY0@*^i}%XSbbMLdVFGa#U2&p>8c^PeuhERuX2fg)spjA
zgp!>QTwhD$$DdXO2bY6Sr>)N}K`h6~VjO+RWX5olb!4E<f}kk%reepOn#wMY78Lc_
zK9G3@m}ldbXCxgB3#pOk)PF@c(9=foLuv_OcRy6?8%f)r#P<6G?S<7AroUOJ{-%aC
z>q<Cyg7ZQ<y$_I%kC|pSq_$)y(cN{6Pm0+qfRl%hv;`}j_s9A$kgY{E5FkHgkahJm
zK37&xgKlZ6oN1f`5RG$b(8}`?0{@~CLsjZk^3Xv8R`sowiep&#=_aJ$e+gUqob%I|
zFtuZil^<yciEXP<g~YZ&2&|<lzI9M+o5w7VZ6oM79)k}@8bjvX7&_-Wbk0sebEYWf
z)KXN&csWeDhmAo-nJlGQY6hd%6~~A$PcoPr35;2U2}IBd^}!KzQlXH89jN3DiYLU*
zCAq}dIdWf%z^-yNwR>U=E<orc2(rrQ05O6>0Il3Glg7_w2bxy1rm=o_*|`6r5r<|F
z45;er&?8N1msCzZW1K0zam=gK@ll9TAe<r)_Y)?nZZqe{fsX5l>~ECG2Ba$zu*T7u
z$Xg~!-b&aquL1=sgmM2-;f-+}jH&oN)^#|BQ*RUfRHcsqYl{$1b1qmuxc#pSmk$P`
zj6i56pJQ@oncRa-y0uw7bZZCqD9!0nnn}K8-AI1jSekQVY37ZUO8eJ8Z$W<i)Gf%5
z|8WcD$Gc|8`SHz<N2tdX?4GL5qQ?MKXXOJ_rA!}F^5mcAHN=xQErEhe<Mnp;Y^flV
zwK~%XpN!esJr9~$jiw$1q#tw<@Ki7vIoflcX<&A};w-JYFyfJBVnHX40Of(T4huPP
z1Q3j{@1KQyV>koTGfZ!DA0eWhpzj;6veaan0>Lu*V3zDy3wl6iKA%=d)=?-)fR$L@
z>A2AGPwFojQiuCT=)R!~t^9OE7{Hp^lO`%Z=L**o;fQ*nr~Z@GN9b@sMS1#_XDCk}
z`A^Y5&Ey-gI+OFp43$te600*!NattfLMopH_Qkape>K);+D<g(*=F!?%v}x!Zs$>7
z|G@i)&NkWnta`uIzg-wdA%639u1Pbg9W5~KW5wHO7uT+#F*21&<)V0#9??EtsZxb8
zf-gQp9`YA6!WqH)kcTR)o`Gg&6IwQ}L4w>GmO!M2d@vc06>fZ+B^kyO38B!PR!EEc
z%+xoX2xV}`_aKksjucsqpXM@~a%8*l$VD3TA`Pg42cMRY!qJPq<pEoAG9*)h)L{v+
zA6MLj^2EnCp*-=)P2uZF?YcEyMIP!vhYoj6nwhIkOGWM-A(rN059kwN>PaQDd;oKU
z`2aF=q3|z7K7k4Et_||ffiyqCInw(NBu=rq`As0?zF=e_=OOe<W#H!h1vjF@9C^;Y
zqg2iLD>(ONd^;8JX23qyJ8-o}|Aj9RvK|JptcPgqSw~_6`49h!SpTZz`V7^_0s#fB
z+bGt*8hJtWuUf$#+~M9$W4@DU1bzj%Pa5;RK{ww3lFpAT3cs1NxytLSXZ9t9y_mjP
z@1qw`F{@#NP_k$eQQAX})JAI$3N;4hc>2tSsr$>UEg|)|UTe%ALJjY+4lBO)tB@|d
z^LE5hRWuQaaLcs9$PvOlqzGZT!Ef}#8dc<YrheZA^UFui$@yiNdR^afq4l~zzu>b8
z9~lg4hEAVmhU#4qd_Yv}R@p?gPUE13LykdOIHLLyIy5*RC_m@UM(WQGMh@W4E)?TP
zK)-mW7xL4Uy^x>2*^Ba1*Hk$_y=GQJ`YriKgi~OwS;^cw;HT93nKhhp-PEeAT&7Ql
z)px6BHpE-+cQ>l<PWOh_cgN9oqPAgdAhhG*N13$UMB2@)9gidJN!!h&J(;y9LwkGL
zo=mu_-Y9X`R3O1K|3vPZO5Xr^_<UL(S!y2TIZJ}{;r?!>55Iqm>BDc*FD79*{bCmW
zNxviuOW+GXCRGYv)&0cy?Aqh4nFfCJN$TqVg?x(od%(ZHh`=fLPfeEINaImch4RAC
zcvJ;{<oHq4IeHp1p7x+i6;kmhh?Q0{kv88;)$;k0R#PTvHD9R2)TpEMTdJ<4y_zMR
zc7%hOI%CR|QWeLGz5qp1z89D({z3#*TvxIf;NBNR#raXxV5XY_wO3}EB-q&iTS{Sx
z%%4YL%>-7<V9gTjWPlw@VTp!v3x!Q4uzCiYEWwTiSTlt+>WbT9Wd6)l0*^I_TM55R
zV0Vw2j;}qSPU;Ed-l??xHyQ~>8aT*j2Z6!nPP5U3bVpa3jPA6vtnv{o@f*PM+-Z4o
zvqy9?MC<t)RJ3wS({fo(`kQ33;qJ8IbZ+OXz7<fs-gThf#wUyKzC;6h(s-FIBjt!_
z%Qy|Gz{6#gQm#BAzLj5~>podm>=E%L?1HZ8vM%AU_{=vz*8*AB*2Cf>eh0di(&&Gs
zd}F<V#wXrD;}dUaz+N(tD2D2&?IkNilJTj%WP}6(De+)0NsDAJxk3V+6*jY<b)LgT
zX>d`dh8Hy~%%Zf4MQy^#u%5&WbHj_erlCc>sHWxOU{T2pFY0_4%aV~SDp7)%fRh<9
zNIaDViRZ?!An|gHAm!kFovB3hZw(wo$y!3KNGBc-wIUVhFkc_cDU!v=+ZM?gbf?qq
zs}<c{rS5BJcTYw4^-^~n?M_j2-z;?>X^GwGitbb>xf9-CRShWJ1S+$H+N^%B3)f6u
zD|u<KAq&C}vxRLY4_;T|f?-R-8Mq8}Ed3o`%KmStfh)Ey3}jyhnE;UQFvx4eLEgb2
zTL9z&2ALiXa#o$p5O*hooDdH3`8t^)?j{CVQm4>&Wbqm58{$>S@HI|70C+%$zpZbS
zW_HcwRC9E`_SI?001ZDed?QsDwi1G3^6Ae!A$_G7%@OOkQi|!ADtz^)pGG3X&mzG-
z8p-^5N4siQsfzx`RlDZ0uZ);CCrt}kQxx$Zb3@`kLhOr#1-VpW$%(BJr-h<OVx5NW
zYOz{~u4JTIOqz44MV`G?N@DI1!}xPjjL62*V#IPNx)M)}+)%k9Mro)FYmj^?Cd7ES
zFb0i>&4P@F=Q{@(ByWmjkenPk=jfQQM$R(DoP^bSk<}7io*Gn>jc8D152|>NnBMyn
z+-Skz;Vie;$Z~siu30gdOfBa3vZq?SQXKdZ9hk=knxuh+%7K(MLLDS>ho+D_d|MrI
zhtI3=4todPVO6Iflj}`%PIJhdGehSrq;uXDH0Q&eg3_M7btnL(iizts_gT<>Z(E2d
zo`5j!?REHIZS2AJ+OA^uRl>_Z!{H;7LzdJmbV*R<fh=ig(2{=YC@qO0WAU^)_RRCt
z)NY(R-clW3s<xD7#SpmIfaQ2pNba?yV!xpd#B6|F_{=1k<@jBQ*LbupP=5g+zLg*d
zIz0~%Z!w5C2Jzk`nQi%1fSAN;IK(rECnw2ryB7k)zZpa`1~G*~i1)exV00+kH;@9Z
zn}2T|H3u{ZRK$SLu)X_UYS?aBC)v6ySyP`t(;C+F3>p_?{>$hRl8W~`T0%aO9+Q!r
zH~U5>)p$$r<u_vdmJ*J@_)XN!04x`x&w~-$kGV{C5QH2=V$qdAc{OBuP|Ji6&6-M}
z0{E06A&LthaZtQpSNbLS<voBZC(&`Exv<u;kieRwf+gGHK2#Nm-W&})L6iYN4>3I}
z6;2yES^zguA9)CH0gS6YQ@sBX$WXC`zgZ?|jpjU=vE)0v7F{~Df?@z}gyAwbg51wQ
zKtNe&0@W6}5V*WhIQss;w?I!Lx$bVTEzAvPFBy9(*k1C$9~bLiAiquIw~73Qv=pKR
zW)h7pCz*2(PDWFOt2&kFMXBB+U#L`)Kc_|0u4oU5>5BG{*sd)9<u18B<e3K|+C!w=
zSNVA^dzeDa@?ReavUezQ!yYMuv=nkj+4}0Vw$uojWuVy)b0AeySg<!v#b@h@00YTp
z)E;3a8V4B7`yN82(iq<U@L3VFKlJ$lZ3{-pw$Nq=vn`DNNwh62nMZ94rStaqmG&z6
zln;ng9{fHI5@n52rb794nyH}uskJ;&_Uw<;Nsz>*?><kKp9Yy6)IMPpQpZPYpKz-J
z_6d;CGEqY76vnLJoGG~XGLwRlh-^kMD}ag~FWgNo=Su*^{LBIR3@==%{%krV-zjuv
zvL0Otgbw@Gh%w!d$o+>c)K{Rs`d1g!SI>26$iMFx3%Y7*Bwh7N(d#}UR8Q6WjACyN
zkkZyjN@>pEeAKCa3RS6IbcU)_`WSG)Ck7nwSBKSSoG<xShluR=$$jT@H&c;4*B{^~
zlK){?S4A}S#(zV7E0Y*XJ>m$_Ya%!zypHhlvNFf8BU-NRmhA9FVI<f<oT*b8XF5J?
z=yYnU(Arin0e*qRB=c`*U9zm-(g<e%HfNhC;z$eb6$?UHF*4)={Lex8jLE)-nCJPW
zG2nTIfIP{Y?EWISREnohD-I*g`r_V~kcMnQ;rDxChu6R!h`@l@-k|x9aJe9Q-z6m9
zw^P*lz9={FIYyxSqz`F6q3y;XfAPy5k)A)_5$XBAI<oxVJLL3yQ+`zWzyHp^T=~Bb
zN6!C!HDdnnG%5dgW&`=Z4~zM~-%&cdW#*;l|2`zk|NY2-^y*y$(yR9j7nuM1(B;Vg
zZ51y6w{>Irzo(mAV*YR5rRD$T{q6a`Q!hjQ?|1ESzwB&}`(;;qCjX3-@0WH3(dPdK
zM5BBHR!BvoaP_EigQcW*?rBI$8a9QV-QrHu+dKsZ>ZER4oramaHup4kW=nfKv&GYH
z<99U3;ru8Jtgv||n!%|}0O_$U(upnE`)CBlu2B$MF_EJaa|Do{*5XLOgIWm0-6MdE
zXXOL35XmebB(r1N;?N-vnR=33RtVer<X)613WIYA+?6m_yVj73$^tSr@1ScvKt(cP
z=`txGV=HSaS=NP}-zTgr7vnJw%wX{t&y_P-Zqc`t1XRrkdtODP{LV=EmCXYAl^rk_
z5dtm>g}ryHA|2`wDc%CZ(L(bP$ukm0j|`WO_&#(E94Urkv=Bovg#E*0seY-{-3wlR
zncSBzxoN;gCb+jT`43_>3JGi>P49d8Ze@C3Vo-Wt(jNK-<+**|M-~O&ofMqg2Z4j$
zZUN7U_aVPOI6oKSGuqJjj5ahrqfHd~eXl>G$nSgZ8AX1dpbzBVjl?HpiBwuzO1{et
zn|x;wyE7%5XQA+jDnjO6{zPTw-JUb)(PiG11!vw(kuvXW>)Wcl`2qPkaQ<04g}nIm
z(+YX<njifBs<ff1@tAcNNpf8MKm+wsb48PDotSTTyOkf2A7akh7HZD=L><=FsgIY;
zSsA?3m{C$=bN5Ju6s`LVm;r+MS(?N$njV%eK>W!@jyH?(GRy+Et_Uq~m?8GNb1Oc=
zmNvdeqJ^KFTyo55@=b(aR^C}C)}LV`XS0zA2N_*XGp)EOi+_nLqv0><2jVFqFpJr9
zY?2i5@)!ZL&E^&|_{q6gcy%7UTu&iKD}vPk|KKxJWoj~;8A`2gg1n8u!<&<=cyP12
zlZSSF&_mnbM0#jevghn6r=4&5Km=Idgf2;Nk47_<*z4iQBjorZDoV7b^*F<&b4djm
z<<T7rj|IeVnEd-ZoLu(4bS2<q!Mc<XzxJQV=gQJvmV7Q<F_g>`bAfszzOj6ulAQmM
ze4w;ktEW#K6da|+DYH3pf6kjCYBTCDtm@q!&d=#qe}Pp63BJ~Np^&Gm7UCv%`tEU8
z&pSekRFd~;<I}&6xAC^Gby6A1s&Hi}?R--^xu8wG%|h;m^lr)WBy6#`DoC$4jtn9_
zv`FP1=bJ>(yPAWEBZvD!Fm50v=sHMpQ^foR=L5kA)Y7g)rba}O<#$ruERteIQ-T8d
zKu_7j<pV7|8?2vQU;B6E1ChB1tIjEeydW}HJ}n(HxG-3sOQ8B(0@dddSp09cTt59^
zRAcrzmWvQv?=Eb7(u7eB#V2jKR|D2Ki+gZze3D*_PujgPjtD7(^$?>ZS?oA|ni1rR
zM|P;>NjYM$YS?_5x_g<i&9NoOez)s0Ci6Z2rD(s~F_{|JHcxKIez#JbvfGv*``z5n
zs7A_tsj%Ord`X4MhuHM@PmW-}n>#LA``s#)+<q7Dn22g%OXOrdFnwaEZ&cVIAxH%h
zKHSJ8x^Ltby%xgaan#M}Z0qX?Pg=K~+V!wVTRh9zxo{)j-h09r`Qm9gX35AWT(waQ
zi|H$7|4{wP+Kk4hG^6n;%`S(%Z)}71zL62_eG&3;UcWok?AP)4^r*~!OMPV_X1{TA
zv!DBYYWA}R)lay)xk7^5`9wI6J130ZCG)uF3j1$^#JaS+XgulL^P@Tcmf9e$M#Pzd
zC^$Rd?uLZ3hAf4;#fwxy#TI7G32QBEU1tok7HS+%vNRtsXADv^8^`0K2~k!7Vbg;F
z6CzDGi(p3l>KCOMu}f}q7Lj!oVC&)w@ZUi}!O`HryMtB}oK4+OMsPzl8P|v#O5+$s
zeQl=j+}zhUsm6C}^qxTH<LJiII9C97k~~XWGd0S3iNXBrh4Uf)rE}5S8%2A`U}`hr
zA+j{bNJC%;8|C>dl>z(y9dXF7hQ=Yk8Wu<S)zuk_`l&-A*;4|n%S@V+gY75c`QgFF
zlRiTlGM=;_7nSj(4Ktq1_<|ZFKF>sphnZPC%wX|2_ZeC|%nFM~GO&$5wji}lmYphI
z$;=qnQUissesPx|dsQfZYBo+o<6`G+K>n00@uwXhQvOu7u{9hbZcw4>i6`_nNo^+C
zSAphi8c%uEXYBKX@q1`|yfR*P+{WN|*-NpPoQMl&FG&_m<1W}<@_tx*$xoXJ^SeGH
ztO3L<W0hv50i^UZnE@mjVp^#I#5k^D1Bh`meW6hrK;9V>Yyg2=6!i9l7(nFm-IKA%
zAD@Ut{>aBhWB({V6~@A0zC0F=WMM`m3&-ryN(;y7!<TO1c;Icx!jUesZ=`9I^>1AY
z`$ooBVBg4%XxaD{y&b{%AVKwmasv@VGJdu*n4jquey)m8JZM0Tf~T>%Cyu_Xa1hpW
ziK1T6kqOFrH;xW~q(Llj!-N0}ys#22>wZx3M6FdS(V{CE0&MY#@e2BSx%Bx#5%l?6
zn>D7-qblf3@Qo&FJyi>HnObO$u1rKXMC8F^FRVty?13Tvgdl!8DTJTi7BxQ&)(<gk
zhR;a`J(0kgsViY{a*+P_kUt&x=>zb=H<?I2Q2*<%$p5r9ny*rwWrnWt$W$vE)c=lf
z4eEa*8_iGIy*7M)%KEk8^HW}@?Iy@K(MsB)8HjM-O4Jt3x)0Nmp>{)ZgZkpukxaQu
z|Agh6^!<e8oAmw!HAu6hL0aBn8f4yQq6WF>F3K+F-zE7Q(Z3+_%buTw$uH4T{m(2M
z7#pqrH$W}d{|4%cApj7?@Ls8bqkN~(K-DKzVpQrUDludgD3TY0yTU1nXMyWIwKh&V
z$~QtL38bh94^TJ_97`1;i{vMO8?;tTV3<O)J<Py$X|~7ov22OOcS_kFk5?e~G}HDB
zRwE+0G%Xo!fflexDNRecaD9{;9!4J>NFGnUTpxYv15qDc4fe`2vaE_3ABbrh&qJ3+
zmfSJ+1Mx21_3T*CkbH~t>8Q`b2hnHGr$^Rjb-H4B7g6S0oKiKGZ_!H~b-qPa$YiqA
zhWP07EnW<>D6Jy3;cFGmw`h&@j4Isssc~;nViTtR#n3SIFMb4fd&w&*dG-JvU4`9G
z(C$@=?v+yaMB4q4q8m=OijaE%xZ*t<K8fH^gd_s87vTsJ@3rCTX{6Q50{)+Um8$$b
z!=)RHmsj4H#2|-+gDkF>nGpst$SL)T^Nj-bgjVO`<Py{4j|SIc)K{V<0gohzwix5W
zT;z!1><5Z?e5Z}Z;y<erBkd2U#7O(=)gl2)mtyY6DGm-RQb!R~|6r)2X-s%W(;G*P
z%AooOA_dj=3!SsOI&4t=FvXmNbQt{+!q_9ncL!Gv@%xO*F!tT`G(QhSKbgm=`p#y7
zxbjcMsC%eTf+RJlx`<I%yj+BNkHMsbuP#y=xw?pJm(mfmYk(|9yc6u6H|v!#;_pZh
z<mto!#1Hk#`Xh@6$YR8QtCOO;G1_|2tu)%Yd!VToYr5?s>W>U`v_o3VijeHbA|$u@
z?qZ=WPv0Cx5fV=qE$6QktB?c*VpoP(ekv)j#+gU{Y8_^vhcwj-Ohz$zXfgufF~V5)
zi3%asbs(nVcMTROsp8Z>B89{iAL^qC4a$zV2(5FTZ#Bq=!STi+{*BRRE;inn;~}FM
zjzk)4LJ^aPOyV3fO^qIG)~(G-)~y|!T$+<ynn}K8rI24Kr8z03nJF@R(b-cd-~M?D
z<=c~|sC;{}w<7+yUnBKR0unDr{*k-Q%EJ&GcUB?!H<kP=;@k`7q6V~}lzu>6wdw`Z
ziNFi+L}0FZ!AmOoANeXC6<-;mA6ebIt?(R01JudB4H=-G$=0ZBo&vqiJyTzuW}vgD
z8F5Bxmd6Mkv`h7<PQzj;1U8ihhP0u9A?;SbPh)ki>jSD_CP(d3vpLu+1#hBViX-j0
ztUVXnvuQigbu;r=dmgmkMBDR7JB#R<oe%AuX?s3tFJ$e7&>l<M3rYJ_);<;5eJinj
zDrqlb?M2YOi?$b8`T6kFX*f3)$%ft!uov^h2ta87pp*eTO#w<Nz>)yK5(Y4h0AO(u
zH?1`3K0<I>s5=!$xLJ3NSR8-tQta~!ns?!qyOz@Vmf^>u*ANfzxM<GJ!>^!XF-L?R
zAJU32nprF+>9}zAO==x%#k#yRy9DBIbA^vz6yuXphq3siH(q3##_wyWE9u%{5$eTk
z`ZZl86zQ>E%me8}g$1)tq<S&AV_ChJ)JXMWdX8oFVy=XTf~C~))a>aK!k3I0za)Y^
z&a4SnFQzMbsKWC}tSC(JF-KNvpmv>uiUH3`V!%2{kJ%^bG3Qlc>fV)Nl6)%7+w+4s
zHxUx%_hJ6sbk3D+64e||QcYG7-XgrQf~h(S30y9L6IGpD3GQWpo3lcc`>8-MJ&(YO
z>Q0^ny98i|tq>Ifj>6^>SZzpz)f|AmZiSe@eJzD8B(P%Ae4zyUAi$n06EnIs6m}|s
zH8R+#66~D-yPd+O>WU9h!Jvr1rZU(f3DyR%uK+CMq?IG+TG(3ivQ0?wX!&>iDvs$5
zW2TTX>`@mx)MCb?b12KXe@slD1QJQUYvKD3^t&Fu`{;Kgd_POSr>dBGF}{Sn%U1CI
zI-#hywv;XiGi~UCO63azF+%w9jX3eVco!M6gbj(2hAfc}DT5(z(jl0Tm`4u?q?;VK
zKB%W{gy-&+)?b_o3TkH{34gpTkp!{xYO19oeJDk`z;3m;9qV}+dtMIQcyT=IS&lu+
z1COB?)C=f&1$*Exc_@#xgr--q=~b0<M*S`Dsa83Q;4?-=i%Y<F4J%v--?b_Sj(!VA
z!(U~2r3D8G_4w;}+=Z4`I+Kp25$3;!^S;KeMpl8vC7|bZ?0G$~rs7Fh1rm#rx?N?`
z0(B*D{;Kz0z->iwrcH3Z`#0wTn)aWsiTe32=o)lB(6#3^ai79D;of1gu1{YRx8*y~
zb+4@J<=4brxD2|Svab2BiJNXQbj_D_O?*w<W3!>_IayckYivtRhMqE6&n>S>8>gfi
zvJ`KTSr<CKCL*z}_+#koT^Hy)|7rkTS3sw&F1TLRkfUf{xcw;F7qXA0EByf>{#z5x
zhyGb5=0o444xo-p9oV|>N?Fib)q%}=MGV`lx6zzuf`z)0Q89sC?ue1_q2$S!z>Z%P
z6L{%g#)wp2kaDPRixsK-!dQ{Y{}{`tJTMe7!Ma2f$lBhg31n^eY68*`objzI$spgo
zbDF@$9?6B+>_2T1VzXb-B!bQUi64Xg&;$jy(){7vkeTO&&io+GJScQ#vvOu}r$D|l
zR_=N<4$`EbrKfs8@h(m(-gR4?qIj1`j|PiFbK+2s!{aflRJo;`TJ)hyxzBkaYd@?B
zS^F*xj2|7kcE=CFYey3Ha~)g2k4@+Tkcw5S=Bi6M!eq;10dw3{BGhIE^(uub6`>ef
z6|WEhS2MuZDBuzqAd=gKBH*(O@MQ|POg<wJs3{`gV+`<h3b;-Nh-7-G2zW08TuuS^
z%4Z~~Tzs<#n9Ts+qJXs`ASFKrn%<os^3<P{A3o6npZe@roMCwkdG4{~xyJ;a`}zIy
z=N?PxSJio(yD((#;h}R|=-eyA%)KmRZbASZbndAkb9V@xTSMpmILzGXA#)Q7dKI0!
zC}i$^F(GqT$Kc!>!ptq~Q_c+}c*i-I`dKQ@1kL_@=<EyV>|cbL{R!plVzT*6dV$h#
z7Z@FSfh>A~Lt!q^J>&w&3a<VCXnPX)CW`JiO=;6|Y|0@KP@+_A1vUKuX$3T)rQJXR
z<q)fQpw)_kh>!pZa+nsn#$Z)cyl+MQyg&iDY&lv$JU~trL{!)i$|<E3X#Vfb%x-pb
z^ziS;?^m+BGdnxSn|HrA^aEwlKF}%h1BvtlhogL8<DT#j5OT7$jxc`6&xED?n>RR_
zAyRa<CW#4~lkZO$95dfvhdnuw`TiCrG$-F*rwXlg^1&W*;9urh%)C@bbx7=d4rwqH
z%b2wrR(Ok5Xvr#EO)C)em5LSmoud^}S%oC}0oZ4EV)1k5Y4H`T_;B}@j90K@@sF(d
zDpve0Ee2@sg~hE|8iX`f{9i0afbEK<gIH-gE1loHrA+mTld-~+tU?b~;UQXq0L<xH
zsIZw;xQ115&<bS1_hW@*qGM|?UE=#^Rp}Cc>DH3-PdQ6k#rtpZ{;kmcO1y7dr`&&x
z_i3T~SMc5zy7%J!ZK3<=ct1IGKMwDo3f+&!`}gXCD*0EoHxn&(-}FSTNvRqK6JKu-
z1}t`QJ8|?T#~l1V#Mf&YCRFUFPN=BOr#N+FWBC+8^iCUC9CS^g;xDFLgDc>zmeMQW
zq4v@%V0q%>$Q7_WJ?Is%JR|89usoPN1)6%ayWsUu^wr35=bp+q+nFjVl_A-~8^R}H
zHWj=fjM8)L29u&)A<Ok^MmLc1vB<_xsLBy*E2L!4{<tE3VmVjD|I*??YX*oBtr8r%
z<Ak8|$2Jx5Q#SJXTWi)D1b$!z@GAP6wefJdQSjN|G7g_Qd=vF##s?n9ZlDY^((W6g
zCpS6{Fv<5=o7~1>ZiNbR8PDO-^yI9L82J^jVN%t=!EzoC<)I9j>34NSRcN-*gp=dR
zsud5yP2$bYZ`upMQ+1;+6g2GxU<b}$ATNw*(&{3t6mO?*jBVl@fRFx5-<a6MHvmNy
z(>JCy<qd#QzO(?9@-xX>p3-IjD?wNf(f7)l@gCvxZ^Vz@d4c!~hwH1iOo-4|S2vPR
zRQx;PpXU?BRH8Jes4=?$pA^880(?>cPsZYtvG8OpJ{b#7rs0!m@MIc3nZ_H*w86vq
z^yF7By-guHPAFZ-N*A)n3u!Gvw22sP^O7??Y$6q{$xe}FetxMJe{7}mLmB|t>o25F
zPuWNG>B;+uKE35Ws!xBXv*!HgD;m|O(|mOB>%?EReOnzICcBJ$nc9%c$P2w1O&1<B
zRXAn=x3F~KpS}i2F8vZs7VzZX62h{83#i>`_bTxl!Ceo{=krUmN7_nrM@DhZw7*65
zxR(`m;mY!*2Sr(bJG(#A-`*lJ{q41{Q2lLD{}}q)PkzYZq~&!9a=z~d^|xiYjph5E
zkQ<TjTadmU*8F_m7F{&`?OiZO($Afhq~14Ce@eb&wxUb;h?8{&i#b`uU%|;D{#ts)
zyg5deW{=b=q+b6XrsILV%~nVi{Ra{JbOF`A)Wc+ZKI>8O1jWO|@-p!-5$N+#%)<op
zds4x82zxTDG<z5o+H%>G;icKbDGPWbdorRldjwThkSyZ8BlTBk(A*v^|7OxJL|+s4
z3(?o;e`$)oCeGc5xcCgke!1_*zPM-6@4rar6jtFgE~Nj!nf3>9L!xNvpvk|6<X3VA
zl`g>b1u4Cel@6=qjG<D4>m^cZVWq<>Ia8?A=$b=HFK4AAD!I&1DG;9rf=nznvKk{R
zxq?s)9bY_*>aztDK3au@kK~&a;bQ<3KAM?teB+HV<&XYbqR1bnx`bxPA1{AN<PYRc
zzcB%C`fk0#tA2*}i$nKs;C*@M{%O4bK6F0|@Aqr`Ga~rg(U<=3`P&!mP2q0=Gu-65
z8}S42mK3Df!(w|&0^bNsV~%)stKai`oS>^9jAR^nR#$OY?*U0zw^q<?wpAR9w|Nf5
zIdy03x?N5n5K$Poi!PG$Yed8=cq8KP8p|L4(vjxVd*mMN-XQ`~2tgc7sDyV2p%mia
ze1gpQrGtTD3_+w8qOrK&FWyDyYujCfzP8&%>1%d-HGO@rQ!IZ>IbD{<Ukr(<Oi3SP
zuX+a<7GX{&LPz(*aLWzE;9MyQ*WhUg_0fGWse|~<KI(w!%{D_Fv+BI7i2NxpUlUKG
z-KtDdn`h;du8OY@<=0mES3YzN^RN8#8Fs8y=LM7`jvz14@p$hfv0PU4d$V8^iDxK!
zC<0698)`x)NFYykF^K7@1`6U2IHo_L!+_HPO3=S8!JBIq^UO(ig)+1x&@rgfw9pWk
z8+xEG8PTo>7Gr+*-**sv{PPZikAK;r_0I$NsmU|yTtfx#T_(Zv2e7GnZ+<OmU#RQb
zHF6Z$aFyGeAnKJk%20}zu7NA%$~Qz7Gheqs-9xEw1W*69%g|-MXDF=fKas9xQ9ku$
zV5QnUjDPwr=0Kmwk_mU4iSA)%{CV2*FJk&@nF$pt3i)6?%{9RXtAq>lZJIG9im%jF
zRT}>**UQ8gi6kv69Aai!LQO17=;RTq451;{q(@XSUSY0D(x+5oBs(5uc2c<}bthq7
z4JLz}@=V|W^Dz3ZE%h+ESB^hua(H*UMLKsUk}u~b;+~V863>Fk{h2AvNi$U;6ryKQ
z*dYvZ&@wdVH)`^G0lEO3$qtQ^dXNmHEE*<*IQv~1>!7!O(#$6lLdUb1!!o|bK0R(%
zT4;-{{3rQ#X#AKr&+Hvy7KfSvBdO$-jBNy;UcHUr)9%}t|4$oD{+$m0@AzgJziw{d
z7=D$mY81boo)>a(kBDW~oDUd*Z?8@Z;oH}rlJRZ(jHvkb!c}to^HU7pemtMz+dnK}
z_?CBd!eGT4(Pwx9Mhd#nDK`PVi}KQ%gh`KIiE!Hxw!W5O>+4I^*!o$Dt<j<QDQ|A7
zn3sw!!gB*p$}qD@!!LjMBf-ya|48ujJ3ltyKi!m2;Njuk$!*-mfb0kDw!^)PXTTxE
zMAGkFp>{|HG~Ib|Q=)&{xZevb*5c&}a$pnsCBr&-r%|`vQ8XSp20o5+_agGZ-IVhW
z9r(DNQ~Sy4!u(_jUVUDt!K(%(`*LgIgssWG?0SQ|;-;^pvR91CD@4N3yrQFdDWXyX
zUj#Ln8O6)>;)*aY*B<iOcRJdQw1|Y$uW7pxq6)#-4y)T1QK}$2n_k{t<!t&jh6Z>W
zNfG>0eG~Es|K5~J*+EsZ;Rjk#8dFfOIJS;rkEVqlWwS>|>cjj2nnaIyO}@inj1Ya6
z+#EuLNpH<jl(HnzM!dWAB7-}PG+U5N(!!<2s%voV2AY=E5KZfl%;NLH`Tz3~=k0a+
zU&kw7yoK`fTPQ!jh0>qN1~vV;xor%689c$bEi3%y!*2onj)mWed<t<kts+jQlrTk!
zN7Sg$PNX!XLK|^eJlBBw3?8Em39DEf-a?D5W_`S?g?C(LAR$Nm%k!7s?t=*u<5Tfi
zJ`lz4@?40U)y{#j6NhSr!W}}=F1z?Rhn`W#h$${(o9LJ76ZZsd;)G1tfEMwv;LFa$
zuq^0PEw(T4Ime;dOl-n)K`-!*TA|`VoRqfO%-MYttW2e6g+AruNdx56Kda#DaLat$
zC&#3_l9W^b3ZT+hJb!@b`wE~U{B>9ZJfoDAMD=}ww_hqM{4V}BK~`8H3kC=xcOqeG
zQlWFxP%(51Af^B;|Ky2ymsCnLfuxT6S5hDKw75K|fyG~{w6=+JsqQ)=V;y{1y4*+A
zgmuG+Cn)y+;V0lbn8nWSeH`$0RlKV`nNH8FTF#AxrB*sW7sxff{s$%C(#m07)cGLu
zrK_jN`bJ~Ae7@imrf*y`mlFG$v>5uvfva*jNjRwJ8^<`jlM7<$8_oY|Oy5|a5utCK
zDB1frrf;MQ4$l#j9Oj11PEIQDS8kINKnHCquJnQ437G>+s@*;OZ;_1*6$s<y<w#|@
zqI=gs@q!H?7V5el!vieDwVng|Me+Q=5t(?>0LKp;+z&OF4qsvB0AG)*v;6dU1-lRP
zTvsA^3gXE{@pe9EySt5Nzur-}!I4xch<ySEn>RkyCSr21DGZLQ;)R8Ruip~@%_r=z
z5fFllR+v#;Do}N)6%WV&XnfO){)P!8Cm#jWDFwuF)YqZIJSZwl2zkQZN(uQ+PFAG$
zRh+NxSB{`?DS<I_l)#v$b+WJ2Yt$o_It;?6xl#}Q&(74iM)sb1h6{O5y}`-eQ?AxF
z>NZW?qqS;Teg#0ywknlc7UPLcnt0-H)vT)2U)6=EXD6cfDynA(Nxl2Z>REC&-!Sa*
zQ>4pJg}PUKH}fX+krE#la`hUDO4nP6`{s;PgEXp`Xm%&kCN~gc-1KSa086#O38zUU
zQ#@b11j(_9zBPuZ>9eQNl9x!PQL??MqdDaSo}!P7$>U;9j$53?d^Jl+*Gf6I9L0~Y
z=OTG7a`LHGh3xs0<T?IN+}bdV%YPgE2b4J8$}gxC{en0n)hK-#w}*@kuvnsh#05=0
z>`KB9*KHvD@VO09^v5B3!Su%fM!V&{6L(wk^~)6~>aW09fiC1|H&21Bw^awFtX3VA
z@-y+(&9%U8D{dJ_f)g@J%K4|0$w3~+2YP1;7~p<`(^q6g-D6qo`1bakqQFf|*TlEO
zzUUJt?~5ViD-*_`lKXDB_7iWOte*Vbd-TX1&c|sGe7U;Hgb-)DTXn7o?0C9_XNj{M
zyqKk@CNo^c$^>I+E=V(#al|WQpIqk(R>w=~nB+QS&DY75jI5GKDy4-g0URxoE1e^U
zpUf{-x@l3mIZE42+4JL3`PCoeX!}o*_VYvS1AyHrS6ay`JxMA}W0mABl`U6$msP`E
zRaBKQTUVMJ2Nf0XpeyByUfSO>+TS>+TdGrfyh*3&F$0AXJm?JYD5jmOflH@vW~NPC
z4**aGO-{jB5eqCeu$i?4>;5pPu+@jG@r82ZlT8XoAKU<KJG1_BSNK1=(8%!~Q??Lg
zjnqxolEWhxo<pRACWa0n`1;_=WQKhf(=%J9Apl+!sxbG;WCmoe8=><B!~u%zuO|6F
zT^ZB<u;I&S{!hOr{KHHQZC*tgra{rd(3HbYo@`2`j!csIO{xke<J|h^Q(q@(8M|M`
z?muAn-?IA`+5LWYKabs?X7^Lsy_q^MN%yn+-t7JscJE;KdF=ka3laHYBkU)gTQvPN
z*Xb7NRZB8vNwk36b3k8HL6``*w<0I%D4Z@hbaf8haZReogAQM>e3C8_Q!L8qB6}98
z^F`i#LElKeNKCQ#kMl)ls^py}if=%YX!^)lx<r3A(M)6)z_7=_6cj{1hqgBxa426#
z4=L}urus{{sks?L!l}R1DNgp6>cIS^(Eo=J-WUhZ62p?78k;Ko@hWRm3)$L~K&?#<
z-AT-EDegp166A>nl4^-i4IP@8Uy9S`O3=dyPsrX<UE%v>vAz$eHJZWdzH@rQ@kqB{
z-++e|bv9~E(<4litjA*>3ry+)jm2||p*yo<PX~1|+k||@0fNG{@^Y(ZBl3Iw-H5&H
zfvx|@KgNnrtVE!LCsxHjhWf^&06cjrCj#F%QQMvA4|1H=UY@d=`lqa>{wb@eysba0
zSIOId>6+-D5>4M5EkD=-T|?oSH7Rm<=H$rm%setBVWF9F8uj*wWmqb8<8%-Lymd*y
zZQo*K0g2;RVL+nnoMQJ*6;KkJ@+kFOh~ka1awe4%pUcLK=O7<G_<$@Q9`7XkqddUm
z!`G)#`EX~aSm)3G7dZX2-A(gH;Zhru5BGJ8;*XMkUGx1>(AX5|kMaXdi!|tLk|N%d
zBWn~dkVNVGYvm(rdQGD<s1<DHehkAsyQ10tCN;b|br-sO;DN7xchr34U#}qi`r;LY
zUthAKVSkUBJea7CvR{NQ#FL!7MDdHbL2=4%5<jy1lGx|3e-wouG3;rMKg5&Iwcr|{
zzpq?K_@DbP>`H5l-VpGkUJIKo4d!@?K;<u=);Dl|`S^tq`JFB_f=@5r(tLc1(cAPa
z_#r|F5zzC=Z(UCC<M8DKKaN;V@#7z-)cA2jeRk9EV^!Wzf+oZ9W4Q9s#TtyReB9aU
z-|^o&>V^&e!09Bl|K6ZwQT_KuxTyagzbreyh<Wf0x0U7&kAgGjJxX!rT{m_K&v%+H
z9llq_pPzSN_;c6241eA^nc~kEI>f-AxSu3xThs7o`K68F&(|-Ff<OJ~&Bvd|qvFq}
zVa}xFzZLw+yQq?MJQcN{<zyAq%S;_Y{r1osPK!t9e+a|=;;Uxk(NB}LetWH@F6mUz
zcg>|fdow1fefB0q`0N#h`|Oq6hM4${2!Fg5__%$ve2R0vBKY~SuLypg{#Dcb@wyWG
zTOZ<&H<ZlU{S-U9XZn|M%<nEf<acLO``v9Kr8S)5cV|-j-BGVRiBtUUEGoY_*Gn>O
zNDR@2ogEe0aHB#Snk=s_>==_ieDy&T`hf7=bo%h1Pw|&~`b08E3|6xL8{XH2?jOc`
zL$E=AxWQ-s_w;1m<xTX5<6U-@KitHto8b><t2h>?_`UrQ!|(0VWBNw&3wC)moc`1`
z>i@Rk|L^}sHX*-saK5c{2yRBQ1>t@e+~ZaxXaep50}nxTp{7?Uizz?9nDX<BDZT1h
zt)^Ey&NM==FeiRdRbBz(=wtgYu?CCJG(@kiO!#-`)r}7WLjC%vhF-n=d4%~%P|Q#H
zh~suoV&*48$ew(N5;B$fDIbVh0TQ)>&}O5QZ1p5c$)4|{oOg8iPKEz(Bh#-tW&VFW
z<Nw>lpkMdBgZ%%NCi4HLM*07a(fI#v&8J^&qxz%&@DTF<)s54yRT}zrYiahaTKYBN
zZ5Z~6Pn%7@j_Skd*X@^U>DQ`p;q(i$vSZp2YMB`St8AILUGY=jIFY==C|nMsa0R8=
z1(d>NA}Q+|LE-*Dng1m9IM?`_e@6YyKcoKUpEZTP#S{9bWAtqZ_5EY??eR$ZR-o}K
z*SR*yG)k4U_CG1fbPX1hSNAaTcB_W?#kpR_xsgxMVXvMs{=ec;mm6c!H}{*-<ex3g
zl7HqZ^zF05TKe_|-gj)6o=rdgzo%!*Iyae~-K(N!Z+44K&ro$ms^v@K-dJiYLiV;w
zK=@>8XV+EXX**F!T~CSP|8W0~*Td=C&yCTyuh;xP;<;!nR|=(Y1wg?HfP&%HBZvd;
zZ-skAATmXZl=olyn9#RpKPL3;xsNG*8*xxg-%cNGqC8fammf8seK>u4_h>`(EjOtD
zSLoZFV*%mrIi#U)D?W@WkF6_W^4L<~4oY+LqljVLcuKr>Tab9k@>i!@W%^|?F#45v
zE2Cfg?xXbUB0~)Nb;nD9$j5GI8vU}SG)BKJO^HIk9_Z41`t@N{`HR0Frt`^z3jNZ%
zt|aKQt(vCXAsM<bnqrV;A1(D7yATH5b5XOYm*s+<<T^9m7ot(_R|9Wr$%+H1&FGN7
zbL-1KB=n@yhlHMV{;+BC67?d#n$ZwjU<#oE>lhWt$Lt?*p@bPa*G`#)TppqW$C4E~
z(1+21CgK0&nE3yi7o*|-%4XsJ*&+P@C*b>QH27X)kEa-4Jp3<V{2M|TUyJXnIy8pw
z<%45-k-5H{!1WiGG+?T*`*Lwz;xK+YgucVfkq;lxhwD?q@wwy8aD2Y`d?WbWzx>~q
zSJd*zu=feR9`ruJ*Mr|@@vr+e`ZIqM<dJpq`F2t8bFsf6{QUmee+NIWxd;8<4ruUm
zr+1^`=WcgX{EVSYC}Kpx&tr-xe$MQ!#?Lp5l<{*}9K+97jb!-w#xWE>Pl<~qUn~Gr
zweg##;paD7Hin;Pwv2+GH(k_x{QOf?{QNM?k#u;!f}ayzmk=y=H<d5uG5LZ-M~oE1
zgIOPa4#xWG+s#JHFP+hc2^EPKF#_-m6%g*fOD$A98m<&8c?ePV!w~`ko@nIH2!`hm
z`}!SfpLmDbC*ElqKEIeq2|ek2Fswe!|A{Oabk#*i?D4MeNI6ejxkrr@d_o*1bc$0_
zTa|N~)K&yRy&)5WZXsfDApW1)Ll(uy_Rn}G3O%U(raAQBvB!`eG?-w;98@J(d2AmL
zjjbV};X%Cry`ItADD=br=l`01%;TFzKN6|iBBLLVbZmfrH~@G&m5hYs94C;_MJU8r
z$;PbeVMHeR*M{sdUET?&FUgJ37jf~wAuq(12X1|n+GpOR_L(<X{O8YV`tsgy*)igk
zD)Y=B05lMv^dNh+f%wl;`bOhFN6`2r;MUE+tt$bb(c(X$H6{MDK#Bi6zcXt5Csro$
zpSQ^IpSQ92Px1o#vYh#Gk)B^rzAi*BSUjk$3Gtx0EW&8}2z7)}BA`QaX%hoN(@*M^
zXtgg;Kluj1hskdceAx1h=<%SASn;4&%b`RLZ9FJ0q&h;gOQ4%vvrkwV3o^2v(5oXs
zmp_gnMwU>B(RGm_M&Tb>7FeSVHyRrj2HGWuhJof22H&dHpW-CT@t<7?*1yvZB$MDl
z7wl+N?B^}v(LS>#kVv27a-`2)w#tNL0M599rA2b2&vibG^f_p!PK<G`w;fqMr`!x=
zBhL)AjR1%`!h5oBx}FM!^3<qNZlYVAd;WxU%YMv%UrEX1AVjwBQ&b|g-a|?PuQVrK
zhUACWyE+mu>XK2;lC5K0%HzBAaunyJUHZl|#FLCgs`vZv(sN<@YZ|XPlErI2rH<G9
zPs8z={iW~o6I7C-xwNSPn^ztSZGjd4I9?Oi4M@JZbf~$ML~K%dvEmhi|5m(0@ZZW;
z82;O#@!$ECAhAZy_Y?Cn;g9gz0@3})_UDP<zkh8||9@03A5nxyaWP)IJ)p`|#%rf}
zrsIKsz-QyZa-(jiDZRhnnS^-M!p<hLU|?4A5Q0ik1j%I2Gx7OJCwUI^INQpeTk-kN
z^tqLiloY~|7r=vpC>;5ae8Ol;?|1FOh0YsN$A4DqsUM?jI61~BQyNDvtkOMrp*;mK
z_(Kvy-y3Rn()0h|S2Lg5^Nj8s8F~KSs1Z3{JkaYd6NZysXA4$p)+6}+z>*p(|N4fR
z*WxEz)dhpVu}c9n?Y~@@GRQmQ6!7%lONY;r8V5y*fNR8gq@!3UbHr(X6}JJm-fu^e
zeA?eluA2zvDx}<c2`5_v-r;0t_X<w-iQmMr%rq@e0$tB7ILW7E7c_12_yc+_=7ECf
zQ!e#!%BhQ|)0`)ns^gV1<?TCN;+=9H<2z_QtLk_qt6Xn_bjTqmHNJ_|%N3Y3VC0MY
z&?ouKfMDiJy31_8oKtv_L+%dhs{P|tMLvhzgI}=dQB~0-<)fR?5m+pe_qTl^J>O^{
zJ>O_ynEVj!Ji?3G%jXd$^2LYf)azXKSZ5M;V}}m%B_}C!6n-vYhrlSMN;e%7ma_3M
z%xKMBqSXB+qB%VDh!vib#XIbmwc&m}8?9fN(67stD(h%-nJ%9C1_BDpCMYcG$%#3B
zz2@Y^mF^rlU`IJU(f<m5)zkkCTK2A{>`hwcp=BRx$}o#=^n(}qk}6zxbe4#$;6GX)
z?J*9DFS$yFGVQsIL*-+Rq{V&PbAD@mc!kI1(~YEOu)>6h3h&8>8c7qe!VC4W@>R(4
zsTm}~OppjoAQ6_ulm}Iosf9I3iaf}0ht6%M7~&-bLoi$c8|p_+o-9ehDVdt{iAr_a
zQ;;K1jhv%XWpHJAqIEc(og#BB8;Zj-P{Ss?U(T<zf_!<1P|2C8!#)+GXR0DIC}yCz
zVoE+cKl$x!IcCWsH#LhkRZz)g2qLk`C53{tU>KPZ!`Q<`45N}j#SM|euz4a5bmogU
z(qz=uh?ZZEY?;K~L`$T7=m|~Bq44i%s_^eHG5x0pL*d_;D7D+pWQN{a;|_R>9Yw^P
zY@~Qv3_ZRGi|s*emf62{sLz|$A%dLONI1nk^(rNR`+E@juMa5!?!$W$OZG3GugMo<
zhA`C`n}Ms#SbV})TN;c{IO3X)2XQuoS^j_!&6JGtK+kY~vdJ8>ALIYnfu1+HY>Ra6
zn-|5oXDnhQd=YHV&G>6{bq3izUlm?Hr-GcEP0#oA4M|#LcJKpFL_5KA)wg=C>8FGi
zL)FZtRAnTbM2<9}IzZj^w7L*u6pH`@p(UA`7h>x_o~n(|uh;z3^G5NUQMk9jH9c$8
zn+r_HP%H5JR>FrHG41700r_#L1B@#$t=^#p^f09%1uXwndKuyWFE1nff44Hm|8LUp
z|35UOU$4ru5?)`<UlPvTfAB*?%)R{pz&26ujc7>0E=R<pn0OF_uYpfzd^y$oD9KtH
z&e!tT0a-s{9PPhkXado8+!xpxjK;4!4-kIcDE&Qz=||29R6o*_yur!m{5+P!`O6k1
za3STjH#ZG-MOWArcfqbGS`_boXpzC~T4Z!jUt~s=^pG5JaE_vq&PJ8=OlU?*dP=2|
zHiQ%m(e%;&R=?|kpB`cn2U`ICUxv$G;^1D3;$6?dWu`bdbCJRI6kPTb2ls=GSOS+;
zaj<m}kV!lX#6Ke#;g2$BKJ~YpPyH?DNAindXH~c#qSW>!h1zaVIQSC^eZE8qX0_vS
zGGTu1kIH)8l&jG0LG-%jj}lZgJD<>O<hGC$_90P^K)A`l3kF3yZPSHor{h$#IEB8|
zi@s%4-m*lz1qh<A{8oVK!ZYbxCgrWJ5pMyW;N`bA(6{>0x6I00Z6e+R+W&`qFvJ`5
zEh~L1O?m4A7ycG72Fv8P9;I*P(6=ngTSv5S(Mjh^<{^oEI|}UuX=!v}qw4WD7-ej*
z(&tU7RMC`5+nQ48kET@mTTRm6t^^YP^#z5bKa2Ojh3=og`xYURKMC)<hwkse`(dH`
z;dno_J{T#V6RSYaElsitcn7D|RNUkm2wZ_XzosJ2Jr08$$>~8g6|kS)A{R#LGFMY!
z#w;&`b7G|4W;%N4-Dv;h^?=C=M*tz+j8#<;hq@o3DtyZIJe2o}SsqVM4}v<GG3x;Q
z-$m>6i&@7=UFM*UHD(<^5?9DhbPe09TMY@Pr;pV&Vo%6=`5)P<t-yH`f+L8?G^p&;
zBDGJ8)IKe;__wuc`gz}Gwf+qLx~TKVM5@DjZ*GWUcKk)pfp~5cCn(kemG`Pi@m@8f
zG4kgD%zM>@cUuM!v$9F$y(%X=QyD+i@fIKTQO>{nb0@VYzu1S_laJci`FBtf(syC}
zs}2vRn{JYRtwn8-%Y-~)95Dc!rH%Ai{O7vSX#8DQ6fQ4D+JDKpr&RPybWJ9MZDS3k
z*}5%o7k&*Duhb&zt|e}pajyM=wm9q^He!*bQ?mtofrn_*x^`MO-rYWMG1mQ%)-@}p
zV+4ujpK3j6k6wvEV?F0f2B5NgiI(0zI*-uXN%IK3ojgxVZ;4%zD*5%UORe(hzb2{e
zU^c`gGO2pFWyk-j6c#Z~0iL^C&&lwoq31?25uM2dXOjuOO|h&#5~9B380W%KX<CXn
zxhUK&yc$<TKKzzR^P3MQQT@;RxCB_(B2@SZ6v`iTJspKSt-8HY^7NS6db_F|v2^IX
zSvuaPh-!2)5?xf?&?cjXOvg2W;Tbi7hsg?<0n<b|WVV+<2ol={9x@An2K;IbIi<Bm
zh>+lDC^vyLK;+r6b8HdGh|Iu8YZ|hzZn+SS4?jBpPvwgk`L#9`6MVO}nBcp0#T4JQ
zTdl@-y{lr|3-T;PSkU;NXtCd!%7(Dt#XA*aKukjbI^CF<F~AR>k=C!FmH^cJGeLpk
zs|fkvww+8qm}TOKq0b~uT`ue4`~ODu@V$SFE-zeyFB2s`RiyTZHwmU(-;ZL-^ZRH6
zfA8DL?0EzpF{_zpoyqrrPN?`@ufh+(?@Fp?Ugq#UQY(1%i*$l7#}E|woOOaXQ!1;&
zwLVc??%q>U&A(nAO&=dZrV;x1t=TXy|6Psx_*_g_a1kKw#E>kJ$YhD6Y-5w9k(t}W
z<6$r#j)&&Md4lG{c|wEVMrak!uU$A5tjRX&$&u!kaAX!YTE=6e{p)@r@b-`Oi>k=o
z%mY#Mix-paZd0(|10lZ>#DHINYWYLv?kC?FCVRNPp{Jg4YPmz^>L(9V)mE_Hi!l^p
zYj0@;^G%tHnN=F9@El3Kf@tx*m4Fue1r_G?dA!HSynj=l<r<*UWrgxjTqjMfi<wA)
zXtUgVkX_KbTLlEBUedd61n5Lw*Al_&D%u~!puJ+GU5KVz8uPWD@`r#!hcSEZc(mt6
zY?b$|uvO-)_&2x8h^-V~HUl4rpU2JgH*d`%`1s{n1RuXLi{fL?GBrNFVzt(PMVxAq
zbEt|_Elhtyv9$nC3PM)hF?i(mx+1MU|7Im6!`~sSU9qYmtX=pcDk}0cE-p^72zWL$
zOvby~+F<9}eYqw~YFJY3ZWov=?xlGS*(29IPT#|3%yW1VCSy?Y917m}R6)!PbiurQ
zp<IV;m+i(}hrsB~G>M1p-l-<c4+ozDBybv9HHW7;w2e1&(6cnwGYj<0f<0>kJ<FtN
z7TtVc9O)Iyx_Bqcx_GF;tc#^fcdN24+I@L&HPym;6D#TBl5wOrWMS;S2?8T^0`#oF
z=9!hx;nCbv1x#DG@GE4R^4PK8v&J~YgHq~s#A-bTo{uFbZF{Q5691cnQW7m18<xlj
z-7c=h|61A+@f?$Elj?%86Cs}JjfoIp=DnHGD{O-b=q36x*M(Ed6F2lw;@@^LdE%-b
za{OCw7XP+OmM1juMrDE`6G?`N`3KD;|De-bMDk<u#b{z<X$h$g+J6zO!a(saIsf2x
z^r{NwA2iGP2UBsQJABj4a{j?5btM0wIV}I+uCV-r2{vz{O}vf>9&#4Vi0p&X17=R?
zV+qEQsd_Z6;f#pWm5hiTbx|`S#_o|Nc8^9qK=L615VZy@C*TR(((omUWnS;fr+$O<
zm~6#t9y%r)?UfRDE%Ro%oF0*_n9M^*WMlR+Y4<e=oLYX0OraG8Ln{7+S8qWVo>2C^
zeyLKQCA)*T*)jLtEn&&|pxC4;-W)o}*FQL9E%)Eg{Hc(ieT?uYYab*0$-2j4*~if|
zvMAo&Rq*VuMOl(Kmc+X*t;){Cnx5(T+^nvFD_NcyTIxQ)YFn_FFgb!`npnrI>w3Pp
zj8j?H$24rkMlDcO>-rF-ijQN~^}f*D*l5jN%<8)H!z}Aba>0X9E#AX7Yc1ZJMxndg
zaK&mJ7zPi&BoFTlJ-j299UILrffpi615aqp%dLX4{W;~5_MHDhg#Gz?IYGB{ybDyg
zD%yDo+WfrUhtmK*%tv1ZM^@h{X|~G5WK3B-=K|r%uD6z^*}b{2)~;c=dUkO=X4el4
zmh(R^Mjy2*?OT&Ji+*wQ?9H=FjTO~sN~D&=seXrVT2N`w{h8BOWQP5U$+LxpPG67W
zFn%37beX-dRjQn2?>giSJ?rCbrHS@n6);DWehu_xJ^Aem(i2tnNn4>h>4&YfBQk*S
zj$+iTn6fnR2W)XGj{Z;8=-Wn)-l83SrZW0*U&y0x+pN)B*yuAgqc3aLc#nPlkH)KZ
zkSqf7kPmp*A@)k;pZ*+4go{|!<&%F^>Cih69{^Q4bpEM0beoS%iJow8*Z~=#(|%R$
z9pWO|!*uY_-sNHKEiF{qQ}=iNCdLfdD}Z=p)DZr0Ah$?2$d_YD1O&f9@EX-Vo|)Qg
z?&<KU|Ac*NaOhKZz`xF{)9#N0_oD4Qfuo7n&n~00&PsiOTy<J@@6zPZVI620@N>-e
z9?xn#Kx=3wz7MgcBKI(jidStNVr`7fiZm~L7*+UkPzw(6H&uN!NmKzz9;ARY!k0<C
z{!BtgQyNGz!b%@@g@+E^akN$YdKmz@%>S7z*$4ssx_ScL5WK@Bai`~d5L{|}y=pv_
z_KKqkf^MgvI}Qj>;6K}mns?ognEenvBs^znSkFT?aieVx9wjv^qg=D!y^ghs4)4gd
zywjWH^x7qd?t2?ZI0He#$paC`1~QHfgdC^0trNcO(CxH&He>0wJYV~5HqTlpJ)8h9
zK?(7#$SQY#3?i7To8Zk^n;6@S|2;^eRI(Zc!pv2IckmdMC0vNGgtJ`mM5(1Y<T930
zi%DFvymRW~sPV(EM%crX{{?$^9<_;w*}vg_4BU@_Yxv6>!{nz;lc+vx64hr-V)pNk
zH1gBp81`>jodqSCvKc(4zpF}E+WtjD!qWBYFy3sY5tx0&9L@v)v%M<U!bFrz&vXmb
zb)^Zu$?(@<^&j;?Y4^uT0PX9HviLy#?p1pTh2M7`LWA}?5?^Yeab(B;?i^wNUPts<
zX;hz;COz~XZJKcF`>&(M^Rz8gr)Azk`FYj*t;62G2H!_}`n%W3=bxmr^H08|jr{WM
zPL2NrwXZ*Zdk*KfhzS~f764yBpuZjalr(G^{YwwP*nj<qet_E5dk?%F&u<*x41@a0
z3VnEf!$)Ym!6P)@;E~4SuPjXel-5-J)AApZV&;Dvox`o*mY(eTwGRH1<6phaihmv0
zaQ?T?5}KTUH9O5wINgE?0=$FMwCP40j90p)VSUdr_a4N-;p&-+5A<A_te?qY`k7V1
zdeqN^Eqx_mR_XUenx!9f8!Y|m2b;0<<=^O|*$b0qM%oK`V|E%^2-9#&rtv9*(_+UL
zZJj{y%jO9LzkEA^<$rrm6TkX#O#O_?zrHGuNE#t`8*5blmbLlF#|@#FpVlZ^^pHAc
zrpe(Q2jcaHcvqTtoLU{zUDk|HcY3}A(^va3SAC9HtyR<PaQF&kHBGQlHO;v9)M^?u
zQ&O>Y0}8i)N7K{1bX!PI6Yku9&7~pdest#dW?OA&vW;>CL<6dej#soL2=TXLox|g$
z!|>ZRYnVU(yO*O!(sUDPu%*(Vi>R!tYDfFmrBXb1u2O^F!rI%rnzc7FMteyFX->h$
zu%{1^R^iFLtoc_-^HJrWF#SmzS$~q^$Esl}i6$vY>bQSTNwTiMEUO=Q7fo(+3*p$^
z#3VU`q^3b@tX0gm{&Q`@uPb8)1Gt^iwU;oBh8JZXF*}o3=8EB_pP1c`dNiTWy&vNQ
z!n6)=za7##913Y2q@TOU-uyjDq*DZbxOg0)FKx#W`qFNkhQ2VRLo!t(<e37A%$64I
zU@gnPaIlt@A{`migvY!&Rw!Bkda%~o+?;>sV6FeO4jru3p#L}#-uH7Pka<d4C6|m=
z6(+s*w3epZy+cej74a@7=C8MlKiIrO%z->+==ks3$(-huN#BW*xE4j%6e7A-^e2+*
zVVJ#Os4@2vAn0b#?|S61g~ClvU+UBByd(XTuJ*!?vPtJ^LEH+mRD7ucq+n;(p-KA!
zne5XU@aa&^NjssYY^$*d6@Kb}%xpEAr>qDZP(;_>;Sn+mIN84rm7F0Txo^3~{My%Z
z5pLUG;39EtBi*(wH-|ffvj`cRcS<JnQeSmz9m|h3o)+|D1)kBQz`z`B(F%sKHj%z<
zcwS_L6^t+L9gOK3zPw-PyhwEJHY}2l3&7(b{C5)hvmra!Gm0JTwKtPF|5&064B_Ku
z3zLU-Byrxs#+nM=bsaix-GGi;cO%%$sHrdzvz0Zri&lHtMeE1c(bstdTQnkTf+!iD
zAYO6TdLzsgYtCBYj!dc`{1=D0VQI?&cJ7lgSp)u6Ga}CK`snOGmCr)<t0B~e<;7^b
zp_w#pa7ZTLcJENDm}eD-SXKT8XYV8Y)5-e?|8(j;mjB~b4gd76#@|4kYHsNKNV~X`
zgkH<Z#OJ*m#wlr%iGTQ&o=SV!Mu#}v4BV%Qb9E$~Ca{OVeF|4lujDbWCvnULr-AtF
zy02va0weV=FiIU4%Kim=*H9^F$C~K=1*^Xz@|2OvQ$}g;i_E{^-Y$&(vj!Hdq5cJG
zdC5eXX5w!Q-F_w&?f<VOHJw3z<I9NrF&IC3FQH#6?j`hV<-Jkt`zEUTHcG4aqJ2Ni
zlwZ3<&ozMWO-!CLHdUS)yEY_GHC;}+CllnPvgX^rjgG>p7-nmXw14-FVgG*dTx0g{
z0IK&8!GsG%|9zP(fyTcB_pC*ZN3JLK>#(JM|8iLBidUMk)L$;v6a8BF{)Rmb`+BI6
zx-kwhMv-^ExQFc5kM1G+_2YZk`L7GvemyRTqhQmu9{xUVx;AiU3~4w}!67gO2b5$o
z4Mw;>r+Q0#v=~|Dm8i;<F71fHv@4h6bz6E}j@Jor?eH$yh(ZpmixKUT2U>8%K6&-U
zZL#b}R+eF_$;Gx&SdxY;MjyVJsJ=iYi!@<D5(!n1{<<`Qyj*Q+E9*m)^BPh(vJ=~`
zq&qR0{l>v>QCVpGZQmo~r-L>MEZ6}G)6nS@eyt?fSR7RVzhmHcBK%Gh#1~3QwHM0h
z&zpqRs-QCB{Ljh5`OE1Kj-5}Li^Hy(yPKo`RL-56^?2f)X#LUDMt(=B|Lp7P`U=0Q
zl%I^+UK7U$y;hA6?iSIz<@Bzc-u<W<`)+bKcfUN&u>Rij8ilv2T$aLvy@#>!L(EK`
zEFwWB>%#Vz2HtM?T+gAY4uRz|HLzUvIgMkHHg=)F@#94Z9C%P7wfk9~MdcZ)?2?F#
zXMQ#*9C&<Ps7h_eatbuxvEL2L89h+J&zmv!Px$m!<&GuDu_|{=L+c;+Rzvdxe`%C%
z56Kk1#`Y+}9Ws)B)moX0i4e<>nG>=)PU%<43CP|Q?qpnEGO)XZDMmuq5aauE;DC4v
zc{AOM$(*<^uvF7u-k87}c|IkPPiX`EgAoxg@DK1e#OTd6d54-nNP<2`!sFX-#2lXt
z>zetP^hz}Nj)aG+KP4jj80oFHh-4;@RWOV-fnu1A?X_@V7*-cl!-1(RDLnGO1$o3U
zG_L<r7XQzFzhb|iz;BH8{Lh<B-G8B}7z5SDvZ-MFozmXrjm{t2Ln;7M<GXv_h}EA^
zQx<rf8SDG6HwvGOa1@b7SiYKw^?K~TWW5CGgpp)k$d@E~Q6T+BFUCka>BU&-J9;ru
zT2C*gNh`_4N(2V!GkQ&O2)skD5o<{=8VR{s$ViF?OPu?dVTrd*6ia;6wyg#$B+rk)
z3R6uKD}3`MUG-&O?hHo2_kdR#!3UukgH<1rj}d@m$;BaK;cp`R0rsWG^NI5*ks+tb
zRT1Qi+r4t`fAI>C>>CWp!sS8@zKxvk<c|ry6e4Eg#7Ar<7IvgF@n(v4COBWjOgz+)
z&cs(s82m4Z3I8WwYIHtw1v-XYCmVoO_5R`)V!>MoU8w61h*`g({Si4|KYvK(YhuKF
zReZ?iYwSgIz9t%xbD2CXqUMXVrb%kkhStnAl9?@_Gg~0N?<E+=O7E@G3wZCHZi%iA
zH5en9oWDBIb+~3RU56{!?<MTF!{P{fbzosEeoq`_K?(xD`FQpe{Emg+iR>)js=3OM
z%VGFGoEP=xn!Q8u<a)pdvGMg|i(<gz-HX`#8amKfGxAz^ocLq}Jnn5z=i!Pk*!aJQ
z36BR}Xd*l|0v{_rh|&MIK4AS9+SC5$x6$_hb1|a-m$3fd_c`tV9iPYS|K+jPFTDR%
zx$+S;QSm|D`!V|e`}?f_rR`|{%UToo&X1_M?0p8`*S4fJi&|?(T3H$~(w^<;NT+{B
zM>?7Pj{8hKVimnQ+1Pp^`2<o^&<MYn9BaHM-jnfPTZaEyh2g)*Q9RU^;lEEA{`)jG
z{a?_;^&*^G?EVjWFGl|}<o@qYq5a?AQrmy)yommPl0y4``V-p!>Q7?h@8_B@|Lauz
zYgsJ(TM6hlk{@jQY*Y9VWOv0OlvN^Y9kxGZe)nQjXd)k5kDr-*l^~u_xLv}{_IwJ@
z#N4N;Hfax36HgMqDTNWPr;PCTQ@#oOso|f>8k!GTP>x)`C*L9KXNp+AN8VxUXEM_D
zGbf`<?`X47@{8*#;`~Qj5Z+-y@W=QBPPLfFliF&SRP%r7qMH7@GZ@Lg-SdokzTvNn
zmfwzhF7|p*zK-bAw1fNPZN_}3CNhq#b7F#q*?whUT~HxyDnnXV#k!UjqIZ{2TV2N_
zW?pN97p$IpH&xNy@Ua?XL;YXt)54!P$|M^pfxxl#p`(l7x`72_@klEE<LQ5*A5qCK
zvHKIrZ_Dkd;BC^=n)MJznWOP9`GV&r&ecL1=}BT<-JL#C&yQT*ODV7WFj{$grTpip
z<$pgRm#@&26F&y;H`I$(yTaWBFJaTk^B$o^zKkqw&&0M|;39IFmWZpY)OBwM_!&##
zXRI{+3BoGn)BAjB9KFw^_nFdYdT*xpW@#|JH*g`(SyOghkit&=BDzCr*zZyHdyxI^
zTckyY*3kIpDC1ugZGN^Z<u6Aq|57P`Y*EDgdA>ot5%!qr(TWD3gt~H}@)WP6iF0sh
zWS;0#ypnDsPeT(nXpVNmZkVH;u&d{2C#=()hzU!aBkRMz`+(^`*zaog`xX2Bg#Et9
zeqUq1&ws%9Pi6eGmGOTNZGILg<+nvGcPZsJL@ghwly{0+-b*R3dp|1tE9E~&E&qF#
zvi_R#kg0|@4Y6WCGrtCx5b^n#nq)4JOx9Lf(23Xwm>-z9PSOuUE7@)te@FVOL7Tx)
zn*wPwD7B((;;m$bHtk}iL!5?2lsIoT+$9L!$<f?R?tL{fgL<S#+ssIhw!o_Tpp;M&
z?$LILjzs!37irh=D7hF1BvG%nPTzOt8lEqS&6njg85`b8_g)+}Un7p!N1d-I?M-Cu
z?f;v!hqqGu@b=bqk3RoV+Ox9u%4mCdE3G$$wYQ{SliM4^+OyL3@K$n#x7RME$?eJG
zJ$@=Q-qi5+3X_`LUIA<GP1+vbO4~bzwU>QgO!yrU-e4MQa42mMZzWGh1YT%xA_8y8
zQwY3?YT%s}0^Sc^V!l#&0D*bLS87oxUB3yN{uA@0iFp_lVuoL{L#$<C##;S3vp?1l
z^OCxM2&$i*4E67ii%9<jv4G@XdXn@{Hs6HxFYzUk1PD4fROuiIIMBO{BoJEMC$&4<
z0_vcZD$j)GX?A|`6f=If67%9{dL3pj#Z1GruV#h_^t7*dEA>G|H|{!u2p*k_jDueA
zWgD5<6#G_Fp?8_kF*(uZ9c2<nU?<3R7jZ-v(GVJ$#`b#6LNu1{rkx^jX}?Jy`s>jo
zE!j4A=E|b3x4_o>t`i|-^;`$_dUq&kXuX%ch@9~(mXT^I&MC`CMSX8b!i>B$c+4_V
z)k`A>$Qh~f<cw5#mMB0FwZ9hD-_MSd{#wZTw^#S~z2b)YoA_b`e6sA}t%%E(SR=JR
z(}I)XlRY=%^Yb<2xtR@#UzXjY2rhcWgx?16$?;<$e3IHeoZc*I^8Q~a?|<4J;XSsu
z3v18gYI1w|ti62N9^OjD;q5)=X*Pc1j)m}3ukiK?OPh|Ll=VNVTK~41^`F<^`aiEn
z{}c80XX|fN*8g;r?N3w0oRRRnI28~mYcJ<>i@N`hs`h_d_5RO#;$PhV3!?1*%Yt<O
zS9WIp!7<=*Omzqz7o>!(&tzY-*V|YfTJN0j_Vf#yP0!1Zgy{L-#<2E!Hl3c!{hN3s
z)W3Jb+ta_)e0c17Bm|EmjB0qic~(R4IQ7{^@lo-~5I%|ydQG6`vjQP{xrA5u@AS-u
z`nT(uM*H{Y3EDsCo=r^{8|=@q!=e6k)AZ-Q#~bQTUgP~4$@)VNfQZdsDEXwKuc-5I
zXhr9=QTK3NgDd)88Ou2Ju+qa&#;H6_#;G&X*xF!F&Ny{Ox~-OSMxl&T>eW`IQi@4m
zWO82S50Ufrt;68^)Q?f&JHkJuWq7`F#o=epkxY`B&y|{q+!>&*^qf?)P?eKP)h*sc
zbXPS8^DV{YeDSaN$k$?(fXFT<)qwvQu`=Nl1mBF*f{YsJwXcC!@y<v!JG`#cG-uWs
z*BFQI-qZqzZ+xm%fd35P@t+{MEL;zwhF4F69v$L=V7?K*c%F3PsZ=BO()0Uyhj>g7
zj|$>uX%`+z>!~t8`|dRYd@fV)PBjQ#=$6Ba-SQd-@=Jx}CAy4F(vy#{?nytchVOW0
zK#wtTz6<NkNHs{}-ebW)T*fZ~?e~n-G)Gp@RcNnTkB-9jstvQ(Oy?X>zktLa^5|#m
z$l8x-v8oJE)g1_AI7_PCEki!R$!gc%S-S-B0$n?)|L^T!`i=$GlaJwYw~$^sox;IF
z&RL(yvNX$%-M-!{U$KzBTUQXIsc*F-2qNNjud=6W((&oV-CNRI<jc-?WjE6PmOFwl
zC^GV$tK^aMC2{BlX++oTo+w_AesO0okPZ+P$iOfG^6Go=DgZRSHA}*asATv}D*vW4
z#~v0)9&FNw^Ov;qSddoi$|}AH6*cif4Bi9=Z}~BSO%P|Kj$shDk3!s_+?WtI79g(s
zG6r$D{ApOHz@Ak_QzPJ_jYZHi1TK=#AICN83j^SbpJ3bU;<X5V@LlKx0l<?C0Q-`7
z*y2=V$Z*`Ab%~gfh&|wQb~_5+O?{I?qxYY#_w5yb>NBbZZ@=#Nj+p>01`Ps~O_Cg<
zUm7+LA8jz$vyQlT`zNDEeRUugznmW(e63$0{BEAW1}hm?D)7sz;CIu{$AW^g=Nz!-
z?zdM}QP^FNuq*g(PaUiH*E9I7mErdch2K9LfL}X-UzDmI-`5W2ObfqzP6GT&0KY;6
z{GMB=f#2*T0>2Nxq=DaC(^T-=?-Ch)%}^QUlZ^bL6=Cp;QSyP_2*0l^0Ql{W@Y_>?
z-@gn1znv8LEnPstl3U%G3&;>WR;u_~hTy!PWC*^4Ro$_wGxPuQwK)3(^_KOuSXPWz
z=-Engd{H<A^bUVYo-e5OCap%#2BA4-;IDw#&qMmAb5Qej+O)$vHQ(XAzrdMwkT3a&
zqh1sSgw4lKq%iG1rV`8)e3Pxx*LRVx+(5pPZH2!~p(>l2_K7-)WF16xl62!8xCwd(
zJ=w5olY#zBHp_XYr~?jG1!_3iD7C|?;$$QIVJ<2<HkFo1-al0dbQ@uC^g&lAr}st-
zg_Dp)p12$Z)u6QTcnTNT$t;<CNiSS55&#X$b>vy9u>6z#{`#yoeuth9UeC_=m<cUK
z^=HPguW$Av^n9E^cyVY8kin%(P-#VC=im9Mo;h;UQ<d5go}Vz(Y0xT>-&S<i#*>}G
zMR4@Je~hb*UF?!7c=8Gi{#+eKEyDtde>u`m3(ISR<lihIYXe`5g?90ny&|Z$dxAPb
z;D6)>`P#$cZxt&1{e-V+^&l_s1GhSKwE{n2t5C8{5ZkA^x(mMe9b`Jm29thkfhlB;
z*~JZm#oI4%PVpGbvHM~Yb~Z4hTJ?}Gew?h&hFZ8M`oIgONh5@cYP}HLAc%fKFMa*K
z!^WMuV|HKs_Ziy&7RzkBvDHraZ{$uRi0qCX9Q;3W2VTd+<CL78M!~Z-UdY<&-XUat
z=jtSQ4R(<isyGS{<pzR4f%+XJ1Q_5Hrs_P-=C-3LR8RRZOx3Ic5^&~=-$01GP9m9=
zh!gU@$l&&6n1RyQ-`M*qPO9s@BP<>k-Z|-CV59Z{6+Q7B0dzl-(hLJ}IQO;@L`N!c
zVq6ZtbYe2}j?fIg_ys}?#u^dFnlM`cU|u8L-$4MKy^gHYu4#5(murQs0c5Hw_Q%`3
zGg<()yhXB$yPWBV?0oiiST<K10g$Xox>>&?SW@o3!agSm5HMS)Du*x3cJPi`c!JQe
z9RG9h&e|NYwxoR8LRTNVxDP(#eks7K;TheYy^d7l>_=O2?mKM!(n^@L3ZVu1ANhNd
ztN}>+yn>NmYD*TpBLVAYZFa|Jt#e(<FI@*6g$~7;1Y8J$lckS-tPg&!1BRv?W;sob
zk2Nicn_<&rZFVgUEDzg%r?9b>g18G2{_W73Q1T1^eEH~gq5K0sk=Q6pF5OZk<yf7Z
zXLSu!$4&oyd5ri_`u?}%{W2lq{pueYc^_Z&UuEZH{vw~WR5O(0KG)s4j`_0_W&?w=
z<U_-d2L<N*5TJ;2pCVpBb-MVobYryvkLI-CiC#!iq0UKhkCZnIUL{n*B)tMCg>Yxs
zo}zO1^)^3CiI`!<m2rTE#>NrS)?0o`n0RUCWt5s3q~USMjRiht)W;y%$P4&|EQ++G
zyO*lSlS#UqJsz}Ft<P8CD>=g6QFs`ThV-_MDNupYJm?S)OLv<|8YYvoZ;{#6#wqqo
zwR>_+20tDpY4?sY+S9j(u$et;JztED)8g%^@ec71q2iog@SM{T5#vYLJUw7;{926W
z;0O8z-EIdzzz_VdYt|rNziLVncS!AZh?Wlv;s%E}V=r<@GusQu!2cwOJ24MOAh;cd
z_cLs|9>fd=dkZ%DF3Ed11%@%fXczA^4f4g)26Yn2+e^B32C#bs2En}58P)QqW<4MH
z0Psn<1@Os789Tz_Pk$0{wY?W1Unb$%wFrQ`P*}$TB>Wp|&IdCXywkmaWt;t<ljrMV
z$y1&qCdBG2Fky)a$wnd2f!mR-8wcFY_*A1a{V#jPg?N~*nU6Wd>Hr|uY5{H@61G+g
zVnC?)0})RbgMxU@Owt2P;_P$~yuDJTU+cF6;&B;D${$@HNGmF12<Y)dVEGUQG4wMd
z!S)UQ672Kn%XZzbcF%gFaAt=?R~_&=`reyrbeZkQK030dO70Gb$h+YO;A2uL{YJZt
z@{DaT&n9)!v_cFcb|4-}5`68gfaSM(M{YF)cFF!{q5Ka(G-2R3I=%NxNFUzrNZ4%x
zoOM#pWpv&zR_0xutReR_&a{^O(CA0lzLuOFRp}lmp+9WqBK8YG2sG(^c(+<=y7dXX
z3`}PUaQ}Z2x?E)wcVe8kP`K9aYn6!f#egyh@i74EW5Sy*cmu!P*uyjd_ZUaG1bCr`
zP*t&L+-ICO32u79Unb!Sb5gA(<uk7WoPV9QxO&>9$UFqg@nfC~$!;KPhY$gGe<q0&
zHw1>kt$0-0ds{NxLAh%`Vu^e}Xjgwk*;t^u^*OM54@w580$8oR;Qca{BXY>W^N2~_
zJk*Y0qkO6IQ^YNYq-*WTly$eL4+sie!jMqD^ct(!!k$blHmkp&A|O0EDbPnBeWAur
zur}WU=cC$ToucfpqEmE-6_siBPbSPwE0SiBY@vxAP+sw%uY<$;4vC2HdTGQ5ka0oW
z=t$oWEzg{Vd(0?&{qaZipK#`PyST$%Q4QE45a^)UuXb@Skh7UqB=o)>qwT(4M}RE0
zf(FeF5ydB9CM*O23qIg2q%BqC@aBz9U+NLqLMGwNPYzumuw3xsCuw)=SzBCAvY7;L
zo`ho^E(A9^vW~m^;J#`r1gofADP4OGcb40XpR{EG6uCRl9o15^nc~^b%hX6y{a@>T
z6|7(H8St}$<P+GGQ7-**MMri14nZ^d{?_m)Hog+<cvvX{F%5nUwnNH5{7;?U_ZJa5
zF<+kWG-bm1`Oo8$z;pqY-s>Rjmv-`Z+AEI6qq@i95Kjf#Y36?)&VM${Kk%oc2m5-R
zmvsP$ATtSvhM%+IBEUBfOZG~#1RI9>QqL<(a4PT>in~VEK?gx)VgQ$-r+O*);ud(&
za&V)NwcC9$dU{;}%R!hpG^f9ImY}*6f@}oUbUVEd8|>bPjrOc+IzRw1v+GJ5%I7w5
zAP7Jk;+-PYfewAHbM}27d%>6Ng8u_w!cMk(JKEEC2+Pka^cAFq7vj+9f5s^uwO7=~
z***0-!n&it(8D4S^4eb^uU$c4@H=$JL16F$iQtR7k@&lQpU`FgN&4a}$c982NP0Cu
zj9-Fu1;cCYh_rSh6Hr{c9kAm`yKXP`80d&otfz$b@;_4OwAsb3I1<<nAKS%;jR@Ih
z?XZe}t49+AOm`q7oS%y}A<BCXkW^#p)tIW2SA#DZjMuOtCiRN6ti=`KORmLNv#Q;%
zJH6LA(yK!=N#rgEk-H+NvAsoDqs*UpLdZJF&-;*VixqMKOe*hrpP;2}fNl6<Qp48|
zp_-F!t3^4cPCczip;HKldK3ZDat7zL4knv`psOXaUqAg$UIRv{J5EK|%s!`?Sp{4$
zK~^A7!{2Ip`NVBRY~IW|T5=02jeb%0i+}oF6t5@3f1m68eJ*IqomgHC&-~}{oDX0B
z(N_@+a>G?>4D!-t9Z~vv79L77(sl%6>x*m229{%qF;cR7qEI2}A1KG&AKWMwr_Lr*
zxhj>!Q}`UI0)fLisXfx3LRO9}5y5%!fb()HU}6Lb38jD=KOgpD$tIKld>w2LB0Jss
z?#!MX?1s$(e4v~(@KowXjw<KKhsgU+rP2^Ork?}!F%5ZoLGUf0Z~15q$uyM*E-}a#
z&%`Mx*Wf3h!1k;v*Zn}1TP1kTUh6vQIeVAO?;BP*yYBSV-)H~++w6+>W}iJcc_++c
zm${VN7gj7o8Q|WU?I;60CO=)%0l)TG2Py*y*qLe4=wx>5&uN7{N14o1o{y?Z!2uID
zn~mW(NBx7n1}3*z3vhM>e(3|ru<kfrnXX|D-vbyX9B3En|2n()t3B%o2%N}Tqdfbw
zP;nsMp*u`@XDMqf!KXVw?j@?oKx@_bQG+=$HFNf3AdZ@?{L&4uNNbrmia^FMeGvN6
zmXvqmmkvnI+TaS{IvgkKzzKbguC9Sp*5~{&P(N8)>`ok*Q4Qk4Mc4*kJRDli@jVp8
zBo`Jv!q+Z*c^V-(4(~*XHB|sjjZ3y?{pL2>04>0tJC`H+{RQv}tkvm?gYovloIb`7
zbJ_@OwQhAi0F|%9zWXiFVGGcm)$YydV~Pb`#^}(s!o_n)$sAr_vh7e$vU|s;0<U=-
zF{l}J09V_V>R=6BgHd&1!F0-~xy6Y$OD#`rC)!*K@Ck{5bgVXB=sP~uJhc<1IwIx?
z@gSn1-%lbMIs@cuFlrHKGE>*B{^yf94p+|MU9}e1%{F@$E*3j~fM1%I?DVdxQc7G$
z2J%ZEPPPTV^Ly&4z9DUPzqD&@{DMj)&8iLB99Ue#myAnbuOaF)y98Ts18LHhwE<>6
z(|tA2K5f1~vu*Z_ROo<_Upf{@^nTk7<5QDehXM&s@qCV0ZO{7E)hloVZD)hs7hgr8
z4O;{FhxhHi;#AsOY{yldf$z8tS>N%+w;}NGORH@af5i_j%<0jL<!{}KEdOu!MPL5G
z-kcuIUHS4!JfWzt>O*1C?~)u@r`)hwC&_YebLEmv%a*WSy6gn5G(4dzjjZCm1O|kx
zpC)w#J{r?WAz(;nj-#x+2Ua?ptn^v3(!>2%CSkvR)XsM%SsuP*$$8wZ0!(>r$tKsK
z;3k{+o&T-#bcJD2`X#a@K1-K)kAW?5842V3L-dp0BHzPi)mGr}K049ieSmCE0oW}^
z`Z=NETs(4gqZtN!mtnBIfmSqLEP&MWT99u+)V0GpIdvCgdF!zB$!f$!?ma*<Q92cL
zd!6F3z-IY_<YNJlfNNpgfR}Cj^OZT`@rwPxYMi&HuXko0Au|S?26}Xz*{7fm3t$XM
zE3L+c2mpur3<3^67E*9P7zu+2JD?bViav&BLd8cD0V>3M5t(Ta0?w>e$lB|^Y6(FG
z0w$}XsKA1QvP#@BT=w6V=m>zMVWsO46<DWsBJ`Kw4uT4H9wjvaKssdn!Zxh{A4zj{
z^QR_IGGoC_%`aG|F6K)TptSfGzT|1-#e4&ejx34IDCXZ53I{f0ORcbwIehA#7#P(%
zu(>;G!oze&S;^cvp$^R5?SM?P&bcqOex*ax!}an+Ae-@BH4(5917<9`7V1rEFHb6w
z?@2k#Qnh_fJ)H&^tjp|wv<1gy&+ganS}VU`gSw0_xf6;&Kqr=AzQi3zdkmn?xEYYL
zk-Fhdc8V2J9e^~fC;>#@G)Y0Blj2nji@IO}6lgSzD*Nx_l$9{9Sbz+M{wQHEo|(y>
zu0iomy0~>qHis}uD|Xr<b%<*Tlyp5*o&=TGTuG+8N;=xAB{$d?-v<@>LZOq45XrgV
zYh{OZ-V99)lTacQaDnqPHUZk=pRYhNc`dGO@6X4OwcUwpNY{1&TifVN7)*WCg?;`Z
z9tsbl^?#5KyWinvXqja=s*-Y{pZ;VN+<d*4&Ctw2@Caf}L`uF6rH^YS!q`fl2oN%1
zWNA_xojeWW9#>7np_VPlmaw8d##3$-3Jp!4iS5^rnRx%MSTkXbjv-=A#gpTeskn(F
zQ!(f+)l~F_zWRe?clQ48ba^V?#;N!_K)~UN8Jby0ZW##<30zB>{kKEm4AngR2E3@f
zFs~U~d{+;$#Xr0=`WCn2X}ZlByl)&E{26ILFd3V6-l-b=jnF}V93A{;k7)*f=5PoO
zW>445fFU^?4ibXN^7yB#$Dc&DLyu;|z>nPt47`2EzXStwA5^BHZ#|iY+&fg$&?l)S
zJ$pipHlEQj)G5{Yx1*;=IL0ZSe-2ZM^*7dLbDY~6%29t4JUn*>A38!02gAdI_>eEb
zv{@)a*7}5?4Mtw;_rMcv7W)63quJ~P>A^MaIDfZu;c4oxRw~%BLTB2SV)EG`n$|JZ
z`cF_cmXtlLEgQd_v})rk;Au%Y|Mbwaa=Ry1L%UYE4X-ldv|QzTtdfJb;t%kJ1oDL}
zn>UYsU}$ZikM?B{miVXnI`%%Uhj%r4?ELJnQ-3IreCPWb`8!4Uoo{N$5Z|i7kF*TU
zY_fJ@gnIcc3%-?wDu6oz0%jQ}N>@R;QraF2I0LDHo`H<OrGaY#orr^uz@$UT)Sn}o
zSIeu4GPY!6J1&qIhzqo1tr(^KhoBXFB%73`Nq22*$0@CB>qlET{7Q8D66#~Am~RyN
z<{4ZhQt3h!ytJIDC=wmsaTe4u6fciM&NCZip21e9xW$>i-d=G&ez31c57gGoJ8D2(
zOSNk(QP~_sBaU?HU<x%?<p5Kpt0b}!*^9xA)P9}lD#+L-R8`Uxj+G{-cmd=Ad(}YF
zPrK+g5T-G>7LC=CkiJ9k)Fw{O@T21o^DiRaLT0QE?Bl?UAPAm*JTL;9!pi&;({O`@
zvP5dyA83GUBfB=iwV7R~!L@~5XTr6WT?=rX&#nvLdJMZB3)d6b^)$PudN!Kv-7m=V
zg=$Z93xz+B4MwE#O9v%q)C4D+ZMR7ERm2IyNPItt4QYC&L&V?7Lc|z_tYfZ+w4Of>
zns4%gO8@G08Waa0oIupE9S-zv*a3*hsmz7#u@wMB$Z`eBng7rCDT?EXZ?c&j75IEM
z@lkpIZsMboMvf1W9Zyg~LT1W@Zg$Y&4P^R5Zgv{`xZoYi`YREKB_lfA9S&p&4LaP}
z#q+GUTfRnzr9;$V$w)h#h8<Rb80K{>(XVczKnya+;AtTsb^;Ki@^)VD1oX?PcDbA(
zAinm`NFcUTAa*byzBder&ujIk_Nw?)3LCCe1F_LjfIehb0D5sl0R5-`6#~%bDL{vv
zm{L?0YCi|smkn2VXR^y};a!?tR>R|6Cf-@)I|1+V<+}pB8zbM1#k+~}9f0?d*>(i)
zdGbu6=!4*$Pr-YP4BiC*-oX%fL)~#u7k<S;_+2tP+Mpc(;p3t}xPYiZh8Gol!$t#m
zX(oKXyetg9&wiW20zMJG3!t<4QimG}eDA!I!1oyV%Ln)#8x_98-AH4=_kIn0H`Sr^
z$WoO<DT8kTJM8`VO^#q)zIcot0o#N290#>nInb0-E>zU&?W<(Njf4MeKLWe3eALb4
zUke0#&mcVkd%k!UyeAvv9lm~6^z^#+_Y~?>1*?R-G~Ei}Ti|};dZgI}XB7JZpOR>2
zX?N}7RCF&gu`Tc?Yymq3?8&|Sr=stIKj}vBA0WHnj9uOc>uGiMUSRq!_4o1&7`FsF
zfhNyHS8Wo=WM_GS;Xx)ofE|!mz#in|gE8=cL4Dp>d@#*kHLsN8810xhn+|PW8QJ3V
z-VBv2WF?De$?{MMF(u9+o<z8X_>z2B^6+&-!=%?kmEN$Qp2OzYmRf=zvyGDWD7$JU
zef4Ad>JoA%uB3PGERVIr9*DlfSiFAN{xUUtf8Fq9*#3HHBkr%2WRB1=n~VcGPtr{F
zdxLDW$4BEv^H3(54!_DH&nnw-=)RM6CLBSa^D7^1zflKRe1-0}ra8dQSfX-(W&3S+
z6%HWWTKiU;t2n6#k6u3gpT}!6y%zDhJzmS4TImMLiH&(y@vk;YlQZeV!Rm+g?BVtB
zF#NnYVa^en1`!>DiBZ>^SK#p8Kau*!d52D8R@`qL>3_&tyAim$X$~qZ?F}TAF@0T+
zkiKrPuYC_@Ik;{W(boOq)E!~&B!X^lU<-<2@PQE%1;F<KgF`$(o@A8Uv$liSD6U2G
zgZLM+XsEPZjlDdxo9Z9hMF?AIC~R4Xumy6^P5CI=^}g#;VgWjd;ui>2G+Wn~RJbC}
zdO7h1S!gA8k}<@e7y0Zol(uAZRDsm_4ysZDBsEJSP9SK*b9jLXb7uYRPDfwvA!N#k
zU&&GQRhs$>)yW%5%H6F47PQU>99Z!ZXV$?<z0n5?y)f&^`9i-it-Sk^?AbG};I4Id
z5DEu!(M|m90J65iob|YNnyl{q3l5_o(c0!6TI+iRq?M_)ftFv(639@HC1!1;;}h43
zJET88Z^xm()$YLJnD+iOjB4}dS%vO-nSlJ`1w9_Dc}noMad@W~(9bA+vrti|M>mc1
zol}w#)W+c%WsgptD)@R-*t3qhCMXPBCB+WN`iMtD{3R7r0g)hox!!=2dN|NaD5;4l
z6V2M?5G$q2VF08x)^Y$=dYl0@3Qq6CX%4T&#xEV1oKfw}I_fr{dwwS!MTlm8X*sNT
z7XrmV5j6Z28bSzwxDsGPj6y$Ugo8GcXLCCsXZ`*nNI~Bh!Q1+7JE9gcs-$T5qqf;I
zTXL>G#6FRmoVCF{)FGZw<%8DEp4O6c-@q>&1`<-m4f)Bg0FXp+N8l>de+M^Msad0v
znl)e?cHdlT&cJq$WmMaP>tRfM37*>BcYJCWz9bL5+ph-@xLImgmK-DJl$ZYev>iS7
zJ4gJBfVUG5@$}wrb!Pp=7nhKI@|PZWyOH5Xia+dLw}H;f89FcHHsK`n6?DglKj%BD
zDM8kRCqfrV+xwS$ZQwfS<mZPP>g25NX$P~RgMqbSE~%JL#XHL&jk<v5>sx6)O>~U^
zZUk|R{|1Snv~hO|%>{$!=F#LXzSe_p#u|c25UpnTP2*Fn7WlJ5k(CzZLlNKtVGKMT
z3xCs~s5dDprTAku)y<R=8k#cuP5MLqU9t@r$SJVH4M&IjpJ5-<N660mfIemc_NaGV
zRA%?yC~d4rVGi>3?qd$`WTWEF|7ivKTue47DKlT&Kx0szufV}&8_37h{`RWxeLXzJ
z_X=Wu@5b=&UBkY21%8hlux`7{Z-N^Io_#G|8ZMvxWGKCbB|KL4lRr?N!iD?e6Mwv*
z+Ue{0XX}E@wf73dB45pyz44`=*VF}VvoRTXOZLR@Qyp{qWg&izx8M5(ZTmNe+J7vf
z{YBeix39zxek<-E_SMig?tZB*h#we$Ikf>Liif3{FVjcY5uxulX`in?X!p)SMWYl4
z-?e_FgKZ6;Hp)+Xz_$Z&8P%esiu{X(pEK>^_OOBey0DHg3g|oYoQ`p9fMOL%4(kHJ
zg-@ltTL<hS9>{^BWY!tJ_+}k-wlE3b$X+FOw5B@=$wQkIatr3b<)QwFCg7FhskG>+
zqRq4*UOc?_)_C-3+w1i9NOh(kRr@wo^2IH6$bkP1B6FPGb6)2V_cM<i*qvvEtU7+~
z)5u@y_Vb=+5zb12gel~UpC?e)54i$P+PfX$a>D@e_V+LdW@Z}!3F}exom=tK_8@V&
zfo>yoACtzc0l4?YUrT%3BbD?Tb=elcb3W*eiz>m*s^POSmGnRqdz~O|#U4FD&gKw*
zP&!pI4jpZ(<!<m#yRrHlI=e8RXk0@6K-#-Hg`@8Akqn?M9vHpuEp`ND9UQ(*7{(7)
zliephTpDrSjsgzE&*pEs^M?+lJKy)PfyNUV<mjVs5MxLm{FFi?Tg_<L0Vx{KY%-$K
z<r@SNX&xzGkCCr-Z=zj{Pj!k1F_}LOq0?$~Tq-oM;GdAUFD913^N?wuPpzVTUOBIG
z`2G(awgY{AX9zo60QQVG!A{Jy02F!}8XpQRO0ROYLm;V;`nmI@zqXMPU>f)!_8<O?
zgMIOba13_u^-f?<?CCYQqtTm9`gAM6g6<5~QacGt);Q|Eq~iB|EmGtj!A>a&@+Ijo
zl69)`6HZnR(~8?H3Cc&X!wW8~q<GT*_sSGb9lr&PwE?iO(V2DLbsh6ZhMtt6w_7a<
zBt(y75=iJyu>)lV?0nuXZgKBpkr_&-8;H-92!jFL%E~jktjc*;$m7WM2YLJLr*Vtq
zb0+v)XJ9Ds{4Tq9h!M{{sW_{*XKk6ZBcnQSD~UbGsF6-TUQdt}no$3AWe&`!hKa}V
z;fv5F3}Fc&gy=eqv6&-N4RkQA$SI|VZ2WT@+}mg<!?Y*rgE{7E;z%rov9WTv!^kIS
zG{cON&Ro;RJAmP2HeyB(L*qqecTX_i9DBq+!H92>N37S3_<B0xqOyN7-qJaZkN4g=
zbi7X$#~iQc$TXC9#;8KdP@(4VwYa5v0Bp(lR0lz5GOB07x>b<1aTEq01{gfT7x#=u
zB|=R`HKKG2DwWd$U17js_=U3MQ2zk>TG8X15LRKp)?j`bF}5R$6OhCH80%#H=30)l
zA~Vnd{n3KR?|Z7^;W=MCL67H;Ux%TYM$UZ+#WolJfP03kvLbHMvCv&S3vEC3=K((2
zk(x}5imtW;v&I*<db}k%zGqdqPYB{h<}P#*aP@%P*HgARP{r0?T<Z{jSI4(6eIz;S
zq}xQ;Z*LNYQMm$vjv@ZMa9d8_@z1p4eaKW3Wh82-NFQ1jZ*uW)m6MvBxzUy9AB6OE
zX}M;;oZffW6TThal;3hE(YFG>m(dGsGIJweVt|_c`tkEnS;dv-@Jo-|X4m&$-k(D^
zrR?Jv-sS68f}x0>L$%WJ?+CGjxhf))l~X#gC2?)1jUq0Zk4pyFqm|&hxs^i3ZW4UG
zGKI_P1y6nAq!CCW(+>%rpm|aro<j;dMu8~DWmO<{t^gtX>wy{NF#p-SF{ii{{O>64
zGJsFXDQN}&J4(9Pk#J;HxqrjMH9FgUy@~}-WvikxZ<ct2;HikGQGqAi$4Un#+bW@V
zByxY>QXIi}T;Lw5f!55vX_DUWafrAXnSdCBc(w_n@vNEO^K<u-nOORLj<`8}v!igW
zxH&W^dr2){{0+g$y~^<GAfC+?0Mv%~;^*2cevixXbs;XgPI0p{{b##p?RmSWuFIsm
z?G=aP?7_88z>jO>fjcidHN@BJHL^|8&p6YM+jSLAAgP{%we~anLihyd<E<k&A8(z{
z=2Kd|1^?x|bsV-yEyiB%cV_+U>I$7W&*~5K3h>qP^Eo1qPwl`E9l_BBlH`1rn{&kR
zWvzUpbfx*pC>ru58;K{@wqQlpR^GGnyypBNkPdfR>njECsvi-|;1=k{s^jFkbgIEO
zDVVi&($D@9Yy#U4ZBW?T4&v4V3{fWPFVY-Y=lJ5z=Ml`&zcl4MJ#!di$_>`pf9Y_g
z3IuN&fR{Ddk+s3qC2%>Rx8)g|sNy74Mn&w!bVpEsDiR@|2N>smkg_)k9>7)ch@mEG
z_!n4h??_)ON7jB<p=d<b3?rszKaReh$td;)EBK|(WLwrIzT|SkpB~og!;^6j^Cb!7
z(~|(QHd}9aB-wRP5WlmDC;Ue_j??(N-Q-L^j{!|%`QjdAqY^)ygAuObT`Vfs`mApS
zK5q~8uHS<UTrp;PC)y`pKLRz<@Xg4QY(W2kY;ojQB!sO^NYB%K6SAX>4cxgTMRp{J
zCllomuft(GefPcwJ-XkBYcSD)E<$7`N^0=fnqURa7VORMNR*DwPyBt;1)q;2F<pSl
zj>AmDYValR!V5Wl9mt!$gcjqAfPl%};-4lbTTLM9VgL`NTQ@Di?RiMLC6#W+0^mEQ
zX_?el&tAz%bL+N~VC<nc?+gaw6?PRNjqrYF7SnckYzK(ivd23Uzl5$g?+g~j<X=2T
z3LHd|!P6>$ZjrPM7tpCkJO#aHh7qTa#GeprI}qK#CE@gn=4-I>#j6O#x~YgiR$j!<
z(pWxe_6TDz-$Jx`B$%MM+=2ca0Cjq*C$eCU5$`wyh9#!2CGpw7Cy1w=>8I@#7xZ@B
zccIWmd)9aSyh+4vG99?$vy7{7WcepuV$Z4}NmFQyf*%h&Qpexyki#G)<3_@Eqc+70
zoNrbY>(G2suTn_ITr;&m&jhg!P`PQ+JwnA%J)m$q!0gxOWwdzN#=*W;>p_yL0$>=x
z8{>a~{~SLU0aL|qf&Uy^j74^S!rCH!VtLM~0sO4^AMpR2AAn9*#5=P#x;HzrDqWqK
z{{BCLnBfrH0zx+cVux<6bsxrMPL_;cptfKnYCgL;bbq1xZK$u`5#+K%(<+bN-OGju
z2&R=Sq(32!<A9$^5X6CiqAx-v5z*jzDnaD>Kla`QKC0^4AD>AEG7Nz;k*LE%33gN>
z2uTf+fry!8COHSr@KCC#RH^X-R(!z>1c?wj8R7JJkgB~ttL?q*t?jMWwo1kN$Rv;l
z$Ro%@p$hnbGYpRa5&}Zzzt-AkX3jjopuc<n?fsO`hh%bQpMCb(d+oK?<Ga@CV8I}w
z<E-!RqC8BLz83St`e6D-uC9aF!6!T{2Jb%$>`KL*3+LBRT@<}z9qimT-l)a`>8IK!
zdk4X`rAT`9g(jx!Ff0!Y6m^O(1XM*#2Vq#E^rgpfmaBW7q`k&Y4C}`SeQldNj}L}3
zDIomgm~wj~KO`t9!$05^69v<YMzwHD0>87mFo@nNvLO1c7*)SjzaUOnifsn=D;8Ye
z0vyOYK*RS-9-vPvVe(+k&@(~tv=^a{Tk}Ws<$00A;|t-OBJ+n8!nwswJ=vp_tid&k
zPITZIjMj-QSkf{<3-4WeJU~xo+S`xjTI#?T4m)`N4Ih7qW<4%u)(f;Q`83=&$+Rb(
zz>Sxs{@e5DhCCd8ho|R)%3N25$B%SUefzZ>LueHI;e;ay7vqqNj3Lt!8BxCzz=+PC
zKt$UOw|BtjqwqP-jL7}*{$!S&WAwsUewlc9CtC43Dy>GY?gZ_x^=Qrsba<yCxtfto
zh+(kWKuV8&qYEgk?IA&?Qc<xA@63r%%wo`(Kx0PncsANci`88&&JgY=$g4hzstdpv
zn_gv+mGGFol;L2Vdfk;Mxm6T^PEwFmDXnULF;(6Yg8MR)?bQ?HlB;<+*N(;?phI;K
zOgEF+_xV0g!hrcoKmmEykPwzG-CSS*4dVK#1?2fMufCWjWB1!v;O02fNH}42{@*Py
z_8U6d&TF~-6}`JEJ=@O^{&_eGH5!0ca_HmF3qZ43nH*2Joh8!c<yBF23WUY}Mhw8u
z)1qGUP;z|w5B(^Duvm+_yhodC5!1jBo|jJ9`%B;;tg-hucrPK?dIAFOfRVnmf@JYH
zeC#N<X7~o`Jia7LW3~r$?p+zK0v+$I=%P`GJ@*G@-HtZ$mVzQFj-AoIAWJUo4Ad{~
zL+wOqpKAY&))Wb($z&eE{!oBgq5ygfZNt3J+=^w$>6H5lobRCu1R|CoMdeLFb{k$X
zj#pd-5rK29C5n3mNlA>#&X4>zJjws%8N47JR{xtGtPzAvrx=o<w-CgYwaEl=OKII9
zuC5Is%5r&uPNz+Hq*d2X&1iJ#adp2y{CuRDuPQHQY@nHY9R1Iszfli2tlxBAQdx#$
zFIDgS_kM;@H8~|l!C_3kV@!(n_Pt1bt{~x6U!PK7cyEY-8KS4}0ZP>A-n1^Gw^<DA
z(?GbT@KESdDnWWf#U{ch4uW$zHjt1F{%S6z61<``LoI7E<*{XWVj=KBOw7%#z?Tq}
zdA##|wjhUKL8AVTo-{YbI5$nS9J6P{*5dH*64qkyuhXuDIx^i_45YPiqwO@Z7Up#_
zvpue@d7Qi^k8C{egf_4V?elZkd#kh@<lKrpMp)H)!b*~t($LpzTkM4{OMIb;|C#oM
zE=~JF6XAuZR(5rF2<!MLiZbJgsQk4CmNSUxY8o0-K^DDX{)Y3;!4qr_dOZzu;K#r;
z+HpDtup4D|H7RlzkviOpci4*0(62bNZ>6qxL2P=uew#2oBmX1q^mJaEZh9`K^~MNI
zw%)U2>m4eK5HfVx2j_j=_u1<XcnV(kFQDCpdb8UmpZ7NIiPMxVX`j0HN!Wacx{`so
zJ2f<GsalT>*2ACSyJA^J=4gn5FCLD;3~cIe-et$cCb$^BB%B)_8NN2$H=G^5I&2R2
z3=atpj-3YCFZI*5YQ{_KTzFpJ)1hCmi-Cs+8j|q}l)r~UKPCZJ?Wq}xM2hU!`B%|i
zFx%q6kVhBBrI6sJ<?;b#v|26P70!vZ_kcL(2zwVzRP4iqwu5A0rW`q#%%?*2;IVRA
z$ZwjP$x97dLLao()%}eEN3IZ-c181PG#MzLMpuO8)4;gmB`&EwP+$E#9uv~%@F3qa
zVQa$vb0eL4?Rn_j^`Xle11L4$Z)jvBlB_Sm%RK;M-1XGnh8|`oDCQyUs4?(k3%r+w
zuV5}%`Jp^)Zqa?|%POqL684wk{aoE|Q6f^@5jRFt?!!GNeMRYocv;9393S}1+$zE1
zXz@P8t@<eVxyd8f46=IU1*$fgvsLu24@BvtREs`CSb#eJZ7r<k8vLri$8lor2%d%9
zQ(l8x*!Kgdo3h%Hf)T#Hf?^s(z<RmVoF*HQlOhy<-4u`P^YzF4yJY%`THUmezXR-Q
zq(%QOTwMX4Pn07`IvTeJ3}H8M0nERFW<gM}V4e3x)=8Ta?{CNI*~h!|<=2@!L%Cd}
zZ5WWHEGR%+0jbk_fLme`7Yz+F<PLOW)uaEsyqH@x*}}pol!Y;tFr1es6!V~fWz)2;
zV_Ar~RqGh&#nqC>(yK%fA2VAB@gYCl=~5~pF3Aad{XK0nKinDUSn@}bwh3OK9$SHc
z4^e6lKNqt)AMVF?^Cb_Y!3X&d&enn%zNQq8l!;O84KEc1bfT{i6piu%H@9kr1uYA8
zf5r1lDYa@bbuNak$%92zX~Vh;JHmtX=TD@G#cE-WvIjK7sg;C0k8z*Sb{KTo`4o<Z
zTfJ12hqnmw{VD;5FmO5lAnwdCrUkHj(4}>RdGMs2>fXOn?A8xGQfKwEAuI%s`qMD9
zJ}x~=oAwI68S{<R!r!=A9~}tWVEK=cN`7vL)^lZF)qMFb{=)Ca<7reK<2UE&4<5|A
zycBP_Qr{nZrR(x!S0q-ikP<Uu-hiEI9=w1D6Y_X_1?m?L3p){SzVu9#->hN$=8VQ~
z-eLS^5AYisn=l}+Qs5>n{%W&<TmB?G#3OyBC0gCb1@MBCz$pDff5;$kB>l<Ny_CTW
zhy2WyWZ!c-*7z>NH8y)>1GVw)$49{0mlo67vz6ALwIvk3=EC^Z(qh3;@9U%W#MNN}
zEa-O)h7SpH4Q}~cRUGYPUM}Rv-lB4W%nXeZ1Z7Y?R<^*P_3Nn~66lMiEbUoo^h;eQ
zF6^Yh`G%48^B$#)*y8Qyk($&!Z{mEmW44I@LhrLY%j_9D%j&&PE;l<RlO6OXlSi6m
zrZ*(Tl&i~uhLI+k1xFJXC?E<A>g|t4X0*M8?2j=_&wfFwm$rwHDJA&_MtbrO>V4rb
zAtG6v(9tgK7lM%tU24FIXt|HsAqB@qk*ho^8aqX<>?nGg>w*S^*_OOX#*B?`l7|4^
zr%ZCa%S@0_kN9WmD{p8XaadXA5uf-ndBle^kN8LgxQ<s$)EDK@sw6|CenJ9A@O*2+
z6@VM-*+G?HUxf~9885CTyi$jr3b?>nq;+jJM<PS*oq<^dbVKHz5O53L1V4x*zc9KG
z9I$3~Qf@lNS;7O8&Qpzu17l&MA(eULx_TT>lt+30p1_~ttO<B+&PqC|_Yg}$lk{JR
z2nh%&7}tP+0PN_VRCYw!J3v+t@(<6=6r>|)QN2>cjPHycVJPWMe<5~sryzY){Tz!r
z!FcEYMScWNJ{LcNug=ep@C{b}c`GOoA0_dlZpc69<VTb|0OpwsJdLDKh8*b)W60da
z<lo@=1=(L{A!CC@tjDsvA4o4Bg_hIB8@~GNDuepz=UWrXMJ1eXS{iLKHzS~NCIL}X
z0gcc9!e9tj&zmnQB|-Gw-vCKKw!hD(02;F>)+na06CY%FMuvOq7M}5@Wem@l6~i+k
zumSWB1T$cmJ_>u7!J0fR2!G*LsRU?0l;}?({Gw8n#rvDAI>e&d_Ch}`gTokI76#vs
zMCnutKl4pU#3wd8rETHSC~qa_T}aN)Ef)*QvUswHBW?|_c#;bs`q1e(#M06vCgf{O
z?+*~969lZ7YBx(Li6z-;C=K%11y=7!l+&b%W+qW#QMd{#YvC_9>vcfy(9mH#n9yHO
z`N^gk45@nJdi0IUfwy92z5;|iVl*eEQ3Xa})#ZQT9Sz=lqv>CcVEUH>%EG47+DK~t
zmr`cpK&;){4`5X4k6tGe$NkO%!+V!#CXR)hEb#O<^`<AYI(3c35VDz2Nu}(iBJRqF
zdgx`;II$o^b0^A}uP*GT<%rS0kCpCQWFxo2u*`%MJY*!R0rn;bUQc>ocu1BizZ^AH
zvS)Uov9jlFWJ$AutS~$?p0^NgWASOl`ra@uSdccvQyG$}lw0u_Q`abD7_@2?ldqYz
zd~5gfZ9sLOvK$IEMbZ3*LjDmH_YP?J4N)Hb`c-19S-_DR!&i4RzoEzY6$7MGayH6u
z$a{Sh;!R-^m8yWM49x<_%K0DiT-j!LD7sCHF%v?8x0kx~Ri*;+OTT70U4z7HInR22
z>8VIGrz_8iL6A6}Yh?Mxb)<N8NWr6TSG?2YCS2gY43=);?<7{c3k2CyK<Q8$(K?Jd
z#XVI%vJU@PXC2n<$BA;u_XK%a++uBImf|DoO{*di<Rlvit*2Z3Xba#AYM;r>-1mwx
z3I*Bc`vVMwhk@`Z1EET^4mOYo(<jEurm=9s&PaOrwl~?sCmW-g`MZ2uq2Frgw>r7s
zH<7bq*Hy81OnSdcTT=f%t^anzd0x(-z1(_3{N?@#gO~w>n2|ULp~^iQft)vpO3~U*
zl1w7{_bW(x{)sp6`QG`0G6~;JkT&_Yg=fER4BwNw#t|}5jEaoaF^7f799(~3_RkW%
z{c}Arhu0IB!{~a8mNs@E+(N4Jw8YqelDF|F9Th)-is0habkP~VSPB;}qKlsRMKSTv
z{X#Pj<*C1_?PmyWJDqGldg|+FgIa7*mlEkc{48sbrQU@NE;~zy{qw8Of7tKrir$rv
zcdaKQmZrx3wl`B_C*3vB5WYB;$GzRmE*IYwvoM*}Q@>}ns_)%3kmbv&)bmQ85ofFK
zdB?Kk?~~a;ez~L{r95v;wg<%WyW$b(;#MuNaCJ*H8lLS0o`#m#gg8I+z4SqOaJ($u
zXpIH<!Pc<i)(CYkzz<Qqy_aYKe(J+dQJ9fF9V=-J3WXJ19gWX=pTGlnRv*Wq0@J%u
z3)u+wm<jSQDnFp3>oP$3^7Q)5`|-p6m>W9~<QvIO=fpHo7{+}^@JmzSuBiRoHP{*p
z_@L^?j!)qIM#Ho}^VjoE`xcz_zUnoL`x(Mb@p>Q;b@`JyET#)Z8Uz>rqyi0R^gMbc
zQN9s2qnFvRP+Zc>JK{*IE?{^qj3*4^sf6)l{grt%qmvF3{b{&w!o+W67D<?T3R+n4
zD2r9IhTqiWK{fod9D~QPpR0Sgi}aC73k=y=+{F2Rgo6ExB<kuHDYP2yn3+}{B6`9u
zSTPD@NcRT!WCBkrO;1rXSEkUD?E>lPZ#7YR8uGIgdLsPm{~|qATJW9kfOqDV;iW)R
zD^uvn7N@7mH@ibmI~OI>Q}N2~(o;Q+WKe10p>xucEly8=ed9vuY22a|dV1lB3#F%f
zpU}}0L0^*C-QYL6#qR#}ND8~t`*W#8g?yt3(kKQp-<=xBoJIWhyTvaLe<T*aJeGlt
ze!3#Zkfcnc<;VX!<9mEz^7sxY-5cMxKQC<G<-FKc9o^qf<sbCCu$|+)nDwXb?C;YH
zlK1zt$G_WoVLQipvE%g%-QRaENZH?ilP`3COLD^gP9x8Zd%as5eDnPO8F}VA(dXFt
zQTqJVPyfm2v-!2|(C6*GWcqwd`k$fC(XU-7eZJ>Sq0fQRh0<qec_MvUQ|R-hSGz@@
z1>SF<PYMOMF;Ee{NFMKBY&G}>zK<b9>YrXpj58=V^HQb|b0km4sP6B<ihJ!AqN}9_
zW*dq+jXAQ{V!52K=s513Ehxh;$FO&~=Af0?C$@R=&tm<B)3M4gX7!F=L><LvqlSsK
z%rJ3QGfce83=?XgzWP_*8wBYvrUCtru$k7|UD%;{JIkD8b04&ZU)snbgLQ)q+>9pO
zErqRQ(iWvWX|{PeZ%wJ_f{72LeJ<%3TFPu{U(|f1HPW^}8N+L1^_Qd5X%(c6WPU5M
zqXmvzRnZ&Bt`E0rqNO<Ky)on`mq$Zl{FM9#xoGhwc7v}c8ZN{8@HVW5P#oj}0#3!L
z%eZCz5nb2HtqPW0zWQ?b$d$E-$|5sRd8kY&Im99#+6Cz=_4tcaE(r0l@%V??y)jb6
zg;eN9QFI5X(v{ZnN_I2v4_XCfDyD(tBk?TX;*gEJzpLNeM|j7&d3`1+rZs}U9!~lC
zxw9FPRsc<Yypr26UNP0X3tNTe2I6b}23s7Y8Gl~}t%aXcH{~&GE&QDNL7s-FWxw*G
zz}hwh)?T5@Y_d|6;jJ=wser*b8_ekbJ%BG1=6Fojxm#WRaC;;?ps?P#+-0{kRa&T?
zvg!UK5f+8_J&ZC$GKFc_qix8&uHrrOMJedY-^*9Exum^(@Uu)L%3=^$m0Uum>PC@(
z2dc?33sOxMEWS4jQ%!dw;#U=vl1(HIfsA7g^kaE}72fDvKFPwE=xA<Ln^O_(Mn~Jc
zVX^(rt=imGFUW7~FtE@7L3)E2@A3+>Qiib#pYoA%D`I09UUiK%9#5E3zlj&5t#C4k
zFrZ#8M=Mu%O|NJIi{_?wSlzcUpr~*c97k9gLRv?$KZ*V~>8v1iP}omVq(O@Y5_xG;
z%-=DZpcM|7&0B#hoOF%3#o`U|(ovVRCH%dWcn>h{+%|qGB}?XI3$Of)jvVZ>y>N?1
zdDJK<^E+wk{EZ-N27QvtvCdZ~%0Gb9$YT}r+ca=EMp)Rm$BvR$v5g;wHg0JXAB+$a
z$v@5cZ^~e<!8{kTHq4N7vJIHPIz2%j#(S|KO4p?>d5%4M?tLt*hxhM4BPiLYVYpw5
z#?9`+dZ9VUh&f2a9Aw0-pC6>>`gZu4TaV!_4M@!mjEw8s2`pX@`^AKzKU*>M=gNe1
zXr&rnoClKD@ZzFli|@b$#dMmN+-80lR>8nhL4jS13o!S%^5agAal0N5Pk98syc<}3
zWIbj+6Z}n`SXpSn7gR$dIsTQL5k+gz*@2to;7|HRQ6MhntAI^|ZjL!X3sf@z9a^dW
zj$0D_9c$3vQI_EESaS}4M@qhFcj2MfgOC6O#~Cg#m3$v3xWEKFCFf#}-8e>Fb{mBJ
z27w$;>%{ymqT>Mf*bgy(nB%mEt2{kP8GfnY*dTJ1A&+r~RzHbmgR9$YApb8#5V)m{
z9;sPvc?OPXsnabT#gKRCT$D~w0fj$8n@|pM=c$OFMc8s6!mYRthzz!0HiZ^+hA-E>
zA4XJeMA*ntKGMR~HD_pqK03B}KH;T}`uVt?5>@z`5U2!8=^XO_?4R&E+Wyk^Pd4nI
zAUnkh1!YA-ev9x*IP}<%y|a+6^BaJeI{Bri5xYEhC`MxV_jdA1k(t*Z?EZDQO^iob
zfI<uBf19?=30Tk+`pn^_AHW0{sV(B;9UuEbaI(Of!2~q8q*g&v)uJ8-N_h;+_^27<
zE%JAI?>omZdgCy7M?2?#197LuARETV++)AaFtB`YAL|oKC7zc#f^?}i9JGY<j#Hp-
zW@31@{BH)J9q&TT;V3lMM@8$AGvoX^+m7NMkK!I0vEdH5zr+JF$NBRs<!J);&L8)S
zb&Vt&ULAdJEs{Hb37)(@`2VOGHu7QE$kx#7h^Yl$<B|4>W2Yh^Vn9>^5k>RIKVab_
z^^pyXi13s~+Z7SfMS(4gClZB)|E|#oP=_eL(H0{J-+L+heWJx9zp*h+G6%!Y>-opV
zr2VPU<Fgt)g8Uv1-A5oWf{mX<-!`tgN7{@LMR}@&JX(YdpsYw`X3cY*-NH-bp^pZB
z7`^d6+)0ciFsyf;g&-24muZ7-=l%OSMckusbY91^mF4^xrp6D$63WJ=@k-HQ<XfWS
zQ|_@tB>aCG`Vlq=9>~O`X4DC=@ZlZs@OIR((#ax;^_#8Pogj>KVsJ@z7Zz*mvK|Mn
z-3dQjomLEw1h(z_2rHcg_M8D;WJLRW!UIL6q#Yi3{5%JS{=CR;MDeE)grJ=4diXK5
zp3VzXBb^$JR(4)A;dueiJdV#CqJQQNJg4A!r+|-tjWKTpLU1o^fO=1Ui(vfdoH7{E
zS2;X?J^Yxu9tE%L7Cf(7tjEjY`RnngYdu9ZiH=S9{L{3q-U6O=$YX~|@&EETUUKjl
zj?|=`UroLPAPaVq#LP=hbQ2Npb-`}Q_VsmPbkMI18omJNvsr&0O|OZaM@7y^bM!oF
z_DzR<LiQ$h{&-T(pB-Tboj=X2%L_SwB6#e09A9yP`{~#@!UgVOE_XgLi00yks|@N}
z4J?}PSG3PhV$EzMe056Sk0P<mF!n_`2K5OvwMmWY{v|B8!)`Z=>#MwMdnBcP^JGzK
zlr{*`4ySYi)9g8R`1)Wa4v;QC4gHD~k536-7CXQ3Ie&OWKVQ1@`y1zLn>JtH=DcRv
zaLz>M>kykS3I$Ct+~LbUvY1{TrIZINwnx-Q6gDYa*mZTCi%rV+2W^ie#k*7sQVSKs
z@!Dr&=|4P%AHrjJ1_mB^3+uyXt)9$m9{4)9D%*&df-qtV_Gu+$K8-^PKID~At%F(M
zjtygW5EP>JT}fU;dtQOzJuR3=z3PuzfCT#Q<y^aZ<*zM<&~X!!EvK<`drBptDvFc#
z1DYHNIK|xdbw4#QJT+*<mYFL((m~Pjxp$FA89qp8JA|Qe=f_X?!L%l-d&LF7r(X~v
zYq5BQ<8$A$;he<vbQgX>#Sf^!Oo4_fj257|F_I2HeRr%NjSUOZI2~&ke!5sIM{`;D
zdm3J8GUBK2w&=d}A%N8#_`+*r)o8wlz%s>akH9r<MGJbfK}BJA^Lbb}6;agVoWMjJ
zEGUc+wF)Mjqw?fRpG$&QX=|fkkqkv-ad^e5GZ$WAJV+2Y@9<`au^5ItXSh|6e@GP#
z3MmlTL88tPR*dm9Y7_;$v_U=oIPU5Y;R;};EukEgO#-{Tm&2_KuEtehFjD~<H$9F?
z=t9u0FREg-CAJY<-JaMU;p!IR(MzT?+Kx@WJQ33~l)`=*>cq%nAIHkIsLnC>qrBJC
zBYo+Djqljt^@eM3T}1iU4Lb1lpqPA+2EWY=8_vka(CZZV+{A1j@jb2E&qD<z!0vri
z%a7*R;Im-a3r4H3gkL&?UzjGy)33CO@;ns{kRsJ{T1X093GBm95#LrX6H$(0XRx%H
zy<c7wAAUtwv_Q(9K&y8j7D(9`vLdP$#3Xd9&AlA<nzjz=Jl0w7vf7fdFqwU^OIEl-
zv~$r$BWj}Q(lBjq61>S8136BP(+7*~lnzKCtR3;v#mq#-CjbhD8x1LW>A1i!Bi6i4
ziRd1+Y@m*Ve1II}1DQC;?Sp`W^wBuT7r#&9AfLZ%VNUgnO9$yv<i7*$fS(VKo_{aC
zOzG)=+ch$tp8i>A6J7|9&elJA7e0Cld-U#sx<}ue{OH-SN3R{Id$beUP0&4h2z&H!
z{i837_N5;EDIz682N~3G&~s>k%!^wf2c!R&E)I`h9F_=4cvgcX*wlZ&tDhkxrG(Nb
zu?9YDuowgJ^J8h-bF3Oks3(8SqF$aD$BvF=;}R<SR{WGf79JXxRDV3%&Z?`y@#=r1
z*s!?LqdZXXH#BdeL$a3X2N>T4496CYxuRmmU3k8ze~b`H<=^<oTA`|<nCj{}*4C_d
z`ro6Q7f*r?tKX##WA<*XzoBXR8)={zu7Rl7SFOM<n1Z#wrX}1HPPYuAKmCE4cs@>}
z<dSpqSXP~$rEfy>Y8BYe$9OgrkKh8ENp1iswHcV)9;!))(W6o`a526)h_kPT=7R_!
zSMWHbs8_<j2B^nw$K$QZW$$G~UQFS=EV&ed3lZsCKoOw8Li1Q=Q3X>Pz=oyzOH=w2
z=&hFlUNB{MjU`<cdH{A)W1mcAdtzU*VrEJ87{0>Ot1jZrNfX^X>e!_PhG-ng+n7&H
z9le}(#%UW+{EY_YD46tH1Ov^_iz9)qebGV+r*iS7?_OhgFH<A?t5`!DN%wGL&seh~
zi*?N+|7D?>W92lxcFNhj?mwcnFy6ywo3*wd{+Gp|<;#2Pg(&>!#bp$Jc?}7hH#GlT
zE1#e*(12+wU!yO|;~T3CE<Q&WC&e#LOs><gTH8)$^{VNxoqnIP-(HP1=z$GhN@;Mr
z)?ldm#U0RKf*wTlWPi3D3)GMHM5u`Ej9F}3c8<~EhgLtvHsj}G2tU+4|3e<~w!+8G
z>wox&Ri)L}qBq&OI!xCtD%H{OwHfG%xL99*FzSz}*8CAX6Tt+zBrE2X_%fj!y;*Il
z+p3kLKWj`VN3UvbiD)@`mH8!}!*cZGmv}xUeysx!Gg7gy*UHgH!`Cq03Oy1<b_TSU
z3eN47h`A&d5q&k0OQL1w%GxDH+HcG&&oAvHuTgKhY-*}B8qj}q=TppobPjXJ7IJ3r
zEH5>sY1?-jtt^?F!+%M|GjzlKQ5xEBh`B#5)c=9DlG;;!xn(u9x{J)r2g1F}VV`BH
zq}J~-ajQE0&HXg@$5;Lo_eZJb{)ob2N@3Muy5p)X$}gPN#i1?0m5oWBIV*Za(8aJn
z!Nq`~e<?18!jB_S7X#VnMVtdl&4f92iZ{-8NXPQm@l~g#b$oEY$$L$3pGn#Qp9Chy
zfZlIg$yrSWqGT$75fs3~o7#EIpB?-R=<|Bc+7m8Yt-2wD;*F7U%3NdV@`orLl5ZsD
zIEn-vN9SD$`;A+5tgC^SS;iwYB}yz2((+r)$}JJc(e(ZV4Px%n)%Qk<&;kH15#=lR
zv6pgn`)EbWFs+~W7T{R$x*qwR4@kO1uXkx}SKkFUNGD5cPjawJ%gs)IC&xV*EZuSh
z1{o=>jbyCGBZ({D#H|WB9V+L)8xu1bj^biJb_?sL#%?Js?wofAbiKyR0#hn2&f3nt
z3wW2*R9f4?x#S6EH}I>Mq36T+`taar&l{n6D?I!r3%Ba1Gyj;|(Z;PnHN<5I(o?Vw
z8;peW3EGKg)+z-Vkt@sn;AO)j-mk?o<>jSFRC$aeQOap)IlgR@(~K5ULFx(Zf#k4=
zXKB}3)RIx{@s^N}T%EBrnnn^x(F{b{3vMm#4btscc^*8qL6nZFy?d~vA!9RrMILEf
zcqDtYJ^j6ggnKuEf{KuJxi<?#U2HkoW^4h*DN17#mKH|_XBC?Aj;an?#d34L3N07z
zfEk};F}6hN!%f(Xmv&&;U1*11m+&u>;zOLb+>FbCE=AzB9Be5k{Ku?cMk^3&77%NY
z5o^#kK@yEtsxBxh<E^5SYZd$r_`lsLwPS>oGt%N61zp``aRxs(3C6Dle`B812%kaJ
zY6sRib0zd_D#Xk@*G-VJ3n|AYaM_S34~E;!(9+3SGjRV71a@Shb$1pwc)#zI8nI6&
z?4$(#gZ=e~_D1Ngzkn`K7>>vBp>H3n@`wr5O6xjUQlXg7)G5_F{d>9!TUWYpww%UR
zXCx@fPp{Jgr&=dUPj8~n%g37qX-uq@KbV2d%w!1-W~6B<0JHi1D@N}SoK{0iS3NI3
zzD{!n^3vnX8R&#%ag-L%wahIoOw6aJWcS3JR|)qt#O}%Is^?a<xJZr9Z+ALc9^F)G
zfPFf2uH_ErosEU9uNZyH!vCei3s75LDZ?1TjUL$NFq5s$;9gjrHe6|)sgdXb^CxBC
z`WPolxf#IH+I<IIz-eHGu{llz(8*xz0g0qH@mfQ>js;GV;3^S;s7$iD;Se6}&i~L;
z^`U@V(0CeY2JVLG1B%#%>o=ebo(K1t1^~SPJ$&p7(fz!fg^zRQABVef$j||{&w)pp
zt<XM)P%FJkhr$#X=2{xD(1Qe1&Vt}!@;ZV>-xV&!R48f_3JX?0QJYaWOsOE{U_m9&
zZ|?&&w2PO5$@UYa)aZgmaVt}dbhBL7pmnrmqExqqbu<||!gtnx4TMq0p1GXIui=He
z>R>rreE&@Zi5M59!iaYPGt9&iQNS(Bae?_r>s!eE@cP^uG@=2qO6?sVLE{!87`=Vx
zR*PF1WON&MIwK7<EcxjjEG6U9%mA^x44!`xwX9U84#-Gugw*U(rWxJKZ^wo(5g8c3
z`fEOd6Ufye#zhL24n3MN$-;<p6Fc%BZ@{!7krqaqv1QQ97yd5Jn;q!D2=7WuS4-Fe
zYEe)8yjfjdMr_C899r*MUTML_Lo5R>Mg=gjb~s*nBc=dDa!Iny>+SKTo|vdH!#YvQ
z?#ZwXL7&QczUAi0&aM{hotHU865$dO*&8wY<P_j7$L3eKr8Z~&QBT#!PU)xsOvXDJ
z*^FCSj~s_@Ze;wgk>m?}Ue0)FP!2vbC&q15^k5yuT><>dfZz49>c;Dl5Ut>Zh2o8_
z<pQPf^OYcxM4DWVjq?g){w=uH;_L!Cdb%}EuTKXV9hI5giZcQ?%>4)%67C{7J3&yq
zOWQMDL0l;5>6R!s%y$DVKz(6rB7G}GX3D83zj2Z=9JuQZBHQH?VNoyX3XU0Xng6kt
zoEwGDz01!ZgwH*}65M$0Sxou_{XqS<N&T1+`B(@`w(I4`RDAA|<=uiu<xDy+J{R+a
zW3t0MkpkmT<&A49LlZQWWed}2Djs<RCckBYv#cU}X52K4s>;f^WjIz}T!=Jd?l#Bg
z-fE9hGDv7Uf`QFsBCbIbF)AqAJ^6=0LD?2lPzuy5tD_1^SE7Q_u33nq3Q9XO5kKo4
z?UBx)h4{HJmtr5*^pj#{9v;-BA*e!Q5)>5B-U?h&wWgsICut~V7nUhOI{`}o1rw=q
zOjmJAJ3v`^CpCWp&^bEfY1u*T!jxi3TEti?L<Cwys{Y`OsvMdE@uj9fSQ8Y8MWjGf
zeUk!lLjB7El=Y4Xy8N+BfpFn-&Y?lfTp80J`lQnza#*%A&>(*ORU{Jbj~awqQy})K
z?H`~5aUV!#!_YKhMxzN(jLK}jqIAertj@1Mlv0SVYIRA6c-X<-Q7{N8gnL;x4t@SS
zlSz<rO*keKCc$gRM8InBOOv3K3`dBPAZK~x>nRxPAu|hNY?|56Kq>uP!?k3&1YHvC
z7R?$xhQLc6#4e3Y^rve0rLA%N(wcPmC74ASO-hOQ)YN=u5!z@hf0k3)2->+Q-(q&6
zT<38dKv>f;u1+$t43t)(s)_0H#h?MJ9{HXgR;p)=3F7j1W9~!3aByWI9>XeY>^83M
zH)I@|YA=QVMFbtfT~C?&&06{AW-slo?`gr3+U^oKPcwf5?yJ>W;9^Ulm8EoH1(VPY
zhKfA5Ts5!+WQ22p4(CIMm~gOE#%B@)5nI#EKvy@y4xQ<dM!Ka1W@l5S)eu^bo|12V
zIz71hQG^W@cPGqp;qy+GIW}O7`YYV%uD}g!;{vm2UezRjVAQ@Z&<g8n&VL@7N0#)S
zqGPD9mm4vm9R|(OK+EGDEux3>q)R#q-9m#U_lT69R?p8fNQ;GoYdoqoaF`zqk0W=6
zT(_1^Bm8<moZfgio9kMl-*^wRN8t5vPxc_#EIgfcC1w_?T96W`>g7Dr8g=(vOn9-U
zyFsd$oQKNMOQC8jWzGjJtW`Y)q#C}A$0Rm~UD7eU#8L%iIi*`^Jz27f1n06xI_Q#4
zghy$<8(uNd%Zf%yjAfg79)B#B?AhuwIktHp;;Yt1%Qe9sn@mYUiZL>iUKG=LdauyZ
zH8y#q4VdI3{4gc?@Sy99sIQv=x)Np2qC)f1fe>a$NW;&g7NPXad|YT>)FhO~9&}!Q
z{%RsW?}kC>^M}u25b7pBPiqf~^Yg8TBdMU%!Of94=(Hxr&>89!9e%}o7(d?&B<hyF
zjPY|<3PacP^DN-!Sx%;1NBOyvDv6bhjABlozP%sS8kiutM%q%rr(<;B(-G<T_c!5B
zyT!lHZ{MBr&_9fQci#j5u=d^mrZlfH`)=a-NJ&+ws0~#I!P)g%K=5>83h;2=`&e~R
z4Lv}Kw&PPRNEM)`^(<_q1fgi;(eZc0lkO|r0xUtDY|@yw?;@ZCkNk(Vnq?3A-r<y*
zKq6Vma*c2F<-#gqrmp*0UTrlr(#Y~%nT4v2n2w9pLb!{PzXJdDZm=>Y+{WjBjMs(=
zAl`Fjr_nh)l4X;nq6P%Kqb!%F)f?}p+y&+28^VlM3-1eI)&gX2=i*s!Ydothu!Y?+
zHS{#zLde?aP4(JMjcLwv?NQY~B1RlbPxF^KTS2MCuLG^Vt9d%Um!4wXHE7+n@k>wZ
z`&$=it-gs0=wMQE#9s5pkP{8BW2cxOEyf3c%5hj~AOM~EOA?pYI;HKe!}b{FlIEG0
zW7(OHlFklLiT6a;uY30YMHg!Scb?1se<AS?eZF=4!-vG~dvVMDGlAV(R$GYOqeUxJ
zuDI?uC?#t#24d;{_Do97ryjiToM8}Au74M%#^NzS3n>4qX;pLvcDaZXq@rwI%H?D)
zXLd^7Y|MMjA>JR(1f__>hyXNi@{T6o<^(svk&HBMg4-L@y9p*+ir3AbfN=*(?oCP&
zi#bq==JU<XY%t9>s_)^lc7l{@1v;p)cDiH}unL#ehS$w_9e8Ym$~(6Ewn0Cz>#iq+
zUd?8!t{+|+CoeX`MR>jW(2;j@Ua}X#5%VG>%lF^LpAe5v;4w=dFKup2E`;8KCl@dG
zWf>}Eff$8Zo`{KTa>IiX^yAY^{d6?26nMxj@<gR11GMD{O7;?BF`_(t(>XHVQF<!x
zm8`6!CX??}KbuX=Wt=FTJV(B%nu=(mDJ<B#{9%gUG8hu-&m^=TrL~7HA1%RK#$nWv
zn3!d%<}a~4QiJhpPvX~bZ_S!mi?dw}p{3hD1oU9}?`CVIF|~YCuI}c)8^{n?umyk`
za~-^yd$Il%BNuoA6P<&o3QL)XvrQ@Rl63vF`J&F@FZ#P7?k~DIjlam>)oa1n_i<0>
zpOhz{$t$>YZx{UOKV{*b41Rc|v^HY&@4zY^N61@rJKSkJ47YKQO-gVUO-*zb`8#_p
zaK48fyYidj-l7i=m)3R}{oARkh6@ddNcGPAqZll+!j3%}+wta@m&lUhCF-sB5=}!_
z&B9sV$xAe5R$5PwCBf74W{Q`H9^Eyw8(yM?J-&^X=sH99yhLL&$V(I@3i1vyqd&*^
zY_{N$U9BLbx|*#zv%g1zi*9*ptIZ`%ZMF%r*a`=~*qo<KjEGfj=rNk0m~JApBJgSS
z3rr=G^dw-H6P4T@g1@2IUAQaB{ysq-)PI6BeL(vp$<)7Gp5EVF4u5q{fKS#5(x3qo
zltKN`HY-pjght;cQN9$N2j)r2pgVZk2KVlSu^QxQc;imsOr>z2YbPQdZ?}-ss<_cx
z?ox7b(;9Fv&fw>ncsK0_cz%u`^+#s|JUs`_kK4@f@EkZkZbPIsK3MfQcKWub@izgH
z)@?WF+)Xq85BZyzw@C`WqURunn7;{qO#(WdD3_~}z0Mij1Ji0M)tSYi{X}_cM(0Fn
zsu6yO8J!h!ZbpTaYsAZDyle*AQhguaj6NtO8!HzWG+*UlQ4s|ddz>JPjn?rJoa+g`
z%0?@!Sfi~>nr=2vl3k5?6D5~9>Y1t}3cQthrgS7|^%&dS1pbQA-+=MbAm}f90CYFN
z4Bgp~0tUbnr`v$02MvhQpXgZc+Z6R&x#F&?NiYNWh)MFG%@d{REkJ<To6BW!Gjt}l
z*kJgZp);{1kK9?7s2}Bye=dKP`=7?2^}>buv+mHxU;Dc(-S%hA)%;l<-Wg7u1-213
zkqH6?L#61blOi~ETLK8**p9AO*bc__3izwDLc+Zu!=``_R-jWO&?)W<o8UO++jt&N
z7jBM;iV0m^g2h>UbiU{e?#)DU1b%lS%I^f`;X(?={5jKmbpmDgvI3>{>MWB7^#Y3T
zWy9-cypFNG!0^`jwuwsie2)z6rnXvjZe))H$G~JWjJnn40d5Pst~D>!`!z1^{kl%C
ze_w$Ai)D$<ZqaK>cb?M$R-$)+eHZ`N{omyOTA0TFRTT4o-I3t`O0GZNLB&C+4lB26
z0w&~4+`p*VcdGNhibQG`!Alh)$Ch7gWMilHqSO)oSQn3slEOf2%mw;ttsE`h{d`pm
zQ|rfx@`EI-=ZW$?>#ZITNL5ifCFX~C7J_?7;L46*9*8`K(q^^a$*}&w4@u@8weXJ6
zpW$Ji{If9&4C(O#=h={|$1mhVbxE!3wbpA>6!_}tn&BPmQmJRBGp!xQ5mno5-BQ~J
zVADK!<Mp`xoboNCvSXF`T^OiAI{DD^=I5NORWZc^>COUPo>Cx4+XVmGtd0gOTcaX8
znXkIH7-uRUi-}|6zLmh-uQZTt8S9;@uQCMkofx?&I==Mnq4EhzSv4<@uNI^Y)L)SG
zSM`%x150{!ov7F;3t!<OkgKlM^>?j-5XiZ_;xP-3gS@oC_sKb+$7%AN!xML)ab^aM
zU3TW_vSGsgnE&%B41gUsf(!hVLOah;zLjBFNhvjpW5{8%I$rEY;9t3vK>mXN9XlFA
z3_d$EXAPLHHya94ogL##@i$f-7nB$2H}0Qe)WHY#!!MhpZBiTI`#{fiv|;oG4|L63
z2I25<bP*7H%>_NQ!73>4*jGk-QCn<qXuN5})Q7)CKCh5b9XAS4lzfSXRhA!$;;=Ok
z_T`zF9_0`AS8!PJi+0LEh>7+Hh8;y;-zUUgmysAbpY#YnP`=QIEXZ|iOjyK}Dk}li
ziTNsqh_0Zb4bpV`Wc0I4<5%O%;y?c6UQ7cTJYvGQfrltxqDMLt&&TSK_G8xTiIl3@
zbPul#CplI$9zvCn6?{frTPxe7Wr>w`^Q>repR0&|R%7BW;pA42@r)oH3jdyGzAqdK
zsNa(X$0y#3cz;e+V+6SQU_xf|EREv<b+H|V-L=lz6GmoHizoZ{_79aBS^bCj#dz#S
zUP|l+%TB7l8piXX?$GN-AD0@|@p@<^tLTKW6$de$<cZq|LH^c(kqkkO)YNC8C2_S0
z<Gla=Xn;lA3LQLrPj#%Zja9PRt-cd$`kTqRrf+IZ8PONVsP|ECwE4q0j3}7=F>H>p
zGhQr(cv^kz{wSh+{B0DbF^D0`eY4V}v79lBrLlB&Dw8A96qd$v!mRVBv0M{_itoI(
zpCR-n{P~vFz)4{91+fOJvBB&VEcu*RgJ-e959!YvZj&&YYt&!h7j28e*1~#q)=w@m
zgono>I*Qev9Gm`^vUSMvyQVQ@xfH)RR2Bb>-C{P&EyXMmFYMpG?Cu%a1C#tyAnQ;9
zA5mUl#^^;fIq~@|{OWk!ycVu*3_4$_R5Bmz%+zfz?vKDNP8rE~g@yEnoB6kY!2b2%
z9ou-W@&Ipa;kmK{ptc@j2ECF}b=s{I0V&8HgD!*#<Nl<-6Lf;lKMfqUpHudjC9$6w
z8scW@2RftM>b)LYNvE`U6?qD%lvIij)J&|TGX+|a@!V;}C=S$RM8_%L4*bL8=<*gP
z#fQtFW#DTIGACewj64ZCAgoIzb-+>}p7d>J!R=xx=2{{~&|j2(WQG^JpI*$U!pBB@
zY;w*+<%VY-yUL(0UA8qjzLWez=D2?dZe47P<Nt3-@()=FRfCY4LH4-)D^p*;#uhC+
zSWlcP&m+%Jv4lp9-wDzu9>-ztBG9`=@NHo{xCvZ?oL8<fQsQJ@+9u|IiHV6mLm$ya
zB05W()!<aEyo4_=nlL^q$&}ZF40Y%tTKMl6)FXY0^<JI|XUFkbg@;6{8b}_ZTo!v9
zN7!5o_q(Md9_g!S{k>QKbgmn%TV{`Jw`-o?&%-|ys+t94&E(+nnrzIcqWAaaiZJw^
zQ%TM;2kNV@DQpdwbqgD?oy9zMxTFJ=CtNL{`CCKq9TK5LDK8EH8k*K9cmeSNJ>u?x
z3-u4IGidH$T>NgigSXy%-uM7?3m{z>JJUG@bmNnYI48OX&^I8EZ$O&LnKie7<}GgW
zeVpJHKqWE7EztNUatm0`89h*u7(FmLP4ocTPvq<Zmn0S-{G<SQnpgmg#Z_RAh7#-!
zer9sY*GpcjRgmYyXuVdO?#%@07IU&IU_{InV4u0NTlRn3H^mdg_;1`od<|KMRYSUn
zf(_p#q5un0Mk5NQvwj|p1r)6Pe-uz~jWHfjaJf+nC=f9+&dkD=S)OY3Y?o#&z9t$|
zFkuQ3;?Qrh7O&N;#U5oQvlfqI*5d3bn#FhMIb#a;s<X&iTwz6X@hFe9*cy#0*f=@u
z-G+p_^UrTD*7N!Vi*cbrZ!z8$w-~QUv>5kCi}6dbd<eJbO~$YX5xgtAdZC*u3$#mD
zFC^$JTcYW>mkkr{w4&iqkXi+}XQGm8L3^CP%jk6`#S{!J+!fou!);D!&cIG!$~KUU
ziv~jHHnXS{*#z3ZjaH9iyYJ(8e1TiO$SqABXq_leHNy>42injqXpVXhnw*GI6qTE7
zv514cCVjktJbgf?Q@Xtq4TFL-fT7kg3L@C<ajf_4W@can#*kI)83Qu|BkVD522QYd
z{U5OhJMa7<GYLNy{*B(>IG)VGXp$^-;rtT%dNZuM86o{TOgGE-DCb&Weax_+Q!TJQ
zxyS=8n3<&A_xa5%5`l2mQ7bTotH@%ewM-Jt?VxUF+Q!4D&O}>qrY*tldrL}0g2&h<
zu!w}j^Q#<|xeV>UX!{*cwqHpcVAjmORu-_Z-uF=&v#(PNS*Vl;Su3RJX6qz*y45@p
zKH-S0=5t$nA2(d6wfBdbwRh$JoPGD^e;WJl@4l0L_d??pVD@KWxPlfTBN#g|2m#h!
zGzM7+LyD1CHy;&pZqEud_sUayqQe8d9wK~Fa(gniQg0O;>xjN8Ev)!n8bhyJ3bL4<
zAhf&9;w(Ns|2DU@6HYgwYNt~=#$!~&cw}cT=|g0rEEl3cxeycc;mO1Mmq~N_1AnaP
z4`Zq65B$;F-wcG_E;@Gkc4MH!F^Z3ndsRqcjul^eqAVJ4;5jzEDO-YzsfOQCal`L5
zGgn@4yn|>?K*s#&f7ITqRg*Y;>o=Kv=ck%{=UyH&`A&=I>Pw}`SG?lZZUsE#UH%RE
zV0m5(SSZFaJ*Yo{&;Y*%>E&?_<6fvRyl5ZF@OaYpw!@(P%@^f+f;KV$Q@RjOCT^M&
z41_8_tWw$X;!Kv2Kr`=H<>}2<kMbbAeMLlYtfg=Xkt<h8q4R3yVk~pJMziDQp`mD0
zB`GvBSUGgmnK=o~exWmlL_9{}me6y+Y2x@<sguud=Wj?*f5c#d+1P{H&mEyZY0c>o
z-MNR2WBEdZAzB7(AC6V3*cxGKJ@y3Z<5j%WF6MWBbBEk>^<$^o2XQY3^MYvAg^kF$
zwuy?*_!hkj=W53sagH|Mn9yI0tX`uO;z1OEmT=V``h_v6o*v<6PQmwrV+U8a7&)R+
zVj<v+X$h=fvssYm*kP#-u|&}t!f?B&+#eCg&aoHF?Sb`o3TW8^hrA<`7Uo4aEes!D
znCizvST;3Ezmgi8%Nmir@uN4xt1iDA;WRH8lE#be6BeLm6uXJ~ezXMd9Ez}+iYSVY
zzO8wcG+F%ClKL&(TeBwCWPeKiHd?sNuB3&#0v3+XSJ^;N`PV<ON3^@dMdJbzp=eGM
zrVj%VVB!PIx-`5rSyx$6Nvc~~(!wt#87uVUnRFS*PI<{*_K{a_FB|>fCDHl)N5|t$
zcYQZJUV42S@p#T}#^c?X4v#m6vU;T|-h{^+|4n#27vk{{fd>k=2|+EOPD>?Lyli&q
z;dt8-jz^mJ=BVbq*`~`WEJ*XsPI<mH9T;zTOas5-+v(rw@&ixi<vT$Dz7IJqSC@gD
zK%NV`{{go7kD_u!+}|W9?ue*78ga>YgRqLFG&>QcI|MCUm^c?bA!vpErIYr4@$1Hg
zKMMT^aZfe2UE;Q;mSm6K>&C#Ah0gH23us<l!E&kKWAmL1ye;M*;uE}weB67OP+BbL
za@=D#aWB^AwIt`OQ*L<nVcK8|9@cNL?e|@huHJ8|{o+$YI)q!?esRGFw;6GS+Yj`{
zi>Zmmi*E&R8>R=iT^<FvrLkIMMRZmR0-F82^gCHCZYfP`cd#Vb9dgX6RttK#E&bhz
zR*Mg_zMa)#QAYQy7EhVbYLTYi!-dxyvVE6&LlbhN^&b8-^dGd|knJ4xhIWYEsrT^X
ze#!M7TCV<X^@eQcs5ew8UTD3CjTfcVdl+{0h1PpGbyY(Bs$0@QCfx{`bRlFC!INkK
zYfiF&wc4BrnT#POKSry`BqjR}PzBeaD(DXE@=hT$1A-GLDuZ@|PF9?3uh8sa?V3Hz
zJFt@sV)7gt9I(R&YKAczE+iVpHfx44nB+T{Wo#E(##+!awhJv|E#@-W)dKgrb|pe4
zr-;h<ymYY1Wc$hV98isKYe&#zry$+dIZ1Nmbe7A5a-33sJ%Dl>vz#HunCuOTfmzP5
zl;i)+d>!fRWeNC6{+scW6^Ng#ApE3^pfN;=WoO`3L||#~$(`qgPnIKmvP{Z0BaV`c
zXURZHTP4CLD^lQ-x1AF{`AzmSG^1L}(g7$po(Di#DG%CQfdI-$^7PGUNo&F3Z8js8
z677HILr^|zxKNwgy*dQt{{nup@}I`O_KSaD{3IeK+ckq4Vv3nT&4|EaW5v1glgPGF
z<2o0HGCQ6w<W?u>6iAIOWsruU9CU{+OGvUkZB9;SnKUN{*lJPEM9G_DqwFDY*^HO-
zU@R(T5CIK6cRsVJwLx349>?95WKXL%SIDk<E9}I!G?2=%am!l4x5rb8E#~e4D#z*!
zY~RAZW+e^?$M#BBcL9}L+`5+AI}uQs7EftIjmQHU5vfQg$$YXwE<>d#8?`51`UI2?
zk8}i7qOU<EB7>Fp3Xq{hc_vHrNs7_3B2tXL4~o$bD3v##fLr8Kaf_hiv@V<!uI^UD
z>M0_{VdJ9)u}9?w>Z={(qX&I9+kpW+;bB7lC+CD$>K*^hR1r4`!%=$==|y+lqt}bx
zyA$*x9elquW&Y-aczCBuiI;Ky_{e&uRKooI7>id6`G*AE{7sF`-`&>uOI2Q%G=JZS
z`;5+Cw;JO7MVIRD-%m4tW7+)i`JZ%0!Aw7YrByV4gRAuOxA=$WnZKn6sR}ja8ke*9
zs=k;~8@8ATTMWd&+f>Yi;gQRLI(K>diBcP8u>etUjVSFBrA=XLVJkuG+=X9=QllvC
z;H$JP3IZ7c`hdE5()U|&=8L^nB47cd$u{s(6Easq>S0i`BaC&#xv~!tR8rzW_3Iw{
zP>=Kh!VdF9=|hk7iTY9@LS({%v=ecEc^+vmCNhCmoldD4bdkV+BA*9=`({!4T!gck
zEBgvl=3f?zt+gVm@K)$XyJ0TgaE>rtR-#<w#LmzJI(nwtdCc80xv(Clg!_5D2=w|J
zg!NsvWZw5-CO;N9H%Rbx1j&Tsh9H@k@}nA#EqkrO5Ut$q#SGC;vu28DuU6fE?rYG}
zlp8P{t{CT%Ek}Ghv2Z)3pN44z$@Ay+@VHOokJAvKR3C%2uEsB;k1b8}*o}YcOZo-K
zTeDQe4V4PYohor8$Csk?nZT7%79b8o{)ZH3v*x?flYdYP{EJimn&e4?X(bLlj6&)4
zPK5$z@W^171TEGe2_}}t9&#hH+bf)M1xr#pu``?pmo0QTKd#ITjisZl=nT{^d7izV
zv|D|y2PkxMf~xlfeW@<NZ~QTUpEZZ&lYQlj0fzManTi8^O{g)ht{0_<`2bTqW6?av
zW~2qPuNSwf)Z%jN@fHbHYY-^qQHJ*v{A;a(@}QZ@CpC#!YX#_BU3?}I5eeCZW<by(
zJ%XGiItnnG$roJRPmNj)6{cOdfV`!4{N@Qpf5&F7)bf{bf$Qk>ismp;L-{1(z|*jN
zihA)G!g1GVy*)_;a>N-~<3wYt)3JsIKpVn03m&4&|DolNpOTnAp2u8Gf?U@WOObLZ
z>BFh{QSb`c*+uC(msDkLDz_R!Xt(l6CtT8(ICp|$t+y=9$40b9h$S(IkBjNs>GH|5
z9(-n;c<AX0Ei1`*C3h%-t5w_ANwa(t0n!gk2f{^cPWh^%Jo!GG1Z4?Uknu=s)xD=9
zz+BY2db-Vf8AGwVq|Y$JN)gRqrgSsDk1?D>XM2~Hk!3Wd@+XMCEdiqM`p3nm6<z!P
zA3kk%Iy1R{c?_SHR6uW%MU?iqiucZ+Dz&)s_wZGlUD6&t_?gLD9^7k^8sJkx?Yt!X
zX$cIlhO-KC4UVvegG~)%MZgBeitomZqH<rSBxYe@pe!`IGkaZ!`ufG`>gtWur8fEA
z%5LQ|=`LPvsFnq8tA<y#CE!(;4oibq<(2!WR;D@TU&@T<Gr`(A6ET@d;jVCBwx2wd
zR>V6NnAGJ|ALKA@1ku<<yyG+V?<a|Id=xG5aoo2JZcWNR0!J@J_vEkyB!e0?cxia4
z8<XFEl2{+gP4Lo-K(v1p#EJX0jl3^>xlq-t-?ub^ed_IO1cRApO!`#IRAN>C1UyZ^
zbQPH0ErXTTw29Kt^bpaM`Zxc=0}>=}Z2ot$te+YBUGRYKrN8@Mc))+*0sleloBzTC
z{tFNIFFfGC@PPl+c)(9behWO{-5nRD!2>4Pi(VlGv9E|IKC~FcO%&5xtQypVmmdK(
zw?y?wXFQziOA60+9TBj$@&Qtq1ubx>fDm|}@|+8FYzzcy#&nVI3`R^;iQR)~guU5L
z2^jF<!J(rD24ym1UDXl7$-ke|{P3P;erTurR+HMc)`L1Y7Ewi85?XH#aX+u;l|H|E
z3avL62Y>W^1JAkJP-3p;HB${ny7DN6PuA*$VIC)CDl`D$pI4vyWnU^VWc6TaApxX&
z6|+B4VAM7(tPAan>VeDAY|@mF_%hkhlrU&Pvyxow0!4M{npaXRB#~>$kDOS?Cp)n^
z&yofjFuJp)uP!o#|B_k{l9vaI@`G?@9TD<(Qx@oy;KR3WiA5U*IX_|_L3|b*pKx_+
z49r)4@bVl376fI`1DKv9|AOr8ZI-;S2jn7<G>cHR?~P_aGp4)jZPlvvYGH(jeVYaO
za*zCgSui%EBx(!_(nK>#kfI~(y;EpzMreb`2=^0KKiF+$?*IMF-7Y!~`3{7y^8_O2
z_WbWa?QZUIn3fIPt@TbWrzbuF%UcC@c`4oI+N>M{)qzSv?>s*7Dua6IBvzo)key>t
z?}HzOhr(O%!lvJCi|Ea*DR>@{a-zm-aANQ>7UJyXbZp@2?!wxF*>)s6a|}=EILy__
zcz^)?nt*R_5ah*_X4WZfat8OCCdl3r3d;kTUC7_2<(uW|{?nk<(Ngangj-5Pgdsbs
z5t4}DQ$Yb$VS-Xrf-3;bN;a8Mp<HBEug{8B{lo(1Caw;>==$=Xlx~y@$V3Hu6YLeN
z9;i399w-xT&v<8su8#AUZf3;fq)G6%pdf~=r#8r+_3US$0v(hM9LK3WfeSRjiRv0V
z+|C8wflnbU@*Bl3Cf6gSyT7R(X>{oS9l|JMmt17m>9=digdm!%Qg0lWpcI*KLe--^
zVx?0Z38hniM5R*`=j;D%{nXe*{1D?kvCKKvJI9ow`6u|`SrZ>Pw0I~VSvzwjO()JP
zP3gEEh~RFt@{tWp9XV@U@JXs=>s<Km^z<FAnrMwv`Un^<(58t<JrO^Q^lm45A8v=!
z^$;vS*;GqR0w(Z7R;;;F3ism~wg?S;`LWkf7nu^MVz@o@JA)3NO*HS6IjJ{hv>mS$
z4aLI3s@oJ>t1);}3a$HQCf2*XHO+dJ%O-oI9*sar)b)+)rQ1Kzl{-!(jGHf@BEUDc
zaNHA!jtybvYnSY`o09BZ=cdOWW&YFA<7*k;o*pNoXd~Y!%8SgRBjUX~5gtcp2(2f}
zWJ>TjH2y(bI6t}tkHb@B_@Rp!JdT&gvIzE{8VM$6?#6x@%5r1_C)YO14BRY~d?SxG
zi_6i))d{3Vfb`;$$Rak?Zq?!CaKBXIcJkV@(H<ZwC8ZOT;b-71q}`H7nOF{}Ra;}b
zWo&%6c#Kq=(JGZ&QMh(7G&(#1C@Y(!r=<1uD0ARTw?WE;y>k|ANTTtu+7r4dmtAME
zA8py)*h92Jt)nU4Gm_hW#Q59T`JF}dHih(Km{ix8Qj0eP6z7tf!ee1NvXiz{yeF+5
zY)ZcJ4(gpiJC3bf;A7lLFp+`HSQ|F~1WJET9K${2NJGEUAvTLerSL*uS=m_w><rGy
zuV@<$Fwnbxl^1{4@%ruLk`DVGAk+FG8fCIQpS|zYwC_7^<+s>hg&omH#a{XPi1x}D
z@9&Wgv$tL>#>G3tLdSBq2$ANvy<ETlMno=(k_Yu2*@RRg_#?&z+tcMFO2mI-IL<AU
zmWQ%OgRIG;<1Ak#Nz>6j?{@wzmIouk@xz7zBgn+?lER?qILiHG7}imCoWKASu5yE@
z*z*O)8j-8q!y7{)SGLE49y3INk5@{*#G$J*a>=?F!Ynp|zsrOcMHTK3PsMl@|7T}-
z#k7qU!3a{tQUBh|!VVqUekRX7(9BBN$LISvx5RaV{ls#4Cf;$(7Zx4IyjP_6hwx~K
zs5kSGR^L~cay*2nYIkA8qYOVH(r9pGbEhPYNQ{mMxb+eAoFJSxW^kM-a1Yee$X4P=
zy4vBVsSCyo!#V9ch{O3_;TF9UL^qzI&3vQ*qjkPQ7KMgYN3)j2LTcjkv4ByhD4pV^
z)4adSHuo+*csP@fz#-l)`1hQdpkz0XS8|)(DCEa-sNsMbXh3D0HG32Mn7YYY&gEop
zf*<hlco__E6aI8<LQ|v3<7n}16&+39D|Mq}`!_?BjJ))Hm`Ajl!RQ)%2N)+UJ!6Ia
zICi{ZI-$)G&gcZiw4a<GDZ=^3_lz{CkCbnXoaa1vpXsoFBhNe>3lF9q3#P>V`rXcl
z?ESIx;cw)3r#GAVwH0RIZ@<JRc>BRuETz<6kaE>tTaZ)t7{8(n?({!P3+1N<&3?Lr
zhPCJ+IN7T474A)ag&s4{HGb;_j$hmt8~>t**x-M68VA2<wgGF$F9Pj&-ZXXX92)au
z3XZva2K=AQH<!=WhFT0mEybZekUG?!$^7xVjrYYb<Kr!6<2`kX##_L~3p)I~JoU{7
zXuM62(|Cu%e;bUqfQ?{mRAxvs+^m@?<F$Sl`Z)MSvivZfhMP#+pj*y+VH+u(_i4YY
z;5WtN-3s&7;|6*WP>L5=n=7e?@_T6D4D~T2#k(cS>mW4biWu>Ud|7@L$<NtQZ{z~A
zG7Sd*q8h{Ep@pr5TXgqF8svve#*KVcN3&@(UVzO#_U4+J{d`p^?BC9a_hL~pWi`99
zn12aASgF|}lYv`d%w!q1nwwV6d;#XO&xv1-MDD2N>@(TJSEroEZj349tI9$CUpq|z
z-lhBvPX>8jad~ach)hHEo^m*PM`Xy^k40Mjr+O{eJV~*S;N@H4jc&>tUp4$~-gs81
z%9cc9Yh-VEhiil}&-V(P;3Fo7=V^aFHv#|T;aTA)wM&m3!}@_ECLiN++=dVUNI<v0
zBK+7FTwpi7mz#zcnxXq*as*x2`&IR;QxSN#{_t+mH>E6HSfQiT1P`Ht%+b3Bz~|%a
zS;y&FeRN-<|Bha7@^bj*co%y>miKhT-)ZFPkRA9tGnw1Q-<hFddEjBO8Gh>Jkp?cX
zI@*u%73lR%XpQ-|55RBk)_Q!Z2f<MNfM!A~plL~O-)wx)r|tA6lU`1J6Obd_NH(JU
z5F!!P<2z49Kp@FAc;^dpUy7b;icGOar&u>A-({ffxBv8y2Ac1I+5ljot)YuBY%%^f
zdmW|Erk6&7!gCg1o{h9FM1M5%(qUe?xCJOIJc~V2{hBsqt{pZNo^OFI-UrmI;TeYT
z9Ja<-hH5SxBu7^FLS|d?yai|J{+CkUkRDX4f6$Fq%%A;bFT7)Hnma-_L2LCkkX&My
z;tOHHmnb}&9G=mLz6Xy?yN!Ed#hFMXgpTeQe`&5{8%gPL+w$Z+&P$7nrR|}iy7meC
zd$u5T)h@9Tc*Hw^M~|#L&8FJco{CVF5Jw|dw-*I8Wihb7dh?%O1JS6RUw!Yj#bNV-
z-M;_{(IdlGg`4s6$-Pd_HkdDL5afw@9=QUz=4L*qW_hGjLNJsq6b7Zu_9Y;z&m?JO
zM*T4m5DX|Kz!u*!lY6kwlHOMt@WGxTL7?~tb2+&9(M-;}bEb>iu?qu83XVIucN#@w
zi#Vhnaavg5&{5Ri`va#^9+~MH@{v<&^zG8|2e`X!Cby#@Q19!*d}37eHT)tkZCCH&
z&<{N^4>M>YN(A3oD#`(-l*1;KQgcl;nvqO;iSpgWp;<j~t_K-G+%><C+e@`ra)_X2
za!2Yx?kdg0AH{rgDbLm?SU>*(m|-3cykM!9K2B>cok4?ZF1-hvl+r=iT>22MT2rYP
z@9KQ=HEdc9z17w-L9>>nUj!j|<w|PkGs5U$aIIMRWIQaMV1rw1BCA*OkX4YH<R6<{
z@*_1)#Wa$CmRGU^_@qERh_!g&@SFgG-G}PG_d>~djUX@1!<)^5RFQ|LjafZ&%xaMD
zGm&k**?{*r-_64=4sk2y7`3uzg}dB^9l)kVIolpCNIL)ALo1|`*PW4Og4Jf*g{phe
z5H}4iISS68ATKQDjl0#o#xn#h;Xyky`yVw#d=0=w^9)*k%c|KXUMYE%It{=PQO{n0
z?^HiB=isHq{iOr2j2UqHy%(XGTB`=K&=jjum%RKakfeJkkGTQvft%IA@N!hok(W-Y
z-}hz^@gd|1ncbr%V0Ia>AKih-;^9uEa<J3iJT6f0;)G6TFw&z;F}-^=Jf=b!{_Y5x
zRQN`9`oHX?qFi{_Wi)LrX|}0calM;Wsmyt|Z@ih)zZ#`B!{YBd70+Ooq&k%!Toq{L
zgf{<YooEk5n3?1>2M#T{GW1h27G>L^+a<pXQ|Ndk-hf;2WB9&s7w80xn_T?Gb98Wq
zCnw{bD2F2fwm|gocbVrcavM)LBOBoP&pA(aIrFzwO2glA8aFuQdrfq*u4StQ2P-1b
z1ld_!TVsQB^)pxw8+<f^{_V15IOW{hdB2RT^Pld;Ekk&+P-S{jG;WUUS#6>R<InJu
ztIe@dgagplJJx^N!Ud3^S0nkC^yUIT#>M%`0X$nS9tbZIeJyx@ZdFTgZx4T~Erj{H
z)ywWbjg2~<O=uKpfkSUzse~?^MR32Iy)<+QHa|Rvnm4Cwo<q&2Y0Z%;3R{7!L!V$K
zN%96Wk!b_Q)ydA9K>cElui60TtgonWOK6Efv*tOQE3wd0#4SBIV<!A@PXq<9uMqMg
zRnA5$jxAJz2AQU%`=F~Of>QE0s%nK>P~UMY?kuN&ZC`hw-mTGzOPce{8Mw~D^-B`2
z4}S(OfmGFyff3$oUNKVdGz#zKPQ^z(1v-G>4hu^5<JwI>!<*8Mvd=^s<)qn|(v`B>
z%0g-3mheUT`c|MTHh35F_nj{G*Emdu#fNyM$U&;FT;nJZmCB)@3x>yO_H>Utxf3fR
z2-4S{VFQF<IMaRahyN*$c-vF8rM%gMrI1R6NKmZ01m<8GD6`W%j<!dib9R(|Z1y&I
zWUB{QFS?Frgx`U_RQOaK{<Ej*1frLoFcI5=4PV%Sxb0^$w}M&>TTVL>E0>nR_a?iC
z!b9N;Iu$+AtYVNz3OiKpL?j}}mBnOGb8^<oJTAv&AL^8|Fb4^=FTtMR$XQ%z!gFfx
zOm4f&Uh0%9XJBez_>CE5MK~|)lj)I^7K64XT%QJ)QT&U%{}7%NpJn1;n*@21O_2Y}
zvio9P6ZEcrq)uIm1N-Z85^49VS5i`dJs=9qPLT5(@wNFwR>CD)-x^?Gk~y3=j!y3B
zATq9}>&-2VY2rzkev1OxFY)0Wm1ZL-JZQx!ehfJuXv|gBKui%}`^b*B95Wf5{u(>V
z<t-T`mkZ6!xMz6f+E;%*(h#=eU=|%P84~h)tQD#-X5X=vQ+|fB1F*ni;l2&ifLoYr
zYs|nn?%?H{QOe4jSXK0zVEnYhWd>PxmCFn~BzqYbKu`n5qmvr|BzE8L)lv77MC(;x
zr+SxzB<uTkXGc$?cO?!%ebQnGKNgKIo@yQneOviqx0Le11DW@3`Ro0=R`K#Yt4lHc
z9Ea%2tT1`1>MLYZrfaOrY~lhKx+cnS<jJdOU8?4r_^K_u@tCKoXeA6#8=GmFzY|9F
z8p+bVxPTQ|$_ukKS^EfVW|Fn{(T5B!(2n**`Fao9xxPTIfg>i^-Stl*sP&|}I1C3+
zYnLwmhg1}98Roa;t3(A0bVc?G^0-par?|S8D0+8)C+}a<X<+qnVB2)6*JD3R3CmXo
zr0@|}=fyuzK)tUEX?z?VdUsKatjJ_@XeyK9%hiEjp2Aai3=ZdyS7#VPW8fQg?JPFm
zV{pDl(c4@>9rb+0gcx9Nu~V)v2kMuM4lfY=;|yF~Cg~n0)qyk3OcrOC51wV0zqsmD
zB(xj;@bAe4&RHfXAh>|kgce44p^gTV$hl5QYx&@prf{x~p3te|U)%1rIy<tA-gfjU
zcdmr>-q&FQDvJ^1pr=5Msat%Oy)2uec9^0$Bv3cEtNjkZ6y3?h>tx+|^y5rt9;yAl
zTKhd%`+ceQo6~-0J-#jKpS&4%mHG_T$lHBK=(Uj5kaXT6!i8mC7v&{Zr+n)S5H^7K
zgu6bB2-2N+HvF;%*%bMhoy`?Crq-UM(?*@sj`P=khn7IY5E^y{D=?iyU#BfT3HFu~
z8G^SL2{ON;lW8?6?{cLHdHWI)sst<MO?MZ5AvCYWX)HVx=CFQYRg2(XGmUp_c=UEb
zUQ%4ftrD-!09K$FEWX|2W%26b+STYMHu&1gYHO~B9o<^i;kp`>;-F~UPn<+9%@eDN
zUQy3}aEjm>sCg|t9*K;XOxNKc!q22cD2)pJY$Ql7J$gN<CBk0amxQ?8Z_mPP*h3;8
zQnuw6F0~jE<jYDls1`@@yfB?VTg3DrO*6v!wID4PSYFi9@>beNg+yjwS<skluTgqT
zSrpZy%-?V?`nzJ&4^yx7xLCVau7qQF7BDq)?WwLM#d>@3gP@blZ=K2A(*k-)Yb1D_
zd#6oQhFiH+*;c~uZ51W8_Ee;1D?*dj!Y7}L_b(bsW%Up$KB2(B*T|pz7#S+<{^I>~
z9>iudRC#Yk)SoR%Awk+u67j<6iMiL27yX1z_QhoW>dE+lM}7~F9!#r(m1NaXix_<4
zlYLe=!WZY^7lQ@)F(e{+vMI1-aSn>w(BwT#Oru_Q2B=wHjIy=2m)fk|B{WwIHE7);
z4p)6`pOyIDWAGbj3{y6^jc{a?ba7AIgkg{?;jn$st)HP_1hlGmHjh`buR#~e#RfJ<
z^inl#p}`R<NEVx4+K;okwEcMbzV!PMi-QF^yra<bpxjlAH4%Wc+TYC9N)xEt+R^=p
zxn<PngLt)Fi}-|H2&6jh2_n_0%|NQs=c_r5P*)<MR-a*ndMwvMxzcwo+ZOF=5_NS_
zz4i40^ws;zQt%*?k<0Z^FMix&m`1$mg@iUMwQvzU%tiS|C!7l2UUE5d;_R@;C3Q0P
zTFxsI%pR#r@bBxyHo#ktIzhh+eqjn<n&?mWH({D>;;%i4zn)Z|m65+v-+j^S80Dtk
z>?rS~X#lRO`#bdKFRb)Z2OiT8n9aA$@$y|(%w82#VPma>gE^ZoY~Y9Ng#BR3(JwbB
z>en!UA&c)Zrfr2d!a%)uFOWt(Z`{le`H1%~>@@g#)|ME%e4}`Or7fdy3;a>bJ>9_P
zPw6bJ-M0j7ex=KcjJ#5PlpnIg{~5;{H^GH5Y+Vt$1aJR5X|>VhK4;$A79pTkmmv2I
z|Cad+v{;O<5#&a|1!O{${d-lV&2C&y^|Tk5(GsI!!$gez{S;-?`#d}0yyXG|jSR77
zqf@#M{WZZ%4kxs;2yaD=Ea96I{Hw;J$6eezXFbN<o*_GGKU-3^Jh#}R+;!A5<U=RC
zkzi~rU!Dts_I?v?B_nxS9PB}nCf?D+DtnPTu(ss;hH79BM-iVsNzUynD5f#O$vu4G
zX3*Q{Ljx~oiXg2qM_`s9HG&AA?J4{k9tT}NXtL>6B?O9S0Hc|m@5k29V@%%^&-K6|
z@1D>wQe<J0YHRFyM&7^Uq&oXEvTzT*BelYx#_v0G=Jtn!&PHXm{d@QDN^ULuf0B2!
z%?Fvb$W5BsWD<|yR8&T-^_7vhZB{4j?nPN@8l&=J-<V~qg?}$@+1f`|trqqnojlDi
zJ!nJU9fqok_ELleqWBL~<aV?yz8xMqQO1+3&n)^?W1r@d8r+hq3VqnhPeTM7=m^u$
zPR^qY8TegKqCK^v%tCRO(?INl%TK~(^=`pp2rWnR6Y_AO2SQ-9&`#`}myWAwf8;@A
zp9c3#vtU<VEF?eO&g0cm5Rj~<SYZkiWj-PLMaiBV86x$hfI7qKQsaEr(QAov(NH=(
z2GaKU8kJ1m<5-->)jda6f%%x?+l)h*tUj~nBDk_ZyYh~GGaeB?fs6R)$-MkHU10^n
zA697&Ec6~X{D8lTB93Puj6th10$*3#*wMUg1u|SMW>tEFRa%iAXLU)MStS-DYr5}V
z*7TR~=i5E#+B^0=v_QKtZ_$TKFtqh)x<nRV7`aV-b&iEznXWR}AQ!j+!}s9g=G2Su
zI$>v`y$cjWUVezZJ7{w9?u(ec8T$vKIHM3zRKoDo-Nl-1E86MHMz(-9SitMej27N*
zJOvyGYcQ*K^^LD@u^B&u_V1Wuw{iiL=R@DmNP|~6sa8V|7{D~w*->H4gZBqQ)4uv4
zeC2<Ogt;X-ctNBK%r3PwzN+uo>v0X=`}883w0e!|@P!7gpck6+dw8L~#cZbV`_NSg
z;nDTbf<4q|J+$b0u(2t*8h)uCjAknYonVvD-mb(>&@ZcwrcUZuJTp?y1nRAi8#{u{
zID-W^KhBmBh(OhzmIr(sBb@QNI>p=9z)Fk8mjAUMTjJGRXhnW!FvK23N)zwD;pL3;
z<&EN=7(=R1ms-$zks)*~yXQW-Cog`_V7Pb-UA!iKF+Z`RWoKDO`&*!+N6sc!G<j6}
zx&^;}h*X;!GQVML1sbsXM)gU&Ye<CoIUg#cc}keC|BtqJfp4lx9>;Imv<+?G1}svv
zV%4fGAhZf=BSo8%!o83{1=J!w&?=$=A|!&!qmTr+Tmtx5b=6hZ*W#|bJ{OU7vEkA3
zP@Yl*6bkaVAv_95DNvgK%$$?trY)@N_y6Pbp-ImB%$YN1X3m@$*iUtWz`5ecMuA;#
zSB`0?(-|ff33$r`^u*!sMf3zO>-=w0VNPEe{TQeg7HG#S&!YTfXW?Q$ODFNpgbv5x
z`2L3VCVE#T39&t>0=sFRdCr>%IV8!bZxYR$dES$VR0#;2xNsj0vG<#^36K6Wo6}om
zr)?=#)V8Mx6iTTKG5ooqoMLKqzHMRlF52IFr;k_C2Buz=Jf||&K)a`J9C<#4*tD`A
zkmn#9$YpFGS49S*jn3d>y-36F^X=GF7}qd9^46ZfhCLB750c~Ke{KpZEXtH!`8XRl
zZ-pa!Od<<A(+#JmBFT?}a6YZ4LoL9!3%D&TNU^OO-9x>V?!gQ&I5-?Z_n~Z+vvk4%
zo5Q=%ZG?tu*Ov>#6wh3RXQ1B3XGtaC&rd=t$Bc=2b7+1)fPEn!wL4sDAx)kptxutV
z@vUUt1X&=CX6NBF5D#psYoS>}_Zf$IP^W;lGy~yUm<<r@n;5}U_GG>!zrOkXJj2hy
zD*9IN@;1lLG2`o2<+%27Spp1xJ27wj^4Dq~YeHmf7HuKVWPT$s+ppnV58;Eu!#I?i
zVnewufw*mx!%7z{KfApM*9l1f9s!7Y?lKAd8H<GNM}}gbV^&IXDx8*Nhx#bUVf)=z
zNa{2bLy)iV(PVD73t`fNmShnij%jlarLZ#x2peh>x9?2Roik_HMJ_aHfF?7VH8}yB
ztmztQGDBj{buHS>%^ICWjS`~iTHe6d)WT3lR`I6xIDBIs`-&*~d^o^-^<kWBYrtLZ
zz;HtG_N7DO?MthbO`%(vJs@CE#Nw|yY67RTe=Csvb7C$6k8`AR^!bL+Ui8gFLW!;P
zVR$O~ra(&YG`YL&yRxykC7u2!C3cS`c8e#fpYhOArCQ&WKvdst5qs)zv_K{n*u~U%
zO_F*?u&?gBm*m!ik<AE5qL~L1LTUDy+rq8FHL_Vn-w?bTE^TBzWkh%MIwwDAH38ZP
z_U8p+TmB=bpeH)lLjmpd?Lc&{Y>XR@RsjWrPlY4(A!U4g)x+nZ>N2cadmc;m-c&(y
z@`(yg2)}NR+}O8>Vs{?h8fJuLZ4widKbyj|YadNPfw>ynA6x+=W=vkS_5!4bQt{gy
z{MMD1=?Z07Ls=CltA(|Ocdh{7ghDrC*^#U@R-$PJD^UX_cw&YY<cR^E2+*#9B(nYt
zzD^utH92^RHuDu`_rq+I+k*IhFPLaxqYO=kyn2C`=B$uch}O>1zWxrl7e8YuLgRQb
z`Z0?CK+Y#LEYvxa5bEeacQ!PrnNW}7!iR8n!B=^k(e+1L#~?XGW>wJV5q3;wy3|Ik
z!~)=<bCX-3HJtVOw>c;{Wxo>AQSnqAW!&4~c&Sc!J*)F7uS1E4dEzWc3}JGpJI}Mg
zu-v_19PZm%KT?LgsykA)+{aW-x4n(G8dS))%T)yesHE)CA-elNp#TDU)-&6p@w`YH
zBjaCXwXAHgfwZdpiUPW?-j#~Ps$*^!A(Vi$fU)ro<^61QEfX=|0)Y_y30dqgfIl5N
zALj85=`|O9gR@MouFkt=3V-+I?|rg!4Tk4?GxG+4y*hw`MPJh^Qo1hG0x4!9SC$Aj
z`VQx=kgz-1$j)fb=R`(^Toedw5)Q-!M^Ae`jy!UXgyYDgiz*yI4h-OFHh?Sn08BW5
zEd2nA_yD5*ekQO7Y>e&xlFKtMvvK(y$i%^1wLd+<_~Hy^2(w3f?ZH&8s?ho9>D9t(
z&#i2-x|G|1KM**75P6*T@R{P4ApxC~Xp1FcNWcP0ym&~!=Q$<H(yIRhJ7a9PMZ~{o
zfe*33{VfXI&kGc3J}fYpF78$`s&E-F@1YF-)1n!D+eoYT=9^c<A^;xuGSXww4tQDi
zG{}zEH{Kmp%)^RbCLvX?*Jj_)MIgKT6|nSMqB^2>+V|T#Fx^Z9_L&c)3N7GjV#;$0
z=i8ya_)<=6w=qYtAAHk6h*pZsDQ^wE=+xG{(W-x=nMasDBkY+zMVNk<q!aPWv@bWY
zftCRxo_(I!-3Iu;4cw+HXQ1PPU*3s4_{>$<q>f$mOvmfR_Q`0xfEYdsF*L`)9x{AM
z^1P&uFK|40s?6!n?txpm>%p_6K+A$k#r5{yXa?uN@8S}B?*vbS$<@Zw&`$I%PDZK2
z-n#&>Kd(Mubfv3OL8wDB`Pj2Jk?j_AYS5RAdrE;xnNTDtCnQfGrKrBjAc^*MQhBLF
z@8+IP!bc9>d&r*E1yW#NVt##oIFA1?=G$gY$wIjUJ%HFm`&ojT^`!e3Iwie5p@sUQ
zoCNg9g<H@4<UrNcI||!TTG>Vh+fgX?`+I-)9D(;W0I&9s90uD_df0kZ5+wSj{926c
zjA8^SDS{3`pHUFv#y4dOzI{vqYBsm~CqlGqTm1k_g6PXg<dU+sWdj>U7TFW9q1f0^
z@^C2E@}a~>K0Ske_C0q1Gazzf#CiMAvYW`)64>4Lvyp^h<OZY!S}B?W32qE%fMY@$
zxkzAz9Z=Xa1(9SZ8KN0`kommAPE2M;lD`YdIa1Zob#iqIDS*N&v35J`s=UYue0LsN
zv-#WdF`WM8Y}lcWDHsF@V!_40gN7><(8Jmo6R^gl6c~jLZC<AFXhUvq3R4Y05PZIX
zBd($m)4EyiXbKasunaVU5q|H~2y!mS-g{#NG`GSKRj$S2ZTBh8nl@w*EQS!lgDkD|
zdw%dzbPFK$57G|XD=V7zYuDDG|1W_Xp#*<GQMuT%*yI`l@*lELeFo-C?-$oYhIZ^b
zT@OIsJ6;#-;l-{(3##vWH+0uxqiZw_-b;hdo_=p!lNRj_eUm`7Iv#m0+T<O)NlP5|
z4hj?JEuTO_Rum&-chF4ug2wLW5YqjDYerByRJQJ-Hx2b)Z=P>X;g561J4Ji%E1>YT
zO>|qNzyIL)qO!dRcq6Ht?v(d8BF@Zz9$F2KH!xi>EGP;+Cg$IZ;txxnKCq@)=TTAR
zgaO_O^yBFwyzKB)M(D>1sa%%ODW7*5cIr>>LGKv?_{1cXu9ruNR-AB+kkrgP_4%xs
zVGVZFRL$0BM%L8PxJgZ}UGO7k`Zh_uIR^G@;KI~lSxgj-ZrHZ9lVPWtZs1@K-bw!D
zVo=4caJZIjN8c!vA5M{pz|AofS-&pYaE7koW6watpIpyTB-n7C*3fqx*YN7t8g_|a
zj(t!p)JdPl9ttm9dp@#G=l=!kv<!jCh8V0q8xF@2$UN=Vb&NFS0ZIC&n@G~l&#=R1
z{&j3fdBN$;>y>KZwX9w#)O&{2o9<@yhVy!*!T!zbNm@0phiu>Ntls0iUM8<61=}^R
zSD-EA^?-Tnoy_V@;Pv)j%jy*bYZ{u>E7I=a^@^b01{c-K<n=!0^@@UTH4w-<97B*7
z#6W&4R4SW9a#!MHc9lNr>r8>&P`-_1tY#0pp)74^BgC)I$c8W{R<18$85|8!hNwtO
zsASy2>o0K*2oNeXAsQn2mv342^DjjiBuU%A6Gz7qOSP|g;+?UEGD0`<>^$vto_%wy
zjwLjb7tA950O?DP_B1cpCRQ*5WxkaxdnnI7{9-h_OzX=Nx5W~(v>Z$%x^k?bi6FBi
zmOV<_!4v-iiHkfl@GM$rY-V{;ASqjI%IW;I_{<V7FmggybNweOtHJ>qlT<#yh@KMs
zHoAsE!!yi%axDturUF^*kLMsinPt&ltxn0}%2MME<T8u$A)~$s=s-JlN)FFHa6M9$
z{zbAnm}2~Rs#7pvlW1>{%lk`o+D^o$e*Rw7C}U)WG9va8VSL$%O4u`^m)_8;De9Ok
zyY=V{P4YZ%LGN;SnWtU%vnAfUoQW)ve{`r>>}ez3FxVF5uSIgEe_yr<X6))J`O{6(
z=EFAY*q6=I4x<&JvKcbmheBc;J<hLW&lcS`G<zo<>&5*>Xh-xuj$DH2>WfRBP6bvg
zgVaZA8}!iP3WY9@y>}|#VjcT}SzM4pk1;^x!+TpB>J-zwYh5DirC^O~KyV0i7}e~3
ztNQ*b=C|h&ia0^l+$L5nw3mHilLc!;A8H2*3&lBT&?cbHs<7|ZeQ}We(63EhvA^(N
z7@f#-s6kt`%R+j^SWuz~X%0H}QLD+CrC=I#d^obrvi~l#^eulLd57fhRUlo{Bzc-r
zCJuEd#~rzcBu_YNVt>5!1({=MB%rwC8W8N$mq~u}*CqLtqZi@B60aHlI=q?v#P)U{
zd~fgYWuiYThqc<hN3u4#u9W?~yg;7JqZg@G<u>4pjc|McDxYv4x6Lg{wN=6B=rH-m
zDm3tT5)O%O=yAauYKvjw{ir|OQp8Uo*bx~#v~W?u266T;0=ZGzU{}`Vu5*;HP}arf
zCHoqfa|xK>A{@a$f8lJjmL2Rj&Xxmv6YTy>GU{_G>zuheWzUL6*>f&);$w2)aDp6O
z;Z(ND%Oi7lUUO=&zt^9M4bDB|%&n6R0jKhV?AhNSpZTc-gLDW8kB^QZJU(i~2a6ve
zP(G>yZok24J>sr)T6faKXl-2A!%!OI@S{YPU<8$oc16TI*;?m5f-?=lURkG%U1av(
zZJ1k{%6zoWz=s)2wuA%L&7x-_8g?xLnW3hr37An9R*8K3C@k7i(cH-<|3vf|xieV8
zf^!w<ACbrWiNs{L4J>SYR1*@`(lTP25N2)q4Zl8(MuI0Tk#byHRKpYy8K{8BB09~;
zZ*?UqLYQvC-#cg`J;Y0CIz2>=UJtRfJ}q7kLGB(#MO7eEI>l5VIY^%JxJ1k^c>N@1
zI)J9%KB8T`czj`SE8=lh3)RGRQOPr+hS+tm6+LeiC0-v(%#M?#7n5RD8}W}0Lg>x7
zoOduMN4o=aUXIGwo0hV3#iUian0nxW`KTj{>JL8Q$phwJA++XCX$<KU*DI&-L@B^k
z0Qq>kmQj?z^m+H8*})#ogukuTqHjwwyXHnkcYeKQ>E0Ap#sY==I6Ds&{`0f5;3L7t
z&ake@bRB}S_82{Vd#pfya(9`m+A|AKFv7R;MHo*nUPe<TOMM{0)ef^q;fh#Gvu0dN
zh3f+*R|b7Ur!rP4XGSWOV)i_MS7mo3pd^<`E*FnQF6kv@g?8*Ad|+tLM4A3yNi6z&
zW`a~5K=VXT;mlOgyCMl2`I6XvYQ$4nKyIcaV7ozdS89Mvq|~oKuKNVYe!#P(SE12f
zE^-gmfU*%WB1@Yw07=qVCgSEetQSP@9HJ#na_%v_-Xf1j-+#ycN#Z8~N&L?y&&fLs
zTO`lP>Ew{KNqhWibW_tb6EJ>ik;DJ53i9@Q9L>m<--sR<nq0j`>+j>|=F&}24qkj7
z4`syPN3k}2H!@epgvvRN+%*7u2kZwFP{jqWqWt(JEvmFEI=nOcq`=`Mhq4CX8WN-N
z4$n!x@bnyM^KpmY_-(P(Rhc#8uykg-WY|8?Z>$9H<%D+X^aIv4qW4xhai;*)JJcwv
zw@T`C4dv8#X#7EKX=<WS^e+P{VICw4Z&#*{$$ot~!+Htl;fEg%e?+h*;}3LF4$Cls
zJSO`)`p4s)Jt|t!97K6JyTHJ-q(ugH2VD#0E~BzZuZ-^*yPj5UT0{+i%GITORmpq$
z1XOEMLw;ripsl(KC<hO6L7sMzfT+m0E*qFC#0Z9UkLY_pA!5f7N%?EU*dvnSeFSy>
zyIT5RhyzBM=KoIzvQU_C9h<@5#`F}J5;mUPX3%}&)tk>pZ_i_MV|GP|^R<jlGvdp@
zprf-9bBYm(M2{1bZxHZh!EGnfxE#;b(5(Tu0~_Aav3dZb3Xj+Ml#l2lP*!$0l{#(I
z@OI6Cd%v6-z157snC=PxCFryZl(ID1XC!4R@`FdooiMwDvYv81h+B1xe!uL|*4zjT
zx@RTkyN^@xsGqK@zOe{J-lL*dB9!K2BU~i|CytT3=9^KtzdGjsiJHeNi$JIvPJ}OO
zThUg(UE7MbdS30Nwbi$9UGoI3^It)<%5I^IKE_oQowSAzp}?LNmxz1lc5t`01GBd<
zvy$}MR*tdoo=aa>W?kTSgxUgZs(lN?lJ*xOV;zSD68Md2fmF?{tJo2v4Y>gTKXcWX
zcoP5&5BdnRk9~sO`%U;d9jYz+1J)U_d22XyEtL6^l_`mqL4vRhNsrchGrJp{p#3A*
z1`R6ava&lKXY%ZXue)-277sKnc{7t|E3k0nY#sI)-eW~2QM>+UX=qsJvS`U%%(^Ai
zgAV4<?OcGQ+p2rCpT4%l=KJ9FOcH$68<RM-!($`&kF}q6;0H@hkq%0^yw*cdE0n;G
zf1cNt=aqP`XyFfT=8-A*Obi`m+127ao3(EGJphX<dXPdO;SmP60_CuFW<OsbeC&ke
zrXXfoGQ-5wJnvn>OiK#bRqYr^*2HU4h2R4yZK%b)Y*uX=w!iEqYJW?4to>In(f-xE
z{eJQ7o3Q;)vY`E@6ecaf-X91ws5k?kUBeN**notEC=H&}K;9ZSxvL{NtvCw_4r$_0
z@c9701m35FM0{)Ne<Zsge-~<PvEE>{S3!w7KBojD<@^VTB2a)fHtWygg7&D9R`1Tj
zkkN1epte@DZ)Fd_x{Pl^>#_{sjv?_B&Liz9b|=XWyMvnA24~8C!@NE*qEW^JIaqW8
z)&|+xVf}`NCHltGCjW-q??Ce#UBG~SoSnm%FI;dVo})BB6@URpwWksVb?BTCU3F-d
zZwtDOG>Hq=5;#_Zpd4x+lV3qP@~xeoDQyl)YOnRy@i{Y&NdC<A_#Rn0vsp514*f*$
zw&_kl?biUuDo!04w-vQqRb2pMyKWrJlkz8IL{!<)d@X4_gF+sgNYz*@>?LB4jsZFt
znP#Ji0t|P?U&uFP85!CWV*>P}K)Y&EQ#g1fCL`AHL-2!#*dbWd>=4WX-Y|0=${b#9
z*~xU{cqPt$w-i3cHsbE<czO7GZs6Bk_~>&ujVsDqxrL2-?ktGhgKB*odJ%(m_-n;2
zg$&VGlhB$5{wJQA5!oskv8{5*$hJyGC$?2GaI3Jz_N|9JZN^owUjhWg-p6xk8&>YT
zo-f%JE$bxThE%7Oz4#LE;H%4Zdy#iA89V5L9gH)g+Pj+Fdsk=Bbuy5kch@k;zr!KF
zm_z;@4*3GPdKJ6>euNa0C(jY&-@L#En1hfnh`ayR(#Sw4$DvNrP|Rc&Ysa;M|JGBa
zi-oKUD|Nx@x9DXg^}-PZml#3Phw+x*<S^cn-K(R#R7!?-*R$*$JbM(%q&j0`ZbAHh
zU!Acr-_(RFWKOKTIE)z(Q!>XDi#E0>mE69Xa7?U*4m<WzSw2{O#(w@9ASW*MFi*8a
z*4h$V>%a1wto7+^tu4B>R`DIm%~!%&qfml!G*L6m#40~_WfLNN58cO(uLA8akHcOq
zO`xm9Z?@A_qR*heN}Ng7$$j5pc?;w6RLZMuqT4f07`%t*R$wnAwn6&fV^%?W`fw9a
zTSsJk^e%4X7)ELkDHa>txoEzKWCxvx=Rqs3TO&iqd0|W1QXp2L-qGHp<z1U%ox9hz
zsP-9DbNbnh26VjdG5CpE&~yWPwQ501w~^3_*%}hDs}VS{`&rO|Rtal2LvuljnC0m^
zt%g995eK4l2EK<_-nDUgU07ZT%j+JOhsQ_!l?g8L!U}$6lB2D86PUE8o85i!QWK)3
z-o;W6(TYR?6`7T{YdC(TuA_r2HaQ=h7IL*QJHq}E>P&bnc1URD^aJr|1W%@T5c2^l
z_>g(#swweYVk=|a$4%1;wE8z-tXmsfozb>vsZCg_s`XN<qow|arIwH>TeapK%52O^
z_-Egt>~R)ZGS!ZVm~+&OpjSWIKc7QGCzc(uM+<(%3ub8lpl^Jx?~H4rT2r25&%0{x
z+!hX@4?nHuPU;3X-}56P`|WAoiOf5RfOSN)ggBZtcq4CcA!{bu;Zwk!hn@*NP5z(m
z<o=)dXF2~I$v=lh>SDu79@Q-o`mDuX0?$UrLFt=$`bUv;giPZH(B*Bs7?LsV@I!34
zIa=*QY(i6F6>_xoJh42Mn58XwNC&pZc|W#inE@FeV~0msa#u)>v!^L#{sPtMdD>e~
zT)@Z6&)GcF^90u<n>xLhwv44c1!=tm*BD4E&}vxPBal`gxbBCvLhU3=8v$vBf@>(G
z6=_|bq_n}1RwTFvK$=~<jivR2G`rv`l&TYH6EKJBDD0#^&{GI?gD<1;3yL=X#4nxU
zONR&Hiv_drOA37X=0QAE_VDV#pLekf>A3fD>`JLjRyN3Jd3+Mz`T@6VVLa;-<p`HU
zs9kyR5w_>h<E=K7|1ddNN|UyUWJE|YxUCNVBoiaB=N?8n*W`K}AL;^yy%p(o29np?
zk-V0WwjKfh5S$00eiSN(-ZN%%(O+A7H{f-?j@n~w*9sl6{dcqx2Q(4^86i-ga+G+`
zHDp=zC1FGod+_ea2JBeQ<f5A<GtB?vV1~th_>3x0E!we%S+Qg&7N`G?f)914=h<G}
zyD}U`o%0a-i6A?^ny3N*W!sx6Q5;9ml`Kn%ae+9G;UA~8R5Z&@<xB{Kk$QR*+%F6M
zTg3K>q{72nxlaUU=+{P8lc5oA_n4touMEdv5Yb4>n=Wa{^)fT$`so$ee{;DlsYM(2
zF8s8h(PbKGg!gD~T*vzC(yY&6E5l^vy34IIeZ8G0R=MNgr+?ojD>agGO1XgUjYf+z
z;*_WWm-)E~0>79=BY9Nf=03{QC`@-r0SQq%?Ol}E;+BD26%`?4R-lZ{P7mF%NLEXL
zbt)wll5!liN{2hLXCjV1Ah?U(l0;Ne_q5fQ7)&l3J|NcXhuu9924`|&M*D~J*J{;Y
zfgFwQzVHDi`cn)2Gp3I{u4&)0_faFU?!WbQwWA+nn448tYQ?ww@ybE%o;O&90l;vA
zNGq433nmbt0%QxM7B!nePDiqHLPNAEXanNwgr_Sj9ZaL|O!_l1#<SnujPXP{k-?+L
z6p>z*a_OZ~V9Glr!Rf5pl94^5rc-tx5I{1<pah%SrJdl&CEMRJ<g7<=1>TqZS=7s1
zt2aN&V3%osENTZ`k2lGE##>yynd(j{;Tk(KBKE8X31qxUg=LGg=D8CManKu)Q|%$6
zXW3&?^zsokZr;V1r~E1h8WUwtqk+7fY!U|g)3c<n`L&-YS=UM8fXxm=t;C{1Ae%0^
zI!OLPa)+w@ak+)GH3_HzfZ+^OjK9PNCo4b6)}!2YtLS}6AbooSBs&yMMlYsg<iN2+
zbV!9(etR1o{_ORV-}pUYgh4}ZWKn<F7W+2*>(~Zc+qhM1@7M}7U^01wts)nvr);n-
zwh8RR!Y)QPyQ^gD23O`HNrlmvvnBr!7@7%f*JL357^UKX({~hK#UIzE{FPqAn^=HN
zrHfM;ZQ}Z8<4RdUuWWRA2D_vMxc9MV3+C@GMLfiX|89)f*Szr}utOhnJD{xS%luzI
zv<NL<^GN=_BadD$XeGzChIRK=XZ{RSCoPm5GDh@S5rtWj_V*8&bDBv{qee@JnP-#c
zm1uG^+w5o0UlqOnn}U{n6@>Q#G)$0CJS~l06*_fgiFjm1MffRrPblF%VTN{j-)8rO
z+iq^<o>0_9&tNaw`>tAdNg}*~5#f7YfcdY8o<iE2%&4Sd!WDwr-?G@~?!4IGa>AB8
zG!(aF4JvJv0LfN%wSTs~PyeiG9U;3sE;~PgBp%Fg#bsn*hRJP`m_^h|wSSJafA+L1
zu$d5)J{?z@ghqeTvbe-;hSuUuOriBSL%sw?Yb|bow`&WQvK!zrxc?>~ogc$4gkwq=
zSb*M#4wIbz!qMwvH^3QsA$`e@X#(B>nq+mH7G2DWvwSg8O+wB-{B8FPVNW=-D7>$O
zf)Ara&qVgNhf7&DoEc*gH^#D;%4LWOqoSyg!6fv$e$B98V_qv*a7~Nb;%qpWr^JU;
z`FKq$diGb>T=Kg3uT00@bs-?j8*w>rvm6WNyc9*Fzq}r~E`IfHb}!s>eB5<$1y9Zx
zAG6nHm;HQi;jTgj20us657EDtCJhMMzWLTN@EaO_(_UI<Z3ac9XDd)li|!?|N}pPN
z$$hki?IUqP2SHyi0*P1u#5PpVaaT0IUyH-vG72WKQC5DC8J|bNq_;4#a_yNIc9}SK
zi5z__h&~yJK3Ux8;F0V+M79FPkU$lQy%|qRD`m>cQhW%9yfDM9mu>B$ui<d0t{$n;
zCw4LV!kOF{9z9a^-{}j`*ZC3pg7(v|F<@Lf7J#t`<sTTQ(RxN)_zTG)&shKmmGfk!
zg>jmm`^q9vn5LMu7Mvj_d~~X8lGHqm4vWl73DJY*_F4|5lI*n{expg=tQA|Q&Nfdw
zEQc!{N}zRnEsP-Sz7iwrMT7LldU3xU`q>6eDku2;njK>{mVk(W;o59b6D=*2>MXB>
z-e#Joi->nd;K6{GJlZ)XYPF<aK#WdHxfi6F7f{b7&fkZc&8WqTe?Si72C7&6h=y&s
zjiKw&Ul=-hL}Fw?2Jd6Eii5P77x3C%T<|t(UlmPv>wjji>^W)>XPv}}1r8@me)Eek
z)%CJ}@{j5;IQiCR+0-Eo)^iS}FngM4-8l7m>$+)a7!3o)3tzjVQ+3oO%_m*bpghte
zy+oUG52=#K**d!C2|a4vIIU2!?gnm|(pbd-1XJK5RJoQa4>m+9yKf0S691lckco<%
zq93KE`W5iw9PbPy9P4J+En3y&1VJaku_1ZK>6AchWWLeloda?5i*_h>j*VCstKG9h
z=pRCR9-317WexIoFC>5M%2{C6bAUa}vD&hx);R%6@%R;#J*$80V{4fDE5@eqF#lu&
zYT@L&QdXTN3KB>jSB~NI-qvn|jzfRuW921WyZJby1w|j)H-<Jx#?NQ&O{O{RgR~C8
zb4@zsR}7lo&zoAzdna<SCafDcoFpmf*$)2`P4ecW1O3K-a3)dmcVFqCmzKb27lmv*
z9yLnl^_s6O38pwUAQBk0^gXVxy|N8cYh2a_FRfSq2+#<No~1GUrwQ_{r(Ji_-2y^I
zia-U$^Pc3I=9u=f8K81gbT;u&LBMT~jE9P!Hj~l-+CQJtM3)E>G<_Wk?^)P(SHi<P
z$R?5|&<iRAZwu=H#!9+sbbV|kU(`<jV?SbqF#lKp!vih+Pmm#u+e}wwKRT3iQs7*o
zv{YwQvk3r&c1S^OhJguWXHpo9j;CO)RRE)Kj<~>Rh`{L96jWjS3M>|fQKpQpP;nyH
zA&|QA&}vVm0g!T{sKbi5e%8&PhL_w1C1vYRu0g2yH8H3Uia|XWpn_NLU9iC$WBaBh
z)OkT)8qVN2j8#p(IK21J6Bz=~s#JjY&Zhqc?|)E<W=<iiwP*S=^~iYsIhubyz(4Qi
zpM&{lfBtzp|NH}dwvhilM{**EE5+yV7sGDQ?r`|KC&=ON<;@p>`pVYR;sW;O^mHgw
zTL80Yw*J<mqJNgah^pT_E`d(f?&Fw3C|yy9Zw0oa7jx@tIM!$QsjR7qlJY%BNG{+8
zj1?gAfp{?h*8~n%GcOo~I_o8MFfCC>Tq2J)6LwT+A%|aRs}64agAa$%{o*QvyEEVu
zY~)6V^?<vrgAW8_!u6Gvqq4G}ZIT)zB3Ps7{j<PsV6gi~WpxPkHx~PwBrzRa8ut2Z
z99`&z1Lp(PV&fNmcB12h8G*(Z#e@YzQ3<*VwtaAFY`^ioTrcaU;pbiEV3*0-HSn>>
zX+1rC21>PlC#+8J4%zTMTbzL$Rt`f@9lk!R&+zQ5X~P@<)$f}@wX+_SSva*1v_HUT
zLhnaVF_!PD)eUC{dA*mF)p3(AT<NeLa`lfk9@&`G@{JPgwH>f~L)Yu@yk*N+tk{Gk
z^pJKq5ea2nAem@g21@V0n&NLS{)sLu6A+?Zo0#7JuG<)*JNah`|Ln^@d-Knm;Pc}A
zW&v{1AiSRuy)Tk#tcjS6KIkgRivg@{-{z1Cg_O0YLRq61Avt>u%lb=l@L+T(Azr?e
zT3C&N74^)9+E22fU{@t6+ZZy+35bkGT!To#!D&-o9Bo3U53`cvX;WTnv<V9alaV%Q
zj@&w6(58=<0!Nc1jOKnkbouB-NW9h{$qIi@YU&Gy=?=b@nUXrBmeE-MgFj-|Td;I0
z_PZ(CFBOT=SXR<q6Z(+Hmj|-#kk$UYL9Tg@quO65>8N&8z1$krzM5uoNUJu$Qor8R
z!X%pRKMMH$2mc(zKl>F>e2j>?IFA;SJ?uh#uz;uVDc2B*T?D$XlKBqF#-Vm&VlKvS
z!NKN6H!a&GKk3H0En4(xC~8ytH^B1e%y<x(P8kgeH!x)f(Fex!fp|g$0w4Gjfp|+`
z*QKPWc>_pO@K1suM9+652_0G6o197$Hb4D+4&tj}NVH}*IQ`RU%{K5F!=Rnecd>!f
zvhCyp=Y`!{LvQQWfrjOMyxCRZ!`!fqM&~#3O9<^2fwpZP_n8O~-~0y#`L+Brz(2qK
z!?tki{?*9-X=-++H1jO#N&#48Y_wWdz5^a#X;7cdvQ~==8WNZ;bZJb5D%g5P)ud>8
zAkk*qhSmn924;;i;Tl%-<^J3xGZIAD{{Y2-wP=g}+Uf)RBAxaFUxWpBkoM!HpRT`%
zBY>sVY2-B^E6y801~<dZ;^Qgm!p3t0ACH6`W}>s*sJ?b7*Vjs<;&Eh8K+{@m$APc+
zwMChzc%No+^qGdTjVq5%E*V{!0%DU6U4dNE)%l-~=@8#VTUK8RGsa++o@3E!V;qdS
z$)Q)^lK;Th(es#cn!<4beZYg=vk4FL9DLIg2o~z}xEM4SPKAgPm)Ux_u0?CFcW5$P
zpSyaoh3OGldQ`6q(+^=tF^WncDL*^WM*D4&d#f7YH-;%geeM(<l}cjzT;MR8>2u|X
zwzj!HeAMjX-{Gj=HE$K$58rBOU8DPhWZmGpp+$Tj7?u+Nl}GQAJ*!O)YlAz8U!wZm
z*Iux2;|>KdYm7<f-v>3k5=AmW(xWo)w^$*cmL#-dfpjQ|90X<KD__xuChS(&ETVrJ
zT4@<Y?>m$~H9MP<=f6PC-D~9P)eOz=&%hVxh(6kf?=y=WLafLh@kf4hv)`EEaV3qs
zcU=u3{_8uKc@9HFR#=bzU$0^oI)w0m{4)8Lz~E+ad$zZO>}|e`?%6d0vw9{s6;Kpy
zE3#P8JNmJrwS=tPijd!!U{SOPWSnMFk5Wbnm|h|wvinSYW)=gxn4A#VU(1ql%>U|%
z(VHL5a`bsLNAzyzb~qEr4hJ^V1X9;4kH+t#P8cy_ld%OcnpD`57{yVdt5~@~#ZgMc
z!zJIB%}G(xd%uYkJ+O^d#Ps9ENYPCz(}dqdh2F9KUMiGIzRt!06&h!8b>}3gMBp?C
z_J=ag6bH7ANPf^?0w+6e46=xUKXqhhwdn0h%AMnKAe@K+29a-K_eKS+k{ySkL3ekQ
zC3+P-y}9dsc7OD2q)(tQ2U_-7o%nz2^9F;i&%N(apFwoK6}z@NAMrf{P})P$I>|Y=
zXLW;&`hz+ku^AIb0F#!8uDO*UyRIr+FZ+!f7+qUMbS)CUShSdHket=TlQUxtQL~yT
zHLH=V-@7`o`zg_(WU;F$G-lP@hv`MAubw%p-!b1p$3Kv-&JN{S6E}K9!e!%xOHZqo
z8Cs!LUT*yK$Y*5Wv@OoSX>$}H6Bs~NlWKMX0py_Qo!$~4WtRfTYDVaZKl;7!$ce$D
zwi!Ius!@21fPp@nr3Xk30%SrQK$Z(ajQ;8A_cF|AVHgEay8Tns65pWq!|?6Opaztd
z`sRKbdFU-EH4Ji+ax#>^lq-<?HTWvUg*9gxH<pKCeLi^xRmVGnfwRpm{8#g0MObVu
zFZStKx=XD51UniW>)i>7f2YKIV~Ham@fAvZJf_Va6W`0#oHZ;8Js3aApZEiVJk1P!
z2fv4(@ddtXV)kc9Yc$P`E&*D+hY0A)tim#%P)gs$o30nM7wHW_-#795Z1#N-et(W0
z3#??%3wq4#5IwrIYx=V5m9K|iA%u*fYeIdZH!sOEJ8<)r#zI!;<>6OE4Ed?@ex5#c
zxX#EQE3D@k<-^&1=-tCgB{iA+(<d`)&N~b)Q`DSDIj@~P+(rl;<1WJ;w=namY^q+w
z>f=oZHUSKNa$Q(J7g-prLD$M2?F)S?$-I@_!}PXPy7s;;LLlDpwuP)<fGPj-9aK%-
z!mLzyqZE8({akjx`_i!J{q8WPAaeL;a8t_afn-YQ8putIu8asz5rLI_tlv3AC$L6D
zr)B~x6<j<dYC{y0COlo4^zeMwc>n0X6+SNob?`Zu&)~Cs=tbc3-`ne_Z|@b}-uM>n
zHIK(KBg3ISpM}9BA8IZ3<sx*Qt_vTDVJF?8-yS~l9}{EYE;HB#ed-(}U(pzrtwaY+
ziQ{koPyOE%>z{|ORA;vcU#W}MwkT%*mccJHk@Lrx*5Z=>Y2Hd#TXD(Y)PjJ^7R0AQ
z;*u53`SCBSh}FYttcp7sFQY;Sup-|56$C^dMggoiTPV(<$iQpGC4tD({Ngosamn6d
zf8huGX+HXdzu`@M)=qu|V-NI4r7<VjO9s%(d>`=_L(H=O9<#$=6qc4p9<e*FsiKGZ
zvQuf0a~ot&L)OH;(Ga=~z)s8>=r_+S$zMBqQL$*TFEqnn$3l9KzmVSJFU*uZ0TTwv
z-Gf1Luaf+|=CJqpcGX~467(<fkJ{!ANUa)>Dri|g95pPn(kIk5YR5N_pU)<g==JaL
z*9*<x;Scl|QoJ|{9`gy!?|*uQe~<1JzUP;Q!Tv)2_&)3eFyQ0+J@T17CHebf>xb{}
z|3dHY|3dHY|AIjH3&3ergVTD5-ru{f#+UV+-?`*_dz*T@GFAWN-u(yu+<wwcy#8-{
zZ;xIw7|bY&Hj7+>lqlwZ5JO5Rr%;QeUhYt@mHKoNy~y{8ONvc+-RgjI6QJ!>zxj^5
zlZs0wr+S(SC-?dm(JuE4K)#>J=4t3Fz8Khgyr?2<@NCE79Jg6D(Q_|UF&u;P;_M-;
z_S9@xwT4N<p}|!s%#<J=LjA(Yw&mEOJ-5oP4l<R%N%?kQ>#?GWCWEI2E3So}2BzXf
zZMi4x*0tgSwCc7Q>aemnyA#g5BHY(4JCy8fGWAjpA}#AcSAmzo+(JFRt-}`vmOmkW
zWwA?Uz$w@db8&7}HWTbW1Kv2Rm&wX1amf>=qNdg8{I=q`G{IH)Ewe9v4Nn^&6In%b
z$CzMOwZWK%X?=lIs2G}ig+n=^nNv_bmMry2boX*9w}*PNuK(D2T_LXSCJ^N?p0%2W
zm(JET(^JoEHmp(l;f7%0JnoBx*sQ{n3%&N9(7Mv1^)uyaQ1aRB0I?ydhBe{JP?bzB
z-QiR^hvinlI7096<rkMcm<n*c$K+72?x)&cGAs7C%}SlaUu;%RIQ-^WxPLKle0Z(v
zF^50>ZP+7bd3h735QF`hd9r7N!FkPY+0%5{#EuSs=G$^E?3$HE*>gTi^c*0oIT+~*
zW4!)Cz0#&!!OE>LI<4#7M_~vwloGYg0LAf=nbz9|RF9&eJN@Yu1O1ukM?|pud->Rg
zJSBNnHcFoJ-6!7V1S~$Y3wxa?OMy^=6kZ98HwI}M;x{fG;?G<r8)^U)nYeGsf5?Y*
z@YnodG3?ZLfpoQZyqk&gG3{4}^}IVN)Ey`QV4Jgi?GV3tUcA4I%Ssdr8-FDmKl<$z
zefx29dh10m5*Bovh0m33N~I0>1t64>`gU9%n_;aj9B`;FuM^l#SUXsGc_V$FI}rH!
z+oGjBfdni@(m#A}rKk)<_HT;~u4`~V32T}vC3QYEixv*be0l*p*9LfCEh?CpI<Y9f
zGHyNmW;kuu#@AU9t<%1#Qe1)uOmV6$x6Wo=Gi_s$Fgdj-XJTrEqR8PYDey}Is)q^W
z>B|7*OC`g3SfMNgdHi{Y=f%5pUc8%$3-DeY{58K9g}>9<Bzg~{gX6#jjA)2z=4%1v
zg14j4s*7JFFO3{mFuaMW5@0Ui>jsp10BAs$zW_bWp90<}Fp^~FHGqWY2Z)}}$)EL#
z#`y7+s3U+L2O3KdDd8Bf2HZy+emNZ390SzhfRW1ZxsAAGkUDu$Eg~yBow@6vpI4!>
z+3C+T$>H^^t1Bl?aQJ)8vnf9U+Rl-4VTV*f7fo3c%j7VyUh5HDa-cRr&i&D$?2_Q1
z0a@%dr{DZ1*#L)aWfnU9)}Jq*625+l;QE~K_47>TnERBwR<`bP^?+mTRoQQzi}B`1
zH=iGzw}MRPZKYARu5};9iAZV+pqMH5l%srQfAraHSL}1m<bk?FQ4XxIz*hKv7RL)V
zqynfVdS4`BQ%StB-EYiyaKr(`tQ^cSrvy+(R@zJ9HE6n34*fPsN+4oS<1aGU0qIKo
zcN(aY>RrJb*fLo0Zeb0SLIY@Uqt6D!_p-j`N|+6kZSn%Tu5tgJ_8rF8^!GPlEn7uH
z;!@HgiTx0PrSRIN$c<zA#Hq5f24fT}b@e|&;We}&dg%7&J*g%BOhbubr!BmKhNZr|
zow-nYnZ{z9TMYeopppap!>>qaUI=%q-Ct%XnR_o51OOz+)=KyLQn-?CB;EirssxI1
zP9zLTWt(p!V*%%{Kt*794cmLcNl*@O=wGys{=#;H{n^U~`@1hgt(5IsBcfsM9;cy^
zZJs0IoU35VK%vhE`+I$k7~(V>iulT!V}LxMpF~IHGf1|x#92og!(l*5r?ML(F9E+p
zeK~W_IdjiShOJ0sVPoszBU<{^iIz0jvnrsYS_egHp^palL8tYU=z9Zw@_nO=-|T7X
z>oWW5-DV_DO>07_`IVt${Ju%MtChVxw>Xv2zMO!4E<$HuD&Wwa0O1`2{k`5sUJiHq
zV1GKCJu84|6DOv_E__>3wmNdxOLX-7o$gLfNPhDI;Lp{3B~Oq3$EbbDKiO<+T8n+~
ztx&=^jWRfS){C>h6$s}}l_)1|x$ETeoi=5i!?#lOVtftQZi`@_;<kT{P6GT498Bo%
z&*og^8D}m+9#$rtIq^<8a2&YGYNyhOuA5*5KVVP}IdVg?p~|Tokk9;#-kg~J$NtYF
zsOA4>qYa?^Pxxd1XC0}NtVfYP9&&YoP9yxJ`eY-nl1=G`i4N;Z_feV!y2M^rtoB+^
zthg4LZT?AyqPY_oPk9USQovN6n3N0ffl1n$RytH~9p7i`VV|vu>@&Onfw1+&#2p++
zO##GL<z>o8YJm(YtZQZdT0S0sFB9>k>X&EOfda+9q-{HQFd+5iO@Z46rarSnA1^$-
zLI#THP_{-$A@Cn>$%gYVq0AQX50D;yLG<v8i_pWJqPH_zLp5GN|5QAl*VPUcgnjFI
z*LA@0#`~|?qZRDG!2NNYcORG4F6fP;Ed{8<IAQaqScFJ8!y<kByiHOr_qfyR7W$Vc
zS=UUO$PC7jv9_Lc*`z>iqQl?40`FB8Eg*#|@R_n<wNn{yDak(yl1VpNP0!A+*KEIB
zK<gn?I_Eg8jqd#pLnzcyu1=<LLOW;(f#&u3yD$)Aj66&JzN?mBFK9!)-AXEkf~gh(
zFLOF#JS3Q3*)ME<XvpS1rsb+M3~lCArWtv*n7vur+j(19AFoaF%&-U)QH{=p8?}nb
z=vyL5PQ&0U%%5I$KMRdc7iX<vMylZ2>QHax{sg~`;EL-MU?!}BdSl2OJ>Oto018&i
zAQeQ*U8!9TJux40vbB0rAD#caR@>7KKBFr?@$Yf=T!%_f_%J!u>}+j0lyh2t6}`QI
z*p%D`GRdUfWEB!^AFpv)*z)tJ1AT``UNVN+%@ZvN_*o=c4ER|Jn^eFrqij57f>a$~
z7U_WuwAwYP1zMxRE<&<U!=4j$32D(?grE<cyS|}|knnPyMY=_Q5t9A4IG<$mvnvF4
z5yGBkyR!4>A_&*>qmJ!_7B=E$)Qrtsg;N`eDqHpSOB(iWW<Kz`JcQ~HUB!rk@q-+u
zCG1-iuP~x`hNw6Zm*?@}-1}G?A(Z+p{?rx_>Q&RjtCiZQo9SuYNS#7ukvbqpGStQ5
zm+AB?K;!Fe7<ku~AXiu63o4sxob9$@Y+DKvhtY0*6b2ffv#pbrjoO8`@YkwXe7qx=
zK*p37SxL{96jNv*#?x*i&LR5+f5(CN%D&t<OTtj#v6jAQ-qO2oA!?AqJ{yR%F<WeJ
z(u>-XvQzgnxU!u=XqL3-3ZZ$@Rqb1p+9?{K<BfnMJ-YHpqv%OyF$N0yd>$%_JKoi;
zr?5Po!~6A*+TdOofB}GK19};w{*R2>vD1+^k;eDh@NehdjeM(vZ~q<M{RrOkBJh5h
zHs#&SZg)5uje-a(D{F1_m5?x!e2eYS&*$ED$l?&hH_{D5N8!d+A#VF~Gl=K?nf5dJ
zV~Mpl?{o_&9!hHg#q7>{v^e-?v!=Jb*;>;*n_4veU8+IX&Rfmf@weK}p)>l<A8%f%
ztkp`NpVL?B)x6SmtyY?rtRG(Zjb@dOz0q1FDN$c(UGqv`w_52kp#_ZVOc6}=-l)UW
z#}QLaa|u)bo}<Imx(_dosrFM5OuhFV41h=$(R$SKen2ssYnz;^5d0I}&tU29??kZq
zTKG14QS*4Y&3^;ETCb%%%-%;PsghAiL-##@tQ^Vg_lId$@XTa<)(9l9y0T&3C&1X4
z;9DJh!&`s^B8^(l-YG&ef~M1-+msq~juf`#)|dFl8wUD~M~T9D&{e@Iq`nT(Sxf#<
zW;5#&7AJn6_LOgH*rpCK`qoarh2p=LZ}XfrxclbUW9M1G={`e|CCgnVqm)}Cc?wSn
z?ly1+n9v~QREe)%oQwV&Y@Q3oNn`UXgEyj~(#DyGn$W|lzo;O;K6Dw6FX^dD0N!?#
zWIf}0*I6!oC+BV+=qX$;xH`hG#>g-C_Ry8gK29y&G+0SrAD6kzsah~G^qF1JJhhFe
z|2SSLRj)vJg*wOaU&xxH(HQy}KP5huzJ9d$%%;)egms^d7I&>1El%HnF3DX+Nx`hu
zCyewn369hCCMZ9Ay`|L(?#p9^-+(S-{2tYaWL4nrjNmf}e5>Z}5WPQ&U2j$gXw>aE
ze8QEob+v0dz<8zLJ|QXQm7&nZ<6AQnu}(LM3xg!$ow80hi}QbGhGORMFp9%!ag;xA
zQlB*2b1&Ha<D!`1xzHRj-ttB+yclBK?b#Y;K58XIjyyoo0>q5M{4Ej87|JkXxXI|q
zJtun#Ya*B-E5;h%QE_f=1TiK7VhqE9ZJ3E6;b#E*P>{bRbVdAqg=a;A<f#VysByjN
zC?D{hGq+)or?3j}1Aa9|ens)ap$^$JL@`&zWiE55A}0RN_+bMC*>DjAf#ZCG4nbsP
z_y!YJ7{1{m7?K_<{ijeTF27(kJ$~Tt7=GNEUs>l6KfA@%jt6t{kF}utO;`f6R6fWg
zy(Z<ZkyT@qQZ_@PHj6m^d?gbgPRIxaJ^tYRofB91yrkTU9H(WVMYIgf5-s=UiR}lN
z#P&ln#P;{(i0vONkksNLNg05C`rT>TmfP^XcR*5ak(5ED4rNkVb-zalgw_4Vkf_+-
z7+$0F8x{9HNm6Hw3I6p-OT?d`IsjNBWAb8y8za5nkk(UR*2|ts6UjfAujkLyAy~fM
zVuPzqw47wvASq{p?UNFapNlVFUu-bB6Z0!q5~Ek87Q@Cqqf`a6Cm99SemwtIF+Cy8
z-4Ww}x<yItUr@1h9&ws~tXv6=j9$d@Sq@sv2rkp71}yGMh~@W?)WHSflDiERU$Zi8
zm738@g@mGtgIR9F%K8;q?lf`9Ol&z&n@SD0Lcf_*2NO~sgpF31%pAwvP42JyHnzd|
zsN)h*%P$-D*wpDcq|}hC)vh#$;gGhquThW<)i%%cQGz(P9r?6cjV1Dr;>ATMUzN<B
zvx!o90K_~W-cWo^izhk)P)#oHKS~a-mOQJ=0DVONhD3JFpq3R#{`7A3_HO8c7O%W2
zrglpdp1mHnc()vo6)aLWTagsd5+ASpY00=<w#5G3;j}gOv3E1N{{|9Mw}>|a)i@LR
zIqw(5*tK!{W#tES-uvXivte}LL|&~u4T+-n8~TzU`mz&vcj8<jkv-kPr)of#KD@yo
z)C*9F!n3GTOiO7lcr9l_Zs3&<(9s@LUlcb4^UUyC&sks$+mazhZ}BQ*49yE9!-?=-
zZbRLz7LZ6Vl58aUs!`Hk4S$^0(I(NmjUK2_x$6#N&jr*c-dkuLfB*+SqXPSE_4aIo
zN%VQx-C{SiCMs}%gea?nE#eYaw**g<S@eB_mR{c&xYhDOZOA^>H%er#L|U)}wqUDq
z!GZ&!^};mKN5(_wlVPhi7P$vyr?*n{HVM&&`X3TV<ZfC3W4bCf=pMDY4&Dv@nJ1so
z&)Hjp+VKq+qLoJMXSs=yQPGejlc&MBl%voZ*|0IVG*)G_ZX%)&U3~`g!_nNFU-aEQ
zhTT1g%oan4d-oGUxW)o9xE=#Ua9<r;dDtV`NBi02+SjHC!6NJw02{n5)_V@0y`TZi
zu4c|U0a<;OSkQF~ti>q(I=Bl$ed2q#@c?UJ&ouzP-HogP3)GvUujfkgG_`SGiNa>L
zJjrkjO>Q5rdQa`KOnR-}IMd+H<>UDguoX}R_H&}^CdqTCQM<f*3T{?Zo(5+&MhAY!
z^#<zqOgEU>Xh>(+uRH)>LsdHb|HHM|qN(0spvds9%O&+$6N<%cwKv{P#V6|)eCi8b
z5Nx_o7Y)rh4~(*iBY6LOOrIJrpP_}X3$0nu>2V^QSc$Glz+o<iUAmACv+pF&!A54-
z^ZBC~q~jJ$AUl<lTIGXAQXN?6<=;MS)F@*MOE}k)lBe$j^H5nZE~YFPizX$iC;_vq
zq=cl!i7q=(|3>byWDK?o{Jo{zC~yu)QW8Vg&{*(Q=Q^zfilF`d(TAf&(C%9&KF6se
z4zl;x3rjl)p`B4vrL6ndOXH<ITa5<>AaW?{=`j7ClyZ$^WZ{7B4=&(uSq`B+CCs0K
zQfyj)Xti2arwRCi0DZuGj@OvL3g_eES;?^{nn7zNzaS=TmsK|uy-SEc?t`zA1{!Th
zrwPHQ3`~5Y@IuhbIwFbF1aGD59(>r4dRGc7jBNpOU9sB`SAHJ1n$G%~ohQHxWn%mE
z(4-$yF?z0sF>gF83W9HNLhCytMEf;iJ42ygBtv@;F`$1mcUdqT1(p&)=6%2Qvmvfd
zyOw>wBk20Z_fo9i&<OaJgOAxe!p~8mPLZEh`q>A5qUquksoND&Ae8v{R@#T<TU7H4
z%UIi+T@spN3S0Nl)I<5drAkL#6%+6ifnZXb^aahhuZzBq$^b4_^bV)h+Rlu^(1}b@
z{c3~T?NlE#(G$FB<WFfYEVy;2=<^B8!(6{e0^ajFtOr=6dC7Owsa$Z1_G9q>j6*Cr
zz)45;uoUJ4zZ#!39o%Jzyfp3hlL1|>yJrW#BX;)y2)g5hNarq(?AhOhx=S3y##+{=
zmxU5cn%KFg5c6ZSc}5#xw_$N44bDzO2D%_--U65PMrWD}r;rGKFH~B79iPRxSKE+_
zcQ>{ii2_gJbHDj*n1`v39igS=B?2S4g;0SuKP!uMJI^Pd$GtLoQi<1>V-O^oOFR#Z
zM5Z1e)W&a?!>MGzeJDdem!!D4^zPJ?485?sWqoljD<{)jHsa8-*}1Cy<&`!xr;qkD
zpUY%5G8eg%ZY~pEX)zb4N^=?0iOprhe<E6l9~MUR3hScZDi^kizQ?ktL$Wx-7jQiw
zsRJ_b*4$vLuQa(+9qPa=*%K%Tb%Jj>PTyKrGW;ABGQm#^e48RGTb$k6%Ynm*C6BK|
zG<TM-E%p@74ZAJ_W||r)lAsX@8yN!)>$o<qOJk<nZH?)qOPeVf)`V-dE@p$^DG-8<
zL?H&|;Ds!ZVd(lg?OjwzVkQy<?aQ{T<Q7&EZ&zXCwU=N>Y(!G|TGcpL3BV3h%?rf$
z0^*C6!M|c@>tvJbIqi#Dfi*{w=X_?~IMOEVt5kzfQ6Pk1o?+T%Tal4y{}VD2#6E;6
zxa3Z4_w7(kTu!!^-Oy#QZ*8a_2JljLYZI#oWm!oeo}IK$uQCXs%>2sGb<E?G35%y|
zZLT&D{l)_cKc;9XE-(Wcc3skYKSD|Q1+`Oa(=cYa8_}t^Ig^~-X^)Yv_K>#6--bT7
z!>2yp1)9XBNY-Ltxe*(2p%<In_b$$IPpWth+2Qx;@C}oJRgLx|usBG0zhj$@)M_Vf
z>Hr;8{ec+KAsHwhiN1egLA4lgrm`T2JZikK#05CqJmVfW3VL+l9Q5Qz9R8$hI`kCe
za`Rk=ArRiHoti_Bf9eB9Kqb%K2Go4t4iY2@39?e@069ShIl=b$8Wa=~hjdrX?fMKf
z0*O~v=z84c6oiNcRWx-aj27@3=7>+2P=7?!tT4^(CP{WXzT<)I^}s!6nVW$ofB+tV
z+I@3qFX}qD?L|Wjc8Djz9gN`|gbZhY#F*JpC~BE4>aRNo3z`JUo+&0lTyRgAUexLe
zeBI?_IM%?f*^!brwJ3S~PYuAl7Q+?=&QjUz>}HY!LD-@JwnZz80p2#+^$ytem)Vx0
zeUxo$B}lNaP3+eg=eD|4SCQFw+m9@|t*YKzs+Gb}l#Jj96w(fU7tO}GWdvV_gp;DB
zxb!4mGibSx3_p$8@KXp*re~zpa9r1DGtQ!91_IA<J*H_5J|+sODY3bQM_J-l#yH|^
zSRG@GE{?VmDk(X^3~2ro_I--_{)Z2>bkO%H?ECx$j0XfGeFc)|W&}gX%fpJ@`XgI0
zE3Q~Ck`*@*`+pKfWCQ6O<mMIp1RCjUzJP5KQu#*Lrb8)Y(;_qJ;X@;<qptDsHC`Qx
zjNtBw`;ix^>62K^SLx1=RX^_4fdy%UuhP|lUc^<0?=;2AReMouLi|Fo(*=eV%1W)M
zOwZ2-FOc9-474DFd5jKg3%oQLMx%5Cd?g_@;%zuKu-E97KWx;iFJn<kJM?6iV>J#q
z0Z%2+eVUF+xXL0F!ksFq&%t3(U4VSnb2%(fwWk_R6!;0WyBcVBC!*b3T49<j5vD1^
zFX{Bvaq`7_cK1`w?|$YW{-%g?+8CIdMSt6N?Q|$in-=(055GT%5cOw0$V8g6Rf|nY
z&sI#q|3s+cPVN5Yg&m&e_jADovEn_N7r)9w#--+Laf!t?H$8i<DfBQeo6x-M2{?;R
z+Staim`<W~1#O{F9<Q-!R<j!4&LW*7p}Pf@iBJO(Kkk~(-}{wzI`#zpJ!)4xMeNCc
zM1I?WtVP0tHfX1bmmPDOU3T2FGs0$!n-gI!%A?;#z_+MAD)?_hTzuT%`at||_0#y@
z&&U4;Y%R`ms3{I>rF*EjWT2tqY~`d!>jNgY8IP_hSCj>F&xFJA2Tob=zyl~67Pq2N
zN*vH#H755dHi|D-jsR#RjS>l)9~LnHWHq^TTcM#lG{AH_%X?hZV|p7w5aRB85&N>Z
zak7GMFUbRzzju$eaG;@2fbg;}iDwx{Q1)I9P`;a!lQ-wnk<A>I^?bjUY~cMJzrr%@
zIo~%0Sz8_*8tatJjIf9A>WkfpO`&xz=MD2`@^Bp;{rX~EiT!0#wDzC(YRL)22R_C*
z{24wk<(~oNk8FG_t84|v2=I{fujXV)O;3=N^khjfC#nNR!O1%J?*fH?$4y+4e>BvU
zzo$0@WB9tU7LFe%E|ss5!>eRc7JfI)ErX=4$_2$0Q*&X3_t`u%>|s|`alJhkNJ-j2
zb$Bil;jY84B(x=y&~_RACJ{^@FK9AMbfeVmHizN36gZyv_;yZVJcX|aqJlBZ$u9_u
z!yctv7MaZ{QRZ{PsEtKaeU;Pm98cC3P$;`d`ze59MRC)b@;UMps|zro-5wh-+O}ov
z%-t+{A0|;ag@s(ciyT*^x08r+Akr9ikRe7%{(k5q|0upsnNoo2*z8Bn!_ie~SS^QF
zW1r=cQTD6?czr+hC*M)t0qR0TZy1K<FS$CPCC$9B7rsxtnn{~}^K9~{W?d(GkT-;c
zS(0_bq{;bfC1u@WgR6_A7G|sI3o$U3$)@&FlwJ#g1S;s`(6i1U`6mEyPB4E71O4Vi
zyz3a`?*+iGGDh|5Q(tMctM(Tf?TY=CMrG;?jcVa5cGdWTT`|6*6uv<BG1g7)?V*uM
z0NA=g{&ZYC%RqlGXs^nW-^{;_Xt6J=6D{UtqGkAU_>#F?Y(E@Q+Gj2k+uI?fy?HsY
z6V|ittr+{$mxl<a4k>aXxCg<hGz1_#*q@me1$!!KIPOCSbr^n|0sN>`y#mh-06T!g
zoE>sFx@9>HN94c};4xP*H5@9PYYph!$`HUpypI0<N4Gqy%OvafqTfT@@u-4+;u3rJ
z1W)0tHtrq$>h0YPIquE<DyDV^9A7)gU)UXk&{?#<Z$w@s(fvLZ0el~%+Pjm!H`E!w
z=CHe6U|B<L@HbZ@4zZ9AL2=2@1kX7$b2a5T*GBaI0TFySy)8)3hOLtBFV6C;xC3^m
zyeV)lDU_VQCDcBD3$3|>g(JU@0(K^38{ltR#a;u3+5|yI@NE$npr<os6Lc}LqwF`&
zl>F&wvUSU(Ne;sa*}8txlM!6%WK+}U0S>7)1#OGd)#ga_8AGBpjzsMk68#VOGf4@|
z+}jWi&lrR|h@ns#qL5Mz+kECBdNdq3l!Re8<L$W<>fo<A0sah6#;=*l#eh_p+CDP@
zt@M(~$U7Nrn=wY`dcv!0MkI2gMB-}MP$d~wGQ)#-&nUs9#YUl-vy}XL@7f~q<*Iy;
zt>6=>{6M^fnRl;Vb#N}3St8`1talYqT5axQEc#MH1=<HlsI*N6ZaDHDIU>);&PmZ%
zNtTRwR(>naMxzxxFN<1{yTmz<(Yx}bj!AmiYjQPG_yBN!i;b>ZRGW!nB(xCfn0y+1
z{9dD=ty&kW;{M)Kn;1MTaC?wb<Yj%kw)s1fpCc-%h`C1B?{zg_3a!$<UZYEx75YM(
zyEc{}`p}DB=q>GwYJFlECMsH&_4>qqi26^%AMIdVdN)iTLH7se$ex2nat5To!Z;aY
zlpHVpb<u9$AaFwm&GQV(+<PFov$lOA2=+;uun~Y%WYS6QQ5ZeyHK3j*Gbt*^kHEEk
z_feAL@B1K!<oKs%?xoYX({wzdlUympeXL2=b0+E;;=#*U-pCX^XY$mUFxB5aEh_&5
z`)xr}km4Nj)%jm!XMEWc{OEQ;SlOJviNmkmdi*-d@yphlT>lUZb#H<mx2~KLk?URE
z)KXJ;9e%q>DK&+9Ukt%sn`ac1b)J2RRM@?h)B)vNq&Dj$G^>w58`f`Z-1@yUAb$M@
zYi~_vJW&19uweE$sr{C9Oa{CcWx%^oYX2Z6V2z#}5&HO${uqMQE5+1u2~JkLWdKpe
zf?+ZJj&)&4w6Bp=E0bVZ71*+|_AdV~H9JdcB0fY{6Y*+;;!$zC$XnyQ2!l|E;&j9b
zKpp(3E~042QgsnJ?GUPfrQX3}*-1}d(uDFuc4x8c)(%4Gb-+G*5@FatqaOR(o+j+e
zVR=6r_1Jgf*KjyuzZ}DrprFGQ92)8wK}aJ!=|?d~eHR3VLbuo|8q(Y)af`UCBz_TZ
z)ONVpBIZwkMZ78=Y1ry?0)){%$71E^o_}Cikx1R<@3mP9Z-BZK608Ko+pFDexZoVh
zkiu)Fa;x1xAZ%9*)^pQ<u`{2Q6gXR^SOnLV%yCuWLoAR1Is4QWz%Pe#3T>#kaFukO
zkw9}<q8@BDrwD8*EbqfaJ=m6=BJD~jng}Q5*QqEk#PoM4-YVb6L=2QJHVIMbVkefq
z`yrApZb;Qh7q?eLr3;I;`PGPYF(Oqb4_r|ZFI}8-MWhS6zSyZ5@zTZCXfYcW8^Viy
z2gMZ4;qN<aSuyaoy~yh19_ks(KB{l>of%BRj47NV6>fNyi6!lxWnxM4vu(IPt`_(e
z*5g+@L#z0887EPr3BRVq;n(y1;_>TV?b%6ec$>!==+Gb>Dh?~?O*dci7uHDOjgr!U
z_BOCv@lbI;C{?41g4^A<hLYa7fRa~F5`JroZR1)*tSxV6_uBw9ldbEfy$Yxacq~S-
z?p*_6)}IAE){QzrST~#H<r(x?XFow$_k^JZ*3H9r2+ia__Wst64y0m`zXy10<@+e?
zA4y<9zPD9A<EjMWGcGjt(47V1L^=z|vlFt1`x=100|Yin<*TLg^=hwKYT-Pka2BwT
z!Jk@iAj)Af)Qvtf4GIY3e?NW6HYK&!3J`PP<S1MrDZSPOy`&rplQc{A0$o>eHs!n!
zQQ+fcb2+qY4YAudsr-AXe5<4~pH#rfcn;y>VK)tAz82VL6fH(k%r$1iXD6{ee9u9P
zYhx#JPos6b^eDw8y%NMFg{ehz3loaw_DT)z#+9j^aLG!jV_gA%%<E19_qqa=uj_*N
zbVvK^r7NO>bQb(E&pQPbXQAeFUg#+_JHaOk2?T&JoUS(!_1VrIjA+G0XStmLuu-sa
zM6GB7+c>X1LF`ce1b)&Rr1EW&fB5DU*5xTU=uV`tgDwF#fO4~>7~&ob<NaDw55(H_
z7kcP0dciTm==Ch`0sM$!^u%NMex_9088{p6Wf-xt6@ROegf8k_*;%r3!J%I3us&>Z
z86C=_%;k=3EisASFN_ov1lG9BDEW4YbAL3VI<SPELF75rX&I7QV!?PH_>{)_<0J_-
zFvcnqv{551q>p2l>?TL<Ny)cmdK&lmd)vKR!%-hM2kiK?`%(OFlKsY?&_@|`GRjv;
zKA^?9HFWFl$j-xfTUidnUepT|NKaOl!75UG_oDn=)%I*N9royCDbyA1(Rge`7{8~)
zWFj}*vZvZ8c~*ijdS7;t=pB;CCg@Nn6v+PcF1C7m7c|D|fOeG?Q@h}O(D(4&Gc`Le
z%p42Z)RfrOPa+u$)zHlv%A5tNd7k)QVA5+g)!xNug&|Q{aX<hDX^wcR5`9R|9MG>b
zceOrZ$!gL21o@^q=}?X~^Lgj+gB%p~03}<$bBF`>N(Rj#7VmZX_KV)}2`EGs9$-Ki
zo}J-@LwUytv~jG%u>mBiWF`HW(|2@wIw5P7LpkhFR%;)ZZG}CrIenEFpgc$Pjv=K$
zb#P?7zLIXe4^rFOqLbmUuX4s!!M{cP3iFJ=?qe5bFE*iwcu6SSN0%jc33BeXW>9#9
z99aL4AaG5KOdl`q_LL!3ouoKwEJP;Ge8v-@sjy%&3@pc{I=dq>sihXFTQOIQel>2_
z66rOd)p9wEorK*ra0py%60V13#VrKixPXeidVNm>W7=ai==)u|2PN0T=&lQ4j1i-^
zYayFO800thKw{)j(2S$R1iugB4j^0)4!CeJ5ZMgB2Shz$7~;aA)@WbdLvTX17{icW
z1gDO{J4snt&lAK2HfCf-)Mr~TCz4ADB`*9sTAD2*gRw`+C7XI*w%Kz&?7oJ3g8h~>
zKP(TnT!UI>3?=37aw-Q%Spz~@RGBc?nR|dmc`;N=>dlfmv{X`p+69x5T98zf&FX;c
zpo`(QgH&U8wa92)sjQrw2|c<x0r`}4$_D5i2NFc%n7Eu!56R#6(Cq64ZSx#*+SFq%
zd|wUU8NE~oWX0LDk~3bk4~lcFgM273PjW7qfgvFj|Fg++@(#lm$#ZhLcE}I-I5RvG
zS+n^VW!&i>Z?b)3qW#o88+}>lbNLiij{Jn}eAiZJ?u0|J@>hi>d1fOP61^-cQ*e;K
z`wc_X!W(4ua+^B9*r(Vy^;=184>{Ii<8;{C!9|kNUQ+L@lRSY2NSjd?`c(G!Hvyd%
zy(<NJ>Kf`5??3$<(&^molBb%&yuCD>kK!8HKY&%7#~1-Lp;jM*g=~i=M#eri<5XbP
zIyscH*!u?fr1y)>`d=b@j#Y%jm_2_ozWtP~yIp^f)xiz2nyi+>8B}k*(>Q$}d^Y!g
z3G#<JxDMTMLJ4SZd2{DJ@#XdRC2oFSB6_^7$Xy1}r*OF|53f?5z2?7Mn7FgF>4yPB
zgb^_gm(Y}MTqX@N3TkmFU8&@qq4Qa+*Pq>64$|43&hjp=*Pq=>4iY!o5KTmGl-?0G
zo}>VNvH8i$CI!P+&@@Gdb&Y#aiMT{E*zjU#1aK^+FiFzN+B}6X8r%=saE2`A1$H&^
zCqXFV6R^P^5|?b@Gq`gQniqDQT2BKUdKw465l##(gGSe}oMqg1x(B;6t<u5=C}UuK
zB!!JxIvKNn)X6IDk$6E#-10MHTdaoLjpMvlJO9N+d9{_Qan{IY(uJ~fWY9zdPx|gO
zjqgvt>Y;w$0fPFcEU)`%J=BY6_-$W4-2&>fPlO}>>W7uavHk8Rqb&b3Q(Hl)nH;5V
z)NUSqai&wroJDASfAiTemL4*KFR@9P*uYnv(obs6ewx&gUn%dNU-grEaz9OK)2}Ti
z^;umw9P=ln6J$_)jxLQj`w-hK55vqV`OMydnH}LX>!+1HN;4ys6wFDTVEUF!k4vVQ
z#gZET69(%!*Ra@}0c6LdHYX*;;@O+1+&9-0D(AC)!Wff7zgTiM4A}dFxMU5v%CRXw
zI+YVq*=9I^1D{VBQH2Z>Q-W}CX%8%`0b*4L^bq^9ffSGKZ_BFyzItBzhf@To87K8X
zEdGUnxRm8}IHd>T4Zjc&-#pa<h+~g8+mAZbm=dKob6TM{2`oShf-wKL(VJ_vV+Rq^
zdV(XxC{F$$y5nUe=iEt}#+xVfQ+#kAO>sBNd+&sPiv9M{6jz+oPZ5_<Q;zB0S0lZl
zo1PfGkz@4cp62u>!F@l`o3@g&7kg>D<6_k2I!0{<v9ay1i&C4v?IogeGs`$u7o|2Y
zu#C<pqtu3myYr}CUf0u``(pHFT#MCkKZE1EPJ8mxi_;rPHLhrl;QVzU?akLt&=7O#
z^e_+A63nNvynol}VUG8`kT~i@3z&C2iX@ZK8%G?y85g5B(_29)4@apSZN)>E5OS5w
z6&E2mQk3H4Gm5jdj?w?)`dM{kv-*nV9XPI^)!98Xt2gRe%<7IKEc$GV`}BDFLy@j^
z1Sr@F0fMO><5RV3+eft^K!)Z7Xt<65jnxq#Nx5&0DfCDy6e$1mcnT!PQ=okVTcbdZ
z2IP%eQXqu5o&+s8PLOLns)y>gy9ufjS>D29dZ@m)o1l94@fJ`G9@g*A-^}kM{tkX;
z@GlqTceW0U@jJ_o(FCrJo7}#iX>xC|yc>?{Cs*||O>WjP{p9dHjAlOkf8uu%Tkt!7
z-*zzy^cn5qjwx(_4<CtApd1=q$74q+W9*SA1rk}twxdxBL}M-s{_p%wVuasW|MCCK
z?-VfdQ^v;kQAiK<u|E;i3t3*_5k1sPe<G-79c=;iSG3>7?<DH^o#OldPyEhGHmN@z
zp@IK!SU;&(chRJtWqFT<^pkpi7ftH^BP}KsIQ0AZokTsqGv>bk2mH>;e_WE^@wQ5B
zcAsvY+BD;L9u6^r64V26=uQG+f0lRcVLcH4u#<q;HPix#QxE=Le#iJb_?_i@F2V0S
zG*HLyD2HhpA8Yz4KDC3UIF99gq3NeMYzIy8&cpgCqE9aEPX~TKzhi91@7%xTV$^0B
zqc*#OG`3$4MXAlQABm`}U>Qw^qSWRuEaRhKl-kg65AXjy{Ejig@AUcTf9H3$%d|Ih
z*$@j3>0y3;JHfmy%Ugd)5A!|S3FarX7BIhl|L@^<jCy`&OWFUC-+72poJTcA{}1YC
zbv>Jv%<@hj)X%C7o7GJ%XEo%P|KIo>qn_V6bkF|_e#iFFCHb8Wtx}+|r+yp1bIl=w
zocVwrsvEZvRFhcV+XwVe{bCzIHF&TERL}0c2*2}ul>W?Xh5jUqzJ(luH~%*JldUaC
zF`&78bPEI8kTE^q!(rG5^t%kFC>^9}<nGr`@yHJ}#qKOGZ@+$un|`1vTH>Zi;Xp3m
z8##Z`Zr>hZcW9PQ_AsfUp>onlm~do@Kz)>C_oMXI$V}W0+280!4)p@el0?~TS5}k-
z>u?*R9eBrA4$$z%|3X98Ze@e6V5!glq962?Y|xJ!Xff!AKqgqEr$6_{=+F2TtKpuE
zE0L`||KY{y4_(ByMu28B0;KJy0e-bl5Ao-=(%`>ic?07H|G-un{HOa{4F3H+NPvoj
zX0|=<XLb8>cI#NBa;)k_OJ&yN;g_5d6u}$CS#-hIVs4ZgOlG90Gn>Qqz54mRzJ=y@
z;TOt#VxN9~)3?z4_Wsgheyet~`9=N1>F5u>G>uL&+0c^sz$DWQ_;3VK5vMvxdt}%p
zd7yid1U;l9LC-3?qa=ucV8qsd7kZjQ;9eai`s)2SO0=6*z&os%pSs|?ax;3g1L@IE
zb<OD!tE`kERf+)K6tn(MTD^||Ik8p`<ldVJ$RDx1q`i6|civ1u_U~%}<OhFlLGOP%
zeM<Tr^yvYk0iP1-clk*jeVPFvIvJ%;2lmorls)>1IyTWn*Rs4td-M~{+e8!n$6ozJ
zDH`=NKmC8~eF=CI)%N(LN!t_(lS+}Is6~nvsYsEfks=LEVTLB93IcApRC)4zDnbH0
z1X@h19fu-5_kCB~#RU}=8w!+7R%KNvh%h0t2wF-D&HtQpCzF}9EGoRe@B4m!k|uNS
z+<Wf1=bn4+xo6S%6Ztgh2ALmWPuE7Vr&w<h^QROrKkf1pGpF$ybLzujTeFohr)O3X
z#2wkwty>NBzltD^Z3^+iE#dWjYWyiS%%2)wI{s=V3xnqPQyk+@57rQj?Y8PMzIi3V
ze<v$@+W`Okl?4BgnkMjDw){E%6szM;2XXycmA8hRa70iA=XAk|_>;<izt~1&=<}m~
zeD&Yb_?~BF%YM|4Z|k=-zUkYVj4y5T@%hssJ%5U6hCjg|VWZ}V6mg`3l|=<7l#qx$
z-K1kr6Lst<?3?EVIq9BexKsO=jNFOpM=__)%`&GU`=Xf>y~}u080mW6^v|t?#PwVB
z2!476A-I5*jrl>3;HfJJ!9BJ%L2%VZiodPrN7FQZRM8CO#4|@cqMTFXN1c_KD>-x&
z<{z)r9ohJ~+L5g_prvGTA*+D75PzgG)Na;~?~CO$zDca?*k=9so?lMmyWvOu_~LPV
zKW$*+gY#OsD=l7kUMq;4*KUYDuf=<Bjp&Esv4{L6O-^hS1ef67C(xno=N|~P{+qQ!
zTP(rVb_FXCH*1HsUzSn9$3JL?HiEX-2KBsis^_)%@OiE43&&r*{9H>+bL?m$fgRhM
zL07&>kL~<rgza-!*|`R6Uq-;UYTVKU+urq&^O_UW3u=S7J2HskW=N`3JFi`sfBb>u
zlxM_5pVxBux!*>Z5FXe##)a<LLZHvts2`SRDGh5VD|2qr4{PL78djgC!+PQSQ0V06
zwJk<{k<!d@4Mw_G(-&n8Zo-Vrr+Qo~zrou4Y3<Qx85e?{tHLKX{c-JMp}FJQx54I*
zYvmnc^ry9q&4jj58}umcxP(w@V`aZ?(4#bV38D12O-)dm{~e+<+CQ~WO|~OrHnTVk
z)lzmp%QG_2lno4NCX49-zYAhiry^hWLkX~%QNeHMuJ0(B23)C&C=YBlP?j?dBW1-q
z`VO>&gQ*-=ZhV%-EXbjkCru>76!Mq;cnbx!6r{yLFWNJtW3VrIf<=^v7or*P$3rY?
zc>rB?&<on?Z4aH3FA_#nu>rKh(c8#-b?_R3s;tt}okc^^m-Y<yiFCVS6VgU^^mZ`q
zOW=Yx!i%a4lkOc)tgk)+a|Rw1y4uJuc!4esQdXq7Z-1obD3VYd#_I{f045Y-^W)BA
zv4C|uOys@JKX6>&Jc>%vw$DbI;9I^|Syrub@nR}CpB3EseK!g|lf<4{Y2DR+fo`D6
zjcY^3eAbb8)a&$1XaY^+N`7uW+klG6gJNiS2?1-KmB2^>m(Ylk`&dl0+~e;*xiHJW
zaoFln5iOLqDfd3j=DIJwJ!vc(EczoZ*+h1k!MoLEl?%t~p@q883~UegyDc0A$w`5Z
zBeRTP;xrZphY~<A$(L!994@>(*gMjnvVr{f5ob640&_eJ)0Am*tiGa7G5Vc1GsWE_
zt?k)@MpWG$G{quKu}dCb=rRZ(Ra$-hi29SCa@(8N(>#`}Q&;y^W#B@Z%0aB)p>^si
z-l|;63c9TiKVj26VRcykKmK}-jnS>=q?qHZ=hiXmdgjX>L2~&6Yx*u0*iDh1Wb=G4
zz04eKBb2>m1II$yVVD$X6N8NKr5GmVfX`u#5u|*pn(IyQWySFK_cw+4Kmh$Zn_~sD
z^DSHeUtvrjwOJ;>mtih}0Dgpd!Pus}z!TK5pvv!Q@z%zfJpBZDAf<8YdBB&0Q07LU
zyb_>%npB3{=Aj9hQhs|2E`Ta`3TSQ)7E{D?b8zCH;3XX+;7ljh#LXs7Qgbwz49yh=
zTSqD!Ai9Rr$T$UHVU#iD>x5`71N3A1jtHyu8jYoV=O@Ba)=@#q8pcxQv!`p<=~zmO
zm3sYlRQxm@OSzk|5K~D#(A#8oO32kqA3$wWkfAKFdT%F&(vdL~z3Hccp?D{S4dGWH
zKk4{5qcbP*liPLv%{Xt;0)d|&Bgm664f^c?Jc~7DFUnmYve5n!dHbA=VKid|&ZB`x
ziB5A10}mOhy}FJeTkFJg5r&QE2w31pRH9|QAnj7zz+ccaPmu9YJ}k`|ETB-Jp#{Pk
zB{)Ek<1^O=`-*bUG@-24d%-tEKc8QU;ffa<JgMSD3F^S8-`S1sFxVO%I~8N-gtpz+
z(){&WrLmHRZ)ghJv4Z}qG*+^M6*R6fvXZVVn#u>)XbH~Np--ATITd|~k*O?-qo{b=
zzOgcnQ(b0Mo^n6T@+zuSi#taV4&jbR)ex90Hl~>`eVbE5U?Q?{I{ETV7%5IpOLNQr
zN>hx%eeNX-@gZuow$vD1w6=@P$RdUShgd0(w@}~<bf4BG5)dT}Zn2uIW;ZF{4q_qu
zFl336TAS1)&_7=`J(eQ#*!1apaxp$pJ3-E;2vVXv0(On@6k8EC8hA{Bq1s?zD1BMG
z;5kr6p`dh+Sy;vP6jm{lVk)jw<3rV29x{0^C+fb{h=KPE7}&w-Fz~f0jKS^1E=Po4
zTgI2Z6T@CZ?mm$sB(Z%oP{eQui*JApGaGjmVEqNmWBiQG4?-?aTYBkP=I|m=I>v^3
zB2m!*;L;d9fTQ$NH0>1o^4_dXe}F9TSpYn~bRBWs1vgV{En3ZhZ}}?V8iQF&OIb@p
zG8~enbzrVZ_ikhO-DBEfR<0$FifL9BfA%}<3WJ<(F;f7rJG+HK^D*co<Ly)8(5-9{
zF7YIF^mSbH=>KgP{XHh#=)2MANlf8OcM>#}HwS)VGswd8AtCf2LRjB4*bHAf2bxm@
z&bTNpQbKZh;5pN&pyG1Vsdl5qw9&eVaK0niB(4SGV@{>dyBM9(zNdx`)x`~!6Q^rY
z-fWapYF&-XbP&6=JQV5jfow!5FhF^@qWQV1%Q4VC_N?#(dpb~{jq|nn{wzG-b59w=
zCmMQVU-Vq{vxr4jnttilqoL4A(GY3k%f2`iHNV64CN;j%F5{3cO0=8?Xbbxyji)1+
z+ESWyp`KJdy~1Sb9i~N|yyXv!X73fMD80`m?J$nv;O7b2w6ORm)>9nPOVL9L&cyuJ
zy-wsF%s)J`p5>H|S3Yk@;sPT6WN8ipPm_c3Zus7xLV0$EDf<T3wBo+V#sxBt(oPt&
zoVLg#)!G*M&F54QSVjfrC0MXkd5b+=w~T(WUGsO8%frcBHpa0ys$(~|*U94>m|KEx
zvc=?W0sOyv?Eq7Z7dD7NHkWiHnhg%jkb9cTYCSzg`ATJCeI4w&`4q-454RQ<z14M6
zj_BWSc8sYGzf)~NMFwX)c&OnYv{Q%lA!37NSuR`Z{e+(@g!gMX@gd)l7M=p%kp%B^
zqO=fq#d$JwJRgOQ=hvdZbwA8CYgXBtg@>P1a(23doKbcwUwlgPzVdQw!0phmhYE$E
zoS(&ML8R>z^CLb~Xbp4=u_)3dQ_^6s0}34&q0p(KT)={KWq@D{6uLMoXeYyy!9bz+
z0)-YBD6}9$va}2ig1SI?wMco3iSot)<t?6s5iz@7NpW@#Gs>%#6X(olo&D;u%_qv+
zC73oM<@GFAhZ&c}JO^jC1aYyXQFq^M@ZU=(UC>b`Ac2U664Dk-U@EP`lNJ+^eu`)3
zFr$owPk}&CMjDQXDCa{A>r)Wx6G=8wV%75)U%r!T5=ZuEIEF19g7~sK==X58>wG{P
zG^VUKEyt4+2tedh{HwC!N(&3&hDYsmU4)R_9}`$_bY|qG+h|W4o=(9mrS(GBdvlnu
z!qDzY%a9XWI{FrXj9`yZ6P#>SFs7Rd^RA{aABuu`52u6q4O6(oX5|Dpdde0vojgmg
ziPbusK|$p1Q#bSeaq4D1Fpf6!7cMev<{va#Bb&Jj=ANct&b1i9+@}X~j70?#*jz5L
zxjdj>5IqZ;WuSm3pwGY&PJ4?l{Up3eeaxN`k3<H03T$7cRAl?R)!+@+_QC+Vb+GxF
z>8R~J%TXI|@+LZXTRcV?e96rA?{VZfdQwn7H|szhZ&pDaXFeUEzTZ>7pAx0bCM{lp
zDp(JrbMk~36p{M`uOLu?|FvbJwZ61{umc7wXTr6v0LAM>?@)rVsd$ac((JjSbSYo{
zFirfhG@ZPBW0*csV19yW4w%54%#@=A=F+8;E{b}K%_6<!?G}C`c<;$k9h?%@Ok`91
zq$^KhcIN5y8I$R)DPb)G4f&+fmSEZ(mbSvPl5#o6LMKeY5LAsy-A3BUnaJ`n3a}Ur
z4!P7cGw{PJ2upvl&)0fjBU93{XpK>ZH*YKGJWL9~a}W`zLc?gk6mr)Zo^Mi}M1|H(
zd^iupogC5hqXU?)e}C-P7)x~BA{vx(k$yy|@+zpXU=&5pZBj&7{3;aa?}&S~3PQUu
z`9=5NHB*EUJ2c9YE#=5<a|F{SX|aD_tlV=>=2HIE#r%K#g47|6(C3f>O8>QS%puxv
z;LJAB4z6RyReyb@IWtKXWNP+w1B3JQjW9Rw1dXwkaHql^B0cQr&O|{wu-ksnGV&Y)
z=ZOzoMEiVW)K0VMtptsOs)FJvj`#lP@dhyX63B|jE<stbT|`zqJ1h!1j)g)-x$%)k
zCO5WIN`3|Icz<I=ZrpXuC^ybK5|$g=b^zJNe}n|VWtAiz`oGqcX%D_n1#?)z@~@dP
z?Oyiu*-D)<?Q0lIkW(ec6y=4ZNhCS;UfrJ4#|IcTw5dL~k_+o|zu_NP!5v4RyA&_O
zq($tC#))fo&vcB7py~`!oO3CI?mzC;-|vEdmqjqGr~G2yC2+wUy#^L<x%Mb^y~9^A
z!Sj?Y_Zy-rxYnqV6f&`eX%@Qk&|Ph{ec~HJlJ6@Gd*XY9r>U%<y^6id+0%b~qr+bD
z7ftMYG;z$0e$&TL6mw%R0mRss#(Tmg&0Mkr#+Iq~go7zR4Mhg~tmKI5Pw$fI5oK;A
zdHQit)*$$I1Ijia)W_BV%Ipp~FX{?dJ0*S9%fcydPLJShorW`)oavGd=+lzM-Z!6c
zGW<*ZJz)EHDR})&tSs<lH%=|!Si!*g;U^4hm>qa@v-&+%c6G~%X)gOJzO1LofG`JB
z;tmd9*yl15%T;fMCW+EvH<B8~tMU~`k=Zz<rdWrwm4a`Vin9Y4_XNX|V4ysHzNIxV
z-qxs5y&E;EV~iTrhV`UT9UalAUO^OTz^`(9PYV}3M=2<24zYr4ifB)DdOe+Hb{Esk
zZlgpF5zXxRDa~qTy|ieP)+SKkir_1N^k2SW_U~ViNkZ8E{cW0%)vT=lJZ+|ivx3jQ
zGS1YCbB|Bo7}HfHa0&;41pcmx1y4tgfN6GM4bb%IuJOuY!jNmCMDsK;jWCg~ovLbO
zw}iE_Yr|UEFG<Ka8!r|xE-#!{4>JJIe?5WI7KT!D$;sCQy6a=YBiI-CGEDwl>rAu3
z*B9uz1mlCkKJhGVJ>fMY%B`C!aa)IHy6fdS4eqF#rW#yt5zKOGWR@fFcE6-~>agRs
zqkkt5hwW03s*G0?7|5QtSkja`-+&eVJnT7A+KKfO6GCDAL`o3$nSX@n_I~p`qJ`4W
z^tbneW)nHgXJzd^*XX1hD|mgLkxnLlLNT?KdtUx7q-AsI@djN<DSMW-=QPzszgo7z
zd=C%x_l3>e-we?1Z-AN#wEN*GS}IU)a7IV&d8PYQLV7(+NY8}{=|LkQSv5lX{*?qy
zyCTJN>0_@GX;@93;S6#!kXmrCc7=njU{u=b1&k&Z08O0D&t0S1EN)V&GI3Mdg=i7B
zB2@sp&=EzJ{^BHZnR{M3JLtzwj#sxMeL~LAj~J`E--{QXFi_p=M2<?2KoS>x8n&#2
zFK8NH{#3h@`NtcymmT<=nd{Bf6ix-KV8iFeJDDdxV)Og(i{C}GOjp0g=C{QXHowwt
z<)+`*>>jReujN;utA2_XEiJ;bhO;o9ShciIHQIT0e_bdlU!I-{p5el_ewDoMt!8#i
zHN66E0KHGmEUk~SVK%xghV$kbP5Nq;rAO*Q6m#NmSZ_5d&^aAvbA$38mgQK&ufke5
zXAvPW_Y?h=8236YuEvGT=KK@=;@a~Xna1o`s5gxv?%sV)C=|6HuFwKWyW}x8gy74h
zBO%eg$U7V*d<*cUL{gu2M1!@&h+_1yXQFS7FgB|Q;~Z~63j-LPNY}DDjcLur7FZqq
zfdFcVBtWd*uC(L~@qUc)<QZt;h<l^vbc02@6R3IK0UXcHB#OBA32+NF;@)m$MR#4q
zy_*D#d$$nk?8Z9bxOcO=<3=`74W+kRDes)XvA}$5_0^_#HwNarMXTlq8D#!Iwc2&v
zSxTJyZ9sThYM7AHqjNYw-=;5ht#<8hjN{j`GYhfzY8UqR*)9oOGybQfA&hvHwtd=Y
zHAr@bs?p%TFS2k({T;25sGH4IbQ5U;s>j%7==7uo0%TPGBki8GxTfMK90_3t75x4z
zudXj8GgwE7Zr#$q06rv=^Huo5L~_qlVO=dr!%ZjzZNxU}(jI)%*@8DsX`-4f(Q{rn
zry0D1;&!C!ZO39bXbUm8=|7ZZEw}|xZLXpf(RPl;a<;roEN9OGD!5<{({V3iPrqBh
zblkK&lHNyu&1in|PHQ7S$qyR%$*KC=TEqUf&))Ng{cV*rvOE0vV;X|}Lp>)r`Vw)1
zCt2Bw5A~d&<|X0;_kG-i6I}G3=5HGbE990I;)+9SKM=e``3~X-@3eyP13wt!kYSqH
zAv%j>3}#Q(@%Y1$GBn?Z8^aWkr$1V4mIB5Kfnyh0DA^dUnvdutggjz5CA16kd#6+-
zeM{@%V#R&@?oY+(cP1{CX6-MV(R9~vq@Ol{xUi3wjH>0<t(jlwG+HHMq_e}y>Tzt@
z;P=}S85wO=>UXncb1lPVkBEIsN$Lp)qn#?7oKU4rni=L-w1k|PnKC<`)=-D=8p7%z
z2x?V3*5eYYMqc&A!)yut0C>M;4w2H@_p}4+Q!mhB5m><;@3RBz{p@LvIqbknbhYyB
zXnR(Tyy$?xj%e#>c&{1KlI=C;I^+V2CZt3*j0;Gd%1%SS)eqGj<5y+VktX*O!-h)B
zi6U~9z89R_S$c%d`1PJ>XX$@v#;>r3$HhbfE<Q5$NQf+7cT4-6(m`^VKB8f>P3Pw9
zU;BAZ9w4SE{WZt0pJV(Qi0_@|`Ssfoem!DrgkJ{}!u)#r&y4WS(HL}i`OyGAqTqR_
z#C&%j)|l@N6%pp!=K~^;r{2++@2KaPAtx*7_AX<-0svw_oxgi({XoZjADbQV#~8|P
z5?ylfNaeZ7CQh_hdwQd&j)HhALC()A`2t<LInPyYdBR8>rFTPJ2+vWnXrn7F7WFl>
z9Sxf(U_Xo08m>N&RcBR0R{=5R7G58=eTl*RzGr8*^qy7n1tkymKCR{f_Rb<>m4`&R
zz)IK2c+Wd7i?n&D!>bKnxg~#OIgFQX#o6YGt@yc>AiO;KdN)q)`9Q~mAgL#zbwt@1
z41?Y`Wb|)u5?^<|DwC3n6YpEjHPunH;LBFytCaTb)MV6An7U9}uUtBwjKL5^ebr#L
zWlOylK^`(PN^BLSRSLhpF2uxEX@LuA9~bErUz$0Vt55xn3Px!?`*A5LA7eYeM+7kK
zE&bNzc!svF1Xfn|mVWE%{0wbfd*9V>T@)Vo&NrI1?{2za@?ywTi_Af<Cacd{6g!0K
z#ca(y0cb0XK}`Yb4Z|YK(Q_!L56$y%qt(k{PH*+{3a7Jrc^7{m;-Gw_D&~Z5g_r5?
zrYq)|Ptg!b;xq%Er)okWW{UF;7j24THtB(SUk}vh9QP*;6q?vv&>o01yNU~E#8R$4
z8VaF!j8T(WdM*@i|5XzQ__L%@;M<cLTHrnQX#p@YfqmPDlQJQY?=?h#^j?YpF5kug
zBm<>PQm5-oM}4~*1-W;i2R*0n!DYaz#=cE7I{yugvz0zcJZuCjSn>wrY<IJ#j<*?S
zBZ8gxYBTnvg_MNXk&20U?Faa>*GL(0uPLXb5y<r;GMib)&%H`-pbqr<DHOm^tlm3H
z{*Cm2B9S~I731X6Evv6S#FrkRd7qdfN=sZ_bFx^Xfy!_Kl?PN~fCGFf23~j2m6af^
zl>Cl$HG=djS|=&7&IHT-l&w(}+3!WaB<)P6k#jeYOz{vYUzIL0TKxq>)F3#YYxIk;
zC0}ocoup9UMoOk_^Gw5Ane^bl0cKCmDZuMFm*vY-VXch7+R<`9P5v_F%67OK3doRT
zATG#cW{u%V6l7jRR&PbSbtxs-A#>^R$<jy?nk7kfa1KoF_}Mt+u^+vLb9@*Ty^>$?
zKF-Ji%7CSP@tR5}D_u}_Ei3CgJN%H*#Vapkykw1k!5Zj~M%c4W-bpTbfEBp8$y*Ft
zfah8_aOaCD3FflQrAmv25KAy;FnUQIZQ?T51}}x)$Bc!29z(2GlQ;l!>;_<|FilGF
z7AvQvRRzIX-#`)F1+kQKYWJS$B0O-z19G7N+y}okC{JpPd(+<L_ojpD-o%&9WZzP~
z11Wb{juTj!gLs+SzQmJ>>FPvjt*dKc7N$0Jgbl^z#OW^kQcn_1|GG+%7QLgRrJVM<
z^yBY!iE)@z!(MGcZ)r|RZHq*R;oa5X?$<`|c7hsfcG<{4(Off^$-D+1e}fiz<tzH#
z%l9aY3B<~(U(xSg|9F(e1bU;%?)Bb_(f%qV>>W~GqqxM(1gbl3$DQyZ_I!9fvlep+
zCU1#jc@K#DTyz`e13sXsiNZ8m>0KJ!)4V^7ZrU*0sP5WhPBU6Bn6|l`J}HFT5PN*_
zPj!aa<CiI~-NE?3tCfihc5cRtS0l9RfM+Pzj5*%Lh0!6k%j<;RyqEQ;xBiEPd|_o9
zU)H1kmq%F0m)Dx0zQ+rO^>$kEF?UBaK0Y~%;Un>+_^9s$_$WK;)bNq<8nb_YNso`Z
zS<F$6l`VNmkB=W_F-N&qo8aTZ=QVt=^BEK!LbQbUq#n!$WH{51_hY{%=ys$J0W0Lb
z5?(|opLZ9fZ($c}>2=bMa9DX}JK_e<BR$lc^rw;-ZVt2r+@uq3)NIcHT;%lk>&Ip;
zoc|>WH}z`trja?|kgYS<;{N^k0{faN3BgWsVaUE_Y6qccO~^mn<dB9~g^FRT<3--N
z!6jelF5BtNgvE3Pu6>_Bezpk;R#AGG@k}rnpnSR^PLmoIE4ydn-c_T&Q#q`hwH(K>
zUzFWk_|Q-tZoxA@EG>Kroc@JZXd-64KsyBPio+kKEuf4QT=b%LwC=|W{`E@u37eY-
zo{jc*($j0I$r!&Uqxq~GnI=8Kx(oyxTVo{HZi?B)Cgu7TFezz9c4%C`pO`u2d!AF%
zuqfAgOdMH?*!`aNnkl6Iji;*UR-|@;$=e3@Iqzn%h@6ckT?}&@>>(753px5uNGx6;
zgg{tcV0FMYXg@Huy->77s7PEEOb{y)7iZQ|#P9?`N<3I0z$C*F>?w@;Bg%2JO&)V7
zCls|-E`6D>o$$PVt*oe^wUWfjo_k)uRz9qtwetH*P1Z{7(<hn_<{TB7kJp=LAa8TW
zpAYZW==m7mn$5>@>q+LL9+ruc$7)9j1sBZVD6Gp%G+6FAJtC@Ru&^#KQrV-==@Ief
z3>Mbq#U_Z@`&88arO!`7I<pWz_iDy5-X)95Y1)D8(-^$5T>)H1Rh%tmS!W)Az5guV
z5jaHP8@@Ua6kf%uWjj4*<HCEo8gOH;;mdZ084~iDevXo9F)h7!VU0dN)`h45Fn0r`
zt3>-@zO+BPyyMGa=#<3FoC1l=n*+IyL%!RR$IqRH%4lWIDAMl$O{0FNo<&%QWH-66
zm4(yV_T(ZAr(inO)GW`JT@I4_P3pbksWj2l`pZ&I-gPAl4x{u`TvAVJ20W=`Jl+kh
zoI5Tdp1M&#f~r3X<M-T|fwBBCJ&fB7SpFdv6ScMd?0J<T?ouuZS#|mOu6q&-D1+NI
zEifA0;kB5-?RBcZP1!4Pbc=G0EkT#LS>J(d)u+0iYQ_3h0dEM;iFh^D@_AYi_dm_F
zoX<(bpn3N6>!&o%?PCSC&#`*np^y(9|G-lM*AuLdlF6vV<IKjzkzl69fw2v=^}$Tm
zE%$5d<5+lo{03jj_D&)j#rhkLgff@n_48wXdw?$snAqA$BLDM+>e^|~ykiSY$br<g
za|70B*hFim0M|~wZtZkqy9ZzPE2pytZs2rlXMzP_EZO%g7d?q@CK#8BpJ<3Rfi!fg
zws3Ih1u}eH-N#Nh8JhlcqNVc3U_AE>!Fb~%$6qSjO>pEx4^hl!DeZ&W+n(vhDOUva
z>*bQiwDmF;*UP-$XuSlUQP;}@92Z2gANY*6;J#?kHxPJKYhXM!@Nd>YPql$553mKd
zGx2x}?(MJi3oh|1w%{()7995sEv=*{*h1?10Ie(asq1lV!JWklcB>1s=s#@1-I>Vl
zO^XsS=OQ<h`JV{#b=_-oO)=gsq-pC~n8Q4e!zaU@ab>lh1VQe9eV`t;m(0rRt5A8=
zx-1lu{F#-dO9ei!>iR0o|J&T_mbfZi{!gaQ!TX|;$uX3~a=Cf~^uqc&6nrm<-0@7g
zp55`tqLuB}Ajw8{?9g`gx?{@IH2k6JV9zcy$RF2)FQ|@Dhu6FC%4rqI5!mM?tj~e?
zeN<%~8CLZEwhp$o99^b2Dc2e{6gsHH$Ej{w#_N}yBvbe@Zs$`3Pt{Wlo(D>sfoDS)
zo|_1sl>|>ndFFe9XE1(W`3-~TjTI+=r(PLxogPU{v8REBI3k!vGMFwSm>QLXKK=Pl
zHy>9-=A$)(B|S19iLv3XY)#}RZ8nZQNj)ukl8wIH7m2s5i$?(CE%`U}Cy>Ee1I_<;
z)L(Bc!JYE1PaiDc?rXzho3gHfi*{sJd!NaAAEfr)0(w_P?-xs1M1tL~Y4$KDhNpEC
zcsdy1**a2#=hfrF6VKrJOkJ>(@7LhrRd_}i;Tg)5^E4Tks8>{_>j;u_BZ}KwS>Np5
z;M3M7)l}rAC#W~^38rC9yx(|V;ww%MdCo#rI-U;t2y$^@K==w*bQRGjmA8(RP5GG0
zMn}(|Q~rljkOx@{<esSo_MR7c5)G#b>5x+{76jFc)|-qv#dF1qiScOVsl2(&$_0}n
zmek&#k=WPl<GI0-r4u7zpliKoUfSw>4)41RX?;{v95_nbP^&f@L)V497Tf&+O?k#6
zc+=6$cG6mA+sU_i@;y#b9s<Kn>oUZi*3DzfH)nL4o$4JUNJ?N8+vSC@*RVGQ1|>+A
zG|vS>#aK4xkC$38XQwu1EcR~4#l2}S&*e*&ZmQ#_oSddSk$66bUE+NV>&Ww@Tb^Kb
z;OTq3fcBl!>rj&LjxgS9CQNOIIon2)QxlR_HgxNfx(B;r$m4Cwv7r<r!Lu1_4V|B&
z);b$%F|Q|=G!_<ip5`(bb~u3Jx?Aq8@A=1IDYJcV5AcVRk}muPn^fZ95o=GV&aqL+
z+l>G5a|fByQY)2MHQyadJpu|)a2WLDkx1ZzqoRl|GVS17Ix2H9vo%a1{IrP}E<;-5
z?rIhN0dw9MKhB}MsB(ZWy9DHlACHAX)QBJtR^<wE42;MX<gW&D1$qA2$@6bjM6SSm
z<jv4QoTP~ruy7AlMb;B3X3sN>;#P{Uu8pGSP|Ej?Sy$I9ca`9x-6~Z=L)T+Ve|(7b
zN6*L*JCz%UsPdz*crc)QZ4QVB=QX>(`?BLOWLy<yV{VvYxNoE^EDrMc$;(_CIPbTp
z^DvcT$xjC;J{+Y?h}7SED7t=(TK{9UzS&U!>n8QhYJHzt-(sj=(WJgbtv^()A7`k4
zW0U%EYW+@X{a8c&OPkb>RqG$x&+5k;>K{88T|Zu}U!~Shpx>4FXf;$;e=iNZ%F2NX
zM^-g&A4n`Rl`q}E;n8U!Q(!U$gr;0be!{*?Jv{wL_hWFN`Hs^m7qUN74@j4W!+`<U
zEkdt0m-MU9RmftuLr8Agi3aG-(}Eq5QO9-y@%@Fe=p%+^lY6{VlxB>3>rpdoe7(k$
z)0L8C-9;ScrMG^O%&|~B?<E3b3My+UIsNS>%vjzln^k`G;cjYWpIZ4ttUMnpSF}x-
z)s35fB`Z*#i^mt+_MC-pOi8oO&msLIdwP@h6s;GPvGf#eb89&&ziL)D=9juyDc!F>
zG<@=)3IO)~DfT@;1@tS<cuvrU>%%-a)cDg}0@uX82hY#p3Ey*S6TUAz;XmsqJpWU5
z!h7o`{I*k`@T?P0_<O$NpDCNuIrVd$Q0Mf1J<-7J574x7Yc9g0m_`9rh}gg`hS;Kz
z6{}vss=i!7r#5Z=7t{RjV)H*!KmW08{%2zS-E8*D*|S^JXEgVoSa!@h+KAn>9Whgz
z`G@xEXMSFpc3fPJeGXQ^Ti9ql&iSyumL23?ff}P{Mazp9s`BEnr6e!5(d0!YC%TV>
zkCDL&k`p`5U~=Nli3WS3Chb|8Z|_Gpr^=nrvi8=<ti8w7_9#vkX}d8{k4Z}qUcES{
z@m|FIJJWFjTHSW5gA1NNdX`fj2@`#mOS%s2`cRZ(uXd*k|B)$p)pu@5LyY%q5ROtD
z71uu`N(W0C<Z+9K$jO_6mGFy<a~xmN?%ZJV&WWmM!HO<<q}4%2EA1U*iaW|JkB9ww
zaaQooyv!|ue*>KY&E6T4Q?lsrmq@fZCCAJYtvUSMA02Xsr?9rWXoAHpU!U%l@3XnP
z-jpNygRom~!R(~&qAj9-SB%R%(U#k(!wW$d)K5o|3zI3r4h=tHn_oQXL|wS#Vrce!
zwN)kqY=PEZbn>5#wZWi9o&_J1+6exix;y;4Q^bUA4*yR!cS3_Z;ZOkYey?xFUQR&&
zW7M=DQWw&E3?B;9kXF)-6Td*%@&Dj;;red*x>UD(b-KIgdKm0DfM_@jwBGFIKUm`~
zIw<;of>GXtqx@Jp$Kl@*<1~-Ra7tHOoN}QJ{=zISNF>K7>~IL>)V0BKzAna5($LyF
zmj7(zS<`>wU>BX<z`@?@9R*KpE_p(h|0j#XmwkQ<ud8~1l|Zk?y`O{O7ea+mS<ss$
zx7yMMALds(+ptQJ?!1o&Fs59TeI*HOT^wZnI6#Ea3BIZ<M@iM;uW<?hD9gA(L3iZ5
z10`REOL*U2Kr2AMB^M?rP}7Ku={gX-ws>xWW^Oh#Gv3N7X249|WOH?GgLm|KW7e{n
zT$|e|<5B4nr#vFnffgO@U^Hf@xzHN;rcrPIl9#zQ@E+?2WV)(JMo6Czz6z6kV^y^N
zRCQQLammxNT=M7~w|zHXI+a-1I<yq5xYPyn9c&By1I}=g8CtfAzG@rP^IYqY;lxsx
zIB}m?<SgS{CM8rOR8t(0;0AO9Kt5cCIW;76aIr%k=nT$>Pa*huPRY+Tqp@aA`JFM<
zxfV7bRo38ZP@WTfD!hH&7<TsT^;L;(-@B?6@V}hxq%KP-zL?nUk7H^=!E|`=AAQZD
zR+NK*YIc*DVl8)act4bmSk-UE+BYwJi_Wh-{g*mg5b>^}Nfvimh%X=63UBF-37^-5
z=)Yq0J0F>chqWnbu#wIN;Z5}Kj>Xezry3q_K+)IEH_5{BGatpmFWHMBvs<cho9Z(6
zf@tQJb_6K3EcP$T&TeWjLU)!L<Il85ALh>~XHOSR``q>geChkNbN7&)X^9SLfYnhw
z0QQKI{-YhzIGdw<@>!$d3DCcz{JOSz(&QAkwBB7YJXH+&Sw?WdBKQ`K6zxm-if1uS
zmpnELQ>1spE&L);_H?80DF6vZM;O+Pg+;7~J_Gd;cs<=Pa0*}gCC%pIo1?0ufn@+c
z*m=&~Wk&>kB97s3OB}=ZqW@T|=sRX|u_VZYE0WV)(k7RE^F*@%haG7n5ZX91+B8Y7
zv>caoTN<8=T$r!gg_+Fx(yn-ID`7|g*!>UT%^XaH^6XZgB{9c}fT-^9&nCOl5~Zz9
zslkaM1Oi7nHV_K=Vu0V19OX}mu^034R<`Svf@!}YFbqF8drnTtZj-||H8liq*gTg3
z9!H__E{w{+r6$I3wDvMXT6OOl%zuuEDXDMCm!dOmW-XLDLwso|xnO!T9nxV@9@dRr
z9?UYS_{WSpI0cK<DF`gq@Qt<8;Vp{Bag|Ap#xdN4oMUGg6{7#=*dbESj9kf;Va=^}
zW-uzsl{^`?+;V5eS)=hG5K?aW4H<0*NmDXX+?WLWhP3o)DPfQPwMzOAYeR%$LN;(c
zOxK=@+9Z%y7V})B%x&5s`fFm{rWzp0$f9sz5QM<B$B><AvoRIO_JFHvoM=**Dcgat
zRdCPGBo6>DZG=g*A<oKH04H>#nq)bSI}7%|`_b+*ue36Ue|)h+@;gelr=og4&+7Li
z=cFEn&GfK;S3>Zt@O<!dKSCR2|E?CIw8<^iVbg35%BDc$nOhv+AgDQ|Feww@q#ex0
zo=9^<_*QQ;O#6%)qz;exgBLiZM%~+4@b+vgU)qA~KAqhtBu4^;cjMGY6e1&VumSD4
zzT+ROWHU&)%cXU$E+7^DD8RB2_^-d$l2w!Pkru^z<sP&WoZetU%iS6Gl2ZC#X*PES
z%*xlP90D6et2G#7O0XBB7eO+O=I?Q)-F%2Ic39CjcB~*dQh-n3Mwp6`r=}m{u))%E
z;xQ3+c7`ZhGBDVhTxjV#+%naT(Hr335F6jcl{S{|0*!@}%kNPvn}I81hpZR)ggS>D
ze6b}BKV50I;G;%)<lZdIb3XPEe~%-5G+zua3Fzp4#6H}@&vcUk<7Qp`iorF!ZNLFO
zX@Cu08Bhb`h!NzgD?zXmq-A}_T8e)Nw4>AXPS`txz=(IK`1;<}<!40ahbF`@dUB73
z1u1acVrSZ5+9z%nDu$&AfHF~1lpXJI9K%mnXWAX;<?U~b<>$^w!+7GVJ+1v9U-mBG
z-60)t_-jC3skA$$*VKjZ&BxN1L2+qXCH}Q9AfAR}?e0m%=DMth1yDoY7Q*z#68JM7
z6|(_MFGWx3_7LbSRtPPYe)VlPe}h}9z~>zix-<%K`tom&6-;Y@Hph<U_g4b0TRq?L
zVqgsSw0)iZJ?}mItH<{te%h^-@bS-=M)Uvr1-@Je|Hjq8kKeH9bNHD26#P0mns3;T
zPwMc=M)k?z(fs)Dfq=%ZhmWy8EAX)oKDO+De|tvrjmzQR3iwwA{}u_pJtZ*0qh1+)
z`Jw8PYv9Y0(fqVk`uRtr(yOe(nmxW9jiwF0Y7j>Jse;|_-RXpR%5h4Sz9lggiIaTW
zk5)ME;?VUw%UO{&-QimpkJx<)Tj^Sw_7qBMzMXaQjI@pLwd;&DH1ZeLC?>ztv|T7V
zB1m7Qksst88*$56M2iJyIMpdnf`4PvVfFh$At&!_aQGVW@1c?@X^AW(ix)b}sgXxo
z<aen{=owDnv{<{oOPy0wf;`DeQOw{Q%ydrWE^|)F;yV9c3qRMDc5}s550%u*us(9e
zCkWMkJOc$=!s+SuYaH-?;xde2kmbbvesrERm4gp&j6=H7;wbmRdFA$mM%enNw#bw6
zKpwcphP7?*<eFsoxa;gZ>Gl*+%1afi^U@KwqU7!_R$P;X&Yd??@EYZ=gLtm_?3xxX
z5ISH8j6`RsBnlGxGTLH5>gf<n#`BvCO_SgphGi&?$lawLY>Z=V4(V4%mm>~;AjVZO
zAa1l%8f<|xme{4<vsCmgI4b(;v&W^nr8Oc<T|q?$Ui4L2-1d#*d$>$!x70$gZy0|O
znc5zS$lJ1Ax&jI<qR(#;?Z0~W1*YKDr+-h37+T;4w%F;0w2}E0$xjtjB)*ur1$cnv
zMdB|YURJ>yTfD!x?VG)y1@hpv>KJ6l4*41zjMqgg95%I7cAcXfI7nqFhzs^){%>ei
z`U#^PSiu_!E$cm(IOII2rU2^PXA2eCON1^5m0y25kBe0PiYf=qXu&4KLN~r)fj15d
zrfOH0{fKrlIY%>w*D!h#oC`s$J*<>`gL~*F>ZCkJlOo!;dOdh@B(ZxG)WEKY+{!|p
zSjDA2Dbb!>K~JUt%c7rM;U_9{$aD96>;VL@=?hWx)yd)-{^3-b3VnKPc$a}K>{9~s
zc`mp+3>d(|myJbNobhCb{2O0N$pAn$huvd0>@&vm=JEC$+-u<V!+hzudbF%6h6OVy
z6(jWGK6902YF@MZOuY*P%q|-QUv&=Ny+6KgZRq$r&C_@vJtPZR2JSC|wEd+|cz?O^
zPwg)kBSlt}rr|y*U}QD4Xd_`rfDc<RQ$PL|+V}^+_+2>u!6`z8km|A@5F}Vu<1lOx
zUa1zQpyxJ1nqv(^T3ACJFX(%(W!lHMYg7ye_yz)e0};M~2w$8aPpFiqLACXL{|)d3
zA3{MBdk>rqZASnL#A8=}B~~b^6N(N3-wEB<jZ?Cg=rvO5<CzjunD;myv%UZf2Q#2*
zhbef_TCB7%)UF>FuDuRx%j@t^20s<^FL?IqmtpP<M>PvNp7$GXf$uHgdoWg%76&un
zgO*A##qcfICTI!91j8Z6ZdRW97Z)Mn>%ZdZ%Bs_YcxMV?Eax#*samUs#qlPgy0Y$}
z4?xc2W}7^hI_2@{d1bZJdgNt>f-RxG7^-&L8$B0dsN=zMb{&#<P??Li`a6|XC2^ek
zM)69F8YqvqC~wceJNRv?{w&vI+)tT3dV@=zh>mp1*S7P*_7?|N)`v<fy|KzB887e0
zo0z^D4bX!L$B7py{SIyMb7SKM58z5c95mypt)ka{aR80^Cb=b@b>k^+)?tNzvL%;O
zy4N$>DHj3IJEz?!`gfZ1GWWteuOf}YdTeK0kD_mp)ouU9b2$d99xPkBpi~N5!K9SM
zmNb(b-w)OPo=q-OfI?rw2^EB7W&K#Z+f!Cabs?In`)qgwUd^A!F_%CzLio=Na+l;w
zJCXC)VkK#S2^dj+jvx;e@U|0)+sfN=yJMOw8!pOJhi_UoH|<i8)c{n0d-N<(o^Z3v
zv<sWx4%04%7Kudzv&HEPpCV?sXv$WHJUj;uJ2P2~WLKJ1TJ5Vb`|2&@<1=dmFT>O6
zJ3ziJ{>DlNtf=#yTON3aXsQ#ZSJpKm5>3>EtHNQ$Q>GP*-4&%-g@j>;wYgGf*6iks
zpk1v1gcvJ}QsY}}5vEt)j7KvR7w<!kLk=o;t{+L`y@SGOWk$cYV5AUQ;@u|74<K(Z
z`TSKnzLd_TO>(#sQGgb*+UPBrOM`c^q0h&iBXcS4-@wMl3Z}yVK@JW{&Mg$B>?QQH
zVoIM9_F&2qYxqfJ_=!z@GyEG^wjTzvn4^I#^S*(D$Ut{J|Bg5veaREX;&|lyU|IBB
zC4~Gik{le#&rvb#fO&j<H!0t9r3_NO^BhyY4{Hsa#IcGg!oS>2eB`%*132Y^6+DL&
z7N7vV{c7-813U|CJgVip6QnvpE>1y$Q>ob-GqMUJMcu+<42aRu`_tjT=M7ElQ&4$^
z2FK8n3nX@HxT$H%@&}L|RJrA8v<6lrp2x9RXSfDtN>nJy1G7+dWD_cg(t$pF_W_~z
z1TI8zZh+v``&B>`&^x(;U4=H{p@l+GF3@{5qxXeVwi+Y)V<efU06(<*0zZ=u2&&_{
z*HjgDKz2!s1LGIPAb&LIyOz*^(N|d6*$e%UH&7rg6kB1(=+5@PVJII>!B{*L*{N0;
zb1xFkZMcVETrCvJ0WdENW-rG1En5ZaJ+Kx&fEDqjTVo9INkrgyuD-XW<?yA?kbQGT
z8b3ErXR*-2`$KJ>Db?E>Wfm(6&492ynM;+c7lCy4sY$SJ<V$aj(d=xx!njK-J#PjI
zu%lVoE%~ypWZ%DEx%or9qu@)=Re#TV2E!!hWbt!zuG4kMmtm}>lBqE*T@_!YmE)=^
z>l4FXIZtik;uvOxr-Gw&zKP=u04hKA4BLPyvp2x{q~<(nlU#867WguY+Te;0ScAV&
zGL-$=>)(xvZty?h2KOn4*K?dkA5&25*@x6sxB-J~Kx<`hhD(&^)-wwZ%V=DdfT|gs
zhAOTRQRST)ZbP{M8VJ5;?Do#v0L@Z0EUTG?sN7~8Q+GboRd!0hD#7KEX;~iW>#<|l
z7hi@Vq9e38&wkjuFc5-=zA0&A6TD|3?cAXcxRmYtiVjc-eAz;Dr30yWHql=s@@45e
z<YU*b|0V}4z0^p2r3>KUCG;>O^02Ehyw*L(Sa>Z#`QpVSE^u>HoX6r4EWAK@4h!!k
zeZgKLa!t@U_%Y8pNmgEBl$Bxh;hNs{!5>(BF&R!-ZO^-x?!dksi;~hlW!4QiF0Hh7
zER}wsmX3o`7>QIBycj<&#E<iWmju&;7X{OT7Y0*<=WCH51!d=rh#N+(%7z=+Nu!Dm
zbxh9B1#ppHww%_UYhq7*jTR!P0aa>x8Hq1lO4FR1B^0@!NQR?Ind;<Kx|YT20wx8o
z-jHTf*&ttrn~_pEox}k_zTSpC`{Tpn0Gg-yN?9Rrz(nGOY_HGC+=AyY8>we#zn=#D
z5AEp`e+xXqRC?Pt-SjsF<1@F=h?OtxCNe-IvO}*T<E4W1y^=67j+6ETx~TEhY|0%8
zz@Q2kztq`}VW_(<M_p2l;IA_azPcoS28K(gYw`xtr(!TOp(5W(3FfO8)nSWWel)I+
zH43^R0u!!s%A&<7kFW^x@H(eFz>;TQGu4)7UoiDtL2elw&Gx4}yMJn5K{f|3QuT4N
z86N?9+X&LYy5PVj`%_CyE)?vh@q?DwB&%Og7d*R3{k{Ngl^9y-0#++X2cpa6mH?(G
z{o*$L!sLT%NG3!+Z69ozvfo`Xwa!p~Qk~$dtm`|(GUbqHuO8o8l==&jEjV|yst*mJ
zA>`{MOocIN<7dtze%DB+#f^A><y%xoY^(-dPKAoXMzld(69CBoQ0S;#XywbclkQ;|
z2+FI1De8FL(((eyvPJOiH}Uu1MAwIw22nZ!$F6BZMX4U}Xc%8XMdCH6J1dYoz>6K$
zxus<y;5U6pMdDcn@(s(a1+r_oEe~*z*EioXbv4#UK{vQk)u-E+dRw~W#C0wyak(h1
z5$#9#nG=yez_AqQ$6ax4Nc0E$yG_f*&~kB2LxJ3LOCFvjfenR11yaxDZfTQfZz%pg
zkV_(X-C!vhcIE)U{~{qY8QNVU*q2P(1%IRAA6$`*ff!(zi46rfks!|4tEZ;tS7gI8
zR|5tiZm`M476%;lrmn&21pX=&Uru?jMc<yQVi3Tq^hcRDv_xD}S0E=><-ttz6}OO#
zo7~`%szv(}fEQ!)i@u`?Q!k3L{?p%QtOdzxo!~oSowiw!2ZF5C66p}6+&a`qcG(1z
zC-_4^1tIg4TZM`daNgY0-&J90$GXo0DYcVfyvc4h-sE)!5~5~}3+Vfj{EFlRmpp78
zjCa^Nn|w8l_i7q%vfD7;%(Z9>*Ab+iMqy1zu-ALr3KiLBA(mj-X0H<}l4*W%J<oK&
z0Od(h_!$s#OMY=p01&g>VV?|$Ifo$zNMM=ht20g95{L^mjsL{r`$t$vEMp->#6mWN
zS;%@M*@`<sz*<xjVIR8n<*%^_zM2|<6IMk*4Y1l&AaS!i$dZSF?c`}SFxgIf<<zzg
zdmTRmw|9Hp)Wl#ug9pB6^ENYY%O^F74a1^3cv~I^A8s3;1do%<e7Yr#Pp2GXNqG5{
zl*a`<sy#Y1&^NjP-e%%$Vw1P|Bz$HH+I8?ZeKm%+4Q}RDd=?{yR=K1Aa-|4=X#<n%
zsz~bs=ZhLqS{cQ!&_9H9Qoe<$_N#zDi4_H@M*dU-{Hdnz2;xtR$6pBpkAr^&dYAxA
z0mof{A8|UU1RF-cpBU2OWsy^1z0y|WXR(Z*%^-eOi`T?u0u%<#Xc$u=G~x+p%^t?a
z1m98<1~~BViWN*-(frcC8@_E5rPaa9)ca9so#_857MAw82*v<73!iJndof#q<T^J+
z^eMn6+Ec971)_gPY=NBE2KZJRIEKLfJAk)2+gNc-Q0%f-P8;h6siCL-d@F6h8*1zW
zDqH%(hpR8Vm*hGZKP~4X0I<ON6jWs27(*`{!|TC<isT#Ff&Y5}f65tM1^AaI-(_+3
zy~{G?O*in`S4PhQPMzvKTePqBCSevkM03&*4ALq}%kav2=D8t*{inO)I+b6pWBk%B
zZ9@Q|gT4-E+|hRothimcLjay&z?#+%VQxb(w{c6G-S(>Dj{|<%Nse}eE!23J9IfL|
z&<OCTHZ;pgfG!ll@DSDpj<82kr!9ihSq+d?9iFp+9&7^@MkGYYKpz8ZkWvl+)z!FE
zmbMb_egt2mc}lTRF`QT$aGA4(&?;a$d6|{LOpRV)%kXcH#oJHBe@n!FOB#!r#sXxs
z8o1O{J8V384FAh;*udC`k&7yQ$jLD69nQ^z#gW%{DBvHM5#k^DU8=Vy@LS+_je`B4
zH(jXc$ygl7UPy1y8qPdTJmC;gi01yt0=G6A{Q-oEaUpzh&3@Qv5NaSeGj5O0z5-0l
z2Q)Do1vW9rR0MsS^?(!8#4iI6H0u3ZhLX)#!x#5Gy5RQA$^-ly-g6$vze%IWQe!@v
zl91W2^1--PaGv)Ty5-*C^YoNs9m2<|IbW&@w5KMK%iRPM9(0!f5(<5eLg<6$erv6-
z#(MGknRHc5L)R7BR6|o4{Eu0(oo{H7PwNH;aXN#eenf!tHy&Zu;Pw|<C>D{zMRx?>
z0zw)F!H~Nn0E0780EG>Xv+7+Qn)s6-3c~$euJs4}T~N>aYnUd;dodmQeNmmR7v(tF
zTDH{FGPG2(s?u+igNgBc5Bm{?z_qXEOIMQ)ZUsf)ZNR&Q-#P=-_RW0RB1$-xou=#v
zKN*HOJgO_Zw|EXCSTl76-X|VH6|@aC1F4L%x4PszN8%*C*%`e}+;pHN*M2<KyWvb^
z4W>uOr<NzAixt^@1ar?chkT7ixzl8UZWdWx_MiDuJSDs2yEsQ}p2_N6=O~$K<|cWF
z2REW41Z)<{b(wJBBo)CDW5Jr1WRR*?CM0-Y1DKR{ozTm{?0u5j<;%K}Aw`~QcY~Y2
z+-sQi${;8S<WupD>6DhN>&P6z-(VI#58J{C{0AFJH^-;62lP*`w0`tHC(IjjX;#p>
zXWR3_;T=Ne0>)$Dn4ALZ8|1Bc5`*?9x-zRB(rQOZO>rJSw{o<Dzq@iYe{<zQerzQ-
z8b5$}2pta};_peckLK@LJ(~Bd8SUgZEX#wL?{p}S|7wkBsuw#R9ANJ-i!ZIh6FLZ*
zqw_j0%ahi4x6XnWT8;cFjl-9g!b{#(E>kr~L+C|d3%*9yPw04H$yp!5QP`vo(-A8+
zPaMo(dN3w)X#}gv-KfeLMdoICWUr9SQldss=1mD+0EKGW(#Ug9g0CKq@)y#+xu==T
zrF>}|mFZ{jo<!(wKOOR?q@{4cCD>`%m6qz;ZW0b}0wxQKth!FQ{WU&12Zm4)d;N9D
zQ8uW_q%s%iFD7oe4t0wxru4jjSb*E?pGW4rQ=nje7q-<a-)<r^Tjl!;aZ$5iw9I1c
z)s<E?9IY2$$m3Xef#=`_Vh3Zjh_wG+NtVQq5ir#X*-t%BtTlF(0l-;)J%E+hB7mf5
z3(dO+0W4queue#ALI8%84C)V->*Y-#G-(j7yH*Eb{l+E`ZupiUJa{dGa3mKtl^eCz
z%CXB9WG*M0gql~FiedI$?bY|sUmG^COI~Xw|132=4+U#Dth|4?gH9!I^G2&a3Qtpc
zS_lVN{+)EM4x2IF8*@aJEiu5MoQ9bD&a|wuTFH}^<GBj+qm8IQH7tz+KA7X=A~JV(
zmT{pazPbed!911$D*GD1Ns(o`U|JHYA?n;mSp<~a0+_}(P@<@0O<@Wez>t&U%gTXa
z;K4QsoHOuEtSU9CFaC2HSy{mHUhhonPM@iPwkAWR%%#dtpN0s=RAx4SCT@ZKoUy6m
zA#l>^tbgJzgdRVSs`iwd!e?V+)XeOt@{u?cU(~~)Q_zI$ZumEiz???IOby<xuQbYq
z7E`S0a;O$8Bz>SV_dJ%3tRrS4>p)jIn9`w#{@wrF0KnVyPgdW|d`IE*i*MjZcbcKv
z9OOrWoP+$Rvbn_412Y`e&RE(}fXU{tc_^Jkoa#z=;#7)cobyFE*<y7yMck1s52};>
zmW3vJ;!xvc)4JTFjC3LXn7-bX76us#wp|H`Tg9eMtvh3iZg!*V-vb04cu`*;Cc6G(
zmF?}rFfYLMy37fM0{=F&`h@#95Imm)ExHYL2N!S@g0h*~4?Cdt1%}#F@{iN98OL^r
z)7S0pI&RCqW9>zT+GkDH5m0pf&I8ok+PeCKiI&QnR-OcC3*L#^@=@n9y6S~=)g4J{
zSfl~Rb;kv-b^^4}B~o?tsN+@*PUJYY{|T_i9iQIR)QL!KXnMJc?i7C1F_bFiiS1KK
z?BN*3Pp;CD7}`VXK@g;%5MB(vY+RHkqNXsPXtv@xh|23IYwEDH?z%z{Nt7So2U@~V
zQzz<bBu-w6iCHLh7mio$s{T+7qgR}$trdNt(hBZmZ7sslVO$@e5XN4PQ}HNt8Z0Ir
zSbm%;*8&29H!#N2uRTWR4I+(nMH;yXX(XpPShlj4fAGM|7o4EN7B3lP!^5sO=ZOAa
z%#JY&i3a3?43i(KI33ckRvcyEbfx7;i6Hqe6pZ(nzhA|SAZ+upV=yQ1N3@TRAEiE>
zj}A!6t!u2DMn1R^0XP{{j#}yr<)iZeWslL;-0L-CgI!sJ7aAK(f(B9iMLrkR)@W!e
zm=6tIZ)|AC9BOFOjfRGntky$j@kKS({yZiw*p$nbS=DcywQuKY-;%U%@!GdzOT*s|
zq5pIEKBK$x+c@S=b;IrLxyWf@^ekU-D&|@?MP<5LM|o*N7_)MZJrt4_MIvNuwxbo-
zh*V6gPVqb!k=kgGn!qewi!kD((l-sIT57@IErwizk#Hmq`k8xz;6HL=xt7t+rDn7f
zP2XY6#RSWYp#2nIjf89bj)iNSfst#`yyJXd9RU6f$0FBi!&2kJIH~kyLuq@hbW}Jp
zOIvb-*MiAhNk4P6KrLN+u#|PpMUNG<v}#opJys6(KBf0;^Jqj1*n1t5<wyu`ZN>@Q
zc7mD}k$LhDr-KG%PG^Y>+u$igUq+eJS%yK~V^1tv@1Gr&aFCyCnVx2<q5uauoSL_O
ziJ(S3ZL7r&?cjn*=tQn|;Q*0ZV9%XeU{AmIN0&SZEzbp$Lv_OzG&gL)=!Pw@^pny8
zSJxyKp)(x9#sM=g7v~73Mu)WALHKp7+u`sBV+VFhe&G}w&MRB%;2*C#Ui*TnURvef
zAFDO*?36r@f86iLTF#dyqbmGL-)@t4f_#Mle_6_<Q|wvjYGS)3LoxJLq7pv9<Vm7r
zjx!Ih?r3?4;Zv$Uya7odduBrT5hkA)*^SGrRlayxe=K^-r8z`Sh6BE0e~;OLe7uMp
zDFY+uoif8a-pD)m;XASFJH_yhPF3CHypcsFNu)4YNeYv1BMOtMWK}&<6{FsQD<6g*
zUDZ@$V$(DxDX1|?*EA+Yq%rX(qsAmLjro95Fhtmq-16<5TfWO0yjW-dIvn*S?F2JG
zCc7<UMXbE>i<vAb-1cAi(nb@rqadBhDpHw@3!kfTI3Qv^(J>SvmC3TGg6Hc)p=g!K
z8z_10OkygNr<ukigQSIs#za$?I8k9DQ0d7OCbp9)Oj2-gsi#q4a$ysNNp-Zs1ob89
z?;KBG@;cl0r1i>o-I%^4Md~m;EG`<=B`7>xiTaWv3Pqb2;Z!<=0jD}&(5Xv|+LA65
z`n`E=Nh_VUM4h~x1`zgsSJfq{>Pg*(P^L$n)O$Zl>XIy@x+Fu?Ya?Rj=$B9rk*P~;
zn!2R&Es_=7qE21%!V;z~c_YcFjIb%5ufxiSfuc?sao3V2%80>VlQQCVktrjV?}tIX
zz|<u#834THLp^|x2uxjK)6^vwFaRq=ox0>$wN+iL<|ZJn`6>+JtAY;1Wz|hUeDf;;
zae=@<Oy3_0u_n6tqx2;woP`e`VfvCuH?&uUpna8LacF0yH7cGB@*`5&uBVVT%_u)a
z>37tBbcl)4eWa7_qo-$>DEC*cpTcw>fT!OHGIk<fte%J;P>(A?rv7+&py5OuQqSr(
z#n}%i`%_K*VG9g0sh9m~1>arB;PxHlZQMaL=u8cCHr9ZnZ|F4&y$#hwInO#9_L#?G
znVEVj`Ed)<G2rE6rpKW{jDQ{))yjP>&@gR3d0Yn8a>h>YhLcS2Lj99$JU?{PKY1vd
z0HZ^1YG77W3$A`tsvZtggX8su{qLm0LolX8G^XG%eQ{x5DrSe+)FA90EDqEj;&zIE
zEME8T!z6Ps#pz1NSxwT+@nxuqDBI#Gf~k_WD(_DwdqJ40=4WYEEX`7<JmV};FZ)oX
z_IzJD-lK8tb`?~3dT}>EN^ABTqsc#5Om<j3InQ8?B$^yx|H1m&<}@B)Q+18kGCVA~
zRBN7s)u$ITJEwHRNGDKga03rAfIa|_tx``E`01Ae?YZa@K2jgZ>BCo$obdjRXo+%<
zm+gfG2($zXVL#B)dBt(eA`Qt&xy)(`Pd-eNv`Lx&GBBHijmDOhl<ek^c;RIL#p39?
zE3#G1LR9VK?oj)w=-Q3;=2|Y#fV%&RuKUpy&9^)mupPKEy7pstpyq(+G^+mF2ubTE
z^|P4vC93kV9#DDvF~;98xwoj{>fl`zXM&PbE8ow+OoF->fAiv;M-g|es$($ZuP(ix
zS@HdQjsq>nTEdp88SMq)V~7ZV%nW3p650is0NpEO9XJfVOIQi6wclTai7bbb<|%YE
z;%v+@MwY2U(+anDLow#K@9%>BB+%sq@BiEtDp;YyAp-tTGr$x5{CpJUEmUqaDZd{F
zx9F&b<aA}M96_>Lslw9~&84%B5<=5IB!r?tb_Aj5>I`LxSayQsqeay3F6H?NNnBv~
zQ7x4LrM12pgv7vo_0&n#2iQ=rNJBlfntS=O`{B*NGYp)kspeIYnuYo<k#9b1ZeS*P
zDN1MT_qTeZO(xYD*1#Y$V~s%#&D3~Cwd}lH+2(~ha+3_+W3_JPV})DjXRpE>3eUn6
zA)8(z*<rPdg=`@;i2oa=1|jx{Ojtrn4zGYVcvn@<)HAXAre?CH%JfZ5_y$!oxlLR7
z7LF&uJd`c^>zc@CO$^XCak(BErj&^^^FT|EqRYJSxt0Dtq5hqz{(V6GJ5BvNLH&C-
z{Dngu%MR)&Nm8vyaqS1=)W?^UB$14gs?-!Q9nI%M+ecJ4smfCI@yqad)*p?3b~*P~
z<DXsEUkx35n&Y4KZ8rYd9~@srkH0*=Jy)KQ@#S7|I>z^2=3gG)<TEqABKzqW-?!cW
z^7vYuneq9uPRIE6UiO#A_e{StGQL;)oR0Ce`s?Gn<jjn(s`u#_-=*FD^7!UupONwX
z)a!JN&wc4%9^c?IGd}Za8Q)zQe|dbH`<|Koujgsm|GNI=@tt$inc4p?KP~&;C4YT?
zI5YEC)T7z)Me?u2&o+5&nM)}Tkl$4?Hk7#~*hVNCk|<Pk_?E&2!!ub3iN3{fyms-<
z!(~gSr8%Tkd6_#SO7wg=dzW%C1~@TQiJ^sV`)=<qQC5k1jr$*7|6Tt2`ZzQ4p*i!o
z_(j)Bvfd<{PXR-usdin;w{J0p>FqCAIfvXE6<lw>eYR>d_2JuA3K>3qA->IwRy8@>
zsysr)+Z4OdK03aq=Ff%k6K*G0!$U5NYH*O!=GHE@cr1c^bsg$8F^SXmy4mzZtP||Z
zJXfPX6IS9&f8fw%<R1WVu{95!Ik(Xz5EPY>RitlMolENDk~=wS7pl+lq@NwWpUruA
z{-fJ~IT*9Z?+;kZ<DKP~mk%*HrC;$^z6qb&%7?_z16z513_eIHA7Z8lDdqVDoj;IT
zKE#5i*7z;o!k(p<4~b>Z(#!K>*|YBDL*m%8?&bM$qJLkO;8(KB2SLB%;{`bvW_Acr
z(jfSkZzZ#tJn1)wZ>KptywZ*^tCZ?^Kt;xdzGG&-qBr??k%3nvg>>EmFYnuK7K(nS
zT*t|2K`VKh{|imZ`d~b7#1YVoP+=(-VX25k-wFO5F=X~ut!(&^JmK7OZ-(VhF;#Fi
zM)KvtsHA63`Az_9uV<W7ItVaP<-8Hr&shTIL5Tq5C3c0M@d+I}G2%bXuOO|#s+g6_
z%R79#G&tJ@<MQM_4(T#MzMKKM&>|MC7b>zJ5qReTvFLjQQpx%deU@tk`$kV|vXZy8
zL|=_AiD_tQm{VJALA%f0b%L+Bj`JpvE_>%>x>3-(+KH&W)e<=GmI6v~{r9lU@s?|U
zU^Yh6szo@l91sKLH$geWOW;xpyis-h4#!Vs%JaT?dIN!3|409)lm25)1N|?F(7!oM
z|L^@Z`Zt|+`d<^Ff3uSH-k+fViKjsS`|YUzJU;!evUA)i)Bi-3{s;UY{r}JL|F{3%
z{QvDgLI0jpq5rIt(0|q+pns1_|NZ}u{{QFr|C@hr{{QBmp#OVMf&N2%PE7yX`uqX<
zzgMOI?Ej<x|2h8u+TWZ1zxF5S|L#+v|K2B||K5Lq{_j@l-~NB}|3An7U;caZ|Cj#+
z{oi>C^v|D!{`dF#1N48VO8>o2M*pME4E+ymhW-ae(LW{(4!r$0rT>8^r+*7yaoHcG
ze;|6(65T3L$zLV?A6_t${=8;Lf1Zx?$3~I9Ig0c@;#deGjr3QmeO4cb^pW08t91(i
zDF0Wad;qTh3xAyOgLj+);h)_rLiisvL-@5lHNwB_WQ0HY4o3I`E^p68@>5by%JpF{
zkX1_0pX<m|EEm0iuEcD<Wo2Pgzg=jcg!xWchI%z$;?@5_lPEO5*5?&;_13@CE&8SN
z@BvyJ34H|{CPa#Uzr&Rn0|f&kz>-2MAU??u79bk_5T%$DVSt#%{QX-njrp$9N>3kh
zXxXg1`$!Z7&*B3aXGqLy(tT*V`kFWTwc8#!3E)5VJ2Bw;`-5w=gv`tp=ddUp#Yy<!
zCpHPga1w@~D^_+SH|CC62vT)8eZWCw%`A*PZHuR98zU;A(|7^^{!pk6E}Z7*Muxet
zC(A(93Z0^Ls16`~f>(&Db4Xiea;-0IAM7Bi?jeQ(<{*-yrrn4#x%Li@z<v?Iz9<5F
zTYMl-wB}#}#{L-b3!O&>QUHVn2Dk(BLX9ET63hc~D?@2^KeW%<)hJ*xMQX(}PxUql
z&fzc6$DfQQdB+Zh?W+;nZX)>~3?x7H;V2@w>0!b+AXh^<MZ;l#8PWq7aDq}GwZoXW
z4AtmTGc@9bldHFFkCc%YPOge(?Xikv=)XB6+auumXGVeh;Y<pIEXv7gf&|0{M6Zi|
z8F{fh`o)PebxT{zkamkRiPPn`T}e@y4ymO3TTNXE4PRsU2O9{9;hF9_GsH}C!?bYD
zOf=zZ$<MWww<)*sbMsC7+(J|NP*b@8-|}PNS4{cPm~sKW<(uJ`xqPU(T!3%+7Wic;
zA8IKV;9Gty{E96f8e1;FxBNKx6<0nqu3Ug``SI{8zI<qWxd7ktp_f8y`A}=Qfc+)F
zuY~fU3FQKO%Wna{T9glMQ7*u@d;qJkW%<yS<pO-mPlR8I<wFz81^AZV3VyXJAKI#1
zfN%M&;aBVOp{>gW_?FMZFTQ*zUoP;5tGg!r*2u3KZ;0ksM`uLMMR113uX2vhuNFnW
z_6a;VF*^$9uT2TTo*@si5qq!+VgJ4J$dRr}FlG@KRNuQMj(3*wDq}uo3gUb*3JSPs
zdTefK7fL@MRFqYE`Cz6~s`1sB-BKg0gfv%?BKm)}1Y6D$eT!|PZ_xpd%~2a?@*F_-
zfjg`TTyPgQ<BcupR2Pg_1%L=|!_9cD`Mc2QSz5k6?7qLNVj^@8yJ8~Z2{uNM5`qa%
z=@<xH=nPWyvlv=Iaj9x7wU&63$10ermAd!@4&U<f6qlx^&XrJu$(dq9-#Vmjn$sP2
zdLwqKzn_hGS*pna>B2T!?h<jZY%hb%l#b4bUog+UC44F7gp9Zw{zJ=mKa-vhPp34Y
z&}7%KIm{Q2xm9B-aI>TDK#M1dwJ%C5lt3Y_-tGD>-*||1InaU~*gS2~8#9;`c3$j6
z&WoKhm$K{;gPEJeQr5?i49U{+lsy!qJR3D+HO*J8$Iq26xnl&{Itd4mYQ)fb1BS+E
z7@GAbFjPH+Fl6Y|7w+`GjwAiDoOKHHv#I>d($8B3P3UKI`Tr9AeE#4Wrk@AhP3b51
z!M_FlG>;$GA>L*p7aU6j;zu4(&Fw8v!Wpr((}1ms8n#~e6WF@eMc8T%gw|0Y{C~xr
zA-<Ure}fMK@Z?buf&J>TQ0O2Eg9n>nZ-)VUUJZNC{R!-yn@`wl27ooC1_1uQ;;u=)
z+^F@*&((306aYM@JpIhA&)p*7%+TqpKDE>TpFAvwE35@6BUX7lWaUPZ1aWS|x{yI1
zH9UMYR1VxvqB99X81=x4f>`$hK8H1i<us_aq*07R-<2`rQptO+cAk}E*&>Qw!$iji
zf>w;*iRTqT?kgSfZ8zs-R?6e8(lXK(#5v{ML{x=TS}Xo(a@rT5<5xXuMzGj>Sy&y?
zCfF4k&8)?zOii&3_0N}3z)`FYO+s%{x*)BFBU;f?!N1+YPDB<fJF$&IiHSTS>c~xZ
zoATj>?e+1kiiTL_5sCIS)7pY)MiB^=yVu0Q<i~|_Lcv?%?`)IzY>H@Iw)Edu3)Kq{
z<(W$}YlE3W(b$lE{j?6EZ<>ws_MUALDx6E=Mc%nskh7F0*T-?ejzUFY$o}ipwu0<h
zW~CYjtyDv@2A>HnmU@Uq1FaQ;$srZMnW;4#C83I+H6o>iqijX_zZ>IowSHG0pR004
z)A(G*`di=8*Pqo)eM5Zh4Rm;I6e?~?tsX=!@j~?=N;6PBD2skVo7a7h1n|A1q&TJ}
zU$%;!XqCqbS={_@=r?AUqx=dbcx)J$f;B$60(~c|m46Px^eX5*xsZ8JW|YFBNw+JW
z3}0OWo)FCXxbp)X(%tF4V+r2Y1}|DOHhGiUWFNIjhioZz0AxU$zeoeKqQW5yzJBjc
zK9PS_@w4cr6R-4lByquqMR_VlE|{E5;om<z3o}7CD&rd)DLy*JQ;TQb)rG0;;e3;x
z;7!6*NP3_#wL`zG6ZiQ;A?tKm4rx-XY(7e+0XxI<l9l*WFYUZEK+6Oi<{w2l7RE!+
zk)M`CO^je3WDQ<&yh9c0QIhD0AC5aACzh+3zCYL5PcA_F_xNs{Y`MSVlD}jh%GBn6
z%|5)>nX!M5J1zF_jemK3^*zsw{p)EN-(AQ4^7!69Gvn(Nds^(@kN)NHU3X^2muopK
z_U{dUd3-I-%=n7T&D&=i_OJ6_*Y97e%TBi6?R!mM|E1>YtC`0Hxp*u~#4&FOX7L+8
z(k0(_v)kV29jImRdua$}=DRP8)%y?orKayFWxpup-eoM3@xAZ}^-HOkuuPYa@7f_O
zAK&<q(6aZ9;Jep{MOqCW-!G~15DXrC4uKYr>RaA-q=nZ7z^7iX<`U{P*QUkIX=?`Y
zrRsL_LrqBP#?9}@F)z<|N+}k`Ka<EeRawz_KRPTcY18Pj2U-wuZ$3P447M<xwNPzS
zTfkwDp%&VHZ)4uAsVFF2!=CL>pS8tj4)$!P`m7Z`yA+;@)zy`g-^ZX`g@VBg_QPkl
zu@ob1v)6Xz=Cc^s)yfecwevQ@&`O2jXCJerf6u~kQl%(cs?}(4EaHiBJ2VwYqs?Wv
zB1~o8vN`JCEcI`9`0FdSl1vfbWP5&k+$n9(UG3`j+)O@!EH!HMd?MXxSuARFR6P6%
zg3HuM`BqL4uR1pcbIz27_)^MI$P$wJCJ7v0x}PE$I?<ng?8tA%B9=!KQ4VcV=F9o;
z>Yb@BIm;#A0ZY+Dk&0YW9f$*|?xJnN7YGL7+T<7J;Sb7SYg!=8#~)_;u~<OCjiY?E
zrfLx*mU0-rQ#4hI)Ic2l@Qc(yJpEXJA@0)$$j;|6bVmolf8>1G*@~kn_t(Ssw)j0+
z@HfKuUK|Bw^@relKZ<WD`s>bzmt!d<s|YU-P~WzQ@b&<D-IAuXJhzSl`=kpMi4`P+
zngVz|T9N!X`?W{(hf)Vu^!%Fr+~<<}x}~0J7*(dbh>5W<Kdp$d<3$Om5Sr@Xz;LD*
zEC|1(!IxzGl8#r#_$5R1?@i5<{*~69E~DT{Pf;3{mW8Rg@mCIfvEUb{oS24x1-v$b
zb3=l1<2iMtO&4Jtg>LA5q@&uIb{kOwe7OU^$PP<ri9^D4krn;kr64T36iZPYOGxXI
zZZ34lPaySR{P!(5C^_GlG!M_L#-w@re0haY`SSABtarJX^sdmDEibxE%avy=&@$!a
zs~PX|qw?f=A4HawNjdVO>Ax_XFHiq6%a*rY@a5WI@5oKDMu$J5D;?#$!R&JR=j8UB
zL4V@LFf}V!?w@&D;QDr+b6_Sa+AdCvgsxYPw4tc=nWCJX=HTb{afH?z0@A011JdiS
zTOWg$n!C?Hmfn6S?7eqT+_7rqK9L~2J}?fxRL!EpHAwG(jYPrMpTj+pg-`2M*TTrX
zV{azjo8MB$z4tOU{ccOfy<4X;?mc=E<7lHM83Ux{aPkl*U9Jo;(GEQsxJEVY(38^<
zROr2$cIe4~<?2a-oY<O_9DPW~Q5(+OZuyX(J1!=tWbt8CGZg2PG@2*2&f({-2UzAc
zT*}GGPjp-@$QD!8neT7#f4RTS_5a=e{`p_-ul~q?x4(z}%l)16U+(Yiy8mu}R~Y*H
zi~gbM&H9J-X%UD1p@Of<s``j3(LSQ#`u~OXe^@`>KX~5xdf#6@@BEWHBj=s*wU;(`
z-jN3ZK8tB!)TuVCcE^Dnuo4F&71f}r8cKV9#?PG$D6I~oG-RI8vg3NebO003w66l}
zZUA}Xm){Y)PlgLTy9JrkX?Xr<d>HrMzbn4YzyB@pJ>|F4ititTe^-1zdgyO~@5Do=
z72kL5`Mct~)4{(5zMuQ`#Q6TN&;Lo_3ABXIX6>^JrEeY5cMb|DOcw2BwO+HFn<&UF
zG0?E@XEZhTSlsemb!B^}UEHrB6zb1EoCq~5ER+h&uJA(?X}{p#ZFZOK^|lXK;OW;`
zqCMnG570TIniu9{c2Yb@3myL-b?*WmMUnLn&m@y%fIv?mfq;ks1_*LX5H!O@XUGJ)
zVFD2ZQ4v8PA|N2l0Lm>e8KG@QSueZpdR=vQaozPUAS;pqk^l;la8*>ULN_B2Zn**J
z@0?RTGd)S<)%SV-&-(E^q^7H?Pgniw)TvXKbE*#SK-$}fyq&s4x){Eb;9q9OBlOzA
z;G9C0=W;5X;&D0=-*w*228ePum11F9i1&@o;H80dGFKW^jmL74z3%2qiwy9Usl1eD
z<_9Kua`-7D5?y}lF5JYM%Ey|zAO<dJkwxG(ZR5QaMZC9Y5X_P8ozC0#%%3VqqvrBb
za)1}x@Zz9AFi!Rl;tZ%zh%*xf?{1Szysh3|%O-4`NPT@4T%&>hB)>hHi`0*Mu06yn
zHe3-2{2a^s$_4SdJ5`Vt&c*7@xw{-M5F0if@2xfkyJi**_b2~EWi_7R{ez0x&+~kD
z+Dgo<lplmQa>Y4w1@ATc20P9>xgpyetA|aedt`rI`#Z#g;uUQC7=7cn62yIi_hfbD
z7L#YbV-u!%Yhsoza#AH@@J8*z=c5`mHq@x6<+@&4qo(Ef)CP@eFFeZ{wU*3$?w)%y
zUdipA9BNeMOPbJ6wN{6}yJWS-cL4+O9Y))>bECF9#9g`)`DTY;?|C;DDFOG~lMo;L
z%WvTo|F7efQ4M)z@&Lvw&R=8}2XTwO-0SLqEwUqQ!Ry&#{HR}I3qHaYyq+zF!W%-P
zY%xW}D<tiP->p2@+T%CKgVwYEOY&f8*8f%>yfE_D%Y%n<f2%ym&HY`<gLB<~gFJA|
z`hOq~+UNe)<iXvy{~yZ(e#CE;2e*&-|E)auq}y+h2k|rhOY-2ce*ar};2r+!<-sW7
zx5|UT!vCQ>i2WsbFu}3OO#RZlbh1-C2OR8P<}KmKDDSj<p^LurclgE5FZ0t`$A2K)
z@z+H<zV?A7Z)gmLyEEQuv)^ejJGorhVcX^8Mk?&<o|WWHU#yb52)b^+yfFA?BkVA$
zK09Q)rYweLEH&#`VG^=Jsg4!yu@W!1&~T?7Gfe9HYdico>g;9M*@sh`pAU8Rc7o)#
zQlsBLj2hi(g;p;OxBB%Pb@ySzu)EK)LbI#kW-oQD1{zw251%KbYi7_oGv*hqGb<Wc
zXI7wfW?IBL^PdK^&P3BimGiv|4|I><@6pz>J=t1TIlQN1p|I}9$;MLL?=)WLo@-7P
zmJ5M7=^l&iXraKYEccL=rE5yDt4R?$+16WG2IyvV;}+a%g%`-)m~)m0Q>ysDDM%>M
z3@)X(&?R#+$+||(8(mUAf)oUp(`xn=El&)Na*7qu8+=8}a_~+tvkNBZ-V>qkeCrTP
zg}`Z3ux-8jY<cfim{yinxVg$$qx%Bxu{?3WYzUqv@~LRns2Ma?FoVVl`Q1KT*tCtf
zRA)SSl+2MzMMchzVOB^|qE*>l$802_lP@u{jhue9sqFsIGX3$(e7!v3ZFOAXn}h+L
zUvNo%T>eMQj>=+_J1JK@FF>&z(okm3($^`<WX^ILX3SmqDKd}dEQ$GRpl%jkvu8;l
zdlprGdB2(LS&B`bTO9>mt6kDSGB@d+BVN}`f!#guxTDE^n?o9Bc1R-=gBgxela=*x
z%Iz-KOkO?v>vdXj3-C(j4zhSvmP|%#SF##9Rn3bR*P^ZKK2HlMEI;Ks-=t0uZx6y3
zOjd{3)5^ab<`NP=_#tS$8ez&6#wB&p-%=io#qG_tgg$T$;Qkf%Vkthj8qvLT&t5fp
zKP+Moh4wjAktSpl1T2*66ss8vWn-ap#X5m(Zc9xr&UwKhZW970O~E$N`<G-dv@ObB
zC~F_X7ihN#$x-AV-0_PnnIkXhcN9nW;)o-j{zhNs|3Tk4=%5n@nMHbK<7*mkK-q}H
zF`)vqjkLj4Fc>T!)j-oQ;V95DI5eVWV2t~AC|n!<%L<f%5$!bZ7CbLQBgCx=?vO?X
zYofCg@7<BV8^US1xM%U4fD`&Pww-?rh?r(59dimRL0IhM{dpGNzpTO`RyzW+$)OfG
z0DX67?%pC@n^~H0Nlm#VBk$dUi(nQ(-R?QVd)1726LDn=;LlXyjY$4P8<&(gfJ-vj
zIE%}Mx0?@uKTh}sk7@XrhL36Zn1PQO_?Y4Hn+6EpB0JQ<F4!tO>!6e%UYdbG1A!Qv
z8y*nvt)Q0km7{(X&<4cEVL<Hb8R42TKT&|nB3Hnmn5YekPvD@qoA+LTK`{{0kILrT
z1nFL&+ixc?-T_16&R{b<I6b@v$4(^`Szuh`z1u;k$JXm&0`lUy271rE_ORYl5*`7s
z+(_@qv4`}Yy6^y4f_jfjJgPhabqn_wTb27^vJ^hRi+h7NMet4lnaq=v*$RlN?z>RV
z$aq2(xBQP(c<p#x9LAT@Shk6NSIoR`NK77aiKpnixP1EpJS=`XxE^TN+gZXc@u%Kg
zXiVsd+5a>cyUJGid~de<fBG^LrlY=&?(U)UUr_c8CPag&_2fVGU)zsb_q{;(Kkq^L
zA37C=bgRDFt47YBF<V|bQYH<xAn)Pnc097;U2ZnGo3VrN^2clA4KCXycbdby%xqXj
zC&qT?SE=5`m`SUSA2QXm-1iQ$8r)_aE7nY_Qkenl#3=hCIuG_MO7P)(4NLIznTqHV
zNbfZ$fz;m0`wqMB!wZot2G8A<TaBKk8`yEI6TxOuwhAIL1KK;mA(rH1s(L(!OM|Y;
z|M*9|K~PKawA^{51_Yo`>Q~rSGt+7G)DEq!X~aI7ZiRG@u4hm>Wi%T@*_BbJ<W}i;
z8_#XLG)_j@bh#Zqy7A(saWa1A1Vzx9u*ku#M7;qr?;ZS^>xO5%%J7I6C-be648h{i
z$K`K3BoWs=elgXshWNbx(Xoj)CL20BR?#wabSxs@e~o?F_`Clf+n04~)6l-`MBeYr
zzU=F0i0+CM70)k`$+BpU#;7a`qp4wxq$rHaqA%*wW7Ld&M2>Gw*YRlI+dfM7z5lKm
zRO9@(TliJ{ILXqGAAjS1*n{8vUiZUV9sFJFhdp!P|8)QH?5^J{-f!>!UEtk*|Bdlx
z<EgLQ(+4YjEAOj>anGO9<?mH0O-R21pygpnc)Sk!dKEj#J?w8))E6(%U{ytJv0HY0
zNS1FfG{AI6zH~=CbLCOV-f0EzWNN<?;P-!P|9ju>Yd?0$-v8V44?BOa{o#f3-$j2&
zEdQOgf7$P=JU{RGeU)dz@2osufAjk)&!GRIJeqv3<O)Sp@<?TLaO({?H#Iq%Bql(&
z9w2V_9!>C8o7@?YWRJnL+j(QPxLd%Bvn5>iGYeuhT}1g^u6Th-@jsl6G58&-LmZk1
zb5=H=aln9~xs`HT$uAULL8~&?QS3ciuNVXGzxm?Fc0;g)_BPslhEuDO;DPA%KP+`Q
z&APsdF7jb_OYsmZvZtdzTNQ`o1rth#<dKdjRy0^FfJ*nX!dNAL`Ddh7oGV_(b-)k*
zjEL-Wh({c_pe~+wigj`@u3E(}brHWsZ&*@4E2y}+xUd<hxAxX?T#P|`X=oCAskI<2
zn}p{)lX&qQZdEkDQl$nz%Pb0h1d}w(Im@A{!FPCn|4Sd)4az9oT#1^GD>vN}W6-b9
zihFXn^?ZzAtYM9j#QR49qTdK&k@7**+8E9Ed1xkSIW$12(G5cSbR7*2Q_7XwI>Z>p
z0;t|1GcM3x68Fn*equ0)XYg|3QmWd6n6DY+t7i|-+@$F#-x8uMC#E3?rEHRlM&`<l
zMAV|$SFXr|@EhmgcW_^neS%Be8ggNE0T)9CHsic9R$?7g&|xerf1*FP&LEZqP9=D^
z6g0V5ShNV(Fc8Cw+k-cOS^{I;N8{p=C%D4>RC&#xQf)K$2wyo@xEmMr%Dl%Cyfr4S
zun3<HkpHGFF0m$8tPsR+<!{bl;R8s-hdaGA5sGdPX~cM(GmIJU+p%n}nmvKJfO3ho
zE-d#UIq~Nh!zFH6_V|3RF7A!Py$t!>f$Z_pn7q>LJZeASiY)lX2CZ;hVG?dBcayTs
z;_mJxw)ySdy`?b|a6auAig&#RDz_N9!Yg%<DJHW>Ke<tNievJEXUVF`SHyEU0beE0
zjSK|8Yuumail4Wea1DMdIxEP-tKqW*@j9-SBn``g|LO2Q75<y~(qTL?P|~pR@P9h|
zhq2vlosK5eA9)HEjWKYAXxJq9$3nBdX#J4=rt9W;$Ld@|!J<4U`UI<;D@@kzOwB4-
zWQ5l~F=CshZcf8>tIfS=mo2lX;Hoisj$?JaqjYEtt?HBvO^p$xrDkS4IIIn4$Q3<i
zG8Pm)7WkhkNI6-8Er;hN`pj$S&C`}+FE!u-8eeKRQw<7>@blgx3#M_tb?DFYGx+n7
z8}A>@DtHph)L&&cuuhjon|$TVM&r5()OA4?FD=U|*!&Dp@^P4JMG3ASIG6`l<X;!?
zx^0U)#U-_H`G*-nyp4Ahd`_>pPw=*b+{%M=eYy)iW;1Xv1`00BSGLvRV$P33;8Yxb
zD{r{pbURN5PJyd2xG4oP%XfHL9xZzwEdWu@`^Ol0|493qf+xzMEMozsf+sG*ue<42
zOZYX3e)WZ4xYfd|J9)2Cz<X<r%fG_UPvW}=_&`k@@2vrTx)rl{YhutnWlb#S%f*)$
zwKRBI09a}GE3~s0pgU|?dvQIfy*Nvp@7rF$9(D`-oIyVgk=FWiO2gI)W^cwL_VTVC
zL?ODB;8o3LbRv5-3s)f_w8MWM^h<0%F~{yG^{qCrf4u(-EB0Z6kNm53g}zxxaSkyj
zFIV!67o-O#ah5{sc8ueaa>nzJ;Sh~_In#;lSsGu;qNymhAKhJY#j2o1(?<nwX_{a=
zg7&G)HT%@hlhHmkZ1wujWVDC<l#!BNweDeLIN#IoBb=)catYGdG+^6wzWW|NP#w#E
z{@y>?Kc4$wyS_%#<(%#W%Umv9s}q!eE|#CDi@pK_Gp&k~djMg6#Ww8Px-l+ax1O6u
z>$ws8+L~6(zLpgkO33-{M`8CM9W4kH1>3^kqrp~a2N-M~;s@Xam<|pEMsjy1>o1qI
z1P%FA`Og_x)`U`KG^w>I^6zNDd#V6=SVDPY+|H|8fu=o5o)$c@-{6^3@Wd7Rn_}?H
zFL<KA!Sg7tjuQV~H7-Bw0!$_e-AjUTC`s~!KwX^RtutbuwIg0xTw$-)Sl2pWX!r{Z
z{XWuOloDp>6kzDM*2K`kc2vuzR7(@qGD3(|&`rWc%C)1<-0oX&nJ`cXIqPB;w&uN+
zu_$wR6w$Bab&OJMFctb)hPyfM&&$Ahut^Zd+9^}1-4er4NhMUI*iw61EQ?_dL&BeC
z7tyB{EQ^7n5;NhjwVCpOh~on%;&L)8wOqlDA^wzxWfg2-^5za~Y?tj4)9nbVk<y?H
z+yRLZ0|m$G3Tm2q4i9SP*@?~8G7&wHxW5eUAlD?GTO5_cjA<aD=*9dY-X$3p1NTx<
z+IGlg4!)gPR9NJBjS`0xEXinP@T|cw+2CG%X$WU=W+YzX?k~#cddF>mIW_N{U`<t(
z8F)G&4CZdWdkG?m?U_2<pL{!xDuCF5`E7Z|O_lP9-mDMUF(xnAKJt5kg%2Dzq4Qr`
z03pt?^BZtS4%J~^EVORWm@)$tMVC0sYT*ipC!wf#D3$3Sh1NGiS%P<k@x!5s0SLn^
zuyB59b}hpk1kctq>~w1lG>D|}13^Y}g_kXuK2ydK&MZApkt<D0&mA}|!`)X9ds-bB
zi^i*oY$S79li@25rUS85L3}V>Nx+Xp^toBqbeFiqnwBdqP0Q_m%{A~HDkfK$0WvpN
z{7DF0kL5RnM1_m{Ko-2$jV@8<y?YG9{fX)P#<A>Q9BQ_<vW2mrNx6(NzabRw;)Yb9
zBx(%<%@rm-2iavuSKKWs2DRcW#6O1d_!ij?i>_jWIH4F+0cSDQqr_R946@?nvKBmg
ztEqE|$K`5kxti-!T@qmJrt9Ed=RnH&+xKL3eJl;@JHl^T!26xWD0VZb<*@|-SEx8C
z2Hd&~peeV!r4|OopI2vJ%im-%co$a~p6HanDb3)hbXtvRp4ORX9R*9Qv4$rSH)YW1
zOYH~D?Xt#zO6ILi;#Rq0>Hg|$nAG!A6932>FQ~`zH*8I1G`PYJv2+MQKJYX;z$uE`
z3cXTk0+C2MrkP8eYEAb%u6^-QES)*uyQtdWeo&{vywMbiP>W3i#?G+|Vrg#o)3`kj
zyq)h9=T{2@b9k<B9b_zJHsTCa-VCqU1@AT(+@{$H3k7e?c6<@9by#!3qN}JS#c7{_
zAtUq&q5HvxpFlfvr<fL|FL-n87DhM;2<LBD(K1x`PV4}N{GG_^zM>`6y?G2~@>)Wf
zt{YjV&$LWlV0A^-B9A68pG6m;blm#0-dzdGej|M({Qf2_t0(jke19#=WDaF|S<93c
z$^;{Z;)TdTG44(f;jIP@MQCC$pdS8|kv_I!R~%kYz9{^J@5~^=f$-Pw(g;_rW`qOy
z^;;>^)^MhFTBdR>(^kwB$0&u1h`j_e{X0YnKX(*o1EBhaGVReat!A0jB06viaEAHq
zeJw}6M#hW$_Giiz2sezVWpaeR1q~Bi2u0RP<DQABokPWik_7L=n8(}IQgeJ@B6zir
zx(8$0l~o$F@WEgYC{l>lEtq;xOZA$y>5XpExPBM6UT(6B^{axKM7Nn+7eGf-x8a+w
zt!6%&Q_)9rEA)une#I{Ah{0sdKL?&TGkTAv1&+oxDJGWY{k$y7-t8cPpCM6-<2>gq
z&KI+5DSM2!x+zyUuT}-pEf^l&>Smnpj~X!3;~3xN)#5JG)Udp~aqkNlvG*lX$6A8D
zV-f2e)RXmcXae>+=-9q$08%m6;uJiL2Y%n&mI3WEX!VO3l;}<*Ms33R%4<-+r><KI
zU3V)yYAx$4XsdN&N|!AEQ<1U4rG{ovsxgdmeje1{TuolQs)?}9X>5rBCPMfD(Ck{s
z4_&QNUACiK;W+iTAa#yDYtVfb)MtB02UpracaMy;f~}M*{3}!p=6dO<h0!DhN1~n?
z{O2r_n!ww3@!T-Q1v3|Jh{EGZ-6v@}L5E}Hl3Q>ZP^>%}6D9V(iqU#E%zO>X6X;7R
z`n&zxl9m_wX8Wjbeg)tBmVNVEP(Yz;&^M3JH%H$>!=3V4OoQs2N&RhPKaP!%z1o41
zeKS_83b)RF%^_}cc)vE`VnqL1#vU+upkmimdo*9-EcVN&F*&|K$04XU6?_FVsg))z
z2h41tp=;1_U#ZC)r|F8o$M=}c(0Gfh1+`RZYidxL?!U1zUaHKC)|U;DN_AzG;w2WX
zOb!o`obOJfAtV8PeT|_?ueVp{V|CLYW-xk8aW@-`Lm%hc--a5sN%4wZPa&<hu97oz
z`Qe)zGVtrw8Uy##G7Y|&Jl664Pub+ie~)#pT-`w%_l?*qd&iRa>rfd0SvpvI@5)L|
z{y|nH9U^lw&*DL(>{4fc>R=<_2V-@gx~xUS1D~}$>NF>*uc1zJTHYDY89;~WGs2(P
z2M=6fD_C6Oj4WQnUF)ArF5_82+|P?MsC~pdvpD9m@<J@mKdwQGC&Y%B8pX>ywP9(2
z9A6#c_;}>_RglQaIRwj@s3`^M!$l}86_gJbbn#8~3)(Rrl`m5tHeG%!i!|iG3DB5>
zpoj6A+zW|35{gWrNx7n`a`u@j@(p-X74GzH!=D)#1ufJSl+9e}F}rKvbl#okD9s^P
zH=x3Rf^4^2up^gW2C0V((t`7qTxM-h){4ZYZyh~{DS%=NuOpSFIBskpUUx}Zx!tep
zIk}iCoSA}OIfv5fw=nb<#t0)ncoXZLc!!G)S^PIViUT6Rc4|k!GE8@wI76<#UmrRa
z1(>2h)L|Nd(<PC#JuOS<(Z;`^TJVpnMG!}{HyB_7)zncsw4w=CI1zs}B>?lQnM{B2
zQmEaBic|a7Yx86%8ZB8Lz|s}AEm!fNwXa-jd0spycQZv=UWsROm}&r>i1!8JOl5+P
zDtACU^p^J2Texc0Ql-na-U4M+YO5NE-E*yen@D+6CrS>tWi9ZmA=C|k<(1dqBdmL*
zgt|vOb`M`wR1ZKt8wrpA5N9JZk2CVJRBh&=F~2HXV>u|7sTZy?@kW{EB#m?eYB1%N
zi&0-O-Kd|nO0D0|K9513u=YVcp7F%A=zcZ<<>82G7;^a)H7E<|tDcU6ZJXPU$A%L^
zA4IoDOe;~=T!5LfZ5wFEsAXtpi*Xvs^Z?2;>w-2kP<OeeZzXtfQcL8iQw_RHat8lp
zxUs|wyzL^l>O*RwGX6iI1ZY0a`){^z!xet0YruA?tN~xw3f=g}4<`NkkH6OF$Nv)g
z_-ne4zt)B+3OGNH&cAXDZSH)9ulR7MN7tYU^%^v4);gqhecq7`)O~tV_bElKBl=7E
zx-X#_gnleBM2{sWwXuZ0bSS0%mzEi5ETJ#qoDIg2M`0Xs5dXN4e|GWWeY`UEy4Gjo
zv9rv*tZ(-EQt}PU|3XUQh7?11VC(QIKp4NKx^Blk=ewq=%Cqpt)nkb@BiB~N`Mzzz
z0G{rW=B9pP#I=QCc+|^RwCpbC)Ge68<^zJdji0hz@Rp7jY+o-;&y{9pWfv?N9MjbE
z(+K~dKJwQmV2l|El-w<mK=7N)qRjH(P4w52Ejb69{H9{;pdTAE4^yu$(N=3Atk%L*
zBMY;%aJ&{S(!!UuaDx^e(!y#jOpVdr*TV5yxJV0M*1`>1ct{JYwJ<eSdtVF3YvCd-
zd|3-OXyG9(tk%L*llHzAj@QCPTKKXSZots7F%A9}9!CCwIf2WX#})nw8D0(G3R~GZ
zezUgjGnVgIMT>5A{N~%Ve}Y&cbgbqB=VI^>J088L;sfVFc2x-*IPD*1_|mBT6Sxm5
zc(ji3?Ql2cxlJ{^x9YB7+-5s`GIIwo9QR_tSX22e^9Z*06z{D|b8$ls2;N$w;4L@g
z`0rN-8z49LLZINHG4rf>r)QiP@E$Ahzi7spBj?;BmIahpXUA^^ak~&W8aLeE&&01N
zL4|KH=CH4yZ7(=t7*g<s30pqKZNlv#`|3OM#c?tD;!qQv*5CV+3$)m^G<#W^mTOy@
z&K0(5g3BWltm(P_$5Wu&W*%11@H4a|%!>ie*W?Va_j35-@Gh~MEZnPs567i%zvSR7
zL#t2$#=)#)NUCvl40rDiE@`+izjR0vZelsDsjG*yy2K?7NoMn0aflf`(&dXokaPQ(
zeMO(&g%#ujtB17AECLPx@0&rxf1!x>WA+|xQk=gA*TnHuu1i`3iiADg)xEmG-atU`
z7N_FcE^ph)dG7*IGfJ}dVfwfy5r?Fql~tf>c|K+<WQ+c(U)A)y>L^%NXYjn_D7e$$
zc`h{LZsxhe!L1*6HL|evV$q6PQrTY&Xe(gN^L^!Rvw1t`8w*k-n_KVfV+oFc(ACF+
z4$oo!>uy1FcDyLkTb=0Xi=|n#s9MDqzK&Z>zK3wWP_XQ}!JQJCHe3S%g9s(!@R#jf
z(#L!Y_uR!gRb8>fYE}`l=T73ia`0$En@;Yz{qQ(K8q~)rJ!0a~Nuk_oVYT`>_CKh1
ztI)(NhA$0FI{%76N?hRxoQ!oe`I@e^DRB4;O$9W2cWy)1kO4WivlHi1wC8p-j$8K(
zv6i<chAVs&H|&f@`M4sAF?uXGS4(zqy@ytD-VtQG#Fmn=MA?96AIoZB23%$b3^?B^
zgH~gX_NxT(nmlbGuA2byKV3&f8Pf_!A~0c|%Trce56={FHR5C)Q_cohv?-9=Iv3|Z
z6Xoh8tTk6y1TQF?>Qtia`}lff;o<L?vWilgcy40oC)4u2?_KB;P-a)3#MLfqDqazl
z#I1UyDbB5$kJ*Ilrlu9Val49^Tk`v!>d4ARxTv=(-(SNG%xm(ql<po8NwX?NTG~AA
z-G4<@v!(K;mOffb|7SQ|=@Xt>IsgX~=ld726}_0IJaR2mK`r%_NNQI_sGs_DB-N?(
z&_4Qun|<{4s6wSG&931kSfh-n7W*DV4cg&dh7+{Ak;-zGZI*KKDkJkpjf^LXOuVw~
zDs~fKh-7MPe+(AE$Q4eBVT+lnnX$t-4`T=4t+9Fn_bXoVKMcdH{6aiibjmQY1*{CY
zqxR9ewMCN*?;`eEqT<rZRX3ky`8cXv9Tc2S0~e?UtfMr{#1;O>h^P9XvXv2-CMl+?
z^*~$|No}E=s;!s$Z6wvKY^U`*dg!G5C-RW4ydQZOs{FN9D+(2(B2<j5m@uj7%F_BD
zS{nIKvhq;<)LD_#7{x&oY{bjhoGmbPAh388us+pok!><lIWoAyx9dWg_a)ZvWzV-@
zy(}H5JGsqMt#cjTYeve=t@<OaLp!Y#oyMae3|<ZmRoruE&?qmMSFK9VP;}i6>}UCO
zJ15Qs3X7;XTwznJvDSh^l&5RzRq7o>xKizuSv6q<Ey_diK$z`_WSO7{HH-zW&eK?H
zLsXv~ucT`kzJm<P+^b=N4=XLS70irEyD?3&L$h?N3nw>K&R2&YS}VsR4<==Q<e|N?
zy*h;DqQ@B*`VI9MHA8v3S}XfAk+M%!{1G}6m4a$bLb?}4ia%O;G#tG+5`B*{I`Zla
zB?lhl+PNf?=0tt@cBOlDbR|8HYOnQFT105%E5_=mhVU%WQh4QbRdmW6Eybnms;WnO
zvX<0W`M4@fySMT;c+lG4Jt9=JLCUib9eQ)PmibO)QRL0x%FM{aNM&N=p`UWM?&Wq`
zY?d-GlEtp{jyw!dI#%Jrz^9}r;f6W4vNzc;7g~>!X2kYUTac<v8_#4S7G4i;a)tNS
z#&S=YX&2?9P<9Rvwq4kJ&UcRUF=q_5KvQAVjUFy@N9C3n_jWe_zlF@!I)6dmz(ZFs
z_6lMk2bBH3Y`&1qr9+p3zc5#EaNPy`<2dT_-)(eqZ||SqLGT9bg1SYp)w)5~DC6GV
zHUH~S>b&Fdp2<irTkvK4V~o7v*^MX0pg8Qv54_8*><K@H`v+yhTquqY9E;=93kTu2
z&!s;z2={lm?$0E$urLwhm8&=`N5F{{a9ySXl?dLS3~K8Z%oSd*l)j+DQSyEZI}6fO
z;5L=;-U`s5$-Iyh#O?uy=wD5*EkU0E+L4xHFg5_I%#A+J;<PRbA7)|Ng?5+)67VET
z=!6U&`sjftSz6b#?`v?LMY+&If1c$#c*H5|B0S7eV9*Y;_-T4uNtI^#K8AetPqb{-
zX|2_~?Fi>Pp|93-Ui?;`5g$6*f^`d>YoQN?&$Vzq>kpv8;Gc%}iS^I3bf@xDkwYca
zpJ?&-mp|=gaQWl*T<8)$H}pArWZzhZZiP1_pj%-UE%!<z-|9hpgNzmA#n%%64k$4%
z1F6>_A(VOJ5q$j#cs;lo-noiN;*aw1s266@3sC=!7ErC_5tus<;_qQ)8boD+WL6+t
zTPNm{J7LCdkg*5L*eW{XXNFM5ns_WeB*>57f@L54m)ordx$q8*9sDf*Uc`Q{#NV^n
z?*;gK68k*^f8WD?PsHCm`#l<e4`RQE;_nRhdjS5n((nGyenN%otwZJWd$D|HU~rQs
zLeZ4J;t=Z}Y{IwB-A-?fXK&?&p!pmpv>Tg*>)sXLOUGl8LxT3;J;6c20l}=`?ZM%}
zzQK%OZ;HKBi%kpm3$_oo3#JBp25$|f2Q5KsuoJ|ZA=U)3<i!K22DxBUh>eHX7>dpH
zFU><fWXGsZo@+t(@?2}8t#UE{@}7>61@#6`SL9M!7h?%Mun#QzJk=n-dk#AS<#K-~
zzXDIuS>5~Pr-*u$JQDIp^K+Dc{OPpL>$aw`Lz#FGla39QCg3U#=n$1|7rN2*qgM);
zztEMSIhk~LF^$PjUTP`{CT~s0rS0o>(8}B1Q^pE0)}fa2-YseQIkq~_;b1(4cs1&D
z-J!9}v-WjHJYa<D*?2N1IA9G(5cK!%J;u?;_8!f57)^hoX-fC)P8jan17+-c89=g%
z);?*u>m8U}egpE9ipEQcO`XzYlT$p_J-|Ixg8Ev`WIMO6MBMT@9i_}JTWjQU_Ec^$
zx~DkBsQ|y<Y0V=Ta8nXjb)jnWE&RawsqVH;u`8D}6yO=kPF3O5Se$POc3?ZbpuX|)
z3udM_=dt!RoyBIEiM}6>W|oWhSW|I-Gz+GOJ#xtHzPKfD#^jPbW?ss{EsfmnS8~Ol
zg}}8K!M4u{DtUWu)p?wh22NWXE51=xTv-4;1kb$MgLj0_2fM5$(d@#*kU)p`7C{D$
z-gS*0Zou01ajV|Jo-r^d)$<j<;hKI$??;kz*Nk`(Dm&wo#&6V?@@~PC*LcQ<7r%1B
zBy~eLo*Qxq7xwPw{ey4?)gVuf!L`#;)K#)Y(?4hloe4EuLLX?v#Ys)(p9;31JuWP-
zON6pxnf-}x@M3N%olsK-Fiz7ETmDIKGhI&chp}C0N4l(1FZkwvz<M{o(SfpHbPN+y
zyu7m=iK$DOAP|1&TTVAzgxaZ}JON6AC+pnt>|%@d>rxHWUD>7;q};Ei#Dr5IGDnL%
z`x)zCjrXrq-nWA*jHCUby}aMFi@3+%)1FzLSrlxJ{xG1Er1G}??$m-Mt&(Hh6)wrt
zDp#_bbD?6fb~$*2PMB{Yb{q$7JQ~WBY=uzfSJdLt#h3U8nZg1sauMA-;5`zcAwY*R
z^TrG4(w|%10r&loyAz;~6L$;ZbskUge<QzZpxY{7U^k5P_sepLwRnmaySZ4JSt-Az
zmZ^BWmexERt4-Dq6LK;uL+39{34&SzgM6yXcHKR2NWqeUP>VCerNn`}B)~gOxOIY@
zz1r2!7~B_KfRHJ;CJeZB+sO<Bm@L=dGhR@OaTmiPtWfcsC%5u6L4bDh_Sra!&xRk9
z@CWE9_B{NN2S4oi!_HX@oQ1b=mb^61GCl+19>hOm)8J381+y5u#}WkN*V!e7T~`3%
z-uc<3&aTUQ_r`;TSu5eME9-gqdr#I|@OMJi$Jty`Vb_%g)EASU>H0kT@nYAv*pFAc
zehfe8-7S=JOX#tj9?L_I$LaBS=&^zxQHver@7YyYQH)g$rso1@b`BeV)C%G*dH>Bf
z!{q9xgk0m#xyEahTP=nr3bt>cuTWEPg|9(x*P0_ZTrxp(*r7QxT+#v=yWv6FHn=D+
z0m8Y)D?ylv4(`(jy2!>p<!a;nyy9nE_vSVai*ZWJO%DGk)fVvd;H6<%Fc$!Q5_BnN
zlbRJZD5|(sZanEF#^*c50rt;~$|LY7Oey81QCUvuK9j?%#w<x@=i1?Sllc~>cv!)8
za}4)Fm<#lC#hrrpcy+FSh%w*6&EA^N%`JkF{Lh6n8Q7c8&DjqB55fOEVGll#?`=Dd
zUhv}+^j?<FJ$#vBkJho+_dcwn*q`&cS?4gKGya*sCzNsVo0NSnd-pWtIt5>-$mjB}
zKzJ3xAM&}w5FWws9E6ZIrzD>X7DK2&I#8Z-5yE|t4&f0De}WLw=InxeU&H?+@c)3Y
zVru~z3~a6Dd=C2HoD=Zkad_c-cmcv7JkQ++Uzr0D`QJeTL>z%I2+wo(j&1ynW$=Ga
z8N@@a4sU^Y_#K4bbGMvhsO9g31c*EWzk~35ZU8Akj(mtb3=v1*cd!hQShhFUR_4ym
z6>D<42S)i#c9=w&Tp(k-0h2>KRFD6pwocn&C+9lsupM%6qYgo?49F#@J3J@(DPQGI
zIpOMljJE}r-s|8tg9hNV9rBEH`5!e3E3PBsEOhYVbzqtf@c&lc@34cw6$0ntUE-%!
zoCETM@x;*lKD?jA^Q%@1;a9VHp;HK)iVbFFo)tkfZbMep+h9Q&%Ii&6QQU9E1yy{}
zDJ_NZ@<?VSc7@Mt%hb#w^!+xBmvXb1n@1DOvPNfCM$XSpS(0gTbw4eL)j~jyA1Nhn
z6}Y!+yoXeQd#`4sn79?RgABZJWxrSiqpO{Jv6%OML1pjAt(>H?t1o{#*}|aUjv}*<
zlOBR0e7VJCyXx+NUQ${{zUSSVhS8SLWmf0pcTeK{Ly#t#ar|wLmzywqIEdG-u4>dC
z2gf6c!__{EOInE6b+TJTyKm<|KdR{i<ffq~4OsgH@iI)Z;&^Yhk=&}4LDw4uN&>)g
zW<Xd$h;?x}wJ_wkxFNLyOlnc7y|<Q7mU5t%9uveLaJ+@@)QF~LoF&H$bH`?=uB3ue
z*({Ytg&a_>a!9#y55^b7>X3b|*&*hlG&iH{hPU`s0h9zT38a~J$X)Ojr{NBZ%XZYW
z2On~6r`&guPa?a4dA7<iI6$OZ84cX503tc54xGf&(djT9!MhD!zwFu0w75G@w9uTG
zh@ihsH@l2id2zg@-p~c2^QG<}I+x#CuGY67#KjJF3zbWH#Edr7uI@(xRugZlm_ItK
zP9?Z{bOv1wl%ZpMX24~;z^z1YJx~<1^WuhmJ<{K^Be0W;8z#Gq#{g`Q;%D9WyR-vt
zKUKFt-7DyVYCG_nU|I}8&sY}F>RjR!vw{nJxZ?_XSHI6KhLC?Ayg(S=NF?V@w%wky
z=qxDs1Pm_dZfk_UXE&e;1C^;8(sZY>)dv%i$X^5PX#g1UGM<11xW{wOC3WVdF=kiy
z<GinYSu@fAPsxL-$|9#+P9MYR$v`ZP%XozsXPSk;Po`Ysb(e@5bM)n){=qAT_cF+x
zx|gFrz%ab*Y9YK6wR;sETdRq4N!=m<$AOSp;Nk<y0M56K^qninnqO2QP}_2CSKKXK
z;yD*xc6$^HHLvx}26Qq-4WC0L><nWqVh8^%!A0bxPuzkP6A$tM6~6Gz{2|aMS_9{~
zdn1i;m1Qbs3#Ntr1#y-H_&>_RC4oYcMC&2Qthu%-&j~_0O|VtEITyMNs+ChT0{CGd
zYQnFF!9XmeZop`*)5}Bt3)p=|FgNix|HI#OyD8{Y($X2_)gH3q!z+#;Dz_W%Bt}I&
z*%5ROazdGB#eTm<pLq5bc637A0;(+Uk86{aVL;2jNDirs!JvD`-~Xe(_6l92G#;k~
zUt*Q~DW<o2MXpi$dkQUk?EQN$x|$9xQ{?9<uD{IU<W|EB6gK17)k?7tLi^*@PUf{n
zPYix*yvlnQspPHch#d1kJiF*gJko-^Q3Y1)Ro9FilSfWL<=fyJ&|}&oy6}EeeB~h%
zR6Ukgx0l+}G+}EAxxac)e;*-z(>+SE-vYwWGYsW5I%R5(HofieNTj$m7>~{<)URCr
z`KdV4#D37!AZ4dvehwM0RdbkEXQ$x~A|}7Hv8g7k=_aiz`2~o;GQILH^Q9FFrN{7U
z!Ct*SmZ#Ofh5S}55M<>Zzco^a@mr(DW9>dg=Bo-6cQvz8wMco11M^HCQ|68!j4M3+
zPb{kp7(MMBXb;;A+0rR4wg^&uXmC*{!Pp_FXp1cgX~Bcx@rk5&Jj{$qr{B7Uhj#|X
za4!~Z4XqEv^AcI1Ch}rDI-eA)fS5GWq6TnABMmXxwl8Q06B>)S1J`RM)6QI9k>?gX
zUI60cJYO15OA<r1Ik`qa9BFY>78!9nIzm;D>?(duvZv`kRv(Y>V2Iv^hQc%<2C5+4
zpAMtx7`*BDkUJCiF;nPnU%vy?iE8xa!}-t_Q=FLYz1qaXMcsBhG))?kg%=yMPv)gY
z`ML7<f9-XgoU#ce>lJG+QLi}nx~^BOX-U0e)7xw&Yi9l8Ns8^iClo8!WE-?!=bNF&
z+I_%yIK+4d=Np-yp}VX7^HlNi>R?kEr7O6=-POKwnuvoiKF&RN2Q5_M1Q9q)DYXDg
z9%oZ^r9CAf^*;dhHJOzPo+8YT<|o!4+ChJShHVw<4*5(EX+k@QEUKfuu+kInU2ZYB
zb9KF@PCjV}_nJEDHH+yI>Rs<quR))h*eULe)pZ(Gp0mEGA(#l+gD{KST5#?aL)h@2
zdXXyUu4lby?B7{0+O(AQqR*D12RSFoOYthZTf8q;R2pGM#&1VXW46j8sZ=n1K2++!
zlf?#*GU|@-Z{W{J|LbI+{%6$nKV#$lkKG5wDnARQ1TfkYAh6dAf$2N8F*)JGVlUg3
zKnAaD9SSuKO~=tXx63~Xbg@Gfx!gyOnBAT6+^p}g=O)2>r-3c3Tpt@x;>GtJ=!mg`
z_`RThP0KnFGw#jARi9Qsh8Gc<zbw%^?bDjp1bv7D{zr7kl`h8|`E7TnhiY;Mo{w5!
zcA%?;EJ583<#IKt@MMJ@_u;5SK5a)bzqX-xXl?C1&-R?mO7@<6JJzI4i1@AO_NRzl
z-V6<c7qeQ!Z?(a3=WViSE(taVdYBv+JVJ#yf{W+}pi4O<=#?YV9OB3{F+1&-O0~7V
zKidBxonX)kiT07f&M;`SAy-95WbWOj==;=#B7oOcivIIyQ~f2kh<N(qy`ihhU!&A2
z`EPGCer>*ZuUfA>qs$)~u@#y~4jg^Bmq4`EZ!b@5X3<vajV$>W=I<Mb&92h*rFm3>
zQn|;yZ25>*V5ehQ+TN@AQ7V-u?x<p30ITHr^s|_kW}5Al#YRsnEPe;Ne!AGZ)NEMZ
zESSWryYS~SGuqe1{H1~fNvh_h?cuc0&J24VP0!gDX+-;hBa%JwndLAXC4uUg#!JaN
z(F=huDUOvbmF`!?D?sV;d7ud*mfS8nfm|uu&B1@cj;O7tvJr<X{D$gF5#iTZhJo-R
zSNMpDR(YAb5a99!9L`jx%iXreg%G$l4YTB0&<1o29qI&z-6H3FrZQ*Ocmilm{woH_
zv_jnueY)SPdL<0LnI(&D*~+k)1n_Y&Am8!lI#qcdPkq36Io1Gm^~^&bSa0xCa?ooh
zx7tZY5@(b#v4-gNMKrv_k@FsF8XG!0hlb7&KlIy)6A#}qBRir8V`z{MO>rP3D_|vv
zU2Dobb)YAad#(#gLbTuCVwQ5uwhGSwJs$a(0`*DUsqBbh?Up6Kc~kw0O#CZU1dj!<
z3|zaY3?ND6fBg+|{3D#Bd7B0~{_-m1@P%_MPC+rZ#5#$*wj4ms)9<pjkz0Ll(Z2~Q
zzg+ZX9c_b8(mC97---SoYwc(Wf+xSjKKGO%;d=1xQ3>9zqb7g$ah)2nC(DUyQ?$8S
zh3A`~aToukUgPreppN<qoq_t?|0k%A2VOvaMb6@U|E38w9*&=XUDcMQw|0$sQGWa1
z@Y<c><jc2WCoI+F$lM`6ccM-uXD4;?J1|r!TsZqno$D84>l;At+_g{!Q>Um52z=5z
zkmKucj+Wi)ldyjW8Qu$LIM$&7i68$0ImB>|hq^`Asn1$So)J!-WUYt$8F}zWkb@8B
z=x{S@qw(m$?W4VxsP6$AjF-Rug0=a0U7K@-@kjympK54#&-{p=#d*NNn%j8=x)TgG
zpumcW7yZ0Z%r)~byTpE5cqzxQ*2oq1!aWhYs&qkG($J71sr=`vs_NY}a?c&Q&a|fl
z`TZ{~24%<f`WY5p4Q23ShUs|t<qJBULt15_bq%q5#7pEr?-HxMiKiv)bLkWA;8$!z
zsjZ(7OQWG|kacvLa-^2(J-Z6)offJ0Ef9GhMRtiqTBDp!`dI;g-efTZS45>eLx+;&
za!e@*-lh3nO_e`d!q%>8UQIP<k>h384#?F(dz>T>#>c3gPc3P#JZ}kW<y3jPM(9Hz
z6tzAzJ~TL`yI`1c;4sq$Gp?`1vA)=WgNvt?vJ7|h)m`++70#vo{T$NUyn%$ZMuBtg
za!EE+2S?_G2RBuA<QWW_rO{Jca4;*yDf=t*b6W!n<g`XWc?<)HorV*%nc@Ret@c<P
z_}h}akZ&q$L6<1FY;N=mb3Bgi=jIKUdS;;9&C=v<Dq9U$H?01MG4hXkp+YNVv@RiM
zK3}KeCD`5?qkFQqrirID9pUHwPlOrY=P)tisCfnl>EAx_m(bg>?#{pP_E)j&Z9Eo^
z-iwtE+Tp(tkrr=+h?stn$Xgl_lQ!5|ltYGSDu-UG!{)<**IOL}gsO>9v~OU}_Xmv-
z)AnZpq35Crp#;d1&#bFcp}V9uai?N#oSguoY%Uf^#b&dRpI|n4$Pa7*juiC8QQiwx
zD&ZF^)ln-8T6V04f=1S3AvR5G%BayF_s8i1iX+&4EVwD0rskzJR1#=F@zEKm<_lhI
zwC#_}{nyk{XGsG&D8NXe+!NI@$K@CQu4RzV^nm34MkYAZ<PpnNrl*DT!obn>`#Keu
z3W3^89<s;Rqqgql$mceKhM@dph|UoAnw9}cm|<*Ew${thxhz7WO(xo1*2_@-f{w&b
zSf_$|Inw?bs?$?Fft{!7)B61r2IzGaEcswBNX~KjXQ2y^^LWw+vYl~>$7KKe8VQ$p
zPEP9+I$NP<Gjt>s(Wi)$nBcWU3tsp*o~GamJJ5i@=~n^@<Jf?6<pLAD;R!bi-lG)R
zKO%Vh>1W~Gb35qp>~-z*r$v5r1J1wCD<3r&XclSH^fWmK@+gn0^wEL~q}`zXQbfB!
zQ*KC`%F^Dzv{0dxS6CX)(*7Bh_IH-nlcjwYmG%)!v#_+HsPBEj(k@p}T5;5SXz~zU
zkw4b4irgVDSq~M#lj6~sEYL<wn64Ge;~|ezl$FU>>t}m0lnpps&RmbU$;$Eu+0NAJ
zs5RB7?XRs5?{gt)@~L%Ds)7b|YW1bsvX0UD2_wDR#_NV;n6|J{4)j43H*w)%&m!Nn
zlnr}X^5cEjB>(f5QX}grV`#|J+}gG9E>FPOllqOk?HQOokvM_TP+PM^8!Gv|^Qx+?
z20Wl!_Ip5EZ^MhHX^GEp-`3E58}N<2f>?=*mA!)KABU!lO>s<o5UA-_Km{oQm7cKM
zceeO<R5#!B$L*MGhkD>XKJ$5&9(V5=bjdZ$!j~4M260hlSQ?}<e?#KJjHvmlKTg!%
z7w<L0yEirRu6S=cy{BLAXFm6#9+#mWF8>@0beYU@`Pyx4vg#{x$K{Hbp#$PVI*E*r
z?0CS-Y8CwGdjTqIPhjq+UMzBez)urLnDJ7iR9x{Shxnmo_D0rEuSTtl_=-GDozndF
z&VlojJ-xk)lZ~EuZ5awzko_s~AOQI<Qw`|`GcyimD`OwL5(fe)J8h&isKS8_o(gS&
ziY8j)1e;-$$BDcD{}TMmQ)NpZv@N;|B0OgtYKfGc?6g%ZfGOjMv>dULwKtHufEl(5
zYKhBM;W@87rcx7!$$s$5=ToxikO(fvr6~B)P>nCD<ean7e8C(_Om9DMdNLj3%F^$x
z`X^eLK@xI~G)TsJ;Gr%H=bIaYJNa|Wv@UZF+RN3~K&!!RQ0MY)OAYp|xBe1dF*qYv
z+=&f1)tZVKp;Wk!v?LChbXkTxf2e_0Ob&0TQZ-AQ=pl9p8)66g^)@C5tJsP>TEHlD
zzC#FL&UX{K>O&J5%G0GS^LpX8Msn2P#JQ*D&E@1mx*vfu^Eb1rhJa#oM<hSai<N5z
zjpC)0&{yy47|HWD%yTG|=b_{<p?5k(GT}I>d=knu<E9Xy54(r?W0LYhD1AUun8@;5
z!Wr%gdMNb^tzy<L;UsJDeo6|o#_3rFrY`78OTNxf9(NWVhq6#<df_c#H8AI)mu7L{
zuYJ@lOtLI2-&E$4MY1Q`WTL@6wdp!@P-w=j1o3Qi`vd<dNTE3oZ`x$w=V!^z2zo{f
z`uzK7YV_pwC?2PTmoQ;+bb?ZFT~!;d$BqqMC>D{u9xk&;8e!pmI{=|TUcWqTm5a!T
zAcVQ0s>&kSAvveC82bF;WY5DnnJ05HRR>;p;j8q_=KcLQJ{7&~ReG2f_?xfNE%1L(
zn}7@a-%Gk}uU9Cp{{<E&w+GEfVQwzQfSj<_Ix4prIUgE@XkT+b&-;_<Bw42Ft!u(_
z&RR@K!`)`|-X@?*gFc<`H#2Z_8H;#hwYnR!FKo;E2akFh`$WI>ys=I_#rsXGp{pDB
zgznVR_8N`bgJ<#Mo`-PX_Bf2V0?pp;Zx>!3JU;~Mbr4rv3-1FB(<tYHyv3`CzILdk
z(g=`OH4D~aO>#svB(JQsnBi}NTI#aZc+Lk`qY%cOC6_cgE%*XpF~=8%60P;+CEpR0
zTYNewr`8Z`ou6W``TlZF#qfuV2_PQsL3%A+(!*&QW}I(3a_v}JP(CfMhg=wb0AYjm
z-(gYXRY?9z!;+oS!uAeZ30ivGScKn+J!U9%kKFE!iSS!B5f0;9NPd@u<ae;Sp5SNj
z2Kql5<nqtQf#u(~>IW8-)DOHAXTTB24Go*}Y$Vyhk_Wv+Lk<e|&=3{9ZTi*V_{ab?
zatqr!eQGM(Hd&^H3n0wb?T2dniOVzOpY2Qx-}4EIVIIWr781jWPs8x4?ttkPx9Swh
z^%Uc3@{;y6Z!A-f;c<G>d0<3c&XJytO5~Sx9nry05;O-vv~<`=-uJ?J--En7%N$&a
zBLmFq<#AN1gMzdm17>_M0qXJ%OhKgu`juYDcGt&oh9KX7yn6~God={#fNa->Ir3!h
zM+wpMPCzr3A-ox<!t&^YEwoAmf7(p+><|+wYWZf`gz5!R_=&A7M+bNezN^2Fj_vOc
zGo$0~@D}^XmC>^1frHdR{<>1vL9#1J*34a{lQn%PuD_4P$scxOTkLDkv+nRFgu45U
zfalTT7Sv9u6)z2uBew<tjjvYpGJqO1N?(k92dEhB^u_q%3Kc_nN>_}v6xY8_>$}~x
zVst!@n_s7ZYd50xhwNkI@JmDv+4(U>?u<sRHRijI#hqHg;?Q0}&S7z~7S|l(G9gYV
zEiHQTee`0<vyA~5x==loKTSMBdounMdv*^4GcE@Xxqg}GypLsQu9ZQ-IH=lWkS1c0
zAel;O*@Gr?nEoh`QhKON)VR(uY@J#-NDKQx7}3vlc*nrdC&fl#{ZK(etf%iMaNaM_
zVV%bcyVR${dJx6+f1bt3o4PQpKRX-7`U%X|mXUj?K!>%Fk$cIf!}aVXihHs^7xyiT
zTT-CIy7-bFYfCiNe6tYN`y4u~|G?-BDbQiP^b*7R%C*L^zTQ-a_0gXhwuiKEj}~tK
zIl&Mu&vkekJ&E<;u2|L(?wY-X&t1!Pa38x!<!w=@gL~ISHY~9?d8C!WJ@n@=+<4qr
z{wE`cUkbzhJR>)#PzUWY7T0XKE^Y>kYrb3u_qdCCxXsaUf7>Jk_cXf>?oN!(-eo$t
zTU=ytKXtWnxSwsJgZuFygZEJ_oUDcSL74xGc$*sX_wuC;0bgBC2<={~1AOiUD)DP8
zb%0Nxxc(orIQfT84DkJD!hkQuY&J%2`BEL=9T~Y}D|ND@Ig9(tQXSwm6%_aCQXSww
zRp<dviw1nUIRyCSJ9U76#OOS{R0sHL6%6o{+QtFD*{lQHaE1X~t+22{3uWa7{2kkX
zzb#7|!riuv_5US0xQ(p5y;tbqK6{?v&Sr7)?2ZiXd?gGw?&Qfk_YgVD5*^$h)2k`s
z3LV_9v$!5hbZ|e-;(9I7!M)(T9`4j=xNG7=aQg=9;2y&0Tw1JyyZ3np_us1<hx`3_
z9o&DA8N8wvuF%3K<QwsKf~PsRE*kJRo@@yC+HctTpC|R_f6h^fH!arzzJ%iXm$Nwe
z`YjCbE2qPNi!=r@a&J7T1Kh#L_0i;VGU*#EZsU_Wz}vF8FP_u^9(PU;cvdvvtK&j|
zClAsAUUrt~tb9@j_@=WA@cvbe13oxT2YA|P25_ntTC~u7I>O(0mt;FU<;f2mYT<m3
zJ*%pmC7!czTv7s;)MBgtzG%AL;i}8OFfFtgRXPk^`5H=x(XI?HE=)ytW{cLcB?O^#
z8|tnOsb`^-oo<ueJy89jV{p2a;oHTT>E7#2JS}u5zyvWK7nnwAgdCEoP|VJXx}=!*
z4lX@xztJ^t|6sQr-v5@x5PU^D75Kw+wpHd^k!sNC-@tFuD6?+|KtVfZxT3=0R)#Bz
z@wzUGo=Dxci@4;8MLMRt>1SfF?-nrz8{}sbsTY5u=#vY3h4@TGv#JYU6NNh#>G<s1
zAe+@{@-dCZe-<}-k&e$kVsZB@((&1A!5ipgX|W+b`<G3}XOA*E?H1|yY;2J6+0C;W
z=d=AWz-LyC&o-Q7eD$FguGPXfPwMnvrgPs+_;Toss3q!Vqj<>}1@YDe(Gc(XiU4Z8
zPzUjbGlb>Bg$&|vB?fWkNs3;vAPn&dg!oxTVc!BB#0$=_VM&vTw;*&6v$*pMbP$hZ
zaTgZoARch$2CCR5V+dj)O9yd0qqBa24&sXngLvbN#vz_()ImJ<1cNkJ3v;w^FogOW
zW9sAGK7w}=>SiPB!F`V>8t%zE39Ns3bZ`p_;c8|e$TOa1aBn$I(Jeh;xX&Wow=fFR
zJUX}&h(gMU#X7hz$rM-M(ZPL$#jW({;QmU!fhsoA5Q6)=+jVgNiP7ObI=H<ugL}lI
zjl&&l(7}D`7=!mmEj*xwyN^Y~ZND*pn;P=>iTTlhS8OM^Zg=YdKXjUq{gaykUbC73
ze)lno{_FfO;4%XKKBI7Xz7Fs|5`~o7Cv+lYC5z+SI>2YMxFoj@@cU2SKo$F;?ne#q
zNBipl@5<;LoUa4C<!J`^caJm<`13$247leg1Nbp5oTh~j9{nx+9ovAv-SeX1UQtS5
zmCn<_{pcyeHGMvV`{`8-?&C)&y6?O&+!qn<yBG!EJRRKKh(gN07U|$_#p2$ar-NIi
zK_KO=c{;d*KixnTn|(b5ckOLDxYsi})92~ne)}f|_ssmp;qH802Y37t25;SuEUeVR
zb3gtj{!Z|W;?_k29{YGS;Fc1CYuw{Hz^j>{UjH})yzNsA@W+3o=)l}C;FSpY?qZ^l
z{J0MAbwnX$0viFo?0`VN#p3!rt^@p87MJ<B4)7;W-ar+*el-NR*jESmP)4U}t`6|N
zCmG<iQyT~T<EuKrU;2Ro?AJn{7B2na#{AtOf_E!#b(|;fB4>#P{P{W2fWNVg;QDEf
z4)9ec2-%@?8Q^OR8Q_K=C^~OW7;wBwL4J@?czccxa2jv?DNPsXI6RZZeK|)5_{}V?
zXpRo>CMWcOr$+<+Ol=78)Jz@V`)P1Vd1{Uh@W62fxHzS8z#X+Zz^&gifZJ<fvKA(O
zuLnGT%?<I6_vBrwk9Vip(RlaSN@#gz>+o*FhQ<T48Qxi5hWDDo6n*ruFy1DlaCQq(
zxNWu$@BJj}Q~u-DjhF!zH*&TP?|-wnyxBUu|9ni3cSbbc?Q24KukEA5dm5wDdbSR4
z8gHOBZ69tN@3Lwg-k*NQ@cow-zN3Y&es@E>qvf}`f&Bh-Ry5jy0AZEzm=5iCj}olY
zA7g0mT*1)p^c_Xdn-xa87RAYOMxl6?4(&&XLds+Fb>d_Ui#s|?hxT18?)WSn+C7fy
z(Y8mU{eD#l?E$@YXjjqDlCpM|4($_17~1bmY8>q;RXVhXe#_9kQwwj`!rtHhvixpj
ze$%wx{ATFPXtc)^5mtYmsY81p8y0J4GPEZYFtk5CMA4?1VYE4<ki;n5J5z^t4axbG
z4%#S)(eh6$Zr)5C+GQ-xJyVDFrXTfa=S8D!uMDC6bx$4IBBL{4rVee-j|}a>4>gYV
zl`A^54;^Ia?$N^ST3B?j!ThFyzAa`(A$;=DXoN3($>x7EbO?XT#PZ8C7{ay77{a3u
zQuJGoh7lf)6h2@St~{zk_)kP3<wqv(zifxdd0Cugh7RF5EUx7Y9l{U%a07k&$IBsv
zXY|k^+>OyW^r#NuRzEO=4?oyA!Y^FbA-v!KLv*$l=4;`^1HVZh!TDr8z~@ho2E1Ss
z!BsL{2l({w3E6IsGQh>94De(7DLQj{81NxT;Z8=OaJmlgu0$ba^&B1GEm_<f({+H?
z(Fl<8*XcUI&m6wNeDbkNA;4?8>i}QJ=sYrA2l!iu8Q?P}G!A&DOFF>g_A`L5?_=Q=
zEj+vLH|pE<;5I!H4R_KPtp7ivgS&<a<_(W9xZ5pZaL?OE(OdGvaF0X^-~5Ltq&%X7
zdp%J|>8Fi)HzAB~v$%{$bZ|e%;`%<KgM0CJH_*51E`;EII$a0%Fh-|3UkCSX-!Zta
z-rqRfpIp$v{l~ow-e<M&DJ@*K_czZc>jD14v}nNJ+(>Ypnx+GM^|yrVuzUviyH7H}
zje9Bj?rCAbha!cEjKVw9bb!-%<4-v<O9yyg7Pont4)6{vE-+08c++ohFrV~SgaB{b
zO$Yb^8ckAGP16Cs<q!k>>H8W7d`N{3@Gj*H;G4BDMGKpk|7LwVsh<8fwVwX>In)29
z>h(W17#^6a>3>gX`d=B-|E7cipF;ZI2B!Z_)$4yG>{FhesRKN~;zmx@>whdRZ>nDZ
zJ9q<qyZ!mF{?|pX|1mnPr|R{;gPQ&~{ulJWb9()6kEZ`=;X7LR>Ym@KZ`Z^7<A<a1
z-n^dBikqUt`yU4g*!(FB@9hg2-f4R%dhWwvydOdeOBsc&59{!rMif$RpP>`rceA)3
zAJ*YLn8h7^SciA_12@pO|8+Kmca~L$_Z1pjQvUw14sRN7P@f&wINp=b>hN}c!|)xX
zh5fX!=QlURyTSb3zB*c-WKWKUJ8vC<^~cFNxU<;6ST&i!ecu8G_eZ-a+Bi83_h_Wh
zf>F3<vJURbeN2(o#=*7-<8c-@XR;3N-7N0$$vU_<?z_SKeelmAxOa5Y!Tl7YbH`*I
z+%(=mZ3c{O9PW!j9o+kOF?e@rVX+o&+VyMX$z6EFr4?>|<b}aj-g@0aJ5dis1AgRF
zf~(6U9pI%*Qa?3`0WP~4;Pzb<z2>1X;13{$*BFHp59t8+5rq`#5uH4FoW<2Wqyzjx
z7H62G16<g9gFS_>&x8OU-%$s63Zql<kPdJfZ=g0i#xxH2iZeREr+&=<o}h*IXrb%t
z-!`ADH(XAg7>)MhpAc5-C+g6?ubf~_Ww^*s&Sz+se?`%qCWg_zm*hXA;F+jHyA4rD
zvE}R7JC?<*nW#hiJPimb&rj5$eYorf^T~-y2<<bs=+OQLqceV@4(%7p7}^hvZXE4a
ziVp3{oebS`T6jtef85zXKS6u#Fi)pM+i`f3<q5CgnJhGbGK5XEy@PKqvfsdw!txzt
zJ4Z&}rSd<YLNkP_;HUcYaiR0}oBpG!g16Md4%FlMXS5IV9d@_GDQ$C!$5ZI&)Cdou
zll8Xd!AWOt4&1^s7eeyv|EQ|ofywKe>mAc32PQ|@r;eGzN8@{=ad#@7$xg#-^ysb{
zf*1Y!rlP+fJa?Ue?qpwyVTa^jLXR#y;t?$`$o~BntU@Q=59*PBzF7mJEZ%^=8yw^Z
zBRf?Phh~Hzt!F<^#|Py<Y({KKELdoC(=7g|Wml>a!uPH6WRQ@h9u4_}8fMnccat%@
zzj+YZK4L<37ab3L71ERye@5p`EJDJFx#0-+GBh)sWY(VMDq|x_Qxrb(Fisg5c@UJ|
zk%vJ_$H+q;C7B**p`sHzTP&G%7G<6mbYAx57KV`L9AvX~n;4rps{MJYcsH=w293=e
z)xIKLJj6JSlZO_9>=h3MH?E1`hfWY)KYJ5-xW?nS-^qC}py^x<Fn)~6KRYUaS|j;E
z;NN9%$H||zibuB=Q0ONI=>0?Fd6%1v?$*$I(f>u{tf{<rMx6G7Fn|t=YW7vjEp&nq
zX6Cv*bR*V&!x#1&ZHIrK$1GHbdo9#8w?^%MTLi4eRq_N&R<n3*v*fZm1?f(_u1xjx
z^^Y?;CA-OC+q0mZOX4kJIq<I_4JyOb7CgG>-s3r+S)Qo|<LL<abY2{YzHh`a7I8!}
zb=iyZVgnwjUY=_3baQx@L1j_}a<>$zOna70{x_Qc2@lX7VmtrLAY|~K|6n~+BlT><
zOUqT{9BFx4P>QPbr>wolt+W_|Yf*lU4OKW5rC8{CE(p=Jp(@QWsk=H}!SfIf@!W8!
zUj=VF;J%mlRl3u~3hz;)rz0;`M4xXq@U}hfIJ9B8gnw?uQxg7pW;9r&1Hot?ChmtG
z3?vUANjx*_>4Nr`;z4-=(HLPFE}AZ=%?8d)ba!FCZZz9uAVS8J;t}zjtUerPpiG{_
zQntxfJbxd)DxTrJgUSq^QfLBkOd=G=b1t|s?9WQP#7npHwyW;u@_7>XvFPMwE5>7}
zmqt$Ad4BQ-b_r#!@+rPmB8dAOz;?o>M|))j&1a6hhN#@kuP8Eq3`14bPw2!evlI=5
z7ERl$3dU{0rb6a6VZ}B~cZo+KOXijw=@FAd{o2uSAFg$blzJXTw`*OTqKx3)oWDl!
zqxae$<$DZtGfY;l^caZGv!2tzc(PxP%gH<&?1VW+Q?bf`t(@X1Ufhx^R>->_Lq`+E
z4soALl%3-7$npD#eHc6cJ8-DkGY{{rUDXCgQLzXlU)u+Cl21w)7|*>J^1=mzNcYIC
zOBkR}1jf5pMvw=NlRYWCuiQOb-uG^q3gb^Glg^*lv9Vzl1Pub^bN@sIqJLLX0*=V9
zT!kU1D@1%A$%mp@E@AoFYWY6-^CcR(2X0L;d}s_)_eS2Lb5U#Pt&{^}bqda+9i%S&
z?S9?4sHqg!e<O>Nf2xI2ya^GvMd;y4YuV09QLA(%Qq4<_sES9^B0k*0w1%}>_@)-V
zyrtoJI*T;XOt+V^G01kv(?<Qud$q~JnY=&l#C_Nji7)fUfO-to=Hz<zqQ0HjsU9-3
zSF+%h)%sVYcrgK(1l?^V1lw`z;#VgGTSYmTN{~ChU@_>#iod^bPc(Al-X-K-y+?=K
zo!beynfK|CyOrYl7qB?_y&A3kYQ}`=p}$%=p6K<zZvtz-OMhbRw>W?&&#G`h@eaPS
z?nZhNnQYZ@&&3knr*Ldox)hbAI!IB@YQ`A11{ms{Ak2^USILJA4Th!i1Ba$^g?})R
zz2WJ5dl|UyptOW+22oKA+1TeuvlDX$&NgwrFPLhHoiBwh<~_>W4snHaQO{x%vzVBG
zcai8V_2i~g;|%C%JkdFDiPgjvPBJp{H|YJ=YG#dtx3RcDP^T+FWDzM|YUU7Ih_QI1
zoHWAZ5J#HCY!f`0r4eR$GQ*$(Pl?iqM0iRRvlC$qv7jsz#E~E?vn}wP3eTW4jfB?D
zP9-N=m}$7wQ$~L~oG;199HXQQ;>jRKK6u8{MaON)N_Z?t@Z40*+hQe^`7zKm&w36!
z)M6}{(<XCIA?SiM(vl;dW%e9EAFoUHe1Hy@$=+%w-BFXn{9jB@3%)`|K*P}pXpDe^
zgy46fJtg7lH==zDv-$Y}ZGN0q_)ztN31m{ABdP#e4JK|Rd!K60`Ctq5zsU?-CZz?}
zBGl*(m^BC8Yyz`~h+eT6#t^27h7ArKVky4h`6hTuS5V~$)h$9>xsN!kRNj!eS7jEt
zD1WNhiMreFPc<~OFTINA3wwgL9cB>9AH^Wb<Tzlmd|<MC6WZh+inbobR>OgU#Q!8g
zJdIXC@RP@pqfCH?5?Dhaez^w3j|~||9O^dKP)8TM%NptA8lZFx6TcADZRp_ieDGO;
z)!BuO^Pc|U1*lIwf3M;$@(+iT2Xg2QjdlR01|@jujJOB2RWn|9*`ADvrdokZTVN5?
zfLIbZ7vnv3P2A!=UdMO8$lG>uD_djFsg4!IpXZT#1-#YIwwv>EM)ccUEJ({zLAOFe
z7Iz|(Hm?>W7=lfi&oTQu=zFu+<zHmZmGV<HH~WYLTJXz%02z*4))HmCiOdSo)6MXu
z39SEd76ZEOM*Ry^6IoPvDS11NUbmwIr8ekE?BE(+Enzyj=L+wwOIUCRo~t5aRZg+Q
zB`Wgp2jUFyda#R7nqy!E=(!zxr_)yC;IfNg{*o93RK~IdHQuq_=n{Ll#QA0?^i=2S
z#i^{#^)6t2MF0x7x(YbXSR|GN`||#NBH^Q!WbUA=607*Vr+M4Kc^Abkd(U`lW4}Z{
z7hLv5TM1XVneJW#{hYKb1jG6-O^Ml$Vno>7xDs<Zq{N(&Kbe3^Off1k#lnhWro_mQ
z1(legpu}u<bljtiL)X{(`JCQgt$5W53Z>w^ZuE36%}&Jfm1dh_s7#BoW!;%yVw1_G
z%b-#Fpo)kI;(U;JRYKr&EM(zDlhr*3+wCpP^w?&4Vdz^e3?Zj>*%mI74;)Ve9fnl{
zO%Fd0*RSdrpSg#wUNBZ@50M{-^gl8|do+{rES|kR@z)lbcNg^LTq_6PEK|{ME68Ih
zJ5dD5Yb#!GFE1rpU4Co8DW2_KoC7)igKvcj22;cOF`oB9m0vA!+OD{}j*$9YM$8jP
zopv831G3}1=4q~0UNRxh5G+U0jcYg$!iZ!5aXgim^343eB$w3B>ak7bV@+L<_;7#X
zS*C=KxA5Gi0Pn2;J*#LCw{FaIP=n|92Rd_ss{?}A+9mc2)OUp|4YEc@DX%>Z^9|?%
z?Eta4f#c-ky6lZIm0OoRU9c5<Ou^L5q7nY&bAo?R3Ev%^-BxE-%Ddk{aOTg2wzku~
zKms?Ucy;#lpkK!iOl<I_#7hwl40el}PoTe(lvC6Q$K-SO#?j(IA-aIb6))#Xx1;sF
zSswdth@H`iF5uaXH_B1`d+9#LzsdFd*#kEl&xSZznr~8fcRav2FR=n4zq2v`gCkSv
zzR4_yIYp%Z*CueQ9zb(=5n5feRw(FxyB>Y*=3`6-KCxAB*(ESOE4P!cjVSn;KU4og
zv$ATf8uGvEU2bmTv7o|Te|r1vzkk*AcBWgK-m>vH3jh5LC3oT_RfX9Z6WrUB=42Oq
zBbnWd$?Rx>ZNfRkEUO76wo5#VU0ajaKR+3f*K1y<F6Hu12YJ0LBCpT$Ft<B#8Kt#K
z(z=Somx?}DUR{`AU_PkP$u>x82|g1M)pww%Zcn0G^AB53US|Timzgv~FAm4#SH?mI
z>#S=glGUKgWEY1db+VPBHA&qWCABzHC#cO)f|^?$qyF!t^iEAm<IRIu*Mh%CCYrxO
zMjw~CdmEo<0%tp<**KNouS|=Q&}(?Hn%cfZ={pqHkChQQ=n=5qdfHVvIU$DKTEbk0
zfGQJ^_$<7^hjWVkn(3B#q~vD4a?hFI&xF4+bGOm(i~fRv5ILdKh+=!U7Hp-SB-|Ng
zDxl^egsnQVor2XlhN$^d#NOUk=XU-QaY1T<Y~2^N#9rt^^KMJzD^a%T>d|OZb;_LP
zk{0n;z?*o9pM-Y&(*$WbaQ7gq#I30L0m|Ze5b}%<e-Ly;9`%j(p%+F9po_vA*2o(<
zJiOtush%;cf>9q<p35eWVk%7Pj|Tq$QyjECKGPoAv^w|#s5+P;2iH={HhB-F9Mwp=
z{|&5OHVQBPs*{V~(%)tC<EZeOy&F5C?-jO54$)r@V3Qho%0{$wUufpNC1%uXvp*o$
zv3T?rvoVjdrShPSY+3z9a^5$Wvg7N?A87lZpJ@A^pD=q=B{(FCzm$QaqMkLs2^XVg
zr|A2G#Qel@nyV1KGz{4-dk2@Sy`e}v$Ry%@b1b@5QgTIn>PZXLV%f+W-e;9g_ugF9
zJcC-ozPg0cQY?w!AC=0kJRsM{e!MdWAbNLf!$Nbue;H_b`Qq+w2HJzz7^7(i|Lpob
z-8*R^*Ca06Y4>!Yw7B5Q#WW=}H}EGw3jxT~&3JFA8S;CA!Aw-?e{p-^AWz<*(5*u5
zY^?bC;5Paq^G*Nm%Fr5Px?VZ(4u0exH-eXYu9q5eOIZ1s#h`ScF;jC>^p15eO^e#+
zhMoJF<vCB_mLDejwB+lqdiNbg7ANJq=f@ceVO-MI196QaC6{hqd*0TSf%7@XxOXGo
zpd-KkGO_g-$n<5B#@5fQXZ(8drU<{X!u)^ieG7aORrc_Nrfq<>6SUa!ZXsfUs*MzF
z7mx;8Is>WHm6a+!Sc?^v6_iAAL8zwHjzbimtFF82s=Ko4y6&nd_-a~8c_@#9Je8LS
z6C$*Lw&l_0JLlY)$s{SY?0?tq|NVX+zaLF9bLZYW=bm%!Ip?0oZEtG`o{bL-R1thS
zJ#ZM6sV2%si)5pWdYhs3-{-S8uqd_fvMayWuly6Q(6=}AZ-00<KK%XslZ&JIE%7c8
z;siVf(fQ3_l9HwVA?^WESuwQEE75o_%pX}oQ(!CELu!>zQ#ms1Z;Qw;to2+t18uZ}
z@jQikwuE|~hN-9xJ+}up;V~5J`3!<)26etSu*LX33)YxA+CR2(|K9$=p2y=ZJ(J1+
z!8`U3gD&Ni;#W<a)6|5=%2G_|bnS3E5`uDtcGrDC?g`-gI`B2<Bh7^t5a(cH4Z_fI
z(iK3_wQ@IT^h4kW<WJXWDI&3Yc^)RNpak!c`I*DvH#`b{g9&z25(xx#mfRp5j$ee}
zn3}@ixL!a1>TvxhM6Lg5Xj4pACd?d5R}x?*vvg2+7t9o-11uf+7C`90ejP#HQxW9l
zix`4@pvs%NJyM5*Q=TheMJIh5%V1I+kefb{L9pi(>)R-9U0W~2oQ(B2SZiPdF+><!
zx%46=!=}JSV}3H_cbHF&jPFb7ci~MmDg13%e_&3)>*mD^o<prl^4xf;DzR6Y^ep8R
zVfn<g6TaB@`ZN1|WPWYFXZUX#FNM)MN*jL6{1LI<{PNg>1PAgSUXWw2fUhA4j~xL&
zl`Ef0;s6cze~yV)m5-iLivZOtV-t|ek6n!)z(EFLwiIbVV^0TOZGsOa0FMTisp+~e
zdngHSY{wf<KgDV+9w|&^d}(YoUS6PH-cp##McQNLi_(vjz3h%zm}M!i2-Ag6naij4
zf$fx}L6ahU7E*-|fv$^}@JkH{L-R%XL&O46+9vvr#e>2l_!<+O_LlMki}~dZW&Axg
zW&Dil6IdpzjGw!Pv%|H;PFq^u2PPrC<s?7HoLk1b)|BP*+kFK95c|mj{*yJL>6Dm$
zT=eZXUz3|@aXAXSLa?kL-B%#3aqo#(A9y@A=b0fKc2NyoxNU-IJJ7RL@YGn#_&G3G
z;8~|>4bc|BxUw26AmQ5{nAU^Kt2pZFgQy9jT>)&Mb5oU`&X%B<yV{j(-_16)`G!pm
z(}3n-Q?+`TAm5{)moJ~1D%97L@c=p#1hjulh8+rE6>dqWK@mxJQw3lHfo>9fN<6NF
z?`Q(3mjWn<V)~Z^LIB@A)kY9*LK7-gZsaSf;q|dvB}xidtr9>x)mD6RJU=JlGI;YE
z0`&|4kPm^guK+~LqNOJt{3ok$4TqR*0%e<%`}>^oJo0JSyRjdKNv_D6DyuItX(^q=
zRG{_R;mx-N%ktCrIiywY_hFEH8X$K0Q?LTC09fOFRXZyNZ2|3B^wePuNP1g~b4aF5
zph}ti9GIy8m%vo*yWtH`%Ef7$aoXz$A^7cUL6^SdB>%}~r|F0=1WOF|-!914S<8RH
zxw1i?C`(@_ZT=Whz`YZvFp^DS4G0#M6VUP+8XX4?{1K04bI5;Q)X|*b@bAiro;QHz
zl^~1+WUvQOmdX>-w;_t!85)Hl>QEI?kBjM>8KT-Od<C9I8Ig4tPVA+n2JB1}Ot9Oa
zk3qdP@F$8l^I;~S&S%rfL<V;-5m#n7#lR$b8z+%$oWyHH93>=#|7mIu&L2lo3q^ZB
zIh9qf_}v6n4ItQ;rC(}MKO6gQiL6iTKXW>Gj(UB-Z;*NJI!%QVU}4BPJ`Inrk$$`r
ztZ1xb)mP;OR?3(BWj`{aG1_vX(?E@KgRmutr9Y!6>lzCkV?d`lNYk+I+!7+M4Zxv*
zyjD~Gerb~psH-}Xx~hquoS0sBalVbBBeKNwJw#IWaB@-#Dv!Emmk~YHf!H9V??7_O
z5oEIuv-zvoAjq?<SbU)J3-%(i+2)jU@YUwwmE2YCexUO46_jrtv-!89UcP+^lALRv
z!&`vVrZ}WJ_wylY6Q0nhjY_Gz`-!I2%y9)MO{VEX(_;UaAgf59hE$iT9Pf$qp`rz%
zl}^S5DcKjn;V|Ef<5H52^H4Cp34{Sf_A-~|@gV2+R|VsFZ!;M+5352dv8(n_R?$2q
z@E7&EvLC)JHR$ikzE)iMdQfX-DYlz>V0ys0`bN_fw$UI(&}P#FKX5;a*lz&W{qdAd
zPDv=TuW?A59p(EM7x2s1Vy#49_@Wlr*8)TmdwGX&VtNy<X0nOZX>{$vwcJur*}y1z
zSCOe!Og}05z6C<cPIVO&cyB~P+EO6xa_>QT51!eK&osa@?!+R~8WDgldVJQv>w>gR
z`7|Dn$)?Q5ieyeH8`DmjEV>I-zOJ7%Pc)_R6_{a~Up`UK6`Am`nxPCG$pPSt$6XrA
zP{uD$491`w5ZeSF6>Is5#W5VGDK~JpmznN%Gvi(NA;CL<+Dm&;kXluh#7RC7rGTxj
zhgLsWG3jaSSJ1-g9kl^I{4=4uF+KUp$#gc^q8z`cC0GHBe>B!=U7pyDb$^lucRvQ*
zH-);tJ=8s4F^lxN*v-i_L=79_V;sUnFPu1yy@$ZwqcVru4{(IKyU5rbJ5P+gi>K}`
zWZflTcmHBDYwbqe`Ma_1{FK~xz=3XhclD1Mx})<%Z|sC5>hAq+)ZO3V!(Ym}JH@&?
zqIUNZ>+ai7ck_+iEnwYcUO?S_z`A<}yGv%>y~Mhc)$S&<?kYmv4KsF^$-0Z}McrM`
zx|@RC)tRWf(X6{nwY#&F`+va2q3(7)YUu78x*fZR!LG$b-8I37|9%r&<@Jp%LComa
z-P0PwSN@TsLE_jT*d7P@9UBCnQwMPy2bs?XF)<L-ut7e?L3*({Z#PkQYt-%p)}1fZ
z-B4q9!&rBBT}a(M!@667-C-G9j8Ym7Tx!x-pbf2r)dA#E-&K)=K;2m8An<eo)~<yM
zX~vd~*z#l6@>8|t3nX--x_#N7$rs_+7%~&Qa^J=5!4=8O*0ORlKK&RzjroYE@qoKH
z{WWf_G`z-bR7E0ocMp1vF&w?dDAriH_|YWQ)lD@`;OOtZqN)9VeI;Jacj_N;TPzoz
z4-&mC(W1YvU67;n70tiY8{5zw2aXr(S7-Hj8A}4dj{1OwRaUnO^@U`K0udlX`KYQb
zDAZ4w#SGf>=2Dvp^M!g(703Rqo{(cQ*bD^Ef>aI_%?TFF9O>C_5?Xc&-Z2*Fu2p$)
zF4H)EJvx<JidxtVQj$HNlfvj42#?JbWEuO8c=Fb{sLm|NP@cybbvj7)T&j~j-9G}p
z)Q0P4T^Z_!IqFa&^r8B9Jk)gm8fdHKv+ipD&uaazf9$7T<<2?ktIU8e2LCZ~*ma&@
zMlqDEGgTi95Z6+b(s3<8A-C2QZ{O{|kfjOEKnq<@sSO_}Qgyn7ap%9!J}|#XevC<>
zs_?WHwp$RMeCL##3Q)6~llV^M5UwcQM_X)n;}*NSpmMkCVicBYLEdzxS7Z8C-*>pn
zUgnzU@J>KEXNN<ob?>Gfmfv23(sGe$Gw!V-=yHKKaDTlScYl~5mc{^S7q-|Wp*}x}
zoDgx(h5a^;N_uV;dyq*Wls^_l+QZ5xA`@v><uH*p)5=6yn-vSPY4Kw+DDJmf(RvH7
zFG%YI-;o3WjgY<z<?vo*{QV$N%tSTChvpo|M|%BIr>VnMC?%l64+>2+o-c#6=y|Y}
zbH|mBF}1r#37*2#ZuSQFQO-YGBMiH?HLv{8VnLo}&8q?-!aM)CkiOk>fEP>~;leMN
zKmj6^2xRt>N%Jbg^WQP!w*;A=lPD(z-dL*pYi6jC%jBD+DWLrF!c?273Z!tXz$-`(
zsHG~rP8+Y5#d>Soc9a4rA2q90h00(e{hDmCH><L__>q1dd!3OV6`78o%;!I8D>CgZ
zO5YAj?f9zXoFeb7$BWXpIN*&$Q|*MR<i4Wsuo<vpjtNj_u{oCw6kILfG1n8s_NLmb
z<zuek=KDp7OaoKo<RsB+{)O1Gj}UkheW?-T7$<0nSclcu2$)+d`T`&!o`K;=#Y{D<
ziofzGUy0|jj?eY=D>8N56rJWl;@`)TgQ4-e90Y4%irZV1Wp|Ssb%yG68kxTr<nq>D
z_w^A_*@uY>p8fj-Z*n>Oe_F`he1D?g%`QNbo4*+Mel%WtM-`ZXd82caBF~B^Ay2Pg
znWU1k0D4=5Z3ZvVm)gksi2u*x^XzdQ;IrX;<=?{TJ8s`XIDJtVPLn^Ce76P5*pJuX
z2QL^DOf5qCM!;P_UBUYR%zcArKg@k~RkD4uYzCz?zm4@H2J6M#dcNXKj;UJK@#SN3
zx%mpVa>_HT$bo+Q8LEPHx=xF}w@PI$>a<bTA~b(v!f&ka+Zc~-@@N#Wx5Er@NwN$}
zatd>fUxUc3E}ojd+_bu*#<YGx*M3%BGaQ|F&eG6X*9!lAd@jaFd=p9{2bAjD<JEGM
zk@oR8@<0K$eDkOM$atw4)Ak^6X5}DonxdR?v|x_N{+O4-iUrTq+-|RK;{VCJ27ofv
za0N+wpJ8mx3Nmq9uSnp?<6OR4Nq)OM_z~KsAB!2=V0kUpos4ZMKu9$a|I41B+i{Kc
zZ>3g29!J@j`)g+jfRoG2u0brMYEX&)!%`D%HsegpZj86x`#t+&VD$YZhTh7S8oEo=
zy7M2t-GqWiJr<!nL;EtorGC19BV3R0Kflh<!MM<T0Q1*?#Ms*GGgHloCPBUk>nMBn
zw>H<%C9w&sX~s?W_kF;`P4{nArwSuV`iOz$nm&KVDPJXe4z;^}g}JD4OwT^EtA|6r
z##*`7-7_#iI_23P1G;8%k#`YQyL#_76YSjMq*iE%=jzEYIe2Pu6X)&@b8J#>D`R5g
zjb(ZSlvYZ$Ua7RG^-@*&7KW$No0sEB!<C<<sz!;+N-%<Cu7xURtp)A7r&G!zOOqzN
z!kmlbE3rW5y3g?`W%NQEE{`OLK>gBA&Qk_Pou^#X;aS=a^{C`tGNkPY><Wvw3y*(U
z85aNY`=5%JxjL+U(@W9qBjXYHp5gIl5&oFDEquk@r0<^ukOFT+hb(|Bp~Nqn==jZt
zSh7q<l69_MqKO(C@fBZlScTvYi_^Q<Qc!u2uiT3?h_@=8D3p2*wK}D%obnJy^D6aP
zf%Kij^Ic2<ZobGT{2!w8kI(0~RK@34jjWnt%9oDgugNC7YOR{mjV@TLCU?UNsZ~>A
z=t64MWSX7NpH?*mM8V_qZL*nN%cz<X%dTZqO^#*PvZ|)Uv1?gXljB6+u^iYBbE*nq
z+<Ea#I-kO7!%CAa{_AM6KR7%GW3<<+NC$Q)t@9j+k-o||eaAm}HIj*!Eb!|PbU<GM
zUr^)b0sDp0ABFBG1S#1Tz!(&ZG#i?gt|gv{HrK20U<zR+^7$=d=~lsaz^sO@-Ty*=
zTxY;k2IlvHlRE0-iJ_~oq-*)OU4dBg04<qCo@S8?69Sfe=>$yCUOnEMIXqY4mtcu0
z!8_Tat}lr7>ag{0-r+f<&om_vR{(@1T`rbx!`a}@E{|l>Tm>(de_Sm6if+Ih8-CYc
zbzyfU@fl_tZ|%wVis6SP*w8N!7?3%d#uwd|#6@_jic*`s8NimuKMP2GSn?}3&^Ch}
za*h61;3e(NI9t3A(1H88jMxD<{!3JsfpZR+cpK?f%2%0czEXcr&RA~CAWsxaUpl0%
z4hrM4R|A8HktZYwa!*nEQuKVsIA@Xko2JU6i!K@45)6*xpG<<)_nK+5129ifq(%Yc
zSoEdnLnX~V#XI^%zTyPaxKo7BnqcDSdmyB@!)q#WQ^}XWDP;hbEgCF(7lFKj=t#gX
zs0ad5HRVeO5cbLq&-drxlB<Ut16znR!4jA)$fN1a<ta`0+USRPU4-kWyU<y>AOYoU
z6lHZ6P?SnU{?mHR_0z#GpK2rL&)cyM26=x1VhGY0Um#ZbYz7q<v`Tj;h@K5Vb0Z_%
z**=947l+=sGKt(4>#fSx`;$U%$UoT^uKTg-H%RF*LS+MBfvc}5yKLw*s{F~lnN_o$
zh0a~(z)*YjByVyXlV^^A;#|kRHikS%m%t-MKw)!5Pf&Lut#^PJILki?fgL6vY=bpk
zsmli`uD-w&yuFuZh9m^#<S-Hr?0{ytv%F3<11HYvTt;|em_bI+>dgb|>@H8VP&895
zZTk2{k0-_ZX1I^HSiO4BYKtgUi?CfUGdubG)k0~F=*=#t(9?1%)hVqD?lbi7w&30_
zNO86G6KNw0i`Oky-624J+z?z^MH+OHNN!ph&jMDkO(<P2nI8{rCffPU^(+Jqp5Dfu
z2AUui2+zs$ET5A@V!?t0zF?d8E>rGlS6ZlF_f^s{;w%>eKa}!i?E2<f1HJE+{0_AL
z?b#a4hn-Bm5FeD$UlLg52AB^$VDvvEcqPi$Sb}Te3ol(`sg-=tJN|SZCpZ9)?G8wr
zg!Q^W#*r`j2<M1$P7Jzgu32cRwO7MWm_ohFDqnBOt3sznX|?~4-)s%So9VxwfZyT!
zr@B5U8UevAL#Egc>jPuT$&bm|PfFR3Ny$%!;4kEEclRWZ$qoLreeFT!E8!jG9!4g{
z1H&lDX+>|285q$!RvGGI2F6#G#B=uQ@OWn?oLGbxZczPyrA^`Tqj$V13|_hG5Zm<m
zM9K#&p4l3TXO0UW5B*)j`v3p<+y#7IJt+9U0-vvjc^L8evO&TBAU+p=8^Y(m3?+QN
z;F1pT`TBbqK5vrZe@6VO{_o?LAeq;N5Ujjw_+^U3uXF=`<rwfwkn-1egkW^u)(>62
zqYw-y#4s$Rum3yvW$Ge+?dcniUmN;%9lt=b08Kc1qabC2nwh*&<!1)`YWgOGUj;V8
zuYcJ(z^~?e7=F!t3?sARBJ}D1k6-@=e)S&kzXHFW=pT+>i~9d3@oVY+5Pp4^PWbi9
z!5!e&^RpR#Su1}|{Q8gXk8upYR8=0(YlBc)dy?;EemD}p$lMT)UNIQJ6SK@LPqwh|
zlY)7GU7HcRPPm2$QVrq=%qmav3*FZta_x(OzVkiI?1K2UEQDTo$7WXEgQYx)>0Znl
zl1*kv=EG?{qCWXw-XAZEz^{SlfnP9r^JDNQ;YpZq!ecn=Ct<z@{K`5I!mr9fgkL8H
zb%0-2-o^0i-ACd%=rAr!KKOrwe|3moCjcbA^TaPxC-`->0l%Q{{Mruj3rDpnGhro9
zzzW$Su?uh4sL!GN@!#Da`$g=J{ko1{IQx3|ldut{oKTPR-WZNwn+*7M@c<UtFrWkc
z+I9!Suj2A}?!<o?zeK*E3FmKG9f4lP=l@gtW0kqbdCK<-EPTOsQt%PU0KEpIr={mm
zYp@2l$1zfa(0!XAjRXX!%I_JmI|4%L627^=D&dob2KtqbNY?>=ZLBgU(NkgYI$!*X
z=^}nDiomaX&I7;r<;n5<@@zh@Dm%U^nb+(U2K<_9knijI5`JCLuLJzL|8|C7O%KI$
z{PNECN6#V)$IyvgK}3qgKa)_}Ab9gP#S6%+(90Sz=>?rp8TAM34-X(({Ex`Z!P<_V
zw;C~VL&WoHd8T5j&2&<f&KfZXBq0$!HYxDmDV+!|rA}B0URSD?*-W#6VI0E}GjX(K
zCijIH>G8EtI@tn^=U<E`0a-$6ad7l?35)B5;2J!Z0Irm~`Jp~S>2blE-4y5!f7e5Q
z(hkgqBV}*$UTY$(TI-au*HE{vm|$MeFkqxU&(^CHGeQYLKsG^6YWA4`8onTdMk;h8
z3$19`_s&-;*De~M#l?*Zi=m5AL*Cd;*YWziR>J4{JOw{jb6QNCXYAs8^EwNoTgGxo
zU65nt0xu(;Zu76MkL5!94O_3Nv|ihg8oc>y)V1q@%a2hv(ecReq9uZ~9`kPHZs#ke
zcVlq~QkxoXmxbYWc{FFtC5KUsgJRKgybyhk<LDUWCQLiGCs=HeFc9~NJhb@RgF<~B
z!NFTZ;d#YQ?@XIjr)SkM*sAs+yKEWx(rKr(KUi#4tA(#tDkoc6k_d|7%WZTEPAv!F
zU2sd33n*?G>m)m+1Hs~qu*O;JP+I+Ul_OZ6pL@n#;eQ1u;2F!$MR<=2!8;o+o}Pmj
z9ifYPaPd33SQNVG43EIOLyf@W71xzk&R+sQ!yC-g8(fDCW=1u@2zJcyl8v{o3o_UL
zw0wD%MT3t9<5WEHd4kG<`@V~@AI01;R<V8+g4%e#3@f(`5jG<pkL<Gm4}5?Gc!ZcW
z2_YA!I|mrShH;EN1y7wt%suK}8Mqu?Ub&}Jv}|C@v0xOS<!ZqLD8jjV5UMDbJlc#j
zRuUHZ5oGa7hKv4<-B`@u;Xp$$U=DN(XrYQ(%Bsp{;)ypUr*eTla5<2u$2Km@V<CU3
z0gHa^S@l|$^0@lsV0f}@X)!Cr``oQb5!HQl``>o|3!*htk1m4Wvh&)?2KVL2vW8<Q
z`1M$R2M_1)tZ5^j@IH`(v4{ZD78Z<Eh#lo_b{!Y-t*OcTCauag#w86EF>O*%kFdt#
ziFWmS56*bNVu%l;L(I}?7I|?(?&(FpfYDf_S)ZC%Tvp&~BJeG*V8RSVqRzMCMdSoh
zYAD&1h&;oM`6*r3BAW{&;9sG1ZZNlfQ8ppZW(z$fbJ%E^=vidt+<%TpftZg=_kCd!
z7kDi9#6y<~^3=_iz=f3!yyQYWuJ<9f*c(8&#2$~c9wn>47_YCE?Ea!4^Jn*reQ0)G
zCy5iCQtRSp7!@Usv{Ep3g}z>uLDwKPL1S1d(4NY*g-IbE+fN<g93i@d%)A;Oxa<mw
zP7ZuZ_F_yks@#56d=&mL%o=?&0N|j(z86-{aKM0wdWMnvO)(xz-*Fd+A@gZtzo9l<
z{-FDXa9_@YA<LFtCvCwiqwYdZVZkLX-2!yJ8TmczaHi=UJ-=P;e^GaMy%K+pr72jV
z?FXn&te3vRX73t0{mRg3u9nL4W`En~5&32aKWX0prn24MtbBZBtQw4m-jrW{PMIW>
zUs2cBSukBhA3+wZNFHfw3?QL>?GQZaI?yi27pV8$`+#pzvO*9An%xaTsi27ht5FnK
z6dXN2Ve!Y9y9FdPS+L}uLQ!C|;7#6!qCoN*%(Jl?JCu^!Q4}bq^JA(120(086qp_%
z1Q5L5xD)1rqY>i+8Ndqj27s&!Y5<YrZwStSJ&jY>!+j^Erow>6;nlGQ`UUuE;Jx<F
zFz`+#@NN=HPeRYfRZw>mWIOHGCRN4K;;})jgl%9w_S5}N761f1u6-6|u)w!up3wfc
zm*9po>Ut}Qo3&Qebz2uW(Z4{6oz4W##q;7L{a^h3@{_nQ{iem<>_3#P%NxKiTR#n*
z2mXxmX>8NaBcF<(At0U(B0&}Kbf}&yLKjneryH=9TDf-_#MTXwV(Z-C=y?f?KQxG~
z$2DBtM7X*hbExcKxZ2bOu~mnEC!%T&CB?NyoEM<{_~@tquKZ}!Z}J`whU|Zd%>I`Y
zuHQ^1`(KG_|GO8rNyMk;uQ1}%vX9S=PsmSgno~ZeDQs5yu)g&bxy65&V=8byr>(b^
z!@z5yRVI-Z^9zEs!$vuv?!<4OX$v~#F*XcXv=rqYc3m8iPe@KtQ{z2ypbb+$V<Wd;
zy>`!6ZNX;F<Qif4O(c#c0KrnZ*4;h8Ge<5|A(dleOdMr>qQnpH=7qdDa7~%`qu+ii
zkNIBQ&@(kupEz88M~MJkkfz1qYyN--?IS){!w(NDY4|mF2VZ$#9CPnl9FLzs1@)91
z4%^I*r<5niqxa8l4^r@-@<2Ut7)tzxjp}FP;eDNQYd!W|rz!|(2+k~~AWTI$9NK)1
zP$)T#P;g@0oSK)qSjhG96#}Xcxh`7{FbEJc`R8h~YO1E%1_mzErP5$=R%E^n3<~u4
zEW&8eB=`z5=Gz9PBF8BYb2Jy2(%eN3etCf&0%m@g(n&v1FL)EJy$lIeStdoyO!YUe
zow;mMW;VDY`4qRQJxKZX$`{%Oa;_U3<qvi1>Ha19mJH9uFfP}`PzSAZ+L_mkp%3Mm
zIqi%q*DI-IL3{$e8<Yh4&R6y&ABsFK)XN3O+JaIYs!gdB$Qww)`@!1WZ}^Hh^h53F
zwf4bl^|E&KTGCEshAH~RzU~Gu_NKAb%9My!iqHqzJZfxn(Ny*_*i6g~0)m+^R@z@m
zzQv(-d%8!Dcw^7@pnp_Q%^;;Vyf`VMp#Ux4<)LNIh?eW~J7^gvK+FB@;Vt)@J7_sO
z4qAQ~(ejcDB47D~3!&N4h-O*++JpS^HQ_Bk?hh@?D5`9sO<)10PPAd|P?la5IRQ|(
z1ZC&gcGBVmWB!?nA>^Ds_L*O!9C~#~sTzxfc|YcXm$oan+}R$~@+Yb<^wv~FHWH??
zmIs6W-EEO7<k~i-V-8XpF99WTWt-uxlrhPXuim3KywG3H8XDQxDqo2ql%@q2*n&?r
zF1T`QT=a5}h==a3H+H8i>(Rl&%tN%eEUewqt2=1-);MSv7uIf8Bwk~?k$~9#J!g#V
z-i<^uWf5Z7im*l>r*yE$kETMqr_QiN&eIoJN$TIh3g;;)HnzffVJm#?8Cv0g-Ws{W
zl&@(8Tj7OwM6Iwyu&3SVn)hLayPt_%;g-|d3MUSQ6;@7bFQk0AA$r5PoNYK6p@}Qo
zHng!#fgXB+e(gm&%a=L0Az_F!Z8-yfK|4}OSU_{{rk<G8ss&N-=rm(qt8aTU@iGm!
z`YTYfe5;sk^%vhsiHa3$z+UaWuqXf4lf_75I<S?a@X33NDMoq+-1uw+$M&l!bEual
z8U`l$8G3Lkxp-Bcr>7E1Q&MKeGs{8m!jtg0nPX-J>m2m&J*=dDgo3x4dk7|{lv0%9
zp!gBgY{f6W4zhmc%!=165P8b@EGrjC3-k;038Vyi2QE}^2+A<L5wBS*LcrUf!}jaH
z#iX+7DuZUR>_bucl`!x^dH6$^R%L^$Cx(f!@RwSA{>~58JWiuLJs6ZQpTtUZH&h%`
zSmrRe@!4<{O2h7n#}X87jC;BA;USzFt}zwV<!dHy4+fG5SY#!+EJwARPzo$%?`;I%
z8Qvk>XWdkw?fy+X7f7Z?%B^>>fXY<mSL!#bGU9S8j>axutvATNBR<kU`r+?Uq?e}J
z5~LsTeV<yc>n+Xgr1`VVA*B<|6hCsxqy~LB<zMGG?`|r=>>^{F(vL;bcY$82{ZRDO
zl?a}?Wv(H(H(ygkd-D-yT|!EJd2btBaqsYVgBOC$JOK!E4<<D>9SWr3R7;c<`;i12
zm4CwLQW3DdDE9}xVgY7eM4w4*&-ILXxQBZm;?JypEr35lTKR+5aeU?TxQfmBHV{3=
zYvUeJY&5Rx-2(ej{UY$yhw_QGmDmi-rR9Fge~$^%-GuNV)I+yJZI~zIiMw#`m+I_C
zS^SW8AGlGulXdpdCD<8XF$nq!);V&Ix_A1s$#j^P!!OUf(eMI%Wk0sRs)LNZgCsfZ
z<-VIqGO0LCd)sWZyEdw=rtNJfiYQTk7w#p9VVcN=(^zW(e*+SgDC^*glb)B!OneMc
zuSBVx#sr@#O4{70oRnGe<}*VntJp8K*2<gEFi=ZN<+{q@S)37cWhp;?Lb@^qdjO7L
z?m(1BDaY~+>)Ny(ao}^^u(Ljn4@`j+wz|93xu+_d;TtSRz630K6{4b%t1)6uRo=$t
zfRR50Q#jrHSfV_q_adtewm^gM{67zWPbEtLvp;-~8L}|n+F3$!hg@i`tX@>;yn9~>
zRt)F>TR^10rRx)bzeTy<yDk;w#W_w>qasft6h17<)8O|JRgw7WYeM7A_T7FP#{5TR
zz>^Ep%I9Clx$G#pzj1L3jZenhTxjC5;|H*f9M^P8Ylm7VX3MxXFpcu$sl&W;tc_B&
zqz3YsHS0H%Sc*_7$B>}TlAT1^q^&?K7W|Tmf6@X8S`Ly_dSoB=WMxS|V5sc(OqiOZ
z@+Kfe|E=(+pyDWBF}_<k{!^EuXWFv(iYZvBM$WVu1z#e<-I!J3TOyW5<@cAetO{Gy
z-|JIaIzoK+Uo|r~$hR|b2?^;Rx{)FMa~wO?$Wfcz{xw_g`Reaq;ctfFIZD;kp!Q?F
zvU_S+eij51Wq!>;xXxF;m`c=(nEwxTj9E%c6~q1D5JtGqg*~V&gJ%NERsEH8nqm6n
zfrsSgF|zlurz_V2Mfp#w_Px+s*6i2xiDl5Bz#dfjhk8F>I;D&gSWgeA^Y{Q+86J+b
zxwrf8gQq;7*j|Ba-QB$fxxz*k8AIa7D?JNsGrIGYBh?H=C1K*v04Cu6>v|M_(n8|T
zAh`Gkx|kWdI3irY*{_PQ^Oej2AmB7a$heCiW!7IFZ$3cU65$$V`y?&4%$~$aJAlkT
z3McdTOj<klj=&x~MHmpcBye${M<6{g2)_5DqXk-c<<;E`1#*-Z;9DR@*YJo2%yzc9
ze{m)y41YW12Pv)UPDhf@4RxIx1$Jhdq6yqcrIr9vDG75_jEe}Y-aQhtqf%_x9a%8B
zsF$bpM~j7X^g^Vs%Za`&iQeRhzD^Q79acsUXY|GBtwr4dKA6Es2>0o=^p=f^opJbz
z73!0Y<PIs3ubdxbf_0ACS?dlXu^mv99R_0Scddcg?ztBCmYKGkvM_qXpiiQ<TdrlB
z%-h-><?UiN)-2_MeGJ)qyu%_i@hN32JP`QUD37t7JVSp~Ah_1C?8!}k2SWR}J&fK%
zAo=AUjow}$dOI3MZwK;W!`@rKI(iH`as=!0VW-~fzpKl1me(Pj4QF&V>ADW+Y}9p~
z)7ded&Q|pSQrdeCI(ws!N@s+1MHm_T95nU6z*1X*Je(egiy)uU9UA%Eup^p$>MmvE
z<84g|&&L@>KV+!IB2Yj_x4x~?(M^c<dzH_B2$F@$S|HzJF2F=?3vC(v6Mw<Y#ePtb
zzKh6Wn}z~r9wwd330#S}qwrWB&sQl?mZ#PtO1E0VnHX+XL%W6If5p4ME)nHLIf7}g
zvTr;ijaJGdaXnnyrR!L!%HXfs2p4y$LD5-M#{#q+JOanrKtEVXEkD(w-&tZK2OFuv
z#;n(b_OL5FOV^dXH9cXVTP@<~TdjQMXgn^HFBhe~;;=^Hqt+n(TTB7dkHlbp_IA<N
z9wU0%O%&C*iJRn2&JtFzc0pdqT_^B`n=ulYAHNwi4@~7HV8ZV)U*W4NbH`IXhd>M<
zv%pg9BG4vF`9E?x*or{FLle~>X!EXb#ov-5dV;C<&BI_MtP3KY5<L6QI=$InV!uTu
z5DCrnRWK>`hVcB5*8H#FkMk=lrWpSUD?-3`!TUgJnZVz(8k1w>pX3+A9r}xD3C(D2
zuNQMSy87dJ0xV*ZK$(CoB;}xzm%GD#NT@uD{IyXLM^Mm}1(7+UNV>d8dcZ>V8PS_x
z2QOS`Wog9_Rpi;orM@##W4~~FaBvlfZ+zuJAO$)lubGn9*(v!(Mp3`I2z18UGQP1|
zO^pV8eul>9iw#)R|2yRMv+)`dJ|%d|t%C)oK*_fWF9Lmx@>3n~_t~~IzT!rz-Qq?q
zW@0#hcVN0Kw<|P^Q#t{BZr@eR=))W-Ko~zkQ&(PKg;7A<$Fva{N(pA-0X|g~&Zk@+
zc>UUI;Pv^+&*7F10{_RHq28ZiOl9ECHjs|$k!el{BGWt=c0V8U!;g!c6kd&um{Q%D
z4yWW!bOcuw<Q{e}^MA|O<dADRU7k$>YziMGqYFbgr+l5%mP5+RaL@lcG!){ZV96H?
zN}WGubhP6N-my2$8Nw+O=WY&ye8H(DYFY=eY}ZRqf{tMc^weD)0#;(5pD=3QjLk?Y
zB$oMf24k5w!c#_m$=m_35DZ4)Dbq8o9Img$og~WllYOIVFuV`QqoclFc`3J&73tio
zoEU=MANT84klO}R{ntLt!$WO0KpRh6&~+Uaih3zCbmM~|YL;bC*w$9}<XFaS)OQA3
zqceot;c@>?L%;Xa<D(w=r=iQ+hUf*bDBJae&Q4eAZI<ae;X-(~S13O#<#!&)K>OT4
zD%z=BdIHrr)yhz=UQ9ia5>fw)(uxZJ3_4y;M6ZryQ6d4ckKj4fj_zZX&F=5fazaf6
zwaaf(u)tfrs($hp#i|Z9!D3BVJJUOsX7t)$$lymg7k9BEZf+H(GNRrC|Iq0pw%77J
zuC~Md5Cww*X_Z6Th$qPJ+sc`I3A<b|i%d<pm~mC#Oql~#0V?O>xOx+Vu+wHKV>Pt&
zV=wsZuYL|9=8K7{@Q9|q8gpD}nMQN)VjezKOd=1e`Lu!I^%?kQF4GprjiC)g@Wx*J
z#W?tePFb^US)R6Tt^}+)ld(GAmTU^7v(~-FU`nUNE7p(WkXNG^i=_1C#Yr5r8*Iw2
z0?iWt^eLzeE{e^E&Aq?6p*y{Efj^8yzX09u?gBlv`%`439vMi~uRKfK@)LD;-J?9Z
zAx<-kv8`2*88nr%S8^Oqbpj>6nX6zvgsWu4xcNPC8Na>&@jJ#*zA!GB<{ltG6Tx%L
z#6L0{hR|>scxi<da19vNEbO2Zx0(`EJ!YVOiw1yxn*B;Gd?5zw;Fh&0_n0enLiw1>
zx%o#$_2lns7NQu~%C-QEB96#-^?)sj2BSRDWjI(4C0x}88yH;=rK{uR;CRIm<Hg&O
zh%;qj^Efqv5{Vw#nsF(2bYNlejD15uiXI%I==5kONdK?eBdy(bGDyA8m|}k(`0pUP
zGWMIh(6|}<*tTIDRxFTK+t=Ewl_RAWB1s0WAcJCyGQ3<>?Ui@SxzMx+sBhU@HPn>$
z)pFtcFFPGHybUT;hmNLjdcMhG^1Na=T$D>Ve9M|~XgD3Tb{to^Ti^>eW42^LvVx?T
zCQ1{@Ae@Mv2JC<uE7Pie){*{PayN1&?WQ7iAB}~M3ln9#1-ffDMvLgJ5X59&@2-zC
zWcs-xn==*^^o-3YMDPzn@ZTGh=C%d~MuR`_&oCzYI90aTuKYC-Ip=B80iyGF+Z$HI
zAuA;}er3`bHJNy%f9b>DGam~~Cc`g}9rDjSZkdU%+(|QF9Ly<a5(g7abs-LBanu)Z
zL|M#_)aiW)h<|h$<6_2|smbbRih-G>MKH50yqJSe35=P|WYTysUMG$=i!JSaSJBc=
zuh-cVvah}-_`{oUumqHGiVPg+a-HAYL>y>zV7TVeydoh4pkb#$b-EZilGc2@iJ>Se
zz{-)ej5kpMi}|>%%({Xj@}7a@eTS2DS0L{aByXVZw2tZ>35>o)q;E$j^j(bfJu8B~
zFG*wkBv0ojSvX*hI^dxH!FX9Xo)9tKhl3bD$uRH}tTgC=9fUEHswif1V}2Ky$s1A3
zgq_@?#@o;XILWkj)wAKS(ruyY*{oD8<U-Twt<FACmoe53KTQ^3JIL_bERoUp{3*u#
z7m@fr@*Rfnd%KM9dRdb>K=LF0+xY%SHsSl-tHSU-!4!`4SkB!cPcdNq6*?L}PeS>K
zz@-f9X*XPv7()E47C`))jEMiB5%G_&jzs)9my`2<NBi*9p6A$yZwcRr&swY@+L<0j
zJIVhMdTHtZ^U}*>{m-9XhC8}IFLR^lB~z!DSL1<R2C$vCw3K$<#EoG)@7$X%<Wyq%
zV7^97qaW;)m=<2bi0R-3;l$)RloEY@7)DRuzRBnbNhKr!XQ~pgfu7<c$jMXxpWHrX
zpM#u6+F89qZ)_hQ%EIVYIMbHFZeC<3TDz(`L~97OfAl5M*FbJbB%6i@n1l#!s=Cc+
z1czs~E0RJ4_xVX6xV}b$yUIv#<+YIn*FM6q)7%_REhtF#UV6UrV~6xo-{;))@;{VU
zJEWIseLAL>PRQlV*e;OEzoN+H9-Um~nSoqx)wY*L<u$iP5yS59lp^l3F^Xv58AYfB
zQTi>NH!?@Yb|$I*sX0iVBcR5N-Lm0g4ruW0!+i{aGOCOiO9?OGtuCgwI;T#(gBhnj
zim|d3ndr}qnSF?n$A|Fhj^knVVi?|8LiY<p_rvp}iP9Hn&(#ucHifdBVzyD4XVpOA
zJ4>DGlnX6R+-$VGx$8vVkp$6R(@Eak-IzD`{>w0L?mEhw+e^=z%WvOZx!ZN=NlKc#
z$(g<e{e69hVkhTjXSwdgoVn>cq+0jhh<Yf7?76!zbFS#AwFdr-)>Ra{Pom`g=n+a&
zZ^77F-+@>`>fZ}(duXEUWdUZ<iz-(a!Rr)(eD2#9Tjb3oQ=KT!=B(oA*<7mY0;lv4
ztn}>`(Nkct`Y|sO+Ow@i@<YHrjuj1S7d~pzZM;~nkW-8LioSMpn3cDGmLTmEeE!k8
zu{R!+lAX-byAzY}^+MyB@32`}l1Xd|ZM+8o7G}bo$&xvnG@!{+el|?`keJ)(8c~D}
zQ>_vHD<}Cm+(`$&I8LCv{j055@8k%6(NCjx_D<r8q}$=Y+ambBH9Jk;iqg&2h`eQh
z!dW*B;gr5NZ$4+ei&VioCCz|6D?-?_A8;j2L!bQ)EP#Rd^FW3m7iNi410YU(k>ta?
z%SHCh4ynOWegNwmG+=#$nhujM+cUAgf$!u5Kq5<2^5vnJe0jIiv|dQBMH9U5FyhhG
zu2P40IwoJ<?T~i6cQ4iI8|;E-!t*b`&f<kAP-2_%egGvFEH0fvYqvkvDUGpcNMu1I
zvZzROe+EDiFlfv`Jk0w%4=Jv0IK?xuoyrFUqdl4jPv+5sf+VEjg$%fm!+M%I&{{Nl
z=D<`}Z`_}Xu#}E>qD7PnE&d5~rZLDVeJ2e2Mp&U8E(p0_@)fxz6*U1ZLnjQ!1<z*g
z8gHf@-Pn9b#t195g9ayGaKvdk?&QZGL4)atN!~H6OfFWjQF;td;#6k^z&CRX5SBCd
zTX(Ae_Z&qJhOY4yWUBGhwH6`hb_kxf)cbA`d`DwIni3>G9x@bpvo{J}^Lkvu#_F=A
zfS(Cl;Lp@8Rz%Z;?f7@<b}K-_yahqKML$B=3NPmx7FFMm&J*g{5A{3&3w0kV@|IbU
zl*sJ);{{2ouacDOlzwfQ>@_zEk^_Spqw!q00r32a8#f1mzeeVpzfRihl;a71JH~Sz
z#|giI<;aUQ{#Yc{sQj_xVn;fAoHh(G`!r#;)xaKWv6LII#~n`779sr%qM4YR-N$A3
z76WetuIoOa^21$1eNB*}x~lO5aC?f8JHD#kE`knoMAJ@twdYijFYpPaYee~8;Cc^Q
zg<-%5gJ!h@A$Q}VM9SnSo09~2YLaDot$J&EZ3KMIivdgl2Cz7*%K)-hBYdvP7{b{b
zq9LTw{&1D{!+?}!B>X*L`-evV0Ez~L5n6`=uh^>*JT?Fi0w;fsP`Xx>uLa=T3&7bX
z0AUHa8x|o%)=dw^cc8f4THCSzf2vxkO==?x(x`(6hw8cz26tl4#9ty|f0|AYbLOR(
zoH-@zJgXj<J@3I^6Zqxkt1GJK_wx$-%1_<$!2O=;J)YKIJg{5jU#pw<RRAWzP4;GA
zEqV)0LT;VF7uGqYQ{njR^#0l;=6*jf5j3?V6Bd!4|9v0^cATPNXR$!fu%I*du*gq1
ztDNW)$01=Y5KZ-BaHIb|v^6airAFLH20L@xoYHC7zP@553_)6jH*yYZ<15OMmzmmG
z;y{#(@MP)Wh@Ko1jpXYUt?FS$lw_1D23HHgFZs$JKvE0j!q709`{}^HKv-%W*{QHp
z$Al&MG|vTAkaRxE^=&x3BPd^sO>K=;&wqBNMA5(ht)!&zdaNv<Y^E1QJ+yZ}m@3FU
z1^HS9)UN6NPmVVS!}%4~Gnk+1KdCeawRk)V>)wu-QNQ}#Z+?$KHp+x%9!uu+gG-y>
z62$|vOBQ?ebgk~L^8FI>Bcwht^@n_)!VWJ=4^#h`PcQ8Jmes@Hd&SomrqPa3Ux>w~
zwRoJ!_YKqUQYk2Q8=m*4qHqOBENu@KTVbERV-U{fmL(K$f(74z1g(XADDK3;FP}1?
z%4ti&F9YEV4_|IgEs*D=iO2x30u{85XHo1D`Dsr@cl_9E{xyzvApvvFX0gZ=@^hrK
z*G*evIfv&5lOVlqLzzEcdfnE9@0bCDp5%K~*nYrY%kynXRTVbW4ys<ZouY<s+s>+=
zsCt&wSJ<#5H>Zl`QiTnZqpz;8VZL7z+}($t9C@hnoT~>ua1h&@(4D#jk)`%nEJp#{
z<g|T4DTTY}!?stsb6YIOJduN2Vmb0|L_iuaPd@>>T5q})nj%CKwx@8a>LDnfs~20g
zrEq$Ftcdd`!liAnI&3{X3o=Y3O``g^cP@ust${%I@{h@dz;%)RXh-grc^{Y@<%?4}
z_W>NP^{g2m+txuG5%UOF${xe51{Cjfx*B`szD!PC$i%E^muP1>(3*4+<<L93gACNF
z!^JFYJy&;iCg;3a%9DTY33@0M4#Z}AKVuQfN?{qtg;EA+y7Qm)^)p_5g=5-W8Y;9I
z&fFH)otmMceic>?#uYUBD@E1|ZejI;4|Y;7SfqNvsIm_L5_M|zg7H{^ufTdrin~V=
zNAWAbxAHE}i}nN>K^M>M2{c4cOtA7tp7SS1B_>GK8@z}Ox(D^*!l}w7CM(B0e2BlL
znyjkB`(<x8kS_bztp;z}G$lp7{N&b@D1Ugvc9urCwpGM1zjguBX$O@t9HN+Os3?8s
z#QJWB@}<+vOX2B%#IdM^W0=eP^)tZFyV<LO2d9OKmT2+&4}ZT2_c{sF<qqO28VRpY
zI=$==5K;N{#ef>anh0&sYiK^+d>3whj!X?(T(C%OQ9-_2PU(HyGEO~Qy@=2>G4|U`
zI(SXRyj*ita}wZo9J}3ifZZl@QeF(Z*r;9<h#TS1CFC3u&oF=M0fzarRKpEcuEy?^
z3CkERTL_nF!&A{2^Jqk#$X|#~T+dbmWp3j1yzri}v6ptb<*j330xz6|E$=hEiuAA`
zPurQVA%)Z7o24d1kOv9;XIE3*;2wDu!3TQ_n;Qco1sTIrbA=X^tIOR(h(@UB({|;q
z8sjO}*QbI(e-p=PaSzQ(k45^*SSVlsSH@~Gtjzp{`pR%7wlY+U0vU+9GI#H1P|m}Z
zvEa%Gc)LVhnNs!k47@l?U72607w6*8^PSrHdp+|yQP(G%8fpGpl%gbuEzqlf#RW3k
zI$j^M&A2?g9hWA{WLTQJMs&I~8<@9b+i_T$8r9EaX&YOZjLji`hp7Elz>>9R(e(?<
zVkl=T&|(EUEMPHivH3QAkG;t@0RB2{w8O%d43uAh30Fj_frx1Czyx8@yR7o&Id)m;
zm@@lI+;Z6d3Xp7Ka%sdC3)?F0uK87;sN3uN>h}762it4vzqP&2Jgjf8hp9M@(hV?=
zZLpS&+OGM>FMeW!{bqyKblw+iFMVsHVS~Lzz4-h_{XF?6_?`0%#g2Bs?_Pb=$nR|J
z9rL@e_0B<$Fq|mXsbxMd-cM`{3${r$tlvr0uZz5mm7|Z4z$M5NKx4K}V7QRaFTZ;L
zzkD(w0{oblnlG2a{<k25x5h*-zkgW=%g?}$$ND(Da{GGplKBZV$gg@^#e?@%Ja}Ej
zgV!VQz$tywbrgVQEBh{%4AQCO;A(W3lQSR2W%%ylV9?Xn17oUK?jxskT;X0JaVOP&
zG%&z;U3iW5D8&OfZo=}&B)@&3Va5&XR3yrYKq7KQpe9$YizSKto-b24)jz?bKi@~a
zc`e*r3TTr<I$^u!GLC`m=rzuS?|d6c-^dQ0LT_2ms+=%=`aGWZo$28DP<(v}DW8bC
zo%U2<KWJ}O+^vMx!^oMN<y*+t+zr>h5r^YZC7)f&?vofmu_|BMrv)Oa#Xrw`{=Yu;
zpPT;&E$5zp_ptfPr#qehPt`{U`g!VAq@Q^B#=nN&3XK^wqV&hRxd{DHttIb`6<^1v
zaic-WA>1?Cf&~sMGtnvU(6k|3WdjySkQxNfiCAUr8D4eilVVs2Z%m=XwwSRTbKa|4
zm%?fJ8z^f@UPfiJD+#(=2)(Yv2+ZI<_$5K-D`V-Gn(x6I`_I?d`^kl2A_|sd9P6@m
zy6b&i%)9{O0zB0Ts9mb^QGDMUUSoX68u6~F%yDs>Vtt{f8vTetv1lkzzB$cDyD#=q
zw-xp6(<p(^t|6Vy><c!r-yDJcxLOyL+Cg+?GP0TE=e^33wJDq~I5)Pliw~^T^)Ge(
zwy@`K`5m)rSfZ>NVH1wi(;Q`YKFjTFmi2y~3oR>+H1$U&JAA(;Jif&M-&2473HVk&
z9|hlsPIVQ&za88a_$K<p;QPlPH2A*W#z2|5#sJ?Z)r%=>&H>+~=g$+qThqG&-#e5j
z`2KK`!FNghIpO=_E1kg?4-Mu#7X{${tz89hpU$VQ0{HF2VE`U`QUmaWvkaE&R~rC)
znR;>gYE8Zghwo?4o+o@=X<dPD{NX70K6`?}H*@tl;hX!XpMvk8XQSZzNpn}>yJApR
z;OjgT2H$UvYw-Q{Gy~<`bq4ruP%mCz*D-wWdFDLfo80*%RrtQ~T@-w?k2Cmwu__wA
z>VC8H59)psxz$LAl#5kiy`w$Fe~P{2z0mbi%{P+2tePdd{_SiwfsvoZcI8!hmJ=Hu
z*WWp9;7@B(G0J-fNs|H@w%g~Z0K%r9^(`*W+|<>1eeWr&&r7}M*IIJ99%!<(`0s^o
z>hoAep?VIVTAkOA3t(;`<+WOU9W6?8BhQ5<2Jc!~n_|p2%IN>)e-D0tYi01W*P=dt
zy?XH8j2WH*h1LfXILyxJx*XpvPJ6eh2hR0wH`2QWdeh8L;H0fe*-8WOHIMgb;P<H9
ztyg6Bj9u10PxC)za39zKtey^Ai_aPUT>^j)yoXS{xklHfEXupbc&>6cswop|BItqk
z|KFbre)|M8GS?`VcLK%I76!$DFU2TNY5CXGoXU90vS@vn)nAk^LMu7O5M0Knw&cPt
zoka{_hX|Li@8A%D0C-2gP7$}7ndeUL2VlLgvkdttBh(>2@*kmk%W_<>SRe<Dr3QEn
zd#N+|P_{Gvcl_MKU{*5&*+<nOdxIcf!QR@0GNB-C1i>$gUpOTno5EjT?0CsUX`gaM
zCyTZGM>g`+)v7@;tbV0asuiUT%?^{r-50T?B<>Un@5T82<(<uVzF`SWWYC{?N2U?_
z*rYpmDo9!B!WJ)v-p4zt*BfeFOW*=go@g;Nr1#ycxqR=7!p{{ibS{q<<e_1E)ctis
zxq`~ID3GtDN?N&1=U#%p|G)q->T{K!IHipuz}}nKGLCx7px&yXx8pcL>d}}Y&oI9}
zKQX^8Ye-*s_OT3oeq?-qvGLsVOH}9g+-H&Vt7N@Rq~1dF>lQIT7`OZLq%Sc4a{q#p
ziQ)C!vHp^v=SO!+Yn@UJ8AjQyS%iRk`^fVvEk7XE#PmLpQC44QK?X&o0_zJC*auIV
z8l7~dhWQ5;X27K^p&mW$(PViCP+6e>*NWl)4CedSw>$a%#k{Ec{!K_T=JBJTg~N(_
z3d`lvHU(d4L7FkpqJBaed$XW&&8Lz0PUT7$gM>3T^vn!Pcs_U*YCtubl_eIM&2!JI
zvnjFsbj(7B_Imqn;COt+RP_k2vVrA{B8~bi8!HXRLcSC`l!l9eS0Ud^(Yug>j#x$Y
z)`*JgXkEmL)UAe+>KO7495qLjHj6%gyeO>^eM&-+eT_rf>?q%lo;_>Pv&R?d|FD+)
zA1vtq&_wQGCgbV;mV(L#*Wi-{{3pALOtoVANzwPM`I_7@sjiFy?~TE-g7hr~(k}NN
z?Nq-3+PnJ{nbwHp{p7O-mLYZ@Zc60ry91L^hFt#z0->%*o(WU-eP^B`jmex`pP$J}
ztjh~5PHCRSu)LGyg_)Mg(oLC`_e_S%#?tGQiH$KL3nGc|afsjAt7#b$(58oL5Mxqp
zzPRilB~HmWxBEm!r27Q=PC4Z%0Oc*BFQB<k6xnw<q%Dr}ZxPD75z4h4dYK%LV@`Nc
zJ`^VlU~eQSw-=eV7o~5+DvFbGvvXWS9o~D;hvG+vbWDXZzx_z%QFkw+cgdUf>VPfG
zd#Y?bdMjO%g(d5q(ioE<-DI-7Yf=%GB|qpQe1vnuN9X`P#Q>j@e-A#JV}CaIJpU!Z
zr}(GgqvoUHmlwv%ywf}ChiAtDr^&YA0fEIBI7mKa=tSM$#8u_n21-s_8vM6mVd}#s
zJQlynHUOWj*zM-=w9<n1RYK;}irskjq^G#5SDK$}VEM?hZRHDX1GuOskg9(DQ3_?G
zS__RM>aqW4;-}_5Z#;Rrjf;q%QhMe6yYW+HJNR?NPpR;h;{n!H&vXISs{z*N*`5af
z5!fp*Ke+N^xATN}#S>kCc;j*g@oCUl-A^gsU<CiiH^|eir|7M+{4Ppm#%jRhM)eoG
zAo)c3et}ONsFT<l;qwryKTPDchQ0ucpI8h#QHjprn^Xo*o?8uNQBIr8XY-+M$k|(o
zv&R`}YCVW3jHWghnQFxJ)1vPH&{TpIIs3K9+1C|Fn?sy^9kh2}DVjDRXD5HHWhl|x
zoLItlzQw^Wzuv6YdZduvodDcCLKV!x*}}qn^=tkg6Aek5P@cl_32CRyOpB5ywpLcp
z=b2XX+a0`m6~st9E@xKd_m=7*t1erblH9^Y+aZ2K=d*;uyBJ=4!)YP+T1j!(PE#XF
ziZeywwnJ*ubC(q7k0f&XJ0VGYmDHI=!aq4%bs9)hW`4zU{+oj=?@|1c2A2OwZU_d_
z10lV5&pyrkk?%i6g5vD=4d#!_)r-^K@7O<uh4+HIKprYT2+|mvAP;P=H3Rayk{nnx
z8i?`&|1)tMC+(!S=bv~KbLD!SD6THCl@q+6hu~W1C&BS4Zqr!8!aLiR73f>GlsXZE
z_2{hUsk4f?8+mVj9CC_pTbG$YY<-#f7%%6KI4gKs&HQ6%{00eY&c~UdEUkFEl?6Pv
z;3??PLMr-1N%!!QxA%w3GPz)J79I?jV<z~Dz1`GXqxOB8$te}^g#Va{jb!X<_e6Yy
zOk4Rw_>{9-sAGx@VZGk~y*s_J{!ej`9M<hG<Z+zxC3IW<kQtvL@!P~6;VX8>;9HFP
z=Gu!n|F)RuVQ12?Y_ja(99G+`;w<#B!m1Cw=M5Tq3=Hkh>|p-=prc8$d4wQ?l6A8p
zl)~CO@o;c9o*in=61ep2NYQC?);r=E8#bwzO9V{Bz|px4{Je=ob%%}855w=7=s!WE
zh>0gY#YZc5^A+!NT!_N5l>1I{loaa^T<FdCiUlzSfQH`6!rtnEPYeL{O90S?@H*tl
z9QmFj3(f_wp5Xxd`(LT+(||w0O|0i9vFE|q^981;UigZ!aFI=r*L%5x^>WzIi-^5^
zT|n;x+hPXR2rqxojLY0S<zmFy-ggb>uu3_hf&bSgBW~o7zvYS$#@4_ye8nMT_}<vZ
z?U%qf{v)QaCI|jPli(Y0612z&5Zu^utXYAp^(!ifHo@EiBMr~L%AVi28J`~?_Pj-V
zXoQZ4QCRHi4zJb^rWuHbFFAJ(hh9Xvzl|{nzB27>FzD~61J9(7JDiRC+=`*_1o337
zfPndAP0X^B7G(!Z3v&|t-qaD4kN*ktm?pkbr9xSK(V#VqWAn(diT?oGwgv_h+g5*T
zy!)^Fev)@zcQBE%bWNWa#~ELG1UgC$L(9Od;q-RUaag|dP*V<?65I5j!Hl!s*luME
zglfhMdUleW4Yb?eMlOLTVD1S@3A8R>K+ECkwNhWsQBQxA$pupB*;Ke^xRdul21ll}
z(BK~EB=B%(RdZZ}A~7(p=we)^q{|Wa0z)Hjr?cBdw}(#}qsZ8{$!7Z|nx8`m<m!#9
zMstIS?fnqgRte>aR%dOzE8U;L`G3K@@K(lmzBL|IQ*ZTD#0{`D?!lkYfoPh?T-{Ed
z3nT_8Kit}ihM>MB_CIhc$im7V$&VvL-!J|io*yPEesUYr$#HP<(a1mn?T5da&}YGg
z-&<$kHoXP+!92zgrEMq?TWi~b(Z<w#c02-rT%=%k7UapP%7r^j#6I`Y4z$oV3zgaa
zC^G47Kn4mHrv<LF@AkK2<sa2KnIwVN*OD)CAJsjXU3`)*@|7dIF{yIO45M@MRGi3t
zin4ZPGvzeJ+;rW$ajMtEkW**1l-<XaE6<!o0mR;{^lvaz$`Z0NsFaQGYOBE{eN&OL
z?^7^-@0tB(PO8N>Dr0*p8mq2TjfEQBt2SPp6R>8-o*o|AEQ8D%XwA^I&1g}$NfU+1
z+Oe<$Ye(n8@Z6Tcx-e|&f-s!jsW99xLKt4_>W;#&r`i&T6}`yu<ctDzh6cG9<0>0r
zdC85{zP3m@9xR?~$czIT*D-Wr{_G^CFk_cfJ9&61lglF6>L_BXRQd}IW3<k1wVVw`
z`tG{!_YbAO*HMGt&t&+pa!hv+kJtRT3DYNEu3i0XC<@I=GRtBtFn7nb-6<=w9U6Vs
zgCxv)rA}+2ya-*`cSm~*f51fx=zQh-Tt_~{@1fYzQ5>pw)V=Sqsb#G!zzL_&gfWE)
zP3<x^wLe3n&-$uU8?H_*OKJaMQ!ol>73&#)>Kl`XiMr6GHI%4}@+Nx5ws*^mE{Nu*
zixCCUw$jCO7eqU)#={CqDbTJz5EU@ns5cmo4faJfIH)&B#|B?TH8`U((kz9;2H#^M
zwo#b5X>1@ha8V#xFCo@=a#Juc5bs=pf3DIKcyGfS83zC4X<K;?Bh`9DBG)xPo>kKT
zXK&?IrZjx3rn97NWk)R^z0sk+C3-5MPW%!o1V(MSYC8E`qF#wE;lT2i0?SkWyb8IU
zdw`>S(FL6AB3-LgGETEBm)DvZ8x-LA$ciQ~b4mz|wuCHKS&@8u4l_Uh{shVabxtV_
zNf)mRQl?Gk<yK~@bwew31NE#baY{2RNR*h)sYv=Bqp(qqi1|7Z2G6vql|yFQtbtyl
zv{k@F`RER%-1a=CWxmOl0rT$#cy~n%#+JiS@@yMcmE$YYP?nayFB<l}Q`#r^T4MzM
z(@mZe<4ovxv`9@b9ms-451)M)MdKxxkgMWsTbk&-*+RNmU}U8IdoOuJ9#P(G+623_
zLN8ip5gu+UC+RwwvYyVolo$v3vzqwj#inMT#XYjQ#^U}=l&N^hAz{RQIfCz4j35`M
z2_wem+_~*F`LdOQPl>s+8o%Y%EPOh^!y~R94tT^oy4bw%VHi*_DS?YZ{%I00%<5J)
z5OmebFTallo0!+U+Tz}a`v4p5UUjrdY3M^W;=!CdH?RR4WA1FB0go^Ir~guBLDJtB
zd*Lfm;3{gS=FyYP3zzsU@Kf{_ScF`KuUJVi3pk~tf#Fy`^oVoV5n<SNz%(mvg`P$o
zO!UMKzM_hrXhbZL@32I}X*9xV`FX(UaZGo`=8N!3(%{7}`3+eFltAzQ7QAd7!Ye5p
zUO^1g_Z%&EV&{Pi!|}<4aoR<>U%Fh38~6hkgx&8Yczmsbd~IuUp2>o<b&sa0ekaIt
z(=cpf#G)LW6bKS&qO{35Vqy-PAMD{Vjyqdvs_hGx2cE@z7x<{_ae1zJ^nK=quLfXB
zHXEiIgc*E~l#@jTAYDU4@_B+y;|xbcX@_z*$C7A6d-nk#JuBxP$o5m^-Pvtgbui67
z^yx8_ptK4@m+v6^PL9zjRWHM+x9X0qfX!`wH8S7L3nb&ziqaRzb~4a$AdO${FbNW{
z%<{!?oNI{WE8m~y>QC$2O{lLSAKQe-J-!ytscyWd0eV=L<{ruNBdFy(mF<fu`}u_;
zZDw*FaW=j}GPATDbozQx_#>+xZ3_ZBOYR`WrlWkJty@pGi05oKZ*Ha(u9YOfJ6Y<@
zG?LJ;mqk5Ulyc6yCg#$tRV&T%EVLzai|_USA%@Nr@DlsTV;?!JL9u^f3{%ZgRXvg9
z?fqg0DboB)lRN8+f5IL^nNHX#**;-KNM77e2W0!`ON|=rN}(&~igN{!RM<433bVnd
zk%u<?NT%op%))U2;-eU>!*rta`HJ_tsRa>CwzM%Ow3={zj^=kiDoCL0=`Sc90UAoi
z^VW<aX}|JiatBou_{!ykx$tJ?A9=AO7f<sb6H8?y*)&L+pF|?EJRY$AmpNEj+IK8L
z80oUjwFiatZ72CTW;@8W%xnk3>KYVQeFdO5WT0@nMl>B4(?Mk3Z@wni24w#yXjb4A
zP{8#SNNe1?$}m1ZR``A}hfh`)pmOmRLdDcBU@imTk%8wU;=yCo(inR|@apxPYNd-@
zUx%cK(oW@%F)D;nnPd(IzrUJHD=SM3rWNK>!0Hc~s3M$z2kQB-B2GC+O-Vg848iSd
z75jm<AV@K?v6X8VAa@?;>Pfj!u935qKx)`?n1)(7(#EPe!Nl_U<#}dNj%U?J+3LZ}
zL0s347_FVRn-7FZ1`7<%LFwekVPq-n+0;&-C8^&35(sQfLNK;(X&wVn?~k9!)asAy
zCFmmD-uXM|T0L}NML@M+EJ1bVv?!<oJaRZnG2_Za-dQ5%?sW|=lG+1_gx^?fJ$H}G
zD#}+Qduvqlu^h&z<34yW6h)@pw<L1WA&px8AphfNQ0YY+Q)3o^SjIxNqPRF4rKW+g
z(Z~OA4t*Wu#UiOr4Yx#%U6fH&hrjCK)<9i>Ah|uHnWLy?$bR`6F}K;skQ;H!uUZht
zIWWbs_tM@Ejw2}!g{rO{IibM0y%+`7{aT&G<5>LaJ>vbD=Q>Ra-&H_!c&T~ZPbb)!
z7!`(iQIO@~P5x95LabLloTnaUopX4s|NAmK%z7Lep99`Nxd82rsAgkf$SDQ|9o-Ki
z6m;@Ph*Z$&AXrUQQ)J)Oxq`m&@L<Zr5T2$+%Q9d?9(J<Gv`tKJ$J8v><c`U54R?6&
z#uMOg98v%j^zi&5BaHb4{)#GkAI$jz{KP541Pe8G>rM$wCY3$>vg=CR8ZDgbGNi}H
zZ)Nnz+?+0dGemyu98p`$;67mRg^`u%_{W~46N5zgRl~W5qq)$O#!{j?rHyE3$$Y9U
z=-*+&#QStB$mzG9dIN5?ar&)x{T494>~Gpw(F^rv&rp|ZUxZuTLtVy)ZVmh++=>m|
ziV5AC&;Ykgp<BNU-D-UnZWV`a-5$DC^eWsc4c&5wZr%14+?t0L3YNAK#K=@khig%r
z&NnfU!=ko-^`FrGLH+rB$)^lj))r*e&ODlR=nm!^$4E62<-*s)f9C--PiieEzl41x
z39^_L_-*L&>wnZPX9X6AE_=ViA_hp~7anY;3bx0TzkLqh(3tiNZOp|MHYHFDTTs*5
z8Ho;|-u5ol20<&Yv^wAl-5dFwb}vJhNh5mNA8PG>Rf9whJE1@Kpuc@f>)6UKZ(@g`
zksV_snniy^l&Tf;TGUoo;{sVlvbY0-{gnVijuw=8PEz{q4N77ID*L@BzsjsKX{_dX
z$_SQN(TeHd(wKQmx!~^<s;%@`#j7>3xK()NkiFVbzPMX=m?QsOHJe{>s!xdW2b~dV
zK5~r%zIoem<eN8y_-2WdohJuj%&TwjsV1OC``T#%H|P>(rts8~4|hg57fz<$E)Ml(
zi}r=KDsOy<zR=-}_*VUBSAx4##9NOCPl2(hBHAF`PHnE$>?Nmbn3d$|=M4_g->DZL
zdj6;DL2S@sB-;cEe^ln5ZDaL0PP7NB@@;Vy)fm4>Mu{}Of{|p9ERM`u!a>Ev3xJD!
z29gjUbY%nogoNzsbC$6v$QQ|rn0>*%n=IUcVd{Bvkra>jsPL<_$RY%5h0=9oV8~t1
zd-F-&qms^E=P;@c?UYSLqZe7-tBd5JMZ*q<QYqolafQhoQKz9<@NC064Oa@%DIxbX
z|LEh$^-RsY2U#>oD5y(W`3j0J_Ks;|bE;ET?MsAD5IXCoV0i|RUKS;>fKlWvf84t%
zs29f(*FjTLBUOSyKZ7FaGI|xnKeYtHL?-kBXhI<ITWN_m<76J0N8dN<^QoLm5Iw35
zzSt9Z62}_*PP1BQP<gt!O)KFg-GpZfdxF<m)p!dQ{Y}Ee5s;phxJF=am_`rNOl1W|
zhVY?Cx<v5gSuB_@FpVChb}Uc6v`3j8Xb-Z4f}|9y{Y`9a3u;Z!?tCS*(rd1Og0V!c
zx$<DhCOg1H$G??ROsf87Z&n&tm?@_t%PdixLs86FM&|i$npqdGdTNN~X5pRLX4MSr
zl;>NVqvr#tauIg2RUEcGqG*RgnA#@z+F}Gx8)%#grgL+8vok_PJH*@#PQLKCU{aj?
z_~V#A@h;M}Cwa&Gi11N9-jm4Gby7rZ0mOu43a#I&9^*Xq4O)B-2$c;4L`-0{UCCaP
z2xw;>P0EK%-Vl8R$zg$OCoz!~DJS;bYLAQG2~-33*!KN6I^*g%Zw3G4C#vl>UaD0}
z-{U!HhyQO_?FP%)5bC)vimGR$*X~JExVO<ayCkPbzPd=hAMo^tqG4x6-`N;I<wd`M
zZFRzmmm~8>035#KNKiPY?E3~lQCaOCjONA7is(6Og4KKAYgUs_Rae&kjpG6->^D`y
zt6}Q7GWad#QWaNz(u92cg8IY`Yf1qeHU!3Xde(PoP|FH=^S^*s4y2!B9f?CYWkeDd
za2z`dzYoIiNGy%YUsf~a;5SdDaDgFMok}mP)8k&Punu=GD@7+frE}68B`}v=9Qjm=
zq24*GF^Mq?6zt!kBo_cOEuRoAw%uZ4HFvy;r(Vc3))hXiykb%7j3VG9pSGKze^Wsf
z$s@`iVp+K*D@r!J8fKC61y7QWH3aqV-f0U)or6>y;OO{a@sV+OG_j8}9!-4Bv8qyM
zdYp3-?=EGNnAP3TL<nzl_F2|uX56{kC^BoqB_NE}gqj)J%mjf1#Nvh*GbzCfY8Wfy
zU~^Fx@1`TAdJpKZNlac=es?-f6#?$XyP<As!*<(4Oq$4j7k1BG`p&uTW41Nk_9W9^
zZhTT-?Np^7_6Ii$o>cwmjp~dwY{dspILC^Atgraxzl&J$tF4j1w(6MgzxGiErk%Zw
zpbTsB&daPxT;HI2-um|Ybl!>=kM{|(Dw3;}<zuxjs0QxN@LqDZvtE{7(8+AxdxAAO
zV~tu^L#wu@S*zI8PP)oi%NlJ;?5wLAiM5(^(K%nA{~c>mcwrPG8Cvyug|#vzu;OMG
zCfF-a)$pAD2<~F<zQu?p%;zsDtTW_Bd51gWMyvu+ys`zv(?BSmZ{`YyWoMV1v!0#j
z`&1T5L%GCQ){yOjv`#6xw~aDo^tUn5mo@>($Fi47twmBxk#t<CVb(LCjolBEJB=kf
z)8J`C)|#Bkql-#eCzOQ4DV-{?SED6uY7-`4Fu4jG<kn%xrxdeNx5tgLC0@c&)J|9r
zQWN%YK@%2TTb-Z#qkA3dxvJ?X@%l%G<H_*og_n})NRK*Uif*b=$<XV4GV&^49Lu=`
zG%Dpe<a^BwkRRXBl@Lt65>-uY>1ZEu%C}}X_|$&7!C{TKQZqOJ9k(1HlfxSLB1#R?
zE|IzC3-YZwMX(;e#`q#>kLWv=P-Jia>D;Ej+K!foJ>+{n(r9@&Q-Im_(DHD&$n=Al
z{<Y{kXuc*lAq{=c=b+`G%^@|0`JN9%6NP6r%WC>&QRQw|0@|Xf7HECIEO_eE1bG~D
zmYrdI<sdW~`}D!i_s$)f456gI1$*b(c3sb~DF0Z_khbt~-5-?sBg^A8n+B*@<%=!w
zQJYp<e#Yc}5KSBZxCTudrh<xUS3YWUi&aFVguWXA!-K_H%ylE@Mb+%VTsJ^*)4j@E
z1K|Fb85eVbe(;5VQMZq5goc4$aBbUogWty{jNqWu59iExHJACYqdu2W#`2O2YWi#V
zm7soxf{##i4$n@WffuuM4@u-Elt)Uy>y)Bg4MKWuYa$wF7R}TXkf%|~3fi1oHv;+A
zqJUO{0_N=~PYWn37HbK*2k7*7zWKQY6fS2()_?dkk<zc^==s1ioD?tfKhFoAL0(J|
z;}ybqdZBJTzy?rru7Q!VfVHpJFqh+lkI}A6`&}P)?EdS%TvRXEbj4#ST-pES_5GlM
z*7uLMb+o=!Kll1>|M=%!-#b3;^7@`#&DPiasJ_0ZQrP-FoZ9jF?yT%^eINe5oYTq^
z{2WW%u!)xV;~AkP2F^qW1aayC!2o@?ahM_w2;vOq1G#EZfVr4F?e0>_UV~nGb5WrV
ztPew$S<%SSVf~r^5x%^!;^)Pet5$S~FAuLOH>!FlTOItS3#S(EM)@c`tZrg+m789N
zP3%6li6OEr>CKQW`J#@IZMKI=`_S~-RSZ>c@cgg9zh7=3{2P7Ce-{4&Gs5w2_qv}S
z|1SCP=f%Gdmv<HaX72tU;@{VQ4#&TQ3mN`Bdtt};_kFpJf17;_|8|xe@Gne1m@i1{
zrLRckBuyskzg=Wy!+OHO52uIfsA$nuPU(c?M?21&2hiMhlWhhjYrg}RwV2BBq5ZSK
zevr_|xSsKBIai73AeH;AD+QKwC@tqWgv}mxHMgC!x{3dNTuo34aKJJrRV}5%L3O}E
z|NeL#RyTR@{luv1Ca~AdkM<+CD2df<4SO$Ex4TBAM=xerdAb)D-3>H7vdDNoji=J0
zv__CNcQNbQf`4dP*I2$UxiE)cUXHSPEuOzKJB2s)?P+QfuqhVIkE<mg>8bqwy+ked
zjA!iaJ32EsE^eR<7?{04s#i|@ktqi^>K)*C=wRt@d572Zg{b`dEcZdBHl4+m@X&ig
z<LQR{bKck+riJpC;W3&2Uy0BSTDox_!D|tU)BRiED&^l`b{PPkjAe)8XkEz5;ylv!
z+`PS06<<x;)AWa^v^@{~jRB?iL*e;mqUMu&Ui0~KTUX{YBYHkZm$CU&F8qo4q@CA%
z#&&5wn_iBZ&&}$5eq0bSA0cu=8Rs>jx4-JjgvLcr=!-Ylgk~;a^{~!4pRDtmPya5>
z=O4e1n$H+@K3jhqHlLH>lgT-+$vnBWE0Y-<J(+*}Rn`B08=227Vm^82HJ{*?uFU7@
zm!jq~NS)7z4@T#gi(D_^yrwj}OH&HI7&WCOe_>OyJ@^y&Q+!_Y`MRMi^O+MppR=#C
z`8+#6Y(DE@Ly4SG$$8CaQkQ1*%?nX8x=Wo=H<(e`(ojC46S#+`8K+bvtqB&-IImf~
zzqu>3DvX}h*4NmqW<StDel;?~YI|@P%+7Ci7j<cNfBRk3?5<R2x8eTC{4?tO))z=V
zhqR`H8O}Pt{C}IeGQ;@j89w`}n*Z<q4&it1`OQ7Q{Er*EGQT^XkIw)2XEpz$`&{;R
zka&L-hP8>(_ju$fdd~LZmkc$l1v1W1B*|Yfq{4f*#VAjD4z^G7CcGwiC$<Xmb(Tr;
znAe)en=JYK@<J0|iE@{tx!S^4ev5*&JU&g7HW!T$azvj$rr^&1!`_>RM^R;s!`(?I
zX+ofavIJxa7$JcGiNKI1Yz+xiK{bn_prE2?L`6mE78HbNr$@`8kr~199i2tT8J*2>
zdl~mhCy)Rto5~_Chyv9VOCXXoOVYn{&b?J#-Dw!-d%pL1pWpX<e~6u`TX#A4+_T-Y
zY(ZyqETkhT=RAXEz|*7f^h@^CR*nGx<*t1~a0Gcg)i_zrPmeky*Q3;X20a2FoJ@7!
zb&}lMm2;A^-R;ta)k`Vwbd99cyIo-+m=AxF(-huM(q#TblYu|bg+7o?SMIZ65@+Q>
zQ%WT0o=tBb_UlnX^c0@B?+UXgtZQ8eqOVujNnP{$GiI+JqqG)_7LZgi7v1v9?%Gbv
zLr49G$x)w8-<<EGE5iRoRfW;>GIfHZOufY+t4;vNOaRATA^3!ifx|n~t={FZEPSO6
z7rvD`(jFbAKY*=#gDwWJT^{8mL1-Z0kX}aqsq|1UQKvZErJ_R?<QhqkH|c^p8y?KS
z2lb*LhuC!WY_=;Ebft&WkfPhLf~s=4q-1#TvaLZ>FBdjEVjtgB@AO?KsRHFiTi6B_
zLO7+0wX!O~^R1piGdVJB#pmU&(4&P|@D6nv?7+K6?@96!KH!~t8_QI;qpWm-V?~%o
zn@IHws{t=dnkK`bjR}KV5RZ=^H{|9OHCQ=dSp@sQ4!l>X*Eka7_tM#pM>|>@`HoAj
z`X%|2G7dCEoSkL;LSQBUI@}EEu!%3Mx{B`tUh1`o1z*R`U$(G@@KkB_1e%1vFQJJ(
zkZm~II89g`gszMY2XtHpe}*5XB9P4<AO)?`&Jzj#3Tjp(tDb`K1~=0Qu8TgXiT;*$
zD@LJfP{B7a>qso#LxBB+&4gwVn5h^#hg7P#N$W@7)<-0Nt8>*}Bc~Ww0OR%bYsKJ%
zs2I}5$w5bo6x}TCi~wRtt_EREkZee&^xhobrvx1yJ7Mvc)0EEJB{+Pp>PPRM9_-u>
zU*WCEG<Dt{=QMTJ9zZ^zG;U$TT)S^%Q?1iiBdIq6qVJXmErAU_kt(Tk;m>d7LCZ_r
zcYVV)*hGJqzT%hq^YEGXS+{y4AopCyipTV)nriI6A)>#gRor<_bnWo<6N8;GJYWx~
zRh{d_prf3^KiZr5-W+>GSHsFjuoPo-GcHoJ@4#O>BeLqKCt?7^P_p~V+!$B1%>#r0
zPLF}%4B<ca47#C&W1bY!0SP~2NVs#wZ}cmy_czdoH?v$70nsJLib@Q=P_pWIR;9%H
zm+byj`NEA}f04Q;ut<(wWQu-2o=&DrX+@`{QxaLM<L)2PKP5Qg=7$Sy<$<X1<Oke7
zhZn~0y@qM@Q{E@%gF9F9cu>^qdwhuj|ABXi{4I8h{yHaPL8rE*vkJ9crrd5i+}CSI
z_odt1(fTrFMV<rMmxJp0evwXz=!0E`c89ih-u5GC8{MQVGFwJ9)ol6W0!y#!_NB)z
zv$bboX#IA>aq+!3aqg4eqq+a}QFHE5?dE+Knfr)s#wcs7qYQ}~rDz+kZ>#<IF1cM;
zt8rPf&g_1dIZ@c|>lU-8%IeZ=H2>X;=2UeYMZ$6OU$T16Kh6G^Dyma+;>|ZPKY%x0
z>R>VUS?)9cm*&$q*?eY*!L$P+89XXi^|E2;$7H9vG>3WiMQ7&Bq4ZK$m0`xHGUGm$
z`=Lb9(`;)~51wTUeS;REO#o{w3SxbTnTJC;K&fRV!mmqXsqwA(Gu5B5y^}}%hZ&Fi
z)%_HS?Y~#Ik=Q0Y$0W8d@3Gp$%zUtoJeXHM)5FLjBj<JGtNht3f~{?KfHoe#PD`@a
zM>bt@o?ozJuN~Mt*++)Q&~v|HGcAIdn)y62EA2z<^x(|WwU_=R{AZBUHvSaIEmzw>
z&dKNV`@604;T!mV$$z+kxBjGQ{P<LxX*~8Un@0D$E%s|OA9#FTi)>T~)a#u*{Y9Pj
zcIp0TEQc@U1V;}yZQdUl6m!~4-<l4<m(ymiuP_sZudN-|wqDor+DkfSzs|P5Bdk(?
zIquD??9Gn~tv}aXe~$LpdLvMM=}cCCOSsFDT<bRe@Z3TxekY#4#J@3rs^y7|1WW<F
z`kC`z^gHY8@r)iYHi#kz7Ww0Dg3+1z5^=zMO2>zOx;&qnr5ZEUo7TGBfeE3$of}^H
zn+~@4{?TF^ej*Yz^3~Db88P`iG2X}I$LLNT$B1*{8F5^+0kL0FQ-WjeE*x*u4t<aS
zIY7q0PT5W{ucVqb8y-=5zTk*A9w_9Y0l=d_L_Rm`E#h-49t6JClk@0@b|vL=*_x-`
z;L(4YXW?^`c9}dn3->z<JLzQdM75KJNB7vpd9=|osvY^%Xn8r#BAvHv*qM$M$Maz7
zv9?#3y;d(8X!|IYx81nY%4zHB(rsayeQ?apg8&|1ypQnk2?-Gg>frJ47QpiB#RwLv
z)fs)S2Ej7sO#;gu513$yYPamX2v~krXH4pv2P_L13hm<-db7FERO{q3;wIm&j%U`>
zK7C_HG%TU+6+0I1zQKfp@9!Xg+PHXxS6PBvGW0iVq3(FAHVdyYquSf_2YS@==$~LY
z6{e!Ku!PzZOYp&B!lJkHX3+oF<%v9F;)2`k0HG!Mh*dg&cK|;A7w#*F`+uks7-nG3
z_MEx=!bAwX-4&ID>ugj+Q&g81iLTk25O|fkm{`PW#|3tIJ7}SQ?1%=cy$+Bd+K>Nl
zJJr`*k%q|@SWkb1p2k-l7pfMKK5optiWiKk%3H>#p2Md{e*>tN^=6sVo^!D8=s7RM
zn8SQgRNf0c<!Sd6R!EJ!oXHaw`@}cek)iF|uHTQ;OvJ_CWG;R>x@;(vTBw;0fR=T8
znvHda`7Ebk%}jU)-#0EuOH$+U&K$nxOb1)b3%PAUpYJEo%fW>>`Y3bs7s)Ybk!AEX
ze2|5p@`~zgO)Bl2=j%?kn;{v@Nxk$n+y$YkH~d|EJlrp%?Rf7zo_wqC>ulX>b92o-
zM-va*>fL{Dv(-x;v267%o%ym~rwu@E3~R5vlI`Qum$jW!-s4HYKe9_A_=C4uz`t0E
zf!}*uGVpik!spTRG6w!$eQcB@nJQgAMbR}ZffVJA$__u5O5SyBuv|VEO@4`GuQT8U
zb-Sq(>$VOswDSGU$Pm1<xb(rYSLLw02-o#)kLj>V)J1tYEV0@NEfnN&aGULxNrmlf
zQYafJN24=x!a9#%cTyPu{8&3&)kI~~Fur`N)5eR6;8eB0K5K-BeOHxfGqYH+?_M*%
z^Oj)JmEXP+!OZoA`1{}^EOR|aEw+l%>os3T-1GL@!N1a;rxYJ=3+Gv#5i^bpfiX@5
z#6|+dG|Q~In6sMNc2?r!Y*uZ$9oCI^dpLuYU7T;{aWQ4;>+4{Q@<0=oX4_21{e`?a
zXsBD0gXuF>o`7>9eQ}p2s|y!Xz3P1Gs!?p-?|$3vCiK&<@VJ`Y!Y?;cz)G|l({cJE
zcA=^S+D=u=S|XT*-*unn+aszUur8IO+RncqKzy~~P8pcf^LThwy3J;6Zs*laQ5b-B
z=-1BJ^U;+}QN1U&E~VBa0kRUy(B+!@2@>VSKd@y(lk%z`guvJ72-Zy`lvI6W0D<im
z{)ZJH4Fthp>yC_d-hU4kkEA4IR8o;U;_#xCX}8>CRK0}*FCwd<q!x2n_PMlSz1i#e
zSk$kQALJaWwxwM)9E(q~ln+>dQe9G_UOSrVTVT-!{w6LMBalMD7^mN%V2qEtSc5U%
z<6cYKF0)pp#w}!ZskN(?#t?pA8V1t%5gM8PIs{2zB?pNK3h3b)C;N|sq&)-4{=1Tc
zq>!z7^Iew&Np7!;gXFSd7XyiiNm2L*;b4cKx_fV2WU74kUcB^FeLXKe)jO}g*i?UW
z{35%zKZ|y6_&;g)ZtQH`z3V&wTj+OYOL}%;@+Do(=Dd30C71Nl6&GL9y5fs1>Bb*p
z(APeFQoxFP;SBhQGp_fRPz_D2$1~5u!fw5cScjL0|KXf?iKW_RQf%)P#6q~V5?oDk
z2+u@#otc901A49XeweZl_B68)^5^LfvqXgd<brCQU`<50j>|R=YTB5)InSWzO&FDC
zqI`>IWM+59UQv(mzmG5MLf~@xavh0-O%v?7SX+ub<65<yC6onc0KOLaYau`}Q$~~5
zsEJVZDLiBlm4j*bRutOa9mvMj7U|Jw__sFZla<qjZB*w9wo$o=70Z$eWxRrBF8ko@
z9jwZ&Mt^>g$5bJU$cBK$_Sz@?**<666ZiSxQHHwgTMHNQc4FlD4I5Qk4But}37a5{
zyw_&kVSET9?zO_=@ntR4|K5b75nzr^42IaCny+(*EeX;<uRE;07V=(qB=$NJdUgM|
z-R#i%?i<0Fx%Fwcju!FQ`r`BU>_tw(i>h|*=uqGC79Hw`J6I33uLH}4D5}t8nP&6$
zaR;YGi>pOf$lF~~XKiu<rxex8ME@h2%@@|4!0q%*S!s}64aiH~l|R^vkIO1!+Oo>H
zG}m54l`(7L$UQJYD*kwo09am9`HspsorzZi7@9cmu;7*RQg~(OEbO-aad?$;QM~fz
zF}%uYgI7Ho7+xhpFK}z7<($o=g!$$6SK$a1+hZGyg2KWP>=bpe^W`vVn0D*!KXp01
z*$3sf7yiWM{PD_*E$96sj2z;dFjko^%lrc}QTX2`0{Y9DZKd;{KZF`Xy&Rk$uc2UD
z42zEm=*O;4)KI!{1?9ywY<pPy^@~hF`9&HjDC^TW;If&uLssv|H-Lv%Sm!q|;5ArI
z4L+~Mh))D2E0o<qT)?Vn=UU_j4io^Y6_|b52Yu*+)eM-#hfVd-P)Kv_>?=G`J=qqt
zU%<AYl0cs(bSX@tU>e&X2iXqD@Hh4`!yQFo7^|(JEfKR?EsNisUWZw{>$3123@+9@
zSH2aA`*Om|G)FE2x6vRAoLqzSVDviQBI&w|Dv|$XV@hPx@7NwGL^7Mgt8Hy@;z6&e
zvBd`bJR?zK+ds>qv3*nuL=ESQ>^3wjnaZ{$gUP&AcX5sRZXkqV6!zU4?8qB47g4!l
z=%8|zg<n5F-!*vvJK|}LcP{xWbuwrRuEpk^<o1tE^NqKX{2X(dd-513{VLU>m}NMa
zVy2uxgRBw?N8oK!Iq=M?O3Dg6;)(Nv3{8w18iu^EJ8Jg&KnGepQ-jJX1-8sG_HB>S
zfeGK9e%|u!2<x{_{%znzm_cH_-vpHD!tx-XRJK@D!rBXfd-~-G50B)t^){uL+iUE$
zramZ8LStquxQW}fCD$e)@Gm+!+1xV35y~}N^L6(q7Xaf>Z|tW1<u{}^b_6`qJM%r!
zhw#lDb2n~b3){lK*o-aoC`WipA@D(xNi{tn*kCq=vP%;Jn9(9uYZK!(G3xnR7lW9A
zV6y9^?-39K2ynac9=$zg?xcyj>&sb^)B1Aa9PYaE?zXsPu>@fLRT^l811U8{6EM#H
ze?z0X%dM7Y2gRsc@nq{GV>Jlzle+QUZDC4n;vW<FE4CgMGr?a?c|(9(hRU&Wz|&Y@
z00WqVZ!-+2d@yN>+mRIR&)dwyHdkRLhkvv2f4DNq#-HfVHXhS{gs-)mGVz}l8ZvRu
znYcmxY;JRKbIJxAJDb}&w51C-E*4lxMM9Y6CTW<N9%o3jpvz^5C>7dc&oiR)TOzF^
zo;s0diwXKn2G+iQZg*5R9@1L0QJ14(W_;xtLa1XaVD!gY*^uZHgfe_4&UFH`(@C1&
z+!Ik_liq<Hr*~JNPH?<!NbLkW)`G{%>S*n>n4OEaSlN5QI+og-Su~V-?VW&w8#``Z
zA+&+dsQU$GLnio?n(%o#^<wZL15BBA>#yk`l>%&f9!&z9(64rzc!A5bx3igzw9l6d
zuzK9vtreCXoxvzvHcFaE<j{3Roj6CGI$sQZmn*gli5U01j;zXB<svvWm@v8cxB=p-
z->~e@J^#$~LSR~MbrL%b)3U?BX(<2mtMnFgJjMjfck!T^>4obZdF<qs<rzoMYJjw!
zzm+=90J?pJbxYn-s8Q3Xa$a`$vHz!CmxOuO@~e~;DXv@n`uKDB9ZwXUqwTp54&g5N
z(>&0u7Rb|)qp_okS1PYz!|#u_ZTN#0-!Om;w`&C3>Q`u)pTt3rOkVymFSB>w+O6;Q
z!(U0r(3?l8y9d}OX(`rE>?s$8Sor;BYZY3vyDkyxt{>|TQ?SKv!sir_J|=~||2}Sp
zINx|+zV#ym0I9=I+zYFJ@ki>v=1=r}ecbo8j6}SAJq7;1HirpeIqyz@$-Va&tVMhL
zxg9*S_PN*7VQG{3$}-r(Cc^?Io}mG5Wdl4#3z*F2KRr7fz`v7xc2Tx4537C5zd(I<
zV12Gj==1618}sWUi6nmUc>}dpECNv6dOoqi;L}Efx!9ohX&Uy~Khm(}aj<f;eRzbu
zyDRS99c}hun*|ZI=snQ)2U=TneWocMU3X){l}(AW9Byf*y@_r5wP~{{Y-zIw+q@OF
z3^<v_d*ZBhyr@=z?H+`O?)pi5htk;&O}fMm{Te<9zjU@u?^u1r+Pf2bKYXsuY7Sdw
z`orD0n!`AQ<fmrh;l%IfHyC^N3VuAZf%fd+ACS^4jHfhrz>6*PVp&XFSZYpt5>2~b
z98j9Inb>QGv()SAKhSQkiK7`PC?)P>_v7(9nT4G=jwjB2%}HbK`d!dq)yc#LuN*TP
zY{dr89iwTa(HdsN)-XN(t3Fn2`vrd3K}+oU)`-#bVr+0tB(Xv63DyZ3&omj^bUZ<$
zKk-r$M~DaMVPWjyp!nXdK4A=J$F8nCkvQC)W`hF@p~0LJJb}aqWW&+!0ktShWf|B*
zG#6>t<3r3AtY4$g2v0`UdxG6;f)*=n7&OsW>5u3|Va!S&?uY+08U3I}cnXCy%u5+Y
zTn~SVe|`}g2w@mTLtXd?4MYq!ydQtx6aE~3zl#50^42hF`Y_N(_?wzpCR~m0L`$dI
zb4y@q59o`q%E55Go4!E5HSEV$Jz&C*>dW<q^`*KG-{$I*@qhjGJ54W<xl7p1&oXT$
z{o)qSGX4ijF3?Z5K0?pZi}j&;dMraY%Sg1uNc7if3G=u4^Q3OJgl10d#|OFp`y{Kk
z3Ho<XQj-}PItbxyRyP!;y7HL5j=!MGc)H50M(3IOeC;ncrP*G$&*kxjN$SBd&#YNg
z#zvbrgh|kSP>oaO<%v>o5*fB<V3es-tgl5mNe(X0Vf}F_PzJfN_zs-1p;-;VRQZAT
za0K;oB4Lucl3%<MuE4Y}({5TzGGIH5`|L#iFK^o^5uMgJ54365*Ua~wG)uCkDC81J
zX${{PjDm7iwRbexO}L3{nxm}|O3s_Z?CdJ9UY3JbnRB$Ez1mx9khs3}U4z;{ARnEc
zdn0cv=e&)nQKlA!E3p#d5u`!=fbs9YWk-}0DAb?uh;FBcLt{sD$UFQ5GChg%ouQuO
zg*nXyD2B75iKlcy)HtQ1u)!?)b5@?ykiy?yU|KJRauJ*&!F~5KuLArOiE7p$8(k*m
zSd#hq<^vFmtw6lz>O2la0v6qBzIjD^8%r9fJpp=?o>E-hwjxUsX<!A@7PtQ9(z);+
z<_nyo)M~SDr(Ady=xLIPc>VK<a74P8XK2s;>~P#a(UKywhCjS<BFh7I%|wh>vg9LL
zT=xW$4V!v@zP}|y2>g+-|2&2A^L6(=$kr`Vs%L&pbKBHH!=6IUfxIkKwzjw<qR;Xo
zG&&)$ou1%QO)3Qqr#E8v00h;FAR@S1Shta@7~Y=x1i%&Jua5d~KzaU`FJBBU&j)1p
zX4Ls{u6FI%4QV!<EmbF7Y$ihjfIj>J0<;6jV-Y5gMfCPDK_C*SUiBuq`r)pp19s?t
z!1HCo<FR9CfuvMbKOzALzK}=G4FJKMr?L9ew`klP{EG|heugY&l%Xthp@V?lrr<fH
z6m8Z94q_C9O7F#P%)fsK5p)(|A?7V;ENqL2LI8c~@nhrz?#hq0;C^{~fELe{<H3~<
zTNsH-@$v9ye7gJYbf7Q7<*`=Hs~pV4hTE7cux-3y8r#Nvi4lhJ7qL(SsVik)jO1U;
zF{>Wt#w?;T&?un;TBXs633_s?50$vp>qjFD`tOXkP2WfMptgFsZ!pHew=*kNBNxG)
z(Clk2L`hq3;AhO(`BlHZq=)D0EbZ)Nx1#SOG@tS7OP{>eJo!PcvPt`TKAb#_LNYM^
z?UDltPY;b6xu^aJ--R)_oh&6tE{1^|uMg1+_=6m+A3o@%Gg}H@V(;LEDA{Mmb+hq?
zPVFp+s}}*uiPfzAL*vLrwJb5e0&z0Lw)F$Jixu7%a1NF&DL;tJ3MU62P2^t(wFhpt
zS_X$;aTqGZAR0!D7y~Qk46Kv(f<g?;S-fA*#`E=-ol(o-*QeRAh)>{U=%H#qI}Wlk
zniV5Cto_)ZY&KPB|F96=wJn1T?&Zicm>1<2p~@RhlX;2SgI$sOKr7;1Cw<qIBkw9i
z-t`imo{QQ56S-GO6f>8?b`N-tl4n@Wf4T5Dn;sX%uwZC{ov)W+=ff&g&jS?0?c4CL
zTTK4-$jv+*a&fhuLN&InnHVfo{?uKJpetj{6dT|0M-Po*H2%IZ-P-!M7BP1pCLVRc
zZMuAh_Tv*|j3YAYtSzptecfIgqlbpSBI5|^6Dav21AiKS1gcjSqNkyMd48G@cpt^E
z*qBsbepZ?d&F|jR;d927*i^QkMN_ymqP~yz4jIJyC+Vvu?eyVHn_SR9m$T>#RLQB2
z$WbA1o}t1FlkL#PFGJEJYU`Yg^f=@1TmJq@v`q>`A#hzf;P@8OjtO@Rp<&hB<c@Q0
zbmigno!i4f;wy@I&i%q><DPRb{Jf3loa<W4HAZ1NGg;miH*k8~z%d88ZEXj}G#@nP
zfD{`mN#BC<cHYmKakartyx_;grM-Nkb%ep@2>+dSu@RWrwv)Csz)$pXU4Z{`_^K9M
zV_DVj$u5{46kGgfQ<mVF)+WOHs2}m=4ZE@#ZLIN<kw20m1W*@2Xl$djLA(&ymiq-#
zRqZ!tq7leBufWEtsa4M=FN&($sY3FIc_OdEr@g{oOl2=#sOiUFtl=-Nc5pQ0zBL0y
zi%={YbcGxR7&nW<Fzr`qNs(*DR*=UQ@FJ0|S|=2^aF9Wqc1`||2Dv)<Ao><|W9ZaQ
zfuPGE$`<z>3ce#+qEWshJ7-vSWD_^#2QZ|Npvx~@67G{M^!~9qD3Q<&<8r!q@!1WF
z^`aP7bV97S3oEU?;U~nn$-KOoh4~(+6GF1l)X7oa3IE<Ltl#L%W*&!&{Y(~IzfmN=
z$>5`Si{tGX9%MKD?@^6l&xJr|QmMa1dC;j{i)B;N*J}G6$k}LxLe+o^(Wqrb|Cnvn
zz;2@X=r)TP-dI#APN=i??c=nf_N09=eh9)S!qzuE%_bxJ`jTm1Y`nk~Epg+Gn{Bza
z+GI<1ZS_KLi<n2NLe;!@3#JZVjJH-hE+n(Y8e3rHQxq(^ib*CbenIviWUgv?gmkS)
z`1iI;scdn5*-ee@YV66kDyFfmOrpc&F&!qI+AfVrQV+Flivg(qhc&y;Cv0dpsw3{U
zey^$TMUY?Sw;JiL?*jmaySEw^JcFUCt)@b_Oq+sjP#}w!+TJxf0jX`kY?9jk1dmXE
z_K&$~Ef?IfiDhS71h;JD#w%JV-!K~>d_4?scMD@2Vw^+GmFH>Q9oG`He;;RSeSz6w
zPd`oXUa?u<{lRwW3k!prShwVjv;3~&_t>NFk$4N@(o1!hu(_^tyr=7_r|aW;x;CMH
zCO5}*)4sb7>t{yVT8BrU<)B6?{XVuDc(!e;W7bydvDKGnFKSLrHtl=^0KZ#<(-z{V
zos~FV$Mcr)uEOyyv@!86IBQ5<4s0;%EYcADN_~l$FWsp<HDBNawsJm`u5yN(YPG1{
z!yl%?L%kG*uCv47SFt`6e;*&l1hGTIESh);|6~U?q>{{a!z?+uyYts?@NfUj|Nr8!
z#CmxblgETLpOBoze6J{Sq>NRg6|v)2dotnwPAr2=rK^E@2?_H4Y3;FV1jEB*ED8I6
z;le(7m>9wiV*m@$;Pm>VL@wu9DBzfDO!EII_3?K@Vc?&``L8$W|D&A#*JH)P90}+=
z2=3k-{q`7tDld-m=e}v>RZ&)+0~b}>ht*psMFBsU^y0;ww-u`<V*4qKeob19h&95^
zNG1sQ5q($^+N(}2VkB&^LBi_wt70-g(XjbZgNFU(8Z`dHpYDGm={cxgn)KMC7SeMc
zeoG~8QSjw5^M$cYj+kM{%v5Z!Nek^a1?C(qV3La;E#uPi?1n)$tE7?5umKGYC@?S6
z7PMr>boH3Hu_Dw~Q}^8m+ML@&r+wWJ^4^|I7C{9so=keX>iMj~vGu91Gi4}DkOBcf
zp{J5q@&ESJCBqrtW`}s(Oi-a;jX&Zu`9=s@Uw9jy5H<5ZXKVkM$MZiG!9nb69>C}3
z87F=XZ_pnb#LoOu{#YoASFg&9c;00cWc@a)3Zho!VYL+@I~_9*I)&^M%9|-<+wuST
zZXw%7`3l|qiD-JJ8FpEeI6ix~2krVo+}g!tGkT9);b0z5I6&2<D8pqK$ZNHS^L!0#
zN@Uqf^G%YJCg3pnBBk3DjdYvB8Y=W=C`Dh{VwwO;x#{+gOJknM;n!^O0<>+6Dcepg
zO3=%LR->}0-FPl3qFw&4wut7P0$cyaleqO2v8}(uz@SAqAzy#dUt46Umy5YDwEw<^
zoW`_I%Te_lm*zbJ3uoHxvbiRzT~A$)i*-FV4y!(4coUumSXJFNPbT&Ixc;YjeB07$
zu#`98yYPFh7JM6bBg30LgS#b(CpGF5ZBI_px6#YbCFP8)E}>9<ft#CiJUGV0>;#iz
zK29T_@`-h&6Z)X(+t$ZUzHQ{Tj=pU`y?Ir!E@Xx|f^}Zp4`7+cdUOBswQ;vG8)Y`P
zBT~2=2(Q_3Hp;h|jgq=z=RQA9Xu1M#vj%cQKt3mG14c0fDvA-cg}9N&cAG?P4r2a%
z^v^^S0jF!LbVk?Ka=Mnw7LC^z=#_~rwI?GC<8tFM?!^zHZOfa}bqbKThl{tEK&e8X
zEDn@K51T;AVL%ypD>vL4{z=`E8E(-~MxmI{6(f|gvLu@k%lx)vv2Bf*zXXzy#r1)I
zPZsBB`Epyb*xe+HneaB834elO<R3FJz!Jo|Bf%L_WoAV0OOFc!%*JIt9%@MBZeVwc
zCOn<V@qUi>?o^Vt&$h(GcB9cbv(Y-%C>%Q;IVcM8gVJ?2qrmxE)@*iUULI&lNV!_`
z_3Yu(11)4ZUpv4bFB_P&emXl}qVln@!QHlsiO_)`FUm6!>`*_<Qp<z|p1@jGAyJ9+
zWqbKI_@rqfo|<79m^<fRc=v1b4#7E;?Z?8v0LXi0$Y$d7Rk<xu*Ct;Fb>fUt<N#G`
zQ$Z^r?^&bC=)Nt{upfhO*o{<F+sd6&$C{%(nr<0w5{|a}OB!v|X(4;!jMKzsVqGdf
zYl*@OInP-k4B71K^2p`X4E}&Q_|gS66J`OA%B=GkJ`(0}zCE7@sa80dd;77;ypd&0
zrd@jC(xoqxEZv)*u=MpQiAygofFYl3A6vRuUxVYC@E&ar`qwnepjT5q$$d0ve>rZ{
z`wHQ-!mt9cr5Pd{xMvDKpRr~G2E)i5ab%-T)~W>IIUDamp5yGcWJwdyfK6`ys{9lo
zaG!(CIGg-iv-xJBQ$34}dQihGx!!3_(eV2jd~xD?#yI%Vt4wsQn%CY~-#JI(`hMJ-
zY<<7&*LHoQ?QPaK`$|~fkW33w`S?DDGmRmCXC3ke9P%+Xq^A+Fr7;1i)(vfmHWE@H
zP8B>dz|xB0lJ;V+G+V3*;2E0T`MW@`G@AwfMKHfL?U1Fe%1;#nq&gGc*=@{4=L`pt
z%bf3H78GE?1vuwV_fS1<dRw`ChHbpCep755p`;}`z6i9C+xTl?eKi)<&9MpVLM5Ap
zswruhjgC5%SxDME6kxn)(2HuhS7H5m&>6mWqRnW!Qw$w&;Ce)%lfxeV)Y+z1XO0PQ
zZxa$&T*4DhV+m7ItxFi?WJ}28OBhH|q!VZG+e0!c9>$Da%08{Gv?a>qZ@l!-e$|0N
z=XeHrcg|q)$7AsHN#k3s7NlRQ&MH*x$hg!hN9FNVev^@Gm76o-#KM>(J$^fuPh<@9
z*Q@@PJIHHYCNRV6RaDe<gjeDoeA)#!dy&On=*#=_7vJ+2jm%$u?Hm30i>>^{?lgMw
z^qvC#;tl@dL-yi{4MX^g=lF}4(+Hww<cI0Qi^^4B5+KG*yP8ET&aikz!0Ux9oHT9b
z)l5uTj0TEjX2c1XN%)2M(Sz|a3DdP$+~QY}OzV~C(h|2ido<NceVbQ4)4I<PY)OKy
ztA+#Q!)_-t<mVWM{QVP54LfGVAL(RTwiKLRB;kz@-4Kkl^BaQw<h()=)0?z&_p+OU
zcT<e>2V%0}qF>>}4W$qpp(+Ihx8J3-WfrrC!TH^mmPpWle-%9bXIdL_<Qxdkf7hn@
zV?B}nw{0E<t{GmOX3`F+yOnm74uQAV&{t$vt)iPye)v}NKa9p}=CJ5HmZrc0+tUs*
z)|IayW8IG#R%2a5h5?wWm$=j_Ud48LS`k;pMb(~=p(4o2L&nr>?bhR&6r+WY6L-JM
zn=DET--R#0S$N&fXhfGdGPjv?pu@WujX;4$*kI)dg|HQ9=U*Qx3JC$^SVZTl&@=Gj
zXMR#Hoq2DkHs>9k2HIfaUjSOPvBg_B`CK20O<~^%*pcegi@d!Dapk2{9(ur^QUxz<
z2EHm`cQ)@1WQFn2!tmZcXs$iG2t9m93>jKTAXw1Hxc6umNVk~?doLY+rg@tJ+vFTZ
zmR=>+&((7J_TCej#t~hFW1Y~RAAv&TN$nXBi+NMz-#<(uo{yOn?qEAJ)^1^#rF8$Z
zlNjbu{9Sbo1+d4~-8dUi4_I|4d|Lr;@lv3wI@N-nvJ%!V0EUKt#QD8riXyHmnuZtE
zF6{~$M5wC3<68NzdWIMS>^39H90}XCPK?wvNE?eL98*6yIce*_aGAaSH>6GYCZ4qA
zSV)`wM@HIm5|MlJhA8*V9t%=G?E71Ga(9ed_>!AjqQ%F<nRbIac27x^ff}|m87Lm(
zM-{~|-j~U+{ZA?J_*J|`YeX4i|4#tZ?+Y&pCieQ@fJyu6;$Zsn^hLnb=`{mP-KG$j
znDQL&BjZS6H>3-~MRo&;HA#q3zgMl)@6|Z!_c}=pAJ9|nE%PI5_iODu;)j{?!kF}y
zZ3pf{j1Yx6A-ZWBBSiafpg7TV*mW@2a}+oBfsIQtr3{goCHdmi=$$LL1hNxU$hH#5
z`z`1j0q~)ch{kveidk{P`1M@I*AplrCyvVR?a9<@Ucc9hG1}!fwL}2`k6?gIlGkOk
z>GfR9*Lu-~ob16Da%IwmbZEKM$8W;N;XBWfVfybrRKEwr^!)zt@Hrnbt6$r!%<5TN
zqKE%ru5*i8?r01hU>AgQ*~c%%eT?zf@%C;YVRUI1oJ;{UP6@qh{mV4FZ?dq#HY(jW
z9{LhkU*A&uFy0i-h$`1*hxfLb%Y+tVF6&BRE<o?2hR6YuY6kRG>m^@MYd?t|+lA(W
zrei0)60QeVb`v&0U#8R|N21Yim|ygWNZNBsNfgeo@fHKIMg7^t%b{;B7~>onh0!?|
z60afGSv#%8HjiV(0Xlz#U&Mc2z<(YmurR}hK39K8_v#PoY2nJ);~f2Rcz6@MypOwK
zqZpudnq=hL%b3Ir8^7z`&8AP`ZSWN9?fD<%{dJ(+NV>DToPBT~e$ZV{v3L!=&tF~J
z-IBZSPyFFnd`L9q?MKtie0zrb*nF~TFD>$@D>Yf|?@<@!X&%=}Ump+J6#qhK+{`P6
zzr27+m4=sLb|#~YCtvGl<2Mvk>i+h;e0*KRUmqO6sA~y2GLL7c0zD2nU0u6pP|V|y
zoF%duQ4Ji=Oy(@{(W`CUeSEpa)p|$KUrVOZzYRt2Z_&STeq5cT(GOnIh44cfTH9VC
z*z`Bdd%gK(42qF%G5Zr$u59aW6}T;#yH))CL2zllIyv7TN%8g(HmE52WvY|}N2Me<
z>qGuXs_&|*E#AIp0T-FuXitwoK3AU);p?Is0pf2x7!0q^GiBD8sooG;<1U7@e;iC|
zs$cj@k~^Wy;%aj=|CkGlFA2ZTnCbE9kpRDX6AN=EGWfmIHPL=&lp`ire3)9gq5XV4
z!WvvT+9>-oG~R{DX?Q039`Xb$@^KF)Ybm$VZRObF<9hkU0>9XYbWs@Cg**$sCYyw|
zaXux3s$on)yJN5=$P!Ni^5}LTu3rC6Kbt-?Zq5ZGOjmRxTGlt6sbhwZ@XwL-P+kLz
z7y7uWYA<lN5laUQU}ZrmzuXuB_L-c`t;Jy5-dgIv!TLw{<F-gK2Mv)f)TiBVxJnzL
zYgSijqIHFaD=V_5J+Ojsk7%OH#XO@8Xq9h|Ap34yGDN2~*3EW!cV~8`y^a6Bu5(g<
z)f@`DkTAJsE8bD3@$ib|{z^NCS?{a&8kOKLM@kdJ0OqfR*VXo0+W0FuwAI6`7uL|p
zYpfIFdo(B+_tn)mV+UknQgH~nm;Tn<O}EUi_&9&;n@MujA%jY`YN!4lCE3Y^H_%_T
zVZFwUwKLHlbv(A8%x<jL-TPB+tR;0?+>JF(xy_CBO{TMQ1Yi)J79~eA7^CRkOW#;W
zTg@BmbnOHD_Bh>_G*h-S?LBm=VECDntfbh$aSSJFE{nw@@cl2r<Ic8R3{K2p`J-T)
z1mh@uQ*1r{F$c}{6y{7}HQ7?|=6p}^zM`0SGDbi#@66VDao(9Yjpqw2C%Gz>i^D&+
zF;%_@Pv@)YOr6}D!fY|-bfy<4Nov?DjTu`|dt)gw-szNPSd5#s=Oc9ULMixv*D1}`
zR^)GFu6w@W;XBE0!+Uv<_d-+JbT-z@4V`$l!jcr`f19(71;d#0e5ELPdY6n;mfj^c
z)eg{?q&{jhQoGRU$wmk5+PQ5&H$R`!>cRlKvrQmM^&45|wJ98yZ?GevJ@#qBw6crv
z056MABd{6OK(%uoRRgD~n5Wo>r>K<8<1Xx}kI_@z(3sbu*;9{H)|1hR^(ddYF?N)3
zoZu?+4!U31$KhD{6;^D(6TK?7J9D@~mWeI4?Sd9W!DoF%hr5ab?W|K9G!z$^kPD#L
zT%^~s$S!28Q*F#2`Wl*|cNO+F)Z~9dtjQM&%?@wk9pVYdH9Nc#7u!yAQcph0jqtbr
zX|enXvv8q!X!X8K_bjqr#$V0S!oWvM@uT3%7!Y2x8;&2=FMPL<PeO_1)L)Fz#+_0t
zvAf{{cl!FvLhgJY<5B2*|IEURI^Q$KHHJ&^xyZPB1MtIxE+k6&*KyL9t+fC=!;{ci
zCs_pf0T%7uXW_qPmzTF#Mtv1KwYMbm<213_y5_5(X}GY3#(L{c(ycHI)Dp==5uwR?
z^S14+8hfi}z1_ijJ8Yx04Xn3mk??m(nUAD;Y{WH$zy%aI4bDM<sTT{x&P^PC4I5dn
zFawmW2_uxGBZog>YVU@Mi{z1ri{mmV%+o$&tF@mE28dT&us9)3A|5x#*cPobwvenT
z99WQb3-1GcE3}h^n2_ay!3YObT#6B{>cAqPK%Ds}e8*=M{#%<^{-SfnB%a3p`<^qe
zz;m@;s8Mv&FVlzW9rY}|Kp#MnuYFB_#BA-{NT%f#X$>P8=X|ogsmc{;`}xBq?Gy7&
zbAGCz)57{jMxOSh#NvO7EWtl0ZS_I@4-quiB4jNZ*ft1=CBnOoA7n$&auKW0p1+RB
zRz~rDU4Z$p_@5$ect0NhQ_8N2{<&okh5-d0kC*9M3arBorQt>-9j+@5*H<fK!{xwm
zxum~-h)KH%&q%&B#(%pnAHN%(ENTR^cqVcs%))y!LtxsG(yIk_N>QL88gavEAP<;|
z9ery0vXZB?o%3Bhu?&Bbtxa<Y7KV=A-D%tcnHvjB!c=(c(RaJdeu=Q8>_p1=QY#Nj
zTDt(z@-Ayw(w!LpxPUoho0RdPpWgR>8+{L7z_S&^`mRWbZW`BWMmGuChp=Da!EI6)
z<(LHa1#Hlc39ox@`!|78w_Cfu4ZpmmP1pZuH5^&o*x>i*<Lz&;`y6KYl$HOqIZb~X
zF7S<hX*fGLqns8`lOTV1m6O-=jMq=7mKrFf93PN1cQjb@gaOGSY<v<|O=UHogML+!
z?7Cm`^^k)1=X(Ojy*Fd9`0dva9$$m?S>_n-1?ZKlGrU`(`!3-+O})}y`tHPTvB%4(
zN8f9h`bRmbz17={4)INL3md+W?WavQhM%)RI+lZA(*Z>HK`@fu4j`JzuvtkZ$Xez3
za^ljCTmQXl_NrfS0((ST12EDbH#eitFkb&M-BSPZv17j{vEw`%3Vp>`AOgMPspf-r
zd_)?F;w&c^GwJN>MW&C(HsW`4$@a0h8?$}%?!s&z%dEDK@!UI_+ddZKE{@mU+L_e$
zvFO=kk*jD%rEqV{klZt}w)4e@#0}(rYzLhK6N0GOJkU8eTdUid)V%fW`Xte8RZH0E
zdiWMfRu(&5C0PIamP<#hj^qc`sdtNi(c9Dxzr0F_TdSeR-B!#t@0`P8SoH9RhaAby
z&$5_B#|+eOpJ%1`u`BISDKWnT9+>6{t^}E}!qn`H2(|p_Ng~vuTIdQ(?zt=R`b^D0
z>)K?0B-Pu`A8{~dfOz?*;c2$hLZ?*x>?!yx{4BkoqC?y%>B<b0`!@l{!dr24IHv><
zK(0_b>f#dU+R!tAV%BC|Rlt*4Wc3yB9y{&r+5O2U;R?q7e&4B(HvqOp4W8i*&N0rk
zSMA3eY|Ulf4Et>HF1Qa|mMpPDav$8?+cJ{}W(S`!ybzulYUJTi;Fo^4b*OY>C`p}^
z#M{>zg}Z2*1#_(<UHMG1NX*T2kaRaf!1Yu=a}&~fq}kfG{)Y`O%2E5uh7VGO*=fg>
zem3Fq)HY$W7mxO}B9WB^ZfN0(NAWx^?Z;SP`vgAqmT|3tTmD`@OlHNT-ZOKPIBg!7
zd+Cfc7g`Nwd4E4{Oo?yME^4?KPs0Z1tS-i14K}uI*I;(^?zVSBkur7z@GgHb({71L
zd6_>PZD$s_;dWME*L^(}5;clbO;dU8tvb8|vn|3hC=IMs;LWv`dR?j@<aC$SbU3ii
zH(#^K_G;<fy9Sr&&ZFP{Mr!^}EZ%{S;0KnJD&8U58`x9hM~$pbcgpJQY%GTt(lR9F
zV=1I(NyW9wj=WXEhUyC8KKO5b^=V;owXFjGDc)Zp+~46txu4C`_p`<c!u_4Q!-KsQ
zg7?dcGGR|+d7#OAb)#GOpiZ{$mHY0HlzJ(2#4+9FaQQN(y1Xu@x6mD&6s;)h+u&B}
ze4jIWBz(WKLfBISoU@B$-!J)Vvw_cK>%T7E#p;V;QW)eeZ`zaA8#CY`s<&h#>w?9I
z%2qLSGz(TK_WiO^xZlyKLU?FPg>d_37$^h-4RpVgZG11=leUul)qr{4?;3><s<A#{
zUr@9kj@W$Zm80#gz7e8-a!yL|F8HHTSXUz!%#4h$JiJN-fR2B1xE;>WDY5S!|3N{t
zZ-)n?*vw&%CCra*k~+M{S<!A+l-VmKwWIz@ES?~rig0D{Vpo&1iFpYdCg<eYp9IPv
zV^LgXX*Q=ka-P6SGHLp6c9Ye!)NZ)!ATb+Ee@%53H;MK2h%(YU2EORmTH{ka_EU{z
z!UruL`?sFHdnymEn($=j5>N1!Q?To9SdnC}o%m$u9=Nrz+4tK46IMA~Y@leJ=&BQ{
zm_>J1UUuc^t8L4|l5$E4edn02cJ3$z9iyb?1B9MC;Ky`zR!67#m*qzd)<jjW&BpW~
zp_71~wTPac;`1E$966TF3S()9GPEiD3%4~s-qvGJ{*C0X&jwlW0Hq3`lnIp}j{;fS
z)2wa2x`T}sMq))G<LYPOR`?^G9_%iv({n^vnCSoRfEest3IF|4bnScy)YRcr^D<mS
zSHZ{dPT|8nV{I&8_pd|KsUjTDha{?F`5_kV5z#!vB0sJX(RzrDr~F4P*5~EuvY4c|
zRa9AhGUFNkvndbeSC$m{t`s&bw!4)EcjbX^-Ib9!LKPY)0Am4bTZ@D$x*!iO%@_Uk
zMPiT=RYVQ>ZxECJ*4xNE3}hvtbBE3TesFH*b=X1w&kt1yT|%dYIU)TKlDN1mcv*WR
zZH+M@i!8_!wq!FIj3tkHu|BB~cH`<~jO;1K$hso)np0><6V2M_%lW<BVopAAM$Gf1
zOI;?;h$0CtJ(F(9XR<?0CJsKt#KF6-yR_st-4yW7UI9#HeEh{tU;twez0P-yi+Hky
zON*=})Yjrfr@B%LzuX5)sExOU+q<Gs%X?YbE~$1|6-&fmhnLCQGwu8v1-9})wJ4N_
z01EH@R~{=qh7O4!3Rb(VHQ>S@4~-k|TD%qB4am#uNp`i?lRVE#N{U$O?HTwEVfXRQ
zo!0q8C+Eh+OR1A{fv#qjPR?7A7Tv7Gy`}sa3nu4^_Uc-*ej~e{oB^63tK{Whm1|o$
z4a0N1<;6b$3KYkkcPThLLskxo1vO%{hWxqEjV!vcZemXmQV)1sKYGVbtQ<Wc)B6QH
zg+G0#^ua8$1gYn7BpJ|m*2KycBcqu<2YzSN>P37iu9oceQbC>hiREP&<)t?DFo7u{
zC686nt6bjO=Iv28vA2y1e2&it`tYcoyzYSMMGwrifMhM5Zx6}?AGfW?=dN4@U3GKU
zP3~>O+I+zgBcLBl=DjOA!&0q}`P8(j)<^J06Zoz6xWeYZsBo`255d}?&F;#TJptE$
z$4rquZEpX{T=@HGgg7sknG4FeTfHx*%ysC|YdyjHa%la5<10IZ=$EY={V3Old2=W1
zh+->v<|OuZSjMVM*~9JbCnxn{0;;><n5d4<la!U&*wpPhw(1?-fxUPZ{6O8H>FO!y
z$z!j`E-$Faf$8CV(Uk92C*_C>c8IPoA6*D?XO5&Cvf@XedSzGa39mM6w_RbA7EH>4
z9Tf|JQt-;GY-X}@0!D$EDWS?!Fu7^HKw%#on-?GDvsHg*Q={a?Uuu8575cQ_ob4{S
zIVYjU^Z%vtN{<w)yz+@HiM(RgYeX^j;xY@YIYDOO&R$D@b2iFCx`0wvt;Q1zJP+W#
zKvXu1J2k3|f!}~+SiDP^U9IPs{vUA4{k6HGYpdW#u3I^}n{C-qN!cO6NevxH6SAi^
zOb|L{r31*?qp%{UXA7MsM#TDwPW)c~h<YxE*6$h27YDe5+ebhqMS18`k3H<^`yG>q
zoSxuaAP*gK`+op=XcNdog&^UiO;bj9M44!+lg8-?++$+S6s4?VjvGdFO7#<SsK;ov
z<k~D${R)0hs2rVPTXx)o^3C^Y)6~&dm=b+NYCcF35&KaC$IPQv0BhbUg~A{aZIVLA
zK_dDT=7G{pRz9G^E<gvArjMdTgps)JcezAlk%y9hA^Afwc_=0deOO?KLa|ci3HgqG
zx;(Ull(u6?@7C`y<e}&LlRT7f%0nGZd1$lvQA{2>Op?!L_9Ip=ouYlyh3pBitCO-}
z=Y&oZoMQb10(EW0+W-5`+o-tnHm_yp|NG}H<JZ>n_Ld!;MOWf^TP`Wvq@5=ukmUWf
zPE5<vCn0|gFikvflIs(}f2ZN?3uv5cTlNF+SGgEKjHhm51d!g50f3w6ghR2aEF-%@
zI9c5&tV)HW$1bF>K9&(orT+<&64q~`o&V6(P3{xz`x?uI54L#hA*t_K^ZdC_Nqr;!
zBXInx;Xwu-zp2V_K@2|ZgdyF|#)&Yb0Ce1)GgT=Qa`@P8Kn*vchIXYfGOP$!L$x|A
ztI=fTJ3!|&Q61iXO3*PxY(8Yj-iO$6M5=EdM<6yD9LLQtEmAgYCbocbyrmrA94N*E
z`5rrvmh-qH`6rUUCL2EUeiJ_1+D1d^-@nbVH0$a9^z-<7>^xresc|0LUm15E6a0nL
zJ}Cb&gmcvjRTpR<L4wuCvi2Z!NHB1G&2sIbt2$7a*?sVTu|Ab13J4~a&I5&_3dJT_
zE%gMV-h+~Qe~}1;=o*i@G}oivnQs(Pzl`@!b<=ZY*Ku!WkmH5`^+bar-Z1OmgS;$(
zfC&>QNtnQyybgflcV>G6KL}M1M$ub%D2(8g{B_iOP7J@H|GHd{>zGi5KFt#<R}8iR
zHb|hS!Tb(re}$g(ecT3^gLwkGVzQw)V}1DNc^zyC_Iq=G{xkX}1|M-=lE#H^Y_%!?
z|M$_mb8+^NMUnpjdN<&@T^4$GFPAUqOaalmE+%9EP8RRdudtj?CSL%u?-Z)~x0Np(
zvN|;~P031^)%MdAIo-*zTd()1ld{W|klX*AP!4_0H06n}ke=<A?7F9KEu&{Sp5Stj
zC+a~C1zExcqJU$XQrMgFgo6Cg8$<{A#jvwR0!gRp1tvRmBiZ3|DfEM5np$|JDLZJ=
z`!Q?a_asGV^n=J22=pO61M_r&1R)oHE%)7o`<-tkKl{o9`-Q;tm{G;dH)wB3+8*sG
z@QwFd@>`5isug`NDM0*3^s1r7w5P1!Y|yK@y%X#y|Ka&kQ$!_QRN+7=lkiYEnc(pM
zmGji|%>Tf7+B5V2KTrQl=c%yw|Hyf|W0T4MulOH5Pl^7=jSOq0f~XXVrb_;3N8#yj
zNT`6xNUm>KE)^*VeYy7XEVjYh@fQ7z-VN3(EB9jbj8j%xr~&#;p~tG~1NEybGp@Zu
zDGR;BW%XWYcTO%iEf#zs`Zoc-pG42U+^cs)J<5<+H@*+Ue>U|SWb}AIJnB%Eoa+cW
zH)BprXpFYehbec%Sq`t@T@g{8*#MGfL{#j&_0OpGTDYp(_buhZl6Ib)9?WZH;T)3k
zg?5N#K%ql>RNK>viH!Gp3Jyr2NGfYZVSHyjN;pB(ppd(GQKL<MBJ;d^lsd||-6ASy
z#DW$v)RHO&%k4nb#))=1u{$GTuxCAsiFa*YIT77Mpe+#-4;r98(f*8<Oe~Rl0)eS~
z2amP&1cL+6T2hWl1z$;_3#p=VG~9tKNW=3e2EzRTCRC!VO4Kd%c}lwnYj65ngcTBj
zS_&4{SH$JFWetsiKImk#O$}z{VfqT3z)^g-6br3~en^o^Z_jhC_yoPWfu0S|!_?vh
zU!lisE>6h(p*cR8?@nnaI%3e>1?P$zWjp4!Q48}D^c~AW!#LDv7=KDI>s~guD7s+h
z!q(ucQ<vi`4yAZphgNLn@q$P7cI+4WijoOK`Gx`yJjwx&a@KwQ3~dS(4UO}nvDp9O
z{mW$Xb4H@O1(i0u*{P=E;Q%o=lHx1DWK(K4y7Q;O8nKY=J1k*P)q3I#K*9G(*z9si
z0ns%zjK!X1R|rpBkxY4wu<YZ?Wuo#aP&7b{PsN=rB;?D%ypuAEX8BAkXcR-|Q$YY0
z*07917!#==(3>UY8$(`~l}1mXNm%nsJeNC9OjU<BGe_K$T3?!$_v`7w(ak{aoKo{{
z$^MQ0sfTPE<2?3F($1D?!O<u9kd0!&c|PRI2MDRykT5YxxqxG4R;*>?tsIJ4tU7Y4
z+WALx#$nlkd<Wss{fG($A8MBeP6FVG-dR=-;SWmpp!blJGenclNO(ZhdGHKi*#e^&
zhekQi^A-IK9sHC!S(SO#COD`yBI1gsjc;X9Cb?ok7_SrZJp~#yWDFVa$cnTp=#uCn
z+t2J5#`fou5&R5J1Ni*uXIrCqnANO2mT;$rCER)ZEjy;%aSBg7L%t7P0>=hnrk%$@
z&WIi$Yw!sWVYF-ZU5F~RY%|b8thwO<=yWgChHoT9F&cJ1n9$I9kQ)B7HeAeOWV6W@
zepFi%xe&z((M32nsXqeG2=!(4PAXH7gJlXl>irrV6j?ba2@}3Rzmkq<lKrr72aE+W
zRGz2cnDp2Mln{Xb04ORY!Lv~ug8|#`Q`EK~?=>B((PuTJ_i5ueR7C;8{xP4HlA|jU
z^_ZjUA8poEzV#Ir9k4F*MSMa4(dAgX<%bg6-F1ky`(>@37i*W=m;klYr!Pb+8|}HZ
z<g}d|7Y;YLl;TgVwG^(33+Vco`6GN}7i{{!;=FT(r&FUAm)aMgMfjA}V_{$i9{+Km
ztAS6m(C1)>=xX+^#AXGJ-sNIJL<C+VD!?1hiONnfbT$PTfX^%XYa*im+_DGr@e}_6
z;15~pqCW)e;jHlU?#S5e(4ZRrZV-Onju>5osGK$R-A-6`PjQJ#Hho1cPx*k=HBv$<
zJ(cc}_F6Al#L&4^@uLeye7^m>o>RQb-P`~Z0HJx83@5Ar4%v2DsYc0B2}uPzWsu{7
z=>9DEBX*$*3-Ng{=U%EE33lgt$$vKU!CaVpz3AF5`2R?u9wE6P1dq0p`S_P9nErAX
z%w1IK<$^tOL4A4g7I<Ri2h-G^JEy6`cTH1<@0_Oe+=UXPKNOK&dwf601zW<uvc=n5
zaX=W_&Jr?B3wHjLah0ud!7ilVYgV%<_Y?ehr3s^<G1&ios!%l(DSPw&^5P~dKU5!y
z$m*>TS-CBOTO%tE!~a7ODZ0($YV-k9`OH($=qZ3%ox1@0gU(Zr5fg@0)yVB?Ky}F#
zs{W1`@?TPOL?oCBfmhK%)<<}=CybT6r-2wC`D-IE<xLUT29NTMr(m}SB(f)FBeUnP
zEsya^(-WKlg51$DLf~q|O4s%!z-4M+I?&A?$+b&(9K~7adlM}tIGq0PQEH^Vr-9Ue
zK~D?L$_3{n`+4ZUL9(|>{<;Pa5W41X%Zq=QC}fv?-vIw+eGmW4I*dPi9-b(4>Ir{$
znuV`AW#QjthZ}&>U+}n&_&)Zyb_ju&VR8Dy1Rny<(tAAxwdKXt@%(<8I;$o!P4$LA
z3-Q7)WfuH`XAStQ0iQMCvj%*o;WG`NY4}XTX9w`v0ep4<pB(^259Uzodj*lL-4-zv
z&h>Uh$e)!#OA71~0;4c~;5>$50E(Y7p620GAS?j)tpFPkIrab+@8Y`xM+wveK#a8$
z03OW^@NZT#!lRMk(KrD>floX2Y(`Kt5>y%ikPeUQG{R%25a@;@XyjQn6Hp4!sNkHp
zvskc`e37;z$;ue8gDH>W!Z*THWOW=!8Fp_kF}Tzza=ak<eWUhO{~b&Kgw`wSBjJJQ
z=N~$n3i=)%QU8GpQ-Y2<SO%Uc3%p_Gj_vS|ygeKK?Ys^CnYRsocIpgIJI%wVogDDA
zle{e(4jRmVv+rZsRU-smIuG;TaNcVCO7zDUW#!{og&Fm4tip=Qvb2K8v+5xc{&~Qo
z9P$*L0h!9d1w$$)l?f}7>|bLh@LZHMa!H=?xGo4)Uz5g*;=<)9UCfD~vp<SeLis1c
zhH6hRZ{u(~`~Xq9R#fehl8$yp*`@oc!>Bk&E;#sgYz`=KQ6RQcSo1s`)a_#EBuHJ`
z#hq{%HBZpdN^<~N#ZzzyB@$2IxUi-l&oM*-P!ac_hvR=z?-4J*YWQIQ@Tg(sD9}5m
zsKX<u2B_IAoujfzd#)Mh@BJKhs0GzE5w+Vr9{Wl2%T;xlYlSg!Zyss-MPvX7V`LJ|
z?1)gMq;mLCg!<MztObS>cO4e0ZXz;VSPE(v(5$e8Vm*k#a6}{J#m8gwof<403PR#g
z3a%m-@pDZ$J6|tREoTV@K!pcp<@#Ev%Ao{bn<DxaiOQA0)BwYVAU%XeLn3&+zkX`a
zF_du~P!A8IxK{A()L>_LR^t>4c25b89)c!f4DRj*Qx4ZsldlaE%2CaZPybH0GS#Rl
z$#zncsFY98v5{{MqL8^cFWC6z(7pfwabJ3&J~<t>6KI0d3Siiym4&c1XhKknKxU25
z%3+tZmNT?9Tc``(cGc%H@F&Y=;PuHcbc`*Ca;wj@D`Cpa5OfGnWx*koT4gu^i1~UC
zSRC{y7c`5YbQ_PcC;(YNroR9%`E6oBtL!??)9B+y19FxKPd|@MTql?)k1QDDDlicl
zdJ_X{DL6>c#NI0y3gGPP`|Y4gz6b#}SAbQ%$92F9LeW9Fpa!)&V6;jdw*Ifg)*v5x
zuYk3}qVWC0iSN<2hI0=8laA7fm3<K~B!Of5PR&R?je%<@Zv+bGAh%QnY^;_W^mW8j
zQ19(dlddBrw@wrK?TCHJ6ggZUO@=S+Sl@&uusyi_QuEiizCM6fnxQq<X&)uF23oGM
zEkuG@hkIBgDVn5wAu0PXvoTUC_w};+GW#`4W2x|2k^Avd0VX{}ga-^ehhLY#cPQCu
zRD2WK!GB`h^+OW-3u$^eWDX!0HJ}uzgh2L76<s@5{0!v26v01)g#0Yx&0@jk;%K~l
zGrU9$wWf*%AVlqcv_UFp@nDH#0-7UFE=9sth0)h!!zslC%~hY0k>&_D<TUDitor^S
zF<1_B(Rte!Y1iOjEJ1?~ULu80)0r3{tM@>=qh!wcjEssbH}T9|GUr&k@qMVzGwfMF
zDA1fEtM{_tbu!Sb$AYhlj#}~~WZnoH@@w#hB=(#NYQE33=OkF<WTt%2%FERY6YU9T
z<iLcxAZ&Y-Gl<W*B8Vrew@}@X;RI!mJqAGumLV&;-j&~fDLwP}%4AoA_jMCA7_W6i
z`}7pS#wDu@7;KJOVRJ$o(Fb93hb`8H@5AuIDEg8a^W*SA-looVlAYxn&36hp{js+2
zk%PC!!-twrI)&z-?@ai_)*pv|3uSV0SN1SFpd56x1I-r6l0w>u4197mGFvivyiVM4
zUS7`B;OL);L5Cqpi=l&QWV`^8L;{w(M=Yq9f}OXa89H>pL4=yj9x^i8vb+-gRtvt_
z4*}adV`FR&er}eOZ>55IAkN%ygC~RS7qY$ibX1W$+dr05XF<;@W>axdHXP`Fm$3S<
zjhQcJ;AH0@37ro!+lKNFv#U{f8krQ)rm&|X-rm)M;)*&F{jN9<%+{K)T&(h?Qd?CG
z<Q&9|`Z8fdBN|T1lv9<bK-SnI1&4nks(>Hm$P$6u?e=EKr7HmU|0Wik_F~|KHnP`_
zXlpHe`mr1DM*;T$70;o8V~z}e%n+*386FtsC$fT2l<g-;iI?+45WuxaPeh(`Xu=S~
zwa^l%7>C?Z__<Xo_(HP7@jr<@0$FL&^Vs${fXEj&ar>xaB*C&^HvkRkMH8r*pv-Uf
z1PiytKtnr@{#=slYp;m%7eMP+#aa}*(69@u`R)Ybx~!Z^6uUgZ;dLZ-WuRHf<2vEZ
zlw4o=HtKNVjscrSQ$v(Xd3mrVc<Jpd7kux*<wlvURcj9~;8-uT9BcNquSVZ?DSU=g
z`vuE#Y~ph?DL((jj^fVfaY;})--5~>)K6omoJ)>oM^R!Nk0@P&V;1Q*8|Tq}2F17-
zKJS3VfVM2#k0SROkMRV_P&(g0X&HUXp+}C=CBkZ!QbUf%=brKSoWl#;eFYpW0iO>c
zF!-(!G8Y`T>>D6sWO^{~LYZ=|@-%GTF2Lj6qS{VUJRFa|K|H=4@c3;sR0w1chLfP(
z-D5{o+1pwTJ?wD%4;tuvkfXDV=zM~q^KKc0YL3nzo6bUX{zNP2f$01lV!jyO$k4eZ
zhR(YfI?Kv&Nom#xS}{3}|0Uvca}1xi$3Vk8+mN=q&UhuvylBPeZfKzCbd15}Y+HOD
zU5^Pc;b?>S3<!PFn~9=rEl21UZ%4YxAQRlR-C<R(AHAJD1&3w(ae9GiZM9L|lOuEs
zA#_`Oo?!$aghc;$kyjnQ?yv@LuU8#HfR#W$5JBrPONT5qz)RovuR6SG>O`lW>OYVw
z2NyWy1)3DR*Di$)IZ#fQ>g&)fr(bEskEk{$wS!HJehMubM1PB2ShJfLQG3LC7^NxX
zkc6_06I40>g8!_;JKBFX)wg|`IyxUcM(W7%b(to+n!Rsg{f_}?N_!~ghwV$y@7ZTh
zV<{>)mHq<`Z>C$F?u6;L*Sjlc{okd+GAT;40k2`yaY_UlQ4|IFaQlzISF0LqLSQ`o
zS>K@jDy4%hj0TT{LfWRwclwErws0qkG)M&iR{aZl<_?GnPNI~ENuBKQM;zXKOhDx(
zhnqmPw*+0TE$NCLL2v6`FtXm8E@}h&y<J4L)L4|DPQ^8K!jPzq*>h{nl_9EiCChZF
zu`+Lab5-6B%$p^9Za8Get43JfJNUzR`d9h`jh4&$Gmm#OXMLtM9lfaR6`sDqFimQX
z;~n9%y_8qSx*v)0z87S5NSUGm{&+wfhUuv*oyu9EY%|*OHj<}WR-PMB!kgvB178mR
zWa;h7l&$`Qsc5|m-t4sRbi1|+tN)0)iT_Z<6R4JjG98#E?qMa}mr!nA{O38OtFm2V
z^b3R^eNJ)H_@;Wtcwrr=14opw_U><6qr{5+2P1A&K-<W3N<LufbBsdwOaaoI;>4~1
zp|j=EMd;#`NqSPf1Ym|U;_#@e8YJ~5SPW(f*$Y}_E^heMxZyWZwzog<v++Vh8r^52
z;?bn_wh5qZx9YA63w@>bXz2bZn}5{pG=8*ER!UexMeSKkqlh<+$0T)h9&USTaTBdY
zslmm1Gu*%wvXrgCyX~&iLKV53fnotG#@9li3vT3sPsMgyB?WJ?0P<AR;9rQt+L10D
zER%dV3dnvvzQp-xTj}LSkus^;!gn)q*?M1DT#XwltOMG21egWrOOt-n8uh3{+_3rO
zislA1U^o#jWR`7QWWQ(@*|m>uv4%{T_HDHf3y~t=iU{4S5V}*vK$CY4-k(f3X@%^@
z){X?(LHPa}p!ft##77vao;Cr{p+r)72C*`#V750t0HBtEV{d0GIPQj?^_LkeKI+_o
zZr~U!piBKNzM5IBY&AV`HA&A0EJ=`*&2T0nvQmvFz#*yQL8lxmvz>C|Mmj|Gng&oP
zyqCulmhdwdqEY;)NS*Br?DAest;dzA_c`TYg|j?x+&95ZTaBql5l>}hY#3QTovgqv
z-?oGfUwW=JTCTLX{fAO{58jU^1bYrF#<}_WiNX7wuDvU+VsjORvQ55eK!L;spGoa@
z$V!GjNu8X<8a=w7z5xUv)8p_wrB2zWO?bYQCAmTd*)eYA*qirF)nij`vWW|}ke7pf
zGrB4Or@~bLzxYI2@C7k!+=xa|*`{^6`U)GW<Z3A`w5l7Wp<zz{2~;=+|7(d0j)hZT
z_jUp**$Na9u<Dz+;R&da118)Ehl>V*XG6{tb&I198N?K)JM}ar1OPA)w0J)d<5gmC
zwiD1m@*f7e095L<yx=UrMJTHUdV-ob`fr4?F?eVCJ`B1;pWFeK{->%d`a88}@lZV{
z+G|nOlYmZpTt~e9CaPuqiIIGXn6I&>_k>bytf5o?BH`Xe=wq9qO<{fctFv#Ytyn9o
z8O-Yji7Tw4Oxf&is&;tO%hcIf%4Q>dpd4J~ECZ}7FH@><pFmv5atGaZsa-Yhbyn~O
zyIbkwQR>~w7HL5UNu^sEp5d-9%W$xxFe}4pX4fm;f@28lLcuv8#kVSFlx>poxl#jI
zQTSi2QHsp)sOdP6Tb<_AU$)+l{EyF<;+y~7eBFG$E1tvomi=$eH|0Np?<c>yG<@Ma
zd`9uO<QP#mH++6ex-Aah1ve}KXmxq<7LZ)Zlp3Tuu$<{xN)3x{oxxVK)%yU*)No>(
zYG^g%?P9x-s0gr{Ik*~0+3tqbE&vMtJ+7t?tfr46l^rTPah#coz)aCMccylKIL#*3
zhgj`|5D4CIw#xcAc>pzIHH^>%Z{!O{O0)M_w&rGuQxJ8MGrZj7ZtVn+v0gRrGyjA2
z-S-pL=ULDog$_F=D#J%ktS=ksa2V@@Bl<mG-`ob2?xqq;LMActC?<kK&-Ri3c5&y|
zw_Tk67-L66JEA)_?VJ9l)!%!THEazC|KSMn8&Q3z0j17gMes5xwM?n=A0{{~cPgh0
zw4IuzoRx!1oWZ;7Wv(sW9GNK)_}Vv8T+kx6J1Z*f_2D3Zz#|m1U`dj)N7;(k0voj{
z>yhrCla&Lg0>GEhyIUC|DcgWKEZBx5QBoYh5N36ZVRSP6Mft*wRv%czNW9ht4oQpJ
zN#ZfAWeVvm(*nm=PLYGlot_1U-Jt7*esILo?^F}jfU87h`w?x<kDwO-k(HvK`o0y_
zVM+sv(QF8%*?%MzMCvk7gW#+RW%XiksuLL2PP`Yuyx4C03Ad|G2%=rrv!G5nAufox
zm74N`(;grMSS0|?aR@`E@mjRtv;<5HZ^<(8ChRg#P_)az*`VUpc*n>E+eN?~vH2Tp
zF53ayYO>?`kB~i~LFiO=bptt(JFbQnAPv>G`VPayagsFQ0&RR#ox?4ZM_lzQyW($O
zN8|yABVs$)o?&{5Viyym*(wv@O~Hx4?SQTbRp`U#22n!-4v!&*n7kSzJU+sYC>6<m
z^t<m$ZK9jR1?N2WA0=0d;HT`7q+A|t3fX<BWX(S)h0gVy5*&Tm1lRD(d_CZWw;UB0
zN#Y~=Ht4tG{R*0kI*JQwStjrdSaOOOtu<S%)yF3C=kb6B)xLj%<esNAYAa4hqv)d5
zGtc-&2+XnAN0l0ohRCK#zxeV3eWRGrsd$&`%avWLws-|`!N;_QcAF(2&#5S<B!Z92
ztJhl`A<?zJ0PU}bsXmZE{!v{jm*?5M`ES`NR<c<;dWQ0S?#EC>L)q(&qC6mT54|An
zh3|-=_H{z*aGwTL`<MbidS7Q#@AI`IRqxZrEE~xLIh1IaRlT3n7(s_Wt@5L;raUv5
zDfy^TVSZJX#^O9k@7jB0t3*pYCr#lT3;b}k*wS1ohF)Xp6WR>;(Z~3akG>z6x|)1I
z>Z@P9=N~rJ25Q=HwBZT`WoZ98q7AwcGnar??QI9x3_ICQ7ieN$%D-4hvmto?qLmzJ
z^Dwn@?q>K_snw3pN@MGtG1pk_m$N9#ruNGZ$zR4y#vt?L!KCAB8=p(#cg0$Pc>!>9
z?OG!qf4oGrNBaa_6M^!ol7<$ff|@10#DdK%$4BulEqD^t4s|R#{sgKY?xA1F-)zyo
z|Jw3qS$o`h+W~rnlk;^(AcaP$|G>O~mEYOL=VW^X?+Zl3x0%v@<BtmXQDU<_Dd&x<
zE6Xc|X&>aJ^!f-k7A!yB$hA?gwO_Y0S`o+Z8-eVPN0VqnM`S+}$1~Qi*%zhJpOwo?
zY`}Hq*5dgy`G=8K3h`R2yPUc0E+ik<I&H%n$f&E?^lf=|yfDe-ci7}Pc6;7<oVG|6
zmZre8r_yyD)<4j&GK!g`d?A__=A-L!mR9su8kW4t3TzR6SA$m-NOY=z_<Y9|_4!h;
zvrydRKif$R%FYH+n6MT8YmkMB5uQQT%dTu^P!&d=NBC?9o6VBt2d1BK51YXZVZ$Px
z*-EQjL0MtFW1Co63cIg^sD3~{wWSSNwx+VY#ddEdHeRfC{Z%^UYF%gMc`_K8nMr7&
zb_&+nlxk;qT(&OVhLsJng-)r)2;Sf7e=gny3k>u@j~o@|9iB+HGxb{8FLy@u0r+dw
zFL%bA!FsJoBZs|(+FLBwt@hXVx*BN+7HYrc51)mH6_$MIiS&t#3honV9!r0f3}}<$
zj~=4y8#>EUtbC(&J;6<1$q(rhx_L;C9cLuUw9RqK)?V)sN6KdD38c(o!g8AQ3rX6!
z6Ir$dg7(A-M$rE8ZdY5v{T$E7Lq<2XNK_|jN@xsnx+O!E`teVe0y7cSQDVWj@`6*c
zt9iv}It*L2x39#w?{6&WdO)^Q>QT0@+)`QgWc$#`4EWalSR^_Q)rZJKZ|ZOi_n@=r
zK7&whU!0aWAD9dR<A^p9nC1<&YiBTT>cd(i`#UDDeRgTl)R0Mi7n4aBf=oIzxlDR-
znR~W&{_8Ymt98an-t9>^jcFW)XnHq_rf%g&kWItdEoy7DjJTRr^7fgM_tU8$dA}6r
z-*au#<b1pDGT5Jdo~)zCak88=O?KM7$i$r5JI|z3;<S2g?9)5r+=GmKOP^6Lg;tE0
zC{0~*gRlXPoM^Aw^>6`DQ)OG|aE8C8vfb&bEz8nD5l+!T3a(dnYvTqwY=~=<Ks68S
z@=D4M|A7otu*WHT=!S7C7LU6Dp#?bpvff*r>Qw3qwz-z{^cJeu&O@A=+rvSnpj4i-
zn{Xw%Rl#X(HvSgXsd!@`3gw#vO`!URj2CMY<0sCGAw4y)U#J=hN7sKOL-a?}geL~l
zIo=@#yUeRc=ikxqiS|9wBd|`O7EjVeYP351p`De(RmUpdNI=%cpXSE3CbzJmE4FM$
zE$hORw@v*S?2@vLME+_t%_*k|zsl7~S<1OGwZs#w02Hecs=B10*~mb%dxF;kmhF_3
zj`|`|X$I*^snOP@5RilbIwyu7`S<<Hmj1u9Tl;s#`X3d%AF#MEPf|VsWx-$V;0l9V
z>6r!EV;1S|<;sdIXBd~3(At^U8Z~DRwcby>tQm0N`Fz3wp{kA^)yWG^OGqpV8qj1S
zyBZ$tPM6^Ov^RRNmH{mLLXM%7!31Rn;QSM{j&N>DIeSOU=)0Gm$mm;6p40RDTmf7!
zBHJ7En@OBN99-U?;oua!z(kOZ1!BSvy<2?<PJM_hx&XFmS;{F-a3#QO3rlCGoW=8t
z=DA*Oz<06Tc1anl_iB?nK6oFa1yMH~lLebOOay?5U|4Ger@mDTj_9&!5S0-_GX7rI
zG&r-<ZB$0=etd!T&3iXQSrkr9PP(nQ2?j@%59k1#dQ|u}X*WE93ZG_@fR)a03Fb#l
z)^>2)wxg)6VX_CU6UmA4Ia4P$Y3F~AUmT>5#^Ul3Na0@5D4*6Km{wf8#r3=v#%HQ~
z4qa@_2~@9?gN0|13P#=YM0FhKqFN&fmc0C<lPBN$?fGc5(Jic;G^avnO<VidLADCF
zuzS)Rx9h$c?)phHa0stiOXB96YS*%G>SoI55*BQ>MEY;$1IzKZI+qB=#}$n;Gu$ZD
zJTr=q`y**fL9ROQR+>X6QpI40*4jaq;<`YcOQ$*oe=E|!4R(->o@_+qjRNJT-14Zw
zVDUlyB~*7yCqmn+0Qbv;4MpWuO~R8Yj9}n(Uk>~Pss`-}LjJQ(VRbvI`Q~Ku6P_U@
zm3LW%rQs<fy%;r;dZMdGjg|pSK0FK_suPD}4eqJK(G!}k%kaC7<mj<STZ;mQQWv(z
zjp-0pV=hb82_t6F8IO(lZ7UyfH<pzugZIc`wId)bki!Bo>(7)k+8x({+<!v(0>s+?
zL)^E=H&JDeXPT6zrF6o(B5IMSR8XiQHaw((6lNfS`UDXb7e&|gfsi05&|(^83=w?b
z`dnAn_j_Fz6%`vwTZ%#f6;R&DW5UQ=+EUu)ch0$Yl1W;+`uXmDet#(G%$;-3J@?*o
z&pG!z3QG2|k6+V2exA8OBc@FUDLHin7Eu%<FW})$7uG+&fo=p~Bf6Ca<*>MLYBM44
z?Tv`n{mQ$lbitzdX*|oJh2bC(^mi@{08KAL46mg@t#mpziBG)7j5`SZF*o}n3%_`p
zH0Rp9L)?FfCTM1Nn45yq+S%u^c~NHO1ZsV~wc&U<ofN;M-gP4kwvw87&!r`UXI2+t
zMaR__n#jNM&B$v_G$BJq=FdxwmMJ3#I&ru7Yb-8DGi<Gj$O35KQjVdiok$*;-o&W_
z_(k?mT1A@VofLN@1Gl>5TId?L2A1}NRdxuSjvY;`Wu~#^wbvxJyaLBAHYMBBX@4pw
z@NOr89yU%7k<mlzsQa7X_$S834<d+i%)dJgmJtrAz>2kf86BQ#BszSksI)U<_6_O}
zgatjnK|6WKsKowcrCqE)6nyI^V1G_!))_h^q4;OD7whl?-l6WFRt(3`#z?8k@_Qwo
z_imJ5-RNlX1E?yQJbZV^=r}$Z9G`BO-@8ujK*}txQ*j|nzFMcgGb$C;Xp+&Jq*P3H
z`UGY@{u+-v&5>98wr-VkDW}wjr+yzrUoiikdf0<YT*||MU)ZJedj!A#nt%VEDNdS>
zz&H97mL8hjnd5SPAueA1zOv4x99DhTrkYr}M{!{>p0a_x-VB#=#2Nje6wWr7RWh%<
zZGk?;!VSThnWF2YEA$ZEPEH~nXC<P9-Uxq=;<7v?rGxa<84g01a*y8{xrK}lCcFhg
zKTEvcRQn%*HC0HVigkFAr)G^xjaT<c2%&7%AL4snDkpf6vvw7Vv)&G99}iR)caD4l
z$Ae4RO)84`#Ovsp3`cL?A$KTs;R-wphuXES)0SX+3GH3gl4GqHnoAzcd+Xm8++yJY
zw_}L-sGVdtl}z|Sx5XkM%X@4uUVVr9S>&mi3*ACEy4xA_0L5JvYk0SL!6{s;qW>9^
zyPONV%h4)n7<=|A3v_WV6tzF$H=!<T@gQ5!z+OjDl-dAq;S)JH*J9;)tSsc(UnM!r
z;-jxqF5f~^D6;~Of7Tl+Uof`!zwQfAenu#(oeR?diYIs>r;ZrNisE*s+6o+7=w2{%
zAC7gej22{nRl4!(^~eHFlOfRuUtebdZkgf^PElolW3jjxV_UfE9@RIc0nfOQ(%KC(
z6~ONvUzq8)DaSM;3;r?LzDOnO;!h-K38$pG4HEp{9|pl~x3~yR;r`VroN^dhNraO_
z#VLgg?-ZoqWte!Zy6f2{k8l96P2og%>#M#dBjVjL)T9u{?BrukHH>+nK4vEyb813<
zCgb>t-{O*rub4&akb@Qq+|#~U4c?Y&0u=0k0!vO-6<N{5EpVsQLw}~X?c#5Z9o!EM
zwU?C*%BF&nbtTS)S7IugXw`xS)KQf+;-h=9!ER->vZiDWyzh>wV&VNMdLI@a&A@@~
zX#>Fd%>-bLvQBSs&;VhB_~>}*0T!sTl64_55YjMg0V>gh`+-uC*YTt|b2lF~Gblun
zIaBCjpQ=v)+{%P+2&}Riwi%)BMl(a=)o&~ES8V??wGk9;rN)22%;i&O@CM*f4S}fm
z#5$Zo*!Fl!JAn9kr707+U@!|?$<bBD58)$eYE*VKilL<@7Wn}uZb5COAd7`jkFpQ_
zrbhVZ_P3aQt6(S2y45WlnO0?LkAhZ8usd5&Gy5qU7FsI{gdX^mrw+aXrBjFb!4ht(
zyW`eWQ)GHHPQ-$R1Arianoh)7Uuyd#^aQ8&SKNx{#u4p_B<d__ai47<5Hh|=<Qi6$
zaH(B~fyDdp>e?L|w)l&_ro64%?IVMh3(;N~vQ*$E6~8WXh5D5_{S~q^e5f6}t6ofU
zW2QZnNgGJ~x;m6u?GMZ0NIOZ`f?hi)ij*hhr$QHb$3C(2d-#Jcz|r^PK~<h=dCV=;
zM|WYr(5Jxq3|Y$jn7Ro%bYEzd{MCY#*vn6n08;X|+FNJ%PQOZjjK4Rx3OATe24H9_
ze5<VXuNIO((4oX3q_*0FC2~GpF&J*_jSDu(-yj3Tqd;wOW?or2-O&YV=l{kW7q~N@
zB)V!auJ*`_nC%^O%kX|nUNo;v%TD%J_gC2@N3-`c|6B(w!=sY0-W9YsoG^w$z;ZO8
z=>$BTfT%2#fspUO^6&1T1QZWDfu7K+dNdH!2^4h#N!>!3TUf2V)$;x*o(8-7q-HvN
zKz7TVgx(ch?BwKxMU9j5kp<g1zoH+y=#f)cx_7pfiym1dZ|qm^7?)~tDys^WX*q>~
zy}<m4uNtH>F@SY;3YC4Z`Y<Cp3MsoPPDWAHKHEiBYs$cIOno<%V#yzkpsW58-n4K7
zYl>;k3(zpu2{@5UIjCm-n_l?7(z+r8#<qVJn&{CxWRLPUw)fdFYgNhYBGc!jATHrn
zQ#A5oDrdYu(eBPGi+H149FC7)smiP6h;<~yyiQ;?pEHV#1C5asKBPw&4J24a3%2(S
z9wf)894wI;MoBBp-@qxc*84uGn2AfQb$`9tyxxrsC+$xYai%c4F0UfsFXL4&VVCDs
z!`6TM->~&J<{e6~w<<p>-zH#u4#T(`$2dE2ybS+mK|%7@_YfbOha?DtP_!6M^XP6a
zf{OklCQ@H<Er<*Ek+O^H;bT;O1DGQuGS*D?#K2bXB>!o__Yg{n**HCGqKz=6M{vS}
zbO~@wP3s6E2JUQ_Q3QZaj1j9D<MRohyp8I0M}fEg#NS_p@70u;NG$pn3kG}wf{st*
zMT#WMlHqW`lsNw5LQF-EP%ETC?i$B>@rkq)ee`!-1p>U@*Ow?H&85)gy?n7}OXU8C
z!u9iIs7Kz4uQBu44Jlk!aw&VzXgI%_W9>hkA_k_DSE$7vMEBL%nP_zmRb;V{5X#?-
zxgkIdL8eRPjObnoCIGW3gFfe~Do7)q!CVT+WgKsFO>~0?e_ltq%L?qy;3&Mrn@qL8
z8Qu4**EA#D59oBqd_#TIkjPS3JSniy6hMv83C&gm)$_As>7dW!sR(JYX&qwEd-4PY
zeN?j}H8zKlM?o}*(@P!2=!I(#nNo=ySS1Gf;FKx5II|vD=C72)hugV?{XiF(aQ_cT
znSu5oR=#4ynzD*LaxQ43gZXawd|^8&T1oxvQHzGBvZTv=>P#rgg-w{qnoaDjfCy2H
zu#f_)S>+SHKxi2(K7~?E8JtS6Flg!`Uo?`K2%V9bwy+!KsESs`rL@_U98dBOt8BOm
zYrMsMqkB~q)Uz2YQ1RbN*cfYD)I<13tOU?i;Ve_+nP#$yXqk+#?_QZ|!lF!UR&?*=
zj>JTaB_g2zQPlq#tJZ#po%B(ED$6oyWm;b};Lm$-Llo-?Y3J}esy^!AD^n@d>6-7d
znE&T1>;elO4d;(G!=o1G3#-rd9V;p1L`i3}`r);dLj#kTl)gt36M<7fTs9KZX-t8`
zaY*JPzKNJlqoerPu=co?Iz0PNgKdp`Xwlb~Tf-)`r#$J%{6GY<*ja7&Y3+HY3Cf=3
z_@FTwIhp~g#;FuvzPN0xP_jG6+uvVy!e8Gw^CI#brr0-s=TzhdsMm`N(^EOqu-GFV
zQgwLh`*$^B;vg3$omiQeM<i0luGR3)bm=W@A2osk2LhF{dV}iUE!6##7uJds#$XW_
zP0K**8d}z{GwoKS=+dIvsJ|X~#7)RHV{Qrv`XC2wqUh<}@o|PLFjK|>Re7i>8Zl+y
zTlyfKe=wcl!bnt|VkFVCOMygd(_^1(x|yAX-{WOLK75BC$ry(e`$i0$4XCNV?uIYB
znPXp0W?z<?5j*IOEcwZ^wkVz1F!`iWJSqRaC+~SLo*66Ra4j6}duGO%*eKS)DDtY2
z@h%O=N3-Q4z$t1?>K7<|3-o(}trkmswcMR<B*kCegpXHRV;u)4vyLw_vjMSWYdqa$
zUYLP+LNJ2({5b$ooZLT*yE7lR0$>aa7Qq_mdJ6zkZ+{hF42h%R;%K~=Vwl8(3EeK(
z44+tA8TO}EGT&0Cv2iE%xeLgxmb?T2s?u7Y?NNwT^G;~tWXiDG(Nl{xT8+|2Y>~e4
zkcH4aNHcpt-FLhz-PT`#V+}r_Vr>j}&`AmZf$so+Hy5)n@K9i*>&J7C_2Dp|T%Q#m
zty|fxehi#AGA4lr9dIFA(u|KDdLAAfYlrpZUxr@?@YfBm!LRM@Os3YcKQISz@eW{k
z;OUBZWb6AW8IL}Q$4WlZzE!}ou_~V0QEiN(bnBv!Ahd25-()grHnsjhW0X5)d@zYk
z>kqix-R)Xi&6997=e08qY4lcjbZ$G=;R~~1yFbHm9KdnBqb3Q*+t)V&W5*^ryvc~<
zCeHPQmip()ECPHR{2Tc^m6a|$pk6jyH*L<&#lJV^fmBq1yqoiDe=70ozrAPR*C0gC
zPUUhHu)*+#h<}$*w<T|NtY;;xPJEhmyz6pi+#H;WXK*HPWmv~Evq?Ui^A!e%RI2ZT
zECwjd`BZxyv?q-NZb>!!hYaQ-4s*Z72s4er3}cHmLsRjB*!N|G!i^X}BYN+=$Ur$c
zs23AJoy|a1G4wic^uCFtp!!&*smTCAC4}>mK|FF9gDAI#97e;amvH3DBA+zJkVCDK
z2r1QVkqo3n(2JgBpr7HO51U&7{Ta>Q5C;06kqON$$BnQGI4p_7daX5Bgyy3|bTr$y
z0t-O-o@Ah!@))QI<}=f<dZ<oAG^`;F@yl}l<vI8zsEr9cZf<V;0FAE!6Yq2(eOmlo
zWH%jp6j6SigI)RDgqJXxcC8v4-pc#<BBf;?*13I+f=0ZTi{E0soX>h$6L~n^%ink}
zCqZO{ui<pZF{*U~SU*>{+Rvp)M?}1<S6*gaeMa9GS4C{`t}f?YJ>JM{INEA#8R9)1
z5L)Z$V#6UE??rxw^>Q`q<=e=+Ladjy`K%XvLN6EbUKX^{i)C(K<B=Qh=9*VoHwXK3
zx{Zu?v+PRN&DVIp8>ibh{aHU~iAK(<++**e8P-`uy<}5kGzd@WyyzdlYl#VYGdqgQ
z`oKvvyFC}~wCp_0XbqiSJvfyzAK)E{i-Jvds`EzGVtoHgbl&YciLPGI@~tnK^`UdZ
zc3JQPu-HeWsfW0zxZoC)$ErwFJgD|w2g=87bQf|!t-Tacn}1!a3)yf`8~E8@8MVHm
zFN>?SY)-1+AV#XE8rVYqjt%DZe!MP^G0`38{1e$Hfg>jYrAZAjq4g+#?y807BjV4u
z@Gkl{@KsFbV(AON;b3$Gd%q5&5AiQ*c^S*5Q+)o|7thujzqlH>U}R!6*3ARF`v`Vl
zek%6-9R@5gst%sNcPd_8SnH|RfYUnZ^@1tK8B<(d{f3=m&ws<Tl)R_AnY7Mab-Dfi
zCYs=$Psg;G2Y9>mr@NUF@1v+34iC@8%fIVg;<Eh0(kPj|@b<GirtIA5QkvDwd=}*v
zC{qs4&cQ3YN$cX5(+%<HfyiaRFJc}^<XmvFFfXcob|!xW33Dr9Q68pBO&!%7#lTvZ
zvvxE}Da%pLE-6lF&&mjbfF()fC58EEM!~kg>vMj2JCa{s4&mq*vX*MiO~z)T{}pD{
z!J&!^mzrWu2``(N1bAycUcBOd`G7yU_hRDR;zG>GBV#}wS=MH)G}C%`)Wq-Ho8wLu
zkw5oEAIU4)y=8E1!KhKywY>)P;I0>q>}y&vkasY-F_qT?8~|^%d>|R8{8NK;%FjL@
z)%(NhuI~~luXp%)e@=Pbts_<zYTLFNS{3b{)crA&^S6A@l3S^JU1T!F3I552hPWSf
zo1&Lhy(h<7p3I8;Y$?mZ+N(j%yO0<ic{lIUE~kuWvH5l>yD2FqWi<q`>?9?D4Xbv6
z`EQk?{XiOG7X6=clbbtqmrz)`cTP{IxXfcx)`a(@IsL0joasN5R?nV>cNDTxLDs0(
zP0YeV{s^qbn2fPf`<Mw9D0a)o#Ms1uj~Ep`+RAvHSb7~@4m>;st*!msN;B}ZS6(?8
zW%*c;&Fxngr!Zfs3DBcc`2jlhE!OhbWc;F`%!)oJaUZ?QxsTpw$IU1{h^76|a+2YU
ze&<rA7P-l!(I+8rRXfzeRZsi*jPcF0Wo2zF+X-eTEXC66h03o^|K2nw%i<YEvx94h
zeSvRu-XSi@u1Y6K_Wf6lmWNs=Dn;Wd=fnU?OaxnNty@_m1}4KXtnS$e1Dt?YxBkWy
z-vj_JlcB*Al1}(foqn*81HY32Pcs77!L3ny9&O~&jTB{SwCF@WPP3R;OZ9?@jZ{gR
zTggu)wH)<hG%7A@Us^3LT#sr(wA^5Uh#Z1P80u4QiCj*q5)23g^*@s>ls>9wA4R&P
z#U2exqenyrv9vQSVIAqmmcY=Tw8q+A#o9*BjXxTn@cG9k<L9eE;D}sfWjP4^<<`i4
z>b5g_M7lYsX=$js&o|?H1|(3OY6NmENa>LdR!sGMAGWgaR?8Avg`PzfFg_{{o>PaZ
z^pQK$VyJK+MYJ7a_<~#+c`Z#RB5!l3+1O@a2-?iosq0p1FayTUVYQe6L#cq18Pm|g
z_U%m;>KOtX<>T=wNaq9Z1^=p*KY=RgZ#4U^bq2>z3|$>{DibE+^<NKo>x_<`99uH#
z)=$hPbcq{HE^+fpnM>U0iG_~)i=0)X$t6w<>>=f`JhF}Hm6TG9E;4_uGc!I@##)rj
z!xQD-^v6B+e9Qym0FHpn{O|Y>cvZf7=Nlv$slz`x8AZb`{M@^VvyF$^@q^%inp0Cp
zr84iNP7h&*oR^0q@7&Caf2lR)jl^{-)xu9WBO1ax8Gx(4|MiV@PlYLfT)`<8N)t#K
zH-NvaGn?pgXg^9@*KcJ0hB@kspJl}WprJcoJ!=L`%`d6wYPy!rj{WMOW<KgQsWfU}
zULGalX6asP)U;t_jq{DgvNqGiVk&o!iCZZ95}KNQ9{LWMUw3+y*yV+vG;(x)od(+a
zG*ob_D$w#E`zx~D?373V=#2p+2x6%KdQZt*dx6P2oI!eOcULO=nU8jrzLfWv3@c-j
z3@h*6i^dEN<xAjCwIc+osSIoO>{J$NArT4~6(Z?~qc_9&x6!zluz|ihcxL{T6Ez!J
zKGjCcX@bR+z(?1>T&M#M;`FZKOCx1SEiJQ~DD(U6m<i_|yuQGj5cu>iJVB?Q5bt-{
zCt{(@yTp!eyX}NnY_apCSa?4dfr&NXv@UXHoH{idv46ddmVFY&`EwgB*EJbimbB6G
z(}b4G+GzPgLd%|QQ2FD8mQS?-^I4O{&@#V`mcJ%YX})^qmMICnf7(XN?1Yv-gQgR4
zr5LB}qNmXWhPK|Vk;N&vajSrxqBr9@b!$D}x?&33G0FzRS?9ql_VvV}eVyX~-<%Hs
zcO{%*-<O~XTu21ILg$8`kj=AP*>DDc*CW8i2>>5KfOC@o-m3$=trdV`=~tlLL|(7Q
z<RS5IPU+uVBIqNGU|6TI&5wGU^jMn&z{3&n;|YK_seji$`hkS&a^u*}Mw8k`GO6hU
zT7YJ4ytQfhYS|0$YDp4KP6pmPhv9?q5r$LN*qJR3Y3>40BV_}>@x$K^BiM^;8QAk%
z%!fVxnXjyo1#Oc1hVfb~-bSc|Haqkx5Xp;jYJ-`@oW)pUk&!ia`I3$*b?85{OpG62
z2EVk$pvVk+fhjUMsK_kFOOp52qat&~=ogre{&U|P<EO#7kyMkG%hivfnC>d6`##pe
zZvB{Pr87%oabr1ZC4YE}@!^wGm`W?-LwfR!+9JLw7Qf{Gbqb3)7yGdAHnGnl``_{3
zT(^AyhI{6S%PvJrNh)Z4SZ*CHA01*F0xz6@#8ik*<u_;UDwkv5{09p2YQ;YIVIKs6
z{8;RWM)fN7q?4;JTTQ%P$VjW4Tct!?xx4+RZ1ex(f4FByanaXY%Nw<ick@2V>q4U|
zcb`19hH{P=IxK!lnz~&Q%3JRfkAV43^5vEs<!;e+RJ#p+Ym+h1aUzS?WYUn$#G+fL
zhTWmtEd}z_Dj=VwpcSy7#i<wLP(oDDc%_uPMlxS(1+Z?%E=ngt@n}<Gaaf7*Lla4V
z#8h?a>w}uvSr=8GhoAZtA68FhZZ^<&$?R(>0b@QMb(C_r4<)%|smh(u#DexMEG{gq
zV9DE~VqxB)yhETBQ%t9Jfm`uWqFF0uGQ$(piq3vhSA*O!QFhdbp|dE*lh>Y)NiZ>a
zlJ7e`CuNb8TOoa3ucw7~REVXYlZEeBtnMNE8?nN#<X?~Z-eIvHlN`szM;}AcUf9Lb
zt4pAw0q&Am8p6LqL&<woy=X0lkd=>92L2)i4q=|WqWM`oh8cu6(|0vdPoUNvgb}dN
z#y6M22f}tXhMsmB2TB5x6ta|4Dk-8yoC=X{q?K+!Odg?%(aO3QGJ%=o+GXs%cmdk3
zKvUd<9*v((#}W$E2XyApynn_<`6PQ_*k>Q3|JM-m;9ZG+D>e84>+Cr+-+n4uK(kn6
z@)jcRz*K_jkTLOt@VMGxGbp?x@j9P6^8GcbBO?&smoXr<vJuGYjXZ`EH1qcGh5F#X
zk-o_JCK|1Op<z2t_cE!g8*8GPMN47ju=#hX>WF`{j7S+J#{5o(^}FEL&uM$2y%G&k
zjVv^>PTg`j^F*?N&g-%ZZ(F@%Wh%oFlygev!03m*o#V@=m#A=K*$n^C1sT2zkoN`$
z+A*mUT0x}+tFQ+H6Ta#qG-}PYqYg5RnTOToA2RiWPD3j3LLm023#d{=mHNfjCTft$
zeN?O^vj>~R(#u5Vnv%^5kC3a;ZguVmY&0334w;NQ>-nyDkv7*pThBiNJ90MusA5^n
z*__9Fm6V_0{88`N(ip2J)BsC?s+p_fFQTMVln)lc`~Hb*I@|5|1<>zGYXy_$ALY7$
zR8>*3;$hak)|tmYkbfn#FBQ?U0O+UtG+D2^;dUJHZih8|W*?7laJkg|4UVRNJ8NNb
za(vxrK}o>^;xFDizC`~dZAJnqpZyaS(*Tuc?j%Nj-!+9~CRc}kfYkSnj1ktGA0w*r
zGftz;qwG>oj>G^%EEj{FX=f!s&%UWKDlXfCoT`ih%MtKDE+tEQF}jA#JD1O#+c7|V
zw0jpAIV~P;LAj_4Sx{bHk`Q!d=-{&*Ox?=HE7r%yAg`PZ+=1+Bjw{7SKk8{B)hWAn
zB_;=izc4Lu<O}$L<#n3RF=3Jdz-&555Q*M(cWK?wM?DKmwnocwR;P=lYtJ#_yE;7q
z-v>7XuJ0^PFeTwch=Ds&lUDFY3W!mEf~R_mWhqH5I?RL?7)q|UIGNl+L+$oByBAW&
zUCP}^zGxR){OCSNRZ@1V=RMmPErgFPapd1>Z!(PtWj3MPlpf~rS$h_3&<+QUM5N*<
z$axMArLZi(C0h_nwPvPtXRB{cXlIISgFkgNUr0vNg=qfOFpzL^i%t(iixq|zyOLVu
zRjXI6fHo=Cc$*E$P~5Yi#X19&4(6m57h{VIbG*fs$t~(pxF2X}F*CWvql=)$bVG~k
z<Q4-#j*V0rTI^45@tP0K5{4F+Sdv;yM?5aJ#9K(oEpGV)S`->u+@IXyt2xl(9z%=A
zEiI_3eg$ndwPQ=DZ(s8AfCX|FrKs1xdoJla6p6CcLueXXn)FKfN!|BAV-#<?EQaWr
z9qm~3OgC6op-fY_{=B@^EEMFC=Nl=MfQ2Y@qez0vSR?^Z0p05oJ1EsVNDTgX<asm3
zJ?Mc9gBYlIAOpq&X}gnP<+p<DH3nose9|9JCc_x+jmW{%ylikB(9St60gW>N8Wsnl
zgd=YP08C#wQ7r9A9uThWrpN`UEohnUYY8>qh#n{6T`Uqwry>jVsEh@Ah>wne2HLJ9
z=<j*sgfv7BJ+ek<laL<>tq^kjyq1`Ll-d$gl3?4y^zT9|n7;aWOXxFn=+1?s1leDi
z61kzF#k6b*;D;bDhB7I>K>zrLRL<v)JH?Lld3vOK%g;}h#6M3pe14_=`3e2=)X0`o
zEj}MJvnAR+jYNUHAcgCPOL?nx`uxrGALxV4TF__1!>!Jwf4zmpLuJVdALL~%vAq2g
z{;@Q*z=-LmmKMu*rG-blWkvSaw*a(tR;wG+|B;S`Q{l9FzdpA9N1>4?I2YFcH7V?9
zO=Lcuh1QtQbhNqKgyaq54#Ah|<!_Sh7>%Xp$id;k2UV(1>JAo=t#mn3NS!|s?O=y6
zIjcnurn!T6sj|PRSX|sA<^L4>b{(n`o!r7P3V_?d0^lOzqH@6)0H>K*09=+Fnx9g*
z@IFBfUWqBDSMTV7B?@pk%gP~^<JwqsZ6;ofuQjzk?jdg={k?d`!(ivYc%m?#YoM!8
zCXHu#d<)FTUCz#Z8d1;XX7&dTNyL9mw&iS0Kbx2w5FG9nj!ShLC7}URp}8Fm;-WfC
zj8UDUFPIn1`huZB%@?HL0KBI-u^k76#imkPj_B1|Oz|}A(Y06MWd%wz@iKCUQ(ADu
z$5!ANQI5f+u}qmzKN)8+X;&t-ym<w!0w;*37Sz2%FPTl0%9|88Cbi4sEhyAPde*YV
zY{jdGXL3o>G0LHj+R;&=_GGLT3jQ!bs+yN-ikK)iRFA_OL~(eP@i@HHQ;C6kEgC#|
ziiOzev4Gtq3I?o{SQ7~y%>&qGXB$A4vR=+~k`BbwX1}!Y{d@lj%YhC5p}_+U2@#Fm
z*dXG*@=r8SMB^FXf56_Kxq~X!!I@8{&Zqwaiv3R~hD5f)Uvsd@t~NRu$Y9W>V77o?
z`m>A$E!K9$30O7fHMJq&G$62F5@P}upI|Wov(<~A%rZqvP8il^{e{$3lGy%;{2TOf
zM#5h5+kYUe+(<(Tp>C|~Owb!1T!Z@6J$4C;kj_qu7dn#AblVzMjdB1l?(|({Q`D(c
z`M)AtW4f;^mIr%|j6?BYhW>@6QQwWIPlwPNg4GxJ-fZg5G-?h}4FNbU2(03!>NZ0i
zK14`&s)rYYBK#U?(FN&Z04;5Fm6$L+S@_gHtbH}Ho_jkPS<jz4abrPbMzZQwT4PW-
z|LSO=a!$xFs+@ObaFz46j3hXjMmQhkn@psiaYKpv;n`%UM=OHW;}~ccAKfap)YlG+
zy1o_~B`i429`*)|7m_-jjT!Mr;s7Y?V>xQ*ks-+g@~<->a$zze7qmd+`Bo5lzcoZW
ziHO{rgh&gexM8gUk(aM*LD`CQBV~U~=aj8UPu3@m16rCqpzC@h4@hifK<BqMpk9ds
zawZMPkvyOqjRU&p$|OX-Ju4ZJwOK6@*_G7_B7+kVnUsXcHOYwl{W}99BL^iRGNJ_{
z!B!CYTWg5in25-nBt#xaMr5-Qk-_;brubc}af+8)`4oR@O@ec)5zaL&m&(NnOJ%UW
zR0bw5mCwF4z*%!e5@B+)lL_-hhn9r-u0tz?Ic7;9Ovfa`q$d;RT;qUlYe|@12?NU0
z2h=xtK%<NUawO06#O}!h>fg$MMzl7d^@#&IYDpZBnrwautuY{CyQ0N_wkHhekUpRT
z6r%GB#f{xdkxe@zQ#k9SBk<&TEyc5+FdQp%#fS6zGSk;`+==RW|E9aRD*dVY?v>m$
zrY>2Fah@!w&lc7wTAz-?2P5v#^eE9MKG?w5AbI$Andz#J#MtNDp`rey`!=NKtlrYp
z_7bDx%sfgvS8ieEG`HjQjBSzo(z)kzt=f+bB>usSnzm%XS)YRZ_WMzO`b;P%;yWT}
zPB6&K?1pjdh;tUlc}oO$;Ta^DS>J01_;7AMmxiN#_y>^urd1@lJ)ZE(3AX3dyfm4Z
zJ0rcUF=FmKhkDmr&)9e-acI_ZZT}y@@XgjREa&w~0Y5i-&?c+#GrLnZfO2b`iW?)|
zv^F*SSvA^TK9<gGEZXaT0MEzHxI+Kf`drs8M$$z+|Cj6YNUMZx1>ayYzE&f?=f?5f
zb~YEo|0np`PXAZ%y)QMs|Nl6?#Q%Dv>T<C)#y<nkgMR1VV-D{zhb-GubhE|GS+EX6
zz@Ev{Fiuc5@x&$$974guJgRUS&qFVXuA@>g4T~sF{TZvehW<$|S;y4HfNW$0+OFy_
zDPqa$64yc@d>E(}UJxa!?RSSBV2X<NT0A$*pd^Loz9`ELQ>$Lm>Nxt=@^Pg6cgGPi
zvvE{GuaSo=|HX0KaaL>NzzBx_#W;HLaYUh4N{sbi8^_Dpt&O9y_J6akZcJh0xDv;4
zFy+5Ejvu?XHjWxLj{oi;o)Op}W&r6T7yLH|VQX~|&R_mFlkuI2jpJSDHG<`&|7+ur
zy0tcr&aG~8(T{;GXBf*vzjG{$o<$fN(UW9ubq~xNO<6D~Z>ye?zn-P!uU7{@lWFn<
z4zUWJm%tzB)06C(Q2slJK`HUhOpl8>J&qaak<H3~VTIVpgDhAKDb}qkD~N^1PqLY(
z)6urfJXpyTdm%72UCs>Vx;DY&A2onk*any#ZGu^81mkQ2OwO^kz*vqMz%+C|GnhZM
z31*ZL%)i<IGw^s@V6u-Jz}(XYm=$e;d5yp%TKyI@=~lmi^Ri5l8JN873hi<&PwTH;
zqV?5swTrY1wB9UZhjunoW2(zw!{U{ZmZ4d-b_Q1;eSMYsO{k~o>wY$^`w>rOnzVbh
zyR>QA?b@HTDcUXCWNnf*QM*CAPP;}c(#D~4&E(5BL^YQlcc-3{-xSsIwVX3yq@AU8
z*SfN(JNh7VVU|ft;~3#KyB4=u<r3z5^u$fwOxk(8@ocsKkS6X>aKRAf+j#FyF^9)&
z)y5xAG(Oy#!(0eQ-h??xOnUenCK#3+pcQsc!4Qklx-ZFEN?6nN`TNK};}J<%AKisM
zP1kK`idLGf=;OgJ;a)UcQZDQ)Q8u@7gN=ATy8(r7v*Fta7G%Lc9^M!O6u&m!MzB^d
zG*kKl3A0?TQy-{lic&7+N-CODUo0-BK7(me?iR^kmgROF6&EdpN0sIbDfDoPYvD`*
zxE?xUys@f>$t|1!!7?S%z<b{PgWfaeqzWZij0E}ntG`bkBJ=M$^ANElJsV<I`Zirs
zMhehpdgM_KbNi13b0IxW(PrSYIWbZu-tzmq6Fv*uYZ5lQ4A4an*g93B4>~Z|soEv@
zY*kGR*%tSs{$Cm13)|ys@_V!K0vn+#KEjz*enDT{5f;?{-yr>e#zf|eoB7N!N}BS_
z*SK$+C8dUvhVPJ+Z`HqxsU`|w{E1xr%HzxC(Q4d@&)~f^v^Xvs`i%UXjbX%Wn<Eib
zBBJ5erd=~#Cg@~lRE`}B7)GS+J=5D7dfV0<)$!Df2h{Lasiq}y_dOmy`Wu!F0)qC=
zWRW+H%V*7VR<>*J434%qD@O@7JX4tnF-G@vqKdW+dDZH=7gzueFoJ6rm`&f9Y5eT+
z42Ym+4YZgraiWW*VT_%Z<!7=KyrLbDDG4I-&H-6S?<08kMpY|WYQ!G!RQssa_`W_E
zLt<q~hG^QF)NRvG!s$Da0+rUoZ+GyneDtAZ1=*?ANwYek6OT!{2V@Fy*}O?^1<g~n
z>Jyz!`lXH4?Z^=yMNglxSaKK>Kzi^Fn;1I3!|rTmci5SBIl79k#a{dpm!5Ik7kNwV
zp)&#RMDC*C@^aZ>v5SvhXlAz%IpVT{Nt`LYlR^$|?z<Bl+=klK!>~sZ?r~42usjM<
z?oX0G3>@N=xadF%a)?fhLp-eCxBAPFL!2fKA=4Eqz`JiV?kZc$t+@*2*06RPwUVG!
zq`m&lnB7ejBn)d{d@-zn6j}qdR9M4<{=mkN%}8UOg?;wRPkL9pi{ccv`!UGvbAbcj
zzDaKt=a!EQW8Cu0JL){{9s&UR{TKtlncC+6z|@vAriLFM0rE!nm^d!s&B>q^wFzq0
zOl=>1c-PPLA!mZDmH|F5+ltRS9v3@ut{K+fblZ+^x}Lx{k+<}xQ+|jc(30ofBE)%~
z_As?C*wK=B{)zfggYB-Rb}A9Mqt3jwVf1vy&Za0$rXEzfJ83F!>(8e$dkbO9`7>j<
z#xULZJ?TI@ZTD62i_)4#1M_n(?7|zw7+g8N-^1;?`_*$YC{<i!c4L(L*QyyAsT8_c
z#U8C-DD$!|3HWwOHJyo%2AbO9vUfK9CoUUkHr~#+x+otfHlN@>jrW|yr%odWezhHj
z0Q^w$FnTvfO-yXrwt#szA2D&05M_sc^Ycc1&u#sXc{gL~TOL_XP09x_S!p8w`(Fc?
zaP;k8kO|Jt$KT)3?<x5xQew3wb=})dBwtR%KYG2>6vaq}&^_o}jD9%h6_AC!kDH~i
zu)RZF2g(RH`fz~So~kvK0~?)dpM;MJR0-==g)+^OfMQEZQu<X{SVx{LLZuE{tpYT(
zrI;haccBy<NzTbwEX9N#%D&!lI_$U<J%?4z7JsB&(HKogLu4jb*A5fzFfz~ZKC@<l
z|EI{x;mF<qOhB{0RFld7l^yp-y005D-`U11;6MsM@Xxj9r;C9vQW<w1kZ?!*54yJ*
zcHmvQBUV$5cf@;B*+hPyLaw(MhG7*0m`)r6Q38j=QoP|LB5MOMpXCvCcE5Ip%!fLi
zJi>mYQFJYx8)E6DWF%zO<r}cx$!&KxMkR5D%WivH@O6h>B5(NhZNd9*?Y)Hjw4fTh
zgT3IzOWIQ`q1C_?<Jww2sxhi_e}+N?t5vY3*C#YB9^V+{P1eVnJY;MFGQzu0;f=o)
z!xI*)dM-h0j^38dz9~rnn?H)cO3!I?*z0!_UMr6Qz^MfmZ326{GvV!D#xzE?VeCyu
zv+<4dT6oi&y&0YG=1PpgFtAkYoDw1rEOYuRWoP(sy9mlQu&RW&;p^LCU%w4=xty}n
z;ZVPMQXgvc>TEK+(FB8J1e1Lz$#c92=6~7}Tuen2u|mr|Cx#Tdu-ViPreT_{1b+(t
z-las)q06S;U5uTYFfY5L#{uY$6PKQ88OhNKx8o37Nde4H89^$-8t(men|>1?5qD6R
z-3MCRKWK2TQ|i-0g|Yezas1S1Ve(Qk?0SxaZ*AoE6i%p#F<8@D8?XAxIDNgf0_Vp_
zPaTde24_ja_xC?%n4kEUTO)e}{^ceiKAMsi{r4~A3sY(xg^iKtbwHsQpyd3y26&>v
zR<gd}S^-%T8Kr|9YyjChyr=~5&J62&rV1jg!=?oE&H(R~tN#PMcXfDw`(5yEm0I0r
zt$<#wT?25vW7;0?E6*m*=NZ>VwPwbXj0|^)ET~)^+_f<poQZYH)muMA5!7D|P^w|`
zSL>S}0BI{>bF_N{H^&9>&0$a29Ivp=@%&$4b3C1BxcT}NGu))955wEYhv-K)C{`74
z!o}=teq{_ZcT}mV=NpO!s<T*hX9>R6EgKWnUKg_y-llfv-`_f>MLoR){Yb)!n1h?K
zaRs*T4?mM54W(dVEYNTOMsf8KOQ&GHpF#>QoQiwQ5L{SWn75a5?%ZR~*Djj2L{@s*
ziLJ=~RaQFe^!UO`7GHP~iS{?=yM+_(A-CIYzO{OIVS${xDjr@aJ65rL$&`n`$t?Su
z1j+zI;e~zl@WLl?O$e&!e}<MKMfBx}rGF)9h=&)hekPL=d4b-QGe((w2&<i-+g8E+
z&JyNK*@2!2FFsupr50G~xdT$iIUhd5C$jJ>jz&`Y*=a;l$aRupfo&KRm=BaO1R8eG
z0}WO2k$VyX4Rctjl)OU;IEafWJ+Q)}4N;(#^BdX4A_f6sm=%V5VeKf41ssr^A0Fck
zYt=h24pXSWi$rMdi?CTN0@-AX$)pQywd%T#xM6IyD=prv;B-t;Z_C?CuENSDmZttF
zt0A?47k86H*XmfFdXsWo3h%Mx)#h#0y6Ew6{z@B8L@Ab2_Rr0;n0>!WLV0j#p1%gR
zQ8Y9(>aUW+N7_lkPIu6iXY~Y4o?wA0Pu<d54tq&B?H0<lcVJZ+MjuF_`kFBM*ti0H
zqRiuw##L)$p?*95#<GFMf*9w`&4lHlF`Yz841V0bvX@Eyw!GEg$HKYH0NG(Q+fng+
z=`38jh?SQ`vHf5JY$6m4tlnZNI5r;T_`usazI(-GV^gH6N*3ezM22rNO4gq>;1=90
zS5+ZlgCi}Bak)ZvAjB#l#INmGPBf4y{-PLooX(tL1rlU)np@ZfGA*%o=&+A2FFU`9
z3Cwp%ygcI1>Ic0Wqb_k-y>=a{8NOkx^tU?8cM@xUmzH_^#@jmIZ`8B5%zBL}8Lu)9
ztUmiO2<Tbyrn4??L@!Qmx5+*cW!lM3b$cy^2VUU`)Ov4(ff_0}WR|fZxRj$weA_J?
zg%N3e6Wi-=0r3p+nXvTzE?NAj3XAi_3OQ1cbvdXak=v>IkSji4@!|%9PZ^2t4327r
z`YezZsDJ3OGg2Q&PvsPl`o``P_b1t!4ff?aVoV)6-e}N9KBt=VXfQ1Q+#3HW#C{^$
z-!BJ}KZw5^Uo~;@7|S`TFMJIzZoyv#U*O2XEy`Q0jzihLqKQjT+U5B7p)Z?~BsA@8
ze16CBrZ!J%4l#7alpAB_RP?e?*Doe>YVVQEoci^AW=<`9n{v8c7H{pq)~~VFH{Zxw
z-~ZnBsJ0&4cYT{B8Sn6Rs;MPC3&dqroSr?%Uf&^oqLH2kB3crNxFU@9G81OgS5}je
zI*H01)&ep65xpzm*HEH&Rg7i>@$a8j!khE)*YH*POmxRT%U1p_qCv}U>zd-r>OV}`
z&*d$q=mVhHfeA5EI+2tUo*+`b>tv*K%{vy=E`$f)#M|A5?fSEJ2Pd$0jqhxy33~la
zM(~&Tzt6zGhI*~Y?t;S$YO4g_Ilwwsbn9zUA9x;^vT!s|<~>(2$111#4>VH|*lYE-
zzCFSAfok72ZCheJHLOA|IqF1zPs$-cc7_6NaB@9hjLh&%jmp7!HaY0aR)@52WLY=S
zh`Hk-=)`eC^y4W9d~FCOVa!C!Rxka0V#xq2KH&)@SYpC*V0xb59aiLJV-}rc`Rbb0
zop-W4o{z&jN)gJ7pixdvv2X*%&18~IOmx+S?iL)!y}e?E(0m|~O6hB4rHdV_fhu!L
zt&u5s-t&5Hn1?f>zJGEfjHQbmzag;6<E2yvSm15wBavQbDmfFcm&xjbvow@l#AVjf
z>e(Q?w5P<3X&(zWm8%WESjb2T`>MSi9wgS|P5PeFKxQeI$G^|3Ri%9v6U;D`vq=7)
z?$h{Tm{bZ+PllOA>v6w@QbW$}kAK~;g%ShKK0lrka_V$U3F)=531e3$xBg@?<(09k
z8+|@`C!MI4?rc8L$QwH?e5sxWWYkUjaLhZ&3>_$wLLf{56j7PK69F3O7aT<uFvkrH
zl+EwYi%&c8pxCT#xSufU867!rM96XyIf-Lr4%Q6kYaJlPO9&^_J7D#osaTbkQ<zt+
zMC9OAp5Q3mI5+L1D9eU+DY7rj-iXmu;<7&O&}^Zg^w6AhoZ>Q(ayR-bO45JC1aNN<
zqr&WsRj6@cCUr&Cb2n~7>8q)|uP8WjB31O9h{8G=WuhY|vpVY7@3|c)Yu-r81^2+9
zzNTs7rjZl<4;Qts8p(2>l-_~H02H5j{c+`2I1tTpaK052qiz2)PvdrxG5e!Tb#M2m
zuXs*IwToG1n5RExX?ey2zRHh)abO(Exq|?b4I%yVJW3bg$nNHZ6p(#+3dm3Y&Qm}h
zK(lFPbglB2BDYeHXMMa@dyCYMdzS=9TXT>4%WT6i-pcv8iOQ(D%bbq&;-dAho7p0n
z`ZL|@)$)89Z}(`IR69IT-n$lyG%F|EQ;$oDm4<Bu;1pY|BVIG}{ONfc)qVG8nJ}u5
zRTsv{vhrK$3GXuXEp|VvY+<Xrm3oKVKFpKyVBwZDscJOS(U`|HR%yYDE)daH0*dO<
zXIU7|L}aDe+PP$}Rdz}tOgZ<DjwU_t-C=dw(<mvh$Q&xpdrBSoS00$djk}jWje$9p
zF}rA|WV@*E;=<Be-*uRQM;bEI=3QDf%E~xy9fj$r;qB0gf27r>JqEh-nx$<Tmj1;G
zoZLJabmzAyAct9E6M}I9kCGNN#0`CV9ChA1Jj!pL+(yhg6Rrnc<?HqS<HLoGlK=R8
zo^yG77dTrMG-3tYx&1t$w@i9<fc@&8bFqGq$MKu@Ts#JP=dk1&@W6LOYtO&`8Z%D-
z|7~G5fDzR{)7FT@#n(oe&OcFo>?Y9pUAX)~&)|~rNE53D`rcqr>P37=O1--W2p4Al
zXSO=52h;4k^49YP8<Vk!=Ov$~!Qt-U!=M62y?4k}t0<wMo<ziJPt!7%U_CK>J<?xn
zP4^v>f}#|1s&2<F?>-OZ4Y|5LG$X1!0HayXM{{+3U}JF=)uy9dqhCxybHowtQ_ww`
zw$%OpOjFVkb*B8QO^GWxuu)uy)>IEF4=21iu*b&eYJ0~(CJ?I-|Fez>S%8@q;_0By
zIfNIEn@C~C^eSIuknyQZo$?}z1{I9msVS$LSVpBf^-6kyih=swHFzJ~p4}x!ueR|l
zN>y;o<=x6MeC3cagYqSz3_#aRhoePBG;x??h}AiA*^A_0A$?(mA2td|#w%o7V*Ov-
zj{s|m5!OUXfre4cRWAE<Y!`ov0jtVS(W2?_TdCmB>6Yl{Xwhu^8;c|dChOVJn|Xw5
zPIO6$i3e@~5`dDGJbWZaz4t6h$!3Y&@gYbUk$Qf9OMTJl&XClpN-SMP0$EdQR+pHa
zgV|qZ4Um@WPuzk!6LbpfF|ZMt(*W-vDKzv)n#)2znP5O7RW>AiGGncztV#IFw}x9t
z$Q2Nu1}EFC^V>61je24M$ghE|G)6DxhE|`yC)32jDg~7d@?H}gDBaUoDrg=As-KmO
zi-^;dkuF+vS8QTY_Hrvtk<rcE(~dQmjTrQyWJ|E#S<mf25Q!F1|8t6%i-9NTvwC3d
zAw}hI)a(gF=MRKkIP!~^;`zg2bvK!4Gw)ZYJd%k=B<88Bmp0%Hz5s{igWJgX!2((E
z(0;zB$;2||;1kB~fn%e8#o=?fKK>VUOKef`DKxC<pS?`#flpB6ALjZO{N4(`(H{-#
zdB8_np_YjX{?ZN`bmpX8rk%@voEPIto6g2UCD`yDXh{BSbSa3*UYDPZt9PD>v4Tv(
zq)z?eif%FakZu1es!iq&UgbnL%d>;GSOZ&u^@gTd{ijok&y%Ktzyxa4dhJS=a@zlk
zIk45YC+;u;l9a5RBnO+kjhK(%;KnFriLG-gx4`~uhslNpp~EMFmqiz=x9Hzh?>}vp
zM0b@G-jf0Yh(U}z@=6cj|Gy7E;Sb|CuwT>f#xI5AXHLLx&)<GOet(>P&s_5R@oSxa
zBmMw>f1G}n{{L6{z4r3|l76=j_`lLG<qzQZ$LaS&-v5<;e|qWn<7fWk`{VN8kDrC`
zGvZeHVh>$Exxr}Ld*aKpn1>$at}b{f)npLrseOX_3V%m#nwDvhsFt)Mf5W&=O2I4f
zkb*O%*rsl2I31<Kq(!wTO!65TIfd>9^2#u~q$mj$E@hWf*}?F2p?bN>P1g!TE*1T^
zVdzX~o**u}-sErS;Vt$z*u=n_sCkH=rHLz6_gXEib}ALl4Tq*-9fc{--mzMIs;m%|
zz>ZX)u53)GU%nKraIRpbB~_T1zp_qYa(#=~wQw+B!WynS^elK%aJm&Mq#hi8G8*|w
z;PimC=A9GRDh56w6qa?zr0YMD>RFLOzEFwwiqegwtEMU8@a{DK%98XoSUdA^{(-C<
z0ST|P7(;2+>$>U#_}6B<j>7~Q>hgC`?5be5w+yk_q-#EK6W2BE9Oc*;{*^d}J?e!x
zh7W}}#-HjKlS`FyMA@XKfPRL$^F}d%g_t7;=@LH*Z=}}<1L_N}`Q1|+<lrb!^i-zk
z)z9lgiwg9j-Re!xP-Eu`R!DLeUVjEI#3G=j<OhIK11NxdZ_6U*D5e2YdCKtB?2*K5
zS1He<3fL3_6xrRxYAkG0KYKNf(4`1<>Pi{w*5^hrQ;g&Yi=j8DF(Rej__Wy+S>BAL
zk=TVSC!!6jsm^_zd1!(rKA7a+(agkk36%-qO$T6W6msCf*t^8Q8zi7KsOMo)w!hP^
zA8Pjm?^KzX70gFNAiHMQ?S0r+$)BT9C)VgQk*3g$*J|6Y&%zZMv7qOA95K-U6)ZQp
zTMA{83nkBqGuRy*VPkR^R=K!}?sF=>WOYMvK@+(@YXow4O<_nbe+aeS>+BL~79(=t
zKbzPwrE0_gT%W<Q6O~1z!d8{q*^)JtP+CIKCP32yeP|$v&m}?J-`H_RF8t*}1!Zg~
z^CF=6QOt5V0RPtq{W6LqmI=ODo8<}Y^<It2RS{D=C<SD>dcj|Npx)>afQ`+yPZtm#
z6Z>vQ4I7Kt>D607rt|ejJ+Vm6twVKWx|X9ir^k4AH~{|_{|23DV90&crfaxeGff~L
zrP(Gn0YGxGbjfKT6W;VYVKpm<b1R*WSv|$l97+~@1KmV<7Sl>2ON$SiZ%4-XS)rM8
z9<*+T_jHhjALRuVrm|?15&{7yn%zehHpduI;6ePBq6kpsP%G(zt17Y|W*wlVCO|uz
zLo=C<F1Ijfb3TDqI=4gUU8LnSRWQ-edU-qesXYO0(hY68$J#Vw8#F#d?xYLWq++Pv
zp4!#XHBRLQn4_lTLaD&l)t2f#?0*~P+7}Be$h4#;gRGYP!|F=gG-<ra%Bem+Hp`^F
zpk*dUUjRoCC$NkCw=QnIUTPnAus<F<us3f7Rbz`AIMNqKW2)L}vGi3^)i&V?g%%Kh
zy+A?58{kZ_3%C};2ZzM;tu(h-xJMGgZgIpOP$)gQN96EcjQUsK^kt%El0Tx#l}|<-
za_Xk!vbCh(s=s~P6!qZpz6W$D$06^Pc!XIoCvA43{hC{WxDx&~d?x#=(23k8JC68v
z$#h?=c?WrvlcXP174r5+ke7wNMVnCtw6B0>+kLypSz2=J@O6qTFrl5`r2fR~m8+_l
zg`+HH;Q&HtT@&l46Cm$s|2$^zC^WG|sZsA<59nTJoV`lAFPF1)@YJpLu@tEFQcyzg
zTQc=S2~*W7pqt%gbql*CMY1LNzk=@NdmVJITQSrC)2cUXIjBn&{3(;s>9D#K>l+n3
zKxvTG=l;YlpL6hET@l0twJJJ!YEG)B5nWF=-i^1#+o<CaO2c#p<r)s<XWoMR&U4fu
ze3M$$+iuP@sozoSD)kwHSFZNtUv=rzjh@ei=W%LITjHM&WCT#{jC)8xb68|So4a9K
z5%+(QvdC6c&g3Dy0V3Z4<GQ!WRh4XJtBCZW$#zl8V(nou!8hKqN%pIwXupd3Is~t-
zcZEj4$>L15U{z3t;wl+SbL~)n8=b|A%W3bkSPflLO}yXu|ApUmzZXA{Z*%MU=I<yj
z+R_45Wiz{;afj}-$<dmm`zF~Rje5s{oZT#ix|GYIaYyOiWWV~4Sj;?%(r;LiCsas0
zS$>0BO2LRKMj}Dq0M`TJk-y$n{Gm1$k0z1(0=Q|@{wC*cgPngAQyFI^`mazkIPTE~
zT`Z6d_9!-mbJ$kAJ8|d<_D)uR>x7hhS_*@T0Fv%JF=^w0R^Sdj+$?W6;!zrr*U3U7
z*~ZaIZq;l64=`sv0vW<^yykFbgd{LkHAQ1?QLL)Wp-PI$;x3v>L~Uf}u8kYWtqI<j
z@FFMO_fm4sFYn{9U6#+s?UEDUF6Y6+H|Sx%_`|-5CgpKa-HmKuVU{T}JepW4y!Z+B
zvOB!g9*Kp(J=dNYkqhjxxHzloZ?DJF&Ec<m!RsY@eB6Looh+b0A0~^S{R^biNJSH`
z+NbWQAPQyc?`_zBj#`B+a!=5_pc^YtERU8E@-LRNx>E~Z)!y);4}Xzkd;x@6HGs!&
z`G-9+uNAu8JFiX0yf@h8g2@GBc|PII>+H?`k?`iZn8V$j8BM$(!_66tHmSW0g%u?J
z@aXy7lIojtG4ZqnTU-jO!^wZn9qN}NN7u?5nq=iSl;hweJURa!T!UG7fZDXaM*qhB
zQh2{b5_ZVp1F&9qqR{@}Dm;7-cpSgZyJB2u;5;5;!yAqZ+2^sqvpwjZB?&)cu+y~y
zRucAo1e;HL7irq(ZNWDH6q;sfL%r-+<+B5%JA?#CY>R9|iNHc#{-*DUSgz;+>cMiD
zT=d+VKLxjQ2ij0E`=%Un*=gvW&_G}d>*Ng}Gk|ci58!X7LOh2t?c2Xmbu9Cq8}AWM
z|Hb9hse1^}sQBNS*`w^20W-WP!wl0%^LwBP+g6>Dx0O#!E^p}{cHP5m9!l%j^dE4-
z^skJ$R%WZytZas}dL>@B6d39+f=umPCIHV%7aubT%uo>OU>Rf#GXOau_*_$zd0Q@k
zUycf=_);Z#%j3%(&o}9wQs3iGM`h%n{MA2RqWd?h4}w2SY6WLbW#n1@`nsj~WfjSO
zJJnH3aZ8?-a?53L1Sxx6NjcnvRi-0%*B~SicFva;oEA|3sVXBiNc3O~3&@gAwCfkU
zMfXu>`0#nm&E-$e#&DbPEa8TzYuWhj*%$OdEqZ|s>ZwW>Sz2Nx6hl|M-OW(IaUyi6
z{_8JP!0{BkSka3yfAz)3(KD#)>a$t?CF=@gHfn&LUa?hws#?BcThgjF`1Oj9N8wkz
zd`Y&ftfRy3H`;)6fe()73CPo6sX3WesSbf>@aN1JV-Hb|#vN*>FwHqit!ZHv24ls|
z*HG3J<s};TBLGls5Wwsf05+6y0Q=R-vKW8^>K6!LA8(n)p?u1q_*y^->QHLck~ow)
zbtXc2B@TrKb033pOA9E4aVUe0P%eQ#w8<@+cZ;Lm-iUhhH_-f&7R?WQ6C>5OZw#cW
z`Gz)UtA}AGTO5;hKEC|HHh1O*1lmsZTm?I`B2jUoxnE^rJM^A&j5~B%VttkDSbY^N
zblwg*RkFWLJP71`)HOkR1EzUU4&8rLueShF3oqnwTx~v$^!6QeJ5J7wEdZ{%Y+ONi
z>PYgc6<kU<tbVmZC&|)el6d_<hJVd!`x1F_?8F~23{HFxc@(QUEn{_jIaNM1GpgLs
z^9=P$QJU>Y%nFWnkcIBYvxs{aqilwUlFfrP^CsJKw6j?}l9j}=3a-R$7fWkQ{1%<6
z^hFwI5&jqx1Qd-+OW%Br{QQU~_kbLZTJSzBSB`=NdD0;Nh0u%Qu=)%%1z8N#HI&7K
z2M-X@x8rJ?^EHt$JDp*OW-2j2uGL8*gjjk*l=1}M;%l3z{W(!Z_0SL?Y7TvsAUVcX
znoXUQ!f2Xub~oJ~t}m|Bu_eIw7oxicI2B^rj>W@-rXFR&5|V1gDI%4P@3mL3sq%~V
zGwmSkB=ptq-$Apz|9J<csqKf*4vO!b#|1W?%X;8=t|hO5E2UtuRSI5fqg&0{Qt;ty
zyw1}vIjcs}#G*f9m3sFvqehs#-%gOBzfR7L;uR=NWtO;@r9QaMZj~K7#8M2-l|!Sf
zn24pc6Y^Eqn;;^d)VhN_?#9d8&}h7dr3S~iF(T-*%E4}I1nATWR2=9I-b-1QbB{~8
zKa!%)w%_`xHL&b1jf3%h9eGFBmx!uppZ5g&OTp{)3gfp^3ach`a-Kt~%_***hW=bH
z1+P9T1)cShBJkFOD8+dMSiw%JcMBTE_>jGs_WXWX`BB~1tjDLKw6nPx9iq2*a(Bt$
zdNXUq>a=>4Na9|OY!%2KHM>=Jza;+F$D>rzk=KL<pxh=Y++>zQg#wA5f{MOz8|tM{
z&nmLvNRHL>M-sC-$s8xBl<;@zJ9=#WVY0~YhR5nsqQNeTzW)`Kw{W9bQVvEs5bwY;
zKW=-r^DDd(TArr!z#VAL4`Lcdf0H;@CQ{3xepSi&fO%0I>S$Xg8CmTy(GVa0RfI_o
z?@d85(>nJ%a;m_LkuoWgXg<wBgq&Z;`lk(bOwGz51Fm)MB)5RtO0b_jIbI?@&<J)l
zITP>XGw)@%@dyy*XMEL>u-KR4aqOGBnhBfAK`ouzz`NL)QAOE71|W~J%cGof-cY38
zO*t<U1ku*-mq1^@ilXSkCYDxX*)6KGO54L?m9W5QJ{nqr-SKvdv@1||l}hz<679v(
zr2-S)m7ip6)>&4%VKr_{JmPkQ$(aHZBJ{z@%9%e~Qr1f0L$EN`N*kK!Hp?BdA3+rG
zoRmmkGh<54Cn(hu>B$Nby-rqkXq~3<_`VaKK&|-1Q@AfT93C4SSSM3z=Obz_Ld&~-
zd}wGL9HdscZj&tR(AIjC3K{zK2o<0LjSCGu%)8{OJ9at$0a{e7OLU(AbshT5!1D+D
zo8KS$l7m-{4R-krm78UxKKS;)ruz*;b9h%9J!sz@XxF;9m3^$N6DFbRAuA_|C!Iu>
z7IG&+XND#;xbRJ*oTi=KpiUkbW&RCro+4sD#gfBXQPlzzC#jHCZUoa$_wnSa)R0>Q
zf<SQf>}EPlTAzO7eX9T097<DhlI%Wp>T9b}-rkJa8(1akl^8S<v^?@J0e#)A;$u&<
z+%(m>hTJsl7?zYZYD#;o(ZnW$l=EX5jZsIr_)>XflJ50J4XZmRHT=9YHGHZ(k|)H2
z$dPefb#Y^q(n*9^rVNyUF20yK3fkPkJ5@3OdqNMYp5Xl|Y!o=;Km++v3T*Udp?G-j
zEj7>=`nY&<e?>>Uxb`87o>ffy_>#=oqI-+HpqcskeE|)^pxL)L;Fpj|ci6mpDbgC5
zdOXtl4U=({Q?tnD%P`EV@d*(`bI05D?VjB3tnRGcQ{|dH-tJ%aB&xjz4@yo5IpyS@
zofEfG0e;)>!K3*iXK-|VNCM?+e7$x-!r}ZaDYWW+m&4)w&FA#SDTeW`P+V-*r4tm`
z-OwU(tT`Hw2K@Odc4;u9Q@7;vKyqVJm(8psy%c=kzL1Q)tWp`UgyLBe{O<vevd@zX
zQeU+tZht$dzA(8aDhu0riF)`S&tKXomTpI$MB51i=G1)BI*{#%h2M$G$~+<as(}Lh
zfTN~d3JS8)4n#$(+oAc&B6zUMjxzCyN`?b+qynmTFFwIiDAh>eBfynvBn){}Jt0do
z;Q)KtlS`q0p1>jTiSwy?jhitDDt-uy6nO3ttw$n%SMkFD2mnXt4~BDjOmJX59+N>E
zH(*t$m^=a))emDrmL>`n5mdQuvqv}*`?9za{Rr72N6C!R%VXqx1TS0&vjbwOV&?S2
z2z+(YO*K)5xMROqiV5<@g!&Buv7{c38X1p0H$_F(7v>#`<2yFguRk!+{uC2H)}^1B
zj&TlMRp8MwMselVODK0|n@JF_*Q(Kl4bLhooL!en{%}1sy0jjBSC@_rS^85DABs==
zF&|9s&at5`@NA`3%H1?3H1tx;?}ei3Ta#*{k#cIXok_2_5T3-RAJFY;8A=jvfy4+r
zN#I~w#U}@sP;7EuGV#fwc>x0Ayqtsb)_9ms8J+SB1co`9-w&pSVloE+Pp_wu!z`)W
znJ!UHAb8v2AFxKNVKSf}?Q*oy=0<su^Bp$=$_>Qj_MzC4yAQd#8+HJ$e60rz4j{U7
z>m(3L^~dN4*$2ZjbDQ0cL(HK=nai$P^ToxO+)8pBW=EYH4gqwy7$$H#_)2%~9`eBU
zp3Rm3Vn5+Vj3K>_D8O(9TJ`Zbc6l+`wL5nuN<X=q-AX04&P{F&{L_23o60!i`}E}Z
zZeb<i9Qlm4(&72NsCX@&P}u&}OR$`;-to%FlO~o3#c@h34bT{9ZVq^ItI#17kgg;l
zuu^?xVom%@Cg|Y!2pK-KxyemD+(EQ%JC5%>SXQboRaUCwl3R}nby3+A;!#<Nb2va&
zR1lSA<tKOWQ{q(48{EOy*{|!=-lyptwc$ZqAj3h++|{!&*#&%^58t6Crk-wK?ULd<
zTh9+gYm~%gq7hx4C}Aml$}BlH%pD~88&X6+#bkss$#GT6U7Z(A;4h(p`BJ#qEalcn
zj!pB9%DGK=^TCK_v7_nI%EB>7#~I?nKi85HbAT&4C$#g7@^D{}*sZ8Dv$n6&tW}^}
zJt#bARjIC{J#mFQ_!leIzCd;7d#WMH3_QDUAa%zG#`m>0nd>h+xEknqFZ|J&D=@w~
zJW({1A|E30KcdIigl=p_-x)>Ce~RflN!qfT38&ZDbF_Xf;*&9TR_;*=6d$_0g+>wv
zV^pJt6dFiW#!|C71!Wk9ThX*`-2Q^)UD?R+67Ay{X|AU*wGV2EHV$`iDx=LoBW(_=
z71twe?l8qcfG&6!1&8YRar)rd7QD&IYsFt*i(=rfE$QP9-IhonYJOoYs!O|L^f`lm
zd>0;mIkB4+cgT_sk{_}q1+VbTZa60wZKr$>pb~scr{iRM_Sn$SK~l)FmYr{Fr0||p
z67Ho?7a5M+%~Eca9O|+T6G?}6S%^`STHwZm)@9GvZZoVmVc!^DxC)Lv__<nEcFMU`
zz?`{agFA!G7an_4XshDsEPU%W<81~8WdNf19KdfB7wzZjeGwu%5n1RIz-%4Bu4H<r
z?k{gco}p|`vcKW2h>Y%a-|J_fP2Kbx()?$oytEA1IfxlmE^*ljR4iP|v65pTYgEgj
zf!|3%79fCSfE}B>Y3?B)?)%=Ca*wlYtyS07M4QXu({G(vXB=IO+_?>?08DhlA4Os*
zX4iuQ6I4v3qFXpZLay5`d6doS!fSEyG@yttMarQia4}A~gYa{Wocp6J!1g~vHDF|=
zR<pC|u>h0j`A{TG7KgOV-2_BKeo+g0I0(C|J)wT<;-sM&$4rc}W4l-4X1HIcEkUsh
z4IeO?@CjV&m{~7L?DB*LR+8A2hH96`aoC$7JGS{&;RVXCa7?2p9_3Qrr`Ld#=h)`$
z;?DiWgTsw7TZH-|ynt<emtkA8uYD`Eb#1L@*tI|EMpnL_qphyzcLfx8h7NCKDfclf
zWlt!x#;}xg$UJ)xCB_2ocIC1U&~DN9qi_<%xcGWrj~BCW(h3Lh^eI69&(@Z7AAL!K
zI_IYH%4|vJi;MQrvUDe|=bnk{nKJm;WMvziU`gwF9}<Jl8ZGAZ<A!;|;Cs+o8(m66
z$#Iyxjj)b4Nx^hk@$hxL1K08Gu#P_kmE0?m!31`K+E4_l)RyKlfUw@_-=i<*J$yO4
zaXBAm%XyO<glfK=K{mY(m-Bb(7e%<7cjL;JBCFVPZi+AGjchr)l|!H_V-#O}B`2JJ
z$?Lf;zMgC1q@fwd{CFP6Nw198K*sgl9Tk{kM;TpCwOr3bt6)7#u(h$mx5shBn}MQj
zIbYCC-Yl~8k&61uco>!AH*XhD?tZs$Na7i>j;m|Nx4xj8XhA3BbI|qi*mZ$iwd&*T
zFH&g5ki}<_#K$#Y^}UPDCR{MtSS1jPkH-w*9_5(&@}(x0VoM6mi5YIQTIh#g-@;6{
zX9%{cLG`aY%=x$rvP{Yr?VH%e<n{qf`SV%2nd12kbo|{I*t|~H0Gl|@ht;~=7C7^~
zVTg0&lHY}M`tQW~1$z?Cxg6)Pnfn*SjKwSiX&o9sm;|v-bpxurVAy<>g(i}j@+Wl!
zC#}thX0lEE_M6*8l5FB4AbGMkAsLQo)usIzl0D6o@FO|?a}%7{s_8Sjb4CATa!#+R
zTmp+kJu4^66e#mr^+;t{5afuh=JdwMax?yoH}<Lx{s!F`C5^yFFEFZbUK#8Y@9L6=
zQqp}ZOXj3xiqFKtofGnn0KFy>_Y*%Go#75XXrqKOoOQbG%<+I6#4&N8Q>k)>52Sj8
zI(B*!Gb6(l$^?x4u|w`Ryepm*-jxa(<E}hVyM9ZKN3V6+I|*J`Ilyhi><my~b1-Hp
zTeCCyER^uvn-#iRKv@1$qOxH|*yCvQ4#(YJp!HzwQ63btK@qOZ!Edm^xz6AqIdlVE
zfK0aOefoYtUjnPP(c@_L<`4|b-yCn6XQS&m0MYDI_1g9nYY=QF2cb<cUtBgOgN1=1
zPZDjIR<)zWo>!~x%>=!0P3%6W2=)!_{-~O9m5BnEbHrs*Mr}C7*WDe=sSR6vxo*m4
zYBh8t1q*CUaW=e&?t(Y$X|%`&%#JK*K{=Z)1S*X!cgOr~Y<kMt)4^HfG=n!AYV$}k
zsZMZW1`#p_EOc5co$00$IYX#)wnuxHdg?4#R>3S5_Yl3BIV6_cmT_7NUXB+wH(qEq
zaVJHAm1&=n(FCHCHk|&#VJd4%_B1Ul0$Q11q}~ewEG%^Ol@^dY%R!N3Uih<5Jg;(6
zejMaSF~2hyk6Ky4XnLuvtg0=@u=p;P{6kEh;844F3V?(8`1Atu&L=Aq^t`XP*`yT~
z=0!EPCx~g6>eNnzOssc?jE7w)z~2S9GXbbilzA2(etYFag2Hn7)4g~)*BiabTnYI8
z5XZM0$M*(A)*a0E4woseR1IaHB!eiM$`&M%3`nquxFjUD-vi6e4C6|`#JJyX&~ppX
z7rXH!t9Q~W7zV3gREirY<Xkw)>Z}}<E;viZWx$-CjXA3>UXg8LE)~yRkZK}lc=&6g
z%}p04?MTt#kucw2OZA^}rrxZofUYsM%}bJe2MucyacNNRVYrN-73qelaV{(bTnZ5v
zPln(Q_Vxt!ilw&!10;O#2(`xWaVt}7_z_C&?x5X{W~`uOrIb{H?;=cyxv@Z8TIo18
zw-+!*7v)G<Bl%aR)rJL0bgh?ygSBzN8Bxcvc{`=4$D(2QP5}TR_wh8!RRv-LaHk0z
zaG=`v6>gDD-I5kEMMQ|DlnXd`xjG1z8!ek)krgqyKnjkxNsbNPeiTYnt_IF$ao`E=
zh?0L#vlQ&a+xmWxf>##QRti2~@3p>4Y3g_@aQE34NlLSJxqIrUsB6gR%;FEF=sL+?
zX$_9Ix*XwoJ*25{D0SJSWx)Sy3gJLN%WbDIN|#FDq{;-VG_@MkV$c*sAOX`xqt0k#
z2K>XO@!;s>X^gx~elJ(7@6;Fc)ztLPlmX_8E^K)$KZ;*nCe_d_@cUCzTb_43KRzAJ
z%|?E7-*B4!k$m<++j1@(4bwjwr+<8g;0X@G+o94Grr7k?sp-Ar(?8utUxBK^gF*78
z;I%~Zvvrc6j|z3yUOX#LYlPkbd+Kc>bD3|WPUZ_h=g<a7Q>RCVJeXPhr4(I_Mo^$K
zES0kuk=JYKNMv+HtVeK4m!k$6_gqb2y$hoSQO(b2`^2agv~{9-|9k0m)m22V;ce5)
z>xj{6d#^TW1(X^4uiv6^$}lt!6t>vO)m%R^o-Y_v6P1F)Wso1#6X_@EP64;UM<&W`
zngV<!6H}R$si}4W{-88?J>EMRh2L4Sa!U?2lB&Y&VrqfE-s+v=ug~z!@Sytuw7su$
zB9A5ywNW-qPpU+tMLB3}3l><BwT^=q*|LAW&E%aZ1xM!B7WB#S=H^wGe69dCLdga|
zV4SFRmqMv5P4XxT{(s4ZGSsMSyr*1RW>_LYX94wLi^2814SV1_k@mn*_(xXuf04`R
zyc}~5sh1X#J6bcmTT#F#AoKQA6Q#6(Es6%FUnjDBNToNkf9KwuxL=CYch6&CYD>#*
zEKj<RneD-945TPBzcjjlI4Ok>nJMj}%RUAFSA_p7C{*@2{rl47;Ehv|o!?8@={>>u
zcS%Z(8h9U_HYTHCXD*Xw@=<Q>gRa&EAmMjqUTqIyy+b$5(3B%ILr#BFiWopOtYog;
zV-ia-h9V@L_Md8eaL&g9-QGn?Ow4%SCjsK+m(bF^q!oz1F$B#!l0zEuv7lW=uy~vS
zu|e-7$-loD>Bz2D@qT{ARne$+xy!-s4SnmiRQT<y&MQOh#D-b-LAk}<Q$W%7%3+Uk
zO1-f?@d9IHyLv|@(xXy)JrZnA*pHFZT`@#4{x^JVY9)Uk%F!e*uf(<g*{#;_FR3V3
z$3<r@96yjC94|SuJS?>;4_}rj4{PTq``?pbCX|cW=|+*bj~tqBRqu}p;J(c=@)Yey
zdOm@a_HteL)wF(6a5T_evPt3Hsgi=?rWMaJDd<2ESXOp{h}8>g3kG}I4f&*6=Bq0z
zDNe_FDAxEk_YTMV=ky1Qq)><JGZRV>h_!;{bJT6T=AbjvUvHM4lR}vRWJ;eSACg2*
z_{MTz5#Hed0hG$%aP{t^DHt(py|FwGb_|Ch#9^cmjEW=}wWBjE@U^eq#K@_4F?m|r
zjnOI73Eq2{q_!+O2Ft9&LO@cszusbigI`SCr++amCVv;ibbs|!1vIV-4-S3=gh(&h
zjro3sEfnBe1$>ySAn=323#YM&yoGN2;7XT$h>4`6C=Z&jeM}3tAeQ3CkdILL9wUjI
z+}se}Z~0g#%-gG-H!|qG$T~JS^rF0t>XKQFoU^dRH2b}s;n>@rr~m0Yrlou=4A?SI
zIP-iO^23n2?PLW%9GiWjOWEg9nw*YpVre?eVO|;h1<w+{FA$flg*64Mu*3NR;2U&z
z$cDA*ESc9H7(lcFPBu@5W3BIQw{npAS7nsUX>amP5|_<D*{xvk0~y|f=;W|g8-@N|
z0>-e$K={6nR$vzx26~jtd66Xl%wVn@3gIi(<&nHY9>+;>Y1pw{T)NV_rldg-16VXC
zBnkd{QCTfMB4c##l>*OCCN5hAJJ=cYrrG3Bmo$(ivysmgsK*5wT?M|ab)}vU!qsBh
zkgilf&+05GZVwC-FVURQRd|4BI325e{n0Zl;eJCXnGNIUE-t$o#v2}7l;PFj*mEjB
zu=z%;#Zqic#45~iREUA+>9mOeJ^1%5wUGhF0W_*sXfxfE(<F{i;C_<-5TR9a$WkSx
zB5jQH%9lfrF?tmvy<k-_90GGubVO=bU{VxDZD7Q}Y630j8$kOYkT~!arr*lY2UKA4
zIO=@qv}W*r^vu+KCWgT<Bl*f0`C8KNEhGK3#c}&wi=ig3kCx+&Okh`3ZRaDxw1&7Y
zn@b)_H+egvaB&3obfBzQjJz*kHv0@XJ71$v^O2y&j{|Wm7g>6DO7t?sXY&psPlrOQ
zHS#cdNMLd^t8!5Ns|m%Ro2~MYn{8t0mvp|GS;K3np~r+wTFzZ3eG$)hyiP2=o4gC^
zxa*_<#KKt4F`<4ANjWHm4-Spz&XL5zgKpuJB#t;pH`7+SwH$f~2dQovf~k{MA>v~d
zOC!jb80I`bE0)woeSdIGbZn^S|0C~B;G3$l2jHYh+q6x2DQiKH!UP4}sDKg{X&{C7
zFaZ=n6c-fjFyn@pu*lLvTJ0l7>+XM?O=on_(HV8L;DR<Sv}K2~3NC;GFFZh?SjyIX
z=bZaq@?M%&Q2+D&zu))!L6h9~?!D)pd(OG%-g}k-7%|ub`&6>u9@ooiz}qrG1lWV-
z!{qx7qcxy2&&RPCL2J3<3L4bcWIW|RZ{*RAk-Sd(Ft1Y$q|ECyj9#bcEj@2caOi%T
zdXT8nl>})G?oI{K`~%v8wTVg46o8T?sj;A*OeXAa+Y!hG1mulD^Fay=rJrn|0nM<v
zXOdAOw1Gdc@m6{%{Db@^9~}1e?|T@eng=#U63~Ym;1k!Q-dwMU%r;K(D-e<n8PKgt
zOeoUrpSbdMEz3(r%^qNdb-v$$#KidjOkPgW$xD*bATSHcn#oJn#JV_v*|NL@Trh#@
zbR3RJOhG3xM<af&GopPOS6&4SEd+-GFV|#CNAThokFShImDd$n`FwL(`63FrD&loV
zm9H1FdRa^IQQT6Xm5<LySv?=+1Xr?@NyxIOe0(`hK05KdW)&%~y79-$%LkAKt6*3<
z5z?~!$la}o%ZFluwl#UF;I{<t2NA_37>Pl)&=5hsqr5abWN%>{Vqa*8A(lG6E{3_a
zfVp`2xJ)M>UyI7exS^FL7*BXkb8(m`-k|^RWVg81DFV}cW-lXjJFSu0k~*)OLhW`-
zC-cMfB#rqYywb)UaOSwghEGt36GPJDH?sHyWDKGn%PPjrP4}4$)Yj%SYHOBJ(^k>k
zOalhb#<tS1`{M7-Aj@vQg>rCl<?S%A2Nq$5s1s&_FWPxq*7^A{EqDIxRFkfXja6CG
zN|g=ws#O?RZII~2bz;aPuJVYr($iEIbU`PcE!(&(yc-uEwDT?z12?F-J#y-~N8lyS
z1{)hL%Wb#SbA@KRVmq)4;0Uj@=!cWcV7s~%*k<0X9}dT=oE2KGQW%GUOjf0~l`381
zdNHvoFSb(U^j-QYW>)3iR;p}|t72hQu4$#pcX3scSe0{p%T+4w(N{@fRaUoBB{L3V
zS**%StyJj}2UserGOd*=mqQg7S8mG3*g5l)7=`}<Lzf0jn0p;LgDYN^WY7_#GU0=-
z2Kre9V`2Q`w5c6u&>9=!il2juQq^tnT9Cq_Djoe%>F5(};TEOvxVA9e#0q<3a2x{3
z!a%ytqz4IED(p6Es`gT<j-)q<h3`^|=9nlLt){t`OnNR*BucFlTK!8hhNOL1gO7!A
zZz~k=_%L|;(PRw_4=5dq6lfCt?3GZ_T<JT?qm}U^Yj4(%3~43&N>Xzyr>j`5hbE*u
zC&Oz;O>r}KeOzM-N&IyHyj+7a?oE$I#)(}iAK<s*cIjWYDdAm?lBsExd)hvMLeTDH
zk%{&!=*pysTRa{|Q~$Zq#DYs4fSu%|&KP|5hG;n2Q__GmDp8VO%o>leh`tLCMq^zJ
zjeCy5Fjq^#TNMBvVgLx@Cek5KyTppklGDG(=sdO4nOnieIW>+PkXw|bb}<>{5<_8Z
zO?q}5bGe{kU2)L+ZZhcsF{^-lpQHzb^?WjpHx$WsLw^9^epB3_mQPaJdL?07p}4jb
zSzOl_+UgwN)`MzW?u2bU9oH6$&+rw-7)FR=@CZfMYDcxz24kXDN5!?ONZ6^@L0hx6
zZ2<|bov1YRPu7&SolZ(Sc<oS9=j2|jP+L?4@LeMeEN8j8F4Mhs?GPyCG^KRA{oM6X
zdfFH_61Up@m2o3M<6=fZ!l|8tN<p~Y(vD17)(ft}TMcSqy%N#A{uZU-Ee56G9k>Yz
z%*}S8!O;51O}63+Z{MN?*zB9stOuI)V1_MqDbE)hrQINx!y^#vX*=-Jj)k^*n!K>o
z&{hqSuPbQCT{ZJY@?Z^)dyN~zDUF*PyeZ-oZ=GDSdZBAX@X8-eq|uJPBP#Qyo6<~%
zdMCGVG)3R8-__Sp;N-TCp6qlyGTvD;n&NN!ESSphKkyCows$m~lgc<p?#63YBDoi@
zS;^tCAXZ4b09Ue?*C-OogGYP8gDJdbA(uz+nl;+ZUVA$i9t<FgAcD}X$X|nSl{@ho
zrAw)GOCR-uOvA?L1-`ejFL{CY!>cC@UM0PI6=fh8e!4H+R=%Ced`|jFIir$62<K~O
z$R(bZ`iz7=|3<E8JERBSLzl@j7+mT;#k;$obTB_TLHwjehj$WuQJa__S)5sI(7s|j
zbH&Fq`d}Uf?&}R2eeMxaLZv@Rd1#5{BO7uBOV=y}^KnarQTuG(KK?UZ*fmOV-P{Mc
za)UM;-W-qMUzOw*CHZF9UoEq6pKtE5*|=F;k0Je5bETg`YmUv_b0OTu52uKJtKGpX
zjY4EqKHjAUFp|0dT$0Zp4v<woMzb3*!9?d<7+$YuGNzsNLx-o$uyWzA?JV>!1&USd
zXYM_SCatT`Ucclz-0*ERQ@cjrwd`fZZah|_AFJW~3~7bxHDR2)KcWgAcuK*X8}wQV
z#h-$slsjVd_wCY;H=D?63K<mdbNFe8_`pbun}yWl9nymC%t99r`};{L`RePw;rY2o
za*xP&(9H7UQCPiRY1@W{E@$f($0mJdQX7LdVEG3^7lU9tlJ}7ju;%L;4M);XT6!|m
z;QS2dQckAU<1;w=W>ZMz92^~nPXkC@7%$E7SXZ{LD?#bIk03B9TH3ku@bY^miqq&Z
zDRYY61fc_&yzxh#g-iRKg-csKXDn|#rcQDR`iO-mn#h&ugF&tPD&I@qKp)!iC`P&=
zl4%H!$Bij;nyl;e5~Wjv;n?Ras@m$g0emf0c@3fH#D7jyd=A<){`ffwv1v+kX|eaX
z(&d!qOL?~m-=*+s*W<gN;UW;;P3czA+8uAQitTtHgrDyzpMNzl<L}<?Kn|G%WTSgV
z;IZj=&{X~`axsO%^P=&R%brJ*iuCXT8|ujKB9w9{i9~m?orIxs4P{+~C78;ixPp8P
zyq4fiXZ>f+&C2qhPU1?o7?^|PXGTV;@6kq|!AP_&9wqHq`qx;dlw(Xkx<Ga2z<=1s
z8Ec#@eBj8*AS2Kvp{CgW6yXEI2g0y8n*m<UQ*6~nNwM&P28zVA7|(cXTy{6zJs2@(
zz%h1jClc|w(6kiB9X?@Tt{MH}G4OsCje?j?iMDnh#`SjDDU@{%sBdhsI%|k6R^n0V
zbSG3F$uR`2?WNnyZ48Wusg-b#vy^<odk6X>OlFRtXwHHmNh!Fr^xIKgSd1_VUoWsA
zhI258p_^nN%pAo>?}zswd9-d_!%Ug`&=}`X1Veh4THx6%do>mCnz5gBLlR38;a1WN
zC~$Jc3(io2yw>LK=6s;S;pAt1N}BjK3pjYb2@m;>#5)dpyUI65)`)0Yv#MF(p+Rnn
z0Eml)cIgU?#0Y=_MF4bD1i-j9Yk_-D4rtW}{|zR9o;;grkpD-%T<#_RM(&~59QKoJ
zsco3IrIeD&tPlUZtAjxkdf<l?R{SIs>+bVQ>Hy&-tG#{k66rQR*x|?LPexd}dNfq*
z6v6Z-pmdyKsVO?aQ#7qO&T_qz8}SCv2TV#b0(2^_>ZPWyV0FHG?qnoa`Mv|btNrWZ
z?OuAHHs0<gSMzwg`tv0vnML{4AaCa+^N|X<1Ire&%B^T~=z1(}a|hp{6DYiicZw&S
zeO9_0`xic*pW7gS21owPPR^DOve)LZ(TNJ0^`YUIm8{L7Av_4DgXNJHp-+t%cJ<lo
zKW$s+_0Q{?#XYsrz)Yo%3|9I@S(k4-=jyXxn6?q~FKK%&6!~di<ArPMo#SZ^$_PyC
z>!@;bu4D4=F$VDccuUB$TSFp#lpTFg3QP+D51RW4(?A5xhfh#`h_w^6kMSa|A;uw#
z&Pu+|8s0R)f@v)sd!Vlq4D*w9cOD7zEw$C=TN<EGPm~#qOHZWDM?{&Hwi;rYmfB*b
zrOV^}>rp$OC@6USTU0y83{LRK8JTE7lg0~9vBVYMMjkjynkAM*v3aVcyUD2sG;tpY
z#(XtMt+#_J7(u<4{%yl^ZfdPY{87qz^Lzw#hZ=cbqAW{gEI-ns!$gUIJYcx%okjC4
zk!yhaQ1Njyd5$KFw=iMZk8(JED@}Yo&A{@8U}X%P5q-VJY^R)K!Q|vsJ(+fiqH!v=
zF+JJ_%<@#S&uZ3CBj0D!tgB%kC7jwM7>|u88k%~I?^3iV?mC_~Rug}3kjy<cMgadT
zSrKL`de2xD&DR8D!WG7YHm_$<gya^@zZOQ-m!gv)AlXsxA)ZD3!3^PK8X`UZS{iN~
zVs9c<D<kT^l8uPR>NBwVoVe;Zuo=>JXai4~E0h(2E_RG^rlDETlWZl<ki8=i)S{Jt
zB_XXCd(Xb6RpGmedX>@}K=^*FwXfvGO?;omS^Wj^jBu(>Fs=a{w!Oyp8?@K#%^O2J
z?k_gF#kJ_l_-S`?WdwZ~)~WPZz9)1j4$PF$(}I<RpG`Lz%9OTYei~_hYN72Unx6>G
zkJ7kwU-!iGL-DP57~+CB!gk<>+zNb-?HYlv{!W;i907VvjsP|8^zG;UXCsOa5#}7N
z^NxfqOm_?d;;7-d5jAc$6K;D7nfGqRm3{@MgqduT7Kam{fBKl<fGhY&HGgW0t~!eQ
zMO2r<ypBp#x6^w@B{ieQW)en<{ts6r2;#T&s#b&ez0cy=3;|_cenYP#-x>{))D517
zd98mR;`13c@#J(6v|i6gLj0+3VILSFTRy$~3Jyr+{Y???Eqw6N2q3R$ZWEyQxbFb!
zDP+oSLnO4J%$XElZEl-31|{~-4N|6|nSKFyPy(Z|bYaRj#KT8dwo1X(EJzVw4@3S$
z8}A;L(Bx}hz5xxiM)Sd8-QlbB+>TV#uWg=^1~jJZkA{^9X)215ZJDS^OtA^#H}L)s
zFTwjgzf0Aw)=<0$i!&~<qBp}^@Ou;fmf^SjYC&^*#{l4I&pCGhR;{}v6e4!i2p&9T
zre&9*s7ATRodn$r{*5Nt{srzMr0cp_X(8h%&anDcKlWA<rbCGt_OZM@AEvOlwDUK2
zXlAd<?Dw~mTGPnV6q>wUK=7Yq4Qs4p!tT?VbTbaJ+>U(sSwj@w0C_-$zmymxZ(8;6
zKGD^xzLgq#tBAdo<PnG3wH7!E$VLU^)tfpP3gY3_K-wN5)xtOk)IQ8ygel`@OUTJ~
z%tx2iU}mbJ3MyUXpUuE{x@)7L?!LsTzLgq#Ya4qjiQH+mJ`60t-=t)gwdK-H9pd8q
zEA*zqYKy^oS9tt>#3kBndpQJf#*b#h$8@g5F<8a{EFa@qP9BUlJ}sm<d_kLZF(ald
zs`s6#OOt%r6O@IiJ<?QmwB7bda#gJH6J3<X`I<`BW@Wb0iI_2^N~13mzNy`7Fwje2
z7V?O<55hed;a+}{(Ev+tH8{Fmk_TgV@-QCldbdl9Xvcd3Q3m>VHG|?ofP$SZ#9C-H
zp+IQ#qyhc?CIMkcCPo<VZRn72yuD8*8gJ4Ck9UGQFx-i=1<LhVkJu#m51eyi>ds8y
zcX_z#r^K55XJ;5dLrs#eU2Fi?vjNEMg#a)yngX&8LojJ=;McJw|2AN!+CjBb2DN*A
zheY<4#Ggn;y#G{^x2M<$ikt5e^e$i#lKDlABrM(1nk1yfCd5V#&eP?%Y4F#Yc+mtK
zouQvnXgz7b39~_N2js+HG07l}HYD+4e;vO4!zNtbszcbbv}~}*%hH}BnYb8+=j!~!
z8N`<{h`TGYPX}{`)G^7bCXw|I+jCi~UDlCMr{vK!(nHWCU`<}3%WumEx;IpryjSx6
z@6Pc76D$w#7nhWh)eF0+%gR9AL8eLRUfG)-ugPm9@N4oU{H!*_;LE$L)kSA1TXeP@
zhDGO(Wh&!$AjW4=@x5uV;R`=!Y-6aJpd`V*|1@1$O~D6q;X#~z0l5RQZKJaJ>jGN`
z6v6{h2w#638E_?8Zps4%aUEV=9F^X?LD@t+&o&XTFBJDeCEr>`y2m<_mD6&@6dD?}
z+TCe;1Tob;?L155u~SXtk<Aur^e5h{=8+7S_A@C;P;Q-cMN=lZf+&eQ$baQ1D^kw!
zg@Jfkb{2G--ITxaj;Kim#>Wa|Zhqzlg9qJT8)-hp&45Es!06<%@$A|1!M_Z=u~GQs
zcUKLPEr-7SlW=MupSuZ*=!<xQH*TV@l|sO2@dN}|w6_Q$In^Up3ZX+*PwuXweT7_k
zT><xSWdS#};siIN0uT;=a-r;z%>U`w!{F($rhX*%NP8O;>@48Cy9!*~j@|hsyS-P}
zJGswxyNz4iJ=XHUu2cBXcV^x(G~1Wr@Mc@QeVxH6kpfqb-A-}0Z)-sr)ZL7AcR^j>
zRf4fj@K?ejP-&C@$QyU!M%KpLINSIfF6$=vFW}i3rH#ehs8g!SD3-MUOdIb=|CtQ$
z<Nh=0Y7X9^c04^Sy~S=Vb=xytr7n9LI)ZcAIsDVT+GW3nOzv0H@z%<Im~XnnQ~UcG
zKF6DZFYu3aej}pXKz^;kfzR&8D+S7RjJYTzPY34YQgao>n0*=R;@Qy`bbu7n)twlt
zi<B#6DRl#^ZV}eSyWTJGk5r<o+c{Pj1FcBg+OxXju1b!#SB%CF?#;Bg4}&+*QRON+
z9Ub^5_~{l0J`Eq3rBEf8T48yNT=t-Q0#ZyZe8)Rn{C*6+bJ^XAYDQTw)vO@a0l9!|
zJ1vC5KsB44Vx1ExCm%`2*^GAb8S&iF9*HMZKLUt{Yeqb|_4(XqXFbM^o*p&hf<p^2
zM)eqnb&xN0gu^??;_c@QK7iEowNsRRTX4Ukr5~;YcP$>{X2Bn_Asxvt0`k84t}n&U
zMArP|E=1o`?Z_`98&Q6Rf%#>4uSLI%{wx6G<wuf~h}5`ul=#b&=^!iEAq%U}fh)*X
zCsYZHw7@2`J-*i-o5{SI;tKb9qA$I2^!%4fRN-RKv6;K_AFfDd>il-8@Ksb@#)2Ac
z&ck>FoXy19ZUl0lfNrElF3W8MdcVb(!{VW+$sYCuKyR+%P><${FK>!OzR1C0IonzZ
z%$kaR>3>AA4O5f?B=6+1Mp=ZKQA!l`VXOZ@Vg00M+o4z*xCB~*(f~Gkm(6MjZ#%C<
z0~<CQ%hGLZ;k~!IgAx~c`3ZF_8~P?I-&RJyeFER~`P7j=eWO*51irJjX^ka=$>e`P
zL1kD#u7gsq^JHQMJj#`yfr;?$Q`l6RvQEn>KkSWi%B!S(WHC<Z)i;^>vx8nNo{H=#
z(7`8evNsJ)_uT_qa&$-GG1@_1LJ0!@IX)J~ADvoY<rKfw`yP!%R~nlV@#&y6{hSIs
zK<L?v<e0pT0s8S6cBb{o+azsl4BFX!kQkkL)UZu{KY_l(`-dC6R;@CE9w&U@ZX0=>
z;0=XStagSDBn!rG1o0~b>*lDd2^6UMoZjCgsRjS*q!#?I1u-Ib)%%-}|22?bmEvr2
z(%YL4&a+6bPl`I5>|&nRJJCKJA3ZtAKo#7Mdf(9kr@t^A+9|Zn>8stfTzfjhK>lSW
z+IceP>)Zxu%&X{WP5ba86vytY)M-5-Ra<*&V+L`g^;MSF#H@Ut`vdzt37;rW!fWA0
z&3L$F<I+)&xMn=wZ!td@e}yHqH<_)+jv0-GR_~=y222{-<NF~udg3Cz_cZhJJ=~C&
zo}?bd#K~*5{oZsfwh(K?x&ZvJ_O06XtMv6@)}fC+xRJuFMR%hYBTRH|9fNN`R^db5
zHn5^%SR~&uc`7u};L2*7<eTKk^#PIA%AIuQ6V4pRqe#rYlL!S@o|kSnS4c_Gb1AV&
zte3V0+0feJ(0ri9oD#p0Dxgr_piNnx$Mj8L7%Kzz)^r4~0Mqgo&`Ek7S3Hp{%SS}`
zFBFUJRK7<II;w8q{gG5|F<G8RYVc&rzo!wSdjVDR#tnRM5#DVTa6eSQLegR1mwn;;
zBi#<cr$-Dy@%Qk5bsWB3TzMJBV}{RH@=y;ie`P9OI)=Wp<fm;3eP?r}?S^OLi=3f-
z+0L|GxRM>hg1^F_$rbQ_PyD+!&8sI0xZQ`~KYV&6SOAX{aQDFf-Eslfv>(cjL0JQo
z!T;U$P_}_jHc<5IP$O4@fI!(gST93I;R}pmM(srSQd__+taUqTyq9A<8{=l}{FhH^
zTeL5!=#0_733#X)W_g3}5Yxq#voQ>r$OmpxS;h^#X9d1V0=@xewX%1j{#hzPU5><b
z8RjFz(`_Iqh2Cc)JzfH3IVc8@9&f9Xssrqv6YBjiIgHA)Zoi@Ud)b(aAM^Ga#0N9)
z-q}~@?FE1?HG9)QEoDH#jz}FrDvDP2JvcD!tEiN>q=4M~G=nTYd^g%@r7FGr>j=u-
zes<<l+1s9M_%-->&k}{7fhjDEnalL}vbTV*&M|yVu999^62;c>$zfapT9OA3FS%HG
zfbMnPp$QPqJ-MFPJG1Q$9nw?zfCZyZ+{yd*Ho|7S3XQ~<CUGTyHn7tfu6!J{RY`4G
zm-tVodk6bZr}<{XCKC6K;~P<tgxzXM-NM_|9czJp?<kL{$s@nEDrJuz;Fg+wJt8;R
z<eu=;UuZEbyf&Qs(UFMy%O3XkI~j>QTgsM4IZbWZUNkOUD~n*ixv3NGH@nC7!<W`L
zmCdP>ZBC5_xmLSJ264qbbDMgoi{d~38{C?oq9p1%c_D5hp;c1n9WepK)|{T?B<>Gc
zfD=)^IUa2+yxiLjN?<-JVLs%}VwF^0N=BRFPMk_hgA-(AQUG=>1$ch1HaL<R?4fIr
z+Uw)(u4(TQj1O=>YmnEp$aAjHl&Xm^MINzQTq|yq%ElYWt-H9+o0V5O-BO*0u9kdy
z(cUK6%)Xp2<<mtxAXfL2?EDQq_oSP~lOGXlfjK`DmUZ}G{Hze^Z;*%X)bdanqt9Do
z^a*@<`%Y4MuKKdCE>6HB=p&tOAzl13c=mZO_CS&@V|+U!C)prwk$(3iOv5hZmjCbp
z1A3lf^if<L4m1Mg0v?X>(<%ezClvVrHLru3Y<xcl-nVxUybE?FfcN%Pf_K(V4ZMRC
zcq_USydOVtA@G9EuK~EEyP}^?q+0|RN)->ZkXw)sV&!2KWGBiM-Fz_k??(6qk}m-N
zq3s0!iXF@{&Y~Z|D=9RB4|ixrFsqlE^W@y6Fa{*1de~`-hr};&9RH+o^kd^V#rqF7
z<~3B~KpJ5nqV-9-bhuNA|NqIQTK!*hKkO0LyTmGSJ$cqdq<zdL*)2{-g6*GQTA+zJ
z;w*hQ!xI?pL9Gtsqtd1ej{&>xHN)p1*xAS?3Xo$F*ZB9D0Iz`=7Iv?jKgY`DZ^ygc
zGr*V_-eVu)-8WD?%BP*+MVo)GNxY-fB43r;0Ofc&jrX--07iP~VNCmd49}D4hI*Do
zoNnQ#Rf}C0$KBq3fe=aS&9FJDp^;M9M=gK5TH^1%I{xlT@jr^S{GCP;1N2-J8S(Mu
zf0q2{RouG#;Azgsxi3h7@QMV9>US5(Ut_iseRkWX=dT%*UC>0-*>RhOI(PPD{57>J
z@z-ts3*xVUxjM#Qy}By=^>g6;!xn<~p{)tv9mC))*s6iIw*v2bmk_*fExtf`pn=zS
z$uE)z_vqxot~!GM-7WF*fJRW7L?ih77R?9>dZ_Z?a2Fg4634zpC=hri5#DM|BJiTM
zMkf;f(ItWXEXo77Mjq4&7bp*2(8>er*R9C|W4t`LR3i_r)5rtZu-97TtD6gib?=-@
zC=htDYh^--@Tnmt5ek~$|NcCEqM+zk)+ag?U4TB3$6vfY@pJfV@Ft?q%*}fKdK9Vi
zP-FvAXUb*`b=F?W_-lMN@t06|(fUEh>|dfEEZIo#-nl6Oyn`9MlQwDK%~s(3YbS#D
ze->W6esF)MUr|3;vw`6M)5dstKqHvbL?d`%qh<t?x~cNutB#6(uw}u|)DQm9@xt_j
z%KV?BADr9yzp5XscssE;Xh}bK_gu!Wq95Ep|9@9MNS=Qo`oT4>|B8OlcOB8^`E`2!
znu*l8>nu@c!#WLhF7LwlE3ZBAmt)?=>j%m0e}R7R_*#P3lL+3v4Bk;%cr6ONW$g%F
z@$rk-4<@$z74?Hp))4%`wej+RMlk&hji7j~W(1=;tMXu7TU9@(ocpu&gD2ZwfPV0S
z^XKRXhqwOk>Ia`Ky-5Aw)y9n0^aGXj#?tweJ>mJ()!v>l`jd0&@$SSdjhKV(t~U6J
z6Oc{^vt}q@*|2}1eAqv`1^K|@Np4^;05Mzhq9VdpI=LkY!QiaNfO2v6IX{R0&eRb7
zuCLYe-(yI<Z=WLSt*+HjZ)r!ye>NNOU)t;o;XeRbyC84nk_|t5|HI(zmI&T64FqpT
zExbEBDEl9d?SE!ny#COO)5y0R9lZA>fcLlh{ZBR9|I{$~VADg)Gl=i2(Lj7zhh)X`
z;GH%IGm(c?`ioB?Q7eQ0Z>{1xiw2N0MR8WR7g|!|-!ZFIkGPUGj51<}AT~))4^w<l
zry>F7x=QC+sz;_7i*8Ie=9NB>p@xtAYfM6%lGbcO3DFOaDNS^_)S||4J4%RN8VNB>
z{3a?P*tifL&>RNp1jUyqD4u__nV^`Af+AYayjZnl)kuqnPR69g?WjMfQ|E3)K3wU|
z(a48OPoR0f^c%0iZ~|!9u8|HWRO#@G^@mlDwJskB2B6&|LoP%-5S%A8(&3k#Kklkx
z``?v%e)A&rE~zK#eRHLTdZ)K#{B|sZ_$@s1Lii0~)-2E;X8e5l(3in`zA6E{yG}6u
zr%J2;WGVU&gV%9E@apx6<cwb+A0Dq{`cGB7d?1K>Gl*SUh*Ppu`S4Ua!h8bR*di4^
zN;C>ze_B2uMOAC%!-(_*@_{uRl@AX)E?z#oy{<L+V7yTIz{Z8})FzY<{=X-d57Bz&
z$^`Pkb1Y6iOc1xIv)3zLLeTjF&0ltG{=}VAs-%<|>}Kl($%Vs3gACk@RruuRo-cg#
z$OW7)?79AewiBhl^n7907mWWa^!(%_{{MmTe}$I++bH~>%J~1`3*jfO+?*2Qr;k#9
z!G5AIgZKOw3E<szl=1%;TK>;e_@BY+xFC4RWmE+>B~?8S`8CcLe*ZbaKkSS6{RE95
zn~h+Ab_5Mpbw4pbMLA!1?4b)hUnsSv>NXRDQ!ea$;ogB4xSx1QyPx=DZHxPfITkK|
z$LHi<nm@zpI00P2kRGW-VK7*%<I}eDVm}ZDrFU2?^0iSR0DF(<hGO39iX6BOt2!y*
zpEw>QK}~7bl!QA9;c!d_+!ud;so~!nTH;^3j(<BM|Ni)ZmVenvgT~+T7U1EPPH`g!
zk!+H(2WX}0c#TB0fP~GUh>&r&|5xzA%=edTE~1r4)p=2|+rLH?yC8I<Qcrp9%4k4q
zE4&s9Xf1DID7j9KqC{T7Vp#tMisE8e{|&}}Vf;BkfByF=JOBGk&!07P{wEW4&xdE9
zw^z^q(v|Z+Q!?!Te$PbhGNkF){hvvZ7eDWOc+~HI<@4bme|G`$JLlT}&iQbcPYB;f
zKGEa55%IkyO!z+ViAI_%wJ?15OCovL=XV!<KHOmZCFjGx|Cq_YICvunZx;sdby|2E
zQyIKPMuK<l^o!r$<r^<*z0uS2C(GIS&&PUrQ!uR8?<Ima^s!>vjPUXbyqgR_&uf3H
z&@-m8pm_VKK4z&CnVPM9PRF-jHze!x+l%$wvf1hAhjB$gNyD7qMd3V<tXW?sBfJkV
zc&iz_=?vblm&dO!HiUTjL4ugmLi|#Sy1sM;C@B4<Ag;rBFV^284J+BgaU6ePDLMN2
zuArozHJHJC$I2uF<wC^hCGcXSCM!^Q$!yH+04qV!D@-Qw;&$>0Q{RZ}VO_r#F&oN$
zjrBEs85{qy`0;nA@gJb^Z(XLLu$Pjf;|Cy!dD|8I%=7zQP38+)Uz4u>Ip_C7L;tJi
z_rb9jcfWt+`(Nk${*C)C@cf?H@57c^SzAB5QdwK)AQrF0H5JxZ1Fo-VnqLy}_LU}o
zZr1vzphuOmSt**9eqPx_)0oJur8A64-l&|n{;d12583+nkzQU*M(P{<J-h$<NPGWf
zQr5q7X1f2H7AM~@_sX<7KIq;Y&9M>{Y!5=6Uuu7}>px8Y|4<L_-3afJ@0kAop;rG-
zQuP0`1aJ7>i-7mDvwC>r=ksu1?R;LZ%qQtf)gv<uihh$D)o-rExfN?-Dh@9W!Kob*
zo7QkPZ!$0?=Z1Y5vA3go&bl~%OBH<s5q-Bbw=e9bwJ(&>l}wTCzBc4tzA5U{i`!ui
zQ%~{as;rbp_Cgi3DEs$4IEWKyPrgE~iRq6hD{AQ008#Q~AAC!tZ><_}rf9Vh6bRIX
zF^EW&boA3CG*LscmfJT^Eal745IgcXW+@PQv(Oo_N0GgW<rmEGBNWbSow&^tm~L@4
ztTJ*X^*9rO;nKBz6nREk?n01YB+oD+^Qd(D87n3<N%uI;bH$4dESy#GLPk*N!9D;W
zCy!K$;!*H%k|9hH*_rhydzCErDXVhKiWKcf@8^oi4pOxtmE{S}hEeHe-yo2mzBY;+
zP%=Rw1SJb27+LF5`7-ze)P4QflMy8v>>VGQ4KjyS0;$a3EHb{Iv#3Co6H)mm`1dz?
z0uLF&253v#e|OYmb%*}N@RDuK^3fu_Hz7KQ6FN7dW8Ep~_~p@gz9Zp0^I|ro4vWp9
zlUp{5tZQX5Z5ILyRlG#kN5Ibp?`<*rTDgJ}fOQr8HyC{HqCx_=c>~B)z>F~#^iX{n
zN{Ko+Bnz=Ba?>CX%(5SWJa?BmP_Fo~Xk23&=xbXw=dVs>pvXdl(Cq?4djbpPR>ZB}
zk2P}7Tnd_>w?BF~5KqbBOe043Mr&A%5Wih|;x1wo3>NaOnl$I6fnvmiE^<9aKQf_Q
zxQznr)QCUkHc0!HCy~1kOTyNE8K@{nVRSIh^0nA%1cd}n@^)xBGCmLe_S<6_;KNE|
zhk?UNu@h>DM@6sQ>|!n?<7}jq%=7*p(7y@2x?pL`&s|OYJHjy_t?(vqh5!qk$FT<R
z?Gm@6Jw7OBZpQ}i)nkGK($EgwZCnl2+<h>+)*kZW+=vVC3tw%(1sKD)aLY!fJ0rCP
zE)jZ-&3SHxd>rj^%@k~?N;>os&d5&rtC)TZz*=b{Ky={*%=Gr*mTh*5o1HKN`8Wkp
z`~$p(!VE75$`imFg7ttzwFc&D@8tlqfx%osFjq!lu93dmy#al4xMeq{M^+bz<I+_t
zbbtY$--zHTCiJe@{oO^;N0T9rJ}|hDmOcvZXigtn75eZc198X$Y080C^s~-i<g9b0
zn8C+8LqGF+eEzce-*wUR|3b6*zu5KvpKSeqN5B3L!XU9rcC+>W9qsym#?03Ldba-G
zelhER{V&&7`Z9RW|5Fd|aD;c)E_VL+Pwn~NX$Ef|gV%8}@LKB==qv1eM_HgF(x9H&
zm2aTB@-a=GY4P4`6^$h#J^qnSW0_+U#2ZkT$5_BomuR0;RapXGCQ@0}UL5}P``JTp
zG5hDY_4vC7@%M)>34i5pYw$Oxk>Ss9!fcSvPFD7_urz7>9wMv#r_*NlhN?Z^#A7S#
z65hBO6deV@W^cQ|cuQmre(Qk8bxg|O)`bdvGPzg4ETpZ$pbCmt3p9ku1<_4jNm2;2
zv?ju4$w47dXajBgiB~(f=*917#fzUSo(L;kE1vwb4h(C}lmG9$ctFZ{H`5^h0nrya
z2K!qj430WuJ#fbE*34K!`@f~k{_m~${cI`Dn6!gt%>0&S#;P$?3GGJR(5W=~RyJou
z@6!N3!7&lc+6d}jaKL6vh$x<72_6AO-F<25(O@<oS<O##xPqf2E)lkq3sU)j^)xTG
z;r(-L2Ja=%6)d!GZBNp~u{#UD+!zUFry6R90aEpY+3+*Z69@l;jen`0UdwRwhqg2O
z$E8~P#~&HJj)yL#8z)8269@6rZndB%ojBS;AtaQsA7f*$0qpoP`I=OkZZ^kp;}1v2
zugZtRN8{wfuW)`b=1pe*@Q?WUeg#L|xQ#~K{vVnVZ$GKd_Z>%-^NR@+HRl&x`3&II
z8sgOf%OV^6O=+`-@WEk!ejRyrz%t(06gkkUNz$~{f%Z=Z20SAUcv5WtjC$ZfH89y6
z$<JH1r&5m4X{&+tHYl<*i4WxR;<cFjR$HmXZumfZn1}(ev<-l*K>LjsR*NfdpURaF
z;POfbq?WelF02w>N!P$1>&6pYmbC`&5HGMhG<JCs{#c)>hni2KbwU&;G!5Ghn`8OG
zC+J*{KQQQBkH5tk`mM(G_*;Gc=h1DA-p)ecR+iPShP;nE%hxIA6GBk?z}sEteq4z=
znbDZ;nYkO+fJ$=8+lPFL>uVzsYTWmg5FBlhcd_$adbXn$6??_sSk3RKcPnOrDet=1
zU`TL2qsC1e6iw>JWsk|@vX>yp@KM1&(6bXhFnArF8IjlPKk3Jf>FD3g6enYoJ228l
z?tbqi0ZrEesz4D1wF?iKroaR5B>3SLE9G_tWkMuGdmR|(NZwKDy}=b|>vD9Of6&)K
zeMGLlr+j<mo*<80T=~syokjbSoJD7hf`79?eOxJ<+!*Dti4QeFe;c4Nt~eQ>12N?`
zhWI|4Q9kkh(^DS<8rc!1FzBIhG9L*EVy%FoxnP?VItT;UQNVK#S3|=y$>ElJq}!}N
zlP_+shwZ@WVl@=kDf0>Nj6ql0n=3%KwB)C)Q5|f@?14XRHH9ab+bp`tdc){SdxD#B
zWNQKYv-@xXw{;afIgSps@Z_lO$u{19s0g&sbG~Qb*Cu#Wc@(}>0-y`4-HwpAd(3}!
zT-&0(NkylDthTc)wxh-uMn%R+Q#CT(9hhdrIKnv?MYlJ)_Ondrn~2a?IYaxCJ;wcR
zaX%91T~R`Z0=at`ADoEv%llUm{SMdC?_;?Q`9S<%@d52SzOUrY+WcktES>qv9DMF}
z9Py5J2HM-*0h7S8z+y;MsaG;=2B0zDMn0Htk=MuKfi-{kG$vsn*ZjjiOgKJByX(h1
zSr`hSS#onqF_S}yWnfJl2#g`a+XfH%<pyl|xRK9YEd?n{L3J3@x+RFu3hTyi(+e=_
zcxj~(iDB6z7Qyi&=l>9XeT=pg@bJipp!r>z8&?SM%Pp(m9mi%Ka0gP|z%;{*7|8@f
zD{zZ9(m_iF&Wi=(4BNQk$H|#IbN{PKf?x_P50onT|A~v{Dp*<Gzh{^Mbud(<6nzu(
zhTY=~eV<GjaXrR!z<ihx9^-}#(#I<cq+*m!5IdkwjkGyA8_1t56H3J#9`lJF^N7c#
zS+C;E-D1xPxb3}}Tsr7mNwJ&@YDT4Fyk+PIhCd7Qj^Ufxz8k}D(rR}WD9EFRj71&;
zrK9|90v^F^i(vBN4-|N9pX6GP+tY7!O?juH<nVyzhi5nU@t6U7NV;##eZ0xsi<nS6
zj$9r9y^>o2LgQEk(Bx1jSB?=v9h)ATidjQvz)A(I-pMTv4aseIu^xHi-DRk)e*=5A
zhXLac+u|a^GL?S$`V2$3jAAj=NN3k)D4=sCnA<o!mg1w<!}^efV0IG#D>Fj-OxXOa
zbsHj148bv7a8&!ua&~UTjluS(gy7H`zRwvvvIp9G6khVcY|jw<O?k`naFO6fR69$d
zR(NXs{r3cn?&Ube72l3WE)8<`czgLswZimV@kpdBN2M>#<yg%XUqu93z8UwxqXKud
zwYePK=Wp_jRcaJHj(No}{A?tI@+{ru*z8*_h+FjSdjjp8_^R(uFs>;UkGRD-`1W+K
zB;U){BPHTdzE(`5B*HpgZ>(vq<Tg6f+ftCYeXhhoan?0`eD4<P#4p1=P-PEs<v`Ka
zHT<HGKA$5W$l`-bu#9><CSTp`-MD;;`uB5Jhbv&F0kavfoVdi*vI&pR`ZV&PMpzn-
zAwH7<pWX#r`Egk8xN`5cJ@bkVB;^$~!9X{$W*pe*%yh?bkYC~seSg;%EyVm}fQVaB
zS#b@Xl<p1l;t7|yS$?f79@+%(VYszu{5qXH$|ld}NYUIhn94Vh-AL3&#O;!+op#UL
zg)1Lvah8s<z-I=0X2kZt_@tSu{U!@Zq0z5sEF6mKxZ;K+oH2Io^{GX3?UnzgdhO*7
z4Dkf6cY->`74L%A^8>%NpujBoItjC{Sk%Ok4_Syjr$Ofx*!hTn`L9avH?!W4zpUv!
za0MTjqKs{NTa+`C(aXDdHzqPFovOXN53fzeJQG~;w;E`FqlNb6HxfZxrG>T{p<SJd
z4S6q98#$R8P1_!kZhj+Xxq*iSDSV*6f1w3t;<;1<<qlG=P?dA$%7G?=>faiuDpEC2
z852VFycVjL5UT#EY<TN54F$CgE&qF>hThXQ^dD^KPzq~kzowzvwGBOzu%Xr3h7gGG
zYf3|y?n-S)&^B~g!iKt-G!1owAK}SLLoaF?8l-LL>%S#xXs))Q`PdMbqMx}dv@`e0
z-&&fvoym!24&&bm0d0>Zmz|G9^2L)*|Mw=!L4w)0G<UsR{&>sh?6P-;)g7E}84>K-
z)A0=##5+5^?If%%(z1Sak+3TT`L}<J%olMnGA}SUC-X_D2kF5Y76+Ck0a(TaU|nrY
z1lD_xpNoWj$<2CsD6W^+%@;QKdlUB3*9*OjZr;oIxL$@P=%x8s78Eq^VW$szc(*yW
zu8-?sm+6AA^%N#>!+o7%(?W+cW`T2^_qFlwHMyr%xznKYezL_G@PLMWC-i$g8N=Zo
zby|o=ZGdx~5T<SAL2n3STF^Mi4xH0NmX`ps1Q>qmkm;8~_GApQq&PNs^t;aSa6TCa
zCnXGvgVU4%&c|DXv%3z?&KfJM-r>QR=tlt@p*7ZM!Dn!XF<0ve&SoNu{TMS1u*R4P
z^NYnZ(<PKViz2O??ViBpeBc4B=@hp?<x?33c7isY>YFI#O7jJkU8RblqSZ!c>DY9<
z+~7(u`cu)~vsl0fhG3S0@So@^H9W;g-Xx}aJ)}!AVvv>_nnU^~?fNos(~Y@TsS;gX
zYv*d>7EGVoAN7A52DjQK`QOPjD0Q~d-H99Y{JW+Z6g&36|1HxH{*szjG42-og==&r
zQNM;TrgFmZ(TIh>)xH~`x20y^0?_QkrMgOZ7Gp<ODS3f48Sj|c4G&-<G9ETDtI$-Y
zD^$%^Z+?z~;%<+O2j%7m*gMF>@a7j2v$(`V66H7xv~yF2XngDz_qt)v=ZxGmM}`*i
z4Yak`7a8AMxmf)44@m~~emJ{%{EJY`K4$o-NQ9Lx)0FPOQrZ^07K*pP45u`zRf;uL
z21iRD)|5UJEuE|>{c9sCpYal_<3s0Qk0J3e%<yw()p|LadhaK!cXVc~-pOb^sUlXd
zGGV>yS+RQeol^(=UPZG3Z){XzD<aLzcrBCpgZer|<5PiF%JWK?#8j${i9GO64*sFo
z@D>c=WpiT$Zjxfs!Fw>1k2js=$nme_S?DjmirL$dPX`6aJ&Ob~B*}XphSjcd*(oR!
zd=hY2pu~uzls#u8?g&Ptj!2yj)29-a{Pbap#VZ-{6T<_Ni9>_5_i#iBc6sZ+BN6#}
zK}_YA0he>j##su)8!ZJ+5%$V>>4)dzP?C-%=`8#CI3VR4L6^XD<dr$m$j_|3)PJ)c
zzkRGje7sW%U<JEVju%t7W!U~$=nOjq*|KbOI{Z$@TU+=|*TsBbEcArEjk3X>K))a8
z%{z90@&r7B`vUYB;RBpI(9`YM>m47pMYxJie-QIR0C&KvboK~$HWuc2^XM#x#Ya2h
zRE#`)1M+i^xE)7)zYAYWXBe2;fGh=jYb4KE)NrD8yz8j51*Bm<ViQ<r+VcqP(CS?(
zs2v_<op8k)5IbmvvelrNqpYR#1vijL>r;;zN5oxjG3*idNNZ0-BHS{Uy)8mBfS|b?
zv&04Nvu6wbl?)s$Ja^a;piFjR1ppn%&xM`n57NE=AtK@f*f=kS-AJs`gC}rme~?`G
z6k|uC0cC*ozgHT2LM18lyJU-@!BiCt&U-J4;#~sX6a%!4Qa7l8Mllv_vmfXg;vIGi
z%^cc}5cGHu;Qf$Wwuz2kb63aRS9IkHU-r%<`#r}7-!XX!ihmUupC8BOzxP>iK$}g`
z=10?cE;WzIvbf@#Ftnhi3vK({GyUPIceL8a;qY%T<BWQX4n^MXd~g6q(fo`XG2|b+
zMVD^<6pu$>Fp*kdol)uGLroV}@lsZCG^;o|J^Vh)YbA(3q6N%)DS0T8Mwn9Ftx}1P
zD=EYzbfeC*i9@RRMu3-hk`rGTr%4c3A+eP_k1yWQ#3HI$r0aYj>pV*SM2q;1^u`d>
z09J<U;k{@ADvNaWKN(}E%;=!lThm$1HiIURakk0|y$HX@X$4d4DfT2gCNviI@b+M~
z6U1-36+ZQKpxj0EzESeRXdxLAaiu#c8uBdQr|M?>GzrPKMnD`Y{DiG|2lFMny=X+^
z9YU$Q@Jtlr_4dI7(@{3%Ffawr0x>~{0P=<F4GSxmm7-h}GMe4(y_+Ss0<B}4gqwP7
z1(t}w1U!<oiC5b7^m;4O>t~>Ch)2mNBWmQL+T)}a{@FV-YTqJ1%Zv5Y_99gG2qX|x
zlhnph0P}%)T4KF}PUOC9v3>5D!AP)qY9DgAua;oZgl57R%4>pVA2l%(8tKjDXzg*F
z1|(mjtI;EI4exS1&-@ah1X>lH>EX{=P*+&7XjD@iicMVu1{<hS=9Me4W6s0$rU*+@
z29(VZe5E5QX%FFfj-#F{xfWmjEj4>U3d}^;xh9Of8MQCLAd31Bir&%6*~%v*Br{h$
zp$noooWjrknXN}l&0b)^J&nA7P9vu1H7K{O;qk9$82pXt-pipSpBGmyAjk*lmU?b9
zo6AB}x-Nq^<(nHuqtzw0?Hv`f1+ZY?MIfX8ynl$ni;J)HTiE=wc(>5Yq1QlLVXxTe
zmHqgN{hRuTyj#85uV_@Pn^xe<YR&iP2VVRysAd=c&c@*Qh<H<@oW5MS_;)szRPf?X
z?wN^7_(V=h3!)mcGdz+dzLMS=$wKPB2A^dU858HxjWM$@!c2=!Jk<v-_V&a~rpdhV
zOR*BDprFjrzcAZ7kFj&*9^WxuTwCB8GTJh;uPo4)$40QLsT`J$4wJ5aBi&GrbaqNS
znveA0j8u?Ok=UOPj->pNS$IY_l2*76jB+o`S%julc(gv{AWMdQR6?08r=eWQtz*~w
zdE~f)YJ(D{x;HMAm}J&~_d!bPsax>mzgilBE{_!bxZG{G(V%M4>H<&Iv*q_&IDf>H
z1@6G`0*rY)=T@)F6DY9h?;EUkTxKbM0IFZO$}KaHzSr4_+70w1n8t!ATbV65*7-Kb
zNoqbI&8-e7Js1SmK<U8LRo@->9V}kuo^-cE@})XIG#0P+@?3d1cQseO8V3*@YT^Ag
z*#Wo37VCU4LM5(*{<|_E{^cZP-~kvnHWhM&eJfnzp0KZZd<#{o=TUh2LW{sy>^-B?
zKlI~tt^|Ye7tKpEcm+O?;h$?Ua8KhV&Pn+}^K&B@BGx!2=<0`-FCjiKNE%$0L=o;W
z36l`1!Dyt@ZnB_c7aTk0Z<HVB%IBr$VFr>J@Yn3iV#d>X?1uN;Gf4)DZ*xm4Dz{6k
za)WRoty^5fiy`U3Ni-FyxWmeklVGh7Pq2+xWc>JOH&q1*?~f;Y#0_L<wM9UQb)IM8
z&VS@XM@$MFc`;!82U1b{&qh#k5R^`^p*uX0`p-cs>*U5%aqu7qbNC(wg$1+h_Py0$
zkaGlBtkICc+Y2`QO(1t+JBV4fa2NZ^z9d83MGmH=*gTW&^5pH>`3p~(X3)mR&MT@p
zl~)uobI(=8<pV^0+AXeiixuK}c1aF6HlynA4*ZtPHXrcdo#|?CUvUF04DbW<>p3PG
z7IbFXY&G(~Ugtw%H?H$I_InQ~@k?RL<p?j>DFhb)j{x@12x0{e8*^M^Gw`l&m%N+^
z-xGKc)wS~cbkS@l8$%pt`1b~bD`2-%mPwdpOgiTl9|SA{Epsl%J|AtYEa4d_;24M3
zfv^g=JK7v!F31AO4($l6Le|MTFs?)}@Y)eKeE*(+i;+b4fOt{I4*{a_y^meI6K;#l
zQl`hB2h+q=Inh<Ai58{eATk5qh;YTnNIZ<P;$7i)U7;ICckYQ<-C)fQTJcEQu;?_3
z9L`_d4b2KlO?;#Z-{+^*s!w`#!zorCapj{dxXNX5PrlHVR=G%_W|d>!ICv^moC@M2
zFy0b2+YIc?2IB=!?Mgq!TF_Ju+89r547;(2%;lcpji)1f3B-51(|O&9VEg@eI=JWz
z!LoQs8fKXmx91gYD9S7C9}1@eP>aq)h9j$SPdo&V<-J-Uf4GEzd_4vv=8U!IApKJ(
z2I(I<84Q}@N7GsH!|A%>GfMF(eeq2htaxmOu6VOjyg^@llT~@!sw@77Qv7#)agR(^
zd}*ex_%)^Y&-&sXZIrj$=!*9%#ryQdLpWAEh|?86rxZV<FK(+$DreIbPgjcX*B9Hf
zSaFXmD)!GoNquJ*Mtmq3a_bhIh7TL}TxISNMsJ_91CH(IdH<R-_%sJLo;Bx?eYlZW
zkY_NA3fhTwd2U1#UFpZIA4EY<lA=X+twDEKF~kD7p5zWpmjwU$!ompxo(sTw#P|7<
zt;4u7%^&JqbPgeT>@HZIfa-(ul3b+^z`}T~8)WIG^_>lFqYN5A5+7NGgGG}|$NKq8
z!v4;5^`Yc2|5Ebxq+Dt84#llve`op)btvDpOWX?`h#OQ|mWY;56D@~kJt6PcU~-;<
z;5m8(4^R-Ct3~j+Y)oOymck?K{@Brd)-aY!nGiB2=<cByh31lYKP`2}G)DkibV#UA
z2r#Uw@H^RTSTKU$L`NXMrvbyOfbnRS4!Wz`vf?Y+>WV*Bip%xIkF{gPGur8jUvJNf
z|I%Jpd}Rk#+^2)C__$JhR9`&5BP*WUQCB=rVf<@5Y0$T#lZrmXUXdY6Mp3M}1ATC7
ze_%-xOHd6PVzCk?92K9}h7lfl9UhT9J`LZe?d8@^{|j93U!ngsEz^I;IQs7%NB<o!
zlKycRB{&^{6ldsrlL8m#f4&o%r|d1wfC@pYA=KDCw{{qN)YuVgho>18EIh@k<2sV8
zSx4S8wYrWxZ^Cti8t`>unFA4TGXQT*h1@f<iHx`rK{L%C-Ct4vGcO~pZx~L`%r0~*
zGYsc$W}9I+!JjA7tbSwQjo<L6w)4j0utx!$ALpL3LzDj6BsPl0TM)dESgiwZ7(rLd
zJ+Ta-+egqHLP)0Rv4bd3v7@y2LK1WRuPj<qRN9Vb?eWwgk1ftlijMc2j?M9XxLJ$-
ze|10zsU#d|uOM3@yj<tPMD8e6;!Z6;a+uhATNoSa`q-=KgIB=*+SoeS6~-vo)g2S+
z3wVy#$~+H?HSq5QFs(=clkgKTT^Vcg^^T<M=-YfxZL@Tw5t%6LX{TWC`;G}oHM#X6
zpgq3Q-}(eY*sUD`@CqMl9M0#~veC>eY<VQJ3KRxhkr1=~wa93jp<R*2krpm#tBj*A
z0Zr~{PC-lB5h580@oMGW36bCrE4{JKlEc~XKBnRB*%r^duS2K2TT7Cli-Y8V&xCOt
z`K1g}$d8Rk&(eQy`>V6`O>H$S?Vr+7VHgspk1=t2LRz#6#c4fJ!pJO~QvW_vNgem}
zby>K6e=m1{1qv`EL{{?C>IBDDF4#4Tt>||#%WT!P9j(sC1kC%I&GKWN2+h%T&-X5M
zBEQwj<ZqJqD?+<pmMXNNw)|8SzL#tazK#f=zsjNk5S0}K@QM}y6iqQ$LJXD_N^g}m
zZEs&hd+Tj$2^(#c&L$@4Y?}3To~@^d1K7dD`d!BQ{SOq2YZM&N0>rZw2yioNqx`)B
z))hLiUW|hEEY}iPv$_8QSTAsi!8+4MH#cStT;H}~aP@5t*NA}mb?wwtGFU!WI=fug
zSw*z7V4Ie3@R-uqxI}$fUsq7jQICO-S+5^O5fG;rY>^Kt0KL>k3(%`kfX-#M1kk?B
zmM0}(-S_KEN+dJ!q}<;kSU3JRz?$9ySR1S@f%T!aMK&J6m79B(woEH$t%=$A9&3w2
zV^qt%{gluMw$NLBMvH8)Gvnv7L5?*s8$6NG;?N$*_}N4IAS3b6vNKwmwWjnIi3vxh
zQ<s7FbPK}=tn+_G*9D#8IcuvdDPUcak(ihkrMHOjg7lw@@qeW!#&~;Z5tR(s<;L)^
ziu&8e1sl>7jRGSmxWxkryM2366XD@X@p$vi#A5^X*!d#^>lN{Yc)SI5Y}Uu}{uYq;
zQ51RKq-n+zz6Wo~)FC<3a94OGsXiJ!CTs9`DI3?UNr~~e=sbbmSqzi16odXF2L1cu
zAu-$%^y{Ll{$MSP@(WP_|7vLs=Zh^0&iyUne9W{c&U-01XSlvDPDlA01NSejA-h7}
z---(JesnMoS+oehPmAzPsjZFYgH(p=g+E0<cHLOw=w>M!%HLZXO6UUU=FL>?Fn*^U
zMp~=GkW-XtDQ<CE0_H=?P%cx3!Y7`W*V$nH+}dEixWIYYmZBZdH0^)}r7%V?>KP$T
z!w4PNsAk=oSgI<F&;=QR*Kxv!YzXhQ#tCa<`mYv9`T3aso7@`8=Oq8%MESkREuwst
znGMJz?$=;ENrUmfnHk1!M+=a|I)O5x&N!k{Ez;j-gLt>KLBzz*r)DkE%c3y$F#jZ3
zG@1S@WYO82m@EoSKPkcQF#R_q_#9JW3I0t|Yjj(Yq|og%7eKeUD&02QamJJI%MA4A
zTbun4FOY=)lB6Z!$yyRlO8QCi_}2JeA&)c0#N;v6*c$dn82?YMpH~@MTtCYUdU9_Y
zPwopI{W+u_-2`3`sRs=@QfFovIwL@FhfCZit=bxiP*5w*9S|`NBQI7%d7{H2XJjuQ
z99Vrn3qFvIaR;oh#!9nZ#JB?kE%)>#quj?HVb*Ke61qOLvJvB+Sg|h>k@qMN?~c$d
zLEIhe;`#7S3;SN~iF>et@1Ow}5Qg|=+~HOl=s1Zr2=0kVhoI*7Ej=AXPg^_EyzMZ&
zu~*&yFwo<Uh!;O3q5a=Jm$;V~w`;mt)TAC%j)gbmeM&34n$%X}k2^a;XW@IKh#HIR
zJ@#gJPORuptSIh`aj_-*Qy_%3Al%xNa3Jk}vXvjTtz;?SC5NNnHJvvp<fv=7`%gA(
z2x}T%9&IK5O#2C#u<+%v{+>?U-^icr&#vu{XRXAaS1%s_lg;F6n=!Ts_C|OuoVO<m
z_KtHckw7~fU|MW|@19FIz+OKIS&A02-=1p;vVrhgD<|yPVGa5BIG2$2a()sPqZXFk
zXImP3r`BOPBWYlHk+l-;hjm)KEfT3?CZ$HcMe%2J_9HwmuElVT;w|<Z)$m5KSGxrx
z8F<mR{|@^gykg9w2o&EN&|C$Lb)4dQZDfPh-uuuZ%pcm5TL%Tv`$&pl(1j29EL?UQ
z7QtY(uZw(rET6pgiMM-jrV$(QpW(z47{7xLc;I=OHon0)vUy`Z2pUV8o5^d{WzV5F
z2Q_@qW06;tC4ToZ^<6d20WKSSD{&4m$wF_==C%*wvfOqXdKBe0NPn?2%eEZ3LTkT<
z!6Nw@vmJk<S))5Jo0-#Y#}~vJXXqf{?UYA6i3XnTXhaAoD04Qr?0~Us>YM_btfZh1
z*|MG8=LdD=-Zr{`C!yTka*o~}BH)HW7^?_})yjC!d51Uy*9pOe7U@9*iTd<yr63S;
zU0gf^_MQvp%2<VMcpObWiLJC2C14k_mJpbvVoMPB0CtXFhS=$9m$$^(_bJAWip`RD
z6xl10<qivEso3v)U?TgSnRhfZG7{JNzhnMylP!GcJ5zX3n#R!RE%sxQ#eXK9dm$7Y
z@FO`Hu4o8$ZSYqKAvuNL@?B(&{|xjo(Mo;%nfhq|EN@&B*@s7X;i2##XjN*i4t8D5
zYWf?oNvzLc9F|7)J8EHM_06ieK^(A2;jQR??XNP2v(3tvjbtIzh7V*lRGOI|MqsWb
zTx-x3A5@Bo2b(n=USQF^eVviL-QTDyzF8?Ar!Rh3DSkj-yjdyUpf3(9#RrTEBrwl;
z5|BrDOB!7OhQrK4D!dmy#U1{GrjiKv^j^F_^@l7JA$CtAG=(;r;%R@x$dwpV&>A9l
zclfRpO_hJOQl<DkK!mt)(ZQxjq!6p3eW81rxlHia8a>>KiqS!Hh0|XlI73p3VBG1R
z<}Nb}{?+(w^~mUyx{X!5zcPt;?C@2FKh<`g+Zw!ElNETgwN)@uV~bUi)geyQR$1F}
z74PHv;bD5kfO(TU;NE0uVURyDz9F%m7fx&u&<b^IR?X{|wfOpQbzFagFU}e~&WD2C
z;YN#c*?O&b%)iHkA*8tc5f+~N_fC+8Pk%{#Pzh}w$KZELgsC<DMrd+1H5u-l+G-0g
zx6;Bn*24AFLJEdB;r{(4EMZUIi|3eMFdM1w%cAx@4oy@&bdEIQ$$Hd~r^X^U*3GXA
z_p-z{*G}79L2K>7gu#5lbir)FWF_pOB3zY<K}V|evCYxZ7dqS(exr4SJdxTWLW)a}
zTdEfwVC2M48~QBo-)Q8y6_Mc3h`&Y%{Qw|+>z?L%)~wPN5K)C9F^y*#5pDOa3g3{@
zDiFq&fhhT$C@Xv}xz!fFNNKr+I@ZEvt;4XO<rd-*5g5AJ9dK>7B*Ml|AmVK6!)Q!y
zc^LE9Fg{L>r>80kDFABN%!vQAkvWYx#aid0JqWKmIM$XM@dR%I7BsqHFYO7mrGGa|
z9&s%c>~tHqIQ?sk`P_=S(ZTk0PJbnchC?Zyz$Nr=isUx#cKX-i3%f@LyTbP>cmc)4
z7I?z@Ymx+i$R;=%eg6|)(G0p?dgw~*IE+a6g=8|_2zyN|z5|hb_(!$|h8LUJ({lAG
zhxQvau>FnPlpU^2B7zUEG3%vyfnMH?3$`~1p~m5!+)XWrK6oQd2%UyEHn%DT-vI{Y
zipP?ln0b@t1S@=*F@8ZYxB})fR{$0cCv=+Myi+Iil;5JfrJiuThE^E+hu6d{T5<NP
zzij=2{=9QQ5h;`J()ST-{}-(v*nT!)4Qlgo(#$E|Wks)|E5)60q7D=(lcGpjSNlUk
zC=Bnf4R1@LWnyzubBsjcjp84O+29N{cF)h<)WTH28)?qaX?SCEtFxlae<Tutw$*Dt
zWp=J4Tm6Bx6O_=Cc>42PGG@K@)9Fw8IClEuyHj;Mm0vXj8BZ5O(4~HWRXE0zMy;?3
z41LxW00HX?T8D=s-CemGLFmNEoY4Rh8)&UM(1haWKTD0w7dc>lHf|J;CG50$SFN^R
zi|r3&?JMnGV*Hhs5NvuE>OIrU&xThdmd9?u5g&>Scjs<Q)XO*+Gm{6kt@icrrAF^e
zAlc0tMwdOmiu_;7m|=4wW{AdrW&5N5mn1k*`lCS8EF5r?MUC&wG<G7|@crjhTJHWo
z=6L`4X8FU>M_vr^fi$jsZaTUi4%5r8pwpIHr}dZZx1bvzsYKsUWWFDG@r-PZJ<qKx
znww$p4dlw}V1hPBqjagw`~D?=rOSU@eiQ66)2LDhe8+LdEA!LNV5CWh*I`@8@qrl@
zu6$uSth&&ZMg8gG$}2JaY;J|)%$VRU#%!L;ujC!a@uTYhKjWLgl_!^-8iqb$X?!4g
z0er<^^~2`F7wMUK8HSPy@4+u-z?)LmLUQ*c*T%f5@P9n~&x8N{;C~MMx1n2da9E$o
zbet~TQ;5koy7h&Yp!5oC@ap;KYnt4N^@3jA!`fl__Ic!1DqVeThq(B02%jMa-;o9d
zzQgcE`r&Z}J_?`l=z<u0(Fhvw>c<K^n->y1Z#NJ;|HKCVJdfacxgiG6^H@Ggf#=V;
z@$l&V@tD6_QK2P+D?#g9^0_Mc2G6-hW6-r#2!X@IOo0n(3>g^pI7#)U@)${#bCrU=
zQz3}e=)ddh=?)CX7#h#to@Dp}S4nh5u5^pX1#zb|Hq&H~@1vv+UVC=6%gz~^`~9K+
zVa(}|<Ha2s|HH%GV*ZEynE&B%Aut>?v`<WQmbWuf_KFHM`qft(tmyu#clQ&-lY+Pd
z{q)Y03mmM3Z@4i?Getc;^~qCsL2}7_3d~&T>1+7>QUgm*Gwf9sm^nwvnvX8HKe)vM
zZt)C@?qI{CxGPpiB61ly>wYU>a;$3XW~=m{111BDVToY}PQ@d0@qa*=I>pt1&wO!>
zvuI6`tJLPCi<1f`yE)0ntCMHoHTi2LHuv4oX84jwG{j1dG;bbdZ;;-&rUQ#t%;t8|
zkw}EitsA~kPMq@5=}VJ*SMW6<!w;_l5q0)&fHiT0D>z`a(_ak&_-G3HVxw;BO9Q=D
zPR-pdcT1!hpv^BS2hlUMyAt_-CO$$uZcK25c$@YJG0va%mz^hi9Ot-V3|oZ3LSfwQ
zKyMh<Wj}Sk$QA#C&JM4}vqNXmLR*IKGWf_c_`0JDVB3aJl5ZfPD;4kju7llzJb>jl
zJSu%DV`OGJl6*~`6u185Rw$32kcULZPX`kBuLta|imttGqXfI=HBeRuizlp|uymq_
zi*XaH$dw2fC=-u5!!G!iyW8Vv;)*}gjxk4$#{UI)1b`=Y^vM-3i67c-HngqLp>>H3
ztsM?6OAEjJAAp;HUaujEy<%lEphLWfaLbDmovuFLo}I304q_E%)vs59%+T>+1`llB
ziua*>g+W?A_?Lk<HVVsschw--a_HMX38(f5fiymM6PBLZ17E}w&@p`FvODv+m7ajp
z;t2>gJpBO{6T~$DpjF7NEZSEH%T59Ja76((wc-Rfqry;te=s`4BbjA$a$x=Q^jK3r
zf_tQW78LC);JmvET-=V``52*~-pPHo8`YK`Yx!W;DSYTVv)~w-?Mrn!yxA7-)z09Q
zNP(-zZl}20w}tHop@9HbK&ZdX*uXAmz}HrZjtUx?O@3JjxUzdssmiUW(&{U)f)C*R
zg*J4EotgpTN5`je+5Wvo{*>bSqy{_KG?i9?Dd8IUqU57w{^*#*>TVl`ibV+nk`;yz
zc;S2Os^=at!^mc>F5vE~E#P*9fVcWOm*ZN*_OHf-Z-KgC18&<}&wW+_nC5%HB+hL#
z_)?078k>MM{G+pzKy?^uEaG0M<on#zm{)Y5kPqBy%PSoKn%tb@e2*ReeH?Gx2nB<g
z4>`zC0rS-xl`Mmpyh-Xha8rcEw-5qt<bTBZ4=WL$NTieEgJF})M`zoOrMR2~X2S+(
zwvC*VdA7EEgPse^uEj-#D;Yt1X!J=(@)|(D9<!ihoGm}MLZ}HLr3s&?WG3HNQ06h#
z*SomSj(CjwJw46?{fsDW-`f+s|G1~eIj8?1Cm2_bENy@Jn4tL~B44A#hxV9(P#!Vi
zpBpiV$^=k8Zb`vd)9w@-Mx0I&U_EuzvT(a2iiV~d<{TLp?3yP4L5&Lxz4XSQnG;U!
z1G;u2f$tj~n187y`U@vAU~&iM!Fse!2ps|XUMYkQTRpjl0Vt$hbB<>2!X-zzl7SdZ
zcLmOJe7s#_;!1*lm96B6cTe~%EJ#JL^njGzaZ0-Lt_(w*#X<so+uxWqvolgHAKGi?
z{d@QD!S+S)|2f{Vc~&ML9FULq6yY2US%OjLg9F#6pwa`PT^cgQj6Doe=oy1ysS==;
z|3aM_{?tKY|62GG7;A}shc8tv=tJW%2G(|#NeUF-Hcs(~M?B~Fnk#OD`}zv_0YxAa
z*N65dgY32TG<uz|Tv)TYY@-uUkYVtSbVgP=F&;*`)3M(7J6P=bKsxEZcXH)3(QG7d
z@T2M8Lr&~woy-@MfuzJ7hS4T`D_9fjg`jm^EF!T+{`C-oPua;Ap7nVoKlg~oaguv6
z<OE<}thB5tIs>c1ZGgfcZ}c~EVlB5gA0ttZf+9>#46CaU9GZ%uE~IlGQxs(^gE5(V
z!v5+lS_WNa01EmjMA!R&LJ@&AI^D4fGliax&8M+w4uIW>6n!x?czn877Q`BHn<8%r
zNJhzQWG+O`Dz0QXsZ@KL?Z>D+uH=8z%>!%mpc8ZRtPC%X$A@tb1szdAEx|Y~kySWM
zA!x4QlNkav_!}eypJeER_q`aejDc8kC-MM+h*ejzs<3zp!Qw>tF2R^mi1L!9sFS78
zpvydtQ$DlfYj0sZqMu(5Z&Q~;W0>3wm`pf+-!d&e<-bMssraEK7*BXkG>==138U=;
zX`3AzybnM#)c{|EE462m&*Y34sCvIhHGx*`+b-ZF10gVYYVr{vK@7PNqOc3|AJ)k4
zmqn_vAwCKZW@TaUP<zL68|0^|esz9J`{n$W_WusQx$kd{-z@*%;Wx|waen)5+W!fD
z)5kw@VpO5C6nqD1o^v5xe(Q8>;ELCfG7Z0=OdD^8E8iB{hqTg((f=)-0Qu>x^N}>N
zThkree7^_f2=9yez+imjyPeVhnY_WXf&Pih<Wa!SZsQryE~8EOR?q;q3BmR|_(he?
z<KMdjgN5MBy79V)%(q+exEHG(>w*09EGK~eeQko{iS{>fiv>D!cG<_%i=x|Z_F3T7
z;@c<)9cW?GL8Z!L5#`F9Obi8XF@Z*AHBmla+)BFx2DZDF2EP`G<V86q6*=Zf#xbc#
zhDGy`+(jaHkX<8z*sFbgc=1bBKS;nYXs;x0SNMe(&aY)S#tg)CG5&ZWjz5q+YUIa2
z<x=>804bSGL|yG<Lb0kDKk$KUKIkX;I1lAxer|)pNDC4%Qdt6eBeZfQmB0l<9<-Z*
zvr$hPa);gG%Ww_xLP_x#*b_|w!?!yy$EL`K=J@tta9u+6#=n3rhhRB0xSWc(Y{oBR
zn&T657#R|bJ&xa+jh{g0O76ut3Iu-1t&E|xA-xjvQ*R0<hU{cRcFGjL_K2q(Yq{d}
z2DXBn62Fe?|NkgI*)D*erqYYRPgcfHbBUjNQ@Rt1avI>XDWVo8IuQc-285q0--5%%
z*i8b9*_2J8yC`vrAOeo|N|KCG1oII$%38}Impw~d=H}R9Ng<e?M>avj%CYH=wZ7j_
z>@T+7cG9i4g1AAf*Yel%Du0bj2hdC2BK|r<{6+P-l9!0TVr?8i9B&L4Hd}vAN7ruz
zspKJKn<}n+EiB+0q6@eN-?>8YX@>8Ggzw!7zdfY#8!r7Dm72hB4k7qV^ZDUQK4AQ2
zW$TX{DAndm2hz31*lj8w=nbp}>^2o9VY&_DOUKb)g85*lf;1Ol>5fBqnwPIYn;S#6
z0LYHv%Qv_=zU9l{c|0l-jGsW~N@l|F3H*}jk!G=G6P@2-q;ovW+>TtQ>TF+m#PbfB
zE6!GQw)0S=JFnx)*D;#PRP?t@HhBw}`nHk+@;M#rP<uOs_9kq6Q{wculY+Qj9)<c_
zI6D6enEHlItOH@Tp2lko$MIVqAsA%i$1Z=!&;8!x_>r`?!!2oVqgCy#po}Z8!i6W`
zO|?Z;3(HQ7i)OX+Mk7X4XA4tuPsO+a7N%s4D)(2FWng8g^7T^`kY@6<nLf8g)#nzd
z{KH0?56D^xG)Np2E{m>DFE`WQwhH2^a8Wb<k@Wi8RE2-4wCY=H`rB>>67dfMX(dSe
zRSfwO2qYm`(j4C<biNHJFL@iaHwz6B=#}YjvbQi1qW`izhG^<NH-^b--TEA-zr7aI
z-}FOEu%7O|2>lK7aFIqsI~P>tfD3F+@i6FZv=$dvscIY)qWq1~Kc~>YB2Nor^gm9e
z|1+)9|3*gtG5J@hp?{4Gi=+QIc}DYb3h3W8<URmc;Q&}~qSTM;4Ngl2d!v{l5VNCX
zC8DNHx1OSA<_bKB3dK+p&RfxZQ%;6&Abj*N_^#%SJ24y+SI*N}^3}1k<je6axtCr(
zy2PW>(yc%t!x;VNR>=J$<EK0Q>w(uaC(OLb4QpYGXUsf1#@Fy?s)j!`iX*Y-D%5pg
zdvGnPI*IoO@%m$IzeQaBT$DdYYx(o^Pw;0=0{+zNlT)Kwp-!c0QJ=!?74h}MG4^a#
zpH%3fq<<5tUpV0<y>WeW)WhmVBt6!sxk?z+T%WqQ`M)7H|AjdJ3lhwK9kM-}Kpd5?
zOBkKA6nfA;@y=7{jw^WqvC-oE&22V+azP@x0{;4Gsv@9D;-^K~Z^X|Bg<#$mRo2%w
zHPdZl(5mq;_4%lm{sZ+hH8)qTnvdE*`M3lYFuA`p!a;ecb@`7|)m+ppqlG3R_4mCq
z4P@mhow+N+AXi86B{uQ_4n<JlR*UzBNToR5!j(Uo?l>{OAC`Kr;A{rGrj;Bge3zoU
z%A#~{Bj6>AIKx7T1~=yoo|*3bzA93wHxnRvorSMxQkEU5$)ni(Re;=Ml*QO>mw3@q
zrP#}L+q?tsdv<fhgN<sKba4kCNW)ZcTy_`D@$aXx<KOSpBVYU?p25k(ua!bzq{S1M
zVgms#gpR_-XA2*at?t}<y85Xr;2y4wyZWiatDhI|$}zZm?8YPe_Fc3WKlS+~4c@`^
z`P^qsg7I5Vk8j5XhZYK<gXS>~>mXn12*><E7H@xN@L|08`OzsJ^=;A7C*A*WI}Vi`
z@!i84xA6WdcKh=j2!eX<5d-|^F&E|d9O%2yfPdIm9y7D#S^1jKR2H(^S#31<o05E&
zI*aCH8oZr?{8|6$bF(=pH@;_-t+^GLYChR<jC-MCin^(4ZV%uT8{C1<?8I>8PHUvL
zq|WOm-+&)6(M+&I+pEYoU@@RHvIkyi;|@4;Tw=o~cxEq#q%|`rEH=BZ(cim=$1X`S
zP+M=YwiaHgX{%^1W}LYvhb!)bcADaOXjFRV?;6_YihID50%y%Ai;|5F_#ngJ3EYnv
zExF?RGoo3$4ods3Cw?g4eyFGi%wY?_4dH!e8dwzSwhZd_tw6oBBuQ7r#;WXnq~$96
zpH!;|RHY3rJmNYr<PleS#9HYMs_U}%bD}4X4P$K&!Wg`~OZ3{u;|a)k^5>x}r2WuQ
zCyyL;C?BcfGj+U+!4RI7t{+Y^gDt-m*u-M}a5z?_Z7Wq?io-xAtMcu`Em!Fu*Ncf&
zd8d^swzw*0R%LE0RgU=eRV=K^s8*_+iK~*ts<dmR%8n=WRZ>`$JrA{9#U6*TELP>+
zR;uL20hY?DJl;x`8=#7dD<6_y9N|h|QVfqjgwMbg=!k<H#TC~j8FaMB=G!Ss(zpq*
z&$$$EhA;8~r%mlT!@yj9i$8|C($0nO8nznks!Hi<ueR{KQh13;Q+U0J6;3pvEFXft
zL=38FCOuThRN+dqrs{o4)y4E?J7E9+hrM?JkD@yN$9Hx&+06xJkqEJ(CS|Rxq9%%%
z1=Jm~8)je@q9D*htu_|%PGOfzfe3D*8OK$$+I#Iq`>n10R@>S{Ta|1AxuHNnxk#0O
z0<)}O01e?{=KsFu%<Rr?HUSap@BchspU1FsJGb}qUd}o1dEc7fYPS$gN7zbBqPT6A
zWIoV@(Fb#&>EmoDXCJU6hUEQ}w>1nr`F(hMpv};RU0Q`ICK$xrQzzq(F16A}H&|18
z_P8~<XNZ>QR&(!B&elhHIeekaUk;TowkFfAA*C!^oOb{CHoX4*OthG~{*^^!-Y(^@
z^U2&wzESz?4NMx=M8<7#2DCFa1f%|MQC>nXG7O=8JGNhH6f1UPPI2C~jRsBaSU!x(
z7ZJVulhF3cJTuKLvA1}WGWEs*==?5E=&r6`oP)km#aEF#<kQ{Cf*?i%{3yDb$nv*|
zr`1lc)T2DMOl!bS3u%BLZ6(W(yS!3&yTXO`G2GFeTyZlUfLIDlkdH`iZc$!>Hx&6f
zJg&N!XotO4^iuQKSyS|n@SXBdKs$Kb#FM;3#?DkMG$*&~@KUW^6H?km8&aLp5Gn$F
zQn%uo36$7oP3h+IdU4(6bj5u;rMQfEasQeE#Yw5fP1B3}Q`+LLOeqefZ8Sg@2=5@n
zbmy;eD5w%$YN5mAFh%dOq}21tkF<KYwDs&tktI|_W3=FFXF;<!k>WN0n^3Slr<Znw
zp<u(Hmd9vOf7gogfk|JziDRFw*9+Bzc=26O;tFglyT$7qp%eTUze*6iMC%C?&vth?
zdB4)|{ym2GFV@~S$KQ9P4nS;))?^QpJOCnC#uT5z(Vc>h&)k#&IWImS=3Aio5i*MJ
zXk|aCm;JFxFPq1_LQC?!xQzXddb6XdK5+Sp<yi7%q+~yo>@R?E)2#@E$Rbb)(K#63
zq~fR`-)ib=fVu5sSXF3u51!ER0z3XbU^YcLa{>Z){4xQ7#S9&YOjGnu_^I6bLzpef
zQ)Y&5Ryk?L%<9%k@A&XYa>{{IC(MrPALTz+n$ZZYoG^0^+mlhLy1*P`w@jGHxgRX&
znkST_O^ey68lz1NISsLzN$~2<UnEE|Mr(mBPKuERxc>7OiMD#RHwT%bMTS?NHoQ`(
zy)wWQ9bkCnLBlI}k`Z6YFh%#960eByR|0q8V~Z&^U4K@Tcs2>2SxvDq1gr$BNe0LH
zs5#y>l>6Dw<KMFQ?Rk1PV^(9v#FFT55DMYzvM-`1G>Y(q24-AQw%klkXw1Ecp3vBQ
z1@&q#QiOY~CS#t<*!M*FehnhZGE(o{c)bJD)$5f?VwdCP5yC0-CUBW4mWOviR~qhC
zny5=&@4V;r<vB(RJD&9K+0U>IpQ7{Da+Wv%^HM`}?iYFoYVNk0(yXto{G^+xu|_Q|
z$TVk>fSUj(lcuzEZy1f^5klB=JKjLgWnZycd?0K+Ks346IgZDK7Pvn%_6jz{p!N<2
zaW&|EQ|Jo^b&m{v@eQ`B9QWv}4lKC{qeWnD9$RSbimZ34>e-qL7?M%L?3WH=Ho3!i
zcJyFquPxML1rE-nN9BvK0eEm1eH9XEOm4?N<;1a>5N1Cgew@69e$5_|%tR?Xq^iK~
z%SkE|UK-{kZyrR)G!MEH=li8Y%Iw1ctV%L>#-$=mB$Ua%)l%5Pv`A~)4-g;PDbQ(m
z3;T3EHgi-aijDfo;gLmxy4Htznoyx}A=S)QAH+;hr9?!=*GHftUM|91DVosN@};2A
zJB+c<?_Q3YaxJFRtNvdspgjZ0^r>`E=?M}mLwXON?ZjtqXOOy>;JrzslXh5$TQ@HQ
zq0){I(@DnX2IKgo4$loRhA}TMCs5%5LJk3&rwmCKo1Wai8Ya;{d6{#Z*271aksfly
zU!C-GE#`NNT8ZZ&=&^;QpKFQiMt51U;xI3l+C`T_ji%1!1tdooZJqMyUHa=mkFWTE
zuedArU4%Y#x(iIF{ObmgX!{;&Jh9}Fa@eWe6*1T9Vda|pE-?9-&$(I#h#0&GUmAfq
zTs+E%p#x0ZY8<>+CM_O&>EXkR^{iTKHExLes=C<f6DOf3m!Mf$3Tok?tI54!7+W<B
zZ%mzyg5?)?lExApvK3z*WF;{3Su~sh^YW4119;{=e&t$Iy{Zy(8IZSlzQAnJfmi(~
z4p}WpJdE)<LL@D1Q}mz6_MsatoP`;-E|U3fP%%<@cWfAaZMOE>0|1`awVYdgcXccK
z<c(z8^HqWh<=H|I?Rc0C8<vsOunV<@nM|F;96^?lDzsN^+N;>wq5QuH<neeA^By(J
z$7=6oCEjCe4j~ul@AlxkDCMIpzPp-uCjR(@suD<7IX5D@;oo}g-&ag=!C*i+0vvH0
zuF_DB053Q|03KNJhVxCzi?kRr^T$OPQg)S07c_v~e)D5(F@&m6Y$90<$)SrOetDde
zWG^3VHe@e<|63{9%cIpqPX(MK{BotDF^HWUt!g3sv8xA<#v}jtAP`*-m`#*5qQ5+j
zk{z3pm)sOg)lHj1<5oD2=Q5bP7t=5yp$nAZm*VM_W~iU6MaBl>iEuD0a5Gw&{&(^a
z$LMy_R;~d4cd&z)X08Z_MlPKRk^~QSG*>x)MMz^>f#Zd;A6Fy?aULuRtiFW`yz&fv
z1>|?np!wfw_Bv;yYML0fjs}M9!~y0BeQ?)yF8(TyEyrAkGeuytxfmY?6e@J^C=S4j
zb1xvEE<pC1D==Mr=nW?Z_F%AJ6B*}#lgB?EOqfQEpeqFzd`(}B73go0BJlJJ$$Fc3
z9i3Y}N~Mz+h=KVbx&o(-J6rY5V<6{d>-nO0eSztrVXpNeXrgA!0VwA=i6b}+rdmEC
z`U);G6aG4BBXi8?RXuu^-fW>)mfn4s*u3}vLSckKiUfwmZc*Qn?k)FApQk<xmSAG1
zm1|IC8^e=fs>tekf%UDe?h@H4O0P0oKo|_1LDTKUg+aEF^&k2J6?4D4Xn-m9^Vnsv
zOSR)I9_1?60CN0hgyMA3T*7ah%rnKTF>^f0<_INAd-OYav<h?OcJnf*#Ch2~5csCl
z^T}aP%K10D;r!bcJpXn$<^0>?`1v>MM&0RAFF*Kl?1Pm3{&G7!CLd*?api6c#4yF4
z9iC)2(tO3Z7>yq8C-_jM!xX%5HDX@5V*;92Cb~S%2+{<*AlW$iMx2PqMF<6i%8e=e
z9e5nm&>y#Z`Nhy3ntOF4<`-;;4VaVEpGs)jg=}pD^ruPhk6t|XM{4J#&iMWeTkFa8
zx+6grI-~b25RDBKD<VRqBV+v7WhTe+K_q+fA!Q)RarJj5X2ukQ7HN{b2D5%{qYnPW
zzlLN5?3PFK(lK5h#Mb_Z98xSv&}Y1(xV6{$#0aI&2BgoiB>J?H?FgVxD<95ni=R)_
zOYVI>aU%5MJn~UKzT-X?h>5bt?n7dU?uNiOVug4Oytfz+C2kO<2Cvi#Pl8!qcPm>}
zN$i1kA+kF|kT!Bs>-e#O^Bl|WA)6c5gn!6**jm-y6TF0%w&MPqjU!-iKv`4lqSWjg
z!)FJS*ckHhp_ukX7atyVm|xk{dp|x?2){!2?-tYjyH*~Plr$+nBqwOBPTXCJ`%4)%
zm&kq!n`69z{!KRZ_PIv?-05hE&m)uHBhnXoMtB~qpcU6xi9K{sX)3mAdEjRk(OoC$
zL*<TdpQqiti`;AkyM5;NzhdSdUiJ{zBnK}G3W(cW2Rv)p`d75+=_w7A6So`X%eDA5
z`?BE;D7suZ8O$M-%vHue<{&eZm20rEG;?L>hJW1BuW0!*P2pK~0f?68;)%(J5~aIS
zd9XXrlrml<KPqx&N?%yo6Dyn4kqPj0N;x0qpc~z!8<!__qtwoamwJ@zu@j-jnONsi
z$zjsdl-}_9&9wD5cZcVz(hs5a|I%82b9eQohyFoYk4Jl|^PvMTB<<gn^HQFZWY?^8
zOu|j5Q1c~xWS>=JRJJBUdU!+#?d#@W>sHBs5AlV~%E|FLz+<-q5Qhs)vnVaK<G~S8
zzBeC}-bA7n5lol%{XEl#*DeqRc0n$)3n6t7`*cKfcYD~U*Ln)xK~Yo$6RE%zuNRs0
z13NsZC1v83RukEQtaQ*bBJPn;B~%a_B7|o+&_Y^);_fkSy;|C29j6MRJz#g-n-BUW
z*(pOg^uzUPDxMu?)-ln+I&J}rVLJRj8LWoPg#Si7ei;haha9HBKwch8cD^rDUbzCX
zl=0NN<4lA!l7(+BrKfHUp}<x=lx+%Z7Uk=;{oU1Z=k_CB%;+h~mw^C^pC444K~gje
z@*8X7?_H>rT|w+3uQOY4H!m0)+isYDr72GtVtjx8OGf^e_JL$thPfS`PUYa`IVSXt
zuEO&>zA?+3*$Y05E>THxU#<VsN#CLQ9L#`%<!I#0;KKv%glBJIUx{st%eS{&1Wenk
zDG?Cu%?)(Y-2i9@9R{{`sEy&J!J<@zyW!eFPXT6Aet9$$8~oF1EKm8fhuRk|Q>+g6
zhk+*yY>i<nZWuVFUnc!eIpW-={Pz3-gc1fBmVDl8CZ1r!ysB3L@^F>AK6XBE2MDOO
zcWEnaZ^K8@dt&%6#Gb<AT%7b7=UU@+@2UI|%$x+-UqHMkIo9FB^wEAtJR%-4S}qDg
zEa(6d7wy$jyWnb;qF&do&@o44AhdMYAolSMngls;t5z>&J@YXqy{<h%#RlAnHrD)*
z#8-TPM=<-Z9EIxRSPo3^+>IjZ?Tp=nbIBjf0jrTWku3He!U=RszKE}gh~Yb}MM4Fb
z(#zmq*;ha&6KTpvf8VPKtwo%xG+^p<%Tznb{@np}9Tug|lvSVPe5Zt^+(+5aAcn+H
z6vOv9J+V>6T`yWa>@!U`O^7N3UTmkvX=ryhhu#yMbf41>?et3H9!AfI&}LJ7yJhit
zxKD9evOPmrPH(+a8`s~P^p#UVUhaTLoO-JrCQ&nR6Bwf$N)4gimKUw0GS=75fk~W8
z=E|)1X!st+eVDBx2}}{sySp)P4+%dX<+IuZ5TKzBi%(isWsiOjGumHb;^gH8FpQv|
z956!;oUgC23Kd5c&-cux==J#Z7YLQ7U}7nKiU!v1;vH#@u@d=_Nb@d8>&aPwfYXi+
z%wTZkKtBecyJtxxFrI|P!^5bl{w%LH(WQ<6=4Hiif|+Qn#rEKrsAEeaY&9NNUU4jw
zeH5K|O|5KgWSs3y+&p5(E0R**k&z1(cH;`&iE%k5GSvaNkp)td$x|~ohvbh%ZzdG%
zZazH4L3SS-98yzcFQ!Y^)}zL=4l4tHM8+{5uw}--Rx?^>qPr=$i>sNC-83QFq<FuD
z)qr-9#>NI9dy_=oADT>wRLWqop-o)Uwoqhik4rtS^<qVnv>vU>zzux3+!5KA!AYGM
z6vChc9NsY<Q2m%rsC^6~dki0H?!agvA7g1T3s17`g54}FD{=^OC5W?SMI(S2%IxeQ
zZ&7}DKI5sGmrabaYtiyjBkn^BTw4Fw+QU5!y!=Kd@m~R>UwUIB{;Zi{4^LO!hvt9C
zt1#sueLy#K;@Oi*Zz`=EH2XC#4-w^W@?(dxReMR9<Lx-c)5E+9BjA_cc$-*vZ0(|K
z&x)SRMK?%CJu8mdfJaL0T&UXyYS**rQ#2|)D^&CAB%)*K2DUcJxfM2q6LF8}5YqmU
z=?p0cw1TIkd%-LynoQSx#7S*McjhAAi;-5lY+iYi-B;bp{su}uh(iDs>m{#;*IS|T
zTe8{OL!9fd&)v>GF&v(GO%YPdP^@u<YC{iYrxRhrV@!mj3PaKd4~EXhu3C*N_sWxF
z5CjF9!w+VzmTIuGO`IJ74O5&<cwdm#u(kKtJw0nNr!}#n#}OT=l*8wMQz!utY6q;s
z?4rq&1JmBIcubc>nNY^k7+?HYOK_B5x-oV&tvWCLx2B|TRk}<D4P$GCY<Ej#_R)5x
z1xy1#EwRxw?<qVx5BF4Ds5_*%2^CB2E(P9PvXwY=GA*Esn(#Fq_m7U_dxJ1D;crvz
zOSblVIIWlgdjAq>8@kd-?dUKHz|O(L!D0>=HKGmvcx?`;6JEe6k#tB5=Q@N?q!W+d
zsjY#@k&oa(-dG{jP{c`%99#;a#*SX`xS&L9J{Fq~g%1+Hfq$*v!2I)qdq;2=G=emS
zLnn3C!NC85qZD2oTmXN)gK^d}F`EMcbv-9Fkhh?*hVo0HeE7g2I<RDPQW|7JX#h>_
z@VncBJE?afBHvTh#a5wPBp$ZjiEWeWxll(BO!o}_fW$qPY30<2C_mHIN%7k{S$bvz
z`CT&+X2oOTZ-pXee65?<a1nEwR|R)V@Xs$YfkNa0Q%g@hFF)Q!nY*5s9&aYh%>mim
zo|5_5^F77&N#hsJ&BUo?(l-t9ZwB?$v$ZYIn(^73tCMrLEZ^WU0UwW;pFOLwxb;OQ
zD8*hhBEUr6<$<C=$Mt@Y17k1<2ub_hj^yPC!Efm_j;|TV*G$O5;9n~PBis@E*c+a#
zY64P66jBJ@2EyStgA0)6rcU_lHFe-S*<yHt16V&W$>(bGSF{PF=3^LeNeh4ME8a9G
zg}#HZtU*NHJBYjoAU1%!Zx8MwWx|{i=e8g$phPSX{>Sg^_?;b15Ie%z?jTlgmS+Tv
zkZFE)BSK38iqIub7~8H06a1z(Y%LbG@%G`)hBn|n7;!-w#H%eBXn8hFuzGkY;thKk
zFA&KWzL_C!%T*29mzyR_Rh#IS<?tm!+4vZMQbjAN;qftazNZSv+Y)?<AQcZfhRYcI
z3WTTSH8bI+QY1L9w!Vha67SDnCP*y;z*y?++6FJT5C9qRJR{o|9>(~X_c^tJG)sPF
zEAgI}o*`}FYQ{tT=aDxjgr|MOoca=?+Z&$A_-ej`FJcrK!CfDG0qkG0iu+Oz2GRD6
zIAorZO~JZ>nhcLO;Bu+jLa`bjcccGlsK*w_1!F!J*`uc=mR(#Q%f#Osm74J=s6cg$
zsP}?er@)<p%YA_xK<IUXmgO1TT5+I+0ucI&TUVidFc9s7fdsF1f>)S6MgT7@1TRov
zPYV`EV6zApUg`<znFv{I;z~Lfmcz}BKB=8^9r9Of=cGdd$hW`^xOj&M_etwe;Gunr
zV0Uy70n}Ma09vX66vWTwU<WBOW)Y-A$YdblP{55RkQ`4i$%T2QhNtF$8%9rUa<5-d
zl$cKeMY*1O0Az~+ko7tsy<tvuub;nNV}YIsj=%Iwi$2E-jwa(;U)-wM7vWKMvf3lR
zdXx$jc>PrZ!<xxJq#-?#F%z>FZjZ0$lq;7XQq`G_XmA#--k>JUZ!2MbyNs7Mit=qZ
zj8kFuxH*`?x!VFm_=<L(96TzKr#T$%t!y|%RPYeqZ4TN|0;8KZaaAWawzL6sB5uQc
zi&*y!iTF5Vt&FYCqQ=FK0D+sT)xf^!7x0uUT>8OglaBhOHOg<UL4Dujmky;_#~kO3
zlEwQcp3y1}+@(g)WCJ;JvmiB5`^hh7()F?%NeFDe)Wo3+w-URSt!?M!XEy47#KEC-
zJph;a<Y$h@-HQ+6omhn+)k|%D_qM?3m|G=O30qqdCln3qYbGJQ!mz$pya~PvW_aD3
z0t5Mq1|ClnkTuS$c-$RmiZ<(`C01+|=n#*0FFUVu`2e1Ve`<@qK)A0H%0{1EVp3nP
z(O(GjUvj;c4#zN<8VF%)y?!b=UUKk%V>_gFQL3lo=fx5A!jSe}uO&;C<Hs&@IF{$p
zzKBw*GV2IN?eD#0Yg`iPYd$^#r)AP-xZZ%LM7(4lp9EWxwn*<tZOX-THXU#ReFbvN
z*WDQ`L~q?`2UXRN8OX^2%;;7Vnf6Niqj;24bmIv;atKP0*5W>k-S7Hb+Rr|`gbX2i
z<>NFucEKv*Vbr7SA^ua%S{=&5Y4o(iF43j<(6Z($_6x3qP`k*E2X$Dx1(@)2lJFaf
zQ68n(ZW3JhIVn-vuiRltDs$0aa1YHMyBaspTncFgNGYu#r4-8Wy8?#q3+eZwbS+MV
zBz;tqj@_-o&^+!#Y}MbPWAX$$J$8v3eMjHtD>kvUl|aMM{Lg@_&7ixQ;y?`!)A_{!
z-ov<PZ5QMsFnR*t^AUu&*9S9rcXPn+#rdM>-mu^rjOhcAQ=5C2+7$b1%6X45mD%&x
z>+OKT4nkqUDBz7}Ha22&q1Ay5*GB$ljeuWEalLj5Kz?-#7E2s6>B-HjL7_r_Ydf_&
zfg{mjxOA1YKAm#jcQZ_&*xHA(K?QJ3J9MwzeLPU+50^QljYMa3;zBFhQXt(ygK$ze
z>JnU=cWnedTZQH+u}(qc55no<AehvG?Yl9!M>|l8d5sXcRx-sV+32fwuvIojo2shy
zWJ!gsZ6wRm#Rp;+8^%YOH54Wl>RNv6ea?Kgs@+7tDqs}Q6oULlQ(P0gM-~=0i1KC0
z^ZVrWzz4yKyD4dXkp@hV-)J_hFYX;e)(a<qz+byyT<rZ*l&91h-k<-MB>5+)K77j$
zZ><`FtBd>Cs*z-M@xkl`yQ0f5%&gaGMY|b~EthnYL0NRAT2Js7&b5GW739a)Yxc1q
zJ>I0*$36A%)KhY7;rpHuJGq+5>=g9(qIW)_cYKM2cVADVWqAI{;6AP0SA0OA0pjBA
zUs0KDUUV~!5T)E?q4AvTp02e_z$VYe5Pfe~;Yu~!0F)fySl<D*mb24{QN^SxVeIJO
zYdC@JAPzvNR0X;i>u$ubZzL)OCrZ2M{s}!_G%)G>;UrP&klv4Zp><f$PxXR=b+~v=
z)+I&=;oLR7&nsgv(=eG76AtbKA>7wtA$|UMTTa!Ez|8PO2A6?Gw9r^}7?u?Xfi@1z
zQM6Rv6%DwU;%8c@afa<j`z#CXv#hlCS?o647}P`p>1aXfd1fB;ZB<LW#Rth9wN<MO
zV~e4k1(p>W|7c{1nZ(q}1o_w0Ga25U;!rZcWQAVjV(z9bn0)H+tVUAYWhgyx*EIMs
zx|*%h4krb-psC198|eAS*xUG8n?a{1#?#J+SCZB(q48+6(sh3-vK)sysy7jS%$%hy
z`oqgZ`0#+h8@M@uC+zKnYs+F6@bZ(|o+2-w2X?gn=n7K6rM!GeKm5Fi@bfTIOZ4i&
zIjQHv1sXpgg}*Zg$N9CXfBq)rD_hP>yq}K07ZLt`1>O?eJJ~8b;qOH{f2TW-M)#*h
zd9)x8B$gOoy(#dm@OTyACCV>Ev^6UXHpA8~%x0R@CYVaFkJQ5bF*j$kp@)fI<_qoJ
zCM~rI%oyn66io1L<kWhyw)H5kCV{k;jz;z&Y6c-{29as&jriAlql3o#!8u>45C*n|
zX~)EH-e?fxMS!&8t`vMatayB;2<81XDDSU<2@052hd|zwJ?>DWT?=mTPpb8&IkQP3
z5NHuI!LIGX$hl7P$c}Bp70~3ijUsIu<sgUkv1x80Jl#PQ5{Ap64b%3ktk=M2*c8$z
zYmu=%P!(+u4dU}E9joct(LE-z$Yz~?BL+X^LJ!$ZmDft$u1>bDB@$(s2wN9vSHe?p
z39%%?j*nn5Fv3I-Vp=%m#|Kn3_C2K9cY4|gQ@=sa<N-?Ngu1QsOG)FQ?U|f=ihcPg
zwr-=Vjje0L;@jD}*7m5{0>mz9VaK=7(xb#t4GSOrsj70!gZAS3=r$<RIKRoW6MgWi
zrVlm=(yQ+heK6fFO5f^<kp7jlFWf@AZ))gi;A(&dTvJ&#%r?g1xPwq8b^}%wJBo)>
zuMJv6X}Djy>=h<<H?2-vpV8}kJ5k@3czvTueNZ}7_#UA@t#3M1hn3?#CBQdP+j6Mw
z6-IOq$NH{~um2^-V>}N8$O+{<^2yFw(QmUkruckqDhWyW(CwbCW@{ja$NksPL*1r8
z0WU8tCpTU3o573uP;<9(0el}DOnwezafOn;7~BfKJn70QN?%U<z<4=L14%hW@p1~%
zmE%ZXj+7{;l9uDp%Nd(mj2XAFo4aR4r@@=3U#8*!4dp{Oncy`TrN<{8QOPJ>3opzf
z)7ZOT*`W4!-kz6oVZH!b;R}%O3rVOkqOPmE*eCvEqWjv?=dnTbyr>jI2TqdBQD{G4
zjJqgLTMPF0R=?}$d?4mwG3;DRBrfv_k!1qTK6rVQQ?U<UufilHueyH8E3uLk`Mgra
z>FRQu(2Ntm6>yDP>B};?)%dSh>PGj&g&2|*^tN#HJ%RZ^l=hHRlV}q<0+)#Hpec9(
zZp4DFSWc=$FSFl&lhit>xIRVW%RUD&VkA7q`B5+brQDwgQYZAFaw7gKZH(n5@1Hfm
zgsbu@zFqNG3|qlTZ9?dT8pxUw&YM*xPuuF?+-=L>_lK=3giyVeKe`bEw6?vbk{AFj
zfuTZ$gAeE3;ug0$g4u$rQ-~;LuT<Zd!2hPe14)~L>!>%AAe}^)vgWlbRxdC(RZOa|
zz6>Pv2y)&UK@P0JZ6Mr&v?&jthi+S+;-=@m;bt^+QOfw;2ZQU9chX*A4E!f&^6cu3
zxN;m(9DKzF-qjBL>WVC28s#!8$S~gBzTiCEu#PAhviA`?`#d_VHcF95)DclEm!7-?
z_dxS9aZ?ZXS=YnU1&v<W`gfk`0walYcXRA-BBE<O2x>E21$V?=NE=Uk<tML^0bk~v
zsk=Ml4(&W`nAj?joVfa&50CpvaXp<pY{DN^#7B_cDk$!vw@`Y*3>dw8mN`pePVOy~
zNq=K}(jF4~T9dDQXswlZf5BEgZlRlkMPB&_rmEJ!w>Wn72VUj~x3Z^4HJKKbaqj;F
zIZkb&k+YlQ{^YCIc-<X=-|}OhA<bZ`GROqzn=l|&sGYq1^MpNxne<?Gl;@N7aju=z
zZ3oaf7o*6!8u;+2_XsTAJqrtn6!l8SHt*&lpJt5D%6ko7%)`h-BS>PdIbP{L=RiF1
z>cFXVk$6SGS>TsG7b0Jnxs~cpY&OqFj+-ZjM_taVO+xsg0v<}@-A5M{@h~xPZK09L
zagE`2WmhIz7`P3Njq*Z?4li2=HAF{{xf^Ex8~Z95SZoJd^*z$jZvkDchPP?^tmc&V
z!E{b^?dM-RsXNcO8`!F=$>FvwLZrtmgnAgVWxmlgF+8k@f1SRkUc$TA@$7`{I5lO*
zZ|CtK``^f#+Is+mU*ljYi!RYNr}mS2CP>aY01OmdIgmKg5r6QB7q3_S(q|yuNMi$_
z&OTKR*l~qz_oQ&%Wk@d}Z2e6fPpu*#CtvRr^genub~w>fGFS@+0{UMAE(v5HZRe5|
z5Fn=Ljs%9yStVz?wiD!S-W!Q#WR0r9YS8&@Z*S@n_tON4iO*4dyucDAx7n)maBU{^
z1%nQxbhJjK87(C~TEE0{^q~?j&Y^A?P!x>Q%OFNY`A%m+<zO;WdvT-+E?TdW7yQ*9
z)1C$f;2KlC4Ye2CpA;T-JyKmCt`)>EUgj(ygM&RV%pZXJqCYu_4zg;3Fzk~Rc-rB<
z9{qm2A?%Y2pdYa+J+6Ji!xyHXVCWqQ%p{(<yn8FfS70f!la`@!Bk$_wBi&|PMRR?~
z1Fm?ci6AhrjJm+i!owGMOd$4vuecrrh+5o5<V0*REe{MkLVt2bLL^SkP&SWZq+Am_
zC?^U?IzCK?>7nk(G93rv46Vr`{4hWITOx^6q;9^T1ynQWmm{2fKcH$fG^W+-{+#`F
zJ^QPOS31m!@A<>`g@JUV9^s^+La5owj}16S1Ty^YJwZxA-gOvptSa|k2;g?_30#Gl
zN1>2k)dREPW?Fry117}Q5RUB#!L`QE?4vB9jDb($^pe&g)6eCv(8LkXUm-%rU?lm-
zF|!yRX~*Lr{A)VQ1ov9@(dC5yKL<+T$1@Ec(Z#L6W`S{&!=wI}PMVG?n=jOW2XBf}
z$&|43Wjx=-HQTgl71%vigmv&dP<^orVZ?mJAG38{=fK$cLa6B^rYbnByzq_nD!EzQ
zTD60%t7p9tY%dgfhdr{#k+qhSuEvqR9VOyi6ezCFNQWiV(Sf4DgCOEXS4`R-+I2Fr
zYhYHyAHK`ZNmHzXt1FO0)*25hmp~<c<}*HW!YoRf=acj+;yy1*FF1dzU1N+IzL}m#
zAhZlquk+$A#m7+Sd%%3dI`ab=%1UbvxpzC7bQ#Kg?XrMgR^VmzjsWrNm`<L-NbxJz
zpi(q?h=*@@ZDN5*`TZn3-gZOIB>4Rk`un$d|1tO-TP8?r^s3k@j6oVJG299)h`Hbr
zf%Az4jMH-Cvl+1g#!FslwV<~pG}II*rDqZ9v^)8xfSbC>|G|<&f=1lGKF_3mja?6Z
zQ!gj@8Z9FDCjBtjjIZAauPb+34CAsr_GHrjF7IAsU&vE0JmUQk9`#*DgH#7viE>#1
zALbcBnp^-=YeAmwkgY2v>o555u<zm)qu{>HzNl4qw_9a2wZH%-%32^%MMe28J4V+Q
zT^$7X?oKxJCK16p=*26B3z3rmiCuhgM06iwAN~xU``w>m4h?p~+mpj13xP32c7h@@
zyF_-pf~IuU-%NONVjSTF<?VdJ29v@g|5(~={Ub4nLGuL$^Wo)In1}xp<vjrCjiKvR
zQ6A3AQ|+Q_H=3t8R6r{a!xIq9$oKn{E6q6WW5G=SCqW>HeW}zwDGWxURO*Ob&S^O#
zFy*b4R%EDT1{5_ZJnmIqT53=6wgUD`Z6jMf6XUwgA?J#2Say%gq+BGd?{mHR>lxqs
zhMwN|&K}a&_<nPUVSL{)eU<S&dj6S@@36aJeBYdqI=*zh4M!GFA(3g_5ss}RyFylP
zR<5nOH84hM33b>)-PS-6Jo1?F*=U~Wmevb04-?fa9<xhI-NZ%meZO>wuBJV8hpL7-
zm6OWK<3|j5d66BD{so4|k2P+9Z$$l@u-6P?@1p5{8fS{N(PB3!E$`wfr(?X-6l>Sc
zXRPO?&AikpNHDEyDlzK6v6cmHf4HoLt;5xyg&PaEg!Xm|vbfOB7q|Q6yoK=q1UQ*c
zH(_VK6<S(u3ap70$dl|+lWV<u!LUG~b{sF~N;9744!jgIV{VYLb|!eS-j_)*>22j%
zUrTit&rXSur-9vqJh?Mo33*lB6}MmH8IJH|HFWHfMKk0Hxtb*hbD;Ut)%As)Qd9fE
zm3wc6|6HAzLhM@j4<>k*;=c^si5#>taGQny?rvh>zlf6Witx;Fm`}kZ4*q|*(Tn+9
zd~$9H=RUL$_j?4UySU!R)|CUG>NBN7URNveX^C2W?)LfY1UYxrl(2ObzP>$H@0D8M
z-Mkf{T`cjT*xbRf&$rF5^D(WZY+Zmit1aF_GQn$CxRo8Z-U>R~Rgc#zJB-csGWB#8
zXyq7uhHd8Vu8%jGIYiQ<$P@AbNo?JeAs~r?XfyI)-WS^4%`=C2_AP5mYJM<ac+6A4
zbn~tzG{=P3UivfrPh?+i;+bR6dnhU|0!8M9BKFX(ZV_OqHpAEq4J_aR;GuoCz)*w#
z$3T&3h1m?RZU`O{Lfy9c{-pKv8+m2}TRRyYP0Gvy(*nZ@mln3R(h5&-*A6{&{7eMy
zWWtpV8i6IEubI0k_!e{n_`FTe_hIBMAdcpLDs@6ZL!cEt46E`##FF0}iCH+=;|Nbe
zys(d=S>Tgr=Kh<I<s%@=I`(0-8Ps)L;SR5~qdm6rBg78p!mE`ZAsM(x4CZe1Cxf>m
zF{_t>he!|a-8+yT@J_zh1vY-Y)GCID2`~frnb+0GM?Na>O6`2s_VHjL{VY4w!HVIF
z*8O3eiF#CWs<TmuwAs9m4I!<59R*0F!G``Xc!YEeu41!wGqX$Okrwv{3t1>kkUd58
zYqi7AG{WPhfXc>9X}c@RN$WWPxX;})e;|DF?<wJ7|Ax<Y#G1WCCXM_hU{dQm`}{le
zU-2<r6WF@h3(V@e!kF|y`+=2v5RPDteXw#5!D7rzyUxI^$N?(@_X+QOKwuclcWw7F
z+oKlL`=le~X6VV{0nm$q&<jiSy2KNU{^WdkVkKFgv?o^m$uM}55k)sk+Qldf(~%VX
zCgRDp@KTF_%eA1%L}w8>0yx3J4zjVeV|a9eC4qf#NkHm>aRDflJ2)yk*hklCSa_2R
z#~zA>HHd|GxWbrM9}L6-UeV!5!UEogA@S;C;-!NU$3laI2et&j!((in_*gcKJs&>b
z|H3$!$c$<erE7`v@GOVV1t9pSKsqL7Z5J_qMgymU5-H6mGGAMt<s%zxp2uz^T_V|@
zBF#3E=1|%ay~qd?m}@M&*e}m45~T}qQ~nqkmQsga^5)nJ6gCwEHeTrv;${QPcmX&2
z=Ce@7^MIS@v7GI(TA$Pd2pRPcXnbO%*3W;=$Eb*$rDpXV8U>DPKgglrMPWv+HQ9T>
zOoz_Pkh=g+j=_ginjIuCI*{**B8*z_kSFQrkIc~1#RH(10HX#=^n5k`#G*erA1Cf4
zTZ{I@sy_i3HDpA0;gfL2+b7UB-U4F)qrFvm6E36A^`I-f?*HQ{Qacj(s%mAcUxb$;
zQHR<pO)O86Hz?(#&c>v8ch&I0qCP(eHJQm534hi2@*0ggEN6=HLgI5alg+ok2u8<B
zcq_Ejj`@(tyk;j+a!Tljc&vSmUw*K_FE2N7a&Uwn%?=FG0o6cNd%MvH|98}4qS_N?
zPSGZK+FWYK68!RA1$d&GBPXS+y8=HlepY4tEcPHM^0AY0*(Z@Dc(rA$J$Qo}f$Al@
zSaGkN3;P%e;|@LqHvT1?yoi*y*jU~uD34}!!}9LuE85kFGzkn&??!v<E*{V449L-H
zEZ)Sa)9}!SCFa)}8}s5TS0}x4Ymp#XoxGgW%&BJDFA_800({jvAV;eYU!74jN%DS@
zu<sh<!#Hjp7)Y{3=2hrcbcCu2nDqGs^KqRO_v}?R|A~6kX8BK;7|g8{ycZW4z(T5X
z;EHh`S$-uo@SFE?S%-XCxkGtrEgv~h#L0ZV$V5PCi?TC<M>@ceRm%%Rd7d4IZHy2a
zcQu(^Isy~e+HwYU!5;}#>&?+uwaGY%_heW_k6MnQH@e3|3Ui?UQM{Po>p*Ke*R=*s
zSajQwAHXvoWGTc>f%9?Tq6D?}DUa;4kSU*?&}(<>JRH)$<>bU~#>f9^QiIk^iJUw^
z2a;xKi&A*4cBTc7z{rzkVm@lJCL=GfOU<sMU}bHMsFxIO<ttR4Im%08y>i7cY3eY}
z^)9f^q?v%utEoA94(!qIY4+&SZ}zfBXRD<%y_Sk$Ua4Xjei=O9EA5ILyTn_#i?3+q
zEdX072VYOw$Phvw_u#R$=r76f^t9IO3-RW0>h#Xov!{ixIo0P9U}girEYW}V1+d?D
zofg1moEE??-IE4j<yrj!%p3<8v4;?0tBW**wI>kPbVdj}clf%n;Oyh;S7#Ytm>cdP
zhVHMxP+!$A$^>bxaB7sXRTJQ|DYElwpgjf2-8x7l5-4~Qt~>xxcpWI|aPr0OG&mVy
zGvb86WX&WUDKZoeP{4ziQwboRB`T|4EuD>&J{|h*OQrAS8hxD!`m$BH+Nja^`im)z
z{}`t+TaDEoVJk~X9I?^=aAB0U(wXji%bQEda(SRPebcht6-QFo&N!xQ^&ni5cpgJ!
z=-_y<PjIkR_o^hmNdh3zZ&QtT3VnC7mpo#tpNs>hu3y09r2))10E`W~YsAY;f|qe4
z{kS5Fc)5rA%XT$ufSHvRFsczSs`7S+5irLoV2)aQ0j3!MGcrA3{y?U&Z|&ijPq_9^
zP}*qNA^vb@A|FnLpQ9I^0zX}^X!!BEEBXb{zTN=Z->Cyg)d7?kWVRZoSJ9^lfc61^
zZi@c=l=x9k8$SXjHKq$oJ;@Nl8E*Aoh({8I&iQyQEEPLLMCm<)O5-B?^C!zA+d=bO
zWeN<UR>$JS#4xHRCT%6b3tRmFLw9-{e)$IlD4aA^L`>Zj$o%}nG>}<iPS!;vSex}K
zgSE4yCT{6mf4QcI+7fzb^(pkwQmTixYI<nYRYGWO$(&V)uQC3xPs3L*j;|oa*R&vw
zJ&;ZTH6|&bAL;S0E}-E0GX<9q6wo4~fR=&+S{heC$A|(t)~^DJ*PH^eM-L|8^GJI5
zK(zrW{ypgS&M2mmT6Ma3nd7Slz`XR80b|wxV~IYJ1ep831YqX=Ck<eJZ0Z*<W&)VF
z<&rT%LrhBoF>js;V$MEZ?iqT{@iOC+1YRCJD|ksGT<&IYwQ)q>aDfT=P(R5an+z9c
z`(%04)fn+%9%j_VxDr$W6*1KP#ZG`CU|>HHrrvbs9k|dq-Sxe1oIX1cAoF{&<C9mS
zf|`hD`DAI-i1d2srv}4iO^NOg1N0v24||;&!2`}X#RHlK3iL_vh9rW|(+Ixgd`j>?
zQG$D&K=J$Is%Pn+PsemgOXhj|k<281Ms!VjGGk?d9~<aA&Dj|Xom!uy6Al>j)yvkM
zg5v1}gtJ}LDE^>MaV=SLoZ4uMfLyTglGUj%a11k2eCjq73ges_$p<0HA3B+>-=nJ#
zI?=^A(TxPhWonLn>wuRz(0(9pcdY3(|2^CEAKWkfUp#aAD+&7l{S4_(0}F(&+r7~R
z)c6Ra$JXI__n)132cySMdDlhal3Z7{12}7+G9V8lGwo9{@~p=AM&avzpYr`o`aP?C
z|9Oah|IT3g{o29W_o?T<-VvmC2`YS52iWTA7=9RIQfNRFq%O8Lv&QSRak7UvrvS+6
zy;3w1&FAG|EhuYv*#b3!<;!EDNZcU30!y)A+>o%ZggB-c{ZBqcXOQ<Wr#;4(MxXNO
zX!T?wKw?AUHpo8;HH~sT>PU3CKuBFqY-T)P(p#wr(m1CNU_FeJra7r%;Usj`KsTrO
zdgxfI69Lzc!K*Lp?M}eW&4rdZ0dSF6F$q+HkmK9|=deJ4lczan<J8VPh{Epq<nw>p
z9Qg;F>UGZaS)h473EM~t41U+BcmxX+El9aetg@7MN7zR&bRr20FFI`{cDCwGOvW`)
z!0;PsCd<E!H=RtDA1C^o`W2Bcl8*00pW1`QZx=?WCGT(;`>wDdv>QjG+`|{cq{drb
zLJN_0rzt}1AlcX1x-9geAHb7{8c3b2yn!iah4fNV+HlbxYRnS^fm&G`ZTtca@bvQ1
zh*yx20N5$L0DBa=GY2r2`DGA0ycc3q@Oo)f!)rI5cQk8wwZw)dOd#_mXBn_7&IMkB
zalGC#us^)cNsrgt`oyc3;Pod2ugz?oea=|XnaNhY(Jx?skqlV5f53L^2Eb}a_1Ftr
zLLJ@0wW7xZF!ks#?KxLSU9dY9sq4N-wcmQl(*eEZsh6$2@ykGS57SGSCj0Xdd{*xz
z_~g)sE6l3|Mu5d982no51gVPjoK29G>>q!Y@pW$;Ux#!0!`EyKN)L@im8|@hMx{r<
zxuIMx9+TCFm3aiW)yY2cGb#$bB_(WCrrIB>UPwmOv;Cv$v5v1_3=Zi?1y>f?!%IC+
zOYsGhNh$z@KzqOazM;X(Zj^pk>F9FwhpuuvadAIH@G;8iXFkVtMg?B>t<P}>v;80+
z9#7zwpK_i8%uUSZg;9VVAEyVMnG}k7@yr_Pmci&G%d-g@-WJ92wn)R<qA!KFAI9<a
za8_S<n*ezGz5#EGpEKYsV8q)btgMXU?b(DVb4NvKKU-x&)CuWO2Q>tqGoWrpXY5Hd
zltr2v8_&BZ6a4%SsVH-#7iI8eT$0(-fz6?TEf>K?j->R)ns$~fx#GWkkc_m3=oeoY
zPY|Y;XPrcv`4VueF_GD*y+%aSkk_SI#4GKG83>O{6o@xGj4d!<@L_)mIq*Mc6_r=O
z$I7N%sV3lHVge3NmT$T}`20{!y^b=f*USE2vj-D+Je=8|{QG`-{ra6g^{a>IS4?ys
zHwItnSGPWwECrt==fC4pFcpw6-%w!$bO|`mt`EaJ4;hBp^N0j=&=S*>z^NY@q##d^
zJP>rIk%FX<lop%^Etu1XKJBFP?xs`#0&l`)=9fTV0)MycG~&;!;m;CtCgU$|-+lA^
zvkbs<V&Bb=<8QvTKm1js$KR|z@y8MTVVw4aarbh+0Q_|_0H5d|fR^nE;|}z18|vR{
zLH`2u%Fi|Qe!2~n?TS;$zfYKC_<<=`@+F{0<IyJM-+wTL55R%s@R>&8)I&_V#$G1d
zIkVU1#_=-V+#g=PZP1@3Kkdt28&85uCG;mT*0TCF*8Z4`lAraDk`K0g-D2wAEvGR*
z)#TMtCRJV)>3DIZ!OJ)&zy&O@E(s{ZF<rz8i-X5#?}J^UJpFze{8$(bKgrft!JJh5
zoGtt7{>1u+sXzPcHUoaTpXtl~nt+v!r}%j~A!>%PRn~rOuiq!zUO(>F_WJp|3EL};
zq|uf<`vK4C7+-0zbM?Eu{5{bhFCT78EfK{burEdAGKP;ti!f4os40VYU$gLHn3?#n
zsa#<L2aTPiO-m->v_$PlcF3dddnx{Vb(@naFefU=Ji`i-+CS4+Jg;?trxj$KSp~`M
zKe{Qo0<)ol>@%vM5B|m8;Gs)Wes~xQ5`MHO=dm<<56;KD@*Ku1Z47l-xUL4PJju@b
zB3^k`u8;NZ49{h}?rnkLqO_3*gC1W9K8TTuTX@L=&9an9cm5a@YC~)ea27mepNWvv
zB?P?zXFeWVn1*T6r6>^_erc@|d-?=D%BM{$m*J6Hg@O~Nb5IX7BGDh|UOQ-RujH%|
z<-vTo3=m{qIF848a}isGIeI_{X+w3`FjR-85cEq;y%0|Z520unz*Mj&!<=tV_@5?^
zFQMkONdsI*1{k482RVg5V7yQMSI2wlQzz7<p(cZWn&S;nbhC8>u{U$P7#8dXlCLPu
z6fe|tJat}|iqifE`J)Xa-u3C?m(lPmeii&qmhRmAWyf>unc!EHoGlc;S!WBsS*Jg=
zHS5m=zu9z<Q{z3zbGrYl<GpUx8Q@nR?*x9cPl?~IuZG{@@6dSd^mxmOs@C8XK3vHd
z3$d`ZwyJtuX>T&e@}(vcsA7Zia~r0$#p7PmMvP~Jq+r(Z(pIT~m$uV$Vz+)sgS(K6
z*WOOhQ?CywNh&n=QK7|9;fT|y@Z%2*6;60NKA$*){=J@g>gwKm-%#DQbziN2{ApBp
zr?JAj*2VjGG@`<sg{_{p4rkLCwWFwJBsmuliK4o0JuCXZ&7lABm=$zlJaz(`T2;?J
z3zoncRD-RI?ikA$<GGRX17h9Avu}YRQ(eFKHWEifYU3jN9e(zucHMY_3WxVsAwAjG
zt5$k8kdEUe&@ZUxHnY&&umWAt*cUe2mXwO@TMI3I_Ju72m)roqr(1>QW_%2{j-M|S
zzQ5#JxO-a$T%H)_FFdmNO4K+0!p)+zgD>0`Ehj$3K;gp}Gr^DNFy4=KpbCfIv8^jA
zGfhjbTv2Hwf9>RN7W`#vZ_9?4a#oyR0)MaCvE;9`jrX>a(rmHk@WdL-&p?#Mo<<1~
zdmQ+e&}T+#Z~EM%(?|LW#Q7^BPEtH{LY-N0>U=v5b$G4H!c&kZEpd=E(MMX47;jBC
z^UaMo@&fz9`?e)+9Ci!*-Z7AnV4)R$e|WyX@bHq$@iGH12}KGiMcx++H<H8@339}u
zNQl@+_<kn7KO8@wh?h3Jyc|AX!r`SIFN^W%SWx2&v+%M6pI&FA)Gw-bEWWa<kqJH}
zu>U%7Q|vK9t16^bbSbSlD>|S4$d2Ak&z?np(o9m$cs2g|X>)J-d35^mUxk2vjetq>
zg%K&$F;JbK(y@VS-yiB=j&Ac7Z~Q9YQJbRU$3fMr==`UtcmJ?L%h{_CJ6nDOL;A-z
z_3q!4r2g?ow~4gAGag;&;q5mvlzv;+_U_-5r2d_S3bBU|+?2|Xz3orNteHp5F?79u
z3lkz5<6liT1Drt-u29Vj%0+35C|}@}wh;rV(dw0NwsWkn!7JZ^Ceq&UOa`MJjTJHU
zE}BS<R<;_WrEt>wV%A1pVz|&pma>{<7XaMh_A87J&k#O}NUP`AXPaZc_7!i!&p7s(
z2F-ZdK#V6Zo@FQ26E3jWrR{#{Z8V^M5sn+I#AY&>QhsR{#`}bZU^@x_NZ+>mD>jwY
zjB~)CvX79se<fG3Re9)!{1P^F#XgKOCP;^~%gl?j1U&C|2Rw8>#AT1SkQ-JavdIlA
zxsegQNxzXnZe&KU(r;vv8#Zz*lH9P78}?|fe#1^~WRbIj<VF^`ksaONLyWok*`BJd
z#q*pG!Oa}cioGj6_Ri>f+;8j$5ns*N8{LQkDCySV#x(O6f@YOT0H{s}kO4my#E<!$
z;^(oifS>QkUjaWKlSQx0Ic|lm8k7z~I$~~1MT|ccG2>DZb44m*zLAQUEHwo&-8zJ_
z$&H-oJ`F-S2%-B3gmQHVt)tI)dtoHB3+4)59+%X3n3P4*Ps&akK1b_&!ROujbo=8d
zf5xTA9}<*>8c>*DoPBE!<FEdB@vSJ(`oPZJh@FE3J3t4tbCdA1trvczJAZDE;+bo-
z5X@+p*;r{4F4v;P0A}5ZfvmKSUYA+ny8C>wa2qQ%(@&<OEq8nvn09PUy@{N6%@hh7
z{L*HB;eVnt@BsAbf>4xloruC$SDa8&07yVd=H9tZ0}PYpxrRr{xr*R%qb|?T-!=LZ
z+BQq{2h^aj3K*IrZgFP7B?;OfNJog3>E>1}1vB$T_y_FFQuqf9O<t5f1Tiy<m@pjJ
zFl?0rdswxDm23$4C&+kzh=xqGs|TGkJ|yPM{`l{#=!fy&+0jksRCFzUs~7fWzSZyg
zz!-C~{4xM=&ML&8S;wE{oZ!!*;qN^Se^w2D>oxpkB=Fa!;V(0RzeY-9+gHTjsLHc~
zzYPX?7%@Q58vT9(a|l5{z05=iaykTU6oPgN!7K{F>;wdJ;EP-e!2vo1aibynSR8`(
z=n(_#_8DNeBmO%ly5XFOzLWp%1;6e8R{My*O61?v6#2)bmwz{(ru+*mPr}~Yso0w=
z-MQT!U9DlujMxI~HEF;?EFK5!t=6z<MQl>+{ZqT8&tn05FKMz5rcFZO8lvOAH1O6f
zKV9G%^zUTJxsl-Qs4nl`MX<f8%ex0Oc^5|=IVT1f<8c}XeeM~~7j`bWU0~l@V8hGH
z1(>&e7ccF2S&UD=0|;4=g_kAxbVhGEXw^VigBe|*+YDQM2v4%H|2lq?0edzB_Ur_E
zIzAf>_^dmpV)4$`d*PCMy_Y{Ek%u>@$U`QrJiPfd<>8mZqea7GtA<CbhQ|gY_$VG<
z({5!Z@c36v7Jd~xj$Qgy@YrRLf9(cHTBG;sNYvIBGNaQIkhCR3(w+>-tYk=L_kyHB
zE;2eKpNm8CU>uSk8(_H20K>NpFswI-$yd*rn0&9c7aady+uNTA<)e6d_Til<AH7mX
zyTXM&X1JsO;fmLsnY!MdUR}SPVlHk@F&E$NZ7#O-HWwqk%tii8P<s9~?O#S+pW0r0
zHOXGQGud98Vz3uW&%j<}b!DBIYA=3nKxEW_$PWyNY(J-hanh^3kT~Mie(lAHr)4i9
z9xeY3JnH7-mK5`GLvQnOU2pSoO)vBDjPO`}_1VFr(SH0}lKpr`vi&F;>_^WT*pIn7
zBrU1-<6#2~_ZndMzCkdqKWBpRjlcDR<In%rul-nYdiLWT#D0`IcnV12=zoOM0_4|d
zPfk7)B;NbrS+OVA{GUD9FHZAb?uFAse@$;s-f>#?<Q>GGJlFU<tM=s?;d9-6XUo2f
z{GWZ<Cp?3H=>^YQ{(^YprS7WM;5VVP5)3DerIlb9J%Y~`o`fZg)?LP!c&Ryh^<R4V
z|H1dTRX;qr01T^_RKj&v&=L;3L`yJ!e;V~)MZbRer8BMn^I}@U{byAF_19_rKjZp?
zC0hUgd`A5rtM&iSXIlUHH);Jpqxu((*ZP0P_3!a%{r^)+{c-UqO6&aS(eW-u!>S!3
zh9AI~F5dul@R_7YWS1?}up+Cis($ejEM1U32Tt_^2eh&^xE~^@Ye_unF6BoU@XS5Z
zxo|YJ$w%^8#gD^H*N($YFVXW{?Dk`DlkIW7AaXyGFcz0J%qB{TF-YN2X^Zlsj~IH6
z0!1svQqtQYEhandZ}}LWN^>4%>k>EI3Yy_}&%h<u`r$F|z@q_LzvObf#7+3_VPav^
z;zA*`HUq>CUl@sEvPw)L5IYQiEwL#4wZ=Ze_i>lLdpLgn1H8md`0mT$^CjQIOWcI-
zF2<+d21(_^P5AB-d^!~dVtE!6lkHidGJ&6wXq=v|W+oWs*?;xi6ng}QBxNw7SG`DD
zkx7DV!w*~ZyYz=WI*tCwicV6K&tFZSDy_pqb{I1TlSLG7DsJ@^*ZYcF)$$@<HboAA
zT01HoB(bAG&(7%w56yz~o*;Dz(n*loNR`ER32Kv;;j~SPC}DIfaR*HcuS2ro+2%N{
zXK1vZQ9|DD5~clq+=NP@wN0nBRYd;@oz_6K=>|F;r*vFspktX%#|A>jvLre-0UZzX
zg&WD%f`I-}K*uIR$0kb0GM$bMOD5xGf{s4C)alr;<R+kFS%Qvk=wv0(vB^NktCHvl
z&oW~x1hk75(c10AU=vXF{D4LrOBso%?|;xb*5fNoMLYUQqy`?v#6Z_=G%&}ojc6o*
z{k&;$B_A#`bL{FJUiW79Nu0)Wk(k5Fkn1Nf#=NvXau9d)51}aVN_i~0LXJ3v`{OKw
zezT*KItmn)-fh&v4!`&Z&FzS9uGi?(Xj>u@w<8#*rh!Y!;CCewq#5XQf_NcS;&?ZM
z-O{so6f_-d>LW1W(>w6QO^K++cVkG}aG52x6aHFbThI$Rh8?d&8Z{5c5~txM(x~}z
zC~?VTyhIu`7vodjOK1d_CHQnal#s*LJ^&Q^f(bn0sXDN@1QUX?)r3AswdnmMihY@l
zE;WS9?9o~DM^^L}`Xf6kB-;4w3rX}Mc4glLGwTGid_4p^`aC6=r8mK>27+ZI6D%`{
zV79&q_S!KrKvqJq3_`F>N-$e8!R*Nd%St9#b`rsIfnYhOCYW6(Se8z(Y@J{^MuL6(
zd&7S3>GPL-p~$X2!bv;1$fpjW;(gI|M0A~CL;pON<l=vyj=vTp_=}ZZqLYCHkFnD4
zv|DjLV{1snq&Tk;9}u6s!0Kb`dPMh$1(ylZheG6F#sqoxKVT;F{0{cv5s4AoeN<z^
zHD2imAeF=jU%40ar}>#9La5R1EAA59A1>HXDv$h!ACsr4UiW((`<rIJs|RH+Tm?Uj
zzSl$15nV{hl0it9%+52D+4+`ab{3P_xy;DUY}F-DngJn>I6^XYmj0qggUV+;8dPFE
z8dP@o#QWRu+xU9#m*D5G1t6FGHXT1NNbqw4AQ`;@lGzI&wle}q<a3Sf&kjH`bbw^W
z0b)xAh&>q~S;+v&P69|=e4H8}b{!yDIzX~@faDkf^1J6q{_+V$DOOcS|Nd;x;&Owu
zj*rB^9zOvsy;uWPB%1G)oh?3g^(S296NiuagszWOg8Wez|3C~cH2d6Nuupyy3h=p4
zvQJ!qCCNFMEydCmvC0eVtgp!{PtAQ3mwdgf_dRkVU?W@g6qy;c;LIIfWUFy4RyxRM
zb@GxWw9Dd^mdSL#pRAE#(ng9R#TMV@pKO8a=s>!!K)s0B7xn{^HYQdpGKA(P&AoL$
zSYGXH4OyfJFU;f%TZF=9Z2l9tn;yN5!8B9Q77zPOQ{oK5G-tkk_`pGOe|l?XJ8eqy
z1??&f6#T?RiF~psA(A*@<oup?3<0`-2|a(X-Ybo(5pg{ti=3G3@|9eyt=HDk23hph
z`~z=pq&Kb6TM=mCg&Ab|R$qxe42avf<hyuj!%Hv<+n3D1OFLc`<I|g=dDFA-vIL(_
zf<kieRyMcdI6w{oMRHaU_p7c3fE{|DfPr}Irf5eGsnizTN`KhN@-6(xims(UvZHU1
zl?Y-{&$AacCC;d#MLiEJ>RzWOQdSq7he-j6B?|FWOB9=a*=vd7<zM!ZUm|He?dcSN
z*Yyo>vc6Vn*70p2_%6`#J@nk*+meiLZJ%tiRm1nTIGE%3Ua#*<^uqU>6gjq3e9t~j
ze9!Spvz?jB-XRF^I{4W?z~`(=!MBYD{2T}XnB#SCXRH2V0J&9f(qHjrE4`UPra;J(
z(Fq#JZOI_FCxbjI8RXeXAkW2HITYmGI>=v$gM3dM<U4e1Z_=^ds$;vJ{>ULK!s!kN
zof_R`pMF_%fA+Ip=x+a6uk~T#e{4yS*Ec5MECQVU;n_gPxIZcT)&n4~4=lbP<u!+4
zzuDCr(UrR59nsa!yCQ7p@21nm^*>T@-II#z`vBKR(#!3x6uFII#8Tw;l}ul9dl+Mo
z+iRnvR6HB*by@+W8%1|J8~UBrvWSuaoeW`C-OwN4qv&uIQ-{TokEfpr@C$U{Ysb|A
z_jcvr;C5A%XVb;zf}~T{`3BU_NjYBz_#a8}@6+Y`jcnCQMEMa-zDIq~4iaq}(?{!x
zenn=RuXvL<HqXh1j*>mK?Pc<?Reoku@d2MZ=3#%cR&ebXLJgp4V}i6U_-=G6MW;1-
zs7KQcO3zu<4L|R#8y<<X%`#m#EYSJq9-V*g(D`TPSJe&nPrfYo)IQsbdw%?EU;fuU
zsrn!t0~z_ptn-iMzsf%;df`NhUKq#p(hJuxed&cl#-JC{@z4LH;h*QfH2?h7@fG=}
zG)aFPW2=@Kn8-?YuKQ)8&eLO}$vW?R(xd5~k9y9k?s=xS?pYaUqD4CIJfQQ=4|Lv{
zt?QntXRLeLlrPIYi=XbrJ-0rstsjy22Y6AN39~K-Oe_P|GR$2P`eY`iz?NDCm^=#1
zF`rzX?`Il-hXgsd4L9*fgqRYN@wdk7<Pj_7B8m0k@H&fFhv@XMgD~2}AdKF<Re1{c
zU_xtV_Ri0=^(k#@Hnjm{rT?^AfFUza-Guem>P<+B|M1j*rT>FQ_u2nd|E2y<9+S5J
zSbc37qpdP{OE$8PdRO6QX`2w)Uo>8_4*jYJVw3y3?@3aj*;wJ`CsQl5e3c4~{agHG
za{t0JRbR<wHgtQhD!)=66Xy|aDgDzc{Pc;l*~c{Tkg>PdFe&!qXpEqUr}xsvr(kR6
zs9ee0?4xMEiSmU;|AMKSf5E-zU+^hWa!R1k;9n4&$4UE%Z-GT~#QLQ@HmA1_z|OQj
z08!lsU`BS_TdH@U1@r;1P#=J)cASqS{G%4m#zj(Z$!K0`VylYL!>4Xu4<D-U`BD)U
zU~qa;<fAW~B4m5-u+K>|{)GCj6av&~1h5zgkY@Z3etqM=)qV<ZwZ6uG8t#=s&p?-V
zvQ<TDAMOjGrZ3XDFp&Gn<Nl6(>Ty5C`OWcXfd8=9sg{66L?VBFSsE-$LxcHWng&yC
zr^^F#QtYd~_@VGD^22qHojE_azdS$a^f-PdJaKmD(U@_%Jkbw5lKG?HtMkYI)_h6+
zAo{P@M=L);p9!#el1v;ROO5E{aeT_rsF(?6&FyGT%*8+RaGVzN(yPuDCYoug1g(sD
z>>#g`Bu|)21CPT!9xacVNtVaEX#A{PgVm<7e;)0lfn@Z|{j?Cxp0m}&o5vcOXdJ(i
zzMA)69KXC9`x(EVKJx#<_&qf~&G<z=wa8@-p6Luvp_zSAJId2@NvxsG``G8(*oU3)
zTisB2T-w_H>B@a1J2?DaxsPP1-EUsGo1{3#*rcCY8MseU9B(DLY4_*5+G!$RKAcx0
zPtNC=Lu_5;5HV~$#?~#&3pLq8d%Iy;J?<FqYTzTs&BE)3gxYO>Oki?IP#Y$Nt>(ZY
z_$^8eLTI-wa6Xl1AdkKwGTV8zK~UQ;fA%rk{PJXZl`Sx>Z0$r$pnZ#3VA}jl8(iWk
z?}=7;1pj^~!_TbqGn?^NCj4&`nN}<`)L`e`4Z(klOcOK_Ln?~ljLYwLnS8~q(ep-{
zF?~uI<~lFp+{YH$iZ_uX&jQm~yeX0I{8)0n^Yaq<&W|nJP7V=xr8Z1?zAChf{TCVb
z-6ZAtD>UW#GTyAVc?&mj(ne#-^9H=uQl9HH@G|5s$$7ppp7VTToD$5j=z~4U`Nz`w
zcOg^#7#~XSaFGKJ+@2KV2_(BN@o!g~MCKUrvHCTc@9*Q0OcCY5hk9TV|57ae2qP^n
zyiSWG8jq#9P>ZFxutZP!lj`L~w>Jlp?M*Ig7@P3>A%0=0uSZ9Ra0cDc!^?)oRafBR
z4F;*+3++?pUxSM?v~lE78h@$}A5P6@n|6E%Q$Le_fXJ39x~^*@^jy*i`6~@0^xS`O
zgz_Fvj8LL=)!$DVqAA6OA^Lv$A^P{qr1+#~6+c%m|C;dAwc^zHxu)pU_<3%{ImXX`
zWnUA1-hJpa@WWnxYWysHsPFi;`7lU&3IdgcL?$bbxW4Hl+0Pvq$X1Z2*t;SyREMdK
zhsU`<H9zwOdU=vOk;J2Lzq0d3J<z(f(4-?|z<!AXhS@Mf9VdCYh?grBWk<EyR8>!w
zN!hBukP#i}TzI|anwl<C0~u0uO@)3XXK*qs0-$p$FDbp!KH*Sd(>}fu6?nX9)zt5g
z#*K~LKxxpc{OIILq{1$sLRQoaUx3w{D@siOEalp6!*Hj3W~)pee>!QrX-MJE`Wx^g
z)Mg<A4j@P~;`c8(^@!hH^|g%n{E_{PxVNtn|If0-h~rrTcsrMUtD9+V|5O|Je|7ae
z@J}pDl?PFISrY!EOH;1zO}U<xay=>KdTh$|6)D#jrd;QwT%TB)d>u=<-m$cAek~yZ
z{ysx-zg`QSk5RL&PR!^<Ls*VvNt|++sj(PXnQU^iRqx}Jv$-A<UffA?g^V4<R<FgI
z@~s%;IhbACiupsHjl?YSM0Kp+&Q|{qJie2+STDt9@bXLt6wq<;D;PmPAI;t(5$xd+
zyfhm#(8Svd6YFJ88gvJ9)d-<AW?nA!5O972D-849yfn$f%acm@@GyoCHQLdVE`sT)
z?6Z&c<+4wjNyGdm;DI1?=ewp@e%yZMD_|l!yWNJ*RZdmwB_B*MKgFo(BLun3F1k9P
zfez8FEO(NG8GF6babDW4Echd15~MZI5MG8R2R%_tz_<$Ly`prmc#~oY=0c@o<q6%@
z^^0>b=i072$sG;O!~c?R@-v^1ibx59oGH3H*hdJHVhRVYB-hDSVU(sQrgfn9vY@U3
zR`p6f%HLnr{NxWI3rcG^OuIryrW(%?VwIJm1;c%l&?vn0DLD$IxI6KzKt84wRy`^V
z5^<D@R~ft->VTJ(m50fh0@B{Y%J6?`)jdqBqs?8^5-Wp$7IMJGR<c=T?<YTwgO)|N
zvqEc1l6GP6TaX2FKo&UIx_X}Oc};UVvU15e!ld^b<6+?KX-bQ3S&Tf5b)`IbXK~8;
zh;;lw)ceK+LqN|+#;~uGBa-;RY~%+^oF6VcO@6SP3x240A(bEQOX7zkKTPF^_B)LH
zF!)b>@B^-!0}XPWT2hJQ$PlQPC_jKe&=}%(f71|pq&GwC(HP=>figtY$PgnAq%uSX
zSxM6C3>Fcw11#~tr$&}={5>s8G-)iMbAtz9-7al0?&P<Vo&5hQOEd=iV2OVP`^@k2
zfBNCf`C;ns`qvL1J&?)|k=u;?VELb~s2`sG>#6m_ZDncn!v*_KPe0u8iIEvBFaQ5Y
zKh)0egBkvJ{{QKRbE6+hpX*;gY`!;@AO1GW$PY(;|5f$F%9l>9AN-|h^n-oh>FS5c
zQ6o!qzV!bi{qX#QeXztY9_(8`keQ~YAzT*95F?0&AahJD2tM5q()fWKSe@p~XR8jU
zV~Gz4_6Dcnh)KW^tBo8X%8Pq(#3~=Ahz5PoMSZrAFoHaR;{PTM|AI8d19M`)|46|9
zS{?sBlU!;aTM7(t1!+W%hW{%7{#Pa8|31Wj4uyXy!2cjGPcS0?asvCqycAW$U+S<A
zmPJ2idhL(Wd_9Q&xrp}VCdvT0h^AL&(pwq_9QqC60KTHsP8-LEy%CjXy^Xl2qfO4=
z4&daRt-6<VVHx7VM%V=V1Z2;pS_98yL@@xRt}nWj@4u*_^+rZxk1eDCefX*)<RrbS
zxI7lEXlX5R_65eFjItAt?$Rf~qZVYAQaf>j*J}>m0Tl{T5As^!UL&(K>ea8N%+h~1
z_bi~@tTH8abJ0&z)s3Ssbpuj~cx6NF(6|xlc*~K(TO){9URvJ5g&dMBO1T#^t?K^X
zjx=RQ-S<&W!{;fFuDUOEy&*ln5e;-}g5m0n3^%ebhCAP!hT%-+es$2UQ|X`-JR9^+
zajO0)PtiYOcoc)DX9@oaQl_qdZZPT}Q3|H$AJBTe^iK){x~Sd}r9;ZPpT-%mG>V-~
z$-jX*3i)s94{}X{e50m+FvETEt>lizeG7i2ai7nwwN1z6S_3ZqKcu*PIF<dzGX^b{
ztHlr8XX+&n4En151&t#nG6{V}iqw?WE1J^!**J|M1*s|evQcwQ?$8)gl!^@MtEtDJ
zzH);VRDGR5ne+H=ohf<gedVe@XiaF=nX=#BPnnmVD}QXzc#eKG-dX0##9|+1&h@)b
z#hkyI+b45A1&>y7)2Ej66=haV&NXpTp6MS9uArjtxw}1RE8Y?P1b)gh96WP8bgY1V
z6iKYMzDBkMJJgop6LO`d_Jb?;l3mzNscGe2vID4?FD09>a3^xm%D`>13EM=r{*-)I
zL~7x~xgI`jeT=OWAIp~7Lc47%chy6=q2rl>g3$4dU@#KR3>`BEJk_niyJeHW)QeKH
zGVA+2YV12lBd9uqw+J#%mx3|K7YK)-2VRuNnJ~1(bwDk(+#b6!{!**<(uK0gFOM?$
ztGfaY<ct|PCsh3RraQAu=oqrbj)@VxY~7S>Aw0@0wQyHh-2kv<ZYw86B8t`B&4%zy
zk5msgAIbDet)X2k_d1RWw|N&^=Y7P^sjXb$F|V|qjt)F<9fB)5K3pVf=2q?^KN-9Y
zgXCq_YopXfM(JR_>kt!(ZtjUM_~PPr^=v%8GgM8!i6>>EmyviihoRXUCWS{~VuVcG
zu7$yEDZRq`SSD>cyaBC$cs#rudw0$%7=lSeBu|@KE>Fz&%F6};M~nw)YnmtzE14);
zZ{pqCf-}8xAlt!{J)z*m7+(Ppd#QjP<hWlBbQuidJ9Z&2bvJ6;GW4b34jkCgOR`Oq
zB<nbMk(WM1_4wIO^G%avxI+eeHreT+=bfid_573JR(6}Lm}lh^VpFVxiHZ`rk8mT6
z=O&jqIC*-$$Q%Z`EF1!0I_zWX%JR5Sy`2knkS+Yf6G0%0OegPZ<Rd4Nck<Wyr8Yrr
z5W?2%zycnA;~xH?IjeC0-p_1H+P|NgvVZSqBJj_6x`FR!8vINfUeg_X`Y>q+A0OKM
zObeE)ZQ;L`*uTHW?=lr1@D;Zz<+)}P#t*sey9s}YSD41W^e6S%@Jnk2>1}DVARR?D
zIX6Y0+4=B&&c%E<0KY&S{yN)&DszndGR(P6PDX?WBXHW4kADil6m;@)XnMjLuk)5B
zuXCyipUlLM9l1D}@H%hj!^>!y^Z4*IXPz<xN(I@I2T=S?0}9OdfD@`V1+GH*HctrW
z4J_^o9UH`lMSCaDj&FniJ4Lp%6J4nC(QTxF)ZvvBr;V+x=feX8!3C<(x{_yF)DE~`
zuUMS6ab~tEL{<yxL*2m6xX;6Nt@W_gFA_)uXcqb!44#G!%O_4F%AdLz6SWP=C?p=#
z_rQbK^-m2C{&)-?{MMvpx-~qw_&7XxRI4^PNzkfXJlF8fai}gfheNyF9@@(oo^+ms
zCt_-4zc>naN2k{0?S{Jrh8v}y!41}M!~8iI0+9m+fd93eJjzNRp@*C@6y8M|<tx9A
znN7*Ze>rtV5!geTtJ=*9s*kzShaf1)^otKKR```FLMT|MdFL23Q1Pa!O>Fh0sO%>b
z!F0p!&^QppIWpfJzFC#ZyJOj}gJ@AZ*$CfV-TKfQ2$OszI5F20dnHyFy98#Vv}tB&
z8ve2?-C&rY-e2X)Gii_Q%17GGrEoJfUlEv&4yiNLQ4;FT4-VqxDbQ>Vn%zyBy##&S
zB1%EzU`}YSE!1NTTp#MO1Vy4>b8UuK10~RbLhJzD{+55(?G2ZyUWw}_Q8w`lrkhw2
z%_xCbKV!lPrL>a|{V3lQ%uoj0mW>Yb4w~f%O56M}4#z;R%ys+1JQO8#$8x#X$dGv1
z2;2qp<H_%kliZ?npk8(tFRd4(t%_gBHIdje$DxwwweZ?o+Gzf;ySnS48XQeF(V&ar
z_2@lnU-1n~(3~zpBYOlCE=ZsA@&(cdkpmzKw&4hI{~vo_9^X`z{+%?TO`&k3vQ(|o
zYSk7ITCCbY!G<PqFC<upMI3P%i-?LN(gZ;^A&qjq1{s&pade!~S#W058D|D&9EGOP
z1w>Xw1!a@vh73?Z+EQrqKF@RRO>UMhAdb%G{rw>(>AB~g^K9oi&vVZA5kI#+u{*{3
zM4buz+&VGv#GaHV)|wYPvN>+~T6i|w;k(TQ3(Dt${xt6!`jI_X2NuF)1KVJ*!QYJz
z^u+P5k2!cD#V4dBFmbR-8nXrQQ|FL@oafRc^c0udb=Ja4SJy%t^i7!E+{$_aVLD{9
zY~Yr|YP<ZTjkDD|#V?(lZLbaan*t`_Dc}G&O5DmMbleuNLH8bvv-qh^JXRSn;D}Fw
zU3i`B!dlNMunUA`;NKh&VV9(D+@8PA+E7!>**1ZHlO32Eipn3td$J3Q(%t>I<w;<<
z7C)&|`w!rWk)=FM$Rw}{1^OvTTJeBf^&BeM&=s~^9bRz)?+Zv_1GO^3RDeE$SWRAS
zBPvUY5tlJPuMCQB+|ILMfycQ?z;SItb@E~j4r4aq5Mn*D8u`^<pu0~!RkXqeN!-Mj
z$(R6l<OX<;-^^PA^DblHRAQAw+#~-<QXg>N6j*Oi4r}0!z<N9S|3%r#jvQ;)qWs`b
z@H7v5g1eWdgPV02$0Z?~X&y8snjB3Nro5&kSI1TKg)xes!#>IgUoJ!pJE<U>+~)NA
zP_u`=R?-G#a1r0r0#vc0Xn;>)6OZK9SS^oba23}Y@Tc1*;l}*ei;2SH+v*3Vi8rY#
zeuaH~jUu(YUhs{_@<WfKP*uDEe;DG*&gLp!Zb9m9;VRyz%YK`@4P3=m_$VIp>`C#Q
zGIABw_^mM?6cNaHO78hOkrD9$z)w8f9y$Io9LV7{;~?&$K_oH!v6?4RH^5M)A}p68
z=3c~A3Uq5BIE+zxfnDfxaK8<t%zg}hnt}MAM|#YD6h1$WSc^w{@mZ&4PsOi@OM5hf
z&uX1@H%Md`cySTDn9n-KXVnG%a|Y$|sNDS}BH0zg+aMX9Uaq2%Al6`D;Tg2yRY}2r
z!@q{$pHO#$zr!6ixAI3_1cufD@2$F$&)Pg2tB~D>Xq{F4_^fTS$KzK-My$%mzutmi
zTKKIH|2PV^KHTyJsn8<<Pq~M;Ny0!r9olJzrpduC*oTzhCicM;tYsfkgDZ=17k&yD
zLhx1ZGWe=xwCk}-R`3UJ1%GfItcQ=P{-8CHKUjwwth~04cdAa|eAOw;h&^xqU-l12
zmC*T4c~BB8<&`lzLO~j722~e0d$qSg;Ko!3cZN1t#m7p6+omY>*Eazj_#{Dp3bsMu
z)`J%Y#zWjFh?RjyF44#C*T<_1>{M7SV4cx=lPNrShNiCMU3FQ9!iV7-v3|4c*_{qf
zn@(2*QdeL?kN=xL^`So(qGwmktDaXOF6qlorGTFc<~>yBX-ejv+KxIe9<}<9CR;rR
zVS(=c_{|#kPn55!4e4}4pSVz`TX5^pC(NK@&*D8w-{J+0p^)cP3HQ{;1{%~|^jz9v
zUhfa>q0wHzMmwxT8Li?8?~=DRrRW0pz+*$J(y_yX;8YFuUx*(Ef))>5h#xDqV1q^U
z@z(~mf%lIo7<h{G{$X72ZtOh?p6IgRC=9U)hUmtJeBD3NPK`P-vrhcOV>`*iPCiUh
z-gO~sc2QijRA^?0{q9Jc*aR<F*E$5b;HQUru!lBUm4}cuxBszi)^u+|*7)UA&u#<w
zik?ss_W~F*ur|G(gMNAaI<XQuuX3URy+R#YclMTFXy0<;t+wCthenv#KE3j^GR6n2
zar4J!A3`&bfRt9CewQ?41csi5cIk>AFQSho<jIaMN_Pr5ZzzuKZchVrcMU$VFaz0)
z9^TN^$oz^$usjc4LmzXEY6I_TwM&k5IW}&DOR!5!LxCtBL{T(wPyNYAjZX}V6~&8K
zFN5NG;jtI2UNdwNzPI918p7rHv5MpmKYDLaM{^15CpS(Ibl8tir!?!SNdC>S&AvF9
zq6=O@ZF;db1LNBK1KMbrvqWvdWbDQ>OvaGWU6-}Z=#|h-aYMDqb%l0FH^z;81ip?U
zFH;rdDBR#xSYY;^rX<d5F)EW%20T5ExkjAS3)H3$YqKV<&F*i2K7_-j(cL@Z=Ke2i
zHbQNt^p+aOwdb%|U$t3p)~sh-vxl%5LXT*b_|;*t&1~3gv)W7%l~>}LU53s67}MJ~
zam^Y|Kr@fpES)vGE{-4@vDu`Umwpu2+cIo+gWBw3*32B&+d^#CBj%-F#`X4NY<93E
zy0-&y&9290l`YZCx-70)8aDfd+Dy^?jJRg|k3+K=Ezvx^J+9eGY&N<jnx~WFn!SY0
zvSWJV;{<6sHfuSfG*g8C@}aTK1Z=kLO!Q3W#x=VFo4u<xQxu^`+}KVZgJz4>W{Ty?
zD2i?N2{!u)G#gq)OWJ3u*-&P4Z(PT3;1dJSL{oZTT*q^;ndwY42}|Q<GY*^WIUOwp
zkH$5-4x7DC0Gl_wJ~)>J4BkHl#$TRr-^cK4uT|==E0H8}QH24v?I&3b0RtsL3p_eG
z{OB#+pwXr5(TeCt_1Z@(D7S;39-n7WK23*D!MlQ!f<F#U3{D7+3;rlr8XOaJ1V;t=
z;E13tI6PP!92P7J4h|LuZwwX$2L<zj1A_g7{en5ctAp9Bmwwnwda!q}XYj(HIoKnZ
z7VH`{1(SouU{VnF95p1bHjD!_%Jb5DM%R-S#4Ws74?ZrqeOu`ARv+(L*Tob+_cR+_
zoVZch!)y+e!VWdG)+&xFT^$o27&n$e4yU>00}*Mi3m;k?yhOmn+Ai^koFh?|#O30}
z)#9fVi})<RLADC5AwgW@C~Luk5q$3FEIZXSFWrH$$DQIK*ncXq+&cqT&eO9)*sZYj
ztQi%z^?Y+M`-$Sg&GNp5={kr0bTBD@2P_0?FRPc9PJvY=8Ra2a-VKzyU4sok@#3+i
z;t3X)c3n!5XK?uWvg3GNvx<VtcLoY85XGR@Bz`LUvS8DCD7bS<R6Hr%!)0m@`1m$<
z$AOiFUgKqb2rN!x&%*r{Cgg&jXa^K?pOsx>#Son>y{lO5*`McW$#h>7b4hdAbvj*x
zKgE?QNX2=9=NM?qjp$-64iQevPhr=x8f)7w+^b7QUwO54;n$ce0oVStb>Znsc(?m9
zcuUn#%m}*YA;bsP0XU!+8g~l$HNl6h3qwy}t9#$VxVpP<q;aVYJ$P(uZQN<iuW^<&
z1dF&8B__KxG2N+$ErxM5yl0DbVKcs*^Wr%i8@Fnc-Ey3Jb~JqP%Vw*-3coHv5E@TQ
zo-5naVs<A>B}VQ~De!6<;9ZizAr_=KEd6HQPi~4o09*Jo4$2Ae;-}&|n>aVy=oD+6
z;%*1VnVjNDr?^3$xSueHc>-j%Nz~?;Q#|6pEv3@C>kY}E&N0WvUh~+sF}Npk%+*&U
z@ry<p(Wff-cVdX5BXJ-rFjSKb<(|UkHOkO8q7!6xq7sk8{N;N2^w1EMN6mC#G1R&2
zesH=|tjCi-(DD>b2ty)kTH|0>F8^I91VkW^S4~m$l-c%hC8Zv-hpY9|Td6d65y5KW
z*9<}Y2CH*l@9@p<;>_9(By(nMbBG6=VoTtUEtoC(2L6;3JitB}g4@{#V{kLo_vXW}
zK@C*4`zKCrB`6|(r@GyD(04?=Y@ov3<LR^t!d^B|<?dVXU10ROQZziZ_=#3<>dFb;
zvSC(HaYK!s^G;^)mZxtHU{DlWCldl3eo7%X3_qEuyeoc64Gap!(P{Z;wZ1pPpdj#4
z3iyrgdl+~|=16YEBy-m&VX%px`{iV4=dyt=p<v?!w}PO5Wc3G9OC+P2*EczQmkqf-
zS9eQUn&i}fVFgE?;OP+(CGZBl4L$^Nbvo7_1i4AmB6DowKTNTEceuI){#vZl1^N%w
z>0o#cvq^z#xkXA_=ZMB?!88ev>tbp6I&A{1mO-Q0cvhdE?%upb=}t4Dfg`o0tz+)*
zmqv`;G%$9szt8hDF=J=au<E1nI^DwkXuJ^Z1hc*^WF0uGr&;gf$OK|`-ij&UV_^3@
zO?j@-o~E!l;Z}Ss85W+Rhst@W2QQ|j{L_REguaHi40`O*1oz!F16WN~r<JTu0j@rR
z_=&jADOQ6@g8s_E-DqqY9pYYID#)fH#-}u|borzn_(Eg&g)^V+ph}EMYd19X(%!%e
zi)?S+A0QI;=*lhcU9n|WHXo`94$@wNiy`Ra<1ot8h$lHemLK-usv7`<q|jJO>*3I!
z0_&-eIYoZ@HgJl%$XEVYM^u_bH}(d1`o>=L+heco#n4)N4@o=bWM0+R==)z`GF;1x
zAM^ghnV^r8bGq8Z-HJ3_6LX>It4WxoE6$6(g(dhhazJoU@=bKe2$9MJ@l#j6Mv|<J
zYmi1<1zrNRN!JVdR&IGRW&!>}S%8|rX7aciL1aLI*+K;tMXZ#ocZNdY$1wnaSx<%s
z3hE=xGGU04^I`;u_lCHNREke^|LI+)LMzdAejf!^UT~uU9X{^1O6~%k)D5476%qyv
zo>XgKI$rO(l-Hl;)%$K=>gfCeSMfD|K)u{9OT$}3fnz!*12yurg?K^+-KrYkF2+Vp
z%FQ;cb0uzqzNJy7++!ZUdEqHs|5xEZoa2<Gc3v)~9IEh;(a+uF0Y)CjE;;WW9bVwV
zgTiG^<nx_y;L*43@`NB}hCg?J#f*9+@GfT6E~NqKPghjBy7IM^^-sSGjSXy;>f9=_
zV~#XjMnU0S;HTy{pvSd(7~bToWyvx5zJ-YfSg`;_e&IfHlDHM?VTS1JT*m`#J$ugZ
zQa<J<z^j$rjwD?a9Gyw@!vreUx*ilPcHPYDJ3zgL!AFZ+EC6=QwLh4t!e5Gy9tu3)
zf{1&?W-FL!hrSA)ovsG0i{pdVd~P-GZ;1|8f2;{sPf>%_T%!0ifBu8g|LD(x(ys-<
z-b67WMnN-d$kv0v)|*igyp6CkT!k7SUvXPkU7+=h_AqXo|BT+Y{|K(%lk+rI;5y(j
zSvSv_V$dygguVMfWc0LTX&r-kcZSy)oA@<znmwoCAw0+A-NAVSY^h1&yt^>dqptz0
zfxerGtJteUr@+j4uO&k|0!>E#;i%QcE)9V1BVe)RVX^f)r6Rv7ehbgA11wk_+bNzI
z<tZAd<6fvNHdPbKxAzi)4q9NclA)MQX(`0g6<c_A9Ak2JrW5@}r*ySdnwjH7GlH2-
zETDylZZJdkt9%2??}0!z2mYXooB!dvXnF>Q?xR@BC`VRY=RX7sVu-98y|{r4CRP0S
z*a2(G7hj;K7+|V`fH$Eq<d8|MR_MWb5jv4@$ip<^yjaAF&dc(2{;;bu*!(Tl&;%g!
z(NUu9IvsVSbcwjb63l!GFv(pi4WDT96^Cr%@QKjdlASQW(C|s4q@sa59(dV+`OeeB
zLZK7f{E~@NxYjO9^trkz+_sX5HcNSFZAmE!RRx|72_PUWS@&5SSaxaDMDN-K*9Igq
zoTr)X%$tj61<`K0W{R8Gu*6-|bpCw~X}HNM9<%5AZTdQ^=(qY$^|faCon>o*@eZ-8
z^y3V1ct-B(&{}cSL>eMKk0ZQ&ScoA5g{%_|w`YjAXLx3p>f9HJ+x^Xbv$pePTX@5*
z@TLo3^II8<%*bSd&O$bzOo5!Z3{L50L4y5EC{&v1knS-#z5A56H7Lgv(UJ2m#t4;E
zTucqkJcDYc!;=lv95(ZT$+!&w{e&(9bKrB_`6BX9PBJJ^bWA4cK-#Ah$R~(=jUe^k
z$-Ted%z1WWd|IqhmvGLz5q~fsq_m9qsNzw<e>9U2W26gteKT}0Zdnqp(8V~xJe=xO
zcTY^Xi=WYP&ybmdLBTGBxCDl7C&iiZQng>s!_U*PYXiIx2DTA9$iWj#6UBf((9N?a
zMXba|ICgY&V@^ih!&ClNnv;%)1#dzDoGyPgz`#N<HN0|=mxpD0<TaX{P0V?BAn0^?
z!jHNpc+9MQtR`89zvl?P{>k_u6B-zz`epkU31=u3Lnp<VyfhYgSx9w|Vjiu#Ix3Bn
z%*GPa=*_4`I8zDdEhgiPZ{vNv#*~2}{-U2D{?V!0N89M$rfpMW2PK=IsM%#vUD=6j
z!P}Jk|B2?yi$`F}!2(`w+)p!hJDu$W4jzH=FS!@*cft50@f>dXcpbRSeS}aoBHB*0
zuF!ic7YqnsstD^9h)2b3@`zc=IpFDZ6j{@fTXKj@!k@Eocmk>|o=(`HKQ3<bxAx82
z#+Nnl`V9i?9jqWf8CDR@jNGjuFbU8FJAF-i2M6r7px1O<9cRh+eF@8b2w!5LhwvZI
z+-xud^Leov_M%OFvp(lv77Vs*I%~pv54$EefQFb!O7SFJ1&xR=(^22NB$%WNcy85k
zggG+f4lVaMpWDoNHY-#`30$776#%@N)F5vM$3HkkrC0u8dV$m1;2spbNomptR*hh~
z^5y-z;Y&B=ixd5AvBsVs!o#z$4$Vo|xk~YPy!RPBLr&nH`~#ADxn1Y*J&b2DE*)aa
zp2}4`2TOebp__ot`G@g^{$LI7uS>B$ZP(#B3Ep3s0*@pGH==JT(V@fba<}cFQ1DmM
zqegB;D{pBozl#Uc?3cSpwuL6{%}v}QtdD_Om=|7^rh*HLw4W$%*oGA*ajcvdg9@zF
z4!rYedlJ0T39sw{uQU)1s6?4~+<(aIKVo2YL3sT!-s3mrH}IBi<*!IZf90_%NTsFL
z%DrCc$VF{Wvedfw1f*8AUjy`eA@th|`ZcnC&xHSIgg^FzKV}HxVJhB6fBzB}%}Tq%
zionNIcofKo;?vIU!aRmSfdW<>cTx}a9h!tiFup}#;b0^j{9W;Ay7SZy4@ab?C83p#
zJO1ZT-UtsR=x<mYK7HrnpPxUXjenxU6pnxX0l)a>w-f&ib~gUma=zl9Z)xM7C!*t@
z`;_=+cZ`2J*)}t1*9JN<KxlG`t+1!Tfaf%f8dg)l^JDpuO%&(^U(N}JM52bWO@cPy
ze_6rD94<}Mn*_3yARc&Cz&Oxh+3m`*vh6+R#dB~{H`+y726Ip1F^RxB+}`4w?9w!o
za){f3S86!#t7QK|<nhvyPNg4E8ZH!k?(pI68?Q0wf+jp*G;K7lbjE?|MW;h@zX#L7
zs)BC`Lt*}#O>qt#cr$^9uMV#Qt58ebRAykH7RMPEsBKCZsKurfs7+}zPTQI&PMfa8
zY0VU;C5nGc^LHXg$PrpEkIi9mTC)<TWm5nz*uhXW12hqg(`LlSX=gsm(88mGv|}_u
z+R<337lX8CdO5T9Qv7xb25HZLDQI+NeLbtl;hRE1T8z-PI>mzlQ%e})h%oe_A+$*f
ze#Jf*f}7a~W3Uc;(?n~(xf0(o$;qv}AA_~u^n(}7o`7F5R{Kpp{<RdgxA$YH_M1Zd
z>nMDw?|zKbKBfd}A5j9eg)C5ePdHFJfkLtOCkLGDLrTELK9~YS*oTBc+6!(3`w(#t
z_dcZ4Mchi8u4@#WH4Dyi6-D!vBLLSw4w5`zZgc>$xXpY^YzR_2kfs+p4nex~F(JtA
z7&scLX!H%5AR=WdW21<_TOWxcGBtLJr%;1ONRz`FJVq+W93>gAaaihIqio!YPf;_P
znI7Z64ym_8>}k>jH@T-O$;W9I(9<r>RkfV+en2jK3nBE=SmU((v9OkxUdgmPBtJP4
z?`znu(nTUJB~wt%kB*k$SFN7A6mb9O@mC-+zfJ0G!|_LArQDOnp|h*1ttvoaNK+3l
z%x{XHMuMj{+9(j9xe`X5)T1lx+>z>eK=lbg^$W*H{jV4;^#`gScJ-$it5R1iR1?6u
z;VfnuBQn*`VF+MavRQyFI~_l~obX?1%Zv``RlH&@<*ru%6)#s~9@<9k9e9hP-w3)3
za}AM}j@`<W@h(jNYr=bA6C0NJ07Emw(C&KqxrZ^dy9YzNZ0(c!_ZTHPuG1;&-#C8Z
zsV9#7Qs*ubq`OU2S-KmZog(}84e#B-Ra^+)Dg1~j=6kaYbR=0!A0<LBV9nV+95+Sq
z=Q1m}eLsrt69XsOJ`sjG+-HyW`+T=Vr$+5ET@!hW0a3Qvk2`}47{?85(AmynZ8>p4
z=NJaQkdOB0Yv9SHn$c73Z5EDt-qw|dUQ4Ehil`)Le_=>%Ul!dyEs=ckVaXg2Wtptv
zVJrATQ>^F>VMv?TjI`g2;gB}3)dZ)nXF5J%juhFTBqXV}JJl);C(~rXHhJzrV4)mz
zv%n#46W7r-d8hc9oK}Y!#bzZ0kVzRy204}lE+`nNk<wf=P<T`{b&Qm40V8#@({jKy
ztFf9zyWhi0-}nyBi|T@b??2O)V}TO%e$jvtug`e#1ckm|Wufo#kx`-VioTlAw^ick
z@(H>vY*^w>iq*_64gRD=a-ca=d&dLfF!%m=^PrHYBWK<a6*u52uudB9dz9(nqRS1s
z0A2;MN=bsghQ)p^!feW5_{AX=q_9^UX2GB9A7occO_9iXx)M469YxM*U~R_E`-NlY
zKfWs*nod`uqR=ZWU_iIPkHf)p;!G=Eg}e9@4C2)*!E?<s0UaS>Z<HIYU3KIRg54OV
z+-5~LU4G{tG|G*)NCm?bb^<-{WOX5Q(qG}27jNoVrLKa0Lq(<QW+ehIh{;Oq-E~7G
z?(QByLu<sC`zP`(*C;V}80TL3*aLc9@M7g5_eZFHTVU2Wh2(y%p#*cLTl)+5liR%F
zV<j3tK#+Q9qVXUE^1*^6T|^S87ts$SsaWfpz~*I1nwi%@NIqI$62#**e_eexq4)ML
z5B}Ff?}K}>(EAmiu+Y1P;4zlu*Zsq>_rTgS;m;A>^iB>(<6pSBt1j?ROf)_=KgUPn
z@zXFKuR2&)SrvE6(^BlZ+wMK=E{_?C`{$ZCd@vk`ciFu=+#@mm?zU=T@2J)}t`hXP
zQk1}Ztt~r~VnGka^!)E%un4znRU)IQiEc*)w%6l!OSf7Z*bb57?_&1=ia>S0uT2;*
z#4=FeIp|DIsWj6mU3iOBbj28{=QU1CGv}=!%Q8+E_Ov!D06N8C(_F~zH+m~^QhBZm
zdEbn%ueI-D^tCY2e#tOcNMLVKI4bOLwKDDAG$|eNG{#8du8IW7bNDdNX<r|ckGMQO
zAF-e1BU)HK0)sQ)i;ngbU4r=t8wTmDrb_D*O?vm-NJ63!(-Y!XPOQxCU=AaY;89IB
z0*_loG7&v5)?^}rW{me+hepTyo#G)u3<^;pe|0tvCFDOw8a~lCD<nQXQ4Pg~hEEzT
z6<wkR{MX7|uh9hjUkl_U2>AaUSLC-71pIFbpr;28x)V3zTbbpzOb&<r=PF@;0lkhB
zKqe*l&r6S+tYW=2x5<XZbt|p@roPs!N@rQ609IQ}iVFVIa9KEhtvu=KvkU(7QH~7W
z;K7RaXNU=u0%%E;0^m(f@7hQTfEadA5D(G)8qUkLY7+tUBmNP1!<wq;0DoY=CLPeC
z*?(TyqOBjU%@3et+yjdRk4XZ8N?FJI4`JedE*?UeN}fulQ(q14eG8rL<hl2Eo68r3
zeIqvu6zi){Ab2FRUpCt%w-OS@d*~GZPKUix9&h=a;`}z~XcFqxbk0kK=_IF_XFC#>
ze0K|A;c%B<itUSCrD4b5f!?5cf`aR!#<Ma}2JeXvYW?|IZT>RSpZhPkFyA$}D`_nD
z1#9z7c#sW9SuFRuovydvgx{vqyin05VZ%~1zTgT<gL!?ewV@Kvd`Ky3!ULOzvmSG^
z&7*wA78GiSUgp{1oq9F-F-xpx$q#PDM>wWJ@t8L4QOeRDc`<2^spO4E@JF=yk6H3p
zy<+npK)3D-dbFGWm?clJ#O6QnF}_E9{-e;TWCrq}!H^ya^B={D^B+-<>Ut#3e?&Ff
z(LF)_W2%z>n27n0QJDX@z!3lFue&GAe?+yJt8HVY1jxKZ?Z!p5Q<ECw+nldM$$toO
z`H!iBn*VUH{D*+~j|(*U4<-GP&PSy`1_pZSS-ga2`H#Dm{D+%7%((oAL!19NtMmsS
zPJa}K)oQvtWp!KWj|D=a^oP@X*mYk6C`=pakK(q|A73gQKmk13Ek6CR1NXH<BlvO&
z6Cl0qngqzdMraZsj*<ikklQH%;>DGf5+J|UD_5QcmI3KYxGt7DuEK{&kaU&=v9m15
z2SGne4!~B5+ObTCfSHi>N+yKIOo-ke3I$(`WI`s#W<t6snGlM~WTNTGQ8FRCyynA5
zCWO#J1SJz<WvP%KVJbwRREUEC(wPIJ+s}u*&`v(&@z!wfm=NiT2@&Ys82q*JD`rBv
zV<yBQ9_BsOU4l>LSLPoMF0`tdkIZ&5AL)*8<|E!@v&=_&dq(}KESCAm)Mh^Jp@X@E
zyOSXE5w6#RtCowykYvTuPuY<Qlr2ph6B8BwL&@mtaupwdcYPH(VCdwg`{h)Juh;#l
zxjLcDxX7X36xtoIbiuMLpp59?27U?4d*H^d@Xx~T@XxC$+KA_rrLlPF4vJn2=%&?U
z%!`~)tJL2_r8)I2gcT9&9kKVmk|djDFX#Q79WyV)+Sa%5p-Kc^knB3Vo^DuXl$<8c
zzFBgoakfUAZ-(A-oT2{FNzlDb%ZzOEZxfI4sq1)gyw0=R0E=U_DL@4kxRty<a(mdH
z!inqH&!u?5xvB>zu4dn-<0a>sUVPRuPW+eh6JB(#$>6h&bBpo#7%W^}_^i!B*2cg@
zsy(_)DLr}=-Y&1-+Z>`fBIXwk4MrYyUsnV_q6{{ZMOA|3P968;ZZeV=0Uh)hVynkw
z+j1Sdv0e2<>bi<bPGl!mc7dV%@OH&eegcotdjcydGE|vFxC`*X5V(tdVCC6y23>fT
z2Ed7233Hom!(Wqm?zgS|U|zF_;MWxVnvZ`SgxL)IR)~M>2j5bmyRI08cVEF?dYZj7
zIam+>rUVb+9fjaN_%}7UGaRFLZw1$?`R3qy6;=vmJ553Q=$TDPz0YIu=%Wt7#T?$c
z`||epgWpE}WR3jY&EyaBKA4F+s23V{3Hh}@czNXG<*{h@x0A=+iR7_1ERWaS7AKGI
z{Qo158!!F#@|g5rvxhcuuJ^xg5C6Oa<S(g1`Ll^di_XO!zCBJWe@WkmJxu!k<nNY?
zzdQNU+QYk;{Mp1NW)7{5yR2tx4&O{HjxQw^$B$yfaZS89z8^1+e~A`HAzmCW`y!z@
zc3vJku!ooZC{7;3_V58!9`97;aol$%kImnUJg(~9zC7koo|oitvm%d76fst;Zvl7J
zVKPw|oRY%&Du-0CPVkK}VK^bvidZ>1tZ$h}ULRn`baG&;HtT-gH&Jhudcc0{7#1il
z`;>NL>p0Kb#QJ!-wQ{!OHs9kUxXYsjcRNYNDXrj61Hs*pSa6f|(SkcnA1Am4%1=fO
z*O~lYNtb*lGWq>DFc?v=r7^I-I>y7mJb$BsZ3eP+p&gZ!wuF0gGq>nk+&`^=XQPDu
zl$^J%IiwJcDt>AtUL)`Gn7sD~dB2!@@(O*Fxc?@RxGxTi`+!>%aqpvNFJZ3>JcuoP
z6O#fr;FfJ2ZrK8cg?nhrW&l>whK=(e5PEpiX0sgC?AqX)dq?0_){lV!==&xb1AAIk
zl>zxDT@j*nr8rtwZi>>CfzU@+)ECl~YcwMk*$a|`LHIW%xF7yC1$V)}slhK$VJxID
z8<@h>#vM~LQ^Yc?F;PdR)kG47mCZ4E;Abvkdt?(us@FNhJ#9Aq%|mhL*%W<R%Wh$J
ztWP%3Cp))_Dp%R{M^-U~>X{wv6|GO}IIo@QQ>N3q5By=!C%a`o_pA|qwObBwOHS((
zD-taLOpl(6)}yL;J(>)9v^=6ms}*hd0`%yFW&zj^deo#@0CqAxI-)KB5e?kQ^yn*{
zMvvCxz?V>rVMLscP#!@}*{ZAx4lsKZ{Et~466i}d=*uPClb1*9i$9URENjIa_eQ2N
zr$;L)V`hmDd?mBlUPWotA-{l^6`p5PF$D5LiUwSxE*jz0f+r2YucQGtlLp{d(tsOL
z1MnMZz<?+XxH|IoO{xO?hZNudDZp-0fbFONlSu(KG6krMi0l@JxVBA^Ju)@Hk<N40
zm3z!l_W>07Pml9&!b)I9C0J=d52vSkzFS={jxsBZ8QEFm;{9tk$n!R79xe>6mS(Qv
zX%gmI-gB@Cp0IK+)`qH3s`01+nB-L8?mQCe#dEuu2&)sNSF<=&flzN$Bo>9b286nf
zeV>IwT?<0p%!w<NpU|tRMRYZ8@!!K<&2bRuz*wzU!-nD;r3XR~rv0SPn?s0cj{}8C
zAVRZPrLFHg9>llCwzw#Txi@mOd$T8z{MLo-{V;(EulHXlo1e3RB?azNJ)7HA&!&_K
z>8vh7tzRKPEy!x~?A!2Hl+}$OtF5zd#jhx<8}sq6qq*g?P*yh<;vYxAH^s9F>A4C#
zwp?5hLP^Ao;9*(`-fz7*@U`OX1h%seDGay<T%JH3`;Zz~)tVs07B1$HSQ5?Qm|c2|
zByQ`T@V+R|V-ByLTRuQRv8W7QN?`o8;t}~?UQv83lYlT5jSlG%6P6Lot+827a!Uqa
z7?$nTF>&Rv$TMyYpw-N8fEg=BYZoP?@ucn^O3TQ1Y(j=p`jXP_c(brcDmN+eZWGH)
z7$X;Z9)k|cALf>uE4BbtVQ76={Jj?Vdi4lpY;Tf(G(<e**<-+$Vn_B3HmL-wmDk#Q
zKhfJPey)PHR$$BFRoKe?3!8X=Pd&zq-8=^kFv8O&9R2f3;PVlaBUcs!w%lW$Q|9>(
zdKP3{Fn1`{>kvcoe{Nvd9@p9R2W+_~g|hX$zRnpY3@`eDHV!ew2*W*#m34w$^D6^X
zd`R^3;M<9H4qw3q-Ywh`1mj~Z1GxR5(>%89eq1iaZ_Rcced5d3!UJi7rzR82P56vG
zK}0fnSoM59I)8jd>7$1}hWK=<QVa-UwfyylX1oH8!C4K>v3`1(-1X(t7`eM5xqB-3
zcS!H$Ha6=~ZPVKK03-F>7*hXAJQ7Rk`WY`{wl;sQV5#9bTOCG!qcgXOB#2ETV}l|-
zQ4@)(2j7YL94P7Zd>-xee4GfUfvB{ZlulXa&>w=o5dtR6vMP`siuH%u)xW(qMaIXp
zp?^aY>EGs#^l!)dv(dk~iS_UI!<DhUr?~i=17TFwPN?G@F*JQTp*mJ{LLKiMbav|a
znW~Qc5~*Wqn4$sCIjQ5@QR>*Y9d#V{Q6hCLj*;IvZOHG{RyOV1J5764oTtT*{@Fz0
zES|G^&RdsIJ=@aHw&pjY_+01rlTOdCBXu<)(D7O5>maM9UQQx?y^f?SNvp4=0e?sO
zdTDKE^i}NnSIu%s^i0>#vtgJrwl~hhdMS?kcc+)j4+nHsKa)s54|Za?OgazCWl~4W
z<!`Io(@!FIczNlD<nA>^L+>YtvS|w)3+$YB))z+UZ?jx}wWd@0*wK8J7j=3*(>pt#
z&McQ_qkr!WRb*UfL;ngB>EHT}^zWCe&qDuZwV{7AhbUuvo3>wM(GXa@6RLQ33_X`5
zQpLrcP{l#lo}DUw*@>l+)aa>mQpMMzRPmyARPo}fcvYN|P<|h4OMV+HZ0_SaMSE40
zABrLU^9e-Rch0Ig+@DA_J2#)J&uKofs@djzI-{D2>d(*O5v=HpRzG_&<?J<BQGfw>
z7vNI_<}lgB6S=D`UvW#a5XSyrEVef}I|p9HdGMA5UNz)>&ty}YM9Sr*TiIm|_+Tb{
zIEVB=rX-|`Y1zEbNkMm0@JIO#4SpiHgCb^3i$7h}9Ad8^H5Qa`nN@Pf#LMgyFWX=f
zv!AAMWYA^R<(c-1eR%nyGI(uly}nvdNcqK^G|oE6E_;{c)P+O(pRkaA`4|CyMYu@=
z4AaWuHdYq6IYp7kX0F0Qj9P~yghrhAe!L6@b}sd}fT74e2D>=fX9}PjEjg8Nd--5Z
zsNKXu?QDsrTMg+_&up-1f><lB9Uls*<ZcS|P8ji4jwn@XqTL6hqTL7GyXcN0qK)Jb
zJMns_Bez}*<bDChhg*Wt7CfW|Ca6fj$lF2r-K&|{_J?8E^e1w^63S`>eXS}Dw%pS&
zBFk57aNM&eS`-U}un6!7Usmn(6{PUK7Zi~gm5Dr`&Y6=q^C&Zy>&U(b%}%Mea=xAS
zP0B6}nuSm;-kj<}XUiJP2Uxk~Hx*Yj%sz;Ru6HS$`CiyL;#KaF@%S4wobg%EV9yVM
zDp*<tP$AIjS=!S~%-jvex8;GkOQsKC?cl9xdHl-`-&|uJ@B6zl&Iy_9q%E{FkI{^i
zx75wM6-x+};^vC<3C4@KrQ`9VWmn922S$$<8}?@nmGL@R6&xxBdy3EXJM_o$E8)+e
zwSKw+xD@L{@luLp0>RvD73=V<FvvTfyV;TJFSqm3-5@UARQZ%jOl&o<&q?F#n|u#~
zc)BJ=MAJPTY*%U(FJ1&fDY_&R6<?A{jW%vYmBZpMzmpwj?jqTinz%RXX1q>?`J|C%
z>9%yV496T|4L%bn7>jrKQQBXq1U^{B2C+sA$d`T443gi#OBYdeyM*lH%VNPIdXcyp
zRLg(Juy8LsT(=2hX!%=UeJOv*CK;FV`Yl+o$5IcX>v!a?!%_|K&Al_wGZcRw+w-4^
z7?ed+*Est%{su+A(O&@P!uRLwrNr8DlU4l2n!Cnk*+2hrdwv6GcP7jJ;UWnCIL#VZ
zz*;#?uVWn@R%9CHB;?lOn!N|tY?o(F#s%Cn6nO=4oOh-2UW~Ka^=E9k`-QTNJl0^)
zym^7hmwm<KRr_{d&Wk(cXRses?$r*?Rv&y2J_ql^idDRh@QaI42syJ(5oo`|H`$mc
zl-2Sm(Sl^pBq*2!{bNa&ffTSNutZ!oc*9r|^zX3jhIbuz(4E4GQD*{+qwx<<^Oi==
zlSU@A!Qq>hT^#HmTMtp1XA&g0*(!}s$DHArQm{dm6P#z8jtun>dqrs0C46YLRRSMm
zRh`XpYJPrjZ6yCH?!sD%`|}mLzDB>T7R1jY4=i{EltS;vN0&OK`!WT|n61Rwt#rH8
zz8Q;9r7_j8HKJM^cV&fhNAAI5fKOeAWobOS!B)?$Fhw0T0aFN~J^WwIApxv1TZgb)
zlt(M#wkiqzz?JyW4qh#(7baYU9B1JlKQ~C3@_5xhR<1vuVt(>bYi_O0(!wxktsh_(
z0$t0yC~U5AW4v3e+>13<pMWv^o<z@eC=}`P(#mF*J#k0|!Lu9P8LVn%71wI>QKNBv
zwJ%2C0=ax<;`q{tJY}qJvHhx5JY|izHnxawv&N2&&0SQvuL<9&4lm><7iXzWTq~s3
zIYa~aIJU*EA>=MU%`?cg2UK_Y6sq3+3=h{c4_2%KTCtAGEq$5A&9>_sZMiK1SW0x7
zA6Do^PIC+Q?AA{B%1F?_GadNKMc^yf#`(&Bj&KBr7`R#=&yh9Y<zdo8@h*+4&}o(<
zoDc&fUn=>t(c3GZ(MJ5GM%lKPwzEM&!ao*E_%#aMUydUC<RRo+KG%6)nQ<|CO8G05
zDNRG(MdlS{AGG4t)aLvST-VY3)`a6A(Snt5ek4{+Y<?&lv95Dd#C1*$X^))5>~C`f
z@ndivsiabp`(oPk1Y%M-r~in^2(ofqdYrE7!o7GIP{lpK{4N#ox<Rc+PX*_#k`XL(
zMhayaLCjJ>%uKA{X0UIRKkKRKN~<93nGbQ^({xVaMsx`_!c>_{AXag<&lEa={8zbV
zqC>E!siDf~=6oade5xNd72tscQ<wUt>aF5H^xeR(De&{YpPCrR(LqW?PXJntNUhj1
zdr4dtZw5KRc-vyub&56Ei+VtVCf`@}7r_3~=E{|wNlru4KhW7{he+ulKigcDm;xBg
z_nhj&dFlK|N7SLCW?3=*zNaQxL!TXJ(#{ioY+}JeppTK!2k*rLeP9DLqDu$#nb=>U
z4<_H(u-m0i-FuPEP&|F`L_U+e;EgzxnZ@dr0#iFz3d|8OrI_Sn2X*QBI8^cYy7XH4
z?{=&;)Yke(7e+IAtgUk`IT0IZJ;eK~u*3<uCk0Qn*=qTe^I^O}J*Z`Nh=(KhS;YTX
z{bvk<G)!#u93Z=3mqx(u1bDj5E{#bexw3J#wZnaBS6D4;xo7am1GZyrlnu5`zn2U}
zU%a81x>*o=&{2Zm#j*9?5i&>YZ4+y(p8ZXH**4x+v>6Y8i8ZqMigegPVGQRU^!^{c
zm>I3Hw%nj+e+r)~V*vpt&8!+{2J^64g50y{=m!fT)|8fdT%dQor!3GgJ)9LyF;GmR
z62PTa{0au)Ii2#DIe)Dss95R1vnW>JllwzR7pvH01-Aw}w@Ncj;&G;GcFsNqH?f<5
zE`xzCb00$bQY-P8oqB3USI4eDMTF@glpUiDEzUjI%_gSe{?)t1b(cZ}N7+d_uyGvs
ztX;CO+IA!ELr*CCvBHEa2VK8kBcJ>$t`)m+xG+X#$n1oz?*?;ij?UrhV%(9V!(C#|
zzj`po@crK#bvl_(!r~T$O213~if~0&^S)khm1gNyvSeGW+&jylL&W+tY?y`(_hqmu
z7di6Nm#CkffKT6zd?vLcpGn`He4b&f`I#c0)B8rr=jPs8`81q^d=7l46Y_b+bK20B
zd?qE9&!q1_K7SS^pZ8sUcJgU|yB+zQzJ}y;^5+TVb6IG8L_Xivsq&dRMkAjyFOQW^
zTUaU&^-(|VhEJ?q-NOGoLEBNRX~Ij7nH*R$0D0=`iPzFY@>Qt@*m~WFefP_{K&|J}
zi%_fig=_F>R>C!?3s<1MmHxa-KK0&3y6Ac#ZNKj_<$eD!h2Qsnrusfz`|sP+lf6&W
zzAsw;1aS+zRIJ0Di*kGVaXf|P^cBJ4wqj&gu}XEPbc%<N$&v-4G249yyND+BarpZ8
z0mbNpiy46xcpDrH^LQD8wbWMXfRU4Vsno;|>CJhcH{iZ?ysn{2@BRtwy}etC!IKQ$
z&Q@A@bW3osLp(v}^S(47)`!6XTh8__@DUK+7IyS6O4LHTr5PdX5Vwi*X5d)xuJ>f#
zV7y94yN6lknCr}W!Aqm`-Qg=w8Zs`sC+EdNUskr2<QC(eQ3%!GD5a6b<ZMi%!@qo!
zAl_0eNVgQiZbvUDx0mw-F&XyLChHJ;8u#pN_^{;EA?yj~6y3UDdSpLdw#gy7HmBg<
zL)K8J(kj|bj<WrNG(1uwXZO4u2ZC-;iJW7y2@MT!9Y@iO%mRM_!5Lgd!N~*~b|8O?
z{QTG5;HAS@#hh*!DtmM*{X(SMEC1~hESU4P`mDR30Q>)CdZEmT0kpahXmK?!f&I&)
znyeK^^#s-P7a}9x_D60Fpn9bj0nz9*8kU^}k|jqwYHx*)qrH2DUU^uo3H-bj^II@5
z*qb+8p?GlD(*6;v22nGG)?PeXiE6R({iH|-&(n`bN$F+RT}syu5yLdPP;m$u5cm_F
zBg4u;6mruyb1NPrv=$qPdjhl;y!6^pY0vMs-uvSla|plX-X#ohDBVG@@Nt?D*mIy&
zq5Dl)5xO(sUdrmdI>fE=AMeIWwQCqs8{QKZ7&BaNU|dM4$&2?399U}xlL;?B5eijQ
zx)!N&FtcA+24?>{j{l2i(I#>y=tfd-A!69axWbw0#aR~U(XJcu`@{8AW$FZBxicKV
z`}Jx<Q{1DVw%JTwtx`{xEYTdQX7>}whz&)VcQEGyopWyuo$fu!pd<{41A%eAV0XcH
z7dwA?GugwVv}2G*9KupoH85@1U1w0VZRA96<$~)24Y;d~%8wuedS@!~{TW-YSaWVk
z9YyqRF^M}9T#>)YDm{{66>rPP{S@!Vk7U>5cT(A?fLyY-73{^xiB<zPg8w`VN_FnX
zVN{}w*WqQn4nGn&o`M(6@5N-!lXzMQ_|qFEMf!^IHEy{fT3x$_2zn4kty6+OSHXw_
zjjam)yE1}3@w*)5*0d?nS>SQ|T0>6DO*01pKaxAzOfeAoX6h&Sl4kovKANi=366T%
zIu^cgs0wg$qaY>2L<rzys>$g+%y};h1DU|jW<jhDbZc!V9+3_nDgnndvU1{{CIja^
zjuucn77;bOgp<)o887uuC}ntsi}Q{n&-bvPKNIA@{`uyCd>!Y!Ur@J4F^nu9Yz;}H
zC;Dy;iDM^v*K$i<g};SLCMnoH;&$TyZq)ATFp|yIHxwirsYC^`ArNSrrQUrvZ@HFx
zk^$O`hb3+vYN`kfNQq|sBjGJ|m&+8^gL4;{6y6oHmmiC*mZDxV3Ugk2$>_%*sPO)o
z`5kYgvFykZd<8N77qN^-Bjid3=7+b<>2Z8F^3ua}(E;WW;XErpA}ZV`Jj<hqWFsC$
z8F&;AQEU7&V!vA8Zj8yZM=y;u<=62GD^2gcqZ2-S;JU(~>Cmp%gvR~(RnkbK%{MD#
z&H9X&ZZnUOvYVaWeXeV4;$F{Qy}NJ4TJFUvYXeL~kM3`A-ZpoCr<9!yjoe=c3#<)m
z^sWIcD4)N@o?j^km!mWP84~{@GRycUT(Ad$Km`k=5~I{D<QHrFN0K}T&R|%+6*H@r
zb=)F6vuDrW2U0pC4byqhgtu%cpUq1pW=x+-Y4wO_mXCf&dj1w(+&E<^EL;ql#(k3a
zG^fn$53cmGRI*#>YB>Ld0WyIBm^j3OdZ{E0EJ;a?Sdtb@fn5{+7BYY<ALhhr@Hg(%
zSHh-Y0PiahX%wNF{Iz_@&w~NmdXTq#HsiQhwe^sv*|3sQ2qniYHLhIrT_2{(E6Yci
zJiGPRmzY$NBcW~59HTX~5eN-)4CE+yi81_=#+c5USC=ci>P`Jw9N8vUm__x8Sj7LM
z4Hhjh0ksO-W6{zGi_8%gaUQyS8O^4_$fhjDCe3=1fM0UAFuz`V>zw#?`#JFID%yX+
zjHMEj^?KNX1Anyqitvh-nZ)|VBf}P8(2#G7X*S;i#<3FQSQBzAgO-22yXTapLMQn3
z^55Fv*Q&0>uQ`lg&Hh74p1o(pCd91D-Nak!BK!&wzrZa#l!SczcKpie5$4z7Kb!-<
zLcp((*oyq>DbkQaRSLhh@mmk@mKxw!(^eUzOyO6(rIqpPa984&&}n`}*Zbt939!GJ
zA%pu_-W{`O3<DTbtGm#0SILeZMAB}c1Z}7Q%fN=>RA9bBQs_saXdzOxFQaIC^sKue
zBLBbdBt4tLB|<^`XPtxi+mM`NdZ7O{(<DVq)dvyb-G}Iw=sf4wA_B5?*@loq-vqyd
zC3?sh`Z()TpaVN+tBE(I@V;3xzc7TmRJVRL?-{!4%n;b1b(8oebO}nEf?fXw&xGnZ
zKi}kCyWq=GjB=#Nx32Dn<$Fx4<NO&`8|@@A5Ub_lU*P{(_#h-bW(;k}0>5{G*(x3x
zB^eue%O<Yk334AQT~~;HSpM9X@}ghG*GlCrn_XQH>+=Nub2~WXuxX)HvLs@8`S(>i
z@Qr)(tH7&;u9xZEDHwk^8O(I}$RXMVJJnO~k|Y7^t>QKqK|M6fVO3)>%65tMG_2aA
z&7(x)u~4@m52b-5)5@;|%V7^f&H<I4{qRljl(3O|2S}i$y8IJ-6pL*YZPvMKL3+fo
zX)r_gk>L9Y?%xB2Y(Npg)2er0SzD5Z?5-^_vQz;BIvYeFwDLD~NxEPj4w@&|4*n{Z
z8?9oa;6G@<c8`F!ByYf04>N?!8UIOTsZWsA5;K?2`}bywl`6UPoA`f4D7J^s-^5Gh
zW?o;fe2IMcT>Bv(=3@%XrM*c==HL}<E0<50+kJxT!IdvF<BIf98mItO7sbP%p8w#^
zqqZj6-a33kG1VGO*V?aYe#kULv8DU_%*o4^(F&WG6?XL}i@Qw-ttTZsfNy>g^>8)U
zm+57*+y(f8&-?{84rr^n<yK{hcj)Wc+FXu;xQ!?(^{mH8<MkLYS}BN|@<ST^uXRe$
zRVC_wDCM!&dGP{XOsfz6Mv>22J==DrMXA0A#2_7QN?CMt>H<X6Gr5OpLPRbE%}YDU
zlyRb&=RWlFp887OQ(43<A3GI<r~F3fZ90t7FNl2{Vv#@Y&i&lDtM=KSr0Q@^mjGL*
z`}Z1<T@wTAVf$4wRj|~!jluN%%F(`_je@VJmd~Y7Y<`10K7bsYGaV$d_@BkdGj4dz
z;*zPsXO#0&-16H@;JoBluGZXdJ9~Yf+i86t5Be^RGM%HYcmH#{x;|j&S?K!a*E_H4
ziQ}PXq3_1(&glEjH4%MZB!B1n-dB#+_iGM*U;6&LH=^~u*Xz;x4%!V8bG<dJ?y<Ul
z6Y6>u)AgwM$^WRn7i@~x_o@3k)c5=LccAamZ6?(90a5aN_WC}*)B1iJ2Hcp!^XH=R
zmo95p<BKe3q4B$Zc{Z#26W>PPd-^-0??);l`u^O$?_A#p?u*v<o4)?O^!*>diq`k5
zewj$$`F0fkMpSses__5w`fghvukW+=bg1v{Jss#fuPA){`c*23>*>5>i!?I4`&b#-
zeH;J{6JQ6E&#Fc>%l=;~`;P+{OmQ2np$%5#i5>RU{p%4j)kKi&de@cKhHAZgs6GF1
z@XnZgxKnyqhfTl6gQyP60@-~SvAl0o-tpn?^&#Nh7s0D|?+)0S^||s|9naaf5_$*7
z>?x<XTQ>cc70tsF+_FtP-sb5}wVtc0yYbfT5!^<BbsNd7TR}Z<+2*=~_cpk4Fk%ZE
za$c;D&gbiZ!)V_s(Y{r>2atXH5p8Sn+!~rK8FNz_qg7B(U>a93vn4MsI18I~?Mr84
zvtrHz+hBr%r=?9}mCuaT{U3lC8pyOO#!m5~F`L<{;U7e7)q!2#nXUR<$842nSG28?
zb}F`NG+2f-adev1Qa$rF*y?9HeA#}RcsREj&r17-Hj{<Y<WFS8k`Y39iOqHOXsO^E
zWN!+w*R>lN<J!xIHYkQD;}v*%i)sz-jI#y>*=|eN7=Rr(+@2k{Az}x5)9JlvK~>5X
zYYUSPt&24Sjq;;ksb-)$YzB^i8K{YvfuDYb#3=_e&=NKS)o2EMQTk3HnA&R6^i?W{
zg4e|4n?UWB6BG8xOI}2?+`v`*3{_YBhLR$9R|RadUKSb;QiS5CEJATee*Go15cqq{
zevHLquE%)HuXu4|{+71lG2BygDBA~I6|?Juo~1&qF`MizeAO82z!X;B%M^7Sp8O9m
zW>TrVTCsmxyj<N23Gs5(QeTgzDy6>AL<Ih3jIRgHV=g9-z|6o|+Q9pdAkO@>ysqI&
z4T4mPHJ(OE8COtFag0=SjbPb@>6;woEE1Rq_jEc;XqQ~N7|{5hsFjxrzL^Xve%L=j
z=Xyr)-`)FBAf|qqs#77~ui=%de#hmk(|vTe!22*qlB1L|cCa!BnRx6;DGV*)J%o%D
ze&K1XtmNu$ZLFpQep!BHaJo|9mQFR&LG<Y+D^*|nsX>thw?V15gd_RYiX<HYr{*aq
zA>nC3%t(nDg7OO2Ye?|CNSe!7#jV;ziBi98#(FyXP4LAAG~H+YC!MWL6MT;(Aw1PA
z22bV2LCm@yQ&38$oc9+xR_+?l5_mV$$fBz+2CxVj&#koUh1x0won})CC%PCUkQ?E7
zw)Nn|dF=amgy-4Pi_hA`iRH>q8tk?$8GP0@Zt=b7Q~Bm~;j`+6tQvJN73CO>)94cp
z45;qzW3#xj3%O^%#QSjY(YBypU=x030Na`J*nhT$*rXM%0rBv_#GeRw%b?;E%`tKI
z&!loZiB-?;O<WeaH!&P9Bp%1xM2J4?T5Sprj=*2-5(Dz(PdCTCM7<j{Cvra<j~Z7w
zEf(%cJwp=j18ks-FQvMc+jU}%{{ZFvj$_{MHg>#1+$ML|D~ak1%BojuWPn~9$it?-
zc}ZHD-HhNuTiG8Bbm9U&7z1xG=(q6*{nmUXuw(WZ{EE<T&HaD}v+ej5q2HSG@vmTZ
z$0PJxb0Pk*0Q%?(zob6Vtao1*Hx4^{OLA~O{F@To1^=3YU%<bq!L1crX5E9{<vM~J
z3a+M#!de`myh!%ADdr4*q^twgyvlJ<^XQT>b(bkP>20={Qr#L7JO^6A-V$QE6t0sq
z?ekPRyQ7r-^0r&Q{=aUomi#S|z53^83GLOR4gYm}b>zM8&R!+8ZLbEkZ?9qszy>}{
zY_8lf=4yVtxpK8>uF4XdD;G0Y=U}hi{2SV<r1NI4Y@*8(XRq$^G{?Opk-f5s1&hwf
zUfp>{*QUKn>YTm$qiU~y^BvhM8i(zBv{&gDcVw@YSGHxZKG=G0_Uc5Oy&5h}3)?I3
z!~3x_TT=Ewr{x<$0o2$lw_TbWYpO1$s$OWXGS#A^^3HdXu%w(?E0g`*y&Lx*hOKC{
zCL`RSv45lt=?BO9z#cZcKS9Ms8?79?)3)$n#Ax+5@(WwqG+NR2>NPrS3Z0PA`mNSz
zS>8dTRZT{V>{WkbqPKTwv~psN)<Nq(2`jOW_I{}EF0x-QG5a+H;h=B8vw30j^@`Sf
zZ6Wg&1rzNo3kCkoELcg51$&N}r*hST{gQnjtFd4|Q+|rKU{8<*D`yt0Hmr<~k_Ag-
zzviO-I!*R#F4?c6WWT7&a*q7<J7~WQarSFn4AAL3GGK%lTo2ak8mcjLpb6-rf<n6Q
z5V!ED+j!9(282Wu1!l*TcD^6$@nF;!@}Hk<j(aUHxpmklyi4336E7kB##-CrqGYEf
zpL<fLk3NBSYb!f}7iHcGTh$YI^Bbeg+iI;@q5G5<kXb2D(o(c9nzz5RKNtc&_Q4pa
zVCHRXw0RpFZQjO4nYXb~=B*se+t_&XM&r1Ky@kwMIhnU|GH>N=n77O}%v*h8^R`nl
zZ<&dVm!+r1yd`Y$*}uc)Ev%#7NnsoJ`G!<lI}{r?;Y=u$C||_tl{pbjW}_f(LUUCr
z_>W>WLq}0pEP(_zZc?U6U}suWd8z-!VCeb^mLu*5?9w!&8Sf&83z0rb((K4CaHu{I
zRw8wAYTa~M|HmYyX!=bXFqUGxoP4h%xKls*pFU_?oKnH%O3hB_!v-%du!$eDihU!c
z{zapuo&)%W&1A!_w>J8j1;A-=E2{I?(vdmt1wYoIjw^DrHw6_*soJ|qrwkUYHm@D=
z4z6OAPE*2n^jk@UA}oTp2rmy04mrfr2-R^^;KAS$Fm^>IE7g(H?*VJ)pCV4no{0AD
z9(>nSghZLn3Nm5MGG2Tk8v_HJ*_J(#Gdr@Ua^`W_v$zY!flNj2;@8S0@QU~{JZd>h
zPoz9=AUj->cOwRIVeE<^U@`LVlmE-Y{9hl(|3lw7|KCVEH~#<OhrxeC>N)U#-4BZY
zzYp_&T^#@A@0|Zt7o8jbfA_=S|LX4N!2i1T_}?Br$_@3(LXBkx+QLVfW6y7hAcw#|
z<1?ejjn}=psQ@WQbqN7d+zcRPvqJ7kJC){@y7mB47Bhg9j^2(4DTth{K}dNB5mKgf
z79pkG7vR};#OpZ=h?J!X@KO4AfRADpBzL-18lQ>yC|`C{@KNw$hKi5U4{vPXadc>D
z8cP1Am0ML~votMO<v(K9*W;&~gMVZBO~gz2$A5GY06PUQC8`70D)3C@F~4mMp%Xe2
zB*!V;mjk|Zo8Tz~$eI8=WvCWB#VO8RV<JI}22bfVGY&jO@t+m^6f6)GFq|!Zihv+c
z^@7;KL>xiNXMq&ep`>5JBz^Q@g%U1;QNbHQX)sljT|B4)sQe@hQ{aHnqyuwjObXz&
z2@Nz^qYb7>&}5_BDp~>crQnnGW;2^<is7$a{3!xl@M6X~=$G?g(E<i?LF#xp!?#Ed
zDudjpcB|ka5S*&G)$_HUZ`{G>e`K$y<T=}RLFy5KB%8?~$>uANWDgP~nKcHI%ter7
zN7xNn&mMyyPTF9?5iR;Dp@PA@kt&Yd-C=x{2N|@=%@n{oD!;Lv9l;oA)$g+9w(w;i
z5wwa*Nd~Q=89Vpv-&B;9+-Q`QB0^a)5l9L}-RH+btQfO9f>?Pc{B+<leKe;S`pBE*
z%^@0%LzFe_v1<9z#12Ml_|a3re+;m>-p5#cwp=))Fkwm*6WpG7`Zvv3q=Kx}wgs}H
zof#9s+8N5+;)HK$=jQiw`Mk{Up3cq>#Uu)3Wp5nFN}}^GZLeSM!1uI%z53bztzYe}
zUm0D_%ldV4f2Y>3C9g%VUuTW{RUD7}H7suN;vbG#ytMHjE&kVcv3^Mh6iPhO=K3{B
zAHm~P)~`DPhud1e9-pS7$(+UdC1yNL%h!^yIZ4Jb_Fbyrf9+ESxh}GP;TsU{l<Z35
z4zenpTDnHWEM2o>mM*I}X$f1pX0)|*JsiDs9o*XarHesX{<9NH7sbgJ=;8swI$pj0
z6zSmdgsa!54<=l_!uFl`(ZnvHX!y}f;m7j5Y{K_YA7{e_)wDklZQ2*d)4yrPljpE>
zoq3>*rAx8@otxjbJ>PbI_jGoComjfsypKCoy_DG-*Iyx26YS06qzZqyirr*eYjFMg
zHR`W4$7B;*Y`G`JaoIgBhqxs*B!82#3!Ro$&T}^*GuUCv?lcoN4SY!FsYsD@XO2~J
zW@1i)TU8g1zk@~5*Wrm!JGbIKU9hhPV0K)#8H|GbU<hwIL+8g(-N6vqVXe)9!K$I{
zn{Ae9*=Y-^@qeZTBZ419;ZLAtIU?J4D-+__gaq+Z<#897#-l6*zWXI+t#Kc%N!g92
z(q83hgt!Mr8Z30K67{xw4_mnxt10Sj$1+IZ*j!IR?`Z~8V1&j}D=k^2q5@p0-+KhX
zX|AV0_h>9sR3KJOSt^btYrVLCav%lqRk8ASA(CBXfit%i+V;$qJxvITi|}mV0L&eX
zUB14NiQRRAxW=YGiC~Gj0m8&x6Xx80r+5J2N-P2HSzfgwi|DrgH+&iN?DQ2G@h<&+
z#LGK@mv%a{3yYVX-QowGcS;ZENIY^gom=&hxZQsUS!vd<1Gz}!R^$Y)4xhK2i<xAs
z);BIY9ZOKY(t`Xv!+DH);%7m&y`o{(H9~03!WQD^FwC!-k)N<KE+~oR=Rup;AiLFV
z`Um6{t$~G#J?*Np(XD>@qMtKn()p=K{=&*CwOJ*%mY@B?{A?glKIG?k;-|o}81}`k
zE~bDzilNk$F_fZ8duSPEsSA7!p8dtzQ_=ZkN?-tk3z7p3tylwoAA$lO6gb-&Fi%r8
z=E)%*QY`l<wAaO8xl`x^;sN(J3ZCj>p=^VKhhEHE{G6|d;PoCi@zQX{Gx)%G#!C<8
zNW(J`771LNT5yH@0W(@Wy&rYZ#;v#_n1%jL6u-nT<lt#!*AdQxPzzRW`Q;TmW?iDu
zzC6n$U{)Rco3>z3uoCUZPI=px3VU8B_SEp=R#n|L;km+A+4Tal$F($34LuEG)bx^f
z2lwJ?V#{zv&4?|FCjnRP(r|^^DLlb)V9sf%WJ)?oWeH=!;*4avnTftF2GktVEP^^N
z#tZofb$kjLbA+Id?`=(3?<$8^@U~i`AX2SZ>kfURN4`?X@I37Tfan5k@lINEtHJj?
zWwRWfKY`rr?dY3gP!QF3DhjkT0^IyH=rIJ)W4O=inGb62r1K*mv3A9F{eD~SVTQb~
z>Dh94!5<xECk1^?7=#47f0SHRKLR*!z**ty5rg%BZhbm)>&;=e9(Drg)q}*9t>M8q
zI0#b!d+f`4<i*{%ROMC)h6$$pN{1zYOHc4khQHcGPCD9Mjqfgg1R5)djSPh}cxNnB
zXSIR{Yb5)<jt7@x5x5*YTApNt&%{*|?3)q6V59xPF$}P?zlj!TF?xT=vGw^zB~~!4
zVu!1T7W2Mr3n6}m(P8m52oGzQMnvFYZ;3_mtXAP+7czKQr<m+H2sUHdFdD=nv_T5B
zqYr2n$KgpKUZ+hw?Af2<Y0*M<YJq4LPs4mBtgcS+C<e^g=_MDQ2H-JJK1%ADKT1lw
ziMMR#Djo*HV^FxT>s1IuH5B)SoOd6t8!dXyJHUW871%veDkvN!W#lX8is&?fdk8N*
zVk&N^hK7Gf&?yvbL<IL92Fq&*N2!m>zgt2FiFh$*w3u-dLB>0Lb5umo%i6>P{ddxL
zg$MeFq)y|3PW?hr(>IbjzymcA-lhB#Egq;T2Jcd-FzwKpQTD^>iK&GAM?g44!4RV9
z<Pn~hi{pKdvK+;oKFm?@;zs%TzozPN@lPKm8m~ti0k5LOZjQ`v>Vx}GVDa^g(&(zj
z@wg%bjFzXR3+ElB?<9|tl45w=HA%x`|1)jym`-|KtlTI00pgi1R%0R^;+Zo3Hr=Vk
zGmYi12G2A<8qd_+KEj%cXBvmFrk0;>1H?&=0dWfF=FN#vs)oGU8d9?|&$M7xW`8SU
zxM=z6wS{x_{ojo`k2LH|8&5Q}s82M%6ZJ%WOQ=o!RG#qh8VMh-zltw)QpYfS@(}R{
z<-b_)6@ZalF{P_b+`n)?N-(o%({v^h+pt;7$Q>gU3=}LoQF1dCh&(J0%B`p#ibp{>
z?|+PV=7mm5+N1%arTznyGe_={aPsZuF6?YkI%V5Nz_*p@O8D$6k<J#WcR41SM~nRj
zI9RzJd_clL)`~Tx$KJJE#jA1nd>3%ur|?GwpKpBrT392v7yZF83gnMN+!C0N$#gvP
zA=&iih>iHv5FS{F4n=Vlh~LNirZeksGmI{<1%8o6g@%B)<h=|&Yp!BVjYZ=t1k)RH
z-^e!~@%Z|4-f9E+bA2mzaEm7p9AB+dYz0@D!SOvDhU0S<!!EAS0nR1D7%OM4Qec-y
zV0=HO^Fa)Z??Q(-Pe%ZN5qpn#d~-La@G2f3!SQ{KaD0y3dKHc@*CBoejtYVyoswtQ
zFrN`eahk#LrPE2Sp~3r>I>Zpe<1@T~=zBMZ@%TdW9uNIO2h;Y-SANt-=hPoiA9nZS
z36GCg@%Z>?Jic#UXLx+?>J&Uar)3cL<bfo1ya=d9$BU{MAYV#+ePgz7zI>~S<|oz$
zUWA`<yx<Q{*{X}+@gbzxRt1lb5!<Uk@5uumN{T%H9O3*aczpYMgz@+ad4|V_aD0Dm
zWoLEFXMx98{KLlMJG6k|@ogE#@c1&rrY`mvQYq}$8Qp)s8Ewh|m2^zN_tD<t8z7+*
znp|XNAdiIkg~zSm+roUnU!ttRKAceb#^H&{Js7n~m-YD}+Ce@>Q9M;7w(7JZ0WY2X
zvp9)ZjENPe*a-TP6d(|=$cf5`ZhN!Q*ow9CvbR#{9%bfe(Kvub-Eky^^4)cGD&ZEX
zKx2c#wyvV*X?#m73~Oew3Io^P8kEVvK@*TN@ft+#MrPu3WGvSowxZtmn_+!GD=Kea
zmZ~wKwZ*iN2>iX7;Y-E(yPpW+N$vXJE@dF8ur}Da6?08-M_qX-qaVXnXG;Mg!MO^o
zk`Y?;Pgblw=RJdO{T*ch(Cp&k8@uj?&+nVVhhi_MU=^?k(Qb2GSA|dVuknCmc6peO
znnvy&xF_592X?04EQrQ|ku&|T)!^~if`J54PGD^|++fFy*8L-bPF037k*!ig$zgOT
ztCTHCvr66MiCLu-j8y0_{2s#6Gg&1*9o0%I@T*607lz0lc5#R&f;Z#0ICwuC0=(3n
z6@m5x%?VzJ{B!z#s;nQ^>)Gu%*yld=GQl@m5e*M^T9*o;YCOJ!2#$jS0gO9p;y37#
zP1vA|l)u5NtE@G*gu*$P!mx=)5<oZ>WZQv!8CF>NGpxCvA&etDNEofeVDSri&Qip2
zgkS9jXlWO*xo2*6sm@&nL$rxa{-(aRtR_Trw4t#uW+R^CNWydcWmva=O6L9|23c#5
z@hqFd_I|*}%!Zf{_HMswi^I@;vA)^s&tWX3AbaKwok49hvz3fG3KX}n`rWa(_n9j0
zJ=4*`L^`U-koSWYRY!09T_PP_-V$>@r;x{eI;rUA46e~V){5~P^4@|}Fd|*6p*%aM
zm6od<Mn?_ZKt7!7CXo5`C=JDHsDYQGHB|f}R!OaKmuxui-HK}DV6>6!DHu=KMR{tN
zvi5m`?V=iG=Wm&5#Z&78lwDK~nKe0SHL2zRvYPNqTFe05cPJ4wdUdgB8NB#7=D6sc
zAiJmZVU?_<7@Pe10@BMV+|kMt+yWf~KNamX{2Wxz$h$y0)3w^Ua4#z7!sdu>4u>yo
zs^(SEs@Z!=#J~G#lFic0F48FKDZc<J0kVP!n5a60fk`0epeGCkQ`MfKKGNh9R&GA1
z5aM8dbW4tIij~_2Ur|d-t+ntEy$RIDX|puBc@*h*<(ZjSdF}|qp&nbSQ64^|IdmLe
z?X}8t@3XPW)9!vNqC9zlWs347T;S5%P#(60dXctJyWw+~@!phHRgaGRCN+xTswQ;{
z#|u$RccV7Qs0Q_@I_Qlh!+&G+LT#mTrr)2!iG+d2t(=dy0cv~9p6h@n1}FTjmm_QK
z>~j2S#IG5Stc|lC1Yz&OXPp8!Z(Q~PoUx1~smBR7@m~LM?nPrC9z27~fmn8=lQpZ#
z3X~eHP--+%3e-zEIBvA1rlr8feKnTj3%&*a8iK!ue~rOc@Woy5#aH4uZpW|5__ZI5
zWA<45nu1^R@vlxBB7EZ4Lj3DU_&OpLV?Nd=n)F=7XpFa3RL&~2HdKN-6(Q5P_d_>R
z=|2n|1ajGjlt3o?U<&kMA5sH76cN!(G~o2LM&F-lgWf&hzY!XGSEkIKuc7rUEv@Tj
zKN3yrDU8-lS#{hBM;x(5BX`bpew*n0TcY!?v~;d(m(Fz^(fO8WIv0oOe4|R|>r^^t
zt8~6prSpXe=)7NQ4YeoF@$}`yC!*!~@n{-98cpM=3XS>1MCQK@mH$LkeuJp|>UpHH
zGn&f7!c;C$seG+U<ttPwU#wEuoPf#;o{pC0v!nOYD0*|^lRCPxq@nq|Xqvm)m20b5
zW!-$pvs>Tzxh;Rwx1s;*ME{=?{g<9c`dg#vKPXK99F_ikRr>c<>EB(YzcB&*LyP~9
z{@*A47d-WC=>Jj-{e7|YXC^6{2amOHcLcFYASUpQpF8q5eJeBcDzV{tVuSBIvSC;>
z8wQ5iaFxo243!NRsch(~vO%AK4NczGFkbEd(f_|s|5+8Sp#=BkI;h8)v`Y6K*W=VV
z&sROp<sayN81*<G{<H3XvmU2w^tY+UdE>uzKfHRJzZrGj>TynZzoYqmFZDRv)!*U&
z{;u`6SU6w$+wjjHi2lC4?0-~$|332D=<m!GKS2H6Gvd7I@6VV2@9FQN6^c#_Q}vhW
z?GbA(LhW%&t|Kv{V+9l)1wk(j_@k8<19s!GP2xJ6xQ87`erPBvEhT>_JHXB&l&j~F
zZDJV^v_b6oS5()BHS|o^&~wB;)DtdDU)z!y-%s>mx+;YoiJZT%i3j-9W4zc6=qZl-
zH)-kfO1$n7RZEZ2tt=|wIF!z0hUD(QQ%<DX^#^RZC)rUoXP7RepC=t+h|z_6_Mob$
zmn2fuQ#zG`fkhoCDjkZ9Q&b<NU(YCg^w7u9UJyS~h54HyD9n4YGO~u`3cd~_cYXOZ
zM(%EO^m~ei-rN4hrY*EhYtS7c^_&<|{|ZlfM^U<d#><^o%&-8lX<Ro%k)EiDX!WsE
z^GWXfe5QAHK2Ed~v6@&P(ZqDr#Iw-9q`!YB`WLjE2mP!0>-VI8zTf<h>YuCd+vwkf
zzx+V-@9mq;i~c?N?hjx87X3w$@tfPwzX7CwdaeH58mQ_>|K=2SM*n!R=P``}#`>!x
z-ciQ(=6TRR7~$zoD`48MI;()}PV#|HD4_m4D4@P01vK20NC6djW#kSEY@GkLP1#nD
z>R4Xqwj-|!rN4~=7TuUo0b}&9qxmFvem;+OdOn>|z_VHZ-u_PX?{vX=(7&2LeqZ|c
z%q#z+`sca+Tj<|}w|*%4_raj^p?^;<`{C=~qPG+o7uwLj!bJY(`VRH)(8kXDpR?N9
z|NTK1xvs9g@6xd<-W@~FC5c?o#huW^q?gXl75%akF&lCtpE@T^d@afqy{H{coE_L0
zr-@S%`frc5<-gS^+u(7XqP;5055<uF`2?<<@0>OB4S8b%&FtKK8h(2&^NDp$+ni5l
zG&2z%N4xsD_jlike%^8LJm}}|-~9gd^WNwGNA>fI{oh(YuYTi)r=Lmt&s{$!{N{g8
zKZn1e=)jmZ^mAw;|8;Xm`g!fuXXC%lP3*rW|5_Q_d-QgMBLb@OjobN7>F6CXgnc@p
zJ6q8SCH?T(vvX%Z>x7b$E9yBXC4D=}o$cF>lKwWky?Bo5|IKO3|5J9+w|AQMs!UId
zA^o$7+(Gf2mGt8)I~CvQXnwzc?Of;glTOdCBc(N+WxVIPUwtR~I_HY>psy2N{ekFf
z_h<e`_4S*~Z=<i<UipFQ>t&heMPD0!@q^UYw(;opzoLs=xM>TI?s0p5gCIHSQf_7h
zxh)EgE=`4_L;S7;aC9yPN4JsmZkOC$RGP2UwFgHhGB~;pUXHLXtlD`PjqX82qr0!O
zXmo;P&!n3g3HnDcx`8<A&V$iK-)9Ts(WPne=&p;$qcaJT8?P>mPe%+5X?ZIHr2AAC
z0i?Sa0qG>r=T&t!%c=Q!!8%PnGQ^*AzogLhHTsS4=fdq5yyBP5dOtq7)G6JUdDf_N
zgX2->ZV$zx&fU9xV=QE<Ee3B6&z7GJ-dx-Ad)3R|kNi5H{Qq2j3)+<574~#)<tBaA
z=0hmPYyPH)@dk|;Ul=XMxk3L@7612z|FZnv6DPlKeAc1-UVE1EJBz@8&LoiE`(9M$
zJ0J<=*NM0iHt|I6YRgyLlB}c%KH}u;9K4F?c@LecY1u~J_e}O*NYZn8=~fdiW|{E8
zj32=Fcp#HoE~JZT*}TtbLeVn?Z`Hus9R=1fx9acPHiiIqK#0FFEeKL!ypB!WZHmFq
znTH2-Y-0A)G!8730qo4QSL~a05l-mZXnBC?fpaA9e@^2Jf*ZkJB{^ZKT6N4HFbid$
z@VUo9Cd<cwlISAXcW#D#H%~!We4N1V28W^%7Vi%s!eT2S;EmV8`f3*^`%Hx4AvulQ
zietRxc==#li~WHvgxMjbE#cnW%rXQDoLtXr@G(K-<%|E?8dAyKL?_e5b^b$Uf55PC
z&zZh34+D@9Rdic<rBw7+Uf*EPue4bXTDjLN9pJNhYLeiadly|=!jd>S#7<bQjgH)U
zF_8NO7!qy?9?Qd<r{E11(P_1Va%drQ8~VdAZ2A+qUlBH2ttt(++|w{3%U3GM<B1l<
z8Jw@!s<LXQuONl@y`YH1D6%%wIdc+c9%bfo9ohGw-6-`|&bRZvN!g`Avk<C9JJtmO
z-Ykvf17O{`skowH_CczD{4+M5Uf4N8eeROK)KSA3p9Kx}{175wwF=<AfC9|YS`OxU
z4kjxFb|_gfS8L&|X?ciG2G)xA{aqR7giI9I>DbOZMl(*{QaA5bhtCBA?W6ejFkZY)
zJsv+=cEyZ$!P2PlV#EHdp)y{gB!YP5IY96c#OoNsUF{+euR<2jpD>n}QX~@y=4Pu{
zX9ZJ(c*MDz9l8E;J1^axiC{H~e8S?ujEsFw8fV``*o^4(g>e}l1vfIa3M+Q)F^Db+
zjKp1cu9ixTHf}|g!{RT$3)}h+b&+gKP28JxGhWAfoDONEnOlBaI+})K4zUIw3V7aW
z4Fl2uBdlTrVbPq~vJphTK`ruCLII$c#ezljCUG<9mj94p;a(D4{U-4AP5E2E*DwFM
zO)@U!^;_)uYps@gkX^q6Rs>H~5`1&-q?73XkGyYzkD|I7pGgAQJY+UJgGLFuN+Ldp
zf@KLvmTX`KW=RyPSYNb3#5ck&1bGD9q%s{=vBlO}+ghvD*4Ao2jYtKv33(!qfFgp*
zOJLR!2`C}FGXHbVo!RW>Mewuz{{6oGewEG4oqNwcuY2yf=bqE<K0ec5XF=X?z?^)f
zzy^?nH)(%dX-fDM)K-A}z)M73OcAJjmRaR;el0wCV}vGq(2*fJcL;t~CC%%I^Qfa8
zbhq2g3`r$@WlWCxAg*ZdV3x?ht)${?!ny{&zTr#I;BEEUQKrwnXy~p!^I7_gpt-7h
z`mEoR=4|hY)MqYLI8S{xrwe`7)R8`Osrg+gw4b+EXw{nd*H(qr80z=k6<U_Ts^3NC
zTLj`{AdTHHW}HQIF>?n{f-=(yPwpl~hf%rNW<J{ii<z7b1v%wEb7g)l7FL3uW31xN
zJPTS5*u_$F+buQs1XFXM6j9BwvLC45C}ph+i&I4FxSN=cON+8ky3%)JS9~A(PO!&X
z>JD>`1ZK2qye>7}Elks0JhKhFmcH{i54C~!DYZj=2MtYl5u*|6PUJtKWRj%roaX-U
zzpd}4N9envbLhK!I@NdY<focK9i{eG{JBH5*JIOnRC`Z#t@e_QuIlYg1G5+OpBQ-F
zf%|OBj>E*b0^V8wTKlca^7niMJAF}|WCPTaWvV6&on#L@YF~EpXe`IQOZ8Yho17uR
zv+>n9A@5e(I)>Ky$#P+ZTv+GfgVM5-08H___#a7->ztc}6}MVdI%nVyFty!Evm0!R
zIES-Jc=9=5>h~?>YNwpIS28mZn4rYm5Q#RH@Ie(xyJpDhbg&V{RQT->$};raNGtdg
z?fDNj8`NiX0`Z7^rFWS2@Kuk~h_7+2S$J=zD&mKQpO@#A9xi&gq}(^VGg}?a^dF&_
zzO>a$|D*Crq?!I;iA{gr%-8$Oa#R1_9%JR}B`CwAE%^BxJj)-7xz#YMgF4mWz<j}@
zUTI-73dsgbzimfMqBq5p*`jDe;~bPaccrDagcVJcAn%BFcab^j0n+;GVJ>dIF|&%L
z&<)dL52nyXl9(r9bI@rQOZjurK%?xrk5l@rNTPs^Zqft<qR65N7y=m#+CQ~=^ul&k
zJX18FT^w<efBmr5e6PbO-|M)TE=QSVjglH3Wjgu%EDkV$1D>l7bHD(`0Qph$zq^(E
z-wOV}F!EpJFzLU(mHzhw{U4M}fk5)-GwRQ8C4Olu@&9BJe*mNX6E^+#Xpc~SU!XtR
zcYCwRkJ^^@za-kPqI&VPIGU-V$G&WlzQ72l);)-+b@fzh(%N6@HXBs1?)fvA0<g`V
zxD_{8op4EA7&n%E;fb~{T*{r+b`gdW{I4+l+=$!X0uqn21hi2!3(#|a$C-%3_*vE-
zKR@Ky9=6n`|Bi&CMJp-|BL@WIV-q>%I18R7<oq%cIpk=%^d$>9Q;cxdTf3F@c34!_
z+k>=%>}~0|UXu)leWZRwGb)+wa~J;<x3`jdqohs-28?%`+R-(1awqE1)l}YALDtKK
z4IaK;T6QW@LDr*!oM5?cu%<wVULfJgrOd^`&O^`T54y_guovH<KWGl~2Q`}hpfO&v
z`R?z@AN1EKe^3a^Ykgndpqsk#2I+&dnh^EK>u5u+s>Va~M#^vU66K|C>d0Z#k-unQ
zgujRwOdlKVX&G7F;TqG<-$MSQ4Q>2KtfI#?ZT+8*n{;?C>_4IrDB+CT*=)+(6p*<e
zcI85{yhlQbL^ir9eM0FBw4&R2k$wbENxWX`%n$b73zn2!b57?`yZzU>?T?H7|I6%;
zwDsSY{jucxv_JYSJ%{~K+^PMs=6B!O{@DG<|3UlX!iw+5{#f#T+8_OvbYXuKcV>UQ
z|9m&>k1K=Sw?A6Szc>41$@gb}G%xDH{wVIu{&?{>{|5Wx?Bf63_Q%=>{+HSxeb@c#
z?2pxJzjyoN_=4`(A4~rI_Q&XF&(HoKbOJJEoWmxVhNv8slrv&>lHk`!#!|$9i!a%_
zU<77ZkEp9&lpy+pF``ndUnDA<mF?Q#$4s1jM18X{{HKz<lS;Rmh432ud*l5l<5+b%
zbZ8xdDa*=95Bi-y(Tv}oH8AJ}ncy)1Kcpf%M&Vzbgjo!gDbq^pmdrMC@1QP#&ZlIA
zdxy5@cV~@ngeAF@yHGHOa5IJNxzp4s1vR;pwGj2zNEl<a37k-p0t4wo(8aVVv)VZ~
z&3lbH<qnj!H}9hmoTdt1C^_B|UBLk`S!vWOQwsFMAhCAnRTT1qrA?wRIjHZ9I3EN9
zO$-!i;xYsCa{Ks7(LZMF^lXmvC8=UFPNkq(PedJKGzvknxwNkM(*iNzb;N58S0r&b
zUS;I`rwC;|GB#v$zymS2SBil#7r`Ie_Q?qxOzdmzYLdAzJ>lW)p*QkbruM*?rg~`f
zWBPNq_HK_pTsS_qASz>ckG0TH42&qFf5wajsI;Hmj9vD4Z9P1ysj!#+9TT26m;4>$
zs%EYfhf2+&dNZiyM0EW*gTBMnJ(j@d{4_dW#`!y&=Ol}mI^5YjH#V!hQdDyqE6wws
zDWdX?sLsp5cFInpAVXAgb8fE;!)NlRSu7eFQ_bfaKoMan<3npK4Q*(>_wfkXDE05a
zw48&N1C;TY@~Bci$Qh0tQ?)I3J0@1U9g{eGQ-CLPJ@#XEXt!e;qJFv<n2MFn4ryQS
z<v9@7<kC9f_Z6568pEzifSXG>cJMG=3iK7Sn*1k0N@QE3D2%Iz|2N7)ZZj%gJ0(b_
zQG~Kw8;&cfJ+XT`C9Q3t38Q})fQ81@TJoDbHx%J`R^(&psdir#A6a=BSublV08zS-
z>`Uldf04+HjYnf+Ao7Q?eVBaTf(vIVsLH^Il^Gcv`k-wv_L?c6HMJM>KQP2Vzn9^~
zx{JxMKcW5X;TR74vcc-`@Z7@&{np}UnNPJ-_r^rz^F_M(_ng5@>i!~)6IPX1M(fLS
zz4wo$hn@XBMOHQ_TP4+%Gt<AQe<J5ila!Mpzg<N1ZNj+0prn+e@_6w%R35}Uk@gYr
z5A;!~G|KAmcvn+3?;8su^jS?dpkl-(_~%vLJ3&%!P;b#hHC9&V=E#|ia^Wf2*}P~F
z;$!E7m`EN*TbOe@Az$(zYyk_{rq_v>3-_p&x`xN4TmMwM3rsrwA5r7q0t;2C;k^*}
zHmgbVWYBWK>hfsCSHNNw6QQK<sw8-68)!iDOCp-LXa!f`5*80;vr%BDMEFhGXnMx7
z!`fw5`YPiJ#Ct42M*thsZIn)bmp6euH42aev^V)a+)9E^X+{u-h^1S7mx`rLUN`W>
zW&b>Ckd5$-CSHMQZNngnILbH3ti?mj>P}=zym>htKv~T!WqDV`iUayWX|9Z3PrLpb
zxfj&yRxG);O@vkE_WnsUxd^2?9T~pQ4GE|%?VuFZc(tGzgY1~@E#120Vyo!`QR<F2
zKVUDt<uy6Y1Vc>@E`3}zXZ7eGqyDHXoh>|tMIcdk2-<~%leiGOz_<ZEyt&H{MdcIW
zsafW?y|mBMVRFhRp<4_qe{AT1eo0(gekPnKr{A~11MU7vSSTh*RBU2R5a%HW9tD+i
zJqC%u<G=z$Kragc_(o5#{u)H{Bd!KeU%3rI9i-mW9GGJ$k2dR<)VNH9xEMlsPT#o3
z1plVy(yhgB(ws4>;xYhTR+{zSN3YjEG{FU<oN5g+n9C+6Q2yYHz<&4kZ)Kqyha+*5
zfQ$6LQF8)Q1L&0mpta6vpf!t2qZ_qO?-Fx*n9g@h-L!7ZZd26kUNL7^t>q2E*){6V
z&<W=W?d9v)TKZ5+Z?27f*a*uRa4c-_8m~{n_3bp;`Rj+GcG?Y6b9-n9Jde^3{w1lL
zH$#M#LA8nMZRw)FIF<8dh=Iwlqpl&uZPLbFfa2ApCxE`7_mto|jR1*|%^FSmXrnPR
znqL40b%NccoS3W*Z<f^YhGc9KopzrMYnWhk$<oJ?IB%x1NmRCg1#+vXd>pRd7r(S9
zi9@A1AAtd)eWm|EC<}^eNd=Z6ptl!=#}mqCC&H^n>y`Iwe4_WDu8mDOLRpg-7(Nfy
z&c<}Ay>Wx63?sd@U8&ceggHutjh+@)F2tE4%CEZ)`8?M?u_lhl#u`L!4|62t1F~Sz
z34zl+4%5|;&j!1dM*kk(HxPG^m>Bw$_6t^t1ACmT4A-Q<U7$}7xr~p^B25@)1?x2Z
zvQvdKH@dklIPusev=C;<0o=X@D4yYSt?vM45M*FlX-U1s5VK=^qe|<1Hy{>-63jDV
z1ckDKL}!B!G;U28zXK5WzA+5HALopklj!|Yzn*Y67O_?V1epmRnD=|k_W5ReqQ?Yk
zM~0}gf*C2HpAj({M0M2`q6L1`cjii=Y!1+8)iLWC(r1oIpNdHOOg#ql84laT>u3U{
zXba*5>cl`?t=NMqP>_9R7Xy!nduzmPJ%Qm%7RquGoz=d$taAMV=(id^1T)WF0sR7j
zNcrZ3_a&7b-WQ@Gao<uEB3Ug?^^_W{&M?ry5BAEsbogS8jSLq<3tr0VQw4g|>>LHZ
zVqwV!6ah3fxtOgRG|m^^2Z6}UGKB5oFfoAjh{2Y$hvmiC&gvxs*)zy+MDK)+f=*=R
z2$gj>1;aNMT>|W*d6d1{z<!MMAi5)2%C=I&_YR@~$(<ElpN{C72-@ogWxM_pq{miW
zh<J~mfc$J}BR?a<@d8SDn|RETON)WDZ^F)VHmvi_zz{ktqTzV<V@ADDc8t-~3o=I)
zos?dbVNED~h|*79FJ|`?N+~qmzkz4!Br=}<eZ;fI=Ou8V-?UJONQ8cm*pF{R<DA6z
za#6hzR0p~MNuGUIh=K6{-U&1tifl-*7CkX9>o9vus_dp~K)~1DclAi!_T}#1>S@I9
zq#CF!P;aoUJXn;h8cC@f@u&|W*$uD?sxd-G9dAS1<q~mOx$PgXbK;2uARb~?4Hg6H
z-?Gt=`1N|yN-1l-v}`>#kU^$T9LTD0sq^BDO@p_CT7(5Nxlt^w^GaCFs06mPSzFu0
z!-z%&761VX9~b?n;)N$}rxav@tc-39-Pt~VMyiSDh(AX+0))xVYGGWpOBtU`u{LdX
z=BT_^Y~I)jep$UqFR~``7%l;3{ykyM3`cs#oJY-SWlLZhlUaExx<yjcraTp9HV7Au
za>MK=29l36T{O)u3TuO+zY%P=^3g)slv$#4i{Q`4f?4XM*`nGvC@KR)Wpps~A$@QM
z7Bra~hdQ>ms4fH%IVJ}8#e(UoyFM^#Vrd9vZZcJ3Vf7G#TKZ_4@B|je70Sv%l%%u_
zPArUDCi1nc4h?iUJI<{ZCFh}g=VHUGd?BmT?NnT<P5g`pT9uptzMQ1Soq3h_4aPnG
zAyc2oY6hb9_|OCn%hr}2_8rzYh(;~??QO`63!9<)(sJK+{Vi?tP_iK-D`L{f>a;j@
zR<iRm!N0P_1P1o7RAJTb7Ty7EBGpu*#i1vQMwJK+OYSur+GW+DxtiAVzUjozsDpNS
zlmi~s;lN7CXrRi@6TUu^0;8|hZoH5k1dInj^bf&k>08jHtDqhYltJ1nU=!=>B;x~`
z75d&@K7m}hUSAo3&sl)a<AQ(V+3*x**`=BqvYcuvm#$mL=@+b&j4BVbDtQH3O;%?d
z<{0d)^(7E~(4h#wsOAIwE`Yz;7q9*NN`QF}7N<yRwXqVT?5SN;xCd=L0Q(}Xv0oBZ
zc(Usik+6rF80@Rs!=7>$Uws?~Ur)B+J#i)y-pdipFK~U5)HDZM*J(eWnE)E}Qv~v$
zzCLnLFB=rT^L?QIrTxgiIupj)G?V6HO%>5RHJTq8Jogej4xPY>tiKk4zlmz{Sj3;`
z)Bt}sXA=JWW6~!xns<W4?U6`K(_ZUqA#rWwd|o=vkoXj1;8`S3F6R-T|LN$Nc#(V8
z(@c8J1p3!V(5mE>(+K}nr(IMS5)a*Gn*4hh;V13eO8-5+zEp73{3A^(&49^lgUL+s
z;AGNUCj(oKF*nk~>slXXMa}T7$QfR&)%CGv_?xI^&qX%7M0+vZY?)+iG!gN&_M2}J
z5mljFON}tHP6x7nEBMP#g_X-JyYS9~j&yxs8~w5#&z(ws1r77nMF)VtYIxreutY5W
z8YH3Qmh@*v$ciDzVY`vTzCgC#Yy#4v^(H`S;7eb<{wi!~VT<n_AgXg`gTmCFAN>KS
z!`xXCT1<LsR{5kr-xJVtjhJ}~eZrtoe+^B*q?s-GTXI(CAZ)OfEYF=4l1>{&yZxa@
zsm4uuUk9DVp*^e|mDSO;2$FITL0#6D+@U_3MDfT4iKxZnC8eiJxdoo(gB4ecR-BaR
ztS2iDeuKhEmH=V3>B`R5y<?<*HeSt-6NSH5lbHxhX{M;&YWJT6wTyARymuh1vB&TS
ztWwed>JD4_%hM~dL}*J^lioMVKU5tfI!}1l%WB*)Ot9^{KvvzyZ1~f=Prt~c<_yRO
z!*XIE4%e*o)|XXnU+Mo9K0la>Zb!76ynRG}HmsvIKI~k(vvO&1BIi9Mt3RN6*zc1m
zhHbxb3uVQC%CTT;)qs&!6W;$6g!QASE)AP**uIFYLKwq$9lF(FDZ2l1T#60}WfKx5
zXU$v(NL<_gyzk-{-c4qkIiJ#>>2yA+4k3Qbr{(hz8|t=E4>}U(9@Mk5%IS$Z1gUzl
z-k;g$u{2otc@Hh*fXz4dk%aNa^zkPE=~-w;#p*0Pgvz1e6rt>{q>^3UnSpV<P&PR+
zBPf)-gzIWxJSdN{I$FZPt`EdjV=+gukT^sNB-grvdt(9pQXX2sVR}whr`lk{H8sIL
zPO!(>#tA8L2@>qvJ-}=Gb&pU6<`r0Y7Giq~Wg^<cwXOCr3_(V+K_kh5xSJ=dG7w&o
zH>E?L?sB`3;@*VL)RxK6DnC^#f^lIA$)Xa(px;{M*zJ|n*Of*E_7Cj+1?|Xae<dtk
z00VDh`>V}4qaMZmSRJ;kZ{7Mt&>K|XGJ<Y_x&L7UbhMvIWfn3On#EnE^9Mo+9>C?i
zP2Or7+QZ7X(ffrZiE;C%FlVubMYPFq$8x>ic(A_gu;nc&_g;q&V2^d!CFC6z%3L;u
z?oMaXP*U~{zSYnV=atFY7D`^_=%mW+NOV^EhPak4ascS#WM%J6uorkje2P$pw~d0M
z3KG3~sF+OHJ<3kK2mr*sd~YpX0v`>B-PUazM}f*4Z`XeSWM3~X3$neTg&$rFEDuw!
zF>9+nLR5ds@eFlpf~df@pr-`81Ci|xegrEggR^uR+SXu}6TSWGQ=^UoBkkj<Q)p{(
zTBcH2E=<>ty5~|bnqY$^t1r=h3Z74OB*K5^CGy*iYJW@Oyosa4M8W?zG8A8`wXsI?
z5?RZ@=>A5H-$<PA5d%|fM1zCcLa>G3;ALl_T`1j7XqjsdZN%Mug^Rz{##$ai*X&I_
zFhloTyDv^w3PB$ad4mt3=qx?ebIy&ZYF++f8@J?oWlLtG@J?+oB=AAuonV6&m<UkU
zjSLFoz!a~v31y8mHWlc45IWHB#>xGtr4D!F>U$&`s48aqn|sd5#n~sq`<^amzHRYv
z;him+^};*#*nNZWPF+LDs0E=NSu2dIWxa>6`qwe+T)^ua{3Euk@~|$1)daf+QNJ5B
z2<YpyoJoPW+a*=5z@z2ec=+qCK#|*R4@@@X!lQCvoE@6XlLN^WAlY`@`scxPC(41o
zyCr``h75g74y1ji(E(-K`n0My6>#Of(2i06sV>kD7Xp~6l5>}DKL9|0<Ok9Kg4^tq
zlsk4J0DLZtzZ3P*&55p&6<()1kX(hm<%5QB!Sb3P=zBA>U-H#EY|#HSdoHRU=$@1O
z<*5Lc=5aRo_M)B_O3@vdQ_>`q{2G4XK59P-j8g9M?`dhXpNBE?6J30r%LvNqs(K_v
z9*||SvT8H^UOo}ndsMiUKNy3}kkRn;w1cJ+D8j$I%6kVR+PT`6a#3AT&nR3jDl2G>
zSndL0apsJilQ<_QE7~6rNbX5o5&2C;_?wg#SR!h%{%WEtv(e?OUA#Gmo1d7IF(;8+
z_I0p*dP4tG#Q7x_Y)uq_q(H_^9$>4HpmC+ifjFRTc{9`TsD*EC4&yh`p05Cs5y6Q-
zm^d47f#y3n#T~fC@Dx@cE`XH=;nIxXPEzmKkUmklqa43*Z?NN%P)-Pw0~73drCYt8
zyvznqVI4M}97x`bOvUVm<c%7Il5A}S7{*V5_2mvbjh}*@*@3#LGEjFv^(w0I2!Si}
zs0Z(>B}>?EzB;uQHm_4_)A6%fV5eF;t@(f(zz+xbsYFaDKoFsXvc#8_qm$rLcOWiH
zHqi~_ET3%RI}Z>pDJi(s1gzZ&iz6uh;7WHOhX?NLnHRW;r{<;`6@G7>tdwkJpBBKU
z$j*_kfl*4>D9c5B4gAwm0_3gry+*u>Q8j__ScJFSwX`{QH48_`MS_b)-D=GEfY0YF
zl9XBr7+Gm-+5wGgiGd>d`PRg|KpLON?{paz1eUt$V~!%!RuL?&<>O%d-qdnJVCsc2
zZ5ttXy93ksyyZW_hA{OQ$yx4uNi+~;Ldl<DZ>$7!GLFXNCo*Ow0YFYg&#qC+c(oPt
z5&Vc!Au|esf{}1?Ci$=)_+}&@kPhg#8SytBY}#_~Xc3GRXto(pmf;HSL9-+W%o4PZ
zy0k}dFfyo#72>HweQZlP=zuW30&$>1>wp6`MQ}h(D+f4Rg7lqxWN_YA>X0jUwUoP;
zPe`mDp9qWKAb4nlCUb$`i;yR3@|=y{sbXL*sL^Dwtdci~#POry_wbf+fzixa6Bu1=
z%|*_v$phmL<qvEj9_AzWr1|hTpPs1UWM_?U|I&r9vi}fu0BDu>DjCwZYZ~lKT!9I^
zdt~GMAGFcOXqvhL`8;zaZ)2aVqECSh;$mFNX83I04p(5ju{<}?+z)heKYAq9_LZ4~
zoleKM;T|r7e1>GJ_`o<=f(}$~^12LkI)0iQ!|93d)9<Cj@T`NY$w7}V&%9k=cZf<)
zS<RN!xi&g{0m+<}2>UN8sp~D41GDT|hxJP>e~_|YbbjXRqt7zqvyAn!asVEAZ<Pa%
zp;E(Fuy)PxIK5Ri-}PYc(J~_Q8d~uHRk>L_y5F@Q7^US4-qhc3gReQS>(592owW<$
z9EQdc8ncyTD3b{px(Us1<ug$^9_9bdOLRG_d?~;Y4}pF35Vv$O@SdiRl?tnv2VJg$
z)o_#VD%^u!h9F|iNs-skQ?3r9bKzr}_Zr+R9xN>{>X}uiUq1H~?L%SHhSx4-Rs;lS
zLHEf-rOKsz^d?W|7ow8kR%Y3ji}p4ZF&Vz1?OBhq$%7|%r$uGBgYIpXjZXr5^a8X&
zMh3mvAseki6%qFGTh)w-hC5heUr!RNgZK$<Rl)8l-HK+?$%OeifE=`_I52gBqZ3{4
zC6bC7w+GmAJs=}6ys8gP0Ig|t)Utz(vACy&eYN(-L|`0Xvx9g{hxP44i>c)a&3O%O
z(W`)yW)dq^=Ol9O<<pZy1*77Q2xUJ^!~^FWL|A^LfX5E@g9!FRRukKQxrf0*;m)#y
zcnt&T%7Ptgs^~oCJAlHCF+#58d5P5%P_(@cyQUt+dZ!P-H$z1=&OvT>+%^>?j;x>O
zBG-I@J$Nt{J@kRm8!gdpy?^Pxt{KL=4#sm|r@?^N!GIcUiG5#?SsWNHN$OaS+7qL7
zQ{0VqiB2IJ(*tw(oaM6<$(ql`a~&h-JUTb44Zi{aEwJT!uaTJxTSetPvXz(LYJ=t4
zd34U_qLG_QkYi4!wnlgxez4+m`pfE-V)g)`<Z~KgoDE&FQvxE|wI21ojixm|KhfWk
zFhBc!q-y2~brPz<;Ih3f@TdP|qVV(Jwj()94c`AT2k;+pIW@um8~Bp{8a@+#x{`IW
zI5B5r^W3S>ZIz8_V9>Gt=7jmKb;K>1)o$oH4?}o@+rG|O+QR#{<9Bsr+8|=U6mUE1
zgePZWhkPS`Ed2B~_yYz{^!*s4-Pwl9jGfWq$(PgzCaLF2VSP0XBWkX)k-nneTgd60
z!Soe7qo<uvwaW&K$iub=Isr};%I>%2v{ZQlGi`W?hCO;yu+NLvVRLOqJoI@HKA6Y`
zslf*#IVQ9Rh9WoDz&JU}XW4+G6Of~mz|6@ejaUKOIt^pH>3kzQ);GeVEV1j?G7zus
z_-iie>sjd6$pvMUM9!evC5a~*_*x|waFN}HBQP!o!@9r5xR~;9&_|JL%haIlf{$Ei
zeetzMxxOBoiOR<;Y)^akxMAqOWBLU)W!~h{CiFW^NNlOad%=27{Jlk6J`T4bK->&k
zJx$AWz8$U7iLO>hL=8D20u$|#9*A!FA6WM-wb;FBCgOsQODtHt)p!z@Gjh{BtOvJA
z49vD$=C3=@cO%<wz&0aVz9y@8^lAosv=@%&?xo>?z0e@`IO~1;utzjwJZb>~Rg0S$
zZX8*kZnWi==P>zoAs9x`?F`PnVP@O?M|Dn1^<;HLIkE$?v#hLWWOmx4HdkP_0bkA8
zVNR!oPH>e~wU$%MH-Zq&Od7y{V7QIWfYrB7FpU7M-y*YfIR+#2ZwZc?m^kl~*7z(`
z{&*JUO~xxJfw?yA*I!{cOOJ7D@eno_mgiXO0QPn|;`;Mj5%CF;=Z9)98Cbu~d7Fx6
z*L1MszCiulZaw!X-^$Jdu%6#%t>@LUavUCcr+EUyuaX+R#=WS=xu}!%TvRsUfv&Pa
z8#m+w12)01s=ubcJF~O(JTL1DQB8A@C6$G%5Gd<PaTytWq5Ssee*k<TNX|v{!6=Xh
zSl!oqLsH>-<W@O*QDrI~Sk=)=UP+v*4ilBl7^3jT6=-A>#p&^Ld*EdPj1zM!`?`$h
z1$-IlQSnn4`w>s2!zuR5j$vV;1NH<~U(@mzr(3EUn^GJ)ixf+jz;Ns*sT0y!a2X7q
z&Z5fph=G3VxD51qqua)RO$;nnpk+i&42)QfF9H;MX{?!m#+z#hg&J1Ei*>^}<}4pH
zJ|-Nz27^{FEgH@FdV!*%(&lza*{<VV6Z}iN{+|9U08v!-$`}z-p)JKwFbbSR#jFKK
z#ZW{?px-ZWkRG($*Jx|<Ff8B@25CG(j}BsYtDv!t&$Yz(Br~#+Gk@8&{$s6Z$FF)?
z&tk&Qc7&gOePfLI>x=NOoi|3tN3!_3(-_+mIZJOZYhJg{=+D6{Bj$`T^YIi~NV9wn
zPsv&%eA?RQX1rjS%s@MJb_Tlg9awTw^dD@-Vd8j1b^b6Gg9H{LBjR2(h%zouh<KN^
z)qF+#5y?L}skn^yL<TbUyuqW7GaNrohyUM(IS8+HP_zabU6Q{BEdM>sznUF8*XapN
zs1@G99BA{m4Bie9N~%2HCT2Bw)V}kH&#FabCtl$<w&IXi_!ky%-t~GqEaXac<|d5N
zcA8PzNuxQgse<>uMy6NOga+PsLu8aTfStplBLOoZ$_}qivV+8lLS8KfZ085*D{noZ
zpfNmnL>I>1D0xx`EnNr%OcDK+IS9aWKLN&6c4FLNZjLEo+vtHAe_J3DF(TxP4v%48
zLRhAdv>;Jo8b|SuMP8GIh<_$xa8msH*WnhUNxR_$n41AHRj~K??b#umkdlKxUt~Ws
z;O8ss=SW!L#d|WvWz7^HcQHoGU4R&3>}C|$A~?+~W-r!oI7)TSL{8tll4*;g4nSgY
zM|f*QOd%t-M;;8yqMIXwF3FGrL0Q8OqkuN;<g42aGubET4!S%@5jY^!q8Wm<TPu07
zC(HB_5%}r7RP>KIHVn@aFKay^zcg|_>1;klIG?DK^Fu6H^C3W-zAGF(-Lh^YM(Jt4
z+}_(f?`-9NHD{z67khhU2l6K_`-<)XQIz%C(?duTq_3$&y(e4>dM~U@yVh~})0vJ-
zrE4>m{HG*=V)bI4oF!VgC+em@O_eFd&yjezyU-^i(uP^AanbQGYrJ@xF#-I1;&hlb
z9%MgLqgX>Iy@EDrcytI99oCakH2n;t=t#O8)Pp@-e)r|{P{fA?z1hRFr&-Hs7(+E(
zhQ0kPd_6mpy*_HbE)rE2(7eR4l<>F0K~eseP9L@g$JK0q>1hU7MFjm$q)L{NPdtQm
z{LZeuJv^ozyZBtxKzkw`D6(ulQY;+$`qyiai{w@=ngkDjMGvR7KD-qkK28s3v_33s
zFDIeO7Q={+51wqs_zu%feVfRIFq$s9!PszvPq4wTE*h-18d!XbNt!Cz+BBL=;`CVa
z&s6PdjxAN`+S7wRAlClpw%(liI$c|2KK#=*i{F`iXLPV+b;h*M-5J5OHj`-&^h)9)
zcy$cwnkd!<Jt~5f))*-wbapGqO=&Ze8`~PZf~Ca|B733FN%QHtk@)oR7;_OuOr&a?
zuCvzU89#_Y{gOk0#FbhP1PU}O;|N+$E3^UxDlj4~JkS>G@^_ceK>Mwy>yVmSN#sE3
z+CA5qv4#Df34(1AXWABbQ7bP~Q7&i`dYGt$5N*97h7Rk}F<jZwSmUu1|CljXu@Dbe
zbD+RbZfe#OSDUnUHJ5@-x}*4FX47mumWYeL-i!6Q1p3rtbm})XqF)T4tI_r}0BQYW
z_6+SZe&i$S8Id%bb&j9D44=03@31R3R^T=W?aDVtnL?|)MFOjiA1;(lzTCVuJQDwt
zA+jqrOnDTD@8VCqq=SD>gO8`f`x)ro!Pc|FC@#`&&c^7*D)TkoCmf%{+E|PeHY)Dp
zO`{?(gEIL>?iaE_Ps|<FrG;VHK>J!PjBEUh9Md>&P#=Q+F|skd4u?>Z0wbwY9WyX^
z=nvO3OXH7WOG7B_WnJHViL)*{I`O(Q9qYO=8U?HN#sU}Ob-;n>gv$_B!L77N%6j9b
zR4|L&{36F4FzPf6lCZm~$2)je8K2Ws72~~DpCUSOJ_AI65B69taVYAv!l@32=-g6#
zoe^{?lhe)SzAM6*vTQXh|7&b1DfcBIgBF~mdzEgbG2%Lrxr?x1b@^-T0IKj5dM88o
zkhw(5scAr!Qd}EyUpos*C^?2N1L!9r47-e5*@e#iczdpt_-hT_P5k9q>wZJl){w&f
zh_si(rjmK3WesH!XLd>Gwr;eKjcA|Qwta-TY>z-0te>S@y#rVe??#UJ#HF|qwa@^n
zMBjPd{Y66bgU<W=p?S~ww8$>E8QQ4d@?lllzWdQ^YeV2_y9aX|F$yL|vk9w$>9wQ*
zl`8GS*V(<WtA5XOibnTp@2rf5;qCCU@Cr62g>&|I?6cC1mVRgl-*eA*2R@v>Hnwy4
zhMVxM_+2;Pix0zhrwQMI4@~&j`ZdjD3DWWeW!y`A>piLPp3{O-qL#3BF+Bb%ox=;3
zeQ-8vjwY1d5u3hrf6Nx0E^848C4b}1{oa+(GZ~rF=mJJ~yMZ9T8U}f4xc#X=GLWwW
zkY}#!4Bn}K>>j*?*F%HO3Gau0wZ?z!kKKXyrEvR+CcKYtAb8Q<#l7B%h~11x(H5!b
z`1>5TmM%JbB-<*KY_hsFMo|Bxz5U#AfBmff@-Q9&J9~d{+s;01|9vF3+5yIg0h`;d
zuTQM|(C5)#Y`DM6y68_lM~4H+htd|p!56meafgZj^Xab@!iIqz^oRGe!b^Nx4Q5VP
zEIdnQ-Oey{cZNy^MyoKIuAANWI*<Nht^S60(q9Mj4R_Q(Jk2nN98PUJ$6e9;wE{eN
z5|x8m;bk0mTjk2|-`6{$|Bk&p`tSYhZziu|<Zd1|hAuU(r&tqYcaIa6?&b0N?hbZk
z2n-r?e*h*D{+P)UD=e2C<Eq_`T+X}^Y-0-r-Uz1K7k82WAe4k(M9YhH+>#!FlvI>l
zybZ9_H%C(E=b(G7+>7^8*W;fa^%0S=iL9K0AtYr&j_J4?H6L3|$Z;(#9?5wz&hs+!
z%~JT@#aHFU-Ye#19`F>N#ki-_Lg`wzl%=;`-T|w+`YUEX+t-}HgN4*S9~j+r?M=I>
zoonyqm?+oY!7D7+p6Booj!uTrYTccMR(YDk^yzK6CZ^p!Q7HY;+EHpx_Wr;KrBO^7
z11wc^Rtlwus6oGz&@*EwZN4qim-&@GgcdCHoUZu;>RVrL+A<`34Y05T5WBT0SrNWW
zHruEzPVb1_$-M<^cLGZzyFXT;y~SG-23|XHIc_UP#Fh@BY1W?EZlI@fI@;?rlX+L-
zZf8u>psp{a_MkoDLG6iyuwiT_<E-BwkWOTtX)EI+r`bcd2>3gk<I^b-1O%Y1DYg2z
z^kmBg_N)B<T<c^$$N7B0Ma*Xio6pRz*nC!ls8Mcp{l>88<(QrAMANFm+f$qN$Wd#;
z+sxNz*Y`G`%*{k%$2lT5_=)V*v`oUzj!U|{JF$(i)&mEuF$QN^F5Cg(Ul+iyDE-lq
zJfbWXM9Cr(#JeKX5zsyoV;ov@0<=p<K$_qV2Qy+>G6W*jy>obO=^|)~NmBjm3rx2K
zqG`nBkVUrsu<B|r2;G;vJ)TywnR0ivk=RPM*_T;T_i-pf>h41^qqJPsdFZV}+tVV2
zA@D+gC#yU(o^Csh$-B5ql6=5OvSWWDr<aFW<Kte8_IxE{4UmLej#xxnW4`>NqIX2T
z1JKW>B~l8^ni~I0vSHBMI0?i6Y^7xEM))(BLY3?W{vj>+E7LF%*-cs+>94<H)=x>7
z{U3ZL+`oRdwg11r8rlDkJL+FH`*)cA|IlJ6bBU2KmegRQq(8@VW+ZSajDjHyhqP>X
zh_|RyOykeLC^jAW#LQMA-frD3qv0-ijt%#AFv?zTJD;*&hv#z<jzr%!{JI19-(xMc
z89@erhwGJ<+>S{|Pg$L=wOO=;Qaqxb7#Mz;q{ibkC}+^IxdX*aOcR#1RV(}^5#-|s
z>iFi;@&*0%LHM*zTf4XQX;Bg`db{@16PZ64Eq%$CFxN7OT)MR!i`H^nKtgyk2;mfK
zIZh=J$`FJ4ASQLw!Y2xW5uY4jLYKN`JPO^=<n9aI0~4*qE`X6ZOzg@|Ct5x<6o3<h
zEWx|$V1(c`UdaTH7DZGN+UG;suXsLzx&B^Ag4J#ele>)ryOg_4%xOA(56E3b*mrn$
z5)&=u{Rox(scu55<(RMUhu3Y+yVRbTfI;nr_kq|&eRke(Mbtq+PrRtlUO2Q5&sx_Z
z??MMz8UZ|5y{Xw97-zT@SI5`&Yok0{e=t3Lr&}-02X-f#jI8@De*aGJ4UdLzQR?>t
z-{H^Oz}HrO!untuTGbtyd(*|jDzIagpyeh-CBWfNBe$F%%d?y`Z}8^+kW@!tL};JI
z?=z9#vlF_{?+Yh%!0*+~QT!f%vBmEX?~mYjE~72Kf9>di-%}VrzG0)4CYN#iuKwp<
zY3$m=pGB-RsoFy}#?rrfFM{L0)GUslY`!jfuQ%7`eAm4H36lmS{y=1TSh&-;6!<bg
zGXorE(vs4;)?^$5qmpr?N9J+xj~UpX<*NwK;F9*~N%Rk*X7vV39QEv{Fsqj+tHy3^
zD1eWstNbSd-6gyQr~W(e-q-KD!mI6yfOp{`25%n*Z-??=`KN2S)|5~v6d1`Qth<cv
zT#lBO;ZViG6TRa&PHOlHZ(f46ddRh!;w6>Ov$o>3@_+t52E--K@hUHrypIOn4HU)P
zEC#hfLg{vlCscE7vYL)pL(3(<VHX}h4eg-&Zv>88jsKB^aTs)T0le+|E{d8c<kpIT
z1v#K#Y~r$$Jf_L42{t2Z)>M?^Kf<^M_<yr#Y!(N93@i0A0~-myC=Vp(_=B;Ma#q@Q
z*cHf&arvu8nQz^~I89sFBLOjLqoj+=XC;d@%<rw>6nu-w3{&lL;3~W1uev}eo1MI@
z<)6^tT|7#AKN<cbj63=6+@pr!TK!G&w+3_?^ta@aBT2~J{QiE7N)>XOw;kkLuuy=q
zQOx{EcAgddkJ5>tO&?Vq2Ma2w5Z+QM6yNp+zol6e)|JE1agtHBR=}5;RrD$16uuhd
z;m?@W6K2z)K`df^IUe?cQ1iH79t=Mc;NMK)9k=6xnegjsyr?8Vqib<oIq;riDQ(!i
zj@hWR(kb9|ul9?-^IQ}3#KSHCYh-9KU)%7(Y~D-Tg4x<1R>g2_E%F>Xo<w~(i}d0B
zS>^t-DN0BR$QLwX@x{Q@zB!`cX^;fDN)kNBL0>*V@utJ*9MsgD!%SlV#u<hNd)Z7f
z*k^G$!m28vqyVPhRN}yESG?~6QGJhoYSRzf@G*Mgd3FU+gxTSr+VNk+aG@qbZv?=F
z8)ZI(X3Vg#GXZ~0w{*HW2ZAvIGFkZ=fMZPVOF#~h`H^};ZXkIqSGzpUVG_X}CPIoy
zgn?lqTx=0x5E23ZutQ&iD8yCt-^h7K!Ju{?cgV<?TItVXIQ@pvF>|h?=foL}2oLOq
zcT?RDt@q0)c<_A=Cgmcc*)`8sHoOhj1cM-?qa9i{JW)W`udn5z4lEE=tBDcVS(H}s
zU%&vdycZ82w0<k0b9)I(6PglhAzvsd2J=7k1Z{;!^!b!+>@o0V%?e!DeiB0)`;^aM
z6&hl0>>nEpyJW@UIwY_);`B?{HgT9X9KOps9GXh|?Ha8nu+h*b;jguUjr8Pg`nR$P
zk>PW(x&BzUary{&st;qYT6uRoykbl%|NNw(+i5XkAZVw~o;C<Smk@p~!lnS`{<p(x
z)-dfQo~=}y-tOHde`3UW2`Jf3PseakF({$uPeteVh;IM8cI_YRu>EP0?s#)u5!t#z
zgt_DCs9a*E(x3VCNduMsC7r+<-Cy&`*8Y+^?61Gs-=??P_1DdKsSkJYoyJQw8@5j4
zr7)Ko#Sn#F+=2C1SgtNL{#D+4tLWd;f|W`{)kcY|Y-S>>aCWlMQHiW<(b>t4wzn@?
z15I3a*3ka~OYp%9x;**)1I4_c18Uxf>{$6J%*Q6GV{@8nc<%+G|4<9&X$+m%mxzHc
zl>AL!i;1f~hrezQ?S|)V^PzO~{X4a--@g{|{qJkreUI@q+AF(IZg$*WiTHxQf7SZ8
zh^HcBwqtZ9E;rHlNm9uoJ}Z><xVi{aVhSY}(!J8F`xjyU$~);;{?t2hoUHn6a<<Rz
zP4Ot#c$6i8+B};*go#Q;buk8!N||TG)r|)IuUK-f7fJ-4B|5iJ4oN9^CQkC7;W2BB
ze+xG`FghJ;?gT^G;=AlCBVHErPRjfq85UT)n=w#SMmx}>7(5iGtv_p{O9vpbSh?r0
z6#OENEZIql`*Ielg1>AY<ty2F!h13N3#gsBQm}I_O4sWzhXsATU3ND5bo_zQt39-f
z57_`nOoVffO@eVe{1I7MjGjuZq9TrK6P*p1jGLd$X|J5Jad>FG74#s>?Q=PRM>3XU
z7gB(zJwBXA89+aRf3#VrZCvP2q%+4{b@e5j*8du?|IuC_^ESS>owkw5HvP@soGE~L
zFgQN)yxE&f`L~xdJ@~ifl-{P5{>GsW<a6nmeCU@GO7UVYP#6Cyu@2eQi$@}CrMrX@
zEEr{8{qX?Oa;3odM%mdsZ&YM{BmvAJ36s`fP6HdBph*f=853=izXles@<zO3|8Yb=
zmqg`PDz>?d0oW8?`5I;Qdejx<_Ilv}Q@zi^ztugS_hoau>6r_R!N0VzCmEha!@~30
z({1qlppWqU5H{z4EaabNNn3BjXMa7(#)x}^A@ac|HbxXMYE%EW$gNaKn8^#Pc7rZ?
z^?|>0YJwS_kr9s3pg^r@_&t~sZQ?QfM#`Kk;1Qi!h=Jshpo<#K%UUwq#0?`yiar-P
za54t@4wIBKz~^+Q2E!_}R|XE?Fk+#A$DVMYiJ0P>#r|1`A`}tsvw5%_*n^mbwOLQM
znv0z@hyBV(x+y=iUA)J5Gu~rfINoEP8SgRA(&49C<2|ml;yo^ljQ8+9$YMPV?d=p6
z>+uSU^%&p4`|iUu+3@KN^r`RK?nYhg{5TwS5nWWQqc92>$os3P5Q<wG*|@&t`g?8f
z+eFa2rkse)MG?C-76&){y!nGszFi~^QvRA&%E#S^q7gv@izKP6>Ymc5KZ+bM9)oaz
z12BDrgtq3F+N%QwaCA>@Pg^FCuNoG?OBPkVm+C{$MR^g6r5~l3qA(Lsy!*e1{=)Z1
z|Bt?R`V;MyjTkGAIbK>iralw(a|B??ERev^w)JD;)pmXVUhzB2!tW1zwZrc{k@)4i
zkKe~WjK*)5xcyDXxLu)_N9OD39)3HJuI?gxW?vK8EB{6KJ)Zo%;rGIA{~G*8tX0ij
ztyODUaXJ-n+IGeAw;0}$iq~-mdFxy(he*#pEK!PGsmQE%^QYiThq67`GHCF2v2eS{
z*He*E{Q~pUxmx?EcjV&o-{=3%;tA29v1oKtQdB(Qc#J2+@+SEGjMi8}?|oQ$)9%Ww
zcE@@#j<9J-A2W_H-i<Ntscs&o&$QB2-KDC#p#!Q~1G)Uwb{MDlS^dwQ5Lzg?#b^`j
zcMFU4L;tJ(^2~Pr>u%7y1A+Q3#7{^$PvY;eM-%_wMgN5VN&0X8_t4+EAAzCPk=yQY
zEbs5g$i6`o*4-$o<88E)yp~iP@<t|J$v%jN@BY_gFvcx2TvrD6#T-~7^9Sg;_>u2g
z(Wn+1j+l?<T?3u6BTa4fD&F*30FAQhwAIZ3Vw$Lq1m$FQvXvzn&C4p+{_?GX*8>pX
z+ru}AS_5FQvQI>QgLBUBrEbnIw)6Ror}<qMJ-@8h`R({c#Qd0Z?V}Sg#X(V1+{~uP
zg7dWX-*h?4iI`rjHU6sI{Os+6vb#Ic3;*_=Cwk=PkrSm*&99m|pC~ohb?lrIjoeRt
z|MR`_uitsT#?z7WrBKf^$2*@dHPDZq*L*{}w%fQ!ex`Wl?KJOVo3?likHDw9)Ei2h
ziUx}6LYoSkXI03ocWz&jqEu?TMw?Lq>>P*(8(pyeqWpOiY$ra)g9P4&e?u>WuxIKe
zKC{AkOjz+Oc5xJo7%A~@@ReER5qDan{$S@<lxRR$*Yj20*F$X3^ms%+7MK7-!;XD3
zug6^>y9*=Rnk;hQ8|9#ODhGoy%#g8-DqRlM4lFup&@56TVjH%=L)4YaUub*Y7xsr<
z*`Etv8Pp1rVj>G5ko-hJPxspe;i(V#a9~7%vP}*YQ%Pq2q#U?>Y3&ez`Jmp%s5JeF
zLD|_X`2R$gu~SO67F{43L9DuyNAHEQM|q_&xQD9pREPmr3|5cM6v~F-(_YIexN^ft
zs34)oG(pS%fh!E4+F<!&u=6J*==@C{tMmZIIRCzQ|EV6r6W8M{i^9IEWPYEq&#YMS
zw}I@w1Jx%A;q8dhUBZ(|@UO9fRHIM^JH-ONq;A2*LfLi7u^@C7T$<285&Qr^kx%3+
zFo|+ukZM*pU>&&?bdU$nl`WwpI=?Nqg<{x`xX{TK?Do-EoKQc$0;a_6F^Ji5Ldvx?
zsw=LfTv(1KW^hj$Ys59K#(O%UUesWA3<A?@S&$IYu*O1&@*sO1i?93f4bT9(UlZ=$
zL$3?s{HNmQJA(VtSPQOk*~uedmdsB95POJ91;w*v)hV@=S#=S2N8#`G{w-_!Zl{CG
zyX{z-V}ukKpCLLcy*X0h<WxB@I!W@^G@`2#Q|n3oB_db{U!uyX886ZuiqA;@U{dX#
zuA1>=E`<)7&#+`yO03JjWGc7h$DY8<RLpj6WBE##q+?=k%+Rn8bOH$X$UJpPYF_4&
zsV={fviL5%sPc&vSTd5772ZSN5kCNU@-Dl??<Rl%n3%b@=y$`gQ<+x=9{7@QU@>zC
zz$*ff6!YqVZtxRmNxOJ`sE0ZRn~FI$$B)G6S-tY}k^l{&NVn-htGF|pU9scST*~+~
zB^W$8XmAkOhHu8q86>UtuJgyIf}t1p58gRHO<3_4lsO8ZkOTK-$bm;v#lVD-%*miW
zV%M*nY33W>t9+Tc(-nIQ40}r&);i-gmr~=(1S@BwuzVa{_&F?;3`X~`^MLmnsc<}W
zm6jp;D;ohzHjgrs(aZN=7OnI@&usN4j<;DpT}Gb;V7bL{Mg6JrU<(+BaoWc$aNusx
zcP72e2#7Bk#cp(|ccr>A@0#jAowE3W(p^hFVFz(6r}a*4NY4Qrf+6$!5h9`wOiXxu
zFdAofc0e~db5A7QD6uzwY7s80E_A@W`C}LCJiP}Fla$GJYXn~SX$3UFITJ6wjaA%A
z4d2K%O!^OA@2xZ-H5<gjI+5QXDVJnzZR4rVD%TIg|F<#!CTPizfN*Z~#b%zsD@s|r
zOnSq}cFsE-P??sp=xVx;c!m;sd(+*SXVGg8+-);2Ho2W=i#Lgd8)>PjY&|w&xojf%
zXR29ZWrOmOh^5IuOcSDNk6auMFWyS~m8kk77ldEd<IBR09(AS-^EYNzNQLv#uzHbm
z)1oVvon6{^D&}4Mk05WvQul>N#n?F-EIC+EWlk*yLNw#IuFUl=VD`K$V<nq!fmHaR
z85_ExK9OUy&&Jt5f11ty8h7RaHv91BSQxNeE<7GS(!x<zz~@xmsM!)Hw!im}`SmxW
zIL>!z>tWL1_6Ja*LBLRvXH3FVjV)#&9PGW<8k$3BSBrJut2O^_D{c$xW%XW$pkrd;
z{O%&?rkV~A)DAzd)kWcF(W&#p&x3Uqe!{qEQ{N`~JZcloic*ml+h~P5D*B7lIq$=6
zwJ^=af8fgeN?7qBWyo7#mje%EfYwbHp86UQt5nFDUyA-yg9Se(PQuKS^RQ*+S*h>@
z*%=kuLSGD(L6M!BP*QANKP<y$>cUju^2QKuBK<+TGqiY-$@r1^lo!I<P%?$qcC*iS
zahcS{6~%C@*yIg7JNd@@g4Fxv3<$&*3=%0#Z-|ATnFqpVKUgj2#QYde?;H6Fp9a0m
zJmPnRSmM+Z+T^)7nT6@Jm2JVTZ0y3RZe`(ASLP96#p@gv4_G+WYytKMD!^fQ67&mF
zQVY{-a?=1>K&8LPJ78)^D%?goQYcx5TW#5qoH=Q#|0K-nck~H5miZt%)R<($#9V+8
zTwDK6oSn<o))%QQrHK$q76bFj&X7>z#UB9mvvXny*&!E<4L=Clz|DqP&NWhx)#OfP
zB9lvc)y#tf!@|%ZS<&?Dnq1O~pzPL*fm~RSa&1()1OO{+kd)7*%<YoDS|kOJgHPfH
z5Ed~NMnz`5i~rEA6sEbAeZf<M+=KUtg<HwP(I+&=Xgz->jue&o=`|BfeDz|tfB|1|
zctznRTvjIG#nQOUDN}(3Qx?ro8d&c5DQTJY{tCM?B`pGTpy$NEqzw4U5a_d6$YY1n
z9Zwu)m|@P)Jlw_yfk`8+E-_zF<~CSLMKitMZtX`#f6iL%D_06-0Qq>ZFN>1Z`O`|9
zimwe}N*}jS2CPz!b}(3*LE8G|m6R8`MZOVCU1};k`5VMNY)D*6FfTLc=IdNaoeNeX
z*Wfx2)x?$+!L3e6Q}WYXnYC^u#@M9HpH_+a8)K+<%X|!yJq-ga_&vUirI-EqATu7x
zHpQ2Z!@D?tbNu|v(I^c@8IHY0e>E76jSRG>?ji1}T=_#5?ofs~SJ^D5Oe@`5e0As)
z?jXuWD$P-I%qcO7=8OCmoFg_Ap4`eL!-nZ<Gn?If(52M6g3U0;T2EoQ#5c=ItolHj
zGAS){BUZ4SCWiMf!%&mwPK$-N52Rtr6`>TBh7!WXI)saLETa;xny_M)Jr;xDL?Z<t
z5|sPNXnrgfUq_>bUQeRe<GMgi1)ydNo6%F(Sb~LvwyIma6V~KX3|H__tZSKptM?qA
z#A-4`=8uZSaC1!am_5C5e!QB~Tw1;)iDGUKYQ2Jqz&6dvOL1jaZ_<{>Q5bzd)Ii{U
z{XEJUDfm@9MiP$2R8xoMzoGXtqZ(ypx;CylE}hdqfo3#J5e!o!XBV{@rbT<DJdv)*
zs-oszj`k)EAuc<~tb|3VHkY;F41~v5kd06E7_9v5op(IB9N};55dOUg{|PC01mJIB
z@V5Z`*M;FPLik4l{B56Du=u@zdFX>+n5|)It?b!tU})0n-;bEw=r)t{CAM1V;bCUu
zFvB?gi|Bg3lCl}=6#!M;fve6^`dY96kgN}zr8dYOj_-(`6a;usyYYR*hnBpQj{ONA
zc%J~_L3+xHE(UeL$63UOq<q#fJ)v3G!+g9B?-<16l$WR3tPw17uAttIhbj6zQIsYi
zE8n!OU(@A455qvpjt-_n>?tariNVA1;<D2?9Z}KezZpT^@O0WfiGa;NgKooh1%kdd
zJlCA%SGAd}?_!K^QHMJ)fp}C}ve5Own(bg|0R5fME484*0)2=1E0&TH12q>f^39;b
zK&Rx#;Okzrg$J!dI;Es;!ESgHi*KSm0Pv;?-o)XX=xsl|d2Kajs99RvgIn;z>Ynto
zC%534)$#N*o?Gy<)i(NR;{*kZsjg0-KNC3S704>j+S)eXmeNQws1NRoM~6jMQ^5Dp
zllUw=3G-dVG=ew{QK=PSBG%j1sr(V%_F!)>6W1Xi6im!li~KQ~Wl0^I0<`PN+Fi-o
zac9EqdYbK~uy*mRU6$F7Yq8qJo9%|Ob~e^-q}7hI+S$x@vD9ut0<5>GO<OP#V{p${
zm;<5H#0udO<Ts2Rpnnu{BJtNTp@9V^#K9N?+LAhQ2rPY8R?I6WgL{F+vVcDCTI*yy
zb9+^iFX(7+Z!f-{LGZ5W3tI3w`GMe7KY9gYziaw|7Qk0xod0C}{M6vyH1-zOt5dXI
z^*|pG8y@4=wwQ;;%1*4^0(*#zwG?ef`O;{8-=>vrz#IF%D?x`URobon@s7lZQ3J2!
z<Uo(mUx#p6R0~}BBrmH@t9yWBDG{voZwgrmJ>|eW9*m4ZE}`s3ny<fnX+mvyy0hfK
z@Ls613t`_n5q9`TF^#nBJh`|ZrQU3!0ob+ap6E2DB_(UC_UCnpl>c)A-Kjzo?1|Uu
ziCH<Z?s$LL619L4${fr>*^(F>zgG`318Uz5n*omzV=RfqxBd9q9uXLYw|CIn$%NI5
z5v$mMYaBy3O-AzwmIAuLl$X_{ubkN$U->aQ++MVq^<>SzuS<^pyF!Tm`{q8;fA8xb
z{r8I(M*lsoP5(Dv!u|&Go)pUZ%V>peMf}vrN_A+)hb=}P8KE`7L*$G-^}c0<_Lc*2
zH%dmi+0+S5O_LJZS}xjC?^`BigK1L2%YOVR#)t1)Cgodz&p5w<cGICW_BPCiy&29L
z&2bvG0Z7P|=HEg1yHohxgDG`xci<m5nC$I;Is9*?W4g^&`2UcO_0&6qe@nOVKXA*x
z2mfzwj>i8VHg|#l4=?RD{{MXGzX$)WOQZ3hb!iv)cU<0W_)j|iJ@7y6h=zZeqYL=G
zL%I#WH00j{|K2O2;ctMyF(1Wf2OduO`PTdt3f=O5ItHJ#Id7u%P@v^i>BUyRB3?O#
z<_qj1#qhz5QIyEGk<bj=#9*6VBHP-D;qww>!6)!C7GHu5(;!BjmKY1(gO^~$oDzfk
z(yZ59<C-}0^>5*I5BB;pX|-j=Nc<L=53cE9tqWdS7m9kahF7wNXvUZgdva0RNSqlq
z%rYB-9b-0(w;Eo`8roRHkyb;_YG|_>vZJPg1YnGdnzmv(^x!_QWE$2mOUA+v5T%ar
zWZkFR#ypvL-kBXccd<}r1B~~j))l%Ooo{_M-+C%01`4e6y6ZYTo+_Hcj?2R52c>o1
zBBj>9C*I#2=Y1IS1UF&jo@Y361p1ch_ebPNon_`oJ#^48nksmqq!9i8Ih~$%E%-T}
zbiw2=k2vTe>V<sh<gHUC6`%mMtMJ|~rK<H}rFCAboQ9oOZ0Rm<vHuXTp3!6eJTcJY
zFRu;Z#KO_5MZU&3gvaeHHQmQr-dX0Ry-8GAW)$=yR%)Mv2<Uf-_@}lnlZDD$W1ZTn
zF<_3ziLC85r9yk*T4+6twRT+15VX~D(IL?IfzA2=ovROLaHg+`wFrzD{tI?T2whQY
z`U8(@4{zFlmxrGG1?ADue)E-XCj8rb(8@~nG5qT2JZdBi1IpnV^kC(c9A0oKFbZvk
zT>h%1u7oOcD<Leu3NH+j=L+4(dCD1A=K4J60pUryB!<@toXvA`L$7d{;<G6jmm{pg
zuzMv$=UH0K4V$eJkA1LspgPwU-oHFx6AL%FmEk{wF6RE&te$AsK0IyudeiWtAv;Y<
zQtJKtVxfEdK5x6aFxh2Rm2o!*?&qDSypM}YJq`eEd@n0siwVa>rH_9vC_k@iLl}RL
zQ4iz_&un%pA$R6p|4I9j`~Ah}XMU4sCAgKd+JSxM@V~_r{`|LjnFl0160eoj#pe7)
zB?u_M0u4{KU_QB6cpw#i1e+5%FggWYUwA4Z<7`~-krx-MmYD%&7vh~mEGZRFKg7a1
zu#WMLGW^^k2IBfs=51%a5O@#I^)RH_MG8HHp7ORhj&o=;Mj(nYs=&f9vrjGjUPbu5
z%{(@rXP!DtaH|h?f?2_RhT-(*5jcG_3a1Y;oKmLatUAeABMR<X3<Y=y%xJc&axJSu
z1%kX3WA4u0I!k6Y+f%vtDs0las}ht|^q%=CFNLj@)r4zwEj!z4i-U#>J#yCc#6{Kx
z>4*Wx4{yhSk%(zD5pz(x^JD~KhIN7%gCXXZT_dKEAqKbtz1nsREl~S9#Mp`Wjx;`?
zD;T;lI)3YaL_U8t|K$0~=kVtLQTfc<{U0Wu!{?nm5Bc2Q^nXh}`}^84V8`;g_W1ur
z`8@IHIpkAThSx{S=c;cb<WufkKKX9Rr>uB4oR@sQyzBdwPyYLmPreKJTs6BZ`IMEb
z>LcazhHp$Zl)t-t%F2Tq{!`?0-XopJCqqoDd|rGk0x{oFK25~@2g&EXbIw~nzis><
zmCqhK{=?)m?$Ps+&tD$-za^gsyDOiIzy6Pu&q<xh=S5NSxuz5OoRHDY{iio9pHmN;
z0+Manw{GQVL&)Vn$h%H_?#kNK4Rcp0d4w)chq3tcj!fPa9g6I|Ok~%#itNoFnh^cD
zJ0h!hEVAE5o4k7QdCTk0HummMI+oWDujtNxbe1Wv2X)4lw~)OHSU^l408D@8%G%hq
z`1&L8`(j7t@AKy;zR#RPe0|*)--7On?<<#|V|zNw6yJ4UM&M~!_wZy&^Ala;sgdF7
zT+)1Plr*=!|J`kQmOGQ@v?zK0XD9M}Xl6IpTVGh7OG2jfjJDQWSve{)ftF5uE_Ei*
ze6&D694*jKceDnp-4y6$Th2$IzdWZvBdGe4^A_k`Z5H581bXg0Z5QAU*5CU~dG4<<
zKE0LJUm3b!j4GY@OgbNd{zFIW@o&ygpjVwkpuOD}==^T`n`WG2J-*Kr=)(si5H+lu
zh%zPmr(Gkeks<0_5`E1%)@R_<Zi#e$gh<~5?0e9aS)J!RE<Bk^7Zdi(nHpLbDbAkK
za+mN-O<*Fg$Qbjvn_=#%hr*c47X611b1J-7>P`Q(GKKWw^3ekHIro9Ee7|(S6sGG)
zzTKTzeRSFnC_IV6Je!1hGY(@yV^knAf1_*_6FwG|Y*dfS7bV#c{AX}la^@bA=%Y-c
z7o$W6Nup~&NVUIzU;^<slIWJa%;QqwW|C+NB_z?uI~C{Ct>TQ3hE{Z7QpY*YCDI4O
zBE6P+na{UFd=*1HyDeL#z5M`QEz_cqZd2-KuC(xdm4Nbnx3&NMg0Zcqb4-Ig1CJ_E
z_^o32eJu*V4<?aRzkGgD{q#Ac`qA!7wcMptcfzM7_jkglkqp{sBJ7~nV}As~I<vda
zvSqqGL%!CYAsZROBBeXl6D`?S0(-ZUXRQBJ+9Z?=C9d6Mo)j9g`iM;eZuM8$UCxh$
zKp%V^zzVCBB=vCkyf07r$`w2lBdIqkE&hYCIZZWjdFptZTd5G-+w;`P$rNql7Tk5?
z0?C)UoOQwqjE%>3tc|Fg6#aXf-TXd$<{N|o;t36s(u?l$=mXo{cgLk#>F-vmK`oxa
z`|^R&Pm|14Yg-!nb1qy~7fr|e>sfUS$5Y&yy8l3|n5m&acxYx-I5U`s+o=mrjl@&O
z;aN=x0Fsz)1-Kol+MqOMho!>wa8@+MP!5IOg)qCV@)-c(KOH;Yo>k}6O-2npg*rvq
z?Ft%*7njoP^6w$cxYT(z<(P|5k|*R%Mj~$kyo>_8EP4R(ORbcndDPP>)aH5oNkU97
zsqiSMbcyD!C%KgbQE9+hD|eYlpqnAqwUDYU7z1@8tK9AUMiSgL?YKE&u9C7|8*$NQ
zLss@6xB#OGa_D}#LqB56ydfC(wf<-9s4?T+UL0M(So5bitbX^84ThOKez!J;-e4WF
z`?z#&9py*>aJFyZIk&RNk&F$KvEfS}u*1j<ZDPIkD+hjA_nT3<Tlbsi+ro)S4p;M3
znYHwvJY8;vzJIn&Fpo92)bMmVx@<ju&4R!5)<n5)*05CIx7|a<<T|(?^S#MKY!~vt
z|Lf$TnXy8HDG%kFqU2$4b)-DRe+PLezWwC6<)PVsI=(Y`i0xP&_<w;sG(^e6+Z)eM
z9-jHp$<F1Wd@jkuTTgT-56!Q4C=a)t9n>lh)f?N&!>T$<3P#mfzlPPEQyxC6Wb)u!
z9hQg3wpj8|zP?L&_``Z857JNm<?`_V$NKQbhA4SRsr>J*55;$NLmvLWTpwPpKTmnM
zvkQ56V>ZddOC=r3gZ5g7@*tgxkcYDRw(?L?ZArnE>#bku>(40<8_StI-1Bx=9`4_0
z$-^7LF6H6rAd?5@-Tz0{hZkz2<bf~$Z?6w`{->@F&(xf!JlxTRJiPD_$-}B;9m>Ow
zS38sk=ZOe;_)|?=dGJ<RQgC6=`ehHEQy$i?W%BUDe}v`XNA;FGys)lId04iN$wTHH
z9m+$2td6BbGk+x?-8L7MS9b-!h;=PHgB{M9Z(fUPcb{mMCK*+7_N+FSdA`;z`5E4i
z+SA$nD35YL3LcJ^mYreu#lDKVA2kav@nq0_w*y_@8G1(v-x+eZzcW<q0Yoi3jZ+XF
zN8SuycXM-8LaT%OZf4n=yA<m_RIf1jJ;T@CBxN^VcQfxp$;#>ZZ|Wnuxb9}&N{Rr-
zkM-fP8|YP?rin(Sm_02D3d}#fV|gN_S2u6GnIKrx6QVCdS=Zh~WtvtUm&)mTI``+M
zS|mR}+}1*g$^vP}k!=}-bLNDv!gc5V*fq;Lxj#namXyz=*85{J-5=}VIvh6Za+KO9
zx+3>bwr$6ho*>TTJ)(eHEd`jd?RDw4gI7l3Cqq&;yM?mr<iJn(yppB`m%D_rWQXY<
zt6u6#s1CcwCZJm?;D|wx)oVSNvEwi3F~eNWvND4e;7WG~9LL#3LsO!pnwseQqmr5j
zI(`<gLX{XTP)9@%sEt1j3zUZoqd1RaJb4nY9PVdV4$rVFho8>>o8C9f60<atsGZOX
zzv>vrM-ay|ewt{)V%|AqV}vgq4x<bGo7e?+6%e(Na;z>pN%JZ;=S6ut+N@t44=b`^
z50^3q5?iMyMozCi3%#!QZqGvJ80Cr5L;}R(ATfG&loOwpU*C^KH33sf$tsdCa}T-T
za8jak$Krv|mzypkW<*>>{MlOaI?9-hYp3=+@+$vn=okRl7S7N=TMVNe@ByK0qU9E=
zW^S?Suv_fc<o23qxy7onNu*nB!P)RlXW<E~I8UxI)(l-^E#w+|3@<!O%7-SWmfiwi
zNrlytdbdr^+%Nho?V_`C@z}hqFIGzaVms&k0W&Lx;nMS$cbHjmnJe>iM28E$%B+NM
zT+Yvnx3CiqSW@*^iC<4Cc_Xn?34Q9J&iv7-AaAhjP&SKeapfU7+E1+8*FiPlP?qd2
z{|Dhk$!nIDvGTKYEk6N&SMqc8Jmsg0fgJv><OkWw<Ri7OLnzI`WI^hLX#vr2Df!b%
z%Y`RDMm1qfxPv^B+wmS8zXjKds&8Dvk_pph3N1ZekcV(HUBdPW(_CtPfvaXh0YaHo
zPFTZ)9&TlyzdqL4Ae3TyHkL|UD8VRuz+hY$gJMl(H`l|-kB8CMW<eC4pWu3ah~57-
z*Yh*5o)2ulAZC^8x!APJMQ{JIt`@y3WV)f)fiAa*6#8qcaD~^xx|JQ+JLcjC90p5Y
zkJhCx!rbZZ{po9#{ae<*rCqIm8ETvZ7QZ-i@r$GT6k1<@BG<8@&^mH8<<A??R1xRx
z=?0~z$Gem*Xb4M%wd_uATxp%~WI1BgUt>f28+I<x91Q=>v?FQeeV1iz#R4lr$*-|l
za38!}H#~)Et}GTCzNR1|<;1c>K%HVa;7ZNfst=CDZ^M@|Un}!lKt;t!{_=Fu`LXwP
zkFZYETunjVH%Mv-!CwW<E=*<GfZs;Z$D@jk9yOu0$?F~!_B_4yKjZx%RRV#_68Xl;
z4(wm$I9l6<6O!e?EM8XcwY&MlO9qcQWf)_N^Tq|@9>TTWsR{WSh<NZ&EEZ_$t!J;L
z++o%e?@&OEAg;rUMtC1c9NZ!+hqTfnp3?`e#at+@AAf{c)GmA;D>YOb8<hu=Wi{J{
zDH>Byhz;SHa+lH*la=Z7rNRk@WNa1#eXDFlG?K^H*T6Oh1}zY4$}w&23@lYFWhXm)
z<0l8MI*cu6h_P{(6P?xRc1c)UCHfo7L2r)+TV|?bmgw9vceDg+-E7cAK}i`PE2D!t
z?KQGW0kFV$9+RgO=Gvq{Ts2h_iRL2U=vdr_T`a-QbarrGEPi_9a~lj7R_&Q3Ijeke
zdTLhrq(I*zQeboq-cg2aT~?Fkghn2)ie^jxvpK7CII3$^<ysD3=})xYe^=)xpV-b<
zW73j*V49Bd+fAh;CL%6Xz6V7$TWR+1;VIW;udF%|5gC*N^9?;7|EuO3lE2ypOPDOU
zzbUO-a<xm@jLT9o<*PH+dz^>7DU;OE2Ql6J5lY8t(+^qQ;?idmjm=u`5*sJh#FBn#
zO~BXo{(dOQ)=_=R0+#4gR_EKX!`p;Z+p8cT{)IM9D5)luwVQU2+U>YDD>bCK4>8JX
zC+70eIlyd^0_q^C#$}+PP?Jm5x<aMwH+DmxFEc-1-R^TBvHl}<k}Z2ua`8i=QJZb^
zjWB>4Y80DXSZH$v+zwvJwP7U+ANDY>T@RBK_aU3!Uo31ef|y%Jb#DRvVU8Y&pZCcY
zzx>xWE>uM4v*tYKV%`8O1ZTkb`s1uw%d^m|H&(NtKaaql`V(#J$#_6q8ceSg9TNUi
zyiocAKCeOP<1%lxRl<gv-!2wX$IeYc;4yq%__<hkOj7Ek%umGN!C1+Evge%fl5$Ks
zu~YJ&N}n^zqim4;`_Fg+aTke!v>jj+rFxXlR|@vrM!}vmPDpY0X@vhK_klO*z))v=
zUwB{*?4e&GDLW)3C}kd%{6X79)msk886K33a>-e{=tyRRf;ZI=FsoiWOGeU!Nu?+|
zW4YJO_~BMRriv(`J*#3cJWV={{IK3!B_EoDf5kaq!7+&sW&lxNFN7aF`_gQjLyhBg
ztV@!epIq!=ly(5cfXu}}=6qhsw^>QFDm4K<n5ei<hY6b>ChUZEgbhRZ=Tn%r3e$X;
z#Qc3Ey+EdVqD)O^^Y5^}PU_?wA@xaIgyElZ_7A3Lgn!Ud5({s&spD;d(O`Rek^!ui
z%uVQASpwGE5$(!TILm4<r)+5C>3zu53p^SR%ZDVmkIRAK+a+}XhCcW!<6((_hr4lU
zNzB@c`L~{_&|}q`47sq`HS~uzm-AznAb(uCb;&TXumW~?m7?-lls#~xsQNg~i)%8f
z6@QgYb{?2>2oL{1n;1wtjnzhA1zK#!8a=m*&d=svDXaI87w6j9JQe9-XUK0BCxXp%
zjnxaZoU>h>>PV(NmQsKzXMrc2sL{$nqdDt~hwCFe%8d~p%-zfcrTQ5g#Vi11=pwom
zde%PzYB=kc#3}_w+cG^$B|_sWW~E;eCPw&&!sIz8Q2?cZalpa7BxMtTgy;qZ+awm|
z+W^U6BGdqecfnF2JX5Ln5RH2E!psfoEjH&)LEc%qYsr;zV05iZ`7|%<a0Grq4<DJN
z4*y!Kd<e*DRC%0V`E+GRYnGoj`Zg-R&vuD66W!&f;dV72*$IrM%uP%BAuc{ULE6{F
zA_0>0-jtG&cnN0o4S)>1ggJyhlKfT3Odi4gmH2FXb`k?uRnaQUAI_d)E52899-e!(
ztQOka<>&DMYaDVJ0DC<2iA95K(0I;4%+!g&2WsrA=DKEbL4uwbMOs@FX({j24VWbH
zSr06~p1^}u9QNneUyqhQtSJ7Sk%h_LwKtl=lGh=wNbaIgb>tkV@_?Wqy6!=A4VBe}
zb{Xqaw`e}(2BoKDGWee!fIkUY)r721zB{s7w1l$^S;PMyd+!1sMU^xR_vAVW2|YnB
zQ9%L>lE^L5pcx68ArsOA6U6nhth&kyBD$!U%m50)z|26}VT9MquDiOcyRNJ5<rQ}o
z0TpHvNCGG~6;V_I3iQwd0VE_qGGA4l?w+2>1=rp0f8Xc%Kc0tlPxt9_>QvRKQ>RXy
zsyYo>K13Fxgqwl_tdHcH9X|p7OqtmxJq>fzx7zsOO)0#I=d)7zEOvfdoBvPi=Kt%N
zye~(2?|ed&r1zXrWqsu1E~NZVW28J5OO;C%`CiWC`xPDKJL;Ps!<60ruSxbD-^WSz
zS6AIea@*5xtV&Z(I{&;@JR_d;97rt)dRmj`$*AcB`uyo(Jb9h*BxvE00~oVwY^jm=
zoPk>1MI2xK9X1&WhV3Lt5(Pid&a#vDBqHOj$)`xtt*i{_DtR@QJ<Rb8SI5+7xVDkw
z{HS;&=7l`1Mt(&)zQ(}L*oeQh5Z2b>q(WR;V>}|yp%xaefPqrgkF_#?AZtOa%JDV3
zhR6>VG{@(k+b>lg1HH74ia70JlX5uzMtpS)2AUWu2zs};UJc`qC`d{C3O^w>m?Yna
zWp9?Cnw@5Yf;9kfY-!OG$&sK~TIl&G$#R_K0mpX*%{0Ek*nXXWE<nhPZoyZ_`+O89
zmrzD{St%h5EWCN*YPEJ2t`aKgafIV^&uBBE{IK?n#RH6qXGi!kDfr<Te&nozW+mRk
zerf)98a@DIqCIpMQ<0V!H@m2XPbo{i>n$y=P^`RW@o$lfjAaFp@N&?qfr${a@YB<h
z%rAE)(xwC&sRNmh%tmHPS^|BHG}`?s_OTOynZm>?MzqF$Z6H>`xXu3362X$lFZ&K2
zvG8uZrw#7Kqtzzri}L;tuuK-1`I7hi1AbH+ks+%MWD{X6Tt!K7*A$g`BYbsEg4#wH
zj~7|}lhH__FyE*6(hqud24>PT>H#q)MgbX(9Su`U2#CX9Xr?mPCZeXEPwbmQLqhrZ
zxrFG)FDJx&Z1qnlB>T~1V)D1!iOB(faq|oHrRs7WzhkguaV|3au<$T)C5)D*_@hUW
zzN`rEO-AG?OwW5iW@XUSS<p^2{$04i5Q7e2{A>W#Z)C_w(j(*Ny8g_H?T>#1!^IqY
zoQoe)FW)tUXBik=rbCp_g!eX}#1=zpt;>72)4~GA3g{xz=V!6_Nu`;ki8wrtipNXb
z+ubGA`Jtn!&>)M@Cw|H=I}CNn2Q&Z;NG&CJT`#28$ryxN$4)4EA|(Rr^a(g-t(J##
zto*a}6eAQ+4^Y}*Mmc+kxsU=~s{13XYVCj0G3A?vnC{bi43?tAn&ds34QSD8jh4_S
zkEiqx)Z95~@7K8hTJH@yM_{Zx|Lqb*RIDm-<TW{_A9Pq6`4wjr9M1j=Zj^rS5T}=r
z_jfeUIq!Rn8jK6n%<>p)KFCpq#L2K~3lC~j(JejHtaWJVv^GL?SlpwcI!vfON2uP)
zFS9aKvl?p;uo^GG`X>Bkw8qPIHSU7epuVH-t?p`*QX3=ONBpui@KXLp`RWh|{qXt=
zS}mWRiPrLbTQ{{l(Wa~AC9K6Ag=M9#mYdtVsRi{dt(Kpii4t+?Sa<_80y=hymdo1-
zEuL}9pT~&UzldfypB826q%*|Ss>E74`8*w5&?*&Jtpcl7z<P&65&3IUa!yL0oI#e{
z6vok@&ymirOjiSHOToL-x$t?`eI?gX;Cp0=b~V)GaU{qo@nn~M*>Qo9nDSeg9!#hC
z;`MRS{1&%Scsa~(F;lfalYHvmnS8=21t#S?K|tx{Q_G>Ke8M8m>$OQaOOZ{_u@t_4
zz*HtQw&o6CeW)6t8_^~27(@vc=cEdvIj~N8@if$ZoRzKo1bTW(PjHHJDsG?qfqX>K
z4>7vSp77yjE&e#EdjHydntSM?^Qo`7i}^HuJ%pQA1QUjoTiHU%lVjIQEIqOR9^;S3
z|NL(+ivK<>KNA1_PyK87SK{|$f7F)7D=qz8*OLDIbYc4LCFiI}r6BH#mWc-Ir@e6o
zkyZRmT7D9NV$xOt?G^E)Rcx}l8{D>PE)F_T{+10~@l(lxpB~j(tb7Vu>~7HFfh76s
zuHwHta9}wwb;2hs*96*-#+FCfE1i)~?px4|lzMnS(;#soTCL0g>ANXAXK%c}`x6cm
z$Uf!8c_(xvQNF&Q`Ss}G7wPNc+av0cmr0c0gO0s~Y~qNeluujv-WJuGs<J?1$}RIA
zqxe(^%Me`Q>-fhe9+y7-nj=dH0@lyKkx@I{CZ4cHK7na$B8(cb#&a<7^(1VzY?r?(
zgH9*%wzGIv<`nN`snBZ>ve%P%ABMLU!$KNHCigVrAvljQd<T}HoE83ZpnU4wLPacB
zS)=nRdvmiA3b^WSn>HtxmxQyal{#tJ366G&jcOq1jor%hxv$8F@UxqupRqv0f5g)!
zF>{EOO(ItDqq)`cw}2hL)7)Fyvy<ai8|Xkltm#I{A0>V)o)X0N(7^=#On=T{X<67$
z+>Mm+{;@C1E3lwMNz=sUfe%lRY9b$2#!p;*iCxuK*hPH{yRWZH_`dx^=k<;Fk?=j+
zMSWi$|8elyx~OkO_w{uN-}f(fUSDx{^>wH$8`utO`}506h}5ds+KwNi(}?onnR<B-
z16%Nq2R=`jTc`|x3XT8S^E-v<&5GEZBWQASd<h9>4DJ6J2}8TMM|vDrfBR7!o>B(G
zKgCw`po@`(6wzGVG50qp3qQkvwe;~g{P=5(=B&0?xeD47&z87%z&I+>Bw{<0h}&U3
zKoT(~-=D5S*C-vD9M_?{1f@GwaoquAQGdwU4q*CBdPBwzvEZ{xkN(k3kDjL<30jvP
zlo3$slhUKWMSAoQlkrNvl9=w~E8Vfjb?2u_Z)SH-o3D??)8^f7dh)wi+Wg_DLK~$U
z&+2*+JHzqI=3y5ODE6)YFg-3k`ft(Wi}1fo5An3FLq(m8m_Wwmq4NU^w&DAqFz<n?
z>Eh>clxZWd2&M^P+%k?CF=Bh{)S-6gw>WjE-}MaRjCo3NQ23qrx%hSLSL9hBZky|s
z56z6`Q`CWfg984~^z;a1Tq}gyZxjl)|BIwqBy}LoYu%705J#FDr5{O}Sp7B7zb%<m
zUDm~63I&RF6u{?pGN>eJ1kn$acaAWPPDSk|K<)lmURP23S0aekhXqHJQ6j&r?&l#u
z1|2|o3P2@s096Rg#1lnt3~~n@L1GhX8BoElfqG5h5*4aLhgHnVzwMy!{|E5pJN#qu
zHR<sGEqt9k^yBgM&Y>>wg^LLdUlRa~l({1m@a!6R?D?&y`7DlMY=XLY00_@A2v6e~
z-z3Qa4V~sqa0{R+aJ~z0exYC1s8GHvAE9h1r=#CzXx{_4a$uDLpP>`@%H!bs$teb(
zu~Ya?VTL&A@353Rg-4L1(5>qVx<BfmV_!d_evPpGS7-CtFh%^7#7zg2arM*XG}iCi
z_-QQIjg<Lw>@@bpH!8!uK>pAFasB6;e@FlM=HJwRV)Ms+tRymV_$x~smaF+?9xiHN
z{56Mh{jJq07^ELGML}`(TY~1F#r$%7@336MFT?DZn$_`3j*Ni%&#qN0imDpQuh_@2
zwd57Q(zMz*tKoh-dMq_dj)PdT9h6elkoEvB)g&?O-r}}a_Y6s?(2inB+srS+beQr%
zA<$>i?ZdbY2q<n<Pk6`xeS{^ZAPIpnlW)h+xM*%$kA{C~!n|#iM>V*T4m{Y!@3H0G
z2e9SCxIw8J<II>(OKgFKo4#=?BbHUH=a(g8^ZONT`sIV9n}-KbvSJ<nm5{?K_67e$
zV4`$>*$X=Cze(7yHc&RzNeuaOBute<$ftB*mLB}FgM@s=;@nKgZ_<5rtpLb(FR*aV
zOzh$Z-!KJ#sJIgks^{%+OmA{n&hjhvV||$5rp7Mrkd{5Gtq+t~!x~j!>~ELWG?M5P
z#E@p*WK^N0X%^rG0EiOh+6b991AW%qsuAU^^wux+L|J#ME|BpNB+HvFMwYy%6tbMf
zrpHp#?a;K^>!s;LmL?ms^(d`d*$}Xbb^NmL&_ddXb!8r){)Y#v`J?}LjfbAkTx>iP
z@BfkGVeBos@o?>fdeq-=i#8sPBjT@hGQ_W5p&t)5U;n$~Vb%Wsb>rdhjX!8S%>A$K
z$HSk$`f=mo&o}GF!yjhpiSowHy7ADAWO=EQk>ygqemo5S>fad;ZC`aZ9w=ly)Nd8r
z#|K87NhF$70!^--JH;A0oT%8k?gV<IU~+Ik3wj`9nEx*#Q*vpu%d<TRjio=as@7DS
z-kcgWl_C`Pe@SM>Xw{XkDjZEbB}5r|?o+5l&^F1{UuuM|d<81E#h7}v?vgn*R-a|5
z*)(QjGx#K>Q@88)SAi-oOhzLh(A{#)+}p-ckr`sBx~JCf6lStk`mI`{5yDmbRQ9d>
zOBY)|bDyF9h?}M9`v?c3L~T^QD2Buu{Gcy=P&basH_TloOC9`KZ$S?#@hqqrmaMsD
zfsC(^U~HqO>K3sf^i5)Qf)J@uNwf#l2Y}X&DxPOslA`_nT+#lRqD+0-BW?czfvSnA
zvhwd@gSee7Bd;dv)GTQw=t6U!l@GCW<I=P6rB-?6D_!Y?E94`c_+#BN#Ua+R?0I&J
zaqd0i1BFB@g_RyvMzmstA0qCgpXB{tl1l(=$LvNLlSLZEovNv|KpBk8)LJul6KeKA
zuI=Kd(*DoM*e-@*8?0O@HmMqxMfsdrGGHuKk|jg4m)$}klFrg_K~G@D6ty$s`q#<$
zQtTYM@pXR;D@G)fgR$bjGuDtcEql>guZ^|ebj6!XwXs&W_g@%m9oCQk(s&y_=|_*Z
zoW1|Tcsu>sj~j2aS;RI?Ch}`c-re(i5%j4Fp2JUWR8Qi<02*1xe2&B#^dA?S=Vz$J
zrf<ZfH|nwqJ}B5NZ=0#w=g&L**TUS^^yHhIYY=b>^A#I7n_T~O8~Jwh_rFfvB;*-D
z>B=5qZ%oayAE0<`GYw+^VZMoFMPzBU_HRHK?$qZeSI-kSl15S+<1>Iq_b4B^Z#VC~
z4&6)w$+h)n^wH&gbbO=UX3ilZLop!Fvt~E_SYfWFw_fvVxYF7)ko+WmDSFLo>E}Xo
zHaip@P(BK*pu*BNIhh?-#@E@>g~D{olAEpfJn&*hVZk$Q*<;tk{O7wHy+_nd@bDc8
z9RXWt&KE?dxd@+^DDaH=`bv5&;HlOrxJ@<{Ur$qB@2fM@>sdnJeFZ`Qm$Jf0so!fb
zzD@6>+XzgrQc&k3fsw#4+@P_-zeo~%`&>x{L7DQ%o_f6xgEND^$=qp2t;}K0#gm}<
z4h`JF?DYoawSYiP!Lx1*+=&d_8hVZ3vJ;n}Q;2wI10Kzf?E$8%k;+bE55^SYSJ081
z_4fj{q|*;<que1mTEE(!V296hqyzY_V-H;g>^QCNNg)G4_vAWZ$tGkl#VF$$_t8A`
zTo@DeTquNxYw6**=)+=o_zFF=M;{7$Z-m85sZY|iH>7jnsz|)6LREyhD&$Cgu)vHC
z1!iakz8?n#Zo{9RaighCbF|GNv0sf)JRnl#ez7kuX;-Uz6{|}^wQGnxNI7AjBmHjH
zHVXPyt5QT7U{B|iCwK(EC;Y@alayp<z7Q|=@5RN-SDGv-v3H9wy`ALsos_<>s9=ky
z%>a64q#WqVm+kT$a|Dv}#tq{fd|3_9d)6Cy9C{s{VyXPZS_$20&|Ug&bP*tbN4`0f
z<TT^SEpiRm0fMr@)7ZFpU;&6M%XWSR`e0H>IXs@^Igm)N7ab65X7Ud=%;Zl5ar^&~
zK37i|#=&*K_3S!yJiCsZ$gbmlg4Z%A4xdE*1y0-eM|!`De;x0d;PoS4%(U{A9}k4v
z_FDY?x$@h}x1XMA<4^2ng>3xHeemquHhi{~6;z+qYDK<eMbx)n#=iY3_U%{fE!=&E
zcU$pp2i}DQ^r*L-;(e1bcp^a3G?SmR=lD#%eGlAxaU0xxF_T{e|Jy_GpaI_iX6A(O
zO-QVRcfmmKr!Cu`xJGOix9I8Xn4a{m-P2&G;6DhK2a<wTPta}+Nhvl%5NAZoN!M3~
zowa)Z4WifJj`SJ;)Y{6gK(E;F;CO0%6HhI#jZtd_yAFMpT}Qsiu4DcLSG30>Ws=@K
z%|Egb$OEXZL3A}BYPKP2wm^;N;MXHNv_~PW#D}be`u4-vw;#p6{fNDVyE?oBP-nK!
z<j>V>xTk#Log=sg5p3D|#3*q$VONJ=f8nn^+YS5&&4I#ZPn|t<JOyJ`)(Dneu5ZO)
z?W&976Hys<Toj*$r3|0N>^juOt|J}nI_B2WPVh;nD8sJ6)6d{fJ91uSBXa)<=xF5;
z<a<K!{~+S+7f1YPL_En8z_%@sbZw}8psk>;E6jfZm{<Ly{$ujzA67<z_3S#dhFwQ)
zW!G`Lt^ZH{{3qm3>g!3)bpJe~uX%AsL9kY=^Bhj}H81*}9RUs@Az!Bxz~U)SyTO$L
zWDLr;iJ!3}zW6JqeSgwPhu?A1*clLZL(uNoVzBccgy1PWgl7%_%u|;jSkAg?n`;a%
zL#^P?I4M9ef&XAjAY+RsWDkW?1VckD%U}Ng3wVEdQFw0(^yciLmK!Syc6I^!q(D-d
zJ=A)my&%+GFaECUMWA<@0AC0NySnHQ>ksdJ09}V+e3xOg+}X-lj_Hj}48pMHpSl~}
zp6k`24N41+?LFhz*#4SbhaP6vk;mC}T=O{n*w**|^aL2+BK~!V|7*uL9t?F@c3f<H
z@9%tkTg4C!@ZybSme9iC@;z2Dh^O=s*S=@*%t?YT=$u)P>myhW)&fooB2e^+Ys<tf
zWnwS}Uz4Zz7VVy`$RE4Q1HE@!JvG1|M?oI!v`0b}mIjaqEn<RTr~@Vvo(GZ#H73Dx
z^iY4CzbVQ0kqYsh`HQTK^bLZi5kpzyK|q^WPq6~7!gQls<oQ;yLFs^NCj!rVe+N}*
z9e^TLR<YH(<N$I!eWS_q$^PEK$^N^7#?CrnH*B?gwjpP4)A-b3*k$(w6DlkrS1le9
zcV<uYCjqlJ7~=XC64M34c42y`lXui_MV}^q@2BVY%ev$DjL!J|@b!$}kF)F0W_BIf
z&aPup#^M#*L(WbTPmc$MLj0dm&@|?Kv}-+~9vReTsb82Y->m1(!zy=9jS@Ek<(?QW
zMu0Oxe%SmO>#QJK%0RZ11JSHNH7k(KhPl-1?UokTSD-KeKc4K29~=H3KQewS(eq<z
zcl<b}Gk(0ii1Fjy>^gKNyN-OAUB}EV>YN|{S1Y(0;|f2Bai{AU_XCx2AB<z%am2V$
zenb8RlBZcitpm#nc6HCnyD!Sh>UyO><=?_ZWw&(A!1=_C;V04X7v<p(84te~%fsQP
zs8lQ)uhRH;QlNh?d*~c!2VZo-%98>am)k?<p~SZCxccwJ)kBD@1I3&GI*Cxw(iwx_
zd2tT^59t?k$1wh0#I8e^vFpgE*mc~m#{571;(w2Rp^sk}e&GhAE?nNKus`<qOny{y
zQ{gafZogB!DYLy0={c&Q>Z;ScDLLuqgSc9J{F(B2ZhtJk3w~Ag!vaU{f&zH+1w4Y1
zcLeEI1O8I&>9pB{=aq!|Br`sd(w^zVO$-#~3*teCc$P9yNVi>+%z4fYc3nsAP}s_(
zKVQks%@EcRm|W9hIU6ClPlcqX_9jAyMt%F7iGrBOys4B;1ub5Pa{OZ&p45e^ivaA(
zY$4F+gFG{t7xOpdKurXRoQut@Svi23;g`Nd=G{I|$CktpQ6K<-lF|!v6WJT7;ORab
zWxG)G$^~x4-Rt^-X6f2t>3Dj~5tyHC$3;m$jP;Xmt;Wz_%z}^SX5|5BEX}8=Ri~tc
z%D$ZT8pp4--exvomn+0Vb7`HeFq;eCY(NjPESou3y4se?0iR_6w0{Ng!$W|VPxFi5
z)l56Ts2+{uMxLW+o-g;G&rx7FG_7ab>o=DS#0Rs{(A}rkHNz<7M!q8eUqt)M!ZPC)
z)$6WAveX+n<-v9T1w9WGCczRYpL(s)^@)OH^l*c+NZqRt`;~tJ!luK+<kfc!;^e-F
z@29R-$ZEvrMNbW2otjFYPK7tn3s=H|8>rPRYE^|^1^dpcnd!cBu%+*vDw$|Mgzns{
z7{PoPCrOFGX!q1Zm19|w@oCYp8J(Ud5-|S5sN^qyrts54!x)#CHe_r3Gz>;W<_0LC
zXQ$HGf;x6`C~%sjgDVwwx-H61xs08Tm^)!7lb)SMXzXNC*y*2-=-4T<3wFYz|NN*R
z|KtDz+ce5eiRGAla;wY$8M$aPV!lYI-@NmR`J4dvCD5@?^O1Qlh9^)VH`+Uuc_Pv;
zs}ecs@Qtb1rFy1v0+hM<Du4bZoEyI7oawk_lIt$woC^qwG==2(tWBk{S^13Qoi`>K
zs#H|o&vD9K;3<XVf9-<gg6^=8)pG;K`xc;U2rys<??YF@1%C@aK)WP;%2vQA%WS73
zg0cPxz!n=uAqX2LZ^PJ+uDb+JZGx~ind1<?BsoLVe}zabzh+W<;O3p~bLo{Q12=!_
zId}cM6oG$bXXQ7(EzZGprR}4jL_{gkE2cz}Z;LBM@mL5{MP#EraE}4L>TehK^J{u2
z-}F?zIf&m>eM$Kv0ytu)7+731wi~*xVq0WY{CP;eN7wPg0_Db-m>xG7L8|~3os^3^
z)q;47Ak>%6re4;U&ZpWibx-Nky3$!(y$9z9+%Br~P}NMJvk1_BwqIIG{8?X`O_xOW
zBZmr$by7hQZVr{2{DM)OR3!M}VQId5!7R?1R#!TO3qOxc6PP|#@GqE;QAqNH>C~ow
z(lkqG(dFn-npkMg3klPANkgwmS0Eyp7O0x0PFDcMRMzkeyx7GfaqFc8=;#1QB(D;a
zH|V?s`Nnw|kB4Ir5`GOQXV#Za!_v@kLqV{*bc#M)h|EU!f*fh!Kem&HQ$M((Tz%6(
zn_V6Gi=6e&yBBMH4KPr;=%<iaHI?;q+|~MiYC=4&lh}U>p^f@<hyL|e`$u7eOQ&|#
zLDQYlfI}MmD(wDw(}vHRu_#@sKQbj-@R#Q5H%a@!gP48P%c)M>F8%!-xFMMn-H;pz
z4@G)7H2TmSvorb@ikY5L|3T@T{A$db*V*aqgh3SX5nB-Jr9XZ4VFdLDe$8^!`!)Gr
zQvELec5hrs{QO+7B&Vr*`ASyAh5<FyA6j|*U1Frq)boc72mG4yDV~-zXO^cW-8DE;
zI=jAf4t^tF>MxxW5K=)-*&9GX2klgxG)GR1l+F>RPnscM#JCy$QlRb=CO{GpAjt?Q
zCx+MYzo_GhD~0KPq`IX68DcvzM1wGWr!*qJBjb0)6u=PwaejzBpGzSn?JSI_BQWlp
z;W(R&slI9$CtuFi&+hjEgm~|L$?Whq3UV92X8IH>zhM&~()pFA<t}F~PMqH*u_Dz_
z#9H*7Yj60^$sE@)KFzFl3<6v_B_Mq5X}xt`ntgi4Qx3z)$N@3rKG5QB&3FFF6a1^E
zWeC4~ej<i(PFn6Tv_!~(aD?{lPIqfM^G4;@fI_~}(=v2kZ(-ey&<Oqq*&E`QPQ=)J
zxg5p}!TB8caR5!_p!L+iY{qAm<ihQ1>^56id*7q3`yQTt-zd9iGZ$4@zT<t(2!X$X
ztAIHVrY&-ASRnYTX8UiMLj%ba9-hehwW=)=aW9yX&-;e6&_B{5?a8Ieli6(yesg;<
zJWW)d-rlC~Rpk(^NBr_e64f!i@_eWua$wh=z0t{M&ncft7h*oUJc_@$v7c1U#Nz9^
zEM6X0{5mZD<b_xY)wgv^q1WN{#&J3dJ$|`Lp<j<CvXsH?Vs={uw=+g-bhESDY==eS
zeLWH`N~om@x{sXyQFvQ@{$Ik|k}ivPinpJfkHy={3*F*v4!qu&ufyB;%T&A#8l@pC
zWt4_2d87_m5$<BhlBaIGN>}^0m#VdoU{ziXxBa5EUx?Q3n%RBLIIO(u&XcQ)?N*#b
zc#L0XqToQ7QzT<8O&3-^1W!S*tXy#(<9Z!o^Tt-_XZUe=qAApNP#q9fYn{zJo?C~v
zvODJOIOXka+&a7s?`@0wJYOjwaO?0k{B3(&fn23P3AYY!!^aSQ#LUJ^2}@FKHX^9b
z5h%$9bo3lS=okdI=Y}i7Wl0Nj$$D48edlO@h}AlV)%s9Ot>NJsVYd(0Q2$T0fwfgt
zIlssmd?QG&31#*r?W{R(cg-oKC`m(1$VJb%H-3Vo8E*AYV3e6`lJl(f6BLZ3TuKO;
zP{6IjJ4(!}k!=D{ZSmiUT&PxM1MkSc*L^#NeOtk;!@Kak=+c^xTEM85EKa@>@634D
zAMY;1yIy!_!aH2yODS-tI4zl^pP8Af(#f+~6l^aH*SP#4>UoRv7$AyEK((QCiWu^2
z$?>$#=Y6*+a$(0=Z3x=mSBD#p-Ai>60%tip|H>xbb1+G#x+(UTPIQL;I-Nn01)qn5
zIH`iZgZcyS+wwzHhm*s8h%VV7zDfuEVMIs$p*kvd#v(C>YWR!SE7W4WW9D5GA!KO;
z9nO+a87epy<^j!AI*nhBI)u5XIN#Nu=Kp4fW^KAZnzXYxZQeE^Fedq`VX9~2t>zSI
z@(sHpQI^Hrl}0+QK)lOb*6tjfPSm6-sxdZa2YsXE3~LXHq*opf&owam190BmPIJjS
z27qzi<1@ARHVtQD1owCH-B{pK?fvU<?~6zAzN-`1yA{!QO2vaZ>OXPcBOV)aJT3R}
zzO_n`GNp*8Wu!CN(=yyeE}NsH9nr&+9n(MAY27#os{stA(jCZ=p}qBT<da+`G2r%d
zcAHyQQZ!1FP%Y%b8f2LOiX7yFs}~#&u{A0?c;7)Nj-7pvy6C)=0X_i%pXus>5YGKR
z5`hvb(f7MUuew_g^G}D0@8O@T@osfhx!+qsA3w;z&SPLde2E_HsSMTvxV7bK;x8{Z
zPQIQsXwVCOV@K#w6EHv-BpU{=EAbxVz114VZeUHH?xk<KKWk(H+$QE~LRcE6LGjVB
zI4HioI27`tf@4wId(mAp{BAp&S5h|)V{rU3299^4E&f(*aqYv-`|iK5vI@oibsAA#
zyLkIr+5d*7O5AORwP-Ez?B!z4f>}43HQbmPOrK@xVH$Cz#!Ut6Hn+Z{=mBR{l%a|Y
z{|ZBSH!$U3n1kG_dsDbRZ59giw4E|8&C%`rl*i^6E4L2s!e`pz<|lq-y5f9`4*rr8
z&>U`|SzoJS5Uaw%g<CHWK);&QZId^!^0#yA@Gfj@@6hC)3%Vu^*yN@QF-;C*Rouv}
z!@F=<EI?-VwwMdA>sYsVPFMG<K%wwFcp~S>SKy@hNfXSSz42}<-lgMR5brq6`8R6-
zn@8VhV)N)9;7aGWl{{a*W(=2AHQ!%4L!@blt=CJZ_<~LhMvRNW%Ormj6GpzEORn%W
zyLzd+1Ja}L1|zf|hYGYg4!*>BPe0G4p<zHVU`4G~YBgQPQ^tHqXy~|U4nmqK=pjYt
z`)q&dY+$?`PpBQVOtT{}9VYJC=qNsN!2nwK7G44C-m5y!A8SvrE)|dFz2lQu7{J+y
zY!Xot;OXXDZLTjKJ#P@d2D;=3aDpKmIpCi(CtywWZQ<=9Ph*QGXp~b{`Ag?uK-GAq
zVd1-ESTNFD8kFC@sB-Yhz<A}r)R}S+wI>{RhzFTIaJkh}Z04MYnA^Oj5QK{X>+#cn
zcvvLX{)+f{{y36np*fp#j=2bJM-J?awuDHN;vb;lkJO8^o|ZxU^5-d=Q_?brp()Zx
zD3h}~V6zh}z7>PT|Gp>|pSt1)VX-s)>f-nu(HTDbb%Iafn8I&Y@jkREY%J!Y3$Z&h
zQ1;e?ust@2gsly3_YBhJr1u7CGsMe-lo^6aUc05<<$}4OB2eD>!pyE7ZyC}?;_kHx
zDDI|N{pC#D-DHyQCjI9-vTDF+c#%XgQl9r7rvwRjQbsI|j=b<^B;d*w5tdp^BCPyY
zZXMo*=jfLW<s`@ce1U>Ev&G(5(A)5{7u2<uqRsrY2jM`Oe^R17mUCE-b=r)7w%M#8
zK(V*5*|5vr`z|oD3P{#K@_MLpT|ao_cbap=qo{W(9excTcF*oN^zV$_<vEDOdu46Z
zOuI-mXD{zmBKq+V6U(!M#XZLpDi^QEt(bx>(%XO{cFyPAQ4*f|Bv(3musN>W!mY!*
z@WFPX{NHUz`Aj|Kd&H6H3pETUo$rR$!VUCf+}W7}@IcTXb`Jq&J|&2C1wkogTBfpc
za~##J++OO-W}NGevKePIT;t^XE&gAlYR0d*X$mC~^X+zC;yGt<jdHgRapg$^j$*D)
zImg{P+66=Typ(ZNRh+MKW_VggyZS-{@@IF_x!)6E;5OXxxU;rCF@?061+dZ>ld<;-
zZUA0Dp}##v5dQ$?O_(P@wuq&sfHfkP_7*2)Q+l&I+5R@|ub)@#(EygyhJnO$=8X}z
z*f((3vn>@^4{fg+g8m>Fe>%)y5<D$A^HShdU8Pi?i1|M#{54H$0V_zl<f;N1|6z4~
zaMshBT=^Y*<~+haaKHBywfmfQk`J18ZjB!7L-^bq)k2!tJd_i1FP@UlKU<r#&3)eB
z;_YI))F|Q5Ou<zo?ZsVmel5cJHB~In!F?wO;10vlUv>o^Ju5{?m+vpl7E6mr=#HyT
zWI<m_jeem;-CMx?Og@TatqeA|F{-B0`NGt2CB6@o=HuD1eB5xNLv*;%RxH)_KpCA5
z%y9%}n2qw_IQa<z;xH}bC(ZJ1;eAdNyNO(9uq+znu$<t1x1jwNBv%dwr|%cre=1N;
z1xjZ_7flXvK~%cA-&5ECXR8L@i_SdA3w^~c!g`e#1pbw+{L+6U;-2#{g@DdJ#p$jr
zB=((05Im%T^&P`S<iLr3oyh^155>}KSYDOELdI987~yL{XrfX6Jc86>P*BHv_hH=a
zmIU7WyChDrKK!Je<oQ5;`ETLb#?jhrlPVoc#u2(1ZBLhzXuS?@cU-Os+_x{+85M6=
zEU*rsPp1nGhXnwvfKsvZ-PFS>zen7y193e(X_m3U`E7Vydxv<ift$~I&Lvk~jch+M
z>@sxNU(o9h4XiZpk>E{nnzI+G6fNnlt0JYdL2Bf}`0S{Y^@=^O(}jNaYlgb7xF2A+
zDeC)!3^$7Yqv#WdHG56}j`kWQq=hZcJ`+yC%mJ-AyqCvmrX2dG(w#JN-h1RiBoeRR
zqTX(oKK?eUw}*ol)cC-tI>m|}-<1i($$DPpz4w925S|2oq$i=G@M5-Ly6*;@M+Qgt
z2nVSd@9Ik=f*a<XKVFDG7WoLN0EeahNieP43qR`16g{krL+-3AE9chXP58f<rqVVJ
z+v(vi!|6(_Fv;m_l?uyfvicPTi9W%O^om%k7oVs?$dtrIrM@@`MSj7t@Ir&K31@#_
z9m+FT0T=aGxTuhE(bcj1^5gjFiGC{MhEc7EmS=4C#t&h$U6=f4?1P=~o7|@>dth<S
zyh~u9!KC&fzjVK5|6?q35pkAtNw?yRVn^$<Vs|CQ`)Pz+oS>8BncCwg5(pL>$Re9q
zWwQCF&#{Tqd!r~<R<dk%zQ<Xhn5Q<nTQ8k!hDW2E4|!VhdEZBhtoqx5Xil)O`ta8W
z*x0ddKt-YW9%paGw3lJtpR}>~Qhxd0m68uBC811{QbwXOmsK`~tCd2+0o9&o-H<|(
zYaVHg`S9GcASc0f9l7iHIm`i@Ki1$H<}d9%wzSAKFe-38HSJ7)9p85t+tWbJ6(>hh
zbmV@_G&}DOtoXA=>J%PuleVE!AlBK$Yc4{)d$YQxUbuwx$d+Nwex8=WuF=>?C2M2@
zo+p<n)yFjD37R^j>Cidr20Y#_d%VHNraDjqr%42~gUjc0EF3^!%qx9{smJ#nX5)G?
ziI7ew{h=a}bFggig2ZB0*u-WVEz9T&X><nDH;?Scwh*=9-t5Tr`<5Rds6Ia*FQ~?!
zWlFG7D&#<@TyvHxd*p{yh8w}Lm6f)sl^uzsap6LeS+xvuR}Thx=Kidx!DgEBu;pu}
zJ~zQNMqissalt9E%B{FAbHKo0xy9`PTBy-Ueqbe#75PL*oB0|7&}P2QfM%2%1%Hao
zUjm~o1qWN1FSux+HmpE5pwR|(qzJy<uFJ!}=X9#wW%wFHHxOU@uX6Yw#N<cLh4%W8
zd&2@2ZOAU3h|B+xiVZm|M_fHHwN!=WgiDsoDtud9nf^H~w!j1+YDtTnzCpp=oEBg6
z;!i0doP)(uD3M-kPvg`^{O|zBi6E~Q#0QO-$I0s<fDHaA&@TfCk=={#)8L+vrgh7J
zqR{not9#Lu6RuHcSo_;oz&h~rJ>K^~0`tcFjq+$C(}3{NGI)eI<S?UV#JUmxhOLP@
z<P1o|B)1@EU$Ocho?Q`GG|kGdnJ|TEw0-sXm_XBlwR!>?L;}JYPitaj9xe&Yo|ZJ;
zNAaipljCQdOw}LQKVc4~|CnQ+J{e~mt2lWEJVYJl6@VJOSFCjt$UgFt-M@&Ym|^zm
zPbpJOe;D)j#JS3te>gLpv(_)`Fvr;IC(s;Yt)IXq86EtKG=1irW*@mxonP!Cc8|l}
zkxl~@(EI`*;RHj^F{T$H_2kJ&L<|an%-%h8>2=Edi)OnQn#XX?EVx|DxzgF%@?${o
zOn`5U0VoVC4lT`xe$TLq1it3qg;+<;=w8y3(|PaBO5FLHeHgTgRjt&ySgVtA%Ag;m
zv;daz2!rsRrX<Apk750^@EZl|fZ8ey7bM+}RUbm0N#}jLu@rF#zH-2;a6g0UKbe_^
zhGYY?zu&m=Hjddp&ZX(>AI&Dx!KcFQK6Wd>ZP28dgkCji`udY5b<@E4NY2a$W}~M|
z`F)z{!<dQ`%P^Dn4x|&T{<*WQ{@ddXM3<$K34U228R(l*C_A)jDhSId41+-=*yivF
z<>#Yc0DXZ18gn`O5X0#iEE6p|^%LeZW?H7sDhwH%5u>XuG?$38%>oV?8ZAO#<Rxin
zza?AlfPQc<_t*9>JE@FF0&1C(PvRouOaA|IeDzHK9~xgV`7)}H(?FYU^KpVfiYQ}%
zXT!^gIV|U<bUU~hhE0^OR)=5EopS)kINByBD5Gs$f{H`AFWFZ*pt^J1z7~huS1yX%
ze;9utZsX>o|15qPE(wVR$sMK1$RpkJCmF>1@ym-)Ihda05e$1HjSBvH{ZQQfH4b;L
zT@-h7Q-2`tR{ab38rcQD`sndRLeez@*|J~{ipUdEYa&xnxbW2%n9%IECr+~P-XwU{
zLAtz|0!rG^^X#L8pMs=qI!_zZ;YrHGop}sJ763gC<O`YxA3rjP+~_x*O2gA0SHhzm
z@0;n-TkO##@aWmS?9uP(k?RsBucjm_o69oW!JG{(S!`y(nGSzTc;6m!L;waz1og|)
zV&Hw748$RYoRXg0kGdQBtWah?Qu>Ccr*q8m3k2&W_^)GnFloSVX5cq>p=~>nmPm=p
z3TcF<ckD1|%1vT?<RoWq_?SVbqpVfR8e<|#ZPg|x%zPHkV!N>mMxoC8OVkz1U>>lE
zLW}$WJfA*_rU+C4LEQ>eM#MQSVI*xwl^AtJ-zR5)DnD(8C4Yza?0CRO@GksI_+w>D
zd>bEvCUKGf=oy?SXwk~T7w@o(pGq%$pT;6*A9aYW;R-0TUeO$<v_OL^do?Rsw;*nl
z9;U*dhuhA?Y+Bq#99sSmw+`>ZU$?|<S}e|_a7@SnBcO(YV@S9h+A!7W54qBtQW_yN
z#_u|d*11z-ov%iWWCjgw36UP-Lj56ICu}^O#>qjne~iH54@8U4>IA*<l=NQ9jQzn8
z-L=K9<kfIf(oN7_nCp;{>u+spfl*lCcbK9qx=L9O$~fbf62;9**qz16*>YdGx7<rM
z$vx!^IbAl&DRPpWAV+rxvXtVN?$-Hpxfc%w$e-aj%@V(O80VaT!Bk;9qzQqlY)LSr
zb9JR=LtW`Gv=(GDYeBX$7D`pb-xU*Vt~6V|+TpLF9O7Grz%8(foNKg?oojMlC9vR>
zZ>3-g<q1Zk{1>%~QFWz5xkzb_YCJ~~vcAtp5xE-hI%_!Mbzl^)S9Bzbydf5q4@6W{
zesdB~c}GMsfOhcb7br7pGt9~hhH}{N1=-S+!)ct_Q5C`z&58f>tGZ>W&)A0BY-pB!
zqRY=9_<6S_-!+(DV>OVs%6wO@;0YxN8<h#cWL=A6MIJ0{{Oxb(-=)^I=^QQe)iOEO
zwK!+MR8&^5#S!Rp&@hZ!+d*Hp@oRn-sqpP{&Yi?>=zmFBL9^X+KHthe2jh8v1#fG$
zTK1L)`p>Q4Z`xtwC-24Tpmc-Pb3V~k4gf|#cwb*8s^=kL&KwUFnP6_Q>|K;=x3pFb
zafl6e{>@se__^H>s<3=s$@6P4pr<$J+G)3(oNFx5qLQYsHryF=9&L)?zflkmOV8Hf
z1{|I?F_IVIeJ+ZFE+(0$)^>V+#IEGO8mI`H{nE`)#VISFm5OUrBflnHY+$ZHuAc~j
z@dh$}@M|U-Jgw*h);in;Qf7RD`Z$4KvxQoo=}N?w^Y+^PJ%zDW$z^np9mzizRI)Ld
z)Jz0BwGW&-<egplPn^bJg)o1N7W^)Wrk=6r_zyEl;v7jBJEv*xM1=j&1t!U$WUgEk
zYfpBF$ED5mJ`uMjZPmp_nu!F-A)XPIw6baB!z3d16R^aN+~v$J!<df9D&cKOdi@rP
zxDqN5jz6My8n`dPCN`N{(0Tr2niKo{HgY9b#;+;t%daU*R9y<up>=bjHF!ADmQV<|
z|IUgNtwDR;!yehBzIBL)C~?s&$sXD47(1(JUMkFDzTl!BN@rTm>pD}Yc1G=q7o#hO
z$0jg;7)QWmP!Pk}t}k+Bx}Qh@)!+;>$;Y<CFW-)*m9Z^;Wi5JtZ9#vZzyv(|;0R;}
z+ppyK<+*fzGV`SiS4J1Tz|HRV+xTaLp~ghGbI~z8-WEdDx{l`OibPLCq9ah88<$^|
zUz0^PnV0d{d3)$^5{!=Gbi-L-e}|>DvQcbZa)1NfX-O-$7bouRsJggsyvy~d)xFr@
zay<x$yeUEOZE>Q(;-`sFne%qIo0o*r$N_{XPp$y1Xgt)Lkrp~&glq5g(7`0bR=6wd
zY1jj8mcl!u;iR~A$w6xC9QP%9frpNy8+I(I=gco(0GXU37&hC*6Bz9r09pPx0^Aa6
zOd1NmI0Q4u!y4kqje(4nfnwv5dbhigvwnak;;=}HRas&{0HzO;^F0WXfUwciI&@xt
zVZF|ierr_*a>@i?Afv`6(eJXAk1mh<Na3HP2?>S9i}KIf)^7Qy`GThHIK)}f_`0NA
zE_~oZJh#NxdT(s46cf(MZ>aMGzxK4;3bR8X^ZYp-&y>7#WB5Euqz_Q&Dybmu1@xvO
zdY{8|p)Es$sSKyZ%K@Q5EKFIv$08L>+`K!G0x3WNE>&y|9Y_LR0i1~EmK;=wk+vhP
zK2ZE?q=vi6`T??~^s{r6z%PTHj?Ftx@E?^1!>F=Hb~wbg@b?%5vIQj@`l{^g&#b*H
zR46m<Vock>n86&{ejVm)>Avd{IXP7FP7ir_$vdg?l_l>O<v}Iy+$Hxfd1sj1ujHM<
za<7tiGUUvXcR;l$c_&RyEO{rhdxU1SXb3H-9ubvUhcrq#&Ud5~ybl+4`ut3||M?EC
z7i|9arwX3=66b_fRy!<*itlmuXFCORdl&4Zy?B^_qj#i8k%}+Whj7xCUQI~XDRk%n
z0wZ#|5ZO|&JMKK`nnDvLer()tbq6<E-7S|{`KN=nz~r4)U~sq(mAKpQ;h(Lw8MoPt
zwdfoGl&UlcmR*8)%C%9`7BOX^%>UD%J-C&b&X)}CUVR*?sWhf=8mD%t3;zNXP5xv&
z_W6;W<<7w%eEyqELS9G+wI&i&fQ+iy0;%!14GP+c0PDL@OCo4#LSCK2(#|i<M5B|X
z1tZn-<xN7MI7P602Dj$~L!H2nKj(m%E^nI<Iu8;oLIHYVAd;jlZbP`FA(t2_0qwWs
z*o`r1#q(%y%5{iGkXv4X8P4JVC5(RAk$0LZ62Effweia^oXx~Q|2D=B$ArAE?1A!#
z2Jb*&P>ln0elaX~&h_J$E+nO>24VLcz90lJb1r;nkc2=6-3o><vj5rr4#Nq-Q*SCO
z2-?{(V7n)jJ=4xVj6pJjHqzI|^Cm}q6a4L6U&?1WHgoXz*3G8V<N3w5`X;<2)!RM6
zB!{KW^|4?%<unWRHB1Yx$)@-v1(?N1%mV$+h{<>ymayyS#6VJ;3YFi1>WkIr$U7s1
z+5mmW7F{nyHrqX$TkN4DiT1Pm_53#}P&gVF?Qidc!4>%kO9`Gf!#p(~DjkSEEPaZ?
z0HX?eYFk`#_<BsSDV}f+tzg>&`h4HCGdz^a*BhZ>*LMVxLwwALi@dy3ymu;E+C4Qu
z{T9kWd=5`)@=O1V1j$Z}OJfgYq+k#2mK{}>*aL;B7}AgxcUYR|Jt%~ZCPs;34<wz1
zFPaM?cEyzrmJEpaAR#{1-fPNehd;Nrn?SY8h`^s)Bc{_<z<WFXwY8gohDm~@-Sr8g
ze`pN)OS-^60I**}d>lRqf6tv`_^YrSM|{LCF?nxM0xi<_TtSQRoiXvMKcwyaZ|#8*
zU*bXkY=?M0MxQ%@-2M(uHlEFZ?`^Dpqr(p)p|QdOn$32C<CG)sC_{Rq19)3S`cqM)
zPYh(_GNgY<NKax&$KrO&nacY+ApLuF2sjMkE^rU1cC;bZZ*3!lUqFOkAcWi6ICjx6
zz8f(<M2B(ohwXsxlgRHQS{T0lKLeb90bJ#rjh%yT?ZtU>gdpz1SU%8;o-7*X8Q#Ou
zz|UwE3?YFc+??c>eaEpp*wLkC{Qi5EAl?QTGB5xD#g@-qfRC@7cPjA`g!($%$-)>R
zIjijcGLCJKMR0>`Ga&OT*HL*iXkXo|?J%Fp)8C}2RmpX1?(i4kqB&VQayFGy2GJlv
ze87lr^8x>xfZa@SoAAVnz=iQl=KL)DTeJhj&`=1>KEvV20RaNzK4|J{1a&rkKzy|{
z@malFIvqWGFaW9d6V#et>R^!&lsTuL^x{ESMqB9TxZiUFIqAV0wngNtaJ%&8^Ql0Z
z6X?S>q4vXwbaT29jStcr@LcYJCHUWb7}0`fKh4w->B$h=ZS8eFRWZcD_(;YIOz9LZ
zUz$Y~pOu=<rDCFBS05@iF;Ezxm7esxxIH3g(>!vRJy|AV0D>dZ-OZ_-v?YzfF$fz#
z`-jrtlIIbcdg(E^M&nuF{HR;+8*r(A{IYJB`d?0A^RfE?t@Vw%2u7=>U{G(CQUe`A
zVL|a+@MrpXtLp3U(+T8H4qAWVEig{66Flw4g`<V_Zsi}8#QDV6&ozL8UtwZ5PaSYU
zd+Oq_oJMM0Emj92I8P9_3VAg!`SpwQPjTPK&F>*Z>V?Qw7pzU|F|Jr1RMNupD=)#I
zD_L>l36?UJ9lYmjS_1SVKMn8h$0WPB#h%w{_p~Nd_6m%@p?JW&9^|Y6i<;oVtuUi{
zS`+!D7%d-GoaF}4lQ!}ze~;$a#R+itEZ&`KwDQl^z^j+7{4=$II|gpR)rR|gMx|Jm
z^M%XnK6fly;OScNWA``h?(@fa@BM&$D8c*gh8t>$V&1tICqmU0s=5ij48fPHpz0c1
z;0}HRMOJa22dHxC^Ig1eAl$gmeb4)nX;s#;l3$jAi%(2Dq{c5+`_KKT{&TVY=d}KF
z|Iz+C%dzi^t=;!KU+woW)^Ar9>oaD#mXj4n-gti|G!@|D_BO_p$gbyzHAmRj>R1z=
zlD_2dCEyX2nmGOxEL*G0=<bqN2TXajjvucleykB9+mRn@sLURm;E*fZfh(^xko%-%
zEAJUWQ)^JapYJf#(5s%f;b5ra*IdsQI3?c5W8c`tt@ga#cF(zl%D%Qh`3=zB0rN7f
z<bLda90(PHcYv5r7@JN6GPMG6HX{c;j%0cdkF&WWNT*tO_cD^{k%3n7oGx*<WmLMY
zIs14YX2XSI$FyQVthN&Op>`+(<eG{bGg$5>A{VqsyW{T1kzJ><CYl(fTUQY)+{0Vx
z>==>lQkB{!)(r6L5aQQXpxp%&*m$A~WBf5J;Tb%{673hN_&Lt~8~Ayfi^0#UoQj_p
zxc@8oaZW(oEH3FDFN0LPWGi@a@eC(M<mW`_tzc-n^XIYg<aFz!CEwu+6IMo)^2do=
zIBgW*r#y|%N_B`V+lkdZKNU2-Un`4d-#+KPR`(NJy6YZ6Yz0*g1ZZ7ZwgHxkPCG2{
z$_irR2ab0yyxNfCO2_1Jpb0g}W|+6G7T{OjNqU#=`~Y;EtI=L0o)XUP77R6VCe#Qd
zY!)!vcbK-9-1FyfuFKFm)W>ZZf(C28><b597M6QJK{<tT^gvHuG&hol^fxn_#Ou7~
zCb*>I1|xG?w3(+7CbB3KikC{qBo(P+DM8XJe8(K(+mzh}R5jZ0DcB;7`%^NiWW#}{
zTt+RsiXU^Wh+hkN+xew4jDS<aN2t77_Q1+;54sS|!njv+1Ve*h*eUo|D6O)zGVt*<
zgkUPjQm0v7gta0Au4DOLUSzpvV4bU!aor`1_0mJvPux#rbI$8x^*_+({1u?}H8`&j
z{EsyXV;_@Ty+Ijl6hwFo`q{Tq`Ek%lJ{4fmxMUOZfKDBQ^|&~~ERWRuGh?9fD<Je#
zLEycQkr~nfUG&c|&q08A?^&hn6o-F~fEyq%9|K0tRNag;@{ce#*BW>)`Z|YK7-G*q
zl@%O=6^er&A0}1muypzLha(j63rF3|Ri1@_bKcjETZPlGX%W;+k+vwQz4=qD{F;IG
z$adcQJ#u%X9$nK6n5btJt6t8I*^h^nrsWvFJP7xtMg2#(j$=|7EIKhzoXgx;rC%p(
zi}-@DzD1qZ?rDo)A8=ok4cVCb#E-CZJ`@?iLcI5{aC1|jctk<4LOecmmDOFGl;g@1
zB0+%BbrPA}?=lKwUC@CSiQ9M|?ncRjl>K_crV8<hUECaB%rys=QqssWj>rw;R(3i3
zv+?*s8SWQ4FoJ-M^@;bQ{>pkf_qaj=1fR%oJN7_>AAp4RsEXM3oU2GSOaL`Hg&52e
z%0Z5@=Y6%7I?k7FMq-#inQtLt@M|!c+1qA{<0Zatei^RSUi0f5+wjj(*ejRVHsCPl
z^H~N=oAf;KyTe>kZ8HP+M4SsyVHQ}bV;F<$UQXsF;aseY!CZ9==3oj#9D{$skP3z!
zj=XcaF_@3x28*I&P;JHtU*?j15I7q(Ym@Wp@K99u$R8f+*Z3ck7{QvRDW){<!yzP$
z#cdSdG2*eH5V)xk`DiskMnfH!c@>r>XOE%i)x~@NL1#e9q1a6l4%WedP-*5W_hTl`
z)mQLXI6%D!uL3v2>kuptUEdb$W8Ck({{kCxQxVVe9sYdad!s7A7@nkOUW&z1R8px}
zdMU9JEX_hJsgepM4vHt}D(_8$M#H`0{r$@dwm^T8%s6J`!7=zE*J+d&Js5ht7zPEo
z6ac=}T;%ZI58b~<DigO`-G>c!%a_iQGH<hMtl%$|1plNaP|K5?h444URqoH)a8H%<
z7X_#IckM|_PF6ZOE^U`9KaBZF_3(I`otMjlmssw(@8KD|cLNu<A4p^J7r3P{_MRqZ
zABQ;HA>LxNRae16uw2RxPoPcWuN--YgtaZqz_wVhZ05bq<i_VU@5Fwgooel0|HA$W
z{F@TmpirKAb^<H+&K1_(#{MM(`USpxmtc?p!@FSq!mMJLVAVO<0e3;-{iILX7$`20
zF0`kTE1sXdlZT^;jIzr~6$Z&32?7h`8XSIxZ{E8C^`G~M5U?aodWb4ANEPCU`U>&Z
zdSh9&v)<$o+Yq^<;pz|@<Lm_j@L7e4H^H1(#`dl~o3jPWUe~v<)<n;uBT_#pm7}M~
z?+$S>OeK#<$lnbN{1RBi!%C{W2?dM8&yX}JkdzD5xG7*uPH^zHpw-=MC=*Y{!T%ww
z@hf0*fK@S$VC0w*Jksx<W>iK!NZ^Cg<`;>Zi#r?h?ZC~IH`)y!I`R(2j`tbbc*g-t
z;~aZn7xz|(VPfhTc+BKM@;4ZF_eeZwIA$DP#H|jowIC?{ZdfKf8}}=CCb>spHnB0^
zAGuP=F?JOIA#H5i8o{AQ;w11kjdN*PA@gaW#AEnI@@8S;F;+}E`&F8fg)Fl#J|6eY
z2x_`!gwpg$XnHVfx`DlVP5&yDz4|+QwSv78#LwZ?cUNYrk>k7yOwq-BI&1X#J_fYj
zW%uZIRsS(A>IX`H-KE0%i#}@Zw4cJAJWL)+ZWaUOB>8d{0}-f?lTyRA%=u~cYK#Yf
zFW})nm4`2^&eD%pC3&td;xaBdjFQor4vQ(4qqY`0x9l*(wvn)1fpu+@CS3rWi$_4^
zvPSl>@GhV!3^HL}*(1_#zD!emo8Iiro-Eg%{I0h_xqAlgKp(zE5U*oOuMz%d)s^R(
zh5GV58XEQG`O3A3q*)+&@b{RNuDk>u35o2{tVxLd@+t6WDl2u*G(N9<+RXa$InY8@
z`FuWWIjKrn%b#bL*V%<74orT0!7k{`a#9KFmy;t0-3Ig1U&QeU!*h8P`=W(i(0>;$
z*<_MP{)_W^&Kq=Q!R_;Kn~7G#nPMXD@{D^59!QtAP+;Nx@S7VBe7q&&5{jYvT=Fb<
z4NvhReFLTB_g2N>gU^K-ozK11oWtkd1v7N+408#ebyF^%_0u9g>mGs6x_>J4d=`TI
zgL_>4_z&)Jwn5)x?7w^QFF0qyowd;2)m7B<UU2*SDy`?`)3EEw&%hI0CW!S?_E|D~
z0S-Qe-d@N99Bl5P;$TJ<;Q%kvepXQaZ@qs^3_hxV3aY|Q`8t;1Pjz64+w8F{QCI#8
z?q5dI^vC`^ws@veL(Y=Qc;w8j)R1%jj2=1ra{)Q8r>n>*uO#H)MXG65k<;aQ-l;58
zs^EVYbv?Uy#xeX&?3_K+mMnPc8gZi(kDrjAwW8lfKH|ND4T^3hkS6b01e1~X9`ZYQ
zxRG{f4n}Uzb}uwf0SJyex4~Tz=eh-56SFZHWlo(9U*X&l<64MTCftB85(1e$zAVz^
z;f(YKm1-}pIOAO90%Lj~ypnSSl7Dhg5j^WK==S<6P}YBS7G-^(Vd|?5_)1#WSCJ`{
zLHi47T@U=-XAqR4n8t|Z=hQON<t7roFC=%r%UKpt5AR&{VHy`kpAgo`z?iB71mIH#
zQ~-M+fR`hH#SFk@2Vwxsjsq|o01Q8j+rIzI+eRkfxl2EcFz^=g28`xH_j7myr=1wO
zrGS~M_x+_4`JLNAe&;IkyRMOel1=g(gg1zA$=|${x!|MP&nr;%I-C~GqiT|FNjE5N
zep~h^FQolF)o1T$&$cPgvZWB*>GIFcgB9uGsRfY=OM40bOg&)ib%bRD9jY)GxOGDi
zHyD%zN>m#0yrhs<I!g(18t-pa!je?tHjQ}7E)w{-JXFq#y)$`7M4(#({6lr)Qe?cG
zYT6c|vr$QA;$-YA>C6&t9|9-ma?ab4lk)|?=VdlwgMRfM-TF(KU?4iv1+jfS3YW-E
zVtwaOD7!XVc5UZnfea<8w^qIMw40gxpLA=R5V_LNNA94A#mR4Eanbzgs(q+I(RrsD
zn7LvOT>%4co2SrW*1wrKIw4s;3m4e9#BliEHBqTzPy{!kEUK`aMV%L&HF>X_qj2Q3
zV^hCbJ+)PW4ozylJas?n2&@`Bn~e@jo9n1t1bTayqXk!USpDK1pb<#t8qn>6J&`{^
zpE`%QI$H;>)%`>w9$cr^;H`f(as>H=)zfg@hL457S`@DizjArGg_P`Lf)X>JKFFYV
znoDBNSK-d}rtAvKapxVS?&8th{9||kMhIA887Da#D||s$rvK&^TVP_uCfcDVs{8QG
zExz50LD7GoG-ISxKK29~P#g2Jck*uwcH3DtYyN3WgZfgng_D+268g_IqTq6n9IpGD
z(KZDOiYcT)Nm7f9?(Hrb&c#=<sNQ*sDXgAZ%or(NWHne`G*=V#n)@=834v;p!V)i&
zl&+>#5&R6YpH0fo*U6bXm`iz*$w-TLIPKXts>>(#j3c9MGyVYWo?WuptNBRCVue4V
zrEv{0%YYcK(;x+%7a<k$_6nhvWV@w~_uSGKdAP|QI-EQ)kZ}z{#qjH;uPH)5>g>&|
zRs-+bisKSAbsWvk9AqW>z>gHPHadGE2GAVI`(7r_7-6pPe}MR?@W09!{(|%F3b9Q&
zZ&4Pbg3}&rh2@azusj;3foCI@?sV|oM1E;lT^c9XQA^?n*aZ3RIPd`am`Cq6bJCu%
z=uloZ$DmR_ir$HS+cnujA{(6ovZ836744J(`UDH}S78}humzEWNGLd_B3HI`INx1t
zCTr+HDQgfqnrznB<+mFZ#~M5T<_^K~5%2jqd3$Fl3)8T}Z*Bl-*I;xnY%p=o)v(5d
zVVA(t11R%9a+u$ZDo+I{`FKhKUzXrY0mlGiGAB;<&(azvveN<UIwK71B;e9FXf#LI
zwhj4CqEl__6TEi~o)T(Z!26crn+P$PiG0QuVnS;dXZJ)5PTnS-L`O8V(p2>0=ppaB
zf&z49yK8qAMBL}oOZcbj*Y)L?xh0VN!WUO^Qd3JL5=FfGd>X&}+bjhHf!_cN>)IU(
z{%|<5W2`Gkx>kry(xYY;3JexV=s+QiWu{*%|LkT5d}Vbnp2Il{>>i97KNQ9a@t490
zxG=SjAIM1`T4+R6jGZ^D@*8Vi`5ewxJ=>gP_m^j5TO`2)g`Z>3OVA1@5M5v{m?90@
ziylbKaPAoUH<AO<?(p8;8Gr#3d}k#~0h;*iVwp)zArP>#1Hi!G*{c0LDvV$RSa$H<
z%Q87GJg%4Syrlby6u>jd9>f!j(IV_lD3X9_*`NB1y4Oyd|Aso;xD8B6wAY97$Gu4Y
zu{M6q__osKBm*$<O16zPzFqn4Q+`L3-wW991m&lfm|%zCsYw!m#Eah+#2rH3S-f{X
z27eQrm*KM76G`NKQ%R}rYi&--GCH$_NS*qF_c6WZR2UPB&0NL2>X67Vf>7j1M+ZQc
zKe-TzP==6W1^dbhc87<M7g(Lrk!ZuN<!Z%HCGW#sSF&)$Gb>8EMny&=qS0Ps!dNLP
z;~wly5B2n$$}0lEkCZBH68w+l<9+~WdsQq1YK{;nl~6KLmHyI}7^k0Xo}7LToU@>j
z`dX9T>E~(_OADVJZ7_VSCwWb^$ydPNb~#&!Y?Uw3p$>Y8Ie&1Yo{Ttq_@y^rf<j^^
z?nW6a#Dn&{Qx%p^D){lAu+#eDS%oha-7lW<9844pHNX+^{{B{#-p?w(89z85!+XXn
z&Pu$$!0u-Yp3nti1Ym-VsNdw(2pAKpr+l5_M*zQ^!{Kj&v!7k8hnqy#IDXB|5ylUr
zg~*oZuR;1>0$<i3^Y8?8YEP(L22KmL;Yp&rdWWUm!H;ie<izgX6iDh<As(v8+srSW
z)(dU3dvS*f$B)CGV-p+6a_mTJ;k}!(NW?jBK$)0BN3=jnrSi`N(Wq!t)V9@dt+e}l
ztS7_iF8?iw8-7vgG#8vo+v?0I2+D;-v5r$l_?k?lTx}|eW4oumm4Jj6k}G>-b@x3y
zqhJ@m=9VPSDKpfSRIo+v4ds*7^5?1iTLzTRST!KK(r661TS1QgiX$T}@5LCtDDFZu
zmluM3TQo-#7>>ZW%5eiZ=P0`ej}{It*r&|@ioC<DCsHF?*&?;}v3Jj^JYubzFb8Jf
zx!IJhh|eQC;tc5C*gug5!F&IZ#N?L|<W~~Rq_E1U5D(+bksDr}LT3Qy<Mv+>YobvI
zNx2B%YqW|?#2~r+^53Ek62U2<gnzbv-4#^yFw6jte*!bW@l%lqn=al}VnCT3{DyqH
zr;Y?aYX2Psf1@=23O)9*$!W>Z%09=~x78V-9tZp!@&_wyLUCOp!SWJh`+32@ripMq
ziIl&Y-I`weGU+GcAz}FIWC?^-IOwL0FlX!Lb6kH%sN6zWf&c-F>>kYF!+USzIn88=
zo<)IM&H2{ItuV%+5>Sv(=i{6k!W3*;Ygp5kjKXk(;Ax?0ha>U1g%(J>twGf@Xl3LG
z%mL{$OLF*Ufk-N8L4`lB0-b2#CGWjEk!d=pbDWbhk8F+jg7h8lEu}mOvvK(_+f2bd
zrVxGc(B4!&i?g2H#Dw7xQ*<hdB3ke>n8UVo+V<V4PK70!)%N$pNEKvnlzC41%4yd=
z0n!Ay=p^T>PRHJQ&1;qV^40o;K&E$F5r@VHWnja|m}A5}3l|Pzqp}`ZORCRV$MChQ
zNyD50qbd{u;-Lv8R^Gvc;1rN-%-n5fwv(4K^`vW7NOyZS)&Ttp66H3@{jkv-)b&tg
z$oJQ=j?ky1;H!98!|=df>c4SbqkW@pcj*l<`zZ8<VjL&ezz=t%l1XMh?({LyX3<7$
zzBlLs?W<Lt#9WyuBAgH72h(s5c$voA)3Qkg_nyY^WWcZ`(AtS4b%I-xO*=eGa%kYM
zr{|c=jn2P<09SSyrQd&=#uhXlH-2FZ|0$_6PJynIP~d&9qyoR}N~I8JAj^87FsMj7
zPO_kcsVX1~T6TggIH*K1odOV8da7{G$tDhiVKfy7`m!F;4uv1Z#)r=^=SH`l?3PWu
zm+Ofpv<tc|CkOv#quq1CfKtk{6TQQ8^jl8b1it)phoMp6$A2#P_ObMHLLliYM%>~O
z>A7!dn<;#YL2du_wH$LVAO8AkO;~IuVG*PMqrCW%V>`NR3-v|X*|mF~K+b!zhcbrH
zHAGR*t&!WZu`c&QGsyA}n0`MWb&swGrE?@JHYM9Z4iXra(#eAKOvQ9zC6OuFR3E5$
zOm@#=?g=scCt+L(KaOZz58MR>rAZ&9a^at(M9CZ_ZXHP7@b}3|Z3<U<X(TA3q-%J2
zUps#NiwxR{n-oZz!RInnIjJ6|ntGUO+K~sd1<S4GT&J0SqQ|RWFxkb)xc_Fwopp>^
z=&6HJJ6+!*<hg9vJojNL67Wv8(Z<%qRIaP_m#|*9J-HQDVpTTXDopVAhE<re!H5nu
zp!Fs7)%?+J$Z?^5Oa74syFo{l6W{`qmo(@SHcRB{G=;Qez3gYsHx=Rud)|IM57+bF
zMH%>UTemx>j(}OWb85GI=-|r_2nGq%qyrNJNryD<{p<jxpQFXdc))OxZs!v>1z}y{
zs58YJ$3^E5@r=VFM}c=<gXagu&tuQGm<()nb2A8v+f2-1d2==<NJG#0Ms$Fp)0T<b
z*q$hEeK#sIAgawsdZ1DrQmIK<)lAXWL9ufPuJY7LBR84Zs&lN>n;eEeu{r(KL?%CJ
zC97nll<cp48(|{PIZ0cNpOThlacXoTC$5u$Vvl68wTQ!ie>SQ*!*R_Fl6y5Nh)1QH
zP>r-4=6&d62%`xFDp|^4D#=mA(tN@HJQ-{vn}o5?BcnN?&qF}n12oVZoS$;SDh?PY
ztfEWa$NEk5THgCBoDamWhzs;|F9f=)$8YSG?LhaFjP57NEH{a|&lKB<fnsvumv-+*
zCfJM$m5~&w8OLCb*|(@SXbX1n6Z9AtzmWd)^;X<Iz>RkW=>#s)@H6SgEvZmn(s1(C
zq%bva5ZvMt?AJuy(HU{cD&p+J=)EutWSyigS_3~f{IC(YjrY7sA7tD~whv}L68s}z
zB-$Ei36Nv;m$mqU^Ldn@v!pp|a6u03S^X6)4pH)LQQzFYh8>rkB_x(ecFSg`P4FFa
zj-w56eodO*K7V}$K>EHx@pRhkIxc6!DpbW5zY>p(hQC7dj}m2oIO?c$4Ns&}rK7Vz
zC$^oy7%R;AG<T$uzsW(IQgg}3$^<5eXM5;Gc9~a`@o43KpIHQHU*nI%^m4Sh#=wH&
zd3R$tI-JBs@~a6Xp`9XRq;)miPz(hXDpy~*yyG-YN=cDHQA%<RaZ1TXjtwf(a7emd
zSD%XPKc916M~eW4TKzXjD$+utTm58z%6vOS`W#zHVN`h4auz=D9U8v+mk6P65(#&S
z&r^qVipYLV5$W?0kXo!VI>hOw=!7%|ow28rgB?-^rSeDNJ6V*4J7lyRj)__h3*liI
zJ+wt1mcqk)dN?ck@c!7XrY5q`DVpB<Z>4eJuR9!o;3B#*&tsY642+MDV&xUl${n#E
ze*Zn&$I6%P#jg&1A768g5)Gn6vSNXMc4+$jGinVvSm5txsNFlM-MAEj6X@aS=)+O5
zRlRsl*Nfe&p|&T_#W(lSSzVd`#xn1n#hB2VU0ShUlb<E?;1tHPwVbo37*bVNbklVJ
zlQnWWBMn(!9VmlWkTITxm{ayD@W&LpWxwVjb}~t4haRR{om~Tjz?g-CSy>6g!Wq3P
zd_5@U%^ZWKGxU*uu_?6!2w4A&*bNvw2UHS`Z{;sH=>z6v!xyfja&C9~FYG+f(l^sM
z`6E>c(B{c~wW-=p0*(!|&pRxqT{mha)=>!*E-RRkS`=mpOE%%=lWu2L-5>JQ=D_Dp
zUWw3gLV6rNmnCfrz_-u!7kM?{$gzpGNq@fiN^L2$4isr_{l_4Tq+VY{-FBqqr*J@z
zxr}|WK>r1Xm{|V>e$n_j?XAw#z1=Vpzh2kEQDhw>4sDZG=|7HPrG2LTI)|fE6S$-E
z6cm-KrQ(cj5$U=NawmGVmTi!hFn6Lk)XJE}o1(3tkU&|r9us3pazk3&A~o+=bg?JB
zxK4R3{o^Duc@J!4oX1F>LifUj`891$AP=HnvgZ@&d5uFn0I&W+uf}B7Mj>FJeY%&S
zOi)C4zO*un<Mh5y_(uBeckChk$RuzS*m6!1n*Ui7)8j={?U?IpJLxf+SESbZ_#R&e
zO@z}(B#pT*wzhm$+u+V>>yO|5wL@)T8ESiv#L$?2HCJk@UsmD%&$dz&pb{MUR9$^A
zf6#o|K%xmeK+fMQm|v@?E`rDSHeIPM{+WzlUxw2$oh^_iv?k~l*@(&+vSKTczIZoH
zdnX+`fk;dzB4(uy;H2}Z#5IqE;;D1pXKYWMj1BZ{7O$rcHWE3iHsX3$N0;go_;}n~
zDNz3ltbRTekB86pK>hWAhfJz2c`)`5WTJp`EE8r5e&BbB@|z)ufYNQ(Nd0b4j_dw?
z09p6~qro%5_`cn_hjE@-zC=31$8sKZIOk~8bRj*nM%TkXAEzGfNQNG+OWCGXCOxDt
z<vy;W=k_%^8ax1x!!IZ32H8)K>l&JPoGJPFF~;(jS<0cezv*s&k6-!Nc{bb7U@7^F
z4w%z8s>RyyGW2vGjDH5`LHGn-Yq5<=q&~f%0LvLx8=jzCF$h^W5&yKKdFL15vxbhK
zViXvqCvI%gGmh&P=EXa;fwSrj9hOQNybPQ@AQ-~0pcaIiEaAoY2V>cXG1F+6cG=bM
zdK_acBgCm`-n-8c1}hJCkHPDdIekAu)c(2-gKwdfkQ5Fqk^cCddiOlO*nyDXR&RJS
zr);v2AFcLz<#+14AdT!=TKiIr<}fC>3csN+d#7HOCDPU35jOvEpj&Kyta0!7*Hy{g
zBD2||@$L^J@&wr?Un!gA8}P~YyP2O(iS!AS=_JyXTp;(6FOjokUhBtSWQ|i4loy#)
zOf1S|_7TO(F#7#e>VG56Uy5+YSyeid!F8OYVebBDSyo(pQYAg&lJ8#U6o1Y0=#86$
z>P@Z?*wCa%qa0}oHtq|$dT9Ht&S|*YYjgPTH9Gu{n{XLAAMH#y^W$PahtFc#SB2%m
z+)OKTIAX!<;K{rmur76o3yiA`7^|on6Fuw&MFIg)b9J*?@<@>%bJhDyM4OnDIkSsN
zxctFP!pR>n30H)coN0JsXujq^mXAyE`O@T@lR3qa370f49RgH8E(DY_JAp9`@5Qw6
z47Px_T5S%2+S%TAeQ?eI_CP>BqcF--p$72-#g&UrNUW#CqjbDXN;sXMZ+plgMpUEp
zo43>eX>W$rXFl!O3)-_swP(wfXC~<h?XD^ue_qV<ogjD?=L5pmpyr9LT=jPGL)9g!
zokXYo1J%C@bV77Ck=t0f)oiv-1oZ=-eu{~V$%OF`bAg(P`!M;mHm|T8nfFuNh^94l
zfSt#x@XyT`{3gLa2QV?4d5-l&zv6ux(?DrWVOv7D5EaABznfB$Q;hHE(8RQ)LTqHb
zUSD@RKDV<lX0QGUl-n9Dl-#we)5v>fyC*9?Uj#-R!8Ar45{bDNKMG5_DjGZ#JsXyQ
z?geu=bSMEZ-9_oVZw4vJ@6kNx|0|hdENwc4ole_Vh;90KqB?&mc7FdD=<8QibbEfE
zb!z7;(5Y<>@jbGZ`&nkQu^x7=>n)BQ#tO_Z{~zk!1wM)@X%wF(A(=o(PlU+0A_k3a
zMzWewl#GC8$b@u54}k>)#RnQiSY1UjL&Abda1u;^y`${IecV;o@9wVO?)t6Eu8M$)
zGYQNj0fC@A)Kwk|^w0v~6#_!$R@LdASAzO|_x|tw{rwq|ew|aNPMtbcb?T8Lk>5Y6
zxU4!sl0CQ$>oc)qZ_ImhNENRjV}sjqjBk7zZkO>J(r;>Z73BDOY@VBZJ%!#*K`E;h
zlwVMX6x;w;3auGOhvyB!;q3ALO?!vsuSj@C$>TjgrROUJU$94z*%JnYCZkGCsx?|#
z)qs^U@#mY%o=VA@BlxhSObLzex~x%G$MXRu4y3_K1Cho(wqWt$P}w3=!?LGL-Z!x#
z!6KNZKUmmo={`Sv<3x;Z@xMX-Vlcb;+BnPy;bUfunC<lx|76($_(y6pvs?xIN5NBk
zy{pYE`Zk)Wp>r20r6|JiF7j%5Q+EsJc~eqe>mjDvEBVJ$b0T+qvYuc@;wW71UXWb)
z*?}@(R~OBAhJ==b$dag0e}kMz#v5Le0y&cul-mLBTe<wJO{?PL?^YXzQvjVbZkay*
zcmeqS{eJ~?&Nj?-K=AY6;to85c{?<LjsTxQn-LN{^UZ}eL1BH3;qecMN73<>XQ5tW
zBq2|Q71O%w{#1HC_v1!B_rqT8yQHi5;+4d76*4U@;IB733Sx7vK9Bxw{<0FvN1H{{
zHsmjFk2L9VZ7iLX!MO7&Q7YTksIm}zRAOQZ!Yg{pDG+&Yy=x6_BZn!^)cQej{yp(1
z@NZDx1?4UkJ8$`#WdKa%S3?OyeR$UWAAcjy>R@$APW&F0_Xgxy@?o{{HO8?<)aRN~
z_iNm(X(>9kF3xeu0p0$vm)+uhB(FJk@xKc2E8oL!R_voUnwY9H@W7kblNv;MBr!{B
zH>FG6%{IN4J368mhKY_JWh~H62nXj;2?hy$Xi+@~x3KMRW<d$V8%w@Vd1WbN&4WR*
zGYb~ry+wEr_TpQ&u1VM&^Vk27kc&ya)Pq{m=9uw0$ZJS(_5cV34I~hdU#x%Nb^QU)
zApf$x1M6lKqK9E$usxRq+kb0rGGN!nXI)AL?8l!OyYUx)F?Qo~`;B|sV)qX2H}>UE
zV^9APdm4^CeQ$qizIYa2Lm57E=v3apc^1MpstU@qE)mlzpH(wE({=y*aA013yf(%b
z9XDoDonx8P)Mt+jFr|>H2fCRM+LdZ)q!Wwxas2jfwd;2Xuz)${r$Wnmjn^6M&%$u&
zSkEJitMxK_UfA3R3zXf9LV?1idc__SHWn%!XVO0J8?IzlFT4muAJ&Qf`9CwF|Nin^
zBcBD*I%%bdkPKLRW?Z+6^4Vg){H^OvI&qO#PDuS~Te_YYjjH0I@s5;UEak{C@~>;k
zH!<b_5G=wGm+Axs@^Qt$K8bR@*-S1)FesDi^E<zBId?LL_-kIwG9`UzB*gv8f3Q(H
zm*tvPU1EHBY<#odOdVhLw~z1T#!HXy=%nv3zQ2F;UB)-@cb6Dn`>Skx5B`M4=liNy
zADk~_#u#ICtxs5*X5CjzVlq~K0?P*d<JQ_Y5C!|!-x6PwYYz`FF;Xj@o0Kgfp0D<5
zNvStWj;}p8fS{`lO^|=c9{F{GJ@UxwXpa<?k!au?0)P{%iF^pR_5Cw39|Ps@Yp5?V
zd2WVLg(^zWn?5O@b3TeNFn5#x!U9-$LH;~CEEp=wkH&KGx<C9z48MmM&QbUM7S_f;
zP>)<WZHq1sB=6rwQrS%23c~Y9L0JOi6E^?zbrYVY71x3G$?Xx=E&M@=W<Ij_CE@IT
z!QKMWw_BNHb}LgYs0#!mnWEex29IQm_Kt=F_57NS`IJ&_Uf?9iJ0NN;+5_VJSUTC;
zMj~t_ZKGCnKu#~1&)46})J3y<RL7}_{FB+1`TUcua33_F`Mf7M-^K6VSKjoc=K%>g
zuO*4!opSQ;{!8LMl;jVjQJW=y(cCG@cn}wARPU7nJES=YdW*WTr6cN=F;i+IhUz>0
zu7c=%*Qk9?d7~&tFg)4feFM66QI`X++c*LM-yJ~TBLK|1ROC8DUyB8VQ1VxXHv#C#
zB$Bh99N67D0v$sV!2b|h>4X+Kn%X_rp5ovA7-1Z>S?~{=D=K5Q3%)wl<oQ0#-uzJ=
za;Nt*c)bl?Z^t?{B6ptk6}D)v*#lax=pVLSGf(jkQ;7?6ds0M%g#1f_ZqHB3=QOhO
z8_C7U=d}9Qee*dr)Pu5CL{uB9C<J1yv{Gz?&b5bPI%BdWeDPYQDMp`v+s-<iP8r*u
zN{xCTfrZxt(r*7XEqCoLqECvwAz`uvL=wyaL2QljDz?-^m_s1tu)jEj!WgZbrhw;i
zjQ@I-EuYNT@?oY&y)0RpQC$}}*|I`)mXgIH$C}HE`&i6o;uBb-L*D+A(I)OaET)Wt
zZdzkN4#p;_v!vwUg`u)y5PwU!_!qtj&u;t1X_48ieD7CTrpQky^+i~HPhvqmZ^7@B
z^*oKZ<eieT3>a6`^HASYpG?ZnSZTotlpOmo-X?6tL~utmJ3H^W#C+`*<crWNiq$`T
z0cY#Dwo&JQ1Jxscp@}#5Pmf0ZZ{_O5$$8?BeJ01rTQd0EG$RvwJYP1|k-W~nEjkBo
zn&S1u`85?K{F<pHn6JCB-E*5Dk0`*>7sxxGnB_nj8~`TYyJdx<e@UUbNY0|tBE>k#
zdOz^x6lAURWivnstv~~x{h=h@fT&C=#5qi=GdiizXo{xQXfELS6I`Pj+b>i1vUZbL
zI(-P_Q2W8RFm+J(hWrv(`Wr|AZ%k&C@S6Vn50jB1lJQdr_$dUCBp9Ut6Q<)B#)Fh^
z0lg7@kVL&eJe$rd|BN=lWmdqLRlTDbjV*vuIi8~)+7iFHA-GKm@ssgoH5v+)6(-{A
zKj7Mwnsz=<C$E1~mH#lvi;y&9%QqsajjfqOKL<3ui}r+s^&u%^1?5Rt`>JH?64vdD
zIjXerjiXT)#k_Rm3ow#M@b$n-4GO+aSU5$TBp(riM{bX$U`><w@*@Hll=z89MESJa
zc3KQx7zj%U3)~+Uf`<pH1@C2&eRhETQ!)7EK)}#MP|>fop!?FbqWmwnqt{aoza_aV
z#UBaXmC+pn{lqXBI~Vi)vk6iJE8atgT$qjk2qHb+t$2Y}BM0;`e-+FOPYvL~u88as
zGsKHVEefT=iZ`hRP^a@n(5ts##vU{31y{eSpUldzZO$``!Gi-u?lVbVU`bivf`3Bw
zS0ha7eMdW@iQ-LZpZalUi7PSr;x<WHqU!PmdN6JGZiz}<SE_s=D1)guBMETK-@V#`
z8Pb9(NE%zk;4zRiLS$5vw-<oC5tvVTAmj2zfXoJ%=-&P*?8QT7zdM5I^dM7UX3A0B
zxK9tW!{tmo3-`3Z)~mww-KVD}U7*I~3m5<HK{t0=9CaE!y#$t2Vti0?JgIsMaLOOY
zK`N9e=7@UV`VJHbh8%on1p0;oyL0=?VUJhkP2M+2yeK7!hC~bRl_K}K=nDaMTP@hK
zg$W>$xlvY~JD(&N6*K0D^2UFnnR^GhfF{K-C&`yay#+ye0C3iYIK!9*kj@aZqdqys
zKbf98pI_2GpMMwyjv#<>1FOEk^4W3yz9sqs78uNakYoZFurUgDv86pGZ$`s-uGf33
z;H$6#Y;e)Q|FT7}P46jfI8-kvvn{2~W3WQr31QT3-vM6Ww!w|tnOqE#C!kLKD=VF&
zJAA)eyM>v;dPOBi`;S%0W>qGvva*gS=*Sf8RbegQno(a-9ssJTvBWg-Og+^2thAN#
z0C+%$zvoz}df)X_X7~v+`s4nCP`gd+JT6AVn8lWvqTGJ3HD-=-6=Y~v#pB^5jLO*v
zQ)U$%TX^3l{fx~#v0;3^srF0EM{DmPHzuHCS=t1Hy9I54W;FV3GV4WkB*$^j8{cTf
zdO-qp?W*Up7z8>rk>!{K&i-YJ_>-?K()Hb`{`9Y5lA@T$anv>t$D4<h2>u$t|5o3A
zz<;QDm>qzt7Zo!BM=oTdYz8^{$x<CeQAs+PYx>WGapRa9J55PrRxADEAD*m?`C3w*
zh_CM>YS&Y^zSVy82a$A#-9qqqCb~JoiWcm>03y;|aRS|)!>SH8OqZuqDCYF*?>(Z=
zsAoSrQ}#_L3Vrh_qLEZQLw)C`AYP5s7o53ad4Ux+r`>1Oq5n?%PGOQu3fiZE?0h}B
zi?1M2IJiGu@a^9RVtoVr{9JH!E*T>D$CRTg9Vw;a!e7D0cI#0I1(E~m#g|Zp+-Qx-
zH?UT36O{Ya1hs43qW;vb?Q`}12Vk|##2CB*yk(-9&z)q(XUx5niT&T-^qs{1b&4+b
z_s73a$N0B|fX4Jg<lmM>--&-)FUh|xm*n4WWjyR)E++BkGcNwKHH?d!zm1FEpQs-K
z|32#G&WNMVOxB%-^(5pv8?Pre9z`~On%wS?3;pU%#>PjkK{kFUiH-m5TiLi-XXE$i
zRAr?z3iZMB(WoeIGT3-()h5GUpAReU#Ux8R2z0y9aeEotP9^`N#Qm^hVLBeDUWvkz
zUNh|otC{8k+@({wc}JHZZxZ>kV*)A$SkLu{I{U*slfXTOIS?#@O~v=%(%P^r-{ieq
z<c^EBW8PP_Y$04mQUl1TT&jehkS_)3quzqT+8tO~xq8Itw6y9XF4WXr_XCPDv|=@}
zDQ3CF)}c(Xj-FD)b;?svKs1NTim;7v8JZi(1Qb?3y>m-6vEFrsS*aN@Iy0??HR+f^
zD-gLCYLC(B-@SFhuToLi)Lr`!u3cre*`*A3+IC1)l|@dut=!gD&TTK3TbwISqG0HB
zoLua1$}Q!#7WlL7Mkm+hk}C=&u0xP#160K>N65uXA$zyW7Ocw_s!j;DllVy9D%TY0
z^C{O93RM+FLRtkt3}dOZDzl3nCwb|leTVG?e$^@1w&NqYL!Mm}swgle)&Ef{8N3yJ
z;0;^?-j44AZvcDlGT;pXyh_EGXq#LyMhNc97qZ$6|GQbbUO61to!NeL1MPv1j_Tq3
znwv`-yK8w$);$!|ou=-k`I-j}cj{m|=;uXPXF~;?oMZI7_AX_a)z%?ZO#$$G0DLF6
z-6gj$=mGe#a*NB>5(B*qKyMf1DQ0B`fZhV2x7c^MY+(d_w_xkUNAh`jMiJ5GeQbU~
z8Ym!~R|3w_&QxhO5U$L&mfHiilXXLcs*{541U_@h06_(zJz6oQb^faV{`We4RTffd
zw-x7bP#zxWcXa0HN^4qW5f_x(T4^Go&EbfL3cy3K+!l0loleII7e95YORg-IxFGAc
z(CO%O@$L>BbsLU)JB_*$h#g49=&$%2`%5?v@Zb8%%h!`30EPYaIF)K}H90xH4i7d=
zG_j0bA8*5I=fyH|5X1i=UH!vma&HXdn=hD{!^+>c8D|qdY{$srWf*dwz?(o1zj-(}
z7XJ<O<f|_-)$u}Ai@;@4i7A{s+b+twlnMA#DvCiRliK9A(G^xl*VB1Tfx6u?E?8hQ
z3NMGE)AO~E!FQBQ`Al?LKJdJ3U}38{y*=P|7UDjISeflNDfwNLOh<*;J5rEO0c#cI
zsCui3BF{!ja+E56pQM7&8H7!FfKkNDsO!~_{|gAGN<~pqpgzY}Kf+Xx3w>N=q4!!K
z8e0oYl0D$)Se^y9SVXKLSui>H0!r&_VgPZ&lJhU5vC~<j946n`g14*SJ><E2$-i8b
zhZP9ic@g$hGl)#h2WcwzJ5hab%IBObP7s5TyI|4r&tXXgm+TxN>KtIY`F(t>EhDFn
zTYvH*o&w>%E$?Mi^1IiGN}6BPsRSqWjSr|MWiiR(Mj9Wpy1bpp<dqi_$fWrLMkZGE
zUTDZ3i1dPx#%u=Z1(6eQ!JU<tT7{~oiUe+#AU_3s&RM8T?{C%9V_5amiy~{ueK2n`
zbY<^WfAK%@P}zjF+hGiAewQ!?Oar0jzRrkI3B~-@tm>A(v76lwQi;H1dz!qH8B&tZ
z*W|AR<rXa5BHGTlY)9*^aaUa=h2^|z+LC8-bG;Hb4%<8c(qCi1yH(3|S6$HG_<VC7
zh#%w19bfS;2l{TQ(0|j8+8+|tIkxjZtuzQ0CI)jhpCtj{bNdc;)-Ta8bEi@Xf?Vxj
zEF5`DBi#`}N&^|v3mu8v$T;D~_<4MMPF5gCKU=|aLM0$7imXz5Q+wT2F$LgVlgX51
z%*oJ(#2%tK9oV}vrPvYVrQihOLt}vJj~+a_%$inK#I?B`J<G2tZ;IAk1xxt~7y9j-
zRS$q_12P6+YV8HYl*i?gFUE0OE?+3OeN{KoDIYHfnQnI+&9<Lq5fbIYT2PAJ9m?*y
z97p@27G&Wo*P|?aO<Wcp)wh^p1miD~^@NP5QGDnZ4WK8S?M<zxn1Iiw9egu-N?}g4
z-WBID28Mrz6igPR`zq<0AW)xGUmeHc;xRjwB_o`pGn{Elm~=B%RO%Spvcfz#m8m4x
zz;CN_^i+^+obpsOrJ0@KNhI6AZxU|cjbdo8kY)g1$Il!ef<(wak8pAy)0eDqK`AYk
zKS@SWbRUAn16cNeHc3=2F9!wLY1`>^d?tV9<fWs4Xa+k5;#Z94fY9$)&B5cRtu#DO
z82TUKOq*0x|DH{YJQj^cQzpSlCP007#oDj?tT*Duy?8jJWZHthb6j19<exV{dy?hi
zg$0{I)x?tXyDHa<fJn)<&$g+qNUBm<fge;qpK8P9c-+l><(98Uikk)kxEz5s*#Uzr
zkg6i_cgyMBuh8*31K#G}#*~VyQ>ES{|F}NzrV+g90B^buZ#oq)`>yZ?!zu8-axMYh
zYm(r7AsmA@9o|+<{X+ZA_{}7E&DxJC=s}bZzh~B={ciB)roxN)a4rGw!4QL2-Ushe
zhU81Y3;M(<bvUk~w1xwmyj?HQkW#-Ci5SG74qJ=wd{+Hn!4X_yYgigJ)n3c55xB<o
z+M9#>Gx;^3)pQEJU;{fl@&yJ&M#sX@hGsw?E$lRiRTNt@Z9wCW+JfML9DYqPe2*V<
zCxjKjhWGWn<IqGJc^LC+7Nw!|TNFH$=i=9x;BEL!07;uWDf+W5^wHkfN9mC_OceWH
znqJ-*s4W(Q`$oW(IrbSeL+Sf>!N+#?@p0qhf!flB+JUCp%k;vZbZB<#RVI^me?x6X
z%KabX{YjX@Kl%P!c>l(RT64<%AtT}b<qfr2fI5;9=}}nqj-*{)kTd_uCE&;&u<uB&
zzec9U3Sv|GRJ1L*rlA(5Vg$ctI!s`2UnbY(3p4;~ufv+JazK#z)@kZ3z)Eq3gZ4nf
zc}}<@07?h5LadoSK;9KRl*4rmGzDO1*innQRMOao@H7pd=HXM*KI3V6>}fha9YIe`
zUHa33>}kVNKqFpf7}pu>I@7q$WY=cn+RU!AjO#3RJ&0YymWZ20lD;-gz2_ngOrVXB
zb`!oLXm5u>UeTV_cK3geo+n;{p2wlzl6oPb#|_luq%Nb!6LQ=C59xc>_xh)A|M&W*
z@15W4pT2)^WsJVZCerr{S2FrW;hE-0SaBY)$3Oc4N|kb^+-cyA9vc^{X6OVDQ{)*2
z|5V?=ui;?K*9uY4+IX~Ke61cnMFP!8>VX-<9KprA)H}b%tZNwh>I&kUdz2Ygkef!&
zC~|Z>Z4Q+daG+tdI)p<0m!$>x=locI#sVAEw4?4OT3=#Qx97?}YwRJat4x3pK-h|R
zq%ylmsj)Wgs2@14rqIjVc8#kkh7K!OhX9=Sa)kRP2KS>$a90<x5ngAEu%88r@$zZ(
zP@Q`|ag6;e*CJf5I;y@E0sSoKEL_m^J*{WF%+N10*kz`EnaM8A`lXp&X6ct%>~auY
zQeTGu4>Nz#Zn+AL)#E0ay+d(><4=-Eua(=QSd|AT+$nE!`VQA)c?UTI*6E1VoFtEn
zZECHn@UuN92(9gUTON%*+~V|oS?>&fnd#2D5c~dmH%PVbB-iIte*@pkLFkkUFEqA$
zUNl<TPc41m^c{qj4(7PC4#rx##w{PGq_5b*T`4WFDiB61pC!SQ=g#`dXoZ&_hxfGa
zVH=nAY2&g!Z4e}4@Zg99NO*a1tc|T*scm35dOvW8!7r~(f&(iFur~g!PaFT%rws#+
z8<OBS5^G~ppEf345)OM39QVfB7|^GU0hffMBngg(Vr^_Vp4!HSi^*-!;oX5drK}_D
zdw3UK`)xqt#q*J$UDVZ)r2N%iV_A1WSys#>?dCEE(l`AAegd*zm;F=0S8q1)zibVD
zk<PUWN`0}O53XvnU~5Zsic2~Vu#)w;#v=Kj%t!gwg3$umDfuFYqM@1cul$4b|1*MZ
zC%^KaWb{~u(In_zEZI(?H_6s_^HSp}7~CwjLpOM!!9<Y?vav?(UcET>P~W-S<u~w_
z0eC)6^%A?#`6gUurdF!X2wbRP8Tt_Y2&wNrc$4z2pu<m95Kk@SG_35A@S+o69D^1S
zbiR_S&6*ALZMO}y?$dgajgjx7{tm-ahDx>rS{Ax~Nb+d=4lGcK)~^I%wm<xl;~&iF
zsR&072fc#-0m7z$?uH2%O^ElnoN)PU0xp}GPKmgD32)mz!92LnyaTudepQ!(KhJUl
zcV7_hphd*pbxF9hM@2bDl<Uk4A<l+60Mw_6^irBo)h=)!Q}w((+AbYKqP)bc-GCm1
zw!Nep()sO$^(g4qnV}cN&>&}MQVHjlZ?x~wA(MBZax0G%<@?Psf8Q9|lFxhLy<S4u
z6?nXYC3pLLAo}mOxcyJ$L+gnM?1R6bC*be-IR5s=@i%dO|M=q@*Y}}69fw8VibK9}
z8Rm3wp-k2nmD_YwYQ=y+hDjZbZ><9~rq!9<&>U;1$wb^1v5KcSRV{))JI%hs*OLpv
zsNa>*C4lM=Kf46p{W&lSQNGI@*@E@p^%;n~4;Lxt=}p~y^9PI)3D4OK&o@WV^;`B7
zj9{UB%J)S75{u|Z{~a1V;`(8<Rz6;kp1ghyeE*hI%Dtj(H^1`5IKI88f1%CsjJjiO
z624<+S9~K@djou@$M9{|@qJVO_!g`73S29pNsy26jkSn!EC2_u3-S@l?}KQM5ZYC(
z&Gre=@BL;NUAlG)!HGsBm<4qlfCbRRkgsIe_E6Jk50~VxStJXRl6)`2fEf*q=^#mt
zaLT*!+|6kVJNcJ4)?FVP+%ZA^1P14l&x82zFPafXM{<UCqfpf$q=77K+m04~|Ck%>
zQQ!Gom{T*(X$XGK!JI~DPU|SUI7~yKc4bmCFmU}zak>3V7deR}o?R#R`O*A-`BRA~
zM~Mz{L|@o~6|8!R640-@kPd9gZ&y-AxnUO&{S`zHFgx`Wq*siHC`hG;;Y1Hu<H{``
z6mk7AdZ5U{L0oJvXj#MPf%YQ7KpE1*LAL%1V)Rf9t@gkEcu}r5yQ>b0+(svJA*J=V
znh^u-09EZ0Xg%o7*rjcC*$x0HxaCL9n0UwHlxLZ=n<e=R$#zQj9T^Q^iD?g*Mfm|B
zhT-r5H5_|gl>g;@K!B@4Nq)qHX@~ADuzK&&a+rO~smy|#-bwLs8FcRb(iy5?a{`TL
zf<Wm`x<Qi_CM4R)3)!mOBq@&oDYsztX?^L7epfmzeUX<wa`SFrBblN++q{~?+~Bf3
zrTXrw)cyR!ey03MT>KcQl*XpHl6hx~v`0N$zz&{ud$KXVjK6Lo{<<MPzj^WbJ@972
z{3fk;44|X)YN}d7jwUd_J;wZUSkuQBp!v<j`4y@*!L7vkeJ5dle?y!5Hc38#{Iv!7
ztK6xKDX^V*`aW1{SaF#anA|S-C0b%zCEg9c-C?4i3bXd4C~p$wjcyy;_YbJozlrSl
zQ8N+>_3M=YM9FqUlK1J2FaLv3wF?u}R-F+2<8Lds2YkJ-h^1WYVVlHDEzrwJ=)sLW
z@F{aI$+z?oAR79Uzd$L8q6j9?;!7`xO-Qy@g#H`6rJNGWiSm<_;tD!MF~_C}Ri6Tr
z#I#h;{7<wP6ZVLgiONkhTb>`$LT-wB)(cb!9cQiRjXYEGdQP1`&n>C)1+C5RC#_Ay
zY`B7Cv&fU^&x6A!KR12a5btbhMnqCt`q}II_@|U$?tYo#KW`Fj9|*op7ROHBKZ|xW
zK+~f-nkefiRv`oRKZQTpjsRQB7OHk4dn+Wx7o&~kW9rTS%rmi+ecUF@I%)y*iAtt6
zHpO3)@SR@35RR^uGGJ%Ff$`0l2kn_x+3L`dzS>wHo&^TR*Am7LU_|Hoe*nh&;v4wJ
zNdw<5<b?smx5Rj1kAZJvt>8*A@cmQ_-}lDwjqp~Qajoo&Oku&Iy8JC~QV=1w&j_1G
z_~$=CZDk<vMD37Nb<&8qCI6p)pfs#cR3ev2Js&|277$rJK?Z1R6a2Ln!Lhe)xZv2c
z{4RM1Md58#TUJwR+HI14&b3wEslJElq~zAPRE9)X2+Y$$8yZS~D3;I$xJP#rMhMWM
zFm@FQgPx?Xr&uJc!sB5&hI8Od2>gZ&Pwt;N??|CjMPb3wR(Fk72sbKYH|l3-^92Rn
ztW5e1voIkFv{qLMSRs&isoAH|$tM(7W1`d0L){9CP!B;&Y@sfXoX7oTK&VrIPzM|3
zJFqSK8}^aD`4;qY9k0-QAxEH!4(JPM!_cUNT8m`b;y3W!LC$lZh;}QWo0*bQh$(cf
zR2=U=@tkUnklldw(N4g34d>GMrgLNktQ~?mFyLtpETRh~&C>WHq}KY<?l9*q#LCEW
z2(y?ww8zo2tMeH1qJ-YueE9{pd?s=PVf4?&jAm`HtUMQr`888>prO&2cKx<hK*C#5
zs`v=*Kb2G3>=`y%@c*P2UO$1ae^kg`A9jNf?ZC9$&}YqNfmIV+-eHlHd<-o@M*VO>
zzLQ^53FF|rR`h;$EA>|WPDb?*xUy)2?E$!0d<youAtD#XP28$Y7L-y8!$2C}m`RZq
z7@&{s2+B0*qc+}-h1$shbw&<jQ(dg7-I9WGmn36)uH^-0EJobG>^EIN)Ibr0YnCTx
zuU=+!``=(!v7Mo*@a#fX(-h#F{|9Nx%QxcYh9~t@F@byrV6~U<Yi1S{0jhW*x)oz|
zDMhY5Vf{LK_(qnEq6YRC=|U-dG5!Zav;{Mu^LT*gXz_g9JabHuP!+;>b*U5azY*|1
zJ*RnQI-q}1l=;7R)$bSl>77`7iV`(wH_oS`pg?3~0gGJ2oKZ2)eN?-<x22h2!!qna
z_ECwJ29JPiinfi$49(7NI8QTFY0MDbiO*0wTo^O7jb@0|(gCbS{z1msSj=F|%+|*r
zW15qBo;!GcWt4C?KvEW|6aDEI@d$AO&JFLwY%g-iC3lrJ+XeqqoJ&6I)a$JHDD|)}
zIH0uo4neuOVVT3^5u~afv~SotfJ7~lBU*naEqu^@x2i+CaN&nz3;&P{`8BdC3J{U}
z%V3RTd`X&iHERS~lN{%lFUM*CSO|Qx`u=NpY7gYmV;qg);N){o8Kj-I23K<iI?P5x
zE6zplG?{7+3I3_k$ZRxEhvaZ+!?uRfW=HTCyb+v$FUVc|%B#_+ae$6;wu-=?{_`wu
zuE55F5tWd+*F{CKjNT%@>xoAD#EZ+DogfV(GFe2{09Z1r9Gv7&KZEFWuINFeRnK?H
zq0;7C1b;Q>lmmq1>YD^#>i~cpkceJnwojz06O!ZP@?`{5hr0Q%IOfk|{IOgPmdhQ^
zh7K6+<xX^8kA|H3fWHv@_eZtYp%-||+0YKJ45sn60tEPm6NikkQrhQOvk858K2+Cr
z<2XOTDid;R<W58vVEbbhriu9IC!ftUNp6K9OO8x_B@Sbve+-S(pboUV$X(58Fr}Ql
zYsGmQY6%Xtw3+05+aA~~B}W(kQxvgqlfxNMKl_U@+Qb<~#~fooW*SgHA5hJgf`3j_
zd({}tW>Nk~RnOoYQkqlwV;EBkaL-@{Nx2IeWki!kNNiovOEeMUS7NO(Z68*ihtCtH
z{*`XpEHYr%8wk6emZ|SmY$CJeVDlj0BawA@%o~IWX3Y->Mxgl?MsaORKGhDU+9L&}
zrc^zJ=`rQ9Qs(7(CQpxFi;O;(OmBD5K{cQdD2#PHS`H$bn+FTZSQkc+pzd~3{rR5(
zl~p11l#T|B2q8Hrw*cuh4<(>l4WQoFRGlC5Ybpi`!F|{AYj|KhT<}09@WqM&&fvZr
zk=rh21>h<zxGxVLrVGIXBT%Bx>cFUowRmWC7Iz0MSdjseWd`#X%z*Z8_%F0)fPe>{
z+;)iz2<xb6%m;z4e>u=}W@`-I*_rU2onJ!@bI@=m>_r2D`*YAwFsl<@NDCgoQ@V<D
zJa>a$;TCjo;99s>nIQ)E-ym|GZZ0Tt?M6=*u_yAb#Lf}}KH*z4d|UE=ra!m=(C@bk
zSwS6tUtjD65mf>yl~9<~nqt3(wzAOR{eQN9V^ny8nbi^lrH=5ggEFYEeo>3c1u6#F
zO*`sbK*>(|BYlBPK(P>HDJSJ&VBrbq)xBR`pU;uC5Q9c7Qq}%Hb9^JFpp9T++Bdj}
zOgWyJ5ZDy(zVAD4;h#B$qW+2tr+AZTE&e0&6F0&ZI>dK=*g6#E1ilR9=B1^A-)R<B
zoa0z-Y0R}OghK%m@+O{upB}7hGU_a*y@=vV{4WCj>{4Ga4TEhyJm&OI8sPMWZr7i>
z_=#O0WY@0DG|3SmTxv!x;%Z)$ErfMtz!-w}3B9n=wCok<QQKaJX*V`x<BUx_v99_=
zH2VIj`qNQ<;yK^>vUM0{&zEf#lw#-FF913hUl#uGfB=d)jLC&ca))3$q1_b1tOF>p
z=2Ca?2NqB?t>(7(0G_vlATbQS$fc5uAg)V}{g@jZLwf`?NzBvp5=fZ67nM->YY}RC
z^R#PY_2uxmfGfnXDNYq_$K3Mirgr|hdeRX?%)Jtih38<P=}g@saR|Ny$z!H`Y_z8!
zyKV@3EjrB#H?vWYL&*WNB+UWo44AoRflzf+bbM7^P0Wc(7@zz@p2=l<SSJKP;V@Po
zgv-~4#p%7wpIu;TYsLriarJY8YL}ZkEZGiXQftS~n!jnIlFkE<t83}4k64$B{cib?
zC~ssPqj&#O=oksm7Llb`?|kD)*zWzqC<4N?9Xn(K01QIFENK=h$UqZ<pA-YYMX2c&
z3%)x{9v3_)=GId(%X5P{ll{|fdb0^>A%X!y;|DB0LNC$Obs;wG<hZ3Sy`F<*4K3L}
zE$t3*-k+e?QnB_}a@YB>uJcI^qYTK{^=<GVpL;{^d^vQkl|W~A(d~F=qgZFzdT04>
zaMall>?~hUO4Nxz&NLCw-a%9qTD8LsQW|R$RM$5+_Rb;g6WCe1u@A3}V)0ZC-q)^T
zcZ)d;eaF<1+T(CHQ%}d2)PCpVR6tez?buvXpZby(7FQ#XJ5~v1p$Dlt!~p`*3t;@;
zqf9|Ke0wOpKp%U<AQ*cwjJ*i&#fQ$Zq32$QLmyK><IbXl@KX^4rOcw3oRpK+*8{xf
z-%tQXCbJIz;U~8Ff<t^g!`9~0qJ_P-7TAnnp1_z)fH9dCoyly6pL4`ycK63*qT+|g
zoqpK=eBlHp)1&4+LmB+zJf_y*F&MAz?9Sx8W>L9Qed)1GlUp8Z*e=KgL78F^s&e@?
zW>71=vw&^#YZhg%=#6oq_Zb&DM_kCc7TFN=8T9oUd}teB*trh*P&u&C4-W}k5932y
zg{rNB?VL7j`#Hen3FJ@FfX-}A2#!uF;f{VEx>nxW4S3g4d+JAQcHg-*sXl6QJx%25
z%*B@N8bjEw;mwPjPNO(!eHY*xzf2>AJ)4a>jWRmn+-4KsA*S@w0KIf0kRPoWO3#WP
zU|l!V^hJI{4r=;U)H3W&_rS;n(40!hMq8bhpy>}v(>49e(qfvvU}*YtKtY%2n-$P0
zYWsZCb(CckHGV2RB+4I%okzuJ$i4%*L>;z7;>%A0f5N}>B|0*|7A_888SpHzQoz|*
z^pceyIfIqs0;YI<IH3y1j6qYPW9O35Xo&mE%Xx4ca3gS=MB66ABR+OO=iMB6hV*JQ
zt*gskMl%v<jle*%UAAKYM>ZxG3=m@Ver?AIE9{6GxH3*b^RG=z@t&inm=yH7NWU{N
z-Fpt|-V(oNDUbB;*v&U#!oqTUKytwBpxQ3_Yq`mav~k`<cs1S4lx~q1Wl;1wJbRjF
z0#d8OF_n9ou5wR-C8w+0J#m#AyQBnD7Hzyf?fK>QZY)WPQIY8V9{Cf;Dr5rNf&1`O
zt0FC2O47oMQ48;OD>ssDU9v?4xlK=TCSl2vHB-rG!ecl;R@9<9m{JoB92uf7G(<~>
z`xcQ4;mnjIPjJ(X2+5TMN#trS#oRMZH}_0IbI;iMaeL1+!`?F`$=)OA_MXY9_MSPC
z;^_dS0E9P6wj)SUanP+vpzHRYC5iT)(2z?&|KLSXhVD%=0Uf)*OhCm6CZI*}rY+Po
znSesN2?$%?B`Jj{0VcJc2CX9@#srAf9Hu%qC8av=>ksI^HREwiTl58nFFb|JU3i-E
zTz`*l?^P+klYCfx?*;bztrv{^MRysFzUa_B^_^iXwmO7IS*91s9u-fq0q>{gKjH@`
z$MdIN&w>sxFrruR4>S$Mpw>*m|9}~;Zl|jXvs`1DAFdb%T&aSDxlqLjlYDjqvSNEc
zeO$~iT^Buz1!?On8_+#kZh_mg;5MK!p9O-$G9HslIos}Q#a#miypdzRP*QPnKD$}E
zUqznDJB1P|<#EcBmiTiJm(EpWn3@7hbJYCDGE55Wf$5%zmgO0$TIgCXvr-h2b?$ww
z<dckl0IF9!M%m%td5lGpnAZ&^obO%#2+l{#G8Q>9{+FhH;TdA`iUiLPfXAE!&q4-I
zwz}#^875yzx<}J80h(ui#GtYC3(ct?5i~#OADS^bG_U`{l<H683+G4v!(uYU^6A5M
z#bqhiLzAy}$FE6$_Yb@;m!?{-F~i(u<J_{yP?+cV+^(w7=N7i~*woIAEQQ<iQ}L5+
z^4vseeukL%CVUhs157<;2K<PV^!Zw}Fg{-vZ>Ek6_3ni_q5v)bT1d$j*FS(*IK7m@
zlzP~`4Hl9Ie+vwLnMHN28K$SX!_<rzj(b@PCQdo5wk_2|*9gzbLc;SV)&^mjp|}%Y
zgV(40oCP)AGLYq689gv5UKR1B4ksJ(-no&j4`rJAvER>(6G<7952UK|?7WzQbjjD~
zfGY#DK9o0oxs+EQSzw^za~L=~-nSa&BLMrO1q61^!c_9`AnbWd8F@Vavp)X)3G`al
zP(RG%;bBg7x{Fi}p#WTzlH{-DF#0@frR16FrpX!DynGC{t*B=UF%=zyA_K*@AQcqs
zQ2n=B21@$R7(XF-nD~|CpYVO&0gL=j!CzCXR$;9o`3|7H2jQ+LPbzlG_m|9fh9`}u
zxEB(9VhKtU<S!;(LxXC=Wq8h6H^Jonp^Od?6F8^xL`m}af!;nY)9KChXd-|3p4v4Z
zubuLwQhOl3l~e@_@ubz9hNYMvc$7x^+ee92$Hs}SZtDN6VdEUJ>c7k%#4?>fESjIl
zA0C?jP5j}*`2@?5M^mv*&<xX|dG7f>{J}qv%jtJ*$Ko-*R>x9m@MXp7RMzO+2<78P
z|LOr-qJ8`i)lB34k?egn#OvR^_dq6ncZM_aSA9D_a7@(aXWk?I@&oaaI6v6(2;&E+
zk*Z&Mi65wsB=Ca^zhwMi%s*54!GH~nAFTBz@`GiM5MJMUB!M3gN`qd;55_&mFmWx%
z_`#LjH}HcE_owoMRR2Jr3$OfP(~i3PS#Cc2QK$Tso4X+Iv8hs(y2^>ZS1hLH!BWD@
zRjTl?ftUT-)v5WK<skn;z;hY*f#b8~Z)$^pnt_0{0Xpp@ru4b>`G;w&?GLBY5JsG;
z+dYhiCi_jMB>IUA*2Mte6#gOCX5&>QOT^*}TTx$lG%Im`u||duO1^%3aLRRd@^!_K
z__cpvQ11^2wslpi{V+23zD!de`!o8C>`+%7&L)jg5zI~Po^-hl^R|IV`9oEiY02+y
z8R+?nVyS%x26(>I_7QzTe=Cy4*E+cG_!8h{S(aNd?o`D(jx_DzY(^u|-p#50x=da}
zuUadLHy;dPV$KWMEIxsWYLS)qvSqWuXdrQaw?;B^Qt-<sUq5O|#2@#K_`CAnOX9Dz
zE=SkM;eS!}EjQ<z_+Mg}LJ~c+4~n%f&$bA<7}%N+?}stq7E|49azE<Evkll~*mG1^
z6+LecXm|1^(C_SYa7_=Q(+Wkd!b&%M0W*4yIF(9^e|ppjefiFD^&3EOIZDYj3}1kx
z@lnSXA=V%W{?_Qe)?|M;9lpo(LqrCg;h$`PfyTo!y%iUp^XC(=CFNXi`~ke^w1ot&
z%u4sL?wkw+I0Ye=XIRSRvk3EF`@$T<KSClX4_G}3KtrqO%OmfZ+sf!IoUg*BVPZx4
zfZ%@BZRG!sJ-;@Cc(PgjNw?07?Du4vR;}ie^G6ZAoE?}#&ta?j#Xy~y&)=Pyu>K=j
z(&Z|c|8rT1^WW6YS9Z#?hsEh2nSQG(tT2I&wx@5zQ%+mJrBn_pceIuB?x0Jq7$GT@
zW|0d@a*j(Lpv)e@&9*w)_!k4M;R=d;Wf!UXliVXz)sMi!;UgSpm(N8vS1dnmTVxHF
zj$q4zGFAHXPCZD`<Fg)4j2`cPFs6Lnfvj)mlcanNdx$AtzuEZ#vHsF#gg=D3P~J`S
zEUacHHT1W5L#5czPoHEwG=sjx@32kie`i(VXG`LrIq|bu`e)moW!hf&+1UIvb=O|4
zqXN*V%(lvHw(Z<WM;HH6fR_OA)>eiR>g`oF+DDUmGsk<Yz}^l&!Fqe}S)5OppOp3e
zp!xsx{G#7}%?L+m`DIOk+8^2~thSI`GeV!!svgWgFz<Sk+VD`~Fh|Xc4HJ#vs_6-u
z)R*V6N&Usu47ZQ1M4+*arSk|`w<opo=>xG=p2Swx|Ck|b%u4oo(aL0buOIw9m6^bQ
z6Ssd0r8lc*!4uEW-uodXm&?SAbik>)ChKJdM8_t9pV%h)oAeBZcqRDG<&uyi@MS0L
zJ5>A3ER$QAZx)sG0tLg_YqKSQaF7cV1*8{9oQhsz%m%5HsxF(V2jyDgjukNC$o(W0
ztY!mWcbP5|EW^>i`#2l@ZA~VV!Eaz3K$JFpAfDMUSs23hlq$$41Y2<NQ=mlXQKXUQ
zW@PE>Ao~GA_6PG4k^RK|F=V3yjOy0A3pXMnZ>?mIU7i9N+VRwD^jBY`SMvrwz?SFH
z2NT=RiMLOsbB;d7K6<n<zF+D-Q)H+GEVUX2njQBs;s5^R&e1VI{gd7f&Uvc76)%`$
zg1I8i$KL)P{w>Of=dW_gTjWn{9d%c&IFI*u_s&?c6W9(X`m^(!0`;Gu0=Qx$zM$)X
z@p^f%J_p9=Yd*>HO*___@}aHD7Rs?wVU;TiVYwE?mut#??;m&-Yoh@+ABrWSsm!3Q
z2QaZLpXCbWXM$J~F3ZOc=f?E~`2Mr>@ACb&8JTQPc@_ScpOAl>a%AV4Jel@DL}9Z)
zxnr+ZDvO)i>ztT62M^9|cy=of3Re^(2-<_N+6r0ZC&?AN)uRhDL7qBK^2A<DK1vPL
zzmFNU(93|*>_`en{uSFmmU9A@CG@z#WG;0h<Q9ROZgt84x-(yhuMb=sOVdNnTu!K3
ziX~FL*N2@&j9`}L3t=bWgch;`mZ*C0hnc3xO_WR`@2B?>sUNs6kraJ%W2BgiF})8h
zWF+*j6)F70SD$b4a6pE!p{nMEh{m#fjPGJwA3=0gxKxLz79c8(LDVz{fHCMeulHVp
zW@ZvJXYNUc=A#7+nyD*N^+#$3Jt)2T474jS-Ib$j`DEO5eJ0F+Rc!3Gx4v`_Et)^E
z!LA#vFB)|4R~IcHZS5_1w&4c$K%EL(kXFw)M3_DbseipU5z;AfNDpHxH&83LuAa-d
z`b(u-quL#;fxp~CBmGg*_k-i#qpPBN<Wc&5gZ}+zS1`6dtAYJ?>%YtO-{_&zU;PE(
zfHR4L2kF|n^Zr()qF4^vPCR|1Eu<4HljzK3tPRVjFqzqJL~fGRu?NIz<1@Lk*ihE)
zZ)GFddpC{bmAQ!{ao(+~Z8#QmsaHons^?#-PdHz}1XNX(#jtc(K0*J$rQCPm7Y4h~
z*LOLmuWuOQ4;q$z<0_9-CUOa7Mp4ra&lY-Hsm`aD(W^OEs46Q$L0M1Rru`*UmdoiE
z)R^7`HtJV@35{wik^297VskWEpCYKT?VrXxf?Ji@MQ?D>?NP)y?XorbltV5YosOMf
zCRR-<Ld+Y9RW!60<#NWQsMO_);YqRn|DX=T{$IrSY>fBr)kW&hr}nY;{a=EoaVmqy
z*k6<<F&~vf^*&<%6#M6!@PG<W8gYkW+!5IyC7-Iv2NnqYPi}GQXN|C*1K&I>R=ElQ
z4p#vH0)NqfSf~rJRK}IPH)@0BR^wunP_>B>w21kIPOCq97+LTk`sA!APof}Ga=Nj7
zAm5-=6auS#g9Ba0*vYUkHEV09_D^TXRe<Bxdl&H}UNk(M8GXs_Oq2an?LDSH_QN05
zsyKht<r9yMF(=B+S5;XEVrJ7{QQYj}fBFUdwsiqijBO$Iyr*HtjQL_7ZAtT$mqNVk
z%WojyKQj4etCVTTKX)<tXLgeOGb_fN#v>bcSLyQ4G7@U;noU9t`W3#A^xbXo?<U}P
zc~!*J?zxLGwLQatpzZ*{(x12ZF2+=6C4JvLGxq(RR0;MW`hKqdy)bSo(|?vRCRn2X
zE?%Z1G_As#9KXWETO*;CV|HQPJpGW{jECIm#v!+-5)X+f$|zm82UOu>OwH=p$v^iD
zk!82~s|I!?oGx;q{!WD3wTy;ku;_T=zLpqiG3GO>5A&IlI)C&6njwrJmo*f0RAybx
zX@3){b|MhD0EFTxNVgqJINj5pzx1s0jXy?N;N!_43!smtVgF9_=ht($e~Ujqo$^0y
zobu02^5@5b%dt~_45g$~{?Xi}{rTAuH~I8Wi2L-<iZq$x$&o`bxBk;^`JyC`FQ5WK
z*kcox{EFnJp8O^``cFv6pZwqU_xI@j{&%=-7YuLm|I+y{d6Or@jufTMNjm=B+1ob)
z;5!}vmQVyhymfEkYA!OJGbP&7V*c~p<@PAeS21UbXZdqsmcK&ez{9c1ob93!93T}G
zf&v#5e9O0#m^|w!D4?G3ITM2dJm`4;6Xuw3*6S&^2aNawN6=Hp{1RqvES(5%rvE^Q
zhFtub$;>ZdtLI-Z3qS`|+gN_#nI~Z)W^RG`S&Z|O4fC@!3c4js#ku-@f<OBtM$NE*
zfU9A|Fb;G)xVN-71g{qqmGW!0!do5eExYb}kT_>|84&<ejXAr^hyYlU7y*E2-I_dS
zk@j9H&fX^gAa3vO(M1(dK$FGZ2P-mT^2^Si5<}(@&`7Cd2=ZAptI1{7BzxvGVD%QE
zse5TQDzs-mXUW;-kP~xpWOH<e@jMT=27I27nHEKY&6AkvHVs}T`x;snZ)RrS4-JLi
z;6qmlRYNH^wyjf?r&?BXwRwifU=Os~V{Xn|r##sBJ5|5DD`v9A?7mHb+FU(Hrd6ss
zBc)XXhNY@*TZoNBlB?O7R$_dV+=b_HRVbENBu6j*QtR?7FzDOJz6p@#<BF4PJz6dd
zzV<Tq6jMmp1F*+iu<ikF>3!-4>h^BRcYtZ3nJqQgd#7}5wFM(LN0(XS4hs7DVAGB|
z8$jelk)_^DJv(|3s^Kif1!B&CC+7`Ly9@zsiB2!>3rxH|22jE9vy2LSVYAwrgI>4f
zrS*OE(vp3z5IOm%&Npz`(J^N<S-}WCZG_>!mHMi8C;H_00_^5mCJ(T=S|upY8V%+$
z=Rcr6`PbCo0DC(+BE0|~KhHjX9zRYx--Pei>fejP=x6CQz#6t>3oe-~aF`VzFF=B_
zy^USr@z1D~u2MQc+G<a^hdsQf%r0))QClqd;cMUWPT)KR#snIr^VA!7+LPm_6(E*}
zD`?q8mPS+aB?=1brK#OhqT@nRo?T79sAF{8wzW%gjy#CedxowsjTHY|jrmGqI2dn?
zd{WZL<47KfFG!dzTYh$Re0ZYVuDt-m7FLAU>RdTD6RusLq?N;(xfO>z*|$6hL$<|Y
z1`}!>s<-6OuqE6tS;;T0IX3QPQN#XD`Zz44)daE9OoO*=6&$^bFB7<Pg3Ru4YZ2g>
zQvO@_^(NI>nJAMzG$kgJp;x8qyqn2_?>v>Xzr^BKuv11Ja!|6JtG-K8h#UmvZ9=o7
zw|W*VUC-@;EhKT>B-q-z_>~lX#sN>mfLt4hxnaU3{)bepH%Su!Lid9@)kwDY@hw<;
zm2Ys^tU%57>dh{xOKj3@14)g5@uu4Y8q24Jb&2HX*%T#qVkk|zs{<AhTS&*LU&B<v
zOwGbW4Is`i%#^6Ul#Q^wL2ciQ@a~PEXCy)-gQ~+mxml#N#_XHx)P>ok>$sIS3-G(h
zeeAT>5Zof?vCJ#zLWUd`8Lz*P%nu@aF~0^NotVLB!dl;aCM@47F2?uC6H(FGM2}<(
z2>xoMWqu`@yg009Jq2!*<x5pZ1m!haD~_XX`MAVSyvP!8V2Psh>h3%&zfARGrEU{?
zIh#4pAeMyr>qCf<cM`Fk1a>l`g7*1e1X7NMB}bSg)ljAsgAj5JU~Vg5?t4Z;+K{|c
zEf@?_bp&MaNG16T>$sb!*R2|OU~@E<7rO1xSt8wrLAhvu`1k~IVP<Q<b5*Opj6xNK
z94sjt@eSQ%l4`Gn?|-X*k0psJ%+w6*=CiFJCs&vgVwo^)yh&%VL4Ud^SL9!^hs5?B
zDe%p<@@sILm<m!uN<f5jEjsX`_c3!uUZ*=Fw;MqbPQI*-g+!F|Wx)>*07NVtLK{r}
z+|2vfzC&=d`F3#f?0hz=!cYd+YMe*^rK`X3RsvK57*qpN9HcJ|Rd2sg9U`bgLe<t}
zsJaoVU7TE#PqF3z)c`JaK2pnI&%}fyXPF0dC3$e?qxUInu>QviK?;4W(Am9-^Ne!I
zN4B4bcXntaNp8UsBndBg_e#o-ffdezb<rXzRaRle`4!OJ+6EJyceIGMkHl~Y)gw1w
zaa!Uh?NestV{LBcky>U3U4mt$@tp^CC=7Q27`|y9dM9^As4&dK_%}K!vv3|DY!=a@
zeg!X=o5=I~X_I<xd?r<=w_;)$fbhpAgphB18rpPjzX(FaPLO|xg8XY+%Y4bVV-^Mn
zFxPc@u^5X>2Kl<&1oJgcP|8gbSFDZ0R00$Q0A2BGvI`Jd#j!YmDd_VLONoU7cs~Jo
zp`sj?x~Z$V+_V;NMjA-j8?g8$3J+i|?HC>aU$F>*<EKrj5duXp80UNF(<S;YSomi!
zPfLG+NbvOABaw_CfzDVYQolh07sL<0!UBu~oW6|-Q3Cta<I^!pU{gFwV4e{rkbwT5
zj6-|UV}-zDXuT5hn|u_@0to!yi%{}s7sI@<5TzE_xb%s8wt||M3M?{AjT=b^p>YE>
za$2S-U<x+7O;j#dF3TrtZBq4d<hDu{(pb}rnBR>s{m1{8m~NVeHrYOCrc@b-YrZiT
z0FC6qKOq;E#DUH43dSY%U69^tI(-4&Iz;}`iNO)O94t8E<@DSXdnjzgPq3O2Sf38)
zAM~bWg_xA?>9O(|^(FXFKBi@D@8LJJIZix%1I%(E)uq*En|AxEZnfYXpbaNcyIlAU
za6@fSX<?Tskj*uh71C-jD%Pd=f5g~O9;|u>g69gx<OHs*RWB~0!*-ZzvjQvP+LH7m
zc2-M%oBnz;Z>cDxbqkw`9=>x`Y}t;*wJ6C^wrn@-0)THBZ!FPx1P{EymZ)^1&k~hO
zkl>?ea=QN*)-%b+aVMTcB_sdt5{CRyX}P9V3GlMoF-rj6NetdemxlK&gE!~W@SbJx
zzSz|V-jBxuOVPJ*y-=WDAW(?;Q1$`(k7F6oj}ORAa3`6+D%qdC?x%_V?8QIs>(8Fz
z|DN=|>093)ne_hl$N%g8@{vz(OY(<_Y)-j;C*}IJ<ZIM3x`B`oEz1g3KRoR&18FXc
ze0OgAOn1WZ-o~s7f7`P;sQ@3-WGXD6%^1o^xFX4FSS7?`gRs1bmA1ai$UHbLyW#u*
zzA+2;5!@xwriWR5hhQBUv>Hy9UEz|6%~EEO8;=qiiTwsR?+p@$)Q6nD9?m;KTZ9`b
zw(Ot8*>`kja02hzF33FAnrRjN)0mBLvg`?yjS$-#jh`mQhwL`&gTqHl{)sXB;BMVM
zINY!gLdR$yoDIsPMByQV!eQ1Y6rI*Qm0jA<%XvZjoeuX!t9~b=dbp4_or)Ku38>QC
zYTtpk7e|oyV_IbWHej)pnFbLvX?){xG7VN((0(;sP!?IRBqP6OI+?Gq3p5M@UkIWF
ztBbXEf=mRg!TGDE0jyS5cgN~w!dvE?R>3irZ^E=ppc>@Ug#0H-3RvNEb`gkkv2-8*
zj#C0$$sPbT)x}Q@l-qYC@;A3*JKy*`+7A7b(dM_CY<|Oao8LXWTken?pL_O9Z1(U)
zVpY(v_k|66U*>4RFX+)oZD{XHKgptzD)S>_Ffm^Za75{BiKGDT11Q@#0{qGc8KpRL
zpi4CS4HD!Q(Gjc}D%m=wDpJrYMgwjoOLBBnA9Xdm#uj1eyIGUr39HFBihVC;JJIO+
zq@*~Z$EU0=G`hmp=|scp0s+l~De@*Z1{5+CAnpZ#w${DI8kME9#RL%cZh@{vM`z8B
z`K$VYM|-CnHN~xZKZ}1Opyg3+7j2#VGe1M6h*DQ8l{oNiKxkPQGj78oJ^2z+b&Yur
zP!P5;997&ot-USHIBPoqdD|KCOh}njyeA)pb0SMC*7!vKL;X%hbq*4nmThk*YDByb
zp_4MbS$jKLjoY=Af`7ul*N#9Jm<IS|52%M0XD9ei#FMo?EGX&MA(|xrYRn%gjjJi-
z8(%iDVy8-3K68bgU2gwU8_w!gwWIA;QXW2MVb5;H+$4&Lx0;p3*|2*@99z-7$jGN8
zDX#Mtw<F{U3DL0N==C1c!f2ds+D+74W)}VRwSsS7k7tbFiyr5n{h03Kz(M*6W2PF(
z(IfE{J!lfL!#)@7)NYpiRmBl1A4A{#i9{uOSp*>lXl1Pl<AFf-!O|ydD^Qpra**U&
zv*e#=5&X@R1V<JuXrb{P=)pt|@-#q-kWZ_wv=Dwu;71VT(m5at&C|bMAjoqTg-UCo
z$p#uCwX;{x1ost%CCmr#)36YSlp2YVw{ybv@MY*Yp7hjDNVMS8Oh`DOpM{&}(-q8y
zbM}Flzfnwm66Gxk?y=5!KpJMmBRW$7rmh2KV;20wvIOQR<Rlj&EJ%w_Gtmk;M7z@Y
zUa5)M!I03<8tloG<m1upni&Jh>nCNJ+}z^@b3|xVhFc3L@t_||&sJJR-=;3ncMzS<
z3elJk_W-X#K4uP+WZ-@BoVb;sH5GnAxmsxYly7_h#a3lf41T`x2An!&krmB8R1_Z1
z7-RA6{@N~>eT!SZ=yn`tx$1yix_B!m`4{YSI}Y;CJjd?sWB0bxy`Qjq+u6MU+*|x3
zxDK%E)p!jXp0Ju-zk=73;rbPJy$Y{yhwD}Bx&g0mfa?ah76vYgQsq9)iunugbVg^J
zMN~DcpfiQL5KZuU^+8D)?c}ZHz=97izA~P_jlB;q!u{$lcu7#Ikp!I4U3C6~r)SU{
zItRm!v9Alu6Jpq=tVL+M0W4|x^W*JNF$Uw+eeBgQB>$o=Oflq^PrDtx{4=j5qHP|a
z?E?SIuM^QWZ#&)dC8BK}pzXrq>KNMQt;XxB7~1B&g4Z)*Xq&eRughX+o7aHXx1^wL
zV^aPCQMtnzy^DMj34bBL-$p>q1;pRAfWPzt7(gQa*!%Dznk)f-*W!xt{veYQV>NvR
zC`vd6>XYB{YqrG-dQgj?<j{UI1(E)qUe1{plqbw|BKPGgR+YdH+Yd}D3lMQ^;-5K#
zTdRB+jT7Z2%*5&o!5V;h#J9#hUI6;s4y4|3)fVr++_qj}Z4Ya^UUY=`#$&`<#uvEd
zvtlrsCi<crC3)Izn(QA|BFPcSab(E|iR-Dp8cPaaGuc1>D1xhgHW4-AjoMHUR^ajC
z{i6H<o-BTjHDCdhDRTM+SVIzs&~-Uv4W!IsFFQM;Sk%&t>`^SjRep$pd@Vvf#h?Ba
z7JY;fB_JU-6yL4USiU@}XUUXT&lSLjVzejti#SXX80pY+a;1ioOqjlSgh?G&jV!Je
z0o2mqj~G;MjAjD=vTjSCcmrR^O7%g=!@aM6BJFBslxfFhc(04?ae}|WL=`uIH9-s5
z__2$6BOu(f_@96E;GK~6nLfURwlckWecLLvw9<!>KlDWD{4SiyHiR0W63`X>&$E4|
z64)b<^1dFCgFUIjN;^Ht;;_$v7?)cC`%FFTGZpjn?_r;ry(m<H`^>Y(KGV7?em<q1
z7)b}i6t_IZEIPK<T!(2wl^MW!cS*KxVMVVg-DIk}LWE1X+7dr0jMYnbbS^m{I(EUf
za8mUD3f~qS9RfeG16r%z?Bs{!09BO2#o|*~E<GNfAt^N_SQgyv<ln|auF7e8Vo8uh
zrop|bgD`f&KL!t#%pjO9DTQqc-yP)7Ht}zF!lneu$9v>PHZcNdiR>U^f^SxvNVJ`8
zUPpg`Q2Q)#D{M?2i$^tXIVjprh%3&~@E(*<8><2Fsd5^Ebh&>_7XS7x*28+%!!9j-
z{(2L)Vt-E*7h3UrSuoF+rws~~W&^4L{cj5}UDH)Sc_|x6Phzr2N6V7`Avr=KKM|Pd
zO6*m1Y!@-vg=1H>53mIER0@ADJ{?(1JS{r^Jrg${gb@DiJ>>s<XC~`*4s^Q!yG4y&
z<Q|x#HC)O*I!)A%lRzo|5zypL;p}Ii(PUK@!klD^zC%4s>QEyihz@XH7^O}|3)Q$O
z<|W129#Q@Xm}k!v|ClidL~sNe@$^qq->>-?{U4BgrsTtQVf9^r4<Mu&`GO3vE;Z8w
zrMg&<Phx_*73a~KST`A+w&f|sjOsci+X=y#mL#f6Sog~?B#Ms3J{B=PmJ-hOXupRh
z3I)f>C4Unfn5k&1;QvPhBLKMC1*BU2D}D%8<N!=}E<UX_Bh@1X|LRf{%=_@1Es2UF
z3!};T+)#%?v1c66a4G*b$RIXG$I5I$P$rv^uK`mZi<Jdok72N#U<4mT<xOtG1r>kW
zyF)v6$@o1w&%cwmW|s4B*CCs|gT#MK$m-9&jk1k8f}TatlSK?~#QJ$+coWw3M!7Ht
z?FXU)@A;jo<k;sO4DZ3ZKkGfBO+cnUM48^>@=uJqWM_{yXuV#jZhBACj{2RL&%#2^
zU}rFy{lVNU6Qu-)yV_c3LtVDXa}})5`^}gbS3awbxt@$l=qGH6d}hMKJn{s>Wh#cl
z47801ns!GbJ}FZ3doKR%8nfDUT_$F11xXU28y-O)eb`20x0r!IQf?x#2-zk7_LHy<
zvu|Q~SA&4=HqYOj8(3{`VuF*E?6GY8J>J2zWjW5k_?uy~_wq1)|Kh0p6pr`{Ehh;B
zAEGBCjNk7m;MGHxEOKAeNAPxkxrAfqI{<M&j=xK9zTT8@T~W;V_B{BR20x|nQw)52
z5k3Y{0v%!n|Bx9s<9TdlEuTx=Tae$!Y#^a$e?zT==@d}kV6ycsMaC@!u7_QRe>Cp!
z*aZJ#P_yl*;rVYpVaFD0U_qj$`8L~EKoF6qn_DUBx=Y}LdGEaGFbTl}W{ugSQg<xY
z9X8+Y`2j3(Xx@UR7k}Q*srlK^JlZsWP0jnlu-<Fo1;O09&gf#u9O`1fS$m)5`!vQp
z@BwTBSnvqoQ@M*T2c(#pZ8n4LX?Fn!@46J~px@ertq!C_cw65+FM&H;oPe2WKr8!u
zC^z2hVq)QPWeHBycgO7u#oq<D54>UEc76hVEG%ZDw$i9CYp67H$s<m!2RkE<H1w-g
zoEC9K4{mne8-x{0%_cyBH=h;m_ARxVyu+ZAbiI?g*h%#eZ3bSzxX<6TWRQVp4F>-;
z=Gpc2*xyHMxX73Fpn3@WEgf{af$HmIDn3sP_ynC{C(X>I>AKJ4OoI=8{VkKT11ATC
zEnT~=0r+ZQa%PtZ@>Z5!6Qk~u<+tyQk&`zvjASs3%*C^RPc~sB1Lr_1NWufkjWImD
zO4j60(2kpgfw|1X;u{tX-}pzmpRjQ5zA<6p_-7YO%CihH(`excEAF6?j1*SXv5^cD
zup*{+2>gPvWa!Zk3Sb+wXR=i~I%{SNSn64+C?#p9-H>*kkYqG0m7?9;GS$N83Kq<w
zu2h<R`!g|(BD%P+x@58S`sdYby++C@z~t7PAH-Zm7Ne_3_E;9a_ygv?D?i&q?z=0{
zzXU`dzvKvlu+t{_S0sr(oxBgFoy1K!@*th(A6CmNb^CV$Dw}mwrZZGx%#?o`pfR^~
ztpV!5i+@K@_r;zh#J{1j<1{Em!F?IRga8jqX#@TXJ3o3@mg1(h?N-!=!cN$z%jGl9
z;L&v5?BkLbn8P4+;dUdV^{3YAjD8>n52nF(Bp*><AJY+ab{?A|-#gYa#Xo*5Mzpdg
zzl0|so+PM{-xQxuK%PP8IOWlNC#m8<b2qT5aPmQ^AlnhF&Xe0k|FA7?`SC44A@{ae
zBB;zcL7B{U`|GTz{k(N-0BrSB^CicAkBu=P*vGO#zjCxx7sxw68t#<j$2%>Oe@qCA
zvP6DQV_RNerf#*t^tbHH7UeDIBWjTY37C6d$6Sx-3zuSlFO0zju?bV`IDKKj-bKV-
z0@_%fM7bPr_jEGu7T<!nJ3d*ycY;OqkH0C7yE(TY?jC`LHOz$wq6OB^R)2eLfGJfQ
z#P|So{dgLm0Sz{(78Z~9{$}zIIr#qOs2=|fj7X_K!=#pt`j%3xOvR;(T00e#Qi^$N
zj#8WL*d}-I6L*6?`MHb^r(Gme_{Z-wv7N2QDfc*oYML_|aQgP8!TR(?t&9H-m<8Q+
z*e<HObK@$k4<|<3JO?Bt%MIJjaknB0S|rZ@eZhQO3XRpI4%(3kr3=au5C@+!Ctg?*
zFRXa65ihh2t$p-YwSw5kUiD5&1v-V!BS$cP3LBkgD4tc|-ZzK@x?RyuN}4-2Qa^&7
z`n<hib2Q1nK2D$G3lMwSkhuH{)Z$WV&E+WFy-LP7GZ{H}YnCEpLofew!H!{As?p-%
za-4JV6VHjk!)aPx%6b5T>hb)QsAaO^D(OK(9%^NWVLzWoHc1!(-*_GAcnhtdKm%U~
zN$_@#osS9rIbCl5e9)FZlN?|0&-}ZouYJ#N>TBOyYU*R(TbN?syF10cC#Kl<94Yoa
zTOa%0a6Eq+7oB04_XJ;S%)EEVt=vd*EP%cE%7lCX_&&Y}_p499OQN#G49qIJlO*6R
zR1>a`b<Zsyqr&H_5J6ggqJ6BtcT=(UyMD0tY#*#Gu1UezqbV4hor1B76pW2c!Pxiv
zU@Y%{A79AWU%dj&c}MxCi<nF9H)yp{fRg<fIv5s`nMvfgk%W2`DfK`oFT}nc3_@FA
z#jFab7onv&-=)lhHSi_h=p#RhR@88`t5&g8o!4KHNh>A()_w7nk`F6|)`e1<4cz_%
zm%Jan?k$FsJHAusa_mFL3NiR)ns#}@dQmr9Vb20B-SYw!6M;pO4~wR@loHHI%7PLi
zlfTo{KW$>FqZd`j8x7TQilH!}>WEc(64&DtMVeqjg-LMiL4_%7b~}2#5v@Y-P5Ax<
zta+ZKHGQ6<HEl)wn037=Lw!9B)J9~~+FOP_zv1a@EDnTr#p7!4@Ju=%2d$A30^<M#
zoP1I7(pGpKE%vjtR~;vPR^AldX}kgVP{`BhH@t@)lkgO<!#917Gyg=N`sz%R^!z+g
zizMxHvL6)11T}KL^L<n!L4Uln4?2!$KtmI(<Ns^u$W(tnAORh5{g-c?kEc5)F3&Vk
zNtG0MVaV!Ec!s0K;eHhxIuQ5}ELU`x2>f0o%<4sgvTOkhWLte4Z_lm8Xb?Oj0DM-!
zN1oBJSH$BRTBAFS7eK(r_O(%o`F{4oE9$JvGbyM99v@||?hz=@e@RL`9iupl@_UkL
z^_};!g!P)R|GxKsXaAieahtV6y8m=P`)?*}taAkJl(7XTTw7AEX(N6|zt;YVyru&U
zx#W*BX%7A);LW$bMm7xtJsUg+9eD(Mx8OTxF6Dm_3LY95^NyNk);+`wrAL&f7Q;`e
zDBo2g%9Cov@XELj1&9P5Hqds>^_0I1e&D@HsqfiASj30V;RHBCD@o6S=Z2moh9@o1
zf0L^AO-k=Ay3#AkmxI9n$|&r3Nj?BrC@O0bmEL%@oCNiE-XC@KcU@Av0V9mcd}X>>
z%Mug^T72bm=v(;#J#p|>-laIRosRADE+>fV<v_Tf$h%>d&*3af{`50UbO`idnS)>i
zXd>wJ?N9UG04khy@oPXe=YTHGqFqe8Jte<U3(!ZqXP2a0<^~A~=;Mb#AKT;f(E{{w
zl5eac`nVle63l=798B`7{KTAcZArPd;`KZFwf0Y@kIYCs6yTeFVd`sU5tKQ2$dD;8
zTPqA;0D9rc+l8}xgi$>pwHHg{s?9YIGmCw`Fm6U+^}{ebSXdM^$pL~q`4T4AIhQoK
zF4j%1%zuh0*e|j*&n|u+LH&;muvj;i8DRgqpBZ3(W*A_9e@O#ubCRxCL*ryN*rrR{
zV1Lxd20Mq2j}qb$*m?F=77&b+tj^ktZjc)@Mc<czKeNQ06Qb=BsPJb$6-I5I>My!h
z8n?h)^N1uD!a4%<35C^*nZ<e<pzjJvhNX`Wltn4%TS({=iZO1F&==9s$3KUMoua%`
zk{4J67H_O4Il<KFEI|20>~7?TD!Hz+9ABTankk|jQt#P^`0Uaepa;U|bC<#=@2gJL
zpC2Ne3W!sFB?(cEop@+3`d>)G>j%7V7Q?F>*3BkB><5cak~e)n`NNXVux9j2s!AE)
zu&l6p4j%3UbpZ~GiJjpCWkxajLfL|VDZ*hX60%%Y96LvnPmzrl3&{NLGeir+N2}59
z;y*L8`&b<h6RZ6N$fgj<=54`&3By|i|0;$W8Xj!d)vxeFP|gLkv@JfZ{XDkcBoF51
z{tn~-f2F7$6#_l<z#vNDW(hmhG2hKj>(n#<B0S@JUfB7<b0XIsWaoEE#R5vWJ(@I>
z%0<a%0=34Oz%_yb!e`2%!1KtnW9I_sScz=$DYG^-2EU|mPGu2n_d)b*cwN84TR{gC
zfkU2<PXdSREQcQU$lbv6PT+C?rkhr755Ts&3RoL}(hR)PjD?z3PgSxra9=#;R;HIA
z1H93#++7MX;t$Pk+b5#0rAt)q79?e^+1>Q1ca-*i3VoDg;oaB^o>$z8U9^49j?+)M
z`H81szn$jBdKo9&a);JnZ^zQmX8z~F;QoOOsr&Rp#W;3!Y3=J?-QE*pmB;#Jm9-W+
z_=Am;4huW^XD|N(iHOJeLOeFLwV^o>S=>N8>1)MR)g50|Y-Pl_RBqym!jsolDrE!T
z!Td%x4@ioKii|!VP0h#n-OrC--<x`V{Ng9c=f_wlUVZix#wsvqA=|2tvSviTBSe2O
zGzZF`&yDa0;5!)WSC<^?WvOGGYYaA?Z|9VniT(S&wk&pHMV}}d4*2(AB2V0@4O~|W
zP_7@3<Fj?}YlH=`2&=DvL4x3!y$eY_8(k*l^j!i=h=^WA_#DP?vgT^Eg2Dufa*t@+
zZj2$19U8QeS%OAVz8^=@yX27II1jMH-oKuW<SbmBg_f%G_#uN}vxbqJ#F0!hzTX{d
zD>?rUbIO&JdO^fm<(>yI50b41gtTd~8i$jnVIn}d6|+2eCZmi9k_!4_0!oh8Oo6=_
z;Mh%2H3bCT1#7w$l&MbyzTy)Sq1!zVMLV@BdmynT?;3midNk*5pkr!iYROxIKd*Z@
z8Bq-nua|}=dU(AsJZ5+$|E`xtG5@aNx5LF{qd+C#?w=#cC4xN1OpMs~MGsb$#4^TH
zsUR_oNr<~h13f3NuN-5=rLHeuuVwKBkkSPZrE&5Dg0BlEe=Sb_IyU)1ehsibG*1G7
z!sMrS=y|Px`H$&nO<khZd;dRKqRhWQSn(CbLt>uv715u*E1A4G!itS}Pd}5FF9JTJ
zmotw!T#M_`(62i4DM`>EK=g(&O!QH0RQM}`2^to*`98n03}v6-kvoOpxtqC8VPW7y
z_d^!+Vx)UL*K^yYs({$f?S%m~4VqfGoqpK@PFpAR6&%ihDBjS(I<yDWU3)Gwg&GU~
zu4`QCq5FoBsy9Rohv?`O_=i?b0dF%4V8w?q-_uF6N%AkU0x5CcLHru2pxD`*qg{@w
zW-&RPe}dxLI}@<}bdRv22OIJ(m#DreMkTQ{wWDt#B@h6+9k8=u1VIp13+^yc>{9Ut
z#HRWd(Fay<`Cr_<3w#q*_5eI-(l&*bNuglnAw^PY0g>{M23l?UpffOm%1eBsBH|k%
zktzs<w9wfx%KFw_S6AI#U0ol$ihu|Wg{FWHiUKODAgeGTJPK%AUd?yTxsx=Lrj_0O
z@AvzDA3yC(?#$eK?m6e4d+xpG0noLK2z_G3Pd?Q?Ig!ua!K|lh<@7yxMzEt7i<5@=
z!~$u)0%kNNr`Hvyr*r;!biRODPcnmMYR;ne(eBdKoH3kMmKZMUr<J9vJ;G1@t)ZvE
zD??9zxiS>LJ{%tHd20Erbo=MxU0WGh>jkgM$m$jE^8R;ZJ=_yRQ2|DYtbl(YYj8J_
z^$E6+Z&vvmiLA~M80@o+lIbVRXp|*+%F{)6tHG5)Id<&TiQ=+zNHk|wU|i@79kj>5
z#Y8!B;W(-89oLi7-gEVo<Z&#W;qzQLlv^zZyCJ+g<Wbh5y5dpkTwr%}{O}0;)P+0k
z6}*1d>3ZSzdLagi7%uK=z`xmEd-e{%#J|$oW8#-xdQ8OM5EB#K8vhGSG>rX^Frn9P
z+T{=H8WqoWV!SS%ZS?zc3tu1M(-Gxw((U?4e~_B7?fpSQzDy5Tg4dc0Dvx3uEMv$Q
z{-)q8v*v^pY9Oa3${z{DE{0IQ3B|_^k*8@hL#JtYBLr(^!yL`-bLxd<HRiv+!wGBe
zx;!^vKD_TGoJX5~5OR>ziGuf7vXHY|7|@FI0{>)9?Ry6F@u&TFxgnyFRh=}lBh<*c
za3jqJqFeYp)IzvFn4yxMwnk1=tjb2(yI@Uup(*V?$1AMcGU>=>{0|2?G~+!SCwNR#
z;Q!^gE^(hu<e$Pupf1xGp{i*~?i~Js_@&)1<KUXIvO7wx)7ZaL`~#_T_~U!$@Uy?2
z!|(kX?!P(3FTGgXK%Kvjf>B<ZNQ)m?Fw}9u+Gu*9D>`Oj1l`7a9D33$4EO@-H9?yX
zZH0>K=kR+@<m{|!a#>dihCQ%CwBSBRthcI~oZp?|*Vo~0!+`o|`&9Ce#dsl-as`Vl
zg?Ye~J1rAErlF3iAD0wjFJDMyz5F9wCE2g%-(T&os5sDXHr!ztMwwiY;>Ro}L+mTb
zAxNeyS>r93Yc=PnM0P`y0pF)e`1LiSp+y`}F9ANXn?>1=#(6oX9Rq$4-KTk;!YWvo
z+N({21&`|l@PzvZUNY>iHsuJxEe=DoWc!J)?1j#;6^k$DT3vn?tSLCnnjtAYm@7JB
zI#H5$Ypes6oU#KhM}%=%%<u8Sh%AAnTh&}#8Lwq7y3JAJSu%Wqbij|t>OK|$A-FO1
zy+0crA>>UW|L$(VIL&IYE)_lV+Tbp#SRBt)6jhtzum|!!*I+cal+OgythDbs(Nbs1
zst`QW;gfCfiD1}NXG*Q`^Q4PmL@OX_I=;<PWv6T3Qm66Yz>L3wpE<Id{d>v4+sJT$
zN(=7mrV9<n1jBAjK_v?<(Y~ba()894le$l*F6don8eReG6|Don(RHSr3L#j~0u%m>
zMt~7{X!=EckyVl{b9g5*W&^AwGqGT}R&aVwRnXZ3ST#6@|7558ByTt~$9;x>=#Nl+
zYjpLkwNd%Z&}R3}bc|?MC@CW)WsybnTnlo(nWhx=ik{noMRlgDeyy(|$H0BT8E9^_
zqZ<xuBblufnM3KbS<bWuzn~PGVcn8YXX;i#gJ*4p_D_(d1bBkm)>1Ds#r7%gWvDat
z3Tpd%%&~%0-G;-G=MjU%zk3>^Rq*dNpfWUO6y}gR8}j-%!*<sOKxz1UtW}u-gEf&N
z7&rJQBRG=G71o)|6%sB>!thLzB@P}5W=WPTW>_vra<K*Au>>XMA#)TM6Fj5FAsjgC
zzB{rf=P<Ogq&Q(XUVzd$|8L1F7B6Y^Tkj0y*2N<&Zy4B(V|LkL|4GUQG<wH&c!iRK
z<iaZ(F@KwSNm?S)Je^hqPi<ArnDuNp9Thp0@fon<%93m~m=IZ+qDp*ejfg>C_JMBE
z-IT-yc+jNFG&|T6=gnNizO|MZ=yyMxNd>?Cd;)1IL+UM@_NYuNN{1pnzhW@DQ=X#z
zc{eXCl{};0eLw?UWNx+#FYU%v-v~+$8WXN#RwY68Rw$((v|reyUIV`))@mE}V&uK#
z%eZx2siszSIJ^Mu%io9J@_&}yEh=7UEO`1y!E<OpEO;6Q=;84W(804B;d!Ymz>}uI
z^U8pB@Z?9sg8^2m4vp%D&SftA7|o~rbKuKJdXs&6&Kxs`NB@+#;K#Bw%}WaOP4!B6
zKX4I^_5xTK=NT2JF~j}2LH*92j5QZN4mHPVi>D+8cO+30Mwp3mH`iHW<j-k`ujBXW
z@%2$gEPVYjLyxcDX0)f@16=^H?i#-4WwgUrN>&uUbn`hZubZ7Wqggg{+X9iAh8W^C
z_w8#f+kzOhhz$-yDh&>piqY@wkow2TX?R?U9unCI?{6m~O1EGIm={Z32EPO8IeYym
zQ%iD=!i%mwcxiI&&#6HpATvf-vrrmULary}o5xUuN-(#}6t)xAZumGio<08RuLJ2Z
zokk0|)GWitGYLzc`18Jj6cS(-MQS8gK<d=LVA2NS+=!V;Bi-K9Y|y>783$bye%eq2
zh#H);*MUYUdr`s1-O`<mP>89^dBRj8^maXzGKB5m!w4IU2%9%4jIc`)VY4QM5q2?x
zPzJvPsT!ufXP7$F5vJZ%I>ppq-|Q4qU)IIM)E}Pj1XJ&~FibsMYvE$sGyEDqy_^!s
zPw#ir^V2mBJwMqUdVb1r{QLYQ|E5zcRld<Fmj1RSCYH*d>jX<mGsDu<P5%u)xsqe>
zQ$>oNpE4vpKUpL_KXKB(!B4lyonq?xzjTTz_vV<Gn)GZZn7XxzVJh3J<0sl}o5vCh
z%cpQ(4L4z&vzYMijb99!n8x;IH1WN#PdChTOD2I#fSXWhP@JaWD8$qANQggLeHr_T
z#fm6|j|%wJzp(n#GHD7~@aKWrJES~Z0`KsvPq9}{Si5OELLW6#01?4gGxM8w$m~Wb
zNM{);6;TB|Bm-(|>i57i%|<O9fdk}}tHQD%?I4WAulaW)-hishR4G4^8kws;c}+6M
zwipl@6!TDU=No&YQAk%sXu*suWi5d&Yc+!q%$TtBugss|+5KiN@CPk`l|{XC2-7(>
zZnSXW!YRJ9wAuStD2$%3LIl{OZ7s0=-;5*(A_;=(>tdJ$tw@5OFYc5C&x|D!oLQkG
z!N!Zbh3TkH=}#0m@w$!zzYo2FULsfY4^d!r(|=EaQL!noZCr=~ma-@cpg!-;uSoBd
z1aC4D^w<X^cqxqSAF~+=@-{?};EOGc1cNqMI9<G!nD~G2rU?971wH<q>7C-gr;YIc
zNR<x%SEondzk3GZ|H0RE`0tw@f&b%S{D1iK{|x^V#)j~}YEn%6a~E9*{-63zhyU4G
z4FBubN8o?*W`_U2thcn~4`R3nh4B=hDp}3&7gPDt`^Rs9N~-o^B)NU+tK-wcm_Z7h
z?A0j+o*F|GXmRT(@Ckf$3WIYcpW?5tVXb6eMubrRs3XKvp*PKKZw50%^vFE*-_v7w
zY<jHA4bg*h=;(p8aQ5t!7Jp-QX^H;?TKqAL_OCBvv>5(z1TAVeF<SKb*rJawv+PI(
zqsK|4hvg*FgFwqrZ@E5#9^FeAJu)<U+}1NhkBkU<WB@%1kRHY>i5_#8GkRn&dR*R<
zVKn0;MNCs)BAGw>##aVvZxJmLb#GbJh1$%Jp}usY13F}c=#UXbhb)9}UT1X3!m4Mf
zBgQZ~l&j?vLv*MJ(cwssU#A1FF8wxw4jF1$CZod}Yr}NNP{(;09iCcC`b(5Nl26$~
z;^@H42yygGkzO4A)T7hEuwoP;KTx3?4DZ25cF%ZRC6&O_t+PS{fL7^G!qehvC$5rk
z(1n*u>cc&VMla497+x-^cVPQgD4l*jQ>z45xvB%3;5RgB<GD9|x#SPJk(Lebu(et-
zJS@^fk=!G+RMP|Tb9bt$XCx5&p)4>Ew;ImrfT)LZeuJh}+|xTWhHpLoKa;6Vqe5di
zPmC#3-%h;{nR@ltI+<!2$oOaOM-k)r>;}d^Q$P9@{&{sq1piF8>-pzTsh#rA_z}cE
zZ!OXB&%9I}|HwD%C^sdw1OBn466vnLIf8VVsT%(zpAC@?cO}#mY=U2{@z1+7IgY;S
z_d5RZTO#?#sE6WHOKkr6z(Q5+x+wyPS1cO;tURLwqS_Lnl@19_(CUDr|1<tsJtD+E
z=f=n6pL_WW;h*3x9slgeVEmKyVFdqtyq@t-j}K$<PozF{>$C_4O1oOmK(qNy87O`@
zG0@$MbqsU`d?exl!wi)*aS2aUx#>k6fz4Q|jBI<Yxm$<^F9rT*G#HT+qCt5{Od6;u
z7ea$YU+HKd^=CAA{T~rD81pfs!4v<8oQosuU1HLsVM+u&D)aU9_$sASdboxWJ-&TJ
zM~|0NkRH9zLxnZ*cnZ<uv*&g6D92LVkzJs@c4tb69w~?aXY_dWiV!{2qL}oUnS3Gi
z2<+6+V|_nHkF>u>(Bm&_89jpU|2y=sUlT!(pU3IxQJmZ<J$@QW^qBCljvhRGgqsM7
zqOb1#uD_?%`|rl-*W!V$M54jZ=}5E-ORM&}5(Qr^eo5>9ae4*%{jMRZU90}jsCMM?
z5Y<K$#-!S-T`q)bqZ@QoOX$m}cJq4?R6Fqzqnh|$#QsJn^!n}O2znKd)zj<gE}hbA
z^bn%giwkx1x}{4Sz1C>-3fT1Y8rOyB^~f_idS!NLqt_aZUhmuV^fGh_(d#b<|7Y~d
z8yce5@`9N3I%&QTdR2X)qt}eyj9%}&6G1QgYDTXY-nlS({osh8*VDOrdi`kblwMWY
zM6bgx9lhQ)x6x~(Mz3+XdU`2lqSv;kbo6qW+vv4Xqn9C9Pp@mtA$m3c_&=l9V}nEV
z+Idw>dKD&K2)%ZFrlZ%N(;2;5-;SWyZ$Du4^1ppy^vaPU==I~3dU}mY?37-+1`)l+
zI(764CJ?=xe0US(CeY^5L~gXdF{H93ko-#^s--=tquRy<qMG(S?y&R=egCHZ`)3kD
zv>W%Y{~7IeWQAzgD?cXfR>WTj?JoXQN4vwl80`w*ilE)Dzcboh{+515<EomLq$-IX
z!65TFJDZ!TcJfcxFk2w@ijpYY{<&bQe>C1xW{@uuqVw%)-&T3?yRiO9_PJ++iL`lO
zhTd2I1A4EJiP&wy9im((Hnd90BJ{pnau<JX%}J3TTnBHPtWowF>clrq+)4hr_#VeI
z@e0+Q<Y$_!Ck1|Jy(G6Z3jF&M&HU3|r&W}FqOES}XMx^)jwtUIy$3VIq=<%=K9{pq
zu8*{yEpBh`wFV<;2*%Qa$b95s|LJ0&d$L3J+2v2|p=@QLya2w^T*4^@(ZJvtGg*ue
zWDn#5AU^O->0Eff9AB(k$+6A+cd5x`J_~KTkbPt>u!GO78VDqAj?dj_2-odyL09Qi
zx0(D@YpS~eW<3H_tx!E4p#W~FE@PG;AJ1u01yU~Dc=8~~?)UQWJNFv6JU<o<1l;r;
z48moP88hG(gMicd&qzGpFk(PB{CVj}X5yD8deRcm;;s36!RMpU!9FiVh(mly9#c0F
z4c0Ceg5HX}u~!J5r9qcp$leAd2_)uh#VBuHL7oW1cLCt@o(%QkXXCi)A}dC${n5@(
z-t2BMQS4~GuwI^+<trK*B!iqq!(mt@%SE|r?(a>UT$C3TLm)uM`sA+bvn6v)Mdb!G
zUH=%j8Pz+!OQ1o~uNUiE<{K6+n!aI^Nx`#{aHTv!xWY)TxGMy-9}bUdu#C*1WR`r*
z{Onlt`?PY->y>-5BxS+yVr5Zov2uH!q}+q9HR;SdxG00hzWTy&jHO%y{A89q)2wFs
zI7{qREdSt;RY{So>GmmQL8o=N`Z%T+b#KlH#9{Q<qB3HDVrv-=>RhtTRflAA9OeW2
z9$|MwaUx$u2V3xTmgHG)r4Xu~+16aib1(D)UMYy<tDZ&#Tc9dFwbELxeQP%GE1o5u
zEVh<YTP$rztGXo%TXEjXM4P)M0mH7e7+m}Dv$=7uuhEjJTu|P&BD%>ro1$OXRDmx9
zDS22mruO6n!%(Y`eJ_-cV=pdvC6FEM&wEIckEzpHd&ydlDk*Y_0{B*@0phcF%<)wk
zkq}*QSj7qX$jNJooiWk1JQc>kL?OajRO693tES^PE=Ti(!j(os+!F*a<~%_^lzHh&
zS%zBoWE?iXkh#VlQpYFanIMfRKp#vODS=FGT{q;cd$?|#S_gH>Thy1~^0Aq$=8CNa
zqTy?P^$x+4q9(!D6#V~~`sq-t<VLFG&_@|<Rt^I>w3|7k?oA|;m*2pmVnE5(ME1sm
zf3k24{&Y$bQ)*V`W~tjBkK=4x_{V;tZY(laES=A3*}*+Mm%W(DZ3wk6zyjiWB(jcK
zb<O7}H5~MMzDny+3w_|0B0gy3;R7S^Y#Op!8Ww%hm0lbA*g$SWXxn5f&#^EPkyG9*
zgvGry%jn8f>sKJAo$2oza%vj+_fiJjZ6i=!UFu5b83HD}R~KNC03?H_nhm~HZ18Op
z<g%H9EX=~@hsAR&bO@cz-PxMk$@IuS@i3XA<A!+CW;5r%I~Z)sF;lsN&60gzx9IXG
zPt{Nx@_z$uBM+355$NO4{I$p=9f(~f@CrDGCyf)`XF$slf;EK|dHfX)j~H~RLbgwk
z&w#+IL4nuE7zxcMXQX2<Wg!DwzdsazGBQ6M+OO5wtsL3o=4`EM;wOLZZVmFqpVPx@
z&GLkywNdX2@`J<WYjSH>X}{$M^J>HSrQkP(**CDe@fJSSZc!#>u(~q%)sw8%6JTgf
z0vR_U3$D=h3B#31x$=ZuWl|n{O<!M~eZGO<Lw3wSKMnGvp2|`+3FRz93dWO9l#~kQ
zS-cIc*le5l%HL{_lHd_afk2|<p&L;iwL@@w<AB`d*bqoQN(<fpkfxlWX}MW_{_q#*
zi_lLir4*rw>T)X8cKOWeYYohcz^uOTxfv(Qx%V;^#54NjLHrOjxQ&=7VO<U|auB`h
z%JIu|Eh+4m78(R$FarI<yd!)ba&EZlbH+ux{}`cbWow0AC=BOU2;+#aT*-yfcuLAr
zv%RUb9D_kREuylK=Bl;36KHsdnxcRqZ`L6?-!PzSvKDpAizbff`2I3`k_1l}G6fIa
zNb;y{Bpfkx7qDDi1?n3HW*(5C>6o6;wLj@_o98FodVkX4_A<W?x1~EmxXu483b)Vx
zq{HnP4YxjqTlG<p75@8S>_njR^rs<o9{-eKZsjWx==@eIoDYR_R+W(;RsXcy2!bI0
zzB3>JoL$rv-=e+SsZ=bpQ(3$^AIm;Dm8!SL(!O{7^&+k<AHC8G#i05M3O5!~Rv(XN
zW%$7=M$Ph2qOOHBJq$90r-wymdvG_F^&oBQYZB$;B1^LTyn%_<KfSE!A2I9OqsekX
zS*huUtnzYIt9-Q~R^_i~l?yMo*)xXZnY$cBajKfXj6|`S_JiU=tz28)w23(AqYwwt
z4UAWQ^%KZ7>Mw)XBuUjIsZAAFjVtbkTD8wG_N1cxLCzJg-q;!ps?W7X#0M@l*A+Zy
zXczw*J-y|#qHhZ>j70Yq&<C%OJPUKRG+G!O4};^Pvi1fhv+%^furinFqqi4Go<)MF
zR9bP05S0(CYe*+65(Iex(~*im`7WBfF_Ff>8FhR=dJgl*RG63+FebnUm$L_R;Q<EP
zD1e>_f-;eUd&)(a?lXh=+D8)t7mt?S$q^|=197N<`XqS>!u)e@il3>je@Q>TwB@%f
zXkRJl>gz8~=0XuaiU67{VMtMiQ;<9h1i=8XWfzrUP!RNwd644&E}99yXW{Q#>32~9
z%c)X<xS?!r1%j^v5k%yOT!<P4cWrK4UPgaGZx%kP+_^od<Nwm2mcRUxoe5F)mLcBa
zD-SF&hP+oI?H|MGJS&#Y<D5yVauVlx)KebhK%6n}mkVLR`I#EKx_xs&(A@b0XkY_z
zEZ+r_yIQ=2G_Zbfkua-(yJjv^zWTr`IYIdtYsoJS<YLeRH!W2AWf3N-A)NdZq))r}
zT!V(_cz*6#;Q80ilK;3?ACj*hR(d2eMx|q#Qn>cUuc4>k^h$2qUnx_&G(qk0XIY-S
z@8)k0>gAbw_!oGdsXhN>epJ2}wmVZDo^nXUkX)S)3RhUCEwl5h6RL|NO=8vG{*t1}
z<x-}mfIeMK`ZSX`^k^tO+NXZ?qJ`7q#dOeK+^@AaAl%-ba~-y~{v2y>_OG`0<k??o
z@BN=c?cLdNdy>}P&o8vK*IxcdHU;Bv<CW@HXH!U>Pd*olejX{Qo6fRY|L}r-JEnvB
zeP{Ibf7Dk0+h=3d|EyO3RTozOo%;HfE7cOMdPmIa$7t2>d%peoNUZu3+tuGwtN-Yk
zSoQBY!|Gppf%X68bY%S^)bDCx^?PF0zfh~c{{_}x+OGcTXITB0$E^P%t^SSAU0D5x
zTB7UUb)MD#+38sIe{`DFf6E2dzp`EZ(}S%3`(oCAtyX{V*$b<GP`moKnAmDIC1(B2
zEv){RFR*@Jb9DW8X!ZZCC06~<Y4u-yf%V_1tN#>EplI}^^4glbG-fL~S}Wf?6S*HA
zlmB(~pTzpre`pj4G{>rYS2L^o(PyIeYh&|&lU_cozEb_*G^_rxnAJa|Re#Ad(efcW
zUinud1`H<^lDCjffvMpHcU_tw|3vx~ZtfiHf$|sg9&bz_&FY{e9~NZ4`nOct#{p&k
zfVPwLaZfgP@>wQpq?Tfi)Kc_2dy)Cx{xkT-x4~!7!I#nwzCQoA@a>KXo@aiVC?5)|
zr+?|rwiGSU9}R)%R;E6I<yAG#n{aDe-WA?flWdI`_7<(FQSod1Zfj67jIv7EP7Jbo
zkZjtI;gd;e90jPeP>)ZlSEc<Ior|#_eu4e-rAGA6(AK|qQ!l80mJa)Oe-C~CZtn5l
z_K)KKMC@Z3aHFX;(Ah@Q(tnn*U8YrkH<P1Mdw+3Q>5svKt6b5u0k`JW%z??Ay=gpd
zQHu(5g4|S>fWB|K)-S@P#GCLy@EJAOS->TC{@tC!RL4L%|Gt?Etc!prIvy;#+mmy#
zMKIK0s#GntXh}T_r;x{2J;=;KF_oo5J|Z?85#a-t1}6_Aym9Ka|4d+;?{u1nNoNj<
z?(=c{a!ee6m5O}v@tmztmdr2jVqjkK*{a}f$(Uax$v+70AI=FL6ICV{)SR6WM6nd_
zf<MwOi=9t3?S?<nZuCwx3AP5;0nzrUD?aduAgjOtxWnW=Xms}1uTOGCId3<{eiDM4
zgy83{qf$0Bc>3JJBGHo!54`F4ZT9Y*o#g+n<n0jT#SJR3)ebY>HR7EG?^^H<W9T+8
z0Cu|?CVTP@f+qh49W^X6tLHZ-P%aKk{X>~?<cR=ny@74S7%8bwROI6b(D^C{hJU;P
zBgg!y%eJ82pJmyRdQx*g$0)w;R^vh*u;@wY@-Qrmm7!i-GhIH!mC2Rx8;%vrjb7DU
z%x`F+I}5+z>k|2AyZ2nW=sjk(dt0H?zGC@v^|2}==U#86b05Lev)~3ia81eRn*}^j
zyp3Nyont=ezD=|Gl+(Qh{aMnX;FZ3tAOoFO$W?u~Am3=s#k&IZcM<Te41HH-;@vD1
z0drvmYUx)_;$R-E;3;?x+?NaT(^gvXc`B_mmC4$<gs*1!fO7hYapqyMpH5Fdu(H#d
zr>(Eh^)X7$F8I6|8Rhhol9ziPvt}9CV-`@R(pp31qyPLR+o&?H8^(oFU<*oL^uty^
zI&095W9zx-^MlCoGt+^=wQD71JpqA%hz9U0Fv1ib4*r6smpD$;g%21x3M%$J9j(o_
zW;m2Vb|j&tSUv%0AHNW3n7j>Xm~!WWOpafj<bVNeuvaHraUqgLA^Q)*jCIc+j2ypV
zF@}U`Qjc9};zW4Qh$T7dKJ90My{_0ApMixV)NNW}5*C`rV&O>jL#;3w3%gR`DD@R6
z#8!DM>^2MqYp&w77N~c+jg)tJ?ZoR=<nG>b-zcHkj}axj$FCN=hr1f~AS}0ORi+AS
zyY6{yUVfK7uSv2BZ^9(uFdV}n?^UlBy{!q9X{HgLNQRRbNsfZH98NH7x@XhuV!1in
zr}on7>S4d9ZniypOR;=hje{}-tY-#=Ty+PN783NmGDP?0ivkw-+sjj$<Zii_Um1td
z1nNxI3^BO**RC-9)EQTz-;}S8%MgMv6SX>qj1lFlMP;&C%05B)>=YoH@;2i++cyGV
z_zex)Z`C19X&|-}1;f{(oQPit+27C?hEpJAy79{!kZacy^VV@=g<uVkQvGSPiJRl&
zZpvVSVUsxIqVVSpg5gW7!F}G~8Vq&B+c%)~f`lRFJfr_`Ek)qL+3vkx(m01<j3av?
zwMJUr%m{Avl-`~{0V5l(XlV@wJu45v9FpHO7z>V50Y3-|-uasW3Jy}i%PS0A{`cq(
zz2ZBJ;I<#5Q~OHM8xAwo<!mj<Y4ZO9g*jVucD8}ZS7I<i|08rxdt5%IHoa)X_eENa
zr#!j?h8hMz#?#W_xFHkfeaRC)!I_I$ZR&~l@0piLhi7IG34Jk6LNPmj!asQ2>X~NE
zlHgZg35IUEI*h@Ec&n-@?`elYVrT}+X;kx108kO+!d40iP4PgF2$FK6wM<arBxQ;j
z1{#~od|oEtB&)^F;yQzj^D-GHSu^ZPD#|c+3T#(;;E!B#&_i&{_O&JwFPkK}L7mxR
zz?oX0cqHCKMoMpBrz8L{v7?Zi-$#U*Kt4TZmEiR!ib1cqtR;9g3itYjM}=jr^v<9)
z%w@SzkWaLo55fDuLy_-K@FW9&7J}B~U6|G;pG5a*gDW*>Z(w0g6FlOd1;(3iu64-U
zME8MKhv&MW!}DNkNsfL$Nj~fT*V3G$4%^uR{+TV_pAwV46O`VC)kDY0=e<W0-9IfA
zJ-5V_<oxKcwc7b-Hru^FCfbvZNXp>S>e=}Q5DDExd7o(e*7czs&v^Q~4=t5EQw=3K
zdmXlI@I|fN`!DzcRK~Hz)qVR*hAvX}1T!5b$Cu>n4BSgGH4n8)9w8`sX13<+)%$nL
zC++S70HJ96MuV_8X_usQw^tACE&swmga!e`CegMR8mzN>4?=^-BxP(#wX;8fc&wWw
ze<|7axc>eI0(cO*^audBRj~QseXrg71H6AiP)3ZePVOZb;sj+r49mK<krjbXL2i^h
zCfwF%N4!87B3^F^1-5q;qn8h8iu4lX&w;+4$!4n3c4A?V>EVQ|L4&J1U@5RTCkRid
z{zuHUqI_C({{YyyHYj**0dh4(#cz~r?Ha{ShVk*8r1UPT9y+pE-og;#@Z1at2}(9t
z+dkv7dk;Yek4ws>rPYf^8APwz%^`p9uzlltzo5xyaAw%u`{9#`1`G~qI}M*~vU?9C
zmLzSGl(^FBv~;*QJjuC|+(pQK#B8rN<pMRU?=;9h?{QEk<LuStad@B3?u{(+L<ak1
zV!yK3uXy%rIQx|Va{<*=nkcyA%oL#4?Q7BEJ>3+6moUE)`s1U~--n@pP6zlm{r?~T
zUNxN%X#_-?G(?_@fyfT?nZUATJ81al(Hejxkxqd1M#RW1s{nYwFUYUch+l{7Mfr6`
zC%+m*c}H7*QhL88@_osZmns^3l5)G*VLP<2tAK(l8D+t|oUMM!#3|Q{?)^Xn5k$gu
zM1(eZaE8ePhwVh9Jm>-V9}yB+4$q7@bjv36Z?VHW_N1eNGGu)9y`xEFIY33R?Qs1)
zB(WTxLKFz1t-ehloEDUEAP_DR3|)oniA-XdQEJEyfjh%Os{kM@0|@s*G3~d?TkY;2
z2)?hw@O>sJT>-v}<<CO!O+<O+uzjnOS3^pxo&5klKft$LvVEb+s~<pKJ#4_7)FiKJ
z?B4zGe!ZY{9bauq0w@K8Pmsq6*+pgy$ore4X`E!h#D1vEVA5Qq{6uq9V!n3yLjGg=
zqq&`E+XGa0@P)q6h|H!s;DxAsA-eg@f%BQ<vBE;L)scPB;W4E-F#GfPlK?lymv$I_
zcG%9f@yOP|y}%=-24-IX^P1$b0|l-@3b6e?`E)1vKOc$zqYVFg{^+Oi2jG8O8-IwN
zYZw8xwGjYThdqD*U84A-Mv_ki?xw?^1Ff*O2j~QVZYLBo{;0>%4&cIs6q+7Ol3-0?
zEUoTqvCG@-u(CrD13VdrFg8SrnLb6;_x8|OWRqmu<a!raq%W~ZnE?gaCV1Ni@+RpE
z;E%%UJcEuuP>Z}fpy!Wso$`m|NhXdUX=`UAeA#I>-X(dfB-cls4+4LPpz|{R5Ey?<
z0sc5C0y#sfPT!5pn5c1;K>XAuuj>{bo#g48nA5ZtYr{1h=dgXrue{R`;#Jgi0M(|P
zroauDaUKMP2)cuV4MSMt!UT`l{RWT=xJ^0*6MJEG-%E<+?SNT8tms)li2YWt@!Z=7
zB(op1nNxzT(e;tNsRl5Myd-$W8*;Wvwi*x(AQ_62wt_BMjiFKFBts3xZdWD%D!mxO
zU2cVCJ<Khp1*F`RW1L*~{&SLN@_7lS6PQwf9~Pb~Y0H;xJ4^Du=0GCN4{3RhsFG=U
z28T8&v=za8aIFbcGVDS@%}-bioRMdA$a_$*y@|#-mq?z{Ap9bcR`UbA)4Q}fxrfNM
zMGgwK(*j@gg<u%V^qto5WC3~(j4sXo2P0_E(prfVY%Toq*YO_BS}5mCc8ieRC}60^
zZov8lO?3v>{r+VfotvHzU?LSfGoZ(la0F=MvnI^{J0tjie0AT8>@c@RGCydL4UCAz
zNqY;cZ@dT?UuBH%b*;VuTXUvEWk7xdEKgvLdu9{Nn@O7rtJ4xSd)}!O%?{V%<H`J?
z7p`fx5;PkAcQ`Y~^Q%qWwV7S~@?VamZxBgtZ(>PhP5E~LqX<nJb_#MYQLb@h?~o|b
z`&Jl*py}|yB8d_#K0yDD=U470o7|MY)n;;&Zcmd%!!~>H0BG#A*Cl0d1$A6EUVuJ)
z<v-vffT3^qVtFrsAbj~RF#?3W<=^_BHeg~126_AM?Z5i{r8uj)TN3SSagP?{biD&{
zG6PMES9iey#d2U5^Q)&AK>09BNexgM$5)QlO5>o^!b**NWq+;I2&L())WlaNX{9F7
zdmw|A#`Be@I93`DrCF>rfv@~dD@}mX;jA=~uk^9f35lZjhg>OXt9>o5Mg8y5ZcB^N
zzSbBCKJEa8!GDR10KYf{{z@(ad{%07y08fV{fG2oYyy{Zfm<CRB8MqF+2XL(JNP2Z
zGnp>Qr5TbTLCR+A^i0hSwXwbkJp+MZ*hY`)@lhZ(ssPw0;_b+ME%~PlY!UfKm3Y7I
zH|EP0l$F?ZwA<J17v=)8<j-i2j?B*_<#p>kGkrwsYUe^hK3jrG4M!N5#qe-ut3biI
z)%Uz{$h)JxnOtR!$d`OB$haHTbC?&m&Qea)z*^n&fpxeEgJ7G;u-d+c1;_d(r$%j9
z+MR-<Dj!(Op;3GAtE!_*d-<!Nsj8#=<B!6X+Qw`^vPw4AXreq^@VrfRf=~<yxaz0M
z1^GBM{f`=I`rwSd9BaxUpMa+3KvVdF)|4p!Gx((#^hvhG)-1lV2kkij3%94!Cn=*^
zM9-2S#VHuCSl3AMG1l8nHE8oIc;ZW-4e0HblByq<R3KR9V%ZuA#CUkY{}36M_LLYv
zKW)rp_}eg>Yln#XCG8Ob{U`19nB=)U9eN|Mp7*mrec17Fnmoep&*oUm^0$)gXB9)O
z^OxxQ47Ea!VG3{#(mI;lLY*vBOlzuYmaYz0<LUVvKpXgnB3aX_wl2wrf*~8R7dL9)
zvl!Ohss4Qt^$W{3BS&?#9}4`|1^Z5>@o2;@?~>2ETkVf_L-X_DXu%F74wTt3$^9WC
zD7-mA`IIELuERmR_EJ(P@C*aQnwqx$A`SzqwFE`JxDLjJ#22^FMl%Jh=ZjBJr4nDV
zKe$Db56Oqs6K}+E$ki~09>;`=%8k~vlFFle<x`}$08^pF$7_PdTzr2Fn2KB-LEYbP
zAd0%D=~>M9sD^H*H6u99nojI>maoL5A(NF+=a8wwy!6lp<R#aubf&14-L`>7)1gmr
zG`Us=ss#-sTo_`ll5(##eX^2#E`m~h88A&#L%;we4=*N2V3^v2yBHWQ(Ej5a@@#aP
z)&tO?puM&-4SkU$fOiLiorOw(83S3}`SC>@60?hrm@Ho>OnsTNfC%mUU&`dq(5nVx
zO`hdf$1Bhpn$Pd&D4LdYsOUWiH2pDZJvmXy8-y_^<?n-KxJ3&~yo0X81wfXn=iu?|
ziactKa}E%c1qFh#NDzWwU?Liw_UZrdT4P({2+8x_EE;|J2glhs)xRi?v)3gUBqjfQ
z_$?`!`{3fpKIhB=rM^8pS46<G1>ia2I&8-yHc$R@Sl!^2aa_Bk<@vwINBcG;a5&E-
z;{nZ-1mvcCH$GUsF@f_pwQBa|`43>(Z5x@($vPKHWqGLsQ(4w(O%26YHm+dVE}zq0
z2};|e^S4Z8*zPwDvF%JiE4;u&_&yoGpG@#L536<Y1WWT+grBv0L%_;_Ie>+`HZWi=
zcUd}#PneF8(meUA@Qaa;0BlOX$Ht<qe!K@Rcz~Y$JzBDPTjMFe%QqNld7?y`-G0IF
zjS#F8JX3Y~=Oo)Bjm~@FZ;P{BvW?{{pJjz+=OWNLDLWHri%Y-81yc4l!FvX@<ueB7
zrSLb-*#rI>T?-_ejjy~06)CsZ3_qMxv>SFzxvk(s11xm-Dm+UHlt7)0p%TnD5*P_3
zEuoTsV#xr^8Wk$p#?c{hTQ#`S5XQy7YO`@p3ua?*$9v%3?EeEkSkn@ue@jJM9bdVf
zr2Q{~_dLLT-XOp{=H3AeIy4Ifi`SngtYxnUc@R~8!Jxt_){hzM9-83ELn+0n7jMMV
z)6EV!?+6T}CEZ|zvIIJ6^Cw$_4#PoAbB=C{WVQRdH!zA@=Fhpn>GJ4b;4;x;IwHvN
zC*d~dD3GrKZq!kgaU6^?mo4hN5qEA`Lrb3vycX`Y%jZvGL+ayWeK_?`$G5_L{K|Ei
z?A+d0Y)wWXjowaVob2<V$+zT*e;HrFgCyLVx6px_iZSdM?~O-L-gGlAe}6vX@{1?1
zoUW;GZS!XVCeO`fB4rfm%=t<9@!JcL4fEr3kqvt$;6>gIixXT<cu&U*FoDew+z0og
zkA<N{2zmudfY_!#*=}icE`Yzle}b()Us=rx%}%Ef+=>B;a4P}%4{EIg&NkBOg%1ov
z%YW@B2q$-IoU=RP%H3*oEfH+#&im<18E&rBZh#v%;XaUUk84O^CRE*sw;2HkZeikW
z&p;vEn(?+vU<`ZJd4=Fv2t~V{ypVlTjb9IlS9)GD#)g^8S_HXgk1<HrKv%8i286+r
zfAmVgP1$lr<D8I7j3@sWEYDrX#MBzJ#eRz+^Pl*D{}{y7t0<;C@o%k(LEC@nXzO3o
zp0@XzLbUx2*7)c;CRcXNW3<f|qU=*yzVp@bH(tqT`?^l(kA`|K#d@Y!leD?yN|fKD
z`{TuS%ITzht01m}W$A*u7KZ#O*RjCOF(!iVMnfh0U2GzNigu00it=~k#dg-I%P$&P
z-&xl&O(6dcYZ$gHF64dd$$t||j;vw06j0>f!VxZ4;e*<>fXfjfm!kZ|SoXkLh7I2X
z3>#OJMv8nJzVc}W8w{^&uOydl*X4&~x#8pc!Mkutz{~3RD@K#_?*^6h#Y#%g1cT@p
zliv$}i3Fna01$Q9b!Z|V-#p5O4Yt5V?E^3c>L?di{zfdPRFczQ*Zd(Lh?)=l<6ckT
zqV2a&Dfefoao3@v*`pRUsf>IGLblsV{PR$4KCa(fm%$`HS5TIym;tnFj2ZnVe_*l^
zVVjMx@kEfeFTM$U%Iw=_f<Rci=&4P2pu^bvyfYJ2q4^&o!|vNa$|4!?zIUIAqZBoC
z?0Ivo`oLszOSps2ivIxK=Cg~f1#thoc0U~M7i;$!a6e1Cx4?Zd-J7h!nyJ%@OQuZe
zLW84>tc{x0%UXJ{L)Ru|I(!*4v<7>;(wM)~{8~I;RnAQ0$tg}f1fwJbRFr+uul?4?
z|98ln1*N}|fTy97GD69gfMs52?m>Fq6(S~Ax)HQ(7@pl&!i|?6LuZ*<$ul=y#1oBl
zJLq#(dvysH=p*{JutXbM(gS@ZR3I^@oqG44G*AZ5lD$zGW*yC-eBtE8qb!DY<tF)X
z@JnXg6JeXgw~IWVzq<}?lKQpTB=z+bQGO0d9#>dbJT9FJ{6S}>w4QmeU+Xb*f%n2T
z*Xr}k<EP?Y%Z1=WZt55x9_8Q0$Mw7a&+t*V<v+tm>0>&4eEl55$Gm$i?f8Z7s<+<+
zA>f^kLLiai+LxLIU&0ua?xieMkIol8y>=D6|J%^}nC79>{D#40Yz%hvLCAka9%WU=
zTiB>CVO~V=xvj;S0pBOW_pG`iGoEO<x{4T|J&_FmD0iA?QMzh>MHjDK@GP+i@_w>x
zty8};vX|RxcKtc9dCsabG=5S_wU*;%)>5>3`Jnn5d@!?iRV?@lBjM|ZKncF_X2ePx
zaMPlIo4vFX;KsBE?#;kvwm<5Lw@=gIGt^cG2yLhDQ|yGrR&%(MT?C~xox&E>Vs>M4
z!PA@+-ytWneSz=rhqnOqDR{$NtM_jSIShN^XTGn^`EdUj-J7g9{l{t3zoTvXXY;;%
zfM$I(aj>Wc+~QFvKTorob_ylpAu>xksm>Up&8#3m0mr@3x5#I*hEbfR{){@Il4qr#
z@#;?@N8UD@<iFEoxljGgTsAYFyc%Xk7LSs^0%=Scy*%-8S~q42${5nthTw?L*ofVL
zG5^9!Getz0<10v?JTa6gYXO;d1kxg6!@WWtMHI=yt_q=j3kv^8$+XG<e?Wl0s9N>m
zktV&5<2COw)3J2s<9HoMK92a6dim2KU&euO7s`+2;}EpEg5KJ;5xV#bo`*xC1JodQ
z{)=8_&l$=-9q6LVJl&ln1Ey{sTuq!A&_Hji#)XNg)rogn&<k>6=hf{BSGRX1V|4h`
z0-xe~b7KZ#r|@MoW$Y^WjAIDxJ@2{(`5Ks0Fo!$lWxVVK1{2aTavQ$m>6u{Uh=$$X
zjrJGQ*{?@W@$bGHJ;i@^M|g@S`*nwMC31q$lX1f3?`CTAG=?lgR=9#3Rzs}tcvTEm
z;HzqBe+3wuv4dIjcN)mp!5m@-Es$u)?^VF6)786kOq9P(OI6jZ+7_9)cC&%4okx70
zUSSv<sW7abZQ{Zv`tJP4HzM)Iw9Ol^#K?b`3X9qb3uCa?Wl*c$3EmlYf<FPs@ZZty
zg*(D8?7$ahM0&~J{988jG|jefG2)?Q!DQ@EGALQlApk))F&|PJk99mT|Lp#^CuZ;G
z|7R2P<s1I9iTRyMnwVj2upd^*Pwd+o3{TP{S20v=zdb6RE{lbOdA=uU^8!fo2=Myh
zG@^;c&xtYjsWbkNz-bcSonP@ur<UF|TKsDS?E@TiYsYR6&WV~&u>Ch3G273KXn&H{
z{_dC9@?hBW5pcAu?-Y(T3=Rbd8+aSx$N@NLK2{RlEe2<NV~}?h3Cb-N+{@^TVWQmQ
zIJT*ASufV^hUX|my%3r!(H_zRgHe;=De6nlB}5v*-?6?^DYrvQEJJhU$>l_#z{mLG
z8Qb<?^!}!x+)SV)Ny-p3Utf@(bF`rP0SgNOVAciH$6VED*v?ndrjT-jS!_5;*#+n~
z=qNcyMfslrixAu*!aOJ1j`EdnacHfWXO(PARo6ky2V&yeTZ2_Ku07=Z;4$4t{WhqA
zXB2d>&fHX7Yc@ES0#n!G>5$Xa=q@nFF})%YWe4p^TouPJzlH|x*>#k<VEO?<s6P)2
zVWq1<SB3edbB=<%Z(9$8+<aK&oNj;=l@fr|b=V)r-UFEYr_q@kJ&F^dDSx0f80>KW
zFqaVX748u;GV_(MQ5!=9atAm<`T%0>O)8#h7BsBANn;NLY6(I&%{m;T1@++jb0Xre
zE?q+Wy+Qc9iqLmR6AH<15&FI+#RPY}hfmOuC?OL2Zo=L-6>kD05~tm3gE@%0gL$Lu
zd}@Lpp%UfuY}R}1tpwWN@KNtXxx^B%37#;ZRoBw_1i-jMvnLJVuUcgIlMsJ_cm@yC
zBqVD$4ce=IXVzNB6)0<8P>eMHykT&fFsC~nBV~l+J2+=Sc>=ny1WbYl!=ogNY-3+e
zs~3Em*!;UGosx=aRo9zCRlALGbQlyl-Y*Ac&ed&hQ_zcj>VR$>*934GoZE3)J1~~x
z0$z;&zP8hG|DG2A9Teuk>o~S-S8fl9#dI|<g^lbFZf06t-z&Fw%s=U*_)5w`3!W$>
zIh0{E4trs8X>>x+Z)LJ{@oW@6PONb=<MSVJvaztjoTGtsojnRtsTR51`6g(rlI>2_
z6_DgsNj{*~yg|J5&&XlObgWTc!IS1iJR@f6Dc}tS&ndJB?p(vdu5bt7l>;Bx-ZS{8
z0(wM`9-6B8+K}qX_~pemNMOA6#&LRkA&|Il6*Gm|qk7K-gYOvx`CGp+7>=h9A+IE5
zsf7m5OY{MzEE7o~Hu5X5v%=a?(nNGSY5pNHX`&>b7P7q#`5Yd}2=3Df4?T!Gs0}L2
zy+HyrFq*~l!ck-@5ESS>h6?f|duj7sZibl_#wIk#z6*XP*tRU_Dak*O9fl8WvXOmS
z;}-By;!|tZ{)w3pC?|qG6O?J$Et0{HjkRwCGy-hp-B2qH)XMhQ{KVpUwS{SmSa&5V
z51DYyF$^8-D6EvAGBa>m9bq08mZl~C>T8&WSs>zaPJ3-Gd9TnyOk$C^sB9k&@f${&
zSe0!<j<3QHGfePxNAE9R7IS*Z#RE+<@rOfs$U;eJP7o(w$;h}Wij0lz$asRt_;Z+y
z_eYTt;WO*vYcb53L?zkUA#sDMHG#$oLJ~pW`89!QNYeR}v^GODq-JpcL07+?m_hZ6
z_^3)5J?C%Jr*>`A)2cq`Ji^l(txR{#RntHT_rK7Jfn_M&%^~&G6-*&}aRtj2HsX2<
z$6|C)HXOHB+~;}=*O5G$sg#<=jW@YQu&_pDAPy#(g>l!Yt_-1Sr*jz7EQr58SC_wz
z+8|m_;2CVr-gfR7l!p(<OzcJSrD`h$W)tPl9DMN+p{hyZOAd<4bTXQ4@T0CE%4fue
z!wy>mI?C{cKKTC(o|QEm78;I=@(wY(1<hR^GUe<IjFLPLVZ<twyaf_p+$?w=gx^~Q
zxP=;ET6XY-tuUV$9m>`J0JWhdZb2W4u*UI~jv&k3oU6W&%yIs!=%;Cl=rQ?dX$%!e
zd?BbT61pCt8wO0*W-OKWi+tf00n--#f|ZNPFszzieizo!pdyn4e~)n}OH_;px`a89
zdG{M7&(MNEAHBUGumrG$%2y7dm9mSI#w}4@DxIXCQTx3{BKjLTE5|w3OsPmQpJ%E0
z6#sz3tmUip<_Ciu2a1yimc{&rUQL?}u6)2+;A(6bxxVddy}zJ?V*>gu1O>ze%n$yT
zDGz4}kk2A|mSTm8Z-BlGoeLz2=sT%!f^7$1wGdBS#Oql^zPr(R#_da&#x2IfeZ(6~
z8d-dm4_#|2Tf^(DTy;ePn<XE=md%n)!?tVwDiQIc&XOMOGK-+sJ)v!hutkfq2qyyP
zP^Q9ceU*7*YATHT>bUt`HRtAcx@u}x0L?EprsL}`((68@$V5TPlo_f-p{hc)+nJte
zmrG4BhUowc#2v5Bf6~l3<b@W5yVuX?`O^{+SPGVQFt~=1K}d6;dtgvlBRFhg>GpOi
z3EEc4*Cy8cRWl;<lW2vDX6VMJJD9qL1&8!e{IO8{*&U><HN&cc<?h=2N7CaEEnTp+
z+53BNEQ(?!`RYmXdd*=FB)KN*KkauJiRE%8f3?j7OK3B}?uxmY@O1QM0!k>gxJT4x
zLIJ)b5LQ{(&-jfqSq?AI&OTsHjL_OVL@xOh5n^w;)YLw<o`s3a9b81H*c;wONqK3T
zq#O`qcVK$d;(zICmNR}2^epgKO5KgC{<+Jvd@;Xa3By{Zg;Qqs(~5qYri-6R(sG_C
zf1#-%^0_+X9!fq+TL2VxFoUAtd<(iqa0ev<$0YYz=zd?h)!9c2HwMbDdgv~IXOcsi
zZ8iJRz6Kr-V2Nd97EZQpCWk_7$`I%e_2g@<>hZ-_H37ye7F)A8XCHVYi(_>~zHu|W
zLG8h77S5T9TbmT>tgmcF6=eYNE)Jn_*D>WU9Vazhd||wjzZl!p2%vBVW2l~^&ssSl
zBr7%NSa@8ZJ)V8ZW%O7;)+l2;n(%m*#*TArj6dcQQYeBk?y79dZl_?l3Nf>I_jaoO
zbk>`TVxq-$DGb+nAtPVpp^N^8JT$tEheknR92L%JE1V96N8iT6+u90m)z8cKX?sc;
z>f!}3FW*e7(EN|+D@WT`lK!iE!(WZZuWo9$Rdspzg-m?ml6EiHNT?oE6Y%lSR%+G$
zcIP_8zs|F7cFu=ycEgWAA_$Japa2)%25bJ!F4~$tehm{)K!xHZW;}a$c40zo^pa3S
zyzSb%wbxj<a6G7x|9>yheHG`VaJnPoStQ!+E82Va!wm3q*7jg1z9R15G?kh$JeFsX
zSrsqmD0)-`DHFn*G*jQ|bg{OFE!GY`Xb$b`KwH&WZSlU!1ozb#J@07~9;e{byR#xg
zO6m9ipj#L^K=M3brtkrE2GC$0FjM$mGR|2uV><nd7i?bMT}!?^Xh4QGGYv<z{Z-BJ
z-;-CMru-f!g*0vXby!q*K~CNw`Zi-X9k}Q2ka<|<YPry9)e9@$9omYw)GXqHW1_Yj
z0K>uI$*YTW(7&-t=b)bv(?MUqTX^2!N<@DRe_)n?al{U`hPD_ps8}DrRxwC&>3&I0
z;w_??Po1ptsdi8^>}W9DBFSPplxOg%JQQbuvOOFYm2ohs4##i;n*f7x&Vhh{DT0#2
zT9HTXpvvs#P(QIk>YL=r+tLWcbr_C|zPgGHi#W8O<@NjRO^F64Y4qKP;KHJ`1^Gs@
z9de}#!OuWFQH83bu5bL?V6b2){0=#%0mJgX^8g5DpPIC7D_QVNzDyr&tT-aRAMq_H
z$xAUAHYk#kXH=c&u4~k22@4bk@L~cu0^S4z8z8q0MtH}E;q4{_w?hRghTZ=rkmUfd
zI|TMCl+*?Ub{mWL9SYKiP`{8Fu|FEMpAE3GkQif-nQ=QJ-I;)4Is+z*e<3y;V;k8-
zn(SJ^d)6qdee196pTNKSjg;LYcw3Bc>lF-NBb#S$;j8{knk7y;<KRQ*qKO{UL%^9n
zz&{|QPKS`$crNo@d-_euj-+2R;-igzzmAWC>WTXZABMebp2$vTy@+CW(2N}(tB;;Z
zp1J102t7YhN<0{9B^(=a@Jl3}eRDbh#8>vDy^lv*u*LqjnV|zEoWWTy$;Z{kOpXg|
zKoaz_G83?FRy_k1gyjz=USjg+@W9yehl$lIB+s3I9+jeq?58cXiDnjj#Dgkf!_kQS
zK;S_y@}R&D7?AlAqt0L3`0v1=HvSWA$6eh-#CM(QAbejAvi8uQI+e9wAQLXW7myB%
zBO?HZick_R>eSs83GHl5(f;$&*yCwhD5tidBw(nVhU2jMfSG53S@euI2l9orZ!-?;
zBG~E|OcC8dqkTQfU<Y4x2>Sn1Sib)4SyYSb@C;m%Z@18<2Kv>@2WaVfTJ1~Q4+#_;
zlEH_=M!l$RYxI73D1MBYV%EblGZfkOQ&HX}DI+v}W3CxZtp~Nmb4ftnalpb3_jMgI
zT!TJbYB_A@oTA{lsf8_~)mN9AIT04L_NMV>+D{r!8{iwX4e%1s14~#0efL#y^WPEV
z<815u`t87FFSpw(B=z<2hkzPJ5f81K)%V>AEO?MWD?wOYUX6hq|N11Y9Mrf<b_Q}r
zWNWh92C(yJHXplNE&NKshz`htC#CmOnVfLDX_;WC5AH`bo)0Y=lJAPOXs9fQ={1Ie
zeyfSC0{D$Q`~0)H>~mq=^hx&V(}a>qf?Ni_CQTEI?9)n$;aC4~r2}=9@>J;{&Yv8v
zv@5H$JhIXmc2TlprM`mx_Cl#7T-z>VWNlrkwt<`<4`*3z$*i`);o2ropLWaS@wZH2
zwPn~RmA2KkQde6t)n?`V^TM^IvfBQ6C##LO#AiI6$?>TL>2(EJ#o>Cch7bI1L+Gm%
z_SK*7Z0nKeD3eMY3{7xTGKrz7U$}~Magm^;5Ga|P|EIW6r9D`s*R+B1%To*#U%{Yh
z;^ax;s@~UC)q|=U!uekeSCz=BO3<nTCYU~H;v`=|pGlLiZL8*Pc;A0%_@gBDQNx^2
zr;6><?6*jhr(&n-3NogKKg_`oQ^MG=un(V~69#<ylML|i7ePZL#1?`$i}S07C^}4Q
ztE2YG7<BkZS5GR{lg;^GF+_DDIoydN`=p{02^frZqOGcX(QJF7ZdGSwrZ;5q5>eU4
zJ3^IBnmp~6@sp=dYFAl*9b8ES*8t9M4#Q<;RXM{|iNGLJCfOz8m{2uebCK1UshSMV
z@8v?(bYs<A9<IhNO)0S#Uv~>*yz6c$nJG@4h7`LbT&Y`EX*a6$GA{6dj#c)~4zr5A
zaPkyjl_|);tPW>U+xLm|eSa=+1^d1``~G*c!-O09TShpLJz3!@T*-pmHH_Z2>bg^P
zgSo)|81@?J;iNw2Ftnv|BMQx_xG9HmkmtUPfm9bo*r9|hd))c8e_(UuM4BU~M$C~D
zagJ=WLz#L<$lxkn7l3u|JhmCJpqSQE{OWjn7aNOV?TH@-x3y)0C;xJ|Q42g|2z!Z+
zmEyZ}A!FFC_(r$K*}My%o=SpGL7qc}9IFskSMf)olq_qHz>RwRF{<zo{QfElYZ;xg
zsSl?Llq(^BE55ScgA11U57~EQ3j98n&-Sp{V||f6{&U2Bi3LM>-CienlC>ir9@?6S
zI`eo6sz=*%qWqQG@;L3#QLYiJ!$;GeJl6!O32nwD(pmBWbswxkMeXcdlE;NqUroQz
z7PEJsz`Z)qC(9Xxy^D1D$QixK9w1pGhJRrIbUL|}?HAttIL(iu_gGwbkB~uBEYAyr
z#OE~S>{KV=vRE^%h#;=E(_~S<Z)9;O>lU(YrN;{`G3|xs0y@Z<xC_3Weh?PvQv?J6
zR^oTJK!21`R!|UB?NG&OEg)oR8!3y%gw5WZcvyoccTmkAQ!vQXk}%t9qhhYcxk<lA
z&P}m{3g{7nc6m}upewnjHQIUa_?D`grC+cuq8C8R4TP-NhThNEb+ett3l7^~Xj_V8
zs+JJa4vx*j!8$L>RP9<)t909mzt9FWDqENY6XOy8E~WjBPEwoLbmxn|L-_l*X{VR8
zS2zOCv^OP5RO@dI4MochZG1E3KGw6t1=0EI!^+@U!IzkgEmSo*1!f4qc;?E-v@L0k
zUjzyq(1rLr0cgNjMmr?GcrkMEc#VrkhWX~k(9SaBomY<`A2+MNaWOugf^e;B2hYW^
z;Q6x>3!a47@W_iU2%hd5JZGE?o=sQBgeN{0JiTJVV~7pU=|?UIp5;dwJa=pGjED_S
zek^!a{3aGWd~A5`x-fW79%1l&yMV#->Qyn}NsR?hlN<{kQ*3y?dH90hxlMy-f(B3b
z*zjb=f@e-lc#>knBVHIhI|B@!b@LfK%kyKxGddPLyQ^ctlM)-AwdEHCPoW0SU=5y=
zc`@Nhi3QL2nD7{5!;^hs@cjKSgXhHu89cYehNovNcvi2B1y6izcwSg|LGWCv!P7;9
zXXm(>@LV1Xp37pw(=|3cNf!pslYR!zBl8$Mg|Xr37Ym+eSHyxRF*ZC8KXgIx#A)yx
zet^OA_pveI84wGegqZM{W5eTjT@XC;RR+)X8a$WAhQ}TYo`<Sp!DERH&vh3D&w)b>
zo^AItc%HPygvS;Oo`aRK;OQ0{o~_Ocf@g{b&sYtfxY+RI#DZr=On8!G!(+QJcs3nm
z@ci{Y2G9K5nD8XUf~U?M3!b>x@VvR;g5VjU!P8rV=fD_*M^LV2wzJAoQ@|v6kH?j%
zGk*vM-7Q`Cr)#dOjrBa2o+otpJe{5!I(*);AD{CbKL47Yn>u{HhMp&N`22Z#p3>p-
za(Zs;@cB%79^Y~Q>3P?V`%ljkJMRBJd~WWz|Mc9_asTOgw~qTy&yzduKRu75=VXlF
z4lY@kEVl@rl<7+|ImNWBHrDyVvLj@`Dt`f-N(($-rcXfo#;B$8Y&>0FY|S9=25sF^
zJ6Q8>AO@6=sT<=s&C@_LL@P&gh6;LHJ3LRv^@V`!U9QeDnA$le@Kux#5+mq3ln2y8
zkLg3U_%xQlAabB*y1>TJ@(OZGM}Y8m<Qfly-7zx|flMb4t9Q)9F%+^#kq1%(qGxG%
zX)>7EEFcE-CSI>T9&NY)g&ry#W>-qt+G}!4V5t7oc5K*dq4#t%=SO3q@Zzi#7iUkf
zgk$HX!Q#vvHa@xU01o0q>h!x3wDa0Uv)Hnx$EdLJiCLYa6}FCyut>Q^EA)?y$oC*9
zXbE%?5QJHJRAB^}A8H2S@u#=ey+00^;_LVOaO^>S=z%VOa`?QA<-`(zFFyQ)xlW9r
zrSde~B0;Z-4O7e*h*|QKr;E6n%+S0h62)cbX@BUlz-ZCuW8M?K^uR?FDxX5*yI)G<
zw6|QT5t{?-T+Hq(A=2S~d{JHT=yWcySF>-9|KaOg4%6)B?|_?Ve>Fi#S^G8l{IKXG
zf~|o%7?Gcljw};n<<l*ff599{Z`>D;ST0twFs?{TE?G~Vg^!n=Ujcs?_Lh$c-h)QL
zIC>5|L>au|PN4bw$ZF)xh4E6*O{7&lzpe)|ZAC8U>H{$SW=STeMdS&}{+t>$e@u7i
z<2hu3DeDQvc%El=UWxlF=sCpjJmVT9^_F5e5Oz?ph8<J{4cFO$Qg|WKS>>WOXO*<y
zr-fd0WjN$vcKJKpHZvDvday?3>k}RZ8uBIiQLeDAI3JMznc&G^)||_!_dde>&rhIb
z*<?a!{H$g~c>b;UJa16~=l=>V&5%*@9ayHqH^nRsS$+<g?r6WR$kDb}I<S{T(XcTW
zgVj_m#z}5VgoD={fxq87ho4tde2QPn!T$vo{F8xyhU1?C{8NU1X5pWC@TUSr6JA$o
z*H^Ubd)l=|yYA4g`?YJMc14kcSBrMd(5}O^Yk_tx)2_3$>pbmRp<P#L*H^Ubd)l=|
zyYA4g`?YJMc14we+Sjfb+I6^gEzquI+I5z8ou^$ZwCgJE`igdaPrKG=*B#n*zjkfZ
zuDE2P_O)w<b{(!=3$$yQcAceN=V{jp?Yc_4zM@^<)2=nzb%%D{uU#9pD=x9AeKN+Y
z&R~};6SH^&4Xk=N9WLF-OtUOnH0cQbqOn;l2XUWx)<-xv>u_-P4F#HlLHg4pnefJG
z7@aSV><%w{kF5H^njRbmT~9|TI39z~<G^IuDAzbN-?3RRG|wAcT`{?rz1n0A@T(|)
za1%~RPd?w~E;fxo#97u%ag}h}Zh4Wp{SI0$b{J_Emj&@KldnPtn!wdCC7oH>q0871
z7_>uR(7veKO#2YK{OBZ@e%@k}a45T2M8Ktx{UYuUUM(mK0ghJWx%tV0Qi>MRf~{^r
zhJq7XIgfMCePw3mXuD7)(?9=_#E{*i{s3iT7S7=t$`d$W0quiI^1KX~i{74!Xcs`)
z$gL|#j)zi<U6};%!i<7mdN3u|W?)N3Xh~8=N^%Rnb3@pA;sz6WcOZ={Q<;h8*F)I}
zX#qTHN;L45gP=YCCIjZfq2GykX!oiKe+%;1y29jmL7s1^)#n>3L(@U*h{SKW0`w5R
z5=VWptcndsVd6T)bKF||Bl3lxfj~;h%UY9xJcRN1Jmm#~2WH@W151jIF?s~wCd|?+
z@P%kNeOd^9Aq?096V$RGzQjLO<4G=XdyRs8Uik8;r(~>qOI+w#k*ZcMB<)8-UP1NT
zWJ%5vmGK5qnPe7$*Hc6o0ciyl=S>d{*;s(cz6L%K$n?obc~%88d?LxSEWn<VlPgY}
z9?A@ifDh2)94#;^%9G<4Y{seRFUQcZg1xkmuQ+XREfAH-=@kzr$Iriu;!d=xBhMnC
zeGYkvS@b24&gQGhfDX<k7o^j1i!Yfi7+G8tjBF!E2XIw?=xe}Z4m`EN$ZERyTGQX)
zIIW@U0hquuy7(<jHz6id`U}DBG-tXBL}dx+Ph2$Yqr$Kc)~Z~124TlQiF;iGnc~6N
zX`j4Xz55-GIWFRx-yMY?UkP$i0p)+gM_(Xo{bbnQ=9QYO@!hP!7R|n{1p#oMHabTD
zBAip;O@4Jza-Qj-!HhJkUEy(n4mh&eSCGtzG}98Yy351U1*M3Qr9L7pX3|moYNiEL
zJgD8(OF->Qu2ZiWVjyKC>6Qd8@I<4#$Q*}E*yzrVb5$VF+-hL^1wnL}i)Fv^|0#Zd
z+WBwu`>oFZl;1xJ{5rq?<Cp)I-%niJF~8sOr!c>73;bLBuAGMz+pq9@^Us~|`y+2f
z@Vg@r$?s3R72@|_TDP_FyHLjXecm7ogAatND+A+8L_33`Da-<!)|zsQ8I752TEtuD
z@V2*=1fgppMyPgXlU=cz3FAM|kM7yLlJ*9zZG>RGt2guhY;@maj&r?+q2=g}OaFnL
zY$XSnX4Ui;GG~Q81$IQv|7gB8ZmL#Oa!yTUjq4K31{>(Dx#e#EGj*=Xi2EHtt^+y2
zM)w2exEuJ&n!j`H)*D(rS$8YHaEQlrWi`g<GS9yeqY*38h!(+DWM<2bBH&1A<Y_HP
z5k^7Xqi$qR09(db3{@VBp>UDfYMMV#iG%vj`HJG{xz-G{0*#yxy$CDlzWnOAYHS;4
zZ+>-hT(tx}TU|UNSZx{^hR#<!(m*%tLv{Q`23qt?VnG4I*=jeu%0-`tYW83ha+%Bu
z0UOI&QBd$JU#Fdb@hJdtnwH0_s9x|q48p>07M7i6(!#5k7O-9`Z0Sf^i1In{%OiGA
zu{F-_-aJ-&T+A0@C=~UUdD_7=lN!a<vp{ML2kDfe1+eS(L>h2K3prjyn3HY9ty8Sv
z60HK-MR|mFM@nJ1Cz9OrEKOO5H>gK#c^s9wS}I>wm(myvG8y#U1JN=_@NxK-B$r!Q
z#3n)hHfL)@>wcTcaS{IUj5Sk`DT(o%eelqec=L+anT{HI<of9b|B&}MP8Y9hHIGr@
zVd_YH-+(psqhxrr=EVoeIP_rf%!QhJhHKvS8r96N?i$zuzi;q=^{$qmRcAlTHUqx?
zB^ZS9;T$I^3(ROnK0@-`ZkCjBV(<&{AauDz*<@|ByYDy0v2dr9A_+r%jZnwJ$P5hW
zgzYn;*<L&P4Q~#pe@P=rdJyAP;327c87$-idtgz$ft{IdQD6Tv;#_seL#?9QSAZ^_
zZ6H;lKLAdZ$6!MD&x(vNaqmPX+n&CZ>5%76Zwtocclj)-lJB4@i+)NV0r(Yv<0$wj
zUwMG~JPz4d&a?7W&lqTi8J~>%tjjS5Uf#!R5mvHVgXwYYf)gOe*PL4Va}c=Mn^#1U
zr1_#RHvS8@<oKeNFZUZ-gy#iYBftC}tPP|nZu*g{i0E08LWb<Sajjo=@7AD0zKT5f
z(I58|`gqpD4CD7>jAK}~Ah0XZD;TNgVu12h4tN@tVf=EexI;PSf0l9_>`~8B?%j@v
z$v^fsltvNMe_Lcj^DpVR5gP^B1aUW@GjZofC)R&o*!lMouQY2s^OZX9b>x`?FlU5G
z<(^I+9DCHXP&buiE83P;eFPtcIQ(OxwubF0WXS1IRbUCt*<Y#UuY~Gt!>*gc9%9!n
z>8xvk5&wR_7*tL^94?9pIpp_NoX`&mvb`WQ5=yj@@FP6&=b~xHgj5<_-tges`g{23
z?>HEaH*F&`=|fFS8vxZQPhjI^c7IEZe61Lwm&NBzl#~a|Zy1~w+|lhSx*rARuFNyy
zZ~>fIDL&6MtK|)tb-nP4oqxK{ZvLFFe8@mOV}?ecnW8qj77zZVZ2v@$=?ckqns>hj
zFUj{>O+tQHONB|K9<@|ZD$*kK)VaT=r}~B9XTpG8uqszm?<N%#C!zCEDyu4dsX|3#
z$xDMh6+=MU!<IhKqP@D<nyd}=b!@0N&`{riBb_fi5gzE<_|-M*aIEu1yJ4vB5N=nc
z?4y$HyvP?F7eO|q2%ZH7+(;0s)3}MAyrF{Imm-j32^5ZkLeX%P<X!f0zUpF%F@AeT
z!_spd%7j~ZHqGBaV|gFcWm5OP2#hen&?dgnk-Dlz!?3;L(PUtFAG)W>N9^b|mz-yG
z33lAL0CD8Xr45f(b=pj<au-^UWdh6iFF`13s*Mvoc|$Ot28-KuMqRuzjSWPtu7vs5
zhU;=b*)(hNvNJfo)*uQuFcdbfK@@IeC~R?`3E}Yb4Ge+JUmg$@lhtrixcxBsJIEY5
zg(G4p=n3llQ%_QcdST6HpR#{K^B}e_Vo(L|VPno#Df<kNaGQiW<tFv1{Tv-XfD9<9
zY;xYyk-Q6X?c`l}@+<Ivh^;f43ZCRFQBJmso;;I|ly|KFQX&nf)7ZQ{{Jra;=wzLm
z;C_>h`uk88eSnz2+1^-^b2O)hf`t6>Tre1@m5-^9zZ^-%Ds)eCD0f)wN(mtxV0koM
zP3nj1$m6QFEP?Z1+=?*VS)jV%Q~zQ*(QqS!i=GltLb9Nirt_3$PyORxaE5^&YGMlG
zD<e}MiLczx!_$+rF}z!y^E)KMNe$*Ii8^{5pWH}#`$@lzKJ}@KPi_kaOz0;co}#xF
zF_Ckkw<S7%EIZ6%z6l^KhG8%c=X6{rA^If@;1T=`-MxXOzrrECx)j)#uR1|_FzeL&
z|3#A;a4lb%gE9%Xx<{DU>WS9Gqv3~t8u`i{6<}d(I1UOdZnFVNzi?Fj2#ft?r_oeu
z9sXH^e?Y2u#bxL47S_&R37&Z=f^9eNW_d$T!uvm?w!EC#1Pei-s-CZ6*+Dn?PmxxB
z+QKhK9)@>OxUJD7oEPK|NVwDgXUcU@{PMWnQwqAZFG9C&Q4{V!r$DAv`*HDGXEeaP
zV~Cuw1jYEi!GD_I_5$OB3d(;1itdT41Mw6izv&waE=Iv+gf9;Wa)XeK@f}V9u*;xq
zK7LRye0dO&;@$+sXHEr;&{_BcU~gibJrmJc=p@{)!OGX63Qsbe_1sQ|)e>KHW`f6L
z13g%5-X{+5p`od5c3Wpe=p<C3m(OES(yXB$Cq#yYkdR(SzTQQ<5l@Ca#nt7>np?Xd
z8==>pspz<u0(v$EU$$4Ax6JP$Dw7PNGHuvtQe~%QwFL6vfq8za9Uj=>!FkyX#peQ-
zL2=xCJVKjfs5Y~B-Ek-ayBVs}%y5%DtXj%K&D&*0e@i(lkZ7;?%urlCBosR66^g$|
z`KOPQtdu|%e&Kh>zbd(wXbfM;!!QL|TLw!59QXp3=cAbIc&2i<gr_RqJoUUVBoUJj
zx#MwCz!3mA(~kg=@@_?p00Blo1MeP5BVZf6&qlz&$Pw_RHUhe#e(Mgx2zZPUEIb0R
zT0}QIZDR__^I+#A05f@u!Oz73yHW2MdRqdQvsGNy%0`0MlPtnWz-aPc9`;Na>)sR>
zdREjBVw&o*WJ*{QV-Wb$aNbo=z%Y`a(5SkU`Z><u{Qs4~u|XRgCt+~p(BSx996(M;
zeQyP&2YUP~gQ7KZP=xT(HaL#i4ZDl0=S2*T@Eq1X!k#6xGdAc2R7-PeM7gBE|79za
z{L7C-Y&q@9XEOhMT6BEqz4^NJum5*Ny5FJwDNu)%TPSLM0)=^dSl~A#fVNrntVWXt
zKe>!ON0RJjR8_CQw+GWcYQ-YddX~|v-{ZQkYBTm1kC@r!(}#xv=wMyW&NpD>7w=}F
zIE*w(>(-`)Uu)$;yI6eHZ*kJbJuJTRPoX(GQG=@TZVEOs3C4L6tu`=p3EM`aO~3^f
zrHBS@CI*Ma{jO;}4TPX%5iQqSft0j7y$+9y`ZT)7<6dwPP1w$<p@(>u6w!y@GOK!R
z1FiNcPOFFkS%q1^>G3{6KBa!}GT{Oq`wQ7DkEMSImr?_JG5*a<G0u0{b^>mK;nDzb
z-6OP>&;>ox`O23$wxXN#hQW0$%;b$?!!Z$7PoU283&$g_vQ1XdCry-%+R(Q49r|b*
z2RddR>X@W2pHwe~B0kGx1(hhu17VN)|FHKi@KIIQ!uXs_CJd6~3>tB?sL_s^5!8%;
zWJ=T-lE67|22fByQK=}Uii%-|q(C7$3FO@4D7V_y-r8Pozdr1(^=*o1AusY0fdB%6
z%0q=S4v&Bml8|KnYpuP{Jd%L+_5JVn{l5N+lXK2~uD#aUYwf)rHy@>=jKIY-fd=)<
z#1i3sI-gnJ5A$)kN%#tUhpSs7na~BhD(L^DRz?2Z(Eom7=zpwiV26Sq+GQBP!e8UJ
zE=6sRtnYjOg!xSXs(=%q%QXQ;t)l?t&RSPH?J$KWCHJRdkfMh^aVAkPsAKHlOrl`m
z1-5uwKepJw+2RReBGD%4iZ)j>(~n}@P*yj}+mCufK9CDGevf?wu^=p~-AJh6Iekvu
z7Np~m8$0UKf4K~g+z!j?<=%D>$pg0l7zmn)$KR_yk48i3c2jeuh{*t>{G6;$scF<y
z|JwQ&(dYp716=>y6%z+<0F^~<J+hXmkNaKCC>{bBn=mz7a6RoVy@|U^1KVBxd54!h
z1jix<$C!Mj>%YI7+cxzDVJ{-^tfg6?ZH;yyqAnzF)I$V=1Rfe5eF$K{$f6*WIyz1o
zyp1eq12}--YR5@W3N0UvGjBsLoz5R6(npehF>qfC4i5<LCyt<(8iO`bbzm@{F5qoA
zG6=n(ftM)&=qG<jTjV@`8t^%u2IM<{=F#W@d0&{x5n}oNBrVh~R?Ne_t8BRgneihj
zsDd8$X*YmQtT<0D8SO<O2JaAV4|bRX3&_-{T_4gydK*yQW5{YnGi#h;?ncs$*F`CY
z)`T0Coepw7qr<Y#!>BQOK~RFOkmZU#p~U8Mp7N=HPu-Cf$h98umaR+|D3Xz)_5^Gg
zgGmwE$Ob{y9<#GRNY%4hVio5pTB-O=cus>ST_EKXZ?<f0!6MMFFenupUf`1O<P_5I
zCR$UVPh-$GrEncTHsoB=`axU!@ZZsclf<bp@?BRM_IMaC_{%%CM9GM5n2D_Vitb`o
zec4LrJqH=%vDi#MS!*_7^Z*P%gwcu0NX#jxC`CNn@fB3H+(G#l#r5ORGEuC^!ERfR
zhp&k(pIGrbfyNJV5sdr41q0YXBcWx0jaj3lXe~z;V08-SZ0xWWpD$_fe?^2rTqLQ=
zppM8Gc%NFFshtmRyVZ-}U3cUPz$!c<yU|m*SU_j;)?;E-){T`jMhPG@52;Ky1MQEK
zTaWvkrxhXUYDaodW;REQOwq#1ancj@yG==U5bJSz`u%HS$X4-e4=T#bF%>&Mn{dcv
zzxPRoK&J^m^@6UvsE2v7J&&sHD?OwtPee@_>M&J#N)I#lTY@FL80baABgH&42bqQU
z3YY!`#5w0~1iFN`eA9T~A2OpXl|oMu_%R%lq_^%i^L14Z>4oFa2Ia7xpJz=D4*u*c
z798Blf`k7)1%rd*C{Kc@6aFh7@)!8<c{k|p?`!dus<^Y4jkf_m%eb4LN9TVBK`A%I
zj2QDq^ZV~1HdEwselYmvSR(?>AICB~MK6AitMNbKudf}#^HB{!`{lobpD1VHCvS3o
zvdQ2lb$$8C7ebt$92X3J;&Y!`lEaya#eWYn6E9~bn>VmSpo(g-;_V~`vQy~KK>VD6
z{3@A&42d%jKLz0-<`KAr0=F3)BXVJk+#};zsybvXjFFVw@%J$jvHU}!FU#0s;w<Ag
zA(P=yJZ9LPNi5?pw<WWTNA4V$W!(4HH?oXlcMQZbP)$IV(O`<RjIoI<BR_#<05x|o
zY6d|M$~H2JUON386paJd*E|)c=%Kx5q39v!F^aCc87TS~Cy$2b05+HQ4nWbHI7R;!
zOKcc`q9?!k?I}9CBY~oe$1;k3XmlTnu9=ZU(HmnFosDC-3=K2WDiesfo)fWvpZ~(O
zE62Vh5)R}t68_bo1QKo=WsvZpQH)ks3`!#5E&TNl1~C%8Z%{vb&O~y4k;ob3F*G($
z)ORq3U;{|_7`*TftD@cLbN6CsNT0J;c5enf^#on2sTM}i7?;zhJ!mDO*052!&%!&m
z0=i*gNpvuK4hBENVZd(=ozh{TGKz6W38~nv+zdy0Sr;JLa)4x6mszY>okH*Zjttn*
zbLeC`Q&AuII<K;D^hmntb_y6kwE<AKnUum4AV`IG;83C)UCl2EvRL?mB6PCh$o!T|
zn4~GLq+6~@bj$U6Dor7^SkZ*>P-K9+pz(CiRhb$)Cx_vV$6G`*yS8Je?nnmT0TK?E
zBe_%wl?8&r?~Jm9${A*1JXCf?$0ytxO^V%yjUda(DFC7w^%%(N>s+yFd?w6z1ZEsF
z@_zzzsYNce3BFFttelZPLJB<&8tII!SZ7lXtCM~$B{S=U?f68=CJbzq2mh%7&X(l>
zIDiU6NnpjQ$J0G!y#ktG+-8$B+0NgjEzXk6@J4M7e-B3I+J^6nkI;pV&>FrPrw7Z+
zj<?Iv>K3}l0Y$m86Q%Ot@=X{*^eCN%(RIWa3sNSE#FGU~l(!o1N5ThFSd=}RaghO=
z2J!{>Xh&c$Kj)6zf`(W=GsO&jz`;eiQ&ZDSeRyv!@?N~==M@!oE@<ZU370T<>y;ut
zS<8~7U?NU(Y;ae=Q2v}S6v9Us%a4e+z`L?8A&@QO{eX<AI>f5m(h-r%y3!V3B$*!v
zIGu=Gh+Oahe_b4ApgO^V=};iyTE*EVu6iGtfzZj{WjPclZUpL912C&L(<V8C4zMEM
zSwmoMcWslM4U$kJsco{mU0n4F-OGZ6mMvjmo#iRO^Ifp13LTMq``F{7ympCpBb4b@
zT~MMslArXwqS`-#WH*-~y5++|z6;1NCF-g43(5K0Bq!y;XkbSq7{9b)n^;LnB7)0z
z;HpoeqZ4#pLEKnQIO})h72*<)g#S(v<!H0dT@!ey$hB>a;@;+8>I+Q*+Vt=6On^dJ
z*U8apD0i>uQ(JuQ-Tsd!078$H=e44K4#gS(-u@lAP-H@8VP#<!P{7hCW{H&4u9f>h
zm<6>FXat84xddSsneFYZhLVnvu($x}tevdD`H>XYHUyyaGzuiy(Bk-XZ&?Q(M`%l-
z!0mS9RodcAc(g^*T~T~0#xp=z-!9B6grsB*-;Ipj@QsO~`HkeKKLcZ8^^!cDGD(|p
zBdiv%o*Ax=h@1G1O-mUMue(*?Gc#P>k?*2dav5Ga$N0zS6i?-7;vY8x{{SY!{AXTF
z+-K`z!Hj?QNju#tPZ9dXPe@SDv(cV}Lf5j>Uc55G8-Ji0P}Ainx)W^<H~kZB4$rEH
zqYcm{3LR%8sN#wWXkH*tBrkPhhOAD_!mwyoX4|d5V?v1m{aW-X5tGRXTN=iAUy8O2
zK!2;rKS9w($<fUe%2upsBL06^UxC*{=%5kRFQBT8__k8O2A9!!*fO8G!h@hR1N<V7
z7{U>zF)(DhSB%p`vtp!xxf<Gak;MAmm$4Dq^c$$*#b-0TxwOB%S$2Zejq3z1kw1)v
z0T&_TdJTvxvWL#HPO~@H2ic(^%sM=r&I{Z1r7I~p6(4QI?R3{iUlwWfC44Kt>szxk
zW>$c?Q<-G4_ZlXdn4@A`TxsAhkM)XiY2-E&I|BVE{?exB^OyDTlAW)y@Wmv9C=@Xr
z;I*We1;4y^6iKB++G{A9a$M1ng4H%k*hHbCLv&NysEhZ~GBW%9H+t~_ZIbkhD1_%>
zeM8j51*o_2FBXmX9wRizf5pE3Jj$kXISevEyei|btu*$S{bB%Q;5wFy<Tksjy6i{k
zDUw)N%km}TQFjg+h=ER#61Z%d6l}Cp`)aj>iDY?%vU;mDxT(%n?P|u~Bz_%>qBg@}
z<o0UOi$+l`dtLa<=%n*?R=zEvin#tF3~uefkl<9^UF*+TJW7A#hcJj5S2ail7grB%
zqSj~@+EAlh0MqX3>JNEe_^=!vf*nF|D|@wOn$f-!+b8MKe;rwrV#w=SzjN_*y8U4g
z8JeNi#m$48&}9-WOl@4$+)iE$wSir;!fg-H4U?`vWb`q+E*9T9cJ_*j=M=U#NzPA;
zr$UEQsY!GM;U=sU1vu5gV0&vy@fb<nFR7jEC|y!Fvq*5$eoWL6xrj~M1<fsf-L*F|
zL9`7bX%&#-<s*nXbC8TF4aQ-PY<u)t7r?I$&rtmrlCe>AOTbRoD$Gpq0=ie>@vik$
zq|F0*1}FlNLx`)Rw#SI8V^=#xxq0o37`HEuPxd}GSx~b^VbDqcT%-X-b1BaD;yEz;
zImYa#pJn#r2b}%w%h~K5eD+5BffqsYhqf307C`a61W^1}gs6y{ZU%4sHq+;p&AMe7
zO+RzBG5yioV$<*3$)^8$muQOR=S#}QAh9@7wAI9O?(w~C&($nYe=$^_&+C6BtG!5>
zcde%rdUc;`n|}Xw=o(|z(D|lx2-fsmN^jVO@SQ*|)1W7-EUv!^aZ58ZFWMH#d9ru{
zw$W@@{O`KNYGU~wa#`DH)b=P1!~U?gKOatSFaj2@bS23FH_uw~9m-L6@Cq_EP#av;
z`VSr(V&d|AqJBm?InIThB(uQebdiJCF)}a}BQm&thncqPieK@)=j;lXxE}3M#qt-Z
z2|^sP{2AIBb13jW8iYMAR!Qk)oheL~FY5%YMj{oaGy?=9P%5NMK(p?=N+o|JiFKGH
zoBW^`fY1e#iYx(%#26e}@1iU*k0in8=%u8+#p0_YKb?ohyY;Un$u5{GsP&i}Z7gzq
z4g)6g^NB^>KJ`@i6oGOkMm%al;jbH%pDCFzm=VFK;P)o`pDLSir`Q2S9?t~%mBd3(
zko+e|Y|LRbvp_*=;WA^%`zWF1DcbTDo1$f7W&-EeDEDV`yM7^H$Fm`yw$jeuq%F>X
zCtG9)u>a1q;;-ajV}>j=QWk>9BuVqw7(mS|=`x)jQ9F`04f-gJw_~GrGC{ys8?mW2
z*3>RV%LPCvAYPJ1Z^Xv&1>`|R02FB;YnUo(d>>amU;BQR$>%&ptLopW0S3TYSN;dF
zh2`}qn_~tX(%OH<K;_6oZD%BaO2q8z?ww)<df2++@o*(~2hWimDgg;h>GnX4{OhD>
zEr`Zm5hzswuK!Wx3{cGHHDLS$r4`{{5AeSY^wU%T|Dq_m7QimG@_-adZN<GDUHP&j
z*Uw+W?@WqZQCD^N$|xpN`rK8GAwp;O)>hKkYN1jMtCWX%3P3|1Bs=Sk6`Glj>KUxi
zRAYtkO?-u#Q6J+gw1rj(l`?{A_;r@ODiMD$c|FLBmy)GMivP0wwBoDr$`~!gRG7q%
ztgi`mB<>0D2ki9BrXy|fo_xW7wOCah>@fR>1v@N(dnnxfOdD0Z4XXh!4ljEfAwLn6
z$Z6?87#W}h>_;UwNob=>Lv^U6da-b@%j~~2*kuV^i1;L#F{{Ky@y{fKu$pRP_;+s)
zlrPxMZr|vhFyFyXe1ct~xO$dAXEnE?m!ur6m$l0j_ZczxT{NWB9tAP`lgO1UpDZ(@
zaP4&+^$ACO&g1Y&cJC8cb+c0sNj-)(kz?*d)O*zK-{aM$<N(8Ml!MDR=b8K)fNy3K
z&nY7YbY~tc&=OeHr6Otv?$d$Ci(J(S@v_}D{t`J<Dooa9G<XU?3rz!LYXD@MB+6=s
z;@<54*jwqp1+cA=^4n@NPTFL3Mg!nmaVC688$lK<gm6tO_e-I4(ADtdV?uW1Vw^@~
zx~I3nTe)N;VDe`8+=8Da%?ZljQAxW84+~{=Lbh1tBhtT!<@tET&Rzgs!9$$#rQk-;
z12@X*WwQFHHM|=T%BxKv!h4dA9F{i#6hOm$G+WlLm!F7Yz)f-W`vTb^icg|fByC10
zaRME`gF(>rt3QBdXs^9gW_ztzF&$5-V*9OFJ~tJk=d$3-fX~p_ssnh2F08QnoVWO#
zE9~KQW(rwsQ`~uC#R%-FaRTY5xTGXJ;4!sTHiU=1wv-`rf7|i-W`-ih+IQ*hd$Mqw
zR-7G6E>MIXgoCW6(E!|rfiXHL%g%f4V)@l(JdD4Sjt#bwY0>hX$eQX25L2?r3gi!j
zhZ783Ddo5#Ry>!2K?RCj&5FAP_B1@S33&lm{F@P1mS+O4Gy<;NDf-kJ#l6eFyP$G;
z+DLg`HEaOAfG2*$lNEp`%lqL;YA^B_975QO-G`=t_&p81)bOUZMba)NA3{suVZ}Yp
z|CkS9Fydib_<FkK!>qUzasVwz$L?W)Wz;(<FuV2KP`)>%ACw7rL}Bi6?52avV8U%g
zLp~D$$sxpmbSD65QH+HTCHI6CIj(8|{ge)XRw8|E5zA8r18y@2ZvIS8W4AN7?L@fw
zIo!U9zEV#zxcN-sKbm3;BYX??fvm*&i5%ScRlX3gD&~iQlJ4e5csJ(vJHpFjM|cZt
z%z09sWyiph=xldZ;HC6;Z$RL2DhQ*&lxv%-Ix@Mp)?0~S+6E)uO6nviETEM*TV>S;
zlFlM_5}FA@Abj%J@eQzqW;*#yL)IKgB}ObX$?7n&M}>YOcTwxUI7`_%K>Jg&|DN{g
zytI#{)^!Ky3;+a!!|RDtyu1)3><{$|4=|C-MA|+7wg$e1kKuhp`+lmH5&IN?Pc;7j
z(C>N-qnrbHL7F@hjdFK8vEoGxe(eJ}KK!#Y?0jHRLrXN07PAJ%JB{n!XR`bk$3(XO
zknb&dK#i5OQZoC!o^Pc^`IeI5`4;~Te3Q(T%&>XEmQCL+OFkE?3dd&DNzrQ8HfCS5
zRjf+A5%ovdV^eeM!vFay?wx$cwJdov@<H-_B{SMRqiF9r(3n?t?^^7kU9TWp92&$8
z2>x6I|K`HKY4Fbj|8n7<4et#bgKJFee~kqsJJYSdj5aJg6p(Eh@m(*e!|6zul1;z_
zkMg@qZ3%GV^#RIP3OwN1pIpGqm%C_C4WMC3!Cqj6U(zY+DRC8w+Op6th03XEMO|bi
z6(>h_o>tUSyU%@CeDY?r5qsXmPAV{Aj@~jei{kab!_i2wqJ9QDw-3FB$A3k)nG&+0
zV<-=r@-R7;Si!;!eGF2qSbiTe72y=rDFzwnGpw<J;{SspV?{A>mMM@M%SaY^Q4#!(
z9K5*415(B5M>%<+BS)j#G^iF{7G-(DXlzrC_C{%Jk&g^{l>^S$6yJ+&iemX|G;4s?
zG5tcQ7=9_CJjR?4cBB-~m7_oj(I#Z4(J3G-4R_!GNPx6Pex$hDj2dG3`?1Zp^kTm8
z4n<9I?UCN7PXmtn-)R2Mw?L31!~YShklb#(IvIsx8-8dba^CzkMs;kD7U+c@yw$oM
z@t~puv&DSDmP<n{*(dSA=~;KuCJAcKT2s>1=s@>%gv=5dt)4*-j`R81$whQ_vURaN
zGL`h%F9B$;Q)ifT-d5}m_$8I=TPnNQMC^Le#INyBW3u|LY{m<CSp73$nAl_g0F^{;
z#1-IcNdo64{rAx5I~SPv^-ud(((hO{L`6NIPwI~H!)u(O;T<)wJyR+Jfw(>eW^Y3V
zmuoT3rz5~SCRr8j3Q}n77CJf1#FImy%q^G=&)vP`!f+F&QbPv>?N)dpu0}r=_#;sC
zmH1d1{5y{)i0cH=EQ(mPIhAfXE1t&ATXj;Ne}aE=b5M5;=uzl}@F=z%dXHVD1K3|O
zz`Rrcy^eIiKWQ&J))HpF?AT92^KpcGP)`KWF#u5l7!_2i!}{fCIPvp3Tc!gNY2}U%
z^0xzMM9>k!y<dFtAWk3Zvku;K5DKa<)6#SH@ty;t#^@Th0S~1qaiv^uKinI|hOq?5
zapJ0{(6mW-&tWIWFyq5}jvRc3f>>Jt)o|5+@`4!IhD;CmHz<oiZeo2CHp2jE41-_{
zu`dK8_=45+qqnme(g8ir@FZr3<B+6$k^oJK3{Kv1V3Z%98z6I37RMh43iN*;XSCK}
zD_`opH!==rrII}*6QF5~1%#aFC!`m@SC27)crbQjpqSbwn6QMh`*_LqkpT7&tt^@8
z6F}eQ{X2UUl@AH#JeRhe<4fe&Bm}nlvhz5u3r*IkBbbaSRyc91IS=Mpye*=jxyD?9
z5g2y+7o65j&=^`&;II#v*|2pJ4SSn85ebj!n+_*pUP3Q*m}Ky`eEIgX`@<CRNxa0C
zqU8<>_#bV;fibf`j%Dmshrm{Wa8ctK^APVIGUFg#g3mErj$vUt;q=QKr;ii)*XWZw
zVmN&o;e2LVADq6(OqH?uAev}}(+nlzeW(Q`^UMf|((fY_Fyn^Ff2V=nu`#N>dhH?L
zj?>U^4C^k2KXBkFRQDFFi$Rx6n29b<3|LoJv0?#UA;4PXnAutwEr)x%*$2dK{9pKD
z*0PngEMd!bYWZf`Jg|9$hkoNBMq@b9@T+t$$Y=#-ZL}^{yavsO8+acb91&dA;T2S2
zJRY+nN2+)fWireNUBk?%B(i9h@X)+g-!+^-i2SlyU}tVwpTnf^nhn?IC3Box7;B*y
zPX)OG2J2z@7-PI)&u1`hj$!Kz;1*5Iict%H*{<hK?L)j{IH3{-7_`L+7}+8t;A1}Z
zh)*1U2yMq^7z9jG%t8I;8yEqnP{~sOWk8z0CGG?Qeln4O{Uvk-cuar)b0h%Pr_X(;
z<l4xiXizo-gdSvwjAl>8Y4$B5Hz>Jef-!bQ_$`gW=RAaDPNR43PomkIaO0a@{9&Xp
zkzldEbvTXdV+30|I!3I1rvXO1s{C%kIFkr<FXgaJSR7ow4}DptNYQ-pc=cD}$^s0s
zMjJIgU|_WZ46#;#!PW{e>{<Z^U@O3QYy<4qZ12UbHBkzQpMSODF*S&V-{lFDCDdsT
z>+??26~Du75`S9Flk?WSCiIK{hiBZqe8<i~d8MM-KQh+TVf{ND1GK|28_EWDP@Dby
z{bg$O^7cBsA8Cznd;2BxFsXdy6prNkuA{4Cg$X+UrAMPo)oi>jF_?`MvJ4xHTQ!KU
zG6?hDhC)ZW#fNTN;Xjy6{G{K`yD0gU6e{Rz%l|KN^1I@?m=QWHmvI4Jnl7mrj0=x2
zxuIXfVH7%V;o%Je*P@3dyM`I<Q|DW`FMQy7JeC1bBEbuNJqDH5(;mcW@;ZS{`us;g
z*562Gh~I%vkw*QdIV`2y^0l#ho7TY$%ANbggm{<1TVVr0w%RY#Hp~6Vls~b2R0^|}
z8kcgG8w<?cg(ufy)yxdckqH$uC3X3Zyvo9?kthW(z-!0z06~LYLg1RnY$-Ge4NV$t
zSSlBbqcI44^xu+rA5hphkiFD$w3k}GDTh@Xz+MW}m>Qc;yT<4I0*Cdt-vy`+cE~Kz
zr9c+fhvMhmMXt|Dd7Liry%6I>Mz<@@FC;p^KgbU7OFv+T_x_D^;=j~1@WFlHF&E{B
zl-wQurRO}W|HL?}=kYwh<#|1TATqqjbrgnu?$h~y0A>WL7~sO6(4Mz4<}|qxc3L_+
zNb!&2a705*8R#4onoLO>?I2qlmM6Y{{&4KE@f+<U+qrS%S+CT%n&H1k=7E%EBwVG5
z<zDh@=GSScozZm~-u<8LI?cb5uF`VYRT>5tbw?JWD>dja(FS%O<`av)_NhJLBc^j*
zh26B~AG!bX)BP97po#Za6Qlj_uNL7tPBHGUmhk(l27Z6l086<OumJ`h@%Xe`e9ms;
zu4amX4HK|lyp;@UC5{c)L<7s|4g8HVi$~5k?jsoev?Hn^yj$58Nl_lV^i88Om`si&
zw2zZe3n!sk*qZ}G7zRTNk>3nRNe{UalJ3#{7fBlbg8Q$b0}xSexVbkvpmi6FIQ(aR
zVHF$STFkdlm+*{xR>HHVEc))+1V_@XYZH8m+u&==sdz1ODsI?*7zlA*BahF^tP@Hl
z<|4e<C50wtxSH`%NbpdTw(B7&C0PAE;{&?JV@TV3>!i?_53fOkX^J~N!yz#jNBy%a
znN7PSvMqW0HL>8<b1*?NSpYm;5i{PlvqYOlTx*G0#vlD1v)E>qGWz<#hQ;(-X??7=
zhg`#~wr$L6`_eSD+GeKKR3Vtgs@n7)r7^4Op?ebSm>%FSyFU_>@;8w^T;189B}^dO
z7>g$=V2JAtqt2Np^5bbNko9d{gUC{-F4<l)>d$5dBid8|hgUbU1P#&GWTqKee1kXN
z#XGsJBUBt!ABRrX@lI~*sMxl08&9-F(Wee~4#LSr{tEaD?O!}yB3B6dHZGIG+ut3&
z5&o!)*=uN-6y6%$L5nnOvGja)#H8;zGYDi0`W(tKRbD`Ls&mlFNK=Fa>+9(lW60bY
zPjY-(kN)?$Vi_%8K45@9OwQDiTI|q<Li_zpx2FrxNl&aKaO+FOs-czGd9Bp?rC2q3
zC@{$j1hGmHqLu09glIlAhFB72{f%aJ#6Fq1+pZrR{}{gd4ig#RPkFVaPySL#8wSFy
zF5QgxekB>`j*Mw)!ZX%JqtkgjFDp$OL*CsD-`C-HvEtd6K@mI#U%s(DbZ-tj>f`OL
z{bN#lS=8RBSE0S9|J=8|X&7i0M8%X@b$a&QAo`ugd8~S+B|5)P{$92}8o`80(A{SU
z9v`Ps4(p4J!?%32plSUQ1h#-TJe<zWn8_qwMj8Q|Hk#u>QrbaA<~wS=gg2qu`4s;H
zV-JH4@dNl+&Gm?R*ukUB7Z()`ZHbiuV##Ag<ddt2MQG?a!J6VNTY+9h7sF<Zp#&@b
z$c(<3e}5m&8eaWJ6sOZr{rDAjQAiOE&Eb2@{A^V-C3RQw?>O3rP)mA{Z(-t-s|g<(
zGRR^1WaM52iYJZb9rAEGjh3Zn3tsb1|J$taZW{Sc@@{9>B0HH+^g9F2<;>f#`0hRa
zh3AxE6z%%B#IgkaE>K#jHH?2+$oOXkmsTcZqM!kCI5+;mqcW0Mt|u$AlaYKGg;(O(
zFNnr&tpB^2X?%lUZ;yu0$617?qA@huZ_nuF-VID{89k6&!;jA8*3cOf)BQEDYhFE&
zoFOL385nes7V6h{0P`$e*{rbfFm8c`a%hEJfBHjq7BXQldGRCWlsDj^{v(NHe@tcX
z=VdQ}vf*p+mTk>O#v!g|>gf7`*JqmHNs768$%&~PeOQd{W|HmdSrB!_OK}${Ub*7s
z9u`6DH}}D`{*yeQme?2wKzzH2gb6<r-$V(G0b&5LV8n-ZMY{#1t~8XoBB>~dq3mUd
zUFbi@()ga%bEnfVjnHM|x~XHdB)<ASW=WjGUg^W`i%)13o@iamWBdU+biKl^4Byx$
z_M2c`@*t7~K(tfa5;JxpE~;m~8I8uIy-y8`Co*p07Ek|X;ucTOo<(sID{y+KJe9@d
zJ?&p4@41qsR{}~*7!6+lPXoz=s8qENgx=rjD@KdKzv3b9diW1R^&pCi;a5;*Je$5l
z{9HtSjw~&Kq1*YL(>S(KB0u+p3lsSH!32JOG>M-#bGzV;iR^qZR7Ku85<WJwXdnI@
zXnzz?OeMOGsWn@}JcNf>RfB9UG7ja4isry>C^wb!<Qn41*lr4A#^P#~bgM~>4R52x
zugy3YkKFYdQpqjIp=l~-1U~#U&Z^T=zL8a@^|#sxUqxfXV;TR2vbqy#rh6(6<8cz5
zO;{&oOR<mJh)e9G-N}5e-6{MV<mjJ%BS*hB&e2~mIJ$0d^fuz?OF2g$pNT9u&e6-0
zIr`2-j@~jj#?d!$yZW(z0*;;+<LLfcLld14<LG06qc<2FeGw|6221z1Vd+gdtaK7f
ze?O6>U->t%bo49^ucg!Fr8aFm3(Wa6QSnkchBbS83uD%gnB$CHL*h_5Z<{fN)+rGS
zD!Rz)yf5E>h&Od5G!@>1;ntqt@Gbbhd9uOxrO@~R_<qm1`2MQj^ymBcalZfGvtjPH
z6W_nx#>fEpzK!_)j2Pb^4-hR*<olqZfA3rJ{XAb1-@hQv_phJL_`a!|Md`e3c6>r3
zdy@Hn${!iuU$^NW=ljF{JP_aibpqf2iNW`Oc~-vv4DtQG=hy!m`Tvzk{C~(lf&aga
zC|woj|G&fM-w(+DDUQ(~4IM86R$03&j3-nZ79ez=A4VB{S%RndaWu<r5h}G4k$CLz
zF9-hR!9NN9%~I5;t6d*4$i$5HtD)7Kv?(@>!HieusIN8H(bY<_qU?1`n>Q*33S@1i
zodOg4v>$kU+GBGuu%Ya(Up!n6)_1HSi%0m&s=pDnn0)Rd#YeG*{#$s$wqAf=S-ngO
z)?u9DM00X-7Wgq0JFOSBaQmeA{)ea27;FDlFEYN&qVlN!Iv{XCZap4x($QWp&*Z;^
zALaS)Mq-(#XnD*^w=rTtn`L0TS1a11R-e1uCywt{m__93tmdff-siW2LXl;h?S84K
zowB-Hzw27MzIv`YKG^tyTiW7Z0r~oeidC&>`a2f;(@JfT=Rqvaz-{zp+$mdw2L|~i
zlvzxGm7dH=T4A*<+UV{Kw5hGm&d3c=4Kd^rtc%8GWu@t9#hDn|C)k()yDXY{N#;^p
z7|n~+*0L^Z@tx6T)CW=g2G+gR_7DCMtmz1L_7=ZJXPuhTWJ9M}@}reBFO2C&c+Q`$
zXl^vszL>0=)kYFkFxbKt_M!MNnOzHw;h*+m$eTh_Lj33LWZ4{r6}-mVUQa9dxqplt
zS}CA$h>Lt3a0Rc79mb+1JZ%@hK}6QF6ISwb7kWyN0-I6ZjLj?&(Eltqh6q=p!8W<6
zqjNV5PJHqyy2iA!W*Q=?u4Y%e;y$2=;}787<rC*47JTf#5U^k<3t$1SCG{hH;z*7H
zi8nI|NFWC9g>^wh$l{1_GY%IPGmM_L1}?l7!-dJNcH@4bsuUNX!xn9Dp9q`)bU1<N
zkbMqxFvroMqt`%(nTQT}-uk~8AFfEkhXrwbxFQK3rqa~_0t^=g0Op4mWnBcYmS86U
z3>QXQWD7ss8wc2{i2!5g8wvD-0Bd6agUUFzOR$ARfHk0kAGYJD+9flzp3(dN6a736
z@VYZy(gt&QO#pZ`gje)1cx`4M5MB)cuZHl0J)C|p14Oow0pg+o^F>(eSb~Q-@*4|Z
zGQng@j30OBbb#5!3>h;%u6B`Gk7dHpt4x#TrI$%Ujf`BbOIFWB4?r={ER;s8SCg%-
zZFr?_LfN^Z-9&K|yrNH=Q3GEmC4Jq^zK(~lb86x1<fO0b*w+G(1n1OQ`+OvKsH%t4
zjdwk1EN-i(tY?5zaPN8^?!67ZC!d3R@gV#QVWTwf14SFfn^T-8{I^K%6Ovf4nF2Se
zW-maY<c31ES_)lwo9!x-G%xi@N!S|QFA1V743>rSpx`J9V<rrd)E4qT)qhYyG5_wV
zON_TOja@y->eq735sMt`PFqU}iN%6?9|jVWLXufh(d#sSBgHK^K_|0j@(y%%O2GrY
zN+`c_a%kjX%vj}9dk`NtVEQP%Arr5bi!du4?5#(O!=TyZ$l4%DEwD?WN)xFcld~s>
z(htM0G+CqHJSp_=?9+4)l(cz+hc5Tl97>gi&5F7>w@-c*JU4u_+d>vnm&D`^S-Vy5
zIBmi7gRn^+FFvl{HH31p>Th(jt@(TK3p%B~4N5T`QXe~n1Q7ih`~<uB>ROSGSC9XK
z$3KT(&hL_LojaI9E4h2c@;k|-XR;(|1vwbXQ=6VEjhLP%)pVr-1pf`5fr=()%W9MC
z+$z^}r20a`^W<RNe$Wb`(uy3P+9o?Y6m3PWqRr3qshvLO0lB6#b!uqj6N)w=ThZ<W
z@oWl6G#eG?hf+-sz~v|ac)!mbSq$ZO`kb5Pn%-2O@Tpjd3GL)y@8#m^EljAEYd(W7
z+kNT>P+wNNed?zahFj8>cogk!Xmy6eqo|Zo6E8(TZ=1zza6tyl!4sWal#cT#h6Gy3
zbCYDeC;@Dli^uyOyd%k$)C2k|^cBe|bj&rp3PHzmEJ91&Qbn65`P_#W+X-P{y?$&(
zEYS<vaVftjJ|^a{Drf`>%MOEDCWR5wKJ_cP=8PpWi2jIJU{+H?j(t<Kk^AJ(pAm6j
zk`|xyQyFl^CmfTs#b=q8AE&htr?n8L^#Gd|_h~-Iv|hzy2U|fd&I%z6e|zxn{iIjD
z<tU@ymnlRN8vm@J=iid4l~=S)q>8Wc2dY_ZVwO=`>GwHm0b>L)^SXUHWy_|!xeimG
z+-=GByTKz1K*3V9Nq{4_+ZF9%MSI+;XkLIowc^~WsCyOXS5nQHRG+#DBzw808_?%t
zIW)W+MA`kAkZ0UPoBt8`Z?0JWDfNnXWwr@caVP>#n_$N`a}g(U$b1H#auKq59L96-
zA{>2}alb$SBE+*}cV{`|vw{NYkAN|TeP|k{O$24R#^<a-JV(D@=jJ6&kdnDo@1pY&
zd<V#o?=(|BCL~tSN^)f9M`GohgzTMw>~9dN&CHfg@09@IC1E!dS2WmH1=(FER@9hy
zm^|p(<5O#8XRQnbDo0zOcP#4Mx#Y_D0H$Uo4<Hu?;Gq_0f|y()`JAmd5Ltjh9Ec49
zv4Qno=TjSGbg=zM!Z8e%-0zDOXr4{pDvH`9)pP(p(;vD;(NY_v(C7wVXbo|}n*A0T
zXL<mTIX(&hd`Y_tO_2e<Ek5$Mi-__45=#^UdYQ$cDZpK9vU{(82!<a~++Bf#5x|Vu
zAVAhw<<Kvw6aJ+MeZoK~wkn}@_&)L%MV)F>)QQjwfKx5W3ICFi`F)8<kp75Rl+f@`
z6)o#iU+4`s<j-KpAF&~~#^&swuJG_C5eq&R((s_~I_Ue1Kb;g$cXi;i$i<-F-UZ{U
zg>k&g#>YN2kqANKD~pW}&~GMSUkM=JeG=>r3k=aV4vyq_@p%g1Ib!m-@pfbdfa>hF
zV+Lb!0G&r|==rXF-)f*SaRiWHZnOKG8)e|Sc;NL6S%86-4}8R>sNZL9SCWcVZnKkr
zgQQ9J$mMI!Q3w-Q!b;%V9BG_n7t5E?fsTUXaQ+of+ahByRB=rw;D)0`3T3s(z$@4m
ziM*=jfJJfw?(9!hg#GBFEA&XtPgZEWqdHFVk~<=azE5OzpImb|RdKiZFJs2A6l@5+
zO+benlGYr>ptTs22%UbN`vEzTg2c*Finh~ndCB=cp_lcs@&!6gz<i1@zOW^X(Sqr|
z@NXHf4D{(dDn9)NN!K)H*xOFw-ln*Z%A)V6q(+dG;$v=LK_}EbKG>IMS}^fV2bz;4
zjae5f{l=ItlZ8)NKQLx_0RLMy{>gNt37l<#6^in8UO9>O$bRL&?ffL+6Q8q3e42Sb
zlVe_^&k1{RG!<kMpXlpRKziWwvoqHeV}AP5)aGcPnJGetSh>`gSr*KU^|10ck(-SB
zgoO3LBig>moP@_K=OY&84v3yAM(oH-HrXuv8|M#jhtaM0k8hm&wTgO*Ew6!+w89N~
zz>F*0CL^x)#Z7|7LIWDZ*g7LL)`YK$MxzPi<?GugUk!^liH<95w<WlrQM9Wi?NK1l
zi6F*pWL#myd@F63q4by0!CKMo1Cst!a_*Es-cmxNGl6r$9=cM(Kts-riZ&T!xalC1
zZSgsG;fz7heHEi~1#9+$mM^<EFAhi=2J+q^v%MH+?mPrIz2r*V_LmGngh7chsgQOz
z1}4f;)E?>dCwM*w=wTNt-=(dm8@8S%684VBHJ`(#v;$dO4sFb`x-q<mkZ`hxLV+pH
zW(l{@XtNJt4*&0vVDr5OJD;6_`y-nIbm!rSvkXM2CJ-eM^aKf*%;ZqktH7=I`!GsC
z8wvusrEXjf6!q-l>fh0xQOz)-3BTuIa4su?H3!tTFm2fC0Ys_Dg&2pVrq@DsBYt`v
zhAn0!F#pj_N@$gd;@=iBM3bGHaGI<o;cE(@--&ZlFbdjoM_%dW5^cw9-#P(xfHSoE
zK$rr>^}h*F&9Hl0!cWlZL)XWkv#isKHvF_N^d{>J8kcGg0amxs8~~Piim)3eVwapP
z3M#%pKma<#1VD&VheT4hja{}#r$2@2Fr>{W0K+nz315O98|q0AJ1pT7#wfy;NukkA
zleB!8=4vL%9<b0F;h;OQ-&|QePga+Lo;4omqu7qe)6Vu4w^N!2MY{+j8j$x^B68YE
z8E8OdKo;7?%Bg~(3=|6tf_65lop>FqzQ-a`qPbIeHOWQ=Hc|<+>7aB>1`GnZ=pzQ&
zPSOcbw#7PPWe+Lw2<DFoUY$5%1;iEgL!Y`?b~lL?M^aGUG4ok}X_*olzH5?}zDo(c
z&SrWLX1WsxBng{kb*v0Jr%x@h`PBRDio13N2oIq9X^Ua=o`<T6gp27sLE~}Oh?T2i
zL%=N3^6A|&tdtM2@d4a<_rUOB(J^vt#V42txPa~y(S%DA8PI+JG}hwdqM)#?v_KAa
zL33FaUQp4d+N7F;h(1s-oK4wa+7VSTuN^MECHy%pc#DL~I+Z+1S`n$kJ5zb#V-`7-
z{}si3lePS>_&O^pi<XK=COg|vbD>zZvOrP)eJZGj<m!#Cg6dJpz1crs(H;giuq=nZ
zpb0A$iwxoX4oaXoiI)Vd1`wW(VSwCfo6p^Z@*jw;AV)QV9Q6u8pMPmmv?431@k~39
z{Ke-!iMVZ}V0vQ3p9w|gQJ6cBm6owkJn#n~1EL61ewa`L9F;U6jk^TG^BVp!8y}wM
zAIZncCg2_8T+!yW;U9~T4||ZRB}Q7nt)?LdnuX2`Yq`3_)T9}xpD7NHeo=cg8V*@7
zzcUP5ET2v%Dz+2^f(#O_&)wx8W=!>y$afR=bDuUH<lZ`%_qs%QtnCYrKhQ!Sv-m=z
zPx!RqC*;tdn8b_B;RM6_j{x8OGx6|Uqu>h1BWY{!70TnF&Ze=(x1v0b3)741;nTd(
ze~r};`uUfp_&TjO<lT9+76AOkcFsf>1Aaf8gCJ#^=L>x_&$qY(73^VNJYz#Z!ygk8
zAx*J5Q9=Ip;KutD3ObC_vY~r<IbTb7Gs`Axw~#hLDr2YQY^9xM1j@l0!}iik8NvRL
zVmmCc$+SN-Lh0~QGUC}H)kH1f+svG%z67wRZkM&u+m+DI7}=mk4xEEpM;>_sgMvRS
zs~_N=n2l#7>dD9;#D`P<88GJ}6DdR+VF5n$U&7R$gMkB)Yx>;BDcU1^-G3U_j}8Xb
z${bIW&~FTUD9A-10PqU(m<*3ubV>AA3nVWEwkjvkp|)?s2ciOi@La_21z0v4VZBIU
z0hAR7)z4+IgPAmD99o=XIhxN)SPtH$X!FE-j4h9elbVMi02^bW!@~zi#;|AY=8cm;
zWH~9EwS_G{Ep?MG<k-Y1gzd>Kz|MjB*5ZtE4H`!+P<t32rvv|fSd!f>$eXP=;cWi`
zpSqRuMI4D(@jM9VWfsy4MH%7b=)YJF)`Kd$Bd|Ymb>H=xNOZzSVU$~o@q+2}G4vb>
zsFB}850d*B!*X;P7b|{2%W=+SJQrLM3FqQ+F2EI96kD*;zYVT;odCGfX%ge#$Hej<
zps-3j93wIyM`%a>#io|bzhrGO$IGg3m_Jd~af_s7bx5I9_{UZD!xj>pNIHs5)5%!2
z=$wIPcyo|hAa=rxCB)rtWDyl@AeQ$F%T3!@B%j4|Xw+XjgeS4Ep(BG*++Quu!u#!I
zR=ix*M;)}7;9c=C{THV!rpV2#F4Ze#^>P%7kn8?*@pls8af{w@0MCCLtndlXe@|KH
zaQ6+U6+x|7f9ViA=6&&HcFb!nZ;2+Jr%lI`akO?u9YC#>M$7~}D9M#Zl;lYxP!s@B
z4_O)rnl%SgKn|4NxtuDStN=q`M8$XE!FsUaavvVN0?bDY0;$=oxH}fxm}LQ(UFZ~M
zE!dk~?2u3IE5bW9ety2{G|q5x&Lp+)M28&R>~o(Ee8JOdhi=a4beQxfbC|=_!(UiT
zYbj~~B~eHzz7mr=H8w^`;W44U0CHuA{@H#2N^}b}7KrE*zGg7_^%o2hKl>AdMDLS*
z?THif(|pKo3_t~vSd7Jz98ylc2Ia&&HIzSEjyB5CdQf(5mE28B+~}Vj+}{h5bBbg(
zyP7@apwky^28F2!k9aV$a1gVnN>13bDSE1UI!rs6yA6draUzJrBN2^L6jhgM^n8~3
za8fA$D2`9RuN{x{!-}&LBdG=t^a5g6CikN)2AzJog#AG`ev1B?eX0qw`RH5sVfAsa
zhgu^;@oW0zQ2rswxl8Z;x+$uti*wLO7q2WVOvf$Ao*YU&Bn7KGkT*=$3J-M<+b}+R
z`lf)NdsTBEc*gN-qQr1)W)6nO{)h1kgDe7$NzNMCy``8%Tj+Id)5l>93dFH&K(P61
z7=B%SittN9{Ibf?hGhKG+X26>yqe+Hkk0^bLK6hSt*gBo1XFT6P^~~B{0e@G_|?ep
z>(B{?U$=b5@av{OGW_~=+1c^y|DDgB^L*~%lTH7}ozMN{MAQGh=W~17n*QJU+=s`T
z{$=NLzz>KC7#u+?zuU}al0#AGof6(<aLCy>8}QOKm6Za~&cLI)rB<3!MO1v|Ck9iH
zRHvlQwzBlU2v81LgEM&Sk!xf555BoP?gyBUKpN+TK{g2N@(h?n_F9t3gnBReg-5*e
z*U(1RVUd{bKD<T>rNh5xO)16+B;EP|0(_Aw3!kvFI`t?ljQI596kz+P?ED1eVMGvj
zk5BFOiOMMnR86PhUrSh2+Cg1QLZcjvW_#CT_fYaQ*283%Af?OB9kA75XaL(WSVZS3
zvGP9bA=q<y$;B83{`79d6iL_!y{}wFxqSKfbxU|0UoS<)wYC7W`i3dhvqQ;``INq(
zDLqR0fse?}k3qhz=}twnHk#7cIHjvee))#^bQ|-*<5(vq8__*SaXw!g^Xa}EMptt6
z08={N6YXn{N%MjET~GA+Lz_=MqKvqL##Zt9%4uOV&Q31h@h#S~5gEHI?BkQ~!O=ZU
zVOrGVvU4A<Cz9P^pLz&qb?)`-j?e#VtQT9)4{1G*>7FAv|I^0&qy5+O>y@h_`P4p*
zpRcE)UD=PS41)5hhm{exa8g?7=Xxsa%CoHOm`KHQ07^0;+52*)BzXOu_`l*Qj{BGP
z$NlS){O|vE{EvJy{y!NW932S%WB!R#flo~Y0kFDFa@Y8;Ad@Bmq@!FGN*;d474UPk
zFtZV!j)(aY<|H4nEJqqKIgf<CQ2IO4i0L-68xayEKX;3NB?^us$O4DUdT7aBA~Fkb
ziWIGU9gQ*>Z+wKwco@GG$3Z7RLrGwxJPIn>s(7p<z{X5+JWL;+EHUtzy&W_o!<{j7
zbGI90!?fYe1KPt-5EH!e-X*DDaqod#{7*Kz4|uRVdf;-Wb`0z8f6xdnK1b2$L?F+H
zu_gzR`v5n994_!YJs6U)P^^+N3h}@SZP!46-85@_<&1QNs-dTt7mX@&@MvCb^a6MS
z`H{y^O=&$ssiUA%Ni6F1sRzR8crG4#JWA0SCaKFeO%tnTW@2lTv7$eZ_|J@8lpP1Y
zEzR^)E+0Kv2~EL(4qX_~;cE%2RL&SZ39Y<?y#n-$ZUuhOj<w}Gfh2Mj?Ha{-2)8Yd
z5j^-J@^__3ggkbzWJD+Eq8P7abcpA>d69<*emo->`?2B=X2YRvCK8AnCYr_ak9qv(
zT;35H6qd$1vPmrbGw5-R*jF3t>on|D_>R&eJb)YCaz_q8l;@Uyz+v|fRxo$H+7n4<
zy^|sNQCau^FJgo(lJkApxq1E?%C)$NZV@o7!hUH4oum{x@&e~kz&lFt12e;rqLmmV
z9JBY#GKuAMq=MlTd}uoPQ%=jX(2QP5j5f*wM#t^vJH>KJl}`5ah23+}e%{CI=Ot!8
z-$M5DiZpLCo-Y(`B{z|2-0^R+gc!g=aghD|R%Qo3!{LeCz;QU6#i0nVG+`XSZEWh1
zyU2PT#s-pBY7?uKgVys$ecFR2pYtFY#(0guzIItFviY<}?EFnyaRz9%89WNX;;-P7
zO%^uNVHDQ1@(YZGj+{R7ErpXlK+8g>B1k^BVDjQIiu*IzS|xFOBpw|0u0u`Hit4}(
zXf5VEf(h)M5!rc6thkMgT_eL>dvVa8V<y|Z;&auo!3e?Krv8xw`^I~I;z%joWo>~y
zS5~_@tftY)7t;G&PVWmiy;GFV`7$wRBzUx#1v;KZ!DTNM5~5gS8(u^?jNm;$@X!w0
zrUJp&myWMgQWyF#;?uK4@YO<Kgioy{g6|LllOrpQ=<fAJ<iv^>d9!?C(ZTTf=!Y4a
zhBV)VG+)0+teTpM4L*!@{Y8EKGc;ujlv8#<xgSBf<yjB=LgSJCJF)tX1-yFJLvpl5
z4t5DJj*=FMS-L&21yBOke6+*oJW0oeu=a|B(BX0f1WPexyi8j>R5nvCzxv1{EH=e)
zIar?o0%YVK0;_?1?U9*DK{Ix9qMt@)*9v@6w7CiGo=>T!B4QDG;?!fq$FO0aP)~8+
zw;_Byh)@#G1V8~Uxn&zhoHFr<Q}8Fow&RiheI|k};Huv*<An(<>%)p>$D0VU*aL(r
zzcX=Vzi+JU592G#nq-SxUT=rL$5%d;ip-go_^-wi7b&>4)X@?z2>+gl;eDw!B1bpE
zykI128G)oaV5M~l#<1VS?D2GxwDyLJh~X~+L1#{rZHoFrJzmoSlqP3lk3;YQabQZ)
z`Kt0h@QbIuwy^=v&Md5aVKf$1LKAwYXmdUS{`kVzR->WHr$(PgaqReR&`|PM3^8UW
zj<|3$tP3=Gk4bj!#;ZRQt9BL!fniD>Neol65l~^HqA}n`<{JxSFyy1Iy+uIG_a~vo
z&j~fyic&8OI~K%y8A`n{+}OyGZX@6Zup&FWR4AobGBAlVV;ng&2~{Ys@B@s^=fcx|
zSa*t^A&Z53`PJnd*iXd5h%D@oojYX#MAhxGa~JLx?PA4Bf!$K&qS!Tp4&$MH+%TZk
zu*^1$1-N1SiEkLCJZE@(!}u*9Rw-^63lletpPG{VZDGIoMQpz)@5Z;dWjw;R43FV*
zwG+0Cg}7z(<p+HKSj6{_htIly%#H0I9!9kB{i7XY)!aw>$HJujBb!+9z#L=vKpZ2J
zQ8veslbl`9`tVJ}pln0mF65THY{`(qS}7FbUa{g?Qjq81VcTw8hir<)2!l5E?t5`5
zo+5h1)u^J?cyAM8H!R2>XhE_ZKEw9`Z=UQ#+s`@D={LSAzo1oFL+kPTg!RZ~<?}O$
zijtOOd*ySZu^C*IKI>7w$;Kqc%*yA|hmey%d{y?wSLHb(xyUHa=JwNq0NsSk+0q~d
z9gWO`l`%%#Z*ynlyGK!<`@6`OLNXF5W%VN~ls8qnf||p2e%ji<r?|gT)KhF%$Jnj7
ztCxRj?CPLBAA`M}cJ<?8#h<#_u8x~TifeCtSMTM!I&RvD%2~p3>_6hK_7G08_}lrb
zHGYDF7k^rVPHUIKG%oJzwD!BNqO3$s$K_&G^WYk_X<+xYrxV@R@(lMi)$qVUb&Gl6
z$Shvj-{ZfQ7k5~??thm5+ON;%zgF?j@L&6*iTkg;Zu&?3*Pb){*Iqcc|Jv(&V_5OA
z{}RB8VM$JGPoC<B5@&U1o7%^n?H0qGZDN8u+v_phQ1I%F6T#o^&-PVs3_bM!Vg78h
z&gRc{YhQo12hQftcK1KupUoQgXG1Ua|3Ut2kDkq+?GD4AZ5n1iV~B!*1yce)z!%xH
z6RosSaDz(zl|plsb*3(vjI8m8Wu5P?E5lf5rZS9$c5)s1hizc~VO?dN1?$=<9@<W^
z>I8QU+p_(TuoE^rNobl~hr38>$=it4E<k@g*cii(5O5rp;v68WY~+YPmo!ld*5ptv
z8pG^53|p8&!6H%}vy;x_V)Fs=Z|#ttpD&4zR?ipjw`|Y)j%mI)$Fi4xbDHLh7dD*~
zXTd+4C3>yHbW*&xhQ-<pOow+F+xOtR*;ppsaZ((b?uY^8Dj}(PXzKn9KWjc?IcvTZ
zns0@w@bBJQYBqI=Hy?Ng@}T^8-$B5wV}NUY2LZR90q#V8!3GAmF0rbb!)^2S{Q~qA
zDZwC)FVbpMgIq6Gyug;pUbZsbB0h=n8gS$n_ZxZN!8TsN2D{~gvkVppXeK2e8w9J6
z6RY<OulMtQ^=5B{-z@Ac%MqdU--}adG^vi0k~p$SQd>>}@Nc^AN)tX;OEq1$N>^-^
zFu&n|@%w{EW}(hauJf4Y(!+dlFhMK{XXxk#0v$Z(0#e?J4|#m~3R$c?bvaA1FfHb?
zGmS+vVR6}>wa^hGp4p{InD988udn|mzFz4pCLUUFMXt;zR)Sy;48!zOzyU0aKaHHn
z$_zuRNKE2@(x%nO-s?Yq{u)KQM$fCpd-=l{Jh6>iYNEYu%|WxPT@QZP6lFPI2GKX!
z-RrmLmTC)&0#H9Iwjmgi_I^lF{rBmw|C?y|gP?fx6-6W%CIxFfk~*wxWrhi3vjRU`
zDf&kj=5>hW7}~{KbJ$!Ma%^M*lE*YzTYj|-!<4*9XT|j(*&GghNpXCs&aZi$n*HYW
zh_o9JS-oo!N4<oek?cPD#9&6OEfm4P-RPeKDrcIl5c!oC8CC|2FdK7a8?VxeTZ+W0
zJ@D7Ne`O?b>>Wl8Ti{)RR~)ayzh>|D&%8oJp7(yd?Z9s(^#Tqbex4JT4-g(m4(IQR
zkwYfnXJ#^F7Qih13lgDn60MYC@;JdKfqu3E9bCBDMs#rDGxVF&0(1cAJ*x$I2*R=i
zphLKC0Q8-R1^Nl3CvNZ@s`JIi#*Ag{WZVkBQ18N-I~^v*TZyL<u-6i>$8h-KP!7OQ
z4#6<sH|Gcp;Rp-?{>_fS?+BR12xA3QwgQ@L^|p5U<~7fk#YaDa%AZ1I_|5qYDt`u*
z;5TPC%;94IjSMRTEZKvfq0NKv`Mc2OcWL30S~|-x?)}7Q1-RY>jMM?L3p~B+eHRzG
zP#nL9ukvPiTL91dV3nJ^+Yc5Ad*pd7;fv{hA~C-wEGUtt5O85)KPj}#Dp7=B^$?P`
zmB?F1QzWG7R4HiA=HWdi081<W-rvP{m3bYJK|bvkIoOzUj$R9SuVzIU7tiC##?O<<
zaT2Avp%v5!Pf!cZ*jO`Ye{Kxk<1Jf}VFIwt&xHT15d9;H^1A&q5N{@g9A6-I&R-Lw
z-)9r)H*!4|bz)I(&FAI>`izzTU%d(CjWkI#=6?KmI;9#eu}eJE$aj+L6>rsNy-Tq~
zd=*jTZvY<j^kCfWcUukamc}jN@+9{e|9J$S@a0gE1FC=il4-K~fyB}rqYF!k6;Iy>
zw@Ed6wjcDX{jP1&>2|!D(ae*y)D8?jXpcNth#yY3dlTRLrz%>mZ`^!q;0o8aFy6kz
z$FDYFada8HR(5al@AGLlVGOTJWeT~{WOTS&!h#Z&^zYn&p<MLWw^}GQbt7kdMJCER
z6<S74EtI)lTa3W4D{5GOv*$e1OM-tS<(A#Y6Ai4Vij&#Yny9C%`P5F()P}$mI&lhD
zNgAd^!$(EUjm%*4JmF0&6xb_;@J6J-1|=1BF=^XZvlYRMv07<xmsIm*wto<Ia2gbr
zZKpv^9o>pesG~cjXo39=%9!5QGrbPY%pQM-89%wp6XKUA#KR$5I#A2Sa-0^K`Lr=3
zH}ngc5*m4m5Jo+&mu#`HT;YwNFoE*Fax<Eqz<3)AC`gV}(axfcNTJELBGCRF3Fjj)
zhBR4A-KF3Gd9H-cty>W*AHm3BsI95B%HWeU&+}c|WWW(9jL@l%*ygWsZS%(8ydh}<
zv?i%8Sxw(1Vc51;Cx=oSBfnQd%W`2fxvb0NkyXqm(P*3$D#*of;TC=7S_|bRSJZI{
z`Nl`}Hj%~IFW!UMVlFbZAV+`UeP&7a^?MAMN1kMsWHat+VfIX#r8OtdR2QG`#N5Pq
z{zM<sr{N7n?}j{(Vf1S^Q;R;#(SrchXO|%0ER!A?OW_SdmQrXCjr~}Xq8yk@9$SfJ
z9>7*<y$2qc0cY<Uf=PN_QiBr87>&VcsU}7xf0~ubg|6Tn{A*}%A^Ta*ex71KFR-7N
z+0T3IXA}GRnEf1KKi%vn-9kT@eMombkOIRD=D^?TvzVty)um{8-CPoPKon{c0IdO=
zvo*}}JVC7qHVbXy>moe30qL^|$pPb2C3RK~yZ42c>MW}^Hh3sy_1Ivqwb-INcf+c%
z`(MOu0Hgl-PBcY3ozO<$y~ui8mG!e)qC67P;wlzyVcZj<iNAVn2@}L-@lV<CDRzIp
zk_|IEahMk*4)Zb`X5<naz`XtgIEZT7S*9?5S8NItHNrkCZtrX0$A=gr0R_TaF`Ax5
ze+vZ(!j~?FfwH#5Dr*;E7<07|_|pX`|5Py7?(7HVAAfi@FwdMB19SS@43;}qvV8Y_
z;3-z%*=oX=*l~EQO^t5*bNKkA9I{G4TiMX#xl%>5Bo>|of=?Q$9Y+d1KUqR~z3f09
z9!7a)WYla9(YaP7v^Wn(_E5QCA~!<l!$JXI@NL!_!4xkZe!B!YV6U$3pgEIy9M1HS
zJ6Qyd2k&fQ`Zq8gn8So#u55J({)?tl(jZb&dhtCApm;ZvZ;{gt(N-f7;v6xJt+pD8
z)3BF=@0U-<sM*@jk$PGBv(WSOw?#tBc{`=PT|*=eIz_NrlAfreC)l%jlC$6G7a#!c
zt~2oI0~U`F#swVabTM%leSyJYhB>}1hk4<Z1P<e)G%2BXB}!NNGh@70`9kaQZ#h&&
z1HPsoCxR{EW;wJ(f`Zr%)HTMhM-E?LqR1>%g%$T|s~ErngWykmqcS!|3~erBMT^)^
z8T(noeqLlhud$zM_Oq4!>}Nl1?8n47nax6sGuy(3tIxUbtW1q%8w|aRf6Gra%w?W+
zdJCpSOQam4i^5_SHSxXW$??-EW_8GN&kt}ZK!aTA!D!TjDdM=T81tTDhLSeD9yIAl
z7;);$>4`SWy#A%h^@n1Yt&bCXyE|O^x`nr+>&vm71K7@QupNqL&g9x)W1c?c3Bjc9
zmZRk~8-qtB$&-wp6|KZWH9meyAV9=}k;jRMq9STPr=<-|l<L_2$j~~p8d0MzrXOT8
z`C}dCCjtz;uAwO^v!w>;m!UkOtztV#u#!D3U{7n<(<1itJbNl-PcO2kGWPTmd#Yql
zud$~!>}f4~dY(O1v!@r?Qxki7i9Ky)Pp`43-Rx;Cd)m*Qs@apyo|@PbOX|34D|_l-
zPb|S-5btf^X+L|ivL~HA+1OJXd$O~q4)&DIo=kKU63k&wR`!(3o^0$Xk3HGhlZQQJ
zvnPp65LV=2I6>b^0W*1eC=M=*-i@!@|BY6e*+G#Lf*J3Gtn+~a=i}K8#RzTf2uaak
zM+&)rhy^v2Za|v1mBNVz?q{ZOQI8$|mEw_&EgRL~T0Gr5Wn!m$J*NJrdxIO<=^i{6
zI_xL0J3D&mVfgX$sas%3;;UODgMs`|D0a2`P(P!?mgOY$Rr@a}D@`{CGFbiuV33ZK
zm~9>oQjn}CF`2YI@w7|2<Vq7Bbm6-;>584w;LVb-$Od4!AqDeC;_*&4(|?e(udo;-
zI&oSoJ`;(;81G9`+X_*U^_F!Afs*;+V-|tUHDj=eof=%x;4rO`w6Rij0)S}3EGZ}u
zfc5}@b`PNH??F``{+<m(ABr}T9(H|722G2st-aE`c7V%HJQAmF{l9_#rWHRXsi3lV
zyt@{a>35hi-9*vByrj_=q8eY;QLvUN)HOwhM(q^~n!VfidxdIBjC|`?;$su-^Tj32
z^TjhYUx_Ox+JhaQk`cfca-=A5@Dq{yfYDz9ZCL_Y@rg}C9Uxep6Y<u0pXewf*qkUy
zgKD{v5%317fgbZB!|^eNKYAh=_z0+9g6Zfb>_ZUv0r6uQZ}eUQ;Jm*EAah|A{XM4^
z4@3ZBy8%kO4P2|?9};lv-jCv7bXB{y)%B6rnLf*IAaR=q9LBvg>RBWOCt5u*EWUwt
zYZ*(w$yhwOK8D2;ZP3$18=ek`RgdC9)}x}|TbOs$@AcMvfd^USP87)&FE=s#p0^bi
zayuf~!q_pv7yb(-YyNAH3<4jywnYv=0|Bv*>gNm1w_=;{|A+(mZ=d!sA?a+4oy!8F
z`Kx8ke*-nS6Po-K?b9$VfZr?$gN&$osgi)sRugQ-gN-cW`GZ|z3Ge9vBkkoF4<O7<
z$Tc3&iayVH$b$!u@!)|6$#{_9VVd!PQJ-cR53}H5uJJGz9u^o63*cdq@vsOUN{xq7
z2{r@H5CC^p)8DWoB)npd;;Ysqykb79tDaAI#XQDWy_oRoMfU2YgjX-ISFa_!V(zD_
z)+W4K%U)F{yu!b^JcxVaBC=K;M*6g6X|2P=VqsOSOvhX?*?1cCyUSvUVr<Bn?fAtS
zix!4netONV=H!$x$7>uWmJP;1MEFs3D`T1^FAg#>i|EjgVyRnDJJov@gSs2Mx#xqi
z=Sr^fAti7@H97R$Aks>pYAsZqzh-(L`xQJ8#6$V-O4@yPee+8elU4vd?ZYHjpMi!>
z!JgsSzw_=od}j-GSo}kS9p-@T?(k!mfLtBE_&)e=^au94!_PqVKK27i{u@$}`abz<
z;N{_53IWlj%sYsN-g$+gNf?G0O@4EE&@})><fcC3^{E?+(25N6j>@4zM^uhBd!r3L
zRYyBTS*;hJKF^HDbR!SS^HRLQGlG8({5K_l>E(YcidFYyVn#aW9w~@d&^;t&zrVpl
zO*iV7u1EE$S5`Oj^mpE}mFZ@&;zhFkn2^z19sYUJ`4_bMNT%$DZYLSBG{}z`IuaG_
z$0ll7Z}_VvA<MjID@qq_zTu+nj*;R}Pr5i%8ZHi<Hd6EDt5UucO8*4UN+cmXDU@~8
zPJe#seV6WD+$}7HwiL?$1e5-ahZ0QLQZOzB`P9P@67LiI7uwrUjvzJ8y(@4Oowm?S
zDvTmZk!vrF{%cd>=<zTPaoNL$Kj^P`-eiCTw`~tbb4;9vR~%ZD4*&5DhyUC$QY*^$
zs_>6SU6^-9tk@ABC7L0{hUyiofNQEJrQnxoV#QZbDts+enxrj1YJ<V?WbhSiop6c1
z*Mm{3_xjWhS^bC_qh=!yg2o?fpF*q+lhr#+-iD%dv$wJ+W4^bsDANQe60mvS#d(C^
z>mdi4#1RAn;g^XPHx4vb*bk<tg-1bL@c}%JhL=GDbPe&Dx$gob*dtwPV_{B%b-?2H
z1&&gqiJkiMrPF)hMNy_CY=xm_!k9%&KW-_x5*C^r`w7R_S=f5++ApjA4{dnz;I3VK
zj4JjvVLcEOd}`rFn+)R%e+tq+qZa=#q=Nv3=*VFJE%y+%9t~s6c(%w_zKiD?@kK@l
zCQXpdhzUh#)>H)8kHAD&A}B#JeFUh~XU|U;pJX8dkL%qx5%kJRGvH-2vCJ`_{1sSc
zC}aBuhe-)p_R~*BYPG@qP^NZO>-SqzO$b<TuscP3>S>N>xrNR)3OQ2fY!5c{zGU`a
z14F3^;>8d07a;#awMEtzZnI+LXj9;5u-CkJP-GhX6i@bsyn;7$TT~8>-iG1g*5D1F
za2~wsm9-gI2mkId{+5F^-HFWwtGl7reqfL*L5tL3bC(j`d0*|~;m!w=SCHSunB90{
zcJBkfljiN={O*20<0x9)CGxv5{rr!ri_jkW4N93i8Q9$>Z?sWXt0h=cNqt{@`b$#&
zNA4kZ*D3gY@ZXd`V<93KaVJGRp*X`*5HFI@LXR`M20iy3WOnT_PPYO%-3a1zQ!;vM
zC@>;5Bf0Cur@t^bgdCbc#>LsxdLLHt@!A-tLlp8zs`cFL&Px|JihChOU^u{NPtoSY
zXb(CJrx2rRreVBe48!O+n{_-dx#R3_*>O?cDX{_rMpB;?cL7+>DJyiBz<Pj=^x6)j
zC!G%q3PX{|!>;D|U=g=eTZ0EkL;@1=0Jo9UMK<p{#BFXN!&^PFbW$k&6!LDA3wdSY
zEu^nZ(q>!-{9?QngOgYlcR0?kf%TlSD#AT5YdzdXtmlw9)<~?rg7v+uzR!J(^BdMj
z)wE3Vf~eRQ7#6xssGJ5HVlzOq$)*VQ@C%gR@`Qx(lv*2L_?43A$=m7w5Rir0PHvWh
zJ2ALYTCrRhO8pQ!luz&8K)=C`?BX%%>EPisCFHRwp{%VKY6m!VfoMzJQy>ma-7N>}
zQWRu?lDn4%9Y~E_1~dTWB`8n9RkW-wpPJPnMH`_|pp6;ys%>E(I;0UXAUo^q!_KCY
zljX*+n||vUN=&Ot=4fWd)XV}hG_lItm!API11h|S_*on0XCrS+;AeXoKg)QB_?h`#
z;%7Gc$r$}^AAa@|bE*kf3xp5xssD<zGje|hcGeZFMRt}0?5rNx8DBr3??UweFrXG%
zYT{>I$j|PFpW=JGAo2i1Q$X$srMI9vdOv&Qp^9*c7i3Px;P^w2@c_CDaJYlS;b?To
z;cAG()%WLcFmt`-R5Tj-e8Bs~&7_i%vq#lb5kvFfZl<u^tkA)>Gx)^}$9zM(0mi+F
zb~3}C(cg;u*^bzLmOP)yq4ewV9`T7zOe|S!q5P8TvT>%t&aC1=%y_U?3N7_uUK8nw
zE}jy(nx#bUU@4JXVkwcgoGm4?9GVC;6HAG#U`pi7w=AXs@*%_Qc6rO9?~=MsHU{GO
z%@oXg1IG0h$Df9;1%wUa_$?bKvE}&F+YbsSrFkui`lamtpxBJyQf<)GLPw^j_XBSw
z{)$x}$ZFvx8&1oIzM#7%g+`A<@qPNX3ox{GvDv5gc*>9Z2V-1=3QSRpE{N)$K8ojn
z`;nbHt5dM3GmJ<^ycy%0z_QZK<S^0T5z{<xr=h8Ec|IC7Zy1EU($&6(`8<cx&HwsE
z>6W)2K@lHTr9NR*_Uol@46rJ5aaDGB%ev3GD&1#W6<Pg6a=%|}#)wfW2tMhKNor~*
z1x{B#_BoG`ItFWTg@pONztrouUI3fcXT@ek{mdsEg9Su~t6_jd=wX{8tBqpCR#+U$
zo`Pm}ikj=GT##v43h-rGGXOoECVHBfN!i%P_3<wTdKmk!2Yrvc{iqx&!aXDb^19yp
z+5nJWfRO*tTh?<<$oHHL@_^46p@c)8JQ>8$4+W$LF-8mM6{~)VfS<et=)ieg5h9+l
zo-`zbs914`$e^P?8L;MX<8n427s@nwEBy{JuLdM4+>e93=n)_VTTL#I4|~&!$Aw0d
z6%$5k#3(5v)Ry4EG!P%_G4PTr3VT^EXgG!4Fs#ND$=!vUS*uu%_Ofya;}3;W>&eAe
z%ik)g`8%a(Efff}g~yY>`~dXGR-94euU_p(jfD;??!}Z$=sMh5j=J_H`!_?M>8byE
zr0A8m9|PGBkfI?0Dcbb#D+3_KB1DRv-m>0vB1P}nk>U&4y~#idML4R277N^;yznCf
zB`77+mwMg@h!RKq7x{$aAQoE`^((RBGbBC>rh_}m!!zW-sKmbX=c&B;twehPvC8sW
zcy<W<{O69i0g_Eo>+l|L2frE)jj4Fe!Om_JV9+PuONT{@`rQ<22a~Dm``{IBePrb*
zvea5ovI$;8?S)2dJREw9YPb6@fGyw@MHboPYSyoZuaPV$`yiIJ@UoRypKPS&7!LIV
z=^xDhT2{9JS0Q@`Z6c)+8%wE+iKDyP^)qFIU@(%s(PN)h{KF-Up6@LAzW+g<)K{#q
zQ#vJ(rz6F93YIg7L?FvgUuUOaxn6#t*`b73Tzhn&p9zSIK|j=T3P6Y<@97W^8ki-p
z25x`gN@`%PL}s5M4B`=bj>Rhk@n)7j>N+!3$Vp)pmOjaQlp3pXXn+EC9(8QFW7aw$
zm)-uoeB<^g^G4GoJr;RV<&p28s6DAKedI_p_g)K?8b@tnMYRPv?dV&v0tKp{MbxBc
zK7j{w6maBD9hahKT{^wUW-l7`Bk)32>tV?<bFMP2OW{lYAungga*BFbuU|(v;4i*B
zUg$L{g#JE>W05W7R5SsP>6mLXW<IINWWGi#GSH&BFoi)k$HIWs`zi-k;;IPeedDUU
zcYngF*aldYUyU%+JZ#}8okERy1$tUHlq2SGpmkZh3ID9GG2rlPEO8#6;s;b>i48&U
zUr+=j8L>Q_blWliD_(G){#z*MMU(upE<vn#mUP?+HmFK=`m&ZuUJ6gqEz%NOcs2Zi
z=HX3DLLY-orSqm{$47NNjj9n!WMc^{AJtga*@X0)F?8}f35i---$_VUej?Zr%hIxr
zWh>vgeZR0(n%9Pxbgk8VJ{u`B;h62OB+O^W+Qj)NXPHltF&_`k$0Ak;3^dDLNtlni
zHa4GojV^0hmva-l{C-lG@>#kZZ*+MxH8H~>Zb)UE;lOg_42zI6C=Y&revBp5^Qb#E
zg9tkQVyyKa|C|8T1An1$;!;;_FiJf1=LBrn@E024l1wb~lUSMC5?lEtFC$`^M>i1F
zTsrJZQ;eG~g#w0==c8g#-Vy&za<mckVl>?Zb^upEsK0u2eqZ}dbeY?usGa)euGno(
z;0rF=#!0U{h&Ud+`I)M*n8Er_0H9dT^za{2P|E|B!vXoEpRRGpJp^{${B`*_KENP^
z(9WuKldD+{-g2|}Y>gDUu<m8lAjf?E;AK#x;3O!&GRg@so0qF-%gCWEBZp6NpZ?P-
zgyjl5%nUaOK70|+pYY@@X&~>OV<5gh1Nj~s$ld)1^4)<4k`AvUk0$lE{v7>%@^*56
zEq|i^A`kTI@6ERd?C*uQ8Beq)EKFbu3zeGiW>)|31h8;B-@<E>$Kr|ZABC4S^m1AJ
z<x+V0@>{gT7)v6)#7~j{b@LkbO-uT=+7wGkC^edJS8VWHZVI=8DD@7%ijg`hn#E_{
z?gZ$dV5ker2ARUY@9bM3y9*1v#kQkQmO`1#uD)f`qpXn}{XHzu)7!TIzF`G^i3N`J
zE3h_JU?~>(BRs~3pGw0YZVF%34MNk{$e73|T#_}jnQdhy{6?;bT+TfxX6d`UEm7LH
z^$#ir(K0<qMe8CLN6zD=awxVY?IZdhuoUjS`mgw3+4{4*=7`y1V*Ef^ZE`h-SG61Q
zz+|-zM7VA6uDCr}ex4?&Jz~|&3@J3#7V}4#5^^9x+k(LI$}x;v#Wu0xE`d8^92b}~
zMrb(6_>pU(GwuD(TTkmvA&ZHh){Es;%oqJqBMYnlJR=2aU@y0fU)+*!2@Hms-sqk7
z$VQ}7CTjTsnJ2Qce<)j-o>u&fz7X1u{0EKZ|Ksjmz@w<L#PRN=1C1uBMnD@x2-+w;
zqS6MGmVl|y9jc%jq9CH6!w6<@Kt<9`P!JM35o*d7X4e_#;jFsj?9Z8Xcib5S9|-A$
zypUG_A%H+Yfoh6J0L=p-{Xgg2>SqF?{(kfA_xJlGT~+sS?mdrt?!D*nGdimpYLfy(
zgW4ed{D*9L5QwpXGy^-rJIeHakK!|QhT#hyudv~t$GO~*2fWq6FX^tiFN{o&=M+}k
zUcvEHn+2!lebb{Xxf8}RF4B$;-yxnkE){KMV+r%nf>w{YE<26oKWQv~RNsPjwSS|r
zkP%^^e^48od|wwCPthxEQeo5VeNs}gI}hbBTIolm_!;jeW_^!?iEB^&7B6imnb#%n
zzk@U%W6|L|8iCKdUppu$Lv2F&Dev`yd?s;A7&@V(8IpF1o%Cm>@1rf?RJ{N56(OPd
zFQjvR)W3kziZeynEpmRA@NE)oE84qrFV!&Z<J3EJKG^mSoe%o{Y%@6aZ$KsQV~my=
z`Xwt>%S!EFrOv(+D}|S4+RvfLJFLjxSdoKqMb=>v7ZfRFMP6Y=K8q{zDHa(7MIL8G
zo?=C+<BF_jCza~yR0A2)#C8<?$gK-+fx0)dx_7X;o8szLVDptw&UZU(7Dshwp{#Pt
zTDY=4bcK*M<HnJOe;D62djC`gOo&l1wBNY`d0|%|eG5)?exNs9Z8<8mbTKtm^j88>
z8@&IRsLZ&*LZL$XGaYw&dif5owd7mSdWY$6GI(dBcT;E_x)OhDDy}H`*66!NRHj=?
z7N?tv{|6wS^CyD5=uZUs;yB3b5D94{Q7Hpe2S!4cYt)9DQz_bknUt&JY7n0TBL=dD
z#<MASf&OHaz#rDyW}3tBaNA_{ty8JAFT={KOPHWDtAB-Gj{TuOfW-ZW5$}S21;1e4
zxUv;^Y7xlU!Y%`jp{{aTlrN4~mfQ;}iuxS-!d78o=bzHyLOx6nY&>f~5%M*LCXhfM
zQTp!;|Nl<V<^L%*Ov*_;fR&ogN)@tF!{SO+W2v@FRB8k(mCH)?iz|gO3`09EMRO_d
zUKSbM=4DKb&z?*R0DHMse>rI~8Cw>1y+8Gz976J287SD#W3EP6)oab@XYAa|`KxF#
z=pg$oyn2$S*wRVOb5tbibJ8)37~UwP8bPra?X3$=v6Ga^{}#Isk}=$UemeX!u|NDX
zHQ_dhS0>_hkZZ+E6r-CdCWZ5?*N&Gf@Ekmxns~lG#mw$!C>E@9E8fpw7!KTqAvpp8
zrL)Um`G_`q6`7xI1+>4Kjd5}|;gZ3LimOH+XwgBzevrH(ZVXe7ZL;`l4t;H8{)OSs
z*liYhJj$*HSX6`1vS>f$k<V~tpOY-f3$NfaJ&Jd?nQQ~ACHo~{pI6)ABTX4dLKY4a
zLtuJ`x*ezD{PSEie^TlYOw8D<^-RPUlx6do`p0+^hVL_<1st7_-3{Xl9!c#qpI)5L
z{K$N6@|_Bqp(Iuh9WzkQa`;H*EihBwpW!v7(f3m^b)m%r3vE(X^0Lo}Y`)f9`cz^%
zZS;g;)uxN7&%h4oaci@GY<#UhQ?1WMd9%jD>}$_M6CSyhqI9Y~-e8F#?Q!%}lbddo
z<e7lvMOK1M%V+f^`8=z&^AF_Rlu!{S4l4@s9FP&ytQ55Cgd}?#%z)l>w*T;N91^!O
z0UWq^=6?Z-{xcNslXcRnX2UD(wZ!wpAsA+F&9fOGE_<R%Bq>X3EojW`Y%J=Bw;axa
zT=}03kwoyY%7@ZmGY9MB$Z$2&w@?kp6tSK_^%guG-U2oKmyFB4YQ{>R5+<CDz8gdJ
z6#PG&@R}?82kj#<h#yGsr{MusP}qOsFG(r3NT5-$?pYf7=@^@^a6gRi0r=&w?m!^R
z(B5C3M;!lbCeY{^3;Az-0X-BCjHe&bz7ape#;6)gI5!qW`2Y7w{67xqbrRC+!%6fy
ziP7sE4tO7Fb_?=<Um#Qv0l;{}BK!_K>pUCf_pi9J<ERWM-YCOsnvD-{)vupjdo3MR
zpgI%7YM5=H95(9cM*=F?A&VP$o<e>m3{i465vNM>(c&A(UfW(BH$K5x9T{KI@8b9|
z>uSd*;P^f#GolBtnjeP{KhEKlc{ox~=tJA0G~{vK=DRlfLGz-$l+ky$hye}pmfoX0
zi|BSEw~b5Swyhw*up&khvTE1B3y?MVg7MG4{x*s0V3dsO<`CE6F%Bi;k<Uu<5`C^U
zCn<mrJHpysK(%g13u`Ptxv?k<&!@)ddZA4|(TV%EqW)ah2-G<dCP7`_h@m~Sot^yc
z3+Tc|nNh22qrQ1eNeoOh(#qxxdMCqDUmaQMqw;sW;=0$W2xfnKinkBO;cWKXQ!qnM
z4X*aSChZ2$2yhcNwh^y5jz>P!qH=n@dQ&N=;2cS_sQSw>%jl@1v}%T`+KIx%cs`WU
z5>5VffNubRXK^0q*IYS9&2+6O;v{*L_Ouk3Wo8s-d_B>KZEQMcnb4oJOinben82uQ
zeuUa~W2Dj>bxK>+1$_Z|47H_rA0yqOG3Ee>$2SqL$GG`ga(hJMw?>DY$#zO7eNCaU
zh^OoK;3k2++7cQ@&O?XL9`e#|n2O&e>^Iv;#elIT-IaQjk)Td+FT)HYj|v&QQecK3
zGhz82CfPe8@w3hXe>R!L@MZ~Lw-lj0+5Ak&d5kM3Z-Ic2>A#SY%e_`D$+e&lROk~v
z*e!4N$kp7MzCvI^gi3tN)bY#G3?5l^%ZIh=3s=G9<i>EzLay*iF1EnER*{=k&HF<}
z?xo{QkRWWBj5$6&<fa7p&K8|Qh!~7=ErMBw0U7m-BcS*VCnAM?WF+43zzBU>qx6}{
zw#Nryz9pL692?T;o1de@3H;W-R<f|ka+O=&s=fpt-SSycZlqwjqJ66;FwbVx2jiQ~
zV`MMUS<Oy+-5_r~^2kZblqQR3)ZJW}in+QFNRM+Q_wv3}TB>r>>Gbo)R6H#$Hs`=P
zGa?nubw-BJ-(R%vj_<?!h6`hs2BtBBmgH*nj@Qsc<jmFDW+n+yuPq`#uOvU4{kNyM
zlyn<cHkPcwDq@4`MVY~>DT$pn80Ect#S<{@yFtH`<j<kt5yYHFKJ6Lx6RzwlJi`qv
zF!M^Dnc=<Gh}QwIjB0FSG#&^b1v7sHdegQ7lm$@k65@qc^K>ILK}kO%DR#6c3rq?N
z{>nDVt`;>Z-4Gd1QT}sSjJUG7VcMh+QBZ#7CH<_O`7dJJ*hIL+X~t-C7B#RF!$`v~
zoB)aL;q;PgLOr46DmqBU@;XX(s=xo2I59KqyTr`Q2tIZZKF~6Q;UpTby%RoYu|_f`
zcn~lz>;fx8E670W5G*X}?j10Q2*e)wLTDcCqx#b<j1LT@-~sG>N?9_b%lV+=7MPFh
zOUMD(5e!m&F}~qQp-)1YP{`xFn|m4Ukr9pQgj9@)SJIwV+@qu&DEq&W_~pApdue7s
zdbdh)3&!f)skVFrV9Bnd%r}NBqkwYQMF@jh<rsZ8i^??6m*-oVS}X=~*_jK6H<xMy
zUX^;}8rbg9a(TnAP<O59T6diWE9QKwHXXxT3=ow^q1hLr8r_}L<R10cdXsx1O>SI;
zO;#o~IV{%XA}awrQJ!+tl6Xlg$rV-5{v30P_il7%Ka7HWcmtbA5GN6K^45jkzep%l
zuWvxIL#A4d1MH5_Y}EZbVF!MlDS0C*$e#;xJFVHU!n9g&Q|dfl+<O)5IpD=v(7$Tv
z-NB+$Q0l1+DPX%(bbi4t$5RhCXwW~4#=pWQT-byan;4X2pM~wYT3LHmYL5?i!g_PX
zk5J6oOGaMavTQXo8wLWoUQd127J0*!<-&`SMW|S#2*B7`f-=pjD*{YPb7gmsylDyj
z6@>#vgJ_55p__#RV4;Qm4f3;n<9KCCJ6<dZN($)D#iumbLSFFT6?AW#8+VTL^n`<?
znR2fpRjR|A=`etYc>{qj$;X&`>eJ`(waEtClt8|bcYZE6@Z6*=;UH|pC^-h_YTyHI
zqjS3;Z|4G-<cDvCEzL&WSgj2Kc(^qaGCG2S(yOy2<unU+7~bNY$@G!uUX2QhlEvw%
z-i?lWt%f!uw4(RLd9j~oyN{hX^{Ke~h^V8nCG`gK-2Nu?0jUEUVQRwF9{H%tNt(X(
z#fgH_-=^JBsK;-+0(_vO1BA{~UOR(uTObj_N`P=9W@yAv_qI?w$>S<|5jsh|x1jMN
z(|-e<RMsI8l@&LSlrmhvd;LqS!V`FEE!TFX<_e@U&#_WZ6uA@oCt{JDw@`vf@3ZLa
z0lOOSZ2+p#cbBBhg;H~Yq}=*et&HMm${Mwz^<?i*@o?<d9C%JZVC;Y8@_IYMjlnPw
z0yabc^-6Sxa5iCmWz!kS9LbUhWQ`B>Zb$3T@qu(qnhSi>;Jr%>9#0iPm&Pn5{@OMo
zK-4cA+L*kTz1uB9xDvnlR4q-vQkt>d(owmhfWu@3iQ2xSqKXhutM1th3XzYNgKyML
z`0%?9rrD_L;K{K+G=`~^>VM%!m4Yiq{b@4p%g-pvL>F@M1rOEV0-8(N0Ct{((UW{0
z)b=n?G-h8x@0*<Wjp$8zFYIWxVW_8Z%uR8KfSE>>hcVPs9_+C0NB_a1EJ1nDf<c_*
zF@ikRjBq>Zfo1jY3z}f2GUC1`$e#idfXj7A3s<=ijETyWZ6L;h{hRSFc8_*@RNtN$
zNZ%&Hj7RTB>@}j|l$7q6q*8L$6rGj=>DPOlbqnrs1%z;Ug-fnm_E#KEz4rkZ#vr7i
zRX0)2RM`4QUUe(#MWN?=Iw~Hiay#lNj@2m)N9d6&Mf<r0*GtB2qH~AH<?RrRFpoV2
z`FZmrm~vq1$NkV&VFdn>&k1-S8bo{B)z=sbSK+8YZ;rdqsU@)Fx}_sAG(W5gdn_Uz
zy`3%o611c}Fj>|F`3(E_`zT}{y31@WI<0MBA@yJou`vCUDA*_sK`_>GYfNLRSXkFn
zdPGHf1@a7$nE|xmDX;L3#Ct6G9gh!+N)IbS9VjA#8BO=O@(o0&uFby{!a>nl=i85E
zBt@zN#ZNRlc2HbvD%s4`{s+?ampnN&VP<EH2KHf`A;b0$(U5`v1T7g{TwWta28-A-
zeE22hM;%+m?>xdAD?PJzh)NH=MbW;A8J&pEbAXF;Lco+M%0|I>uNW}(ATw1M*&LS~
z^dC+I@-r26ckIya2AbskO&1+IfTDN(7E0saxAed7>VMzIzy3;-=-lqxg9I}O5V8y2
z{5BTPUs6mLMB^|r2XFVC1%xNkGhWYl9b`)v33rF#>&(m(FVN=|v|pm@*T3J2QU%?Q
zLAwAf=<y)P3J>0*_k+(CVc+Yb?2DyC-LkMG{P?tAQu{e(_QIkEevoc8=zh&mybAWa
z$?fN7+&3<xs0X$7w}G^($942ra{I3&wLdSZ{m_Ko3HjGT(=!vE6V)71?f|viRKCNT
z$*$jE4+*Qa)?E+!C<GoSw^$dQ8l#;sbB@hMvx@A9O$EHmu|@q2hTkH|tuFb3`m300
zEXrG`;&YWOv6<Mcd+jATHiMS}U=2u=yrGBZ>j4tDvcFK0)daar!yO+msVsAf%a%1U
zkn<(z7wm*dyCLB`5Od^?T4KxcmWj$h?9!LUv?Aqpk8&%I(ZD&~IvrDl2g#d3U#|zg
zoUmT|9%QS%CdJ7IG|K%0EG2<FBigou7_SuN85=F4aVX`tfaZ#_9s5Pab<j+O(Y-(P
zWLS?E3Id>O-2oG6W85i>LquM4bffShX$939A3bm4)_4FUQF+La+zPI+qHH?okuQph
z1igo=C>cXFvevy&@nIY|EIRUbw(fwa!1meLZz+$CoiBM2nCjP{to(KreZ(zMYV5nH
zaAImY?D)-OUJKyF!;um>7e`nm3dyL?g)cYsn4ZurZa(X|@=}97pSUVkdgOVvFr9ZL
z)aA-<rX?7)f<XG-n17uSz0_!L2OXRZT|~ba-OyLEaU(0eS<H21li=TBAPZes$7^tH
z#Pi(nCSS9>DRdWJ$<>U*O5?bZo4f;YRYr?hs#A<rwkA}mWal1<Wc=1fXoaF_%)#hV
zG_9Nc6fH>j5GO8`1p8RCP@77+0;)+STP#aPEI$tZV~Hls5aj+a+s9$M$F%I*D6ogg
zM)ShFoYDOVSN1;|nC@gjETiMtEBa^35C@FEOh2B+uigdtWr+UeNj>8;eVImHD*BfR
zx+@ob8G~O0{fh&Q0So9$i`Rz5rU`O07Q4YwA^4X7`~v3!CfhiN1t)2Y{7lFfMAB&{
zh(c74y!T?%byURA|9+C0Rys6d953g54f`g#ZwE!mOuE!TR>HSP%Vd@G=Q*s{3@ElZ
zz1xCElnM0u0dCFY^wJAaJ3szIJ>)`=EdBV8^aZlsudk1=F4jrPD4rHcH#au8^N7n>
ziGCdRc2FXUu5;{XX6G|wfixr99T1Qm=nnKB-X%A~9&aPa$F>CeSEtWSgZ*R6(rF^7
zmx(p`@K!934S4r-)B$Nq_WQA{7h1!_FR<i#Z%g+7Spqe}bx=|W*ZZ2a?v4tIp2Yh*
zObbQ{;fhZAOg1)4b|?N-^}kK@cge;^Y=j(y+Kk1!0Xwum6F3U0j3)KFDO_FoMZCvW
zyme-7%^Wn#R+s+*9SfUt%TD>W;brE2QjiJXvG}6j3eHTftcJ+|?=ZZdW6pNy2a!4z
zMA;rmDa73xh=16DJY!DrEr3-}bp~NKKZjm0>UXqAO17ws!QjH>B@u}x$mi9GCCGhy
z<7GMk`9MZTrIv!ai9?_xh}0DYQAsSI5Y_}t7=vdlU$b3J8a0%Bn>UPYY!-pIn`w>0
z;4Ptewt{l40E$w4NOAyvNd;^eSaQQI=EM68&c#r=t8`pp9tL1j4rog2O)tEY9WC13
zNiaXK>^os5pSY3g&r>f4?v@Q0np@jbn0(*y1K=&)aAkPkUV63g-e$NQyf-Doo1p(J
zg1#sS>Q6HyWsGBoD7TgG_l`}7ucRMG-zmwiT~^pW;wf{c2LqZ5&Yiv{9<+2v1&XBC
zDvXV&q=gi!7WaBPzIN_=(I@Yg_sWOtdq8XTA5Zo6!}E2$S-ermoCJD5Y*DxQLb&bl
zcU&yaqwjP&FDl+<^wrvxg=SG8XFKR=NW#-F)SvMU>}%kSv%$9>TAqUo{T$fILA&Jm
zyWkGC8jX384)&t!{1O|w{BCA?h0BKF4T1*pwRJWwn<>e7vI9z>M;R84knru2_~Y3t
z-a9^=BNymywyu$<xN_P?$Q78`#Vmoe<5@;7@*3pI{)$K?&%s>gIGCHsqaPZ&4RXtI
z850BPb<A}z;k=#v2e(K42esLb3Xx6*%{=lpG=#qY$lV^$Oqe&W_K+mE>w#IK@UZw;
zQ|yuZUJA+LI|U#oKw3VPwo3pedfn$Tulv~*7LRcxnLENV&CGKRpOT8OsB3?(A3={C
z(xdtRIz4hokLJtJBZu^8j?g2A6ljjnW9%tHj~vpY`SSF5E2GE%exWlx`idg7sLdrp
z<W~Njh^-4^eCCB8NQ}PhctX^sTn)(-#FI>pE#kl06}?c)ynZv0%Yl&eWd{UMaB=ax
z47F5l=tM2tn(a(k=g|WUphDerZJcfj3J<993q}WW$f8bYJtX+USqtuvcl(cZ69YM*
z<=0x=jvaZN#k6NE*VDD#BKj*+B<F75Nx^xJEBiU_*#e8ugAB?B(f#_YB=>F=!Zq;S
z*Brvg(=lqq{L$>b^cqtazD5E@IQSZ^jBwvLKLeIn3_#K1<)iXg@sJt@YUaFM(}3<^
zI|I^e-WH1pFdc!ffO06nbFT&6#<Q5$u^{w2RxkF2H#X207Yre=7{1E8T{0AIjgt1j
z*nJo4$AwWc#w+ux6Xh*W-?=qD6sg~kNS&D=VCN(}&5wv%0GWx~4KM(}=|h=<y#XjY
z4G+JIGu+OzORsY~PK78FA)W938t?ApLxS>{zTx_NalC;FyI)MaeJmKt$QQ^MW(hjs
zMmG2|`A^wFX0;@Ls|{tBUGOt@-<6Sc-xaMOU=F}zY_A~iRUMUhhDjR-*hc)G4tHnh
z$r(laM#=ajTJNGOEb`qDt_<@fy8}zZl6;;b^(?UsbIYnWB*9(`+iJnFhPUxRL=>fB
zC->?j<SsNB^u&2z6i~{x&xKjA?{O0WU|@$G1mqMOx<tD<3MnD#Asz(%au7By>f(iI
z<bjk+!B*lTJ_xiQwO|w)3r3+yy1?b5(RIE-vv-N2>uj;o&lCKIdUPG{-GUySArHP1
z$tUW|Vp2Sv2ITi@oFuy5&;}%xpP($+f+3jcc*A@B1Q|%(12Zcj-C+QhT^$Sy7B;*Y
zYfzWgE&i|~Hm%hmGEiI;2+DAqOFk#bhefmz2x-p%3SiQ`eVYAG;VB1TkSiNZ#CA$E
z!$0&&KlukV@_~FKW_7?^Y9l2yKbMbF8uNYX_8@L6&64x5?=I|zI*fEy!K9#iI{?_(
z*+L4;W3Xw%630&yOZ`Q=c`DkCBzJg!Pu7f^CFc=|%R3^;XQ0DaZ=ZgEci6QgO;C`$
z&zE$Vimq|gd*n9lAv|9Nem`=No^^Y7*XC)u{<H-3rzM+b;+330w|ek2C*cVgI%vW-
z5?$E=yR4@cQ@um+)NmS5!&XO2f`5SNERRWnJeU+n7n3J&QbX4R)gWs9-=@UooO|VE
z{oG=h%YK%;`&{;Be?>=2kcG0@=1;I60Jd?-7l2E4O~bZe3wKH*hrgFFeh42JXQb=;
zK>B8Yd>Y!*^puP@^MQvufM9^4==Y__Z_!_SF}}IDXb&}^Q)JJ(O%446wj^6Gb;`G1
zdXl{9K+#8mzlZJ;H<JNk3*cihN%sS8*ze@V!LPVUUAY70>Ku~qz{?<ZVQJh$@;#!J
zxQuP+Xc$__gnNRrGSlU}@Z$3*)Z1NhI6+^Dw2ShbLwTO4uej(t#jF8&PAbX#1O;VL
z+|%k^C^91&3yO4N=ygdVom>7E(4x!PwlpJh#2orpA_a8!mJh~6`l083kVx-?%|?a#
zd1O<IHasHP*>jw}n=IesYLkR-A*0g6>f5MLpg5Lw(LN023`_o}3;7z!=);3Xl;t2c
zmQYZr7I&aH42u^@eF+08qlpIHrr)%R<oi*Q?_2qBHOhBfd|u7Rs)5BIyJmkeGbZ0>
zx|st$3iw~qoGr0si2<Gh2u*{JOKh1ewmXQ3sFXLWzn-5E&8L9Lc9#u>yJSP@KE;+K
z-X$AF_4$y66Ix=M=9_@Gxj1=vl9+{3)vW!ZvwYrcj>u=9#CqTJJ`=)blD~+JY>CBx
zNY{<^kEham%pWl&Clarx7GzpGt_K^bLy+~G&7yI*ZK6E;;v7jn8mhyC5}0umtTP4q
zAhIS}M5!)<?OB>+6y_E@G9RWNiCamSpTst;C;*T_kS0KSe~D6D!28r(3MP3P^QQf7
z16rJbtQjIXzwzCR+w!FTBGPrz2f9UnBS`eRM2Qa7wA%_-(R7N&Q`Bj+i+hl?pndr)
zbm4sq(+9t_m{#~`M}i!Rb#!bsbp%YiC<7(NU-*)+si+s;hBaz46Yj(03nb6sLnJ>X
zitPF59Dv&oO0*gGv?%VWY%}9$l<1L{z#!|W%~Y=)CHfp)qQ~?@(^-HDOShSIajxMk
zhq|L`4A`UiJ<D_<4#GP`?uahCstfU(L5OcfA+E<G+lniuGJDq?tQ;r5b4Y&YgZ!Qt
zk>7JjehbFC`M^|?-*edSOOfBAzvg0ma|!ZW1Cgx`{cm&uCI5}lqyLB(qa*s`ANho%
zLS6RyHCKqoSbCD8HDgFsbe?-S1O9nD!zF+2vL9GF0kjH7JxHG<eo-cy{TEVvcaN86
zY#u3wgWQ_Qc*?pHNWTu``(za47f6t+=zkviFLs;&4aI$P8S5x^fHTAeULmA!a>;vK
z_H8cvAr$mk@%Cync8z56ek{oQ8C7Nw_b1%;2Dfo9?{B|YJV^?q?-KpNf{4H1BPuLT
zctHFuXg|+m(BE-TaY-#cwZ%U<^@ka?X1s*-2eX`?FWZ2XVNetm7XMkwft0F+|Bs>-
z*AU5AD;bXn_C1WUVY}6>cmSrewYczR4FrZ$MZsxZdOMJCXdMlq**$U}SC*5)7-Sf3
z`Az_HsN4PrkoQY6KcO>u+Ky(kwd7yt#&2zzxm%(!T>M%xArle7gdeOZ-BCK3wH&sF
z&_i^8u;f|`Gm?p{9|<EpiYf_$GlcF5FweFb&wE|OQs_;2lK6b8#Xa&2SB9rW;{!Rz
zXrBpufTC!~#DIx{QsxJGlcAi)zFqWJw2A(<MMY^IkSouL@-~pAbrS>qk4g5uu*hZ=
znLTK1-L5?(2GvwC44dRC(f{SeNrB<liZBM~<dA4Q2fNoS(HKNzIrdY216URIHN(H@
z`!FoaUijHF9a^k1iO&7L!yacNH0r$xKsv$nLxr0tOU)LvzaoKM>pMwtL6k9qaip@;
z><_2-vgxuFMWDKFG9G201zfs7Avfvq+5o>KvJtQ4Lom|F6H;KR8Fz*lWSVo0to07z
zgH5ThP$c=6D(Uw%^BA8EyBD2pWdHn=l%&>~6J4y2jTrQ@yxu#Lg+7BSc&z#$1q!KB
zZ~H5X*G4Tb8v5*^r{dPnYsJ(|c3C&E^IaXYCMs!9=O~yuECjzzTnM0A2L^w!@5Vz2
zoU7cCd$_W8^25ZG)~$knj{&nqWBi<4S0G)F3%6GUye_zlm)m%MQ#W8!pn@QtMqog=
zhP>!$gvYtvcM=f6mHioQB?Ce<7~DjqcjY9xcM!+{5!D<jBb7CRn_+*Ug^nhSrj90&
zP!*ZCS1tmFRdulB5i`FEhgl%E>&g3XgljH2yxsRSIlPUdKN)kMP735!|3RvutMlX}
z`T1-_ex8cT&mC8kpSwVQR-&ju`Du}07A`A4cO=Wt?M!~2h{(?!F4#EP_gq<iW}^JG
zF!_1HZQRHEFOdA~4f3-xDnB1Z`H4HEZ$Y_zf#fIJMAqU{Tl~{~`ooM`3(3#QWcfKY
zL4F>&to$5InzU1Ok;jj`d+FeaIRYpqn0`96IU+_6aOJ2Dg%*(O5p1$3$rZ(4NyVcV
zM*R;L#!)|AR9~I^1j%_LbZumMHhSTNB({?SAhhu@X_^%m-?fuG)ms2=W8>%Lt?>6S
z@X?`2gP6kBz7O>dQ3koFcJn&L)<zc!T92{PwW1&sPrgO}g|y-<A&}F?f0$-q_G1$j
zskR9uSOrM1I^Z0%zj_8u#)M4CxCtt{N49chAH|7fDPTH)kfP;=$KDi?#0#FC2oe~O
zf6!xZAWnT;ln;62gHiblQugpgXl0ux(0e$dR|@n87Ou*Ij!^j0dXgl6_mlkH&*bl3
zl)rTz*ulu(dhHQ7JVrIb-+2D4aFTot%0fI(K`uW<AzCfURALlYl-)fTzhxr&MtsWz
zGVP08=rM$bz(5<`pC&G^C4UCyr|a=#*?dz(Hm~w1(r81XKt9<_@>p-zyM+3I=6!FY
z1fHHCfjzne{_{Ib0*{VL;GMJL>?JaV)N3&yDVdWb2;hi4H3;CMv7Lo)!sv6~VK&c+
zGeAs{iY^?F=}B@H9b$5B!QU_>Od-j*sdGri&7waU%jYD?xTEi<8j}5kHb-5AFkvU!
zyy1<1PgvsXETZBwNcN79p9sBxqsx~~z9&FP!OpRK2hUCX9F4dPg7X5R1#`K(zRiNo
z;HV5C9E@dg4|)%*kh0T-S-T_W>3Ah3yLMvo=FAmRuWN<Cf-qiz3-Y;Thc$CYaK!{*
z*!s9M?2Z;pDk#b4)PJKx3X{#_>?pbg&k-@%;dD`X5dpShv<6Y}7;?H5O~H^i+JmBT
zkH-%3J5_Yn;JXP>rYIda{4DIiGDYK7bfu6}Da?b>H$hOA!uy3*J?sOgeS`sgPqQ``
zyhlM$<T}B=eZlR5u|qKK)~?k}Jsd5VkLp~^xycd6SPLN^EkvXJzaq{33HSrZs8g;n
zbdeu!yC9zzaJAvc$8M;gOoh=ev@%OBALx&*Wbd;Jqt%)wkQWgM8dR!!J9cQjnCZWu
zJH2|ZlMuIuq9F0%ri2!DybWs2x*ytq+4vvZ|AVpqSw2#{S_gUG0llaAdh78cd=^h&
zsa2cqc6_Dv^T=OoeLPB`MZbKGIQV*}vK!|6XOd5Dge~P-*t1*F!*5}4w72@oi;3}U
zS_<egayPyvKRv}G7Xo{RF~t9ZKDgvG$KN=kAMSs?1z^6Vr}%qSWLfE^_T~(c`~k#1
zl&hh8GdVF_2h?g+|I~*9+)NKWN_A@0C$OQfp!_*tH51y)ii)cqX4on^&o4|{G08N&
zO1alj0os6eeRTctU>T2Mm7Mz)h?0FDFc++~JO`ZR`_eOOAMZRbpXIqppGmWVxPE{_
z>|N^#Og6$oa>$wo3^_0j>Hx1i!g=JKf^)C;3+=D&@*PXZyX4(kZwYp*6m7Z#bj7XQ
zD@d>_q<c-Un76VUE)h9a!t>ls3mR5Q_D%T03T?7?MW?h+B)KA#!~BPm+%5wB??%<h
zgr30@lzFEu7&BjTep_@SSu<g1G(0#QLssa5d?wV>gf^+IWK!t^S@RVOr-8=PB`*S1
zjuKLR7CkzZ+sX_C9r%SS_tH7aZY+S=LzJhjp`WK<h9`7Rl}~CeRt=O8D<c=n<47(W
zyL5x0u#04)iKhYNmw}H~Cj56lMmW{$xE*13wMiDWK6B)LQzYGls~HFD!8lkC#*q=<
z&k=INrx7K@to2E-*Kt;HFMUa_4OL>enuQZUr#TOXh?y0}D5RtESIiq@a*Z03yW&}n
z3;e=JS}KDq=P}&RoP%M-hyC{Da%=MN#`Qj`D$MF8f<7L&nfw>W0j+pDtohuUd1KO8
zpA$J`9_JSCc3!Rx;mr*@C^HMnHKLquLkm2-MulM(^0jD<XB6>{qf<jV@R%hCc+sTg
zMJx)bHBsqp>ulvX6Pg*`L9L`j!NHj58v!Dp69B%1qc94ySm0r!;H-P`NjCh^Gvcfq
z5hdPN9rfD3Ky|G<0B{K!p_!ND;}aC=v;}PoamLGW3t{X|fwf_Ge8wW6KejRSG`z=I
zcI*!o)8XlH{m^bHuB+kD6Eydj`Hhj(r_(z-X~fyM=wv>}8nPpbjRW1~VI=h|?p2J1
z;Ks}pVXa>rJvjDD@?l&axmPz)TjyZx_n5@+RseH1Uc)|>IZ>G%vLIpX(BuC~5jwqd
zdXoFa{D}L743gG$#**7n&BO2r5zd`OJpt{GQ`-Fr_G30H?Bzq~mf<+HO0e(Lg|8&f
zR)L*uA(*O2{llX16gh5tBU!!`y7^)wSczU0S~t=>h>!=ue4<U?KGn@sZLENFfuKRN
z2%2lfGbSMt`ZeBcSnc@-a@IbQWN*5|OTHP-8+<*8ZP9;%vY??m6^e%4<V}U=?u)Ei
z4}8W1ZM6)67a!^5-V$|Ui$qmeWMxUI=zIcOo-HV*!L<7iyq`rY{%_IeRvB^U>U$04
zE!>+GOGm&~+Iz1@8RIDrFQeFgJBV~(6A%vj?jmcywv;8Cg>XHtPMNF+(DRK3t(mME
zw2&CyhJo4IwL|Y4Bl(k+v`zoG*AUAOJX?@+1|tl5d{cS!Uz5J;pbCK!RxI)S5cALJ
zO5ulL`VVdJEe5XaEq2x*eEjsWlLsjdCHJ=mQ0lK022~1jFClp1`g7b*D$jA#(zgBe
z7R<Oc0W&_O+tiVw$$+oTkK15w>(7bYPqv=p9?38~9?d+SZY$*O%xHbgW>|P#q~q}Y
z(FA$ikRWU7j}O;j=J0geIc^5j>j_;5+|Y_hL7J#$E|^ih<6dB|y~4*2xYuM(e_sdo
zqt|B5`j4p+a$bWlC|EPrVhjyM1Bj&iOlTp^Pc5_wAH}s$Cwv%dp-%WHGC|N5$$5*h
zs;l_}W@S_Or>mdBSN@VPh2M;0Q&>GCaSA`3ku-&?XRs+Wu>W#9PvN6eyPm>u=UH6V
zaJ92&kJ!II1QS3>sf9pVR?9sgXu5;^G*c$YaiH_3je<7ID!lh#jPs$AGU66^rg$e7
zBgU_!3|MAC9!tkoqWm}o7u$WK5ffoQhVDTZw%=<|t0$*ne$S6trs;808PoQJ?$UO^
zcPO?Ki@iD}&7l37;uejr#22HdFa_?{*Rarcmk!q_+N&qWZ^m&<`-a8=z%Sj7z;k7L
zF)r0&GoTd1WC_aX$FNhh@K@(@l>U@_>u@anP~1EA^Bb6SI>nU_K!*X0_(lOkI@lo&
z2)*?>*>h+f9d=Y`H=zHfd>39kp*BOs(T%X=Md-PFE3T=qpFSYk4+$T(vAWA}T`yaR
zx`KRB3|>sdtV!gyu-z~|&^wE6bj~e&S~4~j&BxenMdS4ZG-}F2lmuvkJntx887|F~
z<TDhL`+|CCavjNQOdO^Datvtx#xvssCOvVDis4V9z{f*djxk8I96@e?{uZplZEkss
zF918pNH5ENul<Lkf(ESJq~{CF1=PDOEZ)d<v3K|^$m7gveP1K0kls5)`Jk2@-;c%5
z=<r%}Tir8)(mh;Y){ay7c9uLd&i6R9ZZt)Ui;o!%wDOy+Kr26c0BMXX>jgRhqq9Sk
z<LK-cTZzu*V$oY4Of%4Z4ZJwv?`KeVmDPnA*-gOjH4iYdd-YH~?ciV5|1Q=4E`-0a
z{e)Uf$Dpux7y!^Ej&Jh&#*$@bgEwV*70~19EyPT{1SM@h{M6G1bFWoQ$F8@-EA<Zr
z#3={Z2yTiW!Mj^%1b@L|vjIZwLk9A1@kK8k<hk7w;x|%$Qkd7d04D(OGy~vSWCpy|
zOiBr?jBr5#DCcJ7mI0u5#{l(iMdo&<$2h-#GUtDBgE5*X6`wc5v-Uawd44khxqcE2
zu9OWf_rbWqeYTkfw;78qhdBs6!nWd{;ER_hG1NXCj-b{QUw0*|y9$d=z`AavV;28x
z^b7d*n@MbTJl&Wa`QQLU<bNIbE_p(obQfyJQE*O}nxAaOsi6%ISLUH;lp``XGod)(
zTBB};pgdzH{x_l45M?$=xkXYIo3%mF^<9@2l8j01pSDmPjH)4xT5Rzh@z{?ii3<7#
zQZD#yDzoKkL{T9GdRui-Q7jl6i(Wuc@nTd|>?t5oA<FX(L`8)j5`Fcgx-jgtDb5}S
zhCHr5dLPLP2G#8d*o1)V8}yU0c;u6@u|&Wve*h<YAbM{Z8yCE+3k^RAjYxmXR%vgL
zI8fL3F&dc9NfHA;SprNrsk9C;UcU(t_L_%b{LLscUsn)^@jq@NjQ<-JePm)9ixU`H
z&_UKo@Sz+(7~q4}AJJU1zaBqmoMwo`DN^r7SeUdLi5!xq&UB_xe9j>zMkK4CmYy$~
zcsP>|JzBii5cl)|#rvt;4~*Ju(2jvFuG>T`GYiNeT+hgX>%lk$N+GjkJL<__C~^PT
z=<SVB(bm*+u1zF3%PV{#t$Rz*$YRvAsw;XM4U`Hdl0z8=_zrZTJ}VJB1=s|goftPk
zOX_KYUc_P}VJ^wzjWNVi`0gu-F+@%(8|yp!>XYq_x}yJ*rMQSrAXT^(27OaKTVNk%
z%WAj!$g<koj6;8xErLChm|zqwpxVu}UJkXPlcFTgGJE7pxDt6_9m87t^`+ByTvBG4
zrBSmiz6Ou|Vmw1^<jNX|A-=pkLo7muSd0v@G|CV)o_L1%N@s`;G^O~HgbWdmGDKJv
z?@cpI2$+Tn{tDy>bQp_rL;^cRATQ64=ZJEhBVLMe#8=B!YJXr<_}+Dw;fTpE0!NHq
zN*uAa7BKeGc*YUGrrR@sj$!><DGuu|*Amv3WBI%Z5w@5WWs7I<LkJquFmH<bx5j$b
zR5EW|e_b+fxb9)Rk#1!4;%#K~g3JMQFu0b8AC~{L>)>Z|IJyWxuV(DEN+eo6xM2=L
z?I!Z8sx{EDN;Fvo3xEtz_-m~+s9Y=jKLq|C3I7Z5|1?L7+L(hgaMNFEXs~~UKk7p`
zrkC{G;=dh{h97=~A1;b%#EMf493C~|dVsHw>aRx|SVYX^eBKPoHz%<3$u6M`EV=@S
zBXaO6G&`0AoEF3IaK?1C;Y>sH{=XZjsxV*C{H7pd=$-mDAv$$>LcVd@Dz|#QF*a4K
z&Eac(55Ojd(6^X8dWQqc<VwoinPR|g#wdIP&~uH&3j%ZlSn2`*#^XG>;1t$TXX~KN
z7>*OuhG)SFUQ#!Qjj=;=s2}SW9gbSPKZAaOp_}<I=NpI7iLv*4Jj%~=J<7Au-m_Tm
zEIyCk|G8|vf2^f`mCfku3;4?tYO8NkI>>GbG061%=*mDG^MuG~M@UK$jCS!%jA@5g
z2LnN^jP$qEj5?<3r|voyoTlOWvT3*^PeXIyA+kRglp6#kPY_1s4MG3O@n&?W8lb#j
zfj0%-fkL35O}Sf83YrD`rqG!*JZP(;Pq!(#ZB<ZpCdlwMA+V|qC1M&TYmSxQfC<Kx
z@iRZf*Fq}ahINwkMGSSIJP)cEKSYu%gxmRHLa@yw7@Gy<0nBCZy#W@8MRvj8mQ^%V
z2p%(u#%3s}<>Tua@OohJPvc(CLr?Z#N1E21ew<Dd<+Eb&F#M_T*z3e#lSxW7o%1&h
zgkJ*u5*4dp|5kb4qRcnrK~Fk>ELS29s_@Js*iJ3Mk5C%A90rf23HD}zRfgrusuY;1
zaO^y)yWn4hi^jjvlK@jI4B^UFCFoiOs@Flwlcdbdl9WZc9_K~x6xfmt0~#KwadGjh
z;ln78GTbKJo(-B5Pc9?!Id!%PL+Vg;sNuMvSVZSZ-wu!Rq#5JRiGlZQIOkf0e*aTD
zmW3urPSVBn`QyXTy6jq*@tMNyFzd>5BLOFZaQpKGLNIKC#pQLuU)dzw{@f6lTR_fk
zynQKvf<l4d4>qIW`XZq=g?h?k#-NIjiw+&3ZnRPsWYG(Z`$$n|ltsgUZbq)Z@vDV*
zYP}Qm11PfFfVL-jX5QG$2P-(2oQJow7R+{ZNWd9~l}QMEOe5SXDD$B$VH!qJzJ1Y1
z;r0SS2wp&-KNfDEpQQsVd_0hyIG6?JZtn}i?Sh3u-{e{W$EkW8l;U2rJ*c%{U}}S7
zhx+Oy(8jPEwJaYQC`c9olc6tQ6lFrLfWePo%)CD43DbnY13(Z^LJ{Hb1VIS=iilrE
zF)QTKzDM}=Ee7?$;<_-+KL+}i&$sRYH6k5Wmi-m9vJ3+4qORgzqNe~x_>}jB3$kE|
zN^jjxk+QL&zd-@@(Xq79Y*XJJfc>QXO9d?x|BB!4bip$50aJrs!WRd|GO;(}LT3DV
z+U^JhCV=1(2EnZWL4FJZlZ3HO_J#{A0ECHvh^%)*u;rb31jZ({9|PlB21Yu5`#;dD
z_C5pS+YRtyst(3~w`V5pA7kfJwa^V|8f(&OH$)*?z2Ryg`VDr%M<7~p6G8O+27>4X
z{MIK9qNni1#ykd5e+E&Ud`iO4s0~s44B3!`A8QhRIBfZ2UdNA-fpKm<fpLC4p8w><
z@N)!TjMl;Ubz35S<nuam)~%=RZ-MUrvOZxdp!@6@Hd7?_Ce6dE*rt;KuthEDPXIi}
z09b(EG7x}&FaUmrFV^u4fZhZ^Zm0fpV*T5{yZ=mV@}pe6e*^3P?5EWKIryUn_*nmk
z@kNf_|7)#!|N8wadUoxO<fcp8`YAzi8$j`oPZ<=jlVDpsP=on|0Hon2X#5Rq{4NGb
zy;?{X>1oASSMIZj0rWf;xd=tHcNsu)@Wp@TGJsMEpa?zebhPU9a61EKAb?{1v@3p%
zQiBnjd+&Y%p+P<0k3jfp9rb+_{-`C`_gdEXu5~)R*!S|5sQwhUhPcq)UY{1BwB48m
z+x3?)ltp}e?MVUKo$C$o2^Ib$YR1KISgxKB$hqrde2Hn9UYOa-;0gR0AH~vYLoS}$
z9q`CU7i^U5UoO1GV?3sxvz=47eT%g{#^a#5(Czs?H3w=(_G-~}#qIbC>K1R*j;=!b
z*??=0nn#$ek^&<do9@AD3-<bUdR+<6LX33c`45y+Dwu)=0~vp4!oyCGt*Nx`Cf^T)
zl%K@sfRFQcmA$qP0cUUEy{->e`R#Z++YAEQOuhr9X3D6e-I)}hz-4R0v**%EOj9D3
zR^T6D6x8I(?o7jdVU-yC@|wI_Q(r7UG0?lO2xUp;V^!S3)Edwn%G6gWG2#5z_>UP|
z4>pk1{Tr@9TOBpLe7D@(pvtu_$F|&-8YAaw%ahmjMLk?@gZDKq$JX4IT6o`_C$H{{
zltAUHT#nCJ`NlkXM&Dey5nfii99vqd;GLQ$&+D5ds|_kI*SfLgYNHF9&X<?;wYach
zUaoOFw(`(2yl>8zy?xCtY8X4@sbT2Q+t(EOyMft%!E}7c%PGqL;0UoOcJDQ1yKHaB
zr3f#4F?Rlf5G(%^fjjOCpQ}8VoBS?Ic`hsYoke-hlKjr>Ql0~VTN+OD?5!8xK4)^F
zI`>qT@<^`S>T<N;0MdE+qT6vXU!L8!H;mBj=)l2RdHJl{(Vj0$ef#tBCEjrgO#oNt
z!?f9WxmtgIAD@Tt@;CbPd-y!m9WDPZJ`Z!tNA>4-@Oij9TK+A39_g01=+Eo$ImdAb
zh_NmYP~mc*-}K2m+0|E&o9RKt2Z?taazUXA#20XT6Mgy$KTUDz1)K0`noF*ur!Vkn
zhT{O@eI{UPHN9=bx3l5#eR|x5k8|MhJ$l@ZkMrR1U3%P%kMlv0zk>wj%~$62&4n$@
zTQ0{L0A*vIQbyE=a4&-Q>v)WEeFh<1az2k+>gsDM<esT3<mT5G6mn<k3iG(#uk=M$
za?~K@qP1wA;_Yi;kEj*%j*a>9JAGfHpEddL_P6vim@mK5_YJ*#7AyZ2l93n2MNjXr
zr}x>@yX@&b_VgZmdY3)D&z|04PpjF}TkHw1q8zozZtJMu>U{aVz7?!U9V@btJ)LAv
zb?ixHPn+3O1$)}gp1xvFyVz3`dun7)U$Cbyu-oc9=&OmnZ)ESkVo$r+lggg9v!|2n
zX)}Am;A@VmJo$~jU$gfc+50vcMr}Tf=%OxoU}J_WUTsZfI4S;-vgGeyXOEQE{T<uD
z!@dFVrj6dT(T1TWMcW@Q4{Ix43R7~VNPGZq$=7`L-MqZI<ZB~~PgPcXAsogJZTbh=
z8~Q6!w1)VkH!L1i#mCS}E*gxMpnP!!Og;Eu+dzKMcHU9J%MHB$u#s=w+i-#()XqB^
z<U0818dT?URJbrTs<Cw+-w+yf!R6S*%XNHEP4Ty<y5wN-8b>|0T*Avi9#LGP#~+t>
z@PjJdoV$T{Y;wz=@%}HN`TfuaKj>Sx<1@JdS_|@=`!koL!7cCAyXPA;=-=(wOFdkG
z9x97hGuWYrde#H!E7<-f)_!GI?Qd^T2h~CQAiB4INBekJ`4QWRMCV&J{f2eM%M`Yd
zAV~0Esv1-U&F_bm!6hH?A2qfffW`-1aybsTVJZ-gpo?>ZFxtz@nhsvWDS(c5XngQQ
z3h!@Ab<5j}KXA#?Z_uHH^&waBpRm3X=m*_(25sTon#)nm%LjQ_+IU#oU^E@P;~=!d
zH>mDGbub|{yhC-#=b=NKj?;s_bve%SK@Ix50R8R5{#?H?N5^!f{;H|JEnW5303&n{
z3POKdc}M6w`jdW>{!bpC<)1vh-v8wBS^vr7>;F$4U)Dc)e71k`_=fzG$2at!JicN7
z<nayvCy#F=|B=2pMEdR2-)AniKsc(B*9TA|VN)`wf^%0p8ZWmvv_oeN#UBd(N=^tK
zHgV;@Xb*=!L|udoU?!^=@KraGsS*^kcIyUn7Hr?f(g}3c$M_(~wT>25yc;ijGM?Cp
z8@g*@pBsK)B<<<Cx}Pvu&|f&4?k6@Z8rAaBdi+O^sT@@MoWslW#paK3cZPYG-+7>y
z;X^24$o8w04z4b!nzLPs`TyxJxh8npob6T21med43p($q#b*(^Pt357{TK&=0Hy+f
zR0<zjTEgMcsG=?VX?excK3LX7=g`3;DfoSNK`*+#*?J@HffcjWVA$~1z0a&%kN>ck
zjJ>dr(kgR*{S%suzlqHn;q!|lVuvy#%p=JoW8*#KkzpK39vNebZq+?9P=$3=sFRmb
z_PPD{QsLKG;U27T&uHOGtnjVNQVoSk{=K5SLkgI#Q3eS9b_@4XVK>|>*Ynx^cxAka
zGDs*7ri=bci&)xjK@`1Oh}&s@usH$$ob@FGGh*e|>{MQR-P{{qW?#pxIg|a`-^>=&
z==K8}Wb&n7UIdWxvR@l$1_}&n*6i2b#2I&SYxd?TZ@kGWK5F9DoXUPfulZR*%{N%h
zkTv^_l~@xH>QdIN#ES0h7XZH}UD@mOnpJT%^Rw5nnyM8FEXS&Vb#6^iDO=8Z%}d8#
z%ew5fEZS??N*&&P`8vEF`Jg*{frVRh+LgUpue~#&=hdwC3FvwC>kR1FEIru!>ZeJf
z^aJrTW&NQu)&IxLRMwA~Dckp%DUbX$OqNS|?{x<EFNVNuxw7BuV!HCP--}Ea6o{X%
zd}Z~UtonkX+?oT>_M4qSk9Hoy&LcCXys=WB>0#WO%{Y@#Q4R(}nWcxZR`wg5K3Caq
z=u>rsTT`jLqEFTM;oO><Y<R+I+k<N6V5;>>cYU1Mue{D`oxobr2_6Y^6rJFmT}?1l
zEu*TKJ;|lKq0i5wITHGY>~>|t8w)Na=Yl6POOIe(cy|NVmE?VV@U#`kYb`ba?41i7
zT>&hPOw6sk<09U1?i5KREGIL-pvT_ekq_zTn?Hid<4|GxzNmOlN5wD9h>G_*q2j$L
zD&Esk(GFA#bF*BZ8({Ei7vc#k)<uv3Z@Nc&W2{0F4}_dsJ|x3>ewHSK<CdpV^y+pK
zJHnOZpk!~L_(ILRd>U427~!UTon+kE{kSy;p+$Xw4Lm@~Gf?v*WP^nM#_M{QCcz)P
zh%wvRQ;XlzYzROE4gTjl!eKz0yj89y0Q}1^`Q3ILKFmf%wzM4n;6qoxT-n~`X5O(C
z;DlumLs4YARz?@aE`H5hX?9f0DgZP<%fI~0<<@Mua$#5YjFr$hC@PJt@z1VMUaksi
zW~?B|+a-Gii(T!KgD!gm#;MJU<j>gY=GI&zhAVkT160Vv8W^eenBZ@_SS)dC(Bb?V
zM^JB!J&!jgzeq`bks5u0)9rCq`c}&W67E`wzA2W`F(CZOE~UGpLc29dKl4{`bYmR?
zjCEMh<>{r>ls)Av??23Wn|Na|Uy*)!aZ;dn4>5Q+1!FWf8Hi%0*i;N3)9i6H;NLdf
z?!(C4awYFSl0H$HGNnlbeZmbAxdC-M>qKQne|Yt!$%S*53U35_BLu(fCOP&`%$~Bj
zNp$Rk>DnX)Pnh$SblHPvB9)*Bra_ZdH_7(y@lB;rQ$6CEGC@<U;I;7uyNTF?)Vs;!
z*b6;?1o%vZ`GZb=g>R^nj94dJ=T3Td*-5YO+ex2TCpUENq;FCud{7-QQE_dA5>3#0
zquzSZBiD&QiqJ`Yezr*tjp)EERNe93XE~~JLST}ad}((Ja%HIXQZ)W9+P^5><X}Un
z^zcLQ-(dLv^MHv*?n@~>oDKgChX2n8Or`kBRC<_$|AI}X!Oierk2<bS?uLEf)mmUB
zDu&T+)K$=plKP|CX4W|I{s(wtpV}>0!O7jwen5erJ=2cfC^xWY?%JgI&Ve*%Et#jY
zd<T=cHECJ@PFH3<1SKs4e$wSwI{Z*q+URoZxVnbY_@teAn=Z$i;g33NFq(IzeepI`
zpgXcge1Gj=c1JdAKi$uDx(`}xNw^QfDAEZQeo5nVR3x;({AcjakC(Um!^?{M=dM^{
zOQ!(&B=O235%&KNyeSQbyBiF}L*=%h+AY0eh0B(nTXOvV+>&i2SS{m|l=y0BC8!mZ
zh7FB)afj!~a@$}-6Yd0nqq#ENz6F*W4DbTT#lS7^PS-&}^}6(CY#M*2+wM;<K{q$*
zQh&&d@09z*6yGTxs0+qNEP}#YF`%ryQYfv=LJD>6TR1?!x~vuCeHh^4r><TG(fGLa
zePf6grNDDp=#Z>9De1{MQQj7Q!0eHWt)g<j5Wp0&u!9XhY<}OUO(E#gn<9WlV9SVy
zE%TGqIM~W&qseCQbe7Esi(Q@G;5GqW%@3+o1!TTrVTMZ}InO1>6C(S~os^QORScfV
zaywc?{~4o)%fl?r9!_j+twt@xHyw>5r{aaSo?8mTpc;!TQs5Js31zWWk}nDNOQ0c&
z_LJPp|DeIo%@Unqu53L#tk0r-=Lxm^7TCk4&V`QWT8RWCWtLS4kA=4W6WhXE6a%Ed
ztSstH8MU76PmhEro0TPaZ9dD&ugI~HVOJQYeX*6n$dx^7q~!Hn8QxVRbZCrhzv!_a
zTR2<_ECyIEab;gbV8OfH_M7X%QtB)#HX5oXSYTl2XCYtG7JJBdFJvMw!Ap|;lz?Wb
zr$IXeSR?>nEWKz1;1)<MZeYY-yL6)gbT)loeTF(yS7J{9YivMqjo^#oI_g`yhW@bN
zk9uW<bW$9oI1Pyt#+8RadWLG?9~d)Qz$&BI)joBy7&_@7NJpW4UujJod|?LPnL!BO
z+&K8+s_O9RW${|O0*f1qtVu?xo#|_ugu%*yzQU+)n^DXHxnhvE@*N^4G;?e2cRP0E
zmV_NV_eLdo@=Es41^a1{%WFn8t@JRu(-2`&B-t7%a8uwX{R|$?-RQdqD&FB8_HK%A
zpc_^ixq>fgGQn<J_VvdCd-)1A1s0fQErTcfB&a*sZ8OkidkggNHUELJ<U-HlEa09>
z{-X**iownODOhA_tu%lZ=*xhT@ZFo{cGPP*0JRQih1l8%pXlVsAf>u&R_}n43*AA$
zrrm+t{lUvxZ!t)m>o^OU;%2v)HjLvp1ho#qW84F+N%pN0H@2p{p2d50abl?Cg2`u-
zD@%@;y*II}4Ngn|-i<H0f0*}LA@Gn<a-NX5aVMaA%qY&~0lHQAv+-SETUS$gJ@V#A
zoXBC%_m_huhb`Vd9^+9*{kuj0D2NeVazn^3_(tU1b?94~OSzFx7+8cvvt*oQ5g2hH
zn~Cyi(ca;)e@#KNP*Eyan1u`_I4^kzMrq=`fk>i7K%zxf?OKn#5glLWL1l{9Fp8oa
z#)yh>j)%f7C;9s%@Q+TPlLn&qP1p3P^N*IsqC-c?^oZIQK{5i@C^#p;Q^WLlO)vzM
zXg>#5_sH8&RtO4Ev)qWLifK4-$=STHH^#eQb{xyc^g@wh)$U|76et3@-a^AVN7F*k
z6d`=NtLzkd=aJhz^6`=-Hk-jWOfpXBqMy2jb5Q|ND0Jf{4=f`6^v*oxr@YTg#<_{e
zAen}<dTilsIu^Jxyog;tOds~m1LDLQrf!DfD9J7m3&cV0kvGTS)&mU>L8!}5`Ie&{
z2aq2SH&=ez!0bA5>9VqhJe{Kg2*F~aR+MX^V3D-NusTs}C^yA{l|d&|H3-%$`gtX>
z<w~TFMEQlIR`0s$^7IiWzlQ0wYPgBXuNYy(jkfGMTvc(}lW-+C)rEtJCOU8>E6V8w
z(|~>I6H|V?Ll0k*Fw1eIfvX1s7OS!vLy;}Iveb4LUTOTqA9wZtUh><}KPtbcCChK7
zy$OQ+8QKyT$_<#Z4YV8=Cbe>lwG{=6-vE5I$K^xYGmcx^yP(h|7hHmU7#f>)2&L#J
z3!QB%J}3khh53>T!vxONMqW_@NCXy&wNc&D4ioU8;2&#A>oni~wzP#kYw}I@+HOOh
zd1@XMvZiUbUT$&&eM)b$8P=m0F1&poGffC&8kHzt3e*>1v;Rm{?0I}<;&VSs;`7J7
z5}*ItC-M3BHzYp4&^Ph<(HoQcyD8~;VB+(AgOd6ingrjl_~&T8GMrIZpsw?EuW{MT
z>Do1*IJUtHv+p{LvV@DTy6hp+39VI_>j(Z|yr1t=f7?&Hsy}2uau7zO#lT+CHmvb&
z^x2<7;i;|IOrt=}45>QMNDU2%+d{<U7s>@9#OTGXqTIokgnRm)BmEBjWRW6skRnG5
zwLzpvpatDtfm_qz;?|m;2YSrCB)~o#=@Hlf=~0w-N9eIlr$+#bks}b&1q^}Os5)E2
zVbI{Uh(h@<P_z6Lx8hCIy;Vs*>%U~;{AZB9jm@!~L0%jDi_v2I7gBw;5+~@Sb5K-<
zgY<hw^tT{y<;s3W7L_$2inD$>^5<Sg%kCr=0MH6B)*$W@XdAExw_z=zEYeh4)sG*(
z4qJ|XFUM^V<*Ve%ZXnr>>)lxBY%iu$D-B|AXcFl>%e}mk^z>S`T&pYZ#ieL5?q@I*
zm|Ph=ks=364}$<&CK=CSvd+N5)CB%2S$fIfT~xBPgZ>TUzheyEg&1$jUt_{~TJ}X~
zBgWOeEFXV#i_XWI4K_wU$K8NrZz2I&!?psrhET;0Ru_r^v24{i=;M;s1ODyMQibqV
zXg@Yh?datM+Z=tjBp-shF1ekTRrU3;M3A}Bj8Jj+DY`u^kLHif<o&Tgm1~1%%(-P@
z@6AF`1&Tk8O~S@&n;cXpjE%Vs;LeL>3OywlpVRk{+XQ>9P+Chkmd^{$)`fj(2f16{
zME1KUvWe8zChQ<FQ4ek+H`6B4YqMeoD(2D6ho{(Z7G7Qzwf}_?HZa3*;DNFo-XTIT
zlvQ#BA>AZlf2i4j(yabIuQR~=y{AOuG>fRrx1y6tYzb^cU|X3jt4FR;pB@nf_7hKF
z5dhmEDkCM#N4${_7XX|~;@~_NfpcYIe8$L<L$S*Fl8&CfV$2OizI(C7M`v|GzL1!Y
zvo;_2oloF*ef<&SJ<0qYxBdV;jNygz#PGzD*zHQ4;a^3XKP?1IYl-9kg<5RK99rI6
zF~E|y7yO&*yVZ~UeZjy&8Pmh5*aLC<IRoSN6NW2t`zu{?dp+ZCmhL#Le%#*MKq0Pb
zLjR5co&%;VJ%%hP1k%?6PYQuzb98?FOWO?ILjTf>_%CqcT>ny&!TU4Dj~2#{==o#c
zDg--HSbi{!BNF1nSK`q=S@CPFW=HOW)@s_cYvA9Dnu)j_COU|5sPuWxB3Vbva#Y_a
z5al|iWGMFwO0lYbYry3#3V%T~-==z)ed+A~ASn5uB)^LD2s+DPAOMpf!z(4<$`VGJ
z7T!~9@GkH@DfsiPrceoCp&~7@P};)LHMyoIYYl}zn^%Md)3is0z~fnhy-`rc5G&OH
z)$`%0W>J3Jitz{neNMl0i(x$;7->KG&awxl^kZ{|uirODZMQGyUtW6BN+P{V-V(Lt
z7XmpS(6TSDqagA?=y+ev`ER6P#gr-JHJin#r=z?rg@v+n>~LU&c&+a$e#LMz?S=*8
zRv}zLKI5xsEjr69!^<S4jB5KkmMz=`izXe<;bD3(1iR4s3ipb1b8gA8`*TaSmhdaQ
zX5)HFwe$BVzChn>1f|u7bxIH8=^S6$j^}gUCtQJ7@o)~F+40;813RY=hOUFAo3Uy3
zn9i3Rz8_wdxK~JKW3>0!yOekkQfdAv?n|_KeN(Kpgqp_qnknn?I4yJz76usVei&+=
ze6Hk3s@xhp)6IXJ3)k|nK2(HKBH#s&oBYRz1y85=k8wRZ66YXytugd2Yv~XmWI1Lq
zhb4k5!!S=3M@-ZxEEQa?c@LiF@hft=m`O+2u_N>|3SQ38=+aO7d~^8^XeC*Cnf1Gc
z)^8@Ga5W+SgS+&7tB7)K1?HMmH4FI<#FI(+-b;A;&N}jX94%t(P*FbQLjMpI_B)8J
zYN3=79#Y+c3_)2(t*Gt`CID3xN;e|S#z!Omz^HwOE7uiPas6mO`;*#yKMS+bbtg^j
zCOW!)cVng@p8s=k#TY91d6cWqQR2*mO~jaZnaTrSKO7nBL|oS628)NMz%M)0@==C3
z59LRIu@BNBj4L!OzcHpxztPquQ^)D=Y4Q4coPJwC-Y6g{hTAZ!4`{A6LLlQ`ueTY5
zS*B9KSQl=}<<{4p<9<>hU^142>ZB<^u4s5He=Y?uMFO70LYc58%AeyJDM17Nel~Q}
z*6&MlVSk3%r8sWQ@JxP1aaas*llSCSoH3PL;EE4x&nGsu2KJF1>hh;k4BBkg<oH}v
zZE7oV>E+g@k1v!Z+xU|9VOVQ|#JSt3U(KNd06oj?aq>*QP;#Vu$);iaiiff5icl)-
z2fD+)@EG-o#K4wgE2c)U@U1llSh*>ZSajWZSHtxgrnVreph?a)@5w80!oo46#U4X0
zs2{3x!6!iDgFyrtaLRz}MjH$%244<Vk83;RJdP{hVj$PH2)RbK(-Cq-@(n#j5fk>Q
ze^Ft%oDq)C$8rVyhI?Ngzt28+75M#=^+)6P|IGbgh2Of+kHT;0C*Kdhj~xAe_^m(o
zeegTCR|0<5#N&5m0pRyYC;T#`T=$C<L+JPPF@ow3uP0Q;>j&S3?}y{@1pD*L<3}6%
zeF)&{v3cS6kHY4S_GD}_G>&ES)RK%%<;$zbrcM`#)UUq+q&}38EHCc<;tKfP(=!gg
zfZJLfxBr+3xTPD%INTy$@0$a7txCXaQ*Xj6Y-Co+9f`OMo-p~t9PC?;QJ~c1#vc1Q
zaPITbmL!`;$DG{3&Oajip*+|R@t1<9VLKG;V7no?wfL|Uc%C*x66b1<5I}@hO1j|Z
zU?|m3<Z}G#384Mx_a}hcV+7Fewg>@qf$cvYzB+6#iN&w`4t!3w#Nm_M5YMhn5}?$a
zgi>xpSd(I??9+>}Xq1T7cEO&(Gp0g6u;-CZIOWz7?_XaCXkFL^T2}$pw{mNTFDR6s
zyX4~5*1G8I0g=j=wjoxF4<JrK1?q%TX1}v`o4hFjrSi7mnbbmmd-vimuO6p^zxw_-
z9Ua4I{@|{eIuB;E3oNfabahz%MIujU0da(;Ch+vC@5KL`neq5vn}GlEfd6Zf@y{?e
zdv+(TzNTkHTF1%jE7OB^M+{wsSBWpJpbI)Fj9VYR54~JH1>ADvM^S+5mdjDV+O8<z
zg9AT^0tOt4P{38|+gf_p^88ETGV=TvPjte(h5MoMJn*ys{qo%2^!+h^Ukvl(2X&44
z`@2B<`u$gj_NNokej88=#RDw-ZhjwkZ5+PkwsS&^-<$IR<=whK`SG6u$}1C4ep5yS
z<%#@$dHl!odhGt}%J}J$*MT%TpMPEjeOx`p?>+dVFg|VI)nk0~-XDbV5&LzFe<!~G
z)FYn1g&2dUxB=Tey1;fjV!Jv4+jm_{*cRjq$@moj!2)0ykD9;ilEp7Pei;@Q0FkQ_
z@h9jAjGkY&79YGEiwj-p_W}?QfYV(768h@u5uX3Wk3#s*Z@PMf@89!-5boL=Ve#*&
zub=52hyOx>duCf9_e91A&VI0F&dB(b{tgKia(#m5xM@M1Hjd>1ZG^i(<{gg#ZG4hI
z8@+l&Xao0$SEP@45kTn6{cikqDFT3Wbou`M=;!JwV)(uvMG+6(c=Z%f|M?H1h`aZ6
zK@s0g54U%_j667(dl`8Un%+qs4D9~H<-v(Z|M$y-dm4Wf_8;zh_1OPx=MTdE@Xvps
zJSaAGB@g~Qg2{vb8quXZ*gfVl^5CXNI?037wEsWK1KaK&MG@{BuAU-3YWP7Ear4fu
z<U!<mnT$#Bo)ISKg6I$T<jU6?=)TuGGiFWl<L#Sb_9QrKr+59|GjIC$l-QLkj{|tE
zg4rxkV9Hqh&pOxwZWa9Py}X0@4=Hcb&L+OK;zGEG!FywY|G1I-f8o82ZY!$bjXd&w
zBc|2B`C|7e*ZD>W$^#Z5P>Qgkslz>(cUzF*9bU1(DEw`vh2v_wv1?V{Y6{70`x#bO
zpmTBL^2A@6mRKuop%X^^WNkNg&x-dk4_@(#<(E%J?pSZVV!0RZ?fQN-jvR6m=4U|S
z{1^@1K1fe6KcR<?5p8Xg&1`16oZkVR<~LgZo8v#U{u-+P>k!sobLILsb*kTs+d$R3
zoeGD!4YAts{v21Xzn1FPoQC>qzpH+~PW3aevfLaFM=0t$%HN3PMIe__3fPPZIF@mF
z(S9j^{FUlso|RBLI=_^LF@=LriwSN^1kSTfz-#94vXAi}fs-0!OY&IseAQQK|0Znz
zci&L^Q2>QF2)|=|1m9Dw|8L>z(S8N^(7a+h<tW=kZ49DoW?|>C)*5P|C&iO3Hk0vE
zXpAYzqvw0pU)nvnemwk><KZ`SKy99xAA+>RL`NidV&;d(+TexRcYPuEOs#H$Sfj2R
znrMQU?0*#B-;_@M<y}R8H=t4w>u~=)SLm=XVSH0N_2(k<$h&B5g&wn_JzC>?j5Cg`
zQ9l`&Y#f=;<7MT$$zTHhEkNP^A*|J972K~W0ZbDAM)f24vq(E!*?+^A4;fyY{$es<
zG~Pd;90kl%xMNj53kzRay>}2^mX{pH+wyu0{fe$eHPMB;pg$}CER_8ev=C=Y9_R&U
zqk2J&;0%&wy>6j!2dC==x3Co-eFa2$SJx}PtVVSY$0_Y>qP};v<LNFa51X%UJS8`N
z@9{jA`6I`3HTbP-ygYuB`E@{yUvVP5nYx`7Fzc`Ohr>zilWVw&`u7UTGBebFpsV@`
z{y&R6Xtj8evY25KGj2_#5E#w3-+~(Wa>3XZZo-Tb?=H-wMC%p|-7z;CRPBvM-5JI0
zI3>wPh1LUN-*1HS7LgNAA~VgDIPvtyV-TksM&rNha`4~v_ZbXH@o};5`Qrno;h?r<
zVT8#!AJ3-OXC(Qwqh6g+oN1tpt)I`Wnr*L^&!8*D9QE@FDF*b1m=F3(hv=_`|2M+_
zH64<y3OyPH`GD`w;{)k7P_DD`Fg;*a&ajDrc{y1U=MD+}CAOJ{=leVAbB1xR1yQri
z5_;50fuSj)zxq;*E9KH1xQ&<*`VUkh1M_S%+>WpiNULkR#ZZ_G|5=xO#D4_#5WQ1G
z?!B)~c`K&mOb5C(;r77a&J};*DgVm1Cv;zA&Zuc2FvIp3=Iag2y+k9%)NJ+Y(>T?b
z*kJeE>e;+~qYG91)9SJDDHvo$@K<$U%FG_BD4+Cggu3C9#bMkjXde3++$;={<ax0D
zK_{1zCAOZxSO*bE^moC;ax6`PM{ZWXuGjYqi{gxdbjVz`$8=jxl%K7zG1~<i_5(ON
zb0KKiY}XRivWxfQ0C!7)Ibl$<0T`8lh(N^PC|`s*6{bWcGfrP>cFBiJ4tFo9ABG*I
z=B<!u`ci57+PW7Xz}6c*#!J+y*m@|w)tkdO46>yg20uN<r4~_HXvIm2`S7$Y97{&A
z=-#1DzowS~idjP)7$#tQ++N4+!p-Dvc@riBPMDZb&Bkz8B>TaGsLLi;4w9Ag349Uy
zPiT_o)?d_x&9EBS@x0#A#eJ8~e{&?HY_c1ad)t5m&BTEtu5BR>d|5Cy!yZ`Vp4nK)
zJ)80Nt+@An0`|T``uv%G&!~jojj$JPguO8Qwa>6wu=pV;wiiC{gU_Iv_Nju;dK%@N
z1F4wU3=?g#t@9u50)8Hp!jfWHB-m=rM%sK*->=5gCyW$GbW@Q|qI(iZbgTdzN%Ywk
zq0f+_v(IcdrW8(-zqy6Nj70gx!@YMA`DOSlF?fb@EXMK6qsA^^>H?nox`yW;<2u2U
z$S<dn8HXWJ4Z$=U7N962P!u{eYK3~AF58njCqxhkeMa~Jp(lP2=>`w^q2u!WFeK8W
z-p_9gX!TDH449_wGG1=n%RyoiM!o0MKX%vGulbRAO_E12+$cXGfXGiYy{R<4as2cR
zK_#{xjDxBS@9PAmw+)1anS@0PZj)=Pbzw0lPFN)HPHu#E*kM6jxzI0zk>dj9Xqddx
zqN}a;w$3(qP|#ipl44co_|U?vfkOB*!MT(3<7r>XvUC6#)4aKqNhTL&N%gmPESto)
zHi*s!Zu#4|GzSlx#w)JOW>Ibu<(Bom3_Z|BTaasE(Rb_+<t>sN92=gJ*;ZEJEu!Sg
zVFD^dDbUO77tME^a)CnPf@R9Y`!95GD{&jmx9$*~JBoQRcm&(OzF7iNF(vkZ&2MJS
zUysfAj<kIk+jfCSHfgzz3azk)HyVUmo`S<`Zoae~n6U)&B9`#n*kEg;Y_frt!^^=$
zKwd2lqgAK~Lw~@Wd(E@yxhtMBa%;wAtl(2Hx`SXm2v3<SjDq}}C9>U)b0+J;o_UV$
z^8f-iSE#LM8t^{aVN=%Mk@$}pIl_#;1Yqa078Vn_0AqGcBVi7o=isZE_)8G{7s4z!
z2u0+_RTgC25cF~#hSBh;3Wl%liD|}-2eq4Px(yb?pnb>Zm#a;Y<ZmVCd9Lh43I#b5
z?O%W{xPI{e$J)EVH&tbe!#Qo*rcl@c5rZ;NBx>UWn-P!*NKz6w2Tq_Wql}_*FUr8^
zC_(~^FA8a($74pv(HV8F^Y)H+Mh9lDR!|3%7Mm6Y`WSgC0xFykfr8o>rTNxc`{dOY
zb^hP=C+Ru+?C08Ruf5jZ>tW!Ai(NMk<z8Bs=kOTR$~MU1n~#Qr#j<cOEGs_@LCaWH
zhgMpMB|M1bXBlxx-D`<oj{K1v`Uzm_NfE;)18V*NQ1vGk{&p07p#Q)mh1LkNqn!ml
zBtL8nAQ5dH3r|L&GQ4^&tQ=#ofmOXp4r<-jVK}Xe;bEkqu*z*6m52ZgjPTElELAa{
zZJD+8CIg0H3Jyli{>PwXYJaTgyv#ozkNt`fFtEAdDWGyF^O#Ct8_-}!0t(4DD75C-
zPo^9a&`&b&;40;z3onA6(wEpDQHi-%|3L5=bpi4jAq;C9f_`cr+;5;bYzW}bsE$;p
zn+kZR7ouHdy@4Y`#uUry3W~}oIZm=lG|s{>P_XxVmCrGJQF24xo`diQj*Q293Dgxs
z0pD`i@V)BeCa-V|7zq~|DGifCD>=}#Td8S(b9^3b{l53H_<Upx0q-iUgvGX2*!Nex
zfFoHV+IC}DBoW44o`Is6#5ZsJ5D!*N270od*rf%4|0*GUu3l~LYE*<FW|kZWee=*#
zwb(2C2<B&%1$UfGTpO0gwSxjOA3w6hFZG62;W?tDP9w9M+mdc4IGSO?`5LCa%|pXj
zT8p{JLBqm)SOazpSFHa++(XuGLoj59qzX*E=rqX6{()*)M@UR4vpV7fC}e6Yi<ET)
z!)xksT1D+IZ{{1~@5F~<l&Com@GyHb;IAH!5Bi}+i#Q^fwC~mClgjrSzZ`7n?O$N+
z7xRgpw20j3-G@X4$U>4*%;&@-gm4aY0;OoC9e)R*5n@mYTC*diDB_f&fmMEpjEeAa
z+(MLMrsZkC7oZPcijFv|+)M=E6vpRF(T6T={|!2QSdgO|HAf+b?{*pKgI9PA=FD%A
zv*<%dnm%-CR~m569<#(tDBgSMUYNI|5>bRBE}#cq<z5Sa?V*`N3h}rgI!>_w+8l8T
z@$wfb3gHC`QG^r%on4%lLKO9)5MLGY#a4tA;twRuRV3*{IiVkbqYwIV>d;8k;ciYG
zrs?P<DR(2jB?&`M90|j1oQLg~E{JGqrPGBX?e!%|y5PGgqnlp6oA*O4_7gnncJ_42
z>U}y@IKe8zL=_$Zs?g?Dy5rXpRiF!r*L#KnRq$EMd+|3QpcPZmAiQ{mue_=sXhe_K
zcGOkz7+#7<A-_%}B1BaEJ7OzH*^rk<#{zF-#Uie+a-<jYlk}pMZFq!&R?Y+5<ZEsc
ztT|@}vSN~cJ^&wL4?uPx8yM&>?i3v#`z8^o_5wZXOR52{U>{#umPV~z=Y|?EuO*&~
z=NP<0y&5N@jrrMY*$c4d)MJV@X|<QKI85Rpq{Uy255VQS;l~-vcaml*G|-|o{9-Wq
zYmxwC)B;(Z3p5AjMl`wFB7!g9t2)hbqZA06rKT82B}4RLBf9Z;!+#M*A61>27@Cr+
z`f`f{JB?b;paBN%@-)-_!>dFjvUfx?GUY6_wG7Hl*a$PEZ9j|E`37c$%OK;=HZh9c
z-4ohUBuIyKeDANmOirZ$s-2J3uIRT~?Tf8YSzHe^cQ?GCNpAbkQ}IYpEGy1#0O%Yn
z10FOE9xR-GO&DrQ5<wGhY6waZ7-e01^MhQ2Vu=sb{ss?G!*D$A!l6J%itngJ!fg@%
z2N$pJgr-uKOHk@K!0&hX8R(aIx_D9$*>s>-J#=wJ99XI=p$We$zzI2~RdrGOW3Xb1
zOV5Z;u7$FDU3JD$dcfVgYPC^)`eWfHZvET0p`Uws(KsowLsVy)WrwDVBkF^uipPs|
zmric=abQ8;u~L+SK%!^O3|IRejEK4JIpV;N8DWlQsgF)=6+=%_t|XsqZ!SyBn~J>g
z1ANBaDzC;9OsrmIKj2nZ0>2Ar?F#e&<NXU_ym!lvRp#YWp+hDK!=x$QP<Lr7QY8z>
z(&>szvEmE4n3$~CjcYRQwTEMO<r;XTOBY3e#DLMne>+@j6Pf&X6!`B-D*L~{f=9Ev
z^s}Fk2?EqI;I1N8J!3E(U;(+mMzBKdmDVc4nMy0hg`nW}p+8Ywc&c`0Ts}_X&#xbA
zAdk10))N~D5c}LH3n!S_V_-J7bs3VVDxJHspqx>{hQJRZLU9g9gjIP&!{0QZZ(BZ6
za&6-xZ~NMk4qC96iz*+9zG{u)+9<xNuN%<=Kd#>!2MoaaCOgKaD&pRF?}d)B>MuFI
zPogk*<VWRJEtyX%gDjjU39U}@A}okOXxgBsf^Ptlv=Z&@S|iP`Ia$!H^k~(s10k_(
zwGA4-)7!goO&e%P=Wf%gAor$eBJ86}DmsU*8VCUQ9Oe6K6)r73EAB`ZUc-M=4HHiM
zc9cPPu^iQ&p)@?zhkVPlMSp|o000pq8w}HtfX|NhmYWG=Pg-fSa)goj0*T;eO=dI0
zlC7TVu(xUd*#MMfs2F<Ps_A^PMY|E$Bix)VUUij*ThAS`I@T-r`rRE`S6;~7m(c##
zj#~p_Ysoh<_S`y;(l}ko1pe;`{lfG2{S5|SqTq1KlR64W8X#!V^E^lWp1&deG$YPZ
zAs99vMXEOceOMFQn4J$mjbT8v&kOVD1^s4gC8GwQLxZ*3I)vUV=(9(W1)ZRZ9if{N
zN_j_oJS486L{~b|35h?ZL~lA#-l8+BVh3<fPyLyqfBUQjTIZ|zhS>A)nw=px!80t=
z_F{&wdU|KLTF+q7-oy;wOUInXshhqzKZSJK%69IQZ>Kt#=g`yd($lMx>9{-!p=3Od
zs^XY`DaZUs*qE--s+WAUSB*t_`aSAkLoa(Kv%F{`9^w!wZe{DMX`=4dN%5;h-ev$P
zh9&3<bo8v5?rLuYd}ZrGM28RINkuLZN>h?h(#d0#$Ym~)%f*C!$K1G#J;Ctm`|Kyw
z878Q)2r6VxA<xy`C^}}Emrs#_0At)pNu6h)N{g~8-D7VCq%>fqLozDG0Ag{MJse*y
zZZSY!oDkZI;-YJ9M<(G7w`2Go6P<j7Gdl4zWYJ(W#m)f_6ggS-hmj*Dxv+*+&lwas
zY!(Zfa95CpFIn}<!D8V~y8fK3)Sz1*^0v1i`}{-q$1a07CL;5UsvXlZR6A0vLsWD9
zM?>OibTYx6UjE^&d^#UbzF&HHAiT%o3k;e58DqcBe#aOn%GZ6k77S%2hbB}FzZ~h*
ztdB<+B<5~Yjt7ningbeAG;0og$m<wO9~w1Q-H2%NJ^sxI-@acmlD>tt9Q~t#e*}U&
z;nG{j>K}9UkDqSIH#jRk2QoZCx`LN<hEEs~qWF2+mVDym&<DQGE!p4T+)_i;V8i0R
z{6e`)`9M^l@L7=YgAE=w=a>hiEk~Qorndny$xH-Nbw~zIn@#WV1RH!eB1OFFeEz*w
z6Q4|{o_{_wl)Kz=9A)cJ=%xc}d<)DW3FB(3EIa~32_!vUiOPHA@35Qv9sbI|{T+&q
z4z#<eL@U0O%fn}yqiL6i0X-)j0ZmT(0py33BE3_)zauY(kM#Aj<yBA^S$S>B%T{it
zm#xd7v6PoB41c7%GhD8_Go0|P?hHY0x!QU@e{8xx!*`pa-{#LSZp3;roftlWg@i>G
zI+8{<?|c(;L3&~apB`$6{hVNi=Ho{ROxd>M9A@zq-|R%o`HlXwPBljVE&qp@9nhtp
zL(gpfcD2BD;gqunUbSw5mwn*_?^qWiO0jn<txI_Pr`4CU>gj^(^{e)UU&-+of4tZA
zdNDj2{TF_`mo^xW{j+`H_>g_!eTQ7HUxP^xxvTE6E<2#@Yd8P`7keT&5bNG|cwgSa
zecv<eYxpGg@!sW2;oH@$dZ1Eo?VM5w{M%>3#pqvl&wm#~`|g^G&I0_ys>PhDIXUc2
z!(w!ei+7$N9tP@i)!9ZjtDY@j$R${pE~2B_eHf81vPr0HIB-8yAN=_M;P9rKf??OY
z`37=h*a4hl3Bp=eYjA7VZ_9<f<9@3fQusB|8<64({Ul6T-myB-yg%|}jzM|VT29BF
z*D0q1hkNYdK%^tkna?(q3?LS?=_9<kDtbZ`ni7Z6F@Tf8<-Tr3pRx!P5pVCx@m^;>
z-a9OG1<pCylTYHY4*O?apmiE~c==gAz3&nOr>Di%=aU-*?uOCJJg214V+mGLNp-W5
zCwY%-venFNMk~z-f~iDn97cx`l_)sC##0guvnmW9EIHm|>t91vniF^~^s<q6kvKm*
zx(N--7Xvjp7%NPZZvtu)Fk(aB+91ZiUO;X7#<ootOe}ax;H+aKRqaYt{4_C6WS&Uu
zAbf!NnS}5q(MMbKJ+wVWSL`ZpNQQFfgPM9DZ1L|o?P2t*UI>)bwf0<27?utGxS0Im
z;`Dh(!|KcRuk2^fW0(N;r-<Mc!mh*)UfO@aV{h=-!(IjbVo!mJyZHw<b8DE}h|B{z
z+!=xDL(MK)XkJ^7%*xJ4(ON`15d2274XrR!3SeEC?geEFiqy7F*y=Ek)DpL!P-N?*
zwusZKd?Yi^=Q4Bem6aNK%zl)jmW1YZZ^qb|_Jqh@j*2aZykkCq%pw{&GtYana#*x?
z;vQpvPb}QQg1OM1NBNf&=qdI&HZznQ?VpicAhDOX*_)vTC=LxBg5uCh80wSRYlozk
zFDTu8$W`$fbG2;~R9Y(--#cc8O4pu4pYd${3k68pUbo_gQCCTS#%;j`;<m-4w|9KN
z{|lU}@UH*>#_|NtI^%TX!roqSq_d){kUduuK9X0l-2*F{Rd0XGgP%Q3(9aSvv`i3{
z*QrF68J&u7R4EgX#l~l4XXGUCfo;x;x~r7>_PtDuIIF%Ndyx(^J0$j6E3zOh8q6Ud
zD{QpxdYE?K!{Xa7@c%|+-VfGG?Vn0YGfZ{v?2r)z7Gs51*(KScGeg!jvJ!^RB7B2S
z@Wo{dPY)Rv%539VN!YWraR+w&&F0AQfpbE}8-(W2uxCmdi%MNpGZMg>N`cNouhO*Y
zMKSbWR@CT$v_AKf*$tpmcU#0&(NOBC8cbDm6iQ0tsy(i{{8CxPGdE?ww(@#FxX=v2
zRdHh}P=LBv7?yFMqnoWestafJ1o9zOHwl3bARzyf6dsjGFMW;lLQkNR9(;zD5)q}&
zzB^G9=t=lL3WSY;j@;!-_!$Yz2`{ibfipz~a!UVCk^|vxN5ub9O6&}Y2^7%it6^L+
zxz12(KM~JS-b0$=zcGnmVxpc^n*yDs{!v-_D80V=P6Rr~`Ax}mSjLq`qTspcf3~xt
z6VNjfKAcz4;F$v08QH?Ivp&^Ks9Zp2G=!n13}TkX(BqNgqYcd!HCHJb;^%u+L(<u9
zN)--t+_U_LN{zVm%;;eJCNXmIGC=84XO(>mt|O6c+%869W5uOSF9N~>f)o>WDLZYu
zofSJv(@W!F0p|^$VI2q!p(4drA0Nr8!yG#SH5DoWHA4+W&y>^`mG;-4Dj_v1Dqn!G
zue#OgM%q(ZHE?pLwR0B(MVJN1Myoymv<SE(H=yi$NPmH@q91V<3g#l6sLY}h$u)pG
z+!~J(6I+gnTaqLrL;s~iY(Jb{4@!@%4twvaS_UhsUJN7#fH1XUZ|r@9bPVWX4^(7t
z0D%GNVmojMyU^{>qtce-Vwc`ZwnF-rty23Ds6vdK%7wK)4cEJ*d@0##XNJb#AtE_A
zl5XA>DGM1N^0JNlB%x(#Jzwrk0Ml8aqKh+@yOVdWr%+USR{dJsnrspEEyebu8ROYy
zi#jWIL6OzGNGFV^X~kY-D$%Z?4#{=77;Nwl#)FmlZDoMt=o?V9)r!LVzz+EeK_*g+
z#HzqPSYvOHl)XUhwBL`1x%nHCTt}lk;uw<f6}O`Jn6(SQ9$;_I*adL25ZUw^5JHZy
zUqmD!>>cs}kW2P_82v22P*YrE+U_zmyDGZOEbtbEbUADf>xa=$>m-rAR>OCtMyb8U
zJ7%xg-Yku2LPyy>3~0U52-~F?8Z_l!c#t(kAlg44&;tFdl~z4#9V3t*%w|?S>;`zf
zRKR7qI?oeK_(#Hnnb!GG#GkR~Qs06*WZ`z7hAHT?7plS!<Mi}N_GZ|+_48{f5}P6k
zkup|2rO;V5<pS8hYiR!#6E(6Dl?(R(f%fkcg_d|uvd3Y`w#Q>{3!Xrq@-nb{<f_tk
zHhd_rsJzN;UFOF4CZi2u<5lqXkXt#`{)vl;=aBPRu60>+0QZ62#RJTbjUcHhRz6vD
z2Fb5Fynu#EL_7I?RC?KW@?*T9T%CP7^!J>SCNF!fUTTSXXvTohM>f-*0p!T_Pvl^L
zdMS^zClaxzdVtyC8}V^Gd=RzTO8``Vq-PN7-h*`;e-75D(e)33vp2Epp-gX<d-1P}
zk>$QJ=VC*w>Z?TJ=`Y#s;rM{_oQIdB<b}l|dpr!X!D6<i(uxkdS6_ibg7b~57PANI
zK}@*9`9?848vP?tt*#tnm_Jw_AAy=&?FQ7|I#us{gY*n<a#r1MEr+U}BtKe^Bcctf
z&c)CXBQiU?<wff3V<0BPZIFw*g46!z4a&MWGwTaqkHD-?zSu{Ua8=DES;B=^CG)K1
zF!xd*+FO`FH771lT+*79Cs^>>!v16lx}8M~fFYFdJ|QZU!3f@+fWkyQJhAEvl%_0+
z0eM}#@j4^3tHbWlocFy-%^9{J?++u!02X&mJ0r5IJLEBY<ie;N%6qnPtU+2-R3!_M
z#9@S&8ChZrvc$#65|;#eCa@<rCtXBdn@0jfR0N44c10c+Al}ghh+`5AJb|cEj_2t`
zZe^$TnS=QD$MAp(<%D}kPT0oQdr(eDpqwyOmlIy;PfoC+wep3SBePn(<a@%ADG?mf
zC4x=8C4yai<~cU$GQopr=K59v?sR<z3|o~cP&W{U`*`Wvo*WSSHscSI>oWNr{)PQ)
zDN0mA0_bWmvF5m>bOHZ2EwK}p1|+zdXD590;J|-~JhlD6X1rvQZ5==+_lnUvoyTWv
zgEx;tFr%+JV6NKsi7h83rAHdm781K%|3vOxYWdvjILU&iji~a=D4*1FR2tJGLEgYw
zGtj>6E@-kXBCy~N$QAn<v##yrO!ook!4^au+iBb#TeLd2_2F?Ccrwr#f&PS1Iq#=Z
zdN1w6UmninFKb-38dt@3;4g<~@|QS8k06sNh3*mpJzujYZw0^uOEOS74LdBUls*XE
z+B$%0jilloLHb6czHuLgdV$+XL{OtFvCDrrHqFRIfKA_31Sm?10Gm=Gz@`ilVAFX;
zfHW3yo@Uek36HfYgU8zRZ}V8a`%@*veu~iy+F+~lD%-qDhxXU2a7R6ahA~T$O#ES;
ziGL-ViT_gu6Q9Yyzmmbfzw%x9_g6Al?^n_s`Ty_a4F3I<4F3I<H2?mJ&c7#se~+g5
z_f6l(zh`~T;NLMlnDAYh<lXJf#J$%<j^qWl1NXj_W7Qd=>)LXL(9-*@a{S8RaGk9B
z9CEmqz(SABgPGWj+o`P%NXptC&ei@1??^)ntPj%yqy-b`ajucvN<%g?o7MmR`B`Vx
ziUi(DXYsT4Hmpi#X~QngRJD`14=nBK^b(ieN;0>^&mP9Bd9=I@84G*!vmIH>-xdXa
zb`|im`;ni`5MO77rlk4Vs_DFM$j<Iu^<Nnyd-}VM2Pj1BcToGvYj`jdB6;>Ok~@i&
z)d8mol*7fI2c|a4UI@F3_nPWmh8nSbH?}aQRaO$Q!<^DU#-Emp#Q7M|7|ju7!S(uf
z0aFee279(fv^BD=W@YzURIjW+m&Zl%O90bYbvg8_zM^ZK?<-b)CeY*X#d>P0%qTfa
z%ySS1NCujCRTvC&rn@-BbW65+V2FWnNSwPY#dMoN0!I$2A%^@9_99-CUXO^U<^VMJ
zb)d`Pe-^qBj{_?g5nE2Vw&30a%p7hk%Ae5;PU(QXrJ{?u*mJdRWnbhl-dtSJFc$cS
z@q+=)N=segPxD+A@6UHvEwI`>z$MQFHu?MRs(IG$17Q4vXb}}4T3#0)fPcnAvFpa!
z6R3(b_Gw9}!9y%b*ggZw4R==!n=BId8^z%s7KO9WI<dUaF}#-GJny5{(hP>T+>Id*
zlML@oZe<rSyq(DK-mDc~oI?!G>CPc3Uf0~0*Uc$0@LSN5Y(Dob+S<+_pJ2APX#<A<
zr@BXfb1U1m0k9zBbxHWf9{D<v$Xs86#1$)Z?cv(&KvBB?$#PjWsiIj7-D(q+TNlE=
z`KW1z2cTTz90i@qS8-iuZJ$}^Lt^&+S?{uiT^02}182;aL*)q>Ds`g(80dtZv}x52
z`~b8{gm2g&I<IYS7ISZ1SOw$|zSTK}aW3Tt23)kZPPX0+&BsQ;J{joT#sVYhsB@VK
z`-!Yipwr1V;DeXFyi;m9oRS4jdzrflV<8r{vdRyTJ=>fj4{z%aAG}?NgH+lVr^j<z
zW`Am$CN-Uslm@TRDFvGNA=n`pWDZb|XCzxhwlzqBPcWV@kc#(7C_W?$+u@}{686Ae
zB?=J{c0sq&Y}*cdzNpRtSV#biIrFP-O302D9&BjDX$d#Fp5;~lCQvpECZOPk*jdQ}
z7@!LzmI=W6weQo9Sf!RvQQTCvOD)H}s5Sk3P9_YJ_8LkfADTXYZl%RmTk*a=d&{85
zE9Y0uhso=L$!lKKi0Ptw>q21u4VkkmL%It)=^e9AbkwlQYw(D^y-^fuc()rxTL*B*
zxfrVmuqrlF;C+qqz8>=`AAmIX73yZT#6`3qKx;IZN}xig$Zci&hf@0<c={9w{$5mt
zDBQ~`V`Pbviejc*Z598Sn&!>PX?DGf^DHSJ!+PHjBJL5G-xFS?#Vf?6Knnl?Wb)6`
z^IPk+?Uw={8!!jk2yHdOXIa=UvyCSt;X|App$6FbXFSRgm#x`FGkhz+>vn+0T>y`p
z6JE!$w`l#1*e@yDWF@{l_^qJh@yf<@QoJx}%t?Y{X>JmZvU;^O6PADHuq-^yo{Nx=
z=rhXB7@DK#XAha^@`-_ni)|09G^41abcul@xjqa(-)lXqa~67mBZJN@bkzx^QX(un
zYW$jP1KFsvn{8+^qDfxH`RJU5oP)b{A!PseUIWo?|JK+Vs1dNn74=Y!_An8h{RXoC
z^$HDhVId{zy^eh=&$tv1_tn;Ch^Py*3qXLZV@zwi5?04$#?+Wc8q;Gg!7+dL@gC0o
zzaH;XxhOF;Amwb)j5_9&0Xoc>UsZ;SeIY+Xg)#<OPI%4}LjekK1JELd=Rq(m5-o6}
zceX_Ze;(|WajOn4UN@Ab>K8)wFu)lLs{p@eCSXetd^hRq9}3J44O8&IujQ0HX1}u{
zS_%jWFcF~$bYEzefnk@G?PAMuSJfn_v!VtneH<#C$t%4GZJGSlSv5H;68Vqj<M`v_
zHwo~T$AZ7g;oy^l`~9O?^-T$2I{d&}-qgdkHm^NGd`TBbcn{`qt^olfIvQ7uj)^%b
z{bk@6C_PaRpV+!9@eA_3<9uHPIvu`4v7tFQsjyOXbi&ANN<C}>K8Ncql+F6=UsC%K
zfLZmN(D+%dL_KW9k^>f#CXZ-cao7V07tf~yp*F0By#}1u82|<Gp6*711yV{UpTF|H
z^M_N0Q#d3>_7M8K?M=-a$ky?)w+1BlQs|2j`%(rS>C+sqjW-Gt;N%lvmP5DEtg=dE
z#NQo2ODAK0KE~@Tf;ww~$i9!!T3a+}OiUirL0^j$9DVN=VFRs|)w>pA%dUzrNWRly
zSTh!Ss&b(h(3d_PkpeY6{wFgA19WLNv<<Yf4Ea{}S|bS4&^EtL13sZ6i6-CQB*0sq
z-zSerh+~e6g<Y8JzvR4#;-8g?BtzntXQ9UO3v{$-MYQ;=CsJjKUjzb|P-n2i80IgI
z2qss;1N`Wmg>>(q8Tqh({no%2OVB8xL{bv!Ortv2MAyM{wO|9+33W5+^nq7N&+WjY
z#AZ4#W7Vq!u3diJM~MWt%K;u#^8$(2@Pmug8;)yV?HX#3gwLhGdoFS9S+0&Z8_#_K
zjjtScrR-wW1!ACM=&C_tXwcbzlJ=r0o&!=)mB;9+^W>4?WHIuEqqm~&sH~i_H)|gU
z^9{Z3v!FBT%#L7q^&rTiU0s#W)6j_g!2Q<obc2t2<S~!ZY7c9d{Mc-8DN#J?c@~$G
z(v7N)#j<0OwrZ%9*hW@=N1>@Rzsfhnf2U5zsu>^it_}HQ98>H8G4zLMKvCiq?(N5b
zBFpF{wi8tu@3q9Q@P_<cZ5^#8&Y-CT3L+)4vdki4R2s6dDyPKaOx442&>jd)y$le=
zz*NsxR1&nhpa9ymxG+p~d<=ZJnm*Xm+JmLs)WyXjkQE01)QTRi{WqHQ_bT%Z6xJbA
zLvW2k-?bO;<HM+<W<oWv8zwg-bX~t<?R!t__AiTc`xj9yTZm{WDzg?kt4cFpgNfC7
zb%v|r@N-T3Cz)RYiF=kWQaZ(@r?Zc3N;m7rHW4wRjTM*H^JAM>F&)V$b+(=S*k%?i
zSr;tXvW0jc6DGMAFI}=bGpQCm)+{|uCpaeuD(#pBl7%){(It_J20cF>M=f7iWvcDt
zF92rweM$M3q@dum`XRT1AvXo2FM<6D`w5UqMK&F1f#6@z7BTzp7K0~z_b3z>_8#Qu
zd>~5-_W^nP-?YwDJ4j+YzTnE~JSJ_AuS{3v>C(P_74@Yse(fWc_&ECsG)(xD$9^LA
zN8<lZz|#w~Dd5vnl=cPcQ!Rvwy|z=yAXL4Ts9cM`QGaR;w#pqloi`qAhUQfHt6X!6
zdV#k0W+V(05Enf&IWQcouA3%fEM7+k#?XDFR}9^*R1DomEUv0)PzXazvdTtkB?&*d
zKlpLoDh&I{;Wt_jrP!st@z)Ia4fJy0Ec#~P^or-04Ihf<c=unw6MT{pFH8R#)dPJd
zLGz7@e<RaYK!4lL75@N{{NrM1F!fEA#He^CBFIpD;)vEK1SUo1EY_9tQt?rbXixqn
zt(X@dC{akx`0f9X@p`BI<=@g*Gyf%e-gvz{@|J8hh1Q`7W#|bE*9`Pas*iN$g^Wtb
z=n|h7mxg}?lZJ9?q!VMFO~b=F6B=Cs4Dw6^upK<{QE+3xJx`fuEfwkm;Wbb=q7~pC
z8|W~ux*j&88E=kFJKz&T6aG@bwb{+uLcBu=Y!iX@O?WnyI;$X^`gkh!^^CkrQmF?s
zQg2SBipkV${k*^zt0m<F7pjy(k9ptKn_zd4%wn+FM|UsrA*|XZSWQ!ex99*Supe($
zueLfX&Iw4ARF@HVx(edd8dpBTswDyGlMm<<3pS#pg4*6>CqYJn^)y{5ufaZNA+Ita
zH67k{r)2Aql=r;0ui5%n=(Y#7N;^fR$jT~zYfNc+p3x@15={l%jaA_#QWy`^;5QNW
za%VyjNgeI1JmI@Bi$FjTM=R`;p%ukx{5eB7K(R^5GJge-h;c|Fpb9dK+-}hO&2Nc>
z*_qM5QMnZRy#xBavRLGizf)A=jP}%@qZz@0B{ac27r&EAoy^qY6lsN@Bjmr4`@fdf
zzL&y(F-ae${W)9zG^;ene=$WLj%#MjF5E})UM(^S%YjF&CWD_zXwlT>6ij}jJsiIQ
z2iq4^!+U{BSKW5i<?9gAZPv|5MVH_)nHgV~xk8@1T_Nw|$<>rH4K5W!dD{jV4BYOW
zm=O%jOuPyizhk`U@<3#bxG0jbdf0}a(<$vB%j?-Is6;oHE!FUV$E#kU8)}99%i^Qp
zyD9a(r`Pv#S)F2~5Kt0eXlw{cQWN$LOy-}{D}Ql(Cw$+W`u;%nci$#iIVTD5;tjoO
zB@antoPsv9$kWKSvn$7vaUl}NnW<gm!Iz^6Z!YCTV?{eT<msXP7S+d7&8^AF?#|C+
zQ_v}ka>{FK*G&_%%oTw%CR~zmm>i$PwY3@aw4LMAsXsyc7=4^f+4X78s)mrNHg1%u
z6<!P#$KHUFlCS{L>RujlZ3hX-kM;tAtaO|Q3S&~d$kIP$L17?=Lj1?yKE9b5{CcnP
z(SE_c<M@&VaAXJmsE@3d4<CC25~J8J&*E_#QXF~&nuTk6DN(TVuIX8_I^Nnl-gox;
zrvBdj$L#(8JnOqyU*DyF<m;O#Gw&3wa-zDi_O46^Iou!U+Aj=r4)`TrEi1>~;sQ{@
z-ll!_hiKxh3aS{D6cQ~WFeo{Az)o&9pH7uGW|cQ4%l`?>8-(og#(v7@XO+)SmcNJE
z?^Qm(pYo=x@}^{YE481KUEb7B`2ktw2c*XTdu+c~`2l^)BZ$<w#j-jVIIi0)Vp8WD
z_tH{y889j28VwtV6j5p-U3v1N{h^-|gYg0}7|l%D?+r~CB4_hL!+sqac8j>ESzOx8
zxr`Pu5}$^*$C0iaVLyIB2V#Lkhinlq;8)90k39fiK%l?D&+OYb6_)_3(*lf1OWey|
zYnq{q|II6?i}k+5Jf8sPCl}WHF3rHV8A{Q5DG`>~tNV(fnPUG*Z?M51^Wxt8DB|Om
zTW<gL@2=hKHt740((F|L>67KlRQGSX#mM1eu`q(VXc4WDUkDB?Q|A4qTMA82z&H%s
zUz{x3nj|t{_rEWNoQbl)qwBj3c!(i|Zcdab@-MrgQU7mcbguwi7#6=<E&3&f)K!}G
zG@qBtXBgHo6)#{Xh-<AN!i{x@j1y;~3a!%M;To=}&RXIPl?zzD1bc3)@l?&S1Ud_q
z)2rSi-*<CO+_?j~MI$E@XlQ9>X5`+`iVWExa$P|YotL16XgOwf;>3z5u)<R`(FACL
zD4?UodCosXX3l5kIZ*wr#aNS>+2&!e^%<qK;h~CqF~2Ij3MqQ1D2yz8DTWrNK&{x}
zW$>pQsC}D%09_**?QIy_w@wsJyIFOKix{ze3Ag&6Mo;iFR)yv;lI;Vwo;ydFMeNvI
z6c=wn{kzIf=}=?71q23Y@vmvt>x6^`J?IT&<y15`5rH^QNzs@OeuFFw@DM<R;w5-3
z7ejRB)X-CTf(6mME{4JsR3a(e@jIbPukCZ9g(uTiE7ICTHh&Y%px4KA`Uj0=$Ft8U
zo#gM2r8bUI?3?h2g<Hp}=(D&)@0k5F=$mgU4!9pFaX88;eT4{5)wRgjB&#E^g}(#X
zij!a)onpP7dnp5K19iwO`ew-Vk`J@t!}-6Lz7u?s?1lLy4j<GZv;C7VsRe+H2!E6m
zrzS@#t4l02mUge;@8{U5b!BPVf_C{kc<ki2aBgHWVDa*qF*Hff+TZ&3=RrN;Y23V)
zpH%T`R@}nRRM0^O>VvArwH|w0GM-BW*8dLFvIz|<3=Mn6)>u?3g>DsajY8-4%eFIB
zWh4ogD)myJr*Qd>n1$3-_z=awYG8Z^h^lCAa|tGp4SJ)-cVc=|)v2Nhp_Y;nB*ANz
zLN9T~=P|&Kk4P-uNn)`#^cdjB*%W>p(fq$gp66Z*0tF?5ohTOH3#C9T=I}YH!^f*U
zmJ*EJnfQ?{9}|9zhFT@%PI8-)#O;ha2t(?Uxp6K}z6jmW=Q4>1qH45~$o3`;%L5GE
z%gJFOBByw{Vmx+~9Nj5tzf1cK)|ZR<9!oQFcX8CxeYxldlwQT3V&kTwK6QWm+gz+p
zcLS4V-%^E><4H4bqh3Vj?M@4iww!67mNxe-QD+vrL*=7`VI|^X;&zu(?}~Kfc^8EP
zhY#86W%X|J--}CN$2|x;E?w`aYb-!e_|E&4tej2mx@Te6T~E920oZjvqFr~d@7h@*
z<9aa=?#@~dZp8w7?*ZC-@uL_#;E#LZ=O|ii4sr#$rmYxEmtFCh9(&l{5Wg3%qytBK
zDDi2xx?p_={OcA&BYzD$#t#)4o+Gj1x$r)Vzju(cJV>MKg&pK=<U+SPZ+-V%STT_4
zreq=5lz-NZDw`4AK}nUYA8U}yUR+e<cm@w<U9jl|wv{Bqr1$Y3haklr3l|uxEX>2T
z^Z=~j2TVYZZ$y6*vT8;@8}S)l#OlOWhmL*Ao=5tG*as{=y3&+68sc6p$TnbT1-#<5
zxRg)4jz&qTVS&Hk$pT)|{~jJZl?i_#9ZdZK$#U?7Z-f{)C-}#TO3Z#Bes3oH?I-L9
zU=m~Fg`_`pO$;3B0S?=K0N-7z{9HGxB8Z{!vt5c0ULq#}2D5rRs{6T)xxjGD3XPoM
zQWiYdL35~Vr|Y~ZS{VC=yHt0m8&#%YdZt4rc!5l=z@x8qgAC_Mh|H})^A%?cS@7?K
ztXlkvtosH$W)D0X>_)xf82pP+UbGCC65CM5^rO=ue}Smfz}O@_lL{P${?{e@Kktoh
zylR(2MYnhq`HgM~=2;Bgiv53s`ae4~(gj_6L+}4?43OZDz9RSn8G|1=8;3}}k1Zhw
z9(=#{f)FpjEFg<zMoclW06B0#@roE0pd1MgkkcS1r+y-*m&rgQ#Ej*Op5JhmX})RV
zVJ*8VqNSdy8=<^~Hr-D2LBQ)IM{~(K9|O#+k!@XoN0MzfTmLHLlhO8g8>_rp;Div7
zOH%e|7yJ@ssU9&Goz(d)F(zc)Pgk7HV^3X3*3OM=Ls1T;aBK?p2>h)Wk4G<Yv8~a|
z=q{~8V3kKGcJyZ~xQ`T$Veu@qa1U~!N)mg$<bVQ(ZsVeEZ^<)z^dyJs!zT}YI`*Ub
zSLFgB1z#qrOD&>+@C_wlAt@i=ZlToS9#bOYX&La9tnw*C8WOnI6h4Q%2yDK%*Q|#8
zvAy)=s0`Z@o%udSOc46yOYJpm-Ob&Z@?-D)1}oP#K8rBE*OD>88PyPZj>ZObqnP{w
zHb!T@$;~ahz2!6M(r@uMwm0oNw3kU>*t2N@!vT9go>-(PO;jM#5Ka@Ab-x9nK0cF>
zkMjpGIrd&W!o_`g1dhooEQH0#Cd@R62~(18rmjmf<ng~(xJnxOSJQMyQCA}vcCzQ9
zAS?N1<MN-uZ{<_)A>$(nr~nxvfvg6kKooi^nz`b%lt5cWtU(H#6?_0AeD~L5edAnP
zk{A4G`UCvnC0q$Kt$SSuwfH}WPpgd}^VMeRPS&yK!cJ4i6v2NbX)a#a%N`LgnX^<F
zeJA2&-=b-GVf=-~8RgHXa*18Z_V+82uRcln8a+CxuUadJX`g9!tL12YG0hWf=AIML
zha#&&>#^CP@g=gb(^ZiGG3sDKvYiph!!!Jt+4_6QlFuo;BCsHut-oSs!4pU<LW?c5
z{S+18N`Ktq6>fu-zmfAtYk<-m7m+-DDA_*5)i{Z*{~{kgp_4fDS#T^r<sf06)uKK4
zbKvKZUP!sCU^%a{#2WHxTl0Cn>f&s=!q3eed;OP@-<lL%LEaZTtrHh`A|E#Hs>wu8
z5YbD$ur*HR-F>hhSBe^2zlBImJ9!@h`9)T0wI?<W1wy(Pidekr0~R_dsMje{u@^{@
z6nZVm7m7+;w4L>mhfucu4WyC8^1_gh<Kcbs*zobEfj`Ry1{IjpSPLHBpYYh5<2m*d
zQlJjF#;<UDf#$BZA`qrZ32Y_ETe*`)KS~PSS)Aerc{CIk(SXxfDGl30HE_YgQ7<a*
zi>z!f`tQ0!Qg#7**hj*FidPO#4j=pZvyG@_aHl1HdEcvbWIpj#R1VTX0&l(3i!=t{
zJO@w1oe}`r8~Sq+FTBd<ATH7^*-65Sl@k#sfO%$>sIZih8}EDy8EAmG@}Py>VA70|
zqFZbrSxKEluPW)pe;IW2>c<BmNSS&MZ!>W`(C0BYsRxxTeAW_lN)c>A9m)1wGV;JV
zR1&dY(c6cyyL#}P`E#ymXZu*MG@})rde5dVE$)B6K(CP`pRD;A^7B6;|A_kZWmLrJ
zcRY`ePA`LGT*P9+DvHwNBsimZC^>eZ&O|9&XGSR7cKF7L!jAJ`_{yIooogJ|{{9*Y
zu!z+-V+UBJK&->(l5jW7*~avo@te(qB*O9OI_JARCBpq9gj4k+3l1ng1M<PdNXi$n
zU!QMAsJBT79w*<Vya)buvB&BB1RDG(%U3Bu29k9sPyZJ9j>awl=6n-;GXZ<*Ne);q
zG2k2>u$LC!HIUp799vh8(w9jw#Xo!%A-T$eW4Jzs%l^Cr=lIx0YVqWS6#*YWLZMo%
zc;4Rs)ydxTT^fvkvfoRCd%ykCpse5f5Rx}PQUCq>g1@TzeL?IEN{K^{b@GrUeRn4t
zPtM=AzViFsSeNpX^T_Yrz2)~K+Bod6a4!*Pnm}^SOj-cvJINW7_A>LzU-XllY-t%O
zEY0C#hNR<F{Y*hpJtls^kzFKl2&lOIMC`^cq!#F^C_W$En)abd`hCdc#ZPD7e|(~!
z|2=`@KM($%OXF{`PA#u}0*C*g#RGyS^?(RN>`k<Y2u<Dn7TRh~cmw}n@PU{;tX=p<
zA=f98)v|>^?nGOMsFW?Nm^9(>>0)RZ?8Xnz7act-M#dTp+4`)BosiDfVTcu0oge5x
zMam8b3!+X$U4AJRjPGZ`V+ITx*5>~Q>ifu{xe4<A(Uk*S!{gJXz~OFSI;2Dmdcw4I
zN`Z(m>3_50r{_xjE8tI0sed{ANtF5@a#c7={SQcq?U+#tbO~$r%1TtUwUcV<Nche1
z4Tj%b|IHOQmimF?s>8n}{I8^(_S@r=#Lx_(F5fOH%jYkS7)-$LBxWtF?Fm=q!-_c_
zXHfUKcp?1u#B-%YgVzyZ!P7wYS@kjumrWXl%X*w_Yg>v_W0mOoHjAIl)@Kp}U019u
zu!mzY6Yg0JxH)%8A(u^3TnpjfeAsrXipVNqAX`5_2Onmy+GS73?BzXD%aNo)dzZ{S
zji^>$*ug4qK;odZh$;Ud($<vT`a4{2Jv07AXVN}FRCdZjj~LjEM*AW;$sql8(N-tg
zPNRJS<dE3LHnOq*R20tWZaMneCrGL^Ukp72Ncs@kCwLwIBKrh!L?;LjurQZbNvdl;
zaJ?wbOA2I$D%zW*Txnrdc>=$Y{yLzwf{~+8=X!%5ci(lny4l8IftxC<dlw*_X`^62
z;8p%5vDZG5xXwR6j*8Ra6KedopvFH*&olCLl?A#!l2U5^;y-(<`5(-*FFOeEItuVQ
ziATKxpx7P*S$%z;h8Lh-j}$maoFdzJj>Lt}MWM^fHhwJ$yVLsqZsjO9eU#Lj0ALRT
zEPguQS+%^6y8oBU*JBod%tBWE{mh(_`q2Ek8E7Z5AER7=lwRpalF;5P3XLuWT}@K>
z6@VdKda?~7se9L;=lkF%kTv#p9vaOaA%@*SoNH6sqe375DUDhF72L`muIq=BCWq$3
zI{qQ_Yjw)PV`plnmk~Ok_|?8!%6%wvrh)Fb6g)e}nO={kd9n3EAKMdI*)6u5L=PC1
zQ;5ggBfgt9KS|CHpzg5@d$}*k{Dk*z8T9TUG(X{{cDq+KeLGMIqAv;A5S48Sw*EL-
zmIBm3dgNyXNkiq-P&R}O+-BemtIW^ikPRHp^;uKr^<HQkujIVSO$%Kl4AzN`(|*{C
z&H%ycW*c@Hv*;_Vtc9?$1OO$P0Q_68VxR`?1s=oGmofWYQ3IFiao&T-AIFZ+7$STO
z`odc|6gAahTZm|_uwTT`3LQtZomGxErbl!sj>!ET#*@hXzaGzPxtsyW7?1Cg)cuOk
zjEA~t@39~4Jq+<&*Z~oX(N+TI87+Bn-qD2+bRPF3s^37fA8hsy;~wUeE`8Bdu7lUM
z8Zwb+L=y>WfmaDdsMdvOpbxb!tjZTdWq@y8f^QD_Zx@<pLvE2!nd~F#ApcJn%Awl`
zW@I0MwKa<^$DLKzLxmMJ*)<MN+DBy61RGHPqxlFQZXeN;$AZu0aPWSceZ)_6`v{^z
zWFIjz%RYkAb^8cgANvT@3F5RTK0xG0MnGkflhMWv=0N07_PjkHNk2XXfT2yo&5508
zFX;eAk<25G(8}pT1Bqr2FH80VZ7@P^vCzul<(iLCRrzXN*3Yzg(L@4f>Tr6dcE`P2
zlN|uU0W=KVW_HaEO{tbc;~&R;sdrnvBE3auVKu=YwW`q!8(~+8FzRI=(MT2$IKE*w
zOG?zsUfUzXZrl?0jyW!)vljgN430k4rfwf0G5054zy&e{sV$X4GX>-WTvemJXdb~4
z0Xs4u(to(H$}9%zdi<fcQgA&2#5HXm(Te5~+<b-)sDoS45SDzOThaJe$YT!5XdZC}
zlfTJ4LdwJuZXS`wjQ-3chU?}L$j5N=2!oW6`m>HWuYLgDvY5ZgKH?1eqPEnzt;H$R
z2$N>{D>scWWt&Ef(M==v{U&J|F(zdiF&9lE>O47DF6IUjS>_QRJ(*=5kqa4(WFBEc
z^N4~B^N6kU@_WaZ11ZgvVINU+8@G=zp?w5uZWNPY#2M1C*d%D(lln7{F!eQ$Xjz<Z
zi2pvrJi?@Hx|N$pm{R5u=I>x0vHhiQHjgm(XC7hd-#kLhHjlVGbRP4FL7{Imk9bfw
zk0?OvhF{&1Z;0L5uX#j)_V6uP<`I_+NSQ~Nw4S@TdBiWjKUmk-$&BX&OUBX8Do+vH
zP%GNLWR>J}8fBf+qOB8_Q6W-25>~`Or)l}cz~2oP9UW}_3%K`%j7&sN$WIzM<DqmZ
z?KWVCn*zsjeWR#7H><|zktTOlp}Wd}r^Sh|nAqh%MjK*R_o@f&&6)VZs;3Nr{6@38
z$~eSXHO0)TA02`<xXpsQ$~{DIRy}GKFfoS`b1*Rn6LT;zmlAU^F&7ha#n6-?Vjyay
z=**6G|8GU*O9WJHJQtk+Cxa8Dh1$)B67=61Q8+98vsHhQlv>I5zU<h?LZ}5Fzrx<^
zYX4GcLQB_RgYV7seMCCr|8l4Sm2{#SXz;+}{{avMIqGaN0&;u-LO<}efc{*@j}{$g
zSU?ldmI4Hf9%8b9huY<_AIOAH8LPf})C^WV{^A)`<42WMU45~XsFfX`_>aoMK^#*L
za@U31Q9aDZ#23W&PTa$X#)jY}U32?s+82!EH@{xAHHjGhF4^TLz2uU6d;#7Cu*!wx
z<FMUp`vk`L_?<8o<BGd6tQH0fK}QCGqq(f|XE@CEgC2VV_xG8sTAq@C-+4DCW>(FE
z$13?ojMOeWdi+N)FrTdl<An&_z(OGcth|#%X!O58u?+x1Vq&}K*t6<6crJivN!cyg
zKp3u*9J^Ol0MJ$pniU#0T6T1?bq`P!g-$aIoW<?7IX0R2_uYEss~!?<JM9gb_bJe`
zqJ#%}IXK~|l8X|qs(FJGl-fh7J(${qsXdf>j#AHI>N!k3N2%SE+Ks8*nA$A{BHf~6
zC*oH`F5HKg=d5xM-cP<DwF92%n8JbwAT3sT4i7*MddJks!Wo$T>j6d0Xg2>eGtX>g
zX2#6(82lZ{*pS;=*^tpd=HY!v5rd4yQXqQBzuW8hk_A7++6GX3nR2r@W;<$<j5#Uc
zbbLnZZ#odxD_YB#S-!k=IvXP6^APvttx{lHtJiVV|B2{mVwE#VP%QE-mXr^nrjb-r
zn`GNf9-RLrwSO!sJESe$`f8BJ>=4^Orut{9^RDflp~~aBXDTv0Df7m4OX$JWal-#8
z)SX^JEZBgZ{Rle?M8dW^_P^vp{?-Jmejp**x_rYRkz#GMqw}TPSK}pKyR+)r*bmT!
zQuVcXvF#fnhH#$)*$GuMquO<pt%GvjUyz8|x(OqSSLAu@;rMI`wR{d8vWInkj+u=G
z0E_}NGY`vW<^}m?He^@<8?pdWh8Xh!LiuJ4g(^A1{ubF0VU_QnMc7z;QzWH93LNg3
z1tbvgk8yfBM;%r$M;)0zM;Tc#M;Vqc1;Qq;BjP_MJ7BU;bis(9fC^+GDha^pgkyWM
z)NOTrQBpJ&)oB=UOLDZ!Y<dsHu<X*V{uS;{H+pUGLAcA@N1u?S!RHN`fqq+X>Xbx$
z5Z(7HS6lI%Z<#Bw#$@m>)qee>Tv*iG)RL$!e=r_`2t8h%(Oz<!(GJ6Bk%XCMQ2@eF
z=L$@*8vJj^-=OijRHGHX4-9k|eSdZ-GfnYNBz2m0?*=paK>N8XIuoPY7~%~nPw(0B
zZvzekQ}#fX*gx_yJ~TPj2TBYA>8h!)g@gwEcV(9L{yZytS0GkeE1r!Z0Ypok)3QWd
z+d-U5B@QFjN`hO4L-$-x+0A#<Vhu&_=I|O0&f+yJjyf&(-=C@jy^hCcW6pwPTd&Vb
zwe^sm&v$o>;($Q5!O03k85J%`cFH#~>eR#4P}Gq+=f#HjrC4rIvicvSt50^r4>H2Q
ztZo-3b6=6p{cy64=5!kZwK2jF--@LMCQF@`Ql;c%ssD=CW1a!YJUh~Pew+e_51EPI
zky>ps-^=NIzEnOLV`2FdS^iNn_zN%4A|(oR11%QG<v!pcF@byhMnJd-@RJRqG8=fQ
z>1I?)XSapf5O|DEFXp1eDb90g8*)&w4}IYIhB;aF*MzKHvT|Dc3FI3uROR;G#g#fz
zPg5tMrT7R@eZ+(hqo8UNuex1ZXB%wLUc1X^(7*bQXz$`%MwYuFORw{vEdG2xkXzu;
zN0ReByw58pJ#T~=jfKZqbb<ge4PQi2y&J^C2Q4y2OB=<HaIkD~{KB+<nc8CdjC#5i
zlMTL;>U0Z6leoUU5koLglq@_Ta<#dmsA%%8ftx3qNt<6*jv-fAM3KU@rv{?Gz+t_M
zKbcXy;v0&W4@7=!`X~|vK$;nJ-CA7`7?|RB>|u4bSzOeBA=6~X=~dTB>ixSq*wzkh
zIcm@cHQ$)?Reu^X#4w(k{R9CJl}<~!YBkK&#JC&i_W%k5$l>c~#W-Ki0ry)+W@YtV
zlI3sXdTs9lBTgTXJ%6iii#^X;B1Vqn0w#}L9!=2X<kBb9OU%>$8%m&}*S7hY41Cha
z_<8OTP%FP;aBqD!yoM%qnq)jpknYgR<z^~^dIplvhVG3>rPUO_dMk$m?0Xjue0;1y
z`=W^ZNG}v9wpxy?oRA$~vr0yHjbDnkI9hUCX5g1dKYM=&H<LR^tmb=on22F*6X<jE
z_j*-mKp=(g6fkCI;P1p!V~CzVJeCT9H!B$=^A|)w056ik=7v!Syy2-JnI=6nQi4|E
zK5fS!9$)SzBoXu3XpDcyDz8ZJn01-efJ{340`5l<q%0oHGJzK^uuY7{@DRYJ+V-bw
zUZK~FVWDB-hw;!rcw2g0ivl9Xb4YM5$x_#J>h>xWK*TJnYs`J|VVYKdJK{sa3s}{P
zVI9<4Ogb_QUq;B_Vng!rL!h=4)o%yTE*twf6w~+H^nOhe(>*zcRG_fXOo5EsKwt*Q
zF=O47cDC-1WIcl$F%E-KY(Csx59R?O%dLPUD+@kO{yR{>ghg4oj837-Nl_UpLrqIo
z(dlGQ)gdA1EM0T67@BbKk+BByFq0uKb%Mxry-VqERUA6xs^|#&uX9!$8|^eb0_*V%
ztK39B!_cANqgd|%tQQ0|sPXaIiq0FB502f-8(>c!GH^q(bbrS|e=BAe6)Whojyg1s
z1u;ejCZ_xTy3n`pp@$ls6|kv~&aUwzSS8AI6V(=r8?faofhoqB!ruOvY7%ouyBjrY
z(lDJX^zPl$Mhu4owdnx8M#u!{XkL||S4EwQKT6F_z_5WZ0&23IMqQSi#hi4DANPUB
zD7{6a-s0Pa%oblW^ldTL0QjtLDXcmIMD*f^aUG5~O<C#BuXv=$;Qy(!vTgN6bav>h
zS}_>Kay>4bJzT4_TEkN+{69#x;+yTPI65r@*pu)Uag4JfvBZB#-Sk1Q>d*MDfbTi_
z_tgUO!B@dt<oHKGw)_1TK(<`S=HG`Q?s!Yk@F2|MV$X){=v81Pt6T|Cg59<qIy)E|
zVO95HLPcT`doJv%Xcb&0Sgx~lP{v#o<k3LuV``2eD{vCVG}hM%%>4DvDxb9gS_9;c
zkk8Ma(ltv_-3~Q@-PQs*H0bNqV-3mkgM%PVjvVM#K6X}oe#lvIF6^J>s`zxY+jM)8
z=-A6Du@3YBB__g>QsY+YU=@@;UPrCDVKxhR(hbYU#*i$#lvaAXFy<y2J5SGr-FS2%
zNfp4a?81pJ&~=;lYnRcvFYmV1e}yYB&A@_NsC*~dEkp~D^vQInr0oTUKQ@X!9&uH`
z##rovz8E2Ed;*le(tmBmELc9+_mzaC=<&gapeZHLs6uG9pg8bmFJX%+4;%4%l?Bmu
zf(p|46PBJtEX2+v&ZQ~{Jq~LxQMhVsdJuS71mn0<;CBVUxYKarPU_HgB1r$0F(UP+
zp+7l#f0hYUpG(b$9=VhoQ(ZE}2Sm$sKIt?dNu3y)>RL4x=fOA$Fnd77!$klg4E*DP
z4d?r$G3Bl*8>|Y6up%fqcwCej4=OzmfUTbc;=7eFVg7B&;rhHl;ijd4g@;N|wf|CA
zMduR#$hxvYg6KHtD@pYpGKd0djg`Q3=lF+1zWe=V$d?QG{Cn-;7)G*!J`KX}fcQ0b
zK<iFG{6&xs@_odEgMl_!6>fL%jbr{9!2B8(9EX?>(-FH2H@y@+-dYd{H;U?DlB@4W
zaFc70d{$jp#oQqmqGB6chnN^LR)mbMjO<g-n|*A5*$1CD`&Wj3vZK$k{<FW=U-nJs
z&Hl^&vadZ)_T~5W%Idql-)!#Q*{<t1+xL2BE8-5phEulMr$aN}4Rl=3HmoCBJm|TV
z8N%dd1Bgnsn~~+M-CRt+hGO~^=of@F_%+jW1^$|O9w+@8@i&K3OgtTuYBwACa}NEQ
zc)AIGotRFf^h%(q{lt4O=R%RZ=yKp&OyqyBLyTy}z7g<jZx-9zam}i^vs7aTT1i^s
zOWgROz1@|W?z>r5OFfepoBURLbL>)~m%gsjiX~)6m;Xwa<161sUUecK2YgRjw9<rY
zP;Yauh#5u7>D&FTnfT2e+QA<gF=VsI&k9_s2dL)^kk`;EZh8qhC{<UOfT03TEv6lM
zw$Sj3;JaEx_rjm>uxuLNB4_gf)>C7b>jOMZ0~`ng>BNCtCaTa_KEBFIX?z|Z?P*tL
zCjS93gkDRgn<1yHtRSoU%SnP;<TTOIXBQoP7SL$oMjE{`z6q;P#&@F9^*;csT6+nM
zXsQGP-*3u|#OW`-Bzaz*nlA2lUL>s+;;@x}VKotL3Jacw_c@`fzt*Kz?azx5Y*7sD
z*M>JP8}CK^-4!U=a+w_uZC)e{oo&YL*_z>B89I<Jsm47r3<j?QVLxg_uJ$LQdZV~#
z1`bj#JVS#VYHya>+b}bNW?S66_-Q<sPNn<<Ed-Q&QL#%((H=2yqrtavcE}iw|F;}^
zq!fBn%A3sYS#UAg!%YUU9N6Iw5RW#@MFx5W%;Dq|%xbko&qXOXdBZI*T9mex=_T3+
z|A`Q+)vWV4Bu8F6n4*1Fo~}=1`!gyhDBPjD^hZT_Jdcmkxz`zOeC1GsoQqAuKXt74
zD%``!pCjq!J5Koqx+)$!WZ==Iyp!*@7W+zEbskiY^qZuphsV!$MLi=8g^)h#0x96O
zT8d-GX^v10Sxg`GJ8D@aUH(VT=81u`0v*FN!t`8?h%H89H;7w!-bAj*JTXz&E3&c}
z>hTs!D1Dt0BggWzjrWkC0aG6@f^KNB$8i6%C&b97d9FI+Xy}`7G<42AI@vq-XzHGO
z^r#DDpan22n~Y%SNbM(P_+K=$A+yaWvIfG%{DeUBe~u4`7<t+;uhD?|ja;Q$jC`Ia
z3+E)%zwQ%)4fbirvm*@JSeU%N{-q>bvtQzffFy~^PVKdILk-^CRVJ?j|I{mJ8Yu4c
z>;mLC7%^EiC434l$0-nS3UpIJ$RjBp=$Q8+eFBinpqcD<7C!oan}v%qX2G^7H4C{J
zz!wPkncZ@ahJMMTFVZ1@Er)#edCzx(|BvKvguf*l{#%{_`2X=29RB6n?c;K2h5ToS
z!7x8IvLiEG<>IH6sW*Q-(U6YktxP@hPUgF_YH9=%()1$_-&;lY_o<sGXZCp1yqw<k
zeKZkE1t2pL)4{N7UO~F<^}d|Mp}ys7Aiq+eOn8fzo1IbaRBpPQe%@ZL7ASd7@vOxe
zS+}LKHqNK$o{LT(fq?plzLVX*oOh`3r*EeVZ^-?I{x!eN`?vjVD)-lna&ynqzu)q#
z6&YErz57@D1@#ZIEqyx!-kHm%n2vs4rp=+}U1SopmlhH^#J#2Lw{&*nn}9n*h|Y~*
zd(dW&&&QJ-IkeCs1rmaPtcz9WyQ+*<Y3(^Wvb~1<lS<KT_$C21#V?_t+GrT94O%nQ
zpl4*kP9kk%<qenBy)_ZTkN6%Oi$OH}kBZ9oat};2Q2g^00T)9PZhc^^L65<VCvv}C
zup<Gfx9F*6I(^p^O4S23o3+18&)5A%{mz+>r|wJc-$>h5XhJC!l&zL`0eXhFo`9c3
zBcyw>o0-I$c`>`0OS7Aqo@&O?yP1ZcWHs|NH3O8Mb}+B<m|=RId#c3{YsIT39y|3t
zk&Xnl&;^4H@yp^l@iF*;s^342H)PQor||%*OE8l`&tTEE=*c%-z_&6<|LcOk{QgE(
zr@p>#BKo)S-H4|?Jz_L!`p4f$cm6(0LqZl>#Vt#(nG`o2|Kuff?`>~X_KQLzJ=RE$
zJ-{LIlP0_VH--NgAGddvmT#?6R4yF5kLKIdE55uK&C7!?_#d60vFg0Fn<pBqLM`Wa
zfSx?GnO4K{&FR&E5$jV6F6%xg>ov(Q5p%m+LTUJ{^iHamYrBw%UVdZddezm}6WVk<
z;|~K#m)bu=7bo^w-E;vx9H2(;+8$J$TeXvn_8A=<wrPW?RQx7LG%mNe)QhI8?(4f<
zk)ye;in>E?3?*_XUWy#=4Jg?*#b9*}W7Ao+`+5wR7df0Owj9CiJS%)<$fXuGW_Bb)
zOMu_L^?%=yx_L_u^oMfjvU%qwfLL_R*Y^R+{xb=QzT*cT^$0pzK8KEGgbuO&bKs37
zdsH_+Ku{n}UVD~cu$_+{1p4gVJvPqJ+aE8+1nr)HqR?{aLhPjhncEA{vs;L%?HaQD
zD(E#CbO!!R#qwU{#U^9VaVCkIzZ1&GAAkad%g3Mq7KscLH>W08s1=2M;&ls#cL2!Z
z^B|jX`335Ys(W~M<VbEs%^{@;=i@4LA2$s(C!1odddgs!jo}F~v7Kh)804gEta>m_
zMF(#4S*V_zlsn+(lRIKR?a7e8fkC&dS`NQOY{N@A^loGu{wG&wy3gd2h^|BerwchR
ze~eOY6PAW=y5=_@2#xj#r01~8T|7M}D?OK0zRA;b)9JB4LDDTt>+oHbukT*kgin#<
zLzXreDqb00*tE3a7ZWyIqRzX%!@aZyzqumXkfqJ|(Op=xv>Cs;0dK!>L-AG*FYkg1
zJiG=^VUvf~;f6}S@+{rYGsGc7GtaQ!!>jQu-JAXv=HK?h6MnOwjzk89ij=jHd+wWe
z)NOCbe6`m^Y6gXdJ+roke{6<Vcc|zY7ys-M!mdbo5c$(t8^#ngbVvodBduc$V`o$g
z-0E${rL6>llS6nP3R`&()Kw<;(u2tkE^XrwIJmTp#wP4^t8<GyOZTNmpbvjvYWR1X
z?U6`iaA>5mwibKg5gM^yuBG+VVBO%*`0BNF{7aL|zRv|?blVTIo$ipa+9T|n2?I_J
zi8Tl?r_o`6c`WG06P`%qLf6s=)uat^Ep4K{*QDlbVC3k9p<&fHXJ?Y*Bls7d5$d5A
z0GvFmITB_<qu!&~1ptELzr0sipYfIB4x%rTBm~(^Bg{SPR*M*-$v2^Z%YGUMl`#;{
z(#CXdea;*8IrrG>d(E4B>2{twmO{bpkj67duxjW*_w>+sg~M@aCynD&5}P}DH?ooG
zJo9bOgbHsr)okH*-YCu|<WVS3><_SnLq*l<MZy_3QF5Wa>15!jQ8iv42p9GNJ4br^
zcEsJHXY_gH-~ed2mbPNH_;7o83o0cn-JM*Rgn5O#m+tOcJXKmBN@G7mQ6iBTAmY-<
zecR(fd>I5U4HN$Mj~a|yVz$@UX6S>p0^KNH^&@ffT<6o*PX6)X7o|XlnQa(H7k(Wk
zw(ejqYJe3v#oU5f>b!yuB(;&cOGLKuv?$bxk?<9`ucH%UdmSa((ZAKT$u~NLfVWmU
z&ra`0P`Q(Bz{{F+(_W<xTawj_WVW#pTRSvIl?ybeXr@_I??$amiyRu+Hb-?Abj(tH
z*SBIDUZKVd`+219LK$eW5|srCQv=VD+Dm1O5;^jKEPN^1o9BkcU*Hw?ONknZ!aFoc
zY`YkV4wr>pb3#QEr9{LlG(mcU#2O@_!z<LoOGIMzGSr7d6n5j7Q)A+39kGq5WvxUA
zOj}o+d4B7I)z7>RAFmhH+f3A1tY?<`D8nKha;Rvy1gja%Od>Vo&{RjLks{$sz1Z^(
z$=-<BW#GM_ndBRAAMhsIsUx-0JE>;gPHsLjfDhW*J4f{uw9W#+)g$y8=Y))QZ)l`l
zhLxjv?JZE-0a<C5?fa!j9IB@Tukx`JIdQGm{xQ78Wp%;zVM+LMR%oO}7UBTMt7M@;
z7WSc%Q6w@<6aY~BBw-(BJmiIq75)OaK9xgLEMDOgDH6TPE1UsP^NAS-;Pwg!CAM)J
zppjSTLGm0p8pf0GRuF<S;<3a<0iiudT`&zGch594&S@lk34jI=Vj4N8>yU&-0M~Hw
ztqfS#!0_SE8T7wu|9X~s|FjZOh@pa&&?*ZpFow~{DPcyoaXTQ-G|QaaqG?`XyM#Uc
z)GNF%EBmBKEsX9ojjqlsY@3ton^ugOCwYahB;hNsa9oPiTqQ-e!2p}Y-21H^vhcN}
z9EVE8$a^r*lV0Jd6o@)y$D`I(7Q7NKUhGZcyD1idZQLc<G1A(#m=15Kt4J#box`<b
zh$s3Mkv1oX2Y>^h#IR%b)6o50Ui(f7GU;y^t|4+9ifo4p_8?a274v42Z{+U|-s<5k
znyHQw=rAsyh{&s6gg4J}VNDs}Q8#kxuttD)$J&!`N+YkOF}4EL1o686fpe$;$M8t7
z={Rt(7nQMUUqK>r#3UAOj~vaB3vp%|#VuFZ-~ZKu`j>0rZ724M_gkcX*VJ-;uSNUO
z*+fFz^7nTiY~1$TsCxk)M0+NSMWm*dcVaKSLAz89k)b;><q4EeMD$9&TN{FUZnoBc
ztFDxU(wCo>ltyM@@^u2xPZwMFIvq*Zi>ibUwany4MsWjjs0)j|=-vVlol6|dGS`WY
zIba%qIN+R7+ypcURHvI|yCz>Z+ak3eM$-$W$!p&y**oD&v8dis0wh6J?<ke8n?6Yl
zJ>nGY8WpaE@p<i^$_fYthrISC=$qHxD%tl+7-B36{}Rqsm0oO7wszoUS1Tk9SursF
z5cCNjmoJf_=ibn5r(A6{X8$GV62@LHUpLbPHDU}0yo-&Rp)x4hWnS(`#yf<3kO}f)
zSRud=btVj<UcBx$3-l~ikaR+!9W%;DiNfUrpd7B|j`$>aH!d$!3(DZNJ8nZEwU|{G
zL=KtJq=%yuAW~rs2tV#=36OnI&)*K@3mW^WNwjw$2<$yLW9>)bH`8?C>DX-Rh1v03
z^8Vv5`uS7&U;3Uu!S|bz-<|z`cO}1<_VfJ*AP%2Z^S(Yl(J&S7=lyfVMIfgS`V11(
z``4P(y#1+9GaMhU87Zn$_u{t+n4Z+q@fT{-@ffi-USL0<bsPmDl8bnBK=(Z4RKC_u
zUk=G9<G+QJ^^l?+hIgoOd;C>hGsvjjRl+rcCgvvZ3qVwgRb7>~hY^)MS?}fAEFp*F
zYGa*qm@vQZ`0yO|Ej-Ggkk^_@mDJWbO9VBqE;iBdir~Km<d+7amHmCt8$6**y(+Oo
zxk{bzGQ0<l=4_boU--~tS}`$r0)rQRqRkyk5oy1;!a#nNO{lNKkNoj~lE%FR%4o-K
zizecm;O%yN8~DR$0&1v>ztf*TFH(InOUl1QWxN#y$t?|kzk1$ZYo4B#3fl)0GKBib
zg6I?^)$wkPC;l(;CrfJzjLB}PdB3lph<Ev-lJ_fonkqak7}&Ze_~AuG{X|`^ozT7j
zkAVga|Ie`)f55fb0QpES^R2~bnHbg%y$FyFUGqaIBEdwC#q$a&norwcX#6#JK<5=s
zN`d!G(%N&AiVX%|iKISy4aOMtv-pSH{+slMeD$)r#*|?GR;}RD5r#PIdLPSIp#jW4
zAG!O6R{V#j;@pTg_yOs1_{#v?A4ew|W~oLEC)`c`#4tRZeV^!vvC3x%-<>ABsyP<F
zOpjlYuEw`j3^w{tkVg4oToD8Phjg!da%k#Dq02Bba|a%t9DQO4jC6IW_P@|ONvY#{
zr=mSBD)Y_o!A2TyP77cW`qtA{&PJta)V7^M9UKM&y45sC86S)1Bw(%FbxcR29~|Ro
zba~%n>>G|DSa)mHKft=q#3qu(%G9xtj2A#nx8m*4-gsR$emkqCZmG*SKP7y+rJPmg
z{h@9mc^A6dDxd=vJU&V<1ACjc4z<PcD0Q_(R+bg3d0UPW?%$BYsaJS{Ex8z;KdO)7
zsiS-p-wU4b+4L<(AB7J-X<yC*oNs`)#rSs7t%UP?@D4MTH^z!b;CV@3dc~Cbz#%XC
z9}kj$aCG>#U4*R)XY3*t>=wAP*xJJeRFSFNPXYIaNT_?1M;c4F7Rzdm2Yu)|4PN#3
zV(;W!|0;Ec#WlIi;(tI?%S>MN4#W~)xi@&gH(ONao2AKjnEf}S^C@_;_{A^TgN83%
z?7@MHnXi5^+Y_0ZNC2HHl^n}W{)a_%24UF%NzD-*trBxbB&Ez0{}0)**Y{DDKT&86
zTbe1W^G(>ARaROuzbkdH3(CqJ)F)Z_5`7aM$I8%qpQGMCB3|6fUYdXK72=44Bhi}K
zamF`<j3IslImrBjcJ|?-0y$6n?!)X4%Br*2tD0qX764?3|8BQhZgEe(+2a3!7uJjy
zcT;4IunG!rhUzh1wcPBTe3RL4hbId>S^QTZR0uSM1R6KM#<jMCpffPO#NGh#5Sgc5
z<b)wQV<b&$u)#N;uh#;lCU9gZn$!fg8^x%L+&I^{E}%W?BLBhoCE56Zhf9Zt;z#B`
zjl7K)pz?beXA$6<FDp({{25UxH^rZ%`-GXmcmO*yr&xqhj#F>5Oup6Pzntg-j1lKz
zB=+Vaa`TI0gT1}n0#6p-0DHI=V1@bxH2=vlCZ``i^sB#|Qp-|jj6`>J!80_qJwR4|
z{pmzQ{F;pWXkd(@PBRbXOV6bCqfX}qw<PnZtIgVPt*FE4|5Vq5Iz*-zlMTMN>?h)*
z`2MK9-wrjsr{~z3%<;UMcj>3eecRzyFDr&OHE(b#&E;}@u_g+e`9S<IVbG_vnN#R<
z-(T(jA9e2n-BgtY4Ckgv8=&Q;P#|D|B0*ao+8~7nC^R%}Z{UVjih!cxOdSN@LPBA9
zw4F4<ooj^gF^;d9QE|o@=YgUi>Oe!GEuc_95kYwf!i}*|aO?wU^X<LQO`5bgGwWOb
zzy9^J7R`O^dmj7j_c>>uMrGVdjVAaPl!X(AYBW&5$#1ZLPrp$MaP7c%L*N}0#IL9Q
za_<P9m1!DWg_ojn^$RaMk6D%kYG%V6QZwJqz(Z2?@*Mn0dJlfs>;q<+1YP5LPODMP
zf<&b-jhO{QuO@X}KVCw4afZZFn*yb2D4@Ba>v(mSHwkYIbn}$fagTvf8CN4GDW}J4
zLjGVvXpg6jTZ881TgmQ}w+!wJXmES>8W^>n3Lb_oJ#g=EjpdMKPvGIgx=^?BWA5Kd
zb@ykLaYCgZ7s{|Y&m(FI!{wN<9M%455Twh1sJMF(ZCPgc@q)LX-vp)PTdD)SG%@?%
zWB0q-rQHtc6AGlW9Bm1LH{PWO2R4`|1w5xYxPtzv$u#yrtJ;NOen&5-!4c;)f?Rv2
zw|fw!4EmUa%E?fP(YBStb;Wp0k+Q#qW9z4PYa+QX?q&y5P>Oa&01}=v0e5V5L|yf|
z&1~igjkZujkmoIk5p>f|rD2HrU@M(efd`anr0+a?wb%mt=a_ahhZf)A>=7C|&=gEB
zmMnNyf$in)p*B#evxB)5yL%KsgMskJ(&x&o0+s?U9m|>kY=aeX!9OZ54*?NsVN1~L
zG5np|IUymngytA?-v>mvcv|P48=-IqP>KO8m6dlRVUG~;hqs?n-e^`)^;bfb*^I{@
zF?1nrOkqr=b*8qD#*{m`3zopJXizbg37E<TadVcf{#KUdv%aMvi_S+clAeEv{H3f!
zqv3r{pc6@W?-aJo(gyv(QN5M+|6L8ak}Zva8{tNg2LnDt+Q*pn`7C1Hkpi)9MhUU5
zwIs~CQ{strw{6gBBJwWufbpm1ccjnNH9&wdqiYD@Z0LNT|2+<CJpa7kH_oYJG^e!U
zbd_9?CU};oX<R)kmZxa=syLkI@s0WZF0@ud!JgrKKA}2M9zM;d`xfs!O=<RFr`}5E
zy|+{Hf_Tw;pNVBywl(jv^Hq&-MT`*31t*2!LYnA3%~y@$2sD@X{sE2PJ(zZuf6mV#
z)HZS0Y51{=(kZegdGAV&ZOW)TuOYnRQhh0)Ou)kvaO@A@LU;dJz0Gqr&1t=b9kR>k
zpLX=v74c8wB!A^;T;&BuDwM8chU)o15=ZM7x;M5Ro6$=!2yucj(v&JJffj_v$|Fl>
zt6ob`TZLIzBR%saI<aiK^v$rnf^WJGWStohzzMwlAT$|N`$3_{PPLxCu3yr?)a4SV
z2iL?R=wpT;Tewy3dmWW$5i^cTq;crb1{f?+0-)2|Q6xqH6^FdWK-2#}AQ8<a;#4&1
zzPe`R*=cnlhrBEe$zuf=AD&N9lyxH#v<GFq>8r5Tdkhp=|F2My=_1co=3B4v>vvJ=
z+nn~}s0~BMqg>l0Wl>Wo1auX6qa9EG4k@OifZE@}ja@p`((qOfzRHYCrlnJ!Q)W+V
z8t;7;H)c}i8_@qymeM?cbSPfSdg*vrhkD`tN_>9=-cvJj@Jrk;)~zeKj1Y~Wt72Cm
zS*l@J_~)yA<MQ<kL0u*>DaWKQ%Tz?n`-q*G_s_+|yvE`%^A0u;^Im%jeY~vTOajhj
zz=IgDIRgA;0s$Xjz}p#cUk2P*M8GK#U;``pbq4$!2Ap^Y0e@5!hI$(_drGGPa0LTg
z!~lQJ0H28f{v!fd%mAk{z~}M^a6hYlLInO}*4E(+xDNw<fC0b8fO|%OhqJae%Mt5C
zr|cQP#L#P(lQbKcy<m*C7tkuiM5W2dUaEl@WuL$YJ={0M7#K;G=FOZk3}p}4D71yi
za$HGP?|*84T;=yBJz14q!vfNe7#N6n{a1yI8d)Da$^rskM@I>c9PJDpfV^E#D-%*F
zN9QQvgRtuzYro7eik3@))$d9Y$ZI<84qA?b_KB0T)*e+I!Zk<9A>=);W5G~b&x)1l
zK(r`-z$!?jl_A?vtI_@^r5XBOTV=*Y+nR-SRpw&2NXx~=w>D|_ztGpF?eA#+l<pRM
zlXXI69m3c?uEvAXGj>gv#cM{~>E!E|Q-XVVl)lZp##_BS8IQ;PWLZycw<A>Nw6?pq
z+hs5z9sct=!Izf-Z3Cq|;p;3-k!-)&Ao}`!yPDko2GRElH3Mkm!VIF3UAIHQp$~Uq
zvP9{UrP@|vo27guY009+PWH%?bvJuXX~{%#n}elb3iwY!JxNEt%F;CJ3|bctw!8@q
zop?cBnHFl0^(9}BQ~hXUOs261_k_Ldv0tc2&G>?O*$;(7PG1=ZYJ|#NNCmN>gU}I>
zA!|_U14nI%j4AI;?*MT!lLZovA<&%w6nq};KEb=yXape~f&@w!+`IUuw19l}-vrlQ
z$6ii#kEE^Z%n}AWc4yd*9pJhFT&qO%@KQs5T$XSgIU|8_#wM<21M<VRtLQECpz#g)
zT^VmBx?8VPmix?RZadO~(t`FGaE9ghcCum4tM}yZB@k;}N|g3`zA<@D#|zfIOPM`?
z`irnVZ)pzvY;ql2Zx(BhqjT90^r<^l$YEzR!G~XJ&^E`^AoTrl{C*hwzStqP`E>0O
z<D&kpbhmb1jYDd(OZBJ>TqErmz(7UdJ`cq7nuCbx<>F}h1@!vtT9QY<Vz1j{<RJP#
z@cMe|Nn0ol?ZR}*I7gct>k7$Q#7&=Bw|oxHX7A|!g?2mSL^GaA)1O6BIE<u#VV`2=
ztJZ2zJ+^%oR)sU{@|c#-P)B_mc~)YxHkNM#)%Xp*$U6HOsYZ%)y89^30D7Onmpk{b
zHY#lmU<pWQSBH$K_Qq_aBA*Et>H0gqJ7YxGv5{YY7ZSrC9O$>Bz5^qQR`4vRRR2<~
z;Q8j7tA`+urN!Gv1S!5QHx=cE=d{+*t0>KZr-PxYcFJXGq&0!tjH0y_7c{Ry%{dQW
zN^8;_bp_;VFSOMa7&(np-=LT|+q!~2&3+y4{i6nD>*ulV$ujBFP=ge3NV^;duQ{y?
zGezmU)hnb=l{eqT(Q}zoXgfTvUi$%_pfR<X$&kMm(zwpSaitjQdvUl`sv3s&MXwfY
zPACbbhQ%q3cSv*6ZM6k`aqmw6kHF(CxM#|LHVy2;&Wcy9MWJ)RCKs6G5|g!I&9I7<
zeKl;G5!Coi5iU-g;O^zX%mjQD?Xs0`!^0?Unp9v~r9xA3dvLf3nvX!|)4K8TqI4Tb
z{B(yjGo9Zuqpxk<%)S*Xjo2{0>OD$JbjiAt_x?r8q7)8!P8tjiE(Nn@^4@2(Y5-QA
zWgyG)7&Z+Pq#PvC@wgEoCoKVy@Bo26ZekBiymt;fP=hW#!$B8#$>J{FY<L^^9W!r&
z(fd&aX$i>2mPv&se*NF*zD<w^2r@qX0>hu*3e1vpfw$4HaDxNt!z}>I4Y(xRDb-_e
z`n%u<vfZ3$lL}0V9N;vU`8)L`w+`1_7WmQC4sMrIT9_FgF`!Qrmid^;8N1!UdtWB2
zf2kobnHESQ5}ooCcA%N^P-7^ByNH*P8d+lq(3VWOuONNtkot>~MewY^0q_!rZU=Nu
zB*S*n6nCE0W^zv<WXj77C{6Fh9^EO(zcdPy))?J4!j%cGOl}jPO$+~ftEf9zc?A*Y
z8ViImG@nS(HIYo7Z$&bBMmWO)Cm2TpC(Z*DZN2Q?FIc~HEv#5!)ZpN{?i1uE(r~B5
zq>1j?*q$P4i~LIit^fKL4KSGLIGrfU1x9gFq0v1Gu1s)cau0(x#lwGIZP%sB4vG}^
z2;io9tid7ohAvYr(B<MuP{j-k(F*b$3f5V%-{X*WkZ|0$BGDklxJPuQ78arH4YUhm
z|7FksW8=CESHSM6EG5T2w(>A0@NVtkz01j2d%_TSjQP2Zd4#cPR>GK(VJt%oW6ao-
zFm|w#BzQFg?#F=BD6EzAfjtcTIz#Wq%7{g2RLYW=MOmbDi)WF!=;CT{9ig%yjyAw%
z&;&)&BsW<qd!SB{)!C~sT+8Mj$i7FRqDfFuw7+*~8v+CljqAEUp_sOb0Ht}>U?89s
z$<nh1tTyi;Ei)rQOwuk)`DSpm-=2YHmPoFKr`}-qp5m+eaZK;zY}pTb=O!#)nRJHY
zk@9e);;tW@RUL0vI{MV^dF1+aI?(RIz<K7e#`vq>Y{TH5a;cSeyYp3P<ZYd1UNWAG
z2VQcg<NE_CHS_+k0<(kTb>n{2K*q>3k%E?YPz*Mw2fobewZGHn<EyeLje>H^UO-(Y
zQAbFz^du+l$fsD=u1~|->^*$fucsOa<xrdbRh<>HsqsjR&c^y=@Ar-l6d<Z1-Rv3e
zW;M~Qzbk#jNjodQVLhi1I{D#XYINO~l6A9<h-B4xBFs6{h%jG?5av@oh%kGV6BS>{
zCEy|k+(hnCQd|Uh2?IW{hJZh1z&A4BIP&|F21bBg4EP-e{6_}-V-^7)un};-2=EIG
zxN1$5$2GSn<Bwavy)J(k!u&B+6U`qtEQ#>PXjbR;yhv0z!XG!RiQx~n-r~A5t*S$X
zJD4+SW&KP0$WH%7#Bi6`gV|to7raf=l1(VEZWOkK9VxOmi;aTi7#OAKKe4&Vprx8k
z3l{EEP5mkRI;RC`{RY_KBjK6y7b_X{=l&Wg-~Gp6HM~vS$EF28oJiAx;qNxwQBq7N
zM^k<f<@cv)j*m@tf4P_1J3i8ZdiG#M*z@>cuiBh{?q$sx=xub3h?>XWi?eyqqTr`+
z_iMbHG?Dy-<Kd{oJ%I_jf!*WLY<`4=`$%AT;p3nl@DtiC$i2`!?H6U9B1Q965;5}p
zy<w(x0`uLu7n!dx^6U<r#`p-B*p4r<3iftRW4HicK%l=<lz*Ne>oj_OI572{wah*Z
zDGTC>qjgm1<vn4Jew)_M$EzGo_UWrQq2@Vt%{2o|(inP_E(`K_(c0|N3)Wh96I{77
z9P)TU8f$45tzbdqUlwsj%wF3?DB!9Puwm(3&t9>UB;k3Fq6EeVH-D3)x!!sKftCue
z{blhKb=DUkdu1KTr>Jw2D1*M#XRpKED>*61dQwNI!PdN6i;06ml)zMZ@nR^X=uWBO
zY1#x$q3N)h&!YL#-R#)tbUctd^M8&_vnam0@BgH7{FXX88ZceXO|>*){;?Z^(_;CX
zy~H!OMu3D=UhYA2VCU6feMtFhI|$6WU8tFI-{*q+b1S~(*iqILE}I_?MncD@uBDFO
zmD{c3IBTN(@d9!O#uHU7sr+qBU5MiO(NhP?IvBTrLf&!Kp-CiJZnls#tDQ>H?8MZt
zoGD_a!Il-;==_i%Vq~6<EF3|3Y={T4D(ip;ZtNo8l&i;)W`QXP9=E_EcO-Y=4wqZj
z+v=hw_;RM!ArX(Mi<;oOSiS`~V<f)F8eP|^-dryM7nIZh3H}Z}u{-0C3vxPYv4HPu
zqbB%TlpOS0tQYz9i`fL9$^~FxX9BsqQrIN3P1<h*!GWhi^a|dBj+wL{i5k5zdAUhh
z+k%Q#zsXC(acBzefH)Cqz-=T0@LU1p*QlidhDMx(=v-A0Rtvd0#tx>FNt)}-Cy4S?
zIuZMtrW415p*z7L(fED&7_(0%5o`k)Bz1t`eCe9ab5<)#txY2T&TvHVsol{CKCv6|
z^U3ZQ1iudm-h(f)_U(>B@QZ-p%YH!c3y4HCt)PHcsQ`I*41&MnR0J;~1Uo$Eueq#F
zc|s)Lw0w(0MI*+&bDBdTr?tZ=U2ubAqrbO`F#2>(1fyrW#fK5WNf87`ERZ*Xp-=>~
z=d=v7+rLiIbc<gi<+=)K>+?>*b2(8u;yGvXd=oENk1QQP&%U8ROR~F%P=}!&4X(t$
zDo6(`&B}KpQ9qsReBsMlpG_=ub_}u5naRXLmnMf<=v~G_OP65)L?hG{lG6^dEt$r(
z&?rcAK^#q}QRhcn!I3kC(!%p6o$#kAM1}BWCb;cGpC@#Q&+=OmV$M@QPq7arR>PHn
z!lVMDx+<Ur!@TeeoR0#NE6zeo1QMcLu9zhPQTlIAI3?e<mCx?{g{2xaFORcb{VLH&
zfx*FETlOf=9Op2A;JqCvLV5lGr}4CESLFyFtm~`MT%oq>=hlqJHCwZ5*qW_6{Vcf3
zeMO`B010YsT+SiG8+yJ<3nc`4a<slHO@&o%+fIv3q|cQXzW{k}-i{^e%$O!bpzV*+
zcS_MN6q^P#Q=~*QE+2D9=eFya1*`bgx5e-_>9d`*Bl1)Dk@_9Ln>wAD8U<fzdgN#<
z&6QU;_|4^?t+gCNVfKfey!}YkA<z^KK7YS_yFu#rTl`S&0p(Ri6@i~(uX6ck)K7nh
zpJK`QxatsmUn>g+DQOOUkEpT3RWugdNr+l9f_fa|)I|vQ-cwWTnX18n9nj&)iA0BY
zk0Lr$$URQtCWYy+TtjpiT*|f+_kEZ4t9IR=w~32+((V0!yC*yL1z^8A51yky81#th
zRjmgj(!e!Q{3z>x<7Ywq<mkx$D)k`=KY8#k{NpJO55Bc$9_bwYEI*2=*?!f=o8c!L
zZ%HD^kEw92Jf2CxVE2?A3!pj5wyP#G$SZ3?SY+iH4YAWn1&=BC4~?zOOVQNj(R4OT
z3s;+G)bPo;(uJi*sLLbsr#7#zW?@}kGE!+?He+2+Zlu(oEFYlesZU@Gb2LnFd5>^x
z!3Xr_iE8W(85)D{sU|$|-hX4zrX6)SjAh{_9LowO-*5uDJezGi|7Dv=qXeKVSwE_p
zjAJ2!;X&-d1Q5FkSgNEVc5vGcMC{caDq=71=tS(f9cVG%S{I^*9mTsZz{CiCgst%Z
zvp%$e#((V*GQM2E2){!V%&$>WsHy5*lsqX`?ur1*75Mtj8s$7qUaEJo@{Rm}Cf>gu
z5h}lc$mF-IMNE1Rxso#uhWwtkoK*%h$5$a_jo_)v4Ls19ufMJ^7k@hU!{ht&T;x3(
zH{c;DyFTZLT%cih%QSjm!Fd`q5{+MY>|`2Y1d3}4X>dh2Dm4Q|#ANnr55DT5e$YAk
zVFyRKdX4l}@TIVQMe;R`t#2V|=D8AbWmCRxOx6Fe@?soYSz)B?f*@nibhI27eeh_<
zUJ`E2A4<qff#401*InM^TdMOddq5ss9oUbdUwJJ#PGdPf%0%8*8c7%B>zKN_R)QF#
z<B+znLfjt(cXnG(7EWJl+4HYT115=ykA4p|C;Eypv-vyy-Is%7F}$l+;>l=l!A#f3
zlmL*9ueg`zO0TkncR2oy&zF4UX?@1soAyHAQ?rSqA7GyOOaR_LF)Z@#(1c^uKR&8u
z@~QX(m4FhUxkCi0gF5qJWtg-8HejO8EC;Eo_>6I2>S*%4)oU)<T8=^`%~q-;WDQsH
z0Q>4$szFnH-6DS*Rpi8OMZUp`{9D%|bD_v$W#VBDNPH90kGzhkeghIwZgVZ??wxTE
z$vvUA0$+3UYBmIp|6X^Ucz|PjD4d%a9J)ksckl)&%PdGO(h<e{4JvJDqrex{3)~*`
z@feVRr#nk=oqNS&#y6Z_@uw>o%PJ_{%Tk?qt3|%3RT&4(bY#?uT&vUCBKSlN7pblQ
zt5dhRtND*V3KvcXM7M@q(?In*4qgEHmF)0za1PHApqD20k#h7^DjRA8i`>Z<btp%+
zAQ^utWcZ;%hxGtdaumgD_x;)>;Tn>W`ws@8hQ7)R@Ody<_#oU0kY_HaL&&JHRD(1I
zl-10y>C6Xoo%T+Nv^S}<y*~tRRz`Pg>&WZ1b=&6Wj@+d5x+NK7BP{{82WYC`zcL8-
z{w=Q8?0spHkg?B~_^O6!5WyeH5x6>Nop0Q$n)HV*@QzC?ZRN3j(ObO34eV1A)!#qA
zPyLMyX|Rt{^$P26GwbgU^VuG}9>TVgyI%g|tsmGmwDbB4!GE#W;yP?jMy>yxHt_Ji
z*!X8yz6tVBT9?&Z`mwo&a}QT;!#alvJ9Ml4m`qQz{n~<k`@(`KFanBEG_SC1Q<(oj
zx~M#HZ$C0HH)1yq2E~jYFk`Ec4nkF)tEFHgH0Z+^)P2_#bqx%4hwVO{in|knzas~C
z83OK72zNH#(LfgDDl#sWvTcaCZ2576rP|w!DG~SJq`~j~yuH4njdLehLfg@CQXbu_
z(L{tPaQaQ-iPN_YBNJ^T#T%2Rjt}$wn~d*;2eq0Q{)I7O=RDC+&4|!ag3`Vju%=he
zy+l-mXZtie_@Y{2+YXjjy<D)?mkkp1Q>XD7VcYR>TfX?!i5v3NP4fO=pQuoqx;}GT
zC+Q9#)$=G~?4W|Wrzd7u$CNw42`b<3gSIG(Ug}E23paPA;ldiCK4IH|mXb4XzPu|f
zhKdt#%iQ9<3Td1An*YX+37fm|<JlLl&yQ%&M$;c4Q=h(-GFOPce*e(ZdbNg-pXoze
z=+K?r;aj(a;XC5P@C1qS9@s!mIzkY800QUi0OFu;I%jE?c19P=^belcC)Lwee~f&E
z2jWG26$LLyIV-kA?T09Kf{6C%^RXIeKYeF!fG1~Y{ovrcsfG5V0*-|JSjZpt;ccPA
zc!>%Lv-^h2zeA9|jS4wP`!M!_2SQ(SNR7&gD=8YGv>vhA$WEBWqfDND4e7MmQXL$!
zLHM0Rn!GDiO|zmj2PS=Px3=;=v<)2cYMQEiz$xeB_FQL1VA&Kpx6M)6_QxkVP1#t7
zr@f`DpTqj;GNZ%O+ESLuUR&#z4X`y=Cje4vML?ssxjZrWEa2O62(H&iw$Oe&w&Iy!
zDm^H_7+6ZP8Z-x;6euSH1#etsIN$cDC8VCeWs{mL%`hbJQ7-@cS{rzAcCJ>GwN5<c
z;_$KpN99#&Sq>0?OPNuy?p@Z4S~eORbu%`~Jq%asr{=Fan4huV?knP;g_R*p6k(SR
zEO|Akg)zLXOVlDF|GMDY+2EAw2<M+Uq;^3HDi5|r<NQSqaekJ6dIQe4Vu<J8BqS&$
z9MT8i-?dw#4nR3s@Q3ZzQ@n2}S)ohWyk;p*hs$%9JLR>1Bq8^Om{BKGhF*iN!oY~U
zxL3696y!-xUaWUm+uS$fxZT0d*t4E=Ey``KOK@pHe@j;o-#-gJ$?A7Vt&WVN%O<F!
z+Df>a2%^2E>=VJdZ&{t-3AL0Zss$Y=+Zr6qMr<f$gr&n>qWKM8@lRvEXg0#UcMMzy
z{v07V?C+{bf7fd|`|BZX#!|H}6y-QN8uQDp^hPb~hb{ZRp|@v)Y0>nCXJ*U4peR+p
zz~|JK@B_AloEi!GoQ>R0Vu`ZOL1^h51U!$E7du32t%Da^L2N|m^%BzSp-y_Ov2*)H
zxu<A7;O^rD_u_7c^`QIK;2jIq{b>6@nJp_6R5G3tL&j|_Wn&!HJ<HN<&He=UjrjTC
z{B_6jGmhl@ih+#x+A3R-j`O94C0?Xs8*bd|vOW`7Da!t1?W>OACv2Y+bOSVGdzhcz
z@7j=!*pNR^Ltey&JeR+&AwQ$m?kmKGg!!p%$*X}f+!u8{{=p?gz(UnF>3|@)>jh~w
zsOcackb|tVk(&1z48hZHY3SUX;J^*G&;gnjc##I6Cf|CF_xZ>lTWQd^T%tS*4>@-@
ztY5qAb}2w7)q74Sxcgw<Mt%at?&I<;jiRK0C@kNEsVkkO&4PSK!*nU}vS2-0*3Yu1
zGhaVqCR8p3zmWVHUjkJ9G%4|2Tc{Qr;l%{Ast#UVt#S9IMFinnzG{tz`Id|Ew70XO
z<Zf8F!7iPKYbevk|9+Q^`$UlO)MQtYV6AaYmyUW)CAjkh>5h8nEdl*uH-;1DjK_w%
zM&z%%ke|_l%>YdU6;)nAEK7Su+1;>YW3UGl9n|5CAm>-xr8GMw!i-*D@c$|P*Ju6z
z6#qxY{Xd0&imxP$M^Tsa_&>%|eAlQfYcXPQbpAio&9Bg+6g(V)$I2ZulQCX44PMT#
ziCKU90jUd@IUV!kzh~Y=_`-wRa>15^wpbd$;?)Ho5~b539``jaQSj8}(uPYRBY>MN
zGtPi075Ka_X~Whr0k_PE(vME*f<xM^tk3KN0!eXVFyjI{`<*)>a9=yPujISUI>FPP
zyY%i@`R}w|Tcvkccde2?ydQ3HHtPaZuYC3`?TTK`yKWM>Q%>o;y8l)QYRH|o(FV&n
z+SrTxC$`cLk|I>Xdl%uUnx2o%nB5a@af(QgpEBd2q;`Jmd*%yBtNwHGbXJ1{1eot{
z=H-+=`F?Y*r7^fjlrH@g3Vw*7;9@5V8lBR&4r!P2)UAkuQ+Ou3)TpB1YeK<^2ntrk
z^uGi9U%Tq*NdM2_K_;J_4fo$6a!pRDCDQ+pHr#*kJE-p;fv1r%k}V=1iQ7q<>6n%e
zgKXP#;2y0eFjuQ$is2_8BV=2jGJlVF*h1ODO*CP5tCnGE1CfeoHd?@5-Dsu*b&yaf
zued|n?*Qb9aV~Qj@MiF?>tIXlhOP62t=-DvTlzrJ3Ka*G;fNr|ab5aQ@$-s`A3B5l
zlJee}DEf%T&%O?ACw)xqLLUz5yg>6=tW#p#{g`m@6>}yUUeK4B*CBrB3-~?GjB^g_
zev!|+#12QozPvi7vo9j|gOmFavzA~#W;6X9q3^e-{ot_b1V-VPzhON{a+y^MKMeMV
z(kr_CTQuF;Z{we-;XN$la4il^Cfl<Ee4{*&gp*Zvb0$uCXQOwVE_lj~YEoSEqcg*U
zDN5gj=9)l8m0^ks10KXT31~o+ns6j|FUD_yFz}e7tWR$y+R9D`zcre$Hq6%|v7yka
z+=a3wcKyz8*=HPlW;q`7;avF8CY=cGR^H8J8xF6(Utk?A>O4p}ldjm7+zf@<SfS$0
zv~7x&x`t?5;h@w&9PUt(Iz+&NAR==UX^Xy(&DDg0yUoRj$+IxjB<&J|kBCx0%s8zM
zcyXB3X}~Y215O*zE+eZOMXB9^R9K_DHVVi7s3=`^fFxk2OSXte0YBPhJk<ut;GTtD
z>G@lvhuy0rq6fQr>|{VWbBd8eZ`TNs0}=Xt@H1MEcJ->ZySzKg=;3UHpYcp|ly_H{
zyldAmE>@Vl``Fw;^6oszJ7Bs4Nbv&6yN3ZGB=6dO3JD!usQzJ$4u365K@|C~j3klo
zkiG^>fRF%eKuBnbAc6N_(uy!YoX7sxsq)T_i%fwX+LSXV!~MS-gM`wxaR0A#k#}cF
z-dRTw9c&yCMF%Q%wao+SsyNT#Cd$fP>tgAWN?<q}tja((-!9_WK_CDpXxY9@z}|hT
z3`|EE2za7MlO6N=;?rzgkLf=XFT~vqD3w|Oi?amj%j;rsw<F_g@Oc4?0V1XEFpToE
z3`AWMp~=Zz6uCx`3$luka!QzeZ#}b055~r-jZyf*^Kmwxh|mk>rj))?@wKllie9F5
zp%>Qi1+-Lhl{pOr!#hMNz#{TM>_|FtiiVa&24~0i2BFe^sy7!<7;Z=>VTkrXY<Dmf
zG<9=nNu)oocj?cWufzQr8PlJut)1h)OdWqqBMn8cFYA<--SX?6q|VHSW?DbTZ8Jvq
za6#=4LI}vUGYo8VsR<YS90fmQ9(F8S6@Zx_Uh8=80FZvc+kmjtGYPZy-bmz@HN2ZF
zljmUjpe{--ZA&{DsA$Lem*97sxnR?V5?R0JPc-qC6`6_qfITqR>0jT-3^+M!<Db;&
zx0m5!Gl#3!da^Ae>a3s#o-0rFt)q=2G4rX5|I}rsZytM)BkK#Gd~fxdM+ILZx~IVI
zItQ3Y&=GiHIRyH~x~iwqHBj*EG~s!g4epCU8>^E24b@wl)?`Svg8y6`5W=zzpj3LM
z3le<A8|^(!e6p@5ek@pzxX((pQr2g0;AG;FH`U&J`li~OC2vC?cEFud-$(5On?IKI
ze}ShT;XxwM=7o_?Jo_ef;truyUjb!)q=rL#l;0{3egInUo54v*_in^l{KQ<r*RS*q
zoYS1V7wp@;2I=m-#!$7SFQC>4;nqxjldTKXsW`nA+mjvBp6L9o))s!PkyOwpBpP%q
z+M@2Emi4V0DNg7fN;@Q!<aPME&QeXuijKoemtJ{F!bN~bHnQ36e`=zpy#4A!O#CnF
zUx221S`E4UE4x=O7Nk@&E*=|_pG>oop&CKXlCV0k@9#NoA~$6<9r#tJo{86Y1TbHz
zz8H$}34oeH#E1Ws9tK;0OHrB(R;tTj5ablIAk8*_B74|ilCvglRFN}wBb)aHYbfU?
zxK@TH*M)*w(2`1*h=B4%5|5MD?++!WINp;j%s+7>Mz?io;pq0GY&-RXC0b3F`6F4s
z`wiCjHRLl^+dTDLlbwG@|95)seo)r0eVs`6eo^KzF;~m6%^XznJUq31g!~sA%HmPh
z8Zd|)p6awB-?%||C~T+(XIxxkobuy})4IRxYp1-tNwiKW`%IK3h|&~?oZBi$S_dw>
z;DYhMsr@a-<*eJ@Q1LMG4MrrrD$a1>DI-8hUwEt}8UZEef6`u2bT}=|uWRfB!~A)K
zP8wd1p_70&noc&qPIPkrTHHe^tR1}hb++;W9N_oJU%_L_Rs=lI=N&`v^AGo?&@Qi>
zq4PAFvZN322hYWj>Vg=r3)KnyKihy@?t+38%a^nYVj+LAdLdt~5!6E>@pwuO#_of(
zOc*FlIwjN@7>9{_B9*c;=Rk@2l{mZ9<`49+OIQ5g@s_=G*U#d&9Q2$n7koNN+UfsB
z2YlF9sPtorqV?mx`0E-hT2~lcH^5(`D;55lcrV7^XeWQrXgL&2r2UjZJ+1lufq%@F
zyO3YDXCZ&Z{{vrc%f;P@+|jzK4foN~3*4gdUPEpswy)W>6oU@KlaPSG{Q8*MEh5f4
zFcW&7whq@<=2fhk62b-XiFgQJA&QVVs$SryHO%l$o+5+}2pL}hHP76Xrcpi})(5kN
z!zXNb2Af|Sui?E7@O5A@?t1X$4MGb$w>EDO+soadtms2w1F(zk=BsK+UhKl9oVd_b
z;Ma{sg95azInLeJfu{{PP~8evKmX)W+FL>M?Kae|qHlBBXspCD2r5Jy1ODHK?-$`}
z*2gtzXhvPE2He=q%WeEtm-&7N=(}QEEpVUct1_R0o^3;1I>ARW4#p@1E{4tItFSKl
zZ)RGn;QuxrJ%n^e9B5}$%=h8(@QZL2>f>0O3C~JjE<kx3G;BRUng|H4(1e?7utTB6
zqO{SBC!hu&M3*Mxg2<htV{Vv7kx}o&mFHkW*Mg<cgf*m*pK@7wAPo<({Wm)y6M;qU
zlE|#)VqBt$KBnMl%N1o-0q?n2tFAW^t&OYnqP2b1Q-Tk0pkjmB5$90%)5$Zx{hS#S
z!}uyQ9a>$7X6teXm?aYH2YBbf&FF8v+!SRmd9^fYjeg*7(Q-g^Dh@N6OYBDDnh}03
z_?{#5APGEq6UBRO1@cs%wJ1NInoMcSax{t9gI>Ib4!X~!MBO`;(xH7cAEHtN3r5zz
z`FoOwRn7z;G?M}2#*@t$0ato`hQ1Pv0FH~dnwM_TvA007ahU@($}^$b5FG)DJByLN
zDznS;#RA^@Z`ys6bK=&46iZk9hqa(#fUl3^@#9j5Q^x5{-+R=X4>6y(P1-HhDQ)`z
zc{zB`dyh~@Kkfv<-WphqEZ0x;_jc)`@=?^+xZ%y=+e)d*qYF`LJFo=z%5Gn;j(qLD
z7r!)g{qiaHrLEhSd7WRHF-3ghbsApO!BEwh$i8_DzHv$|fxTL05F3EvfM=0Z(?uEC
z#`_wL<~TDt&%|LgyuPQXU_59ONG=y?*r?o|N{fbEPXt0_DD1>T$MMiT<n2Xx@VobL
zFB~Hgc#HEp;+|rKS=;z0-@`ob(ka1Hy(sWPFIpNl*F@TNr>TqAJxJ7Qx-|1AB|$G$
z62uQ=M}hvHixC1U|38fU?~3LB`~MsNKa8u{fnS4<5c8iCx#lj+-|on01Wy;3UlCb0
zmlizy=)qKE{tNhVnE3<XEMPOzW0@aHU+V7SKa1!;BmYZX`2QmERfPW!s{GGR*XYLk
z-v_s<>%Wwjzwh)f?qy-n;7c*Y00?$3`X6b)If&6fHmDi*ZDD>_7WM`yi5&Z@{xqnK
z{ksfm{`9CpH9~pWvi>(OF_~Zmb`9us6as$acPs>a199}l12M8;MgPD^+{Yz%N{e*^
zd$J7>>CvNUz-YB4WN8FJXNL++=>OxnxZu2Hw1S<l6Dn)5b2Oq(z-@-&l>Y6=_}*dN
z1><=N^@D-VWBx{YX%LR*x0F4}$(<LuZ>dNee@}>Tn8tfB(5}kwb{xMSBmV#SFel@<
zojAb8ZJ=umE_&cDIHZfgPh$2L1i$MXuO!xw;9qgBAp_7mydR<W>3-d#pl1ZF#!<JM
zNn92Pe7?H!W5Nl^%jf+DKfkrg{73u<!El}(_hm@MW?bYkMx?_=s#B<n&5;p&LJugX
zRTNOmYN#df2>I95>4a)Ra&Xc0QHw}R`%lQt8Q6(jY)qQSoeE<Z&3{j8?$SlE{PCag
zyJr7?#jhOb#P83d@T(%t{V<6gkT`bpebB#Rl&6ytP^>*{7U=Q4f>cFn+u=jQ1#TK5
zf+JJ#F{x*%4$LC8ko8z!Lg=x+U07mlp_c8YVR#o9*sOkGurfW{{|8`UJxUxT>*u||
zoC~Zr;%()r4{_(ACuj8Y;CS;-|CY$R9R&m9<&6|Flb&M%Z>T*N+uw>ebyXBdV2Z^<
zb{f1QQ3|inPb4+t%Q^krcnvm2#e1y$a$vrPDzk|#c(jG)wmL$)z;Am6K5}^KOc*LY
z4jd<EJ@Z@DA(4KoCMV(bstHjs6)f7H(Yn-uxc7vt_2u#ZgS9UD%#vL?1$MRQ8yDxO
ztVJ^&jGH+8)kG2j!F#zX4vlUH?XIPrvT%u^<UZ`uqzO9+r~RjO@>9L;&!ntN;0cK6
z2}tdhW~*PS;|tqx3B4dc*LM*>EEM=hcUrI5=;TDc@QTP!t6j)HUVq0ze$8HZ{x7u6
zo%}RqA^#}&0gpB;<bQr}A^$M^E&~_lO2ZE}zI;wDhIUOe<c|aB3@DyYOqwET@&y5O
zdN3;)?L7zhL2}ld=f~4wG9y1RvE5<wC<9F`j;v|AZ?qy*?#2>uHVfo@E;<f-`(aql
ztqJ@E$+S`R15%$yKcF5S1rYHzxgZz$y1(sT<iPZ{QP!7WJnH~7a!rA-(8fPH)Be+)
zU`=jUvZI^)#&fL6W&6}7zo}zQMm=@`8<+tNWMc%r(M;(*1$zM8cel-dR_EZp%B!pT
zTi9O$7s>neW!wv__G2~_&yr-?w$B5g>GG=E6lEGzhF48WwtCg7+(K8AZ&OCVg~L-@
z?5OOR2fn8J6Uxvy&9*&FL)LO|P&9pq>VT>!v^;4N_<wS#afZBV+$rVcUXvzIo;=PQ
zT7Fz<_G>l4&xAU}m8LdtATH!EDj)APQGnw;_?2L2cA-BVJ*NPj%nl0>A?|M^Wbhp1
zQ1v8`M10lTc=``5UPeGPBq9p#f$jo0`+pI@ANT!l0yul=L)VkP>#rw&JL<#o*YZ>H
zx7XPyf8;a5Fv;LQMPzU`J0IJ_bQeeRnD?IS2!-S-^K%+Jk@_t?@7<3X9>6Hcba>k0
z__a7c<9NuQ?Fjir3U<p+u_+PxIg-zSE^Q`w;LJ*Zi>F8v!o_nmQ4ChrY;79+6}3kA
ztJ4M^!6_n{fsu9lBgwa?2wXLA>zRSOY!Mo_dW57Yevs$OlSrPQN$Mi@C)r}e{_PBG
z1s?|cl^!SWz}5=*S}EVpgTEQCQI>*bA2@Y|HRvd7kb99sodQuCgW?+-(~BB|P{CUe
z9%VPeXCpjr&R5~HRrqv*H*(ClH438yqYx(;XnHh|*Axn2>RQ}P;iOY9b!h0ln8*^4
zMY?xbkE*5(dU$6p*a(SD7|vW}&eXU?`plQLkbQElcleXn;gi6?wor%w>U6ZQ4>yf4
zz+XoIUty|HldBq$EZo3X`7VY+ftN30qBkWUDIJ`hup4>)M=W=oS$XL+5*#>!S>N_z
zyUvr)dOAx*JEf)%A7G`wK2=q;vc6?KvrPX0BM^8H8mR1U>y0gYgO#wS8AE~k!+R+r
zc)3?NA~=H$@w}<Dv3?l?euV+gN~FcHixb1Z7g)8U7_fr@KgNJ-dJ%9#q~ux#+%bi1
zcDiYGJ#Ca3qW<=W->CK4vOa(P_2Z9Y)`#Pd2~S@y{@Cy7|F`0go1a$I{a>HHZv64t
zr!oG2we~0DkHr<`sFP1{>;P3<;;{p*l#23!8utJYvYZ;PvTB(#m`MbU`*dA`AeR`?
zLfao4*d<>9C?%;?ur@6nEchnJ3kNTXi|bIl&$PO<#$~4jsRLdvIfJR5dj!*=3~Rk>
z7#1fiZXz{cb&WOhPtH>>4g8ZM)O|8G+s90UGzLwb=i`KSJ1TcE{V~clM35gcf;t*;
zO8LVslV%!RX+VJ-Q{Mjw6v*Ky1yZpRJAazpg?n1WQCMbr_g?n>zv&+zys0+Ngjph~
zmjk=@a@jKK;j%)kZ07%>A2T}j<Bpmr{dnX<(vOR)1(HS$!KA3J;sFn_@%X~#-qHJ+
z*!~+9FZtUL7MVi5+Atck!WVOR9vzsCWrJ9}Wa%K5eOX-?9=P;<Z78x`>H8mhYknf$
z?fHH=9%dn3Q?|aFf(Og(Gay%jTfe=SRBMam2cDexXFe+aPrH2J={T?eq#E#9t;)c!
zNdVbAZ93N}OCvD*-3i3(&r*4ybD5OO)Uo)-BoLo_b?Ux;vfk<NSn$}<S2xm$uA;Tc
zH4bUXx|?774`x9*Gr)YhNI3&A2sx{OoxeH831$_B!h-Ypp)6L!a&!($V39+RmQT;n
z;n@H!!EBo17SJ}hfQ9T1)`pzE$+xf&Q^sXRcjx0NBFsOXf;Dq>4g`i8oEa_9f3*cy
zl!kn?`*v^QKxH^FnEf5@R;M$ItrwQMX<fple9R!z6wFk|m*0LFBM$!aI=io+!E=uH
z)b^;jVzcqnn#9r$M~@JO97B6th5QzyZ%IRLMMuvi`}i%FJ+(VL9V5za5_VwH5lTG5
zztOT}Q!u4Vd_}_JfkdmaEIF_&4(}DX;nzNhX}zjyKy*}OkKw%-uZNo8)lytPA!PV5
zZZc}&25R5=pJ?AXM~`d&xqZXCwJ*8LdSP&^pm8aIFDW7%X&;90_^O%IzBIPJ2}xbF
ze#d)CDe)IJk~Y-Flvgo1GtD(f2-OPKOYX}c8UQfZJNmrD#7x1{q33^v%LPO{rXd9@
znYe`a`r1RGisf<3d9Md&iNUb42A19jEfO;7L8y(P^E9_#X6F!h$A?gQLFmzr6VIV~
z*BE|F@^$brup2%SpyW6t4QR^R&u9t96CBdZNTKDR$OSCb!G6*C^Qu87A;JgQDyF2l
znmn!Cnnuun>rl_R`UgHDC4WKI-?olvL`?4-ahivy4>6a%tpE3uq!RC@11Y|Imy>3j
zb%asi{cG?pIBekt!CITkKU0V62nEm1G?1wl6tU0-Pl$762=Xssyh3G1MR{72)4Hqd
zfFM8ED#~LWQphRo3L3)O7v!wh*QyHf#kHLqQhji(Jo)e1P&4jraQB6d^Hut5VE0u_
zna@{UrDV~Vw+w7|Ft|nZ^Axo7F#qn?@HT*J1k`=nAZadZNz#nhg-t19bg2pC%)8@3
z2G8#Vtz)3QBA~M)plcB{vlH|c2FgW1?~8!mji7pBd638#-qUL2(Po-qT^=pb-A%nU
zL1VCYFfrIOXh0LD#8r=n*TP4OwQPdn;44X*4YBzZot^p8JDhSh#RXWRvV5as@d45%
zzR@5jpEJ~Bt~cwkWn-Yd-*YUrZd^Fo-=`!ok5byu(EA^tp+76|5{E2?IZqwd%WjZ_
z-fG<BJIdQYdwnnAS`pBaLk0O?AJCI=W)!2B&w)AtLlb@3CnzvJ&g`7D+JNHQ;GQ|t
zH+l6~Y~tb&HBZiZ%?o3^{A2V5cROUa5wjT#bS%EZK<~lDPmk||TTP6L3_uR)5u;OD
zZE(t~H9?(2e#A&Q$sN8z&LQP%oQu!nXZ+miX?(JMgpvMgrq|g=q@gYA@J${qc<RzW
zM6=)0tn`D%B5vOtL894#nM|^bUUbPXDrY}ZUGmKu(hNA+=t~{#^o<)0{&5=3#eb*#
zT95IANq8{Jbjdz~yhbBlG0lWmCR<&B4y(7-#p6$KhN$Aq`aa^+9X`%>%eOdT;Tnzc
zFAa^+6)rqRN212aHn&94j$@f!yB{$wy^4b!JO`y{St;p3GNZ@tAOrn&O&0@w>uuVw
zJy8tyh+ZjpSF2&iUVrjLeds6bPk_7^x0!hlEuRC1fz%Ejt3&$Anep#swj$r?31ly;
zn)4gw*>}hlUNJ-&_<6+Rb)BNqLZa;@+?QAF-s-TPST;(zw~^e8$)Ovu7k`Ey#$UTx
zyF+6!##>8C-)JRuw3XC#eFyN%JlraSxrCk4Ck`|u!0qI>b~t@*lf!4zQNWV)uV~JN
z|0%R7T5{nM&Q<1Yn*IRe5yJ}pQ}N80vN215pVlDKW^M{PQLqpEGKc?syo39KV(nn}
z+ev?Q2pP4GI5!zD25ff5Q8A-ku<jOc;sjUCey5C&1B&Oq7q}o!V_1Knxe?w|&RE-o
z>*;y{>8CB+;ILj?^)^tujZcoZ0ZRY_865H*MqFZ7@d1lI+~9HmYXQ@k=vewk(nP5h
zidbC}tlgl<hoj;To5K}A*$DAkaAVheX5Qocx_9BCxn?Tw#XN;V<<+S;`?r=7h)YKW
zzY>pWi{<;xxiTVAM%<yB>Kab_3o!%BAzGl7xp0HEH(&KKmg}j_6+(O67imrh-s!-O
zvRPaBr+$sJ+`n_ZfB5;54vfGD)-n-1u$@Sxs{O{;@WNM_fP?Vn%J0$Zy?Bivp9f;H
zG%{G6Ge*^6#P|vLG$qQLnPKJ%X7I*>YrJu0B5$0N${X(;P0<QId0r-;T%5)y3r0R!
zvx&=npUX`{xjrv;Rcr;TZc$WqW7O&lSY4W>`oY|wPg(jM+VoxQZ3;Hh={7pz{zG8u
zJLNmm9P$%Djz@(axJNe)*Nz;u91>cZMc|r#fuppu2A<FZer-M3b(9KgHqP~Jq==2^
zTWZ2dp+lg8Q<$mMh?FnTno**7b#1ZB{CF^uuLjyZ4>#7rD9RY$x9;RUKX5FvR*aN>
zADRmp2L(^t$PY%69g|0se2WC1?o*~Pb-6Uh=#*DvBa6)w`F~z<#;q`csZ-o_{*U-Y
zh+Aq<=M;fo6lX?zc%l&(7<{M1YcOi}y~s7<N<{0A2>UqW7ffhP{36N^0lzq-_(h&X
z`{%%`LvES%KI4|bxB+*!D6KR(IS>&Kg}G&SupZYB%x{R|mvWX@)`VsM6u&g`>&hry
zks@q+`>*UDW$deui#+Iwr}%h^5zPOcPM9>?yeK?Oz*nUIPvPi$+D%9^0>-6sBaC$)
z1~7}44ht**mVma|0l6u*t)LHo+#q<WO^(oBzABHxgX~PF?-qKN$7@_?_$`m?ax2d9
zV1>rJKF6G;4sM^*r@PHzy;`PsSX;|_!j=0YxN>j7v{SCvKsmc#0q4d2r{MGWgea7+
z`UNeqzaP0B=`8L(6Uk9r0s?I_q38>b=Q$x`KaS@%^hw2xHZkKA^d6|hPa7<D;>yzT
z9iWc6Mi71=1s#<k1YP=sAkToI{A868Q~9d&i1R1c8_(0quQrFr6Ii7bL?8I}c`%r#
zp@`M>!F}p^MDqU5`7aS`pgh3<@@DWYu&37C3)OS9qGOAOO~;rl&FIZ(vy(Lx{6~F7
zbLpmOwf5|ghRqDj0p71_CEmZ-+C?Z8jz+yzheF9NgK<xbJLWRrr>};A3y^J@gi!jy
z7li6=rXzegn0>jfYc;1vX*J3X=SYRNwGhnEGh_(dca;o*O00_vf$1#k>pw<mV~&T<
zrTzSvQPOj+)s?T@`zd9;l+$<ghWFc<;=OFyWBb5BvRUzco}$6+-0n0v&ePi4rT4V<
zcLQ#F^UqgHqiCDFn$`o_H0LU{N&be~w1Bl~L!?c2vLXkKqJUrq1HP95uV%n6Mu6{P
zz>Ood8fg?7E^quMNxgazt`^3uM~p1$R9>Yq)t{Jv>q?VOqL#4MyNt{n6QpAljtiZF
z`hUmjKXIDsKgsHEjMV=jtN)Ra+E{-R3SWVRSGInf`HIGs2<GKtxDU9rYA&T45C}II
z)XooJBBQSPHz=I~ke7aJR5AVG{>ILGcDhk;w6cAlR#Qjc?HC4slr^omc2M6k9@9?g
zo5n}Ja6bgj)x%eAWGjVU_@}y32v_(>H5AiP`HPO=WATxLe@30yYILX2V)9|`Gc1jv
zq<;Yl21mvC7KZZmQfD=M)vp;2+~dbHQ~G&!|BFr-ObnED2iyk@N^jb9TZ`K^=%|#L
z<iKPdZbRJnI|e@v3E21~EqPON<0;maPZoDDU#Qdf93MU%QeQ%N)$8C11<)2zn$kM`
z`K<BbfjO1M8s&Y6(kScG*e3_G2wOYxNBu53e`d!HJX0Hwy#njw)k7(<;~jWgA9KD{
ziBQ==y}U_~2S0{IN?D8GN7>Ap`7oVosK1Ba&?@DuTd225u9HM*nQcUA3);ez_AH~c
zxOB=#6WA9YQy=CtFk)etCl3bqP^barlMYaXIRQ36m2NEGTFZMg3Er3WBC9ZtRrm_4
z@UM{y?_d=^b2E_k2Fj6D2&PXVm_CJI`XmT-g}G#2p>aJPV<l6{c`w>H6>GSB-aDMG
zv?A{vNLO(MyqBjdotF3N=}OP>-m6@UwJuHIx6aI_b=WBQ?EKb(@px3Cz+J|<n=Cb*
z3~rsa>~Tu_n*AKJB%S;}8)o`a`%IG)`v9bCg{Mu+S5+c|tg=b_Y@Rb6dA?Ll=l2fj
z2ow?QLun{-9iE+92Y140J?#36O}@p`u66bEv~%vhB-WA~asfD;g}K2vaK!TD(ed!k
zwHu(^wMD+f_+a%6*&fdz-ls3X8qcG9Xrn+(c7bfV<9rn!`Gn2@DlB>OSn}Q}@jQ1~
z@a#0=R?U8Y1G#P4!_rLTTaH_f<I<PDqVxc`4rfGpA_C$8r7J}F!Pc2R^DUsRE`~yn
zl@E4!>aICFq4=^di%KVd=;Xezg}_#NAk8VA3)TWu6F|Afz{R!j1(4!n?zcthv1|;A
zy$%;({3*c~;j46~bSAg~F2MIb9b5|+CZ}{NfE#RaY3>kQ!8{O6ixk}I&13$Ao){I^
zBk>LTX`<=ouhDskc+i@htE;h421B|Z0Qc6WHT~(dU$7tjr{aXTLIZ$Uo65gKDn8sy
zRGjk_QE>}R93>fA!c_coM#Z0)wVGJ@%*yY>%1_4fxoRld$cny*MK5PXe{-BM2rK&U
z%{RuTb9w@b-r#LsK3I?w_^m>=_0qCF@H<|*Ovif1<pS+C)L?n(th{Gfd1b7;dm`mM
z%*q>v<$=9xEzDe|hZd#Nx8MIr-_Bv*-p9UuDDv$R_U*UB)qGgMHt~9#2<5j{=iqOd
z9uEVpp%Xzz73MC}32_Nj@UyJo_G47=7*?<?Qt(Pv@KeKM@mCBTo=A<%UNTmYi%k61
z+jZ8<OH)<-A=`|A-QH3)zjZdJ6F9&1@~R+U7I0$s--+Vx23D_^)qD0ws<-&ZaJ`kR
z-jw0&d=bG{kP@9grW<}f`8O3eo)wqNiktCc7wNhCMioCX{#LeA+AV#`&YpEh*E$ab
z#Eq5Gd0@Y0<!vonc1u(fC(qM~*89!r?szMxEZ0Nm1!X#<Z==r7oNUG^g0BwKI@U}y
zAPuNZ_pt{<$#CSi<mx=9c&p-?*v<dB$g)D-M&W3z>Tg(;`%k3RvZEMi6NhdA?rL*=
z%NuoO-YA-Z*BtPl!@Z^zOdm;C>k8Fwm8C<6jxo1=epG(anQ2%^FWI4!1kl5er`K5a
zgs-~gH!n;VCKaUf&-;OsCKaTCp=YS?JkK4<i^(sF^|KEBJY4T}_Jh)B03N?!Q(N5z
zq7mACBd4CSN8_*v#=!;1>1ll!Y?rD(lZ*|y?sG_IyR;YAi&&4Ajig<0LYxinmZkDr
zY&vsO1a06>6ycwQ$wt>B;AFBU<8~fa%?DVG``zF)hjjk><@b&*zbpfjI8zx9MauY$
z%Ggiim>Ef?y@?B6jHd6oX*f<bKZVZ-{+|ou|GDb4DEw1CF1aXOkU5akJ;(;5xGG@n
z7NK-*npk?m!5y|s3)1K`5APvYk~~XivmRcZ=qx=R<S{kL@#O|+2bt|Nd@1t<|2H6f
zZ#Pi(lXME=-f5&$H*di8#$!eK_DnqN_eqQhiLxVI<o1L9o)*6_A8K_K@LN;o+bYk5
z$`KQHX7j(A!pZ>I@sMtz-TL)XbEN%td8siUTHYsLYM#b#efTz=$o+sYOTNXw?uk(F
z{CJzErhTE!bG4m+awvJC^HZGGWBil2AKb}(8N30^39x+r(q{x_<Tc=V9l>mn3%{cW
z6GW-VV5_V~@o3|>HdS_zpo}N5WICH=)DyY<lS627wke#`H|)mT)kG3!*XJa0?z%)0
zX9|?eB+hK+jFk)_H)ae2et`kcV!+7}-~|l$CI+lwzz;HDR}%r3H+7NqZG#E;@I|Ko
z81O3$*wEBPj();`|HOce4EQVqPP-HacClvsfdQ{zz-K-q;Kqvt+<LK#NL|8!MFzZu
z0iR>QS1xu@Bl&|>`HNClV0qUt>l?1;rko%eO^CL(kH(EKY@UTOJJR$MJWr*BnMxxU
zy|w|*k1rL?W`0YGp$cd-j@*ZF2EjL(6FhZVFr$J4y38+D?P1cQfZvh`bkueW?|qit
zit(JSqHTdI)mCx(q^-ig1MUVc>y5VJw5at9)iLG4ce4{h@YGguWr6EbzH~6^>p@FS
z+1`OduiWBZi-1_c&IY*e!LP-9L+}~an-Bu{1}dYi=aNSFB!EYM<l~vt6<2cI1+<Q6
zMY_P%3!!RCu@p7GX@oA%;@r&)L6b+*lDYIrsAXR91N;90<O6Ds8m2(H<X>g}apdp=
zu#!&=*@UZ`O@fpVKB_?QiFk+<&g>sj_P!sdfd(aN-05ug+(qZOmLw*t8>Vpg%a8Bs
zX_e#O-!*E2{c*<Sw(xt}9rHQ7XSwQ(Yy}LhfIO+>{6kN3U!PYdF?zxE4su}%7#hA}
zPMVwIdxDe7OqSz0nDw{(zRI>xh|`qM^F6MW%2Mn;o7OHBnsRVEeEF2hwhnwbUX*#U
zv@kWVVlubDot{^*isSBbr`bH!2%HMv`D}6URb^W{fUg;dxlNA;$3bP5<5FQtXGT5D
zBRiQbIZ52iVKXr+V6Z1%ZPb$|Ew$L>f)t++vPm;jJk=e+?KV$AN(Y7|w9uu68$9Ld
zn&n(g#T1QefTbG!vtq7dRXirAZE#->tR9K3W?<RK@P2x^C`F!Y^4U0OiEkSGHCd{m
z)7ZaJc!m=6Z#ZW5gZ|n1Ejq1zV!XRQkeZg8IEQm5LLZ@vn>eW`1;!u$cFpHX=|r)X
zLX+=y!Z705WNB1u8JVM20;7Y|)X@1PJf9bC@vOsOPrUjQE~?lanvtUJCB3HxuCdce
z6-k;d`aY6xT%JpnPRGXi9;ab#gf0OPzy8-?{ZPgHdW^aHrfa1cDLBYWO_f(V2;?s?
z5;+|N@_U*lUz#c}HPguu^3qhCg_Ivk_brK&mZtcY$4M*U!*=@cPW-T)KAcGkD^4se
zLFzEh<h?k)4&N_1X=N(ZXp;iA%G05crot}GNVoe09sHW;<5j((U{AGP$}<JtM#bfu
zjxT`*=jrXze5eic4wRd6t^u$s*;X+*dx^WJ4ZO{KslQ$N!tN`MCwQqO4BJ2F3Zfc_
z^$Tpx9JfAHXOpG?WI{K{Hi8sNzkq^`GgL_IYOw*pa$4~<P(_^$h(hCOorRIPqA(ba
z%}M1F59Bo?MP7<&LcsC+5c@g2Bz*+P;_@ClrIK_cySx<N8V<3?$YCfRkVR$7eTCAz
z)QZX4e0R@KwUn0{co=X8WlJ3>m~9d`9J0>rkm4m6hXN=G%0PKuevewl9lS9wmCw+b
z)q3V=v4>&e?&wg7dy)XdQ!#nKUGDxNXjLkL7Q|t39mKFtV1Im2QaTuO$(qm}xDS^M
z{RGo-tAXg2vM0UWi_Vv>s&?NL^%3DCF^0N-)r-zRX#^Bekwn@oNjtv2tsT!zbM?h*
zJg-?UN%2h&0bFn(K6;LedW0Gak7<!gQsg`mWZ{1D>!-qVmD0!2c~23v^4{U-G9zl$
z5i6QVBZkHG!dKWVXl>wboMY}8ZfGzrd_{kd4WC?<q>-cUm#s?D#N?+YevB5gw=*G-
z!y1WO*qNy1*FTM&&7<u5f}EF%>tVrYOSel+BQSTTl$VZ8z2Afq0T5K!#eaZzf{D_8
z{o7V~4mB92{VX4zmu~OT1Rt-!$?!$*4${z;VFX_c1R3m)gN3`vBmt^Tgn>2KrKRa|
zUP`DQ2qJ25RLS$~$|Q|?xo&0jc^sYnEu;R<q5j%b(b~Z}e4oCv!?X3>I*gKKjaFI-
z-)V^uN#We4Dx6UuQiRf_U`I^Oob4Vg`et&#zo`UHbW4hce>wqmMo9`uE)h9qCUwmr
z^+t{Xxd<XpfWIat70cH!QCx=09f?M`+3p8Xo0YmtQP2aOln|Y)&1F_nla67qESHE8
zMq>)<kUXNo=#tH><iQAh*A;dkV1}N3d<>6#-lL<YUWc)%nIJ<{4rk@rRSus_+`AN-
zI-$^gYsIPw+#GkhrxwI`xT)U*k|qBp4$Ly|xj1SjHf}l>jKlg|SRbC}HxB9>5A}7$
z$wRE=_Y3lE3@7ok-E$ewunJaAWrd=Y<Ey@aDi{i2P&!K)p|+P0aAzAsz{xm<fG@8B
z0&q_C`Uqg9**bgAuSdrrOg(+bQiaCNfX4Nn&3id`P_e2vm&bdX0ovo&B5kn7-qMdX
zb_O*THwMNQygP~y=@fLR-8W534M0K!bc60=8nS$VN{*mU_D`#r%s&d^zt$#=w*xpl
z0?RXn58I<<k2-uhD_ECcL>SN-#YJVRJqm+mry4qGw|uHlx*v*M;2s~UWrJB!I;tGI
z@K6e)y<X7xFlSd{<g=oO0_?qsqusNJ%I+k;ghLG$J-qj`;k}1AY9(@1_H1{N=qq9z
zh0t2m$kfpZd7$hJp4I|XcGH2->a?iF8EOyr#dU9t&{lI{G((k)(7KH)mTik6>9#16
z#=+!?q<L-@)D%6416w*tx-S<Y>2OWmy4|(UHrD5fQGG6SkG55;%I0itv)ZXh&xshG
z>c?=pjnil~|6_;lS37h!bqHA}fl!+ZsLi7ao*;8eHKM11zm(u<TL!poTjahuM&1mV
zOq#PF>DM2_y?5z@1FqW=OSQZ-CA1%^hzM;MxkQ7<|AD8iH@{W^3A7__9uWK+2YAmh
zxQh`PJ^F-4(!G`8Hn0s~q)UN&fm7j0;Et<sTOW9-ot+4>?nhG9<MBEXIt^+8$Z&c1
zybzK=@L6atRKSJ}6)I3iAn6)|sbw&LlR2RX&;%9eHysS<weAH~?SqB|aF$DLXaY1T
zs10hmY3Q@ASPlJ|E2;B*Wm@|OHo6_{WpV{<s+E2`Y({*HStu%7nP~VYn#{LrL9gWl
zmDr^s97P=SSpY)A=@8`sVrdaty**3ZlfWnH3BJ*7HXvjGPlXybbLgt@QYo#p&3gaY
zq3mpQbb`JZOe+)vg_uskC&cl_LbA4?!p_S0^>}OoRLD$iJc*SmU4WGiD&f6vlRI5w
zmlmY5mg?|h_~06Sfa@9y`7M(N<yVDR?oOw4!pR*0-^>){&+}VW4dH}P4M4dD+I){S
z<W{uzT%y=2>c9gJ4P15trz-M9?gx9u4|eW&q%wU}Wv=03X$`bWyTCm#RD&Q<{fABm
zuHs?}UpZNe7$t-vY|KOo_w@tnt16n`ra&E7=W~Ipl1o?$AQ5CW`J06){1$sM=V^8E
zUfhe7Th+{tx)yy|pFWVK!FpE=zzF>lX)Kir&KsAek~VV4_ZliDY51yI)E(5qkI6&N
zdVazU%x1z7%1UMXPwBu^39F}%SWt-hoN=np8GHg;q;?FD>-JRt!PDBO?0dnN)c@p-
z8lhBIDRA|nQ_#EuXdYRcaQ!Y`7qjbo@!HO=C*pN>)br8o`a!%-qa4v}KZ3I126dBc
z!e%a1loCGsHa5RD(Z1@UMjYWKs<)^Te*)^;D-8En(L5zT(8&BiFd@KPlP*-ABlC1=
zI>|LCLzQk+0%qz5wMivVDqA$eQONgn@Lt@881kcl&m#e}E|bJv8O=|?{qjs^&w??E
zDh17ZGN8c^BS||$m9%-CrRIa;R7<>$k_4N6g$0K6?|}Y@8T|7>U<TiSO<<O=kt|_M
zrXU$msKz=frcNJRdOTtYuX()t`Dy>%7=AO#>UdFYjczOoVL2=de}#ZyZ|=G#W--%h
zj!xsX#61~}SC>00qD(w1f%Kt+SzAs(&-H3uiw3ga4VJLr2i0OkZP4k!flg5cFX@zU
z-+hlo`u?lOF#hr%;wh<WJS9bqr{rdj)4F?sEqR>)N(6tZ(?qgBb(Ypgp$n6k`--&`
zxY7d6vdGj8s#5JM$_YYg8953|&^nXKQhiUv0dzEIdsomo5l~$;=%C6r6lUdpsQpDq
zW*8XoGkIPU<?sEcfDgak&qZP{ThM&TOZQf<7|Z}QK+3;W=V-vVScRiA^0pf~>2mJ?
z_B)ogow<ia&NZ`<9ql&a%jesfO?`lz$8=w!#^08_ys!VXvC@x0-Vqpk=mDNwI!KCr
zV{gy|lhycF7<k2DXvM&AD~#dlacWIaTd;{@bM8+fE!fdYE%*pu_N5lM|A`Tg5|bKn
zKuR@j;=(<z(1hhk`Es(^G49ac>3)dC9hei|Gmh;x_&M<HCN4Oudw~&(x=k%?RHs+(
zbf-pp^#5Xe^}Gr#ZVl>z#Gtqt>E1mn(zrd9ZPeNR@{BZ3n|4)ikH15jktWC`hFV=u
z7R7M&r+n1pv$-f1HwcPSV{y^`u;<|jCoJ#0eB|LS@wxxNAJf#{OjP*;{0D8-A=eOa
z8RGNF{0r4?uxIad^}#1_0}tI78Ph~@(e>6lne13E=wr2F7JWEw3lGeyD2M8CoV8)r
z4dW@BYTOj5TvZswDzn{IFq|{Nwy~fMSr)C?Z)S^)j{iE!vT09YmQ62uSC(oAuP4U3
zDGXP~uRl(F&a9gQWZfjF){P0=JhXS5z7kORb5nhH>ZAoG#-9B8H?Z5jJL9AUDZV@P
z@B&K2$Yl9I2H{G^=-;ClEUW=*Y)HOz461gP?geWo6`Zpg@Yt^QC|ls<{Em>n>v;?O
zmVpEk+6gZKu;-HRu?ZB@i6?`Ff{eo)rF#KEh6U~c07?*H%&bTbe2X;1tO7nc-f}!z
zJOA|jEt4zu2>sZ6vtlL7G+aO*R@7OPO=D%MT*3}{luJNar%)^jN4Eq%k5SQh?xZcO
zqwVBXPZCS#r-Exc^bX!T7M@J2ST&RbtLi442K41=$&ty!g5sc{?dTjq32ekrsiCZ0
zim!DNu8rQKj>C;AkZT~6o$#oehk=O8mxkKj;qs-Um<MzZG|yRj6kX_{Hs6D2bM`2k
z<Mf#)IYPVgEyp|YQ|L>58OG!g{N4q{G{AL=89%Y%&aGW!tRBa9+NG~szRs`OW8>{X
zXme#d$gA=-J%jhb&A(_biFApO@&q`^Ce_p|pXw~FpGJ;&78I!VH{aX5VhB+7#?L{C
z_EyF8aPXQ?z4GgD*DOX2(Mv!@y$b!aas#eha7a_pcA3Khlnn2W0~iaB@ayl_Mw>=}
z^%7jp1-`?>yjRdhf*E-!U7~?=bSx-vv$ku#6nvYlWA+n%gf`GNvWRA+_W%nCBYbwW
zs?e5TMt4bA(H`NVZ0<co5q&X~4+!a#&wIC0C?8`Aj0jeM<80c&h@g#;(L@08Eyq9}
zyv8|#d`oo>>$aa6^aNM+9yV+8*hhIUP93r!{s7x1VD2LUOoHawt;IRA;b>dW2E((o
zU0B@m0QA!#H96==q>dZyT&>-w8(-+tRoFA?ax3aGbJt<SMX(-RmgL#pEQI!W+8d=G
zm-uPYehjA`Hz#EHg_fhBi_)Mk@=Bw%gZH6$0>?*Z7UevHv^34OZnBX!8deLqSng2Z
zB8mc1CSvIkoa*e8@4J)94Tsa0+6Vlud<zg|$}>Qad*JtW=oAuXFPm?11MPAr()^l&
zKc6FIRs&^z7fqS>geenaaz$k7g@`C^6ddZgz@5#4Luj&Q-E{ay8tkiQ!JP+mNhhTX
z%A-sK?=Blm?@pd&XJ(s_EGcYIsD=#^FxcD0#O+)|5vr3`rh$S@o0Ml<ZNMWWYIPh@
zJ6h6vp@veZ;X_WPHxmz*^n0oXeCQVuWq2Q4sshXwtNX(K-IY%NuEg$ha2Rz%IX6v<
zz=uEs$c3q@IvS!1tMYzAX@iX<dJj^A?{Yz{<q)`^Fg8a)rl&w{cQt@e!O<ypaz}BF
zxl?{5N=$wvP6zKChsc-@;3z$+NxXkeniV(E^|woVTE4701Ov54>J2>!?ZHFb=cCpQ
zm#5A@BDG#+)T+d;KPuhtT<k~EbxJ!O{_mzb{H-_Ua}7Wu8X}jBgSHBPrszxI?CV6`
zRUuUGupV00%TwFz>1eb|wM+hmQ^HvSFf92;rE`&P?Q)^fZmnHC8cYMb?wTkU8Kknb
z{B^qID6%~aRz=#RLL={^35^tzXoYE!rv)@WQbdDW6FF~wPL%HXNe^*lk4_Kqu^w!;
zFygPosF@EUHX!fA!@tl1pztT@5KG90aaWD1DQ;$pqI{@`UJXV3ElU^#cn%nBWtqc3
z!(bUy4Skqad4+6slZeukJ{&v8-IG3{HT}LN`q(ehE3aI|FVZM1Sdz--{rZGw!~(d%
z5q^V-D1EI5crPYz0+|QGTy^f_LCi(udihi}<UK(x4+u+Vw0WxkW%IQ1Wy5USk~g6>
z@rHkCzi=JMJ5S*`wHR^m&Cy=B++20yF1s`6ZFi5tfcN8Wb3{L2QML}^b~Jy#NI**;
z?dV_}ybTx3gg#9%sIK$^)drm#rG?znqn+~`*j%5L<Vm|)gKK2KmB5&PUwfq1pTVPW
zRhGuUtOUYf_z7!|+62@hVYPEdRJ6gt6o}|c$~tMnHS71!%)))ro$I-9-nLehryDVi
zHf`;yK~Yk%0_=-f@T1kZPup?wWF-LRsjl1}b#VMDdBEVLj?JGq(7g$+W{>6aC*IDv
zHwGSv@3wycivpM)(Z%uWmjMlib@+oAj!}!vP8`d7??ehEK|O;Ua9)~*`3>Z;6;nX<
zjgIdO8AX;U42(wt;Ml;kCTFQl9@9A!<94S-`#P2J;n_=XrWV8EIM_2H_?C`@?G9SL
zx_(5I-GM8~ZM-p_&#;@*$OcI970}F^%HOzvi4h*Zei0*loNi;&#EdX+VbjIsHvzAT
z&_G-cVt1QpImlyfBU=taQHTKAkG=w3xJD!PGg8j|l^xgAxOpdm7a@TcxrLaCfQlZS
zvpKG@-6x9B;3u3VcNUe;S3RSlSia=v)9th}G5$KA{!;yPNpvfIfvqTW-y744W9od~
zlj>yPUb=VxTb%&uUi474=mAl!0@37WMS_4SN$G6a^bjuHz*QMEwI80Z>2!Dt+{IBu
zupKw~C}kH|#Jv18YuXSt)3&_`U*5%DZpR}L73T$vvE$5T5-I+`U*m|UumNerr6sHj
z;k5<ns(_&FB<sJXufy}?NO_Oo9Alm-sHcZ2DX|`?r1YoG@W;zsC)pX*upwHD5oLjy
z2h=qvpK4;3lGs=#LMI3>J3|~>ghKYGy7~mevSfC`I~|oulAf(EAurJIXk^Jq{{La_
zTi~OpuEuwgP1rzSf(8g0WudDkJ}|3*EYD1`ff<-3AXKzswT;E1RuOi2Xb6d$MW)Mu
z4_dXg+OPfEuU1=M6(J(*Zea63AtB1sBA~)<RuH1*g=GKdoIA6R5Ul;a|BIhyX7Aj`
zx#ymH?m6e4d#=(9%}Zqss6m)w`*wH89IT&yev=I(N>D2BM`2~O|B_Ss2HA=<sCqK3
z9oI``pb}0p-0d0#Iqh*8*+hmC-Xo<jihV4HHj#Q0;Bq$7L?uf#Vef&sK~He~IC1Bd
z=DWU~OYS=f#m7w6xrJW(Zk=1O(m&8Z+QjMmx4l4`5hX6b#kj!g$21nSG(Khm?Tu=z
zf~M~@ZGD;&Z`t9pCbs-?2cya-HF5Fz4%)sU8f?_rLn0`U+N|-ozoly4CG0L2=6*8%
z1nbIK16$?#vJnqwww_gkv6hpk$(%C`<kH9wa8Vx(R2(*)CpaQcuv(9QPCHqUk1T90
zA=U^*V%1nGrvH}ea;*R%`0sU01pmuH)<HuT%`~Vh{Tr5Yx|7YlyK(L{w^GR|;RBtq
z9XPf^thBJz!FfsVl>sGNY~pReLzE_6Z;}1SchzcpVegy+A#Wt)(!}p$chDACWN18T
z_Z<V1x5~8iO?QycuKoJU9WfF9ck$P!<F8NLF;I_ppb3e+r2Ede(6`|WLxPuxIz3l6
z|Dc$-JT~*+HpDj!UM5pQ3X>G4XWP{xe1a~C3W42Qnj07TXa&k~lr=LG&j6Z+CIM7}
zRLHI@hY5ZV7kf|%9$;35(pebDGa9rWCVMC|Cma^k+&h^y;Y!R2)j$@~*pATt9oZ80
zqA6i{Hkvn<=P-e@Vo1zhuJ65~b|9901Tf81$7Fd<Im<vsA5>D^;QY|Rp;xM`-Wo-l
zhIYTtA?Kx%dMAfwE`y{TcAXM!ElXZ@pU+%!EmFh4pX?lEup^Hu8Q<&zJ$zFpMiPSh
zTw#`6z1Mj;?r1&5CJ6U%E)0s>-}5>b{yC5|nV?!RmIYK)GXxM9X-+;*@EtbFAsYK1
zNc#o*<Lp1SBk<V#frj4uAGrAe70x10#G>TQk9`TGfg74SIe?&r?xWdE_hTMF{DzGQ
zWP#g8qW2awm4Yy2cReP9Fo~m+NF*9b++75y8RTv>yStsPTbb7;0E1|nz|h22!3nI_
zXuF@ywjZh6X2wm2YnEAZ%F85W6DoO~i)3M4NXz=*15S1WX(a8H{N%QQh9}9#zs8{N
zE#isv$|;jvpud?tzKY4-(kxs3s&TS+IxIouhUg^MwRY&0U~5<f-6}N;L8C!e*jDkn
zvKFCT2(y<ZUk2obe%1pjk9|_<-(J}@e0e`*x@Dm<AH&O)m6~B9fx=jtRRT?2XGcG6
z**o8as$j|5%>HCD3Apy@tz^YiLYhpa=Gs2|P0jye&m)=<TlBxq(DvKHF-75+mh?$~
zX030|i0^hKG4w}bYC@ubrfVu?D4_M{9*hZSOk+X$8<{T}L!Ko6xTq$fU8L#+0WH3t
z$ON?Tf0#&#A^kR4i@Ghra)zgLb=jJ3#f-UWmAM{4H?764`!$ZwVBDz*ksoPm;?Iub
z6|Q#n<GG$Vyi0Q~XfDxbRBs01MU^9bHd*N+2U^@GFV;aFlAvv6FkdRo#y4~!@98j*
z)psbjnD;~s<ho1lF~wL7%JVs_Z21k4<PLxYk%OU$Qw-s^w8eO7PIwQ7R@Jq=@FRFi
zpWG&9YO_?=%5vDuc4k#hn!<c}Q*~e7BIf%W%Q{Tc?|Heb4nR$h`|{qJru*{7a-K`f
z8S~|(E~K+Abd$dzo_|IoC>eTTg;>EQpbdpQhOtYy1XqwW-7Gp2QPv+&_7y`}e@^B-
zCkbVbr06D65^lA!<wLM7w~r98op6S>5#3x$(k$!3aLua(5pxqstbRbuAUm)a;4Ec5
zIE5#mQ<+fNm9acm<o1ivI!NSoN3%NZ;Da)bY`i24Ypxlqr^{tQfIMZfYjVt*2sBrH
zT$f#De32ltTyZ=$X;E>-QGE<YHOZ_HvsY>edkSYml;O)`NVIU5xmF;imbo5Dnz2uu
zVzYs4#Ja2*gW-A7YMi(c8d`OZO^ujBQ_fT#&$k#tM;9P5=iGC;t>U3DhMb3{>M-;%
z9aVQy^`X@!y6ip6)4;zJFgH!&Tt)7#)Ft%oQfkR*#qYRTNQpgcUoclIv|iT%Pq69i
zS!Rq2i`wjE+-6qX<Wj87-ih(qyVNxrnS|4IO%jt>{6!4;uNf0W-DKn^%e_}>ylg1U
zYuo`U>xRj7ud82W`4rCSv_fel&$-z#<~Lp2<(mrfI~8cFoMc_>DyS^C0zmnoEX9pg
z(Jm%OlYAV}@oNeXHeO)q=}RUr(O{b#Cy0Boq5j-bXef~&ex1<JFT3Im{U!B+hWcWV
z7f12pUMRkyD~4h@RkxY-Mc-twiurF}ks4>BgHzd<GX-gJ+!uyT=24o}`m(qRf1hh$
zWqAs8IvoTPK}pwiojLtux(-Hr|5w;7(y%!pj?Ja68xWgITvsPyGo+aXjxxz7)Ok1>
z4WH%u8neaZF`CfIPqkKl6hAkx)a9rw9|o;Vli8YZfpg;xxX(8Wpuhz}hvKIi6m1$5
zOAw0Gl#5eN!U{b~gW|IIfD#gKAtVL?iQ|&Vn%{6AZE-Wn@lGz02`%M4GdQ-*wuD`I
zn}n@vzta4*H8>j&G2_Z5T6&|lWWRX`W5mIl(l2?b%F(tpocap%Q2dw(q_A^xG3G6C
zXFw$=(Y=K0;-}WA090>cOI9cKWIn2xW&2^Vz8iXhzL#}udBzRMUuux8_?npHC5)f<
z-_PK_M02Zb?Z@^GQ!p;rtrw%N>oko2AW<e7nrImQ1J&b9iwvRx)L5_elzxOjKfPp*
z9q~B&RU%wV_GwzP2G^Ts+3z!&m+7qs+4DDN<GvVEAT81wWB#iTvm)<lMR=`ie?u30
zC;6k+0T`kEGX@&iEB<Oo`t@$oufN59h5itKeK!8OF8*2-e_a-TePBkCKBPOF&d>HP
z*Ux56(=;N@3H@CzE<C<QC$E;rm1NY0vNhdEJF0~iQ<`QA5)R_Yu36eaylJt6c+<&X
zJ6${1!*3|$nCoMG14G+q8oh`g5c*=rYr>y0!*?n+9dFjI8GI+jwIbPdqplTU#oIr}
zilHi0NMXF08B%jGGlkKl2RUPt{Q~_#*B+iV#Iy&xaXz8F)rsxhSf{u5z{M)77#)!j
zmU+GU2o!aTGXLLJ{01h#Z}q{bMjN3P-IGI94qf1ge5aV~h&)qFqK^cB<oV1WnP@~%
z3zLb2PxMDlNzr_NnZvPxg*_psV|d3y4M;<RcbW-rcaXg4bhD24;XFo8P<cvhSosYv
z7^rH-DmPF?AgS@5YQ4^7u5t-|Uo~ImQkd7CQ!6hM)v<5AJ<3p%VPIr6_$)(laUOY}
zDbw>X^_5R?jAW&Uuf~Id=#?2=y%{q=-X9d_X{Q({`VB@puS>`6y6|Omf;x=%zCeRs
zycJBj&4j@XO_DNHc{mTZi*e64Y51IM_<kYd@Xg0Py-Sw4?v~XbapV<Unq9(gvtL5x
z?3yPxJL)hIk2+jtY?_p@yZ}X>`9xx#c4t4BO-*(MFnA7d5E^(2BX;$~sX8sP6yZbe
zM?U#@Um>jM59ewA%24fKyIS~?P}w<rIUY_P%qfkP$3LkIY_IGdzI=?R4q5RJJmWp~
zm*d77A|}auTaM%o7EDNSrA?T@Imb!fp%_$P03>`039ciNYc3!>7PS;j8fXVZ^$V&9
zA^7P)1X%#RI@Z`cf<|fA4!p-;nMvR`r5j(GG<-Ra?xCO2?Tn$n@1P+>C%`|lS9fu4
z3ef#}-T$-XLjN|T+Bm&xQ`nWLG~o`?59h{>e|Aeqos%Mfu%w&+{wt9N$&UX>s<Ip?
zbum10U^o-Ze#12%_|;jCvV-XR{*Wu3+5O0^>mUqe?q!v=O}PDk>r8dbrD8M~kB5L3
zKJw@CL$dDARhmm4=!=cy{>BugVU99?F)@IFtoGNr@b4I7<Z!tQ@q-PT3!7#NU!jSe
zi^+3sel7x%Rejibk3(s3aJ6{weITSQ7{EzUKco+3Hp%`=S}SW`syvsr>^KJhxyivD
zEXhAu!ZmAf;W^IvIU3K;mdcuOs~Qx39jZuw9UQCg&bydPV4vrMzr$X0CeCp`*H(p5
zWUh8*X~#EfoAKD1A=yyVmwq!v!@{_@toE=gA7!<NT%!_&Z;%0)KIOVIS+z+tw)7H9
zrf6cxxI`5qADI+Zo+!qBMdF1sPXpfw-~;!Li<;I`(F@L?PStf9*QX4=-5(HqACdeQ
zW)82B_q4fCRTMLbFDuf|f6mnoVwW<Tc-;4!ZPSd`;4g@IW{>Wd;QPBf!UUPC0|Y!B
zu)QC?z0O6^<VuAGir!)q^xYh^n|dy~|Ivp{YpK5JSezaCGyJjoq6v1~w*<85qyM#?
z97iP%nIof)1BL|0uw4kNTADDGDOLb;A=Nj?Uo^zMy~rM*PYEDhkX$JcFL^WOmZ*26
z+BK(51o%F?dOId$!v`aNm`s!YGVME^{La$0@$AZAyMk7J&|1+jUJ#S3N6K6fr~Q-Y
zIxAHAnxX-k?wxr4ZZNuUYjcJpSMH0Rr(doQBigbP&eK~GHq&!b5`6X9!TMP#<fu<v
z;XZBV-W~UVp5eMR(FbI0f_*aPA(7yuag}C-zam~ki7QL50VV$@wFCQ!z8;C5eRwaD
zK7M$`5Sjs)rus-sQ)P~{`j|ayNIYgK^B#-?ukTqS(5Y+_uKHVzbZgJk_8HkPVb(A+
z4jmW|9e|eKK)ts5h#^78j`i{lP6KnRA+A=xt^>gO%U5SY{b5`hXsb};4h(_Q5686l
zH5xe8Ob2?jPwx|I)!M+YJ43^6QGBM{?z%Zq(=pM^cMgu}9sTxD<yQbh=SkfOV+2HN
zL!!;#1O5EOg-5ByDKW+|c}lPKH17VJqn#qT*hWf8f(^o!s_%`y`i-{1&wDVIAakR~
zo-aw<lYc(}(Y^$puI<S`8sC#&Jz29~jE$euEOzC|xTU}}f4e#()y~Kr>s$8&6xo($
zy8}j`Kkaypwok&MBd9CU(M5Mo(H#5PnsHr%GnO4sde4ZR^sXS7m`lp~utD=$h({>E
zfqMAUSm$lD%^mY)pjIB%M*2PgzE_VET-H`k(0Y7Rocv_hRf!X}-=~cB$EPr2tHV=?
z+YMyONa(HxRsP->R5-&xs{JL$;^p)MezgbqRVx3)b4g~1vZWRb@yowcoENzpM20aY
z(cLqKf5L=1?RFv*!!Wwxf_HxnsMD-;(4KdxNruwwkjY3<O?zVWh?u9Qgy+P9p`U+F
zLM+xUbM5>)O=K_qJifWd+&E%~(Bo1a+CFr)w+;Eo1^xj1hW{|cU59=}sz_Nbh_}y=
zGUH{B<Ni9TSNuTTYoN$=zwR|4P#iHB9a`|R^n*(n2kzC+*a}(AjKcG@9Gsq`J@m`Z
z^wXhz9Qp4@LQaK32TIxWY-Z%6-2s5HbF?`OBF<b`BqIliK#b&TL5g(s)xhh}#3k{b
z%i%RXZtB>%FEgJ2<8DSGJ=%%ajmI^Q06hG@u}8yoc=!1@)?+GS-h^b8F=s+N-onM?
z?HWUZy!|(QAxn_B&#)sN0<G3Msb8<3U;P1@66mnS@SnSeu!9y^nukA0+ZA`?ig`v8
zdVw$!1mByq>3c1m6uBFxZ_Y9ojQUKrKMNA9Jto5P>jMU6t3Sg;R&CE5#cxf*|CQFJ
za~%i=cq)rDfi!~qTTL41q+K3#>KPn6+L41tJMIP@;1G)5!<i1iKT(V;lR9Pqou`S(
z|A7Sgf4(OFr!)DVwud(0g5xL)P?#g$(}S0K;K`0G&;vx;)4DB{dez0k;9N^Sfy}@C
zO8P!0)y`y?Z1o|d@~{s4FwNnOXAVgw0A0xul!H*2=B_X%N2m;fAkzcDx8PA(u2zh)
z_<{ic&GZrVms$a@zxjggfrC*0V?6y*)pL$%QK$x%9mKH!@X^myQ19SC4YsSx((Q=L
z^F%GxkH9DOp?(Nw9LU_N9tw$*Etefe*95i=1voa@m0j4FT()a^qURL<L_XBR&d@*?
z24i}(md?y{qtJCXQ)Ns<2h5n+iDtX97J<oxttdd$Dmj4O@Oj(~tt5I+8#QX2Ve&uW
z)nx*9_P%+X0pnCo9xw`n^bW~2&^;t?<B>J@4$Sda%&{=;kDy-hoOztKIu6R`3@knx
zV;E__8#&If{YqTZpAjk4^F~Mz>(ZWrhZ(cfrLBk8LU^r9TQ^b*eO#9&nPY*Hi?H^w
z_xsD=g5r~@sVk<yqb|*^Wuow{ln)*=*<&7i+{GRX+2djMSiv4u?D0$Xc!oV*V2?ks
z$KToG9ro~H<LVV%vF?t@;}BTmC<X`X=wGK(N6)d2cE&sUO{}9|#XI_XyrVBCcJx14
zNB=|}eI==*FEeP~WRG{*V+VVDz#jY9;}iA>vBz2V=w^@9k@U!9k0I=FC3{>mk~(_(
zNWG)uuF=PpX;Nu-jnc>U-D%X_d84Sib4JCwJ8P8QU3pZjyBQ;6-Ax&p(B1Q_yFJuh
z<H*GBrZAWWutzp~T)`e!v&W6>F`hjH_L#vQbJ=47d;E+&9%7H>>`@7iJN5IXb7w2x
zfMf`r7Ov(Db#C-i$A8Kzco#A2b6pAc*-fD(>)aUIkM-G&H*`{;-Gy2)5LZlMU9pMY
zwccX9<vVlgit}QfEG~fm3*rCS@c%vV|6+cy8|NoHo@9^Tv&ZY~;bV^`_BhHOXV`<>
zkq5i!eoz+NEZJT@8|2=!>#x*j{q^m&DK4SCmU9jFrVY6gM}F*3{j0Mud?P#a@>cFR
zL*yo43~g5sV@QRC7LfG9rFhj!igUX+?I3*^J8FbhmiK&(lLDi8hHP_lv`d4bOb9S3
z)UDAmD=06<QTw1h8#1mz)Jk=0bkxGDj#?<F<5p6qnWVaD3AmM%X;}_s8Qy24BNqgX
zX$APF5dX}^Klk9D#qehhq8Oh~YR}(m&)2o5PkT0L&!gJ&jP_&^IR~#nT*q$s`7vIP
z`F<{8>7O9EN=iF)dg&#Yr9J!waPi*yaMc$ySQuY>327QIK;GOK8ZSwu31ht+s<hSe
z)w6IXHSPX*h8&jRo?I=%4e)y*UH>I2FVL;T?QTRdo?>#2#*4tQ!x#qelpAkfm}fCr
z>3*jp*QFRdK7OO!!inCk>^|duf8ktr=r^$O@I&^#f<xyy<y;xdbPL{$b_?E$mKIw6
zL@-)eZo#GR8KNDh#Y9&`S@(uku?DIi#V8d=Au%*;O)#og=z1-3b+7XQ+XoQCX|(!6
z%}cYfEM0mHa(Drmw2#w|L85nB9!#tP3L9-bBThzY;62!B(e~pk-ZP!HDBq<itJI4b
zopdqHNO;GKX*$pZ{DUx_H0;$rey7j8$4X_-=w*k%d#voRFcKv{!hmU7{?S|v@4Sa%
zrJ;JTI}~R9sK%HRp;zyx>pjrh^+gIy`q1z7P^5n%6Md+r9(ZqGc;?q=cy<m?!twBH
z3CEr)C?7Oh$UJwpG{;am$pS+%g)q%;^odnFkm~d(u{W~jUtCRbQJ;U2;-Y@|q7ID8
zfVlyIQOBmR%#X0lO)T@tSmq5Zvw>y)=y#Oa&N6?-GIzx?KgBY))KTWYu*}0)<|xa2
z^GmT<t}OGPDf8s}hSMZl(Lt<eFi*3fe-4`k9*lz(xeBrsvTSo$w$?$E?dIWHwieVN
zp#QAl7b~dYF~6gRUB8Qkr`7t;piE(zA7Pn)`VwXSNes%Xwf?irAH6`CN5($mQAt7Z
zL5?Fqj;__Cc$;bU(TEX)?chK;>5{#Q8wO$x&#)R&SaV-7q_n-*tGTCw=+s;n+G3>3
zg|+zSh1F4K%I!G94pz(7RaDF0SS_#iu4SfH%TlNX=$WynP6La)?XEj2dc}}v?GmfH
zel^7{1D0uuEk470zU7!1(z|{<on#dcSob<?^~;7@_a@x`7?7Gnkh;8G^oLXJUSj5n
z=fM~GelaU32vt5?0p=DukOvn!PudmADwgdPZOwd9Gt98{cw*MweZ`h5kPFI<3W%q-
zfqFhIuSD@XJidyl4rQ05>=oMmc>l3_2h6~hUh`X04$bf`*k#73J87cr+>+C?lzH!W
z3hqwM<q&N3t1JSZS&!wPp=9rn(4lQso>*o=KW1Bfc`F{1qKhgU@myf3wIPhT@jT%y
zCHrI1eJ-WqEm=7X_;e`y9Nu|{%no20X_Bpb$!S?}e%vXmclI!UWu>ju>pYT&w-(e&
zww@)YBU_by?h`%M2Kp|0jqf|Wa($kx$n_>kDTg<&{e2Ur6<}HxrWN499?`bj)zlu~
zoR^B;?Ds{lvk_RNa}WF}$2S<lvrHZlL!mT0ZRVY10j7Xsjo0qBrPI1U>^DR;YaS!2
zdG-aOn&1mM)tqKjGh_#mdh7F)`3{zO2g|%KmiY|J9IB<v@3G9+v&<i{%m-tc(KQ(|
zzYCfBzVEl{i|6!JlkT~qQ0xoQ2@QYz!-5B$+t+C8UI(swTP?q*buSwFrkt&NIk@ii
zgicuWb#E}T+UK-&kN2b-<F}9UnD7n2Cb@e);h*TnMb}HxpQK)&F1mM)z*`q(+c*5<
zNAO$60deF`S^e1o$^S*FtUd<RSwb<RO;8M{2%WnWZ9A7`TN^~BmBts;&gNFp7Fga6
zZ)IJQ?OTB_`WE`Q9#5USqZ+Y0y1X;<Y<nsedvC@S;bvSBOvvcFSL5xLOf>Z$HB!JG
zSslYkw$uFMql^TWG%^@lm+;6at^E|ZY0D@SY&NrtM;byK9?Uj`@#H|_dA;dThtd@p
zuHSFv9VaSn4&|(v-^#lWVR73^GrukasslpyBO&wEw_)&TFU(DAn^@J&*5+^Vq5@i*
z`=z3v{vPLB4%=>i%^>`hn&GgWUGj(U(9~Y{<BHm?rrU8>d`l{Ui$LR@S8Y<AA3+DI
z`O^a^M($)6n!JhfQYuI;1NEUC@E6WW=z4xt5W3^SYkS49$j~IE1ZLG;S(1CFneO{K
z66!+hqXc3bdL*J`2<*g_BPsPjNI2bp6#h?ST-NsR?`fMrNR;m&kHcHO$Be=L(;T*r
zC8tGY>-%&DABv8MJlKmL%}}=PKq8ggT`3jQ97^wa8IsaH1M3s9J{jwqrEH}79IDW>
z@JU(OU+SF~$V2`D_-q6I@hV+XGn@n<HUmWO>O3gR&fE&#3aahu5{&OW%e#)+FSWtg
zxh{daf_bINJbxY@tgzL&KJheE<R^}YyL?xk!8KG=S5kb}JXxI%5=WN=40QQ%kqhyU
zvlZgZ^6MnkI9gJ&N9&ljj|NmP7!4e2w4_cN4XcY8@vU^R>oT=mAmbC2;4$MUsbjGz
znkWr%t4JCetVu&Tx->LkB$I~lYGRt7P;=Fe=ScF2T}^>EOn30rXDMvjz_rg2M_LAt
z8r(7oUyCZtLyrZcH1pS_Gl}8+M&e%&E~DJfP@#dpdQRtGZ!>0xw@J`_ppfS`EYE+!
zBXVm^BTIaZC7!^<$u+xJ;#Vxu1S~R=SMvc&9Qr&ZUXF>E)-<t1GfVshG1IY&7)%FT
z8WaG)quYqvma;F~Tm<cX&$4@2p6$hL9W3)GmiZ}`c{9sg^K7rKnISWz|A9WIJq-`~
z0_BfCL*?frfbrFPRC7K1ato`ugw_1U8y5Y3ffULdgv_C*?$$-)XILRq3;-L;_7bbp
z$v*pjb)kT@>OC&u-r`6)6R_}#xN=KY=#zG4JRW9=owvee1+_cbJ3S9?3CcuICDk}g
zw)vbHKsfmAPQ3LeOG*Vbei+j*3xT(bChy`rV0P<Q(KKz7l!n6gAm_Bm>TRF{YWMj$
zl!FfMg0IYY7ZLD-T3r9-uRGm6oNG{I2FyPt^Fs;cg$WL&h3;eBRqB-wn$dFs^81&Z
zo}n!GxYMD|W%7cg90d8LB@gA7S{dt$Y{ly+WN)U$;g#~Bh;wjwV=6MJ2Kd2y*5bQY
zq#8$;P;~x;`8>;;`(dfg-U4%frguS8-b@85m!biOt=aV{_U@)sn)GM#49;<$c7cD%
z$FIlpu!8ax84&>PL(uieU97*dIxULX&Crt|?>UAGHFS3Q$>?rnaUQT7YrCi2C4^6;
zQ1~Gjj$OU@9ro{Vl6)qAjQHX`D0|@Q@>g=#V*QnDUA*T{DR{?5DRuEW>S9v=X4=ZJ
ze^BrK<o;n)sOy#Xg~|Nw4DvVZ2Z8KRMGm?G{2BP0>|HyaD1ONS=!$G>Ty`09(L{So
z)CUVXd|CdD=s%t6eX^IlyJ#<pyHx>{b|G&^fTZ29LirqJP-oE27X?dzg{{XM$Urc?
zq6S3(ftQ=`@|Cj1c>=IBPkTiHM!--Sgmxe29N|!BBhftx^j7L!P|N5|((t!~=<Ub0
zeXFh!dfg8pDw$u4(V$%^%)?L^2)=D!c^FSw;Z}>%<n9K{(`|wc6t$(-`V^zzKlDMr
zFgV{yzcjv)t$o$UuSfq{#|85Hzf=EPto~P(fcv;EPmA6$?}Grn8{}y_iN?G0KvI6+
zglPqsR)A@mJl*JO0vWLSn{yb~!w4evym}}ykIKQD&K(eWb|t9Ijt$4ZMQO?hl<K+d
zJPB4vq}6wxr&Z*g^~AicUQ7%z<!NGw=}+sdY%AlQZ*L|}_e++!>tV|Lho>m>pP%Z*
z#MeURM0=m4>=Tu9HIF?L_?guQ($6sGWgxGqLuNliduiLSY^dx?4%SK6RYG*%X0$3j
zkve&=>5pkHIt5SGd}iDV_lJzSp=;rj{HC;(nd1x=PP3l|(-y%`E`A@7C+gyA#X4W!
z%GUtdCT%CNlWZZu@CW1gWcd#Ld$yxRFO+hBssXR+RdN7mk$+?0aH!aoLRS!e{xsns
z97EG0)^pSdd*A<*c5J{nLku2(_xT-T<M0-)ovgs`*mrMQ1^$fb&&uS7l72(^AN49f
zBe6W<V?Y8vl+HD2KW7R0eKI*@t+7T!1%G7*EjoC)2n2OQ<8LO4sj?+&#SLhr@`p0S
znz=vv?eA~gYzMjhxTrKi+JHq(m@mKCe=J35#C_FTvEyK$`TeZ}#6<zBH6IYUTkJT3
z1}uN)WHG<Vx)<a^HS=vl-UFw3d!t^JI=1U6Lhi<25Rs)bio7O<>cI@vKiGssmeikn
zUdH~oE)^Hq^}gUaBdyv$uxcl>YF}ft+w@egYTtjGOWMCqy8kSXR6M$l2jit$Pe~Nd
z3Bzy6YPlsxR`0c#BBPS|!%0wXltZCf4Bv+F*}V%aS*Ts7t?n0@^dzu_TO6Pp+5agk
z9Uy#88e*XPdvfsNXEVyvq#(XM0i{Ui8=-G+OEI{|8=WU3e}azXefNFtP{|p0H)tRN
z<J|Ce3#qIPE-PK=dmUaT>OXA~t9r`)SEcYzT!Eh#)g$thCVwbJ<m%nWQz?KAmYOJ3
zb)qkl>n3sAybm{S$HTrLTJukkQ{f_C<*%PJD9z%ch7q2~9MK=X2FfpLz!H&1_42>x
zS@|E%Y<jHBq?P{@D_>Z|v+^yDpJqY%JSvYRA``HD36wWvOg6YCiQC#|{P|D6-C-ut
zei4)n;n^W9>ppUMF_axcWifYtBd|OrLr~_J!lfzHlZu;QMRVPNk;B%`B$=R#a~?!K
z6%aETfpE=y^-2`-_KF>6MWtD3i%^`V3{dJM|EZ~X{QMNuQ^;=&7V^*Sv=^L$3I%>+
zfbfl{2<_&5pkx|!#9v7!db~PqJ5v0+_$R*w0gw)1tN!k(qBXD$lX0GPoItM0)k^Mt
zhLZd`XsU#lI%$@5LdJT^@S()jN$w8~?0zWpj*yjZyxTc=I@2I+)@f6ui-?KwjogPU
z%^#jBW;7S_zp9f!nkcM3B?AC_Ni!@Bh1FOWZ*P)$`)-+k?YKz629+kM<D|?Tckr)u
zN!)%h9{@XIaOC&6=Cdp92Z&pKweRZCfYE~uczHJrgg=}Sc|hPd?G(4f0O9H-g%j!o
z6Fa6SVB2`nA)S=OPcTGQUl>hUQdN&(<Jjd(=Rn8As*{G!XtV~A1D(YCOoI+(Pw10V
znIO=1Ie@1q{zZPnfsKQ?+7hS|{mIE!+gS_~Y=YR)Oo+`tqI?yxN>%Mxvz+l2ztLws
zEL87|=XYHS5Pu+Z{&x|=NE&c9>tRvpul&d)W%&7D`3tK*a1M|;pFGkhb~Hs&@u|6%
z=(=3HvcKbyIJ_P2Wk+*;J(=qVYUX;Rrih8m^k)G}9S0a+RJuJ;027e0J3RY527SiQ
zN?W-2eA0dmEM4AG({{q2t;_ifAUEf9(K}vNjkm}ONWo3Q7VN4c-!Iu3R%eJ&Llr|z
zGsQnPiF5;}t!vdyG%SoZaBw1*Q$i#gK2{9TJ{s7+N>M3*;&?wUweRkVI+tV9lb~ry
z>6G%%K;yRNrO=)U+Cy9?w09F$IlYFe+@e<*DZmw=oqs-%NFdEMF(6hA(MrU=Dkf#N
zsjqmNaejAB^xo*5Zo;c-?-I5mAVU5Q(R0eqOGojFd73>TLJ`oZr0kct9g=%LZLIi1
zQzhja$$x&TWc^0sb~-?I7%wX!IpZh}q3dCw{x2NL>F^O+D@5xz{Bu6BCJuZ+AZ$`>
zF^A_AU;QSISe?(Oz5u+xK=gv1hW0m#=S^o+gR;_UZ3qpGWP+psDYES-(V;xNd&#AE
zseQ-i63{yT+Ig6DGKekKZ&<jv$w<Py8;^5n(*orgsA^X$RHX!9*@ZzDxFGbMS1?;-
zj!b>*HB<eq8HssU-WSO)L1Wgx%4+>)<s`g#&?<K9-HZ^}^UnxMFmer6G7%Oy*Ej~G
z3zWQeu_iX`>0-wrOi?biD@#qH9w#+^VLPzbM5MNc|J;M_BFXUy7V>%ZxKH`8$$cKU
z>s-`o_&k3bKN#eg(6TuxhBmyY(gc6g#=npQA4mIn_w|%*^uRSg&o%IFWXUN13`NsS
zY#x9{-6rzarnd2S_>~a8Ho<E%)QpU<4whz`hq&H{rX;lU<AHxsM!~P!{UWmgvrJi`
z;gso)GzC6~UMQs!^DH@#6SxjF3m^@d`Su6^3C*FBTERh<fj@!#@THM=V-Rrw<obI2
z6X56XC8)%jw>GlT!DXSNm5FClVI|20Qq;N;fMx<vOIqX~BMeJt!(07Q2aT7=zt)8H
z`NaHY^$oV}>=FIZsUnBV4KJOISQd(WMZL8_yg8MB&M$6{56T{b8`vL`-Ne{9va^7F
z_`BkzX|i`JZJFZrf!<;ht%?}NpVq_tI=tRl>O>lcIVxK_^*M^*xc350pQUw+<j1MF
z$BK)|*CMUiK=&;tGjWICVLgfap=Fp})y*c!`h-aWIbS}RJVT)2l~+XOTYZwXqwfiw
zM5`v<jqqR25v+Iz&JnTK9C?kJ#5s~9vSrT2Cr=Vp@_(5y3uLaF;w-SK6Mirn^PjrN
zd?-$y4-04Mbh;4e0*Szt&U^nA{r@;l|3AJ6{m)9G|22Kn|16FE*C74N7o-0-FQET5
z|6A$*jsGX~KNnVHBwbvXZt>0sHAPYmhHm>BiR!?ewNJWxqIm1<URMr?x7nh#8z^Y1
zsHSc7ATG0vO|`hzj>WFjDQECe56MF&<7fDB2oM`k5HHsrMbyJjNV@%F7>?RnKtZi`
z_)q{0Da``Avr^YzWK~AJNmP#5m9|jet7ud}aAwh_4X#G`Yc}>Qzup?P+u95HXX^y@
z*R-ng)Aot^o%wBmsui<D+kpz6t=5}kB7=5lk|oE(VUym6tA1QQ<(gO~{g|cgz$(91
zTP%<EEg^n(mhyq9v<P?=b&s?)E~!kSOARIE80{<Bm2OcvC@7)Ou{P{rl;ovM3#ww+
zKN+Vn>t7G+-?Li(_Q(2Xmu+V%=Jx7eq=*urxWjhBIhBm`7w=mn8|qla_v#g-xpJVm
z>k1)Sr_SIU$_c@?XGu=@pCk_lR}Tuez?<FH&99+z=^)MCwDP9S$#N0Rc$_1!)YGX>
z+4d=4O<H}&VXH4vVLeP*2{H`G>%7U<ik%*QK>a0l)z-=vgZiD{3bn7e3A_5!-d&vo
zbHH<$f8L+iv3l0AvDmSKULA{!5Ib6En&pQ8{i3o<*$FVXDs`N(GZR`o;=bdf|GVSM
zosExgc5Hk}>d9|P7~c)r`0l~+JqvShg@m2HeM_%SPv4@!N-(oQCMSgkbg$`!i!BL*
zyye0{z6=L>r1}U4;|znWGy*hBa>M)CFe{DaSz$bPh3Q>9dDr1kk6t;N4RvfGprPJC
zL+z@dVSYR|%qy&iDIYS73LNL68S0pul|4#GpplUBed<%VG{H(|>*PzD`4@d6cZQ>J
zzZ@Z-*?SZxz`Ugat|;hD5=jFL8f=TQQ*Yh%_yq$T*I%l7q7A>9xIDvuA_a5_rL9)n
z5@+LQ#Ex*Bjb8?AJZ3)%s>ZjO0t9kE*JRKXK$uXonfXX+5>=xO)_dgQ?gLTvP3$N8
z%@@%e9wyp4SMl4DJBZEOIx9N2C3g;z6X2a%#2c3PU$hU+5O}?~xaIJeP5U25D?=}U
zFJS<q6$6#OML{g0t|jCvJ_+O&iEBa`NUE1q<M^ts7`!wt>^EQ3?C|(j3?X=X4G2No
z-D@b4)*DoXd(gSUA0Fu%Bre*G*kgvAT3iT_=V#(prU9iUVYAVI{-mcE^9B7*X`}M!
zVs;%!CyREINv26$<YOk8P~L?#VLjN>(CSz{ad_hOjivg?OoR0?Gfikr-}Ry0CUoP4
z^`X1PbH3<qcTW%hwBPLKH~B@bGj1P+rf}BZf`*mn{DA6T1<Z~7rbdzTi#5tx_Af3k
zaP_)9#NU}lkg)P&`YfMT{?+}*?`Rg|<;l*0h5KV+euM!Fk4#>z??~IQiU~&e{tUc>
zj`Jlh@~^F8i+lq7eU>kcmH%<toeAY1{+{Legz`T~D1YPkDxWoEPdVnhBcRn0(93^W
z{{7nDP#$mpmGXrCf6wxz3FVh2lz;fb^4j<f0J?)obd|p~r8d4$f{5+$q1j2~B@i%x
z4~e|EuU4Ir%BJ3ufnwBG6-b4-hy|5K{M-Bf1*(52)-L!@rvNuv)Xb(v>(vQOB{Z}J
z8`^df!w5-dlk=;ypylW_51d|hZB>w(J)MF+BcfW!sq3kTeYdhZxsb9Oa#eNRn*#t3
zLx6)PZ9m(QoCnfyo+YKR{Q%?-XdM~G6snOfOD`r7?*hW_X~!;HoOP@VYg1IyM`*sI
zWoRU`s9fh7eNiUzJz9#f7K`3aZ~xd{?Tw}O`eriUvpr%x{|NQn9uEGni!h<y4MeGd
z3(JpZ<&n8i;RccG`hLvmq75X~e^ame5jb&6jCrvYE17fkT{G~rB>S4Ee8jH3m$t{U
zgDhrN=2`N@I^WSNUpI(uUyi8sbEx-mGKf4wK~A|u*ftD>Qg!m46{8H{0`#x)w6Eyr
zu=O}^k2pnjZ1-(B@!KX^Z%(6&P@^cqTngp0Wu*(Hui;Y15fF2D_!$`}b?nom4;i&9
z8Gx``@|2yDvK#7kT?vI<!}01Z%Lx5Wz)wOOpz83N6l$MekH)zY>nR+3^OmeZ1_Mz5
z?$)%HSbd>4PoUc3C(%Gwofbjbdf!6*Ujjd<mpZ<PivTc(0;=&6byB5LpWkULC|Ya3
zzEE`gGo<JT(cPlE>k`2H@&-Y5a2R!N9uTeiprt^}-#JU2bOUP568EKD0RcU_tpF$3
zGjcFm#BZ|SkTt2mX^o6$zUwFl(zUF>1(l95$OY5pC^-f?DGoJVFS+Z4Nd>M9Nu3S@
zamIO-thCAb-P$S3H8-W<cJ9Xc33y+EX&^P5y)c?Fyi77^ctMoB^m!a5+I;^X_J6c;
z1~<(Lr2HMF4C<`J&i{I5Fj@?qzaBe3C^Dqao;mV+Sht{yp;xWcv!0$S<2`#0)4X=*
znQX~J>39^bEIy_-(*k$emAt@3vZy=iz=6xy3gZVnSGA8ZL~gD+kNk*tD^Pix#9td^
zHWFH={>v3#=U;K*c4OKX-;6QvStdSfb`}~?;7=x<na3M)L~p7<TiY--e)i&JFn3mj
z49-gd{P5fyf_(H9X}F^~DBizsuYtahGA$<9Oc@Nms`F9PWW(}oTqkd4?XQFO!;fjR
zi9U>CAD+Pvcqbc@&a%0=n6?_zW<~MHNRZ;UUYACvG?qs*4KaID;(jRZhL$a`EOwvc
z-vg`|csbI`_>(({j6ZhEiqL;dNFghZY{_bq`Rj2rOU~%ztLx}o!veN_nnj!i7V3B7
zldac$6FVXo(wnhTQ0j$zpHS&5u&=d`;gROV=<etqo#uAR$g0$798PA=-I-E8Qt3qI
zk?)t)>#dS|=OCCO%9o7ta;0E2VuBB2;6s)p{|nJuZZXRW2=eD;<#@<`W10aimet?j
zl=YSvWbZv8DY`?Rc+Z*T{k(;p9$&=(s7+Q*gr2)Tjk2KYdeCSZP4B80605q9W%3>j
z-w^!(Jwgm<|LnVecBLmjSXdb>C|v8z<Y5*-_Zp%fNbcw*lCpn!5I3=MM0Yp88An3o
z<p3~tbvEbj#-75QY8UhO$?Bv*P;`(Ih|RH^MAp+unK=7kGD+@WmZ;h-Jo=AI(cP8f
z3qT%;I=`mw5EV`vjkC;dxkvP7iQdH~_!7Da(~`HO>k84C8~Suls3>SO8^Xh)xS4g)
z{hQm#nR-Gxx-p~+7&pz}?!3;K>+Zb41)^C{jP8-@YDxR?L|xh8EOZg4WGcwvPj@uc
zIRyT4u4^i%6u3rNeI?et;Ty5echbi$dI;;DmEu0TaAAg@ul_U*MsKUWm`U%w&;Dh;
zN17Se0cEW|+_N#WM~<~2*}qEWw;2bOsA5p4>}p?fyKD>b8&;;FFIi@uRON5lzj3h0
z`D7ZudP(s+tj8R-dVa$XA&*QS21!w$h<^N?t~X1pQPI`|D1fi;GWOLI#&GFEW#?$u
zJtDUoy9?{)1Mf1P9E}X^H9y$*1prri46Hd0V7Ibu*Q#R@7m})c2vw<?xxGa30oN5p
z?y#ul{x(vJ&7-gGyXdFQ?WQ&&H)yFIjDZpUJw-(A5y@KVKF9IZUSpzvHmaWaXK6eA
zW~%E!44JxVke%P=7u=n{a6SZoUC#ON_aRqyWd*m?H3+R<TTq&e+ygoJZ4D(ThSBJE
z{oFaq-L=$tsk`eJyvJ-r2gVb$C`C%}jUb$eZ@7R*tW@E9R3Ui{@RaZ>C7@h~!HiML
zTNwAxuv=!M5QBbJ7WAgFj7QlWBnr_fI+Twk{<T{CWwI-o7CUa>BV#ks*4;;;Ri7fW
zY!%S9b&bFbMariR<!d4!yEoGkMxS&&fkNcb1|JJM8)b9`GuP~V2p8WR(SO3M>=iTG
zM0E@-h5L2WO?`>_OSBP`SPuiG2>gq+C46b4#C;_zM`Yy_P>9Ufft(VhQQ#V(2LJ}i
zW+d3H7zGfZQO33pVJgqpj9Uy=Oo|Lmu-w}AX{i-va!qJ8BVKZ79tcWfBE1n0+(L+)
zXDO7GT#JK$?HqPdq^-_4#!&8<bsX=~aRT~0hxzJXLotl3Mms^cp2l{9+G!`~4BH7h
zBX)cq+XOnuHh~VXO`roLBWpWA%^%<nP@QBwLP6OvhDdA+XezBS`?Ou4DCGVl<PIOD
z;lLsH;@|^h1>xV2b1~EcBDBmM6=*@~l}YyIT4YEn6v(hTp4@9dCaO-MGf2QEB>zzq
zH_UQ|zeH&&QMzQMMW|sr^Nn`Z%f_<ZVGG##(p@l~L5bTfaX|-NfM-Us#IY>lx?wD7
z<zmMo__ZyB?4y!xH@^=3Z^B_p=<LG@qlsLylAvBx&o-y_0FtRw)Qy!7m*6<QhUn;M
z+QPP~x&&np_RqN>JOXJ23nW&x5)T!)F4u7Ex<rBnfkT#*!$6Hpl>DcsI=B-Ig*cwE
z1_^JTdJI~?tjO2I$q#x~k;60}GtN9lcO^=I?ng^?!h8iD=~>bZ#TJSk2cSs;^X>48
z9&~Sv+VP~=j@uLWl;fsaB+7W8Xrjv_qS6w2>l2i157FeblRt=(Vpnc83GZ-`zvGSw
zOwD6vlp@89`p9ve{=*ZylKeB!e=t<nrfu(_zeF3}Y2d90g$F~<C+Yit#lN%jZGR!o
zc`gA=?;vl5NwoQ0*8p9)Mu|!)pO<#`gQE=m;9^r<an3|4fuU&9?ts+D4HV|z@3LX`
zF)VvlJi8&Dy+2E}1dGR@%y%dJ4BP1Z65WkGk4@LvxV&f4(Ogpbf}uD2<2g_nz5oH-
zE-C{G`E5a^*rc5ChfMsoPUW#oe9hvw`IO=;c<rR<K%|wM=tmAltQ6~tb4hV8wg52y
zydQwUz{>D`OnW!O`{&ww0Sr|khKEV`zBu;1+EU3rozQ;bvEsUFI%9(CiC8mW{~s4m
z?!W(!no<p%F(z4=n6VZWCJC12e4o`<SlN@xzu-e}sQiGaK7LOI2IP1L9e7fZvHDw6
zN*3*XEE{IKzjd(S4;xDs9h}l1e@3!k#oaxl%(-r{T-G6R?GEk;0Czx$zp`+#Du}hn
zAbN4_V$D_3(-!=XEXT1O%jRx`MKyjz!vsxpZC?AvJau+7>T`FelOn?xHCcVi+&t*5
zDFJDj2}sLIMA|ImNtIox<wZ)P`*^BrqPRJK!G^#$c?&j({A=}M&E_jTkvW^MOhcsj
z8&hb#6}M<v(Ajvo$?9|9sWczgS(IvDm!%Y65A=VJQd|HkndRQK#ba=`{2b_NJaXi!
z9Z1IP#@ht{^)GTzC7?s{q#D2~O!F>eJ%W7I<ehE8(P1_umOo)fp!4E80(GkKJzeC`
zcLbtp_Ivt{0MfHg&ZcemqO807Fg96$O>Q=1Jhb*KG69_<=t_$z^el#ird4{L=0Cdd
z``Xu&`%1bUfYIA(cH2Huq{V1`e9vFBq4$?xbOQtiG{1oOB=V*HUhRKx`}}u660@r9
z{^;L?<H_%D&;J+gla+1Ozui7=z$D4LeHpIYJ@6>0LwZu$VA3XMDgjZR<s-|i#EbP>
z0cf|mm%Yxqm*mFqyrXFHC}i}hZ=f?taGOp^*1e&B9*7axcXuDzPN?)lT!X}DV&|Ix
zi27LP>rocvXZf}1QD_Li`&rU@6Tb8Fq~FR}e>f$<g+(oj_cu_}3H=p#u}SMMU(zft
z+M8e?hW>f^3;ingiLj8f>9<c@6x1BL)k!Lwe)Z(h&7DDi?rfD!zx|p&GM?<aY~^LM
z0gpuala5l<Zm80|!xTxeMgbJwGwt&vKfeSMWWs%=aTgWY*5(?E8;u2ZMhmWlH6us{
z>e!a4p%)E~!WR4#x_=<Tm?|oBO_3Za8pOiaV&SV~<z@_x!jWh0(k!;s3d>Zm*o-Tq
z@H0FS$NXQ>mO+c5@<Hh3RE}Lm!4FP_@-(>0134%f;0g<@(XzJKjQj&bLgX=P4ZFz;
z)_W}+bb+M#Vq{y`!b>eE$3tGMono?N!~e#*VmfZh#N?FaDbNx0yphnYoK*3dY-Kkp
zb2IUaSxX+nlCzY#IhdTMC10V*0m@uU94_JRIDbi0#|wHJdu3FS$h5263v!URpA1T?
zOH@vxu#hJyA2C@x^aO~(7?s*)w5;k+!y4WJb-U~WziFCjJWP!8u<I85kpVw4%0G5p
zi$D6qkN)L*Tvy<a0q|o$dBBy02+gEQgbC9!%PT~0DmhKcwxh1AwYJS#!-G;#Mlo6>
zTe`Ll?@&%gW`b4_ndX{`HJOC*(@f=`xo*NA8So>ce81}|{LvqN^e=C8<=~G2@MA#v
zd#(WpO6CNBp!{{&I}ut{I_acBK}@<#w!dq{x(ju$JUlG?W<O#9L}fv!$3O-$Ej33=
z&7~+Mc{u*NAPK|rvKWJ@8le?uQJb|-{*UW_<-6-ovd63dZYz5?S~eRr{Z6XkHs5;?
zV`R#<edRDCN^|18CSsOqqSJqSH73C4)wd>p7NY@CnV(ZP-OLm!;4bqsy>l?AGyNFm
zl}t*hscyQ3$qjXR!G0V-wIWfDhqZb<t?6X}m^GPVS+gCNZ>g*v6-}d~%rBR%vrueN
zrp}XMPf-!yG_sQwX8a>+3hg`;bjvNb<ME9`v_Fb8QI3a<1`a3P?T|McbKD~<CuF5N
z^zpZ-@b3gths2+2iFK41R9Y}`v6lEIp3?Qw)Voo67}SjAnabTD4^Kx<k*&-(<9tq4
zrdxv3^QgOIq82BD{DyDidC#{!O!3U&w>3@#HJbOdLW<Jt4}-kj04bTg=YW=y#ZpYX
zC&*H|a^R<t_q>CZ_*+f>?wpAm2{XLsk9aBZe_$Y>ClmZ_3W*<~a$Yt)+gqBY&f%=>
z7*#g98jm@M>ehk>fvh%vjZT6k0kQ0iSO!d|Y^F&rD>lky145;#48>UtyTp$0Yz|^K
zi=9pgz0$*^ES)2H&mr!1FoYIpiObG0<!rq6dm;RGKV~*ae8~>J<RhSp!UX4`zT&G^
zeX&;4sS>uTWQ)jHtC=XiuDF0m&DP@@g9e-%wbcala#~ROT1|54TI4!(;x81Vby$|i
zvi+gZ7MyL7e8k~wZN+c`rNOc>JLEi%mIh2iRnpFHa#}3x%oOQHsY*SmNJe;SDwGLd
zO?G&<E5(`oHb36Fk+qqmgsLcvL}hvQ=4U#gUscq-)#>UJ8#`g_F-UD%^<8ltVeMUU
z9bw&F7b;fz_t^>G?}7IxwfDt|dK3uct#wTCA{C44zKBZICFT3AJ`8?}8dYOlqvGE|
zl`ut6+L%Ihh$&Q&!T!_6MeV3g`A?%Z)jX@LeB*3K*-;1gt;Btuq)i=>xfB1UHYK_{
z)0Ynv)gixtZh4K5!$J>z+`1r+C*OiNo^~wgrAtv)K$+@tAM345b&6Z!$`oh@4Vp4l
z6IZ61nKIP?%2bh8-k2qDz9QAg;gIIqm8E8;Kdm*er~nkCG-1DG?raCBq)LnA?wYv#
z7RlW`k$+-0G0CoB{1ca<@=nK`I|uMjlu#_LV*HiMyKhOQfV8_XYRGndhgrrwyDufB
z$-&jjijU4c_&d`i&L=(Kn*_rqsEa0H=o<gIsWP7YfxP=1T&;uKCu_$f{5_C8C@Tlx
zqs$$OlK@~KFiV|ulk`9kY6^%C1mFQBTcGnm^*c*IsFSw6@>lwIt?2H_bWNjq7I`qf
z1uo+Os8$K1>bJ;rya-x62QAi057bh%P>%QfjML_5_-PgzOX@hCOa$D1(SJMzXyI1$
z$MUqV?uUB??qH_CZ>xR4r{DxL98dzj)_%UuG(!`=$@f6hBq6UwQ0Go6sXko7Z`uV=
z?**tqDcR<exH`et)z1OU)&V1pcsvbYO8yA#)ks_mj4JwW8dPIpzMl|%I%zYfNzL9#
z-?MKO@|y*&LFNtsFbxkhT*trDz;6du&ih;Y8_?%S&Hg~on%69-b8<?m@iyZI07w9U
zV2T_BlpsJ7)F5*Q1!NpX3-F9U39K36=W!x#jv*VN2?4koK!8$!xORpHF<_|>k7*KW
zFO8vg9HO=+UdM$q?czvQ@1NxGAgryDzk8~KJ0!iE1WW{IP|{E%aZP}`oe8)D!i!uS
zcY6h{QRaNm<;H)7yS;*XE8q@BaZ`Zdt_j(T#03OjC*rPN=9-}*zlJ;b|AWXq3=xg`
zIuPzKXfzi3p50f49P%Ugi~g>uY;>AI+((X%qf^Ll1L^uuh}}0;M-ps{=#Q9~Yetr&
z?3MhjAn7+tXb5HIQIwoUHi1wIS&o|p|M46tBOqn$<v02LN3;B&n)r8ii5Y$wPxo!w
zhesL77HZNj5&3TpWDGa{1jwxo;i<Tv7h8K#e~inIc67#o_M4^c39AS2iwl+vdC?)Z
zWORz}p89EL{nqpcY{UX0j{F1htbBZRnWch6yJ+tl6H+jsm6X3v>^S7`w9iui)36wi
z>GRU34t3)t^qrUX_1-k*<BdAFPoYlCi2J}?bH!+}s_RYo$-CddfvM`kYesoD#`#0V
zU_9{LD|odMcy5?tC02D|v}b<ZpHWs|7R2BAU{Z_G`kG%r(Z8g+7Kk+ot3@Eu^cFzV
zn-p6pWZPc;*??5@x|RV*RPr|(#myQ54U#RuKkYLCqiPbX0$9Hk-G!Df4bI1JM`QYU
zsj3z`Csz4Ocb<>NK2F4sm%~Ry5`3g?>mM<uF$gi(1A+ftuvE>ynK6Hv+Z#h&tBDJ+
zArSHdg8DeVmCzIqprtS{nL?lNzY7Q^oNjxis>WB>qqfjoF}dbL3~!U)EV*m%os1{3
zgc>x;*?GraJJ%%WrTO30+D$FMbz9<vSJ#V5<CeG6@Vtt%I8olCidGk>VpJ|`mKHVA
z!DCR5h$DAh#T|U0;a&j`01NK!d-xapVpYRGaL*SeSAJu~4*(XUDjFxRgId%|Cyt~H
ztY@#*mh1PCkK#+c6dO2cyFOyl*4S9Rrw>wONJ9LOC@3u;{2Z#70#jk8ntkQFIBM;I
zRM%&C0%eApdx_}Z1tWisf3{ZUjsrm$Wm_x%bij0o-*iZ<s>S?~cVL|3^tTR~5o$a;
z1SJg8%EEadt>g`Sm>xq`z#~p_2~cl~LA^Z&^;R9~_fTee5@nuxK3}#R;PdBMLLmKg
zjv$fvl+a$A>M8{CNO4V&mBRr1Ay_&t75()o0+p3*XO^2~?i_T-i2g&iPX+$zoxS}x
z_-#S4%w7%pS_F?bD<4St|E##OuqQ~9XCO=-;9Tvz;~Q9-WF<^DFW8k2>>xJpAOy(y
zbu#w}tkk0as2MpSFhMaR0Ht;U3luY&{KtR`HUJllv%th-@(Jw9&f-&uUfwHodVDJe
z;O5LPqehBa@0}9@RybI6cbk^165Yo;E0&|Fd|RdVPuxCL`zLL_O8X~mF>C)~`^(<J
z4iFGVel=6gy&U9(esca{NjdBo*&=qd$Rk^1HG3l7Snja40k=<ajBJ#wha4G)WCdFG
zn?Q10vQ@PCdG{a^aROp~BSM4+j`oB<AsMjSytJRSJ^UE0Bl|@6iKEu&LjK{j|F{*;
zPdz;FW%eBM20WkqihnrQ27m6gWkFhGA^&X%o?pZB3_QCQ^7o!!$RF;8_b|MlhWFNm
z{Fmq8|1ZAcS5JbXs~@ywQK&3XecljlZO-NGfgI<fxRkq(cFs^IaoG4gt?>m~<M+Z7
z*N3n8id-usd<rcdg%*x2<UctMwZrdy7Aq_^Cdqcjbx^hioFgzlzlm4pOs(wx4gW&G
zcRa12aqTctyXst@$D-YGXTzs^wELAW9M78b-*-GmX#b?mY1+U4ug23lhoSV~Y=+Wf
zv;QxS=ML8Bz;#;V8)yFy#&g8KF`n`BquM@d=ne{D;bRdmal>EvQ1;#|c&BMY{z<6r
zoDl}<X7o*1k9*n<?xeLrRMYs`qk6{+0tS+8;Wv#*DXctUD)gOBEi|765nIaNEvy|X
zMT1gwhjP|o`*z7b(VOZOJ3S4oiF?l>Ri#QGC}BWSrBTjr;~)PsjoBv@qafj^XgIx#
zazlCeE2=9(o`#C6KyOF)FPAmRbv89J1e7dlY2~jYFX@>^CZ0SM-IF8Mu?B-{1msia
zM3vc{kt;Q4E3vLHgwG%>8oS5@dWQF7ZL6O{b40(;{hdZbWSyu^9z8DyT_q1}ztSKp
zZB}2X&|xyn#=R}B19wFIohcZ^bSdr59sO3Mn@mOZwp3XixO3JhgMMGZt>=r|jr~o0
z^?C#Q-J|`k)_zCnx3dD?FG<KMMWNn+5hL}j-b_IReE9Af99e*Jb}Yf^fWIluD@3Im
zUQ%5@<Tqu>YFZJ1P}FWrF*&ovsE?(M*3(==VQxjPgZj@$u7bZkkr86FF>+Zfr%}%d
z`JAaxwV2;V+rUly;}mTcbzN9uI#YnuDi+%nKj{5HnYhia4hcF&Y4?FapGu=byKyjd
z>hG+-r9Im34chPX+HVaXrQgzTX9di<Z*l7j5%3NkK4p$mu0fIF1UIT%;4k(547{Ye
zO8HIGqoO*n7(i$@noQ1#Af#()H|lBE#M3U<(nP+bC&EK|q(8LV6EVWy^Qax<pOI`n
zi7)brO4}V6I{d_JqKlpI0HU~VrYXU_>&c|}r<;k~L7xQF^^oschcid0oN@yQb9HFC
z<J#N(M(5!0i)28?AH3&jD%1q+LdR41b$EcSa!LX3d7MP-X`H*>?CxCQT85{)-N6*H
z3o0Lk_AW6PnCk%^B0qvo(B&3jD4rIMnbr!(32-t<=H#ryzqiMI*5~$TZr*(^8qIG4
zrd#UAFlGZ&(XDVbzveQEO6Ln_7%`?MfJT>*DknqlJjA@T@`%mgCNp!_;@A%u52hGO
z$`0nVg%F{+hM8~`KO4K%!Zy4JP3GmZqV0@xpl0E03%zt@Fj^F}k0~HaXhCQ>pJFJf
zjyn7C^V1%?GY8#!!uN9wmcx(4VR4St;BeXqhR$RdT$Mq)MX&P*tWMXfkvD3F68g`C
z$M-W}8t*~REA;!VxF**SHW2>CSg04rXpOtqlH>4v##f_3(~kaHLRHUSNzFNwj`z^?
zj6p$t!>j4oer<{R_uEjMUv&EZTT>1G^I1T4I~*9>>&%P}OITEb?wx)Zk8aW3F_r55
z5o%7@+#fJ168~OMa-W$R{;iQgwf09jhR81nYWI1-xg}Kt8-o||^L=3oVuaCxJyGY)
z<W3eF>>3*EHd`}aN+Fv63+bdA2Kyfz8|+`R%3NtsQG~)nbjj$oJvi06H#{s|Yw0en
zrMnUk@G>G`{lPRsz*x+nzCx-*Ei~VQeUp?nrAul#9>;`+8bHWf&<f~Nh!9*_6;L*t
zc=vr6DNylUh0%E?;~(BLkIZ=kKfNcOp97t#2}801WMip>zv>v~uIgfC%ou?X>U;cg
zRI!*zPZcwymXNFj!k4Eoyk-Fi4&?-_YOK3R5?7^RfZ_IoV#`UuPP@NQ=IwQ4>(GMP
zDt@Wu7^qi54f8lX?BM^@0(}Hk5pp~Dl0)$SKH%1h-@*Uw%wI5Rx75)LkDxTN%VBGj
zm4l-DAn4Ff64UpEpVz3ba%K$i7!_V=?hQsO7YCym!I<$qz-UG=+5_JK$KxD>!;AXA
zwGpH<R|YY7PU7nIZD`)WHHqpRPQQ-JY@on-oxs}s5?|6JaDLIVck@qH_Cy7~#BYrX
zRbB6=lH+yvswtCSTEiKfw@k**P6_GM4(f27<Ucw!?PlDF@*f?8Ci0OD*1e)_kH}98
zpf_+vJqiG0kUsk(h8~(R$`HxLw*~liNiyLU&S3bf8AW^mgSLc!sLw0~$&P<-x9C1Q
zHC#no+&WpHe^W~<TBED)MemJpepi)$DneBTQp*`m%=arz?xUOt7$Eo0aUhg(fIC=E
zp5i*ubkLmw5B~8>agVDxB>Iny(Kq^dgE*36XvN)0GnxQyk+%n+b4Yau!mp)#H|E=9
zRpRvMLx}mkAVs2u07kQ3;PwLS+ceC#A?CXg^Aaz2@oEm;+=%Gst25~xGxF6VQ`q6r
zYRsUIMOBau#))2o(I#_2Ib*k|+#ELI#mt)viGv<sN56mN7kGQ8|5&=aAw9oK<o~u0
z&}oeV9l|2pCQ!$LegoVG!WP_OiIi>8%42DJm*DQnU3x_cRVH9<P?g|r7$D?#6~4m(
zcZl4iH$;ta|EiJx@V<o@Us$j;2z+S+_W?+l17QhTHW>qk;JvOmxlXX@0_EBZk<Gn9
z3*K=IJ$D)wlF;e?$PHlm0TDP%*Lo7ElvqCl@`8C4q{1a_VqJhXaa)c<f`n79<b8>y
zNxXfp*s-^#q4!LMxfq|RA4((7$|D2XtQ_9FG!3{?<SJQdkgd(2^~lyEV#aRXgUeB2
z`+mEr1C;qaL?^rBbRw#caJuh|*<g)Iwta;ldBF5+=gz|{*iJ)Va=z+3(ntC5*t{A#
z9cGgS-;DTnSydEsx^76GUq`1U%rCKO2jV=zk`N=JIz~h%fr!p(M6?@-s9Wah<cvL{
zGBFZ>e7At;gAq)dL69U-VjoPQ@M_#Tb_d}9mZ-zpEL#uB8I2fc%(REE{t52W4otGK
zCdps*|F`6?LXf|1UBu+CpA&ltGx=*aEIvmx`Kyqom&D{RF}5V<Z$=YNg8Vf?m%pyp
z<gd$h`3toIc5G<u&zRIRo+PkZCV`m=ZMC`t))be1@(89ingmwxof23f`N0ff5?CR%
zR~Y(XMqC0r`1MGVz?_^8&HSIop>f(YNSu=iifAt=JdZ+eK@QVvK4)Tb*q<Y>#N@C}
zUCh9h@GGFS)+;~`Gja^US=5=&G(jwn1SX><hvdWrvF8&7u?N!G#=EI6QOsulE>TR@
z7mNoJMX{e58DKvIz#<RDMX{l}C^khCkfw0@zP2Wd<-`ZRh6X+^i~UWP#cDKJY)O(V
zhV6NZM?t$J611dgO_ga)mBn!2?%B?-e+~sPch5Dv`inHJ_Yy_zn@VQJe=U)XEbdDp
zyETQDN_pe~*>-^U6f<e;hx7ZE#w?WE&lW#wcw{r)58@f1OJt8FN@Q1S5?Oi*L+`JP
zbcyV%m_&Bi`2R*CLwM4QV(8EBQzG;IpOMIJ*Ceu^^d*sTO|bk|p{~P$1OVb#CHjGM
zaseQ@&5XkbtPSq&MId_ZSyjkHFB=oRW{RE$=QM%e6!o7R;XgVIm*bguQn2c1G`iYg
z-CNa#_3=dkuG603iwR#u`)wmZ_`<j8_;yJ$r5-M1s7e&R%=%m^OBBBDOccJZP7uDV
zG2shk%szy#$p*YTM3cLsOzy&k@A0c))$ku1)*QMDdy!EO`T#ERl{jDQ^~wNPg3x_A
zyrC~Sivy8K!zZqm!WP5;3Rc{H0BZ}w=pJjkJGux&s<XU05XGo2CQ@<q&P1xADOz_i
zgO1~4!>arY$!Fq7?qNu7<htw`eq}(ogVTj7g7e=Os}SjtpKXcN@STEH-hW%Lx&{R+
z;$jyHR#Q>1+I11Z>MdHy=AqY<CR*XmQU70wRtNhKt#G3CXcKLVHqmx-ABmc{&6j-R
zKEFtlqi_=3^d(FT3%*(K?J_28C(2Ry?e)nCQw8Lx`eZpur<@bRs)84ro^4!@JtL^x
z9Pu&f4_U3`spmaglSHaPT_7;M{9Pi|eJD~5i6+F)OO&VR7)*<xd@U(ayrvFCfSP$U
ze><%0p?(8{QHuC>q{aYqH?(~wfU90V75!p!W~jM%Am1RUvL%Wxy%<{<BckKIKTfJ6
zsssfk7|NS%FtDh(X0-hY@8Ow5!TnE=Ay1j@%7Yd&iVoM;;LU~5>QkA)XbG%i3oI7+
zmRDjs!K+`OMD(D=WY7PIU;hH0B~_gkOV#<x{<xKk_fHG{&r=9$S!oT;f-36l7BluZ
zjLRjgmYGVh;|Tfag@(<6lm)PcL;KJ~wjHWA^VOHq=I*H#;{^Blx$n+3P|*K>qBEZv
zgBE0=Js&z{S5Avc>lW&Sav=2Rd|2gcqf0)=Q&gEHw&T2tqN{fSLfgWx|16yZM03?S
z2JBCvpl5FdIn!Iv0Rg)F;(!Er-+}`6>*iTZ{Cf1^^ll_<g3`yz-@{S)OGQBQ3go-2
ziaW82YRXErEH}n#`Dyxvwfs7z&sv7`s^uCeN~c~&;BGmFcpa*}tVcOrIUt~z<oU*k
zj)Sm@T2V+*z7+glrj>B#;p4o`^B5j?qARKrb{`wTSAT;16L4Ik;rJs#X)4L@<kw8c
z6=FYyIP0N%6)wlq7y0|_Ui&}HUgtk7cK%O6#ktiYs>`G3tYO>loMBgucrUks`CsPO
zCGB_Ey~cO!Uilqk3I8X*U6G**ul=2G?cU6H^b{b<V2^0qx4H$!%n}ZwzO3vM{HN3G
zT${U_^?;WH3d4&Xryq0z1t)j++--B|Ynz~)Ey+L2uYVf_p|YSISI9cL2@P0LotWQY
z_paND<-J?CBEq33dy15;)%Y%{E22`g9&~=bdIj3MwAf#c{JIjaaeIkZ-mbyFj>?vJ
z?c2XC@n&w<6G?P;*Fi5jR(}vilbN6#>7xfY1P2NFclw5YQ)+MMb9LzDt!8ieRttl>
zyxI~6S_Z}s(`Qv`BIE(KUjXpe0Q@yN{<m5H_!<PhMo%&8khg><pn$CGNAj_A-51Bb
ztq<tC`1LpH(D(fJaNm}M`ykGDfPWjnzpXd^w_z8y^^N~mQqZT%gYKe5YNmE(OWXN0
zYKC)n;9F6hWTcJA{QY<r=%f9D(a3$`b7H*c+r5jD#s_?wW~^RCRUI{-5A&uaGzMxB
zltYobVG^}`sw~)O!AZE32VtmuoyFixkNS`b+~>_pZWsI~b(Yy3DS<KfGG5SfQrY^C
z6{Nh(TQyWHt9Nf*hd&L@3@FV;LU4DRmkiaphu}YvLN|hiK1>fry(|mrjkbEFkuPnE
z&qvgYZookE?PO=PHLV(GYhIOY>sXo_&O=pt>qabVYcBu7>)dFzb?}c5##JiXXzN%O
z2%p5BekY2ClCp!|#>prST?UYaX{#%-`~{;!_jY|Jiks62#dI5sUHP)=WDkbg0`7<O
z0^DVt#p_&`C-blQB(BM>z;8U^Eb_0NkvU*q>+<l7ES@o^J5Khv-WS?;a?asU$O4&y
zAP8fb*g^Cla!P)~i(Tl~ej4W4MtCby=DlhW)DjK{GyHfL`i!)LT55r@EB}WD2QCW-
zE@{lqnV0;CR-M>z;i&ig4@UhYRnr|hV(e?w5g)L|2=TEV3}c;xV;z~Q--jL>?+_dB
zC0DVr4w6r?$G6fH$+h}Cz7<1X=Umw+{N`A=$N)OL1YcXNc(E!9GJX2IB=6rnM`OK9
zQb0}Xkd$vl1!mp}>)z0>zc3mc-qC`$g!a@i2F%irDG9`#Yv_`J(+=Bt*GTQv^I64E
zc;!bJDkm&(UQb6o_KCLEC1>EzQVT|RG0#+UuMwlWWc8|_FBk<%WNpFZ7Yq@rmhod*
z359ck2!rXSUhyoTVyw{C%DX!;BHE^uNef)_W%W@`vVFooF~Epx=C*#Sc*Nax8~?<3
z+><HGTqkqKqQ~66Cdjn3fZsGDMcGqWd9t&xGFspQS_`E3kEXi)O`wm|i?%~chD4^|
z_^eGQWf<GE9a?%Fl;aZ0U9Oj@>O#8@{{&v`2f(cz6j``7J@Qio$el?MFN#ux%1NmP
zUcpXTeS{r5ewe|*hXIC_!=ar2s8L;+QQ0+tFY0oi<TE-El8-0T4chJ$D7ZGgxBpZ$
zNX`+#^#0+a^qd+#K-b3InkFHNUQ2F0KaKXBi&Bf(@4Php{HPH=PlTT%(nxdbPayFM
z>c=Ijm?2blPAK7v>IL^PUJ3Y*8|~`jXe*dB!49f26lk(%G%B3{zFn=v4}cx~<WmLK
z8$T{gop_AVY;a~)bsa!#Ri~w)^2pvZ`xy-W<0h!9KBL)vl*g?PpurA|tHJJvb|@zt
z%Ex%_C@+k=cfs_G@Tv3I<x%0!>3L1~pLB^)Q3jfS@<dyRcYm3h)PFOf<Iz;DzxY#7
zd;&l&sB2l51n8(bJp;SI7u6*oXNHmCE=|K-Ar<Zdt<qScKBadX@YF1*D+p&$RVS2~
zkzUO3d5cy<Kdpuv2$}}!uKy@@zA?j(1HZ?A(qvcaksb&tfv{N5Z}Mk!3fh1moG>0l
ze9<f*zRy`#O<Grv(k*E9*f#)Y5|r<Rs_hwdcs>O4KWx;tlK&Tb?*iXcl`V|tBx#$L
z!Y){OC`!RNHu7o|2LcotNZ=ei;UVA)bacSZbZ|y(6N-wEnpS#@(T=0eo$KS?nYr`2
zbLZ;JI2CZjq@_=wv_+x7$V-6}B2bF<1>}5d?R}CaX^YO>`R?5R_rLn1Ip^%x+Iz3P
z9(%35Hh`p2A$k`I1x~|Y<VD)>BXr%ltjK&QQgR$!02Al(qP}k~^XLZLK(i<B{v|$Q
zlo8Pzx%NBEb2M5}cF=ekr!hS^lKu_}4x_(AgUR$aB^bVhzpI0tcu2^bESk=#-ZngX
z+w4tZidlpF%a8S%cevnoJ==`TqC3(5j&Hs@zW3k+&2|icAp3!Y1z*ue`a(*}am&-x
zi^M=ZuOk}AVVshY?RvbinSXEs+X1E)7ElKkA3;AJ1D+(x;p?i=Ge`6ljTWUGXy|4&
zch2^q*xH1X(3(>h3(;r>Q5r%t2GxlIg`E*&$vyPw#vMtRjMv8p7h$pr>tA#XR-lA&
zpsqVlL4EUq1W<qe$yGpo>VY^=i$4QU8&IqOi9d_RX8AsYWkjS;bTdPK>(VX-XzeKa
ziH0td-#-~`=OMl>z#N$Zqj|}ID(OSa8%ln)UQZ*5`Ht#U{{#;_nf<{OUEg%{Xf=_>
zL?fYl9N0tY9PQz#2+Z5Q!Fm|L>Aa2WE5B{v@&YR#UY$_B1j~0Y;Zqy@rTP%M2L9@T
zKW48w^pmO53sP&O5j4*`U>>6F&?9QC@~3BMD^Dc0ay_>40;^3Qnh$@ILb-TG^Px#p
zcui`=5)#HyfR8!2K^goLleLmVneaCyG;C`!e*H76gvRK|j(}4`_ut`zm;jS}7Xv6I
z5uoP}$4(eU4BmGqP8d%o4AD_OS*xd{;vsZa<AJM{J<dgpEBJ+ZrIFGF6w=%WhTMT}
z2<uVaiFl+13*l`mP<c%#X{$lgH%%k33|BSa!h7>`3iRIl6R`Q?Ls!A(J6A=pc|2m|
zZ;tnMkY<SXiuCIha`Aq>DhsP$Gh)6v9}Ln^+c7hju_|`vQYpIOnMI$I9sPR<7flYL
zedW_C8Njt5)#&@x?lMui4F$5;<F1}uT^joN&Fu5@v%tr5srd2nzK@T^Ir_bejc3Ru
z&3aAf*Rd(&rJ3mXPgB=GYH%XHdUD^Q^;!Gs%Y%;+{pjfXD8^THr^2ct@@TATHoV4X
z__uH*L)Tu&@M<_Q!%w0a_G5<U>1*zfCyu74?|*!w1{DLT*6f#mX*6g;PlYz%#qekT
zGo4-#e*%6(`S{d^Pa{LO<MVEOP7B?F&wiS-n$eqU4(nBGUMfCGN9CXPC1=QA9AY0|
zP-`#6dJOpVRBSDK)NGHa*&cx3fzF>U#hZoL34hhO)5pUSBYat>bEHkW;5nWmc*2IF
z;Z$D;zD%(^_%21EF5Yvx8@~IJ-d>4Tr{1{z8xYnOlFD>W;4YBLLT(<ZoR*AEmRk6l
zsTH^m2iFJ*x=6wzeN6VG1*CFpvV+^@;P%05GQ6fI!$S(qEpkmFcZ8A{PhGd`6||ig
z%^+GPePd;ezhnALTBC@;=<0Y&k1HfvI$hWF#i+~%E*Z?k9Zzo-p3{_$f=V&}Si}W3
z;zB#VnSP-cbf3bWbH~t2_u6eM=vBgREklo&yz&{m8XvETlzvF}$0}zN07E~@if*BE
ztmq=zR;yWUmAb8dIoay2&#{%~aqJZYzhf!tCoRbFDS7U_IeFz9biBu}5B;hlkL*xv
zzJ*;-%Z<gEi`LA3j_10R)A@Cp)lSHw4V8M7)uap~XyUik_$~N-_3ak=_AT|TkiIQb
z-+n;f=BsZL=-VAi<R*-$E3X=9)78fK<Iw*|?|&cVHn!XEmuX-}8aHZ?`>*gYd?t;!
z78i||8fo&;MFz3*3#ig=?lk*R-<eM;CryVz*yCH)<>|e#cq)wizb=IdSd;!5y1V-B
znEuv{8s#|3H}DXAL!*hiAJNmZ+LaE8H((;#+Ve`!5()ha-5ZUWK<&Mhmg+?BcV$7T
z5odk3FFYp2m~--z2Pqz)WS3Vy$$-B4J}VH$Zc27%)mhabk_EEJ1<n3iP7}(87Ju>P
zjhavf-p-5<De&+bJZ#s}F*+*${4mNFf>P_Sd_l@^$3M6h((*{<9vX1N=Q!r>d9e6K
zyij#D&P$yi6;gWliF>vIMB@eU6*>W8a4EVPL~4eH9s&%N=N)Eb+z^oUAo%1w{RRl*
zlenw*)z_BLS6y5n(5F;xZt$ESeRU4MN`<o%D}=#YCcne+CB2M8_X1UoA3_k6x5CFr
zcwFdDA@-;6P_#eEU%Nja9Jp$Ks_5jyhz5c>AbEUUm0E4uRq8CbdY#P6gN{+k*BhhJ
zi512o7%ANkI%M!Q_!A9R`dtiHnvG?GKL`)}{Ts@_-@mOy?y-q-@sLJc<P{&WMV|fZ
zbWQB~jzqhZr(TZ4h3mim)hy|eEYbMO-Mnw;bJW`w!(4=hT_wJ1wjk}sW8_k&ASo;|
z8y@$}^PJLwN@hOGO9yDoNFdj*P;3~&&e2Sw@u3^pD568oG%a3cAJ$Q?i{i27vq1LI
zp(CWD-}Q8bk!SZ)2cN?NTUtPJ6pW&(Hv$PyL06h@!^08|+04E0bdMHq?ph4`g<c;x
zHUfUr(*wuTQv>)VGjJ?9wI1{9>}1E-bZct$hMNRW?PbAJr^k>lK<acDJR^%dheBy^
zsR2)TX&k=0F9VjqEJE83jNRLjc>cqML?H|hlV$_)dh$+QX#_;FcIsys*cLctKn;R|
zJEFScJ;5Vdjizru#y=n3>q+U2s02r{X~}cLa39K-ISeXxrf|Tpnt;~MPR}b<HZ%rK
zCZ}GZmv`1_`<+LbE&yghc6ijMm-?R^3jkSJ8$+;8+5lJlaqtSLlUP&DfaPnEQR<<&
zC$C3qD0w*mm1v+6+#oA$aD5z{n#9Uqu}UF_v_F0nw~!Rv&OMkP2pI4_9TAstzEu*3
za~SQ;UOsj>8rt!KWW5n_fo!=M1vq#EOt49xz(^w$px8<VXefw|(})}7*+UqV;H&_|
zU_h)`9K{M-6f0(aC04-er1aF94H*%nfcAqK=uhHX5EgukuLyt%hys@!(wA}Lbvv7z
z9kbKRlqXjR${s<fR*$I^)9pP!o>Wm95HCDebj7=a58=j(y8h_=W8Pn4Tzd@WrRMC`
zI;48?+)FyzNE8KVGaKsF$*;iqf`nR3(8I(52n&EZ;gK0FRQewjfJQtB0z+Ng5`0}3
z&wu&o)MEC#^f<Mobdi2QOxVzZm&$tdMjeZ0Y_R^GV-639*<{O8XdK5NE+7zGf!Spf
z>5$GxCUP#M1v7BhgsyisZ+u-HPNXFB(td~U9zE~7J8Y*Rc5Qel6vQ?pU?4M&B>>1S
zTxjXI&@u&(>Xa(zUZ<WI03ZJavf+f*SbaR_keY<9{hl7ZYpKX}F7ag&%<D}D6b%51
ziio0*()}L9O?3W}4vJE>wfxZxZTZ@3xPY8tE!Ss=(k_gDCZ!v3?hgc4p_LW|Bn&vt
z`yNz8sXlHzE!Ctnz)=_B)hQeTY)63Y2rxy3D8L^DF>*O9AZzMbfLM#(pQZpnjJqhK
zU1J1KAnfpEf}mfem1LU)M6xM3Q*B@Ltq;SDQmOW4J!_6=p}E62K4bG(bJ6h`hs|B5
zr)K?R8?=Y()YOERIJ4F=c~9*X2ab}bN@tVgU<+04dO^C;v+D0xpk{PhP1oB?8=f2<
zsXE2rIuLBvsXYneVJU<bq@?}97ciDkjev2m8-h)^n7F-yvR5==9BTL`)qsj-bzho7
z${LX9rfKQLsO*l@4)fV4js(YZ6sr`(d(axXnnkXiu{26Wsv;PMp(uj?$wjLH47KCT
z0V6*X$%EmBgXrTxc676V&UkULnur2w@cR)^>i~C9)wW80I!?hH^rPtqLue^{<4xG5
zNN$YV3I$l_(A^?9Ino8C%DPp@S{0>M*6@?JFk719XAlA0*e@DVHPX3q4A-0I4o@Ma
zhf#Fy&LyR-SPw4Q%FD>1P@thiu@4_RoOi*bjm2<jmvHuG<LnKA@$b}I46dW0ITR!I
zSQWnrt3&WTsY9#~iEXcl5vz&KPi!(wA?@;hp6f7ohJGV(2N1&6&?=g;mp66r&@CVb
z&|m5>R}J7fbAzdBr};>yu^5}0$cWzxLyEm}recrEY#cR-K&1c&5S5Yahzp(xLPyj!
z`VyY2SB~L{qtF`4b9|3;>NEmdTFTFI;@ZZo;=ozP+L85u<i>%D&+=<k)Pek2G=K40
zNk(A?>4SHp(NJz9T;OaP6e7qzoG=%RN}2sMVtRDFQ{9rcG&--tu_abdPp&frf2TN4
z&ZDdRSSS^E((N{j-#I1m2<M#Wj!^^M8j3r{IYkvYBfHfXnYe9kkh^!_Zgq%6OaH5e
z;(L7Xd=(Ws^&AHE0`WBDR+$D878OlZs*-gDv3f6^;ucWb`tTSs006-pHG`*4hlC<%
zVm?wxr-3RmBu_!=&$At&7rLftG_DDKn?K|GA1@6G{kD91)E%8svL5;vJi~T$YR1qV
zoyW>zc62@(VL&B6i$`65=*{r+A!66|A5jV-+rP=N^QBC_{pI|Kd>fqjW#WC<AYQt?
zZ>Z^1R;G8n<VVUwdUG@#=vV<uRQdni>}+wIz8tL)#Nk7<MtPc6qlv2S4@T7X9qP9B
z-EX9;?G096bF@A{0BW`GSJ@M4WvQ&PMEQLwHPe34zjCQdXu*paKx#kIqz4)6vbJbM
z%r-;hxPtjJ(KmTDtU*`-(eayCJ}FC3b~-Glox4Fk)#uLx_LH6GKdHxiSMs@e+DX~b
zZJSmE^Lsm}9uTUD>NQ*I7~o4^PpA7|%b7vBAEZ3j2{6uVO56w<y+hpyQb_5~HO%<x
zIiYi!`MTPrpx%knh3I&YN(*^!_NIJk2CiF=Ukg0Ubw=<g`l2DB0?3Jvg%3G67!I{~
zoO}(E&~R44?4_h~<8Y3>Y+S0vH*Mrik8irjTQcvPJ)B2H!&9XfEnTi{sDj1r-~6eT
z4T0mI(>1XXCZhLQI;2{9on^$(-X%53k4sDe2dr$BZ`y-{aE*6f^b|Yy0sX>z7s)of
zl%9tCbV%)TIhMnS1_C24RfX58)igw+;ssyXj@zBNi$>D3ykC^y(yM}nwVK2p=gqI6
z@$gdW7SbrDG+sGsg<0q(i`PeiJWlsLh^<8$B^B$Xg$BNEVLHuB@g4P3P$6#<Fm8Rf
zHm*8e!kY{?Iq{}3&+*GV*Fq1FKc$P`&s=iF>JBtp-94#f%d48m5$fnCpC)q3I{K-M
zeIk8dP!^}>$?Mp8@?T>_CDUHK2gErE{%V~g@n#U08Sp31UDurFR#J<f0u+jUp9Sww
zE$~2pGcWD6y1UbgZpCx8Q$zRA)6(!bE+kUNCV0#YS?SFqovyUdbUeOY*6EyzkqmC7
zvw;CgsROZ$wmcXI+#!`}R|UsVYbh<*vMMniNz8ih!<VpkR9WjLBKS7xRlme%PShyY
zIy4Ju(7)k2z(>*44ftkt&&_cSK}Mj|yE+7vn|koR&!faM7Cn&LY^H8r*@ezIZnhq7
z_k?p?H=<dwNZ~C9dFf)|8N43mQdz6Z20Hyo6jj1gTxQ@<mV?CeF=bW}pxsX^IixJ0
za?)LpqwsSm8>CkWDAmAw|IABAM7*M@iw`JT3?@*fY?{k^PF+S^<LYq}+4qD_g~z?=
z$`t2f_oguYtKi=`Q=F?=ASyl1=jOi%7%l6lXj16(-a)5#IJClM*ga#4(*SZ9{9+V<
z+R!-Uc%d=q)fl>lSDHe@SSqC9$^RqRuOq}(mG>Tp9V|r_gbtlvEfw+1ohZdd#tZOc
zjMZ}qs<ytv1<^G)UVpdymNzSVTw_Jwljxq}yaqDg;Y^0VIj$6|ySl|L9kPR(;{KGg
zb{@8q9fxgPn{QerJhfVV(+aIh0HlvpQr4qk&S7sNlag9Ml6M*G=EHW7+3vARyR9Xk
zp_>)^64U-d@5Z<E3%!rNWe^G!4Ad-g2j)xg4Q~i>6kNei0;ep5PX>q7D+JDD37%@L
z!}1r`PU<0eJ*~mP3Ol$1m{YIj1SN5Eh5!{g(-ulAUetq3D2)WHztfI)7qRhyb;CJ#
z=&j`CDyydjBw2fDt25PBz8|`!FFc0*v$WXA;zoQ&gFOa-YP3tk%$+u=F{H)eZlE&R
zL8k$x;UzQ+q3<i6Rj}i+iHme(oJR5@#+%2GufCxx^Cm#o(@U&UGmaF2LBX3S?lHFp
zJvb}U&gg()LhN`w`WlSa>embo@^;X{U0Eo>2O)4a3*HYpxX?lg)1;%=ZPer(mXBPG
z)E9R&7SpqAmoS@N&87}hhz`@n=c2=u3y5Tw0`ocNi#R?o(am&x8gP85E{Egew_2KE
ze5&xBj*pdy%}@bdd>E4q4;au`6L?*PsS%|LTv)KG9s;&`8H3tHmQ)^FPY=`e^e|md
z594}zEN(sF(lPDlJz>r{8UAXW!{D#Zwa`72uB0mXbxj3=7Mg+VCYsr`4-(+B>&5|>
zSQSg9OU%^7wI_%pD!y#}2IV_3`;~Vu_k`2P3mD(hJIWItN}j!<!MOXO5!fFef6>!D
zMye+-1}PeBI>*+=D7IY@T9p{zMcQR8`IOB(W?0}|@sfU?clApKM?uG{MOD0mt6d;D
zUxFz=mn9bLW1l(}NGl)*jZO%&9)MZj<=RP?2d%(S(8@AaVMe{05%*AD!VLyoE2MN8
zja+4W3Fbd&NAJ8&^5Rgmkf+c+RJ<w%k3;rq=tZ5rYk!zKLE}w-9@rNt>!7axxTQK(
zi^+iZFaCm2gi@pk<VAE)09xuBdL1oR!VuqJr}tfj7F&VFMEZ?iqVk@1^%ngCueim)
z1LBI@zIhUS-~m}h@^*v39b6zmnnP-2l)(=@uXZ*58n7J;=`oXoYr#x<H4|d{Pz+J%
zOtDETwm@%7!Z@{sCYYV;c;7<3)Jo$DVszm;^xHUGqX7M`L)QQe4T~;a41|)nL!Mqe
zy&eJmn^Vw6I?lNcYG-<<4Zd0}ZLH&tHT71h4FGVMsup<1{un0Z$LNuKh)oCRERe9N
zC?P5HB}fTl%6<I`T@Km%{9t|QZ!-BM;s)zn$orP)srxI}&6}F>-aDyI`jQ7JuJurj
zBAo-_FEjyQvU!*2t^1DC0fK_h45MDBFX=T-z2cWrJmD<ztby7H>hyt6f!e_$#xV%~
z7OJsI0c*)|>OPBe&-`asyr+kM1{nDkz&9A;_w+dIFnui|*9xx&7DW@?_O*iLf@?R-
z)<`VIvQ*I$Du#kW{*uHZLIZ|w4pR)>LP4W5QGx3Z<G5cONa{#A6qP!7Z_#LK%;vqz
zv+$5pP_}j{if(>7tp{~qc7u-~Ezr}mA+FSI%!Adbvr5Cf^9?j3%8#ra-uHB*oqsu4
zqtxjrdi0l%?p}@yDH|8kC>7Igf%2mf)8g>#zJp&I&w%Nplmoc7jqY)5S23;?X4Gmq
zwCNs5g4agJnuf1Jx=Di~-H853mxwJ(qu8<lrzDhjHJrR@aGaders5>vTTv35kwk=>
z33=%KLrZ~{lhWOk-XeWLqaDsHN*|S!^de=MLQyhQgkN!wEi&BZ!>nN#aQQ$D9*?4C
zU=UeiQ8}u=F?<#&J~t=eGlpT6M8xO%IDGD`LWCA6LPMSa<k72nkoa7SXyzn<$UoM5
z$0^kyLmZaIMU?A-<ZGs)Gfjt=rWtMC>CV~qvd#^Ytibp_&@rZaPLNK6K6I2G{^(WD
zH_7r-semapO5w?vxT?rH+o1wy2>x9I51UR%?N;QGx1b|@==*lW*<aCNdm6fXN^3sL
z&Ii1^A7*M|=#Mt3tIu&h?!1o8tM@v+hCcs!uRhLy9zC5B{pV|`|GZZp^`D2w82|Y&
zP=Ps0#D9L8LjC9esJHrlz)2H>Mzockg@^0mA)>!prB0jomia#YG`u<UHmaE@p6;X%
zXbf>t_SA&gem|ZEI|VpqlP=(Bi3T=Wr~Bfy$Hj|X?gg4S^qIRDi+hCe#8Mi5=f!(a
zVL^|O>E8qvm-)ODpu7=d08^&cK#$DF^LyXoi=OZpscF+YpmBB360RXsfDbLj_N-E)
zwd91#7tO5|l&dWOrU>%#LFDOt3`=wr?7~kGu82|0qg=5nDi0tlENEaE8D~^8Qfj-7
z$^$_d=ZA6YA1DQ`?BEJ`iGziT(0LjJ1>_Uw7M$=y4sO>11O|mkn9B~4J2Fp#G&D6J
zZB-#@L`X(sDLu>8gt_!;E&yXQ!Knr@QxaMGtEvaO&vi7tgAA!O^9=w+o?c-SQTf@O
zjN$9a3p1&!<$OJj_793v==#X{g^k8^>$)#a+PJVMd>wg_(6d)vcoTWU;XA)O71yd&
z`oe13ZEgA7%I&rWKG$14mov9!Qi?nOSYBrx%<(Ufybqb@%X}EGFa1vmYMt+!X0-ck
zM#WCv-s$O0+Db9c(d?-TD-EDr`jXt!CTJG>^zP8uK76RN{YX!{;5oyQXCH)7w=`O%
z1|;U7Ol&x2m0InlMysXcnU5W7I+pmxz9T5LHfayl6B_a>M5!4_)^GK8??jOF&p5a}
z4(SY)jkqei6yyQ7i!ub?0uCd|3YM@S)o$EH4Zts<nZkht6)#=DFvTzhHg3g_3`MzC
zrPh^e^WCrG%UU;opB?9A`-hG-hZk@wUf1W5musw^eHi*Cuk@@_u$G?z9a6vXXlM@7
znK{<?lW4Dcxy`eoB5m|OMlA1qUDdy^JX65zsDNR4D-g&uEWz6I>a3P(D_K$v+J;qC
zHyl-x&L%zjBRxH(UWMYq8Xa$`A}>_Z4c&R1qznF*MrhPnaYn2#BOr-tZpY2sX(jW0
zlZ-HRCz+gp-gVDi$k0d=%}Vh26-DvtaK$fWEB;&Riob`h_+^n5Z@(>e#bd}1vx3qv
zr!M&Z>-`Tg>)outa$m;wW2J@&AA*nh6+lnl*Tamy5AuH-TeJIY((3o=5_1$(F|oc4
z$n5(DQ6-tU<!<Rw*E_AiQQ&7~ksiOVS2M<}cR9M=y|~_V>U!^kg^G7J$`9WM`u;vH
z_g2Oa-;eM^SjhV&ND|nckP$d`BOD{4jJnu?2S5>)CvL6VSletXc=W*Mfy{njduf*G
zo06q=FGzy@;^W4Uhb)xU7G&U(CmG4aq&Et6J8^&4;d2^Ci_&zj-iR6vTFZnF_NaI1
z#?xoK>?>gJvu^<}%<|e^xGbdBiWpq|Bn+fZTJZu1HLW1}yo>=hl?Jqb7k@;n-(-rv
z?|ycv#x)Wz(NgNs7L5_RFkWRZSNs`uUD_a{6>!#u1h1g5to@^2V|6#>sAd{l`Lu|u
zk!U&Y8p`_el1M{lM?HNupr_9ajhZ-B!Rt(K7d)F}jcYpmv}>FO7Kn7y&>gCOmHd-G
zMBR^S^@bcQ;9C%JKXPr14O}|xS2S>`)w>w4KaK2<cmFb40q@H+2$ucMJLtw)y=ZA)
ze=88IIDdx43aQMnmfx+EgYsT4_!e`5rB;xd3O{9-kkxl}k+p6C?U+!vK&DPcwF@{+
zG?*%pzKd>iKfob~?Dg+{n{9Nj^`uk&?M;cp7%CRV;#XO#a}LNGn{SHvORVWM`#F&L
z$jbrGehnrW%Il@7QorjnrPiBbsU?fsJ>iIeUMnTkuQb^#wLqfUL7*x}!fKQJrglp`
z@uB5lIf!a&+Qc;tf>KSdZU*|jkBXf0yy8D!7RcL;JQomD?Up-)m{O}0r3=1Q9H{t$
zba-Qv)wh&G&r<S|KSIFYqXeAA;a}5XL-32{Ta|!ozSZ}*&R*u<Tx_MvO@0OR&&Gj#
ziu4!yhno&Se($xHw?L;h9uF-R*7)mSond#Xfde_MJCKm06YJ)gP@6XKyw`yB86x#5
zwIMy0vU!Qk(qtn`ns8ffhq`TaL7FbCX-9Dx{c2KdmXys}X;iFERY7GzD$ip_e?(EX
zh2Ffnrj`S3zQ_XIwD=ZiL73gVighv$zJKCC;6dP;HRc8YZ8|{Kt>1V$GzB_0g)(VR
zSi3n}sg>FhKN9n&sQDFtNRN5E1SWGyJ@i6Ffj}Gz&}a<i&fvyfHS|6{Cd^-?I!L1B
zVk@&;Km|ZL(<9*&=0Qn8dQd-*f{@oo@1oW=5pOe*z7zsiv})tB(uj&qyQA#vrd6VJ
z45Q<U7#+6;7Mm_V!QQm&io2@W-J4qcBs_=J=MC_zsL#cua(E<*pzHxLUN3mAaGQ6E
z7z8#zgTQ9fAh4M<0_?4%(%=p>yL(cLpP}(=BX2WUbX%wkbZ>WWTG6eJvd>&oL*Ifb
zui)dj&<Y-%Qs6N&BmiB-r?k*q$PQ1==^}8K+t`U6)Oc>i7#9;Y)Oc|{GhRd}M=+Bb
zF|e4cA?7Nyimz$E_@Lo`?HB)RzxeOBUo8JG*)LWk*e_OWU!nQ?*e_na<$sj@V)@@@
zzgUrAzhL9@|F-?Yr2Bu!ezE+&V!voH_Sr9P)<*0X-});1#r?*AwEbdvfBQw+RqPjB
z^`QI8eeqc$`^x{Up^;gvTbFB?4Fid%=`eY*ny&q3YQ|`>c2;xFvGCw91r~V6z67wo
zguBGpn;+{PzD0_lG&(>7r!nOh_{Nq|&MEaeOo!s}WubTM^YgurKCictUwkr8dh{hE
z4$ohn@168K`!eYz0Chl$zv`E232gr8Z#H=x4GeDbSTUf<<KyrECXcOwekPBKzqh>u
zF#5izy<^E=Y3~>nxSG9V_}|Um@wWdf?HzYV>>X)?+B*vTe+6C!RJ`0qLr!g1u~W5o
zkQYl>GP8LA&))|)`&Zzp)0Tjve-nNtBG%u_I+FF_S6fHMe%Pm9{JrcW^*jCn_L1d(
zZ~Msd57a1S|1I{BS3dYh*hiNCz3d|^KUk^xzi%HIb;JKh?IX+oXV^!Ue_i{Cm3p<-
zrO>Utm_3Da+ky1f&Bx(pMiQ$>xt_dmdz_V|k_(Nj@H&m@_I1ihJ9i%PTn7>r4X<~_
z2D*NXg~YVi+H&5??X?EZ>mgs%Jkp&9xJ$}@88MGMiRO{FB_}nH%(eR#qIIOs)4Osj
z#k*MR$hWUots^(a;=|w1K5`Ri5+@woZijRtY9Bd1sD0$FuW29g^e)}}C^L|J4g1K7
z82iXd+N<7We~o=)#ntR1E3B$I!|Wq#zova;A(}@(pBZ|5Ow>Fw7pCqC6D!a>@|`wn
z9_b98pym;n@S)Ev2aLca|Dd|$@1{$BX=KS8$HXpqyeWYhNHkph`7o<*$wjDdj8)o8
zm;8CQ<PGLdSn*<h1q-&y_z>Dhyc_?hw|T`s8pMJFY{|CTkoM6jE$G2dppi=(|7gHF
zlPFb1F4XR-#Wgkti}M8vBNUiTuV$lb{V_^Y&%;`OB-S=^Z-3iJEI<7F+DDfE-?ERC
zeEtx1>%WANBGTzrq5R_h3{AX^<aV#kn2u^wNE2ry`3n1pA<;f!7|1?CtKM{LoPA_t
zX}ZQWN;Qx`hFA;9iK|;kj{W3n7Ls9VPhP@fAfd7SOeAXR#8?~2tify~uAf}RMncMp
z5tC!=B&U1>*-4sx{p=)@`|KnW&`whEmG+U6oj8qO-$a73Ac94)CX(O0#!MvE@1<)h
zzMg$#`QY}E<pbJBA_DzC&OUP2*S3#9=B1n0GXu$0?ISA&wvVi&{Iq-7Uu_>*F^GL+
z#SV2_>TB6YmVaIQ$g;0*A6XH#k6`CK;k&-VKC)r}`$z-@;_V~q`I}C`6sCu=U!c1!
zJBZou3B2d&xw*JN^d+4J<{_*}F9%&gIWFL-q)T+m?T#zuY6J~AGnL+d`)yI`vDPib
zbJTcv+fbMV0y>a@JIo(kui1{q9r=s_SA7risNIz1Rs%)7FZ&&i9gv}_^#Rm@XbXRM
zYl7Os9}HAEHkkdZ)P=S%0}}+_dYvE@Lj}C$NYQrpoNU*hKofw^di?MkXbZJ_QyWNk
zdfeYuLPL0EFCHegbUUA4Kq@nbp~C9^^r+Qc{h`%;>AFIA>iw4Upxt+WGrXs+-wW?1
zQg%O$$MVEz9=G?O$l_^4sw7@omaW3>sWt?s#@)Z-P2;8RvIf^JcreY<<s1jUvGeVo
zk>eVI0Rw;~UZmF;;-O&CmzOGddeTH#v7*IaG|3?a;4{p(4QNpWtm12Z>5|o#zQ_}3
zrbmq%T*vU@084w(c-~Yi`t&&!klzqF_EJn6Qkq<6AeWS8>W;U+z^uj{$05TPj^^tY
zW>d7Z>?ft)!sya_1nDDsSgVU3Sve$c2N|T)Ps*%1dJ@ZFIbC#}C>;|`Kx%s{+%swa
zs?a=hQIt-ImJ`m&Xah4f)9a!RB&<&~=VZXti<Z+k9(5rdJ;wz3yFo#}hWB)53Pjuu
zdKvL-LBLEsAR`ep&`^2^{Y|m^c-G%hR?jg4T+c1wUG-=qYH%F^$f5G06(XorrZ5cB
zbdXD9&leH9ZyA*DO)VY?wdCN%05(GdE#Bk;Mpx%P&he%LCCcXZUhSqEf;>Hf2z3_z
zhq)n|KwiqBk*vD}ZvT#Jpk`AT<P;Fik=WXNkDaxHmglgXA|4DDV|CA&Ldr0ly?_Bs
zyXcPTR6La|9dnr4#WhWL`Z9+(EcF6e{1Gs!qDi8u!{O79w3EtVQFupT{7tpLR;UQi
zx*c&ywa`q_B39E9UwSggZGH9|QaLh;Ptf09>~EFL&`R$zt#=)DNI(WF1D#bI3oAlw
z^*}3ZmQLtLr?n)^`ih5mg*E#@hO?T!6lho{(bP*yCvnW_$dzVw&z(X_(I!{g-~`q0
zX%KFTKz-KL&8NO%o|8Jy6)h>nGtYEb_R!WUlZ{7b+esO{@xr$}-QnBBA&NbL(H~|{
zc0B<fv~@NkWdNZf?CDs*7?=j0>xF@&=0S!}g@8{7q+Xk;qokKXjrRvxO&=q?meZuP
z0xd7}YNO}iiG~6?<vQn(P6gM)`#TsbSRcyxJtv7qJ%|C?*%L)#>j4cNPzhFroPn`c
z*3^q!k9#8k<Vpi_m2B-AYYc&8<AOe4@Lb`XW9#PA<z>^YOUFaJv!Ivu8fiWV$aiM<
zKZZH@d9SZruLT3H*R)=?Uhn*GSg!=uYesavmd37EU@JM96X<%Q;lb>s4I4)Afn$1+
znMh%&eyT3jyJMHC=o{L7%>+%%dL1?2Jv&XaAqII{)Wv!tX0eX@^9~Ix)|Ju4`tRyu
z#RT$FZr@@heTy|iU91<Pi}h%9v3?xCSZ84TG8ivY2Q1blKK(G!(&!+IcVbvjfY)KE
zExKJ@e{uFxTz|lVMt~R+>3_4j_CAHRhX{SALpts-U04DX09Bp*gz`69-LtQu{lA3$
zueKZ7Xax<f6QCuN$`-WV(Zx$_jd5$2b$#9-YxmZKwR;^$gVFNz(!sB>YM1`qS1p70
z<@i;*CAw;#Nm#Yt|5~f|{_d}{YO~Z;i`Qg)&6Uf}lY_wipt&JLqVZp7^ng1tARU2!
z!>lv>&NINVKD7ImW&yv!xB`Co*Jvm6>utWg4{h{&_jT-Zm5t2z!zczYo6Y2R{%5t>
zA44R9t19%GxbyDq>}YAQ>P1MXSjt-txJIKef&`%n66E`6ByjSI|30YdzG@6p_>DX2
zl>GSnv@HjU^k#o(T5SApLD?;0V5lRw^Ex6@jWYxELji9!aag_(q}@e_<L;t{>g%S}
zMeb9HRE+H+K=Q6|6dKI>24w9QFHzlI%V1_07%L3MHW%Z1=?#2cZO$BgOdmF*-Zha%
z3oNBFZ3k6TJLI2m8T3BzR|C8W=B!&Gullp<Lu<=L<Ir-OaagU*NNDKCq4JSa1aAyC
z`yFM9bG`#NitOgIqHnEns0#l)vSZprO7eQ;JXW!b2uh8^a?bUsP*+3m;qhF-HbPn&
zvmv8TR|I)(Dd4=?e=e*JLH(7uA^6GdbTU-^UTUT>5xPNm#Y>pYozMeA;XTp$_Rco*
zx6i)KwU+m7GJrOg!COGf3>Ti_y&~7m-!5vqoj{iT-4}WC=Y~K~2O4j6to-wy-kfi{
zU4I)Ca!rIvw7jKmy^Po4wUNr%x0(HUGiRFtIG$^-#yaW(vJRgCM>*be06NhfQy*{X
z6{K#F%&T(1x|)j@3HmbUh^9K8>jKpg$ULQJG5$}5O5RMfYYav)VsW%AepiskxbgmK
zR6*nQS7v<JSBIK_M*h#g98-8-x|RpcIuO?KWu2Syr8>`P0Pp}0G?4`sONfstC~8Em
ze^KAV>bqNgze3-gPvY}s_FTk!0+)fspkKh|_wn{^SWBu;!F1|Va03mU6s8w&KcT46
zL^}1;=>^;kiQjJN|BWa1M!bN#0WaVV&<nT&R|Kg^FzpvD?J%P4h>v64Gbg&Pqw!Ok
zoWwnIvTG>CGHR=_n>&G_(J1|BsG?_;<TE~0VgkV4dPh1x7A+TC&F^rY-U+UTizGuw
zrX+D^vNY@Ibxoe%U9SmU3r|DKh62l-QosHe`1x`8jQ2A|O+vBjlg$UOPRI?1`%TCr
z15L>PkLTmivxCh?2h2x4Oo;zWoDjTWH2hnbkdg2-^e>+AntYs*pX2xEj*g-?kM=jx
zMeK998<9)*8zbTTd_#XaV!VdB@XM!q6eaIZ9EydfD9avt;y*!OXA!X#3_`rKhe?ff
zEP2BpM``GxH#PYeYVxmHa@Xn!aiyPAlO>is<X7Y4lD|WfT|a=N?9WEAeF8N}WJ${)
z>6^iu;!2rW(l;ULynj5~B~X(_vZU)F>5U=rr7m@2lJi>g*}U?J&}T`Gu{%Qk^e@N6
z<=@qf);lP%Kh%W#5!cfIG`BzxFyJn{fk67+^^tHiMH(88rt*B`d<HPub^h=00XeOp
zz7rC;p1^SfSD%!V139GRYHIzFdOgb8qAa|WFpc~uupA^{-`M0@eKJhf5qX<djpEAk
z_LTIHTQr*W#*&`7^N42sB#%E?YUB%AJx8ve&j-%jR??$6{$-NXQuuc0qmmvO;G(ux
z&p{>hi;|vyeU8&?)2r{VRs>gJbekA|`);Wx5FE#I7rKrTzMGDORq96gZZ&sWJ>6+}
z<VUs3xekDEc&&ao-Y}xCwJMVlQWAlb7L&pyVG8LtO2QP<DW0litJLl&@FS=~K)$Uc
zjG)@2+QOfQT1&zR>kbO*5he6`Nf=?JzRCFRrQ=zqJedkSq^lW5XR_4Y)kgR_sV?{`
z7ujFm%C?Amc?9_;TzfdC{^eHAzX%3(USw4FMPOwmgl&hXRUUX2hY*N|I>a~g>KIS9
z!XWcfz0h?WMtB6zhM0#jek;_<vq7fb!=5%J^a{^LnffE+2Ty*id=@|6Jnl|)!&uA}
zxOTqlC{Oqvw)Gk5!{pdL1n%^WHO#No8$i%#crwXao5w~zDcT!aR@mOxn=r3V1N0^w
z=}jOR_nNv+u-=4OZ}u0yg1rgH_2zk=%|oO&!S!+bTYTJvpj_G227Ral!6isTz)S5O
zC5=3bCv{2`teHHUOrPDa{gbBXA*pxUeWTuM;c+K95S(1lk^!Ka4ip^d1U)uzCUafK
z8(cVWDkF9Oy8Yh?oJlJ=K{P~D(A%jf8m=pF+Q9XeROP^b($dQy)m)bLdV11`2RE;S
z2kCO*3mT+Zr&dDkmVy@SC@2{P2j1W6ONP#87j)1DyZFHAEIt)euwh8a<mpww_>UjI
zpI^8C4Ny(^z=;eVaDQC~Ea`J;{D%k({?Cu^;&*hid!{we8IW!E^MO+aetVAkAC`ua
z($a1ez9^W5v&egU13_&;!_%42+2HVXEo)5&$a@E%dZ@i1ObNz;Ja-*NpjPtSP4N48
z7|MsGy&#YdiKKwC9<e`zT#Up0Z5;Z@c>kHb;DD27>D8%Qqfl*&04;2b^hMYn?f6!W
zyY}BU`E(lL{VPommkux9{acU*3!Nx`c6|z?bRAz%MUe*tx`H}3sB(5e8y(c6Y)~<U
z4XT_ej&J7IwZTwc;sc+;P*(Hnsws68$Jb*B9`be%&tW-(nCeGQ9BBcJS8X>9g_Y2z
zAYBqn)j~mae6v>5VIlBomXL}`G3|=$n%{76hXj~HfvXbMRYluno-#ZTX4+_dw9&x%
zAuw*A3=4w%a-e8D0s$+r=rMc%y-pqfO$rJgQv0fEse8MM%*_Dj<bo<X40Wvg0L8lc
zH<12kqz2Xnz5|WlOmVrJ;xgXo!gVK6R9*n6Tzgq<uJDKCJ&>`r1<e#o&J15ywboPz
z-+-^guoZV8r+l%Jo>RUcOz-2PAd)gv?r6ku6+fhIe|Jh=PF-GhU7lM>qtpU80X(lQ
zN+vt}=K5+XmaxbC3e3cgakjBcTr~}^P#vu=zpE`D7JR;^drk4R@Hbi~`LHg~O`sO?
zo<A2UP;q)L<wjUObc9}Y-<Ky6ValVdDIN-cqpd>mI#zrbEl!)q@ARxlb;5oW@UPyk
zLxexTpy*v&G)>xXZbcW{A60QJf$nk8SV=FXgEN2(f>2n{$vEe^+e&&V=j<qKD(R&y
z?l0-ZCaGxQIi&QJM~X;Ar;r@qK7$&@X{yv4;pd=Wl_<2u+mTlTMQVxiYK69Vpm1M_
zqPD2Sa%@^OmSv-|mLJbQ_^yLMarZLYsHbOb(I{SOj4}-l1aD=oxeK&1VQZ8tL}Um)
zDn!&W{&p;Zzr7dQm&o6K7t7y5X9ws%<y(Zu5#Xak!1r-j*4OpfygDpqsg|}6%;PwE
zks$;MgWy2n`=Pyjzd_;qjY>4W_5Y4X?0Ce-^X8>X`NU*1X2_-G99q*d>U2MN_y=rF
z1(OUYwcg{;C)tl0GeEnLUEg@hn9q|<LEPN}fg^?Y&F5-$lk@8|IU3wOQT)NZDOhSs
z4SDV)@)_Scnt|Li`FQInOqhJIX1s=MImpp$ljke&<~a^;sK)GpH}u|^vWL9phY#28
zgby9$zK;QhnhsJG;PT0e=6tfUCZF706*y+_l_vo)8(J1t6fFOy!qgxv`V&?Za%Z<e
z(SulYA6XE9(m<i^KIG%Eg`}rgk!mcyo)y^zMfO3FW-QVO`S(Ho7P6q;XFY~R?qNl$
zu*h;&1af5`f+B5LWEX4Y5R^LT<J+;ww3t?MzOt2WEb^OhUn@yp*~(?ic8V3*h21|v
zpR=LG`>NpgQz&*Ei|vFmpF%58?3m5>a2WD`1bKEto}G}V3iCkX%AGc{;5cLo&~arI
z*OTXP-mJ=Q{8#}WgY*I+=@Xnv%}$ug=WfA>_jXOe5Ap#cKH)tzI$n~4NZqkhtFNdN
zEW_HP<9CJjY!5VDlMFDxbgh8dUKxl?FrPFOJ%KUr)GHJUfT*gT=7oaSPM{yN4?;PZ
z)|HK99u~zRNFpqMy^qgB+=*1*0>y@2x{PV888QzMW@!86`085_*C21wQAqGD%Yy9n
zWFCCIyAf+|xvbVcFQZ@WAH>y8r|=Jh)&5hgoj0)B>($z?{SnLF=(FmfL<^RHX<QM&
z+BdV>5t3%;E&}6Z*_&|&F>gKM6b{cCNU-@H(n9_!8<}?uXB0OPmc#c#VpVn`Y>O|`
zNx;gJs_>a7ll;5{@2itK<QqX`>Y3Xil1Z{Kevgn^V<qp^@JXB-ee%1x;zxwQS$h3)
zI<8XLRL0TS+6Dz_rD|og60$mg6}1cFn}pO_2iLj4H~afYm;}#W&g!|GywPa&IgOV<
z+m>^N<NhY74$bD)&_to6M&m|@rn4ELI|TB<-mVs5-)VaK)n+<{4l^2>zt-$`Sh@-c
z*+MUuvNRJ<F2&gzbE~!FN*)l@tw<Yjub#Y8wL_KAfUKUIY%8d3Z&MV|4cCRg6F8q%
zu$Kx`7eEvg3jE{BLd!r#yx9hFo1F`YAaH@AmS!(###~me${ILf5Y}Cwx<ElKezb9T
zPoK><Hpg00jXJ)aYqpm7@d*aeFGv9)a6E_WDGA`Gk~;eLxJE%K^>~(;+5l=wc0Mep
zoGEr+dL}4pdU`x=%lA-cs>STQ@7jfz#%mU@Nq=78TCB?PTDvxfS8C#a^2(pl=1UG;
zAed3^NXoZK4<y6VOogQhWIOJD$a?oP;T+!geZ_gP)(%`iL94SROv*k$=R`{tDSMY5
zgOEMPI2$KhrJCT+;R7_Ffd;g+0X;U51PvIV0aD3_p;}K*j`NG)PoWJpD@U{HFsr`S
z4qCXUCK)LPPzx`Yn9C-$1!RL1NWI|h$suKzDHpBL2k%vLmOD7;=@h8Ut{bfJ&@GWV
zYwfxz<&O*srKe{KDdT7y>iS?0o!gHF=^v@IL$N)cZY<V4#ifH67`8|3WuK9^{2IT0
zqD?y9b<j%q-Q{);q>sWiQa#^?OQ3{sE&7~tyA~;BXi<Ex^U7U%==sfv5V^o&HLiOh
zTT<u|n{=qwuAc(wNhK#R6+~4`w&Ng%7QkOnQDmu+U)KuQcqXl&gCcShsGz>|kqq0Q
z84Zk?hF()N#wH!CwI@v}|9)~vS8hk-NP!w^HI%K#N0yHB|J5?Bzmt@<pt>o5d{U-t
zn#lX~a|9NF8a~C@Co|@E>W3Sg20`%)7JuPc_2wKk-oGz>j>A$<Jm?E#BbDMDyqA0)
zZtA)|wUSDjK~Mso?#a$1PxnMuI#fdoypEzyPlj`8SpzA<^CzM&a}F9&lv;<WO7Jb>
z@C@|Er>*W8fIxV|5LCx=o`x(>&jwQV0;NId?_FQCd>h*Kf>?>!UmahMQbiL5bevv;
zb-5mZdNy#Ly;&Y*gKMc;N8!TIP~Q__Pk2Ick|;HWW|;k}s_AWXj<QzQt>|_{0eLlm
z=Q;(h+n4UZSUDj=Glg(;w&4dsy5KMcq`k8zyOzJhp~vux^x9qD&}FddZQk^4Xam3Y
z-+IPVe}5R?(F@6rvDervM>lP<SsFHOCU5VxNry{zK`FQ8;Ks*nrh|0o+Y4JmchM?0
zErII3-5XQgN?M&w6JOsHsBiO3wZ4lWcWt&D+<dEz>#I*|ZjjPeRjYsf>@PZMyVXZ5
zgpW~r6N5n1@#XFa3T4NmkSf3a!|~@ChClz5h(9m(#~;sE;m;!!f4&uqKX*m&M~KIt
znbghgzluTMQ!(gI41<osl#AZX9$_2X^ug0HqVI-#yT)r^h}ixq%>O)?|LZMB$&2W|
zC|X*`3!AX~n!~_0_X^SxM{1L3xv=q3K8jckp?mufOXwM}m5xr3SkRw#^dhXEw_JMW
zn^5`Yo3U2By~A__YTZ1NkD}K;L@yq&2L=LfMDBZ5AILZjdcc^p6rDbcQ+LqkPr87J
zH5CzyXSc_|r+)qu!vR}HQ2YuAmOui2p|w(gA@JbE3#4)dMXyeMhQW0by24>HuT;fi
zSAb^!xr$x)Aa+R<yT;Bz%m9RNn05)iJ1KgR7ZCHTZVRB;>kP$&D2n}%;!Qvc6&Bsi
zPz*1#GIvVt)d|%p)hd=<qF82OSoQ?xY0C11DVEV{VzEq+S^>*CgTDj5r=r<mmkEzc
zQE*-jfUpDtMt>{|P%Lwp8uKc-*^^1xzcCagFWy0K(P$LjkIcKY3-!jpF+IpEpI$<&
zn3f@WH)a^{qBRUKPw`<m@5}x83!pzcGH1fjz4#@?x^{<j(lO==dEpGct~n!0Cjn7H
zeAlPw(8PUilg{{iQ+TqYm6tvi&7X)C89hkGoF^~f4K<=k7RG!8z&fDU{~QcNV8k&6
z7!jB1Rmgg}$7^`+Sb)rlkcqzBg#ZmeN6$9_e2dABNi$h{BH3|Bu<Q|~L%ipZ<{1ZX
zsYZ91F()=I5y{)fL0=cS6QXpU?>fML5E%v$gd9s9Kj!0&w~CxB4Bv-fNq<4e{uO>h
zx8P}|&q7(|PQ0oezQDsZ=1#yv>OJu1NIin2aYzrvxR?MQ#E?_GCsn1TlM>kR-@uP|
z4nR+#uz@Zn#Sc>HWDN7r!ze0LL_9xKaehHrgX`&msi~7u(-#w|X{kz0p`IcKMdi@O
z!RhG3l#Z^7rK5`@rAcUh1j8{H#y5c=M~SG(>^C<sBI+lv1O%?$mu?@BhMN6WH*|0(
zqosN8G2$lGi@u@X14Ooa(@PLjuDzjSye5&JMEK{y^*7lp^~EE|+W{NbR+y$zwNFAR
zW@Rf*sHBy;tIh0ZApUq~--Q0x<*V>t%OCfsv$+UnbMwHn>0+~4kvN;r_3=jHL1muJ
z=u?Bw=(p&M-WNNgVuUl!582fj%|*^Q?Qh|UzzcPN3FuI0s(XjSA$3T5fmzL_EHS-@
zN<mB7*=#1v=MtPx!E&i+vS?{2z8?9N$Q>*kp-$*ufE!g)MpaEO<WZ=Xcp76<iTl&}
z<h(zhY-St_L(QlTR(<R$X8?BfH}I>y++W47{*`01eJ}E>7ZRkQ#>kA57oLr>t2Ywa
z)ysYCig@tg*`QKUW1>`~@~bCfq#~7H1@Y`8n|`w860Qtsf9Up@75#Pj6>zH3_i6cd
z(NvHAUoYZSqp^(Op&n!evw;z;V2t2~Ip>fObjIJ8hx}mnbvCJ&@gLv^dwIqWitYwF
zFG{WAn2y3c;0G5dKj?5sVWDfkApJ$?`UsB>jrpi>0{UW6Mga1ZV7XBEtB~G&7}%l&
zbAGSk9WIoaPuBbMtz@$%ltKyr<MiYMbE1nmuN59jUO**Vp!c%jK{}vafJstM=o)&S
z@QI7?41{_NeBHDWPc6$?QWHIr!lHWc1>NkYlb+TqXrbr$@OU(NyB_a!4V=$H-{0YT
z={Y(}mjJ?$^OpkopjF!M>71L_c?8<qCwH|9(j}=y*!QW(wc(fZ_;Nzz4p5u1*-x^Q
z9ykMh-efb@!}G)Ha~nKAqCU%YHe>g)MZRI4Q^YI2TaRu-a+X!<ra<6`0yTw^4NyxV
zcIHGDZu#Tp2^XN}&$$kMcs*tpEq>l}K;xXslMlMAcz(QnuC=qxCI$F?XK+3O(gk53
zOi&~JBqPYD(dJm@ciseL+Ii?4#&Eb6Q;u~WM4Q^a^N<7IPgL*7V}#muEOfE&exSH`
zU<2G~<GoGLO*gm7Yrca=(r&VPp~I15YIE<Q-yGhlj<T~(B6y1p)V1)8?0PFhBX~!m
z)e%0gH#oS@Aw_-=KGUmZA|8d&LuD%-Vu#8;zdb$9-!1NbpeB0K=F5SBbZK~<835g$
z-yhJ|?xx=a@AqK<D5U5pdzuGGcfARaa-R>-hu^<BU?2YZ%?wR{=h<jSyx(FSx#{-w
zzWZ?~{0^yBkU$^#h#$BMJnMp>%Yj~e@d!dZ(dxBFJJGU|eiEf=M$zlip!XKxX-CeZ
zo2VAxa&TWdywi-Blp%PX#z@+!H`KISFb<m9Nk};%?}ik12U!N~DDQn7I(iaP<=?+?
z)sFt`LDtckx5ZuwWNr;gYxRBiJ7GK!8Kdj6dtWQ)`}Cpl@3#z#fA30oPe~}>mGFLg
zNc{VOg!C;W{(V$N^gS96f`!<-z>INCA4H9D%i@f2H5gtgaBeP#;Wc2I-dv*x9Qmf`
z-6X5WH*rXAS;4-dhwM@5OrOJ6@R?75*X~F(<7G$8c(>ygBhdG*Q}Jdz^6Zm%0&{PI
zDKGdavhG-G-kGTXGj>R^ss~Uzcu#n3(VfwLSh-r}E(TpV^lb!oy6DaC>w+S$UCzGJ
z>&<OgLDVHWC?8fLHTQKzIvDAVDbky1R%VqPpgV=wou<U@Jd)5I{6_B^@8=&#r%P%_
zcdA-CSDx;*MUPUi#2z+L(viTqagk~2e0ZQ~a^Dr1ri58qct}xlX&0u#gaENEXkZ5L
z;BC3o{#{@A8Z+@9%#Aaxmgn|O#rZgY^qA?8F5qMc5m002V)4TR%|+X?$XxWBinDEz
zsgT+zMC)&2fKS1(9}w~_q5W|{2l4Lr+_*6>=<~n$FRqVg9vW!iQ<e?3J{~yqKW=?&
z|JFcrVp}@+`lxUFhp&&nb-wmIIM96Evt+RO`d!=qxcN$ZaG?2mW%1ziHTu9mc)lX?
z4G1@#1KfZ3u@E?^NA7&1;9IEhk!?!CkH_Gt`l4YNN~k?lWbO=7hh-%o)q9TVsJ{<S
z?9IHXMO7LwimUJLET+_*Zvgq^B6;ktWANwx_I&c_zI^gg6}*hV4;ku*M&47Ehwkbw
ze5=nVj|a}dLje6OYVY)=Pl@;M(d7W#8N8+5^#$Gr+A81rK!15G*}(+IGR1j^`E2N#
z*!!MqG6c(6=Zy~U>?xRj4&<0A2KB_sjjx~_b2)VIDsoBM-Apd|nF-{Qiun5_85Z&0
zgh5@b@Z0+amB!b?K?NKLZGu64g$`<!)Z#g=+o2BX1-wxfPs$(H^V~t+R}>x8c>Nbf
z@@^d82V=)~Bz}k)-`YG3<TcRvF7jngOc-A?%ms{Z3yiP#yE5Q5jPb}-dJPD7(J@Ah
z|Jj}N8_I%a5O6Wv=8*gf!Bdyvuv~H8xY#>w7N(tB<aN$s<J%$ccp1m{3mD(Q4s}xU
zqEZ)c3I^BUz25`~Ub!FF*BtM{DAAa3C;fsqJi;gs=e<P+ky9w$2;L3tsHfti?mnuc
z|7BY3cV#NmW6d+~$9~K<T3OxcD1+B7V&5Fxd58BKs!Y4yKxx1Ux%-D18nxNc*sOzt
z&MAGdecOJR5fcC-e!k+)tFn`0UkK6_0E&+QHO<Hrji26!Ks=-A1MIv!c@g_2AYhY>
zs8U1(aRqgX2Y!eHJP^?H`+&Zo59s)L2;PX95~gNQ_^H115!II%{P)Uzijs)8+EY#A
z(7m`8`?|qHH}VDcP2i3u=u8UgOh2y37_^5^R}9v}hb!V#jT@M%F+eY8RP^s<0)HEb
zP!7cHR>pHXJjX)09V1OI-HQQLZja%1NI(jB_LU1`9K<tnLksSYwZ$I0_**!hYe0_o
z-F_TTC1dlKF*0`87^_}YMEK!A17Q6ymOCzq;f{4I;th29jeFEC=f`$={X(_N=%-=>
zLYvea(`UAaqt+hnx(LHP0Ees_r29V@kV8H^0Ecv-5rGZDoTY3K_TLn_e>ful_t&6R
zZGbUyR0o`W>Hx?G(mBuvY+NUs`B(2AXyzYV5Se-DJje+0+@{2tXTo*Ppu+WwOf6`O
zR}0*+YJu9dHA`66E=`D=-@*GAt2~G?9b@s#p-+L81NG^3dwieX-<{YewPN{e>JO!f
z`oo5P`a^!-3~pS^x|unF-KT(^yGVxHjQV~Z+>t@|59FQ|2=OeHm0%?YZ1l@Tk^$u|
zlKcJg#~(v4;;slD9l0V{esZ2Z_V#Jsmuq}$6y6ftlp47u_?tgY(L@D?gANAb6XVl0
z^uDkTG90MXVBp=~54;%+ybh9~H_EfF0@+b(B4p3MNg<mSh3t*jVj!EVLUtev2hSZ(
z-}#cy>FG5|G-mPAM&oGF`#pnbxs{YIp<($Ja2S?v2D{8Y!)`vzOHN}BFRd_UhbH!&
z&#kj}D>Q@^e0M+%f~Tg<A$`x_z?$%Yl;E{@^HM-G9V8yKs{=!51BO6KF`$45lz+5f
zI#>9f!*ZnX55W44;gNY>*+WXvP%9{P4(TuDHX{iQrR$g8#r;Kb`MeqWZ@4;m5Ljj`
z^3Bc?QCT@7N{8jwzlYZs9Oj|ooH9SDgrcs-&{KWqg;zjNO@|6+@s>uO%xe_5i#P;%
zqO{t`TS<mpM(o;vf#<UDs`fnIx5BtVex(bi1?t4^&@OPm4Mk&y62Rgaf>e#2D#LJI
z0I@i0wQ)4rawLpzk95b3&Siy^w!vpn3JMd`_&|@2-x`T>h9@(S`YH9K^v^U@Ub+PT
z_Po=lPYd1=qF0}0R>WDhwCp_c<2unRre)d9esPwV1|4|WZzHxkJe=&x7k&CP!Q;>7
zxkkaefzI+n&_xaW<1>g!G%m$G=se#0RF)uZ$RZh9lCdbmN`~|JhX&t!h?kzqBH56O
zWMlr}i!#V?Er^h92xS>Y_riV!hti(@r2^-Ll;RDJY^K(q3m&|pD0bZJr-&qSM<R1T
z$5_5@31UB_@FhDDA>$$nsPdxc^PIl@Wf*P{39x_<u$K41tBm(y#Vt3T8l!Eti1&PB
zdsM#zkzDS<uq9qB3hF_UeC95#x~OvEt}NFs(raR}RYNvhOWqsO<Ic0uTfsIO4Y)ce
zMDVm<W|vRx99_+z&!+6Qhxd-;y@fL7%8)xWYIs9_7Bu2~A`X0;(I9w}LBgS#4YG?0
z!{6kAHe+uxSg)r-PXO<HRC?-?m)^!k(!l#btS(XL{W%j@8?+C~GOb2Zz1<$Hh810=
zxXy&m@}As3ub-yTxQ2N7Zr?IRTG|~-qgrA+3E(yKo8QMaQsgDMdQGG{*Y88`hG5{T
z8Gs-0eM!*LtIM=BZruZ82fXiHr9b7A{=m{;ab5Vxz3ATi4E)w<x6}W0yrr6wC*rB5
zhyJecWrs=W&yccUu$NBWr~ibO^38V3-~SG_i?{*OC-1czcuSpg3SFqY)Qj=MyoFg9
z%Sy#{GF*Uv9H>v(fYaH$rONdQ>%qRIP!lWXfGQp62=F@mgXM0|aCjXC8r<@F0K?&Z
zL?Z-_Cpoy|IQrRmj2}Q)Dgs6TVS<SY-JIV?e;!3jiz!e!(1V>>4$E#*+KMi`$N+Ff
z=7^9hNATGd(b8UYm{K{1>6|D%YUFLCat7XlBH@xOWe1GE%b5?W^pRJpMa#wFf1;4s
zX3QS#I*X4>VRQhk&Y^_;<Rdjoncwv>1%(H)cQ5a`q)?cU!ey{Xv-~VqhEuR2%gn$U
zcwS1z-#lJgU?9U6z_>gJeXtvlz=)FF5Sng2oL>=b*ZB(u%KEdxp-2sUbSTdw_U4E_
zoAF+GJVua#3g|%aUWZ0x(WwKy@g%VsgD5EVbjg#_MoJemUk19^0#o)*V!S)=a8SHw
zEkn{+%X^n)nV~1k_&oA*9kGS;+zLm^w$Lh;WiwoO*NB8Qf)79xAIB+pi1$7LiG_eD
z9LYc=VT8~73eC<-%P3WR2&v-ZQ7lraVlf^<8;`9>unu>Y$5S<6+rn$3H1e@mYt*2K
zFlL}=&R~dl|6)dHCX9*Se_)gbhf2x>9cUabiVV^F7%YACapt#mt8O#A1=xp$#?sn}
zBs0*h<G01J7*7uiaoG&GGs(bjzdgFtKIX~7Gk7GB%sT_fem1(WGS_MusDPmvjLMJ<
zpiz3GDD^m`FL={IU>W*h@JAd5+|V{G%Q*|bOKl1B!vn7YkppT$E`<4w_!lH5KqOcX
z*`lS})rJqa&tOTIU%|T&%G-=tfSD=qZ%J$of~PK<6+G|S4`jk=KpK?lP*<`jf!g{o
zF67@)P&ire>4DZ;GZNyP!VInW5zNq>S89}4>Se?DEmAuY-xL;QMowR@*W8;Je;_(v
zLgbDg-aA$FJ|d$^y8>hY&b3CAdPUP2@*Mhck{vG4hd;p$fY0A2G+0aNyBgIsxf=uq
zjQkD5Lbjj>1)BaV8}KYC%%OBBi1F4PWsnQ)`?%r5D^<bYvgcV2(`oYTTbRRgo;>?1
zMcquJfVUD-Itk<i^m(NQ4?0n{6S_8jyfL)PmEu(kW=xyN<ShfpTiHNLkc(%?lOCqT
zqz#eKn`sP<5xGmq=?{gb&>z(AlkjyM1vr38Wsf2f+cBQl_leT6P%@UIF(VSDVABt&
zZ2JKI;Dtp!Al`o9O-YC!DIGuyxTR_R0u1TCO*4mG&T00C(otU!6u)Sxb!N{amFX!g
zPO`A?gu7>M@kz({M&~h+t26rr78C~{IzXcf^^5O;kqUWJ{rZ_?$8_8V<XU)XFHV2%
zcA{auDr<0>Xe6l%*g@wA-g2<`2K2kCgkji4W8rXzB9c2~3;`PDzFtAQ_!R!&)hh>~
zi-(?1iD8+E`1Z!q!SD_DYZ$VL-dh|%+hrVk^CI7*Sq@9r`sqyn#rQq9s|ITKHi~Pm
zn`jWJE{s1G3Jt+c(_|5(Vg<$`Gzw=i6aumBB92p-jg##Y>H(6t#e)1tnvOwFxN6`y
zcN{!89^G)ytfj#t+79B+(6v9kNev#s{Lkelf2ZlQ_rgp9?P-EFIvnTK)WmxU(j)x5
zusI<bj!ktO!&t%tY`k@0_?*!A`1=rhjHGNNJ^E0^BW`pT&9S;?CmUVo*emg1I9pIc
z(vy8pH0Qa)sl~g1us4gA0P&!pLAPvmnL}9i!YUeSWG5wUbmMW6Z`!Sb<;x<1dy#k+
zSKbOLbZ98wbqKzI7B^-ZYGub9UZc?pWC`S}4Ul&yhCZ6|P2B!78Xer{0QqQ?f6LR2
zAW8F54K7ki7A;qb?x)bXdyKB*$ot_<Oy+#c=nZL80Xot9A44=CbmRPAi@VF--y5!=
z#zAL&-UBrX)E|1AjvtJN>u1(ly%Adpy`DIy6{=)b*6FnKzJ*ih5lnQ}dYbv=Ram79
z7=&>FK$K=H=Q$xD>wyPi*e_3*h*E9wCwO>r11}L?T4;cEo%G_e@$BGc<Xd9AtL4b>
z1F}K%73Y{6FlG+4CgPs)1!%9s>N$ZS^fEJS<;xXb*(C&m`e=Ji#h;MM4&1{sHEtRY
zg?Q6Nn4wL>No6~3-2*>(cr{)#ftwhiWRb3G!Bi^(-b&wMTN>4g@wX^Wwa~lnHs_Ga
z9%w49&?-cQ6o(X!i9f~;(dvBq5k9>e$Hx?~x*Kxr<%>Zl!iYU<04<951L2d<RZ5h)
zc~iH$F$Y5~cLg*WMdKW4tz8hFEO=@$I2~_79NU}`;-Pr-ebY>-9>$0j0G2R2Cy%^R
zo0o;rD^EGNQ-WzfbeZl;tg2D0Zs0ivs8yK^l{idYqBKjCiVU$EbZk9s`|ZE8|JZR{
zoQf9EInwj^z%eav+UvX#kGgpj&Xvr28nhS|s6hv;Tc20j34|fgZ$BKS)2By=d~~rB
zL`(Df6zc2$0J_LwtRh{ZOYjw5!ImuH^^eAvw|U1|$u668I1n<}r6bnBx$EYW%1JqS
z<=N~t)9N`jSN#NQArKm7^?W)P@MG*~Tlu|Oc($w06iVJx2VzcF;jcoVAvO!9Ucu9=
zBU>gQMF6U93IN&SKgQ!`nXd_4hgCU2{Q#fEAl{^My3`douZ0CSdq!UQjKC?q=Tr{7
zO~W`97}1fG?xBj`@h~k_dJP)u>hiR?xk0+u;_1<mXTuoz{=Mn>fm#E3uM=xbi`0lO
zde7;(>iY)HbBbX7??C-pyhv;vt)ldOsG>Gcmm6A%20ZdC4W?g7$a}?HOtr}vG(Hg2
zV!TO%t=!-_uESsq7Xra_q#y=ZuB@%}8Rfhdh7lig%6U3a81>1o!|C<Iv^TR`V0?F6
z{)m!v4u*&kag5>WkbpAFzyB4D2fevCl^z1mE1zC1wHxQAyGz1Kibhj>P5DADa4tE|
z-NbI5q!~H_XOi6~=DHi*62b*p708-dzEE3!59e+;Mo(%>O_;ZQp|1QMt^4>~cZ0ip
z2~;%#s%od3hL{}TKe<1>G)>dzU+hh~@7-ydcAoq`mxqT$dxzPNx7WPl=loI%?l*Xo
zz6Zr~k<h!0-k}e}OI&_$%C9+R8YsyiLrX22+p7V)lcqy1cFmA1QW|h{RVV_FDa;4L
zDLi&e8HaAr<9H(029D{<{LUesZi6dnD=NL!ThVE=x<cyq9P36?t6CoYjkZ1gqpC;D
z{&w<v;=GRcUHj{O<FSn$I5fadgmfB;db+$6`CGSkD?KYu<6k=JrJ-;2PSb3~{%q0Z
zwi<q(<Qj%$F?m(+$dLFemGUbR`Kvc6zc(@-Dc+=&@Pe#8cPTu`^b$y*Al{_hUOMJ^
zkbh=0e<~i_{qzrNi3wQZ6SV}UG+@ey+vy|(Us-Yu-QQih);;^?QWz%AmAMwQjhmSU
zQtpONUhcj~et9kAhxBwcUBdLWlKy7;TdQYPV1b1B9&kKc<HoZmjgIFn@<U&wYNVuZ
z_Y6LMZ>7=k>t{csyBisLM1{E4ZiLpp7vGwfwnoZacwwk7_i;$wq0tzyk9oIp8Y=#y
z0x8vqK2XlLYxEeZtIOOe|72y2Qn6jZptt8Sa@P|;#6X;TGF|SnL%|t(=ZVlFCr@{q
z=pNB_^bnS}JBMoA@JZvGtm>WyQi-t<l04mMt}&p4ltV=w0=acRJzw22UK9M29vhJ#
zg9Q1Eo}NO+u;_K5K+y4rhtYWO7$Zey#Emx<I!?*gnrQfiG<mfO+G+V`*b!522TyKo
z6;18<>&Nriz0G)5`@v>Jkxu%2A3a}w=ngdk+;y1pnVLf5#od7c7l!Nc5dH8>qs$Ki
zp}X|P2!x67xw2LG{%niDr)BVwds-tPf-Dq;azzZ3OZ%WqH&PHWWL=WA55xf3QmBi7
z_Z!{7;Av8GqXU=--^aJ8@Qsba_if$P;Cpv(AAIlZ9T2{s?u~`7RU3gXbujowJT)kM
zcSPXZI6nekmG)}zWyZjlF)(~w9DKJ$;VaM%0-y1VLE(G#8!CK%nHPa?!d2mOHub^x
zc+-IJJ=_!v-^*MCz6Nd(_;{Hc48AXKR^gi+h3{GJYVduurw_j7Jp;lQ*b@sMZZ|Xd
zOoPE!(X6BJsW3epf$7)Q2u$ZRSA!`p2Bz8lU>bp+C&$24{B0RGCI$p0>!&HPpzJrQ
zpxh7zWzAJV`P1$QD8sLP_&*W|_|OOemyaNcF4>8cy6=9m!TcfQW*Q2lnwZhkDsVbW
zNUf9qOb4?@FnuEbo+j5|@_xLQMo6ud-=xVq1=Hsa%jXW_I0?-E6Zq|tJ$<>Ol|2@z
z?5x9b5^{a6<_^m%2dLXRXx+CAQ1>;1*4?A&U-wDPV0G`(^soCp&0uxEIY8agpmjgS
z>WQm+6{|rsofR!71*lty)NN(RgSkHv0-r(do$_Rg745u5hHOV5+iAQxTRJhQKN7Vq
zA$QFB5CutjcEvTw{4@Cin=uQoNal68rH{s;YWZL0a2hY<UXA<aN9Fd`BMOMbH|`p*
zQ4K$bWOlXTwVvd0nm)!W|MImj6u!>?-ACUBffRRq{@93RL}LaMqQ8JYN;9(yJwH{?
zs*~O7(`b1;J~2~EhFkzIsJ*C`m;0l+meO2DWm%gZ$vs-0rGDI}rRND${W=m971YBs
zFW?r|QF@&qsCM%6lhBf55I{Mv3owgR0J>`cJ#|&WVVr1vAnd4jJ4w)8Z_>Q>hzz(y
z^u24WpoFeV9=CERP-y7Ghb(p}-is)wT>&XG*U&zVhN--KNuyCy(cR?iWwt=+l|wX~
zwlDYO`Dr-BBj`wrMgv>Qc<Ey3<%*>k0MeJc4f4npy&6qz((mDsyEhUaDp4LJl}SH@
z48P{+c{y*c8(xB4y_$%<T)i)5FLnOAv^^@zjdET`FZG?>&?n8w82%lQ=Np1|u2tC|
zM{`C*g+}T^_DJL@QQi)||3z%L$%<Hib$Q%u4g<z`vp;NP<F_4Qln&xmgnoIM?HY|$
zni}Jof%Yz`yQ~wP6E`!Bz}`s9@=`6`exoIW|A)DE0gs}{7J$1m37L>U4T>_#YtTV6
zf|y9q3`t;yOp<QtKvYD0?cxSe7Ijf(5G6q3B${@Zm0fkO?z-!~*L7XReMDe2WCD4i
zLW0UeRt>1o!|({8c>u}$=bY+!Bmu8`|9ijx_mfO_b=9e=Q&p$VsXC8Qu8Rlj2bAC`
zS|1*-t)_*x2R(DOCn)~O4z%7KuKP<bFJnf*qd0vxU;skFnUlrb*T9rXlkFdPPCCQe
zNF(T=x=+hQ4W5DV6r8?!EYW_-{kGcC;bd=J>Zu96t`3YPP5M}ReZCt=s|w&@G_-I7
zcR&_*zc8%j7|f524;?!C8QsF7@szhNRZ^2Szz1*GvdMyon6)zyG=MOXAbfbxe^You
zb4u%0-M=<;dkgMG+UGYW&_Yt1kiS0J1aD1^FE+k`Ctw}VtfqDKUQt3s-NKa3Z*Cq4
zrwZ}s$5D9C_JbGbHJk_Dsu;Yw8#z4lh2YKX2k$N3zGfYskHec3gSSkF*W7mjcqeX%
zhnLxBI1jx2g;97G9p1_d!F#12ypxU8z6~7S1|6O+2Cwx74ln&e@aFb|_Xx+|0C+hu
zc;!00y}cKJ7oHXm?<c%{?HpdlIu0*X5QUea!>hg!yf^#78^PN*0NyWR@Y<(wc-a?%
z_x=9xc>B6Jyk$DP*)e$Qb$Hsj3&3Oj`+LrC9(ZS6QFsm=-isH4w<W6|yasBYsfmw=
z4(~59cpX_Bo^&C2Kk5f>1aIE}cz4C%{aT0Def9$I#`lAl$=jFC;VtuXc&RaXB|5xU
zF9dJr)OdLJ^7ajY_pkgYJVA%I;6m`$_JjA<Hfo<k@2?JTX$;<msT`j1Lh!EZ2k*dH
z!+GG1j=@`~!`pb~0`NY+z90U0`xbC`9Xh=CX2s~A4)1{r!F#qJynA{32EbbtgI9OG
zPXFTIm2AOtGOYk1H3c?=-w;ThUBx&UFNO)y`rIc4Jc`Q%NbB|dm+<_}wek5k)KdQT
zJIW}(i21p`j+xm=gAcv`A5<;E76$@Zm@Nt{J<W=K0@DM_lL|6BL-%b#rxjWOd^#QH
z2ktbxJE<TrK{y@r1-Ei22q>pzc1>ewG+sNjX)cU4E=nl@`~Z?m;51uM$E*70MqU-b
z!MX;5K2kS<s%u4SgOqwny;wiYH=idyL0o@O1pC3yBK_&OK}64jTs~W#0*@G3GxQ)l
zBwBgDK7cIo&hi>w8Yhr{J8TK>*J7DHykjx@!LYzu^nZExuon7F4=iSvK$!&rUYR#i
z8GvbC%xqXIR5QSNUeY40;KDuA$47#`?0?X@aDSQAx=-7mYvpxp0jxo?b${^FeSCNx
z$8Xe=-@&(iNpEc-1NVI``-4vQT;smu`|Cgb<g)|&%B<tq+b-+4VL}=@4s%(r*!Q6I
ziqFfe+3-6KB$t_)b;?w?H5-+B9PGuq&mTn1z+v|RyuFDP(H7+CEdY>71zXS+Bv!?q
ztBb2?40~I#j;UzjRVh{rRAGUtGT?U%uvjytsV-EsH0V8-xa*(T`K5%KVe>)UXr${n
z%_!*Rr~~z@R*KPpSe<CnbCb8*NNOYQOTFC=&lUf=1Ub8R1^!=o$nq~1pI{2He_gC6
zXlmk>P0w(VqWcAdpzEwSw2H58nk5LE{`qb=e5I0@krGtlZ?XM2#>DdO6_yVz$PD8h
z@~5H8VAd;{nv&8EZ=Q)<9~@o5bV|Ovt)^o83A$O@C$J~~3%&$Vip5AYUn=SWnYnhb
z7wQ7-L%hv1CH8JhX25%Lrp(@Lumz|ztNsF^?NZnujwtGJ>BB>rb)5l+#0qx9zYdHU
zOY!Oz_WN!TV_4a`iq&@cvR0S|7+a`iu0Qv2h2?h@v;206y}nzN+Kz-<JUio><wf-g
z(zMt>o?lUC7P#`@?I{s-NLt0Bw2Uxbw)z%ov&!GGqHryEa_9Kou^L6a^g{{AH?PeW
zJfqRjCS?ig_9eq(Epn#ek_>`2tFe+wi}-+d(iy=F5jplSI)IGf3Il{IYLAi`1WMu=
zN<s!2>pYRUORB=91-RSEUZ@Wo9OB*1ao5Ii_pz;wRZm7&1%x*F!>=+s0cSER_*h{D
z$I(L;MujN0osiYKI8@30tVa|!D=f48I+?xxv5u;b=q~=>q+Es5q;39r@$vxTWirRh
zj5)sFPv&^}l2zg%2gnmvKnzC5(mL)(#Gr=J;enW$9Kp<F!VFGCNqsOeJvu1!VwLy*
z)T!C=6Nu#u_n65exz417UJ$NUP}2@|g&gQi!FRFbyG2u2QJrjSCJ|Z7yN<5%q4Wb-
zdYmm0)lL`edjmygsERbS%v^cfm1c%-&3kamsWYK+jRk9ZAYME31}x3qjLQM7T%gTg
zmO%4snf7vJG77*e#r`T}-n^m3->R|sC+ea0%Zs7CztFCJxFMoYKWTjAxZvLJ8EAXm
zbSjm0TuM~*#NVGvrTduZeTMg_i3|+CCIXa<X!Sjq4E;T<2DPWoqDn1A7FK-jRFl-?
zO4U_4)2xUM*|vi{h4CHLBjpD-l%FxV(<{Eh@Vnk#i|1y2v0Qloi?~<KVl|alwj&8R
z0e^tNz<R0ZHNs!dRmCai+!OlcXO$@;>a|45$fQ;n4=^?QF?1g+#49@@%h)UG3(<X*
zlhqX65t`QT^P=eIeE#_sT&{QCH*mSms^-vPI#P{dW~YnQ!qPho3rjtzrH_I^n1*G?
z{r6>AZL5Tbo}F67l{huC0Dto}9J$}jPT~0UKOUJs+>uly$QDhFem(fD5a~fO@4+~1
z#fysu6C6HFgIYt;Nl;&qJ#9m!P=B8JAyQd7_uwe*CO)%HOJ59g)SI{RCO#u??)E<#
zRv&>Gxmll)H+NU<V$a@20BGH9)e=XLDMQeKdvo<t)Py9?@UZsG7=B=NMMtU-+3(Hg
zwb#Nuuxi)JB-wXEXcDyP!~9V^lnoX?JqkNH--ue%Rl6Qfg*~Y2GwHHcbfSVsP<-qB
zpqsbJMEvXch$ed63QdiMKmQ&syXWL@U3R<pvb)LzBi<Mqt1l~)_RrD0Q-2-JEiwvD
zq(->hpX*82pGX~~?|I%87mtKQtE00)f@M(^UOBm|K>z?qK)1hEz&#RB@$x-*EOnT$
zp=p;U3eJCuAp^#8Qx7TXna~xG=l8Ql#qw-}JUCkq0hW}@&Omlr&rqdeF!MhA22CK;
z!-OvF%dvxT#j1XX8rm141InaFH1<?ULL3puh!O!-g`SoMEbP-l{K9?(cfZPGd{+CM
zy0PJ5t;du|@L7$RJIQ^y4`<s-hF?C9`*N-4VT$J7uYw`{D97^yDF>_i1N`l`q9#Z7
zZdUcWKtYo<`QCxcDfqL2bZZXKEvVitOK9;bey%;gBw1j!u&W%d<)@vew6}m(2Q$S1
z75*zqgjUfK4pJ200X>N)aZ~ygFN+pmPQ}kdtAei&>|{~2&>fs?Jc#|gcj13Pyta*l
z6>vWmyJk?a;A6zHgf%wk6OPtkBE-!xAJ<^S-V)HQTO4tHZ$y78xvFpwmGoE#Dwlfm
z-YdX$Y>BPo@sL<UiIZa#Y*PH<X3tLO)hU=(kOpIQ5xmBexV10pq-3i$F^$Mu=qc^>
z#SKU{58O{=v*CW7L}j)B;XJW0SqM!CjSr2D9`3Ijg#{05m7_Sp7!yj35XMLJq!dV6
z++QBJ0o^hgwG&1<*~LtWmPFk}%|QM5WKu8QW~7)Vx_&E(6jgPeR9W4v{h0!mpF;Cm
zOjbV+mzd(L&IX*{4lciBaC!5$m!~#)M(}G1%|_)hU>qzKBd2^8y>z&J;Q8_3^1<Z6
z<<l=z{?=IIle9OJ5kawLXGAf0{`_kP<j)?QKe)=+FaA|<c5=UWB=Z)$v!H8F93cPQ
zd^ftqAP}2MS54D!WCw3e#Nc|jS?<Cq-978OY)!tDL?OOhWa3?X37=hm(NcxM`j2FM
z;Lm$$!vsOI7Y;)`6Oew_!YfEu&6)el?bF%wTP5*5nB!#|=t@MhO-0pkw*#N69wk*{
z_novO&O>$PCSa$3oScYPfr@{nS@!mc9*NZ$oYl#4#X0PtyCnE)!bsj!tT#}g*E{wS
zUhiJwXE|igALXVdEF^oI%%M@SFs+krF$p?6&ut1>YDKS_>C%q2vyX=egH5MKaE$A;
zg9p6N`>Asv;c!Oa6{}g+{6<%nSqS~CAL`%c=2Ipk(8Rw)FYbPGF~_+5aNK&1^4r`+
zf`8hqH=*l=iHUgsoeS?bz&o-FQ+blD*mr~MU87y(87*xrT(a`MMc3UnPo6pi==L0=
z<UN@WLZN$PW?d*5g>b_LG0G@{B)2%l={-koP0vm8?01&0Nt^EZ2!7af&j+%9%~0)o
zxH)%+-CNWKcps+C(cj;6s!g)D(M0~c^t4|r{UFyV?sP8QnJYHumESB1Ypc~j*FI<Y
zxocsLNTmVt6m*{Ti!p6$Z-il9^2P*Vb1JeUUp>R;%M8Gllhv*e75}u^k*`?mwr5E3
z-eo&2?)Q)Uh0AtIBt!ik@v^#<)(EX3x1*7lcz;TIa2QE<&nEewT>C~}Sjy|WyEpt;
z7Ma-5%`D8(BZ(+5N#?~(4)bmE8XcGCOBLOm-3id8XKL^@{4G5dI5J+?RbD?yTCzi}
zuC7LxgW^fl(j6b@NfHA~dvetdTX$9G<7WS|ZJDq(9PE`QHm5_}+4XtXXKIhy!M2=S
z(y3O5!-3-_aR+<5k8SA+oM3^zB(ZO4U#_i3+7cOKI>%{*b(~*4&w81I)$U%p>wfn3
znZOZa-I)X^<Pi2qtTv1{rGK4(u22(4xvE{(%N?vHEQbBLTO8?qkfD>+WL@g0c3VdS
zurbqF?a8H`0H-f-+~}z5<AAy#Ul*&%g?we!u>hb`?DS{VIMPqThZa_oHlkXwj)U^!
zp?vew7ASu*5H!~HBm|B_@g0zB2UIfxtFf?}7O};jrlvPTave0w1g)9?g|FZ@=Gq+(
z^Rb_z(+b9E#SaYqX~h_4V{&1HQly9G#;^a&XjPNR=PAuLCq@Bmikc&-QHTGyrkfnP
z-id$%-sl)D1k*9Z_IXxyJ;@`u-)aBo<r1%VrFIdkx)LV9<`gb@WOin@Xwz`ga7GyB
z<Pi2Gs$Y;bNNep7JztB)`sFgPCoveQp34x;6*N#TACeMoFrGYwQp#5*Ww0u=4T}2~
zO47d#fp0$A@d<hod-Bi3Mg`8IZZgSk5}VaV0Y-R5<%25vRRowJ!!s)`{i#TLVut4$
zy@G@llQ2STf8eoRTxsZMyH3GWLrI&5Z~|ZdJz|d@+&&fs%00Iy^Ps4qFLfcwGn@-a
z!w#nQw<pE%U^Pj-JF|q!I&?pnbOavbEabm{SFQ1y1SFOR_%(!dt$xMOq&-Bu#<UtN
z<Ij5=^FA{vK?uDKbO-DE;8Hw@$@>+4$ehG&TGa!bCG+P!jmekm$&Vh;<yCCYL$UVU
z*}pxvVwoHIwP)kxXnQ^--euZVyggTA-ZR(4wI`3aXE=WN%{9E@p7uz4x^`gu_2h%?
zgXGC<S^b6rh$nrp1KY<ct;l5fuC0Mr+!izVw&=EIU}eiFsw~Kp-ZJ>&Nt4xw1jj$c
z;PM30n|MiwF##13eR)qJ3~%0}(_w#f<J!~KZ{Vt}5>+zR4jG*P5T&a9lKP-E-Ccyc
zv6)=_Jf>|<Uc#ERH?B#bH4fiRif@%sN$Ex(r|#<%wLNo}+|?zkAH%%6$(N|%o_}5N
z=QO4BdhJ;#tx*)rKca+y*_~Zo&iL%^Ws(o7n<DvUn?oa`@za_Kuwp;rDN*bPJXcG;
z+cb2bBjwE3JeQGm&wmk}KcUUM200p5`82-!Mx%w{7=#8u^p<+wM0ieu=iY#3yyyVl
zYQ}zh^X6kS-A3~N7C>S4OICRmz~a;3E$V!eemj;w5@$SYUQI?k&s>BqEq!-e(-CPv
zLz6~-z_EXdgx0*o4+#5TXGgJr(VHCmmyt}K_pkS}FnFnF+Lmmr%tf=LN%GcZ;899b
zk&)Cx(AuZS)KmoGSoutNgiSK90!q^TByqb&sj9^@4vqhSCx5~SK=!%QaPC+*I@=`G
zD5J@=-Rxj5G(ejcW=DHHr;hi+f~dPrf)PfW*CD{8hf9Dj%Qtcn#SqVh-GY<3;Nk?q
zQT`Q=UYs2-%K7q5gl1VS5V-lZJ>P^i7i4}(sD~DOb|X!XN+9b&GX4em@5XOsmVKOA
z{$8I!2$u1Kub;mMi)-~&xNuoz^SN-CkJ{Pv$f#)+Qq9g=@*XYTA7cKzs}qFaFU}DF
zOxJRC0Pi7ybOf*&01)0CCiJ<`<j@hBl*!>-kHx-$V!{7HbN?porn^a^yd2YyP2}Lt
z^hUrfy%4yA+X>tk@T2_^!8P_0xU+WwI3gd-_-Xc4{OH-DiHZCq?WKQ5=*yol!!=iN
z`tl@C#$o-_2%<_W@pG#FxinhpUQGUaB2QKzIdqB616#CT8h9Pk^xWRO>u-q87E7(5
zH)VyMZFsECQX{PoZPEx1`1JnhC$pZ^PDxFg^!LW_`R#LI9evos*U=rcrpLb1LhI=D
zX|#?I%J#qTb%cT8kiNBKMb4a|v_~&pN~>_<e0VKJ8~S39$FD9%b|#3Xf${S9aJ+o>
z7G)TLb4LeiSHj}F3d+g;6(-47lp*=%qPx6qbb;5VO@<{A`WQf;Z3fT?5KTKxXxjI%
z)YO101nmM?OrQ8fF?!tc%>_}$sY!Otlcpt`5(FsWIT)G_J!sAPwsYFGZNypXROlYO
zqer(6q0O={*DAxZH%ftn2H?jopV$zFiRMJ}KyTivEE+cQfAtRcebL{VcPX@An{g$d
zuFv&Frt3QsFECxFHq&&?!eU)eEcku8SjsbCLgy76j*4*5>_u}=q-DrKIpALg{If*B
z5(A0)xv)GpHxb}}!H@PU1nlagb#QtC-I3q~+A|!sTm!M6dCy_K8z5ika-Q&8Oqh5j
zS4~*GkDudu^PZTBSS3Fk59~{&`M2<2Tvl1IufIM73LYo}M<k5uZo~N{49`fAE+qdd
zBbWbmCSowd8rrL~Npq4on{;SzYD8a7=U2ZThEfdBTlF)|90yD<c!^%{uY1qKU!mcn
z??#-f*U7#$@g!SrDkPGPzDnXq_9z7P(_yG`VW6f)*dK4+t=E4m-EHKO@*%)TXmjlT
z>9&~5GW4exI66f3o*O~|ab=dj4cCPT7&J&KPW#*jJW0{+y%Na)aM!bq3P?`g1AU4=
zw|cgJ@?i{YR;>0S{4D}(k2JoxfynSdwjX;msHm&bWnZ$S=9?vdwLp$XW?N?a(+<P0
zG}}kN*^>V!{L`%t$Z0}L#GCwyC*e6`fCeLyp#!)I?Y%3;_V;HnQ+psS0mT+$vHirO
zC$#P3i5t|e7{RC5YbJDGkfY5?(^rZ?`_p*RqtU`9PUyOJb3*t1HyXqEd;1%W;S0q>
zB@JCEp6RkrprxbumIA+}5x+G?QM-{X`Ubs?69d(b{MMM@GsIkVBa8EmGya=<x#G*<
zCn!F^+#GXg1kFFr4t=B84|;A^>^+>lLZ^Ol?A6sed)02??A0i|5az^jEP^8TiZ^V7
z&aWXr_nYXv#Jt5q>wg00p_@3B_2a=GYF?ik3Q}WJp^4K*baCQeWdWukUH1|Le4g)C
zGwH@^3+E&YuZr&JlHWx~aJtDo-x+430<@IUOwAZZ_>sC!0)9e62_ao40UyQc8nfg}
z1)Ll}oB;a|jT(ZlikcCcA^De^kYRx|MTJMmauqQ_ba7lSrJRuhM=b7S1l<)%1fX4t
zn$?C7)vN<jIN!_<T{;E?tiv()4(HQl^w0!BdulA7AfFBA6J+;Ce1gn)ollS(=vUVe
z*X362Ey%Q9@~x!>ZlN3B=r*F$qg3sklmvd?h>Q8DDc`!2?9y-h$T0HaZwy#V=-qho
z;)stQKsS77jagZX3q$<~I~ve(S=C8+pW~nWjlRKYPmhoAT&T5vM0<7|urNMAXj48X
zji`t~qJe+5sUWj1WR3H`1FaY$`x5t{w;2_f-#%Gw#U4LIi=q$*LP<GA191^fwNA{8
zvwvI2w0J$v=4i^_B%g?Ganwv%P1_@RX9(^$XZsVILVr~Jt1_T9T%H=xvMO|M2P<0g
z1DUXQyOXs0jW~A8VTR?z{EBM%a~f!{{*2@S{a&j1>Dud~`N$>?<0E@+7a!S0uQi4v
z{_zl%z9I=VL?+EmmwdOwgnukUn)Fz<6zBuqI&FtE>2?$O*%7x(n`RPX1e0Xn4oHA8
zn3PQ8j(%fo=pk5qjOl)p(e>e-@WiR6Fb*lxY^cZyQ#e0E=DdwBUjkZeL_!G@8-DY%
zV>HweBaS2vzyF{`&~`&l&!d0-u|6k!w*#Oe0Q^`w>N44212|`x>(9-S!%cE{8&Kt$
zz$~q>E4FUQ+ulcp>IOq*i=*<G%nEiW{;X!nTMvZ2lSk)~Y^PYIpC2R!u~x<2f!-)t
zQM2Noj2`R~(47fQJv=kH$)8J(a5Od+$0-QA3C=#W^7bcI_pisd91wo1g!Mr+ZsG@8
zN8|L&(aMKl@f<~6Y7C9QuW7UWxrZd%9_@|M=#pT0I_{&m<s@-z<-?AXcnD;)Zg_@W
z$91Tiuo?O67_iG|CZ)f_8i&A_F)|!@<oxis$T2rMNZZR7a{u#K-QSu;$Gv~p=Pyp+
zhcOaaolZJ#z@v*%bXJEf;^uLYs|nQ*x`(`$(RolJdkXDV(cZ&M<#i8iJYbOaMGDtL
zF`;z3;`SJf*zr8wQpB+p!+4V|cSX+Phg|cm%tR{};$G?iW?~!6wR;pgWO^HZs6m-^
z+Cv4&LX;4i&Jl^yUfmhv*9O^(r1r;e|NT`V6&~~lsLr#d;Z|!_{6!9!y$%I^x%qx%
zk?cQ8N9Vb$5(C&c-?0f?U2E!M-M?WI<??~(ZG$=3ofzklfxQ`!z1uQmJ8ag8R`+UI
z?VZJH?w$zbK|cZnik)lK4xcpWo^l2Bx<hW+fbSEI8t}GTnFzhy4r6Fg)Kjv$`=(OY
z#641u3$>$8u&O7}(%NNBo0aXF7-m(dUMAaju&N)BQ_dY&Ginlq<%%$R+F?JflPmi8
z(^kvY^0OkVs;AL=jCw(qUSBKf0V&XvC`bDuvo~90`%WGjP4PpIbBZ$DnZ)1-oNael
zKpZgs4e!f<<rPJEGwW{_c=HyeXM`BJoIRm^H5=uxL@Sql@KjuNO%$*j`PHt8u&x9p
zXPM?1uc!?QEL{}Qv<bZiL8ogcfUaF6Bnm~<?uj-mZ*f&;s{`Z0;&^Wm9of6xB@R}z
z19}JCL>k~Ea43=0z-~A47IjbHaH20OBPT1{W79vlGtw#9G2NY=?zuQ{0MZnrEpRY#
zx?-}i=j+ht(0Sz3ilb&|U1QM#=uuG#o-~8pIgHHsdL?gD$pD9e8RQa<4)3)2cMEYs
zt=pQ7hEn8qjVaXGf?hn@W0lz=UuO;-e2u`3svKBK!UDsg09O$ip_fU7H*cA>1O_^X
zWa2XG0)bUsr#~+g_<1-yJ^+u{2dSdWy6hpGB2_7Rh1t?1RJt>ut4+ErVpYe99WF4j
znq_-g%{;1ETZh6~18-uSrb#7fh#H0pbRhZbXi14mGDysBb1#In*a!_A9>;ly=b8b-
z<6zGZs@**{r~=cJd2CR#svb$<-OK2gx-13#<4P6V%>C8)WdCZT?DLr9Ngmj4`x2#%
zaZ9~Js%WI+S@j(&5>jo#44@Z{1q(#%s^lwaWi^hy=$QqYEE|fUr|(#QO?37+I#sl2
z<<uCSD66X%X6|=V&@4x1lfg3|{kv?k-TiF+H|cjjOIA{wHjb+b-Mn#Jl7yk9S`wTa
zL}|00AwjaYJ$8k(X+ty%aKg<%oc8=~S>Dh+zY|~wM(3m0S|d5*thA!l9!8n2#Xp;I
z>2AU&m)f9BoFQ<XL!Mjv1NKb~x%?|dZ}$)v%Rh?%e$6=(0ll~mudcL`4;4s9ogoAV
zkJupu+E{6QN6<gl#XdL3KEEG<!~jyeo>hxw?TBUlIs&OX_E`|4pK$>Q@BRc=qT!*1
ziu$^hm<XR@wJ84QsnrrBqSa&Q`vc?I!610sL0BEu_>&33O{HlSvbY1@>fo)=kXs>_
z?o^iaJZF`EDhEzjoZ?QGdM0pWyfY9^aEg0o`A7EBE^XTbpFm<=h`t>QSj|>%cLJ-N
zi_5MX7-+ml!ZWKreYGu+yxqC%<$z25q;r>XJFD4_h6lE0Xz~N-sHO_VCW+N5)<;10
zz{{fN>lJmYOKtQX5+NOyuOyxU$+{E%tyTO<4bWUgY?Q=4wq@jer$1|yRN5yk>B5Ff
zf#Vjj4+D_l&1YYNOKf!c6N!0u*&4+@sdN{Ce3UAxS_5sg_4(%vVOv_3v`my?sq74#
z7$4{vA@=xl(VvcB>k&_S14FvnB*-I)ZNX>7h&>?nF4B!kJM2-wue$9R)o%iIUV)~2
zd!Y06F7-1<=Wd5_HxTdL-h<HpHc}QHpdSMTg4f63vs#z+j?5N7ARq-0SdS%Hts8JE
zo|ODqK=!j%0CVy8^%Dfdk$8%2NxRAEAIYTBQ__;%93w|8;whjq(5*8G;u(ML$JDJe
z;wh=Lg`nL@6;xrzY^VIQhP=3>j!@AUI6gkmJwoj8XEjin4zbl+H>9f-P*DeqFgk)s
z=yTHEr(dwg`L~JY_yUi=NAVo7?=2z8*5!XJnQiG@(uq|@2X4f`f%7&dL#;RkXjCNI
zPD$JY1Zalj4FE^HS6Whslw4ZULO;HF)`bf6P^_0G%>#n3>PrJgY^5T0AO)d4K&`ay
z#dLeU<kuh7tuj+SDFzXcDec8MX;$X1z*{EuAJ!L%)<0w__Ib=oPU`9m#r_SeL^hq7
z49qm!#7wtZ*ofQUUokKd1<}lsw;@ATA2LyXJj^9`tMG@sN1A|O_ABKrFl7YK0iSK#
z?Vk_W*|lUB4G15^5&Z_yTaSprnb5!y0}BIP*j*2Mb59iirLcd}8NTGJB#JKivSsy{
zZ0nUawnswV+8bEquh0QUpf_$iP}rNA?Clj%Eb+FYW5;x9lm0D%99b8&DWZl~u2R)5
z<U-Tkxpa<OpniskZzZg@^1zR|4z0kHzzJ4?dRn1d6Jip5JSTc9yvd*T5OzipgXr<D
zA9Cjz;g4bjL?s%Ld$yl&Uqec2J?kUxQcX8Q7R(D}Mi^j%fY7%U#N8nI*HwI+X1XW3
z)KAH@8hCzfVUNhA0Q94Xje;G48i_@L*coN@9ur7ex5%(@%VJ}(3Ztri8lky3uvJ(0
z^}}zm`psbc&Pe!g@jIp;e%}N9?&J8~Cspltsdrn)xTkOjtcdGq)MvnKh>lzuTt3JX
z!z^I**iHUK9itlNKF{=<mxOpt0*twmV0%2O*t^^}!Y^#qQJI6gO=YGMixUc<AJljU
zsu?IBfH>>f6OUz6vD&C5bc;f<+CdE?DMEe7SghV>f_ZuuwO-T!$L4<9nBwCLPV({X
z3^<R4l3jDVrEuM=2KGY0X?)MwxfM7;YY!?12c*q$9L08NbBv?dE(NwHIR7q6wK0z3
z6npvvDqwGpaTRUAcqB@jV_ZcWa1~pF&5+H3I>`h1z-K$@I`7=*^Qdzkro`)FiBtNk
zbKZ(&{r{kzYReBAgrE~r`sXQ#&odYEOr?~(sd=LWZS0JOaA-&<F_aK>g`J`G+`!M%
z?hT~!cpKb*K$|X6Z$jN5{14Y-S8$F$aj2r!Ndax99OzDx#X5OuU9M~kY(d6@<P%+C
zR5R`G103%uE@h~XqxJ-XMtEq$2NNpdIMr^T+~#6dTUWfK4XeQbrUl~m0`)^@AOuXr
znWO^olj71{#bPTDFj^ZfSh_2>z}8k=+9HcRc#`zmCs>O?Qg1aneaU#N&1#C$tMf<V
zuT3@-I_QW3qi{yU-(0}|ZMyEU9R(%d?df<qYzvSaSQ{q??f}Z~HlyCiqgT^?G`x<(
z!!Aj!4_$)iwOmTG?a+Qa6X)Ws>DaJYt&5vxb>n-!5$}B6iFgK2It9r7n&@I)uMR8m
z_M|>`?-mChTotA2&W!QsHQ$6j!mq&tAoa}ph#zRvEwB`khDH2?XAljG`3L{|*P?!A
zx7;LGG$LGh1aW`4G4oh(yr}zg;89?-DkmOkPnoMO$`kS%U3o_I02((HXdYZ~zIm{1
z&^#zs4`@mIXew~G#-(!W|K)^uX>VV6w(80=%~t2-nIX$5wGC=gu%<S>CfpXykkW*#
z4*YJH!!2}$xJ$cJFK)r&>3H=bd3zVS7fAl3&!56z)Qge?eh!ZZ<4v-yOUlVNv&wq(
zX&AW~#H&2K9W?0&0A@N4u;_2;cpQ)q`}Irc7coDZ+(20{Kr4oq(4<eoVa317K?hKW
zG~0*Ve9_WRM*F>}W0^<9O6<T)`6WO+@CUP2wX7Kz&HfC@IB^1aeo1Ip^y_a?P{>~(
z$Q!TV|0N6<MdzkuzNT~c&_JT5f~mN4?*HjPw(jl=%WBbHS-rho-uT(4^k46w`6V|6
z(3QCMo83CO`M+(|blxi1d~WXmRGVS+P5j)n9acMtpabqYym{=>^AP(pmtbOkEOAzU
zLT>5fy8FX5_1{3nN5E^7qnitQ4ip20MnMP`^$pwrM)gH>{%^)|#sU0uzw?@nBxrZ(
zD&kPcwRtk1QK&-i?Vil4<^YZ>%B-$=cP?4XsvPhJOL!4$fvT#nr+YAvKU}^=)(4#I
z{er45S@jsYwq9gi3H<bfY<tx%R!xT}D)&V1LnrjjAnaA2CLWKoJ}~d^W;?1nSv7fF
zRJjixm}Cps&Z;o0CV3A;b==%ttj2AX3MxC@YcSx*Tz}#sVE&xA7h|{s5ZJ^<Zlw_}
zF{4!Z3~>U<13Q>`47=!gB+@<4{pDp=NpLSDOGe7AJv0Olrrfh()nkkm-dN|m6v2Fm
z^Ideolz9xjq))>8m8&oZHXLutk`#Np=OW3sj&mecE$-2Z{eb(@%wu%4g1C>HCW;EJ
z`9MS=WSQjSKK^lAfEoPek=g!{i=b~MD1uPf4)GgFY>1qnP`D6DJ+7Iq$K8eR{Tu<3
zdIUO(>S@`)2C=GLiJUj$#a0<n6Uiw1JqePUYt@!b#;>_n1z@?ZN86fXtnyJ(94UZ*
zw~2vvQ{bR6rJmIkCrBx6`jIVsG2m!SVKtsajPxBiXbv1QrR<hccCfdLlNJX8M)r1#
zlyVY28X;3Md<cz&XDMa7gm-5GsXeFcM(4mnxx`$j@TSXvt@f5#jUuZ=_wdrDNY>4i
z4ev{(@D7Yslg(;Y<Gd&k1BXq{K)cbI(hW%oN=g%^QuC(5Q!%vfumv)hoq+?Uf|P)q
z(!<_f4NYu<CWe)io$%d=MUv%|?$E{X0w83yTTW?~?0Xb83$_RcFsuUeKZOFG_%U$+
z;T^2%aZ=re<_d0S<S^S?XDrA(Mz^&%ve<dSQJo>%zh+Mr;#pa^!BN>+z-o@Um@CLZ
zZTIZsmT&&$78xdC0+N=bOuGHS?cm6@y8eP>Lq}mqh<zS`?NA@tQ_)!dMqjw1PrRo$
z%%1!Tw)pbZi2{4U8HS3J9MzeUy^B5d0ba&n*fwMkpt=C=Kzhp;ILp5h-M5slOc!8{
zk(Ff%tC5YBE$&NLO&gv`1`Z~cmzm)EkiHgAD6<8UW&20yDs<#6QuJe5Ux0t`91a<(
zXJ<oi9J)csvZ2_cTfZX1-Kb;!)1Se+e|ZUhd;1H6Kx>gz{wB6|&6~ykYZusf1NIR(
zsG+Q?TRd-0%2%UU&7@n;Tmjr`&ED>?=i=a2$VSQJwe+8K8a33N$!f_Dbs%U!fDu@L
zdmWtTJv^2p7(0V&>C`4)q62Bq)zkuR(;Y6s%X<mcoyd;+-uJkv@*M{aoPo$$ZgLO7
zTiBIj=^A9=<j5q4|GFg=rpxT?YKfGTp4a$cHu){X3tI1*R^jn6tmfgpRMt9~G;C02
zbW}fJq%3HP?t{tN$tpWh6syUHVX!)!fiDvkL#c)47&JBWSP14pgF-wF6jM9UBi(s!
zavFf21ab5=fHm7Ua!SNz<$%_7IufA>gR=0`_vfHNz(!3$Hfl<GK45H$F~0Wx5UKzI
zhHf$EgDg44MDeyTRA8}qTwhB!`Llo-Yi!k(<hM<s8-uERbO&%Oa%wE0HQ+DL05h;H
zC<?*n&Y%JRa$x3{rpxx@?)mZ-J?!aPngzxFABo6yVH?h%abDjky%`{%78)a;j^L*+
z;y<BY1FYiXo&aJD1wH$6U;#aJQ4XWA`$pKC???Y(!$WDIp&?_u&=qSdu;pW*ojAT<
z{+-*e`wA_%J3fxy-6S>HS7?oUEi(EF)8pSwzQQr_?`B`2IsV<^D;ydBp1wgGY|q9O
zt+~B&)Y6E|5xTUo?~_XPh^Wo+`+$bOi=jt>ms}X}4mj+7GiL-c;Ca;*{5f5>R-#Z=
zo#9rl>q<%{6b4J}Bb9pmfONd7(>(^^-`zzaqI_5u5HytQZG{pt_tW)OHeJKVWw>6~
z#YKDbzj4)qlxMiI$OS7z{d_&|r)p#Py!Xj?2fbw_PUP*qB0u_1YJYVqs>g68!a^fW
z1pJd8$5_j1p#%O&@UH~FJ)o#l5v|4uT8UG9>SQD+p(zr>s|jd2d?LMKQbI$;z8!C+
z3X2D~kMnH2d6S~ebN&yTNBc^jc8adcJSM&RSaTwh^99;?&0Fy*c(Hh$`uPE?aRQsM
z#u8cklJ9Yo;=9AFOiGbi?P-^~7b7RI+E#i(KE0WqP&%uVHb*2*1%qrJQN-;$*1}8)
zcy&pvm&H~&5V8QItr9TmvaL-P11QBkzdd>?knc;p8YFEbL099s06oMX4D^fo$?>}b
zHTR;#0=Q#fCFP2~U90?)%7!cIDwxx&V1cYMh7@UI`5g;8$S9h<2^&W@QcvG()YCEn
z(Skj<S!PNXu&CEd_Evb@DWRVnbv8--c$;ExE`|&!jmJ(Y2FG(atN36w%rPoCDa^l#
z=y_qb;#&cj%>~RJPK=4?gslJOq()Z1?sr&I+CtLP+|sle|A*33@CT&bUucqS&Bf|=
zWzsycb@dOWEzym}H~#_BvD-tUNgXsi5zyMC*z1{hD=i_;W$?lyTG={`jU<WNm7Jl>
z{~JQftiAov;(MZ9@%=yx9!0Kk%>rO5NSfGmc)<x*;fZN)D0Hr+h`VA_Yl7m>N|3{i
zFt&euh4rE)0eiDiLG~LrqahM7USwx1FX>y4JF+1Mdb=DEc54d!nLQL{Z+<HLnVqJk
zG)Jdm@W&zv2kggq(I<5smI6nTB(+&qTlIKoidtV>Rky|>w`p_zBONkybxuy2sqC=a
z)e4hc0n`GQ7}_hT^`zX$YUYWN?%u+?TP8w(7l|5-)cY>AoiDGw^rSDZ_VX;SR$5-W
z&a=FZ;_}+Ym)9;C64kF2b%&yUQmnQGe@b%7b`0%Aq0kb6RoEk`^B=&wZM|JGZ`aCp
z^Z}qul3Jl<AAR?hU3lTgw+t6PwQM)EOnad*e)-SPm;a2&@}B|ApF+b8TK@yj19#KH
zTLY{4VH1Y4v2~;3Bla_%Ick%AGvu7LCbsS@dQZ3&IQk-UL3W{$tviAVvoPT@NJwGp
z_F+OMCR`2)L)p4!Ot4_WXh=w9>)yr$1_^~}1=EYhuyudLMU%6-o%s*bA$Q?2m?Q2n
zvb}ZrD3A>uv>^P}QF2b%D9F?{M4x1+sES~W@Mlhnlhw>0T0IXB-)rWl!h;bX(yGzA
zx$6MV#A1v9)EctJ>-!?t*VQVCt;Kk*Ur%t!BWs(c_{YEm{UUL$fAW~wIb~x^WuJL=
z7EO1JF_(SpX)KzqjJd4reb2itRB<pBO`kXB^0Ie5Z_uj|Uq_d{;dzB#lks&-*(<yz
ztTVJ;R*!ntpeUwsL?)3w&r#10F)he(d9shE&BwGO9G#!)X|pgb#4*~Ur%fTG!jo%y
z!BMvEZ;%|ioPv4*-G<)d@FL@j+65|L*?x{2JjwQ>ta2M(bKz|Rnt<7Rn7<69=_Uix
z&tjM%Xy=fQI=3*bi`AeE^i!=5oH4u99f3Zx?UYn{L^e#eI)S(ru-XRL@!+RL`^7}m
zFhC*;Z!Yyn;0QeIvbEtwt3T0!M;gvR806JnbAj!IT)I;NB8~?E^rK<yA~oMwOk(>g
zlkC$iF3hrTxa@lvT5?<t95+IjVY$G7*M8%I%Hel6)c(FUmTC|3+AmOfuNnS#+K$Pk
zALw;Ep+nBVIcU(=a_Re!xGnevZYi(`d~+>?n-O9RH;bWps6^KOt*E&U8ufKNW-6@M
zwgcaenR7a3j`D__4>MOQYAGOQE#T!xgV1t94xAW>mYv!V>;D`rVQ5VkAE#}KcmQ=%
z)Y<0X#$+T6PF#)7?4oqG4rA?lW?@1KB-q%x4=^DU6NW;<HEbP*)b&^}Ar%rPv2_?W
z$AbZOiY7a!7pAdwKc_f4h1tLtfUG&v0d#;Ok>!+)Ft0Z2#ta*yY)rT=I1!scXJy`i
znbq73jhSzR<vInPp&j#6%33^Ez%w*q{!m!1m%=mDK0meWEzeM*7t?P}EBgZus#GdS
zOPZsW;{kPh;0Rfcw<)Co=hEg}TeDIMTU&VW%}{3@o}un8R=<)1$AB05Sb`tGd?Sp)
z2RIMl-^U~!2DB%x=r;{cU2q!o#pWX)jlm-nw2<F~)g7q%Yv0NI<p~j<;0dw{U9(Vu
z+56*%aH+o&!JFK*M;3QVn^W~$K3wFuC7p?FNg&!z28N+QUedb^4`9Weurn1J;m>?z
zbLR|&Ew3;Y{>(`uwzyF{y`_&L8q(#Dg${J+7!QM+qXUwS>sO2z=0XZ=Z({4#B_V52
zYR0Jy|BS&Ukl<OMPbUy`*t$p0!sIB_=ab6{6KWx*Wa$&iWrZ0v2UD)lXOzndQz{oz
za7S=i^*MD7q{tvUbx8JZ=Km=Lj9p<w!q;95)J5Z3?y!P-2CZYI^hmMcL2E0FUMGxZ
zQ)DH-ZNVWt85zPe=N-bx+Ub)^cf_q^Mbv^nOvKI>U?cU-U~CU|mQwVsAQe-xC`I20
zdb+W*l%j6~hcU&ZZ>%mW>;NA_3htV)bF(wBma4Wv0*<V=9z#veGV<z9_u#iz;TtBV
z@ESj(#OL(Hp}f)-N?fBSrt*6KL5WKsk?M9$pOwb^cfxD%=h*5wG>q8=-E7@5;59un
zXb`gtdSD3geF_a>cEK68t_0u5(Ew%_oMr1A_&yvqx^sN+GT^<*K<4bef>s{D+V@a5
z(O^#NbTUk_Gm-AW0BwWcJ+Shcwc+FA=$=bGcmcx4Y5!O8lrL<?yFFu|2NvAUxLpc1
zbOY&0=Ytfux|Q!yGm3!(OTOZE$@h>JbkYg)ZF@m1u;>Sjl3g(wng3_BiS#F8!O{eM
z=FfqduUG+TclYWuA9x%{0kqxJtIzy7Loo#qm))z+{5h$Z0;s#HSD*Qc6_7UvkT)`l
zJe=*Vq!*2QX*b_72z`<olu$Clz_xMQ2BNP8BW9~jTFcn~+2-*bP>2gK9*49lWs05o
z?fd++|6!XV`}`q&Q7U3j@EV-6w@D<45DRI{E`c?2Yo9)K=ci<s!1BoN)2HtIq1h#{
zGN$(FQ+Ix9b_pzsEBpA=b)@mBdof02M?))L0SF4KHFU`oID&??AWRz7-PjfsLA%W^
zTcc8XNHN?OM`(6IcXv{d(|{(8`F}%h+VvSnvOzwfT^giX-B0L;rnW0KEl%jSaiRZf
z5c;p-LjU{yh5iq?(0^1>mzqPr9_X*h+bC(LKQhEQ#2RouRdI9~=~Z`9j7L)I32P%}
zqFLrN>4y`9&B^-V%-AzVn9M6o@}w1{u`6$hQ)KAk{!8|W=wEc2`G-6#h-ou<p#GwV
zN~S|e3zdxK|1-~ja!DjVR;K-(=Px0@X59ZCq(Hv<!f_EVhfSKF(sW;@3%3|_W$uVC
z(+pez*%$C-`p72+-IwV?@;8MD8sy8=6!B$h8sN*+j5RHcH_yl#;LDWU29{{gjOGUA
z4`{8|C6fz~ifzlpXgm*Zo}+u}w^?!gncu#CSPQNFrEadec)LM&7V~lnzXbUDmr*CC
zChciG@$+Bm$9?hoooGlj*F-_G@h*-VxPB-RO7WhcAhS-g108$0ZZ1r2XP`Y%7VFRi
z(N<Rs6;#!&xfLC*ZH|hoT?e_W*NC#-sDbs7h_}W<;$0eucLx$@=VT2pJFE+V;to9e
z4(&w~i^{#cffmWzlpVT=+k?=-IDA9xX4yY~Z?U~mVy-=`<|0`7D~yipQ||pp<(+Dq
z6C>05vsPe?R3Q3=zBFTDPMXOxS^rjuitXu<uhSJ%x@QDDfxu|81r8-npO;~CKMR$)
zZ<T#(fQ2edmso9w8i<@+1)?Wcb&-=Rw1!k*r<210?U9<8;t(?xn%IbZ6J6hvtrtaj
z)}P{no+vaPMJCx^$13lSjK`+fV6@0~0QYiWwm%J#rvUp86BwmtGB|*dJI`Ryfn#fE
z=;HPL@Sh0yZ%>?U&l<8iivPwq{C^sce{R2uCl>bYtg@b?zg70Hc$E|`U0tl^24p|>
zy0RPHdpX`uBARj96sYz6hG2^RjSoTOD-FTLx)p*Ar`oLPZo%e$CNc=XR~L5wM}u(m
zAN>ZQ{aXfs`qxi?p_(GA?Z&{x{$We*)9t=^w85zx4IpU%-k%Rh{xPb429DmC6!jgt
zUMKTfWV~}0Xzroqx#sIwC0*6~^KJxKn%JF27x|`gRM45mAWdNf9ie1+Nw|-DHM_^k
z1iXjm@H)}__6)9dUnNiSEz{(1qmr|%<FRC)qZ>xn6qj9_(;Ul-W@wFx#_OW*ehElb
z4_DARiE@ixkS^KKTcB>4wyDKHW)r;7v=z^f6SP14m3+^+Gl0f$gJZ*2B3{*0uAeGU
zG=V@#TQxjMu)!`fp{WwWLPc7cjyTup;No2OF3^vas`ijDQifL<R;%2UXytbs!w#2D
z5HgQ(+dE)XEHDaxt%)0jL{&HWx!YP2%2hB5B*sj7sdE@PM|goEO2W7P@#aow((i`}
zx*nF9RnmE@Kk4kVQ?ZsL?6UVc=<?rQ=Ux6-RvWmmX(oF1IkE&3-$W4IX3v{wfUwE^
z#G-pMo6)cRyo!_Vdj%mS;CTVQ+|8QNA0_G+M065hLt4mMWc7VH<s+_lU~f~{tOHeb
z5|cYv^<8*NsUDJToowCQFtPn**1NdX(w1+iXH_?1dUY9k<L{6*HOx7>4gaTT#UDz6
zP@=SSYnEc~U{$?%PUY>(Vo#n%$$q>;7n`#LA#R!lwfS#Qcd}U3dyvn^Elps|&@(D)
zMq|%t7vz*ZwY=FK(CqGF@i6vghnxa*;v}S;L@)O#-K-iTzBY15y1JP!TQZd4cyV<U
z&3JGd*}Km|2{-&6tNK3b@XMsZ409%8%0BG#d-atltDkZ2IkbQO<{xo$VWi4TNpJpm
zs=#ch5M)YvPJb?eu|0X^l>$zcW#~6nJzbkf1KGy)VRA||_m!C~q)$<vYr2lT5I_U?
zWi)kw&LL@&rEp{5kO6hW$mNLaFCd$<Y`pf(KpmQuQGZJ4Jl&U-T8uW>E#yMxQ(W0z
z3nSM***K@}idb(;ey+u&RsPd}q2DC`0<(<4rANW;Hl*4R8arq|{alY5c8h>+-Fo?2
zYD4VswxLr1j2p-uJD%Ha&@D?*pFmPW?va}rjrw8a?EtgdON|CW*A=u779xaTLj!ky
zk^woFt%oJ?%Abev75lCbXXd5YPoNVt-8m<|Ws(bd$r~Ui1S=&ppCs#xOzuNw&I#mr
zZj5m}H$bAD5@*E{ozA8L-2>ffQW`Z2L8L1ExTB||v*~Yu!JsERP=D=_FjruvJU_-f
z-=~A$CfVCyMolIuh91RdwX({OY1WnDjWc3!a|^M-*DmDjY5L|ggtQ286Ct3GFP(F_
zc|S?ey)eb=R%R#g<%a5Z+U64?s({@Wqtgyx^<Pe0MprreS!E5LA+5?5+@n}cetzg`
zY*mCR27kxrfc8-`cb%txUW-v}!zCH$dpNE^l6G&G7;U0v-8)3!9%pX)TqG+WNouO+
zG`j={@5(66mi(7I?L(ptOsr(#)O(;oU!EATSB_83MH#}IYZW}kNPF>gpkf>Dt8u~(
zg*d=9Hed3Oz0Cq^6IK~-++ROK^@RrF$H$TzM3P}y<;%4Ex8b4IGVadimcJRu2?F^;
zJSU<xg3)sqt1(n3hrSQ<DR^`$X-PV}{Uu@b=I+pVUEdKlC~a0_Vulbr(;W_P)MpF&
z(_T9iF;}A9|91oTIDm5<ZK{Izkb3`Tih5A{<Q#)_r+4{lftyUhnyKT+EC6Ia1nbWO
z?0?b@6%kng|B5X%jOt`-P~#rBWNP2E*nH1|#4JjbVu?kNIGz&kiY49|KgDU%KKpQA
z+%*3apeA_t098(&@9y|~YcbzV=gn8FyLuk4-HDlI&}-f;!$%2P_OOPqv#Cg5npeZh
zyc$+!CxFqmq>(Qz++@Fac^El0@ilUVlv{tI`=>ggHPffhH3uX`?FQ1dpS%ka&Zy8u
zl%P-Bhdv$>i}fgJ55H?5G4v^b5Spp`1biG{l5{|Nxq^4ODf_4EQzI3av<yA5IhL5A
zjea*GN{!Gz|9O3!KiaBYZlm{%=pKp+FaBwNt;PYpk+?^q_atBYlU6^C>B*9BtqHYA
z4B=aiQI{9$=XV7^PUrIKyY~;!57Eo#eQSB`XX!eeyatirc<x7c7cMH_LHf2J()k`U
zOZMFoo3*<(A|J2*BcR%rZ@w$iUM}vDZ(XQMMt>jn4k)r0W;a)~y7L$^8E#|LLz3-#
z=BV%L^=LI49~P4hI8TWATS#hqO7Bxqyr#KlGJKjtpA3?3)p@)7r>ljSla&d<ZxxT<
z;^Of?-h|2X2ki2liyOn|ZIAQ(?a6{qwN>BRo>5ox-z{6kSi4m1yNK;$uwB2zcGcep
z?OLy&$5^z|t>-<DiEFQTVf+pM_V(U?RUG~f9R4o&bH5S6-{tpR0Dq5ET@Zh3D!;Wo
zdnWSVwe@lMlfS)PI{yCs*9iWeT+|PLSJp@HcYc35QRB7*$==Ake-fhSTfVDN;8twy
zgLD#`frVYZf*e6nuupE$cG+HvI*J}^$ke9EeXW8gvuCir?_e)eZ2OAq=9LG~WG1Ir
z>_rzSv;B!Hunt8;rzWPD;~Su}wiKYVb;gG9`k21XdlIQY$!Zs#8_Vjy^@CZAwSqpP
z_t3%Y%gJ$PmFg!KII0YsH9Kve#ZD^ujW8a}9*#RGj#FcZ(nFS>B#RS>vu=jxV*Pn9
zJm0K8YfUa|cM{JV`Cc9O{Y7}bO@DqB@@^z{+{a=UViM_SNbx!vMl_>cQcuE~Eg-Sl
zA|qOAcN^Ht^%C^Y|C5C&P~+Qp#+$%RcoPbi)U6r`Brl+i2pmsb(m4Y-rND8MRO+g%
z1_*0YB(Vu^E-M09RuX#@fGnPrHcym)YQ_KccIb_0JA-ZTCz9E#WUGhv`CQMp_m2l0
zaT{fdcN=vnI^mC7GNYr5!1X0(QlcKD(3ImkN}Li~8Q1o6EA=-r<Ivqoz4ID(EA`8M
zi{}--cwWJe+{aDq{Etb#+l|;KTQe>IIo=4gj+AxlR$y$k-~>R*@{y80P4V8@z8#Is
z<{GySJU_-&H4~2(VS*Oh`lOs96RRW>RFFa|pG8JN>|!QID>F&$%v93BMwGx>k;pkA
zTA}%iGU#C3e|xK9JL683Y<p0L@Mj-xi}+ZSf#V=^Cty9yq6mL4$NKSg9LhdLmdMw1
z`g%>|>l6W41*o1Rr#|g0OoGsLWLSkqbcN82AyQMJZdg@FhE;{SVO1eFtTJXOhN(ai
z1_vy52)D}WE?L#p4qfU#Sa>d6c4j%EcwLTai7?&v;;EIwYU_*b+da2SQOhXQqYH#A
z#jN%{*&9g4Alg^|wlDmh?aTt)&g`z>$=^V!&5!B-=^9wJ{u)@VdTj$WwNT+v5qF`M
zWgtj-6>+<=bbD?wDMCS`?h5_{;B$LUsj743Le#}XETZ#VqV#w;)QJ(bwOz=h80PqM
zGw^Py5$zJ{<nRvnc->>!Decp?ZQ;<xXc?_<6X*iSfL{32RmNzf>nR2xgPRQTKArx9
z`TI!fcbvcf%lk#J?SE;%DEZfS-7k6)08#4`V84)jbAbFjfoGofp0e4VB33iU%xa!6
zJF<Jqay{AbdKtW4hOgIpZ18$Hyk3s4<2>*<XEeNy##iP^Wi^Fkrq3F~UapItm&Wk}
z6Urj|KuJ7tQ@8`PSV9RT#2YPp=E0J;@Gd^ISrj5}kdw6UZ|1VX)BmKX1v>xt`FZ4|
zG)i>F5*?7(^%*7>#}bwPM**c_F4GLtp85mGH1h_X72Fz**vQ?78C-)h<cA~1a4yV{
z6%O}vH^%w#v)UdMvXEW>@g`BYkiRTheb1@xlKvIj^tz?4kkn5L1U4LH$r;-8a4QNa
zw(x~^MLdJEH7e>!#kNlod;EndPW802Vry?0!$LaB`wT9o?4{jukN@dM`nYj}-1H*f
zB-MIUw&}h^Y?WS=mb7xElQYgGr(c4Gdm9tTJ;wcuA!8Rhfan{6eoXpY{yPnet9H4V
z{E1w8s(@|z&<WdbG1~%3TRtgRvcD=64!hJ(1INZY17|OGilO4t{RRG&DK534q5+#$
zkol#vyxZVpFK=@)<wUXVP=Ws`Y+Z3xX91HN0cM@Pj~A#-PN>@ntt=3`i%aW@mvm!0
zfwnI>M$K%1W*&p*m%?GEdfbVwLwZNJ#BYjATMGP-85S2*g#l(4!0ZGrD8bqF89W{?
zSn?$Y|CN*4dG6u@@n~`BmrCg|=t(E+N79mA=)DOji?pQft?3ECE3_&iP?{Z**r$lc
z6>+yBekO^Hig-w>YFTp$5Xi?(QbpqrJc$CZ7wzZ5;gA`=Jbp2JSu-5I{OXyrVfbP(
zM27Z!<I1b*h&wuo^JfpsYCM|RNxmNexzi-uUTIUr%>&);-6V2r%)wO4+aqG7-c|wq
z{Yjf6o*rcT#|kR~#;aLjvyPAtK%J&t@&Q=|0Kq54#;>6^bh$7D{<wyi=&wa?at$%+
zn=mAbA|{xl2^LXwPsgI_-gtj<-^rgtw`UK3=ygvYaDUBA$?$J3`jEJNFbLV(l)+ub
zoxu2<`?-hau78R=BAc42sP`HNIHr(c9Mwlm13lRK^Bm_c6|`%5x5cgb^|Ac}&wI-f
zV!OtV=w2^|c|~_;hq|Elj^+1C8zX2}CQU+j9I$@{B{iVff{OhldvZEzO4+}G6)m%(
z59au-Hrc)nhNoQ-gD^bp6f*P^{fsR#P7l3DdruJkusAy#MbB{9nJ8RHeh_21ab~JO
zz(0tg0vNS|$e<O_m=#2ZtN=z#_7{dxeHKBu@BdFrW0nm3<G?>9@HIQ~)j^r1$ZH9_
zdK(tPi1&G3#@&vNih(J($v;vbn<HE+dGaWjmw*)PojX@=ktNz9-~?TxqO))mpM|5M
zvv3skX--)77w|qk01*25H~eni_jCu_=xDnHzGUlP9F$Me-%5~stb<Mk`aFM%V+W>0
z*a4UDUHAdMH|GDHn1KivAd3w;Q?TelOu;9kErPb{O#F0R{QnjG__+Ce^dm|-h?XF^
zFh$9QnbQwTG$H-}KlJ16xBf@;L+A$jaishF^h5F8$OWjTVp|tZ5cJ#eZk%?_2hm%8
z^hLLP84?+LhkH7nhpuQs^lp>=MXhqzSEvC119OWU_$pEM-v&%Lg(RGChzT%XCL>xD
z-_%eN?7f+F#UgyXlJx0-SO2?+UZ=^XY}W=+K=Yxv8TG3!=ztA6fRg7$Kt#3G@F#PB
zXb<`KzNInz|2KMgPvdu@ho&eI0s2u8nS=#22MZ!oups>c^zb{Ej*&v5jPTVF`6^N7
zlE~|V|5bVzT~(v_su~qtRio1XTYC7N+>b<PA<{+o;?TcHl&?g8TkyY052wEIpVGta
zmjXRp`b~d&sGncpfjEz6GHDx^-uy`imZAM)vgDuknuAC5+wubX{&lkFi;TtUjM$05
zdE*62eBv+0&@!SfA~zO|L|udA6BYrjYZc!W=-I+pz6MR@<HGTE9v?xCsH$@>kW1H&
zlq#AYM1zRZ$4pYVQ7*kbO)i~lEG{idEG}hQ_fO(H78RwV%OZk!i|i}P2;CY7cTE(o
z=T%rQD+`+vtvM)FM@<tqkB8S<yyDDkac&%iJ=%mhwEUm-g+mje@o&wXK+23x?^=t%
zUdbOBx^y!-hLko&4m|X>a4knE?g(+9zKteu1taw=wKq$qz>=)`rwA^fB}jSuMZv<J
zd?ikAH(E)!IXDi<%a%wAt4SJn9}h?JGXq5@xmtgHpDb-=NI7}O7G()+-DrU4xd$>F
zf>$SLWTO{O&rOi@5l>2C>(KF^=SE1X=Sf4^x`UWxg`^EUDV43;iAf_+gF0<`($5Jz
zsj7u{O7^^;(K~8Ucy8uO*-1W1LUARcm!0%DB|U{nlelVj(*2NB_Lyf3*UV13179ET
z41=2IV$IVF)5`83BO$d9)pXGa2z7He;YxFE<Q{hDHfP;Q6u@+IpaC{Ov7=r*6P8PN
zC`-F@WpQW37I&3Vw@Nh!>k#*OOOu82$1WK-5<&Duix;yN^qjkrt4sYpfgGJ=b1MY&
zs0-<IEv2da(^%j0x^Fd?)si#My3n({YL}aC<IN#w47^-11AA3A#bYBS?aG!lSC;pP
zp3$VB4R4p=+c22&Lxq(otnzW3JmKc3)~!+3x;1mvOPq84;wNFedV8}v&pH`3Co)!#
zLKO}RDR81YlLsUKLqNR0^#j<2La9o`&k0^n<BhNXZq)yHhrF?(9*8kCoPR)_me=&2
zK{iR0>_Jxf9F+~?>9x8Yw&<BC@$oZdmE1$p@#MK9Be;^7uDSX^y5}`$LFhH|*M;!H
zb);*Lk!?l-o(813ub|z&Py4$L=re+`SND4EvYJ9k5``C2JA$|1aR$D4%dC?H_b6RW
z2QlIURB(H%&?VdvIXNQa$q5n6a+l?Z-r45h%NRAVd`+srs@I~nQPm2bkOm2OJsn)k
zBiKBCZ<e5Cy(5y6)_jZu#qD{>&(9fcDEW3z%7<K%dWq{^idIvAWjdfta3T*TrC`E|
ze{modNR$1y#{tr|(V0ooB^=779Lgvx^cq4rel{G|=@FUdJ0$fzphO#=?+%9z$*OZC
zUND54Ri|k&d$=fNF<V%-nB5Eimeq}3%pPqwpJr=C^%0mRJGDQbMxr_dy*8i=k6BTx
z{EQ$Uf+;>}WX|l7o~wM4DQC9HGtMWa<;+g=T<VjIIkSzP;XWxbXLh1zh)>8dxD&{s
zk9V5`HkW%yS+u`D)2##afxi7dHs1Wyq!U^o;z#WhV9s9KhCj@uZN$amti?ze@Y+F9
zC;2))y510pI!T@~j^pX=p8YHuQF3H7qGa4|d%ob2d-~m1`-eTb1dk6HY_GHJ6X>#f
z;g4~9WzXju?~3{ZC%gYsGOIo1Qd^@2zO7LM-`4-g!1o9m_}0f;_J0!G{7hfC|9!lc
z{2TrJZpR-6pWhL?Ao*Zp7!EspRSRF)-k#~KvJpML^yGT3SNto0@u|lhbzr<#Rx<>q
z#E;MzJY4VXp5ZwLJ9=o5w2`a)h7GzVb~bU&q0xiO&k><;Ws7_K7P{sC@Njw0%*TxA
zRA@r0XDGgWB28#=e~bnXwo{V#jA1pf`kf&XUH<)F=oTm6n0buGmvkEGj8nTvHzlu3
zAp03~(KAExuQHWGhw>EvvVI+kZ_jYV!F#mlQJ;Edc!EHYLU*HU@_%9zH%I$c8|zzR
zh+%xCSbr>h<B~sYrw$dX0eQkn-l2WaHTOr<p?d64+4s@p%>;efXu`mN2BPw2XZeiD
z?$OXa^T5tc6Lf#u%PqJvcazJat=Sj>Q2k76O5iTGQp&Rhba)=3HAw4^JiuVMiT;7p
z6m_dp{lKYyEvsR5q}9c0ZghJ4D3oyDB+sQTRqNX8EbqIvfYm%E7W>zVE?8xFSqoGs
zeR?FyZ}=jHUepokScMBnaT=-b!SYCeT<FuF*V~=Keq15q(l566vdX>aLfrlpa31iG
zGug_XZRDZ>)Hj_~HIrxGT8{`d)!HL9y>JoZgZm<W=ISB-vA=@vP%wTxZF`}<wFS<K
z@cZw-pT?ej0AY*ae1F;&wZ7sMvWWIJ_Uz3FMs0G6JM&qsdm4@)RYY;Gd0n1=WY)<P
z&IT=>3()J@SS;lY=dfon9PC`bbxP)bXL+s_ntds6wj1ME<qe6p`_mD6yW8Pywm)qO
zP`Lz2O|v@RB{xd`X`f_I014D(>%exqD$ep|zXcz~{r<FH#5Wps$keUkd#GJH3+hS_
z%i)G-MCC_E#5KEDbT6;kzw$@kvpH*jSS%h5Jx=;RV;{uYj#2C^j<1SdtZ=PMJmy#a
zD#U7Ad%fBqegMPo0o<V7RA&@FDUm)+g8dNjJ+y37a6CMdc6xl+xXk^<>d~bQxh}CA
z_%v}Zd(#CI<VEs&DXAhFnt$+Z{zuI;dw0`T2og@XeCA|Ub+v(3ZIS5hzKK-^$VpW(
zt6G{s1MpY^;Qy%`Bly3^#9)SWQgf$3!FS0-$v<(?jW~0TEne@kwIkvSog5MDS)&0b
z%(49b=wQ#Hag$SRaEfS;>%LBuqNqQtbuo_mzhPD0-UL=zpMX>582j-iEavS6z;B}b
z@3&ru6J`pl`ddQWg!%Y}NP}Nzu?DYB;GP4GvOn!QK5_6|=N&$C@_u~-j-|`iO&y4|
zUxGpd2a`Q}J*47*632sc#{zR_o8E!2c0*hTP#KX`ickRC--Gz=O@jW5T#MbPh=<E(
zLI*lgsBu{nX%`PSA&;C0Gz$X)Ylk>3c8>#Ljk8;>>ZL|U_0klyK25C79~xXpi@r1X
zq8J;u9n&Ic_`~oR8dhMA$iV$&8g@E1U-a>d4j(#%AKd+^BJX}a4V@e}bh*QM&)=q=
z<Ip9GyyszB9TfHAS#-@<ES}&zdGHn7OKXA4$Qv7N@Ylm)4W`2yeSJ?nlSK`_P<v63
z8r)v5aH00D8`iJAqWi9@V=Hgx?OZ#T+K3ec2ZsD@Q@+VE1{za7^EwaApsgl3+yvuY
zdk0js8Lx;*$dZZuiCehA#vWAS@8glm;#YLBdN}lFSc#$EpD#Y0SytayKX#HgCLR&~
z+|&qyK1_=s$o)9(6F9L=z`}h3Ib`+Ugd!K>M??JBb-FZX5M9beyzqq+o53eEcN)jb
z7Q~DF-|kCX_TDm64pg*uC{21by;waoxI^cO5A+}Lr?(=P=6%8>xJO8^y`xe~BbuwD
zW|y|@t8D}CSJAOo4k0a~$Ec<J7Kfn8mrndpElqR;wJ)<y%X{r2pgPy-`it1$3)9Pr
zqpzkRr1#Yif%8&((Y5(P1xUsNAg$)1w$d_Y<8~~}_B{FJWVV+{CS<nXlNiWsuT%65
zX8Q*@l4rJec&H6Od50l2>Pl;Snn30V>C#3Ee9RE|s|CMx=r1N94QU%wk!B>-rDai2
z8WYB&Nej1<vs^saI3bXy)3mD2m5*Wu3$f@2wZlzhC-PFjH_w`8Z*{O=H99OiGF#L=
z-V>LzSv`)*PFB!uJ3~R5N}D7R>T{I$iKtt6N$a?ATp<?am^8p41<?UH7n`QNb7DBn
zlc^yO<Q;zVWoV%BcIJfsMXri3qVghc7swIX-M>Z@H=wPQ*@+6(XI;K*w1U8_@dJ1O
zz^r}sBB4NC4Fx`Tp`U&z<Lx!LF9I<hhbrFPDWDFM09(IJMQm|^u&-ksJ>gdE){SYX
zpQSsji?hE=DeyTp=)~>}AT)KsP%pB$ar!1nG63w5*jsto@Gx-xz;}D(d;0mm_YBp)
zYeNTr=hnA-sjZ4tf|+(BS*<V|+6md_;hcL}pL4(0=iKZ1oco79=iZ??r;sfa0LexV
zkV+(enTwxgnBpgwQQByZPCV4_pDC5zAgKqmHyUu_tYl8#a9g0v=v0TRb&_ZRd}9ky
z1Gq$OmDQ6l^sirsLfcLSBgUdJ9t>9okeChP9b4niSGNvWzl(f{6F-6x_J%EP!|AQ-
zU&?H?wdNF>Jg2>DjAuN@7Wqa_L>3}6meaG&dXs0b+S;**y_H5E?Dg)8)q1tf+mdGA
z?rA@*pDQksni3~w4B<9P-h&D5-<5PM^7104MUpRfB1Vf{yk48VLJ-!+8Wn5Lgjjp*
zvG&0DIS;{v@+~t-J`Ac^V)h9vi6EM&Ja4bsrnY(yY>98D=ZmJN$3Tmsj!LA8CVXG-
z+=vd3YAbL%Q|nlg<h$h4uV9XNe`pa|)nnxJG3h->;idd5E$b;C2*pCJnFDHvHg80y
zIFP(Ju0OZcI&dKgsL-f>jB^V;gK4)tpDHX;ps(2Gjd)8U`!}{?9Q!1vTHZ>$SvlfC
z_LrLsh)xyqCc#5v;>3%v6VN2#Xcqr~UQeJrwn1(x*Wd>)4ykF>CRyFMmu`M23wAK+
z=;o=s?2A;kybeXKrldbVn<Y5DeiOl9ivHNFKT2xS^UvY|PEr;8u$rXr&4m_JCr%tO
zgq!xIXVz^p3EbetlDUh*u$TW}6|&h)-1H3DtJBh7xXt4CpN?kTG69QWepBfxA(q*s
zO@CTH+$^VKRI=-lQh-_meDyOTQ5%QjbWYl0xe3j!4rzZneG%OUO5PsEo<<D7Y@`Da
z=;HA&py|jem^eB3`IlJ&g1R>NArh(wacR25u+(*uyNODA95QHM4!>B~VtoE(L3^T+
z%tj@3E34wcVUAPaWbNcL7r|oPEC?3CGoGB@f@mD(v0$W%GvS%gPyuFx#0p!X-Ydps
z3AJ@gR|#88*zBgHOCX{B(N*|(ODIdITaI`ONQPnEUl7hK@TVdmV6<ek_?^{;pZ)Vp
z(AIs@gzb`g$-`e@U$m|dFA|!PUVs;FcaZcH72SqY?=BuUPVzg$@Zqb2SwgUjY!Uf<
zrRE3kf$0OXH>(^E4~U%OB$;DSl$@3{G9pJF1hZ6~!&5~2R#u57jp*C2ilK$hR|J&k
z@mQ$bkaRt^Aqf!>M}yX%rq;v~P7l!M^lrf=8kW^=_he^NIld5?_LbwJe%0jpo?7qS
z?&xr`x7K5d=d06t|ES<*Xhp=N=&ezncb%JPsU!X7bgCe87v*uO&9L<B>#>mgNa*=U
z8(wvI-q7of(hXQ@L^on&gJ?lHHEf=&p1V!*UAsRq3z(^j-VNkM^&X?gOrbrcinBZ=
z-{@X0sh`3$@)ek>>ee2D88~wtQnuUBMFyFH(X$GY#JlJR2AEA>)m{Tl;t}hz_;zMX
zx&|J#Y2V<C|0jL*z1wO)`@7%Zbo5-T*e51KmdC27zjxi^ynCy*dqY|zo|N|}RB?t*
zATsL!Nz=CbvM_qy7+ji9*73vNKl-p?e`_Y^j?eJKM~smab$Iz^q)FJYl|J6E|A)0N
zfsdj}8t+MF$N+&JAV5Hrpo0cMO_r!cjAUR!dLT#;5EK+O7>{MW=rMSa#LgJnb~IkA
zd$_B6D7)^i;;{x$$N@<}g%A%wL^%|C7>;lyAsq9ss@G=@_4~fRzn`S1U%z_w>eZ`P
zuU@^X;38yBX@f(M``k^n`&7rnpZX`U3Xwq80Qmp`*Wa*EaovKS#y^Qd34o2(fC*VJ
z`(d}}x(;3xUC<osGm?<}$9Z(G!d(lbk+-U8C;D^IJ!|n>Rm9M5Ul&&RX62;+5RjW@
z3-U>JSK**1w86)}ye>GSIp)fOX7j=l3S7Jyy&bgFRUDtiQJ6ueckOLOk8x_{y8axC
zAkCp4+z-La7sBF((v?w-Y^_LFlZx*r_rUCemjHs%S78`aVPc3w1SOaz6s*S9DnBK*
z$>N%0v7%8eIqo>|pF+X=*J8)n7ee^Oaqz3M!u;^za#+~mD=c0J3mz^It5A{(1+mHl
z^qpU>Nv~@C##h>g75Lnm$gRlyu|6~7Kr~d9OUSuW+d1(<G<}@IYh?9Rufit_6%VSn
zoYbDk=hQ?}aYx0LyVaeTJ!<-|&&GX{TMeE-W|P+kml6$-kDioqi2Os5WzPT5fdc6C
z>oD%Y<mkOtee68#y*NuyR_`JPejoXm!j1@|&I$3WiJ#;Cj7^A}41DnyGzonhOii^7
zVca0AB;$1W=LcBZ$aBG@XrrE|?L6(BxaOzZefm#bwHtj(hvSl$W#C#qjMj2gtS4h&
zQ)$<^<qmNal&|El{UvVfBwscX&pu^XRkP_up6vP^lt+gIlzewUp=pngFzxdc*HS17
zl(w;&yNOAo1F79<idld+Ri}lQp^TW8`KkDWPk9kJ!&je8Hh-U-pA=9kNH#bIo-WUT
z{c~kLE?MHrKzK?1DztTGx735Kvxq&#@uBP4lamjTsbx!bB)+A_2`jhQt3H7UE7dz&
zYU0FRXd<eQE0l}QNqZb(d|d+Pt1BV!)4~<wU>fGh8>6@D<H4Xm#p%$=26z;pXSdXK
z1P`we{ssnr`Z;Nz4L*7yxbrfbVBbaly<74|RR@%3dTvYLC>_JDmTHhbo7Z6X#Bu=Q
zsB>_IYhn(>K`de8$Dm7xsR2T%>^Eps*YRc8NQa$>5FOCz<9_Ata~PqZ&jI{XdWwm(
z2Jt*ru8jeZ9z$qn5%Wcb(sRV=qlNm(Zng}#{(6oDY)}TiK~EFm(e)HPx}JkSfv}_r
z;So;(Gbjqm&w%nGdpX6ey%FSoATZlQn!v1g<w9L-47D)Vue2ZVxH-f$Jb3(AdtCT*
z66us>P3$Ilpq`q<3h>yVJpu-;X9+D8{?xn9!M_gHmZUXX?~=8rT8(Z87~MVw*37~C
zK|tyQafN<)&bi2+;GM57J0E(uWJcktm?QEeyjg=yMgC4P2L?We?Ug=Cq(a-92WQQ@
zY}PD>GMFLr;ZI~co;S)>kuCU_A<r~d$)dS_Q$||Ur|>6ooiUEKrEhZ?%8|_jX<El&
z<5?uJ21dtO^R?4Uab#w`C)g~6D{$U{5PE?sufWQ3qecF>Zo-DM5Q|_^MS4^83(`*%
z?VWgt;6(qc@y#3!A7%xCW$P?SSVS+4TDWf@?vh6qoWZfUEMq(F0W{%LpM#459t9GH
z7lQs3fL%W#C}f@%UFv^YFb0>`t9=pN4S-fjC}YkLE-4lE@0Xh26aKsN!od{ZT3l*;
zpWuSv`?!P@H5`g9r^j*_ABTx05VbS$Jjt=e6jh=Rb{Y(Nt*H8xd_mfiEq)s)c)(*U
zXCv5h=9k-eS6UNWA6GTUa#G%NMBgi{fOdKk!fk}m;OHWaZhAY^k2(L>b}ac(oBZg{
z)#{h`@h)X{N~kFq&B1h@y<(Vrz_p`&ET?Ier9^wy(;1pRXhGyxJ|$aNo-JOAIXl;)
z#+ok#qo7>QkGCtA_`8A>Qj>JS|3X{*lNlY_qTWuUasI!zLlpflC@HYDegc)xWY9x3
z)kCf$z3bnl$b!8FXe(_qsy*5nGwcc23b_W=?bdG=%AV-wpnqxnJR7wy<l=h?#J>JG
zH!gea6wdIoM6v*z7cZtbk-`6(im^JF<|~X|o$aIrIvM^1Mt!ON=-@fLxwHq*sZ(BC
z2h!p<I-uZc0Q^G<F1lxlJ_7ASei7WT6>h^H4Y)*_)j)uMl_2)H{WVS6+CS`E*eHhK
zs%jf+&P|;$9%SboWdFD9Mxy--JFM$sE)0=A6@iH>FbpDSkvl<(4)e>qpt&o8jktfI
z^9b6%NR{|eoEWh%&Pu@K>tbWdh!1pwKtD_S^kIkgOQ`*-|4I8qwUt1%hl`Oc)BEXE
zv&5g4+bjb3dirj1KOB>RrLD*t?V2#TN?&*TYwtv_5PlEw%gd|_s%VEE04*gFgo_Y@
z+>H0*71#Eqy8IQBD}?a7S{-qVA%laF^p<E1(+8>+KJ6Uo>A~`qV*+C`NK=R!638Tt
z(F%j#fD{xycn2@d81}0v%CH~NP=n6NHwaR#J5N63BXb8*7*Dx9g0$Wfkd8Poxy5+&
zo;&~>zBVCqQk#}`A-EkTABS6p##ocJMsQO=TIUFqu1B3FAe~7GK4(Q(yfGjh1~m@1
z@4$G>x+H`v(Sl^r@;)&1usTBz!?gGEmh>t^&kNoM+Ffui=ybvBSK|ojc0J|VoveQ`
zvA_E7;=W|+qgPCCs|CI6bV~4RgGOZRH{`_eTF~I4|HfStYIV7!HU24jz^+v;i+*R<
zAa0|ZUX}fzCv{{I<4|RwUX)#fMv4u(ashfA?OqCv`(HxoK}y<%5lQ%Tp?XgW?4o+s
zEEMD<GM$0k8b{z?sq8_fHjg?okZ9d4@nsWf>pRQqHmzzxcoj3JwLF;wp8*jg^cL;z
z^?vVMril5yx8Z|2;LnM;L#hpqM;ow*Y;Rn==9E@aIRGiehfc%46=cj55S3Wc$m|}P
z^$(4y>Mg*#>fC1rfk^ICdSWcczf@IbiT?wD`Y}M1d`+3}bvH{2*<96{N6<vDx&q3>
z4}iM7ODJd&Mzsm8UkfAZKr=<lOi>#1OB-L3igu7|TFA<h&4<3mDH^N1mLv0F={lrm
zTGhPT3Ze8cR$PViLoI$DHsGJIc`8>o^Q)F)br=5vAQ`L@l$GyNh_M)RFQC&`^|2$c
zQU6<dOugZQM6?IbyIqSVE!W7~SPzWt^soEC)-tBBA5Zkb?8mBdyVmu{It-Onk`INw
zT_YdM;9Ax>__8+AB(YCY<=sS@vUd>Gmkz~Zksag!N5&k@23*3Hd|dR&5DXPH8U$6-
z`V={;CE@d=SFOaU&8(7WC~H0bHrXnfFA!SHG~;As?^z8KZCl;hh7|b&ZO2RB)tXVK
zKi-#%e5LoGz62w*^(43@w^5*L*OiZEXz_03QtTd{YxGHhmwed}jQ92}TXk2xV;P8n
zg0fZ{h+uDWt7-*e%&QgZC8Oo99_!0R_oDtb$52F1&RqR^0M88%&IM^J@HyYHfL$=H
zQs^XKT~LH9wm2o6AH$^Tc;jFUFh<KHx0??wbfdjraSiQ>did5n<+8gs!Bgwjm4k4e
z?{fI$I$!H|K53s*YI9)r&72`kK55UHys$UUC)FebMx4pZ+{Kquoc`9Y0wYdNbNt9Z
z`5{dr*B1yZTo#As(LBd4VMH6|R(|r8c#WOd0&{2yE)Tb}bG)>pW3{arU-qGk-Ffb>
z#|_hWZDNihctRVB4-3jN+(HL3KQGz?|7Z&dUxqDAL%)uDuyp)$WV=$hJbvOiZQr*B
z=ty7WLnBkd&VSRwmsyTq^5x@QsEn0Y(T<%CC@AWaT+PlWW!I=BxbJ&~?fc5vz7LHA
zudsbz99{isfUT}8RzyZLp&7P~_2v4;Eg)-^Fw<C{(NG9mw#Fj1Q3HsC@F>?Fcmq=9
z(;}qMt-Xw*ob(pJ%N@@+1K_sB8IN~s{6eRv@I49_beI~4UaZ-9^2r>QOIrwFSWOnC
zHNRPqYonLxbe7gTN*+t*g2@!DM2f}4zUrJu`f{3+D}0UXU*>_LuUG~$sm77sf>$kA
z@HPe7@ynujoI3Qybusk)=(V#yN3mx8m^cuSdL2(VGS~6tqvM$jPsO|Aa$Vl2143pa
zUoN}QFY>MBbP!U$i;Y8a52KU%c?vu>>s^=2*?|guj`8A0yKeXl8L)y*dT_c<lZ!pm
z<O#}SZul&_2Yc(0&q@3K3@=E$>r1q<ED=zXcHh?XXnKpZ-x1(*T7B|!iDWAJD3$8I
zi-HY)<+ERN*{`|m*KO<<{!!jV8=_KzwnLx%(Y5rae4O4~Dq)|SN<ZkpF?0xir-{9l
zN$%yK5;ST{NlKnPu7W8S{g^fsx{ad6J(kM6EXW~5EcPvX2iGn<w?iI*wvvbmzQeIt
zdH_|%;FRpLLt;*|FZLW0-NW6?@Um{M++f*3p#G1tLQt;!`$iODn@@v~&IJi#>Wgx9
zv>v|;$gPpNu-#Xty3-FyyFm+BjJLxL#3BnRs$6SCf{&Kp#+RW=uspj0BoYj_GSvz6
zMcOP+;X{coyo^+i<W31D2f`mAwP3Y-j-;|rqJc<RNe<%$k2z7(#VC^SSos3`M0pOY
zWFF<il_Y9><>i{@5FDcIw$^qM_eh{8R6rW#U*s@5FYzhmYy~S2Gq~j?e3^1i>z1#s
zd;lH%G16WXLDI_Apw6LNcYQgs0<J>S<h9!3kPIMz)o5MF<5y(4;dgMqD({QM%&~Y6
z`??`=KLE*WD6HV0LEA{A{VdD)C!{y!p_>WJMYU8$LnuzIWWKB@&L&r1UW`&B)B`7j
zYsuoD5m@!E8H<_t0fBQfRlNt%Xu*!%`)z*;fl7($1vR>?KWCU;-MI1IfWDVaAgm)V
zogvFhGC`OO5DL*ptxP4)b;{OqI46CBUv5f|`REX6<%OUH`(f2eR`-_o#}J#8qd`DX
zku1K7Ev8a&Uijm2Tq|-A$uy7)9-546Q6f^r6D9>n6INUoH)L@2w70Hz^=)9sZWdv#
zA8Nzo_%e=psAYW9A8p0dFkhC4+h&uRxesB7UP8GPey)mY=pugDLnPwwJkXVh&!cd!
zeS`xf;txG&(75G61b7DkY;pb00r*V=CNA669*gC`A|2Y=jwvCSpj1A>E|L)(DUpV5
z5aaNlWMNcYAYK#k_3GksgB!3DX?)r9?Z#n39$uD!;euw+8Mz2cj3LE48EO(#N4-Tl
zMP4-=?{A1iPcuzNfDt2>n-ab@MeSua#D`?Gam#NZrV#<4R!j-|FLf~I9l0*jmvkjp
zeO(4evr2HW)6zQr$!7`pq~uj7p!32dIJ%fU?IPFi^}w#9s$kZ(Q~_b?^W=Kb^-tJd
zxXDoL!cE27xJwe9up4>XY72L~jhhuHE`d#q<DUkbXnZj#8H6%%OkFu0+UuMnjB3_6
z3$Tr>H<@S4dd55*IL5+D$ULoE`!kQ#y=QEE!#{w-{CisF2JX2(L)R-bP9dA9{0f_p
z6Y<n-&Hc3IZ@nMul|nrV!KlP*D@Mc(L@U`1`u|rzYmkV~GjS)E)3U+@V>T=tkq_JH
z7Ra;rqt)dguI%a!H{xmMI(&}2x0j0Vw-oQS6p#A>i&vvS(u<QU#jB_|E8SB2<ZQF}
zwI8XtzoqyoOYI0NK7OBB{E?-0{{vL~rKMP~)J|i?A6kkZvD9A7ihpY<?q#XH^&k}&
zS&GM7YM*Asb1lW6S&Dyuh>9~U#b;-ADjsSne%4a^g~L>Q`Zs3rT1)Leu;Onm#rc-n
zYYulBl2S|UhmUnC?r*8RkczX4Ex;#PYL}d#;@d36Us{T#lX!h-trhr(mg1V$PQ|~q
z6kl<QfX7>a*UvPI=d<D;7MaC!Ewz`h;`Nr|Oe@t`@tc<7do94Hv1w3lDL!o}E@s7d
zTZ+e6igVdjs(_{V6HD=JP+XBem+Vi1d@UISy6~w|PvvuFyiBDW4~s)pOR_;kz~*o*
zYLmec3Mur`E>EyWt>FitZa%6xy}L0odnSFm3gsy8uc@UwNww)shSrMU2D92$|2fS{
zMn~-_dh`6UL{uIb$VviPhIax2@=1U<hTv7?h2O&BHSaD%&zJq^Ir+pioR2fGYSaf?
z@-p-<7BXMM@A$G}jwD}zUopnZhY+5kP<tEXjp9(?Pde9cnTBUzRj7IKE@=W6Jm!b>
zYvv3rf@ajrX_N}Rp1c51#EQKIMM@);8vQW7haHgmK{F8FPwuuUy2^_FUo8?6@>)J5
zLPaG+D)5?%IHc`Lsm;xo%_rxQdUbEU-rj~hj*Gre<cz-STZ6=i?lk>x8I8oNfG$bQ
zfS0*-H9{1Vh0Ik{#w&lOZtf6MR^u1woU84pRu8iOW~2TJjrv|RlJ*jm@-$k*d#K-|
z?WM*RFHc}*H{<-uI-04<bBwzDvH|93vcPhHZK8(l=1Ri$ULkWOVS9T({!$1N3JjZG
z!J7n3y?k;_#nX>*>hGpv{O0L&9YK*8zXWsr@)7l&={n6`o=Q6vV`Nwm-|yA)k7yj5
z$_AwtABn%T-+|J{z3$kC-;aOzN`UD57>m?72HY%!TQ8;R`&g*$mv?D(nI91`5hiAT
zFdtQ-BR+YZI>-QUW(r=6_#wE8e5PnnBY1#p*n{=iqWMMQylUlNGUC-ncHGq8GJPr(
zSIs9GoatW?icxQtxaF*WKtWoS-9gGWK5k>SJzGn2>qJ2Qs*_L3dpJ!bT)EQ^El&|I
zU!E=A0F=F-woQh0?QM>n?hVtej<2Hmro4~(fx2cc>Shd@=wF_l{h=fHKJ}A*r|z6f
zt~0WP3WNAZNg<6PbSU_|BC)Nh)2m2qubRU}ODd#>6q&%$29DA5;aI1|=HxVs!0%lA
z)b(cZRkomDCbc{|wU!q6Fp5b>N(Ju&USoE$s^Co4A3w0cfjQJAF~cwamA2YBup40=
zyG^F9XhaNRC_mjbh)wrq)7d7vUE#*(a7*7rhhKS5^iLhSFu>Bo#hrWjH?uhUs)c{_
z-X$BoyGcGNXL!@AbjKXlx!WzBo1zUWbnf#TS?5Nx4yDLryy;Ey+tyx9qFyD>yG85M
zF-xCzC|u_HC*FlFMc?j#@T5EwVW~seR!i9%9pX7cch-!9A1$?x;0>sd2j`<M9=uOJ
zN~aaw`;C|<44U7Fy7msxn_tBX(&<(6v~@51n4>P9%l_}xr0oAqb5cNmkU8WJBECZ3
z+5AAFk{Q1f{pXb8RQ0cgeK~FIwE9~sxo&BfL++u+>%*8Hy+bX*zS3RpbMR7{?smW*
zn&h=~PMPZw=yUD7OD^)TAKH4Jpcm@=4AYzjT`6{|n`XnV>M^IhUj5r_Ht}kLeGGAk
z@TIdc@vu)x^wQhRjgRlk{JeON+*_LJPD!hZZc}od8nO(&bS{p*e7FbmtCWkJfO2-4
zjvw@Ii)!`|`)B(ex|#@GJ!|xTx;rk-+Mir^wHl`bD6D`LDhXh$TEOXg0;nDc_b&Ho
z_@DylliYzm$pF)>!>4G-n7hO8y1fz&%{^@CeJX^~bL5DNpo`*;*FyaiD?S1yIK?(F
zD^(9c?q#c9SfM-en)T<T2##Zj0z4+CRdtMid?Wf5w$S85S&iPIbip0Z<v;K;Vf!#{
z@su(zlY>3*5hcsC%)fb4>D6Q>zDp$g+GJ2F@Hi%*JmV$Xgz}PiInCq^0r^G`yRL;V
zapNg909s!MMt|VNEwkX*2%jV)jDY-bN>2JAQXitD?D?V4z_eeDn~w&pLBZKVDPGR!
zit+;TA;GaDPd<WobftxTnH%)_;HU7)_X(w8c&(r>*X)Zuqjl^PvKX$*_M=aprZll}
z3su2tAAB$%-<KMYZ%vDC)YccN!GY*SE<lS&%1eLb)_T$D`oqb6bf@dGadgTidefNO
z^`p0te_p;WhWtt@Y6i!%`oIqLdbb-*LZQ3SsFg@|^&@KA9ewc*<HdYv2AOpyqfrz#
z$&=9@%H^aTie!?{|7FF^=+SZrqj9xv6E1Rnq>SZCdvhfm`I8g5>iu4-EjZS<#C!M<
z83{4}1bUM8B7*K$ug)Xvmp%eIx|c2n;f;Qn*K0Dcb8T1m0ZPXO*9eMh7N&X_kM~2A
zS>BX~Tta5!LoQgxqi-M<@qTX_kSsZG)FH%cR3q&3zc~UmTE7uSGzyt&K%SiPuoFH>
z!KT!{&{MK3vipY70~R7hFhMQ4`&cFMYm?1Y=ialO%P-3{%Q3-U1uiv}yE1;q(UFk9
zSs5fZj)c-Q@%$|K;}HjyVvv^XN}SMQPh2^eUZq9g(ezFD>DK-xYkyNnJoFd|tjEi_
z9%WE#4FVF~QiF$n%Ueo!V@su{sG-^PHzjzP)R2wkJx0Qk#Z|W@!V1@48Mt`sSWaq>
ziPxo9g_`(4P4%t;a)QFJs}d7Rr+ctd73|KhDGyK|!N#Ir>+(j#BQK!sleYqT1BY!L
zOV&y^(mVRsii(z8k0;nqnUh$F{R=gTE);|ubQiZ4=^f>RQsfE9ZF2L-V&Liu`Ixll
zaX$1qM>_CrifhCB8OYqDTI+CY7aUQ#3C%;WCdkJE;Rgog$@QgsXfXVR3|{Fz{JB<B
zWkAM^<3nBtGbpiZCE0GDl%42+p4Mg|F!2MqRoY*SNp5nDuf}J)#S0lMxlsdy$vS-X
z*-nHVeJ9cqS{L&v*-r9|mXTCdFm<z?xTwYA`Ot6iRn`FL0BjNNgucs-WC}-U9yDIv
z1MhtN+Uz6}j^RA6SLH&ib7~<!y&<hBJ1r*FIKmTSnbk|j9<PwwuwojJCF0{h5|Y*+
zzwm3TN7cxUziU0`XeflnlOjo|HKIYW)~7t+(dfWBLfr`FN2{#8<U<>QjcLbH8wiin
z`F#B(lh3PZo)|^{v=kk(7d>Ydfl|i&(#-wvLfGeGv&tL~%#mWc=zUS~eNtNrAI1x^
z7(D&CG4wi)4}VHLP{D@|z#GL?wIYK;tDx^jOI<uu&`UNs<T)Nqk6Anj#a?0|-V2l0
zg{p}EZt?RuyI@D7%iap9Z4&?7E7V#xAN~$oQ`4~Ja*X}slN)`~E|1tx2v15ui!*s1
z;Hj4qKN2WAA#*)n_C&m<CXYshra~d!aLMLFnAe`}ed)(!zK>~n83z2HUbRZoKL=o~
z*$%yQ-Yq72@Ex%vUv?QZmgS(w<Ma{RxmiEe=BMfb?2En=!o?|M6(M8?q_^nzG2}0O
zr9UwI@B&fk9_q$dd|4CT5^HANkZZ)=tP^G9p}h1lHw<hs>ncjKY@lfH1KP{sfuA7l
zIw#0W+RPX7q!iQP#-+VVCWLl%q>B7&w=^lyQ9p@hQsneG>;6P)bMT=)fW!D-!#bZq
zF5gzlh3epQfS}dRN&f+1MgDtEi=U$bhxd`cpnM*GzgtP*%UsCr<d_%rvwO+%VZYp}
z9=eJ4i=jtpb9112&j7kOx4{9;_0DYM%RWbht5MLl#W3&SO>r2R_i(j30M>8yR?rcA
zpz*KpN#|m0i1@Ng&uKn@*uXQ;KqQ&4qwzrSB(_U>M)WpbLy=Y!nSuD`fV7)$&_5KX
z?VyRG;h8Cn^7%hYc|qFfApf53s1F3v2jEe3P7YO(KneCyCV568rWwnGf@X3BfoWB#
z8IRgd278k`Bws!NYPH5Qp2@{47Nr-#ziTz1^^@Fqzx#iMd)IjTK7JCB{rn7Gr;L}{
z<Cu4vbO89}zBB0WW%*c{#KiK24id}IS$UE(@;s~S`<U!g2%#9?v;%})&>K+wsnQ`P
z%X89xkaL}p`S3}1o%%mb1Fb`6PGfNBb&(UN4X!z&-Z%$JzJ)iL>!EG@I@p(dbDCql
z`4FDVb^wL)GqM6I!0<`Cilw&xVusY#j}Hy)nlxf>=poYN32gpjTreV-V7&uaBvj<)
z(?kJ|(_Dkr&;=2LDIzSR*?4^sxb!-6eYmkhKyu87BFM+=Mp6NFieym9ytF)2DAPT1
zgT6lS&wWEu0oI5k99tU7-bJsoXIDAcl2O((P8WlG`7k{D3Ez*Ra18ZBC>Wf+f%$6V
z)x76Hmy<WijsBkdVD^m_3L5e4WAN6Pa}#^uNYj9K80ouz$w-gsJkox-faY8Uh988T
zw|U~Ptw)0$+IsYGoVgy&AZ?}Lr`IE2<~qJCDS;LwKfmH4Tw5N*h$k?gd)VjmQ!t<N
z@VHe=R;-U7o6k?ZkM{7k7sQ+8n$~U7p6{jhoqXsIoVL|Sk5&G_v8%HfKTnAhlpEZ_
zXmrpSO~K;)-V}b>pV66Eo(0N(sA@?+y4i~P7go@ICwQdtK3ol_X!{>Nl!_~R*1mth
z$_~>G;kT@Zm3;?F$Il(|R8KUqf~|)v!CQE7Qt9pzhP*oS7TQ_~9sDPhEB}J<TKKY;
zIP2Om7%8(D<?!0vqz<}PPI^^(i{}3eidHjQYQ&3usL_S9K>;gPmBp}KA$3YqruY@(
z`B0M!bG%GV;@58RjcW9T^AmC~9%rDjx;@^pu~43w1ba)i-i*Hs*0XPc$gB$*FnJRL
z^bZ%2q-@Js$~0i@6{`>HVsN5=d;tJ)bO)r20SV#NQ(d^1oMm}7NtqDWAZ&|ySR<Q;
zpK>){hBu%-K{3SUO!Z+{=UQNXCaDk2#<i}Ff9ChNRw|EsljI|Q`JDRC8(6F8LE)?3
zKfo`a^~-J2=eUH9_Gh;7We)(j9QmA2+7uV{S@Kejqu`pP-!1m!!HzJ^FCX(`sFUwo
zzh-2{3w>?K*<%UP#i&NB^jofx>u~eZ7V~9p<wK$aqfoVpjm&SVbO{-~`SL}YODZO7
zefK~8$XPIzG4VYclJUR^czHAiC5WFw9$IO<Oun`hmOxS+$N8lcsSvaN4T7ga{!3Tu
z(G;$bFNTk4r;PN?!O<%}XVINdtM4R7{=Y2Yk+)A9`UG2o#ghMj%WwDXR?>o1e#R=(
zl||m9$k%5Le2_2b42IS+HJp#9F_D>PbbsX4_h}zRzhiv8JDxTl(kT$^V{kb>1<UcH
zmgRV194*JNSizPp((??Xx4yzpHcFxJAkalR3vUNPeR+|FiF_n-zj<%1<G9YUjO*}b
zZCq0#*ZlONXQvCTzW1Nj_EC{L&AR5IozRJzR4el|ZVXAs=0l`x0_QWyenPyL<aMC*
zQH`0e!~0#*H5|WeMLXVwSTaoh8q~>6C@^t3<3kuLk17cTU;8N390<2HJspHQOf3-L
z?5dAniN}OMC9ncU_M*?jVvn@1SUQJ#!?}LJr|dezOefvs-;M)S<B(@MD<UO;0jw9n
zk0K-6JLnCJ3Jc&hF16UV5?F70*1=91kj!ihKK+vl)&F*xW$dY*LI;kB7sGDsjwiNS
zfX@+NtF3Ka>xrR1p4E2Ek$;?G$_&v^(`eKTQ={qI-nqQNQhs$8<;yMQ^V@C8(pgK<
zcW2R_B)2QY9=XjYw~-12%m3rSTv$EFl<vo`LM`<Z$x;*?D4%PN_2NSpIOrCWZePAP
z(GmTTR?T3t4Ak7p1ZiY1x+ln6BeNe}7X$H(I-(;uP&Wl+PISY1NAV7$?}PdwK5r=r
z?n9mnJqBc~h<+p8>vZsC_i1u38nVYPP>MXz1-aR$nRE#M;eh{04R1tHTS8;Kg2jY6
z89*YdA6XY;i1*fTzG60RQ9I$9>lR07xK<;sf47tXt`oT6i_!0;`vJ}2oVYCdnh?H5
zr+0X)N$+}cVmFE&vJ@2>@`9P?%>0@i3|O3!P^}KP*yGXOUwR30wQ(L0>{*KOHcE_R
z4%_)i!pK-3j@OP4vf=x9+xdYqIMh;D$;I(GxY{+xntL|N36}E-A=DC(PgQa+{SmX)
zHv3wt9llCDFACmChebu~dP|5yHME*ejC?Is9Z!tlmF>g`MvWaArB_MU#qlpy`D9<3
zwAASsQq|f>>Lk1vhUXE1@FNaiorCke%MOq#bUM*Fl21~NgCxET8HlwB@7cAMyE|+U
z&;V(pPsKEly~e@h)xn#T++^UU`BHHbCtfQRr*Yy{v0RV%fHKG39OHuzk;ENaGz`GI
zHDN7CN8DBzb7Rvz(T~!bV!2N7a;!8QZ>%as!_-Y_z*Da+9M9M(_~t5<WYKT2Xl6P*
zZH-NLQi!r>1HfQUYq0c6EG<*0SxzlSFu!N^uUWp?0r^ZoK54;#522f^4>c9koal!H
zYa$0Kg!T;mDh`xB;pR4i;FnOW`(l2thc8=AHDT3i_QevteCQ(%Z$do*{al8w%WGu(
zbgbwdHcdXjR)7G;Th~b;*XVfo_!SvYA1#-@SRMsyd4Uhzg>er^Pw$!DgiSidY-%ZZ
zDG<qrr)b#Uzh42f1WiRct@zOOSd-|r*{4AJc!qKT5~3c#Yh?R?nqtq(jn7&U8YYo9
z-sIpLG@1(aH80@V#bks|j>7lZSf+daa1v)EiHnpui8#pjSvVun<cvgX?OCzuNzqTz
zn{<I9=O)|u<3E?%_~Ug8e~i6?@kf%zANX!KzFUS*L9F-}^jGMbAKtU_!+RPJIBh&|
zhGRUC#Nu!u4<u?lu)^eljotG=Vz)dXX*`g`cwn)?1H4HJA3CIV!3lr3493J~;{>4#
zPDr|3=Y%Ak6ZE1}2qDWl`nmY#*Ot-GGe-YW+vsEd-*#;mq&zeXXn9R=j`C1)s6`wE
zzkOr_#&zaqwm^bBostyV5FDaRafW@4P?bE<DV_%^5`2sSp`m<Y8mk3NbRfD-p5pY8
zVi4VFSt{NdW7@f&x4ggNGV}ejy1v;FzZ_*sa%e*b`~(BPiB7$Ju{UD1yU>VJMjSaY
zIVY_u`lF@QAr@@@YI*;L<^AhA#jM;uPbyC4f-aD0LH*o`w##|pIf*D=gS=Gi;lweR
z?XwtOx_z-YoDNr$13%0pVyHZMEAKMaKP>M9zmPRbMnlVgz^6fgN;HB`iTJeE96`1o
z)aN?2#kJG=+UY#rQPe{&a(1zpvh(;3{sH>=eUVeX8l8t=y|gtcUZ?c19KLC1a*P;T
z+VEUHHx<69-Zep}Zkr&;xheIzV@U9@^}RkfRjcA=J?ID|`l;PtX-;~TZzYaN0F*r4
z4ki_+#N=8ZpR?W1=QLChzxZKW&kmkQ#4FkEKxVdQ@dflg=H^4V66o7_Vj0-WSL7&5
zQZY&dZQ-Su<KYJa%90czoEsCQwzEY;K|iD6WEvK`kC9!{Qp&rgg&#=OgBlQ%972B7
zS_>|sKmhG57J&R6?#uVfs*YpuZfqCZE83)^1pQoKJyLpTl&N1`9<!YrwOWcUwHJMB
zDSE_SG{P*3mKgd_c%gS&1re0)yP|E;gIP9<QfvZufp!7Ylis2(JAqe8fS~%NOd*!*
z2IWA?O^stAa+T>GWzHD71ppgHr!vP0e9niia^QK`B`_<UUUaggR>Q^4HN;t0<SDts
zd`h-Q+Lb1?r38nrQQ);<O6Po_SBXhd+c!a;-MdVy(hBkD`u$5ZWNc{fLP0WT40>oF
zQsV)cpeJuU;Pvo5fz0ZM7Xs?Z(*1z9RP2rgFIRF?VNVsj7}mU0c-6*Y8j<eIZsGWw
z&80AvIz=9)NSU0ns$g$*{8UEN)LQlRJPN>bGzYJSvx}ver(Vt@W(Gn|IL_X=Bi~>t
zl7rG_Q1|$pX7xVkR3y}O*)c5pPuFEvVVN`5W!Wk$n@YExYN&DOg*dp251+pTg;gUl
zpXu+yF6G(j+-3FmE+*0w$p>O;EX*qWZ~_qA1H7Ws9j|pE<;QB2AFVS*>Q7RBC38OP
z8u4uxqtj{dLe!X{cvy^PaF?KPK$Kja<C1ZA5sOV&n5ii&3F@~~V79o_I|FQxlhvu7
z-rNbRe;|mY8+~)o-L(Q^&!F<b9Fe3bd9&DNRzUuWO|G1@n2k}tw#={8qilX*B&A<8
zzetw})YswK&o9IDHGbtTHsyYgQ|@Xnn{x62N)bUgiPK=ZrC6rhIGS$hRjs*bXXaLs
zA=zKkvks$M03~e`v0fa96LBnzg>#KelQCwm%Jir%00iVZoUifTuI4KSpYAwcC$ahJ
zg85o>Z9qErf_Pz0S&T1BrrRy`YGwePYt>^%^vM*%Nx|66w}$jG_q6nuXafB6f1mE9
z=5&t*hp2hE<P#a-{dMRJ>|5Zwl~g_TuL91V=4hk~27Tosw2X8;b<YF3M5c6IwgBtx
z?7D0(mQjXW;usiiR4uxi9xE@x9yq-u1b+E^-gDtEna|VGe_*uD&}cj6mrZE4hITij
zdtAf<>HUA1(miu&O23e!O=%3roQlDT(=cDqxIAT{H(Onp2-6(**S3Hoz@g7`%mffn
z1b1M(;CcAbfRycVNC}RBv?L|A2IE?=o+3WtVE8V@uiWJENqf_L(&-fOf;DJd@X<Gv
z<jILfMn`ijws<(`NNb+qaCvBe_0g~Jyelu9dxjN1<Y7vPw8^3Ml{5{k)CI}LjsSj`
z$)-pb#UDU%bbVn(g{^aMX`O?)=gb>FJ&}J3vB{ICC&K?p(;OT8G9SxL#f7>#HvJ4A
z!q^A_GAv`PP+w~{c}4M|Rrt%0E#k#%%5;jbe$(*j{pKYmd05}O`|6?ZqIVTmV6)wI
zIXgw$7(o}#bWvUf<<WImh$!33{+5D0KXQhtT2S0AgAq|X#C!WGdzay>s{8XY{kk`n
zoa@<))~VxGe_f_UoAxccf2@+=XpwfE?OB&zC0|`zSkbXPob<gd`v36?X#!UqiMDF^
zQIFC$z;N@V1M~iBoBgOh!C~u9s7bsT_5jRf5B>Ep`^}|jU!0U)rR@piIc_=EBhN{M
zH|#cu39%BPbo*Tw_C2zPYFj{1w9!ugs55whGBFV?tMRy1ddNcsu_?~raOy;@5PsCD
ztGU-)V5+$rtOeDUf(A1mlkVqU<P1I%o9-4TD1(8?oO}qqo&X(~h}y_!4i--mV=B3c
z&3yG7x1>5UYpx6SV&6Z>2p3Br)*-OHi#%H0uIlx`dcomRL#!6N4fC$Fg)l8TpP11Z
zS%jB_Y(;0FDEhhmovMF+eW%YqhoZ<`mir|?&#xW#gAUt%a8>pP?*RWqlZ|)`)fiXN
zBb1)P@XO*Af)cmf5mfWS*>QQ9Rg1re2M69Jj|+Z@fhRDrr~EDkL6Uj2hce$g6NS=P
zEFM}LDaVBB{Z2u71>0+>afk!tMybX@my_@naYE-EEhoi>7lFve9I4orc_}J9E6yV*
z6EVA+I8=xJ9D))udj)$RH}2ci3Yz5|9yM$Z$Zc}Fv}<_v0Sp|T^c9O|)Fd`hcN{g*
zH%<Tg*~ZN#=CN@cJ^m4^TcJ@v3~MMA*e+o&e}xf~`dKc{=y7)I(+I~<ixBo_dc>Z3
zd?W`3SDp(id>U5L-6J$q*;uWR+gZem7qA`qE4*#|nom9>?H}%|KIrnvXBSRUoLbna
zDlyS7Q!-M)(HQ+5-uW872JvSxw^xs6(f|7|oFcO-(Z=*D(j6+%g_~?y7JqO|Qx<BG
z+r%pcIxr*WiBR9*r9wd)3wxslxRI;Vn_9OsZ;IS4c=1JUtgQe&?Q1-LUPf_pj{jXi
zH4@X&QT&``!iYTYvgikv^Aqig+0tvmH}0a|OYM$_Gxe~2Lc!NU!O@i%fKVuiu}BOx
zAUe0SZZB<TO;@vfDH=a_j3+%CL$IT(qke^se->jIg|F8dJLP!z5efpXM>59)Qqc5)
z%a0rv-bS6j9yBcLt$y_VP(MiO&*DSDFE9Ck=qQ6C;tarm6vPPm<EuxZyW6&|Fb8Rd
zs2Nvlj)43$u5_VR&aQ1@#OuV&M)7KSi?n;SbgGw_X$?p$D1Clgp25{S=!ns^w47Zj
z2a)&+MaW)dl?MpRX%zigDER0nf(x@C#8s`^w9B9{KlQjD?7E{Ecf2;=7W%)d3#xMm
z;aF($D5kH6#y!+z17^&Dr`1SRF&FvxQ5Mzz94x4r8|5Bisx=V-e441h|Cu$+V#G+p
zvcYLy-FUwSz|7Np9Ca|ey9OhEBG*K}H2fB!-OP>RhuwVpJbb$Y;A0{LfGUQ&L5+Dr
z*F?8=MVJW#$q{mpMZW*f>9a+ZcAx!O3e{LB^t?%-3WGiXW<%UBp->a^I|cfjg?@k3
z&6h7)=o1IuJ=Yz5?$YS<vs~0aiHOzHejLKqLt3%BjL)tlERPd$t%)=*SQjg-sC0W?
zU_uk7P0^G=T%`S>{@hA@8^!&CagDBTYh&2C9(~GaL1h!5uwpi4b$~(P(*^kpxvKg|
zyimP2Md(=@iiy`42eb9!<&`D(KSnLhraJ`clmEbQ`Bma%Vf3pMg^q3!$lIa=P)^aQ
zKfNAR3op}~gw__i^m<PXS|s$}ZY@XIEw%d1j(QH+g`%BAe<-W~d~neMWUjOzGs-|_
zjM~1O;c=lL6CQXq&XSKqkcW-bUw6^Qybkg;)U;$U=ooUNASW1yrE;#D)?sUH)RM?A
zyyJb=wRgYtN4D0M9;}Sh{O{CRDHP3~7fK)ZroA*I&cT<VSI3%XD_`Z-UW>PAF1(_@
zb|Hx`!`z9!k9&}w@DgQZS;?^*j(Gp4LI1K=OU|Io^sJo)F!JQxg8cRIH^spv*DMaM
zD|ys$cW_O~qjA3pR+c;(&jsHTl*il*pLN3tpVtk1f-mPOzjkBlrcukZn^Co5sSsY$
zLtSzyy$Hzb1liU5$qY`sN|3+FqofMzdH?Q<m##`4ja?xoV05cG?uz=j#drSZ^16vm
znC>;syit1udEkyxyv=q*-Enz;)OwLJ#?4%m3-vCH&3ZGQgV($M36Fg^uEU3nSOFx~
z$;%94g}%U0`Tx@MUkUP$81pS4x8OnDS<>5mvwV1k`{itM&)o+M^(kg&LUm%;1^vnU
z?ORSeTfsOa?~lfKBHvPAv&q*9^6qKjrRaavjJM0^7(XVA+9Jpsqo8LV<UA<Wp7FM!
zmw=G@WiX0&emIzs;rupX6m0MklPKR3pC=zfs!6+>h43ROf*i)Mjq3J79)^&f1to+y
zt}5C17`G;wvVl0@oj`_>&6sLHRRYv=@eV=p<S7%ArHLMg0BXR?HF=q}{L57%YMNtx
zj$Mi!xCWIYUen*`lbrObvL<n$Af1kh{2E#u<?mVi8kZ0NO+d20zH?iiTxCsyB*)ap
zQ?;?L7w2P0&^rtH`w7QDxHtv+<Ezj0AlU-)f@J91aUWltpeA6Cu#FLBPY~GJ9EN+Z
z07?YS8W2-c$MiMvqYZOT`i2~N7a3Jop`apE(_`x4>i~dU8!0mV!Ia5v0X<5345^YD
z9JPYdL&!`B9uuTG7_s`4$nl(YF>5{>gFnu#tvK-xr>E*dy+!_TF2G&msmJgQv)>iu
zX_e|T6#D1<fyEh!VlXlCWIWCDfK=ze+^g4KA)Y{UI{HIl*2jZo82WACA&l87RXJ$J
zhVn^W^m{H~JOp~uZpK5K1o>z*iSCni;-k+jd?aXmlt`JsctQRSpb}R|f5$(~g7S$#
z{(Aqw=3mYy%C_MAd~6}lDIx6G$SQ!Fh5v|46zZy03ojUb96K8;-4q8>MjbK)-Bn{g
zxt<S&p<69fJ6r6d3qWaHoOo6G4rCb2t7b9`#b2-rNs#XFku^PbILA{TLI+LCJ0#P^
zMtJ!;JffSalJl+{nokdv=v*2jGxWeeJ%Pd_r$mtV*XN*7hO5t6hVxyh&#B<p-&g5x
zc;d*8M22~DDmqx-AO1o*=YbB*3(A$lpk?33zd{a|er!hZc<FK!c(u_ic3%1Ne4^kQ
zR7kLR$6%9s|02wEqV)@2>XQzF;2#E^s+>C)bI{L)|LP|7;0onQPOSaJNSYzR<((*J
z#C7}-2RD6#T!ZY^2ctsCwKUl-_DLAe@lL$cRlq_Iuvu*%r1TxpU6%ckfu1wCL<k2<
zNM-iJtnANo6ktsJRzSn$JeZT|u^hRr!>m+q9<K)?s};uqdIIs@5w&In-D|y97c=T^
z_>l2ZNzlSe{lweT@lvk31u8^-#h9lzF;9dJsXA~}WUuYz#q8xv6!48`BgotRaywGz
z$SI;u^bG|65P-*iwfDta8!S}K#*t>InmZEBlS&s0bn~{Q__(F`t#-p-R!|avKi|X;
zGxL*0_i^K1x2qIh*3Psir@3h)3TBq3K5N^f8QdCfGi6N5AE{+NkO$&7svpI?l9h#k
zLHU`b<a*L~g!5yeCV7rW><2QwFBAnIV4+g7IaAQ8D<}1*`2SGOXs;|uRu^7F@D6!1
zIJs8+@5Oz&=xU9Kt79g4qi;gDKk%B}&g*S<J3w<a>t##vPD?S~BdM6JiO(PPEQs=H
zlC$chlNeTQ<Y$j$kmbC01n-3uR$#nk{=e}cMo*#`eOKd^zZa7jee)5F0Jt8dXgDu!
zIIWy=gD{d!>^ebijt<i3-DzI03r0(K>l51t6Z<om*iM+(A}+-H0@A)_<dJ!Q>kF&=
zYzN8IdNpqWPjcK(`q7d;Fn@MwlLvLw8pgEOID-2Y*2kfW65VO?Vw|D5HrN@Iy?meI
zBP7`TAt*B#+am~$gxU%tVS=*2t@1s|dl|FgHOb$t-blnbg2qPNf6KKPmuD(`Bb`1e
zCN3Q&ojy|`I$@O>Ou_B9&1>Ce$PMZA3t~k5Q*I(>_xGI55I_#quJep*7WnFfHQ8HW
z80jVf89U^578qJ~de!Alc3=Z?>U<n5obghdQ=BBV-6virDDkM6IlbauA)J(oAEK3P
zKyVl?8SF&yDJNb27za4&`X9#J_z&=dMq)Y6MwxhG(&$>cuMITRS{Mu}R*d2}fo4YE
zi+u$-$*YcxY4-`)uF#sVhwA#hs+fe8@w$OZ5Q6(DK7%oCz4dXk$4}@uURqw{78ozS
z4DSpJ(sdl&lzF7LwzZ-4UB7o-dK|sG)Qkje$0V;e{JddPq+IKzU0*;xCKMd!UFkdI
zBif<Fq;2Yg1UA;5r71Ah)IVdqle-%4|K#X-vPzDZ(5-LWRA{UOY(=i|7^eDKFM5R3
zgJ?M21AQMY@i|NevE-miV@%TA^cWZTxJxFH;tVE9q5Ny#tBvOvpG-wQnQZdOt|{T9
zlrH(?R&pv|mxg@8;(rjIylq{-eu`f{st`(-lJkAhRX@u)iNra*V=V8RZg1(lWwi4H
zhN>xY17Or!iwX8rfbG!xGdQ>pSj-74;XtyvTU~ZAHKt+O(eKY55D!Xi$He{W(MgG%
zg&(IHa%7XmUO@Y7io-7F3iP9mHj26VbZZeyZ224o1wYebw?oNK)YmgnHcGqVf_VSx
z<tqNaRdViJ6EY^wM2ps0Tb{}YRf&Gi@?luoQ|8PKHHp8{A!C64k<6AAX9F<qe`A%y
z6yI`9^d0+tUXZUA<T-9@&)9uV{6YB@=r=12wFDE6>v34-;Ghcf*4Qq)zhW2gx}%iG
zZ0V;dWg8z8A7zdw)D%nxv`oFif|r$!JG!FdRdzZC|NHY)eB41)T%qHWKX=sysOnW=
zD3dr6ZwK9UXve$M>Apm+WBj~1#(fXdJMLgI1<50NDX&u4(D+v=yvsgMKt9aQ+C{Gr
zIuyJIgOSa_DPg~8Y2??%_@;SYH)gj}kNnt+%cJP=qqgOw|Bwe$E}+av6RJ1%TPTc8
zV)3CzeIsNx`uG>uMgL5SSf0FDz45w4ZklpWK0!<Ls&5jYL~mZ^A-)V<R1u4*096>Z
zlcJK;^H1VVCE6FGn2g#M$gF?pJit7l+?R|10?JaiFE%KUc?h8dzo82**xd*Q0_gt3
zAERG&pkMx6l%f<OQO^jAL-v3c;EjGPfgiiJg1YC~_88`F#X|M32YPYpnh71(cNT9^
zP>KchjhGRCQJtNojU1g1Y2&4ZVxsStvr$@3=~YJ^q(dYczt9Fj{#2YN$QyxG(*p8Y
zp}GO7twrM=bwC)U3Yj$zWkjd3`Tv+ZHb7A3C8PDgE6Cpjl$<pD%w7%aEKUeye)-Vn
z={v}1*T!VOehdYzM)!lfGU9aC`lL_ee3`Z4;O2#Xe#J0)9o+Ae_OA9xr+bNxT1Lj7
zVR(#BZSkLKtw$ygUSex!?^$aT2mSIkX;&hyWR6+}h|}Bz(220L9=~D-`7Rwybdw&>
z;f5QgX(?yulg!4TyFxpYl^e@pc?ve)?7P{FUub^Mj!?U=K=1|W8g9u1-;99V#Po{N
z7SuNg090i@<n)Vol@A7K+!rqmyI|P~{vg-1ej_*fZmK2qg~`DiZ(tT_GDDkwB)se9
zTS>3c%S&6j{J`QbPbYEmepuC2u^$UDzgESCr*(fod4dZlLANmaS}&;ekMt5s>(ELp
z#5Tj`XUSElxsU?oQ<A)Zb5cOwgTc1<>pox;ICL_=Gdps267XW%i|o4c0sDHeV4;%1
zPQ8v{il-!cuDpi8%t70fd!fue&|E=Q5AAI|(v`A~E`ps}FiDevy2r>%_!&*Dn{g)!
z(n<dSLng^J>R;(KhMsflb#AkRX8ssi&uj2G8~h9de)|~>K4*hJsWW`8OZe#;{CFGu
zFNf&xf3L%jx53|grW5?vhjfOI_9?e?t|uNLZmaium$O4izxQ1%X~3sSaVVy4DTq}H
z8VYoyF`eQJVPL6O>A2VYfR&E~j`<_9sPwq^)i?~Rrs;mI+fe({?D5ujOk1<dL+IiX
zOkG~Wv9r;9O4+R8n2I=N(=B4f)$7+7u_pK+bVeM}1;Q-i4A5hVj<=^vyw3-`lQg_N
zh__b7roWo_M*l6HO9(zKKkn7^QHuMW<OOY=-C-@jn;<sIrK08z%V9Rgk8pbFQdURW
zkg?TBaYotA@O5-uC;sSnFXNBVHvafvu+ATkwrl(`+QuKX?Vb3eWN=sfx8fcK|56+L
zSqA)}I{Zs*@C!P_Pw4`_;=17;8n?^PhMZoNSFi;K<T5M09Gy95_RQ6nG44nO?P3^m
zhKD4Mj6SyIcqbKJ%j+3XmK>YTyI?e6=LN0k&;_}+sGod9eg70i0!S5TkE_#t$3i(-
zkUouJz}ylhPu{p2=`lDUZ#1xE-SZ97Ns@4ik;L+iMwMx&I#Hz;Rx|x&vV3<ldS77!
z{=+~W_&?h;dS79Ke7vm_<aY;lMejX#bwTejKTq#5-P3z;+y9*2liGeEz0>bv^tjwE
z|B?*(*Q(Lua=ZL%?JWP2y5jFGg~oV}u{H6a(ZtoQ=6H^=wem#gR<231kLQDh4F4%M
z;7JDXZ(20`r`RB0)EV-w0bSwWPlNBa&;J3&{MX^T?eo8-^Zf4;{)#&p{Gs;wZ@?d_
z!yjs&|DEBdbP0ck2LB=({1g3k_^VE8@Gr8#kM9h>s()ATk1k~J<Lv9d0sm$lew=;%
zKiPTx?-Ks=8vG0G>%RfN{e%YpLi_sP89vt~{PcwefA+IAv8A8h#49IE{_JOKW#@@b
zt^B^9oj<n}81Vbs`QLzlwFQ2EJO6ive~k^kUvWJM4dj5txtz4kH9cpsHP`bqA_q4%
z9$Z${%Hy#ZIY+^oYJ~x1<dJ2_6%QI%4;&}K;z3J$C$aJ!;IsP<Je)d*D2-tOx9aP0
zC9ll-35?`6h7euFP%lP|vN+Qw$Aq1<Io1V2H+6@Qd^-BQU+FXB4y4b9;H8+cxS$DX
z^HZ3Zw3&q}M~0U$dg+)ABcT8b6)0>#I=MR`weHwYQOT-5uejadkI6Rvn8EA(G5DCt
zACqnTam%qz{4tcb^WO{;evS?P(Y`wTkB*w~b8PU>9_<8wRbMN7=0d5t;JNnQMo|sv
z5;h*w+)hSF&BrhyI42;V@{z}Jw6C`QFc-A*^n`o3i`h)M`lPlqa<yD9ekV7yZYzz^
zNI7NP)fi576sIPAL-b#Ql8_h1E8m!(Pe8Sic_fa2pV4O-OMTI-UA^$h)ri^xJ8G~g
zYx{&S>qByZ`S95htEYG)a*bRqwVx4p%AdFH%rfvg<d-+An=rGk8o7ztucQAV#QfbL
zRzd#auJ;y@zHl+ctD~47KgF43wWSWl!535qIFdSMuR9QxVAy-8*T659FmYXSZ5JBv
zR?yZ>e(VAZjEdY54P*QlDv7i^#BC(q=Y{#O6?O;JZNt;6<;|n&D>dKFp9W{NADLH|
zXpNsQD6e2T0vMfzd79sD-uNkQakzPi_$y#;rG&mxD)0}cO_C-$fqLfU;g|6Ck>*^!
zr89g0?$m%!bc?@A-@sB<HXwMpnq6StfOc0wDQ8V&yS31%T3ifhkHxblco<X!4|SQR
zGTw;Bx+XdwTF}{Nix1Jk{sqIu(_onA^_0;K!(=qFoAZKlqZ{2kKwiBL&%|uY1m!9G
z9$zkpm&y3>E<B{*LnS<<;sY?wjcNGM01xBvp%EUkX|oCs0zT}5hkSfc;bAU5G{eJf
z_|OIqcjK-M{yxBxM=Cci(Ue!eH(7aV8Fj($eKr5!W8}f)#CYv~Zv|+^Fk@4vg{sgK
zXc^2ZHq!!p&KC5kE{F+yPW4K1dXnp`Qon{T-+;r>^hj@@AQGdN@-bG4&6Er<AXBX6
z>;UB`n~?&4J@6Oa=O?2z6#k~b-*NCa75?IPY4BHozvJL<KK#vwzjNWQ0Do_TzxnX@
zZumPF{yqSIZ-c)};P2f5<@plg&in`9kuhri5_qhj#|jz(%%<g&i8BRCVJKHn`dSTn
z>x9IODF$0H$3L9AOKNjG?25#9I{L?ngXbaJ@RbnnB(qy5`vc2`yHHTLT9#+886#O0
z2jne*(l$DxDOigWxAHTh{^VxeE!fq%4bKB!%>$VMi$oxNtwR`9lis41j##H>l_7u0
zAKAe+nn~qdKY9MFC+>xpNDYo%9QS>UP5V}{YXI}Td|ts3LE77_or8XpCvVEb&}_T#
zZeo@2s;{(-><zEf_@uT2Y_Tb8;>*zBHZ`2rlgALB`<Pdm?}9+<F{l-&-sQyXVAhlJ
zZv2b@PhaUSc2FJ&XSd~%2aJ<>8U-91$ekvf<Q6i&fYm;a&)E=}6EplDfDMP0H3eb5
zxwhPd2_)}S)0q#Mo`2*{wRM~ELO)~%mUX>>-$VT(A+ve$#U<CqVOEE*Kh7b96Mq%;
z==Tn)93@L)TyV0G*$_M`6i}*%)fin^^FfEzlGd)Gq3A?Dj${AfbGG)(EQ8EX0-sm_
zy;@~0%NjvBU^Bexh;x+e@e4q$2cibr4tc~!=EqEbW;~x4<gNNeiaaF;=QLmT1abT9
zG$Hfr#h3a@u1({D{y^BD<_LrnJ<$P{d<$BCE~ftE$#v>>sV`McKLjK$x`58^RpVS7
zetkmt%IYo1pQFCO#4Yu}C#rhEx|s2`ARnWUZRv;9MtC2s)Z#bK5<*QZXutdgU-k);
zrGk8t<u8K14xP(};Rzvg{lk}(TpP~??|@;5$6*+aQ58#Uc(ZW`WG?c86nWg6Dh?Oq
z!|IhTbc(8{8yKi<fco_~il#-F0rmjK+drPgbL>cm#$nzqGz##`$jhze60M}fE0`J)
z24gcI_{f|LF0vrT;#E<bYD;`yE})05$A>gF&IG<we5VU6`5lb-PHQ{HcgpTEz7vK+
zr?){C2fehILY@VWnIUG}w)_^k9zeV2anoPRJg;N-<tVy*b=xq)sKU%oQLDwjsNOdW
zy%#p?SL!;($FPTmpZ^F83(sp|;q`tpy$Suae~(xV%y>kL^KSW$MT+krKk+=<)dQin
z#l-Z?y2q!CzjFVQv0U*)xtaXrGV6j@BbJHyE5@+Yj<C^>Uc^nrwO$o>*NW>CsHxy9
zj4uBk^)%Yl;r!f9KDz3ANBeQI>v5>Se%BbkN%ZRHCpY@!b0~m)cvb~mGmKrQ0+B*@
zt5{ALkdE&=aI<)+PdXFh%g%8WdwaC&G6eT3aQ2hr^{PDRl+HmpM&Og`9De!7oXj8P
z2c15C+93=HEv6~1_M)*+_vol<p<sg$&Uji`>I_ehg*M37JA?glG7mGSC1ZbzCy1{&
ztbtmzyhYz5vs|jYh*>al(tl{FN#V=B!*=&%^JRbMSQ@5rESXT|df1&5&-7=iPh70L
zPg#1j6gPX+OPl+F)P1C{nF=9=?pbPyk6wwRuIh<<^tj}H`4ENXkjHqV|AyZ=nfv%>
zr^5?h_`X=Cy0m{}BCf*~(jiBt%0G7{ej1@ZD|t^lK^NQ?8G+}AT3)2}NBWt0ku>_T
z+(?ltZR@!`-_rF*`catFr#Qp&kP!rX5jh3|*sokBKRg!GTfne9N344f{3dGpM;(xA
z9Jr+oU;DBXdE`GNc4{=S1EcQ39zh@c@}(356WJlscGi^NNEh>Dxwe8eFKtYb=^=98
zIVNW;)QuFJGwU<n>~REnvoWai>LBB{PhL-ca^`-~%A;<UYD(I5o78q2U$&O(f=^Cz
zo%35^)|;U6q9u(HA3Df-<CYue-C~hHHhO<|sGlvr75Q@oSD;*E<9POvWgNx++89D}
z!RMJ=UPWgTPuucInE9;=D;U4BbK2StX^}j84W&O4ceYass5dOdQ#uzn?J<iFp6gUx
zV5xo5jL#18I$P|8Qhxxu=h8u<8~Nb%oMTuaID|ekPn*rSx-kD2kLBc(0r@MsR-OUF
zm8lkQ9)DRAyf20=G82mHgC8q1J;oK4Np8LjwRXP}56Trrxy_O5V4v@kHaWC#xK*$*
z7xQ!Eb-uOajU{~+7adcPlUXeeQ5JhBT+bfA+}0tOE(;S4wME$QHq#G)Gm^#8trDwz
z)sX?|O*!&s(?W+tXO4U)M=t*f6mL3#tNw97&-L<XXrRj|LeLn7KQOOx8gZGWJ;f}}
zYx_jL3~yXW?LIzqehg>qMe<=^^}zvtdB1uK#x-R|HNFhv{Y2hkd7;$-P@=g0{m@u0
z^08$;QAQy_Ze_k@(!mt<pR>uon#`MmbeexSQO{XO_w{r=0W+ePJ&O>Om%K>xH4oz5
z5qW=lmAbVt5ie4cy9yvR;{f`dVU+gZ;ApT=-zR7(nWa<Cpbyk30W%8hSG~w~1r369
zDkgp-gf=Xh3F>v`cK+p>aMBBbf;0NDDBy%MkFdgZZ)0>1(g{{o`S4oQC)A^3>1s(C
zMF7y7W3iJgDaZcRA-?)7>Nu%uNDe`2=Zkt76sRzxsb<!b7KhgZl~+0t;OosmfEL7M
zzdAEw^uAy8aeKdKnEifccZYs20wu6dtYlm-ah{O*=_<rZOsMn24mGXmm(XD?VyPbd
z6(hnmb|Q?{{WI&(*c5%oLXf}O^|wC#FB%Kbl!2Q985l*U5C7jj(ODT>$v!u1m}OTq
zF9SsH?b9;YevkjCM?h{X3{@>136GNMD3p6>Sybe&S*)w2Hhrzn#0Nl%qm&D6C>{{~
zLX#uQ<3z6%aa4#ka$9{HNxrsNFyd2i$FrucEf(EP_%C<xYx|15s@3GI7*eRe;yQHy
zSPo{f%zsn`jYmrr*H(HHJREr_W{ZF|{5w;Iu}kqBs*3H<1dlcpk9jYicYK9c&`gVp
zWY&#tv*y2=1sgkq2q^{;%vj?@ghw<#H)Y_&`}O`eLI1Z|`+orXU*ARlYwi6X)S>_P
zL2qlsXSM!61^uTt(ElQ>{|eetw2n;KX(xhxKGe0Hg)U%M&bM^Mhzf7$*>rYpAS$LT
zj|*-C%oNuGhRvrMHs(D_=tnj7V}*_1BJ(!&v*okwoZl!o29G<nL`89&B~j6Qhdogd
zM#G4Faj_m2_dH7-BP-D)2bt82Fu7xO0ONCE4fzwN2duZ(!nj68E~95K-#`ejvq@P6
zQz&22tue}16vvst^D!0=2G1w4*eP34x}L14;R*jQPF92|p;(x2u_p%c&ZV$^X7(aR
z982~hKJ+vq{I<1^q4$ggM%sOBERl*mBVcPK>i(EguG3+SM)$)vCfCUJEJhnFMSrmu
z{l`-DiM{AWOVK>jzM%`IZtYEB*ARGabq&wK3mk4Pm;kRXcIp08h5R+WtDL61LCbpN
zm47Dc_xlS4ekq9Q>OwxXL8v~JQMx;Zp5dhtjGh3(cx>@qD2&Gmq=;c2JK>81La0W(
z=omk@&#f<}Z~{fE!={DSCgF?2f}>d&Q3G)At2tg<fnSZouU4_IxDqHtAs^hy9HwDp
zCI~%iqMNjc8NrQE#k`+T$j{kO$Y0*D*cF*E6B%siug7vR@ff_TerzBV9_Me}fXJ^+
zN6Nj15F-4XrsKS)PutAl929S)V%(uemO8DrUedF*e#MFnbc&HC)xwC4K#%K$^cp;m
zY27CDY{UqTt&JlZZ21r?_4-(=20LfK!TfU7>IB<<UZ=N7Yes6M^jIKtaYsT2vrN(*
z<NGBDBN~ymdi)$lG%OIuSZT~YI$n!o!bSt=+K)fR&#$hv_8XcBHHz!e50vp+M;HxQ
z&Ey|O8w_01mN631&%%F1KaLYgMI4xH{`Ymf|7+0uKvab*;?Bfk;>9|pc!1nMu`uAj
zT`=|ygsMEa78c@D$M~CEp665ac3=$JGfMXmoepF`PotIHjvpw~jJhKl^|wcgh0I1A
z{vr<`*aWz3e6$bzu7+8{?5X%e&BZL?tE>ar2}n^Q0N4QlY9C!6v|PnzTB2zmp!xOI
zo96riSR-}xKocu2Mr`^3GKfn*L?zK$AJN%1(^8M>6!n6}vF$H|O<lBY;l~||yl&<Z
zxxH$~<6f0tJImXw<arM&qF0q0N5+bA$lxDwPS2y;t9n+8({^qPRjrJxf{ob)+xq<R
zxfE_?HLS;4^^g4CW_~TJhc8O^aDb<yp>*T934kS@PRI$+sH*Yf&h5u-{63TAF^4bG
z0OGaY9T@R(|4cO8!aL9QD)IcC+qNIxzF|jX=k`Z0+Flhrf9LjSZ-d`<ZYSN-kOw=r
z0TB6n^@EwzLk-|>4S-^z0jw^#t`n_NI^MTuvsP|2`1vxLjcsF#M+(&kCWNYv@t(x5
zxR?J3b8K!kPM;;itUb&knRQ5$S-_7g4SuZNGeKje1`r->(xSadD2=sqG-v(Z6!<sK
zo647q=fUdQ7W1xu_0>PJxIG2+ey@jabcKHVM{a3S<umZ7G*%C9Rz2}s4A(xrrjVcI
zy7`S15R37JW4Smw1S;fjblnK=2!0x0HZz5z3??3xyB?_o9fJ44ixpSnonuKi9(s|n
z&ags_UYfmHs5S8+|Jo~8{Q>b=YvQv~!-t(hxr!LzP}@-KrYCD_WH_SpxHpX<QZ$Wa
ztGPXe%Av*RE4qJ_rQbi>4zIQItMdrXmG`rDM7<qeYv(zmoyZu?j;pnUR-DRzG5Wq|
zw)1zb9VzSWg*sgY-OS6EZ5^VM^xt``g?EP=Eo`*sqhsyF|MWOYS(C6GfN=f}&rlXr
z6gn~=$M036v23le`DSCc=y~h3b}-sr<%)cw+mkOF?JRv+Z)ZnA7yU^vn%FtjWD!0T
z!!#;={sC2B<1<E3uKe%)W3{lK8Cw!DP|n}s#VU+nL}sM50bpMBo-Y%-WT(ix0M1H}
z-!ppr*`&uy_VK-<fQ|3cWX4D3`|W&m#Z*R+g%=nE$vbNsU*gwwFH<`WCOy`^Y-^|f
z4%W_l$?Wu$$ikZVY>Jg2hhZgC2EK})HwDkb{)2YEYKYPQcVEH&f6=-BBdGspjQ-O&
z{hIavKC}OK8T>HzjxNS&!C)P&D{W}aIfG^p7YB973kXIk@jiW|p59C&b^14*M`~?T
zHzU=<$hTv~cM+rG{U#mnHuy@qy$gKb8KmPI3Rv-d>onrqC;#@b<S2yr&i{>$?>CzW
z->F^T%Xf$Gji<Z9_clh~0+YV;4f=j@TNn7o2I}~JC0OxoZAW|uzJ43x+eG;OYmtuc
zr3~LcEb5H!f-T+P`(}Fwd`S*XXZX%G@f9p`{-HmhoIlUNTbJ)6hU!SC2y8lphZ@r%
ztGx^P@GxuV5wo3#47#jd&;?!gC+SUml53^Q_vn{=r3_U<Eku>y{#vI>(&t2#(62jF
zCD7OnRVq%|=SLCaw?|EWTWs*#fUfYIVBk5>hUe9YXV&gp0nZrWdH7x(&qbdRo;&aD
zjOQDhyTMa!v&NS)<yrUZh$d$i+{)z4M}ug9Mt-!1<k>=9o-LTn25^!&fRDFzUaz{B
zn^M;4Te_gjB?EN2oXue^e3)#sFtn|U_3D?&&F7#o#)g<zG1PZ30d+OPzAIAOO7^5*
zrpLhgcMDtpMoL+OjP-9J^7qF6#`>3I9n?EoQ5GlOg0h$|TRKGVkg4;L&>e5XBmU>+
z*_;hh)<^TrIp!HSrRPw9T+`sduI;>b5UA#}wiNQS8$i+8Na`CP88Rf@AN-8MM+O-b
zu59VVFGP>=3=f})M}~&SG5%Ip`$gx&d>=i(<9tsrno9Fq>2X5~3aRr?&qE=#gI1@6
zyMe3w8(e)Aa`mU5b+bD4Z=v%y3x0oL<Nu~P{;zcy|9Om`<s|CsWk<dzeqN;WGv;$P
z5nOSSr0C7_m=r|>3-1C1JqCh#xO`sP9fA)+eH(tyGW=dP@q5aS-;tXcegy*vzw>h$
ze)Dzwj!d-T*N^Z!f7Q(<0qa1kUNykLZye(H^rzk6x8;P1U;Hn^Z@PxxoeaM#-}=t3
zzfPaXc<Hr)1}`l-(OJLgUf<K&*?$vj=c4{h?&N-Fmpl7?Ryy=NfhQ&JQyrp06{y*(
z`WaNX7^zUUu^TFUdfYnSewiG})$l{VzYh9Wo(;A8jw5QxCTb%QwG;!j2av-f8@fR)
z?YObN{4%`Wnal8UcgE|3Y%5-0A45gCWG*Snh*x-FXT5MncX+*etdo3j{xp7Q%+NM_
zmp8&l&H^OLFHS=HSo<6h7<}0UhScnp&6w!H0R|IYa?G$VTKV;7>G9_|j2^G?WSDEh
zIdy!;a8APlw=3oIj5YZA39R9?{zk+9Iod(*`I&K0t{ekR+LyCX3m^I|W!b|<#%PUP
zm}E2(IBJPUZIu`Av34rWcHXx4Z|#k&fBX8dc`|&5eV(kn&N}G3n@Q__`bMU8<FNns
z4x7Mz0EhkN`fi5(jb>9`IDV159j@V*#PG{1{>Hu^8g9eSNBH$QFq>)Fh+oU?HvDcu
z{8rU<gP)@#em_gU;@J$p+ZldWe!tx=&x*6G_`PuiwX&(RNh?F_<|1}U26hr+H>^AC
z3XXJ=Grie*I?!BCIdfgFlCr*^Wv->SR_W_$3a>Nlu4}F6#UXmGf6X#v%}P+cS0x+h
z9Y^$@Sl<nL>kfC8(<d4I+D-Z$vD0tDEJnXxy*2ZYMz>rWV)q<I#0Hp%rQBwt+jofA
z59_)?Z1mwybo+tf6*2Mp&W_hxGZ|h&uTFCCU*oN)Z90UgEtzSc7Fu9iKsO?4f$mVN
zIApgEe8KSAX5#g^9WNdlLX{11d$Sj3sA&Ul-8!5!QT*FkU1OLZyM{@QC4CIZ!5``<
z7ac#Xr!l@Nzo9F>`Y=(a(Xwl-H2UX3q|vM!3>w{jt8Ms3;2Jivwi_BPI@p=7E@Ajx
zX5yD(!*BnLuJHR^Zyi51(~4g&!ta9_27cAI*zik4{6aO|;P+XyGk)FM4fOSY2IH?4
zy_np6>npq5&9xzTPn7uIL@?zRn|=~U{9oN2|3|I-PwVUghF^h+-_6E8^X+_~9g@+e
zgFn#A;Qw)qi*8LcxM;(H&g)P7Pq(Ab|9nP=bv>ATf8|TNe4n5-wyn3(*!%-FdQ&^8
zj2|vH`C){8AG&oqYv)5Z)7!83(yq5}y_&W27qguck^hC>dB4`qHW%y9<}d91x&LbG
zxIQ1jaUDP17*}ClXT3AAs+)108R;a~y0;%__-($P;Wx~s(cud_9X4NO#qX$!`2FE}
z1Ha`r+we<5{1&b42EX^!PW#Yl48NHsev|F^U7_LkL;_n+%bV=$=@nP8apHQK_D|Iq
zClYokIyH!OQ!6uBn-k17e`WCc+G%VL?i$`SoU`%!%?Ucce|)8tB;W1FJ@~R|hCTG<
zn{2Y;5b&LP)0%Eb^7?+eK7I+qZH$TAhz|PCG)9jZ+WaWm(n0^RA?HKn`b6^#rMzvf
zZ86%8$bI}tH^{~B@5E1o7=GuO_<1_$KY0wl(HcK(ZM5@KafVI**@xD%sd;2QBmKvY
z-+IJvSa<jp?E9bd`}b2Be)l`set1HoeLwvDSSx-G#LxBiRD<6u=XB=x$3N}{zuF%=
z;rFxazyuAyV;tl6KX114`ve<)xBrOv^)~TKp3`|9_;z(S_+7;C)27Y9AN6>B>|2!h
zy1DPv4^;PjU+WM~YKzl0I-y7Q8y;miXD)(Ly+*xO<D*LlS!=|8u+{h-l<L^L%xYvk
zVbpjWYq(-YoME%xO_qAMuzFYiy+y}O#CqBLyQo*%Vq!Rw)pPYR+9Q&#|G|3ciM~9&
zm$k5W)F4X>WtfR2@^w4wXZ<K^Kg%!(YGkNZ*1N?@HCFHPQ;fp&-q1)w|2%1Jo%;90
z-Y&oV@kFODXEHp`pJc-&wD*{e<|9X$v>U-{T-MX5v53q-_8QUDK?c>1>|r&wrdn!<
zO_9ivF0s7kNGB}+O%OCKwfV#l(o&Z(a9!9HLo-a0pr?Y4NFhTc>&8?oyOa$;;y!<j
zkipIQ$Y-GiZF7#c)bbK1o^8kRp_`knowV4t6SXd$xWr17vM0_0<jsdz*|-x!tYxid
zplp1E%0><|$`%^+o;%3OUN>M;*(fZNPBZp;<`OG={Xg2i1ip!CdpPL=DNrWt0Sc{J
zp&(mjv4sFl7nndQ6{w(y_^jdrDoR381cFH{^Pd-~PjPwA^`XywmkKDQrO<+FDIl9j
z*=LBdDs-XEch0>tlbIx45I=rDrkT0hx#ymH?m6e4dynV)I?W(F+&?gE4<4o^KEI$Q
zd3P7AZR{nQHcC^QdvGJ9q1cExdqOEkaCQKp_fiN4x6$?*Z(<YQtfl4BwdK}eIY$jG
zSKd!kZVIMZ{v>{{j9V0BW5x0zbiKx_86?K@N_7a0aG{?TRfo*WywFcM)nSPxH8f|x
z>L!LiHni=!Lm{6|9tx>(*P$kA{JN=x|2CDtHI=ZSse~C#C5#J`KzeX}Qzbeym2lzL
zCKC2Hl~CGL!n<J-2vn<@DzT`kgxO6cWHyy>!>{<|w%Fl^Q8i8~C7i|}+;OrDGr~`F
z;CiAB<Nl1!m+Qano**e>;%mMp0RI_%X!+O|r)UJ2nW!nw`mzIIa*=0y>cqQF(8i0Z
zHH{xSp=mtA-Vqyq^t$d+!+iAh8N+pAdOa<@SX=td;L?>?I<F#L$4CF3K3oPqid<wB
zdjVwX4LuYXUqT__t1p@m5*mLYWj5U$+AkNB5zBv}(zeQ{sOxrg@nO1_P%j_m_U+8=
zCDhA@di*d2du3mr1#i5f3*-0FyuZ(bOK~5#OS;<MXYSH~zt8amSynd=B<#lX#C7DJ
zBn$QSslGmFr)(|&C{YKVhx-fuJ_WRD&kX8^)92(?tz20!fbzYc66B__P2Y1t`-3gE
z6EC%MyX5b)e5+PIjF;LeyGGrPnB)&{UvJLu=Zmy3`=~>et@gD^w53JbmWmsL?AtB+
z{Y*}i_C1gO)>FIhc}8){VWr0UX&bwxF<_r<(eLNz_;CItN)yNXQ&QP|EgnhuYP{m{
zvt_cpQ=a}2*(v{Ga_CNZ{-;6nM@3TN`wdO`L$&PxGoFt34|KP>PeGZMu7*;m-9_;l
z#H2KYjCbqydp3=u?Ujc50d46=5%j_}cxK^+af-&fW>V-*&wZbS#|Pmlc)wu?K3en#
zx^7&U@q1nI2fAJYPe>qF6kQw}@C1sOB#)r;12Tf=tf3>g_Ty$oP^b^VXN&$o3&)0m
z_l&Z2?YN%8JAl9&J7H|V6KJYchPU#40<R?uywT0Uo6-cl&G`eBnZx;$DDZAgr0_l%
zkMMST!5r`e`Y$WPn?T`xmJNkB_oHUuU0D~NKQ-?Ubay_k1MSVh{sGGrCS{~RyT|m_
zOpl&*q4voZ{esqv34@<_#b4^}>nMJ{=nK<hWd0b%Bgj2b#!ke01Um~ShGOTY51YZx
zgSAb~m*)I~E{qNX?<30I<e%44c>m}F@Q$q*t#}6QnjphF^<4sQ*@RGd3qEKD-VNdW
zX<FwWG=8+ie<Xj37mKy_qwy4K_tajR0cAt|ky`W<+L;;#KT{Mxq21TemS*(SwDjwx
zE8D-7`gLEb#!u)Uz_u=cNI3J_c%8^!nV(SaRJvXcp4BtpCq$I4bIOjli30Db?Tx(p
zR0{PF%8XNYB}k)*zNGb&Ytc_=Nc8QxJ`@1v>C1G7J2w7!PtvjW@YgkVK?(ttItV?e
zu<9ogC~8;s(4f|JF~nZh(!LXu5^i5-u)?&Av?b5^o<#n;Nime2$q3zX`r_SY)~pkM
zh8y>m_MINNDI9!d3e#8+PvLu&z?U9?Z%Rh!j#HQB;F}N(U+esrei}vR+ax;Q`V9SA
zD_{K7mjd{liE#ZlMg=^VK1>hwTw3r>Ga#<{BZSUd^bZ;;!51O<2Ni4xvj0o)y+h#Z
zqZ<|QT<VY>>bX?;zh>Zz{3B$4qDA;tjg<VeCBLGR>$UrKtNKt<|D~IT)L*&~UOsDa
zKPg^nZ+|Dr|6zTQ{hzky+0`8h>f8v0pc>Occak>0-3&JVJg?;kt%Gm*2nye|6u!ZS
z)&<%B<0L7Kz;{akzB|LfcWra<<%WZ=W&8hd3g5U+lKp>Oko~_mg>N8%@3Y|we8uBK
zE&orw)eL-V&;1qn#!K)$Wt8myUj^C!CHRhaMff@e;OiR(z9Vazfv;OQ_*&ebc>P8S
z-#~`ayT3?F@2~fw@YQue_#VAcfp6Kk(4C3&=HPRj{VVYKlcoK!j&y#^Dbmgle@_bE
zZ3KTik`?%V9UBVYfB)MIe7nzR;cIapJuf+oyb)uRmx6mKWbSJ^X*k8hXTs^zE$*XV
z8b<NZm*QdYl(pJ<c*#Ut``xH%O?O7?f70SU`YNfN$PSX-<4f&)S|znpt8M3{)8YNc
zTig$hm)aXB`B&wC8D#&E+N)u-_781)SG+I$&QR%WQrj=%wP%y=>?jZ5TRkXgt?q;}
z*P@|{e(V|(x+6UCjb=#eiQoUSKe~U2BtM7xDMd-}@d#h^&qEZ_KRP<pgY=!(n}Kit
zZ+{uSITCzlVnX1%r@KyJeSGYwA<Cw8#^_M{Lfhux8yyb5zv552t0Vf8zCW1wlWtVJ
znKpEzM0P4xLu6&X5c#1+d`uZk@i8Yx@h2U;<}<~g6vg_2wF-~0NDWta&@?>B*VK5l
z=uhy|AliN>>IXBj|7Y6y^ix+lD04gFpu9Oq8I+GxLOlr{d$pNCdHYlte%_M5;?P0i
z<mdH@@6j*`ykQ7lbi^Qqrcp5n_Eg;YN;BZKITcR6Z_!_I)eRJX54F+yE56u;0(P_m
z0`|ZS3Sf(F3iVVR-5g*KiDB^8qQBy$ffTNCL&!WsRSlEc$0BGy4pcxpFe=nj@%8^S
z16q}!Ixo>Wf5kZxTn$n5VguX+{^H|!#cwhC<Byy6S4^jnyWfe?kpE;MM6YQ6T*-gW
z#lf`RIUv|>WHiV)+S`fZsA~tJR=hVLpjNCM8G54R@qagir4LVD$$3nEq<KI%fA1g9
z$Xlpp3Y&YhmiuI#3_~X^`YZpGM8~5{@`oAvQIP&;q=>k;Jz9z0Oj10RKOPb4sr=Z>
z&CUN4Vc=`gpJ=EA-;roZ|NAgV|C8YRDh91?`Xt4ZsN;xGPok=qnt?Am2)@?&%dhHB
z;p->Ccjf~ve5)7=-`z39Dt%Y~fT#TY;h~=L!<vIIFVvr?Mg9IvKMEg4aVB!$2U<Ds
zOh*de{RU!%F6kHWl>h$5P*3^77n^~v?3l`*h|uI`@I{WFsB$OzH+8+a{(P0%Q^GSa
z;7)`lq-|9JXPx_{68E=J`%ie@IHoC4bxpkDBQZ*HCwitz?X%!XJ{f$k3>KWNYN~<y
z#EktjTH}ZGs<x@2suJHFrQdp25oeazuc4&qr~VY(Ix6j>MB$D@e~M&WubCmyy?&3=
zF;9O$UHM{<?VzT!${lhE;{T$r5Aig(J-kcMQ?)ARhpzIlQ2Cd3s#}uMDTKy@*D|U)
z^{<2g{w_-XH5a2aXgG06Q{paFi7iJY|Cb#a|CiP1d2;3g^-6goO5@`~B7OvF+g}+#
z>Y^iI`<VP^lYPvT+Ru#A_}CDP52Zdf-JF#;MA&)hGL%ZD;Q6+aN6<?bgZB2-HtiGC
z=cdoEks9Z!|D6j*Pn~E-sJ{~}IQZ>It;f{&XDLd&kt&qfH;B7V(}o=ChV1_p<LLLX
z8-LO`;fzA3pR<zl&YM4J+>&}>nw`2VjrC~DHKK#gw(}H*2Y%8x5*@*`UFT@I-y<{*
zR^1Vu3(inf?}*T#x(<i>OA6=pYqe?JFzsE*0qJFJowW$(_jMAS+O$=eW~>WK41+E;
zNenktORh&RD6U6Q?IZ;|TC;A(RySG6`9r};*UCwILXwnH-!xt7&8AB|9Y|7fN|nD4
z($(6x1Jf<H>1IZUIw$oHcIr{ncDv>he-Cz}Q72Y5kx2c$n=AQ3bBT{Pmv~2WiQ}6~
zytcW-=;jiIgUuv<*IeSq%_TnDT%x^+M1tEH&6OP8Tw<St)P-o|HyRhBJ2$Ibh_<2k
zQzT^ogTFr~iwxq~vy={#zoRSNj>c{}F{f7DjJWX^&Fjb7*VnbLh1%B@+SkXluX)<n
z>Dt#U?dvG*Yk%#lN&6b3eXTp7dG%>uf6>1FpnWaYzJ8*8eM9^DtoHRO?dwAA>pj}n
zT<z-w?dwh2*Cg$0Pwi_v?Q8x1W(e=s{lp*alcZ38u!Y_ZM1Wzo_tc569i?RU<9ZF5
zUD~7}vk1ElNo@Ta=&6<wH(VyP`8Bk3p|<q;;L_+NH+b^pZc;fu+TVM)P8?E0U~C@-
z#-IM#K_}{HAAJ2o{op?NXEOrsk$tG|()+ybIxs(R!2xrk(8oYRFx-ak`wkzB{^)eP
z4zJ%@)c@dK^6mJc>VtbPZUF(~bI>Uc-hp0lP;-)RgnVC^d|ww+P@>2Cy?h-|Up%;%
zreh_6QU^XvL}`O8fktfq)wars03+i*18Gtg1SUZOhIzV3M{W+2k^(S|3&3PcOj=QY
zP=_~LZ`Gk~;PYP6rga)>qLH*&TOx~!X$mT=xSTow<b9`6V!5uOCjoZfb|SRo91;)i
zWeUbd5b?_1UAZ3>R^ws9q6h@r(NVij9n4J3VO?A9Qr}Ug#!sa#41Q>zDCmK%Fzzu>
z?}~c7;N3A9A(T5371|N}k%Ns<_$lOgFQ{wmhdt5y=b3<V58l>Z$Q=?=zd-W95jcoZ
zmMFjqywRUePtXx~pH2a(M@t0mdJt$1?mZa28ZwEe@g@2xB|rM<g^ZE=jz(JKZY(lI
zzVC`4z1yN!;{!;aE+PHtml~CN_QuYFVu6d|W=E4=8fh<)(O2oHZaDl^oP`@r(k#po
zv(T5X5L>SF#j7Y+%x_Tn&tUqefpkE<xK^F6z_D|h8jjsj!Eh8dQps_aPuf$;5tpj_
z@tmgoYHfMS3r3Ew=|=VM96tI&58wqWG`@HAUSw^2ioiXP^sc(pN|q~Mo~pW5(NhV-
zrpNp3OPG}%i0Ark(GQJJ&{@`fhu1Dav2qMACf%pKPLF|l*U{2=bz(VFumg*4k{e>V
zbM%(Ud*;OG*lTL#3p0&6wzP2stN%7rU#`AKb3B_|iPu1~G28U#$(59>*8-yOz$53G
zJ7V)<p%d5CurSN=uLZ^!yZKkpEC25p5eJjDFrNMJ>w<EBAX?e(pDN!+`n0bWUFAjE
z)-CJW=<t?50D&EVclLp}EntE1Pyn*+hMw<+zx&}Y{x5^f(Kk#**IW9#zv}mO^!H{Y
z(|G!OCw%YLTlKp~;P>Wb4$S%L7dZO2?V$f>Lh0MKLND<S%guQCAR6%Ayah|$QH|Xz
zL)NqMmIP^?Fm}6xR<IBL<86gIDG0RS{py0s{gg@P;M-aFTP`(5@|x9o@dizJ*@n32
zLK5yQEhASR!q*a1N&@$_()&#}2kz};+%F^FTTw?}o<eTr|J3aFKY7Ore@>ZBw|o>v
zpVIGPSNIzt%kuuL$Im>2VM7$+bh4!<N8pv5F%?JvKVfePRCAf>vA5-5_iv3omqV}_
zyWO0i^Bt5^$4IGVQtAir*SCrGXy!KGTGa%=D{wuP_WvS*|I?fhrZ24P)F^SBA43iL
zzkBi()>Sd8Nf@!Q2|38K{3?Dhmsz%%tGr&Pb1pBf=>bdUB6@H2TnQ%`5>68IHDfVq
z$a2WDY)NT#4*<Zw+!+Iu@bEV5Jpc>68w?FV=SIPw3(#I0?A&3R)R`vLPoYUC;jgb8
zk}hDkH)3^uyo=QSIiyB!ostj)noH<O0y(>CgeO0CmGq?T10WOxtnw8oBrfo)Sq!;<
zbl+vw{pPSl#Oj=osiahhFDvApOuT#`6aHhqhJ*XU+-LkaRI7?lU9zqCV+{XeWVyED
zNB`4a;7j5m343rvxHIII=-FcJ8;E8pi*k=W-<e!pj}d!_br3J7Kg?D{C6ZRwQ3gcQ
zNWdJlGU7*n&M=JTmz7-Ns&3<|Y2%26Y7#9Zx;o26VjOwXJ?ss%W=9O(F`CJh%qkPE
zZRn(%TbNv8O|4{}FY#tN^)x<siD6TqKTFp)*B>M4&j59QEYl&!?rAK)+`w|*vHT(f
zn|jIKDJ%JybNoR2HG+F>8OAL#vD^)oZwQPP8Ahz9BE!%|M?$kmm*q?K<yyH0Qt6*G
zq!?B#)!GHBv~s(+@9aH=L9||6?hT~xG(JO_t3ERSI+oAU*|;M%?leHn@@YwdNEZHT
zIgVB!sDt{xT1&2l+l}EcY#fcX$UkDR@%JRMwlN^E*wa}4QGn&Ny|Z(vZlJv{)GxgG
zB>|<gm5WQv;((4UvPBrf00kN$?OLVsH<9w!AbcD-?*f&uJp6(w*qb);r{hiE2W;vC
z2FF*vH8OzMKnHETn)TGxn3I2(%^PdVh6Ry3J2@|Eg-yQ=V=YPa>#2fHc(&WeWbzY}
zGRI6Dv^3e8S7LFM=-JZhXf|?U0$Y)WLKzIr#3XJQ%jE!NuqFw9DDT*s9N@3q4t_?`
zm>GkXj$`vSV>FteO1K$GtmmRV!Lxl?99uz(RHTuhh%C3j7^s(2iS_eSOiYp9{4kB@
z=FO>e*2ORdFJjk|t6ah`)>Wzp;<v0P{Gzy|_=oSm|K4|vf`j6cOzvCEG+;B!eDX6}
zdg{8&)Xh)!&+vA2vfLC?rZ*}F8i1P2F^hJ<)VQ=a%TtxfWI?%-vO)`y6!53iU+*n?
zmYV@ES@d4E(pejm-;w2ZSjgSdBAy<_K%ZNb`QW+e=*sdFP0kdZ{W{j0LkkxVb2Z*?
zzs}XT$k9>giL;4hnPWF7{l)>{CYpr$MkUp8ME*)BoZjaPNlcN^SvS?*!C5!O-j?Og
zl6Xe^6xOmX0cVic8i~n$urN1;Wx4ao+p&^Nu3S9WAjzwcE5foa9`gJ4%+<uhq)qpc
zVRtUp&w+V-4}fLiN|H;mJSB_U1>h+Q#6yc9@Q)!;;}-XF)x<2@%kndTP@SXaIQFne
z98jOHOe69EaWHPYd^?x*#=bKd1R<_L4kpKE7+f{_<s<pk7-eQf9bRp`yg&5HH71A4
zFyzPaku1<RtD$dxmXY-waFod*c=%Z+-)Yr;yk|btr4PiP;};qUWM??iiZG9i&O#H;
z>^ZpJe1xC%QgwwS|F~$!cP<j$K=0dJHdlSWG_Y}x-x23aQ1G(csIzwhHfF-H^!V-3
zuJJ?dLYXq3{EptfzAE~Gd4icw2QvFq^UZMqM#vag&m?|n#pqvjX#sYb4*wrCvfj)#
zdNx(aAH!#ufI$IUTw(yW$VQF<&L}+g6NcG~wCSta$P7cdPG{5S83K$_f{&kSf*CKc
zp5N_*2>t1Q$0}=BehkLB%YGr21k3A#OAj~C=zCu3_eK(I28G}sd^;htFl{yDtcav*
zXof-hOO~{X3=`6m?<t^Trl_r#UF)pvzbMw6X}=~}nTPB2PzI}JcM7g*y>dT!(G0ye
zoipp17fM`54#AXQp5Gi($rMTRDi_xg8rg{D3oz^iO9h;Ml)#_EPiZR$MW(I%z@S$m
zH>v33MFg(A01N4g@#%ljNHV(8kN^lH02c721SemRK$R1FCd=P!gw@9Y{D@C8dA2X^
z2cI3?eDN4}ugcyPzq(H8F|W~;LdO}t8F4<#{i`S#hOOx2_z5Id6N$NaNuDOc%HQcA
zEVOc4S>A)Wt@?w${$#u`dM6N`s|-3zk}_A`(+wVPV{fgg2km1snWF0`QXD&2el_W?
zC(vD(2>#Wy#~#vSGWnCMd>=^namxfF(KF2FuXIu%Bbd~KyIT`b>bc+=W6K|aGd9x$
zR3zY(CHP7+BJ9zKfCwcZBAJ&q?xgS`PDjAnNu0<yvDf+b)3}H3L>bXzSbnk=(H~)v
zuD(y_76P7MQQ`SDf@j~0f%#M6PLwh1dkW{Tc0N;nINfod!pn<t^v=3D_B)+*58H1M
zY<Nd3;5V;wai+{W$H;7(pOQ3Y%Aln;uz97hAcZWAQ<5rl(FDUeM&-W#z<LmYaZD$g
zeCy|G<P+{Z>mB)9RXi2F8c<3~(TI{sC`uk>xkJLCxgB))_dXvbkjJzH(hu?c|C>HQ
z9!(0!qwRrSQY3m23eR`a3GHkAer_{HVO%z!<?}({nqmM^f*o*<O)Y(L0Y>itBwU<m
zjIu{NQxferyXs<=rLybhOtei&x7g;escjqsnW6~>myl>4lONBn*AwjO3@o#zbRpwh
z7IU*bSs8C(GHz3G6VqhAA`KPPy8M0LVHkf5<ddf3Cqhd10hJ)#a1&V+aE>EX-q^Sw
z;&m!H2j!a}v4%BPq?x)QJpe&KzQ4VQ^aD%i=xL5eSZ_LMh$%|fyGtDRf!F|@GFX_^
zC63;%6MB1h%*qsXcAd&_)={>S$xMJIyCprItXpr#y1k#T)MJQpmCRSvE@d0z{)lkf
z%_(f^dB<-wF8To*w-?qcZ#r3*nc{Rk6{hm<Fwe2y1+q+X6-qNBDIUBXs=T(9m8sw6
zZzXUPN4QJui~@9V1Qg2PzNI42q8(m#le4yG{>!x3c3*`Ik9iK`83QmTZ%>_)!aVJu
zvd%CYAGeLb1M|Rl9O%x*PfCL6!RHUk24VE3On&OH)E}8=YOx<p&ldC{vjKuLxf~M?
zViwvwF>b4kPdD-D3Hpg_>N&>y0e;Eb2envBk4D=f=OkDwGUQq;6_Hp?HkV<va2X~#
zY10|c4<NXJ9y2FRE04_riOI(8FSe1fEfxOrhu?1n-GCOe?_s$)Y1y6w_I~`tlra;{
zOZx))hOv3upuCNX`*s#LF$FuW$nVJqX5l*kY~a(4;v^zL9uN^x$t5KCvo~jxv#uxe
z^li9FyBjTL>iK`GCD)dB%Bug9C@HC@8J9>PgB9U|FQrhL-gLe)?$v~9kaMk;=619^
zw{gnD{AQkhk04bb(|o{QShFLSt+zNY&vAU=T%w=j_{g~=BG>Vb&ATu%JN3^+uO)By
z4N}FYPTypX&VSsSzMTcpn=L&YWp$P7S$!$wW!w)#cPva%cW-*7IVOK6X7L@6_<qZb
zL|R(K@&16nuquY9leYglwBNy-{vK8?E`hAr^3#8y7`>vFV4>h7ya3N;Jiij*nqUZ&
zRVoPdQQ>Fh9nrd#uOfDA+y!wz<dy)Gzzq*4@QkmO^+Xd*(TE&P!<-GsoG%I8E|GA)
z4@kI~lz$VjmV}H1n9n7OOv}%+Rb<$xVt+{Z@3jE*Je!r<f|gHD=P06|Lv^S%0*CED
z+F(5Yiy=~sI@&4Xn>&Ha$su9PKz!MX%K;EE&_8#`nKHqCpO8+J{4BCiyvG~7w;XoW
z>5(6INMw1U0~%4UX1S<Dmdn+l)d2w^my+<)QpQX(Gv0^Ebe|0Lf1U`{QRld6DdO#_
z@e?Ma<1RFV5jN1j>(oD3Z}ihoChPdgNic*}Z0V6`R=;`7<Ux#A+yqK-UMUL{rEr9d
z07rlVuyXQK4Hdfn@UEW*y3RtA=xbEjx3J4AJLw46WIaNVD;fhJf87`iGWHC?UV|x6
zycSmsex3=d0Il8X_?n-V<Edgi-nP^V?ao)#H!q~V<n2%!Q<SB130AW{-^jYQ!uNS5
zVZjZArLcV0#NsFkRx^olAC)LhL!=c=Ad2cxrU0+tV>kFQ3VZ?lV%BVCTo}w1gI^yK
z$o;eYGz#KqE8{tdzC@(`Lo7GV<a-WrNM072gqe_-yuJ83+9XH-Lirh~)q@DVD(hgH
z_1Zwz|HxTC56T)rvnB?zE|9Yp1ZCZGnPlx3$eJZ*y+cBJVmmr!;$#x)bOMykFgcg$
z@stLMjXEI$zfcTKFb`u2&ZC{*+pVodo<vWv`bvMby4^Xn-RlGG{%~4q_gI4##CtB$
z1e|U#OPncI#=Rh#j*;myE(wQ=uL;!Sk?VOSsGhh>q)9scHw&}ne0E$`pj$Sn6R>W&
z4NyO^OE3jw)529AQ3%>Q)`L|tMG@3$;j<0cY~#uil%=O}H6k3reXbs=1XzLLl4bZX
zyj#gKb_iP${(<S-k>Y_e*rfvAk4nHfepw6l$ofFNFW1u{xrY2LCEq+!T{lQ%>yayZ
z1tXGZ_|~aDgl_>7GAI)8W3H5+RF+atsn<CgM)wAM@lFCrCc}p;#?uQvh&N-k8A)R@
zfGZ6C2DySjELO*XBg_MikVQE{25^Kyi4|G8K}0l~KoJJ2AyC9zF3XhP0ULh_8|Mcl
z;%{3W;d(~G&RmO)0Kt28w7-v%Y&bkdca^<8T_&bc>&rsS51J-ZR5h2&=_Tf4G}mcK
zW2OOo4`6vBD}GX@k`*%&xM|^KMLf+dj#SmqU#TIjI<7S}VDH5XwSgL5-B2dg@ZA&1
z>KYX0IW38DO{~F{!A6N+s*3+lDL$xm#bZQ=s(Af+x%lAL6>lewQWYPqw0?8ziW|gB
zHG$$=mDX21-b&!tL2>7@2$+MTBXl~M(B6Qrw!CUOg{-B=K$6S@Nis80CN@h&RAM?V
zY7_7xqL-{3?mrW50n_hp^n0LXky8mrF3~A7I57RDoRVhETvhK)3iySs1HY4qE0kRP
z*>!U9bBkM5ysfz55+(RF%Bv;^*xJXU1mIQ`em5vB{M5P@4B|}XoIbWw6GM4Bnfw?J
z!<AxUJo9SMHB>(Lo|Sw|9A7VE5YU&Ah*DT!r9}KOqQa!bJe)J$EPW=wFe#Itmx6^d
z`8-x=M+zc$vD$m$x{FgclY?B`yp&8Xj}-+R8Tgou@O*GFu$I4mQM;A{9|iG%D<v?%
zqHY5e@q&b+|6U?2G*ZL;2s0H-8p&-xI#Fgq)xxTyopf`x_WRs`wQ8aXL~>)6yNYpt
ztcdY5@MDf19y(0%yn@nm7Rt$0HgD`}^OJQH&)m5IJGgD7LcD(4jv9R>Ml$wxuv)$5
z?JUn^rhvM+Y&usC+Tzb3K~kF+DVLdYi{5dJ4)xMwYMXx0_})l5xY(!^mh^!fz3)Ac
zOF_LQ5zzta2nA}3vu2SaFUxy-rNvnft6T<T5bE$=bI_u>QqZy)??ZmV`<mKH*v_~o
zqsqh-9{^4`JirMvxtV02g2a=yIO`TMo?~dUcGlzp%27a@VM{LIA3@3O`4Vnoj&KXc
zl~|aA#_`Rbi}oJHBc&B<-3h;+o0lW?taya<8Sh8+oeUi>vP(20RLqz5@?hCEXQeUE
zm%B@t=S$NJKRO;U4<Y*6QFwQ6x2OB=4AcqpZwS>fgya)QS&=A@k7fB>6YHG`ix24K
zSeZFXs%)Hjh<&tqsy)g)#nHz3gg(nY2n*XUVByVZ2m26pggc0i5J#;rV{rqC44N#)
z+Yi9vXVN)-Mp552y1(NGmY-^LJrNh<C<6g|KrRcTK#aA%FND3-ophT0zXq9Lohg&-
zvjLZ>2*SDZvJ7E2<NJ<AS$+Tz0k>$1=FSukfLcIR5z~*Oe+ztpsV}^(<aO+#TXnKs
zP}0kNuTnb4>2h&m=O{-%e#-O}wK|}M{6riMuSL&IoQ|6h6YRaX$<t@a`%7q#nP6|5
zTr!K)M=Tt`vY*i3<}iTB9D!?mu`ImwAxaTU<8tAt6S9<&W$&3>axnuMeV<=A-Fvg&
z_j*9zAdCVe?n4wl&3uOG?45)L6y|B%RPauE9gQevXWb)=yGsOZvA&+#7XV8!u9O=Y
z_k*Zu5;4T!tW9U!oh2)^joS-D=$*9DS*r(q7rr{{Y>fLk@*|h=e5gm-Lu2K9#=ScN
zzuFnk3;F;jVTxG2vlc$aN05&Zl6^A*b!GQ;QCQ?*#+`@TBKI64c21xu(hmc(@&Gne
z3kzM9K42~ZC5~urFGXtYI05DXeFMd<LdPPq@-_pjwQ?C`)g&zU41%JtTpJg6jwnwC
zQAd<Wo$#GcvA;+d@th_q*Ss`pj}EN3Z}_yPo9ZJ{(F|g`*#(P1S^$%C6?-&4nJB!x
z&O5zRTW%WbOqtJk9!DF(V*LY*=MnNN0#xmLC1vF%siB*shVp4c#APe6KSu3I?S0Dl
z#tP3ILo)#5i6aWq76Y}~srMhC$%h%wQKD7Q9X9c2wLcfj=cnNYYkR(<XS+SwRco>j
za@J)q?k~vjFV=gf0Kr8w1tnw&8T;V~RFAf^c^y`<`da^C{#Fy{&45YnTW2j4dy<T5
zrhN+<rT*CvfS;?xFHgXi^<;8*7e~M<!E#GXL?|din@Qe&7&B^en-ws*O-mx10?(s8
zxgrvowME(hvT&1)R#+i{5TR=|VjR|v7IEJj>#?lw<@LB><onlp+)eWF+zy1{;$?OJ
zHM9)lG|eACm2f8!<+n=HhxPo<xDz4WSqpkaZ@M~3GCeWsGw!i^iRd4ehIam8O84bb
z9n8w3IQ&TW`x^t|iL_vjXc7fL=a!1d31kAyGg_e2NbdjagcvTuaTnvUTZK$9LSnTq
z_D=fASsTR^9G8aP`(UN2p)uiCW}I9E-S%FvI<^h0j@<pQI4&@WU({2b1{%ak^#R^Y
z2FQn3#Q!Tq_gbJwsRaOupfKc*hV~-?84?JBi6}-3)5J$8t|RG2h3Kd9S_Il8GEAb-
zNGjKp%FhyMZf>DvhGZd=wl0!FmQGW02`-trj2mri%kMPb%(&YC8JMRro*_6qPw4H8
z`%APjUld*y=o&-T9#GL|>SezjjUNo-c_WH&%_JN3H$lUgWlq`LLi6p6XD^|nfO+0L
zk#R=>#hIrw?#r~D-O-5LE!m!9jQdf-qOzbtprU&sWE#wssAwVM-a}aDJ&gOANV=4_
z@heMTM;>(i39jk}#?u2TwYbcQk&HVxDiq}3Bhd_bgv6&8KbGW;;7r>hX}<!U61iH9
z{p*adxK=_^7D1Ay8U}{+<Q?c7pPMo!7Z~q<$TE|yFy6#-TrM(R?=4>?Z+F(|^Se-5
zKLgsbNx*o0#B`;FX0!w{k<kGv$gTqHu7kuVMV1-iXbnLLpOrKw3;0JAA|S64r&?AL
zu>pFcGqU>V*vMR<ZbX5uB3)8>(~TABCS(lKG7b2Jnq66Jq`H@N4N@;lb%9>4)iv2m
z=p*yA3C-}^#YBHVUpXVZO9x+UY#?q>LQ)Olvn1Q&w|6HX*tk*~SBFVUe<4ZE`e{HX
zdP*luk;z$~#kjA5_iPk?C@@PC1At_66{uPeSWNB%j@ioiStThF^`Ru$sOPnVo(V`K
z26Ewnt^_<Ju6;Q5&Io%BA{1Mt#@z?(>#fE9NCV!#1r_<7^_liZypt=r{mB=zxf*Bf
z^~}@H=!h+rY&;+m(%csr4}-iCyYe)yMD;Mge!vM>5A%XUfdYFqjr7XTxTliL*^I~P
zm-%9rNr`XF6r~~YxT+7Cr#l`Lb_+5J8P9s$=h)du^R35?vkh4UsQ_FByYsZ`gkJoI
zU(ySeAzyPWP(!|IorOL_G4V^OK4Hm4lF#?N?9YQ@PHsTV`Ap{c|8AtC`@{jt@ynQ%
z#BNFG3E2G;je%}qz8eFA8e`!j<w;$Db4ns=J5m7I3SvtS1EbCcQnt_)AuFjuKM{Z2
zX0ma&8O1-KHevbhPV)V`*_=6%pf!?A*5B<NajqF{-26mXGSOZoF(64a(4&)@k)T{(
zubTf>oT09i0gUHWa&(mn@nT`Ugiq4Oiw$zu=<MDD6h-DRAWn?e_-xaqm1e6vK%^J<
zT^N>G>hcPm++{M4592(J8kV4=o!66jY?0=%#aLmX#;=P?{MqCxvEOAf5Y#Vj{sF)2
z7bo59{%xJK=o}!ueN-B@Y1L$$#rKFAT70XHejY?&^gMt>_SI$0W*X9mv=VU_gu82r
zrvc+`uP5`#bHM(@#Vn)VVP}iuN&a5CP1peos7zk=n5%X~KEuMa-+6@foM$`{dUCYF
zF^Zs^)P$TTs4#ExP7WzrK*(KogjDDlbbNP-{e(HoegslU@jz|7!3E-h8}<ME2VJ!h
z=m(mH%{q<~zk0$5?mVxoJ1L$6j`q0PL{R^XS(5q{DXCv&dx(6E@~@SXI^emP>`oq=
zH5=Ne`j<<LL+Ia7ptrBaBEF|(x<xV+_bK-d6G_@rW$({NxM~df!(26Om;&NgCFor>
zdO!m|)r3xklD<Udx0t5z-{gy~nvrSD>T<$K<`xoC#$<(*hie>urSasauwF}7ZX&Dr
z%K^_CMyC2i#>1+VAP}&1jC+(`qXFqjegTDvX9ki|x58+WACEDf7*vR+?Ll8;J@ZVx
zPSz@+p3^vz-l?#%;0NFucnl`fI}@<D-9nUi#{DgPGAA+~5m0X-@&<6&`B7x=+-;7c
ziEkqtBzr0RY!gf_n|E3SnPAhR<OybR`69yd6$}2j1$afSDH{zYd&#Q&ZE>2!I`{6z
zsY0m2lI1zTth$@5dYENAVssUm8(R4q(PZxuKvA0BC0NWO7v;~ARdY#Ssk7LZIP0c5
zP70j}=iMT61`MKN%iBxY43&^)2PEVy+?OY|)Vkf&mYM+_*oVSIccfM*gH+mQw;UJ6
z+pV_0cBhAY2goAK6YY!5)9rSU+xie*vN?HsF&-`Rtt%9k{7H<QT?j5V`~D}<Em7#)
zKT>HflJ+>_VW=(AZiD&^APagvjiC5@sX?yPis-t_A1rUtbRS3TU<bqzs{K!tE!Ru3
z<!2E@wtT!^u5J=m*9nbcYY!7BJ5VUa2AEI6oAg^p>6?h(yoU*!12hYpcM(pva-Mq8
zx>L1i33nYPQc^VTUA32L!A(x#zCTFKU8QfU@Y}SG#27V9`nCkV6)(c^>9w13{Yc4C
z6?dDUQ(N@3Q{Pa5net!k6wXr7jK%NA;s+?0?kx?P;;W_NURwNKr8tAd8<44A6keCg
zuB5Mp((B{esveZ8x|>$jOQ{MkloLOP%)+7zq{H2$&b<cTT%`;*g%!-zBqc^lag&sG
zm~t&mX(y#Ti1l=&-(sb2x8gU9PXXULOW)Fo4y~gO`o69iOi@&X6($wB*O(LS?X6s8
zCRdh~TDJU{jr*C~52I-ra6ovg3T@K4AZe6l>o?<6CJcEHu7KR-06kf`?P7}ReFIt#
z#ftg>|3r%HUQ2KwS{vl=8-`-O*Oh$Of;fz>yuw!$W#Tw#ZGA_2e@J?Nu`W;@z86UE
zc+f3qeWjey270-kDp|xHMii|{dQ_v`lZeIPcKbs@$**JyN4_-8mC~Pae?s`*LX&0v
zSgfw7I}y}G!e&79bdxG4=zZ6y<P&u1;Yxw!BiWN|$gbU0j^kO$B{r@^vICN)e^MCS
zG{Vx5dfH3W6RDRs*Y{nbV9~8WnP1dpIX;%Pe^RZ=ev}gjD_$Eu$1q?TEI`B76I$?&
zZ4V6V!vB~TOX6T%XFS(Rp2nnK0Oz~7e371FH%ao`LhPSq{Wz&-Owp~-U^(FjbESO}
z?3Bu1mH2yM&Z!{Z-cE1aKx6!5YCq$?9dI5ym05`<tIe6*k7%$e|4H3NG2XAT`y3M9
zt<j|F{qkP%LX-GDK$2YL`!LA=g=qK0pDn^{1HLLD^&<WS1sTu3n&;ZnsXG}{fU7<d
z(vPPC+s<yitY(AW;fWv;OSSCN60nawp<lqbUywL&@rgkBOccaHBD;}suOgz^2*&+C
zbebs`NM46C9@NMzC|2W*BknG^+^>q&(>r*^L?Zvg^=A~VTtq8rAz7~<W88_z!xuRI
zPtj*1{i@BgGdLU0=+U2E_P;Aik3bCE6G_+k53xKD^J~Zx+XDJIG?p?epHZX<;NC=-
zmi*>d)Z&2$`=cO#^SMc5atAG)Ys)*rzC_GTxHWmNYHKo=Y)!Ty`~kWrmcl5RAAnWN
z&UkjA{ptz*e8%%_Bh|-2!b6n^65WGQtsAYgw}Tw$OQa{7rzHQW{jOxSUhGYnkIwvv
z<25J)bZc)6X!&A)`FyOB|ASp5zm=bkd!@bjbfZg%&}XqsQ6y4E6nd%g4|cV<8uTDe
z5eaNB4wI_^hUno4@+*?@%mr+iA7wm^2=EfUgYis9{c{PLWhc?&O2UE$X>r^t+$;Yq
z7jAC|xG^O7aTc5}Hp}$$J-(kR9;2g%+>gJfd$yzLyDz>_ttNfiR%PwLZ>35v9pB4x
ziem5Br>xY%Nku&e;<nGXaUxbDX|}!%$Ty)+FjnUq<vs}#>wRS(h3F=wP2c}vezFIM
z8RkhQm}Dh`I9DZqsNp}`2D6@0!7pt5j#f`$DHU(<2l^2yoiT%9eWF2aA2DFpV68$M
z$)*PBel-w{J*Cq6aFTkCsNfc>B>g-KZL-hfs`h*Xv3~*?EU-Ude#m}rR`T!8F$*2p
zfQlT)L_~wbg0-c#A+SM7`$sIutf^AZ_1}?Jd@s>`fX$KUY6rmna5+dmn@Pd(Z3H?T
zouPNUAc;#3GP=+#V#nu_&TEl9eYC^pG47?fR*jj<xc@CNtXN_MC<mxrHIP1naF%-*
z&;RLlbO_zMq(+a{kwGV8eO`e%`&)|d6bav7%ja_x3GN$7f|CcBjNH?DnjN{X8Nfli
zC~y-`4o=3R481uY=K4QCQG)m4IZ|7<P?&K#+`5N=O_fX|S$*P(cC&z9THvgEfbm3L
zCOaO$C~E8JIL4E8zEs?PStiSCrKyJT3Iim~c)BSzAPTT2DumRgZYM>=Q-sE`ncWJt
ze~03tOwlhBHnx>8F%a>*InOxj^o!cNggmpJDUf9n*UzL&iap?qYWn_<M%2@wUzkyR
zOy)<Jr4X`+2kPa0oi393T7&60X<&Yqd=YTBILkx?Eag0gh5JJ`XNT?rgItQ<_>vhf
zEoGQvnD2?O`@NQJ%6{)4-0MYTW~L<A&6)f|wu&s9Z25Y*1`nt`WRtdcHwL?aIwsTY
zUE*Y~SgiP{MBkpdh4MZWT9XU`zkCxpQn)?2ia<llil0`1IP2T2@lmkMuyX!@lj{X5
z_X~F0Ri{T+*Q}lwx#@`pi|Yg)P|0M9I$B)ieIYTc=kFHR@dk@)Yae*)`8)h}ZH*H;
zeorO%i#nZ7w$Dw_TLC_cvldp_|6z;HT2Q{b>dCLkjJp>S>N3zq?dSw(C2Q*hy?HU+
zFW@#yr+_@Y$f_}sjWNSZE?Mbk*en$jZPa4x2S7Ur+2}a~KVXP0+zcBz%48**30aP=
zWZF$3)Hl(DrzNOg3ZhE8jezn!w#1!A6hhsCqa3M^ZmoZB1<csIcNry=2&V6-P09$9
z<RT1%-ti%HZGzqCd#lh@)01&m5Jp{Qw5I-If0pHY^T1ttG43~X$X$9n4pc<;MP=d_
zx!p``*ykbkEO>8|$z4p|E<T3$W8ixyAhK*(Q<c_lb3Wr4hMp3bA0ZxoD6lN{fCLE(
zjHjJ6m5XyEOo%;I>j_ki7!so;J8wl~AAB7ruNxJSID?2&hO+-oghKnh%ezpA*y+mA
zz`N%bnrAvPr;!inJq;iEIW}p`SnkP0gYX}`bB=!!4@J)~adT|W(OHgb<r;|JGdY(i
zF03MQhPZ@W?vE$5j!=6a9!r`=eX}1)3pZV{*X}3rn|vCZJL(%GpU>G|Je1JSN#WTo
z%6#pM^Oe~Bps@W0Ozq-V95B8MnW0l;2W>Jxt=#;?G-`CiS-LZ@j~y~kyJJBzPlrnL
zRBQ)e2w9st(S0xN{@RM)1jwf9q&pEeyYP@=m3>4e{|TDJU?Fwf$hWg{yIi$7`OuY-
z`8^UqQDF0;USRcS{naeDF-hK6tMJIDrC6R;rrQ4b8ssQ;#TG#&AClQY#(fpmkzB=k
zaY5y5`0ykV8Q+sY9PaN)G=Tt{pp!-;iNz=>bJ6R*lf?O$aVQ+x6BDv<L-~sVbk9t#
zh=>w%3EE%98j0UI%Woo$pqcwDsiuaWYs@ivsvNyoP}2C$-p5Y58Y7qjGaxl}2jl)=
zDAtU=-HtsXUd$2Te<-(_C_sEcQaHGcQV$Dg=jd@j?2nK$7QxR%@L`hm9-;+b`~c&p
zW#gAjep3ozSkNcGqXS4Ju9|4Zy<jBH|LYic8&cFu8sL7iq(&t&?);&c2tO8#Qo}0&
z^JL5DCK9<=D9L41J_jmkM>;D!4?}BpJ(+0IG46;)v`u_Oj*+csXuzQ__#8p<_W9z2
zo;pi0df(c-OCo%O3T>QVMSpi!ncl{IM9-ku@eImZdcN!s<JKkNNvERWP!~C5_I-0_
zE-V`f?FCL=ye*%r2YBhYc>9b#(*rV&CQvMl5cZBC-Nwd!H!6B<=()G~c<${Z3fHfU
zdvhNG*A3Fyw;!(L?AtqPdO?RO#<Lv{UVys8&x~``w_yriz+iC)7|$EY3Uu<Ro#9A-
zUKSwp>QwY!o*Au6D)%6ONkZh9kYb*pI`v^6%szl-AApAcag2NR2q2Pr15nV=uoE~x
zRibcd7UKp%C(UdY`O!hhjx;3zvJ)t>+Y0kW2ar7&{kbTfo4|3OI0?r%4u1vD0Khol
zR?^vC%f|aC9C5y6SwCs2eOu}U#{Kf&(Ef+rRqfwH+mC5w`;T6C_3amTQ?>sXZNF>F
z?GyYjzvk-OPgJ)*owjdkW&fx3x%&3KT|?XN*2@0>9phiyC6xX;x3c{u*Is@552)LJ
zkhb5kmF>5Wzxwun?5t`(kG9{lmF+kD4eguN?JuJ38(Z7|o>$-gx=yP0AHK5r*W+)X
z|NiRs?X-QSwe#O}_3b}z3~j$tE8AcDH;jLqFzt6}W&1mNUw!-cGokd~qm}&c^S@#I
z4|P<vf2*_(x3c}L?pNQwqhsj&Yu8HrdwX1M`~2$*^lFL3#=V0dZ2Tug+N~gBIQ|oM
zfS~2vh)tUrcU}Jw@u_2fjrgRNy3ACJG85TISgBM5BGtS7LMpnqUx*wwj#e-ZWMC?_
zzluPL>(E7>za!CT<G%_5mj&6-{mgkhB{)BESaMZXvfn~IZ~3pN054eA$<81w2jYE&
z#Z{q~ydwB6EH~5OopcPnK8d?YHus%%=h19W8RMynLkNgA;HrxNBIt)dqCmN%$^!8&
z^H9Czjzp76<pCXx9|oDnL^(Rhx(nvZLiK8W99}Cl$Is&4zTU?#G<q)D`^xgRH=`O)
zo4cPQjhB&BhZuyp#sM14vHUcHdKeNY788VW0K)g7MhqS6jR*3ZMaeH(I5spOh7M`s
zo{Jz_e74h7$op1MOO08{7lrx_#Er-iBUTN>^ZMM+u9TsSXGL!;M9vp3!k>Ja$>O~g
z?<8^jLVRX20qq?iH*{seYdv+oE_D7_KzYha{gd%}&!W}uBeR~G_vPWZ40=~)>ionG
z%XZ7S^u`W`3M`vY3&Xxs{LB3>4fOv>>_4GnHuXFEYUq2aa?b~cr@l4%mxKpx|M7Hq
zauwa%UZc5S2W0zeLZ-noI)KZ<s2=SHx2Sp;hv4ACY(V8TMY1S-P3J@bofBlzTX9p<
zhS@~aY*`z37Bt;7ggzUH?sieUK_~m!W%4;jjG;N!RUgR|^gV-DYCodm_9LB?9*Jf;
zWp*6~UsyC*bRA~(+PVQ`MDu1k*}A5|bffK)WAh!UIl*<RC(NrwZ)qpa)WO)AEiui;
zt)=FQ?TqKE(|$j<7u~q6`mL^dJz5`g1-XpNr?<L(PZ0JDMzu}vI4UXqY63Vg7H_7<
zW5BY;ez#<qkl10X%@dyu(ous%CUB$##i#-*YA2|^I6-Rg{UWrggp6NbJj||uCy!o;
zHAtL1icHscVnT)H-o8OC>5I>GyUO)quEq6aVlROAvp8whV7<|8$0oxRNH;R>8+xnE
zO>dAcQBJg?juQ10!rRkj0LwGGDO`zEZGx&3NW|+t4;w%+{$>v8+q^cuVVd=@$@_K~
z_nO~erU&laxl%qv{5?|{&(z;!n&8s|J6Qj`Hi&<)bh~>9$&Fj#c;@IXvZ$pQ>4XI0
z=BFB+DS3`=xF6(T&{@h6;~E{wxHtA!A<REP#wl%*DKfZfAAkksdZ6FhJV!gSo#cN1
zdR3VvX_Aww`~~KaNmx5U+ImB9JkR3sS^x+5r=Ib+=$pZrGLG>q@`a_w(g6zX$!E+|
zG<fn0#SSi!z$=NLl4WG%a~!!-1Ml1DLoZJn_}^IEej<i(18GgUKxsh0zR}Eh?mTrB
z;~A!J-Xs}p+QDEpDJH4qAz^=#E}W_7uA~<E?HiCKJ8wQp03f1dqj|M0o>->S77>ut
zLjP^4KIp&r_xAsl{#wXG`cLGzK5e2y)#BI?`(G1sacsM*mP={Nh&g#dOzovv5CfOZ
zh@T36e>O@GQn75bZ?7fM;rq;pLN>BQW+Opzbu)DLSr^iWtKuVL7*9KaOgDHjGoFT%
zbibNVR!OE5&-*0h9j0vlNfc%8$IIAEHhuy8z6*$FB4Ix%kHR8<9XZkFU_AQkB%e#q
zrEBTdu*?uPq~m*?@_xHHz%6XtdEwvbWTL(u6Hk(TpN3@sw_UF=0M&A&qLOLp^uBS>
zUn5k6a=-41><96NtE3Zt6<YeyOZRR%-0k!#X#OFIv%cX0|AiLi*xJrlA;$s)FQ_4q
z>=~`K=lt2>>h;N9>h>jlzP0weld)Ide&6Nsf%cckjH7k!KhXB-+ka1&5Ym1t^m)?$
zXID#)(EfOJ{~w|48(P`^rK|0KHa{QN<32_IiBo_mra&xdo5kO243eW{IPBdtdrHSC
z9)|yAILHEuikV5Z3AXB*5M6&}w@{-2WjLtsETN*|5+OIV<mu=T^=K*0zEphU2p+`j
zW737rgg(BZ>U%w#7zfW)(?KXpeK@{(x#Ke`+3S{uBcE2TyBU#x2mO$7v+!Be`|~-5
zdVhMp>Z{WQ>8MlV=pZP<XJ9booi<R&jKb>pkn#JicgXn3yKP~R7uC0g^{8x2h_LnV
zYK^dUL#ys{W!!nySE)Z3ZF%<_Sl&c{=%xiC#GcSJ90v|v1sq}a+hMWq*f(StJh36e
zFq;m;Z1J{3RID;tT;nD(?i0qalJHx7R6}z<%+S2lCv3Uv`e^4vn38vfFZobhizO4o
zmps$E#geDu!j>En*8%}PH7snohg)uOarhRyw_I{u_>!NtTrw&yRCn96MAF?{oAts`
zhN^G#o~P;?r5Zd*IUnhGU~B34YVW_LWa{aRu9H`A=jDmouwrdNua?KZS6H0>(X+*p
zpN21aqUDl{!k7H4XNx+fxfkBajxw-bWzGdg?CtZR11-7(bdncGXUzE#$tfFlo6x^C
zYoR?=B@18K_*n?(0s6{+Tt#25SV~{*{}n`EjN8x%`VghD*6_)F4OhjlXB(KJ_TF1w
zCr7tmi@{aow{+)|H~14AhAi*=M1OYP?*y#L`!&XkL9NguiT>VY|KF>>NA_rup8A=>
z(o<~9C4cJ?wq#n%B|i^e^4;z&^S|&V*R@=7T#uj?4#>Xqg?OU#QJ)&2cMoOB`~OYv
zVfrwyTZ?^oqI=lhZ*RF|TKJM*wOq1I_>z-bF8RHjC17vp79vv&H#8~QiP3u`v#M&y
zmYpL*7G>Fpm-`9#2Wo6qUed_EfA6^Ec5RXKZtfZuhaY!o5r-?omwct=k~eqNTAv%?
zT}=6zVpL@Teib_?Bw#zK<TvB-?)Lj_sl<bj@i_4Wv+MT=$)!+SfM<qj<PXMuZ)e0&
zNrJ`Yk7C^8F^Q`a_Z>l5@Sa2?@g2pl7ViW<mzmf><c^_Hi)_k>{UE_r-<I(_uvao_
z@x!2i=XQ8?EjH;HPY(X79m{wo?xj{~Ja#&aarcGpo0A#Ou)Sed?z+y3`~^$NqHp?Y
z_}y#Dc^YZC$t2hOM=zAE(Ouip<>nPWSe$u4(hZun4{7C@)W0mx$kSs}sK~8ot|xX9
z&Gm<`O*+drRArqPMS^R#5<bSgX6IF{hgzAi>`~R4{ZlkW;*9?bnDj^P)U1kEpx@M2
zUCp}a?UQ>t{x9thxvr*N8+SsO`5)OeopBGU!s|DOGVUquaZ(e<>A*aUl=k<9)u=j2
zZq<=cB>8~I?p6>d>W^QUbUTIkJ!BazeAh%!G|BO)e=zRs7<5EPW!!h;kD7&!2gzZk
z+d<dT<9VtGont0;;6>7b3Sretem|aK3ROKAoof3>HPJS{qHJ^N9UTbQag82eV=}AN
zCg_vb<7s1n={|<IyE~WY7c!oHXXWEbac9F$@x>imP_d>kfi-4X`;bW_ZzPJNF9xja
z2+tk{qkHebnKiQWZ}B?e;>&)&IPNGyL0t2*xh-O67#4F5;~7p5{34|G-s1JrxeN^O
zMa&}PN~CfFy?JUV<N4YkA96!-_z2!yDU%(QEWf~rO%M7vp6^9B1(UBgxqopnjc1f*
z!ZR0g<QBoAuk^j1mHfNN@4)j`fUZlY$+<2&<N5uxjJTt?k(?y;>K`v@dzsuZ?6UH5
ztge}@yttRb4#lq>T3m}ZL%r$cnS*h#Xq-4gzm#C{5TNYhP(f%M|B1bJ;E5T)n}l~*
z^eSOl0qj3td1W);O>(Jxld*-gnK%4;1({zvPUz%QA)ZPnlobkPF9PWN1kh(jelj1E
z4gv8cmk3|$C{N7r$UM>hh>9P!UQfP?b;Uc<NTC(_yojsxBBMC{^p)ZB$y2S%PlzJ9
zgm_YkIC#agB=W0T9VCVbZ?q3fklF1t1UXwvR{ZML1&t`r(mLl$WTq!g%&b&+YY>kZ
zOv?-wM_wVpJwguYYMmL1h@2bNnL!-7@5<^gCt}Ym6W_&EH<5AYv_Toh@11mvdabE_
z)oLu9A6;H-phee?U<#c3a1MQI-FYP2vzc)}3a>7IBvVlM9r4DQc@`cy)fH)H2~xc|
z)hsttAmW~@LeF$kPPTx|$8?%`mgO+Vg1tl-v_Tzw7Yl&|8e8<D*f|U$+BSoTgL{x9
zGtr=&f|rfu{D|`3IK~}gK-RH2;H(oNJdEpBeH2r0=v$nG-5xs%WStlFZyJdpl$09U
zs!0jv!PoCyqb8<~&xhr1lMF${&JIaX7u)k(*kZqFS}UHfCETiig)MY67{pzr-POhB
zg>NfM17fj5+t%EF$?`59=w+XA)&>sr-gyuvr91^^_XWC>Pv;N&mn4#_Tt$pRU0WjP
zbv#Zv$bm4KOv3KAVW)Cso95P*l4pT-R^gSBp6$#tm&p~4FXq6j*MjsL#d<R%jK0qD
z`FJCn3e<~{v~6P|9H&`+ExBikJIi`5I{J!JBS}25)N*^YE%mUy8@jNNH8&NnaO4fP
z)KbS`64v1itUkgQ&&rpfFz$kF$h$!zg7vz7I{>v7-2g!?S@}pUuAvpe+EszvecRy0
z7h=_Rvi{!VV2I!p<Eo2f+&a8%9V9GI?4=+zR!F}tEQ&slRtYty!mOhkh$S}1C|--_
zm!%oy8CTyrHmF`*+tptg%lR24P(@$b3`DT|URhr{R@<H|Yx9={MEyw>8d1N0D{Nmq
zDy~A-=D(7MY0V#0VD0#fB6)jO!8h@v^44`Zxk`L`A33PLnDLbCmoFeL+D{I<lQm4}
zv`V6U#rX~?{{YY<S)*`_Pec3STl-rZ)=2DrUTVpG8x#^J?hhuK*lWTPO=Dyb(^%n)
zQ`5|-RoLwuqw5KD==vAo$Wsl@(c>78XP-($9QTYQu8R-vQ)&45Tal@YuMit~x`9p_
z>0}^PVPw7Kp=XqN;n{FGa5Qw}*4E(w&8vWiX@9gDWg<xBl8`2eY++<I$oKS7BBtG5
zP1#l=0_s`{vUQ(;v&$*rBUm+y6J-A9rMH#H$k#=p1psfP-4d1umq)aukC0u>bi5zZ
z-cEh8cWPjSZ-6{ve^}g8y%_M6d8V$+Pl7V>YY~(5hVLjg(u0hV^UkCTF^oxC4Y~HY
z4(rKVeLv1F-aDU+%?`HoNR%%bgy_3)qVcyHpc>ALc`)ueuu>a0!@zPWEI$gw1yaxF
zILTADKl!crcv-9GO#CIaOeg$=06&?SrUR}c``I(@cXk134}nSr|B6n!R@VF@iJ3tU
z?h2cMWCu(5;(1A25UVi@jn*P2)<N}eK=s0Z@bLmZp2f#M@lk+}r|_{9AB*v^5FZcY
z;{kZc+NogcfpY6%sBJ2yW#fazM+QE|;Ug6vBk(a49|Q4mJw6if(HkCkQrdG4FI^c7
zpbG~49*K`eCp>EL@drN6;NuiNj^m>m9|!R9Gd_0U<9mEm;A1mBHsWI)KEA-m$M|>;
zA8$E3g)$09a=;?Cd`UMoX?6uP3XfpP2k~()KJLQDET`r^3gsT@kZ9_jD*I!6dKAm;
z#2~`=@h_@^2;T;5AJkWg$m0^Zj3|~bz~!1F*;u@X4Fj)pAW4$%!kQAKI`WO&AL*JG
zrI%s@`??0;QO_bxB=)xSmgX|y-^)9x&S%rp`c`fiy|yyKB}BSvvhzVr>t@|Ygh%;u
zLz*8Z@+^5K%a;w+G^+0R@%CBrOTYo+8{{1}@4P1ccY<t7t0E+y!K?5eivDZull7MQ
z8`^*7Kxq4|^qV9w@cOIpn}qh0Rqe~?qML0$$ae>?zW?j~d;E(U&E{CNtl1EN%A<ND
zlowFN#;GImzP0(?O8!tysDMzl#((DeP$woiJK?+Hlm^v(0-_~wZ<My4w?pgcN9*Yq
z6vvR3vw5#)Zj0A_jUnW+z4H?ze1kOjwYs**U08WXH_6R5JM}mFXBMU?E>S{l)s>+3
zL&-kh=eB)+oxX?qC3*5H==<p2(Ds`=Zx=MbKWV(m_MMxEQxxNQE+S|n4IrDo7x%&D
zMOwbWyBCDJ>J)jq*?Sj)U~J!bb$0cgdqU@5E6(GSx#!Sdz5itQJ)z^%q(5;m|7*B<
z`gr%}(Eb~IgIm#myCtaaSMKjZHy!cjmP{14rRiNxRwm^_3$=TluU+u{9Uw&Ys|nb@
zq$=qBp*i|lVK!w093q&nEY&y3pTu#1>%yS?PlV<lNb?UA7uJ*ft+O$jWE*3QU%FSj
zmFC;e>spsz!n!z(=5JEvD9_R*ki2q1@%cJU{Fv73+bbHcOg|r5cLiqa+Z(SS^K9k*
zQz|`u57N_aCDIal(@)1z+_$VZcJz*T9sigSH*v@7iN0gN5F9;SHJzD)KKMnBw@c#`
zJVy>h@-7^IXI%p084wYmk1rMacn;I)1))f_<x!DIHvR*8xc5-Gi_kV(;ZjZ?uZd7<
zl`GRlXexs$2GD{7l;wD<PF{{(G)tExxo*517-Zb8(xf>goI@jnwuNz8a7hHaBZMxo
zF$y?sQHYE{;gWWM1U@6z#{s=}#@X!IAl(Zj^%1JUoA3^)dPwz?ZwT_9Q_B>dG2|Ym
z=g82y)O2&m{~RIFNKL0)F3B?Fk`3Yng04^tA!Ko&>i#ilytqnNb%Pm}rHsa4BzSC%
z%{MPMC=*wLCVuc06nvpE!12iaVVbc`V7W@#%>?lyl^oP`{p$uK$>WnWmy1N?tc%bE
z+LbUAA!Fz~1{REMr2N3;SAidlZ<!;|dc=W&I8Vy`VW?E4Xq2iXqEs<%A_ijox}6s8
z2dfg0z;{2=2cKc|lsIzn<Tf9HH;Z+YLM61ZGHZT(%*^tWO%)mB(5#Jro0@98#E?)k
zz&_1YGthpYt0uy}ByheJkHB*@C*Pa(9I&_JSEG&vwEr*Ev6564kIfN;dQ()lkFk7v
zrLLdqmAZUe)Cn&T;-?88*m!zIUu6YR*$XV>GFZWV4yz&=ZQjA#-|8WI{A7EVMv%o`
z<L^N3zzRL9ke%9KADzV%IV57meb?46xbGvDZTy2K3!klX)lRgt>;`!>$PKPiu!i<%
zgWg%qdMX`p>TT|lvkE#$H0NyoAtP4hs{kqD(eLA-uk`rIk`4i5X=o>GsrAH3cKBZw
z94vemxg^s&vTKfNYck;&wc);dKiY6B6rUHr{U28SA>Vc3WJ%3A5V9vZ{4efF_IdI<
z#K2ODfynUY;=ijo8TI05yn8?Y5hV_cWd_S_!zpRycGHzkwanT36_R`G7&nb;L~gA6
zJ+LSt@@}{svMO{4S$7g7#-yw}FNLf-vuKuCcpO5z?mT`vq=i7dQn`iMwD|16+CpY$
zA?|{>QU)@fFLctXqSX5+*$&VyCHJ?ulxW~=VkxmGOUaDDy_Buz^ZnHKDSHR6UK1~`
z>=t6HwIK@#lDEnHcTu7l(Is=`7nEks*vDn6rvHxCfT5AMwI~}`7mPA{zIGTD2}4>O
z|7d6)q3aT6$!pLoSc4F&&8|Twa1GJ}5jVd84bUz?4=d}TN{|aO>4Bt<cc!3&LN5>$
z>C!>$aa|KxG;h;S0HAAhlzpOtll^#R+x0b;)!EyVc&D6;X4M8SJ4HnwG}5W=PYkRA
zhlEv4RptDeTn{5rf&DS%J`?RckSl`uV5T^QA{fgl$0Q7gx@k4z7&pBIUNxocQ?%1*
z94$Uhyh-x!kz4$xS-ImLe{1B9AbR($B>ISEBD((>!XRWGB2M!EMfvIH7Re?^Zh12h
z_v?zveTq!B^Mjpqa|_k62o0{$H`@Cmhf-~ni2oKf@vr!FJRSvOHq(IKmyf8<M)hma
z-yd}Rt36K=kj>@!avWtgE7wR>p+E4}R|APuvs$3mgz>70l(j9n#Nza0+>J<`ZoPpF
z<JkAh<1yZv6r3XYfV;#o%EA;)Ft~(7^O*dB?0P*3ETA*6%$m}Ly)Z4toXNPeF`R*w
zac4zJ_ruz_OG3?EvG8~8S!mtr?a+qv3?g@Odu!l>w}Y<2ql0&PP;xDvmEgP>|Fptm
zf+sct!j|+4<gQ_XpDBT#Y0^&`@s}yc#SZ74!?;1m+0qlytT$>aMvh?z{K2}a&)U41
ziEY^dTWnmp)m2@?g3yC^m~tK?LRNY@(p9f#+&NH*H=_}+t}mD#fuh{9_7>-|_H%69
zMugLWZyj!D+&sBsAG)-*vVl~yw*h-`48y<F&xzIX<fn}%-&vmILKlJ<+!n2f`jg@k
zJBnS#;q{a-&-kE8NR-laT-2W?f+O>vMzW}EJWImfxauRIZ5y{4qhcj*ca>)fZRcZa
z1V$@YPVS!uD6IMl32+#$wit25p_i@}z->5?{O%&*4=#dWg_L6RzMVs`auN`n<EIEN
z_sqm!K+9z5t?(@HD}%6D`I+UE{;rh%7D|6#lK#FS{e4&Z`>FJI9sU(AJ>>VVSnBq-
z)#;YEt;ixXjm^vbkk9&tUU|hGl@8VdXjvtg%zU!hQ^hhjldVK9>l=2!F2Lc<rDP?@
zeFG2jy+k%92W(-vdp{L+5f9b1IpliaU$7#6HTJ07JrX;u^RGr^@VU<95)vTX#{K4t
zCih0O{OoN?=xoMAg{OP>&XQ%A+2p=y=W_k+<SHV@^A2vT{c&0HyM(!Bp8!nsW7)r(
z45P3sU%G+cW1!dCi?dMeEKEKCG}dko$U~RW%NFL=>M~bZg!tBFjAgz|f4k!gt9L?#
zL=7-3()dn@z~D7=^fb=O480Ud4QZk0vr<!QX;W=3k_iX|F9h^H^AN_fj|8Kgp!ep`
z!$iAvG*-zE@Yf{_Gsi$#rr-<G?s=u0!-g?YNP0eoGmBuolOnu1mCm{tmispUSJ}@8
z)(Y2VJ&pLX=&Y|CBiGPgi2c=ZhF2R15&GEy=Y`iEpgZ0-lax}S?*n8MB|-;q#7w-Z
z+&dvQ6d|$ZiS~5!bo;pEi-?6Tg)~0k*Ca&31c36^2ro+laCd=m4#0<>7M(TEvHwQm
z;9%Kzs4tGV{4#xikz!PQ57&`z^Ev@+72?{P$}qm|bd>~?pp{@S1YR=p^!DJzT?s!Y
zui9D3$IzZ6ss4Oc6tbjM7`2aoF0hNqtim91nw`u;TvilRO*S&0qZ^s00vnkw>W?%i
zQTTa{vYAOfx*m$syFMVBnOUA=jyYP{V_tY8l`jR?yA2tHTSe$B-;k-wtl7-CFl@R6
z_A?j`w8ACtibD1FH-olD=fR?uKyE{yTX-e%!UHWR1Ht)U!{O?Ew`TvC-c*zZ{|(O6
zxr`@KPi-Js$rt4q2U7U<bd!x=Y{J`3EUxip#(g7hRq|`l#izoBPd|!cMHanzKI6VV
z0>@_}PDh*FV4li&;`AY-j{Y0L(jkc>ivnU2Xcm*V#px`YhUgS4knm~)4NxOXq+>4y
zbT4nVT1i#u8)ncqh-As8{$Rfu1cIekq;E*~yRqKb;)*z(?=2cvtfWj@?*qVmdQt74
za!5EEs(OB;C3F=vWpV_SDBqCgG#ALH>CBHg4hGfrtiA>G9oZN!BhKb^L<x6Y)*?>_
z@LDzw2~0=T{bOqU4FddqK*hH|8TT~0h4+vyus_p!o$Z}$KHrqhFE@&%G%g%~IclRy
ze<aMpn;q3E{gF)-?Gvt8e+-Og$v5%xc&hOt{DF9?6Ng`+;k5r1=Fhmo{JU@sR6>t@
z2h(y`sDaWC%NlwA)5`6_Na!)dXi3BH9AUj9znzP6j1<|S0(hYOgIt^me@#RtL6<#r
z8vG8qE_}4{gA&m<-a^(@a-jBmEQmi|B$RhX@aKZmH6|)?;p2FufRN@Hq1~vCm}upG
z7p7e9fcJXZ+f+nS-lMf%x^#s8huJtm+4Q#Itx(XK;{_}jXLU8|9o7mAHs;St{@wSD
zR9%Dg{voy~)OXNjb0ZRc&&@5&26leI_kSvV%$z7x)KfTqsK6kOSWrZ<4n8^F@~snU
z?&uVV|LO7Ddm|dVBNr6B7f968o+UU>UDb_c>#${&zAVmzx&yC;qE8c^wNN~ueP_MV
z7NEkifITJpHqCoQN#UlC(WT7Da&5)2(dys^IDaZi)~V9_gh|KpsNzX^gxV;gWEJDU
z&lYC|!9(j)=ijc$e}guEV1cOE>MUM@^kDA_8r7FIH|m5lFE^4vFaDurK<Lri;2Y~*
zau!V(`8Iy?*-73J44Zm3|3SPrl5wLjZ1YCHiP=0=j^4f@xE@Y2*t}_UQ)@XP;!51t
zO8xn<V~+MLf2+Y3*^%XP3|73Q&&YZ^7}?aH>@3>VY~19tESFJ(N!((CuOrb<GeG?r
zJC?LTL5)FByM91H?T4Te9aG}(`fpjzh%rfI`T<y!b{sGHB>B!339`hr8rtO8UoYLL
z^S!RbTbV`?R7MeWfVBD?WD$ORiMCodq|9%1T|R5|+7gZHh`PgH|1#uYnT&0$tCV3~
zhtC2j+tbjO6e~9>_sT9XU_yT@-!;+3RpS{a1Dm=d{{+kJVF&!gy8KN3jnD-f*N?>D
zk(%#{&Bwn_n|BVOoyMp>B$h4c+1{@3dN=g74a<#YIp|$?Uonoy*cgNhrbQf?5ld=d
zE>%RIy?7(V4^)Hu&~lu-T-N)ElMLG#A?=S2#C$b^^)5C@o`E*6lO(%N*02?6i%As&
zYP>6*gyofrkr&txY+T9gGOPf-H_*hpNm$)c(zk)E9*3q`SA~;Jtyq-6Mn*r1@2M3F
zyAt?jk=Wh<6dfn=yGxq+iFr0HK!*3<3lzHHAn95GKpR(@Tw<+|dUdkKT9I}?1+Ugs
zx<G-9)J<zJHp<Snj$+|LES-OR^u9j{Jc|+mw%zpiLKA^)(`6a90ROll2tIydjViei
zr<+hfbg;>vvKw@}cYX8C`=702BfHpu%3XE(MX}k?ehQ2jiOR_@*-MrW?&krG-WhsW
z9@w9`X?tDw8}!!HZT7Y{E~66j@)<R=Fp#D&CRP`WAK?;_-BNJSlhkd_$iWu#Z{TMn
zd8!t7b)C}NZ*tZ7?Gv~eNwi;uAe%eRvHX+-Xv8M~{m2Nd$iW<9hix%(oYVyJku#F-
ze^kWigiktXxfwZU0Pv6)^Jy3oeRW9?{z&?LG(9MZln;IfewR}c;GYLI+>OX5(T{zl
z<<F0*-;q%Y@6af45{HaY`xlV(7d7c(ttvej9+Lm0Cja^?%+EEKKbU`qr1uV54*;KY
z=guW^hCIL7=#{wWDdW*xI^lmTcM0J96KHoQ2A<LeonrY279)l6ZTvY#cZp<IMwT6w
zXeB1*Ba#v1w2eFI&q;thZCN}x%XJ9~D;1-Jl@dneb|Q3T<<42TZ7lb5n$w?SzlEzI
zcFt<X+<__hVL%xkQW{(o9~wuS<-4=q2?ny$!_~SDFL2fxZA|8mupXqj{fiT<lupZ7
zZ+cr6O=`F%0LgKkWIw&mau%xpe}(l$_&%2SBB?&g_d1(Lf4m?7TR^10^K)hs&FGQk
z-?Pb8$=j9j1ZmfV0&zCC-{Ly5+`99KtF)~xrYg&QVDV8gJ7C|Y<qDh4@2VZo6!auf
z(2k}tZU$`$6`N7Ef_#ukj0l<zXn+091a(eK3XU9Ran^w7=|K>=5?6IwbA)}~A`2`d
zYe}~*?Kej{Cb4|J5!i-_<ql_Z6~Y`M0OM$DhH)ZBn3MRmyTmaTD*02Y1Y=ebJei~H
zg4ijkOtG7IyN<&2SLHZmRla`-L#K7piNEzPQ}w};%U;?+j1+%Lk_$+-j{rc^6G6^^
zwbQEq0sEPJF?l;#znP+39o@aIbX6~BcUA-b*qCy6)#76)7G94E!%1SXIl|&O+6o~C
zRve(wjhZNgTTIC%(u;<_09pF&kI7`Yz&y;Jo8QHp-~dJT5@CeBHz0%5nbRDD<WJky
z$0+hCQ_u<e=Q?>8<1xSwUwaupIga?`k^ue5WxrWZ`7P+L;+}qGeoHP49h%MQCIFeB
z24wWn!apD@%S8eP%!%k@sz+EI%RquMz_%=&)tjqdnUQ4n(<r{lejw9Arszf*jP9%o
zTNP>Ui;Iur(FSe_M!&Op)Afkpl^Fw|CZm<?s|Ta^xJ_S<>npb~L1pv@+B*q&&g4!C
zr3CAzU?DWXE6bG&%w-Z%GYC4*-NbU6LG&7*Q%lb(e~%Tvp#X~4(BtjznxJuLwoNVp
z-N;604SrxSK%L94XFUJLFYDw*(Z+2BCc=V_KrS0+UdT*r?`mwr6y1^7o_W3`VeiV!
z#018@T8ARu;~>)k_Kd_eDk?FPzyBAIF9l*O!!rsiABs@oLIT61vCMmY6{EA}?Uuvk
z3hm(C#x>&4Rq%6NTkK`5+{bmOX|en(qzfuD?h7c?uh@b;R#_V67UE&LnP0_7TaKsz
z{vR<jWF{_P@g_Nz#CE0^rk4<V={JclQSOYPeFvko<+Uf;NIrKW(xR}pC<c$6*g%Wl
z3mMC7sc$8sft-2z|FQQj@J$w3!+6rBB|tIZCRr~~G-4~DErPUiOK3}<V5)Ty#TQsn
zw6Y@VN&+aC7SjTcAzE)MxVtR7x{9s>qH@3VLKCi9a8(3_f(jGErJ_Q)HQzaBo@<&G
z*!TUv@BjOLuRm$#d7hawXU?2C=giERGaINRMzjyiu#a*>!EqSieuActR=#h?3s5sp
zq5ldkU>tIbXApXj?qgLmK>d*CpK_j`c%E}-n&z2HdGOL<p64sbgX{}mfp<FDx%ae|
zAwx9YVZJ&_NJLU(@3G984G>S|+Ea}D{_VU>3_Cyv=V#ch#?{F*I=Ro_HFkj?Ov_=I
zD9jZneuFa+$^<4@om-q<A0A0p-D2UXchNlcL}%z){|x&C!4EV7Uhz6sqmB>vRQ&%C
zopFH9)UOn(&fS7Hy*|YKE)hYq=Uw)2BIkE^;tcyV7~kG8=tuHlE&xt(`hGBa-wrRN
z%^K|Ez&+4JpwoeKx(;S{>7SJj?te~dq?l75{_O>R7z=T62XeEb#N)V54Th=b1!#VX
zug(k%lwm3RfmS)N#g;jg4prE|8pF|&ihPk(Al5*qxWyUvRB4_i9?Qe7Qu$+~L5LC0
zF6yoyK)X%t=sV=_T*23SKCcr_?}2ZE_+uUy@3b!8L|(aC2T5M>@`q!~2a#|SiYNK+
zv1ia$Nhu6*Pis7gR<@D4^DH7LoZc-YzG|N*$(feqBETC?+fth#^PPdm`x(NWWxovC
zQ;8hJ8$Z)vl(QKPbdnM$Dp%sXFNB>{h(SSKK1FJ0Wr4_$U4V2Kkato!i<T8Zw*c)k
zU~-TmlY9a68_F4R5hU1$Mw)K`IH|TX2zGk|g0+<4Izcm_uL01JH>Li;_mru0pQQ|!
zYr`&Nh){(YIyQWrJRAZ!sizW+9+TkDS&q^K>U5NcaXE%Pa|hp07?fHaEmzmOP*>~k
zE6vKRU`J0Pz?^!)KfS{3pUC_;urP$DfBY8qB4rGPFLYDw1W<3$ufl%@*!bne)an>}
zACKEbJys!9RXAyxL71CREzc8DyUjF2j>MTiU_QS=wTC5pJj7m%F`shf`q>wX-;G*d
zYD|5GcJb>=ZMMF@Hmz?Y=%}f^>U~cvHhQlY{KHlYfhSTaYzgkO!_@D@*zoFl)t?7!
z75}U)><jsxXe4|npOa3US}ut9Enw5Ax}3!<O8eS5OF;eg?3t4@^3HsCs)H%g9G-(g
zH<ygo7(D22AUSf8!NE5COgbDG4I>CR%tq$N?Go;)6qqm$rI2eyYf^N^pMW|3+^B70
zQTa&r?9a#nSy&h;c}vp?>XcM@)){!R5FxEv%^@y>hO^-S@$>^}cs(x3gH~X2W~$3t
zzCnieeGCRqkIag-h*rJj!!F+2HOutXy8VEXAqH>9l42vM*g;*ZqrrTmF|wQD#%wmD
z1z0UsZZH^)2HzQ@Co=mCLiDx;m_66vTkj2^LNa#?;{HwB$mC$(oUt0znmdY>p3+D)
zSQnn9Fpzggz6boqSph$9GE`-#F3+r(+v;81YV!Onh>dH2n8niaF+mK^2Y6cgLHSfH
z@41qiBNg`A<n<eb8f;}$=fClQ_6MNy_zG3jY39>-YmaVxQLlfco3DQTqt;(WSH8Mj
zSo2zV*XUQ?c`FE_6DD(lWm%=mcd)@_JR@Y*y0bs?^p@lfOv6HEH+*)3eNy@3E$+-J
z$h=E{AF-B-WuNix@f~jE$?zRF0+GjmiuXrbR`zWzR33tk4jTpI$+E4_9K|B5m1-@^
zsss)ZDiqenf3KlWElvyU!kUkeLa5V>joAN|ja@KY2f_ecgzVGaqt%kUnVS^+u8%yP
z{Yh*11BW*Pc$#1FW63*!bB%L#e3>d?bT#{o7OlZXyKr@NG+G-uP{h}3LQ!d52}PXc
z8m)*6|Fh}*e(lwe+C(mFfqupBbThCX+Z&@Slg@kK_pX}n)A4&Ues53TK^|4A{r!Q^
zQh(d1zr#$^-(-J_U!qv}Rr2q2i`D4;=Jpqx@m47_&JM?+UYg*_KJ9Vj!4L(YFyFk%
z^Lz3_!4o%lp|TtPm~-cu?CgrhD%_(o+1)s^EUQ2eRs>=5-X@4w<%&<E^O9vA&Rg8Z
z2uzf+zXnYn$SpC7LvhxgCePO7`_1u&s9Od9Osh-WgPR+`Zcy(83{wZSj&qBkq8(Y>
zeNHYHtt%>b`Tt->v~MPSH%j=@1<+<UOf%T{3sq6KKZVbM5mWf;{UczQ687Lk+;^eT
zQuY`M#i8Ui9{!!K12q%bG*@=5ryD3jtH2TTI~*J#Ktx@?E(U`B!3+%O=~Xi1CeLSX
zvh?|d)G!HVyU$le5euTbwG6Z>eD^LvNMx?++yhCT@01Vl%9xnh55v%E@ODRRxTUS&
zl%dY%qIKo5{#>!^Q6N`!{1p34{1uY;%S!wu9@hEaVSA@=VU3OMnpuI(?m}oDK39bc
z;IGOPWk<aA!8#3p@62n7ztgDx)`xZc?GnFo-di9BB}(a59xz}E&L4CA<2#`>_d9gV
zsXSs5jOS!|>d&z*N$?CHQFGSpt24p`GR4zQ@Ljmzxxs}L?F5`X-CQ8nyNze*$}c2z
zw9w%cD|`)!#Wx7P2u!h$8oeJmB{#s$wp=lWzkOSbB{S?PhFnWtMdVwpe*otfC-prN
z5XqN|aU(6IK#VB+``M}}{|Zv+&2Xk(zBunI5JTvmcM98oK{{A50VfEH;X80#2J&92
zJVnJZoJJO$&eR)~S#c_-lhu>#&$o&>om~D&X7>OvVlAb91K&sl2u}f5ANO2UGShIA
zrSwe$pB^Wkr7kXe#X$R*8E$cam}5qBd*1a)$X|B_I`wyF!>9}9+WQ$~DUf58=iN}b
zW{+}F650rm6R0>rM?#ricyl{P#ZsCKxe1-JS4}dS*%Qo`(x+9wYp9vLz^M8H@htrI
zhu_og^pk)kJl$p#EH0XI+noMMop8ssY#mAhbVQ~N-_w}L{>oDNDZSb4HJ5I+l=_IV
zCR>3CEHBK1o?l}0v;it6SjzC2-)ioTaw^x7Tc20<J^a+=i9h9u-{p#RxtUw2)P5t!
z(Bbr*hsP5DK2JR8^c_rqrU-)Ak&p&@=8EI3bfMb~CXB52J<N%(HevNSFuQCpSxP^q
zx$QA{pFqBuVgK|_Alx&QwG=_VqE4thXma^;+gV}KcMphHcrW04+?J_qFhe6!3jA$+
zpBlxJclk|5nz0rbN$YlSX9t~@mn(C#-1gfnrM1}R1aCW+FWLwsM?arK7hL`s?aV@e
z?xDjqKd});%iU3&_WJS8Jou9pEzHXGKWrZ-Rs#NQbM0et#X};rM6CFo@6fpi+$bIC
z=Ez0R78o}DfJg&~PL|S%v_}=Sl<~xFOX)d0&nxxAi__qNlNsZ%zA(v1E<u(T=c3n^
zuQ72}XXmM)k^2`rPvu#mlGz5S6L2CeGCX%o4O&K>1Jf;RNES52O<@e70cp9YUbqy%
zEBDNZah6lu>=dij-hB}#V|m@bcKXgF&gw7lJ^4@$u0|0v8pF}^ieFkTOkC@YRBV`$
z7Nw;1XrPc<)Tk6qmd?xhjwD*j%H+;3OO)pomX$N?w>eU0*!$yX>W^%0z-i`HIAffv
z){A`BI>#JdDV?Lo(P0d)Q2ga3J_HuTrFv%`$e@8pH{(3Fy`QD57{O(oSLZj#$g`Zz
zQ=5(6zCa4OO+7GQUl^2FjApD-{nS^#AjgMocwUzJ#8U%ZG3_3=F)Cz}5XzRj@fRpE
zJYc$A$i~G#@<-$j6FdrBuDC_2@r7#Y@Pi2eJ-ks%=P`CO@87?oIK-<6sec9Wtgee)
z{zSKUfI4`L(!oKeSQ&o*f=>Uzu)@)a4HLvfq!$n?Y(FRY&4Y-n`vpa$XN*>iTFN$^
z1(IxoKQzW&zDBS^j>DtW&EZ35aq-}L%L}+;1f=BclnELH_~Gv^X!|ik5*8`pcVwvH
zzd*{l29<|%W3oXa;&d!q2lP=XSyn~lI+cuLq`0kf9cB&>xqzjSU!CjeMG>xJWDjU>
z(Ak%g@{!CGN%;cT%s?l+nDvBSg8`&ijjVV#cAh^k1$EsLK%spCC#TInsuP7_Vn&oo
zdt8-uraJ=zX^}LQR9B?GQoqYT(jW}D$DV2_`_@Rp*;0y!=1@&ITjxPnp8$I^0wewn
zga+!(j|<T9jg|0=*crqcL97%#_FniU1K;?5Far1BO0_r1ci8AznYkM+h|U7YNJr^0
zkJ&}BWlagLKqru=#oU~8i>KWFZqDe43~HpO1eby`tlrj8#8P&Etb>7e!p@rl9XYF&
zukHda_F}YJiXzoB%3UY%R!~6FCFWV3miBo_DKi%6x&%bl+Y;y5PB}2ZRhOvh-wJQD
zH2U;gZjcDM;vVffw8s8G3&Gc5_4I+Myw%f7@IPzjJbKzvx)Qhot+^|6=UroGwv%M_
zUt`B9(VviELV0)+zz`8N{gH3RKFSDpL_?)~2~d85)Fi|fkiVbIZmC<!e$UU7V)M!>
zoR-(B!`a&N9bleO3~gj}S16D3oK$TXH`LgBS-N;P+yJu1Zl9G5+WJKwBnSow3MQ?G
z2P3=1(Aq%ryG2Ba36KvpmkCV@-~$tRT)tY7xjXZeV64HR{O#A#=-LcYr`2iCEaOhl
zLST^hjc&lIc;=J+$Huk>AgW35-wG15KbAVZwk?2fyB3j_OFZ)CH3oJw=7ox|<Fl`*
zj)r?(Q5}`mVUMs1C>9A7$#yc<x3;$iMAjSV|6pcpLt8`mSi9<|oatIkrVkhLOx2Ky
zU2&$3LBBuaJ2J=@9Z2zjdcQ&OfY$2b0m<twLLh1P<Zgy)_&u{wzh8ee=DFd$Yjn>)
zCFsA0UcXxR{Ka4O`Co~FS03{`CFc2onCGXu=={5Izs3;EHygO$jc<s-@>+%RogZpB
zk5cPrnzHQUj%uF&7-;m|%O)LY1ls}(<{G}jg&RLK&U`ZsCT|~HFnHsWwqTiikLQY$
zpx5eL;x%?>5Z(SXQ!ka~m`h%(YO-6IEAg**PW*~J#GP?G1?YDDD{lTcqBQ9n=oSwH
zQ(d<LPp>9omYae(W}{2|rtFyay3DP_X1JFXVmDW|MVz?rGr`Zx{9b+$Qy-r0Mqr@D
z4!Fc$pvmmBMyl|7?i#?xtx{@)$=V*QR08BMjLxjUWVzrU5*`(8tNQo(Tj|y($-ibQ
z!S&o)GTm(OwgXU-g)<t<4`36PLOuKq5Ej3Wu2%U`zup<U-XhO}RCfq7_L+gb`E6s=
zmu2#HMMuheX+pUd+66>9v!*eMW7pRZ_3V+|w4~0F*Ha0eTZ|Bk*l<T*+>Cp{1|hxL
zV<+LTSK2lm4&V@$_j`5=uhVnLmHsUU%w)hZ^H=TU)h$*R1p0R4IyA+O>j&m0dh}J=
zoP8XOmjGU92Ubm*6E|{xj@bBk1-x)l>rOxW%xJ*Rl^!C#a1)Za_hZFf9~&F6(`q1e
zce0XiIJ#fD()a82i1$I%A#Sl=t3#Ci2s8Swy3)UL8NYCg7a}P%&eCf<b{Ep+M_wiC
zvs$4`mv0ohoN%X~gX$tLvO|67yxcubzSKdKUMe}4<<k0w7=qfv+cq}p&dUu6+g7Oj
z#<$t|R&)F<W)o&(_s~Wvi0O@2-vjDD1SD<0!;1XYS{P3f`I-Nq_~aKTK6wCINfH%1
zgJyO`sFv8yZCGYjZ(2W>Kw39Z#vse6B!E`b_BR;n4TeDmkR2X7p81(CZx~BH8U2*a
zV%eYIgaC%8gZ5kbV(=;8)tws}$puc_<4&)LtY#l%w%7ZkI`7NeEuGeLiNAt5A}K^6
zmV>ZKx3CKZNjSl}#o!(0@+WUJ5k;plxAAn_si|z)RY^?@igF$Tp(!)S`ajQ*xfPGZ
zU|?Lvjsh_NvVhmBQ=6V*!s;_o`frHa2-eapD;WE3%bg9v>|iZ+&6$pTWug0bNkj%D
zIpg<nCFAzJ%m3$Oa=`}MKp2o?v-oft4Tec-=CN{^f53$OeIvJoz>*O%oR*cFPvts|
zU?LXL`^jM8=h)DdKmA7`y<W(!6)bmE33Qr-;%XS{-GL&bJG*Xb`|!O+qAPA$!;2{?
zw1Isp_ikgVC*n%~g|@;^u+E<u2_Lud2e+{fW&jdqe>QN;T-hfqbMXWiw1K0zgjxWt
z3FRh}XL$H!7}DiPKkNY^aF>xRXufhdK&YSE%I|0ZUTcRlaw}Gvy2EJT`3qU@JiC?B
zfkGzCK3msyxdD&a03QAkHrl|=uAO`xkFbzKk%Z?yOlDaky2BR=AUx=>y8NOLMyjRk
zj|PeAg=`~A4?y-xj_jAT3k{RAkfVXdp*W4U-fh9$gx?q<Wl|}n0IjMlheE_-;n#6y
zK?i!m82JTr`z{!Na|+A&4x4<z1huM(7h>@2Oq-m%X|x{3-oBZ(GzGCX+&zhQ9x-_(
zC97dl624$k-X<jJ{FUx=qWp~+FyiNH`AS}#xQ{Syy0DtzG;X>Wyo0Gh)LdoUOzo1?
z<n;ILeB7kz$4z<ccv%lbv8=3yx=aeYzb~;n%n%0T0aI-;Qe11NW#ea{&T%OsGET9V
zaY0|)i>JsQbl@@BMmKqsfF1z7Em-nEP3>hxJB$R+W&B1k?h!;8auwFIra>B>P=_mf
zhh;8~N@Ryp9^YuJ&F!CQg=wRSAKeqyD&sl*oICxHkiA#1+__i4Gp{c`j&uH8y9L|n
z1`4?X4;Y03qZDp#D~S7%m+#ridD*hkW49nB9P|3dGPI>^kxU2wNE<nk08>xmObsuy
zYc0<WCLYeCQ_h8g+7@icoc`)O36=fO0oaDJ0jNr$MLbRzj`IOCZIitPfqbJIz)}R<
zF6i=+-l&0%1H?OtMn$+$orf#KVH6u0%*`?y!fu^`g6Ac+(NsLVg~tbzaSiv<fv0L0
z<FW}Z#<0yj+bb;(ci{Wc$j$F3D2%;DO)i9_6u%1WizrRe-E@Lm{DL@J(hALR_mO90
z?siDr-HLN}6uCRxwJCQ$p>TJDe%%|Gn6vk3V(&p=BZo$O-Ad2b80Eol1D1|VR`iKm
z4CSIH3@s&^>}<w%3-A%TG}4>X=<bwWjS-qF&m|Ct=MsmPo>4hGU|OKEINtQ)w+VEv
z1lhrrz1cDsjeFlY;P6L?!$$&#!?YWN1=1Ou)s0eScRKD8B)HS-K!SqOsKxDX%ZvAM
z!4ArX2^g>#tTwI0P7(Zl?Raqgfm23VoQl_!OPp=!hMc`#q6Bd@A^I|oW|$;bm=Jm2
zS-=iYXd-5A$S`@V+6JfJhRv9RGiPcB#&<yU%LWl|=UG+#O#F@T-=wDslfvWek;ku>
z))iI06syCZHfq)vWCj(h!jEd#9a8KH?+YwsqLbR;ba@?~50sCTbwwNp5k3wU>DSXV
z_5O6B$%uFyN5m`~5i8OZnGf?lne)4-$qWPfw`k){p|`=y^_i&0YWk*vhU|`)_y!7%
zPH`meu5^!y9s~SKwqCu{QkjRQ+yR(jXQ6vYV9-Bz_Q7)*PwkY>WrUI@Ny#8aEvd+W
zi8#C*r+yzRCEfm1_&&-)-wW061#&Vl0Sx-y9pI6*yO}#}{kjzE{Ax!Z7!WsPVbx;q
zm*6RsbPGHn69|D(R>Tgg6|enb2VwX04o#IwkMB_G`n{SgQj_D=<TxqG{JoXM2f*Oh
z?S#R-I|zei_ynNEYm*3<oE;J_p`-=d6;Q9K$(PmSi)wPdniQoZ>qOPoq?(pvbB6J1
zi??GfGq=kvo@r(SuTO&B49&Y@8BTfOO_BJC6!Cf2cBDaBoq_-73gm+^g^sKF4tQNJ
zy@q6ink2^<o;1rzG0)5%>4Md4b|fu_@?iC_&DSL%Sy&>}yVVscwKEAwkyD&+ujd$?
z*w%+<#|%m>fkN~cci=m@I!v22X{($TJK0^h;^~qP60&_)V#U>l#N~L_%ghD<BG@#X
zq)Z3ZpGfTs^y|0{Tkn%wUnIUlWC{7yhWpfp`_zW})Q0Dn+2dDY!-I83Z1^lQ+tED<
zV-^JZeY6$Y7Mi2LcZzeEL}kqA5|a@T$RXDU$p$s4wtSA#aB-NKo$pL^#nChSj#NV`
ztzmTwLS5qfc7E{kpI9d!M0@xk+FqkD&=xgWQ==PCf3Kk-u}aPGv6}o)O0qxSMC`tR
z54d49#CPx15W5>{ko^|b#2awA9Qwh{+5xw3vr@qxHTi{_+^r@*lalPJo3sP&;mw3W
z&1S-&>t=btc{U?1D>f?wu9XVPq$Z7Ovawo8o>P+zQj)!yP6KXnl$!HNHC21O8f!UP
ztr>9JyU~DSFyMk^M>&1_4cn|6YM3!pCXa~!)WAD`4Gp{sgFNu==tc}8n3kzSORmWo
zEVch4p)>-JcEUHMI?b?C`S9Nwf)lQxAz0G5j1R%pUHK3U`eb@cslx7(h9ZngbsUC#
zGP0LF6o0y!hT^yj%lJ@qO4UMr$yK_+C=Wi!<qXYHsWay&Z{1~%$!SorJQ#h0?hc~@
z)sIH6&FRYnwHK>C9iTe#L-<W{tE~wiYpBAtws6v!Dtf+F`t2|M-gSn5e^h!dmVOt)
zujG$8sFr0SajHmzTl@(DAu6`PppNaUi^^9cqt;t06X1pS1V0xVLM_4`+LsKaLMS-d
zy*!OljSc5%WPG+iN@?s_wwtGs+$@M`+2N}<;G(YIsn!KZgK9JmVz(YJ9+RUaYV;)K
zm45HNnbsvVrn8-!&emLc)zSGo?fy*QaeFIV4Y`$WdmytRn23_$CX_fRgT!l(!0=;-
z+K{aLh$IEc2lg3%<>0SS7O?egNV<^V3=9fZC@_4GWQ%x#yDF%F6<_)Jt8X^ZtG~bx
zn+C7eAU6OvqM%-DB}4};MlST<#-@!lp@oH#k+Q9oqCk~Y;&-os-3J+@4HTY10`LIV
z>%W!tr|%V{`~&@5IG6&{%*@c5hCV7`c-^OxURzn%Os}~{?00pAlzTUSjeQKSP4eq?
z@EVZR)f?IXty(e4MA+$2{$M?PSpZ)EEnSgU*TIM4QG_SS%s{`{8>A|hbfB71X2I*n
z)=PN4#9wo<(Qm{$DfhGdHS!s}9w@&a-+@-YSX(rBajM8FuWgTeOyM=Bs+vE4$fJ$X
z;^{%jOA&pLonyjP6;T>m&tq|wze2(5*8iCpJ$X6Cd%l{P_2*Lujr$=J{a1OEk|AvP
zBs|ni_f43q%d0mbrI;7*ObJyzb#4YioQ5an!3fu#oo5ezF3(zV#_mmGCA%=5)$^_O
z=W&w(&a`AS`&tPD63`QC(EjfM1Fs1rV|6|L(dHNX>;0d}-ggI{w95NBzN5Baz7;w!
z*)858_$Pp3&gU^1Xl8+ngt!Ix3Jt@VW`m_PBSBi%hFNpwK575WS8c?wSpFH`;-U&m
z`2qx!?_3+p+_OgV%-X-P#K5=h-py}C{CMI63YqColOp7tU_&~!qktQ$qw=amPyB+5
zanF(04sEl1J*pKjBDyKyJU1}W=*q6Kl-?@G!xyr@u*^+Lz~CmfL72rQK5jP$b8XVx
z(veD4o?yE=Hd~unt!*OIwvG<H;3T*_Xi6J^Knuhf2sF(oucP+Dqe*OL^Dvhf6_{P9
z1&{L<xC1kJ3%VPn7Pzv%vdqQlCsZ~_UzySZUfmVVSJzvuZpnSEuzz57cW#`e^d(eV
zO)7uYps9S$mAHe$W2S6HcW?re=|rqecHMm^O>(uBa}A;WZQQv{poN<;*vALh=njbT
z*SKfw5-YI8{ROSaC(x}5cv6nYFNU=kMUE!YoX`04UN!#sYA^>4<lKTF*_h$243Q5t
z>z5k*_EUd4B>cX`X>~b=w}rMQ1`V0n&A`%eDKs$XR!m>Z(>G$eJx^ba=_Fb%tqDJI
zvMT0$s-o>C2>vVeE`;cQnq6xtJxF6~R4U3L{{V8JBR^pOW2r9j7ZkB{;nMRcH)?iq
z??H@$EBL14=zEz2><siIJj{CI34S#5@OV@z9xKBuwgnylpH6L|^GB9v8g9I#y0ZV}
zxe|zg3yy5}I_wq5feug>{O*9E<3YZn?<>~fVJk=}aoF7Ci70KzxKsy3TE`;MP&Qs(
z&mgi#wwH5{PxLx@mKNoRM?$rd+iUm{T%9)CaHRrlhcCjn{!}F|PYi`*QMuSq7WH&r
zGQ@kOj~RUpNmH*B0-amU=w|Snp2K?I1*skNepg)xU9(_1bWKKLwcfvcP{jd|jw3ub
zfZ#2>eI|<XF(5wK(6UA}7*MQ(7#dwI`w>+0H@J=K4YTuf$64a&YV~{p>VxVS`-XPa
z(8&dR^Ev7)yi06K=010z_dI|R=_LDe&NNeS%IvY$DZh35?FZ0n<`|&)8${Dm){(q^
zU=#-mqfT7b^EDW~TWPFf&^(9Poy{y|{fu}&J6%3_gqha@{I@0ebaeL0wTSgh8$K0t
zR3;ND7r@Spw5PZb@HH+TFYPBhQ2tyT4~&4u7Bp}?O4h{U@xmHfUQ5l~hiC65(t77W
z!m2fUTKXnSChzx{Cx5h?wlV2qrMuQB>u20<by_L`qj0z}{`>pY^)}6|HS`><rJEqi
z;rAIjH53Y;KTf<B?r@@tqRAaR&VNrIuhPX&XyCSMh?K7X3c=q+$lgVIx9D5cyB?p>
zh$@8!57__ovYUUTAuv2D78rbIjh<9I&QHhjt<wJGTFDL{iQm0-w2wzy6DB)bLV@&7
zu#DCGK%|+UQP)B+)KjHhB6FJhizA*R1^+F=fHXp=;u}QhN?OT_icn#L(bHwD#P9Na
zAP--A!&q%PuYPQJ`6@ZylX5=WKg=q25!OoT#v+LMxUHaA4556R^qb0!^MN(eprQG(
zCBK24+lh_xT5<L&h?RIQyzG?c{>+MqnXjuBm|fiazf+YUcB(|T$_~(qv-^lGJE0ft
zP_vOXHL`<KKT~uch_HeDn0|IpTjBFqAr1kk5rkW%XE4;2qOPYF*!Z0(G4(yq>%(<t
zwZ1&-)K52!L!R%8P%(^*h}_M?$4CaFV-)?SHw1)natImC{xA7B@<A||6|`*!g5R6!
z4oom&kSgPTws!~Gp`hmTQt@;-WR=SF#Q|$(w?{yM;&}O3!{fjYh$PT8d`Ndfjoya`
z^9_;kZ;!_6D^yA#=+dCY3-+QN+d~Ldjsgy%Z4h9L_IPS^{O)?e@?jUu3}TqhqlBt3
zmp=jMA|?n6&>F>0B<hbOs23S1E{_-h;Ak41uLIRd`;$;W04d^2p<RU>Ge(KKGr&Wz
za-&e`T$j?RF3YeAXp2h>v1Qwlm+r9A1*2O%*9!j0FrSpqs|Q`;Jv9d2aa+8{-Pu1)
z2IY6s6_~LT*Fw{`36+Nu*{$2~xCw4|N6B}R{RaV^Y(?e-&cp*PHUuj3OQ#UA34yKm
zo^WNKn$iu!odyQ}gnQ98A^jvkN6>q=B4~W&1N#kZ-^o_DI1yOp4x6V9ZVsE-q>s7l
zANn?W%;=Id`eStDqgYmWM5yd%)CWGGg^^RJFDvj5rX$UJ_{b`$S}Fy{;hW|_7`lv0
z=C@)q!`(R~bm>MiF^jD(U&u-Y@=%XpTwwU@{hYgLPBgQ_WDh-#)SHQ+{<>1Rsb-Y&
z&kj!HokQsLmz+|~c>dAtpUIK_f|OW3*B$qv>adjlp!gh!c?N0&WZY$FnsFDmb*zR0
zv4?!VBFC0_%pDjs_#|kUt2p20*oKEp<ci9-?<ZQPJOp}-0f~;`ThwPiVC1%eP1IPG
zPK`D2eN(pUC$7fUtbj`X8b`lGFg~X4gcZ#1q<m6?=z=k&Og=TJ>=xSoY6XVNte<#j
zRSXUUreGPKUS#+4m&^(Eh7+TFf2p4LdAOCd-z4iVmwyQL5Z&&i^pK~-<?oNU@BG}L
z>72I=O*_Zyj-hwiqm43p2kN!xd7oh$`3v^;hk)9UMqSgwJ@n6!6@X)|0_zn$tRC!X
z3D$ogte=6w>Jck4y?F{xcmoKG*$h9sE^v|c=@G7_zc|8Ix(?7UUP*gGNf{YWnZvJ0
zxi?F{zevBeN2K*JDIU;QQk2-A*}1b^h6sVXVGvY3eGOjfLCOFWfn_weSaE&ex^px~
znD_@UGPgHW$@35L5B!{8)8k1c;J?zjN-ReLTcj=bj(9F6%smaY^YMEnk36nozliIc
zYgw7}*1A4;KB4ryftHmhl3QTVQd|uY2igljP_<)*J9s#?w<wZ9H5Uvx!SJSqKbGV@
zYkO9b1#~ei9@g_!b6J2BLw1zx-RWkM2W&q+iIpzA7O3)vL?K|hN$_QXK=?u$U}<~~
z-uWNLdEjc9v2g^l68@4+Scb6|PI=l>P>Gwya4c&NS4Csj`o1vmwLV3&m4h}ywg^8X
zjSFb>!nJ)2>|a$pJY+r11W#1J``K%0i(%zjzG81lPkIrO@Us95yiyHNs?@j@{sGKD
ztqUVpT_w+3TmcUbo>Sg_d;q#dFi_6`b?_1;eBV=kZ{HTaQMEULV=<6Xy)W5F)B;LH
zs^zE1E@p3wbDWy6^)P2+1N?^VhpS@G%RBD_YQDa+k6}%QL9=>FM+Qde_(I665c`9r
zWhHlO@hd?Dz72HVhr4>>2pbq3@RFdw+hd>hF-ULP!W&EmhBgRdPO1<{TJk9tNveb&
zcFoVxs4|<jtU`Lbw)Qa;iAm4l=VK>~xPX<`4VUgZ-?Ft21uSg^69Czt+P?*|z5R_D
zvstgBY}2;zY<1ESZE&dpWO;{*KIGX0WnSNc+bBu!f_oKJSc6IU8L^7s!fL2O_<kvN
zZg`U%=C1-w@}xtXl#QArYVvzEc~DL6my$(dy91C6CfTrtP*T?|Qng}|Wee`=46<Pp
zKEI6?|K{<Q{u<&<xRy7e#EkoD!7ZuuaSQ(#N~#X2EdX%K;gLm7QHcg#qJo#0BbS)1
zFYyGHSi?)~`EDs-w^*McfEm($!VJNuIBL&wSn#m~KThYRx6~|!E_4U_{c{75`BahE
zxe61zf!gl|`w+NL(kmO3rk8FYGCO`CGC#LLN9O6$V=!qJrr^yp8x*=uQInI^<Wp*L
zlA3%>O+G3mLrIS)&?#pqDJ7_&b%8b*`z6C0=Co0dEaA=mu7>xB|5s}7k{V>H-h-%-
z#8ii9H!@>`mZ^qp;7oNTW~%_E?#-LMhjUk3eX~s}wyo7<vYJd(lLj?;VZD+(t0qsc
zm)ra6dbz!nGn6#2Mrm(vYH#n`YOuW>sJ)AMdpk<){nIbh-sOi8<KP1RF}PXcr^?Mb
zc3FyB8o%cy>UfEAUZPYkQLHcVIF{(oON?s0j86lEK)=mvaNT{-wY06eZjDqXl(c${
zhGb&WU)GQees7J^?swGWTWa!eYI2d9{F9nopeA2alP{~u7uDo^H7TmeIcn0UCQH=h
zOf~tenw+X8J!<j~YVrv+IZ;hcP?L|S$%oYB18Q=Nn!I04-m4}@sL4V#S)e9|tI2#d
znX4w9YI3le9H1t%)MP(3*+)&@q9%K($#gZ@Lrq@4M&@Wcrr7BvxMdSu&4pdKl5_4s
z5?dA4BgBU#oDbJmN_@DgQpbmH!6RG7OO&LL>|D;lJu8>+>PtL?C1(DlYNAYh@lAaK
z?YQvTx=N_rtI4(vcdC9kOnNPqXIr(7XS+p{ts`c;^GnieX0F!^QZ_S3a~kQj8*cxk
z54qY5>b{Qrk3P`~pn;!o0o3^uk~`*~NbYp}L??GrK2a#!UQJ%1Cflk>vzko$MDB&g
zPe`u3wN{ZUudOA2g+*uyogon(G;?xJU&|YjQ%{YUa3#@tUU&L<=UR!@uC+Q^--dA7
z^AdHuL<ujEB9~~TFYya720L(qN-U^H&DKMop(BF4^GDKb^}HJlYh}%rj358TOPhn}
zdeZxq6^f)sUWW0$LQ81;j17N$1rgeCk_i3S3LT-xuTY5hu$p{CO+KV1A5fEH)a3nY
z@?JGLVudX0?_MGI$+Ih{Ps&#-eKLDB`K&w-Kdf_C>XS6yCy%b?eX{I0wV07Er>0I?
zjZGb(YpNhMwL5R>0?t$2^i8$Nk780fLJuUJ{E$R-TNUjTHQ8ECCacLrHEB?j7d}+=
z-G_3+8$Og9-kmpm)heaot5=~t-i2D6%3J)}D&FD^$Ed|m{Y)~##y<+HB%aDyrDK^4
zgyZKW7V{ETULsj8Vbqs6z7k5@&r3MEsM_uArKH{dx)Q1Tm!*n!dt<3iyA>}blFeVL
zG+0!VbJV0yO_r$1nQHP`H91vHder0})Z`Ota-y1?pe7$tlMkuM2h`*kHF>|9yjM+*
zP?LpfvOrA^SCjc_GFMGH)#P9`IY3QjsmXq7vX7d)MNRfnlj&-*hnl=zO{S{JYt`gc
zYO;%(?4%~!tH~?WWLq_9R+C9fWmZnc6gyMgic|_0coRS7oSPUSuBzpHXyAM}_+yC=
zvp?4HVGnp@yME*n_bQT~PjPVPKaxtE{zzBidw67j{ZZ9NAK{Cx*P(+&uz}0V#k?$=
z#sQDp!BM%EK8}|G|4tA14ums|msrh9G+aX^y2~Z5(U)kAB|7mE)}2(Mo|ibVLMpL$
zg|0+s1^VBFd2@LQ#!LJ~F0nvgq6|wc#}a`g*9SN_J-Ekt0MF!E-J-{C<A?jihcQ|U
zot?_HXR$?IfPe>jLLr*CQ9z;JAQ;+G2!(L+;1&l~x&6~^%s?20(7-Mb`-a^9$u@SB
z(K|F<3dCMPw|}CI?ZJ0}ew8%(L#Q`hqNm0{-`4Z|X_WtAd^z66-r+A(DQB<E0%m-L
zfV7+OJ^>--@sGySOEm^Im48cp4~dadjjJMpdbZFa_%@HytU0nhXRY#nY3DC-If0Tl
zs>yL`@>VtZxSC8+lX+^=CMRpdJHAl-$&Q*g^3Yp@Qqj3-G}pqk85Zc*ZW9U4!y6Iv
z43ymDnL;s^!X@A0&dVT2749qC%ze#*g=1+8b^>m}ZhEv)f#u6Gc&^jL3)Z~8S{Gj(
z0Bii}WABfUS4;S@W;T<YKWhjp$!&(bS`yK9W`t#Bl4m2Xt9c4tq0M~B{d>Bez`GIo
zuRmX@dKP_Ipcwk(Kj||Vp}3r{0P~G<@qBj3Cmr}jqWlKG^;(YWRG!7s8dcIp(ja{{
za*<+5Pini7)~GsR<`a-P{B%^me*^VF-I3?R4gad*@zB^ijWjTDjvW(YzFgjPInPh{
z#tT_V5d~HzJ-dOgDDEXGS1qk5&On&xZh~jL+p!OB<4t=P>Xy4CR7vE-z!HAo_jDn<
z%45NR6lEs>lrI5ep}P5aJuZkwJlHX3AB~_*$F8Oe3iBPU@W#Eecd%+aB*#NnWQROS
zY`~xR`SK2YgXDZZN1!(#;O5=~>HGMeiT2bb-*VsV(D;zZ=kf==gg$C-E#>Ql9iqy5
z;WO*0FWz3S^hNP{>Wg_;VEi)Zi|;k-h0vf)cpigo9ni)Q&Xd>avAxhg;Wp^WF!;2U
zR{1{oTwWiRmL}x;OiGHMM8_>pmf$b8@;&m$-k`nuH2yS(KV|W!JNc8qpB!&U8?!fl
zt=<=|`m?>H_h&n~ko?(jNB77=z7V_Y;nq#=GvG@_E#S9pp%%aO3$^$yU8u!x@j?l|
zxqB`Fzu&6(<xBWk;^N1&_-*1h8tPHJk)x5ppMJxi9Q>&*e=6ip7Zyk;e*cwpKVY-?
ztyrMo_s#;2-;?9x;fE8FmhqdrK#Siq3$*x6T%g5otc+joMe*yP;@3*T@3V)R;HRAL
z(ZuN!e8pCSrPOIM@avN#Z?{be29tqJFKlDL{g6$G@C0uyE3NbH?#>>@*J8-BlA<In
zrM<in)_Fs(!;RdMY29HA?n=bteYE)<bacNNA({|kIu$*>DG44hOv7)a=VW>gvDVVF
zfhsiFS;JlYMQ6$oWDK97wp`1~w3279gQ|+?0+OUN$5WvLhLX<#?cWZy28X5^f<v$C
zrCcb*evG70=n<46#pJm-9pp{Y1}ZDLth>bgtOD^-M;=C@S!g8SofceaaE0;<c~pSY
zkVTNMtzv)Fz<iHqp9JvS;#tU+<`y5yK>V%P`kqo_+QS2$bY@pcFFNrT8LTzDK%|_O
zjpr>J@#hrl_lub_b%0DxF@FsE{!U)1qYUPAeBmFB*}t%C%)r7d`m@;}=8TKkqvUa6
zF(hoMK*!z2legH*FadMU%e7w@&er(z(Y}13^Iwmp@=k=upaaN>uf;<A2liHB7W@Nh
zRBb(nuCWg40Dp&|14-)Od$J*iL;9ugY7%3Jg<}wuSU3(%K?)?Cft%|F%gU5w;wX2*
z!~DXvhPK`xo3w=ApVj3@mHa(9`HvsPx_S3tS3z$UqN+I>R<f4fi>(h#LqApK`6u16
zhPST*3m)FujyMcBC@nmwQFGo7H?=TeCVLYAQLsEbM2XvSUJq0|^(e9%RE=RfWtO8|
zEzXZNHc^AXY}!_L7|Fv8PwgLnPcls@fWGwd{;lmelOh=8%<zMn`#I?_FXgncWm0h)
z#V-z#G(Z=IE>d%V5v}1TboPYOekzK`F3%D;7<LD@$n~PnY`zd)O^#B>H?=}O9`ELI
z0XS5=dsMiqbiXRUdFab`$-NmhUC6;*fqYd!5C^A+XwBR$vq_Oym<k+)jFBcWh|Dlq
zF^nT<8A$f42|31b34@9%#~Qx<9N#A%zk~1eZj*jLmwqEVs`T+7o0W&{WqG*AsF8;g
z@8Ipm7bp@Xd3cZXnjSSma9}e+(0+$r2zI(dF9c1}vr!g;KM&_Gu8@S_cf(_appy&1
zU&5Cl1b;ZJj+o!6LU47sIU(rb!^-kX^Fr_?4a_p0eL}d25NwUD?;$m&jV!%7OE22V
zLeMn4sSwOK!G&O3SqL6*@lq)=m``0zh2Yua@r9sHzHMUvf0l3ke^4oV2dC^6EWUh8
zQL~m#*T}b5-`2{v<Qk29dnm4atNuPlzFErf1_g{ab>w0)ZtnLg5`T}Cac$m?BjdcA
zV`bcP(tVuJy=G*YpYwI{<|9eo=;hx(nvs8-HS+Jb@#Wt?n##ZG82PsV2*u^wskcbJ
zZTTONZ;wgxt@jo#&t8>&|04Z<vPCc7?vb`L`QZ-#lUC_?iQt=QGk7{;2x&Am+pv=X
zbk)J&NWPg4{w0fl*`xVV$iE0BL()9s*+$Km44kh^^Mc>7x0Eks$2>i?@rUSmIyr{S
zZm1tO)8OsJj-2EUu6IG9(UN=3h#l1bV5g*eUoQbe&GV<oi$&$pS~)|X9sG#g*CAS^
z2nRz|@_o<TJ~qb8f9CV^JZnQ*0ug<1m;0jh**(8G`mCPc9DNqeZ;n2t^Dl)y<qr~l
z9+l{G%Y2nSw{E`(eL8IC^!Xvk>9af7GJSUYIemh`Dt)|{SpC>EG!oaBAIkdDM)QXg
z%v!+3b5BWSW#qPzq|Wh8z2KcV)XuJfcNm}vgrvXFo+~=i%641I?oCt}Kjg5}jli<v
zjO1t)XNc{~Q57eb0$X#m^M_n}DqEGKP9XSILI21>^)jBcC%OZsp=izE3iP8xsRoQl
zmr839HsvrY4QD4t!0biiQ$F6h@Bl@?2VGC)2ld<06))d$i8JgDHm1yCKnMb9(M2S@
z2mSMoZW`e|!(PbxK{mSO1oMt!!(@;bP&Wq#9opX2fQNoEP*k<XywY^SMa!ID4OQn9
zFeAf=^P7k2W))fNBY0uiIM9x*<_h&RJ8(ohtH`xK%mPDWrWG@WHr1$0j-d1EX)$L4
z>rG~le(mMfL|S_hnu(uD`nEkZNLYg%OSBXV!8Ry#z`sIS%Zh?s2(-KLU@9nDc(BUy
zR4ja0(z~+wl*Oi2Tymv5K~cJ3uc6{CDz|Lxlq}ve`*B6*9uE(U>f&k40EP*EE7AX2
z-eC`I>#Fat@Nmfw6FX!9=Ef@nvBWyAB%i30nTYsDz1Wys_a(Nnv9VG`rJLze8Yz~l
zJ21|u1X1bc%HBLYFz_F|m8u_m)gtMVw-CnQ%y8ka2SDB)un=nlX2>#*@HAb#5ZQiz
z)1lF)<HCQI^eI-2O9u}xlCG_4<i6EhO@F$+9l=Jx)^JAja&f*wk24VskWOV~^DRUg
zJ{b)maSFqS&tES5rGMe@2{-^wlN`f)%(p0bXM|U2;xBJnj6=A`Ur3*`X7#zueG=>0
z{~b*(C=!kCZ4H)4OGBX4YtBZato?VmSQrYAtmK+}l=Qnq`h5?6<IPttSss_<>*ev{
z!A<4y{K1zgk4F#I%i}u+$I9dE!P=<|%Htact8*DHk2?=;ULIfn?d8ei)_e8x_#Z)y
zJl;_pM;>22ELI->qgW@8SAMOR$G;6~<nc4bTpqVp<Z=EWb$TPo<GzD*6Pzq|{h+4u
z_^w0R2@cBR3j<?jI7bIImB+S2iah>H-oGc0XV+YsJbr!O|A;)kZI50a@7~;!JT~uX
zDv$T?y(D?O^Q(Vb9`{)oUmm|V_hRyx<~JP&v?!1NwIH569=z&5Cy!?>Xht6YI_JMc
z9(P?3UmpK)PRsK6kFS$F#+CH{Ie9$$TP}|uUC-t3W76+h>398ll*c0_7aM7lt%V81
zOC{=LK;T~-{L56$mr(}K^=|*9LLtzv)Y;8|vHpZ7EO=r*1y5@{psf4N%rbbo%ex3R
zc58`dLUB`Ud@yM~k?|1CCsrNi^N9n+(dby<E|d%5LmTn@GuFq7B~X!tFrQE|RBoi(
zOvA?YRrLGQI&8l>pZKX!H=lT}n9nB;t*g@Ccgwx6E>5opi<_fYesNrS-Q(c&vQ4@K
zdL<TL0=;TEy>67~wQQD#UMn`p^jbYDF1=pb!0B~nEvHv_ZHx5!?JQ2Oy=$A9e_a55
zi5GCi(fI6(+u9iD+5(JvHUyVVf&lC1w=J(%T!VKOk6L5mA1mnN@ztsDh@Y!U_8Lle
zTT1afh@5A!l;_5nJh=W-GSl$2w@t}R<NKD<R3okz9flH5LkZ@b)f$9rO=gA5cOmL2
zLMjHv@T*j9%(FYifSbT+6khXdvJBj~%PTEPLGns;+(@IV2DoDw-nC6P<e;c~b2eTp
zdji93r}<h#e_n`sZ^BdPV@TP__sIUq&_vlu`@a3Y9o&uLO)Q*=x9!zX{OXNd$k8dZ
zuMuOkE3kHXtqgC^0o=L}CJJt>^K81Y59ZbEjpq;>j3S6D>v%%GOSnjhPf#*50ZcKB
zpB>(Xmr3^eT7TbNj4fxDY&TjzMcZw?q$BX^Hg=+~v=?WDCwVVUV0-$idvV?;_&%JA
zFG0J2BxiW9e)D;%vUVwm)2t{ugANy8>I@9>7`u`LHSy1BxcC2gCroCcAWh<QHOI!|
z#(gBue0dM)P7G5!FW2shlxXgY!bmk(IaI2Z+d+pQt+xUap^8!J>S(S(yFNNxvJLFs
zAJL0R&Q=tg?+Gd2Ro)+^lQ_BZx;@bDqg#ncxYo`-OCbiJg=!VYb-Pm)!U*C7Tlg@p
z_aW1><d;YvjcQgOsq1}`Mrv`buShHuf+h15b<=?sYU#u;i<GN3P=?spWf&c!k}pRK
z*6_p9!QGmb%K0@}o&as?TP>5L$Ixc8uNWliwQhgD6_3()!n>4Ho~7+&60xmmeYsV%
z(5w+d`&M%?^cvOB!hZALpWzv2tklc*xcr<a^K+@h&xzP4-TJ5#5EHx*hYGB%^iCY=
z#{SvC&9`p5Qk6{&c}F8O)ZL4JZ94$%_n{K+4h7y#O2Jp+P~hF6vAiq!Z;ZeVk5H|&
zj=fs7eTND%H%b-KVz<0*zcD3QbU#<9@Z@nFPnOg7`Ono+l@dEf!lM*<pz!1MnF>FS
z+Ntv6T!VsJPYE}^*8Ug|W4oykPv}m0f%tLSrP@cAwDKG*5sWfN7HT;1{ui_yx&3`*
z>%dCkI*=XbeXKeEsPf~U&KKp!8B;I9k9Vx(Y<Azr7vaYaQ+dY0AM4{a(fKmfA43{-
ztvolW{urmHXkA*uQ?xEE`=&@97*(G{_3Nj9)7Ss<6vh8y?iB8SahEfmf5<c)J`&A!
z_&ln^=YAbNcgXnkxd=W9Dn6&Z9G^{&rv4z8qko>fIj;U0b@Qd@pD{aI)IYzRy*5_=
zoZoS|`sdSA&FG&4JN~Ej&#k?c@jhW|T>Ud(N3;58&h!6m`e)+v+R^^)lKA>3yj;;g
z(qT-B2jccWDx32zADDdxPd69&^8xF2X62L7+vE`|9Tb-OM|1KX?Cru*u(z*a`R6&m
z4uJxrC3enPLHixiTKPqv6@0w^X*u8Dn72G;f8)WJ{hy~LeYO1G)>lvVY^twD_l&2n
zp4`@wz8c-PiM|@s_mcEgmu>%3`fBn`3jZz%#?@ETw>GP<f^+{H_0_v`wH$o)+wt_(
zQdM6`$F44ce`}w*82{FB{_S#>^KbD}D*yVH#qjUb%Q!z~FXjB(V`<C$+vh2s|Ei@r
z{pQct`TI(xV?qX?BX(%1s*Cf@LSPybW=HAXi|h5r?!EbV<eqfQ@4N~h_y)~;72^hV
z^%pi^AS0onY<F=G7j;^(8%G-rk+r%wMuiQL18m3+YplMZ`)TRo41)h;G&cTBsA7SN
zX}EVZ+Wh^tW5ZqJm9Nm0Ki1e{`TbACDbF<JKWMr9qIl)4Th#KCS}y;)Cgq#$zpO3)
zM*l6Etm(fkFE`hJkKP}@|BAO=r2iI8iqrmaTQ0f(eiyI&ye*g9e_i91U%us%`)~i_
zvE`-l7brGMHmo{s@*CKq$BiVJ(WxKD;-dFr<0sL5U8|z}T%%G{jTcAXU+3Q|n)^PL
ze`n2ozmI=c8BP7(1b>xp0RR0H_4pruw<Y|?#euKIe_nF{TtK70-zEH)$N7%_b(zs7
z*Jy}`*@`NwLHNDNZrJw503nfLXx>A2W_03QorKO&)hrUS>f@~*O{4px;(>hN(m*Z%
zkV<?c(YhLMQj_t$*nQutQHN_@#g@O^XMeuUS7-7y7=KgYtGnQ<NUqlR&&Be$x@i8?
z%gnEV-{`9_U1t7^<DYt&`7gJ<|F!g?JLB&&JJ;aOhmc<7aa&fJOSe9AmvaqD&XO~g
zQ*JLgb71Oybkj-cOe0Pa@WPB*r?0NUS<+DAy{htHa&BOL`;yN<p^x7sWS^Yc3WiAn
z$g5m&iyU_njImtH%B|{4X})vj#MH@B?Y^@KQ+5(`s#{yf%91m6-lUSVf1UC^Kyf7S
z9C>1u({~7RoGtObT6r*~@=&sI+pxg=gpvb4NvK%nP9xA2i6}lFSJyGm{9>6q7Hg5~
zPPEJ^pasu3^;^pN5Hae#txL|nXqjWDr(e7liAwNpt`!pTakG^D(n#M56Z6E+oxbnj
z?Kyb6AKq3TN~t{9!MMv=S(iLC(8&nccPKf~|GbR-T3S@cJ78Lcmp01ihToL$dH&!2
z`@g*ZLKTMX8vEj{82yfFb*K7$XRQ5!=bJv&*avaG*M6pc55)OCN>l#_Z#MmI`?Tfy
zQ$K6D{<PYb>tC*If1LWwJJj#(V!xC9v#L?Hf5ykNKh^IWFY<lSMZV9v$oJn}<on=@
zeD8XZ?~M<&{C)pLzHe;u9W6pl{}#MtHZ-NLVqeaRSALqN|J$`(esH|<B^v(NS>9s#
z#s`~}7aPDt`x5VQx90i_ZGODW;4|l`sszssZgDS#XLhG=gBM26bd-Tp#;=WH5I<jK
zLXlIvyHUt)^awE0jgkHc&$22xFwc+{jfz#X&qP6!P8pkB{q+4sl@;c^vfY;4S^@7S
zR12T>v~}ZUoLhul%v%L!TJ~wnYZYXdxx@^&*k-h}-hov!@-L7|I~yauqH;OsYJLKt
z&FC2Y>}xEZdObzf&No|1g9co0DKrXV7stE|YMdmWXE#P$84Ob$g5QGr01!#vMk0UC
zt5n7bWm<{#l`PrE9P^9-(RX-=FIW-_4d6tf(GxN&Fl9AN9VJ2J@Dis88dx2C%!;tO
z2!WyUyA)sD5MM>fyafI0WchWZl<-yVmDb~%FokL0r}$XvJY(b&jeRV&GYg^n@1k<M
z1m78GCz?BAJ+uld3zlFr6955JW7IUqyr+%T<x=}bDeZGhkT{&gDFc;;C1{&7)To6m
zy+imW4g5sBzgUM?!jz**LlWXZFam@`4TOZ)`y5>28JD=*DQ*|U(=PwrW|tp`vr9;?
z6tb(l4~7GBKBw=T(KCZ;oMBnzNC=c0K*`NMi!40#;mX5poWx;)k24JR#plI(cXsX6
z0)|(wl~#Cu3s4dG@PNqy&|RXDSK!ICtjY-d5r+eZG-W|x4#FKo5ADQy9)2ExP5Fr6
zSIhk>@n-o*yv`UVHCej(Od4)<=h_Pev6Ed2ec-lZm~Zq@Ig+^*<F=1-)6J*k#&n7z
z>_c9$BR|6-;^FKu_B3UuobIE@8a=j}y|Gq1p>m1<td$E*frCaqi134Yzq|o2$IPy<
z%>6s!hT*S=0WaWih9(26Ol^npgGb5j!CPXdoD^$|W*>?sR<brlvwt+$i+VfK^2)Y)
zhohJ%s;n{>0R{2WTLHN5iXyQvLGUFfP;_Ck1P~8z8BV>*0TPLptsq*8#P*mk@+HVU
z9fZhw1z%2OwSCQ8<A`)clH$IUTM)l+1xA4cJyKM@5oyeVzhWOk%JRo5JlPHs%NH@0
zR(b3ECVM)gpuTD-d<#FuL-+Y)Rzwc6{%df8Swi$3>Aa^v+>G74JuW8DlZ9^VP6a0+
zdz)thAQR~c?d15}hC%N9DRy5&qh}-`HuYY?S8Wn=&I{R4#FHgtf9w4mvrtF4#1y+r
z9BYV~|E8<wjnw&WWH;i?<MoHiiGGny%(L1m-Dg1eds7qE@c<nykkf^|KPK}SVt+O9
z`5@#G!7}Vyyr=_EPH<&^Gv#*Ps&T(aRG#uRxn&?>b@=vZiZ2xR?gsE15iaWr5F*tq
zv`V4(2$#4W1OiEyqp3})jb0t-LgL0dC~>LHoxRsmN?TTd^N4bk5SBT3EwR(GYN$?3
zSmxsWk|-+HXha2j{w&G}OX+)v-S|qk__biHa2c!I>AMQDKlj`NaQbi=A=XP$;thCK
zz)pD>beLssG0F+(KR5Mfnk#U(5kUcEo%4*;D+)~S`<M}Wu2m7gU!g#>y2ZBGE}J^w
zdjauMm30^_!TWZ%bT7HYDiKi1k&Uc$rPbi1z@OopwEmcQHR_knkp*=7x?8Nl;gl-)
zr`np5b__D|!x~0Dm7i+jF^++@?(Cnu-NUODc`V|6w|(s{UyaF~?XiR0`7=q%h^3Tn
zx%SmZqrmQ#(%q=Hs)Xz>Ezcb=NDMWl0`Krm{}D8zX=-0CV?{4UY_aRdrlo8R@hnh6
zxjTyL7psbHh$c!Hm@9v5Q`8&e)a)M}X_i$LmQ|op^3FTOkqsQTGTa9PI=xXYh+Bko
zFmf7zOL`!oX5W5dou%w*oFzS*u*p)^o-CMPqFd~151W+v7}k_o5x!U6C&XvMJDj64
z`RP5~1=<tdvtu9YS7edDcV8lBgB+3WbwTZTByv6Zmntka$VG;P3HU41<*PCwvp(qb
z_mTAeFyP85yV(1uk-NS7Reous>aVzbmwr*c147ooze;BLxXF5RTz-qoYn;uF5T|jz
z%iiWqjf~~=F48bqg2Z62%M6AIE`q*2A#vHOoV7rX%w4E(*;<9m5~kkV0+)HG>NpJP
ztm7|}mcJ0QM)))Gyu@3-=e+fnhEF1|>-d4_UaIm9@y8#KKX$H&;Sb-z1ee(00ux9)
z?H%g!gTQo{z1KzVllp^g|AkDN{_qL4txKdFp8kIFA<V9v{4H0Z%6|HlT;mhZPqj&U
zUa3;CXHKk(MuS5WHWi7e%o8J}^18^;tOBvBiFJdW2Q2I0){Xx@E6z{^>P-J#Hk22t
zb(0q5){RT-K-P^5tsD;-H+|KG-K=W1>BA=c)NK7|B@qJRVW{4wRB!X&l}b12DC3AN
zY2?RDt%LyL(M<hAn%0kQuc(klN`mtN-04Y?P=VUemP0JS0uYoMPvzSZEM=9%Z@_@N
z3$pim$Ak|WX#M-F$uj3ll+6C2rlwZx8l4p@z}&0=h{?V<$(7Ux@b#`hr{`t3pYwZ$
zVAzA<nkE~rZ^T-$q!<9$<d1OtI@c%2gTKI_zv<dL8b^Y3RUe*bhM6C~#~#^d%64KC
zXV96j31)eTILo_$tqylm<zk8*Z@B)OMt*Prkr&v3WliXNdGgTnlq3tUl7X;wKhby?
zB8$LbiU^$Yog%#A3c55d=!#<W>E~KG7leOR?8aq^eWKX==oJM>_mz+acFH`(ZGN3G
zs15^U3a`Trs*q0zU>d+0Px6uB_EWBoyhC($f3{@z%k%`(U99A{GT~%sTihN2Xpz_0
zQ%kKJU*~GF;^NLyJh2$V^v+5U#4WSWP&o?MW*J&REf}n60kIX!zIY=trA8E$yVF0F
zkZ(+wvb$O2-(VkofHXJwlb4vhZK^f?-kRC0amwK$-|dZ_t3ZoK8@*o(zN!S@7M$;k
z$;!GeysB&Dued+j2!Txb40IldrH3D{8}-;zxC9|J#fbyb19GI$m}eNj%#Efl(bYNo
zJdp_{Os*xT&MnrWxZTAprRZ(ppJ7k&9Wl!HOk{88uPv(*#LA+|N^@D%l3R&uGWf2(
z2x#7FY9`$&0<v9NHfcgo9Htr47$vyQ>|dVVhK&Uxg5g<<i!g`<$;n;JI~SL3K6i;$
zm<u61V@2eBzCR*W#I@sC1Mp4O`|AE$6ZvPmB>9*6UoHQR{XZf9-fOx)|8LE2d;IX9
zn%~~{o;tsUsbQ67G&GTC4oS002!V3fh_uQC&y7eS;+|8LM$af(Ke$D|1W5(xSP>T+
zEdPW?VmQSL(8~oVo^y%CO{#d#$Q3K3czg)=EB*Q+7Zq=_dGBiZRc(*0`Sx&Dm8=DR
zeI*POY)_9k?YTL&Jz#_5DXhaJCfKy&l6^s)eJRax@b-Ke+ny9VG-u5ctGa&kU$g#j
z>d=4p`ok~p@b!lgXv$J|JYZ`oY*STX%Ow?d3CdY!I*ZqJz=+=`iO@W8uPg8rzibH)
zfY|cHeIQmN<7GL2#%L-1k_4-eAZ{<JtR~62-Lh(HU?EAFb0lSERUT>+c(pys7m_vN
z=kDx%Q(FrGlR&{ooY}iAui(v5me+ufjvGsNdB(fN%C&s|u~OI-_IzVmWfeb{Yxo>y
zn}IiI4UuZF%y|m32A-!n`4W2@l0T7Gp+Cr9C-R0ypFy2m&cxWHT}Z?$_h{0#+5<Re
zSopSvKQ#1hS((Mq_pOHirEfFz&HjgmzTDKi4^-r?i<4Ki5b{pb-AZU2&?+m~1+|0<
z3iMo8K#1o0F*BZIb^7Xzn)9V+h4d<6*N>jANQEzpDud=c=%?H-Evrrz&8{+}6#>Ln
zQ@c@vW>A9$@&?^RlNiMwIQjH9w98$#6)8=JXnkR0>2B|zBh_r=TUK>`QxA<JJ!HoA
zn4keBR(c9eoCm-f?C%!$2<i1?&s+g?&IOrZa{2LowGAY`{G-gYzw|VhYbu}Incx(6
z6gew5<JOYXlDh+VB{%Rl>^QWUXh{y|?Ui+H0;NWUW1QmVg6xA&KQ09N-YJOv!Ki^*
zu2md*UO@z^mTu_;gMX4`RWcOO)U(;Lsv<YA7+FTHXAUj^fsv*1OjjsFYy)*oeifap
zNOZ}1-<2Jn@*^~!F31W`Q~hf(qfyRC_lcP^E2L6HPrmBGP0Z$|&4rq2Gp)GAn>Ifv
zZwhd`dL&8ZvI=ioA$#vy#MP2l6=N2*R?I>+`R`;uUnV{_Ek3DweCS56e;c3g{wCqW
zFBEKU6;f7W;;*>+=q*IU2ha5#!GUvCQ90}RO*Bd-PgQn}<rUfPVSE9)F2?f7l-G6C
z_+iqv)jPEC=Ut48e%?3uE|tk1DQ5%zrt??R<7;gZUt2tUr|<j!7GMA3=J3_yD!_bI
z#kPj9eTbIHNKQ!xrX`1o#}V~z@_N&{y_bQ1-)8ZDjpP3U;Xh9Z{5BDh2~S6XyXCJM
z`;G5cfZ$Lp<4#f|@J{62AS_LIV;bGIYAM70L6`4>amu~9;^E9=e1`)}pRO{zCi@re
z?8xLk?1!&GHe_#}T*u=H=o;~a#>ydp<adVlku=levuW`NPWGT$wg7-dR?7bO^+I|B
zUtb<i>&ruMeHk6}ONw!Q`A+iY2_<49!cJ`d)<s%<j+fDipW-B2Jdl@Jv4-q7JXs>7
z?-^ZP4&Ohe`|5C#UX_bFNIbxT7y15nobNXNJr%#tQNH^QnnvJ8p7^sMeu+ER-aH|@
z7VJrX$4EMiU-r*EwBqWy4%hTgPQ6d?w-o|+L!WfS9X;Cm^V}|Ek1%`x#pR^556(Ar
zkrkE|&CUW=SW+?#SmE!I>r-T5k+g3<n(SjPjH_GNUu_~vrI~s>QQ9MV>HDj<|3y2X
zF1>!6w*DB=`SxY(@2>r`Zh!Y)x4*x0q}%_bneG^bUKyDS0$tn=J!L8Tl@!=<OX+?C
zzyICr`_352(wsNI$pFkr5CA{|Em>hM+XqUr!X0oX6o3pV5{(7fzw+%H*MLrTenUB{
z{!&_5$NeAbYs=iv<VsvHQQ%ALe|3qquJkP~TwK0-H1+scx7gn~#w`NI>V6HNfD7tQ
z+)~Dsbmwg5NGsdtZA}>A9<hvJu4n|*OdK^p5pbjJo6(sSn)`CyB6EW+K;!HjI*mJL
z55|FZ0)5a*X5mQtzER%E=^x%B`=gBx<QcW={G*A{l)WX+Z+RG#=d!l+`2s`CuD;_k
zdVTX7e7@9T{g=V=zJtlWtwy%t!lk3&1Qg1p^+IW<_)<tfH7g3{2vn@n0Z<UDR3#&T
z70hnB43w5G)GwGgn%&QAs+r^MXWIV#{mhR(|KI)0D7$t+%zl;Nzb%~A*JM!jm;W|F
zJm=eH1|?@@*TN?ZNa|1YbQTgvu}m<H4vY@pHrr&7^d-FXPevs)+V`m`d@X*^?U%~%
zVD=I+vz@obg?G558F)KO;===AHddknvuS`W<iI5PsfRZ+79O_0VNA2_|8`7VeCIsh
z48D_|Z@K+}`0#FP4&JrRz@zp%#>8!ZSZu!iJH;4y(s<++8=cF<-A1Uuf2TF`lshmH
zWK<zTpCB=%i*nDre;N~v2iS=@CLX}WKhj3ALJ|eP12T6?WcElRyauj4E@!TS%(>zr
zm;W}%3iM@_nOGWx$g}tzFW~Nwd5Z0uWiqH^tK2^|74T*?+P5xob0kR+Ly@+4{P1iK
z6GhSW=fPxmq*a525X#{Z%K9g^R@O`J1C1P5g?HVcsrsvQUx}M;N4J5En!?1FOyt&U
zScdn=g?t!}npz$5F*R8)C&@F^hXC<LOJALloTisF;59qG205310w_m35A8D~$glDM
z%bsp=pn|C2pGl;8y^Ju}(tsD*VI->~LZHwFH91h|^2%6MI1!`4U=ZR*AwP)X6qnzN
zq(I_6oDoahYk|14W|~lV*>urbh%OSH$2QI25^ExD@J~DZb2Xl`oO^>QF8Z8kL`#Jz
z?Dkho6eVbdu{GVd9G~BS)68_#4w%J13|J4b7F)6TrOmQfC5vUT2TFA;W@W#-C6)?Z
zfC|%QXqYLc{WF^7vzP77@frKd5X)Z;2EO!*w@SzISNe;3{;E}(sxA(zaZ(~c;;%iN
zzb2ens^vnr%3m_exqzA6VozwdTO7i2eN^c@EJmb0p=T+C&z?MjSIZwqmg?k_S*kB6
zUm|Avn`4Q26%e!M^f)Z#km=d3=~tv`8v$6!ihr&I;BN5;*7tf7V4Q~-bC!x>CBpAS
zImRzM!5)p86?)(66hD<Fophuaxd&%I{yS~BVbF~1I>Byz4qKCxib6BbN?jS4kpzjH
zG~~NZ{4;d*hzxh&5gWznMmEGQzb6U5W$}W*1|uA?-vs=|x*bj==EbAYQnl-6V>`XT
zrYCVEZRmy7paF$MJ%L2+3`G6%86Ah_D*U<O86AJhBNLhQ8iaSOJ5fjoOg6Lb3;4jx
zZZz|d2Y4};4$n{?mycZ<%`yCICi&<js%rR`X6<akeB`B?`m;-Qd|apS;v;mZ+wGre
z(+Wz_XO@K|GPes%QKl7<8qpZ?nWdy#yk09}@N_s0bx#S&1?s*Wx%(0!kw@J(l7GgL
z3f(u}#*d6kTA{*m4o3m7Kd^qFZ~`9%ubAoDfgCHF@Vz2g+Yy{xyEzvRxC4v~)~09d
zFt{3e%sws7Fi`s~sp)6zxFq~z#*XWo3K;@kGu^Rvj6L#4Q&Vw@2(n0kkAd;$F?MAQ
z3aFaMzlfMIw2Ex}&+7MX^O_aDZ(%4=o$x(5H%7nzZA3i%e#h*1`n})mX65c);iCHe
zzH_ns+me2NS0vh|0d0f6?~(g-YF;CSRV{|1^ZZhsTvjD+y~@F=z9;Rd;pupKe$yPn
zWXbuK^!)8ng&SX-(?rh?{B1lvf4KM}dcLM<hB$iuf&Aw5d|FdI|64y7H`~sbb?YCO
zr|;h{YnJ6Q8)Nl-aaoMMzxnQX`hL%>X7&As=IzRdhBd42k2J*cTTA*rd#;AxzESwC
zR^hijO;tSxdAYFEpp&W!zs0daWo577K(6=4lv3prF0`cgzdEnz{a&R_^#0d(#nbz~
zc&4PH_aBL8N5<3p=W}EAep*w#e|jF5c~71;H}zNjH}!vxuSNZD_x%^>|Kf8^^#6|M
zbozhhopJSlj~UJA|8_H4*8d;msQTaex}^V4T~z;{x;*_)JXKTMxK!rrX7#^@S-Jj_
z6;;r8)Tn3SOE3lE*a0(Uw`d29o!ychkQ!~#4yZVzNZ!t~o7e$W?s#^<<IlEe2NX2@
zthWP>I(2ry%-2j!#Vy$Z-<9z(G5VK_+W~RzUy=ot5E%5eyAPczkpddJ{e#{9DIjZ}
z0I3{G+T>O*hINaB)?;Qd=^t*qpYweTJ5fV7SC$>Kl%*yc48Ek7umJEHUiVs?DqjNI
zX|i++jSy%zfncOm;n_;4FqAait-E{{zq9H|c&0Mxam<UrKO*4wXn-$JfUkO50*-fd
zw@Y`^ov2lJD76^c0E_MpC4F><wk`dZQ;wvC@WV_2Gp}a=)ieJNwVryVp1XAQJa`Ay
z^Q>CWg4VpAiMo1vPvG_3jrGi*E7en-g!SZV>S0PfNB*D?tKZdBxG#cFO+jMqAFd<T
z_TdtN9!kP%zANC7u8ZX`>lB!;s4&~TK3qY$kYGNmhxw=sv(bbw$LL}1QD6?y;CbtC
z1<zW7d8Hm^q73s5g4y8G!Ca!ij69{{`59!A?^}M;#c^g=-IBxs;r)req?cVP1s5w&
z{-HwY_j?!hQwJAE5Qj)Aa(0r7Bj~~vUODU!g;2z$?*czwZA`egJ0egA)(UvvIWj#~
zzakN<uNKtm%e(XHZLEh>y$u@ihM*9ebwa{?Am|8#-`N+B5w|ZABqHSz@HrabqZHs<
zpHzVN8!J%TPUS1aXI+-jW%Z$?AM$ne?8ZDi@@~?XkY=<0D6!&}1gvaLzFOIGrLr+{
zWyJC?<WqI;<f{X?3upNS`C690;Wf&UGz;qy%cXh>sh&S*>RF=H^UD)zqXe}z=Btom
zZS^f_7$#Bagb`Wk*f1R{EmmMIR$;c=JWN43i(tMpOb7E-8K$3Lih7s}6qs%ep5ulo
zc&;XxIeM5GGRzwZ<_&t76BL*YlT<v<=cz1Tn<ugS>DH|{pid1*!A*Hc!BA)%U1B{E
z<R1bE^jn-qcUyCz>!~r&z1M%jZ(NAE#TnAeIs7G~mvYWO@R!KNZt-#H<ru;Zcco;m
za7$l?(ie|i=|{Rw8-TI2Nf?gJULEfq%z9taQ%I%o-ZK=R4W8?B@wr!2el}q9!e2J(
zpP!C-zCw9UrRVo9=;8HIo*nf4lk@Vkm7WFVxsaaMoRgo&(ewD2=jd7e^PiOG5_;}`
zRu6BJ(!Ry?oPQ=t*F&9qpo)H5jpM%^rQdGSZ%^sBzx10U{oXZ>$72QkT_6UvDtwd8
zz&HCy^pWt2-S%Uj^hZapzIL!P<bZ%&+q*(}R&HFKK(2LxeaQB_rPu315}x1AGaDu5
za{H&7S<b|0lxi*zdxbFOcq%LGkNu9Z*D*?;Q?f4U3KB`xD^+|Vm<=v8pAr5Z1-@Rf
z+t~icq>({2xy4>pEOHxfN#<@{TTsQvYfG;(N%)M9sia=1<e8?G%!ywK>i2k+tSXi&
zId0Nd!jwunDV12|O1eWO5^ShN((f`%0{0?<12P($Ds&sG`h63KpY@A@SQrbjcT<Ra
z6o^kXg*Y=7Vr?wM?TJkwE>R$MRUoFy5PSBM4|5@Xw^E498ur?al2U&>QBT3e3as4|
znsn2FzHzu3HF&&E+WnTKxX&c$t5DVUlTE9b(YGa@Muo0aa4=89)1?XOm_gM|W5zN;
zGiF$K0(}zcifUPgjX3)=Buy?iM5$!Q3lgh!)Ksusu3+h-+6pReZMlMycopoMCspuw
zqgufdssQGc1z3TVR}f?m+#16jsIGO~QDD??2iMI6CrJmVODvqMSUBh>qk*$PhO?na
z3+J;wF>qGL!ug9H&IB2b7vZGJaOU=j$D@@Aq=mh1nJQfWjyALYMM&sg)%qg?ma;ZR
z@)gL^D8YIv9A0r&+PCM=kq_kwn)H2KRQEk>j(J|*sDB<6^L*rj{&`BwvoYrRh4cF7
zJ~7X==k(7{#5||OJio4QU-&w_;AQbt^tGu8FSwtpv?bE-YU#H^`mL3I>!ja$>9+xX
z)%ojraxk>HLNyqa(-p|G(RyOC;GdAnZxumX7hUA(J}%!(v%ykYW5o4|8F=UEsmy(J
zE~OgpBZYV0!oX-`|GEY0@||mAnfo$ig-QMXjU_Z@j<CBs8cEZf_yBqx{!fz*o}6H<
zo=oBEXGa9FioM&}NMULL5heu28ifI)>Zi8yI~vL=X0;W>{Rk_mqnxLZ1x?mLlnxX!
zclM8#vJzS+frdCzsg@J$?I*Mq2vET~<nr)q27~N3K$g9~mkqN|)n)&Ugpb=ljky9(
z0zMP8_+U2X?a%@~6$TAHyoS!Y8di0}FqhS4Alx`h=?sJ6qV*-|>l>i0uN3c93OO3M
zpq;>m26MBFhVWJB*HVr#kRKzztT9OY1I#}OG1)I+GPW%R+_bs*2{83u-=^>=%tE=#
zKhoe_eG`0I!&he6UJwqEbxQtGESQ@H*(Ww~`^|r!?!H&SUu+8>@h8aZXBbNs1Is`5
zOw?mf!+-3VKP4C_@Fn-Jm%jfW>fQt{s;Ye)pAnETwV7O}a>1m8TmrRZQVRs+jt)jC
zO0QW|X116ch^D57B)4&lH?3^9x8AhPY%|SL7G=@gQ&CgVRL(dixZ?uzKhHVm?stYk
z?frj$eLgwdxp&Te_VYZ?d7g8|iT5AXy`LrCx9Q#=E#ALX_kM<W|I&N%`}m%_<h@2x
z|5&1VWmzgITg^Th3%51L+c{qh9}AUO6G{@o+rf{XH^3P!5h?I*w-o%6spuR40ka|;
zW(QSS1~1tZYZwlqI~8GD8i5709~4e;P4?yFXLi~DVt82G{(j-g)6+6r;YVT}yik#E
zz=qrNCmJ)^Vi5b;34R#pMDyCR=M5s7XFg(Rs_J`Yg}HxzSK<$p&uoWpIp=WXcD>a|
zT@Qr$+2wVA{CxC1|NOM+-k11!tL}Y?pO@bC&(FQ@s`(lE?hWT>?+^Y-e!e|Xho3TD
zjuCj7NB9@I*cboCEo!9MkL?)EVP`IhOHG6_Lp%QmD*{gA_?e3x&Y2d-rSh41eDZv3
z^JOLKsim;7e<Bz>1G*&vY*Z-p)tFZ%&rjstoHH}e&X+^)AW0%8F5_Gw8{xP=J`s~O
zaWUtdYKa^EJSHgm^utEvOm1glzMbDi2!&^p5d3EEHvDC&M55N5>lr*|g@ZpaQZQMg
ziqND9Fk2S6?;a{QI7<BNd@UYOjv|NgA}I37ixT+cJc^&d|HM+vegVI@mLh(3`~!>_
zMsrbuc`f{kV(83VOwnPuKF)AOIqzR5c8kVS?4Ei=j@_6%c1#%{;(W!b5nb1d^ejQT
zQ9XYO&3_FfWd{BtBaY@!oKV>6a)g^<p4n_Q8t7I803M#XyxUX)3T<Q@h7aTu&f+TX
zU_dL=3ccveOBO)Uz58M1`PB`BuiZSq@Xh2J2%iDqYXk5-!r&Y7utq)rMsjXhva<;W
zQ{G9Ehycn&kb(+=k9Q&#<YG8jtKi=N>dXp5+P^aTbI#OK%zpfA@;U%?Zd(8}v4X*Q
zh_D$+U|KPot6|oSdu$ZInYIVR`4XNh(U;>WoNH5Hzy0fh?@d4O^-gLSe5-b2__hqk
z@ZH4V>rLPTmr}JCJXR69`MaUx3PWZG)#mR5z}=ATZ;;)8TW`(2@0;kp?_2N2uEjd-
zzVGv1w8-WgpYJD|&)5I{6rb;}x@^#Wf2i#Ju8=PbQ7}vs7=~<aPEHdF%M5oWnOrGe
zeuOEz#+ccdog4()UY7hFEc|{I8#l@1*-PdpSIB8P-s)Zfk5{>|v7hnwdhdbpo>Puz
z$?UB=9!rAIL;x&*j&hGpmd?MFjbFybpT_VHbo_1V@lF26w^R7P=&7PdHy`vsV^5N$
zzESRvo5R3rx@?!*Pdxs^bbNcy0O2RWwj6%W;TQgbIx@aHI>7Nw>haOwK<L8<I{qs4
z___Yaf0Du<867D7(@Gmt`gd#=2>qMXlJU!;0)#(IEkC7${KJ1d3XhxJe=NK}7(Xct
zJXhgZm&`Dqy0vK`$xF+|J)nYr8il_}pzy2YA2k`ocEhc{i8N8G;h%Gr%KtsrCO_y4
zI~zYwe|-K5mH$A;SJ5BYh4G{G$N%?Vl>Vs4wa|af8}-rOPU*w<xHkDmJjdXl&_oyh
zcP~@<4|IH${X~(%_!j-~x6|><x?h|9L1js7{1qnM@t<V$AKTqG{Udzo^6z<U@S!F(
zA9e}$=PzpimGE0L`}u&MB!OKsEg}NT?lDn&;T@=FFA7xrjyp{8S={X!@Ojb2@W~GK
zg-_&Rf{(3RfcTJw8aY1YJs3Xs1cXnMBjkN$T~+T(2$X(f>HAQABExNIW4-sT7Wh>`
z-uGyr@6+H{)1AIAMR;Eyzwaw!{6cs8<d?70+5Omsg^-_A+6DH$CKdF3Q~kbAIJzsA
zeWuj&zO&<fy)XI@eV^%uzAyVFU+=qx;kP*QM$)s_bYJg#_#k~>gx~k+<L6TkKO4t%
z<Vui64^{eMWA9%UaRc8U{t|ot^m^a_iGaV~_v_Q!=lj=B6Yy_T-}`w1|1LN1{li`s
z@b~}z)I@Sf$T49ZfhEeu!VKkbj<c$hC9cFJC5f=fiNWE_3`^no9CF@=D{;~Dh7@n6
zMa-rI@sKdvgMT&~5+jfik)_RM<~mbzA#s+th-<PF$EZnhq!JScy7&SI!N0+<s@#b=
z=RE*~=1(|&pDceOi}z;c8!}#YxMnVNxW+BUVev8?7B6w|m!R~sLyQsX1|9q<^r?je
z$ctsMta<KqvYA2u4tGJs7%qz#&2PX86fB6`-p*)n4;A}PWpU$Pv~`pP>Qr7V!LjtK
zNrmLNyr4Kme*7P!cXrPIL3%&lSfqF73WJ>95W9=?ULNk7-h({`pY(p>F+%UF8!)|F
z45ak_=0W9p1djj7=y%CACBr1`CmZTbH%UK`>B%0_pUwD0YpMCO+C9tg2oBfiaEmtu
z&b-Tw=U}nTn*yb^#o4*|DI>?9%8j>^HMo*^y1HBvAHhC}UVBr**hW<oklpo)5k1q|
z>y0jR@Mk!_7!L%?t&<MYRV_<=al*Z@0{4Q2t@Qy(9sFdg!&YU^*+h^^B&GWNDQ`*y
z8yMD}W*Jd4Ht=O(;9_*EG;r_(_;-^d=z!Cs$bes}28>cdx~7!^QVv5}dVmc$fI!Oe
zFT^kqW66lQ272ErleBF_mbCRzn16Y9M8gxXKaxU1+7Ly^2sfiHZY(3AWc><1pAOGw
zPEkDDSA6yg!q0Y-?SIriiadXx;`veH^PAxLAv*F$Hc`rx$zut~i|l$HTK6bf;PnK1
zE_p6OR<6T21M#d@mY7(+zoGKQE9DDLAO-p2;~fo>uaK4+`D*c}M!saa3i4&nf&H@R
zS~9F!%7u#~TmRwzIwrfajCNbGd0r7L+ZG&e1oh%?wNQ!O2K4<+G}UXtZ;FU7Nx1ha
zKx!{322(6a;6-yzsX_VHDBZV?$8X(Wo)<&jdaMzcpN`76f^7B^-U?DVpd_I?c`JKe
zEO{NTBc9u};wj2cbw_>q+*v2c(7fYVhSt|H`ONRAmCyE~ysc@C=a-x1@|o9BE1!>v
z&pYAy<ZF}9jw7giHiLiKc`l(Q*ocChPB~5G^yUpF13H&TzkIlpk$ib+y-C(j5BAd{
zKMz)UP5ULza(tcsuE?QuiGZ)d5)JJqvV1jv3f8l~y2QkibKP6zhK24FB$G>yhi3kv
zCYlGfD)Yd?)=iX-TnGI;uo+bz)z1TaQ%NcukRDx4iyp2P$y;v7dAZkz-<k-ch~FDX
zfge$X!0{W~-WPt)w$#tFca-qU=x8MPwNvBQ;Q6l;vrpvW4tfy_#wvb1wNz>TEEWFb
zbS>7<n>7|IeUHjwO}1k5A<c*{ScpE`jDBat%gr^WDO5Iae_{$F6b7lSYQ!kzh|9Di
z{<K>?VvNG(oL5b<G0G8#Ye#%qGa|=EOd%ug6pbbpJ&w#Ak5Oi%@bT$t`_{_n+rC+D
zC-&`#+P*Cl?c37B*uK3h*td$?^zGqB@%b!xevR<_ircjIuv&a}Fg$y>PG%2h-=?*P
zEkt{GJ3JqBP4-ZE?Y82-(A9^jiEIp0xaT~m$fGBzaXh`wWca_MAHAAt^dt6<8=)Wj
zZqmqJ<<9HUk6i7DZ)rwskbc~!9Wh=r;y<My)ott3k9h~>`jOwZKK&SRP_7?&ZT;y-
z*Mn;PNN?*;Kdv0Oq5ARX5RHD=+*Cid|9TDj!N-S7`oYIXNcsWuB~uE*Afh8ID-<8g
zK1o)nID0XKT^bd!m^3QVetZ2+@4F3gdM7lJoZcm&8mauvYY?5@DADPa&G%S7W6U|j
zRj<_dc-bo($zIuA`^rJGSH}8yC1=iQsd{CMzgK=FbM1d=ta;_0I_Z@uK3<u|Vm_q`
zjuusLtXc(c(W)S+SM5Kc715_cwLWp8j)d;VGH(;~DYliq{yD|x``{qKJwtfj;^X-(
z()jTFI&uDM3Hmos@oZ~R|MoY*&o&M~|J*Suef(LafABndY_P?E9=X5Ji<0jrRl%MP
z@J|!;0KW88dHx2CTzZUZ<b$hC#L1i2ntJm0tk(9A{~yxV^k9v?j@$eX>T7k7Mv|Lf
z{b%)cruLQZUHNDA^(O5ryIlES>TABGK7AdrN3O4VmiqK{USqkwru%qa($^7<<@y?B
z@u#m{8{bfU{W=Nj>woUU`ugF03VmI0pQNuB4^w@8<0q=Gdv2lnI_oFB{T@j5|L<g_
zPiKcq2gV}IfrHSFBoXUI8><CZ>WBk&cCG?Nb`A><<6JL`RaIfo;}{|BA?$#*4f#H!
zm~J&U)4b}S8rMWGKdC0CY!())Q)D~-w{~IT<3E51vjN!Ej1GfpJbTd6fy8M5X>7(&
z{p?2*+Yhs$_*|~KLHI=Y!DquC{_xq8DB{zvg5vYX4-6k_PoeHMj{ifjst$e&;Fdr(
z*vGI=fQCUUR6(|Z<_kbk)3Vrt;hD@|O5ojOyZr<>v;(#&(IgiLB@UsN5LIkUi{{^#
zv*ZFlIE<(^58YlxBpk3E%Dj*0FS&uQQq-+GvuOe>Mkha8-3;h9T%LFM0d%J=dILMz
zo~6QbrOh<?iFYxa=s9@m4dL7ZS$;z0e=bGi6R5LE_I5A<xi=q#Nx+LX9He9)^}Xsm
z>KjM@Bkhe1rvJe<Mv4Brb?Hx%Jl9442~B;`f4tEsqd(VFpZ<1uDj@n-4N%j+e{&<D
z|Gmwrg*vdpr0yRG^`?iZ@`LJYKl#I<=9LMc@2z`%-N8Uk4JW6bWuwvNmHGCkgI{$R
zw|OfRzvp=TfCK+y8Ob?gBfJ%~FF^IZ)yMZyKE4n0@qLW^?PKypc=vzx{{+11^+>3k
zr`6nv*l$V=bHG+l&QY*Y&SLf2Bpy0vM@D~#b5!YQ2ixn|oMR>1#o%9pa*V<+h5=$N
zu#6}zAOdhi-h?Hr?2{&kD>FZCxZRa%#VVSbkAENc2=OZumvH<ZJ71z%)LiCFU1smJ
z-Wg<X@<&d7W?#-Zb1_*u$9mWZ7BfdJW{UXCUk19`>1zJvPMIEJ9rTzeo#5tF<gis`
zc2!pF527oeH5ee-3aD70+`l>$^vWvNtF@dfa~;atf(_dbG7UP0zIl+8`Ge}T*avhv
zgueVnt}_1z_(3evKg^E}w-^O}ytn-Z^CP{n4}PRy)$pVJ10p{rnT&)Vw|%YPhaJKX
z%nm!hN9?p5N=_f)96$+YV%Yw1@{`6gOQSE4Hp_qG%LC<H_S7(gc`i+frI<Kpl*2U+
zdoh{o9Q<hqUzNZoFTy-ojCxkWSv2^<nY!4#auewQ1THuemtbc-E*09l9Q<zL>{}n@
zoXPo*bFOKkhcku)wsRueKOr8xoX4y`N>0j|5X|8h?4Kz#kU8L#1g&()>*)<4G`}>l
zCc!n(o507_<Xo6FhcFf-BXt>iXA{x3B~T6EhONCNdah;EpIGB5J5Y{3>_=Ac@Bh4m
z0j1mp4sj7I++EmBbz{MoCe?oFH;Nyj_44Bk4w8WvzzEC_;00w5<A**kNKeF5Dqg&$
z#|y#!%lR=*!4Dt25a#o#LBNL|N<QSs`7r*Hj1Oah4|y{BZ^!g+-<Qz;m(MW$w}p%J
z9}_}#;pQ*Y^p8vBN(vypRHO*7BU6ZW!uDsyF@?(w=q@8P&F5#_;&6t+i9%xgX%RQ)
z3T&BSo*M)Vm~&+@xtP+3Tr49OtLdEza`7X*Q%)`}(hEc`?hhgt)#T#NU~;j9T$n=0
z1?*#Bp4*pRq>+oC=+I-y#Z`J|3Au=GOu-=+uhWZV<YGI$SV1ldLdgYmx|?%Cn-~o1
zfNyBb**Y)mxK?84*P};^8UuUw8l$1@{>AVxbIvrA!9beiT_I<;+=IUj4tF0V@#nfc
z`2Ah*`!X_?qF+C)c)4;%f|5ily_;x=D^3i9n-SD(Cq}W)81@-UCipl$nTsnXB^L&?
z?hJs5VN~vUl8k{Qn{ASv0fNI(<rAbVr>%g2HFGM1{=Yv(k;lVe*GayLJUz|P$lz{6
z8t!8aWVZ!09KT3JWId~ihmmNJX?Fi#4P<DnSvl*1McSAJ+LYD`@pd)Y4j_l@MS#4g
zRl`dAO<*`a2_sNHNrxuKfMU?iIpLw=3tm|nMPKl&(C<$N{#-q<v^fhNn4<%m)B}GP
zBo4gmM>g=ywQ@QPQI8v@qQj5gD1i=5B|7Zc#ORQJRiFbMudZ4(UW#hG(b9NkX}q6>
z@g_*)O@Q&1<ME<*XytC%hUFkSsbNg$EP~Jp0*Hn0j(UX;e{$?Ig?*B$#ki8hbT-I%
z1G<~Qpb|^iSw<t4={6Ht|Er5)VrkClA|d(u4_eWD{2?rw)2|SusSTreudJ%`YOyZe
z;9J|G^WmKIup5YX&ng|fVcQ-J-c$P%ymM<Myn9M`U;bW;_mmWjclKqkH;>w<;!`sF
z<gN%N_3y%P*gpL&N%ER9CMyY-iG50e%@toerAM!+*K3^wLSX|1g-iz2;grTe!S*#8
zinMv0XylZu5=DATD5U66WV9VqWa1?}_mTZK>{r>wFzBnlRVoGTBXX6x<*KMsM;nRn
z_)#EJdvVOZSA;P~sK+#^#{BJyIOcoOm{UvHm}ND>m{sDKLFzGMRAW9TjhP~iIZPNc
zQykL+V=jR)zdfnPR^&$w1h$4>i~QRK`7cQv%h(Qye*@}rQb!eFHy#b+ljDdg%)Bfy
zew<OVn=7=8pAIHq>O}$hog(tzd-RYu1t8Nm7Wun9I>;kE<SP=X{ktR}pZN+ye4q~E
zcRY*{pLIb%e2z$h(ksGW&94f76^noE7UiT(t?*a6_}7=>U#>dguNfp)-haUR*oT~d
z8{L{Ft`+@!n0-FUJ}0uzne5ZWK9{o3AK2$+_PLdP9%7%B?DGQqtYM#q*7VcTT3-E2
z@=qfyd^Oj1glS56cAYol9`njU-U~^wmdudYnA4fqxt@f7m}QA6$Y_!~z*|J>e`Q-{
zaM>q}a8lI>3(L1TlPq!MA+B$dX-W$i^LA&-RWjrqwlf(W68L<@?@=%uf5j(R;6@(j
z;;zPFfcS?j_~D)WgsaNu$sV-XCoQU;XFNIWS<d!Rgzf-N-U8hVJVo=j>~@f<A=-`|
zaE#{kn33-Bw~2i`SdL;YMyd0GD`{W!p5Jhw{H3;Dtg46Ryl<cIF59mMFA0wT-ts`;
zU3aS--rNhm;GK6;AKnMG@M1ohGVZ`q5y8P(f;l@fnsK(mDWRCdR*v7sbxpF+IJqRB
zNCJ8OZq@VKCd;4a3Thfj@f`b|a7}*S6aO}X9H~bV#I|i&7IL~69;mH(rGc!A@o=(X
zp{G*bXH_&N4}PC{(<(M5#P6z+ZWcz`?=-;qt!x}O8;32UG>AWa1^&2Z#)wT}y{ulZ
zic?91Q_y76W?P+9e^PNy!>8qxPlrxmKK)0_r+2!E{q{cL^&|g%1^Ji5o88tAykoY?
z;EnPL@77=R;jQdiKfF`-vc0s)CfZ490t$Rv3SyE8qmd#<<1q=1ScZlP{n`eMYsjvz
zqu~2AvR^qp2ZKG5hTM0vy|^Vz6GcpCY^n3I^)2qK22U5ovvM`YbB<2^>)lv?RQVTu
ze4U|O&{(8FJ5fSARR9=2oLE2J>su4N4}9et@6(Zf@SeL_#5?7TFTAT(>Ej)Gcm4cL
zJD}k&Q7K*i6193vQY#71KU-1$E?3|gA;+_cKRiG9UBq+jX<v9gTd9v{$H)frSBZ9_
zgtjh!edB$!CFSoozVW^#!Vlh`Z4&XGQ0)uv@yGS??h+yL*XR7zaQ+Sx@tn@^j5ndH
zEeM|HL4Wxm1&UDUsbim9)6+(}TXzXIi1q(f8vNd(_`Puq<Hu|9OX^Y|e!$N(EkENW
zG+PQNaL#xInyGqdwx(#_90;16gl3Ps#B=_#`!74C!E+JCb1Bs4=W6kM;;z8`k%rsj
zVWM4<A=>R0f@tDW0Z~&x{7k%4;%ENfzWDjXkNW(~x-(#YD$$IW(A486K{Hhk%|r`9
z^YPCEKvTxg$HQg(EI;XspIJZX^Ye}H!1=lOPX#~IHTnrIR+_#Yn$9s)Ea)*aLG-O<
zQ3mliAGH9d``~N(NcXtT5?_(W=lptD-wu7;Sz~|e<F69!_;iiF!ig;kv`6Wo{mjh-
z?T?l=0Bue}d&(U$K3AX6;60zsuN4^Y*;>4p-ci5(T~)5(uTo#-{8jl8GDK%Ir}OK7
z)QFk_;;*Zd#9xyZPsZP+EA;uhu2X~gt3*3KU8BEp{t~oD>7kv|jG%q+lLnwI<L}#H
zGX7fJzWDp?xBC1o39H|KYB+yKOMW6lG|_@SXiDeTCB%<N7mo1J`itqPprgj0NEZEx
zVMU@p5r(2j9heN?9E$I{<pzU$ief!ehW8${wPS<*DJ2;aB{GQq6r9~tKOGj`MCkDM
z$Mw@;bq7Cwm7`FkgSAq_cSeVwzY*w=r{Me64jTLIlm893-=ifzQpW!#l74IPj!^Kw
zy+8gJNc=zUi~k+}tcU;Y8_a(t84@Kj=<?q;9Tu4g9X5YbKOI)L^T+>uiT}rZ@xSeU
zAN+3@`21}-B%C!hqFOp^DpbUOM4B%@`$atmbWte5KbhM38o}VXLY(joA7Aa?CmkmF
zFz?+iKN1@3-%+(ZnBSPj>Vrd3(|wp0&+F6&V|iG2yTy>F5QsqN(N-b{RsxY8V;Mc*
zVES|)^hjaoS<&3agdY7B69Aq(Tp=%iqT{2F^+AuZBi*mxrlN=8FMss7Qtq1`-`>{X
z`A{N@>`1bBi7Z3M3Mk`wQ9+hx^vE(UgplQ~B^t6ky(9p#BuiwOd~2|Q*0Wb1*4T@=
z%>RKp_DtXQ;^SKb*O#dMzVwC87rOdF=8G5g9Q@J2R6gEU>&x`_MSbz(^UL(*d8<l3
zDk}WR$MmJX<>L)&;QAubL#;229(wwsriUaL!-5Dsy1%CpjOX9eiGlp+%fH&H=&|jP
zKYG0Ixo>*RYTICak;tOf7fKdgeIaCdMvpB08xgX!c~?W0q3;Gj7MZ@pw-NLu|DZ2@
zdE&qR^<{jU!2OFGAs;gtArh^qw~-K{`C>A^j+M=?K#YO#wZ_#Ni-xq;Otpi=srK-y
zIxp#eKHyJ227l&TKAvc;<8QdeS2H0|ZJY~RU0;V8$<#9=?G1!17v2W4OixpqlBjod
zO$mx=rJ)Mw4|I@?9Od5lbDdYAKY4#@=`%s3PuEW|eV){(&x5TR?2k$GNi|6HNtEO!
zb*vy0*e_GaO@^M_T&=4k{^?t~a&z<B`f}5zrG`R}h;sAA$~v#S9&^HeEqx|R{>gtZ
zeV)>%Psf&l>(h<!Ph@mCT1)8ip}s!tmh>q?PM5k{{OHraf1>)7zR#aNjojv2pUf>9
ztWVeO#%Aidv74_Fvb^?=o<8NjqwC5dWbvm@FaN00r`Wyz^r`Pw-}+Q#X|O&?^wH=O
zi*xk!i4Z75Pj0@xLJ0KC+q!b|(cAiRQ*8F5Pmlhf)Tgj=fBJO$7T@}`)vVDcW)tYq
zva@2ilB8|)H5jszq;d*-QYrqsg8W^QgxF^_`y>K@euVWfYJ*DRW39pvWCErQ6#1CO
z@!ZHF6@TD}arSOfr%O$g0EPep1*bv=jy@ROB{29GV)a3Qg5Qy&isbuSIb1Krkb>d!
zOqF6d=Wvs<#R}_(2^x#Tp#2K;2}{v%Jp4ctS>fhK;6Qjd{(hi^ti;3myK{ILzP6GU
z1AaspzK+1xVPuV*hZXzbQTQ50#-AhL?<mfd6hpdROE|t5J#e}XPBU{r6W5Gz6Z)tI
zu8%wTDrg9^patZ*65V&Hjy~i?P4Q32F^|wQ0QH#U2=+SY`hvd08E~TxrPi<?RHA+4
z8R$=B&58IAsIl(J#@<IhFQOgf(~CCZPiK6rGc}eU8p|ifDm%e4Z-*{0&XvhQzEA1~
za~I`7y=ik<gH{-fK7);(!A5@(e?p^H@98Fk=eTgb1S{jVXbc<?`Kj+i-AjA~)Etbk
zJ6nZ2oZvnV#)N(Z*=_lg?zTskMqhx}xmFs~iq;DhjTL|w<#FsuJD-oz@xz|&EYIkg
z%)tQtAeH(X%4x<rDl5^6&jFk&^y<qd*e?@!i{Y?vwj}H1n@D*@Q<!yx{W!qV!n}mP
z@_5GNL3_$<j?W4s0$?kc5yrU|!S-6Sgy(m2kz2SqZukn{pLvRVx{NcP=J<!;KpA4+
z?0o4^qCC!I{CdogN0Gy6ujWg#D=gWSCeC=)j(=b~oq_+{2}dOE&GBY*;EZQD9uBTf
zwLsrZPClUoXa?vdM&UF$^1Z;pZ$!gM|I8@-@F?=I_#pKBnZ)O?HSebIj>qKjS+UV&
z*~fz%&Ll1)*zV*|^bQAK>`w5~I%N6zU|9W<u~^6G?NkLFwI<L!3tAoC7_%cY286Wz
zDG-}F(yxU7B*$2>hI0#3i098!32SiyKC948_|u8S7K^AIzm1E-FNj6q3qUY3x#+U!
z9i-p4j+ST0cC@+$`ibbt9<0L=y>gS-So_0yI{a7XsQ^!&YLfML4kL%3MX0fYsx0%|
zT%*CjpU<xIn&-Mm+eZ?|Il&xUaX80T6N$2IGr!si?ybJ$CI3BWw{14h9Rgp$y%0Dj
z4R$>MyI>|1sYL0E4Tiz4jP7JtnpMINIa@JjPO4sIAk7MO<ik9m8r=bM?3^6N<y^=x
zbIzer@T<r(=$DTT265kmWY<eZN8hp4=GTf0(Ai2X2>LI30@|cvbGupCeqkwis=Q1#
z(#-h{aK;7!8!xnaK6w$waWFQ6hw!T`Tvx2DU5A=b_gYGJ`K}2WJ@BO0b$b+as<;e_
zrukVd!I+i4gLSeA)tA`Z2rfH5!pI}&sJ2QS)z4^p{bz%Ol4H)yZ}h~JAr11RlF1|O
z9~zzSSqXB=&KGmg^T?u%26uN=e$hP+|Ak&OiH2eOf2d)2Zi;L_I_V@l?PhG4@F85z
zj%l6MTNSJzQy>vO;anynB>Z^-KK%Vk5206@b?6S{T=7=u2H@a8M8YRH6wvdjV9z*A
z-%EtP2Zh7aN@B^ZT8zoLQL1ZOu@(G{&Q6Z>olk(i^G`|tE<L(?(A&UH{FlciG@Wxb
zo_*-4P>Xav5Pu#F6j~nE*ubV|rf5R(DAq`#h<GOA2-L!)?V5n+(o7DuyaFZF>rLcb
z9ZKK{d&vIZ$dn1H#`@vNfm7J!E8*b4DRlJ%%)_z^iLpVT-5J50a|pt}iQX~FT>$mx
z!u&rzh91z%?*b3Nfvr6~tgr;!5v^aHL`!mA5MU(HVq9>llh|&^Nnz|Wf_+9&;i*FN
zn~4qz99D@fhp^d*%Ml(*92N{Vc3M#3w+8TGu=P9^0E$3$zXa++VF#ieLX9tLipR|0
zQOo2T9SKo4L&q+mAj5&8_yxw()KZmAmdPicKkR%pzk6sLUl5ml*p!e{W`3)%Q)vMT
zj^lU6bt=lPGsfX>5<BgT<2M$#gR)N>;|fj$XCF4kWuGy2DoDoaw5TW{Y)3{ocudgQ
zma`5IJa@l2=Vzc9EkJbe`O!N@!g*n&{W3Fn?*5FU38uXnhaAok5y?3_GTJ)&j<8O-
zB{8Qg6GJ}&{>PAyuwnqrb8`qeF))oX#>JU-W`y9^PV39Y=5qE={djI!#`~lYF|v@e
z?VIriv8Ya%XZNCcHD0fsFL!5orTR_!sKZt`V>SNU<S-V3OXvB4-A`z;mw4592>e{J
z-B^uZ@0p9?&$8Gf3kSQ}HKJb=GoU<wss;-d+eg`i>C2aND#g=sr%M_4+o8jcseMN9
zGHYg3^p5C!d&zo&2EQEyo-c&mjSCKkjf{JYYqF8~5%`y3p7mq$lARo;R$0c)$$dHN
z6ce7<yC?IU6%RV~N4s+>hIJ2TyEtPRregRqOJ)>b&J}nt5%zhOka6(CCj7s}Qznj!
zy@WG%KE>kMitP*@KMa3|C!^C2zQn<AL4z)0E3!&<ewEl{hqks8)mx}@#GWGY5wY9N
zCvrYKahbnRq>4}2UO(rlRz7W^eh&EDLoCr3XkTt9$2V&$=p+X_%oq=$pmRZVGZ<&8
zl`K6&Auk*P*D6R1GUBaLa1l>cmgFMEE$xKufP}5>h^C@alPuOrF%eNbE-rs7P)x(#
zw*b+^vq1)mG3hk4QzQ1(4iGA+N=s#mDS=57nkZs|WZ$Sa;c(sg>8nvB_)jMh3;3UP
zL3p-u@SUSCjN!9mVMiS}BoJ(DNjB^{OK~7u^0Gfuq(9T7KhuRj$?`sf;m0#U62V|1
zcfDW{mWKt}3Cn~6{b+drAvG%x5GYEitfcCsP?4&%OMubV2Vv127$U*mVPY10+Sp;k
zpepp}b}%oU#e6W!T?r?a#HXVXhG5wC8*P0_yI)PJuo1`kxa{9eRP0^|T<qqb{>Q}b
z;l?6?68NW6fJpVqTy3>V=GFs+`fQWST&14O{WwnA@5bTke(&rk1Bl(T=`3Ie(Y0Kq
z64zBGafuNy;0+MC_-duVWp6gA<PA^Kmg|(cx?r!De<6iLyp;;erIokut7P&9b7~vr
z`MbA(ymeK{8*7Xq@>W?JL_EPKUi7)2Ssd9>=)B;3I3T%(0|w$^srNSnF`R<^1da+}
zZ!?xil^BLp31XORg~KyT3Mok#qniaK@D<smCV{|s++fZ%fZ@$#vOak%2%@KMo4|Ex
zi$g8RCQ?v(N+m(q6Fc)c*`g>ox-2gHD0nn!pjdo-is0CQWOhI8r3s5u0w#S=1sPO<
zm|5k@ql;I~&~)ax3I2(Ke|o`SDVysR^Ucqj$o?>Qz9Xi>fLubE(!t6)ujg02{f4P3
z>|&}wS(Tw?RdhZ&SpzykQVL8*I9EvJ47xUzogZ-{RK@zYq$;BDsC0$DNG)~&T>;Q)
z4Ua$`_?A=@;sjC9XMHiOHsScnBpPh5$n|JKJrD_z^%p-ASWkV~G!@tTRC$GLl;dRm
z>^5C7OP;Nb><6%kEc3iEU9X%>u8E^AQ%&48mh!#(Te^Hdehl+{IShXU{#mIwuk*Zq
zx*d)(hu#l3h86OFtwI$BMO!Z>tKXFh<6b;gM`e}?D{QAC6Ih+P7^}jAg8GL-U-i2m
z=jzw*{(Q+So=42GG3PL%Sh~U1U}W*EC!h12sV2yOI^e)`Y-H@lTF4DxM%ay~V8^Dc
zOF?)l_-UJg#yqCu_|o|rWOD5#<ikMz%t6ARaL}rq&w*QU=AU1yAcC9;naDA5d`^Xd
z9Z*grm?qSft`bUZp$IHxymTg}U}+;YO0?Wq7FDL9-%b*H1LHXOuY&*}nT;>;+)QkI
z6$&XMp{5<k571iljLGaVCIda|_ui0cc)o<NGF|4rf(L@V<h|$Uv<Ws!oHqwX(27UQ
zd6`8Z<<N;fEQ7<Dj`XdA-FOlbE!7vXu)BVUGEz3oISOo;8(vPRJJVt>p?|Av4@nji
z5HKs|hErZVZIKx;!L+cY4Y4|`B~h`B78NVJfw7{e2aLd{9Nm`DBvW`$!S?b{wi0EQ
zz{9;XbFSp$O};=i-7{J~=jO@tjgV~Q{A?l$NpvFOjXC@QQjW(ro`++C|9ep(;dlK7
zlqQ$(&bEI6rHMF0iV^G1TjXz^e3)0hRY4wP^1hM?cw8>|7T-LKKXU1J_}*c9?=VsR
zp(fCQT=FH6MY4N8Hl23x6UYkP`{u?ZSq*S_%f;;IxpD~hNka6|3Yri#9;WgCr3y&s
zr{Eu@0kmn5he<&#r;#jO8s%XXTIkj!L|cGi7Pn5Jw)w^LX663;sfu+K6WKt9&=ka%
z($sD|2jcqh1qDra9EQsu!|8P;Dm*L_mBY5d?pzd3|DJAPgvI1qMC8@ZQ^{7*mfWZG
zq;jpHZ>kAy(Z8|k!47!PFeHkjd-E}`s(;s&WGRx%R{-l3rLU6lW8~`<5u9^y6s%V`
zZ24Kzdc}bc8?aun;zPxHMH&n+{~fYkvFof^NK4+ofC}l3Ct<w;LP!f`PDvVN(0ydi
zF5*ezEIx%y*er2Ill{><Mvii4SCVtPRPnh<43uCh#B-f<AjC_?L--m^II4(^Vs&F9
zv9n!t{=o>=<CCI$FV#uzCucFpLvoYSlTVR_M+g7X3(2iTzCv>JVY+(%Mj;;GIhn@e
zX+k`H=9D}hk5R_sQIgS)4cPsID5Tq8K@ycP4Y55CyNASRN%Zc*gx_gmBEj!7X-IkE
zVx2k;Cj|9DP4wOoRUCdZi^I1UusB>5f2W~6IJN@|^w1Oa#NQScfBO}yTaWx>Vs-FB
zoh;<$q>$T>Ouc?sFXUdI?<*ET_Q&Px12o>wnaJYpG+Dg8<fJ^_j#0$h*DO%`E0hA2
zz1gCYCmd3ku2ZJoK3|99Y)&uE*2vSK3RRqaGmEq5tYdMu%BxR9^G?yZ-uqa9@ikT(
zC?fP7U+ak3_lE)rsV(B3;!;R0hS~MX+e_!_e1y~-c}@(eO~gij{EjN5P61uv<2iY7
zwePSxq(%qpkFh@cTNYABz&~AKu-e~zit(!>X-Ktio=!+*LJP42;#n_`pVI<~pTBm?
z<L4L}KR^4DJbu1r(XTiliM}WlD%mG-vq>8_i&_A2vqc#<n|$(j!I?U3+{{?3h?^;Y
z*S)2Tn^RP*^&S%A=2i#l=jk?&EN+g50ebvO;^wyF<h8PL&Fb!<n)TmDDRXOcbeX$y
zH)ih28yhcc3Op0^3OxJm){mE!K2v`oPA2Cce6NX*|4SXSS=i_GysNYS!wE%vY{zrc
zFnN4TA~C>apv7*y3d@<Cvk@jEIVr%n8$#mICzRgox!w9P@!W7JC{DFXj;t6In`lr>
z9auZm?O?A<rHV;GKB8fhGm)bw^retlOA&&lpl=VzqT$bcMZ=Zo;%XKRC*oi@RUQkY
z86&jkbK!XSr{`HboTiP3%Z@4H;TS0%W+x5lX*dghb+jA@zcNLKzycu>2S>0tc-k&S
z9Bfj>!QvZ892}*JgH19+r0!;JNmOQ|(MSAS5Al2cN#fsF{rI=FD*j!?;$KzVn}()W
zQjI;EDyu)S^R;oql3g=nQ|k+N)1`3tDo7O#cUK~%^xpS}BHrx+mn_Bwf->UTc^aZ=
z0$vt<<<e+P9rDg)F&d54faWyd1&<!WU9`$TLflw*b-RsXh<nRMF~ps+orbs_cF+*F
z%?=20IsBs(3}8wepU9z}&yxT*g)*rUeZS9FfQ#ft)Op;j$R|*1AQW|w%2FX`kcMa5
zTJU>~XF2{LnpmkI+L;|hD(U4R^cP$TIfG0*&O#x5fGrHm8!V(`%%)d_UP9JjAt7Nl
zy&&YGF>P)(iDsn;w&@<P;`~`xlBuEbt0{xTuTk>&HH=jAXyVuQZ!{o&tzMvrUsGU!
z-*ZX)+WMFnzrH++(yzr(A$~Qn_%%fyzXnaG@he9rPHp^JR4$KSrHx{pP`^3E>SvL!
z3N76QyowKlEeoOl5!*i3j1UW{LByV7F1>AnA}S~jcDSCglB!=~B!`92;Gg^w12;5Q
zeUIZx5}AKN3Xy3DL$@lVu680@(n_>)Y<oA3ZSTgh?cGr46H-K+m}WJ|B4YTJ%;!!_
zr*199ZPOo$@CD3%2#$+AcVNIUz(ZA-up}Uw`!GEU<j)_-)PUJ%LMfggVsOVkEL*>(
z(eh8v&}exqi<Zemkbg)XF>}g@Io7{FCtDgR$sQ|td1J-w?3taQZy}!1Q3l{!6<M7C
z4-!9wcI^z3tz%EeEPL82bXy3{9N2krF;U&UL}LNgy(BD`Ko^sAmJsEO6UoBs<0QOJ
zlgg#zm8^+RM}2pyQxu+-@K1M4C$c4=k5%rmXyRc?e)mI^HF4jQ_2Y_tP}Y73&pRfx
z9DCQE_3C_`>>!GORbtT&zbcWrL#-0y{`V?jsgy<Y&!mabykC7-vt3Ug*4L*G8AD8j
z_`k1^^dS}n5k{m9k?RAF_Ln{d(S95(x~Np*n?L0tKgUA;8>A5x+lWT&eNs;&inggW
z;)Q=mBc>gz^Cs|5r_pSaGCQDAhi=={*%eTS^`7n|&!S$0m#f252PyUUIVfj(eydT3
zkB=+WK~}#@^9SOQV?-xN&K;`+o+X>HS<-=n)-q5QEc8HAt)jfJ)vuyBwn~bEy?spf
zndu}5{r^E<D*h7nMaW06%|fM?7!t@uks0?E9QcD?3E7Cuba|{glpLdwXb|%dRVaN+
z{V{9112hjobgmr?^zt{7Mx8oJdD?g|4No7>(uSvrR@Al>ho_rh1RS20_*dLDgLKx5
zu#N^jL3Q*Gm5z#e3xx=vbLIb_;&$0g6gTW~J;l9gv!u8V@S<GP(^ZN~vl`YLq`#{V
zYsDm9CMNMpF*z|8#N=sFOeQPDq}x`K(f|i9?)Un|qjnz^k5=%H9sYR+{z-y=Zin$4
zUum>_HROx6_F=$2Doej`RF+y~>ZCfXXwwEPOW(*$jpql&c{PFMJ7P(`!#R+X_x$?k
z_no2F_?)moo%e{Md5^>xT6U2bMnB0t$a4n4mlo-HYan$6r2qF5ZNJ%bQvdH*gTehT
zAN{|3&6<3yaB2*-ro@b%B?eRSE$k!%$_fl%;a@5+NH!jaY)YHGilxG(8)V58sj5Jh
zS5ej$Btr+6thfN|F<4l838n%i$Iu9}^201Nwh$K4eQA&xhP_W#oet4W$0S<gFxk`i
z#57pTO=sJy2uT4uwkzqV-S5<FvI>O|MNS5!yeV5?czT&+7WW*YqFj}zdmf(y8!$y0
z1`Yg!S}VDAVrC258PmU{bSvqhCq)V=l4TN#6m(1&%hL#Ej8!HK-$P>G7?zQ#ERttr
zGOenNj9Bmh9clzVc}B)cGcp{_$WSvUt4xsFHEhhF#wMa#pC9p7XJQ)7I;FEhLRp3;
z9p!B#85#gbu|RRBGB>mLbB)Ovcu+Js4w=c>x{Ky&k`hc}eo<AQkaBJH2_btF3i4W^
zBK43}sHjh{-q`vCtKa&BE2lz8a8K$XSBc4+VXMUC&FXbDdGlmGP2N1356PP}{G)V$
zHXZ5{($M5IlD<h7>J!eE22`K$`yba_pYYu-1x<SvD05<W6v*ontg`w9>;JAkq5B4H
zeS)>2`JITT$oR4H{0^SG2ghjhJN;)iAiraosmSl7!vH6zko?ZQJH`CYd*i5(_KXwq
zJ64w8Ntfq$IzLDAJ83c(LZ09GtC-|>SdaE~_c#AhPMjR*3D@*D(*wx@?Qbr>p8n=!
z2@FMlvmAu~hx(fz|54fBympPUzj^r@+Jij&SFyjj>yNVj<_<sl=x@$kBlb66{z1RL
z`4Kku<u%mYoLNIVkWZ|+rvB!$ufqE6HrWar>2LmkjlPJDK7S20YQr7~yuZ1|1@mZp
zL^9ULXF(r1S${KEaHJ7eaJdoI%Sk<D+Ga1PX@pLFp;6D?a`haOCulNxd>wuqx_;#S
z&Y$A1enoF>74`GPyHr2l?0-Z0o!fK2T*WS<k?D)j>1^B$&CaKx+1VAm0RK9oNZkKJ
z)$i<Z+L6%fJjm5<0rWl(aWz{29nVcTSG$Em%X4SW)#`0k&vPHKm6_@+M&)m*?|DeT
zeb3>npZOo?cfPeMMC^C&{+&2u-tnD&zw^thsKni|nl>cgwpy>>IbpWp8v30VY-VC`
z5f!bX!>?II1v<NL!2QnP46=S_I2=XM@0>36I~(ENYIat**>3yYJhumY1^12--w%8X
zI0Tz%^tRWb-x-=JtHd+L&A!^5JHKlX+nrm|cIPTC@(idF%6iivG&FO_;hJW2^qpF5
zer*Yv>FeNC#}>0E>?P}o?Zwdx-z^V%o*lL$=9~?5=7)+QwD%Qw7FI`wTEHP>z0RZs
zy5JH~UUa9t@7ZCi%zOe8LY|;JJ_4KdU~JYS)E&*{ocUztPz1zzte-g*`k6<H{mdKW
z{miS_{)y!aA+CEsz7GC61Xp``x@#)&N5#J9sc1k+FgZ-q-I>U;X8)^oX#6H79#v@l
zThvOtXj82R|C9aCgcH8|pYyf-&+rRP|8og})l<UgwBk*_{m)<K8ua_0H<~s5&vhqA
z<N?!n0R7Jt9oGLGr0stWd!O|`$N27l{`w7{{m<V8)c;(5gZrPiiVjRY{m(5v_1*t`
z;Zgwo&!w`tn0O0O3zhxPKeGPk`*ixBrS|7Iq5nCN_CH@X;xFPl?G(D7Y4fwx`<xHG
z&k+vi2vc&-4s*^XJm}nfa}Mm6!1|M6M#yLLBYrLnKbILiH$S5S`k(iM{Tm8XYFn;v
zlF$GxpGHXo^k)XK0eXhm06jp~03AHHEb}JTWli<P>WJJ1XTfl`@)^hF?a*UsJG5uJ
z@;U5L%vcUy;UHJ=Y<Rh6>6kp|gZ`IH|7FkHjrkZN_e+ZYXXuX>#*5sIr)L9KP}d0h
zqz97y6aFvsM;CY-L67ujn9yO%EScS;9_bJAbo--St-dD>(mTlbs{ZKPpg;Oo-Tr9r
zaZ&w!_DAb^^8ZAC^x1X(8db}$r%`p;CRwbc(;qEEQQoWi<T|}#?7nZ;+aGP}rPCk%
zv|ZI7{S=AUu`f>+m=#?%RZ`ZgI6J{eaJj}_ybspu_DPd%l>PTfmj~FhI%uOvU0;3D
zass29*81p^KD<cXCmo^clfI{j)@d(|mhw~A*&jXQw|`9RqRT|WX#1mm$lTw*>J@93
zEUdS2bWxO|Kl=PYo&M<RwLz>xyQ@Or@Vy%+a9w}Z>ywtto1Z@EKxJ-sNu8okTC!kT
zd3$e-k3Q*%Z>syGBUIg)>+)$nw9h@7eCQ4Ck3Rp4x|qBChWAH*QmifJW;T(6qU?{p
z<Gld-qid_x#oS$gsehGh&pO@y=!(30#r&J@bTRBaZxB*x@;=$MUtVv2^zUoPQsz&X
zhD;M+MU$*GC^r&lNO89hRWYpA?UPpMir6Pzek1y%KUy!<dsBn$w@<p`V*h>8-cw?|
zckfm8v%TUsb)WR91*G0PX@K6bDsoM{_cyAE-*jdCpQq3NWvV{uK-WKodT+^)XwOrS
zomVCGM?02XcYk!nTwndshhEn2kACM@|MlNK`=irYfAm$ld|Ao*qeuLzTsj!>eS?a@
zon#SHr~!{NuYB#OL2Q_Y1%jgnu{2!PFs&#N&-hajiTZ1pmW82dXvWFFO2p^R_f;Y;
zs^i0vCWBZX{-E!E=`Vf`A_d{JLflWAw6Z$f@5HJp5|`NwwCWc{-}LGg4egtDQqBl#
zl`APnSQm9JflIVI`c2fk_Nmz8yNO!Co&zTu&_rGFy1I!vLe)gwV>LAcpLa1C#whx!
zuCssonO_uZX~Vx&tWPF=>#u*>saT$L(iJpbSe*n)^Wy3xT*c**FQx8jsvf$lli%zO
z5xb`g-WPMNE8iDaCvX3hrdNwTrP+fupXzl_AEU+PV)t}nVBOO_Rw)Z6Vhs&gpS)$Y
zf~Jj@D~-&VZ|d!zcB+;q6|^O*lSh??M@e70I!XW5U7Z}S>YgTfxQ6#nqYSbh5+h#^
z5&Nfw^$@!)KTES7axkw!>mlFf$=5?jKXtd)$$Ci6N^w18-)t(huZH{Wr|vw%e?N8S
zhWArPt?<|QT7Er^ugBKNLU^5iYMI9`?|uE~TfGo|>T5pxsgpbV>ZgACepNs9f4)=2
z?_yUF#P7mfP@LV5S^b9f0v=ti+gDAFpY-2XT^?W$?3=%6;&ydkwVbNxk>x)6sv~oR
zzUl~7U-hgXXuN*0laF{kpnmGT-~3}@wP3Y8L|64w`;e(Y-{^(t;d6a9qFxHq_EWcx
z(dnm7`BoX9M~O3e<@F2H!msuEs^#+Jr>{CtnR;NAvaebemuuvy(bqous`tJs^i@Zw
zx<Bvvj!yqeJJu7AUrRsrq^|-A!LP5My2H=DLU8?l>emD4r+!(}PrdBR`eU(SD|Gv*
zN6qmm#yvaG(Cg)wbwV!_ihuu_`l%oLn#9{7_d@9~d!w?A`uatG@fW&%)e6}c`>M-t
zL|^rNKk3BTzWb_w&h_6{{f^XE{rj@|c{_Evy07}RStQQ>xR?CQF1cpy`i5#&ay!c8
zx2Ebc`SEvEebv_yUuzEdNZ@o1_&B+^!Tr>EnZEj|-*`d4pE~KA>+Yv+^^MZIZT0Dm
z3878e5L(?`ZQJZ4bk;Wb%3`w=6c=E3wSA_~?&=P=nbh$Cji2w0_T69o+%i@CtZu6Y
za{JSI8Z1k3?s0wHN3*|D^jXjOq@jJ*V%!{~iknR&Zth3pX62FKwCVc4n|#E}_3-4I
z{S9ckUNK#0x{gpaT{r%cs`D#WJ^oyO|Mh)eDW(0cCCdHAmiX<zRt3yV=6SLES`ji+
znnU-sKzkZ6i{00+ZwwK;uRoeEhR6%&iy?B&LK-43SwutR#f!Av*Xu_b6y4Y1fpuRu
z|H7<_7Xt6UKK+G)Xh%L$^k47%sJ{Mdr@Z}|hQ>nHVId)*(0vUTG$zi?Ceg4I0gv0Q
zt<P<6|22As#J^GU_*d+|_8<SwX;}O_M;`x@e(Y}3Y5coXihn1v__wv+e(cWU{P$yb
zzK(wEE}!`AsWW|YWBakouceu8;nz|`t=Eq&`RdC4)4@xwsUQ1XOWO2%b&Av$Qt=~g
z2rh4_>BkP~rqhod^&eHlExLgaadYB);b8N{wKcOn|1t4Mdv(=oW=sB9w=bKV+7(b2
zYI&etY-hieh3EQx*|Kmd9sTf8pncg9sz$TDpHenF+=8;`(M-}Wl7CR@7rE~TXhaqA
zf7jBF-RdL1Dsle98{3b4O)4?_3t2Wm-H+`{ANqcHP5szMEwt<R<YY-7wtYw2q)IKS
ze(Z}8zWTA-f2>Ry{39BX_5sm|P7!(<(f0%0zU+TMBMvWB^<~Sl3mSF!?EOIdveoLa
zaS7$Z05j##ph+5a=(2*UgJwUs8_<vKdC#w+{QllQ(vN*j`jYaws4s!^V{f14uOIt|
zZJK`Uig)Xeb?1Mq?#F&_f}~NeET_Dj(wv61YoF7GwTV_V@Abg@vAZ_c@5df`XM_5&
zN5B6+P~49f6U7}HuBW)KF4pbKmMd;Rec1u)Z>P_+;^L<-`#)L!`m*P45&N=Nzf-@M
zJo8~aec7X5(r9@c$(U;F!<QdWnYyDXm8s{S)k&3DQLkK0Up71c^IH0`WqA|Ld9gD%
zorBwdocBNL#||6quOIvNfBEjm-unJO)Q|nz`--K<dH)WuADgCOpxZi53_wXHM(EIv
zqrs=9LHouvXTPvUKbxc9oGl~|Xmj@XO#wD%PkBMIk^lOF%JU;8h?n&Hu~)uL49WPg
zD8VMNbu(oPwq(SF0*Hog6ECx5u!Ow!T}5B^x;Glymn~*+I8_G6N-{VOn!%wq&wrEl
z&ecA$Y}zJmSw<%v?Jo<cN&Dz?8v9eQRJ1?xChfZy)7;K~8k=PGZP(eK{mi?{`iBL|
z`iBMn`m?XE{=w?M{$Z8Won7#<RR8d@RR8cQtABWv)jzzd*PVULZcub*CkED?-Q%6>
zsef3ktbcH+>L2FU+n@c9*FUV+tAA*4e>NIQ@;|Zi{Eyh5?LYrBzG3;F@$&o+>DTV|
z9L@i{CFOsfVELaQ|NYt{{r78kX8qcF$C$H?P;OU&{vgbXLZ4}Nf72+s4v}PWrFi)f
zmYn=qTPVSncE&&#lIK>j`7p`iIfT|N(#(gfNqa&G%>Tuhc_k+12h^baJ~Wr7<QF`K
zdB(YBnNWuqkhKcZqQ>eCg|T3aP`bX6q}=m*pnO2(cnjKU#-s4Xl<L42Rxf<7^wEKj
zj&)7&oob^VPq2+cbsR1wDRM5D=Po7pE@J&glbucRpGDC4G?H@-3n$@P37QcG`nZ8}
zaaJz-iZSCMj^E1h`@n`i`9d@Nivs(cS|S~Zb{-Z0l_HWLb%hlP=bh6%Jvggp3zj$Y
z%0#TdiB``lR^L{VNY*Xw{3t_QaYB2m!Lt;-^Cp&dSAQ<3g8>biQGo5<2KUIU0+3e_
zbrk9)lgVNcyP%Q6`Lg7GWgVSteBCdh_mQvrOX+<}srJ5qddpd>qIb~iy7X?=(I>r6
zKli_)cb9(?dY2n9z4yIL>3t<rL+^AQddTUW>+3$F_X?f+%v`y{KM0}y=yFX6Ey{DR
z>1B||qq_DAS{YHJ`!%*UgcvNu<(Um~eMZmr5)_x(f3&-opjUcvOQ?Kzs1B-k3=oW>
zSnpgtLbE=*iLK9ez;<z+c71l~8{+ybi<0D2Xsns9(D4=mysY0<r}rC10)K;S!eE6h
z97x3jS&x4&#GpR)IrC1HzhGzn0-2}e_1qRMe(M20Gy1kY#&4Atzmf$cI(7d%xj;Q1
zv$eXoU%|Jfj)&`UFL23Y0(r1!uQv{I_3Mm^?wjMCo1a-l95nP3zOrL2@|MK1ik~!0
zDI6}Rn83Z{F{(#U9z2BQT$#Rf#{m=q5bhW7Lo)ihM=Gz0yzC+JUy@h&ieW8DSin5$
zN<r=(iie5(s@9h@>rJqJ#<}i2nA_1H@=n{D%^!m)zT;)D_ZL#LMvEiX-8+YDq45ss
z#w@`&Lccq-?8DRlhW&e#JiH0IxGCmnfQvHWu}N|!2=ELE1fDl8DdD+?z*9x^n|M7N
z(A7FQXdM`67uNX&ZRvap+V+VW`5^Qs_L%rCCGHpM6#FSd7)|-ZSB-Li)LX+3qVKZb
zH&y;##D87@_|H<~-<$FyRDpD4Ek(M(KhobjDbgn==<#FiYXQJhRilLG<6e{>eQHI1
zyjUv-ZNXIv+FkxZYs)};a)LfT+SW?++<(;%KW^@&=7%W%IRW5zj|#taJ(>JpRmlGp
zCjV>w%m3>XsSn2M%6}m6e0)*G|DH_#uSoKLMIrwTv<tuamw%pucFTAl@_$7p|5yCU
zf3z=pzce=h{0?1E;`dNArFRzvQufOfsVDs-wIi1z<#<Vt-UqV-faf6<JnNz;y+>RY
z={^6l9JJ+^C}_pM`UR~I1Fc}3KE3-~mgs%uk{^2ai1J16x>p0Sr{|UU9lD3o`{zq?
zr1sWOq@w*J_0&9y)YTXD=>1Y4@OaOu_<s+jcV&%8?{*5%9$=uoy~ZzSC9hG?Ccdao
z?~)pc-p(37^j_P;7rhtE2>`zbRrrnXLFqlBMvl~T7b#Lk|45z5p-6rGf*!r=W(NSz
zw`W!S?@sBRby1}EuNUQ@ZMi@}8}o}_&_*!OI=!Gz?`JPc^uGO~A9@ezt~;N0k^O$n
z1>O0yZdM@nRE>W(%8!x@3i&_J<ljHiPtB!B_j_Jf{sV!>tb*sEZcP5qi~Q)O0PO(=
z+S{xB%YQZn?Yrmn`LXA`O#aXNlmD(h<^PpH?CBYm{C8#Ye_kQ~=a~HaN9xS0%zqiH
zEB`YCfM?xl760#M@_$Z}|8olYKg;BQm4EqXpglR(hy0(D$^SWj@_)B4dUpr}KX0`X
zKW`+ZcjZ|*QkTw9q_+R;7pYh0F#qLQJ$f&g5db{nRq%|Dr1TCwE7IGc0PS%G+I{{(
ztDMdJmuL0qeesM$@2}4Iq4&WEjlFS(D)wXH_&yw8EsM8tbe@f@MY3z<^Z0&HERyc?
z)f~T@bGGH2gAivcm}D$^gmd+8e!4xrRT!O*_CFn@$TzIIL^n2jkTVv;U|lERpY6s!
zOX2vf=!55#7!!D4%`38+vu)$dNrgokeBxG-7}8dq)f7O(f5e&J%unF+={|RtjTtSt
zoE@1VMew}aGoqP+<Z&A3hLZJ2)%~-5NS;QxZ^!s$*BLX~ayb_=8x`f5*Pe0kh3>z}
zQ<xvQZHtufMxG%<nqf%%ynDLped_xo>$%^zp8L0}?_XR+HXxh>M4mOv46D8d!)&r|
zp*gukz5fo&jL7q;ihNOh`IGwZ*CRj9HXL8W1wDc|zAeB{ui<YB-}V0<<VP;g%4<;`
zi)7DNE1u7uiVWsO`9)0LIHO8mV5Ql%dvY+`NP#@-srCje`G?bk^zn!1T?rO1$fq5E
zy~y!fu(5HP9L^_^!*)EYw>|Ql-S&sWoOC2P=V-<)oN<di`>HYH7D&THrZy9k)|Bro
z)y8AdJdABuGxB~6$h^PX8_>Vf<qC-3?@X!5*)c6t*fh@B#yO}arwo5FfPTTZ1s)3d
zS&|<s_JTnZ^J8eGc&&q<%D&Vnt`++$S{=@N?9N2Q<&>G{zG)CQ7{jVQWwM>$Vs|-0
zU<I)?R;z7L31hO`inAX5jVvffp6861>4h2g1oPSl?EJX|z7EY?AZCTTI)EO>At{{H
zyTFUT8BFU%T+@wQWDSgDq9bH(5Z;@;-s<4<<@*tW)hQ_=H_h?;V3)Cdbl<Z`4_s^}
z`PLyw+&>fMk6naFn5~e1L;srG6tn9DogzkYd;wWXJ6Fe^AI5eAW7XdsIcGeUrozc#
zfU>J!%UJW;3m8W9sS7YG<RbTB<Q(S2BQOELx|brINcMwfBhrF$fyB0gtOvNrQjXsQ
zoB4q)9k|WT|H0+#&$w%_YsQ@hmL<Qv7ok-PD4g|z@U_P?5q>IjpYTE<J5J<-y~}e%
zo`1&l$nZ&zL6h|8A?z<o^kEN2`C)fj$h4AEmT^1hio<eIgQozpuVHLV??xGo@l<7;
zd`@9+@U!9)_c{E+%|kH-IDTicGZT4k&x<p!&48)t1o21bW18mVXWqtT7a8rggIR}1
zvNsDW?^u4zrDb?}PbKdZ-?_f|KT!|gVeENeulr&xTu^-zbVFnuX2v7HHH_FGz*oUO
zPji6}*(Z&Y+Qeh*7$>XHL?^*6<EWBx!g}L+6XV@TVUJY0&t84}dwqgG{t<lo)Jga-
zZO7OE2OPFDlM^swV7EMeGsY>??CDJ7pdzEgb~dAnf<en)rwlqQX9Iy>%_zyf)yI#G
z<Nfi2*k=x_%f?B~J-2~>P-w&#8D=bSmW<OJzfD{hBC_C9-!S3t71)Kjr%<?d3O<$b
zluwO;hm#K}xh3GU$R|FRU(&;8bUpgiS*A}Oi+nu-87DO++I0@(LFh_(kO1-o;+!ub
zfZKKe<FgC4HEe=V4=@>-*kXB@?{P)&J+8=nk0Q->fXeal;8+ERbCG8qPE7Ni7_@zM
zsFhH>&deDvI{0EVxnVEGlOxCP#gk*BN;Ww@e;iMa{T~f7_=jgKhk=3e7aPjT!mu&G
z9FZFww#{~Pl3NL03%fC&LAbs9wLzGEoIzN63`6*S8kFz2vD1lfB?`B`fm^fjEy2(U
zvWKMtp%<GP?9Ne`a2q&VIlzZSkI;_pO^*6B2r_0GSbQX!R;<!}?9Rstk<x)M{8l?w
zX-Xb68pFU|j-g=hw+wdmy9?r=mE8gZKvn_8h!cN|QQ)him;$ei2vXJCX!!RC$P*BP
zvW+iv*orVbI|W(7t{3VOAUJAHtvt$r=>Wi-9uEE<-$yw=sQhbZlBEE3ERyZlYRSnr
zf1EGOrzJ@iVpoLwY<F78zOmKCP-e%)-D~?4C-kuziq!Qul7Bmtvz27M1eGnei&J7b
zSF8It+aAt5U?1liYUAcyHsFEq_qMZB`f_uM;A+khuNe;=xswBuC6!~(=~mB8!v4dv
zZbe(WLJd`#i7gtA1pk}I2CU@PX@8+%BMZEkG|T?Nq}lLT0juZaa=e)>8BrXrSa7$B
zs2`NdpO3ykmbW=DRs4FmP1f+SCs%^!6>LZMp^Uo=yig4^=PDsX7@oZHN6G3pVspn@
zJ%?rSd`Ut$TcB?j9#@>u&T8;%lF?@<Vdj<S3(;PbPQvCO`4I?tv@rW34*NKMBYHr5
zLVO?0cU`>VeCK|lRh=S#H^R=B#tpYeZUf7`nR7MksVE53sk<XRloP5Sa`g+dNB(ZN
zUCe4hcg0??$G`%P3Dr1&pc?}4&BDPggq3w<hIO-?zd2{KaM)|Z#aT1DaL!&1QVdaR
zG|#OA#~BJDPQdTbA+DK$K3sr3z0AQ-Xj-y?);qv1)K%u3bL1CI?Y2|qoFxW>s&Lwz
z6GJ;s<;ByK&p}NGxn^|7;ougB@gf8-=DCZ>SVtW2>e2Ys4*Y75Q`kq?49@1AcH6Fu
zFo*GPyQ_B-yQ^O${pIKMmuPrIf!E<|%79FEO+*0L+-D{F$Cbp9C?=VohT@BZZ3g!s
z#eTjxUW&^dXvOa`&utEyj1MKh#orrqL)};Egt}ucyZ_Waur5DDQKx*GY%@<zZ@@?Z
zy#WdLKJj;Wd<Gp3%bZOCMEANn-TlVDMc$XR^;=LKf#btDmtl;I*rAy9SW<HGXSK%M
z!7&^0*d+Ob0>$VH=q<AUy3Tz~ypQ8Q5T<F3DWBX<ukt)yAwFdHi9!N>@#vu6RCH+}
zBYALYQ+OhgK0%UFMkG6rKzF>h(s;y`VFNa%1Kte9gLoRFv<@Qe^Lnw4hz}i~qy>n+
zqMzw6N0P5p`9|OGn?rvEKl1s`JXx16hw$$?*K=Nh2(fh<A{gZK5)uXNWQ1#`{tY&n
zrh_DZ@JUJ#sefZ0DPJli!SG~i+mdC$h(wp6_pgYdIJRW2{tFM#IqBZ&!dne!REpZa
zi7xvE!e_A_wQC=6B2%x(<wt@h5Au7FXEIH~{FDm2(brOpx`uLmF^;xT+bgt=T=DaA
zTJJB;Kh$sdoilC|XlUlT#$g3spEcCMAGY(g7?1=!TG?eU2|TU#pm7G0_PE2m7SG{F
zz*)`+FYr>%AVoZrOUqKEuQ4eSF)7fX;RP!Bj^np+{ORZmiRQKWz!G<wSH2&3Xo7id
z0gVB+WZlH^+oN~5@54`|Q2O@zlhJo$YD)vE9ipZ${&nGMvJdDE6^)rZYiO*_cRJwE
z206DK7?36at$TSLg~P#@VF+HupkRnT*-yk}5`Y5vL4sG;K5mfbJc10oAJ7<Ir>)<`
z^caR8D#p^Znr&Z-X@U~!1hLZQ>tQbdem%t24!%I#9K6LPk!_=(CY^9DjIiw#${f&4
z#UCb5P*0Z|q~fUZJi^m<%&@g$+Bo~9h3S&rR&Aa~YM`;~*h;h7a<1MM%(Y236BGB!
z?Sjr_uZOCw=nJFV{RyiH-VYLus<GShrwoGd>rQ)ijWJ_96eZsV-Zq}N$fSCt6P7sV
zOguy3E2uxh#<_+#A4BNCNDeU><Zc*bmwb@SIGAbKAf8|3^AVnR;Ew0N?2IG_pM(Y!
z2ZtIwOE7bP+=pfOwV?%GMLzC$os@sO&w=AZA}`o1lwx@)b=Wp$HH8ys_>JygL1L)5
zJhzW|s}uI(G2<OUWd8wKC`s7(ReDo)I1Gy?3*#PhPZ8%gb-j@0_b=%E{yy>d@cee{
z5)m6<5!Vg2nCIPRlxJhP$WqK1^So9@!d^fLd+Xcnwz8~H=K$btYsOZL928*Vx1^IY
zodT%X-$cmHb?wOUy~9x!EHYvmb8un<aKPbe))D*u54l<y?Y7HVcLUeVbF;y3z?^Fe
zQ34JN@*gBZ3oK^GcHns0c4?B8FnKIIT0tJ&jo!kKdUkS=2O+ls>jeW~+y6F1Rj~*J
zhoi|4g2RKS6<7=^9OUX9>M&M1B9D-4eiw*F7NLh=6jvOP2~Q6D+>SpRVc%pDh%RJ%
z-DAOgxcb{4#s=txhoQU_4AXmim|=>B??(>`qU$5r5ai1I4@`Y57IvqRTA4B~a=XJ;
zfa6#qHP|8*x*wH9=6Fg=Dl+}?;K(v4NZPN0G+c4~9`y3#O{rH$x@`FZ+A7ehPROUU
z01mr@>ty*A=uw^E<!r@S&DeD0{^J~eDV|%hH)7Q8?fvVmVA)D`6U(;P9%S$p|6o6D
zTX*o&+Q{qXkGM0=(f7&f<ty2G`}NkNrg!&MkLo?^_3G85wtYsdM@{wB%ooazf(d=4
zx6%jCba1XjE9tXS0QQ{FQ^(>l$!XlJIuE9pb`Q*E@Gt46f&W7a|APSkzqRm>7%kP)
z3iPLeCiL^AkntL4Cs~XhcQyGqBGL<sOSRPdl0_nO;~uO5=&947lr5nP0|Gs)09K+4
z-Ep+Xxh7jtTtBdxEpfERv6AgO={%7y^DoUS<E`v=F7yw#%-GK=vhi~qpK2&hXl*q}
z=Uxf)kHCOvR(1PkRc8$0oY=yHM!gu`77ky+a%~>4jmxgGa*>6oo0mfEdRdg1Zj3jw
z#oSaH5@Gr{lfYJ0aL&G-&)IoAVO?qe;~;V#&m=gH=QmPo3lqh!r`gFco-YU=gd=$d
zk^aZ0bmIkQ3icFI(4-*3kCP@G542_;1{CO`n49Xn=u`ZU=VYF|-rhvIkjA3qoWC<T
z7zjEi$08hkaec>DPf1{_+GTZ+IqVmXBS|i37P8|=G6UO(6KKi(%?!{^DU-d-j>_~U
zJ<n;@PoA~P^O!h(EGiC;FnG3!egL*?p6~L=p-=MpWjM=tVu)$a6r4{r?`<$;k$>3v
zI=k(6hdJpmcpfQo9F74FSyZcDX-ZJJi0Wzql?NO_T`4BmL+Qbm=6BivnZ|NlI*)Yl
z)l!0)&cDQA3HAKp1E1gN65O%%#5HTYgBY+q2|)&(eg_i>{S*u|Mv(hOocUnipU8bU
z5H`<SM}|J{FnYMYY1QV}7QnR)Wi=yijj@ok?V6Iz@drtNaV=w$z@wowD~vA1XxWse
zS`!cnPWB2r$VF~IJFc?vjJ3j$ncpz%S4jCQLf?593HQ?&`aF>yX_y{XgXbOSgDAq2
zN8uo{u1-U2KmJ44G#&q;Sn@yC)bo4K2%X=*Cix#q`d`SvM!?MPgrW}_2jVaXFmZQh
zP2^nN8gqT014)XLB&ibpctu6+9wbINfp)en@T#eOn|kRi){xuLvll+q^0Nz4W`&qu
zZ`ujHxYZI=bmqjtz@0F4wx;?XSq%|cp?l%qG>@@%2NzlFZcPFfSO3?y;h~bqP%K}t
z!~KQVE7j|h)fr8DVzTQQqoZ%Sq(5XK^$=QnnQZ}=f?{*Kk;Y^hnk{wm#p3yE>DZ}F
zh%g!y&%{dn5cY;4@3*_g8MXRbi5|G@rNqSm<hHY@>D)p~XBmB^_si{5l7(}D&oH&M
zV9(o;sg3C?rkCxKj9xJR-zm*^e^h5TGJ3Yi{C_gtVb}YL-Dx2CfvE_``c`4^j;aJ>
z^bS^!N?Lfx{9s_?$JQ7<+c_6kQ=M%zdP>HK`4eqtCCz29cXboq)l2I%+z<Y&{QYF&
z$3P6jKzO#2`FwV`^#0$(_y2$%e#~r;@-=v_?VxEKvUSXea>iporehCpDCXSMB%w6K
zR$|VX2LytCPnbPzC7A;tDXWCgobw8yGAzWC+>79MFgU*^^_xX(RL^(d|8=JR%zzpf
z=j8{%e6y7LGviNSq~2HbO%A~R45Ra6^1CM4@ij*G7`TgB=^lmuK+ld8{T+8xz4_?8
z%<SyaYoS7;hc=}!lRB_sw8$-NS5nEr)&s^1Xd<afJ;OHY{EHL<lRwjH^iPMA&ax~*
z>;EM-utu_?$%4{QgLq!wuA%-qa2qS3;j)X3=m-vy%xib9rQQ0KXvbv{ppuIkfSSqM
zZqa=bH1D%&$6gp3vsgn%sANJ9)QV$HW;L&@BZ~cc6#Mo0l2GQ~*y=I{OIxZ%U*ICI
zfF%mARIU;90k4r(Ff{3j=R0YMpu4n0Ak{kwOAmRppAS24tWQ{Py<n|&J%FhAM)bI5
zJ%F=a%or)ao8!&MkOMvbxDx0)B%p^yD}as=ffnIAstdm!ypa2PtPC6e#|LQY2MPSx
z1Hw)&i9v0JSr+V&12S;}GB}3DF3jkS#D$43BQ8v<el(sO3I%aMf-N9jc4v%Qz+hw;
zAaXlrJI$Gsw&19pbM-dEn<5>qgz!-2|L-78K57Hijv6Qm!r?LkLVhX6WnteS1KKh|
z(_cS~xP`F@#=jYIBd~V}&5h7O77u6%gG?_acsTk7DbDk>^QS3Gx7eLFhw~v86RTn0
zNT>v0-(DwD2_obND2VOp=%?;iuSY87<zQ`t<mJJmKIJ9+o*OGK-AXWxd&KI?3x=O$
zlh}E}a`<6=tBe(SP!}wUbM{f5%niMhL$JZ$Y@YY4BFSUtf44`TWQA^AWU0egL6SbN
z8v(vrhi%K0KFZ^(%{kA}1*a&QSak4Jqc9`HQ>;gMg#4cIG~|j3oC9G#_yzkFgI&#x
zoU2s?XWMRmtrm|p$TjRv{9K{kwtdo6dt^bfu^^e>k{o#)<c17QLIa4(?gK_RGx6lb
zQh3;YbH*x~HYzaCw2=wKV}AE$1~tel4FbqWzDh>s7dR)pBW$%1Mw3ns{u1n>MBX}^
zEHA;^2(GX}bQmn(Pdx!*u>oEaCQDsp%)^sfQ9GE_`YIN!UL+b(htmJ@dfiXZ^)8I5
z9s7y52>DQ&SsH*ZWs!d&8a0e`GFywWbQm6lRMQD8^i7J1&_`^*-(KkxWMCVyFF8ex
zcT8cZl&^6%abS1a{YR~k|7l|9cL1)=M^Q3gZjaoSY%5JRClxqs`ygw%-NEm0e_l&c
zP_V}S;Rcqq`~`<p$kiuEecpnd-z`qbztg1DRx;Tf9^909dxz;X3!4%XEdds|2h_s(
zolsBPwU7JWS}`x&gnmV!?ojL1saN03X8)~p&u5nZo&>LhvL!dnsyKk_+K#LtLH>e2
z$ac`!d{w=FYUCMvWGR5~{Z$4JyZ(>r`c2jKt5;?4XI^FS3#qyDTnQ9ydWrtx_`W$X
zX6qp0l!O@AV#=&5RGmjjewI?-AHSm3ccndhKyx4Jfo-8sEi2UDs;_B(`e!3pe>%Hf
zBwk;CeLAVH4bG$fw0?d1xI&>mz3;uM`gHN&ZN2*Rt9`GhKHV&UCaY1`)c33E(FdPt
z4)1X`=0kPs+50N*lf!>We!4ZbNz%F<6s?EhM|quk^@7Wd$gnM8SYcgw=V@tNIemOR
z|7ioCpWMLb<9$8f;Cgr1Zb@G6F6{#;uXmTe)vtH=dA}Zcr1j|_jILI%b1HU-_x;wt
zU*~xB)WZw%A9y{yD|m%+Ji5#sLT*47qR%?w9c_ya@{LbI-qj)!FOYm#Db4g9&a#mb
z7_kz*HP{|k?_83)YY8PGU8|al)$kZzkPpH8J4}n_YS*$EWGemx4USgo`~R_e_%5)q
z6)lK=*Ptkf&#=4N&E+Du*<Jk>*`bE#F&y{X3bGzsL(EI$CeBz6<?xOKI6?h<0)GKL
z@pp5w847kz?s4#!Ns_q)-5NqFyi<wiZFkKK<|1pz`Pa4*SO9`SG7EfG#0&8_)WsK&
zN6hgXF~cAungDjj?T9?g6<lfr-{p(-(XG6`>Q`?&(Ojo~^=N?g@e83gKI>$2p*9|D
zN8t7G{3f9i0aAXpqO3SBvRqMM?QnJbH<au~P`?}8uf0Kper-sFygmExU=Yl<tV+II
zm0uF-<59r%@i)2k=uuyN{B5fGcw6sRS$X_<rTppD$M+%i@h>6It$A_I-XF2z>rS5L
zr1-iWt&TsC^_RBj+Hn2#@wXv8e1&>!_mx^zKkRkX$G47mX8czuyB=_YpqFt>x3A&a
z>*EJi`s1IwZ=EKeMC;@G00$hl6Po(?PEvimC!>puL9^YIL4PT$;|cuNULXJZaew^q
zSs!ofotJS2%HzibTp!=tSAG2Laz4F>n#;=LD^&Vbe|`Kf$Mo>2uRi_`fA#Sppk3#S
zRQ1L_>*JSs^RK%;K9npA*$!rnsHZ;Of{o$|C_nGnu(ygu&4+(x)1@8%f!f`z%$I23
zc^)Dr=X0b!ep>zY@vVlqg69YzzEO8=AU+^~`1wi<;<QLvg?wk>mJ@D09;wd9=+(<F
z{;RqFdil!QhQN7E_42JS47&C5pTpwhm;eFL*2}kC$>=ftCrpna5x(l>MSc$TQ!h_s
z3kv3UU%fWQ<^05;`TIu<O@0?(oTgr0;h*1tdU>+xv9?~mB;jXrl$R<V($voj{xH<f
zo9DeoeoSiUhbe04`+e9BZn;K;3AOaYpqBn2T13ANzTqPGa0OM3IO7$upq~E9bBh$;
zy88VFU!loYYgM)NLjC--zfetAQd{o;Dn8d;*}pE#k5FmfiILOcO1G+~Ir=;l-9sHJ
z_-An3C3z6?=~xnJqW%PE$DCRiCS#3ayStKv4+#Z5pGoiM$67tx8(v>e(+Ll1A8>b7
zuD`gO9;;Q>*Fy$q3pV?ayY=epmHFuiS$%!7@i>VsE{Nsz2BTPB4{5nBuxBqconqG+
zovUS~_0WXM=bLk!WHKeS_2B=-IE;TgT&)(^T{D(hY0-Kl*@bvFNg_I6vpC4<%{bDW
z{LBg8kapCP4RrtCS7^a~kdYPKBXiEr27@M<m_+lRF$$MF)}Sc!|JWdv`8!}AYS`!y
zzutms50lpe8di9{1pqO*@AnGp<2rTtJdQZNP}boW<6&qWKER&rf-+uYo}1#;sl%U$
z;!A?RBfN}~?mHXD@v&BSL7kAdayH^a-Bt4X`<hT%e?PDW>biyli{3aw3Looa1oc4C
zpGZwMU@RVA1{@yw>pEpU*g&YipY@=h`g<bqf!5z={;%rq{nW3=c^gzOFB?Bp8sA5K
z|1nvax+{3uNXbtY#=BXTmJr7MR;a@lZjJF<KR;XZ62JI9TqhPIz~Cypg?c-k`up}i
z>hI}0p>KXU$ybDR3NqANe?MJSf8TOBE5n?y@Kysl5EfAVJy%fI2u1s-!Pn&L_-Y7q
zGlPrhc$#{AGTL94ebwYE^F!kN=BGaY5urZ+Yy!Ul@nU^GY#s0Fx0objI$*niJ(XV%
zG*=aRQ+?*|(Uj+Z{tceJzPd|3dySFT=abs}#}w+p?w6{{^ZR(k^87_#GxB%6t0ngT
zI%@nKJi2aqJ|WtvdQ0?u)#rz}zgN`eAOD&xk%SO%(C!XF?EHC}uP12={6hE4I`w)0
z)Z@qT)v9v*RNZoX7_Vy|pa+nF4A`wsNiW~^`h_)=jkhY;*pU_N|FK`6kN8<W)K|Ga
z?RTN|`eGVgRj<F>ps3f+YiPYb%~a)283-|9B*}EY0IP2u<mL8v0rbLJov=?i)a?^r
zFixu5&y(u)56B1DwNEyHr%*!CY2-sa-^)w&OM>SSC+JJ4_xlQqba`jleyD-g>o>!+
zcpD1#*GSdZtG;C3^13geAgmqqcWCO}_U~?fUG@6!>-}C<ub)cm^@R+jykh?`qdZ?M
zRP5g`RqW$<A^3H>tw1Q*hdMZ`yks8-;v>n*n?bj3zoTy5e!=lZLtNc*h&GZM{z$0d
z??D%1p~p~O!{2N#LC?ym<XEcXe;FPCRY0o0|C816A1H5b@NDHG4`MBWG)%#jM#LQ+
z0%?i%*e7-{3E}vD;pp4)=2SvBXTNZJWceUh?|U4^N-}JB7&Zr%gn9gwdnzVT90-s5
zCE+j6X6p1n$q}TjNsa|`dtxVSxfXU3>iP?pGK=;od_Vs-Wjs!d3D)~zbwWPFUwwZQ
z9J1uOBP0<E>BI{BAH#1!_uLkwIbTIn@BjQC&2{SirS)A}@4voQmM_w&_fJsN`zOpN
z_5OQ4C)RS=t%`boMf`^S!iw5^wDtZ+&o;c?pA1}oz5fLAKD~PX@jmMPyWHE*dVd-M
zG`!xQIH~G-{}KW@07mNER$Tr6*!vRrsH*G#nPfsHY;RPQsHlSs8Wd|{ttNssBQx+u
zCnYUJP(f2c8Y^Im89)UI%#7r998DDzTW#~JOQ|bb1l%AjNx&6R6h$Cz_#R=CB?)Ai
z|2gO0x6Mq#qW0h4ulV^$=Dl~{efOSo?z!iC?m71+w4cZOzqBuTy#MbmHOBih`s?xj
z#Z+Gh@%|_(ds(MV(f*6~>e2qi6zzX1&wPpAiD#?G<2ItkJw;?lGjO&VTc+X#3iHQD
zk~g#LD=o&q9%KCLJo5>N-Z(ZPU+u?@_ot>EYrKDU%f%hX`w#3a-hbOA#})4{e%=<7
z{{{ba67TO%jQ97O;{9zD?@zY%;7W>c9*N=2Z+_In7)(wC=@;)>@bI|sSuZp!NsN=P
zvn?d~Tt_(VG^uyPD+auOZ7j||PVpV_@&B|ohVlPxhWP(cM~MI5BkyJ~4fOOPvU;@c
zf#uU5f$f$JJuJ)~(!1B^Mm=z6HMQ5Uzd(|Ht!F6!U(F*6F!k@G(?0H%YVbcA;{Wea
z<NvjJ)DZu_%91?(zXxl1uS!e+@bd(KliKv)XpL#V;Yk3t4T*dkk%Vu0{Qs&}Lv_{~
zwZ_1Uks=GwV95lX&(H<oLG-9M1P$^3b+!dWkH>%t8y|-0WyKjQV@Hht@AiHYd*m46
z|KE8p$@}-2?3p&*Mb=pMJB<I|h;zMx16ut53^CfLi#X_dWBmVCl%%I9{y$EHE@2pG
z+4@8wIw!%H=Kiva8#bBZ)OEVO2XuSlA)wpb)Ajg$@io1bT0X$JN%8@{-pS6R8BnX(
zV=Nh9W))O+#p$Me=!AR#IyQ6!jieTWS<%}PLh&&+@ku=uz$3XTjeYIL^f2?cCX5gD
zp}{_;1OyJVqt{ze)(xK{;l9)m`7aGLeXhGcRV1UMb~X@`S5v${8{bEW_b)wo@o~lb
zbG{!j-rvFN{~_`I^sVEJ_pdx~angAI-wr&^cz-fxe)M>Mtd-*Z>-S&WLA?JqrL%bd
zh4fysc>ie^{@{53k?VSx;{9z$iud1tZ1MgdUyu;*|KWmkS`Syxk7rHmAmYDFPK@}k
z2YBU?c4!g*^?JmAO=84<4<7N)_oyABH)sJ5+Ruju9cR3M+JbcBd5)lf^4iOWkfX1S
z!l8ZA7T?OY6jZ&psZsQ$nKZ=>274wj%s0E02Enh4NqgFQ5^4Z^!95n9;sXuOdo6h4
zTV}%w?*Ha1#ZB^tw*d<NQ;U}_kOsQoq7Pf~_;UyGklF%<dHoOj(^PglBB*do2t7#L
z*&pAr%5TjbyATbvo_dS&-^P^~*3HY!xrur|wrcC|$@*Q{L4RI`>0!WQFg;v&ve_Ru
zf``|G$yAOZ_PwybFyCQsooa7cp#9JPOa{-%kCDOibvN2yU<7(?m<kgkmw{{!=CU~h
zWHaWE4AqhaR*C>pG5$B&{Q>;aMJ!n$I`|R7+^gi5lO_zDZA=(g^cXea!3ETWVrYW=
zm-7YF`MXEV7brQI@&&GCb@b_G#@i!sogc%~ex+p!=ne1n0D|n^j6{!cm%`z;m@#3X
z2W#TaN2&U^y2km3&GNK7Az$EF<SGB_&gE%u-A^h{pFINdv{{IgCv*;C7vF|nf>7Nj
zUl7x#L(ehi6RbA5ppxVh`17iTIe+RTpP;nUe1f-jsQ$;O?E&;;RkMVG*ThI~e{}E*
z*r{uyw%ON2yI&#ZtrhNTwP0d_r$4?h2VR&m)i>Zn-^xQN!=sm4ljas&fm~8ujX;s5
zert^RvZ^hH#DXEUJrdRe7h94f7H~b*NnXM94)O}tD+zf8<X@<O$@BJ|IC)-S$}5-@
zV|fK7U&UfdF?nhMlzoV)1?ZB(+=5DSY+>+|!NIUv?&6}ff|c_@LjKuPO)Ge1J`Ifz
z0XWG|rE6&gc|5J)%Ri;#`dEBEftBSGpz-LF*6R5LBJ-+tuf&9cr`yN`{>5<iiOKV5
z^j(#n=<n({pWqKGdmL>(f#%=8sI8-Tf3*l6RH<}n)7CwcKHuKj`SaQ%Jb%XYd}Vz~
ze1UMQ=4a0^cY&xqq1A|=lIK7Crn*Nb`43p#jbpJwau=SOEMEccne!E5E6At{tN9AC
z!-@F{3Hs#o!$y4)r%w;Z>(e9UD`4({k$>^ms2A&Bw2+(x>m2+n%e`{1on0*DGczq^
zJ;lh(Y|QLRlS|jMv2FQBrM9c<;CKw6`hIkl{{F`eUGUlHQw@iSdo5#?KB?{I^{~3?
z`g-k<MCFB8oV?L_0Hb33Jb?FCx5eeN(DP~P^B0ppe^h<`K*Dq4pP07~9qx4?IdY`A
zn=u|+e~!Zlp5Gq#oXuvyq}e;OKouJ_eaMvwH_(8c=yIsvtnj2^XRYFu7_AZ5iwoX$
zHRYGj0*&`%9tCjZi+&8AxCSov3wOZu1pk7DgMUZ5vf<w`u6+1+ysHrYo#-kSP73C+
zqGhg9;iQO<UA*Z+{=kors}lQq(!<xY2lu<G*n@elMfBh=x3LG0yQ=B>$-CI~Q*?B%
zaME)UyMCTd-4#yy*JJE@v1>0~zwuA?i`XS-&TI51vX1^d{2BfEi$Z^%JVbw<%SfS`
zPNzR_41hni!94ia`nrYUN4Dc|Dg2b8wE7TCC#nR73rm0?6&{yRKEowg1L^Fw6fwf6
zt=m<<6lbr=(hi|sEk@_L99Ep>>(Re}E`ZqjhCkxTn<t^6Ca`<7W(g1eNA7pF!18}p
z?mFVRYiHb*zNP&T68Y+nj?05~=ZdqNtAM{k_!LGbn~NCgAci`Lq1nXHd}3&!aMF-G
z;$|`YI|F%ot&jLvPUIeOJu$ITWnvZGz412UAmiw`yNG?&oP8F~zV)1a7S6tU&OQrg
zA7f|mH49@OlbX+%j3`Vr4zVgTtc-nD#y<E{J0#b{yLlUtcV#xXPt38Kn9~=S<KWC8
z*049f)EKi!ezFgze@-=1PUP+q=2x@haf@}OA+NRJHm+V=bFKBV&2n%%t(6%TI)&sf
zDTejTBIH;bne$)*%!i9Imp!3M5v&ipoc~=H3suMtyO&Ed$Xsz4myCIIB<N?-GzF+>
zj4BPx(DK2qA%Wg*5Lhb!<2e7>Yh6&9qF1&?&qC7ee@1w;x{oDPUG}LzI>~`n%^$aS
zvEb4oMRFFv1!^*ygzD|AgP&Us{xzJ+mZswIEcqp>M_rWGD>YPz=;<cAV591q0Tazk
z2unO6F2}E8@L1t=Vg5=y9^TUzcs0TacS<X+&4iy>IO*LjM(=TBpyb1DHa3FaHH*Qo
znnmgM>;Z>B6fCn>qOM|t*0NGb73+rNv1ufj!%wr{FFr>R&7{@TXDRIGfRCaPd==ir
zVu+mBTncKlq@<yILM41Oybhg!A48witowv+$@5cyLgCHGR$=}sPv5U9iZZc#qEtkk
zg1=d~WIA1p&U8x(3eDJT>P~b%_N~^NYk?kxsUNIUVx5<FC9HOZHxqjk)_W6HdxP~2
zXp2Vm9^I(t`A0^VG|WNn_OTcdh!`2>%omn4Mkr?q*Gt!9NYL5ZoVMgNEQ0=#h^?|>
zXv~+lH?RX!r&ar4Sk{r>&+7R7y6Wj)>htwmP08kK?fjmz-%OZqizwEE22D;QmG-gI
zfc0wCF>?wZGu;gSeRaIN`^UKPvRNH3H+*dvFK5Ap7y;E_<SmX2<get-W;G+3Yuc-E
zd`y_#Zm|oYE%23TKgSEeF}Nr>?cNE&_7ows6RnnDyDji5F@o^{SC0AlIToe1u_up@
z!B-qYXd@JxdM92ug%ED>h(Gg%@D^ery=WhGhDC|Oi|oB%yHyA;*B{>p9aJWp>V?lg
z&8xBr;fM6HZY+B>maW8x-G$J6R?gNvFqxOh#xiGX_3^tCFNV8zYJ@6ZbpLA!?(aR=
zQ@wr<uj}>ejd;CYzdpSXs89{pIn}F;_5Tl+TX-;`{>SltCEWK(%~F#uQtD7HIoOlO
zhkT6gflu!2N7!XQ_j?Z#BLOfkSKH(aC@2kS_2qprO))sfRe!cx-$MtEvcB66bW$Js
zCpWT11ym+En^D0|$Xoi14L1>KD8#%LG1$_*>@ts3KcQb}?BnpDOc5hRAajeiRKt}A
z<j@Ok22;j2!ISqC6$#X`cA%0p1l<FDM!}0qW&U0ddJomJu@w4;QJplbj?2FjrIDCa
z_sN~NiqWe93&SWph*8A@_KGXz6oAw26m^|ovp44(#Jli4Uu5w%Y$$+u`SAnz!Lp1A
z-fmCbj15&g7}z+$E8S}G1#42oV2!OH?_l5!b{>s(;y8ov@$nZb2XF$<d;87{aH&Ch
zPguIUp*wy*xCZL_cIqi$Fu5bWT+9F{bc8xM_v85M3nZ<NbYW=e;}(j!XYnUMzjHt@
z=2ZIz>=l;u>JpjvC_a~Z%|;8)mscGCIa#aXgCcR<?h(>Q!M0h`x|Gk##P#*aEQkEB
z>2?d^>oxLSOM6(DxA<>xFW457Hr*(AYe>v0!JfVNbY=#zdAi_mbz*$@C+e}-G;<#u
z;g?pkB@Ot{HBhM=p&I$i%kK5(9lUd-FFG_P4v-nwXQWyi&eHdP^IUm4V``19VhHH>
zZDsw%aWgH!*sQ5v%I_}eVF@<J+=6F~xlmxU7(rWL^E5kO?$~>y$!WtHj9>r6^!16U
zR`kb#Y?UUh+n?7E__E>ey!$sDs*V|cR&qz0I`XK;qoD~v*oI7~x59H4>&@&IGLJ+5
zKu&FwZR}ftZD_#dY}VH+x5>9H27ZK|c-+E;dv*(%?BC|BqfFF>^H2^}Znwh>HsNY%
z@uWY)C=ix5%3mIe#jcS;yO!A~O;p<IkKSheXuB9Zls<L+%63zEd9k6eFWA;S@E()C
z?|9hQys37yEv*VmDxeO}X|6W@ROf4luq3~)9<NN-=Nhjg`J)Z_ad<r@?z-4?{iD_g
z#_qSeJy39ddo13+Aa2*6_c$;9Is3jC*B;+$-M>)zjsE^c`El>(RLA)<z`Cd=i-ym0
z!t&F^mDTBJ(1=#Bb-oYmL_KS$f03bmGxxP6w7=f)d~A~Ej_>s6S03T{S;^}ER`tIy
z+ce|6c4j@*ztR@t^fNwR=i<+++4Dtl&tLnVyJ@P}^ZK~wkEzeg*>j|?ss3N``it3f
zY`^jO_3Hci$)D$`&z<b~rmvIuhZcXvfQ-`ZdviX_NDb}PRWAg}_#?l|RBOJtsSQ-o
znz9}kErWwe-tsbhB0AF{kH`8bYy!cN^6K6;Hh##${D<cMc{$!5g|Ac__%k!!|HPl0
z`mffO54ExR*BGOWGgFDl;XfLEKr>tpJoCaSVwgYWvb=m_ngws=b2l~=$!4qL@K3h<
z5Ipur%HXxgL_Anyj4Rt88Sl#VTMzoIUo`Yq<3PV)>nA=Ga8zd)<JpL|@1Fp^x}`cW
zJ1#^w^h0UgXj^k@tvnZhT33Uv4y=F*%DUmNSKTWpXgq?=7zC=mEKR;?Q5)TGh=T^Z
z;QCi|4LvfiUzK>I=D2(w_X^UbFUy;|(>klM7W*O+5PALG>6VV<W8SA+J{oqL<fEhV
z<5_w6&D~u1o_wh-#`u@C{H477{c8C;S$SN)X;PCO*+Q`N_6YJzV6OdW6JteW>@bH|
zH_T4DL`tt6=CB|moy20~ZZ<m?1^#i$E3QYDPK2kp5F!p}5Urd2c!b|J7EJeG4K}8x
z;at7LSJ&FIEij*2eOLk`NUpB+WLw!f?`O0W6O%vvwhQeakhgl;g<^EH6+5>2MXYO^
zJP7Jk3)j+tD>d>zc==^)-6?jJ??M#2yj8+nO4(v7-hD;fXlIXneQGz0&syWpn+P&-
za{-<n0#=|E8->D5Q7w7U+p?egA|s*GdA(f1eYj-8HjcpzBa%q4e{#|&h)X$7%h!5c
zKrwko_h-Wg?JqK^bD|h#g1~(G0uwvYEOw(cV~)fQV8zcSpJkCV4_3$I@m*2u>Kf9J
zo>}t2mzl`D05!?Y)$q@VSK>Z01s>6ksCgi%aDB@Q?3D|qr=tKjyvP5klNUl|4X;fw
zuJ?=4I~>WPWQRKZfJH><;(~Ca5PFmVN-K^=TMCXwpdJj3V6!l782oDu<bip1n!5t1
zNbIilq_G4#!+P;8agi13JO)PlI}K-7iqdu@_jmG;fk120H8A$@J1CF1YzJVzQGWVM
z_&nZ@40JU-OnIYM=FI@&HS7c8ou8q_lN@jVT-Kksf8#FftbaB2iT%6&9_U{;?B6i^
zG4(GiN&h^SpSXX)3p(rHx7!l?ch}t*|L{HZ?|13P)W6&${Tm<a`qTFB$pM}9FD*&`
z9=i*-zu61@o7?4>`X?soU#R^j?%(RH&idDXYhwRin-2ZEeGl~SA89|he^0gj#QppF
z{LcF4-ICb9&!$2DBD<k~b+#Wo{?@eq#QjU{w12mLk=VaOQ!yWK7xeGD)E_+lzG?Z1
z``7Qh&iWVLoY=q9v48LEg#M);TmO>Ie?N8qhV<`r{`)-1{1?FauL0-3lpidguERfZ
z|HipGo&P>dGXIs~{D=J;X8pnP={fWh_b=G5)A?^xlKJmWod0&<{Abbor^b66C>kMs
zB+lN6&Ug$X%EughF;rc4xiG-vDij9zUB$wHk*-o<z~e4_RT%ITTR9)_JX>QOu$V2c
z4tSGRRui&uB3H@F$J<#3!k6N>{n+woh%asKsI$488eI_x)_GiD+Os<jdCdnIX#2X+
zUkH`N<>#Cv&R&BJ_h{ZrIT-7iWPMcR`-2Gct1+*iEqvwc4jTD+p*_YINO9Q%4P5C<
zL<rx>?n$)&wz0kqqBPCXVO_<EbzRBpIyg~{hc(r=&d|QZ`W%V%?W$+>J+0QqvIZRD
z>}KcCS(bn!-k%k#PuRZ_%4b6PY-9OzJ1Wm%Uy`BF1?q7^J=G&;;rSCVG{m}93^A8D
z2nI^&TI5gvMi?H^k!dQHs<}2TejuE#4+Mh?E4IGjQ~4ilJvI65v^`mv5<DWYJz4SX
znSapSo?jeOdwL&jd$RFpu_W!ujc-p{Tzj6r=2+S@xAiF7gRvLR-z2t2jBiiifVn-V
z9#eaoTD0~sdCQ0I=4<k1^rt45PZ7!&8p@A3Lis`{Uu-B}++q2n(GQz+2dg}zOTrku
zZ3`QNeQ!Go{a~ysJF%{_cwHMyj#57u>#I*osPDZmSbgD=1pQEYjQXMcN74^fzd8#2
zkhU*Q{)Zit{2w|7{ZKyqDD*?%`#AYOruH;7AA^1<E<6hT@a<l6d%{DHr9Hnp+V-G+
z$p7_G=!c@X_8jycOM5<TN}?Ysk5NBV9ix6&baeVb+eou5S@I2r(`-1RQ86mLJ!V=6
zQX@D9@Cc5+akLsiVN}NbD%H4-10`{B9W_4bTP>X9S1Y^FW(qkQkSX<`U+``T+--P5
z{zGF=S{6*hf6!KxS9EVD?eM$t>Eu}a+a{(hMvYH5o@b?Y-XA&dIQ!q_$Ls&^I_-b8
zssCxb|JAJj2NU|=jrV^X@BgQ~|Km*kKQ8_o74tAld(5=Z_XGMrq0|1aF!q0atc~@5
z1?&HT`2PPbgZKXy-v3W{|8M!>{5SPK*7l?I|JF|XzueUScHaNxtpEEH`fum`|1IzT
zM&AG5YW>F!>QR-3rBHppZLhFo9nPt-dbYn0zs{s<^ZWJ5-iP8|VL7kDbPZMDddmmy
z>k6VTuP1H*wqye7m)>K5%}znlAy+=_%QDh6-7m3FSY%NtJ`o9F-S4Wfu)thQn>9u1
zHd9AEP~Im0<*8JQSXWntIi9$LBR{*Xjb)95*OPwE&%7pTliB)BgijXXY9Z9M2gkBv
zR2(k`r-QBq1eq;_CA-B^8*)8L>Ky<df<(Bkw(vHV;LU1&k&o?JWKpZC3%QnA*nj2I
zot82Imn2G-JK<W+IV+9otEYP3r0`vOf^Ti&Z($-@G20ptDqhb%jc-`w@B8pM3hvCO
zvH&@qtd-)eFe#|1PqfJ%y!|}y0RF9GVdLs+xfWLQBWkBc(=s3}pp*~JwFz@WCt>iQ
z4QBElea4?<5y#nPi`KO$BP3_i7A%{YFDyU!dRJ`S!>QdYMAus|$f#~r$)uMo;)S?g
z7I~a{hdZ%EZ?}4cB?D8$$UN%XGF&YZ2aSZ@3SLf`yc%Kdb_|!Q7<dLs1C|Ry&#a>K
zJXKWd$+TK<TXKhQ5TI%y_!NaTRnwB1;|-khgDo+)Ft4T{{7t?vzsBR-C4}EdL%6*w
zIKyR&3G=E8!cby<t=m~Egsb5F{M;HL^nnc%oW2o4XG0y{&@Lf_`&bx1^+H#qN|qAS
z_6dB8b~}e^ovA`N&B}h~T4A_*`pO}o#|_;;7T)BPrv0D7v$~LA=8~tuP5G|s9G;}*
zFu3DdUS@}i!&ayzr^Y|1%#|wy*Fd3sZ1EfE)CXyk_I_SEehrv)b*}AlA>0KcSPWgd
zJKaD%Ty-W2DtEH{DQOeFDhf-g#mK1aM$gq&rx4l}SH=11$r(_qb>pBAKA9MB(9jKG
z{wn9Hijl5DA^aAxKo&wF#)7iB-cV!N9OFl(bjNO#VOzl3yAIlNjnx^b@JKTI;$Ev#
zfRQ~+K9e-yPhI0101{B+cGd{ttKgA0XBV{~yPfSrmH{mg!Vke$bs9h!0~xxsn}uUR
zk9aaL=}@+`Y5Pp_5IfK|Lb%eVUl+o4c{&Og(>!je#vMFpRqjqz?Z6P}!^Zs6Qvx?2
z9h{n=g&XrhWb*M;Z;Uz(4a`vG5<^_Wm#4C7UxFKhZDnT-20<N^N<v9GP6%C;YOxsG
z=fz##@@b{J&_qv@T%MFLqL^F`u&HucC_Gf1?*y9O*M)I40|!+&*T!gChGzS9Ss<2|
z2;mWNGBu=2Qn6I`Ij45!=a%$E9(uYyPZ|-%YYKM34})xp+liwu#fpM;+qpv6Yo{)g
z<^+zz6@Cph)`NC@>2cEBsF@Zq`fJK5pOh16d{AJdpu$#NL6P<c-Gr~JDmY$8%^B0e
z_KSe&I#yVyT-T!Iw}HOb7uH2-tL!^D&7vwurSUM|M=LTbGpE{@H_IW+DWtm6{SxL7
z2Ag9v<E$X-NAT481y2mMS@;qtR;lWzH`xp$g!@?&nAvw1QnNH@x1k0JKLVTxvUDR8
zUtb1}cyi@{otIAWy@gdGTm1bdx~7W}HmCVAw%{6kR#}?7JBo|)Z!!|Wy?nU$Io)HE
zxFL761%{wFdySpu{(8T(!xVr*w9NEjSb`9=fZ*lqQgVPal{CMa>6dX*n#M+Dl)C?F
z{%G7%_w5YEc0Pq#ReniqdQ_f1#Q6eh1vCm~qDFsh4IWMv9(2LykPLk=XAdSMr&U?o
ztc`15WH|9>IPmA^M*av(X1EGfCJCN8;uG>n>5lv{_DkqO{lbJnLq4FUALcX7pp-Nj
zp8F!h;PqkfRouYAC>6rIRXIEK5AT3)HY@KR(&P?6C{91hj6=o{sU&){I=w@^c_^K!
z?eLT|vnqQv#iZ&&{h_bi+_2_UbG7(a(w}Pk-)Tu~|3<a_)cAk4nDuROI-3#fY(@Y@
z()|)4R0pL<S5QB3og>_xwpr2@C<;H=xXM}W2L9=M=*RdFY3BS<zc-)@Q!bfT3ro7^
z<l2SM8YtqHb}`kov^9>OxvZYehfVy_bihZfe(ky(ui11S{%tD?85^`#VQ#Hew;{^T
zQ>~)%-0ZT`xdOQe2LON>N_dk$>5W5xsU-Ay+)HV8s`m3oC!ra(m_%M3DIUSImy{h-
zd#c9sp|-mgHGRdU7pU6K&$XQx8R;rvr`WPx2TL=>$aIJN>33ZK>S&6>mY{FcmXw`L
zFJe?&Ug>BdTt-{YmVpHfN(0S)xwU^9vul3OnV$)BFr)9BQAVArDMIMTE)bV`CAY;)
z-=&8*eZk)NwoRLyGh5^2Kc6+VEQ7S+Cn-1?>`o^AKTBhFWB3=TW@*1%-9UwphV$WC
zX=CT3A-i%mEXS21S-3Eb+00Jb=XD;llTr4W6`i+=ii^Uq^*N35>>g<_AGE3SL43cl
z&w^K0&Nyi7kEz^SG%UQbR$jUM03RnSO0hu?{FMUM>hdZ6jpDp8Y_sM?%!cCFVh{YJ
zO%)IrPQV--fXB7obFoMk-LLaz^S`<LZ$AGk^1p@r?`Zs6=Pjlw(|d<Sp7czrX6mqw
zA;icsly!N;rz~bn198e#`+%Qhr4Kx094+_ZN#V-F?JWP_pqH;o(2&*2g>X+Zgu?BO
zbcKK^RS4~6S1(en;rD>@%9chP@HNVFz)=`N%<NE}XvT`C(TAqNhh9Et{?O}K`!YU3
z*8t%UD-Rr0`KarQD^f{c+z5|A$dzHu$;4Y_^Wp={Or45`@*j+9>iSe}1BsDe=Ynd?
z?J9)sNj2%`Q1M|tni%@fhSaHT9eoo=h0>_y-J|`+KamSIrsc3I@#qW%_T(B{<VZEx
zayivZUCwM}9k>BIP-HCruM}n%L1m+0{_F~xHvB{@3uT3S!wV7M=4ut{^NP{tb_4a8
z;ZD_HBd>4O8(A3F$SI3-P0{c|2jgcsC&qT=yM3MU=GXC0U*k`|RPNlz`eCwJcFRR}
zgU#}%!<|)r{{izXINYk^qBoeon}Z`EH2!-a^lke&uT}HON@6w;l~nZV80O7}9-)Z>
zG|?k49+Y5<VO~ty|Ems|CBCWYh!X!X716EORfmuG%HIyNd7B(L1}8}^5NTI4Srjyl
zD5o9ljAC8)nQZS{I_2G|O>s|O=TE;<8o%%G(Vo^0AKlf)<}{GHd-Kt~ldJ4)H8p4l
zT*|?1Jt-`;4@S8T!(ZpoFU?vi#cj5@iLKh#56nrlukW72;#{vTNVmxE-PabAH_eBC
zR^Qh~8*ag)SfRaP2gVJbGnW<ZU7-6<|K0w(&6VW8Td4W(cD(Z+>c9I##t-w~<z)PS
z^52yf9)<tzqdi?u`0q~m?@svdPWbOm`0sv@|4wSR{a^9l{p{{U`{Inde`5cgug!MC
ze|N%v_uuTlJI(h0)qmIf;~&j`H~8fL!~VPBy^qCzxAKtfr}p2y|HowhyS4v5|6SW-
z9r^DbUVXxUXJqpU|K0y3|K0op2Ak!C|L(ugf4BOb<M7|TKRMC9etj}?%FO}XFZZ~!
zEhcBqfqzo(O!VK~d?zb9Do^v@6^YWfxQB&5TC~VrR3Lro9ytOJZx8Mqjr*qgBe!DU
zbT96TD_RS4L}ZfFFBMgZQTV^kyO8PfMHX*poe;uP&3@y<J)%E%kCe~Zgga%_iqiTU
zu7_EpBI2#^!3;yRBFXLhkthYq#f;Um?O)j3nNVxN0`+t*?*jRWc^L3Gv&x@`8_<3*
ziTbow52U<MjNZD*FYSfz-KfF`+DA)o#0?D~;ZyOLgu=HeKvJ)7)+81WIV?Ah9zH3i
z9o*xS4&as^0C&bZ;p3U26fL2Rqr;^!JbxgHN2B>81rAYqf;RJsj$MSE^+jJp)&cb{
z<<twT&1v*Y1?6(@8L5`Y{OPoh$k-~MRD<+`D$2#Ew<@$jrK&$dpAaMTK_P^bWFbX@
z?!!?OsF0U`0)q9XMovcRg1!fkcK%3Up-*ax6fFSS2P%CTAA@ZixEZ=oh0TM%6=L3|
zGCS^QFm+-aVZnw*HABR027VZb%jN@fI~o=4K>~Z{EhGY&67sed)N)~>3eMtT>N0PD
z-wIswmb--|-rT{~vg<<CWmmHkX|yd<1Ah=B0cd5QTnKsSRk(`0MFf}j$@Nv31juSr
z2FCa~e0yZ^*;uS$u^NA>R?v+q&|ZGh__E>L-bj=+vZx%Y!nb4Vm9_9#K6x!lPaO$q
z-ZqdP_w6V>F*)P1bc?=U9P@|!4gPQ+ZXj1Q!Y{oe&fY1LBwXr3Pk1JJv|XMGkLx!k
zcQ>lNoND>|yG)U)cG>bOdb-#6B6AI%?s_qj#hl$?u#8?vL$T>6Mn(Wg@{V`s+FU{i
z&HjjY4Agu-z2_xIWH$VusoUYVe&x^mYU)KaR~AUy#fX^QAn^TVg0)sZZhs7X>eA?O
zTkV0J1p~GR?(nH6kw;jA4Wjb};U=34;JwW3Iuo|1aTf6wtL+JID0>CkBKm@BtZKt(
zx^^hHX#0eqUz^}dbTMUP;`Fe9PY<|tDS+ELTm_IA%DFar>19MTm@=@qMgIDGki~ID
zqy5r;aR8{D^<sGQy=CDII16J%K0(|n24`l1v6O}2HroA6Z%%a%?WD7`5#_ib6L<A1
zh<5K&Ak_=Y1LvY9#*fK!pFk`2eyRueRk?5;Yir)y!ra%fGKqbo7W<8Ui3h!@cx3dj
zOxz8|;ZJ>@9!qtzzeCNAb4KGDFkn7SLGZ@XPPIh{!;-_b(Xxvybjr73VM1NHkiXw+
zLpPEG-G&Y^`Z!VBAMO8i?pYQ9+rGRuoSm|ShpPPp_VisPEC)HnJEJQ`x<){aBg+Tb
zgt_<N9=}UcedBB)zqMXl4?t(6187BOXoB2i`&IbKts26X!V-%w8n7aRN<hqu%~(^+
zs}<&+fj(S7tHoDW*e<}DO0Xl#xMX2XR}<n?_F3pW*v4U}rwE~M>3I=|N+3($#zwr5
zznQm6xbJl$+LdQ!on?{JUaIDDR6fHs!lJfS2#-zCTde#4e9@U!y_K{=lUFCqeKnOe
z^*3r$i<39C;TqkZr0<pGd7$)2w4g_$W^588i|IXiEZBh!XHr}}6A^q;NrR?IuCk=D
z9qI;+!BvDw?J<ss@N|W_Z}ZaZ`?!FVw^z7t40dS1-kc4{b*BfJ3c6-xSqe&Wle}xc
zjS6Sto5ZGZ6J1%-YC!K!JOmUEGKi$d3ZcU_WU#8`1n(w9|Cu<h0j#(ywq!#`&<lvG
zc)pB{A^`1toK2eKtO?9YspM9QD1_bz3sZK$ePvAx)6=PwvK6PnPmU)bl)>0fWM*)O
zm3D8#?TJRFFw%r$fQ{P`@-6Z9MRqRWqF2dzD1x|U5l2Y?k(pIoRpgS~t+6s@W~t1~
zRhJ%-nUxwdK}`r1*(l|pJbckh`<Pp}fQuWsY}gKoN;|aeoK}YS%#5dFOK#f-&t2S4
z$#D44dyF_dc@zz%Rj5cD5O_}Y1j+0Cv2b|*U@GW}6*RA4E5DLYS*+pjEajhvG(8Li
z%u-&{&wIcw`y?<EzRYQqe+l9Y8csPK{W?vXLHxY8QVBpkAV^F<ekT78b#Ve2eaM!l
zssCVCY*$`vH*X<D#2fRS0XVH`;ULjeOwQ$H$ithNtd`S^wG3#bV{7;I14Z%0v(@-}
zJN{lzzkgA38lCOhl1)c$y!&K|MNY5oiMOh;)U(ghrj5AKR9!<a`TpM-&2Bk56-@Ez
zaIfJ2n)qG0onO<?L*DQ^W{kgmQMx7Grr&-`+z5hu8*X9c{|w~~`;Y&4_Qvc#m{!*9
za^>?U?2Y5LH||u9-`*IuyK{S^_x%4vdt<ho+}`kI|2Nqi&z%EGVg57!q4vhEhED8_
z>}K1KZEwtM_&3-a%f=?RH>$?|X!gdbP5-&}#$An_+Z%_J1bgF?DT($*yx0FHwKvk{
z#M>KBK6f1U#`_INWp6ae$8B%y+<IhtW9`->*&EMnO|&=WoC%6z;@`>Mn2NuP>Gv<1
zdyu^m$s&7W%wNFXcyuY*8--ZviocuejXpP<?2WS~gS}zDIhnn2%gxMwxS@Zdy)pHM
zM0?|w8~Fa0{f+j9>MsOKBRZ)PorSY^vba6&S=l2>ucFt=7hS}-J0G1_Qgl4?nT=*X
zGjs_VY!L5S=<0`$v2^A`C8>CfNg+9jqT^kHFZj(~zx1_S|5p%$K&C%Ba{=%RX3JQ>
zfjgQ;dmJ8cmgV()R@DNis>_mC?53N8%~##)^F)iSzHw_noO_GG`n}?SHF&BV)VUq%
z+%MnH>V!I$Kph_GE4A82+AEc6TlQ)!cEk1larORaph}E-7x8@TCiGvy|5fsY&ukX3
zjr#e~IV6P(nVYLZSdx#fEecHe7malEyBR%PLijlv&`;nic(&nJbY5^wwms0zQvMba
z%>q(QF0=yadodCnO?AJ@9D_t#?$j#t%d>XH$cgHcYJJkD;-H!3z{fw2W@LS+D&Bc|
zEq9*!rNasSJ^9Ilu~@?^l~7%U-1JB+rd$<c>zVUe?`Br`r9;rz*m`9oI#>5EHe{a*
z<RxR@KZAe&<SOQD{rp^${VKifmsWc5L`uKQ?iH3-dqW$_GL*$TnZ8oaG%asdcCw!h
zPs|q$iTTUFY>VG9<}Z)1W{fyDJ#qgmZ9khNbxldEYdEhf{aigBHm<(-{cMaiIumPb
zo6l-|wQs_HHkM(A{b|G_?`PvMmiPUD{jLg*Vn3T-JZIh?WuxU-_D5Oz$}#L`Q&n^n
z``JAGthqhjV`|U&N829U&!+skqu9^p)VTJ%8nYckdmeqc=ke~>kwlRHxmDZt-Mm{x
zKfYVVnQ<+<R^P3nQr)M*-!E>Tig%3rR6KJJ+ouA%e#KTc{#U`hhNtCs7RB#UaXsJT
zZROc)mx@CVvFn%5X6Hj6)BYSu`up0JAECcv&h4zfOYYYDd(9Ts-wk(De>cAr-{0G|
zvHpE{7VB>Y@9)a9u)oIr#}Ckc@(jq6X<AoTf#@6z#=S&?k**Tl%aFDgFII!>$U-&&
zd|XY+siw1GB)`icFMXVc%m<Aj^Zp1$fI4Zb$B!{^?%K>Z&_E1+c}?(8ewib9$o>Wr
zdKm_QgMkhvza7K2Fob%3wR62xD}*11XVNF|Bojk`*1!P3@ENc3TOs^g47!!R_2ljr
zLSZ|GYGI(^1|d8=15M+JU{>W$o(#Bus#BQfaot?j6|V0P!iVe_>f9)V(K>-!B3r)p
zfoAhXMrDe5>xG~bgM}$TV3;GPk#41QQ&FSVf+gLw7KC50Q}m{tLJ07ifHG=5uF)7G
zNJek4#UX@aM0Jl#Jk3JIv+=KT(4xi9LVJ8dc!K6PP~S!?5o*L^Y8}vc>WfbZy^yMQ
z;Ys#uiV%_jV^CO2CA(Ehh5sOg7i6$j%&QKs12Ws!3!zmR`X``zVuy(k_opyI<TN5F
z2$=peg^uCHbIzP!3E|IEFud=p{M=83@a`108K#3Mppt{gfFBN7QJsxjEsbH@*o){C
zz;4&_>;k+wU2~OS_^_xZchs?<9{i7(2csXs>CJ#^TG$FO{8z47<+A`Xt-{!d8LnLB
zUT7jWLl(5`KCB4v)lC?VInGA)jJ7~4$AbMdp{qqtj6i?|z0bzN!20a2`NHxV;lbh1
z&HVDVi-iZ$DDHfs>n7oW!$9qzoK2?(i+O%mmJl43qEi#Aw-QP3O)<#UE+Xm8cFiL(
zf3?T?wGb{#MXG+CpW7gWOHy>v!Z>4WK2&#;6-{g+4q&|SEf{E4-ewg-7;=Uf8F&<a
zn+H;sigiRGg8g+Cn}vFPlckJ;?20iOS6lZ5oNV{^8}BOdWqgd*dm&g|PyLET-Qv(U
zxXLP7)GaC#zOZZblwp2D@F1|hE6AM3E(@VaZ5Z2c$7nv1LAQOQ5Snfv6DbH)B9UBk
z?rk&2qotF8flUjl#~v#zRNu^LM2n9G2m#vb>HOh@@*<VMqQ=<Je2Q6BWjZua!-qal
zX1=_9hY)-gqlP!2n1@c+aX*E`q2@V>+A(NYrVuQpIQ%Rc11s=3MXe8|_&q%5of?FL
z!a@fb(|4jp>&p*k2=~1XRY!~dR(?25m|IDZ9K<Ook75!v=fyTH{&plD```z`ULXoD
zjRYwluu{zXP<UviXkCx=u=`zON&jNQf<RG{zBzN+^spI?c1l^B7VjDpLg}fTA=I6V
zyRe*<#uPj+1Lc8vnlP3f{Sr7<J;IXlFm33;p00CHT1Ysh=UFBew0Js?YoD6wi`?sw
zFMbx|JcZD3_#QfE!W#moq6n7>7>!56T?k!5(e+HwX`l+>3!$~}6NYPOXNsx@B4r@t
zTJn_mx~>R3t3;`bLGYCnoqt3ajL7T4{5sraFdh0b9hm+N<|1rX0$SW!aF-iKe%dr4
zC||BPTD5v`JX+MjsWw*`r@hBpj?=#{I&=yt8|Exlbq$EiP(XI7X2-)_-B(N&%bupA
zT9A4oW=r829RGNoa;3`tC=Q?qHD|Q&aIjerhOffICO}N?!$t@%q3+`%g2Hi#grgY+
zgUN#`9bDVrSrVs~a?|3~lGn=B(w0C`yh_q~J&8!kF#%}Mo3MURp=0q|@SQ0O5(Kaz
z%IQe*7qb}U@1s;Ef4eOxfBYlB?M&^%(qS|)9!O)(h9u&dUxD#cD4i2iSexvsj;XMn
z5ihB=wk(VC4U7Mz@vZh$X+C818%<|<d7ph~vnYQ!#PB6B_GSx>{G46!7J$;M$NR_0
z+1yl;v!}GU5%YKJ4gM;eUZk~R(<UbNf@dY(D-|WHa=~F!{i?YCPpi%kYM=5<Q!JKD
zbKOtW$uik7%3T!ErWU!(#<)?{Nc34j3kaXwga%-(8uz;nPwK9H(c-Qh>I6poYduX5
zO=vCq>V}eS?UTB|Pa+Ha&EkKv`QKdrHy{5_a7(`u-L*7pTjb}8ajoJFR%N4K+9AL8
zDD(6=!QfODXmPO?(D$SLQXTT%iCc)H+O<<g1zw<uu4OkYfg<SR6uj%zDWO`qpo!v-
zyuczau;}#^GLe+~<Km<Bz(}0#a~hT52Tl1GASdSh66I~?yrZ#F%Hy$dUSNTGhS_0l
zBl8c&Rj`mM;DZf=Ju5Kva@=b6zBa><g@vY;GQTlN!VjPJYLs9TJ25U|F+7E#!>e#G
z5_vZ%cd#H$oJUzz$!1Yy(*g6xq#Clx1dkRr-mE;=dgL;(*5qF^#Gf}SzftF{&gXg4
zJL8+xbqH<vMXijtmmD}sQnVa4H%?Pz_(A3E{c(Zfs02-&dj?1963Up>?77i~gj~*D
zv^$lv8(Fj`$naRebtuoH;loZ6W%x}Nf+opONbv5Z3!mU!<CE%?<rFjQwLk@<0U*+V
zz!YCb(@c_nV+Er<D!riVHEbpGk$t?uG;^`m@}^@WHA__Ofl_ji4F8+(@o43SgDSl;
zHD+dZ!1$s2R3>0cGdVk1QeGLo#q%`uMymW#{s8aF%c^?n<0D2aCD(ObLtp&oVy&^<
zwp}}fd8R9Srd#AQMLf2t3#cpde~&`{x5)k9@??>foX|6!pL?sG*LE--UoW(n@O8a~
z;p;*TUyFE~EvM4~Xa;<Zs|iMYJt~Uowa$#Mn@#w7WO97H43+I0gs(kDd<_t`&h7kE
z2>0rWKGRQ)02{Ek$61fyds_z1_S@aLO<<1@!rsLY_IvhZ2>T8dVNX*L_5&6bp3Wm(
z>4h;;#DL`^-Bc9hb$D}PbZ>H3-QJ)!tO8rF8^KF=E;M#PBF07;8)(MZEnE(BO&I%o
z3!T5m@O4QC_&OGkuV-rb`c4gBUr+cN%#`9dd~Hv}*B6`cb&TU{0~y8`@U@rW>$}YO
z`dI_MUfvPD9?0-@ni*f`;=vH5wamJ)FsDvb-z*`Y?U(@7OvmTMv0h-H!jQCB9&2jB
zy$TF)c{0M~OBq}qh$>(b7_?_}W%g9AH)q2H4~VRj!R5&YxLl~g<*lg<E>9L7_=v$}
zVJT>@2>@<Ngy85Doj6!MgUffP=z;=w?QC`YaJnigEYI*;A?zc_{B8af6LGb9906ZS
zE1dx}fEHObgB4_)p1aFq0GHn}z~vPjE|1PxH$ft3ENWnRG6&0IQm|ae!7?s?O}mPL
zWw!Bz29~oKSYAkzyc`df`T9k$NyE#{Lg)z%FV}Ir{HYKsG|(v#FTWUvm%SD~G49a-
zGkY~2FjuruzFU0xq<~qD1I#z-^RSASZ_x3wF99#_LaP&+F~|!hWo9B?jtSwZ33z#+
zMLDf44lloEz{@4LB)*j4WhPQ{UQo-^{nt^j2doladPi9LecmU+-&R@I+DE!3AvGp2
zFyu8r<@*RKBR%#Q$fitdGuU?p7`0TVGK9MGK^n7=m#BD|r$k1_GC)#p(ed(XVQvHM
zRpGjrd1+wiPDiX)OpEs#Qcn8|L&`l;8T1J^22MulE$fbhU^)QdO?;PzQW~8?_%eo(
zVT^{BsX|Sdc!K0G$hFdsD5T=xI^`x44i=$}A~5qg8|C~|CC9;+w;FJVamZPeN*+hR
zTXjFjzuug6q(BG)gWdq<#Nppm75~0Ks28dw44jM8??0Yn`1c`kfGjLE;@=5?e@mv^
zExgq78u5Ciu(T=fec^8_t$P9XPNH6FoaRdS&fmtV7f?FA(-PFn6;@rn1VkPDs{K`-
z#(YuKg_E&j(1DZiBZznZmMBFH4^QC!mR%~|Rpn=~8Sg^XXe_Z00n%M3gzn%-mkCw{
z=Fvq9bm5}?Tg1GT!rWh}XqWcy&>`;yT-ZQ#YHhg|Wp@X-^YX(+yj#rhuCfa7?j{}Y
z-l5}N^K7h?9O?+~-oa88U+Unydo{c(EFA;J>Lx<FcYqPI8oeQ-CrGKv?+>%}V_lTL
zZl$^K4vTVLvxaX?n&#eQ`1TON8nsAYj&ILxGT__B;YNJR(XBUU^N$2@z0yrOz<vAI
zW`KKG-c(@#xV;;BUMk|-fyah#2b%Ehvu1qzB15l&TEC8K#}M+3DW4u>aJ1N*dwBYr
zHgfKjDu2@TJmJ|DMm!7JdvsIM3O2oAW2#Fzz`*Q41hXp=z-%so*{mjmRyLwp8EsIz
zvi<1btgL**D`FsSPa>X`aoSaGKN$DDM9cz^zV#>yoz>RC2MzF4R&GAR{M`|-m6bOV
zfo(bFYHm=LA04ihm9tyony4u(0=6R#7`rJf@q?YG?GUjNIA_;e^A?A=1HC!b#C}~>
zPQbunCt8V0sSa*In7`w=79lN)@jwIEYc^oo8s*yk8m4t}OzYs77Ny<6@uh}oohm5S
zA#MNtyn&>)CRrv(czQ235?iLuVIa2eGAKJ4jo^XG@`D<QGBqwH$Fj2W1>jMnr6{cg
z;#Xh*qVxeDqnSo=Q%9x|%-W%Wa>Ji`^1(6wpaIFAjsFa!2ddR+{RIQ3>tbCj^2j_R
zjJ*zUtL)BGVeCKhSjoRZNn`lNzYEXKz4wTC)^nVA*47!G{lI`{Q;m4`t<Lf6?~Ve`
z-j@W={x%7oJ=1_^Pyf%xv(5GdJbTXnHau%%cos8AoAxIIwEf}$ZH5YHRZmuDc=mlA
z&#q>87Bv?`vo|C~vt>!q?9N0qJII7)i;jS1i!?O*mI2MatQ!9M+VAne*@f9j;cVYd
z;OvBB!L#}QEAZ?!M~!FgKN6lD4U;!t{xzam`Yta2N-LW_6khs>7JYHew+PpKCne(8
z`;+6?nMj``_;tfifM31$8}KVz={*8|^(4Wsbu2C2VDew8(oe&$lTG-w6xvv-<JT9H
z<JVyw<JZ5M@oPk1zvbYygXLSB3SVDLgs<}B48A@L@YS?>OW-vC;1xMb%eAyx%V29f
zY8{t|TKguVR*w<2UXuj1zQyR36t_N+1h@XlfLqh8M!8wRacd(`!?gZY$`)%mer=4$
zuO{ruR%$f>TX2*B_G@)NO*4)hmJGiRSPb}8J{tTwJpsR}^2G7$(;eW~JsN(EB!jPj
zUhg@q??ae~UoYzbzs^pEUo)DM;nz!y`1LaPzioZC+mLwpdivc4_?p#dT%Y|x`1N%&
zetm)A*K-o_>x~@0ewQ4-UjKrMUmrRGel1CkUo&4g7W|rf1pIn{@asz2;NpWLz_qPM
z2Vtil4TP;b8VGyFQ9;--IvtM%zrLg6S9P3m{QCaU;@4iC<JWO<__fT4Uu(_y^<OG}
zCCx<wpfAq?vkAV=I!^dH=7+=A%l5~$Z&G6WnAm=9!msZh3x3_Xk8J}(qcyXF5L^=<
zqjpmxli=4(#IF|yRs1^T2>8`~9z&%W-vfS~cYzVVJ_3MMo_&FeU%$J6mE5*B34ZM$
z-nldU>Nq<5+RKF#lU-hWM<?OVnFL?GM-%Qm*cBh`+*6Hqb|geQf0Us|J2#~pqMfS=
zyAE_EhprP<=o+!8$nQ^<xENnagRWYzb16rzc0Jhn97C|P6M?JE6&LGVqHTvtxb=|5
zj9aq^x9+hRaO>?x+)8go2D^Bev)uq&r)scuq6S-UP{W+BkAtlzB`(8Wo}qssX_#|S
zVwm$3Gi-g*09%)G*lK66l@WpnK&UlcL#<iIiCWvyKpNKq(=>yw6udlxfnaAmg6+!?
zY>A3sn==^QGnw*$2Ivqri$mBeH3<8T4q>bH2<A+TH+2d@uQ`I5gV^6EMld(0s{*5j
z3SMD|V7`tl_%SB<%BV)6%cHc=<rOK~w#wmusb;@;4Dhv=D;~Y>=$jP1_A#Q@gvjOi
zxaG%_#Vw0T;+9#uE26F!jPb`9B_wrsnZuR4yGYIntUjde%V{o8v!xx1b`q_8YnvY5
zmvsHLu=9B3B<rucgz!v;R|mVOJt*B4@?cLe;njEJ)?e9V!s3;k!klVjymBTFRnA89
zrs>1@Xyr+yK6$jVgF)9vl13|6=>4I1(WNRQs5_fDetjk$zuq2)UmX+?df2AMD-)ua
zsNq**q;hyB!>?%!zd9IxZ8PB44-NRW1mx>#9ltI#2y#4ty@d0fx{Ptix9a%SuKV$q
zvN+_IlH=EFjQDko3BNwB<5z6e+<5$&rD=)|*I%*9ECR1;{PFn@XzQ;Of1GKGKXy*J
zn_`c%f!&<ZdgSpWeiQ@ev>JJQlTn?3hB-McUY%U1Mjkf=u2pr1)>q|Kbw6~DV@Giu
z%i@jyo)~ZZs8N3QSd8-XCdaW`E!z5P8QP>{H2gX-4!_=R&9AuBrLVuDSdAm7W^<`J
zf#Qr+38M((RsfHc3^%g=C^s78cQw3v*VBMkcPGWG=2=&{*Nj&U@-vgg7cY;)tNgpx
zcEfwL)?9{>f;`Ch4i;oAby33R_+nLt8_e;=fM0*soIJib%<-$ibWl>7jp4=TaQOPO
zCceJ_;n%5`{M+#BwU@@n7hiun!>^f$U(Yw;*Ak9j$ujm!HkWD|`vDUe(JR7_5)*p;
zR}&xSDt=wa<BQK|>?pq2%Mk9C`1s=Z{r~@};@KGnJUiH>hZl2gK0Fzm-75S3s>0cC
z8JsQAV~hE0prY9<#TmD8t2wlIM~7>%RE1rOr~QP77Q>Xt!b1}$JZ0j+BL@w?auk8Z
zUD}d;%M>DfqapvN<N4V1%5rVbZf(%b;!(xxIz+E=R5+)_)G|G&xVwu(S9479WK+N1
z<$$$>R28vUQ|>xqjp&GV5|1V>F(A*9c;q=LKAQL@9lDlq=!!AA4hAG0rWjqUpd=xh
z*sft$t*MieG?fYIW&?OFQQp(yh#guSv7-Y%H<;px9gKZIN&?u)qlg(l7;v3ZrUKV#
zM*yxBy%`)W{0e~U<};1JbqgR>dF`1haQ#^yR`NV3IiYjBijDfQ@^gFt_C$W}iTvCX
z`MLjx^K)&doXF2TkpO}~eZQakBj@KnIQc|=?(yX3rq4Q&pZlMapPTo{e|>)LW&Qqr
z>%aZu@$>0p{&(f)`X2m&`MLH7PvqyG$j?2IpW9J>Zsx7WmY<ttXQ+Aa2Ef<%bT{Jb
znE<WjlI|+Le!n{_S-atg`1(g&4_@}`6YIez)`L&12mkL_5B@y$#Cq_F_23`49vry&
z#Cov49^AY1#Cq_*Z$0?7x&QU+!4rD@+wkn5)8g^0ui$^zdhlK4KWsfXul&S%@QL+c
zCb|E`>%q5NceLxl(+{;03e8^wc=esORs&vr4*;sX3~n*JdUiW2dD<EkuhIt8+V1WP
zyT7DvJH1+e-l#oyeD`A9b3FZ|*rDqSy3UNdcE(+2#a(B|UFRClhXOFI9b{VMmuf~(
zI<6SpnX4bXO+L`>E-|`{o!J1ko;)Qz)#B%FH9wFYYyn^Ja0*NZ!NayUWSEdh>mU$r
zi@D!;@7;Ib1@pSvOL;jBf8cs6zhd!#JSZpa1!OWfLzw#szO%e~NOa^27Eg3wp|r^@
zyi_v?(39{WE<0K`!S7Px0X&6U+RP3<7GBycu59SX4?zCRs-hQs7Ob<nm(y$%Z0B$s
zld1BZ8-?&oSjWbK@Vc@LFCwiKC@?uS1$mze!TnYXJ7|7~6|IPG7#QziB|~brM`{$u
z?Gl!RsPXvjm1MA3>AdUN&83&&*$wDd&o6JkKnR}-PmwM{IEXn`!B~nAz6<LL?ix?N
zRF9NpIQO>SNc7v(i@`OyH~KU7>ByzhIA0XAgPRA(4D*FA;)cg=hcM?d{A9%HmpF^0
z5AbBKiz$MDO=n!+;fR52#v&LuH0C@wd@ok{D}-e*ApkOYbJi(a+D+f{XeUo+(-AgV
z(r%?*KQ9%&0%m2SD1Gqy1=I{yBeuoiCtuTg^(#1dSu5!44m$Eds#RWVH{u^WCRy#$
zcT|nY+=2wZ)Vf#=tTvG?RDzP-ZSd=}m5QL<rUVW3Bkx1MhZ{;kJHvMg-(w`Cwpa9G
z76G7A{DwwCrg3ySYBPyCUIb6Q5@PwRo%V;=Bbw?~X~W);YRl}x5?PrHm64dgg+k}e
z`G%5qCRDmd6-ae#3xN0V)Hil^bG~Vx{A^G{QIBh&AI!q(b(ms8O?`?!Q0V^k?`<W*
z`4-FXE&izARVc5+Q*K_<WEBrN8|f0ozVF~6W?=p1Lvu$;8$fuo#f;B=k{n(aD1oY-
z(R;^7AD9R8C}=$K12^=t7fy8ZR<opj=O(wbCUCDi2;7)gjhS+`P<7y!xvK*<cd%y)
zohfAi_<tlVwI<guRU4o^l(aSc(`aAKq!Y$xI;Je4(}N`v{XN{66C=7Y2On*C2<^3;
z&1A97nG%cfvvbfhh?zBR&e&d9-Ys~(@WYg+Tm$9gQws462JQSCpY%Q+mtBKu^<z9A
z8m2-opscaL-J(i7<r$B!i96y(lnNGzkpd^3p8XnAwSh&lJq1nHf=oQJI%<pdrjGNY
zYCL#UP5oYXu$6ffgEJRdfa9uHYkVr(od8s@FweUXeV0qT3x)YBohyZKF#(~1g}EOF
zuEwKhU@Yi5$P>A>O6&(s&G;(r<mU*YqlkAAo(^L;7luBKiu4;HJUNv{Aanyyuq*q!
zUz)iLWYQ;X^X4=bNbh;1j~dS6_7~6Ia^!9*I}MNA^XJ`~S$6KV5!-jd^6dQFt${D#
zW6Oq0u0?qEpIRcY)i1U9BQuwYbzWw^1lz5`eSNIt?kT`i4r|elFBo^;HIczz%ZrD0
zwY<*k<6EnI(ng=OhQ5F8INOV2WbkVFVJP6sTjLjo)%$`q)`GmYDPN0`z@h@_TR)Nl
z&+iyC6tr9lcaDh?+zEP@S+RNkJXr`<Ss7tqiqm)6x{`{|TmV3K)wx9rh42leC5sli
zb2kd1N%Tt5B495NXjj9jzTh6~kce&h5XtspLEfIJmkl51dhwcw?Q0+>Sdz@8wxR4K
zF>*Du=W1xr6;z+aox3KminV;tw6{UXfLt-FFt-KNSe>_uz}nn)UvRfo2n%#_TLFC4
z4VAc|k|$EtPPrYvap}<GWn!eyYROy0PC?uz-|6jY!6`m(jS##S;}xV$ejpE!XaO`_
zSTc5D!*KMgN!xHMj1cZrH3Sr+)4hV>#6}^Ug)Y|I!$LTR{5eBm-avx>T=O=<9r&6r
z?_D9}VMQ`?Hu&;}0vR!-9V{ibFUYns7$!r3!1$z;WrH?UaJ}wbpcDT=3;M{A(&0zg
z`Z6bl(!EX1*G+*@S0zfHBFSKgzs5WdMT<})cvil~Y)8+BK(8w0QNualGZ)dxbcIS&
z8>xv!`e)yz&nov3SQ(m$J-G8Om^mMARZ~GLU}*4-V~VPh<lI3gB<})cQ(K3*quxd6
ztb|gFlqcHa*%@LpphKBKP3TfFe^v~S*J`RLSOB_b8GRUjg4F4zJe3i=YgIH*OHJ6;
zqPKY=zN@u+q3Lx)+ZR!*Dq8T^`@kZ6M>Uv5{)$^#MWXBxJnN00Tco_xqT+8R9(Rtq
z!XbpVv|;N5i&XCYihxuX;M_twW(&XKg<gUEU$78Itslmu@)CawI0yVG=Pyfk<uvW}
z1?+XG#k;7YXc^52sDlFwp_Nd{BIxHbE!z{O?Y+tsL~VLml$zkhg%vP<r2u<5ungW<
zq+#2LcOh2j6})XCzFgm$yy2qSaKoF+@N;0XDmMC}CU0ZV9TPeq>F_gnB0uKqspseO
z`A7Pc&G{Q~{&{zVUs{b*kUvu7plL`VR>CxdV(48EKMh5^VD2NQVSF=_Uk<gTK${AH
zu=vU<a%)6wHKw_UADhM|o0VWz<Jywj`JNCSj4KZ<I73y_a@cB*bF~njPLtE>+|PvY
z9yDb)!xRC!#Dn@9%!8G5{#5V~t1Jfk)A_a#?uKCDZP2L8*d{#HxUTjL%DYrc&hVuc
zb@6PS5XMMPuk;SCLWDB#8`U|D4G#3n;0cbX@bXqqy~GzCS!40%ojX<WMZ4c8j?42!
z1|J@p+vof;Q4BU%-I2k6mEfL#3lOL)yfN*4F>h<xuXV3hqeWjZK^5jEEkZ}4Y3Gwx
zTN@t2{q4NVbPvM2<nf_3Cm#+6X>EaY$PJh_*kWaHq#*BBOW;P|xSk*!m7=s(di%nn
zOmR>_rZ8lc)TKd$Hh_K^26cU#LQ3bWcAhV<wrxNP>4HpJiD^~$RnR{L3ez<4!=%5^
zpK&;D(qD!X1RV#r)_4{iTmLAk0<i9>@Gc?)yr>F32Sa&3&N9K4l)&TI2_bYj&I5V3
z+5`711Jy-{S+weQ2<)Ov(F!~YGbfoSjfGkC8^83CN19n)AngH3hLK$5mfi=st?*QY
z@kG0ZGbdE)_Jb#PFB%YaR{x-xi^|T0IkN=}2v2TfU^DckYN#}r<}$TJV5?9193;BJ
z6Pa0_vl*I9b%MsKf(D?JhVCRs5=@AsQ?JpcDYxUAsO{U{WK0w+0&5Wl0QA1XCvAZi
z(@>a!L*cu<VE0r_Fxwdy{<5p(TFJJDP1QRC+gUR}4>TazD*Ta2Rcy|5zlrvWvWrxP
zJ2Ph;!*z>WIj$=z2TWH{PywU4im6u65Hy>BZijk`%7yUUR+K6QU>iEB?$Xy0j5zX4
z8hlEb>RT(SVC<~&K=-KTq6%zV6>09(OmoB6Kznb}-7yQ`_56xJ6-zJoOY`XnLaB)}
z3+gJbD5|KS8igf+Drh9lu}g|7n5QOEP;SVI_b$^}!m9$6eumn{`Rp`FY-TxBT>%rS
zT6K|HwOTDTzFhOpM%cU9=2u&c9Db0dK|5h7rizr(7UoUUKKLDekQ3dnl1C#vpGmbZ
zZZdum9c<KzZY?SYD+rZ)c};~Hp|MKk(KaKaQNZFpiY!Lo*h)T^g7gTUwH%^ANw`q{
z4g`~@4bjhs8-==+=7u&O!x-+71=1Rdq(E@UGZnO4gi8V1F6QY99y|pt(w$Eg_p`i&
zb#n75fKMc)K&r>%JtO%J6+?=VN)}j-Yl4x=1^jm|{I24^^WpbG{u?I2%0>J)%;c5J
z`0vs1yPE$l79)kDDRBaR6yuLl_)&sCro)d?QBr*gh12mj3zV#6x5`=cB0rT^`dm9<
z7twE_d(`jK@t0VL>myDCyQ2Jjvk~m#CU?{U0=s@(vIns1C$Q@Tuv;KC1K7PC?q$(A
zu+s2MhHz>AB7|Ebgs~L}*kCpkIm#7vl$#jyZL#Pv-_@pNY@8nf@BYQ;-zxyTE9MnA
zraUjIcvtKY?^fXak+Yd*kU1sfF-k|c%bc(AaCb|A;H^{K2zOoXp6q<cBg>QB%H&D3
z>hhFtO(svxOr92=6emx>z$~jSN7+_gj&iNK9OYYeITEe992Hu1IT~%%<fyWk{{~U2
zEaAUFnkq~AZxE=;=~gB&<y?;VB^Rr;MtO=<uIHBv*ySdES;a2v`Q<`(iJ?f^K#}+%
z<&nz0{F05r%4U99%`Pqc`)k>yonNvzrAi0C+{7+3iSXr4ez#s1df6!S-4ld<>A_<c
z`pE{NcO((|V4~0uF$#UNS?D87=<U`-p=Wvw<$eL$Q<}WLd=&B?HOl*>qm%ccDDRj4
zQk8cWd{z+spY_b#K1kN}?48q7n3yl(!9$tY6bA}>bqW)9ia=YIqB+!OxUyhEp|l%Q
zI2z`kP`Xz>dIEFh1wB(Oyx?fLWlsvNg`(e1-ujEKFuRPz)9%N(a_d5_Z>$!k25@ZQ
zS>O567*|Pwv@vIMfwZka+UKU8@qILzk4U1G_pgF8TqXFZ7LDf&FNP`2#V0xYBCK9^
z?0YZ;9o`#+&|&xthVitaH4*K82FyPhfcQf_@`z{e1A|@UaWi_vXOdUFv8?Biip4#c
z-+yrbvP<CI9Fz*?Jt`)nu-ctlD}=s)GQs=l`!+m#UKvC-H9Fz_XITBwYprhen<9NP
zE8&|box-B7Lg;^RYu^QG$(&k)y+Y_O@O$uZA@ne{{+*!g9-KQZEJm-~`cfa5(yPUB
zwz;CUIabf?xo~wLod}{uDH%*?uT+gLe1|_{6|x-pX%Ow-_9oFLd6DEeeXg$;|M_IH
z=Wo^Qd1mL&ncU7zAdn9<fN-g{0z`l>O=lz5a|yjd0U>-9I_~#balfof@#t}3`S<v0
zF`iAj2Vc%dY0O1Q%SKl`JR-S4hc;z1WJ|S*ubuBp`N+x0npIw5Nqxb%Z;;*n*#b!5
z`~<o`cM21fE8*oK74xW|w0>}g5WdhDkKlEPw9(nQC#x<fuft6ijnd6fF1R`cINkjW
z1H0eGb(azCZ2KeAr=K~AeR>s`Q0|I(jN|K-^OJpd3U=v=Y#}@!3M+TVnEwGpfE@IG
znsb6X?Z8vNbV!dx!!R@$;=3`_ZznDhWvnUmOJBvxT-mz6JVJwhhHJDxdcP|Z7%t!c
zjoEq5B2|5T-xZ}AX}vFF4Qgss&u&z;<6ZfYd9GfBJl15>NDpri!u!FfgZn7H(QC#>
z=a5f*gCJ67LZRgDrF_`RR;x!-`%xaH-R8DC@OW;RTcO?B^g7SAm!=Fp!_IRxv&&q5
zX(1KI=h=BKJG&J5rGs4-^2<ziIhtQO*<~@m%wm@%{4$$emh#J7cBxLj`E*%cPDAr6
zBpQb1A>~mo6avk&a25+uiwcqIxkz;psgAeg2{NPgdaAI7=1BahF+y4o^ad^f1CZ+3
zFlud#>P|*=khGa#wnv!K;B<B<x3wG-ozZkviHz2(N?|l$Rq`?$meH2ku$-{v79(NH
z*~%<Y!<j&h^v<X;`a3RpIyK~Drp6tI<EfEJ@lD4yU{ZeH{rA=+qvfVA<3|h1Puyrh
z8B#}!$1q&H;SJPUA-wufd|U0xONWlTt%H(|>{sgJ+nS%)R?*Pb$eVE^J0^rrPiU!4
zNjpTLRNmadRv~n0H(G8EUDT7Uoq%ZN;-Tl4gW3!A#z61rseS+1$KsDJcHKm#23T%f
z(`Wmo@5Shp!%WTRqMFZEQoFH2$3cg|N$K$Hws<-?6X}p;q{IDjbXW&-cC&#FGk^~1
zN_&%m46k-&WJv3ggbWM15*hj}?34^mCNkWI@5Bvcq(~BSu)&OED0KoQDA>EzN<+<$
z^QJo9<n;%24X=(f3*XnS<H4qlGNpS{qH;NMn;f0CX)tfoUcF6dc`FlR2I>y8GwR|V
z=n2%lz)sX%^2{+%H`9LHLe@K}ka@Sn3t4HRkWDuTnI>JH$m66Zz32{o_F$Zt4YMnc
z96WBta86Ps_ShHkZC#Yu)@8}tx|p{Wa|RB?tA_5%jswgt3)NUKS>hWZ^rp$S+0u<X
zTE0k8cBAJSt5XOy+jT2T>m^Q6(r)*g)WdGrL*6~DZ`R*uB<<T<o8$Xd#U>T#p4PX8
z*j?T?GBB}&p2$<YZ(#AC3;j^eff_2o?#I@G!QJS&8XG*!Zs^b)H(!!xO{Wb(*;vWe
z?6x0q`q}n*eD4YqIX5~v=kDjd17+sfZ<ey4Y?X#Nl#BKg^UC@F<H~yLOsnon4tpnH
zvWE1dHMYmunZ>()pUK$nDugi`O_|RGrOb)nI#d7FS+qO8rJ<YZKQhxFbiu5Bd^j-u
z12jeQAO%&6Bf;JQjf2(>0u!JxGe~;Ieqn9;nZ=-qHf)6^t<bdKhrYh8Na1Rxn0y)U
zs(ubmTvCj|!!b6e&s!;mtMi5VwQgx$zVm&zv|k82*rp_S*W-i{Q<e@4$o*ajt^S@E
zfQ{|OxG#iXf_rZ16K@FA!1fHxPnnqu+U=Ki3h?qy0Q6ZlK%@gDfQ6r`CEyhyRG7gE
zjYo(YzV&-mVKDMYU-_1+-NMf27xX=#D>K~Pbu?<_QYLWH9(npETqs$SMQ)2j_=YIe
zO6&0*kg?yVK#fp^W_Hla@{mnTB00T495sntOO~Ng9F>)OwLFcZ2L+WD6DU|<F@b_A
ziwP7gw3tA_B8v$WEHm4#)yHkSKK=!tzjWIb+oN1{@Ob9R>`v!O$8KF+^KYS=R`Q#V
z4P31?({a6-j+@MMtT)q9Hq&vhiH@3gkb^7LJIKM6>K)|ZO7#wMaFuBWSI*-GR~ehR
zB<f^Zi)8vMXpYL-kZVE;a+{k9;<EmeF77}6;{JExE2{CJYU~6;X1cFqL!y|mtV3Rn
z->I7cyb(D4EAx0f|MCJuBkI_f`-@lfpCB!E-SVTgVrzqL@$y!nrK|L8RO3dH&;wdg
za7F(SKQ28+@|IZimY_H&A)c?F=msKRqd(pagr-KWpSyvU>@@mMsHO1Qo(^45eDw?c
zP+EA1M^+wc(Bmzs4rq+l4x=Y3-@`hDUtgtMxSQ<{kU06jw+ok(!TR~_E;0}J<kmA)
zn@E*k?J`?+iIl}5+ksWrHHmGodV_KLLQ+?%mQSmui5D0wA6*$+n{*>4m(vevNB%=H
zn8|d;P+Y;YLpiVmo4$uiQ&D+tMl5EquCG53Utof{z~}qo3wX^1Ug1+%uCRO`6wKMc
znq)BHf&SS$kD}0Yws}RSH>Z)gEAMIM?#g*QmOSQBx0u2u77X1lt?;`hdMd_%$W{2c
z6qVup$X)?!mHXwPyeFb2_<0&}2^Y^Sn+QzCm+^PD(zV%`UxTq0-kfz5ZZT&Y5nhWy
z2GY|i4=($#CcyjHpkinOtButREuimE)(!S_x*ixEX+nSRXBgGKS-H1KBXlWJXCf^%
zVYTu{>C8__)r#u)n&^*+*}mC_iou9mb`c*fr9ucRT29x}9(U|RzxrWnLNV*;4aX)%
zPajBL+*DEs;bbMPf_~R4XYA<U12kqdu2Z1gs@M7O-l4pC@TflYi2k9o4{Bs9X7c%T
z7e+1Z9bEU#7H1zOLS2ZI58+<@%P(X!ifzzTR<<$$9>_sgPYWO#cudXB*`-{o=*r>F
zi{QiAN_wN=*3B3&hsQCRUz=^9TPg33&R1HBSD8cc5w)7I7NfRfy!xwwCdJ8UQj81v
zt8^XtAlK8l-$6`WSiR0CHS(z90_k0Ci8Z)0OD;Q*f;k)Z0_jUpQfSds`n&*-acac1
zE%H=M$N%LkzD0EfpY=(gqdvr#ZR8WK<>@g%eLoj7R#E8HYQBHLroea>*rhGsxpG$r
zwB5|me)UWB<|CuX-VD(CT);79y>Wd`U7O?Ua*MTm6say}vmTr>C4$ixJZSqn!%IXd
zx8T`Eq4c-J)cN&j>E+qqIlUYjy}Ew$f1O@UNT_y|Xhr7r`{2&eYIeOp^1QZDpabq9
z0)U@=c*p`@&e!t_#GGnc>6C|klwxt$dD(=I+ozOI&xI0oLTDF`<R$qxm18P!g~#O)
z!mnFcmT#Y0k83F2^CF*sNq(svm#?E9m)|cn6-f1Hn>yV^a>-YWLxn!67C6K<C1Y$^
zP3!*JQnkvVM!qgxCxja;rgdpMt||Qk?g6vX+`$41<sFEI<-2_r@>PQIzc<Nw-?Y~i
zw0sz~ocaMjhAO$5f5Ojpjd02<tt>s$>1Rvl=|&aTpH$qp?Wh=mV9W6ul^pz5J}~5~
z=<*`W@x|19g=8|LTo9vtlcBW!Jrv5P#dt6(NlQ})(z2Hle&nB@L-`FTFZ*GL8N*A9
zczmfQC?XdW^j|IH!eG}0rk7btsORL$D88)R!t$cHF#74>C<)jsr+%11vXhBR-A*n{
znjF<|IYJSlrR!c+#*1DiDe_BS`lTH(z)6ZQgk9Q-Qj}RF_p8^1$S6a;zBMd%1SH6p
z@m}ySu94R<5%M^jrIkV$JwU-0mbCH>lb}=4DU@3muqBfqS_5Me1g$aeOF{DCm&Rax
z01RsR@mM<v3F~&pl9C!TN(xqx$;Aa<%;X1Z<ujUiz{c^aLOPU(jH>cfMs2;6w{<c8
zyL_ap7e26iDU*vcS7OZN0WQ!J5$-I|M#omYW3*_l=HozXFd=7*3ncKfb~U{2JD&9l
za=ONxUp5r%w-^)HN84F6yI+-8oLn_|1(Wa)$!jUfYp@TOSDydmMq#CJ4RQ8P7QPc=
zo|4E@+=)UPu#7|kKh7d*B-$`4MDa9!=FaltjzZ(vj=c_$<H1~xXSk;4sPhixZ{ZAI
zg7=GM@qJW(HW$%%5OzFt5JM4y6kCJQ7|I$8Ul;I2Mr8|2QknBJj0lFuMSxH_x**ke
zgEfsAbrk&Q!ELFW!t$TP6__4Aj1YHXB<x^(O`u#cC%rr<J?`aLp~L(hM$ii3!gQkp
z`MoZ>yBNbS+?4e%68A#ceBX=A2nB-lr9QP$l(!mQvI_J$MR~8%b{neoI=2hqcT+Ji
zd%GuhpAg!{a9X!v!ji=Tj~;<RjG-LqCMV|ysXUV76ACF{h21d6m$&y9!YeUIAv%O@
zvnWz%YiLdvs(OeO>V7;Oix)^My`jxiw?8sE-#5F3)%}qTJ?QI%&>8S!SjGKR*eku`
zE^qM)q4~6fP0Mg06v1D@^8IM@Zw8wm36PE8MMU_JkEt3)W%flXv&Bn1Fg`FB-}ja_
zJ83$`-)|yFT|X4CjA~!TM!$sDpi@!i<cxPyEQCh#35|%9^9)pHyXKV7Lbqib3-X?J
z6AtY%a%yhCThOEc4D_jF>wvx^7v&Drelt+-l_10=f1;>{Zxza?Zzgvn`dVSo0HUP~
zJ=~4P`MD6j$7bO>ckpPPD{y}msXliTGj1}`xItZo;=%+a{HeZAfjP-F%b&3WUz%>v
zj{n5;ve|1`sHPmhzpY4nbx_q?1Kk=<;Xli|s)Hu5%LArD1W#F|eN+y`aB~5+(^jn;
z-NOGvW>aH<8UYo!-6MSkf>?GBj+rzNu)qLmEgOhz6{7678c3L>js}YGZ>Z9T$}6dS
ztz{HjYY7k=?QFy->sr;k7B5(87~ivs;`QOXfeO<5SXO#ZscMbeH-h%T%4t;mXtPza
z`5j#!6sl4Q0-s_O_&>3+G$aLNbTcj)s6tQq%~sm*03Pi%jjLaza@oHa7^TX-a&DVx
zKgKX_F|xrtj6->?2EVdlYlJgWsnIyR!+m)y3J5HWMvHQ&&7j{|JQBz@I)J!BTTjj`
zrn{tCrE9C9JdU&giuF_w>uDCn#q+rE{vCK<M4g*2k8fu4W<HG^kw(rP%+koF!HG+m
zA7FGm4qciwY5d04vq8oN9H>U+*;b=J0Y-dIBOv`W&d)e`Hh6^k&A{QjgJu+;v>}3V
zrWv1N*d*?e?UR~ETnD4EgFzTuPZld67ipvNf?@v^V4Yi9sodA1(Os3lKD75rwzB1r
zvAsBL<s-w1zV6sZ=*r5+DufnQo>(*@?et*h&KJ9JlS7XlmJi5uO=~Rf{9a_ApYL;s
zndRyxDW;7Mk)?(WQe@?it?c_CPndEv93*ErrZ-STO}cIlJlPWO&%yj$bms)9C~j1d
zFY*Hb;irB8;OErd;c@S4<7eO@?oSl8qYPK@mfD%qWRKFANat@XjLxq#qs4_Nhe_@j
z6drOEk_6=wr@mL7(xsm^)4`oA*{&5R?D=?LAaA*oBtAb0)%Be#-fd<kKD`U=?)Y_+
z$90zBH7BDL8(!#jsO4L07<l|xlZqtNvm=ufdKn7IeNO3VII?d-rFp-Ll7#&%j`Z9;
zGN&4>v^K(ghMh4Meyf#~n-AkI8(xQeRSW&dgt20Wd15so^gZ&X1Fe{;Ay<}n0XUme
zO*z<DDdu5kis5x)-7wlj2x^C)v@40>D-!Nq%s;i|Fja*)Ez)W^{hbxDaCM-cD2>e&
zqae8Qm0Qv*%r;t+$)+ma5Bz?9*RB?Sw8RQyL;m<3tO%gTc3{3dbO$EWdNUhd<4x|*
zo4jR~`2<8u{Qe&r>N+4w?_-~Qk-;vx@$Pi)k!N4n15H7nhI=fS-iGS(E%<6HkilWX
zV4%6X#0oP>iEC4Fpeyvs;g{-xvht-TvH0i2{YJX1Hu7JLj&cA^X&)z1Y8Iv5wLojb
z`Qb&p@t>#+vCDQe-0G^UK^XjzNtulHUW;6Os1*$VnlhmGYTOP0^Y-O#i;?GBkyz8$
z5j!R#JKW`iT|)w=yUS;|td_t@C=n)p;6~sUF?!|VIemai+xI^sJX+ny5~?oS=#Ngq
z!%XF?H>X)}C~wD$G`KL<VbG`F$^VbNZ-H;3%KlIKfRu+56*a7=MWYr)wpCo)1+{?$
zCYowhs#U?o<zao-rG>777L!0{L$oSrU0<xOF1sq$p9&}lEzlMem4`?H6-1O73i1$W
zftLKwIrq+FW|BTY*5B^`ho6r$lbM`*@44rmd%kDRJ*U7Ho!92&`gwgoX7j30XgQnO
zYpir`NKSaP6Y?kYJEh5hw|=MC8jnQu^Sc|k;~JI|N<|jQ7j1#A)KxWgQB%iwENrkn
z_+Y!m8|RA2rg3gi$9dZZ-8j#J3-)u~+Xb7GX^g`rb>i|8e?8WJA6<_Hjch%dmf;P1
zm`tZk>J&YndJ|?jIE(_w^Z>247?NypZC;OyYcSHa-`+|-oMV;e(I>^1XVOouJm{I4
zV74W8z!MJe0oPU8x6U?A%V~UCx--6VyH}l;{-vgQS+CB^;(Fb@1nYJ4(vXb**pa87
z9XUcg{os*KsGQ}UyBLpOf25Nos$Y5k^L(KT;`V>;{$uWc(PORkKSAIBnsxE}-<|h=
z|HG{Rm+=1o@G$THO(-38b%p0tTI6)p^PyA4&^0zOYmj~X`2e@8#bBhUmsq#hwgoy~
zSDU$bHXa$;zdD&R7IwaUiM)OPqKMr4@FKF$I6X`YEN?#82E9xJz1Ma0{)+Tg9Wv0H
ziS)|bqE}#`m#3q54bq!zq&ExcWw%9drh#6vj^3etKrh2cuN>*^Zfb*G{`Y!%AFPVf
z`xnyt?x2BQ1=5?@7QJi(y)im^w;{c!jPy#8UT$0T3Jvs5)6wgK^jt=IB}mWG7QK1{
z|7uo7>3#Gw(A(2wphxmo*+}#}=wAhLeZ<g>pjZYjjxU0LVkBMY7nG`0eWjPbk?qhk
zir~3z(Ia`Ww?oe;GONF6gC5CC)q%F@8Aaytw&;<(6t+XpC^DC}MUUhqwH<m!k=gQj
z8}vwCR_<?`o>63;j!Vx6kkVgg_hvN}b@NGeito*4k|R}bn(y~D-4{cTIh4lAmgqSb
z*cn5Q+3)!?2HxQRa#l?Xg@>{8LF)bcwfjBe-k+e|Ke#mB{n6U}^>ObPY4<-g+=qM0
z)TLT~UBf)WoaI_xDZFjii8B$~-RCUug+@CI>)g&>_@jI1@L^gmJAz1W+1|%NP<<4s
zO7{YX+_Alv0C-M=y?h{ljRQvCg&Xg4rn)u`bmAVL8QtT1z$4lG#31_9VOwkXS{~o&
zB%Y5?9UpYsBP?8gk3}2ijm!8jP4@R=smg>U(fN^9;a6hlW*eGrA1`c)n4fnjSG?2K
zeD;jX@92CUT+;S@u8(^^I-eiLy&s*==a-o0vu^QmpU<Ly>wLbE6lXqlb9uTtm*q5n
zb=9rS-)A42=1;|n`)}fAs?n|_^QtHXE#Uyt^Y+={lblYkzgd{z7DEHzgSGfFVUEXA
z*4Y<w!e|Egq*1m(wMiFROx9>FnYC<K*_2^$Z9}heQQ9O*KW40!U%Ma)noJ~D0lv{4
zY^UhFpX4rI<C#w)-S8S%WUr3zWs!&NggvZ0@gz$gP9M)fhFFVFWC`-f7b<p`Q@w;S
z*}#}ovCdP49LUAPzTx0Rn5%m%xshUf9eu`I^2v*FO4o@}a3rCd8k#-b+<uG)$U`#<
z*qhf7{ZdR>1KVtt3kyPds&LCq#&-`ZP3c9FDV`Y9i^!t1!I)L7$|3}|ld3G9DTeZ9
z`NG8jGbfe$q~cQ1x>u&di6KuZB4M~+=F8e$RN@U&PUoC*F{`oY8ZUZ{y;73Xi|;zU
zn7<E|e6}b}DitLlSLdPZz_kdYfpS)(5I}#cJn8l3h%zXm%Rgu!f?dGw_@u^$`Ai-`
zJWdz=hpa{C`=kT%hz$S;p-<R1`dMw#8Pr6>w6Q#&wWqwSv-(KGM)_0gNoZ#m+zYe%
zXu~2zk;*^iMbY)yws0OOPC;N5#3B%4pY0&b-s<KAlu_tZw+SP;j1~<Afh)e0i<Ye}
zX)4={3=%qAlTbbWB_W*gYBviC;6il&b#9m&%~!0-Z{oAbCi!ic0^`~@4#xGyc97OB
z7FfgO|3-P;Q}yqY*JexG^7@@7uO6ekhI>qrGvf&Cg9d^1#ur#2a2IvlD71B*X<|@j
zMU>g)uY$~8#p4Z(G?WV?+@I-_cB82NhD7xu6xGEuyJ@0Iy~AJCB|XPxwXUI@eg_?t
zgof{BXQVrdX>|ci=Q^2*spH2*k^d0+-2X~@@;U06xbivdAsA367?3>ZNOzP^E}Opa
zq?umnh%3*7c{HKhVmPmo$32MT9F~eJq@3wuC|wL?+jMV+CoRi}u*5A9oPAYt<<*oP
zX@^ailQSJ_5O^fTbql7`6T`{1m<Cy@zXykN4~l-3Jh-}rJW3#yUTH0fa(v+|K8*?H
zW{fR}3a0$07ML+<iBh(8QN-jw$z$1mA9Wb!D-B&WKSXOJ0b3t<1NYU5@I}#3Z<tCt
z^>?xy3(__eHPpu+^6+@pL3AOnH0JIsK7-}$+>BEPJfAogc>Xj9kNkOacMD3=q3;**
z_$1;#_VFg($5g#WkTa@Wk%w%c6{>PVDd?rG^K53FT_RV{!Ol+FY{|c^$isVE4Ax8D
zGF@l8G0*sB-q%gUOgY+B2QYIt25Py6kHEgJ90Ps*@dxPZxxBAqzdv?<9(i5kr>OB$
z?H#>QLw#X8bd(Ie7(400PEI<^I=ODkqR21h=N=tDhiLrNdh1z6oxT0w(J}O~(a_f!
zTgk=3`Z{>aqUig+JZ*0vzqgvnPQ*-hs86LyWxmj*zR(|SQW*8OTMDy8O$TCkj!K{P
zM|JtZmotk}sFu@SQX69`(1;VJzKNSWXdtGdT*92wap{-kRl*~)$O{@O2HjW>CS59M
zz~sYwFx5G=O(8I_X@opwZebzyLkyMJUANo=7P7o|en%H@VcZ2gme&j2TAYVHq7$2A
z%kiTaF0P=LQ1S!4l4xWi%j<?26+wfbcK>n}T8(2WFcq4Tfjt8o<33>hZ$NzIn-8LH
zs6%26pQDmkyP3-ijPS!JF99?AN^f;PnvNFq&w>eE><kUHg>xg)EjE9XwYU?#w8OBo
z5y~ywkEr$vy*An{R1dW^tS7t?PPUd4y@OR9rZ=I#R<Ah@y<4B`hxGnwq-QVgAD3QT
z)ykjoCC@I^>p4Q1wV_$F?{xH+bNbQ~Z2TRizxhWKeX(u&w=(+5A`?IQw!#m&Nj?%G
zzHItya~wXeGQN*Veu~kTI!xbo8O6qrP#)_L{mEhCf1gDi<PRme*YhWBeVhDQKaKjo
zd|?OaSDN|1tiDb9t}xNRyQB1Hn&qdUZTj!B{-<=5exaGZt!?^uO8tPY|H@e(_rrN(
z^oORRCqk^trnj5LsjaT9!%oD;db;13=J(bRlmCy8jsLQDT{9Ec^or(4oc=$>=qn43
zjX$#T6{o-Qxw!Pd`wPjZ)KU5-`IIG<eqnt2R@VPM9i?xQAGwc8-yWa-sxmge%jO@;
z{BAtIz4`6Q_;dICW7D7V-D`RObDxddf3L*kzoYa``cqC(>F=Hqm;S-2O#gpmpzkOi
z*b4oM-9SG)$*wgZew@to-78<l(|6S-e(ede`N;gJ_4!C^O}9?#-NFWQ-i&6`ysTB_
zbqb?j|KTyv-*FzNzhruA^#2?re*O8w4)TlM9P0VySit%9;F^x`D}}X}Vs6jf(e`G|
zr}kva8ZHRio{87)hkSerYw!7a9c(W~9x{1*<*Rvn6WVO=&H$UQw0W)07yM1<f3x}D
z+;-M&Vsgy7RqX}d-n_ZTv%U9PZ7++<yVz!Xnf$NF|K_*X-YKoMr}DFY&hc#T)RS9l
zFU8N=D`>O5`21{j9ga@o>u|tRG3(H@J|5!j%O4#5cw24XY3J?FFK@5?Th;L&&-TAm
z+aJ(w`@JXg@xOl@`M=bvj{nIv+gJULEE-Ar8BwtjwF6DBv^A28@e5^x(br>%<T?QM
z*80)?W(6EyHrPwia&?1QdC<DSY5Xs7Es~pxrB!U+@S|4w)7P6L8OwdrUO?A`oonQ#
zi?ATuK<D6E_vHvh@3s5F_n~unoWqy3t0-A+e4?439^8f@qq%85jGFX@AG696Ik`hB
zxmx+38o8va;3wnKe9|N7jL>Woq4a3KE;IHEt67cYga%Q+MCsm4pq9-jjV4M4Cxk%d
zilXt_vZVo0WlckB!$CZPj($b*8f4W0f%BeVrLr3GJ5eJ*ws?EP&N%ZS8ec%ceE7nn
zu^t)Dh-91*%&&zrA`SL+U`8A?@~pqd%*fb2tVEt&of4RdFs4Vvxyfq8@rRpvgyc_j
zc!j3KA%1iuLjRrP4G*OXr&Bj#v(=ju5R#)4RQ}{O(~Q-~cfFXb22fALdB2yY%vI-3
zMnAKKwYYbhvBh-O;yks*obZEIZ&uBO0&n#X2^fQOr?DZN(IYP;vvJ{M4ytos!sttn
zWV1G&n8s!`(>SZ5epWA1*sNY6pIN^sBA*Wb;AKL?c1Af&!RR=}+0)n*+ivN^T7^c6
zm4+RL^&hXknJK=j313J4?2~F^Di>vDRCz-dj25#~xYyuRz1s=bP>8Y_JpuzBAWE{&
zx*1>I?GysfSy+w~8@;-_mEPN3OYiLl!w{0s-;C}Y?Zq8&42Va^HaZl;shjXsrTU%{
z-{;M3I0y6_EHJFQxJh2sCHh8>0(!MqdRJ7Tb7nNo|A2<cV))9>Z|h}|OIHDV7i=SL
zn_2tAUl?oO&NIb}=3!vD#;r`V0}{D~!ei!DcrbJ2qIWzo>Ur#kc@x9QS8PI0)<CDq
z1HObu{v}2SbY?nWiJYYN+py^S@opa&7Om%gbo#e9U+r{pF1yIar9b#Vw(j%WTKDi*
zjM2zhGh^5P`9_V*mcKo^{KrVGYUJ&&#H{Z#qU5e51<zG7QaV$LQOPQ$nX!~UbDAh+
zMi=j@G9#tTD5aZYDf!KmM4*(*C`~O>RSlgXMJ+p=u{u{8JhDBtpYj7!5Gf4@8yfM$
z=}f;P<x9$#0PMe!X?;~TihpR3|5N0l&&x6LaPxWX$V1-LR^?&COEJ9fd|vDF&~<97
z@=zX2>Em--mxt;pt;)lYSW4r}lyveiVahL&hl5*Mmxr^aFnRbPx8w5Ajy>RvN`y2x
zEh-V15Q>Wdb(*AtTa|;kRXLcf%3433VznBKgdQ)(2!*S6dq%?5!44V;6RjpA;q@0{
zCTP%flaY`P6O?H(5<UyWH4<W5Og6W8S!|0dpE0!vY<xsCwRpR!#mv@PoMtwJs{b0(
z;vMD|bD_n2Q;Ui}MjA(J(pb=*`Eu`OCXEhx_!o;J4g2Ig_#@|j!K|2`4d1Jl3bgc?
zpGoJ?>$m}<?!d)c8@9E&fBmn>XVLR9^7*&3+mp{%9zRz3OnyFQ?p}SW1M+#v<HstW
z&s4;;m~L({o_x-qe5~@>JGRAz<sFbu@8n-1pPzoC%IAU=B%dF^AGvZxJo(&I%H;DO
z*S0R7d7^bM%hJHl+r-+0(hp*II1Xo*DD`s62kX^bHCucjlT=&@b+b!aDrRkhW(!JV
z?7ovw>ATf@CQIbxZ=&WO{iZ+fYV$Rn4Clp;p?|lw*S}?twcEcjUz_?j{V~?R;pYC`
z;-UNjSkBYMPF^*0IPy8hDH%FjfWeWhk_Q&j09*M!%!m60)ry62Vs+G1`T2D$>48UT
za!Y%ta4aI2Y&RVvim}b{EOR!Z1CiqxAIC9xfI09#9LG2a$2>$hW|S)mWQMOX0hw&o
zh|gsv`3sLWvn(Vc;reNhGTs$Ld3Oi!uEcx}8}ZFdj&B?c-|T5g)ZrTk$2TxV@-6Q%
zd;=pJpxnh?J~!k5#Cd5c$oBdT^xnVW40=0`J&g9QWs;$HKTTrCMdpZ6{NPdZJACFE
z=2Fl3sq<4{n4f%{AC`s$=f}>~A)g-rJU$7mI=O-i7)_9(O;Ea<&{`|tsR)xtsOTw^
z(9`Y>gq{wrVtHQDRnBL#vGwL-<BR!}NsROPM&(eTR}Qn+Gv$zs|MXx)qXbt@G!U$w
z$V6Hisylxbw_dpUx(z&j6CE4%g-^TqhF%s-En>&R{tmx9T9{Mi9hLOB&$?27<`9ou
zV=@xVNMgTT3}vT9HuG~=#_t`ie4pOR_o=OXpQ&$sY`NCoHM##4{WZr!s?~#ip%H0R
zmyt?1j)334#A>6RG1?bm$y$6;@iI@w0Tj$EUue>@(Y}iZ@^Hl`DK+5;Sd)3o=io{8
zVgXr01z+qS<%ysm%kce`wVq1M0Db?=o5VT~rh2j52tRg3ZUj1>Qc+rm`IbyEm6OUa
zgs}J0P@*^GOX$hfVrbG#<}%E9nD#||7-b`JoPu3;17%~di#i`4vpAZewBi!buM=e7
zjF<_doF#@!Kq+R5QoYaGRD@Lyi%$jhGR+I><*F(zZq_GFs_^<F!h}1pEN(I8SP?_S
zLe!I-WcaL0K1X#~g6i^W;8=btRaYl}PNb-w@-%=s@U0x2jd8uaJl&)UF_hWx5kH^E
z`b!}>^0!S`xtT=*p;=*NQ8_Mq!(4gGT8hVu^5^6~<9gjBuOF;iudT>~sLDdj?4xXe
ztbkx3zhL7iMnO>1`TT6@kRa&RgH9fDq)oBnQ0Kwz&cdalycMaa2<27iq#`Ri>N87B
zQc-+kT#3-?77k6tNJ=IPV7y@v8pc+7@vVVp7Af8dYf15zuD~eDp{Wf|$;DrqnEm$&
zjM?`MGVb?k{nRg9H+yi;_e%RUrsv~8kntPu$H>-Rd|w%{EMp_)M+u-+{!P8;FG;ls
zfm#yYbTO0*{KFWn5m@TAjI4l3z@`y1<?=63dh&qeq;elmR~+(`!S4NqM_Bl|H-wp=
zZ}Ca%Xv@L))1_W%ZT@Y{V%aj@%(xrch#NCLc|MS<;74FUBW;{yrwn)|Dfp&dzH$wP
z`ED2pt7-QF4D+qUp0FN_9FMzkqnzf#!<(jfy`yE`GkWHI9A%zQV;+`}oCfpztdHaj
z7`SUC6~?V#sl9%3hjOL?1IvMdpQCVxI=gO(%esFQn^|{FT-LEXEV{>fbH267vy|1u
zvo{6+&lb#IMD^1&p7kw8o<-z+SM&4Ld14(VE{Yf+q)n__EU(c{pUJ0Ju;Yp+`$DOB
z%38}DxI~<M7|#|8fkagClMfft#rOoeD5Z-J*_{fyc%R)Vr;A2*F_SKSpGX(8=;Hh&
zx+tLw8)f7<Y)i$90qkNo-T8o#w$PnscE>>%gFDfMoi6^uE>h`Y6}w2Ii|WpF(S+23
zol`89MaXCQ=Dz^+IshsY=1opHV4?W0ihg+f0xW1D_-C8N;`i9Bu*l!L>k<lbSGHo>
zu<}KinoK?&f4`h))n!vI0u2AJtIDsPZSmH5m@m*@WrxoWcGqKZ)p}C#COHV<Z#w^*
z$^Q}rAM28GL{}}9aJ0zpNZ3v2BX0y+5Vy{@<Vf`PZX2}#U6XHV0eSOZ*;yTdqqv0k
z{`FD)=<!sBWa#PT<60uh={#TCBJ7_$1RBx?vXsXtAte^H;J@;%=lZd;DMD~jlE#~D
zWBM`PENfBoJ?_R^4Z%gJNOo75i7bUesJ(t_F7^5bM%s<%5uocr(AimQ;L*{%fxBAx
zxdKM`Su<hv^f?jEWQ3cZH4%O{Q6s$ekDTyHEqXp&Wu}X<W_mvS{aK9<U88(>ZZwyX
zs%DiBjNVUEP4qUK=nad~6QcAcsPqb>^a_#Q%Rnz<b*$XYs+o<Vlb6bc&aMibDu5t-
z=e8?+@K@x2bNOF-3-7A)jO0Wfw8+1qKA6O^KAu=s*3&!`&QQft2woT+<X`TL70rGn
zAexUH*5zYj<9=gGb0l`u%W7I*Z5dU-4^QfG9QV0X;*2}{hdAS2_BD;WWO{Vmmqy2Z
zXk_fTZ+;lY?LQQWlr#M_C#cg;-VgC0$CZ7iNA=Urs3bq~M=mSwL!_Uuf`~jm7>{2i
zzf?P^i~<FPFTySINx>KeW!n>nBXbTDN5(!A<w*bN5OU*iB=8V$<e`I+2q_fB3k!iQ
zsTTsKC57RF`Xyz3Mq5%_6SOv_-^myJSsKj&hgF(G%`^*5G~a$&qxsh;&CEMF>z6mF
zG<Rt<fA*Vb&NR`yHA*u#O0$Pbvsk0qfHY?!%~$;Krd4iZ8K~3hJQn%)s`6jwDd5wN
zCa6U|!yjiURK%P3Z#L7!-~Uu};_tU=gI#w=?8M)TO98XIv%#;?2LI~g@dj_}fJ`6X
z!T;v*ID@zBjWhVdADI3t*S6(H`M`(78Th%AVBnZ@oDF=k#)4&s)lc1<)laqBr>`_Q
zIlV>wG*bKYFYQzKi27+FbC6wnDcFw_-zC4VGU6Tf_kR9&68{_Kf1l@n|H=O@;eWs2
ze--|>f&V?s|0Y(lzo+oOJ^0^V{BPgNMdtJEL+zn#=aMKs$LloH^+?n8Xw!9p>H0X*
zgN3|T%XFjUY;QL8A4Kx!==~Pie4prvCi*@-{oFm#-%n~X{XV10ls`aPh3O@}8h19w
zVWUnLtE)PT{@Ntbx>C&AGhycvLp}%|-_GfGpB3BxnY#Ns{}FqCrSAS`?c9Gm&VA$`
zOZmjI1*Irz{Ch!jg!4~-|HEx+{5QK_Xu9wHhZ_IS?$0#c@1x$gv-`+j{r#SeYW(+I
zbbqDk_sSb;{D1uW%hmgp>^>T~bU*wUkNF+CTXsLmW13%hL(h?N2Fn;Et18%w8OrW*
zsFWAIg$c@*7Imk*&*+%GADakIvdjCPU<t%nE;hyUMzePQu0{R_IYpqcv+pvpKO6a9
zx=$xxkx0z^;C=o0ZdIwR9NQdG&&svvvbe`{gNL=ZMR<4*jd1zhU^3-#$YxPV<nm_8
zw5TM*(?Ry`%i*IGtfAq~bZ@xt6moa_!cKp~X>{H=>uVNV<wXhiFG&)m4U|)Vm;BI6
z$(XJ_SXF!pdJPip?1ratbHe?n$OlHk=Ws8-FKd7C$3UW}D}H*<wTRqD<mMhQ(P;zx
zykiXaaf<^6I^p{3F)?0qCwk4@Qj<Qnel(s8bD&xp-jqiz)&*8ETIFMy!#qDd>d*L(
z$p`Vw*67<6Lq3Q@&l~eWJl!Am4fmUiB64YUcS~#XK5QD7_cvcN$a`zgJK6K{#Mk&@
z8a0~YYFm4LUx+>LQ=h+#J+Hnk4?k$fWQ^vlZA0w7PytZ*Exp`&o(zR%6rO$aQY<2!
zWv><eO~QnsA_n|sxr8}+7FXFY#E_JDAAJx;zTSwr8QIxblm^uw7OW~-(QtM-F&9_v
zW#1=~VMj87?O-4Z)+E`BZ?I-mpuZQs4)t|5OqVaHA{WnvmjSES|I={(_ZY|5<KI2L
zo3^wyz7L)=jBm&y8sAVfK@QG39^>mj_uo9eao@EyzO~O9#y55$jqk1u7++80_=bsf
zi@|t{@MGLGCNWfyE267e>WnF(yQ5$a9*!z&Sda%6$m2?x!sn;3+oP9hruXyhMtbKR
z9lbO&z1K|i);xAp^s>$LZZgsHA053I{w12|U3PTz(#`bVyUj@N`$vD-ct@G&J#%#Q
zV)}QgiQeE==&^b%blhE(K5-2L=_S%^BhNP%Sixp^Hd|~>&Ab|($O=f%9#6ZtgB2ZF
zF$s5ZOwW!1623k=z0yuGoaFbeYGF%wUNZ}fxmwJs5vERs-SV37z_*d8Y)7}bRMT)4
z=y7lOI_sdiBzpIQsYPsq>fDt{tQ)Z5D>TZ8{Pqmo1{Pyn`e0m*;R37dy#vT-Ve4LO
zrnA18e->dgj7TlM>yc{YF^rBlkNqklcrV7zW-S(`en4#!Pj}sePi>O_k<ZKtOh0cc
z8lDrPjJ`{fyx}2MQbM?cV!rgEbZ=-F1|0Tq3RC)^7aj{dS~8ZSPC0-ihu@TJ!N--Z
z>^&e>Gq5y#uFEH~OD-9q1}T7%;s8Tp=m=(%M2mhDpUsM5=nMXU0($u@P(WpWhrRmC
z59tJcL$X{0`bZvgXLCd@EM)xdL5C>hw`L(Gt83^d&%M*s;8(-J5T#faux8-8b~v+S
zp180RD7ZV>#VYu+;a^B=p<dq^^1JFXBO``psY5MMKqU{v!>WEmp4YoyU_lwZp|Nr!
zz15;L!QLvZ-D_iLoyBRby@2NfHPX{(ZjPllGnU?Ge`WN7Dm|70-Y!mVDlad!6x+@C
z)0{7vJ@3Hk*ShD^T76#2{}Hn_cETV4ptJH>pp#E(qHZy>Z(+wYX^Z5_6x0^Us$>`Q
z@}|0dv1fE&)Y-R@l@06UsdKwqw0u!*^(PI-^@6TH&8$B$+AA;5sJ()JPB!n;ZS<#c
zP6zu#srmmJ+n*TiTr<qrpZz6A)1SLK+8?ZXUKyu9F}vC2rv8jMs{X9|K<iJm7*eH9
z-bS_~pCUY8rF(vKJJ08$9O|AgXhWXc*AEp@hlo6FMa&xXKF8Le^}G(~2R*IqSXwR5
zGFl&;+d=)Hr?>ml7<zAWdSlLw(GQ!CQa|iIPWqwpxen-uAKo<ThrB&UqaW^i?<n+x
zr6c;`@*7O@Uwl;Z|362eA9CaLCq_TKo@?yS+M=WB&(Mzc2lYeY^BvF+r<wZWIja85
zeK(GNusn5i`oaFx(dmcOr#hq`^0YkZ@w_ACA8FU9*!CH73~FDgxybwQT;#n?yuzb)
z_PF`UzdYBJpS;E^{h*~K@An9@y}uI!R(HvTpW)))C5!NF!%OlFl`IZ5nyp;;l4*yb
zXR~bOk3G$<uQ<DtCLej4hY+Ce1;;r46~}M<z1tlB!-ny%;NyRojsKmP@vq_I0GL2$
zzdwtQ|0zEHvkc=uruo+^=38nt$MP>8e`=fK|FeGln``*^|IEfe+dTeFEBW|)@$r}Q
z@%Q@W^KTe`&G8%mIc<)=#4!G)eEcPB{BOsM{|i3;Gx_+R<l{e68$acA)OK6ltBYv8
z28v*WJ(b0mYS$D%Yx@1nc)y3oBO~om{YTdhmH)TosKs6ZD&|m_J_+Pa(i(B{4y<{O
zA>Y{)06WZC;?s&xyRqI<z$sF_xoK2s8moBYOGMo)2AoZ7lu|dRo808r3{0|!b#)lb
zL>OF_o^QtNqTbLHD*gu}yDr>crox)IQDAV}9o@NGOAHs@C;Cf73)a0z7lLows3bf~
zvKbE0(E+%wvhXez;FneWA{)C?X;Del1)LOOX~8;}sg@!EAz{J7RJfK;TbD@mHWS?i
zRL+p@;IHcWuc$g9J5vdSSF)z@7Z!Q#SBb0@_+|z@tEDXrmlVQ=0GB;f8V>mNTYLcc
z7n&$nn}Fx&buQ3(RvlC>QqC2r5bQu(k}!4R$(RT?3AoceaA7ZtI4WtfXkA9~;rbW>
zIps)96oQ?s>~p3S#M|9l4ghaI>IUOqz^P-Gh2Sex!w_~!^m{Omzq)7n4`Y48nw;R)
zY+*)?J9VcJR8p{j-A+FqBFEB&{((*lD;8HP1l=$}K0w)-f**s<vNL5NP-tW4A5uI4
z_<0v-Osc0EorAKH774*ClQB#c!<q&_^Me1@F7)a<iG@1(>#Xz9s#E@iuXf6%4fsoO
zp(T}MJCbY1F&#0H=%gn>KWF2p)yA=32xd@u$o=MV)VWgYgy7f7yz{Rmv(8WP1P&BU
z);BU1gfwKAR;m@Gs8aA95f*>t$zboV;_z>IVjKL!`iImmhGRvU_Bzm)z9FW4)CE8P
zBtPx#W}(F*VN_z>;)46%v4|I=_o})n0ZVe$(*&O)hVQkyg*kl_@Td(6?K}Z*48Y9d
zf`^MdI+aqeUuAuNgR2~$^MlA*v3e;Is&zZ81{T*Om|3jY(XFR@q!a`tlqSi*pd7)y
zO}R3{jc!`eLNHr(Uc+@hT$kEVtly&5?UHu7{QIrSMM<ii6(E&!AiHNm@oji~B$Wwv
zw(wjHXvFDN*|wTum;Z=W2%G^NV(Y+vBtZynqe6oL=R5Glz@(zH2ExMFkw}Yx^oS7n
zHqjEb7ok5ed1S2OyFdPYoOwLCvwj{I>*nz*7W9YfAYXX8Dr0SSYK;)MwX=Rk=VQbu
zI@)k8+?)<e;UgjVZIV%r@8}$NDLfd_>O;nn>++Pia$VzsP6V@4uqNM560xriM<TpK
z2jEUu5UZHg<&tV}fxUUyIJLKSi<$j0ULOzmmsQ}z2HjoWB4sE9`X%te3Uh{}BE8FC
zcCsEw6M}!W(L|8W6oS*?3JCN-vEF6F-@HgVTRkNPz0ssMo1~X?JxDl7@GI7+1e4we
z;l-b;%GWH!j}K_k)zi&YF4xuF#M+}#?<SsM$XJnRQP+^NMypR5WlA9^l#oSL2PpD_
zM^<_?8|&#|wrBu51BSvcuA^U|g`q1VUF#LxjiS`wiIWs;qKbN&USGg=BO%z;stG0X
zywGn;(hKM57@)U+wr))bq{Xb*a(yQ(w!D_rAB7(#L~E>KWz`Zf#5O>0$~WjRO)E;4
zUmuDd)CG*I@Le{1_Y{4{HhkR~l?|wSCoi>;ov_(hu$k2_EHLtQ{U?dq1S?naI9|YL
zAOug$N?`)Qw^ge;lM>r9m3!2BgSZg)TQTXczsl-wN)(<<Iv9y$<4QY>DT_gwrCOEu
zn$-AHG1Lv_!3Fc+f_Vt3Gq;fDNbvM`s<TmtGokD`$lKA+_h`d>qx#4Be(RudzBT<e
zgV`;LyU|duIZDsn8R<!j{fAgTfZ~tJnkHV~6hJ0!&&u#7J$(>?Y^Imk65q)x61!U4
zU)G}1Lb;k_Qof0a(Q8o7fpLc-5pIN7Gj=lZQ(iox^3Ndmyx+9Kq4SG)=eKE!EpVYa
zPdUK|7zr(rh+d(i5ToQO1CPX?pKh(sPc6<5vp61qqETDF?3>_sSWS{I8mlmMN<!53
zDY`)2=t?uwi+b_}e+ddEfQ}DYJm_i^O{PT9H}NQy16TExFML1ltnZU3suJuL+`CCV
zF-4{7D0*#El#KeR|3#{P@^Sry8Nmx`-Dy_!uymmV6CumOtH}UKv~`-q*Sp$&(JAye
zaJ@%X;YcC4kLr6CfsG0)7435Qs?CWOomL2JH>vS4Dqmfs0o1bKJIR#!7#=RyKRqKU
zp1kkdZ>(<`eSTit=T|hft`8@uzxYV&4sb9Db`$qkw437FC~Zd#&TcZycfJsO2_%cl
z>TcSPblM#|s=xl5>H0;WRvu?P`I6dLPdG+ePxT4L^>bNc)Y!rGbsk(RZ#GBe8^kSR
z^+Jr{l&4~>3hsF$X<<xfrW@9C4IIE_nYEZ67lolKGY-fHYZEQX?^@LTN3900_*s2c
z<R_McRbD@+A0I|1jys_7i^ZUxolkGfc-*H?I>N(mMKuDIrxoQvs0g$%236!Ss3MO+
z6?qJ*$YW4N9)l|K7*vtRpo%;Om4~3J5va2UBx&{?<plpp49&xZDSumz@97vYR2ufc
zc+hqVplXk<>M0jBBWsUvJ*n3l;}f|&fqkZ=z^^o$FL>$!x<dSwC<Kz()odad{0Nw<
z>;>@vdqXJ$v2deVifc}JnDXCa68|C4#t>*DJy9>SAg(<$-Bcq=J)BDTfN{~Clo)SW
z<iJy4m?=G*c<v}Ri3JCB7K*4md61cG7sAd~bgrK2d5PNQ@e!xHr6B>0OMICdx;Z-w
zOyRDFRG~y4CuZBwldvS}jJk}S%&eQ;+**s96IyE#4}gbm$i)_w=4gxgF)co(2NBWT
zhFa#!xKERw0n%b6yw|{>ZAJ#&aoF_uJ54Mi&R}%>B#&OKGdc<m8Awhv(4e?_eWzcr
zn&;1r6F9BO_?X8U2Ohq(&-hSAd|KtG$-{#pSo$MCo)**&gJ7r>k&p2N`Z4-rgi^M&
zDwMS(lue|b^lN2Jdp|ktFx$1sYol|E)B*?p(L~k)ZA(h-egiuvH5=IZ#6iQ|CC0ly
zG#f1Pzx`~Q&e=x{k1sxAAl5ZvxSMahn;J0@TWM_U5hEHn)NFeERJbqS{(N_fW)Dr<
zPY0DTzd&6>4|!9zE|ZB(-h6#?ME(@MYuJZT1YPi-Q}CbO^7$?nV{ley%tXS>ZPnJ!
z8W?M9pFfa2zq6Amf8DR|&wDtH{CR1bKkviff1W?jv*efg^OBeRFZuJ9oqEEb_kYu$
zxA^iC{=5_Zyc7PsU(KI)=e+;B{=Bu9#o8FvmmME}Udr4P{=5_Zy#Gjl-c<|#SN(Zc
zKk*Cwc@L~O;m`Xo@aN54c{KjKKJOhjf8KTOSbrX#DF1c+c_qJX&7XJDq!a$U6aKt^
zhd*!n>=XXH6aKto@aKhst^4zYOAP)z`@rUie7J8se_q}t%s-d&b8?J7@9wl%TRSg}
z`~Tp1V?7G3esW%=D=$Y{r<M4|#Qb(&Xbc8c_u$^Syk!}yeWCkPeNx^`F%19nM1z=#
z(i2!N1cGpJqgSdHr46oOa%3G24`zSmZMTB%FAI6fywU-Y1cV~zd#|A)u_;UBrT1Z{
zF_m0Sg_=0nQz4JI4#$T{0V6PqCoeSTg}a#NA~Y8HhH*tZaZLkA{dj0iwg)JHGD`32
z3t7Bm=e@})evk5_xH5W9KU($Nlj;jiazL-kL@8Vtp@OzlTQ-zqS1Xw_2dSyPtxw7+
zm1m!tWC_h+wP=fH!f#5&5K%z}20*a{sn~hgqj9$A(OfZ9T$Uqk#?jn@;h_Kg%D~l%
zkf*{c?K5+=9Jope7lT#k@4z8r(pldHW)>Fl)OuzXG7*Vs{jd^=G?Z%i!xwrR$Bas`
z)+^QF6CbAGoKf+1mizILH<Uwx>(;%I+<fvr$brXo2_Laz@14&QK0dNrFQMhosLtQ)
zWmyZ?x`yT5<dZ%XC-0Dn!I<zsLWdNdbVRpte}hXIHBCm9oPLTfGPFj1=t1-&FV*>x
zuL&n@_J!DSOe#GL_A`v|JTWxb<_bM}pDSyivuKhx^k}v#bn|F*#lmj%s3=W$QgU**
zPW6Vn1$gr7g%+EIE#)*{pUuD=Z*?T0_yO)r&SnNui1ki~e;0IOhM*llu*@tP9Rh}i
z3%sH6xiGEX&~^E|X>WL#GYQ#{=@UF#kPE5Y--$kAgcsL_`(KSpw}LBOG5jLsS?1Z)
z9e6BT8t#Nm{Y84dj-_EH`zr06WQ%vy%_Du%VIP1QBq8<z8Cxj^H$M7saJ5$uH+lV!
zI>2f@3sGUX+nF8|`0bd2YnR-|iAOZAb9h5H+jGL*UIb}!g~q3$ilStIefp#MHjU8*
z6nOD;28gN;CEy|3tWSigA0k;8D?U<3opObSAi#fehiW$a67O@S!W>G~lfOgF2Rz6<
zuoNtaj}j1RadoJA_jSJfYr{pCSm+q5&f{Ol-w9Cv&gN%9z=F@UBjaec!<Wo#KGOn*
zp)WMjo|Cmhc&@7VV)R(_k;{fTZz1Pj>3}3*>fKiKA0~>U+(C<Im3f|Fswyr7d{)-~
zOdp4dbbvJkGg@rL2`vCJBQ<~205`d<rn5n0eI-oog@}hB8<;4Ar2ex+X#vq0ROg;W
z=Y16g{uyiVCm?1P0;^DPLN|j5k57*t+!ZfotiiLpQ{JF~UisXXGcEGuyBC2xl}>ct
zVp01l1alIY3|Fc>r!G?GwQfq-J?v{0nwUOke*z<eq;9c&ZOA72MOkj>W`8sU^QmyQ
z7<!)`l)venY-u=?>~tm#c&D6JNklI1hex)TSn*h~LkK>0L@mqiZvyOoqm@04bi7&n
zgegJtFnyP?nl;vE56*9DQ9{N6BsQ)$oAosO4GzycYKOE0&~$HJZfZMO1u(K2G7Qzn
z1W!G}@ibb(V351YzDb86pj!-Ifq7HbiUW#ZPqv9tqr5PcZPn#`s}_a8H(({nZ@~AI
zx~n`V@qtX`%BWuv<lae)_J;4bvUfWH{&P31USv8g>#ViH)U*WRcP?W!TeuplVeJZK
zFC$N)XSQLDd&B)-6#K|@a(i?F!<i2Gcb6nv)TOV4n|1ytk-2R$;|P#{yOq)?A*t>O
zY>IaFO*Txz)JM=BllCc3alf5$;^~aK0_sO`s`)l?bn;i1qw21Wi6imW4Y9Lt8d);4
zAv~E`Cs*wd%w;x&a3}obxy**}TxLVE`Cp#PYzWU~HiYLg8#0oZUpIv3GMmDX=N&zh
zxc0%*=v!3S`P>8Se7OTQ6J>$Pp9lQ(O0eO6M+#Ej2y%wXOk?i_hYin5>ph_%h4eGn
zWE<Bb_*jP;$-wXm;%A*O)lZ{8<dc3>T)?t&{egMn=EXgdwH2!@KCJgAI1CTVR{kV8
zO5f-Hf*5)mPu0;o8$?6?=fjk|<B#8h((sL01m?`;TUVZeUrlH@6Zc{94l7={@PUiz
zfh#Y^&*zL`MKsQ!93e&ncKTVSl>*<Dp2dt>QBJmKR`jXz^4<jcK?cx>{xlto=sCT)
z5iR#Rm;I)PoXpP09Y_0OWs2@ib&Y)TT_@~|4%rvWPX9&r#qu-Twl9`n{GV-KEI+Lk
z`(oI>|0DLr6&qmn_rCK#z`mH&vkm(q{et6YU!2<WSFkVcaKyJShB*GS?2E6Q$H~43
zJCEMJkj{v)FUDUIYhSQTslTp$@v<YXeR0Luj@uWH^gMd|V#4XiZeM)bwWIdM-@10h
zzIddo*}m}piR_DnuRv++7*6&@U>VsLXM9igg`7wB#dmArflujyE7#)ZMZ;USFZ!Pr
zYhR?E#%u+7lfk~YyQkj1xHk>#i<^6@_Qisp>^JXkV)jLzt~Q7-Jf{36uqjyR8`UA9
zx^f>BlGmt`%mir$I!>hUXu2EBXD%l6v6vi6@}0w&_v%(_5|#nU#iB1*F-h?Hf83oT
z?UxI01$GrX#PEm;kRRAGBgJ;iR~YX8m#t@7KFVgKDuC3pg-0TH{K4OJ^`l;QxX|hy
zRSV*MhUnkCTkNyc7oLbTw*k!-xtB__`w*bvmi98TxI{1$B2g28+HJRrqv~002u~%w
zr>8B@QwIOfluz$OZoN`5lrs}-i?b}~??ZK$U-~f)9F{4$(sHDOVkn$Xo+RRu7@EQS
zO2oY)ul)5+DlswBi|(g&;($qIFmZRC$~g0f+s)3dbF|tehm8J0`RDzSNW%y6jt9|4
zSc8YGYZ?UdNHUtIa++OlXNR)ae3MM^kkThUsoEngqcT*U!0MvzintSHnXND71;gvj
z@;36d@Pp?z-NEyPuf$|TdEo}ukDGY=@$<FBq4lR&TGw-0oxe$r=F>3JGv{m3Q%sGe
z*pkchzkHo+&eu|?%U2<GAYV(V?s?xY$k$R{(Sdv|myb2(YkB?6qsiAY_x_{E*J6*8
zuP7!vV6dw(AIS&5J(_$Z7k0Ein6ITOPJWb_?1%fi82fYnQT6A!`??=%K8iSk{LdG)
zG{nYi4CnD|3}>2pc5O5pL%EuV!3TiTkcZ(@eIAB4e#i1K;Lv~nB3tl_;k$;{<xlT5
zXJP31GL!l0^(>|8!5nt|E?k!%ZT^Wk<Nff3<1pUg-?TN}IhRMrd(8`MysIy#@ov1w
zJl;MpvGJ{{XX8!b<E^g8@$&q}`|-WW3Z9r3fi#(Hb#+*z2DkIw#DihZ0v}1Eib9$=
zYYGkc8sCIuRKe4!2tDoc+*{B*tMjTa6B)E_GC=E%DQL|4!01?jMx6h<Yy1bZi%#($
zw7C`_x94FPtXuGGMxaFTm%*JZdUu@=d=?`>rFC%22Dd1xd?SYL*f0`?LPy+P5Om$=
zw7D}|guon%P~KT&3#=A`12E<cz@jT__GXlLVb1teB=U!%?(o%CoakV8cqSX8CSSxS
zvK|1#{8couLLR#}l;^;Lr~ZF*RbOs<?1Yv+>tcG@E4zg0b%^xrAUjLW9geZs1G{3!
z;G-*ZlMwu-3q~zE9aidvCnJ)v5d+KV{kXr`E(BB1LWi%!(=8O|n2vuHi`AmmZ_IkY
zCj@VcsCFD?H6$|7`=Ty%H&BwOj^P3NG#e*Z2>cCf^1wzRa4Y)~eGSBc9mIhU&JT8B
zdR1^au-~>)2+XG7QXtNz$iR(f5=`9qSAv-v*~0W%l^cuC9fsT(L9x5=F+1}sA^2nh
zjgbu>8NyhDy$CcSP#Cq;EsbXRI7P(rsIqE#bUl7qqPja+SiO3-p^n9#;D0o!Pr{;u
zrTGWIbSv0<Iry(sv#1{f7_}H}BA+vpc?BBx(6IpM(-b@(Q3lW+11<lMM06ZDg-+nv
z8WzncdNQ{9tJ2W{0HaOsB0Sj%3t+VTR(PU2{37c<XTI=6A_j2oO!sAtcBTpbBi1N8
zkr<WK^{1M7I^1UFDGF{XV=Br1x%VMk?@Z*<pZ$BPr_xWySd4c=Za_2nRy3)JMZuk{
zOh@Tqs}NWLA3PYyw}g9F3Pt91!OtV>EC?WB-1(Lw3SAqCA*KsxH-Y~E{HFTO8|^Ic
zrhJK(dM+4e<5O5DDJlw`tE&R|B~D(7gTbP#(iTINRN9aHKjZv&0V%ZA3xT{AS{F89
z`VuCTYlOf(2~pO8a58m*?0fuvdf)FsS5T@C{cySJb9mH(aOv$WTHL4ZIXa4=xZqy-
z$2cTZ9lhwc13V7FKN901)BG*^bq>P12p@$76`b50wJ*^ph*E5!;N!97Vb4l`Q;INk
z1>UP+v;TMk_f%w}=O9}gwbLuSvsCP}9lGcXk4~oH2~RJ!4RboN_bz`O$;acH`2dZB
zQ&zP^+h@)SEdZ~@5V8kyPFbGeAG#JiE0uB0yk6r@A#i;nXDtmoxsw*|uMJ$uNMv?i
z*z=0NDOs4>3&WOo-l8};UL*-%p_0rgq^?hlTFR;wrv6TgQ-!gYxXT9q7MCqSun=G1
z7&z$-jdyrMkJ{y~V<={_t4<U_REv9n;1&rOG)6032>h1LyfEpeH7W!zg+9SYSgC>T
ziChEVR2PccxgqhRs19&1rh=1NGfE0cU!7H2qF5<b#)qs`<7+D0VXdq@2&@fz76G3o
z*!(-MP%LnbtI(n@NwvSq{aPF$@A|iR046+TH(R$((861(s(_0H+^d?tA8_9_-~q8{
z7UH%0KvM!!v4pl<lt`yZik?L0PIXg4IQNjhNf54I%tdfIH9rhR&<7$|0TTG7*r!^|
zTICBnLHMd|KBp50uT%QtN}|dMv{kJ+9JCeX<hH8HDHD`aagJFrX<WDqL!n?-&&T#a
z=Q^=%XzEX8afJTQk*M6BVb#m+9f@(|_Mk<@Gh6|xjZ246^99~bvgl;jT{aPm;7*DP
zFgaVUPQZ~s_sfzlQl-@=F%cY8o0N&0rSj<!J-{S=qK;Vk=AhpHQo_!vJwGkcqKr7m
z)(_0~ADD@fu@k7#hM2KYk$KdcZfReU*q;1NgPs`M|5&SQhXE$E6dLQ<&M3G6Fj|$<
z4(a-#yxd3%hcmV)9%J927*q?Z)Ae~zy`N4k(G`B59Y1K-S(j$9wC}8Q)lOl>x_UPz
z!mP7cEAq!3l4swjbHqKdpW<hMX`twx*=0poPrGv&Y*$R<JB2y$6<Q;y%7#OHUl2os
zfxm-cv;z}N{9R(??lb$@`4|vU;?54M>G>M3RKp{%JxxmXejd*X^KJ}XTpwhii?jw_
z;(8SKk@;4({9!YZ53u<+{q$w}DPKNsz!+fFIKXP6UrIcuxkxsYvfzLwLKHnW=&)`x
z5tZi}O`9j%6wltTe@d!RemZFSVn%a}yqosVN37=k(_r)|nfv244Wy+e765OL211@;
z=CVoZ>y_#I+Oh(aLHmqsnBQz*!zEk?Ido=|gVZl)Gund6#|K!&a}XxPXwZ}cevG2z
zM2Mptpt$cuxa|<7O^A{BZR~?x`9}+HMAhxoh}t5ypiSyc2ei>RG~PIXHxty&1gBi-
zt4=PCnvIM`yXHtMtbKq?5Z*`%{91l|IIET31-+`h@t@yn%95LPuS5=$Gxe@dk}dMy
zM7`T}-zm)zc~he5cJ(ANx9gRkB%9AGw}MA!Sqyk|vxVW&T*RYx1_0n|_WGB~*XZyl
zdcz5icB5CJ@`c{^@#uT4;?a4irCbXb9(5xg?Z)w_FrzAUrBo{f$HPtOD>^|ykT1BA
z9m!}Bf){te!%HpMnfrynlX@81i^0%tW*GXQ4u<|@<A~)YiwfahvzUNanHh$@7Xw4-
z^dh})oUz26dRPda(-k{)ICBG-_+1DZbkmk!#zqjMG(3q#+L^)7lQ|5{G{8_i1E%_o
z2#4OP;ZXJGAcNfuVDxqkjNYIJqeUEy4vY&%ABY1+pGb+e5*Lx)ZAMR}ts+w7%wl)y
zA%N#}c=u3t=3XIKm|$WJF^0j>T_!l1iG?BxYncsTVg8bE^k{uHJ6{jfO7K3->D^#Y
z1LU+=o_94i!|lF0cv*n(GM~ZAG}Ji{02jVy@G{erv3jf<q}#zjW&sD8C#xXS#z1C)
z@Whcs0-3^Gup-B1O?37Z{3!_rr1=0tnwJ=O1z-FjF4FAAn57B#HHlofL5_uBCZR<-
zU^o$Y0X?&->?3?RQpJ~FB+x+Y!Kx_4%+FXpRw6hlY5=o<15D8jFuNhZ%;f+RUk{yj
z_%H!XmaRYom~$DxoMnjvFqxbh@#W)j@a1hfhG~l;3NruN!sGQxsdkImVY(5{44QCe
zH%<9=Q|@iiy-$s|U*@-iH(xg5&2A{B7G+or-Xt-QYM3BA-iTeA3sOWf*av97^QAEN
zldNjtl`0zuMmXsr9Ku-Ckk}VLjGe*GHSuBR(iU!CrM8JT$p%T)@aEGxym_?&ZzjaU
zo4rkVGl}EPo;tkAj^_EoW0<*KN{V|9C}(fhQeo=lbVv_iCi*peuzpJr_lz{6%-3&@
zqD(H2Xm<n;6rYShlh#2AhHrFcrh6f+Qw?ImY7Lyi4_xLGq#P^Rb+nXoRCyq-0-zkk
z0cC0wP_Af)cd`;_*5U#<uCybr?B1-$|N8Z4;qX4&!uyLn=D5<6v7Gb_;Y!dixD^`F
zWx9$k|D{8hnYgW=zP~G>%clTcl9U-BCKtG;XqS7Z`9qSoYGH0;*5|@2)z;krEgv90
zXtJgP%n3&SYFvOBqm!&rom8BwDIkpxN};~~GMZfl9A7@5;!7!xbU&=am**Jp<-PG>
zkkzW<OK6fg3Md5R5a^Y_=Nw!zK`lci5zdJUD>>0cScp@v;{dZ8`5IL1LueDX6L_wq
zHpymDmTBi|ReVQ-R<;=M<w%AvvmOO}>5t;e2UUD&+WD1J4#vpj?_)uxSti*zJ!3!K
z({QFR7ciEzn^5M17Cd?c>neY&)Jf?^^_{6d%0dIqoDz@0HF}&mw(GBmGe4ALaOM!V
z4rk8UuaA#GeF*cEro)@vnC4H@@MgDoc=M{bcr(iAf0^*+)>iSR;MuK=+|Tu+Iq$(w
z^4${>$@NpHJQa;I!hJ-=o3NR5Ze)1E^wWOyQ(RR4Vqh~(2R6HrUBtlVw;YdfEJ8sp
zI+Qg%3O4mSW2PBw?lFVSvS!Y=c>CtF@o;9;np5)k$7>a+KE-inY7}SoiN%=)!LL`|
z*=M3=umY4j_Zc}b&xkWG;5akQlTk%1k1DLO7|@FPsX+N4iZdSoy^AuHrURP~phTq+
z;@qbpPUz+)5<VU5OeN7H?D+!6o@wM<dcZOk6BtqB*rK{~fCywok*8hbmL0e?h9S=a
zv|H1ZQ`DKpqJ+o`HePJiPK=m$q!q5;bcFq~P}u<!BPU#^!=Gp4KYi)0YVw`Chk?)S
z^8tJo??0>qpA!IW%728f82DVapFLRxPyQ-+bMEik$D7am61;hH>v*%P4sSlF$D7Tz
z_VMQD9l)CfX1w`K`*<_bMZ=q~{Wsvv>*C<e2mUR1v;VJ$H@ysR;$c8n<Gy%+bEpY$
z&gX!$4&6~Gr19})Q=*DDe`0tOV+q?rn@%&@bae=Ax(#Ua(st11Z7SMau0xw2t7tR&
zKJ!@M<{LZW!p({{;AY(Snep)EjsNR-GxIp$&82KD0^E$EO*D|C?TxDe1T2M4KE2o~
z+lHalo#%)JnP0~TnV+>p?HC=-{GnZ(`BxpzywHF%w<pIjFH>5<nY}xVGtcS>&b(5L
z#hI{C23MPKW`7gT%#7m9Ls5}tKqrba)1vmAiZic?#hLH7i!=WcgEQ&<<!Q}&T*dI^
zWFx-ZV|Z`L!KJEBOz^U|3NPO@!^^opGI;qkz{`*sT{8I!SQxmJsvB2j9Tc9fwl-<7
z(u^t}GHB_#4xvi79#viw2UV7_ybW>j<dbm(x%597Pk!DCo=i9t2Tv*w0-k)W19<Y%
zW5JVuiH9c_Yj_eZD1wmEG7VE!1Dd?#kgh+<x9#J}AM|+g^p?ZF9-h2=LkylgaJddo
zesv6Za&Ii2ys{lU`H2Zne%~gZENvZ6_Po1&Jb7V!Jo#;biYFJhjVF(o@Z?oSJo!KI
z@npUkPo^9?o_MmPH9Yz5vEa!s+QyTU+s2c9RXj<0f|#zVU1Bi7$uBz$C--+0PQKV;
zYWIQIc9{s=(lI=lejM;*7kr=jKUcSnCs%J_DDkgv1D-s8n;uVIc;IkEK4qJVCrh@m
zCkx*`COnzs>?oXc(0Nw5pl@4n(oS&lzM}}Ib(q6xFXZ901D$XOx`)BENlq=6wmt=S
zjlNC_rM*^<DOWN~>1Yd6zN%u%=PfD{d&OdcPW{c8@(-<s(%LALwwF@~enKI>y_^(C
zdmjs=wHpIz9nnDAP9{W|Mu@TnyBLk59ifk-b(rI5b2TVAL=Pn&;!rXpE|fek4wM|+
zMjY+EW)%5&t0>Y&akM>v6~Ci+&mK;Kk#{o~>CnSSJBN{nqA)V;7-8h4_{w0^3fL4G
zmZacVA48?7W<+^8LzH%$n_j>TNqdF4H3}xv08A#SV6s62liww35wfX*zu6ce+lwK|
zUS=eDMqDK6VC-T+XnlcU*@;Y~(Vla#_}Ex1>Cmv`%_^2$sz%1nSFLXGsF0+?j3kGD
z8y86qZ4*hxytfRtgCmV`u`lW3Lk+Pc`W?nWIMQ#zk-C@@<?hzvV;$|_$A22}BTlE?
zqTJp}d~B-lcoL6~O&3S)6s7GH9ox7%HafPKAv$(zd<40+#e5#q7R8Yt$6_Hm{9w~?
z<nuZlDHw3%;&?c6Pl6FgHd`2uydVZgYVomb@%497cx)q@_94*8h#gsUEQYzGxo$*~
zKWD`tNsNm%!pI*xMPZ~J#O(JBM#9PrY}5&~8Ao2EJAcgLU%ebg+M=d>xE<EX%9Ez}
z*K_0G$8Z!sVh86L@MAAE?lsK>9WPL!V<m%*X&Q8#SkIv2bMfL{LA2;7KRlc+R)|tH
zMZGqzGDN-hGDp4s$)KKR#f6VC3g@?0ox&;hYT6|VAfKUprh5F?OT~{*#1Z4ibojBe
z0Y6?F58fyi9ez}?BSpGCV*rmB>FUrTU2)1O()Dr<933iF^ufX{(PCV`iNT9BI^~>r
zc=5wK0WW?O2QRYtRy)SGUU!h$Zn~xU+gPY*lCPP%_*T~bT0?v*2Z%nff=JSRQmS&j
z0Vj59(&NOD@fdk>qYfwj^wY116J0A}aN_3|GMs2foY<nqx7t8a_d*-p&hVjwY3yET
zrQ0d$Q2EW_7<||-E<TKM_lOA}e%p3@>pRi-RujlOc$<n3|7F034iz85W^i46e7Nv7
z6(7nBAKG>J(4pbOH0At8O@0U+jWOcGuN&h<QBt}`102jS<HK2P;ll^x;lrpIrp($O
zuT`MBisM6D6d!ht#fJuIuUC@I)C{|~^1(hM2bLJ|;k6te+EtupXF;thG)!*PpkXf-
z(W-*IUWD`5mW+VV&LUcEI#6a)KHxCWu4!$(p0|^IsQj%p1Q^mGK)doVM}R2S4lS0|
zp=>(R3OgUxfZuHh{65TR8~CmNlEJyZy#m0m?|MD(>n8*7>$zS9evhqZPfmCxdLH}N
zI8S-k*(c6Zo;Xi=;ymSv^OQXB{(_Z<Pn@Sbah~#coTr?B@rm=4$8es~`AOFk=PCa?
z&Qp4C`v2xU<)fQ_MZCG{;~2boN6-Jl^OTbBn9oyQ=R0wp^2B+{<8z+!((~FqPkDVU
z!<T0~1xWPOPxMIi?*KjJCqGe<=>AXGlRL|Q`FYBtejiycoOmC3;(g?a_mTfUzK>i{
zed2xOiT9Dm;eF(&vrfE^jPpKn$NUrTBmcwRNA~gjfAc=_j@7>+K799`7<_nD*Z;!z
zk#}Ep%<m)nU3KDpB%6;D?;|_>KC;hgZNHE7&STi_WIv$57Z>PJ;LD!^3X~S8C~(&T
z_T;w5wfB*fuvW_kUH+SQ)HJm`-v!=3pxs~j^K8?79M4F*-X4K#hv_=ibe(3pPB&d=
zMy~;%O6w4!=14Ux)9_965eka_9aJ)*1VO3IM<*7-^H|39Zch2Mzb8`3jKTyMchRZz
zF=@UG3X#?$$e#=3+$}ZbNZW9~>*dKf;K|tOm3FwLMyV!8`pG4=pk9Ti0J$y62}WQq
ztaYb;D+IIXXveoy_m{m$>m>v!Uj|ASzDNrk!1Xhr$XO`(8!S}hx+ukirsE`B>OWx>
z$&W4~HMlL3JJK(w4+N7D&$9>%s|JUMy=`%a`{qjZF5#V;0U$@hlgV(;S`VK`3QwTx
zblztxR;-XVio!efUff}-8_x66F0<640*aw_ufNtx>s<Mrh70j&_T)XdLer()y4|5k
z`C~-WtNL1?Cz)3>`T&xgs!>TV4>7QPY`I&KbEM`RX}?R_<&tWB1MYJc7T-!b-Yum!
z6hzy9+F~+1n(&;!8%NYS#+`jq1j}wx-!*wK(PtA|oaObmBotpp&A7tXy(rnD<r6*9
zLEJpg8-}Hqm!|nrKG9*3a@B3@w<R@vO6TM{yUT_<&xXcv2RaK@r5j%tpN*T(SxQcn
zKLefk;5qoz*=(QE9zF*jJ{!g1ET!%UKYz!@BTBXWh>9xTIZ_>S!F+~QidbRFY(rk@
zbXbG{bNl*0#g>3d?n?{{{hd0V>$>5dqyphWi{&1RFYI&X%FEF#{ZJh~73#s45WPRe
z3Ov$%&TLRK!=%-~jC3(&gIAJ+%Zm%~v_bgM(cveigD!^^FMi>IHPwSkB`@JeiR)d`
z(&Di$e+0{3OVzl0B!S63FmruzlFNTm0+m0}fk1kv;a{5Rld59!=)m(y4S&OW+-&z5
z_d8yfxw@f}*?DZA9(NUeKc9F-lHwBFUxNu$ql}ACJ!_AJtAJhTngR~v-fZ*15^I=E
z`@IFL)lyw0xYfhiP${nywEX32J%?zeD9|xC!4wq0FG0hM09}_??vp(8u;3>aJTR4Q
zz!IXOR6I+{tJD-wPK7-E72N5IXJOgWkjEj0lY(auJ9r5OH<n=7yxYa}OARPlkOMm8
zyIly@(!tg3{z>zIA)cA&Ae-Zvi3%tiYmBcV@LxO=mR+$6sF#88M&;cdy1!C95Bi+4
z-B2q*2wqFYmZ&(Wu2=#Vb56lB+QB+(HU#7FPjXm_-tb9dW_i%6g|4meNt5PzrA=;W
zO+zn3o$>Un`l23Qe~s0bb-$x1_1aL<u26c`x5eK=<MW0{eJfE5srQRFQ%$HbvwWdR
z^Taw2O{mv@#41d=fvW3_sq~>vZUm#0$w|(re%FKsHpuR`x>`Q6lFGavnEEByYIOhF
zQAuyWT3jNZ2M>6&YJ9>_+3R0w&B<#1)AwR1r!q&{;S1eAE2_(G<1QCbf^Ynuc~<PG
zFKe^lUr7~ziYud5%o}E#(o+euwG<dsfzw}!>OXI$5PXBsQQk~f=9fZ1A~K$NBCrxI
zhj4$aqHAgBNqqC~vJMU<EgUQ*y^)i(ZTz6?NA-Q<nov@MJJdIQ9&^~NE&_!z2)Zx`
zy5J|(D^>dsMm}VnaIbP@)fCTRque%OAqXfiIbs#2egTT5&Qpn0fJHe|k9hq*S%u*G
z7Gsg={`$J!-cg->p<?K4uO*Ua7ETscZC(4Xu2?q13lQEPKu3)94KTApm@{IgC@pTt
z)XtZ=09^%Nz**EakghM|P4l1imEg}xFh2E!*)h189D~8-%&)r%1QKB}2wmopq5(rg
z6F*?b(NSQ_^n{$O@OZ8NNMs==^`kP1;Y$#<O3o5x72);bis<}STFmoXfi+JwXGz~9
zQT&&Ht6Y@UA-hSHz!l7}RIS{p)8}GnQYG1Vxymc_(m`$Nf7GU2<WJ*c_WX#=oJzLs
z5E#!8$GE$q9r6mET3vs3D_v*=lPb#cW~s-T@@6Rm35fG{MJ2~D-Q(_ZhhXb9mL2~M
zHQ1>vuL2Ck?6Trnpxov$axlkm8OoVQHI_wqXvSl-jWohDGm!`M9DNCo%|t#Z=SS4i
z*g5l9d2FQM0!b<3dRAS3<8IOO+r5mi)|tGBH)zgEs-Tkxoyo=33ml%Oe1rp%*5+jG
z7lP?z8+%HjRX(j!x)Py!?I5^$(7`WYJe49F5Bz*4j0ec%%xfr%X+l(+fK7Q(OPoGv
z4=8!YTHv)<xTrj(ySjfc8<p=LD{k^hOK=PEh4SpQjX=kMHDx{t=1uaH$K67pAqmzY
z+e74G&nH@thd^Q$)y$$jq{gs^@X|oIhrqs>Lkp+ImHL?wd=OpFhjH_m2df1(k9oq3
zC8<k<;A6CPjF^|XUI<>4fQczUL!pvKt@{PO4}!_TWe6s#Frzv<b&n9ln)K2h(0P?)
z?&i%Cf^*2)&6}6GN(gLH4P5fB_l1W&u;&Fg3ITL6To>;3I>Q+m2O0#}k5R$+tE^&H
z{kTiL;bAovU)H(f6>qrP6me9RH#G3jkgRU!6p5n0!RiVPd|86;eBS`0y1*~~^tqVz
zbJ0Ul8}fHny|ug4>LLZ9ToKW5IkwgCv>spJI#GQxRk8XV)w;U=VR*sb5h`2ck?KVM
zVN|9#+^jK{;zzurPQqf^qO?r<<l;PsI3UL%3|=gCYA7IkPwnGNW;F+P?lR?V&CXSy
zJ2e4!Uz=N6rhgV08Jv4W8xQYF$Ww0E^kKuF=}S3e+VIaxR5$!(hU!R!13IHLG8-F(
zOj&>{%YQhb_*ER95I745o;Ai+{Iqfkn$c(>;9Cwi)^Hl(5Unu7XV5j(ZX!!zE7ok1
zMgZA0KB>6EC4G)oQ^UDY{;PIyx;txk(P?BC47h(*QE%J=L-6H+V%TUr6<|2b#0ga&
zDBk3iHeh{qH>(ttu@N?{3TP9>J8%^(P8To|H~8-~p>Wx+2`Bw<23ZX`vobc~%7L8>
zdZ#ag1*T1fwx5ALF`Mj(HLrEGTq`B*!XD&g?I`|{bpVFe;G#DHU{zGO7NAL@ENs@d
zKY(`ZjOA#~2FEvJy)VU+u^c+96f_%m;w^^#2h{yio%q!&H`C)dQJ|-RjAs^U*1QUL
z$TQ0YJJ0GCrulu+3|6~7SVBs>b6H*~sKJV|9QF%#H$-<~-Ijt*1U;WKOR=`_7G|*O
zW!Q-EmnHN|PxL338kkKe&SsF=WeVovV0uM)?Xaph^GZQ?mgT?(i(;2k$%X=S;VY0o
z;BBR{mo@?`8}JwW$$5Ox{Hb}$-waRT)G`^a!1+;9w7aE@Mg@C<S`+zGz`JW;VDe{)
z-OcaAK@T!r-s0tzWQXNQOF_?nM&OJ`YHP9B{hhwh`#fBms`iBXbJhMni_1PBS5yKP
zkdzz=tlwQ&Jxj%KVyK)2<DvgPR9?Y9XTs;1{Bt&Zp2a`IZd6{$Kf~@=K97IShtE~~
z^GGq2n@@q`@L?o=D1;9M_@M+o6k=7>QffN41V6KYuX6TPDT~13^;D$|>dSmWpSiAE
z?&*x5#9TU?j$l)io164t(~H$%aR3B1(Z`++VADrnGZnyQj?@HT^Il9oz&v8tI~c;G
z?S>F$O>vRS-^>uE$Pwl>nV+f%GbV=hWs5F`wH2KCf?oe~Tp7iiuj=)1T)g>Bj^L?N
z#ze?J&GDufA8*29Lb%DWKEcg*<pL|h%_!b)N4{)UCST|^SLG|)8c)8On0#f<Hpv%E
zXqq)DSLxQMTxD9La+Ph3%9Uu1%2lp4Dp&bdO|HsE^3Nbz<pumRNLP6w{|o|FUSeeu
zRLbRwUve>9rkAf!`AU9S!7l6h<xF<DnP1Lgml&6zEgbl|l6}3KU$RwM-o!7f*rkQH
zzl>el_$3QNDYx^>dUoj`#+Rn@Z#PF5fvjHy-C`C&<Nl*x1Y>oJz#h8@9*kK89{nO{
zGA@GW*&?u6&5NL%<bP(H^8b$x%KtsbEdNKk>EvH?=H`U|hVwu%M<n?9yf|<<7Jm&b
zaL!C%a+Qi_VA8apqYA1GOA#9rotb2-yPes{XS*Q`NlYO3HH9FZ_GThFTfNc_I+-Bv
z592ky`;xc6(A9z_v@{$`V#Bsv7jS-QwXh9gy4yKEV>zr%|3qgJd1}z$;BFcRIfA#d
zSEUGA-RDkpju(Qs_9(H__z)xI&O9UpZbPvefZ-bc>)|727h7j#@2u@&xYyg*9u{zG
z^o0jH0Gzo(S44704m`iuN00DZldPd4M-tqId(hE(-qC@cq7ehHFS^w)y9Q=Xct{Li
zdHBy~f{9)wj!K#;TAQ$lG}(`y(A80g&s|oEW=TR2ANUPMj!&chg6Xu&8-CELbc#gr
zudWXX&<7jq12s7QN%e;f%Xm9_E2l{?1APR&HAmR{IKykBokCl$jSwvASQ>mgY8Qk4
z3&8~Xq#uG+#ht|gKBq$qVbR&iQaw6?VHGYW4Vz$CMTbwORYYPa$%cp(!*~kpdiRF3
z3$#)a;f`g|{_xK5u;^^V@2{|vzhbff5Oe7ON4`@^n4cJ@18a5qq#wokYOlrfhJ*a4
zEWyyGuVL`Hpq3&<&TP%`i*JrHeH8tGb-jJzX-*rALSFbI{CJ@@_*G)>pK)c-+g)j?
znDVKn{XqJ2VX5^8t|XE7W@$P~C<ac3rjwY3uNfVFoV>%U1+kjK)FoFB<;xcSp45%8
zfu>HU8g?U4sU+}xLz?cC*<~ib+|4et`DGKk6#1ovv;*IqrqlSe{b{<>&MrstO9#6w
z;FqcFvXEb<u}gKYB6n4&l<idkXC}-4m&6(VWt8EWsQUxdF_u9ISuP^W^O5EFz5J$v
z&XRz$O5J(zuWkw?JVXM#hnYb34|is}L(`o52(v6r^#qr*^D7~?wmF;abRyyCWFz68
zGg=pn*SE4>s{AU5?PY&MFLOa3Yk~o|2Fs2c`)E^^A3pj%cDu*gS|6>vkLrx$R4cbc
zj=qfnt@Gif@8d2I6wv4bVe+XikZDmqz+A08WadMXQcZ8&JBi`9n81fmi`;W2g;9k6
zbO;nxw9}E?d>RZb6&O(-3<)}&i{k*x1BQZ8?73Kr*er1J|1>f7s78##G=*&LRB=N=
zLjhBqhgfV>>x;GAVpyyd7Q<qlX)!F;Sr)@$t+W^x>pY8ov6fcxo!Q>T3hUhN3iJNR
z2EJLZMcP?m({(FswGce#pn29DO4ozTwam6g3g9hr;!aDu9&W`cLa@g{BY^+0i*74W
zem=-~3l>pp5{f)dS%af3w9{0#Imw?L;A2%M0sbndA36Fpa8B#%?D@_5HGr+nM2{a^
z3t)aDlSq*Ib3w{=>vjnbZWCWLn)%sHnct}AXN`?ARU$tZT2d*fD3WUrR0)AoZANP$
zkfLKL4skwpt1Ao*2g`>BBg>_sS?@_{eP|0eu>qBHQK>)`VzpV0a+_^aP2IN1z`ou;
z1LvU0Y=a6B4JzdQs0ukC1fM=&WS(EPqQ-yZfS!N<>KrSNU4&o&9-;)TZ7yl_2&n5B
zodW7&M!$f%l9_9OEo0^y;A^<lxQ5G)%Nh=DVH2}bMPN8FS2VY$nwA+=(@LXisyC{p
z%|_KE8&%V8!>}~m$n6LfH*z~d#f{vKP*pCsBOFFMBK5e~5u?6i9IE8RF>Xb9uhG1-
zyfRwdSsIVq&XT`3);Li9cJSzx&cN0;Ugy_wH(tA8)i?~RW_onhfC?Y}vq|Mx74Oex
z?v#)EMcffpjGj+?A{NQN-vd2gq*s?HN;rbUByFgn{Y^);5u_S6g1D_N-ED4lrM^`Z
zeWiPoUSsr2)M;F+UgKWBmrW%W3kP0(NxXWCsa4~$LpPOz0t<|}=Opaw<xA#VVlfNM
z+;8Kmz)Azmn8#s832n)^N#k}57zj{xl^CqT@CJ`m?Zya)+vyE8J0Vhit`9-=sr2Rw
zKDsiO3xPZK(ClN^yE3s8g4gUpL87-%Ur=CsCxHGV7hYmvA*|@Qa+kTCg^}D`=>N#9
z>Y^)vTj;$gC=%Ql?N{i*Gam=}kB2!67hY`PjKi5M%vvl2x8g*w8TIN#%9R(jx_zP1
z=p>6uK68L!QT4v-k+m-}hZu$<N!wg`qEsubWSq`MPA34TjaI9?uioflS{!BRO0oB+
z66^`gC6*(731S6%XMb8bxLlO<-BFy}aj8si-#qE}Q`BHkZ3Sh5KL0HG{>z48tnxM<
zV41J%-DNx<Z!05TV`uGw=3U2P;B;wC*UVeTdZ{@h@vpX)Xbma9X*3#kc#b|~H@!B0
z*Yx_PXS|2ZlrVJ96lb?txxC5v5H6mWhf4Pw-Z?+LOLr+si<JetVuH-~TiOo0U8a0Y
zo2&@Wi;i)VLRJrdQH2K=T+$v-#@37jN@=s9<?#m$m)*=AS$D+nMXhpq#Pq}l^AkVO
zdwdH|akC8<=12^sE94Hv0$PwGF_5lM$&VN!8XgYW{0DV>I;C0V13ID0e9j3XM)CRB
zdN+_QK@~E=jsF^2_yoEmS1H|emgu;wkR7yBv>ExZ8X+*uIg<BTr8|=852>0WDD^{c
zm~VQ&<dq_-<NxLy7In7Y_zJ+kBTXLtEC#Udu;oa5aOZ+$nImlmY4=G#p>LJ8j1v4`
z{?~TY2er)QEUg4_*1TOlsmPg*S~f@8E%x3ZrhKA0nh%hpx!4=yWj-hK(_$^D2vbm1
z#(2pX|M6$&-*VykP9DKBAdU-pQ;y)NZ7A=6|F{$LA2+K0<M)q=f6f_g^UtpF?;hp<
z7XLWc%q#<)IgMV#g!mg5JdwZ|joCu%zR+9zy`ax&bEA764UisAkFYRe2v-#|s^l5t
z6D_Vf54F1Re7aEw%N_U89!@%V<qHi*n!}t}%OM>P<GyP_cltzUe>~+%>Wj@En>c*w
zlIfGa^-1e;Z-6Ov<;j)XjC*3O8sj<)*63=Syli#yQZ^W84%l5hF=p~^%v@ib?DFSW
zD3n#yxrS%4?K<B$o0z|U;cD!2CR(V_?}6AGWw0*(BzC_4%KX86vg5sPp~+T8bnJbL
zdA{G3o3`rTw|J$!6k_a^zQS4e(kbs23~|jjP8%pqKKI&Ghh8L+a0?3qG~L3&z0epi
zwim3ZY;kha=EBLqoeR-wXQJYRzS^k(m5*M$Oe<<b5YVOoQKI}1n5~-$LZHe*z^NCK
z$yAw277f`0-{nY6K4~ur1aal7+?zleUi|@gc{=oy4U2f5CKtVH*-K6k1+P@^P5B(O
zdN#$}ZUkA#PL-u<A^0`&ibpmtMkCsWrr;a!ZFc6`R)penO(^!p$OZOY6J!zy^*u@v
z(df@<{KY~w33?HYuiO&jvnVmf!$_rRY)Yi>d=j4(XfoOuzS(i>Jt*Ubb4gpQxb$+!
z&Pk2CfbM=Al{dky_yo@q<p^$pA8+Yq;r&c3>jukc6B%XQoDH9-=Lc|WQ@1ygLS1y#
z*m54v?v)OB!|#%k2AOk7U*_E;PTrwr6=H8=-(oLmSy~KC768(=k_%%lK2}fTcB9|N
zhgo#)W2q(Z9r!>lwiBHt85o<0hdz+yZd6tI^67s{v~Zyl2VmN_z+DM!epzfWPQQYc
zs&M^;PBnU@f+Y#skqy96hmue&{iq(Q$qroxe_c`yz5mLFJFcvnqEz*Ey5V-ZJ4+UV
z%aZlyE}l-dXfbP|e@T*S0a>=Jn;)xh1Vi+KaJH2W-}4ub5%tC6+(iE3kxrmgXQwI*
zGD!*s<V|7tC1W*ph29|w!5+Ash3`%BWnm7Wz~$7XPN8v0sy7MN_%c`NL5~nvk7vX)
zsxp?t<@G|~6MnEZwG3amhAf7ae}5vq>T<iKErbZ7hsC1{5RZ&I#PeVtafY(-@Oa7+
ztQR^EtK2vcrhvUun5feazyS4FI)>7sxt8vRWik*C_@lze4lEaf^%Q;PbB?aVvsQe=
zfF<sej`*NIpdSj*M>rDxPoq2=sBfr5UAA0=?iG9=FD*d`iUH+ylvQFQE1Cu>;X?wU
zz+wz-1VO-hV3M4<nC<U&JQ^P!k;Eo0IF!fp<w!^LQF(Y`K4l9XRMIJqTk**1<fRM~
z?$*bwl>0*W;W?EhN#3k)in}(P#XlDHh!xc0?~!#dCB2*tcWHPkxX~qj27;1}g7PdX
z&h75Z?Ly!^3lnM^a&8W7wOeAHv0;l|ROecvqRPaSZJE_Th{u{1JrRApFecK`EqG*N
zDRn3CP^>-@{J$~$O7N@{1$RAmIhaG9j$U9dz%Z2!nAfH}+S(rzV!&6Ea#2J(@2{R8
zBHbH3KZH^Y3&F-0Lf-_w5Nx`I0Q(Rw2RE4W30nQAfzBw*N;Sug8qPy4!?@9hxib^&
z&Lee}PPhwvPmyzK|7)zVaiJ@fG=6>@m&#}q?g9|*`)Ct6o9ZPSg-dtN=REWpN$X%E
zb^B7bi7Bf@cBb?Y8f<Xqb62ic+6`;Nb%VMn_<EoeHLxfmE7=}d2g^Z8RqKYS{mqNw
zSOA7VdA}h*-tAU2BB;DT_rv<3-Wm&mo0LxuvG@OazB*K%z&1>kp389`f^`oY(f?!b
zOW>O-y1o<I(y~aZpj1VzTCoT!^>Lvh+R~QZXo^)pR2~#XvF-?oplro7&})oV5yc%9
z1O-J!3y74mHQ<V<SOlRU!i2I^kP0o3@0>Gp*W9#a@qM4?`@Y`~n%vC2bI+VP+sygT
zOmVvu@<nikTZM$aI?UxE9{d!Co1mWxjZyN^ihLokg6bsBWiIAE?+5UC^`Wy4Y3t$?
zc`2yV%Zs*dYia0(!}>0zodps(LbJFp2$i4#zJ@x|==PcvB)ynGSn(R|c*7DxNQOi2
z9TfOWu{7*0u`HF)Et|wMT|?J~MSZ%uu$nbTjE}#DKK$UXt!?W3i*bEt>R;ydn~jxc
z_Dw6tco9vjekEwZUiD5^xfGX`<|MLnmeH3a5TgVzYRf2Jw1>_AvObJ+Uqhuh2nW*2
zF$n!h2||-3-zq7XODoNxcKAxG%yn;}tqR4f7A>W!Bpk0TW7}US3;W7F=S%XyBq=Z&
z!p*a$$0Dd69P9EVZdaEn>*u$#<TVL4SD?V|0-8RXgca?;*(Ev1I)2&$A4{rUAV`iA
zBrnP}?U!U;@2V{t0}aDAIiZ`_+MdlZ^0z5(*aM{C7&LQWxJq9gjQilxL%@baLo5y+
z22?4D_GMK4hNmU8D$ylZ0cTmeb*;sI2<G**&6nxpF)7eL5qQei_sa()xxL`E(!c!#
z@oSY1Nni;mgu(Jc5C)h3;Uv!c92?76QXh6gumk*FMq4N$BdbSYpKnBF-TFLr$3xg1
znT6M+WO+`{EF7I;w|P!Ri7@oX0<?%ypvQ~X;|%?_eeXG5F7IF~DtG_v3OtOfso8n&
z#u6TC8(#eJPOME|huT7Xue4h0*A36>`?dGSykA2P(*TjW_SLpw>e?+iamXM4m7xQM
z^*dLF<}W-P*7t7>a0iCV{$ykkd-{V|+$o_dNm(kLW8;l&CmP$@s-3f)rgr|SwDanB
zbnQI+cC3v*E~xGBek`@|@|-v!FV^}vrAE_7X))JFlNzQi;4&S`j??TzA4JI2qX2R{
zK-v~jC0DNUw^6yWu-?Q0QPzJSt2}3~wU%eHPnrFIGQRp7njYEU{$--U!SdDW&q}wP
zD!Sz)&Q}qCDE-n-GWE+krC;8es_U0~r|SBpIu8FNB2UjcnG4h8tT-E9e>;!!*q0S&
z)9kCDzn{zB(USg`7acSGeRHGHzvV3*{nOvFrhi}}r~l`koc@yp{VRG3`um`C1cNo_
zd~9QhXy^THCI9saQhLwC$1ebvv_yiKvV#;{x^g!V9<1oL^dno^D)#fMv9xVX{D5Wb
zt3_pDW?xoDagC@Cx0Pe%OB$%}fT2F0uD&O+zE74K>PyD@hBj1R>K=W4SLo`y2<yAc
zSYImEm)uZ&gADck@rqX8uU|raCmZWa#QIj3H&9<vjlRCgy852R`j#v))R%<y6*g3#
z%}`&CuD+|WzQ>I9*|5H@4b|7xP~ZM3T75efLVf2N>pOt*Qnk2&`lcB8H(giXt61L;
z<%ar5{z`a#FgB&?I!XSU!LVGj)LH~@=2gNtr94|MSL~Hu{xTY=&nSY;8mf=vrKYUm
z`ivs;>B|k&NAfbYk@}1xb9Y1ak-X$LQlC*|PHCt<k{4Se^%+HG=}QgNNAmLVqK4};
zip(&}`oM(V>OjvN?8eP#?#fW=!g|fW^Kx>bfpO|REOsGnjWRG)KdfFC{+Gc0mFD^?
zzcAESX;t56Ux@l<8SA6=`p0Fk!LP^L<Sc2xGGjcbmS;h^<R6|fKn{kk8W^waSAgZ-
zBVo@u{#*&hH11ZCe?$gEI_=<=V3vd<!2vk`DF2NQv%~*3{EYr}Tt+Cjw^|=vU!`65
z$)SM2x5nKDzIp5H$lpv{u<0L_ku5J}quz?QWy<AZ`@|g3+16=mux=%O8kNCjOpUkk
z9~-Z)a}(<8ud7etPun{z`9}+DGW+JFZ54Z&{>USxHJ-NBDe!zxIeWSdR~EX`e|Mkf
z^pDA4tAKUDO3&6j-&T(Uo}@*j)h$V$dit}cAIg+-aQZj_H%?H4I}txA^mqqq{S~~U
z(f*othh={S?lAQi#^?R|h&H&p;{Ze653K?+t6SsvTr>r&tS2MOKYF^2rQa#qV<Z`$
z*j3`hF~Hwtb{g7B8KKsF;%)lz0&<N?`|z+36!69jj12nR6mO%=*+J*V#=-D2E-d$v
zcucPA1E^pA+vy*g;SGn~EkobF8ZYLPu`2m*_RS6PII{_XCOqjVE&sdH(1GUXAHKu%
z{4<R_-%r8?D2HLNl`M@vV3Wt&JeOntq^)5~UN=ix%d|BE)i@R;Vb2>VXBcDQ2hOaU
z>dV*H_gJI#y%kv>+&#bkBf(uB{k`wQNN!XCD|x9ttk|2tC}B%t280Sq(Ut^RIhYdG
zd3b%edbKKlG$ffp6J=m*u6;yrY)IdszQ2v{dt!iiUowB+t>*U~_?*8lAK$ldSOf3-
z?qT!$@I`F<Ib;}<YL!?vW`Gj6s$1P;@?gG?{G%)2DPW(SL(`D*uh}qi(?1I1PU%Gq
zO8;h4Va#4s?rE(|n3CQM97#E#52xC2zw-+);vOIcb7*V2A+qm%vLQYKF$Z&!`7k&q
zfue1ksR-uK=5<PqVyHA^03TVFU1c2pXK3_0jr9L@w#|mw<!uNxGSPqF1x|m}3yslV
zmU3d~fA4lq|B)-r^oJInYqRP7n>SbxnlY(fTQ6_C7FM*LJGY$)io67KS9AB5Tge|Q
z$7zNtPG9ay_|8Omjrc@hoQ=Ky9m!nMew^5OFhkfnAte#kgzV8_c>g|{m>9RYnN4|E
zFjw+tWk|uS48fQTf0iWb6gJybAB|7d3ddrFx*8C3tg9lE(xSqO!YCE<=eM{5Bf4ew
za|Ish29{Z)E>ZH|l3*V6<|a7ht&-dyzTN`l_Toq#xj){V1lM?c0DSg`k?}3ba1Eci
z@Yz2Zu2bO}K6Bx-e=1yeg=_fCh0p$7X%4IxeAKdwK0xW(jRN-EC-{{Hd_|w|fn1kQ
zF{aANko<kXjQ7j%gUyz+GW<Dk0beB3ko+VX+bhz<KB{PKk{=)-W0@(QVg1ud-=`df
zzNe%c^nHq6Uv4eo`ttE}jp@sgYfp^6TsfZW%Xj~3s=nXT&7kiF`V*ex^w&Jw82#6t
zAo?FK<n*_Rpg+{Td!)Y4d(Noux@!x4uRI=opZyi-`;=qS_f1<#-=~}~ec!nCzhB?4
zeoxi+w?0(${lyQtzF+gv@#uTm(#G^%%<lyYpthfp6|ChmB<1ZSxl(GuJZC$D9K(P?
zq=-Is6-d7I?vUi$HFm30U>xusr#zdUG2W}2AJ@I_RsTQxzJ7gbb4Mn)he&}(3s4b&
zxfjwa-F+ngLWC~3{DYHRod+l4xKyHaOscPZWJkR7w`Y<43;8;Q6;zfX4PGh9OnOE7
z`=HalTp>|eCmUQ&qYcL1{h%z2@@nz^8Bbfj-?`*aGo&HgNW*PML4*4Ko$P#izvKtu
zOYfgNydw|(<I6Z+zJMp?w5VI%Khzk1AMf+nc1IDezXMKyDJoq20ax{UhY!Io*^bf~
z<zyo%XPDraKs#Or^24ZRj?(-vj4}_0-2>#+={wy0a*DP(d}y%>7nV~!{;WjLza-hq
zcMr%)k^+-vQ~iBFFTDh)4tQtLFIfpV*<Inq2kjMJw9NL5;#9sec$qqW*0<0-RPuYd
z?aoT&b})-<IFS8rxvp0D54JpuY<Y#3H_;!n08?MI%bg@|l7bby;$#{)o(APSB`7Z?
zz%C*>hLrFPk8o+ecV&3lkP^<nE03Okhme2%{6oY(M-lF~jV$E*I}sayXqb&3N3d~r
zR5r>A7fb&4_}5nBAGaAaZli0RNb>y(#27ruXz$a?Ikz|9VP-0yJua0=xrrR$1;&^k
zj)BQ%M=9a@(FnH|c#!4<2~ska0z#(lhpXq$3c(-c6(%+{z#c~t?dO&bH~1&br{Adx
z97_BBQ;4u~DaNboM*j5%UL&4JkV&q4AzIF6i<%L2+{`$#X5o*nz`bD!_hi31RzP>U
zBA#kxGwn`csT|M#h)YrivpmO~oi4CU{<&3DJPX4JgmQM;@9eZ&N@oHv(7UE^;rpB+
zUesrI8_9nIF!cuD|4;-xrLS;27seOic^7z|h|9l_Z}Z_rPC5gZU+R(<(o5vId@Yz4
zH_t~zsP72vIB`QlPTDS)+&aaTe&q3joU~f9XTp$faRnw7(YHTc0Wa3$lGj3WZoVPV
z?%bPQavca-ro7_T+cUj~V;n{82*`DLiqv^H@NYl-*vwIc8*KBWU3QBa<jh98i^$0=
z<8r%S>O6~pl=l5n_gUCf$8*0n<0E#LyqArdfP?c233ynv2cIB3#yC4-wra5r&~9pF
zjA$i&h*mi!b|DZCQaFb6y4F!NiogYyYG*A^)DKXJ-Qn9zn%?8e9%tIv=1<BHuc7sG
zhBU<$cqr}&xEtEykH-_79wO9B4ee9`t#-n{^uLC61@?H-pbuR#@i=o)43|-07=iRT
zn?h|BoR3TXBTxRrC09_=_j~s57h2dv#d&sC{W-Gxxk9C>Wn3VRvZ>t0<{sjB73fdu
ziY=_BsGhdh^_9Cn7<UeP`|i3h@Z#=k&b0ZvvcgZw2!{gV`0PS@?Ie6{ZPrM5O&|Q9
z=<X>6F26{UhbKi4V<5opC~X#6S<i7TfgaCy2WGoJ=J^p+)#`G6K70?W99B=8(D-(F
zhD$;VAWVp3*ZmuV#DyHEOR^REP2i1iuP&MJE&P6Y2TOmfEF3C5gj>JW^6lVs=Mf-e
z`eKkc(7Ul;!%N{S8zkN<bQwD&%)TyZVWX`iQA3}-?-1r2_pmGYt%PxgCXKxsn)LRZ
zvM{@5erp?>@^+beUI*b5ej=l;A{6|&BPIW0l(U(Mj+~|PGVkwpvO66~pW;E7xalE0
z8=h^1JFpfmqTck3mi+x7u+Hf!by{7xh>WABt>h0(C0Tw9EZjl6<jAd%dLYJU0sfI3
zc}tw>%SUHQeh<X!KO!VOFb0GmBz4*+$-g@78`uk8L`N)l_rUEMJN+u9FB9M}*HRsF
zfsZb>KmZS+8viYn00vUC_mc^Pp9jOlejp|NaR1??+9ipei@lreo>XP1s16RrfUv@c
z4Y5~0rN$+^J<yiNzlJJs56WaI(6=Q>Y`?D6tJ&pKNj{H`zgL?1`-b4}WR1TLABXv>
zJjP>7j*`z#<g=d1dvPLvNqsZH>yA%xUS~GQYtj!3epjwIVf+q_3M+Qan%_?!68v8N
zCg*n(;)w!7JmK(VG}8rM7*jmeOp7U=`hph4Ho+-}4NiHMl~djr(~wgRl2hKJbIJ#z
zJLULT;gr9M5l%TX7VZ9Aqf@@bB@1g|bjlE*wTLx2<=V#|N!z8$cN6^b+u)b?8vQaI
zxP^<jI%mOHy~4TVNHgx6hg0l;nS~Y%`QvS-x#q=Y*L+xY&9B5LuDOm?jn!N;-);h3
z^K9IPY8Q8Syr~wRxz;i9BGohFmd_bQyWEAx>Xk2~6}>&CUIAA1h7Y(OGLFQGCfHO@
zcr3Bx*u!*m8by;7C#uopQV~r`f!GoeX_`YxSwzFVaC4!EV7N~+i(uHM_q!v<(5W@Z
zXP?V{EFN9+m)y6H)UD63h)-}egFZfin9&@cv|ynMI!}zklQ!zU(RuPVLwxeh&8<xF
zN%^=Gf|p;(UE$n+L8rYmvrKs&;+JQ4Xr0C52i`FE1J?)IeN5~WP4`EOAVM#x@t1Xc
zmMG$YaWAuVw^1DP>c1$CnLm@u4=}NM%8(Lt-Xk9n{NLrd&JbU0>VxscTzz~&YcnBM
z7?6{O5y05%C{_rw%S9c!SmAH>R&fhk^@qp}8mxp49a8b)7@rg!GQ=mZ6hM43t6oGF
z@6_|iV*UM8G41~itw^~H*qJ*6B8x3^AhNjjl`=!Z%BG%vsX$T-7jr=_`c#-($=^Q#
z_rUjU9oquMwg}JPkkUcU1AO1Y$uyes3HdLlVU&*xd>-_Z_?knGMe;5pLp{G4x6nSk
zlDy0g-fV0~$-ihNXC_202!$Rvk{fLA?+JWC(jsE5aA(Z1q?yfWuNdHxYm_NG;Wykj
zng)*Jv`OVu&d=J0=9js9vxQtroDKJfuEUE`o720~E(Lnqi<=XByybSmGf770gc~H|
zj5!a~TZNVQvNqJ01{$73+CI3`K2Meu7+6r9$nn?q3TLO~?sJ{?6-xUyvFDxugUY7`
zeC3`En4iD2!p8+VKFs%bm-kRi@SD@Vk=;3=h0WP%gJd6=SpBY|&xU3<+-9;3v^6vP
z=@wFg6<tXQ=1vCzYW8wj7==M=T&>|KK8~mDA0bf~QK?e(C5a492<IB5YLZ<@6_*z-
zT&h$pb(F3laU!canOoIkl&p6xC2NvFvV4n4vUv2QU!kJNSAVlZ*=LJjb`xc+XIQsi
z0Ln>PSdYhr2T*3xE8Lgh^1e>{obo2;l5jKkDd2Na<DbZD#g|#yEAbT|3wib<d7TcC
zbhT6FS-E_jpBH$@XVWC?;t@i^#-fD%iW1gCk+3kxL5V*R#og&$5zG5rK1~Yb$A)e`
zqSK4D2K?|*%iGH+Z};>idFyux$y?UDAa5_c2;*rXIG(Fe*D5CBg<X;-av8x~!bCpV
zHj&R+<|d#L!X=-3%S~Ell21_|j8Z@VrF5lEJ`MCT-$eB}bvB5<N4!qHkykGFPtx!&
znYTED6_^nQp%3&*#1u*3(QcGMlH*;0!38S#T;R?XfIoaDi%-F++^(Ecd)SDN>p>#+
zlw;N-Fg!zG7{H|sB2rJz%D{9GeCA7X40~cYrkJuuil?QZmwKG)^cIV+L2rrn;}q>H
zY6&iZ3VLU1KYpxzoiDzM_y&GisTHo)zE)~qtF*67d}UXRvE%8MC+kvyLSCS`srT41
zM#72*Xo<ZQn9dpF25$y@#dbkc?;s?^9@eovLAbM(F`Gzl-MO@x0{B4ofuIS7VLpgQ
zWyH6fe343n-pMKu@>$?0%^F&fHPlv|GZX?hB+s7(qardyxCiQF3bXx_FhG}cz<y+n
zh9CI>l#`H;Y9CC-E62P^d>wht=ppjtnIuw^KCtWnRIDMgf2K{1FpDRDz#ky74rV3r
zA7}BGeawGM6mR3oz(Y-4=gDLyp^kE6R~An$=MSvZ^{YIYheeZC^SYD7uY9yJsnXQp
z@?^ee@T4kJ_sf&3cmazl3~&!Gw4U<;N#Nrd8VM;WO-<ka)AErY$Z9^)@w}RkjD4Qx
zBWFKP`N#qot`>ls0wL=&6k<vE%o$qTZ>Yb|$l|P_{+y9=KM<%sqh*jde-6l1ztKVl
z;b!>i<6re6sPM_}<5!9#PSG(>7-M<z6irH@j9>YtYQhRXlFXL+grLqOL7Az^M6s7&
z_*O>>hV126zRF11kiGoMR~0E9d<+3)OcM)u_xrqzUy+k2p8UQ|)t_Q7zaaO?6-DSo
zv6o+nz<?`;lBDs?*Qtq7H+aSdYAjdPqu9%pq@iqa$+XrSKM?<jiXSLkOm@`M9>Si*
zQ@A|WyH8f}AX?sRF*2NWxuZT@L9Dflju~Lc-}ey}VlC&xL)3LN*cg_JW?wZWyb_yX
zJaQwyrO9S`z_JqMJTRQ25fDg8%!QdxZNXTor!pZ11H_+bX2tV}lBEqS<nl=)Eivp0
zc;>qTIpxye)p(N54T07j@yK46oHJDl^lUFqc7aD=T$bXv#U&qcdjF_#*>~j0AwHLp
zc*mXI1NO%uW{Gj|9_52#)WnaW8}J~j7r~Ve#B)G8h#~dcbl<&|hC@Kad@-Ie6BrIv
z?3Qz01SO`kzVfEzb=rwT?SYTbM4M-(Kkr4jb&AWMGu6A<?w+EKBX39rDkXova%`w)
zX68*mDv){mZQcXT+-JD__s-|WK~&fpDx^(ZA=sI60gTON!HA5_@WY?XcUs#@RQw5L
zj~A<BRp2aQT(c58XC(=nDB^pO6321=Zt!wdn#v*{J7*<?^Sen?q!<!|&eYdx1sUpm
z96!l}+tcwoP2F82c9#cRn4X(F{1jvCo9URmT+DAeig=f6!S;H!0rD~sj)I(`t?t26
zAg90;_?+7`&@k-nR6LKQt1B=~Y-~?e<l))rn<>t%rCO4Zt7oDF^uqOpL<JpfM?v`H
zWhI&N2Ei9jw5GhbN#mDeo!JT^nBsZdOeEFSsZR2(8T%n^qJ-Tk^W8W)uz?Su`R1ph
zc7WlD=PmC+yQ2uF?P=<h?UJGACQfZ_)8^~NdPuRi4D}?N3^6V=zf;<pv~nj0%u4bP
z*bnkjms~C_*_=FJpw!|kZQd5dI-Az<G3UcLqA$lV-IItFR4+HI50hu%*CDc(W2d~r
zgLCJ~&8TW=m5HKcUZ_nF$xK?ZD_QfwJ3{}a{BYEH+LIkcxL0K1;`fDllJ~nGKQYm@
z6qw6h+9tM(rab(3spho@*RYr9tR5V8Jwpa)I5_G)Ae?I*UO(K00Eo63#TS9Tq*7rZ
zAFM0ffb-~^SW-Q920x!kI82K4cvcGMlV&D*9-nFV42u?{$P8bRW1hNeL6e?1b*IZ;
zlVb&9?IW@>iXTdeM|gp6vP}u~?9iX{^y^pE`yU@K1+trkiEz0Oge6&Bt0yS*-e8~?
z=j$KF`TBzBnKXJClKm{Qg@7EAH!Iby9F8j9A8@C{E39U_4<e`B7m2537HXl)_eYTS
zhK3&q{f<Mr$KC*YChQC9gf3W1igYO?S7b5{a+8tCH&n!l`D}-?#_=YUu6G5-6rjCv
z$>Gd%m$PSw)Q7LJd*aZl<QR2JUW!TuDrNNH4&NZrN#-qUM0`mT$TU0b6X(?m+vYx5
zv1^Jw9*m({+Io@q!3_``zOA|kz<>`-l{ybhCVr;XVmfg2{i-rMie_L>#-`9NmG;U|
zFQA-`=fy#_gU|02E>blLM$qXwiP}V)G7rM1O7zoiy4g1|IRb>{4X$-L=Iql^>u!#%
z#i<P3JZ1;lSX_^bGm3J#yjohaBRTY`m^Ve{hNkPz8&JZ|Z8S8CO<_H8^XI{pd><Xp
zYppGA!EL9dDNcJu^)r#{$N8$>U;$fj523xT5KZ^ETylu7B2QbxUat#>q1RLbGY3jb
zw%~aN(4Bmpfhq)4f*q`ul3zFuHim|U!{G?LoZ_)z0MPpp9Om-#kCB(X``HPDhN}&>
z45ns{6DcD{(RiEczDe#^*oADRl5pUmlHy+X6Z-q!uxm2NZ^H@ZNBK@!dw39by5x^Z
zs|72esImeBlE7Uk18wA2;X>}XeZxp?^kvk~qTIa_%>iz6jdNw+qd4!<->vPpuq)KY
zU{93z<Xv)0+_F=&qJ%2(7`=%wWiZ5g+u&Z2AHo})o&MtcxR^bg>cn``%U-4UI@QSu
zSEkE?(2!j}ybSG9^8!uIp@bF~=DP%(U<+$;Q&~843kC(1<JJ5<rjq5oeClk;l28m7
zY0N2CNd9^FK5rE`rV;Rp5xD+*Y^S1C?h7RQTDVTqO$;TAPkOzOW4yz+#<LE$43PX2
zr`m+mSP7Q7IrQWRu*@UCGUs+R;(>1wJ05U6sUL>KxPYrS?vl-LrMuj^Jw&q!IB0hH
z3m8h3(|*|H9}1D!9;bab2HG=T#@yxSyy1ITw<26jHG#%?0Z*bcI6)a^ID<ZAY~jSM
z?wm3W5i=e0CSa!x$&_hWNSkT}9!!*iIW*BhliD$oKLaRg7sHZv)21MJ?UHB5Fq>|k
zNWy&s!N6nniMofBITKbNtA~V_;QYZA6R*11hEoW0Y#b*jG#K0BnuIZxOa2#JKuA?Z
zJG;TSU-r_L*l0aq6lLdaBI!W2gCUgiQ_x!@zPkK_7+fCEN^t9K;)Q)D26ls9B8^yW
z=WP7*DdYs-_KWk8e-{s{Z;<Kzz(c+*zAG>|(Isye#7e>Pl?QOHkaH3uAKbqpLz3Hy
zCa|w|Vxs6>tWL+p71eDdoO1h@!Z@fX!8V7wf}rR8;fp78!!|uetdFN$zG2J~&&8%W
zHXkJirRFbe?)aAsQqv5Z8~7}RUvFo7$7Az-YU};tWR}3FL?@q8$aIwQQ>mOX=M4Nn
z@{?Ii(+X6+nXWl&u$*5{CZHC`H5T#jSptWYlb}H+LT~Ic8hChpZsIcI`hk(5_IK#l
z4~z`OYu9S_L$6;X37}iJ=b`<O6I`L>Zw75ft#aDeqDu9B(a4Rhg?gPzFz6INkBci+
zza)(rs#5XR<I&(C90@d6rD@YwJ9OGK%|e@UK$-gKb&1Wh$Eo8R)Svh(g#O?f2c!P9
zE-~m&rKUdzi0h;*t2LFVGAfIO8iBItv<L+$brR{#N})Fk#u@Y`!K61;n%=B7=}iLH
zn@X-X#Roq!=?jv~UJa4HRGIaqxuP#7J)wu<Uf_B%#%9_-N6n2L602JMAQq%AlK)mF
z*$-o^WZx&r8`(|N%+L9J+a9)NEVmXm9-1#3Yg1<2oB`aDZ4&=V+W?cgI7;<1a6(nM
zra%!YL9v%#kdkm6DfW_fXd2<)5jLy`59B78^kHZyet=#dhKByW-JlP;R3IL71tS1|
z?<AeSLEEi59P|a6!^wki0JP)E=MAPKI7U?tCyZB;^lnC{DAvvfG(XuDco-f6w?QPs
z(2+b21bHO!ed7|zJox)`<#_`BBR<)U-xb4`ml(?=+5_sr?Q}r1O?ay~gMRVlN>X5W
z0?V4h6@9>wSc88;wMsC%C7MI{<QcA7dvrn#(o2Uw1me7xU2LNzMdhe$37WI2QRQEC
zRu(Qv=wE`-LzO*8GFK@y?Z(jtO-nLqn)W85Pp@f7T+<lWw2XR_hXQR2<QH(oo5T;B
z$Vz0%+eq_j?0SJD-8&6~>R@?I-A6Pd5Ez=k_Pu1`v#=`m#Isz1{yY?m{B5$o`r$c)
z(A_-BXrX(K()+6<oxe)@pYvC{wnh4@B%^-rDGc4$U#FjN-M_zXzPcPg8qcqagsPHX
z<wK+B`PB@Z0YZe7ItK(nDn3LAspm9=6rUBM*&n4+HN~1O@~f36IKSF{k~zORzdm|?
z_4Hfn!#K^hM@_OGQ-&49Uzgwu(&`X#%Zbmo{?R=qdcL*Wc`?!Qtta(2<Xd+?&hxFM
z2V<@Bt=G+_d@C~V|B8I8pRa`y5wJXYHh<UugXz{w{&VxKS3jh!{~WHZ{~RvXf4cvF
zzLl3%Masv2dA>DyqR6+toPVtOR%!kbN?e7{k<x=BPM4N!Z^quwh)lt<IUce9R@D6K
z-cF6?U%&74AD@4H?*!&wyWVud^RK_<pWyuKGx=KnH7Vgt8|yr}EX*!^1h<$gYD)f9
z5(!vb)d7~$n1982Ol@LQXtERTjGBY}|M}Mj^RK`4ZY2Nu@I%mZ@!o$j|GMhN|IqyF
zr#4gm)pNq4Z(Ry@hjj{el1Rb2FV&@AhfA1XY$;zPd6&j&8CPjZT{CtbWnDdwQ-;u-
zIqj=uP8Hm;ng?}Ed>OvU52eIH<(@WL+Vl$=@3>Q9)qG`H9px)uSM!zCFRAvQSP%YR
z&-L1+i4NcM@Vj@5U98(`DC6t!WdrSL<)I$B^%7C?vF>}NK=xCI^eIv;2kR*6K}^U>
zl~Zwpc_>YlS!kO+zs7?HZ=KyS;XV@AET||e8EP##gtdk4hhIxD>HAVNqN@XJ=eX8}
z{mqUcA8Y46rYZT@Bhu05V+)#)kA0TR*?NbMuVajokA2W0AG=fcKx-u*i!14LIazjt
zE+>l+OI=R3r^t7!dD(blUN!?~Sy0o|l%fcSNYetErU}e?<cf%fQnP)Hso8T3so5Eb
z&!)WW8x7@UFA{m#TFlG-HpVJ18?WYNpR>rvcFJuaAN$M+$j2TJ`$CTzQnDq+eC)<9
zF@}8XwQXb6eC*A={_FFxi$y;67u)gYV|nO;$ygD<C}B&qoa_s>NN;yya<U;qezoa&
z*-wtB>!UE#d*WYZ;n3|EBuMw@^Re>MB|Bo|AE+lpIu>N@Wi=h!KY>Q9zS^-D6|Hi2
z1o`_EXSy28$AZ)J)mrCc(GB!ZrE#uRJ~kp>6g3|^NaSM=@#*pHA|KoSN#oRH`=QYj
zvQd&pewrg!Qb(DN(g}!U!P&>HHZ_%`OVAopO51lGZAwW^&;EORtkFMVekpiX)covh
z4^JrZ3{%5tSz~so!n>7puW3mp-PAanKhmbp(=K@AsPeRa&QfJgyp(fPWNnLyC@EMz
z^H76HTVIotwyBXx+mR!<^{e?K_Gt38Ka4cYe=mL5C}f{L+-SbmZ<_w*lM<P-Hv7HR
zD0Dt9bd$G|=JVNa{@rr+`_5ev>(4CnwfAKh^R@jmBJ;IQI-^U`zXBy+OBp$wyKIKr
z)@k|LX^-3V$+_td88TA(e66I%K!Cp&St+h?JSC;5Td_}3HYxC6f@DNNJf-DrB})`U
zWZpLXd#ug8J`eTl!ZV}hZ(YMo`el)}MM=@Lt-`xO=v9?LnV3PDYBZfww2Te%*z|ea
zyB<8MJg%x&l_tGPAidha^{U{oWm5NwMw7a!kxAXIZr<55x5V1?__ZeHbH{rOA~Wm(
zn?9dA_yJoZ`CP*UA6F$=$>wh57KScJh`0`cd9m5_+1!hFMCOYk^SM{`Fy?bF>~Vtg
zxkH8<Ov`=uA5A`&YYvV$GmYw#$@M29!F%G8yGOP)Ex9{kJhzc!t76UjX-3cQ{_qG2
zMBJ-M7lTgWnbQgmDk7z;se<C@juw8TOZB3uU;CI%pXdGMzN5<Xs+!15nwUhIxRYyQ
za=1xJ-`D<VB<Z{Qh?ev{yU@btQPQ_)DA%$>8%^=WQTV^djQ($k$^Q*$H2?dL`@d~g
z{?8)+n{LYgYS(=K_UnSVlu8qmMQp;?<ZIH_43SIttX2t+!ZXCIRz8rD56s3hZSqIM
z@5%i4k|KT^5A#u#_%Ct^M)m`imGA^^0Ux04i99GLt(-0BR!{JJnl*-wmOG@de&6x~
zz%u3KCQ{dbg(a~mFo;CN(NU4B&?)PQWD9^hxTjT$Bv)n@9<qDRG|pCe97<YZ*^rX7
z^6JfO;v+DsmV@k^)9BCxHUes3=UqU%W3eac$L;KeBQ#aY9@wClNQ?c+*WrygLM=?U
z-k<!|+xY(EAD;@ZIrB8b{^WZ3rih(n920T96Vqz-g9;^Y?jH$mY7_hY4&mn^Mlpr=
zNy|tY(2<LqOYbmgXRx}B$RKwP(>@ersiMUE1?%<x(?D;6N-u_A@G@{PK(>7oGA1KB
ziJqlq65B>6vG_<d64|%E#+vb3hKaHS@_69x8sOy~_VPgPh2SQ|?*vAZ-$})Gj2tL5
z8hnr|a4&Dm(Yhk<67GuBChuX%10$N;5}I6nA^y3Dk{7sXlA$_bkl9b`_&Hk-9VRIy
zFE({Jw|w*0>H6yy^k5g~w7!@;7$2euZDx)Fj!^2HR;yxXb5i-5^h(VSSvV_eN2Lt!
z6v4Uf-!=u{D#lM1L!}4Gv3Iu-J^wbk=jvpqT)|I&Y6TDH$$zoYv>{t(6Y5nm4xp}j
zfSdd|l@{?d@ne50g&zlO8b88A^!%ta@WTQF**I%NAbQmRn*vx=0G^Q{?%j)3KEw|&
z@gXUK5AJ%w2UGj``|cO*|0S~hpdYTl1#ut`*!l!b8YreYd@tv~`NRQ69LP=)EU0R-
z9B9#s5(p_G(dBjunyvu;qqgng=d-B+6Kj3DO+lQAfTV%g<I*yfWk20!&?RJ5TU4X2
z%A28081R|-MK6sn;QSi5mXs<_-pSh4(V2pJ#9AhVDAi?H^S0{u4d=(H0Gsa)gq6bu
ze;kinclRkkw0nV5?wg`Q8z64TP8ph6+&5(?VjHqX3S12C=1r&>+~s?;vgH^A8$3ry
zb8UFZkqcs)P0eRx3CAt)M2v=<af(B_9i;-$M2T+<RXAcnObM!KZ@i!56}$r1QmHH9
zXa$}g(~{y&5fed)K(;Vl2}deWzD?Qp3*OFA3Y23Js2=>4BNR9$K|||cEj-WZ6*!*x
zx)P2~AVh)y>|jmhdOj)XJ<~*{HUX-e&~(XF>dYsKlzx6zoY&J&^Dpsyny)zyBXOn=
zB-XxPl6SMr`-}nTlA8_V$xrdp&#@qZ;fYH8?hK4cbjmz7b(C^Ahysi)6@h0lk5i$T
zAi&C?sz`tnUla($J_*GHPo${^+AT0Ef!%PJ4w42V#3Bx-6nN(*w(l-efW7%9L;Kd;
zq;Fr6u6;@WWcwaG)RgvNzNFFd|GkFxG`q<#{@<6cj{nuMKTaeC#+(2=H=AB>ZiP0U
zm)D{Td$d5!`X~d^t`}1vPWcx2ZNX=D%--+CvC##WaA4p`{1)106dQH84D+MevS(z(
zSq?&Bbo&4y@XEBUBy=5D97<7T)>brgpMg<MT5Y!c=NHZRTa?^MTf$+;Ov5;45D`=M
z@y4c=D<%5%wO57`bo(pyfgkXQs;?mO3??#M4hFG5L|*PwrI=e8`jkxrLd{(^fq%pw
zG2acpdcTVe?YhBcj2G4VzzYQv*c;aMmEI7gzBi)O2bCqUe66x1U1j(4%0&B&_2os>
zhb^W05}D1qzSA41@9_1J^(FH964=LwE$dr#ef0W1jHpj(>|m|3wz|qjUoXyOFxGSL
z^;$e8e<zZd<|(QMWA@)~YA|MBe$xqv*}wlhB4&T+CZSWi(d0csSc`t}#FJQxqtMgR
zYS~1mE`H;3;~$X>?Pd=<jTl}Y@SlXCe+R7ajX$+;{)hW`I3M~p*4FS~Aoy*pO=lmD
ziJz158|0@u{{--J+-DK|?2wQ4+rxRfot;%5!O&BIp;t;ew(0qKmeepm^J+AHjvvDL
z`N}tq@pHsC27ay;lg1D?e`||~o7t+{|KXVVKyQkf?Y1Z}b7k+Nh?(m@Rb%F<z4fyE
z4uT5s^i$;gCgglu;QW`p44hZ^KE0QT@4CUsPWH?0h~PQ)UW>sRQUCP6dHB%m>sTAF
z<`*Sa=k2c!8rFjv`lCm<OGJO9-}VppM?oI-$74sjSoepNcNG2c;3sN-B<2}(;p7A6
z4mkxnq;rnmwv>qeI5nrC{>a@G(I4)?(fXrKoW(Y5Rg?OozbnvVdwmyN_#xNw(d7&r
zcJ!m;Z|bq}7@JJ%&pV~NZmJ<S6-!UdRKrg<=%yMT!~>-*rW(R?!eJrp)8Kx>>A;=f
zV%fA>GqcYEW|w8@N0kETM0P>&{f)>QaO%6I#I4YZ>bA80ts39kJz}ZucKxKqQ@8Pu
ztS+b@v?E*B65v$+hR?fckb|^ZT7(^aj&Sky`UyBgcJi-}#01=K<>nWzM{BS}W6AUT
zt>kZ3Pb>MG+|x8;5r-zY6*eB%uVPahm|%<#YW5c8>E(ls%2VHd|ExR}Ih!C)b3Rn%
zsjm~|$?3mRFt6`lR`T>nW+U>H7kPt)JdFr7L7pz_&*kZZ6(>xd9+jfX)3n)UdFm;V
zJZUV++-D_E12U}SDJLVUJUz)8m8W^jjq((Kz$i~RNoJC#*gkrBsx-*c@l5?)ldGHh
zdoUqFj_9WQW~p-2I#+L(5?SlLR&vzwx<=$EF7gJW91$xo-7e(FBtJyd-o9LZ9$3~C
z`Ed~dA~FYXO|PgT^VkPwk#Y1gn4m<~=1+6$+e7P9uQkLZ`gWgmZB)7Gxh<O9u!&2J
z^7706M&;$F{C`GXTIV!DUaopym6r|Kdb^XzHteyIm)dI@k(Zw%Z?KS;@YV+8W$Dda
zUanqpJo3^yJF2{7&NR!*rYwVrNn{&$Tgl6T?os9Cx9(Bp<&>>a<)weQDldJM!TFC{
zX#DGLuAEyQV;b@f>rVSaDueHL8@s=!{{AF3ys`UFq5DOCl7oSHeli`O42&sYRULHs
z$uZs3^FQZbBhG%G^H&`uD&r5<h1oFpQymntD2~`n(1dYf4fi~>)3MzDfbzDlH&Zrr
zC>y4K+o%j)o|V9^$F~LIhVShHzb_=X60lZ;qMAGn2t9^FPN3$A13=AI_)|Rt`GMzK
z*JIn&Eg(ke$l~}Xg{-#fTQ670T7RZBS#!G+SsVUrjI3X8<YaC68_3GzWa;wvoG9Xd
zllb*o74^<g)>BW|7(rN00y~2fmPLdu;)Lbc43zmu0W*m(=tj1ecVh-pI1Bz%zo|P9
zo1YIJQ=sv0jE+p7fq(sMDjEAW2|8ar!<x=vR}-DD)ig%uE4>As8G_C!wLoVK(ODv5
zF2TRVsQjx@_&0#lHIg+m&?O1F64|fmoPT?|=-@1iDA<djj{>KId4j&Fe{%W`><9V=
z1CiA)l^FR)TlWOU=*aZ(DALToL^gM$p!4?At?9gs)A`!&rqX$nLg#@RPG>&Sxo|(y
zIYft7Kq7_yHi4h5h|W<X*{4Z*MG<tufc5EaMCZO;UDRk96o%7jQW*SkK<IrJSC~)0
zy08vN-dmc&81<R+bCixuuYsR!RVwcJO_13t3YouOMP#~~OlC7dW=kZ~^B0ooI7ffJ
zu)sPrm*m_7<O*nwbl>;`3VDKqt2PKzGqk<6sgbUtHO~o(OCj&lPB~o|X_&ANX!sNU
zRF|6aw>o+fHF|3F^wgN>N#7t?Rdt#*tL9&6O^?Dhjjr9GvFtXa>mvo9#OFB-{z2}~
zw3&`vl|AyyByxhPch?IpU4NQ2m(IJAI<OV*zyqQK6~i2e>xl(&R*jX7zVdqBm)9b_
z@57(!7fZzay@B4OrqjFcSEP3#Hk!SBs-EP0L2?p%^a>*R)}02KQ>J>L<XJ2+i(dkX
zpV!Gr_Jh%3weY9<d0NkG&=1;(B`_)}Vm=9KSE%MwOA1NX=*X^WXHE9}%Zco_tD}+q
zOLbJTzmYiEKY<Nm*Adx9yecPJ*z=>{w|5;9zK96FP*3<6L3mCQ3;&A<XFCiglM|kU
zgr7}>o2@5JbG4O(_57lmThCLl1!Le(b@33b35b5HF&F@)7n<6TFDiwg-__Py(9?M<
z&f5`1&~MujP0(5IT&|vUR$QoN2XBeA2U;>0{!~vi`72KO7|{*=Y#Q}BngC7K1PFLs
z|BKcSZ=GV@4<jz477PkS>xY*@QTxH)OZ3BKg8HX-1NHlNV?P+}Z<1#3n6P&lXzy?U
zA?f)q7@zrzCi;JzY%ThW(#)o>E15ojPB)T$e@-(0q_R|aT}&dK-J;%~6vb37+Xc<I
z1e&27)}{D6EBt1!#s7==&4X<s@tdbEiH6^Nt?WeOHxD|F7QY$H=J?G!ch(U^a~{;d
z?yj#R{N@+*qlVx7;8PQRbAEjk{ARg>grw4p-<)zO$8XkvrC<Y~`V)cQ{MWVmfvy1@
zIlt5lj%<Fdet3Sg_|2K092<VKq(@W|PmLgPaF3`YHh|we>5~(I-`tL~7twQ<D|zwp
z<u1>U%moj<CZfqr#&5R!I1;~UyNM?#56p?cZ{EADiv@o3#%no3kr0c91$BG0siy|l
z(KT%{d}4P}99;7j9mm=1Gc}Rb-#n`liQ{xf;5btwah#84@Kn_HkM#Li<j1KhKlJ#`
z>v|aZv0BfM=<A=FJUKV+YMZh~DLRg`PD`-fcy*&V&WBVSXKEyl^U>=>`#;p$&+(fV
zY>UWy(zIlcYecq_(w~N<CwsJ3isdTDlLK|9qmPfv`y)yYv~N1G3Kx+yo&ybPInWO2
z2AygE$C(<Ly1edM&aZj1RUBt)j^orXLU|=mhvSTj-yD4B|Hp4CCI4^YH^=ud;u{~k
z%%;Z!-i?<H<2U^Vc%xW$l_{&}Mp^}^p&R*Pq8G&qB1AWe<)s?BF|R@NX7*9F@9k@h
z?R!4W(7vbA^zF06Z=U$}J=`FAQ)^#S@S97z8`|?}SDPNc`7T~Ih~GTs^_y%)1bS0<
z9$Iw#=Fpg^_|1D`Ies%Q#)#ki@YDY*@tZGoiGsHr)8&}(o4umdcX5>Z8p3ZL>>M2*
z`CI3s$8WyhKz#v=`WnM;-qt{UJtFFB1i#t3vn76W|3$}(-~3lvgE4!%v=b1sKl*+|
z%>HH9Cg3;QUla|$dAL*4@tbKmJe=<|tuee|{Iui8Z~lI1gZx~6=?UQHIWr^iu$MLk
zzgdwQ1;6=WYSZzXo3l7S*S*siKj*y@4ZpeT*GRlzi?sitm^tGTikVOUHA>8!e92M7
z%#+?zV`g@-UZ!8Q#BpX{Xo=&z_`-&8gWvCt2%i7l(_*kj)Gxh^hY?r59Thjo&o9^a
z$G~-w{qe-5|3m%paTn?jxiU(Blyo_Y{)m~b_Q$PV3_8&w0>^m<bjaKb^fpE{$qJtC
zf`<C#s$CKNvOFVNzg(2Y`{kXtnvCcC`{zdScRyXMAYQr~rXHaDgibx6|52wNqT%o+
zzN_J3E;8aepRvSsUYVjFWm@22PK~_50*5yz0@s-uiNpKgQXZ<E_hu~ZmvkKXyKpC4
zG;mDOJ7#dqnocG>=XgszXXo=R@x<px#l?KlIG*#WH;j0y89z2EPeq;oXXNS2)F#N&
zRd1{E^h~M|*LjU4u5;VDjmXoA$Qvx=>COmTr-eM-eleG)HLo4FJk7Z<sytmj)htg>
zU1-8{rdi@S*C$)a(~9J%^7KICc+Tyw8s(||nnv+?mv=JC(`vmuoq(x8cSoBx6&MYt
zx93e&j<P!%ah-ofARAGR-aMxfIT{mrg9T2ny^8Bhjl}7l(V5H73$HXJKhf}cqc4am
zGWIvkB6H&fCOqen8Y_I>%(J87^8#l_m7B|=<2mO|G0MyK?;FSeUii<-OLj^V<Yn>e
zs=TyIG2%LxTjDw&Ija$Q$&0+fLSD9SZ9rajq>A~jmybnWT<1rXmmgj;%gZ_EoA8|9
zS>icIc8Dr313N^OmuAuNoD*M)#B(ld3~#yjOaq>CQe*coJ=1{a9NgIbFPtgxob&6A
zc+O4=o-=V@otCfE;W^nU0?)bWE1pun>ifDdd*^$B=R_Hdj!&eMRdo2og_{NL@14E+
zw`sV)Cr_c|zxNw6?l0AZ`+K{ijc58LLDtmofUH*EH-Jy%yTMuE6FHeWd}3RL&bmLX
z>0EO%(YgNX#^^kFfuM8hDuMs|7V&@IDfmPrDmot4%)e1p0{(Hgo-Q5y<7!S<*4HNB
zX{s62bQjSTWcMREKYeS3hvodT!oza1G(7CqO@geiYplt7H<8Gi{Z(UReU-w=TJsH%
z)#KYpJS@gq(ea0ZUn>6ahD`#kcA0@N4XxIa6V_){6kuPf8Q9lJ5SWGpzWz-^_(R&&
z(-MDZ<X<A2robfqd#uSE?BM)c*;F#0I-isI^w)@g`C8x)1yRxQux9?XQgEhwckA^)
z!<l~7h6roBG8)b_)r2z*ohS66q=M@M1N~)vzP7-_a{gK2VNLo9{P|7Ld3_W*&*OAH
z7;Gw?nF^h3g}^@}owL3&;9;AH=Ol6kM;9n~&Z)bsRb}K!jo~><!IH3ZzdCk2r=Ffp
z3Z64@m$m4z)=kB8o{e<LtBiO~obPA^&&hk!0CSt9;5nb%Y0agZTT_3Y8H@sRyE&-B
z+#+nukYuhKkE{fG*R3?-Id$|#!xvi6`@0Sp8LZZmtf9l+YDFX$R73+tzFE;FQk^+4
za_%{t<b^>Xx#LP}JSXk37!}XSsW##{yXeSHj6ybRNo0SrA{yD-S41WI(Ak{qSS0(=
zpcS4IiEaeXX~FN|Iy`6p9eS15aD<m~!VfHuh9kUWMHdV0r)jRNvxWBWSi-fxCs-@?
zVMP=0oV*vB+K>+vJm>QvYeB!i1-0U`<xvFv{^ijGosAXYI>&P+i<XQ8d&YiWVS(r5
zlt;yLa_WtE&T1W=^Lu994>J;|1w)rb>xcK2MeT=$9YjCeUCychVmVNM!HQ$UbL#D0
znhwu-Dzg^-UGe`Eo^#(aXvQ7O&3H~a|B2_MrSUs?a`|(K&H|X6PalC>38Cj3L?3~I
zFdcbvzN3?GDCR{w<rO+Q^(%378aUO_>E4eWogOZCbn>irbQ)8oLu&fE(Lp9Sj%nF0
z0fuNhq(C4Uehd2WZvyqu$2jRF#kGgOL0<~|+?ATZ&xi`-B)S6kq&T3iR60({mjNG6
z@75alr7O|4oxPdT%(fWM&10W|?BRy>@(T7uaU9>-wt`(E9}0)2G%pLo&?@vEe3pPP
zOr3g$ZJ7>V`Egk7v(RDSn!$dc;b6b;Q-}tJt}QbbXV{!FM9xP}8ZnLz@W37V<HY$s
zareV}9Hs5L%6(JV`s@@Kx~;BstQ(zD>zLO!rM7U}zQXTfhd|-pbq~S+L-4nDU0g~2
z8Mbw+*8k~vY6sMZcW>Ox@Bgkf-uxHb_SdFy33#{U_+nhbbv!@i3@$1B?RDGyPIjCZ
zc%p0dX~N%hS}g^h0L#JbFnSx?UXqteKh#Nq*1t&UX~Q-HP4M%$kTdZ7$QHy6I!-11
z7x&$pE|t93*&M~63OX_?6CCrhfsn2H3cmruvyFuRaw8{vSU-hmy!V^dcq1ozbP6M?
z{m2W)7YD9$${C1<Ab$O}E?O&j`>?#B3PoMjpNhDkGVaxxXV^knVe@{}{@et~{*{!z
z)G>hoK6p5duiR183K+KzOjWy-O<htX-x^18CfSe6Q!4+YUuqr24!mbobsW?~O?~pW
zb-%5H=C(oF+Gvbv31qb-#<W?-HZEBg_eF2ftKQajr7dklTUx_ytv6khf_EcOS+dtk
z={1rgtA@SB(KDdpOG&&CPrN3L&OQ09vbs6(trFkAaa98p#9gDl9go<tdOLBtO<H-{
z8hjnrFL~=)&2MERo;Z50*6~GVN5bLi3spW}HbaqEv=7J;alnQsKLyGSY?RBff(kC5
zME&Ll`GKM$jxNfGdOvRg*ND)+!rFN?dIW!b=-bmwcmjh*h!1^eQI5~+=QHHfgvaRm
z1sU~JQ~CW$c_Nh8<|fBEUMyGb4P8&xuKl^mhVwck?_xr-x!cGilFuK}!PAP%zxO+P
z^{#v=&?7kg3>#Z}Qkgg(s?~_(&`KR%r3HV=zAT^FVQgCh^@DU10fpjyKQM2VUAeZP
z2TO-&*BuP>$s;=W;g$X9m9+MGBEpR{d&;jRc^>^-0@qAmp4r#spTUoMnTH=~wX6jh
z^D2HmO+RJh?83#HIUgLQ6RUKt%|C~N8{aN>@4_+NZ0@rir8&3pjp-_AFFLz&#;7<q
zWe-dJ`;gdGJ-@3ozHZQ!<81SjvF?>+$wbMX@S5r`*;7Xrg>n4>IDGMPAjN%}cz;Im
zEc{T;(ScSV9eKX3?%tV&qf>yA4g|EkP24DmQSS$DHMRCo7`LmBpyL~&18xC2%30mv
zMVh}RXq?vO{A@?*ww{jCq6^Z&AQY8*F2IJ#KgxR{9LSKy9~cUidd`q5yZz{H*|YdX
zx=mg!r~rOA%6`mnlwtNbyjosby_P+LZ`0;K6qK6!#$4pGyw81FhNE;NH1MqS2>!0z
zAHiR_(p`!7Im-4?Y#83c&c_$gd?Le>loiD^oLR}VuQke7zN#Uue2A=oKo4kl*~GN9
zdLE|`t7Q@6XZdfMH~(@Qvdx{3bQi85`XQLbm$A*;sVEPNPW?$KqB!?7Mnz66y8b6E
zOUF4u{$58h+%%c$@_bgJCl`MImj6CaN4i=G(XX6;z>j-~So|WT|LrKc3!d~(C`XYA
zjDQeypG)5FJ&@pd?om5#%l}|%9`svV$=hSduU+T_v}SnDSx!4UNEql_r;{<=|7FTb
ztRVew_i6kv(WgGI3*$!oD+ReIvDd<_{<-+3Jo%xNR6Mds8oXBWM15sY98I`&@Zb<U
z$R@bEYp`Gef<thJ;O;E$7J>vP5JG_91c${ncyL+VZP5i*KHhul*7u{UdS>d>=`%G|
z)7>-YIZqJgV!P2SL)m-j;nI5F;n8J}&i>i#K;MVPbR3FwI<dWFU6-FQs_!<$0ZIN#
z3JP>{9@rY8-8`ca5syBkXT3qVpdV)fZ!_q-JV^_zlnnQsQ;?ZRBFfRuo>Ni`aj}Ry
zjHTq6gP6eX-Jgda3(_lJh8u7>F@IWmOPm^go_6F{&e-q6T!15nD!cU4dY5|(UT`>@
zlFcY11`TVn3F0(P@fwI6gfwz6UJ!JYLiq-!Fof6$>@IuBND08)kE2^BxPH;+()6bl
z<1&e>nWic9R%BFd!#z!s&JCQet%EzZjwF$%q_?Bk$6r(a;&kIzNHx8h@{%uPJX4fV
zc*i)si1w@YT-7q7hf^0QfA@Kc9u}>Kr1EGieMv|-N0(+0b*>GQ#mD}1h_T6MeCFU{
zZA$R^G|`ieO;xl&nd#yyYS}*z@`I1!dooK{O~;|7QOhGzr{lDI=#`JZQ`#xN)R*tf
z;vr4mC)fIzr&Ca_;=6i`DlIWw{w7g!_Lp-K1&9*@ta>ATqBKHCIr!+XgK=coKLVpz
z)!a9)s>#0P8EGX~@cP=)CJQey`IxkSRyvvFF_;RqaErFOA=>zUYbkyhLY~h4m#Q$l
z6&L2kTNTOcm>@RLNI6k%OUO1uTY$wQI;$=8gJzroBP3T$k5EjDpUXkvp>0CeJlQwT
zPBSDy%PKoo>^(UxmW+Rt6!4Wn4tZxi^Haj^so3aGH@CMH#Ic+why3R}RblBOt9W!_
z7aY{RVXyihE~oy~9}&;RL#5Adeb-MiBdb&WN>^V-B%QgrI3s&Wzz7mL%@lw9?NMw#
z^*9z8qepW}O*z(<Os}qu^)VUZ9I3F=W*}dxd*919sVvsylT)>C-gOq7>_400zktYd
z_R*To$%Q&3E<fAyPkwU$F<skzK(iiXV>x={vQ1?dn|*ZdhH@`4wh)DdKW4vr$E6J|
z&1#AAOxo*<yt-b-X@48ZoV9$nFYIGcN=3T<Wz&KX+VRj-X}d<oG|69tHK*KpI~`&7
zxl`{}RUoAE7Dh4g&%X*BG;ssb$KWaPKXGLL%(yZ39gBXanh$orlh}eOB(za!st(bQ
z;M@2_<VNLIz%RkS@yLzv-{Cs`x0BrR>lNr_i~B5tjw|b$>M#BN>ezeFSpQ>bp|zFo
zge}s}uEehEp8!;@A#RO0E&R`H7wN1J^5Dj#w&T7+@ccJi1J$VW9)IO49^IRxLS>0!
z{zz){fav~v7Rl(Y3Q3>%bGD>Ehi%h~N=cAuv!vLuJbB4~-}gm#z8lCt`a9g&(GjXY
z=_JP%#?cY36E`Hq?$2NPA5O~TkrL9z2@K2AB6lIv%fPGWkB@8obb&QvM1<A*kTkdK
zm+`!K+AbMZMc#LbvC5xJ6b=fgw!g3Y&R;4H$-g0xEz*A8K_!!h;BbBXEXaNQii$#t
zc-;1B%Cerc$l+|A)F}?D@^wP&Km-^3HJ7|--Mk$!0UqCw{LVHWWcs7Eq_;tn|Dh-$
zLSU}c37Aw5#~+j*UJ6}fj9klqmw@T|Hw~31du~p2;$4x-XJnPq$<KtTn(anv7ACWF
zg9ORv`uvsnC=BC_4`NNfXQ6MJ*}oY_*5dm(Yt`m2o}X!5llh}eIU-t<YI&M5uFf{D
z3?KfDZ%GW%3Z@$G7{2n8hP_}SKEY5a6kBlPo1K`1zRGOStW=}RcrzOBDQm@BN?R_>
zk$J&S9DoQkx25B9gc0*9?z}f)xllUDY@<B7rHcpLw+i}4s}&|Dk7iN4>d(?0ENLcm
zUv{Fu3?O2w2}I!4t&eVG`hM)aZWI>{R{LJ;kbLlA{dk^{Ep1*ebpzLq*r^J502?Jp
z!gw<I@@La0Z%w4kXJhj$&O<&C(N{^C2MA3Mw%FHi1$baS{tOFA5f075oEtNaFA_=a
z2;%I;gz6`&%XNey>O+`CM|8FjWt(pdf_zJ^T}BHob{&1TBm?{o-6Wejp)UqZ!|7P$
zpXBUczrqyV=zD09&|v}xzTDjH&$%)Wmih>w)H<8YYKeUc14xl1NJ&%(Fp5!rYIXV&
zSXdUv1>4bvOi*dND_SnI8v7)?mTAG=jom|>J^O&JnUG@6@Q&&A%Z54kGV}p5>I3Wd
zn2gL6t{%vkSdH}41h`@p?7kP{?J>dIwv5`9fuXH(Q5DIw%(rD&>*Wb|JH`=aOm}Ih
z-j%mu(><T7V2k6Q5htcz2sPv9GS@h3iM?MK53Wpkch?kvwTxmSqu{E@{MBAChtZ^Z
zOu8=Hk{ajTU-fAJtYO8~%$kZItiAQ|_;WOcTHpJOT@`Pxr^|j#DZmd9>m+}{Y0dLb
za3%8*Qs31#&(Vuaue`ZgWQ(p0ebjP?%fO0pdw2uQUr%My2B33HNNa5E=}9gH<`y1L
z5f!@JH_5gApQO|(Z5t6da4(GW@#$r`xNcV!-axN0g)PfXgmIWbE1H@sJsq9~Ypz*5
zVvVs4n2yXM@T_H|6dZ+1K;2Zbf_%bI$O^B|Kumh)7=RvG$w!H>ibJysZY0e{E;jT_
zHX`;we6y(Zmz+tN*j~}Qw)`vC^3GB0yPoGNR}c*0=m~aH^w+Yf2cs8TO1D&^8hyi&
z3IaayYKV^~s7M<ahYsnG1PUstK^Ooo9g1Q8s|z13N~TgFuC>5)iuHZiVVdc%|5|;4
z;s7mSI@4_4+esS}4uD}&?e-n|O=r&Tg=)HH7c;GUe!dpNX#Xbi7VF)v6t$duQ!tTx
zua<5iUw-Ed+r<{<W?z4`b7etd$5|J5t_%e8E9)OXTo4Ly=pTr$R1l|xi`EQni-3=T
zY7K}30&HQyAsn?TAv7kjpO=br#|a@Y^0h8k@h<bFc8dsqB-_G8ZS5j8=U+Dve^+9R
z-_}%3fot#r)Kj?D?C_q}ZT^T_{;_sT1l40vTME76a@!!v^RRhTyN&{fdq<;eW8bh=
zR7UW8vx)n)S>l|ZZU4=mT9%h;6JgUOA}4<jaEEF0U6;+X9bvQf(C!+6JA*f_;X<H$
zjh5gIbBZ!hth&Kd(1y1>u>8}FpKrkm_~;A#w)JS8IdotVyF2uGnGXNsk-K7kK>frq
zUkTc$A-&zWim3sa#h=#xnS1@?qB~L*Sa1_l0oq0Td0jnVG!+y5uE|W~n7!EGu=pyU
zG2yZ?qpY6~m6K$uaC1+X;M<J;0o1E~8=jEu>VTp-{FDK~J=?gxl4uPg{C2~5_QAFr
z&-!mDf!7h<kju-W&Q0n^XAzCEUtbAj`>Nw><5w0Lec+1v>8eBdL|1&Sd#fX7>rLpN
zj37Cg1BHY$m1CYyG{)$3ga)s7s$<YnR;Rai_8VE}_eehODFLsgM#KrURy6&~{ZafP
z?wk8{PCC-_pIsP5x>-pde<}DlaX)f>Ij2}};k1%m`Vlg0$G5RcxoPNqC-A#>a^Zy*
zehsq2z!(@=6>R^ZOs_kYnN2O&d}X*J2QbqYWF%Fx*V+-V=X<<A;imZeB$_+tPglJe
z-J7A3X%K!PEp}!|OVQ5H!1dCxmh(=ZNCLX~fRjHTYtLCv;*H%?qKaBJHnmPt0!S)1
zz2Zb2XrGLv^k~J^`n$2$jOE4EbrhJI^i;HWw+>|BY|jbO1SF=|zj;EwqJ6-a8{|6_
zu5LV}^gb~oJ1FLmI%&EX!2j5cP_%Yq7TsP>q9N{}aulK_kUp3z=^^RnnIQ7vLca}Z
z`Z`f9Xgcp)eE?h;7FzXbdFb@~v{LgSOt?vAqOFzAAkWmle2lk)x8hjA&Nv?tiY<u|
z@npob8LEF73(%;Ue9tA(eocJwIQ|ZqrH=U=TkUOigcXsAc?pkzW>hU`njkfzWY(7B
zWYz-K5SLA|m_X?G$qa0(zhj1II>lF%y5i_{wVE#TKlaX8=jI*WZvvI07As~gH;JA?
zMt=vsS>GpCFoU44zzdOo+U8o})<ei{V6cl)B*MeHzxU%D%=$?p2?5DAP)9%@1xsh`
zT)f_GIV6i`fNS?(gH`&Wp4z|a&D?r4f9Aq=gF4!ZB!i0EKr`m-dFu-I+3=_ingJs5
z@Q!a^I@Sv9!O7?R%AZQkY{=Itud{=n#PcS0dD}`yZoc*_fWNUd_l$dIX!ML~twp3T
ztBl6uxOw!!4iY8e?m_BDCElfmv`*eRpFm#OjyVdXbaN#Ky#dGK0Qlia2VUq+GC1#4
zY4FZ<EwS>cjf@16P)t*%qb?*i?;+7<1by;d56xD;E0;OthnAKZ;~^Z*vq(gYr@GjX
z3uz(~(v|RI4dGevUu9(X1WS78)lXQ}ACdX32cslzz$Si4ymE=q=b`woWp8HWRWl$#
zUjf$_ypt`LSo60j$C45A{lD)C_<A+~zi@GbYRv)tcyeOzr!7`uC0V`*85}?GS`-pu
zXQ|a|QI`~r7{2Cj2F0g7$nW3nMB+Ee=z$Swvj}_6)hWk1XJF-bxT+LD+S*kH=d&A8
z>O6N_-<XS>wLBb%AM1lS?N%_Q?3ac{mNxO$Q1-dRuL!*UC}+g`*>SU^RcK8Vg<=fb
z@2<by-4NZJgMMf`{#0@(dAzEH@(yirm>T;FMBYCyAe4?0Z{cM>Ms`S$KbO+b;pHHH
z_73MCIv`_%TBYNN1vj$E9|I=@D^^ZER($W1``7c`4@x;4Oo`O5*EG<BlAm&?O~<XA
znVP_N>?w(6)9Gfv!e1F=ZSlk<nw_y48+C=beClGQp#sVRjboLU776uV?`B@`6#YWy
zP7EEM{OPa_I6ILEB@S^B;?}e=xayK!QVL<%PVS~54_i<1cpuSSKtEYLm~*(cr%vj5
zNqo4znsn!%-0SuEIe616L91=a#K55>jQtgy6u|g?2<x0{1^TH%BBE6PRL8(<?sE&e
zl*Av)7R%pUEo5Aru*gq_wmbE`qeJBEJOY2x6dm81^Dl3*ihq&n$UL#RmR|AyHHrwm
z24DgM?g?WMN7wzpN9cnI1N`E*a0=1@S({YEa1VAfBj&+W0zN4*K7E#==n#$J)j_aL
z8Ju_bF<~uNxUG2Le*MouN23i0AXz_^rT}lkxwAlwH<u!)!#YhvbDhHXHwse^WMVj0
znwNEHjERK9m*n>csOfRPHNAbOG*mqOS-#%PR^lkJVL1XvpDL<Kn>vL%%B7Y=uz@df
z3mMC5={7J1CMSuF-RE)X=D=r0Xg9I^q-%^Tnt~Y*4;yHfnlklLxNceZ9d_Sw`y|1|
z8?h3*fjCu*pJg1V7hlQ|FZg1v?O(o?Y<%=e?wm%uMC&*@QEas$UnC05S@#mAX0fK@
z`I(d@ceU7v1&WaX6lqh~`5mbZ9tshv9mvZbz8d4h{WzoIocs5SLM@om$(koI@xWCu
zS1Ad=dyR};B9r2^llp$$9L~si(oikNS)KnJOH4qKV&vvU*vpLNCF~waUoZJ&R}Mtk
z!VR%hnlV-|>m(hidPLQ^&_J>*<%skWQos4#%I2a+nTkDH(SAk%vXA`NuTM#kdW1uN
zjS>1)iaKV*MfSM8m+Qm0ec#UgLh-&WBJW1yn3&GKF?sM{e@7&c8x!4~$^5OtM(cc>
zjeZx7p^U-pu)EIf>S?xKV&7?frM@uj^E#q=Tl}h&J@z|JVBvf>It(m1Q}P_J)Qv+I
z)g0wn*Vc+nj1Y@wqVUo+&~`hFY~C)>a|;1v2o@kko{KMl$}JI~f20U-0__V%FafM(
z87CguO9{hCO4>!-zCX7%E5*{4a&=~xiZwrKdwDL?`Km27pz7Okj`OstMbP?tlGQzI
z@?f9-Nar;hizhVwL3mwjFsgmW_{iNoi@OHs47C}=&28pAxI)^w`n^f$FjTCFfj2_i
z!dum=`42%WzPa-`T^xN|<_g(i-mBC(Poh6!aPuL0<7IpwK8r7PFPwMO6`j_~i3}Ut
z8%K~m{r0(@*X!uaL_6UPhSVa`;y-<GQRlk%rzjSdHEVBOCAO;_%uGkeLIoh)Q!L*|
zs;mj5ry9%#uH$|uXbx}FvtqAXH&MxltbHI|dyz!V$&I;Yk+H~AN9_-7nMn^}Pj~iK
zl?>W>Q_r`t&$^9;5oddEK18%n^Okzu>uXH8ZKTh8FLjboq8muJu)7PXCzmldpyw70
zNDb3!qnWsDN%zx5g|ICc&wOZHua1dC)V_=rz(&)B6Z20L^rk1!<2yQI@b1mflU+mz
ztw@p$v>p>0O=3nv=FRI=-G1bl5!70OK_ANx>^+I?EoX0kA-7BBZ!tsDCD|p{DbyM9
zC4K0KByVrL1C`2O<f!OtH~F<uk)5)A?D-XSR_=QhD;S{PvFohlSTf6yp(FP?aaCWY
zbXRC6y7mJ-z3zFe<l%~jDR_*Tr@Dss<;lNtPQhhDn}+N{EK6E9Js1%=5|!z@LTMIH
zPy)xD9QHS3c5dl(&VA}Z#L9pT)2yx`Ew-UZU7&S!-?54NzO^;Gm2>{yfV<Mn{!2a|
zs7+$D>udF;9vUS_u7d~X-fNo800ITEjw1p;Rn$uPP4W%__(44h{~U*;LG*i_7xWp7
zSn{u9{b<(DU$ua3{K_ue(I0z~myd)}N<`oM5RGBK=Wg85r_kWJV~`YgmIhp$ZiO6P
z!Uy{^>svl^DRAt^qdd8$R~cl-^ndqv>5BiQv~4umbNf!w;RDKiLdi#|ufql=+5&AJ
z!R8{;DgGNd2rejDa5t4?s;=n|?LCd}IC2<cPe<Ldt#3lB>sp*7smF46q?TFZrgWPd
z*i5ta$2mMmeWFS}E)eIgXevxb+07kUid(LWOv=3$;SOh)pV|&})*no)hnDn-Gp<0^
z?umG#yQQ3Y>siP=Ifxc<e=IO_6YNq>0mWsn(eC=2%seDG45$A+gb(iRKcEydCmah}
zm2Iq-|4ONP%dy9vYSQt}(OAk^S{vwVbTSnb?El8Vrd(i3Xr3e{!-mu^v(u=;x2#l;
zjB-Q1T(#fLC&PEbJwxB-XRSMF+snJ0Om?5CWAWd3>+zjz`Kk10Ie>QE!|!H5$u4!_
zIw>&!P%$87_I2lN@-g6{GZEq!I~701pIVJ<%T&)C>*!;ypb;ICJN+^E#y6x8rJ{48
zvXz7!^pffOmJ(i{p=iuFc!ZN^Xlr}Bm$MW|@0gS^&@HaAb|FnWQ0Jyf?s~?y%hPnq
z3&Gw?&GdYD>f;20Pxjn=e8f6xIOPz!$R)<e5J*wNzXF%55I^j^4>ddt?O+M6z9T(g
z%@Flc_^QvVzgV%(+w_O+2ZmRgKM$QJSrgCw$z1K`iefg{>)Gj|2Um+3|E(WhE+lPB
zpI3c2tR~yG()xKMDdiQM^?B1E{fqh8@|M&<?VSaQxx*W22?|;~(Okx}w4vDWq6#$c
zoqK;iW(3AiZ)<fNsaMC+2C0$vRQ49HxAMvH18J0LKeH4Sl|pi4-ckz7t<J2Z=XJxL
z)4vzLlWtr5g>j3{xTsO<S_*gh;hvavrx+d(@0dc{v9Y%__%9Yi8SjL+?KymL#k~9&
zJ<@<e$+&R<s^CeckQ|m}#^j3jm$EFWxgUk>v$>*TYHiGs7OyH-i|W#HX<Bpk`iZ{!
zw6LGY4Nl3cjJV)E3`_RrY_}1J3hJ7Wnv`EFS%pkbF}Hn=l9}^6x*;lmi;op7T|swg
z^oq?xMf+e)LDS31LS)UW0$1br4*^t<wIsjhGKoFf^wRs!llJ+?ze6)m*%LMebU85Y
z<m8ctFS;oW)*H2|@L`g9e`u)KKKyZ)XzcedI-?;L)BiOv%jwUV;k>(F#vq2q(@EYM
zP}nNEv+^?FMBdBg3&B4?ZBd}oYzwU&1y@gi+-8{-MoyCsakrYo9X2%EzSi^cfW$o5
z(hs1$cC!|>Wm?-Ubb9om!+<!W?@g2xUOx(1>Iv&Q#UzOA0oqmb_yIX>lTC9IYHzQz
zzf)XT7UGuv_iC6+!Hs<Fuc{^Q=teVpC}tuuCVjf#z1RKI&RSnJ2-Ck!-z3;ieHSLp
zZ2o(9COro<At2Bg8r%0*W8rUxu3aG@I@Q3j2ID&1)}a9%3)sBB$@LC1$~dT7$iw~j
zaD?K0|HNPXekI>>J;<#gOe`bnT*&j%h0uP5V?8{QCn3?kof_hl{DgZ&A`=@`<PNr6
zFtnJt{Sj>n`CDf;5)fH>$UuX!43|C?^83-Q&Kb>o8XfVLX>9}OxFvte*`^Ck6InU{
z|2nt8{K{F`NmJE1>Ew>Z<XZD(&;U)obKC0Q{Llk_oC9grX^OBE`dty5_FPuK9Ah2c
zTcpeA26$(!U~b_@wLx=)aRZZ)8P6Z6UY{kc`<~|n3gb-Z2i&y8o3W-94D5sx<t$)E
z)~Rxh+28KR6-LGu{8|R(^hxG3%jF{ZAh#$>-j0<@C@Lp+_^Y+=&P)_!wDxp>$sCBX
zxch#nhX;j8#>=J@_w+9b%vWH!uAxvn{o2JAj->X84pHnVUoRIs&wLierULCjiKd_B
zvs+%Ynb74~x5@{KMsSj?kJqT1#^cyP^L307>y*knUbWYR&WZKx8~8r;t1*g?6Zw|;
zN>c48{q6CIHSV%IWz5%A_a*`$x|Ic1P($zaXopXUXE5yXSZ8~2Q;#|HjP`SH8hF!g
z$l`Q7w27U&e_JC}@#^H?uxO%2I}SAS4Y#xV7HhId4d~w)a~f%{csVR~7l89B1idj~
zhl4j@NPl9xsu&Th9agDd_s8p`?^6`AJ#M7o&9@2F*S>+bU&SR~C_WhpzNGn}Rm1%~
z<0qX&R(Igi)Y!YU_b6>&O2Z&U3Ljcct!Rd3MI#L4JjQV6aWh1s-dnmi@WmC>p&HNm
za@)^7a?l^(&MgQE;<2D*Ht1pZO!ChNDj(d&W+(u#j`ooWtNOt2sn_vn_KGpTccd}3
z*ez9L^I?&(!I<HJPsAKZ!qmEK%hS=q2KG?OM2_!_-eogwT)?QOMjjrl@LU$|eG|Gb
z;F1D#Zx}9@ps5TrG^r5u9c9Q#k8XZPkFCo|#-#Nn3-bBfVj}og1LR-Jd~ozQ@_RbY
zhXV=K0$tgFPeDEyLp)3K9QF$5EVoszG8Gp~(O%>g*Vt!F4`I6?ItS6E?fM^aa0S>I
z(yVITqvnVJ0*k=g=40lF++e^y*P+<_oqMmW=2z9Ex4{sfLXpk6OtW)Qw7Y&4kXXBm
zP-%zObqTg+nZ2lQJ#{T2G6H><oH2AA^MkvJk*Gb?bck4YpZMiT<Q;T0d-~>HnVzFa
zF8<LgI`JH<diq$%@vyK8FRbqVL<2m!HY#AaGWzLQF(orVikEl2Rl@7VEn+k@hQ-C`
zLnYbU9m&URY@sKKpGZp>{zk@uboUXf?ets?O?HEeySa=F`mzxwTmU@Kqm@Bwr)B~R
zmj^&f_GrjYoB|NHF*I_#t3HxbBg*gwmfr~%z1tUnxLt4`mgxAtF9srnk$dAL5C&Uq
zfIuIzy??_xte(B&vqn82J+%+8j@wXNOxuaR2SQ4(2JfnEQqItGgfb$zy{OR{TGj(n
z8W>DdODzIkz<gn_lfd7wRire;ZR)8<rfqEi^aB+ab1?V?-e<JZ5Z_Db#O>+}>tIu&
zQP4R?zAdsH9qJd~dgwn2xxP5ZAD#jYST_R&+TeNdcW(8|2>kj6puh|wU>adWrrB>b
z972BQ7FP!}okqkbx|nK&!Ht2>l)iuO+%Q{!0@H}hoHKBj{`1j_jL3>i)pk%F^eKqz
z6x`K^@Ol5l@~ko#^%UH`b6`Hiw+gy%g$EIyfwS$N{8BUjr|aGX)E{Isgsn-D-(ApI
zBDv+BK`|!YsHf(8kZVnGyC;$4Rgj|tl05eeY{Bs)LVE`0Z36lkFaLKE(|8Hg`^@wo
zNZeN(<?bT;nF;aC<ktodqBsLnJTqlKGd*`d{>L;|x8%_h4ewA}0^!d5CyAo)#Z${2
z^uh1sKhX2=u+G4!jc{rkTjYl9(>?3|X_9@u4{3Ek+W$cJ;?JP_Imor!^fRdCnTh%g
zEZGR}m>WZMCEr~T|DUFUXH6Q<n%@17CZc4Z`X@m8lM332d|{y)F1}+0j(PCwHr;o|
zFAcWfi8v|NXFU<A_$Lb5>L&`v(g)9ecsBoyJ>=sf5fhjjK;C!?8PkZTt@sJbznaPr
z#yWYQM!5D<)2#37`C>PnwY87i@g2y`J7n0&>-8rvWR>N!eSBf@Ud3mi<8ZEU^R?sL
z<M9u%7$3TdpFVV5GCL=d?2|f+gf!QWDdo}vn-^UG!GMt1cK%n$N)Cq1KSaR=1)i?5
zO}BK4fIKQElc(?2_PaQQF0uMP(Xo~;th_=iS09}NASV6ogb#4$+NY1kX4dPT&dLl`
z(j+-BHUrV8HhR$XzgvJ8{t3&%U%?wdiVUK0F{se#2a=Ql&c~90V6MHF9J&P*Wed8%
zhf5q;9N@zuOHc(D%jnWWduT+*>`#3#Zs7j#=&|9aGZdM2rspYE2>fP_Omy&*o!Wk5
z<wLyU-nr$9Y5!Og*_*4`<LF$tAQ$>k55#<>fv`1*eNXtQVGz#Hi+W25E%2>s2V}^^
zm{cMH@T=dgvNYTnWca+Dzo^H0Qeqadw<z!<<YN>$xI1`=FtQH^05wfI1G2=-H*Rh*
zjS&)yL2H*OgMq1MJn}R`2nHRRO#ej1;;5;{eclv1;9Vo@dBk8_i($?EVIXd5p|-?3
zihLgK$y4{F6RC5Ao5=;_Ocx%Q`ke=5)i~6_>WL$S3;H;xo1|$89Vu*LN6;i1-2XAT
zs4wO@xM8t>v1*@~=x9%~9+(QsZQt1G)nf_n8qR1bslJE0X2tuVJsENy_8b@$br2&R
z^<e1apd}X1E+tDqI8u@pQuI7co=dgw8jc+cB-C{KB)ip}R@=oZAB-DNTwHxXM0#T2
zngk?S(yn>La<bVjTMqrZHDr~`PjbEKlCj4yADV(SSB=+u-I?jbFfUX09q_H#Vk?i{
z#pPba1HSmi1nHym!$$^Jtz#XpQ)+Z%H6u?<LV^*+Z8Z^BNn0WGs>m2QbDbRL-Sot|
z05lnwV!tBmvJWC7;Ap8XtmwC<4xeK9<AVZO`^s(0wIPy<yyg;w4KI4YfGjD<>I9ko
z?Thb>85XaR2Z<1*qbP!c;-cW^Y7v(wJQnrd`SFo3_QEvJ&?&qMdplB0Qv9;oQ^q;#
zESVhlUEN+vNl|fBS752)b!aGlu7MYWx!C3D=Z*#oxz6G1+&;Ie!frA;0;!roCjDPn
zvG@GH{!QhDIVt8J$w(B!Cx;9^l5SC$*r!vACoY!Wgp%JPTvUbnhmR_Y_n1S=64=e2
zAIuQaSCkq41_M_DB<`kIs62KRFL46c-n#;bx|Z|H3=)2(3k{Mmg_NT(ZMw?2^jX6F
z^*31@3W$>yL-q>QS}~YSq-2lWB>EPUS=SX#WQ%KQ6xCAW`bp)kkD^d0Cv%^!sm!ZO
zS;+`RzkR?}$hfaa)d!B(1Zxr>O$W51xGEMZ7Oj{^r}H2uN}I9<{!B0Wr^w2=g##Ta
z5*-MA-=vx^HYNX|1w%pj`sVk)5ip6lM||}g>Uw^VhzoouhV9D`T*Pv%v>IHeuy=zq
zdg!)WV{-1Pt-}8iij(QHhFwW2ZAUs)HIF(9)*IR*-Sl&3QquI4605i}J3`job8V{Y
zE%&JyI|Kw&mXKlzss7`C)0D7+^BEO8--2F`O;_;{kMIO4r;eVf#1wx+89~d#zH>Mt
zIyquuE?P>atGY5v9;}tf8X-sa&x<v6tn{V;SpDZ-Wm07>BJLh>j{t#Lq*#KAx)#lX
z&Tf~2s{bf03()zqz4Fm|k$=Rq>sNhXexUe3QRG)qiBL}l6ErlHU1jnN*ENlu>=1>a
zxHEu&9Cb~=0S?5S5vyzDtG%hmR=kJ6_k=#>Xlkpy=FRzq16QjR*+Q4acwEsYBdiKc
zgmyKrLNctyFED?k)Mg)FOhE%6WJTUo=6na}I~-QK2}Jmf{tShH;0V}=KryCd8AMZm
zZ_Joy@I!>HT&F({)TH~0{96?6Hksz&cH74iyt(mADw1!kZCqr`mi)lBw|~A$-Cl2V
zMc}WcW;M}IVeoY~w78oaxpe131E-i!Y<voDJtDb=WF}~B4fsQpeuL?QkgrQm^S2Iv
zpRT<CjCJ)GW~Rm!s0q~F1VZtol!p&*3%(G%|JjfJZjlML7yP!n`}%r^%aags3?aAY
zWRV$J)gSsezX9<W*{A=-xfmYL0wk?%Wg$0z<9io*%5nt-&G8~qL4vnWgAj6qUl7*9
zM2TVJmk4`GC5_|_>(@Nz^t>4BZ`K7MlP3*7(UZDHM0=MKZMA@^q&?StA3Tq(csBxZ
zc<{Fa1P%R_;6;0npn>T<h8=MoGwfh?FyURRq>qU`Q!qvrf*OZ3l5UkJWd|Y?!iR_j
zNzSx*!3YD63oRsvHe`k#Pix`_tWD@-qI&4C-;Pk}P4BnSy&t2r2wI{YSE^m0Ogxs>
zDTjtH0|%&!#pue=w(=z@FO07ec?PD>-Ge&)QK5#ykp-N%kOUSB2q&vnXzlQRvTw{g
zB|y*5WKhyM$ydVrgF)-gk2HyYJC5~i?C5ytcI^1R&5_qNZB-MpUSkax&%Pp4Y5eo3
zWFK6JZ}BhNBe)VmeOo&wA_<6`c6%<U|D68F<%UA7$(?Ml24f_>Z$XhOKUPfY9r~fF
z!}IQNtNygC+o0vnj{-tva4Mw-p{lkP=K)o@ql+X<nFYU}XiyFwG6F6P*#AzL+ok)(
z0rD?(#cj02D`gYIxUA0uohpmvK$8+PkPXlzur!4{gHyE!DsKw9Wv5$20J{uDtv?63
zh+#*<6tr(F4dTdeVMhXFQ$s96sQM%8$E(jklF~ae+3ERGo%EP4iCi8Flj6TPr_eeK
z3yEu?JcgYMvqqDM^*;9-In8%VI0)^v>w_VCZ*(ijEd&@4Jj8&~XE4~v2W>xU7k!B>
zXKRH1q}?rP2I(^7G+m@JFFc`4I6p#xvTyP{NNK1952Yy?1`lCmGyZy(%Y7~`y(7zU
zW$A0TLo_cyttHjy@&0(?A9eV_`wycDzaa0Q@Gb^>og#v_NDA(TCsXkk>kd!5WkwgJ
zN#dvcFZp7AXsNJ}6>XjHOYfwRBu=$zyD2fL*)Ke&N!n{Ze8xUJm?}6eC)|4~N|^xq
zsMDlVF>N6ZZd;LJ;u?@Q&%4dix;4|dExn7E*QpA{zZxIL9pekOMao4PEdq~)aFp`3
zv1atM2waZvTn@%-)}w@J>>D<z!zEml-FiDFn7=5H(5Y{pDZdL357IG3z%{lojmicn
z4m?AqKeUvI|6qR*8r%8u7n{!rWGjr(@^_YY1OC3;yG2a#QauLn&XFY8)xXaEycY1i
zycetpTDR(PD=0ne0N~vetRBC-$+)|cAF)=LrpxZ{2zSW{;7Ha#EKiPu0{HT5fkhMW
zsPyW26*~pMDjV+Zh=m+san<875BEaGNx}<~LX?>h-~3MAb1>egK7HACJER>~BY8u<
z_Sb#Pie<hh`b=l%P%p!icXCSsGsS2bX~r&UcDx9_X4)0RyHnAoNVNpoaQ+m6mJ*>r
z-^%dfktwNpEQ#{%)?Xi2j$lG!5i)=Dn}$-9g}*)OYE`-`7cHi4Uc~dBHJQbX3oR>1
z<lYixJxLS1(e>(grQiFvgpt@5`W2>~zajzu*ddnZ^7Ob)!%fqkUJfRCl*|))@DQDO
zV{n~)yEOp4yPa?#r%6#@|8kPs0aEy)T1obM@<80@euVM!xf_!k>YFF=JK~VHwZRHS
zg^}GzAQN519qB-1zPDuhuo@!lK&F%6rhvs7+U&0<2~>s3b(1@r1t@oJ=NNV#R!$<q
z{7eT8Z<BoAG&#a-`8#3Sz_D@-S;-NVVFuIsZ<j4j+?y9$wtP^vHvU2xrr@`JVbRPS
z1_RgS1KTGxr%9mi2K*WLu4u4=Ve?7Xr#)!L(f^Xq&dBwF6A4ie4Uv4%RnceggSDj{
z;W#qMpcCtLMn8kZPHiZo{PH<@4_E_nr8v$r45li7L$~{5=gWqX0yOU&1tx@Lb!p%o
zAPMw@%9*`<Ul(lOxt(3_58o?*+#m1Z*#ey~Ven{><Q!}qVi1J0Evq3;H`<s6krBB9
zu~<ETZ6Q#w+%8am7YIqPw}O<6Z(oAOMUhT&h+%VPkpfhN-~VEc5-^gGQeiO7ggs!+
zGX`}RxcC-19yg4vgSP(_h4Fm723e0Fq2tTL8YoB!49FW6+Eniwts&&O62gFV9Ql4=
z2YCGjX_^S*F@qE;eL*J2^&{WABm77o0KkXsL$*!e|49pof`G(EkaVeg!2TTwNGT0z
z8u=e;+^{p$p9Ue4e+^>zk4ix4|5NP-e1m|V(vT0<58$%r@%4`&-!mW+4J1htDNJ9-
zB2C90z?Qo}nC;b;P7ksfCNjie%9jcO1wBKaZ$q6w%#H2}RP_akpZq_PEIpuL-bp0E
zTjUOpJwO}-R(l8HqdPj3PeQII!=|Xmk)hP7$O%P6cJluSicLepg$a;PTn9k>|Hejv
zZ@NWz-yijA979XSGZ6IgiLP$f@l-Lm==F7BZIDdanO>~tqk<dqVPB<dFlEn4aPK5*
zFsl(UNa;`W<^K4ie!~6}GO2BfMS#?rP_4)|X5f^EPBL{BDR;DNWyET9qfe!1o%{{{
z)gEvz@3bOvo7@b@pLyv1L8Ja4^}MGeblJ9@A>ug3ldMy?$nj}|$LuK=agXeNy3*Xv
zSacXOm(d8|)exKH@fx$t78JrF!S`;{p4`mhEi!j`Fi;B!z~oSZeIAd6bw`^{W{iz_
zS&ao%?BP>ri%o)>gU{H_%=*W0t;a;*DcQAld+L09NZs+o?=-l(ZM3lVU(poDv2I$B
zDmX&p_K9W#_@PanYsz9zsD8&_TxTcyUVEIH+v1GH>3ph0e23bmD3T#SDOAllnEJk`
zl3)UD%oFpRw}LB{&r9|W(@*BFdtOA+fzK&@-5WA74mFjWi0rU&3d`#ad^XPY>Z_04
zufej=K;gd-pMH#b=<Kcebl#(;&Xf7S3Zz;+ax+5r!9{D)G8HxgH=hP`d<IIWd+gh5
zfLP(&(=H4AkAt3Ep>A5n9Kw8$ht);^5$}C-!y33*yKEVdq!dsnp;D8#Fmy4Sv@3S?
zQk2zk)#W%u5XzoG7jxm(A!QPaK;KRy2>q13>@RR0NN|cjp-eVej6t;M>P_fX!Yik#
z+-9wvARGMq&w1zkn`^nk-WIVkqBEcOaH*(QM9#leXO;x-Mdqy?$0^toW~bR#rv-()
zdHO&*v)KWXfZftL@0)o&IK$4b?$i9C`1`AC<Gy^E!75PrBH+h@rp>L9>!k*Z+m80&
zJ6ZBXleCo)^UGeFNJ{T}-neC@^&H8Jt>UDBN!nLqzU$xT+Qe%~sFSI+q9{h@-Li(I
zaOh?HC+Z)=G1~%u`jWIt_-p^UOiCu4D*hT#zDpc&KoE5>NfN_iiaP}Y#NkfO-hB-}
zu)>_m4nircwaX_B#T<?;uRgQc4A{4fu$S!H5w-O9hCZY|?euxwtMtx&?Y*u+z5ES_
z$M=<%9t=P)gVzK3FC_(2H`~y+s66{F<39P*<&#j*9jNqP_nSl<7*TCL%w0S?s@CrZ
zqYompzJ}ZLN3u|D9r^TK9v&X-Loe|p*!(N$=>7K*FE1tYf!a4Z9&RT7g>KSR{xvq2
zFeqA2=?9sL+t7eu|Hnd7N#rGwqz+M`@y+E2OA+pt#96)*#_T2(#t9Y(;Zh@rC^$Qv
zY?&1*J%DwD8+8&K;7Wq3x0kVI_f_C2$hVNois-!25dVZ%#%p;#svRwCs>cg+6E`J7
z)=p{DY?<mC${koM7IN~~I6^4$<kV~6(&JCT`|h&vm1Bp_X9dDUa5$Z1W+nXX)W>q~
z4;rm3RA^<iL+lSr>z59{-R%Ikzhg1iLN1SJPXfsuW5R>3Z9M)3OBNKmSxAd8Pq=YF
z-BtuH)G>YcUFM1cD60H_@=d!`s@R2MMSTX$yo>aj&8U^lGFmLn953}yE@~SR45a+K
zsmnLLNK+?_;ng>rtd2;#WPI?)SPujHk*xHM*^p0dcm1>^T@b<W%#9%FOJCZpB`fq+
zJbq4r{d1{`85;R9YfcxL%$ixfRlD%>F?-jZ&ISe~yh5%n_LeUu^&L1}8dWNo<9vm=
zfP}>rL!rj}HF|*_FTN9v2A8y}xFpN-u$x5$gr#2(o)WG{D!ll2|4Wsq<c94bR+wH^
zH!i%s!FnWAEBCW-Thf!_j_?(_D*reD-&#8CtDVw4?P2?CEpn!Eu|cX%@F9&*xuvUT
z52}OlQtYoCrGUEWA=5a|-O3-jcb2?L<Nznx9(1G{Iy=!<IRa<P<zt1+%C#@1Vt&5_
z3@sEcrNt5-n3u6}^r;SM-ll8X-x{UAdbpY+HtyI}LcVKau_NTiMNogM<dg~3R})pW
zO^qf-O;y*lE`0j-Y+6m}uH;hx0MBQbORsHU!m}}0{PlP#<g=_yh$eJXcX*LRPENJb
zcMF^)>ZAL1nAaT{U+BHsUS|?4<MOW<SJnqkb%lYJv)E$*H|}c?qlE*vvL6|ErEa?z
zkT0(a3{zQcLW+b}LIYX|sh<W+3*h*=at|~QW|bfLrJb5)@C9eiaoc!yRzk@go;Yez
zU1U~s;E}6G8QuNM08i!a-Y*e|mxt)XCN&9)n|y4Zqv{T9Jv#9Akr0zZmhztRV|<1!
z@dmdaF^_4J-Hq5xGDL)Q3>i@FQOv-bXi19i@&o!uL@%sSEcT0!_>|MRjEvX2hDo`~
zKerbBd7J!Xn)s>?C-GxD8Nv;3F%HE)bL>P0Q~Jn_v}*Y4%p1vMSEwVDHCZXr)q0OQ
zrV>KI?^O{PEH2B<WFKRvwxfP2k7-S{(+D-kMRHt$#Gc=*h-$i`RAA*0*go!&#}ACG
zH17hQ{P_EEAYxuN-6(H)q?lI$|9#tqiCs&jnCUbS_P)8o9>z?3ptfpO%{rle)=)hy
zU$FA|0Hx?6xZu|#$YFK$M|iDQke7JNy||lO)(Tx>gDOU@%6j|Krb_ZU0G(QBU)uI}
z5$3J>$|HrZUeWcED7(C-!*CSt!Rp|*CZkfh4~oi!Qwdcv!D~bYKwiHpnHOELPRBA?
z<zRU$1|JspG=ZPLt?%soF3Zq@qkUdOXBjTnX#m}pAoT8AKayatZWJipw_w!EEn)de
za-b106d@(h4fngG=<$<|tlf7Cs};US-;^I(s#8NNq71+I3%xv(xWwHw_NM5~4!<-V
z+O)n&kmO^Kt6hPgL2tO^LK1%>{_Xsm3V#&KeS9!okRe7i(6_(klmTj%3;h;-fETT5
zggq-CJ6c=7?W|sNVHq)RI-?SAIoN*QyI6<^?IJ%Q_zy@S+4JCmJsu>a1A2$-Hh%})
zLM;K!o1?(tCqGGcd9n&T9>%v|P*^P@`%(teoW0L)D845aR%T~!g7EYThQ`2OK^MTi
zP_XbWP^9n;a5Qzw93dqoja+?Fg94tVsqF&A_+Vw1_E*{4MWg2Wg_OWiJqFIz9mR_8
zfqFqEW&4#uB)3>WzL9_2n*x5@zuZW$7ql>`B?u8w5;E!5SWLh7yv+T=n{6QhK*U};
zI}kZko~y>*gxGPxqU=T+@D5pdXOm(Fu=a>9Nnk!?uusSc*urn=n2}ybc74Me3wqPm
z`!Vw7fKDgL9pNcgSyy>@<wLjo<z&wwix?tEV;u@Q^@TBb?||}Bf#}r8zZyHhuvAc1
zDv$;MtagR52q8ZWg^tq3KSr*a^CEcKX_4+{P=l%c9l+#}Oz9l-;1U8H8g@I_L7rw$
zfm~sYn(NROUkQYo&rZ?cFp!NJc_EREl$J)kmJX$}cyLy?f!W9?{`j-+AhAtY<V>L|
z{QbjwG@a|h_ZN>BUfUsr^Jj8wZgTeo>fUakJ-zR6yJKgNk8MY|DT_WATi<Yk=wrMF
zaGPW~jiz9PI-%#^q7!TFmFPdJJQAbs_|`|A{N`8UEkXq?LKa>b2&<LE`JyJS8nfAo
z!O+gZF-?ghP5e(G%97m(8>pNP*yHL^2eRmKTb_5lJ&s%lDIhfMuRxf4pdIvEmN}8<
z3qZ|y9wg|A>8hyLppj}1<R9_)b?c<{aV`h4wR(TXQxE*f_k^|8k<@=LuqR8?cd?h+
zYI)eUWig3wecfwXyL_SjuvwQ&DGmLSMJQc334LR=DF#?=2*wVrLUzE8&+1Lw&vw=j
z4{;v7wKdikKp3mm1W)ibOlHy_>rtcEU&-y<wR6hk73~EuaM>T}gPnX2uc+Ty-#vIh
zO55z{)$HxW-djn57Fy{QAACe*^zz&=HU_`l=YPBJ{B{pJ?C1vl^oK9!ynD%qGQ(!Z
zo|A2>xJTG!Y_*{nc##V}VH%fAhH9YIe~TB1?*Eswn-wczR8f2BK5>+{J&-;470dMg
zcE!-ed|doqDB<46-?}7xd{KR2blQ$l;PT*aEaQqGfPo_2(L}kg6dSPT%*>!rp_;+I
zOJ!e!`y^j@t$5^1(oytD1BI17XIT`iM5Mowk%T4oUee|DGJsl4VffShl?=C<tjGr)
zxcHCujn<;jEN69#rz65tJBE=c;t>GlsO1QwT}yjV>EcJihsnGBI+*Wg+yF7xV?nTg
zfdj$jv2(iGY%8g0rx1@w{nbs)n1Eq`e)-iT#9tTOcbsVYCtGPx?4d-EO5ig^k2x%W
z0Hz)Zy56i+!6T)3b<9$p7~V%8NRzEa%;8qwwQa>7&75dZr&&C|oq0+;Zcwk}(BUr>
zG_b#@kViP^B+XyAo&4p_spQNpvDuu$#XO}MOyme^jhC|PVF;L2{o1(67cKQ^lP^;$
z;qu!Mo!1La5~-BAr%1U>?@}Di7(P_ZEI!oKLCSC?!S|b^e9ukbxuy2$5JlT-kQN4L
z`Qun`iKTRpW_?v@%-1crJ}4xQgSEaukY9qlpx}Vhi&vi<PU~484QWD5h(k=MLQKd)
zOlU()NJ8)w0V3}KP9>?UC8<6$N@9<c>ZTyZ-1blvK_7U!1OF{k#msQiVJX|=H@c9&
zang2*0InG&zQ=DQA%7F4_mu#+C8=H|sn;c`(J*2>)Zh{r2H#cf*Dfm(RhAr`Hr;xa
z%MYL*ORP@TEZB-?^Y2%T=PSBM*q+BuG8KBvnL1~+q0V=4#CJi(cVQIxKodRnuQmuO
zkv%-Jsyu-@ai`qtK#F&#`=EZ8M$T}hKu7kORTCX9AV5my`HSVmFZ1>!Gq9IL`wz#W
zL-p^x)ohz}i!>ic|A;(#P$=E8!kuo`M9iMm4-X4uRjpEhfrY}^*a9K-%J`n?=*M(F
z$6F_{5l!>ncfOfESDK4c28@6SVy#Eg;oX->!sCrH%KV!~?u?d9VG#q-<*gp4)&7n~
zf!gFA1!l_<xnPyhho91wAr$fesoSgS_WTDg!T1eNq82pv?Q_C}S&HMRA0uqE-Ueuo
zqvB}yKPpsfO}vEKPxRYSz-0ct_BixcGo=%}2NJ|ao^H7*9UkJ}VkFa?M#`ODZ8ko9
zytTTHq3rUn67bh#KLSO*!Y9U97GTv1nu*x&);jddV-T<PyPugnnSASPmKkI?jiGS{
zXs(kGqBAT~zCx;&#cP*VLOZl`vggTDCTq!Mu5cqs^e8O4xOl@-b>r~TLjW^K4y&Pu
zGVw`5U@4V7k(nVb&59*O16Lt_S$uFejW*gl>w;aJZ!dprn1=r=iu@-+w_(na8gAc#
zGd2Ioe`P8@{NTA%y(EL4fBPn3^lLQLzgDofF<j3vo;tP#Lx2N23uSE%?w3Q^4!3@v
z)4A@Z#afq!e`@~(aYK(rYj{=%peKpYG9ijvpZSz?$xSu`2#P`M0^_j8xKZ$@$H8^L
zsX4g-k9o!Q)$F^8&cCmJ<xnKMKqu_puW15%oclHTDO2EpOE?1;tj&UGI2yUkq4^r2
z^1Wsg$*qot1kY{v1G!^?Cr@~YP#VP8y%;Qms-|5W4x7gm^C4ZKvrh=eX0y8c_Ai$E
z6<X=|G$s|giQ8a}h=q}^Z6?TaWR1~HN`Uw)XUA8!sx+BSPg6tT6f+9_Ye=wT!D*WK
zz~)NsVMO^4$pEX(0D)tt$sQ-WpCb|zyp-i)6Z$p+d5Q1r(~vKI59XNiWQg)zPY`J<
zb3|*i`l@hoAAM63x5$)6DG^vKpWtqOy2I_hu1|02I~>_ygNDj!n9M4%8g208NpBoh
z-I}msdVXKzBggXEAchg9Tc-wvd`YcT*^B0)2-xt%9DZ&3E$UGZ?O2#;k$U)LnOa4R
z&f~w9(QD)L^dEsJ*a(*5zuQiv!T0_B-%4648WdUKO?AuMP_sy1oIDmB>A%lmZiw9s
zc774Dcc$zsiLO>Jnsh1^wS0GM^2fsF@?9hK1YdnU4et^g%_pz%z}zI{Zlw8UK$J=k
z%eUvMoai9KI;D7FDXik5V%`@R2^J|${igFdzCAuXpG=i|IBMj`-$*59GX$l$p43*f
z^YW_}wvPgg7zG78?8QB`C=@-6d<ZEFK*oxGK>Bd9H1y(>&b-~`dIccs{?r@0n3lw5
zMN&KkN|slR<#ALhq`CR+9Cq|vbh)iDa_`>eKJSIpG!qMkA;aJ*X*13^N9LT+6$WJa
zTbs%Q3vyCbw9sa<m>{ibwqT^#kcBGBf~A42LX~PUJkdH`j6++5;b$oM!W5C}vloF@
zd$wukEz*z(kUv(Sy*F`T{b+OJPl_h(McjL+z_ZY8$JZK@lg(RnwJm%oRkvoMe1d{g
z#vj|l)EgoW%e(2$ci{ak%VkpMcHJCXeF40J3<LTP<?sH&@BX^O;lbUUif)8&A6+iT
zs7iyd)w<t^<0j*41g=})5{!RoHi{PEuv|F6*6hZz9dfypR5HB7WRI3u!VvDulNe}t
z?1fe4*E$H*XDn9`xc!+?rQ)jINU5vqT-yU%6BpJreQU-+h}0)nb0eAkcsh6(p^G~u
zqrbgvfo%SSa}8mGZHsZsrFX45VZ1PS5~-Y553^8$z#T4A_uId{8kgqsHn#t?bSbe6
zmmtQyK=NbiFpAy_p^{oRQQ1qGB$t5uDaK)yybSK`OT68F2}+{BFw{m@uRC#4Q|v*}
zO+h8$qz{)RE*Wj+RMiEVN<BD(3%Ztkrj&rNz0q>zl_bf}==Hzp>Hl``yQjqI#NG$|
zsAEHYttf}d@e7^3>Y4*;`&Y~7p97XQ{HOe)`ArIa(_K`$_feSkA~6IUWi}oCF+&)1
zZ;TrGC$5g@fKk;J^gWh0G9pk@aa&Q`yvm5j*|b9b@k_2{XoFxr%^$7>RHtNp<`f;V
zX}WM+2Wqi45hfML=au2MdpJrXxWgT9(BqMsc<Yf(5l$Q}rven{eJ#87`ltB&OV%aZ
zN45qtbmM|;G>h#&wX}rlslS|z2l1cYS9+GeWNPr_5qxjcO%Oj>*rt?|V9nL6;h{25
z4BR*QAcn8DS~3^P&)bndA&J*Df1uZohIVUv{AM_C2at{vrG^(H^TNv~*K1e3`rUUY
zh9-7BdKscYT<N|zha=ZUjGh8?x!#Vq@~3~+-;N^G3sJqJ2)XmAOqx5{XfV4zt~p0*
z-3>dBj&n?BB977=^Ym6WjT~<KoH+@<%YNC#4XBx@yks=$DrXu9{4FDEf+Lk6|2oy`
zSB@@H)1@1Z;h6JQ=`P|QmMTpKyigg?YWu3hK%x6IO6<)$xm(R}8|Cq}w|1+R7*ah<
z(X6+_1^&NW_efU3A3E3W{^-;hu#@nftyoB~$5l$F2fjUIh|cyYP5nU-s8gD{^rUe6
zr7AX3+7r3=0kCye%_|#3_5T2TK!d;CwYMTk+uqUM(f0OU3hiB>Z?6X1tIO=By^Xr|
z{;p~7Ic)E<%T#@dr7p~6DSD5QmLyRsSq+7WnIU;GCzgOgb8sm5Urj)S+JT_+Q-RG2
zzMYB8iaTR;vcVA?ndHbmBKTYhDB9<nEl>igf&6_H#sh$CBl^V!lSZjzrAO1`hugsd
z4cwfDKFevDn?$J!6CHZ1TEjr+-bd4*(;t9S6^%7<T}VA86#UmlfGJ3)OV(~rWOoGm
zM<Foo9tKDDQNi~kck&;OMYnQLvJjLk;td>>4EaDCfs%osq;gOy<)+G3Z5*h9@Q@hA
zLl)uTKmx-<?@<~&+|GL*fhBd7h*29L1u?@rwa5>%PA$|QC~2T{$^K}U>RGYir!7?I
z63>f^#)`aLJsTGM`O$Jm(O3uhfXjg+Y#OUWdG`Q?1h1cficla!3{E!72Wn`iAfJ`o
z8!0(Q{=A0eS%e9E5P0WZpry>n!f1giFRB<uvATlxC9-!3e%j9sATlwU0DtMpf60ja
zV&=by8jkQH3H}Xv8g@_&!n&sywEG3ZGa;o{M{L{*o{uX3Zr9lRn%`HleUHfd*&Pw0
zJHSXz+KjI80GG0`o#%CDlyHF2fm)uWC~7(Iks4*0Mn2;EUn1{pDk)%teQHq#Yvrxz
zy{0B*n1RQ4=wf7ckUH2Q-?_OptbEG#NvOXP>w9MF>Xz}k*I?bZwfi03Yvxe>i*@zy
z>0t3UBji5##k2^#n&68su|LiGv-)=>57}hfb#w&%`s#rO`OP5|ne$hC{u_IK8lRsX
zLQy*Pcj7sdfKUDLpXvBds(kB@&0%>~V{;gU9Ok0Lr6r%W9qAj^yW9t#Fun|`x%`c|
zDRoT#;X8ccJ5*oM%O3Z8xQ0H4m-^MvRDB6+uYL{2zRdcunOeF1^+ZGcV&z_*Ex0HA
z1Jy8^=5JrMhM{BzFX>HE0H01{?btIL6*L7=6#qUNFU9$92>EaRu<qnT4=w+_s7I9l
zo|6vz_r^<g{Cp#}m)c!>O*($QHA!RtUV`?ozC9V+3k~h2y*wR!eocFiV0&*3>ry@x
zpnTBpzvRWr2h|~1@PCvTVL}%ajlDp_q~=ihpQGg$7LC1-mFIvC-cm^AcTst6YT%|k
zjl-{WbDrSONQ@CZ19~u)`|K4OmRpXD8Pua3+Gj48{}77h_fgT)(b!q^RLdzLjp(^8
zAy)LDgRkH}9O3_SK=gn)zA%ZB<jTDnFg+dF@Z;?XjQ?MOC3Wi=Bo-0^B3Wsw<Z(Af
zC66g01Q)K?NuC<&`A<=ymqkKv9~XMXBeg=WmW!S%X}^hgEs}J{uG1s(r}-$8KiGA8
zMCc_(yH>q&wemJ!q#0Pih5uP2H8U`e_k0!I4^YZ_&Y=wjQk8knIr1Xba}G%=-tz`o
zDvk84`qc{lJzTa0EK{YiQ+cuKMl1NYMvC*LvH6V0{Bb`^id!8jVDfDy6K;LvW1E<8
z0}^=@gxiB4-0mXb1wu}&8hf8kx;>#vu81sK#ecCxeyQpt0r&7<@-*`9x&)GU1u^n2
zIU?_tx5t%t*LETAhQ`RdmF@a>e@BG!W8`0!(%cr6Z?$-(tKFb1ZKLQwkZ&{E^z!cV
z=sTm|1B`mr_AJWf8hI-6^7Kf#s4UZz=kW5BNO_JT>*Vdg7<rrCp@}anG?F|mkCmrW
zxXims9<UK)p4h?TQ*&7T#j*9X>AExw-}|u|>i<@)Z|b7{ZzA>I#rl2K`V9t@zvFau
zjgh(mtb3@vv;3vI2a7fDS^D?-cVpx+)|c<jB6)o7KSA!Ee<8`>)A9LC_S^%Xli73g
zDtK<aU|lpV^BE{N2f#l}H7u@WLO5N1oIjc5`L(KGexQ~K=I3^y_zj~h4$H0`8Yykr
zp^?&;?_g4TIxhN);iWz|(r=%Lh^_w{g78GWLb?G40#~v!<v}KU@e%E~`f5}r`eC|l
zrz)~#0YH(@IiRW%%FV1qzGD}Y{?q@CE>~0+Kg0|9>Ys^<_jBM~xr2QZ`PH5oR{C_3
z_YEjd=a{>Zr^PyXdPRFeM4tZE1oHHE7yV*+ntB|0YC4WQ&FDg&Vt`)v@^t+0Zsh4X
zYrB@GZyby#PuHyJR-R%&UN`dey-T~2r+B$bSMt<+FrGXezD6fcG1RUbd1|?|OL=<M
zny%&PKM%x{r~iIeCr=x?m#3A(x{{}Vez$9RI^sY)d7AyMPM%u2m!~;h%2VqPUCGl|
z%KyJS{hupOGg^ioN1j%PwDQ!z>USegpABi{X-#wd`cZj$M@TDAS7QAx<>{!<DV3*#
zGD)6(@>h_Ro6jM+S%%LQ?D-vhewRJ}6Q5r_r)zm?`AC(gSAL|*(_tT}^7O)wm^_`Z
zO(Rd+w`k;P!xoJ^-MvL4PrummtH{&!UxGaS@P|(Fbig(yPldmnDtWpM<*Di1?)F1_
zYUSzoN2Bs|dm6~o)6dh{yLH%J&7f}DE7Z03w5Gi$u)VT#b?vRe_6oae&!Us}c1?R%
zV|(|XtIB(R4(*aQM=ptB+xU;|!`*0&-1nK$RWLJT3%qS+uAM+dw!mv<^y!mp>%v4i
zDL5m!VN9l)WpGGkf)Bk4g%bO;BAa;-o=5wa&;gCxd~TJ^e4fFHx63%C&Bz)CxumA|
z*jdE^tF%)NI$224tcx)@O{H&#XArxea<7xphJ<tS#q3Ht2($_IhRj-9(IGr~Sw)bm
zjusDyk8N0Eh+NGPIrT;VyrR3!=OQfU0W9Yml>5RFK17ZiazJ27_2>YGJb@o;!OVJV
zF2Ygy(xHCoMFz&GYN?Xa9~bI_mumOxSJV8T)6IOX*3bW8&HSH@^Zy&&{I8<<@2<T%
zU3+#-dskz7_v_nRN&ElZwYO16Pe%_$+uM5<?*HrCBY%myfz+NIb00x-L&U&MfWgt_
z@m(ffVoh3wr$cyaJ@>ECo_7=<r#=0V$4%X}N9P@u<H4uf(n{#AJv#4bNb9~m{gKDN
ze(I(@+P_<Qoc8ovc)#ziJ=(v^IZk`}Exa?jYme*=!*SZvn;hj0-LyyicJ+Yc%!iJo
zALy<<;<x$7X;05`FYK;8;<u^CX;05`YY%qQ9`S?F+1<CNX9<hDYmfNBoa3~oX9<^e
z*B<c$({b9<vxM&s#A^@l13XOrgSj^gB?-`aFehBtvOrjJ3Hi)y7KPFpXYh9*(rcYV
zs=)}z{&LYUrMHpCA2___#tFe;XS15Q2B?F_z}a6eJd4!kxu-dXeCEpjeC`*bx6D}o
zIX2}8J`#3iZxnocNUnX78FCG&RO2IslKzIG{)y<o;mnpj2c5yBM7);%S_ZGZC=L2?
zfiaV3%nbQ9EnLXQ0pA&|MUxCh{8G%`=-KZumf^<^?>^&$8(scd_bA}^?EAjgx`H|E
z`zyQq-W5zr5WNTCd!9)(;y3A%YU;no`{tx=^)I-x%g_n-C`=5hgPEHES&r%r_^b>f
zPt$FrJ!0jO7=PQz4(X6k`V-mo=zZgqK0-&G3};}bnW6z_Ii&rf^cmfwRSSr6&G^J+
zER)A#vb8{evjbh9t3l`w+3OgxQ=CyN`fEJ{ZN>(xlw^)X`9#l;qyzG{j%0%sq_k~_
zT>k~fyK4q|@Tk2&`@2CU9<oi>2;KM1z=f&=sZ<MJu-n-0W*$Z+afaRC3idU~e?@a=
z$TrE&J#{No|2j})oWZx4a~<fZ<S?C!&4Eh8!f4RLTbhJkF*fr^^oh7Zx4khhGbAT&
zLt}~#D)6UN`HV9u!pISz$Oqihm=H{=69egVQ7mQa8-ZH@fy+VHndt~jmaSPm-HQVD
zsZj0)6@qU-1ngx0r#X#>oY{vSN=N%A)g>Jf17b#fFNb#n(B*gTzLZF}(PlNKc<Nn4
zj(BD})UYh5KTl&-ewM_3O93T^c~kAxC^-RpK6MY|Sqfc?lm?K)K_+<`Y2LGA>`T<i
z@~;n$G?Oa>pq}OCvzhbd-eq7H%*f4iO1s4&TW~S@cL>YSAJAXx5X7%V?}9W?jJ6~)
zu=2%V-`@ZW$!v@?708k0k!)v!c3$#rLg_sh5|+`1r`?gjc+BA^eVoYsT+ori;*uI{
z(gB$K^W>LXnYNklkSclIx2f(#8KcmKbcoW2;*djP_NT%URzRB@@(2HF4F~Lbm>=*b
z^pB!@xhI+PrRv9iL_HN$T9ND@G4T-@6<kZ>h6KU?x-n{c2d3hQ_)K#FZZIKQf+K%}
zFc-)N*SCgUfw`$(Xe8Acy!6?(2O5Os<&Nx~VsNV2Ej$~#pd7cR<`qpcPo(h{j!F`i
zJWcv>qGN{5Z*UrA7KaFJq#4``$XbVvgwhOo<%ZU9{au`&G>#vbfR_>HW{3e#IvQO+
z!Nk-%`FbmyZ=PttNRt}`-yGt!nAJ}l>NZ<su>vX%X6;Zt_t{jlemnZ7yUo<vV6a;$
zQQ)Yl=2XE?rWX2!iQXoou;hCpM7Oy>42+W<*;T^h?L>M%+0YYpq&TDuabOaBiReRC
zn@K4JEhVjC{t>KW*NjF`=tG`?WHdN2cU&^4^UxUg>yvR}OhnpXszC$RqWu}QNJ4qc
z*|XPHdBF#&3Hu;CDchp^6ajmNXso6gRK{rhH<6DBrJf7Ws+b6fK<X_Th0_Z(?Ff!M
z4-5W*MtdFlPa(XpaLZ|~_Zl&czg!fGjDrn+Ng^@dDrImaub}h=j`%=1v{TZ7{-@=l
z^eO)I5zLa(7}?KQk3n4W7u(T*t*o}B5R6hI&ow7j+u522YlOnb>^vINZor&#c2kx8
zLafAs%Bt-=qRh@C%Ip^Ymq(P@c|@6=<)5?X<DV+~eFpg*3`-BJXWo}!SbZn|?aUTF
z;emAJlGZ3*=i|N(<`9)v!+a`l(x%Z)Tor)V+*#tWopk>+;E3`NHsaf4SQtuiTbR$)
z9dEH&%U4X1-)@flmIc4bBTblF@sJq2=8QiML@)B-756=KmO=hHk!=R_p=)A)l;^*v
z62JrRvHgnP%Mznm8T-qD>Spd_bugThA}{@-IV{hG-!Ly@rTk4b+d0@8RP#@rD)~|I
z8Oe`^i2SJS`~T$!%8w7<I~DTd$XmZme#|_2a`I#TYrmrWcyp~@e%$rODU~1jrQOPp
zx86TN`H`~j1mwr=wWnNu7*?Nh`EgB&%04bH`T6ogSl5O8nEhUN@<V*@MCHdDA9Ru*
zf%oIck7qvbEI&5>SIUpd-LdjxM!)0Ak2$NmmLD&_r<EUPuhq$qOJ40PKhAtrCqIr1
zROLtQ6I_0bm;>_T`SuQ-{22YVN&uI=&E&_2OLX$%`ZAsTaMpnQxT;K*A1{<K`SJ7;
zE<bYdwy7y7Ko+b)o9kwFfVyBMB|Y}6a0FK~B;^)MuBA@NUTBkCMcTWlHiGb&+}0e%
z?e>Kq!SKBMfYI7lA<GaP-aQS#IOSQ!mT=gU<_z8wa!Nk{dklLp=t&IrTeNhb;XMm$
zDg;dh(%Qn)rhA*NTj;O_^No%f8-Nl9h~ByeamWT|(2Z^W0Bs(YPiJjH8>65NoAjO9
zY$N58rq-^3)^5GUIipSt+TX?KDkvzU;79))-1R*76_~bwCu9wbBcA#R00LqTj933W
z=Iy*nD6wD)W0Nl=_^OBv*jKSbWHpVk;HTfSU%*e?r%_Jgop|7|s3F-<xL_#;RojbP
zk|G9Ng}}X502hOWwqT|EM!D@L7I+!3hcFT-nl4)K|B;qPSRR;&lxg3nk%9lh{(`f%
zIi)%jf2#Dmy`osIKNb$xzpjbTIVi7M#RjQdsL4|vSg=Z--V9_qOm_v07<ifue8DQ<
zZZM8;jglSK`9tRK8rsPpauR*>4&k)<@6hU4zAvryhm?f@np`b(3Ukj}twcCiB(ONP
zc3(_9u~queDV5o!jkHybLFsm1t-F`9p@Frpv^MJQ|FTYT4cUmB2%q9k&QUeR{Z^;+
zA!$V3eQ6*9FGA7hZ8EtFyiKWs?-c`v2;gy$=X~doR#@(y;n4_bzWL7MgM`wfEa|kY
zeELC{)ppl9jo-73Lzvnm`kAueKr&lrF8?OaP&{vX1?!2y`RA%lX=*<UEvoaw(xqPm
z-_yZ02I$sr0C^Q8rbW>fvak`cKFOR?I1i65s@->@d#^QX{A|!i5ZJ8oGX>u!_H?J<
z$4Dp9+iDb+VGI}49cQ#=Ex|Z1!S^DI<arXQE~`xNJ;}m+1fQ9zmLA1}r-W!8a=c>)
z!~1@7tQ9XQCooW@6CZ1)<AzI#P_JOEo|aYSwp$AqWx-E(lXMQVufJ)G|MgJ%dY3`{
z+H(oVOOc)53{Yw0srAR{E`Z~moTlw$UKgEYP$wG+Jv{|~OS_7l26*BPeF?3X&NFCQ
zyZTuultP3(TUH2gjy0)q!T%ms&(l`#^DLhusf<2RUev)`I+Rroe@2y*etg}OUaJ57
z-42?to-ptPKtO_ZeF9;l0~-w&*~4_|UYeo*3g=GRs2pjhKgZw?tcA@^X%mJZ;h~vR
zDtAcR)D0_>bB4<xuLXG|-L7s@#pG9UNX-tZ*6s_r?GB2-!T%^fdIJVtdk-2N$99Wl
zdlNwoeo8cMatzrxRw!{MBozrF@{=z_Z*#A?pE;$C;*h3_*~QXEZ`}lMlf`}IW8WG;
z40xN3;=mBG`{1O6{>36|)LSQrWe1YLMo1`1_Ux@+AKky><;hT<2*|KOSIHi^{)O59
zBjHtjnGUln!Pr5~_;5255{YPr-4GmBN1;3ZkULcq^w0Dw4C0cn{79=`p}N9y33jVr
zRoP9))vZ7W6RZ4`twlcl6Qt}>#0?L~gOl)9M|E$L0E%cOz2$e-fEp44<5hljjaEOY
z--}vF@>-^qgco+oFU9l|9)sK{s%9?o^^XBf$k0VpSH$3g3Y%nK9jlq({Z_WXZJ@^Q
z%K*9Wz{@UjCSc%}V3W2vyx%sk`IPL>TZN~~y-g_?`h5Y0MK0<Mx*bRxhhRHmmueir
zhtqA+S5C>b%Id8%+KO`DwMn<Hk@v!KDNQF;+qKFTxP8r#D#^aVCY0p9E6!+i8b7rb
zE-(QnNdT5)$6(s&oU<0uP#)WDfJyR97Xvq^f}Y~Y{(Sx%kzYb)lUnV*uxEfH(35n_
zV`MLEP~%85Ym2tWC<arFs$$Tf(F#zG0zB8_PQLem5xM~gi_XR_p}z$nRK^Sd9VK@)
zDkTmedn9M+D^R#VZQ5W1-5$(i0Vy)a;r+hBCCM@<pW!^`j9DAN`n*-SJ|Y*ep9#Dl
z>V(+{kx9j(;DQYxP+Sg2AU9210sIH>xC-n<gR15^&}9p!XbJ)}8D|N7t-NIkfc-Uc
zk&KbHt~G??TLShC(*W(Du6&B<_5T$)<*^Dw0!p=izza#S7cgFP!SfdPCDyX~)4ZVs
z05HMo-ED-`KIvR1f;!oVz~2BM&tc3q_XgcSZiQcE=V^Tm+WaA?ktkC%eo&EoZ0JH*
z=<pgmeU+=C<+1rq7=4p7g9F2k9nw*i$S0i$eSh4lrSA^p5;61*G>dc!WR4V!<Qs?F
zfxeNTk+9`~EypG3`DT;B<0fkUoCdAZuCTNZ?Hs7|d)V%4^rSf`)eBzo0R-&KuIq+?
z(<1~dYX~?V{W#4I6kRJE7){@qf-okuYZ9{m&>ab(N*p1f^TS9&VZn#)IYdHp;*ijw
zC<#q6BMr%9gBwm@Y0Zx;tsh}&HOaR$MV3~_t;%Xfi_oZ!7$qde^?mxp@=Kz}SEBT0
zorJ%zOP-`H89Ol5hb{0sKv>;H@2n4p`=!7jC2N}eU^`mvv(iXwp=1r9*wWQam_0=7
z^&#DxSRAEqbahR2o)~?fJpbO;^lS6)?Z^IK<lje*{`c|kjo<zE@$aQ6C(6Gm6lvnG
z&A<CLo^t-(>*)V}{_U^(zn6di>ClPt?{JUf^6w};Qh?fxM2}03M~}p8oxugGnS<oV
zH`|C3=ZVrf+T95*_?sx@7TP4g8(t3yr`uP=5T+P>jP3hX!F!QB>o6b@EW{L{6l}&0
z_^sF}{kR5`8oB)Yoq{OK35OF5R<>il&w~5^!bM3GfV{im8hj9ZYhXU)+x9m@hpF}z
zz=fPrGk~%RcMIRUlo={SS^#DN?j$WrLSIID_BIWZ>@N#XjwV0#1x50i?*awPSnx8~
z7mncg0WPU!La_fR7v^yz3c{Pm&_fgE=36lJJ{fHke9tCQZW7;S3JXZqZQ&U(G633x
zhQ#dc?twOG!3rntVs8eh<afSKHrN8WD@3V`Xz484UuY>EPSEZWC0CJ6%3UG1pUvw9
zTt#4?IV9+96ZPgPb`06(Fm42MU9=V%3KyFA1_#nVu<<X2r7lc`QVoR9Cf;5sRro@l
zb4Yr$kpJj0T7OO5tUv0klK_d*NHE6;*v&^Gm{Bf0T|hfRk^NP9T|HQ0ICpGzXrcnV
z*6s$JD3}lWnopIyBcUw}Go#$W*Gs@&TsRNLM*Bwg%+U2g+jRpXbCO8Q#VZfR#j>hh
z@E@TZDMoAX*03{pr%}57Wmj;b@qKLCT9k~fL5E1QLaFEw1DKO+PAV+DmvgMSE~#Dq
zct<##c>BwQMCXjwTc$w^h|J)>$-92c0HO39q;VJC756Q{!P;Xh_+=U_EngfUFeHcc
zjr`>STEPomzE!!K$BoN>+so+|i53iME#2yf_CsSV(Js3l*6VQ)Z`;ceAA@y{Z58<{
z)@K<R)_-bK@0FB-Y+Bf7M7*#{7VO63f(1a2teCax4A_fe=-+3+-7m?tg0_5VVFg^U
zMq8A=?fU&;b$)HQN#<=y5SC%|gHSToI67N+ayYW4k_QullWPiFdI?L;gZI%Rgk@*L
zU!@_+w_H+l<_=|0G)^LWyWsn48|t74dW+)4Q<0qpJ%h9u?3t7+Tj}4*=H+<&Zb2bu
zc14`ob;sw5<pl>~`P_<FK6lQ66XJ6Z%FXO_0yol|!=6+?EG(+`u4G-W!aRONi1MGp
zt>IfZReGDQfN7l;;d90E(0`p;KG(A|pDT{?xlg_%{#D!sp93BTML`1lj5B!E0KKc+
zu7Yv96>+%TS2}JtE{59`odmb5h|BGeF4%G_P?y`hnB}(h2fp0!P)cfMhaNadFpDrt
zeEsqz2Wr~Uc9^4SdOo*;t%Kj58a@Y06lfI~9Ak7kCimkPIwohm#d@2{=HBCM4!@4_
zIL`FC<8g<TaCkZrf;CU^M9+)m_rH&!TTZb%^+da;tu<`DT}QRI3d<%$7+sf`zwP_3
zG2aR83!xWiIqz1bArk);!{>l_8AMO*Bvw}(%j)<+o}Sya&?&B~Sj+8-k=ylD<GLdA
zJ0UKg8yUmr%$&~+`Wbw#IKt-|TYDS0{k7I<;9B4Xz~YM4$W~1F8Mw~-XiC^3EUy${
zZ9W~cm}JigF>tMSVG7F{6^>+$5-nNv!txN=?qs+}&PSvTm?LC-nwUL4^?`E43wj4p
z>L)j)<nz2PRwpv;|NHvCVpYul1eITlSNU17x+kl=yFP&NBZ2WL2rs}2r9A*9Pv6@r
zwDMzosyJ$V+JilX62om3#pDDbV%@KJx3}r?^Q!#an(GYSvsyi$4%pL0$+H?}aHSZy
z9awAb8Ydn(ORhpxS9LrdDw}wsK6&SBxLQ0b!IEKzu0ZEW{sCB%k*9`}ekvEjtocIj
zOk_^plqC2ARzU6=AQj|6eK`-hD2eeP4FkfH&BM4b(KSdacbD2T!<b6t0+v6mD0c;g
z0;PiSvLdV8eKscLb7n6{bDuXMkkl%aW>~Vm@N69~jef)7tu(5op6|qJJ7q_Ac-xJ_
z<Cu87*frzg34zhO<s(1!G?XGYaY)saZ*fLa37+4JfzcK6mrzJNIlI~^jBi4x4rlg(
z2X?@6S*=cp;Ju&1J;6wk;1{pG*od;e+D;cq0~;2+M<_@TgzQ?<cl=@Z=|~=Sbb=qB
zDtJc`>tC?ayI>VkX_ZQ)4OS2g{-@w0Th^z7?{#P<v$6gh?k~UJI5v><hE+-`abzET
zXrya~xdgDV8y6&Y1{R(<C178J-Sxt(WWG#1Q_R}n*?{AKZ{~hX_*n8&2j&#qZxsC3
zb3o-cPBQ`~dOCqE@PUYdkrg255vLd}4j7WxHbk%kL?J9*2!m4wB&hclu<_{DSEb<h
z5fD2C-!53|0Nxm(WYD$PCz5h6tm^+ORLQCk{Oj5oG*L{yVvJ%MA>pvOvVRnOFEhcv
z+FHtyEch4$Lqs<cq8H!6IT}DuYtgd;5#!InpR4VZ6rX*rToYFHLv`KFhIOZ`i}E8}
z-@MsrgtlZ`k$)k4W-AIVf<Klb>O?5<tbnPYpIFj8swDV_P*AUZC1V0r6bj4l`HKNh
z?1+M=j8gM4;rh=}mbUY*UHA#K?qc7(-mV!Ek)85fj6SOJCt>m39dXf;tAns!vFq|j
zsd%~O>NLTJ!d>atrYq;|<zRct4G6Zso}9Vug`oXNsmh+#xZN7H!^IO=IkmC3*577z
z#NUSa7VtD@z?I7Q8uByL#a%0%Bn-RZX}wpeJPlp4I8Uq8@HA)8hE6kepx9K(uQk)g
z$qG~tM+1!m>1OVr;L=8<x?;-vSI$Yj#tO{DKg1Ya)>dJ8H7m54nygZ};C~;nn$;rs
z-oo`ASg?kO*Be$>!BG6#zeDhiLC?65J+rnx72`y_<vg;a;-SkO!Twdw><b^->j=*G
zgLZoU#K54h#%GNl>;}<LZ?p%dz5p|Kz9TRiw2-UelewQbP>x>9*GhC{ouye>d{v=`
zDLp7ArivKrpU~3}aA!t9BiXugG7Z;Olv@m}nutFai9Z*y<7Dct;7<-m$;vK$sT^bR
z)ku%EthwqA-keL*4j`Y9?Ej~RK5U=}{7L<u55;e!teshiJby(;WF2=Wi@e58vM9Qb
zgcL<|ykIp_fbw+*^LOx=T-g_U{^6M6!sN=*heLDI#8Iv^VQe}2D@n%sr=V7X#}BpK
z+g;hSQw0A*=#BCzP#jTCSnk<`BfUKh+XY*~xWh9{*+=r5)Oi<ZI>!hFsVWLU?45<I
z&yl^$ecttfq-HMlHjkI)|J^_(FmF)m`3~K3`f)mKR3>w7ilfQgA%C1=G^jEPI-d|s
z`d&x+^O5v%U#^4u1I)0!V8CyIn9AhRy*+W4bcI7o+Qkx1f9?5(8nb>t%tmfgr*H)&
zA0@U#t0G;)nUvo!A%O6epgwo;p@=>=g$F7-q;?0-pv`@fKG8%iV+=66a%QC283|XW
z?CXKPeAzE$;mn)lRhSL}6GYdcKU=_(s^%z-T&y$6oDsQNXA=58^SgB>VOm6fxen$i
zRd3gsWX_3PuQSP<2hSn?oX;-*nS{=tc>T{L^Bi{n&m{9ab^(x@s}?T-T2A?q)r)}C
zOMsS}8C2UbB%6T3?5a7|DSt@DCou=LNfYk&it^VjVNEhs2lFz@V#!pU(tLA9z-e|;
zGF6k<Yde_1{!N~{0+b$PzBxsjn8q@wy0o$yp|FCUjS4Z(qAEtSsKx|e3w{Dt4ZsfR
ze84OQ%BT8gE&p((VZ5P>^kbe+RqQgKYLSEFm4o;L+9&9jB=t9=&raubs^7Q-d$nRk
z>*n)=y;*$R@#%>!DS~0Ki-Z_GvHOK$>8Xj)Q(h>Bo+1|(F*?dHM(HTa7^NeNF-k|G
zF-k`{#wZ=-86$MWFD@cd;x`u&HSw#9h@kl0MJi1d7xGt5RvWeSq~7hcoY9nezteK_
zO7>dEUsthLyxu3WP~hj)?B@pl%2px2_i4E~#9j@&|BdW5g}<_h2!03Da`QI!O7}pi
zcR(#S*F}k5))IZ+PDKCXv7b-$_iBhfH4f2xI}`m_EzvjWi9W!HKE>FX=t+JM-LF9T
z6ruOGPJrHnT6(|d#OQq-?Jw+8>78YHa0UO0NC#v1v3&&zjKEjoU+Hag2!Rg1W?rpM
z7R|%+=G6&|=+kJCCor1FN)B|-^_kZgnImN?C5E8%OE$Afmp~#f0hJc{%5`+@f;0Fs
zbw){c<v;!fm(4EFK0&W?@9Ak^DIThQ=Fg498w@m)Hq2MjfF@L{;Kf@5aEI>C@HeoW
zD*9^$|6j0ju<v;w?~PzdEbqY*^oM-4p26&<g9#SLW6dm!I?J%`K66ZwuSevn1Htza
zq4EO)P$)SahD>;fm`#h(94Qxk7s6lfQtCR1-B*B6%l~nZfw=f~K!1RZ!5{J@V?0E<
zJB3{1N%8P86a-W}FC`>tln~)`A|;%qICLbGIL|ZUwG2Xuk6-BUDbQv*%UK~thgmN0
zdl(c0rNw90Iy3-!w{i52whO+c_;;e<^AWeM@XFTFS;CS*bjWqZ!AA!IDnjCnq{l^L
z1I3x(WdIhdP}&f=uprAC{>(|)kzhq-DKDw^%Lja%sy_C6L8DqS<dRmoM(5877)_w2
zp^uU0$qOFlDO_Uh4Z-_5w0Cu?;K#%2`hRHdKcH-~(f0PGh(VwEYv?W~3>+hpd>k=f
zhhzdXA`_&bHt?BgqQCRaS<c{6GkSQ)<`<DzeT?g=><-@X3upje;SIlo&y!f<rwk;`
zuTZsFPB;%vm>FD5`O0erv5aoCkgWZcciUO0OomQ$EGOV1(qlP?kqeOJ98@ktREW74
zS#CDa66ca+ISnBqOqQEd*=s(3O=GVG{ME!>=kV8b_Noe&40`1k<N3^4w1dpZ9r2rn
z?3p1V2Qgg3F}#gqxQ=63<`_;#3}bEiru_`VD|tt&cn@_9!}uz(nS!??WT$K}`9p$#
zZW}E))&t=*l@eNMaawH9;dF&Thtrh?9ZpvnbU0O~oa1zjL5ov<k)n^`RELP<lSG7L
zA45b)%Z{Un*w`f^?rn`lM4EDID@ByVtbv3-oc{;o&szY4pJz}-Gzz0`0TdY{3%~}V
zLtO!OG`_xQiG{1LQr^PhqAY57FW#I~04)RI+=p<|O(Q3SI61AEBg~*tHZ%w`L=c9U
zQpUH$M@iqGi;~novwl^DC0&n_^e9Sz8Af;ln68!0dW3joBNFW!&FpfbCM6su9tdn!
ze$*WfkM1q_B^)GYs`A;bpo?jEsGEOTs{PW6U-lCG6Pq#gAqLqQCyVS?kHx2hIvpKE
zkiESrKC%b=Tn7BNKe2vQh9~NgEo$j+sfPYG3I54VvGkXsjOhZdpG^dPI9w{5&eFq`
zrG?9<feY4aDWH-i{Eh?2sGp0V#VZ&fs#2Y%2P92Hjc-S(u~G0}bu1P=Ny=cH<=|OY
zO&$nLZK?SNQvME#!3SDM<jcADtIOAEw%mBKv^4!F16j2pn)C~|DQ4j=YmASo(LWbe
zQ=X0AZ-cI1LRFNMkdn~bOou9?(tMOKb#`tnrj9X84V`l;Fm=Td2C-_fZPR0FTMVWs
z+F8HgO()y+dxzs|KD_HSF<mQ17%RH`d*oNS8K6Hl+Qt|`XRpQ*KoL%zDk;%?uuyzC
zlbNT5uef^EPz@v)J=zIO2A*vC9=kd~hKJ9riue_J_*UrQlk0cmp_Jga9*L;weHb|j
z{!2ORbN8@pb^w=C@ZHmc(%H?<f;YDr%ctndXR`8{ST6V#Ko^e1qGfa{G0tZ<XwB(N
zu8d6Ob;}XiUq;7MB}yMehSZ=NQWG0ex~4N=8r`-}5XgDUISc0)E7CV#q-#Dy8E{y)
zpC3`Ga9>N+sBmjbB^un_Qgtb|!Ns~}8(dtAQv2pwlnTPB)1nf0bF$^^aE)G0tuc0`
zMWr7CuKZ4;UVl_KPPqQ4E<>(Asv9R<e^fV4xc(^X^~VO?$RisjTqjpIOt?<2ZkTYL
zT;=UtCr{(ATqig2A)Y#&y!2a!#A4pj3Oy26bcw{>4QRI=A=bEWVi&A2^{!LF8qYZx
zUooiDDFzY#<Y-`P{6Fe+{K+KvKaOiIqN?2c=ZTl5Vg`|FUlr&jae+~{zHEFS!;aSC
zt1uX)=1A0jrQBG69)2aCjm&LA7~0%fQk9a{pg+%}^T0nhXtYJSfej2aMnoqa<Lbs}
z{6nvwtM>HgV^pogdHONVGsf@`b~02n$(%*!IPjMaab7)urvS{>!T*%!;D=J?%X&~2
zZU=1mL0y;6+TNRmdg9MbQ{m@jEws;ou@PZ)BNx5c(Br3)!XqMEy54>1^4tH(Xw4;k
zD`FrytZHdHIcYZHUK)wVdHBElA(>yW^ywPe&+ra1+)Tv1!{~*27i<@Mm3y1nuHhcq
zHT2B1dfT<zh32dZ4@uyBZ%P6(YJECV_59dF`+=U+2WqtYf$Cl$-v@j<>VHz5xg&aM
z-va@b9#y><GV;+HwpnD`MOVZ9J{q5Jg81_NvwM7{M)37q{r`4+9i#hO9nt$+wdVzN
ziz}1Kc#A8O+Rzj3uc9EenFsMB5`KK3yTy#I!jzW)My=I$wt<CuCB~zRQnldQk1U|X
zGOcjFImJ+9Gus6Jd-M}DTV*qk!{6-0w9t301GmeApoTc{TG%>T+}2#OC;4@$RhW}+
zO>|l+=$s+4HLlK3Bi{$F7X0-F-9C5<>P{H%50lly>U9|sVsFhlL~L|J9{Ln^j{ir<
zQvmYu1UZcZ9>!5RL)@=+vOMB8z>0AVPg3n<TlLAEv+;gU*G>V#C?zk;$7@nH>+aiD
z=|x!VASTom%_!)ISnLRlqy6@AP`?N5xA)}Ka;yt#X`l-%<p;O+HgJCQtJBMrCBG`Y
zZ2a-ppqFjGHobiI&i^EO8M}qk3%^g(N?FH5>FCYmc+D*<yfu><UUZEc-g_K)o^N#F
z^$L7@3l#$s4oq}PGtH^$N#$rxI`hp1nJUxA3sf<USswnJCHM6sDJ7X{?4zdQ71O6D
z;tW!PBCD``gMuAs?q{70DpMj?na;yZSuo4&x?4*R^u#y-D8TdxfC0>umLASA38k0A
z8<2+suSGZ6vYOnZ@iT$$9!;l@@9G)zF*-ZwzDtGg1i!Z@PLe%U9A!@vyhnQ&_@M$`
z|6XCVt|L0lrh$kF%w9<i7*Hq8PQY=sqYqAqZU`;6naY9w60zfQ(L34<Q}lGT-Sng2
z?~#N~DL;~9&VVFxBpEecC|P<fJ6P(l`!;#fajv!3^BR))i3=vZ7+dr<Rklh$Sqqyl
z68z;zd%;JI&g}UJ-1|MK)v-os_W7Pz(<PPLeLJXGXCTkwc&wE*duI|4oU8yy#}_T9
z%64gswXoIh?hXG=6#Rcjuk_%f3B2)XWRl*NU=>Py=V5h+v>lPWED>i=4|VSz)Vw>z
zUbLL*;(gnBHfb*@e2#UI#s9wg<Q#lA(Ba^zW|OVRX`bfjwbj|H!d5iZoM8h6FC8;(
zrHK+0%Wo_WqpKVI2>(vSiw>)4LTnfyJFS{1it>c`+KhybiPNyjnScku{~7)S4bFn)
zKbsU-jCVtOe=jnvyOCYxhcW#atl|RNkD-K6atfM$z@WS>VJqGaUP;b}A((K}cESH0
z?dQN`Bh~H^{QsGN^Ir%2iIk62P(B>N=|)CF{tr}t=9tTrd+o)_1sXn9o<w{Mj9gj6
z$H>u_@}gz$^z^AelRvt9tBc69-v+EWFwD&K4dAHE^>aVcqSbUv@c)(6m}4$Zvfp{`
zvPs_oWx5~5HPizr&ND>X$QCBEW!%40SIC2l)YY*TVXt2qT{^Ysp;?lG-!<AM03chP
z(l9eyK+1b+T#O@N2hGWzDtIU0QEn~t>nWmhK&UHyqWrNf;_sbCx7>R1erwEigV#9V
zc{fj0k)u3<{1VAz7S8HynAJNB%0=9d5vP4R7EZ&$3}jB}a`;W2tcz$UgJ@_P(av<{
zkd85Z$le8CC5B%k2@+=~It<q^qGJSTmCESCl!!l<3hx*imu~s{jGDY~pe_dHLEU*!
z7q5+lu_0UVE3IscAhp_n9^A@yx*wTXo>eG4hRL#y5eV=Dm}$Ey;0D(1c6;UyWrd1g
zt5mK8+O+aVou6}QelnETTlDtbXfw#Cz(jy(BFG#&bNpmJ;3$>Iu^!J~=aFA0K)v`h
zs$)Q$Feyd|QN@yA+b#+=nOwDI7o#M}VCTEUz(JB)!&@kWG$B460lv3Yi$?<!!3Qlx
zBiZfMBh4s))%I<Iy@~lLU@up;tM}Q{cNtFn4%Tq==4+wE9sQWDo441n%dYYJq-cDB
zN>@oOy8S8oon3alo|@>3-VxCGK}z=*g`4B~djrGs;$}8~biw^$KK!YijGUbMX!xJD
zL}oq-XTFZPv(g>pK)DBr_&Ann{xc%D=0hP=JVD1+z!2GoU4Ny)pdF2uB(pN3Ioc(k
zR7Pp=jZ{S*c%W%S`zmNsRhff~RN_@Cgi7+OANDrr@_|L}2YYNE^Al2cq1~9PbG~_@
zgT-re&!p%1-n0{MTe7j#i=xga1o!$fL-I{@MU@-1%xdK4`PiaGWG)|B^4L$qVa)d^
z`0h-G@2bl%sT;_%@g{baOEnDEz<Wy5t`EHTD0pL<>I8*iFD02ACzfE(fG|u&=f6Aw
zh4p^He`znaTZWZ^Ck@AcMv!`CLj4RNtAX{fZ*(tV$wBHM(HWQ{yMnWg&QbXdbCUy>
zCVyyQf67rwnelev49Qz&A@54Gt~1g{IkKf_SSn^93g*b-C=elne`OE0tCAmeYPiS9
z^cfgk0SOz7B_J2uJuF6GYBKvK$2;Gg$CPXk7*AJPOqGKFNz_!b>I5I{08*yZz)YAF
zbb`Meoib4`_YYz2@Vv(xdXwNaX$SiFfQbET&$>etd}k-)(<_J~cRzS|oFpFJIEF+w
z+}mKZLjS%pBU89crL$;e7$&~DlV@s-b~>!Ls<z?q?#5klFg+rJ4iF(6bV?)5@~Ds5
ze*M;7wE087efcq_5ZhqQ8h@YQ`!L18vVFnpy@LO5Jvj_&_qVFu<JB+2BQPv}n)?fr
z+K?;~$Do_Z@*{BIS?$7(h%>7X9*JaHdZN40_y>qw#NcZx?J%;*AS&g2#usw;1{^vB
z-(`s^HuGqg%}spv$a}pF>>jy<?L9FimEglXv(6z61phE|a83p)#PWX>w1&Mv^G2Ag
zySb(lMd-}q(al$J=mx}HmDN-w_^(Q&h!DYlgOM%pLbA!`$uOP@_Y^QDNAP@#@HiYE
zasJgcBb2(41yvKW_uqlYex3>(fw^gpz@k+2Pm`CwlK{Bz^daky@lBTPH-KCt_$aK2
z`M4(X2+pO%Bs4xzM_`i0$2K4X(iw>nD6seX;Ot_Q9wRI%Zk%ae0&7q3i`cHe)_pn$
z_aNd{z81iZ#-PIwm%<N7(hR@AD@H^K=6N+dVpx1iS=vF$?o6;KpNhnXumy;9aq)4V
z{!0=JjFl<hv~xY6^XhU_wA`fVK)i>HVnCFwrmcc+I>O@L<nF`f#`g|PTy)XFKxWSF
zwCK>Ti!M4`VyNIpDF(j!bR%1A1wFffJZL1yr`$*2+p@kBe9sw(uJ09m#Rhi2(r}6b
zRQ0EcWKW~6@;j1~+Vv({rBG(bN?XBWu@s=8oU@XwT#h+pi&69rPjQ+@2>u1YE`emy
zag8_=k?<PSd3*?%EiFb>Dkxuby)?T1o=S?Wzc2<+0q`7Iz(1>k?kk7NBcK^JfEQH#
ztlH8<x`&i6kEya{7!AsV7=0`{zO`){0?`g_Wt(PbHmN~*GNNDV$nnjYtzqSgj+poy
zm1i=8(WI2O$BDlYyjQB_Q#+V?k|vZ415@9vCgbMIfiIX+6HyCWwii!_j?q=4n4J(l
zR82`YCf+BN1E0lomY7(F7_9FmBPU)ilR>VT+0|+!iaYVW`!T+k@V+g9X5azA|0zBJ
zC-t@Sg9V_mDr0mk*CxbgXKJKeU4oXIStAjhHj|7oHMqWPS&HDl7fndS00GQoG5w=_
zek>9{#TPUwz%lZGlxqLdCN_QfI4~{?<~6bJN&fY=A${&>Vt6-2ISQb5$L~35qI@ta
zeVbH!2g&R&$256^#+wjn)~qRjw3R4zvZesio}p;JEWAl2LZ?f9&lk7c?@L5P>{^z4
zR)X?Wj>^-7#E9~wt__$hX)BvSoG@h*opmOX9s_@cWhf3PlP+V)H}K5tX^e~#RsJq|
zAC-|cgDR?IwD9#3munm|@By+JP<CnUFletpb_VYOb*dnuPW8d0?9whdIF+<0<a<>~
zDH)_ci2xW9ny&(yiLB28xyqIf%kvG@{z;C@q)VWf#ld~huErYyLRi4jMrKTb31HG{
z<H&<dL<z67YZkIq+NwOG@^7LtTyV-GN8_(wr;)GEL)!Q`5HZ88Qe}i5>5xkqbxZ|>
z0l~~EP-NRRl*op0RL69vR(~zMa*1Rhf2V8qJWh9AV(x&z^-aP1!_tFI{!PM@QWI0g
z7g5GCO1%1j3sH~OFJ?kz281eWD<WbSX#l?w{QaPYlHL@D#cv>}{&hsRifEhRFZi2E
zP8vzhN$WjyklK1Iw#gi2<5AV>Ra<{Siy7s~c0DI%b)=@w5O|v6)g0K|xn>VCxyXN_
zoYYUH5s03)RT_k{>zkCfDV2b#-TSt-MW|D(wxAP$p$b4NZKH{}&5uc-FVZD}ezuKI
zg4}pL@Z%zkgc`K2x54`%&j7uh?q41a@@@*tU4GioL__@iMJyk=L;8d+cqC@ej~_7l
zJIxuugc=w@j|n<3V?d#k<t6XW?X=vDc!L<;Ul1GvtKPmwHr~=2woY*dTt!YiJov%M
zk}ecmCyUZ{dCO18rpp}C=XtkAPYi6B+|;#Fyr9A<%~~b)+QO0sP^NE8`XeuW8Pl11
z3Pp^3l<Xlf2>)Y>@k45g@#lOA{6L{X^e!mIO_~i>)7OIkG1Q3`tUzVf#g7ng%-W_#
zXxP{2l7TO$wWv#ev5x&zq^9hS8~5j+^8g2)H~x*K@j4jUYpMSu?Qa!l?hpfW(!}gJ
zz(Ve#fmLCGb2<S~ZFn%<?ZsBX_BF<$D)xwdh4;UEJLdzxk<1{L4_t8oF<8QJ@_~oJ
zc!0%-3BYIOB1P<y+tL#a@#6n~1$y{ta(DDlaqy(*Vg5_UqlXFJ|K;>xd8~VS_-cGt
z^l)%ZgdQf{%;;g?#s6jW@a?4T=;7b{Pl_JyUU@uvXnE{^IXz@7>Yg4p*}I~LT_q8E
zu-(Y$;cK&=9-{ku?7ky4n3j2|z0D=_2WA#w^_J@R#{Bj82_$o2bDHPihTlB8+9u8|
z!t(E44u=Cb1FckgznkD~u?W8PVAWgK;RcAeB}MQRCTg?*kb`ri{${dJ=t>n(K;_{u
zyg+|5ny52+G7}&TD#=ywdzSrPD3U6K<u>zlcdsn_eS&{y3hq#OOn62zE6Xmr3(zSF
z+sChJK4Qvq7PV8&b|y)Gu3C!{z8V$imw6L(b@U#qw>?$x_du%!)C0@e28xMH!M{oy
z{8OA|cX*z`eg4cnQVo0q1P-b~6ypF1z;-*R_&335vu+0s-$4%#F#8D4`LgJTIau$0
z!T(4K9b2XXLD~I#gyrQaH4G|fJ+s!jE|q4CjVh{bCM8mYfI6b6-5*I;;Z^vS&>S$L
z=IJvNNM(W_;j?9R2>yo?7zV7;=j_S=g2va1=|W~y+N8Vja2(^m_<cus>yv76u4F?7
z6QCz;9!)nmW_-fV(%`>Bkv5^>zePa*<>=$aPxCXxV?VJAo^bnEDDm^H+i5uU+vq?P
zGlZnD4M^ykonU)I8ATXpH{YDnTPWQkJb4AcUf4Q9SZ0QAuAT~dS@0Zq^6mvwqOV!Z
zcA5bZxLXR=*)(HkG=9^gOEjuhgZFYB9@*BK@N|W#f|*X%tV+S33tha=c7l0)t@jbs
za2McCP+^;qWjVB?JAR0tS{I1yd=#H^*p8WR2MZ+3@uno8X8^*AP9(G%gO8BGmM{1x
z_hf50CNBH&WJ5GAyH0=YS9CuiX8m#c(yhW(CF&~lJ<>*dUb9SVsG7Patm|k+Y^EeI
z#3#Lnj6gQM0Xs;(nAMJmxeR_xL7M(h@SRSFYmL@*m~>wmqS|q6O29~<QBpW&Ygq6N
zPGVGv`AT1jp6dXS;^E^hs$GUwRDZT##~Q*TChd%(QTPL<peJi;pStf899x4M;ae~v
z*Vq?F_YjtRNLv+s&ECCJ7~ODl5iKNiR-I8R3UA_R%#hE->@wl0GSOI*;xtdAoeey*
z`3t)rN|P_+g*MeIG6fIPH3w*PK8{kPgs#PK^9`gqY>1mFzK!5i@xn)ksPVVAv2pp1
zv}t$x`;b#WnzB=yp9SN7ksht&bU_!cndD1uLetNa20}L#=tTbV#pvd3j=Fiv=om=W
zb2?J6yALC2p9SX@S0`rug(W`?e!CJm`&xCa6CYqY05Ji<M!}E;qGZ(cpy07(F=9_D
zSANqPna}8c+e_T^4K8I%3LSg&8*hbLyh+=XIgx!gZ@sm!wa464@7}AFpIW2mubDfP
zTeSE=4u|wj91dRiUJ5&5a+>qiczJRqXfbMsNzVH~5XjaxLL=*NqJYo9*pD?5Uqdwc
zE=gpdXCOb{L701m3&NG`gK02J_dGyOJwl1yq%u2Sh)WX8f_gPdlIut-m}IsHrH3(x
z)|+MgNa14i+881e&jW!6R%(m4Nf0KMi`hR3OIUC|o(``768?;l^N=zz`?Jne+?hp=
zF>1G!@m@g`soEt**W;0k*1i7<hcQi|;6K98P*XIehJRxz4iQ-kx>w=w{1@N`B5+3E
zD!%KNg2aj*0w#IE#MUro4Ve|@^g(=FnH<%hB5;0gWaMAn8sje=Lq8Et5z8f#0c5^`
z)vqP8Z^yWm{a83mQ)`!gq&zDm7ExiqgzIc3qdTrR*ngu{x3?(@CuWStjR*#W@|GG$
zjrS;T6pw9Vt46a{l>N<kLf|nePafk~me;+-ej-gsnR`r|2N~Fmp2bXJEXIHA7<0ld
z<SUY~!f$bJvKV+3-|_6pc933j(+<*`$dku31;wy50dM|#GJxA7!MDvX8u0#<Q82iN
zn@NdMbp+N7ts~{LV{un5LGxCV9vY7F=b8w^(@;dHD?s@t+r5c858%l*$lcw|`ZknW
z_+brKjmI=mzV<l%OXX4p!SFu7M@odY5n<UbAf5MVGYFHD@_oNn6&gSl0jQ(_RGB+q
z=*nrBeP35YX@#ccaj&9cUP<1H@;~itGsikG(NL`1btL9KuE_a2T`cED$N$$j)RW92
zssXF`5Hct}K<6@=2b{3cnr8IOrEN>1<sdxdSaW6L5$?Fn9JW!Lr;q|Xw8x{lTW?`^
zH~tAX{EL#z)<UzH7_<eMg@`x!<$-!Jh^rUh((%%U0{!`%YBL1qn{(vp7@`;uEr4ip
z-tli@$rwZA^3<zL@ZtG4o)9A05gC%wq&#6T@O(g|Onym>U_$zstfXwvTdQnRgSWwG
zG0CX6o<mM|+w3U~pl9&o1q<b?i?D(LnoNCw77@|n+adUp@#Ho85sO85rqYfbHKW)#
zDD5QDu^?+co%0|InRsP9(bq=G&?oZVGJtflxSJtUs6$qSEQHjYwNda@^HHh|@ojR9
z7qR&Eqnw?Pg<}Jg7QsrP&H<eMNP2j8q~^Y^sw9|{AjQr=W9Su(!c$Iqolf$6PCQ6J
zw_Cc@a&|GOkbQB8g0J34_TT?u?``0tD3br--LOd(2+kq`K@p;^X96mTf@B3WfrQNJ
zMxzj31U&9k#KTwE5L6Iw6Jc)MGm7~Bc6z7y4!$7Bi-C{?5Fy|TC?WwtW?5bWXc7X+
zK2_B{voo_3-V}e{|IyDKo86x2uI{R?`c`#yH@t6A-U@b!tXoRu@K~y}KU=DR;ix#T
zjt=PJ_@$KLmmX{yVa`lf%;M>S=_u!-I62@aI}cskQCuAC&^su`71}P8Qqxrcb3ly0
zDBjz|3^ZMqlr62KL$%ntjJn$M@Eo@AdU7oY#rN^LGqCO~X<2Y|lNJuKyl9Xu!+Kl1
zv57oZE44wb1y@GaFDM8PgDT*l7PQ18WQykz9;l_?Qu%L-Ij<~5tArw4DaJ9Uys@{A
zYTHM#qhs{&U7>hX6F+=^FusDkPAd&v%hoq=JRB6OS2B&U<8+oy@yCstzSDX5RLdE>
z7I4Q^yqs+bUUZcIj8wOxmWyO~C#@8yon2}z4Q-;fL;K`MUvH(0AK>9$?97^xc<C<P
z+Een5&r%Q<{P%v47mozLdx*$t?Rhl$9?XY7p_C$a`*4v-UQvcwUQxp=@J{jpQj{rS
zhII6x7pq|gH=!%KY1r$`gC-KVdy~vAZeH~!Q~<vgl~O``H#?iv4t!D``4*s(0e53L
z9uxFrmh*Z*VFT^~f0>-o2^4GiTlxUedn>Iz(OY8{u}A|QIOI^5>Hhkr8fG|`zl|Vp
zZ>I04Lny|00?iE`Wk@8S>X3!*bxa@NE_e<;)AmxBLD~((aQ*0Qm6bjYVBsC)z>fo5
z_*eGVc%kTB9%9I4zuZgD-X|3Q5>HwC7-T5k%VP|k)fmHK7Guz56TIEr5-pD|jMF8Y
zL`4^h$TO}Jil2{R9hbgVf(t-Jku8kDg%w%StqdHdD!~QKN;av)J7EricD7ia&8$1h
zVg)`PE4U7E<~ugRgt;tWur8hj3;=6y7?XvpVG)C5ygj)Uz{;<M$NG~?-q=I<*Jw<q
zx)SgI4dk<+f$)jPnJ@;tKau6b(wJcN8sl=8$-q?LG2P0k!GiDmIPKV|$vEYhL{<Dx
z7?~@x@D61>e@V$7<0pEtr~&%b8PgiALeV)bc+}ubzDS#qRy#&YrG4Mbjmj?C%Yp{!
zxT^|-1T5s~@!#qkjkg<*6^d;<V8D}Zlz_q6@oLgdRKOq-FVIdTE-AX{^uX)d=~OiD
zDB-y4xwKQ>fFk6S)yKp<f!hI!8yr>Q25wMFD4)yVHzjPK@&RK9i|rN-=6`sECJzPi
zZ-Q}67(s9X8DDf;8Sovb&9BJ95#sCFjf$bhgO-tej6JaAU5oTJg1f8L_A&$66hNrN
z)2{>B6hXk<kR(CA-9woWJ-kSXQ_$}u$kbR$Ri^O%8sU=zt_tDhQaeakz}6OhurV;E
z36T!YYE*&jv<Q$jS@(XRk%rx24f>+ae^uiV<J5SBh{h!s>|X*mu?c8fa(P5TgyGVr
zv|vP{2O9_dcnQU?DY1y>bg_t=*q(}HI=-9s@dQ{ni^U;!;Wm~e`Q=QELrh2%{SP|u
zj_K<ki^L()BXJ0PkKzzGC)7B^zN0)2vGXX!A#&ljM|f;4gPim+l3i0%aKq6^yg@LF
zH;g%IHrU#DLzX_#M-E=D=6U<}W`b6UEj$Aw4j-xaW5WyxcG2X26U9@>LJb(7owkZ}
z7lqw~`2&(bXL)cYDJp(5Hgn}T(Yt^y!}a6F3z%z|RV{xokDPz+i{SW^bg521m%RfB
zZdWfvnFC?_DrK4Q$wAjz;pJuI@#ku!O{e%@wpes&WXz^1al?q#Lnrs4SJA*>7H_fZ
z2=h@Lk#&B2BH=Z90y~Fh5D_JHt@uL4>z868QAy_ba}Rp@)jSJ^&fZmK#NWcEGa`5c
zMF>dyUk4gLH;4^r&x?J~%0=>gZTyF6l;D~=MINHkr;wDNpm)K7!?+)e8!fKg$aaxU
zC!H7Ubyz#!rIqB?gDzxVea0B@>aW%1mtj4@j`e)(<SqZEWAl?Z{s=bKY2uuNow+z|
z*_8F-lpV~bZ1Dtb<^$7mqwCpzgtRd8uZx&_Uv?|G_fK04?){d-N^ZhU-J!2*72lrq
zc8TKJrv?Yrn@$q4fJ93RZEgiqNj3F~-bvs&Hwko1ELg+Y4cfep84Wr&9?#AJXCzx{
zgl>$%U2O@$_2%tkB3n7N-&Q*oWcP)CO+*09cD`KC_LZlFp;iVQplWF{)LdAPt?fm>
z{!Yx4pZ>hYiQmzSIq{QQ>ettTt##=@QFs||0UW)U@bb2we>1$CdJ=ef^-LpPPCgD^
zws8YbK~cN>>`P?eZ5%J3&GE7wpOi0tS;5OT175zeS-fnMub9j5GNs|#RlMBeB^58n
zHjkH+IbL?0M!dYm1TWiu6<!{6Y`p9}VZ2OBX35Rr<&g|8<1t~Gbw8T`=I3>Qc|Hfs
z$w0P^CJf=_Bp}ieg_rX<UQQAM*$gj(PO~wz>}duqk1<Efb`4stI2Kx-%+Ru3D1Nm$
zw7g73%WV|2Y*Wy3WQi@+0GCsnhs%3oP2sZb7;t%vDPFee@G_rH*F3MCPR-%vWEC$v
zP7*I)c@lWpW`>t-$HL2e*U6o<>%`lNKw!})r-qm5Tp5rcfXiC6jI71*nN3<xt<|ju
z__BhQ+#<*YhSC=4*K^S@Infj*PiHXMZVmoZS%1{v;|C-77@#p3TN^jFHU!BUe4J;*
z$5)%<;|~>l{FV+M-=N^*S<U0)M0x5JdVJiYD1whukB5(sD){)22|ljmD>rIA!5<m@
z93OWz!^hree4MDq$2S`Bai%#wUZKOs7aQ?$A;-rmI8N7sN(X{TMPEg*@)`vzzoTH~
zbXxR6to+F93@bklSQ#Zwh009swh~g7mLW{8TTjbkMoH7@`dK=Nj9Co&?M;(e#zdlg
z^V2Fm&QZ3LYKr$itpmqbso=P$0*;IMWOgV^Vu|uUdYZxFyTUAs*1^}9Q2c|V!|HsB
z;NsM9*ff86f`X4PGr`B-9}6ER$`zLaW-Qj=V}}MGCu{I=wt|n53sLYG(DBFyCGQ?^
zaSx7*?Q;23DlSHx5o}){jf*u?Rl&vnXk0wWfQw&XxcKei=D7H06&LqUf<Erl;bMo1
zi<5)nqH$>=!^L(>bj~r;L2-u_ePiRe*rwp(cXhb<WfNR1H7aueHLYykd;}JEGr(d8
zz~ZS9SUi@GyS`eQfWb#2z<4?W<FO?wFiw;|@5X@fEln|q!-Cz9jfe5p;Cm|x4_kjZ
z79QsLYQKH__|qwPqws^6r<Up4bxo!(43PLjgv3i*5#9;|CN9^Ra(%!{nnmg1IH|iR
zv18f!BxR_v^t9`FdfE<}c==!#3vN%(2H?3-v7mC#|C&aOFH!5JBhYd2%EBu_4)~e?
z2NzoPabuR9hFf6}2WPtro(zpQ!6TVVqhohVpHQ3Y6;^RbeiANm@71<JRH$vmSe0%g
zy||>GpQJp55JuVqV#M@&(FUHxaCt0GhwB#0)8X7PEUls_F;<%ocMU=BCYBF}*v7t6
zD7r5`LI$q7FEv5nHyj6nFVo>nJpx}Y6t_|kxGRPaxU`e4X%jU?66M2H;6@O8b0KR4
zK)Yixs{}w?DTCpZ3_|G7=8Pn|5f<+e!QwlF;<!lgI?Q0WBa-Nb*$tHFwz&l*x;ccv
z`WA%2J+8h^!S}tg(aM0ok2bq;l#j|~Cg_`Iw<VHOR3jAk)@HYndSS?WD02+}dA||E
zRy^?>mgg0ap-FH{*C)6gBUU}!9DEOtJ65bZ1Hi^M-vNNeO$3cWV&0|{G=`0v2pg}@
zl-7V8D)3klr_7~#jJ(hgKQ-TH^qLBf-!wcAPlB!+8_8sQvjvwYWHKh8fnWva@N*7$
z9$L>PH4hEX*8oIJY<)N-a<36?TD@fhlX+>qTX?@xtiwz+PoQrMQV*cT2VJrvZecyK
z@eQp3p5_ZuXpV|Q2+CP+4yflZXmIh)qe>bEg^jtL&E*LhLUFks3~vm6q~>AKP+)_U
zxpr|QN5dC1YSHl7HkP{6CW8MxoM_xXDSD(j4-zlm-Cdiwc2Mqee^kI2aD=FcY4Iw|
zUDIIV+bDMp*f6qD#l-*Ah^qpMm5{MV^<QXcaZ}KYBiwH&BwSnw!?WqQxOl#HfTT^q
z*Nu5<c0|PpywWxYpVs0pkQLB(!TS|FPSp3%BvO<9@B|9RBe#?kGBtG!?bwy0MDH95
z8&ld?ojmDzhK6T(QfgEr%;aq^iSS?$HN46jglr=T*?JH%y@2UeFIj10j##o55IY!9
z%zacz5Sw>IlOV=Rw?3*(5X({$#QMM=nAL`WI7i75%TNLF@DvV+l^GqG%VRkzwrf%G
zh_GgSBe*!l5HEJ~e6md4`aRPY!Rlk<;rSN;R;*)qm{|;FRe890uR<vU#UCDy_&*-0
zUgW6QBV^Z;V0xr<I!~YPXVuL?60g4;j)J-E4s$#Q#*zWuD-ILTU49(_UCg-A0o|Dm
z3eX+i9+SHo2pK5kXKEtAw!^04&Ncz+Hr6pxUOKF7=HuB{`*qlMn;zTZmWM3qN4gPo
zN6>%ROoc@fxi%Y6Em+Hc;WllS#r0N$s!yOwCEAPiUVfORaIFZYz+duH#TrC=xGO`n
zj~|M`d@Vhmjl^o%L7LhAza{E2vOp`KB^#C{Rr{(x_N}yMN|}j>!W?*>)iC*-U$B3-
z(W<w@EtTp|-(v?`40a~M987de*_L6$#g^aE?p)Ov7M#Hj&*ZldmC2im@TfV}Ug_{Q
zo}iSmf#qu)GyZ(~_lIPT|JD0L&X{SwKjih9r?Nj}?z5I=_J_Pa<Invef9?<YbAO2W
z{*akPf9?<Ye|mpNe3E{D$R~IGxj*E8aev5TkNv^+hg>)9So=e&r=9fvkWuIUukH_-
z)$w%f4|#Fw>E0jmaQ_q7AJU=apZi0OwLj!9_iIv1q;|~TIB!=>^!^Ydo=*onKlca1
z^O+}t=YRY7`2%BqW&GSd*(83xWAe$x&wmb>#?SXY_`Al>AA0at#?O)7KjY_r#?SwZ
zpZ^&@{~hAzm!74Mpa1Z;KjY^oA3sko`ag@Gw<$PQ{QTvDQ;DB<I`a<~KcATJhmD^<
z-1~U(^G;0-|9^|054l?tKVN8Pc=m?xP2%T9Jd5{KObaqRd(3<gci>Hgtb^!`XhgQm
zYb|oJ8}*d_8A8+Semx~LjW?(ai;hoYBm#i#wyro9m2wh`VW!G8HysY+rB{9*fn|S2
z;x&QJ)gJ%lcp*+vOaey42j1%TJ(R(Ba1_61Cz-t6qQN$q(;iB)D6vp)drb6uMG<(s
zsP3QOEAhwKZ~OrT7t!wT0RLnYBw5afm!NUHI^#AAX)c>H(?4)D^3qO9vdH-ne-S?w
z7Grr5pE+ZAYMr0{fk{5CuiYlhSk?yTt<5e5+I-lQXc2F*O&6^z!_`dRGC4*`X(1H<
z-Nyb-vI<X^o+qQyd7(AMdB?yMnHP`8XWgBS5c*z%KOTORHjC_Xx0p_LzFHBG^sIB?
z)zmn%nD#V#L`&*|vSn7(mkx|y`JGN#z6XBnGt!wP_(s7ieF0zP+ancnaD)Kkaon8!
zXrzU|Bw*h?=UUS3-r2#oVj~apcZ2`6uyYv2%H?D4dfy^;$8%HtXJ!fWFOE@Su6W?7
z7#L+0`wUYLJZ(?+T!_*S3VY=z;*W$QZ{*2Ybbh?T?>xYE4eaQ$Z*2&nD@~%)Q*EXL
zLfU}#ua~K($8Qme544DmQ>#bIKZ$D&WkS)THqAg8W3KzD2C#EW57Dva@}*N)fQj~b
zXQtnL9@W?CPUmefKWua;>_D<bSK^oSo6i@DeXU49Zi9|ZZH4hesCQZ`HkDs#X7Jjn
za{|T>?`Mr;L-&e0bbTGlcbp8G(JQKGiX77^4daK%&Qtfn)9e+B+sD$MdGP036eb<%
zyj|Mj`^6f(*G7IJ&XQrZ8J%JZa+yKoVqaFg3ITIj!4<y4AZKXZXo~m_#|Xte36~W)
zKY<_m+Pv-h!kkIBQU7lT(k`*#1R0o`wpTkbM4B&#DFRk3bQQZ-V@Ptkt(#Enx0p?l
zOX8ZDBITMXa;q~#UU4UgNDYkgola4B0^OA&Yn<sE3E&)=shJ}!>6WNuVZJ>*p_}({
z9=`%tfmVvtfx@F7z!3@}*oqhcwWqkgfYd0{;qp7#fd=TGf$z*TOwmj1%6r`u#AC>H
z`RH1KRyPj(7=w3`fgckSHHjl9GSKb>x`SkXsp!8Um0f#PR2XA6w%b~qz-(jfZxM><
z-f#4tH!~k#5DPge{Z$Np->^PXl_iCO$zkn%F_C!p$fL$8G!Xe}U8q}D_G@ZM2p=&e
zK|Z1<0Vw$TNOb&kJ9jdU7~`jr`qa=Vzd;7$qyB-zU<O~3B~ivQhDdI+2Gi8~qoyW+
zQF_RtwKs}d#48JgVhU8@B+=UwwlHQ><y?`hZ|^|KimaTWcZ0Q=uAnLBMZO(tiLBLW
z3vT89HG&3>e?6Z0*9b~X{p-j$J{QX(S0Hmh62F{DD1Mc#cS#}NAuGaq5Hw$X3*j-$
zPsZD_o}}<Ar43(Gua%F8AJwMu81hl0l@CnK-%9rZF{L*fFiTLZqx<ge7I_2H%;qa1
zNQXMK4~^ySNKsl0SD*z`nMy5M&_IkFV@=!405mQ_lxP`KGnRQ5hS}FdV#)+bPIy2U
zh-WoT*2J|<<iN=P+Z7@!tct=fIvc3t3SWRfgExj%|G-S16OKmK6A@#eA9O#C7sDCF
zQ)%cUQfd`uthT5~=&KlweM1@c_7j!@BEx&6$QCM1f^ieFYvdU=KzII$iEjTxwC|($
zjpU{)5^SS)yq%-_p6z;Qm{5F>^aPKMj#VCz&-<w%9I-9IuZ}W*EuIVlcIb0-7RVqJ
zU(%qA^}WhE>_}Y6TAE5tZIyrC4VB^2QYX@DPx7AE;~}J~wf5f#ru>>PEn2v$L}6f6
z+N!i#*?s^Vq-}In<9<0b1}{|{lAaFs68HarLCjEfFRhfcoTL+h;H_bLQ|0fQtOgNl
zzyofe29<FU;D9xKRv0ZzB%;B8YWW+PKio^Q8x}~IcXY58`2QKsC;6wd(Nid|%pmNI
z3x4|m($6V>&*HAkcF;VM_QRivB(lCz$CykhKMC`DGApvr$A?gh;AblTOy{2&{8Qwg
zdHi!2er8r?kEYLx?0YQovh!I)U>JxD9<T3TfNqQY)}X^-@L7U+c+GnW-fvU%S%Xnp
zAGr~RKG?B|qB^&unu9J+TTH$KnBgJp+kE(D1=EVp4ycRN;m^ZEYo#=dv8JaAMGl$`
zBk`hfW%#$suL9RI7vM!cbf!+)2E0&Wt9;~8gIW(50~*;Xc7}S#WOB99hts**QyRE@
z%kS+2NxHj%o(^6_Pk(MPJbgujW?^ayzTj-YtEYmm)AAW$)!+;0&F&4(K5S|qHygMg
zT+LRmm>yuyWFIm-)AJC2hUOM~D5KW!P>)&`+)>9#KDQ<^8o{|uI?ujGSoamL8IZT!
zOpbS`19*m^?&@E?(l!VC9p#nF$%h;0O7tZ7M8|x=niz{bAPz)UIndZHXSF{ZmV3Z&
zp`W1^c{cooj|SjT?E&<^r$2s!gZ%Lt)gK>y?eF1_H{d9ptUq23FP(mWy!Zb9Nq>CU
z=>G+OJf^<kf8HN|>8}41f4s7`;ZJ|uVm3ui*dOmX>JR3Rzc%tuf86q?KYkkgaraGs
z`s1g`AKy3Z*ZAY3hacY`pZt$s?T@>M{jd4sbw4-g{P8#X{}%rE<KO&-{`jq%Pu(A%
zv`yoWj~IG9fBgQj$M(lN4LwnRyvNwn<c|+&ZRU@!{C)lL>1Uhz<7a36G5ql}x10Lo
z<90ObkIzUvo<H7YYs4QPo_GTO_}(A>*#3B+`sDoa-0M%kAAcsu{PB_?^T(5yfIt3W
zZN1hX|0ovx@t5H@=8wnL)zhPmiw*v`a^F*Cz9(?kg3Q5uUs^ief9~<$mS}dPlgD3>
zB>I+vH=Dm88_z3#3}rUoEiDtJ?=lC=GpoaNhmllu({NGBp5xD+<Cf~!t{p<J=Y1(k
z1+R!L%j9>j!0Vf)EP%#KNz7|KQV{QPk_RNlSPZu?74+BLz*KNMUb%z`8`5{0i<fv_
zb%Y!kkZ|x$#UA+jSvuf-NnJGeB~5(;=9m2M?;FCQ7r7nM+>^9b{v?;*leAy%EH}_S
zNgpkW(cGs8-OC)}mYOiKkt?lWXR%YB)TksFrDsGbFp2Uia*I6vTnF@iraQ0@r?Vz-
zk-ahv#vr#uekR-$_U9Kt1v5bj@mK=92g;qQ!AL^UhRAJK*)xSA8%!$DlKIc%B3h{%
z;*pwU%T`dHi`7wQ9PwOm+cU%!WQjk!)So{GnSpnf!>`Y{TYi;WT<a~w`|W8yZ{CX%
z+ycr<$axc_g=7k-;b*Q1bjItfv(wQjmo0RideK}|X?U4DOE-R{_f!O6_*S1$&j>~H
z==}n^`wNrE7CPhA`b4}FOndLv3f7qR-Ywc%$T$xoqq}k|BWesD-3!dGYl`3t=u-Xn
zYL|kSbGbm?&b{Oa=)o|zk2u^wr1Txms49iP;7v+75b6Ri>l(6`)DswCdCvur&IB(F
zN80uEo7s-;=>nN}#y_AwkQbH)kwQBcYX}s4CMSId%1q$(OJ#~~7*HSDB=@|QL=ak<
zDL=E5$zbZj7z<v{b`<5!K5eSqQqWfPUyU;u(|tw*eFcK(TVV$T3&TX?lSwDXgo26+
zVDg(StwR-{T=zywfaQMs-H8SftzBj<aAyniS7i%JL0*HYo8?bjC|(<JKt*ZFGs1k3
zc-(b5YNh7<|28p<Z90Zo+<}kT`TtYi&ytEU<xC3TdHeF9blL{wr*Bz)DgqbViuit5
za+Y6A&Gk=l<lb^1*Ht(52E{CAN?VFH7j$;}ZBAf_hr$am5*}C00yI)tLbjZ?A$7Ay
z`fnbgj_RzLyG3a>-uMg@2i;-CkI7A`12k771+ZOrAg7~8YVb%eA~CtQzznRe5mQ!p
z0)w4`+qb>OBW;wgj9CoS(&Gw7@YC~dY5DYRI469Ele|-TC5+I%j8Lfg8%`*H#Z@U3
zucv8r+>VUac4RE?$TTHy6$UFE1}h`DmhA`eNVm=P1mOQz<3TzpY_>?+VblWP<hx+$
z4+-~V&jlHti=}=l6;iUN0as@NoxtR|V#_aqX#UCr?3LWPU@qngDFI9%6Xw&Ect92s
zbEq-m-|%EOypB#DEw;kI>dZ6Vhv`viX93cjdicq1d7ogFD8&a?=QJ7i+q3}vaNO5s
z!D~2=*n=SEjbdPGGY`vS;9)S2qk?Th_2Du4`w%g6u~BR>R&6sdg;$ep(N&Xem%AwS
zl<%(R__MN9jwUo&L+I{-=KVX)Yab3&`X`(BPxG++$UsilCA*K=KRLR8$=d#1rPQ-C
zsPxYt2MrL({(*K8<s&}$M(-wdKjmOg;C4HZ_X{YMBNQL+-xLN9SK0?(#z;Oi8p_C4
z`l>mUf<J4NKLdGqvvdahR39nDRRaE}UHMaLCrShCatgGL-g=ox#uFI?O|d>e@dMe^
z2l?QKF?2rx(eKXy`iB7hXT_K4@KN|D{r$O_gJHlx<%<4Evd6kB4D+@cnu?rvcARn;
ziLY@aP-ElJQ^SknWyX3^+T{hUP-%}K{fKs|#W2}FAqjs2tv_OvZ>=?0d}$Mp$EfXT
zDk=_pTT^YRfK$B*DhXLkp>W##g-KAAd?i%Ho}kr;D$yrf3%bg;>_I$fb1r288+t>&
z4xW{VAE^(^S!TsOu=qJB2|enTR)k{lpEj}tKOp0$e*iFbGXLWJfa9k@>PU#PXg%y7
zp5*&6wjdp4(!UUU^C`Bl5EUw(R|lO+0^_u7capT3Mr7IcB+xM<6x;`H2>YFF|A2?o
z2Xx&lf{6|~&Z5#UTKCKMTmtkz&;Z@L&8#>Nix)u&IE22H;ot+LH_Jn@_)i=8-yw#v
zpPdK&e3E~8bY6`9K24Qh)ZN<5q*#QB)YF9yMGBJ9!SJ?bY%%4VO@8=dQ@*{u+k`Ps
z!L#ze4@1WuH7hQ};_Xlp3TXJYem7&)s=3gg75vNMxu?>fq!Z}R2i;BkvpHx&a0NUo
zudj#xEH*2C1B=fz_Q%S*aQJ=b&(A^jWzYLDhWkpi`V3v#_~53?nj-dVaK0G0$4*li
z*n7!UsLb%O{ij8jjk=8MGF-Rh#zxw&>azDTny43l!Ct8Pm=qaPEm8W62nRzUPv}Q#
zI6`I={WTE^RbnIbH&65kO^YRZeHVwijA%n!u~n2>i2fL|J>Y-+4LTzRK4cpUx5@`W
zC`CUD4p$OstU3CHHRr=Wg-?pB8Tt6ZHK#@&8|}{neX-+c5l*r1&_z@Y&5QwcrXBX@
z@vEsnNF%m;zOFx!2DJUD*7XNTI))*ecNH^aDeuNuH2sCi2uc;L`XO3-gF&}8vT^?b
zA8$p&%uqLc^>^2e`sD5rD*dzAmd@EU%=2eeYX*Hj5jk^qH7nYNUl{rGi|Na3_R}`%
zeKmE1`^$}kkTkCKTQCYirWu9uxT|&K?dhf?Z%en|p1g?2WLY?UOjs+xm6HnXO#Rn+
z{4=oX+~QL2#n1uJTHq%;@MX|mBSr-e{snLxxPg`OSlU(Gg7s)CJy@`@BHLnBTGHv8
z9B9BHw&*X{W^_vO_T~drhBU}O?5qzLl@@dq{fkTtdpi{-WLV17ecDs(97A&ZeiP6Y
z`dXEbd?q0<Aw;PO8cEfiK9meIBXB3h+vNi+dg!otFB6ORdPkAUMvn)%1<J+k|Hy_^
z$qR<X;Hq(fV<~Rh3b`oG0&jH3TF&8Hx{@Ptn@fQ1R1gYw{16*=(%%}R(7G^5e&s@-
ze39(x%VJ_}m|Y09mwWH1r&#l6xWNuSFM10IVCLeTA5HAR(@>H8>On9U0j1ccDV~JI
zKSBxH*9}d*h%vME@Jr|!t@g}P=NAYtjb4)R>?Uxhks`cbYg%8Y#d{v>6OPtm8$)?H
z$zq?J)Cs+2f;!1bw&LTpjckxKhcxwtK}u3)j?O<2<{t{@jm1UJ713z!PA81nJ92EF
zRu-~)>X^0okpU8aW0*|Fp*iZ9P1<fUX172^^4$ku%!Zp4XJPUCP!jA*F7ArZi|~*9
z;&%O*m0(Z-B~8&w?9{7fMh(xC)r=a3UiRt7P6=xy<Kv}Aqed;69c@+3kG2|95<NoK
zTmU0fD*xzeWzhkR@!L$gISL+@$JW3o3^FUe3X9)_5{fV4D6~@lX)l*-V?&;Jlnwc`
zHvo7%2tS5`n*DF_WqLf7uW=1L{{O_+kkZ-V&Ci6%m<}{Ide6_qZJ7hG?mJO(Kn;w7
zzGRLJ?meXV{m@?Z*+&@3t%zhg%WL!%Q!U;K3?@_wOKU=l<-X@H*6y!Ls||M2p4T3H
z{!rBUWy%at=mZsRZJf3Qb*aVMW#)_3T&ZgK5Xl$tzsowb*XzohHYMHSZBs!S*&3=)
z;&91Cceak??|6RI{%}=jtvutr#p-%?M^UO5{nsG+Y<XW|nPI*{dEGaWC(biG!QWq)
zK_m14JW}avvU}SvjDa6~O|87G(^k=5_+`tsweSy3^lksR<!WhYV&r}+c>k7KYT!oD
z_TG;6==yc#jxv*cIJfk*GC_QML{aML^aN<jdXq=0(@mE2v{HH4VN%RV7NKaVsx@Jj
z1TMCT6kYZ>?QYi>LSP+~`bQ;B{}H24(n#l7z9UKA2Sw>~PfCdMODMu~iSTq8<XWaM
ze}Cv~+Rr^RowO5G?h9GH{mhiu_)Q=H(mt+^zKou1Te>!d*{@^a*PZ^{q~cXV(G09Y
zT}Z2w>+1QoUrm&^6P+foLR5u_mfpc$E@1?~5J|h4LU8-ff(HJ94Y*z9-v8qAgtQ-<
zzggeB(q`zNntT(J`k;~y(S2#lEAvfuo|U8wxKNA{WPg5A@dlwdIn36{?Ar1D!9wHv
zE+5~$p)PEElOyAcNFBylDB4HtG>q|A+A&@iP1pThn!>>j>UuYekE33t_1w)=6?~gE
z2_{<-P%>$F)=c6yR>dbDk`Qb{(|}trJyKYHtpiTN_{`6e49a6U?b4*_7_Q2cDns);
z{v~WqhrQ!6r%i=sF3T3?-viCOYt~F%llFWh7{g!<*`%=CgSWZF*yhK4_J^^>^3dz@
zg*{tY<mu-w4$G6_ADte5YqN=>o_#JT>Q}%4l>KJK6R~(3lmzc;WC);@`cHd#<z|E%
zb#h)UgBuI}jq7cjQID6vd`+YX1>LNKSrrL#GA(zmNTm3UQm&iD_Ow!bJ|3Tsm+O!4
zUD6=_3Cxbg();pNm$$O$<4-42-<)Ra+jp6<K8^-al>?kj5v4jnhH_l@I17u=iPCa;
z*b!!97-TC`*46b=c<7ua{X<%R#9069-L&=BH=IEIvreY|fx7yiIg$D=Z>D~puguX4
zhkeZfn5Bm}fEi1Hd(b+$)}6WjkLziA)CxtvV3mrgoRBRnEoL+1W0^kU+|sumDflT@
zjJV_e$>rg^#G(ym3TfKe%mG|*$cTf4;u*{aC+pScn3CMcT)mIY)k}bioZ(qgY39sg
zWx8ha`O15sY}qGV5te73$)@Q7Hcj(jnl|7xrSIMa>RjEBB`hrs&5<Xi!esrb6HL~1
z@Q)sr-nofkq@NEmj5P8k6_#$>XfjjRbb^_>@h6zb%gu`4#o|P$Gx%eZ2A0NcLRgCO
z9_-#^+)s{5$)6RU=&QcQSD)c+@2j_iUnhK48w^Lz!w^2HB{dcOd>ee;4n{s$1?5t0
zaFrH6ot*qUbl|kePm;O(WF#{AnRMXyl^@Y@a`KaYDag;09YKB`>u8jpi@#y=^HB|x
zpUy9+^7HSnO$6l8jvydUga0T$Y*u_17H|66C_fcnHzz+R7l}=g^)29k%ckb|e?0b2
z-Ot%St{L{%YS=H#-|W3FS^_dnCBR`W0atZk5-@Rpv;-8JO2Db{f0Um8XPhMeFGl{i
zNB*~u;{R8i|NA)qpNsJSOEdnrNB(a|{+kuwg~gkoB)C(@|1TB(X9)9agBL~e2~KW)
zzqI$X%<p7#?v6f-arc?Mzwi7Wn{aac9o7x_`%ydK@B8hH{Pk>L{QYVV<8R+*RQ@ho
zZ^FQL+5rPUsRsVOYE~S;;`;T*`Tf)S=H~ZF+W*jL;csd)_Ww+7|3kmC{cm-W_CFcz
ze_OQwZKLde6}SJpx&41CV*l5f+5fg^|9?RHZ&v&+7AICk+5f8M`HR7+2#d#v!b4@p
z;PCfB&f$MF!{H-Z4&NWmVPG$CmN*P;-Cd^eINhAbFE|*FzY0e4*l*5bmcMdJe9qVL
z`4#)g@wwzLz~?;z@OhVD<a5zl#^;0}<FofkmCuL2Fk$2l0T{Xed*JhTX2s=LoC<XY
zw`%#^WvxE^IHn|cj-KC#gquo(@e%!<j}ux+fmD;JwA{y>Cozycm%36WZ{7t0FlDaA
zdsj08(4ZB7Nu~l2E=Xj_kOdCSEYBD=+*}5pIird4y{dMh4Cr#<*ggl$g{#)*Rh=6D
zhv@kqcar>fBLCYU|Jy|Ie+{LQ%L%(U|DTBP|8q0`w?Y1Yhx|7yF2~~3HO6_~WzF&U
ze{%YK-_Fyb&qZ@S&rM)+UEcZo>hlG*ljHN8^MTK{1mJVHwUN&+tY-7vxs&nv(Gr!<
zZC9Hx@@Q*dWc;_l=Yy+Einm~~xZ23)D^@q}&za;SUDWv)`AGlh(iB!wpIFF1vvkkb
zd?V}66}~-GV7^3r%(eV~pQFo5N;WL#Zck#|zv(e;M#BGSep0WqezW|f-R(^CLdq&l
z#H9)0-9m5)<^Px!Z^hz<N<)59u#%;MYzxF#<nQ^HuLA$K`AIt}OcIc~BK_ZiFDjRt
z6<e_QoXY0%ldP3&Y94+R^It01mpzZ3uKc9S&NSs)>k1Rb41{N8D|T#8xk>RwSlqwD
zkk6A=!B~}o{c-XyolmJhCz7A^_qL|}>0?IlM1-Mf;F`*v&5DO&@%VB>fBsg^x-i@i
z{Ta-^c>KrDPZB#eo1YZuq$)Q`QaW9_t-OOSPbt}urxe$j<taV%&lqDo`$Y4V$`T`L
zI?@SEVi51nsdr*T8QTwYqWMbm&e5f&e9-p9@|FB#l_ez`WrqdxQ1IWV>=35UjrQu(
zj_N@0zUpmO^pI#WmdwV4Qhy`kf?M6RLnE&`TbIYQ+HqoeOiDjxZ9kFTW7xnSIx!nK
zWTukOcKm#%E6>p-40U(txYF6tOu~>~n=iy^RnmoaL@{V~giUHrh9+O=82L=kpRFVB
zQ9(!E6ydifPc_Y|JwL^Krtt|%K2!Q{md|v?vR|Li^j+)IozGO?^Yr91CAFq}raL+s
z^O<h{OrOs*v{(hr-!C<>9~}`DZvekoUb56ApQ*kT6u0}#n9pSW%q*XYkDoGpQ3*|M
zX(y8Qk&@8V9h<|Ia+8#%8zle+r8ZH@N%l2_*?5JbQ=5A8)F$nCMdQAMEn&2lC~M!+
z^3XeSj}A)C4#PCvXpnl!pDZyMBz#|f7aT&_zLX8`=tefY^*%7LKC^e0;yd3$Nib83
zotDVu@LOmR=4<@n@|jlKDW9obdqY0ctBcM2DR@|Z20UunXI8uvi@#mmOg>ZTVtqc-
z+=pQt-(Gyod?sao35WkReAah?pD8T~H|0zFr3!fhFb9*Ef~ybV1$vE(nE#MgOLuWa
z@{!&)<Rhu}ftv@+L_$4i@t!47CX!xXi_Bj}8j_HPBt}C8=}{{@%U+^4<RqXXI-ltO
z!F(gH)9wjO<_SmPsDz_WA_+&|s%nj8)cCU<Zb@dBQM$^702+9IZX(<8CV8BleTS3S
z24PQ%%sB(rKq&eV(~kTf<6wuJ5fZbcRILihV0ke=QO_w;2U^RL4yws9>wt+_QY~o+
z4PEdQyk4-ZB$5mCYAj3N@qj4iTB|etBIP1Ig>_bD@LZ&@+~;s~E)u$U(YZ*9Jh7RK
zL#Rzi^7#8>Gnh;CN~Zr_(07$cMQ1$~O3R@lZtwirNqGL!KXCf_7noFSo|{x|(<M6j
zCObPP!5Fa1uXuJ+2cDhepzI{#gitgK$J|eOI-&DGKC*NwTqt^nAO-SZBi&{Z;lXZ|
z2cHuU_L=Y?v`91GCTr%KM2IF+s$j`MH2L^z!FH@6<+W=}UMn|w4fjEg(eV3&7ER&c
z<G885UT6gl)!{{9`Fi+ArzEF*Vxk2Xz?<>}a46-Q&5EDJ;*X#txW*(|==o3TDVOOG
zPZsh|0VVm!C#WQK`8$%DE_6pEU8uQyoFVVpHTf**M^7N1<--`$d=}a$=-cDarw?f&
zJ<70Ofj1opOKVX<1DQ4=8dY_c(<aZ4&M;~XjX6e@$$RQxoF6%(m4e?j(N+wYK1#Jv
zr~VxmXTkmL3!1|8UsqHhGoFP9t_k#g7m1a-tc3BGD$+J%zGxadFU#f>mU_>%D0Wn#
zcPP6lCR4J#ga^oZT%m$5Vb;)z0=wkcBVkJ6%AHpq9-%;w%$v(fqQ>n(Ym@E?`J6gM
zW<s6hIY;pecrRaLZQ;2T)D}SjGI6@}V-tC~18S6=D?pqCv*K&8_%<jB-lC7!-0(3o
zx9$f)g0lFRz7HDW8z#~0=91EDl<cJ2n~7$BY@uj2GoN>5`+rSx(&ZNB%7vnmlL|bV
z)OH$U+y@?+@Vzw?K2w?Tr96zy%rp;U{|$E$pPc}+d*Ux3b@#zP`e^hSAF)vzbBH09
zru$W3?fcLS|AZUE^8L$!RkxZIzl_D7LP_v^ZPNRk4+&V4ya&gfM1IlLO}hM|)TU$S
z7lA7qj><1N8U7zQ9sF-5x#;qyM#lfB<f7l2|E-Y!hmik=qWJ#-=l=oD|H26W=b7=p
z5&2(={5LCp8H+!i7sda1&GR4mI!vD*<Zgz4$75ew&2g5VmulFD*+CPcICxUYLH8YH
z989T+;^2)&4o32MPlb=T93|gq2R^=c0QmUk0V5v=&SiXjX+PuR6%$oHE_&aDQME^a
zQS-p<lV30^-iXBqp(NN@%g5^XjSe!;_Zh0m_c@9AHf`VOm~YJ_`;;{>Zaui~G|#uU
z;($+aHNYopjge0;y~p@eyO;6lUtX0@?cOunPYy)OEy1^ze}30&KRFg(^PX|OrN7tw
zd^;KbRPQ+*{Angx=YqqGKb!ZQX8yE_1^$fL2mJZlJ|lmc-eLS1!n3LNjaT_I;T;nO
zyjKqlxMLCUXRulEV_5vwJ4XII^UksOBeG+XblEn|ap)=~pX!cgIJ8L1p=f<~lF2qx
z>llxEM<rAh<VEvn+ON}he{TVNTDk}Lv~Z7+Pea~je0q;(MGd@9<<sYHnJ^*_2$z>F
z1U|iER=legiesS8U>7Z)YTk<0cfk=R`7$}t`7+vU87=p+H>L4YsVG}!3Z_d<DYba-
zY=(iKY8g1*jDaVaEVJmBMoKi9KnYXXn<6aC6$7_bM-pXNocWaaHxl{xsulRxv>W($
zc(;*%Prb>qUG~Y0e~;Xw@~`!qX6v6ov}|2~>z{MX)<3bh|C`2nmip%L`FAq<5c7+E
zdwtkUvP-+4*<Aa4*J;*=4dIp+c}NiWbVJa{r+sg*c{Y$|CH-)h%BNf2Fk!??hky~o
z=i~V&X2nyn__;TXe46>jG5iCJ2i$7mhbS61^^oTsvP1uUyRF^}g~}Q!PUyd^xYWBJ
zhRjA6F~Yd@W#iVCq6lK3-`d%U7P$~bv$3hA{=7eI&)AAkS&v>l2*-k3@YjIHX`9eG
zbSBCZ42JjoLnT6GgVc7yLDs038tus%?aUf2uJy*Hg~Q*3s-gXH*nS-j`4nUOD2rby
z%bC%E2<US025(CW6`;Oxr|j`aPN&;<R4B|6{e9pMYr*Bh{A|liI<FCa@<_MX`&Za5
zqFruwy~cK^=MLZw+OI>MOUPaSDQ$yXmV`~VKvAIB`~W<e6_<6peG_NlRfk@K&Mdzd
zI^*31otfL%@|fd?<3=Mm;fzpwt}l-}erM45r2!so42MJ8<!c+YBUYlWF9v$Gtv<^_
zfuYKHED|eo?D$!k<6y`8ZI!RiwpfZw3$7Jj#TX)<vj@b{-{)WiGth7UtVBy%ZCa_^
z{-1SWDcga^SQZ^3o@YDgz$fF19<*BtFJbN5vaoicSVB%>twnee;PfMz1>UjVgy~0e
zZo9icD8>Wz(^f5rr-!EhXtCHVLJ=PEP3M*guZn?K4ERjPe6$QP(0&}o(1fhzc)nC<
zT8XhbynED8UBSn}3)TEJpzl&nUnbF4FopHm+m%(}wX-S<1Wo{Jx!@`oj-l|Td_Az1
zKbpWE6^hs6Nu4ya1N{~~k*K}}K2{UoXBmjai%F5{V5P>t1A6}Z1fyr(02;5NJL!DC
zUK9Aw&(Y6#_-~)!y-iefKQEd}Mc$pzsuzBeKl&+Z{Xx6l8R)fzUfgfC>?vQyDid(!
zUziVqnCh!<Svb@Ux<1f;%@&X)To@Gt;}6p@&=))9(X_6EQAW9#R_*#aMc00BtX%hE
zy>ZR+a$NIdi&E<S$eQA_u$V<G>7igxs8GJAp(UP55WH{KqDVfTXg#PbQb%>dE$t8k
zbfM=iQR?iJmr@w-Csf%#9#tsZ3KZr?Q`izoVCy(_hg;%`Yf#t~y`JN{+TuMQm63m{
zLtZ+yE?hZ)&8Ny1_|OQxZd9hyOKT=k@zWeT-spRtAt*W-bx;~*#^80NxXvjZT|{fO
zF!(mqhwS#<?@;qpKU5bkE`8`?@fp!tE~b<fY-jpHS7nMut!1&Z?_0@NyjmCbrQ5vo
zKyo&efaE-|1N4;zx=l;K2742wa&Zi<g8mnWC-p|7GuUZcYPr!iO}_hymLNlu&PO`n
z^X!9yBlgOVIzp>SQ`?Ra_Lm+Mx|N3Fp&$6gpn&<F(+BFc3N2quX>v>T;-@`Qu56VA
z{~?$h%rYoeOdBKIbIFxJKYU);A3n9fQbx)iK_)=yxjora?fb$fp2i4&x5;3?#ftcw
zlwT#Ltf<J|Wbp)UbqYe;cky6Cw{J&{(Dt@zZfUS{v^y}_Iab6|5Gyi;l#8A4&#g`e
z{5#T_1pf|proz7-X9oP6<;)Y>jw%t_=D#Ae&7CW>%`TO#RdINnX6Lb#7IWh^lxa)8
z8xybAdjhe8o(C#E`(h3IPt#4Em}9rpV<d9}*CcwRwWMF9m2PQ`=-X!%>voCDcDE1%
zwkJeusXJxG0Aao@X=WTe0S$>bsW-S&4&+K}+^%m6FUd_=?UCSrTit>2iSnp*ah5Ep
zTJ(>S)uT8IVA9`K11NYDJ7P4nP5!2~r5dm2$JoNC^$zC`66VL?k*?XG3_Y%0g70E9
zB+{2|=?j>%p{^yu{1!9OY?N8?P73%|RO)@u<Ju|sV&TcY7Z&^=%pYLwJHh)<-v_*B
z!uPfKZ0K`E9;Q7QQ&8|}Cg><%eGg#<o)Rl9_m$e+E%F_i5*}y#ljuJabzI6m`DIX-
zpi%$z77pDrP*Dq*DAZ=bqkMi!a#l)BMK)W(RYFtPFV;fg)w<fDYU-f3tJ}4w&>qSt
zflqHg(YM@6y}}+raX}E;ieb)^Ki@6}`rF-Tu1dAvf;SN61HAGRt_`%~=d4SOqz3Ec
zm_|CEU204#)#P7`fgFco$weu?BFAAdo(IB^Ql$gcj>kX79yNWXKBE6pQ342B?Ty7m
zmHSo9ltF;08v!OnIOb3(U)3okh?6#joRRYp6udO6V>5WEVNC=ty#)H_iQ7T{Wc>j8
zXWGv#jd+jsBDx1P*a>SDl3(k6KqWtu$nSm}@`tG8k0JUun$iDdhi2%%QbYfXs6WR5
z{Y6`V{?bD&Eq|EtZ`U0C4}7j4|1**P72l)&Kg7oWs9cdqc@WTm#~+V<al7g<@47PB
z`KkJ_F5e2}5fdIeh=G9)(Y4%ri70gx{X^i_p$?X+87Ec_<N`a?UNKN7v4@0v20Dbc
zIgZemk^DUdU<Wu@9@-UnMzMd8U367=$GQPDLo@5VSGlF0PB+*(2kK^cY!Ln7K##8{
z4zYACOq2oCE_4NR*$}I$`MUVF{zV$B(C5m1HXAU%tikF%R~A>tS&#rXzz2G#!q(A(
z!}szS&}Rc2Gvk%gP<2#(hg7f6cVl_nX&aRM62tejQhok~@jGc?%}>Ys{zsz+>K`W1
zLAB{Di!*0s5YNldly5SY&(W9T`~3V`^%=Qnb3Hq0_Q6^8I{d=wi+X;r^8B^>=lN}O
zgMk0Szuq93ZFEb&xTSBh({`|Pyi-O0lw=Vm#2_)H-UE`ltUkt*@}ub5BnsDU5{owj
zhNjdlx$EP0Oh`<2TfY~V{TL%!VQx-I&UO7XH9@;%?6z*voG(M?7>yOD*E?=6vUoRU
z`U?=UhpRB-ah2P*!s_;w+n^5NF$5@~`HW9MUFdDZhg$ll68%T?^goy^`Uj)}>E6pd
z(l3bLQ+A53a#6Tm7Ny;8>mGSnCCIyVoEf2eF|U)6H*E}%w=GkckMwP2^ljkuS@G2;
zL!e)guEkO7n<5_60`C_%GD$$Pq*5+#s61I+?SV{37I-4;&ZPm45%?5)p8kyFF;IOq
zCsd!`!qQcEbtT67_~=nS1&rXkOaesdfLr<+`hsV?gI3E<6jN$&{6eC%j(A@N<F^Ue
z4y=|FD{%ZqIdWY)r+W1VTY)|QoUu4BPn_P6bVm`M+!h%SZ<WgH3e1%f<~vyTvmH3J
zGuw%QYhiGA3Xe@d=D%8kk8c2s0<ivv&@49IkBZi^(6icn3N8;7iagh{-Y|Jiq&~T7
zyw^gfuuILzbDezszfhhF9I8D3AW8+Sn_4kp=W-p=^z&ZqXO@Oh-gRm}%SC^_!yf|}
z3fPj5AqMXU*jK5ACosWAeI1H@eUa-g=x^vd>ZZqfDD<4s-yPx!Oib5gtcfV&wUkYq
zv5swm0XiH&hXn<utB0YjC-GbeHT{KmBMVK(KB6?V5gbCq?dNP{A;2Gp$FTU6=&MLa
zo4I{$J>T!4&u<nexz3#^PCx9x7Gr6A!rR7Z<TnY(Nh0|*>fdm+asLB8pA65Zp2YKb
zFj59S5AdT*c}}_CD^cv8<3OnfvwdSaa4Qd=jN{L3H`WLC-aj-^bX84gr`(2yU#@_e
z3iBQPMQYPrz6)-r`Nq?ibn};rGotK;G}&nnZ=lE}ibknIfPz1G)1i09==(+Qk$?s0
zWtDJFbEsV3v{3YSPMCHGOO$)NCUl6Xq8vv=zZm+OsO?NUrd&enao^o`{ydIPgtl{4
z+6>jx2=Vu8%;<^Z<4x_0xC0ZKq~{A-YsN2{fAQhb8QT4V$i5u=gbo?$_lD8c%L^lN
z6Xs`x*?v8&e;CeTrGD=&T;vXKkK7MO@9W;w*t4kjb@VNzRIcrs=W~)_C@P@N)QM+i
z%uJ<I&kW<O+8;&Vhkl6UgH{;$2mKu#jXx9@3UNkd&L;MEDY{nGOzd)2!rwA`C8vge
z(jJ&#;yw)?@#knWYKcFF?}@tax73Q(LPsP&7dKcSQkJe~=YRQgk__)B8@{JT*O#oV
zFB$%y1a+qJ`k1_&p$J#m@#R)8KW1{<ipi}n$6+N&jqndUr=<^x)8jFQ|0>e87*F&M
z1k0CG1)pF=b2h<eHGEdXC!mrX+`I-ZUrr5t*5iEzLGLQ&hv0s_fp*-mhczO?JBeE4
zm#P$<t=%8u3EZBZF9z;TM-L8NnCRdgMn%DyVSdg)rd*i61EU0f5NcHkl#PD~aAII0
zauvQO!FS-!z$8kAm4+tc{eSR18M%raqsZz&`1nblwG!<N1y}3Wk;y?sxpy7gnlQVH
z#V<8ZVJk|gB$Odvu~Ui9n8xn{gPrm6Wmdc}$?Vj(`W-DTk$j`(?P*P=&YqTN?P=D!
z6SSwFv(Cx0ZZz1_Cn}F?PhUBfJ)L`!_O$dQ?P*o>_S8QVO`^B8m{NscDxyczVeqFn
zR3Fd2;(Q(Gcksk&2PU>(q!zUCYn?g+{*AVuI(tkw%&C3hYJ)x2+fQb90bT+H->4K^
z?6-uzQ13@lb;8H0EsKz@wX%f!O1Op9*&k+K6==@PtGb^{M|+}{cE!F{HE&-#N9?Pv
z`ew}Q7>#}PTOxcz`&x6#_BB(gArslob?;GJzmwHYlKp06K*xq5C`G4l2L}I*_8IK!
zQGdo!R5M2YlYPZEPt3kDdQvC0i|n1y`co=BsuQ|ROHY(N-Slhi>B^seojqOlQw+DM
z8NZ1=W%VU1^)+u#ZD#h=L{3k}p4trdG}5_gn(xW#cO_o(EA6Rs`EOxQuUqwpwWkA?
zsrGcvO4XjexRTk^>{Z9Kr$22uzCAtIU~R^p&e;;Nr=rwbZ_hwp_426S4~OwpUAghQ
zWWZaveXh`6VN10z`NjBbpLpR(WqvPUn<v6oi~g%bS7l*8(Y0}657D{-J||oxx|UDu
zEPiHT|7D0$T=0RXv;i_v>VP-5`6{i!zd=DB2Jj0KE%JoQMeJTYL%ev;R71Sje|2!v
z)X03#SGUh6(zY_u*CZ5PNw?C~;0o#4qOacSb!P}mf5ELRv9lL3K8gN5xC6YxMseLl
z^}GzsfU&1-kk6tN2NwRu$E5*|(EBidGiLTU=KI3Z4MDsVEz(~@ywv#Jf4v<^b*(M5
zmJNZ?c+G>0iQfRRX{GYrpEZUJ_8~I<)(WvZC@a@D<E>?RqO?x#QGuPyv5P4+bX{)F
z@-k*0D6_y-Q`lN;0i~{*OyP-Arm-y)qCQhB-oSBC@c9qp5Jw5~<7UQ_KW-?0Z5FLN
zD&=mV-PdIGb`*<i3u4Mjgrx^P((>Sov-p0>nH>%L1yc@El>$}?&j-63+B257K2CY)
zgJYL}ZY;0E5u7Sc$3dJrRe(Q$vT1l7_cS55(irbn<6maWNUl2XWgdSIPoR(%YUm7%
zUvgdhgreCbszV(f*Y@#)bBlKr^uV>40To#nS`3RZ{7fyrAfv{=M1O$=*K)i!<5k7d
zcDcm|xa`tB^ofG6aGeGKhCq40*L~Q2E`J}lRPJ^)d1K{;lTjDpJ$~I$Y;lF>VU%5(
zKc5O{F>h1X17Tb;XJ%u~bkn5V_uH2G{XRo8hvZ5XTn#%knN*-K6Pzf%Zt07t1iyf-
z0}YZp1weW!;#liS+O+BEbCFQAi;oUYHU}o6ynY0iGAnT{3v~14qOZ{^6g^J$?S?5R
z$IXj_A;MI_u6SGM+3rB!9&QjjzQ2nOQ$HwI&yAyl{<~ZgnB0r)V-#Cl?y-j5P@gy7
zBkh)#%*CacK5o}h7^sp5nbLN6aJgrI!;ltu9qxrT?!Tn*iVxls=Jy_uTv6~y!5=oK
zFy8`?jK?u9VdLEnhj!b>mh65a(Rwg)<OkZWW$u*q-oIe)&l6j81m)$HV8H6!zQb1U
zrL?+UA$Kpq$&CkVv=dWgrh8&c&hVHYgUd++?4fT?XubDD%0Z{$u`iD|;C<zW^}4EG
zxn4*0`LDC<>r7GWyq=>mwNA78=rLZ7b+c#qeUy58^1}Ukd&1T$J5VMP;*QArp|66k
z9|A^+EFj*lE+F=EOE%pC;sE#~i!C5tew+ow3=6%ie@}w9>OyOx*AMOQ#aVE5kX8w`
z>xZu>>xW8ds5;92M}J2npxNJT{N6!qflLHI){*>+=<ob*j$4i2kJsMu>Wjkf`tPd!
zD~rgFE8ZK=fPTpWoNt;J0FO#F`AYI9v$m)gTx%!T>Ea4eTIum$AO^-cFpH#UG0`}P
zR-$i!@fVh2g`zO<AaH-e4XAbzA;>@1a;3Y1CS@ScO1B>bEX2Bk(W0vnG|Z)i92R<{
z3rNGLi319K(5N>k25x}YS9$-ATyM=2&dz)%juL%#PeioYUHdBO|0XQl`!?ybP>E6>
z(>GUX^m}~fOw5Ju6TAa{EXfq++nh52%=~AJZu~A%9L4d>&ZFq3)yhkn*w$Z_e>A?K
zZ%`@EdjQXy0v#IKqW34cI;j9g0DhQiw=ncLO)0n5=;OQk??VyNOo-<N2oP5eNVEVL
z`rG_Q&_5>Sb69yMD?gt6<9RV1#XwdJk5B8rXM&?K)S;YF!cVgKD{ff!1jboWH|3(`
za=X4RbY{%FI1zKQbEP|BPG%)q4Y$ycKSbawZB-hmP`p!De!D(QiQJ)OH2%b|(A>!W
zJl=k$^mBg1NZi8+xQhtzC<I)PHPZ>MN(+xP4w_H4a%;fb=JjdX--o8QJ3Cw_#N~*!
zKTm(3n;cgctq=b=`4shYPCTE2#jmc%312t>H4TQMx)GjbiR38<$c+|V>tT|wmq+re
zVeHI}E}`=?&>y<Y!k(87g2Xjtpu~xRUL*c;mPKCqVPnJ};rrGjhctEXipMh9s9u)v
zELt~d?|=JckmmfulyZjAmwV4eC<`v;>N<8B5{{N=m6iNg=^i^S6YC4uyhWL2WCZRF
z%m1uXr?Ad{;}>v?)+)lcI7TTeX-j;_LV2UOl#5WLR!sTQ9RLfJC6$ZT&%x<q_|}ck
zNpx)*Kkk}<?J_ZCnfF4EYqvMaW33YdJv(}=`$YgSLXkuRvRb}l#-cDX1tD4|55gNj
zWq(D_43XJ5Uh0<cJ{u4aTUSj^ojQYI3gt?2+A5D!E06vqtX8-(^e**}^iyz*s{g=W
zBSDy>?0ZJMro1#OSU|bb{X$oR3tF>a5$F%;faou@X9-J}r){81tPSU*0Ww1sBppbr
z#S6)UZ|nD0z>CWid21y~>!A_}p2%ZzQ*jlSn^6neSmcs<jp2N33B-lAW1!67S&FLE
zT-Rij8V}U%kya`$-oPpkG}MwPIghvFkyb$qy`W3b;$Uh~zHnY6zdt$UAU-U1?;SkQ
zi1uJGb_ci(bW{)#p!GL4D$~CtpE`sY4C|w)o7)&A(<Mls+jU@k$BC`Ap#)8S*#Yda
zM_QY<!IQEoi1&$U^)rmu!mwt)vPNDbC&_rMGI?Z)#EO(Ex2sf`@vj(*B^TZGc(=4x
z3|#NXP1z6qx+c*1O3}4aD0&q$N&VM@#C|J0JPPwm0|}{aX@keQ&z*8GLzrEj3&KBp
z*?C`hTs0F5Gm7?lFS|C-Gv(SqU#lAwk5H6{FTo2E8T16F{B+Txu!qdMKf%e*!7eWK
zCc1s~@OWE#d^w#6u}&WFpEx>9g5<lxmPqQvc)$zHUn}&cqHuaHqKP=D0f~CJ5vLnf
zy2rvRT}Sl}MoMf>xeZVP6nkhN75oT3h4*o+Pv3)m7DErd_Gx;6P5JO@`dsT5*9L5H
zs0@5~U`wv+7h%S7_ycOYiqX;DN_`cI@D3_QkUaXeI7=`w%<p|aK&N5sl0Q8V4hLft
ze<_n3C~NQl-`7C%F<8;0%-4l9e}}2x`SZ{>p*R&P2@YlTBNg5ch=SLfI0ZD$Eucri
zSxp-M7V1A=)d#sLzmVR^W?Be`k)7EAgShfx91LX9GN=#wYK4(Y@uch~yVDs{V2WIL
zz)Rt)(9s_77pE>%#hU4ionrlKOFJ$4t^GSFmZv{jq}m4$_&T}LN;eAaN{^5O%Hj-<
zYjxonqIEq=b6Rb%B}|DtHi;kU!}LYJz?D$X=yw~#ZjJs4Zao?{?k~`le->Si_WWnc
zW|Qh@5zfCX7N$kMok5pvfIQt&>8P~Y%#p!q=oOjio7muON42_U)s>`cWEbh0h3_<m
zb$FtRs~93m?xy-$%K0-odXAJfOHU0&304}^>vu;~^?JLDtJicKuC#Xu4+8!E{_y`+
z^bQaV@4Oy)=W^v88@|){wm#qn{K|xPTQbK%GYnW6(6=f$B2tx{&Z}Aob;=)LRV9&?
zPf^;4#$G-fI*2$4`tU^|Xn-K!wgTPE9GSKub5zidr`<@qp`v?TG_a3R#qwyVk!&`v
zZyg5@U(&!W|4gY@S}lUiy1o;IoG-DFbJ$p7LnG9dpq*D5ly>Z_or_pI^=~z5<P}+W
zz|&m-%i)o#JSi&yoIuT0xvup%0&9cA8%SQ)d!XGwuO;bJ)%U%rs(0Ut8c$7q?v$10
zRmSP6{0FO2VpZOxtMbI^n}1ka-`T7_7pt#T^Yximc89LAFM3mDd#<3$mb_^yKW(8(
zgmWm2P&2rkYPD|Hs>0S(+uESOYQ}0O_U1Ex7E~;cd9zW`hYJ7sq*;gj$80+kfzOuU
z+{v}02id&<bU`WY^kHIKhOMF4wpYbrKQlhTrxBcz2w!*w7vWlLcK@74qy9Lt@g7*O
z9iq3cpdnh-i-zdAIVaD*+B$80H?jKeXZ2m9t54An-Fs_P#3yy?9L?&*JJ=pOc*Y!K
zd>w~&C3pL%8W?G;=^P5~LS^zlG<e)&W#=<v&AWT@niuuLt#ofRh7~;S@!tTGvI=a9
z=x>=TRe|!)b*;<=<?nHAC_EokENFl18;A(&IcnMSu!-Q2T2z<oq2611QMVtacH}{C
z;C^PVfJNS`ez!rPoc>0mX8oaxIwP(2_(fD$V#<1tYnewF2$si=mZziAJ~Vj&;yY;c
z5o#1`{^;E{*k~Kp=nt=J8vT-YxL?iX&}iA~*eK7xCwGB$9qI-rBG9=l_zm9S+-E2&
z?12v5nI7vpvaN2}`8<npY2m*<UREU{q}T<pQCchC7G%&rw2tF?7MJ*MiHh$-AM<$9
z5Oi6Cw}zGbD%tnJ{5#rX_)aDcX2(j<?JIFqT8q|iV9<gWhgD;|?LyvP3-<TR|5AT7
z>oMKQZv*34Pe44-Z!WwbKljce<N1*~d)N9?n6n@mntHOKo~rR@vT2I3Aeg1W*BGD}
ziFFQqN3);NP~W13ru8i^G}JeU)t7+v)xNFPXV#x&-k)kGJiGdBU4Kmb-^lxq&p-FJ
zq5mHL?RH!>lGb`$+Y0-*Q`Wd$UjY)@jtdoMi7k55vPVacv>nd^PIxxXqCKyl;FU!=
z7yTe2gg~!Q8t2Ry_(OL6M}t3bjb;>jBH$2+{tg}rFfa4wfnYk^t}1UKMw+EK(T`E&
z9EV4`&OwK76NZ8gNki-;e?nVYMYglmWnGMm;V!6a0M>FyxM!$CXp6Dyj#!HaD#sL8
zI?-FL5aZT2!()G?(6%Im9#O_0<7N1;_d<9C-UENa2Y+4XU=$3s3vI8b+UQgW@Rum=
zm<NBuQ)A$%+aqoHBT;jO&f~_%4C|B1{UwUOh5JrdasQvCI)SWC9PgIaiGINoxY&x*
zh~lb&zHQyE%EF;b(5dvKG>TRk<kFi1?%x$4vsvK4zq}r0wG8{1;*lCiI4k8l3Kxap
zms~OMpw%PEVoE*MV`uLdR4UDq`&1frJ|@7k$})OD81S82+N7+5bRUUc(WX$PG2e#f
zfAB1>543o#j_}$)=Eqv_I827pL}?kB%pKf+fk!J>U~_|%$P3JY2^Wa|t}qaIo*|4w
zJ6w7Gu!_ygl<%Os9wB?X5-ZdtsImL5S&jLcDwh>zieMI{&prMgxD}g$P`C6Irq}=F
z+Q8%sEqqgN_lY!mXQB!Y<CHoVW7Nf)3%)Z3CrRFTTcPc0e3p%ex7qQy>0`6;$WrvH
zL~aaEgF_{Mo*3vK#xNQx*PLa%os9IJG2S>l`(nb+y7+$aD(_HrQz+AIUl7Le-(wGT
zE^*^w=jc}oOM52DH?NDOle0VFCQr9(OJVg0-m(%o5~WRQ6p0rZ<e&AosCoW>WY%BB
zejtm3b&-2JHTysK9_@VGvH`uy#m*Yp7iy#M!MDdczQX`vsh4wdzdU^{b<VrPaJM<n
zBUxeRyi>PMuz2?I`1jn0$KoILr?>I^vHU?e{2tft2{|4=K_YNEq%WXb1w!b2hI8l)
zOz%aRz?d$KMe=7~F!pTMa)Hrr<WnU6e>{GC_rbCFA#(rMRW-p08Y$#Z^=c^v&jk=X
ztM@>pJuVa4e52_32V6+kun!ojn}D5ld|S1K@huK{I$^7xdrJSFY_@+5^UV5p>xs^<
zP-`w9vUPkM%`)Bm%GWGu+-*mSU0a|hUt>)Ii|xzueW*eTlEjn{&y_f$<VxUeb4sp6
znaKqb7ES%G9}0(vDThS=9q{*;KpV9ME%N5h1Y3`&#h)fmJh>JTa7*8U;g9Xc4gXy!
zVE8j$XbkJyAB&B<U2@?ANC+dslTz++ec={zg8JUKhpu~CSn;L;sY2dy@2OEVA%#=4
zIT<K=?|H<_K}7z6Uc;24QY@PFJj2U)zI)_sY(}|MC;$9D2$5?OiBvfS9Dqaz0$WTw
z8+cOGY4yEwJ`=7k@j)5`W8)@Y5(B4fkYuk}`|aHRDHe>DS$D~0_na6B5$&rCQC>11
zhXohGIQXB_x?m-G{^bK{9%!F)PFn6kH+JBcTJZsIp!W&VVq{juMVyjLkrL~37%z&-
zuhV~5&$q(qn#=N6C<Y_<e=in~XK*@jjlx}-<zy)k{s{m(%5$ZjPSIK+-?a@UtqPgl
z-7!VRRbH5)PI!6IL3A$%!4O=IU*9<x)*TNF#18KS#141`4+btLmx;1|%7(E#c>e|3
z1A75acmnrm)-zeKNQJLC4xq3<=%*fH;9je|wi?|kuM^il%Gqkb2Be~5r;ezO2h{_i
z6}6_2f~(%?oD>U?k~tWh+I-ZL$2fvXI?IVm?S=huWfA<rf;4jDj&tBrhUR1vS|9u-
z)TxARULUeClD((fyuReo$maDo<m*4upBAO8hfDFQJ^a6+|EX`9p}*0urT?)H&FN<s
z9C`e49_w;YX2IU!u-0GvL!5{8;n&S{@oc~TJgg7UL%sEdMPd1s4_cb{@1jWm6#hl<
zJl}Q#vp|)8kanm-eP7<yq!aJ-{YLS2Gx27p6AjO2Ilt#6#V~*V4>6v%eAUc&u9o!U
z`FHfn&w3ulGjCo?C;?wl$?1yofd4MIt)LQnIxvm13yXd%16_IH1zcCgoDc7R{Ul#c
zr0D(-O%>n>7k2QZEWaku6AZ{|(A(=p>%rhxY;kgZS}8Mz-<(gutdGxw%4R+piC3Ly
zeMN@)9&%HCw_$zhn);|B>p>KW8=Ba9C;Wo?yK*^!Jj8P(6Y+QyNE@`hljeZ!3k;5B
z3!BQJQnaK~qN&f?6v>AR{@keggRBQgcXuoW+R0qd_`=ZgK1da!b-BDmU1=35#<%FX
zHn_Y;1O03g^ySW3jbXjN5+}MS9b3tlGJFrjJ}xF&BKS5CJ7Ik%&3CCms?qQNz-bZA
zOU}lG)<Je}n=J6E)#qI;Mr1<m>i!OV=pnn;uHXq*2WnfppW~Ib@3XxdFf3bstk=iG
zF;pdQ42Rj_31{3`ZxVk!YIZai-Ey@Hug>#RmI$VN?vmSdX<(;vQNYnv3Dfh_8={Wp
zYQ-;1!n3(XyvNQ2lb)wMX4Rfc8^N64Nm0wF1bunTe_}1U(#1}SwY)|Jm3YO`b+4mS
zk1K{1qOV>kyaBV#3;GE2^DUV(2RkXT&kmp<)|mBMFp@9-M)^PBIIIf&MYCT16EnfS
zDqQ@+rpiTHqolmm{T_*uM0OU(QR-=~|6*rIk|(~4nzCOZN>Iwv+5lYCc^-k-XUBBI
z)X(6yFv)YQ1m9UiF<$;c;nb~p^~yPPo%r+f`136_&%dZV-;+O2{GOrw+9l7(Z+PFm
zyqiv5Gqv9bNr$F4`QVSj3&lYDrP(mcZ?QcmTC4c^X7cA$_j2?w(T>V*>%V)zeFKlx
z53{NgH|iPp<3-=66CWOJ*X9rM8!YT}--Cnl9i;u?JX)YkE9G|(1|83_{R^2CyjaU&
zz2<g5(Rj;^=#RlWa8fadi91Wed5Lr@Pg*U0544XJI$Gox2cUdAz$2~hGM7#{l?FSL
z-GRZ*L{W0cYhOcO@gQEcxD2O2GRY+fntUsJ(E|uI32X#zxr8^9)HjQ^vsscP1}4cK
z*RFz_Y0fC$CgHbK{!J);Dl)S@(m0se;}Y2nZ(+Q;W~GH<6Jk_c&eyMgd^ZsMhx~c<
zfosB&SYNzhsvnanyUI_y8p6TJVLGqM*RP76o2YqCc<e69GN_gB!Y4<EHTx@k{a&Hx
zuh2bzJxT!rS-B6sk)f{te~L=KMp%|tPYsqtzK1H2f12+z<Q{L)Iewwe>Ma>|+?zTx
z3&(acRQ?eBg_o~P#9sgsoRMg}Z_+4VG#_@U`Y+cwA4pmNMHYv>XJP*3ceUu*oS~i$
zxS#`kNR{%=r<lBHo<CFW+T7Ehz|+ckCjK)ho3H)(V0xg1?rZ3smg+n3_{^sw>jAi?
zQ21a=3mvly>Q7v*%Lg@{$IQ?7{ZW)aDPyK>NMQ4{#f@}iV1a|KQQRuO)(gJZhrK@;
zvhL&XFy0Ym@`rO;vimqOZMU*)+R_It7{&Z6%;!K}SQ=`_1dx`5iPU|Tw2k=Qw~H(V
z!|>Sw{+tAQHUYKrS8R)2qBy-_8a|Q@&)eyJtxj0L`JZDCy@cbdeoqK}%Hl7y=Z@GP
zdJg3kE7-2dcVL%C`tOOP)mP@wolB@aiuZcY*7Rn$Kbv}!PrYe9g6R_$msa;hQ-_A)
z<5&8#sYChHq4iuBX*-n+iYc@}Iadkj&bEjCqwPm_LWu2m-Vl16^#?aozltjCud^40
zOCqN?Q@FnittBYw{FQMGGN1++L3^U8L+;9Q>`-p;-hxTG4s}Dt1dew5pPJZt$4ghC
zunEOen3hN!p@~}>`ir&c`};w2{e4#7-(vIr(w>bH-e1xGpqh;epAKev!`?O^zzOmU
zm>M9J2{09=%vz+wU#Qc~F5vU^>vVTFyx^+GlekYKj*k_l-D38&W)N|a12yy$<aFE#
zSO&&0zQ%W#-HPXV>L$Z5+=8OZ7dMVm4|p-bT2N^+HVHU3@9}vI{C+LM@740)|FR=W
zKQr`?wqIvBHSt*do^1F&+VK5W!}qa<@4sPvm8I#OBKY#f&#Z>?rol>S%I{igET{TJ
zL;W6Y{Yf1(_;sBDzZ%akBNqe{(z|f{eM<*%S!ulJtFQq`5nTrg_v-H#tt_>l9jX7^
zM-262|1{-|#nI(swe*>kS8K|bn3QL9)Qq25{hIct9H)GgN%;azdB5Y7pKDT%{AHkv
zo{<+Wv0BJlR%h3TIe)d~(qdj-%F1zkb?+DPquO3!<>`j<XO;44tQ`5TE&uilUOt+Y
zk2RDJSKiNH<<*9Amr|Yt<z)X0n-u$>9fgP4_-fxj?BnlOXR-DT<=-mhrL25`vHwc>
zE9T|TD&^ByxqOy--kpQ*2d|OOx|0v`IG_H!y9hq6EFBG!<?-L1q}2SFR3CP`R(RWB
zw8D-CpdU8jpF+C=;s{ZLt3M@C{&<{~d)t(p5QmLK@Y2%?Uix7`w7;lnKQEEmPgL3$
zqS{{q6+nXyIZNN*?1$^ak@ntD+PgcdJv@Kr9L@X)hoj^d%XRXh)Rr`W$w#7Qe%=?Y
zzpz}#pZgT~?+@?0>bxUZrw8F6dNC=xR!lj9m}=|A4R{NHCy)U{aK!38ADteyEWDx+
zFTX2wPd|!|L_zWhkHoOX{A_Sl!RUl`DCaklrvX)X=zP0MjA&ahFw@zIrw=DuLKuWz
zBY<nUc4qYX)+tRaO&b?AmNmw>rJvJkky`Lo2gwhOK%89W3EZ1VS-5{gE8iKT^j(3d
zZa`Fx;l2|kFkUC0nPIo^C%xZrlMT;%r0)GIvo1))uO|Biz${7w5<@R&^t-8i_q>A-
zvVWTK{72L0ZR~k@<TO5c24vQU8UIY5|7t9I{$l0%cI^2`ZiVqsgMki@f2;!rNGN*U
z!Z&2>m%pE_rc8{aa{~}!fjiI*2ew=ch>Y{NADkZ|xw;_Eg6`q;M&kTHH*MS11tYR_
zx#(qF&hc@q5YKACJnU@C%<M#E|8ZqD!%WgBOGVbXAQW?C>x&e0_@E7@zdgeDf1hms
zjy`GHzu4ycx7+(W_3ykFsDB$0pnqQ#pJM+yoA>X+lxF+a>i6nj=JV9QgRP-|KNl(e
zBfM+UInh5h1Ci@63U2O~FL2rM@PuNE==#N*MqR_7_Z(qiD+9&nM#5iZir&GQ4f7>2
zv`(J?9FcN6l5$6pR>>TTo;)o*v(ioJ8F@<d{Dsl8u@%tst?xwXN!8NR!knHp4W~lS
zQ_m7TIY^KDgz3@oYeH{RditIcJ#mblPg(*!3m-lue*JibDLwBTJ{5W<K11|eg!H7G
zFg?jydIp)()A^L>`RQq*=V?38^X&8!r6*lWPgyThdLFGm6?%p+dg76umM2V)PM$9}
zr{`$hsnApL6pL5K13mXo)6v6sePMoU=HOgu1<MEX?MaVXAaH#n6kURwyl}B?HQgKV
z4bs(BzMY7w@JL=~67BM)`@K;!KTY@4z%zW)bw5n*M)DbX9zTUoag`pAEb@1Dx&s$K
zBKil&o`BOAYB#3D?fPCQszm*c9-ptwMq0ZTRsH&Vtd>lvvbeP15;~8+C*G;NH8;@n
z5xMqq9K6mxkL#C$B~XR8HU9Ns=4X`DgX?#JNwU~yveRDhkQ$|>??Ul&7Pgp>tckjQ
zZlQQedX`jg+)u{Gnb-(}jhzej(5#p8jshYJevdnvKEqZ2;G{6$uO<5WWsK@Z3l{za
zr$4hE<1shX7ncf;(e=R;zwJG!Axs%q6u))Q^GUjR?6vB%t?}8u@KqCO-2(Pa3D{)T
zhhCNEKgsleEb9M<7Ga|D2>g50LyMT1oa{`J58TXxuFuBASR(Pap>7bANdDj&7J`qG
z7iC-m!(d3dimugsf7jcJK#0;>!fU^T=>leCIqpUp3A{)NiUFGsugf6GSbtPpa8yZx
zb}bWTOtR9I(s(nGMgBauo-SGTFuRNSizp?25k%+?tEbP{n!<R01`Oy!t@+W1okjzS
zhsXSRa;2?=m=ws9@q{)YSSbFKy6_!Qvk!yM&)$X5ayd9UxWjqBCotM7e|-hCs=4TT
zg)rlQMMG6DqKZ{gLF*6Y@(rvW4!1A(djs9^bZr_FRnavPrLQk@W@PUbn)L%bLk9tT
zf5W=lT_}@)(KRwznNiPx`&hYurEL!W9lTT@&#$@(<)@Q&o!|{7JL~cq!lCCig0lkz
zqkjv$|6wxT|L{ahi#%~U-IyKff}6+F<=g3NWvHt>{z`QHP;eHEY@o}z=Z<7u9A=5J
z$UnO3!}30{o?hN4f8}C1ERXi84~KT)Z%dW+&*EAoqAScUg+Iylz;x@%QhUXFmWrGt
z<>)#mgIJg?p2{X$PCEb0;GZJ@%;TTK_~&T+tjrmU9~Cp6!4I0x$8KLPKi%zT4o)jo
zJ#HN(X&cgNITeurlRWaj%+KcQWOTppgn9}FZ)>t*{6JgZ20V_e*}5Fjb!{2X>Y5F8
zalERnZ<U6===w_k6IEY;*O#r-7g<-B_5q#mX^3Z<pYNH7$C+xLPj2>ko}FT1a^v_p
zq*b35Ve$u>;K~YSAI4JLy$#{V8JMf!rGy1$fxp{tYJtzxSzt@JD)fVV{bN!2L&v5E
z&pDmD1n3#9g#;rB|6gK`|IMj!9up5R`qs$r|BKAP=x|4i{P#(V)cr-x(nsf%FV)bO
zq0;C3|JeH$_@;{N|D+8xJoH8ZjZcb(wXCkRifk+BCYs<4CR(ImQNb$6Rs^luYE{re
z66rMts|(7iyRxni+|?CbMRWz*LR;{Gh%Xey3aIx|fr`)<wE3TNX6`FV3#j{h{nyV&
zdT;LBxo2k1ob#PCXU;hzC4GUPL!ZFttL_5&YHvRT`f_nRjr8Sf^ldvmHU8c8Gw8c1
zM)YMOeWx(`7=OBfjwJ^EEIJ53V<^gHhVs)6Qa&H!;Tp;p_rU)LmnRj5IXnBYq&fT9
zjcm?7*l`H*#8_8$a$PZAm#^ax<%zMr#z&LtJCE15uRTegY&cAL()bI>lV$(vNuJCO
zCCZcgnhsf>#P9nF@}#0Vr9AmCE9HE6JT*0kHXp9OkLH78Kg@@tOAk?=RK1x}o}8VU
zz5_dc27PZyL|;h<(09wNhbT`nSEiIFe>g3*{p07*H<;14p&jVkcuRsjX+BJOV)^Ic
z$rHyv4@sU(&`(6B@Wv#6%!7iKXCJqkHyV8wPsM20g=ND$6|-GdOWBZw?i;Vidgbe?
z*Kzw7`f3D>C9Exfd`5Vr`b0~(y0p$OeS;od-{KN+!DUv8UWnVoyX9>7EdII_er@`b
z{L*~#RBP&m|2VL~i%(i9B-pe2m@)aQ>zQ<UWFJZw`YzccdE*1oU;V`PKlaPDzrDxy
zk2AIZG2Z@hto`>Uwf`@?{d;-)i+TI^n%e)9#@{H&k6mOnZzTVW_P6!e{(NKmmn`J%
z&u8tAB)0#FCwTjR<n8}GZ~u=!fBa4DU--+lzqQBqUutUqA9(vOW$h0qwg1n&{d;)(
zr}Osj(b`YzBTYLSw%Yahgg#;UI@H1FL1?&l(!Kfp+*I#F@pzF#k7q~sPUH8xU7wYk
z*N0hD!@<{Q_47rv%20f|?(q^I$W4Rvfjs#ImPNsUNdA5u>$9mpSS?BQX?Q6`T^pZI
zs_SZA*Ren7{FhK)B3?4qSdm=g5xmB_<|MpSWRU;jA>gGFL;1kZz)Q`q_k@=McP8Sc
zE4CgoUV4A-Pryq>ZyEG`mZtCjIyj}ipP8DPL(})e=aRl}`~md+))|M0mzs_A<!bb$
zr>5`SuYU%84^$9+Zlv!5PTyh5{}ha_Jg2#Vn5EyTT>71mK<vf3^s7?k-sn9Ea_=3Z
z+<SN|lY7_$cRt6Cle`SSH9al=>z+iZH|g(ePQ0{}Nj>EncK?^1R(4+eaO8c8_O>tm
z1=<_<p{Mpf<Ja4J-%{4zT0gb-ox2m;d;Q;7`)a;t?QJjO?T7m+vwSwVLh14ugtO^<
zL%c{#xX(|xFHE>M<fkxyuQAp467@;EC^w-#clY#kFVD@IqsXA1b3yIlw()Kls!aLO
zWUE-i)vU+vX|g8EmsIk;`)|E_o$*^|CV%Tn{;dH`Rtwjk>pT;oPVHptN93$xsG7Ht
zD?z8O1T*ncp2Tzjo{*7N%b|1VZ0BH6nw-g!|Hw<9vRVwm(n;?i3DqEm1F;e-+I9;@
zVkLWcNQwFa+(Y+eHmyW1>x%~ALGm>&X5#(h6xM=qJFFJ@i&M!#DO1ebU)mQPY<kJk
z;I_E@(OGTiTGO;H>AV1*N6U9$UIWxS(inSUyjgsn$)0C*_dJ_D&rN!sd_IB7yIFa$
zyZQ?0d43Uw8-c&Y@E3nBfxk}pTMmCS#b{Lpb^XLFF<L=U=%q2)s}uDp)>l<UPoc`H
z#q1TRwQ32w#OF)dCDdKDj9p^&EA;BCQ&q3Er)sTM{|3GOO?v%}di}Cqf3sG9RU5m^
zhD!@={Y}h;OFO%C!=-~=ig4*<m!Q)tGU;+mp~)W<iey<;da|t=J-Jqm9=BDaN3?46
z<Xbg*3auJFMLIpjIz1&iJ>@z*6^Zopj3?b}I%OKB)1hL@?ri=dH~Pch68^WG{hdz}
zja^pimsR@ZV*PT7ez{b?T&7>H&@Zd?%eDID2K{oAe%YvB%KBxqe%Yp9A|voiyMF1=
zFP-{jrhb{FUuNr<x%#DBzZCV$eEqUezbw)(i}lMA{jyxYtl*dR^D8;rcPHqd;-vM6
zS6GFylA{@3jG0V#cD%IH5{13LQG35C>HR}_u77_;s`XH^zI7(tXC~ZdCERBx+~=D0
zuTG!+gr4b7ex9ITwUYU|6Q;a)3MvAhL;i|gI1^M{c_C8}+1ssvFLSDOrACJ&Ojcp@
z{G_k2v^4BfbEX(|+p}kqZaWopn-jMt?edpy#5_KS;cx`cV*uZ8oQ3+W*ox?>bU0SD
zgX_0%gQVY_O|Ns3>n>*`&)Jsb|85>HE&j+}QCg2}!gJ2@!&}nmq=EVc^pQn~<C&at
z{gjNfVL1@bcc#jS#E)TqRN6<+cV^;`-U<1|YnlH-n;5EfQl5ZR_C8ViL>&;jY)AKM
z=7$@I&T^`tR<=w=ci_5G=<n4S{?(2h`S)XS%qcXx^EWgcGjTW=0zQr-;G+zIG<cj^
zj(ZEfO~Ab$2V%4EV5YqFe5*wRz)zoViq39|XD!=j>f`$OZ;a!5WPpvUg6H4((Dwb1
zouzs5Yb)vdkrZ!E@4t~s`Q;sPeSD4mBL~M=RTpD3)<2fFRL~m9-dEc>^P7ZreyX;!
z<2*w<SHg{YWS*$~!plrHdmF75HQr4#P~#~GMl*?|H+<cYG?0_jKUKefu|0vF&sBP6
z80q;<B0T|4&oq^uZsY?x@v4)y{0b%?62!ta1#FHT2UThPH6BmDv0M`*muU7URmmoM
z^JtvxJS#*u^7N<9uhN@S&o7dfo(YK0)pc@mgXd4;4Te?Wpu}Mr#E0dGl=eRFwuEu{
zOdXevqYUG+Xp~`G3~RqR?=$AE+rrj<otLpbesv4C2N~&~01Muf^fwg#WctHfyQBYT
zBmEzro0|TW>lyvMIQ{2w`uBaw>8JCW4Gozf(`5H#Tx$#vqhsx2-UW`^hKkYAHMr(D
z5v1ORul@nkqCU6wAC{bTa<7qAIvSpF<!ZU3@LzE`XNr2>*pH`$Uq`frZcm?ZgTTJ=
z6zd{45S{5Np@4i|JgF9dD~EhLo~9i&(^W2nt1T8<exJ<yA-q`#BM9?{>TH2LD)J}1
zjoMr}8$Ho7oILUTqR~UkKK93aHu9Cr^Sa7Q@5CZdz(&W_p$K4+YEMO*PY5p|zJu#a
zh44bE>{w6b7UsPah+g5yhlQFaKM)PLGQD&N8Lph3_=m{p+34;iedwwD1kW$$7G4pE
zp5fAoi;xpqXiY9vC|?ORCHTKZeOXAhILeoO>t$-fN?%r}D=sWttqfBA+@LXbZ>1Og
zzSI^i<t?(SE%Hb;!YU}@6IRvmm?{?SJb1BG-}E<%mneOTE{j2_j>lR0S6^f;Oqd0Y
zD;HVJcFdX)Tfr7P{ax}m7)n1h+f|YV?ZreFaB2IOoNlpD{tm&n$rI{~d!@FZ^qsKK
z>pIbw)8fn7>6gCuO05`PXqQLo#P&id4>T+oiMxeG_1?@aLL|?MX|1<V{w!fp?I{JW
z6NSjTSnG1Qbmx8|gj-M(jVg7O2q8@V0B@J}@c}E)K}~5FcElUMX4(q+AtYyy?jy_}
zV#RcK)fdJJUa)v$XXHzpJi?20qr9$S;elT8%(@A#i-ZO3@ZyU1-hKC7X|pK2xXF(z
zteU1%{i7~&3ZXUBH`O-3bdkd!s<*C03#&3xJFktUS;-ktWi(rA4z<N;?GO;WZOXNp
zpJEif;yn&=ln2TliDfNnNm1}&L=>Bg?gZZkY;&YP`73%QIVc?nO8Y$0ZjV%tv!bMI
z5@iMRO4&`t`u88Q80*BZ3%+LM86F4HAI$)6j_2ny+BJEbP(K^kvOIsNGp+1w`iv)b
z$>Wk;r1RC-c%Re`GF&{hfO3#z1^T>gaGwKxA9mqH4cTo??_eB!K>n3ixlV?UyDLjw
zC&lwcudp0`5SGK864d)=v<nLk#!@GPR;Vn{3lGM^CnGzYq%?G~`1-s(fK-+H4EVxx
zc~ENLsYB@G1Bn^8Njqg@_!6({4D_BYZ-5Kxu;^1nc)n-c3|p~qn#D2$Ku^GxFR#P=
zb+4<<r}<vs62&3!U@SjrrppcDpg_XF#Mxq>&;61dSyxtqj=8bBr^Oa5Y>UT1Z;S7H
zU``E$;Q{VP*WN|dnVUS)nzHGh5KzCcTB<?FXA4)Cjn4h7%;pIlnU?59yO4MhJr<2&
zMfo}+bfm56FVn01Q6KPw&w1-e;ss%0P17<iXMp$M_w(uZe^Fl%r+5VK7XiUnr`(F?
zkNqSsNCfQ0qyx~y6wn0o4mAA(@f<!M=pvZ{j|RG$mdVdv-$&hF;rhdV3g{2Z<vr++
ztP@`}=#RSLy8d|MGSDACTyBUT(9lpg1nOHhv4{FBM;q%aGt@T&>-&qjzACJ*sHggh
zP4x{m)OS4AH|}yho(4Z-g8{fP#&IEHDl;AubE@TeoOz-a!^Vve*_>u!gTpp&0?{JM
zh}a*s@&iS^K=6;SVH^%O{1A{j<j2;cr*Z%l4{09^Wg9J*Md>c593O%W8t<gj|2gYm
zZuq5oxldDj98ZAX<+POc$BYmm**bcT@NjkIg_-=gwz_X4M9$#k1fs=RbT+6w-9nq5
z+j`l7mePpDpSMp4f63jD&!qiOPEsyK4ndNfM3Uy;3&dq(TAumKpfa)MyEJ(Mqcj^S
zb#hAU<eQG`P!q1JJ2gV&bE`^GQ7-h15dJ)kElb7`MI*xgyuCtr8YgHt?e`%;K#Q9?
zE{PU5(GpW>S(iz)xQPr9DgZa+Z=5P6`3`Yz2kz|&5i*HICpZinc+ty5X}l;zN;#2H
z7^VvY*eZwoQVSb!Sn16IUW#3uPY2+$sovN`m|BHsai(X{M&cC1<Kyvh6x$%(3i$4Z
ztbjB%7oC~wLuk~oiVdr2;hFc95cw^A9s3@go$;3m{FiL*{)}g>gveJG_N!<RD)X%*
zR0_NC%MVpMl}zLM&G7plyR>oN#YSCvA45+7A<BLpZ;G?(E}qMdKhIV~{+x{vK`r*k
ztpvJ^`E@|fY{bCyJ_~fTq34D0{p^%-d;?`L(&B-fm;D<IbP$<``q1d(pGGlSy5w~~
zw#SuyTrWa-%Wsn7x%{Jxod*~$??0s@t~{aTYeE0-Gm_)ERCTes-^0=&Lw_0Kxs)F?
zp3BwKnE%(u=>K&I9V@Wmb?-}<&-k_Yj|2Z1@5|YazV)#)S*RDM96D1C`XY6;liT=9
z{o3M~jg(@-Ov}I<Zd16NZupVov2Y_VI=(FqRW_}Je*m{Ny^2Qy29lq;yyi0Y^%JQD
z^4tB`wnXg*R!h@&P+qwUQ31WDl)z=vS}3hdA#t}F!_qV~9myU8C{!?ik9-W&(R81J
zxp|r%#nQjQU$2A@HT{qx-b_P71<C*X9^~~hv-}@skpBUc|Km*ZzmnvCPxUP}%YQ?C
z$76lt%=InB`W!vg*Ji5k<1D?tw=ahJtmC@XC&j2w%-h+83HpSD6gq4Qk$yHNq@tI(
zr135uZ=;bOHKwbNvZV1@v`aI$qnRGPsy!+)xM51;i-gFX>D?=+U6XVLmCqGaM@^zO
zaA*o@$_cuHa*(`bu|}qE*HzR&vKnBHTCXcJwW>mwOd(REsj8CfAfBnJvY}#Vm2=}6
zNY%amJoxd3G^QBN!6#juHaBSpq%AW^JLHmfm}%qM;qS*2$+<{!rlwQtjy7p3^uZJ&
zOLX1oCf)fX*PYLHWf*j4J6BaB@zG39kw`EBDauNsNF<8>s8Vzsqew)GvNYX!woZ}i
zbtyzH(I_g)C*65RI@6tlh$5~#3pqi*#V4DqneNP|F-@YSkZ2KAT4Ki$Ermwi`P@+&
zC8{5#5P3>dkkh0Kr}4+C+oTX#q&+T{E-Ype?Pd&fDK+4>0@I%}NjqkMa_q;IBM7it
zvq3q!)%3`~gj4hDL%7kSX-HKkUc+^wsQq#e|HZBS@+XrfRrTg;{MSN*-aI;u^k#7n
zdh?-9vh!;9Pj{K`ZCx5S?qa;C>PNS7ok4%9`qg33ug@J&<85pDQMup%Q;6#Qu?hEh
z)|vC#F2-qUeWEhIQ?GA>GD+8WbYHC9Gp;b`>wINXr%_*r&RaH=^zYV0{ae9x>Tl&|
zPXH}>a~D64SHa3ZnOOc>u2b*8(i3!josZ?qrkl!&ylfE5j_NX<*UF^wzcQ6Slb2r!
z*q9O%ChO~_PZRX>Bj$V3WCndsndRiiuOby5d=J$2rDI5id+_=~c6|<B|8@*1RE2G6
zuU4Y)SDtb))3SZ>pCg*S;tKxxUoo|wB|pipGUdhm$|3)`g{k`b^fofj*e#`f83-ti
zx9ZCO_jJRR{}pt@m46U!<i$s~#We-p^q7A6D58KHki;8F*)%ARaFWC9Z__PJ?MfcD
z`-!oP{IsTa4h6>O0AO{K9dW|>I!-tbHUDyaa-2L3URCzO7&N^g&q`<D;<|Ncboa6t
z)jD|S&1z6~Kxs-Lz^lV-7jjKnTbz!LDr5EYqg+2PL;YML_Mo4$2N?D9IYV^){A(}h
z=WF~wTR&HHub->B*UwA3(a(77>Y)1hlFO3y^A&G&ub)>9NUfjizc?)YyliEU`gw6{
zclvqC8;7l*`wd8?pNIA{>1RB1)q{S{Xzf-%zx(=O>*qU;PNkp!(AT7&H>~PWKbN(1
zr=Lf?emMGh=TXV}xldn{eqQ!+kNUa#<?i(J2jBfiKmTvk&yJH1rk^tg8ufGINj>Z5
z&jy(F^Rkn=*Uv8uNY>94Cv~r%Pul(q>*oUnq@Q1?13moW`J|Kog4cg#*NgD_k@HjN
z=T#S`)X)6~tNJ-@u&STiPFD4E*Dj`?e|4ZWK|g=gYS7OOtp@%4Myo+TzW_IKTi>6r
zpW_$&Wc|G60$o49x4)J2b6w5h>*pcxZg={5G3w_H?jH1W?m(k{UUZzUpYIzD`nkqq
zT8}Tm`YL*=FVj??&rsjFSl`X&`pU7s?4IgtG_CLVIraK>jDq@xcvSoll-@@O5r{oU
zd!hva%pkj$?NrSDJ{QDRbfK#p{&=IWxJux!RN(6G6IQht5JuRQm4<tka&Rlolie5|
z;WFsdRYRG{jDm3cEb;vOD7=iJxWgNTNG0v}l)47Oz>yOWMPJ6(LFhPwQrjC9w1?K>
zk-n7wd54vhb<^$)i#SydZ!SC0Pl5YcI%3>s6Z7h5_s=W%<eZJ(${o1*gM{f@{yE~@
zHMwN3H7Am`2&*<CDNbk{l5--Gqs&B3y<(j4&;jrN60-lC-$VcBo5r*3ScCoNT(tlE
z&NQCIWdG@@z6w))Lk;yEkM)f+*H=XLpPuR~HsQ;Uk1^PP^3eWcu8;QLtIwnQDDXX0
zH%yFPW``<kQ*Xh~V^w;DMb#7`f4Xr$pY~%)4pN_aOXjSe>ZARb%!AZt-jdlmsE7J!
zKW4+|p6fGj$vo6kePl1JI7oeFli>wD)kpTi?1R*2HW}_2*h77^9%&rabA9F|$&)?R
zNAk1kAoZC==w&_CNAlBskowFbG_9xlNPae-+jD(p5&H6g9_k}`u;d{1nMK02J=I6@
zApaosnMK0UJ=I6@z;clK%p#%o=v4J-=Vzo(#|MN}M+c<01H)>?nvS$U-bP`;1y+=;
z8v?OwK-F%}Sx4)!+s;&eZB_HFhgMt1#!ei}-h&zj@OSSX>WN(zujrU_`-x*?Hq4i4
z@eivB=6!MdyJD!u+Vr-HC$EVIW8>q&ytP7jFZy0c@8whnht;X)>7oNcLG>aZi9nuQ
zwmT5>VtToCr9MW#lr0LY`uStUHuOAuTdesy4Rq0hFt_i+`&N%sV6l<oOWxYDU4Cl~
z)j`?ms)Lcur5E72DJgrbu&V#D!C0ZOqPu^q(~(?HFlI~lhjv(Rt>NKBb$_a$v<V}M
zTKtmSv?!QYgHD(G{VeB7&N}Ezo@7tyPo9mkGK~FgdNt9%(=Y9j)??_ecP9j-y74Tl
zFz&oXuX3^DWqxTV`P6<8kTyckQP|O`b-`Hw3i%`eMxZgIhQP2!@30+WO<S5cbtA0O
z$d9b-D6h3qN;f!WR$;8vrA--@Xu5Zp+|*blPEDtZzr(t*#&<Ad%dkeQ$@C^~HzOBb
z86S||fp;)J4<(P7>B<UFyrii<3sp1^S4YD(QAIxP9J;#7b9q2@<^uT3y>k(~yaV8c
zoxPx(V+FWc;$B@N(4EL>f-eX~0KP2v3|CyVdx8+={gHHtMT~~X@hIwc0_!#gqGyx&
zfEL&of7}zjduAY-iMg6(Pu^&k5Wbf<VB$1?^b)r}dbcPobTI@>i!)fP`eXgW%wc%z
zDvO;hoAR@upZrpTzb2kmb~`Os#RfM!`V(a&8rGAQJV%NH5Y1wONjuC=7>p<U(cAKY
zl46+2*b}*MU&yJ!+!i*n6=8Z+<$Ch((c+uUbd_8j8}U0tV-yC>>nf37gmsvI>cpY|
z$dq9pqPt0Cv#<aUDMU8<1@S9?=x(P)2<P&SDG_7+PXK9y89Ff1x-2i~hoQR0kUgiw
zA3Ni5iY?}+WWunD^+d;Hp;;q(5e7_?$Z8NJ3rB&=?U$6G)EF&wiSq5ZFvTihka$@e
zmAzEPrRuOQv8F3c<oUtZ3-hmmhdJwTG4o!pjyQa!2;;Hck;cfhWA!EEM2FkC>0@Oa
zC%4ov_d9GF442rlCQXQt9fmK*VJ^8v=%aFx_fKrZ3D|^kIXa+&0)5$Gc_lgmv7wi2
zJJupBtPMoV9f7?4V(fA1eBq($A+=(R4QpkA>r(28icvOUKDyNi%hUZ+ZQ+2mk>_o}
z)tb{%dKWV`NV}ui@;GNlylIAZt{Ohs;yx~|w9p@&h{K#s@mU5znK2+&DrUPbg`s&B
z9lZ*026Q3ir<c0ivT_WRIfd6l<w^%OeXgAoqa$RmVyi%Oi=(b`WeJf2I@SxUkNJCq
z`K?4iDfC8kjO@>A5bhO7544NJYOotJg>V5n)xjGh@B}@@7wXdy=kLHQ4^EAHq%~nY
zw}uPVfYd?3u8W{Dg7j1paD5|=RVFOq80*LGmVK4qWN!>eGhK!LJ|FYIYGjWRBAIC#
zA8Ikzgz#U{$`Ly6(Id!;@T;^0D?*rzAiLy0q<6%X+Yjh|bz^cxYYlOR(xT_DMZ$6^
z3LNmk4lBm7mz@K(rm^mr|3eoF>juT4`RRG0x4DoZ?}yIESyXufG!y5RKQ`iVeDEP!
zCMI{P<)OL}6psYTE4S$W1vr>I^xhB{Yvnm^_jqdw8VSzqYQ;c~4Q@Ld%Pt=C%-=AE
z$AfM~XJ5Fb^_O4j?WrG=iH}`$-!LYd|IOup-Tbe}|K{_*h5T<3DZhp>bSBDEe=i+z
zl9zwY_{C0ZwXI^5JUQjvc<3;Cwz9lK?@tV}M=rxJ1A{2}2ULGNX$y$45)>q@TjY@g
zF(O?DFS+z+D0vo@B=c#mjoCX&lpXsuI~4q$sr~-UeuMu+RX?=%43CbXSd9}YR%2Z!
zvpwA;N3Br#@=jy?Mdc&7RpT#?X=_?9kGv4GL+lY_=M8-2SW5eL&dq-uV3D`{s#CRT
z)HU^^Q=wnV*B{YA2YRnLg2iL(^Ah?#H!#nH0rGu2S}~j<3{5=WF5lnY8kcW}pPKff
zM*4CGvv+*FOpUkn%j&<4r2m$w`fvDu^q)!p9r1JZpY4~?e|vwj{_AT0ck93Y3HtBa
zFaBNn@2Er2e@7mI{u2&C|MmaH^<Ub5v;OOS5dC+c{U__cBMw9V3Ek<x{;Bn!(7paU
zGFkt%ChI?pIr?9%|0Zrtt^bDir2o=-(0@mm^k2UO{ny!^TK{RkoAsZqNB!5)ehB(+
zw5I=FQ1#zKsQ(71(to|V{_D;4-`~voZ<|T~?LqywP1Aqdxc+<2s^y3K2KT@Nv9c9t
zn;6eFz~?NX+<#?@{jp{2(8z=;DR_TC@>O`HV5LF#`PPEod-&uwig3H&9h@8A=flrS
z1F>l?!5`Y*9F)G3pFXuM9xrnSVza8D(?O=k%N%5=KH{x^9BX;Q&8n(~s@^%bBR=Ko
zP}}eB_IqPRR{zvBz+uOVp~hx$*cvf*l}ivq+nW8-SMoSkC)9Bl)Zvx3vTEsY<!)Zv
z9H{MzN#fK^V$Am%o~zl7sSPkAT!fq-SGM7h2CJhU(gF);M$TF4j}06Q+#ZN#c;fkm
z6?5(f+2gAWN(z*%5Tj*_#pr}8D7d8bQu&SMI8_0P9>9YbyF&|4d?j|tV?)ts<XdY{
zy|eKvvFkPkq(;=bs?w#rWbzHI@p#jV)AjS3z@HtANadQi(J$7S#`f86Zu7>*#Jv(U
zq2-?Y#ptWlvH{RC^5kTEx{9;g&23Ge$qjji7$~$!HOR(76z_EL^KZ|p_(*y?Al3M!
zwRl|0?h9`$JwjQ#Ti?G^{?!sU<>$FPIBczlg~VQu48=mIe;knBMhgWVV2)no9EyrD
z)CO{WG>ENBVrN7w^n;^xc+NW9IFD?{HV%6Srn3;~p!TW<l+E}=oZGO0x(TS0g>~`x
zs^1VVHK3n{G};x<&-di@7Q!ytQXcJEbvg}k2K${-x#DpMA)HPHGU%+ts%)x5dpq)b
z)K{VXRxB?ppaeV7j8zz?fJ%(987g|;!Ydl+T2*K)F%W>=%ZL-Pg{7yfa%HQR=~6tF
zwd%7BcCv`IJdFEq0qaf{oCwvP-UZ4nP<DD%FtV=fbmm6iMJLnnVE3PRwT9BupfuZW
zCRu+D+|pZ5;XdG6eE=mNk1StjqkQbjjTodIgNWDJ;enk}hDyFR06_;N-vQ;)uDB_m
z8;te)0cjoXeg&jjzqCoUMr8)31}*ZJAo--ps`ZKNb?ts>qc2=tI>Aqew(vhuYS;b6
zo5?FjvH4pY#hM-IV$AlCXss59HF%=lHyo0cN_+x9qR;Ixzt@Vx)}o0^wU0?_LycoY
zZSK;%xnEmA%!JzEg?90{jbdnPvlyx!sOgPn{79%#z%*(#yKJ7QZJuN;`>yHlP~LD}
zTrHOYh0=k9c|by$f=K`?m<s&A)gIM1>PMFHif!z)p2F8P>A0qW>Dx%hj3U*g4wHov
z`1>skQz3u53)M~?#}O!hS!_B{OAE7`g%k1d=sZ44y)P3Vv+yDfJ|0`d$7755-25+#
zR~MnU81nDl#fdqJCnEpgG@vr7nmUOjO-=Tdr+xv7@x~_jXA)fLX?B}-pq_m73#KPu
zcrqcL0n?X$Jag%X85w(N1Mj4u^e(L$L*I+2KE>Fa)n3WBEKyTF5A($vz0wJ*%Vi|D
zzQw)WP<1|@O%tHd3a_-uANsnP4YTBX+#@Wi4Yk?v1oDttn6vlv1q1_v*e`hZ`lJp1
z*n|LVK$E|Guk=|!3WC;peF;(%YP5PQC%opBCa;hm2Uzn4em@WmF7-wyuNYSAshE>#
z@e0c)ye9e9pmjPn;z1#@AId<jLih@+g+xQ;2UyqKZMeL|_-f-FfvJuDypLv=s0l2+
z(tck!UUn>@jjaSY0C2BSPmtzpto%Gd^A%WC&DU&Fd$?~fp&(QZ_;;5LJ_CedFr4uY
z_}-i<m?DdgrMdM3>fC7AGJ*rrXM_lRYjCkCAb;ljL*D@0kmcI|pA`nCUbhC8A6F=W
zxZylubV5G=4t+#9l^$B~x7eIDo@g-Ok4|uki$Qcj2QGzg*BwjxhX4p3$D@(D94VQI
z1BL!zp&HPl!4>k2GCJ%9S5WUxiu%?}fi7Pfkk(_*M)2&Wr**X@4fA&X9d1YhKM5D1
zIgh(bhk9z7jto_&0d00qXq)xIXu+Qfk;sWKc_$PBt+$gbo={|J0J`nS`*Qj)eXU&C
zY0}4fe8LSwBbG9|GK$t77?;q1|9p7H(#O(BzemT2`9aHaZ`9*V;9*ZowYBUbj6&v<
z+Ojvx3axlPg@?<4^H)IASBQOJ<R|0EpU6i(kj6&dH0+3<*$jfdZ}4(VCc)tO!Y$q?
z-3sBkxE73xS>jYNI~Xl<c%;w$dF$`F&d-HMcyn1Eb7cUivL4Wjw{lSlIm5)T0(5MM
z(iMyfdyuzQ^>f&evoU*fK)S91u$Z@UBf#8Bpk4W$hMWAu)`KF28u8%w*qH6rV`<jz
z0b-}YFTtrT$Qc1CR*V$`KT0wDL;!)RAAo8Ab7B99+V%AZ82}^cHI?*0lpX<n_>yOC
zBgup)Rfg2!M?Hj-?x*f&b+dK>OO*w%-4u3g3v=NJu$J-){dx5)e}}1ilKKVu1BDFl
ziYl!u7Gqb8VCQpT0CHgf+{&H&o;3=I@Fdn=qSa31@;2tJExRC*Tp-Z!<t5sem*SV-
z08Xv)yg?|0rQk+9O7~6g$?3!U=<=9+a3~moU)rY%<$@IQctxT-#{5cN^pIupSd5kA
zQ$|CW;$9H0G{4KLKp1o3igK38WhR!r(u8Fg#Nz`Io7FX>Mp|1Le9J3+;E}3P5X&dD
zngsBKWhj7WyD}}h@GZNgV$NF@6*;PMR=A&{iD|O-N0<|3PCqmH1yENN1@anu5Vogk
z!d5oTI@0T!ybHJjh|(4ZqgS~cet@t}FZRD#>?Mdi7(XuZmdST*BaycZo4_UB1eAC}
zBnO$dwU&uH7fzN4%;po~T-@CZOPVTA%?@4UZM9wyEqKtbio60B%Dg7VZ%H~}MWPOv
zt?7X8KnJwRx9rn&K-U$@D<nFhN|WqdfU@)TGy3T9RFuD)<tOddzlYK=dozYb@kXzK
z4r(0w>Ra*n5q9+E@;K$&;T^AZos$+1!g4wp`8fr4z(^}%pSO8RWfpIRJA6A%?_M7N
zbbJwL`LD$n{rCO<h%b)$@xKRO9NGBagfA8i>k(hzA%W~OyXWVhE}v)r_-~fa7w`GM
zEuS}k`9D-XZ`^%|^7**adXUeI|L{!6vTWkNXe$0AVH$|dS;mvJjrS7gm5b6!!X~jf
ze+AT00iX_@oc9Pv`Kl5aQH;%HcF=mbuav)OhVF{a1ZltOL)r`REe1rh0)sjQBRd0v
zD9dLJw1PCCJ&y0)WVjq^qqF(jn$N=vAzTGLFGr7TgAY1<RUlVz$0IgpDOyk8U}mf>
zZ1+N1iHJ~saVTyK&~>Qo49WMD@W27$$vKtsfaTDRsS}<e<7R_89HRAe)pQ!opfSMi
z4`9fbIaTp|=>J(y1tf(|&m0AxT6Ly{=Rp3-E6u8uXXW;?M1z%nsT!DfaWGOXEH42x
zdK)|EQsp1E>5`bO0-r_QqDQj0!!1JOGwcOq*I?e4!u=S!z^`U?hLRQ1>Tq@0@g&rD
zpplj2dLU2kVXEY(btl(j`Bvy1goonPT4@oXaNS-k|K<ox!UlcMdY3vn%1do)#*T*m
zq_=rj%NM&k;?T3ovt4SurNtHHnJ`+vCinMhSOe_Do)wl4;2#O?I32^!2zWbpYbQ;D
zIwA59J7QB6n-mYmf;MULQ~$ybL_xln+dR?)sv3s-si+tbqa_$F*Lk@ICNZ&OP}(h*
zd=`&KgHKUcPPy9pSzxLn!7X%Z45fSY)lw=5V~L6NfUrN&kh2Oji@EP9ZZ(Iw$4uv&
z(0V@pdzyZ;p1MMrVmOZ>@9)R?5t$Kq$;gi;W<2H8L}pxYE6lxv49MgC_<$sg1|J1=
zP}I>_c?uhi<2pJ1M+OT&0e7MHG-1I_Ncr*$t)ugV2kyfn%Wq8!?aFpnboCMD-vK|2
z9xg1n8U89hHExnrle1ZwOXmwu>0_z#<*ZXS?bq9XFnKYjf(wgEE-ZSI6IJrc?++>`
z`Z^9tPE75~cRS{Q^lp!rIo=qFl}Iv8c;8ZVqFl+=&qF%mS8y%}wVeaqH%WMas*KL5
zlAB)oxpLyTL^<&SefEM8AS!4*nJ6tvdXyHMP10gwg0!go3DRP0N@>CL0b|c%l|9Q7
z*t65l*%LRbr1mHkz)d9>4eV>i@0>*eo}84~5uY>#IrND{d69LP^5VY3k{1|^vBW|0
zVon7Liwi&2g@tF5=L(a!_#5sGKtY4Z(BuV3kAumI)8u&kYGeUVp>j2Ar~F|?Dt=62
z#sepJ#64G<xY0A2&B=od#Vr}#4@J^AEIOIwMBx?6u}uGyoOoK56So`WL{*}kxQELL
zT*WCtlbpanH1Z!$HsBA>>j6X|AMaP~5&YyZ2H=eTE_9bY?iLo-iGZXQRl76gveU%q
z`Jub*7!izqtj(+~8|BWe!+TsDvV;?`K0$N(MGkS)Mb2BVj9PMbhT7s~tHp+N1}?u*
z^Qdcuj)~fHszcE6FN+N*PAt-fre~)U9>Nfyl>=F*uTor)4s=O1O&@6MPiX{uHp12P
z$oS|*cBCI@hY$7w8q4}$x!M>XSNk5u87teyNixO{%@@)2+AKfuK-8>d>V9(6mjy6=
znJ5L9h|$Ro5T7doxJAq?QHZEaVid|}@@R$fs232Ql`WxTRnSL1U^!dFfPF<;*aGVH
zOYh6GV8FuFr8y`$LUtScStdp&tN<vB0-`?`5PQ>;jFGqr+DtoWbDS2bwsaLgk~dV{
z*NNI((uBoiw#tr9Se#c|I?x}gvj*~JIZIC*8?`k>v-3VF+jNn1#%mZ?P<>XmU2O1C
z$Z~(E%PQRaD=YIe4^BO8Y;^QC`KmWEEUT<s1|Z)}wY`S>?qYQGYWa6>;C5iyVt-y;
zK)6U2q254V%PpH>Dlbz9MhN-oWGsf6gkM6wDl1Bn1|K;XfS?pYyV>kt=3)AqPAh0{
z4?_nQ3kWKVE*G|wsGhSVG-oMiSq$sw&a7v6#*<qugqKitzN#G1kT%-5Z8}-^7Yprz
zg{AE^k7RqzpVxBR@ZeO}YtTL0kbp5!mnG_3ffV$i&mDtx=B+7PhfRaxw|_vrG=B^F
zyFg7s<ZMp69Lj~Cre*}9v$VEFU8~XE4SQPpPCoke3_KzUeRa!h<pcG+gt;-oqMFPa
zAu@%UQZIx*hA9sOT@)ShJbnZjybl(OTuX#OtN+=_zOQ%K4OYFo@!OmlKgik86->)6
z^Q_`MErjnPbfdmJ&dPeb1)Cqa8lN@zC`vthh1(L``n<a&YLOZ+q+sO3F1@r;-<44A
zrf4pVA(p$Gm0LnWp;-}4JG7|YC0_-y7|h!Mz;R?SsiEm{!+g$HUg<PYMr@-{$WWT?
z%6fL`t}LtYR{F3aVL4n1%Y9IjQf6rJt>qe7Q6pJvmDyc}QX(|69z&!?<{KM%XBYou
zzVZ+rAkJ$NBB$VP1KS$#O1aAM2Q;dlQA-2(YI+$%P6ioiL8R(7)JE%_<^)J?qyNh?
z)&Hds7S4!LvS8ipU~&uPRd6xNuK?+s9t75XOI3l@%8qS1lNRe<gjbCKDAvetw$t)_
zaTq4naGZ+16*-$(uvKKFD&P~3u&{wC6mMpmR4YUZt;u{1dPRu5g`<_*AcWC-0*!IR
zi=q80S6_-RMm7uKEf(~;82u{tLQZu~ylIere!BtI->?SH+jQ&M{#ZesC6IU4Z3@ON
z2uwZZ(&)esF3LOc+)_XXO;%rY;NxED7=N_%OX!8O;FVk6!#pO}n<q>k!-P>M3ru&q
zP)=0&9lqIgAI~R3uZ_Uo$Oh&?w)hnklQyXAgKdnQ$bB+cvx9kM+(M)BaZd^$ZcVWp
zRbkY3LMY6qYMiF({RY1DNS_k>8t0!7x{*8-onC1Zy|B>8$n*8{{W$-SFY~dJaO4%4
z)Xx4iA#xFdGiXR@U-;K9L@?&Be`<f1D6N&=K7E2y92Im57uKQ^l4MmfX)mZ1C<K0y
z&u&BRpX|gcrCQOtxhzLHf}|kVUuc&K!m4gJs4=F)plB87u>pP<^8k$72^U9g?WD#&
zxJVlP3jXXTm9xL>n_#4+><G@BJC$p=RK%v_Y?i+}D<0Q`a&R#q%Y7z(=gWzp)L8}k
z?Qwj|A01sIU;WPvG`lVKOSZ4jJJg@IrECjT!=+(6o83rw<pd_Mf>pxu35%6!UFsA5
z^J0&*TAA0?O?jzad6~(2B>zdMR<0cgvY<*kzwMVg{oE6r`z*c3k8o2~nP}L>Qof9E
z1){IGSSA>Xh8`Wk#lR~r%sc`^u^3~3k+(7VExR3ROj<3mO#vP!<Ed>5T)A3qn*xk(
z$&=e)Oj<R&O#wy*;puG(T!nC5&994C@|^-#F-yNgp2(PgrvTkYF#*p)R|S0<lkhAg
zcVRUVkD7#Mp^H)VIeM}aQ5a1(-*fql47?Ka5k_XBjZu`}?Jx$<1@+4sK*4hZ(ri~Y
z8Z0SzZl>7h^PtogSyy%g^TD3&vP+jbS;X8R$uo?YTUS=<2_0Y&b44C8cWmxEYQ)?y
zb*f=;_h+PU?wS>}a_J^+?qf!M$K&Mc@pGSK@snAc<&^PrzYGe#2IV?vAdioWv5`~9
z&-F7;FBZF)!sosu7axtra=u<TIDe5D85+tG`!N1u`F;}ltBvtj?pq1`r6mwze3fn0
z`6}0{^Of7G^Ob1T`6}P4^Hrf$<13y>h**nf5+d&6sf38ZcrGE8$Eqs$EoZZ}M*dQB
zEiGg`rsi8(=vu;V8~N>0c8lqDw21>hFJnJ9^IJA6c^;;Pu4;B`;oo1&ZteV*9lzi?
znHIV>v0KW^q~>H==xWp_foz-v{gWm^L+jyBg6W1y;7FbXHziF1pK%hjnJ2*?*(9)A
z6DL6x@&A$@`TyBN<o_8zng0bN|9d8adLlP6KMRpD9(Z0%V?1Ax#yEQ!AA=P%B#*nQ
z(is0|(#aLNx!<*fnhO%a${ao&cofD?zLVaB^EkOIoW_xFQbZm)8zKMjXT13egExKq
zJT9!>q|Y{lU2CjFEBeI3=a2^I64N@~BLU(d=7zVBj?kM#h8cf7V5MLmSRF3$!*K#8
z-wGj&cOTg(L|P5Fi)rNDV`FEGik4YejsrjbctNyu6lFEo?T_7Pg$F?4T2A3;U+JvT
zmzG{1l0BnyZ@*iN9dY^Jj<pEOtHr6dxuSI~p7!84hP5s_%fg$auexx)=K*=h_@VoW
zTpKSGkoEx*wkij@)I0^8AiGLX8U^HsuirK=;a!ez*ms*&FnNs44?jx;VR$h_WMMYi
zQGK*?S&R|YS7?QUxEpySNxtiN>tzA)85v51$aRFaSk3sKSL#&8brJun<sZWG%w{4)
zCi3!2czJ1qav{Y>!ciKBz_ftv+sgfZjVNm$p^^sH&^Rq{SUZ*XRJ))0ot;FNR2%Am
zu0BuDyF{rZp!dBUkL|n*Kjg<jqG-YC#pwO64dm(+c5R}LdBxSpJ4&X%vt7A?*!`|H
z^r*BEGl!Y%RD~wo;~QLQq8wukxt9?5nrv*`mAG?oKQUD7=4r79DW3g0I=v)_pGe~d
zDtV@O%`8ENLB}j4Dm68;kQ2)_%|cEyS2il?T;D8oHM84%e%r=w3;C^u!~$153th|_
z!FA6<mxJAw@LMOlRW%Sht-~|gvA8wZ(Q9}|J5i3a9?8e9uI636mUs0A-qo9US7%{Y
zV`+KVPS({`{6mZR7dEi2##@OEnHNTSJL~IAA1=6d0nmgx**BnvrEw1B^8=~4AZ^C6
zhsy%i#~EGfIOJMQERbu}SilSQsyyI}tONE>qRY;rnWdns{|xKl(RKY}j4oBLW|`^A
zGSU?`&{Zu&R_%wG$5N~$6Ef;>JE-wdMu-Xu>}EpjIw4SvHb+`u-L*fldu+<7@EeKj
z80VGPpyOs^?w;LZ?3Rvz^aF;-1FAg}f!r*l{R^ZWk4<DB62HkGv@vp393)#zd?s5o
zK12Re9_nCcqWJ8@Re(A*aUr1AjB5dPQnKX$>nOGy;M1|fVw{eASrBH^(KLrLe&QVZ
zM&aU$55-dR99pW+A$VP#LMX1DZ%-Twr?R-+)N&1Fa=E0UOfHvHl*#3i*1J{>Wg0r7
z+0+ply5w?6W27__y5w?6MVDMIIn8n@^B0#(56Y}hHOy`9(@LXUdc`1@fWarW;XK>V
z=NXG`;&#MK96yzJ2emL-mKo8xPRoh}-u(mtbd0G*`Ht`6@l}>gI_o6W`YFztBMj1D
z03K{kAqWP~=zDmA;M0d0b*k1WGz)@4T@auI@Nx*pVT}*jaA<2H8}?U@YW;--W-cdB
zV<0nmPJ^6!Q<qbqULI)Cb@{lsreVrk48428xA8b(H>sX=ZPDnyLd4UeLl`-02tST!
zz&Fa-#!5c<CaID>Lgc`{c)aQLR9!Ioa7Fbwi&D$JMw9HLF3?pOYO?$HB@E0_${qWX
zBz5_1s-$lHB_#D}KQd~oIkjue+`cw}+vUAU6D{+ne){=6sd1kwNE1FiYcKkuv-K68
z?>k~U&NXY&TnlF-ja)3@sJu%&=yl~X8Fgg*oHy1DGte{}rEem^j8I&f<;y>ABkLpy
zC{Amonbt}(ts;<#>Op>PEAHV5k*A@Tql}_{jJ<@&gFjNOvTqwd=@-B>R}HKotRFpj
z4W++<GDt?Yd?FS+T`gE|E?6%_+&{9hfmXUPe^jPtBEw<<<WHSx6PcMYF(#CQ&lJgJ
z5Aib)YHRC7=}l@O6frPzrNt;}vhb_)!BP0Z09svAe@GrkAHcKdWOz|)^t#Fol1sT|
zkA5!M#BbR@mET4;Gk#M+cez=~lv~aG*7-wfnK<}xWuoiB)ZcA1eV2jA#|<EIvk<uh
zXizRSqa$v2)iA<hGe%Hn6UPWk%@{#dY8)f1FoUJ)UmPs0XynS2w|#}V&sXSu4%KR4
z354N2Fj&g^mL%~v<K|yf{AKM*z3|}l<tFfivfH$tq`f*{vz8|gGs9)mJ{|m(YLqLQ
zP5YIGMSV_O@$EL~t&-yzvq6z+uC~m4XPwdKaQW`}1*~oA613RNcg0o{R8TgwYI}~g
zN?)K{zTtq~Vmc4)m*T47cVdtovD#-g0f)ZNlBYe#+7gt05b>C~+Yyu+DVPC;ekO%c
zj{nPl`yNe>^~~fbZIC|DQ~3p?QW!(%^Pto$4*6W{^R{YeY#~EqnLo+OI5_v6G7=O;
zA$uC-|1;YYQ`isRWBw`)7<R=!YK-&NQ7KG_Uj+qUeN)vT*bjR%`(dkUKYYb>-ttiU
z&$YDY{&Q&kH>2tQum0n`me^&5I4@8PMpY0&VTE32tEW<zBM^O_?+anrBQ$%W?i%Rw
z39F1wk1QG9BIsjJgO9$-gBIfnd<<AT(1pMZ2)+vIEC7fGS_zLUyhL`o*{%@{05fQ=
zv+-jCher2YIw<yO{x}#?&jfjyVm7<it2rABT%xoQ2hXhzUZ2m+BM04GHaltXF3bI_
ztd}Pgw4^0wQKKFSttm8*rW)rM1O|K)=^l;LC>O>J@m!L|`%z|Z=YyTf-cEz9Og=Pw
zd*XP%B)7HN4fgh=`Eu})2W90IRxwa%9Cim1k~r30ph|vvez)UYfZSrEK~FW_-k!%B
z=HMslcvpY-i;wp^KWV(Z|Fg#1-eNcHFE+3gCLZY{O2jPA{hn>Vv6To8Xf>bUx%eq3
zZZK|82Na8KBAn{Q*x><8P&m`&P&Xe(^P!*ZD$j{yj0%5DV(-3>{Zc3r*nc>pvjgV!
zwF}`XX}B4S!?x2eHDC_mk;=0cgFixsCwdHD_Q&~x|E4r@i!QZeD&TW_A-jC5CWdu;
zq9fr#TJ1-5>xL(Jt4jx~PqR%=v-36yk)wOl?geE}6++uF+!^Kl^<my$o99gu_>9&U
z2?lswj;IB#khltAyaW8S(=9Bjb7y`jMCRH+{(WgkYdlhjoMdBZjYqn3cL-shjT(lD
zt49)9MWcrbk)x1#V^eHm-c|UqJA3ig-$t7}SW2oH?GwV*bc<#5r9!wJW5o-rs(sS8
z(V4g@iy0tRsMA0^)r&`fU`_@4G}Fcxx<#5EXNrAfws}VTUhN?*kbDERvOz~;`503x
z8;TWSmD7O3DezK&kTXWUm3HZM`-iOY51~}M#Q|w+exT1De;*liY9RtizI>q!FSA{R
za{6`(N0J%BAVqb4sSeoFBP^^Jp@-3vsTn<)wxA;>c4%q8irKD_n71SyI~173lUvUe
zs{<5kAa<*bja8&TJ%7AY*V~x9*cs@vl@eYXX7!^O)NSq>w(gXTdr5}<Q5Y0th(O+t
zW&N5?=9i^|QZQ)Q)&QO&fyM@<P9L7EZ14)pr@2Np-C)Sa0j-ff78b4cW^NNAi%8~e
zbLW03gljA;)3qIi;Yajf4+3@7_QhA?k6Mgbs6Vo(e0!0@LqU8zluEpoW!whN{J1o#
z7ymLXIcc=aS(YdY-x%lnRmS|)_nKZy%wN3;$&YyAxIY$<+Psy}<e;?MC+&q{#YJ<L
z^3Ma>exXXrJgn0pZ7}7}?jP66srjqXwM!q5%77~iCX1a<mSCDXS!e??4!sWZMOX#P
z5S$x0O%kRC%nEnqY}ao=VqHZJ!<0V-k5?qk5iiTQt4)**6+KK8Jl6YLZMKBh3E{VK
z6UFPg3acrGnKKg$<1A8E9x&(!V?U#0=`m0E4k7Zd{cPpx02Xhspli2sv>q=`muNm~
z!cfaF)XL=jYJPCFT)?X3F&Dy^S+*OA3NkZ{-aY!8WA!(+Zz%V5q~M>UR9ZmY(niws
zME?UJ^s$AP@vI`nwG#jJ3f?^d!M9Us*{}N3jdsC;a3ot)k!V$>b?WDH{Ip(V(v?3x
z(wGm2@2VqX4eFr$*J@tzTIH5bW6#>KXIH4ZI+Xrep)|3Kf-IeaEM;sLp5@r7+|+I?
zF4fa1F;wC70{zHd7!+p}@#XH;u7vk6%%1GtWjE#@<MBp8AFCL=NQ}*P-R<WgGMFdM
z<IH;n)oy?(U_vs<u}Cji5vLGz`RJblGP_75z=X~!fM?_j-;c+oIutm4`rtCV9#b!Q
zgyk1yvK%kK&@A?jG{U8hcWj(f_4Pq@{em6Q%<}oTw~NWc@V9Acct&fd5b^e7<`67g
z?{%Gt{|sk79kl+5&2()Db@mbF_a)_<9;(X@L`&pgY`Qfts;K$)jHtUUQhoOz@*4<9
z-(p~MoW}B<5=KKy_pG#1Z{^GG$}=1oiYS&Zi=zg*gh*xvTh$looAQ+J3dATXI1&Nq
zE3ZAhy$^Hs+)i`E&tK0EfgaPn;6c>Z36V93N^%>8@Dr5LWtxkUXB81#h@6Hsqto}v
zCa3Qi{jq4KS860*1uJ=d!+_8<Q2XKDHu694<^5h1!p8tXzPx8~tF-h8xNwv46LWc^
zZag#8Z1n&!;S+d(%FI>Q(Ma(gDvq%@g@*RK`djof0w6ha$=0d$MwB>XH|jR0JnTJY
ze|-l>Q2p^E_|YS+@#M`%-(rvyeF6BR0TzB~WXjggiP7k2yr0wIt(@sPQzK^Ht;T#&
zNC!W(;v}zFD6i3ln;e*l%JU`;wlZChTS+|DXvZkD^P5!`Lz5ThH^yq&#L&oZ;p)=9
z(6<30e3lLS7JHdCBcU_0-{?!)_*;zlbVD=)BUyoX$IcxlWALq5aW*hmAX*IUd7X(p
z9gH(sA2r@foSBj*p8`Q1f+=MM#4wX#B*XCZPV0$1UpBGloxOWt&+}}IJtJfmjB;yq
zs9c8bSY0{^K-O>=D$FVcmuJEy#g*aHR9J-uK_(!a@+nbl&ExdMAHCh_kKW_JrHNBs
zy9wuiSwC7tF+oZe5PVuJ#_ob9kA^1q>%$D^Jn*pUdwp470%a)cOiL}!4>8q(4m32)
zuR^su+#W#o;SXRGgh(qg8>|#2;Pb2ij0ymU;fW(dy8t*cV<OlV-pb{ruHkHqMmV%u
zwSnrS*$;zVB>Q1*TE$VtdYzQWjgR)8FpV}6kcrhH0rfV=nZ{uc4+M^FaJMl*S}b2s
z@6EI($fkMeW`CQEK(|vt>7=kg(_EQK2hSg87D3$4A7vA9zS2uQH=8U?w$M4a0=;KL
zd#qwqls%ar3*mLBDkJL%mIKFx2c;ciuY3{G<^XiYb*4GcoSr0?>(Y&K38fHOW3ei=
z<?<ibGI=yABT?e==Av!Z6MX~)6Sdl#w^az^u~KL&$)@mnoZl#fl)d{C{q`S9N1U2d
zjs9AZAstLMQ&?I_R*vf6{fAt0rrQpzBSdcLO*=1HC?(Fek?zY<JF(jy(s=QWd1hYB
zBGIL(+wK@MybgV1mZ{@ukY~MAd3HSXR!$4FUL6fQyA>-PdAdAtetVp?Kg8S5nKB?1
zAyZ~sEy~+%6u(>RmtXfX^vlxy=6+eMo_{2np|x!nNI;5itMjv_=$HuqYg=OfKi|uw
z9lf0f?Wm0G)b<I~@(-BHr*|34?<0t3bD@xRVnVVk7JXdpO!jwGriFog5_H4n0?{K{
zRl0!x<ZtUS8U^DhX-!@&=sT;f>cVeXIj3>h<c6+wvIBz*E*bUBEIbEH<CC3EEZIzA
z@Kn43B^I8M#%F~mRBzRr`S%`G!pwB063F{8d~ABMO5iT3_oFDt1<mlGl_iVIBElJZ
zqJNYjEr#(j^96_uWlXzyKZbWTmqWL-tNo_QE#>S3x_(a*eoDuF^LexY*Z%>0SyXOo
z;p+<%E<pG`3979^{4=~S%oriExrM>`OgfCNp^h0Kmo>m?Resz@^)c?hcb^tN8+$<?
zBs^xw25DHAK8dvXb4-{c8TmlGE3OMFO-Aio4QRR+(e%+c77aDX7V4aaVUj*({37*t
zDKAm<`E(Kus6ZC{Ks$%!Ty5HEFfn!%GH$x6g2m8XGDgBc&z%Kr8V*V+5I<EVAsc4p
zCS$zubkv}M*et*?x`gUSaoWF<Pr93nZxO_|J)6Y02!!<q0d#q%rpp2_oQyjz=+wqP
zrONWdb56w-ohE<WS1bm9+)15A`LaRrtMi^%mS(eZ$B(A>r_<hVCPUsw8ZotEG1zA{
z`NN3#nCEc?nSG{5s#CV_WB24Epp4#UXkrmG@z=*$lwH~$pAu!~k#M!AF7>1uB{$Ab
z9cipu-(mViaU-jS&YQk;7*2f@BGHT6VmHU7TiYV*ga<xpVN11pC}tR1gXO(9wv!+u
zW3cinvAT+kR%;*$d4jkedJu{zWmL{Qqd<TuVf1oP8OeySI9HvBFXtw|oUgq9quO|^
z=YcL$yYQ!rI+A{x20y)y9MCM(T->G{Pu+uJ^?@2%L@3qxj;7d-*ZE3paHFe_r5?s2
zy_5RvtY@Lm%7&U^?0<QH_m}+MERfyn@i^CyTkMw5+dOsb=ai@$lNtx^Xs1A~+XL2w
z^PY27=+Q1oA@J>yVmh)Z&8b4qjfPsB$bl$EEB7rHC0|8A3Ra4-3-Gu>f4<}nuEliB
zz7_IUceckpmj|N3%7COG{=|q4(K%I~iK6tmd=$A-)cB>33a`+OQC<vI8(bm|SsjqB
zTPpVX5bml(7F`i8E9DvW7@oGQ0xDX8QO(5|{4do6q&=b(!2pYL`7@fmS`5vpf~mh~
zjVJSqvRgxQ7SjeuZIEw(_;Wv0&y@I97*Z~ml_!MISVN-1S1Gcv3rS}s4fdt`ESl}7
zw&@9=6z1p{n4@Eyw_a<qb@{5;E{Nd$0uRtCQ)vGqbYA|`!;<m^&mx|Am71sA0AqX=
zKPQ@)FBrR*#~@h9?Ov)e2NROWUwmQ58H1^PJ-4&uy`PP>>hT=@t^DwQc~AUc-Sw0B
z;fgf}<A<!L|5x*a`>#Fo!)Mq341Rd`bB!Nz${0Va6aTCD;jP<x;)fraeiA>7tvwh&
zZ2If}YJSN6OV9kU?)N`~AKu)g@xzc?89%%}#=sAneKvsm=lWq_<|zIO*Qjs0@K~y5
zs8wAZy?DG*Jvbb2m7u}49Dgo08Eom;aJBs4lNjo74)E4$Pw2a`o>1H^gx^FP>q@jw
z!Mz>UAw~@jDzJo>F_c3F!SAfs*;;u5HxfDJ6QD=(LI^peI^2c5y0m{@h-`QS6NTj$
zXNK3673bXm*!OK}+?!OneDpqsbaSbm24+_#uxp2p0DhW`aCbhhgF+T;_k=nfLS%-O
z;V$<v7CORd$G^%oR?H8OcSE4;4^7jiC)s<jEuNJQ3tyONEqZJPwJ3aMoNOOcGgmk)
zhUz^lsq(U3YI{$A9qrmWNgM};*Om5xZwujm0I#XBX?XE>T8xEp|H~KNE`)cc;g5(x
zpqu{wJ$2JC90F|E!fHI!v#{2_K?qN<Bd(`5GopF78LW0`bhc3KHQmag7PupW4zR7G
zCESVJ=v)FzxN`Fn?rW$hw?>EzNh8bVWGgm~2ns)p`wCO*ywXf`Ab>6r8>(@>;&qX_
z@?ApB7a|Y$Cad4o7XQ?JZ0{8Qs}RZa8~(coreJN(Mv)fHv@_P)f`7>s0I+U|oB5|8
zfBoJ@bxnruvD(QR;>Jh`)wnt4geKVg3J-h@<wKprg#|0HrvbqW3;qFDp`F=*yxA^?
z5c<qY4Vq$2?z~8^gLGcM4C4ZLdhg`k(`=%+yz=JCLIgb;`K|#!bR4=9(Jvm@@KhYI
z3Sr#6paT+Da?5(LsO|y6TxO<DcX($hZA|Cm#&q;4q8yzpXwJv(1XK%)AR&_0n@Ng<
z^XuDtTlDkmjpnRt=&u#pYlX4x3vKY)8-*|~-GJ*n!ooH1vmLn4WB*79ACX4v=UIsf
z6_k67>pRw!Dm`@QvlF@~-Nq*>usNMeW9wjKD2wusPD6YOTF0?kj6;B{x!*xKmKG$R
zulr)Y4WYI^!u&T$z_5XxcUqU`e2XX2r|$F%FE)t7c8Gbkf!OR`7U7{<G<MhvTvHTF
z;`zy2Y=*cWHoh(_!M4G=aId=0thSF6icO4!JNfp@U7g157Z)0`vLu<zMMa(L;AaKr
zf8|mZFD&MJBGlGPn2#xuLpv{5Ch_(KV$Tz+c!X7$g${jVGUbd?T%6tN6r*>6-rpg=
zR-+rl^Hqa5V=>^SvZIi>O8YTxqo8Db>O9IWr@*g)bUryz<Q6maPt)^teR_IpM5(vo
z8_Lc4xMP3f(yBDczS&^3Z({%H{V6Nk)&7k6-h%eu?g;JttuonQzscE2%PW0<6{HPH
zVUjj*!!2N9Y@(CxSn~7y#AbbQ7U>N@r%PZ8lrd|8@1U(r!We`L>6DAonZC>>iyH5%
z@^q#wuyPa{Fft^(eL3V8Zx@zdi1r*N<Z+916bkwC2qzS{+-QK^Eibs4Z|)35=O4bg
zliv|)6NF1^k$FX79#ev}0gN8ei-C7P6^GS`c^?E~qaDISHTHmO3bWNEO0Ao$Mr$@@
z1_V83oJ6RiXb)6g{Sx1QjoipL{OyLP*S*ZN7`90WW29beSA=2;V(!Sf+-PV=zC`b=
zO!=0Z+c6Lfg{{!-Yb0M4JkgwZe)<R8v(KW5vweTUr1)^ZK_1Y-3=7+l&g?-rT-~9W
zdP+JpI~$Ww{?>S$hMa~JJxC^l>Lk78fu%YhSEF4vQ+^QFeHW|tMFV+E0<Guv>Qd~u
z43#(~tojGFv6<AmiRnDS3)S{k&hIeTt3>7QHj^Lvl*)i>GPmqZ!JVDSQoVBXev>_0
zr-L^()NXiA@|4@U3){$oQSvZZeK5CJ^n$jS7?;LUj<~Pz7$fxU6BazrJsBGNUONL;
zFt1n@G|Q-$lv60aPvT&pv1!PGluwke+NjT`SXhK0#oDg<s@EyDE<FX^1#QaAc<S2g
z$drZlx5;W%Ok=#>#z+PE@Q*fLLVNf){32ib9wKWp!(_^Jzh`Ec$)ghT=_rrwO~@an
z`9n}5Iy#o~JSVEaC8EM*POC6E5l`ou{8I}tJ&DI@ExVnpiNu>RxXAZRkaPC3BQ)9E
z^&5W1WSHbcf!mi?Ok&w6A4KbZrOoB3aJj7b#Es%WL~&4P*vCvm=d#e6Vzd5M*8s8E
zu6+3|JlGe_cVo^u3{oB0$bw2#dk~`ZsTIPrtOTCKoQ*8v5rzCzq880h(uWdaKF#)<
zv+`^YqYIr^Y7RA9)u<H5<B^0dUOPyI!TdObTMX42wi29%0D;geBKAsnvk<29t9j$x
zZsFlNABJLWN2RdaBW)tiaED=1pQTor6o{-IW;}nG4X`UWF<xM;g$E;3EUb-cHQY#j
znU%0qSzl;bF0>3*r$|&k6mi(-W8gyRt@?|3>TNI>G4#)eu63icDXKtu_Va9cfNp{0
z*-O4UIzxpwm-fdt3gIKuaQ%VxSk$+bleM^9(mp7a?U7nM!o$^GsbR=&rPUli0#`L!
zFuPN^y_wQdNzD|H%!%t&5AF@&R|WhkHg%&A!P6?x!Sq`;{|)Ci5#xhy4r8npq>9|V
zDh>WlhV_KS7>_K%x4qmXh@@7fG!aMbq4GSe-XDy`l}MKXFJ`zaOI;`9oN$n<Kl!@h
zFH!sjUH6p+9cLh)gkQtjpeaJ+1-ydhP#!rNqnv7G1+lNTpN;ho_JXi5eMH2M4EExF
zj`34kJh;PqPimk%1r+}@`IV&7^~$#@;Z2>4a9Dw}a~VF1l5v3lhJ)6ZS{hyp<#MWV
zuohKYtD8Qh#y0Jg?^<g*?}Mgr=D&RvevC3NRooY`l=W6#+70{>knk7;n)oqPi#y4_
za0o77DD+gXZL=SkJCz^Uxeui<EBJ6t`=)MIs3Vz$i$?Sq<127l20G;9o<pmBJ<iFA
zb~fQ1@|x#Vvx0}&6)x573K(5bwJUgOt<B;u;r`j1+nH5?LLoV{{j*n>s^19z!9qrZ
z{uW+K&Q4G0fJ2CsaH~Q#w<<Vk;s1Lpi{t1;!@@&NGxSDy-ZU5!cvCLXKXXo;wBx1R
zda*NSr?GPSy7rMYtJ>`Mr~=izkh8NYysosbmoVok08m+Lopi-b3s-W7II=f*xozPH
zuWDRam_fEVvvJ{H8ML~Cma{gPeI_RLxHEi$(W<Z@g|85|Dhx<xR)tY%tebJ8tv^#j
zL{GSiYzu3=(liE2vsK%IVM86w3Vq=lpf4<zKYCgZn9=+t$TR2K2o(iMbVM%6AZ3uP
zSqri-F?C<zfgj1~9?b<-^kK@I>B<row4~#YJF};I37dy@@PR183Jn^rPmf*lH2P~G
z4Gs$na+{)8Ji?+n^r?%C!hV6G%--VB>;>3dZZ9ZLqc-%%vjX)vycL~RA^avc8Mt#=
zrc2qBXPYh4e5%197mtXcfq)rR1JP-&qCj+}t5}FU(Th!c?klAl3x3ax1uQ>%V^WHC
z&|9H>Rv0cc7r5=R5PpoA3lL_&&uA`i+dme<6ICArv>BjDQP&gmUg|XO$EV)MeN0>V
zKc7$@{rj*HXlm%|AzQ<1>5QkyNe|=Q=;evc5RE><*4-Y}fPnc|VP^4>o_7r9Nt8N>
zvDo&u@Zv|_VY2Yr+hby*f1Ot&JW(BjF|gW!6ZFQkc4|1bLdUTw+JoLt$Prd$PeOY%
zeVcBuLu@=?-k+{j*UhZyZ2ujXQfI0*h@mDM#C6Ei(JU{wLfB1CE**yTwnsHYY@>;|
z^K!*vqAw6*1}F5p=^v233&8Zuly94AG)QcffAx}Xkl<VhB=%SNI1(>A3Yk{3NubjW
zP0vxxA`yh&9#Z+47Vy(0yP+~AOWmKxg)poVChgbOQEHP18SM^#Gxi_!g7Qbc5AWfI
z2f>4uhk=@13cal(2RKz1(Aq!5{XB!}n%~LS{9FKI+7U0T`b$@PVYLtA;w1AEuKORp
zhSvS1&n2$;Rd(A)WOclb?1r2+tVVckk2f|tEpNT>L=9uK05Y0M5>s3=gZCO!YN|<F
z7e=_6{qQfOImmB%KeGflj9c-U^36|j-J&o0sbS<+47K;ih5y(z-Dd8lwLf1i-+B#q
zQBk#*J}D-}Q%(xSk5~(k(Ip_NgA`8I=>IjJ{426JTOTkoY^Hv`fk_jkx>X(j6fRbo
za{ZOCy8W~r@w8eA6DC);tLH(urs3L{6b?C|Q(H(;D|cb8KB<jX^p|4x#x~;5=@<w4
z5q(_`>-Zq7<NNb<d=S_1{Q>gj93VVT>;5mab-zjv69(U?^pKn);g7;<2V2QMb1&{h
z-D6tCkLgf-5j;U?<ZnBWMpUIzJ+x`1x{A-H)+sC6QVj*J;y*l)@`>WpR_*Ana-(_K
zj={x!(muYxpU|GN3ViS0{Zvq$Jy`m*b~@7lbSjtxQGR))VZA=6kgeBWI6ZN_e(}D<
z{7WXhi<#}RA0@myWZy4_ce7IC-P}}ockFz`yJZaTehYZF3-E5lfOoshcy}h^-CdeD
z;OT$HS=fN{bgf<8RQlx4hlF;oO+>rvKkHI$e!DcRyY5fw7s88}n6OzaW~^Jvv95!|
zQITLMMxG~}ySS-D-#=3uq2gV=DMk8+Qlnk9diuWh8JksY_E&#0pxt=RP8k26i+62y
z1Kw@ncy~B$rp12}-i;dZ?)rn^-L*!%JKJSrt96EV@7M9J$o9Qb<K3|g?_xkCSXcfN
zp{}QOFTBv7X;21tFQIjPB#mv3;X()Hq=jK#2aqQM=H0Df-p+J}c^$%nJsk6*VKWZ|
zi4gkMfO;=6px*QzJEnhzA=N;*v?t8_+jN!>A#!q>nus6)@|I~Zw~m2d8-m~0IYh|S
zH_5V8%-g~+Z&vr1w_op+n3qoPbccDXQsUi~9`J7bzX0#H_JntV&47xOco&Bl<`<3f
zyyLs*IHBDu?VyjeZUi8LzQ+&Mdabg(z;%g4djuCb0FKzKtTCO3ig&knYC+Zanf$Xg
zemTW<D0tV@ej$7|R!azBm<jKm)XRi-`<w7?SC4qt)-B$(X?XYELNneS`HYTtIR{1q
zE}MpT*CpWHiwN%mVdpcvdx?d~E6&Vpt46CzIn%h$*3b>!eZ`1(|B;Ay|CAE%It_TY
zMX5Z%sp>G{-AfpNFoH!lf<#rO=m_`+3rD~&aRi)AHZMfL3nwxJ{0Jam+A=YsV8(z$
z(2%@GszLnQ`a#|Y!b3II4S;$tA%2ti29-fDziH`7{%lU;t8S64y01^`K?3~-zI`s*
z4#FY68|F6bhF$)M2^k-!A!C6dV;dslFM0iLx3(pA^+X*L+f3X(&l^{dz3F>L$+L!>
zPAW@XqH+PZOXA%n%8y;i`)TWqczM@;Bf~fDPsGa=J>%tv^8rdek^(OeZcpMnjPt1R
z-HNURzI#^9XT>#}0be@^UsJy@eBG~|debg7bBHZ?>uCp5>aCn^!q;}d*EWu?DdDjV
zP-M-19beB(!q;5*l=J;Ol8YQ)$CW!7z8-TI?UX%aN!Tg-q+P|>UwWWp8fYDW>RW0s
zVr&PsQ1P}I`kswmIHi~rl`Y-E@ev1%u=_MK>@H4b9+3`dC;kW(O~sQ1QkObev9(K5
ze-%Hpz9X?T2>@kQ8-n!~58AnLbFJ6Q2C!ZnU|`*X$14){(-QGHX6oJWG~x4`_Z|X1
zXTkW@z>Mf`7JJi$TbUf9BNi`au17phBM(rA(I9Y(%>>a=sRKlR_AbpN?UUL(p+-RI
zZGh5$i{Nk-L+NdR(yvZu0Jj7Ozlg^hA$x8%v*+GTwr%)1T<ww82$3<WeVWS3ga4qy
zb}E$Q0C%+=_4fG8@W!&=1ClMBK|Vz6-2v;Fp*mYNR8#snx&K4t!j59-*Zgf-PXTc6
z0^r`41NU5$k=kn2_VW<FF9aOGUh)Ca+&^t2cU`zu^-r5&@K0Nw#t#ckNKf`pJBlE6
z7lYK>g@rZtwX7>SVXIV3U7`z(S9R!Eo-Dc_F=Fb^IdUulxm|3=)R%J`@*`=iC)lPn
z(GqSUI9-oxVJF+NFvIC8YP1j;k6~J-u7{@#Q;V%XAoFB#rw)_X+0_hN7c%dXH<&3o
z7a=ae>TGUG#&Gh4ss}^)QJ@8d*dQBsJi{0wp=_=yO0Y5mpw92HSK<j~<hdz2Msqrw
zmQD%{SmN3=gVz~FR$`F)Z{&4`kh+b$&Omza=6E{a;C1Fs@H%rR1L_h~_2ok37!Ig$
zmKgx`E@nhtYDod8s}iOcXBN{WJMIC~Bnv-wfctXbkfT3GT;q5aH-IsHf7*}p5Mb|O
z{%io)e@B3QyN3XK7xQNWz&=zR5d`e3%z(YXj8|2>UZRasvS*qZua{u==$>$Qr1N=;
zXg$nvnJ;I%av>(A<nSE*z|fx!`DNaQPSu}n>P|M1q#b_Y#d@)IBe}Gd_9Al0t*rsw
z+6o!v%XGC<r3?BL)IXwGqyMg*r&8H&tI-a<z-Wg9Tz<Fa4~I=84@iU`KOW##=p6@)
zsQh7@!4vL%qbrzFb3payV{jbf&LA3poBxhD1>4{eR<&v{B_7aWI3mqV`GrSyAnw*Z
z;qXl#TAe*c6n+$;@a@bT4uGQ&etX_91ymT$D^l8UTNXMP73CR8es1MP{5{vyPqK1z
zf}fim(Kmv$oSn)vqkkLGQ)$BAg%&#3i5?8R6O6`ZCbcoiH3IKt(k_fBKry^>Q74~x
zF~{9vlD8SL)+^LQ=xw$begB0QKM`9$AYZc)+}ErSo17rNAGKIaj%H5MR2oZ>ZJ9=B
za#Zy)yPF%G)yW`)M?q2Imb2nUCi!!kfk}>y8=0g}T*I+wH=aWERg(XVI$5W4Xyi2d
zWKGiFGw`+Ue|DpZ6^l&cfs~%YrGt}kA7Y;HSoC&_E894}WkN$)Z^YGANx1raAHc^2
z?Q!$@<PsfU576z=Om#6CM+%IoQ<8kjaJ5`OYF1s$0)nrZST`VLD*=v|@qI;T<AWl{
z?n9IN_)LyRlzke#fU5(5t3h@Ut`4B`gB!rr)&q(1PgIJG__~Bccn}{mRl3MAotiX@
zVe1_?q3wE(30J?*J<uM2a`L>9&^IgF3Err!_h{HUR~fCM*88>ifP{OSQvVLnw?xCx
z(9!`W2;EfSmA+yA^UC&aDyUNm_9M{$MxBFL__a26NYTj;De{u&#f!G=HOj*XkH3A!
z0FV7129LiUXth)+Cz$QmI@V=@M19d~oF<PlXHIp1LQP4Hp~hE3YwaG%<3z3Lz!<ZI
z@;iHx#_I^<I56|I9%gFDY90@zz~#ii8GgxUDV!ws`JAS#rlHG@G{p^FEoVJrH~P<*
z@Ow7k_vU4U-^U#ae*ZU~SNZy;pMPFu<-LjLRc@I76VIz$Tie}vmBM@f3(u=GMGo)0
z%3b&V=e){)&a3?Ayvl#htNi=Ut6c6epI6Cv;6LY8{#Tq=*>e8>nDZ(F?&;~g%B%Mr
z_IZ`s^Z$>XSNS^k|HgTh>ZyltUZvpI|JTl|y!@!q|K%L+|6)JLd6h(bo{Ro3D-Yei
z{>%G&kDZnRmJdpR<vsa(54%hA_x_dU@BPtTW>}uu0p@x_svlS^s{hOKl-}MAcWQ3f
z+yh3mSX5ljLHVo%cW(yDr&)QPQSR<tW$^blf^puIDR-v!_r_Vh-B>$)U;9dzMQ!$%
zcbd_8m4?etP;vRu23$Tx#pRtTaQXEaDRB9N8Hu>uw8c8PM;DLXy$y)`+U|W{GPs@o
zcLrZ?QT6pkT>ggyT;83p_ZEy@4rp9A*0<2q!?;BWZr=k;Zr{#Cw{Hgr-P={r{UHP0
z4q?GM6?Bhw3862#@%Zkv_S7+Dy^UylQ?KNn(a`n@={!K%(MCHx=}CsRuV4-@sD>j;
zHRSzg)jQSzxN{Q#cMtyFC8_<rM;_GQI}vX`k{WNHV|4glX||_7pW2>o-uZq+L(WT+
z{a;k~7lzcObOTcV;()rp3oM3G{4o`;n(gW^w)0#Zc4u<4dJ!|LH>hUy*_v5B1pSZj
zJE%v@OxQq89WZl;9(`<oX98}2$Y@vJlHl*M-e6Z}?%f1DE>aQu`6k3J8tv+*ntWXb
zY3mM#*T1kZyneC)uVWj~zeVJL-6=nFjv25|3?=(>2hhr_`?r`d`?ab+_axn)d!B(~
zRm-~S&h6LMQ{Ch83?nXo+tgpO@<uBA`nd<lzW%(~z7ABKm9867NJjL8jWLG>n$};X
z#TmoJ^=C7y`d^YUF*4S776yqkRipZ+s!^Q)G2^CWcW%<fiEube50cES>P|VMRK>y@
zj98dIeXi7qg*_@3&SkzTBEn&>3Wrr+6{q~qvvpq;(PEmgs=I-T8!0f`m1I-5=>FTo
z6a2R&9WPHYd2i<%$AjbD=AQgfoO16o0qv!CB>SU8b$dC}9!$HE4gsB}wuSkZJll>b
zmfA$_T@p|oxC2tI(val8EgJo|F=qNWga5X@-C+MNGJxBG9R~TsKq*S0LG1)>zbQ<1
z;4ae~xGM%jE2nb@Zjl_g4Y)R&;o7aq&Ko@F-`B|=+!Xw;%!p%WCOdF@H3#l_$qw93
z_S%zV2{-v~qqjG6-^MkE{Nn=}e09nbf6d_Qu1<>yzPc^ST|N76yV1Vf!0gLC`fvMV
z&mlw|PZ7f30VKPYBUzRtS8YLpX_=+WRZYv7Zl*BVzPy3~S<hhP+J>b=n0+u?u9)2#
zr<4vM=3(u2j*Xqz7>J&YS%1QB_eYENn3?|2-6C@b0<mr<-uu19fM+}vcV}8uJ7eh}
zbTC|^GJHV#PCov0=sQ-N{l*KZScp7gV*IbV_WK4p96pW?1=le#W^;L>V~R!9lLuaW
zg}?X;gPO#(_}s~7$aD*b`t(o0Wv>`*w+Zv#I}+8a%`V1{xb*a6E#g$$T+zBV-uVC6
zdlUF5itKTGCYdC|*~1+#2s$bOk3=~#0-Aw@bVCQD5WoXPLBtzjLJ$RllY#Wkj>cUN
z+|^xl*OgrrP*((0$N`z)!4XbDxkRX8<W!RYA@h6hRd-MKBpkZm|9AKM`7fVOnC^Pj
zuc}_XdiCC`s#jcIbBzU+sd&NnfsH>WTZLE3x-%3%kG3X1%|uWx_9kH<?;)93H&yk}
zOk;KMylBz)shrh2`A2AuOy1GCxIaFlQYbF78~k|120tDuUyo1}@ZQcrF54o(m!Hs_
z>-m)yQNe4l(k1U2D~%O?x07CrZ-wHqrX|b$tw|5wN%QZZh}k)ygh@22?TTr5=<n*d
z5Q7zy9$Rb?d!YjvW)#uiK1*17O`PTt#h|HTV60W_KgM`B!854)?$TI<?dri}JM%B{
zSQdqW*LWrmG{IBISAy@Y1iqEDDJ_O2G)s%->EQdwc8;!^AJ6-zI^NJfuNnI1H1y9q
zgkgY_V&E&g*dy0)my_=hp6GVn<0Nz~A9X$;6tA~YT-hNsu@$1??7F9i;B&Mh9(w@V
z)w-3sWZR|{mj(;YLc0$7u)-_e4zj;q%_+A)r`!OC_KxGpK)m9hF{t_&H4yCw+>b(|
zU+^WMq2ir22A!4(IDYN`SwN=0c0Q<l>;2gpLS2pYK(L`}GcSrO$fdES4Vy~eTA-r6
zvY@Z`B&hkrTc|_Kdom7MM?UFd=f{vRz~<>N0LGkyuPi(W^-8eO0Lw@}tZ8-Xt^vBX
zHH%-ixj;?M4ByP-(Tz%T+5RE;{$govWW1i(EH{WSGDtZ=jS<X>Oy+q6Qu{yZ6ouba
zdXHICpxd8JY{KpseIbB-UlJ|iG~F(sRFGcxSj^zjs#koUy8l)59Tt3VSS?Wk;@*4V
zrOMDzim#xz9M{LNcG}R`^e|r+`y?Knw5r4^9)6nc_%#j5SK+^jru{nx=GJ!%|0Rwy
z_tZGL$j;QtQ(BCPMXH{arb~HCifZ%FT}yrAnj<>1UBD3J6#-Fnr%4oDYBz|YTVkl0
z1+u7DB*qT;+!$v)*X-|x2Kok>&J(B>swz_OVh8nPJTjS)?Ruz7J~o|Cw4RV2!k&n(
z35n`GfX%KAann`seU%tpBQOEJSC@@&(l%JKjr<e`Dh16f8yW42eKrHd(oQ!K-j~J1
z3)jA@!0(ck?eyJEu^!=6-F`{Z8g6g}hu+lU`oknW4y4_4SxNk?#yIX2e83vI4}HR=
zP2|iFe*cjY_Wo!^#ot?I_14D=&llHIP!-=Z<U|F4HFQJ0kuy3a8v1#Vah(YFX{R^Y
z_jM{kzduXx^^08wx=PK@h1^S^<Ajpy=)R*Nc{ss`F0SW(<(TnE&M}=8ZhjC<l}a25
z@5iYEvtTwCp~cmw$YD0on!b~32N+|!)W}F>4|1z0O{p-9D}JfaMWhU?OY^}u8zY8+
z6q4(r>wnGgZ4AG@I#H|S5MD{FT~EBJiVOH|@EE#15=%egD~;Ym>rCT{D=_nJiPnRs
z_&%a)M@N@cm^a9(Yfz8I8zwazd!B*9$}BvazOs%cK&{R&qY2r^*zPMqEA&rGmi)8m
zn9B20$&A-Vo{hfoT-uZd*{)gRfT<g}-Iszyo}^`9PbHm<MCX*yr47xGkGgn+T%S=J
z!#@wzo^yO8M9;T03m;W$fa3&2Ch19S4)Se*N6t0d8&r9Bw=*TZW@Q>RaW~uC3L1ec
zTW^prN4<#@cpdMq&{PBe?VvXdjnGP>YlA2Z*^s_Ay_T_dV5dFQh{ohm*8c&#T5D9M
zD~_LDhXEk!BAtv^X@QyhCPe5<oxe^_APjkk;ZGdH7!5;IOF>MLKbtU718InaPBcp|
zv<k1#?n^VKhuWMae`V-ef>>5j)fV+fi)T$R)6Rv^5im^Hnne~VnC&30g#qm?bHFPZ
z5xBv~U6q}Ja3>`Mv(wby4D~lt{T0>UJoR^s`a2GP-NEch^jqaar-+61>BjvWV}OnE
zssR5oG{M;8p1KIwU!h|C-g!Fu`NYZCQ8X7FM4>wFjRIZCw;33y=u@(VKn<wkZ%g6L
zD)=fPTj;~uC=P!f2K`mW<4DX%6N;zf&3mXu3d&Wge>lax3~!@KuSu^Z&xGE)pLC3>
z<RHw612P)O8?a5Jg|3^dF$-NCjSF3m2*7M{+<ovj{=q3r%m)qi>Of@!G56tmbO41$
zsq0J+gyed1gk^Krfsqe3)x{<O%WOZ{OybW?5<{(iY$ji;)6FE-tD8Slbh2!AKt(In
zaQ=J%W5&9lV>7<vh|(`K%j~_dL`<(`jWlCC0OA3f#qOI;9*J;gu#&^Q^rt@QJ41W5
z`mlE|IvFAT|03?O7;qTpi>vCQ*X7w+b)UKj`w-H?KLHkY(baX7wcTN3ytx1G{SoiC
zC4a;c-5+u6k^c>U#BVPC75<3)i~l$L5t}aluRr2H+8;4I`Tx8>V&^6Q7Jo#?F8}pM
z{44&5{dfL{`y&S5`Cos;e}+F|`I!IuBmV1;AXZp3>R<6kq>a8ne?-6E{VV>67Nh>J
z`Xg@bWcEiy?*E_gM}%tY|L^-FvQF3kYJbEStHB@f&dBrmBbGmZZhyo>BQMk+@x=50
z%l?S2y_)(X>{b5;e?)fYX8jSn#{b9rBYN4+>W|3DxB!2|&c=G(AJIAEeEx{{F!%oj
ze?*q$0{sz}SbnWPV&mf%;E%Yp1@}jEY{C5z?|y^xMQ4*gBIC-s2)m-Q=8sT1bAQAf
z$Xcr1ALh=N1CK3pk5tbUf&rcFko^zf*}{&hV<EpfdVN@m=&b;2K7Uzu@mir6&tu}{
zW96c<!#$Ff?85zxRid)t&O1aUd!avjp`_IDBT=M%ci$u`1q;L$m2BWBybNsSGAO)^
zhDNQdgz#1{wy7U7rukN{L8e>13LeC3yl{h#vcqthm%1-3S{>yGu<WDS{N^24+6On)
zbT!=1HT!KClPn$BF#NhYpBe7u+RbtvQ!m{D`X=#9x3YFx4EHliO2j=XTUm#m9ZC5q
zdh=R-vh2@wh)QmetYnwS{>Q-F%`cS#%W?P{oHp6j>Cpb%`K+O#5hOzHeE76frVGn*
zi$ujomzG6+Fxkbma-g6L2?eSLQhyX(A0D|KFJ`lU3qtr)o!Y!7up@wcWm5NVpfmjW
z3-6#l@Q-0qi_M~Mr>75|8`*_zEE#x`*oQ>KQ;&)M&!~8RL7C*wwa|v2j$I>pV-TIO
zdq$YMXS&)w(66Su)`-5Q3LpFddT1!^2gC9wU2`%LR@Czm-hq2=Y|>vZi-CewtmqVU
zn4jk}_17zpsQp#P8WMPaz4*22r%?J;MrZqprJ_=3uQcy3GQ$Ho4ih}~T`6?Le2*xD
zwk7ylN%_V8Nnm_c^7d%Qbp+9$D7vZ(-7qsxyI!=`!0*(nMc3!kE)`c<_`gh1X&buJ
zS!dKw6c7R%#J~U_ZG;>Mz&tT9@bUOA7Itg?3gDe2(HnF~u6j>vSqX-|Y*R;kU#a`0
zZV4@;G>$J{*#g{p8n~6t7l9q$7+-i3<Pw!*xMMLH@0jpNAlqPstZ$WMQFjma7nQ-#
z%6Wv-yE^%<v1<E3PqwGmu#Uue@#x^A50t@<@M6^auMe*=(wBCWndn&`(?2oq{#)%>
zHP^aAYvm|t`R{jh2BK_*3Z|E_d%*rP?;q2TUkakNO6*l=7hPMYSSvwTuV>vxu0Z?3
zE~XwM^(dzT`pe&C8JUQ#6NPOF7_dDnx{e9IE8}*T_mtJsUi8%zB+z^4k1dnXAL36`
zlJI<C6S&_Dmy~15Rtag^Dc1+8tky3wo<E1IN|#F0`3*7kgjjwmj?i{Mw27R~p(_k{
zjr2QP{vTWXviz05F#qq*mcI^rU^d7I{FyDl1Ed$BxmzUU22HI+xgEVt#bG+vZci^0
zU3H#5vj2KHPzZC=L_6}W@^h~1h*11GvG!<(?AkZw?p)vgf_}0x-aa^(^%fsB$b$y!
zTH##l(2VLzgTJHzOr!>@=N{VJypMfiPl5@rS9q~1kMP=V5L`|tODFT9Kj@c|tI?Cd
z?rVv2nawFHy^!6Z7DDkfXmt1;pv#JQ9Iohg<#_ywbaMlkW)a3FM$gY{bMX@n_sCpj
zHB2u*tK+i=UdD~=FDdI{Py7Rub|xZ8sa3L4CZ=u>t<~him-}BY6dzQngM-t7(r_B+
z4-yPb-(eWw{u@OvhV^-s@Ew97%c_!KpnC^6EuL=B49~?<V8CLeictJp3wK8&X%=8E
zfB#%xt>-GD@bEy^m6lrrws~Tp_dLnlX!U@;8<dq3tbk{gTxWn#87=Ba83vmU#fT#&
zyuc6)FJN+asPsyrKxR?;S;C7;k>FsZC55JPzYwQ$2PEqY57<e+*&<p`s5G?Gi1rJT
zQYNKt@LY)m09CE^3m{P6r%`!53`AL3$2KQog<FaK!FG&<Lc(s2D(vhe?9~49w^O==
zzcHM*2YDaNQSFVSU=G<CmA?!Q&6%L?3wDo`0}~z4iZdwIp&37l%1o$PqU2ibxdA41
z3*AntWIM2`vT}tO9IPVGwg(3jcBG{yXI9uq*c@QrB_vtGUzD0Kd#fBoBr0JD2*oPT
z^}Gn6f^s9Gghz*=2!~pPN|lMFgrCh#Na7zEDkJ*i)uShBULKDmX1=;K$vj`7KGnbu
zoJNy#4>W_`sj`8=yt4kjI9vHgfMh@BnVgG}E=2z@kOV=`pj<x%x#;bba7VDD$N=+2
zJQ<?WUsj?G0o1`Hy=qWOR4B!KOfy<IXqb<EHJ;8S4X<RSwj_(>AK;|Q_-~}og0@#U
z0qVjpV7pL0hQBw(bB&qbV&6y8Hu`|ARQ3DCz7L0Y82t61l>J7GnLaKAPB2VY?djO}
z^VR2<;?IfEw_@J)`C8K_U_7{zJW1%70sg{R2NuHz?vbDk<g3Hm!L<WaV_fT|+UYtS
zQK?34CGZHKIU^KP3{d|Fc&YH*2K^Sl5)q2RkQ2Z@({4lYjv5RbS*r^7)x^hvJS%xy
z0=&x$#)%}!9=CBxMgtESN}W>-;~DaW#K3Lv`C8BY$SrL}r4h}q`{PI?vYv<orVPWU
zG|x1mSvQbp3YTj5xO}@gDhHF?=&gJ#qMiRqLQU%*W_beiyP6zZt{nT61XYju!Jb~r
zK0^x@m|mA>MBngMoCJ=;P-J)8!EF52#IKt8;-fjXzrC|zG9zubNXs9vEvYnqZ+;(*
zD%n)K20(4LZbN5Wz%Cu!5NQ^^jl(As`~t^MR%rw2XEE>Yd@(TEK~g0jr&^LI_u9z=
z@Q4-ELQgKvoRVuxp;NhLelDJ=2xiT<Y0?5jhZ+V)wL3|BOkb-SQwLeEdi03doZ)hA
zrx1OYM9;IR<-3)i@}rZ~6TAYCQ3YhJ0#{@y&V{n_2vlI9UIDdq9iO56BRJK+Lmra&
zuv$M}{`=ALNxsglZ7N^2$p9yUsDORKBw*dDfVIU4*nZ~~uu=JH`W7ddx^Q*#@-;1z
zh-25zWo#4q`a6=ZgB>7X_ec334I7jSU@#0pN#s2h@$@A99L<(WG4(i}X9D;}5CR+7
zmv!0!DTE^bbm8{g2Ws`<6XgW(;3eyj2gN|2=^wVYu<tV)`1s3T!O!2E;WPyL_38$k
zAeJ}AvB`uxn}{G<x6^!y3LZ$XXxD>XI2%-suf#y><=BPrAsB_8ZenT$3MbILSr6W&
zL`%`i=>Bq1nQAvpuiE%il^$NLz~l%!RI3kplry@#MZHr}z7nk)NdHEfrB+L>HT(>q
ztc1z5{aFO%TTI;qT#~I+iPkUBHY$FZMlt|gyQVw_%3n_)tEZ>zIs__Kp!Y&KV0(FJ
zV89}g)`aH}fj*a&D)#u9L<<fMywCk2(7_f;pox0!l9fYQN-Z0wLM7#H?CAL_C+SK%
z_IIwr@Ur?NIMm91;zJFweGy(l?IZC{F6)WvJsJJT4t4t-N*B!dW*D^9fi1u4Y+=F>
zum_dn&=9*@*^pin+HJa;kB@IKzEOlI$J1*=tD1vXYwXriR5k*VKR~8D&NBzUP<dun
zc54fJ|K^5BX+9!U&XCU)Sq8?fnQ887Y{E1~`%s3$WGGWLVTWvxq2z?nm1?1~vKESy
zz62XNFmMtT&s<P$bbNq4*Q+0ybWmF8@ELQ9aDIj6LT|g3V^m3)H1KLUE-fZv{i{)h
zR5mtS``6E$tM;V-fkERsKBddFwlS^~Z5})h6atMry+%%58_JEX9}swX#CSe9%Fm-Y
zM{fZY+RDhH>_J_Zx<PW43G>S0EWkZMC>0DUF>tFRH}xpAb7<hwn?zT&P`rXX<F^7&
ze=R&)U`3aB>m`y>BU_J1sV8t(M=lJGm&&_;C4=Trh^MG;7#8UL_hEqnb0iR0Lh&U0
z2tFV?40RDU>r^7N7+-PE1o1EWSkUqiic=|j1^GbNv%#mDGCz;Iw#OU~)mAFGstSv8
zQ9Zd7P++Z|?O?@~KExWYVO>v%M>>-Y^*M4f5my|jHfp^fgJ)ip#O4;&T4G!D?nz^d
zux#%Tp#IQ6Yajo7z~7~St*z(^3SNwsC%fu|d8;_$mAr-+OPy-ph8C8vsw^AOhR)Cu
z)p3vpIJ);8i$p?)8ufK&FaWKg9ojqU)uF}Fdm@+9xX;w%p7Z>4;X!J|u--{V-v?Cu
zbB${8ME_0oP=lu%qxL4?zbv{BN=~hlknPV%<!9nZYK=i@at+b>5aGZumpG|$LV4>s
zp^|aCj7qIkCIx!80OLB9s?n9Ik;JRP24MwG;el|fdUzvMAp{A$>AP`g1qS~1C`hh+
z_lk&SPoX}Zn5$Gv$mi9vkW((ZJ}(qtJ|SfY#1<|o=5fi8UCkxZKsg9#y4}<eE6*gO
zy!&%Q6M1KX&u$7Qe>fSLN*&4ucF9jTiRat7^0XH;VKBzWrq{af4#6B6Ih#CdFv_#1
zf+Wx8SCKq>$YqdcSl$LzWKpHqA>DT5_H;~r{6C(xK1;|;(nOx0*5!GZDpj5{cwl=o
z8Y1MMl>LL?uO)p06^3snM!)%Pjrz?$@tgND%oK<IbHleSxFKU810sX^tqolgMKxbT
z^$?=EA5oRk98OA{sH|7LN1LdjZ=OJbLKe~I6f10pDCBGsU0)Sm!rLB#X%wd3gJXdJ
zC}2WM@T9SF2nw)Q5y7vf0$F{(hUk45T*6X$+ps)#lU@#>PUdKJtm!p?cZ`mA$r{4D
zel_7;0C;89zYB8`C_FHQAT!|Xgp{a&8mkO}=cc0!F^S`u$MK9Y)bB#^tv+eQm(20?
z<M`|*e7t`EC1Tdm5>B<l2(8{>51)+A|CMToEd#{t{l362dVi@*xgPsVPW_I$?C3G%
z&0IipK<rgu!E!KSr?NwgZ3LFqN$<v^e1-@e#RXF;`7y2Jo3Z46eH(N+rqf4Ct)_;g
zR!HUbXCu?=^+qxsuOu=#2szu^2io%s@#UKEy}|L7RS>=x5Fd^|ATnYlO;{g>9qM(m
zmR6{ZyAQr+clI$3sb5&1&+3fzX~*l6#_MDK743V>gs;4U@a-uleDC*0c>(<_`)>oB
zpyX7D{ua5)29VsjuIgNp+%<()k$;kk{T#KmXoouyEA)8?40RB38=-`Ic?q+43AaKC
zYX6sO{a=Co-&^m0TudUD-{-Plgqg#FI8!&uu5wuzLNmuDB+_v9fFiFVc}9i)j%-G3
z){>iAW1%g0p*wEW3au|w3tbBkR&gWBr+lyl(1~IhfmGw#BJW->Ez};qm>m1i$?Uq?
z7)ysE{<DU7G9rHH##s4JCM*&5Ry3rgz@_cb%0^@QUh;#xHWl_o&8st5B_%ZXj>ai>
z{jp|sE;91f`2*(^(0|sUMv})=(|&!F-?)AKC%r!Y&Ptc?Vx#|L6uK-!BlZ1O{5?y3
z$N8J)Kj`6V5d1LvBw{bL20N-0dMR{CM4!ATf1pm@&#yxHe*@Cju-?@x2SjiMFd-vj
zATTf!^0S_<6{dK?vGd{6KY+{uPBh@jCOqvqB@Tdi0qGK=8@dAne|R5oZp~N`G5Bju
z_<CI+zQG*dYlv@d6kl`gNmko48S~zmVQNpa?LVWoAM^Ljh-ts<e-M;~YT327aG;d>
zrR3TSI@3N}_PB&>gX2K?5?T`KKsyxHvxP?zEt>s9x)^@}?E!~ypwBZa)qbh_3<~@_
z%_xub^B-i7G+D=S)p<m6{X79G;#GWsOAbtPfF16En$C9Qx_%OhgQSLEP0=dR`H$gW
z(7`?e=sDAYixr}hZ#OTi2);Bcw;)XSlL0=@jk15DLtPj+f{W(C!#M9`ld}a~-hf<I
z3IICZ5q?8km&emG{vmeHSkYHjFe&=^K~_SaV<pJzuQ`FZdm<)&qP8A^>;8H4T|BNh
z$V#se24gHm<ikMRU#;ou%7N%7b?h?u#8`Bj=sSiJWoLe%mJn?y_PVjWJsJ=RhRqFT
z8!P%LWM}d)<8|rH`4^MUvtA8c=vylkzhlAeVHAf9<d87;U1A1FS#RJ6unoG&0jC#7
zKZ+nRFyQy1tGw{ePsn?d`URNKFqS++v;5ZqV`M2u*rQ<(SxOZy)n6+sr}%Y>?5g+`
z5lFdR3e2(rbBd|;cqT(~1q<yQMM0%j7w_t1J(Ra0ZWpSZ!E(wW4E`L)hk`y`Al-4X
z7b<t<CqWmf4zG&Q_xXB2-;ho1FQa}~NBZH#3`fr)RVx&ga#B?`YjN>MO2O4w><E3i
z&Q&q>3Lp#;1?d5Dy6_N}DXBYX&h?eaLiRp`ppJ=`u42qLpe!%U5n=vTzQAcm)v$4}
zZ<Yhsl;Uof9;9Va@TRY=M9j`oAj=t%yoYTl8@k}ifNy8PcC!<>R4psabpJP}hv%&H
zXnC+XdT8?j%!6cKslDZ^@uY}>K@oII;{1?PuHDnq`&mz-=w;TaKb!f_x7Gt9M^YNq
zy-83e1&^2gPuRnkluG_Yk?d=K@A<4-C=t)D6kIHNE3K02+rqtfsRe5;H{kE>y8lgu
z#qc|CZ}Hjt|3Gu?)#gKrdlnn-KH7265Bb<@(5hT)t?a)(+Jn%2;WjEgB<~N_DV+xU
zJ#Sg4Cy%m0j2h?p-rQrlpLDfd?K`l6_GqvR=)a-gpR4~u{Tt2gQAazHUv?dunj`!B
zL9d{ZrhEm>DiFfm`8rCaRd$6vSG)ba|HONU6&>W=^PRC1)cVJER8-$MUw`~&|GD}@
zRPB4$hN(``FN7UBy~=2DLU8q-<2hki?^1apY9BT?{-7KB8M+TTRPR9?e3uye?KcN_
zza?UqPTdnT-n90;c-Hp)<GbeCH{n9ZSGbir-!bcy1RQ1N@s)2_GJ4#ORd#&~E!l#Y
z1im)S=AT&(0;C{CObx4hVNPp%VNP43dtoZIg>j=lz<}Sit8lcK`lIN72%a}V-KZ=m
zQ7x_mt!oWfBKp(WmA|Y=RI8P*L3P>uk*c~3_y`^1J(~D~%=LK;D<ipB;cToJuaum+
zMs|HA2{|D%H7*wY*5LtLky=Z1|Icptb+x=stL4l8ME(D2G&n+B_v)a5o<`8{t7G?r
zA%FbLm;0hE0Y##CFL0S_JMr8anhv1K4qR!%t)W{_|B{Lt<q99~60Pp3M0*fuMZUxJ
z=y>KtW47kX@5ndt)`FF?fZcw9b%=^*ja-orRhm2q5A3F^j5IO#=P0O}4CSjmsZ_|W
zN~p{x6MHG^Sk<Xt*Kq|}O}<4_WXYA-ak2X`&F>ohXgKHc{Y&K2Vl}%HEx8KrL^>#G
zr-ViSRM6$uxbd!Ndbd`w9lK#%>sEo(3wKGm))c1dGJ#beM=O)|Y~bti<Ayl^=@=N8
z_!d<6ST9^2T7x{nH+)UrUrQUQGZtH-`?u7+TiSXucfRR6e$X?hT(9o>5d)L0tp9E_
zBI#mX#ur#>uo4sYo9cAsalU95m3(?la38{f?|4lXEsBkw=N>7hp2$bJ3bm2S8{*WR
z60v*ha7UZyJ=MDK9*|gM?PTLNx-{HhW!&m%+DKP0Oy9Mj`&*QKKvm{LcJ}uVmjMGS
zN#W(u`9V1Vc75&U=<ZO$?+E+Z-dpT^e=Y8R(&o>9Q~lTMIcNR*Hdp`dhWevrB>NMk
zK*u5wbfLcb`XkK!(Jg&VcR0d0Ye5k=Um%755HuVct+#F*?n%Mc<zVY>ICtyrj_xVB
zE~b6o@8<1W$=mm_p?$k~6Gv=n(!{wi60*>SuDyCigxzqnUELquw7s46_G<kZwFmgv
z5Mh+)qeHpg{5{*+XyX2>kHm7n#JOK|9R==Zdur(@(~@`oW9aMKbw2w3xUpIK?q3Y_
zefcV&Z_NO^rcY}$P840A7dprjl)6z2bbKy^OJ;c>Sl?bme!sczkqd5giow5Ejcc2t
zA|NK2qv!&kONhl)4syPlFjaD=N}sVD(*TaCO-juA#0BG<s^Ux7Lim1om+*boEfycP
zEzt30<Plu0gYgb2DDQ)Khj)bbM-Y!BLBDz0;9R}^Yani5q>ryEbG^=ecgWg^{sIHO
zW3)oX`EUOjU7p~I4iFXUeI1sAl$;GEA~%(T#s=7UBYMA#4PpP#SG%D#{jVZdXII{u
zqg|WmN7PBQ-G5@U?~-y%RJP)7@89jOkI;N4Dx;(OuV}NJQJ)4y)IW$B_fOGjuBX&}
z*U0JY<1gybO?p@5#L_7KXFHz!pTfWGl#X8vBplz_*-~lH_ZMEW7|j79^O=3M=Ke)j
zAlrtjwQ`iMyc-*mzO6N^*9Q_li^0bX_};q!d?&v#;8X2IzGK?#UZay*na3n+z387_
zF9vN+Dv+*%aj2O<<Fn{7M?}~3`hv0CFM!sWvhQ{Ym!tQtNVK2>8!eY3k-QALwET{H
z&{P8Xat%gSR!(~NCVEdMdQ$wdvo%id-Pd^!BzhYYJ#D>v6TByF9-A-X=?)^ve>ZvQ
zF6A=i_Na%hQjHfdy@P1oBD%r_H8lP<gukS724@;Q<=k1lU0-C2<YiK<`aOx>`ow}a
zMSn+U_$yYD5#3)t0=H*ff}PqPq$V_e%jQo%{m1*u#Q1nT=`l@Ue>hxgIuHAFHM<&;
z4Eu@LgU~CYpRBU>qTgPdnP(LPx0T`rSD0+vPe}O>9<SwFjzHRloL3tiu$n6FzZa(J
z*%_kiw5Koki}%9K*<duxw6nsk@xUlE9jx(kesryN2O_KlMec5AM!_Zt4^d;o+9Bma
z+jrFJ>vb{Wnf%?GjZ=i^Z`Wj&P!6!w?l=ny<{yQ2*{GO%5{fb`p7dZguQf1_t?7g?
zyy^Z=;ktyw^@3$amx504E$YbHx8Vx9Z}GZ>jR^m!;6o0N=<qk$`o4BcjC{G!`fq-K
z*Z+jM{^GeCaAy;JXd+ZF11s3I;8M|_@L5+pZIi8kA6}{Q1?F4QtF>judj;=6zCdig
zmsuP(=7Q;;rSSTHUAA*3)xRy(|J&{1B%;H&+rK^nkh8R7q~4CN6CSS<EMKqP8T$6?
z85b8Mf4hC>wF|d*wiv#}j<9^4FqHD`4t=|Q#`^_}cV7Fum|U;1%szIKhpRH-oxS;j
z)q)c^41&13&`7vw8%*6Vq!_sy<fZo(i|2BZqPJa!n}z#}uAryIU7^9RT2Y?erOpe+
z^H~dDv09Ad<EMNYMK3@ymX;#oCY1xL_(sDu?4lQVdPf{$V`-imxMnNVB_U-6jh5~6
ztvG3gFzt9ZbN%=psWaLJ)L>=N%BL;pgK5KFnDTQ31KE6d#R{-cW@bqK$I?XQ6z&}W
zNmpJEO|O~VC7j0RIrPpxWJfm%)MeHs=$_qpN({(bph@XjuB)E;mgHmE?C()&Ya#m!
zEZMHBJl(J?2WoF8yu3IGiqmb_QprCH#(zz`MGDM<@!z#Bf^PrXt+i04{0uQr02BEM
zkAMrKfa9tkmP2|$hTEUrL-Za2Td*JlYLw;L<GBh8dK(K;)Pml-+)$84k!<CG9^uUf
z`IJu@<(UzDH>VU_g9O5@K5f|KCpn^&EAZT1Hp~Mv)6ff%ddfhc&f#lGo*{jn(&=-N
zMxWN(fIP0Q&+JyIa}ZBL+$8(2rfJFTy3{EP*?X`&2R87lXL*scq3+H4F|*V6hc_DJ
zov<`vPD84txC~UMK*B6|RQG+NP8AsV03@(Up<1-&J3@xB@NSad6NRH_uMfoZV8Wg7
zL!u}(;YN6bp8*^osQ`E!5`7#TeauuJSr`fvgTW2m<^oT4>T{?S{Pa0+8mi%L5r^u)
zj?;P-vP|n`pXe)l-XD@>f1w?Zf+@%Nl?w47BZT54T;lSTNy;{D8!pUA8`9UJht;|P
z6d&Pt<udTEZ>`{a(_-O)n#$oJeW&D4%7w{2kk!tfo4Qw2Z0&9h46x_Ae(-oi+|zZ0
zwsFad&B@9_%Okn2pJY7i#W&QHd-}<^qxFD{0nJ)FSwRcD3#2t}MFqL3<bqu=6Y`C9
z@UxQ9{d*Kr1U_(X#woS6GhD;v0pKrqH(XXKep1g{J)10tj!ri85a#R%CPTSstyB$V
z@*N2|F!V3QtCB2XP-+L}UEJEjZo0(0-l^`2{F&HVJNwx~3RWRsH(8Iwt<iYCs}1u$
z&N=T^5Gq;zr+c{hfj*&l2l8nk$0`RVpmXMkGPnoYY&UkOi>$(^3hY(r@hl~STDnFK
zJmz4pTxnC+;BbkM**nzH8TOP*KtOtD+AW?tMCDQ3Wj-}S>_0Wr^RTE~Cwi-ZfKxNF
z{0~^LM(yc73ij!2UafGq6_J>8WHPE!S*GohbiUaADb}2Qa52{<{!vpK3BMQBN1sl^
zvu$|SVfgnTA1QM<zy@DWXNp53yO9?tw7lDjh#ChAj0ccl_SmB-s=n{w>AHMBcYfNw
zZ%B-N$GsU!nT&?kkaE)Z&G^&H%>H98z0ktpeyFm{OEv8}=NP-^BpoYX&=S&kC=5F8
z#pjXG0tdwl4DIT=BD&v;<HPyr4ZeJ6R~PW_-&jkzH*_`YcQNJ9H<rJvp2{ytZnpds
zwfyHUsQi5!c=<&!<)@cvU!dXtQkjxtCPNZi)(JTw+o8>$h-E01nQ0k;gMce4z8d(N
zP8T&nftR4!Stf0_QcnSC=RwX={(M9E8O@Y`=(6*cKR>qovbtu<ADxR!%#yNI_k4eu
zFDq-%?K=iEZVD2|ud&9{rLQ^XtE1oSI}y>2#c(;S6=)l{8Gs~&tn|-y9T2=jaFcO=
zx^%WbZJX}sOs|EBT2@aB<4Fxx{w4ZE;E5#kYN4248CRiY!hNy13L{G<BB!2Y3$`Xw
zNE^QISoG&x&`JRlYmn^PH+3K=U+Qfqbce{4QY(!v(Xi#g!nZt(F-rm3XQMoT+MC?p
z=@h)^+#y#xkg<mx@HjyPoPz38i{1X-PL@zZ{v3%PXLpFH^|Gse>gDQ1gijmx1^b=O
zP`cqA5!JE>;uENHJtR6#2}Q;Cmjjb+GM<wu0NV9-3eT=+j70Fx@M|K``$1(_fn{0`
zD4Oa9@(3LirzCHcjXk+BkqAOgB+OU1kBV@A8fW3LY(o2R3xm?r9*qZwTMo9lN9AIy
z3gQQT$oQ)fJm|-4I*dCRjne5&xuA#21t~1yd8;KCT_&6hZj@X{1+Rs;z=K@yGktLg
znE<--6lZ`918fEcs1%BKYYcEo>wLbg121v0%c;k4lL5Q41~*RQZU|z9PpHFNNjL)r
zY;%wu2FtD;Q*Vx8hw;yGcIaVX2b`*a9Wr9s0q0xgQfN%P<O)w6Aoj=Lr`|V+EAlP5
zfv2t5SG>I=ohi^>zC{FE{cKCqeirP%rw#olDdA8z!#nk)$C(oDp!tVxl&nE9Fv}+5
zVdz7&-@Oqi!uEYd+<#`;H+1J1mTu_TE}B1;bD$k(v;{rv`g+c62fHs|CHvs(Vk=2k
zrIHPYBoHXx(^iZI*mSuu)A)UN_4`+&-?zmi_zc&dIo-7QF_KctUAte7kd;cnA!2kG
zVkjkdi7C<vF;R9IEB`G>693F)@Pfw}UhhJ^v*(zYx*EfC3HY4rYH(8|6Uek++HBO}
zXNZAp{ARwo-~F*A#AUguXYl5+M{lwLfhy>*<`N>-8i0uYg887GFUUpj*w?f{KYt;!
zY(UP+U&tAY^g(~_GTN=<qffu0PxF^#TYo@z;f;Wzl(qaVGL|9GiQs#e6o&`4XVLbP
zXrvReiz+?Ul0Q)nJY{uzS6fAI*b2HJHlR#$ZJYWoG)eH``at*%zW*<ONhsGSKk}E!
z%EnNEwm%TQ1qKlVW6N-58U#QA;DSH+4w{x80ZWLz{RQrisUq&#g;83v;vZO+o!THN
zi6Ok!i%q+VL;~q2_1wJ*!fvbN&vUTPQxYsnMfs_&K*E=ZNra_kEjCm}^HW|?`CRgg
zj*!1+g26{o+7w^UZxVkAzVP>n=fU^O>K9HuPyK$g^B2``n7MwMuQ9oa6C;>oPo&rH
zMRmO|n3Ejmz?7q`PcNAA1E262@CchGa9y;kLp@I%)nb#>=qjwjN&b^ja$qTb7TxH8
z-V~T)NGJL%2~}y@#CJKzNw;RQf-4#{d(jZ`0@_!blafHDrYK|uL7$9$hp|mt)cAa{
zh0H3=XQ%v#+c%rr#;7fK!kpEGy_(s8QOmkm3hoDUXx6n=V9aCqQcJ-#%WNcLL6rMv
zFxh&rRZfah#WLD7M8Xc0{&W`8SLWFqyPeS<-`s&Hx3IK|0%72yia(P{{&#JR=H&vg
z8M8s}K9TD>CU~6~3Xzswg{2u{V2Bk@IzESbj9XZ_9!$N~E~sL`ln`#c!?-3MXKOO<
zD#!#(=nEDM7J+hR83~JEZfcN=0>X<5ooqcVTN@=**<>tqF;?7A+%~EhRSHWJiigu-
zEs#zi1W(ARz>SBjwBdVr1*#r+T<ZBLsP+a1TQf`gW1~nV$#zH-GLuT7I3Bn?2Wx-{
z+j+56Em=7odd8?<png(?2Zbw6;p~i2zkpKKdcI~^O8X))j2P$`yj@Uv+|ce~LZBT~
z*9*9c*Qpc^T^CW$V_|zd)3CpDp}(o0LmjlEjEFCf;&O^~_UrI0o4YEB(`^|}ai}T#
zaLLA7Z3}&4y#JHuA&1-!?kA4c58E~-f@g>@8b*FH-!Dq*{Tl@DYxp&gMFz4!k-~F-
z1H3vf3dNH#YThenwEF>--J$UjLw!Xm8Hml>5B)c*6SUp)h=H?0Wmsjv;KQS9AT+2k
zR9Mf5p)g7oeDRQb8On&z$p#~3kRVqWYPJ<)|DA#V05E$6eM|@6Xl#Ub1Ax7iV%Iw_
zlthICuWkrcwOgS*E{i^9wAUZ|w2$!zj@EZva4#*)<fh@BK@mYcqqQ-vY(gOb1HB)~
z2KLSXkTlSMR#_OkuU~fY;exv;B)ehgenhtfuNLK|dRT1M->6xm`9deh7~&h_I4?ov
z5XO40|DQD0CI1kI)PG2_;B7}22-9Vyb~=-kogRVFc#XlHc6}v0hk*)72iOV^=toLK
zw)797z@vClDfM%Ts#8y6@zxD^9$k3u4vc#U$ncO~ihA5{B)UM*7Tce0BSq9si$gdW
z`!N?C08DKJu^|fCTSe<O(YjGmW;yWmJFscJFn1Wro25xuujeO4^#E~YMDqi=einRl
zt!j-M)Eaxy(phfd|BABl6dPbvPb_8`_R+)lYxsTI*~Jl0f)o{&(@_HZ3sb!7;@C$?
z4Uteb^3jUucU!nYh2Lf9am;2@K~NXZa;S%|9q}bP#S8_Od)h_UgUYSEv3e(I@=8*M
zI6@n>IKFy5SN*iRL~qbaWP+D#fjU$ItrtUOgyI1a!xo>})Fj$Hj`6lY^-}6+_~IvR
zsCsG=EedOIB#(->5PX&cJ0AnK=-=msFoZB0c$ppBFZdcDBZV2Fw<GvguU5ym2j3c^
zgK$S%ga2Z5dX4ULmz1Aivd(XIkl~QJo{e?U+<85jr+j`8{gas(c+{C@ps;dOwjPoF
z(?GD*%EItt;+!gqFS;ng_XTZThdZr+CxYygBpw@*PmZr8Fj9L5JH-BjG5j_S7&}ft
z=&7d5ZHpg{!;s_Jd|a3&EG@6i8e&Zme6P{RPlNm$jPj3`2I_Ir!nw;hR<_^-VXcq?
znN~Xc5lXOX@j`GPX~ndbP-<<~aBGU^u&9*FspWXu3Ei||BFSKfWZf)UzY<}HcstP$
zv16!QyYSnGfdcL-o71AVDwvf(`c}BFAw3V%JMn#2zQYBVsN-rSUp+$JKiaA=g?(yk
zh{VdE53QQGVomnR<EC({y99kFBa$hsyh8CY2IFZXe&m_Y#cG0$*BwKKIzl%^)Jv;L
zbaHz}IY{%dtV$Es>ql-hbDVxm2ZD>%4M-5g%8Bx9xRD=~Qg-89Sk8$PSdWtJB=BSw
zohpVx!|k<Pd<NcWQJs<)1ni>PD((sK9<X_<;!IQvZ8eu*<PlFc6|(J&p(|FB_G`lM
zV)T5rj)*9sl!t}^EdYsURTP1(34#%glu7WlYBZJ<*Cb<4bbORvWaq36T|=Q))$#aY
zE1do+C1rDHeJgz?{4+f2`mUsG<*IIUyC_U^<RmeBM9j+W)$H8|X~14>DR_V+4h+ay
zz1-@mEAH>UVx>);wp59WT=#No(0E($_5QV<Z)5!y5k3iKG&5hu>ba-{i2bu+DBq5O
z{T*C?4v3&|t`nZS$4b%t1)m>@<c>prTQ4d*vM|~ZEpN~)b~o@{hvjG-)9S|8q~)UX
zL{6>dQy8Az12bPK7km{KO-m1Sq?3J;b&G8MoX(l#J4hJIt_s16`TXs%DzfXi5ZGkl
zRVj``o!hldD8A21+HkTAb_E7aO|1kq7nrtEPW?hGKOIL)9K*Mh_u_e6_HZltF#g8c
zXr9P*RSR=>Vex_6Y;M053n!8O2NP8=mI+Wr`IakBdfX%mNV1MrB=EHUnq}DfTnE;N
z?zaeCq^`3>_00;7qNmCKLrv<hHR(BxHpm7eH8vm)2%SW=wv?byot0cutes_#GE14@
z+l&h3I$P*VO)rgViJ`7ga4F#mZ!+xXG1O0M<-F*)BU)+XnED{UrU4b=TH(1O9KKOj
z6^d^|mH3G>=J@DQ{GmUeL7lXA))>8IaazSM0T4-mP`fim-BueE!gK9oOZyJhT<aNC
zuZ29b7ZSeE2^`FoopAkyMyk)Q58A@$<H_h_tvz}k@n6+vcaA^5KKtQ?>$4?I_1Wcl
zG5T!ty6lxWo-LXdYtmoe*7Vn1sy5i!q`xu|hAm&0MnAi8UVgxem)0Q9_rS5Af^&{h
zjcxN$qBi?HLv}b0{}db%JtSqLr;U2DjF_!_Xu$S7>9a#LeYQ-PdlzcSRL$q_KsC**
z$NpB+V>?=T&G8m^aivL*C1d({s6Dqw&3f#&=h0&aq8^*uXz;(9_1Q+t+4b4?f2BVA
z3ZL_BXV+&R5d%3ke;3R^@&XSxYTr-2R_)|acihiN`mM7W{npW}etY<gQNLYp)NhrF
z@b9A9tP8c-C)%spY$Ix{oiuIs7`~m-v{_t32sK7$&o>i{7Nb8WSqu!fRwZ6pyV~xt
zR}HcDg7>)E)izI3mGug2wi29k5Y?VJ5&Yki>t1$UPn<5FjGLIHSc_{428n@DR&T`S
zf%#<4UP~rsMMJ|gNd07(_oVfrGVh)gZ&^-BVpW_mUZ%3HxW;pBNoUbpWmWMMEUQYK
zh`E41(J!<4m%vI_Vi6dV&s(nn-6d8+TPk`(Ryi;{A}OaN*IHS~S({##3v+UzDo=!^
z16sO;rM=@YBWiY;8Fg;qr83!7JvAY_xXiN)5`-7a21A~fIGJAoi3MGw`@xplTH>dk
zgv^X%p5yQzWQOvJPR=Z}XJ*_W{Hdb*hDzglLK!UqhZjwZ?%RNA)IXH5JaqxIQtg>1
zZ7U*fkaFAfwf!HP^Gr(0ewP15Lu6H3lIN2h?7>ITrQIK_RQBo9RtpP$i@l8-3MFL?
zd+0~paBw3Xem=@R*^P?iK{o&<pRSGdR<=cNWtOHVSF$z^ieVo*7{5Y|kEZ<0CINco
z$XMJAICE!gyeVB;%Y0F)$sTTB&GeQM%<p)ANI{x<gk#GG^)XcueBaYJT<tK13@Zhi
zxRovJ`)?wVEPht@;&1TWSDEJ{+>!*kHHf-NcINcpGG{FrO>5YwXRH>!e}T2~Sm_d{
zV!wsEavx5z;l=<&0gOD-nUr3OXs5nbk5^BCzLSg^i>I$hnihI{#~j2j%B4AHC~W#Q
zlG55qAstb_P=ma~XW@hJE-cNqxJ$B=!yDE0T=nJ(Nf~Q#S7lw6YzddKx7*rrgV&hZ
zcpkofx%vF$1@Xh0zcw29Vf4c~KfL=C@WaPDjr?%OaU(yx^R3Pg<4&HJAI`K<`N693
zgMR-&t{S%nJAIOA!6>HBd#h)?H}1hcH!Z{*vGRo&Ic6aS<S+L7R(5y?_B(aZ<vV!4
zzb^)+<F<oRR`!?1h#1T+<Mgc(1KAj1e?C8iRVTy50`fDGmx+slav*z&7?`<C9Dht!
zvWp~Pah<5}IQfAg$=WiOe-M)cvQx-~z7Mp17Cs*>c@G{#Y}UqH<>V+_n2O}#@%?48
ze{5+LPTRxm$c3_!Tf+YIBrcKVmf(sH)DVLYeDM?}jV-14_Pg0LkVA6qz5^81qI-nm
zy(Fi1%ebVbwuG&<*#K)-$We-G+JW8_Iv(m15Aw2$=-mfZ1ygc|9C*|zL_WecNZ#*{
zfo0pLAy)}u74zJY5iskIT{h-UJd}E;oEjDb`HRzQC1tl%9*L8c2&<?@hOa`-mAnx;
ze-kN4mgY2Cx&f2BiOF;Icv`fl>J(mug0~)wdXEC#%nxq>{>S{p|6fv^KHz_4NOE|o
zJ2-?mKUcZg9n9)V7q*1|&faNd+#}m`f9ctefS^2=Qh&g+ACk90D9lpNeiYn@gRUeA
zm-2DBRvB*}RAsw5c8_VEVXrL4aog|N627!FdcNb@#+dUR>d}xpzq46X)ZxFts68<g
zM(tmJS{`A0TG}laI9^{`W0c=-Pt?b2LjjD}r0vG>`uD@e@p}4eeY`ID`Ml#bw<RC1
zIgQJs@_XSnU4DPIC02eL;+NAIxGf{_dQ)hI<iE|{M3x_(o`A79UAf9NPJY-&w4Px7
z8Y4}lc|Dir$uaToB&C)mQ+;qu58uki^phyV>DDNJe|E>?w0;d^2-uVPr=cjXLs6dj
zIBsHqf>E5mu8Q+NT2VOTwt8GY6$*#rs!Ktpurwd!@JJ^&XhHHOfMGHw>YwEezyKTv
zF`zm$VhS2heRca1YPCAtwUn3xrProjjS(LFbd5;6_$j2`QS_n#ll0kZqwUYR{%f4!
z-?Az@3HadCz$#CjFben!<d^UNWR&lP6Lfz0aw_o4wk<|}c`9t=moK*I{8IGedHLls
zJLi|H8<v~pJI3r+XLgk##+YQh<agUa$|vCY_WpRRQ{{$0$GNP!Iua}BUp<SUx1hU5
z*~SvKpqy_+p15gqgx{1U(KjUPOW5YuVR)jb)#ZIqmG=uJe-g+ukV^|d){FiQ22n2x
ziwhQza8+g&nFRe{I|+J{^4`720LN(Ax(=^&0bD5N7e>W=35of;fI(+Mmycb*K7NG6
z{Ct2dfF2-6#BR2Cs;YEkFJLb{f<2bM0CS<NFO^&y@A1rlzK7b(7nS@4y13ub7|*jR
zxDYl!D({DbtltZ@{Sqn}hm9n8Ur@w_y@!OoTGJHlfiWPR?*vTCkX^Haz|Dn?27bpb
z8m#d<c2jrEG7@d|E{S&S9^A9U!(|<>Ym5yHs`1Ou(O|eqV(J<(o??J_E~7o(N7xP&
ztmf#qG@m?Suj1ij41i2amawuMBTP}uux@=Do1E85-H5Tgnnd~gYeu6MUMzi@8f_}B
z5Qg7rcG{?4<wF4#XA9uU7WIj3C66E14#NsTb1<@2FF{nQ<<x35uoqYzg{@>|BQQaz
z8&*PAK8LdBs+Ab{mjbB7G^~WW{{=%G9!D&xCuC(q6j82gBL<*b7y7y%VcEzL4V*^j
z@$N356KvO-T0`-$&k>Jqc0;@|9$hpR9Y#H?JbN6v(fu0LkYL|?R9Y^@W-LB<x@mu$
z$QD+XL7#-4?A?g*)(q{F(2vnv6Kne#n|NmdHSsAbiw!jua$)%XX2RE!<4fiEP96B=
z_(qxVt?&@Oucs2efBXu3i6(pxb9@TNcc%&8x#CgpdF_8D9`*d!enC9yUi~OyFpMz@
zIQ-085%YN&(|E*yhv;64j>}6I>S6z0oucy6!_aUx{`=EtKb<$8a;vw_6Hob<#&`V9
z+j@<Xv>I)P2extlX=A*=bH|^|dfON%aQ+nP(T|^`9xd5_+7xf|tmAXlpZ>LYk*ofu
z#fu#Hq}r0U*peiw0PjC@yy(yV5~Kh9()f>mGsS;=lE;6X%;P_PclsB{TRiiY5#Mbb
z-(-%@{VVXjXToRY_)<8&<NJO&zOg2J?@uOt8=fG1Zy-KC=!T+?hfO|g_V4Ti&2I$7
z!!9}%FBIec)Y<)tPQ?{GoLLkhPgY!JF&H)(R=h`&hdQG;$P_-zEo5!T3S`EGC7c(F
zPT30jWukMjC*`iid!->yc6DY^qt#8DOfIVN?u++USi@bSU0huA)JVKtAbn?cdRcmz
zu(YOpZ*o>iS@}Lk$v1ZiAD6Y*(4yKfq@W1T(}13~?0iD|UU(5Y@)hd6m$jZ=*bKhx
zMrRr>TI=20=q<NV>vnp-i}O~-Y4^Qhnwkp`HF_&dxkC4AdN&qDjd4>AAag}L5=pHD
z&u<Ogpyw}+e1aKQaB^gAN0QM(zji-oEtN`eV|$8fBJ{H<68hfYZ`RK*88343&URRY
zVz<r0JxTUB+6A~O&SJB$onuhb8|GLQZ$U%kh_KXAa$9${8k3cvu+&mqCioW7K7bL9
zl0lc_0%y_m?w}KIjK>=~=^oOm%<k7AMjK*O=+h&s5-hkib~SrSeNUwKAbUuCw^+F4
z!^WryohU;U6RAog99hEB9z`=QhoUB8jROgH)OE3l!9iq-lgd2EQ8g&VQZ?xEYeX#s
z3mf`VyoG|L;juMbaYPqeAmK9lRy}DgDLEOr%7dBN7@wQ#_6eQ^Z7fnSCohhW*FhFh
zJG0Gde~jY%2haXhZ5Q0k2HASZ%KhjUT;;&l`$zM}w1XFDKnk0oCUoQpY3!lVR;rX+
zSlJ+~#GhLBQUh5;tJ*^*w~})=%TmAUprN@D6a05!_ASE7H2j#|3tuUN$2E6<RncrK
zbh(JD@c!|5Op2Z8Ru^%XWH~Pnxs2-*xLzIT6#2Oe??ia5$^>#^vXX~?J>V|`{(u@4
zYfrxhM9icP@VBqZOu;w0u@-(a)nB@yR%Hw&?`}k;<c$-9Ws@FT4CST4C`LbH>qO!x
zIc@@NSn$@jDmc`nC6IrBlNFwblD`)x|L~u&J9+nDS3z&);Vx7;nzeWowmvZ3ir%8l
zA7adoQ!@9(4XLpahXDum2n}pB?Ds?ag7!hgpNLmiqI_j!*cN!8*lj-noq*+#^>mg~
zZ{$IKOlDskk5*s~1%$}7l01bxZ1{(0(T>F2je6qpjW*7td}%f(BXr-H=)MKo%n{`G
z84K#?$rQ#kh{d28&k8s4<^Ur)LXVr)hxPV<fS+RYqEmzphMik47u^9lVrW?-XTl`p
z<I0g-E&zurw~YyPZQ$!ltMEo{))%n_D;BO<WYO+A_ErEvGC4gI2dF_Rn@m*lQh=k7
zF?y&BqA^TH4C9DK1`<^c3TBSu66OiomJ_0z<CS12|A*!D`>Fc7M*aQvhviMrA2urw
z+iCJ}yVW2MzZk*WjR`0cReAVNHJM%wLU6!YgkbRqvk>%*Fbly6>bq4Ff+N&~wyF>u
zJR(*Iy15V>dEx?uVD{1Ih`A>!1d~skO$d7UuzKQ;XBUFUk3@0$c=qb!O@v?zZ2jEZ
zd1G2?(yKsCXrl?i3AZ;Df~9qw|5|B6@D}x})*71YZf`0C@2qQH2%6+ux8wiG^6izw
zQOXYElzseI^YZP{Xx8GV4f5@$MMn8H@hgLTyT4iacE#Zs`6l>i^H?C^$D`+yaR+~h
zR^rWA8Tas_W@Ox!FJoogvuF7F6LhZ~S!P6@N#1<epsiyY<=>*S$iFWQ^6&QM<==Zv
z<=>Yv@^3y6ip#fA?~#0~{x`_ChgJF3jd6K4SN(ln{e7F6<(qy!6;Eikh@Q~IlThB-
z$rev1*`MRU;Ny6nfXOc-9cCgdlfyD}SXva8XYq6fnCLFb=;0ZLzz$Jhn#Gd>z#jNv
z7lhTlq{4g=Piy@izet|la9p->GX_bqxQnJ+QwtWsPn^Z`VfZaN?|X20bLVZlo6p-$
zd5NF5Ejzfp>3Lt?eoM>qxBsPcwEv}Zwg07awEx8mX#b|Ow!iVf1-1W0-u^uYOzm$v
zzct<3%jdiIwE#arz`yw}IgT$qEXn8MwU;{OY>=(0)Ht&08c0(HIoYR>hBiG2Ie(rr
zOUdlvs}X#o;&sLiW;(C4@cEM_KEG_7_=4<dIXdz2QT&i>)c^5x=V&=<0Ps`4*)mQK
z<7xJD<L*QhjcI%W91-q<OVQ30e)5u5GB6?|4Mz;c*y9=+U+Of+Tr8gN5gS0?58Sf3
zlO;PHX!(pYlQjeq>CA>mv*4dd_zoO4va><>KI6<|TLOtxS`W-Sh8;MlqCA6hYhd8B
zfHD^{rlF|$JLXl*0nDDk3Wr5)0<fq`K=@1;X0i%0*a%1vRt|7ttNDaj$7UZhS_N6o
z3GCWoF=oM~!<x>B;xSx8sZ$0|VqcB0HrWz(V|?tEFyncDK3~4Ssgp%qjvY(1RPtbM
z&&!0rJZ+X#M5h>N6AX31O_qx2(Bz?#H$j~@HSwp3J)^keljbCS(gb}AC(enb!pe?`
z%E&p7>T~9i(13{XzAfm46gKgIO8?7vhs9xajU5&m+NhmhjIa#Mt?<KBzEAih*EXav
z5%Etn1{ZDVQrRk*o%x;@RJ<CeImnd8CzWwl5w&If*G+P*9vT?%7H=gF>nr5cv-{u1
z8F?ShHUZh0MhiY3K)K_kL}G0`Ly9aInr=LAr0d^<CBu9;F7%o@A7atCK4Rn8`5Y^0
z)9mAGY=j#TJ3?uZUs~rye>2sYh=!+!*_AIP5^1<G8ARgbg$^|QQvAbJ{Dd43_u!Rh
zRWBy$^-c?Y+z_=-S1rIHT=f>s$Ly^0vBrHW>p6eTOf2dWZ4#j>;`edjq`c--B*NYg
zC!tFu^u%616HifpE7afB@Y|fdal!I9CC@C6Gjp2C<7;w$p*%i4#4L})Lt^Fe*F%h^
z2+HH&kf<%f<?%;D&MuEDzyD?O`0xA7@;H0FK^{L^(u_R*WO%GR&Mq;@<5By}^7zC$
zgFL>dgv;X=x;#FZ9W_r>dAvE>WT0fQ%Iv1{_~;>{fr9e*_3Ri6<+s^Q<?*sZx;!2@
z{MX6j?&~g09{1b-Z;{7a_n77Jl&{Vuj~DJ~DvxJ<cR}*_u|2<99@o6lygVLSdOmqf
z_Q{8X&nb^RZ!{;5cdh!@<Z;(G&LWRrdj5Yz9<N-`ygcsv{JG_E-vuO(?N$FydEET~
zm&bFy;qtdw{oSnoZv6)3aXz%SsLNvY5V`1o!l79R-kD$>bkOwnmMmStAa584$~#l!
zkW3EgVt|aXc&?EBk71};=g`i$VS=$~i59dWF!<K3y5DYQhQ-qzL$o1|WVWe9!{IyZ
z>Cp82gncaTdcjq(SA(@id;KVzuYDT+JMMM45!yAe8GE6f*<Kh_!tI5Q-^A?S36`-7
zqDS|Vv(Y1|q*;1&lsG-M7hC{6D(77&J(Q{#dX&sF(PQw=3!=vj^Ef@6J5BW9kwhrA
z0ma>;YlZ#yCRfE-Mb|FDTZuAyX<~Nze!OzPd)hiHgYGcdK^xo0iPmg~WL+(~wm<Vg
z^sEYQ=f6wzk4+Z+1rGJQ+0~MNR1c~DsI;j)OX4K&kRDcoLM{mdb+~p-y@@uJE0E~=
zaoYP(YS=F<J*I7<p9EM7zI0b*TP$}qiK}2b=kD39VGe&3y%!ytpjNF+t6J#FNR$20
z26~VJ1J*OrqJK`Z;5`nRviuly#*LL39QuPr+eblbkaZL#9&dO-(gZrvovcV6D`+t;
z_RK^2F+8_YhA2FD(>X@}R0qZ*Og#qGv(5fc@(%$*4N04NTb9C)HUNPnWk?Uanf(F4
z@2#?l%2YgWg_maW!=zLH0yPW&Lpz5POD63+l0Pv^snY4`*+ykU9e5vXoub`0r5#!f
z|A9<-tS|)?kJ&#$+Z-rbhpd##csfDZ&AMEjL>H&TSH)w%&6xW&c>E4h0x7zdPz>3j
znf&lQt_Je(TKBz+I|uMIivJPEs#HrH%D!aQb0AJcki6<TO2XI!k2qKdJ-H`OPNw9B
z0a|i8Pfnra@Ac#!Jh=xYuhWy$cybygf2=28#gj8Ad4ZmMHBZi@WJOQz#gj!!o}wow
z@#H*8zDrNG^W-s<oTVqX;K}1C`C2`>B~PA2$({A&Ry=t!B}e*e$*p<vbV_D=avMta
z7102}_UjM}hm>fLf9en`hm>lNKj@G+4w<h(igZXkhb+(_6LpA<Ll$ZfS%)NW$Px{5
zgAPgLkYySqS%+NAA!Qn*@g@y&35Qf`ko`L3QV!XmK|a?ZmvP8;4YEXsbmfpe8sudi
z(v3ry26;w@q;SYF4RXH@>CPeb8bs6~mvab(RYS;iI^+rtv1^cyI>gB#4h?e3r9rOb
zkYo+AM~AfKkQ5D4r9%V`>7ha1)gcZJNz)*|(;@9RBtwHt*CFjWBvXUjqeD7yh^Rrb
zbVx@I$<rV`bx0=;8KXfQI;1m)jME^s85*PuhfLBS-{_EJ4w<Y$Dl`b1GpjD*(CGkW
z3lXAti}*41WYd-=wsSS8hJiMd=HOP7PDy#4Now)+7BLebw;@CkMR=6>;~03%=8rIG
zv~lytN$_|xf1C`D1Nq~0c<fJ)w0M&YWqfcezLwA+4z#(B15;>aC(!AtZCwz^mp0m5
z#DQt*k`E{?oqjH&uNUwP7Rpdc!#>dI0EaE%upj8HbUugGa9A0KeZyf3Icz0|ZQ!u=
z9JY+Z{=s2;IP5bHtLCsjbJ#Hs`x}RC=dkBFte(U8TPY1QrG&;upv@ef#m?Vm@+`zr
zfljY-n1jO};;=jpQ@=~*uu&W~hQoNyk`xXb%wgj=>^2VT!C}2PY!ZjLI4q6BI&j!z
z4(rZg860+cHo>NISPKrL5u%hDSWKP2SCt|MF8w{(A7ff9K9BtYzbWePuUehaY!Fd3
zLg06@`a7Nf7E!hMV@dR}H2OF{`nVwaxG?&-B>K24`dAiytd2fzh(2zQKJJM=vgqTn
z=wp5K5t&7Ov_~Hu(Z}TIV@mX~NAxi*`j`=Y%#1#Y(Z{^#<Cy5<xai}g=;P$*<Milb
zk@{FwRKmBGg8jF?R@)!dtp2qvlj~oJLEJTEQo-~v@CNm(he7@NR9C<Dy{W2StHx@o
z*Ww#hha4r}N6CX6Y`!V^9-f@c=9rQv@Z=QsuqpX&p4@|tFeQ)Y$!TnWDfv#GoWZU%
zCEvx9Gg(_x^1VD+WOX+fll$}JJhsP_Jb)*UVQWpv19|c|_JJw+W}ZBW{n3<s3s0WR
zicQIxJb5~M%#`e=<Y$YZU)Tr}q&J7)fMPBaqz{MS_+s5mkiHy(!;K}FApJOG0Ybv*
zMo0#S;9z7MO%NA{;Mimzn;<uF2o6>Dx(PCzLvZ9WuL*K1hu}bF51Al&975r9ZZ$z}
z;}9I?td9wDJBQ$?XP1~DBRB+w0JEAPBRK?R0y~&ygyeGwiU{_V2{MX9P-3tTO_0$X
zf&zrSYJ!a65R@luwh3|vhoE?2511f>I0U5)8)kwG<`5J<EZqdj;t-TYtcwYf%^@h7
z*qQ5%kRcp`l8Sw2g5+=r3NE(R1Q9s|<rrIRf=C>KVvW6If(+#llydB86J!{NpwMIY
znIJNUpbTU=CP*%akm_~q^}73CR*KZ=kq2K^^{=}=A^od#2I*gGrZ>^Qo}HoVU)~wI
z{`KMvUH{rUUDv;Ar|bGxho^M?t9XV{;kujvC0u3FV5+_~m%nk9sZGfYqpI~A{>D|N
zHou)=RJEStZ(L>KZP8V&9aN_ht}?axVY*S(n#OZ-m8nh943nO?x6r70`Dd8)#ImKG
z45}BWkx5S+Hp8fY70hTx|0<bo)W6=GZq&H`Io+sZt($Jts<LJn^{62;jGB`;!>B6_
zoe|ZJ0&Qge#<jRM!}%N6+uG#uH?FC*xt+gp-K@<>{x(_F_xKyvzuJtM5!D)@i**Lm
z{lBDt_5BU$UzuJ0tAG9fQvX_48@+EY;oWPD_h|(ZTrc*p;9XkXyEo$fXbGwC&JT|y
zu{PcDWY*EKp}#&^%lCH$%a&Xgy?-mWoB70?>He*;p~s&zU(bd29b4;+`=M|bP}eBF
zYfH{?pV!z>*CzNVQl6;P>F2uHoq`3gGif_k^4gp!+C9zuaJ5XXW%t<7&+C6y&)o*g
zwnKZ=O9)cbn+Nu=k!_K5P-H8U53%%Y`JFsJ`=(K?>eR`6|BxCBH*hcH>!t+}s>*R#
zyr-<5?(Su6s1w>O#`AkM>9uT_r7@zOVa9s9m$l^?W@{OG8Zw|ez2oZU_7`Cof9?K`
zIY02A{k@%rmF;3D_m#zgtQ?K>^=GDF1UlazXq7k1IS%8HPp-;xPPWkEm<-DII9#rx
zf$eRy3dIrfJ%IAfn}OAXn(oJ=d&QA6kzD@(XRdz&d>VMvnI|icIx}UZUbgP>w8-^E
zgyLH%zSsn3G9IrN<~?b}0IUsG!FQ__&sHo=D#^mn80HZNRoPOaQ7Uf{d*P)681Qy(
zM_NOk;LKb>(WL@?T3z1>_f4`TcA%7BhEg%?|1yEvJJLCc&fG&|a$O-&$bQC|Ck0wN
zMAyk_?PXUjq+o!1SGh13$0FjHgm|EUG%=9pz{;eEe!J+}C=_=ku`6SO=)i|Gc(Buw
zA070UafJ?rEAMp>w+zqG&?2ntI_ODY^5eJ_?HQ;eT~#?yeH|ye>frS{d<~W@XovS-
zJd(`0EnW*4fLAkMCmPnKF-(#;XEpY>dEaWTZ@=KfyLW+}p?3^%_Ha!V4XDiY8g}pD
zGZF0TOp)JXkc=;Re3_J0yoqb06EMCY<On@TI8^?mp2tPcHrw&6-MlkrBB4f#U-qN$
zM5aSX&2pxN_R{@}$S$(7mRR{-$k!}keQ!fv_*8^XfvBOsMdLyQWal`#-R21KCxv4Z
zmGzMgp#be{9au2{YT)^BIX*vrEj*9;=kf^q>)Iq-iwa#&qGV0DC;rzt{8Jd0Kn(ry
z>7%Cpc<)hDfBflD9xroZKZ_b4U09m%#_#p}laB1}VZJ}f2Qb#7NWVYnE68BJ|1L1_
zKFsq|5vqZmvggo!M}Na?fr0npvgyzTR+Q4e*S?IszgJRz(oSPCJWC)edx7^>a@k+O
z!l&s9m8j6>=P*gSaC`i?{{~t&y4}uJHpzTfOnK(~!!K<-Pkzxqitb<kYrlH+eoa+$
z+SNUvlY@)2`(EnVI&}$9yXEB5vgMH`<)3CB)53h&eErk-yEK0j!C&F<va`VpIh>sh
zKAOWF)lK0|>Yq_<sDIm-`nNu3{l_(f-&p^Wv%%H+FKMoRhIn=(nvFXTlG}5K9+Z;D
zXovBi#KYOO{_b={^zBr`*(G5(ySrmUZG==WpE=Zqwhm{``<d<$)Z^Jn$4^I^#ItJ}
zpK^*7M;8xJnVnuMt>S8prHGf~s+=_f1M|%i{RJSB@*Nn562rpQiK*K_n2W-#>qYNL
ztMD9M<%<C)tM!1BqHC)#w;U_Dv^`*&y)?R>Z3yF5Dfr^86tdAX9d}mPvy~&Frg0X9
zp2GNwru?4UvWsg4T7+sEYVO%Zrz4^F8?|^J6wsKea$@Skpp8>NN~jmcFK*AnGA2{N
zwOY@IF|pmkZ#Exqk$;8p*rISA4DNCLe4;tNdhtM-`JrHp3qC7ijAyP?go-d&!^5kS
zELaO6rWR0T!M7KKm^dPO@V8!{EpIN~%dh9hXWBQMmmk0X1^l?YDL-C>cNm|aA0M~s
z@ls9fIMKw9Lh-Zo)lA^YTn8R1PpzU$5kKd#6;A+PZsoBRi7x}KU!a@kay7<WFU&>r
z#orG3a#3jvKSnHS2+`kKES6??vLMn-Jnu@+eZ-fg&GO|<OMx%{-V9%!oH_+VYL(lt
zcDVNbjvf~@RV73yK`ReA<S(&&`a9G804jghG{c`0o8iy!Z%w@DMPA%hehyyz9(nQ7
zC@;47WI5S0#~(4@A3WJ$Z@gFe^Lg(NUOvHiAF)5jI0cugyH{euNTG1<YB<}F1G>O;
zCeDdaK({Mmg5>0&$xcSYu7_$hI(P@#6@V6W_2<<GhDH>z-d8ib3e~kF_V%sy5%pX&
zg{wR!l;_olce7PxNwN3AQhP>g_S3HMvG$W%Q{%K&h8M5HWcJ4Rdb<CzlFsdH3SF^+
z_Gi&Pljbh<z?fNWQHNI==t`8I*%Qlf;~<5;n~kCG+VaqM({s(C@1{mW-;JG5q3^`t
z8l;ruIxP5pW8tTupyi}uJD3>Z;h!8tRM*jhL9us#&=@pclx$Hkih<nZ@cYKNc`xep
zo<9%ieY26?Z)2$f>o*+e{l~M!*9+Zi++S(vk5%mYRY|DE?YSPb(0vP+Q~U`~@~Tl$
zZI*5PNq9f9YePZixjD!c!$GpnL9aci+Ue+ugbclThF+LqY-CR<v~$T^Z0A+Rb}r$3
zbt`mC_^)jG$|OrO?b*ih0*eHz^5S0SR}YGy7hjTIR&+~Gyk8bn&<=&m@xn!ZeN<&>
z?EQswzxYY994t8H1bi$Me?Zhk_L+Wz;M<Qlg?Eoxy?bFu|II=-jIKQ)I1(z_cD8`@
z>{)$6xT8Eep6hmr!e@=5x9%1+DRBdnIKFO`+wkFSlR8_()H*0tcyEKa=~QNIFmrh(
zm6KhOdQ#f72QORoes0aBTNf&*5YZdS^t=TB-%>CEk-Yn5dy85y=~;O1DQ48~arahR
zL$^hAy9&p{TFiuZ2DPZdtX1%R!s-V}7(v;e)r#KQTg36Tq2cfu5mPxy*QsvWLzpS5
zfP~>nFw%WNC&_hen#k{Gm+FqC*YLQ7uH(~Mfib1mL-?#*^d7s#tyF-?Apv+w3j|B9
z`oeYTHT=3r@`sc|a|_x~LV67#gkhIngP|(wj^lL{P!2wvQ1L3|BR<KbIj2(Gv`-vg
zO%aN|P`;Kng_UxkAw0F%By9@8;Dt{&9l&d}J{LDJvBfc|?ng=42uP*6J(6qVluNSU
zZPP)~6`Yy?@19mrYI@CGygh*-5&q2kw<_U|xv3U=Rl*4Vlgoc{_>Y_a^yfc)_|NtH
zCzbzP!GA8}KVA4wJO0y(|0M9Ah>w0w;*aru@?=RlDJjQl=VH8?OizoVm3S|mrJ$AM
zot|M4ihrc;mIIxZz?b2x)qe2Rc-p#)2E^F~U&2SY!Sx1pOLjY<81EBt7kz5o&NYsX
z<&wX5nc({t3{^<BP;$X%Fd{OAmx6S!V|ixrde2I{%6Pe3SlT+yd(uADSzB%se2XBj
zZ>{G|Vd>48B{$WU$9Y~6KK8V2oTzwOHirG8|7Lz9^CmE3+XC-A)3RO+%m6WeuwG0(
zW!)&IZY>YR|0upiRr5U%;rpc1%iOhdc!OKIi<a{iCrRF?GAy23QGu!~8dy~fl#=}9
zyA^!h{<)l-2X=RD5&zKct}3Dr(Vb+Ml+29KW|+nOH!C;!J#8DHf(@aA6hApLL;na$
zTgFRs6b+n!B?!LNXwCaAQm;9r!o-tTH#80P?-7}xqzc7vLk>4y-c~OuYcb-Tch6*Z
zQGJ?F{4_9lp$nc<3dYNR+VKIO<au1mG4CE>Kx<*%BjhXSbi;(sFe{Xa<89A^Mi$wl
z##1e-&ny@UA1+frEC`B$oFvh^r(X2K1e6KwYG+u_5$0VA=rU`o#tFXm@RXfiLtniR
zuGaA7c@Bl@K3J~BYwrU1?8q)l0p^f}tZlNjCbPKqslSQ-_Jo}7f&Uou#f7(Oew*?5
zZVOjw@4_mc;UiveKL@`J6oKKt)(~GfnX7m^-QMqJOPjv)mM6(Ab`<ZN{=N6)EyBF1
zKveH{nL;sMn;``&QT#(L$PyY$_RfXl3t`x5pd7mELv`wT0>gdHbAI3lX<$mniNL!z
z9w&mIBxM`LqY(qwZo0p-MGjnBG7*3JY=NIrVQD`(kYf!DIis8ya7385?0q04_F9$?
zj64?Eqsd>WBwpPm5%br3_sj;d3Uw1(RAd%MrtgQw7Pj{u%=EO;_SeHS(4xY7WU{xh
zo$&nKfEGk^uD^AiyLKMu%vLZq`|+`fuAGWFsg|MvX~3S>L*`t63(2}s*(EE%a0ede
z$O_88H`s#rhqv(-;rT?!7`Vp@h-F3o$sxHKgn7N7Y~N0y_|TH&5pNh^J7I4B#v#sG
zjnrvk&v=jIQ3XF)a^4Dd*DLtk5~?88E;PmD(9Q}B-vFt~uF##BUW%6|Ja-S|4@_-@
z>Ua-bERL^&O38kCHC`|BjicyPM`50O36i}=8lUx&MdoDZ_^>J6=yRxE6@687>I&#5
zG^7tD7M;3Gm}k>Iw!JJ{k45$X@8(#+=1YnXg&H|EzFEwv5f~jWj;|EG&#cB1Sc|R1
z=(DY&bz5j9-t~dCT>^OnBO-ypjd%gu_!@CO)N?Z~#-dK-*^FA_YDeff$R8LC1&;=_
zx5hy(SA`Im3LlH98!*QGda7;cb`9?s#5=f=s3y+mz&>jI2JreJJ^QLjsgylp%ASZP
z{>Q7FkPxZ^#V^aRzcP50g;nZ%d}up@g^%_3YJ#s+-{V5d2)<N*Ux=4KoQ@NoTeJv@
z9tK2c3=BRaj$f-1!Skg<=9G8_qg=~hV$lB04!WieXcKw{kMu7sL@LLjUlrp8uy;;H
z$Z2jzk_1Cpkf-R>i-K=LJP!68$~?d(6qn&mK=W>a)B&KV{Xh2JH885`Y9F7;OvrHa
z3>q*h$XEwWDoUbYGm=0CGI&O3GzutQUo01C6-Af<lv{9SAg8BO(+VwZwdJ+i;#;k>
zRs<DDxMaX97X=iR01D?Ya#1h|x6E%nYo9YS31IE}_QU_f|3fn8oW0LJ`?A*B&)R#f
zwXdXKpR}waiC#X?A<G|UyPkhKD}If#L3g2DO2SvNv1FsP>_QygMEY8qMg1M?qg$r$
zBa%#<;*9#%Q&}&Van{fM9t$#+-ihoXLG~nj*_b>|ne<7bxRR!ljkRYfhu|8@LHw$-
zru#eAAzet2J#8ciB@xv#gI@gdzhcnt)w95$KnMq4Vg?Ob>#5b7Po}Fk{yXX?kJ-i_
z`uj^~en?7xNQ(UvJ5ur73;1JB`dIZ#hBVM0q%R?gy^`=sf2gPN+o+Godi0EV<i#WF
zMy7RKZrzQ`tN2pKrHe0*<FY$0OE_<*tdbUplA2Fs9z81_eUbI(kK)m0Ji3g_XaF%P
z8$hwYm758L)$6Y!wTM%fh*ZSOO%PZmjHxfgBk2`RR*<tJU(U|@%0ls#hv<<{Wr7`z
z)aK2|IFc_v#^p_!Z`ZdB_LtQAi|X|O^pN@v=|4OnhG`=aN|usyPI{ri)tio|Qe`<|
zmrr_~zq}9kj&S#&sK|D@)%X3+ij=+^|30OE;_Tek^puGW<fGD~dGvRylm6Z5qJRHY
z49hrNJy=2i9<7qPRl0FCZ8ZIxGfC<ea97dQe6SAvKE;Tw+X(k)soTBoN%Z75i$%&G
zmvYMU?rQ#h$t`mJ)4iB~-*SuesJo7Tf9~GIzYE-r{QHbsn2XP^6UF_-_<d!Q_<g;R
zp~@SLgYXUPtm7L_tM~?X&!=>%e#_k(^MAMtZ2YE^*gsC9#%scF0+sUwsKiMl{=_i0
zOHg?`9g&#tm&FMrwZ*)2OAPY67r`J~hzF!6if~l)hZRjxcb*lcomc%<KJVX4F@?SY
z24M$Ul6NnHOD^Hk0=7li&QIP=^J7bn6niem_&j)2R+nQ?&MlWrevOZCSIE}Zl8st(
z6BN6(RHIps7g@x~*#wa*2<tpd4}!|4IAGhw!BT?pUmsw-OY_J72A0M?tRtv=8;F+=
zyuSw}{Gpc9w+VbO!;w2}vO3g3v+MkTwZ+7-vO4fz$U6~S#!8duZa(HoyR8W`0bO~k
zOC3{t=(jJydYWnrSR3(#Kma{x@L8;UW;u>Fi>!6}BkLW&Tz=0XDfTD>KsHII=J?fL
z*YOOni74R6;OaN0pyNXh@jx5wSLSj0+;!;BcIUDGFY5oxZw-S`ZiGQUQWV;D(v?}y
zvxz*`#&iyxuMT%4{ql@HFRK^GW7br^WoK#$y9`VF%5@d#*S;k|n@kw_netqJf!;D=
zU54J^Hl@GRCZ1c!U07Y#f#mWxe@5;cJ<cWsL=*ZPOups+HI3D*c|y&4_s>GjDovN^
zXow1q0S%QRZMyy*&Pw_-vL@!HjZy%ziydanZC^<WVYdgIcW;l(F=ihQmqj%8%zF3&
z=5<+B*~X~;z+k^^ftw8qJe#KkaTI0zPOH)o*;hx3PDSWa`d=NIK>zDPL(2L|^ZQUO
zh#2QF)T@m&4wj`?B5dcRZ09|h2nr5(4o`j>5xd)+%b?WL8<E|EtB-e^Hb$;*w9{LO
zN*iw$B;Ouii<OG)l!dTCWZ&SDjg_bn5lBE;6WK!qvWErmW?!^!`WG}Ys4%Lbx^<iO
z3ogvMBT>OtJpsj`^XUvEh9~jw)1bnVRLRCf1hR!gIbz-LTCrJkB#ZtMq^?c>5}<Sd
zC}!EKldQ&?WpIOb_t#=YTJ@Q2)g{hFSjy}PLUWm}&~d(w^m?0QTUPRB=+JFabF)%k
zZN-^eq!QoN0d;5zs;fZ&D~g!)2>E>uU0;c~#0c=Zx~xXB^6Zk82FepqmK%BeG~3-v
z+0Yr^)&5AT+qCoL`u%n}ZXZbfYUARZcr8m`{LcRSmX}7iBZ8>8zy2e^??>9IaFm|`
z+F8<RzBTGYJUIVPD6xJI>U06sNd!u>=s(YV==*&qUH@}_4}j1a*;he4YERDxL~{`~
z@#D($Xj>VpQJK^!qjSHTzLYmHr%{!&*YMAsUjWp7?Nr=^AZL~r(kpLr-IO;A4QdFV
z`p@-$+ooS~N;KWyyrW&~ty$l!{f~X`uP57dwcYsGf|LK|xPSL}tLWc(Z4>}Klrl%N
z^1JE1J-_7s`}_jO`tO_Hue{~nWT<3u<GtGNrXOiObW+fC^n=scY82(sR~jq?J>|Rb
zuQ@+MTbZAK0>iS;o~XQzWw>rTkuHVTxz721a#cE8<-h*UOUE<c;bR7We>`j8EB+Jw
zuDjA~Tk$XW)?}|9$Bp6oKK%Rd@_Xhx85Y-{Z!zomeZSZC{jv1^+P3sv1Qwe6l`vzj
zbW1qnLVxDCxxTjo2E!$F>1}^mX%-uXN9Diz6H&Kmk&Ela=Cx`-ir5w@`V*`JszSw(
zm2ds=f4bS|yj~kD$7klGv{3`FP`IAsihO8f#`0`19=01knf@_8yT7QxAHTmN9E|q;
z-e&Pu&+a&mDr~b#(I#PFINMQCow7;u=jQT3YC_*G7VG8TWWk3`LcRzGO`-5*_OI*D
z{mPzf5xhop;T}p02q#c331O+FXxwV-kA3&|Vf@<=gP|nhhYPAtJRwC92$Y~)lsax3
ze4!$1tys$`NcI<Tg-_frMSo+(MU@m?#uvk-=(Bt=M2g+Y2RdJX*P>fOmsXz$gx{5x
zIk_0BN6o^=*bHYleIUGtamB^Z#t<_=XT!jhKOX8}*A{#WNW<Q!Wt6E8RVC7xSC%71
zJ7F@M7o~(Zuya~wlVbk`cw{|Ly%IJ)h{MB8lA`ks#P!|tU?ATA25&XaCdPW8myHBO
zU7D#bxpvJ#b%9|?yV#vP9}^XHnjpneeCVi?=%X_=lT?s}u%PA@Idk4KJKFHRrB3q4
zy*cRf*w0(D=Ib-YOYXRx>)8-P^Q_c))<C?hRF2<l#VFM=ynlz+89{GO(a-2PeRA5)
zu^|TS$f}Pv*3I#qc$JmIf#LvK`~H*&ttpE$co%{l^=s4bm)WJ*(%-E}y#cd+{i*cx
zXkF+l{Wrf`k%?Elu5dXfo_6|{U)jce9DRnDkBFd%Uyi^U_GkN2e2y2CD!(FlSf6Uz
zj}TS_mBc<d&6aS591K0H>^4OW-X}KlGv!>9E{Av;5}~?OmSSwb@J6Bz7Q9lf?5VO!
zv7y+QpiIKAzjiU}KTC0!h@}Beg5ACISdd_+E8%0*!FFO{<YyabB`#b!<U-1V111pB
zBfeA^O~<RbWVtw<=AyJ}ktW<`<kEB+4br4Zlpv}jSELgvC}9F62!|P2PA61R!gNZg
z6A4u!A>k_!2Apx>DI<^KhwN04@Rf=mS^SI=KNG|Y;n4{;K;wrT+dy0`Nnb5bUu{TV
z?MPo~#ua_KQG9x|oXhgJXcOwdZvP?!`}q^2De)uxsw30ws0_H>B;!X<8RPm!7YuXi
zq)Cr&00roW=^jf8v5nApi4~>TY9^q%9DNLy<VXXl!8^6yktKC2E(If-XI$Wb3z)cL
zVNCujOwFBqn%5ziM=$3IO@w$bt)wc9hznX3%~=R(75@$C$&vC!;|d{!e#WgH5ZTSv
z#P2>>WYI3{{4ET4r&O13eULXK@1Zwfuk2`wiB+k*hFE5&lTWQXOw(JH*&&F)LH89V
zG19f^38G#6739IQT*bNT7NwUyjJWXSchM&;;b=o{)q}i0eUtd96hDK+PpSC1R{Zo8
zKUat!m-x9@{N#(D^Tdxs{N#wAQ{(xkN&FnakM6*>P+R|kKzzV@N~8H5)}0nJ5RY=y
z7zP9^cEGONnUv&2#PsL!N7h?85b!RVue7ZQ9<4r&f$+jXF2cN2e_$}^%;O^&u^{2C
z-=E{d2>qFvJnCkBH&z$wgR{HTktA()knE4VpR*bjNo|U><Vn%rTCfu62#0(SL<=nd
z{`ji46ye~g6n33b)<8Rm%*-$7AVu%Mu4hX(>8be(i4+#eYW~`$h_N4C{gzEE*<(8&
z>ojAK2SMAOM$6iT<l(a<+Ki*Qd1tQo@IFgXa;JXD!gTz>^da)xp~KC7RBv<!)M<R)
zvO|vF3&OU$vAsz0S@5<H;p=Js`5cj!W;fx~^91!!$4E=A6oYAkU(I)WBdJ^|DuRjF
z-9hE+AiOGeuj)ikjIKjBuWQ%MSK-|=v(gv1qnC<~rumR*oNEx!&(+5_nSETi0DbIN
zN36GaP5!~oNN##(r0e*x*sQQp(I=ng&h{${xwD;V`^GlyxH!8Vp-a50vqqs(X~~{{
z_#}FzFu6N(UM_E={N`!iMxk<>&0UmEZFXz6j6t2Qr8+&#brRP2vN|7xn{6*5$_p6f
z#dCj4FG|bo#b*|Kv8;A!E~65ABeT*?*!LTDQu)o|w!J<5{6%fPC)V1rMG<MVDjm*9
zS6*+Qe{s9}<?ZTUC`S$xLG9Cy6fqgFM~oAbInF;;=Pzyd{*vtbkvLEAI7{f^{z$zQ
z$3@NkYI+WkL8BZO8w3Gk9qO-i5m0{aZZDn%_Scpk74jJ$h`i-S_)5Z)zvEVYTvC_3
znC<#1*Skc;VO>*C^=vsm^h5PFN6muVe_DWYt)W~Tg7cBAcH<1ni1jYR7U%r%HV~_@
zL-4UfjVlK+!i_LKQTHfu`w!z*=+B7N6m?G!Z#jt0rt_tC&wXo+o07VF#QJ6X@yncd
zxN`I<Ol+-kJnZz2#A$r-mn#VVct-@{FI3U&H(ZYQy6=G^%k5RvgA>?oXrx0s*}|SN
zF}zK`@k!!$VYT>uwpRSUuvq-Qyc9EUw-^ef+t=#E<CUBEaeTCR9BVX6JHn3_PQs3D
zw`Z$G>Ozb7eb&j3U#JzgFSz*j<;CLm<zl{lZK?643cg)g$3L-6{1b2FpM^(6`Ic5L
z&&fY8yZGm|;x_id##z2Ed=24|8=3-o5OT~{3lVjtU+oc88UxDL?D3MG2T0)j-4suY
zGUdGd1)I1pF-6l`-Erhfhj6J#C*%SZfam3F#V5mYS-o#ZKpoc@P$y~uHGCwX&T83c
z>Ju!{#yurwjRot`%}ucjsZ8ec+(Nptgu7Ok*{B|ao-!tmh4_e$c;U5-kCV@&=Ld`p
zhE`S=qFemNp|&)GVVIV3O01DL(3`1ujbU9miC5PS48|B5L%eX4K@p9D0x(Q8x6(_-
zpszGY=7l4?AASI1XpHo07-_#UtblS)GIAS)6%)f8Un+*zAd!`e1>uO%UTILsN<ksd
ziot(D4F1bv@Lv;yzfuf-%q1MY;(}`8AOb#L0uxQ_37AnR`(U2%FpjQOU(;BBTiM7<
zQ1#lcPqC8Hl_Yy8*TGBe>c~xJ8#q~=NSyj^MqZ`)@ii32Q!#TSreo@3pi5@J7OTO4
zPkd{z3=hJ7<{FbvS`9wI8oWY4lvsLGtHCU-2A6PK4*8XP-381h;`z!d(GQzg-CDTA
z;7eBjh;5ACnba!Sr`6#3R>4LogY^w|N*NNsV5^iN2n_a08G=A`e?>}&hm;TpDZ&2y
zb6>U8ZCtI?ZQ^37TX?B<yBLj7kF)awGf=bk?lvBu32dUha&$_JPt%G2>-b<yXpGQ3
zI6nAg9xO3NhljTvppTDc4^Y#&2FU1TF@$Y~#~6k)N5>oo9+r0Fkr@XbmUE1UKQhzp
zwEX8rB|KXD=`n*#zW5oGk|v<AVIQ#sX*&uCyMr;%Ch$_|i0?NL+TBF&$v?Co5A&?v
zOxGhoPxun;5)^(`3c=tQBgdmjN}3o@?aFWPXyqos8Y{{m2VY2!PZI?9hh{5nnO2Ve
z@NBg9vzC9C*2ZW1cf-=2CS}A!6_ZIL<1tg-o9$<tjI^x4jNQsJ_Oqi|B<(Ul4-=&P
zb!NZUP(?mE&=#l*Erry^UEb6-%yGyqP<wUet;3)3?6o{IdyV4R>wKEGT8w!s`K+)5
zz`XQnjX5uk=6UJL^t@Ec^Ae!;$x$ZM{#%VXJ)tadE=#R<wM{^2v<6T*dwZ5~_)QMO
z5#Scbw496T+5#TZ7XxE9`jwRTj-l~DN2_<FPgyT~_1PN?PU)4N`kCXCvjy%A#zS^T
zr4n#=;RBviG`$1rW6dkIiFKzjltw+|*Zq?G`K|H(?_z5np_P&OdME&oUyGQg>ILz@
z)mFdKLso2F&wI0b1;)H5kExIU#46V}+WhgJ_DavenNKP2!IP$)Pgq7@6LZ64XO@n}
zZuO|UI>Z6*7PfgNM7uc|Nm{30YS_zv>{D6-ILMK42W$f<b&6KW?(zh%{bP2Kemc8<
z+P+}KXE^`a=~Z^Xeu~kEGSbQCeOFQvy{)~%riOF2wy$g!{rZ)!aX6~7t)e<r6}nAn
zVTD8(I&YcBhR(ao+8R0=<Jd!v4`VyzeC2p#_oV9Mutk19V0|0*vM#^k6#7nlNVf4a
zDJ>=)oNs0k>!+`yyqx6UjP`Ny_T(SsG2-Ia8M|eXF=pyLN7~pIR~iP!LFE%~WX~Kw
zudoI>Zt+ETPT#8sGk#;@z1r{0&pTQd(K}u?ahBM`d5th}-b0!6oVJS{hCdjhH((n9
zgRcEPVx!&*I(R3c`nXM+|1q?TSskAUUEt$Y=YmS5E`44#>QX&DWtrY&)^knz(b4MT
zR<Yic<<FVUFURleMEX|xURpM?lN^88?WjI+d-(F?u<^$FegNvtkZ=U+%;vH^WeN4E
zK2a5Jl$MoZ-B?!ik|v}^_RrCFu-)ecC}$`2mqGhfYv_0JAvyZojNMChsl&S*f<=k}
zuZp#~3sc70T<#hDm1W;enxxtT8#=F94X3c9zLF+iNh%#IzGP$aX47tJ-o;kK+Xy=Z
z-&%x)RRPYQjcp2DAV=sOtKVaHPqq6MaJ#PB<oLZdyK2KeP&uZcF+=SnQTGSpL+zEy
zX@5~&P+9NyYzU3Tp+8s~CpInT#zgIuUs+#f_-jTQCzZLR=q|3vf7Ac6;_$ej8ge_m
z((9FOm$GL3+&wLM<L92hx(5{g@%5UGn5fdz66)Zs4!B)*UfGu8!yR5}8D=Q$F#@F(
zgpWfr6iw`f#ClNk-hiCedmDZhWmQrPVcw}{l223rVcnir!USEW?dEyizDFdzZtrbM
zjFw`#^dPwo=@rtlkH+`OYpLI3>$qt=4m)t^FySxRqW?4dJTWxNp<j{V8;nKDaHw;%
z+cQZIRC2feyC+wq^o8`V-FS~kufayXa!Rk?=n_5CQkDu$fDO*1>JzTe<5M53K2aRL
zon~OC8OPxc5+1v0V$=L5VeT@^g}!6wUy}0U>kr$gNhz%_HXGG@-R30I(~U`nV;sRX
zu@*#rnXlxF<ljWOOQ=_l&81#Rn&+R7b0mMI@1AS;TZk>m_-wmz;0IS*9y81?7bP@_
z)rgS}uD%p~)&jpLmW4zdZ!mEz08bn*4$tv}I*4DC-C7OMEzzDFpTWg!K%J>Eq8Dz;
z6fvJ(o;nV%7xU|wchFjG*op6KCFQF=UKPHRXygNvFX?_rNs~U)pd+-~n$>RHe_c)Y
z?~FJ0Q!wtgq{p4_lXLa=D389OIzv|(dsD2h8$DEL4lKImCxir)HPSLo46YQFv4=SC
zZQfEWmSQhrcTauPDg01KD5f9;{vzl_@TlktZ__ZBU7S-Kh~I4Y7u5$n$ED~m8Ss1%
z;C-%{ra5|9ihu)sHj49H4SszP`*QPkGry92vVy!HaR!wSVh5$zT~?eIUUE>5%y3vj
z7qjCtNr!H-T1CS9CK8D<QQ*CsoY`_Dc5h1TTeUx*HFhxc&oqY<WuB%fT6?MmBIN*>
zT#Eh|uQhIo?8&P>kt0PFjP+&grd)l(7ValsPSQ+@!9hD2&pt0%iuHx;5?k!a9p?C+
zu!oX*|2Zp+@uJC$M$}FB)I49wL7YPa9Rk(idZA7wP1>nuu2QBVF$9ZP&N2r93(BfO
ztMt!ir^g%H!o1i;W$L$P;=+J_mQl9kegl`Ok2plfMqe~{1hcxLvStJg)|_T`P@qfw
z8$)iTGnO>1PVvA7;6Hy*8{TXTYzax}5A@H>^G4K19eN^jo+@QsiTCtZPh(S8e~t3#
zy{KY(0sR|a+lF2ND)|)qHuSopJ-sga9`qV}1|My(nsHvT33Nd=f$nT>PoT#$1o{Ui
zP;B*pK%H#~6p`6T-x%sZ=s==VK1W5tmM)R0gfK2e^$3RZBsMhKOm_XUCOg4IOt(a%
zOVQuXY#L3H`lcM_VSxAbn#g`h+x~49-TsB?c9XGNk1c?yLyUPie4B8yj%|{nGg2b7
z4DUIMibWnYm_=50wC5L`LOsHop2w2QjPWe9(>(U$nQ8jN{C7S2B~8@_Fv0`Ob$&tj
zCG<k_Q*kaiy<oAPm0ml~%+RZtWy>@3990vGvhD2wvgrCTgRY%t(Dh%Ao!N&^A4}8v
zs%(2+vw-&WKISZC+<MI9fi2*Hr}*?|qW@`Uq5m<bc`|<pz4L<^ME||;uV6--2^stV
z_iCj%jlx)dk5X?hlvS@YpjrvwcakHm{iOMR*4k4SN%O9>S~BN7(PS#Uep|tK2<=s(
zqZzhs@s;e9<6S=DSz@)=M&B&Q^EVKR>yyS8b6cyv42>0LDUsG3S*qMXNU>D*tO=E=
z#gSHP_%m6ZL>1{Aur~NTUr#2AnouZPzx8|cfHdSF{WS%pA={0Y!ta>lgzEGYHSRan
zE33Ir-c*FBR-qqoNGU#~#81Ro7*P5=coVGZ@8rX#=)N(aRFEPyinLAH6;O%;$^=Ic
zE?dBRLEBKLx4P6CP}WP)`}qUwM)5R!_Vb;P3W`3%KK(YAJh1z>3k&J;u|g^Odt_F+
ze}M<_?%laY0~-AF6aPoGHEka%Cx&b?etAzwR&FPiZB4Q4*%sbQFTO-?;4G6wZjYOb
zL=BYg^XXw?s1cyi7&iSzwkPo`Yjri79;v=(qkGviz(b`-u~BTJ-@U)TNc8cs(^$Lw
zkOqjx8~cBZ6yUbqmG>PzUrSG}$I3>>Z=~ogK=$Z#Hr%RUKHf`mxXpVXCEw1rUz=qO
z#w+Yf3n{21eQ-jFa>A6%Jy>3TVKF50JFEpvak9Vq8fGo+5-g@H8<|smA{FXXJ<B#w
zit3yVaugvV;xpYY^oq;uo(emsUm*M}IIwC+*vS`bD|snwsEcjMa##RNx65NH7{^(#
zETzsMV0x#4<u1=)IgrTI&cJeapo+;(kU&pQTaiKxJYsTf@)5(h1@T<<KeHbl$u28)
zhnjTw7~qWu=#Avz?EMZxf%*&rqJ;25uj<}uD~xy!Qyi=eD4V5aC(KGbY&A6}stA>B
z75yb9U1g1S=rHOaZsgcTDcYOY_3ONmMpCjipuJ<@S|M9C+0!D;x3JNLZVklUZ~Mm(
zVB+Uf2apmaMT#)kal1p_tWo+J|Cs)ien|GTO7s835U#>1kEvYaFkX5mIObuu-ETd}
zws`Sb+@&v5r(jP0%7E5+)yHYl`H-PCP8MVH5NOpgZ1Y7LB{anqupTIBA{DMTH7AH_
zvFndj3s~!9k8O%Qpgcr;O}$(p`b~=c+QPkj6w5A{Ku(0In-9rKy<Wn)4s|A<Hm~do
zVulM6_AUr|_DIn$;I*c**y!UL2By8SFi4Yfq5k$s<HbL;;v+QYzCeYtO`ATP3XN_I
zeWU*>Z0H$!1c}%**RO}t$7U`Vbp26E(0^*?Gxz^bn|PaqwY2O`SJN7+6ul5abdTMy
z-bcuB4cjcf?sJWQ5lSfRYJ{q_LFwW~pUO7i9Fvtcc0ivFw;8PT1GbY4lHh%aWFO6T
ze-ix*bv*tsBK}bia10VSk@%JO14@!3@&%Pseww!cPLdaqzGFjpKq80vatEx|jU%1>
z(<yf`q2Cg>U#^ysYTo4Etby#DH>nTT5!_i1rAm9?U@9e|{~hNUP^&s9IHVMLT~z4Q
z|E8}}d6So>=Mx{6E!K?+C`a1HGptmnxxDp<I#(i`JS-zfp2r@|L4W1Q>Z1ix^bTf*
zutknFg?s5wTFw3QFlo8#iAdLSz?$i~;*6?Fa0<>y`dp6ZHW&4<_!B-?OCA<3d<A-C
z8V3?qbI^q6&dm4rPGAT%wASfYr;@-sCPfm4@q_2>X}k0r+SrE#)EN#oqr9A#t9!bs
zfryOhfJ+j}NB{ag>!c?Kp=R;0HAoB=`Ifyj?CzW6eSaixJ{V9R)|}aVHIlm0Po1o+
zHFQ^d283S3Lc(T%(7hJ1vf{urjP;&?yEL*_($*#g`l(QMiP8B-(ik1oCNh>|ksRho
zVhGfee@HkfVZWU|mq7iR`RwsVx_yvDu6OP@SIUUg@1%)l3np97IEyqNo1$Kl;V!>A
zu>gb~yAW39dq@(zXUiV6R0ap7#|?wFpZ5j!VBAg}r4JJh-sM*s^evhEz?Efo76KP#
z$LDEU3&r>`k_KO9;)79F2#rOcOT4yG-*SrQQ`=N0#`MXlylo*{^($J1<bDZ-Y&YT%
z^<D4esrj(BvzyH#VrXJYLG)NN{3lXZ8mThs>@ZV;YPi7L<a1F6oPec-+JooQn;u&s
zm{Xj)PR;d48XVePM^Y(~C9HESP7c7tCxNo&z?>(0WQP=Ua0yrE5pkn@d-$U9-e%A>
zJshI3U+_Q-q~s$Cp6QmEG8g3tGo=DTj1Cc(2u=Bn<HCBK<~fmp_<+L|MI6AD6o9os
zL~dxP6?Qpe6HZ|jOS0NS1%xKhm+C3E-_sBZP}byC=J{SlpZe=h+59ARa)PQm;ZN8T
zg0FIa$@$lXdNN-TqM!~)eH5#k{tmh!xzNzd`uqg>@Fc=<7pOXL_#*&bvV~8gEU8Og
zlI4#c*zRP@Vs=uj3tj4u%uG1Z;Dj^0+ph$gojBDkxhoStt|CAXM;5&-oJ)B|t#bI4
zX;iTx4%tQ>HIN8_CZ0#JJ+(y)m$quZ;2~MCidrGMvW^8o2qV|mEh6Bm_dB=;KTpSH
zl~ZEj7UsPe(STaEISA^%n&;trJJ5H&g$<18N44@Rgpm7`cM5Pu-vGaINRCfTiM^2%
z1joL@o*Onu=4=+nX9Sg*pE|Lji(qYWqrLZXe7odlOxZzYpAqx5!r`|Lb7VJ$*jhV%
zzD;zIUmZzZLP$F3va-nR#ulFzA-s*)%UMD9D*32v65RTF%(%)Sy*uv_bBy3`0+?|Q
zX^)ar(=P&KQG*WMd)zd67M=URKGG|ngx9B6^||WzbnXLj({Ynm@wxPQCjny*>8tUQ
z(b%#NrRWtYfryA_N425?4(iu>{VU$FKLMK23!q}XKapnXjT74~chdX;4#DD8rJCnM
zTr+dYftY!H^{N?!I6Lris)F^+TL^2;E|3$$cq+lDbdlrbqXrjQwBdh0Mit484hF{P
zHH&|S7OJ^p=!(kihs@{maftEqE9u!i_vuI09OLMsVsk;%$;9)C+$$&(Yh|&6;RJ$p
z2|7Z3e`7&F7>JZOU7b;5uA-=QVwezBhS^E`n*U)C)%>?hx#n*V;+n4=WY+w}L0t0z
z$XsC5eBvOk`Sn!uv>twr`i~!!segUC{%T&VF5D@TAFIu);bEdp?gCMI7!EzM(r};t
zW7dDZ=Wv|JYShMZYSg+{xKZDhbE6KGn~nOgoEufhr(PP3T2#)BdZ7MTs<wT561jgU
z7wt&C%l2OXUT0_5s|5AxE9!NhsMj6odX<TK6(jQ{M!hVeUK{I<WyRk(qkgSrM*Y?q
z_GqF%hja9{UY*gY6AIF`T`MOnsq9J2JTo9s(WbIdDpi~FH?Hi`GOp~4WoBicD&xvt
zj?6ub$__8%%J!tnGGB>$)+TcAH|w|Ah!;GZX?QCWgRGo{0BztJh$<Qtu%QC2FLMR@
z;mh>F+vRxI%jr6qIj__oM@()?yIxkS3J}>)ttgZ|Tf_Tg#cG!I`amk{$<@cwan`f(
zTc3>s#lph~nxj_Ib@D>Uxq-byV=#*qBI0==();@{`*@pZ#;}HW$)1zpT|!q@oS3{!
zeEY>c_t9s}c+6%M`lAY|RmW1=6UEl7{Xw$?Ez;Fy(QiIu|4o0VwaugU{KKP+=-T3>
z)r3Bf%4uicZN{769g@gbrE2c`H(&sz*leCb_fh>890UX-4KRK1bAr*IxF|3$TugJ+
zD;QDjgIFGlsd<7|TuDzSyb-#@Fv;~<1eStDrBIuF*iSAEw6Wjyi%}06-PDyTra4~1
zsP`(l0i(V%e335p8VuZcPa$-J=+hXyf!9r@siO(D6p?S(tpKDj0}4^>pv724;F=8O
ziZl(y+A7u~q}OM-uqmaqU|T8}ztI7djmQicm8%m2?e{H)%JreeT)p6Z-`xQM)%P_D
z9FNB7mtyH9-sf>oktNGMyw_tMZif_IENWCJYAh?ccT$S>_SX!4QFk@B+#@LcVp;8+
z6#Ge4g-p`)Fjw|CrW^tb%F4y)>gV+H>64`L>3`y-j`H_QA<y4Bmg1dn|Ck#|p_s!8
zg?%@cSz7o7pxw3Ov9iJIvILSt$Mk=U=XjQ^OX?!>dNoSB8KvzwZRpCmZImC%k5!-0
zWYa8RQdx0m<g^RQT;VGbGL%SC|La!94P_PKzUHG*TQlof()>a6;mCff(g3<hc248{
zaPN}3jQxT6ZeXh!&u*=5rx(7<K0+VI_7T>e|G$02_qLB{v)?~~(Q1HDKe2p1azs+r
zusgCZC;TI$J<A<pQku|y{gfWH_Z1WSL0C{oX_cEXiE}8~w@T_j%p9$%e6vtPi=|~3
z1mX`_s}UO+OLNL5YUwvjVN$e^RF`Sz6P3ATDo&I6rH15{Wff9vAukiq({DD3r`@Fa
zUyfNJmW@6g1F8=w2Utz6RGPK7cmZv_7x82Lq@CAPx<^40jI|oBi_3b5L!q<%k`wHg
zY;Bem(y^pv9Rl(3R%E7^?=tsYrDgrye5Uc49*=tiRt|rgkN2y%vbj`QLbds%#_Yf>
z9T+&)T_r`ZG!=-`tb?-=T=0b|Ovj~p*nL+?6T#*uP8rJcae(Xw?ErwfNTunJGTdcm
z_*!Jxc#3yA#v+HTtglq|YuDqEvLD77)Hjsp1pqrh#J{#>Uq|{fHNjgw)19(RKPJSu
zjYdcI?2zVLA#-fdpFBIJ`2rr)cs|w@^!-_SK0=%5&$eQxQi{ToQor-ZS?7ggQsI+_
z*sK9xC}frD`O~8CQa{%5f6elzryJ^mqlD%CnD?=NVjPRGOB?Y%+Zy8XW4c@pw=8`u
zzee5L;{&DzJ*PF*{=AtxmKR4~A!VWgt9I{sM+B93IWQ9&ZN%y@L<LI7-32>&PAR&F
zKB#v6_0xqUfnpn_1$9d93c8WURKmgydWacdB|fvB#6|Z%U4zqj%3qR;guW3;IONEj
z7EAbB?a1Uji`xAOdYx4NzS;vdVm1xq6Wt#gO;hw1DRwuAKleVmEAQPQ$0Ge=06kbf
zDu;?Hud-KIrVNUdU*By-s*kK*eI@-$F&tv@CNd<Y@wJf|4obO7VrRb8a5w@N@QgV3
zB;KC9OIEu(scyX1PE&Xn?WdD5`*z=ZHFiF7itEOb)-OUDlV;2}fR_M7U2y0Jtl_5d
z+1K4S+?ZX?bJQHtZ_QlI+HI6e&HWRV3+V9{7XlEjc7H1SMQ`dOUh~(ieXNu-`~=5T
zw%7zMP2jth9C0@ZtD7#a6lYMoS7sN*1e@BVB(&}Wt(Mg@9nV^{&J{V9)pfYC(v@e8
zH1By3<!|ZV>P2{bU~mqNt?q^)>v@r5sUxYbKYF6jA}v@`QWxD4{zpkl+kUizMLRzi
z`*V6Jtp2m{mgy>=4(}!QfN`pf^xWK&H;#KG45D%nQRO4BQK6DMaCng=oIm&YBcX8*
zhr7%@@smf!`K2h1znOc|8xBnnj@~rSlOhjT2Dut3x6@l4W?#mnPJ-$=B{z?rD7|v=
zzpD-ZyIbkMI$;0pMV4k@Y=;!R%F4N|n}BmVL{4;&qKC1zSpFJi>LUH3Gu^D>(|<N9
zN2KR~Ti_uYSvv=z_AQaUb@0*4T}Qc*z9dJA?hu%;*uaMUfpfT`rPRZgM3jS!;h~pj
z1bP5R9w-Iu*X4cl5U^Z)0XzK%;?Hw3mJa$u;*}-`(Y(Y55-G=}=OU>buVTM8bg5Uh
z_qSCJutav}ggQj(21gokqP@$j(6i8mUUmp-utySBuk@#rlUE}gKyr;5b;CNt7InWw
z<%KSr+ck9?w&CoSNZlMNfm(Ke9%SL|O03lIMiU<kL_?|M&cCgQy@%lAtwN4t8N5;%
z@E3YssgysDWSTU!Kb}mb<{ls84OU9AK}1h;PmFsc^b;ut(>30bl%De{4NC4{dZAvk
zd+QIu@KovgBf9rS_DSBzeyRG)9HrL}Zo^=@>3=9M()CvQb)c`RK@1$o=(%#-O7r%e
z7A04M92|J7R|ov>YUdJi=)b;(@-Q_xQ5YUosNFYJ6<M0rxI&%gc0EX!mM#`cpGL}4
zj(-9Q&)o+XVB~m*azMH_<^GMXtWtCp6*;%-Kk*`E)L)@nb-;^so7Kwh<LI86hgK?U
zy!D6e^#{73l}dBu0|%NqcMqJ&ypdK(=~Y~XT3>_zxi0)KznlI`(U(Pz4rn=-9Xm=>
zmDjr68%gz(*msStu8|^xt$fv6nty?~x>Sl>C9W=(qL+!Qo>C0-9(liuGT_9m==9WJ
z;gKfIe@_%uCPn`s=$gN$N9l9TYtT+%+AwzyVo9mFZ{CXCR~Ua*zw1<TU!q(6ZA!1#
z@~L*|>MpCRj8BsEL8x>j6%4tgd4Ccgx;vCl|L+T(r!>#~z(Hlw-JRh_=Y9Y`Ii>s_
z6bP#j0=H&qkrtaY|0sy8PZvr~HK$VPdVUHQ?01Wm+#ldYc0`Nc_$Ch6nh)oM<hxY-
z6;jm7=rGkcbUyv>6Y4S-)>kyoVf8%n{y=5G-dpJPFIqX*kEG~Ck^iRfHvPwtd~)-S
zu_S#LvE|5y)LOuAf<kpXF>8nR9ZTV)i4x-hn;B?3jHkoRryyZ%jq%haaCf2(WsZ%M
zb_}nfTqKiI+7Ip~4dI{JNn1y)LickCy6x^2sqDnXB8|Vf|1Ns<sqwXK@NI#tcHMg?
zG_H-IJ4pL_WfZpa^Vc&lsc-B6*JbMl*;7BcTk?8yy{o>I9!$A1;>intBdd262h_(&
zIQ+yFP#<v0p3nWtX8~#GAzq?@U7qr7$xdI%7cjcOQpQVRLJnI3*29G8I;3un+Xu<b
zgwq-V(ko2?YqR!Ma|g>!@jxMg8BI>)-bLIw2(@Y6AzxNcT4d-Ef4s7H3NbR9<>sTZ
z^vYUN?_}!->{4*RI6kY~$08_qP`@He1B(}{w&i-e@K#=(Lu|YpM151de+gEtCf&4@
za$heiQ=L*Sw9nO+jx-ZCmgZRKGdSa|C`F%0{(gLIb)S`27g<hGO=P9l2iIV~puCQM
z`n-4zzIpZk;3turxW-uiOXMD-%L;M%SXKJzFGdtu>I#?Q@+30QED?IZXdGImcCQW<
zBGqTUgSN&;I0sY1g7oroE;F*HPM*8Q(h>gXrz`x@(DekmhT%;mw>RZ#XIoE=dDWVH
zE=xbpy-0lKmP{?*xiwu&ZFsttAJHYgLzioY8+mgFiwFO0zJWO;mvbq(byI*6vAda>
zPgdcz)ySYfMpCktsBzVzk6*U<=N_u19|EEEtv0{%k=Q;~P7g2H2@vJV*b^L}kyZ|;
z@;^g<n1Ba7N5h(T)#zO>TS|6PIb0l-qSfWENa5v6*xn-j-lFXH%&tkFNA>0;Do381
zL~(NcNgHVH!c6_?{ZUAXB(342_vjNlb+)v(uQ&W@nv895W;Ct;2ph51C>!BU%p%hK
zTY%T%Lobz;y$Cpj?Nt(`*hMJXDl4BPdl>vS_bcR=BR_Yy@PU7x55vhmDZ0dZQB{jv
zv`&t6$+y6rUh=*r#$fLeQon*U1fTHy6Wth^E~^6`@705byZlM|0dpyz_)4}U`=#w~
z|0{G&W!(RvxB7U_RCo398$!LSkN1<JHb6}R6VfsVm2+7@T2()!$v(^xdT)r@Wxnt`
zUSqAfDa9GWyS$MTR&RWWbxwis+Y#vvLsI?Xaw>A%I{RQlj-`4=jwO7Rw|W*egOr-C
zhkD}F*B#V<2&&+hR*i%`zE#ctWpqnTRVu6lKYx9@jnL5qn}6<U(S_@I<H$!{xW9cD
zZkLr49Jl=Y_8+uNNyLBfNA{!t&I>3f%<g-fy6=Xb+<ilPB1Y*EN<{Y+qu;KNdp|78
znc5GX_CxNpLtIQ9K`-vLzFF(7(yEQrf44Y7>xZcJr~GFB4M~Z-;m^|@cp>zqv-h93
zdJc8q553icMF0Km5{zjJ_g@40?~Zo;C&x$D!40Ps3gV6&oNsiHKuKu2FZxAjj4#$C
z#lB=|;Hx_$XeHB!mnuOuvq{l%nhP6p`k_|(-gJDSOgh5qo9QjBnf01o+T!LMOY&*M
z{#1cKY>q`2c9@5?Kb1oJtCeCuY!wfFd^86Ns9#BhI>9*dC%hkm`gSpli}`#K6nrBJ
zK7gzHxD+Y&+$oXLOB5n2YeR3-ETn(IxZ@C2wbeRpxj9)TEIp`+$tA}64=cmz16a)n
zqHJ%}hgW(%GFAyM<LilH$uOU9Y$Rrawhn$<zT1yu3qQuL--=F@bQR^Z_H|>Sr$gYX
zfkEpa_UQ(kn>_|@sMo`_ySI7PPr70qnW5Je7)?I&Jg_!RID1Z}qn6z8Rhi6r-;udm
z%nNpRyQ!ny_eOl@_pm6t4J#V4ozxSdUUFn0X(d6Wg}MjP4scxNV$1@-kQ}RwAI0%#
zdmDSdR0_LqUpX{yXA8!5A+L%OkZj(uwrxKtEo*Dr`g0yz)z2cff+onytVIZmMcI{L
ztyU?mNby3;dmSK$r&~EE3|oIFQW8FxMHAc?E<%c(=B|Dgae!)`$U?0$U(}ABCmtEu
z=XGFaT2x)yPl`eHqsRS(8CUi69E%ZRBvDt$6ufsV!f&WVKueeMCz>_;EtoIl%jC%J
zBRDXp&D`KTt5lo2+Z1cJkyv}zm=*$ViPziL$VzaL92vLhh^)?9q^+B5qxST}A+9-=
z@k+6`y3E}#+yzTrRMDsh-jN7NKzZeOa4E@;#Wa7C{;mD)LJWiABUWv;S_Ji5I5z9V
znv$K#E+&5`{mOcO1QH(G^xByDJbJMxY>-qR3<tuW5c@2>DQ-U~X7;39zn3s4ft(pm
zZOmbV{Trm{5Vqj(E%wJ}JE{F8O+n=vzcS3B4eJUQ&yh<-oITVgKE9%4r=0L{Fqwcl
zs|I^mEijxt!p0!1&cW_8GN-^IEEj0dlReV=Q8fPqJ&zVh^WeqgS8sH_G5VrsEjOwC
zHPnDK-GTz`FI{jZRCp^T7t^=um{4i(FQB?CmgBSPWHofL3ziAtAFsyJk+$#<w?>No
zoh?l7botdTZdq~CWg!U`Hoj2rEKMI*j#J~+k##sZJ}l{>Ec;qzGn?kdwuFxn7I(>t
zHK@*E6Ra2$6M7>)Bqa~@5xI{fl{iY2tNIqeg{l!vP)8Ju_{rOiy{UV~9ETV_e$eRY
zO7|uy3hgOiZIL6sMR32HfX6$i)M|fZ9U=dbi=-!C;FZeQbe7!3ppv#z28akW{-y}A
zc}^O4-TWV+aYSa4h`?c|7x{t%vF&@*W?7M;ZikK_5B|iuMO@`WW4&;}^(`RkUJR1H
z^Fr>Tgs&FsGh@Aq-K}3D`~&pgw`Sf{CoVEy1%irbR;=KSZl^NAmZc&)9ygIeXY(8-
znx%2JazLH#!h{mr$}4#ZEqWw}SSc0WC95+w5xOkZCesst<e)YD7W!%|-N|ZrsV?&-
z+axRXD12$J8cF;)q_@C7^)jii+=cIuj6GWyzMBPpWCQ$k!CEc#pc-DpV08bH2K$8;
z?YSa5MoCtDi?peJj8qkjjQ$g!f<U6rXoKk!VDM#@vcBOifGz}rI+XPd9gEfl<Fl>d
z0{t4p&ateoKYpiGiXP+0JKJ%ZcC;?66YmnjH)ORGz57He#r(Qz>$GQ?#!fl-__o;d
zrl`6d1<al0S{$2i5nfF+XD7R-$7}9%P6|zi$b>BvjUGXZ#<MkXT{uZoOO+f6xMk9G
zR`6aBPS}$p`>2mdiTf*zAu33jq+byMFENbEmzBwItjwc^JB2*LLLKhWcqv+Y90rhg
zT9e(4_=kPr<0VCB@`CEy(y|<C{s9(g<Br4Dr<Hm|xA1o8L8CwPn_(=(Mpt_SMSK23
zbOJ@&q><TIVgT3a-SDA=uZF*RB|HC3$1?k()Mm_r`o*UO_f)F0z&ZZ<FFSZ69|*_w
zqV+c_Gp}*!|HJX{#OMv^C`NBk9*-Wo(DCTOBAg})Y?GSyZ);`sI+?V*?))m=au{#D
z#BypV58?LjGlV>VC3QI2fQE1n_0)C_>U6EF40q`FQE{~dzNz~;$~g5hFT40S0Ot2D
zJ%B0MPa-d%d=OOL<0!ITrV;vO8lhjN5j~mNNAfo0f$sIrr~i*13o0f0)29V6qiGls
z{D(Sl<ySt_A4IGP#a9EoeNPL=OSqGFI5X}yIGDQ>sEkj8m!chczcG&wy80-neBg(%
zFzTgQd19+{yQJt;&eTy@8@69y+94|>5S5Ao9;-;H1s*h^u5$f*-Nwq-^)<I!M0~cO
z+TTrTvy-hCiS@%j)ZtE+b>3~hJK*^yG)z`+cF1G=vTWV#_q;dxdcU#_2CL8fB#+9U
z;ULIqT6!4vpFxFYL&ROh_DMnNqezQA^mjha0Myk-j*za^n@?7k<6TY*+B+fF@9BWE
zaMckPP?cZ{RNB_A8{aJCZ?d7~42K+_;-pWVr57U8omR6>7u7K)Zr)U~B~q6|^AQY1
zrPxHCN<Zdc=7#-~*Dbmm7NA&~8{u|MIiOdX{$?c`^?BL;(pmQTf%t<mF9SLP>NNTr
z%yLM**WCiEla9&Dc)yNN8H`8NhhU5wzKiuoJ%_E@_QDouhc$dT41+enW2vk57Nr@F
zy8tnme$0S?i}4;|cV1I#%`%?cE`dB|6r?sK|JeR~P4#+N9jwP~hJS&fk@4~HB29bD
z#%QcNn^dER+4M@k+XjEi_V!{UaUvvCgrJguruRPRnpM2HUvco%7-8jEHL_Hh0Qtse
zEv3s(WF=fn$^#<StZMAL)bfV2D@1sF0)qtMbEL#Y#FqP(5(h0$!@`6Q;k_){b-8&0
z0d8SbKnUQcL<jvC5lt_+Ic}d5R0aj(50cck&nF16eo^uf?GK8v2}^qQYYc*`3IggR
z7hA+6h87Dd99|eurj!yNSNQAS?>07YU4MgTnnIUD9xfT5XAzNDXef(`r^FVfTwm9X
zUMeQEF~J}C%Ic4tN`+iB*fe7hz#r}mf63hmXgQhT&y>>Svn3n7%6kBOm5P>y`Q*q-
zbOwE=F?@-hvZVbB&LO5MAf~|TG44Y^IDj{TLLwT%3qY4zYlY3?HEl1%G0sY(*R;&?
zo0eIA(=rPe>_&EO`Iz}IAB%xyGc1_#Q4%&SUIBYS5<~H!g^8j3*~C!83~Z=j1vb=W
z{1%E@-3tRYj%^fBUq-cc5kK-fgmk(RaZw3G9ak7o%Mot*5gZ|`J}XY}=uDznJ382?
znX<#E7=f|Ee^EK3ULs5dDMfTWC*fO+pMVmshTqA+S&Qe~Bt>WEvaMFHL2RoPDh;aR
zEXmG@k9bcp9$d-cYxZk)i<n#CPW(8D%6nW87JIVdF-$Dvnfk|AWKw74C!d80MdTr;
zm1uk{5qA{CZAtp!rbQydgQW0v0rerG-uFPgro=xO>ISKCV2nY%AJH3HSq)le6YVGM
zgvt(j_D}l<Z_eruq}QVY>KKwU6PG}*y;_QGHsuK`xTKrZaRIYx2?PGr&f4XYO7)@q
zO4|(L%yG4qwh2!2{O)R@hK4WFQ#olpET~Q`Wb5@LJ2+gAzR_BjLlAx8RfpwQdRnBX
zo=0eLPlE6Z)M?MG#nMx+;A-H+MYAp?RgBUqB_F{e$=6b;%vxNjOkC97&ab0YGzK-~
z##E})^QCD2lo9w(4cE}OQEyTI2~KS^*F%a{a2}FeBnX_S;EhHC4zfgb=5(p_Ok6bk
zX<Ucn0rj=%S@9ION!^V%Cg!A@9RA|_kTwi<2rBOP6A}(8S7`mqZ5F8PsIy<Wzrd%=
z&i5&gIQ@xX1{)0{sV2BcDMsu4@nI%ku`^UNdlOGwVp3S_4-6{9)jSO2?5OiFwiCR-
ztKOgQ8I>>nyr&&nfrDwA1r3M)tQ4$I@RZ&Vu9Dx{*}eeuUf}{3$7FXDQrRCbn=jYz
zw`p5GH<uEn=(}ue!2+KkIHYz!@kr4XR0`gqNni=Ycp(1p+C>57WKe1LEAJ;KVtrP<
z(dGACiql^eUqR?GIc~p4R)b6EH$oVpzJMOPC{qCr<`!VkH(C(H^n&Wa{iNsthQNok
z=L)b|ac}}bqo6v+g>?>621e!}buWQ(dLI5Iuk{posP8?O;)CI*{4`_c(Szi#eV#|0
z(l5rH7PN52z|eq5zqk#lM3taUeS(2K&%Unyox?w1U}pF;U%0<O47;xy(ul4L^=+qw
zeWP#S?EINdDRzwReFLeY@dKw!ieEXMowvl>X@0qp;|vh#-04y$IaN8Iv^Rcqq41Nt
z-DR8Pw51=14=U60m0Jnf%psylg;yDzE=A|khg4!lQe2W<J=;T-ru}JO(%cE8PI9TY
zIc<03tNwi3El$q~r7E8Q?5vNF&8uuswxje9nVm`XxlZ_vcs&~`rCaNhueOskHQ-qN
z*QEQ<=e!;tHFO2(Px_=2q93&1&$S5L@HfWL4jfMASAq`Ig?<a^m*D`>NwHw0U@7IP
zkd+N`{f2It*&b!Q%OglLoo})BtNZhS%CICPq9xl{lKI*K1S+anU&wZ3F~&FQeM<r=
zSQVhBgaCd4hb|Ri>y%)%;4ohefRt4E+N6|-u8)O;@FMMMqCCLA_;f1``4X)c-LvOX
zd}f}DtM$;%9E%z>WG+DsDf(11yD_`4KoKCwt(0mV?uVPsNFv(s60Dvy6+jQYA4Kb5
zY!+0;7cf#|{L|8bn;-KvbDUA_!d*EQy|kHYrtdkKZXEAauiyZ2?6hSunrYmz@vzzQ
zo$SSK<{F*JC1#@it)j0=HU{GlyRAkRukyjo@evcT4(5-KSV(N*-s<<Pmm>ees!N$0
zGvaMt*wMvrOU1T$VRRR+K#-#|vEBI`pYmRe;(o$*cwOr?H(edSq1WJBk#!TWu$g?i
zmPDh|Gs+o|0!MU>56!_!eeaV1318@au-K*SQtDB45^JsIoGm9R*H&;JTrKuoNFXdJ
z*{QwvS&sQV5@Kz-1ieHETHH&~FJWc2`Lv+wtoQ?J?u!G8vg0r3{xbW1WCrXHM(30=
zT)39>k%~47BK!;xCtrK>9)=47Eu2@Kg%(&57`c4Xdia5uN`$bsgvHCMBUj9~tlmU4
zliDP+hZl66mnLJ`I_wnNA%&SZXz`hD=NlFxwN*8@z<S_ew^O_II1^gvJYMRY<X|4~
z9XccLy_ENIBX2LxI~_2a_~j%vj21U7H)8gzr79%9ij=QEzX+y2ILuu8q>IH8>G~=?
z$<aro+V>~v>u8|&4qw`$GqaDCY4Go@Z5zyXC?$1~^0n0YmXPy^^!EYQ{;=q|n0hbS
zm2SVe4!50cm|ynzumh?aeN;LHrZ_pu8Ul0WPjUg$kyO`uegTJFCcC7%zRGt%OUkA*
z0uqsYj+8IH4vmbiv7DoKzit+69Ni|UI)Gj~Ti0$dGrnMEta5lG`>axo%T^8q6`f-&
zlfu6Z4cPxRiLNz~@`nCq-E+CN_ZoF?z7}`4&|PecvPp`SK>*bGBV}%jw4nXLEXKLk
z<&UQeTh6avV-)s3e21{yyt}L)<_)kdd|owpu?RL!<y)OR;$vZjsdd7L*E=!d!+Eg@
z-5x*`eJykh04?+YTsj>=Sn~&H0wN;1hZFd5Xeh4}+8A54reF1lSFbQ%m7=?O>vcP2
z(t2iImtq@X3{}45I<rChOV9)?MWR6;^W7t`BioSD5qLJ+9`p_bP#3X9naHq;6e+*=
zx-^;nj$cRQ4JI>{Z(+T5bG&jQ(b_>mHZeGeHY`fsR%>Vt6|AO`goK((%EK5EkMBY}
zy3^LV-8eq>ord!8A;dvyMwU1@Xocd7b&S6nv3?gnj&ZBM)@-JQs{%(YH1nHc++op1
z40cJK_x`nVy!;b-PG|@yM4P?xSW2F|4%duiDEZB-WNB3<xk)5Hla+iV>+Pq73(Bml
z<jq;h^&<KHtmJ=WB~KCVFoUy__r8@$eoiF2vXVntZ}&`P_Fuhsc+-|FBUjcEj}1q#
z01Na(LnZwBYo?=OIsTA~bh2Uq0DqEZ5cXc$Mp{_f31V%n@y<$qC)^EAHGXxLLwiXS
z;-o?f4c#ZaHMzEy#u=z+rYqFlM|0jXlticnh3Qq>2`UWDr}X?;q>2tD0I>`38LJ$?
zE$}s>-@@z~=$Ft-S@cOQ+thZ;*pQR5v}~}f4yZiQ-6Bh?5>1uEtgg@nwJ;o#mJLil
z3LmP7k`~gdFY+m$gwIR%X8sq6MP8L)y|C|~SFmQk@9g#!f%p^Fh8&Bu>~?EVIZb)j
zh%a7Z`a{$7jTi%#bW-@M=$4?;8t#&OnZ`prx(wfA6A)yt8J6-(t9%yvYGbm-(CgyE
ztlowW2=u>P>^pF|K9swusqzjkm-zm^<>3pGSCBqrJ{FN){M39=_Rti+MrD5*j6XzW
z+AIm*V&-sZ*)S{iFaVdz`tdmk0jaVMTV_}JmdlYA8+0$}7tL(HGwakF2xzk^)ahA^
z5?m5cd`q>dhnJ@!E!KeQTS~AZc+pOO^Hy(UuZ^DhE^6{NZzFMT!&Vw$mEiMo(GGfx
z-o(-yK}}z+7Ni2?_@v%&QzO7l?O7`JWWGu7GH#ZYx7FbD*!nq_oz>iZ<{ro$EppK@
zV@G`^?>5TH=k#fO7rP<&c7r|7qCI?`-GUw9>^aF-rw#a;rzF$^^`Y-dv7^|NEc%S?
zGpXS>$3umsXnnx?xi;VvV^4Oy6n%$zeR?SY-dY)_*c1L8&iHpZQMZFddLmGCLOXK1
zjiB>l^cr+MuM%{k_hNN)l^;4UfGyH}fXj*7`SnEvpO@qQb-D+4<s~Xo*GzfT!h#xW
zFRg?N^_x#;tsl$ra2>{)L%~oMqYu!2&Dqsz33w)Ew=#4kH;*RcTM~rsK`HvD2zCA@
zq_B4t{_EHAW(w0z@-rTdEdDf*NfwWCB-TjzMOUY%kas#lG*@*rrjWPz)(a!VNcr7Y
zAzNvrT<>ej^=CM}qN9-Ozu>!Tk-I%-^7>D&%dRr~7q80^c1#oc+QbQ3%DzB+^!e?#
zuL)9o^KWfmKWq||Kl0@fbo-UJ(Fa!a3s0Hc@8O^P7&~|kmK$V6w#v(|@89piF^@hn
z6;41y91TO9unWF(Js3K{l=jY5u#%f@1%t1;!5GIozFM9#jVYd_R=mlb+LX+z#ilv&
z3`qrle72Qe@Ov7hg>}-hI_p}kmv}L}BR(`0A8rkdIVvxb$87OSuOtw$J7E3hrg+&8
zWNSiu^*v*G#J5z6_JF9M^5jJB2SrAhFPsZ%O|Z}?yCIz4R<7Y$=qQ5h;Uqt4nY|AZ
zgUVr2DSRad18R7wxsqP8llO!B`ISMTd@un~ah-PTRvVk~G+6p!apd5E<*DlFseaV2
zp*$#<ut-zZ_^;|A4;;C{uiW97+F4e*Uta{1-H{tes(GtV-5?4eYS_UaKW*3}X4fx@
z7+%5nEGtY#cs=pd4Ps{+rtf}byH8qnr7!wLcpr&jr#>?EFShGkST8BC$ji;q7NO|8
zZ*}8I0i==eu?RJH6hI_=LV21NybV4lmXjQM=d`^Y_6w;h4_Z+T;oYZf*Be@~oYP26
zLst*rCF@yB<uN<u`n@!mCrxma7%F_A)mbF9%L@vN2tRy4I`c9DE!_C@{%fYiQWO!W
z%>D@P%hZ6k>wOmedZe#*o&PIK@&!Uq%-L_aAOZfFUbh|Dj?pKWCSIyV@kO=rF)U1?
zAMgTP?(8dz1kx|$CB9N9QOc}ZDcT?RB!&a(fG5A{P8z_~D*eDNNW`_7wIsc6RN+{S
zXNbDst07Y9D>pa8qLk0(Zf8+?cCJ2`IW7@r4X?lQ{=zP;Do8ZCnuqM_iI2WPT9YMF
z;TRi!cpS;}@k&(}%CyS0;2Ddy@9$P)t&ys{G<)=^>GWT<RKHuj#HrY%*eezhhZZX#
z*sW4NX3?zeecfu9Pf9hag#!mKU3Ixd7_be~n5|{V11!`N(I-0!d;ot(X<5D-IKwMY
zMKa*o7pjPE36%wv{mE`ZE=sHFjpQzd?Sd5D7}nTWzEQ>@0MS~GJ_s|%L2wkZEpbZG
z5xj&lYpM1$<OOxgLrbh|DJR=<m-d0VIt@|QNXG8rW#4g2-dz01D;BKJ+A>os$CM|T
zw_P_Bz7P3}YfI(1Co3L%#S-59W;LM-_LpX-$@}*&PeC}sAupv>;ZE&SM4yF44NbPt
z8(e;DF;nJ?_A?}XRI0fX#v|%jcQMvf8)0@+^obmQ!bzfIiT1_@W2#<9<GmzQ;fG2J
zVO~Vv>wtAByE|ZQ;ac++mRWVpxlb$s<OT-1;QqT`oBb|qduPG7<{%H%QGF<bamyPx
z^mo;Y*M7%u-m!1FI7x~+NA0>H2kuxSYp6{ix474;<o=VMX}!OtWSbt%vZs6lXJfAV
z>GQuuIZAM`)|rbU*dWF3hFXvw*HA&0U5b=7-d{yG29y)wt~xArjb{_RDk*7gk?t3I
z$4op^Qs&B1)uo-pvOUq84xiTXwdhtC*HE1mHF;erZ8sH*(VKJ>v2s!7vdLCCKE%q#
z7{0~yy=`6wsR(HTQ}yD^qwv9sXcH08;&8tHc$PhdNW9pqj#$V<j~Bf)BiyLHGrA@G
zdB8Jnu@oH!u+m_6!?)6MIi$^&P^Gaw=~q4kH*k3-c?j|Wb$#-M*gCOO36D2&I|ccu
z;^p`Vx0O(vpd+?R)gEogkP<(Uq786F21P+Bm+W?4_5?|pRD>d|n=;g;y|GtNRY#&K
zDLRjxpZ9C-w@FvB>5tQ`wxkI>nCtyPQMSyCy~_cMe3-(Qz^LbELPLGTlF<_X@VAVX
zxVVXvZ_P^X_ev)Dl_n7{2@AGIR*&lVtYw7|z1xodS&H5V=f?@{9^!b()lcH#`I(0|
z<KcpK4~OC5vUaa~@vx!Y!!kVF*Y4qu@UW@f!)x*ILJ}7%x@8_BHr49Fb`KH!WA!jR
zyfE|da(ZaqufC5G>EW;HrQfV6dRtnxC33<lU$jw<)OV5VcjwB9ic%reD=Ne!^vjy_
zo=q=08=+|u6{Gl8sVbD?zpO<DRpB2+E|yl^<WOXy)tfpha)5q1Nvm$}tjJYL)d<*~
zlx##ymI|>No%~rEzpr4ErD^GXK3?tCAI#iC7t`;|+(TaIH)ihn@bMpI?%C1&%FI0n
zhP*Iy55sIdFLTc!B%9MXr9xV^jTn?e&`SO_YrS{M@f#<k{bxQhBQZ1$b6VM#o}g+e
zOpgizA{cJKEvwJC7js7;cAV*m8}1`V=1i~{=NWQLh0ytJcSP_EJBz<&7nhmtLPCDC
zcoXDO_2+y>w_hFRNE<QzT|9894(090o;(rH#IMe>1UQHnp<>SoX<iR5?1XLFy@B|R
zB&8;kKJOz$JGi1|rqhn>ob4-~saox!0h}$eCMT1vn6iZ_+c(m@4OUTF_&m}<X@(j}
zS$fn|<w?t`2-dE(*9<>JmmO+`pQfMOn&GYVLl09CSBtriJJDje?jm?W(Z_O;CVT2-
z>DCQ$+-rl4izIK5>yPKKf5T1ij;<s6QAflq(%VXYggtyb_2ENAxH*BiyR&T7WlsQS
z90zHd>cTpFrQ43Uc&>};sH^fLW8L|!5xU4Td-WooKxY@j{h`FD*Bp*<e6iN4G7onJ
zL8Xzvi(egy*nr;Doeu13!X)-XZ)8}$)e8!cVt>T<JfBW|1cBX(aV`!b$yB<lv^7KX
zENYa84aQwYP(NzAj4<CMZL4GsQK!yymqJjcw!*@zH(Z*l0-ilm48H1^R4-=}?MwA~
ztYji6MQ-Sbx_}F&KFmi@0+7NPK|gpNfUyd*kd=|Y?pHq5-{UpgZ!nJ1{2^FN-QCi0
zv*KXS_2lca2+!(5;mH?82ne-+CoA5c7E*x#GkPFggFt)5SgzbWB;8<+yIIGL<@jN3
z8tP4L({D`~$4w2x)Pp0&X}AieR#ILdAN3ZOUkT%o@S4hQc1+{xJkvf$s%niiwshR2
zSVdq7*qLIa*)g_cOY&2H(TBmJaTfh8jyrdS{%)%o@7&<$^m#)ca$EqITB&z9Md(O_
zqg~+WQgC!d(;6!=b)CVaRsS2NzSl08x|GQ8zwLq%VCGn|6HhBF#NmAIA{9N_V!T)g
zOPtZNRJm3#{U|B=E)#>#rIsqKk$uGUZ}Nkl?f}uBOCHnY_w1DBU1wu%rr~`YpN-#a
z4M3w-y11ofoofPM=$>xQc_XR<!n+|rx#ajQ#P?m?m6UB*O~8`L_XUfQ<F@emD9tQM
z&O-*4(bd!K)zbW(HfYO`1?%lKBZVv&DP+M&Aqz&P)Ka_@+25j+dexCm{WQ1s6Js9>
z27`Vj-z`OXeJ_3^b8;bba!=yqp5Wx3d1hAzn3KcB*nsTE_6)NPJ|0p5KAuf{+yc5+
zNrg~8_onV3KA!4=-3alq4}9zcA76`)c@9hS{><Cj%*#0Vo|$=)_U&M%?G0xzb438Q
zlOx=dK;u=QaXHP*B7Qd*dQyO7Y-~`DU}!l<3_n`$=O`*L>g1Tq%3-<akX*Dw_B6=S
zEe*sBHr~MYACc=@b2vEb=2j8QHTK`&!j0&NQRu(Wy=soMAyzltE%vYKtzLz?X^ovA
zGxg#7G(P~<a-PQ<MgO6riQsy6U`@`9_(C*aN<TgImn~`gBBN~A*~*o(%B2>V1?r<(
zMQq4Xme6!I5vB1}?N1}4RP!o8uad`wz*tnoW6yszLjW;^r$u2bzdADqTd266q{^+t
zC&hT6M;8cL*pt8>I63=>9p#gfjhH`j#An6%BkkJ|Zqy@eitsgPT$<kx@pAXKbo@Xm
z6+-dPnf+j5Lpfrx>cdjvOqmKi8XZ(-S!Am%Q>W;|DGnjjlZ4y@EaXJ2R+lsnDzYi)
zg4EXj?lywX$Ol0e%m_N(1qmuA{6$-WMfq-gVfks6dObO`E`&msXl9~5$hxW_p06!W
zlW;~nSD4~CL%I;pX-bgQLj8`Dd@=$e6Eocn0S+&Ee>uijwjT9UX>5NUQ0hhReT`Mx
zl|0FOts~%fn|LhW6HgUF`nvujcxr}$r(7g2e$2dg%^7&A;5+aXM!Asil<YYv%{yuR
zS9prEZT^>dO7<L;=DmDwJY~<w&|D!yI|vz?M=~^xrx50^kT<_zIx_+=v;{}G7B$L6
z2V~D00#=(yH6<ysg@Dy2IkM-JKW@**f}K`1&}In^oMmAXGDPK&<3m~67Mu+?q4#=x
z2X5MOgTPJV%y{4?s>eBT(=+&-=d&qO(E#8kEEX_s`q>TV!cFjBJrg&1Q`<3rUBSRf
z_Ix76`WwKhH&2b%=sU938w7sR+u^4_|7-koJR3CK*B&&j5%%;-0fVN08rJoN`hv5A
zrl-?f`HbiLgQmMp&~#fCXe#_3psDbzpsBM7nhqPFNiN#zFS^g7*Rj>jrR?|muklhv
z8@yBujxBAAmt@&AgFcgK3(vx|h1qzi_^f!T^sIQP>Rfn<<Y)=vzMX-W7BRRPz;LO>
zHtolO_)sfW-Gho9Ajno(Q)$hBpiZ1G#b9YDR%mjv@_91(zRVHj0W1x*Vs(VF)OZ;z
zRX?6bIB75AB(LCcAMv<1x5h_2?(I<HBOdqW)%a3s3FD-FElLUFq+E8j+F{1c4q=+a
zT+tv!^F&YtV%~-fP|5*N$~F7&wk)7@eRjN46EB_rqyH0LDr|$7)?a@Pyi}Tvmt>H4
z#s3N~vHn=ac<FOiA<v1IHnzb_TTHyPBQ!!K*+1QF#*tY=m_R}&3QVv~iY@}kpgfQ7
z5uNB4ffo(5^olV@7Mo}Z(|RqJS(tsE&6(v^q|41lOT#&yKpHRA8F(o_LISGhHAYJp
z3bX_TxFP(d9JjyPh74lIvjLNh%lr57(vFfXz)Ms=6D_rGL3ocoi_ubx%n^@@fR^^P
zbZlU`qLd_;WZTot1YXLsvI`IhrS$*%c&QMQIj8?w@KUKMnKPuDjhBkg#7oNswfqX^
zhQ+50Ewl|DQjQ4m$}wi%O^a8YqEjHpr%lMHp=p_l@5d*Vsuj*O9>T+_CDycreZAIr
z$gt>rNZ9^{gbfK;RA|d+q%&+nq!h^NH31R{I28n1DOh!MM#f5&+ZehiBiy3`o_&7h
z8z~AytE};k-)HxGc1cg>6Vooqp~gwE8mssa*bV_L!@cxTR@0v<KAiGzm!3Sp((Pke
z*(xn_Mv3H$jX*C-H@|0H7!kYr+AU^{fnTK9`&I$S;e*72?PlXhm199=o4MX(9A4E^
zE4en0Z`&Z0CT|MXX69=6CPd>GYg3Vmd}~t$$l?RWDoJVH4>R8jVXTEeGUVMyCFjx)
z4bU>_43NzN?>&nl@EEwvFo27X=cuspEzdrpD(Y$)ZNg0qv>Rn5$&o5*Wt^Mm`9ON|
ze}on-EAMdJ7O93EA<=)Gxc~Gwv*e2ueV)ha4r{twl|yi_vnc2JJs(QZU$aHl&4R-`
zA56ZL4Lzvnn~3c<MK?aaT`;zC6a}y*Ks=sY3whI*<jo)$;8M!j1k4fm@bM_(U99Kw
zXhyG1D;-Kfa!oqEz=7oX9C!I<d%$yiT0>SFrx#_~w@cs2BIzBoKKfR{?S1tSuY7Gy
zC%nPd<9s><pEogDwsznJDR}zFha<ugO(0w4`V%?+qLCK;r>!D?0ZI@uEe+@dm_0w0
zrDwg}?|bW6T)mHs;z=%E!=K^Psj}rmiyy(3>sV{rX8OItL2!8n_W**;bhE6eV5N!i
zk2=h$zT`e);3Qt-Ut)!}<5kw4iN#9Kg2hVV+48$w!FLtJbD!seHv5&ZW-kMVwJ<3~
z-59T+`lv%rh-*V)Bm@>4EzYb9st>xnYJa!#4XaoWFr}X-D=!HZkCZHIO(;Kiqf%aJ
zS*6=vLku?chkQ+F=0pzNKQ{GZzV84yPWO|icH;Xyx}E}0gQ86W4y~1*yqL&4;5oP)
zgeFB^<Wp82=j}RKd5b?o0FGwVlZ4^&Cru475F8eWdvoOY6FC7TYUc41;!6?I3)m+~
z^JgN$2o*nX3dd{l+GHamfj87}%5rcOjrF7exIdsQ;M7QJjx>KgugUqWcm=JlsF}s#
zD|sB^Rd!exiR=N-7AZQ5(eHU)-UcSV6J6z1Z*+1e8p9bV+D>yY>;mF;k6-D)n*?5(
zE0Ydhm1c#6w75!TM*uN&4gQKW=9t}J4g$_vN94K|Of6_d@{VlzE>pL@BRx5s0pLf{
zyc_5OCl6A?_;^3=ShHc*rrU+#FuDjKd3m%wYs0UQMj=Rx>MX^!XC&-&)-s2}gqr5#
zlN`?;`|UHtS%lh;`?BY>Sf?jx-Xoy2riMFA7r<>oYi}#bAAmQK=SwM4o|FF0OmLos
z)lX4t&C!=RxaACCE>`Z1$`h-OLXTEuDWO-JP2&ap-7L<D&+s9?I*7zLnAAmrT<kDY
z|3+GJL%U*ip`G+%i$&=31yD(Mp(p09Ti#ZB)*s57+iK|vL~*S#tB$sabN%=%o`Cvb
zG5e-}!UMX4U9Y~9mG#N4M#o6e7rFKWwacy&Zs4P3bvVt5dLS-_2mC0Y00|UvK2bbs
ztiagasS6@49YX)0dPCb|cWm)mK>1RNU1lu#A+Y%K{0@dST4ad!3bCzFtpC9D2dCi&
znendPF^>Js_pG3P!GgLS&EVLyFMUJ-eNeyApeww<Q;<ntfSZ5hy>+vE7W@l%hWNQb
z>>Ko%xc9t6s_xV)uqMc-yBq1m#$uh2go3d^`EhuUP@KmZW2g59jx72RKKk{0XtL;`
zcjbnXU^Ir)uOx!Xm1qRGO}6I6w%|=EijHDkzMxf{Hs#qW&3nqiE4uL~2-Qv_pgTxf
zc7Dx>^Xy1R{XAQz?Lms#BeJKZ<J(FP{S#haxG@{a-UvcpbJ_&k@P{Z$)3eg|j5US~
z5vR85KRay<6o702{BbrW<A5ZO@rOG2{vUVm0^dZHJ&tFRv<(POkcZ%+bhT)!2rUn3
zq^u21U;-0Bd8(*rkuR>ORT5y8M<EGx9A{+}lwHMTcl9gluF9@b9ztmgv;|ilMG*z0
zqQVRjS|0XA+x*WtcP2?oQFr(I`TRbgzaKwzGWX7XopaAUuX~RC5DERs+WWxemQ*J#
zi7;$@Fb*39qVo@>Qw~s+x<qcjzKxIQglHJL{HLpLq{gA3fqyu<WI#f6B)u{UqLDM*
zpKNURzw6tb(ams1O#aY`8y1U>&wZ%|Db?wy_5o(VmMUvukDC2Y6T7Yj8+GWA)eI?*
zlafj_N+lp(h-sC9uakhK=&)Z%``E+X0PSLo9)8(TCKf?+B3C8iAq4Cb1)X21W7X)0
zvp`I-Aj@(>dskoW>8Oe}>Y#F&jiRL?5@AmmQ`VzAYjt5BMXgIC^`gDeK>8V!AKGCI
zT=IN7lOfO{7uPXR)`~wsW(0%?XKgtb$0X?Yv;i-EuCfLggx72_2H_i<PFnFI5reji
za`F<tfL-J<z|5jth<U&wl*u15E&}-kl-XCtj)Cd0^qo>*z4_oG{cSSthuqylpdq@j
z2JO~42DaVi4l<aA1~a@`g0GSdzM;VauQ0aV+|D}d5KIYBO90f0DEIIl3Pz6EDaktj
z@B#4;=<ef$&Og+ldZ*yHkX^8~6ZXn4d&9=mKm78QHmYrg-D{53ewJg^tu)9RaV+zC
zqmp*BHI9n$g(J-Rm~`?XDt~8x;h-jFq8`rNKPKtQAmrw8IdB;Y60gKhoaTcQlaPC`
zrif{$1z31Sq(75NF{=i^JsEfkPugc*OMkD_AJLisf!Gwbc;)_XmakHVC87Kg`dFgO
zL*QGO>1k0?k>MonVI0d-uJa9Jh;R6uU)BNn23w#3=8)HhZz$;aQ*6U}6hV{QXB?)J
z-_vNMIKYs9LlRwFd|88kxH082{^4v}{vo{;|3EGAp@W>xL}Z(zn7#mM4}lH=q?X+T
z6!*g);UMTVkSW^)Mx6JhP;%X=k^R6$05j*iRg_sJufa&TVN47ZUX&A3UGj9hwg~-a
zk<2>-mlAwmLml5yog;Tk$1$E4I#9Tz`pY>9<sYWhNMuP1=5*tiU5BbR5E`$6zjY<1
zdUW;ry_KF#`24#5jL9ee2+z{qB`2Z1ra%kVD-t->6sWesqtFX>d0C>USO<C?<<H!j
zU2vzsF$@EqJaCpP(GmkycLgf)1*lzM9XL<5b=2%po`Hahc$08B<A7_=xQ9%we<UuS
zh5iYh%wamw59%j+seYmxw08v4WfizOS=n*=rE#Jk(`7J0Up(jtd(CqZcgQ88D@q}Y
zxebTH-|5IsMEbDoWsY=Hj9(g?OiC*04qZQmm56oNG4Gg;C_<cuYK8$lVk8)BrT(H+
z-F8#q<fjAINYqqP1F#h4u%PQtrog^B_{?1%N9o)<<!b|tu%Ad%tO&%+(0;PV$iaLo
zKC`1#KN=mE{F^*dv*6eT-SeTB^i!#4U{*Iy3pO+8;K9Dqq-%*pd2%{l?puhdRg>M)
zcf@2K6QzU5SXLze$BZQ(+D;pp?ZJPxW-ko_;Fi7@k^Z=W(G5Mp#UTM5mM5A14YPDB
z&l8e2FeJyoOsGu7=v{TCh~&P77&;#QK8Am*BECt|0gAZZ1ZPXH+Q7-Cz*#FEGvq6W
zh;8#aO8KRGq3!H~bb({*D;>h5&LyW411Ika?9Io6DZ5~>ZQd!HU0VuOi)sL2iMWTi
z7FFRhdbx$y7h$AQ@_-A!NnHC}L)9S4Po`tUkv#I}g6U<tkesPc^hq)qi-sv7J<=Db
z^0LJ*F_COznVpeIa84v5nx!MllnL-PQCO5@Xy3m!#vidpp-M7dz5JfQUT*aStSM1J
zneIzt+Xma6*_!Q6<g|x~b4nmfZY$s!K;uJ$DIVL0I^f~J(FU`ReBIlQMw?DCHU8fE
z<pg-S9ha_%oCg(v_jX)Wc6(<L{=@|@A~pC^m-HnS;>~bOZ*#JdamlI3C0}#H&*qZf
zYm9QqjK$G<)<wtxdS#=rk>&n)WNM!PmMJR;3mX|07Me)OSMVPE{VSuiuhJtC+I;p1
zsQ83bin$B`6&tx;y8~Z01vD$UZB_zJNo0Y)fV1Nc363A0xubv=xR_v?jHdY0T#1?(
z`1-EE?tE0L6m;qV<Tg<|f#D0J676mHOH7S+9Qer1xMFniE&S$YT+A(mqN_LKI&UEq
zeZe3D&e&NyKAkS=V)A3JGOaTlHApZKRlS(L2q^LQqI3+2!Uw(oW1`@{)gTCkL<Okz
zCWF@}8m-~!&f;pYw;n`3VgSB_y2$s0Y;`(QkCqmvoFqzLA`2uPBBmZVOl0Txdbm5h
zj<8co;+IunAVcnwM{#rBw6KBZhI2MwIKBlPv@Kr8QQ+l2Xh1RIv@>wZQ2D=D8{I7N
z+&yd(f33mT&!{IU^)h>a2Lpi_?h!G2fL&xR67y!c;5Z<gK+G7R8wU)7fU_181Ot=*
zZ+J?45$B|KV*-ORoE@nd`T-4#TS4d1d>b>h##si+LzT?t8j{Sq`WjWe09w4j73^qc
z_d*Q&z-Jf=r_kn>cA$G@;2SeEm13oH`T!ha^9C7qIZPv5CiUQhyG?QCf}UpjoYc|>
z*(Y-kE;)@C>I03}^UHEDS^J*AiJJVzDn4{`BK{((8#uv>N;e?mhxnyv_oeGi;ocZG
z53d$T2V9tl=Pp-=J%XcwU$($Px<6~CTPkq|zAkp=H{|;&spw&gVb<V-1s3Aa_~2rE
z$<@bc$5RaLI4(nIm>wY^-i*;%-%oafcLgrdmy&Aa2G;EuhMo4;y_lW0jh{uFomMpb
z$?P%B7a4dQ$N0b&Q?#=gx((wLvte}U_3zp+K1H3^qcQshE-+HT_pCA0K}1E<FwCC$
z*^rfzO<yEifB|@B1-KAr1%N*(`u%07pOWBvC(edhVI~`9%H<{oY>)`st9n~@#70q`
z3Zi6JOdOZQ9Db&ug<!u^9%JPTD@*Ea!fL*7QwzVwlwGg@W`q$VfvM^&?F*c`E3hvg
z-dgj3g9Xu!oA<S-JZiOxDS1Rfy^d4-(m4p)!e5afqm1S7&JldlEstOREIA49<(EB8
zmkAefqB7cyzLuUqLn1Zndj`tqJ^^KB^43wtTJWaQh=K*3^7vqNqW*mb``!ZITcM6M
z_WeNo{&v1_tQ9?dl#vM|3Pkuc^kE{qK)LLH67kcK2~P5uFL0&!`9c^zU)Vr8X&0q`
zKtL+@aneG}xTVq-BK8D#OyEQx+%$oYn^+K65BykmlD471!Onn<!G{iETrTMxFrQ}H
zSe~>J+*X3LM|AA-T?0GGOj<Qe4wYY@?>m95gbFD-K5Z6a$B#F~_<NAueO(n%YJ#ol
zJgB*m6~{{?tyw!CT`SqI9k>*2iRkMp%9~fB*>yb*U}T)KjOofgA|7J_o)r<bQ;(l(
zz4=^Q+8pzeBQ(=KHI9EBtqBXeG_k(p>`h5=cJIt)vU{h%!E`$**%q4g)Zphu5EuAD
zkj5L`QWw5(e~i8@FEgX=z7GL&iwS<PJJQN1&g-ZlSF^xN6q@)_NmU|{F1|1a<c_;K
zRCqux5FO{3xBMdnt{on!B7B(i$CRqg<7n{!3dm#ad=ULSM55UT`Q?4F)2~6khx74Y
zVcpNPoO4MQQ91%&@xfY@jg|YYB9Mcn8euCBKnK!U5A@l&M8yff512ug1x*bVgkOLU
zeFSAN?{U=9iNP=3V@wIY?ljab?QsT90LnB1j`cxWE0wxYq%7l{K)K=byWDVkJI>A9
zA43?Z<2-oUjr_@E41A{)#A8g3Sy!2B!<ipciiYXI@XV;sZ>;h60@SzCd6A@j3}-u`
zv*vAPRhse}>-o^H*bYgcY8LHHsHQCc6-7{lo#f#Tz(lcSe)(G{Gw*W}BNaH+XSCA$
z8js@(e(7$D9(Dz0X?9AxjU$E+VF0<3Q;Bp9Ollw+<m#{wq`Y~bdIF7RpFKwrUxH21
z$mZy~MtL!AddnS6hVLyORLr!(W<D4o?Nx6xd9k9*X6PDG{Tv*J^<;~Xb`ZEGppqE+
zo~StY6*`tV*=1ZL=-MxVZz1p?Sqjxr3&#*?_|T;WeX9kY0`c(-vPEfif+7y(lujOQ
zx2r?t!78WJ#VI+hT2><kx}j6re{G<O-`t7t89HLT{cX*x0)m7O4dM{#lj!Ev785KG
z<M<OPAi+3}NaUx)SB#5Nq@84J8)v4%cUhs?C|tt|EmXLS6<UnKxvbDig%7bpYep?A
z&gNH^VLm%!jhiuQ4vKIW@yy}sn9P98-nUJ0qpP6Xg7dh*$>Qw%7U*OnT~Ig=8`sR%
zGp!M^T9isebQQuxov;HsQ1TXo{rHMP=t_G7Cu^XQDt|U^BMaL`y!IjX=QzhNM=u)f
zOcPr`L|FfzK$T^4Pg*>{StcLtzQmfUho)-$7%+~|9-2zh9&5t%X58i*=m1ebuD=t&
zlOiH$ujrpN!6)_p>G(+k`^2JQ=29oSr1g3OlZh~JGvN_o&Z!>^-Z!V7?WLCd#wP!r
zu#XaHA932WT5N;4kT<ZdTA-^YKGXv_cjzvWb;oJtm!gN!+_}J!b3i44NcevZFU|OJ
z3cNJyFUP=33%<;RmlpkHKh%)o%U<Ynn-O8J0leiX{%XH~v23S>>Vi*%Z%Oz>=-K>(
zK^QLlfKg-b0qT2zU$&n%v@7LlIOekQ_28b$eP-I}jHCU+BYioyixXAHfgN1n6re*S
z-}eoE9&#ZBb4eRi;Yr&sO68PNtOZYr>v1Q#B@4fN4<1n!MM(SE%2oB*&dvZD#oR@}
z7>m*YApcIOR44zg4*NyrZYbX4yGM{dhT`yXASwKEJU6vB5v~=1s+z1S|8+>Mh+jU%
zYu-zGend)mhgIscYW#z+3X#ZDN!qQKaG&o1!gnX^^Lx162di8i%A8V;)hP{PO125L
z?AxZSdjCNDmgwdwi*~j#*6%=^67)-i0MMDObE@8LOIDNr4*ZlRe2OFEjXoYe^rF5Z
zFeV}qfWi!58hNvffMqY?mzB2x&PD>x2s0I~)eE1|3z^PrgoO%U)eGn7h09qXU{496
zlq<zY1^#|atX|j{ov&2k{~u%T72)1vD0MgHon%jqhQ8u&mkdS5pDr01j#n?~)RuG|
zo9JDiMgu0@@rk~;sxh`-i*Ubgr-7VqZtYLfzI-W<xBs}y8Ci>JOSx7qXYE*tt|(n*
zCd8!6f`q8<JSJVf@MF>?d65Xdo-swL0}e(fT82XFC>-pgC{TE%6O??Q9N0lGNQz`j
ziucDX21u9lOCO=55E+}V_@!yc*r1Q7UpHe4K+;E3ircfeNe0Bln?bq)0%$6IKZZ_+
zrPZW_L=P!UW+3h7H+E6Bm{OtRC6P!HzwCQ5dX!5&{M!v_Ctd)oXluL}We9*?>C>5Q
z<-e<bw)_|8`Ow>t|9WuIg`Z9GA6^__^50cINB)abgndRXY)qguM8JN!2$*e&!51)#
zBtWSY03u?*I?{8ZCBI(#p55y)7X4|?Saf5d(3YERl6oN2f@QRmbr4WEJqChj^4c!{
z^KAKn9h$d;xb`;Ec=-L8T*(LTCTG!>IPtRc6~#*$`2MH|TT0A>EwiocTFUB11)C%~
z{+(85pn*e~6kVJ6;2p##I}@C=v(ddNqgdc-P;6V8!7(%?l0u4;$4Sft(a>eh<2Ry_
zLdmDOI+xTVuAyTNj7D|{(lLF5cyo6%bU0NnrtKA#nP#u_s7Z1FV6@#NdugIn8BQbp
zOdc$59lul{HWsxlhxnyDi}MdB3IztL;WrLcisJB_yzBwLGyL1NUyu#_f*@5yr7(MQ
zw2#{jxz6aPswJ+Uw_AR^pBZuee9)v5Kqos^*@6Z3p>f7h>xE--ZZawu(rU!CGLb7r
z7HR}vI5825i$@ep<ShR0*}>GSB_^PG(dpna8SO$$MpK*F-3!rC!v{Vx=|Ti^PZs2H
z@mDa&Bc2>6%jQ+JWB*yx9MQ822_>iR61Xpg1C8i$h&>iJ5kit&GP9YDuV*{L>jTYk
zu7~52eoT0c_f|Tjr8JY3<k3iL8MdePBzYIWPTC)Z-}p-r-QCaE704vU6UAE{cnj`N
z%?3Mnu!-g8_z8bSmws)eJ)cD<-W$<f5m1%r20SqQ7XJ-*#Vv8}isnS-uDDxwKe)1=
zVu|6(NKOd5`QU_jcg1t$fsjq^ialcPimjXw+H+TIXydNf(2l!eD~E$&By}t_>l?nA
zU-}A(;3LT8AkH1Jqv+V-LM2bkWpT6_-4;dNg$e51$9bU0RWJ=*7Oy9l#gF-A-4Yp7
z)5_Dpa9MPr-BVPiq0i#$Y+689A}CXKPCzL-AH~e!Oo&F7Wu^;*KS|9Ph|WhI9Ux2~
z<bY>Q+b1a2JFn!8D8{@IqvtF6Bfikur2zdA&oX*KzRKZQ?f4_+(|NqeOiPxF#M{24
zk&SyD+Q5~iIBuemIPwXcDe7}MQ|duJGFur?<6RCMJN#=r(#1GO19w{wMW^m)z&sRV
z{spC$pY~5oZ*xk|HT)Bg{g{8^EX)6mf8r8zEC0l+$v;tK{)s;3<JRwr{)rdc^-p9b
zB3}nLCh2H48T$~H&~U#dv;Ie|{Q>)hHyH3NIi0kmk-3!pGU`(1+l<HpYw<91ZahNR
z(XMkNxxvfBRG0a`c5dv~#<?-LgFw#=m)h6lta#CIVb{Kh{iZ`@cht8_N9UNMyop2a
z!?mrv8x3=)?%fET(GrPKQ)|E0rdE#A9>RRZ@&1fs|3mMGA$nI=a$4lbX|W$4>|{7C
zTH>4*G4sa1=d`%1nc<eUxH;-S$yK8J<dau$XM8!{o$)c#&o<QF-%K8i`B9g~i>Qv$
zJyW%tn_{jFwMb}cOU-=ndy`4W90U~5Ghe*BpdgjgS)g45XQH!2O#+I-(6y;C*4jE#
zoCoAdB2ywT$UrEP(Fc;NAX5n7sY{xe(ocOglGwf*WY3>;gY@5nsP6*)yI<4|GTA^Y
zCmz<_qgWJ=J#0XZ3jaOq^v)m!da>3_+B@9}Pj#q4$38xU?h}|9wjZ*`TvHo=(Az0m
z6Hx!K<d&xZ!{0;O*}|aKlll1po0C?`{3u(ST&W)qcLzC};Q{q1@r#GiYQR;|;rOF&
zly_iEEPxSWoDL=&0)x}98`|DK|9>X`igEI9|9JVg_NV3Fvi9ZQdeqZ_WNo>!{QG+Q
z^6&Y0`FAsuf0^LLhsvW;uz!fQqRss-UHIA*FaIt!Unc*~EZJjgB?I@zE3X?XnHapO
zz3W_e#}2(XJ7_W!gN^u{Q91aLro^8i2e-Y;)x(g3-?*Y2+yNT?59HtxT)Z57vn~hU
z`J;01lQB6stjod1`c5Um?>Q@)RhIT4sknrec)uWBYHxk<GF)tZDNkrruJ-p2&o}Y}
z=<TyxJ39Qfo7#t8Oo--}En)4GAP(&hYct+;vG$&s^HaERWBgdRYSpngc>4XZ-7Rh9
z@x>g;<L%xkYbB4z-6(s%xs^QLFHRn3hxDRmLmsb>lgHPYba{O9<?{GnOjnl2J282D
zW=Vz3g~le5$!YE0qxlxc#B$oV-rVAtSYFmzEFahuCq=V+YX@{YB5E?|iUUSfXA<z{
zcnKI2o?j*b?-jWU4;;rR0bdQpB_IKJh)Te3x5Tc*#U$XwI0<-33rWEJl9=))DgomK
z#>@O4+m(Qiv?BrE)^cSDxGX9G_oJI3t)<k8#w)vZeGxAc535i7*)s83CKFGH7~<~C
z6_*LTqgo7s_Zj5B{(mIz-gCLUd)NO9dH0R~BYC&CA@6qm59QrX?aRAP*x!cG>j4Ta
zrX4pV-k&Y*_Wzmk?qHI4XaD!|?)~xdE|6oAd3AvoHhdeI_xG)3UQb(@*WKz?9`n01
z<la3O6aVddc~2U0?`J<I_vT$p{6CR<fAb@9?`$Ub4!)w?`~6SLy+4>*%e{l6a_`30
za_`{qhW6#%lGgI>LDLoG-9MX{ygTti;(sge4*pSj_q(WkJDB9%W3k_KgnZIg-ZkXh
zzyG+Ld$5h1JNPm=_wiQo{^R7`d;UXtclghecL(#qZic*j)qf@Le!}G4!P@e+^6uO#
z$h)t_%e%ihm-ut#-P|9QcW;f8cM(UKyc;&f$-5pU$J(yAdu>~B*L<n9xa*O}rBldG
zbe|V7i89KK$OJM;S44_|;_hH|UCn<i?qbxQRKM4dc?Tm!`SZ_}c}2%z{}^_5->Hkc
zE%D+mHX{N{7g9`2(!CWKPrj|BJCH669uBWE<lK)9IhP5yU+R|xzobiohYYV`(Q$-b
z5}e1RTXa9hOM-`gLb?@xOuEg7@yBN<X7K_ro`@GyZIN(GoOvJ<<x0AL3}enDNmr!U
zOz<Yv*V$9D57QN8G0vjA7%lEIL>YuB&MD`Uu@mF7)7@1QaRvG5WOQAhNq<%dX2wcn
zLrJ#&%x*VP<QT^;ekq!;@%Wn_WpcdI=UyZ_$k|z-?Tj<*tUNHA32qesDp~HdNvd$l
z-Ih^v;Z!_t0=qb6VrP?ANqGfIQqak34abzX9=w<H2>fsWz{-4|DXz|@&>5(?jM;ZR
z7<g?WiW7-W2LNQLpdW9^G(QX`lgTgrAIhLd>wvU>x>q`;uLp}GD(6pU$4CY|j>jAp
ziHubatv1Ew|AwQ2VtXBqKP-@m_s9ja@YIv9Ww*zaDX{Sd;*I*HuTVpa-bM#h#g%Ol
zl&mG;+nD?|>}l(~uF{2!%CsHQ;ku`7IPqUoq?D3Q=#?DAuro5}D4X+Hn{fr7rl>mW
zrs|GwsmO2S)6V5w^4jqPvw8zqfz^1i>4@m4=2z`drrmGV2I5LMW~ZcnL|)oKyu$qv
z(bJxB`I*={Vu&L0RG0CZ^gFOWLY4kX3fV*um1d_*!+R@vbh8Pi{8=u!-zKCH^Ieka
zlFoRgW`OH*5%y+P{Cb8eJ&G>`-M?+3K))d?%fEq1LtyCg_$E9BptrLg^zc80w=VPJ
zP89XF?-PN0*xe@CdXx&G@2YV<Pd_&8<mjB}AEC^?o|9B3h9X8z0M}E<g_#gqdZlWV
zIcDLE@{ml;7nH&4v=`}^tj##0QGBC%s|+9b`XGDJ)wru5=#vzrYo#69o@PVL%iSfE
z0DH(KA#GFjBQ>KqT#mo1XtWXi)*(%8e3+&-S`pteU15IhP406_iGY`CP>&Is8DZzO
z(V-#wSTl;X(Ym!z@B~U>;YG<FUsL0oFN<$P^68FN`4zwTb80M~qI2T*1p68j5h|L*
zFMh9+ngqvA4Ap!UU9iij%_!b(hl;B2zKgKxsst=ob41tHN++Z;@_kZ=PfMiBHM{gV
zrVD`<p53{DmC1-WrNbmEZy|wM8ZsQlq82Pl#QVBHloRkbJHiC1nw)C*1VJ8tGrV4M
zSBeGGPGRy2e&ZA?%p~%sRA84&=R60$69vcqxzF$$$Ju6vcKaR^ly1+%n`fp&QAaGA
z0uP<=&De}$APP8FBndzahF3r{YS+ijKz9>1{V7!^<p#fF48zD@PM=bIa{69Qcnm%P
zPW6}Sejo(p36u2}ps~mGN2(o`1bK)TyAoi&;VMz?dl&q|VEoHx>bY_fhQk}5EJ{`G
zjBhbHlV!+lSSJlw`BGp-#@-E!4=cq7-AGKhov;XvYg2)w?tEr{dBPERB$uS^vAi#O
z?i7mh3H0E0tb=EcO~0Ft*LX2MHwK4s@f-bCe&Yj)qZQW>V8p^mMC_{YJS(zgR63=d
z&bnHsGPlJgRXL^4GAiq8`HgO?eES?|H*J?od4xkB1AtJOW7piSg2jhE-_V`<Wq{IW
zjCFJ0A&E(=aXZes_>n+tR8h$aIQfl3XNGG1Wznr+Q{RS9NN$s0+X;c4nU}|hgwIBq
zVOmz47Rm_GIn0Ey_g7z#XzUAN>{8iSWj0OASy$&&7Pm+>PU%yaK^+LYI8io{cm9YI
z38%C5WAo_3f_rdh)oyGSx40}bQtYq>uC#i$;}p!J3Vw*nV4TMtG!JbMCV1sHPB!x!
z#gzVO2T(bgEOl%%55f(tj}eb!5>tA$$$B#%;C$mB5pbB%#SfS=X|*7EF{AKGmSkxi
zCUyx@z~GJ9RwrS-R0n?_0`a$GrZg#E<Qg!ekL2B?&MScJ$Zwoyb4t51Dggjdn5t|=
zYN5YBzk&U^3tY;t;V>!1g|<ou(n=(6MR;KJJizsFSHJ>U{F^X6ka}SWEzn(V?t5Au
z0Q1S{^2ESguItQ{M-RKCip%rgF}O-0%6LzQFp^?aXtHG8vU?p&v?H2whPeyo{R4Ir
zhXa-uu7{cVQg8{Tr6j5^ET^f?P9X#sr(_Klxo@0xKRA_zEts=(VX<4P_DIL11BeJt
zX)oe}y8`FG2IpUjOW;Jkq7|0LnYJ@Lz`zTqV<*kKnDW<L%4gX#T^4_ZOR6EfsDp{u
zzz>fy4UWu>gBV_zG21%7G1rWFzMWDDzwz#lV-(j6Hbt&f7&fVZUw)K4k2m`BMT>u3
zt$QVi2Cl@5A_3oB!G}iERWV9^4YPK`AQW5}QJHPK2#1J;l3wz`Rm2;+D`p1f+kmp7
z<MMWNk9A4jVwHbH&o5HulD)v8%p_&Gd$rLnWnOo$jpppV%R+#0<BBd!gyC=Ul#fh4
z(_xLtSw2$FPCjxv5kIcN!|n4(BYQgY?}9G}TL=tK*x<;7t^tX^@o=B0{kNMb=QJkm
zxp6zD4xUsjD%pT<r(i_uJ&I`OSvs`}p)bq3RE|uNV<(6h?Pbu4B~)|j3DvA7N{Dv~
zCrr5nzx)RJl-=t^)bW&yQmI<;h6NyfO3h9*vE_i{_)o+e&H^rYd{356dnBFb@HgEQ
zH&L(jWTr=&oa({k!=j#i*c&<nQ_p6L`mCAdTpRdJBF3w8Mm~dG=aEOY&a3UFPtpbH
zD18;WmAFLjT0zFlZN-eE;|Qb`=u*BzSPjJ$aLi>3igg9Q@o6*WKJzMBW&B1?;0}4p
zNA+Zo8KpyJln$Bw9%)o^{;vQkK}Pc*11YVJLB$WV|JK8Ormoy(K&C=1*hY}4h=UB~
zSi2H*u8`cUJ<u??REP-w5hn;P#WA>~uVHXmXVu}7#PYYahRY}&E~9j~jMCxq6u@Ol
zJ8&6=aH-&fr%enlfA|{V5;5R1svWqDN*ASX>8lW9Y+z3yzx6AS!O>23HExQIGg0`!
zbZ|4BfrVCB-d?Pj4`Dz#EkyoVz{CwjCwjUs0OzFEh>6`d{>BPeiYO{r7H(2MUyXqY
zyv5;FPCU9qsWw`)RWH(xqgc9)u~A1+(S8qXX1Anie{GBxNuiLkslfy&0x0_geua+s
zcH?J%3j%AhU35?qB0lt2)H7_RGif@h_`N`9@9rcj3(OJGGJMVIRHOh&IM-k|{9@z&
zz-bQS#wp$Ifs%<+%%bCj?^;00Y_GCllv%IsKcsy}o`!(0G9FxjLrT^Pz-gi6ltm3a
zfGFl&%?`7CLNSTsgP&3;<T4^UM&>h%dlP)V5(zWeTTfDcBzFOPU+f`mN3MH4_U}=w
zqxg;E;rz|B;_&#5-F}Be%L&Z6z9$R=FSl3V_IQvPf{g*EYk_Y*zj10JrKzV(_JZ{2
zI)VFGU9g4Hl<CKi`otDQTAlJ{bCf>_^+NOw5Oo_b)SVNguiIvi!(^j^<5ORD+pQAT
z_>J=uiS+|$?|lV?0{40j7ZH=TJKXE}7w|3}EYM1AdwnF*POdo-n#RlDY=q&jaD?p8
zM5`d}tV6$NJB#A|;?4pwJh+NbdurU)(q$NrVQ`PGmj?vJOkA#1q2yz<i1gNzt{*`F
zWc%(zy_xeX+*qd~2R#@n3MzHecU5T@>~bPneIH%N2Y;c@$17cglQf@BrqDxX6QTL~
zrntgK*M*PaznU85Z-u~c+bh6j`x3Rg;hPl~cEqb=P%nOmAm61u@S9DHzY4TiCJ1sL
z|4?Dr^;N5Y+5VNBV^hYP1C8c+zXX9lP~R-&*!(>N`8hl4(>tqsU>ZVs4no#+|Bg_t
zZ`b{CeFPr2aq+*MleVP4y4+NhefxTo&UN=>?6!g&?eORH%yi$<V)rB+GU`8I6oLAd
z1*t;dIlIYcR|JkkB&a&>fHc7dOd~X-D=~IZe!pR;&dFDQaXgX94mox{*aDvv4Y6ZN
zsB(45S4K%sK6sJ(d(K`o428IvUy+T#4rR$jBk|2dcvGHZBYGlF=-G+}wgMe|k}60O
za5PXcxlP%GWE^R9nAsFMg;Lq&Y&2u^lMIivOMUfTUEbLxNIQHYyiWHhlQ_V7HS1N(
z8*FPPbak6(F@<tBtv)R(2xRK1xoj0f<c^N{Oo4nD_^`8Q#*x@kfq2(pWh#7%?MT<3
zc{$aTaYUWGIMJl7qxh}T@Go9QzH#`8m-T8|CX~kfRfr2Gs_C2vQrRSWoPc4_zfTQB
z5&^cIC^Ue-t5#-;=IfwaMZ37br9|IF$F!7A><*+TXB{hk`h7fa)PaR&)SB>xfeHYC
zSD9fod%25n-uQ0R?{24~gLd%Oq_vB<GtQ{5&P5*6$*<fMXzuKP-HmeFW)oBT*o(M7
z{hm+?w%(I-S*|(Evsh%?^E#5OZCI{OWF;Yr@D<nzpj6{?)vt&jw?2$+hcWCW?AM;^
zq7Ct5rhEtO4qR}Y*X=3N=Q!}M{P6>S4F?_?6=9j^o}XeM10TGNlwJW?QXswM&aHGa
zGe~M>TK0@1;j0Ze@8F#JKralV1vV3FkU|U07k=;=j&MntsS9BDSs$i<#$>L;5y_6j
zPbZ9oy&C5KC*~hKOYwPGKica?z9L#Rtul_@V81(AzcgLFD^c!u*ywI?e0OKnJnF6~
z+TBOt7o+l%-rsjde;(yY4l&v{nO4Qun*j+3_vsj%U~ROnD=nssGn#Sb!7j>~+FQ-h
zAIX$30sX<56zP<jfEeW-hx5ippug0KU!H`9>rkyA{ouP}Q}*AVqaKsCPls(5*)Pb0
zX(@3uH~1($`@l_k@3*aFWtEof#AYv-&$o|9Fz8w^)H~BoRyQm&v806g=!`YWOtzOm
zQ{ol|@!JWMgO9E4vWCpED~Nfk<%7*;rdI+a%SsUx-S8}(P+bP^4p>x<-c<9`BbdKB
zJraqtFf556IDI|T?(21=(=F1$m&u&_q2Asp)rz(n9V;<vDMq)x7H2yhVJ-DLhWSKs
z2Ik0qH1IGzBHP^_N0YCI(N}`Hc`CBf3@?Gs-1_M)zz{d10Atj6bt*Cyx7(p4kl^`8
zs)=i7p|eudr?8%GXVD}*o^&x6DCN+Mcrnn}S&(M$O!l8H8b+*Nwfe*}l-QLI1<j~|
z`_{RwGcp-nqWC9D3yvl`r8BT4oyrrDMe_p9iN0zf_gLI2i${~C)9MMUt{4m+WlPqD
zYqQLv>^qw5S<*tY`df_F)nTs6BTtij{37z4ufC_RzUyeRe<|TTP=o^9{kSci$^)E#
zp*y1%&bjs%V&)VxDb60GzcmyN-|(*zG27}1%3O`7;IRL-pmuJ7(GVXTkKv23F}08V
zVgwlSyW;QXAx*(84$E-Cle<fh7wk+nAjJ#AvUcH|0A}C71`S;5?B7f7DslD(SWm3X
zhtlBv3T-WMy|9*>aYS2cu31Bz*S9n*K7{u_G*k2CIGUg?K@w2TppE}&r^s+s4Fpvi
z*vwi@-j3D<b#g-_n$LR+bZ8JuTWfkA$f6yEI7Bc6jFzknlXc9FV)X2z$uV?pjz{Oy
zlgzXMun4L78o=qv2X29CE%7+LgQ^Y5I)FIse-Ch4OV>~9)qgkAn)1OSIwW=!4JU9N
zSGPW;XC{YzH;>9nF}ZG_(Z&al)4AH%(f2>_ZxSEElsQGW5s5giPI!tPd3YCo3z|iW
z1ii$emsG;b%g_n2sOKbHXqIZW+|&b?u9z;=7A5OV)IQ0YK=T!)Q!X;;B}es=tD`03
z^^#I5@he*}<E2Mg$myGM!KcaUp(ok4q=;^1h_zEWtsWzlU8R2=q_2IcTaW`Ux=Vli
zB<qbbb#Gybv8Y1$j~SKW*I1aSm9RKh@gWSdw&g1PxSRfQ25a(Z_I8l|_7{4SC!lw_
z5v+~Z11Kbu?I3Iq)OY5CJ776b2N5W>p=I`>;JDR)QhOJjv5X~sR9{k9Jd8R(x0f}G
z5!Q+&@Ikl*A7D=%`QRS*)X6`n=ze`X@)K-4_uzOaIVh&Xp>shiG`iDXXrK?T_V+28
zrGI#j{vqBbqbX|3S?gW+Py#OPJiTI?Ua<!D&=$PrtUcHg^?x+-jeDdPI5zd15K$|x
z+$$;$u0e?^f0&8IMPkesG=6b5!-uEiI4||M{&E_}kbEd^fZ-7mq{{i_>71TtbxSf)
zhcc|w^$!-t<6eU%(?G<`2T^Y~w|oAu{(KN)V2;RNFsyk1AN+#Icw^B3eG5ItvIg^^
zwH%#Wm>`S~eMhxUx?uka9Zif9W^qgd8>fEVZi6AHJr?V<p5#Vf0-VzRCp@{w_`;7E
zTUAbcPW7V8tBu^wV+)_QQ*@gL_yESGT94&Jt?<$nIGYfL?8twPgQvl0D7lI91n(fP
zNStH~6rhlZ&k=a$nQ6H7e#I|ggyGj{zfQ)bU_x(T8~)MZ1d=)aLTkcq0Ak(w_b|0P
z2+Vbrf->R;Ay8F=O6DbBGckRiAT<b%fAPUJM48)&>fd?rEP8%&tC>y`6zT#O`nZiP
zbcg~Wm4^^>kpFQO;W3~+Oc*qP4-LRW01=)o!cFvK9>8!}>k?__V@kWix}<EoQ9Xd5
z>j65MP~sda1WwhcrzDF>RJ_Haf{GFET0xn#LQwqqcs_nS4Sg*lP9(+~n6h{UtfPoZ
z8oux~Vr`Xf$BHq#wCv6o<W)EjVC0fb#43GFHX?x(cb|(=tthRUj-XhwgONz|A|Y+-
zG<0}aGnF=vHAOu*S!dYFMVY=3Wh!JLZ=Ctxa(w7I3Y@YS71t4t_!m!Lv0YDwE(8{?
zhsRln!@1qoWYeOIvJ+rs-~Mcjx{L6wJ0K{|WYobBa9itO+S65j>JPW0RS}eFxSHS8
zAbwr<H#AK7*T>`0kM@JQo++2>dR(aMB*>~0NcT?9f{b|{aiXDx#1ie~ytx<0DAqbE
zL9eYxk@tdy@qZrvs67>sG9zWEC-7|z9&b;)gM;n-ho`%v6B}ug`J(X=x!do8l?CG?
z{xg`*<np&5bl}%V@>mp+-;*28L$JQXOukWqyl@4oM>4le@3qEMbZ{PQ`9J*+QaP;S
zPb$yBByc8qLOOIAXl&+}ufzkSl#?c;YtkjwRJh6`-$i6g?OsCKfk@aY1gg3G#gPI2
zS|P0-Xra30O=ONO;TK$ZJ0hZ@W?VZ*9Mi&Lb(+^~(hfH>yd|WSzK+9FKuAPYrt>5W
z{5*=UQQRba%$aE5BOgMybRa2TH=+&?SABf4N1Bo>!s>g`!EgyHFTrpRPo{JJ5rIWL
z&A!`(To{G58Mlhy$g}%8lb$BKC;sr)>RG&n@@x`;0BJM|YQxT*3p?7_YX#{uR36#r
z$Xu3)@QzrVQnMgkkb7*p)}D~;yGCl*l$_KddC9r%T`b8kFn5V#KOe%>11|YFt2g&M
zx70Fr*x>Jqd#*9@OEL7*XvMn0Mp(X!U-l1rk@Z71Lck)hQzQ5yleGkCs!fn)*<rk?
z`nYMw1Fz5i3}*X(ex~nkd5+B~)rgK=&)kdpa%FM^ME#PC-Qg}PWS`uL<@=;^hY)BO
zIXA%_-0i=5w4C*wsp}e3AnU~h-<=-ruqe4IvIWNh{~i!}ZE><>MsfHI(yFJ%T+XP4
z4+c(J{9lid2U{dxMRs^QYMo;GxJgI`;%uqXB_nT3`6vbl`7UWgCWb3DnQSI?mE&SW
z%vFILdQl|#C)Q9_Wn=sk-NoU)Va&y0AL4fiNmgG|jmb3Jl#N0Wn$h(k>Sqo4J-DSR
zvg;BbGs7iksxLploF0g0$NYy*YM$vl#HiN+%AM(e%-E8=Et8?NdZ?NBecye$X%4{9
z6E%Q_2Cwy*PFa#d_^o>TXp|u78NT;l-Fh`WxlMYv;jPZV_nf~_p92bQFTsGrZy6s1
zGH>QX`Q*5zFx@hol?sZ1>SniLRW#0AdhdaAHMDzCHr^_e_PX%cRmi(b|LnQ+ixFY9
z$ST7(scek=Z!tcYkXGX1@cYHZ`Uv1KnBkH#-5C*WFXd#ao(W?|Z;?TaDtn|8F~WRz
zM95V#$?#gZ8Fg1qzOY<ST;>!;t;>Zar;u8E(i)LOfB=8}<<uJbf?l<UTH=n|`8v(b
zLihK-veR-#3LmAt<z|y-$u2qymH7!CWeO)sXUk0kCfqxrEZh2!DlWC4B%4vp(67hP
zi>N4r!?<85368B$?|3Fdy@_}`C--{|uVu!g4T#KINpq|Fb`vOO0bo57?BtxD@Nj3K
zp7UKFs5kp;=)2rgAe+Yh8V?VK{!*S}N1t-_wfhrI@KyMLk@pbZof>7PciU#JnAB=_
zG3Ao94UN~^Zy+kSfdWj(H>l@R6M=&ma%52|k{AE=VUfkJZ@~j~+ruQAbn(h}AjW5S
z<wZ7+<G8;{%zgJLH4v&IC})n5U1#lW5FF@iQGcELeePirt$ZD8v$^ej=oRwK8$Nh(
zD(=ozbjT(o!7s+Lp&@|}jxw`v|G1VgS1R%K5|qKPqrP0h7nw_TUyClHfPRki{_4<f
zslr)A>JHvr1LMLbGAdp2e48xTozk9wX7+I9qEzFlJ1?S(!M6Q0a@Zn=GAf0-bE5JH
zH%{q2W319|4K1}|ojY3TcC)BtEe~I(ufLb8_BbkmT;IqqD`s-AQ=Vr<9oX-YCy<jw
zM~(jr!LmUmsrtAet*W7ZR-qiJ&Yq473anK<tsa&6-*L*LY)IoL)5hJVQULVMRsacL
znu&~9-I55QfUsUoexAh~#*Yk?+EK-HPROnBD4q7mPg`Y=&81i~+>Q!<c@j3qMiPj0
z7NpT|at!qE+&&+X_8q6L><QJ=VpC=u22KI!p!_;gB!z~FwVWX6?;tH-!ukcNI#m>;
z&VN~entQYtDj_z~JX^T)3Z{=O=RAQjJ1RM<J@VXokK6+ngc?=fq3~z14qRW@(Leca
zTX{AHu{9YwLdoug!TaBfVw@8;$2J<Klr&m)X?86{hSZZt4TDn?fm}um->|s*A&(x;
zD8AgEMNF%N*7j3thqMkYGy$$Cn}~g#`q@hs6WtlD^GLhAX{0ghGG6CMcKZGb@*U89
zJOdy9qZz$kugb~K$^wioqy|oT(!Nr^UPC5(XhuDRk4iQN+{;i9a6F33bVFOV6d0k#
ze~0}QQ+Q$t0jWbZBw3^7f1k0;fl}<f5iOT60Dmc29T`R%_WbD!Em2To@Uv6u8#%ze
zJ<x>Q6w$x!>Ag@}oUrt{RMYtW>rHCnKt>PC`GP;ATwi?qdXqs74-85)kuMy^N)Y9~
z2cAte>4$B7?65_B|1Fc_&f1Z9!z9~|mT0Fu(guH5z~2-!7z;|LVkh2bQ>+D)yII^1
zKYKbYBfHU0Z>h(zlV6GfbYrj=r6C)kXP4A>>$B+2N83Pqmja>gQ@4&VqjWmvlCIyE
z8aJK3=M7Uyqdm}===)`$vD3WX{6;vPDwm*?YV!3E<Zg$CJ)1cPPBK?xw!s$)a_|r$
zQY-VO%M^7LM?X~AB<HVdU1!B4%qFW-Xv!c=x(wnbv!!h!fnrrAZOjIk&tJ2v&<o%s
z@qlOe;4!vY$;vPsS$#gJ!K)?o<@P>EQ^}HvMCAxEMAW20`)2d?OyZ`mrEQpYHB@{-
zc#98RfP(GlwyM4`+-$Jj!S68c9DM`lvAhB6Lv4?oB*+55=6B@xE=`#QKd0hPimy5)
z4_ItLNMOH4&BqNWO7(F&&?RpZ(B-1;b61GQ%?GbGn+$tl8+NkI$pUgWjvkj%UWMOo
z!bJ#G`aXB&FEr)w!Gm<ZY@<qiXb4@VqsbRxMSV8g^r`5^kkEL&NqC&DKdOIuBHki`
z$JQ2|4qwIMytdNwi_+hB<snHwMOsDlV_ABiu2an5*oy<dN119o221aQT8?&f8}04?
zf5q+p*2)APw=(JzUj2>5R2~xap##N=Asi`kvG)u2ZesLy2T=ZWT6MfHE2f2`yh^y+
z%oS)CV|f=m7)%yKU1y*r(RUvBvt?vsbR6~{fggpWcapwDpCsMN_VB%=VBH3E729`7
z=SX3Bu!@$%le@PA4Uxq^-uekHm-@iH`XZq&y$t=bXK@;a+PcjAB`O>63ud1K&M)Ig
z*opT$0+B>tKiCoo($VtPdfb$T*1Mznz-nCcX%;jfz`U*_-Ca3ZDq(&$wmn?@U+U)|
zYdxLLnQh~VN}h8`jV_6%qRtJ|nU&4XEEn*^*qdZ+@TFiLJJy~5cj4c=q<t=l>Z#A1
z!^51OodJz=Dozf$=bfCfE1}zpIp2D6O9c7DU5KKAMd=a$w(tSOukw(wqcsbL5Y1o6
zVGMdQGqm0jiZY#Xra0`VndQ?LEbLC7!e*t=tYS6~^@2hMkKoNrc3w$QSwA8gP~eEs
z0E)L}?5ALVQc&h&Ew9w#&Nvf(GRmJSnFN8s8cxI4!-dXjglOul8e$m9+`txOwEW?j
zJo?*B6PSU@BlYmz<B^u->l65RGGGQpd2R0G8|^UwrsylDJ)@9K=wz%#4L@z&qW?Yo
z+*3}i5{v-MG#T}SEVC(QgSzFCZi9;K*M4#7$0#O{4Q=P8n3|mr7PUmb)lU}ZX0+;Q
z3AFH=R6^J@dj4ty^y-{6V-@uAVkirS#?n?52dtJ)Vs>jb`{vI65*iR)b1=xUHZ&6N
zUuK*v&APLT4Um(a6FCG)+*wb*Z~BOiV&0_!2$P7f+`%b15hQ0n2&+Bv)?KalQTJ82
zk7g%uXkt4Et3!zL(9oD<iFYzZHrdPeu2;G!N@3c$;S9D8UTJFzbs>L{&!(h)F>zA_
zCMm*%eK|Daoi<=6ZGq+_A29Y^<<aRLsar~*p?O|npoEh~rwdCyiURgM_|&7{=%yFj
zJhFS1M;bW`{^r5oJoq~w{?3mYNQ9`(siuvBBR)RJP8;x#@i$v{+UU@Udj}1G?8Wp&
z6ZHl6pn>1_&}D03m;yV;{1*&+phq5jlr~Qi$UcM4L~u3yUtMM*yZ-@T)tu9`bFfY6
z%0q0lGgk=ZB_ywhkOk?&2WQ4ZUEtm2Gk|5^Ofw7Z_VG}?xbHoHWO+TIAcOgUL%~&0
z!1x%b&BfKuCSz1ya;w@{z~Uq3*{GnM_U%_HNWD@)=9LPvuT&shsbKt-3Z`DEU^*5E
za^5U>wVo{m{>+1)>!Lq}`M|EMWj|q~HPRZF7nAtHyGxm0SVFH4Zh^ODOpP)h7^fFa
zBtUkag$43_;GJGIk;L2mL3(4bPcwuizoI6k1TPf$EEjeFe9QFVTn$6f`{tlieN^_g
z{&wZX>*-z=v84P)>-<2Kjo(;o$U&Ev&+KcmVudI_cG>slpZebRW8Xu$`6tTrf1*75
z$H!;=sqrQMMEl%Nl-pzF%Bw`ha?6)AVnmjCy@c{oT>!X-{=a9c99)Xfyg>eUKV4sF
zRbTIahG4Pw#rf=LbDu1VfLAVG_Y>tYdBrZsqqAW^G~*>Dh^By29a(_@1#9&Jvrzya
zji0LbAuK7?3+y{)#-B&PTIwqFW_Bc@#RNAUT}4=LoERVuF*29mpQy6jw_HhOw<i9V
zj)-r<U03i0f1p$27v!n=TYOgL^h7U)j^l{^{EFnH?&PpE$41HHYSpu2Nu4zmeirS&
z4!ECV^a9=g={FzhPGJlp_`{c=zA_kv=Q*}O!WgBs_YWHz9s)r0Te(-U`BLxS5f4+X
z9#_bU(hJ=Q)Pd<SuIea_8+F8AVzwVPrUOq{O!S28dKL}Pe=khmE6uZcbnUqBVUI%B
z#H!WnsK#%4g~zgdl57>M^mb7vk95={_fEn4;NN<rK3*v+h0+A#qG<g{&0DSh@p<F?
z_GQCzPkkZP6#lJOx<!<Ri}0*9GexdC@A=p{PpSs_IU8wt*~qn{OrfSeG{|hyFyJgI
zKFgWE8)+il8Q%iX2?1CJT!Q@SD?nb5um40wjo=agHCliOnQ8ta26NwBW2V=6X@ySG
zieqR+QO>oa_dic6p=z~3B%r6@^9IRqaq)FSM_cv7fe7JTdm!O4xjhKuAzQ_uOZ$*|
zd0&TX(hG5Ly{~_4aemthu4?3Q3u%DLN7@L&17f3iN|bL`pHGFUkF;ZAJHey)X<9in
z>fc-!zC-t)Vzcch8gM=4ksmPWaJ>P88fj#OfXQojL@-29e^DBuK+{?>Q_It3Hi{D#
z#qYulGpV`WgTI<7-d~EjoRk$N8uGZ*La#C++CSjs3VkF0K$aWW%d!P^*AD)-ubI$p
zZT3yZM6aQDO-wb7tFW7_{`Fk1;=28TVl!TpnYM#{=r1=ay@_4`yOEz>S%SMukScVK
z;h3Hq>n$MX^js?lxge_YzK7u7tNoABr@k`gLw#1A9Bpk?Nq9ZN4=|;-oMROv4eGst
zU3V7bF}Co_QU74z^LAsG&@=f;>+~^HOl%Ij2ONGw@4*@P-lEo!XxG$Hkjmz59}!9U
zPJq?T*p1i4SC$Yk*pHV>w6y4tS4y<r(I2mtXngd?OC@v_O_VettwgIsK|tx0N`A1S
zq@t?2R*(*8U$y#OLi^CezyE_EozqHNjK)@#Xy`q#f)QN|kcFnpMad@L1A;O)QwS`C
z#}R_EFjGC?p^bElAP*Acg(kIx{l1o&92VNu_3TBW?6%#OV`Hpx^n8^UW`?)M-)Eki
z8U9n8y-$c!crk4kOWw8(eGKHq0MrfS;3Q32At}s6Oh!C7BYu0F%mY*HMC+FlC;QxV
zlbn+(xmUvpLJr&uS0Lr_7a&4M04pSSfqKh05VXcj#p|)<E;(mb-8tpy7ME1-l=kZP
zDP59E_ga)^IYFK<-7Q^mr?oiKKGtM|Z<2G;<>z{$ja%tf6N)%xv(L;|WYi9G7d$gA
z1SHVH2Qf^XQ+~$E@5LKIYi83t$TTQ$WiI`)B#cmfQrHAo%PKJ2A!-q*922Kx2W$Bd
z#*NQWti5xT!C7v{MSet?Q`+g0s@zz$-%_8&$$x@Q-3y(8Gn~uu#A<%|6!L3PZ*#BC
zs1;;yKHX}u<OqVpHurC>2NWGmo=tl!66aqD!`G0h4-B8R9Pe%LHIdGJX5vlrV_iX9
z>lEqSg?{bpN_6-#jhv1LE_vZ<w{+I)XyF4GzF!^#(yRs6HWOo@v~XzI?sQ(h+sf~e
zDg|yoa|ZwztdO}-C12rEW^sIQ1KB}B<8@PG@G%1MbUQHt)8NOZ<aZdI?jR^6`yrq3
z+<f!`2-Z;M=bXGTO1H&=^gzC#xb_2-OT%^;H`EZ62`V2<AX~<ra7K6n)tn$5R1b_K
z^gagP6bSMI`O&i=)(32t0ywa)p>N#<LSViPIwUg-s;+UUqgaw_%wCC;m8~`OdMWua
z3pNpBDtT9E2X*|C-K*UhIRAV&4dU+ajsxf;%6JZ(&5?aS066^x>Hr$y{QI%NZ;;7Q
z7IBzjEr9V7<vF<0qWpL|ItjQ7d|TVLf#^x?oO09IvI(KIY#<sfrHiO;LV4U##|Qeb
zSK7Qt)c+1GW@+_0VvPrp$CwENAjW+d!|Z`mY44_@-^XPrk`2)Bc3vKBrBJT`b2Gv_
z{1M2jQn_mDPEbdJpmlCy`2b;K=WFj#I3Q~Z#jQv<keg~!n{K7B08i&eFZEB>9|ObR
z4jKsjU@oHUur3UN$J4LdyO<2&Ov@w(6+n@4H&P>$X2XR{h&+-C9rslqNhQ@-Co{XW
z8(P*JjeVjk_C<Lu@~ztJ<~UVl9KOgo^V!w80zSAef&2;)HAU%N+J($p(Tm<AC5QuK
z6zgI^nOFkodNACD>6gPjiRWNjVi@7;8BR@c5wcbxvWhZmO{Ugj3aNWZOQ;V;8`G>O
zO9>2L7Qh9v*YN)slJy9#NhUCr;m+{$cKVrSC;VO^$la}vpz#J5sX&zct6`99L6mKI
zI2ASDK(yWK!;j!NDQ4B1NJs+Z9IRbG_|Ey*=QTW;!NlD2<bpP21AM63Z`EB|Qt`-A
zCd0vy(1b0*{(x5DT<xwrOqbl(gLM27_0^a(_jOcrTQD{6b2d?N+3V4DPEhbh;(0;w
zuT|@_A`!eN2_pd(8n}=Ifc7Qkf&}BkvGXC!)UzFj1t@b9G>wny8!7sT{z?eZ{mF-8
z7S4o+X)N|FDvybm@bk6E#63SL-Y|fPE@9dmrl*?96F!=*$9pKFh>P*i!JBkMI`q5q
z7IG_vv+7c6Of0Cfm{|JBoIKUCIOddHVbST1OlPI2;PrAkKr?o4LGzVIaV4pkq`N%Z
z#*C-XGKTGA6v@-5(^HI1RP_FJ>^@pa=L9zS8!2hwcpIv3YD<sv!RxHBil;l|H*$C=
zndV&^zR{ph`3=dw?g6bsegikRGn(P~LeXvu?)IM)lo9_IW(_oJGE1fhjhWtjb@N+h
zU_a3-8;&^O%EMhLj%zWO-#CC@S;`l}dGa}5Xb)EUHHyq}5(?AWnpY12w)}kas)sM?
zmV!|bc~9V*nqVa#>_taW!ndC80HVVfT37Byw>>aDS;6>-z!&wv5eR_@$1f}4$d4SD
zG^rxoLmzK;e#-zl?)k!6fjiF^ro+MS{|=)+;<^?8l8w1cSaOn$xemDR_QrfMZp?Z5
zm<O9+1Rd}W0<7Q3njoCIPZH@Ep5Z}9!y38Mi<D{$_Gy6t9Agm=P&<v8kojdOK9w;X
z+sur#$6+;W>ezJVY<Pgv5zug!3*^k_wC8D$C1?-eeZ5KRiB`x!E7D4Zz-gcnz&%c|
zkCv?GsWffBU`cov>tZryigpc~>~(y>?SZZTXLt$>|7MXv!~gIAlB5k+F&h2?{d)T<
zI^ykkylQVDej5aQ6#l?Kk%0KK7NNC$K8K9q*5s(j#S5|@h*=}z{-Y0~WY)K38i+}h
zUMy5uW*XqXp)8vlfFYrY>jse(Uit>&vT6OvbOjHe(s7rQhjbe+e%(x=(++DEvJuo!
zbSGi^#Cx1$Cy1VjdV?S%%&(`!Q!z6AR6~?Zt9_4MfYvJ_+8eb|YJGTNlv@9G8qU6=
zqfV_C)6dNvquhwy<jaHeZ(;QOqY4{4>gON*`m0eL!#dtmN7n~@H@3s<pd-Mlo5)OV
zr<BbEccLp=9g7HShdBeoXL&BW2)!58o73pJcmeYmvGbuqoLjlmP9HrI$8WavPa@Yp
zWL$`xfiS?%$5p6KmK4TQ5I^XWlxalbUrNHmrlAv$QF`zxk+Fs!G1l;i?`ozeKgcBc
zgF0s+$O<)W+**f`@~(s@-na$u(F+@pRYKl`jtZ$9WDND{w-b?60`{m~7sOj{Pqrm<
zdqMmPUjzKi6$u?5x*o6hF}v+avfCcNAMX?#fzFdz=WBf(x0?p6H>tZm1AI^xuGq4+
zY`LjuJidDAS2&hXcHB|#OQPDyZ_s;ubq%^5bYAsrs>vbr<byM<rkMZZ^>g9%3>o{B
z$hDsj_OK#ZdkZHY?v8PS3U0K<^lSANrh!0|cxM>XuL17c@-qkM&hC8BMat}Q=T@^F
zuTLU<P)|OKJ1~!%xnhjs8hiti!LL1aKeTu29($!YPCwJ{MW0LDGI}I*7r_72vt9Lz
z$g(NsN)X7r(Qike>H{iXj!o8P#V=tucJ=JdFD^s~Vbnjslm4l^0T*e8lrFC#k+jm6
zECjY8Hgf0}5@I%w*5+7Q50TT_<5SMXNGln@3eoKc)qkgPBXs~e#LUH?xr|5I1jn<B
zFI<ZTcJ+EM+4DV1c9P2?k`0UskE}-!BMi#h@EdjJn~Cr)hnR?ol*6_<DxcHFQYZd~
zZs=iHI4OjTtU3bTU<{j^qS*YO9+nuKpMb$!=Y_yq_@@TCCQo|Ku_?kX!^o@1i4^8N
z6C>Gdppkt^Zc>qQQ~xKPGO2%`Z#J<l_Fvu)h`N31b~(N<DeF!?Xob}Y7K_peKJ*s)
z?Uh+ma-3zZ6wc(#UjYB|!4r5L5pN1n7D<@ah5zM)ESf8mS><ia!S)M;+yc6?i}&Mv
zuS13Tj6KU|rZI}|pf;S<xv$lnNsp^m!UvzDtl!&k+d`-RBFS<C{*t>No{I-+qBI`%
z9Y$73g!2=Q8X*-QrSa*PVJB0V0NQsoo8pYx-Eb#MMD}#kA;a)Zhb~0Pp;V#WiQ!lo
z9^LTgL=;tse-+AUgOh@HIy$!IFXl{M-rcON!$aUme0erCp{s2|sib_*OO1_WDJGVW
zAHonE0(l12wDM($ae`VU#!XofEcSI}0YQOn84+P%^lNhGOYU1tWoA=ox34!L7m_G`
zsD8Wl>XvA{HNMcAl9dCp4SIp~jK0VA=mKXnkHSKBlj9)y6uy;7y3<-9jkrwVUa|YA
zWt=Cs%p)(@h4p=dqR_@Dw$fMXRc8#Y`}da^MgEsJ7xq)hIC=JG$;{JGrslO-Bqijf
zVtNNyPdPi;VDRNxc8|Ob&qh@~4YJZON|}m&<NS!jUhZNz*%%Mz$_R66-#ZvR5m74;
zB;MtS{~M3gqRm5@UVg%^H;tNjh7u_M8lBu6>m-U8z<+-t@*}DQ?&EN`j9O3NdrmDH
z!nzS0$LDkd(bx~NN`v-1b0IlTabPu#Fk9ZnS|Mk2^^gzU54R<=bC|Y|GL>`6*8&)<
z%F;+nOG{nlFZcJ&hyQ%4R4U3FQe&T&oVNcpAE3m$N<GRHv&g#|O~szTaf^5xH91CE
zF!WA=JFf2QVK94oFMM!6B?(|$g)%==kiJwOLq9A=d<1C+8UHbu({ZAWrRwO37SmXz
z(;%pVjWZYVed?fz=n-1NxC6a;yvgU4M9fV-8{?b1QfzX<b#qXwFQ%kAS)^ao@VHXa
zqgsOQ#+EdWZu%8F=t%&icj}9S@W|i6_K^-3XyNMCpCZrGK^%4yAN=MLg>W!F-`~q@
ze5O@UQH|zpV4L1e%;)eS_oU*{OFU?o2<*uvJMme&=6fpc5m$V^C06|5St_o(J63#C
zT=AxADn1-n{9#=2ofoNib6oLv&9UOtAE@{bam91vzRvt1-rr>s(+C=uL@C{XN4ltA
zEGf`AJ+>g|LBSSII_}(ti>eNPhH-W1r@Gs?M2GQLDO|e|9zif7?;u6jV<&81i%i*?
zK6(_Za-WSFcSb%VWh6$$cFOZ?q1r_Y=#rc$)dO#KnV-BzUQBf4JJ^^RN5a>8WY_Uz
z;^_VT(EHAldlYERajNqRd7Le@d+|{npVj?9cEWp&d-iSJEDgH})kRV0Pf%T>T|s{S
zr_|}!>t|QF?@>Ic(x1k~5c&|Ci%dbQP-3t-YW|&2VtCsTZxbM+TRR>%&(8MlJmNq;
zzbSU-@vNz}1CaqR^`$(W0oN~<(XBG+tJrli0Gdnsn&5JUJ7v|^6SOeMO-E{3eRtml
z+CNvz6KtW%MY$~8PcLWSTh0#>>|t#*NqY;6)d0|z@EJjVjzIAhoDJyycKvAC71rUk
z2hRp??%C1uf-qIuOy2!5cp-9y_Zrj)rbO3RUI5bhZ8ToOq#1(Tt*@PMt?f0bOynPi
zb$5<K8JY;BZ*UQFN(~Hu=c%Z)*mE4pd&7I^(qaet*}n&Qm{{S5+`Vxu{5!^`jNn4M
zrG)R{mv3ySQtEyJp8NxZ@`NwO8cNlBo-%~WlCjuMLJuZXen7wKx|`bGZZhz0Sa}Z9
zMd`7c=yd%A1IpB96sy}T7b6D9|4Ckjt!~zY66j`4h-uvQi^KH;NNE<L_{z)bIFsq}
zyIktWw-~<VzzaXe#b2Uw%1Oh&y2iSSUsXDMmGzphoYJR!=+@3AQ+X%_d3xN{m={G|
zZZ}7RmylzClmh}prkgLkC{tB;sMam{dwR;<L@=C^8<32~<&oTWr##Av#-icaCcpd~
z###*3I^`)gcIBMk<CMpBb4rs^;aw+wH=0C5uF)e+N{1JAr{tZgzX~*%;cX_rYy*nA
z@|2#Ef+97RYUq+YbA_|qolX2pxm(cxjyKU3`s;J}BTs)hUl)3PS9z3e`NTNj0YX?L
zDxvh4E)fxP<hN1PA-ZuZtB^DBC>uyx2TE~rAc!6bABw4_fXeBY+(N}t!k<M97rYg)
zSv$#8pgkkZg<vpms5yO3IB3H?4f!Ordr`WF+v`aHXF!<0`-Bf}zY6#9X^O9RN^NX_
zy_s7f1R5g#!!cpb>N^?(shltXy42=IqWqq|s<^_ifNZ_uSC%bwW=18fEx+6gBcF-G
znlv2%I*Skfop`58KKMANLv2(F9~_Aq(h8U%3F<6tCzSMtMw9sp07nQ>U8<DnFVIft
zMNq7}=*m@zYGs0N8*M>1()0gJ#VBi8MD?f#=rYC6AWvc&LC(2l&h;-LFhnI~7e%0W
zQ1>?-VU-8M5cf*OB3F;sm0rSaeU{75N{9U$!c{Cx&(3cd&j%5@@Z>2%!1!(X^Es1;
zcb)f0gF6U;5*x;v5FKCh!F$=#`2RwUL$l$xWBxvXq%e7k6+n5a2>=;@uIQ|9*R6M5
zbR<+i*?B>avjqIN+NX=z#5NetuY|bK4L$Ya>(42P<Qdb5n^UJL+B_q|c1A4>_Z~hp
z4r=GmH+%RHMr7s-=UcM#BQu=*%3}EY7{4-P#qAp`_TQYp4IfSZ>!IK&-?i|s-`B+{
zU2+D#IquBAG?foosD(T$tVt#xT#`tulfegfv!_9P=!PVa#pfps<b%Jl;TW|2Eyj2v
z+U@W;8K(spvF4<M*A&B{5lt~1V)&zNYbMgd2VccZJMyShzJkC8H19COxPJN@QF^zE
zE{naz5RPv4$RS*7uk;CsX843FR8E((7+15cp4{>`Sm~2B^d&{{4Y7Mrbal?10qt0I
z5MX{EvhXao5glgEKLk>_TLGDJEp($z9%17vkYKDT4#IbZRzyu~CF6*wJYz*tJ`~=C
z`?wrceBcc$0(`+PJQIAA)lIX^CUou=xE)Tphf^MD6}W@Yn7?x7iqX>R&2(Fp?vzE$
zeCR>qzuA>pj)okdIdbS?9(ySSXbm{FC=Ryh%Wr^x1KVgxypjeY3A>I*YXQ`%ita_M
zYs9rQF<D<FcMF;_S4{huD_3WBjK4!CvK8TjLz`nCDy-x!cG+;7jUclRmK_5Sm52Tn
zy{zF)24JplAy`1;C89DIBqMiEU|KQK3P^jRv;kw|No+y!3WrQE%-D^%g0eN**!Lzy
zK_pvOBc2ErLMwT^jo%Y!1lW`YD}8-2EdYEM!kaQ-ASPL#n^+19H0;Uatx(gi1xh%e
zkN!W(G|(72!T5Dtp^JDWZ{Z)SOI}0U3RQ-;TF@C_m7RVA9j#7`$DI8%x&jzoiC|H1
zbS^m!9UG)G@;3ZNw7kn;v4N0PM@78bxdB&0w9x%kH~Q{vV3$STMm3mIN59ZT3;wdw
z^ks$J#RU27F`JGK0qO<N2z7S>njIhxn^a&2=UBt=<Tct(Sn6Q68|7^}imWHF5<uWP
z1STJvLEF_m6)4*rXJFwhK<-J?`Orp0b7ibuaO@G3(e`Zq<uc4J_;N|MZ7(03o`6hm
zBEM`3JV@mkwI$VNrPDTs6g6m7@&H0O>Mo4npR$@S<nW8FiSxd5l=$q@UI34r^-o8I
zQ_3owS0fsC_}18&gfB{ApaMWrZEEj+2#%bo8I@AGv#!Ri2rW`Q2G@4hol~CWTvDl2
zpVsI~D|Sl7Vf)M#BNQvA40bpU@FU8k5~;$YSeMD^K<rP-6H+~aU3RB3u^ZhBat(V6
zS4Oh?Ujg{y06fw$SP~k8^k}wM@=piuWEPu{TYyT%RLMPFd$7(puZbR@+niKvPy{}h
z4Wv>1^NhAsf!_mQt<-5lnf5h^v@4`a9fN<x>@$eLgzf(Cw4p>!p*`kD)P{QLlq>M8
z4XKvqrW=8#j3X2dL#GTnNze&|Hl=}xaB6Fktjz{`fjjViYy1w>cOSWmtSZ%(z?=fV
zf#=Yd9HFQ-t(h(ev7G{+zi+v0r*tZa?Go)s6CP~|aB9EYKxY^q`UG{s>>T4mg=RdK
zB2V$bV)o?cgR9xod?3l}X)3E%RNnh_lXhc0wRi^~ayH;oBD6BpXxnFrYx@C<(YD88
zv^~UPwEatq(e{1Ow#({hJ>i^$=8;C>37s&Q54~GwboG}yy{miUyBZPgs(-Yr>!MvH
zM!TxUh)&<3_VNBYIuVFcD^FX2oNgkbJKYw(EpQ1=80iQil2`6`92p1?Mp;M2&nZDF
z6{WKt?x;EmdUeW)PWeF~9sI}4mv93%<CJ!xBZG9>%YCo*hiW26&4=I8=?hvGZgYaL
z$Z4xDU2!1kMm|p%PZ^E`M}(vK=;6ypQ|^q82K9&SjpR*dY$ShU%el~4PPE8GmlH!b
zvgPc>8Oxc#8OwRjWGv@elL5I-wRp71gP-U3I;FwC#b_apih0%ADwrKw!uOshm72kq
zb^Jx5NvpnK#LK))+H&%%b~5iaCT0=ewi4PXlDEEQ(%$$1p3V<~eplkt)S>Y7JU%_$
z=OvStk59rWs5cj$)UVQLiyUsXku@KKf19_xoAhbKP2!xkztL#0?+?Zhei7}iOLQ<v
z(ZMudj6_IW<b%WXDbGs;hOX&+e6RX;)x@UD-dYQ^P7Ow{?_V@}ee0sp>uVQ{UVnGd
z=ymzUXgfelwA<@j{alN|@Ej|l-b47s3ETyf@JYp|G5FNC5K5i+wESM^Z74j!UKAN5
zXfL|?&@V62UUc%IYw0Oz0w3y3PqvA`|6U~iw*&IOPU!+4oJ`vom}6jq&r?*WON02}
z3+xHDdF2KCv?FZt3VON<@UQ5Cj+OVv(<)b#R;5R2RqrURvPEfCN4(QWn|$sCgPx3J
z?!`0*82JO#RU(Xh0zD<c$UPTm<hJO@@3qE8{)5FB`HL1~<UQ%r4lweo*&JYuR%7H3
z#*?Q}QSvk>N}l>e$<tL)@`O<>*~qt^r=|D$A2){l&UqR#?mBu(GWiAS39olYdnz*-
zJ^j;U^z??w=qW$Cb5AxIJ>3JXfe<o=bvT|6{rUpFfKFjehOkaSM!L=DG?O}A5$n{y
zkc6QpNEmtmJM#5qoh*rVa^@U$a`K#kf=8oImFEm(tT<;NW6?PS89zK{AmcmHdTXQg
zUWwLwAzE)~wB`BHFP@BkF(dlLebFz*pCjlE<U=FR85o##PKV=+c)I9~(nUv<F7}Pm
z#s7`2ZUJsJqKg-6sBOTO(=|rhRW*9sRq>G99fjP6DCGX6L(VsqwVNJo_jT5;$^R_M
zrH>n+m`b1!2o#z0Wh(o!w$b?Vks5=nOpQK`jXt?*3{rDvjX`SCYYb9zbB#f2de;y@
zyGN^E6|K%itJhT<)z4HL^}eY#>U~jd)Y})Wx2xI!-bd92@cvP40PpQ;19)qy4dA_8
zO`8yaCsiApaB=m21H6wL46Gf>+6Lg=9&P)k>i-mYbE54YKTGZYY~VQ>4B)+W)>xm{
zqEEj&YXEQgS!0zKo;6l^&RJuXA3JNT@<V3{cvH_BOFZ_hvBa*k#uDFo)>z{7XuX@G
z^?FC^T@$TmV+NkRnK2v8h;L&ym=826em}1GU|jKOEoxU~@%||)oo4T~DKbgOJtQb2
z`jK`UE&R^OF~ykS6m*z$t|xUp*}vgDI1OW>v=~tV^A`eZRWxAsQ@Ib%ezgCVImm)!
z+a8|%*u#R9K2sXssVI3R3kcfdgkcF`!h&p)O7r*Tud_R)Yx&SFWXwSZ)<t&R-a@y*
zG0x`-7_GYUPL7$nJDQ_~MHntsRNkU+0CRe7!gwe8eLlW$6~3iAg@t=+T>_WvyO#3y
zVZ;T#uv?1p+J7d$@g_d_CUk<#*XtbFv?r!;9+)i`tn~NR@YY@IzVZ%^FYJm{HK<za
z8V@a>F0(*46F63QzSfloFMCAqA4C0UZ`JtaP*hT5ePs^x;Ooa1HrBf4;}EreX6C<c
ze87T2qO{5vqW|M5K~C6oM=Fb&%HovB39sS{OvP?7GedpZWZjlSagr!Vzz6tBre{&U
zUV$$}Mc_s&*6Z{z0wTJOllKa1^bx($<sHb~pu72A^qLrQVJiA?zl%MOQL?TRC8a09
zX;m@`pC#W}J=_oIxRHAY2EW<H`lCXOrXy2rkWqoT{#=yys98`A?e*-f4Yf*4WkADV
zX-X5055Yh)eT#=sC@tUJ&e|k9AEdPFz%8bIPJv7U+X#X9P|oF1UgP5x#ZX7Rs|Wcr
z_}_1fZ8v8Uw)qc)SL*vLqf)yO@B4U_Ze5B@<kWS0%@iEg8WYWJ6}q^4mNZhCz9{^N
zLwG%n1G(dnzC!BbO*$f@!qVf|1xvaX+hJ>@FAxCAM!%?WKD3qei{1APM!+Y`pMn<f
zQq2!#`HdaRP&mPK$z>zCj@nT@RNf#_>1Ps3suB>W^6)J9My<Z2_q~gToNx<G;P$D|
zthVd_WA9zSn<%sY@k}p}YGHyDsDfHFLL;KBg4<#X2_!hdDWVI4E316Bh`7rtY67TS
zib;Sm1iGv4;;t9mU9YRcx{8PbEzqV#g;MTRp&*x;hC;dZ-sXSKd1sPITU@{Xzu)Ki
z{hsH?^U%!9JM&)8d){;2^Lfufc?u&!*)~qc{q3)zV)qWCND&5j?TfUArG^azK07#=
zlmzVUPLB7&@?ZBFIy;3@okGy&!!X(%Efy_`Q)<H_8Uc-RF7OL|X@nq|Rdj)WGI`_-
zeoxs2eo^vB!4ouz*=OB~Qjh6+e{Y)@5~u|!;Izq;8#ggxr(1gmn$QMts-5mFy6r(w
z+di&4uq*KZXC<il#7O&8xCg_$yTV)UdSpfvk3B+=D%=YY!$9@~X$xJh6T*<>0zSAO
z-p6pN96EY1zzq+12+}@8)xaz6S|PhZkj_6n%3JRKmmu}|EtHa3>B)WYmzv?vNELg@
zzzl!Qx2LOy1HrS+1cg7eRgi+AR|RSKZSbjJX_xzHc=NkyE40tMw?`Y}y@Q?&zh_dq
z!L}Yp?F(k@JSCg1H?ZM1(JK>-WY>XpX6fzGb>_?Oqw5SoaRa$Cb;;u4Xfh%-qVX2K
znZ$yG%){_686skZUFHcGM?=8CzgeOrnysS$Q!|+W&G%zuji6ns_EaZ8@-$aZj5%nP
zue?8w+=JuEtjt<ZbsQv4clAPd@dzxHL-)mz7aK^&WDI0DlO+?<=9~NQbCz7`sWw9L
zES8KWHu<Cb7-J+CkrT~R<k#>4#<#}c9#h5z#OyeM`&#5e0{6YZ)d+!{IQhT@j_pQo
zW!p0%MN9Ql>w>^D<hhygh7BWVj*@r3cR`667qH)jj(N>lDh^S8u-E!9M)pMrR|#&a
zy3EsYqxe<47R@t#<-G6rcs<cP3#rmZE1imAtk0~K*Y;XZ;Vv>ne>$FNy_xV03uu?W
z4`QPp>&5(T*8+{tOBSWtJpb?Ul#BbI-)pWgu&}(}(gbi}3+9_A$X`0*F`$H9I!ZHX
z@v#p+2!|IRoixc{*wxJKlD02CddD63{F`sW;o{~vZo9OrxG90#zW5jq5(3^Bxm~+Y
z3i<T{zoryAtOQNl^54&M5gTv+IDL_Vlqx%*R6Mh)#=rOm>*TAoNt29DHTVth-OfPq
zsjx1jiqh{>Mfw=Cu}deA)fm)F_?L_Lbw!pEe%TJRkTvYdtg=hf%~SHERxy6MSqSyj
z#V@MmD30rg*c-FVQ`~1TsJK95I>B|cFc12&3LU_}x-BodSA#@&iF`0-IFK*}8U`Ad
zlo)UX4L;!_yk=&|C2WM3=$7yiJ3-0I%Wic__U}{qB^b{a5vyT2$gdA0pdQlrrO)9`
z=%lb_=c-cibV2*~Y0S(d17Db@I~wo6DAq^h(U&;n81uxK2sZ*uxFUl_NLG1I&-G#D
zoi?5P_$jL_rQa%lis{eArmxkdzl`bQ_319Nl_fqR&&9->aNCv5zIZ&V{PGrMAT4Pk
z2EgLjXj%yGpIM}2s89{>MGgV+1DO?1=Wk~sIeJ0fE}%80p31!Tqkes$O1F%};N$C=
z$EtEiX61}Rew_(Lr-XZquAZKn3>z9+ny+y1V~A}F*|Ph42Q2LKY=LJvAwMj)o>j@T
z$Tg9jOCA1TKRkkR3Qg!%gFj`36TKwi2^4g!m3`Kg&adl7;@Lf1g8K+ud6W!KQ_|cc
z_=0Vj$w>vBbsw;mG9FG&WVAS+p5g>&eiQOWqr8X}j(uo!?S=LQ4Ua$bBziK8cWr@I
z2K)8_K61+-1<yurMvwWS(hmOcbkT0p1Pla&qBM30P>g~7(48QS<kxk7Z!_;b2KPCS
z@Lt>|&$*SExncbbT}Sy@z4fkv)`E7cws+ZntLiV51lc>_!6WWNLN>^i2YBzFNGHUX
z_n?eai>aHj60UpMmn8=61%itCIf6(?HJ)QFh_SZUIQ=FdXkR5fR6Ix93P!*~JfNPY
z(XfhlDUGKZ2-4O3y4f5a==I*m3cuBTlQNcz__vEx6H330qXzNbL25nS)f*Ftn8$FK
zp%f>{o-$*>^PGWq$jYyg7PF7AbH|$8SIhi`p(pCV^Z1oh%Hr2O!&&P~H#0{QK%nTe
zjtz=a`VQ0wm#RMCOYYN<rzj<xd2fgY;;=}-MZ`72Vvfs@QSL)%j$|`)bl}8LfThH6
z=*?26AC^yGAWN=fUQQFtxLg@=PMKUYJm1E%GL=6>@VCfVkQYHIMnOt3!}9T8SK{)K
zV#alBT?T$@#QaUlL+#P?BNShSI!PHp)@<M{ElM^C#|^PrLYn+-9cN%=Q_j&myR(m#
zFdoT4n36J>Bsc2cM^JFs7)RZ!yxrc}zZOw6bAUiH;~P*be|OFOf$IkJiSRsgV{jzO
z?37VZn+RWeG8I-7*C4+G-6rtfS#)wSp7;KWE}(<+QSFq@%1Q8*;QyT|=Jj85>g)G#
z>g&&Q?Da!u>2)JTkw&B$`^0q*z5Wf$-SvBXbq%~qtUTI2Ck9rQ`=acR(a_~&^~xwS
z-vp=R=inpJ|0ucI7;J-~ruy6&r`G4jIJG{LR9$Zzd*6ufzo@>CJrwWijTLd?JA<$y
zzeT(REB{XfTApPl*BDTU+UWIKAHAdX(VBSX-SEU2&VU~n@q>>dAAD|5KX}`qez3>D
zKKK+qz>+_NU!|^Hw_YqrmHUxy)3J$Y-lNQf1U0i?Ca@+xb|%t9=yEa(s^7e;Rp4c<
z0yJ&ln>*ke9D^ZP0WmT!oLK&!+pzg=6DpH~Z2oSP)tB0czpst>CmeHDE7xM<-A0PY
zbv@Fq`bnBLC_S}7=@-X7`3yc$F1E9=O_c|=b=lv`v?AwdMJ`f(S-NYZ{mpxCp)%Ev
zp3w^ZFRjqusu6dsSg3)mpsd`FTe~c`PV2S9TCbf_hpp|jzTDT_bmcyzmFv{Xy<aW2
z3_enxBAI}V?=Q$mv%n<Z+DZe>2ClF*GH^Qjya5Mm3Fa`nHA0{DE!zAz-J;EpV+?#P
z{|eu=w`%q<|H4!`NG~lk$(z`PQT_}r6f5;V)aPA#4E1?~T^MDwwJBGI)%2xW`a&(;
zjp@%YGEJr0Ki;Y%J2aqEUks%Sj`xjL&($lpwW|FO^}0=~*C33H3-u!C@^{p$#LaHT
zZWw^wU_m)>Q3#rbASFG&Sd=QCYQ}sPndHOl!YJ>Bi_kYr{)hHAtM%X1OoYuS)!wR6
zD(mhPEN386XFn|GCW_BX^<3Jl)^lOA+JA1$e~*^`V_N<X>+_e|E|>r3HOOw-BKZ&2
z^1n{YzfVm5-L?GNn{@fVb=mwUWBxBh^A9#@<KLu>e^VrXq^Eb9G<tfiiOmQ`;BU4>
z2;4OY%SgpCZX$oK3Y4*^C5CT2(xle&fhLts5bhtUp!3JE4i5G5>qQjL78(t%5rSu=
z!8J^3*^HvRTyTQKKi7>IFxD8vZAODMB|(rTn4GjuPcW*YqZQ?lH1Z<}l^lbWyalD^
z@e0cPwMN0yR_Drb`lsGvM6~s3bp8|P-c6pEm_P96jq+P?5h{=H;pbE3mH6ZkweO){
zXBI(Gg?fKt8-f1Azx)#Qbwo!aL@hAUJWULIXs)BhaK1SWG@xXrmfT`?N_(8rej$+1
ze}+REW_AW#-P@hn7x@>q!3%koR_Cr(VQ~vT7#(cPGIRXWUI?kmHNk@~@sGfdJpf<-
zRS3*CbeDf~T-~e+bwjru(}yzcI_NAu5id%|<hUE?z=+@<hQ6%(=LJ$8By6jQ5);OR
zl=jPq2jV+h@BrO3RNhjZ*+Ewym}(-(FS1GINTmbK5@i?o28tQjes5sb&5h20ooh$$
z*B%5|;p=(QPMfDa2^JuDke6R-<2S9ZzW#NCCtUBcdD_|`A&%nutw42maT|s(S&u_H
z_X;7ugkM)+O?%zI1wG+A=UxSx2fyj_Y4CM+DKp1{5Vh8jMkf>N38IKDqtPjFe|X5R
zYg`7kBSpv32!d=6^dV|5G0dG7HeWLI$4EevptC9|YAJANs39Y<YkyER41Df;AGh9b
z_p}2CJCsPVfqCzzbOGG_1fH~G;bKzdOD8#svYN`TgIOa4hP4sVaABe0h|q9Y<jy#`
zRzVtT#41|SFbc#IaQ*o(vqv@wtN6|Bc79XAerTYbHMuV|c?LXNijAIO$7bWA2T#_v
zz!RruTb!~5W;Dh^jd%A~sts%(98_Z0Lr%}>xIBJyg4qeQ4*gz0{oYvbI*MMR8}FQZ
zP*_#49&_g0JD>;Gu7*qKMOQIOr0Jj$Bbg#>!s#ginNcu?R=7V`{iL>%uT~-v7;hH^
z@2$s~xp*6rycStkjTh_myX&05F>L+?ji|&~(IbErJ57-B)VA_9$vTFdB;NNfr|sN#
z^A@>lu|LxUDI>E8q}~hI);0sb!Uc1TCYo|1%4bmf&(+#%VGHc$bnF$5-ttT|Cx@{W
zxQDKkMC2Nlxj%!-a=o0B=JMqvxfbWl7X#xtev`~E1qIs>HkZuqPeewAC_Y*t-3C&v
z&#78E)bS}J9k)lS%JVy*!R~6HE)@R-B(Vw9a^9<u1D7Ivl!b{Iymw!mdfwcHgjg1*
z5#r0$>TLdu_JZ&O+{r@KH#KO$p$S?O*hVED%d~=;G25stBnLID$2XH{szaB*4l9Q;
zMgLaMF5a4pZ{1FBIT{rUyD(;k@r+5mavR*|q=7!!t`1+pLN0eBA~xLv1l$`zkt!?<
zgmHk*j1xRSQpwiO;;73-$*34%+*vC>KB8@~!y~4DL$mNl`FG?cNqcFv{w0nUdl(9A
z_Yz9sSV|o06(b2qPU##h1>O$z+L%bB1{I4}Fv2FkX)Kpr!W4IEiGsN8%YKwd+c4N{
z-Z!Z8i;-6M*oZNQDaIka?4@O(L$2{!u1U%voD1vbZ~;e!u*x2Ipu$$roHTc!(^Jd|
zfs_I(zX`bLx=fFpA*=!(J^|i<7v>znQA^*53{;^=a+j-jf-<jNtIDz;tBO&%w~Krd
zwB+tAROjWAyD7bBBiwGbO0#fvnF@p}l~CM1PjkF$l&6_<-G=M&rlTBjl5|>>vrAl~
z1plwmy_!q$_x3c$xhrT%?sraIl6%5MsFc>?_;bWJLWhwf;gBnjgYe<U^88R<W|8s~
z3SUxdW|eX;;ozR5buNQNs@_IEz$fC{G_9U9=@Q@Vm}t}`z8I6JG@*bbeM3x9IoV8`
zbPY`ixEmj*B(+_hIIg7bRuC<7xmT`WuWW7A`A1{t30e3r()iPHJA2xuy9d5*kQbIF
z7&hHIkm6WkAoVBU9wjCl>N7d~Iw462OiA*VyD}nn-(6_)C9|x%M<~0HU)RJ;tGBY9
zp)0-R?hwj_!36U(%sA*ExeLQiN5Z%RKlLaX1x-nF4^T)>w3Wl?PP-b<hYc{hw&3AA
z6L8_~7_(gjqA<x@>k-oLewS8Fr<7n0eMoX!5#!JNx_;hD*I>e+<31u+AxK*mAA`*6
zTt5hz6+&@MD*VuE?t>S$M$aEB<<rSoq<S7R>Kal;V3B`}6-vE|_U`fI-4Wh#N$y7r
z+A~6CC2hvZgV6-`9o0kh-<=`)?==ek$yv_gvR>0gHSoQ&xEybi)!_EqdqpDM7YhFC
zMgL<a(f=e!N^{dh|Dtq^^RrEqzAX$Ni}i=RzUUx3f&wIVQfV)~5RP$}YzRya+oVQM
z^QgHC1W$X|H5VjH0S~Pesb(sa=3KbJ)BqV=5dJCcS_{nLW%FuG-Cb=*yAtlJ-<UY?
z7wHD(_Yyttnk26o_Za1C_FV{r$j3a9fk?zVz3k(~+pwUh-(g)G4E1eT-)$6M7KD}c
zxRCIPLM{R)=EhyvDg?LS7YzrdOL6E*hS3RaPhki-0e86;;Swzb?^X}y-A(>k1gSe*
zBAgQs7X<H4QxntG-wgFPOZ~N~zk>QZLH(Vg{!UYWXR5!m)!%v4gs5L;UHjInNmj#z
zDbWLvi%+Ms6OU{9rW<re9XH<@F`)+fqA?P;9LR*akZz|lXWGxgjX&{u`0GiW34b{l
zby7{{l8(GW+hn+oHa8MLHsF}^FmH%s(0p<h=xOZEd)qj5Kl@^+EkX*XVEECs$w@l1
z7)(s=%iMqA5n)<Mk*WI=oBE{VeuP`f3<ncsxFMQ<>0u6P_dTV>@xG@~b{bj?w_GrB
zYae#{l8$12+($c#862)zWdGC$+xb_HS!9>dU4T<}N98FM7sAnAysOXbJ~7=_Fg((I
z<LS$%H4F48y3Hrusm}<kTH<Y3BMih|Kwp2+8-FT;iD~ehwyLED=miXmy-a1PR0knA
zmeE#lY^wUJlGRw1tj4NjHC837u_{@ORmp0sN>*c4vKp(B)mW9R#;RmBb{_ks5D$1M
ze^Ge>dfk(fPNV9(84s`|&W2m`V=GrBW4}L2sfoO=PrF*<U}7FTqy9_Xi5ZNhSGw`O
z7Fbj+ZeB$1Sl}UfJTik`A_Q`Kq(n{612;!a&kM)}U+$US(d18b$rG93dZ#Y=hfUGs
zh0*;;+hj*(SUuV9l)kl1%#*f}H6@kQsT?y|YTUg;BN*RsjTHmWb9vbf&sgpW3>ZlP
z<9CGw>3b)?rdEibg`De*ExgB9^eiaDhvCJi_ruzf8WZDy?H9oEEyr#d*kj{i3cG55
z=|o4Wy9G-Ks+1-2Yr2D~&!Og>iWN)4B|Lq6U|6>~P;QO935Uwl!p$+Efijii$JEQ@
zJe({Eej~>8ME4hL7vC?yGb?<WY$ii0?P&5Z6fs9Caco~#AdkZoI~flkO(F@uR`gFd
zr=jVE081dcc0)%Qh`M)rf}ow;-H2jO25zbkLEC`Se<y|ywuSfliWcpnaK4^eib0`!
zALJuYpnbTlj3P<8TI>1HP|G2~KRZp}*Pz|Qvn@-v?cdl7F+@-u>{lrCODuF9erv>%
z$wT6)yg+hy+#E1b4N&bjEgZoN7I+#6s?P1m%ij4+f6b0m1Rqam#LDGmH#w!rjdMeJ
z($3Hun!ZI}R#PLmZ$jHNzKdHBC((dRHI=7A-AKBo3Q`ANjl+SvPYi~kRgmgMW}SsM
z(~~fH9_jx;oI#Ao713Aal!ERO<zTzcpR`&Sx~@Ej5$NNmo1rs<p;zE_Hbm*ldpi4$
zEiz6CHmN(h2cbIo+SNMEZ|_v6MPJ*Zqm>XU!!G`1gaU33-A%YU-S|_!M#^`nman<1
zeDzciDx>_Ame_cX%%7Q4+Np*pS7Um?l<=IMDR`P;2Dl6OrRc>IW=D;4aa$OaNq!0L
zmG~3edFE;KC8XK>y39(no;TDBcO~wD6n-iC%~e-Q@?`H=HQnw{lTYmeF+NyKj<Dzy
zBDr|*W2!U|v|3`|4)TNIX@MI2dNqiV?<LT1ELaQKtml_}&Cm-4LLeE9pavikXCNWj
znZ1p?mU`yX=6SU!osZI+G@()84hh+gWpmF8@p(}44suNtbgU++1PY0#35h-hQwSci
zV6|LM8{_U(kX*>5ETT{J;_&-bdH$SjdD&-OuwE@#Mxp5r$z?ssZMxuh7ozXp0!Bv|
zxQ;^dHD*>irJReRr4BdTVEK^_q3r!f`0AcO%4xwLC*0*&<^Gnr`x`-#9uLXS^h67-
zqYy;fU$3HuXFCdcpNnXmoYlyy_i!D7d4&uyxK|sur2?V;O0GkPW}XvuI9{rMjAC^4
z*tLHQ+u{=pt?CRo8b!-#a*#m|s)Qho9Ss15D1Ed@5%lv18c`rhO~ff1<TDR;>sZ6c
zygnc%)x8(*PJ<y&V1{kDGBQsj?{#+@adb$Nz!9SnqI1A7Ldb*7&Cz~XwVN|27jR*m
zL_P0VC70lGhpwwOgxSCAk=$Io5SS28uJoLsAvDL~yC6FB>yd7taHDbnzQZ@A#NO~s
zNhPOO3kpEWKwpT;3ur5=FYV6zenpG8<2_RA9wd4{sl3_79%2I(dl>iA9iZ+l)9Ys)
z?XmK2Z$ZS=(5gNdL7<i$o<QgP>*DcbGP<fod%AlpXugJmZ*q~V_d{@jhMz4l3e3U2
zD{01E@rb|K8plkz2fB#&VCO%-5mwwd{3b8(L_21e8rnIdtNgy0VZZA}cdY=g(@t=^
zeCtpO9(ibVLCzhy?%m@8Q}5tHe<Z!ED)b`$PSQmSY$MKcfpk#Gy;hJWl}UL;^0Pzm
zFme@niv2xJ{Uh?DL&%L9ti+D>5y5Zikci;-_LV5<&FQ8Jet)9d$8aavKm4r}g0TYs
zhY$1oBgrU)n+=&&GYUoNn8@OOKYdFi@a5oK-uoqyFrKm-iJB~YgmI#VeNQr|zlZrs
zgaD#L*CN?isbX461%Dol$!W%l%4pLG^AQ8Ld{0wCN;oX|hnrBy%0B11l6tK{e(#ES
z#2XzpGR82x><Wa54p(}k1JS?T9Pw9j1vctmiK@R6y8C-#7eNIX?s}ww_udmmb9oUc
z3hRJO%iu|=S~sWEE%Y~xYm4p4tRjd0EIx~aHWSFd0ofNF>&FGeG)`FDgp7b+N`gti
zcHQON?EUxrAByPsFz6_v?Ksb=y2yB-7fY?*<R#;A4oq4P++!^RKjq#VFyAUakrZ#(
zu*zgLY?_j>mV$2OoK9pL@OfpfU!!kp9G3*M+u@&7glNqT#9MIO%H-K!b6PsR{|j=s
zx*Z9*4`htuQ#5nAQclEyACd&~9%CmvRmVx8w>`OS>DnL-NWx(mlE4P3C*56}plXE5
zF9`?CO25H`E@7}>-uI#I`JwHc=2>JqbPQvfd1cBm#1Mdh46UR+M;w{)f%$2ib8(oB
z492!|2JXJ@GQI|32wYP;N1gWMj*8U&VI$UedA#apmF^ZIY{Qd#JKV5Vzzc)~Z;%{i
za?TD=KOAMsvu(Pd)p}QoQ_Z}Mc@OmbppGs~Xgjuat=MT)<=49FM--?2Z)<2o?Knav
zHln}<pwouaap-ciXouy0l&hP(PpZgw<`*}wJHn2(#^z`|1vyH;E>kYFGDQ2Idou4l
zo7>s_<nky06@AD%GRrl87q*EQ_yw7>YgoZ318zfJqL`F6X^;HKsm}@Dehr-iIAfQN
zB8SbaRJuj%nqBM@s5VFa{#@&%XkeilgBo7us6h>XDL0(_ocRUZVPN2kv4i3a#1=tt
zK+gF4K@raA?}meTKvRk5(``9%fuT!zT2r7ADn}ng9EmpH@&^+;><+AaNUlrJ@qPCp
zPj2!cjbw&UhJRL7_iO1+B7G(rXik3~KvL9wF`E&cu!xeaF%QZ)tIVVIu){tP2B*{d
z2=gh#Ziy@aOKyrZ^B;*=@NHT%U!mJHYG&^0p3uy@a-V`{u2DiTad}T|2f}fa){N=&
zK~J?A573=~V+S3!8Kd@P+${Y{9*dkKnAks&Wfb}Vl;0Z?qss5eHBsgFIp&!zUY9&~
zZ8UjgGbJBSh$c_bC2ynPjkzVd<ZNAXK83l=eMgu4TV2_yOfO%mOK#C6Pf_vay5w7Q
z$;B+$sY~9dOFoL{GyI98FAPFL>898k;6Ae`cK?xK)%Q?{9VXC#l#EWxT$5Bgzr%=(
zs`ywUGQEJ<r_Ob=;E@rx3a^5yf?HaDqSc`>!8O~7(1CG+M@hqpwhv8Ej3J=!dU(s>
zJ?=_dUv}vYgOFPRf1l|sNG0J(Om11+hL4`E1M(gQD<{LBVi@kHOfX?_cUDk$XTufb
z<r(OW(w{X+hdZW^j;41=NoVSfoCecO=@E|6uO>_(2=*r7=`{ut@2X<pc!iTx;?~4J
zPwrbcM2P$>&8||7$gAo0b0YE~Bpd!fEI<Z+6~(hyjkrBL61Xz(#a%-2(L|?bzR_fG
zkHOO_(Bp=RP=B3#2R$2j8l>81(+qA4h9vM+x)rA%Bor(283?)kE>9|UN=2c!VCXdc
zy*bTwpCDD>F$~IBnqYJWTn3X6?8exC;v)mo4V)*pVqhdL3pJpRI_Y}RU3Zmt2pEoR
zYo1h=haMuGf!QXk0Ol0>Xp;$6ROVQ1{<jf4F?<4YWPE6MW_{?@SUiYk?T~iLe{E;y
zb#4YGCrZ;yf;2M~1}{h5hY$7=q<NrQ&}JaxUt5U-g)XY`Fm?HD#!-}=KRZX5Tmy7$
zVeLPolj~+S_u6!G&-P(7nJj(kdV;$h(?!2QK}TuoeP%g58EMeR##7_(Mc%JY==lDQ
zgpTibjK7-hD<_hYhM9Svg6HSUGiy=%@@~OR=4La$6jyr(zs?P^_Pm*S(rG7}9qa9P
z;~Bj|JYfcj!_3jA?vMj9!|&3u`}U!{cL}>1611CBs2<+eIeL=8dw+qL50K-Yq0+7>
z<h_r>RbX6uW)-mN{Bp?3hT#bOIo}#?KqQA$H1Ku9GSO^g4yMKIYTi2vF9P?#x?bhL
zJ&L1Zelr1C?1AwWwt}XlIZs6SeHHJWhRBI5H&7=c1YmX{R-L7fg|;M(&2sgC#0-?b
zJjI+d`=I-j5D)nwKK?0A3^)-%?Yc+IE@LW<D3w!DQazS7_b*W8bJ_bA3>CBY^Di94
zX`9{5dyC*Ak6*JN^MF1p&*Qd3Hkh0HGsuB_m$_*6Cm@j76)#9e^jYNFZ=e${Dd>e|
z6BSn>P~-~~C4`0p&g{xLgQ6?#4M<Tz#;-fYE05Ue*zpEDH1jve@(bhzWUM2l*TFE@
zFu1fA9Hk-q2<-YL!^0}Q+L)p9ghsz&_Sd|(g5a^jOrVFSI8gR)2-E#Mhd=pWHjnZP
z3dpDWf17AdQS0cdRO?QrApEz8_ljZ79ExpKa>*W4OnZ0@Th5a7iYM=Y`mnx!>pV}+
z+9|Hz;Q61A;5qroCX<x%&o-@DNQX>6f#$gpS}L6uJUM2A3xn#378&<)7n&f?iRLiN
zvv7)Qut1T1(m}!hT<f8@FM6_k;^=6fayR**o^Ni?aPPv`(J8SgrNJj&c3fit*~zu$
zIkUIS>8sksrU&C_+#XW(G#DosX8lm%2Ac|eH_GM#s)w(wgmGuSKlpVE*v6_otHC`s
zvoh495GZk2iZ#pC$KW1LtUP;*JEZg^eM6YQugeb1MPCdH_@(g#I-MyLEWjCh2?3lJ
zTkrsSJxGwQVKx<9aGf=4r2AgTJK4^!8_?IDH5IZR70DX$I*@QDeCGa!Hgiv5t&MX2
zOT<NnnWL13H8(2#pxiO__PJbwYp2scVcuv@&L`G|pNF<Ec|s}!VSQ{w-u_YkCF%Ls
zCmR2H|L5_qha>zeH_E>TF#Z*Y@UJr*<6rp^{)OHL1EbrC6$z`N{HuiVuL9y<cI02^
z(K9dm81Jp;BK#|}D9XM}5%%@uj2QkkA;Q1L{uuvC>&U-M9r#yX_IBQD{t^BqWC!^d
z(BXiP-N+)LI{7t0jem(;SttHAg!osE8Rcr=Up(=z#kiR~-#h>X!-hjX3O?L{5$WQ+
z{zrZ#A~G<_ul^Xzucmj!uN)ot)ukAIRo#JK-QJO3ohC(cmx7E;V>{@>y(_j;k0&;w
zZ0Dk$?F@*polQT3?bJos&iYukQ+Qdnvyri#b;x#N)(0)p*lVO-pN*bOk+=8La~2ct
zozjuBh%ozmYxch``O8gR@R$4;{xS)%eiK_S!(Z<2z+XoHXZ{kuQspmBX$#Q>Q3zu(
z?kJ1-Cdy(y4Q-xL$oR`UdVQYcDZy`4tlgvXR3$yRwR>lI$|>zf+sY268C{%|S*yzW
zsp>(p%yQ8`%RE8DvBU>vR|x#33h0%jIai_P)Xg@+VQ@_nxv$}QZy{j+$Y6sJ#BEB4
z@3;_{HM$~T;}*{MH1>9Nmx@DQlD)7m9lib(3djI)`8FpL%QI`?g}>;|1M%w|9BwRQ
z#HXw=ocmS6)P}B##1$>#>{%1z!|np;y@`pSa8<f%1a2!<g}iZV_-zxEx3Kr7tKcKc
z4m_=zeV$*jmsFCz7&A4w#A?P6AW$ip)E2Eu%v5`zgZ=gkMDiuv7<^Hb+R1oA_P_+Q
z{Nf_avY*r66VGX(q0uOCdxh*8$Z^gDXJE21biHo>!LtSQx#t>%z+8@SlTSCghk(+<
zxlfQ{CU6z58(4p3);gtx{h38hPd5%kh^Og1RVD^|bRR`bDLi{PiU(b#p8pg0HMi`g
zmT_C4k#wnczL&We!|Ka>7HYMQR`w36>@})B)w!O%b@dDx)pKW9AKqI==+T}+;66~C
z`$D~UQn*w?FjFmK?F(di$89FkV`vBd;Cz_7pTh*6ag!l=My>(a8V(D;WIO5*xdx+a
zD*R2hZ89Wd?4Kg)%a#`w+%GI{!IMsWpghWseYGmv;JqHG!Uf)x*!@%r{63i2ax%rx
ziI-a`FUT9_;QWsvN2E1=#baFO9NpJqZcU%|#@srx`x%9pcz`7)?t$M9FBCd5>u2CL
zA)+(nN4|^V63EGfx(#kuop0NvVkrIvWKO$}36=wbr-l=KHT)|Wq|KJJ3m7m+Qgm*d
ztoiS9s)6{FRIFx@Y|iuFVwT^Yi^Dz4Y{xT)!Qf)Z(sINm)!97Nz<Fh<N!TsJr8~{x
zD|h#2ln6z#@?05F`o;FGKY?+BND9P0P$j_&d@mS1NQb|^S{wgLPzY|tf<j|}p7Fba
z6R};7A5-_+S>=4S&|s(yev7!T-7?e=YK4`AdQq+1DfELCJ{Ii`d}(nz_Mq#Dg}2}(
z45aHByZ~yE4)eZ3ph4ok@}XsD{L<D_#9jOF;Ez3N3$Pu>7Mm1wc*Cx1ka0KQ;W8j-
zl+_rvv}LhtsB}2=Swz0Uch4ljSNlU{6u;3Mb{`I%iKH(+32Fd**v?&D?>V!Ob{Scm
z$8u;aRNc87S}o%sK_ghdsZHU%_ajPbMKO{GYZC7r#<3fk1Ye>i5iG(^rY&yj8mHv|
zqX9dxsAOVM@49hiNr2IZCqxEPP#t`wot@*t3IMCof-xYX5Kqj!Qse+uQ*TQuR`$~Q
z8)Wj)vRFa#-H^X?ak813y0~RAO*}+>N{5xDOh2H0z7n!P-j0wYXfza`RDt&hS^6pM
zIO0MBgM*8-<$W9<-ixz_H4Djykq(lC+C&$MG+q#aP|pi3$4l~vLg%-hi`^enu?MON
zbn)qVBrnr0n}jDL5QM|~?oY#I62n;F9t(!lwW2VRj-4?AJ+re=B`_15{>d}xPy#}_
z)~b4;5SS7<9|`>_@|%W$6jf4hAC3NrYz1vY>9lo050u*5P>xS$a(vI8OoB1fDd%@m
z;4bSD@7sxCiij)s#Px9mERVcz13P7sl7LYZ`E?2L9yuc?iC_9R(hk}(pk}jq?>9YA
zAg@HH2pRDD%UgKgW9T+SnrhCnOJ{8u6c3{}me~CRUa$om6*)<B9<l|-ylL|^nXLRP
zB{_-wlFdEXLGmHitajdaDH#P}l(_8bdOac`p7$M2CV|JEz@cZaQ$jYB;5K14y!VBk
zk@MWr_jnwM3gVZj5$WI!I~_fMHLNc=H7S?sc;AE9BVIPoSC2s;g@(i4B3F7AZp1#u
zYS2rK6FEXeC$IM>Q-6pFoVVO96VeE?76TweKm+4MX)o_vbu|+8InlB!G)S#~d)VDO
zCqs~AXl+omR9L;J57Y^s5)Nb)LttKo7`Vk^EeI#gsRSXU(Vw%y9=Q8WTR~&uoMJ3N
zYGU5fXG8C%ZCN%EWmJrn#c#^v3YtJ)EA4@PXNK_J${wg!IZ*P>!T}H1uosr1iz1Mg
zP0)zJ@CN#$$O}B2>nm~(M7y%j(2LcR_wK{$2Ob_ArRO}*XO>OoVGK7sHiP{Wr320e
zV1);S;>J-<snS{89Otxb!3U9dH1{h)<VA!dU?j>w!XHKHkiZqe4azCm&HVC5`y+8q
z=ua?eA-^16+Du*%0y#E8VmaCPO-5?ZoNw%S9E6-%e?dhY(cV#TKC61ON&)v%@T0`f
z_NEv{`xD;Fd7P1K&J(=%&YlMK7z{3`rzjkw3p#f)=mHtS;%zu}JK^n+l>G@Wc;x>A
z!d?17Bu<DE*ged{-*Y&wK=@=(g!bV%tb(RT-8_+@Ptev4C-Cg-OLGPnEC^?~2Lg3O
z=CjO=3#6nAmYRZj;SASVr?gj)O7gPLxRa5g`i3R3eJ-`)u6R)*PV2o28-T;Ph+4w9
zMIod99aqx6H@|FcZx+$Pavrn`fxoxH$?X#?6&nU47lMb9>U|`;f?rvD4ao(2_~py5
zF%Sa5_dJ?jrBWfl{F@*Hvy#YPiySKppEKtrcJl<hS*_j(cvGR?uybj`h6g6Ge}bh>
z2qYH>TscO!DQ+4CM6>?S_=;tFVBFQx`Nd6m$B!@O>O@HqR*9B#LUx&5I=9dWtAHIo
zUnO#NrC#%!SQlq@$-*n0Qi*yGgCRRI!_qACOiP)F5uT@-r`e<usK`{}ur|wH+oo!e
za&2E>y&Te6wS{DT1K|?hOoRMFw~?F|m<dZoH-tk4Qfe799#%4Q(CY^IEhWz2;En?&
zq&j?I*Mkn<Dc4y?<|)Bf>-3K`y0)PS1HOf!$7WziSM|%uPoe<x02(?#`{@JB_e7HF
zxuuqiW{Lj1rLFA9fXRt~ENBX-S~Hz^c4tUmM$Q=`QZer3v!jYQ6zH%Bo=!!tGNN=|
zzVkc=(z-h=@*DrLjkOa`A$Ts10tIa0?S!DTOGn8F-7c@1g*h`wJw2^Q)W-|67)|+h
zCbNRAPEVNAD2Vq??uD}=9LIZaypp|;s%7E~JkpN!NyCCnqW>S?VI4&Or&JeFYQ*5Q
zfnlZc;op%Dq7|8aqBRf#qd8a%_f%+$p~UD+%x>fZPxr<ndTmZi2~fFEe5@OuuUvp%
z$4@j{1y6G-zcL$dgN%alA6%|dFYQtde8cVa6-it86(}nOW`~iwWFdbCXfgh;zF}1S
z)wT+1WG}Y)C31?8Ux#RjuP&-De8XPAqw|5$Z6bF@$S<Q8v>Yz77k1JMt(VW?V|t<G
z@;L<Ph33oU;F=v6-E_IHUB3*BZoKT5cLv5a(3i!&a!A}3^X1i^nk%SdK)QK(4@-KP
zUIBJAFNKB{I9V-jOJvr|UzdI!_Ozvr3wm401rq!l=U?7RO;{O+l1N}t8_*<Y3(Rc?
zQE4jNw<1|uZ9u5x8Z5sap3j8mErP@V@WfhH!P9B*v{_J(bifCf;MpvA)<mhZ;i?f+
z3k?jJC$+#+7d&l%-+Ay`pC>gqrBb+?KSSLoYjOrlaLdRwiP5gK9hmAijfrJA8{mTy
zLE0rs)y{?!p*|5mD%sUm{*R>?`5L+G_PNRK-sA4_Qm4&H!l3aY*YwPOMDAK?5+F06
zv*v}*Bj@#g$GVrE;ah2fbPzwosd(*7bt=JgLGUl9`XKOpIeo>ixP|s3S?}N?%-raB
z)p7Mwe<Mr4CC|XNDW?kg`+cxTdeuQ>FY_x9uK~$3h5R5Uf2y|q(>*MC3rn7+e*LNX
zHG7R;@pqOy>oQ+^S@P^Izh3w_B)Pi$a^ZMLn%DJLcR<qouD?pfKB3X~zkE?otG-%f
z1sX5meJ&$YT)h7_;$pwC1lbO)X`Z@KFiSu;u$<q7iyj7GV@aO&RDQ*O0p|%=Q@=n-
z+bJEfG)auDAQ#^)Bk>`>apv!|1AFtZ2?ph%mt2gAunf0KZGn5kLjE~OzNjX9Kt}O2
zfn@evPfBi&O`fhLKg5#TVv`+Oat=#wjZGe;CBJkPCAY*Tch{2Jdr)$7Y_i-#O+Lbs
zn_`p8wd5j}+!&kuftLIhOKylw_V-Z1MZgW}vx|90shwZ9oECK3`ccTKhp_H#s32=U
zjC@wHd_A54fawJ4W?p`g&2yBKzo`v}mD@0Ewui}x23{(HTat%`fCFmK!japInW5n%
zS1qU4oSrirO}fB+3EDXG-X)k(am^@n%K98-DuWPj0<nF2z5QO!<T_K(oZ<RXdAL5Z
zug3JVnJAN|({9%M^ZNbz(f*td@}x^jZ}bQ61-j#VFqH*#k`h}%%cJfjdThRci1PX9
zNp2#Z#5|0faN&7a0IbypS3hTVkoPwBWI`;kjBcvE5sJmVlUvU9CWx5%5(uD^i<AME
zRJ^2CKjrv2($D!#V>nOF3-fsIbxEC6yB3qG+A+OOxid+Vx3QAGENGhY9Q*-2DcNj8
zUjSSvDbf#FSGpTP`*B@w&3c}5*Mf$1WudBXa_+<EMK>W1l+DxZEQ;m`FOY(MpQ%qk
zZ`$XyTmorvBuWUHu*!X{^tq(r2~@=+I)0P6==hahjE>)ii;?kz;ZuFGspIzsq@kKL
zJ}}_3R}3VB_|8MS2!{JQh%@WcaB5rX#J~U_LhO}2=e094{HBC>d%#)&3LNMkv(90J
z099XD@-W;f*TtU4keOJg6knoH#c`n4#i0U6#4_T1>_hxSxe3eSH}yuMjgX%Erbs{2
zu6l$dYth+Q<T<wQ0;J(RYcs#(ws@QX_s;gG{J~Q*85VT^uvgM<eBJOxDzdqA!tP^%
z@gRIwU_T-g+d$_<^UE#g#|2#fY8ALrwmf~R_OfJTt`Ac~nS~%bc$(w*6)zbP<<RD-
zNf35dqdV86V)oH;%98g^G?MWX>KG6I%UGMbGaErXJcw3!&OfQL35z}QWMNfk^%v;O
zdIOHarje&s5km6TO`lWz<!jHgS(Aot8q<Zq@8a3Zc=Bx1>;3<P-C{(qPi-6V1A(`P
zoYHODoS7KxL8n3L&f!L-DN%rX<p;RYm6$O8k5uAU8(E3}L^t=($5UDOjo7z0H175*
z^{OU1*%zdAWfeNY&#ZK0Rw<k77>8O7d2*uvLo*YI|3N&1U+JM9{fgEpbo#g?^$O-X
z<T=RLwgJZ}PinVWYS4T(A9r4Msr$DRQ59&H_f8}EnleE3+2kp)f>s0q8NYJQ737vF
zvz(SSP^Xz6jg#yoCa4P_kUJYL0*yM+EwL;#{1D||V)psDS5O#TxN@8DOb=Q14jJ;e
zlg}J=N;{pFp!4c|sJb>9RC_L(U<H2TR&8ySF5&7b=9gJYY*LYE*$(xJOxhJ3!Zp&F
z<mL!WNVQvvbt@|Ar57>o+gD8g<9#Q)laUz4+{V9B%+?EBB^;Itc1R3*2-XJ>tK^SP
z!GtuStMe~W1<tcvP_DpWxe;As9BMSGn6aFmDJEdWLjEpgA3Dq8+If!+?b?<z(AGTe
ztkbg(N5<O+<7@@DhSmLAPuoF0u#>WRjp_{pK+X!ZI5ces7d#_MA4bxi$EdrW52+8V
znYGj->`Q*dBkin;wCB+hWB-l)M9UE5!b|82;z;DHXBt?&)~BlSiY#qaB^K8q>LJwx
zfYkHnhhYS)j9Xa_V&^BZ&JV3&#0Qkedw)wt(5|R&^1~|CQ6?~qcFQhZE_B{4vk1g4
zP}=xciqvky-6E+``3s9?{ai@%394-}1U^;Ah|LS)IJmzmIHe-C1HpD&lg$F^vF8Z3
zT`!OL0cYP<ZGFLMMcJU9*_~z`)*3Qrdht|rRWb{-kgsr$U?b}i7w!mL0`*vwc8A8{
zkuB8Y^FXr0h54+!<PpdxK9aF0u}jw@QTMI~>1$v&-*UB1v>3twQ$Vc09C}2^|5or7
zyK0^2;Zw*g)0Q|q_$CGxhMn2_7yd!pHXx47vN<cKJc6NXoq@^Fwu6zjQT{lSu=LQM
zoYEojE>tM|*eXA?$|>!4_hFhwAZ0IGkoL*@55$3vJ~s@aYH@Wpn5nAF>^VQmQjv@F
zDwXgn-!kH1Y!H2IzzGBMWU0w>3MO%|xTzaDdCA|!`wk?~913e1qHXOcZ4p6krwV%~
zy0O~>>^8AGyRBxor`1%M-R@Rz>)7oE^|q1S7OJ;&?wj|`Rd0>#)}!9yK^pGr%7#kM
zmZZGwOAOyXw+F0zz&1c-v+=JLgCIyUI&ut<5|GNM+WB?zJfI+@Dn!hiNk>9pOdLp2
zzl)=7FeWRZGa%e2ci&9iomp<9W9l9D?ePuQdE7AEFQZZ8Y|P8b78xzB=Y@ttLUx6~
z=T#{8U?gzWJu?ccNTr!!+j=X_<1L~D%3!0=a1MiDSGwoXf`hC<<ToDBob%eH5~t_F
zC})0^-SWL)IZVujB`utxvf8bV!0&+79&}23Vz}*b#!r#6+OJ>|xdR#g84l%b<*&^V
zez#zZ_7(E8{BUP}=2e*!xh2QtWe@r$Rx25LiSPy+Q(1K&(PpW2_-Yp(R+)?v;ZF?@
zs{Dyqi=t;x|00gB4jwuEEy^sH*Bylsyt)QfaylO=1(6?}6{IE*OEi%rFfJEF6(=2^
zE_U5qa90L9CIDhfTxMk`MU(Hha0NNNAr1X~irF>pS|~+dDC;kI3>Nv05@p<uOpVbg
z*P#!U>`T0_6}OY7grx(;jn@~;*921HJ;z1?8_eG#cpCfh-ivgWrLix+au{Bz+pxrx
zzCfYOvWvFtO4)9#B#V|tA&^r_``YrZDe%dV4^^gAyD(Y52^Luxh5QSVZdzFll{*h4
zD3y`gf)d05LsS$2`d79zpdXWkL!>PTiol&m^#H3-d@NoF*o=612e<Qbx(VD4`5&Kt
z9@cBzUF`?yHsq9(wFvcTna%r7q11~;AKusRB-Cp^>KQb1m8%;gmk8!$whWFyvI9Qz
z;N#(^m_u62es%r@1T?$chG4T4P*z?j#nAG~{j#RF<z%>eV?MYu|8lWtsqmI-RvQpV
z9fr^*Cvt`Cef)}Vkiv^WYFkb`PRu_@v^d`XGVRG&nw*y1z*U9aC#5FmZbeMmk>{(z
z`NoJpjoixaQbKf)Lfu%$jvN<AVP4dj3zIC_x;u`9zL9ty>uO>~msDbc8Hhftl<#EZ
zO7+Tb+8LL?u~v=&q1#AYWm1lE-$}Mor$vh>m5)`%8I&)HK-s1V+Q`o!<X)|+;)EK~
za&M`Tb^#m5LE^n-HR`e-nT|6bU<L>({C!Neuv+Q|_SKr`Q~&{Zc)fmR)GE6v;LY<1
z+Csd+f|KasJeD&)Daf*ruXWyDqpYUrY(#uxP>qI%rOE{q>o)YDW)l(o>O{1M1LG9k
zR3VE*%w+lW0o{%>a9`YG^X{P$Te*$=wzV>a&kBM!tpl=ETdkG9L3MCpGAM7r%qDF^
zdAW(gE(h>IcYNT%E5y_*&*Bwnkx$|kIdggxuZW@_YKqpHi62-&(b5(fyg-i32;}-*
zadgIZ1^Q7{u0>y?%$}CLi(m2XaW*qtZdmxUI>J(1V_@A$_f@%`K&|DPZ4B(v6Mi-O
zRuRU*F^~~>&bg>Ev->#CEQ9j(ag2%yc{m`GUtlJ^{>We~J>WOA+3ufiPUj~VIef=m
zpJ4J|s^Rf_c=g^^Dy=B=7rZ<C2L_D^EoWyA<Ii9L`;^~<94K8<27w^U?BT2d<yr%*
z`0;<StP&@|uaX5-g1(BpTCcr22w#1gm6P}c{3<<;GZpVzwJJ*M5A4ANwKhr!9;`=e
zJ=^*qhyG5fieER1mhjtgW8*PvR?z)RW=X#icQza&?D1i@nOxU7_;m>eG+m#h<3Zfk
zJP;T-C&&SINe*pLCCw^jXEiN`ndR`9NdcihQX-zUuTs`l6SR>IU~HgQXeVY?1c8_t
zcpzNRyntW&*CY67woovVB-RX2%;AZ$5+CQ6L>%?w7Q6EJaYoG<FvN(cz;FlFtVZ6q
zt6D{2VR&@a9&a5nKQYYv)>X5K58vc;hvvI~z=jE2iE`l>vTC3*-t$^D^A?uD78g8J
zD4MOZV+L+@mw=>>I1H<6rjQK;%zJ0ims{tKhLzk#v3H*t%CF0C1}1TV@fE<WMSg4z
z)<MjMj?9zJ0IxfDEZQTBnTx)|$5?Y1i8h{QBwBYGVIGrb105%rmAGo!@50!-%GkqE
zy!HRXH~!D!8$Wp9|3-Y{#Yz9?;~P=u;g=jTsQAX|dVC|P2a8+cU=3LCE4cU;!zl;$
z;nPkKN5qGm2VQ3ylLEgFCK|?cf;dL;_$*Hq>i7=a64Y$PtgfJrH(;(G9O{j^c7!^r
z^onm3us7)Ua(GAFB9Nc_cSpSA)m`8nv3{4uI}T_5$Qj;o&1Lb9pN)^fJ94c*7w?Ge
zTWgEp9nVMcj^_#Qcs>^Ihy@Ye5x<*fiyepa{~LJ6IZ?dh^IhT{ubBq@JnBE;9nFY$
z)DAAC0oy2Lu*YPMXa?Kmx=}hD`lmX6_)Q(dJr-%W$Li3TLM;oEK^R!dV2_K>w1aS@
zJi+{p{1n{dZwdFf%b>$OihA7RzZvckEA^vz!8PLLagX&~;vR<?I^iC_ZHwKX>k9t}
z<wP6qOiD0gmr+yRV<^a{V)`G?{cE^KJq|KG9BCJ2|HWn6wf`Q(U`*1DSEQAKZwv43
z_2YQRi5eb~qFs9l5BZUXhkW|S@sKkU^ms@k^ZV<&tG|YaB%q>(hfKrHxfxwcvp7k1
zvr)rCrlAs9z^ea~@sRNmJY<@II3Kz!iQ*xj?e+g35BZvro#L4fE#Y6LeaH;nH{lvw
zKo49F5c#W)fXEd_28g_w0Ff8t2#$Cav)3UWG6nIFafFAQh<M0K_bF%g0ryo5?KLq;
z7k~0c@Q`fpiuW23=!FN3glljwi2)*mLc<ZP!XPUhyqeDH&{KzpjO&PpG%-A+o$!$G
z#^3rdFr-u>T8blh$gmC%St?qJpb*fk8zXqg*(x5go#7$t{KG!62OfCSR?w{BA<q*Y
zvVArv=4r+3XzbfY9Uc-7A`u?4lw8oeISps4;vrMx2oGt5DmHW{6KO_X;EkDx)Gcyf
zM+SujJy=zF@4MKDz?;K4)xS96A@9E8zl(<y{ft`wBOWp@dkeq(v%W~2tNUtr$a?|_
z1;}5;K!Qz_SWf(=o(vB8EoxmEc<#(Q8n>q!4rs3^w{wyG#twMMw?B;HA-^&*JmjDx
z6<fmakOrpYfE<H>$Sh&;Hk`XLEBMdAL+b6}Y0Mtp8fy<9#_Zwksy)1K@2>6PZA`C7
zrychoo#&FzKFEkV)!^z!hq;{D(2_BISW7@??OupV0j{kHmCPP~6G_Bq5NG~TKtuU?
zxXb|w5nN`fdYCx_m4OxL1jYAt0^7Ktkt02WX5ol#%<!=6Hoj|ICX$_s%OvtaT;_xQ
z;35}Ky79}?`l%MMZOH}=nMp7g4VekQsf-V(_{;+JW(xY9p4|zlY5XbR%wgCX%XaCU
zXUm<7oAHhxzXidWH3-gxCREs^^ReJeyZK2%W*QNh2{)+pGAQO|w5wPuXluifdE6$I
z5~>TCy$u5n2dUQNLbin=ucVUD?GgK9U>Yn{-9_mvjLr$R7^tYqUPW;Rw5<eF(Y5~+
zo9~RP&X##5&v)GEzuV|4VQ|dudFWIx298<gK>2Di!ZGs#(^Fvh?o42odeGt`IjU&P
z_r$x<i6=rad9S}0n?mVmbT+COOcRpg6pZgh2CNAb*pPsj&2j)u!TiP#zoQ0vE{*cl
zE*z=`3lybexSMv(7y~)CoQ+RNH!+T3RO35gG-$}nR!*Z4-g_|_=U;0a?|VOyO^DfK
zQ>HTDcNx0iT=_O1HGYZNZTynYOa#eF1$tePinDIRa1@D$Of;wFN$p)&mW^1w=SMTk
zGG>D|KBEUHj%>@2)o_00z+U(qk*InTb3~tTW}o4`=$M1qnT3W+F?Qy{%iEWo+!>vH
z*@5fV^+wgee6KNTU?zfR=4EDFwn^t~=pB$H!9*O+uecdL_~J@~W@8>6wJ{eO)EV|}
zPg*segjM6Uo<C+_PSYEhZ$U^*Q8Tmd6DQ%N11*F<GOGBahtPcNzdMRQ!q+<DkJ!j!
zJR%Lh^2e4K{E-dAKbu^&2=LgTU_7E&{E?E<&;j2wxJyyx$=)QYsM|^zMwMR?zUOhs
zLiwN}itllCf$ynDe9tpKj_+}?sFyS}ffU;3QSm+dot8FWIKNQwJ@f|mweoFq1mDxC
zf4FG>U_2tNf1Yl>Jih0FX2SPmAin4J1cvXqp;5*6l*9B{Z{T9_Jqe9$N6Dn(dnQn9
z0)EMB^?H2I3b<3oH+6~cc?!?m7UD^GSYryB9~C5!Gz;NfwiGOZD<!)D_j=tL+$Vz;
z$gv$BVzx?VLsuA}frUQ@|MNvcXZ%kA;(u`dcfkMPbl8AePM7!}HVQXf!L0En9scL_
zq|4%e3hATTr2k3$&tDiCXJ`Y%|D^s${Libg_#cuHrv07af4Bxz+)asf`;rXG#rm%C
zKd-V9zpRhqfAE`a@D1<1Cs{9A{i~kgf8MW;;D2^rV&cqf;{BpjofnvIZU?5#76wbj
zc>kxZbQu^HB(Y51l4BtMd!l*v!fP<|*+M`-Wc;?(npy-Z)NJ%p5O{=+6P&={DT3u&
zkZOeD>TW>mE1p1LQoJ3Z@r}T&Z^hdnV|uFeFb#ht8Q$lh{=Ralj4e<`A%7PIJWkn9
z_Ffqzy&8B}hK6${O^h@8aJO4SgByh?8hqob&)EVoF6cd85XVXz=U;vtzvNdYUx^B;
z-OQ1EVuP!&6hxs#DuSBFt7aQP$Y*^)&rnctbvFuJBZUJIrMf(f|Kvgo%~>`FVIGLt
zO@fN+&Ku|d@HDIGcIXmkLxVtoZdd|@h7;<3cV@kieE{*?xSbS(=f*GRBnf&vH$@u;
z)ka|>RFns8%Jx#57@pfmTj3)5H)MG3yb)x2odQj#s`x6$NvsnVUMDb&w~HBONg+1L
z)BpTANf9QZrXUmC@E;Q2D9*rqtS)2#s}lYCC*(Imw^^Du;}UEMYE07;9xgTVD<-4m
zdF*gn11;w;z_y?Qmv?Eapfi7u9UWMIwTH@d-{9~ae>OSPpT)mu47++E5#(1y-f-2}
zK|eG<sUdbD(}w5*Su9^K1fGJ4poi<W)c_a#!v(}+4d)mh>&5fh)KI}#t2NSA3=Is4
zCAO$YtY36QVxd^zU5io>GqvM+sCqt7N?E){&9Zrlt%|!rU0;wW>lge+kUpeD5@wWO
z8^bPOe}QOIjxvMxIlqFKw%XCkt_BTPtG=FD1T#y^ZqXP#XQRwTml?=hp-WPwtrX7O
z(h+oZLv{qz5CvT^2s>K>mEWPaUJ}wAmhCLIXxB2@{w!5C>x{p`43&{ThQC6bvnD2p
z8qOsuFI<(R!d!-EpcPTt8oS>Wi*qrYC7g?hCN34_QhSCVUhke^5U=!zo)W+l0xHgn
zRutScnxNvlrjV<BhVKFmsmU(YBPSklGJ@|aFtFh3vkBbQZeZXpBO)^j$ep$tohK^>
z+(m}HHWl1u?+osGKO4baELRavmoQitRk%x7*VHJiYkmaQMM4b0x)u?v>(5=nx^lD8
z{HKF;QIk|y7tD#!t16}|L)1e5WJNGtMm?r0{@;k{x)-{>z4#<zy1a}_181<5vW-*P
zi(A=@u&#EHi3_2N0uOvG?e`o5;dx7On8CV&yzfzhbqR<tpv8t@T`F;^AXaogsqQBj
z(K=pajQYt(-zJ`UjRx2G9|K=uF32oE(8B?v%=7EzD#U&~dA1`g>YKVK;DIIx?pLAp
zH#Gu{V&{4y_$W}|DtX_01Jk7_-n531qOoBBDF<}B<*;4aYPVEr5{{<@ddC{o7`8eB
zkAucgjv*MLN(08H*FmL#59)DJdoHLrsrGt?lOk?YYE>Qz>v&COJ&c5w%C8v3a8gi?
zij%^ZLVsd7so|_HkZ7}9>KZ4tb68h6Da<?cugf5zFfkShl}<>gFQZ5(bzf4$LA@1=
zgG$o|PsKs?KLO*nrWT}TU0MWj)OH;Ce{GbZ>QGWs&#Ne@S8=U+I4m71Zoa;_=9)l4
zZ%_3o&=+v&X&wghCz7Y9`3`<12aWmyrPT;<!U&3;x<|rX?8ZW+g7QD_K$O%hoZTu!
zN)v`6E0-Q3C1QoEPa_avp@j+nVIsenz)vKpoJ0ImU_NJLXBxZ7e_P2AP^;B!yOMx3
zxl3uNXQ-?93{hnrQCA<-X|O0P+nId;7;z2i7fQwH2o@?IHy3CV^Pe1Hp*F^&%`7_<
zd1EU1WCq2%G|$53M?k2^3*2(Mii=7?T$ItE<XwoxMIjm15iY8Ta8Zq9{oyxt3vG_<
zKw)2Wf-o)kI1W}KSoIvpkx$@2<->}*{!Z*)wyeQ808_OpAJ?L1f5cc7FS;L3A7a}j
zMxDiY;+vMP<t+^Gbc)tO^l{H52W3GGg9I5#qSiKt<kpYk49bJB(0GCzgEae>Q_f=k
z5z8*bY~hX5vQ?D!3%gHAy9lwhlMq{9snf6@ZAKL<rWXA&ZpRIv-51q0ShtWrm}wwi
zQnQuMFxA4Ccw~s*zZj)<&;$z4Vnb$7Luj}@B}f+Qo6K5ePJI*@g=E8kQG3(X{l&Og
zVAN6=xPb5ttBXeWmS)y5ft(7O12{0-GSywCDA<V_yRsRfL|hwdmNAO23M%i_#Ndl2
zD~#G)Pb1VPLp272j2HpvzzUV-t9AVr^`d{6nXUO{_+|Wq;$AX%(fO#Z<ilL03}pfQ
z!s3?Zt8!)G_u^N~W{kg~Eq2U$2BC{;U7upQ8J~ZESGTj0ibAj9-2nDoQD}wM9Z}ZM
zC8p}@f2x?OHuMm9x}{6h7mkf$ti?rXKZTdH;~DRWfP-C^t^*6*X+@J6t~dx7n$rm|
z^dO2U=?EB#yDVU6T?G3RTCKSro6LYepAeX5o=`A~q?vTyyBfLFJIC<|zySmi%|Ahx
z3{mvti70;NRocB&K|r4yR1naS6B-DJ*WrK4PcWiL?}Yz}mysvQyl2gc$S(aEQ3|33
zk_G;h?V||*1ezRyqi}~X3ph8fD!6CwIz>1jerYpXtr!-F_Z-E)>#_(Bbgv!{BxKhy
zJWyD9R*tlXjK+3mE>y`ef)^W&<Z$f`j0}6guX6P%e0ieo<;n<R3|~I*1*19qRZgE|
zn*zHBGV)TY)CU{bTSdzDlZ5z7B_)MUzpKY`332tZOorV7jWMt?Wfz`yAddFQDeXiV
z&I9`?HV<-6MKDam%*wsTnG~V-PmXw|CCC0Bp6P!J&vYpB|3*BMIa2HYbMZ_VIGkVd
zfkDMHP1NI=a8*X^5lrg^<KSY;X2dhSW6+_Fs)mMNO)+SwCLcP#I#AXTPo(Cd;+NJT
ze#we!x}A&3>FwE(oLn2KhQ2eqBO>Z>IkSIi_#}*mC+}R*5ufDj3ZGQ;BlsjM?|nRi
zPuj^va3ZG=ig7Z6PwI0s4rfXPpH#%~Nflk=lQuDY(n-`lMBf?L%~ATS8oGT|iWa<T
zdXU2wA1JGW!Ks>MHhq5}icEqcLbk%Hp&zX3qA#NM9H>-RxTK0GE{SU6?z2h5C27?{
zJb(_E^!tT(M9@3y3=#AWf|Fi~fRi@frA7&e_*2vHNx)Mm{$78n&Yn~hO4s<w;udTP
z@4bV=yh7{M=Sg)AZ`cN6jkm}plZ%n;3Jk3B%#JP*JFlci5j%zg4Y6aTy0#HxpUUjX
zl&|XpcyP~8$1mMV_@%!YboeEc9>4UGieD=F5BR0CgJbYZDGa|vM565L62F8hS`@!j
ziTI_DV)0AGjiVYW0&9_oDVj2Mc%15(?XeDkq{-o*R?)G8QJZWFM=Hy|kVhD#l+G9=
zR{h^<7^I7cLHYw>kQBUJ61yJi;!$alW0K8=AGw~1CV9Wjh%&J1ur1Xo?c{xdt}#j(
zNDfPi8Ad5B#%EhbXN=NM#V3)GCxTB(F{43iJKAKk_VT`p2t3JD$mB5>0+haBfSh3o
zR&Txgln$Y^T16=35kl!NMy6HMhMtXoxrp~o>yPVUm0da$g(o@u!*u@I#>T*tRzeou
zO4lt`5XF7<3>g$T4~6x~QSnLW0w94y+3=JzyGp|+{pKg)lk$+Ux;1dppRbMuCqV^n
z&YA?X;qkZ*{^CYV)ZvpRCU77z5I!lb13t;tS2a7Ah?XrOa}=M{i||SOD|-D_MJLg*
zp_@@X-iu}`n?L!*z*BF6tduxs8-bIyLys0TMX*WGlrQwyq#YVI=};7#r1#a95*P8+
z_E~q$SKAw&-h@rMfeg`71e=u0ut|>I(f%ZS(uDtIe9}|>kT|FI`>FUO&0X7w4)~;-
zJL8ikGJI0vvM4@jmx@oyjKL=zF)+Q#bnuLdPP(%LI*IZ{Qnp0_O7FL6{?}shNoTsk
zCuMYjPa5M-CVY}f!zaCUl^&ne-Zehyh$w;XD&IR?k57UpPEc{YS9HK9WuPf%O`^eY
z@Qh;C<cFV)OB#F`T+*Kim$bWUT+;m-F6m=a2VBzlK+5e1OhTH|G+)tDNx-E3*pS>0
zP9resWD4`Q=zEcXNyVLjNsi3poiIrgBA6sWk4ft6Fs@7p3@Z>g5L4@f;&#F$jk2Ph
z^nBoHo3wp#JKpi*OSv-DVcafq7`IEsBvl|LsiI3v5-=mXG~GPKQkExO)cJ~=8Sxdj
zIbtesU??yKPwF3mC#51h>5dsc0iX2LUw<Y(DSco^eA37t!6#A0^Q4mmQNpd6DdaBh
zoF1yAxr<ASaThmJLn(cJ4&B9#C8W|e)>d5Wba16q1Sg%x-LBtV*AcGt;B_io>2MUT
z)UJaoH4$8?J&r{K)WMbdt8gXs4!N?VX9u_v`XU7NlV9;M!ge<xQQ@YH<=EwXVC=d!
z7O7;idA1=?$>wRb@+&cyJShZg5p4@P8>&R<+>AmYTj9OklgLOM!6%W|FNRM-gD}G<
z!Bq@CN#GR3Cp9=NLE-9MSX1948a}DL13t+i?Lb3}P1+{r7uhVOupZeOzO#ASty08L
z%ddEkT%_#4&3ox6h(q?kWNQpWX+spEv?d0kgy1B${~kGt<v@VV!Myw;`9XvzeHjZ;
z`nDy;Mbat_qICO@<CFfR!zaD?WB8=s|0q7m#sEssUC~KWNjH(CqHdOWu86E3gio6J
zKZj3B`|shCN}&4=o;g^pJku2Q9F%KiX8D;KvS<!^wL)Q2k1QJ37$aZ*D8A`V9lq)2
zAHg^EY}U@dAzCRguL9l6g4|XQT@yts6(Cy4+C=MK6sPofi@rX~C{98IuQV@$S9${R
zN;kzqlbFw<+dDkOY?N#N2k}b(>H@D+gm@*KxP(_C)Pf3DLaMi%M=N4}{kVW@U1z*f
z6@wlT10>ds^rGUHzSrZH#H1qjrD~A#zC~Xa{S?sB$1$L#zjpyzde+S#M5zQ?av^A`
z{zpMef;$RYx>XY#zPb_whs0MG_An@?x`rzCQp;JZgDQb+mW<!M{_Ryd8S5PtsPsk@
zs8o7Mqb%g{&cMU%#QuRZe~0`U_%<yN7$cqRT|wsBuutkw1S_560~ZJldMOH2A}-&g
zLn;Bg7CR%A1pFnWl8xI&K&4xlXA>Pz>8Ie7OgfxWAJ^x!K8y=`FJim!-#Gtr0{`$U
z8&J*;jO9eBR`palmf@6U#^98usW>H57dWK}=v)b-ZMqQ8uoc&v7{8Ngs^3XX7D|T|
z$f?1UV*E~C2B*}DUoyXwxFSXUPNqiuPNrH2r$mj?`JIFp&S`!p-|k~j9ayR6GPs`U
zD;g)Uu3%uLX_)N<{C)~~GnYSqnt_$lp$iRqn<wvUHK=|T(M^L>2UW6tg|k=%EZHpE
z2(yGk5M2ikq5aotZ2-Z#Rzj?jAa=$o?Xv?3MzBiPfk5=EG1RZ{r{R<Y!YO539;b9u
z2)N%;!YQF7j5wtiE{{{{uHuv?wnX*^`4t$H?MrMcw&H-@Qf(vB5mfO-JCSH<!T#?9
z{g0p!xhotHAJ*@G!Cbir7aK8a-1e7hP$s&)Ynf<ciYg1CgxLWW6u~sDZiwcOShwdz
zivog;YM0OB&I+DgSg`vA6zbVil&#pPX)viz>e1%3BlMoS9!KC*$3y${cled4;-&Z%
zrzym3t=dMbp-Y$&sI1B}#H%z&*EXv%8cpYFKJ?(N*8c=AN)w@9QgPo$=R?Y+`H*55
zqkYIi--*Q-3I18YyKu@7(5TIzp_LG5MB?&P#P8KGn2~L>hBHb<1X30#4tWT8|28x}
z3N`{_#yG=r4xOQ@LHEV8DM}Iix|49@m@cEhBN#tezQ1;GVGVX<b>{Cx*wN{(VMkAf
zo!NUA24Y}G3Kj*WmI7IXmO0`6F7hFbwFLFSnundR*L{5lk5M~B+$ED&uZT0SUI^rc
zr88Z^jI0=G_#(gZY&S$1S@{*uqVuQ+in>4<&HhO!qw%UzVPYtwj`*Uz{|R4|(E(p{
z4|;_A=qxUH5zyO14D`lC(AI96U#BSGt!l>Q@NQ?6HK%b;^bEWd!MnY7n(%H9p4MZQ
zJ|$8Cb%g039q>x^$U+IR^rAsUEaCZ9L@a50HxB6=4YXwW&MqBvS`M(eq$*k~(5XYi
zLBcELTZv!p)q#~F>Olmr#8`%<+KEoEf%~Yu&w>an{~0zP7cR6Br(wt=(ypt0MWDzm
zOz((;xX*-)hw+)CIzFS-Uzw|iKB=4_3Vu4@9tA%g4{g`>Kh$)Z;XB(q!ou>-63{54
z6VPZn!jMX9FY5v7a=53NahJnAjgO1LJ!N#jJzYQ({G{5h;XIym1RxrM*r9TEJfiq$
zyxxNnu-m|}o+wjsLHUv2b%GFel1?;%NO=hLAv`VV!_uAERlIL0qHOQ3ML5-7-nY`w
zC7jCBIEwc^3PR@>1Y-M2gGrd82r2=&1w;0TQndhjFCwTOM@@ambo1;y-|<ces*Fwu
zszc~aEhmavnsAQ!yU{>ICe6{l%A8ds(H$?w;hIDIhF{TuE|F|FZ}MB!WeW(A0g0Mw
zH5k-E4F&}it5lL#q*}DA&>F6UY9fFmex;vEzYOSTfeJdZ5xt!gB~aLlnH(0FfE&b_
z7}+hwrUIx;2IZ^ss=gb8pW1@^%ayVCse_3}p9a}|NED>CrmZttNkFuc=zopSN&=#l
zj_A-zf*!5(mw1L&Dr;tNjnr|0luK;tl*+Zs;ta|q=pX_~LYJWg!h6?s0b}}OvIb*X
zbuk8!RH#QJ_16$d7qp$l{;`OpH!fTrLG$DpR;)=6Gdfxm1Daw)eQhjgs{IUsrn(Vm
z3J3RkrIWXwbXXwyb-y6SoJ;4u&&DCXrIhy_j2Kk(_?Go?>W3ZiExLVUIkbj|npuvk
zhAwzM#Sle}+*vhrK0G*Fu1r<PYf<z?`~C1@1dGz6YUr5z>BT$X#RFx^ElLcw>aVhf
zt?JTu(?~o4Ts72yg;%-8RSoS%rT!SM>T8+dNw&(&Z4-R{ulrIA=)CEQs-f%d!|y{|
z4wQv95t{4Z8S>k7usZZHL7Sp$*;|MN$PV$IX(#nqpCjbw2e-Ym<SExhu|60U2tEGr
z-laHOasNAAW<G!NqdtGe|0j&kP(^ch6hS>r>x6n5k1TiMaSc$@B<le+FR2~imofGw
z0cujr%3n_qW@lRidzB%fT=!YC>UiIr2ny<IJ-&nNZ%8i>MDb9=x}yy)f`@wP6q!ZU
zU8^VCqIj#L&{N85Em4lA<Fii7X^r)b3*=NYwwL3JLnn;<inTDEl{ev!Gk=>l85y!@
z2coYe-~b`z4uX7Dp&A-e1|5&$qV8;q*cA{jv@e1eqCocyACw;I#^QA$CP=`6m~&1l
z_8dLpQEUZGSI;?~^N6cDtHPCvezK--yb6T~SArn@T7?H}1w9wUvhvJI+j`uEkTWEx
zz+F?#Cik~Dg~OvLrrRy>T@QnyXwm!O@FIijD`-J7#eho=tws9%IrSlY;9E)mu|BJp
zMe4)CONYbV4Z<e2Ry8gHhCgr%=4HUVlFkcB+bICOlD7CL^qwK9*!4OJ;YRY|Vhk1j
z%=-2{m^kRG&b=3{s34t`FD}Kp4luhb4<<H#c@>#dpe6{^z}kdIp`8SSOD{eKl`l%#
z4i!sD+T!{<!Z<>IkI1LL^k2Uz34Yg)q*bJaPsA`+)<_&$Pga5(MCr_W&;qO@E`(8E
z{(+zxnMI!5y?+}F?8a2b|7-XiO9zAWEdiGg^?+M5-987mo}q)`nseWfS-Gib*jmG8
z6tLt^truWoZJIV59w5L={yRMI<a#MXzAoJ3hb5T76wEI<++#1@jYEe6h{lS}w@DzC
zOKrq@s8(8xH6idaxu(>7OJW*aPT|;S3ex@y!aqH^DbWTzO+|Fm8jw%74NzHs;$v_P
z>y@ua>N6EC-6L^n!(2B+>;J>33%HB6Yzq~xCP&-5O-<el$)4QT-_n}d>ce8z#It6e
zp}V)@Sr%0Pz(n(e%&@R{Idg{#4Utzp9;Uq3LSF0Z_B{_P9<s1kfOozW$JAI*QIBm(
z`)HX#4h_BleC=3f{pMZ<lVLsXzVeAeuAvS{cBzQb=ZmBSGw;Q9T?#(i50BC#A5f!m
zdqyO<`(Zp|m@65Xm2yrNWVcE{GWbr&PcegF?J}Zm6xj$Y7Rgk4X1%-{%8k&;N2?><
zd?hvU`#80mTfKO@BM#{#>_s|xG=?mek3>3=w(3adS$LFmz?G|&>d76yTI<e_D7!b}
zSa-fjcX)0EcS9o~ya>++?U|5S$qKo9CU&T6ot9(hL(kBsu`-_A3vX&!-%pwSM$Otz
zcN62(uoR)c3Bj${VV<Gc_~CT_keFta<X#9*mxhEsj&#Xi-i&lfqX+XEtaXV(x2e=6
zr{S98eJ<35SONN31f|HogPcPz=?kMUg6W6=#NGBZyg-N5f+j4<S-BTtvXKYFgP0Dv
z^D$hy`ut+qVCtxh%{M|W!Nhw!gNX)%iT9~j@__3T4VxF?)hE{_YE;v3AeexbYG`tt
za)g#Q;6_M}f;8Qns?2JO?0ZoV^HhwM-N&D}^o_v?YcL}M^PyiWX|3V#<{?nB+_#k|
z9@Oo1MJ#bExeJnOeTmE~iL_Nd2g{~(L@JT9mLwWL65A&Pa$kR8FoJlnD0!d-TDf=|
zNtTb%5}UhFm;8w?`Ohr*5nb{R>CxmGmTc7}yL4Y$TPb;<F8OWU*S*^)IZl^+r|#?f
zSn>~xqsjer$pMzUO_wa_GB1xoXU!<g%PbQ8eMSE@FpfJKftzfHKl69iNo7LAK~HtO
zix;?JPh;HtzOJjCyX4R>;ZL4aktZD#0?vfc?f7h3<XLEJUav!<G}$PX^(vw`x1!&^
zLl*twc9~Kp?u46(JL*8N+g_K~t4x&aJL~YBMtrAHeFtt*c8LA~+v$yjoj<%!h5eiC
zJT=_2DWQz0JXHgtb#vHto#0Q{FZh%93E5>X1$45ji#*kFAW$*fWo8lkg~siN7P|H|
zBE&G>eI2#_;YR2N{_P6UKekQ?EJ}r36BLX{1TB9iUG(>)<T7|1_w-ew{{g7r!|>u9
z$Z3%&^ptZq$YuOi_wAy;o9G|UG6O=aiGR8$yp3;Sw#Lw1dH)}CZvr1hl{}75ClfM2
zu!lp9CqV<75z$0ZGvbjUiRlg<K?8!zva$;zibsSQ5=BVj%s_hE!MMum?s~h2-&I#!
zS437Z2PA-sfL!8{aQ83<LVzS3$^5G7^)*R2{2u?$-;ZHtUU$EKuU=KXs(N)mFOr-{
z4~%WEolz+%FoHYS6WifgyjR87&-T!G;elElqCA)$g^@~fUORl>h+~CLn&JBnco2l_
ziSS@uBfO{)JD9VIp4A?NhuBM-Ypn&kZ43%mFeo^181EqzK%<)LfSzb5R3_01iT6xM
zIN&k78U9L}BgLpsA|x^yBv^+gB=F8;xU)Snx&V41NWcSQ9Y%e71`qZe!ULa3iGjy^
zwX^^@FX#bom-8I(72)B4uAJ~4;o$^$z&h5Y!0S?Uc)VAuKL-!7S36_jF+r4%3-Vrc
z1Jr!rMR{|fB-a8Pnk4$$2Me-q4gc(W#HGpM>>k|EmEMB?IL9xXLO*=ae?gVn7?1NQ
zfa#y)?hIW`-W+3O`_6*U6Apgy<rEQD=fHYkp-aClkdKOTU1Yd!r=m_;&>uqFoPdvA
zEBfmlqJNb`bT{yUMjP5?lTz`u#hb{p)VD)WCafX*0{Kx4!Q6m#T7Lz22DD$S-fI{A
zt1qWgfsM_ATqA(|hoO+JZGwCv(!bL1ZhR)SoyT#wH~S((L3*{});+FWaIF&jNrP<Y
zdBaP}e0bm26n+XrEm$MSxyuFr{mX%*bC<&~)DE)A+J9h6Td<};-VH+&UEc{@z2pX+
zBe$|3G>8-A;|m@^SG3^wXma6pi%QP7KwS54pR7A*O=0xwy%OE_FVt<x8Lb5AS0{ZO
zMM!5<g`Y*UAKY?OfY*WWrwpnV<w4af2W+G75Zv-Gs-XV8F#Y`qh@lJs^@7|Uadw~o
zDqqA?zL!Bj4CS^<pl11#><j{eGQSdLBgyxdNwRNg0iMj|0(IQKrWrjil-xB1p{s9(
zF;>v|UG7U{bCz@8Mk6iU+}0q<s|0!e>n8pK1eFO(abO5tG)e(<Tj7~16~#d4vkKQ4
z<9pGzRj0biP&45rNj@Zo3LJtmK;SkA?ix|fg}W!ftF{+EA-FeU&c$|a!R1mYE1FSd
z;MvF;K^|GH=g2*TfyD9iUoYVH6>xj=L-tV^R<rniiVQd`$|pqm8-R3$q`-_7-_r0M
zothsU#skc57yQ)@GEQMkz~k+{MX1yIcH$`xy$_2)D!%0f@^(Q6US9wcol+&qh_`KO
zDIVUixe-EbmE>*eFEO7rfEf`R@mqoWm4c-LcU<I72ug+!y2~Mk@*M)#EV%1LIj(p-
z+Ca#!S_I1D7r#s2B3wol=vOiG-R?USUfd<$BF<y9HjgTf&QLt<zIU+$-_G#VF8gO;
zLB=LQ=_SbD2yHt-b(R41{!KRj?s)HY{*!UudrL=)(Jy?k=854wHq^|$KRWV5Pc^iQ
zZQsGO8Q+O=b-rT%QIt1CX5@!P{)iWw*+n{3`X(|3A8N;T71}A^(Wb~`Y;4BHM!LBQ
zd#cG-a(+w}<&BZ48ock62Q`Qsdqe*X9#UIjq<6|vgG1!1g#O>)BMxfHX>bZ$t=NAP
zHaVdwU;b4?vS&G4w_1^7-51E!V*iaeU4N~;<W=nrQvVw2RN?@>8z$@ilv+MVQEt_E
zDJZ-hDANIy`!Jp<Q}-v-4*-+$<(v*!gVheK4GKJyg6lAL*j73;GKTz4P7pO5Qm^|u
zflg20krDKW<UZ+51D^Oj@x-l+C;lMG$H~*|AU<<m8?eN6%+9sS(Nn%!@8t!-=mK7k
z>jOn)^!ShQ@a4D6KOe6i21K&NFVuljzuLwSs@-=G?!7T;#&wWCIdEUkcs6tS3z)pn
zTFq(M2*#&6y-!M^#{ok-2lI=+k7Mp|P8MM(A68c&=_wCmTCnM<jypq79b-<&(J_jI
zU-zkL>l0YhL1-1Kci9Cw=X~23CFv;A7<WWXgd3pk2b{GK8@D9NUsC;7N<b!VJOva_
z`;^GliCjIaD;~0cMQDS8c)-R)|0x*gKuU<Pliu5@S=m$6eo-xoR+4w&9#qhZf;rsB
zSNuzxnS<^>l$#M%G5?lc=Z<Bm$EVuV3+XAcz3~;JsV>7)2@EV$Ocvf6Er8vnA(0Z7
z4d$Qyh@+ZRY(TKsYM=vssP^QCZn<*7aQqjOsDuy%E|6Tk9Y$Rh1ytcdYltnon|&aD
zAp&Bp1AGAXM;7kgsbZwADA%Kr4|n}%aHB^ybwDd`TZm(E)wAK;!NsoPPRz}47{z|;
zBW2K~#I<{~@vclkxq$I)LGCp-U67kGpBoG-a*>wD6DXz#_QX4ZC#@A^q21RPg<s!Z
zO}@p`lR=fDg1BfRWTUT1^Ucue@JiePH4&}hIE$aOINcOMxsV01z}pk~g`2S*>rTS!
zFE{cq2uevi)yKnFhjHzE@IA_NLVWSf4tBoR9VJd+9IUF_4-unPY;kG+(^P?2Up4?!
z0s7mkt1*f=7mrIwGiNKmQ-kKA0!~%m!aLqG<J+u&{lyVjE3Q8Lm{~82-1s#dYoYg1
z4#+h1&k4Bc!nYhW0vE`2VJ#`8?q5f*JOLQX&f(RE5*X6r)$ko`7MA#tZmdo@5BbsD
z1?tA*#NYO6{Oyz>6UOqlT^fJ8dtEpFwww6dk6rlNPLsb~)1vb?oyv7S4EhlWMZ76D
zsSk}MzV?uo#}cjrU#slG&l-uJ-C^ZtMt)vVKB}>_Z-Av`w$^ao$EDCiz{om)KRi$T
z;eh%DJbPzoq;?_)E3|KH=$4Tp2W#CXD!e*tZGzSg4F>aqE5y4Z>X@}A@5=1KUtiuT
zZtMiEbxdbb4k>hXFW^~Q^oA7TS;$<s5z*E&UP+$f>eW#_PaCp2y0Q<6^@YQXaUJF>
z?xmURk{F0*#gq3j5P3E69EP@0HNKNMZ7#0k$o_skJR8GsG(0^Wzd`RQjo+jpznO+Y
zsgcH5%kUC<7=eXkqVA?VUl=_^Q+t_Xr)??v6o9iFSMTi9Sk4LUseagNJUr#SL(3Fp
zVLI0n(`g~9ztoJU)#!fgY57j;f=jIXVZ8-^ntcZ~o`0B)K;llQ6^AtT<LcCo7`w2a
z{wSc!ov0n@{%ZJL^xx6W@xdcH*NG5Y(dj>CS$(Ih%NkBK_ynTlBxD^kP5zT&tfCl7
zN>nd`E8&|_7zx?0H<l)pgM779Um~^k;F;Gao72`uf3LPI>JH?74|E#*5K$iyYXD}U
zc(W@%nIO2gVkT92uXj3#?}HcIC{*vXi<l9t+9}Fw#PUW|UkY5+1@aony$a~Oiv|-3
zBR^2l-)U`aW%*9jWcXl!@kG#IK$-(pP%Uhu>%dz;#a&mLs9tvx8;~MJ+=yzNc$iVX
z6W=Df)=3~^4n+8M)0e*VMap;S3S&MfjGIASN&<CB!k5(u{+-S0GU}W5i;xFy`7$3h
zs_?9+Rk&vQ{{Oap>Y~%yr!MMdpSq}<ed?kv_Nj}y+NTO92%(DwkkZlqaUoipfW${`
z1!<XIvD-E~RSE&Jqre@y3fh3b$MG^bwS)i_?LSJPJ`st|faKrBw8G7nM<b%KKeg>F
zaMft{74-iChSz|@YrtpxTiEp-`lDihRRVDxrr3bpi2jYZ#l)3-!n&d7C${5rFnD-Q
z!22&mg+@{)Iw%MXV7Fc9zhTN`rjPsUN(Cjcde`7Aepzevz6*!qv0U$#-ZdcDo}z=f
zQ?*uo32vTIUKd4QmD|hrMX_{W^}dmEHJ+EzNgAG%2}7Fk@T_+YipTAAT-IKz=NrgL
zJzTwuI=OuY^ib+=EbYCa0$MRTym`h@TUqbs89<oL@GAIFg=#egK7ab|;Z(J@68En*
zBgB(T%WKi;(!mGlWCnwBwh8hUb@w99hL)Cv|F*HH93eC>S`eBTmE7O(i~a!j=J3l3
zY-2<AUqmi3XD9+|M5hqZeS!}Z!CkqTLKO4AW7Yz%%X4#9r|&x<lp80>HIaccD*0uz
zJ4nxj=dv;n`#$HFIWRvuyaiS&m0!dPwC9izBC)I^n<Rc^nulMx8lQU!n5K7pfxK-&
z!r0JLR{_sG$v-_FgJInb=<>^F*E5T_v2$X;9;V8`a5d3Yg%NL<LnGKiW}@v3&INLf
zhhKIF4%(r`zNxu^rh?GuXvt(xSx2dNf`px*>u3SDD>tyVK(6HjRORjF{3stJhnP?<
zhm67kAAZ^6oov2gm~V^k0e+bi<1NE8m>dF~7T>};^bW_Ke2?h8oR9R{_4%>d^EjA=
zR2L8?E6MHM@{YrXfomhdk_LZ?;BmDVxL42LASt(`ivB}fxR&xK(Av>`^?dLtJh}O&
z1X?)uz5#c5*Y?O7sy~rY75SX;KRkB}RG~VThWMH;=vhm$FbRa<y@`iyU>xs~Qm68+
z@u@|;>*ZA3TY1-Cn9Gfe)!5@*T0vx&Ryr~ipqiGr>x3{3opS4fe-6`X8vyH00V&jh
ze&_I+l&%Ro$?A?;5SYqW;izh7R9eROzdWiCCbEbbOLDidJo+n}ITp50o8$Sv02RS0
zW>C&<gZkuRb5NE4KN!zi>v$;bg}iM7rM-Z?744_NR&Q3>ZMM$_{^!p&?~Q`IZv{51
z)#VsO9ws9ZY)kuB?tbf4kjGRvNB!YFNCgc4KRa;ut8jOORZp?#E64`P{Qv}+TQ7Kb
zn0~UaJc|>Vt~i5hy-px1*#3XS?!rhs0IMXmdOW4^1o1A(`)j$L+TOb)0oy$CDr(MK
zIe*2=Htkw93lbIN)pYG9=n$kfwGZ^ynrln(_7RkXCGQNg`5h_jeTV3M{~)91t@GeY
z*h~2W_EUE){1FiGZk-10*k5=O<x9ZHsCic;*n(BwRPDHtPGG0|Z$95Q0G*XZy2>xX
z!@{=hle^ge(fB_>lsi1*3oW>@B#Tn%g#@yL2FKAy2w&+P#=C-;&4YJ^is)lP8Sk1>
z$-C}<op(L5ly~{6c-Q<51;Hj@WH75E5}z~Ty?-Df2UD=uP!JE5>w}nmg|H)twFMY{
z1hGVmM+xFupsV;4N+s4N%6rt&xctZo<^4h^DM-RV=&k{Re^;|0Zxzb-F|&3Xu#d<^
zmU>KG<+Y<$d2O~PuZ?6YwT};=IwNp9L2-;1++Xm|R}1dV{PQ)AjeMXPFZtVfe&Ifj
z;+kgghrSc5RXcow>QsX)!kH0eBINNI{A0UCkX;3TJ#g>ptRtiO$CCQa;HU3|D~D(B
zQ;*KzXMPFa8{u#34F3Lo@EL}`&KdlJn`iL90db=AE_lad8{o?mOW}@<(0Tx_u7idL
zu~lpo-R;G{$LQifKMWRMnKV#N`U6E+xYzItkK-b*d}<&k-?A7Q<EU|u))>bc<Eim$
ztudZ8+Np7c)@Wyq3Do#ktucW$_M*m0t+5wtOoYa{rPz?j8XVa0C^k4)LvL)Df(^Y{
zLmzCAu%QoY=!*@bu%Rz&NWzAzupx;x^uvaWu%RDoI1d{f{K}kx=gD?xSi%zg98wof
z?FE|09wBtUN(U@cjPp0kP0xJ>8;N;`p3g^<!!*dE@4S11uQ~FDmOl#k3CO+j$=13Q
zc_Zi<=r*zegfg4WcaNm_F^So9Nl6-tm|ieSaCqJ1^5DPqzZRgwL%(JZ|3Nw*Y=y>1
zANKtKi9qzI)`K!ok_CsypJnIdjq;Z2y%$$^3@+Q3!Us`YD%)G;yHHS`$2<KG**TUV
zMbpESw~(e+tT_hku>8R5O|RO}6?p`H0ZEEqh#h2LVpvafe5zCN>y-Bvz5Ok$M{4+J
zw9YqtG)6v!P8pb*pL{fi(oZZRg~1epy5x?|sHiX(TeSjy_;3AWzV12FJ`Zocjbol8
z2j~|HXTqq<mi%p)&6@&W0{G=Z_%a8-oL3)Div`^5ohv!pWLag59_@tl1e<p?UK#Q{
zbod`lk5@koA=u=N;YVZZzr&3c^RYm;(w9UaUGJ|SjiLptOMe<?-{xo^KKO|ZGdtn8
z_igBD4EL)y-v{5;!MC<}TxCJ7^NrMiuZ*?>#|*BO^X<MAv&YY$GJAX)d$dRU_?`l`
zrry@l0Xlf5?zr%5qUpGBlKC}!`K0OBP-MBhq?0bcXSvKd%*!9p<(u_O`z%l17>&8~
zh2_$N-Str;Ka6&Y!7uA|%WOU{6!`Kj#e5(EKY!zO>F#m$whL@jpcc;?Bw39;a=`vp
z+Sv{N!Tov#@@CJcb|(tTcW}21=L3HRM7ZS<K5!+LZ_0>*JTAedIK1T7F12&GNqI*?
zdpx$!(%RGGsQprCw_|%DwUbL~4xiJm*>6@NDgn8_*_*ug_`sdG!PoeA#q&W-ft-s`
zcW5Td&1emN=k49P%FYM=3Y~nO8Hf2<FXPx=0n+~<0%chvJq6n((W<vM_7J?1{N9vi
zlsT5C90EyY6OoxH|Da9;8ESb-3koRy?HW=}D<*uMRaCy~L(Bl(8&rZ;c_1J77iR7(
z--9snl%FC{1z#mY(mVL<a-wWT&+-9{#BoE=D4WXV!V98HaEZ}TjSt?}NuI8nL*r!t
z0%)L<%}W0Xjt|B~S>7VlKZ3{b+NDN)wG0q;Hs@j)(I%n?BcGSHt{LBDY=RX<bV73%
zCa?L7f<>tvzlHl-@=+Ne!eLuLH1ai=+Uw1)+QQpo=$9F#!<;@I?f193y}j&9JB>s>
zB-em!_*tU1$Pad4QZu@DWT(a6tv!!!Lh97X8fBZWtJI}M2c`oFV0}m>k#YC2g7Tuq
z-R;EPrBS0D-WxRT{zVDWd=jwA>-Zoljgj8;HEc6@yT&vmIm_W6ZRgIio^xm7B2Ji^
zu?c0lnzkK`{rGMaln;sVKWgWEK!<l|OeeoYV>;)t2o_*t@GYp*HPWZNfqefM|D*H4
zZ~?G=b<!{4_UBCYmfiz<yVPWFjm7w;L||{e9Aa&^A#0n~)L~^a|Bf@+%qe0{x9OL}
zc=OWKSmtz%c`5P_8h2}+7bL)TZ+dH@!#kV_?JE#Zf@?n^NbzGg3i69YRmzL66Yl>m
z3)bWa(+hx?$y*FtK9Mx>H8uMpj)jf=iLkP=kv=M#sfSv`%X&t~f?SEf$k?P-zD$%Q
z)DsaSJ*%(Gp%^YIO+@jDpO%mk;2qPN?d4$9@i^+|anyv}!A&c)QP=3aK=HFtS7vc+
zS&ZC^cz&7jT_l42ZeB?5&iGFK)1{m(vdz?QVy31(oUBdj`E#DuCx7lXt-9G-u|#uX
zyNlVxM*lY_#wJw@^Ery$*^T+Ey9DObXv}AVagcn3)@hWF1JQex63?jcZe7L_ltDy=
z;;3;B?@byN=K8EM*2NYX>%49<mLQK~5|$wY5#7|&uP7Z#6M=rhM5!<nrBq#%s-EjL
zfa8fy$Q0eHSb@=dG(yd=5^AbRsBd^pLVeyKRM}?IsJ8Y*r^L*#hU5xzvwcf_=N@<@
zc+SLny|*V~T^5d!LlUDc21Ra*CDxZMmwpvXtmWn<BvyU>M3df*3H<v9m@@=!vS>V0
zIC4Py!dT7n)30Xn9P4VLAHTkuTWzOZO#u%a)+37T1YuN%Q_X4l=72foa{S3yj!J`X
zy0^fhdx0o7WNZ@Kj+%ZIwFY0!sM1=_c~xGS-P5Y1s4=VZc!vpkJ{q$sy*kZH6Jl2-
z(qUPZ8I^jz(bKI7)}zHW={(0Z+5Nb6O=ejr?7p*8nD<`voBwr2YsMyxNRqW%J^q=f
z$NbZ#>oJ1+01Ju2$h6=Bo6Z_x6(&!Cb?ACdY9-tMblF$&c-!1piwHxQ1~f4f1tdU^
zEdGVM@Jwc2HP+MG|LNpgu|7*%)3rqi8Ar1x>hL`tNx+YX!Z%<V)b_gpO7b})M_Ex%
z$PvFU206x`G%;Wy9w(ZY!j?<(Vv%G0$(Anrt1j<jGFrrnGyw%$Z>m!spL!`DzyJvW
zQ}twH5J7)H5_yA1-o`LxqK+v&>bsvjX2p~z<4jC>H0})gt_LIELD9XQ+(&Oo1=?f>
zo&HRl?@Idmc?m8^y$wIqdHrd_6Df#;l{Co!N<g*0c1X$`XMwAZ&a1JK4@j|*Cm3FF
zn?wxfz<B8F4QNQhh$Z#>3z(FTXSsafChf4<iM?Wfg4{npbW0{3a@MJ9?u@fZ+#Cnx
zlZ)7xJYN{pnDq|J7)1FH3`6mzUMgwlw>j{#_6lvttI;vT;q8O<zg*Q)=y6UUTORyZ
zD!JN4cO4(vY14d%#)PiE36Bc!NE^icMb}Y6P<twQZkhHkmMq0nzMqyT(_$v@4L5P@
z(nn1d^@L4VdYf%V{wNH(5_-aScw?PC&6cB#iu?)ZJvl)0_G#zX(5?+3TtdWXEJnE4
z)IzjdH1#p^d#%}g7_N*#{2dv!>fL7{oV-VRBAj)*VhHDwc9S}aJ7TC~spZnKScQ5?
zyOpb2&ifecd}#@Db11jV?H;+^ppi4!gqA#PrIC#mZo0a=O=y&bM%qzt3v9zqPQ<Z%
zz`;%4yH~KaZ#<&_lJc;*<2}LYJKkel7XgH=XZijP1X8dG-YJjb19Yz5O>>cAHBt1Z
zw+cs-GByFe=P2>~3!unQNf#Z0<@=+Uxi(`@Mw9>RIC)g$P4-^@{tkGfr+kf#I8alL
z9Pe9{u_-(_s@Id6mkG+MGkR9Vc<x+Mq-F-IN-l>XfL2=G7^RW~@!^eV;JLQ|*1Lev
zFW$c{8veBNXW-m74;eT&hHx$yaqgbRj;P8(zY)I$^<F<_;#W$nm~}&|d1-De>RoJJ
zio8|nhxL`)`2eUQwnFsFJ;LxTPf-34gJ;sHe1~_0hG!!lVtW&)q`sMv1pN3-SFKba
zt<=LWYeur3{+up6dE_dPmn>|=GW#tL8nbuN?61s`t0+QIZm+e>;crLHIV`fY-)2H2
zvRbpRQWgYJ-b}cRbhQ#kLBv)56Vqe%V^m{>js2${Urg?Cc-&H7Lm6<`4TuztsLf>l
z#YD&b>Yx73TrJZCEE6Ty&gowlhv!MywXUSJ;*CQ}VO0CN+Q)EwuvuoTg`sVsF`}wM
zV?53H?p;i2vY{D6SYt-^>RUFJG~!3Ps{ZrMUiwgIATufpl|-2NxmX~?nHCE~t<A7N
zEVrHB0>Lyi5X|z>ZwutSIk(|qfHFXk9h!vZvT~72O)j$I0d48e^Lb(E&+|QsUeSm;
zpY#Sm)<ix(XBv9;fu8vGfFEKE3e#Fl3K<bA4Yyk^6~_uZKeWUMJXy90rfRA5>P9*i
zu<E4KGQ%XDCm89>?irjct2_X}aih&fnBm^yO=8+J<*TYW3rH8uFhF`0fi%^y+E}La
z%fseu=fncyka;Pxit$n45grW1IAWks4{Sn5p<XjADD<U?Le)K>kf5Q^^9+SHc?$$3
zKSdaopEf632zl&+JUS&u=5o$D>*ww_W?f9PejE`g2V?Xb)Q(<+OP`)IE@j`}6E4;5
zh{2@`n@td=#)9x&%O!6tE<M-WlfFxVRGp||9n+m+w~!z$0e4ms3lzaAxxNyrJL1SJ
zGnH&15mR29CO8EJ_Ngxfe(bk!i?2ykipGgb2`0!ATsttOud7|CZjTe(HN}%exn6W_
z!=$MdbPkRwg^``)hmt5&1U|$a7iB>Z;r&3_{TUv(#?fn_|6`cPDW(Vn?WZC8l1dsI
zWx}J<f^@cDk4bOU^LuF`Yds$rN$>rR`8`rvFU+3DSD>j=42}Gw5L%8ssUIZSL0rTb
zosukdPjBczNlL{AbT;LVOEOMT7*_x-pWp-H@NrI>clC+5@J-r2ug{A*=Dx<vW9lU6
zxPbLTU0R=uQXvioKuR_n6|19hsOrk!lCx-p!NY)8XymJcyhCW)A-Wp$7bMci=d%|S
z!~9CK1T5}*%jfhCrc|-#*j(XpDu|*^fhSoB6iNjo$?Mg8^!&rD{3P0k%h2j>&2Oq1
zEt`emqv1^xr_xdbJtb>-H}jns@#J0u_)!h*zNRC!G0!i;=gWT)r6YoI4$J}qiuXA9
zj^M@Lu$1sWAb>1nF{?%Q=Xo0moOnMzTSQC4o`pW~`Jx`5w+Oz;T3<Ozwinhs9fO*C
zd0ML+-m3(8W;%3~3DSYTvCZRO;|Q+x@Htg7+{wb3&G8gvVi^QM9+WD$I)(B&Ji6CT
z`_<bnNzm<z_!g{;ASi=UBd^V{(xYD4M~lRPalOW#xJdv-Q<()5*)F*c6i@TC)#0@H
z;8J>Xb{3JSNRSu<v!CPel&{A-a%3MYQ8qp($b|r#F#wY}<ET(>U)V8E!G4(||MnEs
zgN<=U(_VqGi(?)9N>9|?>>UNdYnF}0I0~VUY5hZ`Q`My>Dat#5*|4x1LYS^}>JM{*
zJk}9;QBWp1Bv(YJJ{c#3ZlMT7_0c$uOzXTWg;3Hfj3ewom)+1U4uRF|iK-X&w!;jA
z^kSvNspcVd6V|duqE66uY02S<62Z9J8SWR2&CmM^gDn6^8Hg|pS6R<nK1cao-O6cJ
z>7gW^0iY8|u9vd`hS`GFiQYk}<-DlSAdr)S@+8Bl)@-i>{kyZLQle=sUjwtlXiTn|
zofG$mXR_3p3Gnv%Y=J?eVRCrUW2T;~%+BnNXIqmI&)C*hKbkW3!Y37>h%AcrU$&?n
z#?g`T{&tNOn_9?l(n3<0T(H4AQ14!W)e~U1?4vl1-CnKBf)}l)I+ldVh03BT1_YS!
z$g?RtgVCC=<R<6H`w)AgjWA-`;nhb+K)+S$16juWBj3dOOBv^1%8U3$*j_5oG|kQv
zl)f7AwXSyX!Ov*;>BMy0TluGdq6?fiy=-qMknuP~EuapA7Zm{l0+&XA?{Q9k(UY{>
zI5Cf;f8JDh14$X74;eYko2tIi&d33cItD%wO)w)Y(F2>;AFf6t1n1jn+Vatb$&kqA
zUfpHzfoxJ7$AQ2yE}371b+2IPd|)+WK>}lU$o$gE_O`)CvNltg5X{xjPJ-`&b#uZt
zs}CoK=qU@4R6<Bx36OvXOpfft(hPD5krgxnP`0V-kY+VWygn<7;ab)>?UNzxSr)t)
zRy&Q^M;j(jq4h>#9ww5G6X6$T5ZR4$gwvvWo+I@6ksV4L9qL-?xeSkMRx&-RAv!LZ
zj9Nk3U1*R9$8jm)uTXWq{5HU#r)N~20e?y+c&EkUjobxqmNUHJ$q7uug{CgJu%wmY
z!U)cCo~iLi3mz=KstX?Y0tODuzN#w@6vyDe6*>+aKSvxuUpdR->+ma~?USv%zUppx
zyu`seOlJ#!f?w#Q4kDkKel2&=0M^*h$EQ=HpP2o;Buhgb9GUv8?SG6qGXZr{ET|*6
zEqLSa=+yA$sDA!_8vJ;q8-9GC#Z3b}gbUFM-ZBd9WszsQ)+5TOigj1tM1m(Dc#}g{
z5ga$2P8<{DZ^ZJSaNO8KfwGcq3kOAIY>KGlrC}8e5}m3*@ZuMLidWsW{L_7y7vCUJ
zUd=zttX$E)QfOk7UpR;}_W|@>bXSAs;^d#N5!|c!=c^nweBdy>q!Wuj3DpPVq)^gF
zc>59lF^sqK*KkMpQc#2ZRq*uIVl_Wx58?F!*E%6I9`4}Qi0<Rw!OC@Vx+HJK%3dV{
zl-YLCe}a>X?A~6=-3}D6s`tY-;Jp>@|5}twQ*d9$x(I(j2q_DRFhY;obChe42+&6h
z=8x-&B^YQ`MfWOx;fFR9RWS0*6P<_)<DG<oM3e{Au<M>2#9S^)A4a#G;CJ5NBS4^m
zV6x~4+?&yA@LMJ4Bb#jhfI{BgZNBF4T~Q;h$U!CBV#J-wmF(2GO^pXVEPM~zr~&SS
zZ4`e5BJtPi&72*h#NUHu%}WUnK-AdghI_NgztuBQ2$2*i%2Cv;wpui+&)7+96WePM
zSwJ-rLU~guEKXFOWgBXSpxg^XJ3^8XKymRV?9Tn8$dCRJr_Vq80D8()5rh$B{*!%k
zLWNPefnT@;)0q+~)Cr+G5EVoN6`sHXO7eE916HlZ-Jv<90xH;hAtHGAQo@NUr^mga
zSj~~w<pLH|?}`&cIp@R5w&b|K<^#h~oK)g+<!?N&G&!=3uSlk*(RL3YMUI?h=L5JO
z0cQ9Qaflot`)BClf_eJ6)g*#ui0p795F`ZAS?!a2;CpIFY+VJ6wjZZ~<1WT%iSe!C
zydwnV3E(G>XO->g^vH>Vd>8z>i*czZfDt?n%q0U_kxLanD*8*2BcCMLj!dO&Lu$fd
z#*c5a@MBOL8yPA{u4X;{T9OZe0IKFj<89gkVYc>=or$I#$g<nR*IMksN-y$Qx)w{9
zy@UDb4{_m>7I{#^uc-P~Dr5BvJxn$NUf<8SxG<HVpuG`+5ja8|>MmgRcLB3c;0P29
zUH}RKXI-`j0MH*Mo(6x(0GaSgBd!jh0Q~uGdZr!u^B&;OPdE{Lif0^wQ1$@l^Z?MF
zfIknwkW&wyz!Q^2XJXKz@){Esx9gq-tNDemv3W!bQ^HM*k0L6xOCfs@F~Jg_uMFzt
zk;fC-*(tw8_^a4_4{lg|<?(c!AMd}Ixb|I+aDPJ%P|6K{j&IcX`3O>@33>oWgd1)6
z7~k|n7THYHD{e%7PRGxcUHt8}8KWRjl5X?%WwuP_&yyJE9j;9DN}<<pA&<GYu}Fr0
zodZ=wNuHW17kV|Xe#WoZeiI!x6Azh|>3d8eX_&E{pxCvnwZ`H50F}t@LOs{dP#)p=
zh+^1t*Lp~j_ylu@veFQ?6it%Jh^iMSCD_<0@oH~|Cbh$h(H=#LE>lYEZ#%q~fNm?u
z55Y8kn+cjNIU;IvIgOt2Xp*64Kwpv1(ZAmWo+g?UXDfX{F7RD#-J9pwabG66gd`Lc
zPvpKCRg?8N6itAMd_SYxzRecdyIB_<;60I-HFz_7GjfRufZ~YVi?n-~WkEsV)nZ*B
ziG)cbT)XXT(#YgmqrZ}@$X6JTAUB)l1E%RIeS}f@&bbNh$4_~)H2KBq&y2a<nLCc)
zUN`p_WGIYINXIF~`>#A?7!<VqE{w`mWG5!lR3E*bQsE_G40#uM)fgDs!JVK(F|A%1
zeag}?N_sjx-#?>V)z6TSCZtC`Q;%Jz@yW>kF7=70tploFEV=9ET;cJToa!Tngj2o&
zk-?Vn``vxKyx?9xyCr15SwDw$tr0=m@r1IXwK4Ly#dk`%K#+Yfv4zA0>m0tD%l2_F
zLEja^a9FbH197NB%M)Pra$)$hrdsqWxWj>WnD|qaEVzqOif?PJL;o2?05n9?r2sf8
zIOf_B8_M<pIs#4zfQ~}4JTUSs@C!lEZ;Uh`|L8$}M7^Kz#`k9U-e?#5SRU5(^4`#9
zV-~71ZIyiI<0O<knulwHvEDFlvytdJ20nsv57Qe2_X%H~FzrsK5*J)sG6^w08!;YW
z^0bNZMNIZa-4!uj(KQ0Jhh+(&LBE5a8C6Hj{3_<t&PW5`H}vZpRrV!k>9<I;u_5K4
zmRzLS*h*O6MOl%*S;uRP21RF-dtf^Tob@_{`n;(OMNoD4r4o;GxDV$LZ&LPIsdmiK
zbD&!5c>D(aB44xA6D2wll*G5~eDH4xhG|hdS>m7GNp2q#9m1%IPD%MYO0oRYms0do
z9%#j|Xfmv|oX7GJ&$5$!2(T<0uqiu5e=+VTd|;>@k0;~e&@%A}bunV}++j9l0z7j_
zkH`3xpe*Tju)_yt+ch!5f9v@LmIDty**Ng9Cu5gEcHpsuecZa!H_SNeQ7$asRRM1=
zKT$?wn1ZEBNj@zAjime_vVpc-8xDgHEXCTLMl+U{3q72gp3$U!{u>KG$E6#nh1ftW
zJq6ji7T56~ChzO6Op?2W_p^jqbAY<gDA^#mT0rnGqM{o|sMF^uYdn|jq#S~MuqL+5
z+Vq2)CPB%cB*^(w1!W!}%NTh5yktIjU%W9i45LpGLgO3~nukM0li10Ck_C%)LX!8R
z6pq0p$&{Y~bP7xi#(J0MIB0`(KMCUKkT}Y+#|MazgH68cC1qZ+<nAnfQb41u>zLs0
z;Q2-5@q#{DhtyvWkAo@CbHbk^d>k$3g1km@slF1p)ye!Gu#?CR13%Fxr<7h$#Ruo2
zY|+=L8;ykSeqEB1?WBxt&5~RrQM_XRzF4IvI~kpGk|h^feX||md73`!0ttLQNwo*m
z{e3=;hG)mvLzTFm--8nmuCeHwMgYZlyxKR#`WTH@tGiBNo65LJxC&@Gm}-#KSUfJk
zMM)PzCA2V-?2wSxVro!apV-AIbl^b^^ih}`vp%@pI(R?EJt|yyi>|jXF~W<2w^IsJ
z!~a_}eTP~H>Apih4MML5BVPs12>lDuCpLDj>=@+HPIkV-h$j5QDMKEOQ@W>d!aN2a
zBmT47O?MNlt7XPEy`k?cp6ETv;n}AUUo?AMU-h?#fLyPnV-mSR9e)f4vBIoB1lTXI
z`)-c8@B3+ZEjyE0|IrgHJ2^ZZ^Peh(0RMR))U~J$4#JpBO#cvHi1#H6!wVhk{z7MX
zINmQG3fI7=df+MmR341Yvz+{aLQjoA3xnuVL4L=)Cj1>$1};u{gwsitp(6%E=EI`r
z!-CJAByp=5b;@MCzdMtvG7L%u0I@~KCAeR!^OJ&Z4eKP=34s?|g!nm*@C3NxUy}k-
zp0Pr`jTQQmE=I$v;8SB|c>bEHVTSemHPu9p+B_3Ejt<a~<G=uXxJ|w7vyP}5b`d-M
zebF#m_|DF*`9Sn!;cOo{pX<JlykRr<5fH;@AMwAe?+ui3j1T;q@l+xkCnFn;&lVDw
zI}_OmNZt0-=!9e~#R@E={xpqY_K=>)H*GQjj>%8N2hvPARK3!JC)sp|yT-eVje|N3
z=UDV#6JP)JlNAsD(qb6cNd4+z*<i6EzoYoz#M_xqUL4BXniqb<WKHyf8Ky)VyPlU#
z&>U=#$bxJ6Kx(`Jc#pgp&2I_-%MEgbf_6|L#d`yqkK7yQ-ipJ^J%TY+G&?M8ybPaa
zA>UokuiWc=bsj1gOZ46rkM-Pr|IzmKCOi59p8_R&43)k<1zhvE&Dj1tE6E<nHd2f2
ztBzk-?7*E0Yq?={;jNzNi@439B=JW!e|4kRa9uO}_$7BU??0JHhQu6n5o+*gfm5JX
zu-X6u^d7jDOvQzns0IMbkw0YRUVxLzg+$}<2OD-FP-0=aakP^U%r+k`^}(8Y@CR4(
z;fegTaD#471q7Qk)YfdX-Ab}T5KW~*{KKh5xfy#1UW%U;ctWlGu{e_Ul5NUB?=Y0Z
zhX5*P;(j|EWB{&Ca33r^4-E*<T$iB1*S`y>XunNkVk9Pnac-`ySj>9JLBVwx7I8rW
z%s*r8*`a)-7lw=o%s&8N^&-KFIR;QZc5<7=`s9JDn3pdzZq#V}T6Aya7cS{VQFnld
zMIgMu_}BRoX=tt%z31o#&Hr{aKI^XL7dLV`6a<tEUDaA;2>Gk<V2gbyX6)evGcS_z
z;Y+meZLl|_pn&uyVYoso^%B|0hWDo;-~9XVav=HP!0}yM1a7ru4ZN?xZ&;eJPustA
z=ETtVHtMq^85A0KNeU277XRXEPxVhpIr4u0elDxxsZ^(z3StM*@CfP{ANVD~35hFn
z_7q8(nI$PD<3L>0f^mW4BP&m#hi;2w!MYdQ(ZqZR$34qI4i3X-IVJx6cFENdgE0lz
zIj8dSqo>ReK<0I;>2+EGj5|;1^I<&ZVePjv5HTpQ5_3kq-f0BIoZk2IiUeyEqQ?wF
z^u8d-G%`cmqrfnYKVmh_Cd5%m`SVNkEbO5u`g7GJ{i7xT!mG~B3Y}QtM;_zAiYiVf
zJde|KGlwoXqY&+h0!@-I2lr|G0gGm`jtb-rR7FYeWm3#eF$Op^P&n)o5;{VV<ZDP)
z4NS5s1pPIRbxxI+0=P8(cFy~X{tE68sbMmV_&<zmsK7<SKb+9dN1Tk`*X*<M`{|Pn
zxg*U00E3BxWD%>{U{2Qph48=O4V4n8my(hOIOU+ke~3Mo$C>g!V9-M;!tjTZ$wP^M
zUu9K}mFzU{bfAC~EZ6dn4okg57GEB-{=2N}e>{%XpVQZ$)g)rr_$*@4BeC{Lq%wHN
z9a?_HjHd9Y*!+Y{2a(%gs#7J!CJoQR=}j_M3ALYOG=|^`0d=R-s=XwHl7K9bGvhik
zI_EZ^Jsgebk2}IcDPQGRjE{tOU>aUo1^i~{HzpY?lgeWNq+<XIYv3c@A_<@da3-vq
zKs@F;PLnu>!-%Fe>%)*Y2!9mXI)&=SIDsRpG5l#;3Wr-vu(jm6vqBm(S0FDofh?=x
zh3$r%fJGAlIt4HdLSt`g7D5R{NF{43E6^H6?P8jW6r!)hrza_fhI&wnlSSpR6bV(c
zy{9mXTT&yl;A7rFQOTPshLWz4xF#%k2*9{HwLlJQnhH``NJ~D4?<Qp=C)I)Pbf9u}
zApz%MyyKAMYEr9rV<|Dp*a`G{8dCk4RC<U}=>$fln2UBM66ZVGN`%Yt6noNOjK6PV
z`R<Zcaj?zC>LTG56uz4f!;7WX;HNsAu6p&WhXCH{h1fwU)$3OKQfDaM(@q4Up}rZF
zzzy&-Tm+x$p37}?jv3x?0{u;>NIYQxMNu;ed<B-L*5xyDD`cXv5ZokbaxeLTOUl?Z
z$vrk*l#gmv5JPj)B1zi5HzrM#zcjGco9ciidzZvwO8R(+AcnqA3{n8NIlwVdnrZOJ
z^{C#weKU!Z-uu|*F0-uNHMCi}w&Vi$8szauK~F3tO0S9sYVS4Ihbn#<W+*34!>l!@
zk%_z{6?Jn<Bz-VHGlE`tDWdx@AGm^!Dc0er256&Ni&G5uj_UPLQRi7w)wVsdko<iO
ze}u%h9o`|Q({^;*Ze{B#hkVTUsBVk)KbZ_bro5V<C!-A?NAY)ZU74K*4HmKPI%smD
z(-^4L06m1_9DwSabh6OM)SfKYm9IyM_rDMt^7UBZC_l~L0nG7fn<<Ydo)lq}CzB6g
z9)2M-4(_@uMNU($&uXoU^NupJc5I=$A5Uh+A6yZ29hS!fZu>%2pvpV5tDi*qK6Jd2
zRX%_a^LK!9hEa2oceQ<3QL2~*u=q`r`;tFVQ8FD!5TLYog@0}6`@njZqkV>j1cMH+
z_-pIXnl*e;ueOYi5B{3OYGclHET!9<4J^dP9-7Ibt6r!I59{K8rroEzFu>j6wwo;e
zU1Kw8-Q=-w9Ze>PfP{QuHxmCCs#3-_L;t*#t{Ccd;nPZdIEl^=V+K`ulQF1knK@g1
zuTYn?H3N&jTla~4Y~+tI@=@tWD=Eyn-ZJ-E{VbDTj2`^@lD09&z$G<-O|+JvaO>PJ
zO&C7Y!Mux`d>0G#Bw^t_<mKy}tmjSXB2D5O-eCK`d=R$%=Cfv(z}!Iku5J<PZntR0
zxCtt3!ekX=@?<g0Zekk3YwC?OwIwwa)}_mzdYz@q_+UPAz05A_OWliDWN$x;05N+%
zTC&DC*}hM9vN^Qz59&n<5vpcfU3f^8F>r_a*hP$YJHprL=bthDCzR;dfj-rNq3Dn-
zp8`J1*72A}8HCQuX`(VerF@sI588h5Uq0YMZs2Oq#Y|A`%*(qKpK)&&_`F)?dQ!(P
zx*Khg?R`T<QGVeJI<-VMgL)y97wd77PyVKd(aoSb9G9axlrV=A&EF&uoebO?ix1?;
zHS%F}G04Fpr1lF1?m(`)*?UEf66cZEdi-H@Fen*_&ISJC<Xd2PoP_KjF{grh*z`qt
zeu^mnP~bY|^B_Nmnd)VD4dnFlu!gt@h>`cxrnp^lsa+DyqaO+Sc^rg0)xqCm9>Ud;
zcP;rNmE25(l<v}A%P(3-@lHvv3hwp1|1<dEf8tahA#~R%U*E_~tZd@Hxex3;?k%%h
z;K}fxyX5yd2&^SP^zcVEweiPzShL)ea7NV7E9B;kwSW+GY)<-2PCuJ$=LLVY9rRvb
zbNGmE*FB)sp~hV;G@1)v9~*|X`*SleVCVjrOC?q2rQ-);E={pqI{6dXBPXK4J-F7_
zPZ=$Y8ZGg;)oAC{PpYVnPmF(d9!N5h;a}#tr$DYlpO~*qPLeJu4+xSxb{tAAKp@3M
zXas{@DQ^-*(25{rrFr`a)nE0WE?j^0P?mb_kh)<~0_J(dy7wWxKQw0?X7Iz;)Z0^S
zBuGdoChU)HL2v&Qf4g0jFTk%e$w6A~<IP@htG_+L3zrgE{gMj+A=0r_s5M1*mW^6D
zYb&GwV3lt@UNd8^W9P5e7SLrMN%=dIlV4<FI`jFFKSn3QGfsB*!~{|@s}LW^7GRkx
z*JZBH<8_+t1e-T&!Ob|u%V3H#DrtUcmig)D!Psif&sZ;QerZOIfG+;?r&&*$q$EE}
zlVqz(Q`8ogc}SgUx<~KnvbJ5Pe75CP7<~J9Jqt$R^e?9s{$F3;3Hc#=Z~(n(uV*3_
z?a>MoQHnyWO+*r}JfX@`%tziyC7{>+%z8e~0%g7+%Dy6C664^#W$+0UaytO=K7!#F
z2*XP?7&fR&CnVU!kgq#Y6s)0)*%Q!Q4?vE7Lq%(_nh!|E)`C9hzpaNMqy$^p?#@?W
zqAJvYM&oBIAGn$1%hwpg&2~tkX)`664oHRi>`9Ex#gmRk2cepS$bO+dYbst;ABeYu
z;EQ=baf3f1yhGl3^?sx9qkoO|4f-p3{W2LpOR6r#Pe1ae4VS=I*-wE7iaixt(ZpYQ
z3EhCGxRiaxA-#S%eZ?_UvBy~SMDTTb6FRf8cRICiuvtwqa>AfmCHtGT@32Sv+s&t;
zTg(eL^;fUx52bMCMa_IIQ@j)5nyk4DuSy{~2XO5O8o^adJ}2cSQEr!;hcfHxV(Lc^
zqBJAmSX{GqC~Ujdawt3>npo7|Tu~{*2StSv=Xex6G;rWCND(K`w#)0Q4<`8cahRMh
zJy<1=wquqN{aEDPYmBfok;2ll<z~VU_7MHRg}`GK))W#rIo}@n$g-JC{lwf%9*d1l
zJ7!*r{M8zt-j;~IOkSswR}`!&>3yWO+xerR1JQVXR=nWW5f(_**o@=zj|t2@#|wh=
zJgP8#P7dY6m$TDyD&jo+vJGbm5`1`s5hPebL4va}NKg+}F3zSX!T+3dl;C9}dWsT!
z{mqyt!NVV$;Jzj{N^s%wt}&R#Q?r)G<X-_k)?%ulMuwF|T85RYwG1mW%?vB$S6g!e
z{KsbI1bE*BtC3-4Cd&wbJ`gr^Fa~JIgA&m$M4E}2H|%tf9dNY)*+&Sn4;W!6=M2vE
z!wqnH2%Mu3oOitulX&6HWhTsSj0NXSCZr?f7FZ6pw7;jvvz}`_w0pP(Iaip-X@O$5
zcxX^wMrAueYsc#Bpg!=+oM!>wH&>l54Enn4pBV;SaaB)9+4uDrr2N%Kr-kC-k4_r~
zz4fCW(^sHB(a)jxeXjqn==~|zndp7d?LU*=N4R<d?b26cK+FC6wDkUmf1j4#=lwf|
z-Z9_YG2HY+@8c$Cco(`K%k&NhVLnX?{T=r>kU~*M+EoW#II?jPvp}w!1)Jk6*jJ{(
z#yAV4o>}R-dWGfE(LTkpIeo<(;xU6WB~lHxS~Ct{y{)+*C3Oh$ZYJ=`4HS1qSqjv(
z1<azOCnBI^aA8&>q%If7GmUOwr90GzW?;VcTH3PRze>&YIw*SrOPYXhkC6jCD{m*h
zv|9+hn~KkbpN!Gx!^3Z|iogF2{`i|;{15r#gZ$6ok1fOg=lt=X!+PS688651$EQCy
zEoEQ$ub%m1^n?Eaf4pdzg_zMFUL)ocr{#|sYsmmaIXl%W&r8H}UFLPDxtA#)R@qRZ
zUGQM*sxsdo3q-v)8UC!~hsG-C<(P7a;sBLc1#u*SmTiOK$80RbgF}sl@X<m%7Wo(Y
zla3LD;bSHV+`7o`&VBzM+T;HJr`Y}feRDw~vFTbCF14g<>9YSXjotsXVykFjLUL7Y
zTEg{ovPy+A$)Fv~q7O>H?sf4lieBVhA(nT23Cp`arHpsoU&*^3d7XFpmh!IoRcJ!`
zyl4s*xDK|{2r1)weXzMxPqmJLTUx4h8yQ>a8vJt5urXmfOQORbg<qH+TRj%-#1cl{
z-es6&XAZ^7tc(Lu@pC`CPJIo896Hgv7p_RtRMxA%{aSwE-6XLuVZ#~i&_||Rj7an7
zm6*)2PLLZT7Z~*ty4NE`9a!*7scBjfQYz(|ETI=}eU_8Z2zuzbmMLml_-wMxvwRRD
zZ)kcdFZ%a1i}IzZ1!xA0^hJ9QRe+y+(Fztaf;F*n<SIS^*up76uJtwuN<!m3!)zEG
z06Im6B|4x0>u<Gf7l*8t<b&$T@9bm=73F&GH6rFj5HU(7RASGO)6`e;I1J<fE-x&)
zwJ7cv6r_--+@yNHw_{8asMDb(xD+d=e(-`;jePC5cANSFV4UYORI|gcbyB|KDu)oi
z1lLd|V2A&U;xW47mm?AJOaAO9JO}(gz_NBLmbDvL)~;jOM~(F2pzSzAHulSL+(fqH
zF~|nL)QS!(vbA+Zw(FJ=vdKXeI@1qhg7_YmmN<uB23u!sZeR}|Xw>78$eCw*<a}5N
zZskw}>zn7t*{GO`w{O{rp}u`(CEOfeqo?fDQ13(NHs|_QkatBc)cI6Tb_FY5j!)%t
zLkl=oj^JWEDv;!doH!O3i1*%Hxl@$4z_7abhnCHQw^k}k5HS7|>AW9LLFElXJVDG~
z<B;i+q@<t$^|ll&fl)1lvg0IqHzm$0m{u<!x>gC*jdqGVv=ljp{jH@Zy6D*^!boG<
z){H7v!eBj;iNx&^L*CTpNPjKg+Z0=Y;&T)zk2ob6kGn1w{0E#OIvce}a<lJ8Y1(_Z
zFrH74+9JFTKSo~{k|!ght~Dlg?NmaDpuqAUl-x&rBS@Q%WYyCW6VhKyOhdyrJX~Lb
zU&DK-nIRbv4uFi&%#y8W0a2DvubcQFxdX<QR|bOS3yGjJqFn=iVo5q}yIqU;32rBp
z!#Ws1%@|_^_+}EhT<`I(=0yK0r~2<~&X()$cnSqNLHP`y1BzeJIm||hq%T0{+MCn`
z&~q3If&{93eF(nlJNrAMej-<HL6Z>rECuGYG7IPQn;}?hBu=hfuq8+N3?Z}PGH74<
z3=l<*991uVr-dj99th2W@twdka8-e)*nR)d?rZr+OEjbP^VAn!#_B11K$h^xtAx-;
zDJP*v%*vhvm^K1Co3>pDez)LK_A>1bjNV%cJzycG?cO!wv{TCwVthjQ7L3#wH;FhG
zpb)$tWH?qsve$9_d}nz|#dDNlD(*<_xX;%hJ+F;g{5wEc@OsAkJ2^6wd1oncg8YsD
zAm<^J_@s{w{SR098yn;}VcJ$IP}kt`?@3Xgw<lu1%0S;BU;({>+Esa=Sr4YQCdJ!N
zsIO*+OYXkD9d$Vg=zD|-4|0&h)YhQ@(;oREwmwStd=AM*J_j@IXwBSf&2z9|RY|hu
z+oS~_S?u@Bzbdj1Yq|*X$W-+JpfDD6!C=bB3Z=9t+#kSe=DUzjsvqA<y?O_09zf|9
zFCfzcNZvlVw$d7V;b1<qq9x9Pe|j?c&6NUYrE*>W#bPEV5EC77UhX-@Of+$Zd2Ht;
z7P;}oVTRoJ%rIN`n2GmtP9HOIuMyx~Anz4fSg+=2>`S)#p9dOj#(Az50uE20Jh31h
z-|`MKEutr(s-Ls#XP9*Io-Vmn{ZO9wv*NXSz(jOH5zxAgU;Gay@OBND*r2bhlI`G^
zS?Vg+YW3RUEKQ)F(S#@}Qai^k)%?nLRayPJ0-y#d@!>~|xOzi2Ex*|Gpe`J$dr*t;
zO>=S}I4JSH@%}YVIo@)>Z_OJmF`Q+?F&&3239M`Qg&1D0`O8m8ro4ld{xvC>+zL@5
zoY#2<_wXZ>|AAb~=VXT8?ff}T;;&w0PEkqKr&yk9BPa2Tp6!ULtH{Ov)<;GUvr$Oc
z>HL+^WR2dY53@KTr{K;@)*Y57rl7*j;&sVcxrX<jvN79!&Na*g{{lWoxg_Z}=6j6!
zUzzXm`Elpsd;B(fq{61D`NZmu$IChPu1Uga9FK3aYl6x_tK)IC;doq)-Uph~@ftx^
z&ggVpz6xQ{&3^_a9YmyKKG&7Z-<oGaIm@9*nt(DdnW5>Zl~y$U;X1<nOoYqnToL);
z21|Yc-E&s+XX922{!Z8c|BbNVj`0;d)%n=N+?eC}0PL3(iLIrRDa^z&oWsXB1@5rm
z{)&I*ZzRAR<3q2|<PZ594-p7lUz@W(jsO5s;5MQqL>}Wf2k*JgxE{RcJ~sS?v0}2-
zFB^+UpkH>D;g`+khm#AU_lFXXy!R^x0`jyL<)5sc)}rgE=-$jfi#~y8M=6gvyci$r
zJt(aN_vrEXJ-Ju6a53)HFmH={HF{Rd)uQ`LelY>ue;hP|z03!a58R2~cP`x}GOI)P
zV$)sNt}*M;vMpr_P3D0#Y19KL{EJm>i8fZR#D-c3A1t8D(;U+9Y0enGWK35jagDs3
z+i_;U<e{2hD9{MHUDxXTlFV9wEfRN}$b-=aw?X7KGYY{CQkCRs4l9v_x9V|5FuK5R
z3GvSu$ICB7SB@U5ssxZN!Q|4k4Fcwv629Ez`)Bc|dBJA&lePBC;k+A6|ME&=Uwgte
z=zcx?0jJg!#zHab%dK$p@{`PW(V>P~qf{5z5kAqOd%ZkCZRqv#4pu#R2%os~q&7}<
zGF@e^hd%*y)O@`DTYVntDExWSpbKKVN@*tfwz)dhcfYdZVPY1Ob+Rc{mNKtsa`=`v
zP^ht?d?WnbD&Hu@4(wx8vD15<FuXVu?#S4rrouhsJ2xD*ad)%t7wouGbBbk*2BX{Y
ziO6nKzVi1?VY{DRZ^)7}q)WmO+AnCOl)p1x+-OO;@HjE+eHuexEZpbB^GcHqcpua%
zUSN@o;HDK+N8@xAFEkEhd5g;XF`h}U<4hH}vVd<_+HBqGnX^#6V5>J|jXvm&!6?t5
zaX&}NE+SQi%5)GKsYPGtrifL1;O;0}^>kPbfbXimwy>W7TrY-^sV#W7=`TiZQetS3
zJ!35;t8GvpzuFLpK(!*jK%l2&6pREuw`RrEgRdeDGpFdB)O3+srIA8#?eeLIk)r|C
zpAJ0X?-6}}I0A1DTH-g<FR<lX1K&WQRf>yP(H<x4vqmigmaZP1wHC}_*?}VGksnVj
z?m3{wOz^bkq<Z5#%2TODn5j`d=(|(>;guFNH9WE1<4;1zV^wf%7ZtYN&{auafvXW^
z?YBj)Gw_W)68R#dDpIe$guT5K`KLAiMQptV4eQAD4iR5@%!$s_?k&6@%h3YAM1w`}
z7vyc$CMh2xpsZ+X32+1?O}8NFA2b{t6pN#L;3AT5=Mjl|R#Mq1Ak_GEb{q2>?Mklj
znXG*}v`@0J1*@n~jKq&^Hr$74d_p~)#M4D{c!1p)-&)|>uh;yBLEe)kaqW?0i~pD0
zhMtO8!WO-V%U8V=E3}C2CX9iUTSfkkCX52+j;WJIq7`J812(`&J*(b;2<)Ne2GP|7
z7u12N2x5$9orNHVe&+rm{0`#S6Ndq#>NI|eC5F=}bq?Z~+V2B9gVjs8D~87RiVAJt
zqLw*ioe2AJ+g2eS_#9U!3|TL@TV|K?i_o$la-EV4?V7BE)g<EC9^k6O@M)kijS}X2
z1g@PZ5Xl4{a;i7KiIfQ2@o<oJ+#9^5`lx}Gv4Qgoacus+PRdUX57C1eO_ALKw+-Y8
z^`<p!)S}!e#lw7Hs5l;~FP>3F96>$ulU>_SnmaHFQytw2qsXL!s`d21&9sHF*X!Gu
z>lkJ3S4TGk*skdspQ+WCCMIiYp2?axfGVOM27gpj=?K{9r>y(+I<#nS$-S5NQ~n){
z*~WSgAe<68u*iThnG{F1iD)M~OLVO%aIfN@z6xo@-(E@~8kC3=W7f4e4S7sDzi<O%
zyI8NK8QHIE14>Amny3rlnAd6HO~j5nDNTo_22wo-#`Q$5UPMz_tRjfgSMUaXe<V>B
zQy(=?o?>zSsWth<E=)+Y<R=bz<upg+Ys3GdXQG48H0?7*`%KsR3A;5X<Fp~b41G~n
zPg;hi1ET9E^|}lo2ac#D{Go+^HmJ+5V1CL$5Aykf7<;7eTEsKA#qV0zSFih*RT0<>
z+I@IPCyQX{Lj%FO8J8WzT?W2|KVq2T86R9rSiuL-zu12Q)P`d$PnG{foUbovWPtg3
znZ%@<_=-1d=MYnbG=~&)&?>G6t4bCCl4LQRVLej{wt}j#AX`TZk_`P?&=uK+Dk-1H
z@VsP<biq8nleGrt6d|6(D!tAmcR<&&BFke1RNbWWPyNeZ)eD*cuoysJ*_!8#^EpuJ
z+4N#dbR2w9@yjoTmukEE8*7Q8lgZy0s~geL9Y`)i(XaSc=3M*}q2t7KSeG=xeS%;3
z1va=&<Yu(ObD&~)uMpe^P@drPwutg(b@;W&6;V@D3%I?2k{}I?3E79CJ?Y7_>m3*y
zrYC37lF0Fa7a2Xm!i~wqlhfm+a~(urLfhd2dB5n|#!6WMX?QOfgL&*I-F}1m<50|0
zvx@8qD)Rf-Y;n*IGk~cO>~#D~W6H`2+$9$!k*9RhHG+HnoS|h;MEeLKPt<oocqGUC
zc?G}9m1Xwf16Y4ia;v_B*j?Dbe_$!3ksKvBqFy>D1x27+1Vv%|V4YQWx|Mvn>kP5{
zxiXtBmfuW3(QH9I>0M1krYD$e7adoEUf&;+d)*8?+(14U#Gndo7Y4M&RE6EOd5~uS
z00pk21(=Yn5E$BD@VsXQo%i7E;w|!$<l3vDApjr5ven_2V*R5n5?(HHdzZ?}BBF~+
z_>&G3PG}hP$>B1%DO3{8At6;Q0OsSb;%3M+k1#S2)pY>++TNk792XzZRSw20Fb#IE
z1A4FoLL6Gcf7kY3YksTxMS8(Gi$tNWNMpv&p=ULIGW|%)(n~9XQm0V=H1>tkDcVPW
zo)&Q5xo82C|EF3&JTnYYB!)%)XL-Ujx&O~rxjzBq{-@-gWd5f<x5)g{V`csgf9xvr
zcYYo#^IzXp=AWPPe=74IM42nRAKv_;h7am@`0J2Cucl>>5gIV(QF+ce$!L1DK*~5j
z&{i>4WVWv8w>_<BH<>wPv&hV!>N4}!EC2g4bE6?Mztv4<wvI2`f(zk`qGr7Mbd*!~
z@PYf0=I;Mntek2;M>+KrtVfm>f$GFHj(<KzPHoZB0nN`AxD$Xi%=M_y0oe2V7rV%*
znB@W`UQB!fyYkZyG9i_jgYP3rbsG6DMZ%h#`s`=AoO()%pRUQN(_-b+F}rj*^(o9b
zD6gVBt#ax#CZ`&_7xS)UJD8CA%3gT)Wmf%B!IpOne43yYl+uq#%K0QRGry00sVlK8
z$E+et-m^2`zqs4|p79w~x$-K8v~pW(wl_}RDzD>%f5-bD1sKY!QO-egkJ2|s-ldiH
zE#H;oq`t~`9yt_^_Fkve`jrQIF+Z!CdOp5&yET66Ofu5kJZsFo8FTIX&{Fr;`#1TJ
z`j=;00QQl;>2dc}kw2>&{(!>_k4K1(*#i>Izs!94*7GHQX;IWSUrE%64nT!nW4uZI
zBAuuB8;`)q{A;qb!A;Lm9<j-ZRznyJ7q&5S$ui@_$EOO!>Mod`BR|r;4(fFOeA{K-
z-IX!*7S&gG!(jhy&F|*92O~f?83LB?Jd0%|hcs>{?LHVR8~o9xof=@2n!A|~Tt+P0
zl4?lQc}k11)o<Y!I%CBIP{zxcJfH=Wg2qsxQI<q8<!lcy4S+SgzlNSLH022;m?+nj
z7ZM6UO@92Wvcm1`B&#qzqe^l&;avG8Rh}tr+ckeY26uCL*b-3XZ|lDQS>$6zFSPZO
z-{0M7F<U<i=(8dqO9OhzE}%Cvo=@$&%iQ{@mUEYU&wx!zUJ)z+(flzaiwi-CD&OUB
zP)Hq~P6RGzOfjQLz4Tg}4Tvg*>4AFS>w;gJ>EN<#Se>&$9sM3Kl})fcl6%_pSIn@^
z`q7$d6~{hCYb<+oiuS3o^3kMuVUZ@*N6|$+FnV;HJhQ5%rtvVwCRweIPfC67WPNrK
z0p8qpJ$%k8bH6`xe(w9oIE-g$K%gDwIg6h2cfl|tj8qHI)nZ0#tFcnpDqSzL#$j$h
z#V-8`cjL*8Ktg{q=zRj7<nOgqg{1f!BK&Iv`5S)O0N`?ECuZ}3r|mXd*@<HBh_VyE
z;RC<IBQPzNvp$a0q*(V0y>2+AGA0Ss^GO!w_yO(FD}}OqVFp~lH-4F;?D#Z3@I0^w
z{#necS9W|jANUJ>`E4a1_#J!;to8QQ_DOe@Z%t0`_5NLP7$0R@v5YJTh42=&`8jlT
zsKd(U6&;wMPZ^Y&D|=Im%6A>1lIsUN<$GD3^$z-w2c`Nv1<JdrXHIbvZ#RwvD4y10
zyPqFVZR-7)<TW&pTiJmg4{a3~n7A4?ek>Uo*adJe2+dDec{L%_ZZr_s4|A|9w_{XK
zNEjgacQ%t|qWSe~6XX+-K_u_?<l9re6P<hb;NW;-LS)g{uMQc)+3N6wIw@6@_XXDS
zfpj_~O<1~mAbi~L34CB40MO8P<z{S(jKu!Sj^F3KG4#adtg>j_+!1BRZ}z5@9lsXV
z7ZYQ{@_6`VLKMJ%m4435uUtF2)h;-^t4AwIi}4oBie8Z))$a8DfN8Bgp?t3N0?cDv
zP1oy2N3R7%&fm^0XsU~|dCC^V*?ge*^-G08WmH-0h5X9#2?@%e=R6gIdLe!UHu)k#
zX#P@3ZdDJhkEcUiEPbs<tgd|hSFhM86pGTW)Msh&Q!H_nJTAouZPlWujNhSgGtu<R
z;@-9i%7o=dgum98eQ9I=)tBkvR3Oc=NT~@+>&w=djZ3MwPqp65RO3O+Gta&m(NSea
zbW~{KBzTqy%M;eXR~8(F0dJM<u{|2WQS2EEjxqyvNxl?i=G5(}52RKZBl{j{5wmk!
z$x-u1JN}4wPTBDi@2|^_-_Hl%!=!KPvOMK$ZNP~=GSFuDkEbmDI{tNWtkr*t@fEo?
zTyn~CK3~3<ZLqZ~$&c$-S{@-!+1fI^SJHm_*Kw?$QLG;iAO#>wJRfKR&9W};TEvp@
z?+pDE_=eNu8$f{J+LM$o{xf9D=m)qq{J}}{ED^*VK7bhjbI{R$A<8`Ahwysnu6Duo
zCHcRFH=IJDb-((+@veuE$OXR-yXjnQ7YVB2(Rg_Fw-B+E@Y}}u*(Kk>{&(=CA#Yk`
zCGU7Wo`1o8r(x5Vej1Io#%KAiI@?B&Zfpcvs)LNy$y3531{-!&lfSpO0!#mgTD~J1
zt&FVczW>4qmD{sg>m7U$&u`o6anqHLc?)UZMsw{9<|4xqQ_y*WyD*CnP)Y|ajw7q$
zDkc8yI6nA08y?`td3$3riNI6vD~n&Y+SuPPrve{fdHm)$;9bO@N73)>EE2lb*qB()
z^i5Rx<@T~K9h$6@Y^2kWTY_ulc>dWLuukRsnIqFLNi&#}Zq_A;Nzu@BjHR0hVr^%p
zsr)v^{%NMt_`S`dt~PXCC+`X~Zw00yFH8%!uzaNW9-M8s{20Y|qZ<->9kqn7jv8p?
z|2jn;72`kiowhH7oKe!BfRm|=BF`n}!Q>2Yp#JI5ULAT&e|`8VcI@n=qmQHNB}rtP
zOU8%S2*b0n5WUFXu}W}NlU0-%$-~cTl9*|+M`R(fw`J~)X4;8o2ns!->f@iVEEJTv
zqui$1@`ulHdT%`&^8U7m%n>)}xgso*5!we)y0_$0hDA&}s=YW8thA~#b(SJowd|}r
zv`stfj)W{e`M)SL-SzMNHpX55Q_H27cf?$J!*Xf*cZPj3VeO7#WT0}lF<-R|fklK;
zaa4<!)AFOk3@<0FO31vNCc`)Xh_|5+&UdX)pYR%dWA|6k{d{w@-y&$^gAzWI6z%r}
z{kjc)9jUEk^#)t@6K*ZGI89Q<!dm4`EpV-;1Qh9XuyI6?tMz?)ng@2k-jcgk<i~Co
zf@^(Eg5sMbDDwq8s&Rdfb(mZyMEB-mNpkHHg5QbqHogMmLg>H)%c+PQ9?U`il01K$
z*U9P%7M;1Spa=rSbgYe+OjX6Ho*-HcS1qxziePq%U;2(pTw~?DWWEB!$)r%pbTKsY
zA~GaXuA-<q?i-G>pgM8Xm><=thW^MBqdL**s^m@;hU3v<t{}zdV5zg*Np#$Sc4p{H
z;I=_`YH#dDJ}AY{7w~p`Ec^?yoE1;P;}2Fg5Y4qR9&`X0iB5M2+>a6$720;FhyJw;
z?#4GoQ8aWl2-ugaCGwUOnmV1`3ioLP-(LV*%nKKCR2VRs;;g7JVEHC(I>acnluzBy
z+n6K{Dw1~Ktz1?yXqZhIarbsa!|(XO+gulAH8R<9Ud@h_jdNN$_L>=E<iCefu%90X
z{qcckpfmRtz{`eh3@^PNc;f}|MtKVsi@A;2J_Y%*8n^-T{EX&IzNrYwf?G%_mZ5`J
zwGIG4%H)~!w66yGS~pM|H_ACN<2K^G&~Id5YYl8JSZoJWLnoddIrzZetQ?!_;NUq3
z3-!U8i8;ckhv2qS3L*G}`Kx9eMzZSF%zw})5)c2Nz_^U@dObu;`&yrc$Y?9Ob?a7m
z#McM*H;xbd!)D38-EM*6)%X^sDte+5Cwcsxag0t7@9Sxl1Y?*z&Nt{{49=0Gmr1ea
zhX!T{tT;Q3UzCr={!ev3C)Cp(w&u6=*Kum%Lc5J#7r+RPnEELGH5hZ5iRl6oY%mR2
zsN-Ak<9UkG*JJ!)=fzV|Kk7`H(~`z-4Pf#Cj2dAHpeY>EU~CPCOvYAsh0fSMg>T^m
z-L8NRzsy7F#6}q6;tpM2ir~-Hon7UnwAREjK2QQ6UEaKPo((G#Rb}x@R`Y>l1m>0F
zCS$IF{puxiTcUs{g9uTCQRh#C*?C8jV3<+mzcri2=7iP0!LtSVW)=>xAN;(Ier8;O
zP&j`C{7|m<C#1k9h%=WR+YAWKvIHPgeE#%dbGr@>Gu@x#t}xu6+lH7ZWroecI{*+`
z&w_IPSI%LCs5c1iZ!~#I$p`dU>%CHNf8jen%<1P^#&vn4pxiYRD}P3^%J!88tK{o(
z%Xz-1EhqP&xiaNL^pz<df?LiFn{lf33B5LJgnenS$=ipOx*q0hiN@wDh8q($>pRoI
zCVgjW`UZjM8Nzm^2Kse9{`%0s<HDK#gpa-<u%7=TKg<@sBWlg(=&znBDD!6GRQw4c
zybmo~ZuxpXh+!6C%<v|J@@GcA73%G&wCZ~Pjj&y(ik|aDm+?V#?@cPpXp$2NjSM7u
zFBXZm&WS~$%fE?1qRyWTBs#STr}$WkhD1&Db7~49k-7<yNa^?eCZe+sHX#myf=i1n
z_gf9Wy`?~h+s_+j^C!HqiJ{uM^YHHMnOMlPKA~h212Raq{a%3YBoio`bjW*u(jh;G
z-kgxaAb&soY8#A(CVdfqGsjp&YyO}fa9Izfz2GMcF0UPI;PT4BU2$2t9<dqbl7w>s
zl=dfV+z9h2-^X0OFFV?g&B`|lb4{rnWx!DSRd2*`_K#s7uSZNIeQdCfr1!%&rQdUK
ze;Dl}-4|cd>JLqvO2u-qOvEPdz_ZuKMeFXwNm_wic_LPs01BUo;*tQr1*$k9=Q;Fz
zgP2qt?-(m+MRDbc?0%|H0b&+=M!VlqKPE3t7?qbY_lC2ThPlTq4MTN!(lOgA?00n>
z(6t*6OfjePm}D&RlkKFMDkLc5p-756ki;xYy-Cc&G$uK+O?~c5Q2XBMLLX*5p8_gb
zHE|Nw^ud|vkSGO6WW$W+3Hkx6dQ+v%ESRcipsCLuho5@fE(l7Ityr(f|C7_Gz}2UI
zk-6=?)(rqmK(oIJJ1kJ>OAelxqAuD9l3|h{-;%1X{~{Vy@P~3sYUIb*{EhlM=9}-p
z;A4kYH<I$HgWlzCF$$ge9@45w-lRF=e@=>oFYBz%xxXfvCZ;f=QO5yI`!PusHNH0n
zU|A?2kmWg(FcTf@!S0RBJBgH7fhn}>`Gt6-X9SMu@T5cuDRXZ>>)_A>Bo>AEz(WKL
z>;&h19jgffXoLrRW0L14vNMCNRN;)YYAgehBFBfnH2jRI;IWf%X}gtvs4fC1>2M>W
zQ7X-Fo`Vt+O`^F{f<r`|dC64GSFTr&g-(w_;rS>Q>|P7Z9(@(mZ}HpkXsmvEru9ze
zx~z917rWjs+Sq!3-ExlWJ)Nz0+W+o)7tf~g=*u2_kjO%VCmJNq9iD%E<_z$>%qqVz
z^NhnpuNkrUHR^1-`u$yTtFzOJTi2XBZcU|NO$%OquQt`gTL0d9Ui%%iM4mCvA7bi>
zmuA9?sk$2H9g3B=<r)xh{kuAYYXx~$CZDrG9@wScmog{o^!39#U$xtmc%y9idowCo
z-O<uaJQDQwG2;h8oQU)N_H3{!B`{HGx>b14Ers3+&?3C!$4%21yBo!F7%(1Y%kkFw
zcKSI^=?hZm@9f$4@!7~%Mjq6x?(?{j<`MZX^_4n+XR&4dwLF49zdrR4R-YR2ohQqT
zkpf3^gsxT7;boESJ=JeD-9dGKwu?=rR6eCwZzU}+j4G0`-UR@m$4{3E6YCa;{wU8c
z#CVY-{A0QJ(|Lq1P4s5)%W|C+c}~>H{OW*`A@I9DTpdu6*WWt`ehh#ggDUa{_!8mA
zz>2(qpu9_5hbTXlnkKnUqB1)ht>;}mxwh~N(Hn$c=EIX5DKwwc>gDBNEmcYG5Eba5
z0RBmr+|fB7i>|2TJ}L2coWvLM3$G&TIf$NMT!;E{B4#|uNlnx04Wc66t!gUhyHwJV
z;t9tm*eV8LhEGm%xBCu}*A}yxEM290THR-yw-#D)6H_1P<s`qg#H#isg%8uDMH|s?
zQ@6!nCC|yLm<MMvSzxHTXJkXH{XvVU*y0(l)#GI`m=;oXV0C*zDRx$3eq=voEq1M!
z+^r&?*DCls2Z?eUzepuhPb(illd-=OmUS+Ms-C9uF4jeWCFeY_;wyPt|I%EW*TXOK
zI4g3UIdVHJJ6|yw&A`h%{XMw!x&8S-K5H1@!R5~#zz5x|Vc^Pv&`Cw^Kv)4hrQ)h7
z5&RfOfvb~zl-JoT#s#X+U@Gz2&a;wner@MD%s<^v<Km!@6;8rjBwhA{b&NTV(e{6I
zOWn#Z+Qx$KaH~41ZB?m1(N-mPw=}Hc7nbQhLKBHTQ>{brV^W9kVqG&Lj(w+QX^@!L
zt67kh@}<B&FeYVgdXI0yK!h&tpWcs<`HxAX(x<O5QA=a#g~`P9$=Nm?{jY)P@73+v
zEmTHlz4|9Rx<1c?dsc^^GyRhFeX#G(+6P|=o?#!XVkw%P<Pq#XjN{`MvI7F#l-Gyv
zj2h?Xo=|Z#qe^ZQ{Pi4iG=AA2u7cH3<piR;Egf{e1o!<v_TD|biE0ZRP1*#~LYWFw
ztH7ZgQ)~s4^3aA-Y-n00Fa?xX1s^DgC<urNE%FeUgfhlxeWAyrNA&o>qsR9_-n2kT
zLB#?JC@KX7XQ)5{DWTBjuC?~eWKzI$?stFp`|cl?@1vPL`!Rd3z4qQ~t-T(~jwZdH
z+@lh}JyRct+zHd$qxx%X!$sc@1XY6>h;ipNSdw!~IX1nKF%xO_Fy2j|Ly`YisfKBR
zJcdV$SRDt)3NA`19*!A2Bk**wiigdf$KiN^qXoEzX>hz~dI-9Hg0$bDqM)fRXliRr
zyTNGHte&Ir$=aqO^ARat|IPsQI|6;DZaKSexy<>r{3Se}ln0{lzI?eERIYAibic`}
zAlHWS)=i8aRDNlWi3j;V?ROk;G_c=EyC!7q2L58Sy|ZD<o4ScC@H-oJyq(eevHuni
zHgUP;9iqyU!4CZum>)guJBhW;(bL`-1~%^saG0{3;1ELpzl(R8O#i+R8sfq3Op(eK
z5%kC*mUJs08lvhS4#`u0*#!D4;8C5^A?h3tQRjS!s-`kTMT;R*)n9cP4H>Eas>^A}
zMEv!nga{%bylutTdDOgt!wZ$IG_ilt`<nm1|Nk%d|4gj^-2cz_*S}jL61VgL%~^BE
zskZA>yXI8CZ&s6Px16ftl~e7OQ|*>h9f?!zj+440NEFE0IH@ciL@c~?`&Hc28sg2K
zK^OxUuk%t=yJOaE^-`-|iwl?}|MdyO(E~i9;#Amu@8$Nt=PtF1#qBarGalK}Qhu4L
zdhAG@(<(1}cEoe*Wdk2aoj1&}UpDG-IWHbF=W(mH@zOY3-ESyZk>{>uLKPNo*&we%
z)#}taU4YU@!5C2bd68(CV}0NLb79ssQEn0Y;@zk*3-N1-4!|I|Mt(t<wApR0$8g8j
zI~SEkFx+v(+o3KkDj!zNi&(tlQ{LEk#}w-r=us)6yMPdX&-O<`E<0hI$D_%7)u39z
z`SxU0=qvwv_h~AKIA)am+Bd{Vel7cS$#2{S6kRHbs^s^~dQAS1h?AdkVm(T9e_4+b
z-9VRcI34eyT!CI2*Q<A1F0-nWK3NFZ*|*fYxob80r%NSNbJD#S=R*yl0zbg9%QR@h
zGa?Yr?jj1cyM&zkqgN33?lp*QA57H6ws&FYT3kU)WUg2As2smiX3TBfoUBXiS<v)m
zX`H!boMt)}U7V{PV+7=?juZPE?;<jyV%|01Ma8^7C1_&aJqfBG{*>p|b;nzVl66eh
z?SxPIk2V|b%YKIhekeigH5Uq*J^8@<SYV~LWi#6#&%BEy-q|j+zH1pbM!QeziuCa?
z?OqDL*lV38UBCJ}O}d`44rllF1SVZ?O{siLJ;hkB{$FUU*D(@KyX?uDbUGE0PFbn?
zDPWe$W21UY;|M7cV+*p5Ye)+?>ZE&#w3c`}a6;_Ogl}yOeop>Y$ItuMVkc4kiSTn2
zB|o$geh!C3!0Lj(fM<6$q?=rU{(prO61V;XlJ!O`?CYx`Df9OLs5&qPRUd-&t4{Kj
zE}XvI6P@JSZQ3N`!4j~3vW6yj`5JA4x2f@L0$sM9MbzI$sE>;BKs!lY9)*Go>s>n5
zKW_8%bxB9X+-ZA^*KW4xwOi{;alVw{e0;hs4h=lw$bSdP-Y$pck|_qw$+*!d|5ULN
zy*&i1r&a?H>2||<bhUb0^V4b#pSJDR@TqDw&W5)&!>2DO^<ZoA%MnH2kMCsYYrtKG
zZK2OKY?~BmiEa2L<%cGNy$tGr1X^Ltcgbr5Hr3k~`9t8Tq-t+kkNi}rAeqiMHOPCc
z{Y;PiWE8Z+IL88CI5usLLkPU{r<Mleqx|7$JE;!Dd!E*$gT48jQThc2FYUs(@S~D1
z6%F2_uSfO%0?O9ymv?>^iPXJ5rDgng4Ey5W?dilj_IcaYUCr)CL!J&~)*DCX^qDPi
zj7>!TmgA+w==cIdl6w>;8{@OHc=BmlJo%9}Z<`(?Q=wdD4e-Y-ro0|HzC0#gd@et!
zFgcLuuPEgks?46gi;gt&f!W1UA|JqjK^XmMHb$}n_J1g_tFw6u3}voFZNj0pGfdxm
zXlmW>(eXh$-X2gbdC}K!lswK;Tfq9xE>_!ub{|j0w(3?f{$XgcF`mlh;=!vVi@<!d
zX3)LQsA8SDPG&NR{Nk3(b>5sSGuOI*4OJh-8N=1iv<ZQksjk4Sg5!9}WaqhUOv~>L
z>J2oGNAh74V|)YCP;j2?1iF>@-f77$sV}>F8irRS#eA?Jf+B3!vIkI!cx#IYGipEB
zH@v&KRRs}8z2|0t18-vbhrDz`{`Lpb8S_6&T^MF_1^Tit=ks-oNH6iYnU`kT>RuB9
zk0lpno){J!c#C|~qbAkUj%UKqV9(x~tB#Xy^9gy^hZu`_UaFkx#a(7zsz7>v(?%*o
zqkQfr{3{=wMeU$>&+<j;xTR5m=-(+OUDpTAC(2vWgDvH^E%RH_vn|V?*%C`{@d4|d
z_35T7)`#^lHRirl3U4v4KjT>x{w(G!+W)nF7VZ5EH@LUs)Uzl=$>ni$7H$3vX{9gV
zuNhhvd;R+}P4(@q&$Nv*__eliK1Ed@k7FC>LP||XNuWCKA?p;iR>(S0eS)U$R3En(
z^!E-GNA>rf+>crXxi>*EEqk*e`=9$`H2>Z;WM%$DHUIcDT66!nX!gfH#njwj$T|_5
zb%&wR89!5_uNxZeYsmhPWiK*hPc}5X_#kE9XUINl$Ub&3=DRl<vTmr2$=YPdT0~j7
zZ4HgqkBw%xJ{wc>J42QfoAt1v(e@40=og<v8y#lI{s+r`*^oWo&~V>#F%4g3tQnhC
zXsC69vU2kcjqWpKKTfVKbM1y~n<0Bx6J=Ws*?%)+dt-u^(tbW9gAa^IMzK?CrXo;@
zjt)(2$(jlNdOFgX<EVb@dTx~|%2$o+z4(R*1)YRkX<SC#k7TdaVm)7GzlD9awb%?>
z;|o>Jh6<afvr{~ab{SRYE_1Kok}A@%7rE%@Q`5s9ks+X(a$s5>8kzJMm4>y^FO6A7
z)3hZRJl!eQnmK<Gncus5P39dG^V7zak$-SFE#jtYdnM;PYQmeG2G3uZcNWb4=X<DS
zc}}jI8D)XVQ-nJ>@aC)rKJ%DdEv;hCBS=$^`QZ@EjdJ)G)Vd7A7Mmty*7N3k<}C)F
zZ2A)dnvWlr!9rJ}`;YwI1-|26jt@H3Km*-K*zFhw2TUy|);6nx;Fd5_=L0V=hQP5@
zjoR=o2_|zy2F?xXVNZ$KZ<QBxd2d5&o5u>X;ccZH0?aCJIe$iZLt;a`*=v=*pJ9Lq
z>G3O5PDc3!m~XmGqli$^E0%2kcJJ&!>xQis&KEJ^eYcJCp`SH!zvg%_S>W>FPmc#v
zono_@`9l~QbfuG`AkVpEa<|b1?UNiwxM%v&<}CB^WLJ+D-`Tu&TVR9>w4MyDXJG39
z>mjM`%&iTTX0OvJ9*I*ACm?FQPqrXrqxz?;K65{4Yz4dNnKd*xTJPd9>LTv_(8VXb
ze6VANV6LSPF?ViAMAkh^a9Rm?ulnCfz2wu3|I48G#j$ziq&JYcnKyrj4dq44nX8l^
z(1uxc-X}mA;0~U~yH%JrA%J1shoy1;1GFLvCZnT+G=W{FjkafyI<l_ad~|AbZT!ou
zsVK8sHmFtvq(MK5q9C9%^pHH~9kZs!9Fo`I!op%yfhj!4ETGICuvXTn8uj?$REms?
zOJ_qZ4uRf;Dc&tD$a$$*4MJuGteP}hKlqfPKlRq1Y(NBEBV_JoYbrlk?!I&tMdMXw
zY4=M)U|O~in3PwP`8(p#)2o|Q_&_s(d1)*l1Hva3Am2Tx0t9%#ztLuKoCfB(o*d+y
zKp;H&HtrZF<u%h(fW?fuC^Jku%Rw4=k+fAXpO$wX#GRrZ1_?dyj?oBdv#4iJHvK7C
zf65Rt52MO(ex5)kCHcK&r+-yMsn_D4t9}Q2sr<Yan$39E>EG=wMwPph@^Gl?mbRk%
z1l5bDoO2LeaU3_s^Y9E7q-g-}NdW0-XzoyJV*g^UT~zwZeA*q_${3El0yp?@-J7Z(
z9~KXU?CaMX<Kxkeb4e%tyE*q}{$=EiMzg-Y>AR$_&-{F8UkCj!eFZp~>-BzagMQYc
zMS079R-k@`pT#VN?u<e21!tj4*hy~@>sA}qExl7&+vPA4PKG`i+cfk@Y-5Y+Yh2o&
zf2;cd`Gn2jxqSH3V@T>2<MEwm%4-O5oPQ3k(cqAJC><`6Dg_Kydo12vskDJp#+kK?
z7Y~KW-qX40yxGOMcA(+Y_mB>xZ2CRjwCk97+Kd-ub|H}R3cM&n{|Mc%(fE|>&O$oa
z*;eG(!-;gBis!p>OVJ0&N*m`#Kb{RPE^KBB@u+c5*S%t8>jG}oc6YF&jaxM!k6RTI
z9Mv8-u~H#gV<TZ;yB@PEYfJ`x3d(<1&)>n7y@H9%%Gidy`*^A5+&<plkhd(G^D(cu
ztpuqedLCL2LB|D>4TptpHM|&3_S{Lb;>C^4T>%u_atv;o#=W@N>D%KO1kZV%Y(5vO
zdwTP^$ewvJc#^+((s&|3JgM+&L#_dSfvfP?h#z5kmtkNk4#)H8CTcDmne{jenT@>p
z8$O{?fHgN6Wy1)QA{dI3jb)zzL-a{B@ZFxleDHA?^!dlGQ5LH6i?9FA2L~g8R`ML5
zxyv22035Q_y556I19`5fP{(~n*Oz*tp5X>wAfvne%rG>S#OGMo97{KGOY%veG}4CZ
zn1{o>V;|?^p`|lh1gS=OQ>PDF@?*}?0NJuX(oJLdV9#68dlA35De?pm3fxjM{9N1w
ze=S_u8JdLLp6_-iC%Wfq_-<85L`*{uFuS!I$~?TBgz~ayu68TA1=yj}@2EQ7x$i--
zcyA_MW2&qE+Q%)V;c(u>*l%2B<(jVvY7KYeJ<uS1D(Wp?{g_Q|Jy-MD;U`Q(i>!El
z@h_0L=$3wj!`(ZM53XZP<vs+Rp=O25qw;*Hs?3P;%NtPOr*zQuS@^|B+*mdc5SF54
zLso_Ajg;Xf+Rhx6`(qE-7f|IjPw%Q!VF1d#r8-bNs|gaE?=;g-P{(;tt}DgJ0pz=g
z_IuUt9jI+|=&_IPnEl&57SV07Nc+WFs~EO&zPEAJZZUh)#9v@1_?YdFY0=o1QGOcT
zLT7DXi!AguIMYn>&_?K#qn4Md=A@$lOA2kI&>5MBh2Si-^_D+g2&Zn)WseZ0TLlQy
zs-nAT?bA)qvpC3yHfBtGO}(Mwxq=$#LskV0rT*`v_K{}rcwvG(*jhK<*!EQu?5!2@
zS5QVls}Z?RSu^T4jO7EZRBst@cm#@3$@{lc=`fyO!hCSpK_0k@%=3J=%7tCr(zjW#
zSMQ9ZjIB>6b>8?fXxEP3VYrw8pLt07^XCpmQhH*^fc5M@$!5;mD=QL7NriXiC?5IJ
zomu7C#s>;aLS|i2W=}gWehIXDv5m!p_%Kp~{_<k<nPL5ixl7;bPSKfJpF>;l$et{q
zH)+HhT|jZ`23<h$z*{It=qafJim{aJBH<ECalFNBGP?7DC9`Zun^f?jC8ajadfJ)_
z1w1ylxRTz9xd+#4(u#J}&L7K|w8BKGqs!Q4)W2Ns$cO6<!s{c;bm8?6%TU0AVGCe4
z*8D+O6Bw*G|3S77Uwbs2rJ0><igY9$?UNlT;Ul;a{oQ1Q5A7&$`iRGg(@Xi_&F;*Y
zXE_Pmc2S?uzG|>VthIQ%iMdy;*X*PEpnX&yJV0KjFD1>y%7N#m;-v!Ym0u!7?7N@L
z%xg3~nm`^kWEC7$-oZtIMOfJFsPP`n+RYq<JozGRH&5g3Y-Mdc|FTLaSi4c{DQkaC
zH<6MXy)ReqxaQ#{jUMIetFma6uZl9{6*uF2>i{lVr_c1fH*peHm8mm5os#dC(X>V<
z5e7GyAhX@m4dXy3D=#s)0RQWmfUIR;G2#N^?C-p|M4kB~Yqgp0NbSxjV>921QWGHs
z48{@!fi|ty9&eywM2$|TEUu(>1B>WKGS|HU`*j=?N_+ex(^~wajG<ew7qJ=Am4)hS
zCf@q7sct(I{cS~eQ!+z@MZct*R^zkMilQwIg|$;NSsa*7mjoVjJ<olTGyw|X0_^}5
zM*KpHaV0dN>_I_Cp#NL&${k#9uYixq_o5v<Qt5yKL7e8`$TW8_uXGKZPcY|jQse<a
zmY0lSXW%UMo&-_=d(5!QDf0F>cYp_CdmBERd2`YR_>_2*bB7katga__aM8zzBGR&z
z>}Lhi1FiW?)XD=MrqV6tm7?*oxE+SW+sX^FcEen^L4d9!^Z!s@8jjB;)kr^!xp%D5
zr+(rJoQ3m#b?R@Y<S{=jqWN_&PHE9Hc0V=)Qey5kYqZ(yPDOwAv)N3gR1Ku0pW!QF
z?upg<H#$?^9_<@Rl-%k^^xBT-^`43;>sD)RAA22(RH$wLNU2Z#hHa{RwPAPo!msZR
zANXk_;ru^ch(zkTz+{~}ly2HYGxeWy`b_!9HlsbXVb&u_Q=lNMzqiOCg4GA##KlTZ
zx?1d~ywvEH>dWES#fkKc6m!k1qgQ$^zjmcJz}VxTztG{a9=^o+Z`I)OZ%StP(K{Zr
zx20Un{p1S`66KV6qY8;7l<JJ_Vo~6Hm9CAK^v`hB5B#w8?L&ycT?%nF7l%s;_Z}iQ
z7<smpao(%&Kt*y)Z0yRFp??f9H%tG1GJSEok9|LmQtKcU=v7z?_>go4{#qniJLBJg
z>Uj-SX6BDpJOT%OrP%<5{i}2+tg6Mfp7yCwc$bn-KoXC;Oa)PID;)Sv@mJ2f0I=~U
zC;*3R1U<Q>!BL+AG~OP*TQz#Gmf+NEkkc8vT*dkNvyJ?-SJ^2Q7uhZJ=+z$@5X?vL
zVyV}&@a#7KBxL@A$EP6mT8Xu#yKOCK0ot!=zhGWLDUv1f8|bB}!Fu*!x+%`v746mF
ziI2D5C*wCZQv`|s=y6J*O~X-NZlrHu3K@y>;3*<;;2T#WalZCONgVVc7_eRs(<GfF
zBBw~IT@!!LYo?ZD&Tl~G$Zehn0;W`_ub~PRMFNKvIQASA7}sp{=+V}s3GUD_sGPm9
zIVPTnTWZ#kY$}i!;{eovS6cw^#&so*u$cMakdbsBOVX_1h+-i)&PE~*98Dgd30W*Y
z!2x&Kb#!t3Ph5Fp%(|bB0$Y(8j+ELkpX0LP21Ox89!Z9rRCmrJsjxy&HkUIsne&r+
zz~TkANIY(p1*w8GHF-`FStcPt@Fl(u6i#(7zQ{`4GZm<()H%rpeNR%FA|cB#78OC<
zVJ<>VlTo(elKpzlx0doRP~h>vykwX(xA<%0&|uH&p;xe@9SN^Adx1)f2jrxw%D1uJ
zTjGKAVSYSN<u;YiDTdCU#Lwo8ht3}%c4i)Ro|n-1&S2{Ns5IKu3bDtI8O5H?gBx7E
zY=DO(p%ovnHIq3$n_qyHTl@-pjNS!dgvFeHxWV4REpE2CgM)zqL*caFPfcu{YP?d1
zSyJ6kR8J`vH=B*8*y2W96<)=?xS969Zq7iVMXZh!tIcj{c(GF|w6tt4WbO9~+fM`5
z%|E7_>h_4aUw_KBaA%|)=YMArZsGL!_eCTZcLloqdLZ58u{y=!7K<y&Mw9_h>;yi7
z^Up$8Sj0^1GLo>KPjxcr7S8|RB9#n+=LyI+p_#atJHq(&d!k<-1&^*kuZIqxgq1$5
z?`<EVJ1pAU4$y~>#Ch-1KN|VO_|Xi*M?2$3(J2ob6nEJ{Es1A?@(!Z``F=#lIa?oZ
zCjQD5uzvr8-k%Ds&M5*!1@tG;LU#{P@3)KSzots%3t^ubsqQl*^%PKeI@+G*lJ2sn
z!nQNgB-j6LF`?5)T#2s0T_`&pjZ#!7>ULDj8BY=CQQ=HbHzaH&8(Zm(tz?i$mk)Nd
zkxUi0sqT-W{FC0g?6)z&Y5?m5uucH$WLCS)6|jFzf=O^m2WbOalcw!nLR3oJVjs(Y
z8YQ)(S%YcH7Z^z?XKDtVPZYjuOa`CxFp5*j@74nJq4T7cA&tynzk}11COqPE#zQ@e
zg>Jf`-kngdf#MpKV!f((RU9r2&S1YI)08Fnz5fBGuh#vahUxB^|1(UvPYf{4{qHb6
z`BV%{S4GFj!#R<x_KwwM!`pBSPAcGFad^?1yrXJPA&ra=7Qt3|QXd(E4^RF~U{E-o
zICVU!>Ugja!U#sen0NQbD)a7=P6Ge_zYL^%>_F}(KUOE#=Ej_K(du$TAf|jDDt~Zo
z+Lg+0i!DE(k(Iw<`^#g?-;GG;sPc@4Gbs)2CgC>&PbD~?@E4#o6?zTaL?E|rFHjNE
zDPB6ZaaPQj<!8xvd;uX7yX#Qe<JKZQk^%qIl)s*DiJ~WsDC*MY@VsmxDFj1NS1gKF
z%^9hpXc3@jbRv6WD;d~I>}>XXq~&b(#^y4x;WR=_oYFZTB4UPAYDNBE*88X@V?dY~
zMv#ZDJVn>Xmj3|>e#aiqJ-B+AgDczxFsu=->QQVr_#liRFa3_BGXQlR<Qm=rbmVJ~
zBiu)&8Bi6WrhHA_&hnt8Jea(&YL81EhNLs9%5X8smzh)gQX9HmJ5Yc`=y{Zo4-L4g
zNV%$;QNLs))XPg2w_&K%up7u+V5t@K6X+JhiQX@TU{SGP{@%G3c}(ZWW-ZQNz?tfH
zRC>DV@@Q%&)kzKpfx<WMf^4ts7Auq8;xV&#CveP*Q139mv-vTb%bag9*O-T;nLA`w
zyUY_(`Nd6mz)Sg^f!Aaz$^mQWTOj*?3rq9tQhr;WrOD{X`ZYau)RdX`o+VT*R$4_a
z9}h#PAB%;+tx*5%pMfS1%qd1m0$qd!holV;PIjbW03QnXLXHiHECEF8jfA63S!&Yb
z95Mms@W~caL%z-I9m)6T6ia#aiEBxDy>HeiFXUYQg!1amtnSj>;@4)Rs06%YactrI
z=V+DvjD}l*nE>uF(C_i}(7`Syv6iFII(5{MVL*vhyP+@QA@lIybW^f7UWo5Ov2kj6
zjNok%9JRCaRp$%I?#!h)HGF2uzstLufM+Np>8ry!yd1e<ia#B)=9V*|HK|BN?~jMu
zNVT!a4HyP1BqvGPoeqoctJ!}Mq#e9?tXpXhw`1R9-G$6XAuu0S`niMdZu`8qz}yvI
z=AIwkM){ZM`yxrHdky1h03}|O2_I|fx^Pdx+O#Vjg;&dDR3b&sXG4SYdqJ1~4e7NO
z+Dn>c`F;!hK9XEslzFizb0ZE_$jsgROm`EKuB(}H!z5da4vD!htu)YWKhDwVwq0|O
zZcF-Pmrf^DYjhIw5zdB6Gh-{9;-NV21f6ahveHPmy)!3Dx4kk4qenJl*r=rOmuYsh
z-fXg&HOu*4N3t#H(PowJBO2qeI3tbmK%7ov^ozR;jq!35+raapG=>ZJTG+PpO!DAg
zbjkvbeRz%Z1f9AzBRzpNdNSfcBPDR3e(FI36>&3B5!gsiop#u>61V7YTF?$HcjXN}
zU<%hEV4!I1@h885d9OGB*%%fc{(mxt>M8$a44iQcX;&J<c@g?~>H-@>?0F*pgn8dx
zz);!ITcbWI-sat_UE>@jN0^VKD*c;K%lS4hV!dRI>`XU#@7Rd0KsT*`FU#)^I34j<
zlsXV1y@{!kLUg}>qR;6_)^2|V#(G$on6-P+e0%Rc+zXqfly%SsKk2+0G&o>=e<!V|
z7b}#HF0vzS=${^Gqb}f)_V&)0BaIzoBagC!j2&OIn+(TS7tKGXsy~Is%Z8&Yn-3J)
z7^fS?o9A;s@Q%G)Sz0TU_-x}i|JALK?7rBQTl$w)?4B0i2s!BkpMo8$Y_AEGYdUu4
z1A}dNG0H97WyQ6Cn{yeie@?8xXv6)R0^LnQa9A?N{t#QWkS9D~X?9lrZgGmg$GN0h
zflkk$r^+V4UhEqbPuk*Z>F)f+%DVO{AB1^-C1$?@CED$L+dYZSK%T8qwgg8u3li!&
zRJ0HR{{_&}TZP4wpm>7IahUUeM;&gVIFo0>i|sTD(OFS|zKVU!Ge+_7V883>+aE%`
zh5`$05M5f6^udNAq<;7;h1_tOGI;c9jo{kAV3FP$VR7oo?k0po9=3po+LeR~Z?tN8
zv~96!N81|fpB`;ftf)NXE#`bbK*#eNT!T=saE=58Q*6yJlBs-fOfjD`66Gvbj3<1N
zHAQOCml2)t(%mFf!Ke-7#UY>MCRi_GGR?UOU;$qc>BMbf!te}&*@9v|(7)g-z}v;>
z$Kay8>l~>{F(HMR`?ojQ?jI?F^Q7aWxck#%!lRd&7$y-w20r(`H`y-Fed0wIP_uBC
zXU}!Bh=L+dNxFOlCI}(x&at%O{3#ZClk5(RO%-xx0SwRuw~#X%AbSgPnu`~<fGm_`
zko^TcL7FcrYczl2w~&`q>pCPhGtUX;qjdEoHS!6kdH-h4|7je09h>xJy2;FE_MZ;F
z@)Hv*Er$jz?D`UAx_K%BSQEd*Tdh5G2a;=r#M%{0J~C}YS+6|&7mRj^?z1tng+3uL
zN5#s+bW?ItzVUY`Gm9?uzXU9Hu9soMC`gb!e-U%j-!Q;@|4bd`U!#(u|F|pAf8dUE
zlgA<!;qh3n9gleN=0yKYw>ib5ut3liJ*|#)fCT#STfM?KG0SI0C+10bR-VB<7A-$;
z^GrjQ^q_VtoMw{y{RlLKBg{)%=G=%ktHC@pu>hJzm7MP5C5v5NK9Pw{IlhO*&YKZ>
zb#LGqaZbG*-hY|fVLAxDT>wzwBjgWRyAWnMYcU5M{K;t#HAes!;GADgm@_;>$axgb
zd5VmU=e%bDAP=4K>=({>r3ss~*u~uKuNz?d`3xPl@4;gr_t$FNz!gC{y%CRD`Gr~o
z<eq-r2)P$#L?O3q29iP+yRsOA*g5uk?qDvw$I@Xz$Vt5!%MObPO~n6Hr&GWNNzo4r
z8}?D|3Lm99ctBIL=@H|h(Zph%{rtwNh*H}~tJTw&7q=uk*RQzmHIuRq3qX?4YCH@>
zdCU0b8GQ3xlR7Y3te^kGII_KuL`Syc5!@u$@iFJ`4EO!GT|V}-n7iN~23W3tM2F=k
z@Tk0V9)tFbwgX{4FPX;m#67DbG@Q2^qi8=Hdt*`i=UktR12}t8ttv?0$nJYk^Quyr
zN_={LNS`32A*kJxKSx-*)fcp8O0k&_FKR-k)g~iBXh4)ph`}k18ltRt%`mtN)AhmC
zPe(*qw=JESOZ>nPW!ldMM0wyfBRCICkAm}?=_;Z$pJ!CX9e+wy?58o0*v8ZtE<u!r
zpQ4n-Wf0{Rs(n?or#i$o{G>u`;CZGV#CX*jjIFlho3IAO-U!91I#5Sq@=iTj0ew-1
zUSRvIKjN8(YH571q<&?b_vV$BO(dyqi(c^3@nGQt*?g!1bs(~KPv*t!2+&=M<(%f%
zYg|1cmvjy{5pxY6NU_ym$ItT#m1r%@`*(ReiM`fV(ME0EQiYk@ls#iCcprXd3)ED;
z`p2qBto@IHnBs*%|Nnf07gh~L!5J7S4bMME?(NVLx3m)^wpr{L2D%uX=GcfvSbTvU
zm0j@AA)S_@On7?;$Kw_&(u9CJxd^oeI@4Kd9fR$|`GR!uxf*x3iXwBhdojAlw{T@)
zLc+OtM7teft_=0(1j(6PE=b!1bES~ElQ;M8y96k)%tPpxB>s8gM(Ki?9^DwUjCVYb
zx5KmVrfCZnr7^v(9o&+7WNtE#!IrId`^8E=*e`<z_L;9d6o)q|e8ShvWyw@HjK<pV
zY5@*9{xbZhL|>_UMf3k;E!>)Ja##n#UoN<ZB125RsWr0FIL@u8WV_@XInFu2`GOV#
zrdjz=zmE&_KePoe6Bp#M&})DHo^FOY-yLyGjTiua5;%-fVE2Ek=cQD<RObVHGH*`m
zx)^m6<`ttAfCdyL4FTg8BVASCK=}-Ja73~@*sm=gDkPZ&S7s-5l4_nVO7QwiYR5}q
z3ZSm~IohV`oFQm4n|bp$<OQ0!ZC*YKbwa3joF9Wvs&1Y0i&Y=V&QxW9>hIBNhVcbb
z#%)2azs`Mb4;+BjG`F;^D6?5S94BxE^+o0rMcsZb0{oLsbI;5*lc}@scBGOQ<CQX0
z+*{Jt35-m#$+;H)3XZd!xRvN!)!Rpw!QTf3m>rD{q&wT?>+aAZtN~D;MWQBY$L4es
znjH#(&UO@_**ITm9Qk$<%oTau3)|H2gaC(OA=g0LRYZS&W937w@WfxsG??e(2Po>=
zxHA;2hM)~FP#%r?o1u7bE&Y+82Ap`i#=IS-L+?UmIvHw;JK|u+vjxYQb5c&iJ1ON5
z{N<iGL)xh6zhbeR^dnR{eJ^G$#i;L)*aZoSa-ix#8!k_?DpZAN)1rZPShmGYu^q0s
zsK+fsH|z*EK{^*nxoHPpeOHvn!YYG>Avv@_)pI%<r{8$-V(y*L4fw=+w1{`}@hRVL
zPd5z<wjJnpRP$2Gmyq&y%kwpOIv1H6p_%8Pyc;hyamJKeR6XtnYdX9KTCI(loQwg(
z3H7-ps4U>C@FbH)XEkr$3{949M__Cg4|BkFnbkXTKC{Lh9B4wfl!7_zHg7I6*A$tn
zgv^SfZa=x<K{{C^ort6i+s?GJeE*?cD5cE;rf}ttr}dZ82^)tK0V)dSV}fKoT!Gi>
z^|*4NUv6}(Dy5tyk_B3s1KU0>SX`{++N_$^BCRnUm+&F=Dq4q2nRdW`s!6kFDYUKh
zy<o6cky4Irf_HJ+x-7^#UXaxQ;A1``1vs=&N5NlBqkxvC!IS56>@h2<<j2@Uj|g_W
zxyXFFsM`<9ii@P2+3^B4WBn(7W>~Y@WQ7ufM;{F6pTz8Z@S>)K5!i&f5d$A!N*D_$
zb<+cQnLZr_As&10s5XI^G!gPGKq2=w$?bO`g)FyJDiAV{X-Wm9V;FVZRaYw5xm>+^
zL6w5)`&0qSCJL0M6UaaVubOQjGE6V(dL2J+#O{4KS=H<KhLW#OCXf#f5y(5>xGUha
zU(4itN9lN$eJ6pcp46<mZj0=O3Ri^~CNRtH-)Yg2$%nerL~8Uk!ra2k0N_B%J@8T3
z=aftq?_``?I^`TI1m|26J%(9;aktpqm0Q{awPD1g^^n@cy;M=;*vT!)AfyMzp3V{A
zTfRs_uCM>hdEHGV-U6xKSt(nbq8#Uva8qVt2sl&VAoFkcjE1unnB(deLWPBJVph7P
zD(}roy;YZ6y8}fqBDqD`M3^|vw;lOysR~_M?RPJ3Mn;n>Lpf%FblO>Y%#t5;wQq(A
ztb$WuYAX6z_o1&-ikTE9VZ#{US|0{p^*ZSPFj44lGpkIu#;|&<Zn4N_30QrPqx7{Z
z8TXflwk&S@CBeoq?##wCns$Vfxc?HZk*o>~pn`e`(rI_)u~u%eu{XCgrIq#~0bX?E
z%92{4)O7O%6b5*&Q!lE3l<a7i|Nax6ZkP&mv;$9xj*Xe}$bw>kdXe;%M4<}m`AWGJ
z-4%!xz42O#y-FZamsl|Ye(da3TYQxvR?L8(Z1#%7SG~oG68IU&UbV+pd1A$U_?d{S
zViuoiu{$>;V^oPdqWi-xCkd!46-&^S(Cn19JNMK&E6-c`m-*oQs$z8NS2SsRVS+DM
zY{NmK*)*Drqv`WK@Oy7E=Nm#>-QBYU#|5DNC@~6fco@bFP3D%CqC6*uZfCf%X_&y9
zAcg=X2}O?cOvwq@J3%U%RV2-YCa2>W0f#r@$kK5{eAf_!#Bgt}Y&rBe$oCGqO!u(v
z^DncW1C1C*y$1xI$_EOQDZtFzwB8q{5~Y?i&h}Urpz+k0vd9pOhu`81r6Z~I=K<9Z
z6p~}d>@!IH`NlIh0c!DWtVXfQN<d9$mn_G$c-u8JYht)#Nq&%@5cHWoXZ@poIw|TQ
z^%6R3?4*AJ4RQiBIw1{d?xl?Wq4wHBdx>1xM>Omi(B=>DRQE5E!xT*99s4=|MvR^r
z9G-@KUit~{!<nZA^BF<<O$8%h8k1$+Jq!L%bW7*ao(7}4UMloLQnyJZb=~4lB6Hmd
zJJA<C5Ql;^%SK-Rf_!qodR++;ksUkWO1srcRH5?h#aMW7(0?G*OU&5+66inPAS%C+
zjAvFdNp!URL)#Zn`wF9m<p(Y8rEmD)=&It%lU6Al_}q_(NYLC<i#ojkyrmemJvhWH
zhT}_erOkoQU&JyfY<wjSGveU$9(zp2Vx;6EW>34oe<rK1l87!DQ%qna)*SdIAR5FH
z3&}jqoIle-_t0_`P}yo%T}0F@eG_?NalSpdH@-;YmOiV#NbQI(?A+2t>Whp-e38v9
zovFU)ZNV1<xuy50FY@A@Ytewk#SI>9pQsEm#Mk1*&B^8p|29v95O_Ehy_NcZ0#Hbm
zEaTj+Zaby((&w~Tm7kjpb`v$UDTv`XuIx6NhxsrM4LA??!cjC-6#DABX_0iuW97wR
zxRK^~VS0fr#p!*Qrgy*cDG=4pKmp2}5tAKo%s&aQHm2PVjH}&h)ZdKm>9B^9QJ2uy
z9g#C<wv8+6jO>nd2u6}om#FG{1s=(OeID>@4_Y9&9Y2@+E;y#9az3#&J6+J7Vb1M9
zM&8nzsjXz5b30sCqSQG52;7<j4<x$-1*t_j)9tC8e>cj6Nu92m1iqR&9a%|EBpIiw
zPj`m)rh)dZT-jHocO!JsVZ!;}ghO7zKV&C@l8-#LoL3_Qsz`7?!x_+9Id>jMg{MPX
zI2{t_+{zLhBw!5;rwg{tB}xqxlQv7C%EPV1W57hh|KRBFrV?T+otmk!8Opy<*n>KQ
z(ji1gU=DGlTZGIr?i>q@_Z5=p79_K?5#Z!cv*2*?l)Ty!9j;NLJBCSgF@Pg4Ug%nK
z0}Rw|80eZX3>5#YMOVF>aEQu8+8f7A9Ts%;N54Gqp^xMB<tj*}7+VkKrT{jW!Koz{
zc$x_8GG^lTlBaGjd2D;xt#2=z+4gc6wwJvqiXlSYYeN=>mpZ2^eZnNwjh?5&_M(KP
zqn*xF<^3=jfU@O+2p$|cA938p74BAMgpu^j3K+yqaT9cL)4B1ucDoGw9LTGp7zMUo
zahg`1!>noLEwUK(pPw{}p>~XqilH`+XNRA1?RnJ;@Hs)U+vTbg#Fb+_Ch|=du>SIB
zcc2E_+L3kG4vVK>1h2EDZ=`MV$3s^|l;I@60rIxqxET)(_Uof<$izWNhj3pGqMI0R
zu^`O`s1@1*RzI|kEzg9O>)xVsB4+L$r~8V5_RCG)rSpaE_^&u;jj?mq2<tFenMa--
zKDXoEgJMdZrWfqRE+BYEqH-9&%|``H@-0>RJ?bn}0poE)9Enq0j5n%x@<2AXR5F{2
z?M%jYic!cgQd2VHkrjBv&8}8QVv{qGoaV8$so3sh{6evQ$@;G+4N7Kj85Ma(;urXq
zlJqC1AOenN4USZPYht=nZ(X9u!>Y^UW6OVm^5I#qQHr@QEi+)|ieeozUo1vJ=%=5c
zWyTno7Db-2-N2trTxP^RUvU)sN{fkA?{HQ}r-Oh__wfJ=*tIYI0gdqR<vO1rwY7`6
z*BHNF9Q}R~eZS8qszCS{6T}{_HuT}gGGiaI4SncYY$Ci?-k^)y-#^w{K_MxASbn)0
zNn$9HkE~<P!x^0a7sfhd2ssa>asKZ#IWp&ai!ut-ONRm`OD-gq6V|_&JF3huhOfry
zW2hX5W0>)A>=^!H97Af%7(N&m9m9%oCKKCVPLQPchL(dsLEG+-O4ut;K_S6$OuL&H
zqux!7QST;HP0eQ;v8f+FN~dtLs>qp|qN^P-gd6=B(#o<SzAKH*29fh9s4YJ+qB)Y)
zKzj;+@zG=2o`S&S{H=gYP?`|E>QSEjYLkiuf^-tFU_#+4NXSaVX`-dw(${#NDC=+o
z&6%3v9fuu-$w>1Sxq$>pGkLlghQfwWOPle2WoZ~MW2!uEJVevnqyPvkiJLS4C(=B@
zZ<_KksiP?$>d@1NEWfag&NVjNx?qts*`9%a(v*4O82@V`i^b0Q(C>&ocX#=99(}+^
z$do6HReAItlx!RWyGq5^sP|CeuPD8W4?bpQjQP5Hw3de^uJvmoiSUP5<>(kDk~l`G
z{bQKL*gSVIuig#hRi#Y!;Lfbd)doZGYIh(n?BrIR*9=dBL+jxvx2=p@jdrX&=h}f*
z%e>>u$9k#s@D4un2PDZUdq@o*oQ=N4pyXcXGSmy%1%+qtFId(VsFR8b(RfU;Y^m;#
zYm8fJQgzROU~L9=Yc83OH+Nl!d-$Bc@WDbr6X1fZq^{GP=4pfHf%yOrv=wyt;cIxY
z2`HXKGq$?{E1{j=lJ=_5Ad!^SDh?t6khvfIvzL*cSkTiY4c#?7d@_2p{T<ubEd(dl
z^XJZx*<l$KbzK|5!#(h57*#FMm|RXqh?%!wtU<A{D?nmDUT7c%P#eaVnKg9P+7=l@
z?P9$P37xm`;!Z0?$rOcnn|Y&!PAF$stZmIF)C))~9OV-L!+%uO{+(g@>`#bpz-X_G
z^Cs~@SeiuJ*OWYn0Sc2Z<NsPb0u$MUA{6Dg;XXZf9%7==YxXhd<DI=yhM&;+piDVy
zw>x@*2K)7-+iN&Qp~ui&wXcOX>L!gvCaIt7fW9kZBC1?A{&o}{#?iHR5S11>7&^~@
zV~zp`U0o1lltavvx;=53XVg$yE%ZCZ2%yh(gg%k3s|gdhLK$!-!udKFO`m>RtS`TH
z@8fc*zC&GpA5d})BxUCgZTWTNgQK8RC)f&fH>oS|rN!C`oI|zVyo0U4sg!!*4z>d4
z{vTU`J;*Qp|E=|>#ZWQqN73NB6E9pwT=aDddw;`i8JUs;D1|r!D4$!TgL2lt$Rh1_
z6_oc;@`KwkyfN~ew{K7v+7`~2M#}zZ^TzqFB3C|DfU#lp&5OEBd$_V^TcL$I$N85L
zQv)k}=~JpIlaJ&vy&iqAyNO#mjESj*f1$Gndk=~`w*u>0e|--H=)P1`g+d;;VY8X@
zT_hRacW4&GggZYGch#%kr_fokhLoOc4>Coc53K0V!dt}Dd`KDIsOGZ@HLA#6e}1Yv
z=N_O+Z=sGA1MAYWRaDK#EfvC4%u43UW|Oi?`U>b6=bIf*3O+q;K&KC<0N{8H#Z+A^
zKv57Q=&>i`dte2pK>PQR4%b9ze;f{K@qBxW58Q(vFdql1P<Rg&cS=*q#L#~WX&p7`
znnIy`%D9}iP?z>tQz}kHe?_`}O3xlxohb}i11r-_0Lm{3^48reW7J>TtVBSj$Eo*6
zV(z00wN)|_v;1pEuvIdcQXh;knJ#DNC+0fzdZ|?M4Ygh(rJf%_S2sXu^hG@${C4I!
z-n<Puq!8gpdOWDngStEuEvU=$(z{HTX9fJqpWSL{;qySfk974=RpPQOno6AY>W^_y
zH&_rmj!j0DxO`HHyWY}5B`$p?wB1~J+#(*21Na5nR%M`cH`tN=I=<w5*;??@I*#nM
zVKt=F3aCV3bwa>Ns&KQKS<r`;QtRt@N2PZMl;nJGz!vB@%lZCBmlj(#kix`aGxHnb
z7AM<n&B|%I=*lPYfDdO7&=YNRX!&78rSWK^gM7BQkZg3c45oCz$R>A_Q6CHK2(Yym
z@B$!bBDA*K!d4iNU-v_ETcXW9qvbF%j2@uDJEQl5d?5GG+c7#)H*UlLn@!02-ZEeJ
zZ~P8U`i3IazcHmgf)wz-Z=>mJ_-!<O)j42vDT5YV1IU02DM>lLpqcnlSRF>h?$QC;
zQo2G3wz+?R0g1Y+ioeNG!y9H8I{b?(`@Wb;cQ~Kt=!T&(GoMLZ(A}i6XJ|b${z_`F
zr;AYy7HD87JU&(nb{}T#y~w5+)xpHvPV+R-G`@wvs1z7zey7xD0?G!`Z+;75^CSGV
zxTIPQIOui6iOy~ZI>ldM|HYG4-_Ex@u5agWP*Y`sx}85q$x;E`FkUpk=b!;TH?30P
zv*k*Lvo8!V`UXJ-uw(O(fBj8U07K5=a^TrBPNgECEE?lPp|b{aa*!?vjv<{Q`Q`!S
z_RFRWYGgVo8%QN(TeF%XeU;TDy&Y;p%MaeX!|nK%Tk`FBwFD`+EZ54D($F$3MT%38
zYbjEin%>MbuO`o56;XPriZB~U=j!%m)-m*q_L2iNmMWC(S_x8Wx|wbmhtAa|H1nTy
zr#OsFXeUag4MTSD-Z#@tYuI&>s$G<{)-ZRi=jwBJ<V|8KhN*M6my(S`VeaM=N0?%4
z33)<!%Nq0=b{@O3sZ{IAKd9cJp{y(Al-e^CyYlTDY6GZ@M_pO6#?Y1drFvJ!Q?2zw
z)vgSq<iD{icTiWJG`2)t$;PgjNDpd@XE2;@X{dz-zo?A`H2W;l%7WiC<wN4ohP+`I
z4f1I6+0|^{Q|uQ|m^lY{vpH$XBI5hDdJ3^k+{vg>+S0I9dPB{wre^C`7<xv{{$n*G
z!_$;b#&)G}G%n9L%>$3>-G!93=cuerQXAay%9zg1cNDs>5uM%#?@ECeJIT49MBcg>
zapJ=A7-A;}9*R)sV?F66-CNB0K1C8EXlc`sXES@-6$R%fL5XH==}>ZfG3S&Z{U$$s
zSaq`y;(XU6&^-_kn0fVd>bR+ayOZ6)F=0Uh{QX(}aIBduyxme2Qb>YIj(x|KeUe1Z
z1b`lUHwm|Qq{r-S89mmyEs;=%?nc$}VX);74Y+!#hbZPTqQ+-u%G8N%@f3aQZboCh
zlo)%0I^o<xwesT@Cmf+JNrqEntIZu0fNVwYEeCDd>3Nl^PhQ3Oc95FSW^^x*5E!hV
zpD253=}#n+cWlP<bGINhalQ>GDaAANb2@>4*hpuni2c;)<s2B`UXC0Gs+8W{K#3)`
z(<nVtJ0qnRHF0NWuK&Fxgu2&O1fOI2B{J@OVi@3;idQ&CTe}xuL?jy;ysJMPnK?+H
ziaRZ9kS%m40Oh<{K;a}QY3(34<ir`_{?=lefNEZns8Y>y6SY|iB(hl&6KR%m?n0^=
z?_7}f{z*NcQ9qv1&THD>>EN=XhWwLlFn27YoM&J{+Q(Gn5jlq=PUfsvr!}t)PV3hb
z*tB+TV<es3ElKCY6zRdJAwM18kcRyIiKa_5<biay;Kw|6K>U4HT{GU_6yH)se6_8m
ziuf*@rXn7)U8*9^m94_2%}uzjr=oJHs$Kt8B6042u3hhz?y{@u^>S3bzGn}&N-a+y
zPy+P!&|StwCI?_-(R@2<*#GisRKtE|HQ;pyqnnSm&Z^KVyjUS5oZu^K<M@Pa=p=ur
zDD(mh5UY}}==XGJl#YGJ)^Z8HfOdxcyN!?9c3f=rUzTA}z=g{Y)*@MV?1B-jp=D^a
z>mWjs*>&hP9sCt+I<7;Tj_s%;>FW#aI2~Vez8guS=SwFeW#>R^<%pzj#p_7w=|#dF
z-=KsjmI?_5EbWs(-ks34k74Pg)`&RT$j6W+#|?KfEX`<54h#Jx<Ovi2ol-@pT3|Ey
zxA>g)?7PXo1)nnwFry#7p$oYi@kzg-LKpDG$#Vv({w+LxnL+$FgzTC@d?lvDc}N|X
zYZ(TEcooMB7<1SPtv@Qws`W=p3~ilYz|aD~&@qIe1uBLXs2DmOF?4DaLkj>yr}r|c
zD2n^w(*MAthN*|+445j$MKRU!3W|Q4G-Tae1*i1<Cf%>f;V|xVZu57BEv^jhn3Uc|
z{vlYHCYTlAVz?z^k=j5!SH1TTo;L`YrwG+iy)|LmP`vXYOqaZ23ivGXHpQyPk08J(
zdHQ`l?3h{Gl~7|ePG4VU=dtIXs-4G)7Iq$2Tah=M_cz8H`ruc7Dbr$7Uc0F3P@@=d
zvF@heuQ6^4I$Cr||1XzwQ{dL@xMDY{47v-x2R13-+;bj-xm-!CJ@D}Uf3z}gQYua*
zK}mL?q#-_=tCW*Xsx1I^FPAPN(DLDg#c26Z8|~gl%ycH!`oVf33MXsA-(nc~!7rm7
z%S#u?jwScy7#?lu$2j+Ni}9O07s<6WD(5wk?X7jnn^ypK|9Av;yO$ZTuX&j;O1>cj
z;GKmOmAT2Vk>ciBtbBqre84)5l{IwmjhC>4jg+1H>Ps;lJn|9r>0l$aSY<$bTnxoZ
zTodbf1yFO!RglO!u6)+0Zas{>TK|Y@iW<S2iNEBLDJng;&qLO#|F_H03RSSj*x9^l
zW_C85A05y!Tbqzk?)U&T+YT*U`$1cWZ-aK*sEO|&p=97_fDU0aon=s)UDJSDptu#6
z;$FPCrntL%ad+21ad#>1ZpGc57K*!5++9NQrq6uek0g_s>ppw!ZiZp*oSf}$qbbGb
zYL)Q)dCyHfAjKq=@hM3UXhq)r`{$OnIcUVUb>_QP<rL%x^Ynab2eZ;N<MK_uzNfF!
zMg{_n*3d8aA2S1)hd00Us|wzEqoy@om-#y7OU%W>p4$*uArKv<;HyaZ$$vqA=l~MK
zuQ~ht`u2OIAIy$8@ky%(Vb{;}gJ0<dO#{i7hB%asKk>fOw^pbtDcR@!cCsgfXCz<T
z!?$x({kX9bdG2k&WK6=N*<uGfjri)((_$)XsL#0=s2+q9ctwNXYt?Q0Q8<e-aiiBy
zVfQDdD)`|PTtKKta<;Q5Z628)EtW8%2B05#HwdA9)CRD}u?ynIi{}s=<23m}yxR8L
zr*qf%K7>4hGBL4y=d-Slgl90bw@rzaA1ImGS3)y~(f5)8?PE6)3Oy>*Mf=e<q}Su;
zcY?B0-D77ZVc?2xbrD#YSYYm1iHV5+0rZ@7hQInn@8|Vl2QFX3W3En9h(pQJqpt+s
zKJ_bEHgAE_-v`tQ<G}Xb!lGThl3-1YH7++|6xsiA+k~~JzqZt{Dl8vJuZa5W0WOHm
z>*LjGEHxg83TJJ?)I9r}wqCbHZas|I4KIV+z{<AWp!4TeI%P)ZchPs&N~D*mhDkq5
z30TIjM&4I2YOl@E{US<SF!gVJ^zZc0#NP$n*fGIuKIXm;#4a6qS1&yJuFuFN1J*rj
zHi#NdEiYCF2lazM*Jw41-Gn91M^pJ5Nuo9G^)XkAeibjW85YwW`fN0*opRosi<hd*
zf<hdzl2l^_-j3g9IB`h~6t3Tzq$k;sr8;vZ&3sNosF>jYiW|?+AsAnKcr$&8)v*p7
zjzBQ|HnW0=!XkA@mKvo-kF|11IIzC>E;0xXzrA)`%V23g`ILwW1Y&?Qs5|nM3A~=`
ztkkFGz`9pg3mL6kDwP);Uf)Hf(NIy<9HVRHl{dnf8@8VC8aQ*zQz2et8Fp68_0qbH
z2)=c>Unv(YHvv@b{T^bF)J7x03|+{7k66_{Q;MYd<C5r``&$ZuwmB+WU*+68G)K+1
zApbKGd-^CIgw2_&19*MF?DN;!^B>Tk+S-xqGk!8`5NKhSX0u@c1WU68!pXr>cQw79
zdFhT$(NlL_ZeOUCiw-QA1rFJxNxr??AXVrdVzOvWWu<H>beF(Bbfuz*c;BN%aJf<I
z`!&5jG*2=ybFe^m8Ao>WC||%qV8i*+AGVIEHLAT=aZ%h?uYCR<op$vVqeS(Sm-#c}
zVJCmCf$&Pmc9(jq7iSFjr}fz!=khS$Tnt5y&S9~8hwuUB3aX2J5N+*QLgMTX9-Yh0
zocRZ^U9+zkL%Wb(_caXs^dor%{ow;VRvjW5>J@Shj@<V>%E4d~g~8z4Jv&hQhQxv6
z`o;q;--EXW%v+j9|8A{W7@KBy6AzJ$s3BJdA%3C<{2^ncX@p2_YSK@)gM-3f{-S;t
z(IQQgYai+M_k|JS2ZKGx^~Q239-XD9t<f-CgUiP_Ng`;}_b){h`HXUk`<)Fj!(HvU
zgZHRXY?5O+Jl1dF$e7Bdy4gBjQrCDJKhIZfu^GN;_UZOlZCwF-U(QMHJ$?SZZkZP)
z%dfuG+5V`Cj&$HR$!<xRoZB4jGbzDnAXK1Wq`3=FpB6}2+3?C3Pf~Qts0<?)I>Gd;
zQb*WJKfxICDPowmNoXZ2%zB~uXaRwzHeb9BGy78h@sIGxQ5;-CvNz@P9#=8nDQj~a
zU(H5!41|%2#}V&~xdqAXHT42NyuuHgrR?6>-xHIq63<FqQNr{}&mZxgDUyCEaon1y
z5ovh{AyX`ppH{ES79;l9g<II(DXQF~!E^_BVX<mVz_9mdCT?2xXx4>(-c974c6nYQ
z&Z7F;cNz9U>fWxed~ZUtD}w)lRKi2gBjW;9J?A@>QHAH8Mz*8COp)p7LOtaY-*3B;
zHrThba&*V8Q#+r6VS}>Py5-X%Izr!OqJY1wb&d7q%CqCmho*I@cxW*6^IRMjN8K`2
zP64S+r5Rp--=CsKe##Z}Cn{*o!sC6x2{5Ou4HVbkW(;@ZS!fOmUkcA(EEQ-XjP(}s
zr|TSkU!U$@xtPJPvW0bkD$*-+{kFioBO(i)nI8HiEnsbcZ>FIPD$6;tU~e524^B2N
z$-6LnIt-xQ80K+3ID13hzIo@CiJ>z(sI*Cl)a?#Yjo9p{fkj~`x5NXf`$-bo?l?CH
zVDhYxM42X1)Ue{3jI~N!Ev<h6i}ZDP5C)IBddY3r!r<+KaHPl+TripyTYe>bBat{O
zg!9<0EQB;$5bEf+|4cA@Ys&AmmTk}QeeG5O4hy|lgQGeP_-h@9*YA9r?aPcPzMq{0
z*sUEaGU)Zn?Qy|XN7?`Z`7E?GjDI=_8ffvpq-*@qxy$OU2-J@fJDk<gf~b5outx*r
za{F2RyigYwH@6l!r&St%0q>Vv7&i$qbg3%}4~Rv}GOT`1p5eea^<zP^#%C=NL`Ms)
z#ztu>_o|tv<HqU(;8Ui0Dv!P33RV~y>8CkVE(cLa)TnKr7djp}!*taMNyd9$WwfZx
z?xluSqZrskbQ3@<Gc8cidp&=gl!G~5BKTv2)Hi{BrYQSGd0x|qrIWKji4akZ`Uo5z
zyU_*TcVUMl;h_S9&z`OPRrb6P4u31no$)QHxxR`YeY=0kFLpyax$Z6|pUEx<{}7W}
z?(S`k#q|ulYVt)j6l1%bwpyR&ABpSjKUT6gw@*zEM&|Gb3~VH>W;{jnqN<BfulY<1
zsX(SZk58|ygom+@ifTvwQ|y)yd>@Vth$b{<*KA+dQeI<Jk$A~bX~FFsfSYL7?u201
zy<@hZ^h|4@TJ=KZC;3|6XnWw_Wj=$dYw3swz_g$+Z$p4u$bMR969M;BwE=s-?G;{C
zpq|FKoUeDj!qc`BFSpY2&>%sGZJCGJLsxaruCO5MhfxcDR(JP`OM}VPQpM#YiI*sL
zaHo{LD9`1Mr-I5x2@zG!EeMVzBL3z2te0Qz!|q#(9hwaHkiaGd-y-0xjbm5<1#U?f
zN8`G{FDrC|zMk!--*}}wZ;)1LZem=i>a;ZOaE2|qIx`fHqf7e-YH(J^K2`E)oUyj|
zsNrRh6}?Z>8QX$CKDLr;EXFh{du&Wz4d2(F(kAe7sFph2I#HGtc2Qw|br_R>e`f1x
zqbu>PN&F%lcL94Lhtny}YjtVMhw`i4SKMXGPS5FtqE|EEsrO|Lsg|hMa@Pr@m`bi{
z&P3`Zw#AfiN2u3km-KwANZ0wCT=IvtH^cWp5zXH-nwM<S(c-8xRdv!~gyn+gm*7a%
znA&;A^)_WFPn49nFq33HM)WC~FjJ*F8J<q3w{;n%U+pXsLu(&CsI!~rns0IO3eik~
zB_)ROSQLR*xw-yluJ(5Wg%t$AUw3X@Kt`l6>mQ41vRv{dipZ!ht#f{&MIIAnk=-q<
z#$_OfCyltK){J>CA;AQsMBVbbvz+?RSl#h)BSs;TudFJq9cNzLBltX2(bu99x@ZX}
z&L?dcNnuM7^_bZ@@#xqk=U#Q97x!Z<27+cgpw1m**iM?QUwN-0PM`MD>}XJMx|l~o
zPtlPdY%>ZzkHlrp#f>TCb8gHkez_K!V0Ip6x8DeI#)%5N^&d%SzE!hw6Raae5T;z_
z_O){I;jV|_`u@zcRU_M{SJW;(m^;4`gg6|t7U{7rujTufnTY4xPuCt53k^QfC^U?R
zUwB`LBVortnemr@jbh*-rgnacbu`h=4n9Kg0R11hHCMqX^iPH4p{(7Gll-;%A<XsJ
zJ>{3^o6eHB{!(@2Q2}*^%g1Ukn-{s{JGsLwj{FgJy3)UXlUUXxKgqFfe9jkRb%Fo-
z@bv3>h_mC1tu0+k<0qtc;%SakxQ@pyU26ZqXJicwTyB>*!p}(ot_V_Lf1~t%m7mLR
zrRPE5BKlbp%gI7aLA!&f&5r6FglA&DLQRO67sVZ0Mb3@T-2m0z#;tCcB*RP_lUA}s
zb6bNmIoRjg6_*5`IpF-u(-Ahm&z~pM3n+iDoMs=gUrkP@zj+IesLfGgo8Nkbn_3ik
z=0Uewf6eG-*i%Ao;KY+~<{^HzZ=aKx(0C~ap~};<=0q!&yPSPubkg8h0W!_!?33T4
z65ed3!4^*?n2=;H4TbE*%p)IBKj#bfcxi~QRBXgGN95gKh@L%?nIf_%6!8Ml=X4Yg
z(gKF3>`H4$C4~<7Za3m;^mV$Pqd3P+p_`uP<^peh-e?MC3*X;>Rf;~+W&@GVEf9FO
zUd5e3Z2YqMXT2&^${w2$YWk)Ta`=_YaCy|tKFDqP&z|OPlPE=KZj%T+CvKC(SLI&$
zye%P%eXN}2ckdne4WmBA4(u1XOjSiNhI5&GrY3u(T|H!<hd}{wNSrEF8^y0t*-=_y
zQ8rKg3}k28_8zeQ!h+cruXq*ro8Dw+!fSOV2^oL;p*82$GsYH4V@fO1j6)>t7DC5A
z|0qcq_F`HpJa6!$7+zl=C&NSx7*m-{qV(A()`B$X$;-1c!F%HTNp>5a3~PBkdy~NY
zxg%NGc&z*=g=u=ebiYC#+ttU3Oh#rTgqVBOTM}ONg6t2;#?aFiWf4q!C@Ev+N_I+K
zfQpeH*kqMK(d@ko&)8;c#D4F<C_5+vMQQB;wquT&1v68Ix-~FW{<>V5I!IS0RaVe$
z6-j@^rX^ADNjXT?6mNOnNOC~>ORF2dVvtu4ZkM_>p$F@4=I-FX)K)z6S8G`=pp|{;
zR&qW6tnl86dv>q@!D@B_bKM^+M0?R20b=#+id~R&<Y%Lk0KZS+8|w*<sd`+mu)Op{
z`yS_75`ny_tg)W(1osRK@IK18XJ%&jswJbCZS_=?=VSxO6H8h(Q3>)FR9(XB3Kwxi
zUQ!viZ$-zdB|gadMT-CiK(srJ4q?>c2b3|wYt)afr;Z;U!Z6~h9(ma_$#n$>-6EQu
zH&2Q5mqI9PtuhXgKPLu7jI5!e*J>HnyGE#kTM?aXsJ!Jh=dS(!Msn+{N#CWkmapiC
zaBHmbX?0`ESX?VFGjnG?+cFO6#=w}wIaP%$-g~c<buG=uVt$`8Yb`3I{xMyBpxGQ7
zyp;RC=X`Ukp#}fFd-ATn+n6Z7ORo4^mvjgX!PuLdLx=U=<YTWzQkk$E3<du0&TRRP
zOnyk{*-~-dN7S#TQ|6mddF-moI#lk+S-#oQZ5N+I?F*@O``M8@Nu3Jys~aK}0*kHS
zv3`<~J@?rbW8^gZUWelTF&WQyfxLG~fJHqoX717sS{ncApaVhPrlU&hP;_GHlf1eU
z9^zT3Et#Z0A|5H4^fwKWRACv=0$*$pO7LZ=R%{T4mwoZF@voTFD>*Lh_^mealS~}G
z_A`bKUwI)ngmJ&Iu6JZNBDA_p_I^E9xAu$Cu<6(q?r)>o!>y8oR}7}J;>Wiis&_Hs
zH*GEzatF*OUsJP+Uiq3@we6KoZZbCYlkk@0F9OFA7Sy%~dNp`9k=>9sY!a9S4U(qV
z=7Hb7kQH8i%QdV&oNpe*!((Q{b?))BqFaG+_wB<w6w=&>EF^F5bL*b<AhTX^EH1r#
zWWI=uo)4*pm79Mrg%&mu+-SpX@bxf0uK>RyWgUyULrCNO>Ft}c-L^Gx!^<oCNbf~a
zg2qW%G$wrN5oO5f>oH}>JeEPoAI|Vd%%e|wO?_wkAgW^q#cfdN9S(*P?D6=Q@3)Ty
zbhg5W(Ean8k1*Gg{r2&D<Qpa$wo~CZA`TiNws*{Cp@%{3*>#b2S?}<FuUF12F7|9>
zUlMfb&S#to!85|=guRoz4A%PSyMWwx)Le6=p9%V8$n);E`hubdO$|(o?zX;EN_>Ko
z%)~KjLLfGJ4cwxOcGtGyXBHzl2|hAK@=3y?1MyYWILODO7?w8LDr0-fS^3rnyEr?T
zCrRke0=A}Eag3TE@T)*cGSLD#2o7(Z_p7~C>S{s`*Sw+akvN9ck)SO-I&qZabxGaN
zuOYa+Asu4B_?A&Ysv);Pl!|7gr;>}4bhrnattwuEiQ}4sJC)b^?<vpt`X&Cm#vt(w
ze-ny;U8JT!bZzV%;t$%!v;lA!O|c{kr2)3V3f>ncj-BO>p3TN&ZL$93I<H@00`e36
z1Ml*{vxNvZvC7+&j7~p4#u~DYv|tXv{I2eM&vaE(yM<GaewAQ#i-e(P2#%WNo?sqz
zfBEz*;P#t#OX)@KcBa(IwsQ8m?c~u|Uvs$RlQH?<rP1;Q`DP6-yE6Z8JgwCUyrKlB
zIoB}}e$E`5*z6wHe%Z3xnbNQ}1ohE#EXMfEM4fGiU(R+v<`@WG_0~rNoy;-H&vrM6
zI;9nDU>5gKz>J+w>p)ZdLkohH;bY(kOPs&FCBBr9<XPb<yBWToL81YiFuSnHl_TCH
zD_&bH$i!fYzSpb%)ck4K(xU=olC;*xy6Cp>JX~4J{5%}ax`R&~Z!o}$r=M%YG|hGu
zoeW0uT6snWnPes!x%~>8I}Gu088b>URXIJ3ADDbB^!Pd?<>1&a<-m58SQIDmJO<2S
z*`b28?M(RXgT2$Q66sO#eVP4Jt`nyPC!WTZe)mb;u!D9>KxUG5J#LuZ1D~}GWd-oM
zP%J<^uz=^Nfv0hw)p5fdcO<~EA-uaM@v}@y`6k-085;eP4??zGYi50Uf%hXiO)gTu
zzMLUUDh*#CkY-N=d3bweB(`whMToo(xH0KC>??^a&U7zR$gGKxd%nuA`lY|cOoT+c
zD!YtR7QR~R@uoWt2I7<PxK6K|bmiyjmCxDlSx{JWc0|jzUZ*e}%?@}#4@c_aK?zcE
zQso|TomPfhPH<<qgXarswh}?8;!e!(iN}bWK-Y0(H7^n#>?Lcsv7t00sTSsAfX>tK
ziO!^L_T#<O(7skZRr*z>f=nC>Ak8459RPc~<j)a|3cWG0A09gHO*oKWIKNXum$IPg
zR3<XYm_V>7xp<B(h8~sy+8U2ewIFY=Ig;Qq-UiC1`@uO0#9Lh$^dm@LAvbX(Wb;f9
zEyKt^ebxam^b6qA`lVLuStx(bD&hY6`RlCK_zTJ8j?UC;3P+NQgDKxI(_sPDuOG5}
zbt)CdcOV|ksA0!u;c3+pCftyDQHrY-%7qej_Gcf$rQoigPg~#EB8|ML=IJfDUK(Cl
z8`W9Ubo*870N;&eE!#Q2dk>*zKUwDx^q&>aZ{&=TyhHx<^zJ#${DLtk3f94_UNYx3
zA7$eCD1ZWPw~5zFl>C?!WLKULqZ>_4YJ`>*1lG(^E(DSu>}Dru>1EJz6K3ZPzQG?p
z{XmE~Y&49ean;eD5>SWKRAQJNgq*qbnBOGn;9ipcWu5V7t^ae7HgF-^o~noX$bx*+
zeW?F8ZK{(o6|U8*$5f^OI@)8~<6UT)1Xj#@(Qgq736)P1dtWcP?pek^bkw%46?|o6
z8j7iu9DuL6`<CdZoort)K9qD?Fiz-xS@p`^lJbt(o$2^JvqJf6_A!N;H~NI0?2G6#
zRtaZVuf_eUX!lT3R{kccxr4m0k#|G4E1C}@)_1XkTNCQq2*zs7m)W1+HTcSH7=kdg
zQt5*eo@!Fo9Q$r0`Xg`O<2XCiUU^1Uf0B+ebE6}2r<u73|B~@_FO}Ae4Bg@=<ppKV
zP1fHbOtE4*qg3srsI(&GrF+Ovk4|B(f<U;a^C5%S|8>cFRZ*q#fYGBXtM?c+kZ<7#
zIM2ubttJ3^0}|;Cx2VlrD1ub_(R+@IFDF4~Qozh%oI>*ZnU^+hO>29@&;^C3Q-D&+
zG6{ZB84+R4f!?p9$fJC}H?;`dH-SCRKU)(b-b+5sXBN}vCKv8g<@NLe8rXOnDXXFZ
zWyo~_(;SF(XB8b+C%S%qSkLPBHrK)C5vHTkQC>I_jM$5(o>@wZ-Fg9$WEc-Lb8yu-
zM-W8JSe=hvW%|9jS8BpevbduO332+eZzJOFzaXQ_f$k?_$9+;SjOqZ`^@bm)Bi5wq
zUCt|1RNvpuM4dVo#Dz<$+}f6sdE#$TFFXZ{2ZRnMobphddXaW646s69AK9IN5Sj0<
zdg4<g&|M#nQTe9vuCLDyS$}s<?-&Re4|?46+>lRd7fZMQEWF?l>^q+b%J=+c!|1GA
zJfwh&mqm(_*btdkuwG8=O-uYm&yU@?DEXmCDgXF)Rr=B15Zq6rp_Vf6*7OM9k9;%<
z=03^dUq)54=KiO~xfAo=6XcbrA&c6@9uwww3qxBRFpC(Z;=I3G%L>;IXp>4|HX`nX
zKpsOx?!o#<o+|=aD-;KcM8yNuB!_@pQMTYRBh~scxuVSX#e*omPU@H;8{c1+FuoiG
zg{Zm-CEPQVv%BOQ*AMUdhb@ynV-~uQABRiL^qmOaPDFsUOHO20L`8ll4B>u{mkik!
z;}J8bBhnfuaE`-JWcJ8gle!jmrCm$LZ*qyk|Gg;#9kZssd7a!UX5gG+m=RbfD8>oP
z(@!zY$IZ!GkMJ4j8GY5qlJE)|?ZNH{W!T5V(9e0)7t}C^LvCr8xeupupc!O2+>Jhq
z$;78vdH3S;jh2s|!<p7jWwU=!?q$N@Ss<GY-#5L<)dYv`6Mm$;4qi4FzCfDWU^P;T
z`Cu%*1$;y=Dy-gs>>#@fyR#x)S|G=6VM#HECUZfhQIQfr`gi_3t*TMw=JJ3u36B}8
z%{BvLCgI}`BCd(AT9)HC^`T?-gV>Q~fA6JvwWOxqE%>6x76iVLT)#_32oURR8J_ZR
z%;5CXmh$@kGp2b-T*iT|ih;jmvIJW?nsl1oP|Ym@`sh0*Cp+-X6%pF3;hUj(^Fgqe
z>5UkM0a{M*Qg1x=$gyltFA#rmrBHGv;u?~rL5M8|OB$BG+wT5Qp}EHTmzm(;Z`c^k
z4d>p=1iE(U_}HHZeqlli74o+!X5Y}-_to~>XhGzsZOOx@h$%k$s#I5{v(gy#v6W=8
zpKoarTxHPG2hg14VKXy2jRW5s=Cv&C+&lP^7()Cq&m8=cXBB3D#$v3$5;c*xb}rf=
zyTN7bD~3N3TmEd_QTGy9-6S-O?_a|5^+z=9-1S{GfF7-#Gpzp@NPjfiy7U#$;4k-w
z<Cuu)49?1y*@2xCq~Iu8b+c4pakdcoI%k|R+Jv6cm%e=-;Nz?P3ie;FN$I05)^=SI
z+Z<ulhF2O^!)wguVJ{2&yDrYRXjxwnqB?E9t2FN3SN7TS*zKF)V9R2co6Y^g*#3|`
zbRa4yPNjVHdqev6UVX{sEwwyv(T3x5tFPi9o!{e}^}+do+}2ouk@O&f)$T&uq_4-d
zYWOBD_KC-zQbZa`uJU(on12^PK2$7PwhWDQeq~)NHQP5^U45U@d&xs(4g?AB`w=@O
zYUt2A^_7~^Zz9*WE*YAC8Sid+Cm1a3yZlR;MoG_&ifeyoCHMqsMtq8W$GsvAAm^J=
zDI`Bn8g(pkv!XTN=v41r6nR%R-JjKpNcA^XORwk^V(=ii3~5Bm;1kptl~>RG2*awZ
z=6A&)u%SZX*pqYo@#d>R@>-H(WO$Z&utSv8;9v0`Q)T<Wd%`<L%UY2IqKhK?E;rwX
zHT`h}6r}<bmX5fJ5c5wBBDIZpo8#Y2(;rFncfDcmya_)Jvo0&($nG!**zopOB)RJ&
z9vmNr3b1|gM)q`h#Bs1tbx}dscP-^@rwd!$+j__y-H0QKUm_u}b49RN!vBD^5maC-
ztZh>(_h+Ah!sVQ}EtvmsdBjyL5Vdl@y?;SD9Rr=+7lV8-&p%A>sKK(xcHHj5=B5cv
z=_$4UUU$)t3uS9$N9rST<i($DpB5^dVWUGlp0ewM&ph>t5^*Dx$5MEg-{F79*-R}-
z3#c0YEJaq!j!9JXUcP8__An|nO|rNQ(krwD1$(R#0kLzJ`3Sx#@Bf}VAMPSlmOu>n
zR;THTnfu+l!T<BYuSz-9b3oNM#g>d{7zujBJGZ@I6nnua0cG_|^q52*%`He~1-&vR
zd=rdc=FCjgS_B-kcU4HAnn%`Wz#Z8i{&9rmUj>$`GMgDZk;<y(3PH^@?$oy^As5Su
zs-*YB-d}}I_&#7H=>5E8yJ8!j#Bk#^b4<}GBJjea5xMC>S6=r^&lwGhACkz38X+Qc
zw9$NTubxTWdnCU{ARL7fI-qq$QPxqA)vPhr)Jsnt_U?+~;{iaz*1O0W>qMsaTOFM>
z{lEeGQHV=!+<D5y*9Ah~cDakCAdenu>c?M4#W>&?v-C>}?%~zS(lxyj1r9MRm+$<z
z2Ew9+1O}N?tINJ$0(_hNDfzySstPJenFXFxc6qp@H7qy2KaK31Ba|VizX+0o-{)DS
zN@%_4osfPU;AT=1g3)8kOup$~&&}!Ba|r)E(M+r)kq;xxsCTIBkwo!2qcC%Zk|OkV
z(q~k;Q2_~=p|QC-kb<#0g~-6)plRkf?Cd?$t7F(1t=NM}n$Tu~e=^1Ey8grzyP4w`
zGoyQ6a|}+iCC3O0PvaE>)RkzoX2$?Qi>@kEE|Q-*(3@$Sma%D@skJ=(Tgt9zlRa|@
zIcDVs!wm=o4N3$yo_SI$IjAcJXe*D?gVqGa=Kc<2L@(m<X$``e_hxpBqGC0NCXK=z
z^Q)v;!^Af3DJBhg1U6{NN19TXZyI4X2)S{;8QJCqwkR)s#WuPA{`8g!>$+yX*<{=Q
zD@dI6xY1#?X~2B5NN`i@%fekZ_Qzri&s!&~3!u9%^v#OnuXpBh|6URH+P5+A8SX?6
zG`V03->WTCJwwYe0kEds=6Ex_n~wmu66ZYewS(Ozewfdk-aZ<~yl;iXCU%%lmEOKP
z+k9t$x!oqFm=ONozpIxq=zzh5w>94sdoHs&b~A|4dN-OM&cXtqr;&AK!z_8_EBTH@
z1ou_KB7R}MjyHQEoP{~8w#d((nZgQP6#7m$+z;zaW*rU+d3bWbg|w~Pro|Rb>&gf`
z<K%>pKv6`>_e^lr8Rod(tq?Jjw)i|R&ZaJ=&X_1<AbEg1jFk;viz%T)->Gg_qp56L
zFbYLp1{rOhAFDj+Baf&<LPB2Zx&dW^QF_8w!n)A4g6ILwK0{I`odfm$D9yeK)(umT
zpql7KB3tiI*`qp|eNCk27a-zWb4WG|1%Ng|X#<-U5+9=f#!YdVnDA(y7Wg@VM|KQD
z?n2QwJOM~SQJ1_fv_o<RLwgv}q(5HsdyUc>L;Aw>EwPCMOV<O(J|={lA?hJFq=hHy
zVWHDl*B8gWdA}#VlFIs0`ZBt3h34_RF0xpNuDy;UDvhQ6Qre!nM%#s~Q7FknS+pvu
zute7Cwa5yhCF)zllGFlBF7~XWI;hFS=f0#xdfxC61($>fiVZxA1)ZfNq|04Q*^uvh
zV>RfwJkr6myD2~Y^sCyxsPm8%^p%p69x?b>+)7h?9>PguFyNLG;+K#>7g=mc4V_yp
zk+A7QC$B3ht=3W;{zFrC>=o{&3hQP8YlIobdvTo&bt`?{--?G~i<|;TO935kzG7q{
zYjw#jH4FY+aBd%`EcMy(0F0=*v6e*2n{<bd#ITo)IBTy;h-5v1?HQ_}P1$~nfPmC4
zE^0yT$wL}5Z&J9gDP~JuqasSIV5P?2LuTQ-LuP!#IEwTf7;*;f8Tb;>z4)f*RRZof
z9;=j0GRYxzy#zx%0Z;CNNJ6?GD9O+z{lP4RagEyZZ*I&tURlx4FJHdjVIWy6QdiV`
zmd||AfIH?JH#nt~(Mak9AG*O=hwax|TT%|HZ5U;)f^Eam>Aqb|k@_K}_FPHqRrrVL
zw_Ri#KWMaFn=Nd!l)ax0t`xG=MmBE~J>wKzi3QBr*f7eiNOban{TMp)6J3EbEKDR!
zR&JLU4CeU6aw{~kL@fAY(R#dFvbGGT)nSnEha7t7-->>SffmsJp77RCi`$S{|7V*-
zmu%Na*V4*_gSCh5GIMNp9ev|Q%TmSf+vIyDms!IDK}o9lE-Rjiq`H-3;gQv6MLJ8*
z*4^1*lYD_JxDkZy4%qWomb23bH(semy%V9|id3C{ZS{P0kVf4kdw_@59)I_CVXoTT
z3uHQ(v|db$?+_T@3eYb6WHBf;SN(m|YH)ygJ3mo}9`6v}8!b7}pU|7-AE_~Ym#IhD
z8CEm4kz;)3@RHv7xyI{xYJYLNH|gN&8OPe$oI)}*04XRr`?Es(<jMo$J1=WHXEGP?
z42<&C${T{yt+qs9!RS1#$?kj)&a;vd>y9tp6$EVWJDA%qO#L(;5$!p~Ute`aCmUUL
zB_`>iz)&En{?YyCrg5bwW`7`e&x|I+Ae*)#n#LXXCj!x94%0e5{lvz&PpOGJ+5+!d
zD+-wxtifgID|6pBXZR}W^AGwe?pk^ab#{eX@DMC`?F4)0QgXV@);pLl%P2fN1^EKd
zEjz^G`-HKN%0Z!8z9c=q1g|H1LQEDN{E<~j1#dK+og))HcP=Tk(eYwJ;e@(6PI*Z~
zMFSoFQQ4YP$7uNaDwyqXS0A!uE5K8_c07kR9Xq=CwSS*0(1Qe|IdLi+tx?2IkgMMr
zmZV-^%c=D_8g`%t=)MQovtG^3PNZ-FOf*K7awdIjDWBYjN0sDGkmXw{_tGl^w=k<v
z1Nh$q44~i)6oime#pUs*KifgUkx?b76J)oNiakq}K1X0CYJkssfIk$RgMvUd1rmTe
zi;i{V_7W)>K&XPTo<@VD7pDZwssRrO4usz4d?K_mcYf(rcL&Y4H)&(_*Kr94z^iI~
z3zZ=0H7fy6QwAF)1sbWcUda`v4j)5Q=daZc8-!^-f<Vw5DBVBMmX+^WYMww;&8|3*
zp9p<}@)9-i${=!@|55?%i(l#Ck^!hH82^|<&r&a*hx{<V;y`-(;S-b>`H$nM+AEu)
znaoBE$b5SGA#D)EOzRGck$uaPfd@1O=C$KL{ji4m0h0LxPV{wSkam_x@BtjqJO;|+
zjFMC#mMQ(LI(@8Aj%IFR_YNp?@>Joflb3=SVBmZ$M+^0%gH}fQ1d?QSCHL`4?)XCh
zLsJ9qTb{_j!rY=k7bL{*#ZlGDm#d4*GpvBjO>SF$ylT9I0ie_{DMHG$pn1rp2~&Vp
z_jWBQ+&{D&&0o(k+ynUuL8>1>s=h%+pa0|3pd89Lq#(}7Rv)A)V-SR^>kevyCZY-7
z%lW>y$#6Sek}-M?!v3G&G<8TGfF;1XxVFzsk^~@G0WmeZGW`HrHryVa{g($3v>$D4
z7Z}E^ZFIE2Ft}cg>no~-rutN;H<m<5`@yViXWiKP)H5wH-&RPIN&ME2ks2Yo{&dq;
z&c-Yzu@!}vU+W~zZn&KCmOLdtvtqs$oZ8=<hFh)-Gl9s692c%0=C3LX?)-$?@5S~_
zt2{Odbj5HC$h*?o9INZoA{K_L=|0!e^f*Ks%I!bpB!XMCF}OB5lmTwMhp#>EE9Dtj
za#sm(WRG)Wvxm|S2#7i!YLdDRYBec&H$FRv{99@|jN(Xj=`W`f0^&cG3x9cpO^np8
zNFNw;X}bK@ezr9%UV`J9xrH5is3%}4I`wL0x!XDs&eMFz>idPW<JK(gpR#yqQ7V2+
z)$37K7|%^@Yuk_{ykpx!U3FB1doT0BKUX1bPRd#ctuF45Q~)#D9R(Ji49$Ef^(U4E
zN<DBUdSkgn42WMPKyKv{7Q#6>Ue}a+ujHBny0O*y{O~8dINMaSLFy^f_BZrh^h<G|
z(05usXwdZUrS$&$OKIwN>>*|}1+fh;A$9Fr#f9-A^K^uFgcMcrvp&-iR#3!8{Z0nC
z6<G97%aF73D4F`ibmYM?1#0zXUdk>@_S}q*>mRf8kXKx+^pwdg^ZA89!e4$FoV<Uh
zqKo0p&F~Mw#Pye_(5Z=nhIyXNFN~L&A4PltEs&SR&%VGJk`%;)RzsqM4-%?Bz|;5-
zEXAnLjWV4i!@Yc3oIEaSGIY`=D~Si`21N;vQ|P20rQRVK?ft1bN@hASedn)gcCV7z
zTPA)=1@P3Gp`)Qbh0pnCt9b-f|9C$WES&7-@<RW+jPAJbE-_E8>c|vne6?6(md@`t
zu`aGZQ=u^bpF=ubXk89k0W*@vRDf2E89FZNDoK^RE3UjRpI?fjUaUm&w!ZvZh6gwa
z?H6E4eTI&i`qWEO2Fl=Z`Ok{`6Z}CiGKyJ{vIe)xVMBe_l_bd0COXb`5?HoUOYlDm
zwMb6j7hy1-6fwM_b*u4jY4eAgdTj3K_3z$MV3%TuIVX*Pc;qRI8@aK61%-HJPG;9R
z3lDa;+HxJDj-Z$-vr!1c8U5h5Ty_aSjl`hX;jvU=BOn{Nwp<^L`2_6e+g%s&Y(BP>
z`3pv7*6aD;eLwFi#3dA4oBZ%wXk!2{l?9i~pPW<2VqB^7=!z&}=pNa=x~X>V6Sdd;
zE{Oqpo8&Q^wN35eyUY&C$fO~gpx=8r*8FxNF5Fd@URTTr9cP8--W-dk0gYCjVEa#7
zG6`5}?|!U;iS_a>Rp665v!7tSr&svoBMkTluIbp(OvU;<vvW^l;rvcTzcf?*E$~~l
z7qHzt?&nEolenKu*;=@NVaj~>`o~|iXA}XZWiRPI9CPc>YrgkyZ<5=KUDg(%NV9Jy
zm`M_CWhuv_yG`x_-tRm9_}a(a+Dr*tODVrNQ2_1H509M!!T~SBVd^`~?|*%1LjyL`
z6bN?h;I(l+QOs_R7Thl8vDMkMJOl3p6u$j(=gh0+1hR}?_C^PCP0cm>ofI=<*%J~i
zdg2W0dIjDpF6SA51$K(j?Yu*1b{0LhbzK(Q?n3nn1~f{V23lILv3mName!tGSJ{9G
zId#y%detE@CsQ-tvD6&uhW0`|8aaBC%w5ZxLOOLn*Lo<AqxsLy?%uq3-vyGqV-340
zS)zQo&pbW5;D-msH+2$+C3wEZFT2L`yC|*NBW$<8+Gpu;?YBi054;rG`bHGrDQJ8!
zjwNT3o@giby#YOW;K<6rfnF4PLL(4$1DDs^yS<yyw@ih+W555Z!1~dPX?F4T2VERR
zUCW09N$RY=$A=pb$oui<n$rikC9SZX*{J$_=lt=xGoP@*`}D<!ZH+sWKOwLt?dvua
zs23-72A;?$>}ABE^euDYa)WPWjeWA-3c+Oh+_f`(@yA!DQ(iF^!DJp!?7i;-&i4F1
ze8{ypM3<jJHozF=lo)A@{M$oWgUgV#wW88Hn!F`E$Ts_&;x9n^>9zF?K^H9+e}8Qz
z{!+A`4=h-UQ*g>jP2_Z~n84KdryF}-$f)hIO{n#w1WQN9ihDDa=VQZ1r*TwUUe1Ig
z>;3hzYV*7$eiz~hWPDyd>`}!kikofc?^}aRSQjX$dI1J_{JT9z8Z7eGs+w-zDlS|<
zp4^a3;?{l{j!f44I#TFbzgOO1$}`pWjkL#q9XONEWVhoF*zp{fn3WJTS}5H2K*zm*
zv9KykbY~5}xSsR<&WbV(nT)K<;!*eN2~YL4q1U+hSs>mHM|oMes1<s@wN%Kd#OdO2
zim6i9LZQOg@A(+ERfySpj};K)JK)VIN40m|aDEYe*03|Hv4ix{K-S7XXXMb`yu7ZC
zvF7r8I${KJiW&tZr@{k1FZ53K842Au*n~wa6%n31Rox13Y44|}7K8!QBY?W1PjgQ_
zxWNn8TDtMsJiH?iglI5;_uq9B|E_a!Jk3vlNJ$k=Y}ZXWszhwPh}b-NMm?3$hV&AU
zWqkFkH1Yf969XxW2IrAR_kwIr&A01FpLw{1_94gr1v5u`26hmE&ndxaAy;MBp^R7&
zjvBg<9Lv~iVAT<1Q5*DEE1VS;ct6%(V>bpVqB1tW(mHIVA956`3IkR}0A>Fv4vFuY
zrY=?uKWRro$|Avec>iKO{EOwy%f-A8nMrK=@-MYiq8kV&7wC-=JdU)Zv`4H(jcHWX
z)FaHwH3CtSfGEWd8wK3IeYw(#*I&0mdhV4V0lEi7i-H#Q=C6!sb{!QFf$YLxf}T`|
zpT<%MAW9$K05s5IY<&N(h|V^${|vqV8G3%^+lMgNJlTqa6#j)`)S|B1t7`(Xv+|8V
zlA)pEprJhX{)Nh3w?Tgfx=~l5f=@uu341j>Rl8dX*F3Z#fY|9XS@IqY>t6F-h7pKD
zAtcM>I(;j)9Tl`d#afmr3ML~#Vhrx(?^PQ~fMls(Ulu;m(LgV|l&2Qfv<6DY#HT*>
zs@wrhnZP%lQt3gxKKloY#s4}s`+prX5|^(L1n1xY#YCT?uM6PaLAZNjXzXA|%(pE}
zXcZln{_7au0_F|mNLrr|wD6oW8xGpaj{*t|8|7hwIeXkf4M~6{Z>`=h1dyd@a9#Yr
z%r5?A_GzOM<zHr%|DV}X#qO5u_0m5@rSp#OPxEi91Q7gqDnu(&XkH3k|MF5Qvk?Q=
zX^a}>K&PbaLv%GjZ#Y2ve_dY0)xzB3kB__tO5Oo!|J8l^U){m(RZtH4Kb;1ZaUPae
zH{}j)n-Y7j7w&ML3><_pGQRonLN5)g{g`M~DRIS-<UwfN@$J6s<7>^6aL=CFc)+Q`
z=vaWQ(Z0ag?QLF$XJ;)#Z1U~9Iww*FlU7c=q(Rh8;@AeAWeg`r1Xpsns%RHtl*eXV
z1B2jDcvWpZoe3E@YF`@aa@dk#h0iz`Jko8A;<^ogcSnoo*JNJ#kQTeX_UufJvg2v&
zXXJdP|F)zaJPl74bt83MsfyI=pYtuf;0zCtt~XfwjB;bj&u4+K(o3<PpJ^0UDY6;Q
zR#+xAzChDd;9D(9ET9}5dKfYg-cWEwj<aa8vn09`KPtAvz8$k>yq0)niE7Nd<U}le
zs!yrDR1jHn-22z&W_&?i1Z6ZjRGXO3I{cHnC+XEy@&>(yWr^}urm}wsV24gxmw7(S
zFMCvWg=!m7D*u|~8MOrei61iFu7n?90*}Nf(lM8bc%0oh8ci9%qOTDvd4)?j8a{36
zx?~1`cr{&c<_fDm8d*WV^>hAU)tASEQj;~W6I<L%6$!^H{v@T~VP;PNh)2KLx(lds
z>a``^)MG%*-ePG{0{wQAU9J1tDtmk-p!XusYN6AUFjn*xB!sR~FZx>2+j!;a@zg5w
zwW0|tG~rG%^$>MVFT}7fG*Y>CHbI=8$K=NdHMJC<RcP*eVH7@QKa(thvVzxS0No+>
zfydgjMdzz1_o?kL`jbAIgF9c{_qd3S6zAv-|0Lr{pxA}=H<v8!X}JN7Hj2GZ13k88
zTQpkMIn#Z(x_a1dU57Sf7H8k;X5_4V4uikW!Ja$h@2G~k(jRiUz%1-Dkw+Q_`Ju$V
zEp5SUCp&OWv$`ElS)ZllWKRz?WD&$fV`TOxiH{TzY?#=(7@8j17PvMy>UlUX9J=e@
zvy-&eC2#B>J{WxC;TqIPeV3QBWogN>t61Ne>K+$aq2x!f<DK~6%Ix{1Nl>%i?&Amg
z`4<Bzc0u+XmLrEr9sTBmf#ead?30+s<F#h^`Mc9OBv11_gVu@7``CAN8fji%smzZN
z(x!zNe0Q?0+d!f}j&y6qy%3Q+);=uB8T;pUN?c4t$}&ktF%g}&<FDLUcKG@PYJDRi
z9fSpUV{f@`XE<<LZ_@_RYc}bHWOi|V{N0xJ#RD7(LnZ3hxV~^Y7ES5Ww~a)af~zMi
z?uA7AP<c65WfqCO_px#JBdbUFXV03{mtVOKA4G^c_v(Fvv4TRYGPiU5WcqwjbAvQ>
zc=5^J`O&5Oh80V<y0mnkp$zbS$JdTA-|aPcATV^jAcuGOd$BJV>j5@B9P7%Zte>AR
zMD`bcfX%j#KgBuh^!R*8{6h&npXSgYXW-ZR2NHM5IKV`jr!5<q1~VI-)Q3I|FC5gy
zJky7Mj7R5f2<uT|z6wUzY0mLkX}g*<tD3VChNe@dt7GeI%4Jipg)qhUm)hU@4>+TF
z2TzR`tTA4)fn^B8T}0E*@C+`jF70^<w~+<6t0})$&^5HfI;Nc3(+3(zMRWvgMCRwF
z$XYiH@o6kBgjqZRxXFNlG**f-n5Mynhjm)PPtlN$rlcFsWt-1TKl%W=n=L6e6WoDi
zIGQaRbcG*5%}!I^3bzDkTX4YwH5SNV=L0u_G?5=3jrSFK*4b3+qs>`7FWs4sqjk3f
zS3k?c1bMjeIlIgG^rD|LpK5psn1c1BTlw*#*xcv%1_zZxOeGJuUBjNANJz2Gs-Mby
zcVxcq(L^mv+;3x)44=UOK+hClon0wMdiu_f;DO{T2;yd<e@ldc^$>t9iBXPUZoe;&
zqgvFMQ8>@95oOGst?z2ima3Kl&=5+dus`ax6HW$eUH@_Ifgi&2$q0@U9)hDgzGZjg
zDTsQA!n>xZb-J>uity^^E~Sumni)sbZEGckwl}X?Pr{|!0y4Cl>>6A(m~8B#YOG4z
z>mMfhk#xv)(tJnQg(SIejms1%W7kLZeQw!vPIkw~vl}nZrf=Q)x-=0+NO*$ZMt;g|
zDr+Q>5?i>pZ%dQRQHsisZfGm(;7Sp}(v$>*ijB&|yY&T2Y5(Pu7$T#LS20KW?Qexk
zHw5|Av(jQ@Qzb6_;XaL+Q@1-WkNXd(uAdqA9yJkAr#=Y9X7eD~I(b>@kZg7~@@__O
z@jb0*A^<UBsM5?~i|h`6M;adci1FvSk&*rO0ZU9(lK&X}v{{9&J7RU#;*ahzLV*DM
za{;c#j_39unsNa$)wu1G?mDq{myM>rN0Z_OsI{fX06!THcJG5}+j>X(wFbqOF&^oD
z{sq!hH0AK+po1f`JrE#Hio^$B9o?0VM|M#4E~MTfiLxL26Nu0+gICZUk9osAXS~8a
zb%e9-Z#4)sbMIXNwcb~MyvUFlj<?AsJgxwwhuiq^o>%72`EKv&4f@hBOtFk>2jUd`
zE8d+d`XfmoveT92z;7;m3up!>ZasgcjQOzB0Jnn$H{yyQqlMw&<ke4!4xLUKtvOM%
z<FtguB(&}i;$FOU&>EAY2Fs%Na5wyA&LlWZx^`S7Li=cgHZd~HYaR1`S+^*-=0mHw
zt%yqtp17s0h(`-v2=v9L1#jq4k@X$-r}`hTb_cLoANmedzBR%vGa+zuASYmi`yG(y
zJ&#$wzwyR-W)cye<l8FMFvIIX186HD)vkA~5Pk@KeUe>ld@juI;RH3jJG|un0t8$c
z%Xi&HlgaLtbb^7TtQ*vVtznqFWk;-Nv-|G#@X+%$Q6cwgUTg*kMsfPVZM>d4jZvkf
z^4?f^4uEwo+H4=p=@HCV?8L1#1FQgmWWaV$*l8JM@9WM1ObBV!6H*1Gf$s1Njkd(2
zq6{v4K@^N2nN61yW?E{lT$xa-4WIr9Ch+MPdo@BU!&u&9qq|>(mo?`}Y{xaKo8Mqh
z7?5kA7x`vQ=cglAn#SIrCvmoG18O9OaPH+%T^;W5gXSWD4|{oHSAoL%vA~D^=|Qxo
z!>`s9#Op!8%)QWrO(%C=Cv|<Jj_juy;;%(**G17Bud+y={miIO^a(cTNF7(TlEy^a
z{oUlNZF(1Z(iiawK6VE%;9st46^_*qT@un%6Vc%i%Pj?uesMYNPkLGi7-q3m-`914
zd1imr$c?I^KAj2g#GZ<O4)C-K_@yLOSqCY*uL9T+Gwfl={_Jpm6Twnit9#0lq&>iZ
zrJ26@82Kb-*E5X>%)jm<L)Ur?pAWbXZw;G#3RXRH(g!9CJw7mka|W?)!-J9zXN>>R
z;MsrlxLyNRq|${F@X0?d20%ajW%M3Frpvi^cPs5j1^_ih@RkGnI(*r$`Xl)3Uda|g
zrgWDZ@MTa=%p4@b(86B}klxLE#f79%L_QCG9UnxK86q>eos@injok{M33~KQdR-vX
zv>1bWRD1sOFnweMi}v`q0}1H8ZxHBqF@8R~P=SI*l6!gS6TNQ0cj3b>I+v*?(|a$$
z)WTgx*IU`S|9R}q{__C!{_|MF_U<j6)?_hz+o7oXXFc$rwNLLZgg@&)8hY9h7&B{{
zcYw^Q>kS*J>(ca03z)&2u3^N$4frR02$jCC_)pqYR$+|H<c32EDh=rc1cB~k-cB%D
z$IaWde6+~_!OyRrZ*(;5|D5@gv2VgN{N|t<TT)KcSHf`xMsGV|W`saxA5RJ>yvcgB
zbx-DM0%lXbY5IW$g+VL-;P{N}zE_bKXj^7nbna3&OCnA&k{(H3Jl{q${!?a_L3$SR
z)d%KZ+UjS0750J7^n_(hUobr0h-(9rdqWC=OF-2Bgd4^35&%sj_XscGu`#&Kt(k`^
zz}=Yn4=tZ1>VF0Z$4~=<{|xLFY4<U}ZP56ZKcTW8=jy;t{MXf&pP?%PN}wxd41tXE
z_q`3069CmwhZqHqwv^NxWz@$zZAqk`V}0bLZhB_T_ZtuW!~!Nz7rmGPw<kuJn`;#~
zn@jH}3{<1`!B5vzOB)}t0beY%sUnHnFKl*P3!fi31K{2bJ|#9-4jy0Q=ShiU#taKw
zPlHt-c39xx*nOYGKy#>wpGKah2EUaLZbbZYxC#<N{I%&dLkT1!jl)YEl6&~l3!Wtr
zJ(I3b4e)mv#I2$t=4r6hc3Ve0IK$aG?3d4uW=6EIEPoh@SbZy4eVka@3~c5x;h(ah
zD1#Ke4J{F65E4TAJ4Op#W^ZA5jcoiM$z!#8SF^68*ULdZoI?c|foZ1#a>s^wFGz5S
zmnZ>+NIIf|M)??trb}It9)GMJ7U*6YOUIi^`#eLu+ISBs>TQ1$;Jr*2WYWJD-)H%s
zgiEeSU5kf4J<L3?+sKHep3N<Bb$<~b7T&ofDfgE|jcie}>0PlrOQ3%p5~BF-e=MD1
z;N~B*Scn>Fko~5UEG%Y%e|)R+3_|u`4u0_VaBA{rdb7ym3NAXMA{)(L4Y>1<F?=I0
zd4R6F0gx_v3z^=_KR<NxY4TTn`7KO0TXa_BRVd~6O7KF^{PS4$;rKMOMO)(xTi7UM
z)iQ}|Rd^h_-0>p)D}Amq)|Rl0f6OY8=D4uG!JM?_KTFke|9~t!dotJFmBZ$ye^?t7
z8xfW~7q3k6f9WX2t@!+alm`(#cb&nqCsXTPp=02h5RRf78)}WOh*!ySP-##yTDr52
zit-;gTv2{qPlsZrkl(;UB_=h&k90l$zx;(DGMfJ=PClJ~F};VL<M~#FW!`uok;47*
z*CBaN4>A|0&+$6{i80dRzEX!z5n~+!O0A%YIfAkMzyH{cl(;@mo*gYuCHk+*?lcw4
zbbbL?%@}+dOfR5fa3(}N?^~%CjGEu8_KOeLRQX>-w_cHd5%ZxDg;#|;z*&%^|0<^L
z_gegL50a`g%j>DNj#m5!)j%PZRpC`A^xsONno#H-3RV3F6+`P~U2xkm^o)URPgV*!
z0L;*3FyubrZVB5NO#?aqtG%X`I<)pc`Ff?iMI+tzJA|9VbmyLVjy#N6FOGnng}ONY
zUreE&ENDB89^Y?LL7#h7Wd~l}rwz#3jkG)it}{l#+|salOEq}HbepHNukPj;dxjfg
z?)Z3(S3s+cAK{%RxqfZ67eB)RA&}QoJ1OE8`~%VrJxc+7qjcY=<c`PhvF<>0?xh^S
zd7Z#zb*;eOx{hb5tJKExRoeP=xVYUoF2ngKMSR2?ZvrDWSngr3=a$D9fL@h!Ho7BG
z?9oMGoG77^mv+&?WifWv@!m*C)`U>kle7(hww?!fp)}$82>Up4o+rfY0K_$1IbYrW
zyl9a5vD4_`#!~jx+&!oSe|abfk@s=&1Ao>#M47r>vT6~1Y`*l)FWG?Pa^!(zgUZeF
zU$uln+Ozh*PGQ43hZnZIcgJtkJ-#96pH8vb8(-;m^qN!MUW#PW3(nPIPSXSzUa1S?
z>%UjBzntGnt_`tdB^1u9jVjX|;z-^7kwhA6d4jw9BZoA!Y@&AVRK@DVrwn9M1^3(c
zC2+^f7A~`D?3Ry6DJP;V)W8=-2l%b%x=EiRSHTV^H>y)y7F=;j@{Xro7Q7-CCN-=6
zrpCJaL-g&I&U(hH6pB^N{)=8_@Loyma{hmmy=7FJT@x-`+#QNTad-FP?gd&LN|EA4
zi>0_b#UW^+c!A;sZGoc2-66#ZZb`oIyk~vu{5?M)cgW1XX0935f<1fB$mLc&qr;?)
z$aKSF90Y%PDSZ?!95IOj-_5d1f1Qjq=@t6!ci3a6-`|vlTVeVJqD2f5Hk9@&SK4s`
zDM*_c{<oMVlJ5Jn*&ZHctVv5j>8~|$75alSN{}E?gqbsB+wXE{A}h9eqlpW@t$znB
z*Zc=Lfsj%koKb^36(Xc|5K`7j{f3?<3Rt>cXS48b_2;$nKN$R);oi<sf=Ih0{1!UE
zhPa5SY<+KwFN$#ZbT$igee-NrXF9^Jmk?n+>2CGE{!|Ex@znMGIqM#{wsNMWt^;v3
z{BP2>^3aW>4V9#?Nhj5#9Hp-jKGG;67^}Y0@HY*pfSCobNC%Fb%Xf1Yz9iD6{UuZx
z|J%?n(%-g!4pW-UWbW&^)=9ww!9m9PG0T8(0cYWN#zNCLu=~%y{vYcJCli<15mJ2!
zsiT628slf<SN~LQ=df;%=t(;W{`D6`03x$u>;5uwW|3Z6|K6ir8sSh+!5bK7t==fA
z`U?;Ru~U{7K`!k6u10J{<<R~4x^UFWop-6Uc|B-`Zt2=y0B|4%NZaM>W{clflo83?
zg;=tx8%ug&vvPHN<!H#x%BkH$IS`)(dq`e*ai{Mp24}wMQ>%8&NifR)^lLKuW69A@
zf_L!KoK|fVjR53?BGF?|=^pLQ9(=3ppx%A(Ve2GQy&s%$CN015sn2DHS+mLmG}P;$
zPAjS+9pU(tef}xX{i570@Ln#D&qpCig+zAsKvm+(qax62cuVIZ=M4rs@Sq;V6xMYl
zRowauy=;H0IQOhf1S4VkvJG7lc&NF68JJ|F*zJcWGW*-vR(C6HLyA3dHM#3vF4x`X
za*naTqCP1^2tqavFlf|g7}-~6#u4@&%^#ZQDO4R*Da5#mc3Zk!bd;TcY?|A!I@t)S
zY5kyznAxy23w&ue^pO6vuC4$R*1OlIr{ys{xh*BRtO!kWxn<WE9B>o?91=r0co+aB
z_vSpMv(WE=%l1ML=Q1!Vu>@vEOLnAt5vYoFKl6IeWV}P8dHJ}S_*wh-KDET|EaA;%
zh0b4~0m%iM0R1th58x0S)WB2%{qBi+%?6Ko3qW|HISfSSlsih=Dwzw2V%yh6VOhFn
z7@?!A+t)oQk$Xpc!IrCg6Kit_o9(%`b0CPnsi=t72bc<S&jWXF@kuT!LjRm~NNYAP
zo4t!gn4#{=Y?$GqmYFN}GY*!KmLm5zsF_J<?%D3YH@Jy66{}i@x=T4fV9Y&!xhZmZ
zZ$cJ56_u-HgoOnFRO}=Ch1w}KZZWxX_sRebonfG(><R(Nu={Gyz01a*n45}l%2{Bp
zpe<BA<V>6aKvntF$P=zy{e$v9Xi*X79Os5yxmsfANPdc3?7aucaPsQpy$6Q!BZ*wh
z!%UU@f4GJJ;V#E{|NXdPE66eW_-ytcP7P63i*cZEi5%kZMTFD0rqvyC*Y2_w^He9g
zqFmQ(xRvoYZ1;<y5l>D<7c2WsC37!_>})e{pXv5<DzST<c?12P_mD2|94vo1ZKK-?
z*!WN<kH|6*`TH!;)bKr2UDlWJKeO9hU;h1A`d(1tKX6el=A5CDLtTqmVA?bG<n1p~
zM6fo3K=Fnp&;v1!Ss<q&!f9Dw=Kr)ij?$H@Pt<kBfan^HZcXe<gLX!M!!nqi+Awf1
zsMr3#K=<xD0vhwa%h?o}H_MF-O)&53qI?Br3B?+lIcfZ-DVA7b2c$NFelK`Pmwh%m
zqUR|YOtPL%dZG(Xuax`A_Uj=%=veQ+<P4U=E17ds`=2I;Vp^?G<%1!D6$=HJ(j`$(
ziOI9Ks$B;3C%S-nL%?!T@->32@Bfj7(o;uL>nqIa^`lD;FT>7>VI<C{3btDTE7N`s
z@%tfwG!TNf><H*E(S$lBi6T<#{SfhUYVk<}iE3{QwD#YBeol{;k4ht;xypwb&O==-
zM%Wd+JZSi4HF&g<S>FB9Dj7E*{Q_sGr@QU~^wUN9-3X;h44YTt%bk%zN*;1u(fy`h
z3iG=~=MtV)0*P#oIZ?mUYoqv3(k1S7iyOYwmX;CO#hp2`rO4eMZ^O-DyC){<JHtAb
z%ALvYO-2S&Q`u)Q;U~$`!=ncwzm1^A1A4_#noPy&>%>U}@7Ls4ODETU)k(+--Y8$B
z$*FXyCEXlM290h|Q?9jUC6xW<pyCkGS=AatOY^rYCO^S6tFvlk)}?0<O)*i8P>fm1
zDm()R_(k6g3{3@~aB$w+JAv$@PhK4rVz#D}ub34l<3Eu<RdJsz1dR(ttFGKu415o!
zr=xS)5YNe<J6TzHm#G;YD-Pi2E)0I`ST`&#xZJkES~lVOan{A%?9Tb~EP?yu25j{9
zDZR$=@u9IYc(jS}r20Y!CZ<1p;}f!P73m8L&oPLv`v(qCjXJc*<@n)v^@vpd_r5q*
zMn>^(;Y;5W&t``uy^oWyQ3B{n_F^bOltCa!MtHg~P6CP8sXn-1?z5pIy{wO8*Uj?6
zwGQ4~r<+>Xi4otAGkT#Z5Jz)2Ofr1A6@H-!7qaJrTWwpyhA2~S64O7Mu7QFJ$R5(C
zKzBZrkmHqwYgvk_+k!r<<%L&2+}B<;y9@q2>kO|9e&mz8-pcO2*4$oy5DRBKp=R^?
z*%ACGS?#Urh|z7QC;fQi(>)n|xCSgN3QlLffv(2gh!{T7H5feJScM$L3k0s2lp8+U
zm#Hp`>FhiEAjFLii;Kl0fTlZ3t@TGx3r9AnnW+3D70ZoCgQFG6&$D*nXWEiw!V+7~
zNHdrHkg1<3Z~Bk&T6g?kXm``w&#G&=RB>P}%_$ITZ17N7NpRvUDCheu2%2RTXrSfN
zhhpo}w>qo#_<N+Q)@=hc5f|*|2!y$3`rn)!1tgb6Ahxm*-g5tN_rzWni(S6WBz=aR
z47M7xgnMmU_6V^|gFFTOs#jX;n?Ca4ocsf1&`g4YE!_QkLM%Up-Dqbn-VzBdFT6ep
zOwM^GIZ%$e=@wSib_?V3DhuARgBiEFTRH57NHh<?zH<DRB>Kex7T-`$@)!%?RDVGM
zA2$S<e!9c=FyOTU_AqBsaL?~&dui&P?LF+~;1Gt3{BCl$T96WXbJkIYdg7cq0l;&#
zDiDW@=soib0Z`fQ_n>>ioMW2Z^T&1$5x&)I0{<yqS}Fb)8G@+8U{zpIuwnV76)hq+
zCjdUr3;~}Sc<o`;B;cNoXF&7+06Eu-@x}o@|H}sYD!(2?RKBT$dvKSth!EeO4HfGd
z9vlPwdiw>}_1QyNlV=ZE=&6<=a1N4Za?Z|#Qy=fK7PIh{{J!Tff4}$hqi0i39@g!?
zVhB8~`|wBIrR5Df^AB}Kbr-waOD<00#YwBTfAgSE;G1da)8~Of=o39|{L<u5&0#ng
z^W9tzTaeCdB3WY<Uw_SE^0kxk^@3uj%1UGZ%C$+h)tXF2&t>(_X!cfA4Y^nnuRZ7S
zACllY?$8GUwCs5YOO8_R2bc^$wlwS7q|I8o-~sF*G3UqQk=5stn}tV4xyO!T1y~J#
z_E}t~s5`#4Ke@#+z1#GaI_yTK_$2kmG|H#5Bb50G!Xu0A2~CC@7mfSX$m=c!Z@3gS
zNlw84G!rxombFt8hPC1r-&x5qZ&{rB-`xtzJRai`l`RNnoS(5AxhqI92?=d)*MHqS
zqtv>sz=C}U=YW~y!h_c~Dd6<n5Ae;=<;Zoa$Ur`lc6titFt6?_)bPmQ-T>v8Ymhwg
z>etKhgEE+0%qg1#5nQ+8&dLdN#}ID&WVPzk5u(@M`5W@olXbA+5Z&TuscCWnw`_#5
zHkS$r$<)D*%3<#1kKJK#vu8xBkOD+a`Ip$Mjb_%aYH9+w<+u0^lI0LeXQTd}teOIb
z`Od|*JL)pn<TUhcF<iG40VVsu;F183?-X5V!aD2tJ%B*kLm+*y)HHn7>A^bb8q<o8
z2c*ry4G%)TZ^FNm!nww+dU&6aEWU~vlB|;@Mg#a}{+?mE<|SzV|47`P5HStthQh57
z8eA7ao)hSiA(H~$8Uu4z_g@gCgLP|J$w@T_Uzx@c!@BLD+KxkZ_8R6-+6HjlZ;y##
za5lrIdSN+O$1bAg{SqoCv1Re=nfo<p;ndB<q8-aq;K(wiZTBb*IiP74KJG22cMc%=
z1=qMdAP^Y3>uKZi?ndbJAaq1GLL49WMAH9<^KX1O=Udwyn<jKa?e+*2E@pthfx{%<
z|3`y670LS7_-BU>5Dq0Lh;VLgX#STW>YfnY)CU0Znl8!H#%oB=bP!ZA4H2cF@T-Ti
z2*2^|t&P#E$0o&kGmyRB|KToSOnC6u2IDnAX6=ml$x0WY^#nV*5`gi6Jnz5BZduem
zyJP_`oH~jn!uYqofbn0Hyb(}eA9~v8S?+o=w*lo~B;3Eh5H1~g2XA-kK+exT1i+Vy
zPYM>AHSTWHuEmOJ6LXf^?kd!wR;zr(Pe26S2lq%v*@$jGN^l3_b+R~wLzCo-&$%$l
zzO~Vrj{fiQec+%)f$gtL>P14Bw;WqVRy025(b>mGk<4FNJytV~?4i(H0C(C(y{Fai
z{@q0R2U?K?A+)+W>-NHcx{Bgbl_Q!#P@eIhru<IJ(RS+Qw)J)WQa{r!r!qZ)$cH4V
zbfLt{Z=PktsLJ2whE_tGyo4qAdY`K%Vn}m+ll<+vrV<;1cRkaG4^P~M&3_=u5(Q6`
zw*sYJ$l$!Z^#lBD#y#CC{+l-g7Pzaw+H^=rSuW~9Uxu18zCr@4QP9C*g(?$y5h9XZ
zO*QyuYwu{>2XkqkT&lx+*l;NRuj&bB^5dQ31P)_Up~aevjDs`ndNtMA*xyChN1EdV
zMSNJ%8uT5T3GI{wo<qA_rm^HF0?+K~Rzv}1OV+LI7Nm5l97JOoUa-1>db=Qg_p!5c
z?tcXoG@#%4#B=dPNhdEHAYSox=WNo+Q&+-gj^g#V)#L{f5%IHd1`(Qdj3(OkX;1vK
z5(xfTW02?(xVnful0fd}sw;Kp|D}X-t2G2WvLNhf1n&CDreMC8Z{wD4Lk)$jA~kwh
zHiQr0yhMyZ6}4<OaKnp!$JsYMur}mgnhASPZfd$+|76)vm&)V*cknGaG<4jwltH0Z
zeyNRuEm7cwnX`Ap&&?JW9<_=2uzxN*!-$u2#JkD)u)FmGwB9HbQLiuKLDo$#7NxOW
zGGFBF_1dc-U2LUH((DS+-*dl~O=bkL3_D1GSDLYZp1YbU-*{;@Yy>q4VPoGyzP^Dj
z@Tyc<jX<<djo<6)tW~L6%~?NUP`B$kc%B*>Pe|d&IyckEF>y815riqig{7!tcE0fA
zha^XD>}>hTUWuUT%_9y4<St$ml!;aIy-u1U|Lh=NAvA!xV73(yD#4ErQor@_Bzb_R
zVC%gw^k{9{2uur=9c?F;YTA_J#A-)}0jUVG_AnOWz+YY`gX;ud-;1-;)B9&jzs5%O
z6`2w${1bKI8Cs$zVObykX$s=)`--h3KlIZ-NnJA({2%!a>hQP2t>L3%T&Po`<koO6
zEt9uv*g-np>qZ$zU=MNQkc`R@OK=wnOmKpzDF4zo+K&`$5n--fscGGfE~H-+f`6vh
z&=Y&Tc`x&Z{-6I%u<@XY)ZNQRP&&RBNptigT_qZ{en^yg*nb&23xd%XT5}UTwE59(
z!^GF?#R{&KMgJLE-MfrUx8eO8w3Get*Geb{1@&R1Oa4ppn;hn7B44v_CH-G6p*PU|
zkbbLhDvSo8>klM-<ID(Su>MMRg&6gBRNE(~xk7%;*RyGbzj4Jn(OE;1*arbaLNLz!
z{3Xt-*qV?C&WIh4d>u__?ncr#*)+BO>FU{YLc(y?`tJ*Gn)d2bLUltoPA!lN)<384
zSZ$)L-!c2|5dY&i-cbVeEht`m;RwN1xceIz^UA+T?k%~b?!I@Zb^5!43A3&K@jjCn
zXz<L61pRAOI}D87+r`gv8my^*F54P>j3O*Xj)NQ>zxEd6;YB{hgr^-MzaNC)O_`~O
zliVG0Kn?t|*Te8N&KC3^La>4{B&ExRGD7sr$R|joMf+{QalD!`^Ao@vKXS7=o5~ef
zOq(md?ViWo={MxCK60PsdtQtlxrQ8nPA6bR6IxeqCw&CnK7X+ql>8}4sMY#?&sk{y
zBMv=bVH2pc*uA5$BaBQL1Jp|^BiIXZK%4aPr{~8CG3%H5q}4ko)fFK(cp}BnRz2{9
zB`HMFduo<Cb6DeXxBoM&^HNo#E7<{y@r9w=2FI?OEKYJNcMZevXA5JUS7$hqW6>w)
z%&q8FmAgUl%d{Z+@B(*U$a;JVvLqYr6S=(DugBBO&9i=(g}?5WJ+4B-CC2*DWPj&L
zkl&WH6x?;oJaE95-)mAj3C>;*;dQ&t+R-Y$8Na_e$gg!<@;d=x<+L{Cu_p730bT6Y
zNIY)(OnUgvuXaALwAXrkSYlIXMk(GE`Gj{p+-b0z?tH5aLR+*W7IijYT70u(bh9cn
zy#JzE@Av8Ygt!Y^p$6xc-{QTyIBc0_!XyJ_r`l@IE{~sQ=<*@o;06oufuoby<rr~_
zf^}g@S`K_4cPTS9kO|&YBszYJS^B|WkAC-4aWX_Gzcz7)mfoQglzou*VxV;gA2if=
z<h7jtxN!=3{WuG5C}hnaygQvd*t(lBSJY36Rr1^w-4y}*j9ne5dOhvZyv~>Mn@xT6
zNE#`8B)cJfilgzj72bR?_eUTwY-!tT!0FTC6HQ>JZ1nrX%iNO|_a*Wh=LYQ2@mGZ*
z6w;3^4qkLU)k`)gp{5ePrilYt0_&$u6q?!f5@w^*L2c)qX!q?kVD5wF!!|GYcJ`M7
z3Cc0TWundlQ&)M|Pu!y=%?_;DpL^e1-hmSIdk5Sevn^&~PcRCbjN8N|=pQcmhGTyG
zD$dJGCmUl9>YZKa_s=^*vQ#m_9y)t%*SD3YcJy<u!MPg3`>pWOez%DC6l)sl!QXdy
z@=sO4j5Da=oME~!zv=iXI*jYn>BlGv+4CdKVrj~W1DYPQ^CJFWv+Rk3e2H(pa-E7$
zay5fO&asQ^-WtuVivpK+V{U-#n+b^PVA&Z?i;K^qslx+na!XUIJKuz}?=GF{U<}K(
zg!K-bbE~HTC?z>sF-d+3Jm`G+O*g6f#p|JH>l&4XPv=F>G+NPXHwV*4){Gehh-ndZ
z(KK3q9%^k+vc4{^TJa6rPh_Q*`6ru(RuebxqO$lMj!)xdCeFU_Twq_gduoq6<9^FB
zZp_PfApqm^N4DzlcYcysv0TV{6}b7+ZA-%4A@^i#f_NolKG9Pzl-#LZF)NkCg(UBd
zH8w7jqFm+xfj8I3UXfOxoip0dvjMgRJ;WT@bEB+Yj0c?JX!d-mGhTfAi&MTKPw^%=
zOUv68O2@?GW#&dyPdcjp5Z{w{(|n&bOxN$OH$Qu)c3LleT<$$>!{ZT0WHGaNKOJ2@
zH3c&bNxDQY{gf&y^Kf=?51n+FwwmRAqyw7?=!es)$iuM1qkI+wr|C*9{|QKLPB%jJ
zX?4SU<79O?dYoxNB^<f7|L|&*@4Z5|a?gYWEv7!(-3j>0^D~Ch!C^Ec4pJulI#MWj
zZIAdsFUD0bq(B##w^^TM@#L5Ix03<0#1H;ox|OG$n$vlaEyh}Hv2(gj|B`}D<1U|W
zRtKgqD1Pv3X0#5@V|z<UjRT@5k@1L>eE5-Ot&u%5sNYTUPy5Y#fs;I@B={Y|4!%%#
zIw2dT$jOfe@bcSU*7M-JCjZ2>N?`uZ4_|=PFx%Zu=3Rs;TZPx_(MiHnF;9?$OyoTY
zh0BfhltcSw`*te|*WCo@oJ=(ESf)sd<HyPSH9zFBsnxZWA@$`BFU|z%k`>Q);=r$$
z_AX#Eri0)71<f14xD&ssvTne5rkCwK+m<ihTsR{!79$$A`SD<;N97=R*hVAB%PXL$
zR#CBF!i|#(#XNcPLc*}vXMo@zj_m#ftvCOp#D);RUMN^18*ka^)aH1#b_F#)ME;x+
zGn}12)xqlD3xRmIxfhl#7Nc(4L7L6S-;iHOVwvU~Nlg2oVc=XS02*wA{Pbbih*<>1
zj^EOog3>X*@>iUk;>b)?7pwB`lRKOHf$zh)uQ1U65iB>z@ppXlY|;5g@LI96-cikt
zp6ia_W{>rX=NqesSd05U^3d$+){LUb+{^4pFa5TDswd7_sVA*vqabE)vQXwWA68=`
z3d&T=nu~m!s*nU$YEXyZ1SRjki1)7wHl?Df`zk(ek=#lvUSxbaE?GPG=l(!0ybZuz
z;`xvzYzr3v9UnFw+m@yz9e&wBL76p)jij!jP@v9N@sRz!oop}?`6ww9g1C(w4}3m)
zsXF*T7CV?Y#zv;!XU9+irK=`{gcPCUxD#R1|B31k*LxcuDTW;>M@JAj<Z*}@aiWH4
zEdr);Q*^f^9ETew;=)m=C}HEx9$jx^d|rjJeGJ+nH?G43^e3<K4IA=!3_bpL%#!CE
zF8&0^{Xlvre&kX0DrT<{C#~%?Lv1Tx#**-t2#IVpk&acWXOOF17f26rQnHYov&hnn
zO8I{WC7;H(9&8t>_$^CMJvu1I57+Td#I2f0=5{|#mVSKH`64bQy7K^eyaOK!)ybD1
z*UII)ifkc%otmZ$n|>Z=e#~GRBe1|(+w~R-VGAOXxDwv&Y(sPZHbu+m^L#~ezq?m1
z?~U%ic(Xz0eiL!CC7wX}>am;UKmG0b6(}lW8|!=dy%6&FOBhcQU($BbPghOBmT!jn
zXCbr$d-DUUBmrse7PYrBFUG6RVWw>i{>IaV=T47UvaUGy?jEo3Cs*TLKlBc61(HVf
zWl{K!0}*$%cfLI&p3+f#TDdP9Z>u#y&ZK6#c~N|0Y;F_A%lb>Fqr&uCTi0I+B%HXV
zT11D@Aq!PaRu-PlQjfU{x<oHi8<~TYGLz0+v|tTstM<2@ejitYsf*{Mn5SFM<su;k
zWg6yiU%)Ta1@(1zLf$>9xC0M<?{-A92$Nv|ZigkZ#bk#;_y);-eX@WunaRK)Ca`8L
z(f!t=eJV#Bmnx|6;WS*fA)P}iW|i?NHo;gN_T|M^^q?S3PrYl{yDx;lS6*y4D&sfA
zPL#_ho}wiVv$Gro5B|Lm)-g%&%Go3|m;2t(n1>$!B|}WAJ{oZtXujZA%lo<=%ylKC
zt|OwZ7)^^uPv{q<gj}@pd)6>wCk)gIvDcOqR#@R&eA0J(qGMAecHNpd=aeW-&~^#x
zdvpq-pn=a7i920>?;!HChX-3-LfTzIU_2V0yU@(UtQPUj1$zwh(3#wPR_0R=f8cmD
zj<rhAf<Hw}bGrROpHY85&s#GOY+ls|i4~}X)Z(YYguTMyr9SHed~*S}Fo}&bhzVCK
z|M;!&fNrF`3pOsYOu*_CN@fuxjs`%0A8cw4Aeh+8HqC##OAZ$4r#SRI+r|E?5ClHt
z+bk~qema(GTulGrR{Q-oNP6gFTz=wtQC{Bc07!(q*>rKWcyhKsJeQ|_D3#O-$1CF#
zg`e?^`l$WHElQMGW&QcxeN=@NxJze>l4`O4d%k;S=$f#_*}*%Q_~KWdjUmETPyxpu
zpqt0uo)4;O!~(|JTGpSa7e1$nuP27Raz?Bt=Php}o)AZT6X)((`R^QkTMzSlhGH$<
zP=>r!XRoeC%UES9(Ys#CAM9vZs@lLzCTcdX2Z6r=Xx=8Xd@C%tbMf`_lLBBa{B!60
zvjG0OhL<jj9#y$q@+7&Xj#ffIwv0!5<W9Os20rt^BWe%c%I8kw7DM`Q;A1V#<84eu
zD#uSof0sc2)w=4tPGypN7>^zvBVmrkK>6fk0J=X}@$7@NgVftMG_BT@3Bb$axgn3p
z6pjg3&UgR#kU%XD6-jZtuTSWwe9~>u>InL|Z4LBwG?%<@B2@$jor?pBHfy!Tf4gnn
zE%%yI%y^2nxh-)k^vVm@CEdP)crpwA4DH#fa1SByG<<4Od}~UcU1Tya`K`B1bC8!K
zG<~gq`!R{|2Z?lj0l=7me#1k$C5^G`x(@Qh?5!b}@$Lt1o17HB=H|Q;>s=}jrK`Nz
zBkSF5WmPzJ1H27GrPP+BqL$jsH~v=CrD3zx>$jp13`KNR6vn96A%1q@Svas5Beug*
z>wh1>KK7fBdQ0<Vh*KD!@zeG#uU|tU8$Vs-1`36bEm<UdFt^CbH|<+HD4J)Zj*My|
z0M&=d3}nUk<R<?k^d$d&RYAekW(`R31r0EWbi8tjPrg4d^%^3YpR6!xY$r9EDVDl4
zt?r>SaV!4bs?thx*@mlSV0;Q+5ymt_=RSJ_lJOmE87lpA0!c}lZ61CB2tmbb6o-2`
z*q=)ZCM9gpiKSGcJ0>T;4;<tA!<Sq6`B2^^WlD4HZ3dvEs2^*s+@T$@7cv#ZQ)PjV
z*E-6<Fs+0qI+n*swXgKUhAz=HJFheLRyMy0MdWT;<n7zmQ`gR#^cKyJx|9CqD81ia
zc~7qP%iIwzViF*ozitD)cnF?a?GJdGv>Nvt_=@(~e_gDJ8t8}Przq2+^C|R56Gp>J
zSQ8<NA-k#^giB2&XGK8IZ-}03b-LL!bvEzy^yC?aa&g(D{yviLT|Y`J(EaPgPPSxY
zNVrZr%I-h`qg;ns`euH9k=z-d`C1(3V(=)1|DOzh$;At9bLfiF^5fC5nX&|6DpY0l
z0l!;kG*fpd3hC)CT{$Sc;OqsE7h|K(&*E=A?dAp@fZ+`A02r94_2kwf?yg<ju>yT*
zTLDtm>|<!b!qFGR&*S9VtdK)Qv)8=giCQqV*sNgrE|<?4V(_It`rn@TUd(Cm8EQ<p
zR3yebr+<)(^38GO<~8>D^j~`JAmEy?U_C!P#A9DdVnfY4BctRg`R!y@|I9CqLTZIe
zu89rmt)6}+G_`*{fmxOqVMhuuDebF`0Rwm>(Mp6(DC>ju{q!$mMmc>A@WQXp<KEKD
z!ju^kmcjXLt~RHAX_1L6V>;d|#!@~jX{)&hmcbuhg^ztWDp8>fJv#rq`HP6i`;&G}
zXAF^)#6QY~^ok(`H=WHu4@wW*<Cn4=S@x;-ox^AWd*ArEu71#dKs&}!9VWqX<gc63
z8$wdWZBEJg^pDO_u6RYE@aLHBDeiSgZ8HEUL>Ckcn;tp0V@jriElG&~8mcIx2L@A*
zhG?~=<u+IcZwge_rMP1(Y6yq+Sdcce?sO-Hy-+wRpT@e?8q9(A%Y-^_k{pZcl4QT8
zkLDqpY3sFN-@iqL{x#A*ByMvbJ0ijc;h=4Yvw9er3_gzWZ^F!JX3}_2ZNIE+rC!T(
zQ6hECgmvfK{taW49sZ2(^;G?j&gGsGcjs~fxO2|CNwdCp89Jq2me=#;@})Gk+{y^F
zkoNrV%`gi^Q=pt9gYr*Tza8C48!4;F%pEL&vY)FFRzdV{M;b|EgPK>8JkB<h;GTGe
zEQ`9mJx!}tBb)^e5<FiH;`lWjDi#KAu}zKDWnKA6IV^SKMW-eg4!|l8?KvS22Vi``
zL(BA7Q&E4d=E8vFq^lOZ!WOq;=1Jhf*bnzwXU2}6@N9`}<2GxW?(#mbp1WHA_}<m@
z4W_5?`ki0(Pf}>iQ(rcD{>nR|7U6^hSh+G`c8K;ijU2koDYA_OUQJ&c++rxbZRtW*
zx}~un)$OZT2(Nqzrgb~F({rM+WQ-c<bd$b6Ph^^V<ewcwk-e7Bd^JIH=b?lBWX5zn
zl(AUE0HrFvkwIx%!pYD2GH@>_>V@-D8N{MR1YkOiqwwU|)uvhQWg0y_J@$0<TcpaW
z?V@#biaa*+(ZXp3H7M3ENCFJ{&+wBt$!_`L-0T?-US`{_1p6uWw6q>q4z$dCcE%z|
zyfVjv|18*`_BZVSAo(;n`=+d-iy*evx<hg0Q7#o8i(6DG(6CNFvU*T^idesNBe2{c
zw#6$6@wCJM2cKRu!i<#0`*30)r~<mB;cVFu)D`q(Ayk)<fau#$jc7khG;l#H_7_W?
zBJVz-bc&(R&YNC%Ya84@Xi3kxA=*bAeXxkl&(V{Oac0AJnL=H7z-g8IZr8yNevO^J
zpdq8P29YM`!WqKhD@7)vz_C7h%%oQkmb|!cDgz^sK=BQiFJ2Dsss~yYB)&&%ID@55
zo|L6}gwC~+z57yTFBBO#8zS5r#onmyEFCw$Ldx<X((RkOpbBN1w;JpT?>$E~#vqtF
ze}N}gk340rW1h&<L%z6!x!YNG_Bnb$J!c_0#j6nCkpdIb491v**L^g#)P0nXTvBf+
zS5845n2WRIBT@q<UnK52igDmQ4n_RemiGjs1to~|RsXxhvG&HG_}6@Iwrcu&=I+Us
zf*m>-82{b|iaWUSLr)5&yG^`jxxHSz)wH3pNJU^tH#Ee14x>zpecSH`otW`KU|FPl
zyDkl~jGmb(M=#Oc%UsuDS3WaK>>g~dTl9^_6AvA3UU%OlzTIjZFY53f9F$hgt7X@<
zFu?qjc4}{U))WUdN_>FAR~+YSc7=N{)C>Z`o|b69!WxNx*d52w=eQR~If{g6y~(Lt
zWLoKJVyrc`foiRweGwYfK&w49Cc@#T>X`S48FkIetZpHl7~j0Yi(g1Nz={eATJlC~
zL%)sGt@$Bo1V89cQP%W}%W%y$-ejSYL#s=Nl@3wCZm!_h#dAX<C%sa)BuQ{d$4Cr<
zST3KQ?3s}?*~j-L9=Iy`VXY7Q-k;i6BwAS%y`pvD_%^#<y9qDb+mnfsx{@(@KH$16
zUg+xIv%~r(C15XxNHCl_Z)1$ZW$5mI1=y3!5j5jH;Jvd)CKcZXY!tGs(Ik9P$04Ib
z!yTFoq@}6G&L;BDQPgV`@WABd4N6`-evuT~eRli`#h3mwJ2ruY$Ffdiy5D*qJ>NEB
zN9}7kFlDCYN$a0M0NyG?Gw^a-xu3_C#bNLzo40wWSO;-U;;c8+<d2B@M}ZJBqtPo~
zmy-IlmOG>t<uj?fjLV4?gJTI??S{hZO~Uyf=Ojb@ibBEZLdAih#RO()D-pGvIHqJr
z5|QJC%deUTsa#^)-echDpF!$f!sdT;wRM#?Pv4hK$(EfYvwekJwxAXwOW3WVzQ<GX
zI$hQuRF-un&#$}lp%G3XS}iTyS&>-rb+AuxMlA|O<1zuTHWr|}$f30$=15D&d^vFl
z1Jh!(C^T*7DNX!*i{k++#09S&_G&L8ElxD;ss7L$mZ5J$$By{-vF60L@?^)ub#u<f
zVMb3z6unS}?Fwab`!zA$#nH#&yf3jctapc#wRqf-pL}OJ?#tGE)gQfVx*Wjr+g`;#
zou%M-Nl?z=nWG;y3htgrh)JN^<F4-cEKDMf)^++Ui_{B^h4!^mbDl)O1&HZ(o`v?E
zw@4H?X~k3-WAdI`UP%1}Kz?3s%gN08DciEqoiQ!oj{B7OB#uSohC)Z2PrvwY0)7C|
zn#JqV?iaPo63l<;Q1tCiP9^Q^{QyZf0U39G)L<A>h%@=gd@rQnlgwXVlLn7#FtS5u
zecMdx<A-5cmvDzVan!wdF^^MK(PpVT@aERODcU6o4F+Npxc4&T^~Xqo*XJs^Y~WD5
zpvOZJnf~RfwcFtR8*J#N(^G`ifQ4lK6xA^MzM<3x?#!|X1@y(GDF}9OlHa=P!`o`Q
z*~FiGxrRkDrqEsS{+^^P5Z*JwT!>mX*+ahIOvN<sJYmI2jXX>C^4lxGC&3A6ff^f(
zy3%9oQTje|g5Z~~j@?n*TB#DJeK8${FtYE?8iF}Evi5|WW6s=T@GLL8^L?eGPNj7f
z=?xxKhsHcsHu8O49UCiuqF|!kFH){(_o_IYg)74WI@tmWuVRik^kkQC(@Pj}3^O)1
z{}8u_Y?)(EKG>Oes)uSOyf%M`S#z*a5ZXA~GQ8n`XWxd_vELt1%IYEWE|c4u=4k;R
zhWeXyX<5QIz;J~L0O(}1W{J-VLBjf`B5BrwOCTLSIj&9Mg0SrmK}S^7_EVK7bT0%)
zD?h!!0kLIOZktc=D%9}OF3_hMi;wHi8cH~+)Xd0I6;Sfykk8`w_08(dN;ioynk<Of
zoA*3Bv~L&vyvT@#(!3<S*6d4gxMe)St!ku`0veN+z+lc_S`gV+3x0{YaDXwf3jJ7C
zQr42ThY;?YrPesHfyGeVkYFys;tBBl&K=k%+gA8T;rB)BZU7U?I~xyVlpPIo`Wx9s
zq>S*J-E)|Cuv7V?_&_E-Au`lDL~kJT(vGn;+@dKC_s_nOWDpYoeLVZLlc(#iSo~J{
zh%MR|uismvYMeiU8(k!$UoLCdewCE?ChN$&5SShx<eSYVRzencXScdkxfvjC)_Jr+
z@g3Yi`w8FgT)S`KUx>_1%&#X}HP3?0mlIQu;!!}nk01UmYFiEX@2Paw7Fr15ePDIg
zRjFwV{Km&LGZ929j1$z=bPZyQ3~;6ZY3Uwzqdb*S9+IK|>en#{520$9M=81#m0~69
zNy=kZ6h6iQrl!8MH5h_O<xjp~9yQOO;#=MFsyR`3O)CpECCZZSC1sTflI(Qq*G4=3
z<|gI!eb6_~Lh&X`hJq<esm}?MHF}@#095gM%swJ|5=9-|WDGIi5XGMm{YCi41$s@F
zjj(7V?w_v{^FoCaq3%$;d}{OPCNlSy$9;k0T<3EZ^^gL7PmXoMML=xQZ7jCS-=x=6
zIY^G#_4iks^!=0M_I%cwNDS4tn<$}?c0mv|mg^$ve<2psk#7aDX*YP1M*jj-jw0d~
zFYpFG`!+d;Xy;=P_NVly8p~4yMkf5e8h^q`@8gxOn>jQ@+z|`Ib(3$GGHK)sRw@b5
z$d0p>!}|!)wr*FiOVq3f8W;D-vvWZ{G}u0(hP3HK>03pTDToa(QT<ttqu|-pwd1vs
zC6+#Ea~5&@`3L0TmbC7NVK^-H>56^GI;FJWZkmzj>w5`M2*z+2%?hdjx7eq24N=~4
zWq}qfgSUd0PZ5-Q@?i;A{c*S|DMg@TB>}^X(pI4j?5(0P7HrxtjeWck=7%<{*`7G0
zH5KdN09tIpC32WjFac1`<ukc2M|#krU&HB4mZRZK+TXB&tjn~RaNIh+_%@h4zDZ~8
z`z5@;4RO$|y)CLXa2nwx`T|<WI<4i#UDG!bjGfPtPgQ;O8|0vtX#-HmHC9{Q=-N0b
zfiti70>$P^gUam>-gCg6sbCG!K1@A-a*ywwe`U!aaKX`GBI-dA1nLkP3EmdHJvE9X
zBQa282D&RWR=nQ>3k7Gc?%K-nLcBy5RP+igE+t}OshaZQs%=c`3XJu=QN+)!^d7W-
ziRhILF!GE+B1=r!r{AY0@$iwywJ4?{#b3GHrz_~wlCs#OhVlUP*sF$s>Y);(<jeSe
z7#(UzeNJ4P5pC1+el+Z)yqXksMWUz+=&to!9k7dY<jGea<vyeRb2K;$EpOY_V<L~l
zet6WzesTUx5e^Vwz?HRDpvWc+Kb#xFL<b{<|5ot(i3GxP_N6~V_KT=r<#&|9`y!8J
z-Oy@VC`a&KJQ5aGuL4b8+jm2S@`Urh>7H^>zZI@~qWKmnMhGqbzM_E&XfNl&eE~it
zLYnf%dht3Hv)6<i?M0Cq>Sl@_D#{8S(HHdMO8hvb7waH)v=>&xp{hDX)NEzUD#tQG
zK{z>c$h2*oP+8Xdfck=rZ9=vw4Gl=xt*JVPCE=p_%dtGAGmU|RhQ~19cj&6*ZEERt
zM3!To=kk1%R67(u4!GZC^|D#4M1xKXds~{?60E4jZ}IL2A^2Doq*2mCAcoPkj@R<h
z`QD34sE`fSgBGH#mz#DPm`uvoEkq~wzM}`Je(LzKL|KD4>q8wasa0u^c98?xS-0<B
zFF~A@ly=BVWjib%$>+%_ZS42+Hb~T1N%~~?jl)y*N1{Z>-E3@%?NIOo-|F7HO9d65
zoM4+10$W3s@^Qk&bafpsb_TL<KT|JWxcB@nS4K^XxOElhDj3Cr_M*|EhdtQeVh)uq
z-*?{}ei4039A}b0L7Md#&xzglJqeTAVCJVnY*JlP+Y!PdTJP$45^N?^o5f<0rajTE
zZ_HbCzpv4wnHWI1qmg~4`k!>Mmi^JbKO{g`*A;FBS_WH6BMLwRr>8W7btC0`<bff-
ztu@9~FnH(lJ$FwBbF@Xg@1BtA9&lv-ops?8{LbI=%C=z)ReUd1SZO+3$L-R(;+q-#
zOJMEBoPw3!dQ_kidr|0mh7!*VX10~p64LQ9<UYcx<KaN^?x(?Bc|EXhLEPeeTu*MT
z$P<PNVwuy`ofZdRZX{gKBvOH8&d1-#t(AFZ_KJByy_<eZ;DJ~cbam&&UC(*SLjvM{
ze?|#vn$>M}%zwXW_7QsZCeaHuNV6JP_>Bmi=X&NHZb<|rVd8@fby6z|VS&laxHYnP
zxCQ#F(+BBAh4o|^l)EoPXXo0YE1q4Tyrj-^qK)6PY<(HcD|1PnErsJ(KMjh2<&byQ
z)UKPw9@4x|^Jw;(A(x#fX#IILgSdTGst@VHJX|XN>rn?L?mQnbeju*Ka7cN#V8K>h
z<NRnoQjeUo+8KSFtoT^%n}oM#fCtv=uH`D&)k~B(6MjR^<z;#heqcw#F%l9d7BR7b
z2gKv%JMm!Tk!UyB`{P^f@!^~gGU;be)+o@UsLK>54tOU!;5c|c$^}gQ6U9ce@#pk?
zMp@SY)pT@zYS*WWy;axLRoWn=9hqO3@tvWkjT*YVyeCA0v=x87gtF-Dk<H#-U)Il%
zp1&LVv&jTRdP7TJn-;b4fuvUza>_T8aefe&oct2<7u{0baEQ$aiQXg^SN4KZat`vB
z!znvI^M!1jA0WFbLf0WE$U7#Pw}H`!mOdU?_R`?P`CsQ<LC30{Qj_WPG8UvD(zB3(
zk_g?vprEUmWLXbHhZG<wTF|*x5k=6hka^Y4d%bB72My#q_I0Rj9I<RI1S0TCHmY}*
z)F&v7?3^-<F+4d4T?6qZL-<Ma(|>YGjl{CByE|qES@qD=k;A)evh(|SZiHNvnom%I
z1{G{9|JgvPF^#(#gdao@0rU<ngc#}hl6zX8s%&_vq%1279=#aLm*nlWh1`tuzk@?V
z5qH_hK&m;20B0f~LGW(a;q9BDp&D_R0PC~V%Th+!HBX2Dlk9$PCiAm7zva}QrCz@o
zVteQLl%DY)Cr)~U6<oZsBQd(4Hp#*zWzowa$@1v*_qdUVcV+BJ09>riQvciN0OcUb
zo$d6nyE0Vce+W{!5&>7wixDCqOT=M+|1-?}A1TBsIX)Q;@&omB;rmXhAr<_e-FfQd
zc}0?L)%Klg-ZNxRrO{x82(Rq-7~PN7jmC&TPT#3=J(DKu6EsaaB&YQsXQ-ty$#T51
zcVG`wYv$4<f>L4F-(f`P8FXpse;Gvqorrr?x7-%;2}PYX4jwBQf{cF+fcZ7?g%qUy
zVx=cVvJl-TmG^y}EIWkVP9zQ<JB~B$1w;x`5_u1yhH1(8?8VpFGvmyB1fN+b2L0?i
z{1CMe@CaAIxCubp@}-5E)k~jPzWDjg(USfELhCaSf9J8iwDxe$xB$>&3@Q4o%86}8
z<R&uHN-{fKW@s_P1FAyEU=DxRaQV*mY{q)~X^d(<SWHLaPN-kQsQc@v%)s91R(8Q^
zJGwBhnOi?w{~?aQTxUyMHrNj7gJ6cBx-LT(L}p{g&&-K|wflF!3-{Q!NDRj<e{LFG
z9I<p8XykE)n~DKa8aDeu*42Z=Tk+_Zk|Wn_P3r3`e!-&ZiIF1>O5&`jjGMh4(pvNl
zH>R|I(F`FC&O+*rt0P9pyaqmQx|#Y83Hg$&5<bZG#rz7X1@@H6Fby1X>n&u{J4PP!
zut-hEtz=KTo({UmJ!7#Hg4;;s`R;5NH)L;;5^w)??$QB*asA%dF9*vdFQj5Alz%)G
z(u@i>;c`1@2{s7l*;(I5tD|RH<=9z!BEE8%NMQkAr`jxE%Ay788?dk#MX8e~AUmP3
zxMHT?=uN9=EK{&Ttu!tS)8w>FHPp2;W=UDe3=OzgenzS1WX$TQpV%0@ip|d3O)y=1
z6@;lh<=Ugfjo)ImTyFhHo*)<%Fj#3FxD$)Hq6s9xuivts^b=+Y`WftQhSfA+Q_W!(
zbt1P4oC+X6i#Q{&i6rO;Zt~t;zxR$cxFdNY4B=6+dW#AOqc46vR})B0`B9;orS{gY
zZ@S0pG}nXL^5S!uW<S|imw8h;#S65D9IhI~M9&*|VkPtlpz2epw4o<=N3cwgse<gT
zgT1GVi2^U@_egeO2z0bj!dY@8eC(V4=eu3LpxT_yhRX@v{F!R{CQ7nDuZ(tU(L<G@
zJbC<8>7<%OaKM$|L-TY$rgqh}VD1wEPl6-F&6MKrHY7#AJ;@{0K=t4BsBqMMK;&<a
zE&q(Qc*e{6v=9O8^1cAd3`uW6cG}sIqAQRNdilnoot|lNy8HoB0j|cqLa}*IwuZVO
zblcMglY4;=q=|TD)P4Rza0c@XpQS3|(Kh+T5A&Y3Ed670cf9L(97U*YMls#OABrla
z>P_qlvr_ZW-Fnw9!U{R=uUBg2L^1|WO380H7nr)sV^`>T9gU6%>Wgm5Ntiyu43);&
zl2mROQ|~`|%&HaB3@W{x3*#xRTgHbLm$7@iVfw-R!+BG&xUwK<c1Lwnrnu6Gy+66v
zSwTNtFM>YQ3R^j(7*h_pId74jbW7C(>uLSf)9>U><U0$F=U18^W<-)XuSyzG?JS5R
z<oyPa?^<5@^8|&Ds6g{KMQnl8W5hmj_g52+;I5`+2{VzSz8D+!f4lsp%rDLJ66*iP
zJ}#_NZoJr|R-i;BJ*(k8OW=L_Kvox@Z}qxIG?4nKJ<x1UbR-*wVxuJ*NRW2(<|H)*
z7M+&Fc;GmvkL6UGgXuwqDz1%s7pdogk3EqZW@MjlF!s+zY;7%l<xTv(l0!b);X4Ir
zs)WW*sc|K{*dBie^Q(!DnC5;p<1NVGaV`7Od{r&+2#7f9Q<EQ)li!>hRxCcJ1HJro
zY84albSEq0Bu5IEG_}H%{oj``e1ireAr+8RX<o3Ou^$Y7{*vg4E?j72Zs?pZM@;z!
zzD{X1ux6Fs2^3U5cvLj30g-n#@e*>Y88vnMkgPdW6*MAC0ncKbJIrGk(W_lo?6fDR
zT<OoL8bHyeYXA&TD<gQ?p*!<MFxo{h%RfHSARM#}><4Q7L0%8Rr^pJR(w<>-^<?jy
z!|)s*Md?-WG)48<=d+qi)OgH!zrS4akD6clS-1zje(XcBzm8EWB{tJ5;4v~Qdtk$2
zrWqN3XgE~-4$HXWNRzF7cvB_E5*%B`R}IQYu~bhJt@TTDoMBXhk(}K-%*nB2!QX5O
z;|zVhJ+4}2VF(7M;WHh0%-LWaywt#E<akS#k)pz?EH7b9h{Ok==L7T{27ia4hms_H
zI$L`8(-5&Xt-^G1m7)QZ<A6C$$G9Nl&^@M#URS#Kx+glT$K<;34Ip$zCQ;43=3~a8
zt~y4lcf(=P8-ND(D-J!fltX$8_@W0i4^lX8lvn;R!?229c2>E}Fb7OCO_?>AV?;bG
zr_379vCaYQNJ2aG(Mx({-@rTlCp(SKG_EW1sZ!SU=3XJB@LwIgo<n-}8Z8Y}`JhnM
zBU|P0i$s@^O0g0E{E7A1rD~bE9cm>R>LoLMRDH-&My2t9st$Y;%*X(ZP1AXGpfrbt
zb)anVX7a9)cU1^oG=+%C71*>cPj~jFo2k7!;!~YsfQ3;(gf|n*38Ec#6_nV3l_fZ-
zY_eK5E2X1ZU&bg+XSu+dk!{*=tH7NpxwU#dQx@Kg3_elYu>5K9@KjosoO<OsH#7~V
zXMs|y!|NVeBd#Ju50|>MxK3W@o5o7RU(>-WAEI|}j@TWxt$rH)B%Xeyu^e3nA6m~F
zQq?cRd-9^s8JR^@AU>_sC#lEdtya<}L7gsDe39IM=zc)$<7cI(X6=LMypAk9;JE7J
zvleWzHfOZzw}4_IJ^x<e6%8YL$_i5vCQ97aA7!<WNkgNxnKdu;@uRcb$2-+&T_2-`
z%h}e#y1LVV4u{bTp12xO-*~A#oUsSndvZiOr`F1@n~?H_d_A-4AT2|So`!FGZ^0LP
zqhxbv?ccs;_k6n7P@dN+{7Km)%C}K7oZH`YV>`dT7fAN5^g7ph&%ZWUF5Y>g`YpJ6
z)XJz3&h4xrv%kPsZ&C=Cb|$fRH3g}EhF#XkWdC%yr`x-)?{1N)pIMAftrR%PBkn&`
z7*+h_)5N-S%DTGN+{MxOD7d<o(3zJdrs@kU&n7TV)MKyx6F-JB5||hHMMx7fyHS8m
z8`HnZMZwyo1<ydVST>()mVUUF-PG*EcSHkgf;QFK+Cy>~pg48KMuV#AZEsMmBgwl4
z$8vd?P77w-ihV~6yifj0C1BfSpcumwX9fmz8J`-bltf~M9qU+!g*e38!w3?a&cRFK
zE7vj3kzx2j{^kw(m}R<;``iV3&Ff5b4Dlg;ymjcu3}3w%N?!`T4t1u+^T*Y~m87k)
zuXJ}Y#;LsAzQvYjs|_L`QVC)vJvViYGwr;1S34*dRakrgZpuw|pPS|G$?_#!z%V~{
zE6bhYkn9YVHdd(e@%nR)|7rg-Gn^*PYM=FfubmlS%D^F>MXKeU9>&pLwmGlRrJUxT
zRhGvL9r91lxDV9jZvsqO!ggP`1@)#|g}3(|eO!dnvYX7|s#I3nC)=onC<}}LWn*_I
zL5aJQoyl-QG>*2;Y|^o8CG7oG73`|B9XTz5BjpB3W>i3QY&&@=KFp;G*X%RzllGwf
z&e}#oqk=H4?-riT^`L?glZyLaVMefxFW}w-uhXaHT*G0LDUs3<o`C&EIGFe;FPQo%
zJ@G4$-N>vRY3`1{j7pBuG+4}(9|gav5Cy|XHJ5l+^jC>X+?$yMNY%Ft&fKtD=)j$4
zGvRvp-k+iA&Y*KH?;ph^qSbk3Lr|0n?G2k*u^*8kvQ`HSmWK@FDNhidsnqeQRPCu$
z1_QliWZETM+9gz4N?X}aZ4`3vv2#I-W!L!o$yo&cn?=9nX0L6JX30kBF0lQFg*F*{
zHW@?|JbdxmhPXEACcgyEh6eV64s+kZ4UlQokFsJ!Xa4-i8E@;sx{aK2T-}IxR9t=P
zV!yn9Fqjyi&`E^J_c-Bxy^M3nc<+O7InHECzEB?HyCMdn8rP-RQWSuF*hQ8Xbj$UR
zZn7wFwm7iioAg6Lo<cX1iDX)bsu0Xyeb@29nXs=|&NXhyiX?2iebH6<s5m*m-jrcY
zeuJ``cQA_b=2es|(H}mxsnCJq(hy`?AF_Xvq48N(N01>Oy$6M4xZf6^%-<_kwaLX8
zn%+D&*W4U@DAt;6X`~Sz)>JrH4nJX*GKZY+L2c((DntS;&<Vbm1sHWHypdRZBwBow
zeM_lOJ%3c5axgl~b_JJ}xnmMPh~7-IHV`pADs&2$PooatT~^0KJ?f|a$?W5Ke5CVx
z2JHq9<&hWpu`c5?m0cnFpP5&e!ufQQnquF63$=9TgKZ`*g&O>r79R`8W?n_UMbUi#
z0E@+>flvHKg%xQKEsV#guwe4AV3T3#L_uAqJtxFEy2)S|-giiXD<AkC4}8zD_{gyM
zST{Dq9%=WV{tq!}8ES*QrLPGUB*)aqH+{cs9vpKj)c2iAq_qWgXAU4i+u^hRzgw~{
zpK=lNosZXE+<=%ah1D5Wd(&YX4u^P?N!Q;mq;nD~P>!i_Zwd%*EO;-4N2SLzD&Flo
z$;uR#9~tgYu2@c75`x>QkD)J)p~+)2+>t^5!MBS^TbXBZPEOcK&-8-it?9MgE38;A
zn}?-&GAfk!og`!mU7i1r{wr`h&T(Y_%tq#C(=tNOO?CKL(^V8=^yT-9W3}Hi_&0c{
zkJ!B+#+(YHeW!BiT0z|-g!MMsAEn=~jDC)im@Ke9lWe%<L41zQfl-KvinF`_@&fbz
z=N1>Mz>HwdT+s$zjG9r5Bb5<hS3zy+a;J2s<ym2&IpOkKI3fF&Id{WPXifFbZ}P@_
zsOxtrUF*ZZNE2QdZ@XS{hZycVr7KK@vO#+$=cx<bYjx)2R?_Y({y)0j1RAP8{2#A`
z$dY|0``F7`wn?&QUn5H)3CX^j?6PEO5MgX%7eYczvhQV&LiVu_gBfP#{zjkg`G5cC
zch2ve_qq4E@B6%-=k+Y(I5YRY-%LA0Wap!#=aLz3=A4WCbtfemnqc`5Ys<2ASpDvr
z@~Kb$eCL9k!#;<!VH@Ko8f7F9cCv8rHNd=5+2$Rp@pafE2cF-ZhKL92*+NGTi<Kvw
z@?FdNj*?^lrzi<WzsXMIBiqG@^Ct012PMEM{5W>wTdY}7J~1m)C)AhDN6F5^g^qmt
zmARm0>g&imD)|Am50hQoL+*}+<!)Hi1<1{ww+>J6#&rKHO0k0S%v9OnQJ{3bP@NRR
z&JfAD=Ad$(w4v}C5*nmvnBw9e_Fq!N2ZF+>PCi}<0VIxmb$QVjEwQmfJw|??*b<pZ
zWpq2+v?qC_CwQ~<Y{{dCWy%xI`N*<9pON$bX-U$J7SbJ$OCk2}f=cyxPcQIU3mo~R
z`$YH8rSr+^YI$Y@gk}TkhbIJ&e2w!Zv&**8fuliEa{2$V=bitdb0NcF-#fcZkMifg
zqFQ<e?u9Ct=WC^-CZodG92SY=TDEXn5dGl0e&qoqO8NB9f4TeJ74-5-$ad#~rE~rR
zO5{KEI7j}n5=9_4zf3Pehb6f^0;Tjd;?pzFOAt0ccFAvzJp5DeR2vnq8cXp%f0=~k
zLwZEWzb@BEMBb^->mx~`Rr^`G*)@dx%M1F&7>0)W-_3s#`gqE#NpwZ(X_Y~>IU9l_
z%sqGIg;kKpFQ;R%q25Zv!Nf3SH@y<&!{8{%PwGR>QF5@TSiI3t^N;k;_kviwLrB`(
zsc+8GtcTIOI8{Ghyx%a_En-V;j88!sJM)Nae>V@Xn>n|d(Haacu(PAxN5~Zfhvat6
zyq?~zPsyBTF!T$psU#$tw3mDp&YbQs4QAhZnwczVS-1%%E^L41^e)3fG`u!<UFUqe
zfW{m@OJI`KzHI%8y84_-Hk`ESsgZ>kdHt310=l_IYIi)9JBHGiD^}6Q@kF>cF2m!Y
z(PD_zVz1e@o|83S)hgi+YhO}weagg%r}z}Aak@vG!`9#zV(XLfvB=?5&atD_L#Bws
zJxVX#=1=(Ai2~Z^0~U3Ara!*WzUV1vVBqZD*7lZbbQPOD6Pc}}^$jEO%a8ws*cYnW
z|FbZaRbF|usekwU)@VIXud2a3qTZ};!kVSQ-S@6DP&uSIRo0*Ar9Ad-NFB(pyas*3
z1FO6t?B5p;VFf(d%}6B9S*!6^#WD1ap~-2tIfoJT5aRDGV6u7e<qsWK|JX;pUAcW8
z*L&^}Z#tu7H4{5~e1N)}CPGo2dajVag|RlrbLjag*ZAEY(#$eFscm&P3rqOQ+IOVf
zqTF8@>JGTcf+(y%kyg)Bvm;(x)Bfz|QymDRRw}&A-b9-8hgviA@*s^Gyl=C~hKp93
z0G2h8wzDNJRizsLh!*B4C@a{(^a&iAx`~<1VfyOGlVepi&hwOu<LHhmcsx_z0`bY+
zH_XKD>k7%5Fp2Zh72%#Yw)FdJvYXefJJ_lhNtt&^CCFV@nd3flp1TX)nx*piMJm5X
z`iESt@23?WkWV&Cww#%_nmK!a{3?V#hklW=1z4$kTV?L2+Gmz$RaFT%auS_Y0CLXn
zrfP|0gF#vLG53OmcL4(p0HGVTRj~Hq+gYB&PwpS|rD<NAzpG|lj=woDG&&2<ej)db
zQ|n73`eCM~e``5oV>Q$IfBTsNZkr2FS8f5UeZ9&CTM+$!9{|l6;k6zmRig#9a|Hi5
zfWh?WdzOmzhlg4$F-Ibb5%xE^QH;KU3GySlEL*3n2i%ZOvgtnNou{X_lddSm8awpe
zqTFHCjNs}5)j8G|eLJ!FOY7Kt;>b7~o^)kC#n|EeHl;gQGh#R8K?MF06DhMge@HK#
zxv=V1L7Js(LGsthJ!+cv4OmVFcML*vdEPg6!ktZ|PLu?*9J7g6`&E><+^B7u)hhP`
zT1K!u5?E(VHordl@-J8XWw*{P<`!}#Wm2s=^4<I*Kc~(R9F<4m?TT{tD2uWu_uP8K
zX8T?0(yS_kG~K{tTDyHeD)FqvO+1c`Cyq(e;YmN|Qf^zH2PI8URI=7s&CN!^Hbqf7
zv|-v0LOihGr!`|5%Ok!Rrm=-)4USS48K*rRXAa7hCSK9ylzG}-Sm5o!KvkYDjLkN~
z9A@4p9_Ua;mm7qVBx7!2SSzzXB46f%-3oSY=mBuai14*e!}q$VFI)_iTkWLV?Ptk>
ziWAzuz~f$gcx@HxV!;j^XQew~h%H^uakZLprz(7r>TSsNl=((-T3htwy;+SY5fK5;
zx<=A4n#n+|&{c_9ZG`vG)O3S9o-dz$Fe<ELX8ot<p<RBs*mFMB+e*^$llA*hGlq2g
zw=Qo!tQvO72xhHXE@fM49}X=E<iyiz{iVv4ra1g7{`FYCA3=M#zrv*BQpcz|#O*(7
zuM?o_ejTU?tFsb^9bug%cG#Tn`a@*O)mWZik=r!pO$T$eCy+ib3Rp8F-_J27pJ$()
z?tf-xx|n<XY4COA?)}TE0ePsWlkZ023EUo`yaO<mG~&PJe&Pc>U=l)x`H_W15`R`&
z(^<X4K^T*xnq8DP(gRc8WJ7BJrhqft91(eTIl<v6?{%Z--qlYxHA2aTA{lkm<jJ){
zF$^{@0+m0V%z_&~PY~8(AwyTLvwe4kHC$3B`?So@{Jj5_0mPp2&V%v>``*bXD(Xu6
zt`D0E|BN{l^HhK$e3d?z(~Q$vuAJJ|?H)I_TW@wNsJnf=+Hp)ef~*P!J{;{&_wq*u
zIXg_s$~r3^!pfFCjSdtZU^tuzWZ4L{b<b2RQH+IR#u5&>-hkP|-;?rr6JYhPAB;ly
zuRmPHExx<LC<0`GAS4?A%i!Wo6y!ZhK^wO*fTM0-1)pPAafYrdES+B|93~~64?_5X
zI5S)_C875kq<DA{bfhqdOP0P6-{$~`8!2FR0`=Nh7h_qNE|%jiKq~^_-vA`nJXdjm
z#>GS#2vXb)?#FNl5@-i-$?eC$M*7kIc&}1qkln4VXR>QE{g96d2%XMF#=oBF*bhzw
zp=^ZC`h{q61Z=FJw7L+bxFD;QMne#UxFkcwp@J7---sYI3c#R<H%9=^;GzJ^eh~9P
zfZ*dyC|x)M8V0bi$zH9<pqWTxg+dX;eFAa27zHuR2Y%d$G^Am8QT#|@=tA^)K>!{r
z6P{yu2Vrq)2J`yZ55x#S5Sfh&tHW48YRz*U2Ry`n5F}jgT@*(FHN%U)Z2-W{n~*mb
zsC#Rl{ni%C^FgUJAWD?LObXG9Mrf>ireSTI2+Y|RqRt2aOYY;LCN3*=R5#$-27+AQ
zK;$1bzan^=5|~E;9w;K_2w+(AOv6Y$!AZ~q<j#alVhAz=*nsCNQk}}Qta42HEi71Y
z!Lq0ML9-^t#+hJ|jWA#L%)k=G=}8<=i^3HDeL{@jk-@wU*5)qY2SsEYK@ty}y$Mn#
z1dCBXXK+yz#li-u>IN=nBbu5CK-Ma5zKQOGL;fXAJg0sOITq0DSu9=hOgv~Fz<EeR
zJ`67k9bJeOSU~2&J~;@&oq5-Te9dzOH)BGO9|iOW7kjZ%#W;^#fJX%Kp&N30#q%8o
z&|LT2t^vRqxsVU?9Sp-_q{XELA_4rsT~UHRDI_EsVY}{`g`IaM_-9{;h9dw#Pi&$N
z*x|;L+=<Vo1b^Zp9&4T(#0BedySc!1C?f9&5_#CHhhw=-@P7kvW+U2(0c@<|Y?@F7
z4hw;|DmnEl?hzWyaTAQV2|nC}6Twv)kj;kV41@L8VVOAqnCYTRnTTDgTINxVo45mL
z4uX@9?A5SkUW74If@?0Y0)^ysLwHwULMWKTks&bxK;$k!{JUv<%afDUk3Z+oz8|66
zvsk#aAAb<gkK>Yt#0@X<9$kpU6u~aq^wgN3{LpvKVsNn&TU(0b$_2Keh^Qk#X>ETA
z2i(Id2@sl+5bDeJf=2=9X#jX14en3~dd%^P@+4v|NTEO?;0d`|rQ)}W%}XvNB)Q(?
zch+cL4RS3(mA;7tyf*!H8Idq^S*A&~JD+FWv<*>0{7@hpQ$!%b8;FF%0B-_Nip$Fd
ze4vPTN06k$09_nD31PZyFLD%cG7Z4A_kg}eRD}a^9pTC2=Yx6ikW5NQ>lH}wRY+?R
z*tQoYxnh`wDjUK~m>vP(-Xn-C?mDrj3JvD(W6OL9)KG}x2Ee`s8^wb4E+!CVxCudm
zYA@J!8LYPsTOfWa)V&E>O{i*z1=d?zin41ot6<ZfMflQw!a=|Q&Q=<dHM~d+ohVi$
z1BTrzDX|l^pxTWmRTJ{21j$i|;M)E&F6%-BJfVohBY<mdKOH0GfU~6svZW!Go_L^s
z6_@gS#lG_^{jC?$Io?W#2>Tuw2=ne5gzrdL`u{r+E5fsUQ4u48^042W&>-v;;TQ`3
zi?fI0C^i7gi|Z5<!h>Zn3?)ntoI4Xrh%MC?i1TVUvVOsbslSR<3Wz|T+bQd@Jd!C9
zGq{c_L>M)Ozcs$0@RwY9Jz#uM(LNq#gNol)J`PD*C^~MCzzn3)Z3|ov5^m7A`<vC&
z?gPIRmv&HvaT8fx^w&wr;r)UH7G;B)C6!jY&n~>c^iyiNL`aYqT`3<d&7h|r3Vu`A
zn2I@wi1kn7J2+>x=Q7TfYRvWaBFl;`NSs}!LeI@hIn-86Q?PXKl+EPp)z4rk|A@5S
zw~TdjS^MHIPdzg#`YPt7;>RB&y-ck^eto@>#3yhUg_d)c7#}lyWtzFV-|P3C?aS~T
z@+`Kh?IrXd`@zhkS9vchK8<ZHquFev9>*`1y&ip9LENtt{pf|z_>}q1ZQS(LIm_e|
z^Ww0n=k{_<wboA-LyvzoQ5)Ra`~+5|hp3!^T-ofS>M7+wQ-x-6<1!$XsBtk+d!$Kx
zFRXYn+Jr%O1SD5H8EKN}kLU4bUjA|^JMmSb;D+M>7Nn9eUJSxB!4XAhQR+)-75TmP
z1&tJNeb8<M#Mx|$J83(9T=?o>%8y!(H>Ph7Hcvny&%7@NvxDDtqcbjDggVj_gr|nD
z$=;-ZXUKA2gO7kbG+k@m#})!lIM+@%lU>HdUlK<OZPigBIs_V?GTs1ENgQ{Ry+;El
zV~53#GebWYpkv&}SWr86dw1_LkLByWG!$&^OPRtN2UEfOjDl(48%Ade$=@EhGEu*N
zfOLeaY9jT1<x8#n@=-RLCSB+3yGDm@k1>A?VVbc|jGHM!lS2uw#}|#ylyqw+;_aap
z6PIkDpNkrq;9;K#VJI}r;molA%*6-a&_aj_#N3B+YazX$`C7;zsKt+XZz#L*iwCY8
zy7NY7y3>HUGQQ>^q^cT1GXsv>wvUdJx{suQ=HEk-LhbG$sn24s=(=rQzXI~ma#bR(
zwTVApL3%o#%{$={e~GVy982|fu@s}VpoI8wX=r94S}3f76yAj9Vu1P=G?KtcJ`qSz
z=&FUjdwAMc7lV&mvIs4pYgmNl)0HYhGgBYlcjZcMx$i2ht7J?$bk=qI*lp#V5fJtG
zV$dsxQs_eNBMm`#5;&v)El(}|z*Qv~tM1C8+h(K)+6J>~Arw_<j)BZ=Kw^gHTNeok
z&jtq<qY)sylrB)H_7N0zZ$;mDE_wVVlxE<Jw&!Q<+p!0DpB6&PW57f?R74ku8V3r{
zhET#Ada{RE9Z}<CQ27Ehg)XcB-Bb;1-#ME?b(RCXABh7TA4hH+ObIVDI%ClV?o&h^
z=`Cs?)uE~nkfu;o4J5}SK;ibWa3WYMWZmmxaQAL;Ya*pUcv5(lQ80yIC|e0y1u9?E
zNCzJ?I-`PjeNu^YoKs&gLhQdjt7;*<_z2J`<LIFInn+iuohH&5dO%t{erkMn4W43j
z#t9!YKC_qxJlyeOv)APYv7KR7I92FNb)-C0s8E&y{uG*EEc&402K+J9+t|B!m5ida
zV#-3XBdNAGYzj1T&y`HKxyV;cm%%tEe%u^n8#8WbbVi}uWz7DTJ^~{7kPf58hl*db
z;9ZL3?GcTSMt+EcuNTU4!I2<+bys#>XHZ6=ub{4FkuRMtOQ9?k{0XQ<AWSk@_4<TM
z+ObMBoclf!VSMHZeW`|Ih6)wPUWSVqwO)Z=H*UQFF9cC*h}e#2ef;V2>}>c`M~l@9
zNnL~{at8D#X?z3}WPDg8%MSkuvVA>H3ZhnXy{2oR12Zii>qcigg&}%O5E@8J5S|kL
z!Kjr2?q=M|3?DLX<%Ay@EAqfQLDZT9yhxwtXtr$C;_7`h@#CAihzH0l5dI3>zQC7S
zcc#FXO*gC1ms@wEQ1%*J4FuOY8<#z!dI(dSKE0F~d<h<6+{yy40O@NCM5U9%`Jf3#
zqW3B;!6QJ_4+bQW4Q^;;wrYFzzJk@30_acFxC#i*35OL66bKZ^Qo@ZvYsJtM6B^yS
zpkD%E@=YD$YQq-EwJRGA6?Z{@lE?pm^wnG`b>X0lB3}{RtRi1Y-Hjq>vWdK|g$~TT
zg0@v^DRPv7g5y!$s=K%x2b>ZrY9y*v!3jr!lC_ZZP)Ri;Cv;Rz<T_j&DxR*IXbro3
z%mzKHtTSWM1!Be_g}(f{3PrLsa4!&^3JxpumDhDCmc0bO49XS^d)B0?vNa)gZ2q)D
z7rJ*JDG7af4@m~?Es|x1r-70mh|t27q0+{K4+aE~G8JfNwSCvUnP*Qb9)bS68P5aR
zri>qhY?H^QKzK$ttjL#H*QIch2TlO735IFHRljg=iCvNWauq2i0OY=bKP&Pj*9|D}
z<<gxglqG}T2H7T!_ki-=jAw(6)hl>($#h_96)9iS%nOgl&g&=fpg(WNcR~7^uF|@K
zpo{|9D{wkcUc@*X$hiPY+(vf1%o1sn*2Frgu?};)AM@%_yWX`g*nM8sxfkJ%KmP9D
z-_+h!5cX3<UF&V$YtcQBTTx(=`i*rU`>2I;r=7Q}f0=Hxu?-SPJcxK*%N4D0Egj8&
zkY%p+Noa1#zJ+>k%4Ko|k&N+_A)HeY{xq=zHC+%J)Z)hkFQ)(%!u*wiKW+z$Ckgc4
z&m{<5W4v+8c<3MV7EGyXh^i0-!VGctfDFxBJ^dY@>Pd@|dslQe=(BF6*IlX=qv5eo
za8H?Z`)lWA862Abvz`!{%!F?6$)`m~7sgU&Eoo=Jitab2-s!xxpO)}Pj#DX`@B<d-
zVbru0M$zMW6lR}ET=*4rD-T`u8W29)TR!_9)yeS=XSaOnqFZfmiwgz8s|iyY${b%i
zMS_oOCGU?dNeQKEeL`2}r-jQIFE$TT#tnv{DH>Lu{Gol)_lcKI>3dwO99|gD?G!M%
zuTr~jfwL>+hA^7&?6FttorPq7?AQf5Z=WrGJ6rtGMo>U|0kj77!1?T3=O_~-@Ua{3
z`Hi3u-9{#~51@&v5k%Ggv&C7W>IqTx;eV=kE6|XTWrD&}fTPRy*TDJWuVy@qs~FI)
z2K3vvA*MX15dQ@HVxPbGkS-jsp+7}XoG&u&v8R3oxWeWElBZ}y_A#O*0PnfCLf}b#
z3Y^w+4N03Kfpwz)UV=hg+nMk_&`9)8Ao~A)wm9BKXeLrUHT=&%o=DYbnb7P2*nGET
zBl=$;`ll-fYN~-6qJKA{f6f2=`;?6Xa&OKT6Y!qY0copvpj|~L{tqCa3Cvpo^T9K~
zBCN3f99A+5gt_-gTZ-aq^?n2LI}n>MVk$uZ1hU8308BWd5qZam_5eJ9r#7oU2dnfD
z_8pZn@0xA_d(n8$K0<R`8|T0|aNd^NvjfpeA{aX2Vbg5{fFLAVf4-RZUwq>xTfoO?
zJS-LuW8V8jjBnplk)r|FB}UkJw)pcx{iWH{Q^fyR|3y?kiN^1LBLqaZRsXY|m;4Ku
zX2tJ2;rDlJiR5TSiRyCyk$FT^&m^jM69Qt}hA-4Za+w-{k=tkBykki4{uyz?h^-A6
z5jlbI%-0V?O#lVq9l&=7K)=emeGzI(gX0O}wkFVK1+-lxX7Rqp4nd*xzs#uX;(2su
z0gPv}*l)Pu0`ac5#V}!}ZxizU42J#)oCl6H8o~Yx)R(xGt9}t-QU3>pcHZ2$1WNo*
z-j8wHf@6|_!OtVQki)Beb2iaS&#P{5BH1lDDt##u=NPe9f?Q-C{T=2Ld-&`At8Zl~
z&o-}&3SORwjBKLjzfbMw6q8u}I*MEt<ny%0bT&{q#*WPpg_N8%Z_CDvxbQa^sG!R7
zlJ^7Me`-D&&KWEc4<Gt$`5Vi??TixUO8FFMcG~se5##D#!%IBg?_zp_79|#zE0rL#
zfr<4lNMGXL!*7`s8a%0_GQ4ty{#>ZV#7K<Vj&>4I92mbb3cb0ndIZSRuP8q{+I{RZ
zOUW(KqlJg{IVy*dais8bHSJL?7#GSs*Mi@u;O(=l_d3kw5wI&3vE*|jel_C_W)4~1
zb4>gQm8cvvPx?FG#)Pj)SnNN>7^MG-f)-;CUW_xn!UHHypE%$LinEz!<}Bq-?z!Q}
z!E@jZ7cwmeKzrqC{JB-pJWZwd6LL0Nv{#s}0p`dYhO`O*Uhq}0GPe`@2ah7R6UL|p
z2#oaxM7Y^^!S(zaCPy&Uw-fJWA8gfVsGFc+s-HL8JJU6U$%Kz!{sWM4(?cGSe5W6@
z+=kNH+u)PV-w@xZV!W__iOvhcM4uP;o|=hg2954Nr$HowiFQ2ihauKPr==H8*Ya|S
zPS=pR<ygbFvcSNb6WDB;Xa&}gr|*rd^Ux72ml0o<BGGE{xm;8!8<5o_tY{BF0+ok;
zSMw<5uT57IahXJ1!Uaz9A1-^6I&}kVoMz~SBO<p(p&MY5bgZHFA*>OKi|gx38pRc^
zJc)JD9Dzu~v4+nYf$q0Zoe{{{9Rp_*NDzU6=`K^>MT$<(2999i1GqBHL!J;_0)Nj$
z$qmD)K9nq*F>!tzS7v_!ZTtrv?aAXEgB0=AE@KRNY-GnI#vs23a9YCH6bV7#FY3;I
z$&Hk$X4D<ScjZ{xv~{q+9OS9iR>?Xzj8k}GHT{CG%|E^ukq%}|LRwn@D`IN7$7B>@
z0zY;nZ?wp%ydb=j9D$7g%dX+S?8^HY1QAvq{!8x5IAy>~=olus2hO|*lqA`Jm%G|?
zB_dX-XdO)BN?3`%NYed(NkTr<eYXL26*(iaMd#b*1GDeW43$oKd@kZ-_!WK-$Y(Q&
z>m$0``AJ|<8VAV%$dx-h&H6;me@*Z_pZJi66%lm(l*d$;(6y4bP>=h8(l)dqI%9Sv
zIR2}o?muS~a@lLx6hRFD`Cki53m?Ot?SXqQSjvpZ;eVhWHs=swLPXfVLK^&ou}!h9
zVGYezO*t=st<;COzW0-m`@bPnB3Rm#ICc+A;YwjF2N6g{1pW)o<N~NA|8ShxIpzHo
zcZeOx++IeEw6%m_+J)DGB>*^tNdBN{owNU2zVa8S+9@^j%0=>w<*GfL-!Mk>mV0pV
z&CgL4%`r=hyO{ls8@(n>V=b%%k|D5hW?oBQZ~6-{0>_6x(tY05msb*RJ=%Jv^g*rR
zMy}PvA&L$aUONl(SRwC6MQ?;CAMpunDv>TOq#89=9R8w=37ZO3waEH{1RkFuZnS>3
z0$JNng;p1S*IS=z{y1Er*x(1R5UuiqcZ}D)Z~Q2G12DtAZrt<>P>6qkeik5ijgRi0
z5zg-OO>VmG(HuT56gUSyF{NBUj-(J}yBD0GtC^Y)Pp2qhsc<4gI*UHK7o4YSk?K!-
zZ-8vP$`{5}qEHSc8*el7em!|lP*{7r97;33Vdfp-8>t&TBYbr~!0{$)YlVWtX~HWR
zOIH+`vV3h|GIcIUfYF`tg?foRmtLa&{R7224xWidKLi*juP<A7&OD5kOP=J%(M}ND
zn@2<=fZ%1%G8a#!OKtIQTX!{=5sAGwn?J+@hG^Y|mqG*~#i8fTHxQ)jReuNkt9QoG
z(`A1Qa340eWp-V=J>gO&O-k_q<r!<qA01r7CV$R}?~)czO;cMzJDbr+0Rdy~r8EHB
z5h9(f%V<>V{Pl9KXh`Pv`8r){cF=8b2!D&Z>z?g<rK>)c72YAwr|gDD+TJI#CHz*A
zJtZ6Vv*Uy}7ee^jA$^aH-aL;gxYTY7vJzvgzB<UuzR)v<z)__mvQ`(jg|MbRI)vNl
zz`ZA=znYi`s&QaWO8<LP)IXei?*A~QnzB6RCk=?!?v(nV-8uZs<iKI5P+{$J;fW7Y
zY$~J5i<~(o?>SqAUwx8hCTd9NE(uSZqjPGD<_qmFYys;b!IxCh<_r%5jF}{ZHJ%_c
zf6-D>^<CMt*m+JX>!Kp@#jua^<s19dDa>0*o#e*JmBB5C{a0Iqo8PEj{qVVZvv_KJ
z|H(t4d;WI>L(UDg!&&M&D8CVZ6EZ!Rp?)!^*2A6-NeJh(rw!h0Mje+-N0M9(=dw@P
zZ1KbLTyDL;l%q!({<rkmW6RJ@l%rE@8F?^^RDYlLv7E|Z7ikdUWnCvz7A&I4-^wH$
zb^QgVN349^#Q_(qfl?a8_zmG6fAeHr37}gEaOMjqdjnJJ9J_fWBd|O}jeDGHAApfp
zSPP(Z*G?H4>$g^t6+vJ~<#5YPW=As8;p)X0E=Qcf0B$^D(WrO-e(!$516&e4xHuAK
zyzcU_d!O+@Zv$r#<3q7V&MvI9awt<jO`|g?6|P2&2qc}tJxp3m1%>yqAtbY53>fMs
zI7tVbrtq>$IwqSD_fQ&a$`@|?ZEOJR7xQ641o6%xieC~e<F>n0f?H;pJV>-O8W|hL
zP`_Och(sxg9Qj;AbS5oglNQ(BV6p|npOJzahR1T_7j>34mT(5KFfWtvJO_2_$KlM=
zb80%+9;x!bEVTtWuox5vV^3`cY8#4$Uq+}UEe0hmI={g@5(sA|1t$)V(Wme{{C(xr
z#$iurwDFSWV;15L7)yFmJ%js#8zG9{ghC$YTTGut=mhl=EwT|UmSvzgS$i6iQ9G$Y
z-_2fb-Ro_5jS|=Go)ASfiUwLc=TAppJfp%ExUA?ro539AqBQH2I5g2~4SNT5!9}v?
zqbMtb=2*vaLHWB$E^WgTWXe9QW1+o1W_<bbZ_4yLCy0-!2rf~ux_){6p4raXQJ^zj
zzOIu!3zpX;uk^naYLE&4WsFl~MaXCK1pb(G@7;ggyFdN_w?hwZi-g&(yQGYz7|^<Y
zeS58;ixfTLR#(F0Ue~>r)ocAB18Pqs5>6z7h2IW;M6|+&u*l{~dT!dlitu4Y=+UF}
z-eKS(7&x)`^aowY!Wh&xO-lW%aN%!cK99p`rsppI|56-<;<(YXFR&7Df1TWNvVw#a
z(ZGg)2`+D>V(v2HIHkc_SHkb8$jXG5eJ7LI2;g+T)w8zYR5SAMe|sf2$^IE5Lb7-N
z%P{RTUsD-2gmSN^6JNN&8<=V57_s`jD+-x!A*_<B%zfZuWkSUAK<^ja_#?M-;WZXS
zL9G4P$QR+rBzpi9UdD=Wlm>q(em@68DJ7!LUHQV1^ax*4gm1QeaA>$MPR8W*9Rk}I
zfQyua$_v|K<#sOkzcwU$YwZ~kFMIdPhiUhomz_A`MxAhy2Hj(VC?63_i&OZ=tGHJ<
znOotv2*|q#eupSkN$_{;4{86KQMz6!{sep4m4FB9W#r*(NsGi0{{R=?odUwpW%KBK
zqwNE$tOV!=Lo6U>KX_1aqC;6oon5^;m+XkikKbzE)Ub$01<|Xr+O7*Vad>^ud(r&&
z^ZUv0(uq;wnAdhUs3Wy`c-7CXE!CRbd_k<UsG6#R<r=fsIpD%8W_VJjf;|J#duwbC
zFSu%@jGi)d-<GeotnqvkPF!b)_&Wy486`YC)6V3nm2&JJ^`?e-&_gMa+Y;Q4MSYV`
zTKSBgR^Ir<{g7NYX_=LO$mQg!?(j0J%wF0!vsaQv_U8o0>cPfj8>wdUx6kCdSIL<u
zzxLk28YxW_ydP56QBz)~`*5}1=SpBP#8L9&Y2$qV_qNd=$W2omZLGE->Xa%if4P~O
zcqpUI$X|xZnFS}<%MuS@uW~da;C}YPpzVV=#^WPe8FFZZ3?lqdhi_nMsWb97fbep(
zGSE{veuO)X(;Yi%rdd12j`0Yn`~s8MpV27<hms%sRYh&um;{fetPOk@L*XTrdB=EI
zkGt&`L04T)hXKmescTI&=A{&!PXj2oFEz83_`UWxRD3-nUPDsdsJ(ru*nM2_o8GG#
zCdqFftbhgsS1yMFJ!|s7XyUzfDp#(hW;_wXkB9rcZX>@Z7t*j?LsG{aLXKi)S?dmx
z9vfWKS(El&uBNW@#yGoMOXhO9WW3Hew-U94ak;b;r82X<ft~0REZqClrO!tF{SD5l
zHbXn@Zw<Jj2|L3}@E)hX9Z$?$lQLqmzTKrXuez?(FuQfdsqsP0t*>3u9Q@e{=CNfB
zd{tB?ms`i{Qn`CRk{fSRQ|SSJIfpVts+H^1bK+3yoM)?UH+E7XI&nMNpV>PH!2%if
znd7a|T0Gy$L}%;~6KCC@_wu=?Bl_ZG@FLY_;>mUubyP+NGaoJMGCSnWhQOVJq)H{v
z$}=I6a#a5P(S_Co6wQ;hIGU+L!!I8@F#%OrNZfJqH9#uPi!flRn5kLoE51{^RBOBM
zAkiKkPsC-=`fKmqkN~c_-P}p_By+>|DMe>M0_rj$-~H%%0cZ{oV8!$100;zaz(V0p
zu4vsia9AY5zdgDMJ$sXg6BFJ^{c$0<fp$`th(cgo-C;A;_yvRSn1G541{v1?bM-sG
zs+fdcv86S0D-*71TcR3{;3;2&IjqHSdC%XwFmP)p^*Z^Be+<AG#cQxvwy`L1#X7(>
z?ZSrxRNfyMc9=BC2E%*rGZGERRl~s}KMxJ-yt`<Au06*JTXj8&3w>X+#<PFJf>7Zu
z0Yq;rCPB(BB3OKL0C{=iA_5oJ>I`m3D^6Lbt)t8OOe6Cm2i*SsVvno|6w{%YP$9h`
z@B%L`I1f%Fz!i_$H#!1nw$<neDb%aDcePX!$xYHu-h)H}YN0r`0%8Ep#FxHE8gUHO
zbSRX|>rBX3bqwZR1rhxx9_49yf!3lU5I9G{Slw}xW8Lv|*<-xkWH3DsM7oKH5=Wtg
zO^KysXW)UH{mXv}7*D+MQRz0p;{{>y30~woLiz(Sc={%@HhSl-d+paCyTOcZ$jope
zXN%HV-ZAt9F%OzOG}wLO)I|%_ZkAmTNI-d-Ul6dQBLp~Kw7{p#7nYxxZOn=EA63H}
zq%UZ@*Q+PUTnJwE>f=OVh3oquWNVsOz`Y&}>|glybOZ&eC1Uu|5>p?ee~F6{=8kU>
zaGf<5;U|G1H!qUck2xYQy2yTbyAbhuW`q@3`Nv=UJH%axn0!HxieN#HH##x|x0wl|
za@Ixe<%nj8sdh+C9&>qoLH_R;5AjSf^M@61{0Eo#4sn89Wbe1hu5Ru~`5`fSP6#3O
z<Aw9LV2Jk2Meuzv@SUa$?*GmVALnlqw5D)~t~1+ch#mL>zCeU8JZ(=v_^YIVA+Ihv
z=GV#?59bAU43SRUzta6XfA<6T0`V7}10)`d4PQilRWjL{!Ym2QZQn0ZOR*5)773BA
zlj~d~`z-Wj;oJ1pQ})>$hq8zoiW8Yna-By>tybF+4nhx;Ya>YPqpzoYC1}o&HzbFK
z9q{qn^KiPXZbvC_V9%DsiC2%G60aa~z1BP>LmHiKOY!uRU2{GUuDu;Tyeix@6>9G2
zhHj?p6kmow<ylz#7cMc*PG%vm+kE-fU_Hi;mz;MLAV>sH<7j8O8BqH_Wo{__;+8={
zs$8^B8dR8<!El#X26ZYH%K@ycLj3Msu%9fo3FbJjH~mkSoDAw$#^Vu)2pQet{Y%S5
z#vdal2A{R%c0&pye1;s`#@_(aB*J$hcfIK#6%h?z(|7s0AyE;g?aaHu+&e`t@se`4
zN+ES?tu2!z^B&!cv?W_=RMe6M<}7@JEfb;}=~~<~I%JYDWFzgbbL!D-%KLcF6+lZh
zGgSglp3g)u#{g+#zF)C=DHH9I*7EkZ?GBFZH~m!5iZ|Mrzuw0ZG8?(61gVU!Tw-Qr
zB9uMii8av#IY$!;k0(*bPiH+N@!!r;)yxqu@T|Joh0yHDkMc%bJ&Gg2($Knl6xS=l
zrf(8olaNxE{M}(sqHxkQj><WH2D+?pXXabYSl&+H$eGM)*Hs+*`yBh4(T(k&sk98;
zZVp?4nTm@-FqK;oExiLc(^1Q6OLdAb-F74__Glos{P;zGoZdINS6=0oYkJ#LskG{o
za<>BUOh+8D+X0C(?2`zv<g@aHnJDz~Ky3fHYf-84vk&Z0Bqd$IgYjjj;=^-f&KYU-
zx6)96TC7eEM4YP<wV#BtbPueP`OOvS*vKKZ@n0DAv-S`U!kKM{rvAaUizH<;**oa(
z`;L|=CHzz4v<Fnjo;^TH=;+&si5)~i_wP{uoIi<GC4@(T!=e5OKTlQgA)B}3W^cbr
zK)T)~$I-g{{6c@Gf~EWLD`U@~b$kAX!h5o>@!O<}c6^NPhnpX)I+wH6#SUT~oT>7K
zaiw)6_s=|X3A@~-wf9@O<(kv#_*PcV^W&*6!5cKN68RX1Q-wbXf9#jb1>`Hv5|gv$
zTZ4nGZhViGT;K%kT4}rJ{OiJQJ>@Pvzjf>HkR*k<@SiwdN(pzKr0h)7FSJoit+T4E
zvgbd;SU)?Eh-h+>t@TKPn1l<(HEn)-r*qR-LLYre?6v(pbkZpY&)Ms`mL&R__DufX
z=@aqZ(9g6V#SDLhv1ZUYoi7a@ivNj2u^D~}d*u<7z1O9kjDSJ)uTDS-wj7nM?77wN
z!JgaEs(r_9LD;Zce~yMq`?;0=$TYB>E>-${X(v&NsfkxtU`mhspjfi4!7-BXHAr~o
zP^zLIW|h{j6zH8MXp(lfx}V+RK_RxtfA{#1HQRXHC&?@&joH_glo`a5Pc=35BwS%#
z?>g~IHZh|c+`MbB@1d@0N$Uzv!(*X~G1&1);=VH6M=6a*xOeZRBtSoKG4Bx+M={^7
zy?^=0A)hpArH7T`8+YKlIi<Q`#GKrWrNsi(+K6|Mk_6;-CPdrD?pQo+%b?3!;qy`d
zwUGu%>*af5P>e{G&XIWRdTkGm;N5Zf=<<i{r-XX>oZ8kbc#Gbx05^`A+LoCj!M#rU
zTAjYCJ<{hLud#@%qYNMO99Rmr!Ado+C600<*_2dFTUG9yPekal(8_p++8y3ZQ-fSS
zJsP2_o?qTO)KSn~Ipv9HXtTZH!W|*=)t2=q`*fjhhN`QVUGdltjxfo|jVobVEgi+_
z9jz8Ms;;-Ki^pa;!jR=sTxhP9v$r~D-o<F0#9H>S(uGZ*B30o{C2kP%ieI0`oveHF
zhYYXMXDW_$5|i1()`|BERLM7$I?;JcXT9A&ge5+@q8|kpOHm)gBRVYJZ}>%hw|Kwp
zSKM2=Vx2$!G+h(cq;R%VK1Opkm-(9}t1H_haeq_IBY-pIC9E;9=%>qevMR?`gRwo^
z&xDWkFTtgu5St1^Yw;hO4X2tgrsGE$XUu(5!YZ6In|egm>st+=<F#($1l9DW4_Xt(
zcATAYmdTY|W*CgA__?u@tje$@^S9+z5tBj8fwNY|;=a-LJMI%#G@NLT?wF1LY?|jy
ztzqyN_|J{4WL1(anIAr$S5=O`gTeGEW$0U4#VJIq+{Z}NZ;qdoWp)^c#7|)&5UCY8
zYzUj@z~WG#J;APbnssq#RsbU9h`_ZcnI4`>pSkFvnn-_{gzlPO9Fl*5!=+aG_MLH<
z_9Pxe7HZ{GIvi)$o3c2BL4~jpZ>ndNXv!gox9GtBCL>2g)$TV5W=A;U-P>6F{|oic
zB;+uJ4Smk~@+6Fk3ixhF?eN30S#tDLI?}P4I&I&1X9i_e`;sf=fW2VD%a&y`NOoo_
zn7ixvx=PCLR&eiyUc91eY_A?E_1wPm)xJ%RA|eY;#~-~LKLX2_SRF|=3gaP^Z*R+$
zBVfe&w|>eg0hDj+Wy=v|#LJ0H%N_;NzS)(v2~6qI`^G@5yk-}jlKopx%C}zf&!<<+
zQTm;?kzR+7IJI9T=^d-leCGZ^vk;oGwB0XwodO@*Z7ER~SLeA6X`@k|CgpC^ne{d*
z|MTz#=@}_*5EWP|`%|TXT6Vk>8Oh;XG;M!C2QaGQ>6Hc$ooli84Um`J8Nyfdrt2RW
z^4yzn$1N+LkGAFF*+)7OpV9K-P_G2eZ|Cg7e+5N@&)+&({@nS}I>fNuVP?p4nTj_u
z(CnH;>npD-qlDu7o&M=C4OoC-oR>3u$byR0^wFM#k?~Yhq^ExUlACz!;9hK@#C1d!
z?O~Eo^`(^Wx(<E0&&nx2Pf2`L^f1q;J$ieYGJ~h6{-F6S`-j*nj;3wxUAAE4-@rAk
zO8Vlut3fUdpgSy0j#V40k+v}o_Js;}8f$*l9Q{V(+J!fL(K~7iuSa7#@{IQ~2k!fX
z$8gs7!MSF1@)_g<jxdyJKw80KynTCIFwA0V=m<Vcn)7fE+@V>}-aB&rPm#z2L|KX-
z#-cSQ^4MtE+x(4U`0rm^?Unl|Q<`*c&^#&#nz6NiI`n(#=C{v6EHu_|MQu8%zzQL|
zTdC%}&$O0NqE|jrrite}E}<Spi1(Y%vb>VWccj-@4Y~I*;ojYy@*8FE>(*b38NFnD
zbEl_YlZH1{5VXxwcZJoBqSn5EX^E!1Gj@f;?2;qN<ZJ$~Z%aL7Jyu+Kjb4`WEWn<Y
zuJL+2aZQAN{?yoXc_mr=Td!y`!Xy~Qsc_zYS=;jJ;E%OxrsW6C{$IOr_t-k!z4)FS
zqn53#-`Ob(H}Hxs4Dwwae0B3mu~6&NDXCYaS6;;D?XP2R@0zYl<-aRVICaFn%D+13
zZIvzZ^0~{~bn<ob!B22^uc9IZANFn<j?+&yKOXu1I>c0Vr5(DTerQ{N^ag79bfXO(
z+N`+9FaPsk%=`h1-!8^u*)7gxWRR-5&;cJ^B=qT(%*QXwuh1oj-jN8^`wb8&=UPiU
zo2{kb<)5|s;W{V`4P$ytSBY*fypLn)(ep(LeyKa%tozbklrK{$!=J<lbUq=4Wl-)(
zcekPIB58F=fvtz`D^3+lo>X2^S`3ll3TKZ7vjk84V`Dlf8e6t{_cyNeh=yf!oHw)_
zLRRc5<9#a>g%{vk-`{76nmyh`#l)8t=v*5e;ie;y;Elht&WNPcsziz7@*<k{nb(-E
ze;U1c9n#YvnO19Sm|xV{6N-b@8V2m>`i2$N`qf2hw52}=o6U&zeJtN*l4rIKVDijU
z#gT;#+Z2DbGiEi~6#i<Yi3z~u`{!+)J$Ry4`1k7%w!c8BT*c_=R+>O41-G6=44PCR
z^sRKB*7rw)=o|E(K@$e_FPrpS-GR}oyDs}K{XUUJ88YB#b>{E9GYd#Gs;cbpY?xB_
zYXQ#GsN=D@o$({;nc9A*yH1^4uRKXxqRd<TCW-5UK0*B+z6F|W<^QN+5@d0pZm#y#
z?kS;m6$jB+TX{?t8hds<vpqX|&C<<mm}j<%f9lozaYAy3Z{hO5I>XLd+KVszHVMwq
zeSYnu>nH2lO=*)0Zl+)DBaf(04z=Ze_h!_K+fL%5+V7fp2sLfYPwr=d*7+}RkA>4E
zl7|gvhxn%~OhUft`ecJAu#_R#O7=Y-1*@r(p(B=)XF5%JlO4~^XKVAv>SpvRC$wu|
zOyeRO3Oj4*FUTuu>U2*;Hk5YO=nppLP=ld8xVZMmCV2)gj`)tn*3~bRSSsWy4&hk3
zkd~`2(_SDN>q1?_yX~%5#d2&Mzb|fCn7}eH4!q`LD>)&xbE=knp-LKardAkU;(wXB
z(sZosW;1y8M7SwH1g*7hnhK-9W|#Q84~M?@R7<;T<aFt`y#w8D==DzxH<c16*`4r%
zSmsq1^>F!$KW-MQLq{V0V-Yw`lQ!vRs>96%{r5o9sgtT6>z=%VFi59b)KY<3$w}5T
ziN#GUE0miGPX2E0=d&hoZ$3;7%WD*Vt-`MtRGVL`_N&myA5`HXuK^qTd87aWQw`Ea
z9f8%b{h>62v~h=BIv)CwhiO<Y=vd5QONqZp(%~FBy}IYu7D{j{{FzS6<+xlCvS0|k
zAGqOaTw)J;&w0o7&zN}O#`aSzVHLoIKcn#J>lw%QpS}V&lqj1j_LMqlp4-?jjzQb9
z9^iuNPr_G#u~QjuLi(r2E&a=HT1?K17J#AY4j`+h6<{bsmrvvzK9z6nkk(hRM}>2n
z6$CFz*&Gq<<%2tlLj6g7Jnklk+Z5_n4Vm^?mhtZc#3cqo*rB1{PR$9|EXjBG*}gyI
zEHxPSH6J0jA9%O$lOZU^mtMes#nLAxQa+_aBV1<8Isz;g4;+kqH3_{550%-!(sE7J
zzf*VPZRHZvcY&?q6zDrp?#~gf^8Ro^Q4W6smVY<2Zp+%x=yh9xiUfMC9v)(dM%Rhl
zZG6(%CoUKD2P$DTlI}C>7J1#G&dIM(8NpU>(E7%ywusbVNzdsP>U`b{Yu+eC{K~NP
zXPcI&^vV~Us5Jv*Ng#twETaYY1t)3E5b~BKSMT@EXQQ06g|OVw+dc}F>+jt|;r7WE
zeQ`qy=vYQ>GJEdhTNt}F>hqK_2mr?5PNS&9j&K3fu~)|+LkcAaxPb0hr!mMttkoDq
zNmUz<-H+qR?LArqhu_%8*4}88f4-r2zs}5VjQBWB-O%g(d6%ER`_Gu#fJj@Rla7w3
z9aoi#XKGim46EZ<s!`az&x5BjJK>c6zc$a02C)n~jczk3e8g5vt`BF*wpR;JIu=_C
zy{`M9#$IH@K9#2_9G;t^7CyWUkz2p9hG+aO)hQVe<sVL_B-40Q)sLg{KG&Gx$*xrk
z2OeNwL9S{@bNrj9{zTsWesSPPp?@qPO=@iMCRoW>^*4`NS}vJiI2uPyNevCuAWjDu
zMTJ7xR3K5f&a}{D9Q9%BgRy-+B8-PUkB9h{2BB^f*H4^|(>m0OR_3F+8>jE|7yoM8
z+$ZBLMndyOC90=1OC0n!Q6DI!@0dl)hgFf&29nX1_gdy!{CFJNgX9wZD`p^85nX$y
zCL<*<g*!q@sivp}^JyYj^zV>?zS;Mzyw3w#q4!h1&E(5ZJPzG;CC@l$DjO@0u2uPa
zbV<>Ya$GgG5YCp<#ItUGOJDKvL*}ztKZ`!iL(iG1m&}npFHO#GbF86i%Ju6Y4UGWT
zXCA4c4^M!Xu7Hm_gvL(0B+L&T1DcdJE7TawtN3wq_d{v9?OcF<QjS!b+shwXGr0`K
z&rFkYY<z#pL5kkJ=uprc*+&++5#l6U*ZUkNzrHqzvY_l}x1>1p_(8|Jb{tvhKBXfn
zM*3C2AoACXwXy52i%Ej>0n1>V2YQzWI;)V}u+QnTc-4=^a=J_7aM-J<txCEt!bz<r
z?$gaO=jt!m8@YFTMjU%=;~X5MUeZ%epD9?{O|_cXn@59VZQEE7VvXYuUUZq&U1k=2
z-Q!{QS_$(~l<}Rl%<sYT`_p9h{nK;hwJ+Q}qS^C1e`}WiB^A9#EoFT9MPMGKQJ0e0
zYj*aeYO>uUO|<d*PLM5Ky_(O<OY*m5{=hfQ@_pEbC`1$!Hda67ZWO1~2WsF1ePjPF
z^n7@6k~)|eK~|yCOx&rOo&tF%O-?bqRpJY&XseQydr~NZ0{gXaC3IoJOSS43o&2Yz
zQ2*!*u%S(8(KDV3@hi_uPME}#mo`z!%Hd=*KIx>GcAh)pTfthc9R(}0_TyeTwGAYH
zY5szD?ggn#2h84MRvz=;`Ww8f<SuZX+r^bc|HD9JjJQXU>(DT{+PY=9wv7vcew_KP
z2Ml{%dw$h-ZrJUnN7lsK>?}1!eS@+wW!iCrySq7euZ<(UbA}&A$wCf^du;}(USa_p
zF}rk}!6Y{^t;gM96RG6RjfmB4`5VBsc3D=KUI5!0fUjLvbRz;Sbf@Mdh<kdhcQYJ)
zvz++aDSP!BGrvqb_NF|ODg5#Hfk$7Zhay2ab2^Uyi(2K_$E?^xZm!y~qO4xDB=KCH
zMRrOvdt7R2&hvI(%kQh|unP&k*(9t+(X|_}uH1ibz<$<c1^Y0waUE$M8pazX<S|*I
zpVRp0-RI}y7W#9gI`eW!S^c>}9VI!Wul^idhhfeA%g4xvi=cQerq$1WuUfhk!WD{l
z=C3I<$t+m_9e#?1mp-}dd@Ebo*(>&*$*jGlO&d2RV?BDunxm4Pn!i_DIWi-sUR_iq
zqoKCiy)-Jce6Z$lk*<*JPATbLBJSnpQ%L#YOyc&Fx{9-3%Qd$c&B9{6yywxr0u^)7
zo!&~We9bSIG>60PGxV5y{t)rk;L`l_NBtC8mEZHD&HiU};g(kt;)4N0sc4!ZD$y_e
z@mS1d4;1(0-E10g$>%F^can<EjmF}j9Gm%%Pr?)wKPMH2e2exAR_$k8{=_gE#k5<D
z3Whgcy(Sq<WhG}Y7Wet%%ioU6sNg%jTsx&r2WixSf%W<+NGpNAz$WqFqsXj-G2}`V
zz%{?spnqy6==~_heXWfqS;bdbLuNBDY0h#x5Vu6emBRD8XayD3=Bph3inc1fybo4j
z{w`KY%x|thheOWwosh?Li9}AL{=3g^<E}Z4>hJttj3aXzrSI1o+)$u+TDG(e%FTFl
z+H#ii-LsyjD|Mr<3#sxJ?S2WzWAC32sVgH#3?B7S<r(aB*E%H6N;0}Lpg(jMr}7aN
zO*a<Tw;M-9kNv*iik{%M7f!M_^>Wyety_F|==a^qPhpf)@kuW1?L>ls49YUwxb6n<
z_<eIM%THQ?E*g%<m)+kx3KJH88Ef+sgeQz%-2h~07<0RUNQM~S_pq|!B|gH8t&x6w
zhxFoYoom54&ysmAZ|qWqj=eWKAg6t`ao^wbJCft0<vlSUxP|K8Gei2<qp-rx!D9-C
zC^>U$Qu{lW=B5nuQ4=d{Zht+MM<jC**SDkZW3GMj)-5cl@+MI#RX<IIlRt|)ZjrT%
zCP<T2sk>!JK4l_=Gb8dpoxIU+c=_6K@KxPhbVP@wisx42<C9o<0Z$E?fWw#O=J<ew
zO5?FAh#et}W<fWUGk~q$LC~UQ)b(Y{IM>%*o51<9pAIXoF~JqbGQBLz`KXp)-79`8
z^-#^VkZLlyH{oanQLAKY9~)G|wa#DZEgk~&V>hzm)JD2eQ~P)}16bIpA9t<@$kRr}
z#__Vzsx#86S1MC|#3*;@mMIJPoVJ-PJuy4FCA4a+htU4{e3g>9_36>A7lEwrP`5Nu
zw@L?B%4JkjJPZcar2|5ODU~0-;4Y0;uFQ289bg(ZNEzuW`TIn-w~Mi-3o4q@{uZNr
z0C&{ZTmR@)`mL*a{fR;U3SzTakA38^T8xZ5Z9{C_T{c=DMp~arW%;t6je5T1!_?uh
zuCyz(i8*nCyeS+=OIvn{$7(J7^0bMuae{2LdW^JsmC6=#D@TC~20_~E9jTdDXsdGK
z<akrO{0F-RnUV|>N4hHiKGE;(V(;n75lvb9j8W!pHs(%mF`PABdSZH1C%B4|IeV9#
zEdOzdKE$0{o|@K1n)@?|`?FaPZiF4ycVBFcH@mH$Xt*sWPK7t6p#~b4Cw8Zg`9qv-
zS66;goJvBRia9r;p?l-@{Cy&c(fZPF{Q4vO61*vw(Gi}G?3Ss{$s_#wUHlSkDUBd*
z*NQ_chqq(J-yaf{7d&(#;?zgF(o*BH!yi=r>}0YMuMfH-tIRnNc&8}vj>+2X2}YP!
z%Nt@U@}3$*#F>tCWv7xSOP$IownSQ(x^o*))4E7=kAk>I&4PYENg8wfnnu)>kb{5Y
zw;kap5)PC7RB$^_3^U03L8~=ZD_EKvX{<bMy5^O~tD2%m1&wpsgZDB9ewkE$OkB<h
zzAca}`O)D6uRLv5Y@8SyttBI^Wu@}w`4_K1hp(z7f<9w%CEudTgHofFXOFO&-<f2$
z9FK0Ya|^K1()UD_^cHWW&x%(b%(tdzcOBy-?NPWV;=k<drGZPCHNN+LF^A6Gv3M-9
z$$|gyh6e`w+wffv#rBsqRQ^t(AG~I31Jj5y2pzn`1(Q_0X94}3#<b=^s-Ls5lKS%s
zn}n>RxIRw=noi>kRFWb(-gh(XVVWupawP#xp$#+oKLCJ0f4`(#A>AsaF-jX}7PzY9
zYi%@CJ>1%8s(P}u(N^_bYoojB<<`dBs<&Gki>p=#O54uHC+dOnw)uNefI8}Y9kyB5
z0$Jj}8J{k7=!yRr6%54xCw$D*VI=+ne9Y8gBL4GemYMkLsbC@gd!S6XCvyJzI^0;F
zjrd#eu~mni_!rT#Y3%Ecz77ZRucm^N_}`;t(uw~@TE<2EUHEene^%C)gY~(I-%rbC
z5dUCWwjc4Yq(Xn<zn#{XN&MH*G6RS|Ooc4sufzH-Ro0h__2m$M4lOc}_+O^NAmT5l
z^$jNeQ&bp2{9n-{h7$inw9GK#$KS~aZ!sw9%g6e1ndkUA&LIA)Y1uQ0{~#64BK{|7
zeR-Ahd>v;K{{XuC9OB0%;qWYj>iHPdSLyL}6cB$iO`Qk)X!-Mr|4LfT1(kz+9TyV+
za+-e;dp;P>G_W_t1En7a%04by3-d476DZvgDBFQ4KTUlSDEkCcvuUb1P}Yp8duZy*
zK-rg=`UOoL2$UVbl$WNy4wQY3sVix!B~aFasY04M9w<AGsWWM+Jy6z;sZ5&c3Y2wW
z3V)wuM2N-{mu?A^ZNYs<^;lwiplmy)zND$$fwJA0+D22K2g*Lj)LNSQB2e}PrrxHh
z{eiOmnEEG89SW2k!qi`A>f1osx0tG<sbhh%W0+b%Q*D8=HcVC0)X6~ENlaDf>6z7Y
z+4vr|C;-Ot_diQF2g){MnKAT;ZGp0Fm>Nk_y8>mqFm(=1eHJMD3{yEYwKq_<7gK38
z^;MwkD@@_~RiN}>pzI)~4%5`(K-pnTHPh75K-p1DZKkQ#Kv^rMR?$>vpsW*9`27I#
zMrk*BqpW)rq;U}w_rIp2rYqySOE(3|HqrLe)Yd@R)}pmlzX_D?43zBzX?mda(?Hp$
zAl(%x-4iI=1JW-7rTYS9`#_o$C=Cb7!XS+glztN^`v#=Zfzl&^vLhf}94I{zC_4dC
zexS4?P}Tv`FtF<s*mY{u+NyIQeHQ0hH3*s3!QPAt*zK%8;I0q5A!#UDJ22$i(Zj|w
zETnuNes#yUq17GJHwwX#*@D=<YVZBJkl^cdlLddpOVa#K9k|vVM;{V$n#iJhz6*%Y
z9CgQ$xk5%Z{Xa#|HU_pa(oK06+ni#XZno)ZsOhYkIVAdEWr5<EE=2*lD|cqv>h9`n
z_$zO2SlwA|g}?DFkYR(2j%`->8{girx?^5_O{Zz5MI>Tb7vvgd+A1*AtE?Lm`k98s
zq(KOzU;6Jebwbg4vS<@;5RAWb?n~C7DJHftvyFvqtjxxCw&`G-PPRFj5QH%QFp{K6
zx8U0!!e~iM6;LAzm=Oich=M6bVg4E{FBG-S+({40Vl{Do%+_*a15{N5WpVgqb<_Wo
z^r#Oz^T<QO{%ramHQ>g;Hb%BFv5lE+ENo*%?FOd(UGh?U0t48F!7694${DP3YlBd<
zi7c1{L#{M`65EBKGs_!vW^-pFi*BKlL-4_c^o2?8a5Jz9H?7EBMpe3*O7}FX(tSJS
z?7o+BcHd7qyC3MGnprPRRCVjE#yd8_1`fjw9EKY>3^xxjKfN?s=VVszR875j&}4S(
zROZ43tGj1d;IAwf{!I?Szp2gOzE=2~n7gWeUiIV<{-4@Ry*rba_Runz;Xyx#eVsEr
zE$Hy8>L0B3Fpnof;1VI=X&1yxJ))<*0bSl1xFq1|5-%+gJ<Rdl6@g1C0-o*)@zM&|
z$xZ;%5*M5T-hg@Jt7qykR@#?il1~A$2*+TOlSOjMi%HJo*g>!fv5k)AJzmT<HEa{2
zn@4pR{+jb>G27IzO^9uDJuHuICfC4UC|OTdQ0H+^r_SS^%}UO*-f=%{O4{kh(?K_r
zJLzWXNxFfqyq|f%{mcXIPwD}<xtsaw4CbqIn6Fk_@0bi5P=^~(hZ|6b8&EfydCp|!
zIg^>^OlF<~=LlJZ5o4bDVS2`$rro{niPPjN%x|P8-sz}24X%77@fLkV7F+{fL9yu>
zX11AZV3>^zvx#9gGt3r-8HN&84}~?JIY*g=ZeY~G%`_9;R2b=Ix`A$H>*?l7^h4&4
z+%+Xf4XK=%yEHmDrB%W<9ySV0W@F7%HuBtlk_|weYyj$D15mrbyx=qx;%HLBHXb&%
zOlG6hR5oUTLOOJHvZ1Sk4PEWr?L0*tWKk&sh6ZPpvdu*5Tp3fSt7Y6u9WUc<>V_FJ
zs8eRlp)Q(H-Oe0&1HX>A&tcA^_lPGw_!$KGD&r|=_ZBpI^()a?49r>BriN`oY@;)>
zJhrJ}n~)K!?-piQ=zsKE*r4CSW*WOBS?T|Ys;kwla6LRouZQ5hbi=NW>}o+4-G^}D
zI)zBiqW^!T4?o|*yYY6`fA{uG5Z8Kqduk>Wto0Vudka=h(62@MU92zIriN`oY@<8H
z^4O+^Z9=E8Vz9WRi*7up=mswquz`!kCNLTDa07X`!K(#qruN9~2<!Nmp=`%=MLTX|
zPH<08_*3ckgi5A(#7>X69cS&jlJb%pOK!MP5Kjne8sWH}>jm+H5$lBcU;iAR=dT%?
zXVdH0eT)z^We7zLvoG=lM`x22qc1HPHQGvi58)+Vtf#dJ;u>12piL0x=Gmb1oXsU~
zVGhlPde^M!>5<-h;Pst1A!xd499c2MJ#N$xD_Q7OROk`wv6!cz1MAu*1jp-P%A*&G
z)(GO*Jon5rujmCmpv*0ZH|OOD!LfOhgy3U&lWZ9HF>h>MP6hdOh&^#2)i6g0xrL&p
zs$(NULhWuLIIE{}U<p}~X~ma%3hE&n>fRxU-j63$?H2;jdLeK_p4%(-c*Ps?ay-G2
z)&u{%^tGPakQesnu-|ROa&B+%S3QUe-yG3-!Ju4f(6|w;<3@Zb6hMX`ek%m;>k-7t
zynL^|dxE&#gI@=!%qtee&xG?Uu^p9pg@V{9w0-8$(=5R&esE|wyYHD$`(>p=xEyUF
zW5(tcdi0H0HPj0Fb4Ij!f)`i>@t{!9>DBifIOow*?5CQt=*uqOuuwo~>)4<4zyYf!
z;jaq(lbS9BD)VwZMXNmI>Q&bSGYbVhoSB{8q64!oCM(iLxkzo8_ifwf7;LTYJmkjT
zZCc?pjB;8??FaNpR7ej;%shxS<^v}SG|_wcU3qTeo52|slNDDMj~Yd4r|}*6f)Sc{
zD2sm=ZiTZ@2u|u5<uq0~1hL6m)LeDQD>i$A-aP1)da?-bZoP1b%^SEYuP{u1?QXcP
zvO*9y%AP9t>h;uh!roKtm&Pim3F1f03nQ7;kO@98e-*m<O}CWXTyjgvw31ud`>&OG
zqkwE#aL6SSf+LOLC)qD(3YXuIXCwZ{=u~s1KKykTtKSQ^1^)Y`z2}^ge|Hb+0k7Oq
z@*X=izV!z0>_Mln2?Z@eQ491Ubl^AC=S1osEkba1kEftfV17}E?lvJfga~arJYpLb
z%EkRT9{n1x_$gG4ewIH${C0x4^-zEL`w{vz%yY%hJ;5PX{Dqob)G59_knsq23PcAd
z0P%N1+t4Y7Mx5e(>J*+}rq!!I2%Ru%1hyoHx<b{xg7F5hBH+!-KjfDBZM30y)M$NG
zIdg*MncrXy)OxS}u;6R&sXT|Qu#6g~tGaqb=+FQ@k0&c`F!u<)1NzG{Emh}vi(0C_
znIIm#HfXvmd>01Tp%ut?V$gKugy3jh_#D>XUgO-nQQ?8u0zOKFUp=Wv+;EZ~99{{1
z0rg!P&g@ovucTy(Jm{UeUhsYWbFv~EpEKfH?_`C`zmE9dqC?MdxMr2mIuAKPFJN-!
z`PWqr_dqi}zE%2B>tUChJQgZBW2Jv{)#oKOqw{oC_lyJiw_foJA^4D9C^$ymyX3%&
zKYb0kd&D)B9>I4~UpY?Df9fgtq~u-Z8V9@u?Vh4<y=43W$R0lX2En)L=YqJ?EAB<#
z^ooaJ1Y#Z<zM_+lpWwbwO69x!`7$1RK#{@viTR;C5I3@cI5Msmz_>mVIx`!_brbRJ
z(<_JJMm7w$;xN3OK~WFs%J{s<xIP-jbtjDLP7_)9Z&igWS%sZ!T*o*qI<B`(AXguS
zGo$<3;K-2})`!;-uekrfB^R?%7fv7k3%<dtdvM@{6F-NJxdpA>0vK`OjFL{2La)Br
z3q{0wFN~6HpLs<Xk34YZ=#O|Idz42!jAirbAnXx0FizJ5Z@y3$Ics_j><;j=W=S_c
zYkb^4ZS)-X6g9%o34}89+0f}JT0MIdS#eqMs4GeBr`oYI;{Wu#fdTYwK7hh;bHZ3}
zt`Mv=>*xpyqaE?hr2{6Mb94kPBDM6BJTMX#AL>^pjhiJvnGc*TRR_Id%Y<M#oQ_Ro
z!Cz?UU+0bT2IvLm^Kg#h_h>51Vf^HSlsrD}r-LW8v$71w&$re2+1+wJ9Ub602RGy}
zHMl^3=r8;`H$_K@f3h?#J}!@o-Xb{J#!LG*!u|=t>-BJ+4lgAuOhYCVZKWMZ7SMNY
z#2w%Xnan(I0gQOx;+5Fu#jEs*3F0Xa8PhPK;4^wvMTQf^HZP2^qp%Kv`A9v=#gwZ@
zzric+6xw!95WgBHu7V3a@X&vF$OY#&jseSHO!taA;I#Gzf37bX^>J0$d;ZOEobQlc
zxEy?Mb`e=INe|a?1HFKaa+6w*o?Xps*dc|72#jl%?olwdk=mc?S;wN2AE1}O3BgR`
z1pPreC|(4^N52uFl2KWe!w!v$j89~R*FpzIoS7I#ZK^8p7PVI$xHdR;s4i^lQVew^
z%7h;h*oH4*{PP-b&J#e_VCWW{hIqxzh|SHf19p*n^qW`~XE+luy89nAg~j3UQC@NT
z1pT4#H<GW1|9OhSxi&cZCs1v{0Xiibi}NsWKRxQP9e8;$)GV&V>D6XZdlRodXDpo}
z;mHe^s_?n^<FMj!=2PL-FrayYrk{i_<O8=2TQLk06Z9uN`iAgG)$me>mlA8GePGD9
z7T*x%Pq8BfFk-sqda;H4O>7(yn%{%ZX{)apv3Y*a`*_wpwQ~MJsJpu8=$xO4P2_L$
zd+<^1yb<%i#lUP~4gOS9kFUozC%Y%_RBq){P=9M<OQoHxSjqhNCO)3}))>W2ht}3X
z{_2*>Fj-N56J2={o9YiZea)mNZ}mNJIL}`vuB|^{IU8;hj5o38s<?xfI{@Vr@9Uwy
zCt-Z-chlKAU3)dxhvi*Rfl<fw)Q8<<#ise4xNZausl5yA4w`~k#Z9zW1AS%UriM3j
z*`|hVZeyEbwkc#A8{I%PE7p(L3|hOc(udlP+$4q?#I++flNIYE<Jry;p_}CQhxpa>
zdhr-sOx?AuWbtx3!fyyZg13?$aqHXVH{N)ocnTWOF}&?y!TQ?PvB8noRm}<G*AD8g
zzy=UMzW?KE_f*tX4J+|=+pBVXS6q0<SvpHqweN~t5J=T*-#5mR6_%1Wi}x<oy@eLP
zJr?`Brs^peC-yHk<sHzCI*E>5IRMU5BeZ2~(GlXu`Dsn3rE+}zAzSV4O1O7v@U<6L
zEkZRVjix+()mO-qUQgZ9Wi#^rWXXH@LlTD;%jw2(I{l&7<os7mBi5BH+ClyX|HPHP
zy~8VChe>~J>-#3!F8mU334Nbs0h283l^KwnY#c;8h(A+W8HH=1*e)KCs$4d_>YMOw
zit&2>H#j{RTX3Sv7AQ7_k+JWTp7=}Yib=5{{4?C6u7uh}{5WZ<KVbGXTYc^Ns@=X$
zebqKzofv`|iT@*z&+Z{?*urXS_u~w){y<hquvj17)g7<u_qsJz8!G>P=;Nri5dR+(
z1r1f7h3885gE7k9t0-%PvXh`}U5s)iigG3>m*1n9?~N5#g86Xen!gtt2JI@r6K|!y
zWPUSUCVhEj3G5^<*O!o&L*X{O@~wcj9_IHCFkgH>a;sc|ON6=`+0-!~yhqmvL!0hU
zW#s!IK^$nsJz}Hy?Sap`_zxmKtjzfga#pjPs^3U^$BKtx_e*^D?UCKBu=@$V`<ih@
z`%B;^S3f(yL|pYIei|Go_`38Z;<gg;!>R>i$%^*EP<T#{e0`q(&HHpz@trcyaljQe
z4{j&uywA5PUp-0W>r>_jr=10-qP}tf^iZXZj<3)^;b-a0Qy0eH8&|%6QPfuXQz3BO
zeRvh6@ds=4<NTq@;W(=UbF5@V8Qx=r0;UD$o0e35eoS6hV&&oZ%khH^_<;JpLxdf_
zuJT;LcTit>2Cs#{-*~L1K46+Z=6uuq%I(KuuTQ}cPG9pWYP(Aa=qg7Efl2or>aToX
zu9x<y>nlc6FBbyBeTOm??LB>a#TKy>-x*!JdhsS-^HsjRSJmtx#6OO{TH+=P?DS<5
zm=9e~Uo9yl3kKoa+xwtQh84$5C_`7y+o8;@Sf(AyoFm5z1zbgh)Q)%RbhU76QwG~W
znW<=^iPT=q_gzN!*@`B@)Or}-cMjd>ESl&fwP}1`KPP>gW}=&a=VEp}{H?Db?Q8L^
zR4Fj!lQdQ;7fa>FE0yJ7r3$fBVZ2hsEC{<8*SW$!g<hb|{)N=+`)$102W-6ASJ|WD
zOL+Soy!{SE`}w}h9E$eyedjn7?dSXYIZ|rBJ*D=iVf}?g6AMZ0KhjwJ%jv$6MH5Go
z+Q<36ztDZ7iYAUCwF~&ZC3N5DqKTtP?R36xcAA2eT{-?yWTi%qY?_H9GfSR=-)pT<
zy$>|o8nA+`Yw;5)(}3*d_`O2ZS!%j`JaFr@qinl;Jn%Y9W#{GNfzw{ra*75fOSADE
zqIUeK%4Vt6AsZ`^E0xIAmgwds3Z)W-+7cJo{~zMs1wN|kS{$B}OvnJi6D2^jAQ4BK
zQP4y|GbU&TX2KabBT+%=-$&_<Qf;k9nE_P5gqeYydptE&X=$siw@>eFZ=t9GQD7#4
zOo9qYcm<G$_?p8I2(P>dnQyJN&zVOEXz%^L|Hn@==j^@DeyrDCYwxw!P8jJ-efEg=
zpT@h+sEzlQbZxv(q-*1SGc9?%j6QB0%;0#-;5dC;rKMdnI8GnfKTI1mI8GnOw6xPE
zOv|*+#Pg6^+968Ivd+xn{k2-!HcHF3&dlch|IpHEC~dTL=4jsk8!hb*rtd;Y7!UH>
zIjJN4vh=Y|r;p#IY4Cbqr;qW227(vXhkfizkHhPzmUb*X4zKN6+Me_{yf$cQwdvo5
zpI#Y+U*=e6=J5Us?aL~v&1{`%=KW7=X>Ll(wa(1t{d2Umxs*2EI&(blw`*zQcY;^_
zpi9AP9{((_eRW0uuPVr+_*rzYTL3fag2#{p=+vQJViPOzETVHO{QnGcKp0Bw)=TuV
z5;OI#-J93Hm75a#_A|CBmK5(~q{cj>`tuIPQ`F=5sKaRi^RneJp5o;>`UI<yg8ZmK
zFs!OCSKr)kt?zfnZ<7$8u@)&3lRESKMf?vR4T{UJ-=#A7RgxB$Uw5U&<<~7~arrea
zO`}I0@|pc1Z!l^csh7y<U*c}9#HF$KwDI!t>&#{7D<?G(e^DKOmn`3&@@*qx_dDzO
z>tp!4WPNXcYkh}Oz70a7QxoymH{kd+8XAx@N2esfU~K2V{5_sWKZ869f9C0o`dNQI
z9hs5<mk&A;`2XALU;Lfwui?InY;WfhV0C*(4BwY)zt`|xq$&$Lqm8e->t7h(n}!7V
zpX~k@;qRFn`_@Z4lEj_wKyNT+{u(Ymo8U$Z%Ii0|_-s<4rB!k9+2rY%bD+L{;%jl=
zRB@DdkC4-`@)=xmJZ4P_puZrl994YHyT7N4gR$I2@ilbmVARSd);}$?uq2c1kHzCf
zPs=JSf!ThSA*ufC!V;M7HyZ}1e{^BVXcjNvqWW_ROJLfQlIu4YmY6+@^!0wMf2cey
zx3DDFQ-<-;rj0Kw8Sj~+=O@*dS6GtgnVb|4K%O?Suw<eqw_kk)g(U@^;Z$EyVM&q4
zr01_k1Nh~X&Q?7>OOin|uiA@IPH<n;OF>D-&=ZCext^ZretUY#gr{5SDGQz^(Ni`&
z71Gmac(SGFA)nCyd?tl_0+KTHkMM;4wvc{NgeMzI&+H%J$->f;Vj7KLX@<lYNnAp`
zdRm(yUZ<Y6&v0>lTMZZ2_fNyc^}RJfebPnsd0xOMOKiU_7yc76`P|YRKDQjEm;JzI
z`}e^A0FwnfWAzlfcf<RffL@6+595C<*cW?m_n5K3k%WZdkZ>sBJvH(Rj4vbv!zn;S
zBUp@~Ym?VoSv;Vt1&qVO))fND@g*=IOTTy`N%1H`=oyp{uRMg#A4%`2{oalJ-qZTM
z59;@xp7<WQj?u04PPb@XXmroCE;PCCw=T?Z&t{?Lj~NATPwK+Mw21A#8OoU<0Ze-=
z4fcIc3ecj-eHDBs@b+L`+%NGA?H{v1ge(pQ`^`v<SJ9bvqw9JDdcAl|f|7P{3iPcr
z?J7(&m<(=Ad+HWQgWq2i;cxJ0iu%nReX;!(e2<QNH}(#lg|-*`SaO@s3d)PU7*F*X
z5uSr5Q|9sIL0X}Rcfg5PvjsV4@Q6{ccAuHT1Dkq|3Bk{e-lM4k7sNql;ee%lcLr82
zJ!ka5ACtCzAxPbk1BvTD*q>=HUC{euo2C2;AJ*eS`s@d!^MZFvMP<*+faC?k1@G|+
zTy#nRh&AL^J3|#vSn6^g25jN#9WJ#9a;_*pk?Zn*$@`EKow5-SQ2^;r=DCLn!B4Mz
zT)2Jw4Y-2s^e#4=I8V0VZ*vb9q?6$lFLDOH=8RJ=GDmkuB=idzi(7?H62(4Z9t+R2
z@ELyRuuWLIIS-5FKuRg4z(ct~%PPh!Gi@s2)06l#H{PK+x!9qPu|uP&LxOZToC<xQ
zop9YZ!I2*b8O>OwsEFnQT;YQzaqkhjDJTLL-RTdwGreJ>w~Jd~g3odghPZL1*5Nix
z<%PMgzh!V=i6eaC2B-$Wqke@8v>zQ=_?Cf|XRB?qZPEo?kQXYCS3z4|m}PyVaDgcL
zvedOOQ>fg6$!zHlI8js{hi=3Ms{^S&fSd|B!aQy+jsZxTh0vIV(3oYOD}-t_%v~kO
z*9h`YbII)lLxds7GVRjSxS)x<o3bPGGI0BN5rZ3)Tat+|)4-PiyIgEGhhPVAGa}qP
z-^V?9(Fz^(jOS|*o5=%>o#$ZSZH~zYR*cA1D=So<*8zPv+<QIl@BK7ay#oqtBsh;x
zv<Gbuu3vTM8iVdf^?<-AUhqe;e>wf(crkhL_CtcdQQ#fGdbD{xm+cw|%2Xrzixe}m
zi!+8O=eXpj&A=ILEH;+F9TNb$c}{5$zw81cOLiC#!lFDEAnXi&a^>UV?Ph{7Zl*uA
zkTdjyD!`fOktkD?PHA+x#9)i=Qc8P494xp6i1Q|ISGxNN=*ueXOUN+G5Zg1;S(|oG
zQ0`fw>u!@gJU;*u<#XZ$DkE6J@nSGvNM~pxaO1K2e`iqBqcQ&(C<|5h#n1xfot3?W
zm|I{JNOalZ$Ho~91PpZ4%2rR~)}nWNRJ5Ms{T=W^dj>X!w%xdJU2U7S{%ydQ=Kg_*
zY5~~S0=__ij=m(i5HB&DvAAp+N)YtLOkicouf3z=1DQk47UeP~!FZBjxLG<d<wMqJ
zTK5N%YxHnXcCi_$Kff`*B>`7loC5$s(VhPZ25{8<lD8|3_jwsI5>dlosFOB>H!$O9
zXoXlY{Fp~$Hod*?!fn*3M@CnMV&>X~JHR;P;(E>3D*@A*o(L6>CVE$ZQq=&-vjjF<
znS=7IELYtdmuH`#JOkcX{|+FG7$g+LwfM(Hyt6T=Rzer6Z4a$qgZ!s$LxR);`C)MR
z15Vz7qp@q~6m&F}(!>ra#X29(#Uh@OAPMl(B$pZ--!15Ur92;XN*4s_V-&st{@tjk
zxYM}g=?Vl}F7EdDuo~b}r?<!qhy?2FH(wFwzDrWo{ucR$A^VaWSoo9q9C9P@;6SJl
zr5;2?9xy<3w;(@a&Xa<oB_agRr!cIHwaNCkdV!LLIz#D9KZtN3UZhsu_dVPqw)LX;
zvv|AHL9ZEzk=3(F8$9r(dbBUT|LBy{ML=PB{sB#xqsygCkj*4PPcRk~pShf4058z=
z1~$rY<avF7L{|e7oIXS;$OMN}D_THF0o{w+>FrK)|FaVpo1(n`I^6AC)XNFp0|qrK
z+HaP;=USvkN3Qw|j9@(x)#FK{n}_tX{{LJ0xz;J2WAp>E;!`Acw4s20yv8K@$rj|P
zjDCJh^fNb8BcMmj{iTJ=50m;I5L_J4<Y9CK%tJX;5LTWe=neqYa)7uf9gD$sr%eiI
zz}+fZF4#H)L_nh|7DWx7E1e++L%+9;Bm6o10YM7$zL6+UVG^|g8S%?a2=M`_=tLje
zKgGF-5lq{^KrlEj9A@<LVL7KyPXiK*He2-{6A=uz8@ie1epeeD@5f0T1_<PG(4bnP
z{e)2FXe5`Zx$4U?a`7aQ3*BGU!9=ZH9_#QQaK9vY`#ATDcKIQr117rX;5CIdX5CNc
zw?rJ(@Qyd-rn*aH@mCrCM)%zqh*eOg8{I{+@l}{qCt(eE)vo(`yDYv6)ik0#)rZ&g
z4s!E?w9PIXR{;Dy@8bH8Zg)!!b@_pL)pcZ$*PYSr5Z%AgDeam~{*Ch35QZnfFVNiy
zNCmy6j3NNqB<%wQ!!F1_%=I^-FLi++KLm5uv&EvkFb|cFOvpp17qbe`$6Ed&Ia`CY
z`=JRR0HZ%F0Am}ybER{UBIZ<VwVShf-)pqY^t3sfBQIq}07`~eDC3lJurSc8El)O9
z;ug6J?SAAc0krwdsAruBQ&O%Iogdp=(uGK&?g!&kW^<LF1MUpLu56doH>Jux!7xS2
z_#3EwBcl9jyV)qLvUM1ZDZKCBaoUx3+vGbCZD#V-0$ahQEH#FgxjBPBAO&CeJ9eX>
zvsG9nC=)B?D@3KlB$Pd9^fxY=hK@|WT7;`yVzic+JlE$3BE!%hR4!U!vldl&1~V70
z+J$ZKhxh%G#QMbQ#A;snK#=wd-jkf$tXBhOFm9L^Lp>9ro{1HBzaG}p^?V!jVkIeM
z@*{b@HhJ-#y*BIlmq&u7m1-+ooY}iH3mV8&A3$BH8XlWe0UkT|*)4~iT&GahEXc2z
zs}W&kA%Sa>Gb+{kKJ>FI`jxs7Ctm9;b1uJpnWn_&pbX0-9ZqUeAH|Z=NvG5X*hHu2
z+=bWi%g{+gwDxHFJbpyZ$N0f`3Wqr*s`*_an$b5-%O?kOv|!R$z3>H9-2=5drBLK8
zA`HzHlZxW3RxHgi%1D_~X|^bp=SkU^3UoIo7axF-=H%c5G%zO<AE4nmrhX2wP$|@D
zkNg*NN=HJ{yA=6lf<G`=&oSu_{GxG-C@;zeKFJc~@?2z^Joz5vkX)wON$9UHm*@DS
zqGUA7Z<<%ZCs4|6m&--+(uUkjQ5N#>C5QK~#ASc!Q=OGu(x)+6H-Ri4mZEzRGRAo!
zmA&U7xdKN%IY%g?+%Dcbg{pcQ9a#HNcFSh7#5xe+=YhQ0%Axw}O~Xk<ihx*jDL*sH
zw})SQj_5t~!e>}%E~9tj3K=ZXQXtfFqd$uD4t#=_fygtAR>9;k$LUn`8>|`2bb7Bx
zdavhw<o~D`*Ctkj^nOb4s+{`<yZo@xZk=QDOk))RQQQ3nyVbbNGl^By@ceO6$wL1x
z!xY(mRqr(UkrBOiYwOD+gy7ey_QFSQ>s>k=TDVQUAN_ye=`^GF!!}Eu0H9}-zSmh+
zhhqnVcX7J`0&<a;Uv{3{7XelpiYmWBxuF>&D3<`Vd3I$X=RY8nMdeu=4NGCfcIi}%
zKDcJ=Wm&T~$XQ$ESt|{mHk-5^r9vT5v<mcKrwSA3R+JV2-3obj31(fQUDHLhn?tml
zOtLQJ>Gut)wGaI!A2;V{Xho$D@eSCtgDMKc5$y8cDa$2&6Pe27Viy~mQ+bF(xd`@5
zAB!Qu*91@~X4$#0u&TqJW&pYPB8Q$)ouc%GP3mw;d*$2X^0CM)DrLrS*|QqC{Q29+
zrOwcwT<j<>Gki(pa)QX^SB7sPmj{4cN)zOx1M0D3MR(}r($=3`vWQ$p#>pisMlSOh
zy-XXJUR>NRl#fMTbrZ=)^Ly(12>Zgtz_Q+<oX&%&cF<DHqEdASdMr!505d9Pmlz_5
z$ehwajm{Pp^UE;eugm%k@B5oU12&*keU;p3KZh#pQUuVa)zYa|@G0SA*Mb20Rp-Iy
zf?NWs%`+fJO6JVZbt==McnAo-SWrsBcHs<?uT(iEnA8c>!eS<ea~PTH&9f3ip#-F;
zXM3YjT_ULkkZ6<oB8~JJ5O%@`qc1SuT$pZE2Rg@NVmc*)2~ssxP=9qn+X({0`YT-r
zL2Wvhpg0A{e&Z2jM(O=l__51R7Q^`Q6qfW>6RL{7Qy39TUR6c1cdj7H>j_cPTV2G%
zs~D6k-e!sIRF}U2e!`&mL4l2}lvEdf@f-5fcS=BRx1+ZRs?;}8K){VS&E*F^z~JOg
z>mgyo?b<&f<j3=W2#7Pn-@xX9ghg6{5OR=a<>X81;kimntEOLT6FjcclHS&S-_d^8
zXus>V-+=bpK)U4ep*Z4@-=wuu?@uM+6!M4rSPGc`EdsxKWfMW*eT1LL9f1P5+9x5p
z9hIIOAF;~)1yS}79`p1^>3uvw3RMt{;$v9F3OcHZy59;D1U+x_HO5Tu5hDl=$#2xp
ziFh|sM|mH5Ip8sfuW|3(j}Ud_9|-xgw4R7EbwQL@=FyKrizKpwi<w|U$Q!d+S8!#<
zeV6)~ft@eJJFR`MlJfK-m`Xi@On?!Tto1@!iXGHNyL6ik6k*gA@%{jtw~ljqyP}@0
zqP20sqAAenD{TDgtz4_7{kb1^N!uf1HN6<}?RRj=1u~q{9;fmkNR{S=hehi)_iZkz
zL6kaO(rKsEtiFKr4OGrAZ%9E=TPsRCoSJ#_sJ?R#`R)wNfC+-+Onv|=N!VXg$_WEB
zY~&qz$vbxGErgaRF-S=SDb&CTRuaK9<afsa>RKhrk5-HF>?%Q?T>$`IL?HC6foc&*
zZmas0LGyfbS@$t1>r$qIpsLg0I9<u8K&^WbCs{!>uR!OBf0FlcJwUNL>Ivb&jO9xi
zq>Lkz0reA6+8Y_Io%gce-5-pCv_nv40vNX~JR(|~-Gwfx*(r6=x!-N-i_t_AikkTm
zn%L6EE>H$TL4xP(I6Pb28JK~`L+(McByi+6LY+t_cIkZtj6`4+B>;^Cppj-*0W=p8
ziLn4YxKDf&$)5L7TY!lQxBwx+`(95)>rFw*w#zFK6Y@$ogXlXNeQGcUQ_RM%4D$Y8
zknmYa6j>H^m4P{0v|+lEwLCILk2_S)!3^dNbJCsO6wcqc^jUvk=}+Z5#j^Toa@Gp5
zEM*#6an@S*Zil6o;g}7=fy%^NAc`wCk^rzvJ9)pK=E)~orPhaa?ch;%zZHF{p2KA_
zJW7L+@NJfs$bVZK+>_7|HP0s1+AP~5Z^i-lu}-y{`xt%JYR9(J$1WgIwx~}>W6iU3
z8Q2NmO9YgS2*2=qM|-2{Pl!(0jW<A8rBUYI?E4ZOscS$JC(*?wYCnnf<^M^V>|2Bb
ziDgS~Asp3lV3LO~>;f><saHY*3S?=Ylb^a>u+(DMj}?d6*^p~N2vp$t=1e@_{5sPh
z-ny11g0JZwAQ({PQA0b_ZP_D8rz4p#@lbGa?<?jmp5*i{PlP<%fm)T)F2S-z@MdHg
zrYpwxsUk%*kJW4Qeoi$?3UxZMVyK4qp$AF-`XgVVg(ne#g#U9KYEBxt@cx-J^u6JK
zJJ^fR0w@SXhFlMcw^fjU1)2Eg1Znm=Kv-*`G6FBRA5zw+Uv~qVHxSNt<NPka-#}WT
zLK7jI*nntpt`wziQ96qL<d5Ltxryd*_L*2wtqgp@_@`Sh#6AhPoz^*y2`=^Tz2C7l
zYH8`oOShEJ%0nmnwNlbcyvSIRrV@E0vZVYzPH^(<kAO*l6YF^Ym1x$KZ5PXGXDCIl
zx-1QLc~l7qG>3H?@2AT{fD3^aYmpZPZwSoqrAB|?<yPR21rFZ<_j8Ot5;;(!R;1Y<
zspZg*0my`HAbRVrB@+3foe`bm9aI!<VB}Gc2Y9Vp+@mfc4bYfcBGr{&=+#bzYCnT&
zjjURjfS}qh808&>Y8hKeO?u6B*b3Bq%K$Z7wvk`71BcXO1MAR-N`g8T(%5+iY;X!R
zxGUZu5O$p24BAlEsJ>1n3KpDa#~fGIfusQSz6KrxmOAwr^tG#5IS0|jd<RMHF@4V|
zb)w2gOXQuj_=L9flcM}wwoNW62DJ>@Xb2xZNOc2ud9HQ&zeE+yKO==nI#Fs*5Oq$u
zL=gNfPWg9C3v{e<%FC<R<9c{p#U9tdBhv^S@9@5FXkGPrZibRkBUE-Xd4Vp#xJeCg
z062fsUta9RW2V+!?h)TrWFQQAr?(y}bK-T5k^|-+z}*wo?K;Xrg48vT5ZdC2*ebtf
zbvl)jF41x}h8I3Q<3p7Js4vi-57Oe%w?*mCI2qYsGLb#iPHBrEKN=9FpH)T1&#Tt$
zKCt<wR2i?IDi!_3i6=yCvd4hNSrJXOC+Vvt>s`vT#<27w&9VdKV9A=x7<PCok4>IQ
zmR)?^Yv6T&ZI?If98irN>v=i04)6%B1B_ng`5CJyxbPC|0Is-UHzQ`)fhI-!YIw-o
zrma=0@1sSc6muYDM5zxCi&~Eed`VMy@3W}}GEp>pFjKb&UEFRk1yLu%<pZ<@SE&C*
zwjdhfZ<F5b2_VghV5-SK11;l;3IPAxqD(lcHx9xLhH6y$xkMvCS-iei@P>^<ql%*!
zG&NG%Bu5np3W}cqA1+x1>b;`@6%SEy--!oCjDy|*#k-03PrwCL*|7$ye_LQ$k|-~!
za^yF%^HN7S(3fd_wHx&1TF}c$yK0>O5@J;ZZB-flDvY=6HsxMU8X`}87i>T!E8S(?
zwP3n{8whoDj@s@w%upu&Dw3g{7a0QRFe)!_LRq6=ZI|wnGi1r+38Q0-Xx;A~BT7w?
z|BCB#+$qeFremh(3ujreQ4u(sBpBr^FKXAu+nm-d{Bj4yp#Yki0s6oUW!6e)xoAaX
zaJ5YqjDok;s65A7?6FDZMr?D4=SywaFrEOa*G}jdD5qIG0Bv@ISm;`hM`TCx%V<^t
zFz~+LkzofK`$|&SmXOlylmgQg_p7}G7bW9WwtikVQkl+4SIAkf!_3WfK`$3PKw$Zg
z6zZWLG-%^8q<NBa@)guef{SRamF{MJ4C89PXx;AqKC}XGsU~#r_C~dYG+G1Kj3uOd
zv5@D$ylNy#dG<T=M*-3sKrH|Z&)UhqR%?@>MY_obC`quw_`u}hm)}gw>YlfO3Ib{a
zP%yVmgNjWmHL9P}S=w6lF`95)L@X@U1v}vn0$tZnkzRgJ^wJk~FBGkN=0DE}Wt*rJ
zt&5*u1A1A?Nq5<0<GXgLo^Upo<mw}NoXh&zf*YO6Vn3Ls60gB=h`<FA7~%?}E)tH(
zciAyYMJx41x{DD{kLM50vipp7WeVqzY({zF>!4Ag@|#0zh>J5hr?nRY2iUQGn`EN>
zqcW$FHDHs(3ZuT*9(Kq!qn(3Uw~N}aNzWOzF*9<h1#$@zxs1}tWwuT(r-)qo0M*ap
zQ=zAV_dY?az61cc68RL!WSzFpauGb-Pm9VdgvG7}H^pF)0Kdz?qbUg<+dO|z+w^r4
zG#__s9RvC~P3JiA&Y&O{X=1<H_|)%_J{3?aX`!b{qX%_&FFHT;r7RdmB7-6d)Vr^h
zX<G3IJcFIy6P)^sE*fZc_=`Qg(a3R_QQmf0&py9zYRLXR`VJc++tHkpX1^^+u0Z(U
zD5lH0;Q!fg^ZvE?Ipqh!zi0u4R-TRGk=(#gxmAiX1!)PG1WK1~!_qPD+jLLi2XMCu
zbO84qLTFkpTZfpIL%;I;Y(ai0GyLn`Zm72q-c4ZzpQXbOs}rHSNDmM9^Phb{kapts
zp!ax=er7V<(A|v#o+!u@&A7R?;2K=Q%nTP}W!^10iRYIE>2|hb1?dmteTx0^XRj~*
z`%4B?a%e#dy?c)1F0DI#^V|t*4ACaR`%<of_lq#hO*jrZEgE(l=w&fKw(vf5QI=nV
z-pIHh<V78SyX)#kr}y(NpwXe2aCHlCs?gcuJ!(R?3OkGMQP0^bx^Cs)2spV~J6|)%
z;R|@a5iHxC(ib4N^RH#POubO~HL4v>%NbERq{q{_Sot`cpw5(Q>dZug$Zr~q`?H|Z
zeAVv2@Fzbf<8IQ;@R>^rPmzs3$B-xJG-#_Tj$(Nz<^kQO2jo*4u`W=DGP}uEkFx3n
zU}JOJ;I|B6TNk2%_uotv!ZeDgcovASDO}S7Qj!AAXj{1m(ea{GmMes&<`{Am!}{{o
zFBy{HtUM7W1(Dgo<TU4xx`#Mrx7iea0xCq`reV7P?xCr<xOp4-kmC6`nw+#<gV->d
zdEcK5@h(GOH(_5vR|vn>$-4VXLqd16sk`Y=J6@!VVP)=TeCcGHJdUPFSc}ip0^`5c
z%_Fc>wNLkBveg%Jw?bM9NxEi8_ea;GuhXWT3$fjhz}wrygYLfoay+2^6Xm%E5`vHV
z1?@6~RfSA<by2k6d7s%DO_~PuMR89SWMGNmf-IN>?_EI0GfeOdNi)D&FU}UEso8F$
zcS<HF$WzHT3Eqm~&AY|)FnYo<XNoJ(nc_4aLWXK1f2XbS$e-DIFEStVdn2q9d+3aK
zPX`0(UkRidGmc@*_%2X~5JKNx=2OlNB-b%!l;)erR8Dm-pvtI`&k0r7m2b`wga0&E
zr-jw|L#lIXrY25csD<GfkVXwe-eUe3)He_{{uV)cAk)29YgqTEWnIEV`igRppR{Tt
ze@%1;D2~Sy!o}`Y<mHtugnVYIjO2?OSJC(29%6RLZhoBgZE7xhT52w4bD3|6XfCJK
zlsjoNFjw#{!QV$Oa+35yP0VYH_qoVbB$I8g`#UsW3L{MGZ?KIHNSMR>_L3E_S5*E)
zsi16{1?2kD$mCcY7j4fN;8QAEyLtaHoK`Dd#wFjql;Jkd!DWzOUkYgjxGOG7(eT=1
zYe8RLoX(*O#ju$J`JcGZ^`x8B@)Ll+=uY$_RJ>hAcNJ?-)_RNkVj_|&Zj@Q}JEaz9
zut#%kx_XK{>-AoLi-+y_I=#m@4Ou|v<1{bDYp~`KnoEi^REsmC?wL}#Wfkp-HYM!1
zRlB4f4DJB@ye(3J@ulRPICN0yN1xYliRA*0(MWy_<vJKqX3KHkVe;TAM^Bb&&68yg
z%qQr_G7Dp{JZ>%xpK!&TS&A<KBL*N1Ecl`2C^|klxfXO~S%U!=&cjHZ-u(s@E%^0m
ztS4$uf=}J|$ir`zIX7I?ja)l57txoi{`rFL*z#K~z5!0$?9SqznG46^ea;+^$(YIa
zWrFIJ@w&+Ei+;`zO*-Fm1^hn>zG<Gv7mTXqy?7ZE8G2w0<LMsDDZ#Qs07bPkgfkEC
zGvP)@We?IBzhW(s@Udd8l95^^SF+R9cqH&7o?D{Cv+OWAo&r3H$D}B6ua=mHiFsP$
zdO85zlk@x?m{p8f#ah<uTKQ5;EY%X-RQ?zpfYJ^^71Oai9RNk8NdSn&8Xli&h{swS
zMN5IlDi~Z6hcji!0K>Uqpy8MX8ji}&QYQ~&+u#8P@;5DUE+)>^5?|30%Q3NBOZ+iz
zfmPO55Gzm|P5@Xj?<FM|K{v7A7?utmU<^MR+z)U%z=qE32QUg!*{{l*2deUl!2^Kh
zlxYC4w3r3}%e$rl!19J^0I+yW1Av9aihPz1EkOD&*)PMFmQ}4~RmZb>*fHW?y{%=v
z9nadKWv$V&*2J^^L(2+iS%G-gd@ZX<%W8^eIkc=JTGo+x)+jBjUCU~ZXQ_h>7l%3}
z7W6tV5XJ%b^LsCW`(^0^AnJ+qOW>Y&B}<Eh^F5-RW_@TJNVlM~Iqc#Zz;<4^0Qp~=
zcjE0nyX_1+JAD$*O-DY4w;v-(%!5CXPvGrYq=jeTPvleVP>}a-X16F6GwwZBJpZ3y
zq{n%9k(f-9P@<a8Ucq8e({1bjtJZD(TmNHH>pe4)TG!`UT@Jph$-#NafFDdZLG=Ut
zads#?nL~DHiAfx?CQX-v^ZN6Ntd&pVlc&?ZMGj6(9z}Ib5Z<0B2ycuF!hYkirVTKj
z(F2VqY8+rZN3_JGkpztcjN}hmViL!DwZtTj#~>I33BqSCB?vvn0hnQq@e<6CGQA((
zlg`I#a<Lzjh8qWfQb+0lP}-L|0F*YQ4gjU!rVaq5#i;{8>Cw~ypj5yT2a=1!w5$Q-
z;?WeAHGo`Pr)3Qw7bPug0J-?EmNkG}oS<b5AQz(y!~@C2X6}-5@vfL$EQ`s-eu(->
z$^eLRrCfp(I;Zs`g<_P4misRw59cLFq<KjaX<m{<nm3R{T5Y(jJbZH6x5>l*MeFk?
zCAIw5q?S*VBukN`cubk7HEN)|ic3za16=kiwFTs1LXvvekbp_TtNIB`YNwxi{82w(
zNk>=`{-}RpNlh#Xf7I7mQh+7lkE)4@H7p5#BIWS@HhagP$Xs}@X7BhDDb>Xa6EYEm
zN;&kkJaPv-;Su<`k@4_U3Qwhxak|WnWb0$P=vSWBF39(`V;p31l!k;ZNa&)3qLhUD
zaUka`<ea4(x&r9l-olx^yx+n~p&a`N{@nY~+K&=+_=9XRd<bW{dp}wGNkUewmh~BC
zeYW<qgsi`6S;sN!_}b$MS+8*MrvJgk<7r{Z_4v*Dwd)g#KdRN#fcXt;8xpdnXj!e8
z)w;GdA?y2ERv5FwYr_dy8MNpG5JE^HEJkwr`0srWzj<%%dx_&`s>nlIFn`P1Es5jT
zvUXwCuC==o$FF65iCJH+{W5X<hJLufWhEUTc<P$~QcRx*@bkdhK<xAR_hE7qCO55Z
ziYMQN$wx5x$l4?E<m(gY!;_yt8|aUz(*?f?jMa>hf@~axIYR_l9BBe`c9aR;cp<3f
z2*Gd;Jg34pwDhq!wX?OZuHX57w$R(c`-Y=_DK*oUMR(r(QQ8%6y~gBtLD1Q;@IT(_
z+p1k;mnkR<GWB>8PeOUA$9t3)^7rEE0@o~^hBx>3h5S9<9)o+Vx5vnKBE3B(-gg1n
z+eFug>GFf!r#HU@Z?S(?zf>@Oi+wX5iNEMRZB$-Zhi4d*?)!po2VqU_bnPa+cuh^(
zop~+Vop~jcou}WJ=bn~>CG+&Q+@G*-l5Y)sgxxCHGSIDo#qnOfpQ`zD{l9d-w|1YT
zeqr{5m$*;z|K|PP-{C$<y}N(?F83$?OZOFP_ets(0GC|iKFR-^_Z5GK`y}=5{)+n!
z@c5VRU)AoD)Gsu>gZuyc{?*IgC#iQ6{YC$U`y?qA$}JcR<!TU^g(dC0e*%ZmVUpsZ
zoGmOl%lk1PYeM{%uELTo-jAxtMe$pD3rj$xf61~8cz@&f=>A6Zh)_3D4-?AceT?6u
z`xt+N`O3xl+4F}&A@?(p$FU{69}(WO-S<Z9>^&FXbKJK?%-XwqcvAm&6_)Js%#o+H
z7M8T)eQ}=^mVD-cN#RIg$q`SnJnhTEk}o|4^0aVaN!XJoPdi>%avblALx6a4*!Vr!
zY{;HWHa<@*4k(NNGB_6hrLG_R`^UG86li`0ygUddmr{AA5syFxJtgu?lU#z6Pmw$`
zLoUgHr`zI+j~0fbfra77#ISSj9RBwKz9yj94bj+nH<(&uiFFjH<4YDo$kT$cI^28Y
z2Tj(8Or9;V_!Xz~JJgZi*Xeu1k(p}@kYfD4cF&1)nxc)XXKtkaQ$9=i{6;!&{K4P;
z>%VT&yq)wz|IE)_PPfUPOk8&@m0vbGWQWOB=E}fBNH*D#gC`rM_D)r54|a`}nwz^V
zK_$y6HAtsmO0_gQ%VuXu+k+>@TH1wG0@s8=^3l&eKVb77P4!G+$AdNu-TTM#$wT)3
zksT`OJciC;!LEDIPcYas2t6ki<7=Wax`Ghp41SR!S`YBP2{2nLS$A-Il&pUWN`?U=
zeU!npXsm*!_;o%*@r!R6&|_|u$Th@Hap?y&@!9SV@Kv`A!mxmabYiT~K${m&;xGU6
ziGy&h=Mn7hhOz$0efqfqJj6K{qpk<LQ!vc<8vz)0<pJm%)Qg8@jGf1%R)9#bC)H95
zeOHVXmO4lYkG0fFP0}7bY!>WFv7D0X;0v>}EZ~#^EO38W2t(`R^1BF7@P<nSB`W}9
zY9fcx)LG_i#eQ|)hZqlrKnhvKPQ?gCviu}FgGT^jO#;`|FGZeZ7CQGMfFL(jJEJ;B
zkl3~k`cmOae`FH!dxYbC4;j&;_!TqR4VaZ55amBnVNv_Y;cw(u23RbS_snEHD2vVI
z(cQGq736*MQ`jC$xl?Kv%bZyn91*6uc4<d2no=1;u-Q6-sR+f8)Mb-;0C-)=z_VFu
z?NSqN9pn)Vg)*DbChZOOq}VJ`d9m5(q%@PAi(2+VDYMg32jC;zaXmK!v|W~uUDCdp
z%IE_CftgCiKC$cvqv2O_S@wykBHlpKJOfBqgLER`M6Q2|P<ACAugt_pCCdcgj6{F2
z-vx!>v3m-dJ>zjNsj36#H;Tal|6Uf92cyE~3)<V73xc(8O;q4#);g^L-q(YBS=KGQ
zzmm@CFz^EW;7xvmP~dM_bfX={Q{eC);H&<P+`VU+3xN7o2GQGkWo<z-@0&tCGeDi_
zxrrDTVDNL0uSx|DcyBn=hIq2hGTYq?0W(kLH~Kq35;l5!iugBzc+l%+(fp)PwiC-+
zYo*p={;hfddT~KL@0*JFEDIvpS!?;<)dtnE1>1Pvc)H(+bvjN7AJIDz1MeG5l%N&S
zI^mRN)AKv**@Vw)*mEX6uV>HMf(8P3&cWvf_MD5)P3$>OUCqVyXFO$F?!t47eY|gM
z3T`E}MTW&ixJx>R=g)#Y_Xyr?oX8z>TKDq4<+PvJCraVi7@E7B&3#1EPOcs@#Ou1e
zM>u+RYjo~e>%zkoCldX~1Uei8|0)DLiLp6Fds~x|7XZ8qyhvF057Ew(<6Qy;0Gt5z
z9kAyBkiAide`>29G0!d7&--rfqjLaN*CR<R2E<4Cs!`;5-fsJ-eEeV%N(B)M)yJK;
zc~5Yj+ePUsyZpGh*jBj(i`XiA4O@m~@;(X4NBUx#Qe?K{USQ_|+olwP<Z-|}2sXk!
zVO|ByZ+HK<pzpl`XpU&;#dlkD7vZ-Ot#Y3kS1PF6cg@0>FGJaDRjPLEtX%z36wf<q
z;Z-WP<n|9PK=YpqgT@3s*(5pye<Mf_-v810XjJ`UFZnwH*uT(`gySyP<qmxy1@&*L
z@SA6Qb-x9ebI=8)hXYxo)^^AIeR20P#;EE~W95mh_?i~rmSX<ZuX~`f-}h4gF+jRD
zRp76>r#mUWL|Lmu5tSY>XR05@+Y!p%GoK}WLKA~@7?uGNP=%;3fSI#9r80<8vACn2
zq+$@}(~m(YHe5WT(1Br1B>K##uQ@FNd<<iA%*~o6Rm&Ms$v7}wnfS4^6U3(FV~}4)
zvFsIdFClYc4Y$wIjFMBdY{y$avbk+2HgUS(PJ@uUe?Y-_(X3PU2BQvriczu(1mG={
zjNy9<f}RQJjaapWB;$pcWSkilHpJwlH3U+zS<`D~A!-MlT4;rfNGj`m>>d{R?*vPV
zMe+>Zht&oscsep97SHS;MvKt+UO>Lz?VgTFjOULqo)?;Xbn+&l32Yw*wilGqDT4H7
z0@-{1fmiQHk;q>(yTacFz<!$doz`RIt8|^o-!H{FYGW^x*9GdmJ?wyNIeMsn$@}hx
zcZ^5U5J?rKGoo}f-t7QQK(fF6PU|lBT$l7UVs}7Mg%@dEcjO{bRpY`Npbka;A*|O$
z5}k3{5EEAje6d;e>emAOrcWElFG$opauGVzMR;iEp}6XZdLzbe4|jeK9jzS(R3Djo
zDKF9V$JwYq7HRrpUVr`3=#)MME;y262|CLhn*MlBC~FhAFy5Xg8O^9aexB+n7BE~{
zg8Dex{N1(3Xxewz9-Fk2{An#G$FbmPKzT(d*|@m!XwsC&IZSy>C*?8AtTVerz8B3*
zXKVz%&TmW58ne+m<lD8z(Q&P@Ag(p$#I?p;be<eQYs~zgYmLQ;TBC_Y?m~S~QyJ%~
zw;1$$K2UGGRnr@BCeLpplBQx9oTD5x#$tZuRwSZojfm!kA3YO|>TLZZO=FyUvBsG5
zKhqd<6Ewy>q%rnk{DGLp*hv~=fvz!*Hj~0Q`r8!7%>RMHXu7<@_|?ClFsi!3SVamW
zfR^_yVcO!F1Z^>ov_-q7E#~#p7DY{4EY-BdV$>D|l6fP-$Hy5o4<?xYirmkktJFox
zVi72db1tDQ-Z-$b$fqz-sN<igqdYw4ly>g!q^>InTJyS^xGF(Sd^<r+d?!IoT$7+C
zu1`=C1G<`s-cr?gY1mwszeAKdSbr|k4=;$)=_LJd5ARz*`eCQ0A6Dx^H%dfI7Z}1s
z(N01)glE;~hJEeqij&o#R=T8<k-zHm(09}izn7pN=7Dy#M$->Vll8+=)DNwiewfen
z!#td4Z|JWd=0$Rtet5>)#(Bo|R||c*S~$_X5&P76U|?-<GXkK=5Lfb1JH+4cYbP}<
zYWg5<Q|bC(>BaisT=ltReK7l5^})HiZg&WEyDiE3U`(cvg&sCyZ|Ix2O88g&Okr{2
zlk~y%OX-8JT&xcs<6p_ddN#9qNcwB~;2hEiQ+qDf2j|dDnQAy$AN(>|9|US0Z$`b0
zwgY7bUc`Cc#fqU|IcEt9io4CAD~RxN&H#cC6*>}znl_i2tTE=qG{#+Vjj=VRF~&8-
zY)vaHAZ>8;|3DjTife<Wi?qR8NgMQi7j2NiD-p#Mp)-74TYT==VbH1S*7NLMP0$A`
z67@kxeiU%<NMta>rxX1ckHz`CN7n~MsVhd}F@3Ot>4T7$tPc|5|N1y%^}jn&$2=eT
z6P^F}M*-T8^w$UbF^?#*-|%dxLk(#fVV?Sv9v0_iE-n|s0RB&+M)-x0sL1XYpyOp|
zy)lh2CY*XT;j{%asMqj}Zkuz%-$YoC-v!IVDSa0C+qWr&OLe7im97-N+Q&wdfD^D*
z!wS@_&QFN1M;Em5X~JZ5>0g*~rcMaeqAzP_>*G?2;BAQ3_47Yok1CWmS_qRnKP~V<
zHoo;_^CjCh6v5+DjhR;%3|xb^uMo1^`PHYn_N4Xh1pj67BhMD)J3$N1u<<p6(AV^^
z_n57s=jw&u2Ys0Q?!8;+W<ql;Yr%1}$3W}!UPxK^h|^oo6&0a5-5yCte#gtTYBHr}
z@8^fTs;#0M$}7{GD!K<R__CtsX7}NWo(b;#6+L&muN1snvhxE8B8?)`QN0Vk5S6){
zC{H-})i@+k&(O#uoi4XJK~Wa0TNhp<Si%AlWT#76oR%p{ec`^1YeCYxofHuj5ZEjz
zORfyJ{=QegkX06y;!GjLM33~OiN1%)E)<@B@In+?venyf%`~`gcS%d2t&mXmv^hgi
z>_0=sHHy;u;(|3mmDgk6^`4XN4BZ!{$+tjvG0as%Jl@o7p{xT$!U8-c+l!UV7L<3e
zmIr`fy~pPW@~Dct#>12)a69>$)S~IU4-Hg)Q<L{tp0{W4!Y4uw6XS5Vxp>16>iFUC
z8=v(=nO<Vu@4i)-{4?mp!tZ;Rm^c=Xa-QVK<ZFghbl(a}WxWp<Ba3s|-E%9t$Ghhy
zUM8!p>le9rABH~l1w5Y%l^3vs&@SCL=EI|ow)I1CG<2ZJk>4`UE;%ybkLwCS+7G|8
zGb6vCdZ0n~jF2NMXEX*W!4nEmr<7&Z+hedwh|dd+a5UVhoZzkFyx}}=*I<4*AJv0I
z)J*5_l*$ZvuIQd1V$9}EUNAoZV)>2wsxx0xH;=;IDWbVpRGv=Zh+(0hdf36dc@+AL
zom2pI(<wEgwIoU>^8?|B7M_m^Ww?^D4km=n$VmJ;(VPS7O~rZc>HxobhxbUzQys`#
zVD@m^F*lDp#jg%Zjx35p8Jo|L`7xfL`l~*6{uDr@%+3&5&m5Wg0S&I3+%LXGsNA>U
zeAL^O%KPz98o$nw0Zq*Fb`9lM%wh>wummH&Vk*|@U6MJ7Ur~Sp2Kx*mPQ5CA{^Ub+
zk++eKk{<xfjHy35&H%p?0!Pt4+dofATMtj_VR8sJBv_~6(jGkEHRdTQxE17?Cj-~K
z+594XEXXr}?><GoQ;Ba*ipt|df$zQ!FW*3XcfTMH1!cn1LTvY=H#N4aci#u>d=cB7
zzymzJ`|xto1Hg8-0NafbC6FXX;@2`(Kl~`XYj2`7>C?~00s9?^9Lx_y_K`fCy#Z-e
z3-XiSp@nsOlFnZU(q0Vjqu^sG?I3)MCvo8M587k64JHmB=wy>f>v{w)zD~vW|AzOX
zo87~UCb;<+EAlITiOCZ{XM?<<z7}U_3lg~d3MAc%9?o_3mrm~|oIqy@;7@UWM}AbK
zqXHPtavt7NJP$fnjK^D^#y||?%}xn`sS-((6aOQ0Y@`$+72fPVkBaNhXW|0xI;a8Z
zGml>fHH6P}GyIoI0VltD3rG(^O8ffAI2N|CqR`+m3-aWRl#td3KlzP9XR9Dh-cL#A
zBTun)83YdPcZEOiCRq5pwJ9q*zau>PJf^v?PAGQM`6T^KPJ513UYNEDYnCTF>1WLI
z@B=0lG%5}I`Y^UR`PQ4MHx2YQ#sY8Q&pLafH14h8W_*-K9PNZ$>+XeP1Z&fRbSU18
z3EnMFCdn&7n(zUpOUEL6**TvPDplJA4MK0MBZjcve0Z38^W|acjanYn&OwCI-iIWE
zfrVX)d=fhs!-(M9v7FzM-ze&mMMtpsopJlc^9;AL;bPp5>WW6CAfWXV3<C%z=&;E+
z3a*Z-AQE+7RWzRW&j!A)c!@Lc{uy+jb;MVPaI}*;=x6d~_zCa-9^Uf!M#nh1bLDy}
zH`#+ZO~|03v?mTRIFQ5weEtW1tW=?})9&j`Jb#AUpWfppdBiv<=5KME@C-FxY`Xb?
z@}?n_mJZ28C(9apnEF}A`{@1|)Q@l@fw7qXE@HU}k%Qw5AFf0Q`P<xC)dC)fIUIhp
zW-W#GX(NGg5_);^AnPSOW@#M`^KTOIggZfr1ax!|kkft*CBu*7jecprJ4d7Tqw62A
zg!{V9hoF-m&;d#5(3!uu@f@fL51c-#u0^`8#;I}gWAIrD$rX|+AVxxIW3~2CpoG%6
zcyE@&V<*%Kk2B(r)$mA$TPSUI{PCvTSb^_rj|+#v%dxZL3@EqhJSv{Vi_MRq-TG?*
zFCSvZHQ|KOJ&W!F*scByi24oO4oBJm_+5=a_OI8=(-lwp`s;!9m?ZG_Rtk9lpO?eu
ztlY2r65_C%h|lu_-pLD~TLyP#JO9r~yRa$$jKKy&WEi||rPrdtD01_o;jdvb@lKvb
z#rgK=u)oBzBN@?QtLP2y+5_rJJxknd((kFCZIgDQ(6-C>X4w=8?{}l4{kIP?7z&5o
zfS>wS(>g?;vU@G$E}d>u?%Uu{DxXP5lf2=n7Sw&xeu{6rGhhpLrIaYXlq?t$nT}xm
zH3fUpgI#GhOTeMnGkI58!1Yw1;yw;2<WC32;q9lq4{w?0mkpx}@ltsIh%~yJIhg9X
zTWX+sY|^&QW42(=Sg5Wm&2DLu>el1wK7Ms8X*Je;p5f3=e!y;Nd8!4Egjt)>5-n@8
z^Xo<wA3&xuUL|l%Hh$fHcwDvtSANB^h_`OAliMn_PUF}8X~NyW3D69`?s)St;i)$4
zq++}uSA6S4ZYzu$#|d(1p3U2nVxx}P`DsDB6tHz3gTG+m+N72Z*fHp98e8k*SJ!U%
z@w|ES008T+VO{n{Ql!@4`LUhH(4gIqt0wEl{C@v9gAE|W*_6^$J1^93c-`!L4Iygd
z0ybqzDuv~7*4jGvLz<lnlqkkhXjE_6&edXVwTf{!(ypb+F4e-@lyrX!FEm+p0vzsw
zCX}h^K&C<~ohW|KXfVLY-<W`F%8=u*9JN_%`JcauYo%I6HcQhKWmal;WLULbDNc7-
zYnP@&i`FJjyBNczlMAaqjQP3o>(ZL{0qv}7!gGUQoIlmV3N?WyRmd-&1SN5u)Q<<e
z`eXP*1fPy(es!G{Ea)>(&RIz<i8rS$fx3mVwCCYR8dd>+om@ba(w>1Q)_&oz-(d5;
zhk$e$-SR&V!}I@wcICA1LzVp~m}nP6Sn$iPOx0+2E4scOz|oC0c&z;gw-E>TE*Br(
zR%?(^?tvuAtwXZ?pcTit(^eV8K7v_)m2KlSWbE$*8m$$Stlx-bN1WU)BIc?5y1$!|
zg86j^g{KY>thhQr*<d1)=3|VMVJvtDb214x0yv0-8wMm{2lO*W#@;a0K{O9#iGuBx
zS`6N%*slcIy$@-3n?}3cK)b;KXt#lA7lych?>NJEreT|<1wQ%nUgVQ0=};xK)I@ZA
zh9f$D#f)@}nKp}Rw>I#~elCfSrz*2jy74k$Cf^x7H!K;5o?C&??0XRbBdmLo(5CH0
zLTds-n*>i7j(jT2`Q3YPvL7}MOIo+_uRcef&w{mQ>1~3XwYAv0+8~wW2-1U~q+}Uz
z%^5EPk}KxG{3b{xxk-8ze%Q_bJ`mXw<0A>{*ZUNJK2_|YK6&<FpS*jhPhLEapZ3fi
zl=KFe4dk>J;TeQB5~%-&Xl$%Ydv?!dI1)`h;>bZ5oJ%L#MkLzqv9^yAShB$e3a>Tj
zo~rSqx~ng7eNw%#CvJ~HtKGX3`>*~rDa1R_z1^}cM)iIPaud&dQ+}K){Dxk<G67Tt
zsa35wk8xF-RDptQchfAuzgk5n_W}I;?*i&eef{*Or1^DZTWo%H??%X>(>~3wPtfZ%
z@JfYQkco;8gzL8BsMB~x!(4iJ7wOZjW03&TxZU*D0&m{QA0F4|;%lg?6C9h1GwAII
zxx>OFTumNrbiH{FMZ=kew!U;$kaos;S$;g$%k8`H>maA~ax=ZIMS6=0l|AS>$NTUc
zIkOa+&S8JAInH#jWn`a$1&Sy7S6Wgj@l#AZ5O*42XQRE7dn0=HAEq{brgh&%Z$D(}
zr2Bq{|4a9yf;>N0xY><{J=JZcy4{mxqnS&^#XSu55xWmXUczo>cR~i<xBhkb*H=N^
zuf+UoDIN$b4)l-VDM-(on)l}UH*o-=sT9Tpzd(M8LLZ9xl_3>_tbzUp_1mSRpk0Qq
z>jYA{E@p4&w<e4vu&NlyQBWo?-Z>6qcVOFL!-5mI(2vjRpF1e~(S+<@BxJwKvhPmF
zuJy#TLlhZn^4Nsz2NJ&KXmN6~AtBqB@b#@M`}3A~_K1Y9m-QvyhxCx`L8r6_7ZJ|s
ztBRG!3kX3`yL`jwW8-KKfQ+6{+TdeMZ{~e<DLCiV+~e>?J$Hc$Ikg(CzsXMnwS@1i
zCd1^B<C>CPxuqa^^CQ9kHSMYou0wR+Xsd|c%KIjgzt!PQf12@{AsqDpE7D5t+p+#a
zDfhI^|Ezw~5I*uz58IJB2)brPfnmcMG(&iMEn2%^b?p<R+D*TQwERHW*T9i&SnBOU
zlY=ctA^F`RC~VISP|n!&*DvEvj%Nh0<YNdztB>~KcwfaJj2ZLBo3!dv2lk&HG3HqW
zmlO)`*Z^r-by7X6?YC4L@1IKM(qs`B<3l56T=gmf%*WaerQI6QfF-4MHIE~QvUk|)
zKJB#&hhLdtHdIjZT1ZxL+l=|^zCxRb@_Xht@P}<L${(5WTnpdGZx_pgP=q4#m38pj
z_#J{YsTeB;L0%T+8wF{^ea&R#?{6As5X+jOG(udo?%^B7vVHurW%PFF`6b@-M&6Hc
zfGZZ8-2j$mcyw{(ia@bQUEEG5m@|rTfm1O~6_klxxKMQahiET*?s?ZlJENlXIThYC
z9$`__ngX2L#d&fla{~fs(+h~><9}s_<Y<i#v8we?0+?k$vAX<%Zue|Jn{X2vL*Wm!
zPcXdPhT)jJMq8=-J<IXCAV>Wr#g_vTV5XV>EWN92W6~geP(C{J9R6pcTQ^KFHA{AL
zmWZJd+nrLBU-2AC0C!8e;QhJ_11fYj3qjS0r-zo!rr>cwyr)m#PGJP5&b^{F#4jtt
zU{G98@OF3cD{jS7-XK))c^4}q1Wy`8Ym{Hc0uD!o;5SB_x7#EtMl0`IX2LBM+JP0A
z({JZqM}AbaMCmpsTo^47ttT;tNuG$8eqbnz9DZ2{#xz4I$`!e2Sgz8-nx+NAsNnvM
zY)SkYBbd|G8t7V(LyoM1Qq&}%&&?#`j&bBhB2B&qpJZB{8}_^H@C;oPxIQS;1aJ8r
zctwJV_f1OIHa90d1<7t6s~3de*9Z@%bOn{dKIQ-=P{a-1?;irV8f;*^^v69w5`}3W
zZN~{?5bfq;bPbBckJx=}5b@J1+iAhXgT-n_2|%sO_mS{?h!eO_1lQ07Z!ITSxAV&b
zm|^YlM6hwtphj%|293ImTHg2IApQJ~oC4)d0^cA=Q@Q}@o;F8*o1ll=w@G0a28TI_
zUC$P!2uA%eIVnhuwTbsGHKCR*a86vK#+ZTDZMLcazkDmDKgUsMBff?cfi|qCtF}6&
z27dV>%3KPWi!pPMt@21TYKZbRf#8u$hqTo;cq{HLdiRhDKU1$fJ$NMBR{0f1lcW;O
z4k^rge?x_A97aFFmQa6NQBSdehTZciEg=iRqsA)xl_u8rLYTXG@1N59b-b)Wu&VqD
z+#wcHN2KAGV73a@F+<?d#((N6Ypa?vSd?z!S5RD8c2`2gC7lMW)PI7@yq`l`q)BLa
z#v9;1*#&5|*75$^>B#QnpF&AP9JRdf8Fb8l+H9h@^%U%u0R4qaIt!2&%i7fcG?0;~
zuV3O#Z}NyNs0WZXT>=wbo@x^08Gw)m-uoGi3$HtSK*L8BUfJh;gVLYpFmw@LlOkA8
zLHdvQ<szj&sFfeY%KsbhH6ghvQy_gRmWRYLY?<9+c*9>lMk*ZfD*OQ9teP&_uQKt=
zS?FWhJKQHq$Cy&}@y-+wqha3PoQ6IZN1cES?*)*kw?*mlNF2<xSUtw8)Cm|g1|^t!
z1I30(+xIb>lyKtU{Xb=if6@}WDDgo`1PK{Rd+4aPp7#e}eD%35+|T)pVGF${0bluT
zE`N)Aic8w<k`5s$15M0AnmDA5StF$s+Lt|Q1aj!uMmpijDMQ%(C2gLNOF9D-*0v41
zp)ME?qiDuwX}b{o%1C^#*l!vFs@rWtP>$oxbKU?ljpr<O;D8`)b5D0k2Q@t|u^+{k
z?8h^DKZeHo0S!M%ojA7OR_Kt3&(wpX*aOQ@=)si<@o^IS0p$2mBkHYriJajY#3;xK
z^ou0q?Ha=S)}+v+{qK!z(uP?nzb%~eZ|9Mu!&FDUzRn${YfjK)OHJF<h+=BdU?Fw#
zAK@{4_tz+qCai<!g}ViL!uCegw$kc`vubTbGLW!AOA!2Ro~zW~C!VMDx4Gv4{(bl*
zUj9{M%+(sZ50XGbn`?5F9iQ$kYC}WP;MuOVe?7Lp38V)Q8D-g}cDv<>uuAY2k<Dpv
z{}Jjff|l8h40I9v<lC_)yswRX*+v{{Ak+0Et#0o`yjEb)vL^S93HJ$epqhC)G4P#b
z56IyKLtswWNNfG4h%>D_7dE2*VFR^<2V&EH3D2Tzl4-&nHV5CNVLyT&XXidCZBB^Z
zZSbRxyg&=H`3<r4+&i>KM}CVar-{_V$xk$(G24i1{*ejTPrk;T9!0Vgx%vu_+Me%;
z@)iH&eA{^c`_%0)$NSLZ!{6xM>2L9j?f-!rm}ul$4o}mQ{(+c^1hkoD(pMpzw$Klo
zqAZqzW%fSt<ggi^kHd3Hvhf$l;eupr7SNvd_C!4q^%vdDt4ClBoe;R~>N;Rqe+!PE
zhCO0BRsEM#q`F~~;RT^Yap&>_F6%Z(EWi>g15ox_ctWj3-GYJYlxI;x-(OF%nUR)s
zEPU4vl*n6o|9H9}ByB@I;bBU>y#Qm0T?eUvK;EB?N|T9#nSVr19u#fMZZ6O+Ds!W{
z5tH-ptvereT0(r)j1K%_*x7oLke|ZO48_<8iUm5_EE2d@C#pp^bYMV4VBWNcvEb&}
z?B58yL1~4FjHRMt&@@t<s2p{k)6@Z{1(hThOpeRGz%<KV)XaQ)&#?&!w8@vFqV+Jp
zY%8R=EQg)mlYrLslx@cwdP1N<VU;WXbS_Ft6kU2Ih|)H?>x@O=dK251(yW<4Z*+?a
zixHL+e)Syg{8CqPct3hSfoxTOaE`WUYPSM|J$jTr?cm|lP3Zn2ePgGaJZHhDcDiZn
z;Vw!JPhpkuzN_JTC%ROUTA_~YO1h7MRY3Pz<%F*|cb=5D9IPr=oz|7m!s)YApPdDs
z+j2Ik(#JdX`x~Th0DU>(ElH(+Nu?L-rGMHPTc3$l|9a8~PtXT${ev-`vHb`gR%K@s
zVCCCITIT~aPpiM`O4xtb%io?<{!dhXJ}W<Spz^6n<=u((r)v;Caz=yjx-&q^HQg+A
zo0jSy0}0jYZy|4!QBy*%{e+azJGUUqRh}WdUb98hZED$s-t#e)8BS#$J)=<`k*9k9
zIgKmXS+Xp(=sat5HZ-cP#Y+Mna!PwOmmXTkfoT*&GD;cdaK(Pw9z$1}up6E+#4xRW
zZ2mK-12dKJH;U4U@Llb=O5@(o_6N&oWoYu_bujDm%O5ABb1_~8eN=$5_eP->(9qDK
z`cSxd!v$o`AJmQ0!Yqc;EbyE{YSrYc>d<uu4a2TlG!)1hlqZ^9(s>YYS#>C(M=bda
zer}#rQ%h@w;>}||f+yTTg}E|v9iGR1VTi#q$;C~q)%T|Y985|!lW1*l-^$ly3}QA?
zH(zs~sVZww#S23X9^B6GY;|#?Yq2<#q%S<p*h>>R#>>NAqDA}NqI8caO)ja$so`+_
zw84h@X(mA3v`pZ-97wfS{rKwoY1yE+O?WPYwymGfK>STk4U!zb%zRZRSau55k8!>l
zGYt0&q<uJFiPmG!H?km<vGt5lT6?QD0VQWt$M1Li1n|2X7wWPx?jvgYzOx*HbXaQ;
z1I*L|__qy>O=BVL5gqD%FJSN@c@mGCP~>cFy@G%BaY&plFW%mTE56EmI6qr<2pc>X
z_J4I^+%;8B<p)4LU3hAM>k)#{dxT)mD8bU>#H%{c9~)y$gJ$z0%)sXtTn*BAxX>IH
z3Nz|?WhAY_)Ir9=Zv<s(6kTmVHjhP^)!4J6nuc*Qz|<K)&yyz5DR#hn_$LQR;3Ir>
z)dITyWq{=WM)(n}A3uMk>NT+YIl-uag!v0Wak-YN<(i<nMJBA*RdzD2xa@`op1}qN
zAB-z4EEK6c$qyNJOIL#S!u!1xk$u>U0nK!gN8F>e{(6%C!w-gND$Zl1)MS`}Dz6}_
zR7MX$zl6=qKVn4FX3ZmFKNOdSHE%+i7_ng!az`KIyR0Fk9yQT6`Bak)7w%;v^~foe
zz<iPlKe<q;do%J++M}D9&x3w_E6QAif=!RJix<%<c0+q)tnNP-#B~L4IMZbT6Vi&V
z^h;mFfTiBPsOR%UzcyTFs}`jO^ih>+1*JHO$c2d%g9jLvcm!|P-~~g4Lh<f3{3~?#
z4m@_@e!pT$*iVjdkbbCZ@j3N0&3&~L*E|kCn@Nxy@U4~iFO9OBdmznI0x()?vuT%L
zt7ZB+s<(D9P#`c>Va6U_SwdCTC9banrV29-E$L9bkXJoZ5l!t**=fRM6=e)-K(Cee
zWk7;U9*p7UMe7dU-%ByUf*gf#If*ZzNPR%({}g*(SHvR7i^8aidP7iVQI`kM^H@86
z01y?Fmmu+O&v??v{4F-A!L!2#l34vSd7G!*X@Y6oOslK^=UjdZ`A9o}HB>+I%Gj|H
z>3=_!O~tauNTnJPf^_vYre2*%r&azh;fF4lgU^JGNPsXeW#ZwYWB5H-ji&q#5Y^$E
zucDQ9aw;V9*uX66jxeqgK;<`WBuW~Nl}LMWHAdt@LgC~o8*xJVJv0&CyAMl_$)h4^
zPf-sJhp)rf%gW+ZF1(KNM;!Tx^6yKh3Txp_ol89&HgY3zZxjolJo;~3{d>^_2>2t-
zlzZ|6c+TK^^QxU->^QBT&M(EtsI=O%hqUElRPB%QHA~U<_$$;Co<fZd`;ayI*&u4+
zEqIH32z}jxtyj`)`LX)Kd3MPuj?JpNZ=1r`EWQgXdJHS-Zl#rkUqcO8)4#*7dz1*X
zRO*;}u@-ADc}HUh>!HEvkcK@x2+iFB&(oFBcU8Ou7Qk)TcfH$Sr<x*zV&mbxXYigC
z<@qik;LM5_+YRooV5;V8UK&g-P2Tk(^yFFWN$Qx^4{1n)X-H{3Y0!uF&ujV?&iCh?
z(rGp;xL{Vmi0DG)aXR@czmN&clZP60w#d}H#pWFO1v;9P=Z$8-YZm`=TyOS1ZO+Qz
zYf@oY=u<L<E*?1Ol6FS!Wb35+@kV9Z+RWydotRz)e2U{igH&qeYl_Kd6F<i|Jw-Qo
zwA<@7^9eKgnxPfldG73&Z>;FP-ec90hz23u6Sni4nj?GS{9Doe81G+Upz{Lc85;RO
z^DCX;-pOwY+BTyr4RaG+I0euWxq<CdZc25RO;s{B+m*#alhzEB*GgvFDx;r#@=3<h
zy;Q-=5q+JYqTAtq0922P?wRfx72Pi`e2%XPM$KD~;4U`WquoFBRADF8TWEi$=+33T
z)~fgo=7X+Mxdmb0?;ddYB&hWw@(#>X{^)viCE^_+(&O+HAzw2iisG@N`v$fi?vxIZ
zf302W$q!hz@y=SVK`iUSvsacdm^t%bLoB@HZ&_L-metz4J+w%R$S%hFKj<oL#^=&W
zicKH>x_Yf<sen$2Gk>wjZN;?-ln8XmSsB>SB?<O{4OJ>s!WYR||6VmKjVxIK@7?=K
z;LZWoUEBpWu3|*IKV3VA<C69}rHIRaz<oQe2Hj$-PX!tZtB16F)B<R5P86PD4n$_f
zBJKuHyLtt!REO2~n7?dUBgiIn`I5Hb=*T)Wg?F#M5GBn82Lfr^)n{mh{NyGKksa=P
zRU0P_5yuMSRELw(6{P;)<2PgRbMVLpohHer3bS3HinEIru(@J8M)L^&67Q#ydZ4f9
z&T|@TECzJgIgHi8P7?|YEqDR|4?Xf;n%(d)f@?G$hjB_Lm)>fpu+C*YST#tr9>f{%
zdmu}@I{^Cc<W7c*srOidopRB7g*`<B5|B%MD|MB1gnMz%nE;Xcv{{&`WZg+$Vz>!k
z>2SOa<ru$w+VEJsAiiccMV4QLj4K<fs~k}%;(<A=RV{>35>AjJ9Qhso7Mvh*2<!w0
z8}F#cH8ZxejThJ0&DnqtK`u3Udxqkk0gJ{0TJJ4_Toeiq+uln<DX>{WPATBvot-v3
zXWI&WCnB!ry^XyZpynDePDT_r4`4*XQYV4SRYs!~ke-WaM?#0&%&a(Ri`<2<>E~<N
zHKh#WvYqNFfX*Q_(ub2b1CGesli@1s;@_fvy8Q6b#1LMs%KPri($?*DvM=vX_Frq~
zr@0I2npC_%v1=ypy9KWy@^(3R-?R~I4H@)+iYnU11A3#qA?g_nk08vPQTUlV<l=0*
zQa%Vv*`;=LI%y}TlhesgCpJqxUe$>EOC7v4Hj{3YwM!kg^`C+m3!WU?dB`8N@%9c3
zUcLb2i`0(Seb_pW1dpXE#@D!jrQTbg2RcaA9nv1p=l-aBu&ur%I)O@gd&rS~0b8MR
zNvA*;v~i6<L`xS!<_~$F^-7!$T9F%(#)G_f_<6j_z&!#Fe4rRI)jJFmVzYt2%~jUz
zo(O+*o}@d!bu=P16(GuHzrskJVT;0afItB;?y|I#*t1(|iO~Xyf{*vE?9piEMeIh)
z(z}JSZ7~5zO@O?h{VU%0gUkd8_@%rys%=W?tqR<yx(GbM!|=-jE`PuY>Miffy;Aod
zyNnz}(Q>9oCxGkEYp7;NBM>Vyci83fY}MAs7SXdwun?jM4uYH>iwGi5GvRX;d(OmX
z78rk8Ha@dUaHr+q^V{q>7oXo@&w24fhU^4nSP5$ThT(fy43vNrBI)IMP}9fPqX!lK
zLrM@jRRI)yJQ5D{hv&g1JiGRqz_kdLW&&x@Tbl>Em#u1~r;diGuDOt~|Nm|E0WAt#
zKmc0<(xv9kR&O8=RpY8bo-L8pcv$@;XXBkAwA0Jlb&P|Q_+uAg+<iBIbm>hX6m)c(
zfU<bs@Zrg_pjTpqg=9Gx$x=TbNt2dZ+R3nlY>MYx!9)i+zW!6%@OOk5*B<HCk$P{p
zhE$t3nnLQojd$%JCYH-b-&~&UtxqTJRVLmR>>Fzf_NCY?9qP<pssIGUuvk^;SH%TH
zbxc5bV)<X-;u4B{Y-%&M5NppS+p;xT0gas`NpX>&knbC9X;<8t*q@XA`m^~wUI?m=
z!P9Y<hP1U)<1M_wb6{w1zA_owKd*{Io3?P&H~RDeUDc&C1dRhmg=3M6GfCzt<(!&(
zUN8G~C(dSWb5>GWlux`bg-Z40t^XmaM7*O(ZI3bCKRO3$1Gvr<sbwWziIqrYB~n>0
zM#p;bhgfZMFI8Ixoxx>=3NKw~PLGcEk)3++Q+yol6*06g?L_Itrc*mky8Zy|N%;?U
zBuWvvG!v#*o7A-M9%b1Th7?0=UM>XzBG_r-T^C@&WO1lC{L6Ya?Uv$lD)6kG=2XZA
zv|Dx{)=`s8M7sT)hV%oy4C!|#AYGq!!7R8c8SyKZCrr6C+u8xMcBvL6s#w;&$@bMM
zGB<mN(Ofxn;qZhJK%YUO2^GT>%%<O#jQGrZk)ZurU7?ebEabqHUNwzyAmsWRZPIqW
z3fr(t-T48p%JI%15q5(<MwqhZo@FBBF__oxhp9{--W(CeS88X`8n)SEt`EF#NdldR
z|I?o^b<9B?W#A>?!XyH;e>2j)i~DrFR8>{=0j~PmI#1Bc6yQW)!?D4>G`pn($i;}{
z(s@EL-X;MHj}3OES(-MWCmFxG7T7jVMZRIQ)27i5i3Hmwbc7_L+e|L8A3Uy!2e~{;
zYKQhnE(CkhVCG!C*Rsc3|9CvvChdV<q=7o&;8&l*o=6?)J25Jq2M~(UGch7otggVj
zLDA8r<ZLp%vir>NyfR@WkxZ}o4rF?=?q4O-w@zzhI<e<+WI84@nM_Z3FF~f*VvJ7d
zCgyiC;)Ht5B?;9s<g$c%=$r<y5oazBuxxM7APr#Y-vMBoYX4P$J$*_8SZep>09JcN
zGQc)28vtP01Mu}jLkV1i5M1e(1Xqvgvfx^MRs+|NQ%H#?IT!$#3LzMT14J{}3N)6t
z+qJRW*~P|kOTUSU6is)UZcE`n&Q`7k!+I!9PE{^iu28#la$a~!GYF@HL8zWOrL)1c
zLp6qrsq5r?42m4FoLroxtigjR+Dv>b&T)9QB4nw@Fg&M$*HqV8z0RSh2A(hSR7<SP
zH|<&(rdce?vdcoYv=}F-b=aP~XtdO4w`{MhUy7k{pyjyuNU=02S+o)hz32iJz@C{(
zvq>>u^>sQ%fvHbj|2oXd9w$i<v^GvKYXb!z#(RPOYbRKm*1tv<jPLP`4)&$r>_%E_
zf2srZ6-&Ffi@Q270X=ZJ5Op-EPnOP0^-6J%O2ybMBZgv#6*t&~mGwVM$0e6(yze%8
z_%Q*8_xBFcM3B_JiGdzKC3Wf@PU@;<uQ&9#)CB^rD@njnzMWs)Znt#Wq&~Iww1)M{
zlN#2ypcBk_{p|syfwq%6E*?I4iTT~AE;_9jy5mxXOzHzr$lJqF_!7s}9caCQctIJU
zvp=fQ?!mMd-eA-SPADtR!KfdH(%9;3ZpA$YFe-=ONe<4&b|;{-dB}eJ&;Le;k{p&0
zaz5EeiPPP4Z5q2&F+(JY^#z>nip7`!NH--5fRC1fMptInS5Hs^py}ybV8ksX%{)4S
zw<w{TUqVcROWMsYuspa6Fgc?B-4xM5SZC6WXtiws%L#amX=uc7>V<X<i66CHPOu7P
zG0A!tNhG1HHd(C3W$I5h_R_&wn$}BErs{M0C57s!;~HfDaprPDHPR2JPc9iqs5;A<
z`U}<T(lntuL{k~vO>tTJkJQV`(z28695;g0zgLUul4HkUJlfhI8J*!XdANuhAgeI8
zO2+&Cj9;KjD8fS2fJMq`*!Gcjemh7@Yj%B|hTz8getHtE3I~Ijy+6plJf?x{rPCV7
z63lgIp7;Gd1#RzW3}CokU}viYw=RyY5>QWZVGrhQoUU)CuNqzcMyFx}=v1d@aWMcy
zhJo#Mm$XBjd_r442WuZ^3XJ(c6jFeVn!=vnUZ4d;w!VlK{*@8t#|uM}cB`4H_I+&0
zQGO|=9qL>II-&Z9lem!B>WnX(>{po<>L7DkA1r8;cGN<#c_FTXh9|z1sC42=AFT?;
zluo<U<%GYM28VTrZL@(y-pnp_BaDywr7bD8y{IiIs_#U|EzktA=cUBuut01%EWnn-
zkil6@^2GJ9izyEHT0L<bw?qQ!sS|98BQLggS`Z$xp*Q;f@b)e6Q4~qzyU8Xj5SRsn
zL`99ToQa@j1vN25v&k;Z!UpgFLGgi?fOx)8b^&=N&Mq)FuIA3?cgm@EzP>xXLr*b)
zd6AF>pBNvYs6<4VVF`(XNyuyeRn;@I4+3)c-T(Og$o5S4bXQkbS65e8R}q!Di))DR
z6;~H4l@5}6X9~1igt{HHiH7#k+bFb;7dKk}r-$t-l}Dg{v<5*AbZ1f&2f8&`<v{WL
zr;nMj0#AL4Pq@Vf8gWubnPo|DB=bl_gN#(S`9XEM#*V5q-K@M8!m7g2x-Ix%{e!x8
zU7JwKOy){Q`2bzWs3*59VxRzM0@nXwFQJaOI=UcG#?bCDoFKNUN<!Es#3>eVF;RXB
zsoGkVQ!3wu*ycIA0@r3(T<=nseeaY$R{ZSv6(0>{amBxYt@zpTD}MW~q<jCZHD5W8
z?PU7i`{8)waNt;kpVG!+!{La2W}~K`!Sf9N6geDL{&<*bOkP?WVUVG>VJ_Gj(a_Gd
zOV|c`zn|El6?!BSN)Bp!znay*hILZk`|<kT&#mtL+-&bR&=j@zdwuDfq?KXQkdNK_
zxoPirDck$~3|moq`?t!8A0s`eiRpoO2zt=k63N~Xll@!F{;HXEkX!dP&_^GlHCf=<
z$t%bfDsj?YMfr1YEIlhrR3(if$5Hyndd`HSu{m!q(fX~+0?P4rby3lknM{~q)BXJn
zT31|R15J8|K5sbR|Kk2zT9mG`w|2Dg%a#wnjaEsuG<Z}na|aBd@jW^wVdJ-(6J9)^
zt{>tL=)4Wv&t5%=(9aG7Fh&G$7+v;f?3`Cm!*Kmlyz2CHNlVfhgH}(#91_#La6Sh)
z;@iplck;BHU}P$8(*%vBY>8zlF7YF`@n@y&!08aO<>JUf8;y-2gvR^~rU~-=KpZY#
zIeHxRe-vEU!}fwvmAS=s`M0O2@2eJCSQ$%@mZXy2dCVd+h`@{T9f=^f?mWZ}wdgP>
zOD+pC63n1Aj+`Dg7>v3Ys{HO})~zgH&k>H9?WO~`nUD7nVXy^K8QB&~H>*4`yb~7#
zCh91b_Slj$`YMTAb7gaL)QR3$kGc-hkkj0Av&9hSBP_J5<0!XlabFN%y*WR|mi(lz
zk_5rGEsS}Sa!iBd&x_S55rKr)ApusPw4#+k@sAo;L!*mdJ*F|X576Kh$TUkQ(<lm^
zv^a`F`IxiI8)+SBQy#|e@u*Lke1OhJg(GPgOiXNQFj)<9^FFj)s85T;FL#NbV)Syl
zme<RIn3o+flLqqbbo9m~-LKjR1T1vu>8I-#V!%uXs&AvK3h90`FZx^Iz0jK?zD;+h
z9{CL#4ZM!&6uXqj2mR>W37f=uR7B<jdqdaq(i7MUKjw)Hx}1de19*R+$lvDaXBU%Q
z7?eh!Z_$Q8%7>>q6IL-G0XIFPy_L2`r)@7YA23M+g%eqxbJwH`Cq{Y4us38p0I$6Y
z%Dv)yp)V*7$F1HK_N`<w&_K_ZdcF_Xcd7OQ9sQT)p|QYuQlh5>%>=M2G8K>pLMhBY
zUo#Q-nw{^n##rW(?*+6I5Kc_<Ocg(}?G$>KFTG!E4O_QotYLNn!in3w<p7K_k$FrJ
zI<8**lxisOHauex;Q4#zYBmCT{Ap=1At3a+`s{C0?F1S`KjK;`N2isGyLlmG5_(5-
z{<DmDhW@p^l3mYrX0|Z-TUJk|{W2Xp`PnECqIo<)TY;8NC{L|YcZZj&dl-kfp@}E}
zb}&68+_V!@ofa5hB?oRq8G{Nq{d<dwfgx`pN>;!5-Yva^gi|E8FuAcnTDi3wT|yN;
zX)qLuj;e07nfA&&s{|_jI{-&88X0hSK^HKck3`__>e1wMpqB-_P>J0zcy6`_lj*cc
zqHmOq=+Sehy>flevj&exwJ+#qI6>dLf^4$G>MSfXjrO)EUqt!aBM*iLk+1$?4pek^
zn2<%4&ZQo;(^RF-m(S5Vuk_;bTe%V1)BI`EgmFvi^f}B+G@n#k0$Ui+x~CVd2%f-W
z6}d#SD5%FX&i!=8iI*i%IPG)D@IAK73AH`y$kk!58;itt01E3~eU(F^+S!V@W;m{h
zo$3Yy_J5r!4ATM=s^q%a)R{eW*Xk6oOK-DL)qpQ5J}@m{eMNqyOaC@@@X!Up=%SqC
zxW2xQb(Y(uYu(~eoaM6palG#~u^aN2qP;<pcu+~vOb(p3X4=fdo(}B_{Mf#ebAAIb
zAO}*>rotfx5H8i|;0bJ>nH>l<HvtNzl@0l_X9l1FZ4T<4oU6rd+#ZWhpj=nZc24ki
ztGN7@%>s#Plc;_Tt8NvmFhA6}AqHeNLl~luoE<ky?zn*vgMCoxMWQcMON9PV-c?+$
zcFm>FQf)f~-9V#+r`=LX18j_&&*@`=Y4oelugCt-*ZhLgGMi>EyN$1_^GkUWwiv*>
zINulDm~e8w-NR`z8HfyC%}6vDluLT_PT&rsQa4+0a?@JKY++t9gWDlCq2WRk87}OP
zH(aQ<3-w0*eAwwfz=`{Y;z7+p_@tW57mi-ozQ^C@;G9i-z`uyD!SZw1yn-^kpqSbZ
zX?6^(!YqHIL%hf?e&+oa7{kDzz57yR2T)S2!5x@4$Cdd3J36eSyqY;qQ3is5*UU#e
zY^8Rg)c42+Qr@ARLoFU7$1GVyDW7w~6u=oYHIf%<O~{M}0t>=6V-~Q?9Z)~y78T1L
zJN(hu2h1szba_U*4o0@f{^XpQQL{;<Jjzu^46Px=ADp%WDha!4dlG=n16?0dso7~f
z0#nnKQx9_T36-EXsBAqimaX$T?Q*`2L*wZ7A2W1<<r&3lOn%r9)ivw~XCbevBz_?h
zZ55#_RkiN-%Yh#M(v7Y+XOt5?z6|tu1n5yE#3;7!Hom0MV{(T|h7&t=nqve9JwS4E
zNb}N^S|Z4|i8BQ%vxqBfh(abWCBsC@BE~fl1(s}<v_LYSCDS0uvt&9Xr?Vu8;Ql!*
z31X0c9wg<N&yyaE8BS33Vgug1BI43;1XSv|)n0)ke6sxm5o3D`n#}iM{}9CY;%;&#
z!~4VH5bt)@V+F5GMaM_^m+E8I6r#}^3~h|eXN={G@df-f6-}!*7~GsgR;HXd$q1k+
zmPZmj&1_fcsYo>jxJXxZ0tMYPj3@|+hwYQ^xgJI?nA~5T7z&16p^?42BWh$dWx10p
z!l5-O2fNf_&QljlS8C7#pwa>omJ-k?Cbc8Fq(gdX1T7pzEy^FXI)7|Gb<<|$F0I&m
zkz&N=U=uI`&tDwU!c>PCbYy<)47`L&=&~SbJvvb5agEq{lFq{+)?{|5$1lVmx%J-<
zK}}4(dH_>Y&D1eX?JbOJvXvc!G@X0|^O^U8+Hk)ym5k7v?hKPkrXz9)V>i|?cnL-g
zID6(P;j;%;0&D<Pzf_oDftT<MM(CZy`I;>183thqF(mZf!TJA}tj(I(K@6QXqZ+Bn
zAs*6>V(i>MK8Zhu`OIG1odnEUJBDd;WFE4M-AdO9CaP5cA#%R$uy0hRx9OOd7Nz46
z5xbDLFvIC@c8W*1^{)c{oMI2sYcta8cB0psczUe?{&$?{)pG}Yx_UP7E=H^VlcWb?
z$xL?e<qnHsgnyS`o=W1-u80&6!<d1>$EXzUW`Yl$@!KoeiT@Gp#D65<fSvds#1ntS
z=qXS9tyxNwM%2x;3Nebs@pzX|Ul}>`C!}I^>Y4wMzR&!RsAvA#SU71I4%)@ziU)6j
z?&SQRMNagq@%RB2;XT?|&>4#O$<kqghsKk3iR2a1FM)_91`s{s6HKa&X2f#43&oo4
z(Yukpxl7wmDtBoCs*tEEr#~VyQ3JbH7piDy0+_md(YlI*tDg6&Y)B5dqh&9Wy7)A4
z2L^ZW-DE+*>u2Favb_>J3)@>PuryWeS`u~>`sbGJZh)<KB{hl{DZWU-23~4n%N<6t
zkv8BGSSYQ0w;Qj%%@<>&FSi(i1&;|}uVXFBfD>eTHSA|~h@Z6Jo^@I|=lk`szSlfF
z`C{T#;CVXxs%=xHw)A6aC2w)jQd<^EZJuLlp{}3QLhixQh0?Lmv}4g{lg+p_LeFJ1
z^0>>#gUKYkwRW`%n073=CI#zy8@CCi*P<iFA#^Yan}7U_9ZI^X484FUL|TMEfL7(e
z+qihz8g20lx5$LPAT8bql>E{Xq@Y?@-uxqJe|boy0d46Onp*J^QrUj=lg?-E=EcsC
zg)ci|K+6x|VQUBZ^aSo18XbnDCxs78@8C0GE0~gMa0g1PT%W+X(aJo4bm$Tew5rqw
zU^0$zNFKC=wo8oWJ8X>(QdT-hTNx`ilGgI<R+YZ1NiU)j<mz8TXPWeVnjHrSPj1^)
z<)sEftjH!0nXHRt8VC#-MS<~;IMFevZ6Hz)5c-<~kkD(%FAH0Od>>f!U4%-!FhduV
z0|mcE6#SR9M8SUt3T}?xKfJEVscvJXCa>LaRHNe7(=4q__8xdV-fZuLM!s`esV5qn
zBV)(N+M`)J68vXu?`UPmB;6p}A6FjLS~}Vifiq@->&t{QrV95l#wTBEISrpgvnR$U
zr~XTP@?*yt^2v{yRXPeD|4;GBx=APVNsG!S%>$8qdV~`LH9lDx%O|Ivf=~Xv-!JgV
zJYNi-R6gxw=q);WM$1s{zl7dJg=dJ~`;MsSU3lz2h2D~hr(TBE^#6rrDEAcTotFFy
z=>7JgSoC^MF!b&XF}o_Y?|_Vt)&4sIw;Q#+<HC@NhTGLM`ccuce(yl_mWtNJGADFu
zoL#(%B>hXZ^``#-U3iJ;4N!o=MJ>*LN}JoKw4nM-c|S7okSMS>=|^<j60t;2z=D5?
zLZ;f!kV1+MtEidy<9~`m3LK}NfOjPS!UQZh1%+H{`UMJkw=|YQe%-DP+xv%4!OGE6
zTa`oR8R>wK%0F}XR2whT$>!yKp|n$0QF^SUkDcY&{o;0(XBCp%JwV%8R<@{s3_TU#
zum+_lOHZi9Ldxli&2LtV)khc8OvM=*Mns|E%4Xf)#bI9j2=&LmE&wraREzo^WiWpl
zSv08%%tLXs_vT>r94}g~;d}?^Y&IBC7c&unnwI}`ZJ3$h)Tn}hDoCiC6wdeZ5oUxF
zu?UmnQNNuN)*Mn%FNYZFr|78n$0(^Z8s>agCdBEA1Ut!hF<Pq)y2_}D^F2zZJO_X#
zlXR6)L{X$Fk0Sb_QL9g*FH&+tI=-V6^5J}4BGUBoQ<~#d=S9Ubb^3P)+0M{Sy70r)
z6GzO(kPaha^mFote5^WpBN(fq10hh=(m66~oH@ZL6CC~sp7eF9`ae{^liqzwzFw6g
z$b>G=x7wg;gewh%rG}F=!gvoJHNwGs&bK%5WLd7A=}YyA{^`otiH`J7UOR|bU%C#O
zKd7K`v01tIh}x3IIME{K02G5}@sp={$<vT8-;dwCsl*+Mthg?+d5<0mG?U@t3s1dH
zCleKqDhVkKc&JgVu(KE#9yt+P^ZgucHN*BM(%bk`L6JKEC!DiE%~96E>MeGVNJnzq
zHML<?j_XDpv{I_XZLySl;Z2;J{9;mHa<Z<E)8*w+D`Mnj<$bha4!ndmH_ZN~tv=Dq
zYnmRX_(OY(y|(8<+PRaa$B}tBVs`VH_x##$Kh&yZw#2A-RI8hRPsyW<CVMPx@5k$E
zK+f;}0XL;Ga=n2?#m!`Th|5c5^zxz_=wL`Cd2t?m;5Zyz-<(9WG;kWoAhYWL<UjtS
zx-W{d!r33cFZzrVdiS%rxWHetdbYc`MpaPLG8%~Ddt}9-4oomH!hz(ZJR%*H-geO<
zyeGmBf!NkY>E~5dvr{}`Z~t1EPD@y_)@yFvxupB8j269^1&uKrgCA}kBf!dN8JLya
z-5XbDL$A*IHLU{8BIWhoXcW$i8j{W50|qZe16SJtW%9wesdLr@$bI2(+}oa9c>4n?
zP1y#LnH9Vjw{zT`8_y@z4J7Uym0A>ONQ6*+4(U)sH!a~fotefJ51FEuu9(v@&X?6f
zy1Q&e*?&fr{n4Zv4Au8t-$tej%+g7sMSkjPoRu}v3*BjtPB|gaq^@|6ey2%pbhhVG
z35G5i`=ca8{c!JDW8A{`yKB%z$lcZ~m32iQhr_aWy|(N<j0y1&FpSD>Km&3T`P!w?
zO!)vF%PBogbWEonxEfA@CR9EwN<0nPKL|z1+fJ#(no0*JW9Fd&(7b#{;yjbG{(!!y
zL$yfE^2)yuzB(f7H&l-~WD2A!f0VN|gHla=6>?DeS9*@cP~_j`yK?l!F$O|aovPGC
zk+6JiPSiAhqA6+`)11a>tc)i&XZtBWRJ(j68$((4vW07YOWbrgnyrqFPUdWNxviJY
zDyf%wABge49&JDK;n#8YGxi%Q@?TqlXxCk8dHPk)yL6)=yvr@!lR<}KON}&(E&dws
zB@XHBUCh44Tj)aP;{LE_knFv(JM2=O^4Nn;bj)I?SoDt-%u$dO<;|Ma-K57?&Gniw
zdY#8IB{05?PNWVd%57J6Gf&my$RXG3d&r)ru1JK!A~0mzfzTS&ZkOycV0F(O!#z<G
za2Ud3VLl&Nm2PW8U!%NG$MfQfJ#y-_H^Y2jnGwCDu4s~zq8>YWbo{X`k#BDl_9ybj
z-B3c7k2SzXE3nK&AGFE`;ISy@ARkz0;?^>T>I9Gyc?`}cq61Z@1%55?n+CsWQekRN
zp_vQZ946TVpnF_{PPru<Ip3BF({c(^R({RVX`WO#BB#*8JvtWBp&dAq)kH_hS*jCa
zXNKzAO$=^MCTf)_K#w!Md`G~51E$RAMWd%x2Kl>jG$!PoL>n8T6g}J+ccDQIi)f)^
zLd5tp2o!I@b9{<LFXfx1DX9)=ip3$#O)0`6?8dgm))umsbH2aAQ|{!{HCL+Rv5ly%
z0Z_k<cjq*C=1a=~L%VWLto{^=t-Q>0^XjGuede54Il{ZkkvlnMWh(a9Tkpud$+D&@
zLcjHvxzYa5pG4~OH+t7l<T-{)2P<c*nOo<Oex2sb`DA6#<Ak3z&vT@D4Hf9|09-($
zzbBw2?$O0z&0iBoN2k~(_wZGaQsz*N2COGkxu6_!MsSZTVP!^e50At$lSqgq`%bgG
zg?t5j@MZ=>p??QX$-7uRGh)!|Nhj2L&f$x@cnRn$HB8}Csgukvxz@kI=m2PsttPZz
zwZm7Nn-bTY_pQ)Z5%iSXZ?KEKcA>YJ1-<0feNTh6wt~#4e#YB4K6FN@&3b*Z7fJIo
zh_9nDfgQ~zA=Bm}Ye`7mI$0Xg8ky1Wp(2ZY$cuZT;@7#P*Rd&k5GtVCJpN|SmTJ_>
z+xE)WU8>%&z)Hn!-r;Ja-luJQLw{!ex+L-`Irdx|IYklb%<_#>V6K*RVI462jNY#`
zQ2n>!(ALv;3<TJg-&)6}%%@}3wwxKB7b4T838srnoi139GDOw+X0!3a_)I-&P(8C<
z=qcvbZDSamPMeZrk_E42{Jk#}x}{=<!VM}4$HMU3#7lp}PZ1+yHH<h3Bl6{Ab$q0I
zRs%)=4FebGcu0@M!|mIEBk6cBdB1j%eKi132!kVQgX5VK85kB_i^82?Qj0#SqG;n7
zm8%qHcumlBWh|QbV4=!YiZjToGE|6mdjMU0d{r$N0xUM<?E$^AkqbP+8bcY9!>Orm
zm{F%XcA*QGxingR_9KIDw(YgQ8xHG!HH#$AH@H?a|Li%kOAIbKhnL1%c@(MJ<pW}O
z7(@xq@x6<4w2+rHp{vBZL&uT^fnDehd+1h`nKx$O+USS`WVGK_*9Sp!zS~eWrxNvV
zFNqMfcTngOZTyJF$EHQb@Av$v=oqCCTQlpQaucd%SQ35yu%Sx2Btp%fpN5(@_eL96
z5Pz3$%fQ$nSMk9~6vzX9)9F{rm8)<<N-NUjw^<@xe(h57p*dIi3nbwCxpDD$=~xW?
zRn4&N++r~IH^}c@fJZ-K-Lgg1Suiy6O_>Dh77V-K$r96o`6g;koNnfW`4$F3ewzAA
zpak;?GH9#3It$*&XKQu9gZEuEL@@Bojfo}F6<m_7rbN7AZXNRbNSqNC0kkfTKIwkp
zQw&~S>?M$^pG8@9s0Q~k2KS#cqTtT{7va|1WANXQ5e5HS{}=e}GwtH>SuA3WCEwTP
zO(}!<fS%+YB4XT0z;7j>FXSbAHV->T&aiYgz2fueFITvS53I<Nt1l+7Jj=xly?1kd
zsduzE>G5HJ94*is{0VJj{=isR3UY!<mh*o->nL4dK)?9nToQjmTNlLOXDi}GwlQcp
zKa#oAcfj+7j;Nk!L@CRo<Ruh0&zd1!C?^8*LOOK}J<8&)N5`9?i0ySOUaA_`ClUhM
z><ZRXS*JACD&&><(Ea$JR_=|(CeHsN6b=nwY37Y)3a~Vg>jHOWh0-y;?aYB$+&d3g
zFieGT4dg!ntPaYEi_^W=@Hw>)e1m>;rCf9$`zWEW!?1b?iH71~+s=?0cglN3iBlYF
zMW3R?&xE`a0>WW#4Noz7^Fm4Za}|r$xJ%{QC3azgHNn$hYYgpz@ib|{YAOatg4MX`
ztT&S9=JdSK8x;SRFAi5sHBcl%Ldh{b8uu)BU~HmGY;fm<7UyaHwBDh<4+SRX;5L;c
zhUIewbc49!EEXl;sQl}~H^W%UvA%dHZ>)3We6#dD2C!Rfh2>Ze@a+;l3YUlpq5To+
zUQj*@jrYlF9|p!PjXv<uNVdHcqQsCxyfo~6$O!O87^cY?-Y;Nx6ydXGr0E1)@R~xy
zHNR&k9hKL6LlpH%a9h(17$TX&Lw2{AUL;vz)u?le3(e57hikQmp;?!>J@n@V<-p+Y
ze5)&5QQ9KXvXLbJ@uKc<i9<>m{aFIVw8O~dCVD7wOQz8{m28bgf%07m82_nyh#}or
zk!^?sJ?GZljuKvtUEI#%Jn>ReTN$}j^_Y0UU@C!H@MEo7&c@g7PZw+W{@Y4;F?Do0
z9-ahBo5<(vu=mR_1b6A41eEXSWkpRfTjI<Z=X=Z(&EbmtA2sNo9oZe0XaBP+>=Nrk
zgV5jUA$cKtl&9lwPQ51=UlzlIWN51|^?r?yGyjR6vrBPhW?_vr1`^Dt4Mu1a8xQ$?
zEa=~h@rU2Kh)vmG(zZylI+Co9Bx}`VFzFRY;fzHW!xUfSEM6)g5i|)#7@y{vg9YkR
zyw|%gn6&-3suSSAeAyw&bm!of2-(?%50UItx+rmoY~(7+TQ!{QNe7&K`X<5c*=&Co
zh1-a~)`7rPEqeO{Tf?pl*vt89Jm*Sw5b!)_5d)MS%qXuaGms@2j5Gj=(ACDmgnX)a
zw~Ik$-+Ty3yaJ<dht7%k=icoQYxF63-f?=dLwm7gpV-j;ZHZmHBJ{bQ+8ZVRSL8;K
z+R}t$5j+46cwt94Zas&YRl9JcL8%X`ehZ~xZ{V{@&8PV}+a-pX15TW#b6`#NOasPI
zb-4kF?lbw7>)vGB^{J#x!f0S_F)TBq7si)`Y_n$^UI`)AeDb}J*mW@Uc?2JOfZe6&
z>xV=9i5F_j4h%&iEbB0Mk2(UsO+X{&+8+{KWj#3Qxpl`ecxAwO0WW?RZ%Kn*zC!0j
z{CS<BNexD$=P<I3aIh7&S4KXVJj%KOI=kA;Vm-Ku8~EC$M060_3X4Qy2OmgDwg)Em
z(%a0S?vD{h;joz(6kzOjGlthW!s8u+{jy!v{$*Ob!^$VBCZ~FaWrIQf)%BffXmQRL
zq<J4?iZJ=%Rdl-$Lm!DnJLFaPC>8B+2l9=sK&p9iz;p@F0@=nmU**>IL*Y|$zRHV-
z_`sqIus6Ke%8zEaK_lDHFgEY{;-6&)HN;E=#2g32m<$;Ao8yB{<O~Lv@Ix!9A#;!&
z1y&9+y2W0%xJ^#Fr3V&`MF6C;rXfFkIUgu&ZE(H<!|p6+!|dG%=?a#1K3#Q<fmCtw
z&G+{JPig>e?3Py5cwjAFwUI>pHh1PveCBTXZ#Vbg6@v)Xb#_OnPBI7`X3@Dr+~&Dg
z=uBO6z0i5qs-Z$>f@hG>If(P$)e{Z_7)E>PD%es4yhiWZ(p9e*JcA?TIEV&qRk{3!
zk%-z=>tzuVimiu@kI;Fqr&j3naQ+J^9#-fr)$g3-tU#u50WW3qlD7f}cwRJQ7Sa&#
z;#VLZ4T{W32aJZW&5Rzqcwsrxw@{P7Kh3KLA2fD>2?=~zm{B^pSPK*Yr5}u^^e=ev
zr!%)1V=JNvPz&=bT7iZt7?~RxnLlV|dLLJD8*1nP9vgfyu7gkXK5Y+71uFjzsQjaH
zUIN;d%|zqkWT5X>q;IGd&>%J_KLc4;V~xsy9x|1~XvzyQQZmqRU}1tX4$sK~o?%8?
zm<+|7HAvU4z!IaqA^93PuRp4!;3d$w@=T9f86sHuqdI*C{DuXP>+WLD?~PEmPTK(h
z&VL;Sv|QZ9tl!0171)IQ#qIbFO&qFxRt4w(oD?mqUeyY*`K4FJ`7WbMoa>`MQ+n|$
zan=r5P^+A^gY(ZNjoohfx)GWhublI}Law|4Gh(gs`(8~SRU)O*@+5Q`#9ga_e|tGi
z9)M0=Xz(^~zSw{fe7PilBXr37O^G<3vYC8dv4Hr0<bI@jITH8iJ=Md64F+~Y^64m^
z>yWZ!&#XxF@?A6ugL2k`-6$6z5=Ub);5MC0w|RinzH3DXhbrG_03LE$zVV$#Z+4)!
z4;bH|2@8BkRyF`uwp>1a+6>p6+iu_k%LbrRY0<Lfs@p(9gzc9rFxx2C%|Q<G1YL9x
z53*Q+7ovTrx@UNrZVd=KjIhFAanjvGgZ<r918zJ30m_)D{RGOuVpl*Qm7Z`UOXwKP
ztsRb6Kf6Y9z8lal{iEn<(!W>JHxHo9#Oeu973W`Rppf7-Jg`BF+@5k2V`JFGdhc1G
z5*7!umaTs|Chs|0E+otzbwIDjCV^mHybA-_c)oHKcUL5`h1=h_dQ5{O)dJ-XZW%!3
zTjT|^VRWQaE1z@NGl<(Xw6t@8XTGn|b9;GNR~vq}E}UdAgstB!L!c1Ovaa93`;|>)
zT@w6O+-XTPtR7d^^#nY4-^azwLMW{Gfm+Qo;y9jDGy1ns4)1?2h|<4isk=W~zr=m=
z=D~D^z+SVe5O%qCIAm`F7M_6m%LW!AL&O+=z^*!R(+V5WT2+HY_^KYr@FA}qP9Y@8
z9gHO;!FW|)gd>Gl{N*oUSIR%FJOF5{NQV!Ug{T&p5Bc&17-Q!~%z*!Elxdi8BW5IF
z2GR=kTtUrlMKOMhn)M0*#h{GT-=$$nM#JI3R29B6>8*A4YG2T~e0U9{4(jjFeF1Bu
zQBUpAQ&oEEEj{&DJ@vevdQwk4+^cm4!;Z3EW)sW847xybr=Ge^PtC$qKBlG+Xdu3k
zKUP-h)q1&0^>?H6)H!;J(^E-$3U8>g)Q@`Vke>QRPkq{>;a=>*BP=~*3#M@Lkt0>s
zx0ib~fS$z^Dk;d{Kl@@m`rt1v#fiSHBAJM=GnsqjethkQ*UBB*=L^b}xq4OC>lIAW
zQ+ax7oSw?mQ@CWyUtLe+brt~vTMwl_zV)0<Z+igs6}Y8Sj<Lm?^m2zFE&m!Or}9m=
z)}>Fowc!#wvH#r~I+o+(+ud55f9uxZeL;Wsl%5K7YojOVsRt<qpD6crYeYF8Qz)Y=
zbM<o9QwoScnWVRor`J4APi5+<3-#16JvC5I8L^k$(+CegYySA<F-7#^Ko^sL<Q3DQ
znJ>Du^@}|>bg5`5SGHmj^*zcPn0gmhDh2P?GUzvSX^=jqr$jxqMo)RWG^p;<-`%di
zo2|bq(o=<cDhE@zNmVY#)EZ2U?xN8w#nC)R16JYKTPRSfBz9>t>O`l8^_EVJ8h+^1
zh<b0Q#uPs3)M^iQMrz-x=fA<;8jylt>eLv`Go7sUu=4v(tv~D7JIGyyDO^yM#hn_<
zxwBJ)_clE>t1}{6G8LFctGS)g8sTz`taF^jP!NvHD+}Lj!Zodd);XlHvTzIf-}3oP
zZ2!kSN`4T+Nu2Km$SCI?ot%iz37oIigwKy)&~71|$ocN13=`)^JDh5~b}#>loEq0~
zk4#0Yql!5NGp@YN<(^)>n)trS%2$lL;<jlMCyu*<C%07hYUSUC@(r*S45%CjMK@o8
zOVud&Q;l2wEkp2g<9?T3p=&d%r@+OdfmMPVM9+o-%cKU=gaN#<mES@I-P5l^v0~y?
zsJ$?chYvuyNNLC)Jift{VhA~~zh&Wj2qSOdy7<UJ17c(`zIo)KL`<)sbT6e>LAr7%
z6sejn!Ls}4^aRpLaK7gZs*S{xBmsTHt$Ujeun(gqrE?kxG8pBsejcr$Y~GZGucvlj
z!*(BCLiJC>H;;~_^i)g-{zUM&A?-Q4EL?=|{9hTP^~KfAi1%NSi{qMQ_X9YUNeE#U
zLg>FE9Enp?KM$bL<Aj%mi>bA-L<7Hp^s4b?;oGRU(+Prk1mEKcn7*A_o(E;Ck79e9
z+Niw;%gbq3T1AeYenk66G}>KH6k_E3m*WTIx7**Q4s<bYNGnv?@2cuI3=|2&!bk!M
z1cw&~mk~&j_T9~iL?EdHDz8HVxfTfo@2pi{f&?;5C6Fyz#jdT9dVoNNy2YE!!2%0X
zOhZ9xgif^b%1uU9KN6ThwkeLOJz;x;V?;Oxa|_DL!gmqge9+ml@B$j84oYLVDUYQr
zJRg3&+1mK9(U=0Gp?rezddk8_XuhS=46LFrQ54|<Z}yV^llVC5^|bLcRHA5Dbr04f
zM*AmM$Ny&)O|KfG(0erv*6GlD^tk%nISFTiUcF-1<{0$S{5uVLuZC$@jnk0df|C+w
zA|A6W5SLjR@`uuFRQ}n``ib4Hx)S?|>m}gp0mAX)J&37AM2F8CG&;OYg@3&lvMcfA
ztf~}0UC^!3eI;Jqty+pNalI_BL=m*=H~4I4_0J?apNaaHhcBa6X3?91UKa0~;lC`r
zgy2Y_5*{j%PNV0gbSl~aT-U3gS8|UwcGLHJyVdV+HKF{%Jv<quyX`10P#5kxrVath
z^_7V3&6$XO#6vYA-qxs;qG*UbRL;{%BMvH&Ic`QpY6Ws7bYhOB8({^Yi6wJd>9wb>
zd%KEv%-D<vKoyu#ok|@0pn|<PRo*ZFs}h^vjH_h@HeYQ~^Bw>oD)C`6M|6zueuMAu
z<IQL3@0N6*{H``CepbaJ2BzP{9SbL1I`l-eMsq=V#iKF#gHFmXkI8Qy5}*J3nEVe<
z%1?{QfBmHVKg8q*PRf5QCjXxJd^|$0PG(4x?;Ak-TU^IsYtA`f11Qv|@#3yJeZG_W
zI8xvFP+!dXuYhicT9>Agw&M#Dx^(UE@MCr5eVv<~MrB+M^+9##@aQt@i;AS^>e7zY
z#q+B(sxKP8<o_#t6=Ll8TjKFQBX<0`xO}_#9$(yuXJkg>FDTN9pP)i~QQJ21W;w^3
zBkpqA8b=!pc0(Ti@nlFzBNt+%N$(APReL#%=c2iEE)ZZ5GJrd$BZ;B&tvNh}v<f(w
zhtjOjoAEG&s<&c&;!NuZv<|X}<ezOOaB{~q7AD+m7i-Y_>j<<Nvhc-FK-{CX&x>_S
zIfodOmq2N84~sFx5Z=DGL`>s__rsxmG4w<;K8pSa$Ky9Wmi|x5zbKaePs%?#Cco&U
z{OPgtKRzGND%zvtgO(k^5Z}DN&3iM(jPsudQ$St|a&#4n)ubBdidy;NHr2w)BL9zB
z)zXo-U3lXi8)<>!Utx`L@vrb)x{?{bV9>dWX;FmCt$Q$u)OYLeCG|UuO6fJ1bG}#c
zDOgA9D}OWhxWjr4UUGupT+a8mL{tVQmaeqs8r)EC27ohxnW><;5XgO0*WK`(csEkX
zOzXU=I^Qz}((CX6XSl%`CZCJ>GVU+2`G3+U7&DzpkACYhR@x2KEW|)nP}(Bjsh0NZ
zr2*oFt{lpqj-g6<5dP8lrP*GErW6QXmTjj)Y~O-fo~jL1|6`E<NwwI;25$Y2Wbpzm
ziVaL}_f8jUp*@kALs?MAHL{6b`ft*jb>M)Y6%9Nr#MB&l@GA)h8k+6iv5F1%BW?LZ
zyS%?DU3S)GoDbtppdG;sG(NEKIc{s3cal3N!&6{?myja1l%SP8K=8vpS_!>1fMRTP
zX99i7`EDjby~SxeARAv!FofRM;`j!Zoy7;-)_Hc?iaW$MhB>iQz7c=|S^EWyIyKtR
zibRzUBH!;xnZ@TqPrQD2E?}7RFDGn;<u8i6!z?xr1q~LryD~f6IW_1d&+@?CH0GS|
zQoIl#l~^;}IZbY^u&Ky+039KHH9#d#a#L*KeC-s5(}R^EbtF<4JPdjY_{$9PnXQup
z<Be|PAv_x}ek?C9>;V``tmK$6pLyZKok_1dQ{lyr<(mq7D5OpxKipssU#^w{?DIJe
z9QmpQHa=-cHN>JUO1MXpuS%Dt0_f=4V}Y<N^)k+X7YafT>H2Lqde4PXpc`uM(lupU
zGY<c#Z_x;(*)zaZ+^gwAg_YKHs4d4x=eDD4HGr9G;KhU8>UF?-Nk@<VuStAu!I_Il
zP-b^)cA;#3l?b_3*p8`@xcpbC-<joi;S=TJZe310N!}jB<RNMfqen3$`<r>rxt&}g
zs{Lk=P1Y+ehKhl>s*M)%+dV-pFh$r3=j)GjMmA*@mO#E~P{wF*1Bws;1<mT&ECW21
zIHXZ@6@xnQKv->yFK(6VvFqY?vMnYY+r@h2g<cJs&-+0)D|)p&+NFgyqT?qO7sTsk
z(rRM~<4ET-GcT2}u$9c8G5mS)MQ?_QK)tgi;z%>C=_P0fO=xKZv}{wp>{J`VvGo(!
zobN&;grU9KJ+~-0zK-<&91UXB3b*#dK0#LK39LS!4i3>dDUzh}8?C2=l}$a`Q!sHP
z(H8zyo}+O0b=snts2tNGm0=&JbN(yn6sCnfm7m*-EXd16*s8K$HN`Je&tofYh+Y5s
z#jj5{#;$)S<<E{?|4z!E8N2?)=L>nC+y*`KrdITeDQLxlXhS1Up2T!3S^;SS+C<8a
z(d%7gQKWv;ntUSG901RcZjY(<!{oU3*`f;V@Y4C|H=xzZUe7owY5rpup^%fw3q1x;
z>S`C-JR0{sFs59d`xoMl7co<&J#%kia+57A+bIX?*)waT;lb@NOkp~Ni7AJglJ-4(
zPTd3h_`rlQp})t&Yl)SA<KdN({(LLRUl*(LS8B9`X*^k~!)W5s@|0OV;RG;HghEkD
zlcLPA6%BW=D2Zly%tVbx2=y6tz;ac2>Z=mbLL%GeG4hm@bolod8S0|WTR{HrXHeyT
zAi6CEvKHc8O!!CHKSsXKtGxy3VYo|tuVQ!%E`}s&ByqKqkwjD(l`2*_Poj#iOo&3Q
zi5YlCyO~+{b;;LWibM8bVnZStW}v+$y5$N?GopKvG@Kv#>+cU!bmdxO>9w%x-(d7i
z;5J>6U)p=K_j?DoslaG2?a1<E!QY!bH^E<<_k+^q3FEvCrOOk?duw3HxtR|<kQl0D
zeDzqJ=AV6eLVjs@yyq(TYx6!0&xx4w<iX!7yzAk+0rZ`pl~?OA(y<Z7Enl9P#SF$F
zCml<Yr9V9Mr-v!3{flbLY^U(!J!-63vq_IH$)j7PgBT9@&1<{JnDX8#c1pKTetra*
z!FZev^c?C(@w$UXZqsmHJmKJ~FjiN(=Lr1m?>Si7Im+{fuhH{*Xf~8nD>)?3WtDiV
zprtC*>*LFbtS#@Cp;tisL~wLdZY{2BXMayBVx8MG#Mj9AJ~ZOHbnhWPaHFxoXpm>n
zvauJh&v3p9BZDxhoWaMzFmhF&2%YJkqXN{V_;z|ODLs+Cpxkp+>52Z{vqG2a?WB7~
zVPh9y<ach9#n<Q!$!$G&Va;iF1)Ubu{e|x319Oak2KnnAty#0@J8W`*rhio1?Zlw9
z9oTM1q+L%owmJ;(61t3)pOEgcPUsKtK)c)E%LHEyw7Z(MYk_vtw03VYHY6D261`nZ
zAMIWZ?dEe;9|_P@vv8unN6z=Pc`|@X(>+t+Z-4KQ&_p#3Z@Om!0OPruwL8GK6WUE?
z?WWm-PFlC%*GkmE28YfaG`o8hpijFsfYLlWT!A91D=;hFR#UZ6+Caop_jxC*J)YNv
z4x?vdAN9z8=%zODDvz1;tB<07mCpBPy2Ngf_RyG9UU4IuXYxb!Q~LK}4MNUdaEf#K
z&!W%iuUF6MQw=CJvU7U->hAEC;`uPQ@)M9fEf6iJ89lt8EC)QvWoA6b;{)?s=h|<+
zMV+^}FFKEy&=p^GvI7}pHoAQRy@_IJWUEkx43I1quxp>q5<kSQVJ)Jf8Tz!ysK4{+
z*O3-msw*V4RQd7P%bed&yP6egp>tKbts0ABe{UL_p?88fZv;WSsv16#cO2+tl3CC*
z-JKKmB$uuUkM(}YZJLzqtMQm8<ataJ#(FDxws+uzg=Y0vHJdI}&87>P41;{dwpZg9
z+Hw}NTa5H~))vNFRU-{F&LAV@3~6GzTe{XQEit>Ldo6BhL7M2?Ax*T}+C=9E@~|;o
zv{}M)1v|H?AHeCJkk0u~pbAWHFGV-hZ$Ns&&7ALl@#;@twlOpc=2L)gFFgU7k7H&!
zyTyr=jRkT4#Aeo)ZgEu&)SIl;`*}j7Ufe5T@mjL+x*@h+jB<h>yqFNF_vr+^-XhqX
zbDNw7t=<o#;H_2R-AwS#immrW72ao~;4L>s)q51`HCdtFnWu+$rqvj_B!YjveiiO#
zqu?%&hWk6o`2jD@swom%-QtO=1~zSR$(NivU~RS4$Tj1QDC$^oI$OWN>C8PrZm_vc
zH8IvGWdAUK51Zc685oB=ELY6JDQxmHYmq~J`T{$(owH`%#reOdeYeAUAzIz>!u*<6
zUUJri#?w8H&i<TlX#z6z0i5qwiI{*c=Rsn<1zEcb7^NL10<0D&GXr*q<9ZToFx=db
zZ_I)sriT39@gS3Dg+7ho6DMZJ%>NAhLvaHf@K`T&2?qh`t)VLxloQ;$jVj!O6I8fg
zN{GO{9nJX=?!yf3S+o!~^aXfhIocTV{~>s<M;{`Al?d-4fVV@3cajG0YNHD855@?*
z4FK<Igm-^8!F%>;@J#mFPtW+zz>D+89dIMO-vPWkLYEV~o+$+DPX-m%8>3*Y2Uu5H
z5!hx1Y^oKZ-PsqkpCFyZX4oLZ7OH@G-N$=6$m;8TW^Y9Q-&g+T)8=2HC_SgofAAN+
zPYRzt|C8?c{F@;^LD}4`^@lwV>5YB9z9;s11Bz%-CYfa46Z7IvJ#jD4{v_r_3Y{`V
z-yZ@A;b&S@fYNWh9u*{W)6n?;JmN#NE~2sD_e0pycr8k9JR0EblmGDzEsUO#e9j(N
z6_>%P_;CS@d3tGQo@WrquKi0p$9mtzaaIqK;n!Bf4z*ePLf%E!<GmKHH9Tn7H6wxQ
z?(Pp;{*>^bZS-_2Jk>?RJ4?HKiIPJ<Ud;O|l=C-=SH20q9&`J)e$YeDB64vg<@E>`
z83c3>@Hjpu{plLo>lLV5{w??7%3qqZ(SSMvxxA?vt@AklY*HvmW2C%F_+CtU2mZ=G
zebXGa3q5mD)8t8ux;aUB5{Eqmg+l9XHA3D~kV*j74l_b%Hi}8>;hFQ_r*2+j<?^<q
z6FDOdX1XK5S6p5)f63){-*?9Xao7xa&5KD>@h6xxB}cu(5KQ7DNoOQk5J_GaNlu6)
zb0W#BBFS-)WL6}3X(V}xnhYjos431zAu+Ce^P!6jwnox&mVJbJU3vOt=nXS02E`=*
zL)c|>H$Zl8k?{*AoelMn-3?C5au93S-2s>Qp(@P%j7oWm=&f#zg9fs#GBFVv&!;hg
zW~rQiCXBN*tgY-KgG1~Pn)-2n*~SSM<IAKU;U$?LqW8@H9rpHMM<V(ra&*WOC#ZVj
zI?i_uS}c%g>JU4t-Y<U)$sJbfp_dxr^Oe>#*<7AL70qLhUtWW%q!k$;Q)byK=ADBJ
zeeIUyhe5c^?8WtY;WHqK8)3h{&n>RVkayb9C0kxXHeSRD^5jpI?h1b^-+EmFP(b_D
zfDz7b$CpChmsjI_xPq4oGx*%XEKb-?%QRl5nvv09xF(WO6_b&!qD$xr1BqsFz9Hl=
z1_fd^TR)k>wxK&eLSs>rwJm8iG?nhTiPYhf1F6|O3rzH$JF}D2_@yh&;Q>UNuy+K!
zPj6fOKQsVy@ZFmUsPIll%;eklR+F5XvxDcHd*qkN?~cjJl*8}=k0Ykuv=j0!E5a^X
zTDdo_{Q4@K<xeHSoF4>_AJXIcBpSb~Mp7)5Of)dcD=57PkmQ@lv>kr85$8@N6iMLx
z*P#JP-X6EcNY+s;w<j@1@*q9Upoo$atSIoL^Ep9JlHBxD7v6nCQj3zm*}eowp$SB|
z>QMx;z3fmJFJwQ0)@gy*c<=XlJ?Zx?NWX_Pk$lDcd+vMS!SuOwvXUVeH6s7@Snn2V
ztI?5pxwwNDjvCur#2w`Dk6d~F!B~@7E7WHB8`lpOKk<HzXCZeZtzFIsZnma7ZLnzn
zB=29;4XeQ|uo|E*e<Po{hZjc>hAntM{W4ml4APZ<y>cXy+hg!!YZN{*%R4dJL0-Zd
zz@L=#?3IWN44K6X@TCzE{1z!y(Hd78Z{3WC6H;FNYG8TOfaRe*fcPAGCK)#GO60Vh
z4{cebygy@!Z}v0;E4Z39nNCdxlYEeasyg5vS2CV~U=#otQqqVk*`Vh4(dKllaqrh^
zn`3$r?9lj;$a02Ilb2(G-$IkYq;$QFhViTor5WvI<h{GX;i}1RK5oE$={}gplYxGe
z7d5>(i+6(4V5A7&9MRs}8msW6wAupG7(R0DYYyY(UvB-2J>(3BPfWFn!K(9F_Su&h
z(b9R}?&h!}#QLk3@?KbV5pHW?Y2pAh&UYRfa14e&bZG^fo;|NCOnzNdhqwD=C%(z0
z#d;-9!8-YSG<AcVXR13;agWKY)-KdV%j@A))cvGA@Z+n&37f^U*qdr(Q{Hnmmx)^J
zOt*C&mpRkAh|7G|ipvg{`J$B!9Wr0DK2N`ISvS(}yVe@4HQ=*0(J!47{ZvJoS0Xi>
zJ}{xp$b;cGg?U_Z0AIABjbT|mf>XDk5BUDSfEEo>+DRb&=|l`jq%ZzN>yJ_jxpwiV
z87|nbX{_lnUT01AD{!h@V^mqw74$fU4)?xriyzDPw}-=XZDA#cB6`)?!t&+qY|IW-
zc4+5CGxVBsA~hefVO40}Nj2}G$5xV1x@|Z=JQqrN1uKBqSACAeK5m6Z>|fd#u|vDC
zIRDM2EzTD~31q;^Yi$}Ze{N&I+yuZx=+h5#aL4kC44z~$uLgdP)$xJ6*-(#mAvpKb
zX8p3TfK>$YvZJ!^Zj5B#*h$&vL}m9xWk15QJF_C$mqlf7BH=Y}Z&WrHmHlI{8gI0N
z4&J|jWvNKqRwVAAsA~}|_LQR?;TZi8Og)q*icp?lYFZL+Jy#YLx4Mfvi$n#s=tae!
zQQ$>f7%R}^OV`v-iBZKE+P0ZI4Q)w(p8!iVtH4ufM^IYHL)LrwwlIBPRNSanaV|y2
zdnfexN#+=TiGHKpk9P<L8lrXbtC~CF&U*&L<lk~q{)m|Ty!d>?!DkEy!WuIw={+~2
z%ZYvA&v|JD3DJY>sPw=CwU23*?{kRziE62cCAP?GVf3A~U%k)2Pc?Lm_-lezECv)z
z4Bn?h-=e(*Q(L*j?pdmmE{&J&Gn1Q)fw&=-?lF@akDZ7`$!kWxcw=4CYJx3E-Wo=C
zMXL!6Gs;YVr5D$RKgF&2`Jt{bd}P6oRu#cVMNsT=m$b&LmtRih*F-9~lU`hh6@=xl
z4`T(ZEhm3h5dWPm`nwn5I~|Ir=wX!spIT%Qo}gD2>eac%NUu%-;FrB|4ejWSYAE-V
z0KO3aU3v6(iO~SIDZhxO8S%9hMA!DVaw;g!i~nvw^mnV2C@2;w(P;XOf;YzT3D>ll
zly^69bHv(9(S&gZD15Rf4hVlw6c8Qqser#V{=1^+?`q^I;QuNAA_^_>wS~K*YJ1?6
zQ0(cB`z{#$-8IorTq;MS@IpC?(u#i>P4~q&bZc}&pBy?BfLF(V_p9jd{^w8>fDa$i
z(ZpPR^$p1nU2!#j))iIbq$o%{G2gvT#U{~x`yyUiMma<200IwJAL-I<6_#0Ivld6P
zvgr-b9kZ4S%DWGCMH+waU{rT14@Tqr9|xmJ_65qDV1*~4KFuv2imV)pAM!}vh_*LF
zwM7Q{Y-RqBW}<P<Yh*2xOt<4vpIkaGt(TWBaN3$}%}(0^r>%|M6BIr+=C5CtRysA!
zSo)i^UKsH8{pnM5o(6pt3!q~K@Qab39<aE?RI92-o?+&NI*WfN&$*z-=h6j)_i?2Z
zn~TKb;)g|IuS?ubum3>;>^Np%fyP7OT_6P4a=x{wa+iiv3xN5*l2;R;vlrU((~O>H
z+9tx^CrT#+Yy^G*dE7AJ1JS`!;+)Ccre$gQZ9&+@EkKLaW*3P5cJ8@4r@t9~wmGvu
z<@~8wR5V%fTkI@$bRIdum<}Dg0Xn$ItXv${?Qw8_+gZ)TXh0~4mLuejrY?3~)4=)M
zMrKh5A12UvW2LT~-F$GOdO9<aoz{rSyx0nR8$!WQkTFJJZ?R8$Ut&52^a39^xJ|Ru
z>}}hOo~i!kBIx3Cb^e{$Cr9>PRvE|$M#p+6RLZMEx072Rq*kCd5lESaZMoSc=9}GO
z0Sw*Qc;#NG&xqZWYU^u#M(lZ!cAtDX)B^JXYG5^E+^+}B%1?9@d2Q((X}tu3f9JA0
zd1*E@H{IeECz(S}sNYYA@;AVDi!4g8N5`*iud*m+zYFbaXUo()1Amg4HM$(Y&xd*o
z%*uE&Kbj3MrbE9bS(MB$>U(Aa-JmeQi=WT%jtXV!eh<dM3<`e^=!Gr%Vn(wyK(ohS
zHlVAFZ&l5qe$GxfsGFq+cl|;=9YYZVX85WKbobK7^>+00Qg&pzk-g-ZH6**+4tw+Y
zJ6dTfq@eCw$|bWd19`3JfH@g-)}vW_C^v!+$+=@{z>2pju>53kM7q<z*A<v#aRqKO
z1N?jNz=4+%X@+m2FS3A#RG>57@E2$SS;yWxa__14ZnOuSsZ#@{X59KzF<&vFv)&cR
zzkqLV!!z63Ceulm_|J{nf1crW{-VJ1^TKSq$?=kRheNz&BTvT?`{iZl^@JS~JOf75
zxkl$vwwjaua=4|lT;g6Au%RO9x5#q2$7^so@)suHu8-+vip0+`?xDXQIibld%K6;W
z51o3t!~}brGtJ2Pac74`d}IL&jC(-aBz%9qk)haC`~fd{c69L4*+ghL9h`3n9q%!g
z;<-#X)Qe88kx3%+r->^fb40pM<^zk+_2v#<9KVAqkaz%gr)OcC9az_Iw3Q?oTlM}1
zX7%JWZqtKlcHuiCRP5;gasK)Tq232+roykvbnWnaJ^T*FiH$2n09g;93dkk)e!14d
z)!2f^1}*$L4gT=Z#C{_*)9dX2iDNyVh85vlCFckX_Rz~{p8`|YE*ybA?dJS@BlkwI
zY{(z2e<-k=3Mpn4DHifsMo2M7Aq5b`1B^R4-#S#T0b)4cD#AZoOVuGM!yWJ`5kx$I
zAqtt19e%Gjs|ZrQiolId5y<1aqZS6$;LceHi{U~tJ6UE{zS8YQeKnpGKrB#@vKjR|
zMa9Qmfyov-*>$;U4<@4JiGvXdb`>UI7Lb<NB{Z06%Kgnir^Nun`{d%`6G!g+dhaef
zO!-t>Bg`n8UTdqcSbJ-q)9Wl8ztfzPJx?q|ok(u+C%5Q)-YwqpDw|KUU>+4!$fMFQ
z1h(^eoK$Y<mRH>pWJpC73hpx^;|IcqMfo_&-jpGq^Wi;f8UP>Ovpy60(S}(mjz1Ne
zM*F;F7UcmlItg?BxA8uFE}n<Zjy8^G$1L8Vk#h@eUrb`mG0#B^OT7l&&HZx#IywNk
z2t*}mzL~B!rY51w7Z4^4q(p|<O@)xre~SJanS6gcas^=(6iT2%wQ8XjEJX4wGlz8v
ztDy{;{`$UA%d}$|CScy~LO{0A4HjQd3d;|NKh@;NL0ggxOzSSUl9e?TWgFd3HCZ%L
zs16FT5(pL5L~U0wvu@U~<)nrWoUY;f&ZObVr)oGsYnbq)!oiSa=@Ut5zksA=r-QYw
z<qTl`Q_H`Fq<sTV)9~aoX?XOh8jeF!f`%mKg^+=zQlF(y>Ps~LGW9)YK0RWq2b`vV
zzdd>e{c|4uw-EcQ(>45K^BFY!LGyo#`floXdL&)b|1_{V&ji-=Q^9(AB)wohO~W4?
zIfI5@Ir48&UxG$`c-TNyF=lD$n^|6zbOy}Qll05vTAqCRk=U4g8iZ^OodH6g4E<Xp
zG5mB57o17M=bx(Kf0<mTB%K~fQ%(o#lZVd$*830tTS$5{=`;<We<lrgDF45h<yDEl
zOnr@sr$_9YrqlE<PdS7BrJbsOr$_8Lr)#)gK7)pzlmAoH7f3igl8O>f18druz<TV^
zzlEf?5>C_bbBE5L;pL}l_{^Cl9X2pSS>TxwK{VV{jvUhhGB^fOq+<vACiI>zPpkQB
ze~!*q(CLn9@2#CzaQ-|f6M9PZ8!N2B&wgsxKLf~=@txYfM9nYjjLEO-j>{kab4>n{
z_PG4&?wEXIIFi2_^V1^V1EQ3Kwz&LfI%4wuC*tyNXphOy?}*F)Cbs@yeEkc1V)B38
z8<#(-J0^cnPh9?AJ7e-6?~2Qxe<CJ-S`>cQVE(s}e4ra8JwD$Vo4@WvT)w?0CST}@
z%YU^yCjW4ET>jTxG5Ht7=NHE2`@7=vJ7e?X;s0wa{72&9pV=Oh|73ey{?@jb{GPVB
z{EnYu@~=4-m;dq4G5JH{zrQLrf7#D*`9qGy<j;t&|Lo&2`E!oP<*$nUzWP{vd>Ygj
zhRHLxr-TOv<PwjwbHTrSkLty{@Vv-l<E2&Xi~ujdij=d;qQ6+iUKs4*&rol#e1uy3
zTzcAv%tYD!QJ1#gW^P-e{2|SDiMvs~*hV*S)UEM{6w1IYUBpZ0iYu)tZqZ~d5`TdD
zT$$fs^tP7@=rX5UGFd%VGL04c*=qQlTMRts#8?YyaTfpXoMWD(qMUk9KUctE4Ts*R
zz>44E8N?9z4dAk^e4^7JL0hgd{pgN^(@-Q{%}ZVb8VB{h)l4_0UqDnA%kIQ`*o`5#
zc#pv)U5J%seudTmDFv!ib#(Pplyijh|Bi|^xiee&fGM93Oh;8E&+*&%+KvR5u|ds)
z9)>PkP|i!YU;}F9hq21d_U>>);s9(Dy9_OQtx&T!6Fm}2gdJEwyaxG30`kFkZ8hXH
z58zr*uI%e&p*p1tm4q-QDO11yFhke8q*x6xX&8a3^v9otMW&~E<ii^bXd#GJ67sT*
zny*UFMD@~%YCISkj(Qpkx((Tnr`h-ZxigFxYFzZ17r&}9q#F!!yO~|5YQ*mS@fBt+
zM~C`@)dT#JV8X9(Q7WrXOGl#7@2kjDb|A5hwTiWYQnVTK@8tL$wI>GPMaANs{QvOn
zCkU4>vUxBI{g_5w?huaf^3!+V{h1)T0p+En1j|SRpA%%xldB27NrPC}aq&>mIR{*2
z2MqfGn`QNwhty;F_alRoCcFx*IjhSNrK0m`UYP%MtF6YJIR9z4IRAP0zfrz?OEdFh
z31D?2B?Rty-W~961af@3NNf^=w!LI%^`rbQX_(L<s^@m*FUec8g%MASyw8NForQjj
z@v5=!S7`oz&805!bI%%hztNF-EO2w85%LyW`C!dPL_9B<u^ty!<utT8?8bD@Yp7v|
zGTxA@IILa`_wQYOhj@PVV6;mEEQ(3*Vlps)j~MOuQ%c&PzK(jS@u%&^7+A+?up*%7
zybPdJX5&?!8iubdGyv5QG<dUyAkSRD1)v5|6uPjy`VK;C!)Ao@*vsCFxvKm`LCz97
z1_+-TRQv(r+<1>LEU)Tfeh79%x~5p^{*b~&wVex<%73iT+T6-EkX<m3vLcOJ3IAe4
zwF^pb?oaJ=Pt|aL*p|7AtEvHl>I;IdP6j~(K(H|pntv(Ap4UFJdInTSXPXxJ@6U#{
znfIWrnYFi1e)>=J)-$7Y*-(?WnGY;Fi_oCq06?5~w(86DAYNbyCIGIXE1p`Mc<6Gz
zqBI-GeV_2TL7vQN^S-ItbM2GO@P-_wu{abmF6yCHHjdSIK|{(WeO<0ziO(<V&(g5>
zMvXL3R7!s%=iC;5-<cP}7Eb~EJ=f#lrD6As8c8m?q5UCr|A-g1S=b9tD$G)E3!W}S
zRdP%}pGz{PjWpE3uQGh3p)QKQv72jnoC@pMWw@SYlIL_>t15HxD#vsqv1G^Ryg00I
z)<p(9P7;&sm?Fh&RC_Q@4u_di*O#@k0}`;?xEK?{QQ!+xL59AT7k9f=Q>vL(vle^+
z7KMj<cL36jb+%@{J&3+8y`wQ<R2}Ph`&C>_W%YmtBJ(^v=Qa$k5R|WbAvU@U&Li=?
zigOInCQ5(Y(Ghij81py8<S&oOugHwayk$q6eN%f7y(oGX@=~%?z5`wf+XnK|%w73n
zhcw_*S**3y<W4p%&KGKvq?F(JcY3Z8KawV!?P7=hQ`sTbj+zYoFXa&_WdP)zD|Xb%
zNuvrZuo9MuCnQtCr?SvwL^_U)<HUtxn0v>xOlUH5@0=8mr4M)#{yXq27;P{yfbvfd
zkNLlaA7fpg<J14Y)qcX6jZfnLPk4luEL)8b?$15RMy8MUjsG?JNH`<<==WcPr}T{A
zN&c_FlYd6=4ES%+uj$O_H|f8IpY$`pPanV(>cHfj2AK0t1x#t|IvNF!@r=gH^k2h|
z<z#pWj$M7sbAUqZSbV7t$0&m1(-!eW3<xP=!>9+K{ggKnO#{&1omSs}pfd7jLAEo!
zxcP9}4(QT|Jo6m%K$VNGr=;i59v@G^vA=<v#~4d<4W5a3+K$rKB~a3pvmJeI?T>6)
zeP6zTu5xxc6JNnmm?Ak2<)3tl>|koW7<-~P`2n_SAQ-u%!D8p9hjVW*Exr~AUP^t^
z-{=`HO^q72snE~V-$|)wLk^6acmhXmB97cck|{ZQ++yO}z<$Cs`sri<q*hMYf-(<z
z5XwXE%1h6Q&o$AlG0wRQ_wt?GV>NXce8G(28^t=i@P2|lr_M9HwZy@_F@j!u57~w9
zx7vlS0U%Z(VoP8vIywt#M1iWcL`b1x7HDX~Xaim`8uLPP_;@ruqw>>xaZEek_e3{w
z#3Akxno@)g6STo9Lcs~66cyPT`LZCEsw!oYn_5liBXwTcXWC%<r8zS>#?GZclo#^E
z;re}rbw<3P;L>hFEHi2sBP!-yvk^9be3sKz6FQsdiLL?HX4!>~EY64ii0x8;|4#3r
zDS?!HzV<tlJK!*z?ZJGC&;-9@nH0Ft>=Ngotyo%-I4?bV{tWx^Y`i!J!t1UQVZvzg
zrQk8Py16%!cAt$~<89urguK0HYnQ*iG9YwY4eavQ2lVthwn6da*)9RlrTR6-D66Or
zxf+I}$_$$#<{poHB$jSt9$YTsr9m%3J@yJFmM1-B7|Go9@uFE7MZULclx1P^$14r9
zBUIw>ICy#Pjl7FBc<I)K%@DcyFzkiM&4*Xm#fYI%*)K<BkB_kzp{;}X6EEg94jXB(
z?WBMy7o&In?CBesD~-5#j~Hz>SeMQA(zy}`gOeQWhuV5+w#nb<?H8P6LYixvWHx%U
z`QRjTO@i65Kv?52c!!hes(dvK45Su_lN?wJVwFf|uF`c^0{JbPWbxOm-bpWI+%;ga
z(B^XHZ|E6z6&BfL+<e!<@D*1d$D4lPWohcRSNKZ@yyy-J_#P*ZR0u7I+qg$i0g>-(
z<NW04L)e;z(0kJP;;m-97YM6Cs#*tp5)|+yeh=iZ`UWVTt`|?~t9XiDJYn_4P&|W*
zpAW??YVjdz@t|N)%SQR_#;~1<1lPME23QVX{O;d0$Sf2NEa>~21{E){a&qAoAikiF
zeT0KE!xAVm^1^mw&U<U#&@`9LsnmCGOGsLv;g6>B$@qJT;m@z*Z<YmPredzYarF#n
z_#12swWhh!;~NOVPIS&v+^GV&Aqq$;EB|RT0r`y%<Sa{|5QAzPbGEH{eJ<=^5lBAO
zV2J1o5I%Mb<T_rOWPa7?8S}r8k>DN1OS8~LoF_$^oXzL#;C$#TUvmkQ#{6lcAD&C4
z;XtPv(M~eKI-?OSk*P+roUZ{%gWJ?5&%aakGKPV#vyq{TPV~T)M%72fFTr=Vn#lM`
z1ru`maefT&EEVMEOfqr)-=an2rgiJ_T51!QTj1dQv&o=pf>mxN^F`pO^?29R^9F|h
zcIPyCZk484{5w|<VDn*k4^v2^a{9c%WGCrMCA_XOizcf)JPCD9^UadUN=HI4pG1!}
zg<9B3?)WBHC3u0;PZ>dN2j%@HU=AO#TT?Oj`?V>*i%oe{@8bRSe2Y<6nZ)Q1kTq1J
znQMt#N|*okPt}-uyT|Jm54pv3xx>Wphn3mdcr~1RgA<JlTS|Cw3}mLu=*kc8V9LHm
z?~}YVJ)IA3Cs(Fu35f>yB@Ssmum$lf`C_b4Gsd6%P8VKao{!EIS$I%oX2jn6|J<Lw
zZ|eP7ruHWzsy}Q2JVlqT>xp#fvD0^HW@1#AmTro4X%6es^{PKHoDBpV8QaNu8gzA@
z%Xl#ZRY1R^yW)jr=*cefzgx&)D@;S43X+4E#)~u3qy6IbeSUIn>6$cyrynoeXEAzh
zI_NXfwVI_BdIv1>V+l;Tw)Jflc0z2qdYda)k6+B1QR0$DSW8^m-F*LE&y_A#afws%
z8bXP@7~-Y7(y4BjIMyoXs`VDXjXiBHaf)7p_e(uOc;vohe=Z__m~avQqeYWH=utv_
zwsigq6LT_{Ob+MDtL7NgHC(RU!j|uYuwu``Qeqt+REZ*Ab<xBk+lHe3QT%?eCP`SR
zodOG!BogRpyd~Bj#jL7-JiLK5sE5rG_scK6h@K)nS4Rb!lZ`^h#oW3&EU_igl7{CJ
z2A=#C;Ju5@Lk-NI`JrR{-{hZrHAO1t`#r6;3)4|E$f=%I3o|$$da{Pa{;L}_pSPZ0
zV~A!l)#ZiDjhyct`qBd*z+yd5B}W(xaWPQViY&}ph*^t(zNTY#7Gz~ZRzAGodBJHg
z%AsDmLd!ZP&(-~Qu~#U%t8x@N0?sMS;`|H4?552^c+BSfH>!_|;4z=`PY!GMaB>Q#
zbN*cQF$*4f&X3`jLTiD7<-&jBnVdnHfVT#s<}+Tb?)2P-vqdMBZ&P$qxjBL4y}>G}
z6w%|K1|ws?#OSdJd2gm@!)v3w7Y4K89Ys%%4Q5-CW089XyX6X)l%ehF`l`iB)8d(<
zn8f+EAi?GLF!%Wsq=Vmbd+9&;TRUI<m22D+SxEG`7ETDzh~!(`l69B8t={Ne;}T3(
zqk3O$rqxnZ?6p)dfuS>z=O%7*<urJU?A$wkyx+S3mb!b$fCK}~y8`!&uxW9}-f?zd
z?rlZt+PuInTsOdb7K?u?rR-TC<P6|^ACgaqL-O0b6nEKNE)T>wdo^(<l2P`^(ELZC
zC-nKT0OTNVrHh1LDfO!bxe4BXNDr8DyxrV8MV;I`1qt5g7Ua}=|HwkBZ@0K|zU9{4
zN*91`;pu9{BZ&yQpU6L_j`QD*$9_PH=`Ly3bn4tRy2`c^1ElX`qWJa!6m}frqPwK4
z<*Dz#LGI1yN~X|j<kpT*@A;qr!TCxP*~mSDpW$1VwA9Q8?oLAcdD)_VeXN(hPT<yl
zi#?TYnM3eRNMs!9diWT=vrxP6sl4Ys_T5(YT_U&kW%k`X`mRUiZ0E4=()911SHBb3
zccvu|z&8u&n{DbhKlG<>()DldR==6XzDZhgtxH<9h}8Ov&<IOfnj!OQnK7(P@{)6*
z%rcz+Lm)p(&QS9Q_A=tiqRYfUSObu-?A)d&P=={FY~nUG@;SRW|9*{tCs7kKtr^la
z_MA%e0mu2bL#DLc1kdDGjZDUQ5Td!Y7z{*OZibx4Dd!m~nF7yG)3d}%0-jrpSkeMH
z&r;6)R5BHwpQq>BSxLa`b}E?$IWJPqBq})qo?oTst651CxAqw-nGQLxQO@~P(hAQT
z>3I+<nZ&KVpGsyx&Rdj&A-kmIW8t}ip1<#=lF8iKNmMcma^9t!om6r>JlD|kW>&Hv
zxAuH0nGHGhl=B>woB+=|==o7r(#)+rhQjLde8~BLa=cX10nfYWc|I%IpIeJJp``-e
zp5y<Fa;8v8H<a8%H<6k+pBsHjj3a*$_nTdTHRdfWkOl@=@4w>>J;1u3!>a`E*b^4m
zb0#Hle)Oax*#WJS(xCqsh;1fb<z$Yu{rlmCy|j`TA2#Fv1WPnwq${%K5_+<^b#L~l
zSn|D!mj?c>#p((*5#I`ZS%HFhsF5UVv}0&e{?rwb-)8HVA<2(nHqUNz@~VGa&UcKi
zH5Qs}&3s^d2gVBx%(4I{837zDf#)2DF}^Rx4L#t7)s8M`1?jqQahlWCHZ3r=o6d(p
zM0Noqm!;%xv~ws5c#@4?#hr-D9<oGq3^Y05$nMVvR&F=AjqUR9!$yNUFs~nSoD7$6
zpaTSVSHNxMxph+!CgH>+Zmk1TIqz`~p&V1>KY%Dt=X{sq6eyg4W(4V5P`0STKPVTG
zngbntONIIPn=ch+<8QW9=)hkGMvr%q9}8)UMSix|XmC+v0dYIzq{r7tPG+Pj>GEPI
zh?g%`SPZD7Lw6V65(TfZsCv4kiM(*Io6l+I0~1GZ>*mshw~q6;wbx@R*8q?}Z@*#9
z;MPr~3pZ4y5ibNuc%f;cnIc+?6D>d~;zZzMp3lkWA)hnDvg9@#8|G78O4)^D0-|tW
z5;WEXjRo<d6}K*#8tdh_wYWLwb3NGDk3^v!{P01j!NzU~fym*ARKN5Es6LB2P5mXq
zLF^oi+LSDLb&nBUd1kpN@P)q(RWmCxY>m<SqLkgdn6isi_>;E<FqCfaOhyOZ>3F5K
z4c+eMlP4yrFiq_Uzz3_DEPspjGau~fL<U8iqqj(0*=)d#H=lD?`qBniDzky8<KsJ^
zuXY2;Bepi>RozZ5^1cnE{+`Hts3k`4X=_%-_Mj%IO_?3#kM5*+6(DlRyN^etLkvge
zmKLVj+qQ!oQc2s6Y}Y5vZV<NJ;!#&l4=3DfVp7NCfJufe18f)4++wy%=x4O!2Y`&D
za^lb7aOq1T3|w!6pG{S1(gau}W;^(xA6<Xqzli!E=<iV9iB2q<FYM=_V3Yb1lCqv}
zg8XdQQ!#<cY34Th+3vZu|1MkOdU{wOK4G9$2iO6u0B&xgY};GpZ}t`_Pa7io0~Z<u
z(26cjOm&GjjEGi0M5`!3{BQ{k7I#j_GZ!i~gT%E5WTFYy1kYAmO*OjBSYU@b<o90e
zVvC-UnoqUD?uW@Y7+RKH9iDEnLn2L_4wHd37kW&MR}grK1ew4FM3F<h2Lzt4xpmu-
zJJ5Rm?N+2?6l*9R8i10;OdW!bZ`dY8=)m=O7YQys)Wt~|ut*yvvlzgoSK>`#fYw}+
zQ}B|W(3v0x9;dt%F+i*A+HI6)LAg;3JWF}0Vu03Fl2areHp!h()r*ujLJZJKy7qUJ
z2m8m)Br)(B<ypl5uANIBka&b7Sq!{I@5hP(<myXqlK3om-%kv@OYg^v0bCcC6i9qF
zya%}J>HP#TfUDq=OC&xY-uD*+AJBV;7{E1e$xw+0vUH09T<1hTu5K!6)b2M4O<ez7
zj5hcRO_t`zp;IwG%G0`HC|YhU&)N&<!^`+EpZCavJJtF81?NjJ62o?jCExI#!Av~u
z0;wQ@cvYQQxgGt{;a2h-r|rOG>D?dF$lAT$D8KV^R~UxXdsx2ZN8GNAxAM7Juu;N0
z(}58`@lq~cxAb1jOIP!O8^RdoKpf8bz9)VJg{A3f?!etw0gFA$EiO!xpZbyXpJ}lN
zAL@A$d15Cfixx0r_#Bg!^Sz;0RcJw{=~UB%R;?K4zZ`>cUiV{kl*bg}M#`7HvHIdV
zvrc--y%Bp@5YyM<uG1yfs}3`X2~@Gm&xhn=Fx@FM>Pdhz{|b-2)TPGO=#MsdzBX8%
z+GycI`SvAv^woIILv@Wb1G>ON7Y0HXwqX~PY^Hv&$VFI-?l@WZr%dje&c~e~FC~e`
z(Z5!W$D^^ttvYp}4bqktsB7E?w&hA&d<Bk@J7E0^B?1~I;P)IKxLzG5&y_eleBkEu
zjOa9h7w4n_@5)j+il$Lg4z&C~>fSs)s`7dmpUF(ZBm{2MpixnR4K^ualU7<rKr%3a
zJ9vXp*1A;MAZoRm!VKU7B;Fa4+v~+t8>Ouawe>62qPPG72}}Ycfw}|)WN`^7a4*9W
z7PFIi&pFS%Gk3D6eZRloAFrQ}WbU&+=Q+>Wp7WfC*=r)_el+Qq|EW(pw2@cFHl80E
zvDmw%sKtK988YZso3i(svRAY0S54UortAr4DO)sUzhKIqayI7uPJF`P8;dEPQEx9(
znab1s`RK)Y2VXcN1<k&{<mCj9)F~)8G^m*mx8fUz7+hTa_d~5=Sir#UC71AWf4&fq
zf6Q6l`Q+JFZw6YafbEW+nkr3A@eb3E_7G2^{*j>OJAC`h__)nM!lhmg#{=U?$Lpnw
z8~M6Cl?Z!Y6QY3RyRhU&Uhy?<DZgX6MNRR+Sn`_CkbfyJPjBQ4>v{3Xovl`Jzh%c(
zbk}Sv&k646_Wn~u{wz6}h9>f6;Pc7ca*Rc!OblZ@;Q|y*6?dH@pS>`Yq9OS+_9t3W
zQ0PR`S3C}HzLF5NDT9_~aA!wYH>vnD$}D8C;QafrNS&Von<>hR^c%Sv35WFLAU3cP
zzc%5Pslou~YC{Lcd-G>dEKGbo$i-ee#@A5d^&e>{AklpaJce=BaZlmPlzdiQWe^<=
zfsRt-%A6h0P%3e%I)5sT3#*XQAW)z}_b-|LoJNlr;mbjpd{#BpH!8{`6g^F~>7I0*
z-;Nol>oF*#-(IFqNQcvCK?*{*P*Crt%cxLK&bq7ujlBA(UETT%i-kE0pXHVJ379Yd
zPxUu;Hy$ecZ=e+E=^M&)DmJ-}y@)n=(_bw38`E*us#)lSIQs646z|Ol69wbqF&L;*
zu4d6Ae*pxJi9YO&A$n&95ApKC#=Ve|ZHOH`>2p>qs4A7)(2MZpF2i<3hlt*(eJ?Si
zgSdp7aA~V>9bJ{iBBtAo)udISKyD+LCErzLr%_@C#k6(l?_%rk&0u6LAY(f*Y^n^Z
zOUE#@EBfvb<WdC491wekA^7u0&vtl!NftA4>|1R^Ef(*9CKvZkHW$Ey;!qO%y_ptT
z#Hxb+N1E+$iMe)b;M5Ykc&pbgU@W$;)UN?y0;i-}d8&6wf_S7un(7sggj#IaJ^V)R
z@8__-_&dAR2U6O2;yB{ipHbian!-uGM?-e__rbgFk(yk0Zxsu@dUal^^=0eT<?(if
z4+nNglkMhKPPRr`aZ@X|VEE!kA88GHlu-tm42n@Q`C|%pakG&%-5<?*GB)exXjbTr
z@`71gK16gy<2=F<zK<H;I27VQA1uH493|oTZ@dOG#K$=<qG6b>F3A{H0aVxj<OJ12
zd)vdI0}*>#@z~!q55@O-czICfISg1k9ynwCHRmWapBz6J)8s(|=+A%~n}@RCpU#Gb
zd4g<3=kZ!Tt4na!&bx}2Jr2QIhhZ%;1k~sBocYIivDV60AF~5>%yC$}3D`tvJMXNS
z|F_!s!{0*xp;9BB#MoW<?G*$$J_x^Zg86{iW1{|=@+dSgT_;G@IlIaK^|3S<bdi<k
z@@h%x601{qXS?rMzMSiTy1tKS9>Uq778VC1{;@#_pMLP`wr}xQLQH(;X}mo4myiww
zTE1oq75!3u{_n=24d=HbeN$dcv$WvjH$Xd^x1t{k7uW#Rfx*Xdfjaif&IQokD(%V%
zR%^EA8vA+vP2b$+nmC_FJYw~Yfu7bj4P{|g1m%7Zf$OeQ<yUoe03$~83I@pmsyEem
zq`|NY*Y>l7w!nPQbXpfTSDMrXO?p>{j_dh#xXtl35j*tfEf0MblP;dHW0v-t$bBzf
zdBR$2v&`KXcF-LBW7xSLP*7-JJON$Y*2S<`I-_3yVh6f_KVVR+Ztr6l!KTv4TK*(j
zRhE-|6vOn)YGMLr{Dw0_$pHJ*WhmmwBX)s=0qSR74)*Jjr$gWL++a2D+{KAOXneAA
zlaqJWa;3Edn_mIk51>znM|pUFBXlL{)k^XZH2d<-YOeGZMyjp6oNqz2oX^X7t-Smv
z-cE*Pfg9gM9L5H6R~_E|2-m^}=jD=IyM;wI1~q5_NN|5jCoT8ybW+EnQ@w+n&y%$W
zSe;sj&Pvh|3_nq)#;tuPjH8Dces&sX_$iE%d#Vsk#nw+e&bs;i^X1<=w5xP~4LhjG
z*~W`ZX)%$FFj{cYb-eOGI@>*GQq(8^*1_&GZ1awXO^#h=;?){)YaCzwwVg5CF=^_P
z@4pj9yMjZ%kb!Co8dl;bz?ih<%>2Hb$iwC|g@VfFG{#xB;E}i5GT(IG89Bd0e2qV?
z<14Q`%JB8jD>}aJBo+huS}=u<3v~~H5POdpHk0*Iq#<Juo@IM#{L9fjwcOIjo?0E*
zQ?kCNe7}#`Pu`?hOizm45H{E+(C3s>-M3i=8@Bge(-zbCusQD3%_#53?w69teu>=|
zg^_f8c?z}??jvmi+bubV)aDf(VeJIP8^_&&FF0Wgs+?0(1$iMT`4gK2={#PLAUjX-
z6KNLTWfc1oeKZo)^(!#a+r%aeO2s?3&pYTT=_;DM#^O!%C`+2u6_B0hKjphDa*Ans
z?_&5cDP<_g5guhz211sV(B`b@2(xpuQrry)ihJgO&N_@F1v!ZyJ>Zg)Lva`=Y00T^
z2-o&7KA*RhA3eTl{!e*%<d7y@$~r+#5S+nz9FLE|WZ|dB*}C8?K4rvLAGh<PlW&<{
znZrC2&1YADj&D=v@-=&b7KAQ^`3rKPgU{Lyin8}6LHZi?HRtyE8X)ddp`j$H@z#(a
zJ(NalNCIut9MV45vZV=~*cLpe<5mr#qW5}UnU}KRNs=Z&rjNUY#GUba;5FEvEr3a(
zzilYMjj((3JovLEnUE^JKlEx<=kAV+$loImWDK>C^%&)y7QW>xerO#(IzB0wZt)F~
z2i*yO)$MQ4OMO@9I;1$@IjCg4Yb$$FWvi|v-!(_Jbn^#v&CCfJ6qI`vWCE1uN;)Rp
z_lQr5FFXb-l3LRCi1)sSeaR*54?c3Ahx7j>4okRv-Um3pVzn?DddjuMMv}^nP$yx@
zP<m}IX9xGH6rTer(ltNDe+P`fe+LbRf8~*vz`rd>S%F;Ru>zE~Hb^z%kp!_l0rodq
z%*K9obf^Wi6|@s=9zab>P28(^lym~S+q!fEiFjWJ@v3zEX()~PtKxL}0K}*a<jgW+
zMedBJSF*q5xpDN@f!{gJ7(^KbR~K3IiAcFNp0=>pKtOqa7{qjCmR(S0J3_f^T`F-f
zQXBWG7>;vE_8jjuvU{Y(WwZZWJRIju5QF2y#vnd#2AMZ`uS7RNkV@?Mhz$3S_Ibe^
z&=o>k=a$R<3|tJGJHzh1x@15OOaR?3#o$t?4>KAJ3Aj#fX++{t4EjGZf&Pr$`VH#G
z+i<x|G`zf|t<aV4<^uQQ+w1N3J>q?k3*3e7aipod>XNog@#RppTD7~XPdQvttu&wv
zzFp!`&Ltk>ijT%g*UbM0SIGzedi#k3R>EILCCW-J0uA@-Sp49YaeBMOxXO27oojxD
z{|=Z*^{2zXIyuf|3!Q?^-44mQ@}ME`r@1EGn^ZDj4E#jv&9Fu&GZz10QcuY-yu*hj
zu7VOsCY$3geobNVzs6_g2iUM86x8-a>^kzub5O!G+d*%^H%t>}E7iEFPur_cB;#zQ
z7V#4YPPya=hN5<f7dh#g$G*n#FT{W2AH;vh{saEy{4cQ*2`=({-~y=_I?B4wrOY@c
zwoh0%Dx9&m7<RGLQu2udw6c;<(4ZoXor`^oUE{ouaiy!MiLNo;rK}OHp%dnCn80#K
z{CKo9auk#fHHaT4OCv|%&+R~;T552HoWBXz^9X8ua(oJ8`lb|rm?Fi;!%uAw<W;Mw
zI38-*&8<^i;&x8M=U~M~j-}!;W9i-4=df3f47G%T_2~nd1c}8TW=rwwAzfRBx}q}i
z13c<1MYo;M$7X*7Btm0noFbDHv){UA3i34%LrPAwAdelM4(KTldh&yG*sHD?Zh624
z%-ZdiM;5>j5VJjy<(duxSSApB*EB&M)&f7K^YVyK4kM+LuUUV1XykoCQMK`6>$M9n
z4`*y&`OHg}NF2U<>0Trd{S+J%5WhWQJ10nE-xxyM<ZEbCkVb3^;h$j@Cy{fEc;qnt
zxn|~JOuVM@B$gbsYhyb68E`3%PKtkXBa+oXb6xyJ$fnh<2nKd=6*Y+s+`6C?|0)!S
z?zpI5{JjqC(I`I`K=#z`jefi3nGP4xs*PmabL;+4Zs5n-FT<wzXOG6j`~3Mrhq%+B
z4KgHO`nKy&@Zk4t@Exap8+}Lieus9v%QOyX@3ZJPmA7i!qve-6wDr;as4UIpfN+;C
z1^L7pUK~61+M&q120eTNaBrYG{b>+2Rsek(1L<2%{^=!)`fOEOcq2Z<7jYRcz8PT$
zm8ZZWz=pc}1a2h(IPhjHmzT3656K{V3kKBLlsBTUlw41Idh8%vK3OiHr=LaMhK?T#
zM`4h3+oW`g$tJEu=MU+<HSouKC$FS_OJJ-%mcVE2%h??otlvv&1FG>hzKJ2$i~?Rh
zig%v#4woHbTb%D}ijHWcOSfWRKoHb5JCvC#$?rnTzP-HkK`tIP4Ij<p>j+a*Jl0l^
zwT+iX3la@XkZ71>Wu2O$yE@2myfQzRw#u^zUA$NLsOy99Mfi79xGVgqr^?bEUP@M>
zs+DKiFW1H#{C5KYttd1^KX;LKpnXcJ=cUwI(<RJtusMb<I05P@W{Yjyg1t(zWmlWn
z*2yiqKOT>08nU`o^8F{qzlig%BxPyBY#Qej@)qslZ5S*u#Z_5E!pnr&jn}?yshkZT
z8**uM*)-C0TDw8tu7f@O0ZP0Z3n*n|2vT@?{w%tX`87It%GZ08H?fs`=^yyVBXtP2
zUpoZp9`w?h1%)4=!mrZHB{$|Pe`TfKV1L>L+YCoOh|Pj@*8@<vhzif4maolM{={1T
zi>YP!QsGOGrWQf@MO6NJDu214NR5<5)p)6mw@q<)Bo8!x>mpv3TM0BfIDd!~u|!^Z
zmzDn`D-RfeVIDDl?0ZyJehyE5=uB%3q3+LkrHqwb!~OuuV#HWHah9p9EUt)SlJJjs
z+adrq=uYKq_+{)*rAjrQqjK_d*{la|Cf>PS6(@=NZD<sN0znwUDm(o|Ubf1?1wwQ(
zDi&E;7uPk%r>MYqc{$f1iF+VZssSYjh6-v67kG`{;`x9sDR}$ybz-H3{fDM6{<SzV
zlF{=!Q!|U@RQP4D6F;;ub6;JqgKc5JFL8~9btv%iR9L3pIe6Ox4%Fe#9YyPI9cYs3
zq%vKH%SPx@XaW-J9~z~e+};_M2hBY`)Pm-Bn5-QoYKq{m7T`GQ;_o@m=rR!U%i-r1
z+p{lOK0tz^avR#nHMr$*9B_OZ=3e$J-an7efZytw$~NqG%MeWC+*^xBS-3w3iK=e`
zsY?As&mV5euVDEPgRrW;t>=%X{Ji}@;znZ&QvB_hUCy$hx66+qrNc8!Y=Yv8sz1Bb
z2E2RD`|0@J#pn-$<;cqjzOy#Bh1m?3yark{zBg9Vfi!jA;hg3z`OukKu{cbwO?iX~
z@tcpbBcT*%-UrJS|1Xjop_dyjgu`1N!YXmbXtsJit||(xixIYSc2E>h>@9a2lo;Cu
zISYS`u`77zr`~HlVkc<7NJQO|#(&z#CvHba%mit~UyhPKJ)Zgwdz01lZ*WE9AEfm7
zJHKIL8qdoEuBS3PyuT<Jb^B589M1nB9XbX_0YSb}KToQ~?~+CJtiUuXfIbX6fgVQ;
z6I*$4v<1nt&&Esrc^jW8IIHI+!4^W2>yhf4bL~Lbe~b^TJ9ltTU5mH(B{RS9NINt~
zdxXD<V-LTZZn0h&Y-tc16Z!ZR<%Ayhp{)8VWP|vkt@p9wwi~$sMjQYj&?|r9DF*^W
zxzh>&0T|i1z`OX`SEFv17Ni4=0QX;zAxMYW?<5eQa6m2ldBt8kSxU{+T<xs9p2lO^
zh<20zL(AvmmE@yj@*v=AOJdJ6^(`%lB>3{idp@x9DIpPkq@>!2{ZgK2m*Pt=A8I-|
zW_s&Ah$CNq&=%JIO%bz$+Cv@mmzNr}5s{y~v{O6TZu$a7q`lQGAz#|1{jO(PzI0H#
z9+F+eHY$-ZY((C{SjUERVjwuvyqrT?Lt8j3)s`H)yak`HyB`LyrTAI06aDK$5PF|O
zlBE@3GTD$W{E6~TePq~>-un$ZKbTQzdHxCG*=qI*hj<b>u(#iqmEzl$a03XK$3Os-
zN2n+b1`heMwC63xd6yua*qlqm<+v-n2g6m@`j+4mfp}0pkEdtQuHfZo$c}*Lry$qi
zNyaEfECqBaCSTDPR+6hD2EAYZ!WxoM@U%%D^!SmXl%CFKoj@}=y4`ro)UQvo7l%e^
zkA+R~$3eNSY<T?%OUwksZMkl#DQbNw?`{u`nLH1hv*Iw@oOi$g-f0{PgK?v`>2b(9
zfmx=<=IAkH8n`^DwsENLFO}7R&j>NdxHB>dHe6sYt}DX38+?~Fq7pE&l&T*^7!T7>
z{=xS;4fvkX;ak@Wd=0?%0m=x#4VYekScj>Qb&dcEm6(}nH@y=D@D)$>0pD;B__~2t
zi`)2K{exXI8Gh-Hyj(E+`Z9^slJks^kp@jQ>Ps~i!3{hhg;DN@ztS})Ji8-1WhIG~
z&JOOWMsieJK~k>xDSR{+4}#yhzG>Y0a-6qE+Aj<T9-O?F$+$;A#@)$_Cq{*mqvy*f
z&?TiF<V_+IyLej}f=_f>eP0Vebcg>Tg&+Ng%=!E9g#iy5%h3%0MRotLXov+xyjZz{
z!qLfh0`v<Wphp+va=LDY72NR6`6r<NkG$$+97Zxf#rc!SDRB*+aORxKX*To;Ir%M=
zqnJ~FCEmr9cJj)Y7tk%u%|24^@F=ODy1Dg}6XxaxcKG`7;^PjBcN*xi<Lxd~V2fK5
zym^9r2Z(eHg3Tg0x6b<o7WF0y^5m3!sFMh3-emf+*2C}lm!rE}f-ri9V?lrS=$m<N
z(m7pUw2Rf&=1HAauZYG^m-7@?I)nT%?#9<x4taso*zhAw|M)oxj%SdVUQUr_cpLd+
z(PM5P0oqdVcbW-}jJ4mE+2f^akiXLC0;Ua3;)g;z0Kl_JY}`c<y2BygVP_y2^Jz}A
z$JsION;)>t;pq{#ra>Yn=7;IM*{ODES5UKynzgviy6~`ggez`O@E(}!5}!!0c;s6h
z-s$+{xh(~l`@EWbc|r=FQ6(a)PsT67S_8l5uOeviqo+6)yp%V3w1=B?KJ;gg@$@AA
zpnIJ(eeF^TxB`nxPkb7!&wtab@8&dXZ_;rw;0s;hY%WHr5!mKm=`z@$sc)iwa4906
zRvLYOfm>fnJAC*r0SMa}nl~mO`4QDoq4;wA11e9w_j)w8+K4oWH(PzjdFd=ad@|tn
z<jna8*(>S@@0{2hmmq=t<cpywfhDl}*i+TVuZ^=vTh&hi$j+_o@y8@-(55#)%LmG;
zKEbl*z@MDm&aGTUP3W-M{{%E8c}#}(&xSY)!>_T~pW}hz<wnjQAtxq2PK^DP$VXju
z7rF4A1cZtozYWEynJMx@haeAl`g5eD@ryqns{2WeQ~$CL!(~lKBVV2F@e-!;%1j{a
z9eH?Qa55V`wCX0Y_t-(x7wB*Xmvs~HR`@%Z<ab!zz$b-?yu6$)5+D=68YZTYPQv97
zg?dICc(&fNslPll+2a&qx-_>&hr`NpR3y|-pN_Nzvxv}RZS>hVOL@$FU*03NZpdD+
z+=8wRDd^h39A>fQY#LX;D!lFJyP6lDgcJ~nfqLt9nKf4Sw;01>dXFJKW&;;URzF?Z
z5tiWxD{Jm=)`mvka-wwE=)OA&fkqw`>3Y<(BT<Mbo2ch3o;=EZL-AaVgbf?|NXXMN
zc+&dBZL{?86pzWU_~_6Gl8F98MRg(!CUk<~&&fp_(y@PZfT2N9|2UAy{0k!UFR<tw
zIaiHiLs@`BDX{n+!3KD&TM!-lh9a67O<>ke)MAX8U>gPM<`1ZiJN4<@LARVhUtkkT
zVYi%Y1r9II*Tv=f-?oIt8RzH-U*9D(u|;Nh!u$%<xl3SvU(-A5Fn@0nn{~kw<~ziz
zmw#lX3G=LWdAIc_`oZgQapV6d>#=UJX+2E+_uloW7)Yv*u`!I)$1sA%5DP?}fY?t5
zqTV-yBf{r28$~vZf(_N=zlMHX`^hEXNm%rkuEf50Wm5*a!?N>#G^z!;&A(J;G!(Zd
zF1(xDJk!c6w^_y0*~;S$xy9kch3S#~rrflS2Y#q{=QVJfFVXWCXw{7lI<in6vnDnb
zx8LYXafz)q-@ov2Npcg~ir?NQ3TdV%y0faQ58Lkgw9y=&3*ErC>_=VW$nV$_ql<pI
zkqLmuKvN%4cq)u{p0=xEA-;opYRQ$A<7nA0jzjU3o3g#uZntQeKp!b4m-cu}IDm53
zw90Hh+Di5SeCgdksl%Hj$G@LQRK9>)KlTgwSr`9FqOKw1^J>yHH+)70;SryadHCba
zpuQgl4Mgpv0MlrZ00sHB_t@QbtvRnvKVPVeUzW(s521~S9|g0>HRisT+jKpwE|`t9
zyb!PI0yg<uaap7EP3EL?Il)g)jGk$qe<OwVcp<Rcn<3xka7j&iXph_U&>mMnPSTGS
zVoZ;BWqUuoqet}#5Y)sxM<ni&(bVZao7xj?DmosQw2O?eIlHxznQh_n15ajjaqHa~
zU2{v0kK^VJ3pORz%>~r&I`D8t7wk-48p2EJ9RBC_Vf5^1b?_2=4M~vhPZ6X?(*$W@
zx*#phL{jB|QmJ~W8Yne08=VizyVo71IV@3s_ncs$nNI%)0b}7Qx<l5BZD{*ohMEbv
zIl;SP-@lX^OfHVINb092$8u4P;QSBSNQQ{x#V$LK&wp(rHGo?-hb&}+Gw^|8+;F*3
zf{NskesFJ}=cWA~=?lJEwR>8=z;;uZMug|oS<D$2j~Qq4)-GPU8&nUVQ9S;W#<P1I
z_#!v#`7|H_*jrW;-*O&NY?lhnZ$&>;>sET85(AnJ>Ze=8zQiG=vBY_3lEo$jY)r7-
zlrcpald0>gM_2?JEcsZnb~c{L75UaPkcCc&tmQ?g^POFs=)<7<_*j#()}u^J;hwAU
zIP19Qf{q#xK*>5jCWGUa)zVLl&CmJYh^I>)yU)A0N9_q{qrqRv{ovoF$qD$cy&pMY
zj0XK{-T~&WBDI1@e~Vyk<(<%=e-7C@g^WyY-OspnAi%X*bIWedEz9Qo9&&=8XXVx{
zvO;=XZrS6IS7hb<KV>;_kOPa?W`i8aEsEp(gIJCYa%_-ehaAW)vT^<n3+31$#|}C1
zkOR3zcFup8<-|iyJme%m4&)ZabN)J(gU_|W^xFDC4&)XkaQ@XSryu0N6x$q-1Gz>0
zIRA4j#{oIOP1+J62Xc!X-o=ob2&su^{()4;DN6L-52;CznuG=-NQIoDB=7Bz+8<Iu
zUTI5)RLCjn?;Q=P$&d<?N!tKOg`A>f?=VOm0I35Ybs(fdPSF4_$E}+@kXu&-Df0%F
z@dE|tdCotEyp6u{aPBV=RR9xk>6h)Mhn-vb;V1$+aR)qAYBTUkLc9XZ#PoUTx|8Ru
zCXlvM5UBxyXE_);OQ;x;Q~_nPxzfQGnNuiFJ0Ua-m;vrVvtJSJFYfJgv_ZUx98IWR
z<sveV@>stVoJ|5Zu_<3_@c`D_24~>lr7yUrt|GOcdLNu&oM&NdT|{j}>U@s>)?@u5
z-+5;Kakhg|hx5Q}{a@nU6Too1q9wHgo+F9^*6X;Qm1JS}3+U3;)%aC?+Ky<BdPMbM
zy9wJ($R5FU=e~tskiQi2_I$-Y5RU|`^{9?JKjHj%^97VMKo7h(Vs({emx0DSnWgf8
z>qY4573TsxFN05iww?pHUKEEnS|BH`3_ksr>p6hyMK-+80y(xa_@p?rm;<<8WXIbq
zkYg`{PyZ1;2XMV89`Cb2PJ9`B`s?)^!1ba8ywL(V31#p}_p31naJ{G>-f4lHer51U
zeu0<+lPSWRIEj$sDB~U8C724hUX+MeY#}wVj8F7FfT@7%MS$z={UJ4}j8F33fvJG&
zMS$z=$&lK=jPLKo>sCDAdJ*7y`v6EyF5{EE*JCQ+dJ*7y`#?w?P{t4Nra)=|;5rW}
z{J^q;f#k`iJZVGosz=&xoSy>zpfj|CE1gGn%`b)FH)VwS8~h^QdYb5BbA&EZ$W`U0
zgnVUiKi>JJ*CRL&3DQ>!UHMYm+;YMBv71|Wg&@^)rAdU3ZJ|W6+gAhQ;nt;;T{2lo
z%>;y4aFQ3#SUsSLyUS7pXV|wbU;0XWSU>0G0t-9CVWi5iC1bat_*f@<8$J!KSI%je
zRDlH3*+3hSTfUmeC!n@~R|rK&OQ9XhOKDmWRK_;7a~Mm#9GVuSbG)3Kp_RAO{Sox{
zJLgfx^n<Lq<=na?LP~T;L2G*}P>ygJANCzX+7Z~+fkdK1+lp~`kryD<P7{<Tps#ut
z_d>1UY|}Rrx>B;uR15n(&)>}X(RbTm8%U#xZNNUV8T$zSS(<FaZDftIj4vYZZ>I5#
zVSvmsn)BaI<|uDQrnc9@*awI&6VTHV#?oUDMfM2yy3aI>SL6QsVWh+i;}LwA9(kAc
zTeNV20Fb6pkYKbDvIU3LhBfB`pWp@Igf3=FN<%kGeXZzf|15{LwVe^mG@?DyL2lj6
zfL(ZX6p#j(+bGU|7xA{ot&pAzqw9)umyO2<?SM+;vaC4FLUG0hSx{*akcnX|%Z6Dt
zlyo2qSmGj}6G<$~j#)q_y5b=Vc;X^EvuQzAJZ1r*=t_VrV2X=?QtV+_377?xqN^Wd
z0asiEq+$ch>W5iCD!Lqy1#EFqKNkNCvK*KNh}xA1S-=+;0r3-ARw8Br!RShYEMSg{
z61@*YauOy3#pvn}$-o^KC3&Yqa(_$)lF^k6$-o{L_4nQa$;p@uG^1+(Bm;k3l<fU6
zBoDx3AR1i*AsHCtBA^<;Hi2j?LY4{t7Y#&ti6k;z;FA8?%$66nY+G-5g`oimxo?S!
zV%2Z|*H|^8*}$sn;usT7!A(mz(OpD3`7NGH^(G?iW;wlxNR=$77ZK@YmeY%f<Yzg(
zh)BO<IlYKT1uUl*5$P8!r-z8d`3JL{9%2&bk7GGKL?zCzUZ9*F;u7conC0{knK=LZ
zET@Oq#QFb9IWeM>whS*BW88b9#0spdw4Ye`&kSlQID=3<Ts9e~rS{&%XmOxRV|o@R
z;%XGnybx17nHA3l0uU`;4=5W(dh9!@4Y<H4Mc-HvI^P#o>^k2UR;)kY7goG<zAvm0
z&-aBD51#J}D{edA7gmfs-xpR~eZDWOu%7P=D~_M*3oAZ4*B4g2cdjq2_{+JTSP?kK
z)*%<fkIP|w>1_+VUgF&9Dw`56E5OD2LrcVdJ#{*-T*bE>;^hQE#@81<YvPrg_VF!;
zxs6|2=7GclwBP+DsEj{>G<2iqBs^FV6d(fjF9jtjB;XYSPWod^Dik(V4S6E=v6jR6
z)*8KB{w4nrq-kHZ3UcaKSV!E;@(&tSJ(sA01bOnbudo@9xC`$q#4XyunxXnLTd^Jt
z9_sN}{t8~)4c{{z9_UD#>5%sGmo(g?+kXQ)T$SmCFIy@bfBUjU;M_qF1-*}p?J3@o
zcrkjHcZzX;v=yT_fF{s#7C@P*$G|AN+;<f80n>ZWz*Vcy*s-M8$ngO@<FH%G5`4$-
zN=dGsZ)5rWV)EBh{)Ue}WdB9_WxXEet54W?#r`aB4f0uad|)@$9K}nYLFEHD24>GT
zO~(VO0A9`9q0fu+<8?8Z8|PQ(2h5L*f!<%4$KU5X6*L<-Yv*6XD-*4}a(Bj1LHdMj
z2nW>*uXcj4TJ5nO;Kgm}Aa3gLrS?hQ>^bjL3p9Hy^g4TI!d$L5_|d(ua%Q}Y0IB>3
z!bcmY%duo=k-pVWJprq3&E)0zpfPS~wBP~dN1m*2^8%;5GX?qe{g6^w|Lw~be#FXC
zfF06dzC^=cK<XCUlV5mBkWRS5An#)MKqVKWtXy1p3&!-q$278zOjd6Cv1)q?FP7Yz
zDP$eyCFsm~YxaU)@QMqa@iTMFvU0g~+fBX=WE%^eW^p^i|G+maaCGn$T8_nl??a7m
zS!r$aXYJkI-(l}->u=z6MQ#e0oLm)8#yvf{nH0zb30W=;TG$0k4Bt~nU)X=1e7&oA
zn}Z81A&0<2phRIP+vaU?T;NSqOyz!?hY_-T#Y=&e=xl*km88Hb_7kL&z#90eKC-qm
z>}uJ@E(r$GQ7D%Jxg8jd;)V_k*^4$`BoviR`<`Iu%J-6&R#lJ$`E#2sC!esW_fI;7
zV`7!)f@aA#?AoM9eqO&enM&6th0%97yrbyaq+4nf$9jW!mX+MZz4J3JFmjs30?H5m
z{K+(&#WJj`Hz7y`4spEQnlHb#pG;_hQP3H!e#vV5$xuLLxWGFpn_KoAof^N!riOMb
zPuAxkqq)M<M|qsv>H^svVfv5rA7rhj>GRIZ`G%LP@Jn^f?ZErmss;YKS`uhx1N33x
zbxiM_GR+(pY6;q4snu@Jpcwu^t<cq&F5TK3Iw*i%&mufudb_3j(<!*$B3Cp$TM$(J
zo5D$4;QFZmDF^-<JQe%Xd-p#@S1)OCa+=lbiKoK4&#=W)0(x9{Dfi6Nr0dZlyQSA~
zpyWapM+bys{kR@n;5rUv(XmU|S1S9;t){O8_^J)`Lok`ZRTucC-S}nE(;&O4oq-p_
zm+1L;4-J4TD8H|-3sgob1&wT}0>_5h$;R0$mqSitq|BzsuN9GB??-;Eiu~HI|0)Z#
z!Y@%xuM4cvlg8Xx7ifqStk;KE7x=TDRvSow-qROe&22U+^DDS@#lhbJQpu^?gAcxJ
z2_K1xhlyL(C4QKmCtW|M4zDD!*F7|RVLBQ;;_^s3-YrnKz0w|L4@pN#+zKVM$0;d*
zD~MZ5kk-~?%&0dzsbnS{hy$T|4X4OX04#DbU1%4B92$|kzqq}Nmv;W}_ljKT9P=82
z1%uS+>nOHobK;wmEEcK3W1EyB);L_!6>>Ig4=SisU_tfV@4D!b8K58tIL?o^wcYY+
zgtjYdyI4i*=$i=Cdx^_a_|fKc+SM(1z%MCSN`3nucuYsXK@0cYiSSxFoOYAjx*Gqu
zoZGq5oJm9+hz#INPp}<d!FK$KiHP78t)vRC#Sx<Qx?mKL1U9bGRDd9;+2}ml1lQvK
zf8fd&(yo9Gieh04&{~8k4+VMN7D&Mv_}}jb>4mufV8wxzplA6eD}cMm1a9#`25vM>
z5vb)r8DzV&RIzFrLRzA4pC=GplE)X;$AbF-1b6PM1nviPaL+J-TUM~LRl(nQ^K?wV
z?*e%!fjwR(uPusz+XE}*PbS@yfU03s9kGhGCKt%YH`jIC5KmbR<d}@ek=Fw`aNX2r
z|4yTAWuxT+yp?UJUJ&FiycZ~6L3q2!8jH7}6nW%{nV!)TA#+&*qemWT2Jrf9M!3fk
zq4eW*bbVY3Z}r}RL(9)E+-?j_kU&}`l#&#jm3nri6<7_Wc$~lrUdJ8ZWdbRda$7YT
zVx@zk=Wu}ojtD&_o-Gl~1!cCCqUpYd8EWn7&alDw7=xBsF#vkEwU`I(30aMTbd0sc
z<1ky0-@&Gc*5svqLe?>4a?U1iW|R*WR}p3B{9!UnRUt;I{qF4uYp3yPOax8V$9!Qk
zRO6mG4_INXFTNRY4eNVrM8a|_x_Az1*QE{x-N0r#G>q1`0qaZk3?Pz1_`Cu!rSy;;
zhy`0h9e=$O8Ab#Cj=>l5B49tEmcC-OV6DJPj7><*45wMK8qRvI6g|(aj1M#XLk2$X
z*Bu5JdrAs}$*rF4Mp;QA=(d2s8Wfa_YLD#ANW<V&>3r5X5+3lkXE><x1j7a{fJ?oR
z@Uens!9bypp^ySXK7*ksbW%Xo0xQYTN1bxZin}6RW51x+RdeemCQCKJ6E<m=R3jd?
z22a=}r2uix_>O0rIr5z#Dbvi~{UikqwcNU$QjMgzF{`@a1Y}7{E|uff%@{zRv*;80
zYS8GLr?NpUj=m7c@)YPDAuJD+lwvB*7tXkW^2bmoQ!v;~netmI?2wc>@S{vAgnzw5
zBIN9dT~56uu$wDO#Y=26>{11`$rnz{#0X8-n#rEsiszG`;T}$q0@x*6Vwt)JGLT<A
zwjTW%m%onWC73Q0HiD>wG?^<sYGv>DU5lh$Y;5{pkZ*j(kM)TSISB}y;>C;pg{v{y
zBW_RkShthZ7(Z^k?u3c)#RQNf5CD_KF+tc@|G^}A1}Hv<CoA^7*Ak2Q-;Hfr2FHs>
zn)31LhFku1w!i?G6V3^`lw=#)fAFCQ>keK@ZkOsj&h~}qnERJ?=$p_oKAaj9Tf4j?
z5z-jK(uBkedjWHoRdx0dRq7zCoLd*bHQspN{^b^smB!r3m449-u-Qz>J*1~Xl%7!Z
z13+oJ0pIHqnEX|&OJdq!NNhPM)`QH3c#N6?phy{P1Huw*FCH@%t}fGIu9bGt-sYvX
z*+_(+{9BlUb<!6XxOg!p_r@6=7?4Y*?wo{4deOy~nHDnNdQ=<P71K{Bq+aqoh-?R$
zjzs*^@;s`4^jo_K)RD2A`PavaN!o<g9-vcOV~JyEKWYHwJKDprSX{u{1}$Q<OuS98
zL^vmO!TB-j4)M0pIkCJAgqEm~oR_oPELD?uERw`#;mUrKhNAo%S0H{>tzta+#VfEI
zlE?vbufh-P9n{QSSK&s=3%hFb!r9Oi4n-G~a{$)F*n}(%4=5#N1(CFBy5Pfeo@$+k
zLN)ALB1xPJ%z*(gNzX<#hASjX>VxrKtq;U|DH}wJ;_Bl5T;t!(<<-kHD|cc;f0`@4
zv$zZR77d5<w_Sz)!n-;DtCyq5VsQFXS4TO0tz|?>mCo>%GEOHFqFW>V&olaeQ19P2
zJK9$EPt9#*o7;Mi7S<^E<&AhIv6e)ZsFcCVcTssU(s!IqLC6GlEV)%E+_gE|;C8zO
zse%a^BqBe(0)>nUCS=rbf$^<Om5c}(4JNs5;q<;`Hs@8y?$+*S0-Go6TVSlZ*cLd|
zVu%UUbXGk`EsReu=UaLp^A<=_FFZ?oAu3>K3tMRGF)2jd20KsB7>G@<q7;)Ps_;eh
zwJ~=td{S4y7(&wp<6c#<?`?@Iodr^!-kOfJOsVX<(P*c|RjnkM-Vv+GX*-*-vF=(h
zP__R;5tbTzqw?E)AxKO~WQh(6W`^ts$yi;WAgVWzoFKl2f11=e)6ti&in`(a1L%sQ
z*`Py8zLPE|uBM7o9eUL6u0(|uv`iv}(o0NIszP}L=HiiRdFem-(q~b9H{W`OSCj&h
zj*g-6LfmRq7nXoLCf^1Oa2pT+>dpz>ImnIhrbB%7F`LKP?2%fyQuIQ<RZ0B?U((K)
z^l=JJ^Ek(DcjoN&Ag?~&#4D4o^|YLi)w(=cy98j3m!Vzczv0{-^bCoC7XXJot*wC7
z0+-jKi@LmYPQc58#6Z>KzkkONh;^aFH^fuY#Rk60ZUW{f+Se?;7(Q*ge=7Q&Qu$Cr
z<eqdz0hN4dC4rdg2{MDb%-}8)-1D7#^0^6nJSFYZr%#XPO4opRbDNTJho|}*n=abq
zOGmlV-`I&L_bJ>A(&MiE7jOa~IT(=ePm>@uOjc4WaQH5HftS|8MkRnI;fSk`T~pmP
z1mt5hD3<9$_U?z@36raK70%QE5zHTJaQ@GTu&rIh@C~KPe5n>t?t%75v-#2)0134x
zuf|3~Bck!L3MXZ|<e4|Qq*TBDJ6B2-@yNs@*75ny)84xw{RWgI9j-dNU$2xIn;<V7
zg*OuF@nqclrl)XbHk5G)67+b@?QdaVmLqYzl6;w9J>m+dZVkN>i9f^U0V~H81)2e@
z+yk^@PJs*tDj<Sr1EMqMA9#V;wQnu7|66R0U;0xFlb|dkOQ4l|<~0l1ccqt@X>e{i
z7eN2fEyW-xsl`frcr5yYdVj?&#|OB^;-wz1FxCP~@BRJQet7a8z&Is<&Z}tQf*j$3
zQUEJbfk}rlU57@Y{SV)C7K17I&b?d!ZGxH?-<B_zE6_ZQVoRRX0IQ2;VGt%HN(Ont
zBUwV^7aA$|K+kfr#RbJ)WcN?lNI<aBM-bY8>0)cYr4!_ee|BKl5WK@Xf0n786p3=q
zaVeH_F76VGmQNREdNlQXIhnmDQSP8M{~k&=q64o2AP$^{iBcScUh4f1P;U%|q+51)
zna4o61%S0pq_zM#Rgf%?S?YE8L3Kv~Lnqp}=-L`u-QAG1G9q1_(w21g!cerGZ4nL$
zB-CJ%f5nX{eFlOkQ~8*RBUO-oU02S8R{GK@hah!vfv?;3S_-RG!E(qDr2ghsBr_GP
zp@2@*q4r89)nXZsv`@>@HCdge-BpegR*<L#f^?5X-=UnlzKoLf0ch7##p43&RlSY|
zDX<Q?KuIJQH>$d4vL2y`c%k<<Iw^tTB(=Xo*!g4)YCw08noIP8t_n{sw66lpy_Rn|
z+ug{v51(Rl?(tsLos5MvR3P%sgu}hkvL}&URunNvFCxl9B0sOJCA<a(<B>+)TA2E8
z(1RX)W2hxOtpTRS%E+vSO!c*`oj*icc{C!eRDP#mp$o&X0Ejk~DCGg%_4dms@w+6M
zM?iGaeyf@L(e7*sn>hcOxQIFFJBI6v40px<R=C;`7ZI+Q75%%UDx){;wdN>PVZD`H
zt1hQ->n2-^+kOJVgB@k(UCc&LR_GJiVte9(rLbFL25=`+H+wbK-~R(A@r}(iiB)|~
zVlK6&RFO&U?N#rDnM#8y8~Klvkak7ph-HK0(IVSGY9^*~%ab65mG}}x|I&3ANWrYv
z6--abMJ88#p!4+&Odi5r0UW*;>oaT&&VSC<lgEdS_M9^ODb{B$s@e1`#*Nm9mGr6C
zi77@EQW?0CM8kjVik6oedXt<>sv075IdL9mkKc7P`wV6nY3M#TxAni7+ZIc2bCVi?
z@1V{L3NO86_QPrWPyIpfa1c#(-87F%=moXfPBR8;whOT=;B|T&q>60s@BPm^VLHe=
zcaELAtz{&wm;~(%F7O&&-5-3R59)-H7I0~gb-TV!-BG&qeBUVj09jB#%6#^Z?8Nck
zWB@s%-jQcSQsn$MoIqdDqoG&6pA<Y1!TUA()T1Y9JvzVd2kobYxsf*a_qCViFoMvt
zPwkKA%oVjK&_PBSAE(m?_`~pcd>q5$1w6yyc|VKAUo<r%d_46MnHIEPcbYf1_9JN5
zj7p&ojn&=zPknV$&(fn~uS8eY_nbD7#=~g9n^1Br?f|w`xY8p{vHJl16?@wU?6s*M
zwhz2xdosTthF03H_WuF{@gBv4Fyk0Zya*%F{&10DSb7=5xbb23-8epqaT|{_jC&h1
zT1r{LksYkydQ-tav4X}BZ*2bo?3F8>n`R==!SCcUuI7neyEjp+B0b!j6SbUqXQTX@
zA7h?lhao^V3IW_H+Jnc~>s>qWb*yu5kpsoYe9Jy{PkbDaL~Qi2e{U&3`Mj~DJ=Ti%
zj#x$K%$)yqn{J|0Y&}eLtj{us)_D{}=c-Ja`dWMyXrqcZSO4`=M>u+h?U8Eo(VTUu
z%`iqx<@|VkK5~{O<6Ak56Cu{#PF}>H@r9tjRbZ+*``&j@oT+ETF1j%-Omo15=s7Lp
zX<XS0*2wXfZx(voOzri|7W%;DP%i|`N4H$yjiWJkDg9^%MuDa21Z>?YG?n#bo;pVz
z?Stm2NoMhiImm^!XwwD8L07I1urIf?pLNHtFiv|*Z##vvV}r0UD6v_&rE2ekFfq6E
z5~jM@9`?@YF->;RMgvd>uxU~sIL)o!Q0ol@LTX1h&gEroouDLV<~hIMN<Tb_owC*P
z_xlE0`%E{Bt)37ui=F<OmM6%7O2)odmXc8|7@e)Ac7^*o!diG4)T5Kg`=K6G*l&j1
zKI0Tn2TZ^L1CiG<qahBQnfjWnXQRMdb|;KU8*tLt6EN;`Z<%n1wg#_EG|)<W3(w;M
z?99EQ2;ruzM$&0I@WxYy>4WeXtcf>FDb1;91De>EDT9Q8`Ki4L1I(ZuzjO}!5%%6?
z8eSa@ip&=jI8Ng(b~}@#0EW!u>$?q!!<b(8s^riLj>PO5)-*+(-*{irix%zu&Tba{
z8ruG?SM;&{=R%vEhq3of3@`q4rP*A4^Oa^3^Kebjq89fZj10_@E8eFCrtu5XX}45C
zw)H<(tF`+gI)O#E*Slqw8+gNFSoV{=5A%ikYMtPRGkn2g$}BZ%is$@St2j*kTwox5
z=;s1fmDD9V4seCDc~JubPM_Mb;|Q;MgWICUE>@9~jaP;tGqdvvHfq!g)W(<J!7;Ma
z0~#@fdl0Kuu#P>X*^?v(INiji3<|GN|G}4f)V~~6aHO5btY+BW7T4!dz=g)hQGiGU
zF?u4f$T$&r)Ho5C8*MVv*5`@9-y6**0!L6=TBn##1j-!d1A%#w5yY_(#K|Ni1%gW^
zqZdcErMq9m<HfOl5!sC~l$U3_JL<}Di~3!3H{aU#vB18sfY5GagtoyTw3zeEiQ~BM
z=^TgF+#rcIqWW$|mR#0gULfd}G;VnuwB+gTlfsJ9#!_Ef8cS#I`id}^A##8b*b@^J
zA>NXQr<3o35T@OC+_arO9%Nqf*9OIICkM&Qs|ibfeiW;%(H9wLz<sgqBHweQrmX@x
zx_Jbfi2BiL{Rr=W@T$&hUq(2t`srgt%ZW_>t*aZc_)Fvv4sX*C<-j<5F_OynjU)XV
zIz4()C_E7Ll{hF!q`kosAk$-_usUf89wJeO2VV@m_(iuvB({cB1yQE|F#~~ec4)7B
z6P;AoqUfaFK1$ie-=O%mR%h4hrhn@I!8f|KKSM_b3afuNvOdDc7a#kg8*T0%CVL|%
z&Q0y+!L$DRKr!g+=#uE?W;e0Un1sRwI+3v@d|{l~a^laEVmlG!6wTjk-n!Q%nQ>^C
zd5>3pj_wO|++!RhGM^4@*%y(V-aNe&M-NXgk&JtQ!M`TQAiEVE38Yc@(XzjePSul$
z?XVDqfg+M<im6UnF5b=#NOV6<Zzu2s#$c=}V2%EkKISm;J>4FAtcwmHwE^_qV8^=n
z9XZzJ+q)m@PSd#yIf4Y-1lLvy+QdB3Yyqs}9?q<4`gpw8=wtDwvT>xilw5YS>*n%;
z>@=OucF}7^Y_+<?hH!Be4T|&o6ZFH~`(h~ih4?-x`gMoQhr4VDe=vsdfIbA@z0tNt
z$M;Ff_Z>9j!wY1fBHxzYN%`vsBcvQ)f$#zHw`8iPI~6BjF)*sDA1At3W)SnjgRx>X
zGf}#kUxv#W<Vx@V5(l-Mk@Na)K23Hy2V6TVhMM2bsJY`{ZxXtG%=<B9YRO+BYLzq0
z>9m<4zTFl}P^B)N)$WT~n7Mr~jC8=nYRlTq>$AvMpGS@LF|pdY_CD9=7YEGilm30{
z)9-+Z)s`_<>+XxylEs~Sj8><}Se@<ryR+Kj7*_kA&%cY+X4!jL9G%rZw7;9PoX%(;
z`y3f9PmH#hF+)Nhws>rqjL&k*lVE=NF^+R?c1ovCTBQ5W+4sl#&qbQk@vEL&whfAC
zai5zoVSdaKPqxNlLK<VOvxp^hL<tH=t+*5*way_Cu8O&eqWp)`L8&$6!x*V`7Gpw`
zt4pm!{YYwM2h}LG&T7}C*2x`FGQ;`DATc(`-cRX6Cwteir6Ot<m0D@Qc>KY9ks?xS
za{xWttR%Ivr8*HEwfd7kzhjJ1AF(dAy4$}~YE?Hr+oK}B$G3U7&K&)(>CCYnnd9C2
zu+0Zpn|nIVX#T#%4F7a(MJMs!LWWhwijQQ?>Fdh{rlH1}urJ!7Q82k%L6nQMFZP<c
zU)vt-e*QFb*Z%e>cQ@MG^v~G#{*CP^(4K*o>R<n<&-6<i(>zm_(Z-@~Z4AaXJbR-&
z-Y9rmw}R)<k1BmHodQvTDMcu+&~FVbIZ;5Vml?x2fWrvwF$pTI|Io9Z!K{WoM98`2
zC3LdfO^9X0ykeS(rXTRe()4Hc^h(oZszfyXx&4tnh>xfxwGomK33~cblDOz-YKxwK
zqSYjU-WnM!7WvVhNY$w905X%dqXn0gCo=nUp4)7<YR^#;Z69(oo5XBb^MBG!fz^IT
z1!pnwf+9N?LiK4a-Gtgb(H{F0fxPp37k|7zM$xB^gn)>c_dt6@%%l0oN9Vx#t#l3j
zd+Y3Kj-BMoak{+ikL$&k?mL@W*4#~Et^Zc{;l_2?`geUDKK&LY{@nmaK)Aog0-(iL
zJJ}T#3m<CY4Y=6W5=?-;P0Z$%irF3P<TmPe0R=HpUB^Qs!ak!-ydk8m=rXN}6QJ?^
z0NnO%#6pu3+<>p=$!l|ITU0RWeCGU{3_F35V$0$YYxR*hW`bv%OgwD0?vMih4mz>G
z%>;W9Sy7YNXicn#dPsutX@iOfSn=w^HfV;j5aFwj*eSQ%$c;C0-ISY<*ie1AUt)b(
z;At`p6FG*qs~c^B=CXjoI{qznT#nFtfY!w134v>KDDzNN5gA$o?2iuI)3k9JP=7NC
zpx6Q%hFkx=ko)5WR2^p8nJ)t;{>!ATrMRS-c5-FlE}`B+QUpu?VbRe|>Zabo7PM%W
zT<C^T3on{5{I5pcVoUcc4c~{Vht9*Cxh=3u-#Xu|i>cvm3G>1cJn}8X{XZvWoQ1Ie
zySMR#smjAx<yYM`*Y6zN*lz8G{)%nf84I2*77b6^V#>XS<#K!IhTqv)L-$7h8S}L{
zdc2@n_V;>xBA~;y$v`h2X+k#zWi1&zrOyOOGc4~P*H|sOu8bGEbt60%Sf;{AN<YR8
z4d_S8vRd<q?zzm&vnNl)<a)F8Ba|A>KjmZd37K9)TNI9<ch2sdFdGG#^w5is2#k6Q
zj>mjQ%l2_NVkySs7v`0x8*jPNAc^_ouf>4wWSFhyOAa%`?8g|$$oV1XzrEKJ=<a0Y
zeMVOHN6AV(BP*+Vkd=lWWTmwivQlY~m0%CD(r6+pn|hFy6)|K5X^2i((7MWK2<Jzs
z>i?FG9B?x$_v;@TzOWm~w7%0?jkc-;NY*y&iJBh%+MN`z*H3?~TQh2D`ilseSF{_h
zrH1=Q)I(ewvfE6P=FjYt9%;9P4Oejc(j;c3jklODPP#S*2ft|1o<7=bqyMHGu?VgD
ze`TE`tNiDl?8ChD-aG$qm;E{ybLC6Kv;Q}Dc7vQvjb#|`eka3tAwqU|o$Ms{N_LnR
zVl2(Mb2E8})0y|R-{}5h>|E&H-|2p4`-#L{*J<QZ#Y=`oNla)*EQz5Kp=V;IG&yXx
z^yzlC4_Cz4*;01FC|=$X6{huKuf-PI(0~r(JIwme3SE4<2TA4KI}l-mj1NAjn)RRJ
zZu-v%HQI{a*{ImgEZAAnj&2JS{J2{}Mab0W*Pob_p5f;H-u=X+%Y6KTKI+$xLm&TB
zAI;K-vigOXq4=P(wzU2S9f6lxOh@3x%CPO<>tXm0^wkjhXw%YXo1r&)>tEa5(0d~q
zE^Y*N51LG<j5wCGG3(8uIv7&5RXbK2IW5IA`vu733wzSX$9_TfP&&sl+e66!ocfVT
z5_djNF!z;fgX&0xUe#{gtTD8qZ$9is*ZyXl2u#H8f8Ik<dm?OZLi_cH#wUs5w{>ss
zKN0(WHKz-4d%78%QLq{o{tmT(^Z$i3sqaw@?z#mAkhAkU&CY+c_b@vfmS+DbYeZJ6
zC3&849(RQE6hu}yqRu?2{lB9}L>RtVY2f@X*#7SszB&eAu({r_!xK*}j_}l?7@o?k
zU{l#Emk}HN)8xW|b;yO|4zmjf32rZqB^M4_NoH1vHq09a1Ttch3kR0t%F4)vgUs}O
zxo|M2eFCYPGbh$gaeQkZE*w~zTsT5?-(}zY+G4nHuuBfiao%v@U|#eU%uw^>)*j|g
zy$DyjtPXJmXT&Tb#`WNPVMffk*E_ApwQPM}WPkZpA>GTyB)XT)ZAG~ZE9yqi$i#|i
zVjpp(m)1oObl4ghmvsH_ZzYDSo*&u~)?VKlHf{qNj?kfdB9{UU=jWF1@!6ny@7>dG
zREU7e<g-Dr2u!PqH8@A1G`ltyO0m0N>#FJI!x2FqvkwQ|(_c+K9BcsJ;loj2jrHO1
zTfX0i12Lkfs$j^$r+Ui4+JhajV$*EvcZf~e%uYjRqJ=N|jjmBK;QcxrlY8CZsJPP^
zM5wQg?kmPjdMI_Y7u(*q8pmF`Qb(8(@S>&m-QaiWj0V(EcniG}BW?`rO?_h?>=E^C
z>H87&ja{a32P2N^y{T{P8S3v+-@HHS>0B5ytQWgX^XVasn&;D97^M+^^d1SLgoD#M
z3~`eznY-`Rh0!90+F>J?h>`!Q=<57>OU$w`0u*{C!YNIh?HOAS&L+sIR`j3?l(ZWZ
zI-Yw5r789i_AW7P2S&LWy(XWbm)lL7>2ObO%F9Kg^xIFoV*j?U``m>8m-MPC_vqc^
zR+Nqui5waS=njpXe|^92FsO2Vd(Y@01`U((Ewhg>=0zc0??#WuZ#GA092YpdG0I0M
zEC*vAeT3y8y47({EZ2CasyD7d>|#^(cS<Fqwa37@bvId~qP}1{YKq*WWy0g=s_1DV
z8#L!n+Kh(!Q`~avX7o1cZSc2r8~lY$eGPuuCg?$H4;m^x^MlcCFK(&9&0O}f>X9bb
za-|r+&3aaMHT32q0QnwVik;b!edqnViAiA!F{!&YU{BOI^ZavV?aXuTT{sG_;_AU`
zHhn;VB*nrzlh_XV2zFI=Q)LP&!`(0Kc2u%skHNC8vAl(9>xB=ZW{I5mz5}N`<?CYA
zzxbnG{ZXvG_JeL6|M=Tzdz0dOdRWZq?88ABs0*?ypprubwmwod^y9L5vN4tcZ`1Ej
zVLSug*|qRs6iYscaqk+Y-!#I2uB#lJ|JgY6;pH1KWq+iXbyd+b)KJ48d@M6s`uUin
z=N}uT#qCyVJ(u$zjX4_K6niw<y?na&8k5^WtWz2m(#wmBQnERJIt$x{3C+0!9OkM&
zis{B<sw(H&(G7b{T%@izD$F8oN2}XndcM(Ba#4?evmtC;(*ib#BJ)Pnb#iu42Zf{5
z-@FxOmv=~>)_GDW2V;#!T3<Ig%!!ZF0E?i91({`zNC%}G7%=$JB<{?sHAY?FKu-d1
z%rR#dwZTIhQ!>j^B5h32+t4POO3(kP$w7c}YXCbpdvtv;t4zmPj6b1SH<(WP2C^*Q
zPVGdc$r#a6s@HI0jZYwJRSM9YF7p8MW5AfM4eaXGx%<OMJ4~WGus3aX8)6)((8@)V
z+WM5y>CNalg|V<U|47fe-^jWZv&L1Lj{gKBYa?c5R3he|C8Ec;?hPzI!ge3Q8C_ft
zE!?QLkYu!Q4qG^~K6d%}!q%J}>fC?#w)9u`vdFKlk6C0+oR0y{x}nIt+SoysE;A3(
z_pWyLdYs2O9Nt6A^x?JQ@FuK}9%H&d*V8@gxysm6z7`8R${ZD|aaS15|G)=7UvD}-
zL+|s5>u=5aZrXfpk0>8>JaPY-Zq#pQd-o_Gy<RPNY_BzPwSbeZYlUgOXf`T67SLz>
z0m`_yuj|$eS{*k3STCDzl)V?r4qF$6&Nv+O4Y35>xcmSR`(hoQdqrH6Kkn8`Xt!~`
zGZfny*O#00^Xu3p;n<GW8y#WO^Sd{_CAOp3c$ucBSD4t8oMGwq8%d-5Opqk@j=&Bs
zkRB5(lUMv1>H334>Adt}2HvQy^Jg^b`S`Aqy?Av;Ud}0eVuIe8$fZg{Q6lqatg^8G
z@Hf82yz>0Z>^UoWf>-iqAT?Eo!G>^2+l(-oF0NubNatiqIY==wdFi;Cd*NhQwhhDh
zk(~ci5@o&kro_Y0Y1X$OA>1s;@AU|3dM=_@H*m{rBqQww<Z*>(jB;+Lh=Oh|ud&63
z&3buM^ONwg-{WcybjO!$!)dss#^`IF6c>Ohg2?0l0*|6usYnrer|LN)yru8WXb{S6
z4@ZMgZn79bDAAZ53h3|DKc@%$wCe#s$2+_uDd49#cG<(GXrCCfPLKAf5G=$pOQgOa
z<x;dy?EnrBABrOw-ksslHbROTn1bRCKu<f31(cfs4~lUi2Di|p@wfKDn=x7Mn6h^K
zJ0|OSQ`XPJF<Jj<j%LjYo8N|_`A(lINT1>pO)hzSb|C2O?-C!sVJ=AFcmq<tH9a5S
zF|4DBO-=JScP+vAvnf@`a5fM<mAceLd+8-*Zz`7ImC06Kx)meertp$|7cXveNa|hp
zY&GHy?}7##P%=f3Z8^>An=j&9)Kk-;Jk*)*Ky?FOCAELd%Qy1U)HLr;u}5eYFJOPx
zYVls7(d#n$dlrfZA7c2#;#*9Q#qRW-;_D`)k)j1Xi`%pBlGJ-l@sn|g&>kDSa`$Jg
z_zt0X0*Li+_3b_QKDNzV5x|m3vsDVh_!{dSncVVkaLJ5m8RLMFLLKcmzD8W$JzlQy
z9O@p53tVzClbk*77y!C_0dC<u-0YUR!0a&Nt5QQyjT0NK`1bg^R;lW4JgOj!<K+d8
zJZ{~?8Ogl7Bsb3wd%h|Ka^)qnq^fi*Cb5Sy7ZhO7C_3V}Me52etIEYgv(whx;;zM9
zDZbp}me<}*Hw>BqgF(3U?*;*;fO?vO(OcwPSf*UG;yS{50G7)WDJ)EwToA)rsc9YL
z1+aum3W~>B^bz?k=jEyb@*i6Y4K2+zM!FdzDF(u9xV}_VDS4?r2{uER9aq+6WADJ$
z1+v423D**i=$j7xr>hyIMqnIMq5L^6#W9!5tUkwGqTsaE%db8~7y7QXQf7b>tFNL&
z|LqjHxMmHW4HgO+j%sy?Yx4~cy=-x9agTr2BGIbM;pI!Y^{JCL2#_%sG-K<=TaK^5
zh~8)6|8_tPS;(;a5?~w!UYn>{Ma||CkEU~hb_+%U=a!!%kiUc=7Ya2=DWF@3Cx}e~
zJ<JOn0wo4TtOswi0z;x~r^*HXYDe2Dj=?2;gp<ItU62*r86>h_ZNp|2wvw<{e?(rH
z;!124XO~0Y1?l|gf=rOLNd=f^=cS_bx;T^%wZB`;?_-();o3a-p_l14K6bvv3G+oT
z@YU)#1{4Cwm<T}ZQ=W|gL_5La$pBZvQ3zpD1n)L(w2Y059cA25^C&N*n@5SFA&Ou!
zZG!+P0Gu^a+a>>k8rYR?ZeS}l@VH&<g8jTGUHTdK=OD(#m|`<kTwte~>tbrI>Z4|A
zOic&XyfLO`dLK0p#?kO?u4Y)Vbho5>#|3sQ8O=7IP<U9PwWD{+z6vxGI&cAe-$tFC
zkBC6I&PFcqCu~S@59k?XnfTU(On&r)Y(R`FIB~&sOk?4t`Jio3o|E!sTDfJz(tBjG
ziZkOlaYRg}HUU=|+dq_fAb4m@#vvjj>Vioq@*P^8OVk46B$;#7inwU5e<N(KFZOra
zU<`lQHb<Olc2BliIsZT?Yu<a>KPh^}g4sGP)6fw%X1<&_Xb4kWfC8iDsqMOGW^$<L
zY^7kW0fv0AZe`uJNXxb6b=0mkBOfk@wj}!gt~$KHSQKq8a`LMSjNPi`!(b0BE;dg!
zIzu_HtXk!OrqfjQ{S&CbxaXV4(1daOXzz8fcsodps~9ns2=!(<<ax8DwH9)HAOdKj
zeq5jvgj>Ki|F7H8P;MfT646bah--V>d%$n@wPyGY*Z$OrMx6q~nHR89y&}Fn%;t!)
zIia=xcb&Aq5f@1oi$Ta-NY5)5l+{Hfj3_u+gYJ?n1s!Gz(is@mD8!iS{}N|$p`AEy
zm8<$#f=fJolUvTK1S!xh)l|0+k@mTBYP0r<wd1P062w|N25?o9nXyvZ$&&}uKEC7_
zvsZ#1))l&ZZXfZZF8D$vM+}?IyjDJI4+!EnQ9B@E5AjG}8|`5jFTG7^@k&qDc|rQ}
zzi(HWmNA4E4>yq!8ylX!0{b$Di0LC(X31frx!a++4<n|fA$(ol8d_Xv&n33TL7U~=
z@|S@*Pf$`5nrp^!fyzrjWSKV(C8=u8a}L0Ue&UNR738NsDk8$OPq6M1q~uQkmTsvU
z-$S-G;R1;5<Ccu%1I_F}T3)=8=Wg4V(=12|MVYQXVv`tC{nyZU04wmPAXA>JD((80
zfIa6LJb6p91<$9U?oM8M35$dZjCZ=_dmJ7)4?9@FE2&>FS?;Fov!MmGpQ|&>kG^LW
z_w)!9lyrJOeT@s>lPbB`nDLT@TlNO3P5G4`@l={i&P#Dyn?%*>tY3N%#7FN+XdBwk
zhiblZ)<^P34?x=j3|M`kwhdIc=?>mDeGRYN3BufoI1K*7xeta)+4?fx$C#dWZEIxz
z!$wS(-(88vIJ6hFNA-Qsn|z|pZ3*k|qJks^@=@+AV<WC^X8Sz44@<5x@56L0k=`qF
zZ5C)8C~RoYx0uG^TS1E>9aJCKN)LdRk*>kg%OfzA?pdR*9|!OR`0;XHInPzO8(O7Z
z)rS+@$~#MuFH3E_*fh?SRZHQNK5a~-71WkPbLEHdL8k6oxwkEBd%pV?9;c1!jEt8F
z5wJ8KQ~(GUq`XRQc`_|6j90#bLSc<g!|(i+yyyg~HY5$-c$ws&frYN5IAB2s$otg<
zDlRa5AWpHtBc}+3ssQ+deF-oOe9v_<S0#MX%8O@#;ku-H&Yw1rHGZDwHtm)gCd<h=
zpfq@s@VnYs!%eAiZOKKH&8kDgdtlyWAX_<Gxu<`81-i;_2RtTQP*x4VEWhv+#`M6s
z{}L8}7DJxC3ZXf?f_6pL@7GLLZu+H~M%mL>(Y&Mvet3Xop8$oXy43<`SA$?<cqh9v
z?0KM4JEXwpq&o&z5i{9~@nK|p`I!5pz#f#X{E`DBD&TL>*ES|&U3*3#DAjRg55hzV
zW?WvK6xffZyu2W?I<$d_i!1HiGgtHnOwHRgmk_qKiy^GM7R$P-FjZ<APU%vB_I+V3
zF9zc=*i0947?NfjZ2nvx6_Em+EQ|~>9PBM)0IE6owu0V1@Q|`V8f4SpirW`+%Xqw&
zXr)$x<I$hWPC6C|kK>(nTxt51bX-J(fbXYLt|V(PmV^Zlpkg11X=tZFuM?vOhOwcz
zLYI{PH}M34&Iancj7{Cp72&8VDS)rxAB@DP(ol*V1Y>WKOS}jRQkjf$c@;tsWZ*my
zTbKX%QVJbN8$o(0jikPiUPh4DQZw@EQ87w-zH~yJ)r7LY`(+0Pt8_WPT6#iWtJk5n
zWNJ%llGZk&54~#jDDGu;wnDxX&^bEkcH1Ft`Tr!~8l#3KD2wcjQd5NDY?&4huZ6sy
zK+)l(02^RqU0_z&u=ai~NF9078IQDGrtDA(`x|Y^<*buxpG<K(t8l@V{FWCNud*(=
zU63nqUM{iD3X`y_fip1R37ukVwy(;~Xak65zIR0G%*sY1SK)_9OK-KdvJr(|(&=d)
z(1=kM-)n-T=1CVl(pQ4?wMW|Kl4o{~t{_d=Ka=8xQqR&_LQ&e7YQHn+s4`NfFPU<@
z{b4Mw4LAkgQ~@@tM{Eay^mD{caq$|9o;3;sBubxoe<DEtw~9|Tv|7Arq3fdS<q@B3
zZ3W6Tl-?XUWA&W|&I)wvz~W+V{o>-eCC4qvb4$V&JLhk8V2B+X2&0(b;Qaq_u%F3X
z-~$JO^4q0@LRabhNIYfrh-d7O=<Vkcmv&}*PXdkdU8OJcr7|hbF6Yutk20wfR4^cX
zRm76Kx5)uS3@2@8x4atvcyG`*YIJi_6eqG0sMayCGq((&_b;%jycP?gq2RK9fI)ei
z#8yCYRR87tAet;^q~cTA{lvvVK)!{JD}!QVmlz!3k|x>Z#g$?>kz1Z|iEc8Y`6$Vf
zb%(QUNsFuU{<(AK;+vtwC#27$`sy|im}>2=7FBAkZjZ~_Ded}8OPd(XmL_(BREWRZ
zlBDUCOLvPk*@CjfE?urG$lSVV8OeZ0@y#^_-hSe0q@Y%eib*mdFI6Eb$W=sGtGnW|
zTErviQWeu;{z|HyHzP&t%I5q}qt*_47FU(&t*Ex<4#ap!!1KPsF#hRos|8hb|5F@p
zs|E%lzeZ2fRpEA4m9BREUG_=mnD$Y&lEk#+1bW!uv>N(AXAWdH%h#ENeOFx`T~*dX
zZDu`sH5mhFIPewjAFId=y3DM|^t-Hw7EM+IWMQk)een0m3_O|}$(h;=j77`?oEqQ&
z>X)hSYVQ@gX(;-vh|U&dvgxQJXJRbJDhE?F7z2O}m<yy<y%O`JI-c!cAmwB~<KC|0
z<qEwGs=&QnLF8YVc10X-tpW5U;>!gVUuL+09A{L$HdfT{MS8wqBI-ptQNKwi>JpoY
z_!|CcGR#lb_IxKE;NXb3W#i(|=)8IsnJreQGm4FW<d-Z&7GJ|Z`BG=T)DpTD*2noN
z=f4UlXW11z&^V7+XU}(ba?6ge7<F#v3EvkmU7Dx7mOysh69ksfr?emD0=NR(@pgOb
zP26&8Ck6Lvw7L`PQQ10+C-&k+3%7ha@%e?FGLg8PFm86|KHt@$YZ;xWv(VG=qH343
zVIa<Z-gvRg=~YKpAw~6F!DwnAoXfpZms=dRiWT@BcCKX<^JBm$vDPYOvjll<Cy5&G
zL9e#8vq<SB1r^3HvsGK!9+B@nh4u`$^!rVC5JYv#ZbjroX^n{tjHE{yMIDJH@ZVA<
zeh?cXoYFS5kg+I}n8NNQR}v55o|%Bx2<7QO_HPEH7}<v5LF=Lo!VU@bFOPn^N3X^f
z7Uwe-^os}!+D^-(#%ah^ClL?Y;bw|VUSNl>N@qBs%}hSm`Am?(mq8@T6Sb$?2t{Tw
zMog?#Cgfn7hzqnKCt%vMZvI17?4Lka+i6HB6N)u9zPc6PwoZUqaiyQyX-|7^!!H^K
zZF3LOMR`FdZTGF5dAqO0FJ&^bKk-rfQ(=cOY2Zec(Ou={*hVLt6z6}P;!GJ(;FiB|
z3YA0>Fm&4q9@-#%1S%#-=QzJF8P6-mp)*+xW8rSADmc$^EFR&EQ>4E{43+)+nMv2A
z#8}exbc%T{OHz86DJe30UZs=JX35=R(5g$X5}}Xg`j#9{q7rCMI5cE#IeNHp>r!AV
zWS#ZzUX)tgzSPV4fs{Xu+;?-f^X$UUl}T2qiipw*?GM-t^#L3=E{d9n+rSrfs<*;~
z*xDJS_k{{J0FV@<c8_w?GCu1Z#+?B6#Y@U461eOEM3`HZF$sdMH;n7JXpB~15cJex
zyjBd6%K%T79yhnyahu{!==4Z6F6A-E{n9O+;1zon$)j1df)o_2wS=E|k^!3^lq_eH
zOHN)c@pfN`Z}}=O>m!e1uXIa`I`g>AldYf!x90hGEJ}41w=MM!gr8owN35~tIkkCz
z6XYr;SklN%@`q}N8Rk1{LDN{~l5*|y)O=;kGg>IBmqO!7p^d8Vs<yCPF`Kc?z|Zia
zE6}x9f<Vu-;kc5dN5XDXwLy6A7O025oKXTY0}*C=5F2<7H%sC4N~W3gMnr(Lr^G4q
ztTEI^S{qehw8Har<_}7t8<oPQad?~q`{Sv2QXx^{^DhA=ou8%U2X;(Wl0R8;8Q_nc
zS_c#z7JFtZ@BGAf2K2mDf|S2T$T|ZoZb>>(B;}^|h+duyoT~=PPlod6puDtrm3BS7
zl3J0*$UkyP^+!G;|JtrLvka!SVpzw0)m=lXPhX`Z|4ckQF6%7WaX5Y-hzr&23HTO|
zGUhXwiu(3@0OkD3@k(kAE5i&uh0W+DYFoUD0vaz~<xK${8pNQyRVcN3BzvnM=daN&
zI~^vi6-__lI1A^Wg*SZ%eoH$@C8-a|nfUukYaI!YqzC0X$k{|$lp+-+YunG$rHL-)
z^rt<47WbVlI1o7Mh}kkphFprp9tXrV<^$rgBosO;m`S{uUKjidm;mU=XI&IrqK*sv
zsTpXL^`b_H@>!qoVmQ?!g_r&V)&u@}q>n)oGVH|k7H!nTJtNGCN0Q7Y?g@%}q$R7K
zsN-&zv|T$$4smC7@l1G^iDzyZux|_6w_KZ(BRI(PL9%9`{N`#o7%RdB8R?i_8IAug
zo=MAd&P?T=nQUbq`yQDC#S=QoTg5wTxaEIkuMUv4iY!;qnnwz%N8XE$gqL=CY_~ah
z<yRobXk@#R^Hu<m4hTxJZuj|$&-x6J-O<YbALhOUys0V+IB5edP<RDFQBbNDq~g*l
zYNMbHr0@c%!hp*-E;v=hQ4}QsRMcYfpwAe@nZa>JS;kQZ7e+><7Nw9DXv%6?WD(J_
z=MgAn>jrK9bI!f*<-H_DX6F09|M&Z(dGFoz+;h)<&&6vFD$M2k+LN6}2E1QmYpAxF
zt8M<@B-^1=Z$8Q?{vk<teE%)HIn3#M_}%=hic&U#69v9x)h+}S0B2;+f-SSfE{LH5
z6dN1bq2~QEx74I*^L5HqPG1W7SYZ<tR*U{LW~1?oW~k`;1;m=W1n*Liw@UAV_ooVk
z<pFzEhyq@5P%xl3``{MM+KR|3m!rk2^50Dn28V|isrpf^*)b#1h^9er*v!)GyfvHH
z0j&?CuX28=^4D52%JKLN{}6ycz`YVD3_vU%X|;E16kbQV>;4p86yb}y$qUF)kMzL3
zP;XCk0PlvKm=9>8Jc8PH;~?QJjN)B3h|oWus6tkGDfyeX)`)U`vGT`O7J)V8G>%JU
ziQ{A45-A3^L`s}n;(AgvRQq8~iqQ`uoYq*Oj|>C(If3vMoFCfYPgbjeA-+pFq;svU
zQ+L~CB1lT>36{{o{~FHh2&i_hPK`)^vbHMEkqsn}6ibq0#Jx6!ylo&JFr`|l0a5<c
z2w}M;N11*U5X{;r_-Dfpn?FC|@YJR{<#lLBL(AH`VpfG}bu0e@U@jdcA(1b#FuMn>
zINI9W3z?4}7Av&<>n5^{mRbn4CoV#Z-^FAIyBlPR3c>$L5;Jx$%Oj*cl2slW{Vx{Q
zkcK3Fglsv2cMv$`iHkfWC7G2^Fcb{XQri9MmDr!dpSCI|pxS%81EzMbq}$7_JCP4O
zyhyo^UH-%@K%_%X&oP^nZvf7ITO?;oL%lhuOr(ov>Y_AP$*HB|3kcUP1nhGv!Ts2P
z0w1<Fx^mJ^;)Qr<A$(HsE<oE)wsJMpC~a?S<sGzdOHbm3AabM6k5u0(o)i7k&H+gY
z;$H`##kIaX5SFd3i<DxM=J)rdz$^Dl!4#%;9JfHpDMvi7EFTYA1D@Y`1>@itJ9(uP
zxJM3@L-RnA-<}I-4;#{*!s8#9nF54JCgchJ=32UT5P5hI=zJk4?T3>bSrPgBte_1T
zz>l@$k&;uCYAi`M0FcGWdc6sdimNQw5_xtP(b|fnR>OY_?O6)mX9whsq<Imen*GG0
z<@_Spxj0KxXyoUN)PNBD0Lf`oMESm1B`Ih#E2|?BkjzQ6pD7{}9l8OY8<4cCXVI&B
z<Ytx{5IeF~3DT<LlxUC!?M6#qa5%A8hkt4s^sDrQ@BU$k91S*eKpA(Aac#LA(WeYX
zr%Y&JuWbGTSo$A9JfvG~-u|qK=}Ullj9A)#Y*e;3>oMllB%{;e$K$H_Yo*2DODA|&
z6V0Av3FcXF1wHiDtT-r+`sbXrIf0xlN;a|1a&q^y+W9u^_!%>fb2A^ak(XoKP~E3Z
z%ubx5L=xISl-dv-`w5cefVM)_am@d811TNKOcLo@^K<I)I*Y67)u)^QKDQi(qP=g>
zpso1Hrij=bG~p!VX{wR59mcm`CKmEJlkEm|rl5Tmt%Vp2FqiK1%v4w_GPCBFnz_-I
z?NlUXXrmXtu}mA^*JK{=X*46EXLthna{hAViWb`R%(WU?eYlAoq$MBkp99L~Uo^KX
znram9K7H}IvBhurMgMt9>}Q9uHFV;h{9UuL%&q&hGQ>{08K1-Jgp!ldF1|8Um)1ZB
zN@OpEwMGlgHWq4!g?`*?@Fy$iN3!{D14^U(<v8yP$M+jnmuszyfvzh~;1NWmrG?=r
zC6oRH58oo;TJg}+^C@if(6JUkTQY#k!z>Q}uv8EfCtm@2es^VWSO<iHLruJs@Lx$&
zd$lLqs#z6KI34x1&@yOD`7BJAZZO|DsX?L5{qTevd&M*(<u@cOlL0C8!I5Uo?Dr1*
zRu<IJ%{uIE-d0`=It?|A_&5B;Y=p{@<Ft&Sr3ck<DPo-tDD$H454Gy%(f2_WSjwhW
z{o#nK5X4W`sOzGR{mgHh@o1*1(Mj#kU>E_pGz4#MjfV6xQLoT;rI`~l<t@wrN#~ky
zBB9R@HuHN@m^qNy%cK%qu9R>LI=uE<13I{%DP{dHy1;@*eydF*1@{!P4e9<SW;{tt
z6}%(K=ChPJTq@J>)>i4ZCT+N$*HW_usUN)XEM|^_Y-PwXcC_QBYnegw=t1^;@_;&W
zM$v}+LQJ))RaGUc`7b5wkZy>*4rnXzINfbs&Tyg*_IeIRGXfpDWT&S83MK79&VmW&
z1d5tpnQ~Ql0G9_q4-rZ(Cb{c-kh{`R?&{>-;<{K^(Z%}x)L-m!0OM9q@i<BUaHRMr
zfa2o^T|D6!vG5nsbF}A-vq%tyS*vKAXL15OMs=SJV^q`Ygn!?Xo_nQ9knk3YaA$Zl
z)8i77iP}9hl&<)64HxC>cEWRS`;{iV^-Au((=&KJwIS3+I&ZuU>%2!YeWdeBdh!#`
z42Yi9J)`lDD==7grHLYj$7ZI6#vbF)ZdU<4*~kX&`bcbNqO71$0>11Va-~U`9^wA;
zxQoWo(_^AEs-l0e9lBOSS{v6#Lt1m#=f1kn@`mVVJe8-9cs1GXcgS^GP&Nf)PQXBd
z_IBU17TKPeE|d)GY?D{p0!Nc<o&)AZW)3pLB^^%Rq&#2V15myvD3ue^obW4K^d;rh
zuQ3Z=w2xD~)bh+ZCN(r_dS*tb&+`}<<@7<}-OprZ2;QHQbi8F$>au7c5a%SLzQr&E
zWGAH<i69F3>zqP<BeYzDtKj=O6O}bvd97gc95O3-UjxUtU?9&h-ci0HjJw1kD`G^$
zS6!&&n>1SZ;e??cIB^tq4}66O8nEEqY>FSOU0CsT=3j6K+NfbLecB#*zEtmSpNBz`
z7Bnfr|H%|3d0huo*^UXbuZAB5g&Xsw0|?X%QFdnb1cAZ{f74a6C`c1K!9wTt!!u`C
z$cKgCpLD0S$}S%hyuYM!KNDdRU;{3)8Xs<ZG#U?#bEnng^ZvXpcHYus(3fvH#mO%-
zeKH^9rOz|*9PfBxM>!7B=Ow_+0C7VwmBYHGfS8)$c|0@2EOrP2;jnq8r2?7+u$$6x
zi{_)pze<!F$*wC`(CzG=V;0Xo0d|b9``hxpCih{g<n%AkMA7(L3Pp$dxuX0`W*&%!
z8N#2-g_5<Q_g_T(|8wSbXiWgo%ZFvGKTNsR>3b+M5AC1Fpz)A7n9m#o)*mWO*;5s<
zVao`=<ud3x2}jVd#o@p1PY&~D;Tvz}J181ejGwWu?zQorX7i<y@i0JndS-4Bw4Kv8
zl7jJOUxRMto1U4CUY_hu=%-$vpMz%+9wISqbw>_=LVf};?SPFFjXOYEjn_BE%@QX_
z`v<Wc;EPBOPYX?iz!?Z+fdCBOKExuQ(>JlaCPVD7Mg_SjALmf#z<O>Pa%5=#TU><|
zxR|V<U_XgK97p6!5z7%~M=YMbupr0Kh}zK|f+3|NAGFp@xea5g)OcCUz6oV3&Do;$
zL@)_~>^?#UovdmxYaIdFo-2s{?tej>2j1u7|AVC%27$0fQqec^8ci!tknT%^xwrtT
z^@21Gegi!7%z5<pAtdkP=XjRWFF?!N$=>g!K|B5L6R2>#Ll%c8Z1zk$m+d-<=6a{R
z)0tJ}X@!OAlZNvP(%}yb=s-o=hu|BVnJ#S+X7A~OKEf4a%@O~Il{QSOSk%-`nDta=
z;723Y`bVuSYKF&Q_&929eMJhf9CvqsXnIaPD!T8AR%kj;SWvl(trpG^{{kII8$TGm
z-q?pQ^Y_pOJOhXSx(oeE6Qqye*BmE^*m<J=>r6D3=d7hOTj;>WlPyjeP#OtAcIcxi
zxRUUT&|LJtnTb)+xVEAL@Oj0?4eY-;AZEf6S;U4zV)>C|(Qo;qXbw2Cf}*r#h|f}n
zDBzHH$Y%F;gr!8iZOIo(rlpak0pO1W29=b3KvF0&1<*b{-~UXH)~rUGc?~*=7ZC9}
zK(;UU?Q}fWo;e9g*90eU!*MupkqtcU_Opb7laOXjaQg7855MAMY*}k;p2Hb-*yBid
z&=bo}Pu>SVanGQxIU*H(&`^St$Z6QmB<yDbKXUaD_UOcuKxkqRyaxe@p~-!bSURyM
z{0<#Yz#&Y+!Azq-^UZWv7xuI|<MdRTmf+oyYP3v^G&pMp8=N&PT03Z_idV!`yuO>h
zVxMmMinw!ZzPwbZ=$~|n;7y9D+sEMT>PpxjA8nmRCscz;w)(uZ40k6Ezs!z&CL2?X
zjXq--&?DW@1m*$?3N2%^(7M+0mmp;#rsw;g!%N*~U(2B*J>Q-miMD5s!?h4`Epl-g
zGH@AshI;1mTmV5QV^sJB79dw->jCv#x2b;AczgA=X?lCL=F0nl`6FROI2z0^jOJB%
z9#tT3D#-fTVcsrUD@5U*Y8vIAaON1ivN2yi?z+7|{+`RFYqb7^5;t_0jX`q$Y0%xv
zcuHLk*|Qq$<`ABdac{QC!2%#ovqLF3=aZ_LL(i&#mV`dO!pND&B4-BC{n^GyB;S8s
zinh*z;QcgaNhWmBFUf;l60dV+Bdx|msAO;P>}&N@T#rBNJ%?I7mDfYta-HCvNKOBV
zHN8df{*Ib{37UQhnl7NGr@}(NkRhkwF}6GaZjv+W2Lf0D0qj_TyuCmUx^8KEeYz7W
zig@aYuMaR?Sf2v9k+6{5t1mX7);oy>mps!zR0Nsl>~VPgA>YoVu)&6{1bPyxxY7*l
zdW|4i8)&N8un5Xc4cxDRA!YS~cd(fw_5rgIiqCe^LvdWE*ewd9q<YS1Jy2(`=G0_f
z(+V|bK9!sp{vXl>h^*f8>>$Nw9rYFGbxd6GX?;a@j^f^q`mql0nAnef6K1}}V-x^V
zgy=Q(JUzk{^y5H5;XzLS_K}EqI~v<A?~NfkHG*^+6y70z`}HQ}_!+%QU{jC2qaH;N
z`8EcUo(}raxjV#prvKfl^C#%eT3jN`{3=b48ZqZEmc@UJp2Mi<p#P{OtA5z1>8`MY
z(cXV8`6tk=a5aVd!BifNnTpK-=$kvnc@z${sPW37p?%CIrMy*pzPS(MAL)Ec!{%0I
zpN_^O>lB0N`3+5rajLq&oumuc*I|H~a?2@QeST;{Oyv>Jygoa1b)DhV6*RC34;kS}
zExA%zM9t{nPw>ezz-NHc5$85%FrFuS?I{$jBJe8<{;I+ia$r0`_1Ahd(t{WRGA)Kk
zfzA&^mGnpH_YHL5Hl2jrdmHqo)SFX{rqsWk!~U+vUR1Fd#fk8{EKUc0wkAg<JLT$n
z?h^n74Jm1Q=<i#b*eP<<YXIIo(FRd;PK_InF00gDzpPW+N0$|Ac^V^f65m6$7=-43
zE=gI_#PJD)b|tMb3cs9sTYYd;DV~1M6XsTC)hV4D67HA%>VEk&<|tQDs(v&tq{i)+
zpBrNL3&ZD*diZ54bq&nlrhY%F`wo0bxwz5zeG965CDW04tA%ovk&SBnLVYk*knRT{
zE4aQ1`tQ`yxSwuoQ1??#1K&@xW2TyH*iUCV#O<e3_3HjXvIWv^GG=tIY|!B=@}&;#
zQF+^e>l*H^`ZF1u7raN?MLYGZvH099_~%i>xxUesMAX)`OgUG_@MXqyrb!61zW{Wb
z0lY3LFN&CosYRtPs2iXigm!@P0_BMYW-YfMv+kpV*NOJV^+4V(`X<BI$?!FcyphA;
z>(Kti7c2AeBSu(Yu6GB>Cvq^{4acRjOAyT(HO63wa;i(#Pjp{Ge&i}uE`o`MZn&7q
z9n-jII~GN35_dt+QZ7ED->*kwoMpq$FgA<QR5d0R*U8vAS)S+G-~xSyDr2ufZX;aA
zXk-Q#>7h6m^Pvfnu_uzV2Ux!{5xVe?T0k0Akr_3rPn1t!d-_K#Af@YZd^h3~WhT5U
z#kCrsBUMO96z5s}bpF}iNPecl%8f_+=iTUqYfcen{~be1sxTd49mW*?@g!4a5Xp*X
zkofq$!#}WtP;zlmvsLhZj0+L0z|#k!u%hDe0^jX6&!AaP2($6BUD0ogFtscj<XT5o
zBzzsiTcM=88JaOe8?Hy7QW8{N2l6CH<%5c!cy&A`@sb;z*2c>A*+ILXtP<|EWDzKW
z%?lm3GIqi{1~D1Ah-c88Cxo}qcZXI8v$E|3Q{}UvJw#9$n!>-u?UiM^Po4^M@x>na
zW>!8pfk_jgIi(N$D)2v=q3o$ccvmY|q5pMMwUPyYLq{%RIFv|3%TR7b^ZsAXG)B0R
zB#k_Q86#4J1%VEA%7^G-f@0EIcUZ}RFLOfgL37H$dM2%+dX*;yTsbz+aZA1wdDU7_
z7^y_FipB>_Cn%0NFO@bR+6k0nb)?f+s325Oe!>?Gzi1V43*-CMb*cfrZDk~EBa?fZ
znus9%?G&cgKdP}Ky<p#YV-u@AmJ0%~{kSZEQC%+NT~uiTRvL$uNNvxh%@W$Qp-JtW
z_DC*OhcejKIBaNwGPa4iL_XM{8Qy!Hi$tP~Q8UdKZ9vbW${nM=qf~T8^g5$WAU$-S
z+AkV-p~273#4_7~8xk;E=NUu4s`F)0UUOX8@XVNk%7YR8Vx)&&$ZL*{LAnWJtsV^<
z+DDcVo)7xft1l<itw3>OtMJbrh@xW+ve^44wJ9aCJY<A^v)%}Mk;7g`qLgpz7`X>p
zuS_@@2Xv*iHEzJl3$0qmx%fH*JMJmcKwrI!Lkbl@AHMc+yK1f=;f7QmIuiA2wLSKC
z)}3$cUP8f1f+QTlbi~J_-kY{tv_p&G&l6zyfOTzQxO4(#qLTUqmEO6tITBu*;KQD^
zZM24XI!=M%dZAT3HWycQ2)4OOC_!_?`DSw2oz1_xu7fTJCe?$RBg))XBiep9SdX?=
zqz#Kg#v<<;irkDvB&|s3rNKO<4_+><JQIp~H`^Y`FdRvz)@U3>+eKflx**gzjR~#i
z9lMYg*A4=}fBx%8`FAL%jBmM+`D_n1MU*>G##-@f%lR1=y{^@OYKco;iTz)DPA{F0
zpF@r<QEnN7IbD1yo{)Jk@>5|}C$epy4R>Yo<zVJLJVR3DDvK{!3b@0*&c}LPY4VS*
zLxwhU0My`4MSow-srY>_^Z~9*;!ec?Jz~x}r|){<nk!8ODCJ>l9Wg5``d>~Dy%cQL
zF3;YCotEUAe4V{ePn3TY{celHKRq)IJ?{>meGSOLmQ26REVuhTl;8(aZ2*JRka<%J
z;MBe7z5KY}l^}y<R@=~%=ows_sroB(XgDL2n7{IBdZJttn69OoIe^&t^mu<Gmf<B<
z;Hkou2%?a$T6JXRK&K9QjUZhWiOTPoMlqti7}5LSd#f#mKc8c}4~E+S;A0EpyKxLo
z!Rbq@rp!7hWZB`3+3A1SOmQp+@^g*>|Nl{qr}l1f_(!L?rr3P8G>{x7TX(wio$}7`
zMQk1IzNCD3eVNT#<-VQ;_oa%S3X6BG`+%>Tw8agSxWZAmLCiWLTGzeWG2i!8s!iVJ
zkShy(9bgFV`T5c@0<){*czcIuyJQEP@@-lsCG4pb|5?UfQAw7BiR*(fr*@a%{Lr83
z>*Kpfn;RaevirtZoc`ZgU{X29U~+TvrI`8Ht<~;f*h4q{d@i+H%iTA^d@Mei4h-}l
zO{W*Ss|q)YSwB*2Jxr-XzVESA`3G1TKBM<lQ#{RRJk97vzOdNQH#8}H!DjRDD$zf<
zv1inQ{O;nY1G!%d`ImR;K4<+a`uW3_82|DZb~ai*n-lO1zV9k++q~ZsQ4tdt(YEo^
zBjp_SwOf?QeDOnlJs!R<!!)BA-RQ1+{UgkBXD7T63)hMALsigVyQ_Hms?JVmz&$>k
z8tFU)e?0`qO?b^P7t?%&Hg8lhcQ|z5{=l;?5?;=+l+c!=YWSZp!E=}B=Kpzgf)6wQ
z`X1fqtSETG#qbgXy1fBp_}NIOa*<+@n?`iqCS-v+DP)0gCuEHUI-K=>Ce{<OJ|v&1
zki{H#Le|%rlpr~ac>>WFQ$v3#QULf09^J|SSvM6;FYq^wk#P`3LQg$P9$p;AsyY83
zjAvOFv+4h*@w_PL#zSOCK0~1oo}(a-`4$oquIx{?jpsp{d@93{b;eQNl7zX~ra688
zjEmUcE6z|@#D0}9b1o?#$3P3VML?4v%o45Dt|t(s$8qz!(@(xNw7&PmYY($3M)(I_
z6S}jiMb-KFNSs;YGVo0P4We%}sQjb*PtFwmLoA|f%aE^?LoDcowz4h{T$tWt+)*w2
zs5}wCOkUH0YxFWVN4tO*qHj`91=A6+`uhA_u}S(cW`OS(huolUY=^w<ai2++CSW9D
z*|8?P<W-RDm;pa|Q7WiUeE}Zm7QZry^G}q5{;U@4g(nMr18ntck_2f!odK|9@}!w~
zb}~R&811;MQWgK5j#+ZCySsm9HrX21V5&S!-cP|}Qqge?L44-8nhNF(TrQr-Pw)=T
zMKmd^p|UKOUuf!wM<Xx>R*7ifjDy&w`!@;G-{r1grvO5p!QRVt8Sn<)uVui?y5H1B
z20U0-%C8@kra@<fMKc!TPeLHwjj#Aln0eXtC`l~FsX6h)?k@#dEd_F|qr5c<bRxR@
zwK6D8I!;mL0OSL#?FWvlS7sf<doB@H-BvZ@%?+WB@Rwy5ba&Qe1$5>6X!;=cJmsSX
zW6~-y{BX+q*f>H-V@>gymrT*rf=~61rWU;AJ~g%Afcr46nRVp)3txzw`q0>a9F2r$
zjh|zbL*Tisd^+?J*MaU)9eXPRnwH)!FU8UOFlfMgf&%3Rzk<soNG)9vnFmj0PsiDl
z^$L303s05O@Z&6zkP5$`l&$^BJFcDK$>s14N(0rG{!tcR9`bdkKfgLCHP))tQq>aj
zT!xux{KdCJhP{Q+|HtX-mY`(f?>&tV2Bn=^{nOg7koGG>8&sY4uBY}cT^rpt?dv)C
zl>xt|3PMTI!WY>6FAJZaZ?aLO8r>{YM2k-I;Dgmh2V)XuP3wo!D%EB~FdGI)Ely;&
z)I@E<e;B4WS3We1IkV7{6->fi?(^ensh7s!l_;KaGYZYpHMePNO7uXcl1~2wixU<9
z#rPrQydPEnuh^9pRF*ZU&$Bs~ZKc4iNKQjext6trl9T)kicOe%6EA7dYK!uAXI3q4
z9@u9XWa)kBM!NfhL$;`l5Jm7VIL88BaVY;@3HrzEa~McU>tpkE&lJ3eZ{-)n^uCSd
z%LejAX;iysvWss7SwZB*%Wn{pbotFPesToc@sy=gU&UG1Bc48R4Pq_pL6AmVgK6&x
z*#vLJb@+gd0NGs%4+Z{7=WM~ebJ+$I$O#l=)j4HCF-LhL&=JBIv0)zlNoG%mtHB9n
zF;cV^aRPBpkUW{Vc!+h$eylOTk6+cHxq9(oxw^3-rTcB{T5uu1%14{R-l3`!AwBQ`
z&t{k>4N&klTG5jN0(0{KqkG|vp?XxBJ~Y;cJEM%R4<OPgjE1H4GHcNCVrY~Gt-qL5
zXr(hAq3^1|s_*J9tG=u3n63`CXoh;KtK{nI?#|V@pJ+SDNvM{1{{_`pGp*Fj{1$b@
zNp>H>*k-Q68^-TZZx|<cIG&#9Ph^g;BlKAk1@z-9N_l^Oi<a^p+k&RBnB7cIHfvz&
zlOj8FXt?2p?U1fRkl7GoIAv6}8G2x9du%^4D%Z)TKq>8yom009^_Nv;H<#nJ)&XJm
zpmUMf1obP=Awg0x+^|I+zm9Ja@wx<CBuW_bbJps~DNRh-qqU2CC;Tz{jWjL%H_^Wo
z(<1OYjD(W88HCvlczY3|tWZKY>mw{s?=Zp|KBA`l4kHV_pp}zS;kVqVUSWioM3)q$
z9*@1k2zQKng^@}9s$F4(5Z2#imqvzaBG>FLJ5QBGiWEzosq1sJ>(a4|cikYAkWd^l
zTx<klFWzjlgebVg{>)v-g6RQL_$xGe3k84|-*Q%6H@fpcy~mKQwi!+dC;l_2Rnjmm
z|Brx&U`mSvlQ8_h2GbD+CK<DbDIMqrnGZQe;rV~W{--PPmJ1~MKxl3>skdB+*brUM
zQOZcnEjQqPN;3zgMYXysOqcKnPg#J<72A=qN~5nrL3ynpiC5vb_gNcnXW_$#jHr9F
z@Ela0M$}=<*j1(U9+J+SfO7yn<Aq64;*OmFai>4Y?8!jf7uGW3K8N5}M8y5OtB|-?
z)gp1n8Uy_J6-I}2{e6|Le;7yCaccGs)tzX<jII}zy~pT!RvtTr>aDrXNNjiCr6-sh
z?>Zk{pVp|+buy|jlK#G)q<@&0q`PeTUdG$bN7B1B8cBM(p>C2*Ptx(I9Vh9#8;m4<
zeS=2Qll=%-Y3-}`I19_8HdiFA2xXa|9Qyej5ny~nB=(I412OkeDKqU|p!KtUVo6xr
zpynUmj$i%7bgX@8X)VL@@}?xlM6eUQx{EC{@s3``?pQ|{#9A)AH7OZ||Kp+cC8$3#
z9VSj&aX^;^PuEhUW%A-tq^`MpI(+wLVEzY?v`}GzC&z$$dy;g8CaY>e`k<Z@qXBcV
zOApD~X2!Gdd@YoD>v)p30a41fF0DaKo%uY)Px-O0k$y|P)8D(?CX@_KlPdy8lI6{E
z1rU$G5sU0c9MPWJ$^Iq!=k~IHq5e5V_9F%hCF|r0nU+p2uRa2wWdDa$4*D3=nVxCe
zY=+LN6?!hF!T}|To)GLd-$)CCx6Rjyt+c$^Q8?y0Dlxs59GoN5J<X9~|9h-_s_aL+
za%E^_WuL{@y({dV;*T%G)KX(C@?1ib!lC^=jS*KL9sTiHFd(yd0ToPU1b`tGLm*hr
zg7U#tc)oeI6AF0(8P39xqx@i!V@3;09JhJ^5}N$BZvSc{L1!Cz;{?_%He@9*2>wek
zxntp6eC_mG<`$tIXU0>CGs<w@WQ>37Im&F;u3Wg1?ZQVdMGPRojPMMqf(>7ADU$h@
zb1}c2zk3V2tO;|9ZZ=$um1wvd^yx`Q@bsi<?5Y}SLyEWt!|t2}z2*DHWarew#zY9`
z1cvz2($R}ozSrUekw;EDDOZZthN*|4#3b5n?K%r+kf$d+ek%VmB+|Xg)7Z*O2;M*S
zWY?}?td<V*8OkF&o)a%ZO+TgS7J_uMnKG6mtHrbaTt>&Mo$B#wr%kF8CMq$8iW*G@
zQSrJ{Mp4ncl*x#d!mPXM5e>U%l34c6fLO6iD9H`oRD!muXfWvmB(0AC8aV=J<OqE7
zKhJ_m%|so`PO8+A5!uBjaXK_?W^lmc0ABM+mV$kDBSs|@Rz{sksu(K!N$~x$foP>B
zjy{5cA+0)E$>iP>IG>rHp>OpMXHXvgk3d$?U<6syi8eu&c18!X+$&>2=F8SI6lCO4
zhB759sujyO;mJ7foD&9MNn24GdHIB{i?XcPE}Xt>3`X`&A&~*cJVx*)_0gnlLBb5d
zOo(&JOP3ty*HiYz?(uHQhETipOVETy^JTEboRTOjXgMWc8K~xz{2xh!)9=DN=TuvU
z!*i$(&rgz2=BEbzG)BBgCP<Pc77KO!7Vr+n?T}$TM#6-Y$Lml?OXUU$Hgl7Ew9%BL
z+*yZ$QmlaoNX~`Zc;uS!C2D+T+$2}K!|*b_1ACd;fs8^x{4ghMP?{4}TaZ;@wl(-u
z7n=S>GwRILncyANolG8R?enE_dj?85bGjq*{fJ~cAJr7)V17;j4=B#7A|gYwB>Ku$
zm~aU4ssc=uWhyWq258PX&hI#Frjziq_9NN6C&OW0<Le5jPTjy3zJ^XN4BRc2A4+yu
z>m70f$QUNf(bWA`eixxI>vc5C_+Jui-=RpHv&A9rqs-9$;a4~sPSM@78cH~_wm9W2
z;mdUS^#2pS;V`$xzzfsv;iCXlK&!vG(P3Tf6!IIm@kNwRI)Mks!~;W-;1bnD!`ULx
zOF@Uj6VMc-0`hxhN2^iX+nA%@ohx%<ZB}|JcKDbkkaFon`JtYr3X4@0N^;s(6=vly
zRRM)sc>+8*8g?<oBYGRMvi_8+jnFN{6SYUWrT7tetRKp*79@-oyieX3qiUbc;i~p8
zIdKGvNqasR;%2-+Y1&a8v3caCHjG!^-ZyEwc#sIjG*wfNnlMq-i`ok5is638P=lO6
zn|*0Epvt!kVSz%gSnxV6jU>pG%C!{L_p7$ab95Cpw@s>~K(%pRkahEtD|FUP(|^;#
z;>&d{sMa=S?=`l?k)z=0deND@lp)7PRPFFG=qPeHL69q;fMz1-DE9zCf3p`pFtm|g
z>xBe8z;r&1px>bq^k8V<nk7IfD@XXdFJ;@0@8U1|n|Kb%|Cx&0k%|XuRVt3Uwvl`X
zowz$mGu0Dv+t-Yci+D_vz6#O-kPDSRAHm9HMO2yOrO;)a{~a0pb0pG7CgXxCM$N*k
zd^5`MRWO;d$6k&zXJz~riR8)|jcm#v_9o@|ikvMlX-7l7kyPof^(^imPp85MRRq9m
z(()`mqzClE({!!ieF0ZU$!4~9((Ri%2r~<zA)m>JBo8-fh)M|Y+yx@nie3qf@6^IG
z7ubR?Q44HKYHgAEUa31AM@g=_EwT9{aC2KUjonTv)AzZ|sGhETdqPJV>!BHr{SOW_
zsaK(^<`{MrIyK5IGo#9ZxCT!rCa#a%8aEJ?o_a64mGT+XGU5~@8;53%d0!(=s+mVA
zMB|0J#csvp@T5I?LS}9)VM@FEE-CQp9nQkKsEm3t)aw|!q$&kz)8QE1y~?1wXS6Yo
z!#BmvLns+!4z2psC~p7rCcU`**PG(R?Yj>f#qB!}YmAD|Lhue?d3vhIG$G9HO;<at
zi^{>wDj^;vAvmC#2~Hn6-^^xiM;>T9rRtm)1hs=<4z+jB+xDy@Clf>MZ}F?|8)(+^
z^u4#}dHU8{;w0`X4jCoxYO?<wN{p{}UI@O{EQb~@Ihl~r{kf$X7+tAKHRXWPty${|
z=~Hxe{6=E3(wyf;;{QY^H(bX`b_9MM>j?EaRyGgqI#xX-@9V3Fq}VrBIuhBst2eY>
z-q&b{v-Z<hAJ9)<{px7-Wx6|CZ`ap<$WZ_8etJ9JHPQN>a_tt^hhs+2&oF_Wef2F2
zh;JbSZ(NJkE;sc5m7#w+Nmy=H8=$kcLo&4%>84jhW1}<mjSbDzH|8)j2H1_4zj|kq
zUO^W6m2?=~KP(%Ba8Jl0HZ=IU&!vnEn94KV9TMT2$m~C1Q9DZ#u-JT)*jbYK21v{y
zNU)Q>d{cDTAN9?)>?4>s@1O=>_(Gi}UO~IwWCXF>(D0K65aY$9YMY<zBk7LeHcbk8
z(B>r;n*QsljWvv5Sp3v(*cYAJRf(tOo0KZmyYdVtwhhhpiEnnt-e|My_foSudWJNt
zpGMJ?&yHv&kW#b>3;EoOajy1)q~7!sMq%PYCDq;+=|q8$UI2LZ0$XV8rfZ>2W1(t@
zf<6}DSKBJ@u4}8Y_P>z4J^ImXi*G?wuy<T(GF?D>L-g(Kys#0$AHv^Iwx<zfzcJUF
zOse|yda$4Bj-qQ($7ZJbD6ucfsY3DceyCF7Z<KI_Srz+?LhZ-h+7@buce_BLcENRt
zgxWctsth?fYAHdh1<TKW<xiA{$SEHV?VOJ$e_{#BGJbx}>ElKPu0+qPA=?C5Aw(au
zN%+WMQDEIzAPn8;n9+3az4x{gX7vRkeUJY-hok&pGPgGu$hE>OZ@=@~m3p*s&(wMB
z2S6Z1W<0<@pbu4n9)#(dOuor39m94qK_@@wSoxvL%Uk;Zl+!uKMIEa8n<Z$Y!5Jc_
zcKS#Na59NV@G@7(Jmz>STS9-r1(*QgqeZn^<4)gV2BM{8wwG6jvk;Ds!r|FA-~9tY
zrS|gQdGLEC+G!k~py;%QUB815*P)R=)fTjn83kVSH@@&q%@u)GRf(Qfv+Gkw;r-cA
zCKWS<_%0vSlwlIf_a!;}X%{=q`)rZ!tHKMo9jidD;S+&XWA-IB1s@F_Kmrmp3>v|-
z425ICJN1z6yy(b6%OX!>yVq{>G$srF*~qdQ&B9xFpC*vYJ|;o_fZl;_*A+I=%A&&g
zrqI-#P3k%4!4%v3TVeJ;=mD6%%Q@I&fj<)mr<l<#`XlGaw2)C}E^Ie^wY$G<_nmYP
z5}psOOb2Weq$d%9s}JINRo`3;AjB(-Uy-X}xiM_eQ;{muYtaYm**=VMYg#$MgI8U|
zm-U%!Q1o3-W6EnIeREgCn;Fd*f;xGsu57wYUrq|?rjs_IYkTF1=s9&Z1K9t3<lz~(
z{`ITz7%qm0`g$yB$ROEXdKakFu3DIw(l^5Rqp_;;T*BAkS;nkfK5?Ar%NvC^QX!ow
zG0A>3We$4Hm5Rr0Fl`{WbK*)Uo-m5+s3m>dI_fQxN(*=IGV++G=bMz^E~;9i=}~L*
zbLy2l@mQKazZ#QG4g@4=_z|c}P+G|8CpxWc#Y5AW<4PHF5OaGbGZQN!Ad#K12T|0a
z5~^cJ*>^A!NfdCVbUnf^`FtZLXU4ULi$8i_q?a*cJ<9!ljOs;;k;du*hCVat0*2<B
zbOA$e#|S*Ty6byf-(BBhtathAT}E@`3`5<?y1Isdp;vYpy~`7KY2IZv@FW&C1nSiY
zF;U1+=(V4X-i!ge49XUK3K_I5>rXV$HvG%mDeH|t8Z8v{E%Rt0eP1hg!g5n*b~(WN
zW1i)$yU8tsmJ|Dcr8ok6GC67N%p}Ppoowc{`BJ@IUTbIV3$wTHK>ufq+Xicd-q}M#
zo1}I=WGA&oaZ@ZHDnF}gs6Q<yADu(9ci?4}yAjD$s~vM9JWz@v=Q5U}48t2J;-#^p
z;5|V%lcWpY0Q~?p=Pf*OUbyr$6Wp+i0=W{U*IJNX>wVqdCdu_;_fam40A<^drXm!y
zSd>Ogp7~}foXlNLj_<p7M#Jg^Z{AK6897ScOb<NbuOC7<IE(^Auv?|aPAxQqSr6mp
z^PxJQ1<8CqQ<C|7h9=W|KCI;yyeg0|JjbJRkuP!MUCU(D(`NK+M>PNg+Dz+cqHOj9
z=2D?T7J8!2YV;n8ClS2j9-IS@;JAYxc(lt6dk817cF@M+T`+YObE+%pl!%k9_pmK^
z@|DTdo3`*fb%(}eC&)G=Ou9-qA5rMKT}Kqi1VLkE^x%CxJ@_y&J$T=cZ)SF<^U;G3
ze=yPmyP@u_o%HlT7i}`}2O~Xr_y-+5z%c_oC~AuyAde3{_akkSC8}Yk*AKDuV2*(v
zJhS(F^q{G;>3s1f*bAcxT7REyYl|i%?L}Thkw+AlWY-&l?97&IGndoNEaUee8CYv1
z16bP5?N`OSXkc2H%fM|!2Cxmg8YM|3?X3NLv|=H8DKFO`Ixb@C-LZ>tiC^lhU#4d|
z>z9~L2Y=SW_Oe`sS2UG}k|~Map%lz&IPl-{O`yffv^SJ*&lyXybbE({Xvy$4whLFF
zZk%8%DwEEse3V>8ozCg$5X-8Vj8wt1FNI}QL}GMUdG>64ISVT%=*tZ=l;fj_CvM6W
zXX!p(MyoDMGeYdR0kQXXii6nWjnuqy&sJS4Z^yv>K|?|;XO~#>jdFS`f+C&E3zUVM
zIlaj_vH&x%FmLxg3tJ4{rg9d#2zW!xD65KTg+ei2HlT(JJSr9vBazm+#u|;KJ(((j
z!wz-dK{(e_<v@YWF?LOCf}tD8-zL7ns<xePgJofENKF07dqSQ|F}d{Yz;1pE-Ppcm
zJE~gUQTS!n#BEWA$^y3egn*;E#xp^~F3(M8^T!6Ifa`9g8}aP*w(Umty1$y*W;~mk
zVD05+t+QLJZT>W~FzeXXXz+@+cQv{7d2`d|H1mK|CAnHX?V~En$|_KbS5TnpCcMeT
zS|_~qcWBF8<+<G?(+magGu2wqm?&2(&uxlp<tysGj_u_27VZU|b!mKL%dZ6-KSN_D
z>Y;eHt7M8$>%GpnKtaMTDiAt0uO-5rTcTVZb(7hd8pz|rvNj3De<Wdm?Bwq8An3Rr
zD~O6VY}JW?vA{I+_F?;rx1rnE&jJQ<{l8BXpW<YJnXqJ7m!ehvzWaQbwi&mkMzx)C
zB@a_%2**h{4^$)!*t-dDuV8prrKjYxa(5$$aGET(iO<pXdlKfTA=iCzQXEsg84TBM
zHIi@lCc-ufH67qLP7^ESTQ>=_%2BFk@wMEjE_es;VETOO?B<A)y+beWMZL7j@;&%L
zHHs;V=~49uEA#0w-r%K3d(;CrRBj4As-`35$vt`%MtNXQyhcMG?%Kn}E#~%obyI5u
z)59`vr*!9j!`Ez?pCn(Sg_ZqwBM?w?h#RPUAj)NeJh3O%zP0lwqfR%8ywcP%DGKe?
zeu?}^?;TV7rLU#Mx_+sIckc#czsByKg6_g^)k_%a2!hLDmL;AUOezSwD8v%TPcd6}
zWci_qbxV*o77^YtZtY_Qd{jVLKuOz+*q)Z?zO#WOw#>~X`dF!TlBoHv$A6{yo6p2W
z;C)cV^j;(hM_)#(PY6lE#vm@IYPnQi+O3lslpaRzHMWPrF5M%Jdvzg7Rm^HPb*J<2
zZHAC5rJJ!dVWA-9_26_ZvqxNX$FGsKx$Ci^ZLHhLr=m;K0K1gwc!cbs?X^pA`_btk
z`0k^(<nQy8?PS%jITgPa@eR#6mZ+idNzM1lLRRikiS^Bv_<*<6w&1d`8n5}OW;81_
zUShd(qz$K`i-GH+X)i(})lYxGPnWKXv=!Yv^-7UN9y+-;y?G5O9T|*;Q>+}3>HbmX
zJUW+uA>zDzEsjY$FykXGoK<H&!C3Un_V8U<vw@}O-&!0an<$SqK&KB;r@Dh~O4eGe
zaGdkf>tv0W2CC?TQ=UiE;-+<MPtRkt<ce*EuLr!%5xT~h0)(0AlNEjC60W+bwrAMq
z%Dvl2qpQ-r4j<<H)%5_H+lI!33kfR#wb#;KW3fW&Q6RuZrRUl>hW$%b?5ps18lqoo
z<~Y&C92b{VXi`3|qJB(lu}~}tWv(W;nb>0CE9KuT!(hna;TZ7dcJ$Y>y0pT_>7sJ_
zt#mt1SFd>1;_96Imnd%%8@7x7VQOJz!*=zoUc1*iupbfk4bdgEEyF81Y%5HY=bMy2
zor#<9o!cY21qZ0uR(w9_eUmcb3{Qv?TKGC2XbC`Hc{Ui=#1q@%UL9-YR?UvdagY*L
znv|D=x?42vQaktwGe&g|>QfOhjq&o=d3G6k6r?K5VRN98Kt=_YR}jeXw{rZ1?%s&~
zGkDuY*!I6G5m>2A8hrDpQUBdx(v!%wCcT<~%vu?IRG+?wjm$H{II<gXWFso$08({U
zM_%z3AA%0%9XCP;sBW9YW#|TMV+m_x|8f23UAgMWC*Ke=>i3W9E;89x#KG}=7{>X*
z8hzFrHlZ(zj1zhok?h4aaT6L7!NJU78{=Q<#`t60#;~_dEGMt0Yrl`P{a{sx_7)B;
zWsQzlUZH-v9zPvjt*gePvd_K7Z{Eou$)Q&ebEmD2Ho=SiU@W${60;GlrUNol@qmm5
z3k>?^IvGl6Ofw6Wtfkm*ruGB`>G!K+w5xQc)TeR1YEn>Dwt(0yjECWgbM$5AnkZgz
zx^bO4P;%8te}xjt=~X)9oxjGg{Ds=`|28J~<s<RkKE*cY<a=XL@0&K4s%mW%Q}__&
zR}Dj~2UsYhSH)4!Phg8KVj2V!>WO-XI<2G)yNKxrI=Nmsi$VZ9TJ4nU;(1{}*UFj|
z#0vvDwLmAwBlTiutfNx=7ZpZZ6Vnztey?f^Txw@ZgYx?N2)}iQEIQ*?Auj{rf;@22
z%{%C8sL!ihFa;uVPldrAGGT`*!jewmp3xGCYGcs|M5XX#l*|WJGVk<Hi73mqs~QE-
zck)=ct<gppc`qgMe)&l)c6Rdhu`-KExn_Gr*E>-9Qlj*SPsA<S<~CiMo|-y`IiPeq
zt&f!?u2s8#NrWBgCi1~0^ogs{T8MAy;Ll9FAAs#3D?8OW8y$751am{*v6^^1S)`3_
z=c#vGkjt6wMUQhi>lBFv<vKOP{h98|z0>1Vj8_AC6+`)OJ5GFv8YM6Cv!_E+nFD^x
zQyl&;jEZ%<qne5*JRMbxnkWZh8~zHM)n0GdP8X3^q|%b&dWQc6;K#02t?apdOVApi
zsbr@s*maiAFrOX82;^o8>^7-S0N>fAk3DwtGzUm$OJ3r1cFB*J5^tq}#0=L+%wXdQ
zMo+m}`6D*tQ0W70mZx6g^nq=bPoRX7vr<ozsn`&GG51$Wmz8>ANJaV>TiS+$JG_G3
z-TA|hMke0dtY_jVr^V32cYee@GB(q~{HTKGEj`Nu*up1rqzYXrvRSzrXxfUaIfVZF
zB8Sk%UGVAmD@awlAm8UOZ@@J~TFVc>=F@jxOxX*X@``H=a~|-bVb1fhyHjOG&*`V6
zwF7)!X#t!ZDABE&@ci6hGlh9z46Ptf29;#xDDr<VYtj*M>SpycLpLvCH*c0jSSCp#
z|IAhtdQUCLob?hD4j#azcnHd`xWUluL}RlO7Q3Y^D%bI1!;HnO*n5|<IDR#;HNk*7
zCLGWQ*wgyuTr?mav3DvjNYR1P4lMBrm0&z%Mro583#QoD5Tl~^Ptkk&tt?o>w4*1=
zTIn(~lw9z+?=(&?Dh2Po%MG@cMeB7N>*1*!ZLFK1wE@fZ=P7{EDo<5t(xK}nr?4W;
zto&h<K_PVwMxx$7P7zgxY|`W~_npo{sF}Sfj-GE<8^0A>xiY2|VMVHPb|cJ4SP9in
zY>cbEM-%i;sgmoCILXynn5ry|tE=?hq_cn~sdD0>xazohNK`6LRb1ajm7#qlQDta{
z0fk5kNuFYmLMCDC>-uk1mB{j1M`n?4XVT}dv8|Yf;RN@@tAF$2Cy*K8s!T9`%EHQ2
zrF?^Kp<Qmi(C;t9Sc7llTI&(f8BQW9H21d+4jJ^TW$5gjUJ(EYKJ>E|xrmJL(1=3I
zBGD7LLToq@%MiDV@=0KbuD)^1P>C7Tz(^aMXgZ!FV~#Vn?bLJq{-qSi;yGOBknbE>
z*nN@cYd7JC3{zxmH8NHf*u%Fb)mOIs6bFl*DrA3d-{$nk<NQlwxt}r+NJYauid9Qw
zOzpeNphMEpXSS=iPS#NaHI_>13QS)4b14f)$AF<YWq?VP<e0R}bLr4FqhTME8PCq&
zU7FzRyxm7toXoR{66d?Cb*jO`E4fjGpCc<}@(Dje_Q)>vE6w2Flhq3pA0Po`KeMKZ
z%)~(C>Wy9O_#$ub3usR$@#DcXDL}~<`5`pHUR6x5)iAs9Yc<<re$Fw~{P^-WG|F#Q
zaABB^!1KmIG{%-fBTKnxJSy6pQ*IR`v5MF7vs!c67gA$G2VcMtzqvemogXlS+EmoH
zbP3t$wkvb1Xgtcv5}kF8gCpq$19?9UgH+a)=*0{ww)=TQv6)!xA0=@p={ls-YImE^
zW74(}^sD6tdw>qhCO)4C%RVbZQ7*pI9Y^>+@Wqh<;hSGGppGrk83o3b8AP_xn#eXh
zMheP+f}roUJ+~d-#SIg0jMZ5SbkluxQljZDM_PQ>(kN%M0}^rypS2>!+*-}dt&?w$
zHLJ~4j|a->BmilvgWfcaMDB`{8p5lY^=jX9oFYF7q+MC^weECbU7WE3514PBYCQ4s
zB}tU(iI)#aqBNX%dFX57363t<(eSS$@fmHHKaMim5Qs{M9QY`hBVk4x3Ut?Jw4peR
zn2a_U7eYB}mej^(v_YbyX0%zPe$_JC6xAlmXd|qk*d3PA#x?Q3OlQ;UO#s3lR~lsP
z$s^7uXYVUD7QX&Gg~PLA7JF&T^A@)F2Pg8ye+W<2eD!4<PIvls9ZZ>jkaS(WvX%6M
zQQ4Zclqp-UZ!s!cFTk@hs3NZ0%bQfCo+K2~?umn`Cv$A2B%!=osYBO$<Iol5zdx>J
zO2B2$8<l`R<mi=vQlOwp{i**PC;uNIqn4WreRpxWsf;K(=D$SI(phLMULLnNAGgM6
zh@H-_A%^Ese)Xq0s@=FQ5}Bh6UlOHzLy@rE5KC#)bI(8xdx3x_e51)bY0Kh>S+z#?
zDpi^B)AP!VRi#l=(B!sLLb&oZ7I8<+!8GX$BU!r*QE1W^@kUIhorPZf0|CIjUKtrz
zDC~==G@6NilQUx3oeC9%gQYaCou7I9wt96i-neNhf*oM}$<;-lH#U3>p2lG)o_t1^
zGB)(5zfb~LGR6o}7EyC=CS8~e(ryObT2?E{?`MioH^|cavg%$f<u5iHv}a~miWZ+0
zgY5QDV#)9uQ$CM7J)bh5LX`|NtJ;%yH12iw+#gSO4t2pVyw5h&vIwtCU#+H#wFz_A
z2;PBIm*t8T<-;NI?xPW3a$iiL%I--MeSA#5Nj*j1gbXq3j9A{1BprM8c5Xm5qzjH_
zrmPlbDp;@Z2W}y?uA$Qxb|Jrp<!E)?fLVt-=G0@yH$umD%r?9lhc8!YX~}i@6`~nk
z-D{%BSbwU_(2}v@h*>h$W%z3Wk55mK==K(#?tVVi=2>nRn6xanf2Ix-Ww})px`o}6
z$zb*nVA?voDQ4axR3f9$Qp{)-^WU!K(!PFlG}ZR<MTSomx=-JJV)*n=-KXn}4gNGL
z`U!EJ<u`W75jDlJd<u$|vU{i5P3ChKwUAU@)WWSvvQ*c?MIUJr{Yt`Llr(}2kki;t
zJTp>6G;0>l5A72zDX>L?^oZ+f^QA1Z2$Bsmb4j}e?-jpCFqE<8?@twdFXf4H*+P1J
zN&FVquIMhbQtimWfra41w+uD6<Oy?wa@q72N-XghB6Zmux{ain<uv}s$fMXD$I?Hh
zpj=t+kavnfDZ7;iA<3umg_3Nb%O=t@w&dp=sFbQ&@bGrK?`R)MrdBN>O3&!e>K5(i
zPX04r{vqF64=)1IZ>7<nOIp-q5dB-#U*}ph33>v}qZ+9^rz`c9MS^snnNByEZAGnp
zp;RheRKM4(0nH|qREoZPCe+()<_tml2CW)rp~w^q9*G&A>bPTgy5M<joQbZ2a>)0m
z3MD-qp4DdDR6ue0!ip0BE``<g_R;1H7rVD9T6=b$zBXPeiVaX%_bz#r-Fixp`aepU
zWIznTAtF!#7C@<S$>pDOcH_N_-mVq|d7a(&QGddhdDwaQrtvZTUG${BzjUFbLNsp?
zeIq9b-*oR<bST4>2?CG%doft?E?JaEPI%ldUj>h?NJ&{4_fI*yDI#qi+WJfCP!1V#
zq$#5KlleW=%+{WPds41wMgb~=Qa{ekCN5HmaZ-U66J1VCpM=?KlR0$hN5~BNc!A$#
zGDnAg@(~kV(&&)yAy9cL%tFb75rmg@l^~_}fPSqf-J1ZF5l+g6R_(q+TN&94zHL?S
zrxQx@%=|3ftRQ>?piWAXgR)cuP;>ajBq*`nKcpH8OdWuChpYEbmzzPo$?;o?{PrQ$
zROp3jPiu!M2U%4>CD3w?T!h{ad=5&D8fw<?Uvf|)(?LYYhYr(mOZ$g?E&4~B2i+jd
zdW4QE1|pej`cIy(;;YAx&0yEhn{n;E)<@_9cTo4t?gydM-wED!$%Fu&nqLMD6{InE
zU_f3<fIuHNRi)1jgT@HnFW@s&n=E)gvapuq?Y0$<(RNu^iho@tc<w2<2GKy?>14?4
zn}^8txXo8!dfXPwCz#+lBf^Gz?$jgNfx#xa*w!JxhO33EQ~+B+ENryZ+g}9iUXNEL
z^7iBcle~%#*L68VDOg5ApwM9?>h#;;Icm0fYWu>-#|X2;UbJrYLn4`H7P=5tIv_(0
zYz#OXpo!=yL*iy~_X^)b>p$pPSMNcN@pIhcXKcdbU<{Xr0EUi;47$c$1K;g~9Ik!x
ziK4YdgRT+mC&EABJO^Flx@?fcot>c8weEdT>pu7z3fHLk;@OlM{s*2@E2);3;u11!
z5oT@cgPD@&oDZLZ$`9K8pxDmal>eNJHoh_fo1E(-D)*h4_<_4CBYK2d9Pb-a7=`{9
zEfgRnl5~&<yKsV@Qy<D5b~I8{Ms!(_=3~}!pM=Z_#m1x#Jw0XArr_QAAkMgKCoA~L
zgNWki=)R7aEbVq$mTcwk&6<@d@qn3^ijPq@cIn;-N`!w=MGZl+BQ4UzjfpFw;>MM4
zs^Z2a@Js1MJeKgt?puryxBCe2HqSv2cFQlqyB-gv3euaf%^KL|#02f$*Ka^0kRQ<p
z!~Uf~Gsx_KF7zgl!tcmMiAYQ)4(usUmHmuCBX>cFsDR-}D|o+x`YY$)HHD!^(fCE5
znLRH+0ziu3oj#6$y@a>~)kBzf##TLzz;IUK$uhY{w5}GsuMSG&?WBFzu8}Q5Y$AIO
z!NfvWR+&!dYIs8vx{khqn|Kyh<n=Y7>#|0oZ_f(S!Lu5am1oYOKncVJK0PCNlQK=F
z8APp2(1CK#S;N=wuhwXpGEnzvg5Z5$`(#lr#V8v3olGT^RCr;lAMQ#Qq*3sbcK|a{
zY5~bSAK_yYduvWdwHoJ3+@v*0Pn22*8+f(n?0^ElGt=zq;5mD}Ahk~>3@4#P@YXy?
ztAlchZz)pg;+{DHsa{wR$ReU0ZFTg6F|B4}t4X#Mm}G+duk6kyAJszx!r~;t{{;b{
z^sF_}>NgSM+!O7#(vq4T?d7B2#>g4vW}lxLT<hw|g$<!(tLV#{<QX()n&5rwDx~az
z(o`b<_JC79VWZ<%xpXPUJlY+MOJiJpEBV)O5Vjfni%5W*$6n6ssq)QyX^ZQ6fUB#&
zrwr?*gS-T?pMPjIanix5_<OUJv2_10bZt2`X=iNSDN|b_o^~q2C~!{`?8;M@(P9<I
z8(af~l2b(cX=Z$MNcKZ}_mZD3J=&NCGW&xR^4>`Mh#&`hJP)7;t2ihP_c49)FU_Mi
zD?~XsV=u|?@Bg(C_a=?$j<P&z&Ho#cw(5yE0Hu)XS;|OnCN#y~!kBk<!9M3Qda*_D
zR?%UUG8FE8OKWH(m*AQG2$#J<CSgC*VG^lK6G%tONJTugW>;5F^Nqr+FE0gHRHVWS
z_i=c^Tac-WFzYB#DS5M)?8mBfc$jt2Re2^&-9C8$N?U11!n&lEcoGa$PNTs@>UK1d
zdxcY9rK$<t0D#0cA{Bx+pXLbEdIkL8G}D5uZ@(S48YPQc3@<g<)C<~r5V7?xO5?k6
zd4_&BjvisaXjNbilEOetyl^YZ4S>=hgO5TPd`J)6MhtV85=QwKFCipdie$Af5_2Yr
z@%ycatQOB((#qHAM;MAupY{8(ubc>Fz;nvAp-&&Dv|+7+l--?=)e2*sdGeMxDWA0(
z{!W{BE-+7D8N*PTJvm`KB<LX^n6L-9(vgE>Zy!B4p19x8g<+c5AD^QRK76`Zj?orO
zwCgzrvh!jRE9Es@4v2$;^g6vIgaIUQ^#kA&hw|mZuWH&Z-Ps*Ne#<48JIPyoi3Tss
zy#@_&pf!Ztg(}b{<K4=D?~Xg}hZ*(9tPuVoFr(oxqsw$aD`9etu|2*Fp?+F(neFv!
z@UH=Ft-&`0&dFW%;OtfuR~keDgiB5UH71pgQ`Jk0a7nHg{u}_FKnK{pX_pX{B+4&6
zKyU(``p|3oKK2+XKPRI(0j30Q(fTlwXP;$`r}0_AyFCL>!#*W=ZT+$LY<Cxxpu=8E
zM=G?tQYwaePx#6j>9pTRxQYexPnFUf+=Z3WyZ8qXgD4o#l2$a*_BEv<T8wI;2Sfl_
z8i&Fsk?E-uoYsAUcMJ&mLyLR&V{oB<>9D(!#gTJbmVTzkAJZ#eFjI-mRP+!nHs=#N
zW3y%bOnJAcj7BMVos<xUrZP0w-VYkT6=Zk**_~M+9l#9J97LytlCok##k@&*w+~t(
zc<<|_@=kULNDA16d#Z}c-es+qcBM;<7BY=J--Ou*Cesmp3Evgvnq1=x@M0mN^YT0s
z!SJwM_G1GD@@WU&XIB|+H-1im++1L70mXJ4>4@zeo=VJ<VIEp+>252!)8ziSKtAN-
zEt~_eVGB;iK%DXsjxK;Gucp`;3u8-UR{pAD+WTGfV7>R1I3)F)?JIc6{7tM71qV}T
z|Bs+v-*8&h2lV{u;Bg)4-JhXqo=C6@@Di1|lhh#XE(3V#2@+zFdvGDvDQBSH^}XY&
z*p-)`6Hu1dYkGuAnhUq8v=})5m2|oIh5~Di;N3C=^%=Tu5acPq1VF8;ZCMpG<zWUH
z>?2#89HV^L!1BH@sRD%gH4R8aKVr~4Ab6KHP>z!jW4AUsv6nC0bCMPuv@7dYK{|zI
z8Ecj6AzN|pPPU>~%qG;S3;a(2To$8_k4*eB!&oxS2CRnGESWeUOyDe(R9V*x(sN{<
z-CQ6agtpxu-s8_Sm7?V7m~jsOIE5iKm_@U=_halG<;@v04iCw%7DV~5!*ig{;ip^0
zqA?pgM7jAt%yJHj18s88NBF0X3pykG-7`k|Ef$A$t5dMUNPt9nNUh*FS>cp_#()N9
zbbOaM3XzFW`r9aS)o}67&WMMoqBPY|zHH_Bct{;DZehU@^oQ`;$#xSoiEV@m@cv!U
z>Q_N)J(=ieVq&GPQ6N*;kRZ)&)r1qe;tk~!Tu-w%;GP1j?DYRWk}uqSGG9Ka{DnAr
zoc^mkeTKcK%ib1^LhbGtW@@n@g`fTNCHlp-IO6u2=plw+R(3bCd_>ldLTq*f40$sb
zSh>V0c!tp7GKmUh)rjVD6o#!1k7CvYR|aFoj%7cYF#7IjQX$I;C%_`3Rcori|4e4Y
zX$?(&3`o3Q@Rc_?RVsB<lvm9G@C?j^Zb%~jetT2IVg1Q{#K|^_IxhKyQ|pUFBp9eC
zV0M_-ILzfBdP5@*gY;H(T9f7wXT2T)34eb<dP&eWywf*sQWSv8^5S-`P_oMA8RP|>
z&>pP?Fu{sIM!W0b-}SCU)y49fBxu6&lpvWCH1X!u`X<f}Yik702vS8C&bed*iGAHD
zWqQtL75E>+Lk7e3+FtH3P3<C$t<sdOyhjJkbh-m54xm18-C>TuF`}#_U#rc`&Buy#
zEJ}<eyl$2~SOo98m!Kj-lo{B2QkKEI@Hl*w*NMq<W6TTP#>+__63xv>pqrJ5s;-3o
zKBhUMjINDDya7Uvbs$%QDy~>tborB*C5^F=h1-CIgpX0|yz)&Lb0bh<=O5}+l?CXd
zRB(x5U=7{c7?>z0DZh_s7(_OdAs3^>w3z8c#{iM~8`)3qHrNlhq2QgeXvtoQXjVva
zbSWwtGf3SKg}Z~Ie~`pY`Y57?{C79&Y$^^JSb^7^6*a1$s_nsayUe13SRi;`pciG#
z>avuCUKvz1S1?_9^0aY6?(W73jkwk@p?<wCY(h6pRBb^&6~qtN7Bk=%`o;|SvA%Hw
zW<HX~2^4(ncq9EBE>El449e!a?pKBBM^p5&d42!3Wb<z|oZWbl!6@b(K|>%V_dio_
z34~@>4^nY&>CIGJ_R<}WS92HlZcEKQdXDRq66S=|uT?h`63YmUfww&MyaA0zUi}}M
z?=q&qk|BIUS<V>qU8!omt9B<a-wEE?6SegdyfY>;0V5XS1X?uRIu^ZTex#DfHO%GN
zi&aIELJVO-j-WV$NL7TSdD0_i=6BZ^eNJE*NPebM;%6fB5(y=yLDvi3CLpPU9u~YO
z1kEHaGHoH80{pJh(%!6Eu~FywDvcG-1Pyi2_3j#><n}yo#I-Z8DDtpti%>G6H7~bm
z>e|Wcxm+lelmiLIR&qN|JsJL5uk}kyV^(NmPyGtL@VsF!U32Ay?WGgXs|zz{M6+&1
z*j_p@$+(x=-x0Hy&fI<hdx@BcwYQ#$%zZwgsUprkv5eGeGCa#aI(>6-XiO=<OJA=<
zquOGo!yN>!UDu-7)#}}Ym`LD&J!vcMhTH9(R2nSP%a>NuEGtCcU7}3(NYUI%mq&(S
z<w4`<;0eP7HySJ~FB*oOj!_m9#KM!9&aU1*$(-Su3A{tz>Xd1qOoSoXV)CXY48=r|
zS@Q1JQ$?6MmUa3km@7e0?dN1*1Zv~(-6>|Zig(aRU7bVUGh*jTcF66W@?xwN<z+hG
zu5$H$6zQ1VWO1C`<e+LdkyghbRJey;*=d(&K&VNXzlKnibe&1wAKK(La!_S7nW7Qb
z+6&&Fo-(3ZuUN9(F`jJe@oSesHtqKZ1AYOwL7f3)2!AKsG&tuOhsoMQzXfSXFWS&-
zIIBT}WpX91tgZOrh&?NmOk;(i&E9gEK^__zCkBTrNJLOJ9{g30&8G(q#=`gDkvj=}
z68Giho0LD*5>4f@)$!+}CT)|>qJ7QtaU)R;C_3AT;N5qzCKn1NTWvHJZWz(5-O{dT
zmzWs-IjzeX<Q;e|qPY!HNlYw$0E!)aP7j%DpG#mdTFP|LdSQ0yvrv)g3pRom8^a{!
zky=$RXL`s*gNbc2yB(?`Yuz{58KUOHez*WzTfZ(U1CS!GcIKUeJl$D8T-TrrqDkI{
zBe*@ub_mlU{ubTnZ>(#IMD3xp-{1ZvX1@p6ezydvjO+TiEic!J<&8<=9TMO9KRBX0
zpKo~}0Ni+~ZTqZWNM~6{%Zj2Z#ya>eiyCgGnN3J$K!9R#;sj7_`eO#i>hAdf|4Pu^
z71G^z3DPGQn<#ast>_h`7b`9yi?{nbADP2MW?Dt8evE=XNPVKsJnvHEZDdLM<E7ds
zv?M)~*pei+=q*W|RCucPq}D+fXipMb^!6mxVPqHXuHyD2Wz<n3lcTsy>Mc2{nHR;v
zQ*7BMp?PNBQH+<{CrB4#3BRSAt&HN|1~aq8&=7__7th4|mRO!#C+5k;`<I;lXPM>V
zV4cICpN>hxW*lOMiw02!rgK{GR^FV*9|?N@xE5|{|GX7%GG;b9X#vq*ial~<wIC;-
zJ--hEc4>%~KP9(4V38obN?O*5aA#0-Z_CTg7Nlp$=n*jED6%#=t+mq+z(0aCmhd<`
zPbg`%o)sk1?aZ4|++Z~^tSQMeqezpd8a8h<V9zXTBJ5$dOcjIH3sN&lGfhB*5Ws{>
z%*5#aOgYpNwU2>JsoZu5P41OJS~Q}LnLo$VQ$}eEYcyXKNouatK?4M-;Q(pAHu-14
z`(<}RnR-ostEmM2Z9omPcQCR9vNn+qc`oxQ*Abws<@ih91Uw9Wm5b&RqJN;D=}jcd
zhi)0h*clV;@t`wK#XF{_CT}?X17Y2H>nVyQgqBP+f}50Vh2#)LZXgWg(KaCJCUN!q
zPw9Fp_2zgZQAM_<I&I{Sm~G>nP5#9$pAwnphC4pk6uB$I>03<Jub_k#HQxtbeZ|R%
zOvIS4hodkkl#ngamOH&2rm{>&8Oe1A8TPzC31}$7K_{De>TJgy_DmS<@}cTz$7ZJ5
zg_2yr2~tzSpL6FU04TsL0-B~}FD}F1p=U>MRm=Mb#(k2R3+iKW3+{-S%#zBbPIcgk
z*??%JdZ2T%gT4B7_77Zx#X`^8`7-kL`~JzOytw%zzILLynyZ@%W^&|wD%w58QW{t|
zpr2hn3v>-6R9qio>A+f<F<)wY1VafvA|IP~?;}ijeN1B$<2ak}(Ru(Ah_Z`AZLo`v
zhbCYbAH}c>7z{DcoMXx<N?A%XFe?LL#B5Iqd$@^xm;nJ_u*I-R=I$+AC6q9Z;vbu7
z&dVJL8r__z^o}_uY0%Uw7vA&bqc(XDV5&pjj+WMTW=$esf(xwj>_d;}dzT-H_73>e
zpLg#lTqBgI5`sB5Eyeu>pCAVC%G5WlLs;}2(QJz>AZkZNG$0BO!cVx1GwyJjUOv_Y
z^>HMq4~$y|E~xiX+wC(%MJIgZV*5urvE3nWi;>))+QIC@`O*Q=Kg?_|zCrLVG{tHy
zsIvIG--Z+%uVY=;s$sM|51Y3$Isj#Wa_0f1-&!EA4qr<4*!{xHO<lEZ<COQ~c9DM$
zy<lTFvq$TL^(g;nXISf-#}xIs+CHdMMzyN>vgJx;Xse3w9Qz5+OV1_4yq*pdS)|BY
z|A<teg!ogj9HSGbB#h1e`{R6_efOlJ0XK<LtOEZNcmZURXsw#uAD151hDUb_vp>MO
z$koJ1fD}O)EdIhy451XhB<r~#9m1A*<lU;rZN7YN99J4J2kY4ZJX~e@0mk6HpV*iy
zk9h^nDE=u~2Q*V5Y!#%?X0HENT2cVStqLCQpz0lMns<)3z@1hgrI342`Ds7GVRRA~
zpp#fQVUqIv4)$IbtCOTWv_oImoS_!B@4#3uJWq-Tc=w=fC{EU=?c2!^NBH=iaVB3D
z-lJT%CswYVL)&08OTgO5#qAu9_#$(kw?Tuhx+{(b#o+oY+Y-f6%+<wGYyt6gr$IfM
zzB5ssk92ho2-5w=IwED0p2xI>-GY?a#h};z(!OoImPn?D_!AK7H-1(r<Cz^C?>Tiy
zqRjX0kl3kOiQw&F)*@K`2jkwf)L%31IR>?1+>?`(bj3LLAzck~Pj7djbDyWpy=lA7
z9-d%N|0SepI|P>J@w_3$_27D5+Qnc;oRQjwIUL45HWZ7F3f@8cKLrH|-bT#!*L>sD
zt}G}>@E&F_rW{9^GrYSE(O}FVqiEoK*eKd*;(;>v1pci_<c;Kaj+)uaR5~9+u1FrZ
zPo7bOS5lc6=KeTU_m^@>7v}z{o=g}o?kRXj<#KUxbgq88_s`XDcQq0pq;Y@}X!>tF
zCP<5JBg7@*v4!FeDzb=_MAiSNp@=FX6AhH=i-*H|$8CnbZcC&<3ni#PCvnTdvx0Qu
zcFj?gBzV`}u2~jr-vO^M6+e*Vw9aFZXi2|~jYQL;&Q1=gwDdI1*jJ=Eg^~nmgZ7Zj
z2P$|m<}&n;)n*>3>St(6?x#EEvLct?N1-X&HZeV5z|z&7+OT#Pm5~VVN*yoU-)<C$
z3nzuHCgllof)7bz=4Z{7^)l?m(Ak$8c?=hxKc5p$+OrcTMuV|3?M3?i_jugdO!38{
z91Qj3Lw9eB9rok*8r>;d#~OycrL7oSb=XO}YIf%;B|5K~bVrhrsCDV2Hwm5^WFQ~D
z+u9%>b{_w*iMYOD%wLW*#Q8~gSq)?E)!|phoC1(8Ig(~N1&|i4tWgP>Gowzw+d})r
z&d39?ufv^;9=PN-NKSE*vUfk>86#<QQ3sK<Fs7vDhIZH2|2s{8FX`84ddsbC&~zB&
zpu~gx;XuOI#}b$B-9%JX1CsZ4!^+~#LTxdIQpOlc8Dl6qqJq8#b9ic~^6qFugT1=6
z(cpNFE6;7vdrhyt$x!=L>V*#H?ZfJDM#FIC==ibJ^*#e0JfGUO3(LU!ye&7=X)NWF
zgZd#(HF}&UbZ)yj{Se(t+3>#n9`C!+a47{dV$l*0$0KSCmxiaKh)H-M5iUu3T<Yp+
zym4y2C!pccad^R7Vc00lG7W@LRRFRR9tBd>PLh=0Vn%7SvMfOa0hosW3F?S)a2<b5
zu1Wkcu_0cARqi~Iz_3kWu;`4x2YUUErApSMu!>DMU#%ggf$`=<K7&xf(x!;Ak1nGf
zt!^ph-u;PWzNI>u4_2dalR@Siy9v38&aSO=+?iMdIhXMDOAQg7z5PL}YCYymNQxlG
zy~fHpZhxzu3r2p0;{peKEmviyIa@FSK91kov4CICZ`TsPy~@Db&ADyx+XBBUQ)Rg0
z1*r;y*y5FgC=d2zXgnCWZ#1laeu}=kpF6kF9q;KW!RzgWst+!0fqXjj>Q_yirz_Vs
zCX6?VafZy>U|7Z38>04=*!7>MTYuo#g~pm=H$+r(w1RoW4fdD<c|RZ?3!i6!o-Bfk
z^i_R4_LMtJCW-(XdOL|Bqd2wnKGcAAhO;1W{H8&rH+$Cuy}_mpZSs!7ixOSh)@=hC
zLzicwiu_FM6a{aeu-dk?p6eT^*5>|$2ZagJh^Pwn9VRe<*2iM`d)Kq%2A$QSu3gIa
zTPdC)y00$Y9EH)9+sQsIGQTA^*^oIr?<56-Gh4uRuIyRKL?B2P!$;+clQ=l04>${%
z$}XRCa%+jNj0wgh3)$p74%E_B<HK3empj65xyxY<xJGcpkHi0fIls8S>a7uGznN_`
zDUQrWG@Jxz=*na!AZ}*HrXBLm@Ir@wnAs_xbXbE9!MVd}ZibP=)W}r(Mz$)*GlSc`
zqcuVPZoehhfhl)VC}+$6Oq=gIA8np`O+vb?niglC;8b}r&zgvJ!ar-AT+~QaO}(aX
zWgyaitTT!-;1dpU9bBh?18=Id=SED*HEYRG&=&3r-q1PK#pRUeX$MFae$j*hiG)9u
z=a}6pkpQv{tu6)fQAJ)&c4zciD2o6ab9U=?Eahtd?<Fgcr|Xzv*Ig%B9alEias3H&
zyKM=eciZWN;?cIB6TUuMuNQG18(<Jp?r19-*j`K$j(?S|&FBc;Xh`^a$xjJKklGO4
zj+mOrL)xmDV>fKi&?nb7GoRZ>SCFDZ@8$NWr7HgKDe_SZP*9#?E<-XM&Slok-X@B0
zC1oh|5NpiIbR*^-7raX^NAvMqotY5IbN$z0u25F~{3|MO23LW5noXKd|J$fKjOj?2
z(OZ<KA@bw*oPaX?M~xrE11u2y9}#HEX@)?(3<xw1W5jRJomWl`Z~UJr!_f0fZ3v3<
zQisQDId%91*evI;nA`h*n*W+zI?ISQ|1WkiIWWBAf1dTQ^UoUf^tNWrBbJowcJPUR
z{C@+#Zr!2bSCr@~FGW-rT3@8Fo<{SfyFL4pqyRf}ZYLTh)4$43xW{#M#a70Mz3*{T
zbj4*zGtO~q80JPG8HQJ%w~C6h5M?K`8*mm4U_!wlbUSMafX&hputQrcMvX-&3sOxv
zohg6VB=7VzT3lV3w6Tf3%{PUQ#E4z}RvCn+OIBU@gu@kVg8%rNCX^)YNGy~Dc+qKp
ziwY&}*0squYEC31fWF-c$>pC;>ahR6MbIJVW!TsL8gh>Nfg|UqdY-+Tz^qi1N7R6F
zP$l0$cXeVsUH0pE8re?tmCiBmHz$r8NN_NV%lpZK_g_7<qga{|ad+_p@a2sjdWrw(
z9>1!}+(}K%RgH&RVwD+-;5GNqnJmjxljU&uvd0k5zM}j2dwUAh`|jsARkjnnr9HGD
z&f?+iG%?cqj$vj~e`RJa5UzWiPf2Spcn|kTprpb3Ck;IfGxTIMil%VQ=|%U;yxA1j
z7|j@(O2*I>rS?dh$Z`QhZSBq|vh3)d2w9kpapg+3J$JpM?c~c&YMPVAXY}r~dnph~
zJzNo5@Q!v`g`Mv3?#1NxhXM0f_MVKXl=R1DLUSr;8k3lM@Br;x{b3p3N=(HhQ`CXy
zxEXKGD;r1j?YU0sq17Neu!rFbMMOq(ThybQC<5(H;Trmu6r^-8!^mqqRzkR^QDo!E
z&pE(4DUdh8Dv+7cE`KCaR}CFW*uX)K@V!}6LymatbEND%XhLsT&K7wd1t!Sf%Ug5m
zJ*&*2cLpzs+%b>2V5gZ!%F_>;+y{NURFhC*<_D}EYi}|Yy@)|sHsHU%Ymcmfw8a~l
zelwLv(wNYvO>XNt>nZn>4o|>rE6Ozq-nw=$tu3yHRcw19h}>gt9^)RP7_hP1Q1V>9
zHhASD!I(b#sI2?F1jmLjSj+oXJIn!7E_mpw=(7>^Jh`!TRJ=lO|D#E5mG=RfTtu|)
zn*1AwybBu4Vf92-ZxoG@4emaw>Su=(*%u#`!*f6m>soiYC|5bN0u+s7Uga=X3MIWT
z$JY0u0fUxMG}B1gevopaI6UV%3K9k}uyqm{G8M=tpp=#3)Y#aCHz#1+mb^HR4TzQ6
z04gfzNW~nh3glLi1zrHAQbAwuAe)0wk__a+h8I}lokvA4<2t^KJ`r?y5nB#-!`L)i
z(OsAi12YuVyKZs#hQU$|1Hw>~tP+O%NR0&$rO<grJStahv;N>J$0cwi;S!vk{D{rd
z5^<$NsWVQwfi$oyK4=0U4+kKx64{_84+KU8McgJTbIcrS{y(&R349bq_W$%`l1xHK
z4-oDvYFv{Q-NZ#D0-A&XJupF(OV?xBh0S`4I3Xx#f-?hY$AP%Qs;hYGy6e4444@$g
zB;Xl9g~ba|p_@SnSMFr~@4c$->6y$#{H=dKhUxCQzg6|#t5>gHJ&T8$zAl2b{a!~#
zD}#`MD{Pe*%vd_Y`K|KRWpAQP!3}N7Xla2dTy%moQ3FA?w1}SXab6OXLV?`EdY%C+
z`Zjj!$miqj>fZrLz^O?aqmwP#@l(hT86rD=NT*Pn00f*J`$W%di>{QCWGWx~#```y
zNk+CF`SJ!@sIuN8yWM)c*^y$vs=q_UaZC1Hd|Qnlt}PoA$NQBTMb3wQ+Zcn@GI7%J
z-;i^SUkRaBCv>n;GnsL{#<X@7jrrM!MNc8KePsHj7ulrW2lP|h+8a+xX3=vK3J}7V
zbofzP(Lq0A-d?gId?AK?LqaWoBd&Ua#>$OoMJTzxZ<2hIY-owL;yY$V_$iPTDf=VQ
zogNd3z#IL|@p1kgbQu#Yb!vGfRhiLp)|>21qIbPS&-0125;d;NltZ0t9E%}?BBnLi
zz)tv)1cGO|a?3^}a|KX@lj47gF#>%@j49kYL1LD_fTby@vQr1Q(+FeIFF!)b3*Nv+
z2tP^bN261`fy!X~*(3pB$!AvoD!Tnb#<zbBkw`q`?-|jpbH0e#5*;;^ZQzQ0T%oz7
z-;K9sZpcI$_kf<emp+J|q|QL3<C^hmTqhnv6FoO~8ps!R7}?td2^upqiqe0irqAtW
zIW@K$)A>INtvqj&)==5cPi=~>CrrAnZt!&G`5~t>jmI)quh(6QIJCnT*QdcKS&uo~
zU0|2L=Clcu*n;zzDAi0z?HEr-l7scbNJSqQ>Y%ZJ8ejq3S4Q`ypeC0k<ee4TK4_TQ
zN@Su_#oY9R!4f|hoCJix36hl0GQjRS*kt#O9c9lxC5ica3-HKvWd|91(ftK;Is)p;
z=(MMyK0r%^7WB|fWs#Oxx%+zN*LwrwhwGR$k=+^4Tthj>VMd+9^@|WZ*HHe4lp**n
z=)W&SOSXIidUb%ZFb}0lPYosD7ty^Nm9VUmrL#K%%s-%@cD6@6R`4ucWK6fNVgG&e
z5El~g&NZS@%R3F$TtUH)jZC7%x$iNvg;q(Z)=i=JOCWKVp)|@*a2LowimR%Sq5A&P
z>mhD*yg#a^<9+VuQ2n7hqTgZGZ`?YI(Qxd+>AsZTI0O)V_uyG>tdsjMbTKkJnk{z&
zOhKWPhVb-R9bsfey{LmQ2m~~D^2YeyKd^o_rVu@Y0>OTk^rPcP@wVaMpjQGzgWad4
zCvxi9(yp&5lmv*S9zj{2XR+N-{Cg3yU;}{}1@bfK8(0Ox8++r``UnYY^X2U%@BWC3
zT(!?>jqq!B#=Z^nyP4q34FA2{(dGseo^yT6(=r`Q!s7zs4DVVJov)N<{|Li#9hRY_
zzKf)O9nv(qZxY7*Og`q7v{bVE#f8CRL4nf2ghSDtO5~hXm@>=SmDTL2cF23~zdEbg
z!Hy5e>zItm%!XOZm5!`8LFk>yMRQIQ9n7@Y!Hx^KYK8GcS&QCr;Fv@S5G%0-jpVX+
z!D=gWwA9jqtT^oE2tI(B-D{+)lr)J~>g~|~HF9r<{`D&R*rETvRXw?g`r-!s$n49J
zLVkK8%Cxy2{UDrh$X|r^mmOpb2YRbtPoQ10j;<SEb!|qQl(co|gpxw*Nvbe(&kXrV
z8aF{{{3{$ReFJnQ&(n6W8*FTDZj6n+;Y~KSZQHiZjm?d1+sVeZH@0=}m*4;W&Y3ga
zr>keCsv2jyy1E|4`F!MgA8e)PGI+<w8S6PY8O)ush}>}H;OvZJ37YB?37Wu85v>%>
ziC?KjSry?qC>3PrE#s%u-IL!f_MG*6>5?9G=GpWlVeZiKXOMT*HKp>L;M9|^J*r*I
zClEKZ70yG6itJr}a?hF)lK<o)Ly2_yN1A;yiS(thM5~0mc8@|7LTBY1&Oxc~I}<eu
z;sV<nj2+g-bin*rdBs*odW7h@swFq%6X1Gj@`%ISdjRf!p0*IeXDTIJV7>VZE(4(a
zqcqR1p<6k$DA*ndeMRe&J=^<FH{jLn8&E@io>u+Rr^|UI394$~rwig)%hyb{<jA|%
z95Q(TPt^10zAOgPF!FUrK&|ix^2(e#F3+U(IU7&ncl7|%qS;x<dWjezer;mEg6@Y)
zaKU|>hgF(&|1<Ipq{%cLLndw(VMLAx0LEkKOA_E8iavIyPo8M6{=)3l98(Ct<{VHH
z;Pdb!RjxEo0s5y~`EOkRsgnht+#f*cE4W%~cKD*=UnBR!IcY3diyt+X1bb6z&<ZAh
ztUTc}uYcs@TLzBFd2_;&JR}p?FgHAfUm;JSEiXxRyD{|n|H3OplSs4t;CuyvX|1by
zFZaqp@UM?PAG9mY(BgH~kxR`-?zcemvE}1Xl?vV2{1>I^gDy5R4vr%Twj;r%ESE~I
zTu+guj5>nrj;vC4)2&@FS~dmYCoXzUx|t@&d?kOSrHsebc4hJutUIlaCvEOW3rxZ>
z$cznC7VRgnEDI8o(|o=veW;GaiFTssJk4Aw=K&+|i*yF%-(F2MV2-oW&xE(ur#qb5
zggtC^oT!C>v%kUgs5=yi2w7!_bp49i%J^w1(-_TpyW~yE?D-Fi<j$=ocuAmHEwKjU
zGCSZ3zoC%G`bzyaR>>B}qQ73o$SkzEZDQfg+v!PweXQ7-f6nVr<`k&Qv<AT3L~Z2j
z6$YAlU5`%~xI%#4H2~*F_rg5nr`e2R5T|D6Wp-PoNEwx>WH+^pQU%wwS3k&ZYvq2t
zfYc)R8RS%OU0`AET#VX}fFu>%4=FGyzJg3$9hcH`%U?-t>vf*wsuPZAkwn9dq?|9V
zxQ8!aei_O72!H=Vhg1WFOv+g{-wgWpX8E|q>AMYHjoJ2mSf$^HEnGVF10B&GoOS(D
zO!}r!zel*EwsFg$ju)`*P~L;W1@`CJXT){$rh*keDY66GoXrw=3#n;1=WfwhhjCWg
zr7Vh`Wom5;E4;oUNbj}_@xp4m%EK*w_oWw}`7Zi1fR}bpwqVv`>ujspf9(-U)rBu}
ze?M6ZT>-l{o8+=vGy9r!iZel30NLk_f|Tc=sgHf?fERcs73K!rz1H=zy%K+#1*=hu
zqn52dO*BN2vB%fWnnp<LgdJcfl6(r#i)3?AN)=0Q_gl%Ee2HL`|8?QNHEXh_%e`Lh
z2_3jNKV6I0=9JEGN90Y^&67)6S3n3q@!N!$ryGnbJ7^(y@;E&W`&QA%1_xB>G*_1l
zjtH9fPPtRSZ+sg@W-m`SM&Ce5M29{2wU$>mp+{?Xn2*2+YFD|a=8$wpwIiJ8H)wTS
zo1*9>6zv|Fea$PPrQX%KibuKmo4ogh@;D~gkl0E${MDEp>vMem;n$War}2#^A{QuO
z&-l`M#YI`vP$@=kj!rzS;=FAcyV0H9*3Qx|AJMm{sn)=bcy=0fbuqj6_jY$Kl~nPh
zF_rYt@jQpR&0TN7DSy-5NHsC=orX1#t(Q|XH;%ejc;^)619AQjSA56%?~aKo*X?a{
z(~-HJRXrwp)dnXnI=}C?Irf~v@4n$#$TDhE>AC;5xE8STZ~GaKa;!o2e7p*@4;mar
zNk=KC^M|UPH|7r$f>^t6Xv)Fg%HU2~TMah1eNE3mfpDW@`k|~j@L%qk2|QYJz|xqL
z;e{o?(9~>c@Q?)!zKK`{bY#3Tm&(7hEi5+A`Et3ASfO<UH3Nt|`bxjRN%5I}(|ROO
z3eWNB3+cY|)#+LxOnFRK&+y8R$nJr!iq81;@r1uES}50#(Ef;4+-@Dgu^7iUgmYl<
zH5aEs=CwAmBW&bL-&|6{uKz_EE^=Bo97^9s`;p(*F=NZCgfXtVSqcnv7;S*l8%2_o
zF0WEyS>%KD)P}+z1fQ67c8=R;PoFks(lx_6bDtW7Ci64sy1**l6-^<{{OP-TVV4D0
z)e;}sZkF}MyhUnXpS%%BL@)||nNnf(;*z<BPEeCR&JNw*C(G3BQa#?{<m<h}0P$ws
z#oUi?I=uO6h1EbY{_jTMzcV#<^^zGm?}uORER$-GhV`e(7>3-=Hu>L0kOGf#!mFFq
zU%s4WPCNu(a(AM7iD3QFn4yO6Sbzn@gzpqwkQ`S0i|hAMnwhn0CSZf1ARK@Uh;gwN
zDmP%>Zns9|!`Pl@^*=;dbAj#B{E~if{KW1nrQ~_Ix6_Tj{-&#e@i%mtIPEp0<k#7!
z?$>{mKYa|$jOX3x!RQIcXjVdZ9DL`V>D~NuQ@{b+e-H?nTaOKLSF=BRa(Nw=qdyON
zl=xc~=$f#95ihVoZvuImBIi6td^+fJb)%;NR`wD-Ysl3=HhF3%9FJ@zRJ5xaxg&1{
zd945J@3ukF0efRFD$TVBZZTGSY7$Q?0{1D$+I~Xq$EARoj6iSFW=Y^Ca0mAjO!Xcn
z!=iH5Y28yHBXog@6ZW*}JcTC*=X@pU#r5mXKAk7;n$jowX<bRi^6E50uBx2tnH8*G
zP`6R70d9x)PH{DdtAAb+zx=G&c9dc`rzHuFD4p^6YGpibRlKj+S%|gYl^XHW*Dj~~
z7SCCBR575JR%sV-23!I@l8iY^hBXoWCwR5@3YhR4`PozbE!Z(>`uBCVSBLDgrgJl&
z)8;e+y3x|dY2cu-Y&4)d#t9tjStY7s<%L0x=`_f$)Oh0KD_vUH)L=CAcXka4wrtE`
zNLa0ekTaxQ33EQZR4L0Zww1k%<{+yj^v3~2(F2Uu`Y3GOFKIghklSS7pxV|Q1L<eV
zj?j?%ZJv%Pu?Gpan)mnQ5sy>l$kKfd*(M(w0;ZR-7QwplAGIUmVtskJ%4K$hu%$2y
z?9irWk#+DJ!7`ovQd5<U;3SmBa%*N`W6e)m=>~tu(+lNWLCb=;Hb&!)mHMy?hHB39
z49kPdF$WmO61$9QvolLcoDBpjDRH-NbR_4uG!M5WO&anq*NmxTS2YN@m)P=lNUp!R
z`L7$IHfT^_3$9=;TiNDpcl;1jByq_4y4yq0tfyzMnrwP`G7DW6j}C`zdi&^Y^4I+f
zj_#jki#A8bfAi*1K(@2%B10ix*49-0>qeOvHEs&8PI|F!u+{9&xtGCM%8-^;8O7v2
zOP@NKtJ+w(o<cPm0EZF~6lBWH4cWHE52I5YEisH2Gzk;f74$j$s!rw8LyNlmdsHQV
zd3;J<fz`F4_BZK^9PiT6h^^>|OwH`^CU>DuRC3eA@2(c=@87y3LQ#f73uv~~Z)BpW
z6nF*vY;0`%j}kY55tkwE;%3k>S^$rU{bsI&cmCl=wy3l62G^wDi#B)~C#`GfCV&bx
znyP`aqHZsi{90!Y(3oP~Ia>Yk=pO}X5=WovtgC^PnIy|_Ry1xZViE2NI*QH)B|Bfr
zO!yP!wH~yPuhG%ZmsW#3_!Kw~hCtplEvFe$cq;OI9ml4JGPm_>O})fp8n_)eWB%KX
zHw+goecw!(t=2;!;;V!~)ak7aJ+A=o+JLoaED^2`+KzYT=we!eXD;Kq0tg?Q!ly>U
z_O?6zKI5lN;_%Bu^RIuS(SyW(CdBLyQmPKd3wBGwyin=;MD12{=R5N%H=*kC@<dt^
zu7W5Kv@ak_s8zFwuWH4<9&)IoOLc2NdOaSw$t4_Q|NWsmXHK^Ypi#;;7M1uH9Nk~g
zR!*ixZ|OW5nN*jGC%BaG-P;d`T^VAxIX7xbj65O-EjlW1yG4oZlCdnpIq)g7BZ$gf
z$uc@9j&k1oe&N!x$zs4m1;ggU#yvDf3BNjA(p9Ir)m6)vlwb|sh`TYrN_P`0+}QQm
zyrfUwq`MbMWr@{C{!fJpKXBHRNfm8VoHc-uB?`Y-=G&}|tY20QP(x@B`}9n130<yd
z)HP<)U5+%pl`4|RiG9hDzv9qv$uy)-s6unz`8$#3LUjgOR`do6Z9iF+c`xlz@_x_7
zOrLDw25u3a&@cfB22FLADY5UZ@<dKo^k>Uox1TDXUTN3Nn<?6zEc`X?wu=;vy3ifw
z@Jkt?aU-(Zmu;I)>)>0UG8dUgZM#}yiT(_@hh$0WyuK!8vC^NHeAfRrV|7MWe_l;H
z2%ln8Vu4dUrqzRkQ@e^do=}_L#8XDi#Z))lr1U#wd1|Jl5!x%3!KJUtAVt=bB`f$6
ze)w!3QSCQgmU*dp^Vt@OXI6F}SBWms3=A<6)^u(lbUYmb7{lQD<KiPc(PZ@vQs=iW
zmf-I#;mG?t`M>J3lh_?4H+z(7d>A3K@g9=o^zFyKv<0Wgy#uli?C^;9`~@QjA|yR7
zb%jXc5XbKdZuS^K((-)P-{xTgI&)n5QjuSLOv$HYg~u+OKb@Kx+*TWUus0tl|Bd6_
z_Syfb6qj<Epu?CcY;Y<YM4xkfiU$vv7klKddD<4H9-?NXHRtF%`fV3Y{G=`^OcO65
zPS!Y@JvVkmW<NDW|K8)ww6u39<MA6W;N}BGQNe2Y_eTdpi}80H^M5h4Ywk~_jp{G*
za5|L>-^`lTJ*W&(>U<&5lh<O&EeXjKpx4G$wl~9~!`NZh3%s^#W+bLRq^Txjmn4RZ
z#(wFn-#}aP46ih3r8Pry7iXip6|&gAwS9+txMn<qNX(dBwSvtv`e_8akUmujEh@5s
z8E5<`S8#dDoZrvJ`gXN#v*Y#=zWrS>m`wY})(=na2v_HuCGG>GaR@&xWyrP_jBxjB
zf6EzP-#_^G2w#R?1l8Lo0CXRO%2p{bhYvlc1{s~QFq55LEOUV)-xjK=D`vLZU$gbq
z{Ctp|9}skghx&I13_^Hd??&x%FzB8KkTvgDoMR0YfhVGfa)}ZAne!vQQS#Rs7w2lk
z02P$xv*vfu^aBIe_XW@R2tFx(Fq2srJ1@fQ-7hVHmWduI8-&tjS60}1pV@%(V?tD|
zD_*2@^Q;qchvH?#ESehYL3w`1-)Ig?f3REXRAPA&H^YYG;KH^x)R8~T|MJa{xm~)b
zZu8$Ur&!$!R@4bB&J_b_^e=S&gtjbyNZU)4#*`9|N%QfzdkV-ER+}$cTw^!q@`X|o
z$qaWIwFc8E^}G5gV0goHbUz8pgFw;}sdz5EOXA%Ba)#*6L}0xsd8xd^e&%;jO_P-E
ztSjq~3g_JEs5y7svHmFKfpRJgO!+hneL8O@6&gEEky`V_O(!YyE6G-LbUfHt3`lF(
zWYJ7&-bx|ki6XD>2zqF2uHsp4PZ{bN(MjJA;zkrw8G`f(&wqn?+}YQ4vfD*|Mm=lB
zg<sb2kfInw`VAb{l1R^ah`2X9d6{<9w^;9!n$p$|sCxfyaVNrnw_5!rci)NWTvn3l
z)hCG&ch%*>ORZT?&;D?xbdJ%rdnD@eR(8yt{Eja3=BzPRlV^OTlbemBk-G_Yk;$F3
zy#4nP5Kb8#w+SfUt$qV{_P7Whd{ps)m!4X>w<at%eDsKo?W`E9Hpf~zZ#M{S5Po~L
z<M8=;F6obY1U5^x$$93CQhxxi>4x^u932Fk0$v=SDnh1nByvAK9n8A|ndmbn$<|)V
z+%{@nJj8f)m)IUtZDRjOa*{TtL$=twq<bZKc(-vVFViiv#nizTRN30;*kTgt@}O2*
zIMZS$X`9ntOzrN5A;SPi9)I{|71>n+pYRV}Z`$=Bugzt1TBDZ5<k_(t4!Z8A{cngc
z!9BjdFHZpydLYOfY_&z<wafFd)2Z0T?DD4^PqQ7r1MyVN=wStzZ!ZHg_GEw<Ny;8f
z&$WahIUd?zvn(v8YeY5ew0lvSob_o=T&lrch!xcQ(j&chEKjaAU$U#i4D+tawp-1o
z8Y0lplzz_*IL?Q4@?m2U?L0Hch?Eoc*kHS|^QTfSaB_y|p(bvAlz87pEoi6rGhPqo
zjn*l;S-|DbPml3z`r*#%5#$>SSc&e};>jJ?O%L5s8}1v+Va;~NAHj<{9c&ALJ*MJ@
zUgLK{D23FS0XU?WW?66LFh)KnNteoJHT|M4?rZvHaMpC0Lq(A54LExEqXaX|ap4Kq
z=R?O~Wi?7+D4NihS?Fp?%pakgv)XjKB5<401GgLa0PzM&0Bt(ek{1}dv@rNtYyQId
z?Z!fh)7iM&MsY9|<p1%OaLpdQc1x#L`WssoZ$hf_&`e2qTBl;HDc^Sz_Q~G7a`1Lh
zVI=*oBHrQA>*En)-v!t#whCi0sq<-jb2r$uq8MflyNuzZlI}5H>5?Ce@9Y*3yG^_e
z7q?|VF;^8m;Va|ZtY~>v+2~9Y!znA>29aI+)&DHVB{T`!F3!=!P*Ctt^;ofgUGVtl
zbmCEB3qD?G?QUhnUuJZ~Zv%C_dD?#nQD&cQvl3^WO@m>f-&UNzpJ!K)1?n_u>Rk!>
zNP-Be_<>vBwWU~nn;5N!cAQ0Z=+7^<(cnzvI}7l0Pu(T2ZY_Qz=90<1R$Rt*6Sh8I
z!UgS_HRpBl$A>kzmU3=~&L6Re$D&8pU-<xyo3L^h<t~xo(UAmgWDAtq?i`Q)P1Q~4
zv^8AZmVN$o-Ox#FA;Ieo<GZ{5#E@(VFs&ggm(SJ;ISYIWTjYb;2FWmYV{XPN9CoWn
zHkgA&P}LanF&J2(i!fl`r?{lMlmv2t<iKPG0P6Gi_-+9OsBvJmYyNTgW-4&>bo6r#
z@{081i?IvK*5%{&4>9ITGQdQ+DhOn0MO=Yj9^2G@8M<-iWH;Ky{1oRBayVo2;^>>f
z-tq%mYbALVc@S|cpQsMmK@#JIGXnwDE<L*KC8cB)(`sAQ(5sN}IHA-RAs{B5niaoY
zT<u7_f!i*unQNYAoD)-I?9WUA<|yz(TPbmjZ8j;Wg<;OLW<xg_nxZz%fzDLd{BJ=N
z$8KGg<e)vPsH#Ix#!Cxg)Jeht%3^8<bm$%JPn`7aQ6-XX*pqFGC#`A~y~7^HJo6BG
zRXarUL)=#{<ohP?1h=Lx1KQsws}|U4b}4NBWD*|xZWoZ-l`H3>4i8Y&TU1SU{n`J@
zx#XXs!IB8Bn9o^0W1i>tb)5EQh)kG#`}S_D><Z6Fj$UpITbjSW8c9|++e!SKu$gGc
zIZUzamP<xIO<E*qhnfpiHSZJ|e^rf4f4*reE1s;H9!i^|6fjM}ie;0cf0!C<AsGbb
zZ!DT%Zw^7QwD;#w<z<&!{n7-^-XTk1)u9NorRv3dC;Q=xoTT)@&R!IftT9~hM!P9B
z5f<274%8`5Dj?`49c0SWEuP0EvfvL!s@&zfw3#?)4)W3MF(Zt>bk{vKgg+P#Nn$%h
z+81lcGUqzvFq>tSgp5>jS@(JSq_incl7!Elo}v#%DiYDE-seTQsj#24$I*za+xthF
zs9d9odZ9lOGR6F1^MeG$O|eZBD`FE+?zC(A^@8EY*}GRigTPi;XQ|l~SsUZr5FW!h
z&0giPCKA(1;mZsVDW%K@gtQ^0H2R7+l3>T`Mqk)1Y*FKiarkUe?@~`$sxtJT4kLKu
zLou!V*-q@pSQ(j?_)57rbUxr@#^ZhWCC{iNBDO7dMG~BaxgDQ6w#3+A;Qx85&}Ouu
zZ-=ezF_(Jcj8;|pYk+&I`s@LB#>uHHs+uhO+5LFYAK6jrZh^{D<Ucl<dXGu6BgIcm
z34HBWy2s$dBzoS)j*2LL%bcX7(`dUiVG}lK{2&od>3$76bXtaSnhQ|XF@GRuEa7BU
z)&sPz0!q<8+hBEyy>Y%I%Ivwpot~mp9qM+*&|{6oB7|4hWCn3d`Xnlf0d>1};zeO>
zftxyU+Y-SS<jU~XqMwx7)YY2!L0=7rwv%#M>U={qO-Ns+QJ6X<OQ?zx2I#wVB)CpJ
zNUn-bKY{lu@Bz2BN?Pp?ZhDeK#vWc+s=S<qDk~J{W7E}GW{tH7vcLJ2qoLOhxKmEP
zk%w2<Qc-zJ^=Qq0%!&ahHuZ$yKRN=>7)Q4Q)t<y}VR_r|%qQfG6zgcX$eWef#vA<4
zy<=t1DK&~hCHC#D+cj|_Z97jTweLpMy|aH*PvwPK2|qPG`!q%9g2~%QG_DOG*BNmw
z`zmLB!pj^XO&jSj4pQTozXp@>SdbfiKfWt>ir}CpDA49@hZev5qdeAxWjf+Zc;yn@
zvY|}O`L7_`D*|lY2|Hp&lT8P1Nq}_ru9wedT#%dEVu)Zpy<ke5<%bkIF|Pa7pQ#?#
zz^uW$qSST29`R+)D`}-C@fMaNB~5EBg|hvs$jCcBY4}!IaPp$y?JKrWs4NFRRd25l
zBw&-=@hpqCL2A;uiGps-SWJ}SCHPfb?HUB37n#M#xwC?3+$iAY`+JjN>UnS`Gkqn~
zdaIH<*x3X2-jqP4(U$B?W^fX6fYl8n<wQS-4dvekECa>-Vn*!&`pXjYJs!V=yTgu`
zbL)<?8S#!3WGg<c&<I9H$9wQrv-e-*UdzQ$tSzB${yt+6>wh8M(k>nTzCwm4ANvyC
zrd&0bqFDLf9-`=%!vDk*T8rDSx!2w0m~HqI)mUT-Cd%M^`o<Y?NtfVs`xg~Ktklyc
z^|D5Dt6KKTFb6@*;803yURdrM?=0%Ht>a^A=jyL6?<ZWE4i)sfJV7YaD~n<f&P0-}
z<MAJ&Gp18A2r(z>*nh;asS_>5h3vs-QZ8EJuV93nAx;?BZEXJM<KZ1GVym{ec8Cv$
z7t@R}KFozpuHF{7-pQm+4MkUsMkH1GG@V!tpBQAagCU3)HY2OWJ8nEt4{p(YQvD<%
zJTi@t^Kkr=SF}1(1xJ|`WV&rRkv_Vi3AUDWXz~?<AJej`@PZ$1V)8X3!J;C08gz2_
zfvhj>1o{jE(ymR|T&&tvQrQ;bI_5s^-;feD!J3Yk;axkt2yig3P4d7YLRwP__GQg1
zp&c?wo6}<CKVYMM=FPLTOaImM-~a)og@@~W4@JGlkkGDFkrG2mb2XzKsuO{et`yC=
zT%=*UZVe-f?fa}BlpVeV=1JIWd$*=bKkF*-*20t#O7oA?W9x2gw|LJhwOB9u%}$HH
zZ<xh^ODkMbK0)`GOY27Sf0!B6sakFt&xQ#tFJ{oT!_E!-ah#oBlKCw`m>vAPXK+vR
z3UhO``m$$m(X)kBMZ2MkpoamSk4N1bbD9>%;9YI)1UjPMZ9mLU9)>f@7E@txkx_A+
zM|c`P1-+(WB=bb(ROezi|L=ju&XbyE!L64VZjYU-O$)@t^wU&B@B8Qjz3tyrf{3HH
zuZEB4aQv!jR-!lV9B~02#a<B}miPWQK6XU4MPBqP0G_lo0gy}w$w>l=1^NT&S9eCo
zd_<;gYG`#tmfkUYyxtHNh#c=r5@<rM)CmY(h!rbJ_HQYdiCYd$0f^Veh|RnEMJRkG
zEVp3&2fk7u+cA$x2J^+K@ZOCyKkC3ikbqmMw|ym#GXHb)f4BSS1L&w_YP<z_ay-Jl
z1VQLT#77nn{R}LEos4HA%^#|Go*FsEiwBS>47J{@EyoE0Z$*3MIDf+jj%4^_gEkK0
zfrs86<c;&3&1`z0lyI$KqI`{?zc-PT>y}73-J|G{x0R#pYzr&0Z*~WwF?|Qcch&F#
zvi2^}1l<U7eEKo^`hBQMdX%R95Jx`ymLK#D!jBR$+<<0M41VBf@EeBd>`Tp%)j?-&
zX2c!QUX~l|ey110M838@9yas@Tzyo;@6}6a9T?AV@1%NLN)~hg5v(xnvo0LRsfOoB
z3s9w}FmZ}kyg@^@K|@Q{jTR+s>zFfMnyqE3gSYv|iRD)YFI~<PsH$kZ>00;wg(O=c
zAMGbi|0`K$B}rDfGNR=d1}Zx8Mvtu!ssbm=UhBDGpaLnFv(sDF*}+C>{23O_u6SYR
z%LZ80-q+sq!0$&IQAwkp%XM~==|rn{%u5?GT+v1Uj81xo>H=wMyjhG&4T8Djh{MAZ
zjE9gB6I0GyzwuwQo6vbCyaw%ktrT%@gkh9Tuc$BV5S8p@Z%2bD6%4+4P=rG$X0U)B
zRa~*9@crXGal?_t@80h@yUz~kq_Kc_*5@6xwA$INDcs{BeCP`?GSi$UwUYs!#qwB7
zu}q(XroDE}^B}$%VRT{d`Gh>5Q`+y+*lonUH<E7}3c@2&Al67ys-Raw8N{|R>d@%Z
zUY&*l^d&3)u|4)OoUl<d3<XZ=>h#fP5KfuECXTh6J3S!p(<8!;v=*d2_2zIPbPfpE
z+wY0G11)zrZ-IGjVg-^H<<|6lt`BW2mKak@XmrKa&>W&zt0cCz>hHAA5BOg!B4_Bj
z*Xfp<&!tMM&O<X635l}p3l1}*MPCLr01MO{-gcD;OWn1+ZjXfegWu;O$;|WrWw*n<
zI#(a~K-(dgZuq{^Bs%x80{ePy4J?KXJjZP@)i@NCkPC<#s<V)S8|>4k*$o8_vZctc
zY%KQ4w-5Z;>bx4q8jWSKeEk66^sFW_T7e|C+8gVvJ8`I_if(-dscaz%J;`?RWxIoL
znhFLR1m(Gj$SQS08H$UXbfngv@eAY+MpEVYW`%Mt>txHM1uR&mXKh4j^G*o6QHQ2s
zoF}c>F!C-dsJ^$GG;ZJ3f{>T3o;1t}Z|lW=?-$160-Ya{RO3^ZO9E~91pU4fX1m=g
zBW;w#lp<=9TVi#=Av55ky>#o5XWoiC!&CQV;WxNoiZTiBv(LC&2;1-Q_bak<l@-yx
zM16p;EF+ggjo`}f!ieccFB+{Fhz(4|9u+%{67CG7vv02Kf!p5T$w@7#C`IzC^@Uy@
zy1+X{A20zK6!G#R-W8<wag(PjCJh3Cy^KwPK2jKsYQZ`N01*2SWA}|52kV9Y`YIa)
z-toztr#N{(Sr+ey1;J_=)^5%yiKKU)3T*f&_BIIRn9|^rupiuXerxPRkGdtP87!Ef
zXcMuZv*WPrnD(S8y?Dg<-KvdH&h&*IKKOVv7Y^nHtfM|9+He-Gayvx;>on#Oc95M!
zX2QlX0w+t{xya1)!#^<kW`{vwFo60c63UyG=IZL7k>j5OtxQ=jaHzwJvk5IAwYqBQ
z%vRvFs`FP)wpq+w&EBh4M<<nAwa(>K_JDG$eA_+LG;*^&v|@Uov3ocxe+#4&%b};5
zVhPkkD`wT}%(orhxn$j3(+4@~QQHxj1f#EefB29+)B@hq4FMBfA<8(L6uVsU(8w?5
zg2N<X*Il>1T3&eq)Q!J5rr^JB@l<}@YHJRR9{8H0LvfWy>i$>cJid(J#G{$C9l(;m
zJHVVz2Xm1~qBH9{{PZY!gmJc(VLOAIvVK^_bfZN6auyg(HuoZs?T>xmhrpp-6}b7J
z;;#~R8iN1EY~yZ=a7B8rF^oB?)c+Z9Zel((E$gs!9zco!Qn}6vEZWWuei);XQoH&V
zk3+uTTL_=yXd|m7(3Nv{RB8F3nWRDhC!*M3$2LwjvwteHDG18uVRVz)52lh4q~~#+
zK~;16QAymvN^(8llb%)RI2dVKrnm!MJrqiK7EL6NlQDua?4Z8t2BWm8h%*Jiud5M?
zD4xjC(Yd|YR3qQ`j$QiLFvj4Apec*F&Tn$sk&*@sw~atK4ez?3SF2{;k@*|L;o$!K
z5l@vnox^ywJ$)A`nv)uxgniEO@6=BRZ)I!zJnmhW0y0P8Tk*U0g{i}0$#tGg7D>+c
zDTyr=YeWW}gHGjJTaVCCcZpbdCJUUb7SD2%1;J@i$_P~N4(GCZeJxsx;@>I~y3eOR
zMPd|j611^(lFbYbl3Qcw&6o*#ZbJG!vNe+AO0)YQOAs<S3{21bQ5k~<wMVK((Ov2)
zdA?Rx*i%cr2V%|xerD*Q;R`64#5wk&rI!FXgxjbIE1$k`_>^A!kkfA+of-w*or6L4
zXlg1Mm_g=eOa7$B)9HMOzd#!@+U4^uU2&%<dkJQOlhEBR*1oBdp1q@+dlP=_l%0X^
z4x0DzC}v+yHbS#+F;)o_;CY>r>SB<EAHSBAY}|AYei-bU!4Puj>FvrPg$OppyX>IW
zTi!kCYZ-_iNeqR#jA6bzyt>Z2Qa~5~C)ulk%gi{=V*k6Kk(kHbp18RLr51YD2{WP!
zE7zCFBJ*pnkfYs~mrsmamWUkS-e3m-$l!yj{phQ_DlHw(GOu*BE%yBZU8c@+7Iw8@
zCl=VwfWr*7|FS9>-x9j-QrXN<?y$KLW}&V!n$<|?frgu)9)lnw*m@MC?<BDL>LS&9
zNl@aD>>>w?H}zLu_kP_hQ1BNuBYKb^2<PFWgTDB-r2jZ7_`b;hSn468M0$!hj}&9a
zj!+)^84tlP{hAX7G`Gu$1XA3!`|^$y(1ZEh(5Huv4tQ?pwKruu9wuU=PG8&yi--LI
zhae-JNQ8Np1Ux3u((Z;WPJoLP1e1(1C_GAv$tduF?DH>Ljxm>(hGZ})QXKmKPUc=}
z9dG&PBqy27R0@rue<e7keo5+ev1;D|Go_UX61fK*LeoOoN&L|5KP$&cdg9m%G;yrO
zCHRKaGdo_^k|x79v4HI}`e*=U!mj5Q^xE7N^LSL3+M;bFDuZJ?V`Qh5OmSsz70NyP
zK^%cw^pjqk^xyibFkI4a72Z9LBfYeZqb^+9QrrGg^hvd{zL44ys8h*Q=#?j~&1(yw
zcZT0DO3}@oUjT%t43pypwTx1`T)V{~%=1ZZq})o&9{hSD|5v|Qm8*?<)Lk->%}BB|
zO^>?^eOkqMaTArG@W{LRNSR(C#UP%lzk?v9V5z!);LXPPwI?K$;qogWq{_6D{<T6o
z+e<txeHDSwgKBTX5=_y#q;|;I`XGxbUv6$n<eWVBI9$4-Xm*mq=eg$};yfx|k0Vix
zy(Z5;iEYL~Zgs($9o7;9vQ5icq3QY?H7jf7N>$t&+M90xTaclI(-OD&D(O|>ewtYF
zq0EJImbsOPR_~=uUv%WwkO++QViFs;LOJagJ$O749MbRDjO_a>mDArrxtPdn+&C3D
zu@+*EuH0ZglpH~D)g4wkySrmkWV?(eB{GPgn1?y25Fz!iIXyFeMPp82w4l!6cq4H{
zpSg_>kWrw`UYMze;gP<aJ*+<V;U;<gj>tIEVIF>v4ezuYtUPb4%Hr0NK-b#5Hc1~%
zd6nE*Q~ba^R<g^)hnZ#+<j`VB%MoE$Z1IV~P}gFv;0pImk^8mz=GS|ikx~xsCboW_
z3auLv?CEvrZ(;~vjhRndO2~}_YR98Q4r5ehCo0ARCjRgbKLVky3jv<o%_+M8fXPL>
ztR<I>)etdIj7B@5gPJufV<KUFmQrTFNrV;uIAUQ|I(SuFMlYX5cKoC`NvFX$3x=n5
zhHIa2^(_i!7qJiv5}<q7>gt}_Z5aDrQC|;_uNib-UEgSl_aite;ZNv_8eLiOhtd|?
z;$-C-uxz98P{v&qRJ#EXpt?o9JlstK=+#V?X*b%WM;NPSWgw-nK}~&7kurM3kFmxR
z&#0%jhm50bIw#H#*2O2^vKd#&978^PBz%?3fcS#K>Xg%TcypJ_W+PoZtLS%2p$;5F
z8mIgNg_IatyEP=$*^HduBuDe+_=I|2`%>t}`%R<PyVVDSfw@H)j3;`1w%_jHU>wvm
zK0KfXG$|*neSud}k>x@z7b;3kCwI7gth79wBV%*So~WZVNTzO&`<6_FWRYgPYsDz^
zGERFei}M4G4(rqK;P5B#qF$4oz4Lt1_eaNQ%+Pc0O0;{$wj1mdJVBCV9!?{oi_H6Y
zRwQM;Tt1#AcKOAtFNEIT@|w)`H!>hWARXK_AwJr)R{SeOKA81gm4Co<Z1t$U()4PO
zJzh;8?BXKo;mqOkvlcsC6k5aC&-B}c)fmq$qv?j}^Bfnz*z`EgpS8_7eNj27!YvEs
z3lqRO*)F{b!Zf<_2dqGOq7mv%r4G8sIO?*>L<60nNR!}pfwgZ1{Z7roNhU{i7IY`Z
z69Q9l@peT_8L65|dBhzj1z0D>?WdSU73QY-(U;0To*NNyd~;>9ULGOd+?_5tV)tn=
z2Rk*Yey<AuYh;A+Fs87I>QGr_S?vWGRl^&_pt6Mzm`w7++TQIV(8If}jNgSNMi#WT
z&A*su#iT#n)Nso!JS2OE*Vqhk0^1%^mDMKA!VZf{;<i+)P!{Ww6Q7o-hvI`Z(tJsc
z`y^JbukGvJI`;g%+P6~^Usgj7Fg;U8bj-3C1xgl_YU*#zkI^9&dV=I?k$v3=(;4Xq
z9JAa11#v<Rd%p}}ZHZARA`8MF64(Vt?wasxKvImv-5J=s3DC3cCChq=Qvb5`Fm>db
z-=`?b*K`iA&#?)psTelly7!*g`h)^#ja?yM#wso-Gq1RyhbgnxJ;lyaMYh|H9aL88
z=6r;EuYCT3o@`hXm8eBwXT1s^Kkq6&nkhT5u-LTiLhy7eX(xE1OT!awV)1w<=1(A}
ze`ZY_uB=yDj^y@RF*%nzT`#pDe>6Ody2WglcckR1ZOa+%2egjX$juGUU51Q|x;p!{
z9{Htfn@U0)^w-k0SP`6f)z|p?3no3rLh5@wBit3sMwzg=>SXN;=1c`khHii`VMk}`
zAhB4#+t)n;t)lbny>hVp^oChty;fG#cgHTr2Z9WdisNcxba{xF*1mF@cx$$anNi0h
zgE6-*nfUrA249BOSed=q`f{!-qy64R+vJ%aE2M3wbj~}$rx)=Aa4bdpdYW}p5{(*>
z3#%eo6_Bkbgo(G$`L5iH;rLjNP9a1q4X#`VmR=JyGz9JgD?7f1s_gXL_b*r1k>)UD
zxwS3lF5!0Pjc>PaUuQT-cA?)iq$A_&t)jwkjF+XKidG`0os6$EKhc?ebDG@0BoU7V
zoy}Of08^H!n+Q|u&$2rda<(bhrJL%}nG+bMSq1&su*S{J3D9Vhb^?UP*U5L!h9s!-
zn2P-$i;>8^3NC5Fq~cV;%P=p|>9ej9w?rGiRc&Le#Fo>b;IT&tZv`pH#Ab{$2nm7v
zL>$ooTwXRu`<WHh+CHV?Mwq8C@46>#eU_#{Y`0j^n8Gr1T<?B^Ep#3j{(O9V@f1ev
z?_5Sc2Ko`SYV)Jk!YE7Zk*m2@X+c=5U!G!F;FmyP!x~d>_9$DHE0;y+uABgzcFk+2
zUasCt#V?;b;=d8EmPlQptwo`^5pK^DyyuBwVp2V$7K3FS$<?&-j=$imE?B(BRsm23
z1#BW;a~AFgiRE*HXsLAx$$6!*5HLR=9BXy;__{0B{*H@$m5GgDtGk!A4BYX+d-=)U
znf)lInj11cs#?+Nc)ltiSua@o;`pWGR?QhuLdD8E6gOCc>)!64LwC&<kz=@fV(J+g
zRKk9bi6VD|To`S$2faVtZ>ReFNEbrcs|3wQ(LXPDzW|#p6y0A!?mk{z(tUj|<|#RB
z)Kci~dwCbO%Zb*V&5oFP2k#6aKM_=*W1iscwrix6?_RmKD`P(z5mLZ9wcDii{g%xt
zzqLejJnwmL9B)A8uk6ly{-4}bZ?*N&M19dh@&&1GiU2HFJQo{=ddz1>>sq*kgNp>K
z9%}XlR=jvsDgUj_HseE?M}+GyMu$<jo{?yqvFe`n;g@SaJtMI;_bcx)soM4An9>)b
z`O{YKB<`67olz*vWU3<kOT^`Tgx#!xo|5RB6R-11ddInt_ep;*?^IEG^Kj-d2Jb7Z
z4PiJsQ}EBV42|f!eR1s^9#Ny+eXxb4+TivULxu?|hR(!punjxWaP6$jJIU#DxN-Nn
zm~`=nE8t_E2IPrqLiZ+z-6e1yD!08fJ4axjG<%vfJ3E+&l#x1yV27ltuk!p_r0|-)
zc6-m09v552XcGK$^8_+~_^0_c$Vm5as7M28inkLrs4w3LLERxeKJq)d)V0Vk!m$Sp
zM*{g=d*eujWitgJ!{OYDp=d4qq3EHvp=htn_nLv7(S_MQ&kr1KD1Pf8f6Di8iTKc8
z2*T4|bhZ4r?ox$B&up$F#)xS6jc~XH)qj*%(3v-h{28#>-v{q~5L2$ioYWa`m@ZBB
zWCi~oqbP_ODHCqdaq_UeL#G_b&`SVvjNR_ZJCoiT$;C6h=tG7WXZCumSui1Y3oZJ0
zgAKF)H2}h58xR&(dL4~EqjCO{iz&`|oxd8qmp$&F%`24c)x&vr5$dawHxEkN3i(Rd
z=e2UP>m_*aJsWfMRtw!yTz~rnzf#uu?<5!MJ$(jPW;hJ6R<5gXdPm8|ylN~2qw{t<
zD$=E6%kRVBUtfiCQ#|!<v;QFUV-+%0R(>~&{Wb#hMAsc3RoHzNlj`3i^FbQg{(B8r
zga%`9gEsS@sh~lHxF8&scg8CuzlPAB)o?IRAs5K>yPuQYvl}#Mj1X+=atHwp(vdIe
z=DP-(8UF+^Bc}gWxUs`Wi}m|Y_$RU8eE>at)D^*J0pft4G0MB#>9bqN-ZsuPVC=fb
ze-~KC`EJDaZWR68!xXs>DBK6k6M%I5{q$n}Qt_9!{ecTR<$s8tmyu9Lw)^Ap(6GR_
zyPy2Z^-HxGxc>yrCe%LTApS?Y2FyZ(mAFCKpNvC-$Z$bMxF8JAf$f4_JLbI}SMrhV
zf_=LaB(Q8RFk*kZthy2J`pTdC;UoYYXt4V{!eSgMHUxB1|9oZQwPJf{=>PZz-^|#*
z8{vTlymtIFM|#LG!TkPU`%v%;BKW3j7f`Vauo~Rv3)}}(>;u*bK;QlS0I_~y_*D4U
zc46EUkG()s^PeCG#B_sCoe+K=*8NW>4?_JnaVfz=JwD?9(ZB|L*LF)cb|^zYv}?fd
zHJE+?T)%Z4H-8<+x_3o5brUy#6BiW<48Pp!*c0$f#TgOgoWVN1?3M;XEm{R}Q{4B0
zFZw<uU^NaE9qMtm|33-7!G!%M!O?Qiz)hUlGs;DPUsSB07Bz@?PLC&PH@EM4`VtB3
z{&|ss5W*bZ_g&uiy@r4(*KuFpF;M-a5@P*m7sl2SL5SZ*w#Vb~(6j%`eRh}_5F+9T
zP!nC&4<>Zq&g2>8B*3pC*3XI>q}uBTHvr7u1y*yuSK)(H$v_QZj_+06pe5aF*cAmX
zXrDa(G~9OIx)y=#J+HakfZb;*CSw?}5+KcgEm|;}n`Hl9NU?iQML`Ju5(?fSdTu#+
zZVBE)*}q@wLj>R9f>Iwt{Q^HPH1IpgXPxih;N$1SXMo&yh`Anil2XQyQ+A>3J<lER
zyTAQA1|CaL!CsHK!2fB45*hA4zOj3*{zn4^dG2gi?{5=E0%uOFV42_j2CjSlaK2-(
zzhlHa$9?~MBe!rPcmCB66TFWL+O*X0h69!4%hvH-=Pm#V!TgBn0SY%Q4=DdPh?YP8
zuTlM~^nQYTa6!;sJKOpDe%zRT@k-U-N3VgYyM7LK&rh@0S4M+C8`P1WxLChj-D|NM
zV9M@xk>>udYv5Ox`uhdoO8<?V;piXX<^OVVIl}Y*OH+dHth9cDBoM(#M9*%g&$-`*
z00;M0O1K~kL~vc#ZtkDmT;oBY3GoO}VgyKo4|)*>J5198PI@S!K|&(cktbz-r~@}w
z6Y+ScI$+|@-pv<L{9nmuPdo!8{71P4%s_(~zJn9<p9i=f);^uTop3=tS4iM)e2`Df
zvzFqgU@q@(q9eJ-euyp*bKtc28$YO1<I6HXapVzTI>|h+9h7hPpR&zg!@B=BsXU<g
z4BW_>K0jRr__f4>Bjn#F{r&tx!K;YiD9-_)#sKhhQYixwf{nj}4?eZ=YG?Wk{eknT
z3}hE{&r?7`{|ycv%SXW{i~nC4<RSlc>t*0)%E<Em_V5V@xbMe{=?8gzHF6D%+Ra@g
z02PGxm=A)(d<p#&M)W>g@DCVjpht?(CJ*SU))d1q@bj|T74%{vc)xRq$CxQ1M-S2z
zp5}l5y1I<m@XsXk7%#M^tbhu|&q;Wio>|mW)OYi50wW{Qsm0KpRlyPE4rkH+m$4>J
z`Q=Wm$Y)w|i>+@amBp~s#?X8M8#Tv}kr8z}&`Eb%p8kQ=^)n#;!z&R#dyja(9Pu}i
zZj1OqV`{2KpAm}f6+zeSzbSJ;MN6J;4F?3|?SNwajbjg-yuRWdL6E1zfLUg*fP1b_
z1lnfDSD2Bo^C%H#01htGk2iGMc4(-e(h#2rj7_ph#L58ES9HeqkxV@6o{>AYTxZq_
zYa_p%6to;L*&oV!=ZFHYfOMlr*vGQCV+MAo`^eQ2^4YGfzYf|H{0~^0nSTjqTUJVp
zXS+uJ)_nx~po=`wu!^n5J-qT{T<<aY<z~-Cv+1rpZrZSsYE>1iBg#<>;Iion{7sM!
zc6^DMI^4_X$!z@Q3dJ@tBF|1FIV2QyY4Lo8Uy?5Lh?;R6Vat|;y-beK`GOKdQE^Og
zv&}C0dXpy)Q#cvj(R@rIeD6Gn3mZ^2LyI}*j!FD2Cm8z66MjMMHLTO5i3ctMYh-{r
zbHNdCSl#oj3+fQtXoM`H+X4a<H0*we3(~JHLW~>ur$MYrHyDY<hahAa@=xt}vI%oM
zi4<FLP%!f6tdqjRZC4w!Bhdm2BeLPZtDk1)ah>p3?j(+#ZDkftREa&w*UGfwK26J1
zE=7>$`%f;E)8DBOH-i1SF!f-kuHm@UyF5yd2vh+1oCR?O!zFun^5hmjDiD5}3X1Q9
zg8%Q6dPEa3yduPOF3g<&<c3rC+08!rQeZbKz<q&jNB1p6cW*?h^6MBX!2Faguh~vC
zTo0!itiDvkVC;)I{_*QN?5V!uugj}%7a=wvh~8!R=@%aG%l2V~VYGYjA)^7z5_b?E
zgsFZNYv+X8P+0JU!41Vr`AYlDQ)}(hbM2Eps5M!(7<QZWm%fwl<Y*rquaO4_8SHUi
zfia!JQW!tEn@8?`k5#vcg+JZ<S3^2EGvi%T?wVj#WC~hbi4`G>?m{--6d3V9ft%Nz
zu?Rsyuc}HNZ9kFRSe3hPWC&sao@(fVq`G+qw)$|cC^76v3Syt6gSG2i<##Hjb*k<+
zFJiZ{iTQhK)Og8NpmF}Wl>O6ev8#M``R<+EX6Q69KDT~29%Ojmg?dFsN)~y><KeV{
zGQ-JMqCVaY8R8e&oo_I-CW}-qbB`oLw`IKTKkO&CJ+rb$_J|bz4*wcziX%z&)Pm14
z6-34p4Tcc%hOc=MIQ#u@k@Veuu;m70_4j*}4|GmzNO!)-7|bKm>#NjjXfp-RD(6mA
z*fD`-y7y!^q*?SyubsKw+;BIf9ihzj%&oD0n63#b1>!v+=LJ<?-o)-}DF-feE1)J5
zLt9MG)&kMDZa#JB?FQkpzhZx_HgN?R=&V)Ty0$d@vMD!-*(kGpwCwa!mMr$-FH*Mb
z_Vz#xFjoML6|mJ(hbCN^!yi3S4e>ZZQw=5X+5}~=q(R**gpqVOB3=#K+dwDx`vvW~
zS?ucIR@+=FxD$rz6@|DNwl+hG?84>;TBcxc1?;ZDz=tdwxdRbXJ2i;;hXXd?zC4h!
zq*H$7zlM&!Q<6&a?%f;t^{&q63pJz{eY1@c2PhyYsxL9<bfM4C(Jj4<HT+`~-Jv0C
z&`$BK#qgPqZ=>`r&;F1t7@QLlRynBwHar%ndarFFOZ;FS9y871H?|SlHNoxHLg5_W
z!t})m?V0Sipis>A03V?4BiKmOx5+ou`45FW+TebBe$_&cd|!h|^lo58pLG{a>U8@a
zwz~CWEGljw+Ag{NbC-{f<qz-V3UMXx9U~3nr%zz$t?c!!tob2(4l<+Mx;6?e<G<9T
zWt@pKgv0EE!|a9e%<V#68&<AL-igl#;3uR4Z)H84c=B77SpHH_UkuWu9USH#T4a_O
z91ejJZeR61eDXTyD?8^qJ7GzaN^G!0lX0G;#-#>t(epb^<Apl%drjj-I_iYi%j|iZ
zChKZ%_xvP0;MH}Zl9q3Ga{c)jY-!${Af&u5ji(<iG6f9|H9qO8bkmYXU*on8n#%WO
zVWwHbQc7%mgOgLQrN*O1ZuepiZGdQ1yfUi*Ro%T$HjyWySX10&7H-)NUDZ8&d?h^U
z)O9QCcn{qhZ`n+2)jcG7{_rBCnDw>AFCr=lc0IX=CsxLP);9U9{rNd&bzSM&&OzPr
z`6L&ELke)h?O*kr^nbe8GJFqp#pdpo<7KtCgL;ZN{)g~CpXxIVPRn|1SemC9I1_&6
zZpT?iQ7pTuiB~r(I}}Al8=!FX;h-H_KCeTv$g+(7<SE(=yFhAk{=>5$1jWnpQ5Yhf
zBQl+6S|67c=-DXRQL!Z2$7s<9$dvdZDG7rnOwMx@EqBrHT9yyvL_3Je?BiOG6qv|H
zAkjIEwVpy#-6=m|rp2<FrZ|ZCn;_j1O^_{Wku)}fgiJm1=dT0BJQC8=T<SduR*gQz
zLAKwSefXr^RU*97XoU-Cr2M5Kyk};o&s6k=cmYt0WVs<z#*G2h!$M(rUf;ZJwP=u{
z1dSg(!#>w_ztg+60AuGaob%Y#<R*{R1zZUgBw~(>M*@$2RiV-lyU^F(W@M%zC(Jz0
z@|}R&;Ozv;9EV`(2KC}8wP$$<@@#-n;*K3GyYOJ*Th4dlns0w4u|fPu5zJ^t;a3;I
z1yci_#2iCR?su?eh9~Jvk0M?$qbn1zW@XLYX%lspxJ*pCmswWxo*~K#v<golF`Y1P
z5F;2UfqfmpuqGB{>N*o2CzAbC@*svVyMxuBM48905^*a&5<XDdU#I66px==eM0gF?
z^Jc<HULm4`Jo?2`S@``|0HK2nCHA={OdPoQZeQ)P@<2I=EY3`*Py{4Ub-p7;4@z(K
z>iLH!I|ihueCmHx<NifVDLy^IpH2`vSC)1!h&A{HJ~0=(y6t;qlvcBK$DuA#3_p=8
z&@XJ~hn)86UhBX1%dw|5SmF2~N-#jm7c+`G){&FEB4R5HpzPIzJv)%xAf+eY-XaCi
z348BMyZ6FfqrlUbC_F7gXw@`C3jRrj5v_{D&K2ooBqyyBBY9Wldk-brWpcGgoPF+V
zU2d?9L850am1|eN9b&aHjUe_ErJSR|3F05)DV2wLG5)b^mXanSX9aaqB&p%<m`|62
zB{ZX4{g*BRjW4%>nv3#^SaR|ql>&RV0Y1ptC!Vvda)opN-|&Z;ZpvU}j+jT1HzMQx
zR0v$iEw4B*`HWU-Pv0l(_juRXRvU9Y^>k2RiQ|W{MCWn(<PV6m0YUUd|0|TFJRujM
z4~j~El>&Tw6BCKRW4zKuy@GH0UrHhW<c_l^QA8A!jIAjFsSHB)C@RqwKG~E@xkuw`
z!tKcFufmLNbMPULc9?e3Y(2;(h{8%Zf+SRG1J(VhIi`uxCK`-0x`9kD(*~<2(0Q7Q
z#sH@GjF8$uXs!8F?7zJ8yd0QdnJKqlsOutf{<+f^W9zCS3Mx6Q1k}pU$=#pFmi!Lh
z4cWpI*W5!mq-9nFhJQhqmhhXs<DQ_Z<h?>fE1Xa>EV&O`A=XPq^nV-?s|HNx9LB<y
z3xJ?wkJ4WnZYCm0P8Tr6p-3&q1aQGO2K#`0sV%&*-~ew5VjdS_VOaQf<M?APe4H{6
zx}E=^CKKG=03012oo9K$P|MBpN?;!<K$Vz6NO<}*H%3ntQK1AmfV@`x2i_0Q>H+fI
zn*bLNGeiT6f2(-_rdfIMFSKn52EB~?(H{{vU92!xvxl?}AjF`R+9^6b<U1h8PrtyM
zurK>YmjfjHl|ca+Ud>@cV!CTMMg!Ztxa&${0@~_@snK6vkoHr;;(B<FD6MYlU`2nu
zE1>!%9k<c{KLBGuoWDwZQHzf~Fbd+2hWMjJ&x9!PZCZTnfzfvKKkF+=6+KB|@g=!6
zWPCh0sEnv%kREb+Y33u(oBZHhGm^-8NFrmx$0MhY7A-wSw_t3dc1Yhs=wDoq^hWv@
zkMx7nJ1ajQh#4ZiDPz<t0zC+&Z;5qb`n3>x)+Zvp3(~Ws$n?fQ&-(VrKa_qYM+!I4
zE3xN%;PlCcA^83vn;vD1+VqScMvwZ3kB1QYGawRuGSHiph~W>;P0>iqJR~s#L+48f
zJsA{Uei;2293k9DFNX9CpKE(CI3LT{Y!98^5$M4%4Zn!<e|R{32%GOCjQk*Mevb_D
z`-t;-RL}5``8&F2c*uNBjS&9ej8r{J*_Ejp{yp~728Zvb4Gx*#^1RUfO*t&SJQ${`
zaX)P^&Q#-m7i17ZKL&^Gr$GiG`(v1aaX)P^jQfyqIV?U-th&(m;C>pke`+9vAC$z0
zju+sR#`=Ibi;Ex>RbknnEf@6iXp2kR^OAXnBy`H%c#2laXt4`T`c79o{7uE3uBo`w
zH8m60gNB{1F?tjTpq;Me;|h6(Ahe2oj6y3)(94G!f}0Y<gW=<siQ)2h(R8~{%E1d9
zY4hcw#is%Rwj6>sJg|_x-N_ck56oe&#cbQ{fhp{@Bojti4#|^QJG4bS+sYY!iur`~
zTy#?3%4wt(mA=q!J;|d4PUu@Xjcfs>$N5Z)^Wh17FQ<_&PM3=|wk+3{8Z9SCrk|e>
zBGdEp;Gz7fP!jL>1UhY(B)1icf8K$AT*;DIEWu0x_?I*ypzw=}+g)UUlu#>r@E&)`
zb*QPZw@62z4F4^-#5G0@iMG34+TDttKhA*$RO1T1FD<#U8^u*$<B$_tC1HE;+`8y#
zU;}LzmKZi)d#Oy(g5CnB^cI-WTVRs^L1X!Q(4m3zJgqGW@bH0@y}fv#<T?f`yw))O
zl~o<$&lmj%%o11nXsYf+M+r5m**`J39-3nDRLherqWd{|v*MdobiZn1x&iN$PRUhg
z!>^sr{^$|FIl&tTuQ5ei(Zd9~7t3gsYFf=wMlIGaS*kf;X0FN}^Slv|e3Lq_3)$cQ
z*5E(D`2*C*Z)NLD=WujazzVdW`v5Am=tuv{<kx90^OxePvxb!Ee~|kVs7ng@POdKs
zaXxM|O??x+`Fw!tCb>H+p#Jr)PR)Ns?z~DX1fxgRFSut%=G|k(k)=$#11W2yhWxbo
z7#)7|Su^s}W=aj!=;I&0NdgPY!QX|F7sQAm<R%VPjdTl>cRozK327!fIx2$!S@U7P
zh0^awoQux<CA<r3GdvV{@54*>?7~sJP4BIxoq+=1@>Le}@h0Dvmgzu`fXW9-S735h
zwL@-m$cOR1B`TZwd2;w1X^UX)V%$T4-RSQm6T3Y_{Z|LM*7?|ZISi(eusC+L3QGp+
z-W0cSZ;E(dw6tO?HC<Lhu6<(tS9)*2RP>&`VKVDY*H41~bzHaFy|+W@w?XOhF=g=0
zoj@;~9t(Qcn2B{y&H4#Zk@3bSA6@%|0X}!yB7uQ9PFo+NV_0ab^8F!dCf-+-8ljcx
z4*7UkLme51CE;^dYpipVT<bc};c6Eo*ViT$EhwZF9rGVqZ*um-aVb608Nl9A3%dh>
z%KgRbP3rZUe<m-mvsM_31G7&Q#ryk}XP<B;lDB>v5cU%%>rRIGzsa2|ZJd{J)hEwv
zpFD*768n6X<h=qf25V9A-<sAdunTJ1`l3sQn`=t15=`XjqWhi;aDJ+Sw4xqAE<Gu&
z=q`bW`$rk(%Zj6vz*Qsg(2^r~mDr}(<tJ}BaP3Y>YB`MWSV~QMA`E<aj#avOmkpJd
z8DB`7<TCajMhZq1(8F6SPFbJj?{x3jT^77|OrB$rHl1t#TN?fklL<W`h9unC&Jul2
zl>=^_QSWIM%eu@UiWCjm@*h~w+Bf&v^ZcTTiF=-xHXr)^C+6EO|9*^GEO38D@^(r7
z#NmV0NsAv}SjFR5uDcw*q|4wJpGzTYEEV{CjdFz@uyY+1?D8pxX#c_vlcc8e3VThv
zxxkl;K82;4!<R#%L9YEVSSw0V3(4(JiqCQpy3wg=wPHz*jQw``^MZ^Yuk_vanu-3g
z*ZgQM$T(UcpDvIO7RX!e0GuzS)L!$`6$Qd+EU7@QhcACC5Dpi}KLUlbAhtC}uaGjD
z>_RQM#_><{jWr{Qsp*b`a;$i-TgK-OxfTkf=HOq=ev3V$-hp634TWuvjDz-?BUtka
z9!_)=FOs^-jBywU(|u!8T?b<zHWpgosdk7G<ol@|Xq^LMpa&33z%HDIN;Wv;PqD6c
z;d7|2L)eKL>M}Q)@W`!|w?jYV0!T&I;@FhC5ucjwE71Q7I!SMZj%dP~Ku45T-ht+c
zHQ$*X*`F3=P@6K4f<pM;wANt#T-|~+v|4IulwvW3lwBkG@X`n0s<mh_;(HW-<jE=0
zW59!*BZDrCrkl{6k49zcnExzjom?=Y=nq)GP5MZJ5$GFx8Q#%S(|!dTjB(h}R8>nU
zIZd(ydXDUdqR}ke%ER@lW;cjytHlbSDJdWX;2104L?$7=cT73=t~ZJAP8kH8_5S|s
zD{vt3UCUhfQgRZet~|#^rNB&-3z7_#Cc5RSk5@Z7ft=uNGGb6Zp2gk#cVtz&CeE!I
zZ8A9%n#8y6wiHeC$I)+|cRaefQg&VCM?ZS0G_f?dYz>oa#C9g7Qy~*mC<kj(V7jH~
zY=12N48N{U@-4GyK4<-s!RM?o-~oFu;3J*?&yu_44(4){x%`*p1IoPFcrD=4s|_yv
zb4;e9v02qsXea_CG}hrKk9@yFN*jYtpfe=-JGnNi83M~L?Fwj~`RjtcokG3s|1s1R
zGkn=?@Sk6K1>q-66mXN!<y+Vs2$5$hZw<w_@}{u&+d|)60Rd^q7saEb1+4`O8YTII
z$~b`)f$rOjhn-}4*Pi!rLe*>WTg%>svRQI%XZBgHBa$Q^RIoAV6b~JvNie3gaj=ng
z3GuGS*=gIW1mLIAf`GhTD-P&TaS?EmMP5hRXTY?!+Z%F-r{y-}jG^E9oJ>=$EG3B*
zj<mhGvJE1Alv^g*(7EY<bLE*9_|RyVrGEI~JNRH-aX^GZ;b|=Vjf0?};=7JCwGeVS
z3v=;9@^iF)XxX<=wz0Ob`jX8Q41$m<ULeV_5Bz5|y0yywqPWjV!}>48|Cojo&su7T
zl^_+#60!{?(Q@L6<n)$HODG*Vyy<rD`o~b57;kc-bJ?t)@D`tZez^f&K%zXi?2SMv
z2qKd28o>!t%s0U4m7-;MPifJAbG@EMnz{M0R=YQUTc|5rk_We1HPT`jK;`J|Y`iyF
zZkJnkA09u~a`z>!+E{PO-+|?i@y@XBJ|?%FGb0Ho#Dm_HLGW>~TyxG08@|U_20?q|
zR=!Wf*ALu_bMAX+p*2VIA}Ur~nBxYa4lQzXO1n};&q<B{x#|S5B4$E@^YnyN=W%)4
zme2l%9w(u7-<^C(bbkf$wtNYnHd?7;zQK>j@Z%5oF(LTT3@n$NT2|#e@)TV^kh!^y
z?mw|(2-?zB&F3M5c*so{f>v}@r97l_6APJxA!ztk^$ZU=z(de(nOz%O%|o{Hkl*R$
z?B^k`^N<mG-Arp)$XXtffFT1hB$bEU%R`z4Ew>yVGM|Thk0D9a9v(7<hcxOTr95N|
z55a>Cxbp+;;UWEb$iD@>Jv^j!BMW&Hd#icdx1#$B;9k&g2}McjM0P>|IxLO%-OJw=
zLBC=DdQ#~=XT!)dy^m#5m%ID%Ohk7)UOGLXo7N+~WpP=}gtXH5XbTWgv1CE6OpepV
ziu2Xw+Py-)WmYZT%M@=^$qb116^}PN7%xGKS4#0>OR^!}ejaZOkC)rPir}9I(wzvD
z+bI6Y%syelSpEs`1<R^t^QmTktQ0#F`nhyzJS=Z=tWGiaEIL+%F}Fd?+ywo#0tIWj
zm#Lu=O$YtemB={!8|m(3|9>j!4yRWtu^ap^RHF5xe|;s6c>muk5kdc&N^Fw9tP)wV
ze?=vBvRd5JKNh<WIk;%U%Zrs&gJ^s`Y1;C}L+edSSx&3&*7k-zL^aap!=ejUbvcZv
z<)<yx9wd5zCCN3oK6#9Pok=%=G`Q1<YVv3F&KyUv-D&0g+jc{Eqv3fke-_>EK+Et(
zba&ba^szhH0#B)Q2f$>jYr6n%LvX$yh4~KY(%@O(mB7WKNx4>TVa}c>B$~+oY`W%$
zdz<LSV>jsVa;b9m^>`7&+B9~dz-?(u>FSpZ^!JQykg{t<_g+E+uPj~5K0<sZ1dOQ_
zE9RKoyPU&H+Y_lP9ljSRj_5&Iz8)5U?^C_-2Jx%WL!6H_enlTsDFe`oKufgf3-S+K
zv*CS8Ig-3jdFlu=$X$(ha^YezN35`wwx8qNTiQO}xqD06hQ~}B8N&5I^E?-#ElS1A
zxYG6nXF_Q^&{d=~FcpjbDfyPhvHfV6qwyMjosj7CxvQPBV$pnh*Nbj4+aQd(|9}{=
zj>OgV(vTiT0VkD^u1>%d!A`~~go&J)D^|q0A<8*0Hlf5ZE+t`tP;B#`!~N_ZhI+zE
z+wQ8zD>MhWcZu#+m>p30qVIF-<4o$|Zliq?;)*_Gw+Re?(fxOdohZ6xdPs171!<jo
z+`t9(?uDM^onY+UZPw_$%Vy`Jcwb7}wQaD{{s|GuQI1^O7GT&MfG3A{A#|YkwzO*s
zJU=*xXMI@?VP6vyQ))3h`}?AwD4fly>}}}7_?Yq%=0ab*?{UzyiKWk_kQtWU;EYuk
zQQ7a&R0+<#-lv>09;-oK+{c+i@0KV0x3nYMGz_8fLiiBM5NHUAp7~v<=3Ep<`V7`z
zaWIfhLAN$dfDXukaO~=F@LQEg-QS}47r#MnhGXj4`x9>j2ii->9tg~J*PPivyVct3
zK-<J7;(PQRM!;zGRet|14kc8Rvsz;<{{|sY`-4#X1MXc#KZFjJ2jap83liZ-gT*0_
ztz~zOK8NLO5r743Obp_AE5kD}i08GW$E{A({CvVlwwAU5j-_p>&SUN!0F5)pcU23_
zi{g>$Iy$Uu!jx_~Mw>9=%KKup#5Sn?{?fKY(Q{9Xey=xOtA}{sde<8a?*{6E+|tW|
z#QvS`SzDWyiK;ibc?+?}@0v+uUwsb*ZW)1Jj$Iw>tM*Rbsas4J(=|(la%Q2t)GT@5
zp=@wq;&qe_Imp7`hb_?LMKIu(+MELcyCHU8u^>V3V0`6)A&jKWl;}RCzjZSI!xHMD
z-Oe}`2s0q5QF7JNrO^`VL)fiPG#LKaiC3Uzs@vOx_L5tY9?@k(!hblCM2Qei0E9&k
zidebwM?es*xuu;Terz(FCxkBm^vif#gZl^3eS14z+uMofFWJ+0(S0p@`klD87JhyM
zYaDB>=s_2un4}EPGlDGtCd%>-uhlMAZOv`Y&lR9#6bL~a_FrP)&y+(g%MUWjmG=~#
zkL5Veh1`~=Lh@6P{4OE2D8&v`Z?ahN7c8f!esWfT?yG0;=OSTLMjd50VeK?wWdixU
zZ$$Tx_@N9^LUO_GyHCKXuKs5XRRG$wK1Q!JR1nr6HmrAZex8u(9O=&psqc8_P(83H
z*;uKP??S7y<|n%7@z#9rT0TbB63-`2n~BqFyEeUM#000;c0RorowL;D%bEGGu*3T2
z%ilTVW6*olbDkL}d{$g3AXoFNIREnHrrb?*$KZBP^*yU`7E~AFt&S7nsT9{^rhIX7
zBfAs}=WES^CrlgTgX3jcD`q(}J~&@*CMC_Hc;d>+`6oeEoeQ6EGKm$*IPu)8VI;bD
zi0+j*h=GHr;>>&a2<wcy;Nuot_T~erOI7}HWpGlx*akz1B*5H_IIZ&KrIx~c*#v)*
zS^cIHuc*WhQSpk)<`}5V-FQ+7Wb*tAL1uF;2c{vq=aFeHBYK)!bw10g5Q=(t8jd`Z
z^2bATWy4}U^g{e<znxL&>tIF*LI2kv492x-^!fDFMq%mth{6(Hp%9s!j;P%-5T>QF
zrGz9iXJ0Ph)GJ>f4^T5^0tI;5#F~L+z-u{wZDg-2Ogcq)kKX{ot~|ky627qeXgF_x
z_g0gEgu}Z@VDEeRyOqCh=kGS8N>9Gf1%Pi;lc9&Reo`-Qh7OYVU>6X93R&H&2V1xp
zuigqz4NPD~(Y=95tY-Fz;%bfAYEq@s!7RKcmm;`Y&nr%mHpSS6n5dTG^R?mw_npF3
zg*vU3Ut+CJX`@-GK24+RJ>H;ily55D2&m7|A;Y7%`2PgnS#`c@W*vu1B&3D;Ks`q&
z^PfZhoDW2Hgy>#t3btN-z>qWW1I3Lw=TRm)fo^MNr`z05Qp)S0C$ya%iC^oBqV6t;
zMmoJMB{;Yo{ox4*zr0O(#z8~Nc{LtMH_?EXZ?Y81wn7-~k{qL6N<QeBfTKJx6YtFk
zE({_q9_YThACQ@`8mP0I*=?kfG6<RggIGn|O=uEs7`?vX4UXuk79)~Jm9-F}o_~sg
zW>faz>*H;qm@LANkA|OL(_GzKm5ZL}(r#?{EneLQqr2qAu7JD^rmO3;pgizoR{+HK
zZ7qBC+Yj@(hRFX@(7*Z|ygKcao~@_ZIn)~utJb0$S|(cnpFq(yxDdi~kPDQme{^9Z
z@#cy`a@&4P>GL9f`ZgEvwn2%L-9I^}XMKtHqa`R?9_a$MJvkpMAn(<bKid7yPh;|r
za6-y;{#SK>`TM)2iPbQAi}w516qawM`c?(&i>piA6|~EplDuaQt$E1zzgS@gq)^gA
z>u;%{2APW_Ry6^4Ng$3UdXgYy!a1TFFD98VMv^;<exu$jgxC*@Rn^2ji-zWwww~i0
z0RN5w0s<0tzE}}68HBvAu;m%ujs+LD{A;u+*VP>(u0btxu5XGU$9@mrlqEoDr^%Mn
zsaL<Lu{pp9Dv}9#K%E+!^XCGmOTqmnS|7o;?alc!pxC26>9f){u~<Sc`MVFa)C$!m
zlk+mMVk(F-z<K0Pe<nS)52p+wfs<~+IZi7)dk!$&h)t4Pb!9oU;rIU<O-jBFYRKwK
zp{h(%w14eW{8pI9c69;QurQvLFRQrOc>o>h|86B-{Iqnq<V{J-3RKO1Yb~sml>epy
ztME=pQ!)$M0=RZ!S0_+`S<UL!ZmonN>$DOsff68N$R2XW3k41-yFHlqJuhTc``<U-
zuQG3w2|&d-dr14n)eWd?NQa(0DZR4gAmppm-P6MFRjAwp@3?DBDhRr80B;*GXL2os
zB@F-r3bDe9L^112Za0^bh7&ur3dy*#uB??2qg&`sDEyAHDU1q-Zy_*Q&p+CcK?miq
zbg=@j!Gf*=X=)Di)o?cM@m^<O<Ce5wP>~<HXbr52y#?|?(LLV6#^^-+9RmY&j)jch
z{~vE}0v|<{Ee`h<(qNz(S&R!LjE$3wsEL52B}h7SLlsnO6i`N7Pz0HAW28GU!`4{c
zglpLvXGC#9nNgq2j0?^v1{g@fk`A~Kf+FIK1XQS^SprHnlJs}Zxz(KxGVh!BzVH9{
zH$%FrZr!@~+;h)%&yvK?D7@z72pT5@jRS(Brr{H|+yqis;A@$km2<xb1lls=d8~<a
zREx|aJMDyxctgD&BwSl$dAzf;vw7c;#-Ty@&#$wZ>XVK?2LT3xr$&rCZV?5~J`=3p
z0js#|7``aFjtL>mQ-NL2HM+h&(e>Q_ZP#-XUEgPP9W=WB@&Tjk;QzMkV4~}KGw-_G
z=z3A2>+=6?*X4<>w<e9N6-k7iwYwvZb$h6GC7=uJx*GNsY>xIP5Uqt3uNdV|99{e7
zk3(7ve$Xtn#`WJ(3)n_GVLw%#L!3TU+MFQyqlu?&(b@^4wRdK|M<&yQCZkC1mgbe*
znED6)BzzULSB5_PW|rwxr5%Q@{psI!HpA$Q{iL(;MrXsRvn=SWx$+Y1Y%1@}f3e86
za&AnwZwA$+@;dxA!f0?svH{+XrmcG;i||^z5}HQS7+mthukE;-Q_KfSZ)|FhJ)`t~
z3w}8C8<0}r`i^VzEQSp>z}R0kX4oS=j6KpQtS`Q(&@6;rM@ncB!cLGp)L&=NTxr%Q
zIX`wkpVmsa?s<&_-TNX-EL7U}M_~4_U(=DAYQ*>xe5H=_m0RJ{LsR2VqUJ>VigUan
zH41!>oBGXj3F5aRi7T#85m#FD-5rJyC9^XiZCy-KSX2+-Jd>+{!>ziH4>uhk)cgeu
z)jH&w=U&e;=@a85z=IrVf@!)duY|YY;s^XF?q7Wm(q7zddK3-BmBV<0dTfCBtglNF
z=aS_3Ui_pZp1@&=?a!~G`pO##Bd-Z^bpG>C(Ybzb0-bXv06Ld-{Iut>7w(zRbMMlB
zyHOS-d;V;^u~E+N`TLI%rj7c-_VeT?s?LRon6ah&&*i4dyb0?}@djngxEJss*SxJn
zd#M%cSPh43%bnZGo6=l=0<`lFO&Ye1>NW++QilZ#eQz)5!qOkMsn`7N^TDR@i6ygT
zbzG*b4w?tA`&5T7BHDf7dYOIc|3n=n!({8Ze~W0#KOGkB{;SaFpj2hJjxCD$SgoW~
z+a>k4En+wx*d2Q@N&kIRV-rhM#X>3Pr1|w*EGE0D5;6J#kD9Idm*A1H8;dexy=B^R
zc;r3vHJqoTQFwo(`}r);-Yx~m#d^c#^>o<_F4b#J?xi^tD`SRJd!aGj`(k?D6Pstm
zd)w&hoDF6DQ`+)ju{b(Soy3C`Yqxqapq)C1VS3oH{1e*S>F9g~8mlkdB!s@g7Bk5S
zsjx__K5Eg97a8hc+KqpNFNEHK7N8S2&`^Ym8lv~k*uXA%5cV7F`5d<^y7-aVZe@wX
z5{StWo3!O}Mq|S|RCe-2U{#_u?YlKuu!n5UC@D*B_4fXt>7zh%Mq4%(K_+AMIu+ho
zFjZ93K7{7jNZDZ)XMS4DrkLzFn%Ii`o#I2MGemXFAE1Rc(2F(V(#qCkks&)<8|i6H
zYF-|e&8~T+ey~Y@2f%}`>*JI8V^ZqQYUQh2<LWhk0*C`FpGE~#R!6@48amr;!+k#&
zo@2eIGW3sBI?PM%gXhX?Sws{jCmudY4=qbP@bFRN;SK!Ze7DkJU2?UkUUN6~dP*C_
zACz8#WjfhOU*v&7#2$y<jU>jOo8nes&^Pu^^oYyd?lT|9hV6F|AAQSRV{<0Sb;<$n
z`RzZsi_@+<QLNuJyZrp;ZyV1C;q$-DE>GEZ%JEEfQ0P@0I1tJ3*MWY#id2eEToFL*
zIxGk3eWf)X{#s-^mOKVvxZ_n0hU;Fz+3pa^dLaKgXI^p}JS;XIUYvNi(~J)-OGd)O
zYmA3yUp5|w=%IB<rl=0eq_G^-_9q^WHFNWT9na%LHAke%rYCrEBKH>5jCCw*hjlZR
zcHl}c&>D}aT#a9eYtOvQSK|ta{Yz$@Qtl4Pd;+KQ{B+KdqlEG87C)@~m}iZ*e);d-
znqj>4EPu=Dzgkv@&ZM`FYFED8wem7MB1ay^l|Q9jO)p_#LYs4<IxG)1m!0PD3@QGn
zv|~UZJ?hYNuMl2>qPOI87|f5a@WFiY5=X=3my>C)`+#=e$rm@?$u)gDne7Nz0IAqh
zXkW|){q-Bb!)s`itBp6%a!)9xzrxRdC3d_U-uR7%GvIOTi&XsU-cB~!U5@SELHz6f
ze3<e48(=E2h!`1j`LkK3gv(CW(5}+bU$&vTKBm3A>+!mj$4A<XbAa3B$cRzA>aY{k
z4>}n=OPUB`bdk33%C5su#2?kfwgx{7u63|}iE5!}_aL_;{}BDSiTf?c=I;?yxG+dW
zo2(AO@W4QN%f8ykj|7ft({s7z@-#1aSLh^rAyt&t1kjNrww+h(9gTVr`6Wjdm~o3`
z2MewVETscN-n?N!bDX=dj-KMo_CJ6L@Q}Rb1#ip_+%CZmQ2bb<&UHjsP9dt1i5C9+
zcjm_fBQedLacQ|GaFx$>TzGz~>}nMLP(AN)JXu3`6xn<N=B4B5UH%Dy@2}cR4TbXH
zO~@Qh1VCKhUX)VCHHAK<n7dkf`@d9LEdF}#=K*hYm3W0WLiK^wXhZ!QV1k@`763~0
zIn|vM&kN&ASxc#F85(j;r9*l);;*=Aeimyf64p0WH`seN3bkGSIModf;iD$HNAFiR
zWG*{`Z}4X2+#i*^QZm)_p>a^|$8-Y5`0omijr&1zwJKVk($aJOJ^4Fn4c!$pE?v!w
zKpxa?T7)am-x<8o6d1FS7w@Z^KODV6ffS;DO~Q`|?FCAMplIeo^ZY+k{n7@qx~z`v
z`Kf;uzHLC~C;qgC7q-OOr^3+LUbMA@>xC6<CSLpR@Ro~#(*mPKuV8%5z*;T8po1hh
zR3m_x0FKXW^e-g|7fVbY9>cA3i}}$s>itGfTJtFKcbh5C9N`o<e)<Xj54|*-4@+#H
zRDCkd^)G)qwCwGS#l0+G^380bjweM%tQV_~ShW!JPKBjYtq*`tTh^cui2vx1$0^?w
zyrnHKY>gW|Zn`oScN^~1Qep$9c4E|7?Y9TP$#yKL*PA-K&V#xHL`QJ!LjN3uP_wA)
zjGuXz+{Ql@o4=4Fv(QCWbG*<RXIt~D!u5fE!g~4YIQvXFa!@(xE(&&DI=^?a<|M8|
z<TrJ2w`b|GVC%h-;N70`kk(s{JZQ!*QBBDSE75w6wIs3L@=+|X`^NLhZ@m><bhUZ0
z7@3Ot?AByQhCFhI#CE%H_p#56O5<)=_sKHbhQ>h!i+4WkECN6^Yrp>)7LxrMR6cbR
zl|WVEaetaNdNePWJA5>r1IM+iN7J75_l|n$gigEjw<c4$%uZuP$&((SP_EJx`^HoR
z*!Kq4=atSs!TqwuWU?E@Mi*Cjn73BDEtgy#nfDVRG|H0P`QH2{cV!Wb=K-VoD!0_C
zivfSyCPw_j?Q-rJEifd;sp6k-<W{Sww2YNljmWH}Ur0*lSmEhiHU#QIJK3|h6s>-h
z*xTJxIC}`<$>;iU4m7OYOXm;^`)<Tjoh{O8v}YO3ZbNBd;T2{f{3vFvRTf@$lMsFp
z-~DJ@W~8KZw$f%6%2v`dOnQg5A82(`fe>C`!&dW(Ji<qv6C<_`!pG{PJ*3<y`pQd@
z{^_#oj8Hbog5&gC?LKp}&($d?`z@#?oE4+qDtssQb6$7mqZ&!sQ6NV8?;xmDH=w(&
zY;Gj79U}>0vB?(r(x=YKmX!9a(oZF2ah|obMp6TI7{FEHXsaAqG~6yMN9(DytQ{$$
zP=@EtQpDpNOrDnc^;jd69U}i;wpCnqm|Pfh_lRs)te-%<63c9g%2Uo3N<ZiNJP;ci
zhoAloF;dbZ<^pPG^oJ=ea%M@&(MBDuxxs~kHDCw*efb|?uPs|>U+R^|3*iZvgmhsB
z0B#MQv4VVHPD~rtTWidUC4}&(_Y)(c!a{6tah3M_0+6=7pNNrJ`==*F$h)_>)v<1M
zf=!A{aW;rb)Jk<Qm80#V($FqOJn0!oaDNT*f@F>oSKN|kphod+BnfXp&kPCraJbd^
z{oU#<nQrxtD-anl&!n2x?+;mYO1A*6kb?;8cM9w4tB=^tr>hUy&3jzc!g9>npx;RG
zGKd2D*v@2qR~$MPJ$<8~HF3;-J+6?*yj3vg{Ce#&kU|LC4}<KbJvBHMmt5P0&@IR;
zaNaMCN~$KC)_|rB>SCV$WrE*Hkvj$>v%yl9Y>&9?5MRH~M0Wb$tluYr*s{Zk1)K;A
z_&F?KhRLJO`ULROnFS~T+P!k55%>CHpx3YuLFB@#Q-g4DQ6c;=o{nA^*>xv+fvCgv
zS#%!8S69Cg?G&^#OAPRDE8)T}rn=M*bPyrfv}V<-rr_dQQ(&y9POVS_pGfShB%ex%
zSKj=p{GA@4Xr^;1U)W@HQ3qYbHUZ=+(3HIsXxkAa<-5e@dNEQw81MoBRox9x02BYv
z^8pppgA03`{Sx+B0DbBYz?_qaFB*uS0qVf43e=agFrE%q`lZL(0AxpDrL}`2k)|%L
z(65DegA4nZ{r6*cbFe$|AY6v$?%6^ZEl>EQ1)pHH(8Pjw8Vg>5EAI_AiGp{(exQ@L
zUXK=_PmPQ07vZ9c&b!A6g;rtZR=+J&6}XgBJ^#<p6%E@R!k1PVFYUw&6)p-b^AC5Y
ziTJqp3qTt$y9F1jVtU>yCg4B&Db%Oi`BsAZPeGf0CaF}w+BRp?A<Bn&@Q1A&Mi-Gr
zl-*bu&*fk<$Sjgc_rnfK)yi$YjiB|{+&vhDVfgiM7=6;JjCJcGP+y9yE#~-7sgoKW
zMrl<Za0=0I2FZqqPhqW-|CE&P8qpQN#=<$Y@4`52jL2Z&7E*rr5VK58X|89oOlDEd
z6v9PRNPKcO))+@!WDWYrsRR1b;KK!R9w8cf6KNftdwKKYK6WxDK|e|>Oc=ji9QFL&
zNwy7&B2YKu0K#!0{3PnU&??-QToMOtylb!tIEWM(Zx)u%LMqN`ij_rwcbfegJboP?
z1Mt+%^kJmu5sw9~OF*;D<NkZ<N}87XAzz!QcJh6cx_0<-zi&#r?`fD9=z6q(zD$+Y
z3?s<Y4>ReE^r$9a97=Vu3M0m?iyy*tuq!br#N9JWqaBU3&<FqE4jp`1EY53Icc<DZ
z@mb1ZhY5C{>UDr#nI}eURWx?BJXo^ML^?y$69WLy_P`Wa1ze0<BK?Pnk(EU>s3Qb5
zU?molR{k>*V8dvMR>RZC%+?itAw0KL*=ja^;)sjcl)pOxa`#OiY=Y4vV2MM&(V1co
z^M>R8%v2@C;_rzmb;Cn(Rtlko-P3b(Mm&inqEcWI!h3-psS&)539gzs5+VM>f`se+
zf~Xc~mHDlSyW*H&)_W!)^cnqLN58icA)rHS0wTEuC*();a`{Yq<QnW@v$3H>mM(-s
zw8xIgsDVVajEC9?_#W1HLHOra@e}V;L=ob8t^w6MUcjQ<+Ufv2JAqRfdD)$VO=tt0
zg9cs>e)btbpG6wrZSB4x2!53=0==8UXvf6tJ<y)**7{|}QrsgD;q{*rr&ws0M{m|B
zgY$dj<2BAvX^1B5&HZG=;Co3;d+(R9v#e>;mJv-5#O7us66c97NEv_*fSmgiihcpg
zkY80f45lgp;eOwbn9r9`<sM`hQZ0{OVCS}bS$&5d0<|~GYVTYe4O@-V<&=a+Ds8T%
z1&Cpwn_2?IVJ;AdW}tOQoV7*oqE{&WhI!R>Vu^TAYPqTOyO>WL9j+x<d<}PMisHbR
zsqcy$7-c0I)PWa!VW|aA3#`vOejHZsSEmg&rBbu)W}oYmc{hlv6)41-9JBwpjE7sB
z@p}X>YuY?`B|#jHz5`^yRTFrk2B7pbg$S!yR@C2%CQtS1MU`giW5-2>NQ}up0SF5I
zLhZH}EKlPd*rfx+n93VD`t-r!F<M<wrNz`gCPNGQ8D1xZ(dZO=5?{E5zwoblFoI80
z&yTrpdZI?X9qsFv#9UqWYIU5Q$9IFuqYg)d*RvuCcHgH27No{cpVIc1p?B?qOXbKM
zvv&0_48d%>e+1lwwK|3#AD=(i7MBu|2P&rSgi%LkGwmr|Z}=6C9B}nyCHnkmm;VaX
zrJwLe*34O?k8PjqVILcZ-|WLH2(p1}KpRA@d_anoCeAC7)M+OkLS2P6n+Kr8F)VC{
zOYO`cuC6y=q^j!8PLNJnU5ljCho+|gA_#>=`U>?D>&Nv*pZZ89HBk`AO<^Rl*#TX0
zh1bBZK!fC3xe9-LscyzGYE$~hkkHVe>_BuR_3i@l=Lz&e415zuAG>&Vxv?HX=x%bZ
z$2CFD(J`LZ<PdrqcV`6#J!|qhY(n@6c&RDv%d#v}5g-Rmj3!$Xz7#P|6*F<OY@og9
z%k}`%kU@7*KjeFsM#m0l1>?y96qZy7oxy@Q27y#3z;2wMBe9TkEqZ-^G$C^~3tvXE
z?1UoWqq^B{c(jf@1~PbnF54?se+!z|$8cx3I9d?Ors2mU50A2gYIYl$dEO-YjWMmt
z)`80o0}(R)L=?~Libwtr<#Dv*jg`$Y5TS@$SHFXQtO@2_eZ(rc{sj+l0}9IEUPwQh
zfb4)&gG`<$#BSmehs4gtO8B}jYrFM({{up3J33Ib-A2DLpQO?TtfSeS^bZDT039eu
z0;2kG56rh`J|nvJ3d-~FhT2bQ>mh{x3h&JSGwQ{m1{3yU3BaOHc1UcB6IlA>9I^VC
z4FLO`^KbA{?5$`~CdHZpZ!+Ol;Y(}QuSOt7#tlY_{{KnV^KgvCVEPH@(fvIrGI8yL
zO8|e_0Wx94wX6EZ$m$*LpMhSQAMsVkIsatg_5R)DT~Qsg;Ugq-lk?=rEpa)#O9<~I
zr}IfL+j(}3dX?BNDff(wnK9n5BdSi%2K67%XXRX6tg<lNoD`Yzh)FVkEU{YAIw{8&
znQ9iB4-ytxiKzO_Ur9q+q#>>1kWLA}D>IACCfa3or$b~DGe!1zc4=>Ubn$*VgY^jB
zR&|nXOVRze&hxP^ltby&hb((Ll_LUsJV(DSRUgHrdCrLnxPD2u`#B`7S}D-^IcJWI
zZsz4<)(pInXT!)@(4peumE#<^i3+I6xNQ8L&41JVOdGkrhMfJ;AHBg^h^2D?A+^Vz
zMCZwnQ?#W(U4OPC_59K3qlEWIn{`^Z=J$7`u7|o1nEz(PcwK@A<v?K2m}2<Prl%vM
z?<(y8I>NWjw*cSOT%0K6mK6}*VH=UypG(5`Y-Kaj1S?MgC|)_H;lsfuwf_zbA>Lr2
z1<lxzjX+n!oPN{W+Myde;^+#ALq^p=2o;hny*VdE=#KO+5U;kKCDAfOfEKNs!3bf5
zp*#4L6KQb~@LL=vEKAc?n;#F6?UL2zB-r2^%0Flg;VbzZRGBh>PIgt51|&5D<l2#a
zVc3`}*IW%sl`pa=4-}gH(vYa++ARwcT79mTdG4mI79sQ+p7F9aBp*>3qvs<U*VAys
z+Qshoa1^ouL6siTdt>oESF2Fg6GxzI%bOIjm2&ZdOKh%f^KPL{0n&u4Mp%9w0l5a}
zK|M~&HbA)HVuUo1gw-w%Lm`Z((wlN#2L1FaYl^+mBYgBBu8yP<dEvAd@%C{TgM`N=
z<~BlDcr1iC7Fi^qr9~(uEOnzG{g``GyaWENjCaN#6F03n9bbwzNB72j{CC3;lWA@&
zJ1J-H#IzHbb)kO^WgS(q;Jtq&jB-dRNZHl+SZNhXzlda*_OvRk?ZR@b;pAa;x#ztU
z_!y)Y|8FIg!sn{|HqpEQqi>zlx?Robb~U%#)q<2O!-F~XMy>h08>=kcZWwO%pnv3v
zYO#H-1sNWeJM!BR715Hi*2aIMxAa;&|BWs_*xOv*y%3s=Rk+fw3uYmn7TK|v&*2uU
zW?O|Yu7q;P>~|zykqqZ*#90)3fM83}kh8+X|5FYFv!89_pIBotK7koA5(tks)wKM-
z4K{&BekJiYEXVbt@ea}(auG?i#~X&+^2$Xq(g|m#(j*GH$0(W5YBP#LHYaAFuyV1W
zDeaD>Ft4PP5N=B|(b?wvg(Rlf0|HKjtWH9>75i=C)6e#&%WUY+mZEkt=5I@~DEm<u
zrLG^`!ctfaBnn|a?+&Ft?PMX!8ngC;be<v-$?PkRR2R*^7Pc%1b~S)VnfhXKt?7T3
zqE|rHjTAb>+<p1=+Ne<-aeeDK+_SCx&0a#;E!Y~~-e79u_-*uK*GE!6A99&!9LPjB
z=ZLOaq3k2Hr{S4IjcA=`7d~2AB&$|Aw?>X+bZ{ZyXb(AeH>MhMbqY_czz>=c|0VVm
zXDESlM6pEnnKyr@oZCs;ExzG;+DLJ&a%5t6e+CUV{R1TD#1>BYUZ^?xdQ-}NcPpJ1
zA^b~dqBOL-SMc@IB~mCzWY&5uN=Wl_&D!0A6Vkj8dWonnmkmj<KcjU{KToO$cF|3+
z*Y7!-lq9w6pS8vfG@9BohCcU2@YD^v2v=M802t8;H*mt6e`3?x7g2!;ZYDvMM0&wX
zva7_t^05Z;Y@rh#bXSRRqtZ$on@UQ6HvC9R*Y%_blbuZXXj&1h+`sq&ph&U}k8Avc
zTDgPk<>Z5jf(_EoK`=pNAqb^lV(aKt6ex0Hlj-Fo!1a<izqjV4S52{F_-hXSYQSFw
z_-h{^@u1&kA<B+xfdN{EHqlN(g&{w#ZCh@*v)B0jBI_Zt@s3Ihz_H?0+!tv?BH5WO
z-0XEiWM6JF^;~Vz{#gd7x_~o8oV}qwaoy?QbX>8tpr7=6v&hl{{w&i^C5C%(88+i9
zn`&XGIx<*Rv+T$~^u7-TF+MH$`_-gRK7dX`9I9-OJ`3@4DjtWjXU-uL`3G@oN&SG>
zu$bGaeLNgw6m^laK%L+KlAWeqmQCTE?%+QNs-{hKu+jo^bn^ERz*<vQYh3RHeAx6F
zOh>=A16|Vcq`{_iQC*xFAMofqgH7DKD>Ml)zXgr8pV2lP`RjMkj1b`_xn>Xo<sngR
z7K{SW1aImu0`%n}Rmv`l!I@#96U=$caP9+@%9{mt9lWt=8uHH7u=34bMDJ`N^diz=
zYoU|qAPO07rP=IdZEoeT*$o1|#5g!aD~T*hL#3x@9qzdSWauP$1lu5}bVm!$|2Zd~
ztVt1|=190*AQha%a!tsK@Suxj<Ie>KjIpg7Lo+N!Om?LIjuzUUOYGW{1@F;&yu;_{
zeUUlzSKE^M-=^>jXqf&^|CGu<P0cots51C6Sr1O#4+GnI8YW+Y0DcQWy#Rl$KF7zj
z&SY?xg>77fm_th~s*l@6>s-6`^eKS%y=}%xi$0s2Nk4juu#O}SH=UXR#mJ$vB>bmx
zEqol^BqWtnL3o<!ARPh-3lbZCAv<BXWM1CDZ`hnL<U$<stF3%5lKFpnd#Zfvp0WiG
zJ*H09wvKwwa6Ad5^UNIE5ERQziF6EKA~|KJv|la2bPRz3!uoOP$mtF$$K1iTONFwx
zuqhqFd}B1di8t*pte@PI)hP`J70q1;Enmh)M~y~bHIQ-9Z$rD17+I8Nq9JMd$pHzW
z-<$Ac&%98KJY?p_L!ir9Dsf0%!NY+b!G-q4{(Do$5Y;x$r!kZV7xr3ANecqu*vd#r
zU9hdEupAA^h4%^}FWNw{Bg$bADXuGohv<_QY`d589th!kaIZ|jcI3Bp3mGyS^u4en
zy2T?%tP!1jO3j8N9{>?u0MJh&Q&`^zv*}?x0gDA&o&J2BkOZ`7#YM1d?4g~3BN!PO
zzRkiz&CwA<WOXS{ZSLR#^Fm)l1mObXue(4Xv(GSo@NP2+B1P$}S~+x3(cQt;ONHeV
z;BG{$3%0_vFv1$=JRDnA;;ZV&)gCgwhVkH+%r;btR1M=nez-}Dh(PyV<(3>IQdajr
z%mfs4E(CF)Ls*U$#u^LvIYxi1NYPK0r#Fn<zSv!f@bjycxIkTzvVp$vv==<3>RzFb
zac+nq8?4=0q(KWxe-Y}W4gQe1#_II3T75Gan7`8>B|29_&J|P8cRItVJvQRKxQt2*
z+d&@qw?u3%{VB9Ix;_)5)tzw?5Kxp5$Xqi{SYLQkQ80d;5JJ0kQ3&p1`VAdR0CtU=
zARZWj(C(Q6?b4rdNS9t#c&~pTpDu8n1ITp%koqUsNpfn&vRxl1zw#nmw`D`lome)9
zfvU*!-Ie(2hGWo4MGQH@0wUXq`Hp%B*K}v`U=z(6r>x(=<Mc3>9P94{xlU_d`d&O#
zh3-Q_xEy!|rBX?pwV`_t`B^v#{0Aw-?6u*>j@%ItQAjxTIEqGd%(#ok4dCuOgVA<L
zv0%r#uom{Ae)zUF%&(G?_lNM=o8NREjX}@AG=GA|c>g;ZgG~?2OVF697p5`TDDclD
zjj1t9T{Py?>k~6FXv|{sLOJqClE!#1Kw}pFl*ZgX&!91j|9_`3<QM%66?ohoM?vQx
z2;odS^R6%ao!GqR=EyLY|2HTokk1Y1f4?Kgo4HJbc4yv&CSt@5Qt_B)AI~zSkzc$h
zj2jSwE77$Ter^>N%_a%&)gV~R+QNQ@;CCA#%vPS*X<FBc>6Zf6(mtO<3iZT@tpFtM
zj?(h{s@O}~7JiqEHxy7^gz|XD{KNVqal`-d4sU)unG)tK`aDiU=R#2=dmeDHA{qU^
zWaMX5ufgya7qvhB#W1_p2%#ISbe@6P1QN&gLU;xpWDYw08%$UFwcjtXf5jYzp6yc~
zLBi(0*XNp*9XKtiflTs<Xx3iJBh&FW6yD*oqRHVAli!)hs{^!IcC`qhKcKkbdU%H^
za2#C}LR60koe=LF2(sDKxRLn=gNd=O=I@L=FLrI$V*pT+Hi2);YVX^|4mM4U^pE7w
z=9fV_h!j(LfxL;4!fesH$eD>vbF|Za4P9dgPoJqmTOqW8%*TZeiYYye9ps5@L8hiW
z*BX~c4}E2JmI*UmK;t|go0VOPDr4DfOch2)A}g!RRdgbR*@mRZ)EuBcSd+B+m_=+p
z0BWo3+9e4S_DD)=525TBrHbe@yO}pf2pLzP)O&{sAsa<~cUs{pPY507&unltLI{1%
zuX?~$fe=Ps0lx}qi%YK4{)fowaav*@OVu&U&5{1AX^GHm05i`6MEo!(ziGDcC`@9u
zFt-{r-I{qS-lY>7W!E>4pOnq@l53ZLh!}YsM(0_X1O1lv!=Nm@8irSC_$!Yu2<5Jk
znAa|Z9wN0(cIF^dGs!JZHXnj-_BLrZ-3<C0^ExDUH>}MyZ#|Y}x|u!PK~X$<pH9O+
zFdM^h_qN58Vf1%&@Z;`-j~IK0v&9y3={4@)q8{<<#7Ifpf4Pp~;)%Sr!9@e{esMhD
z#9gMenFBFQ4I;A<PR?EF;It5UP!8oix!>%ru?@TqpX&oVlJ#Z{2QE3Xz$~+e2blB+
zaWE(&;%!~UcLB>kfNibg`RBx_hm>s;Ev9wPA&a@O=jJ!%*OLzhKezQI0)X^!_zQzR
zbyuemfkcL1iki}gVk)Y7?qi_OBObh!D47%`^}wXB?L^7+71YM^o47u9%gsnG_USKn
z#JlqSiZkmab{>ha!}@($#Pv~HzG-mhjyV$h6d3FKk6@Y22SLKVla7YMBh8e!E^wt7
z_0s9~Pnb@(e8*bO!>yQC#*A=U)W=xDI@+FRh?7ONp>kVtwb6b+Sx<z}8>Hp~535i5
zmq+e22itCx1<zhd*@mHC{X+Et9k%ut<THImpRV)<X=of`t)RWjOyB67`?84wUYj-a
zCC9&UqyWljlmC|@AY{}_Np`!=2Hp3N|3dfqM0+G=oHAcJ@QyvPp`aW1>tsIvRqz=d
zk8YJQ&)ql}Dd`sS^TETf*kv5gaJKKz-4Zh;yQS1G`9%f${NELYn*2@!A|Z+@u0j|D
zjvM#plC}3xY&YB#LJz_ffMhrCSD)6&=h_bjLFl1RkEht{r*0_Ede5|R75tOp2?WxK
zffge-J%mhR%p&-s-GT{)GHF%QesB#oY42tva$UfkYPchW2BZ;__yjIeT!|yYR^LJk
zu8~Xe7gF_!v|A#J-Z4#z6jqAWN7J;K8OFj@ORR?w`a9VKzmBFo<{E4uQrZF>O0>v+
z8l{40k%O;CQRa-*be)|}a_cYf&B)vwk?qI)_|+$Y@P4Blv5Ky5L}9`YqH+!hug}5>
zNYqV<MTO<xkw<NdCF&l=Z;azNtWkF!zfsI@*rM(c{Kl>PMq1Qez;B>kKk6<tC8RCU
zwax!4iG3yIR%3)&wPpb{4b!MWju=X*{UiQmIq2vH{7b1p`a2%zZ`I=`MRS|vYW4pD
znOD^FER7PwM=r%8_HbiZ;)WeAXoQm@o_CO3Rbv`()>n*7%#qmbb}?FP0IZk*hMD7|
z#hG&mX2sc*>9tx17=5K20vLS-F#4Foi07jR7!?~ZT4ym}RBXWLF^d7CVgp8xS_~K!
z8!&prV!)`_fKdi2*u?~+4d=lK^Y&Jsvd9tJX3nmvk}!JWd>DzY7UWUYK36ru$PF-h
zG8IN{fYFnwFnThN_xYU|wQ#&i`}CeH6HZ@>j_1)H>F!{m(-e^5*^p6#Ib}P~@2Q;1
z-Q`-)@g{$#J}#c*6R6!~^ZWIBdS~K3xr2YJ4Sf(LdEDAnS?9Yjek`)DVwWV&@h)_}
zd;zyb6xjsy5mJseYDdSn0pS2SWgCzRA@m6O;Z+lZQBK|{0}2%dJI#_X9;*=&SqU`-
zz6UAi3lxJj&7Oz>y!Hm%!lN)dQvOc#9b*SKSbx9Tw9&Q-1@RhfHJMk(^niAvG8Wom
zd`vX0ZKSbD&-V@BF~2(2D(CRveC=@ZdIRykrX;`R9B^w_dwTx2uJ+VlO|m`dc>4OT
zYkL2`x~_>~KHt?pUEiPV4<yAFkvT53Q_kNe`WEO#`}iVs=S?$><Orf;Y!#7z{ezz}
z;Lp&L0hH$t;d>iqz@yl=B5Ty2IG4hYCq-;K-M8bhn;TQ`d)W?jGx>yP2w^_}Lf`?9
ztX7~`2+Fe{NC&cFw;S;TO=W1^GYg@wZ778=&4kB(7w|>8zt$3nt<4S`m02fpqNi`A
zn3P>IYY~@i$9}to^Lg-0bj+n7&AOYSMMC&@0Q@c2aV}otah9004(EHEeeWVFc0vfn
z%y?F&q4%W&giEK9rlkLA!=ugPoUsJ~<<G_3Q9(iy*;(Qy*6KlLov1c{cbq~Cfcfvk
zc-SdUez+8_7X`1Tbb{jW1+kSh@9@DST+YDkW<la84>%njHq7Z|An$5qmcT=|2>wHP
zCvF7QRPO^L=suI-#!SM$_{jtgYNa!|PT^LLl3tM~gwLiK6YfPMZ8IH&@kAD&{QY?S
zU`%4<rUN!mA~jL)q^+BY7Ktg&5)^{-<j7Ne#FQ71*_<2J5!1zt1?(U|LYw<}0u0Yp
zK`(A$Wz>`1vI2A!{~e+lUW;fD*}Rss9mD;U7K6fiBc2O=2v3v%Is^)W_Cc*De8wZJ
zU*ybTH3VBEw@qn79zg%m&{D+brX?=|A!B~flBWA$LEr}!3jq2D9Zb6)<vEmx<J#Lc
zL!P_RN{7&fJU6wt4HJw2i9@K$PN#mV16`mRJkVDmrd2EoC9p^tvpyf72S5|TpC%Hg
z63$Sh&xYPWdo~WDweCdJa-F3#gyCNC#5~;1D5KkiFsheo?;?OZlIcq=T>e^6W+=AR
zAQM{X;NIW6Df|U`r3&FpQlwK*lZs31_Mi(UXffJ>PmEPToe#9MO=hlF&d_V=5GZZu
zeOY8H&f!`QDu2gN;9kEh;Xh#!Li_2kU|A-u;fBoQ8dh}}S(lC(v8*|WKmQJC$N<%f
z>nM145U$&tnyWs6HeobE>5p{x$4JYC@p)h^3ng|6w@VSmgXhtRL1|^%W4BPAIY6KD
zzBbG$v#$tg$Y4M<O+MK}9}C<oj|RX4qPlx-_o<Z>1cM6xrF5)Ph7<HfUQ5i=|4%$V
ze_3YVY)Hq|6lgU;F1^bsYQOpc*Hc#ExBmmuZD2gCrVCT_dpoGpr1gIQ9S7Vo2O*F!
z{ZG&4AwaEkGO)A&6KE~{5;OTdLj)2?o^Gcj*4<iqkJdOM!5x5eO+mtgfE)0z^IE_|
z|ET|N&j!!iv;U~Wqbq$gW=|xP{X6^ulKvg{f(|0lM#I=2W6$&a-c|Z{?L6;9PAV)q
zwfoQT?3(YwAoVkZ7AIzx3n4F^mH6zk>dgzfxTog$Ymp4XhSn;Bub>6)Fp)2qGg7dM
zwXaYD9&|8$MLM5^-<U;&4+wqU49qDo2>_<2<H6d<=4-f>8XZOT4`7%)oPgwOp2jCf
z`*`qsbYcal?#}{XQUFFkxxcM|EyyRebzP5y@Soc`tX~EKp+9FN0-Zr!tbkiYQu?(~
ze0~A0>BmHbR^OY2dvXgOuy*q9E=p5uGAPXxrc_E38`G8u%y~>?x{n?5GR>1zERPQ&
zoDta$e@So!VuB^O0{5j2XA}+E;b+5$7fsRNaZ4iA=n-uozQr{COFX*6+)Lk7HoQVd
zRI-Ta#pt|;!tMTH1+@xKtI&n?8_xCj-vs*cB7n8O?}h=Zj7Rx#t?DLIB5H1feYJ7_
z0kuGT>!vQd#T{6Rr^yJ$qbU5GP(4N9ubASzTnMATp8BYrhrMHN#(Y4v?`^XAtf*8N
zOsSF^>Shc>DeYX`f43LYyD~H8e<$bQaV=hSg2n?Osrow``Z@c|KT60b&=YX^wM2~O
zW}-J7lHBFXS}ENU=*no1b|;SDy{tX(juC;siZdqo+^ytTT5Ll~YdEpG)!Xfo+Gh(T
z!=^mNAOIUfq3oZ{qOu^{A`0UcWMknAb1i-=@Rb|nGSCO<6UI&zLJrE_dBQKa)$w*x
z3$Uz+xd$laIp@nWsk5jGUU(KlXt|Z<@}B@_{yX^ZrBzDRbt}BkkJlXgE9G78ev{&Q
z;C^(x5&MM74(5It$M1IoNbgj8$^Qf{dayHL7gYzjf5Deq2pz<;n$U^B<Fk$Rp40-Y
zHvuV8y*1kx8P-E$kI=A7hl}cOl0bTSDFMliXN5^Xd1(@Xzv(X~zjr<mJ~rgh)On?$
zyzoDo&o2`F1G9Ehb`@h^Na~B3-SO*5Gwrg=VfmW7Ff7(HQI{?CyC^vr-<_L{Axh_c
z*QYYh!FC3oH+I&7JfMvqArVu@9Q|b$=WcJc(<xF}3S)l`n*c8aykzajdR|M6QwS|U
zN{?gx)@<yB=gsGVs8_P?)BgxggWHqqz+ZBM<nr%Owsd03E&$2p3KU-)+WU(!lmULh
z|F5{vzHqZo0<Y-}-Ti0JU-ud#&syYtl5N=TRIY}fc{0Y?yNnKfe<1PT#V!y%fvjd^
zmme$aLcLFWSA4e^S%-9`O9(`wJ}Smp<@e`|ycQ|cM+ogk2Fg{eA`_u@q=YhQR4uyj
z{`Zef?)~IOArgSQ#TRh``Eh4+V7AcyZ#i%O<Dj2Hxg+us&a9h^qdj?y5B8z9^RVMi
zWV}bZdBYm@LQwUS=|tNute;?08U#^Uil-h(`SR;$D~o$zI8=CYp%C5+uWft~gO^|5
zDkvxii=!XP@n@=wxofO-VYW8*5-uCz;hwC{w4)O-nnKhk^3Zp1G72b#>ZAgX@X;_)
z23;t=6d|8c1T7lqJj7P3PP4m5-{rLX18#tL28eTag})9=o9zvsSa2IEJgH?Mib&?s
z)yW0IM;RsR<Pp%I`tacDwk-D9vLo2LveoK3vvk+&@XiJO)ya90iRN%Uo0Jzw7unUk
z4pR5J5|TQ?i6K}1f$zof&`b;0`=6pLzlA-75W3Cafl`qvR*V03_ZQfkOsYU>3n^Ad
zz0aP=j*91DnWFkOxdh6I{OiDRr{Qtg929%7DH^QdryqVc@Slr(YQCE_N}zdG>pk2`
z!`Rv7l4?5%cr}+3{X~5Qb#9LA>O=>!5+S6cqyukTKnYn+r~RPb;=Sb*#36)hNfdha
zb`pgoREVEP;RL;8-=W^d&*c{S@pE`C7fLk0yd~j!IXewC+MQQE-N?_-YSpKIv~c6=
zUJVHi5R|<jBUOugPl-cX&=s>Ljr?Ay2!yi8IoIsJhv(fz%n;QD4zySfN13?91E0%A
z$=!kb8}w^8+7xhq+fjyhcrd$(5JrYad~t_aavc}SzNICK1(N>i9`4e+N?2cFt2$;2
zwpskY2)6a|KN4&+`>#b`S)5BL8QYCMUc)3Z8+jhD0ez-sAxOe=FqJrt33JwF@`Sc{
zh$OOc_6i<wGg@4>9asGV_56%C=_L$b99D(Wlo$!GLBX91y?GU;=Xnw{OS}%-<^lL~
zWOYWKh&hk$LalHr5kD=zUTXdk!}B{ab_VPEA=KGEjMM*tr#I#`0Do<k*h#7SNSe$}
z``8hQ9hX?M6uDxARDCo}wt{wmF3eb0@G(pW<X<Y8cT28sCPr*m3d^&|z_-n<rpqoZ
z@K0((=eW2aNa=3whZ~;KY6YqZ*M#s3<O6lDLsBPX@}oIcY_F($3ueYHBfROA#?Msq
z;&nXD@Q&2@0+{xsNdHnF`w<{jz>|nzxi;5UVfjcydCm5yCfN$;$iGQRojvSSem$bc
z9K<_R4gf?{e2t*u#{=5m0W{jA>ceSNxvU`#v{AD?b}{0Qxl=aRNv<D-<uzoFF2Eer
zErFvRHm5~q0CSNxGG&Tp#hJQFGJ{FZ{Q-n){jE;4Iv4{e`JWD;FUT)l-@o}n-=|s2
z6wp!ZaCg`FN0<$Gawsbk3e4R58q@sN=`w1yktJqr4v7Di*))L~iPdO19W91RBZU4!
z-gM(Tkz7-m$dF2_aTivAJS1URze8zq#Ca*qmgnOdZ%51dy&km>&iWo$>w6p?wi_la
zH8;_;_aK&@;aT^;0CZ2II)n{rfVb)P7_R^;n)iriO>%u!>ccq)PI;I}^JUZQGMnZQ
zm6~kXbtLc%4keG&S-_0=<RY2P%ahr{95FhsXl@fO5IoWkb{O)CoO?P}F6SQ6FQzm=
zM<{yT*nf99vne{ntuXZWwCk1d3=6(-=xC1iMCv9|MTJnrVjw0`+5(gg-2ccTI8KA_
z7v<6KXc3J=zl$s|w*$7^oR^4r>>NxHkGOfJRW3l4tm=I7HvLAEiPJq=X{2yO>+}bS
zpIa;Gm;gN(uEB`FJv<{v#I};}n&(l$RBe`U74*9x@N;s9B)<!oGVH<yq8c<&lXBif
z2rZ&aSGFQKGR0YR-f+Z7;Wll5GY`M-PICQk>+i#xY!8tk9E7?&*|QKDjJ@*Vh>`wJ
zB;p7$5vy_tI6x=pv}!L_E9YzC9xZUxC|&wxauhi@ifoeUxB=wq3hInXd|GhmtO|!s
zLmb&PL<bHr8;6)9goQSqUDB@hiiHqsrUBbtFObm;9g{JQQmD%RE5K@-Xs(7!3tZmW
zb!mmmNnMw=5b`Iulp}Yf@mpyjtb7c&Bt&o!oLM!QAz@$ZnPPr5Y*Oem@ULZu(9(qN
zTD1tS=ERyw>>}NhFhlBFTNA<C6_hL=Sq#XJLU=kQ>bDwT8fVuhVoTcSu>H~vI!Y?c
zmLH!bXXd%CMAq~hK5aM7A9#GJ#N$i7>{A|Mitdcdj*~mXdXR`V&!GeV2*!b;C^?7d
zf17(t+5mF3r*o#$w4s3-NaoKZa}A#*aQQ}&g=fT#S%}KwOxO}$L+1$3CAVW9U>fxz
zj|2(=QpZ^{X+uJ&5Mwle%0#?DAKM3Sl+dXdf00p;K1Ok>{JwgTsIHvGy~AhF9~wH*
z01uYIO*&2>7er&EJ>g!Y-PVMbMbpxY`S}{=!SktoP$hd+j8YT^*FP2qK@fhEJen^8
zyzyTotaqm&#kKl>Evvp2n2;!y4$G`o2-#4ID*wdFrKn$Ge93@(UzVwPtIduF^0!l<
z(bS;G`ki-%1>eS*Af)vTUHs6kbeM&Zh(%+P;49}spLdl3Mgric6dqOsttfmqGojBW
zrw8h+dJ(2+n3`!oO^$fW4agz9=v)*2W^?Nl!VLCbraIMu7D*naNkG?xvvJHN_&NZo
z9DsBiIa@7W1>+=eS!K3(g~+@?8F&Hc*W}!<@9w7GNvfGf;&K?F32Gn{wg;k?YeZcD
z7zl+SW3kl8)S#?>NONZ^Ia;jbXhEaFf`&yY^AtiwJZORvJ5-@#y&6ctoD?L1UzrT$
z83PCgSoqX!PVMJE;yjnUuAl5c2R_iHA`}PonB52~qt}#{P9JCu6~}IS)#R?c_|;cU
zvfypOb&_7iQ$6pRQTUfltw@ZYEnX$Fz*=~;?pEHU>Op*sEw0sOO0Drqd_iK{wc903
z4ATr706(Nnz-ROZ-)h<o5@qWs>DnYfNwsWj_8@OoLhD7{#F6LQ;3x3k9(K{n0m6>J
zFM88TeZn97*2IV>`zOg%_F>uG|2Sm=rcoIyM*`(?WN{s4PLWxIq~3sjg|JxKpX~3&
zeXh>Had&Vr;@io<K;V?0UozOVB?re&sTD-Q3$Gp8xD4*(!+ftcB@%z-SLqvhxQhN5
ztv4kixCmWut2A4o1xO>(Ab+2(_D@3lrnEmvStfHpr{!F2<I4$Bj}Ur-E}X_fZoxHx
z`?BC^fKA28OJEHy>pEJiS!+pb_pZ{`O`ui6P~|u2=TU_8OA|Px`vHgnng#z3nnLJF
z>rc<)W8aIacLmw|Q>hZ)-MR+1qd_Dyw6#{911vmjlhpZkm=hT*M7uZK<lgY|rd6hm
z#W-HjI$$ch5|;gk2a;t!coXczJMswhza01z&>Iu4Y#_@#1tR=CpWGXS&~n<vBj8@;
zf5A)I#OrZ<Fy<>@08L&8kgYRq=$gHo`&YS}mVM4o!oJ4aYFQOUdz4jJ4a+&<BPNR=
z&Nfzd)%vfXv@&>KsWJoT)c*T0DDg_!wJUIhKK4u-ZgM(E)N1pM5xj&SfIbS`D(3Pd
zy!MauxkS5vmlP>+<X1s=qxo%EmaTT#HL)cSi@k$~H)AkiIX&ZaYS|1Mu`q)LDGfG8
ziy*Gzqo%<6@M&n9RNn^3EK)*nQ{FSh>tvO#Kp{%WTSF%{ILAKtMo-XnGT|z42CgUp
zr2l7$PrK;TLg-ElB|9-LS8i=SkQ4*@v6VBrzNgYfGW|xz15w*htiwfq8f`FGOc<kn
zNRv>B*@v6_>5}?PkO;9i(;#eKJmzSips`NU!(jSI7S}bSlX)uw{(&;ywbEh<T=9UY
z77j%hg^k?5EqX=y7Sznv?Gn<Gu(?v^xsw1yd8r`cH&wa`tW;88AjEJHaib&EbRLpw
zL=33CNSHf=zg@t2G4L&aCl-zVOjJjlK|dL?c8IRVfDYhBP*QLKaH<tTsEp(iUl3W9
zkF^>+>gtx1++C@Z409|*W|d>QGhc)}M;pmfgtTnCUE60xTGk$jb)#kWeixu+r#Jqd
z)3RS*g%N7!FjY$8^KUm}I$<O~pyTMvF{)@YUg>wyp5}9Cr9;XWs;mYy-o$HHo&Qnw
z`fw8?4km;!4nQ1T4CKH}sIb*Ruo)fUkAKraH|@{_R80L}7%-qdi`%nlD{Rm|nke?9
z%lz!WS=nWGGis4vuZK{1QXQiS&xGYyQVJvdEh$xYX|xTN<H^p%J@~9^SLrnN89ZnV
zoYv8c(A`u<v>>q7t(MioFTNQ|f6F<r#EAnt16n|x-Iy$EL>gdeN^2OGWhx3>4C82T
z$DCpK2Gul@)LTFXn2<cZT+x?koTUB+{(oy8&^o&P8@ioWxrX#G?eH+Hl!~egO7CXS
zEef%qqlxc$wvr<x?O^Sy?+neb+St=PQx;$!PIoho#G79gj{AKcm2=a`0uUuA64{s(
zbd^K=)kxSFnG1R@XVWW&wBZimX#n^};8F|k>t-fb+Ytt4Nv*`Lc<w5RJ;QM!?q&o_
zA+(=-F$wzGxEoPMq~DbGt#TSldGsa*IOvzh4Lz|e5d%IMjeV+vy@19*b*|l`7TF><
z$IVUb88Y-mM2A|GA+l%C5Xj1Y<c8b#MOJ1arO#F_qq*R)1?$4IGF0BSiRuIjW&auP
zTLe5Y9$|a_DWd~^o;H;e48u2x68eC)Q@Mty1-$chO7<`GckUINW}L?WmnhCeH-H~O
z<N_J**O`gtN^k|V2DvlsX?GUMP?V2=0!SCZog_IOh&EyR*7UpMKmaLGPOKue-V)~O
z`7)VL^(-0FKc!seA}a*C(Ci_npp|3MAFqPJhiHq-kr`%fU92lL^emeAxEwJOoI?(!
zn^s_gQj7>V=~j+fMW#@IV?>!tY-n78c3)N-h;95@wK=0o&}M{5f_f;dSNN`N_w;OO
zO8c+~gq;<1%TVVc$~4lZ|GJ+{we#}CsDg2qHtIk@7BDGdYwGS+AcSOmH;sZf8TG(T
zp5YS#yUxvoUw|OGpHQeia2ihmc9PU3F5AK1dfQ4LjwnVaE3AC{!g_R}r83@OBJ71u
zZ~k}M^qVl{T#XnhG8Y9qt|R^<u^oYYeGr~6OOe1*jBm|t(%%2FoqJeSn3Ct-KGyz#
zQt-3DAc>ujBJTuEhKJ-yZQS<>qgP-PN@~$4a$D^#*x54U32)i{pCq7%VR5(_vvFxc
zC?DQyf>8mH{Tm0~3@gc*7~vIFlF}L0lf~8kmk>IEhUE|VxdU09lKwOKR9UP?=ezOX
zf;h}J3i4}Yfw{(X9j`S5%to7Ye`~z!+_8=t0u>7UAi2I21y3D@?NL4r5JVRpOiUA4
z8H>g?zz45FYQg7AW8}d}_j7+Mr4kEn0xA0wEy6RH#zh?6d&KB0lTh|F-5Yt`Xaq!B
z(R3i7xsBqOICM}NkkvBE@N$i*Cqj9vXnlc_!no=l|D~K;BbsY~5O7P8@LshDchm{6
z<R29gLXSLfW0t8YNUjorzTAn%mS43kSvTysJwBjx?qK7jCUKvv4Bher0*Oe@;pJ{~
zn0q76p^VSrp&Mxqi|$OF!=wMr9B%s$<}fg24g-ui&}dWrquzgPFgg7LMFBy5L+z{N
z!5P>34nltk)-pLMKLK6id2&|KAg->U&#3Dtfkp0K?cN!fi}?VS_li!}Up)6N#<QeJ
z&_AU=Q$M17Ce~4y)&X>sA<d%o@0c7%98x2?n*Dvn+)fhFw5!gxV?u7r^liqz!7MBr
zX1tCgLx+*lD-w1eab`Up7Xm4*p9};!Vk@Sk&5;jGrq@w7II7jRy&GS44u$6V*Ruo4
zw*sj2_UdD{nj#B4KcpNM^5eq#-#6U<s%eEoSpNt5QDV-o*BtN_b^r)*kLqJrB$|}8
zu>;k|GU2u4opX4nf9jofyyHl{(}8y~Qtx!)9ee7XxPDihpW2?Ee=QlXg6DUbHKnP{
z@ZsV4NhAG9*e}FWvYl=Qx|`pIClB8$-<q4!CcyT{7Q#R8i)NQfOpIa@!n%M&i4szB
zePY5Kc-X>m0uR+FBwq-fg9QnHEreC#0)g`UDkG-0`3Lc@@YVt%!-J?mHl}DP!)*Xs
zRFI7SB6PI4+=pbwx5|Gd8rnDh^)LKCjD)~1!CFwH;P|bewXPA(yI~v+I1c}C=#E#p
zEP<XU;1QKwj@TR$nw!x#3w;X?5NVvc4qmQcch`!M@tN*r7=32(FiPtt8c9(B<J1Y7
zNBy~|-q9kdSrXeOTkmc3qSELkm+uom;APkT$8XTzG#UAc0i8uF$OWD0Lij`m!s(d?
zl4^De;f@SEC%6m{BvW#2D|LcQ0u6@-J_bD$S;7(c2g@Ds=kptIWieaxB%ka1$H#lr
z)i^qD_-lVZePo|RK4hTqKG*U2KX+qX+0ei#G~r<890xv;tm*MOcq}p7;L?BbIs-Jh
zY%${1Kn2SoJXo5JLKxx%vY$x;hJ!uB5k{fZAh7<|_9ZQM8qYl=gcUqSJl}mC&)>>c
zBvaaeJdF@POOpO2geFm&rE2N3CjC$c$6Szg=VE3#X&IrF9C6l(>TdxHHlsf0|2esX
z9K{qeu7-J+qJPX+qE&Q=Bzpmvwu>y|viUlEwl<NhXIBr7l0MhB3AJ{48VSEG-u!xr
z9RxHs8EUc2R&(>*HkqxY>?Kt81J*(57%GIGC*E#knANg<?3~Yfg%h3uBl|-GrBKTN
zMW4pXk03@wW%ePZJqtN6!sY3>N(fzckrBoI4G)GNkER`}1c`$5=)bp+Sn~sKpDu*P
z(jk_&5rapB<@v~so8XDFNO-Qso4-@U@=G0QZsECV@;s0k^?(ELns>T;o|dUdu!^z}
znhzXa*bn3&?hV(=f~U%@-ed^o2@|B1r!P*Xo@U=fZBA}KU5(jrwU9=_{9F>|>6XM`
zlPY#%9IC^HV?^`vCBph!LE-{c#hM4iiYn3nq8H6<s8BW(U{)M=o>;TyRb#&>l_u_l
zw*+*<{I8qRcHV&0Cxi|u8&PRQYfwVvSz_ZVPhbtte~|@z|Ci^w`P-l}JqWE$m<G(Z
zO22|v*aC7ejaR)Xv7@>fz7h$Z`c8jBj0JWtEKm4a%;BhvNxz!1zzng`X_%w#@n=)f
zI-HNO=|c>E8OiF0t;U9T)mPh|DZAc8q!P;BqlB-7S0IeZ>>P+OKGbzf$xrG{#6q9z
zbKwb03hrb3Vtqg}ugSy$C1sOI5gcz<T80LWrQo2%{^he?i)4k+Z$v8k!A6P#X$uPL
zixU{O2vKSD3mn7jNPt+QJ6c9!G7gu~Bg26O5!hCZC?mLm6!VyZorp2&jY))=8ay9c
z040;y(y85fgmRSxCD4oLFysXX(TsXfM^rlw4SkT62B8ozV+!KDI^IEqN@8A~4II`h
zzutq%0S;=DT8w%+0Ke1vYaK~HuFVKmnABfL{wG-KOOkO!hOIssw<4<i2nGp+BOO0l
zPQnP5h*4V2!t#1NnqbvLIz_A74swzNdWaOYu0eX`>`eGarSwD2S?Be$v)2XsvFhJ-
zB;My64zZxFgVP&mS8T^dm0fYCKK#IY)F3Dl7_IsmyhMECM^mmEH{jj!C*kgvlGk1}
z=}!?~rv9wPzD0|av0JVB3_{0u@cTrKN~n7Pz6<k;9+ZUfUI*x%T5aF9<o)^m1O?-L
zl`$RpxGO@J<LBz&bKKuT&i#glB+kUqVAi`(EBbbqzlP?badX^ipN;pxZl!}gpxm$l
z(<)4ZyG%)Su#d|IC1RKW|0@f~jWL|thS$2yIRDM9M&A+NDj_@;FhcL&p5PzPppYn8
zK};JU%z}<1Bg|s+0n95gWVbkE9|(#<Xfhr?CWOV-V<;>N?55Ua9xkLYDdOUUi@W?N
zt(O1>6AO=&WWrAke(KxKCGe^#?c1xeOty{L{%1`aO6EO_Ipg<;ti+-3#5Uz<iB0S1
z^3O9c75*UlQeqziKPd;1&YJnWu#B93Wi!%;Z-HOg<H;QEnZ{3Hc^(#GXOyPM;A22y
zlK!8md~7z-E+8HTt&k0J0vq0EEhK(sa4v3EJ7iCAt}pEd=lZ9qJLke^`y}U@#oMR*
z`y{zm*=J@$w+3bd1R}w(610O;6JS@sf%st+_2uqaO<{E380;&xXb&x3`yqOH#{Y}~
zJ(r$fKyLuRkpb2H@zn(F9>veyQs{Oi9mItBzBy=Qf}$<IxrqojNeZs*!V~W_A>r->
zx{lsAB#%XbejgRe_LBS11cQEe!5-*0hx>J$T9aKkg<wB~?~Q(*1NJc#%o3y*IX{P<
z#GdC2pI&xHmnX<M!tOkXVQzqELp*W3Cb8w5DnI|<P~~hQkQ0C^_b{k3W`EDGLK#GO
zu1e4CI@dMm@`^4$=gpa%E>}|A4@dJ?IY4J5z_`VH0Sa7Zxd7#y02DZ#DDa)<^)c~6
z)c1+B3-pn$59TMSGZK`yPiHsEo33}z!6@|lV=Bo_*T4TM$sHvu-<=@2|Bk}#J2$91
zg?lp-kGHz$y){nbTFxo*j08n4?M9K~Ns4?!Mt6#QGg0J+h7m<}Cn&O!)P&YW&h6}?
z%cF=cU)o{NW!;<7jy3A%65}!$-Z}*L@a80yf<L&X`hJp9n)QkwlI>}EsQo6Cxs*;P
znzI0=>PO|Y0R+){Gf4Bj^d3JTvDznH{gFnfoADdG+jyo6B*>z0f6Z2Y+XFK$okdeL
zsytX7V)I$b(8>#HaMrd@HcAO#s2SbTUpQ;zi9jP%-$rZ;RBg3UhJyszmrs&8Iy0Us
z&o*}9lHS&Ayhcib_7HE+lSgv8V>Cp!G`07)*;%Hh9S-ihN8;jx&td|A*RRH`FF;JI
zY2=++@g*iItn)ryk9i25>u;XLvj!lX_az8t=^b67K5e)(*l^~mo{ggw+~h*|0K!ov
zdMB#}^`mL%i++s9gNKSXmOKossBUfwD?+>=fhhL2p(Z-``dQN@tRv2Bml=9w=|TO#
zX-We33`Vc})c4kqm{~18R8=6OgWC>4IeUsKE~HumXnT-@e$H&8o>Mii=QJXvo>QZU
zu7S|Q7V4o&y3$J#^8pxU!-X<lZx6&^9Z0-Yj^~Mr?92h!4*2=qg8{XC4yxZHM*MwY
zj|Otk#{vySyYX~O91^9_X*3n#Rv0U>QrPJ?Y3B~N^9+L6tFR)7#Y$AKO;TULnJNwG
zkqk;XP=TqX_qHS;0hH0r#ygCX9Kb1CC~x%mO#NcS(632V5kj}X>TIH9DYpYj(2HoN
zOei6OwYHHCywFqulpJ&s?!&13&Ylj8F~1)6#HVC6!wOY3+HId3md~;r<OShhHB$8C
z!sbD!G~2nSRQ4JqLJpuX<N7C@rFyPyhduN=+(Ul^lu&37K?l$Mh+5I<_#XYqAJJ*B
zlDLKtK1PEiDIL@tj!{#C`oteEw0-W1{l9D<>)CGGXISjtZJ%jv$*q20OUf{(v?Och
z&=%+A0c!NZ7Gtm6p4=-k<~v80v^90B)FrmcubMBgRp<bzzB!fbr0bo{2Hl9QcPm>A
zxG0qI@p%rH<@|Nxp*kjUG$8y%>d<Rj5)j^kztq);B<f_IC|w<`Eo~q(Wv-}B&m_af
zUxB#9zS+=1&NE3#lnbF-feCNOK|%YwF7>v&d;KBh_yRzQmdo)JD6j^|jmQ?Sh1FXj
ztlWmeG9{k#2BFOd&}PNm>pa5xn1t>gVa!P?4Qck@nBSCNMQL(q-?G!Freb#Xy)lt}
zr5rNLg7+9dTxw(0(BIy}AYRMiw!r7m?b)lcxYL6-5mv3P;1nacj_b?ts1_JL2`BYf
z97<-7luK;4k9`sAkMjNwGssK@vg?srVfiyCFDheg0ZmlBRp@=~Qy<I`t(lV2o*}Vs
z#K^*o`J-aHQsNcV@mPnzsDpMmQ3uVEA(?BW$dU|nx6IuSvRdg%x3a`;ajOFZA1iIP
zKn-P1*zz(6{o2pJe;12ULsx;GN=q*g-fTu@h1lz|3PV<5$dS9vRQ_N;9VsbQj`MwB
z{_~Xm7(6U^(d_N55S3XKjTno;=Y!b@CSWnJ{GCLxCE@km^RB{UdQ3TmUpCi?Q4>-d
zOzpyrHI3rl1}Q&^$tp0}!N)Q=W!r*_*O~m6i&prE8UVD&gFkCTHrI}&e|X+<{QfyJ
zbokoqyhEays<%Q26_X?0eo>u^<*8xD=PVN=9#bP=S``^y$?EH^1^U|q<bA68MA;)m
zb@2*}gRYgCx7@>gYxg#=)krB=7|XAUfR*WnCm1i=RM-RhS*Ja_qa~SNZ0b6X>RT(T
z-f|)I25!K}q5&8NWRcin7}a9nw_dm%8HWlGqB2iW1-KOiBt>^X?;7{sL%x}<Fn|>(
zioqAe$hc0xZuq$trzom<I3W#JL1N7bJHgai0Mj~AiCMHt^ny|Y6?l4uQMKwLYhw;0
zeoHy&kdzZ<|1}<V*u!+#6*KF_@B#l3NiA)W)PdMQTY|n*(8}l_uot?oLSbOm1Pspo
zI&q&t*RV@zCc=6mt42k1aqkgyufjSB;U<5-aw+Ob<ExGs=&B2x1aPmB)s+ZNw-LYb
zm8eAR34dkX?7=Kf$Mznf`tEh&%qIWvuJas4GmGIGf2OEr;cq!I$t;^E+9`{BxCS;N
z{iq7;6O~i&V`tzUj~emQIDO?rGl3juyA|Eyo4FH+gXG%dzm4)n?Tlq%{o+PULgUNT
zCaQ}}RTHg?Otm6g(kMc+Avn0EYIEQK#qZTP<lIxDx~QPeXb?Ck<?fNtS=n5x23EjM
ztZn`VQ=h>U#Ofn9vOlm^(VCIR_oLW|L3@Fiq<Vqg23BF7X393Mr8=mZoABt<l)%-B
zSWhFq7GQ&p(&`k!4oE%FObKXQ2Lj&$;#q~z2L!HjV}-Jd=_LDk6reYZgMZlm+^@vF
z$H=bOM43%HVBPc+WaXP{M_(?WMMFeh2TF?EW7gi-nm~3Tw2gAc-wo~VULi(`vSoG#
zl`c`WN=8vqs&fO<7sIMyRtn$6oRJ0=YnNbocbG4tQ`Ab|KnSoNdIvgYQ_2^@5A}8j
z(lU`9MY86L%+8b|cMUM(p#`t!0zlj+E<3`BTC>PHFGSRSOs(MZxKY7n1XXYmq=?7X
z0wkgq=vr+f3<_2|P~lcf`vbjWXJDPxKv3+tPrPX50<J`hY~-i`xBvqj@JCQ6=#DLh
zLEc^ELvO?#K6b>-+7oe;_n6TvXv=EF$kINvP4*t~gpc?a04@-A;38Um@Zn2E=C)(;
zQM1o=cK&uy)B(gG`z<avD5M_2%w_-zNxdTzSg%9-WE_HWD)63B#<{h&0d7UTX#O?9
zWz<_vrp2l4s1fTjI_N8pRGDKhY<T_k)Lb^$9_zzbRKslyQs0L`>KzFW3(8bO$D-k#
zAgF8c0YfHZe$;Fr3*@<p#RthjF-Uv*pw<_2y|Yu4_dRVe5A>fDDIBFut1@s2G=F~~
zh5A!+bkjI=;!H&LpXmUI)qu=n#zgRxe8C$&0eIxhbPL|In&tbZI2IHpn>!j2UcCAh
z6TM)H?SYnoIeb_w8XRpRao4?}-=>#M8#3Q`mCOKwXBWukUmqU?Osq)~yq}5c^`sf|
z5H1YK#~c}4Po~n2`?h@fIvMhp_e=<{^6K_DRRH&}QyWnb(_Xr~HC~Ayij`p;cvscm
z1Q?a$_U5$m!C9uIAjJiSfK)Q7KS?G28&h+?de~7U0`Ue>88ZMHm?~npFcoLv-^z2Z
zlecpfjO8VeyJ8zfrc-6CZ?F#Ns4ja49;jxMp9oFI&x1QMDc!Y9NlgHBBDRbVD7h6D
zG%^Ka*f0q``9^$6QAyeW5%ZV_e4=`V6QzM7iU`7Bt89^3<9jenq5$(9Sb4mzQ7f24
z)~?@~7@fOpJC29dP2Ywd76l@?^9{t`MMjNfx)6<sw}HZXBU?x2ih=p{m{i4E7u(Pk
z|H*?tJ20u;kGvW<xh^Orh@B(<c`+t8ET99kYj$6Z`}UMEB6s|AnT?j&$O^pOJ>g%H
z-~6zx`*}4WLdA^R)}eoM!doXzLuVajf!*YHVHoAGXd-z!2uusIiBhS*CyyRbx7UpT
zMVFP>jr!0(Y)j-9i}Tk4QBcNjACzT^ZNV?Y)OL~xO=(|^O?lQmMUK2#buJ#CjIoHl
z^1p^v7P-6ZI?9Q@z6aa<_BkF+^0q0ZUIU&RJsqVVpzA-1m@#v&vdxU63{{EI(188$
zS_aXyHwM(9xi@q<^jtX9y*W<C*52eNbtcw75np7cP!zwtaH!u_*eh@XN%G8(<=iGB
zY_M_I2feXV|3xzV!Y<)^(AbZrJDGUNJ{&RT{J9&2teJbo$cNZYoJo_Y=#SEV+WEQK
z==+63h0ro9%?k$Qcj)(#t;mEEr!<;;e1$^;C-j-za%nEi6GBg667OHgnEkW@)mrx^
zK073qh1YK67a!oookAF^`Jyq|j6yB(;lg=B2qUwFXFkR@Lj!}wncIl#u@BN{=+RIb
zPMUmwx0$8L?Pi^y-9@mNtTy7cc8q(#)dJ;uW(%)P4`grCl#aOUYLHcGSK2S>kD~!`
z&xR*~A8W$9;L(jW;g8`@PXwJlDq+vW3Yj6*!bQzhT=X|af}r4aPW2~~=T7-M3m+Cj
zSuiq~QurETx;>TFJV9y4U0N$y-43PN?q)qj*hR3cEP`I|xU_8L8Y)Oa0~OgnXlb>}
zGlA;Q<d66qU@GJ&-xl|$g9IoF6Sj&hL?}TC!MXiqeX&Kx?6Vbl$<-+Qg%BpMRn@Gt
zz=(c{BibriZ*?eDFd}nuNj&Ohv|@$V3Sk*v2re<hyJhrlU!@J+tt6U5v)Kyo_EkX|
zuCWm8E=%<XD+~Z4FA&0$(0Obpye)*VJU8`m$9a7qME<QE$iu>G&tY)t>Q$7LC_)fP
zT7@deUmF)4DXt(Xhe2c7n&}SS1Y*HHnXN>~37)$Ao!Xyo1B{r-yHQsf5XIg+Dt$s`
z^={={JTOp?nUd!~h%cTMuu<#9+^w?fz@n3|c(l)9PXhD_N7-|H749K}>aAEj%r1cl
zqW_5uByPAN!VSr;$I*b>miPD^ezyef-fCA1^mYU>5eD3~Na+j;Vj>E1hR(fUYtWam
z4(M|~*&X@=9f^<eZgnj1+HI{0D8W#-Hic+N&D~1Ab+fzGqr{w7ROkLjs&PM6jPAhk
zAtS`VE$!ETIR>nZZCh}i$PTj_G9_r<x5?7chq6Ke&63y%C+5GUS3#CJ`=?`Z;9RRn
zw9!)XAb9h4y4ilpTIgZN^5fdV&tPM-9ia1b`nc>krW*j#irLmEO*Qh~0_43#7;Gu}
zM+vzeXNiz2J7);FQ=D^!+*h2qhC=Qe&T{(uwsQ^r{eTK&2)Vqvkr?5b3b3APM0VOq
zv{c9ZO&n}UFu)qJQ7}UN3;t&0QDb1k+JE6u;<D{Hvh(@d|HbhlY}GNA|6sgLE&suI
z|4$4xLIL+@(DacyLdQ==I3;C-v%A+9?Q*47OYPbp_M+{E6jA?mqB<R`bOtVtjY`Jh
zPq$<8^`9HXQXin^0c~R<bukvR=;nX9-JV}Roz)rs(Ho0Ey4_F#|HOLJ`F*6sCc1W^
zid&0*;ngh`G_qBn94nd|#XT(`#XO<riLU1PU!ap3tM=#ocg;HIeP#3*cvrQ+OwX?`
zzKW-&8q*I{qmNXwsi_JT4U6>ulm=XVsE3%l2i;v<wStn-1C5<S)5Zf5a2MJ9CTRoy
zB~_ga1o(d+`&KfyOU+-$`Xuto7eEK|Zjjk7@k)p6+8Q`6swEDI)yw9?qO~N)H{^f}
z|8spQ2@~2x*FI4wK4ZM~_%0DtFD%Aw6*q1>n{(GQThHc1(+YcL5lo|Lf3s(qDARxB
zt{zs=92J$L?V|E+yU50DvS*Q}a&8N{zOl5I@j7BFlJ*=It2K+*d>C`VD{c8g*%~wU
z^*l7d0$XA<JPjyaEhPyHqc1}?g(Wlq2Mtn|@$d=^580zd!|3_&;3JPc8Vw_HL|DKp
zSlF3{7oKbUVpMlR+kXqfaOC@a(G7)#pTk}%=FOV<*rN~3GtFiz-{`=|sx`(-AS2?z
zUQHO2sKWP~Yr=2AuX);i4zwO!^HN{*UWsDWhg%#JN|&C4hQtd*(Z%|f|EDHIndh@@
zl9Z#3c-VDC-MewJQL&S#v-ZZzE!WO{{IS`;dU#e%k=?X$J!vg@&^W(pOR>pf($>9k
z4098@*^a<(4fC`6ABgG?sF@%!V)*Gsl;40}59oucWE%#Iup^|wfu=;9r@IhYzO2mz
z;}@3y&4z1rtOsI%Be7PX7xg#R3eix%rIS3+)?vkLgK=d17cq{D)o?A`HL97zPWE5*
z|1kId@lDm&|9H|Q5TJUa7Ojd<HM(~GY812)(56k`UPxROEBIC>8_?mziICftArQPt
z>1)?3)#-GbPB!O6=NN8E3u<Zk(X{x3QUy_*R1ml!{3xJp`PF>RIj@^E1>D2EKkv`?
z`~CxZbAP;kp4U0&bzbK@PpXA&&_dW9LL>F%FYHUi?o6cV8-Dd|s!5Hs<B_g;5AFk9
z5}tqB2)Oi+J{LX`)pIf&!w?p)KKB*l>=t^|gAhY`bXIZB+9KqmnD17k4B#H&tW);=
zjlOInvc0`Po`r<Z{|Yu#fBB>3sMz5x^m#fYc6}zYkNlT+>WBZhkFv+fLt^)5r2LnS
z#BoZ26?8LV2exc%DepHHpp_*2mmksFe#bu#et@S>)dcRTQeQyEx)MI7ljcpQWauPt
ze)J^0k0FBSuoB*4jF<F#950QARe7(Ss9bxn@JHI+S6L;k2vqdJH`{O#+a9nXKq5I}
zs<h^!o-DpZ%ou@5z4q8uT5rsQhiM^xFB>ka`6VWes^OQgAEu=Rm-%qHlwTHjqD3dU
z?e0CKBp#2#o~2o0)J(s5uYSQQ!zj`S4Xd)Evpj#M(wiJWR2}SxCsEt2R?ex$Y1SN%
zIuO3_!X5YKITnw4z8Gm^gQvmo;GMv9pO&<{pYE2FeLQax&=Hk=qhBlP7L|Qj+FUbY
zs7u=LN7?8-mSHAD>E3GvrssFJ`B{IjP}{G}%f{Nv*tv2e>`hn0JFAc>i+Lv`_ZM^W
zaof+c+#>GEXk05GJ1Vl_5=Cki57C4V(2u_p`*$1`CGwYH5-z$8P#`ISQz+=Rkt{u~
z1|+^sv3rl>659Xg)PYm%&66oND9^jLSN@QslGyY3Kzn-%jq9e>Su~M+4Ebp5hu&XK
zusL*79<O?`K(r1QwYkVXaB5d$EWX~H{+coV@;M&0=%mtZ7Q(~ncoAEt-?rgof;T(T
zBF9nQ#_r<&n<AYs<1rfolwXNyu-P^kfX0}e&Py9zZRoCOh99gk79+O+dfsk_QH*~H
zr6ZC5YyHUtKRKQ93R#{qyAla*d20LB$pjlbDg$P$jZDF)UN>Pl?<pR?k4M-byfte?
z<ZK_i6H|}%$+zWIZ4wmW!vo)=v=9b=W~NAuwPu=UxRv**=#Gj)@iAl}?hc`9Ba-4d
zPnprQGWc_RoppHb7C+WYCGFax2|}%po3s4tId9-ovIaL35X(T(eM|_KoAJnPhP@2E
zST(AaKbTCRQZwv+^|GhoOV##*8L<>EaIY1@sHnMZ<Kc!-^$fAjbMBxf*q(zwbc!9f
zkF@;|e$1(WZigiG?vNeNzxHKJQ$}4ymg%6mLuj=1n1(^mueu#x1?}w{Nz1xR^*g`$
zk>>m}MzS`;#ZsfyewG7E;0jm*Q(y@UOfM)w<*2r9lhH<b5q7-{oo+ud8R59BHT@Hh
z&}e}gyH)t-wk?DYS!4Mx`@RG1`>}}{b`oAYDQcMvX62u7OKC8dF`tRXSIhd9tA!tm
z*~Xf13LGN4Rb;d62E2J06YYIlTLQ23xl`o8oy<`lXT>LA4pL&{ZeWzwJe(nzG?*m0
zo!ps(VN^E^{FcPf<g}8jX>UGIj={zyOs3Pc8n4z^Jx`nJ?j<VRBiKfxII6Hl8Wzq4
zRdJl1(hUjWMiaLif7YK8hMEzG;kwtmQ~9O-NPKgrVIKbYT6`;D26e9D0)*F3J0Eg4
z2m4`^R`4)4I8tl)wk;XQ6dL8cFSrQSb1+w%gqzpUsH_|0i{homb2Oh!ZN-~GFI%Ua
zFv|yM9qPY-E!m>r1$8&jIQvZT-}UZCcx`;=cpub?m9ll(JhM18p-=ApdW$xJP#{18
zPHoez*K+K_zKsR_nj(u}^Ds@d(!>GBI#<8?Z{3L`g5Ek&z3yrn!vjITsFH_@tKvL5
z3}U5d_}yT4HN@KzgFE`;JoB}ADGihg&qQdyzU2*Q7k?!0CZ#+6$2HHxU;VGkj27D(
z;q&162oNQ5Q>CjRHWzz2_&F>XW^M_T!eMo|70#Qq&l;GA*blX~0i$?2g>W^k`!#h&
zvIPU@Mzuz@JIx**)#VV;NDpN1ZmK|FhJ3%~Y(NA|Y0-K#s7i#_gT#Zr!~u1t)8SF)
z+cm2jv&TP<cFss=@NU=kw0N)xR>(dVRcouTvL=gSuN`upveD6L>jC{Q!>c`FuBHbD
z+6eU7dR&O?Fp++ttTVfh&aNeQ3|47BGdB)D_u;rr57~>f$MWnFBA$R)wdnW1+Rfbo
z3G7<Ei6i8TjXN#6c{iSySg2t2Z5$=F(jFVd?U|zavw$jtA~R|LH{op3&*Mb}X9F*w
z^s^+CqWY?@k0k<FAs))5k<CvrP0W5+P^Z=KIU@J9#9kzyLp=Q}$zNmo3rU;X4k2Ix
zz8J&&eNqzL2d1K6mHJ95Gb|qJt=)~J@C2w-@!y;t-<7h_d)PNgLrh_3lSK$)NEd}1
zONc)7KJ>@Oq6FlC{!YC>4&0{-VKsLXOxuYbA@V!pDrmz!^tqT1*Ge9SOL!CQe$5v$
zoK8W&lOMZA!Q!hNC1{18yv)x6b%-S*BFGVYIOJv1tNl!_LG&0Bk8C~$UNz`%?Ew{V
zojy9BTt=}dlPvYZK^YCjWBfCMjQGA@8C^$>i=Y)+jM`qc8d}c;Qs3vJH%xFakL<F`
z{hMqO2q&}t!8s<=S*qckQ8pqMV4FqOb!553K9st)jMGM4FOGbV`$Zo$(P{Tk5wwrf
z_5$$D#_zuuKu8(bz3t;@GJExVb{<QF-Yel=M3kl=3E}e<>_B(uD|aP0Fz#d|st4Dh
ztwpKBC~#9S%Ls4o3=QUR&zKHtRS6Ot=$i-ET!>s&-jxovWpsO0PT!YGuol*{>MxuS
z>E0;1xB19&+_`jZ2Ico0kd;M4PfyCSNo2>)*8j6-W1;>Voe!9I>-T(x+e`9;jeSGw
zhDbtx5|(7FqmMkiM`At3nGNuAwE`1wr63W0+=_m;`L2dF4bTUDQyi_FRUwYd!g+)=
zb&IHsYK2Z*yM-3HHXX(+6~Bjob_dsN#;>31{o1u1*juhzVvn>13k^RJgXiHAPgcKU
zQ?mL8-h2j+DfClmEr1f-lk626444;>vcatXtM@q!t<yeE8I@xSUgBrFCH6_|5nQrg
za7EP;C%%<rj7G|d*#3Qe?X{&wg3LZnVl({e4eD47tpxS!5c93qr#CF;Y%|kJYiTAd
z4qW2Reszi?=mRz4N)yjo=r-iY$d@ry^6bmu0@1PNWOph^Z-w$`%&G%4`ll=DNb`Eb
zxlR5Mi^GANl`ASeJ@OC4Xdyv!xjJ3j;}@swbH3)}D?<3(ew1r_?=IXYOmFt8@_JVb
zrNp6p-#Y?`M(G3PcoAa0I`o6TMJLQ?AVLf}M+jexF$9bDAUhNynfOCp?66QAD>;2=
zqS?ciILM)LIl{iGKBxf??fop_S=4SfnX2{N>G<6elB+GjT-SC)_elvkQLTj5u4$(z
zm2hnaokzLfpZz)Y7g>I;el@Kc-?C^Sv3I>6{)Wdjowhh=dKp3_gaB*4_3Ak<_Y5^*
zG6H*~1^8xg0NhmC%>#VT`&l>aUvOyD!ff<#=is+i^6G_w{u)&BEf>;c!(M25&Dl5-
zf?N&$zD!BNO=LGl8K@<>osaV<aQk>>{Yb(DYuE~?cBh1n_KPby{I{gt3w&{x4F&Y5
zFR6>75;uF*>CeaQbPIloYAr3I7BAbW-?xqn9{H=N4`Y5!KCZ#|P=)D7CWj+lCNK55
zzHai>nF8A1ap(iACqBZpeVJW87p5|oJ7|uuVf@YSdT2m#_vcZ6gGC`0yT|>Bp!|%&
z463jIFLX{F)saMlVNJ@OL4~27f%5ATZ=I<2qXqG2%B!gdR|ApuFRPK<8-jlq@wi2`
zeu@1*C~C!K^d<wMK)eZYq;G{##W;8f&sxu&D`7BJh*4`3-s-e{a|&9C(auzrR!PkL
zTHrh=h%u#ULdTH8m^;Dae-K*_MicmrxkgmQLYR{RcuAd=ug89AGIjaZqqGwuZ)ETv
z4*c<M23A!KRTV~Ux8)Dzk(H58sZOAfzLFHFUVmY6iq>PpPjM<mv|iE(!aGkGX@JnW
z;CdH$2Ky40G;YYy|0T9I6$cfX4|B!3V8t#CUL-2Em%oMD<#S@lG$_xi(gbs|RZy-Z
zC)dS%P7Wj5vQSG?Qg)TyS~eO;?i10N;o!#5tH@(cBnFSZVJI~7Ic#S9t?`<7fP+(g
z_5Y<Dh9$!G;^Gg0S~9)P=Q^OD|ITt?K7kdhxLs*}NMf5LOj*l(OVLEF`sxDi-Q(3E
z2ghmF8A7ey3;H!|XB~6gz@Nvf);%DQ4KOfyaQxDwA6|o9bbl;_e@|Mv1JOm|lCs~7
zvE3W}?)fVM?357RL{CdsU@g$ByyKvMRFYGZxlONJjV+tLG)CkV^{t>y!}fGSTwFmQ
zxl0J+!~K!S0@cBRm~u|28b>6WY2t>Bx2X*D1P(l}U-W`uD}%icJ>WiRNrLuc;+(Yx
zS?jNVb_^zP4H2>%@e!LOMr0k#)c-)?9L9R`Jr57CWwFC2)8b7Mdcjd1XpRQKB<+U1
z1Z2B}1KHlvn@?1olP|JaxiL`Y6P>m<jstB6vk>bIJ*C%Fa=m)bE?yEYiSXc41k6PH
z9U;=6>{SVU-H|hl)f}tjbwmMs^tiFV3b0+{wc$PEwNVEHd2uf*Z5Wr@4Ul`L-d2YO
zTVLIHHUwA--SeuY4Mjq2Rwb@^f1WP7*Op%l^BHsXkb4;{WuR1b^3vE=!gHNmH(txS
z)XT^PZk#rJ9?bGX`dld3tJ1x)F)V8;O|=Hi=LV}~ysP(poitcoUU@PBOP9nOj0cSc
zxsNyKTX#aA24E7ky`;<4&(>ZvaksRGKI7w2-0xJvNQPzwMr#(rh=z-9v+gQfW<unT
z$I+fVeJMVTJ%ea+90oNuj-2KuS0i*MuG84Zee$KE$8~FZzEqCP?^mz(yW3~~!ms|q
zPQgyk&=ylRN#;-B8-HHA-`yc7Crl}KM^UNFHUT$LN8EFGC}plB_Nv`u#;6u?<mj=7
zG5y}7$w<S~e2zH%kjr#OZ&8EJUew8sp}Y`z6};5hF_d!rqA9i;LCXd2RxyuzersNv
zy^npwAu5N=P=UiFUk+NZnD?3J-Z*>D85>yxA7b=V9UMP}syqF80Jhr%>4?xTl6n!I
zVBp|%i0)S5@lWU`=)ABCzu0d+BCKrD(f0&heU9<OrIO`#=)ef5!_^Xqbc*QeEqI%a
zLdbIzQL8WP^=n9L|HWua&O0KyH_zUKphA}UrudL#yFWWL)D-)5Dh_(Y=0g~5JI0Ll
ze4VPJ-KfK6;F0$!e-)L#lgh_rR8T(8bwm^1-8)Ou51n<E?t$AvM8F&v7x8_3sYr*L
z<hG7M2IOIT+8HXs^l~+j5?eI0=kQv*l5UCaj^L0^+l0=cs4`kGdb=-|@T#`w_75eC
zZe$lRwu*e(;<CU}?vwU5cV*uRwDAveOJg#y#SVTxP-tI;=0l{Uy-}OAf2aX*H9f@E
zG2aKGHb+1QezIY6OGLAH6_;heoV()}ru-hx^od#YRZ^sRV9k91BF$=|+Mq-Z@`I4)
zJhj$;TSlT3KsD3ohQxOBg8wf|RejYsCes_RC=Qi*3Fa}Y`GW9SteXi#*HAiRgc5{1
z<={V;C-5ZWbJR$F20zH_p?CiSi`FfFAXE{y;?yQl4K#Q{kJ-o&)+j?wrAwtNYiQy}
zmOd|pov1H1S*>PCtwEvfY4X}kW=}MP%^*J<P{GEcBaf)wg~$=XTMZncr|}JR!n({8
z8kJ>|FN9*Upv4ZAo@nC|?jyn-he_~rdH=qo))^3YLU;nn4Z(+a6_}UW$nTD@Z~jm1
z;?$>-#b3#bA40{eblZJop+%dWFp7gxlm@fc-8_4((fh?2Jlu+d0nf*HYCovnt#g1L
z<quHNHW7Z!cAu*=>Z6mDsBak#Uz4xK<in8O=_``**Vo`<-`=4*J5ab4g+}G0>t5JN
zP;8NNpqyp);G9m|`A10&|Fj=+sIb$)(O80R%)Eg&&`DLY3~>?wN8>(Aq|K}SG9eE{
zR_Y~JJumA{WUcc>5*}@ALOv*|&p5G7IOYQ-)#}7p-9&4ua!=?9CnW$;+8sRbVU!uf
zvNCyD!t2((!WiAl9<C#IHX4%~@fZvf>r7uEM9#&*9bK<en}0`n9Hxf|b9FpI(%Sxr
zPf)b&G;lsVogoAD^&?a-LZhr`7sCUf`aT(H2xd}d2sER->!dv=53UN|Nb!_UIBBo1
zUQFhk+i*~{x10!#Cuw)W4t*QUO8l~Pf0VUAK1JQ0cQ{U6LvR>!0Chl$zpMdD9Y%L2
z<Q>TuL{t)CseI)NL&3XIwrVdpQ4b8b-xtEyl5H<x5f)!TaoO7_@#|`I4RR&o*O&Fi
zAGHN9@UyJ$WK*$R?2S6)JgO?PJ$Q}iJ_;>(hqvHEkqzndcG|1*7T5t1MwFz!%X`kk
z{IC0j5MD^zJp&t^_C)&qI*%-gG!XiTm&0uczUJycjj?Z%*b`1vD-nQ#+M6v!!+fYw
z0fFlV;~MF1n}G&7SgE5W9n8eHw;68$!K4vO?4y+4DXF{?FY`4UsF}d%C(*X;MQ)no
zKpxsC?uKKu|AQKC-Z!>*9PI<tM2_yx3*eBOUf5{~kze-oDrt4E{=rbvnl|;e<1HuO
zOu(vrkB;CMU}mGyN$5gDj&odLWz<%a{0*K|H14#B=B*ya2P2?8LjxqSx9Bfvl(Ao+
z+lsHo9DAMAR1#yDrLR*jYlB5ln9XJBI(;nstWg8YkXLEkXjAQ13mqP{(jG|!=Sr#_
zmMq~KZ|;1Y7NvYi44su~psQ@Fs184DWa|m`W3A|arOL~+tbF&ULU?8dkBj~#!2$y@
z_UE`Bh!wcm_)0$4eLUFT!;Xz(!&{KhK{mKsD?azI%Cv(VAyS@^hF(07kT3PmZ`=oJ
zEpF}HAZ`uR`6k~AlTd}r&rkeu@-lR2f4HuOZKJgvP=`l_$Ut14O1)ujPzY$IOCK<V
zFl%xo^`2}p88Gs!DaocAYM@$q&~8Sq1>&&?-l|7ak-qL}JSeCqU`8d82-@^F`5k28
z`YUkVY5V8^DIq@~4za+lFQGRU6vWR<Tb~Dl*&zGWu@1lbh#iLVfIb6WgZr`$r6H~8
z6M4zps#wMMf>EgPcDU~e)g$*b3Du3XLh7@7TQrP+x2*ThIZq>;WS4G(zi8%~42<+M
zqLzp2U>~zA&8EyDO)2IOn7r-f-9tGhDV=payBjt2JviPYuUiotY6?DtM1-kQgm4Lr
zPqdg@%Dw=~uTe%jcOhpEm*K9%mbJ^smW@36G=C##E_%c1)1K;1#IC1B7O2K_?m(_0
zI<`JU=44+DG@=0NjaRd1Yy-L`pgO}3*FMHjo<t1Mc33xMR1s+#wWb|*RQj*BAW%65
z>QgiYkF;C!hgWGg_Aoxo#8e=q%Rs{Cgyz?n<V&FYU&n`XoAbl8X0e-7(e-TbJ8_Jo
zxNbfCp<Pgbymfv2WpWHsbYP*6ZLs5Ulm0|ack;2kJC;Lj8&RQS;hn*J5QbI!V67g*
z6<lo%x`j0=UzznFWk;3I#eBA3qa%~;lCLpnz6xWnf%<uH8zryIrAjFS0_DnaW6&j`
z8L+j|HNT-4B~`8y-A97cMfIE`dxxTFA?U$l;e2tVuTH4ieUj{*bs{URA(#lhWzB~{
z(qG?_+_27i5M6l(zX=6U+E<vPn&ej^JLk7}|Mx~ov8U;xQM%?yYJf7o4sot)WGg<!
z4#Z{=Le@R`l3H$GW9Renua6NPn98>Ob|3CfK;w7QlnLCINFhjYQ}6=V$Tb|~4*irW
z+$1~1sBOwVPHVA;xEC4EBw`D|?HKxdOfV3iMRr0S!8a8^{nw?KPU=XB?a-$jO*?e4
z-^ZV{W1LQfeO1G&25jc%Eq(I^?#}^%$`eqFY?r8f-2gf@$yPQsTVz>IKTj|0=lQF$
z(XluO!;x}DHq)6eYQ_0H^HHAHS%|K>CFrU<Maa7!{dNEBL~((By4+v)EyG{;UGmp0
z6E5Wf11_F$w(^T-obCML1t;Pr|Mc)FaiP~~p}&5omHyuCw9()Do&D(VG-rSMJJV^W
zzd`2!`umu3;D%!h!%hT9hKnbh4u0{BGlyTi;LPV2e|8q~i#MDl{NgR=6n^opbC!jh
zz10c%qB<v6ROjXRwPJ@}KNV#h3~(_lR2V6Yo#L4kb8#?oaWHamFmiD)a*e^rH3lQs
z7>ry#80&vJH;=b;edF9uI~EbvMQ{+czX6`d&&4i10z(0}p!oGaeH7kzoaOx|oTzUb
z@57M6EojO5pFRlh=bYvJXPkw-@59i-Eok)mpZ)~i&p*riFE~TJ@52<pE$H9+pWX}a
z7oO$)KRX-n{qyL3m@2vzqAuSFpOl>ClQ*2G4;!DrtkSI-`b2_Hrkv%Ix15E&p8x^S
zt)=vd2R@l~mQO%O?EQq(N|G=yNfPEINy5A&Ntl;#!t_&?#<nAKhhiLEHijPL@US}e
z1;yDZ>+_Fz61!l_T_AyeiZLR7w%MQe37%~>#w<t0S48zk@L>gfw=fsp{a93C%`Mtb
zyBRb%n^C3+c^-$5C*=@DFDfw^Yl7i$K#Lc3@V^Wv9hS|aR=%=WJN(@~H-G!wLLl7i
zB;o1<rqbb{lK_&DP#s99IqP@M&3nel%lh;PA0&AYjSNf?4&%;8;RUSZj2E7usi8sR
zmBXM>?K7Q)+mT76jR<-x{agOi{=bX=Y&d1CKe*rv3oiJIfeXGA;DXaQTyV;T3r>%4
z!Kv*3B_F!^f&VZ0kg(y@BgT+?KSqQf7(@5{I1zqe4Dt74Mfia+72l5+oev)vQ}(@?
z5q@LL?)T<K_>Dmb-<uubHz}I=U(Anyv^^#8-+z}8g?{|~8BsqN6E9HC*?7<ZBCr2|
z1J(Rn{?qZli~pQ$y^p!?e{jA3|4dsQrnAx3_aGn7{bwbg?=6LJOc3}zIp>8m*iatN
z(u%HwFxA;O)jZT5X&_%%PSNvo9MA^4K6(;Ogs|N2EW`=O$EnEW`E4=eUF05!SRl4E
z)qrdqEVMgJNb20zTxI@v==Z3<?x2ZV_n&d{20!BzjlU(v-$};bDaPL!#@|`SU-YFA
zmQPFTM)^eQhEcY#eCB_nH{5=d)*n~ff7qY@sQuCO_OHC>f2#dL{Y653zh3?jZWF@j
zMX!x(4ILYxiLJt720!6iSiBN0yjoGKP(RTOPyE_MvtPTz>}Q|C%~1m?@O+_Ivxd+}
z>D9dW;zjhNJSNnSF>AA03qw5v{OqHO%Tx9ibQV{d%$gr+s_*B8Vm(k-x$ePSP3WKH
zWoz>`veuLzG(2<`td(=I5m+kOWuXLUcm(bILVau3=kPuSSi|4EwfKX3wx1UNC$W?0
zy;aa@dwcs(lUaytrgMxD1#M_M=oG>al6|TtA%x$?MXO%cvzd$w{ow^kIc40JH0w~G
zIzJ2jE@4}|aTC0g_i%#;Pvz7=1MR?7+ppm^L(ml8iprn+SdV9Ok2JLjBk??HaKmu-
z;qtp(+v7j<X$ulw_lbpLi!|#<wzhHKFt0W|<Mfy1=JKok=7V@(Gm^4~2;sj#Tjw@<
zv>%({^97Bmd?5{I_wV$mcVtT1sG%a8U&op$AW-vGImA3)of0!6Y>$V1i11TvenaJI
z58LF~oRFqQjV4rOxx32$4DG$%r#%AgjW2u-+Ix-B-ccE+zbrQhRkLxYZ;_j^(TK~5
zjlLYj&fIrB+5_hJYMP^Zhq%JD=2Nt5>|C3mcqxfB3E?mw{{^jR^g7`vpSgMvzJ2^v
z0!-1Ho~NkOIUaRPrk{<dz}E<`+ZwrugkF2MgfLi2L%!%<C$iB#cw_cO6mwJGZyD4U
zrV@lOA(=*Pm&0=;pxC(->GCDo=*&-_#77qzk6aD0KlYHXRet%udP~ALZ{f{}LQ}p#
zYG5OF!=C{AHinSYzDTE+$!`cxK8vR;+K(~boDY?E!|;*5hS|BXa%(akEwVj$oi-;S
zCTAaBar>IfFZQr6*-=Rg+Av>@e)CC6wAtomM;DF0chFFih0d)8|79DR1;?UrhdR{2
z3h~N79pTu!IwkGy4f!IS0^qt52Q>O3ZDQAEA%czraR>TjDQmNVnuH}^!kv+m-&o*M
zi>x9G)Ik$ORtl54f#~081%gAMX}%Qx1?q$do-QrA6`LaeLoKpnyI+TOCBGs@#yRAd
z0{C70dE?22_~bl#GRQmfuFTmsdfwZLh4-hmU<G{QrA(Qn4dunD7F?fdfmelx&|&#%
zqXjGDzX9sNs)VZFqp3b}k3)z&MaFyhy3_XNr^EwxnN580BVIO6=J74v32w}57>2_A
zY>v4Xm!-vbe=iSRjMT>XQc?M;1D)gFdixmV<JsTVeYzWsF9J;P#De=hT16Tiz^d}q
zRa_DGaXNvQg14UeMnm~kFbd5+*6m?kFhX8rM%r+*j<DYm7$sj_aJ`R37mdDh0H+#b
z-3EUVKz;yp5<ky_hfYdErq6vySn@F<D7belxXz;%TK!NQR3cQpM^@kfE^aFRm17A)
z0rdeH;41MfDxg_-3%;^rv;K<H{TKQK-jBZklThWraxX)eKz!qe>E)GDdGdvxMYmx&
z!NI&uP1vRd&Ctr&NCM9oLxu13t8%ksZi-!v3A>S-tkJps^0GCsrZ1+nk1)kMj#FgZ
znu*WRLlZt60G})xJ=kunA$Am&(F0r1En*dih9LK`D@$n^L96?&p|!Mz+T?(H@*DGi
zNZ^S;p+s~O@n|hcsFCg@p$d`PFfx$$O9-P46!BM-rfe9E`E@bGqejBN(I~8rQ$CD&
zzw`o!ck}tgwO0y*9_vXJ8a&S^5Cy|qlwa3a3FUim70B(rk@sZI{ycURI;c*5Bev>9
zFP^%nj?Q}@x#?JB#;3~rC-Hv>A7I3RjYCbk{sb|`QyYzA1fG70e?I}ZcK*8<KRXfw
z25t%6ewTc;t06wfkVD}%bZ2ZZ3oENH1@0-V%<5mTF&GQC1kV+fb$0%l+;ZQ#(DBjo
zf%+SeSL;7ML4hP+HrX0Lhcw5xq~U4Yos2+&9Yj?P1?67vSAS*~Ef^fuUvzH>4nmFC
zh*wG(md_()Efugp+LHy}zAR;8ZcaW;evbY(QA>UZ0g1=V@PML~iAi_h2j*On2*FXy
zYDHZzCj~(s{AFj6%_0Y(d8w2t%W0$w?Lw_pG;&2`g0@$MdlJ89ZN^n&oY+#fhzwDE
zlD2Hx-8_eNIwHA&5^0X=H-r<E-8=^aEhBBg8%2IT0gQ<7yvsekSl&f;F|Qdj!-+;l
z1{)!j@TdGX;ZPssadkcre=^zbyJ+C_m!HA945bs)&nK~>_@8LVJA%FWxM;jndHVQ(
zrbc)W-QdZuCavRsP>T!6DX5lmMzg4x*A%Px)yYK4zrE1jXMYR7r-|2C(d8SFEuboq
zE9HbI7Uhs)&`uFm@@zlH6}y{flh4PQDnR|cQ2!^LPvC9~KSXRVRIam8&Cc<w_<@Qa
za7Zxt02*DA$oY=?v=M`G>i&I=n|uD_8pWR_a(erY<24ORpuUT?c9@=Zun)9vf6S>1
zYy8d*C~m)oTjJ25yPY~~1{nr}*wxy2>|CO{0iY{)Z5z-^s#s(9u)K|3t(Ui^p?8$k
zB+J91s7yqzUpUC?)XgnyZP(`m)(W+apal+CTi25?netj2yB%o-)QHgr#M*~u+GF{8
zXTtdHYNI<t;ZEQFq`x1^>^klJU%;Kd?|UZtS+n6BIROK-l>L?HQJ-$b*xGC15W)o%
zy>Ki;2oK9Ja?HO)PQs5N-8bXnnnB~4*X`Fvtwn!DnxDpYi>S@&CR2!Co7EwzGy8Y@
z)oJ}ZU_WpRRtF21(u0fc4~42HiHN;0liHAM!kLru)=5g-EL6M56?hUJOlFY72%!WZ
zKwW_Crs&c8oninsZ-O7HUxzhL5eZ+>BIbRLOWWKk=7EZO6d#p{+5!iqOxS_los{$o
zc25HywB%b8Z$^Qn9JEWSwI89u;GIIhxr4VhCPvqxf*Tb1u5ly5yLy52y1u3QH~X0`
zcI_hnLszHYtrrSUH=$cDdNyvXu*<^uk=EPF2T*K+IW}jzu@5D%yw6al>MVkpbVJR-
zi;<KaWYPdhj5*BVBfaW|E*gQ{acoFCwgNr5B?TeK>;h#;#iui11yrUvc;e3$W`0Bb
zt>?#5*RfQ5BXvc2%qg0T-egx^jb)Tz)l+Z*=1bb}et2sVZWZ+LPoNtz-j4Re0gUbH
z;k5!wpSiKa=lUA-6IiD6F=e*hui7Qpu~zXIQJUuavrh#g+be^9=r^qO_YrruYkR=`
zuZ8pcYH7Eq9I*S{jll&-QEa2s)j`|>#<p4P+S{v7!hjC+yIac#BZdvRdisG+E1#SE
z=EgZ+jc232M9{;$sCe;aBqs?&KYj-qGDahr_yGA?duogjB--65MtxMe{J3a7Hs?}*
zUJDd5K5G3E=iP7KBr2Ot@fAG(BrFL(+bBHSVBp<|c|e8R2%L_bNbdf;8wbO^S*TiQ
zO7<S(h(K@=HhsX{h-kl+m%+GxMqwUE7s??HEHKti(JFh9!{r3>8UvBG1y@O3pTk$K
zgw(jx;zQ3p;GGS|C*zn^@Vh@n+&;{|S_!>Nr-8hUp0~`ga_onD)0_d&S)uCZ=uwfk
z$$xPphcS-b3pZxxa=1q%OFv6+Tc=i%&{tj8MY<XM7OF)$>+U7d9`x;Ae0vw?)W{q-
zR0i-a%CB=oIM0i&eE1&+Bw{YyF4S{$1;HdX#)czkexshh=&MA3*dfKxyY{sX7(6ym
zWVguIqU*s}QFyOOR61_g#Barq_pCYxO3!PA$K+DM2BzXP4dv5e5(hwy{poQU!;O+7
z7Qc)0nUV)9z0Sj4Xr|tv_ZL<+Ftbn#+`J6hv{0x$tW}vC5($=pY#ta*j(<QyS)>KZ
zmv2KkJ%)P)BkLD0Zw`)w#sW<qz8#YtHU}-@$L-jZ3@E~z*T6E8)x$bm)PsU1cmVw^
z^uCSj(;rZ#S^sDT77=eqmmh31q0q&YNnNOi7|NbQt+01BbsS8rk&98~P$y<D`Up!|
zgFvc&^&BfGr(V_eZOc$2YY4D$+jDQC7dLV}-MSuinPOOA>mB#4Ta92!^);`-#-ZV-
zpmF{NRAaQ+HM%-o3BCHYH2qlFpNpA%f#2KLEM5E*hqSpH6rv;V^uRaJ&5KEv=(9VJ
zec_e<Zcl=<M25O#Zn}Joo%pg3-UX>jtY^)v>ZeTlOHd@Ji_cOdJxp5Hwsky_=R^mO
z)Vy7P0gc40IQu?>?@dT5Tsh<@M3rLRVQ6leFU6iUOR@ahseJiL5yRBajN(<+g9P1n
zAJLI(d;Ckoo_m5Dx_jFo-bZc7fi~2n>Mx}FL2@1y7I-<dt6jLz%Ppn$GGQUC#pENu
z@rdr`^fo{PooG!CgO)zKnp%1}wlx22EiI&$meoKz+tc-zQk0x|-6@DOcVmSUas9Px
z-LNmfnC^{w?q6UpPRO>O6R-j5`L690Z*U;(9?@$GCjjxiBin;NBVf?rO`!#5Q}7D(
zQn}<l?jV_ia0!I-?=$h#!IUI=<pl+;!Mt#rJUGdedDYu^y`nbHEYx@CSyjsu@jA@U
zxGlaC+tUz#kMtcQUYE2TggmaHqpQ7ou^l&r9=2Zg`n8!(5BhW8fC%u~3^TcRA4Fm6
z{+B3>*`nVJ`*pakxLjPczJ{DeQ#{q6BhS0I+T%M?NH+L$TGWKmu<@33JVR;<tO|9s
z<GrCK*z?`3j_8CPpsNj6q}`-{_VURDTZ^vO=Ogu}zzO;KkFMqTOSk?+{wiu~d6(}g
zqqe^rSH^qw=rg$HRal|#tcU;f;ge4$R!_abWCGm@_CYrwG8Yh*waM%3XTkyKCog=b
z0p5%cr~W9X`UPF}8PFcjy97?v2IF%(v<v~E=E2r8OI&o~h1W6X2%5vyYm`$1<c;+<
z`T)5@{KHf^H@VuVBq-t3pQr?0rhJo8&Qd5RD2GOx<U;kKlUPzSd}8CDY)pQFr3OFr
zva6ck8ERtJwY@`OET@kT+9D6>SA~}+Xb5ns3-0I5emSi=`Ki8mRva1~%OiJmqfnqH
z^>K0nzs6Ps1FW8NE$-DZE&IOPQLWqzx(R6X4e;AR8I6U%ZwArjz-J?E!{FsPu;m?m
zHC&V_)*|z|Bq^Q%Qp6Zy^2J|F&e5Y2&?A$?z7g3L5Bo59BaDGbTEU%V^<PgS7t`v$
znsGAfr=T79Qhcy+3gTZ1)lZX}3|hRjdH?FvW076<+B;}sz3OQkFLvEL_~T{QO~YRx
zo^#rtc*+zFlczh1NxYX!Y7AWDCoc+;7lp|SF?msvyqJ`{n3BAhk-V6dyr|?CVJFU2
z^13?hx+d-V`Lye$#<l*%1H89?rnP|J;5Y_<L7CrJS6C#VeEBVnSl2Pk^x)+iZoZ`;
zR=OI;lw?}rM6^e)$7x8-H=?kNE?*535&XK(_+Ky)$G`H1^syJCHgPpyc6#vxgeaO;
z7||C|Q~b9neO0ynaP3f2FCO*jcq#?S1k%X=ll`0KRr9BDkZYm7zoO?W-2*Bn<EnKK
zux>z`ZV4dr8q7Y5;X``qQrJ4Ww^bC7wE+}oq5j6gP|x-9*noR)@Crims<;#bJ3ZB7
z6GDBFS=4@R<|UWclHG={3opxuMNx2CAX%ZQFx)BoME8~;Y!;9C^J4B%8ZN8ZQR72l
z(;yJ#_<877ll(4i3|Ijcb$ZxY<umZf3ciOmb$Vx+bApe@U-^GLJ|kZGpBo<n?kPCS
z_!NlleP@mjZIRF+lMfLqNGpmX^{lA;;~7J;B>s=H;_u`dUjtA7&XKqe;Vvu^Vmj=l
z@gPNk55%>9-~(|BDO_m-F$M?Xay}53eAhsf)ucC`icWE48j2bmhpTBE0(pmuMvi(9
zN1>ucj5gwDtXpUvWOc&VuK0$^f1c6nKgQRmn=g=GySqSS=_Wz>lL>8qey0vwHrNBj
zZ{v1;Vdcd>kn6(Ab(%G#Sv^6UFT6ci$vg5WKB_j$_j(XJTRCoB_<(1H8FRV2@SIer
zADhs`R^=FUP3gW~E`ryCqw&4qEuJQi8LfJRMd0p|H^FVof*jl-^eXV6Z}2I6qxXEV
zuYa4Tl(5yf3ZNu1gzz}{KuHV~B4%RX!!Jy+H8Ba#gY)M=q_!}|JB12v<#A)8y9xH%
z&K#j?uL%W5qiee>VKfoO;m(9dyQ|eF)PEj2K0sLfCk(mLCbaq@Z9?@1_~B`6xB3RO
zdKPt~*Nm|EO_LETB)JdE@1R_|lTLqTIy3z41H$7^nNaa*@Kt-A=0@G_sfG<6Xmk(3
zLsChDb9lxAG`i$%LE`$sV;Hf&598%_z+L^8$GFYFZtN^6aRIq`@KGDwOHWbLPfP~)
zOcU|}w%_mG9ZcKs(BkXW0ZgL#2&Ie=-CO7E;*^0z;)oZPokkx=wc#tZ;T4=d>K647
zfvg|`amh1M1o8(Wkk+7^tnl@-654`RB{86Ur2>m&5#j7n{vUW(2>$}F`VdO197RGA
zp2T=Nf|xRMr+);x#(WaI=P#z{L%Zvx&~aP&MIL3J#{*Xtm%*g9#KstLukhown7cP0
zghx4Xt2`@`kZ;C-uE+rj!fp1mU9p=Hwx)*Xkl8AP@mwlYX}(p6w9t`lYYd}#YW(hx
zgm5jQacf>@hUnfPJpNh_c@@w+yAqB2?9drcb(T|N>!Ik_A1F}%#PvcX)Pt;brqfE~
zF`KI1Nmd$|V*Rd@3Byca7nWdzwyPmlf?u%RvGu7qC(g}0?4-!Lc(w=HcsTTzSAou_
zoP-79Mp{))!U{Qri^9B3G?-m)x^O(R-YJA}3PU4db@Zdvv5h2vP_>;_$2OnqYuKK)
zNHC8;1!BUd-HWSZvnO-{mWM*iV_Yi+L{_7-K;u_d?|_y?$N1tveS;^&ayQ8D;^Ekp
zboMYiBjEm4cpOvqvF7S=xG<_S0+FwSWpF?EsGl7{Y|Ol!Qr;HSO9#(gj;RYNmK5&l
zSIu3XNck-BolmK;7_v{(Pt(_fBena$Ts<I#-|4d+dLP%oa5ceb!3fRy8bLTQ3>elz
zFJ7duQi!y{a%j;qnU;A6E{B%jD(E&Yhc_c_)q*_L14HIfx~&WU_zxhab-^1EkVL2-
zpU@s{ReA=LuU3v-FGnJ6!A1C%5Uzk$HjO2KQ1m`=uaiIWAO^&fKgLC1bwWS+B5);=
zbilLU{i(*I&3&mbl(3aw=uu*@0FK!zhQPG6#HJbND%!Z$Vw2M8|M;!)&m*1k&6uku
za*Bv>9fB84FzA0g;s*+0G*5=+A^m?w^#6WrJEwnGz)`{ho}D4#RIWy}`b{vEP)_3^
zyQ`(J`c{GrkF6!jKMs`t8>~i~ZKb(qJO?Q5Wq(Y^u)>lPoZKI!9F1FJ`+M;TQhJPj
z<Zy!H*5ALHhfE*Dy-H@qa>4-HS$`8F<l{k;2$1+9aq0<5q$Jpgcap||`xCw&Og^2a
z-YD3Vo(tvv)1nzy^BoN-Z+-XU9D*=D2+x1kIrLZWM}zu2J02w-R4r(F;+yP4_f3xd
z3Ld7(uZgL{1G4PwHP#|5MXT}Go?M%Kg_!Od%y%#quyE?nr!MdHxjOX+E&To#iiQJ8
zM_Gq3EKhyRX$`P;AAt$-`X#l{E~zD$5-fP1s2mq6E{ab8x=<P|%2y}Fyp5u{8E=>0
zrrMQbLisK1Bhh_icD}nZQ{L`TCuO@Q+2uB&c9ykF>9GW};eQ9_IxQ4dc6!W*<F(2B
z=PIT^mysULKGy++(A8&6G+;`agzyVyex8E3fY2b|GZavJfQI~(AXM!_W&Z+biBN?g
z@@%u{{&3ES*as&5owC+~*#bdMnm^_r{G<1SSB(#1!r~Y3E{v_aI8%P#gXdlDV!PZZ
z)D}Yrx-G$l@V`TT)5i{}bFxGwmLnn9uU4EBFn5W{F^h-YQhujUJ0}ObTRzq+)HeCu
zjk9knQ|4V^k*|oIFxn&3=F=Nj;Tw{>xnf9}Qkh{1PFI>Ni}svE#PYnu1Y~i{QqhLk
zVFVRa6HuK_T6ss2)*E+Q1Lki%hM`7^`iumDdv&j2b{TR3-(~w*N4iy7tF%hmtdsiW
zH;o}4YYz@mFQ9tx+|Lv3Pl^ybn!<|*x;=F78FY)MC)@Bg=bJ!Zz&am9UQ=$U5`DHZ
zqBhTo6~`lMkXm)EG&#k=_h8y7qOY(1Mrn!o8qU|RKbTy@n0q2x?_kJ*8Bl{h;qH^T
zD%o0N)kfMXuM`pCYA-E!{mMDZ6TRo`z4pu$zV-#UhE4tW8qVjfURQ&fe{=)BGC@=q
z!Ujv7jy42&V0^HFld(fohv{1;VL!IZ9iUoIH}N{?d0%{g;scc;YZtFWubl5leS-2B
zvz*vXYOx(<svt&v)%c#I?Cyv(Akd<Gp)0|GDD>BW6nHQ%E4G(0`I*&b3!-n;6Pt@t
zKsB)nUk!SNm9f&_M13!CJ@*yL)98D?$+r|91pe6Md)X8v+#eIYN;rw}OVh_IX%Djs
z5hOBoq^QX?t`^TKjARDxL9S=|G_Qe1{t>d83z5}ma;U7v&!*Qzeb4g*N%B(Y*fKh>
zi27FW;(c|ztqu4meqJB^b5y&H`r7oTi}o4*c+uczaF;dd!g-WX6Z8puk+M$$jXu%o
zYse8IPvZ(v60qD!e^lq2=*L5}Et1?(;c+yis1tw#cKcb()fvAM`CQbZ>^&*vb&KX>
zlF}`dm#c30uKW>r$=y&fW8|H{=U|%L9=rUpQ0uXx?<aB!A&hDeTxH1bD2XeD#am73
z+J(*F16;#6-6gURx`}BcZ$l#ag6!KZA_(2f!!1I1RS*9HNHqN$gI{Y4bC@;_>B4mv
z$2WZeR(p<-v&)az;RlUuocg9En6ZGzJSy`XCY3&vSfL$y6kwGO4=c<L!p5OE+t1+J
z;_TQwJji0jj`(5n>WG!$n0XuqS#)ii#xi2LiQe;wQde6&fwlC7XdzP^BbZH*vl`+D
z1{FkoZ}C5M22C^=f163L<vxibn)y};)%TM3h`iK8i+nYb73jkT_^5$#QRZc(OZ8n|
zF7<}M7wY^KqE=diAHt%b2>h>&$EPd^67XkHo4<l&CiA_e7o6nIV=_E%p-m$^M2Hl{
zS7+8QNqhR&q_f_6=U^>w1=tZ#0ug_IyCLT!6_cgk<sdg3I-f-0IhPC1*(5yYToZpV
zC4bM5vv=@U$KtD7D+)=@`qW=$d)<|Gd2?rBKZg(*geG&Lc9OLWHV&5HrTE7I`z8~D
zG2)Lb6u~Hdmj=}H1DM7VC!TF%FFuCO4BI{CM$qj@q!90$=EHMk))lv)9<BaB-#r0C
z(7y(L=fh*&sq<GDY?p2OF8tPmIeu+Qj)+2UA~r6E8dpBvC)CFM?t`<7KmcCRUv|bl
zwC@sXhdB8gdH4pXiWT_9W6q5J!C@X{oyD_g7m7)L-j@OM7g%fs=4Xn%k8)8tV1?^|
zS&zMoKY1tK`Icz6i#ij#Igxq*Ge%|_dLV=`A4E(*Va8hc{`|qukPydd!!7z7lMFa#
zU$qdvd=Rpk$H+XkSJbj1T>A2C*$A52s9QN~&VLs;l`;p@S#1FA)EqiPA+Ft#1Wmnj
zCP+5R<mz6&?dQl9B73nUk;FMeGgtsYl><n51>{M70{GwcxZ6`rz}kc=gbMMn#(?`X
zVKK36w$7_Q3{?Cj@b$Qh^r!}l(hmHvNi?sMlpgqKAM#oYeUAvw^!;IBF=lu3x*y7v
zKlG@T+3tCEdA(3O0hB1%oQGEuYdj7#nP;Y}Ecq{9^;sNAwKyxF{Y3X`^Rj)286zeZ
z+-3As?T^_D!+8Ut7I&i%&LZ%piB=<ZZu|=1*Xls!7`$_@9S3)<)#GjvwFPD&JP8>E
z>%oncd#(H#<}CJecn%^9J?qZyMC@GjvFfE|;?1#Z`{2C<*!q+TwhXg<Kg)4Hs3=%S
z;Txc4Rl}a3>(1raj%50D!UjQa_6IwVo;d5b$klPg^TF2QzUdHfL*>?lydU@&Vy-=y
zs3W2pJ~IAUK%3j{<%PpA`L(GzuzU7ulM=#{*CbLXy2dc=x8pFa6T;8i`7jx2zl{PA
zO$G6)_;{UfNsib1qE=xBp3k~ytQzHik%uM~*+gi>yg>*Fq75kk(Evgf)ZSv)_;0|#
zklNxLl7CgT^s7~Je=0owR|33w=g*utQQ&yl-wKJWd;BaS($!v&2zc@#Y4f~(^=~C~
z^9#6{&u<pMWiDO5^8}Y4=!_cw1!c5CtefzcL|2Laa_)G|dk#$2OlQ8I9U|CAUr66k
zjY(u{`(yUy6po7JDr6%-(ULg|6b%g@fy)41<K6gynYw|A0T*A&pDfIfv<j<V8+Wpd
zOo}fdxhzI3cld3V|0*fRoE5LEIgfg~(a!>*G7ozU-Q=h%`owCKyMYi4p|cof(!;#Y
zQ7~}lm*G_*5Daw_4^yxmv5AS)epXcWSwIe)CoC?a8IKeYQ`;!<__?Tl;)8Ak!l&<s
z^?rv<5*DA!sRV~@mC-t=@(E{%t^*<cy~W9vJ>f)f2x?r|iL`IDkDnh&8b4FQYICWs
zf08ADCe47B0nGyE)vMA(tCm;;CEJU^rUD)n@)wOa3W%@GMWmZ@LTB<I)Jm{IsKs;;
z!AD>!&I>*$YIoj`8kNZI%n`zF8|haAg@_a5WHf1-=UvnS>O-WudhQoi7M~}qY(*5(
z*;d5Ag4#EEVXL2@F$03Q@Mp_mm>WI7WuY;?P(bsW&Aw_kH1+~=-S@IfgeOg>&LDd~
zd!YcE9y^KtI1e`QXY;E?i?5oq1PkY8g${A*5%IxJd?C^%YMHk%k7EJM)DySh_X_cB
zbR`2yJAr1F+Tv_ZcL(SfXr?EH$G;+#@6lWR8sk&N$BogrN$g9%b|);3x5*Jrdy}uS
zU9heS>G6jF_JM&~7yE~ycamro!Xq%q5H79q&n0Dkt|@q}WEdEvq-8-$S{731^&ULO
z<jin-E+&z509{0|Vf14ZtcbUv+)*$yRT-q=0HePa-N}a$T_)F@n72;C++fg<s;|-3
zlUj3IPf_1R_YPt4MhsCAY9F9A2Yl=#wil{+nikz~Ty!4HFYy|5ARFlCE`sgZ+uJtQ
zKh>-qX5OrSnvG^fX3~o2M}A-G7?_u_4v#w4dQ}2c&e1*4r{JZY&_ZiMh~RpIg2vjE
zb^*$Y+(^5KF<ERZU!**fA~hoTQ%Us|U<)KZF7UGuF01*a2$wbdvIH*i+|{G{Cczjk
zrD4wCqg`YSe~~fzMaJM48Dn3Xog8~#L8^zpHSr$4Zc6s>SL7$yPh!48>>>OWzoUm!
zdiwUTgnQ-#2k@0p7mIt+_|PHH1xrJsk^o-x3i-9uMgqzwJ~XGf8<tdQD9MZZQ*6?4
z*u@=#303<+p`+-*K|*Oc4&14oT%3tTV$piOl4RGVp;$Ea+A6w=X3#sC>F>OJDp|*~
zR0kVtr7G0axAO@u_r1qyg}~<@KA!gZwAAPK7)^{I<BN#|Df=moc<i-PoGlC#!Zup^
zovEeIy3t<4!nCksotUz<z5gnl#KwJ=yhalD9`?z{?U6PQiwcoP5dV1z<#`1;uSRGy
z#Ijx6V^!Z6Q$`fSXN@T4J0|YclYJ-dxs%C><HUtyuo&F|fhhuOE9gXPsx-y(E}9VQ
zk(^>594DQ^$c&&>Lib7J<E|C<#$np9Y4?B<LE2XQVy`;T17jcj8LACl_a?t~k2&b}
zv#pqIgmhy0i`cVJ6RFm*e;!S#+pg_g18+RaVP#`=U50*9*4fKUfss<Y0;W?vKxSTc
z>w?d|bG+kiUN+2?h)wPy_$PQ8jm<gEuf0sbpVQ!{p84}mx)=WwyA8JZPl;1+H?%$O
zKQI9;_9tk|N;^{YRMTr0(uUJgIhUJ`@i;eSaAi?+>~YZEGi7^~Zzk^r7g{SQ4fjr9
ztF+Oa$DdpT`gj&Aw$k}Q&V8x<yEt`Zy7n3WDjBChzdo)(8xr}UvmN@<4ji{{gGcY{
z^>2ucACqoAu1Q9gep5Pud|=wKj!0+aFp-q^HWRsI;N8?22FIa`t|vP;p6Kw_he+i*
z2y=I>Q-6B|^<oli<e+;VrN<Gx%Eu0S*fuYVtzPl^A58Upi+{+~pyyuFg^BF-rHi@}
z9_7@4;1(~_mG%=#_d~&raAQ(%J^Vi?cr|P$uXV;|(mJ7n#J~0_Xvf7}iTK;DHXuSA
zBN&1guS55g%5dj;d$5u6hn1hT)w-287|pGIXfQ%vezm&0Z#zR!Jf#yc9#{6Q{U`XC
z<V~9Y9``rAosLt~@pi9ToM}ML`_&)iEA19xWk<L{@NE^<IobO4Zu06(n{UrVQTvfS
z&Bk9TvRe$4FLY0wK`B|4_Lr3AoN9hotuoNYh46SDJY(l8#qXSiZmd_vhFjC}7<-+Q
z==^sQM_m=d7s6AX9%zc(j^~A-I+%@AKB6|)j@1?_J6}>Z=I}H=z4+!rxY5$L#wl3i
z<+0Z-Nq+&TZwl2nC0QSa8uY2J@XY#3zN<d>Y4wS`zAMt}6RAEiSzo`?>nl04zWnd1
z@6C+9_2puHLt?+n;8o>PRk_Kk5F)ToRrzODmGfOyU4L3tgnWB->>^aj()?|KrBJ2W
z$x1uTr&XGBW~Gkrs`QWMzLnbfc>c<qHlB7ncbYNk`^D+?IeP2!Yd^7nS5;S1RWo>1
zP|Ibp^UP^<xxp?bVepQbdTZDtF{{%k9S^&|v-sCghHJA@#Se}>hia12WS5N84vW)@
z-HYgYsbc4UN2$Tll)*`xgoxX+5Wl{L2mRfIF7TK0gd9`kIJ)P<ef@TF#=j|`jf&#?
zJB-Q$d50urZ+F0aiZUn6rM(UBZXj>Br0j-A`{_}CRCTVI=5$EP*WG?IT*T%P+9C#9
zU4y=b${x567qO$Kc(_N7cnyZWDD5Eq;38IL+|S4RCCU3Gv0W$m{Sv%in7m&YyU(~^
zi1!PU_X}blpWyck@P4027O}D0l8Rd?)rvC6mP<js_rU)f&>_!LnzVIs`z{^9X}P4)
zq-<Y&caNsBJlKXsob=;AGKTq`0w{=lv-nkqsClxZW}+sBWUra1M32MZz?^GF+N$Z7
z5dKjn;zf)zORR&G7}lXQnI*Nr!;TQ(fYM<9k(PBATsPjKWo_mbbCFfr{j8*KnO^rt
zyioZa)+VZt+Pwy3tY*Cnc3Py#VK|hzSu{ZOF$*lUj`qZ2w9q)L<<51{h{G`5!DY5_
zIZZXOh@BoMPYrlU%{+aap)%rWsZvL9xI*}7|I~d^sTASPdvu34NgV^?L|)3*z5#XU
zTY(<v>LiEyHcgjmVe&HdZJHd=dE_^Q@NcLHYClHSFfBjb9?@+UBAs@WcZ9U)x6H%v
z75&PbMC$Ms&t|>qWp!njnSAIq^XdSe7~+QKy6Gg}Xs}vGXsPH4^>#lKL6QpLm+^|*
zGxfx8x|5)~qB6Sh`JpD;DoQgg6rXd`^9WPfC<;Z*q7t)8!rwm<HSf9KnY-&dan`>J
z75#3aJq`ujBPu&P^cv`52$4Sj3-jTys9*Cf6*U7USPqHW{F+rYZ$5=dMe6i_&P{L=
z1Frk8`;jT3!Qf6pc(jc}y=HpZPE2PbG4B>SbH$)v`~p$)@r8$cpii2;tQ~ga6wPER
z)*idrOu6w23k=)zI@swBpc%pDN{xFgqK30_guLuW>YvK6>p}k`xP=a6+NgE<I=mNJ
zav`(_YJZ6sBDd10j!2t)lkvl#9X?-lhhT+M`lna56U6zgWW_1Oa}GJ~YDu{*stBwv
zU!cB+gdIr)2dHo3)ijo$T-fSjgBkN|tXM^GNNV+2MrH6rA;Ft`szz|>F+xAr9y9T=
z7=BCgV41_B3*lm*V)Z?4pVF`<Jm&idb}N!*ZIaj`%J@`IN&RRgL^_4YO#{foM|~SP
zOFV<M`f)F&uEKY<60@IKqhvKu%N?Pm*ua-i4s2rtK-y_L^z2YX5PyUlfqCyj4M_n;
zmR?#j=JMO24t&nnkf{C!Yfuhlh}vwsU-KRZI=D>)=_0Irj>dtcm*3q~O+V$Y{Mr<|
zYI1GIa$ArevrT?(Rf`Wo9N%?<@^|ETpC!}COKRo^or{S2f?s;nNHgi1&(geVqc-5K
zRqq&KU|T=S)8XZiwu$U;k3j;uHs@F(plaABZH}4k@bjhYQO)iqLAe@+j~!u~(<+k(
zdDw9!Y97!0t#(9pUMufV_L=iO*M{8aVFmCZZ|>uFl7Z`(F+f7qQd?>elY_K^reR`_
zsKFFyk8O1z?mjT_(4Y8JxVz;8>WjpbSQpcH-;z0-Fux5FgT8V0v4m<o%(|2kcE3WL
zP%Cou9^f>Ii}rBt(Iv8;v&pP)()h+KgKrEsQ3`OLj1kJEvEhl&e}C8V1h<&*<cywo
zGC2E3?uKtDx|wOnh8YEz5}PE>#~bU{GCh(us;SJQn9Uw{m#7Y#b9-5hhkf%S?b<yA
zA>5mm=t9iuVeo4sFVU}wsq?%<%0Vn)_ByYdM$5-`2;mqmmuF}6R_JBhT%BI_BJT<{
z#hdpz5Q_(M6@73gCbOZ3D%l}Dco-+a#rI^U#g}qs8Y#xrvS=hQm4!n1Dm!Ml`peS@
zg%aLR@EAR7+W$)M7+=i;=Ckd%k)MR^j9-BMsAuEngubAFGLMoFn<%WT&NAQ%1gu?T
zMRsm>Q@(mhG%Ri+yT_rl<fv~WnN;%+*t2A{Z89^u8xxaxgj@}=2Qf2rQdAAE#)0Ev
z7v@(~j-3)&70EX)z$!i@&rSaJ)io)>7Q5mYjW4m*C((kT)U^}vdjysv{%YmFe$Y+g
zIJV~)-Q`w;NCNF2ZdxWn_(&I;QA7X09R+fRon3}rGLrNS;1H;52vr;LzS1CItRTut
ztz_t;ogE2GO1n9AaQTtQ4ufVUgb{!H^kI(gPMvQ@kQu0^ScI(oQ9oBS41O_sNji89
zN#>*jLfR5LEV7R{(S84g1`GfJY?}BwH)<7?y&Zb&7kH*I9j0a-B9p9s@;_?=R49a9
zwzKycp`1>Mqls7}{%#!8K3dRa7xijE4^#fZ!T*?yT2Px1X|i!GC=VONjJ17+CiJE)
zsR=ECEB&O_jk=F_3Ftl)6`ItCgyO;ZOHc(`3zus}MMo8=2~?ndLzB~*rUGphLGrsl
z5yC&l?Z6ow>)n5@s{1R?8QSAY=))dK9XYMq_C{Lv+F5qp@(9Xca-oSBELY@mR#e|a
zMoom*%XTL`oMO9NfJ;#;1-2U%gsMpu@v{|N6?u=e56~FS<C0##q6%3jUPfBvz-e9w
zi*_a{WE@b)Cq@#|nV5uhcZa0iZG(Y&7KuOjLue2!21bh^R{srx!z;(2S#piwJ0_}u
zkgH91{sL+@_j&V~Z)i`0U2ru-sSo55)9;(qD5Z(}$i3Zo(nZvfq|xLEdD)4SU@``)
zcc6Ya6BIKgVdjG+RDFoqknTLzI}>%M&BWY?@!4f}Jpt4(@<rkVk@;Q8c|ksaZowd4
zfO{})5|@f3@dNDJly0YBGwx7FftGP1c!8uYt~R#FK~=OzT7nNt%6hwhB#AV+Ri$zQ
z>|pEyGQd7-q7H5X@uwEqd8*os;1$Z>QNJ>a>RrA1Qk(pRaW?fn+NF7_Ko2_%Om;l8
zHskm4k0fP{!33AlCV!2=1b=6uT!rW>^^g77Iap~d8XS%CPtr>5MlG%ev`R-2eCo!~
zUwFmpjiOTDfMXuCgW`)V3}G6R_$OZ25NX3Va4%sH_r&V;o!1%~B_9bc7J@ENh#aDJ
zPluPyvXg67fnNFZV~N<m(D4L;-%Wq(&93|9LpV5d?CGmVZ-JZaXso9b&yUz)9|pr}
zb`r10#%sg3g3RR(C0WVLBb*9J6zMmOTb^VaewA)XY%=f}{*B7tRjE8oSy#fTz?;|Y
zUR!<%Ncz}C-MEfuzo(Mo6MN_+$p%9u8X)q?^$4{W8{&Vw7A%F~eJo(o-;$Om%8J?j
z(@lM(f9ywHX_Eg8F1^Rk$&4>$;?l(rVoGH4RfJ7x4PV)YIvG3{1d0CW4c(~)&wVG@
z<dEQPj=gl0^nz9SZx|5!6+fpmv4$3b+b_^((28Zd|5pU6wwz2;JXZ^C+R}Dw`hb}@
z6r~{%nY4)(W4q{HAH4evJ{be4{|Hw~3_b~!AAb;LWke{YH&IFg<v57{Maa}E-pA9i
z5!Ky^*l?2WX{rf7za`zMAF3s=;S*T~KbORWRAU_Q*MS>HjsYUFG4`Ot%f2$Uj31_N
zDnWMh^#Se3C#{($wYk$_Xg{EZgSG=2j-lJAVvYz48|s;rEwV?m>2IVH)0*6oBdX)z
z!J|1Mn+5+o@EiW}hhyMv5#A=t2IIB3NoN(p=aL)pvqTct9Y+1gJ;pAC6}o*G3UuIx
zX`hG)Qq)R}Pl6SX$3F1af!3VZHyvq`vBZu6j+lM<C--3XWd~}6)o+kSxam=-#@T~g
zuQ}B;(KXy%ujaI^IiKj9pJRdZLnLP}!gvKve?s_is8Kgx2Xj<OhO18{w$<>NoL6;*
z`f#S+FoWw2!K=<B8DlgIO){3<@$c42XW9a}qO6Y^b2Re(+rb^K&J^<o$r*e@WSdas
z#YyqIx8j~w5_}s)R^doaHcUw+O!k6o`U|ocW*_l{XTyU9Ko*toZw&l~zx?4?cpHhy
z*#9)gcAYxwRQ~4f)KpI5Q)z{nh!yqxTPBh=IJW6$;T}Tx;}aY+@#britb?3T($2>w
zh^(7+idtqlVN$3QXNc-Ap*uC*v~uo(jpgu-(9~J#9hvykuUVyWTGm=WqW0YFgeI>O
zEkhAOO^6(!PgZagwN9RX9EQ;@)Mnm+I3`Gn!zEFzHel2adq|XGJU_yyHBM7Ad1j*)
zflhnLNU5F=A0W0Ghf!n0oxNdL2(|PnG7N|Q$<4^}8hVo>$ul{mN2Dz{G5})xHVIm6
zDY6SI@3Ja8h0yVV!C$I_cZY|XKmvneX5r_Mh@*yn)4lOc@y|H!PP}ni)OytrxJSUK
zsC&j9AVJg+|BI_(+G73?9iAi8M0M0v<dI8;N+mj^rhXAzt=K5oV(4m`XpKM4<Izeb
zcHDD!fUP$oT-3$6Ndt)pAG1!0Z4p5)Y20lS%^OtT5Y(kGZ?vR7&F5(B49=V?VXmy@
zXuVZSG9|TW7RS5GM1yWKMy5MD3vrq*qmO^Zr>R8<Qyi!&!8B#v33?+(ySodDH>PQ$
zhZ4cBHl}IqG&PHlF^C5QxZ`JkSY+BXWjSeHQgh{JTM+^8x)G;Mli{h6oT^zkRr4e@
z8{zpx%YWJNM1Np#p=ukc48>W!0EC_?>Kj6b@cj@kVX_HbcDOtwEQSXw5)^nrm>tPD
zO)1Lb`7=)?(gQpZkK|?Yw}pAfRL$@^j4Awtm4#NxatT#0FG_q2TqjmRnr_-eL%9NN
zRR8UK55pJINQbs9<fjYYA6<7kURv_R`U472r0B$Kzk1zYA4jO;+Cq{Xqnx6;L?mbH
z1AG$D>pC)x+)%7e(7H3w)ITeMUU42mO#YB6pvPX=`*7QcU%eI+3`S7?EwgiRDX9Uw
z(rous(_LZZc?dy$l4vHf)MSw6izd`2&V8Kn39jU@iNW)c;3SLBL}8f+*^Wf31ezD8
zv!DmQ&n8kUv6Fem;xQ5<2Cr83naO@Uv(=u;o6L*wBrcMas6F65B=7g2od!D-LFeVD
zZOB`fnYc}7efH^jWhLc3J6DlQQFntc<LlFVs#8zpK0Un<d%DBax2JDXPo0aPr*b9s
za!8+E60|sVl_F0i^=*5S{Y7|5efvBn+2@~ApEvlm$6EP8WN(i_x1{4TxEXMtlD~@I
z7H%Uk@yH!0Ch}bkYi{@(0xe_M>-Gmx&*tsLFJh>x_V(U`>mq7<Fl3~8`UL2I88Cs1
z(YUZD+y-Kjiq7g&v>xd#HFkLq|KudbFUBg+j|thvuhA<=eb6p79<cZ@v)ALNQ1Ljv
z5J$>|bmq}YLCTpV=(Jx8w%W0~r*$&m{#K5YgAtEPon;T*#zmqMpa!ie{u{}|Z$Nm(
zU+;?-jtp~>sPvdcCL{jwQjtwxCWL=NI#1Tk&`ODQ3(qu?b9xb|eJ!VJ3ICZblTxR%
zK%Jisjixu~pN?LhP<_p6pbmDE9`=z}yVuNoFL>Cd`0WNA`+z5nl$&9r5nzXfa3f7q
zX*24nXic14=g-?XP8&4~ZHU#Q(S|s=4o!#n!Z^)3OQ^Lgjpj0jr>866#STK#nv{z{
zt}iR^@Dz`~Q%hg)xIbmBb87tX8u1af{zuxi?Ey6aH24&^gSN@%W0Y@*ubH)WOlvs?
z_ko~-9)h>{RvoxH9=~Ca+|k*!eLE1joivx}%TBX5u)y=I5t|6RH`um8$3ngPH5{?h
z>T%leR`^?^FB-L+_Go_f;iZ1H6q+2UhHi({!1H**Gh)2<*a#e?I@o3nHbGI(qie3P
zau^F#>)uf`M$e;@E_{dI7gyhZ6)FC-zk`crN*}$pd=NAmnjcfi18_1S@j`LcEKmcD
znE<0X2Z#OeNSMVy4U}44R>U%=#zH(i*RGxqYg9Q7%<~X>0<t#vId0^Tt#Vvce{BpY
zh))`k8)?aZOHO`k?TBa)k71zF>GTQ$-q!ILA_?h;Jk=~zo5>Br+HiUZ7}?!z)s$b^
z*KlUSHKd^JDy5QaH<8Sy^DuE_U`6>%QJKF2R{uw|6g)%M7%7>%x+on+-$cfritPA*
zk{;O$`!g0;K{)!#^g7Iw3qxDjP3#gqOhJa8mxljJp3FCh?!sL8FanVyVwZI@d!7>h
zt}`nk%-oYoef%jumt<ce+%)3eyV~^rC({zkB?kb*U;jZh$aPvV>|=vXz+t{k*<mLG
zM^`wz56)HEyQ&qw%TpXll;5Sq+NF6U#6}rH%<Wgve@DUmy?)D;r={;5M9|`>x3N#X
zptvQnKA{A@6BF_Q_=xB4Z3qq^)yrZ50SHV^`78AhgSRQpNL=)ALk+FLhnvj;yWEIp
zOIuFq{x9!P5SIXlKzP3pxeGb=3Q=hklC#NO0EYh0%_`Zxvw$y@)*)6J=1G95#kn@7
zH-c?-b-K34evFMab1H}(KgG>DN!}eDOS~Hy9S9Um9jOnWN=7vt``EKRY4LHiJ_0NX
zON4DTG#^|jGdgX5pF7m#kkrB%BBQO1mr>+~U!4I0d<#ZYsEcPLCo_Y74-+ku>}ASG
zvpm%6o&!7W^{AT`JMfLKu>a<D_%yh)$@goMP>ZpYzjn0{f+0oCEr+Jg{U@evj6%<r
z;hG$b_aYT&c5d)~$7wnYYjE)Q9cv!Zs!d*swphP5H5=hu)tj(NbgC)3WqHEy-X-s+
z49GDv`3ylHGGW)N4!8Kt2lXYlP;!LGm5DPbM-4boIPb^ERPw-gHGs15xu5&BB78e^
z^9Rc@FT!-{-pz205rzkwe~S^Rb^7nhyAx~ZE?cK-<+#hf-y+~HGDJVTmSNxJQ*b`$
z<NwV;$b~`R_|mC?aNleUgljt*5|hOBa~~0xpT$;}Kr3AdecL3A-HRQ;FrD`v;}(qF
z#PfN)7}SEjUiLTY=?d(rtBr$eC@ts$vJB6-M}6#PEtqKc$Z}CRZV|gSi(2s9guGkS
z#(bw2#rIxd)L)<LYw9l3$Em}2K|dvBy;;9=1js|>q($BrJ0Ep7(iO%0q;24rUTz!U
zosrn#HB<hE)3*n-qAwpnPwSIsboJWPCK#B7F~#ZKt~;~aw(r$#B=_^rH0}In-TtrP
z)NLDfyANJP-+VBO_E#IbTqcLn;U1T=pEx<NSoI}h01Ta_7f+%~I>IIQi3mTof7NWf
z%qZ9d6)3ZDMSsea0yFH2F=l+b&vhV)PfX9e>MScluIKwLay3b5V6%Re5~v0u33+hr
zeZH>>s0*_(^g8?wZC-kCy%bKNEFfP8SdZ!p;es{d1bE4ncF7z?EMWG9pB<H0Q`}Zo
z1GhXv?N}@3L-wdYvisHIT+tG!_NW(0YI(lWo)Nko7*_+5#^?u%kTh=hs(~=#%dI#L
zTFQV8_<cXZ5BIp&dxfHQk2*FJB<r8OY!^mR^7_@nOdQE2#1!dH3~l5d^%=^=<#Q!~
zZ~TnCh{llkMZNfOm>zxPyY$YSBFtHj#}!`mCFv5iAzTGfhp*L(AE3@}!kpy%MCWsr
z3iGSO9kKmA#<?-ShY2GPCWR&-nS~a<{vqFMS)K8LNxjwFD%6%(xt+rOu~786T7v#L
zdn4PuOqYez*dgc_^=N2dJM<%$8Rr*aN-ZXYYiLjVjI)`dK3{O^8QkI}v1cgNpW*j`
zW{Ejy6q78YoS<G;^L9_Pi{|5Ti)h{`)Xwh54ii$ZSEz0Ay5BF)hrea8$q0GXfuNX4
zLM@uun%Se7>TJ80Np`=vNn|dy!b%s9I@EEQkrw$M>cmW_%_f>ZjsHPZ4NBe~yhBtc
z*s*HKlI7(2!lB;Iq71V-J5$aRYR6gC;Wt7Pxs?segi5JK^b2%}Q4gKytK&d8$m?;8
zV6f7L>5OoC4^Kp%!Sgl8nkjSo%RqPqATeJid5KO<ps|vm*rj{lND9q5WHr-KXqL<(
zp*iMs7V<HIwgL;e^-LB*CqnOR0|rOgr;|Lt{C2KTu+Kmn{Oz6J;Z$+I^CG|YFsMko
zIs*TPy|;mnqpbGFr_h$tQi}>$#o`c_HffVh(|3}lk|x_^X<llQQlW5%&F&-_ve{jB
zW}Ajm#M>g)SVX~>d%f3}3yNOuRgltx2vn?8L<JG4fQb4-n%;__LJPFI|L=L8XWn*a
zchfe|4S(|K>F&-vFXx=+Jm)#*JZGNSnws9U<u~x~C8lqFJZbp<D!-Fv?q*eb|9{!?
zyxM+41)b|*e57v6D|K6bUG?JrX?#6eJN@LJ(;&>LdicO5#+20mHEnsWVaxwDY<Xe0
znWc@conG}Y9R&PCRy6f%I?aYorDZWDH1(3zA9WP~>*$D!p~cNZjrdptr{H6g%vVU5
z5woHC=`^ViolSwQ6ZtvFrvDq<vWE_u{Y9ph+*EsG;w+kL;t^ABZkj2WLo=4e&ytKL
zqNYB$<yoSyrRF|*pF?sszR(*T^t0;@TuW4*KaF|+OqIPfeAnj=GmB%ZM2}MUPp8+f
z?_%fXT*uav!)YEV8R9+iZQkJ4Py5(j;Z~?^lPnP5vgKupUW2%^&bGIjHa}*DTy`>K
zGorQAHn%fp#%(9x034dP?B_|w&Zy$2BuX~8k7G0BVr<=}N5?g6S?b$gOYyLp8D%kg
zDbpe5sy@B{WTF2duS5U(n-dsH@LRTiiczxV65k~AG%%5d1>!hOO<R69+#+MP%w}fS
zzNP#l$X6ORAOfK+mwpYV*6qx~+#0wB2u*0%vhi;62c3aJv1#)$zG-tq)7Fh&x@YI_
zKTAdoxewB?vWnc&UGCuX2lE9Z;RfG85_&!?`>*Yz_gAJL+jlDq={&>eHqL0SxtB@A
zRD2<cnD(z^OWkt~Gb7k}+tXW#hUbP8QL+b{KE$?RD93_co%EBYbNMWPi1KRB+vQ~_
zKuwA1TZifUGfdy{Y*XVyl#EH+8H<`}uP5~-7BM<Fd=ffp-g>_1=np|kS=qAF?C6Ko
zsdq<pAOAh?DY*6g*P5B45IwP1J)x(ct)z_;VzESr@Ju4QCcWo1dQO+JJ`OZ&**jd?
zV*4vWIwJhfrByov)3%@5L=QKQ_d&2uAy(tkPuUAAXin5k+uk$||2??*VdF~NS#<)v
zNr0TRaX$%ce%$D$0w*$aV%%dWb0M7(H{L4nuo2+*e$ukFX#(z@KOwMrr*RHlq?7)F
z<931t^k$Kln|?Svy_q324n<PW(i=dgS^ndeKLo0FvWKIs(`)ZO#ADz;V&?&})0Q9J
zcQbp*5X!$1-0~W65)|DdvljMN?L7SVrrR){-8Xz{5>PAs<SD0os%hMTAEu2N?CS~i
z^*!t>G}X@W_=YQ~$D6h;Kg^!Cb@;P8$A4<ll2cAG&PEILc?PP}=M>b%XX@Fe^iJ{b
z<GTops>dfi+%&D>L3S?8-E_zp<hXVm#(vtSt?zy{?Rp=|-Bqsp{aN?tyY9EpeG1)N
zd*WSt)2o`cF1)UFG9+Z`fy&94e-mzAMITfD7atE$g4y?DC(xeI@U`prrEefRwZnWn
zE!lqCm|9R??q({Y2{r|3<pY~2Kz{-jFJnRT)@|&};ougwFZYY818l>45<QxIVEBQj
z_TiHh?M)57aZN*?X7z{0eQR7w+w$P1pN@NZ+8yu4k4s3^Jb1_6G!Ii;yYuRc(?8k5
zzBdj1fLB_)>4g)nTfFI?ladpL1Mo1exe8doN!>~Z<MR`?huhE}wA%$>G|{k@h0lXq
z{z)%Ddu~3R9C&d5P2h>%!g%sWKjX>8ZHy=JHj^hOa-Li<un)v6T)_)}&bnQ}?5mw9
z(S{QH$*&w*>KlIW_PtDtyz%TS>7faSe=<X=r3|1Hw8Fw~?w%p-yW-Bh>5itY6aIi(
zO<Pa@+c&BFAuQ)r2Zpb`pH*IqvR6{s0LqH>Jh<f_w4~Dk@pKBjI12yThmDKadcJl1
z+UBjkO~D^Nf8qsO$CnHxPQCWP)eD<8Es>1MrlH>Rn|}E7cSoA$m!CVAEk`dJ@25xi
zQlCCd&U5g@ji;u69UNMHYH+A!I-N?`blxM$+sH&j<twKT|9t9eaNq*do3@@tZ#%q!
zisBP%$@;s8Z)Z0*o;rN%)YsU7_RVzQ9j#{jK94Kz^L8zpWGF5-QF#41c3hn*vsL%!
zY#omJWZD4Qyq6y88A{>D0pr3TZAHV7nJ|1i^CqvJOTRue{9o+Xis>ywSC?M1q|*2R
zKNkh}&Y{=S*mvmpo`b_DPNfrW(kby?QZzr8o$M2zNLI7iMT?^gdHBN_U7ShlGv-Cj
zM9Qsl^|6=w`06RIrT0I}+6QHG8D%fHDBJ3wtkdrH$$#42&KUm5Ki%C<Cx0v#U2{(H
zrt5(TPP$T#4oZi6GCDZNaUKfMw`qbmeGg2r=p!MzeF{4?h~d|~<xg0Gr-N+P;_vA&
zq5VxmeRJ7Z|5b8~^~vL$99cWw=E%i1!gRu^iSRkY+yCK4_^fURzTSL!?-Xyo931cD
z%ccKtj(6KXyvO@T<GuOu-N_DqJU9Hc$>fo}$oSE;Wj`IW1rBh2;5y|k(>obl=UiKI
z@|;UfR-fQ0C*L{jl#{O=J_0#8ak4i*7Q6V-a@ZyRhrRi6Vh(<M^<?4)iN@zo7W1Fc
z_BVExh*LmPd-wlF;1TuBrEQWfXcB?MPYzMH8yOPs8~*+wN*lJv`+%{yWy`Cilt6<?
z-%G>iP~U%`Oq%!On?pXp&G=!;W&AS*KBiNLtk$3QKhEMDy#HyNe<9f{|A@_znnN~6
zJ}_Ky$jy<{bMpJfN#6Ya>IqJMKl_H0-;ciG&F{Vwy!l-@iTF)4pF7FoH%Li()BEH|
z=w11Sliu1lMoRC^CwbGWjC0aUPyXBVKKHsey>rHS)BE9*OnMid<fNC*i6}s?Q@(m%
zcgokrua8K+el*dPuX`qD%Gcr?@<sKACK9In6uD^(PgmP}_diXg)QJ{7DA(gv?l)Af
z)>UpwI#;>VUF8n`GgrA6CpgPJlC$3*yUOkGEXSWGWiP84RxyIZJLx>Hq1vxsO7BEU
z8<X!(9M~caS1+RX6wSDiU46#5klsDd$K^4WYP><L?+>zHwhHCzJL%VR+{zVt70UOV
z2~7E#@`rvuUc>u6jnwY_^6+P+wU_Su!NSA*`4awmoEuQ?{g;~MKAx7}^Et_wvhT_9
zuZeS&GxJ%7CR{+x4%LQhSpLrY*gR<(T3C<Y`<6{VEb8sMar|pu`7r!^fsdWaDPFeu
zFf;r1spAEIxrtPJE?T?)<-dMb8lJL{z5Mjl8pq2|9r<pn@8(e${>IB`o9W%kO}lsQ
zJhz>gyzY{-=#7n1)5n+WyyPpAF$Ya|eQXB3cw^7iGbFkOqQ`yx-z4MI;Xj;6$G%Qj
zhWm7d-0E}pH(Kw(tO2{H5C4D)f!*6q<ZIn5HWnLBMKi32Jw({!!>jLomD98TA<hqW
zUNyt;zc_~c;nW#FSZiT;*^U1x8P#{o_g_c&eF*r`6$+b97=HDqucCDA^|)vwJeMP!
zy4ptAw||8>{v6*^1is_5@n!u9e82JiocMl@<I5kGoKbG$`?XbqqtmZu9NoHchD6tF
z1V3{EL-3W2HiGBu54iA)p1|>ooREbdYhU0up&))u96#e?o1g6hzsoi<{C<5EINI*S
z@1=1JzomKb``I{-->z}l{A;)IQ}4;dPs+egNaSxXvL&)Z;P;cO7=E?*plddMZ5+Q_
zuF8#HxxmktjUQ`Y;P>OZM~Gjijh}3e@A(|RyEe>_WY_q9S7P{mFb{s8mN<T!r7Zkp
z$M~K*Qv7y()WYwYH3GleH!%Fp#Rpxp@tel+`}Bs~`29J3km2_{eY){u?F;;_-7!M^
z%5D6lkDBv?<G1z784_Ky@rzTZm>*Z>#;;l6*N}}LYhU2^r|l!e@1`}j{F(S&b0x#?
z)j`Og3%^JI$?&@*4}SmiPmbR$|IET~rvtyhNbx&-p*_AA3H*i!8Ge`IgRa^5RdW1x
z4d%x06oKFPZ2VaJrvAHYg!n~l{G^KoeyccsKVFaVz1XGy{=x7o&x2p|9~{5PKeEU7
zVu$`4DSkg&ZR2OIcz3U7_*D>ot`+a4!wkQh*5}cGhdF+`4rk-%Snt$r8Tg^wcdvIY
zR-1TVuMLR4nEkPDs^mNzhT@kO)~#+Hs<?LkSyEjmjLX#>#%27R{Ed@fYf1O9vr(TJ
zUV!HIPwKvb5{`a6ZquQO#;Z-?AGK_a{1`>))xtw-WD4V)lzyE39zGEjHvMC2>KA0r
z9XNE5PRTVUz>3>{OVg&>=jYQl%kBv$&*x@_(K@v7zWL11`EUBzJ>dayXZYf2%znFh
zKC|CaC)2Uo=aauXM6YTiuAMr(Xd1I?hOa-wxR&~Zbr=<UUwbDv{g$%)-3^oIOoWf8
zANv3n`z;gRi<?;RJE<o4JiPJ{AAovxVa6*RyxZNt?B#Wg!C(E%jZ~wA6{tM~yttwH
z%Q=K-?b96p=LG(A*!$G|AF|`gbl!W@mKk^A{_yYKILMBD-?!F!--CGh;*7sr^!f$8
zObnPAH_KrlefbTJ?~QM8(w{V6#3<gkVaD@#vk$P-&#;!B{hvg`?@m5I&j44w7~HgR
zy_EXU{wBtsO=;@o>{DN*b7#f{H|?4pJg<NKx;f2T{$KFKOB3jN*!KqKSJT!;Iz{~-
z0}l<q8<+M!VC9c(Obn-AKbXGz)c@vrXQu?W-bc5FxBTxua);#M-{W@OP+$_wS{WCl
z;YV@79oM_>^@Ci_gF~rPS(%kn52yD(ZNE>LtpD8=bSPWxdTS_F%w|Sxc)rt!74u}m
z>r2j(9-45%d1p!E2(M;p!ftQq27W-?-R$X$t>2^l50URW{OBn(!V~UZLV|jYNLGUk
z-HHpTA5$-G^PA7hZ&#lMgBfBlasTuitnt6Gn#TV%G5#o)qzgZPjm_GwYL58YABnSx
zH`QL*PVcxo<>hI2EL^`7-9`7GjIaIlHFW=F)wiS2J!i87j)P4@r>B-OA)MFF+xdIb
zZJTPBuokAgoSwRvYBlbkl%85a-)d>%exPIjL>5PSx@qVGO<VR1FBiDIxc2WqYT8<R
zBDMJOKeG|s``dl=?mYUwe-rNQt+DTIc-FpmYxfOxYnbJj`4Tkta?xp<uVXp%;YloN
zbKZ$OJTr;;xWDHSsY%QM+{AudJ&Aei=dy@K+a#7n&7Q&-x?&PbAMIx$-W8MB5!I7f
zAYlC@wzKdbObT{SVy~>H#P3tt3+aY0g%!IQg->UQutT!wt=@D<71eDXn$~jd!}R`~
zk4=}RUHcNt!+4`==l=KE^7r7WO`EQyyT4>-eC-_9eBMv!y%z3{UO8|uo!P<e^ZBD4
z>`ag)G_|XOo7PiPpI~Q@K8TLau=9=0el*b!olk*&b~}2x{s7HNvxBDHEBJFh#Gj#M
z)WO`QO;=MJ=Q2wEh7L{_^TKZbWM}*A0anVBpU;}6bp73R{9sWUf}tvUt_%Dbq?(U1
z`TJ=O{@gLnZ1-hq_tD|szj`no+}+4pqtOixO{0B=1wqd3kFyiRiQDgY?tfYBg{<}%
zzth7vu=ZAn_EKo?U7|fka}{gvZ#mn0x4XTA!{@X10;0VrJ)O|P9>ti)kBYsPVyN_X
zC~taMuDadcOT#a}LhYFk^g!%`L#OztJ%4c1RX(b6J!|lfXz)Fm<DN>HZT*>oLbtp^
zilSbO@1=k#)RM1h(*~3cVj827sr0@ev;IP>KC^#Veg57T?%TOv1ZdNf@dg$qEjItm
zg{8KpjUE@TZN>-IyAQh8yWv;=j_%Hz;itQQ#`<60M!Kl4X{cg<%ULYQvf9+ofhFuw
zEHODqZ@zc`Oj|!=9ml+SjwOC5v~;{U{H4EhO*MSrTK3F;>Vl@B{^_(B-hr;Zjt-<$
z0D3#I@+@}#%y17&I;l;xG9{_D+N%UiqzllRLq3M?qfGVT1-QEZTWDlu3%yo$D*ivO
zX;SLj(6z5O({iw+X$vOYgt;xkY&nrCeCh_&&|29$x{cP=RWCAb@w}L&rTjfGA9TJ4
z=I4Loq`ZuJRaB22Wcm0%UONdS{EWZjX*Y2ECW`(2M+`q$qWl4>QzPOX9i+`Kv(}B}
z&DOe+z;c*sV(W%FpXvQg|Gj<^G3<17x10=)EvMJ8kAF?z`li|m&E}G^fGU*Ik};dU
zoyFFK56!pr{;!^N=zUr*9QS(m*!LdFh)>=7*sEkBANoB$^iyw0zn7hu$A2gPx;Aq?
zwa&SmH2l|^!<bIH=zxMqaOi`+p$<x9dzZcG!QL+zzV{W{;!UqVQ=E&s>E_pP;V???
z-bA<Pv9_uguYJ7kKDvK348|YqpU(1D(nihD=G!Knz+S>^oY@q9tzpaXv<bWUHTJ}u
zC_8-mUuimRW<Tf;t#1vCBkSqB$FBNcns7f_d6>`~@3SP^#?$pY>ClYQ^SQm+YKAI7
zQ{_0L0rOqvG6_5N=9j6*6Z!AjS3gXmEY!j7dY-3n4J$I?*B>^G3GidM?`3A!?!v|W
z-x2XYGLNKp{@(d}=kJ}rcmCe_d*|<+zjyxLj(_8%6I{O&$+!^@S4b5V;Y31-rwsF3
z!jKx(n3@b3s$4&3j@+w;B5G0&#UipEPbI^uA0;mjtqX}t{HwFp1-K&0%H3L&Rp^Tw
zQ7tB_m_MAAR<dhW`NW{n8#l|FKb+-Pv1^&#BnCBB$129F;zN^lBh|&q^qTatZ>~n0
zR%N!BOmz*4;{2<#d^@gWRtW38p`^u8@x#T`b26*MyDkrl3jC|Hcw5)yYS_@$sTK9!
zW06ehhJ_)0bz`U-qO9(Bj{h|of0^<!{Fm>f+h6)l`uvyp=Z^Efo1Rhg-Sp+v-%Wo5
z(7LE69`A{&OPC;arMj1d<NXN`l$<xWKHlFC9GkV68jKlgvO5%3=gk#3#gp}MTwHGi
z`xDWCbfoQ6Eoo8v<H^Ccl#xgo9Y#_O^;0yX`u2&^@8(L<DVLujo&LL%rEOEkOHaHs
zQThw6HT9n&9q!@sKVHx`O?;jtJ||>+n&l>El$$6%tL1^DW~kM&`K`1}PO3&K8B-(j
zm1;8nVcZBu<2n^-33S#~1Y1{Bw$!x-R|Gmb{Vgk`mQYOVR&}G|LN%#t@mRH7<)1sb
z9t0U`q+<CX{a)msE0^-AS~hvI<WF?@`&A=UE!W3W(TE(28*(C))K!_TMnXnN4(alM
zmQ>|<QYI$L-SK39$nXQ1&ZGv^j5tSEHhNWA5A|~?l#Kz6q{&fAi|K08zz4qbBE2C)
zj>J_xHp`IJ^_q@W&p)3dr|{CCLP^9?rPMdK42@Y=Wp-6AkxCfO-SJc`;+HCCOY+H*
z5lZ%`hLSLna&4_VvvfAUP_{M^*Dsal$V8Un*R?B&#dFYRM2#5={g(7(xRQ%cr71p@
zrufhok{$(WMFoCBe*EFE<iAo&NdC)1Ny(2E=u_=a7=uc`s_UU1)z8|J0(7l~Uy>5>
zc+|f<r9~qv(0C~^q)a}$R*t2jQD80wyBR~n@rVjB2!(r99kVs5mdlzUr}R`P8Xd$S
zg<`rKlDkqpa=csaj)r>J@M*Cgki{DC5_!L5k9If6=fi;t5mgT-wFIUVV^UX0=knOu
ztLeN@7*j2TQIIhX>oCH4IXXAwii(J)1Eu(YV&0GkAUP>r#jp^WMg`jMF=wnS$$CN!
zYu%bk`1flutv}T-s}YS2t|SliYT;fPy%LT@2Nw&gWJdka`jOTbC0+Gnaw^sriw|J6
zz+6c|*dgd@jOLJE(hXeF{qeriG6&oGLw%x6Fx=?H5Jf|zQyII0F=!I%9LhQpAAtCa
z!N3YZRTNeQnjYfom*s$ldr9IID};tHPMqCf;UIJ^>Qjs0TT+cDNn>ZVrpNhwq8l_t
zMGLcZIT{a#7*`;_Dh*?jCYqC!1WnI%TGD`2v097@l1nx{S*fI|YY@c&;0j_wu|ZC^
z$;AlJC#iGcR0@PEf@L7_qIgQ~XDbIQKZr4NmE^;v#%QjEbRB&frpTdoYur$6>KxTr
zlU*u}pt?R3hVDwL-P(GZ3sjQNJI={ih={MKFa-gv8}YatN%eQhtV|D$J61j5qGGfL
z_`vFNsp{|X%b_kk9!(i4TPn@LE|WtfD_5knb)hJ9h+L`}U^rH2K14tZqerB~`pW#$
ziVzTCsxY2F7f?#6eySxn-lFM@g=j0q#*oct+`!~gNe@V!z?Xe<imcEv<xGCeqDnF}
z;FngLQf;;)ts&aXk+O@HV~B-}5i%sWOgzBa9?%)1rquNqIxHk|KPoxUwX6B9YjL)g
z$`Py^%+i3RP!E*jG3YE4O|SrZH_U9I+7-d(0B5{V5!4D{=TQ-pgS3EdXw1f;jz}tT
zkL1Ty1!E0Oq~nL`z>{}mb0G^8GJ>>NIGO@?wEjdqY3RH?n)RgmunO@;Ag^5-Ezkl3
zTY*9kG9${_7B`!)bacm$sXdqlA#UzsS|1Z?y=bjhjV2@y1)j|WZ&I=l!i9C*0+F0T
zh94wDNsWX)6jg+>rs9btmQ$rWsj3QeNi?FwFfGwUW)+Sgo5Ax%Z=tB<Efl!i9imDD
zp=1n0txKeYbXD!A8Q2?I2Tek%Cc?A_EzL0KlOz)%E-*rgnA4Q>g)BiEvBePopl|pp
ztb;dHn&v$fio{V0Hfay!SjX4ZU=nm|3}zTgYlgWjVWMjhA(u>jGu?(-{ZyhSPPkBW
z8njm&)43ujIhCgChe-=3gikyewM^{+h0@g!ixPhcQ!C+AGD&*JD&;5BO0cQgQQ1=d
z!Z;%#p?iuoXRv%q5WPVzgIyL&<1ttnGW3<H@B33xLrc(t!dj4>EtIobM1Q{wh7$kb
z?g5u5wFh?4=wjsPJ1HP6oU^KD<v>SSr^Taey;J)29w|%iwb+p&Y}-Vre^kgySTV3j
zB$=%ei^nSXC^1Fvm*j9LMob1WWG>nB)v1?2Z9JP8a?)~ALu!!P<$9CrMlvDHImwo?
z9@DS0TLzMbZOj{(dyLgCbaEq|!EC=2)w;xzE16hGZG^6vV-{+Jj)fbVr?xHg!bOeb
zM%^SVKM9?K32p_jIp8FqD;kRR`CYoo7JY*Zy^uY$R8CDMK_GX8q#oG+{rWoHT5Z`~
z;U=+FHxW(sK<t>_Fr5jz13i@><tp=1SScBC&Os};*@A|du9T%Xvl-b^;x$}qEYuZM
z6{-Y2DMk`zzck2{y3o6rHQgZyxz5J(2xW!W^zJ#cd110kfrembu&q^*EYrm_*GoLB
zaZB9`GcSe+TaPm&OFFU<T}?(4hDTo8wu;cYR9@BI*4d`e`rjc<Ud5bX$0c{8!tNjk
ziDnyX++2>C#Z*06hUvSiuCuA!W$D(^C0Uj`gqop>w!(#F%`IV2qN|}KzCn)ARK7p4
zI77>~ga%!c##UlPvtCo6ArlYsi3T+2HfoDu!95t}d7vA(rWla|jWI5ib01c$Hv{ox
zAFXK)dWDBrpe^1Zck*T7eTdZ=psP;I%L}x{9j7ck<x(Dk_yR3~E#W?JrklBCOut8D
z+v6ajEJMhndPi@3KsIk%VvCj5U^RP5ZpbvtQIq*cEFj~mCT2)&OQ55pt}&o=UbHG8
zs<o>j*gC9E1=mid?_e^MjhSpfQ5GP*I~nhXwS=C@<lz<!p}_+|WZ^)2Yq3yru+V74
z?PmC#Vg{CKVMfR>H?KfLT}&%6dl!8>=WU!h%UaT!CyY&=ZUp;txk#qIfmu!NA-T%T
zK-J0fD>R*)T`)tDO(2N7%b~?Evg?IrIbSWXYQ<yJTsdQS7(QkXnHAw=99Bse#gnML
z0*%3eRYT-uW8nGXY;vW5@bE#+EjLUu3UppTZX7|z;uRjtPRRJ<Y$D&jOT(I*92D%0
zM=hj|g+s(_>eUGKR5I(aKtqX;26g6UsyEwO;{}>>awQ`=;Pj_So(n0DXsE~JV}=&4
z<?WlxBM<IH)Tq|4ku4p?R3e#Ur3&;yAyYG2$(%YC&uXxG>`)E4G*pOx=HPXuy1U6}
zv!%qwom(Ddg%&XqOg9Q_<zRS<dF0@6VZ_#H5oUMubvhak(NCtB*_v3Ofh=age!w!D
z$)y6Vgc1qZ2YQB`!B>42XO!b%zWRp?A!HI_+5;7F;zPM-*)=p7^c+K)IcVG<@N%7a
z)G6PXx&#RL#k)sfT{z=tm}@Mc#Kb)_q~svT9gxaI6uLgDlWoiD7a9}b>2!!q;c}wI
z!_kGbkcy6-VP#xkL2WhKT_G4F#>z9oHA2!Naqb2gxKRM34%T`-bZ?M4Foius3|7(5
z6`qZt1P(cKW5AAeA>F_V9i^Qjw<k&D7h0P+^~{PR6-yRfsEcCB%r8i4aO^_S0*zQ<
zdW;uS3Rq>L=Ei|ze^(9_Qm_Lmk4wO0Ns`ITW2yZth{cC1BY^1m8_nTjX1eHNG{-6d
z>nUbv%%sX5u!1u*WaJqz6JJ(rKrLwG@z|>xim`Q->#yz<W?(8Q*baA}bzm-e*>P{d
zdA7ob?72H=dYR_#oVm4AP#&#NeHV`l`#B2-xY}fHQ!*6OH44oaRstlDj^H`p6%mS!
zyBv;iNbQQY_LjO%QJXZfjkU|Y<z73hsuvOf(Plq)Z)f#{!?Wa4<~j3VK^fU;vnU8N
zt3XSoEgD(M@oq!DP@_#$xx+|Bw79^qj1Q7KZtSezLeU`W29RMz<x(9M3Ph0zt5^e~
zKx!fXI2<k$<HELW+4^ViDu%`0f5BDL=oK+VN)cdwAdh%x-E97uxE7kKaBj@thEVCb
zV)8Hr+0e0Z#a-?Y$>v?L+6Zg6P`{4F*LEaq9~wqUz}$(2;TtR5AQ2LV(j)1oI6lme
z1VuuG*CwzuUFGZ;8E+-P?&vg4!ZeM!)Fwh~Bgk}_M&JTMX(gadG&IJHy#dlHqCd;_
zZncAeYNU{-GRW5Vu28rSN`gE+iayb$1hfnZvF?}n@Ud`WZQ!GU`qiCv%PlqIwyk+7
zh>aRf8ALNlFjQEf8QDtH1^Tz#<b{Y6aqYrlT!jNyBI3z22xy~}Cb+dh9N_`Mg6pP@
zJNJ-<D6vfu+b6NSj(mT0R-Z(fgLOjl2-zk!7vfJ{OQ4oV|16~!4v7tZA?2L)6p=3M
z`uCHi%{G_p1{{N?(r;}f#;ILt7Nlo@_b*2@vXmh@wQZ|Am4;xuOhR=2QksKQU|CjM
z%+WO$%aBMR;d|_CspmWQ<WUq3MX<eedvRelrWwLCeTnEu{Rd~jlB#9}9Y^A)xpvk#
zmAnHIun>3^Hss#;KtX=fE}?UmpPSDdLBGt>)?&uUyb8W?Er`Sd51!jZCgQp#Y{vpk
zIma|)Is!J5<YDvh)JV)Iy_YOah76Bl@)-zOjcS&(7K)-;Ot8r;)%>czoT-Gc75y*J
z&J`&j4P62jMZ%$E1Ycnjh7xp5ByQ0qBkV8esRzjVrX(*^OmY<-VHS_I(P#3jP_S9d
zOPMXoX5v&L#8M}#*&Z_2pYt6FaaKWde_O0wTurjI-I+$!8)E5mT`Jk_i3r<sqzI4L
zRmy0Dna`|8zr2dY03ii^+)WukqkI_HK9#E<M~ebsvthsFo6AYD_H%gNjwimpszL}`
zZ49aumpVcuv1-_)CuJS>5yq01OKx)l^?8+o0h1?pz<TL5jD%iYX{G!5BkH<J6N$?B
zI!cC62P)a}-5*c7d<L6#K7M?;F?Y3m^UAF>G@{sA<7pMo;)_jdD$$b+;Vw)3;&Q?E
z_~@=-w?6;P>3wuKZKvdsH|sz-)TKwOt2+!brPjcBE#+2_Vx<cCNjH_tB^4DVW%A6K
zGOrN849r`cys45hX*pIUYmZl~uol|1+jq%iN%loFy-y*Y`6TPBv^r+mKN{tOk`2Pt
zKTE_S{z_-F%-D#+EmO9KUs`77y`vXOcX$4zM0V%ze!lQ3nb&zrIU7x175iAhVrM+z
zvNsj$vlD?ac!I2m#?$xgj5;gN&D`vc8>WE`((UXsp5V(|I=^J4eTb|@GfYiJhsfr#
zHn+GAK~aehL$w^NY~wzhU*c)Aerq1B;Hi{w0VQX4G0Qi#?`342vaDE37MVN5HeNC#
zbA+B26S<N7TrW{dOywn%$<oUvO>$5q(1ckAv}4;*S|QeAUX|Di$~n8jaO3#G>X}|r
zEuX7Pl_Gv1k=6)TQb4Q{hLzM6(zUR{vxpQ@8`af%stdoRb5T)IuuRLPR%YtCSEkD3
zWw=b4#~Ih9tSsbA4oK@5G1b*divs$hQ7dN}9I$1XjWq@bVkWWha=lXD)(~h6v?`tL
zb@c&PGvr{IjfjO;@J=@()z!SH8FFFijhN*MPo$R0WSU<ZC7wl7{jpkSN|AJK#r%aj
za~G>6`P@jwxe@jeY+d1ET6MMPJrBP~A5|<9+1nXhbGM~*z_*LxR|@7D<yG5RR~aS6
zD4D##nh&+FLQI^Vt#2;+PR3I`y|j#xqbbVqEnqvz*xoOQYF%s-2yzxxSq>XtHiY5q
z?@*H((796WjCU|pN@wckrAV0+8N_S`nqp2?EMr*-D_~!X($2zd36c72C$_NQO^mI~
zP-q6<G$+k)nWVbiYDtYz`g9DFMiSW>(z)wg&u?_FJZL!-ri@DRuDdDGsUIt(|Hz-Y
zm=_?W!2$_tG9XD8XSFa-i!T=UmyqVa5TplN7tnH0HIMQ`=FOeAU~W~_qN@3D?F<EG
zMXv%kDcE6DEzX*V!7wgYg?mFua`QDq4~7GQjyk2aW1&*D#0+L9c~(EHnyR^+!%b*4
z(Au$FS;Bt@t_XC5(8U7USqrX23-}jce+{8kD?63I>L^`N@;^xcc@wFr^z=YNOQ@xo
zVOmU~uk0~^iYn_ebgk<;gsqPyXq(A`c5Vd3P%|_3Oh0e3P^R`eVb<dYgO%CLot>mZ
z>t<vmV%gH7OtF}%mpS_Spl+!Bm{*WR>Q4$o|3(x}kifZx618a)TxLr@X0Av>w^t=g
zmf3ov(oHB<%t+8WfFVn0w2H0bi(fad#=>7bL7$r_zPWz0NFRJ9zF_KF4_Ux;uT|x_
z_G<zk4R&^P(g_e?7k+mJ+FLq;jVvuZnNmM&wjx5Xl&BJ8x|B!+9{leMb59y5554Oz
z-~Y(T|Mvb}{U?3qmCF+gzY*Sd^XDU9nfJ+O-gV2}za2bl->-lF$)_Iw;+*E~C*OC~
z9ao=JarfTO&UoO4$f-MK{7t_7@}?{9`TOtc?%%xeiKjoX|M_S8KXTU-uk60|SDP;U
zQuMt$zttDH^7XEN{P|(^Q*D=wJMF3H#BjKF+8eJ<owW5Qa;)ZGPSu*9ue<Em$t!yP
z>zB`;xU}(!@hksv?bOHn?wb6KH@<b(!swU2xBSV6?|tU{*MIOo|1bKRd8tdD3p_gY
z$=_a7`^($@XYNxotEJz4<eHD{`N<if#~!%rm2GFAv+K?a|LybNe{|Y6?z{Udcb`x?
z>5~(b?>%+OL%w}e?zrx%c;&mBdp~;HjL;8jE4sJeQ1{z)6R&t?+z;f(zcl;QU%#~F
z+B>fJ&|TXne&hKEzB>PjyNCbl;gi-ccwL%y{kKm3!t^h_>ks!%z5HVpwf&R67>#^(
z+$G@`UinC0Usovl!QaePuWgmO{`TVMCq_4XW89fPd}Y$VuGuy1)rX$CU0t<r$9w+o
z?)!(X`s6)_pPTV)SFqyg)Bk?euRg6dKXK@zq3^Z);v;ue8`2MM{^Q(xpQ!uBa~JIS
z{BLUecm48~L$5sftIPLk^@pE|Em-l%p8tL9?#rImE5<kcX~v23mFCI+{qR*&pIv&z
zgjN4tcfzbwPn~lAC*)HeKKHKPHFsVcmrs78`<|~pANs|+UjN;{eCgq*%1XZU*zMcC
zwP*MHYVW-0<5Rc!Yc9EO$NxsZzf<0H_lw)_eBj?t`Q!Ez|NZehjPn|Q{eRybc>F(4
zpZU!AO=tX8f6tWg|Jz&>xoO$u{Zqen@#R-edGuY+|7ZH-8)tn-ntaDsPTJUT<FuC_
zzj@Miy?+~b);}Mds9n0I>)<0j>NQs^ioSpE#J<?NGoSe9@8|q#%f(kded^CHc(y10
z+&!<q{?h%|*WbV6eZRi`_REHEe)7qyZ~W!gcRl!<CGCHEuI;Zq_x`eH%@4l$?8Li1
zymHa^nx39B^*7CDPX6wJ3r<{g*_Gq#e)Q61&#iv0=UXpbAFCR?Ut96%J426rU{m)G
zzV>+h+(m!vZU6khDL*^0amu~-oN+=)<;)4I@2~m(k4vZA_r1?uylu|-%kRA8*7TkS
zs~&yquA#3yRX*c8zgv6zgOM-K{9E|X|8eu>smV9?pYZL8C;!KX7rkr$wLK>#-@8Vd
z@UIs<@cGlOy!(&enRCa6C1-9w<;&MU{<*35|N2imUi$4-XFvDMlqVkl)hCw!@rl2_
zcIUIbu}x2Z=;vqL|M9gm?>X>?f!pH)jXS2laPg#1CN7_r{%Os`?n|bOdw2RP>Swg?
zbiMYgbYCd&X!MNrf1LcazdSy5Pv@rbtq<OL;(4K&J+~e_<FdzE8nxgv1F>ZnT>i`N
z{PyA}pX#3S-1#rp{AO{-cYg5gAAjZE-+k=S?=|jA-!=Dxf4lF#Pd)hkpU%DU&W>;1
zyv;XZ(PQ7gapInzm#z6-=L0=Yo#Vf<`_8*B2<<xI%-&0HniHSB`2H!|zJC2FKRWZd
z2^VjD>4XYqLpq*4TMpMpk7B*x5eL{YP{0(}vM!eROUg;XmiYZ8%zj|O5=v>eBRS?%
zILw;m*(7YiB@F}<R1?OAcw{7KZ_6-0&<=7*m3{`5`PSz7Ewpb>gs|nfJ|2y->iHg`
z#LCF_B0FKr<$c(4iCxa#?`sfGl^uP}c?&Ki1CAL|M}YN$1~_`7f%&`z9V`aq#kGvT
zx%GfR_BHltUcbiu`7(cbiuBsYzWTY_)6ZXjdwS<*Zco1#&<l7OzuRuOJ$>otIQ+|h
z+@9Y1pD2UR$X9Mp{~Yjpz$LgQKh2@(soT?s0G;CVv$(eTncLGZ0Zw|F!}4eN^{1ZU
z<(i(dKLgAtB-4$oezr&2&5cIC6br@j8#-*sOp=jvwz<EpR4jw7robqnjcLW)n1%<D
zS%fULXhs=WcnUXDt#4*JlEdg#*C(P{STmx7et9)>Boj+ls)OVem&+GY;uL*dMvs#k
zz{4-`2TLGWAzji3VGXXAMASlRg=xaBIPz*;_P#k8t%w?>D$f#iYUL6hbt<Wu1-Chw
zbz?r=FyapLOcanrZm3@_ZQ$FS!h2`UiBf(Mf0!q&j`fEO7WgjNSmNg%u6R6->=?08
zXi@@`iTNYtGJCqs3tPVwFt?G#T@e@2C<&h9&fSQJUDAjrDx&H-HEMSu9-u1`PE1Le
zpY$5T)Qk~9X{C4`EX(v_?2W+!q#|M;(SeN_q2Q4Yvn`d(Uvr~cvmT4%0T3R4Dm4Qd
zvo_8G7N+-Rw_IXII-sXZ%mAm**-16Qo}(^tU?O%t86M`NZ_eG&?4sgwBizV@cqEZO
z7D-mIIY{A9LZe;fsA{kW4$P)|Sgo#j1nRxTm5G|UlEh<byj%AR2NpKF8iglqQden`
zR%sGdmeoi+=16wU+Z|7Pu>46BRw+UnR+W^|y+pcP$9yJArMhSmb8V1&rQBI95gYhU
zrfNdd@MVth7lq8{Wmd<?ptpDmcXyV-pXZ9HJ$x@IqlVSC$^Y(9R97A2P9}c|8)kOL
ziH>+CEGIS@1sxZdOKs1Y+)ao_!gVJpt|H*67xOIE=D_!Yj<!}Ioi=wJbJ+1rr<grD
zJN-Ze(98$PLp?o7VytT7n~E_vIgwORRU{F4UgU`b&ZpX2<BmxK#(UK&F>RqXvAxK2
zjbG}t0(!&>@tACv+D$=uN_8;eeGoy;KDN7%WU76HR0^gF63=FO1nUrHNIYpMC~K%}
z=cbfJr8Dox)B)Nsq7`b5Rn)|Y(ul+})XcG^r<pqG7MxvrbU?%)?LPcc&=wmWXPH$o
z3u?H(ixP>&L(f{Qn?x3CFv`dH!-S4vf-_lS=_b@uL7B_DGyY|+{9R=2>e=&^G_i<=
zIrJK#X_3N0w&vDKxs^r+=0`z!5;HGnBbnvoQuYX$wOJ%~B6MeOSQ|Ywbw*R3+T1lu
zyzUd*U7T`HdM=tdJ93oq?8tGyKu7L-xt2n{NatAzZP}o8qrk$-%j8>D`I^F|N4J+F
zKA1G>Y>H;CN^+&WSy?GtD^nK9d68p9MnEVl$AZI@x#wQNaZ62VVaId$uF_6j%b%1k
zfRkA&56co^r+H)a#!ah&@B8R^tQ=O@OvK1&x0zV%uw=~OpuHF9n2>&X`JlP%l(Uo~
zYAHooZDQr;&rFlq6azV_Sd{!yabkw<=SgDLZI<a^SU6agRbCwUAqKgctd*Msjdk@G
zDeZxetPZvZ8cajVv`?vJIU0|V`H+Lg&bZuzB~+MFDoD~Wz#`MYGQuqkgcYf<=YWW@
zwQ@tCIoJ~H3^cINy8T!O;p$<fQoP-9*)X3%g}j+b^HBMHZd28%UqhxMp}hc>&7@kp
z!hHYAFPUgkmM$IEV?LYO9gXAv6jb!01yWZ$9+ep3?8^LklHRSYS0mOJl+ncvUc)w!
zq!M#$OqXYg6~y5)fi28%f-A!}WZ=HhSg0&j#&V33Ds30=XC7H=VmrjqxVfclO*_`U
zs*4>uhi+u2t0Xhh552ld#bPRjP-r8@8+S7QfVvB(fJ;NzPrN{yR<BwWXjkg%Is$%q
z1ucin`Ew={M92k-CkP?2EeaR5(%c=Y;JZV5Wh5TfD|KU#?LKEd61zGEw<z92MuLY2
zCXS9_`J>#)=Bdb59o=%}SbCP}Y+BZ)SPWfsC4g}~E=TLZLYuY~j>Xd|PsV>T>?+52
zP<;$cXywb9!=I-kYviQX(`yJjh#h<qLA@}H8@p?l*&vskt6O>|WFE8NSZSpTzH~==
z`oG<gz6hV20g-4FMj{z<Bm<Hj>Q)tI=s;!^_ME50Hr22qDg4MZ-Mqj~s7i)<`a|5y
zaa`_6g_03|6^aEbB716#oijy70sD_024SHJWk3z}af4Zx9Etbt`=&e0{cojLe3G-R
zg_We*O`$02yVpjT2N2^)UREdFAToL>+l!JT6v|UFbV-ZR$#6MtqFR?00T*-MhtH=1
zyJU1wS%)Q*LM2KxbmgGrI>duLI-tbjvF=nX%vUBe2UqH34{2v{-!xjY)(#k@>{ueK
ziH%&wB)&cF@3p?L1J2k<XTAJ?`$9M@VVW!9Fwg0bm)0`XYCag@cit>;HdrE2X(gIa
zyPb4cmwiBynZ6UETuwMETwj3#lob!<&@Iyw<j?flE_G$))nce&3?#ZViFV5QR;9%D
z=J^`IFVCN+82sC!1qxUHOYob0vO6ieP|7UTn@oXl1KPXK{vMMW+u9nN0}4wWSiX9N
z_&wjgP`A9JS*dRd)UT8p>YG;b-wpf%=T>#K$u7x{@v3AwYZT_7v+RT^#+F4E{xId;
zGBo_oqq^AnSa3$e5DZpbVb#rJyJ(T%OHZuAYS-0(*b_EbB(N)G*lNODWwG#d4I1pA
zEU}`SJLNgrsjY8oZ*U(tW(z1=#~cIcXhMt8^1^13;cSmT*qeoU_y}-zRI86Ch1D@a
z408v@=R?S==G7+>*1?N`<Fs+FkHWsaPMh}Y*3rg&n`7VJi=KH4>MX6!o>;PC{=wFc
zxk}Yy^K{IJ`D_}R_H3!@Ji8^w#=!?(ydymfC<Al?8vc4m`ZItQKngH>{P)tY0nP(N
z01an-FZ~%n3m^qJ?cDFB6~GKY0PxZ?sPo%9(y!t3Ong2E_`tL11D{jynRnFAV*zqH
zOf%TrRTT(SEitoG+F%_-qm<(pyqE}gOU4pwrdaY(wZ!C1gJs(WR&~r%0`q-J6?ora
zEM|EFF(Y_Ehu&c<G1r9Pimr7uKp2|Vjs?oX_E4;EUI3%C4r5dl=+7J5=+8fD^vN=&
z?UPP6AD7CK64cqA+%kzHYTq=CO;>SwnFLz<+0$pP8$3>-suHOyG2JC{j$k^$-b<*$
zn7Sf`-pG=ZnBq#tBv%?XH-@<FPSGjZXPWV>x(^1wk1xMI_lYPzt6`s9UF|d1Tc5qw
zR##hGwj*>)vy#AlCMCY|oDKOLM536F8&!1Cmz`Da<6Q79%f7=%a?&9QA6|joYdMD0
zt|Xi+^N1Z%v(`1nB2=L(lrgGUOM;?BZ2tN@+Hmyl%WBSjGpl9mc46zvK9UpG)fz1t
zHHEuf?ZG0-{kGCX68^kq43=5aq_8X~`zIaux*o<9tS_nuDe_3-FRiXtU}ibSyF)dq
zt2>xy(k?328RUL-!mcgN^&G&44KsaiL};wtxcD}1#5D&(zOr1+eOUI!%fyJLrgbML
zQvA<ssZll9nnohBBA#3WH^bibF3<-3jex*%=3$o=cv`}olo^vj_L;Fj`Yt9yp{B_A
z<FnmVPC0p6Etjr~<NjO^{JcbC6h^>i8B~HflQgEIXoI0V7b|i!=gA;X9(Yj59JN7s
z0zsjgF60;bn#pnN3y?o2^{tMHL~=WE)H$#CY-STHqleL$NF$p>-rO;(+8A4PZKP=i
zdetsGDGN<VvHp!@PL9TW9F@5^O7n0O>B&EMBcO;2Ia`f6QY75AC63jY!W7;^oJ&7A
zCH>fhV3gE>w;Gt~bJ_sj9b`5%Qg+!Doy<7aDL+bUX2G?xz?>YJ{AQzCc*V^9mo-_B
zrLlao;z;Ir7H7R?M5f+92Hub2>gY*M#x(8<U8zPZC@>Y(VyX2N>z6E27A>fVCydH2
zEmrAemntGlQxVSr>GrKWkL~nIn(i=urJC}i>066?cF!COufpOMdgpr{Vc|pS@>N$+
z&c2^*rYQb8-SjR?%jmTUX2ynD-f<4HnE{lb<LwN?OkSm(2=N@U#7}GS>na?9h_xkb
zJtIIB0;pTcPVO+HMEFI$Rm&wjrr86Lkq44-cE~uU0}E9Nhc(MG<L;g#7Rvk$%SS2o
zIou*&S;kSA(&TfrZux9s<CH2b9renEf%Y=uk@ZVnRx4MXH+L@Oe^}R+;!@STtSRDf
zKAGq0%kV*KCZ7Wd&wOG(izqY7s?@i&c60_?gPlIvy;tG$n%`Eny3Wq_;PTa-0fp)+
ztJ;HY?ZM8A=2_D-mwxebbKPDoukZF^k3?H#=$)JnuCt0G2!H`~bF|z&-dQ6&!a!yF
z%CQrw%u7<$LZZoDv_}|&1-kQ;szr9ac1+=9BrrlMmgJ&B?^tX-CnabYF%Juo>KMJT
zGkEB3NmnSM2z@4Y=|(_kgW9bJyy#rekqE_tD`^1dcci+|YuD(r`OWKnuHw#=SLnE%
zL3=I30+Wn5F2+=&(tMyl)fLsk8QJ$YzIbPP>R;|m{|7$*1UPf<o#_h!K0qVj5x~T%
zJJV0#^B|xP-@gek0AB>GoOfsX6M#;@0N~68s1NV~8UgnL4ghum_5#)}yfgg;Km>3d
zVC^#e21EeY0ct*cXL=o=0nh_jdp_<1B7o}vhX9M}?o5vd%mO?EIAi&p>F4oz5<btY
zNB;mHpb=2B672yR06l<b0B1C#JU&mt=WT6wre6ST1MC5;U4{Mt5x{kTLx4peL4SZ*
zfHT*ieSi<p2v~a&$^#;R>i~xUi!Mfaz%0ORfENJU0DAyaF1<6o0&p5&G2k}93xI8a
zJ%BS6v=8tB8Uc?0CSC^q<MSY32;Uz9+yvMG=<C6F01Utv0dxB9Om_no0M-E3_5(ja
z1aKW-Z4AEw5x{kTLk93o0bjr@z|cmt54Z`i19025zz?tuum|v_MCIpG9=;WjpSQq_
zS$0tBN~DRU640KJ6_%e{T)PTKjDL}B>KrltMYgMR#P}cmwoY;2zhI2xzi^D>zvy`4
zf6N55t^^5-!_mMxj?~+Un7MB&YO3B=)XaNZQ8WLzQZoulY;jSKM%8&H0W7Y}@n^Un
zfw#nlZ0;D*bZ-X5MXnCt43djnXTBLEkE&ul3gn4q2d4r@Knc<D*6@9ih5GXUKPZ#Y
zCb!r%$!ODC>}q7R>3!>ThzI6Hpg;;5RF>-F=bnhuCW2zeHK2{P*c78;Mcm4}(8gMD
zDklNO9i3We5x_EVgOqX1PIOC-jqqkw#t4j!pk_|2i&|LbTe`B{dT7lO81Z<-SP4YE
zb9AK57cCsywrv{|dt%$R?TKyMPRF)wPi#!=%+0*N@80j9XLYZqs;kbaU2FB;b?Tf+
z0%CeG{6c<Vtw<gn?~o=m*V88`OYS$O+NP5N7cWW!XYAh+IYdv&lo7Lt;j=-|@0aLE
zmq%m#9Y#anRX@AJdZCn=^+TwC-qzHlRK&kfyUr2ke`d}gG$qo|nqJ(}@JugWWa|R-
zzpLmrjn~-buyotJT#lD-ZcqTikU`<m`_*V!#qHpl7P!Y$f_k;9GFg;fvXFg}Di&3P
zsM`Hz@Lq-eFw~nbSuIt66q3ZA3WL{8E(rhay8nPBd%|Oyz2cU*D3!HZAFaJT%yIVE
zNN|-yL#r#-nur}*NHf(rS}{IWmH009T9aHL#%}C@ZT}sqd$$~(t3i@T7i@w{OYPjs
zf1ttX##PA`&hxxyKcn<nFnJ(Vp&vC|1If?_Hv&83>`0G3*>l`C*Tc|&N2R9I=v?@A
zCRdKqSt-Lm?}6#Pn@$j1YD4X1<*iUK>Q72cO6H0vI%JwFnLp(6#8-h})12ORG)4*n
zLcg-d8(rtpmTJePPql|yp}B2D1P*<SWo~djnKpZLVA6(j#|_OCrm!_ZvHEBbKTEQ@
zT_{)e?gb&Q!`UBkKYIdDz{8r!4UQ8zNXfKNXjEH2q+4Mslx68YqI;(Y))_gb{b>3t
zin666ANNv^;YtN;%Rjxon;E4x`C<8CmGL`eDmh15U@QfNT&yt!`DvLz-?}#0M7k;N
z=fOkDi^=+OkywZXssIn|f_pK%=}D8v?P#u`n*HlWir2KLBBH48irnbSh88K>Rl#V5
z*L#}h*3<$=`v|H{DdfkQtObwf<nIgJDKFp*qmt^dS6tN7f<HRVm(f~0_GUwJNdi-<
z8;&87!eMOD#dxzBv#Ka~`Og6AbkyJ=*y!@E=}xCG3CUDnFwt6`SP_zaXkW16g7CBe
zRymv828Bds^h+nU6xvs-5_K(SMKHl?))Z0DE-!&2qf$QD;Y4{-Z&b5NbHR!G>uQ^I
z)hpK+dRIQx7Sg#fyGG-&HA6e;LYZ1u{u#|AUExV8Bf;AY)i&NtfQ@T2mk}u&mOQpf
zQtm8?W1y1k50mVuM2}wJ$)U$_Tpi20>yN!Y3H9bEr;>*j2-*t2;0&INO)C4fQ!8Th
zq9nwvn#5NiiVJ~GaQBug@srt@TCoXI_V#8uODGqYmR4OCwAYzXrJO2Jnid23<AcUm
zEGg<eGjR_Nqdrfu?epWGF01pJt6GGo4wQiayFibHq=OY!mPaFqwf@AhUooa^Fel}T
zx<@2_4;mW2=5Vz9y~N6SF0e{i%8-W(85mxs$53gh%X2_HboE7}N9Q_Y(Z1M|<hnfS
zO+|dV5=4BY``+J7!mVgUk^QN&^Ig?V>zpbs<<lnqU6BUa?HbNfaXtU96`&*G^^7lL
z7VPW}Z{1t~R#L#Et222~N3BaKQBhk_7-D6p7ERW@q)7$pr)7k^&wWaAN=l5Zy(h`z
zisaI!JH>rF(a|XV0Wt0q6AFLmXs*+(S!8o9t;-L{uOed;^e=~K`2=hJ+^_}$)4Nyt
z*f(E1p}aiW$Ghkm=J1_?q-l``g9R97T!yTKVo+AIV{I<}jWHy1p3ds(sj8zX2}3!d
z2fimd>tpW&<FDI6A*bC$<9yc5$xVo|QPFiZ)0|6ePC|d8<W~BIJ+&9loZ9>#?o6*=
zoHv!bJ!!K)TIggKf!&qaoJRRau}<RM@;v|in&tBk%^eJeYIG*<rU>w~z#s3{)o$?C
z+V1Eeor^byi8me26`4F8qCb`Okp1dNzwS7|@n5}Vwy~+I8W!KW#JiZ?km1Lm_12l(
zexp|&Qdn|)(Q;GhfA7)V4=*8(Gad?JZLvO_hUYmLz<65cbEvF0{;OFo*?_OU-MWIQ
zYTP4ZO~I?^)-qvp=yNseHe7$_Lar@eb9_C0Srkk-adAo^!MOjhV_ZVr*-LuH6ve{7
zRrM66Lt^V@PH>$@9V?5=Y^$z|e{;Q}8hn_FziK{v7W>2ZU!+)jeJ%g@O@b#cfh;LF
zL&#@-9P0a~#ksswQsuY%88(Y~jG8dQqs4y7DGSXxevl!F@DhvqKX}tIO(Oh%swDEs
zz%X(vNno)#r85q$_y<(0)vFTdh^PCX)+x$Z$r;sAGi1j~XaHpEj!V>Wj}d_vX6`S6
z`j-!;xBIGozX>pBASQB%IU;d-NK-C_7xpK``<c}+yi0@^atuk+Q3jb$o<O?oR4{QU
ztZ(m=4J+f71J(np6Jt1<WT*I~lRd1T=^AovQL0_DB@Pa-1WI^u&K-?$-7^fir^mC!
z6N_r-Y5}I*e8xoKxzV2c&Pi#WtEC(VKO?%2)c1Q>S))dxIU-bHGU~BcUo(@(vd6#6
z_d1&CU;?Im=e>_j*iM<(yVDbmE2eaptY2>vUGBGwr)(pN-`*j~r+>bTuW@u{<~$K0
zhOFHpGrMJrL_ax?ZwA((q<Nn<)8ph=(&#-6?L>%Dg1>K@v*KB9jng2WwAOSl#`-wQ
zS|;(+LKv3zoZ-*E0C~3C*>Rt_WW?fjzfB)mnN`8GPC{Ul*1oZn`J726JU@VJ_jeT?
zR@!<Jlm+643h}E69Il<*I%$7)FRbs2S`H)9@{O<}B%9EfSt#`H;4-Z^?z&hA)!O3l
zghixHv~LgcGCQLv$jVW?>a;4M*!byTS={u|NY!25YL3HKC(l+MC&}ovBlG*%7AJ*v
zDrqhG#HdE&J8b0zSR@r<){Ng?Ckn$yqOQm-tvB51rA!4M%V~WgyXuy3t+laaM_+h_
zo;C}!sR}_O#H*^-@KI(<hKo-pX>?&@NefRO?=y5#>op`<U&MvFkeKz@@AOaX%of=m
zW@ovybIMY`q*SG5@W;E~%wuf(wBB<V=DsE6ne?ZIlqP!iAL_ytbl;>Kb0#2AINI=g
zk!E^dYcL{BsRtN`Fw^N!5i(vT7|A&9>25^Byt-8lN9J6#c;vK>Yqv<$4tE^Dcn_DC
zEKZx?Nf@DYP64RL!VBf6c=A-&)r~OkrAeF^&}$8+!UMDusPCaBqMu79kyC7;R8+<i
zxOhDycTkKUDj&=wQhJ|_S@b15$+qypQhgDO$F(L|r<^CF8g-0&>RE$F$w;aUk@4AZ
zZ+9lAnLM`(1SiK_AW<*F<K}ul#LbAPNRy-$akSM}X(K&VqjimayYc3Q`5W4Pl2Iyo
z*?*zn^vrcaOVg~(>A>QmU&>LZyBvq}j%?1K%@?4`AKE`qAxJqN5t|XFjp(f?Fu69U
zvvh+>brpo^^%z7X4v7PTBeD;f@~<u%x1L&)fA4bW>n1#EA?~uhZ5c2NUzikqG<z>o
zc^5?4&U;|9rRo~umzRnbUA&=(X8kNB3Mnekh$}NWrrV2`^>WQ`mO9cI4+Xj<ps(P=
zaS1UwwrJrU(4C1itvUt&E~$6xm%FMRnQ*2|isMpCwSU8;Z>L`t#bRpOVr5cSX>juR
zc4)=JKI2AnS|Ycf>KSQIjZZuJ^NJSG&Adk+>D=>*NKwLY6L>|Pt}TDvmsrA!Pj8wV
zmn-twez7J9h@&8^A*d-IPk5%)Vp5@FzRXFr;jE0k<WgF$25*6t9-~LE)>4~*nVM;c
zP|II_^DtsEPa1U@qI`G0tV}sNZVBB`ddBvC;xRSV%nEw~O!dr^40-N5RAlvs#@^4o
zWu4XL`7Y(fM8bk@5Y^P0f!H(8ik%EwvCQamwBfBdsg147w6pMzAr!4|5lgSj6!QR(
z*hmdyDW4C;m&>EzVSKa|>)7rOh1QT{T}_Ji7$_sUe_yBP;=85}e+TZ->AdGoGW?-4
z?9n<c$3?nOsfD;yAH#D+<N)o0#anJEdpv0o%?Mm*pjbQYs$6*AI!c7FGg;V<3^bu4
z&ay7JW^_bvO$ApMag)fv9*-z)K@e7Bz?>+Iw$hdIdQE8;j|!-HTy)y=m_&I_N1r%!
zyTUbVIhcWT=REIl2cu3eY=BGN;^+P|nIN)@m-R6<&RpzSWrhf@uS#LwlD0jXV3U3#
zHuL6OXJ}>@J)j3%tMMxEnp|bhA?$`A;>UJsZ>HAjne5e*YW9}CSOn$NShyOQQ<>Na
zSy4>Z8HbVw{OgrPLJ*K2rxKQBnfo#ml6KsH+DA*)l+KwTuytz^qr0`WTOK896DH5-
zYD=aeQ%bhrVkN#e-{7{Ir0X(g@dVJ1O8%Jjng6{NEqISN?YMtmgq_!F?h`xv(v&_|
zAl|8N$?V>uALeC$_VfVU$Iz$O*X{fVw;r}0)8V-5>VHJm;Ar9M>;gC^APzX!aw}J$
z$kO}G(<e7%)?Dkh6TbH!0p<KYlC+1kf!Km6Z+GziA7}MACQ0taI{No|wRSuA3xo)y
z4MD*fdII!6hRPuFiZpR>Pv%p5CG7c+Bj%Ul9s$D#5cDbBJUuW1aRL(nP0hEIbppcz
zSp%^vCPT6Tc>&D=&74ZSzwkll=|k{Aw}IE=&S7rmeo^!R`5@1w_1OmizmOPEMST6&
zeW`d(;6L`vUC;js{e#i~sNM;w_uCNQzBJAv!9Mzc?SKM#8+k#ne@s-t8Gi%x-x%h0
z{Vza10pfk60TFo{xqcvdkigbqeT4rJ*_kpSK?7g|_}!fvEc<^B`!W4!K{y9=3cLl&
z1+)gf28;Cu_XqeNAJ*^${R8O&0s*A_<?HPQzRT8U)Hk=PK;VFC0GWS$@xNZxUEq)Z
z%_!R*M6eH}52vrYwb1{+m6&UtBiN<rL+G2ZFA~T{WddruYPmZ5A2FY`8T8l*y&XD{
zdg+4y17d({fM{^!w)Ed{=GQ=i{{#qwqwY4uQ!qH79v{IGNC#L0&ivzVEx`il0SEyY
z<7z9H05Ki>g=JUjKSxjtg7^cK0b_s?ctRaC;~soxNeM`K`TC#R2$}9FHy7)6?|uK@
zaQQceV}$?Q?r<z0DA)&S0e1Np{ai5c?Zt;sz<x9M?LW1k=Xbuqzee>>mSeF00Ptsw
zweP025AoZlzAs;L|E<@=cQVfZG={kwp}&Mb1Pw5DTTbQ)|1;_;Z%*L9ep5YHXMiun
zgWy@qmugSs53qkrrTi821pIH(cA#BAYY=OoSYG%a;NQ-N_b~a0eHen~UHDIbIo9P}
zxB&VGuI`)71cCq7soYcW`adXgo9}TN0Ov#gf!mEnypj}*n@#$&PI)8gk7@wa1C{Rd
z6#D?vXBjXYAOVCbGbbp32+|XMBM)K+d<kLm=SuQ_xaV?SiG2wDC&D-|?gANL8Za7&
zP)~qzfZBmCB?Alo0R1-6jQkw*AFhb|3fp-X4uAnb&XsP({{y(b9*7T6E07!LOttub
zqD<Sf&jaE=Je6z4e*HJ~Z#X{Y|8pEIDDT25C=W0pC>{u%R^Zq75B=ZWP~Ye%@jrnn
zzZCoGKl8pLiX`>nEr5oATWfX_{DA+7E%i?W_-Bkj{}d&2J(!RGD_8jg`@Qf%wb3_{
zeq#1<^f?DK)13b&3^{l76aEKIzrLwl{4@1GuL3>-An9vSPk%g-9I}9Y{!@!^m3SAP
zzfJCe)o3U90CE8lfbck+z&~@h{o(6V3hbLjEC>YpN31WoCZ6y=hZbD87ynN?Du0E0
z`45?;TLE_gi$GDp-};gt#??Q43AE?`bFmBR$iY1p;<tK~p%2sx^iN}(TXpz*(e{nw
zwr90y!GCVgKi)k3Z$Hlc&brJ0<SS`txAoKo6gJVQ-eWX{Kv>H2u5IJQW!w^ZK{9){
z^!S>F^;nU6pPdL}IMvhR%qq`+A9@T!1UI<eGGPa7@xh|)2~mxPLW;RnPdM)N-}0>$
zZ(lIgijkz65?-**!oevy)7$jMbYYG_K8--Wi80=xQQE7b4+}Zjqd1B=wK))<<v^ZY
zDM|Td3BUc|!=7)yY{@O7;%`Vs(d+H8YA75!1^!)Lh@FiqgmOkMy{tpA@Yr3UK`5!y
z6x(~=X521()1oo6b1*+2!u=fqsG+$v@*D_~jsi?xUJ#A}WnmM9c5*AFDa_>GLk$*v
z&GSToFo9d>o^h8}hIRq0HYz%~X{i%=8BlIqSTcqX&O@Q~|9_d#o2q{Hb<cN#0b|On
z2ccVqi%%HTqlQ`LKzX}-&bWW1uKbnAU2)zh&%v0OWcwQrChobfxfZXVO#4SF6yV3X
zQNnTr6qJsDq>&dnzVkQ~EmiKQd$U(nIbYAk8dQ09Yj`;y%=tz$GjY|Zr2f3j8S{er
zgPU4Pg^;#z1d!?T%3`busHtCrdJ@K{6K7>IS~tF+k#wYP$JSmDGnEQBG?kksjbvXs
zW`WW37YvGnj&6@}SwK4+>}d3)f&*7<)hdtlV8iJZE8gfMxOb6IpQCU4iUm@=Nj0j&
zPCA7FaCCGbXA(vhTK%CNPtbSfc5gKs=jyi~q104f-pxedV)peI#rdc7D?w;zz2ljA
zAq{2#47~Wl-&WL;Li3xR;NR^;>i)GmL;r3k*ZqMO4Xs_r1Z})EMualbmLfzJ?Z_G|
zN%dqCjvUW4qHacF7|l2>I)J606%oSR!-WcM?C+Y(`J{g0`TstM_43TRCiDe+8B^A^
z0=<a|Lf#eWKiuUJeljz>i`l0fOZ1-7FMOP0cC%*^eipWh-WU1n)XW(V=Y{&t;_@2)
z{t!`oSaBhE7!}R00{RlO7s)o~-<iXeu0+0&Z1z}qyuK(T3`1T}d^l(rl9LG5@-d0V
zz?WT|!R5_#GZ9gKFnb;wqw>1<HZei##ui{<iQK_!b@o05nqjVLhDl;xNnQzuC_Qyu
z2`|UurK#HSnN1p$#pW$t85`r8N%AF=x19z+OTjH<pndddkBa8SMdV(*)*J}@-INHN
zIOrCQ-H^Psd0I(<1MDlz7RhYfeqYxuzVZ-17LN!q;v6|<bg4-V#KMn5bHq>ABb$_a
zKTT4;MEFWjbmnut&tl>leKx37q%2#5pP`wwxkf7Q<@N@I&efw?jsBoQ)(}hQ9XpbE
z{?^s@vaX3qRnRj3XgCVyTGja;H5mEpJPt4$`|~aLHGDs7GK@!i)(*U19T=bF&VAZ2
z-w|8|wxayJy?VTr8%PU&HQUi|6;gO>yc@HiaI+M~x-;ED89yE4j%^rOb#3lZwA3}l
zy-cAC7CH;!o^H)DyX9_JBne{p%z46gTVR~<2JY&JV)WnY*t0l_-Pq@)iEZIbpVlCT
zdM`ueES9*BTqKUq?WQ||#%33`{>DOo|F!%f7D}Z>5Eo6Hz{}zkskajwoo$5K0uC!K
z{8PfdvXi$`JW}Lzhpr>?wElzB@ibB(VZS`g?(&6Ig4@Mj*;MJFz(M9H>jZ!?YQn>@
z6t$x|6WW=gqX_2gi*}a&?nYc(xz=o-E9I!8I^Tde5M(54f{mUT%Zoosp)S_D9FO~G
zG^;Tl?A2hOI0cy5LpV>S9g-_;Fup+_=v{;F6n??<wkSdR8s+7^$D($?E95**ZAw6K
z+ls&jXXbrF5Bgk|zMe%i^~og_m_^BZ_ES&f0MWx#fPcXZ7*SMqA);JenYaxpctkCf
z=EGJ@ip;Z1PL=Xv(HU=7vvjIiF!@1_rLaDG_8c~-WG|`S!6q_qgzVbw<5sh^ienFR
z);44pN>x8)-}w8JxLZE6^J}YJW~HoHpr<0`6~vo8^*pW06fU8Q_yYV%K#}@l`w7=t
z2ea6YrWEMPkKIhtP?|}Z4UYY<7AbO#RK&Ot9N!tdu2k=Lehm^IGd4X<>USOZHx`%|
z4d<TBsmZSO%M0vJGfbp#liyGg&%S5at+L7R=%T_XM<pW$!ZD$5s+xvH<#W8myh+5<
zbCag}g);Z5>a2PTu9|y?iaD|~6HfnvNzmogQPPpE$T|a-Rco?4SI@2P$@M2iLAB^A
zhgEj?LMZBY6pVRFMJtLxIdmv`)FKSPg7bk-4wdwyb`EHtiCADK`TT$0;U_a>QClal
z1P0Sb_pn=)&+b%RC=_j1HKiN>@F~!svok<LTOPt9y~1lOwkl3!UN_%f_4TXISBZKd
z{?fH-Y^t83>vp`;=4`<h0Wj2xnS3eL8R2J>Vq;LYvX<W&bv^%RtT^K(2zFjVt<#k&
z|3UBUA~mdqM>LwhHsYp2p{Im2yV4D!JU1P4z>f`pJrytR&@zo!j9jU~l9_$Ny6Q2j
z(H>r?Wr!;?N^rtCHbshW$1V~?k<-<kRsvuj$5bjdNgJqul}NBR4i5%%8-yscP3V$<
zxk-E=e?8fn;$x=|)AHSn#gg;J9-pVWv(dWd<XrV1Rq=vKJ3ENwv#y~iq_)=B*?LHf
z+-bm)CPk(u3z3ZRp#F|h<=COAI6bk!N-%*+Z7&%V8<s7rMhn(qqHQd)Pz?YSkgD3)
zJmDuGpD#Nco46ZJc8sxC?%WmgHpwDKd+V~{ASOXSwIBnPA>h&@*SD!CV2H~;&re1h
zjNBq;EHm>jO%tN{NO*~p@N;9OYRAWhxZU5RKgJu(Yf~y$ZEW&vrq<~dG_|mU@t$97
z;D)5*Plj`!w^S*z7kg_nK0L3CQGCYeg%2$Tnwi9o@gUQ2!(1HFr^ObrYl*pzW=~Q=
zj_M0`mmK6xr_8Ggx34sj+*kiDu8+nZ#l@{{1`xxrH`?YKM=om=bj`b$W7~<*$lX9G
z0~>mwX5Y6KmE)&4MCUljAs~BNha9AfaKUZ52XPj$oE}M3zwBgl#r`lG%1sK>L6@RB
z8FLlWE!Mz);v}#3K7<o4P#_~&?HIc&hZiSk;8p!mK4)(iI($n5l3|=#<}qwh?3l+X
zw|$5S7Z%DrP`@`Hsl<Fr$$&tL3vr*dd@DPT0mpf-moTxV-Kc%WJfSE@*l=at$kYn2
z17|j^7&&1xAE|IS%)l@zrVu-V@r03S9F4)PYS2?(lykklwz9H@r%>JJxLcGHxDsoi
zUA2I6dRlG`M};5wv!u3%pm$?~S9%>vtLFAWk^CoQ3l*8pe$Wzz@@9wjnJ@&pO~k#a
z+I<R7Q=LJ_a!8#(aaH52q87Arx?DNLO|`<Cvzd0`WPB}PV|h6_{Q~vVOw3%I45d1r
z9OGK{JIX}424XH2Yw=4V$ei!(#o=9t%)Y5d#uXpGN*hE>80sRarqroM=Nxr?w!^-L
zk#uw2y@F5qDT8{phebLjH)|fTY${8&It~x7q36gXWPgltW)fw7bDghq{RHuxjvnQH
zjv3Ev)n0g1ysi}0y4uQ2E$SCcfkyg}*RgDZ&s9-kg9=+FQ(}7qFVEQ+`)TR^T`{dl
z)F0~cr0v0i5M{(@4KH2kKILE2?S}<GeFS-(#(4`HD^fg@+R0m`EwH$?Nqi0y>53l|
z!~s&fyFe6u2}aJ*q+EBdlf39zS|?7&-8^^^bJ}TLO!%5%+!EsIF?jeHx`%|x0=HD4
z*0ImBpVD0-&oD=*8ZS=J;j`LwCX1J6mr%niWb7jJIpYMq3XSS538yA#7m*SW`~+c4
zqf0p{In-K2aVjzUX-j_73gtCZB^np0GC3frawz2SS<L{Z_0zX2yX;H^04o97cYU;F
zp=vnI?8)VbsB9IIfiX8u+CB9)dFWx1NUAyZ@V`{|nrE?;?QQF0uT!I%cz~f!L-UA)
z2g8)K({*fZI|}(3Eio#qG-CnN@U{U$g^BL$!)i?}3Ie+cJx-^CesW^>GSYY*Z2{KA
zS=gfLLt%}eWs_$by-0POhFU80$&Ti7=_gkHJ@BR!7V5%ZMH4*i6|RUh4~N*j21b<R
z!cw}br<n(ibR)2oGKY5X>Fp+sT0e_BzQc$iI@=r(?>jm+ib0-ysgT35$NNhNo;vH~
z@l^&Qz<h`Z;RwE#i*#yRRxPAl#rW0<SuzU@6(Toq`^1i!@wAmg;<lGqPWqf9tMF^e
zT<BLw-HTDI5?@Q2C8lB%>Wz}u9Gd7H#+&KU?DU5R6Y5N@*H|QoU422|mf(1W%6e*=
zi&+26t6tTnN`!O4R?P>eJQbxeWLIBj+jim_L&E}&kbK+D3k^XR=yg0hzb?Bds>+5_
zRWwt;{1z5$=%(#lG%3a#`IH^e#?EEN|72#1By%4X_~Nl-FRd7+XA5uTEG=n>PI+;9
z4}sQ^VY08Yzs!HCgtp%e)H)RID=^wUo-PPqOV^%8xX%2sfmzV(rE9i<UWhcX)&-0L
zB|^=ls*8yjreJibx&EL&QeDq+Qq0%CA~ek3qdE-JJ0=TL64yb1SqH{>cxh0|lsIO=
zst5UstF9MPs(<-~HVR@`(=MJ^NFZgnAcmI1zg#W4&m7qhZf-0@`(c+;2gXwxPRxgO
z|BDHDZJ@S4C@zV;uNrQ%CwYsZJ2_GjEu7zicfB-h9I|MMot=iZE|qr^XQR^8OsVf@
zCEls(IIT*OMw}}**{BLT$zWx?NJDhwZE}C=6;vvpe~W~%oLAOk_VQ@H%AtmiE}<G~
zEs>0we-|dR&G8TY@-wY82n@uDi|V>ia@!DLHy;HmOq2<)END|C!v3xC1<$U+g}Uc9
z$wFkiJtwLni%LSHfQaD0(*k@N&j?xZvg;*%fg3qxHyK%|XR(|0J%$6rzfOl5q8b>=
z!=b;d-8{>AIhMCpb?+Ifs(gGjcKgG!?^mi8>v;k4GcXIL$g$&City|<@zaCHv=Hps
z(!vyQ>ppzC2w{ba_<ze>R3YwFx49+gUANa2S1Z}T&a*ByK&55!O+EAZwQ~}bjVjPL
z8`5oz$rtfU*Ie5fI8M8i9Zme7V89lAkwgZntxqNn4fk9&M&P3mz#e^mN;AY5|6I!N
zX>!)AxWZK6l%~OU<xjWqW;ALxz^^NG#egFsbz!$sQ4i~IVWTJW$tgt`Gjk@@KG9&n
zsT0t?9@!Y2CvLo|=R~z$7)%_5WhNIo59~J9KMBpal%k^m7Dm5QM{}$UvFo6~c%BCl
z)Fn02ZAd2-#-<CIq8+jLV)az$un25C$yVhpJzv67H2Ta}rW9T6lDo(U_nTK^z|k@Q
z<(d`Ec!+6_z1xirmVT$CUsWQh#g%3wkl*#9Lt$??mQapYGl}9UplDz5dB@Z=l$nj8
zOX5=8f||VBAepCH3HDepFiX3fbULtEoi0l{7`Wa%(NdX7{m!qGfK6eoESE@GLAJl^
zQ&BIlWam~W$)|Q@oY;@Um}IVg?4CLmpSTzb#4_`nWDHis%Q*FojJxR7BX)(J6>Ukf
z;!2|W`qai+k>Rphdk2qda!v=nnk_mKDtg~lp*U?A^#ce~CqlSHcSMC2)>RB55ZVKE
z{y}sM>X}6>ZJuBXjU#JJX%B$JW3O->H4K?8rs<8%pVFZNP3L#yQz~|PRCO!Vg4YoA
zt?tW(t78|{EUaf#m7=>9jjocychT<fFbs9(Y^R#GA)Ne(Y`PxDW^;40m7pA1`=zqx
zr;CX}&g4RrdkITUjheD)<)mH-d5}G?CeKBuKAj{3DLjr<gRd2>pQ(SWgBv*-JjDp$
zrpv%9)M2o*`vcX(8^ycHipy3rBWu+4Zs@c`s9%=axB=doZ8>gcYnQo2B3Wmn9eB|N
zIr~|)j%G(+e-;lK;X^m}BLt+%2DYL_Eq7ez_&g7jqq{<(8XT_>;6AOIwv(#{^E*+q
z4UM<x_~QvY&ZEBSTozH!CV81^DsRf`b*=R_JR{@xtozAmU#!ta1fwGl;^kEGwz>=;
zN%qvf_!Sh6lJ@e<j%T#RAy-(>=s*lCnM$5afh7VPouvzRR%iwa#$4R0v6`Y)>YAfK
z=h+Fo+-!n0MrL{jb$o)+WvXY~32Ce-?Onu|=Jz&wLa9@Ae*IlQ9Y)Lqzm$cx7U=%r
zg*jWFN)v+)v_D6UT>`^fdiJwMLuhgf-dm6fIHWOcA3n1AqUFWXCf5^O9``5Odu{j(
z^SuZq`cWc6+fD6n-Q9S+J7?V$RkbANv^LVBigh12R&3dg)NP_|*&u_;V;^bH=Gx<>
z(dvdsQ_|Hjyc%RnlR#kJVR=}<Mo8l+TU?}@->jF5rwaCwb-BIPnX^Mk&h9ss+)F?{
z)=pcVvh|wche%!WbhW0XJga!(Dfbz)E%9HK3Gn=+U0p%*+*YcL(|CAv)H3nOHc!>c
zu?bAgOvVPgAJV<Bd(7ObL*#{ysnX4AJg-T?8}}+<#g)x4+doYk2_#<QiIq=TXiudG
zAk?c4QF+b_Ny>)u6pNZ`Sb@G{Qh?c9PB9G2QI*~d{MGp~W1v0Rq#h%aA>>Jm_`f97
zdOXR<xaFi&<0MuqX2b_?O_bnq9m01{CQ>sWZ4jDR1PAuzsHv6N!FnsSzi+uCDl$6!
z*6|3At{x8lt5|S32RRP0)n0$@!o}w%d>7_HH+_z*i(N68Fnr50OAl1{BKOp1&qOI1
zF^I@majQ|^?XFcV)=BO>FQ8p};>aIuBpf3$V>w`^V!Fc?gOmX{-jA6-4~(P7aC{rz
zaP^2i!k%^^UsfQ*J=NQY!VD`pzYBo5oAc*8#%babBU%o3UW+x&vo}$laQ@CfTv=1}
z^vLywE$zhN9%7P+kp`Kr4Bcop<q_%onG?fF3F>p5pUr4|L$9A7m2ovUK}?fnP1@%S
zJfJl-m`K-COlXOeRW}@aoeeC{NiuV4UaD3f^ePed0|G&>KozmHZNK{Zoj_<+wiX>q
z^L)=k*j0>{H96ih7El2+4WIjQ5!xNMUc1nh<Snu%P<n5%DP<;_l^KsQNJjh3CCNS|
zEqKx#2&PqK+aHlg2ppbvi_v|b+S2F~G#xEl+3;MQ0@UF-EMZMzJm}lFHyb(SGnc4r
zM9nw(I7ho?Begk5ofpMCm^*(4Th*%mCG@t(#Z^zm5ASXm?d14G@AL2a!V;|b?GSmX
zl#u);A|iEJKvtQxh(aBuGAsN1)J3hvpU6(9mU5vgwO_xkN9K>w528mj9%q0|+4lj>
zA&xOdl6x&4|Di!788G~_@t42p0hmLO7#=A?y;QbMquC7i^ZUiJx0n)rv+n7tQFq7l
zmh)`)zXv~|He^mekqTD=j89Twhu022*&s!03{vab5mzti=*9Kc8r!l87&bzV0bVl=
z_|3?GlXHpH=eDj6F_lok-09ClqkDKoNo;fl0<F!6e$^vjJWZAcKPvleya07tCR=!J
zq+N6dQt_c9s-HN^aR(vY!WXovc)c0yC^88@c?Y&4*4jxb7?si_tXjiq^fc$lSWXSL
z(<QwDnLU*3Zev(m3-1^pv};QI-i<p<X(qx~y~1U-`%_<EKUcS%&$BjBW7+gVRDNvW
zyRQDsI5YQk+yURa^tdixG2AS1^E~Ic!f?WIq+gl+o2&5`Z5!J=y7H*m0|q56D(ibk
zf6@u0f^)QPQ8Af^Vhpz^_!v`H|KNK<J*IUud%BZvA#|`c97C4HEi(L7_C#Mj+`8ud
zNen1?PC$N?bm|fCX>xP_oN?>;JiXPj<zEeS=#EhLr(nv6(|$kL0j?x|Wi|-k@#Mj(
zrFBjzx-7E3HbX7Ch>S>t>gkd-D8Q@O0{LTxs<?^mUdYE<2^@kSQ@b<vAsxeW9B9az
zjOxv<Wv$cs70VW(;y)b|dkUflXlDc|$y$f}iKr(f_jM{E##mrn5^dS!ytVP!d3N0G
zt!=&e#-P4xQ*eCFIzJk9z{6YqV0=a%Ka&hxEUPX0tQ4XF0lpo!C@%b|h5#>;tno1y
zSmwt7J<F2q1eDpE26oP=WL*2p4mEJ$DAULq%AkV<0cveTt2xv3!du*b)Uf`JHDUJ}
z@}iq^+AfS+#XeD`d3!4>TCXt#OHb~&@P)Kp6%WY;eks_@4~cOKmFFH-!{v5;0c*#k
zp5oVbQF_ZBLUvW>G$9@~IoHvyZUuJqk_C_wo3r+(qkYJm#~?JQMk!awJanM+@^Rtt
z+Y}0^K}dII1lDwQfw5gkn;*Tk)`vrd_Hb)gr`!AO=GoiG=VJ`JGw$BOakFm<CLy}5
zXw_JhgRrA^%C@w^?w#xOHe$y1Bz}{3!EI|Ow>RTOARKAVOq*1-316jqn^5}(>A)T2
zdVL;ArI??_NAjpiJ+kzN&DbNS)!xaJY;3$0F35I>Us89R+d^*4eRZex)5e^1Vkhop
zm~7c_i*R?JbPNzynZsTDy~7CvfUM)J+f$#})#4*JvY*AiY6w40u`2{I<vSreH17j|
z6^WR4bxSpf!YSNE^XFwMu7_+{E;T;zgCn`w%`R>V5JL0(sxHm;d<wdi?DhGLkDzr-
z&;bu&na=dZ8251wdzkZ{OEOtP<jNTPxYMF#PM%>#fci`uoM3IE<*?o>3aNIWAs*d2
z#UTJcYri-y?})3wTJ*-#FY=%Xc=0G+HLhcaUlLv~)V3_#t$;Q@sD_OB5g2B+u)yyt
zxXWhCz#Fn%&oP=lUZpqlDabZn44+-M;K~732W_F`W+d1KDonM>!B`E=MEZn!Y#sGa
zEU>!q;iY}dfyNmyYE3nM>tKZynn66f+6fuKLvH>}&CYMFD&0Z`6>dpPg5TQ*=KBWf
z{evIbL;Xqv1_>hZ;IpoXEVc6Ow*@YL9Wy#&@&GIA=@YslWFB~U32PL;u-#%YvRgD&
ze0b_O<J_3M=Jg=4`j}Lo^PhBJ9l#0ABP-C4(}OW{&_m4B`xrnOT~PU#cZ_cngqyF?
zHscZbf>jikD`kYEfrJU1u6z&DO)A@$o|EJ!Qfz3+PQ6;xXEt;~e^s5imQ_mN+f3`W
zhVW->qx7%a?wk(ahTtlL{{CWev9-zzJLHnkn1pF&UPd3neqO)No;qPpK$S{cXkE2|
zqeS@C&6#FsuvNm?XI07^I$wpERYS$y&!o~2+^C8Fy4Hoo(z-)J(*hWG)_krdHlFG$
zA^9r<lYaRy!dL`a8j&5vL<6%vnxYD?a7wEHB@qp}ti<4{b&kpa(Pl0W^C*T!SC~0R
z1@I6g!b6atcr6T45L9G=z*?=PXu$vbYoK7y3END5&QV1R^$rv-`^)X^AVJxla&U3G
zjdKR@1ZVum4covuA?qByq!vo7ONN*k0ZOP<d>}td%6N+XbA{fGJct-Pqwb@m>opnf
zM@c4?(|fr@xVE&wAy!*M07hQ_tnomf4FvAa#!XzO?Etp;0g~!F8=RL<no={%6k7f{
z9V6hmS@T<jT!A;8zhmJ>ihF4}(V7^P&d?9+P)}-qnFwK#fsTJx_4M>h>6-O$5q(J*
z8HqrU9BkRRYSbquZ{B;j+JCSPtc*N6akv)m&sS@dWO4NTF^^UU9aKf?zajLuKNBK(
z)Y^D3W*!eQ0Alh5UTfp@`+(YFF7SsZ@)G;~spaI*{g~d}$ke#33yZOq7+u4fwR*FI
zb#5(A%ib>oa?jE4KUG%}4p2(JE|3AyhMeE&3?WDA`dQWU&uE6HS8BquBhd>ha#`Tj
zrA3FM#-mQIbKF<1yRvFOOV{=XkN@ms?2An>PKr$h4(Lob3SIE0{=S0yE@2tnHkB_B
z^{VXB{R31X4)w)*h_h6kzc#C$)|$LF8AJ+-+&L2oSFfha#@9(v2uM#vF>;%n8s@f>
z{I=6AkYw^SjRqx_zX4tJ9g`8ZVVjw3;7K>frv6XQw6LL*W{3=Nf_o>nX3OevZFSoh
zxz%|ZwzTj1P#w-btR5S26~HV?Po&1D;pf_R#);F|pVmJ+Ib+-?HEt4${&Pg2EofjP
zdu?T~)d>z%<CfY%wtOSLtk+QdsF}I!*<)e%sd7WF8OZnY37+xsbR~f>y3|6b&IApq
zjyN#IV^x}^qk6|xm+}0!#Mt+{A*8Ty@zUmlVASi*akL&e(0_>`Z&BssBod(4JcpQz
zc#V5Ofi#ST^Y`bQyleb;le$++9rf<9n<cH?EyqsKcy29@6f~5lIpe3JTqgB4GYS(1
zQPYX?B|=pkZO(7Igs04B_T62wLJqlQ>-J|<LKV3fo3B$>Qua@#Serh$@*v?W69><I
zM7&CaPGQ5cM54FOl>G+I3W}D#=JOYgDQGi44Xv}|-onmM&A93JEBM+YVYZU>q^l@X
znPj9D->}j-LoRSHHhTzDk~mT&2?ex%`!w}@=8)Ie2!*pP&d4u*0--{;`AY-!s3xu1
z_3Zpf1Vlqw8Vg#t01E0PmAIhv$|Ja0zEWcllFYzQ>M*k#>VnbwPCCwnBHX2vw~aE>
zsX`+$(QiVeEA@@{%Azlehez(}hPEmG$T3#F(YgQH9r80&+UtW}J5L=o#R$j+!$?v5
zb2u`TVi=*U7sudyM@hh7@Vm1?oB#o^4fnHS^Yi^v4d4w4t(&#1o-3#l)0$gQjqlj_
zLK@@o&;gu-pMh{NCMcmN+MkKC?$oFh!TgC%`ZhTkzPsx};4}6Iy2rsy(NnI&i<;Zm
zN{ADnIi)CWSc8QC4t{jSLWDD?0_~gRnTJ)MB~k)uo$VFEu1Ttf{_JE@QVQOIhF8u+
z0a8#{1$apb#7Kp(3^hnX>4^)jUS0?PC|8mm^JsoG=}WV#Zip9m{WW5u>!*R~FWw3B
z^A|J(IwdP|{~gudS+_o_zOx@~(r74Kfe#qB8&3Ez;z68UyGwontg4j_f~`t6EXh;B
zJ7}hk4cmg^l$@T!4=GhTFB^-okR+YcF5BQ>?(slq6W`sfBrH&I28pfBI5y!nYalw*
zrxI<B>o3wa_%Z(%HFEZssINvRs3|%OfmM`ui;B3sI5NkGpE+xow+<S|t6*xnf^X1Y
zhd7YCVY(PL)dCvI&)|9>f8K+owwn=>3Qt-Jm%AoxUmmIoEBzSrE73#j_90B3T!F(l
zQ^+L(*MFJIBm!^3>>sEa^i74(5BWRd%r@c=$3hNyI$tH$uV|NvA`um^6{L8Y+Hj5z
z6=ZQ9Olp5J>s>#)o33%g(Sp81RvKg-HuRk<m!rd}EP`#s;H244m3wo<_Zm3ej7-(r
zi0i;NZlnLj;5&Jmry5*KdVcTbuO1JUmX^fG4{6D4{#`Bg!<7*4Qm&lweR@Z4<=8R2
z0UL&R;0<Zi8b7kyB|~n1k{h&-G)g%D+^;+4X`ot7M`S-gaC)&i#<5K0(JT(!3g-%u
znFBt6`%>gNR&)skf<S8Y9iJNmVV;}=8FzgT2>q188&ftwbC&YS)R3B@Z#Ay-lpl7-
zo_(^&so%t&_snvOjjw0O<RuWC*qLBN1h3>JID~?4+mOhnh_CF6{`!|eJ@i@GcWu4(
z^+DBq3>GB79*;d7V^<)RS$Hyy-3A%5t~?!gJC^o{2plmw`C$jhNW$W|hGEDzXsv_s
zR{M@U*s$VS$}#T?IXB`xu~KK5hbU`El$wGj*CpgcBJVF6d@-m`IT62WcIlKI{Xx!=
zJhWjit7mo2(cEx=8ZaMF;}~!#F8;D0y_jr$uc8WjtAl|t_jYibWT)Un!p$1B=~R)d
ziE9)Qr0Hr^OP&l`5t|Ww+wRb|GUq+u?_#o%;D5t?5<1mtPKREc>OaFc#7;fD*GXPX
zJmmAfu7v)+-SU=ZuGuNA2^t4?xpaa&-qd2Dlnc)1LI<|h$;Vdo^Z2U96ZvExod=**
zH>FyEz1yJ>eP}O6>7y8#^ROM<v;FH=>WX+EM}Twk=P@d!M=kkZvK_m(j|Hy-kuPf>
zR)My-Az!XbJTv6aJc;oL#8GbOA#b!3Ao4DXl7a}$QwcO~?s!E(h+_c)qx>$vpSOPu
zgb|T6NQJBLa*gA1d~*xEjIb2L35YPHY!YA`hkIxT&Qh9Y@-J`+;`b4D0;<FlasQZs
zk5XLgv>Pc&h9}~48kfaJ*G#rL0Q@i-OK77SgQ0bErxL2a+S2%O6~0T3AdF1jn)>{P
zhRvs(+2wy8S5lm(n-zj^W}jgQoE|1fK4~XU9@wng;n$zhop@I_|C4+^a(pvPrx6!c
zu%Lp$;u#}AYSBuI(3a~QfszDvYlEK{u0WVsF(bW@>GPO+OyvosZT*91^DZ|`7(~mk
z&r?sVH{0R|>jJ++XC2s5rtor$5R!HV9TFGQU8p6Q9SY<0=hOpKb))R8b%MYwInNOY
zzj=S9w3qVD0v&)!hC%voA{$F3WzV_^ISC#4Z>GEKVMZaLOfp(U4H-9JJ4%8@wZP}H
z{4(o?XmwM;5N3Q!gwD%OC?|3?(r&PV!bNL@xahQw@(F3rPcL14bWWpnuUb#C#jD+7
zR=nN^Wz#iX-F0^BvK1*hEwbx43`0J0IvP)Du+gc4JjM*B9c=Gkw+p<}ANbP1>O~#S
zSTzOHK`O6JespHZq+D<JN?{NF0vF&%HY=04g$Z@|S;T9R>nIoKk4F<Q(I-r}`CB`+
z)8nmkaf*P&qTLutc7t?6U$lEdYPL9Sk`B?RhI_h(Mi%2Qi-LOBs8h{BQe<iSGFB8n
zwtX|(5)6o01`Ltr-ySt8R}R4U?)3LQ$#L#?isoz-D_df;@p>Gx%?|YQ<ZibVn%y3T
zn&2fC)MyP&;rb;|`}}BMXA}ojuXpO3j_{fO17EpW5q3^b0F-u84kJZ^>2T@!pZAcO
z&oE5C!P9vT%++&s{YiZfnrT1#Eey*Rwa3D0Lc9I^>$2$QasjM6x=35z1?*UK#qvCZ
z^H}8zXU!eP0kZb6RY+DbpBDU>5n0@E^LMthVtnq-WVVPTxdYrAUo(TvY%F)o65?7%
z77q1c@&`gam{K=AW1WxUCh=BvEFY5c40T1~vOn<;9c<oVJp?XAqd7{~vYqgyqTtmr
zVf|eL6G3HY_(n?y%$@W@9_g3S^jIrq1J)!|-S9^9gGMQHalFW)jQNE@*6p)J3k+;V
zq1WS2#-)mv>T~9GKd>ik_edrql0y8+()ztG0UWU^Kt0B80P0>)950@^12K>O51cs5
zRbzlCm_)Yehp;BxY>wy$#yJ*^74mKD>s8X@6PR1-;GkLZoFKG_I4zO=I4Lhqu8a^e
z=MasDQsH?7hB|Gv&@QKrRbCVisY!DB&xB(vR^UAW(6JaU&0F8Hlp{hHadov9UxMAp
z`E3K<0iNb|#Dmb64OMq7--m=pn!C1Oip&Nn6;c)o62C~i4aCGUB6%iI^zJS~*EfQ`
ziZy$7gY!LhS?H&sWN=a4>Y|(6!fg1?>|k65H9=*lHnCfpNk35N6oFBfWa+zGhU-FN
zLWB<$$DDmK&%^}tH>WosRsq-7Kx&?R{N>Ty=qC;4LsjTmHRVe)1u!N{^ZLN1bjD2!
zwqhSH<``sU=%r(i2Qq&&*cx>5h_Q{0P7*Rc!>21m!y`+f5e)ZzT`YJmLqGa0TE*}j
z4F?9;h$@y)QPYcM?1&*GXKiju66SYm;ZBt9kc60WIkYTMTGQC>=Es+Qtt%AUVye}s
znzuv@Qzn#SBI>uu(77U!xWq7#W1}TlPy^t?YVD!5=<w$P9063o99TBVlyknSeriKu
zDy4?hPNblkTcTb$EbQs9z(LscwUCl6k0m9^?jT%vE?{nV9yJqcUHQ1ioC8aGoGeDQ
z#b9vBly{L!6p|dkhArNOw)`p}D77v7qh4NZU&X^=>yJ?Wa{aWl&67c=XCM3mRcF#d
zBYX*=qfx1QWQc=hC#UT7^Y^yrh<`RK43@l%4?jmmvF<J!0CV83JQ5c+GFcX9kv^m3
zqXD<{E4k+3C^kZM<u9(vOXf3%pl>DWoh!0}@Em3vm)d$GM@=b@JK-996XRh<()w{%
zt{4xg5kx9`6Pi(@%u1#LnQ2HFmU3jOWdRJq30)mNsf<I!TN_@#xD&Ao!a-EX80J>y
zh$y#+(rIy*zVkk+is*h;BT+$vl|U7{dK-~d9pp<xR<r{ACY1=L8ocj}a*>q)Dce4*
zX$BAegjnFii5P;0!P~baV;ItblITas2Kh7I6_lQ1ca)BdI8F!J=iwKkeqt5@h{Ot<
zf43h6U?7BzjK=~2y^Bo76)Am-Wh0=sHAr1@DJWWtgW?W3N*2e0q;y^2UO&{>TNC%?
z94zzlMJG9o%yeQBGj#$ZSFaJ%w(^7-FU}kEhezj)drqc0>#}>hega!#4NA`4EZ@#>
zhiH|Je*2QBu2}|~<tJ^ZC4ulc-Qtq^s+GH+o*d}Dka@5em{CAilj2?s=ybV_m5``{
zSl~blmDDEdM}%`d!23RNtrqxz(jzd++ohjphv8v73mupDBZ~g5Se8(KJ$KB6w$@y>
z`Q4LwrZ=R>tswia@UJiD<753TZj#oRtElx@n6T#{H?q7BF6xpJq2wqtcSfK(URZQJ
zvZq^?+gKE~-qWKO?m97AH3u&3X7z@X1NY2;Qfx|(LQzNIKp!u4TD6(KwQLX=4@fAr
zNeY7sEF3EGk<}uw@k+=D(A509drOkkw&uXgAq>E-%*ChkXvFg#O!@iTVp>G9zBNw$
z&`jewW<)-j71q!?0CKm<1#Db7cwbi^3<x~xT11*2P}!*g7u2yOBJyic-8tC?3q50)
zGHp!d1%3I4M7N7qtpo-@pjonv?HVpGnxd$CLeJj)0HR*`S)><uU5MT+W(!%hCLQ|3
zkhAegZyE1J{W<se#7kdij+3_2Xn(~q%VSg~B`Pz5EI#6dGQzkE?MWe~umSc9W`FYi
z_E)yy*Sn-GYGyJ1U?kV>K~SEOAN9+gc7}D%B?V%iyqIt&7wTm|!+n$l#v-0(d_EL@
z<V8(T4Zqf)gY`w#^XhN?&3)@oO8R=S_H*KaNJ~b11ioAn@T4UU+*Km!vJIAbIAMw_
z)UL$!vdl2M3Qtr>C=$vjEawCD9vHk>y#%zAougei%-czwCazIBD7?VDbMCjuahUt|
z^=4d8q4H73s&tX~@nV-VOo7`uaN11w63D`+V*K9*J8eo$rtV?G>TysIq^s1u?B+9>
zUv>&@YKlB$GbUu;!8+*f86`bc7!=;{P&|902z(tMq80VYOSoeyT3dP3JGzlfui=pC
zDnGhd0w=HdlC$AWKZfPk#>>{aC48u;@LKt35N>*3h_MYBW5(r)vCQdgzOR{XC)>WJ
z+Wox>{>f%#BXG4{(3h%}yP;`SY!^D3OsXtQ)VqeQ;&Q>*1lnLpIt-5;#Y8uRBKT21
z2u@N*ty^FuD+X@f&fuWdc8x_tPBL5aQ|(z8ePD|Kl!JGtHIPppHHiGJ0=4NeTBEvJ
zrNb-|)38(C&uDRidD8?o{<p&1?8#hcmJLn2)}X!eS$c`};JKDb2dhMtNKGo>h)!Wg
zu`>C^P>^u@<{9!P{-UIR`{ZE3ob0LylrXxB*%nri<ju)B-Q4|+NhUAm_+aI9ee2M)
ziTAQEm$7=cEeAJmfE-fgFW;Fl!KvNx?c1SQH#MMQY6I67NsK4B{>ZkC9@B$;68Ix~
zdF+Uf9%^E6u?7mJI;+Ge&l4ZK{6No%iH>rEX1A<5ht-&13vMa0fm~prB)FFO7T3T4
zJl3tK;+#-ox7ZsFCeW*IbLa4yRS&Lq^xhOt8Lu}71w<3sDr+oMfmb(N2iXV>6hLq>
zFQc1Hb%oE(TOj0)B&MZ?$ip4GMtc2MHi_cI-1O(T<{obfruk3itVah_35<$mlH{Sn
z_Loja7ihQc1YDilA|h=r#$#n^i-z?$`u-3*>1?jELXwK$sroH-H3w(cTG&BOx&0!0
zDl-%;>kAksBy)M%UMc9>13L-BcdO50R&FbI$z4i?g}$Dg*WhsMlF&T=dN4wcQ%6t5
zS__bM25>D51?veXM$kC>4LUQiJ<=xNl4)N(fNI(4Uv8O_tHB<sOitb&6{)13gc$z1
zxdYIcM0$nUKhh=f^WFDH1ys6nTmg#5mNVKrtZLx<(J;>k&em`~8lmF}<%3w@fA)uH
zC#oz#4A5U<ADL(UT?TI&l$j7CdAuXSY-{<XXkr@em!_(au4f3(y4d$4tVsz7GHti2
zw=LAXu^;;F;bR8`UdHodq)-^Azy%#PRHjb`SHL;`CceJ_unvgb@ulJ5yrD)W`}}QE
zs=)@cp$niC-sopP%TlK@0`E>z5PjRsKe}RV$NFbK=wN3hFAgjBlloAExN$Nib?o`#
z-rHS9qg-s*2xTcTga1H2OLXTV-E^p!y#G+~wy(Y%XF>iygq>4xX5q8$gNZe<F|qA@
zv2A=4+qP{@>||owwl%SB+uHf>U1y(jcdFitRqsNrs&&!btA9^Fw)aFUL{-QI^|<Km
zXlf??iP}m9QzqQR=;*pnc+I;c3J_-|t5Lo^)32^fRhK-I`aEZfKM9t>UMtC0m#iN5
z8%PuIX?*f(L}-u&6c^%KQJssmEEP_kXlVH8$l7hF^7HSZi0Vl2+HuU}L@Y|;AB~um
z;#@F$7Cw7<olv5uQZxw4Mq@Dt;R^EKRRpx)lFOE0Hd*Gg(nd$MigC;Jc#D7Av(~{(
zVjb{W26Hf7YZdYEL~BY2&+<{mmmEo#8qa8Td$B^z&>n4aw(%}a>lFwgXok@;OiwQy
zRv`SdQhe+|;hU&BeV%jE=x%p2qyqoDhKx^9RrmB_=1Ja(8Nx*JELb_V6JRU)l)(e!
zuou3@8Az)kM8A}HhRI@zU~L^z1A6UJ`EQG$!66FO%3uGfg~?0D1^$&;ET+_tJ3$SF
z4iG=hF46iP*ht^6fpmV3{`4-+cI1a~YES7Q6gPiZocXqzaoTg?X&R<36FRBLSq`EM
zk8#NMFI<tYzQ<_aJ&T5hl_)k{9(?jG!-kPgThDV2n*iF1rV->%W)zZ<Pl(cUBoeC6
z%CfA67TMxrL7}SBpxzMm<AC_1xM-8Aw${UN|KBd3?zwS?21~Dm&)ug5@}Qf)ba_+E
zPv235(fR^>Fke_>;N8?(Rj-7$sj1bZy?%TwKS3-zxS~8k@*kL!+<P=>ZyXIWc7iaX
zE3e<Uk#+u+<B%Jzm|<{kFEJes$Ogrnt{E?3RF8h4<ZR`+aHzN(0M*4$&#Dq=R?1>(
z2M?!~WD5`IqKUd2&!r<E>)Ntt-brxLPSY1?V$_GDuZ6+1?k{`}uFPss4h#09qEQaG
z`|IA2kfuMo;$j#~%`g1;0F-yS7vk}A9Me@00DNI6TRD2#C~i^=xIfuplMa(j^XcOd
zg^HCB9mV+$I^I*#1ha(F<+<4>4MTD^x?OQvXS*S~)j+p-y3GZO>DuSWFz(^IG45zN
zx`8lcxO<s{=U?L_(iAjzPSNJu#-h}MT!2lfP=#jQP>onn@$->wlU8x0g`(Hg)KEGl
z+YMwZ41BmG-zr`q^|RfnmDdtB)`N~P;p0iGW8=T8aOGm>Fb}isDI2W);}hixdko*)
zatoX}X!|?9Aon#Hie~QNhCf%_xrBFkhFhJ>ay`31pXpjfuj6fPZ+;S8XxY9&z7l(}
zcdxsJL)Y0lHz8=Xq!qHHdF=snCC#XXTXFQTxVoy=Rr}!4=9Cp$47nnBom)6aSN4Vo
zqP@1<mZf95wd7-IT@FLn!EWXfa&~1?S)}=b<9*3a*wvm@#e3P;-pK0E=BN#S*SM%x
zb3fE?(vEP=4wXOkt73L%wE#yKvn}Zmd1BnP?h=GX7Cwqs@1nqaMj?M8;+Y%=JaG98
z-+=nZswc6G*t`+cDkn1^zrIiO=kEPI8sW_c#S01F*QM{>Td^<L^p^jT?t62$Z`+S)
z+^_p5`L*kJG{6@Hz!&=J)B5@8%b(f$`R&5@<*oRO8-TPkx<i$TqU(zk9k1YA@8fG~
zZf$+?>XL&nb9gORzqVoCgt)l1wftKKfmx?h$^`mph*v4Jn-1e(HsgI7UY73Cq|&DA
z(eBKm&4o@9Gp9!eyYr<0hGKKm>?1?-W%2lxKD5Ti_6P=%|GGT7a%pynkj)cHeMt`o
z;4ev(w_IP-n>bZE5e6Di>R0^?iMYPFnsxCoiIDU{9o&oSQm5rPhxa|jNrzhbJfUXP
z=j8DXYR{j{$03p*Ly36*wR3~G&iqLlMqIQ|koKC$1;m;oD-11M2=nJgdjv<Y9LHqJ
zKjrZUwpwobK&UhCW-y}L-CGYbpwxcvf&j;_%&MI)o&K-Rm@m)%ra1{?yY4+~^o9GW
z!=XiXZUEI8-2rUym0*C@|NKcW#Lm-WO?m-(lm9l78qv{(E8$dzOpgmp1KqW2@JnNn
zAfSva=*dCKm{!_AZ$%`A5F4`QCwW+vA+7c;R3xPMS>&@Q9<nLa{)15P2r3J-=8l=D
z2I?jAyoJelZ2m~JcB#(Y^m1}UZcm=^sjNXyU!$!_?Psktu+2Of#xwLsb(?-4lcv#T
z;bMf&;6H7ozmPE_M8@Gpi5QxSCMoqxX=dI0dFy0GjAQUay1A?owLXk(%}w4%S@%1q
z`IU`{?g+qfONl3JuQ)Eol`KfA#kW$4l09eH+or-%EDDN;=Vy(azLs>;JdLh@pPAvC
zZXXYp)k}u2rjRt#Zbg`6af_j-xC+J>x-mN`$DA7wY9m&F*d*^DTXU!m(L*`vKK&5-
zY>U2uz80`KFDy57CIhDcAU^+|7_Sz&zfSLjrc_j3SFd(oZ-LTvu@ZTA3Ib2N_`T2K
zom^BnW&)c=bc-noqJjbhcCP5|J!b7d%0v;iqjQjmm9IDfE7ZSZ58Gy4G=)*jL;~yN
zRz>k#phSS-MqbdOd>G_CW|&0@?m)NbSX^HXQuwJ}0NPX1P9iUcv_G_?xn(#1Ws~`}
zC9w;;d@x9YH)Ec+Kw*u-{7L{e_a%Gil|IqMjM&%5;pXgQNfoW1h9^szU{^x&N~Vr{
zMOw+K_rDY8W7}icBw%XnjR@W}!$3{=%@?_?|KULK%8#hx`NdHw3u=hr#5dI;U=(u^
zSsP`q8QKEIUM#fTJ;%=1jPdi<L7EvRNqWUVA_W?UgaJLE-r5Oiv&+@nQu5tC>FY+K
z!<}>!fM!c@%du1yVR4<}^(4{dNxH?GcqOvIp@ZtY!|-w$_ure8TQ_Z2<1Sk%7hMc%
z-nvb1T~<%tE0=F|8&AgV|L+M;`KJHxYJUt;59S}p5Z|37xjD>rBe6gbt;{W9Lu(Al
zTU40G8T%bsx0+YcOi4pOmL6Gmnpe?IdPYCmCS7+K|KEo<ZO!hJYaN@`I%n+F^@F}!
zyWO@oTg}f`u`mC3HS^^8$M_L#T7`4O4rUDRPF^IJETA+FWYFCl*1Fwkbhx)qZuJoU
z=N&@!?j9u)vBQ~36io)k0YB{spgEC#WI};WfrB3T``rojxD)L-iKbOyCF#6fki9G|
zNXT<B*jR^i<>7_7U=NZJqi;xd=I7fNJI9WDKe`5#osJr~^0=3CSylJayRfc?P6~bo
zglf7BV{D<-!mTw1BA~?Y(VQ>HH7%Wlr(|D{<3zO~^BC2Uu%M<3`rLP1#30obPwwa^
zvXG`VSOgbri?7~yE{LB|@+_isvfAxZzV31OIK3uu_&U87Utclwb$>wuzPJFsP}#m9
z(=<!p+uClY*H(RZvD+_jZl6p5Ur710Gk)$5ZMU}TcSHbx>wEqjx|<JTHiVlG^fY1b
zo#*vCRyNOnp2`Gx+BxaJOK8po0QjM%!2p=KBtQ>C8eG1U2If-y);7vU5+f0*kl>?S
zBKKeabUkKfx~cz(>tUasl|V5deNZ@W7ZUoHGk8K(b)Mt9T|iv*%sS72Ry-2nUOcTa
zOoJuEqsjFk)&2skS6N$W%cpD(SkBQBS|bt~zkobjxFBxy(Xi6x!z;^KidQ*VvTnBO
ze{Ej6)SCu={^VWM+~Ay{{{Bdi0flLYybBBy*XqlU^-Y(kdP6v!WMEpSI~eO&a1%?|
zii6M4h>xJxHUk`sL>^5W*Gp-^j$F8<nuX<eno>MbWzCkNZQgRd3g;^I8LU+%o0q}C
zEhNcK1d%r_N+<dLG~s#pT8&6Tr!{j^@bel9%&l7B$bHuo`1ij$sb(iNc2uG0?j!IY
z^&f>ElHc1c+(6P`4Mx<A+|e4+tza<Kjqyy~fi-vy`<F+1zd+2MJb`}c!N?etRkZqa
zE0L8X<wD*&PP}BqQP7w{;eHNzzu40Jk*D?SThSQiu-EO8De6EM)~Q;y&L8S70c~iz
zgpQzU%5@&ORLQQ+eWV7e965bz30JO=_PXzEm<Gx4xS<C#XQNgL=rp@o^h5}=!-&NG
zY14*NGNd@hL3_zu@2VCMG%T%!e4onp(o*AQ%trD=h2deirKyywVDQ@6ZQWxMBgk7m
z#GbA_bm69dj5KGt7^NR~0@qFuhVl#0686oQXetZvT+z_JIWJT$Ro1nPk|k42_9)kV
zML2fCPqNi<F)H!&ugRKlhg6Tc5Cf_Mb|K*}e0UFnwkh4oyD1%cB;r8O>RXJtwp5Hn
z;_X2js0XGM)Ko04e(`bED>mLmwI0?^YS;q$y`;Ck7Rw9r#gSua@)@yFx9aHBBVJry
z)IX#0e=`<dnwU6J4qz+8x6Te%E8<|b@yP4S1437%8aMuOzvV1bSPG`|Cfe<4f{LdY
z3^X+nZpm?UH`XR?x|=#18eV*oTD-7Bde7#b6#4IFLTl~pr2ZCu6-v<(KKe_1SB1g0
zpP6Q6bvM(t8~ebVmusF@lHOHUmlS=;=Fib!nUcmx=Hl1dvP4*F&0xtvuemq|{W><5
zZ(q$m<GD;0N4~w*B1?54FM4r`@<EE-b!zvA{r!Kz2b1WB^D$V{S+gL;bXVMdqKXg*
z0UJcqX$W&-D?~b;=+)1cptFz3X3HnFW_5kR%?@nct_`cZov_kyTqAhGBc~kvCy+D!
zjx9X+I-R{b>+Vym#_Wk@Us3rdp309fLS<rmDZT1ZtwOiEByo68M=59_6iyo%$K?|C
zve(0>Sp>YTo}<o&t|bx7R}u}VzJ0z8<7x|0f3~WMV+;C~50Pjmp|9qVgEZ#XQst*x
z793MSN0ic!w27$70;Zaj^<Eyq#gmLow(5D#B}&)}W>6H<3+RZ+M`Dcu#fh8RWYrlR
zGScX~t(s$&%6kUBY~>!bHT<p3>I$=rn6CG#ikeZiJyhc=oyz(=O`Q0tl4nDUV+}~t
zvKf?wLvyz6(O#Fe8xLraJ_1=5s%Uo4*)&cAAB{MSa=JcF#M2BZJT&a=SLD~ugNhD2
zmPkaVI0#62{}kpz$jHYZw(#n8BZSZpG<Ad%vnal-b-_Yctd40$*}sZ>4~Xv7H9cS;
zqKn%?!D5$n%l<Lq8V&TRm~%=z>)cg6`;2|CrC+eKwyxS>vO^V;T2WuzOJ6}(PYsJC
zuNdSXgIu}jDQ}$XlXeJ^)?|i2i1$_$Nh$BMQHte~tN0tuAby0&)uhe_AQ0dZu~(HL
zvr&T)CmVhU|JcXd^`5aayk{<flwgf7JT|Fo5z=WGACL2Cut9*tiVDh8`nv~1<|<-Z
z#kp%@L50K`Czj<Bn5MgQ2to~mjwIfn{)l5ef6CPH6D}zYs?P!}OmWQZg1zFv+98H2
zBp@@lCD*7_AHGEg3;~dA^dRmP#H)9h2P8rcIX|L{sJ=#W3_<(Tf`k)tzy}gf9*LE0
zDH%LCyE#Fw4)NiKUFexbvCrxiM(@X{>j&Flsz}<Nh}ZmM(5_?A5uNd!j@8}zTwe^-
z500Pj@?cWC?bq2HW1pVL*KYUMjQL*dceMEG?d}Hs`t1L@5ikD21$<!xzQ6&#@BAOf
z_cUL3v2tH%pC6*nPf5D3`}ghF^E)d+M}!}z6ve)v)BGVv)7$3W4+(Qy!NqXXS3P%Q
zc!{CKh|}bN?<mGF;p^}^y}hOEM!)ZKjkCJ$VZ(l95R*I=X_c-3dN(~szB99;;M-e)
zOgo{Anac7)p?lVWmp~Tv1ZU!@fOEB^tJJaOCVAs?M>hEOI`76m@}y)H{BhO$8uDTC
zuyz_9HoqS8YBw*><Zc=fr^;<-G)vE}p(NjovFfHLL`2f@E1au!hbqqPuO-C2CGbcn
zSri4+n&QOclYrYqk5(LmOqb`8Gf9zpFoTyne5@xEhjq^R0Q>?{L^M);kPQd=l-woN
z3g}jtj0ZTrzsF5eVpQ+u1vR-#3ou8xJk1v`-&*<Y>pRJ3n(qELUVu)DS_omFdPw^7
z7!@(vdzJb2r&1fUqUy{>=SST23RB97*FCjalGfaD5t7fq=t9umpaLWzwbX{z`UHDu
z)#UkrnNYhR+OPwhh#3gB9+w}5*pYK)(l~ARM3n^gR-xvx67nyr%gxDu-$dH_eat+z
zL1#^p!coHb&7gyj4^YHm!E@T#EV4AD#?rr3yICWVYt@4p9{~iowzLj^zC7NhX194U
z`XdO2*<hndYy~Gy&lU?-)SKJV)X7Az8X}t*N-n&@72Das9q0`HNaA25@NGir>m~Du
z<l~n48RZY8g{zF8P&biY{m9b;S)C^MbRnME9?cAUKp9S2fL>^~L?W!*0B-2C<9c5U
z^5DYPV_Y^8`j}zalqeazp0>k<W_2`seBGq4h>hvKstn-$VPX(&uZrz-YcltY<g3NK
z)2qCy<la3eeBKc=C$eIB00Dk9U9m4^urb|O#Ul#5)Jv-;l#w+_3*P%#he=!I&<%#W
z{#sd|9hltB6xCv>IXmh1-ZdA@QAX7O$CU^jZAD<=q_@mNUoz)M-BXCT^~tlC=Wo}J
z8Kw>uF+BU-T#3EEtOVu*@TVUeZ$+aaY2uSy6n@a;;cCtOz`%F$*aQp*3%PURT7g~1
zKOfSmF=l5S`1WM%*PMj-H7Ma-If;c%_PP@{X!yZ*l`fzxnlZ<ytNmzMaSMm2%kry!
ztYnT?L#cgg5$Be~Q^_SD*!u^8HuXK9{7!R^)*vB939W(3N0#8G2j*l7IhKBRCnguY
z=F#fkMFV$!)!5jdM%!7RiR7mUQ7QyiHKH#f#bYv7N%=mpo5XP8KtbMXIqS9^*4P3F
zyTFe?HOleuO-c$Zc1yNXIOyb&zuX53Oo*0sOl;hro7{u2={)1PeL~4aPrVyAJ3Da{
z9rj^m)K&yd{fU(R4gU0Gr@`|#gc|o$YEKh_XE;f9<x{mbz()*D?w%rjXrZk3tt&zR
z0g)SV@wk2Y<H*3Kzp1q5^Nvi=&rWn*V8j+|UL-Tap@(6<f?16}$*E?~zlqTEkfD8k
z2&-%OBYZAcUY|~r6(K$8m((hJ>1dSF2PwpaDPB~2*7T%QjeNhQXgpL`nsn0)IgK;a
z0FPZ<^GzAQFX<JGkP3dQOJn57c^mN&?_gq=qDn#6%stetsA_up&Q>>T#HWF7^Qt&$
z>kgFB)yDhY#jN|zMsdd*al&uwmJof-*VkR*#l$O{zVgCyu>zSa1}-<806~p}5RBC9
zK%r6UQw;$L%GuN=wcnHlMA3jqsK^|+Qex-DD1}CpTphAm4K6f03^d$VjkQ0fNw0qp
zgJ*g}>Q5|l257TLYq^7&7j{D0H%4MDq(7128`D~h6CR?i@n)SYt-%X68sAPfWFvsD
zZkBWi!E>gBr%XLP(6Hvsj?35w9LBK!zFU<)B?4!T;p~7PkD}YNUKj&|00jqU^zr4@
z(K$S<f0Nc(`e2+x8ho#mVeuu=>vp!w=bP&ojqeg#I-x9mcBzeGiS_K?RLh0iJV#8V
z<E##+l*eexWwU471no3^dpG)!9xq?Eb3s>-C_svD0ALPe;L?Z3p)e#uncH`1;l+Rp
zBL6$6uGSKFpQsSI@~1L`3TiEXLme=gpQiAS(k*`(Ccn2=2b`KiqvW~W%TX9N=~%D5
zHB?N;UF8pa=P}1m=)8*#7z!h&hhS78OZd4G4xu@`Iyx2uH5)e1isX^)gUUBb%cd-k
zXC+ls9@f1GsjOsn@qGRJ1+8Yo7Yl-iS6UkGe81Nhls9(+QpK`RePM>$KhElEde)L_
zlnv+x$tlCclHLx)x}^n105V{&JU|osOB<ba%jVvHBNoaH2u=aOC(}QGz&fek`4h<r
zS@#^?N+Dc%(%T+{Z_e#H@uwP>8}8fS70T!?@pr1L)Fi{euu4dhUG6bfT|m(+YYhE@
z8-R^K0wML=Y%4Gy=c0W|evd%Z@2m%2zwn1YESzYMr`_hclUSULeXK6+UY%?D3(q}x
zzd60bZg^kj+jhCNOe*+X^w-A>-Lr%6rvuF=R<{BA<`~(ZHY!nSCK~}$g2Im^H+#I`
zK5QSl*j$s2FvWjN8AI1FcJ{DhGBERuB$VT2Kaz;yAPZ}<f6_CRnd9$7#E1C|D76F{
z)80T`sRap8y$rPs>xuju56i2oXEmVa$E{RL(~OFsWgxV=_XO_4>>=)_{yci&2BwZ#
zzO0#nbC*sn++Vz9G^<|~pNO?JIDH`A4+JS8^etFI`x7s(=mjz1Sy_7Ke@FmP5qXSW
zB=nOqo1^?+5M7u5S-3)L-9nd&{HQCJzCnh&`=Ez_?6K7=@F(~R4v?NH6}u3*beH4&
zSUjwN-*{i&oiC9jhiPw>ge;QhP2&PBK#43L$2DIFUg6}@k-};kl_Xw$QZ*5~RlrGU
zDBB67k~1>acQbN;A&Hmk`E{P;Gd+j2l1Hsd;QMjW0U^4)WMRFTioAIl=NWCXV;yA9
z&O_8qF4yN$_)Fc~c>V*p@>sxto0QlWi|&8^`P$id@c?CcaxpoK>q-U-V?wCB`d(Sl
z{-z*}UgD5>Wqdk>wLf6%6{yBD^jr7@4?zpcEMp9dFIh*9u@DezYvR)4Cj?5|(&d~D
z^S3un1$r7v6s)nd)JJ+oK)E@wM@n`mAWb9v8N#55Rz(I%IW13&rJ6Op)t0qfkz@jO
zDha1>_*Q1%r%=z|gvL6Q#9FLaUmRS#5j`AH)THVXU`psU2dyp7fuVZPb<|LhEafiD
zvbR_B5DRRESBBOyDaMQP&(^nmZ>M2&Av&9eLPQ*DWl$3Uc9XL6yI!^zEi{|eHJ<cL
znc&O8L9BTO#cw;H4gsZ1#C~Z!1pzA(a}j0HSvI-M4_%|JAR=;|xSeOCOVWR{Myoj@
zQvmjF^5B;cW~ke2Yw2q{vBP<~dABS}gQRI@_%Lp{z|6`JU;#=>4F~#7%q+rwhIlD*
zKgEH7A&*XBUmh|Ii{i3?9F5{(8MHqoFu9kBdCq|>|Bzs=OKJD@&!-NAsxi=x4s8TC
z!~?YtM3bF#^9A$wexnVIv*d;+_aE`6yOeoK!ZwvuQUaDF_dxLSa_C=sD_Efeop8xi
zB_tt_!^iME^JlHd4{-EdUqJ=z36lB-9{9?tL;YQcFYfOctNAmy_{aM}N7Uo)llzXZ
z3SquS)4IgZ?}Pc>ILmO@%hQtcZ{;(zocNx%c-B@$u1nvAqO}i&6@$qo(GbjPwOXE`
zk@L44&|>>Cl2oZc_#<18f}mX7<weBG3~MnIf&KJD$!T0Uku7+$>^4__kn^f1ox^#L
z$=LR7mH%Vk2`XFEt!ewk(XHyUm!cRMP~D>}S?Z>0^hDI3Zvi`6-Zz@Ez>E1c;)?HD
z6u_R+Rppft;>n7+3Xq|Dq4KWs0Va7k$Uce;$@Hv;Q5Tm>^nM1oZL8rHaflp={0MbC
zhG<Wfqw+`mQj*4?OSo>ujZ0=qF|U2e5*l!%&;}}IqmUE^4`If+Z<-vSY~cOc;V2J5
zxen2c2`7XON|KSeA}-VWVTR_14w+4krGh#N_RQ>2Qfo?n>aeV6%7-ahXiw+`X<SHl
zR{Qx)V+x{fFcr7hk~!;2{IC`yKOE8`l9h?4kdj0jyN@Uqbt<U&gQxa;;1OvqT++jl
zIf;J<J^LncGR>xiTnpXZw{w89%(aJvuOwZkyL8%|Syhqt%{hVL)sNzrCfpKR)qG1%
z&~RmHYHuzrGbvT=r7+D*rpa$AHZobd++XNL$%7&m=yDRLGNngyvkwi5d99-slB&wo
z*MOu0X!Io4`#)4v#H!Ik2xg~c0{GrLzmfJ_tP#>HE67#-)POs0dS}mOs=N2weJNG9
z6$K8gjI52ZvxniOgd6hETy;j`m4^O(GkEDgw)N&459dPjcVwSKbXzjTAVK#r+YMj^
zF+gmS`f%_g2C4QnqNvSaji`4^J;h=fSyhd~8G@OySmuXngbIV1fQ1B_4$6P2i4T(M
zGj9Rh+J08`2@t~y3oo3=tnny;G@^1=T?!qvW^4FVaFMWeMZ5+%-TzM3Y+;+&=@M0M
z5ZXvYgG_YXQJ$N!QOf8e#x(b2F}0P|XBJ;de@nn=Nd}{QD+ei?9aD(sEY=?B)$T#}
z$LFA6QwpXBM9+9iB||)?LMX6qs`^&@c8^^1P_;-VLb0f1?tV??A7_T=hJscIpmqKZ
z<2)#;5boQaKp=>bo~jB^oRzPd8^6CRdOjtfB}ec;5BA}jkRq5oE*Ohj0*6W$R|A4!
z)15_?!XifKrbnz|W)3J#3d7l+#n^2MpGPtuGi;`2U;x-n;tH5nZYr*9?!_HC3cY2^
zGG4Ie_T%jpXi{l;J{}c!V;Tbvu|QS;S7Q<IL7IBVMuDmlZG*VjIJc`M*+`JTG0Sm(
zDdK^f2N`AM<DPZQ&^5THvqfbqt$m7NS&odkp1_U}n8uiUi)m5ckidtKn;fO?4JHJT
zlufJl0$xu|iA}=mH6BX<y%Ln@mvEP6ZW96baYN=*+-6*GI}LH&xp01G)~C&Dg4kET
zAe*h<GONe&N{#CmPgb+l54S2}kKKEWY<etf37!}^Ynlra2Xi|?$!v!@ac|12T~sjn
zq0j@bL{RdOd15B8KfNK<NYNRgWHW6^MCS~ug+L?eunos<c}LDTFw91yzYB>&xA{;y
zlXYBR_83m8!q!X4B#_|#T{yp*M7Z7$fr-rwq5eU!q#K7owlo1|uGVfj6U#WOwUvt@
zOKv?S?$D4;FVbqN+9^GVPlvb8xNT#-{tZ<pBb~ndGK(DXZ6P!eEW*uX2l$}t@~!%0
zSd{%zQA|*REmb!bb;V60tVCjLeoxr0{D(AN#LT#S<9xrD#W;Q*%T_yr)IwhSFu^2$
z#7azHnVLOt=l^N<u1E}$2{$A~r-d7d`?a4i7rWC6Cr_CDg_+Ia^FDf#vh#uisQ%oc
zC~m**fShjrtVzG<Z-n};U^M7tIuM3Ky7VyL=bTUOCZTllq%jRjx1}k-tT$vZm~cL&
zek_Y$XHD_6^hN*llJTwj@?vr4;1L?vE=l1mb9Fs%_!;gO_xA@A4hl4aQg~1}{GZ8~
zrtUjCI$1;zv{$<vY{YFLyK_!CmAT9E(`xw(L|(bE<K<c{vS4l~tqR^Fg<_SY3_8_L
zoh+~W2TEjuzq&30P)EYUb?7fz+M9?Ofp<$hx5yP$o|H#)s-g!J!{HRzR5&!Kwr{CE
zf>JY7_qnP=6#;p3s$-P&J6c5?v{|AGibN1VW*pq8kZ_5MBz8Wvj>bd9I@$@#PzQF(
z#b}SHBe%QbNjK6HPy`OggidBcl0p^x>b>Y8(W8=1JJi~$nt$j&e<=th)C4mTg|wvA
zb`!)jFg&$QDmt0+TjB!<E_7lqdl%C*(@VBjM#>`$e%XNXU1Fj!pdWr96oXu{Tp4W$
zvJWuNSKuCmPi589DhVsl=oxnwn`vr6)MUe9hb1%6pY7-uFO3SGRw**l6xHm$SgSEs
z<#X*i0T%2>DPgzk*1NIM6EZsbX#j1){->f3nTQB7bmSt91`zOUh>;FqlEcd>0Pyow
zp$ny>RU~l}`Td`oQY6AGsHPhL8fnnQnUuPmsxD>AT7M`;E!(MDU4{X?dW({O;ZE=r
z3x|dGr{{o>VFFq~=^Ya??0>#QvWRv0_f#E5Rd#bi?qG1Tg20)?hS#`tql8s|cb$qv
z^Qny9R!kLotht%G6MY#IcOV||<&&pp<F*P-n1H;NBIBtIrd#7wsq8_cKgyN>6-<M3
zF|zl?*Yp2|)4QDa`}@-re%|P9cZh5b-_yCdUw|#YVu<OSe#eLE-mB{lu<5y+ulsv`
z|0CPpJ7G8K7x)hPcZ3#=do9Fmx$>o|aK}yVQ5jluE#H!O`hz38>vAzH`>O{p7{kU_
zFX%fhfarM@I%j0Z@hXOEYL~`pf#dPkeOaLey*wK4Nh`f#{%Cn*0HaeIS2yrnRjHO;
zlA@7qlWXEB4+<Mr4z1!!j*z7}mKmcpRyQSYfPbRo4SYE;RiQ5lD)NqoZQ`?KZi3~t
zmoD5muQ;_h&L>ox>+Jkt8S|a6{ZaM<9mWmZQk?38Fbo0rD&I<-00I5gO@Q6YdnoaM
zsW2aDCA=T{0oX!z$B{j@aD+I(GiIhL_CUHp#=(A7WxE0Nc2Zx=9xhp_AnT_XP|+^!
zi*XsHsyNqCU23_=`oYqB+vq1z_{*Hr^Mo7tL4I-;VGLPlEUcdop$@}Apm*<yd@q+J
zkHDLXvvV4QbO5jX)0@egcUX0SW5O=O%(9<yVz9^m5EZW*eHuxi2BA`EhOIg>$|sMi
zXhda9@br-sDg96UPkz(7&jo09Mc^@6u+7Tv8YPr3rBa#T_)n@rgtb3jgu`d;H*@Ef
z{j`uM!yh{9=cRgoff)Q7p?rYR5C!PZK!djr8{7q29&CrR5Qs{#?Vn)127cS3a6LZ0
z@TlO_JHLDyat3R1oOwXpduGqs@9opJ+ba3i!`C*5Mw(>SW)3^M3=eO#?~?67Pd!H?
z_TnLu5adu&d)yCT@Uk^_+%G0nqM_~%EbO=7GNXK&iX{4&N|^&6;ysL1%JpYVznkS@
zjuyhxrmF~++_#1=8&;+rPjZgSQyzYbH0^VQc$JY}yG_}CE6o$b-m}cf=>=dwik*N{
zaB-ukG{y7@ugYdniO|zz9T^8M&@S{OcQxGHR5a6z2;CL(mzEOMo`$T#ZFH&lNL|ce
zI6Y?F?Zyc9=6|z1OM}7YJw>`2Uh6+4l9<X(u)Gk@r8vMCGz6>~QF(7~h;WtGQ4MfN
zHAd0II7DON&uksb)R&_md+}wpC|<=)nRAOfWCxHUz}GTdIa2n%Sr3xTScj-%-(|pv
zK|@ZIK1pQGZb4**)>&fyfS!NPVeO`$>}o3g{;n{)wP6=_A0<0A{d^sB{MOPcr*#iM
zqeLMCgZsyJH1(PLsOG}ARps^(u4BPvv%ueP&9;QWpAp2jRM2u?H|RRtp^~GyJVYV=
zjHVFYiKnH(0gj49P&mtfKS@eD)_fyQ&1O9Ygve%UC^9c7T|brT9R^b|>&fXN%AI}%
zu-74#-$<fZ6EBcUO4v2x=$Ui%@i0U``79<VWA-<2>@C*h9H}$f5|M3{^ar^K(IDo#
z&uO3xA(qU1*6?qx6{Gw|4bid!0cJRM!;Oddd(wW29NqZ-c)znc+910S5^@V1;g2Bc
zsh!<1!4B6B6*N#?WPUJY6!$@KGM8hq=XAjE?r<!^x5nELoU}o|O(|-mYCsgruj{3O
z0zI8v<kAu7+8a`s!FY5trn^(Qno42Hvy-`lrF^r$o0^}TwvD)OuG^V-_h-7)v@5kQ
zR5YsXV#q)e!((e;oQ5VuKT^NI;c1HJihT3b!bz$}UxU-0A|NRHXYTIUnAl^(p`2Y-
z6b7^aV)c^!W#!}Qn1t!3X`vyBZXZyp1^}>zSze@+f7Fk+FcxzGXCu5AM_r&YW&+br
z9sn<v|8qY;xY%E~th|No7cR1-jZkZu2|{fw(Wm6_!{7k8!R=X`stecV9ZslsW%u5l
zn1i;a*6*TS1cSw3yV-h2Ox(swD2Z<4kuGPS!6?6fQYxv!cG++|EHcfk+v}Hu!+;}G
zZy4wZ*7jo}B)B)0gT8^UyI^v<gDb?@Qbv+lfg_qaCemif01G0E>Tv?XW!$u9z|k2~
zw5N$56y6)Oh7PYpb|YCdwF2!Lx*ts;I{e%1y=tUS)bbzuR-FAjEo%0i#T=$Vs2o{%
z%TCDCL_M%dV?2bPx}q@1xiX!BS^wBXAz1TfV-lNSnZ9f;G|OIJ6^?&zu&}2|2O&HL
zVYUI91mX{Uu6J{UJ(WTik2rWi7fxVqG}zN9nE{@8e{~*uQnbQ8K20cE(d5ey(KsO>
zeJkc5A}>~a|H69`hcwhp_=n2e(rVB@@=dPKK^Xhp**mcO?68l77-S%B(>=6f0xvE?
zMtOf{-P5Z-gsD|L!}x-WKmzZ}P<tH60SbE@YIGQ1y`MqR-(XK}2L41P7KypZyvx=^
zo8&>C+feWHfR!J6{H4f##Gveo>5|<Axw&ICt0zKuvhkfFVAgL0RJj}6Tw9z)2L=SP
zLhgKib(x8R^X0$1{dfLET=fCOe?sPGvU>O4B<Pf2KPbtTz|<!9kygu{qo}xGMWIYb
zPa^4J#=Cm-VJN96lpo{iU#im=DR!o(<?Og9QM)8zw~pbB{=r#Hl~>!Qw7$rARd0_k
z^tky^S7-U02~D%32Ky@k8a+=*l1ynOOhu7iX3w2KC(<@v8Z~(CB&t9<KWIGqd^XFf
zdaiy$>Op?dGSsp^_VEGxOCW=zmL6gO`^Clt1@3Dg#Bj6Dt)1iYAd9z6Pz5>5$(8fw
zP3lB}3LQLAK^+)XGF4u!Bf!Bn(K1w1Lt#2k4(UgYzvpGD5^MR41VNi#K>pwhMv!zM
zsUX&iQ}ywJY8PO6VkC5&9YItm>!5k~t5?TrHq57_I}@87c{L5@?RL5b#&H|W469AX
z&5J)f=clfGpWVCdOvu<xm-FK~F~$0AGsZtPe<XSz*bh6!jwUaANsG)37Kx*FK*>KT
z&I#a)3ALtgiW=lHd%0<o`a{VNSfv38%V<3ue3NjXRp#$m6Ceo8Dz%}%<fuE|ntJR(
zxuf{>xQ4SlY?9bqJ9Tg)^D5<Eo;X3d981MGWkq0zZh@KbQF`;KmCG?^i;y>Ths5|p
zYgLis?L|7H79-`B&{5$fa+`E+Bk4>ia+IcW9u;}3!3m#o4W$^+Hj#!?A<~KxMgY7w
zZ(0?%seci=2hLK)Cw`Al_q$Jr-LR&v=Wv<1fXZbbyko4m$ZVcjjO1}LP(sTScMsMy
zr=7*A-2Pi<r3_IeLEWP8pPqlP!_J9`HVt!h-<%r-CpgL@U8+nUT!fMfWX3yO2hipG
z8r_?Exw{^7b)w8<h0pwBbz2$>cy{?34zkVBkli<u-b-VxKN*3Uu95SsuK0&+CiZAB
zWXyq}BtdxLld%w)CAMmT_r>af=L&ue_roUIh`a(ScljKKV7nn+;}~OL=oY`vxMeOs
z>-?AC?~UN3QTU`z9VC4XL17DZadFwui9F%w3_47T@a!>>->fbebH}AKEX@%|R(62V
z`}Fc<1}c_5m9$@)Ngo)#)4eD_;(`^xEz8`w6<}uh-#X2{J)c32<=1<{907o1M{=k2
zuG`Du{{Sq~zPF<%kbrK;X-!`xCW_|_;@^w?`bR(QJmOVl;6IBxP?bTlr6(wwcT%`T
zTh_7|es5Du`)P|nUt(6#%!QU4<m4QF`EXHxE+2G#ORbMdPQRSCpBTKuKcC1RqH{np
zRk&uA(%;8u=S*L_%}2^G%j5O47HCFlra&=Qi7<^co_djtI``?^A2b*eiYyG2tg^^4
z|De4wsFFJy&Z;n3Q6)%j@Itg4Dyn%LN4(51xKXD{&ytV9B@%j{>I3*`YG6zM3FoV^
zqkHI$rm{e7w5#u3)gG_YmQKtaZVx?;d~`(W9ExLY{F)v)P4^7Y1O+E=dpSYaRUk8!
zj?f`5Z{350oX9Rxl;T=}NZa6%wDx|r@og0ebs*qi+)L?<QH5)-tIUpjUq?+Rb9F~*
zYDCPW^L*{?oT{&ot<4rrn^%RgydN{}W{wlHztDHhw0)E^?xuFArb${DweHNERQe^P
z>{f&nbYJE*cg4!20glL1QCFe3e`Z2{W%NE^Z^wd`yosY0tTIiEF=CrvoXRn#NnH}o
zYyxvtmIr@Zq=i*dX8b2dfiJTyDZyfl^tR&>csD{rO8tDhf+dqiJWQj$mj5IKxBUC?
zxkpqoeBfr2x82Fsd8Rl~U53&A{cZ%AUsX3pm;L#+fHT(V+Tx<Kz=r=Q9r@c5h#_Wp
z|0oAdXM)LpCOF%$XcWd4$&-yDGKGY$<7a-hrOERV_btPIPs*M8Zvjy9zh?ueh1nCH
zN-;J!3)DVx?&ambIdbL{t0U~|vgSM;1d#H#T&Nv<Q5?9*Z)x|FrgPclOs1UhNO^~y
zi2`2--cNi6WR*g1OLBN4+bAs2yDQ=4?(M*?S#n&Z3tSHgJ0I+(N~kH($@{W{{-*up
z(O{BM;hj&NSO74&yJU_qtQKT&gE!H>msyA;9!RByx8{}350XcOO!s|PIv;$1rJWa$
zZ2myg&tg8_kM5l<-C*A@P{22LOL6_~dVT-3T3qZ)m~DFf&g<s0SMBTZ$_HTk_RTQ8
zEB?NnW9Nk(Fns;~IPK-}iVg6^&HjSUp2U8}&$jJ%gr8>kJTETZ3OY*JX$77BZp(KE
z9d!pB`34t%(flI-OmDw@qhUkULY~+2+wPdzle*w;*Iu~Ud%ESR>St{Brqed`Ir0`b
z<um0=gWknbxWRB`FT4BEW$VQ$WWN@JUCx82*1VHrv_JA(&Q~!T4XeEsc^+TK=WEMt
z$5@Tp+_ik4Q4Z!a%A^@EDZFBa3>JdW?Gt^g`XW}2G0hBfx(suUoaptZ%pcARn+_Vp
zPq?aNHy%Oun)UI}LI$Z>ngzxUS-F$V@vcmHUpNvIeNn0MZ0?}M%^h1(#5GsKHb&}8
zhu*|s+rn6r&LK>K@3&U-coL0&P{um3>{5o`01}H($~U0kvCKFx96S+;qdEYr)#+UD
z+(}@Xrc_0Sbpi5eF-#9SijkTMv&Y?Y=FRmw>jcW|LH1XFmwZ<vHGh=xD=boZ09=m9
zQ}Cl;oWCaNeEta?GNlcB**dqR^l@!ezIQ&G7q1zgC>#9_{<L}L#Y(-x{=@12^W@5X
zdtNj)WW@&3a8anzu6Ye_A4sw(wwEDi({pA#qLAKC!duz@hs@nl>GjWsJ*J|6P6*fg
zGM+hoGzMc#rqq!ieTKFSjRUG@(2s~f){@~onf#d^1NXLFiY{-%SRzwX(1T9y@=y>v
zsWUZ0Zjj0qg*w^d7>f2{n4ygAdJtEhwIa|-M$rX|YOkF%|Ek5Y>_{yLhPOJ8FU@Z}
zL28NPvf8$SX&oSDtTqBGKi(9bJ(FU0>=P|^;e%wJTU;_ra<Zx;IEcS;^3;yVrnDI(
zjSjN8B749lKQEMm7ssjsZwY1MVDxQ2R%d>;2Oq57_Uvxn7jx=VhUGr*I*h)J6kPFl
z0MEsmmK9@1T{HP3_5A=s;trUYrlf^Wu8DQ08e2Gc>>nfV>F9h4cV9Y%jq1hnaXXcY
zTO>p;oluy~CA;E&2+QLB`%{PlV%$5@nmDk`fl%vm5nbwJVt$zE{b>yq<rYJe4~nD2
zd=4@s1xt$8_03E%JP);!rLMd~Fx;VCK11C79gWm0nO#;N&2e-KjBVmEy`TL+4?OPd
z#3!T=izU6tNoT7cuJGNHss0c?jriJ2Wphx=Vo<f+ho3@e^-gd=OMV}Qj7vHv+fZq}
z-l%)wsNdZPW??WTZ~qUfA-dbZ9H#!0BUxRK2B5jZB=aw6pqxQPlgue(gCrJbPl!Yg
zH5br!BSX=;4m4pQ(ec?t+xk2$b0tkk>`D6x?*M>*|8)E25q|ecD$YR1XgQ2nAqD9$
zHeW`NtgxUlzXx<75DdtlPdqr8`>ct6KdMP1ENK7G=f14HU1#m*2NV6Y#<*cah(=Xq
z6*+^kMjI4K$7>!v9A<`VDpk#u5imjgtEq<g*8p(7AA*`*&6(`@h(|lH5K7fQC)+zB
zP`9k+v3Lg3Np6I#o{y9ur&~NU<?~W!3TFiE5pQ%RydUGZQX@ivlbA;ujUIqGBczR9
zp*lj7Z8Tans(}odef~%8FRU%S1kFW)n0;`8ggZuP0S%2rgW`(ru*OhfF(hPWD%Pmy
zZh<`=;mVDjkN=fOUyS(Dl!GL7jr{S%g~nY;InAL9{}~wt#Vhjq7&nyJ#x)XT7)HMS
z*N6%Ktt;$(-G;8AeQ&35UnFz{Q!fg49H-;76r}s8^p$~#R0CL2>9tt*u(ablNhizU
zRNmCR$`H3fdYX8o!2qYCvR6iNI(Zi?XERu@_GvBl2YH>pTVqrL@gOuMR#z3fWiAT^
zd4;E^K4PL%*=H|OoxYMxLLWUwwrHLL*yOPi$X{r4LVMDABm1p+ZSGYmxt|6iwq+yC
zrSucf@#)RqV=<WE{Hg)27aGrpta=I%t&)6~mq+Hfa&UHuD`)#4iB1203miijAZ3V;
zLPZh|)!(43wc8$Vhw$00UN8ReS=b3RO%X+`<cem_j$v+{5oZ06IWHGGke#LG_;c-$
zZPQG(u1bEn3;_fDfZvcz{hP!zD=d@w1p!)%L)e~w+@faZX0cUVBI|hj0gtOMHlp1S
zF3Ml?D^peZ_lTEG?F?FdD6Qgk-%=PNnSR|bw(iBiBj)12aSlz#;)F67+YAOBsz&LJ
zS-A17hTwRfFq)4l4}IFgVGEsEFBZvFQz_hB-9LxU?5K|2SXK!#_N=(9gQ!m;wWDqd
zTJ>&Gr=vL4>V6Iz09HG*<B1p0AiZ4u+yzfT?zGY<YZk-nqlUqPA2csqu4{7LbqZRS
z;C@NnLH^F%>nhk128p0yd#=oQcoci9!8pxz18H0Hro?+s)OjKU2mLt-`>l<fBC-~+
za&?DWELi;<Bcnr>dhWv14sxwnuRC%`x!MeV!_R&3#^>jFp?`pT-656iB${swq2AR@
z{VAOTk^~OsmYXSDq>EZ=ARVZLg${&ZTvz!E()J)BF3Yh{EI-FDY9Q733P4|0*2ee^
zq%IxolSz7}I>`39aSa8{HoV?S864a3sxMJ%UAt^aOJewAhv|c$Z8G+zM3b@46BswL
zABHO$)y{0}-jsrOmk86Yr1>K)CxE(X5_Xc5vxPr6A2-dR;#vY@HZhQ^9A(<;vIy^p
zRR;%`e@T$q7iKiHeq-};Edy9N!I;d>1{-S%ggyw>MzRjbVKL@Gv_Up$XfQArf*CNC
zKoou`XXGat5a$v?3x4XEc4D{7v_Yq2w^cq5peu;z&ri(PPWwqUuW@n!WK)Tdd!T+X
z_jY^`h0Rjp6z%%suksFM?U~<M@=UE<(=^StIffQ>a2L_1v^49F#@RGtQ1Elr<`O?A
z)uYxivbK-UgSwyi;WrVBsm8RL++30Q()$=24Z660k#%04tZriZn6-|AmxBrvQ6TzK
z?z`DYTW=~yVV#hi0=OI&Uj~%O4B>y$k))iD`+IqJtuVsAJMrsx0swzV@q=Sd_9s0+
z+sy|mTixe#Ztkj2In)$2o8RvU(`RRH&KL44yYEi;`RyBS|IT;d<<Bs4`Tpl}-Pa{P
z-VMK_rEPb(?DwVb<R^CL1v>jXHzM?bIPL!r<^D{AZYZtAu_3i}W+a~zJ6=@0!ypm`
zBj4S{d0Aq5z8-m@?>#itxqL%DwcLuya~Kqx;su(AC9_ePVw=@jG6P?gk-af(@9Bi=
z18j;znfl7!?3@P$@ydU|D{kO+I^po2%<7<-ayUU1pgK+<==!;E<zhnfrrZ6OV4Pk*
zvw#@=J(f#~z~U<@$CizM%hB=F`<GVSR4?+A<5Ty?E>CEPTd(d*2=&GDe37e!ys@wN
z_Sl62nN<?(t&>ccgd#>%?UO8o|F79qTg0Q{GTjbE^xs6P#r|cQrF$+3g&yV9s>i#!
zKuOiQcxKY*cp<6WPDGzEY1;YXQ62_#I4Sz5l`KV%-szX+>tn5%zh_4M@eYE})IY6Z
z+v8|xWa~uj9gbJ}^&-&^LUI)vIKfZ6&X4c@;_TQj`^MY9cC!9(!oHiQN#g3^(n(<$
z+?R<1!xY+95;B5d&I$HH9FM_fzQy?C4fjKnABowK8=f0j{*SiiM=M)?wWI0ZgW%U$
zVWG#iLW(+T57n5y;6ruQaF6VYhk#?C|5+Ev5AV;4$Ahe)quyAy*&Gg3AHE=TtCjvH
z8Xu|Khm+8=D6bFr<iGQQEWZO$qRNhthwEzb8p(ldyTuWQtP*pj6(VdF*}Y0m)E<y@
zV&gN76$_MXzs+Cd40$bLr5e`!VOQ!E7sqp>&BTK+$C;qiNd-AhHtEM+8h^5*vi)}N
z9o)yQ#M3wsSf_jlwVVM{I5Xkn16U!(s%@UQuC4r`EjPNeFGj$>1hEfspHOuKX5iTX
zWp+M^E=}Z_BMviup0dK&&_kE7!1S{g8iYeP0L&0)*w}2G{bTh((4Rw9gI|zOREc5O
zJRo=%K}#DqpBZz)bw)j`A5FwQ2a-;Ps+nZy^^*Q^ECi}`XHAMMd$abo6Z>kU`MW;5
zYhrA0<yF;jEnE!=%xU|PjjV?4wP)N69lCV5xO%_Em*hMR3vb(TD_$38z`1x<!-q_E
z_M5ynaGmGoHEoRAGwu~Gb$6-6Vs2@){f@1s(+Tdb_WgLBouEN|W$mvkLUP&FywPdy
z7XH;~F2+i5i)}BQY#t29c6r~v5oLqmsH(4_u%p;CP7`+PZuzajc24}B`Gjv17`ASn
zTi%?yBXcI^JF5aMJCkdLu)IwFJra0p5s$Y&Q3avk@LVN9mZ=gOeA4ru*?KZRN|%pJ
zYLTo#4U3k}&=_pZA|#U>>p1`;N{r1O+-+nOeu)ahf39p|;@ZK#D*hLJtEA6$uG$rS
z7*3bs1uv-1nt<liT2I}ko2(nPsMT2yO64JRm#&;kiGV{ZA8IXsqbsGe2+oDgOPk>2
z2zrF;I~%H?UsU8zaA>zOVc(cN$`uHG&WESYT-YUlGAKB)^$Z>Mf<LE-Gb&E_hb9Q%
z*m@brIx3H@mN1{=fg~VqXk#~o0ks_+<f#m~X%ae_6gT0t7-q2L6Cx}WBBDX#pOgbr
zk%^C$H#J-nOq|eXL-t;2+MoNQ#zMyqyj>MOdCvm76rXAhe|~Mr9Ud3Awz=`Pir?&O
zUz}P-e608G%(%27RkV6E&#j+5IHtb32j(T68)MO*Fgc+V&z?e)pHI0ZdUNin3~pUL
z-sn!fPfEI_S)&Lb=kbE1hCR<NHJcUxdEPy>x8GbJebfFU?6gnI9x{L6ioppJakW-r
z{V5;8c4KpK=?1b6%>~_SP&`Cg^$?oXi3p9qL4w7h*KF@Z0tqAlzPCWZbJ;$GCK7=>
z(nrCtUhcomK(Q8Nbeux|RSjI}?XF9MaPpAgf(QX-<ni@bm?A6kq2ad{)~Qa3h+QZl
z`~Z<9NV23fG;=HgV|%K<1ThQvVLj5A$w3@n!~q=&ZR$!;`LT%QfeT~!3!dslj%91O
z6fKUf$A!ObE*Kqs!`wyFkkv&XBgd?s!unA`#ORDAfGV?a#xUDCAeoY`R?LXx(`gy+
zXT&`@Ghcc0)w*{3(<9H>me<o~VDw~Y_lue3+l}Ye>!a(Y?PbI2%H^id(Hqo8zmD&<
zX1^D!&+Yxn3=&34m5%4d1IK2^=Yu-t&mrBwqvGus7&jl3Y=+)D<IgAE(4*p=w4Lec
z>nHy4@sFU#EBQN*;#KjExA+I0FR!#E^ev>ie3je!u%gDtja9Z8x`M61QpDYv+uOiH
zzpMZhaOjY<+HF#r0sP<g9?N*p@;}i=e>VuP?|KfXFj^jG_kA!xw9V~Nf%(Zqq7vv@
z9kM{6Fuv%a#KaWn8B1~y%fN)Q6W=O;U%WD}e*)L(u+xu2sOwg3svq=3jk%J*5y1hL
zj06iCxl|=;MX<UB^CG?gYTewL8Yj`6q^LpNJGI<vRSZ$ws7`3^H2$ec7-rOdRm#2s
zM(8ynND*PaG|Mh36M^2#_QEWU$fn<0^xn-0NNtlOz)F`Fjkba51<!702luHB%)5$}
z;5&ida7V5fh3nrGHXC9C&rG*PI#$LZNwDvauu;8*%^VzCUERr23H9QZPu~O;Z&!WR
z=8D&~owMi1<Lk%6#Z>{)cWaUfxlxXJ>(!cD#o-?d1OP@2n`WS;D_k@a@wifJCAiR%
zXlLtpZhZK!r#(G5_@9tl%4SB*df`Qe7ost9v6f^qFX$1g$5i@@7Q5>-rCFGq5xwe8
zZZ|M?m@uded;gA4T}%@xvVLgRPnizR{}%vYK%c*7FP-+-n6S2HBJF6=;J`>4_`vvO
zBZEcI=0A8&iM(dXgJPmiM_h5#A0~{k;-vP%)8~4l2>4y=6e_8f*oVnDHYFG2Do|dm
zOj60aB`h5PO}d!La&)pr<qSWPaH)@*tGVZFrtZaI=H**FQd%m7L}t1HL+>ddCrW?k
z`*74yfwT++QF26e*r1>19n|EsK%&nzR4o}brX!OFTPDz(e0vki-f2?!VUqaB{SkN`
zi_6-Q$p}<m>S}@qfw7+8pSS^piZ!r7wJO5U%pW+q-tC>5wB`-X0~U$a1jHv%C1hh=
z+JQsa4ZWppGTe`up$_8-H`%+Dn!#X<g<j|NR+OHUA;x=VvnDb$MG-;cJaw%uqQns*
zF-mCQnJgvR3L+_rzhKC24psQU=Y_c5X30*_WZOFP1Q4(E>p};^twPe)rO~29jsnoa
zk?=xiC%~^lD_WT6f{=p=fj%c(rkq^U;iOc;Y~QAHcW!PAu&s@nogUw`dRjROY>K|+
zs9M1-!Vpdm*%r)>^4cb0O9h5_OM(M#5hpX+Er~)?Nk>IUst(gvIu{6hE&^*^X7fuC
zMjM3B97ykIug<j9n)D_QGNweAKkbZK`?3F2g!=};X?eCWwX-;z?J~4%$i$?!b_8dB
zmf~m`6;R~XCK#`8%|xxTDmr(=ORAWk+w`UHNcu>)Ib%ocKgou}PMfEi5hq9{?r?f*
z0QD1Q+%!*BCR`nyZx9hE9%3Jf6r(z5u1*z380Nv1U7r@zrA}IPF~uvZ8nMvTuE26h
z9)x{!#5z3F`I|Ru@CkRg3<C1{CwLY#X=+Xn3CNx_zM(_;R#PSNIe>3rCG5l0S^|ve
z&+p!%AR2RqFvfbLPeyJy#NddET7ibq8g++2m`lPB#VF$f;zYsXH{70b-xj3<us6DI
z=KUTE;{gZM#&%yR6?hGI1<=MK^fU+qk!f#|!e)yCs&G{gF$(r4)9XBHKIP{n0XBLC
zGlk4V1k*j|H$;$kU5|vt=sWUapt0T>^778E!WGBV)DBTGd`(IuiZx$6oI=^852ppP
z)PPDj=70u4h49hwaMf#50&pr9bj0dFAr95S=pgh7r_`E$?nv!1K6^`VhRt;b&fYK-
zOh<h2?johOFa@+EhYEC4uB`Q*T3DoW<x?1!6*~8MR@J2CWOf`2l4eFMDAkHo4M&F<
zc^vO}Q}&%Ui!m;wQFD)3>pb1ZYyDacUI1+rg4<0>X>dtP`b0UQu-t6?CZ&9MO&Jh^
zxV5^|AC55Db+dN_r~G!jH|&oG*phIu6T_;kgP7ccKpCirN4a0-o8Kj8__v2gj1V{y
z{%Md{-A?2_Sz#_n@b-jop^M#m2S)pV?)haOF0Mh*7?<gqt%Iyh!7M>)Q{VW{^d6^1
zFB`E7v#ac%1*Jmc*JhK|;cxJXscFMg!6o1?zL0HwwRZJh>5_!9W%1!tIuANiGP<8w
znl#vKbIs>7Gt`8vJ$8%O$q}?J#ak$gb81<11rcs|u%ZK3PWZ43=>BdIas^nG(<AAM
zA;o1`k{wx%1zJ;LD*cK{^1LNtXWW=RUK`n(TnqNCjdQ_eUED}Ki*YE0!HLdj1($Uj
z)C#?goXT57VC2Qd5|fZ+;!;b=y_hXiy+|09lXGq<)E_?};MJ)CY$7`HE)T2W7fdzb
zl`6@mWGwqm^3oLjuihY$V4CKH3~$e1ONeKOBX))qcam0>y8o!<UQ$xP6&5VnRQcBt
z8waXPP4g5-ap<|X_Fb@PDkIt~+qgqu*gwN8%DutHK!=VIS1}AN45NDi>mhplmj8A(
zUgkWEq(CAN84fhy@FN!!?rlEHt~pO7zAktbKJNpy&$NH}J84*>#d;3ORCLwe@r*Ls
zzGwa<ZVlMh!gpY3ke4aCOMr$alydY!CHLLS&fa$U{C8fL2)C;D$J3iQv|&?a+$}q!
zujMhforficV>ar0JAH=DyqGJ-ysEFiVk`FRg3RMq$z8Sjo*wC|CLizI9(Typ+1tQ`
z9YEIB+V!(`XYW^aecQhIt4j;@yUnVdp{{#Ze%)Ng2H$pC^OCZPxyscg5qifmS(#i@
zNcOZ=?COpC6c3kWW@K2he^R&0kz>v!jIzUAl!s7a_f5C-d}r_igH1)o8{sM<FM)N)
z_)iMOQ?9U2+%2-0pGN@+|E;$y#5fwnLu4g6llg7Cn8xn$hUeV%<P|qz>(JdZ5}DkH
zl)gMK+ztNL-a4$eq(;E`@Nk&5`n@)bmDjj~C~x#f8^9w(Ae_te?`4m;QJP&x4ppk0
zm4X|})C@Lqk4yMU<@=Vjq#+GW_u%2gyO@bdxn&hwN?Of9XT&nxr6!L&-(y0kp~?b!
zR9!v~v>lMx{S726fgpV)+ZORH5~WJW`E=he+<i!p?~INR$>tD^iEnpCPdj;raXGu0
z{j+f>sC0a+*81K4cxTGit$7x@|MB1boQXDPJQP(xAV8k;Je8H->h0FF&E7r=aSrY~
z-UOE>Kd_j)<L7W%vG-@~;1U&_T)e+cw+V#~K~o=RO7rg$qSQ5*J%`YbCsT-F*JWL=
zAXa2Wt0vJ+<4~Utx#5V<gx{TgXzVAZ+B3AKW%sGi#5ZGRJkt$pP5XV*jLK9qsC`#h
z>xWARZS#v7n9dR(;}A?^gYPA92}Ase^}N>jrE5*DF~KfBSWoK7cs*A?R=XsAGi~-c
zU8^(Psq|hRlc}loUln0#dayIEv2tg>HzbAt{lXbXk>c`Y9;_0C{<?r3IBY)$CS52Z
zyj1kA+P6|`;o6dn`4QTRd;K0B`Y4!18PB<bq031IHU<tCh;nRm^b;ibJ-<uRbH3d?
z`=w(1(MNvy3LCQJ+u#LcKtdA|okmZt8}|+s9lO<bt}7!0n9JBxUQAs)`B+rO>EiJz
z)+l%}W5PvqZ?)GZb)6xbOmVwcu8}h|AkDaZ4H*It<{==p$#j>7<<6@coaubNN(F(%
z^vZ>j$MXr@eSUg^2|Yd|BJM7>MGjxzVt(m26Yq9|8zF6Kp86E>L00!wnP#hE=U;oL
zdhQAY^VgT}^3&z19?H5KOO<-E&II=9sb9#V3kIeXyDrn-IkhD@x2MhWjJw388DC~o
zT$=HkUR}*>^Kft@n(dBmm{%Nh<1rJ>zVhtqJ^CrZm~{!i2+^-IoY`U$RNWfTdGg$^
z2nZ^-rhgu0JJ=p69tzq#>si{TKDAhlOV;zzG?p;0yzV=?mryujHSZi;_?gd6Kls_t
zPXG4IXQ%%Pp8pHJ{}{f1<L5p*U4Vc8KK%P_c;AJ8|4aC77XJPT`1{|2zdwP$oAB?y
z2j#x^^PinQgXcPb?rHyS!Lw*R_q2cY^8e1?`0Vt*hG*fIKRf*=@O;Ss{SV-I4DY}9
zE1#Xd3(sYEqQAl3|NO78atpt#{@uLv+3BCepPl~tZ+v$8U3ebwfB!>x{!{qvU%~S!
z{QVEV^4aM>=kNcVm-}_?-x5P&l9a_Vg3sUjZFo*ql$rnix4B7CWSG=N#xXeZ9&IU9
zoPK4^uh>BZ({9;a;XkSgN3h7cT8-k5U|TmXg`;@(R{U{fU2jIxa3)f7H}XvFXx#1h
z_GtNGvRfYBr$P)Nh8@O4!!SZtWQ=W~Qe&+LtR3U3J>I@|9Ys*?&{8%o+vVu;Tpcs#
zT39wHN3#7=Rfmdg5(*m+`#I?f)_asW?nu1f$o87v_sxxHx7%-y+?wpQQ<1-hdXMi%
zWP%c@C|{B)k#ZZ1Hku-gV1%|)Fbm>lJb)d&^DOSk-}<{Tl2&^YHOOPK!TotCHfV|w
z`yw77oj~Q|!Jt3nF(KdWk6<Sf0SEiT2uCh!M>0$)ZoT3gMvYT2d;RqLPY%;|-i??o
zdE;PI#JCQqsioIhlN!T%cZ4A<D}<`FBUNr}#&_OXyYuea-7D)GGE-Lk_S(iBj8Fn4
zj5wCWn<*fJ)+qjv$N7GLj0S6aJ&Xm`&VcAG7Lt(%w#;X~fhCu>fQUm_xwXq8mCE|&
z#^pI?i;pg&3IBsES>7EXZQ%36zx&zgAHnl`@cbB_b5F=8sO%W+%Y4EwL|(+QSTDV<
zG9jY!@WsgLSQ>jpbh)_Cp#y~+nBlU(cNOHjES6!~phR;mkks+}l@$uBfk_bP`&?tU
zGt5U<R&u(L#odA4N8exo8=HgCdank}G+5IO(R4!;fP*NAW{>mi_K{pxbVNt7ZF!j-
z!sceaQ2>HU-_5%Zn!|%^D1EM&TQ$5F>4sPY6qf82lRSvmAl=334zt~ZwJwao8r+<3
zhC9cLC@P18W)GJ(cMRr-P~>U(Q4cr}9I+F8B}niPE9U!Idv(xZ4pJgu5DZ(KwuY#E
zu7%s5Tc%Fj!vBk6b9B6%@w6Lg)ohcX)aJCt@O;T(H~6nJkpY|b|Jqz6q*W!I(59~m
zv2f^z#-!^TG-^x5dM^_{Kq@yw-D5`@)FoidCWU9>v<d8)w~F0tX;!Zecy2i>flVlk
z2MR%2z^U=gCx^J*)-GS^$e<fZ3*K~<9FKh6e5G7hDfT!bX;-T4bo;FXMWFOxlr&)E
z8-VbYm6)UO7#cN)59fkiMa(Tl>|XYi&#KzoTmufI-J|$8rX~UYNh6hGuV68m^MJbr
z3NK_W2oSa>J^YfLe)}j<&U-f1w#0mz@exBJ+UgIEE`k*3McEkj%Mn2h`CY!HXYHB@
z?r<x<%%U;z7@M73Zv0uBwsdX&QxIKZNbK-86h_MS@NW)L`?$<&(5ts*)ZE8&H2Qk*
zSviM4$jI|#B#K%sK-_Gw2$yM5@GO!!3OB%S?hSN`+CL*HD&g@BC4fEN;KE;eXLV~E
z2FzlmVxkY&rcCqm=61X+=G|)VXoZlGKBddCZ<CUH`2Ef(yD6t>J>Fh{X}hgE?PHfD
zv_>ZvH<RLC%V-TlPE=}-<K5CiklzQX{O0`1${YgQ#yy2w8Z$Ro!5jCq2tf*gIdx@d
zQtrI>ezggB$7IbjCV<+s!xAFX+RDnzoF5jiqJhNnb;Xlb^ieJgK~cIsaVX||<KUxK
zi^aIfr=GR*IBReB`><X1^j=8}_qB*k`eX?sDEI2KAm!Q3r$ED5;JKIHl~+0sZw2e!
zLevjmM8oo~F2%y&H2co_#@p%kCeP~(T+G~5UGBxMvG7!Xb9;sQcb3HhJ)4PT-?*gw
zJo|J;{C$O$=11>bamml2=QNr=toU&fyZWMxufD=;c0C<KZ8Y2M8pmtRT2t_o!jB|@
ziyn$|>eHY*&R4a}R<didv(J&btHPQ(Uyj$|Y(*?%jWb$|h{hAEb$X1ZxsXycWJ3bN
z3rA^R9}OCm-eAuQLtMC|YXQu9Be{RrbKO{r_FU(=HP30vGx4EhXXcI0u-%=ZZte68
zubt)(vhJ1sc(eeZ#?P)iyZ%P{#%ovlgVDlHr?*h3y83?eNpm56(ix7%&2HN1wYuYW
zmM=)%bP6R8`@IPO?Bb362+vjp$_c+dAi4t892>_H3T{ul6s=iO*Q4&9xkg`(E~6;7
z3&Vr%)Sc13{9!V!S}YV0D)}zsu~h)VXkrn;YW7&PC4#veM|VKh!#jXom{GBL%Y|u5
zh#h##(oK<DmZ%D4cc7VAn6qkKYeH4D!5Vj)!x+Ac#73mxKg>q^eJppUKkmU<@Nz`b
zGW^@^plboV>;SFgfWrDDReX!CBjTMb9_P>+b(H5Qi&r16H=+hor(mRB!{3*#eG~q#
z4HAe{46sBJ3-H@<Xsy+R<_K}T0r*;uzu>h5X(w@1F@wzIdVJU%we~aS&nN~PZBMvY
zqZ2GMr)YPhMjStc6$MRX9U8MCT~x?AF%Uo?fcU4>ygGji>WunvKFC^~-J`e}w>!HO
zO>pEOD<e6x^-q0jl$di=4kjE(5f?=Xj4IHJStuiz)$B5+-GByhjyG`vAR!oD>~^M;
z=fK-B7}d96w)UUq@j@IuXtp-D8s(`Posq0jh^|-}W^3Nu1rj6K5auCpgLId2L)~BB
zUP~W6-oW&NqCL9zi}3;$;2T$Vkr){^Kk<T2TO+vQ6w$6+VYg_oNV?s)*?rnP0zBme
zM}>@BX9NflLa;#XJ`sl6xUa3pdK|&~p}Z>-)KdjvPu}ZbLbH67HDTPgvTPaMxAsS)
zLB71Oum>YC-hqSp;exp1V^@5+nshte{?5W79B|pJLx#{eY~z*PL!<ZaK`oMo6Hzs#
zQGCMQCo_@vee_!6>em~uF;3AK>@<KEH6!ocgb2sRZYMUFO&{vwqeQzOl(HL!L^rZC
zC>uIy8jklCq_;+0G-1$f_VzU0WNZbPC9h@-dJ7aCf-Ix1lUR=H!lS?=sy94hgUG*-
z7w^mkv|_Xn7lDgouS&^__nZPtCPA=1QC**68p3=4vm;H|Zj$!Khs<-@vX!LHO{zvj
zDayU6F^4p7fxI|p#{%|sN#z#E8)gnSp$$}T%;=wbqB|!uUP6;CnWjk{E{ArE4%Gn9
zL)$iepOV79%Gj6|i4FwUe)mZRbL1Wf5M%hde#kd;<_QQ34Gn5~t)rx2QH$d5iC?2?
zQ<QEPO3rJ%aapG<3N40Ish(=Hc6xG6x%j-qm@qFI;(GD%pbfa1CA92>b$vZX@)jiO
zh;d6n;*B<8T)624lxN#;yPxH{848mGmGl;=p0k{(gnEiiNB2+?9qXyVay+$~SQ49N
zA_SeSNEmLwsSxCpZs#EDqIF3V+wJF>fC2(Y+#2Vj{vqFg^Lo7Bf0{kP(93qrL}8P|
zBZiNL%^tG^isek~WI2~tdKkACbI$SY5-aYb0clT4CLlK>A)0{iUL$HB!H&^srK<A{
zc2lAfpL@z&S)n*qXyL?7qv$uxs67|)WThGdo_8T=(ctsBvk{Dy<nJ|c9lgExdUOin
zwBx7Wc+l^6rzKd4op)iL!6su1oM`YjlgV1p6cek=474%Y)guu&C(Z%NJP22SILe)v
z#L&)-DsSddB4X9&7nHrh^!tO!u0fDe99szwY}9=@PLDBJDNcmsvYC>!GAfcg&~ld-
zJy?!>oP*g*tF^?^fAU-C0@lwPI4O1yq{H6T*X52PPki^9D2E*t8QZdh;u~(266YjX
zs=5`9gc0vDAaOPv_J_;yD$MZS6*}>X8)+rY!#t%kE=*P_wChE4nEp*Xh=|=q?lNpM
zkI|r<UL>Z_Flj`LaaVcSRU+*qH74bxBDB?7<A>v^=Z<1;YCPf3Tv@295F>?N00C-A
zsN5C;<eBkrxN^#iSk0tDS>?H?wsCqHhCwFYyH4R?7u}*PaKiL>)d~>P_VpRDWIdea
zIF4+u@945_5ri*%hazfqm(pS%CyB>;A~{Le?$geh5f*$IHd9$IPl7U#({;`=W0r?Q
z&x0qMyQ$%TH@cDC+;i`RjUgRG65Y0=Kz|ue&~Hi^+U^mb^hs#z6rG7m6W^ivO<_%>
zQ@n#4=poF%LOS_K91?2_5RqfPSdZUYDczOlfuukU(6SB(Y(!A|6X%p^lIuAhuiwRV
z2={N0_44C9(-AO?!f?xwW|9r%madA|5-xp_v%V0;MD)c001>a~$gLHQe9-8~q30k>
zb~>X}V;6w4`Nk~m@wZvLF(WTFzQygYYnK^8@K%FYSFCE28?))&Jt}rT%R~ojw_vTn
z8fJ`Aj=p!cNTm>Z;h=(|F4>N+`05Uf18n<ti2u!Awz*50_KvL;s`J^J_`>2RpxlGT
zQmNj{jm_<JYi+x>sGl_1EJEsXS4uf<MchJ`XH$XhqJ-nRawA`upPvDV_#0@0Ad+mO
zYLlll<SJew`3Uux{R0$|8&roYH?~Cqm_z+mhh%S3=3~u0I8XIBG*(L)<<Z1H{stVK
z58_t<DoaOAK42$O?Kp$dw^zGnsl5tWD|Kvh*CvW^1(t2Aq-Qf_)QAu0ko%x{^oRhV
zeVnaGDn!fZw2qia3?*MNhDTWej9IiSoq5eADvK|w5`oEfgR7EQ_5+!oiNY$f3u7(8
z3kqTkV}pWfcInAPicN`+lL;FhEMl{jqQVVDOR-nktjJ8QW3XsqU2gtOPUIUC)QOrR
zaapsDoO6^#tTBCWzPomB_3{1f^#5n?O@kxJ(!;Ri-o(-(Y0_L;E0fvS;xy2ME*y=%
zfa#t=qpN$c-3`DvW_EXGl$)qZ0J&YLtgWnSG<K%NuqYql4O^B)Te4S*uq{~(kw5rD
zv?&Ec<ZjQ9l)XHx5JQwnJLH2V6=Z}+M@Xi^YYG0ocfZW{@~8vH%py8FvohcDz3+YR
zz3+Y3TUp)QT3TJMVPq%1Ep$^~c?4c{zBV;Vt$}dsq;I9%OGRoLg6#65T|SY~1t&e6
z)b$G$;?%R4rsKx!Y=|jyK08K<6I*r@?g2XtwHIkgMjb?UcgR9+nMS+yv?Z}jsDIu4
z4yvq3ePL8xS*ty*2UHDIkd?sAd5ZUv@<D!DbwC9QLeN88epz^C9<g7sLy*}B3wc6-
z*s6!lR8LaD%^c~1rC5Tlo=s%Upe2Hy&gf`1a|uWq;&>{06d608>L56X_}4`i2ZwyR
zaLc_sD<Vh4<g*OHCIxPK1!{{X)R=9y3|b;Xvr|p5)=(rf$)GkFgJzSaY3<CI3ff#&
zNvB+b{}xa_+Tqc|kX$0U98*Szc~OPQA*7bZ^{7d+s)I)i@%5#R&Dus)R!quQPU7qz
z%BhknxFGp<)XkhSR9UL!*(Q@`u&W9H{J!orbVEl`@R{ov1+e#Z2Z*ISbu63;w0XhL
z^e-^1xA;dv$CxNeSrfEbQz8~k*~!k-fZ=xAiDJOkp%s#~5i~JuV9=m-OPBXb9@g&i
zoTu3J0)~7V7;baVGqn^$+DMj9%b}6yWOgXtqO(l^ef2xWc*q(+eae5b_M2R=EH}u?
zKGw8*CZ~kx-I*>UdlRfW*QSZXP?|<B*ht*w7p|guAP-d)nX%piXi<tu%9b#YL9$v#
z0xuJhh|Ia5|5gA}j#oB91MmiQluO$Cskr`%Wn3q^OqZ%OX|s6g+-TyK1~5yxDBHio
zPccf-0#o>u(E(?gsgbZMr28w?d}T4>QDkt^68^WxJN_Xt4jz9tY3_f4aicQLZ<Ecd
zjIzTup+f(8Kj@}Y2^A?5JL?iv`Hmg3$_1$s4NB=IZ)W|dSTd!N9^9aYwQ?F_1Uk+b
zSogqhGn;x^=Yl)#zQ}=G%p=NSD6*kN29<J28b~X(`D6^UY_Ah&HN-0-97BU6ga~I9
zeHVG0(q3^Nbn0=;rfVik#m$Eh)vTx$xG1KvAyPFj+F|~(p#~ly3Q~HQDAiaSjqaOB
zddrn^qHYJp;l@NW$uOiWAgUHi0DHyO&KYHbU`4R7eixJw1l2?X`z<pCR<Vk5s!CSI
zB6Jd8wh9$4!@_(3GrFh=MmtnSUBEP0FyYXFz&Ru&3E}pVgn~J`z}pvJG~y#1Dndx%
zQf9c+2?p*|d-_?TJklsQM~cn|Q$XYJ7U!FAj%asd<eJt|{TOsHS`ZzfDP?f9^Cfxo
z{LYtf5Rvs98=rud;EN;*nYtj_RcDt;ZNeiu@+t!!YayE}RpCJox_4F1XcFP!qgELm
z@}MSd$msYtj3_yBGYvoln52r_<mq6?d=*UV#^i#i>lfMEnT0X2=m}txBIYD?iSL#m
z&}s+;Yf-5blandBb~HN3B3T^R`{L9Sj(<KRc>HW~W+M5@3Qi^<dIw$>P{{l&KVSu@
zW%j0fiF}xZMP6gN1k+#LS5IEa&uGbkH-;8`oN|r$Qfin>)R62)t&$X0XoW&cK!2Du
zou-+99@MMZZjq^vZrT_(oMnAsD1fmrrXClDyQzIJl!No0+zyxD5D#HXJgDf?vY$})
ze58)fk%$PzU6tj=C}W?D8J@XypUfJ4fEY}QdMT$IphkF`1l7c7X#A{KE!G+98A7zV
z0BpBp#4lc4X8nGg4Kr0*_Y0y)wvhtDM&dbu1*+b;A0Sm8!<>>a9gAZLK|#ThOh;B?
zTS-SY;UhBU<f1jed_`XyZ2*+IoSf|?wIf&MNqoP<J~5jEy#oE)!^me*fS5^xc^V`p
znWmhYL!p)@#Q?G8cde7$XJVHrHY092Ycs0*&GbY-UX!TV#%7OKxDybIo@b(TQcV&f
zmEd_Lfl7kbwm?DwEQzPcabrRrb-f%b;+mm%Hj7zCLBy5c3XdFb3M*-EcygR);Ak?t
zL-oNbz%b5$dgF2mCOZnXW0Na4Q?3GvaCB{VniC14VhOtR>pF>NY?lw4B~gldi!SR^
z3$3EnGRk%*#;3>m)c3NU1{fIKP2e8vCP?H5o?#)C0ZPlrW*WviPB0y=n}zTrjZE56
z4CKvTL(;grg8mC@yAv0uFRB7Rk`P51(Ae>D*??-?Lly|V!Z68;?kodVBmbASxWRXp
ziTZ7KsdeOHaAOMo7I#I_x&zW^*2rAY6HDSy=wuw>WEH}OBu3ZpacNO&{Nt`QW(Iju
zt&y6M@eJKaS^`YSbgFq7vu$06M#io$+;Vy`=^kO6O5z7>Z#-n7xvRvWRlG!xdn{!~
z30F%!&EO~6p|<=kFOS!NnJ>oFEuV%di10fW!@_^Fs2<F@4kk#X$v8kOT;eaZ%R*<9
z#OQ0;y4ZE0Pq7G+7t{MqJUQlwn#c~72&Qs|`v62@m^My@I2gW)B1%dOlf#{y_Vd!#
zZCvHQ@)e4iEj|Zxdqw7=Y@Q;8Y{X!yNefjb2g@9!V0cpOo>`p<SS;w&XF&}~vhkbn
z5tA>)=9P#I0MlI32jJQLZvwc8pTUy|qm49!tPTerrw&~8b_)l`Yt*h;WnR<O^jhTj
z1`=wvByDZEy_Ot=R?1Q}sC{h~9ar`wO}mT*!=fbQjmQk8n$BI8RgNi@2z!G7jKN@U
zse?hXG490HqzSW_;u+(>HMpoGhkhh-boKK)@3<FWIMSMURRis>#B4OaMPka(Ss3R?
zKC=tAcM=mvSwsknUmc(1(2imT*a9@h@CijYTa%_?o!A&@N^-K(-{UhS-4dp|`WCB0
znQ{1wXQLkh%Jd=`k`d57Z|m^sUYWAk+r9?@2huVK=w~_z6ufb)o%VnTo|1zKI@*}f
z=vP5if^LULuue*d*gA5EoKr3+3kzGHU$1$OYMYx&_iNaRM88D!oR@ER2}t?g<>_#7
z#huyHdCPgG%Q(Arvxxu^KyX2!>fG9=7bYVNMKCkPiyzc4bOi8osD}k%zQ1ExpT<m2
zDTF0g*E4iKsf2M(k;5A-$VeXv$(_rh*780eCumHlEH3Kx=;+P#x?(hM^t;NlMmc56
zlM?}tO)Vp}k71Qq%w&Lr_m6haS*y-x4xw!Jsi+-KQFNF2#+vQTZO+hQSgCemm0c{J
z&ww5(11i)uDfQk-<}W>k7|gk-kF_w{vVh~r-3PG*%0Y`TDkxzKNmxA^8*n?ORyeHm
zm=ayS1)drgmg>dX8;m?)9^B@komJT&_G(6%e|fXD;rbn_<ZAM^ELA6yQPBBRc`sO}
zw7!OD(dl=a*@@r+Gqq(Cv=G6t8ThFJL?rc!SsQGk*_U)qjVvto8mtjQ3(w2fEHY?;
z1a$S#3`)i_k4%<WZ+L8MYim+AAxY?gbIc=!Nxe>Ck5Sa1BW0z5-xlOsi;MRHfpn)6
z_>Y<S4{_KgZA)4Ta0F?IbPEBifd|Q@E$XGnUQo52`jhU@%%;~-^YduW3@ky^^wir#
zI16s%p+Qh-he184h^)j68((SlkYLJc`Pg=(o36&rsKZBF1u|exw_S_Nk;=|Mv1DU&
zL&jOS@*UcBq*7x_dW27seYF9^F=&Q}vLCxJs=QQx+%iQR!Q|b@lz3)QwlDehom-|%
z*+iKh_f{t1G+iaMqlrY^$XmL=Lhk)#dx^DOM3za#;(^cjQa#KiCJl`AtVl{+_i!JD
zrxO?Oixh5<9`g6ZA<U?nz*DN(R4W-wNF;NKAQcJ^!)oMW5B|qyFGnQf0W02C5|O2l
zPWeQJpiWR$GnXj@d~#ANNC(3OCiT#dQDXx;&pkZ+74s<RpQRxcpD?##F)rSz7#S09
zHS~@R$@+%dzVup$9lx#m%CHra?6aG^^Ar0r0vAh>-ljQnWx;fGA;LqwZ8pt)nk^64
zGWldok5AOLxPRl}6l(KCS63Jt$7V}KaOM2`KmEDmKl4XFcl_&c|It7Exr}qVX;IgO
z6im#I>X8fdd@R@%(o?v}$=f_oi-Tc@yaT`O2wx+|$aXnZWzS0FhNL%BaW{>zF_c5I
zsoyir*6W5%dJ>t#k4B&%8U$El1$UX^g+RqiOcJG|p+XlKN~yQ`iHGJ;pw`_YZmlt5
z=O)Te8tJNqd`N2^ch}$_1?EW{#`Dy69y%kp`Ix}W&I>HiNR(53V2r{q=o1I$gl?Lm
z#QW9bUQQC$hsCwVQ+_z8w9EqWRA+CP#+)g}APu@EnK>#$%8staS0%p9WC7BmP6O!z
zhMzgC7emQJMGch3UNJno+PAkW+p8P3<+b~(D_^MH#i&u2XRRNmT>7!@x1v^9_nX>5
zu+}(Dg3Ky<#)>5-V>-Ij+Z9@d_uA6K?HUG|)B;S=d7k?^s&Hp<b1Theu;(|II(t3r
z2b1Pz*+<(Epc{IAhluM2ybO=QO*)sXY(iV(a9tDNn;IjX78q=862ZkXW7Y+o5D&@d
zu!wJ5V^xnjut#V|EfPkY)B|94j{1mWm#AUHG3^uz>?efXS;N$HRy3g!!SHm+w2;H8
z!SAx-*%h#DPDO?Uh9T{<VB{*)Zs7^|SHtlSc25Z-3`xz@?NlAY(!j3t&1u_&x)(AC
zYw##3Qrn#)rN>ll0{=5eNM$z*&)4K83eC?G@!)f0#@G@9QCfJMcs;?QDGo5(ZbHYU
z-F#DXoD$!f&vQ!T{9(<xBLqeoZY9Hgzs7b!3OnNA5oQ%N#6a<$D=qO)9UhX5YcQO;
znQNG6o};TAQjzQlw+3Zef|SeLEW&xUBD<xMli9?6S`6cy1XzyEFF_fWZ@lFazGM@)
z5{GYcX|<aq3+?iyPRBnoof@MTWzMB|(j~;W<fs7GWo+J*n>^CUv<_OuY&r7+847Y|
zjlZhQ2$A}4Ca^aM-!pEipB+0w4;aG}EYNB?F$Zv{h=n+{ERwSU!=XBBCC4o7%Qq6m
zyrm1FC38y1EGy#hm@!tg$U5a}OSZ#Q2W%!2#b>JX$zI;1%g+-a%pj6i=~=nOt#4+p
zU^d&Xhf6;#2ihl@eimOcos`)wCDStzlQD}ny2#E!h~O)Xso~DKW=Xbd+K=!C!8XL$
zrgW@b0M3J?OmdDgbbfv)kq{NFnC*S+*h$ySwF@O`VF<NVB<o-ag+7V?R+ti2ds>0R
zh3oFiZiVewD(-@!-8s>|VD<&HFHDtiJqA<~XW~A=Y)fi;!tD~V0890`HatdE%bD%L
zeh`U}RZ^jlaS~_I)@?eOY)woy(i6Q@Rl;)T+g0T?lbU*Ebpc6H1iJK$l@HwGu4jPn
zi4U+n?sAPcJ`$uu39pF5ei`+^Hxu;4hm5-Z-691v;-&z*iUJyVho^gr9Ld7toWk*t
zXoU#eVzuyIq-%JQ_P<6CpJwMB!+x$P7Wk+ygbG+V+jvrhp0y}Ww5kdt#$2b4A?18^
zL9Lcv;RI`_EsM&>QnlbjZLLG}#2q%Xt8=%ZYWu9uH8wJah=D&~QV}EbAPq@O85i~P
z`8d6h9;g|0P@X2EB5AM<wG}jECfpyHOwfjz?p-^9U*C73nxINeH`2=>F(Dux!xg?_
zQd0mq0|{FN<DA-!Sau<b_cRqYGKn}(WlhJ_I^m$b;UAjw($xV{Fq3sffuXEhw1i0-
zA4Votmk-qz=QY0r^-|3?7llo^q7cOhO16uB&0EtMjZ{MZ6-`xPdm|V?3JeXtPGhl?
zrb;N}5?rt>9=E(u5PpI_bS{NAq-GM$Jgas|=NjRs;?eK`DOav50a6m@LM)E)R9CO4
zsRW%B<#@`of!JT%J}eG$`Eg^dCHQfII!m32z37DE>5k&XJro3L#zK>*;u6~-&Au?r
zBn+FUMPfH1E^V4FxZacIYl~nzm-iLozx@8tOdty}$i`0VzqdxoIG5?{6K0+Z^)qF#
zEv>NoQ=~0-3=J4`Q8yQm%XyGhvg03ew=K&WYix6}y}X!0r79$5TY7l`Z1FYFU;fIg
zl%cM@C8$xhimzLlWRkJ|7MPAF3)V8!mAMpLS!75m63cle!P;WZnaGsFp9->PBIsfA
z4mqO3VV6u52Xe~Or?iA|6SuQ5mV_xvNJF`8TN!DnkTK^0nxd@RV|Kij1f2GT21=1g
z1DVQKct9v5<5*rV%!*iQ_-%NDKbNBxFe6>=p{W~5q1_z)>Iofj0WEQEE&PwwrfH9*
z{+M<$17U*Oe<!VOb2%K6X;I5lj)&oY(qi{n38vjLI&AD6CQ9+~B{43XZ5eu5XHKPi
zb#iDs0Wwl;lKE=PPLCQc8!U&Hp-$PzDkmWh4bg9PsoH$998~#JNaj|_*t<FEi~cud
znfTGMu&8<*N*&T8e%P0G4w#~DDl=h`DI_>(caPWyqzKI)goXo8w`e71ZlelEe1Qme
zcw91793gmO!6zN~j{{c1a@0Q31pbWUG8H6DqWj&faFZXd^BlqEr2xtnr9=k<ABj$%
zO7CWdu$}Q6jT76sm25nKhK(OltCyP13@T7&3TO+$_R`BD)Cpe{s2K&tLczAF4hR&N
z3tBM+TmS3?bU<P_Cg%XLeYFk3J|G*#L@mo)j+)FjKCbp!2T>#34H0tEB2Ah&kW?x;
ze<Y+-gOB}Djdz<|ZGZtg!a=Iz+b~ko)YJD+6$mLbP79As>)6WplsV|=u2&O&SHrl5
zMX0_^mQU(v*UDH_rB&87S9QlOh+GYS(962Q%8W-Y&d6pYc)7?#2+yMe)7G=G4AoMO
z0;o`<69gj^IcHtF)ZZi^OQH>I2CcpBzSh7E6o(-cSLUz?Ocga75An1vk*?i~_sN?H
zS^%UY{*%<#6W2xb-io(dFwN6+lkRO6)E`6llQN<<{lrV>uHqRY54Hv3W$D7W?G=Q1
zHA44S;s{A6J6nnj)|}wS<Sv-liAiU{q)<?;Lv9k-Hff-e(+am_@nlwk((x2dcD^ur
zYnQ53<Q+%^nTZ81;pA0i$_QEas}rP@kz!|i_=C)Q{Yy?Mc}T!HWC*X5uFSoZ+L=39
zROP1I%JXZYPd?ikMW|T<J~=Fki7sV2lS)-Pj^decYFR=Xb{a6GOSrWucPH5QpM+7T
z8N}4A76b2g0;X~%cJTE4t+0h9?4j{zSdW=M4zuA{YXfx{ovnF-R`cjy)Y*=MJ4eE8
zkodYGkP8d+%qkJ>hJ-F-)-5T7LAIwyXy77u;4BnUM9;Fzfa7l5B-tk>GmM6ss?k(-
zVN{^S?W(47VMZ4ij<hd5IjDa2$-(AP3y|Cm>toWoD8Ew5s1>saVw^nWz$jm~+7lmE
zeY90V*4ES>8Lkp-eTIx9;+Oe^nrn%CcB3TgcAN5#F#OB4x!vr=OK}|TwQNlna_oum
z)wQixS61(PTWj9R>cf@Qn#4@lf}#T#dx8Y09tEZ(tQLd`RF=mB+bf((_apmC_XfgF
ztgdW0#kNG0dpnaptbz%){}_NqGEj7O$)qG!wGJtdESt5X#KA}#k9L$~$FCZHvfY27
z3C1ei)Z_@I(PB5k9PRK@1J;!{@^n~L;yeuUL$^k9^p#cMMf&XWkh`$fjgt+N>!6R1
z^a&oHbRDZVg_AbKvwz{%ijK{k&LKu_jw%pzEc;={A}4pOyI?~j)UwQ9GEBt{<w<)^
zr>golIh@gwaTqbi0y10}qY00AAP0Clkh2*y+^EGky*=*W1KgkAmEnqGn9ib3mmGco
z1yyssjFd1XKp3Q-i#r=#nbUHUXkBHCxXMF>4FbsA6_LAS&e{27hUrU0c7SCO&+Y=}
zKCS~VytUtndVBk*3TPpp?(9TQVO%~Aj_B}%@uoi0Sj^;CybnF5e1r!+R!J(dFM+p;
zR3lIKFpg*PLY8ri@kUC-j2;PO?wAxBg$g8@Xpt0rrBK-(uMODnx)dEG3F5;^NhcYC
z6hzQRbgfr^>$srrh*`CgM*Ox^u6hM)1&P?mYH2*kDS4&-@Y?)5&)89AbnpYvKz@m7
zmV_5@m~U$hf4mxzSk?{Yl>=zyGafHm2KDhACBo;Fn>OmmS92##K@{U$7JtTKq09Cz
zj3_HeOjsD(q^i*%j1Z8B0fiz%NOc8q*Vji4E|!TNuGn=V#ug8;d?>(JMY0Gp5!$T;
z);f$#EQn{3feO~b{}`Qd<GpN<vw*{y?QjS*Awx;@Ll}wim(fkq+&hOBN*0;Z{r&Vj
zDYsPjXVp@q$Fn<|!85ELKY`93Za<Hpi_cK+=67tyF^}ou(rX*Ftj)9Y10<6?ngN*B
zKd!n)DmH!QzzDoNC0W(b>A>40BTZ=LcCM?2tw?@CR0+<cl04w6l49D@NfO+RErDJN
zv-|4PD3b@tSF9#=Jg1B_GfOcHBqdUi$sjkWflZpwFadm4tyQ8B=D%c@RSc|CCFO#n
z7_FITdn}W;hf2A1Xu>o!#mt)c2v$28up+-g%|+`5!o@9-C_*RORK4bykUF(h(hPCM
zI{y3MpcD{jD-7aa1WO__tNi3f0Z<E_U(WVa;!{jJ`3;#$cl2!)`vAq1v6ppA#leQA
zZZ6X2IK@iN&sZHrlQWL=$ZNSYjmT^~#@;O1bWKSaO3Q+D%{);ZEklb&Q;^%zig`{P
zb;N{X_(!pxJk~{??<NlEC~ZU42@awshPrI54->R%a+1N}r%+5#-YVS&g^Tu^q#mGh
zlwy$>*FHP@CN2?Pv5%RWAcOFW)&?rwok?!#V|4Q8{=#E4iQ__ci|t;P$#aoSwq^-z
zAdpH@5H>i~0MJM>=7pu&i0=6H$A^B0>kKFJ+}=wM9sr<#m2fFC(~Jm95=fu)q3#A~
zi@0*EJi<<4q^5bEv7BL=@NzFZR!iWv@1dugu;%Q8Pjl!=v(^(CSq9VIlKik`eD#Ne
zvprVKoZiURu#*@U-yRZ$7n}4(>FkjHaJ&(7wrK=-a%M*#?urAce{57&7H(eigW!nq
z#?OW(QWmWrHlLgy=tRcwwLsmc3+K?(Ru&>F$%AF~?c`z^-`O*zHq*rGHd60XR3(Id
zMe(R?7a@CU#7N%uW!o;{UeqC*1k8>mtC&s6x1hDRoXhjDREK8)$wUBSLUCW=k<B8l
zVtrF;7A&Gl9nw^2-G~&8dz;gM;m(R>q0N~abLgl1s5xUw;<GRWGv+y%-qbNNgjs8F
z_4ipo*=T1i73HVSn;8@%r^|^I2k1P^EvGuIq*3`km_vp$eGCsZCp=e_vLKOK@th;q
zxL%D34it5~b!Vhoc3LK2%kl9%NOC$0JICBy2Z|!-(JIu!Ry+4QRTNs?@-U;OukeE$
z&@4icR?^m~G}&a8ovtoVD$KOIDYiJNHaOZLCq*oQG%Ht|VL=u_R1&}W5!u!p*!p5B
zcSb}^^KP;49Y_PuYp@rd)J_kekhhsWB!S@(wp1g9p()_Yw|FS}_`%!$KGC3`8&x?C
ztHA0%Q`+(~q*tIwV&{vVf7OD$&(D{3fkb%Fa#Y!Zn$9O9=TwO&$R@gt^9hWca*uoy
z@?w)BwBtMPxPdr^PQI71B#T5Gqtn{6A@$DC^&uuE#!9>lsFmHN9rOmwoRSI(%o8lz
zZFfgBoJ3#g6J?8Xh$NZ9fEqC?6)7AuqXn8o?{1z?9i(Vu#;WDLtrROp6UnL>nbE>j
zepKf~wHgJh$-dI!s@<q`)q=k@vaSJT4o^&TmhQImrb9Edz^F|-tFjH@rTM`TaulA3
z4hElrvc(_?7MN`sH6_G3k&c`sPESHZl-Vc7)5Cc9=_h3(;Sk&@e#nS8%@uj@=s5BS
ztvyRb2>?Pnr7IWYGGTP+v@}Me=*UPQy}aNS`7s=Zg*(1d(x?_nX{4luWTArhGqvB!
z@GC6!7-0xA!d?^!0Wzv6DMLeQ9Q1|M#P*{&uGpse%n+5_J10<(Nk3Uze{N<_3?FQt
zb!PCvb}lfF8l&js*K<2>;90ko=$TX;al;8PGc>%Zac3-T&kQ|7+g(;>RWt($<cV=n
z=#oIA`Q>n(lX+*{^?Lwc9=FRB1s3<8XQQimF_kAB6c(z_))1tHVXQ3u7(phYVoS6Z
z`hpz%j`3^)d4l^CjU^t#AlwM{!kBIq`)1F`TB=HfJt0$>(q1uvN**nkP=aw*H@ls%
zwdd|&$W^WRBnT_wa{y%KW3Af8--PZ72rSrb+VL}WR<PE1dr;hmB*yIBpovjpgGMqs
zF0WJxj@zG|t?aK7J(ewWI*){G#meZYSj6*W?W8;t3!Ylh0}vq-y%n)3mV|PhDx$5L
zGNF#W<cF{FD7i&tsM4!{p}2W*QrudWK4d=_MyHg&30mON(wKG{Nho?y{Yv{!eCOTC
zQwSYyKOuHykX_cp=CebU!$U9R%9?1*+!9Nz`Ao9H9hZpCK2VI^yh;<XcTI?XJ?sR~
z$p?P7N@hgt?fiIZ*HjT#GPIcCc(An&S65i%C5p^dXt(*PLtGCz!n0Y^3`$?evzD)z
zu{#&|DUhQ$n>10Ea>N#0P$7FVWC)7L`Z)?I+1qvj8A~x#D5Wx;m9FX39kH@!+D~i(
z6U5@{=_V9>he5$%-=>mH<^~lUf<<Xi(r?T30(ik>Mq%rDDo{?phqxM}=8Y9m$vqpB
ztosuxRdo^o#}Z(!2z9d7c+D(9)4C0I2$bG~T)zX8AeDG4r*tGfDF#UPrdje7=pw?b
z7VRX%l*JL}zVL!v-ucv$dYM6dw9kzLSIpDOHkEg#@zC-oLc*RvSvr66v~Nj%CCpcz
zm7|n_EmssP9d?YbVHUbzvg{F<XoPV)iW6t2$Qeu&{LE^qldX%^$=x<3rzYfnY=(>_
zt8*#kgp}1j6X?Dcl6?H<&8HeWk~jj#HkmX2)Ga!xv(xNGx)PDp1-itBHlsnBN|+YA
zG#lV$fY-x685@xd_e3|au=9YqcX=O*f#+nJFkVIujqSNj!#Ab2k}LT$VR(wdN-=ww
z<c-QON=g?kQx1l-PHVu%R1Fw0FeZr~bWtG6BwuSCT$Ggn;x8+Tr?hZW$us5@pbqWa
zDvG7NA(l14S*AC}zR@k1k$L9pl4Y69J;HntVWfFrFv{XOXOI0}NVZ?H4N??yzZ3P^
za_d@jsA{t(&1I6&WDA4M@}QHd9s9r*0o`yodSwqW<wYHlM%nP^_jXQA{U7s_hASbA
z$b@YKr-G}S{o!vS^Us=h6+<YdmD3J~Pfo7(b@HUPoM*gE*}dZAL!Se>V3jk$E?!UO
z{<K78{q8^2*2$fR#;DT$rlBE=$!$ZTFzZfGFFp%bbO+|@y-;W;mIS7fvXV4+u@Jf@
z_gWNuV3xX}-<(Kn-OOlwR-&awCZNE6F-uY~m=i(~aOp<RNE>OaaBeZN_Z(3@T(}|-
zB$dj;-0=;vi94a`Is>^cykKQYhq3W1v{>Y?7IeKRwql&v9?{kbYPp#k?8HuyXhiJT
zlIXI`Y&LXo<elP9)ZDW}*oayt7~#ETpD?VxTiVXG<ep8;FgcT&Sk*F$=G&=cXIpkj
zP-DM)yp!Ev8N1|!wpW(Ab0?|7TPq7okxLLG-&bV;W;q{$9!<uqrR}{T&*{!6=4IL^
zjkt`wO(Zf`QBp}t=U9FeJ=yLR2%T?1M|t(Ctsu)H!Vdj3s`>hK<0#Y-xtzt&04uOv
zlf7lAj99_*z8p0#l^~u1;1nYu61G7mSyl{DNxXDU`Mk6zQP?PQ{J3B_F65jIpY)iP
zuq<^t{*ekZ*D~?7*K(L1Szrkdmd%9mv)zWMG&VE#{f<1YK{j_!uXPYL!d-F<GwCIX
zom|zkc|I%U+m_Ie%Tuteb+d!2Gj~4)M`N;bmGtxV?jq$t`e*?Sr;8yd;|mO|#W8_#
z-e~EeoRFGWx95p$Lq>#MN8fMz?ArN~E$&~<Z#^aYbUI(2%bbG)NSHR?=(DM3gYL2E
zW$0ePKuNmKM#NBw9UIjrl`HKV0eO#fh$~$=c;kmL#0vyupgxpccGPu}ofSbDiXp<p
zmn`kTj?u5nwYnQ{bn~Ol2{g1KVLn>`Q;?Mv8q2^5iki3pA6T)TR9s2b-+ycuWu-4g
zPt4VfFYuZ8NTeN-NH&8{FDXh;Sox9eBJ$;ec4jNf$|h4#%NxgJr9;>^mfbiG(cXxU
z4Kp@MbMF~ANz<co-X26n00n9Si%ip~Jn}39>3}0A4Y$5vl>^_nWvdpXxGX_Mxk-Ri
z*0anr5QnglJuRCvJLvt(`YR^kzEuiw^2TVT*4va3msO=mge_Fk&S&a`(~4rKoBX7<
zLMwwcF>BRNOnZeEY^6rd(`eO-P!uLjZP8W=Bv~3Oz85v+9Slo`f*D;E@rtYZ%|rhv
z-i|fBSge?^78<_`l1SA~%jOkLU8CCN*`<4Vw4S*PX5teqQ;g<*)b%3M5>WLBpj+4j
z7QQxH5v8n#q}{~#RsCqv``D|{6ixk=U3#~5U~q#__D~1H4U(+HfVr7PxV@AV^SR-R
zFP79yY3w6gdP~(bLgkbRHZs#>D4b{w%n>m|!%0({{SWOjRv4<c-I*ac8)m?ibTk}F
z93RRrahv9WWA^M7io`?OLnpFAp?DZ;Hb!IdSR-NRA69(~ih*qGpdm3z<4B786nk-t
zp?a1uhlP^K4F6$jbi3J$m*P0wYn^lyp7N-Yuv#!CMW^Kv!9+x-LI5({r7>=d5J`!0
zZ)Z}7Rn)~KLxWIB29C}yp_D|c)+2pjD<h;8L&8W~FSIM7)hn&87L+PylCdg<G$DI=
zybLGmP<e!?;e|@a7D8QflF4u=3pX+8NPaHQMgPi-bkV1!B;EA$3b>jqU=7V}%9e72
zZ_M++ah!v#zk7_=Ux4ecvF9IU*OTqPd;I6%`T|`0a6N?UHoNjbm=jg6cQE!#_@p#0
zuBVIW2OIM<DQs9l5>XJS`-&C|K?&JW8HKZl!4@VH91%YxY=xyD8b+iBbtg9*FL<`$
z)FXon%rk@d{v2eBhV&lLFWFH6HVG_kHk6BcR+Y-8r`@f!yK4(B)pwAlz~-R-c+ou!
z+;~6gH5)8Ky~~*7Fo?&JdjYW(=%`x(F~N?h(KQ*RS{y930Gp<XHX|?Db!ipZR#9FN
zE^`Wb*q1U}jUxJ@=IUta2jUmPk<WIm#*_uT9*vaRjhM%yDj1X!1+6sFF%v^~>`PaX
z+DD&=BVP&*^PXP9V!<{k^#T{@*}BBEdzZ82y=LThtGoFBRs?+1ov<6*>Jt^_WEX;;
zY`}6LyBop44XO=t+ln4Wt-X@K*-GdazPMALrd>VFyLy^0x6@ed^e#-{@Qtmolzyu9
zdO`0?r;PihExCyvS6J94A~r!ZWLSt(dxQRpzC%~n{z@-GR6~bYBBOu8J2m&$#4%Sz
z{6*#RI#S*x+keF5?l*G&r3gZ^UFGaPGb!MonHrGDTxjhZiq}QD_z`<lm=`!?44Aec
z-?t(o?L-#Ar>&)u3UMXx?Hsp^B3=$`f6|0J$vqRL45Abz-^*-NvY@8r_Urw?0Vl@N
z<ozSyud#ql9=fuD{RJd?d3G_i5i>P3(Z~TT?uBCXkx;Ig6ulUEmt|j$+D8c!l-$^+
zB>_ZC!Dqi7c8`V!?366CAlM_M6W*3oNaKD0%Rn^0PG{@S`rNdT6x7I9I!wypVbw`n
z+0kyCi&<9>rEyr*#EG?P5Q9=}j#bb4D%j>hj7v@CrKc@Bu}qW&qP^t+W+`~ICN=oO
z!<oVh`BcFfq+!H_x0Y`=n|LN{6`mB}tcsZ)B!(Sz_U*b&64hI)Wy3#w&F{d+D|48W
zq{1zrNYw7ZP6OXe(A+GM--KpEB39&WcYfyPHTPwDTVSt?fJ+OS#w8lZ9dd3M75Z==
zcBW{hfH0tG9!4DBZoy(ffl(CoiPmOgkO(GN%c3@G82&$G92M%P(`lqlD8tMXs0E0u
zS!Kt!R}cxS(U!jlYlOd7A@h?pMFxjPK<wY-CDmwFqrlQ0SxoyecquM+8$x9bzw2)f
zd9#v<3Q^%LZN#~kGEG*5n_-@LPI5Zt8!;pnTGL`*+cVi_LSM3(ygjsa>FSC$Os@J)
zij#B<le#fJxDd}ciT#EnS2%~*J2`6aIK&vtQAfB#+~^#YH_WbaoxLHPboQwgw;gHg
znw_#rf+$Wps>aGm(wxx)E#LpledZ{Ow_}l@!PLuzXpTn&{WFeL+69S)z{{|YCRy0Q
z9d^N_mM<GUcCnr~1*Fh6{7KY=>Y9PVn6B-7DX4cX%B52KaJAL>qPr9XonTjGRw(a<
zFO`Esll3HJeCh8{K*|_4@2HhnTJE}T4&jO#+%yufoSnGZjp*;~?(U5VF0_&Oj@cV*
zE~F0Q*8pJ+npg?Rqo&6f&uA{z@>m${7VWYE1ZVYsK$;s-Pv-TF+BJDoO4L5W$YunU
zA`|ITBb}to{dX2s;@Yt}02QSWEozi?0H&1oCpz9P<n~k1j*6LNZ$xA043hK*i;xGB
zZl${UyjXbj)oejrMF_)&37GB4lT5l26M~S=?uAS`m<gR26GJoWz<05~8;Bgq!iQqY
zk*b9g##q9FBQscahUBKyp$4i1$rb=Ou}>LV)h7E8+N&GEmwRC+;B#fBxXDzC;3)?-
zEUA#aErqHw!4C9thhR@qVS6-MG;YhRW-6mxKa-1fQH?ZNOiUW+_chO3ELLYy1FZAA
zCN7!A7%d;xQkHxQ+{9^;&gt_e{gJ{B@35hBGbg>#9ZBz>7v{YP0XWtn%f4i9m#u?c
zOe7i+#a1G+&#q@^vwaeC$+u^aGqN8Vh1Hm~%w&m-XVqy&55r@e1&Xk!g#f?_pa?Hx
z<7Nw0vJ)3FAIs%#2MN)e!{L?-vYYG^YV=Yz+HSsBTZ?`>MEQ2<sJf==9{OK7qScAW
zquEwyMQ3uN5vfN_S~!-QIiu&=o{ee+$qg?n3p53q9i5??EqaWh$I2S9ok$;^j$K%Z
zMWd(@6;~doBafbvd05%iv1CKlD4S=`R4g@Xf7?hbbHdIs6f43A^+Be?k?vZBw`D_f
zX!6}}hvyg?p41Q>THX&%n2ypYONZ((VD7Ah>*$9diiYga%KqSm?HHJF`atj53*S*1
z3)vw&3Qj^r!+4xt6pzw)87z{=Xsy08d7~4KqgdFC+_rVeFeL9s%2PU+9SL9Er?jVh
zboRJ(Y`lW%P25^<_=iKW+to!vs`YcKnu0rOH6E!kPbyMn7}Fxiz$lhQK~%8}six)y
zahba*$d_g+8%$<Ck-x9FI@eQ?WX!;bV2`gOVmi#C9qsWaDnY9Ov_q*0NwRpuaU&-x
zxd$7(sB=^+;E>;heA5RU^L6LKtA2bpi0hrO4MjW(y8BTho@j_Smv8TeIDn>rB3oT(
z%jMg(7EpDaKmb#vBcO11DHv|h=|r6ccge-dTvi$EFL=5zc6)KqaJvzI8Mv*eby-aw
zS8WH{1Rba+AZv#_j$I9nF1)VTzVRt+fIX2hu8dh#6-m-0yJbaBQ6mMb0hxHUFDa==
ztrD~;^@of*Z80z^)4;6unVP4xN(P$;IQSy2*T_ZxscCiDj{}4PrDYjOs4YO;h33^=
zb6|1$v9cSsVDC$6PQZ|CY~fBz^%U=*{Ei6^+Rfk~XmvC3Yw8-rWgif75~|Ehxi8;7
zVN59zy3Yz`SRRM9J%BZqG&YAEp^E8Cm&V*n?kgOFFvn~o6ZQ%)osZqmz_hhW)@xjm
zC!Z0OC-4z4!Y@saDf->JB0C=$jEb{BpxpJ^E?Mmr*$)qyBI=gsDVvqbyvsA{8e_8R
zY>Xtd4jGB75;}u26;m+9lkUkb_-{+miYPBx9N~rxYD|9GvQ$Ov9FawVx_hm}E3L50
zJiZ|LoW*fLd6&{4y*=J*5m8*w7@u;-cl~A){YrX!`{U10s}yx%(+Q>1v6fQ8H;w?<
zuufM>yCBd=*)$V|aCs6v##Z6asf0|J)#G>eW~Pj<XPNf!FznX%-3eNX(AFa<uGU`n
z9&K+e-FaApef{Rv(&}<;K`6=@L7*l^8LRSqUq_U2XM5%0-P#6bb)Jop*W{J=sJ6Me
zbRP@9x5mCsPh(i1rps_iQ{S&`d3S5~mbM>mB>-VSBtK%`i=69A8=JItGmh6u9LATF
zM%;F3Y(^jrnwc9&@Ynj;2JsP4LMLhwYMM~zJnEw)P-ZBV8zz`bRx@d=0b)H73+@iI
zw_#|@M1rSqQ`nkZ6iFyx03oeaTEOuCl?W_6iKF29QSH&%$`@*Py_HQUer0QA=^_5q
zI?Ff;MUQRfm0}yj6F9^t-3g?4jz{-pcg9_CXH~@-pBu`8&B~uG4r#JNiaqIlwhbH3
zc0208@LnU5Ay}#t$DoZlY|VIkOj{D&hTi#1C7K$DFq~H5J-5n<Vc-X30S@b7w|V3W
zpFuZ{fO&>OC_{~#dzxLOKn^xZIZ$l^5Ss$YIFWTo-1?xCjB1!<0O&ZHO4h|Nl$_k&
zc*~8*L(Er#oFx2=Q9S`nN8{SMGCnmno?3z6B_tz)5+X980<9^7xFdx94vb<4+cplI
z7!d)CyDui+$nz=zFovxa$UBil{uC*4inj#$<OH9g&<h!?Xf&nh4qIVF<RW)^ySp&M
zpxl5)dm|(oTcUhDLF+lL{H9q2(W+!$m<kf0rKxO+f<_L#8MJ{@)}^+VJWT<CGn}z-
zb}=+%JQ1P<(sBf6?<)c+(AIC$iWz^n5W)ocz9I*uP2cWzGoHwl3Nz|TOT<5*Vsx#&
zBGuZ+8$>HFzbu&AFx*Z*X(ZUXwL%JL1SG&p(4f`(tya{fa-lrL-Q_ulM*xO$vwC*8
zEjU9oP#g~<S=LD?lk+^1i#O{1Ikc0^J{OU~ra?cOk#Aqw+sRZ#)p`dNP$E~l8w_P@
zJ%bI!a4VBpGMPj*G81i$B2H2u5%N0*i3mqhRFK0ZEr}MDlLJj;H;f(;8Iu#Hx1dGr
z@T}rmIE5}0jbAw}9Jd-kZ5);0hZqV->IV|^lF$KI)Ix>HxgzVVB$Qd2Mqo%<fPN+3
zq|EYCZ!SNn7Eo3_lbW!UnQE?t8(o{$sEU^ga74|S1!$Jz+%}b*^stPv&^x_)*X_l`
z`%saps8fXy$?KCx+-t+LL12i*=MngIMj+zoT8+F-3M#6kksy-(l9ZAicf1Cf$pntN
z$P5CZl#luq=uM`tm{j#XFz8|Jpkbr7_5+t%XSmTWpf;c|b|beLMUPP*QzdyA?zeaX
zXhBpDiSFny?Cz7Cd*PFy#Y(G=R>P#s&iyEq5baFZwxEkKsqb2W*)-KHkNmbax6;04
zsqP2e*RXy_lpJ|90spF=e5}u8MPW$JE4Nd12wA($%OtmL6RH5;M2h?ypR<(yg61>`
zBzKM^5iqJzi<K%lWk}2JWErGr{~4F%7g`LpCcYMQ!rc&tK&sE!hlGw$0>l$kRn3g0
z1L;zf&Z|xUcB2b3z;8>Z(sI-yN|1kw&^sY(muOfl)9d`uq%dA-ZJ;6EKt0V5t2g&J
zpWHYsWHw`7)-XBwUEtzE#Bf(mcz&zlVr68m+QL(ULOc;DJn%aq>JD1C;=|PC$F2|4
z#gm|k2Cl9jl9>uKz0|(Fy0%qYV7Ylek~tp>YZ3=9oK2}EB9uu0*zG}kgDETmfnaA6
z!KTmM2>=<*5NgE|kl$_usd+Iu<ELctyyc8;=?}hIQ!7T+%i5=j@t4L`Lr1^e1`J@t
z(q-%zdKwe4cAcE$A1}Ugagy}|f2BC?01EeDbabOvgQpB6(R~WkM=<{%RG~$!ZrD9~
zl^@cID?L3YgDMfpNlrip+p8P3<+b~(sEU%l+bYQ8tdDPvPb#h8iy^ZSbxP-Q1gWMn
z0#<H~Co$1V;Oh3p$*SxdU4t)|ZRVsbj|xz<UfL>`$Dzz#=M%VkUR#<?E~C>DFU97P
zuQ(A9eu%~c>;yvkng#Qw7MT{m8B;}qOpuM^HiYTQg(XI^`l{(PF@CmmMeNSRanluK
zYrF%$E#D+g!Ztzvde{kIS9IWatHhuYw?|ddW{;oJBg<?1XiXu1Bg5Kj`W*%^Ri>x3
zT<4>QHd$MS)<Znz=IM5st&8%kUT4MLSKuLQdoWfZW17_BwV@7=*@t+z;<W(h_OpKo
zFSW*X%);%i@;EqR=WW0f>+1Yk7}{SGA=GSO<^r^Z@+1p5nI)G+z*%a0ezP-q!(?%+
zVYODbbM$J&gaZXwJ>b_#9@TWQ!kP|yzW^A)7>0a9DPA+c$tzPyT74;9Fw6%=lLz@n
z@Nx(v(bGn>_L+xpA$U(Gq1};D22G%sqWkY#nn|Vwi8=$~bf4P{jESPCPXT{}Yky%N
z()EuiTNLA=jOH*3L#mN^i&!g820Gx*C24md;cBCtawGhA3~>T-g9}NoysmYKE=Rpq
zI@&}IMn$mlGEgXo#<I1~a&oL`s$jlc@J{#VF9<KM@Ii1iL1&(4VvnSXVvHyvQi?KS
z85vxKND62`chR0HJ{HM(&CVDqe7LV2!g9SaL>Qrf6qvI3WyK-0*E$e!J`m=jf)_};
z)bQI~)n%dp$f_kQ+j}MKBXj6RpF}HiJztJmfL+KtSrY9@7)QFg=hmVv@wOqBODXh?
z!Vlbb4-~Ol4vrO3Hsnf;RM`VB8#|!dh=6@P^gE3S%#QI0Fq@KZL2Kq<-PJd%bBf3%
z3y=x5d<Bvws>*PILA&QSmpXer6ya!gs)hxrSf31ehDxKxIz@3=?_l#(4zl~33eMOj
z=WNabF!)tU8pfC&eAo8A9n&hR2O6`6t-`2yh%+-bPjy(P5q^%x;BbcDz$iK4v8EjW
zQjS62%h-*kRIPn5-9uoxi*1}$zT3!km&25SQOH77wrV;X@+`p8VuVs1Rsw+Witu3(
zp??FER#m3PoK&BUR*;~W(wN(L289XvFdGF5Mo7y9ud~|&<x&a{dSkE*%7v>F97InH
z1((I&AmCFN7%tOIIG1vb0)+H!@j<#n5({)L4ogT7)YbO=A|V(G{!W<5$%&)c?q!9z
zEkd&TiQ#Fivh>57zW`)xo*EFhWbjZZp+E%Ka+ILPgB`GSO0c}qPSB?y*2x+ok{kTC
zd?!<AQ4EP^ZIgMrf}Y|yI|maq0k|l!=1tK3%~ld;Bb<=+cJ@OAgHOwPLkFFk&w%u9
zM4a;bPJ%ZmH~c=8;(d^q+z$wUo9^<H<7Si5_PGuJlQQA<Nh=_+x)?m}sw+W}@cR`&
z%##Bz=HZqr75qu9QwxUQ7ZYu<==*dwA0xr{Wo3n9HV>!SuFFYo!A+FL;#(&Q6)qH}
zMq0<3LeiM~8Edf#+oOtrJ~VvAL0|YvjO;u#oID*!(O{x!nO&YG)a2ryv(-*EEx|fs
zjAox-&+WW1V4Z)V&NGM*HIBQbQJJCKX@lfaPTY20digf4sN@-DPI#<JkDf(SY63V<
zPkv}QcKojd&C5}*I}PpcJ-z(&#x?KS{N<?Ko!$vs(*^yyy(eL(+w+@V*s3>sjUb+;
z5ynIS<hV#Fi9FSP9%wn(BqyMSUm@!mx)YIr$}%J!x`vX_%T>pA$T#$>gA=Lgn`1i;
z!C~Xj_>GaI@tgesfn0Zk8R=@T*zqdf246^(Fc(JG*E>YTc9U?zD+lf7%EO)6T5a~m
z7V}YB>n!`t=8j)~yz+(B2b(iqxq9d3d1pKzV+DswfDRgQZGCgjt6iyhGf!%@&F=Ll
zK6F;AyYku1c(Z#0MjV*}R_^V<=UQ!T%Uj)?_pWaEt;ch<+II6v%{#kIntlH@Y3}{k
zq$}^gCe6S9nsl}ACglci5U`o%OKoSTsNVN|i`G5mFI34E67W1(A(+QE$R>@Vf3FpF
zf`)RSCy6a>Jj-UHlG-q*7I6~$^dM}72e84z;Be?@Ok>KD-Se30r@<Ujjfc7Lvs#I0
zAhS7dLwk0EP5@ih+LvMB54%SgS=!LZXNguG1f4yT?Z<H1shn-Yeazh#Uf>o$@&m2S
z=(U(~ZQ;3T7B#LAO)*&|Z6fiJDEL*v<gNQ14Ef7ME$ZPohTgCo_9=QKc~Yr`bwqws
zEuTBt8;=fD3oj~VEi`_NHZ;cMMJ;Ez%&x#dEN;LvQApBdJz^?Nv39YJd2CyxQFJFW
z$T_NvR(X21=eQSjUh5y&L?M*Mng4xBVVY$QD2r6vRMNMQFWbZ^KjKlbSVs=ul)_f0
zD}Mmi?dN26RKXoS5;Wn!Rtr;PYBph6?C%DmRa*X-<VP`#f_%HwO)H4cWR!Fj1HLo8
zCR)#vw;rXQvnm#7&<QMmmIK(8bx><~!PPK<tn_NgnlPC-y?u<^DV1L(ZT<5suaAnZ
zlsOm^ZKsQ;u{IN+YV;|GeT=(E4Ql9tsWZ6p4B-glA<dB*7*e-Fj#T7PE-3Qz&M@zT
znU_b&FJ?QK3v=^z_C|wGxI6cE$b9(<y9aIcAVa1zgtvKT)Qdq{I53Io<_#6lU{cSL
zC;SX=${(YeQgJ-|aOTUwPmUjaMKGSDJf!ttfCJ-4)vz<sk=W35M<$^+Djclm*}p6f
z;p4+m)%XtiJo~(J?8_~Ja=%C-Tc~r(grP8-a!Q#u%e0wy3e%MFiMKD)AASDKTN=t)
z{K#|Q^K3RK;>xvQ*xo5559z&O?yeI(Tx^@I^yoml+RRy_EC-Yr{-qhAlAsQEFHVbQ
zv^d0#xpB%a%W<0L{k{=xg=r9)FvB<~O=N>Q7$KM;K8d~`E<tBuek254z-+6`LY~<&
zGslo+s+A3XmKjK5Dz?Lwv0T%6ISrQTf|=N|X0r;zu|1=!IG1wuWoK5@x=b$W#mvhX
z?=U9q%LcMGDcw@ZqbqViZb+GKfOSwabE(rX87trBcC!~R#c{aTvNT<8TryiU+HR3n
znMMmJF~5j%Z)f(Kb>3pr$vN%2lE~5UTBvtN+8QAN5Up5gbu}Z!oB?TN8#UhJw5V9M
zSu1U@hR5jIwTuqiR+s>Q{0_s7?K4hfW-BZ~U*_*@B<19_Cdsqbnok~#VzNNUD<pNg
z${Nay`zUFCjz?E60@jEuMGBzgJQ|Y?r&(vspsWnVoWoula`WEjy?5431Bcwavt}kZ
z<mR0<lffZ3uYdDFW0>v=<xrT&6SWF4k1vhp3?gPd+VvSvV8aI*02(*j@ka3FUf2m5
zw_wvwpDL4CS=WI(NAtO5)L;Y+QBs?|zY})j6(~&}*B#R11`hoAvHBW+V^!jW39Vsf
z6=X59ii+ZZmuD}SGHENRfylH^!^6S0*6yw?xI5EVu3Vd+nYl7|-M!2d5kzd^?gJSv
zx`zQjfW@!ZA-l_V?_m&+jnKFTKU<h<?#$7bp-l!y%=f$0SWMbw=#)IPj<*;;SZp-%
z6!_Guyr`OHF-6=>_>`jXk*hgiWYhVKkb|n$=u5w!Zp&HF-xr~mJjuIGKSkAm0=u!m
zZl-#+G$EG;1S^@yfS_*$u}1&rP)%GR!e2tVDXX|rnpzbR#msp=7&_ZgD>keIIArz4
z`4^C%M;U9TeEb6=9zTygH=uO<10ozhhq7_!z<*5b<vn$Ma-M{7NP(b_$_ui*I>oI(
zX;yr6JbnuDYfBHeYmT-jaMZP-pqqI9A!*md9)G<P9)#WSNk5YC`Pp<aeaph<Q{snA
z&_*OSE`*qKC|Mm^!_Jyab!ZJcYtq!AHSEmEQA>^Vb2!$9-oUdq=7!$Dvo`jI-oW?$
z7(8>@jA1vhe|<(;w5pyLo)@J+%WdK=?*O+*%gU6<V6r$VpG`wkT0C2>L6+k&3)eOj
z1gJn{7g$C43i?29cXw}0Xo9%WxlN@oI;i99>1l%0;!W<VnU4PX_#$0Ok(S+$%DL^S
z7K>BiNgq$<#o8z<J?(2~6bgiJYGWoFI@&2i@E^$<2Pfu0Yo|K_XHn8C4K>AN2Iz$}
zq)dn+diyMfAQ<6@N@eK;yTV++gNd_S;i|hl$8yYh%biG;m~f%zF7K?jAk!(0*3)iz
znWYsf7|OCb(4^A$;#ykUo`gBqO@HKZ4+>$izj@EGV8XWW+QLL+nJ6T?wV-w~$zPY6
zU$n3TLub<m3~G=<NWZLo29C>VfBRwg`|J-xwIo`4AHK@N?aF?49!w>kZp#4nEQ8Pz
zv3${iT09-|mlKIzG3-U-?8dPe$r?FWSc}1|c+#|chU|BYebC>gwqG147U6*cIrO;*
zpCuEaAuKq>qbr>L8dPK_KZ0-&!`#`AHV8m}kPbhjLTTf%?0N4*z2fb&+)za*8Ix%r
zB9yZ3@0ygQhztBHEXP{AyV9D-s9~+uJh~Tkw&UQ=kzkGpe}<9u7Z!-CKN^;w9}oJn
z$Wo02wY=xhlfHD@)7F9p6pX~9zMpO?YBs2qeO^852ky&0kTiM^`_iq-HY6-KU{BhZ
zuyiX2G$<^**EIxcaa6A|NB1SmHTAn96yUV2{dm0JNR-jHk>6}eD{lvCL}pd__&A3q
zN5g5=nX@x0PA=!L&xYH&_jli&IRmkww(iVXhYhuLXU;TisI424U09ZH8fj?Kbc<vt
zt<ou0jZJNnFFGe>5Mh(DXU{OFDPVt8^h|-ISr4>vwTFFG$fjo`CQm}y-XegM^SvzJ
zRRxZCAHXh0)S2krk^(yl#$ZM*uW36A*lhG+)}l)}c;g1KZ!wps8@f=k9R&>(Gvgq*
zR_r)X;kOrbvJE)~BICkm02MNEpoPJH9>9^uTI@z0Hq>*QMpcK>IENO*j-Gnit@K)t
zThU>w;x4d{7F-xkt|&Pn4rVk`cvdu8UYO>_e#|Zkhwe5ST9`CPtk-UjWs<$M+(HAU
zylDkIV3l$)G{&eYQp8fjZ^Ik>xg51%;J}ZU6xtSc8g>3vRhZ*x@q^XE|5$DEz+3WX
z8r1TuKB5_b1e?2^=s+*2z*r@j7PUO(h9&=dCZ3;-G_FW)ixm3|z`QikDA%x&7<6z7
zKINDtCug&9S|^T(j-N`;weQ0NNU*t<cAkOrIq;lm4K*;#)M5%X#bhB_>VOV5_6oZ-
zP@W-4&<P%5aLO!dkYZ$E2B4G@)S+M^Q^(D@hQ4V;w5||=7^kw4A9+&5+U48@*-vi(
z2R1$`$wH3G{7BR?%rHd;9=5CmU_g5w0YT3E)R$ObB*r}D1s569;LweDbbOYd<;sse
zr6Cr39((9-4sBNaZ;>WXt0<#~)LOlRe)N*pv=aK&N?y5{5(wJ>8j<!c4-@B5yETk9
zoi&}-Fxqt1G+D!F(^=DB6&}#%aa;|tZD($L4Y6%!Zk!FVZSUvtcGk4T!)#msy5hJ~
zpQeqQ=8c=?U``{L(;<`edHX@L4V6~wbtgLq{^#vN(_ohzQ(2zlI3ITKZ*{J{GduTL
zNO6xPs5xA2N@d;^*JmCuF0nvHwJ6*O2S~RDfa~BOXmw+w$Z#|0JPGS~c({Y_V6PQ4
z)G}~mhQ|}LT2(>2)nxo`5Z60l8#*KA<;zzj7YRba-y{^>yMP*Ys=7>pzgbZ+{WVb`
zyOatOV=$vbs{)`TO!uPB7HqI}&=N4I6_ak?^#PG9;_2-q*0S*53Jy1dU9#7G60nza
zFGAZSi^UGrz(Q?AqQ}M@s>_3<)yhH8-H#fTiF(xPc5px4nQ}4Oeh_!3+(y)*lAt2M
z-f2el$1qkId}B-(A^}e%n4qxpw>fPnP$O;InAY1=5D0U}BhpU0Cxc1?G_8E&QY1}T
zGjFu(%L0F{f=X)+CW9BK&McZueOx(|QQmFZWkOd=0awNc;ON4wB&~8WT6ez_9TIFS
z`&nqmp5I*R?DcS-s6DL*ZJY_Yd}W*!Tvd=f>Fz;yw;0;ohD0RF@eVstYtJ2bU*sjk
zjLK1HRUMz?%G~%c?AG^{CamC)rqDX50(IFSUl?=AzSvC6I2E*e-O6MURBxkL>7`24
z>tdGMaXYAoWZTU9fH#|<S=pE`jyX)}Orc35aw(4S(1fT}>vRC=<I8^QVi$YD-48mn
z-3i*wq8r3EC;zie+LMyBG8Y*^S*Jz333O%?u|mF-o`*riTtH}@n3J?jbmIj{hA(3k
zme-3q9<U7Us1*|n`fh}v4@5<$GVkO!DbbTk*BNJ~etOaXfUS3#LfRB*YcaXZZgzV+
zh!?!udj^N-zTavEs3Roz)apqJ;2+6?ZeZCMk4P#Nngq!@sLZ0y$1p7st)v8iWYT7D
z&?k;QQSexqcCt<vx+q$elOFZ0^f3`<P6FVt=c>*-7#L6bG0AsM5vi{_St`p9Utf$w
zFlDh4;H%Rf*}$aNBwUf`q%4YO2MlZPOjS;%DKE{H0T~H?E0Y{~ssd!G6{wMCnsrV?
z^tSmFDoVv_(JJK{ijfqo!_!CG2BK(t;fpxKP_sbZk&~`Up=nm&1Sl1$hVL)M#*@FO
zuqZ`}0YQ28f-QIDxMab-Q6^0=Rs6jxme%1wRhq%cQ+3Q;l{W7*YjHKn?6q{3Mi~1C
zJK<iB9Kh2F{1{-+?PDEgwd*8JWF0jooMX@=IY5L_mnhUcc}kk|XldQ?9<FR|(f_^m
zrR4{;yAHKqjJs$vLlZ8eEh7vS$86pxzRx(e$XSlr9u*HbTWYy}lZae!|LG#UZWz10
zIB1Xsp8)KRvs0r8sgAolLEVQG3u90K>24GLDr1iG-cNr0_*a$d|4#hIYwD-c@A9ty
zl;!zr?A|Gvf6&W?djImzfBpF0FMR#@m*M)0U;p~?cf)lPu3v=rF}(Y~;Hty#`Y(R{
z_`P5H`tcvK>(}A;AH&s#=dZ&3C*b<^Z+`vw`+nu?$3OO~^s2-2SK;~yJpVC#TZHEq
zJ~KbJ=)nKi@&9Y{@c&*HA8*3z=}VW!9QTsT9WDuL=6<oV+iNySr+snEy)-@M@ZagQ
zZ@)t9sAP_3GzTPng{y=EK3gG)$d^@;3ja2PfC-=$o3|?Hj9j55u(|p5eVA8ZzJULD
zNtD2#JfQBXmUv4fV(;62$3I~9E%Kw=jm&xLc&?Ef?dpZF1WPWSb3rC9KSZN71tzUJ
zvIday=o6HODFeD%V&$|%8|<#%B^fA#P0GkDpSFf%p)K{hxy|<*jdYsWnn=J1SZA{v
z8SAiI5>%v{60~{;E?hx}MwI{vq85SiFzf^*b7oH!&Ts5Yb6=&)jEewe=}!t&MsMac
zL6BKqfA@)$j4m#Y2n!hm#Ede|@5W@Z61`=qAq4~Lj<UEkW!8Wzm>~nrc{#*%O8O%`
z^`??!%(yS%m)q#1QF&>aJg3XxoA8WczDP>=qOC~BtyZh<GiS$-!#c1Ws76{?0G=o&
z>%$kn$a2Cwf15lhGx|%@^ez3HnVFfLnVY#XGe2{6=Gx5lnHw`VXJ=+-XXj?G%+AkV
zoxL`DefGxe&AFMm*}1v7D|7R6SLd$HU7x!#ck{~3mDwwESFT){zjF1;wJX=J+_-Xc
zerA4les2EC{QUgY`D^pn=Wop4ygGAr_Uhc#D_7^QUcGwl>h-HPuHL*hb8Yt8+_fv$
z=C577cJ12rYd5alygqY%_WIoQE7#|*U%h_q`t|EKuHU>db7S_#+>I+Y=5JiRaqY(S
z8#iv;ya^!Qgz9fX(KjL6O?btc<GlXSZyf(TTur#X0#_ZbUxDkl;Q9~Xaz6Hr<G=Zd
zZyf)*@1*x%gZtls`#%`_#_`2Ze&hIu;QsHx{ZGLAo$vX^@!|K#`@aj<Ps8<#aQ#)d
zB6j_P`;BAo!Z(f|!S%nu^J{S5XV1gDzHBJ-F1&M;Kj7<b4gNQ#mUnsZzcHfK`w(2;
z!7fL+e*~_N!u1JueT=>Tcp}|*2<;%v<FI^=A<y@)`wuzhzwc%DKf&(boyhmSiQl$z
zIHo?y?%&1k|5~Da{@Yg0N5($vd>>rzK!g7IcYfGu!u`kKis8Bd?-$|v3p4N@uCKzo
z--R?k0?!?I{<CmBhU@K*N<4ftaZkSgc;fz%oOH=@c=}Hy?jK9sUxb98hU-7M{$Z#6
zp$|JhbM3>92hTqS_sI``*ctmj|K;(`@LwMPtq0#a{^DQ#|BkDW<|jV&9nPPH?|&N7
z{VllvdANUq)p@M^@ps>mc(49_gu%vt6C2p4Rk^W~t|QbU@zyxmeAdUOaKB6BD!0aE
z@_0et6gC5=$~E8jgYIjvlmlPfnV58PU8PWqFVic|OIc1(Y`?z~MX+Opl{H>zZ9qb5
z9#7pPbw4P!PCJU15KneNhG3?D+>gl|EM^0k^6(%4kYmIfU@L3@-uSWxc*MnteV(vM
z`t(BB&%4n9a2(Z2gWSon<&^{fOHqeChAsZs_Ph0c`WW|icf+UjxfwCLSCre(QebE0
zk}__=qUw@gSPcC|ioti}L8PEXlAq%a6)_TD3|O3@NAqnU6w`+bM36#*=|EmTe%aZ9
z?e${^*{iVC3jj<fXu^WM+iPKJM~DOASM0<+D9OPM9^l!J$y2oJ9PS4#hl&I}oSa{I
zg_5fmwwMaeYe!Jh1d|kaQarejnVxMY3a1y)dQ6<Y;CS~|Y7g&vtJ{z6)HWPOqK+iy
zhf!-!`FXDy`CaAr-Kd8r9Lg7WSP9b2nm>|~*fTAL2UntHuwRJ+sJV@^xw5)-WzN~W
zxAM8#U3`Gw*XG%8c)0WVt=gtTORBD~ZLVysyjJs8R`0E>u55jte^{;EUowC2R~-VA
zAuoNO&dT0H&deEuFtSWkNsXw-D>LJh#!N~i=h~xns3Wsv%0e27-U++J(#UaNaQ}>h
z9+RH)X4iRh$9c2myxDQy+;!f(=)5`Zy!oc{X75L4=ASwwy_C-`ENp##z2-ftZEh~z
zuc7Oq)J$EzO_f*<qt?r}BO*maIqreq_J9mKIC{ujH8bhVJe{F`v+{9HKF-U>8{%<x
zMm)~R$9eg9Lp;vTh{rkkI4>V>h(}1uALr!bynMVN9x*9<oRg39^6`dvBuVMxoP3;@
zk2l04O-df;<m0@2ydfT0Qhc0~kMsPI6M>=x1zJ9A?RES{&~Vmz@R_*q6_@}?*n&<F
zM@?9`$TaBh#La~Tpu}amt&AsdyF=uWQ|`s;#YyKux0)hOfIyeXGqWUT-S5CW#D8tV
z@=4{joA95r)NB&s!`umbCTL~YC24(Or@-ceWxu}93cvy8)XCbwW;KVXG@3`w9$Kf#
z$<g6n4lpNE39Pgtb8s}(ySr_N3eKHw$8W_UWOGn&pz(cvr{OgMSZO+xy$As3o!INe
zfd>orq3<z&Nt~CXPB&)Eig?}j>b<xNqmm6As9Afp-4ZYd4VUvez-};IuZyY$@g4*F
zO%ewVfTIdHXp;tcuw#UEF^D}_F82+uW9CMR5IExP0f6D{AU*7bP+|u#6CmCf+->S~
z%y#uCTgb??;1U&d*a<|1_HvRbA@d%`8GI*n*YI{ba661TkDbJCuN!%U07*+dn1kBr
z7E9aRq09>F3RVTM67|Qp(2|_^CXoxflBe-wo-5G+V<Lc^!$QBX@&m4HVKt;OVoU3y
zf1Ld!Q6*^3j?KKB0AY&aG7B`NhC;0A_mcF^h5_aQD(r+v*zo!Qri##uqaL)|W0_DJ
zWi7Z!?kvEx{IpfAsKrfb;T`hAP*l2%J+8cRY5O6?{q;NE+MUlXdz;(q>l?68dUtDZ
zUtZd(-SyViw^r6xH@(-FHda?w?{7NnVIjA7P&Oa5P}SC$BHCMB`0x6yhI<&o@ZUj$
zri17SybG!Lakqyyw^es#*FB1Q?!NydaDBHGFx?U<6$ON0*M->yjX`iL<dPjpOhn)A
zez)6>7pAB8!tQ==rwTJXT{P-Z6V{Dg09-C2BvTB)boa5o4vq&G6<$@@S{o^lMuqVx
znn{a2;dYvaNM0MyM-v5^zgk<mTie+5)>a>WULpPmE9>6MqxFZIu#tFJ<KyO@58yOV
zU>miAmTODy(!F?lC))W^y}HkH^S!xCesdzi_WEr6$Pt>6wk6Fh=+sas4-ppY87Jb&
zVtE-yoT`_%@W5GJb3P9n6}!@Wb_P;X^W^&M%{BhKtf<eO#eemU<0o+4g=-J4-*%oK
z|G;-VKmHxKe;n@Lg6rCco*#b%u8VN}6kNXx*U!N9n{fTXN1q?R@UiE|{|xS*g8NtD
z`X#u29Il^*>!-dG(!=#LaQ!A+-~8nB<BxsU^W)!u`ya#gRe1g-xPBb2pM~r3_dGxT
z8*p{u`b%(qVf8_=_FcILuSCmcg)hXbq?2pwtD7^P;*L=xu2s&!#cz^DW5~tN&G6#y
zH=`ZDIhso5^fmyaj1sAM*wxIZs$oW(wa{AAko{<~dQxBkUlT`})y*5;>~$d)#P_&^
zsBJvJFS2jQmo+*;*EBzxC+J6GcHM(b|B1Q~omSHgo_!ybrW+jpJ}6B$_yvx>>BZZA
z<!0?5>~2I+w}!iW+^%krZD!|aMO$VGS~ebRcCSGpka1=G0Zvu3^H`jeEz~ysmCd^z
zv~BeP4)=Pq_Jp?U?D!C#3Ode~+wy6lpnvaXPc0Sqv5gQo{qE%u%DU{=>#%@2ji?Db
zy~|<ia@YVUi5ls0z*_<P@&+{UAVgj`Q*I}5GmR`X)m_BiPOsHy5*Y$YAe=k&r%R=C
zuHOmJ!-q?PkUK{{pKPREx{((AY}6vGzeEy11iu*<K!0ElPzII$UT52jJ9K+teCaXe
z5ymisjUY|)deCe>z<oB(V3<!r!8cQ0)wY#%>Zo_P4Ev%3zw2}WCXeWVs4-|O@<^C6
zKuXvG?%Q2{wT6bDmseKZ^^LWywL9DQ-21iF<+Zyt=K1PzbbH9Ndrzp=D<MdVQP$Y;
zz4$2Z1_$CLc19w_A&b)H2#wwJw2<93+?^w`<KtU1m+sA6-qTgry}RbFu5G!syDM84
z)G{hs+bY^8f|K2YZpDpuchxVnn-{3rAa%PHpDT$bDxW?R?z;Ea*6u&7c^qqWL-!hN
z30Kxu-Iv@-7WO1`pP~CEVhu<3tcQLq!~_H#xY0cX6tJvl14Oao9`1+recVKcEyNEH
z$PN}DcCDP&TuN+iGu-L;og>!hxT*lrYJ|I5>$1Uz_8FW1Xl0eif7Uio>cfyxrmfIC
zVh}j`#>#FsQLgNuib}&8RoT^wH1VWDFYS)Mci_8(4&6rR@3o>BJtEq@ct1Z?NP`%<
z<CkBT@{-G{m~1@R96roA#B{jX;fUH4+N^f%k&T=e*Q0hYDUz#$t2M@JQfoW#JCEJV
zFrM_uNEuJB=n?`$QneMN+SSMv3q>phMO5n3a9fefMQcEDt*8}n+d2Mvf-Xlc^B*T=
zhAsMX(rpC0VGA%WtC#{x!eWWk36=^@x9*EUa@D1@=DY%gHinKNR0-gre!uC-66F^@
zLkfJn=uW^okXp_!O{VJ7>?EKGTTHHoPA7Csy%=(>QGiWA3ut0wue9Yb>U56ua{QgB
zhvtu+z;C$dV9-4xhz&Ir6e6{wwVM7he;;ETL<T%PJ5($;SQu6QIT;EUg=Tkaced|)
zWX<w6wpX`S9@Y3PvpJCpgDa|e;|&ueE}$r?zeSq#mY%m_?X-$5VQPj@L+UEAYiZqS
zdlg*xkz?9Cf<f?<3EK6SWQv<Jyt`s}S8Ie+k3r_IhUCL2Bf#}7L>s`=UF?U}K-rTC
zc8*Pq$$~LdyWVfETV<7D%v`PB%2X;P0fZz}KuV{JNkcImeX3{)o~fPWEZ_5LpWCW!
zta{7do!b4CRTz|&-9xHpz*XH@-Sn0=H@AV9R@YWnw;w(f=~y{MXEJnzVAWo7Yfsxz
z9K_UIoD+~FOO#x9`BEqbkCLC5{h}<JI?TbO`~<k<ctNHhwzu-9b>46d6UU-b3`|sd
zNn)|}p$_9P2GD(sT3B!P045wtdOKq=h3*{5az%T|T!NYKN6ZTAqBekdwF0{>GF_Tx
zk2nF`TUlLt2+M_V4or20yWncPILk~XV?qv@nJ4ZZ!9!SQu6UDz0@5T>TfNJ>U8OL5
zP3qAoGC@E>j(vIAC1we(x|nM@VJ^N$^<r8YoO#t!NFz8V4^dk|6tb?LDvgb3W?K#m
zCv<18-jy>u?p2bRUJuY&4|Ypf<{S5-h*tO(cgDibBWp?*NJgzeFG(GC@~xAsjW1%b
zG@&&bVC^xiT|HR0Nb``;(%Ym<F0w^?Q6~&y61JfkwjNW}S+e{_@FZxW6CL0^B0v+B
z659Y`@n5_Q$X)&-Eu-V^HvPS-`zXSdvqiU7Az^m3VsT|%5Q?UQpb_>Ch@vTs;>+;w
z>19?iGCI=|THOCqoL#0|E55saBbcAvz0qjw+`Oh$<avI#+X;7iu=n#OCeT-Ia+2eG
zb(0DbF1Zz)I%wEkx->0|`X<nVBe}eaB`SqkVrN3F8}-HSnY9nKzt7P6-Ipp<Syj1h
zOPf_l0p7U6nBK~`wF2w9?hy$GY$?1Qbk&WGpcvR1bwyOx!uXB13=1LqvvU_oC@Q7`
zo-LZ*k_gN(j9w2$BKl)4!tEs&-$c6;Drl4LwCVL5GjB~Ux-Y&MrYVE{nc5AtUXqL3
zEqe#*JeZPQ;lf^r-JA)t3omGZhHu%cDftJZCngi{Mz9+%e7?5%mJzuCzF4>YMnk~3
zAewH?7YEH<m+qXJM;ol;%M_rp4n((YPWdeT(m=yx<CL`-Dzyg!R2Zv(q7U#pS?*2y
zgADK<1s&8FxANg5Ye5>wBK0WfHTG+~@J5C5B0;NuRB=<>(_6OgA{D}4{kxwZzw^D%
zkN@WPJU{*+xPJ=ne*|~`Uw?kQ4)<@u{RrOuM{xf=NP8ciKLgJ{1JD06JpX5K|9MFF
zweNd={Lz2o`SBON|M~Hc!{x%Y2*3Y5xPA?u|9iOq2Bi6Kf8hD?FMR6x@k?-h8Lkh(
zHSvQ016)4=&;JnaV}J7b@gL4SKfW~k{P<tM{nN9kn;u+HZIx5sK*97f^FW{(nGAY$
z^SV^m0A9I9W`jwjsh;&Avxu*e<TqGJ?3_7RlH&oT^vov&{VUL~hx_GxnE7LTjQNg?
zvFj7;{dcl-A4=T$ACpe|ts`m(niN}4qf`;rl7lw=zB}FMF(ETeubMY6wT_Y&&u_k5
zSQ@Sv^AmQA39RXll~(u49DUqYp5gJ@ynM}{sf{{$WESe=8ST^ATfghmCuWpNo>3p~
zz&_u(JoEGhH`i63`QO8b&cx~_mT_rv+<9f(nVi5~EwW+s><#VLUC9bhIB&k<Ouu=_
zx%B3=kPlq~2B-_8w&JqwgM-e4s?b^P)LiOWs4lj0(~%1QD0(&ZMeoGa=R~JFsrXGS
zd+Ng$&*-c!tvbLg?mCx+)xD;a(Cve9gm^gHJL<~IUl1c>{v)f1Sj)}^swjb`NX><p
zDlS2P;)CP-<JX=a|H;>%AO91$e-iG;pMQS5@P+5cpMdK{xPJI8n3Ld|fa?KV1ucW-
zy!#K=?kqj@yj5>@?h28B+~WqZ>==TPgdW$SSRv~bi6h^cy-A8?3Lg4}Mlszv%euuf
zZ8$@rkNa*z{~?ZH2qXzVXRBjNKF*VmXC_xOX!hHcX>$SDMcA?&_(wY^*rUf4*4u3_
zK04TeSzcP06A_~P$>rA_|1d4fuGq>;=+i3d7XeKrRg0=SYsSjaY89n=HIbs*qE?G;
z+wa6^qUeYzf=<&^G{sEcaqmwROehJjM@`_sW7usjxECF^(OhsFy>>IioxH0Q0DTg4
zfN=~kQfs^E*ReFw4wpCtk^S05=OWc$;ll)K!!A0ls2eOOsW~*H<bA*4`f61qx9`Sn
z5|_0#<?cuA0G(5~fG$R%jqe_WF=;WngZkJ4Gxy46FU#xeF6{~;NZJVmpUq?>oG~Yr
z9H6s_+iO#nKajv%E8*F3BLRh?Lm(8304_)M$X|~dX*OO`$^{0@gi11#7JmFQG_gir
z?u?~yT@R}K6%udg<3kS0zT_Qw!&DYhbcuWjXjq1|8)J3URDSgy5on=<=rXa`W=s1P
zEa2qR;x9fwegfBBxc1=s<S#uxz6aO$!*w05Pyh1s<JaJ-z;z$4--hc4{@(NB-+}wb
z;r`A4;ra2${zurS!2OTm`Wig{L%9ArT)zz08{d3>{GY?sfa~9f>&0Jre!L6UJY28C
z^)0xr{p$1MkHB>iu226O)CX4uuKRF(3$AOw4&ULr2-nZS_5Z;29$dc%*W>@``SIU?
zs|(j(g6qNGe}4QQ!?gw1kHYn}e*o~n_1EG0Ww>7aO{gEPdAMGO>$l<hfqw+;f&0hd
z{s;f~`SA<?+w<dp2KP_F{agP#)c=1#{cv4`>(l=P;Df6I*L}FY`uoq1e+jN1hwEp5
ze>i(C`{H+v@%Ykub(Wh~urJ)4`0O3dFjzy*DmzlTA!q2=g~1wfhR#?RtRZLUK!w2?
z(*NlRXRIOD&Pzkmeir9#-nF*i+)TLE7Mz=z*4lz|GsRk4aBk*SYYWcJq-t%!`JYX%
zpZgZvIQK2MdA?gP4=dWKF3Lk_!|DTU#q62);wjN3=bX#HCiKr{aNXob6g?%s*O{(T
zy*{K|YWkuIL*}wgJZRJyN9LGD%n3Y+2)EwB!`{%!08QT7FWtUiEscfv!sy}{FV>^h
zRTGo$JMU;gmS_lY5>**K-ok+6w%RRay77M0Yc||g@FeI^i!V}We1V5<@_4j7@q#31
z^$t9AgEzmWCaN(DosMs0b{48VgwKbMyB;ykx7)`nXTK@Zb5os)dxBDJC7p{mNcki^
z2&5sIV%2Q6vQ$nPA@-I0%$jtKvdK!FqVe*bFvvuyJl8IIXkBNPidvva8EhIeSM(Z;
zW>qRgntW9@SBnY;g`vF?i}93^DpyCltr{WarluC(R1fP@GrinA%grbb8mNkAj%LNO
z(Lhv*R%YgS9flhfCsRK(Pg?4E=<8y58?_yAqJi!P;!rC!56=(4BMH!Of!*nFh#fgY
zKnlOp?X?{`QK)w5<QxNPJj*kB)RfQsmKV-RnrOSIm9S9lI4lR5kerELi1rg+cXEPR
z*3r+3shxucZr(0Ym$OqAXjcdr_}L2t1o9(xP>If_FSMJD8iB}W|AfYaJIbKyU~o;5
zPlm=Oh!OA0O-sh!Ri=@YM~|@-OUElo5X45X%Z-$kVmwY0o@TGed%{)8#(SfZrlpEz
z!&T8KOK~}PX0CNn0?E~8>;NmYTqce)=r@zFkY-la%_HWaqm~i2G-n+Wq{y%DyK!%a
zhVc}Mshz)SgE^@jm8GIXnyjj+mBeNz9GM_#4O&SLxuj2waZn`^B>*CZu*!?HA?X`>
z4q`Q`MaUyF=t3niPR&!j<&O<`)Pya(GG0-~zg_>9{M*(2WENhqILef^VWsF?s4xO8
zm7nBU#<_~;r!!ZnQW)i9l)(iys~JazO%<C3AI^&l6*)&%k{(&woSCFJ`&^hzX_*z1
z$t;s(A{i>9xh|TxrcJspyx@|j1PWF+>G6^i>c}HQZ_0gTe3OnN7x=PX2NvoJ;|X6j
zs+cB|M7nfsFee6*T8zORtzk&`OmWL39*hzxhP7K@gf57?++a-CAS=pcVk9EZ^KlY~
zxg>tO6LApG;BrbhxksD#C&qO)k*^b&vbMVYNTW<@>t+ZnO`4U()h9g9bjPx!|Htau
zR&4>@wmJa@7jWa~Akdt2$Z@5+Fdfr{f<zo+%rZ>=$>I!=0GN9ZMoDXij{{gmb^^4=
z*zGl|R>+DuA7`dCJ0R<ec0Aq(1W`M~hXimyMg}o0*$-Uw)?&_Zc)A81lH?0<NzO6?
z_q<+<oGL}Vt*|6M=x(`hr2W9CcauH{ogyBnM(@drnI~n(51D;M%&TacJHbDlEO*0B
z+$D?-IkP0aof2n6xA3HteIM3e%5GYnRw@}hYRWm&=%MmPa)pP@d9S@jN?4!;6<syR
z!nKfQxoIg1%Z*LDG?}{^5q!Ps$K<?FTpl&_B^RPJnU2%rSjKfcBt`(5EujIki2BE3
zNqbwh&u!gX+jz9Jg+7EEOPh((4V^`H(sFKHfgP=ZVaiw($p#_0^qYIA#_Pgb77R7N
zWnHPtx7WeUu*Af{L1>Z!j8__d*RPCMlyqqh#vv=a!6;cnrRLO%8C;spJ_hLbLC9UN
zFkYY~mgbgh1ArE%41iP{CnwX?{I**qd^~Zc#)rz3TLlE;Z@5+5XH#QN8-wNWDH51#
z9l7S#E(;!t2}T%)o-9irVUFW`@{gV$--GM>;kpjjPr>!OaQzHizxhX_wx60Oladtb
zUgJVtJn0ZcC}&=QpJ>4q5f*Ko9K3<;SZ5n=#gAeL%_0W4WX%DV1qY}QLz2+z20~A>
zZG`zE6ROP*QAy%KzU>xJ8?<<B7aNA2kLeLgvS9#M<F?5#eoe4egfP|Q`}GQ!WlXf9
z7L8hk=D&U;YBi50RiN4NT>@l#?OHg2WjtOpb`OCABm!(2#~F==@x(qFO#shugRXZk
z(kd<*yy)qvucrQ~c%+I-@&r){>4Z6-dx`yKyA}%mD-9}{H8q!}7%3=%c(OzvZ&*r^
ziNxH5iy7ipEsG)>ijnE7lnZg`a9rv#rb3L2idrCPBq^02buvXekRkHfSf-7ztB(cs
zlvJF&*-x_VF|1k&xfN9ob$2-<f$K2ph(c7%0KbH1TRaYqxJpKv#luT?!kI)Del+iv
zyn~BHOu6KQnFV*;8J|L|ha^`1I6HZUM7yUo@<V8FgMEP|^yq=X;(Qub`5x>N$Saqg
z2tvk2ZvBQs9+EIjxfkD@xky1sr`CaDX;qkfa#9iH;ldV)laL3V<4pglcaOgW*A2Md
zfa?$8y7X_od;Blp{%N@X^rd%?e;=;D4cBkO<-Pds@qYu?K3snhuJ69`?(t{g`a!rB
z;rfMZ?;iiZaQ!{F{s6A%=DWu~3D;A&z6RG1-+K4>3vf-q^#Gqo8^{pX(~N+}XMCY8
z2>z)mum^>oL<OBY^Y#P<yW*_c``N%hCnlo>!9S~(90kEY=fu;$r6^%Cglz=*WwIh*
zo`XFayDS+^ETL9Jm{s;g4alfgCmD9OSE#sF04fFc5fuZF>ZYKgN`IwLT+#O7t{T#)
zjG)Sf>ECFq9aUGTI-Ubpj}c3$JTnMT_a;vqrVM_lM$(c;PeZN9`eW=OdL)bARg1-R
z=<Z5GaIj#uTDVO`LMk^0u6t)~?V-k1uEek5A&K-nHLhDFpa~rXb@ZpAQ>uHWIHr*(
z6Jn^Q`cW4pWwW}jYsg}fNKpb6nh3o=3^ofZF*T1Ul$dzTQv${9WDa>JDBDCicA_!q
zalIw7vz$nkbZJu81C>+imW{1w5K0mnKs8Tnl0_ydq+%~lqcNK}u96&}_?OtnSF)(E
zl5BsnW6+N?uqmPwiPOqxqC$p*JRVoLd$dV>PbX-HmsXKV^e)K9@_JTQ5G$mw0<7Xk
zTBIU=<OxbPHc-x#U8tmIp}v4-3T8PqR4UeaC@JzcP=^Q_o*HRvtWgP&M?w{Muof64
zMBm))M6JDv7vxx+a$n%3O}UinCexy?HyAydV?e2@-STQ)I_Kw2_nw!Skq$$2`<^g<
z6sx#N=Ek7<d~H*21q%_dU{1ceW>#j40IEs4&{kRimq2L0_IJr8Epv%35IV|l9dWCV
zi!oKlxp)R}4;eEIe@Pc%=1WhOTecb-iYDtbIj^jDP$l6z`2k2oW9v8Lh?<=)yPWNc
zX(-|DG|KRZj?+Ih6Zs_`vx@+k_KsH<arT!Ilmf#P?X^&vhV)F?MT(DG?&Itf3Hgy_
zsjj5CHvKyRrsA5Jw_9vlHw&w>xr1V=A*D1*w!{P>Tf!z2W((0WODU?wgLarEr16Ys
zV>vbB2&A%a+J@xl(n@liANJlo{sLSRa6RxwE&sV8)Kf;kPn2B7Lz4v+m2wIzf|L<_
z7~{E^Qqm}(r=fD0r8|s#ze{Hr7~DI7OJX@n{#~49;HYKOLxj;NDD&*$bk!J#&ua3{
zCm;;BOZEg%3+@A0R1o_0LaLRWpdFCo<PA+NR3A6Bhxw8m=SPb}LwhuQNenx~tdR(0
ztXVo%ltN%G;Z|pIBC*UbV!NWpGp3+vFV}tSFYVQ4&{b@k*$y<Wdq{b-ISC$KvA-qu
z$Eb#Y8H$|aOUzB8j;?i}rL2Zci5PW7tu~Z{t*aFtPDe=l*$Zuss$xi$X3&jV$Sy)E
z03yYY+JS+c^SGyBTeESf(&L4L2GQ%{N%LR%3Q-!f*VM*E%faec>)h`|y>=pBI(eXB
z^d6v^Dy37%*R$<Pb1zJ9(127MtSbb(qNDV5{On3d#vWC}VE*W&|9<N)zkB@W;o|pW
zxW50tc=!09!+i?wzXSKb0@ts@^Vom+?(si@`?uhV;Q1%vdJ5Oq;QH>by?gvwxPB0>
zMYw(%uHT32Z^QN5aIO87caQ%=xIPEh+i(>O1~X448RZbgV)^D~HVH-bnR^!F_rcX?
z_BlRSlle!iPS>lGhXE!XJ<fb^H*@#RN&A42SOtu>NoJZl-)*uG`UkjC{c8?1HMmtd
z?o{hhC(uLRnb%=GoSn8>urn(v)fQcCO@@IY4PSvanN4uDl6<4A?a43cZIY~8tb6H(
z8#C-P%SX&2tsad@qupKHr{0pzGV~3HC;6K3brn-tL<l3mq#~J2L{avI^H8jHi4|L}
z$S8Y@UiITUVYkH5ak#SvroTpcUdF_dEqn9?7~!zd2wE<%g2XD4MU<qK#COmrWwPoB
z91zeb1tiUaSqrl^%T{xuLkwy;sklxl_2e+V@{fa)R|}C00a2t4aWboNgzb+p@02Uh
zk}wj2H&j3-T>?|=y@O|QY}B^4H{iYsV;-KDR#t0whm7MX1;^<<#uPE;fQ=H+c^4!0
z+q$Im_9Wd)G@kKR5O)<l(JLHhh-27f0bv3tRaX%MjjDH91()54M3W~OM5s=9RNH!W
z?XGuk>Cwu=&*PyfwSpv5(P+dYPD?-+ey8If@fjs^?^w~2RtlnH%B7Sy%8n)72)l4L
zM@PFZRD3`VVUgV_B98hrA|@3X5F;bVLnR8-zrIndx2XZ*>Lv#B4)&l76|;GJWz~1a
zb5cu+qoKx8=RV;Dq;9d<i!b-kR7$+y&dlP4+<=pxFvZ?gcE9TT#HO2nkq*zwtHAG|
zng0{Cx%)!Ui5#-^bd2k6`YlywOSK1G<IuBLdcIA$j%j5~zT{L~d{3|KEtB|2Vo6|w
z{Ux!L#*zNVG4{xBKM0Q0X?1$qeTP!dJNy74baZ-0ku<*}k~;@6^`3KHp-wwRBb8o<
zij!MB#UYOx6Bpfbs!sXkx12XQ@mh*uPD;c%3P!Q!b4(^{<Q+(K-fGb*uK>e+5aM&6
zFkce|^u5)-GRxa-1!jy*XtcX8x%Yx@eV?6n*6|OS;)Fy1!MV+7XL~VL<~=@>Ou506
zpv8-277^0eSy91g1`+IBC}#A4Q)a_#@xT=&T)Aa2Ku#};-Uidn6f}cYkOM5E2{WzI
zs6kEhA*2@Q>9Q4p=#L^@VO17gywEJH5u0sj&hW7|<)*DmoKg4G2&}{t;(PZJ)hcRM
z;#7%;fi>vLx?tF>i8AH6T=#=6n}?u*IB}D@r0qB<MA(j>aDSZ#RHFR52o9$-3nyZR
z&n?Tmd#~U1?$(wcE^X8%*es~5ifo;VQ){B5sn)3m;R&;HNazzBF84->chN=jhG<J4
zD+ZtKO=URF*FO2)@o&L(;bZR||Jc}j$G`t^djI=y{b_jrbKmve@qaf)uOIv*eg9v7
z7fpwG`2GG5ym$N@uKyLT--YW>ed@jAKZN_=f$N*>H@|)Ze*e>j_l~QJ?;Zc%jrWcp
z+<fo&-@Hlh{|c`E3cmdaT%DWry1zi*KVGEiFb}`?b%w~bb$U|iR<uq85kagRBhpWa
zvo|-1!!!-UE{aml3u=e-(3gWA*?25R?IUNIaQY6OXX$wOKT(=E9=lOu@`Reo@!F1i
z$?=4rjI+)lBm}&@S@VFU-&lH7dwp%=fw%GqkLun`A9BM%Nqr%X6_#&w;2rq!V@m>R
zhv?xL37&RsiAbau+aWr@PO?wf9^zhF``mhM8N&jsFD*Yn7t{5P+P#&})iw(xA*YpZ
z)HaEgn@lf0Kib~h^6u2UjoST{&8^x-?XFC;QTw;IS2j%5A)0wjOPef#Qo05N0JmIQ
z-$DT3%hszo#qiP?dE%nqW(4ZcbGsL27F=;a#XUc4QbjZ#dJ(wns9%~bBClyV?3@XD
zJnMq%(DNm<GcaJ=<~PL|7_G=-c^3*)?1+jO0KwCGz?5sO#+T^np+N9Wp7^%Y>ogra
zQIq@!1YbXBIAIH*adwXCI6!ue&>b~u1&96-e2Ke$s~(VD2kzr>908;)e0Ka+!wbIb
zz$Coa@?(0Bb{#)HaQq%n)DEnKtp?s;?}SDgv)8;XdBA1P!6DvshzSSUHPOILEVfiL
zfI-S681!TC6kVXgF3|(S@{I?3;Drz%H;0p}(+P-d9Z<rGq?U6IbFinc$arwNF!Gu>
z70}Q^^yo;3*+i2&*|zptI1BVz*h{d3CL#pq5ZeGPcnVd*g&@S;M%cpt5tVQYIvt0d
z5PIa`7TKW@)#&_DkDAy>+zJE@a?V%kL_GN>UhZ|!!?$?^YpoN;!ipB)iDAW~j~GS9
ziK7m#IwI#vYdgj^5R+yaeav|n?S;_PrADIzYqYbze-x{~?;LdlBFP|6Yh;7%EbYWm
zv)2vq=q!gy7f?p)tN<2i;`KYP1syVDZW2af8Teo4q2Jmg57?-vMIP5SiOL?(P>1R^
z3H+4PaPGmNYph4mh4gU)rgUesd(;fpeLM;TdY1kqEpZT-O@KTgPbe=Y50ESBG@Rw7
zM-NF&%S#>-_6F+EsqGcM0un((LiH`o7npGQ{>lMHMuVSS9C8o+BS;a(A&@?S$n!kt
zpN#<d5^rq@ej~LrLqhtZ5fBqr?<>*4P6+FXr+w|ntbQG_5blJ{uzPebY>~c9yk3d7
zaM-;T28YPR0K`6ENKdo9Qlp_mn0N&+l}HfdStYO$3^9t+()tQ~$GuN{mz@4sYr%#E
zN!#;d+JRd^=Kv;#X0&&N#tus;1GIi+2h@2xA+Z))YWPH6;?@6u_TB|blH@83&D|A}
zXkpAlVBi>|+}_;j>QQ%1|K?XS-Mc;AHM5Oox|{BvT}iVuIayU%-KnXrtgX!Ip5C32
zWW+Q0fGvac438&-pJlLo@B<ro$HzPw`AM+TD=mnx;XFVB*$Dh>5C{2zK%aW|-iXMI
z%#6&+>d$V^qCOLom67qe5pm<jjT`sgsN)bU%xl!MvJXGx&iuB!vs3{T2EOewAU#An
zz%td|Wbe?3uy0f_uJkzjSrnaRk!re0^BuZvR&MO9kh|5MKxFEb=(1I@8$DBT*1+**
z-wZw3BzA*d<>Yfhu()c|QQ903K&OUeMwJrAYth<r){%DQ&CoO5n%laJ*CJ<@JkJmm
zI+A+Vd()GMjgGhGUa^`xbEI3l5Z=rTpMZo##*gSFaZQK-!e5wXGWC{7QkReMD)%{P
z^1~k+kn$ps<O`_JB@h9MXaxtCQXzZ>U5H^APl0p>$x!Tl(QPsxP{2MmcBHTKcBQi(
zDL?pBz7448NfE1bY(<78%=r)<@7b7S1L*CQWP{m3*Q#x`s~dA0P6H@w^I|X%8jugm
z@p*4B#19CHW_BFevCV}JWXIXuac((2-Dhlj7k1XL1kUx+{ekATU6J!q1m<v>Tkb7;
zsd)toU!$cCJ~@rX1t7`I<V=eYjalTo5o1)bsMkfbI{J}_%2IH;7t9~;sSUfi!2BM?
zvcNA78T>W7y1{75MYoFjehW~5Pt?qdWr<Gkly7War+j47*-}p4lxSK`qMyhG*DN0c
z#itcm?Bl@C+toJF>R2>j1G6v-cj)n)FfpjlQ&aF&fK3L~mwBgl0TxJ{vDC$Bi7vYy
zOQKA$;ALf3=kcB(gou8l3*(|uTt8J=RC2Thim;1q)!*U+y3kY(fC62Rf$1R0ipC=8
zBc6+vJ(TH3zH`cpT8_xAL_eygMl?mh>|hl^A~H~kC-gUBF?JhicG;_1aa84>u2{hR
zty!(uM?9Xx<&U#vX+6hCA&~8>P3M`8y$~CJ?hMykbi*O>)Jb}G!<vmZwpr~RK|y1m
zkpjlDDCRVBO$*)?w`MisABdxy1&RnemxfT5fx*O`3=*-YZ0pua;GZ@)%VQ~k<Kqi5
zUwoVEP{i#WP2vSLYumbIUu?UZi%vzWxNd_0T(#=9R`E=<i>SdAf}f7J+yEMgY#tFA
zi1KjVvdcV8wPC)^bDL(s?<3NYtdE%LD!aosr2Z5EOU^8;KtNgBK?Eib-=Gvgv3Qzg
z7$7O#B6HUZtJ!ksew%Z+@Qf{_{ETf@F;+FY<~ZyF#4(@vN8H`v;Td1uJ*_TSVff*A
z8{zs?Z*;s306R#zVR;*{PxVhtg$2hrB2G(EqA%<SXUvYrqoT<eXlw3*aF{LDWXHS6
z^DV9te{7ocd+s7$3kZ8(ezi7_#(iG+(-uD+T0H>Ic?3TjW-pB45HD@06{wCaBBWn(
zMYs!kE9~I;>yyl&2!1mRZ8{7O+4yTrz83Bq+!%}9vRfu<jQdt~1G<5+5G+#SDdG_e
z^+g*y5!$8kz1BrE0F8AapD7Xcgl&)bgRNxjcXUDq{F#K6jPW96=qT?jNQg&Ai%||g
z#?B~`L^%LOg4hzLNWm65#fSJ}p-94~kK&6=-Pq>^HR`jEtG&Ai(I}iqK5Yk9>;@y{
z8%~R;pYJX;?L=$`$P;9`An2S13_>{KC@PSam5yIO6V}7dz8OL?|LDQ2(4IvL;qwB;
zkB{iEGrz(lx>Bkjj%`%gY|E{whN2$2)Sb;YEvStbbX+S71I0i%7#MQ!4?|3$9X%CQ
zxzaxu%}t{_o^wMQd8QF!yCLnI4$BF|b(%H0uoi`Fi2uA`jH<adJ8~qQIh5rwO^@`-
zhKeHpMOJVxsPLE_syfGxIQcg;ziHrP++lV%2)IT9Oh_tPpy>-fU1y65G0ZH55?6L~
ztA@mxn!xX{wd4KA<e>$XsB@vYg$Fx5U>`cC;c+cjDr7GA`1QT~5KeE{zK?c6`fRI3
z_XsmZks6&H?})4bIkX(<kgrdYF_~2*YsH4!TrWZsP$8^mKaS97I)PbZo8)*%uZ#L@
z4M$id)TJ@%H0^vy1fzuFQrJ1S!!G8-eYJ_$kKGN_unCEIyr$y;iLUXRYU!oUWXVDf
zjhb0l77Qh2Dr(CpVrIuH`T`e==)6F-BJ=Eei`fT~d!?e#rwP4xQJbyxb?6OT@_?<i
zFlAIfCVmj|bjqJdKQ=xwId$^X=`&|%FU-xCFHX|m=N@BUe}C@h|NAd=zu`}Qq5G%s
zd=j320MGA+r*-TXDSYD5Wca5L|7CcdIL5-46=_7+8fM|GJY1HZ-vwa<!u%V5vHRV}
z+3(9zkkgMBS@_^63$K-)w;=w{;rTo8^!e}CN<mJaetI_9+Gw4X&K~E)Y!&JV`tlRY
zOtk~2c$`$m2eLSzDaJCB$N~Tu%yj_-c{$@KC1P!}YHr{1wW~}}O#s0solOS7VWQ7;
zC-)8fdE?x`0OL*h`@nMp?7|QR(uv5+B?g-~xI2MnXbjmlTA2w2=AW3C`T_Ese+>Q~
zctjV9_JJlyi_7+b6x4xD2`v+KeSQhuS?lHbg|&wv>*A75o*~NfqYI1r^2*ZM(uJ!R
z^-JZ&xuy9sBw$B-CH)4HN!G>ztwsJO124!9DwhXm0YD+@Rs;P34n)%lwSKxQVF_5L
z0_qlMMhg~d$n-R8_S2%-Pm5+h9X5Lzl9o#AwjVSZW6+Dm09xm>ib|yfMAN$87OD(P
z?c&_PU0yYMx<g7rUY?(3<5((%FrEw21%laHEvWw@bW34C8@z!dcVlos8(~!;W~72c
zNzNTq)A!Qy07}s|AmdzpqA+xWD^1*h#UvfH8=*lV^cTGh4``z^Xh}PCgU*bz3jmZy
zKDJc4am(JhkuN1NXpr^>Qv<ni!v%bA-++qg2ULHff#Q=J{epl8ZOU?~I4GC=Hx?Lr
zP&)~f1FI&)LjIcuaLpBi%umdVg0jWmivl@eXosXhMa>TYlEB{6aI$6&vJwVE&{N<X
z&>Sd`j%S6AvX)-yY;%Xs%hFTe9ukmyv(+OVN8SiEW`5&=%eqm4%tV|yMG8ofY0|kb
zp2QZ&90z9O;?>KSi84KXquyyWR0M&!IxdwG+3_Rk2OifS=lWf2FEfBD-SOICHs7d1
z@eS7PF!oH>isv-Y>%{2H_J&j4VBSQ<Fbv})hNUK@H*m+J_rk_=1DUBJR$V>PqKgS1
z-K7j1M9p|V0&Ff05WWR;_z62H+uF?E5*)%%ho0WUg|^;yH+3=h0_*tm$S}+Z@<~H=
z{shI*@N3csEbazsVcfuyZ#d1`4e<)UwdWo`eiyl<AwPvh3U**jbuKgQI&QQ@Lf`?e
zdbkH!?=-C7PCastLJTzD{Q-;BYSW>MZU|n7b`ETRz~f-H+~CU%(}>4Zk%+8rV-WF9
ztJ(FSv#9S|D1O#&Ak#)v6Fqjc0S5lANmGm_%77dbX1l@c`cP2>`Zj#g?l9dE+@{~j
zpetNu9eKq&Y$|IrcPQ6+_>rD5f}h%0aV*(;=LqCEK|z44lUq)8FdIQ6M(_dugh@qF
zM|l9-$-AvigHBM1`Qwz3dnzslIUgq<5psXRYT73B(}5#+9NM<NZnsU^UKNJo7r4OU
zQAW+B73snj$$OZFTu6evrV+RsqF}PlXBFRwQaxNfmiU^>R~$z46j=|XUdMy|XMxww
z*LnRhJrbdpun1<&A@Kd~Kyq2xN4o`TsEXaNyuB6+S(UxHpDIk;dE*LLa~M))btP37
zuZ^Vn`J2>frj)BfiUf4MM(JvEyKS{v=pCg$G<}M)G3^~#qC<Dx!9pFc*^A)^k~XYV
zQ`V@V<r_1T#l;D@Gt>bPl!-Fu=Ce)Cf#znmSq9)LBOD^~Ih;#WLl+@`eSpYni?x(*
zOn50OPW9YCED!O${bXQ*R-WYsiiN3>7jY{aOUi&`gNExJP(JK~(HU`z?ZbGDtx%j-
z4k>OvId_LfiqWY#qKl%V#AljJAXU+j9Bq+h)I8S{>q2}N=!f9SU}Ye70ArkAJ%{)n
z>k2JSgtQ2S&?ptILn~AeGpXq`EADMrEScd8aSn`CNDx=SHl%O>w9wPHz+8uM9+e%P
zdVpk(z?N`}DCSIwJh=;2j@1+_scHs=>fu~U7CTlY`#ff@gY4Kc9X+9dTeltD4>AsE
z5`DqijCgs0jPxd%6!^?;e(v(pYI*)<k+I!Z1Mw{lSXn6Il8}lVl!Z(i$23G5!R85R
z4)yn%%RLKS8_+zvQHPmX<!6bIe?|{>lvsdT%7Y0CtTZBR<UWy&J1bGH=^A^vP973b
z71rI>oA!2Un+jeF-B;8L1KJR|WPQ{l@p#jvdIQra>~DrZk9xqtnC9H&+0|9k9O3O8
z##we(Oq_JM&ZW1LZIH=MgxYDazMc*%(~J60sWb!+VDx<8#bHkI3`~0Su()iH<sIg7
zv5F`uEQ(56zL2Xdo}ZN#?<LkLayL=GC3=ZUj&zd1gRlbi*Weq>6+!XY)Z!d}u(^)x
zkuvrRG-DLo1<F?}qJy`D0C@YBUv!#PO<d(lr#+5j2gm9_qQGP+l)?+{UD>u9jZu;Y
z4?qz<UDv12yL7aIlk;JiTyHHe&YKs?mlhVy*_BJ?!s5jxv;5|Q)n3O-sm+G#-s-eQ
z^fCH3j$TtKhe%t1SXh~d2Pii3WjK%`@=H~?^AK~kCfQFFnAAZxgpAg}9vOJnZr1qO
z4c+U09Ir%VB4$&RQ$;bY<h?McKr+N)ckCL>VXqb|LK`xw8wMbahOV^pz)H&^Vro>j
zX+B|jBupI)n=uHuD}<IByW-qT?}6|uq>U9GO)Xb3qH1%NLrD4yu1QT~9cC;a?+GCM
z++#u^(fK2RAe{9{`rwA;(U=O-!-iEcs{9(tz{fI!A`5~MU0^GY-3Uj}xjA$B>V?Y-
zbNZbyW_4|LZDB6J;)`WO*@499CxE)*);bLvjRrUl#PL)2H(LxLb$wxRVU1Iv^5WXc
zTMF#kh(0J499#rCs2s1<eqnCgRg(ewi=YyRrhzUttE_O0fx)@@BqWi^8olH*-hNF5
zft-fVY2hv?WkyFPvI6OXk(NZ29Np;p;#8c2@o_dy&U%}&pmSkyt-P{0d)d5rb#V^u
zo6P0emDwxs|LW@66DwDF??}aKS%3jMXN2q=_v+8<J+89>fN?2^sNuJw6_vSMfQ(4e
z3&R90BVwIa#pKqdb^SQr;e;_fE5yOaCfk!-Ace02M;uno=nT%|(V0ze9oCnTz|j-y
z4p=gg8l4NlGXaDG%Q~V%`eX2!(lR$T=G@ZqTg)eCFJCPe_$M`G2>QaipZWq_!=K}{
zoG_CN!pxRX8}$lAAkelJ7PQsEFck7E(A#5>Pq+?8x2UrVm#?mr#db;1duE<1I@*hN
zG?ozS=SUaa4cE<=2Iu${V)gLuFhyTeqQ3iDIhfpDnwKKgWj+<07LY<=LDT?c%a@Sx
zo?Bg8Sy;SOVC6j)sl_BXnd!M+(g&F=qZhN|c-f2&@mOiBPLHyEaTa7E&xR%>7?WL}
zNY#V8Qm(6lHo^`sZADd)*KjSBqGAi`Fw*}-Au+V<u_zC#;PBFl@JI*gkN{DYftVm;
zMIPu;r7H)>ikzKhG;be(A~K;O>>43cFJ#LDjPEAPO9v>EjXG%V38fWTJW~?qIk&VI
zCMl9_bf#*vD;o4W(_u$kTmV)gnUu`qO(t-G3I%mz@#jSQYk*qK4ZH1-b#Or{VkB^7
z9k6Sn>3y?R$|Zz0#`zejkb(nQ#qEfG+}qjotqL?Owokca`^<kcnOerPGdE8_|82g&
z@bYMN!H;}#VWr2{Y-}Z}60*I2zbkixuiU6iGA(XT$y~dmaFhH7;61L}TfyxsQlqF1
zln5F@(y4+iyXzp?hP@@KBCttLWCj-J@T-7__akXn#fm>^8bqW<gW0)~LZv~5$CsBD
zFPRswtm%VA^|T89WcMS{-ij{B@m^z#F*KjyvJxXDcP;k`O0o+RnoQD&BZrZ=wKjbk
z5EC}({o<*Ic#4^`2jZA0f4C<PnuW)y7!0MO{y1903trD=L}Mgq+Dn1g98dEjHWvf-
zLS!y+OvPiI5(+Hl6MJj8w^XAa?u+$nT;P^Vh><9ZdTft{y>gdwO{}=&#97=XAf&yt
zu0)q#m6PPuKj4yKJ`@7tFhbt_4OXwR<KT-nHa0dsHZe9iHZ^u~?9|xlu`^?5$H&IU
z$0x=o$EU_mj-MJoJ$`2V?8Ml__{7A-<iym($%#`Frzg%#oSht-9G{$+oSdARJUMx4
z^7Q1H$+J^qQ{z(;Q<GCuQzxfRO`V=PGj;al*vave6DKE6PMth?^3=)GC(oQbdur^|
z_^F9glc%Omoji5w)ag@aPMtkHc6$8u#OcY?Q>Ra!K6U!^=`*L#o*6qcerDp#<e8~6
zC(oQZbNbAgGiT2Nh-abtvrzO|$aWT@NSFL;yWRJ_<st3s|L+I1U;eHycHgOYyN^Gh
zY2WZa{;E54tlRxRKi%yv!23VB_t)Kj0N*O`yY^$<?h-uT4ezV)`~i5r8J;Kq@Ku@#
z&$mH%2ErW(-wEOSApGd=1KR%r&rvAz+yCVkyC>oK!|=Wd!H4i85PlrOG{islg$K0@
z@cfTI@%irm0dZI0_s?M&P|q*G^IKkcNc-Ir4{HD73$N1bf23(mi0l637rP&W=c|9}
zi(M1aKQi!F-CzIhZueIp?zbWQ9MnHM^nmunGu`h04DVlh!$aC1!t*yj_}AV42G2kK
z<5y|*4|TimMi}7v3y}VAzyCpP<N42bI}j#*>jBM%gzx+hpYPs&%NM)vf;v71<yS54
z6sFohJDr+iYj$<R)$E36J9Q0Emt!vetm8Ev^sue!2L5D8*wt6~YkLD0P|d#W_*%WG
z3DTskH{6QV(41zq(WwD@iuPYzValzuLrskirZldfC7vuP+1qQR#eid8^f#O~Eo!I)
zzEfmp7n4Esr(XSh_b&&Y@BS==dl2R!47~37?mC432Y&xLJfDGQb^Q76`yn(Syc@#L
zl%DVYDTEI}_!NZK&p+Q?gz&8p9)s{REASn{hah|kg0N?Z*U!Py=F6*dD+|kOODh=;
zvQD*jfW|asE&qeR<v3Bv#5fhVVta05%dTC7-9e{qd*v;5zwubLQC@k|A`~$`7P2+v
zm;c7&Lu}XBE45+c_jAL>!-h>oeH-r=8=JPzjyoq#Fqlq=MO?C*F<X@hn9CX+c8Ylp
zIg4>Ma#lp3O|Cm={O;?~l3+8<J(y0%z7+Y@sM-J{m0n@E*lD5kq!3GJnl%S4ictvn
zi2nHF%w`1`5D#r=femb-6>MRX)_l{ex-FaJb(uy!to;!iAGhPTI?zrVm<G+{PyyTl
ze59Fx$GOrWUXgsX&6y$PTP+RHS^^KV!i<KCWIW6z6SHi$BRRw<gqcTlQSop*`<mO5
z@<1uPylD0zgZBgV?ogyW=}WBaRkT&F_EA*sae$Pg$47OhGF;L-etq-|#=JzvNa67<
zLJ}w!EYtAo+yPjL{JYZ^lOYEB<-{)r(_~hB(FO+x!v-WFuh~UN0T{z(1)oR*^0W%3
zQgZ6(uqBg_Y#?7QlZ=F-St)M7XtSFt1oS4$Yh;z{(N^BXQ%5w4pmJkzO1KgffnypK
zz<&>DYJf7kCzgfEi^aj5iNzGj<0`vbhDzgicJQHRJ8q-qZdy*0Un62{T5ogP!Hd%j
zUs@J$ef(v}@L;f=+b}cuJ9AG3STi&*tbk;mDk-vEVe02gOG}q7mrZeWnl;l{zj#RO
zaAeFH%4FhWROG%Qh<ve*WRHeZ0pbk3V|hrOgUBNLWwLo(7-DpKXqe+JUT*^3Nf#^N
z5bzS%`3N)Jr*xcn7-IB}4`_V8kTa`5aD+_*dfVo!p;_n4q3SLVX0l_(S5EbXmNmPs
zn`Gi<nxscIqKmRoh6KF-h<^O|t!>!8d&6mWVgkXhXV!v$C=9tZqHm!lph#W3xKO@4
zzgnd09SW)C)0Wou(NznF@fMw_P=qK8B2#ZrW-Cn|$XHAF1kjeMc0(dEgd#;#>R%%<
zpvn7JBwvsc#gb!NmFdb5zY=z6KpPpT*=W9PH>-~AO<&W*3dL}+D6L+a`~@;Hl{_<^
zKi&qMKr!MOPN3p!t+pBfM=D4Fow5-$U!)rgP#tWVaBe_uAHPv>T3js{T<fGoBE<AA
zu5jr~?6P=qqqyd=b(}5nhWy5_yn+c?<k6m4*`ZI@#1y|i5b2Ox_71;;BHBkI16nkd
zW^!U-nvg!mHlUhgc%LME7f`kBI`;)v3>H$(hoBk^5FRNXa32Me=PdG6Bf}#)a)yNg
zZ5U~woZejZJC%HuVajBMQ~=g0M@lvJz?`BqIs?FXdp^Gn6R|E(%!QYH=-_xJvrt6A
z#k3LrHni}!bl+$jy&+;%1%up7;AJ|H$^iH^I@wRDS;J%D1UQ=9Fs{E4wvI`7rv(xL
zmBrh0cwF$Ct&()J*tEef7}M1gMCX^=AZkrVSnW{e7$g`OAiV=<&vhdSIy877F?j+b
z0WoU?z12h;^pdW`7~u(*m%y<mL{NT^SmfUkT~Iw2ohG9XnOcY`2UmKuaA-no24iDX
zQ+Ozxw3s9@Ycu!`HY13^FG(W|J$V<o1R4)PT#^%|$PiGXJ`}+#zRvD$^@?au(5xYP
zB}<4_0VRa?22jGVVs`e(Qj{=JsO9tvcwn??#xe#}IUXPQ{Fftxb(7v0l<40YMUc)q
zze?B$;tg@5uF&*1<b=SM$w_6403&!Y_?Q)Od0-b%)1jcIZ+S)F_r{9GI5c)*=z3x*
z;Tot~hvZo+9qVKejTmKMRtMAa&Al0PlD_Yif(&cb7B>{dyL%!=dzv7;wB;Mo$)g>E
zTr<%Boq=>TWIKvx!?kK5gq+bF(4wfLJ?a&i1E~O+1|RhXuWLnq{1W1r<WxJz?YDQ3
zeG7Sa1AP^f_K8sx{5U%k)B|6I>_)@%Y@A)kv2%S>s|;zQ<M#L%{AmULLqD#M4Qq91
zqF>M|gW6!RX5&t`Fhtw>p<!*2+z64|wW7uuKUB`qAD*U5)mnaAyJ9uatt0H3<IY;h
zc@$d1@Y$#{yd0egP?gMtf|5d$554I&M@i|Q>8Fv4s)y6MnctA9B{mWTKHq{p2%F%+
zD~yG5f3hD|*oamc`4p`_@<|3I{18$PuTu#iO@hZNHLmgbc0C1NsSrR6X5^Q(KRbv`
z0hJQ1N|i`6I8()HiE$EG7xTPea^a8k7RdHO#<yrn)P*>vX(JwE4D`qc%T**7GF%ZR
zi;B^rDI{PN<CH>96bX~mkuGTsV;L(MfrpVe{OiTd#^`*4d_x5Hu?BJc7mN0GU|?=T
zEc?MCxvd(+@?Sh{4+`HGTNv@z)vJB6{gkSG8C<Q9F$Sv-MohEaR^M=Q%^zaWgTELw
zsj$Q#iNK*|w)fVjNd%O+5Sc}i%_3pKAX28VNyb3Nc&Rq6k?k!jI)&3RqS&A+Kirc^
zHH7y!vEo$>8<njnFR^ULdCmwuj6oTldyy-!`q*&Am@3Q|W2+d`WUxDwb-@Qs8{!v4
zl2@Z?gC0~yf=QY-5>b#ZmL&EW%8@aKA)_7)0)J22AIe<Wv?0Gi#o;cPb|^t66?IYU
z7>$6(Lxo?QK=PSLe~cv_UunVd5m0yws33YEZfG`a+O&qXS*clgI}N+brG-ZFZOid&
z4Xt=3e}hc2j-L04mHxobJ>UIP9)5#AKMvt9AT)nJ8vZR0BcFc0`?U~k2>&0v_dK8<
zpIF{;q(l0+oS)wi>fK6w3E)h8S!Gw*nB!bX9CVvlG=#V~xbM~@Ie+*%pvCj_Dk{J#
zlUcE|lZZs@K(BK60g&*6gM~z+dX|7Dq9&P$GEzfj#3My1Tw)n7BmIy_i{{8KMs7t6
z{FEG=wz6{|_In_CO5AQ$`N?q5Z8-L#r>vG^P5>j+sj&W2e;deC><*3_#PfmRZ+Wsp
z47<659U+M~-WnJL@@~Y^YO~E9N(RpnU85^Qp0rp_@d6ve1@6j>;>8QZUlC3NAe#S%
zSmBz7qJyiCNA#;rajr$b)CVcS`pGX&#50&^)Idr`LU}2d^gf`4FWfVlwECfG5UR=h
z7JZsdP9EZ*P-4X$LGbeh)ASmy?~z;>51`nRRSLWAnh-mMm0b@Gs)M*7Uov&RbN<$j
z6ZPkLwdpap{()aCx>pXyATb|{qCX@-a6%Y|`?0oV;(?nnj0yn3s}|`4ZBS+c2DK6B
zl<@MaQk<d`!+ZVEb95lhk*~ItdlSY9x=*5(0zSaKYms=ohRSLuqJ=Y-Ip{#wb9{Dj
zRp3orotTvsPZ^9EmoX*I<H%iv30*FCNlDj&83DENIdjbr4rvVGkAb~i*MivwscF_+
zqY49SD_+8N<yX&dU)Q7<4aTTgL^Kd5gW9k@Izzjz5`Ga*T%*iqcr?ME!z}TDDlwfb
z6ryoFy#|EJk;F-*j7`{pW>q}&Gb4IDU_nZywzZA-P;Z!<R_pvssbu-w*MucD#7U$H
zre-?p*<-HpgKY9j{;)XJCMU^-VND#`SFI*$&{S-lxlhK8x$hNGmA^2opP$wz;z`Mo
z_@>*YD~-_^u&uL$cb&cq1(Lzh!B}C_)B0pk7<0&`Z+1Ldk+z%~UU>L6w+(a+Pxzs*
z8vLrZUCt!Ky!U+9(TeSgwtT_V4Cd9^2-KOhQi*vfDwTw8L8%nAh$sfWBiKnI(-23e
z0s)skI9%NH)(KAr4y;5ZkBn0G7_xS!vP1txsUyV*r|I0kcj$WDX)@0^ZhKRA>m^Me
znk|(sluC0$)QLD|L$k#T#knC)$aSIWWjAXB+JLlI;(jy-jaZy9I55CH-uBrel&xsh
zYO+Lx1lzGHh6f_YnB*7w5w!4o)`pz}yPTpy9!eV}a)G-)jU|Ob(tuF;)rVpOG$emB
z#EA?psMiLy!RxRQPiNkzaPVZ^+HUJ!_rf#xy03*W2_ZA9=Z{aW!2buUn;TV#R8@0E
zbZvQ=t3F1lU3ukAtKRbB>M3*lRFG+o-6C6FUiHeT5xQr^NOaHY`89gBD*S=}2d;8k
zm9`YkRd+<bQmN&)OC?w&7SU1UGLR|X-3-5OTJ2jlB;X(Do`>LL+xB2zTq>>5GmPh+
z#7k^3)S!SSY#WKI;`fPG$zfEWpJuQm#M&XC=aOlmVD=S$kbwu&ZbPjI&)m=k9^vZh
zXfi?{HVoMw$dFSTQtCK;fn}$-F_@8{%{d2?9X#br3!SV=kJxkq1s1IR$;#siWQ7g9
z10XvwA+v{x0?~8u>%<A&xZ<q~`E>LH65-%W#d_9mjJh5FM8j!zZjatRbILq5H41}#
zqT)19^dQmzlDXxy{SNFYIi%hReur|8eB!3%jlfksYZ&pnz-$4Rr_bnY#bk~+T6jlS
zs&>#L*YNu^^NT}ijlt^~sp(>>LKCGiP3xA87uwpx=^0?}32S|g7=5;!ol8l37+u<?
z3u3ldyL#k~q=oK%n6YE4DC4IKVG8(RL?1jcIIPhP1|o-!A7Jm_Mn;BjLVy=uN8LF*
z-Wn_x2eq5U;!T}Lvb4CarliN@nW+cl!RR#c(i2l?53<3)jz`yUL?}un?0=(FI*z@s
zQCt!wL>7a-Lu#XSYrRy$36UJMjKp{)P+u9Ybo_XFjXvTgG&h`>I00x#5S8?h;tiFJ
zq&A1_5guN$TecY!3H(tYub@E(-icqcO|nIniw2ACK%uzs-fZ&!$0F(YmdXzDuGkhS
zp@|i@fb(TUXKL)j=(=p_O-lC9w>?zCJb|SkyB7k1K1zWoY*(~8!c%~a(BO7u5Vj{;
zo%}o&*qu7kAuNxtva991B9c@zuN`ONTZ&`kg^5#%FOPlE>eSLg@O@0g(8<R&{7-Q8
zqx$%DtbeFDB=;0aUG*AW4U899<4uFXjX*ZLAa#*$BF9;?4%4uyY1#)qey{sU2>%+w
zCm^i;^1bdqhVV3mcR+akCxBmq@U0LYgYf!afp-Ys3gIybABFH`2rokTEWZCLyhC^q
z!e=48>(}mee;&g3LHH>MpZkq_-QsWF>wXcQZ-D1R|LI<L2Ex}sI04~vzYE`g55B|m
z4e<OZgfByQ5yEF7yyuhmy1xwJeGonjq57$N-S<OiKzKI<?+@;Ee-gqS2tNwpU7v>f
zA$%W%pMvnN{|xUCz7N7rLHOt&LirG0gz#Ai)xU=FAT%Jn8^Y_qaksk&;aed*2H~R+
zz6{|-2%m-E{hi(JPeQl@;YT4n@=d$l8xTeyEJ1jr2=5R^AS^-n9E9SD-R>9R`387?
z6vCGwya?g55Z*Jk+x=w-?}PAR2-Wf3?)xD$AiNvG<iu{b3E?~h6T(68rb*UxOfaJ>
zUU_A4^|X0faGENEqkVCnN2CGc_j>~-?)L^v-tP^Vy5Adc@_ui?sr$VFr|<U$oOyZ8
zPWRgaGCw_AZIri;g4y!{x8~(Gc0S<dyu2pP2QgXB-q#J70;cKyX8W)O_cz~%Ex5lK
zKWxGM&G}&q?r+u)TX28#e%OMe#{5l~mo6_|n7wS8i!e#2xEjK8+r91BwT0#ttHrKq
zxG(qD2imx!MuQKuarZxYzP~pm*n*dJS8^aNxbIoTiK9lr`ftHeBUAmi;Hc3ep~zsb
zZFHKqyt(TAxft%T8AlDD_SlTQBh?jey;KTx5%Bd&$Hz<OY^%*a(ofS8-fUT9t?jn>
zFT2uN5Ato=?RA@sIW=Kx;gH5()yAXVhGtc(u#~%Pv)=TCM*^p5ZhGq)>I>q*n1$C=
zpmWbUB;zWmDIdM{&5j=_lj64=d)rG!Ls}2@_FdHYMm~apgkE1m^{v1l1brV;0#6H+
zKPdgC)nW!DJUd-WXF@4d5&;<=|H`@t%tJlu9x$C=Ndo~-hneerrpv*->#{$m3BaLy
zs7l)?l{hQ3fRRC>y92>b1ParJNyz~VFE)|T^YMtC4;HGm(GNL`1WCOqENTj*k-BO(
z>X8IGMU_fTd%GaJYq{G4(q%fXPOX$MuMn!tl=NfQI%lpE3<lF#GS07(qZp|?I<1~j
z!WS<vC#<Zq>YLP2fcNPTLz==d?(YYn1=Ne=zUa0$EyUyVL*@)?hV+%SC<eF@PB){E
zp1p!I@*-;Dr@|Ue+VewRyE;=Ka2fFMUXqKO^-xjbJZHr9Y3k3J;TWt9+t;y-O>%zH
zs242{XJ27Bs_77eP$nM?hD`#XA4Cc~<D@q?7<D#4Q6zfOuAc9lnHh-}r^F?>OG+hZ
zBN86cDjzO}we$o291`1f(1{j@!xQiJNLLqG;=XI2ZPt3s#@LD=qYLU?C?_W>Ui6xp
zhHAa(iR&j$=&Q3A%WH2b$x);FO@jR<YM|U)-Dy^D>J__cp$d-UlZ`*=nqce6Ul_aE
z#(_3NYpjaXaQvO3Tq67}^7}3+H!B}jy_;dOPSdmMHtSNXGllZz0@-fXA|Q8~&NCgm
zv7@`&O%EbS!>VbKwle}0g%#U|8T}1ZJ{cv;J{p}AV4=3mWr7VIpY>|YAd`2Z4nwdo
z&!A<gP^@Ax=d#exq1k3NaCgr=_w|GaIzI<UkSYpM5TOL<k!v-;gDtx-=eBl6^f~m;
zEUnaHL9ao#n&@{TV-=S=Lxu_>g4KM*+7_O4q!eb0Dd|EouC8mGKZXVAh2fczv~J{8
z_2^6)sMG>N=0QrXEF#g{oaf+uoiXO=izzGLoH??Ks$!K%gZThgn<%fI6W(6@T^igG
zK2J)?t_V=UX0T-tSwD_~%j~M&5#3O328^C-Q`TgY5jF!UVLH3j!iH0;+0BT`FHTly
zCxUD8JB3Sn9B}ni&EkFa=XAQdOq#-M2o(DFQllfyrUAem50oUMO&ku@@()?k3gs<^
z{SPc5c1<ohK{*9;1N6h?G`3Wd_fCc5p5V8o9ve=p+fZ-P4ArP-FON9Ry;gOub4*J)
zxi`zPLWdJ!FQ7zLYx2g=mgokmT3ZsczzxcZ>E#8j*z@|WY)XQ_<FM{zk@makc`;dz
z{OJWSra9k|5^gqPOA5^s!FEUH2?vo%9AVkwB#ZDj4-JjLjq{<8B@y7GNwdXh=LRam
zw`U5`iT7mWqm+9am`yvT<~>9tNu*X#fL={95)u$Y`WO*)gtOC#3O$T`Bzlj+kC0)@
zkb>aMc7+$k6}!%I?2|W=YR<tLg{f5q90p@V#ou3iQ3}ZS(Iz~l1wHoSMnsg_vlD~l
zp$H`BB#ZMwY833n24RIJvr8yM+7bMvGD+&>tgQU=HS(9jc103rv0$-Mdyo#82vY0W
zgIK?4g{jQi0kD{Cb4L?5Ddo*#H=pa>IIJEUa~RwvRgOGoA(iv%)jLdHg+K?g_qJV^
zg-U6Cm%xW?TuX)jAo*oA9SVv_=Z`ZEIE-vY8jm&hz(*4^8t|GeyG^F_R&z)9HUN;C
zf_aYTc357<{f>|%%5!yl%Wewu{8rocY}oIi2^t?|xilDsR>Sep4r~OS^i?<7Zqw}m
z-%O3fTvn6Ixu7yMV)Hzw(y;R|^a0)On+cAv0jXKJ^eH=cehxT;b=VIBY^Jck0q4m!
ztR*%d1Q{6K(*{<7gSi=Kb@O}j&r(bISJB@6@X;?<=gfN04f(jqQ1qFK6?hCF@h791
z41ykf)Ppr8B$0a@=-eE#80Ss=nzBv0B7ZyVT~aTOOR)q<t9{yv&Dd&45#<LDb}4=t
z7UHbMH@Qq^@F_uMtU3KIm)s4OVi9L2RjJ2Q`Oc1mV@=@Irsb1v)v;#eFfDPc#m_fU
zIzfJ5im<^h+%fOO*-jNhq9FJoy;9RLwOBTaH#w?Jrzk13L|t$0QI>ffiNzt_A)JLW
z$MbgmDO)<!Lp>E>5vp#Jx%h=iy)%MLioap`oRul*^N{MM-nQ4RcC7&wM#=*oggL7y
z#s~l-{BFyGZ8}zyt}+2%vp0%Np{6g1KHVFNSca~sGLCBDvxF!Lnj{X538hk5)l_Jd
zyi67ggCO+gU{Vk|3T$5xMpo7y3#uB%+}IyEhwr)b@2P(z%jY60Q-Na_k%{@)kyM{V
z1oPo8-h$$|U!K9a!AJ{?Sb2tWPO3ge>XA1k3{3R9hhFl;^<d;yQOchJ4^G4r`clh!
zri1Q-=#FZh6i3wGfV}|+dC1eRKrM9lJKkZ%yERc5cbx@&ug`@!=*m3ERMgktBl%0&
z!kgRlZ41)7iBe#F1l|MpHv|I*4Su2HT>WO~mC35r+NN87xKJz(OZozYEG(0u>>MN5
z*dvw%aGp~jmFP#th*>hzWXTH|IU-@3CO~V`?BJ0cR!eGZ=yYhkjUM`7N4V*D<iZ$e
zLZxk6x1y3EF1WC0NjxqK9qSIzClhZGR}&ot73wL)An0J#PfDi}+!0%Jj^iqAc?>dh
zxXASM3d3m=QtqE<$6%kd?N&RZV*-kh(hrf=MmG~kC;&%*XAFQ%KoyXS=-{$_PhxcU
zGpxa&9w%3geGO^K+3#M5=fH*}ttH7p0hpr0!Ls%k5Wd7L;j$UX?SML^@C3@q=c8LH
zTzK2whSLI4VG@GyOQL90_AtdVR7b_mHf4BHMhAE=<sues46wSlBJlS$J&?<0_eQXt
zwY>?DTg?vgZpdgc0I5is4to2ZQn9lgK8Exyx_ynzxO7@7^#HK~e-o%@?%sf})eXCP
z3z(UPQ@7ERp`wG1UdQaQU!olX_!&ozC}a7OEhBMNFD23|)|p)6eB>9FeAt?esSHmK
zxlw(zDGSr29o9>-Dq_>F;BCcryZnrDF+}xqO5lkTY!}dERX|xm_q&m;Nvu$myt3?(
z34AQ$G-f1EN>|ah%ITBR#N;~hN^PlvIP}|8J`I(ELU|(Ec+I3&5J(BdCgoPirr`f#
za|C-f-12enqvEDFp)Q7pUnKkpE~Y?raQ+jgp2MhPF^1;7nZLV={_KO<_zK~UjqX<n
z_g4t_R|xl!Cfp>j;uCSfD<kPnGT8wsPkeFJ(dQW+;>9tnnpw|ts}9Qe0_oTc^f>%B
zX(APdlZA}sS~7b3ZWi~WRI6Imzg=`ZluHzbHLK!igL8x0cZge&0p_GVtdAzXp=~Kp
z3q@4;Qg7RdJQx?gHSA_Q0Yrr_>$V^Nj#0Q7Q%8ppc$Gmc4Li_MMM|&YYS%<M@ga;t
zO_BCiqKQ13tZvcyF7#jB<%xoKVMz=q!#+tOaQ@CD)BGhEay;NMV7Lqv+FJUy+rDMB
z@!D3JCKkUqQr~daHyRLp9n~?NrvBvWoLjRanlVqf+x8Z!AH1C%E&;8rcRbtEs|~BU
zK3XRwOugWse`EH+cYzVHTPTQ@3xZK^I89r(>UebhcKs#+_}tCmqCW3<fYa!EIZ`MS
zg4=qf;Z|=&fQlq@>*29C7oW4Xhw~TLk>hyEz;V%lh2uE@*zdIIWLr06oQALGWGN6^
zUe@_t8Di1|Y|3TFw~s4qLBg7(Y02w67OgO_WC?Q1hp!SSydlZil~ND3EeW`|TWHy5
z7Ym(_LNk+5xm0&JbBzLn3s&SP6g9hH`{HZ^wWR&?{X=tnrho-2L87VROF#w0!YJ&a
zCU#wwvM2d%$;?sqxdd?)SQ0H!9;$#$8S;9uXCP(r&wGKcqEw?BhyIf77g#D)3$kGk
z=;_M<KL;NLUAXq`r3nG4KP1GMt<}_c5t}vA`f^~9a1iF0Wpo}Oq6^qQNA#Fp^L%+c
z(+Fnog3v5JN<pBYX^hU%s>o7%Xjlq}#C0x|gRsJYC`9Om{zf^Qswqhb!yCu0Sgl1^
zmRF&u1>g$SnAu8<YoL1sCns<kMd9KHu{0+3?N+<Ls)Aa)Yj~;dbGZP<+lQc}C+tQG
zl?O#>=Q)HUdSbnaGP8Ru`_z=_r)b{y{5u4Qa9eRGO{Md9c6ZK!HJ6v8z|0U^Il+@q
z!nv+om5mse8qr(})G5Tbpa5d+WDYK!<!dH&M?xk!d1X-UV?(j?i}8wgr31pSR6NmR
zO5D@Iwhdns+H;tYpJ+hRyt~UqTXB3tDt-IhClbtf#8MazMK|FvoQrjvls~HjBh^r6
z@+L<CpvvW_<VH2x!|VVla;sF>-+>KP4ONqs9q)CR(!H|dc`-EmCQRJ@2HhVTS;e)a
zk10S>_McM^YL_crx>bl@lf|^b?P^4XrrQlK3U0aGE~t#hk`j|pDJgPs7B`&GZ(dng
zTrk&WFI+B@y@OABL3qQiKqsN=6KT7o<AYsmH&L;umf5x2P8-M@OBwIU7-sg5+sa<Y
z&F|XM{8C9@L+z!S<5jJ8jkOWUmcDJXdoQhu3j>MKZQJsIrpP6@b#@V><up2NdjvD_
zTN?fLPO!&ykZT3<W7Wc*;k|;Yuci$HhU%|bgC=W=h4d#KF`0#4v@2yRC{=mAXboc>
z)pD%V@!H>r=_w%hoU>6xrs*T3!Gz09wGBoHP0UG%z!JgMun^Z$!^*NL3USHU1$6ys
zyo(HeFQLImPXrj1fIQxXAz;xj!{-K6L#9Fp;qxm>qoOn^GCy?Dy+uIqrs=txb^%uc
z_m=4j@)9bG4=V;KLt$J&Y~-lX{s%0UJw&Dm;lf+j=&mYcbIIoVCLR-nlq+5go+02;
zR2XI}A(gg)msJa~lV@$(x;SCM!Ng243W&^gCwpyS1h8fk0aOfs93>)P@1I1fisubi
zQcn_;i+06UEpu3(jvEgUwIwalZL6h|qX<4K(3O%VK4X+%gerL9@D_{~u6e9a69sN>
zH~_>ps=RO7HEdsFhxE-y#3!fGz&rndZrgOe*=pNcj@$7PMTv7x5?*dwe2meyCQ1op
zwJdB(fgKbGdxn@T1aw9kEn}-R>#A_QR!yiVzmtdbGkIE^_MfAY!s*EiATxJ<+irqB
z)RU_Z!)Ln5ISZd7#YQ?MYqjVfai#1^M5U|o9xlKb4L)~waD;=dT2!;$2CD4fWBvpC
z@*K#_^y20akwwd+zCg3mc9kxathm5yF*3-VrFq3zcI84S4T}n0q!z@-A8MAYBP3jk
zm4A02?M=OUzq0!p*kilxKdf>kpkS(k4(P%6vcHrOQ71l#Z6NQct4Kk`jg!IRSB7nP
z6E%-l>~#mG)=s>Sc&i!JBx3+9BDHa3IwG&P!-;fz!#%;a;r*l4jn$S_h1K?1yY0f(
ziVltn!&*pM(+_FxN{4Np;)>qn<+%#{&?DlAhz&_10bXGomyC!cBp^{`XEKr~9Ent_
z3x@05-dxhSI3~+1)Q!=P#aD1es=JD~0|X%sK_Q7by<kuPwLnV08u4-}a-N%!=XH4`
z{DkE(9Zi^I@eK#bw3(5f%Fr^`CQwN53s72U>^Ksr9t=lWev+i8NL}{UPuUjF`|PG(
zUfQBY_xz)zXcE+ztrGEyK@oY`nYZm0I{8d&HX?`;`<SM&vj2r9tX7gc#&)}3!PWe@
zDtiV=9~7l>+auSUChA}mtj4yrBl{{t7EBsLSs_nhrx)n}SdVD`2md%|WMGK(;{k>~
zUOY2K3|Pf(xZCs#7F`b=2I5{2cXh3ZB_kB*l5dqxTfefp@+6iFg^a&ZN)x+oomCvM
z{#Q%BBz7gRT?|bWQ$2Uau&>`CP&gy~%22#KLy_Epd}So|ITHAPxRAyM#0cDLFEquO
zd%9h}tk;z4TTJqhBTA%IDk+&tNFaIiDA_?1>(380J#@&_X~M41LO~*q2j3#b6$Oq*
zrBx|g#VB}OicG6uT*EqTKToG>u>x@ERO@~vH&X*y@2M`+LIw1QnpcLOx4<)_VnE^>
z^I$}h19G!2iD9ku&Mzu^KSe7|b^yT?&tttm+{1gEq*Yd^mt?n0s^&5$lpQ=D&p5EC
z3sCmoR!P~d-hTrXW9`|J0b|T=5&cYvE<h@(?13mcJ0;c|(b%nsOh;zhs0=xADgr5{
z^qxDG<#zP*It??+4b0o7gQTFc14Oye0QOapX-hg_h}6lJ3C@upOBu-|&FH<`OOlH;
zCA~C^7||VtkY=kG=UL@E>Efu^zN8;yTTe%}9CNKVro}y}^}9x-A`~0kI9kO=c~59X
zCu<Qc5w!+s*5JlBQ(+gBN~{yqraq}QXHi<nj-T_9gO_CfDtaoSWSK!4&!wTO+~8Kn
z+sN78kzT~@B_wDEN}CWbk>9WzHeP<DRI5$x=eS%q7oiiijpQaxc}Y<Onbm}q4j%fW
zK!_kU+w=QcBKtxIEPY=X!A}_WOwrQTt#q|w8RP_|lEBHvm|P>tm4Elow1kSf$~EQX
zA!sqx=5+EeYbU2Uw`9+wxMj<&Q7Ly*{;gMn>(S%e8Fh+`{g_%UD3%xH1heh7wL?0c
zvKUmPm|NRv*?~r7$|0IUc~blhAKL!T>~n*+=#ILr5}hG#+M8~Bhv{mBLJi@gjCI3N
z*?k2=ls*~bV~P6Mx%XX}LvYl$UA=S<q&~4z{OqSvEM;mZ->LW2Rt4wHoZH;8+jv;*
z&2aI$FqLO_d!SvS>C}OWKGSj9@h*;n8F*mL2Pyt#GbrkOis-#h;ro0il{)u&ZlREl
zWNf2Q$1t*$ilZyq!)0xy@I(x8C~>}Av~RcUs$UokVb^W$oRzByqYHVUdW%;tUoH+R
zUFqi9l3^QCJ;}bT`?8)SQ_c2=y}x36StN8s9~;S<kg@p^-OH)_=*Vs5dZ0cZ|70G{
zDD1W8XJH|3D#&1dDt%z2IE&);psWh8GD_<qxXL98IJoWNzPF002*+`!%%~AvHi0|8
zn{=o_o5-8Y{2}lFBu;uFRw4cB9|nE2nb^uh?IYCSk-ZoUWNC%H5_W_Al2KCAMJ9K;
zUzRjQ4ih2B%yu<>&yE$##;n;CI%^*v|3$7aoF*z*YO-i3j5aAr+eY>AL=qOwk^n!H
z_>Mdhs{-BXt5S#$rgqETF&&TVIBWH~V`7Z2(WXzlqAhJy%}up|zGAhWM8bF8pdw_Y
z6vbR3M>VayTWKg;6g#4;c(NXt6u|^mUa#$PBunqxvcj~%7Md#IyiQySDB7-24i$gu
zFG=;kyGg~$ka5O(dTe_kNo3!f?CT^!=GAz1U?3T_rd~j|1sB~mE|l@P7y(hK`4<2U
zKT_wX5kXx5Rc$KHTT&{mF1)pDE-YSLg8$~rZx*%$J^PY(V#sq+e+6Ad#PwzGEe_q$
z=`P&GL_3PH3$dO`5o6?SHZj%dtsd?RWJY;&4e^K$uMs|oZfW9lZ$u{suoq9Qa>sSB
z*pfvAv0x)?wvkN&GcYTg9QKD~Jqi<Rk&&H_dOz<;%HD}AM;lm1(FdCf+lQ<GDRLnW
zTkw`z$Zr_u<wO?GpStYr16z>G0sxT73OYDFB~B0O;Dmqgor-<6i3~RIS@eucvE^dw
z<f1FZ=vDrcQ5CxSe!x@6l?OrD^&-qTGzAUS{pZy6hgtuncN=$LvFJ8aMqOn_pzEt>
zA=~55p@1lhW_X=V>^B^6{jQ=Z>2rs1vIjtNj|??sExI4DG@R`Fr-8Vi$hq7H2^R1=
z<6Jy_>h3@I%(NUUR`nK|bOIpEv^wl($@rSw0{S}I)B5_5sW$eaGG}$Vzlh9fAv;|J
zkGY3TeZ6DhwG}ou0G4YeJ=jgRMlNS~`ix2t@SE6wH}!g_Sw+&1a^G5~YLliWenOY`
z0T^K`ux9ALw6b-f+X=LqF6?Iadj`$u*$MggQaF~9;^sl`rc~S4EVl13wp0?P!^Z74
zTl4WPzIP(LPOkjXwY?Bq+(Xt;wdxNa#<HJxR^8-nx~b1DFCgMnoLUm=aqRVqO|N)I
zgFt=d5w3)uk%@!|?hmoTt8Tk(R~cs#!{Z*ai77jynLc7KI!dq_4HU#R+$OnlChsU>
zS~=uD++xmA>}D-j;Y@#?*=2JtpfZ%?5Y3~A;CkM6#BoYS*+CAcS#7gp78&3@PF2ia
z6dtKNeu5!JlnxKpN~I`e9?@Z~HD|IX_8o`rZbj~g^~0TT<7UWGryi@L0JrZgs$4g4
zBH5(n4i|3S(T#+xtH=K04&Oc8>2*6JPj?XXNcE-`$*GShddcEYGK!O{Am0Q^sv0Rs
zrPSugNl4>IC2D-wLP2zl-;3}OF>62)K4wFkOs(@{&k|#O;g{OeP)377VcQ<h<GF4P
z%ycGOmalZ0O;dy6`>>K8`1bCnM<hLwHKCv)lvwzk;3$9t`qd#4dQ-l>DRE$ef4HfW
z8v%PeAmMiE?N2FlA};aaI#B^@5$`M9ahy|GmdlBXI0`hjDL3TCsiE*1qgpv%8dRbN
zM^K4bb+U`ZQeaS%lh`HOWICP2ZpVmP7WbEnkqd?t{qdw}8ASgAodfm+JY?6<`@u;b
zTWB3($_ABt&h$5p`=~PU3d{yz#+^GxZ`TUL+K3+56cg4AN8LOKatxyvb*ZSj|M{Gh
zINei2ubgV<*pXb~$dA-7m3d_|B4|h{E%UH4w`7=;nK=;kDoc@ct9zD`uSX;cf~*op
zm@8&};@M~Uk_pP8)Dh9`?|*2LI?DVYUJax;+RtA>OjS3#4-&`Akuue8eoI-qo5-Ez
z(eJEeO}q6Y_qsn0!H4jJ5Z?Iyd)+#ODF{zN_?-{k>;9epaIgDc;Q1POelLXQA-osD
zzk_h@=kIm5Ak0Hphw$GZ9Q*LS?*D-2H^K9*i>H`Z+cUzc?S$i=28xJ|ZO;--UI4ai
z;c{iXTpmBO=C0D|%Tjv|7DL=VExdJcb<8{?E~S{lE$+m`C4T8`x!KvAx9cccgN`e&
zEUun5PXklu1G8RUc@t(GpJIu;YTIeSvQ{on8s^wmxxDJ1-m=;b?5!5Qebrm_&j{(l
z!o>=FE|-_q%*E9y^W=)vyfslSUu|raP3?#_XyRx!XnexFbb0B*>}AtjG{+~#5#q!#
z_<cKE2i&^xS9I%+7-sH&s!i^>LA`I=K|fG<)lLnnEVBJk)$KI#++ao@(;lWMuV`<!
z{2kz@LcYjnEU<Q~>25dKZx6NsKKjqraO2CCIcIW$z42o|x@6sI3C8S^Yk1*s!Eakl
zk8KYEj{%QdtJ%QE+J(7>+k~AvI+YpGm#wz%SdH>CBYOFnAT7Gb;*K{B@=8^Jdc#eK
za81y3n`WogvfFqWh;6Pn+=|r*eJ-%=dfdB~!TUXMh!wlniygRCX<zS`O6YOzJS&80
z+W;id%b-XrjqRi<87-R8RJ7ABjs@=t#}h`RhYb}(e5gvLdG>>e8{(}4czD7>`sHi|
zBQfsM2}R0%XZ$L)O@aV#_(`iDl8B430&5Q`^F?yHP7+*`%NeAvE4GJii<ku!nUhGr
z(`wiSrd;9FcOEYA?jA0ZFp$+*9K+Y9<82grwkV-B09`+m+ANiGAEi1~eCQciy@A1U
zR&A?+RFXOEkHDe=UidCl!i=&eJ-EMYnkP7y(HB_U4mmW5R-8zPrKTlLre=;7Gk}y_
zFmf2>ju&1RLPu|jQgr<|e$4LUgnuW=@mA)bZ&5mL!)?Q`%oO5aY@_>EeTbw6B2@wb
z(m~5@FQ)+S0L|q%mrsVWu!fkT=*Tn*ejcW04-N_KnWLc8m9WH(yV`p;?&3A$%~H{t
z83MM4nG@+=K#*NPySHjE6E3FEBEIA(yG8*Z9ykDeR5h+OnVRms8o*TDdbglY;8?MF
z@hQU$DaQ!M%#bAEK=>tYh$L3|nCm4W#a(EQR!}9x!vn6~c0*at^3yRaCS@x|dx2e5
z6;I>0cW@zh6OMa?5H2hr&HGZ;KxEhx=0Nfs<A8rTrh+_hFUt@yG>-SNmmDFQ**T|R
z$~YVeJCT0oHx?c3n_>ue546X7x_S~Nr4dHI2$*4ju^;mbQWz<!&`8Md6qq!UeT!Gn
z4HAC)+zXu5)UiO~p44mvA{%Z!)vN=vlw6#>QpQ`W`JG-KnKury#Dh^D%<)Xx7#4)u
zEo{e>`e6KK+=p30)VfgYC$lyihGKUaT*1V*Zse(0<rJ9h9JyCLIk6!&X9151yNAwZ
z#cmrZ8k8D&Z_B7jQDc~;|N4S@V_%h<(zW&u?Mu@)EaH#&Yq}|bS@__|b(6*fv4a_t
z&_q$3@Zm9Xo6lfIpZTa8Y?o$m$~?j^?VxJZM_x`nVyq>w6Rr9r%t}-1U%FMGZ7U{G
z`fE<!Z4~~6w<g3JuGT0>tt1f_kBJ?D<r&DFqZpAg1f!7dH$3RAeqrV|GyLjcVI(5G
z$`=|32MXaUH?0aI!t0bJvnnY)>Z`<F!z{3Vs_disu#8gdnGVt<D$9(~$Y}zV=Zx3L
zFnKZ}V`eCQ;YVV6@O_73&J@=<FruhsWT_gSOXZOEXEdaQDRLgTXQ1|Hnxh0PoM@SF
zWrB4y%x{#<lL<#w0|AB@RWL^KSfh+(_sq*`VIo<F#M^c*k#HZzAu6Mgxba7x5eQWP
zqXrgnV~Q*zid5r?=z>IQKGHRs#7QZPB2Y&uV|WkU2x6ZjqZ|!+vE1X7hz(B`X*d+~
zf?iIO55Sz@P|XMq!+c;rW&^$XjXY)oeQ+G1QgQF4XD@8Wky82Zg{=pwrhkCy`G=yG
ze;Dfc`%%MBMg2omyU(p|A81p>(x<A(??E;G4u?Qq1pDy&74@*c7tQvJ&FMZ>+i^#(
z*r_T75=Tg{on1grb<y$uQPySOyB_;t_CTr%wiv*}Qo-hvNVc;r291$<$*>veZ`yC|
z-s^t-3-`Le56_3-X=a2!fbe@CyVrd$JTJlXb-#A6dlAAnKsXKICw}{0_cIWF7Q$~q
z_`;{}bx-~0d)-$-7=rMBedb>GFChE^gg^SsVd+Os3LU2<ygRO!lG90^>L{z+9Ym9k
zn4aB1H0j7H*AcL@bhEVE_Hwoe6OB)ZTyvIZA4ya^lt%6yIq?jR9Z=C}2fZ?eE>!D7
zRXh9kh6UimE+wJUM;c)xx}@4C>HRTfy&ABCCSF@DeIaE*hcwk?)jvAhGNND^i7VF(
z2~g?gOIbOv3K<(rIgt2f>G~qzJMm<@02_7Kr(5k?xNlnCfUa{l@vips$FM%VFbq7y
zv_2N+o~X>Q&%`+i)#b&sA?K1hkfOgx2a@-iS`{+A`@)`z0uxboBzX4RJCT-0r0?lf
z23L5CJ`vV#md=l@SP`Bp_B(7R5-9-Y%ckS|>=t%B%ZI)}--CEz6|}qIRCTN66cf!#
z_7e3|0gaA;8;_i5mGq7{NeQHNv1ZLA&o=d~7(+3JS93F`9<kh|67R+sn{Gt0C3@wm
ziN&E<Op498v5d`Daj(2aSG_V2Hr-mMVQbX#Qi-Kw*vS$Ruobtqqscu*mLe<xKej~e
zHKx;QBuY0Dlhla7qwGLdVo|PzfGNZU^hOA?qK|Sw6AVD=Ebpm@q399@Y>$3PpC95v
z-f#en#PH@&^rkXU(>tuG&5x_ujHVMbS<qsH@nlG3%65*SnN*G@@rnZJv~*egcXX@<
z$<x?nqltcq01-`nobHT?^c0s8L;UEB0$-9!6Ph?|M}lSy)9E`qc291KG)CdCb<SMp
zKT9RkY*pw~(Z`is6A{v$Lc7`wEGB8~A&E>$)SOwPRJTZ!K|Hv6b7nCx66-eVR3vp2
za$qGN9|S_Z@yj#CSP|?}awC8T&mk3E9tyf;JcwRsj<;vyo^R7<i@QlWRmld@aRw#8
zMKIIP6(x<jI1N0+qT6n=pS!R_Hg9RxxCeDfI&^EYb!x4U<ObM$YQw2+5JyNbFA^4|
z8xY5?ir4Fkoo%w_jGoMeRlyn?49{@3Dk6s@7Ne2Iw}$gh8!|Qa_usqSE`~pWfbU<$
z<Hhq;{P_v^j^SfG-Ge;-!B{#jx!kb$rHx*v)j}2SnqI|;or4lvf`1QxAzkL$CQ%~6
zTX^CGOaNeU?559%zgDrHwHu>u$3M|<nw{IDx6hn1Pfd-wE&oKtX`bi@3UkY8`#@L$
zv#O0w&6eQGUB)`wpt$Yg2K3R8w%e^h7=y41;Rhew?fx2se+J>B5H3Bm+x<=m%Md&W
ziA_^<|1){TYLyRUYxSnY-U`b;yU>L71T&}XsA%dO^=;$fw(aE=WgKqXUS63-YTL@U
zQTK5!XWNc20<PhzJy(568ba&_Edz|Nz#|^blUN>u^BeLDCgKsE^tCTqjt8AU#lr$+
zj#{czBZXDZNLNQi)|(aqU`vDMq<93>BM0p41U|Z>8qtk6**o~4Q8dzAjO1`wbr4(;
z{v8}=M17l=JL1WcJQ9Eooma@g`-FeRP03kFM!KLvvY<ufWIR!fj!19UR(GOfEMLf+
z^ly~~cG@?!@0YvxA(H0os4Rryb6CCEID{UgV`x%eAXC8{eaP;SKj5j&&j`bLr%xZ~
zBv$%_3ahVYR<~c8gMWzzW>36S(vsN>qzh0B>}Ya!q_SnJoeHN;2i~Z9uNDxlTdmwc
zhg1~Ufi@bf0D2-MNK|_O6Qj93Qmgv5XLEZcAP^#6qr~Pj%~>}7VMmdYcDNo2ZEI+K
z4>w)9=;M({?b)kVF!LiS;&J*<vG*m7+E<T;a-ui`rjQn;_Oq;3*-v-p?^xccXai^<
zNL=7SGRUBJx!<QW>&8%pKH9S>w_Kb!p|35?FO~GliOG{Er_N4}otn@`^^4AJW*!E-
zc-zv^_D<zPkcsIe92hP}u2#y{q86t3D%4I$ZxSgG`=V=ch7?)>drYrdWUyK@Nob_H
zqAtWz>Qhk_wRTP1xtP_8*Pf^4S+e)6veR0Y(yF}xOMlFwZOe6P$K#-LW4B(i`^X;`
z<R4>_e9ma5&D#{mg;8LnwyQyj93E`470e8)R@b8S5M7O*7Se`GLPA#7wAXygZubI&
zuY)iNVf*jyc7GbeJ0W}k!XN#;-R|JG?RNhRp0EG5p7OEr$%tRK!xELns(GbK%?_!V
zM@@isNX<NIvb1C~?|-pcvQ00ggl)w`C0uzKh=|l8QK4XsM|-i9eTmpY*D=^2l(vz<
zizlr%K};rm8mp1tVgOZ!UI3`CGQKbSZI*=Ja2fB5@GnD3l60_>A{1eL{S}#=a<@sh
zMrOgBTcCG0uQV?r%d@b4l;(+1%4#u_;`JOZUP%ly_Ac*B_vxJ1&wU!lcQnvDv#+uT
z@<614={ft{gYU85W83m%&j-8kuaJ_U5$wiTn7pyZqzbZnQX2g0Pn5L>u~c@BJVL7k
zYUI6ewU6l{Np2z)^$>{Z;iyD~Vp)~F4AburCt!{#xQ`*+`<=P{4Wphz1lI$TGlx9&
zTiQ~mj?W~n`xnmzPNjljPrZYd9~+2k&{>^*T*G*T>2UwEGmUm(7onxqwBAeRm{o!h
zFEi_{q&zqMWF$h3>FN@8??f-jeU2H;o7S<>?7pNQXW}ycAU))I-6@r-Cd#ui4`uN0
z7zd1243xi;EkBNON{N~7r4*~<s_kEZ%|0Pn{Kz~Lwit%zxQ-KH-wWgiM&n;%IzY1e
z<+i;gESvf5Kaz!b%|^S0Di&EJ%V@Uw%_@+5YuD|zr@PyL8QzA|LdyuLeBY%vc9JNr
zb5UPvhJVsrBrSRMWkS8?X$IcqSq2k3|M())6Tj3HfS&-S19uS1j9Mh0QgDA~5cr4o
zQ2`-Q_|6Rf^4kN4-cPeGv5Een%YqdWs(boPG*P*UzK@$+&~Dds#)P+A5{IGL&*Ig~
zm(_@uJP~=xyDQ<SN7WOGqow|^pqHUVKLgO$0otBQS4_i<0T5oGQmRqTx)c&^ppesY
zU<MOeJ#R?zIAcb6?2}Fq_H;Ita!%CO5fwig%h{Hm?RYs)+LXA^SC?l{>|Q;@ooA#r
z^0<1if+Y-{JsoF-q*DHx4GSN?<*c9X(KPLwCU(0k5OfH05Pl27*H7+te;=L?!Se?p
z{2GLR2H~R+o|@Y2{s4rV5Z(phbZNKShVVFqDui#EhVmfj5auA<gYe+YZueK<`8j-l
z9NuT)9iE?iy!ZLx#47L>orcw(bK8e^d>E<a6?=MkD6KqlhlhvK$|HAncqpyh`)xk=
zQ!A(bMzr$e--uS8`Ww;8(?`9PuK>k`{WodvE1_@^Pga^0x7~KP#Tyfmxb00-#7j{q
zHK{SXB1+7eaTNP-!y@)O;QbQn1~ILNzH}Zu-eG1HdJI(_0?6e}0RlxS!Uho7DT!E<
z9M7ybEMccaA9$1|XY&-Q6#PrJYDe&k{GS?;>T=lfv(1cE@fxKPqRTOKaEOBO^qmUd
z%TQOL?+~c2FkIX~EmZRTrf>kD>!ngs+XDxoR9g1iv(4IN8}_-%UO${hu*B@zGSZ&a
zJ$7-o+@?f(g2v})&U0R|X8Cxwrh7${cNB*2s(Oa@Mhp<xgeDQ{aM~ZKl`4hgP3(s7
zgQ~~SHx5=IXi))c8et`<I*LB1n$32zUay9ZL?QK}4X5^z{Ft{f?1O@|=k$i7vPQni
z^i-ZIgado#Y9g`KjD820=G^U4=>kVw)mA)q<9xf*M8ynpvx%NQxlch|6p3=;imhK=
zyEuAAC8UdK&x>sQfU@J)&q&t%h}h(X6EE#nDbUA{h%y^|VaK<<p6w02_sNy#s5`rI
zskfI9r&LuZlJCWcV~<^u2PjH?ATX&qCgJ5rQvjMwqyQPu9^{oO;+Z_Q!X)fIR8kwK
z9xYETLZTxNB*k)dDQiNmY6B`{BzX@*l|kValYu2DWC)jvQ0D?lJ|c~K7$;4DB>v)Q
z38S!BqzcDkj8yVWSna4K*4ru2zA}8Y0I+<?$~t|P6&XkL@Jd#G9cz)@=$6Z0iwfy_
z(w1Hde*uTAzGB9Z_~s-MWM74YL+u6U_W95L)7_u<6jQSUe{zS9MjL_CSzI#WM~12A
zjUIzmeb7js=(I6ORO1afobJJVv=EQ5gTP^hc0sNtpnGB8Q&{+tW((e9rZVpBql;CL
z%Px(Pp`>brLPi1-IW<$@IL6wXNSTT>_qG0G4^57A`g0%?L8<MCnAaz!=hVx{yc|-N
z1H|u3<$dL)ld5d^kUsWx8XCmUwOXq_ABI?`99$*A4luh0tRTiq^*A@i9sapwAt@YE
zzC-8$SVh4q7AIe+az953R`kKaL9J=pdoJ&Ge;LC2Abc2tx3t^+NeFi!{3wJ+mUp{1
zAdEm*g7BUdNDtwC5IziHZgsc&b_katxU0R-^iB#<8wc{xj`iXdy<$)H4y&O@?r`t0
z8hYf;_YSL}NA8I4uo`;gPWcY2p-1kZPtnj<!1>UDv}*74lrQ+?<XX}nqjyjG7GV_>
z)~~7dulu!t4NilEl5Vw%fSG|(Fh9&;T9;|Isr~adVR=g7RBCI(`V>(1>s~`qFtPtB
zfF}Trbw!59ihLS$T!P1L!$uF&{&}g)nL<pZE)Gyk?A)ifiX6ajFx0AVIiN`yH04o<
zK@*Whc%6!=1~NDl2@4efiA-5wDdirW3VPzskQ5%&w*8<t?)%xgqsKz-9;~O4b3*=y
z_a$6(+jt4rh|ciM6Zq5YG#V%qM|%Kfh(wnj!kCTV1q|D^-n8wSqCmVn4v%)|>Mtq<
z?{?#*Vrg7lsXH)3tY+2LH@V3`{3r=aTXcP!-S%KnVQ2`_wyU<Yg<jOr90GvH5}dm2
z`5ul5)5|WEVpk#HAG=0?V@eW1=mHA#kW{Fgm>ip$Jb8L-;%rhVhXvC;0#FJQ9x!ub
z)t%sc$X4+(h3dv?%c|O?(zABk1&pr%>fcft!I58goCth4hx1k^=ZO~^&Y<}85qL27
z#y9G>V2!mKAv#zc-`zw~f+HjiqoN2QhYki-i9YdBR?giX#@0zx&e=KGFR9(oTe2Og
zB>TpS05FM_=q2q|>$nG=_|!d=<=;%XL<fxsZAO_)G>2!*K4gF+0%(PaU;bvM9>Q(n
ziQisaPo@=^du7-J3fPCOc|He;y<9xTi8}&OAIWrCs5(15aD+H0lu%%Vn2a&;uFB3@
zZo&B>GtIKvh_UjC`KWY&h;H-9M2^};s~J0LfdBPc+ikVbfT@m#OMYO7M>cut!nmzn
z+upQ*QtAN*gm?_gDjrEtL9CK($KO!UTV7VwQg6s(nN&I%;+|<Xz4|>M!oNNSTG{&o
zPt_mkBnE)Xd%_Uf+bYWINj(mR4Lo>8urDtbJx+3Z(3Ar?&cVM_2Nr#dCR?!7>JIUk
zlsS4(=CTKCC>x!2S!S}mrlhiWG7(+9Ydf%Uf60b7-&vpPTrunPFIY3^<WIFOdi&+v
z_F&nWMjfKgI9cLz+Clg#&HPJoWSUuw8dR14RrYP>oTgo#+3kMgW4qmV!}CKBDi9{&
z{S9-w-M@t2=C$4K4@201@VyW|aecQtaAUXo+wlCt_1<S-Q$n1$3i}wVeP~Buv3g#y
zCt!!v&b<q4860%`SG`H|n%!t8VXDeG;lapYJ*pf<uu|Fm%T`$%B68KeobdBvByt<0
zO(Mm<gq@jI!f7(ZUV794WYCf<siCMBll3DfWPiPO`2vVu{?U30DU|sS&aqxzI8&+h
zf$yV5p$EfWXKb`n^T|HWPmP~GIX-pfbcx+6%k?5@16RbW1Nb|9a+{5vtRgpT*y^D?
z6PZ4|ukQTlj59f*<Nb9bxM}k?+)e{_aD?fOk7={YbD^BJ-fBCW4ql4vp*M^++x5|X
zx_Z-sNk$Sk5?N-I)w0`lyXr&I0=BH?vfJpmdOaR)Yyk@k^s^UG(4f&7x)zvV7}0^g
zRiU}SRa4um4cCJLF$HZ@eI$oj1)^jY7-j6-z|^8?3r-rzbB!6%d&B8IX4K*nBTneE
zJPhdl>CH;GktIvPzx~bdestIZs-7~PLz<N73WpI^6@dBnS%(2~O5Yv=aXKi{)Tab6
z7ggd^h)7L(DF;Z14vq}TL?~?{_mEZeH=h-=S?r!uJvQaUdH9=qX1Dux2$vza5I*4T
zc0UQ>Uqko=gon0vyE72J2EqvlKLg=UA$$nJr?&dpix8{*66{4N`QL!O$bq)=$SLC;
zQag{FF5V%v^T?^<CENK@>TQLFKe(;f<Gz;w-}k;ZLti?>mOPiWcAp#Eq{TIJZ`jk&
zJddq4E>XhT8h>ZlTOW?$an#y4r?GM3od3Wqh5ND+hBlg+mcro$@rk7BW4&B%>r>p-
zM=eJ(&Y1)(`%!IRe@1k|s<i8lR5K5m1%DY`$M3~%6aV&QyNQ1XiWz$~70leX^|q!w
zuye<~T2v}*D)SuX?7h44*jDb>y0V9T<-RN|_hMt&kCkO6Lf!W&oBOc0Jg}*fazL-N
zy3BX5c_`M62VYs5m19^FurpViUZ>S^+kgoV>!pIeVq2cugfiOngI@sOYg2zpDu&;^
z_wje_c3=HnyWQV_=U+njiSOR+eg?wNLijBRx4vh$`{NLN2tNqnAhsEaUB=|tQ;xr}
z+_pWtS+&Kc$a_V|0$$?AzPti~m$<QemkRW=lSJh<SV>tEa39I;b3;E}BDOHBxh<bt
z__9fBY*^1eD>j8jwPC}`BHqHZeB!dS!nGMo%ijhBb&=EbVd0EfBPC|$WqDYo%nw?$
z+RV+VeCUe36Wfb2n$32NF^E#GIHi&(Y4T>%jBNzf9T)t^_Y~B+J<0rIT@u?G?L)5n
zayIIfx#fAn@=|aANV{KeKVub)7Dw9D)2DRj-{B5CHb-(E+#fPnufSvav@8mIn#2Cf
z!l<;;at>CSHaRR9DMAsZux2&ROAd`vHOnJ8_`N66h3VvB5#N=xCPCT~JUIS!yWMxh
zLRWsi^PRih_e1#pckFh58p0riPs97$|Nd_G*WvdE-_F8YzH_%*KQ*O6D3ul#FD@)D
zti6T3EtW5tK}<gjc|?ps3;E;(2Dt)!i&XGv&4E<#KLGP+r^Eh-n9AUz-k`=2!_%u4
zN)|V)t-y55E9FttLhRbG8!fx-Aw*nP_u*+_N2VcenRpkGX5vw*_<0-tqvJ>@%4}FW
zZU-X9P_^s?Y`hvau|Ow0AAlP_K^kZ4;zsWvwn+0q+;ddi&`dVq9{gZtNbu|G@&)q=
zQ#)~-odjcj`ZmmNUYuRiD?56me5TQi=d(_;1%w5&lm_(U@Q<P47=M{}^``6VcFpni
z(NP`R(AKLPRulVk+i5gVC|h&9s@1MRHFOsXv(y3*91lxq+W{Cwd|zDB=bk9fy{SAu
zy0EA(uPm)CUATHtzf@kFTbeKH$4?9l0FM6Z55r#Pf7|Weh47OQ9)$4d`*yn<5Plba
z|9f~&!t;NJXR%XkRf=s-D^~fB-eU^$g`YTJ7Up}F1{af0n3#qUb@PhVGBpzr%v5|-
zrRQ`=E0s*MRgqm1Mxz*St{r>S)30^TT&ExL1lpq>id6aI{G;BCChZToK^zhkKx7kf
zViSg@fhK`=)#`Y*>C{kq;&>=RF&p-})gbu~MI$rU*4mF~4<q#`(iOD8CD-eYdCT6>
zs;w416Ydwa_^w!kWGG&!U?U4c_Ne6%$MecUX}sd1<k<O#CVOqgyf6hvbo|kP4SMhV
z&+&!@XDH&GpQC8d2wz*a{0&_r<gdG(W(_8aj<%O*W!h>X?&x#!D>8q&hU=<U+i7aB
zDrybaZE3Jv@Dl}%lp-`38Fv%iMc>xkExX-@p#Us$wlEa{P}4M=Fq-s-=OZi72EFRm
z@EfXlY&h#1jUC;-4OGd&drPcFQNP#$=HAx1nwFTLZQHs92_4TzFtLoHe$}&e%V*Qs
z-EQh_$GcV3-{N+VNb0bZjY4yQXtXR359#zFxuQ`H$F$u<qEs8g!<nJcQJMshcc`dc
zv6?lcGdoxos*K%a=AbwAO@~Sx(Oa-i0~B7%t~&J{{U(gUO&uuHO(0Y^i-6|0ng|)o
zr{6TjZuZQh0#f5ZY8C5QyJ6B0ntaT1&<Sc2TVipVA&Jml1!MA65FUW=5FaCaJ_zB}
z5MB#mfQPT<@vq_O9*~|nYPTB}D%6-Qz(%b5;Tqs(alxB++OT{;|H3r8iE%dx|JWg!
z#mFz_8PO|1-2q=Lpwc``QH%XO`4_w0&A;63{vJGE4bOML^F?^R=JUJV5qQqP^P>>=
z55BnD{l{MnpC5tngAhIl;om^G0pT|xd=kQEq~~WLe8ZQ3enWT=!tcJ}h3=gGLhuy7
zH~4dr$Nd-Mh3?-UdZGKKV=r`n1j6x0U+DfZygyZVq5G%s{%_&=JrMVo-}6Fu@E^X=
zEkIa-@Vy^+q5C|9_d@u05Kf%Xr}zIi5cC(6H@g47fdiN3Ou}>+pSoi0RO}0`>jQ<f
zS|qMHZJuTvrB_~FTs>uupSmO%0U_0?EU$X|6U4E3@mlFAem@Y4d!6;A?iX%;soQ$5
zrY%Fp_r6Ed9)sUicz*RwP5XZz`$G3yp8xCadp`L2?&E*`SKY6LG~exixm$tnGm!2*
z@O0mcBk|71OslzLZrZ+u#N5=X7A!0^6A7v2G#d{3bmOP+HDIXGdWmj`(@eK%yLI$x
z0V}n+4J4A!a=f-ZD5lkLe7rIe7H&?Dn5Z3yd#Mz+QimuSIpW)4<5R}<l&_ek_!7ce
z?649!KX=|3n<*IM!&)?&T@Zjgs~P>EEK-pU2!tx7@ZO;S0y50Ii>?oA1TYkcf#xc9
zgf`C_j6Pcyc!`=B?*(9q{I;pp0>L2LL28201Fn6oys|iZ*(|?#d1+-W(reiy5zzaD
z#D_mj!=sH7I{<7qkp8OKKovyqe9i5!J*?BLBlC=OGBe#X9mn>~MQaffDod<4T+8oW
zphzZ{SG3ET>_r8*Yn_dC*!Dy}LO#BCyGy4F$f9}Z^+7k9{FVffAo_`KEVU;AtoqJX
zV7E99@`$yIJYo^`rU{>=wCGJ<N{O#hI)}DBUbSlat_j<jbr)xrU4z{KPMo6MtO4AP
zkLn^-7nr6QeGD4;s3#9H)b2Ldm)RAK=WBMgfjC}x)EhoNq5~6*7zle6t!euV2`1R%
zM2J(Gzu~lNbc(qXB1*6C$mi8<)I<eVT%AIoTC34ncbYN?;U|Ix{>MeOcM7v2NU>Jm
z1}4Jg57@l{?|WPGwjJofEvF&N86I)!O+W};nly8lug;g}QO4S^4fEpC%2Tr|^CoWm
z<b03`XkP#MoMyGrsoDCV!JspWMg&ZwxG_j*xbW0luIjC}wZ3VUko$yvh+GaJfKz8y
zw0(kL1RW9BEkz|S`TGPDM9S``V^o=wy+cEsuTO$r$<--|>NVOwkryV|aw9jr35%PF
zs@u~#?wHNhg}0U&pSNuz`;J?d4Yx_U-N57XognIPSJ{<^o?Zp!688U`H;47#Zn7N%
z>n7UlkP8Bs`Z{ZCz>sqgES9wifK=(?L{ixTP87EJ+C^wocr-*U(5f3&`;6&p07TVp
z(GwDH!5TupNM=%XO>5g?KiEkH{@Nkh!!^P@Ml?@Nnf`OyU42v^hloxP)47ZC8Eezi
zkjPbi8HeVVOmW)%6qIz)ZEsrsWygojqQO!pG))Xvn4zcSTb^B6h0Y%|TDR7VSG@Hi
zlhO?irx?v0aP_O@m4(^MH2z5tazX&LGkR|n(yJ3K&6MAUe}@fB*zSV>h|ifS`B7n-
zkTt|*y<xT2$r%Uii8rm=CKC`Or1wCXkT9)2wQwo^=}`sgr~uta6cG~6WHH(tY-ROO
zb{AZBT(=r9v2o_Z9NltI0@rkPyWNIFVljkSTI|7ALFu7n5IHN7BF47}q?$?c5H5d0
zzgu>jRgg2sWykZEt+t2!L<6RB943;DW~fLgHZEDIC$Zy#9OZDQu4Uvp{Uj5gWR*N|
zDpK+auwOvKY!h3RnQvT~FEh(nEDI6Yvc{I6n!RN=65S{>IxJlx$=j?gE1rh^{n=yL
zatYf<(IE^vAj(Ax;%X>%sCUq~2e(=+-E%vzCX5Ct`8wliTO@!emCP#vyKA*tfchHW
zA;P#!v?}A{bFJ1z4jYVGF($EiAol!$b06!*!`NK-d+7Yfx?hCnKUIX+&V|1xAl>UA
ze7^ay?!V&U$E4>^OTQm>Ki2)b5XwB5((@_l_XdPb2!H-hKGwCr|6|>6fM7s)5W*IO
z?}2a<!lxnp%<{)6{G#;yr1blDAbjFGKHmM(3JXuKhR?S2+lBD>)sJ^y%fr`7&(qTH
zB7{i@A8E7j^V0LC7yiBuzkdnBZJz~SdcH&Y{pWw{#qOQ2f3bT4!YTy!e|oX|L-72z
z*TZjk{scV#9OAz1Z@<|6=U)>(#qU4)diMKiNcUk#_YXTPeA`y|9G89<AdEs-`ra42
zfAD=Tc8^0?hw#6``y2n!i`^fC@Gs!~Q}BE}JWKCp;itbpe11y${huKG4un7ZmoIi7
z{NRh-zk=t`2czM25Hv3Tdo`Es$uf?IxUBE1V=};pxa{Kro<}^p-R>LCe7mN-VNpSo
z#-}7E%5@v#Q)Q&>b8e$SGpVc%yy2U_>otQ9ePl*E{*AAF;Oidz<_GnM3J;7u_>q}c
z!|Oxej0yfINbum-J@CyB=nq1I2QY!g6a4XO244@UrEjmoZ^ystBQp<Dg8%xO!EcNv
zz|8P^91GSz^P0kceT@S83G>qBr3<jrHy6$EiOJdZ^|rkZOKiLm`1jm<K4L$>pTG9n
z4`BCdzsCc{f8Ylm(0+9BOWmj8S%QvR{p1(BPs4K^!W@Jp2p)uIA-wBBMi*Yi>BFnF
z==*E=^KbE|knFuK_WYVyev$91`15y`f2kV}@BfbQ_YD00dl3Fj^_RLIg7ASV`~7<m
zewDvt(6s;fj(`8&U+TugpGd#|0K)SSPXEv^buT~|{~`9<gm9I=V<@kzEUj>AUlb!z
zoF_2{NfZ;`E~3Oj{b>QYYW1h98Q<X3<V1S5v~Nr*q5ek4XDOdxVyM5c*z%j#%8T>m
zvbMCmwy?BlF3w&Fem^;T`D$5PSX{okX0E+u8RD<51-}=rkbJ5<zkq31wWYNu%E_)R
zH#?hLxT^d{K%^!RJFgWyQB6xlvX}Iajns_%C^G%Czu~49yo3VMw2!NHd&{Y&mJCB_
zTS2#|_=!+fgM7p#aY8(A`Bug9fXg18nXT0db`!bN8aqM{^Po$CXYFAPl^`M-1Hhdx
zx`AU@iqhuj*ni#j$>_NRT(e+WFfNi7RbrU97<194z-{g5Z}Z$HX;@$;i*1O}`v4xQ
z)ay2>10X=aXz#!d`!?*%2aU18a{~h!9-Jc!6vjB4#0s}yMmkj<D<V-29gE^`EvtG9
zodz0XR4U?4O)nZ_`f~%CF(zCJ8sqSy%Nu%#L7<H>O}|Fp?hb@Wu!M0|0%`^VH;>M6
z;cW!}!+fyo34R;n@DstI7$|4cYMsZl#`p|G7~{r-ZcL&k&=gcA`gI!X4m%L~LDQep
zi^U>Zp+Gj0!|Mo!#$qv&oJR=I;0c9HK$*tab<Ja#r;DbyTUAI|Fs6#e#4z6)d3wP(
zSu`e5M2m>1LzM$q5ESlqe3KlR;iyPD9Cd!CV%9hcn)-D3RbT@o(l2zJ2JK&TD8bUB
zOEi<YbUfROd=hwF)aj6Q6Hjwd(ra6Ih>wmS^=)fM;3OT(G8Kv@cM#WU*6em;hdj`U
zvb4<(Y=I(ha;_QuDg-(%T<@h~bH$CCjuIH=b`BxlAf&fQp`e0o!^3TDp$Rj>sp$fN
z+n7~PM5}8=hnBSOBe4c-3}73KTJUsiu9rn#JeXXkT{quk!@d>vH&z2XBB()B$);UM
z1ju~>_0pg=Sb_~v!>ZaFZUZ`sZ)l3kmuKh7Pb^)YFRyS~e}x@ClgzxR6>FW%%^hu-
zPcFhx2ai!*z2O285UELMP|_7*ts*OEmMh&bADfOB6lFD_eYG7SP{R%{YUSHi+pc-~
z73;RM379VGpSN57M%Z3PA!;`6kbn?kAvODUI5b2plAl)~#tO7URBBJ$SxQmEwbO=v
z7x9Fb74pbp<6w}0LBa*EYLTvk(~K5{5<k>LfoWSoZ-=6smg|v22*hK19nWpFnA$k&
zL`IEljx;uTn+T~GYe-5~c8*6)7d|Vnkcyowr)TXVN7HSNCTb7X>O8Fs6SH}Pw3cNH
zazzlI<{wXiBgjc{j+%nBd#R{QE_gPXZVAbTQ7Z(MEPV2?!v_~JcfH|OU}Ac(AlgJk
zS;yn?O_3i}>TlFlAIz%TY5GK__&PN@Lmvvxutr=4gMctJQvLr=-dli2b#)D+2PjTk
z3KR;oWe5ZkNQMX+NFYQY5E2?eiVTy?BpEW92_q5QU5dLFmlldU#a%*zyL-^$oV(WE
z`^Zct()WA6|G)RS^JHb8?QUx?k@vfqPA)RBy;Vj=AW6DRsHhr+YGTdF)(i=_Q~D@U
zATAQN<^-(;W)!hYjY=i%;>u3Nm{4yaS4c}99zrCUwR)6sLdvUG$7uD6Q2&-ep(=W)
z^bb{1?gMu}B7_9%Z8z+EeDHv&Y8Mn4>E9|y(YLRnU=dnHgh#h8c<`XG=yo}eocJm&
zJms=e4~}`Yfrx=&BxPdT7!(qzm@vy(M=)V8g#3(Bp9nHnYyt{r6P$^HOeld0NFK#*
z%1E0C3LZ_RZxXckl>$j;q?XXO$S{ny!Gff7kmyR1B?5AUbmIuN6km0rKnzud^NKt-
zh^uHGr3p$)hJ{*Zcb3dEN-LAmnk?HVbCzB~kCIBRi(cJ39Zo>FCU>LcSy=iQfecE=
zs({p>tf^^{Au664i7MaxBAbLgL+Vx`5m_U`T##B`nn2=YWci!r9b^`tq|{=fZnPBg
zg;|!1#Yh%lz0M*?50aM~*A=yiwv-qQH(#?-Aye{@PD$Aa?J7O$s%=vx>Lr9VPa!(f
zhcsO9Pztcg%r<e-fl7`&m`TT3Hu{7fmOrM64Jd_{w*;<K8iKJ$%@+7LrjE6+6`hSd
zfpbYZz)77JlP-)l`r0PE<q^Ctqj(`SmW1HazMSMVDV(s(lpGN2?2;U##1veWgiMp{
z`t+pCP{l&4naD{OQjO6<ZFEMHtk`r(%qK@NOCe#pRftvgRfGn$@(<{&iU|58IwT?}
zFpr$cWMV_be$M5aufPgRZko6P_$mT}LPOexMCF+$UEo-wvuRe)Dhrd1Q5=am=ikOi
zj6+r$v7KzrcmiFda1M7AL0aV51Xk<e=3%DuSZlDEiQ>3pZ?7-|=zi@mSGseEOnAAR
zLvstABiq~pwzFB}>;miT>x(5OQUi08MT}$Xrx3b>#iVn|Q9LrSq$y&bll@9+6SuuT
z62Rw^byAL+itz<6DMl2bx;H_Gk{+fTyRbr|o*1&uV;57wi*(swrz$(Lf>0Rzs)*>Y
zsE~F+!lK0pDA@HIRj@#8Gg)Wx3>IT#$&e0=rSFNlSd|zaMM{#zDTfcf9?^S7TP?XL
zC8?8Tb!Mk|NuFfh;Rpd%JxbRFi+MVsnlOnC#!?89+K44Ynu=A@1Mxr>u|e4>xTl%y
z8-jd2*_uzN58M=1W}2B9r%Tgn8rH|`&BC{^DUge{)}&%vidlx-vZDZW_ltz~f??KM
zD^P&C)Pi$13`|!p+JH3Av1ACTb$VPqQWJ1HFta$)nMQs<kgkv@V~11=dp@9jd-=iC
zM}eg5>LgvPGG1$Oah0P>0>qmZdp5_DqM)t^RtQ!vmF%Pn3FLjU&8Ji$VNu>*KKYd$
zLN%<PZ>Z>kB^E8Dh6fD9N#ZHdjHICgqJ$j3@pQ!%{IFk;Q$9x+i7=$Q9~po27Ukl~
zRW}kU%jz-;OHw>Vty<(9<nD(^2I|JX-TmMUsne&^QmaIiflh0NglNE=HOrrfj-gou
zNk3+|hQ}ER1+B<T0v8Rf33iSS(oq7*)lJ59ExR9B4Qvg?F)UE$MTfNw3-1_4t}qmH
zqjEN@oHd*kCC4^{CO2BtdX>@w`RH-@wbELeAz^Bi5q4RmAgt+8ub!f&CqXgN@n6%k
zX(=w4@p8yfO3WYeYS{bG-PIAXEGj&3am{gyVthYJ&PjfE#j7jX$u%%9AYq+Bqr(*F
zT7oa+?!5#iYI>8#1VpMVp;Xe13l<8aNf)m}0#U1h5KJcHv${qlEE{y=kWEa~_$4jG
za(qav(PX0XeUk|ZhQdm(U<ukBs5Oj9-upEI1`>}UPz+PLvQ)Hz#b>!ddzC_>4opmK
z!5*>rC=^^%1=Nili5OWK*4C_r3p8U?kWrgCaZYZybj2nJaVY+q9(BPN&QDQB1tVlb
zM83!kqSk1r9AGUn5ke7JR3*(HhLcgBLJ|Hsa}i2Lgpd)TIY~z7PtrLU#;jGFkQSV6
z1$gPelRQb(O16DP0JMP)k9xE{rBP5@S=&XY)GFN+PEZzC1tsG%StRB=SjOcU+KdL<
zdjYGAfKHS(Xiitwp1Jr47*j{yE{F<-0R;Vx`vyUW5VVn6!5$!7Wl2QKN2D-|Ak`!p
zjukgQwtuq8tzsQwQV||j;n_x@_mJ-AbTZhTqUmJ^#<3L!T#8mNbT-T$3-ZOnU_{1S
zJou8=6R0P0Lh5x$n5eL%>S9SNBf5f43pfwKi9ti#GL<<~jxQ*Bf?7lAsUT-ZOHQ;O
z-PLeea^M9`1VuH*8<4S!-RPl&^zz_r7VmRrdVXT}HnI)jc`25B*^E~aQ=sIiuhi_h
z-aQmv9$xiHf-%~3qd}w0aS4)V?5pSy64bG8KzKx8-^i$lkg!&L@m+?!R^&i93U5OS
zWM<Q=li7)qjVyOzWU;_rB(S%LFUApqPfBc}(u9-X?xKUqtst99PGqW>B_pmgv*WW<
zO)n>fOHFTAA$gKAd5baGVpJh=o<+zbPupsm>>5L?UjgIi*G#x7F=E{|k>O!%O2r8k
zb~ZzW@jns!%=Ql-DJaZEbvk>A!G(w9S-VSZG8hmkLLIu*hS5ZF;UGDZDGbhhGK7UH
z4(?hOv#41tk4VmDT9+<%_*-9!m|}w%3oGKMw1@*{$S?tIgf$`QNLUt5cJ`O9spNQy
z7elgD**)?)*}Yas3D}^@YkCym$pQKmF9cQ#)|d7kk*bX|$*HEN6T51V7I8LHG^s#X
zO&q}i+;wr}CZ&rv7)@Ftgqw5`rKdA8jFeVP36@;AP$*m=n%a==s#Lgy&;)StWZMv~
z1aOAYsm;<(3F~sajIx_e27GK&!xAIAI1-estNfaj|17l&o9n#GBT*$MVeq8Vn8~(}
zIz@4p#LAhhdekeBq*WW}5ymb&HiKCgqX$njQxl*wG5j96v%nomV}hk0{B#yPTHuKS
zIu87ugfm?XzPjp=4j2bGY<nDy+!H;SlaugFASakNN^csnLk?28!?tB1yOxqxT^e~p
zs2EZTk`^Ap^jb<lNi`kdfMTgrgf+!GkfiMJj%0Z>E5zF&J#evM>E%Rg;#AYysld@C
z{H?HN{zu8g;PR%Fj)rQRt2s+XBphbgUQ9=ACT|pWuW&Xgu@poHgM>9;!;Ut9cmR-%
zc37u!Jn`Y|#(=^xiJTV54FtO$J0nJh#U?Fc`x0891f<O?=Og2PPy+c`54Vs=YkWLm
z%Mdz`t$MgjF&q$?KN>3O0jF94&_RqkC63~d$O%P5kLTpBKo@i}u>^q>tWyxv&bX2-
z;@OQH)7UY`wgW|kmB`5~)?OAzAj<K!8%&IB1B)fKr-Qd;LffJ?lOo9$EjFp8z;rmO
z>E$X;hE~EMEf5Ph49<uZNM0Uv#}t=D%tw5KmZhlhmydV4xiB;pofYKW4sHqdZw|Pf
zz;PG_0l?{!(Yg>0BCK9uP(Y}Egg?GjDyRYo6H)kSNVh34t31t?jX$L#9D}FoP)S6r
zaPJ{}m_)b$qTz)&*pFln5Z6W7{-QS1J6%W|9WUhcLRvuMMz;Ri>_{Nn#@I7f)7pa4
zM3SC-AtaYL19BdyQ`9;=@}0^vg-m1<OkP)Ma0r)A`<`c2DnNAcfhzZ7tUPWFP9R$#
z3oN+@I3ccpJQ+EWV}KKmX1qFE<f+8vJiito?*bfp*sMuXn-U$h0(M?>Scjm9kl>J@
zKq~VE@8oK;6w<})Di(%3kgBn338GbNu%O;cT!=aQLnK+?nV<>-U9@Z`bY2k{wLo4$
zWZOYr!RQuC!-eRH)D#87{^FGTx9DED@rAPkt_)X1U%llX!crw2nn>R|Li{+1F`XP>
zIb1l`|4Vod7c%Q9{#vOBGMLGGR)QdEgyIWjbCzulY#WeJQEW#cg{JOoM-i&cHck2N
z&xk$bi#r~}*!Xc0Db+BN__8JJCgLJR3uLJ+=Y<r|EJz(=Owz^5PLksBMF=Ck=?ET*
z2s;-MJtrIyNn;QUzkrm(tN>p?puYric>#Yy(G$W+fGh@txY*|Q;ihmVW55~KQ5>tz
z!d^_SVL}WkV?svcMln+VCMH|*$gYMjE@If+!_haH+yY8SPZBtWQKsb*+6i|8C+ut|
z@^<7@kVtk};9}rT+EydQaAMD7f>lXRFvz9^H%U>z3Zt9BR#OW%4Ypv|=Gn_?#GV&k
z5pivxpGKSMD-9#Wa^eO^H#mz<dZKnCivy!D*6R{+B*UKAN70PV8NzZGM>r(?6#bmU
zl;R}vDIKoVj?z)a8I4pZIW#LQ*o1|Uz9c0x)GjNqL@|U^mm;E#&~jQ0IGu9HmnjH;
z$G;7qliQ?`bWLwbAJ;sY)RPc#`80WXid-nvFBq@!0&C#^puGRv^|kp81ZV-E04R$N
zl;NciSB{xQY)md!vy`3vt6ahrB3Tv7GcEZK-AZzEhZo`=z~_80?}7OcU><y<jKQJs
zeZPo<e)MW=gI1=!q(T`K?bRkn?4DlUk%Zq6*(5{o{V9}DcRLE(SmZPigZtxQC)Ws#
z<jfZ;wuMAeBy9fS8KpC$wsR2P(?dv7>&V;N+aZUDDo{E=I*Qc@@49waD;2s4xLcB#
zqvAKQkCk5x&n6DK%Tc)cw!P#iNTVE`;~-RhZ>hytyGs26jhJtX*SF<eaTLT$&imph
zfVU0njKf@Pd2bvA@szRdI4p&HC^-tyIA=>Z>QhgLW5`j04ec4092Q%~@#H8w57Kyc
z<H%vTXd@ONq=zFktfPSS#R}vf*xMt=46$h^N9lX9v6Fx5o=qIgK}X>l6eKMNj0X-U
zkZm}!rsU0hC33qU7nVQ^L5{#OJ`3_Nj*<ZB^&*J!WaVUT@$o^HEmw(Oz?_~GW7LzI
zgb&3v*~(KCGFP}*MLHH&q&k75RZPT++DtCO_(F*Bh2t-|tC{7AK)gsPKYGf~`9vY!
z@mSg9NI$#a(ltWH#3ALz$VxdyKXMNAk@z-b+$25@6h3%1&e?Ph2XiD+vuO(!xIwPH
z;&2?>GA-p<igsF4yyJA!RHyk70D?ISpm2}Vd^LdM@ZAK=^<XZJJI$|)lT6_|E}ok1
z@ziZ+V&0(CpXMt7IO3D0bV_W|b-3Et1_@RZS%~D|_X9gdp;>}`qv>$!&{PBsDmZO)
zW;#|Wjgw=>DL09oiCkE<sRF`9bdM%-DhV|lGK9(Q$Z)sI!SyMw{FE0*oU4?<$Wh7d
zpWlfHHSt|tpw~gs-N=$;TU?m5j15*r$#RJ^+=%o#p&sOpu1DG)g&l{O!=OnlABpna
zCcIw4NRiNtQOZH+FeA%Pc;ln13%TG4VWLE26D6&%%0%c=T#pSEGEy1H?X*Zl8MYM9
zWWyhzbR0xZ-Kpg4-zB6QEBLVo2@8sxu}Fm8l8;b7Tf%+YZgCUdk8~D-EYKkpvBnxJ
zPe*+7XEIsjSxEw07@a9uGFda`NRwbj=<`G_r4xI=jd9tqG)!959;lJpnIp~`Eu11_
zsle*o>!Gs^Xtm@lwpt8<xu>d420|k%qqlGvLU>{ju%B9uJSSunFr*80QsyYK;~L6s
zdDMyy5s~Q6me^8gC3^Sf?7M-b8Ygc{yNqes;&N+kJ8wbMmklD#X8788$QC2{yF3dn
z!@&^*i9#V%N5-ZsXq%?A=!l;Xcu5G$H9i8+0hJ=4BN=rz(;zBR4$2c%OQReyp9)I*
zC(cS)S;Hu<Sr%6(u{_Aa)sn5WzP<`3znMs8Z-s|&!4t_eX^-kqt~JdNMQal`B%zc#
zIR_D_9ThGoFAH0b1adnn>PaW=A_6l!eVnq3gcw|b9FUMj_$chwxgNGm7(FN!i)|Q`
z_ni(5G7#O^QX3o+6pE7Tf+B;$0)kYGbkja*acCDXRYLhmiEte!m<tz00h5miY9Hhu
z6%?qVr6<DYL&93+mYE$pOaU`N37SZ~8WKoe+j2|Xo&}|Vsk8BsZ`ld|5ycA@Fl8j-
zL6L;*{G-G~h3!KYoUS8?NS7@}sK-?=+sp|an?1H&^2SujqqeY8Irg<(hQ$E%_l4=P
z_`=}C$}{|oRcH8L0Ac}(0jvSY07wIP4p0|h(&{t(tTku&3IHttc7gpcnC}1#08W3L
z;h%xq2{2dud4_Kc&<)@v*iVD`55Q1>%4^T?RlyXnU%Str=JNvY3#WMnK*@`z`PBe7
z0W<(@FP-KG0#v+2{WgL*6U+~{PV?t)pXQ$dqyRL(bDHl4Q05Nx>jUOOa4-7gG~XYf
z9zb;l_&xRs^_vFJ6X3zqykXiiNFSg__G#XjEtvxWJ^@sIewsfErYo3p!Tk8*H1G0K
zGKT<c1n9`zUVk{v&-i$nHvtR*s12|N;J`=f=LhCv0GH2s!v=sM0A-4t;d=lGX49|E
z@D_k#Us1QI09)bv+JH0s&jX=9!TbVnAHaK{Eo=d|Zp{2@pwx%?;bRlF!kF0x>4I4n
z%u!%=1G6uH6Tl3BRp53H%ym0pya99sSh)QRe;v$kcb?&gf!PeqGvHPSpzf|S{Bf{9
z2ABX43U(tv8Gs1@e}NlYD?Hu(V8e+JwTMtERD4Qzc=i`HaL6@3vZzFk8+r7Dqo<Wf
z@`QCEGF6=%%mhd)T-a+UUaDP%eI3b@U@?rb5qlsdt1!m&gfE4Q_zWr0#X%}I%$oFK
z4mUFT1Q)AUo6Yo5lb*4gN_1D^JDp5`496<vm3yN^QgOrusbRE%T)Q!tR@AMbPcY}6
zxZ~EdP1TfF0=bmVHigz|GZn&235>)uFD&b^33kuqGze)yx=A*r*C>K;6Pndbp00%R
z6TPCiKt*jOrFZe@rl_UxNb|Ik@_OJu7gK(rXbB=w47*qsA+OxZVt-vCikxVbBgp0u
zsy16t{fRnG>yIj6BeaC9kvL;}anQa*z7#Yl`yee&lNEhz9sD&KF({E~#UjIpZDi_W
z>p&yZpwVIm(K+&t&XIYvn7b4@TFfOnM**U9lptCxf)tv_^1?v$Ll$53v2}phVo)k1
z48yQ5S#-(I&IJ;XLZdhl3`0y=Y{A{e4l#vrOhCE#6`>_Um10SvL?XH9MYQ2W%A*L0
z=H_CPn5~zPm|YT3GWLZSR5-WFV~QANc|;Njq6vW+l8I|arR)n<h~Y0V6$x%^5DQjW
zPIigdJ41HDr)*AuYmO|OgcQ`NV(;U$a^iCF5ad?~n}x)^hpR4^it^j#?1V%|ffE)z
zM-C1gIY|^e+=P65g5u(EMNHAsMh`%2jSDFO$&#=+aFClIID#yA(z3#+Fa%yu#6F`~
z+Hg~-(U@pWZl_MB-4zH8ZPAKW_-Ls`8Sn5BWYC~Nma7OY(fvSZQp{$uy%BP3ICcsv
za3ovE5Y^3EN_M5gA~PE@`?)v_k?W-ouRX}gCnk|sV8X=cN(kafSRyeQpScxLSYDe}
zhiT9(%1`0nK7?!?cp#@c2a)aqdoPMzqBjPTmWx0lVTQ!m^*n|WCQE9?2pWr{d?<u2
z%G*n2aTPaYu?7yu6PYOLWW*;U*|(gvMXoIYQuT9*gD(|Qjv>n;;e;g3=&5MdOhFY{
zAnT!$exfKgmEIWd#lgnn?uU4I71i~ms4EXmFOH%&)BmJ!hn+}#(xhcTHmo{+E|46_
z7P*S4juG+{6Kh1FU?>Pqe*Upi25r2d`;<~B=wlZZ=<K7&siaCe82I>bB)l}Ye2CC&
zI^u;C&;@db$|U9LVlzhwVWuuV!6LD_k|P`I6dxjUI!K_@X6XsJvQmVEk=v|_4M5Ij
zAaXV=xSTDkEoaM8D_R4?qg#eb2?d9S`$vhkmf_){oP1`87Rs2Ev&J&s0*y{1J0D3S
zJGYAZ(<wlk5|2T42ODy(vEo547ayWv%H3$S)YIz>)-?CD#tl^s>$@A1E%jn_hI)?9
z<*F2&33F8moJ_JKyIoM^s-+8DLXJ^~i=WMK<Ah}nMwO3`?Jh)@KRO6(50RxfS-T)3
zozx~^6Ou$SKnqEiBw_C?QP7GsZA#AS=uB<%`#1D2Xh%hrV%!RUw7S{b()`5nP~U^@
z8GJ*J41P(y3_cs6Hb6hH9|5QU&<pHw-WhxuFsB2A0?Y>Y`^pUdD17e)vkTZawannp
z0lZ{TE<kcS3E$5Eh6iTw%fRIQseipd>W|?@fISZESiW8kC}i-*#MBn>#%777OBeXy
zl?^vUVpm(!R60!>EL-+Ysu<khsCd96mBDC$l@k^`A()vHFlS_06_!85Ynn80WMY^#
z!9$Q#phS5@NQNpd>`b?%k56J$N{|{Q=EJ^MpwOY<$tCNE^pxtpil|s396p$-n}Q%=
zMuV2i{xyS71DFSJ6<|3)P!|eg*!OlYvtl#&n;HlQup3}T0);p&HH&~b9w0p~ga00&
zA;2N9&jxcFKqr7J0QbOcyDozt+B1WH52hcOy^IvfCsOkSxJ`!dIDH0R7@!8g2C$C=
zb1^^=z&?Pp;C9lK!LKoA@PPmc058FQ49t4~;{d8!U~Gc9&6>gQu}Y@!eMaVX6QD#|
z246o-GKKHS%-jgjJuQQmk2Sf>^q&`G@K%5@fGz;_00sk007w9s1JD9s$&w8I`Qi-z
z^J2*~E}>9{nN^rMXeo^OrIJ}>8HEY#dm1x4gQ;37nU@*FGqW!<VOeRbO_$afBJv~W
z%A(*<7aElUM>be9<+~R`u&AhzkftYHB!p9-;4BkpZ0jn>E0(!NI}RM}IJ6|8IOiIg
zvphKi*k<O?UzTf5|LFV@h|VvCd}<&UFYPdZOvbcBf9X=?(A#F`vf0`q9oAmvWnXW>
z%Tbl(e!0bSR8_&xK`jNZoDC@WIO=`DPihvK(pMja?L|oD#pd|vJsEt&-x>TufaUPr
zd@rnf0MEgWeplf;8_XO;5{+`FpAZS!M8b)D<-Lp4d=5x1^4;%|q{jYDO}KzEF*%O5
zO&M8+k0Q#XqZCU-h%+PB7VfN+=|d*KnLbWhj6V2UO(=R4qO2(y{!=dCz?KF81!0J!
z{;{x!I*{+D<RT>*r6$64i|kiStbt4-g9)~7vjulyNcDgBWGUTQL`8vc#w2$GJPRPh
zmkQMdVw*c42V`x83W;Q7)c=}(yRneBw};KWwY?xl%b)28577lV(w8Dc_p*)N(S)S?
z`9<>fj!+vk#w41DO#(u;dFJW)ucPE!%bx#9E%T0)Z=U-9B+tAf<(p^Hf0Ae3k@C$m
z?mx*h?@0OPsrgUx%sW!PdB*%FdFCBS%Co(NBIoG_R-kF(Z68<2Gt!)Ark)MkvA3E6
zO)XFRY}gX@KPw}u+7&m*AYAI+Wy8Jkc?RDTU^2kZ0N=gH;2Q(%gzp$ITY~xiSq8uI
zWd`pJ@GHPQaL)kqEx=%aYOgZ*(qPsiTU2!vZsl-ulP%Q7WTFDqVkD1Bd2Ev69+-q=
zoDx+HiV(2b`pgQ>g@zG#y&UShWY{ei%D~CZ3Ovh?3qH$t4LZv&0k{kH{@u><PTkM)
zXTW>{FcZKR?41CL1DF9efLq!4v-}l+sQ_C5Y9>(NnCZ>jE&*K7o#hh%#sTnP{{m+9
zo@e>>V73C&2~4h}BWhcZC~caBDvtAP)KYEMqFtsGEYBDX1^%FX(j_B>9Mzcm=6qs!
zc?PS^mIB4HJ5|x?R-k&=#;l(sH#V}#uHEuDwCzdgrxR!SwE!EzUh33YekDL1a8Epa
zmS2~3mLFO^lb>86lV1bob});7PvJKEJ_qi?_{sg4)KB4XfFlPRqg27sO%-<}V__Lv
zC{l33fc0Tk#zZXAlyh?B9#rxRi(%%JN@X*P$!Z`kBYt2LWz2Q(j|d5iQi%58kWN8?
z-d=VN4eLt|f-FDLfubWNI~CN;b!23P0t+41&z;r}itQ4n@KwkJDH5_@@tA3bPNmc?
z_O!qLhIEvZVsIB9Ou<D)c$quzw~Sp@U~WaUy<@UICoTk~(b!5fuo1dY&~)UeY`O3a
ziGdwCc`2vAjqFPmB9d&~#iWU!z$s0Gb21J{iP%?0IwUX++ccgHCvonr80<Kh8udib
z%Y>Ma8?*tHohHenr)0*+ZNTuW5;LkB^e_x*ftfe1fMbBPVlGomY;vZ|LZj6tyHWOP
zoE69-jT$Jl8YXDQ5T}c`nh41<5v&G1NAy_}@=hiWz?`UKPiz9Qn8dUJnIvirPzOOf
zw!}+9n1d-7u#ZBjKIMWHsxE|<m`ep#Ua?V?3erA4Hf>1Rm&xGE(VQX?E78!cmNBoA
zj&PDm<Zu#S{RjoOAc=yC%<!=ni<%>UsTQm_a%oU5QgA^iEe%bb2_bT<E=jFtjU;$G
z3B-6#j2qYCBGM%yD9}G3Dk!iU<eqG$YKW-*5+o!?Bt8*=%PIVXPh~zk9znsHJUyt1
z0;Ijzx4quBJkx2!HW_bkhdUkW8V_RXL<*RaSK~l!j5VHafd6*G6%z6Ew%a!0x2AC>
z-=;|>zX!~EV1Dw+<R8KJfA!j}LcupV!jtK!ilw?t;np3%bhV&XOs;gZOuj2XBY>p<
z7n^4Cr@=hppUEc%Wb&ykGx?1GpTYh#IFldIDwB5x2m-KzT^W|iyR<DhRI>}esZGJ+
zJ%DiEcZ7YvQzq}$A(I~#4P^tfAGr1J4E|A2UOVuHFdHHKItX_k!c76U8{lS!GAwML
z$$t&d4q!oeCSU!ROnwG{7VICvd<<?E!R!d;SpY43Hv-cY{40QY4a~wSXge)@Yclx~
zVD<oWIGC3Jya0|T*un<z|0gz+9}VVlFxNtuMPS~5bc*%J<OhQ}6(9g06zshKPM{l@
z-MUj~1ojR92f@t^%)bG?0dNC*kK|0gsVS3R-z$@U3(yu|0ND2dR0b$%&g3V6+g<oR
z2w{`pdm(%;hVLx+9t>tTu<MPP{Eve&`PBgZ2E$owU?#7D?_xtT`37JgGQ<`J4anqc
z_s`^;fO)+i)C;~#K^&jS6p|-q@{yA=`K@410P_~WGJqQsr7#HIlc@Ow%+=tx9ZU}F
zeWpVj09>Dz$=3mM9+*XDKsy1%f_>*ys2_a$Pov*yU|t4yZ!muZ^J_3yf%(_0OnwVM
z`W&beK(jfL+YW&0v!Nfs?cp5yeHWn19O{qZwt;;O*w-ziP#M4rpawt@fOkuwFTiZJ
zObUabVkY`yI3vIa0B(6EUmBnbfIonCx#Z>sP!Zr3z&!Td7N8OH$8bjhEC6}jG#jxU
zir%8Nbd8LJT~;`gbH_6IqDM3NT>zH=oB&=j@MUIKfEMR6`SA0ZybjD%F!wQ-&&)~S
z?r5<>nb$dv+XN{oZpgBmBs&HOdi0=pBMN8n8v$wpr~tkNC|@Lt?*U+e@5x_a+`;$R
zLiGCsnD4-SDVR;boCxM^F!|3gmbonc4xh<a0<$fcYr(7t{%yegxr8mO1OHo)UVkwE
z1oJk8=?mtDSJ02IBvbefd`-;+FdM#h+!oTg(yX<p613`+bZiq?{9#v>C|3yGh{)|H
z=h2bLWukcQ+NcoQ(q7^Wl=OD9I8CL4@_!r2>v*@Zt)$L?cwRgU+v@U>>3yJzE$jt)
zI5>>j_!CSz4FvnUSs80gs+WsDq@l^-Ul@M&Z<lhg_2sygwX^uV;2?vyE_uTU*DO9A
zpi`^7VE}{so%4q9Utw+lBzDW<GrCEpZ}%)d6`(|S>Nc0b-uNtjhAxXQ1`rOAoRG!e
z1hY<0>SqRXE4cjt@TI3@1{t#WY=Bxu>ed#_zF-ec&l|1*YzHVcFpHlxD2tB<&;yhO
zSO;(&U<g3g99!@MxAzdIHkh}-JPhVBF!cZ>hi36>hGg-V0lo!j1a>XJOZdJ8rZ1R%
z!Mp--YQc9Hd>?@C{qX$<m<q7(8UXo^%;IN{$l~jPd3Sgg-+ELQzX@P4*sF|&wgA6-
zU~dI}jo>>SzKg;4Gx$C<4Dy3;(|^z60~f=(0`L*w#A3;9KDw>3g-zf#axwMCaOIX{
z@x9>t6?|6$v+D}z4}c5HCAS9f{rAc&e&{k-=KyNJcS|rMms5WX$AP^H#7l(l3jpgE
zQ&_cFa=QlcW`cbsn1|W-o|QBV`eV37VBZ3e2cpzVT!vsn@$x|W3ISy)cm#3V&S&ut
z06GFp0%!>kd;!*IfMxJK<}CCjd>3Qi?qJph`}uR=4&QshtO)kE8PI20S^W0^tpWOG
zLi>Q(3jF(k>3hu<Zh?P!fIk6lK)Mwm+!`>2rL-gLNA$Fgk4bVRX8Eqz1R0uFGQ!<0
z&p=f3f<UyGdvWp%VW;RJ*KkbDgSc(T_L2}HS{SwhcVnD;4Bi6GjE<D>QX{LjtBp)Q
z0Rg7u2y-9d-?NCDxbWm@mNRH7xpo4ELnhykygJGSTne}dHyi1p3U1G)bG*;yb9@Pa
zQClcfhwoL}&ha(3pX0v*xVD=@6u3>;V+#}a0{nfB?+NBAu<tnt=^cQ$V6H#>|1U5>
zouBMK$B%^i{|Vp+?QtH=U%;&?n7<$T{}+scIv0Vu9|U*`P!Yz7C$!ORa4!YsspIGP
zy(eI-0GI*ZUpU8aym*d}2Ivi-05|~f1mK5D=XfW8Pw*Xi`5gZnKnlPRfWKdy<NLil
z$NvP-65s*Y$AP&K;0C}Wfc*efUZ3MT12hK+1z7aYIes_5Mu2Sq3^T(Cbm3G<7U$!m
ziqre}BnHQFioOcL){>%QB!>ufD&sbgIU;(5x&AxqKs@*1Vklt0h_0DfwMpZn@JQqQ
zS(+gNe?xnnHdf0;<}5&jHd$^JSP7yq6Rx9Ho!B1MDOrH16r12`o7jZULuL;~>6qSL
zHWj8^Ffx}&2cdEX%HcxUS!51`C&SK81pLSy!;`fJ`+&hzhNpcgZCxTAgvuExhYRDG
zk-4-dM{WC-qOJ~Ff_mg^HR|rD?Wj*~5pr?Q(VEoRzNsYF94$+|9JQ~kZnljh)y<K+
zqZSwI<}gAo?m7D)5(ODYp)x0p*&^SNZFmAX`(MFksMVs=<ID`B(z8WsXxn`ie|v79
z=gZzb&j;T-&wqFSJpa>!^L+a|=lNH+C>#erdHzH`lSrzAw!CPg#3e#F9uTGG7Na5n
z)kPxnjlV%dg#HBMb99W>l8PMI?2VZ4b8{}DQaIFKgDTUK<eIYS(ShjHWSP2hGBP1l
z@(YU*LnvrqnL;KDfk4YvP7hUyF7TVs2S59Wob;R_2#OIZP4VHzIE7cMmIUWsuy7O=
z!bt*KWsfp3+E_JHLzE{en8+leqVhRZf=V{}6d`9LQ4#qYwgIS&jwGXozB9!d4Y5`e
zzSis06&fpfma_@3BpDJ>M1&Dv6_cJ<j*iO2;od}B0>(rvY-LmgH!7mANhwu}LQD)q
z0Js^SR|P@usK7&1dZkvxSmQ;7w#cp!L)aCFK0cj=1V*(~Y9bXNCS6uXR&OSq1s|at
z2&Vc~Ycd8HlhaXHpoYADz&55;ClTCPg~k{7K>*DFhBdmtyMs9zKoxa?KLs!nU=zR#
zfcXG9CiQ>ur=56#-w7}T;5>jYK>JA-_*s)L@YSbW;6H)cAIx{tF7O^xFYu)yP8p8M
zp{l}3QaR;6B&b7qoQ0WxA!efF&EgzN-=xw#OR;ZsFTuhUmYMiNUW!62P5DpmR+yzx
zSQbwxhnznnue+%&f-?`yXcN+<;RN?a`!pwR)b=+}4g>6fZ*B*CH9O!Z$U$iD63ooc
zF4UjOX=ZE`&3qN~xYACYMi>k8!N7{ka->Y*D3?<?Ty#{hdt)k+k4RqU1l<SH1e5eT
z)h25~ZMt{~I%df0CQ(L)rb(U3-USt$Olc&m(hZ)^ZpF+)U_O_bt!R+vyP5cn0nW-g
zB;L5J3;a_%aOC#ig#YdI3!3LR2k!ZmEw}J;GYX*g1qxd-rSJb!@cEo={%dc+x|I(+
z0N8Om|8W1CFvo#gnY$PG6e!o1I~RE4Z3)o+-++Rq^#tI}Yv|iI7x+dWFYteY+4|iD
ze#(1jXRz=8aDl%8-=*OD!g~pdzy0q3rq#2^MSgHm3gf<#zW+~wef}T7{KgL6IB@&_
zIy`sab`RjOog1G|I$ssDb7S_B%)AMZ^X#NEde*n6=8%3h|K*P>RJh1jMT-?LQIa{7
zDqZI5Z@w-2UAgiVzOPv6hssr|{`k|+)fCm8Y81@>|ME|!R2g?jIDS%UC5AH96Fu0(
zC5OIwr6LgaXxwJ;VgOsSQ*)(60F<CjQ)qPYIwqe@i}WvumhEK~bf62moKabZUFfdX
zJR)cbW49~@YT_{}JU!yzN25pEN0%g(+PdSBohd26Gl@y9S8`4sX_8j7I3v?C31@aG
zOC=Y^RLc-ugF1mMPS6rUbdXDmCltn53rSh)IAQ1lqXDlLT$mO~v69tLGT}1HZp(Nx
zkqEz(oWGzO1I{!8RaLSP$w!G+5Sn09_Pj~eurNYB@KJKDp)QytDVeA!$4*xU>Zht#
z#|iaeLe`2Hy)iZsWg#WeYfwwMU9M$^s<S~gWE#ZkQ#B)w(%=+|0QyNAl8hT<5fbm~
zMwGTD(+z7TYT&H~!Y)LVnIJKdqjr;Nz)%wzv$8f)a-yCDqJ9T&e&$%6PJwcTX)8KI
z`N@Me6%kE}$Al$&qy+^N@tIg%dPZ#--cG3?QW~ipxtn5RwaFGH95h)>Ny&AMcJ^qT
z=J1THGuBI{v|D&OHfhZ;2W>RR#@bTQaw$4(svLRKlo8S)o+CyLEzMM!a&W=G_JG4W
zRspH@2uB^(9$#RHwryv#qJ^{B$5~T~6Bh-%@awhiWY{ZG)Np1-Jd)^5-Kj{;KAbhj
zVxkrm4%m3&tB#bKiZpIbP6d%_a&d-Od5z507_&uZA%ZZe1T7}fk8r<=^<;yOT_KQe
z7moQj9ypgekfJM8PgJB!u|V>1M74itv6a<iL^v_QFKqHbO@z|IKqBO#FchImv3et3
z=tWN|2fK%}xd(@8X(_$1=u4!k3Ju}|y(f4OtN_t)CVEphTgqG?R8->vBU9<Daph!T
zon!krYn)?c>N)94nmml!6fa+rn1*c1|Bh;|;-O^>O(p$>LYg?x<DqGpo%I%(Q`li*
z?bzx;hLxKX%S=K#o87SAlBw_;eY&i5WJMH`Lc-Ua%|~5Hvp`)C?Iepz2~Y){#<W{(
zD$~z77Mm}(X-5Q#L)GvCj&sjnx@d}AltjjCPnw_%GluR+g&L!aSGXimjh1SIK!WN@
zm3iw7u_mII6tAk3-q^)R)RAg*W-1IjL2K3u(s|9Us2WbIu*dfhR@o?2&P?7`LNOs1
zSE|&>fdYH`iX|vHdTl0%F@+yWFUzGta0^o*GpVdm2;NITMafYXqL>|ldxj{n!()Vk
zP#fcv!i60MwH4-GI?-l|M+S$9i5O$rwK3Ls2Xwq}uJiJ66y1?PbT|Vx5yIMF&k9(1
z6&49wfD9~XaLRfCL$JEetfHe$<v8C4$n9#AXMuuwd0|-z@ozz*HzfKs@^6J4;k>+M
z`4k|5#v!yt@-LEukX{W~W(7{9NjMEzkPdbb)T<%Ou)xW9)ekTdz8M4A2ntX_AqShJ
z^(ezhpn;=UXoX+FCmR`WB9^QrY;e&iAu$&9eKDQUxQB_-tkp2_2*Y2TRj&wx6A_B*
zBHJ6{<{T7;d6EUdCV5;v=?eoDKgpg7$f||!4>WO-yON^<+*LN)wM?27$;sm9!em%M
zNmvATKPF}cw{B~)iemGr$i-T<7-mnUgrHPxbXas~D5uE38FJK|r9?E=a|-&>L5>S>
zWk7+}3bI_2?CGLSu>B(KVobVJapC1i$V1Uy6hH>9^0L)tXW)1>?sZBBmE`2*B5xJa
zqO8iN3F%mJm$ZK7vhFk%rds}Mhd+vV%0FBq60RU?1V!r>V6rvHSxA44I@vMD1x9G-
zV7BEM!?Ow5BMa0J4N&}I0on_L*;dZcv{s{tLY%(s)afx=K~SN;UKdX^WYhC1?j!8V
zlcY1yF+zITqVe$|%sem>$Z^3ej0GQ`By}1Q-4;nu*hCZ}5+2~qsx_STwI+gtFWApf
z$;}oxbJxQ=8kLw!wteu8hXGGcJ17p9upW}@P<!EB5w(`Xq%t!t2r*2RyIyBNnMZ;T
zYNmxVQG2SU-I}by_cNj~Q?H9LsZHtN$uzu+`7mXfqyQMytkuW4!BI02h2Ar*o9Psf
zfc2-S3i8G(%Fq?EhsDfJq?j2`zpMa;M0Y%C%ZlRCfkm`YFw9slscL2=T%9yZ@|SbO
zGzx&z0hBRso^L@66btMjqNw`Y{l3`!?E8}+X#2CmwVMt&xIqh|%w2G`c9q4t(VRSp
z<83cdI@@3<MW``85?t#L>OCwh4h$8oiAo(~*4HEd^v3vlLUqt0R~l2NP96H-PLd}2
zI4rmbTi{9$r+V-%#VK5f8+9thNx?};!s=rto?fW`%*(^8zK5r0L$E<MViS5mLD@UH
zrzhL)QRZn7=N#+o;iW-P;6ESnpVHZ*A-FZd>j~U?yMX~0gpjb{aIT|&L>LO)3-*ul
z4}}yw;HU8L@PR+um_l3H8XVWH*(Lrq!0!NVeiRn@UgFya5Mgr)MGJ*esU&wJxYFWW
zK$HXBkK%A+F_+?87$Yd&%v&g&>m(}_qLTs&TS{_wZlbYs5kuOBlG~)<rNog?fR?sl
zwf6Lmw7`rrv0>uqz4BklyJHRSqksid0oh7i{7mx)7SG2gM3j038M_cU-NH!#!lasX
z77NmG7!{FGfk6=wrT*>c#fc!$+6G#a_4Jh=%Y!}+gx#P<baM5DA_&2t$dp`yNc(r#
zw2j1e^EW8M+Y&BJt638DDq_K4KwA-aZ7VpNgbp_~i}K5-f;3%b7zuXCADSpBnP58*
zHKj$#kxX|u#TnsJ31=dWUedk+XGM*eE5UG?&9>4F9gd$y5KV|h1yk6Jll;a<w*C^I
zZM?+4F<jzf!K?;mv*b(sNq}Ww@6qcLzY^ROV4g|3#7D#T2=E&M-*v!W2_~kAv;svL
ze8bVVef$>Q`b#oEzY;8b5t%#EAe3Qo1UG@!poA=JX_>t^`xe5YUn%ze4NI>iC(#-R
zP}+f;qj0%_P_D0-DdbgHR(JbvdEUkH$xlunA=I^q%&!Q`&mM$!{Kf$Y?Nm~h_g8jd
z1UisXxwK6Q);|K>2eyBJe^@|JXlPKNDAUzHqE&Reps*+|FvveJG$brY71SvpC@2tu
zgoQ_`g2SW30y+QC2=MI;ULlcDkzD(rh;|{7k*M1wFeoepf<}k=M@O}WWI_T^y$Tl*
z6d4{J5rB!c_K%K4r(pjO$QKpH1cZlC^;MjI%kT*F3y+Rcg$Ju5{KHxWL0Td0+J^>V
zp=in-Af`Wxiw%S=NEI3$87Xmjley?ji1VDYFY(0z9zMIo9|!mwzIOp^2iO8YH&TOe
zbC9DhBJd4_=mJVMY2$Qh^s*-qn3)xL%&l!^uK6u5<b|jnN&>^RMM~NXM=UXEcE}*~
zBJI>^!FshNRBMPwc>+SA1jN6dx^o&#$;U_4PG!)hs<ad@WLBvyDmdO5EP43jwTolF
z7A>gRzJ<f}$s5ZpZg5So;=QR#)`C@A+&XO1p`^(o3esTIh!T!{^Z%9N-1GmH;_zym
z-|ptPm?kaUN#U48j%Zlr2yJppwEOswe(Hez0ON%YVS+nFU-@Mp?e2adW)cmq^VFU|
z9_ScZ5Oi~EVrQO2Oe^{+s6AGltd7+Yb$rx8YtYcBx%i6-2q8!WPOFKxDH_`4MWgl@
zYLk`GS4c*5aaVY9A!d}+9RzV)FrsV0+6VI|2zs+3#SCArTx^04g}{=r%*xL!?M=EA
zI8tzta4gqqT(~e89WHojqGD|E{)EVN_=v;@5Gp_d;!-b)f`?C>LNa$~E&K>dvlwKq
zlxCLPRFq0K389R_oMRnp+i|uPmUSb1DQG~E5|tBwK6|p8eE8B*d2cthpAIO%eDm}q
z6RtHLHSn6`@B|ubiWMVxc?Yv+p8!*AJ8e>Ia(a*fnyo;Q;g)Y7Deu_>k!3T-6pPcP
zC%vQF32ygq85s&&ON4*t$dF%yTu`c@yC0(Vv}Tp7>%WO)(&BYhtCAw;U$F)O5dq#_
z1!)3r2w9MDjUXJ##K6Pafk&75nvXB@;~!F}4)%*+z5-YPkdhBzTp@nvCztsx08Wo7
zYy?OG7y(cppj1AvMHc_^)62a7v&;OZCltPWO3h|qo&|GWK7etB_`hXe=1&0xKcnyh
zU^2i802P2&K5$AF|A!Zs`F;Q=vMHoLzsy$!s1I-r?3?m|ezN!{UtZ?DUtQ)0y`XS~
znPtI!E|@*@0gNle@B13^2k?4D;VQrYfT;j&0e;R0uF2v%{d1Wg3UKi?1&=q>)PVUC
z%)R-*P+9y#Z!hz%?=JIw{-NLk_M>3l0GI+0mk(fEA^y1cm-%dfw(ls+X67jX4M3HA
zAX^r{`NzxrLV#EADJ=MKnQsZu37`zXwfA|$LRtKxpD*+A0Q){tDF2C?t-!nj=A?We
zUKW38$t(QVrLOR|iczQp_KGF0@EZY+7QezDE|xc7Tp|9nGFSLF0CA-#d=K9rz%-Y>
z!tVt0OUb<9jV!*4L8o`+JUVe6o?hPd8#HXxxQTzufWV+&&YA28d_KSZJb##d?&bgH
z`P23Rz6B^<@@xDYDswI_e0;-mg-ewvGqA`oelTD5tM5kgg+>%D#~0&==a=>WkzcG?
zqcd95I>iNRgW_AM{SC<}T;m#7`1bBs_@XtbIfU5_V7J!0!YdkI;lJ~s=5l6_1N*+#
zSNN(SSNLo&i-LI(%olC1@TWts@csa5fbRet<XJ~qCr1xSc6CgwMjOY)_PN6U1EB1C
zg<k^ZBrrDtbOpEua0=YU_i>m$XBl;czbAtk0BZqO+PVKHFtz|;<}q^<zz%>+fRg~j
znfqb~aV7x_1lTKcJIu@*0GHTzZvc9VvZ&*ws|#8L0t<uD;EqR8WdRUR@p@y7T2EwL
z(p2FfWHRbBsMbXVi7Mfom4M_8E?~h2LO2zp;es>*_)d_dO){F&RfLj5rH<_dM|(Xv
z*(L^36{-F-!6<oYQ9l!P4kPbW;0Y%`QhvL)H6zl=C2I*06XI^Fa|RNF%;&Quejhfn
zXY-nY=Hw#E(Ur@e_MGqP)VSp0QTnhaGd?Iwq?SM3_+E9FpnPs9>4w+@xX&@Bn|euB
zi#CmDesK3oRqHItvZFmRn}aiA-b_#$RUDjd^(t~FHgm|NMa7jt(c{&6nUFU)R=2}s
z35^%hRuQgsLS2O@f1}kx=&KA&-=@`IF`@i41A7jn&k6om8jc>)LXEMBk$PilN1Y`h
zP^(5fnbsx2nCgc3I*ps6EmT;mkD_V&_=Mq^4*M)luZ}n8pOuh&-gUAV<+Z{%9A1PI
zY{az~;Err1>}8blO0P3p*hr9j%AKPP_?*Pi#`m>peB$QrXGuT;M4^B34C1)2XckyS
zg1$8x;_y9`WQmV5NEefwti|h*zy!w1>f&0RL**U`cDW|F`z7I9o61U3M$Qh}HnfIx
z5+Ui1L94bTD6D3h3X~7U{YhzYLPJwAfY=%MuEZs$y89VW>>>nB1slQ9rq;%{F}Ma%
zdAm^jL}WXpJe7&<wWcW22$49#!yx^fbZ{7hv^{6WwlGm8X<RC6TA1yqFi}=KQYjyw
zV3?AWa1Fy@`@o0@5Jr_eeu^p;7KhxDz&E^PxNKqy7`=nqL|Y6SP#7L;SkN97bYvw!
z`w?V2qQ+t2G73}7Ihoula|RaQI#30oTH`QUN1S4$=t|o$CL7YE<yox>Ymlh53x*Y$
zqmjCJSZ+w;T9cU#-xQbwox(|08{!43pN{Ac!t&s3LS<F-r4m{A9ITA_EbuW9RsOV)
zs?x(cpjVmkrND})b!7r4SyYS~Orz3hlPw91TtFZZW7KbqMvU{1jkP8r=OPlg^|rD`
z)S%!%rjgXF6rNI%n2d<Ir#y-pD|v2o6L=Gm9!t_sDg_|R3L^RmH7z0C!n&JjUiH{;
z@$m^VU;&BD!cf@Ks1<Q}CY{<~A@1>1Eqx2l*-ZKwyE=kA*G8Grv8gEy3t?Hc^I)&7
z%#}FBuo-USNS9BUD_vp~WJuvKqaRiSiH#|;QG#C55J4N=iCt0@wG=Li?W`Sfki#OQ
zfNz?#E1^uu#ZQJ?@e$W&lgXNF@lnJWVZND2IP(0LN~4p4CTR5-DLF^>SZtC(M-zV2
z%tdQn*@?4+W<zGX!Kh%XEXmC5coCO7(~rD%-efvgRq<L28O}sMpHwgnr==?i<^RpG
z=3?6ItU<l3x)ik@hFV8bJ{OxvaNKcaE4qAHvYND9K6?`9V6C8ZI%H9|U;krp)j~Iz
zEP+~*6O4<FuyPQ3W%;i%GfQx`zmm)p&iy|!yZGM8KFTm_f-G)+?_vM$EF~^JaoBPy
z+VMmYGHFR;vLG;)%`!4VgeQi4QOmhymPigi!pVw}PR1tU@IW`0ST{v2gE5t9(6#jw
zrcXY3YlKw=N|6*}#K&NjRv)L-8Dde(FsT#LV=HPqn`;Zwfr$uX7g#M_o5Gq%1Es=#
zuVAbTlziR=)@TDVkuvc@u1b#4RnxOJM>a2Ea6@AmjJ`0$la-Pp%l1(!LbfK`?x`n-
zlhkUUG`~hl#~&K*9|*;XCl9-XUjT`flNq8{rPgRnVDFvAAx^h0s)8ghD#kb$T6GnQ
z!E@z01V)A{sEbTsF|65GYYqu~V(TI4Og)R*oLJ9UgNpXdq&#930_eJ-kOjs-NE)Lh
zsN!4#5Wi@HnLLIou)su9AL?66M{z99`ZR(fZ|3eN*<?@aBt~w*u!Jy94LMsJeJG_q
z6okF5FlR|RI_WI*r_@1?d<Ehn8bU|{2TYRMkWTnvU?h+wMBZ0eZP<AIe9<6L49468
za|41xgUQZ>UKo+mdyx~SF)j{eRyp^yO7w@$y)`lk<RU>~eko{jOMz;S6<7*jG(!qX
z=rv(1(ov0R#c7ZlMQsri)#JuwP>~Q=Ta809MH+xSAi#W~YD2NKC|x6*rbJR84Qqu`
z5nZGOp6BA~f};g@Af1_Hh~+1@#dI^CPFx~8N2*MieLN1*BpB>&ivAvMWRSTDtGt_{
zF<E`wJ>_$h(a~~bgrRp(uzz%D6mCzF6M06qImn}ze1fU1X(^mam7*~laaoH^wsN5%
zVbPsbUdo35zPcnCMrwlf#6u+>0K}jo${tQ)`nY!5q>v<3bBf}5$a5;HP!LrS)5V>O
zBVyQUAtjB!L4(St+edR~gY{R?CyE_Li?50^sBj;eSK=z42@nU6B!goBT)umggStU$
zsbEo6>5>?=m{2*Jvg3|S__AR7>WIX+W+-tq%$gKQmOC@t-F1Q_IZ+@vbMj+!#X>}F
zg2tqB_tUD96HrVK8{*B75s*^gG8dbqkTy_-Wm93u^dvYnSSVW-$5vdM;2t;!Xoirp
zqq#yn$y7<vnl#!t)LY4sR={`5_H^TczJQTOm`BLoKz2)(AEe8O8dcPV6Rd=DhTH<(
z{ZcflSQ^n2lgc}YR}Qu(rZAIxrMSvhs(zI}1tzbcrW|Ti&*_Fx&(6Ix*!x%wR1pHM
z*EP64dUaBaM(yHSg9}XIT+{}mAw9`xHIvPo@Nl_uGLkdShNMxl!Kuz<;d)9AFj^!F
z*#T{Ac1|jsL!MrZIpRmf*TW1ZGX2q6tJmw2%{th#v>f9lMCU+_U~5>P3yejJo`}Fz
zTP;RcE>O({8aPJHOO_p#g$s-m;&^*;fjZa)xj;xafuor<<mj0U>8%W@h|cNK4I-dM
zZ}^Bca!Gnllfr3@oH~+A4(00la!DbaJNysj>iBY+4qQE7&eV=`_T_5%a>fX*uP>(!
z=eqlH&6;t3ew;oMJ|ILSSbRBOU#_|@7jNOzYOYo-&S>QN_T}o<<zkb#<Rs4BuMXGC
z%9(p}k#MC}bCEGzq#3SCT%?hU)NsxGXx%tZFRqI^M(6V%-iDE*m^`c!qG>s@4+gpD
zCSWts4iiJ}6>Uf`8sSFA{5ZVRQlU-QY^b>dW76;(N`Ay~Pd9rdOgUXFj{bJ|0oN@w
zU{e%S%fm_4Hij!%j%YMCQ^-XDvl0qmmj^8<<Uvb-@u?GA)N&?3C}x~#D0jbPB!NU1
zvH(!L5lw*V7csbF2zNE3E~i|!Wc$sb-`fgyG7eG4Hx|<Mf0hjwYD^8qUL+*$K0dN)
z_`oJ_AlmAsYaq*swXTjR>LsiwkRdWC<G}{`BuTD#J~nB!IfeyC@YKm_!gfvxhG@eI
zw@{eWxb4d`)@$P|Dh@fJ@#cp%1u3M0wgMNI_ki%14TreAM}ogb6J-pBawAd?x-#xx
z4FmhwWQO1#=E>1+B{vlvoOlgJYkUIbuE*<&(V$h3z#P>>PqYLviYTT`mb4~8H71eM
zInkhvjbqNOh-PaN=B>8vW$=VsVv-g%HNr;|hj?loY>Y6>Qjo?40-8BI<;7`JX`u+_
zi89Y{h(!H2(@!4Wag#erxFC(q;$g9&^cWp>1f~*NYOEY{h!E4)@pHj=u5clv)n@sU
z3DiuHYb4ACS13ISLy~9n-?{(W&@#*3mMG!0oRXU|lfsSrR~S05pyC`CbaKWZ3q3`1
z=93>@*<~4GZK+^0a`{&!8_l{jawoUF<OhU?2eeg11o?+Xg|rKTPPUjCG9cLYY6k!G
zlqrKGAQRB8J@M3^e%;u|=#82aqs5;s&=@#04E@)Rf8MqwlCTW(T-lO_dp>}fyt`L}
zhF%`^8#QX&*u%4dmuG_nZ;zzLW*c0NAU_OgT9F=AkVodo4{<#lC(*(RGR2B;lKil*
zIEju`2wx4LDZsA)X#mp!HUeY<yaM<RB6<{(<iZO-j9*;lR)(cjiKU1Bm|s#MDLnfB
z$in?>XWF~DdwAqo|K@hTS$02#-A@Q7lz%4s33efzV6T?TPw;Oc{1RHjuSJfZOIh3B
zQ1QnchLK-U2fu>&x8VM7|3rB-c?g<uu2tK`wN70(cV#{4k>96jGhe^vE$CZ+e1fiL
zqCUxBOzveeTdXOmY3aSYbnVt%)gyQRK7IT3A24vx;2}eY4IeRb)aWr|$Bm!x+r&we
zr%atTea6gLv**m6H-EvxMZYgzvUJ(<6)RV*Uh~JFYuEj?e#6F1o40J;wtdIWUAy=E
zy?5XK0|yTsK63Qf@e?Ocoj#LsHZ$wo`3n~>UA}Vl+VvYZZ{5Cg_ul;n4<9{#^7L8u
z^A|5)y?*o0+js9jeEjtJ3;#c^Kc#(W)jFh2+t7Al;q8Bkh>VKv(6LkJUupew_y2!K
z{poKY#WH6zY;!iQZv)Ze*K<uLor`?^?44FyHEu(vsVTet77e)h$F@l0$<fzm{`zoA
z(Z4s<U2tLI``})S8y*hZw0Xw3c7eTb-8KzKTibJN()jTC)4C4JF7a25Ry)?m)g5y!
zWp%WN;$y`zlPe`Qd$9G&nzXCK+QvMHyqLJs+vwXXb40PJ+_ACaj;v_CZO`ZI=S?${
zEHl1LO<6K@<V3&zO*2m}dDP%!w>G0%p8D(Ng5D>mjv7?0N=W6FA0IDV+GF<oav$Q3
zo^Cw2)$}dg=fSb-#&$O==Edx|TCd@6%MbLao3%Y)L%Fx^O|{W0*Cx(-H)_|T%sIvW
zPH{6hmkMnC;^<{f$KiEOOxsb;?`du8z#WOx$35sZX~E;)`*-pj(Is$l=)6BZCz!t9
zay_VuZ;?|~?yXAnC>Hbg=?T+@?-;S|#s2lpmalSkRc^ZB98!AQ#VftW8mo?XDH}EZ
z&o+zJc~yAW>$0KfpYvCH)*f~A;H*QHz9g^emo{kYT;F!*!X7`LJUICIu<Es*Hm=c0
zzig$^rMR1+)tRF~=|e9sK0dhF^y%7iCkOmqrr+l;)BaW+55KZw*Qa%<{JN42-};_f
zIsd1zMXX;BnR>|C7?^STcJKG82YL>PIr(IER!UIKkA)uW9i7?XX?o#Bug(Q_s6W;}
zXhxZHiT>FWJM5Zp?BI8a4WB%1()`EAg%_=#Qat?jk|CpSY(3)CbwbTGogVC(I`d*f
zeWQu)ANdJ^t%hxU|DIp}{mgr}ntmGa+nQ>p$F=!5|MiU8f$M(yaL99j=hUkapMD&W
z?bmN~T+=(<SB?L1O^Y^j8+Q0B_Ci9K(=BVb--yDuR{k1!`|A}$W<`6tbp7S*#DQ5q
z&%9V}=%yQ^<M;`cmfW7<-hwxGJ2`&9k0S>pd>Ck&U!&*z!c7*2jaVJnDqzGBrxoYF
zuUz5b$Bjppu9>j9*IcK*WoNFhbaH>)*---)%q{fK#~V|^hZg>OW|PXjW1Ry$_l%t1
zX~(n4zRx$tZf;=hTWi{)X3j$<Rb9LN*qCQEQk~{JQdP31jGnr1Qp0ZLDm?uVvU%w1
zik+9I|9Cf}(;tmW9`~G3JbUJ_(#^m8b)+X3fAZwc>pNTa;QSY!8<P~7)?#AF@jqH8
zO#AIkmjRdD3w7_EK6Apzv_Wq!oFA}$<++<)r%tGPWYsz`VBw9XU56R>Tt9N5&HANd
z)^_|f{-++NJD%LsExlZ`!A}R(+*qm7u|)}sk``UP((hQ|(j`lOAJy&4&82s1jf?s)
zZ&um)$!i~OIk+eD;MgB)#=m<P`04z_loqoacKFz?;gqs__t))xGhpkKm%ny-qCfg-
z&U8;x?GigZhVI-M=Go>+v%60kp6UKa`QUG-3?25*%o&x+Z@pW~vZw#mj`zc7v~FyC
zH0`(8UB4D9y=2FRk4Y~MwLAIv=FU6+%z56!d)$+`_4m6q8Mrq7fd8A+Rtv85s2cKq
zrQ4lRO=4zm&T7<c^&y|Z&c}vX&hOCldOPpz^5Ktnw%a(oMC9@~_k}UbkH%;8*s<7m
z#kGM$(jI?3F0!I}afi5Hk{@(QKk?6Xui#!669>MUzI*zKQ^OZL@Av2DJwuis)_1Gw
zyKZsDhuA8f2cIq7H|JB2ovAB-d%dse*45u<ZFuqez^gItMZc>wbJO!@X~9`tci&lE
zr_zj4^|QZO-TRyQ!v{_+*RgU&@bVkm&aa+7yi>-EhsBQ9h)Ny8Pb{(9%{5vxVAIiO
zspg)()$aJcsWUQW_~h~9{%TO?V|?SkJge<{{eIBFYyDrnZ`|y=W@EZ1H*PiN`_g};
zj4f9A*`;w8k5pQGDs%a}5j%bwSESV0e^%7hCJ#M6!jjpv`N53qnTLm#Je7K=QmKzi
zj_-}$I`??`sogWPCf};IdQd&?SmVpJD=lie=X0@)7jurb@z^;sSQ+?P>6h~TlR0hX
zZ98$cO6|a_2VDLhdDCNR)Z49TZ^rsvoigkGIWLd#6@30)IJWtYbu&l4xVw4T_uuw-
zGws@v?=F|y^4E?I-=3RTDen5?sYjf*pPZjK`D4>;-QE$wTRxOZ{A#^xr+ZiK?Y;GF
zmA4ZnFEC%8eB<@{EhF1!Z295k4Rf?<h&g=v*i(<fH0^8b{By{Xn0__&t1p|Dbvrq2
zU)xdP-@O^scf-6@i=s`7W~+yv8)h95ROoa0;rAmRPV@gXW7&dbzkm9r>3}o)Ti^37
zKP-Fjn@g&%JH@T~ef^ouWuG;lcD&lbyHg&X+RmSy{q5%$>a6*P2S@fbY&&|WPi#Wf
zQo5b*-TkWnvQ%Ah&X#eyyWf7Oy06xYeb*+xyY*^wicezK%Skh|6-o~Gju^FTK<6>>
zdzRLHmR)Ici^i=lPkDUxPW#|0<+jCr|MT7R3#L8jal$Kmc+Kt;w+!T0E?={8<Gmic
zv&vPjaeKm?=?7M2zZtiF$N*hHqQB=&(-O_=7TnpP=^K3d>YZ=?+4Z&CqS13Ftyg}x
zxy_ou)E>RFG;=SEY13C<R24JAz1!?V2mkR|kzRjrdfJ9jXOH!G(e_x`hC{z>dHVC0
zDFI9TYOh%8+k48%5nEhG#vT80(DGXK>kQ;$7e;veUB3sv<4Anp7ygZ#yM5a8w4v*e
zWwYmct{D0%c4FZJ{myEi?`RP4k8*MIiqi@`n%QLBso5U~Y4(gv-Z!}SqJGb#Yi*l2
zc39Z7M}N9(%C2>5``ycb{l04LrANji;lYW29G-M+`|V1_F7@8LbLEw}BYx|AchjR4
zd!s&doS@N0y?Xf0ef`e<uE{l1-(PQ-UHM?jqmN^XBrZs;aQDL>`-hF3+IimAOS2=b
zpWhbVFmllHj87Yj++4XRqIlom17~I}nLO0}-q8WW#&5a1W&Y0VOaH1>ZCUX((@)n+
zGas&by!+s$9e(@ZKH#54M-%I(zyEo|u^qz)o!?w*;g^Q5*WUBmQgeQQXSW5-?>#*@
zrJrTwDb<R1eNVRDc=NJucGbeOoi0TL?p?Ikf7NgCSudAVE}6Kk$ARhJ_BdAb;g(H1
z%QyCGRU^LU)6%zxmr2>vaLUQq%O^}u4&1tT?<Dh<u~YAF-P*MEtJIypxh!u}<$2bV
z4PFsf75dUHw^Wg%r_?Ckd0e9htJ9yf{&Q`h(+@LhSG{~C@%wLgzk6O{^nptm&l<Xq
zS)Dp@#LA)X)|`K|ZOWsF?Z<~NdDvu0?MDNaf1?>We%+n<8KeBZfB)>+??dX2|8?`q
zM`IUn^7Pb3JFh+Q-EKcsbfxhF&l$eiTxagO1!GEOXslmdJFFa6Y}ce=-+%P|VgIH+
z=BIN)f3`0E^|Z_W>)J`}dVS^nX4QZ`rw`t0K69FC*3h)e6L$A~yJty<40HCHSu<*<
z#4exO`S1SgBKwxx{%5aia}%nbfB1FrRWa3j)tYqXaP)TF*K0QwZCba^{<2-~-2SS|
ztlp!yj{ouCix!oi#{czuBjrTZgF@F2-rBLPsi%5OYE}J;(fykI5$$v+^68aB7p>N=
zQ57EjI5K0BSvRw0&6OikPw(69z9w@+o0v<}n>`t-zWU+x&bGCeZky61XwA>-PQCsV
z(AI7J$w8i<Ds+FVYPra->8u8C-ew&A`Y1Q#<;D@8Tlc>)aq}6=yi0RCr8pNWckq`3
z&(8iaV%pn?rq;j{6?V<4J$lkqZdTIY>)hUM8^|4b@vP4!OZx>sO@CD7yGfc7cXupN
zPu<k7&CgGYcl&A5_-B(Qhiq8f&}(JtmM%Bj?cX(J>b;Ar*ZREe`_pgVUg%n~!IhdD
z%73$=ZOih?o5x1BH<moUW9*leHIJ3%AOE>4>*>yuU+!I=zGOo~e^v6RPbbwwze_#7
zYDdf7ceAGKKDSY)|Fh`MM#F0iZB@0^>I2K_YAfIBRB7{>rq{#AO*fPqQtJHg$-eOK
zIQt3bS!OO^=3!=jphk;1)NIf0{WV|HSkq<@Q?X+gF<la$5%YcFsU+6sfNf}&U6T0#
z%{upoPQ+NR75DI}y})yY>Nc2P?LJa<JeUWRI~J{jSg_KSzQ%D6MtxP|&}fc}S$*Jf
z+8S<P?@F6%oxi~Sw%Xv8HhcuPp<}7$6%$r)3!ff8S#|H(1w$*eQ2)|-=;0-mf7`mm
zxWwmM#p~J=j-4D@a>~23Cd~)kExonj`Qj56UJHx=>co+kN2WOq3Tn~U_-XFO<hsk(
z9GF}5c4)(Ll^Y#6SoOxf4%dhN)Ac*O&$QCzXRZIf_>n#*r|(f*ZoR$A-kr~1kNkRL
z`<W@zJRi5ewYYhO9iN@=Rv8~&`SGqsr%rD<lRaro(IQ1_A6&J$@}Yo(Yd253YwY@{
z&q=TT6UMx{Q)Te(ZtD#m^A^U`Yj7jzTHz&geXEZ>H#Oj!qT^iu4DFNoOYrkom%cqw
z^HtrH3nL@BXW5%3f3qrK;KNmm8)szsKkxN8F823fzv#o3wrEynnYQ??Q|;THIz2z|
z>7a5G1`R$mHNolp%j&;3*<SeZSmUE(C3^02PA+}-OOVs7O0{Z-&p)?v;N0xzPKU;1
z-56ST&Et2e!^(I!4V^qYYw0OIq*~hE(ZB5*@MG<YuR8c#I@RmK)9FtRpAHxw_HbwI
zkNYz{7sWn(_v6Q!s-W&u8s2I0Y|}aG*1&FuS7<`d-f!dc)1zJA-udn7$i<8QDF4&O
z3ad`Eo7G8k>&fT^$vrmrAGdtX;jxXi*VdN1_~FmtU%tP(>d+_m3cKA$PkY~|$wlSX
z)gRwp8Zn{w{qvtMJ=idF_4DC7zN_K1=ltsBb<eG;v-ax?8JD%Is*EpjXh=l!4hz>E
z-LkmWsZ}Mrf4+AjO<nrnuie)UJlAA=>I>_Y1)+y~WhG56e?;YTvQ0=@r;mN^>^bS)
zw$j{LKlN(){-<vHIqlbzQ?-^i3e|({J$EO}e2{XhXHfRu-HR&BK2UMh`s}+;1~z@x
z=JeERF6yHzx&>~pWqRMNg7y1Ho$gm%>ZWTqNqKY8snmTpHuau4W?%H{8F!vEZ!~M;
zjO*j?e|vzt-GBODHzWVqGrPO*b^Ys^ovL>kK4wI(J%2oW5&y@-amiIQ&k9}otJCn`
zzSQ?0dF|P<`hJ6dSvl>|nZHlmx|=!AtH#VdYrY*8#3%0dm>IdWA|IUHcff;F2G!W_
z{|J9EC?qv|*393N7X28#s?fkPC6C3{saSYH__5FZFSRSQ|GW9~e)?r$p$6xI4{Dc`
zY`J&Lg}18W!Me^J@6T#9YWlu<?hF4On%HkcpR|%My<$(cZ}&K8I{&fI5=C64oqX?>
zCzm(x_T>85hXaqa+BUh;^BOm|UtGTBrziT0b;_Q-H>v!cLscFH{FeH|)%1mTqBczF
z9(Cc!Pd#t`w7q`qc@ek9-g#JPUC{k1YrAP${#0pU^())@hnW8OYU(K6waedJ3i`0B
z$hk?A+Mj=SZtsEFT_z3hGTdwP;Fk>(UM}M`HU11NoPDNRwUnnl)eVN+UwU@=fvtrX
zFZ``U`9=vvPH29;o9I;CY2fFz*NP>ssI$Pg+qA<6A{!hY`+B?2=H)FvoKM?0)U-l3
z=j-#goKKY>y6?=`F4=p3(7rC*cxG05z1=g44CmW)`uJ?u(D>cml-pK5`)k4U4_!CZ
znR<PsZxf5!x~<aVv8~Q*E%)$Qxh=<?HmsVsveLZ)br)9LG-d8}RZ7U5+x_-F{`hc>
z|M(x*-|MZZoU!h<YQfB%^MkKFYx>o|b2Xlfe%Pj{;<($gHH+sKbK&2Xy*S+It8{+W
z$`LMggF5c^pSt3uwW52yNgvK`E~)I>ZFb+G&SRTguD^Ho5@mMra(n+Oe5&7@z_wfe
zR1do1RdL?3s@oP$-aUKR#6>Pg)BY@czrnG;KCN1#UR!8)_S}k<d;hrikHiCA=Fj-u
zH0$6$Gh>@C9ieD8Ye2J86IQq!+cUrPzE@{oetsTszjNCD&GV*JP$y5@s14rHIlas$
zC%)t33&%!Wwel4wpWO8@DsuOg&4ZLR>$qf}y<2u}hbrmT#S@|fpY%9CY25mr(Y2e5
zdz*YCX6lxJEwh5hZr`>vD$c*tpFMS_AMXA|dHI&V)5}V)K8^e}W974}^_s1EF+93w
zR@2hwI#{eR+M<Vs>CcqgzUyG)Wrv2H*BRawJ2Pi}t-?WF77rfUV{OZdrgpzCN$Yxc
z_DRL@lheEpw=C?+`}-+&>K3NYKhrM3ZGXv5hl13D8#O4Se1EL(x|RzM?U?=La<|E&
z-mlvGC8EK*$8S5lx)xcz&#PZ6&N#RHVdu3ks_rUNUX%RevqewukMTQrCUe-7o63`o
zinUp`b>_Ce4~+Qny9Wy@%)FeruGGZCod=X_)4knBACGF&uWVd!t7d=mwH3V<k6Y8N
zY=;Wtzh3u)bxPvQ7wxasJJRenKP_T(pO2-l>~3~{^{*ekIh$R&`h~Qv4{uwSRTwdC
z{q3%iXD%-9yWq$A%Y(|EZFgs)VpQEnLwa=El#saT&f=}FZ?`OV=ckje(oQ}c@<+x%
zk4i1?)cm#h!cTJ|e)_{B<Vdr?Ws5KNo&9mi=m*70DE;S#tyxrJbo#{oi#i<}{p9?{
zH`+?O&%IhYac1+YhU06?{<C}hl+pZ^DX+3G&e>G0l<&K#-v%yT78;tey?pezGpg&6
zkKCf)-I|?fnUvad)8)a#zuWwM(Z!Q$JjlA^K4fXritCC_cvs`Mqg{SF^w&Rb^>_Yt
zC+&KbIW0D2k6$%LvG4Tnt4!1Wc<^ff*bd(|yVUE4kCmp4(vBQ=?fu-3kNdCm?2tC>
z!_uF#t~E%U+||W<Scf9PTg)#9EOi^&acSA?YNu!a^-p}yH{}PnRJ|^A;N^@(<x_jL
zOsUuW*!j$_&qjXy=1Z|94`M5HJ2J2J$y<FpZ|HOI(x9qWj0>y0bMc(`@b2QWvrYZp
z#8x|*`S+<SFPkkZ)aGTOqm_o2@Hb2!ykqXNHfKV1E~-21m$^Z6o&+_06)||#&B>KY
zt-T*p@zR#LW#%mWIJ@lqTO$eu^;7r!?b1X4X;<D4-SCShV|!%dr8ocT9~)i&cJXnl
z?mK!Gx)QSXtu^sLp~$XRwz<Yuy}5qtDA(6bV=gLOR(roVy6sz6uk(A(?aExydBE`G
zvCl#(cvM?HwqDP!l|R+W*xYUJ#R=Uy4RL<sb^4V>x!Cwu^Zg#>d`=8IwXApdwt)lV
z_We@1VfW|-E$T0wzi(sD!|nf`Frt3!un!p*w*Eity$3)PI~O)QbOe!NSJYKNDFVAo
zN0HtX5Gi(qt+2Z6;ua}3>|*bt*WSBWt_AGa8`f)A6jV@9Y=EN9m&{~fcUiF9`@Zk@
z{r?S|d6Jx*lT30Z$?Rk@x3FOgSLpREX)?j(Q2u!~JM5|7rjJL*9xb?B`ZBxwqa9j4
z#hs6*waC_vjC=LwQqw1zQ5jK-zZEQ*^rFq?+;5Y{Skj(EmX5n|rIl>vjrkpdCz$th
z2tM#UdoAbr=etF7@ql5DD-!2WKR<i-SgUKZ&D&J(jOB(w7ti$$t+Y3)IFcUsP?~Pi
zz5Csdf|5Qn{%Eh4KKa>W;lyVlORfHBrEk%`{kJMwv*({G=-*wo_8aD8fAr|Y<}X|_
z)4K0uT;AO|@=}j5ujB1)EsynnVzhgm^UmZBcanBK_nF0&Og+`6Q@`EcnkBt|%(rTP
z)J$_gpM)y<fj%1c!`xktu3zPQSUz>)jxgP*g-sS+fBn{9T5b6G%!}78Oe!N%QwzJc
zyS2Yd?BeVkT2_urY+Sr(e{6?I+nlSiI=?QqxUC^CE8Qq^wd#DqX>YK>WRW26#HwXR
zRu}zWrRbip9x!b90$pwQ_hp~7-Sl<NIwU!r4d^|!szc|(n&EHuWpHio=IXpk7<ANW
zj?Fa7!{Yvh)#<km+}tQ^lbW5iA!P2f$BVviztYaBg<*&BGfz~kz879RY*$5@UL<Q}
z<-P7D7j6vg;;C=WIHvn?TZjSYXtMsE+xIW$b#Jn9&KdoLPkB}m?<)-sy|>-{bk}|(
z{_aoh!prBKUp@O?<QnTgbM@XCKR+*FZw)Pv?wDbm*L+1uiPetMm|3j(ds16l4u5<2
z)5_Z&b_R^Fmg@9jmKpeePArP>-h5?YmG6o!#-=CJ<Wc@3wr)!sk=5K_QuOWqXGdgT
zw%9VG?BLX6$GdO+>jSgJovP8%mvg-DUH)`G312bS*k|AMwVh5KZlZ5uF=I2+x~ajf
z?ZSTE%(+c3v?^MVIR4&duU#ureV-JVURgHjw&@-J{yshus}cNHF4iFhZ*(x8KlA>?
z;d(y3ZXKI9f1P&8rhwGJu9tMyU2EBLq*kwK7XyY2HaazR(RYLNfhCeH9>>C$ir90_
z&f9nPGN@T*xblcI|HYWhh|{l6;+@QC>_7Q?@oww4<g&5V_`5z^_j@Jed#8$Tb`E#n
zZyb9mWOzc*+GyKx$$noi1<39@=ttLlk2RhD<zlzoaob~E(jO0WcAOb|vQI0qMosy)
zJ*ysGJej_=<*=X&9ov>=UHM`-n%^n0Ec5f#c0MmNyFEQP(Pa9(oI_=MueaQ`|KW?x
zou)3o^>kt3{LP7lmdQiA=bbNXBbqL)D*ZBWRo3uG`38^OT1)(*F6d59p48*!rqTM(
z&vOl?&s*NRW6gNo*yU^9ydT;z<kg9gZH^zi-nV>re^HNj1N9I7rSElSl;|S2X`fl6
zVw!v#TM*~CXlvM*IDeNOpKtC?Zr5Am%;?kYo2*^odtkW>yUzu!8yt=N4h3<3oX3Uf
z#eSd6zP22cy>j8+)}x1rd-<&>c+-8E&gSSzlWf!Qvys+ZOPBt~t2Zn==K6GTYWr#4
zqRE3s$3C+z$a?O0|5ZDu&ZFMOoxf4xy)}A-JVUSCc#-v4vq7OHH;3NK+kVG>BzIrI
zwk6@|vyZNs6#I3}or<ym$)77vPi^(__SG(D<kselnG;92E@X1XE@fzGuE67Vef>5`
zbJF-v_eOuS%;!9jTubg)HE7kPU_bpAvWh9k?nTY)v_RO+VP4{a=m+cXn&)C0tZ!Uy
zwxJ~R%3j?}vnyR#6XNx012RXX=k(B#xzdX+t(c)}8u0bOu>kv!ma#Pp-t;yPw{Q8V
zy*!SyCT;L7_6_GT=Ua`;s+qbb+-uhhm$+L^)?OZzFiDox=Yn^N`-baw1&_J~t=Hv@
z_Pf2Ob=dhH?H2Z4)geCjB5lQ+iIUO#$Hn+>v*^2=wW{>iqOxb$7agwlqnopRj!b$S
zcq?R2<aWy?1DgEt$nvk9J^p&0X>ey_*z>SXov(xytRB`WQGn6%gGWgVeX)=C%53Hh
zjKW5mBz@ffhVL`G#l(^HSf7x)Veih486G*f*_xe)%%>DrnCjo##M#s#xmEAE^S)1G
zYDdf&wEUZm_mrpa-ujIBIOoNnH+I*r4s1)WmgP;<*xjk8Yt-<flgqnZ%6}2?@bHQ1
zVV)-2ZC+L!s0_K)Qr3AV*Lg^2dsFAKW7s{TJs15pzwznYFV4%XpRMWojr*H!m*l>h
z^0Fehzp;Rq*tvXA_vrjyCk09Ln&zJ8+W7f){F1HzdDVjJ&pnR!J{VLL_+-+-Im}tP
zGe>ZFOmD}nBHg3kzc(8lZE)T-KEAZOO!ug^+d&I=(~$0Gv^RF2+H!DJO_!Gsq~Y1i
zb6*$UxR%iC<d&|>^mIPYW<;fo4-HCv_swb3+wz&O4tzf`cSNbfM(+0<>Dl!eSHF2h
z=nvi0bnP)+w!w#jzM-O!FPGouuYZs=*t}3aILKy6wZ*{Z@0RY%tL*MDuzc*A;j)M3
z1NKL3IJKpDv5>_M|FEEShx4CvX*sD5W*r{NT3j{A?Qhw9!LkWP0%7^mO8lwGNzTWP
zU%Y2u+&gB^rs}!$qmLiNU8~$TX2*!Fo_-k>S4NzTzHlR3cyj8&Eu;00pBq^s3Ej!P
zV;*c;@W)**qvGt_`KKagn{>c?=X&%TXe)Vg)p|Pb&Hjj`r<kw4+pxQMN#mou2ak2p
z)vxMWkn`}A-o-yFG#@S8m-Y484*y$ev>kayVcRD6S=8sY>62T$Vd<+3Znx@<|Jgby
zJTPL;@#|OnME>=3q~p|6!-~TON91*rj*1gko7}F}8}2#NHP)aiOFPS9@~g|T9f5W$
z7noreW*YVgaBJ<8C%W3CrA`Nv;Rb$}?JdlDPYl|+`t$ZB54&V946f>bWTD--v_XRp
z#P)m;@p`~JixGwky1XbaFAJRGx;?(M#s1fAG%r0cZM(MX>QhIf{)!K+2y#k(+2?_M
z|E4}0Qp8b*M;J$53A?m;b5QdQ7;W5n>!!2#*sVEVn8uEoSeE24e#3K(k6qs_$ESs!
zH>rGf;m$|<u@~<d<rzuR&AlS$+s?nbloPf=p4;weuVcHXUPxjsySj5oNlpG?Z@*=d
zXJ6XgO1!Xo+Led23n%lYm0~eTJ@#%Zwa~EX%-d}sIk4ulpx2Pu&5HG_wVUmwn{_Ze
za4JMR%<lc!Js;W`x*pi&-ZAIt?0nAsvsTS^x(^-~vSL8LyJss_4xVJsn^P?eWE5B9
z1KV>it(w!`+p&w+xFE?h<GkUQJKSwHq;&tO)n>t^*_P~m!FRGPymxx8X=^mTY|ai#
zZF*8cblW@jIz9dJx5S61>s~VZxWMh2Vezq<ck`Z|ZnkpQuB*d`$fE)V51ttK-YoHU
zMa8qf-i%0?vgEJupxCL0y7mlvx^&wXKE2QCdtSF~e7?`o+7k5K>Dp0=c2xFbpMd1K
zQ~14>Z0Wrry*c*sQB<7Kz&0lmVmIwK5p}FMw5=rNqIUBo`!04d`gUgN=mf9fkz)>y
zU4Cem-`<@I<|KSbz1eY)+g|sI*y()7GmnFWBU-NU>d|M1g+)7kBZFZ}%eHs!J#UuF
z(U(hN9PX$3{uMc{^zgOY*A1UP;+6#TIU6x-aW7NDw>{nsK04?2l~*%%?kRiUd&0)@
zHjfkUTuqs_sNhxRY|Zek>65J1(*4&oA6P7E@-=#T8_~*(Gsil|7I4=MOI<m^R_l9j
z*TvdhK219MXp*O&OS)vq@CBzAPHb)5Q|F-Eo%6_S=2^>Vtzj2mxB6OnbMmJno6Pe*
zPJhl6UMnhP*cGhyXFD))&r{QGeL4L7Sd)EQv(l4}IfR)QRQAzuTWP##)`wLmCr^$(
zEY8t=zmaEsGteR6;56^gA$L4lZWPR|Y9Bs*aI*mEpLF`->gfha46iY{u69PJzJ;|H
zXpfr5^fKOa@>J+@?@iGiBu)=A3yimHi12C7%D-9Km7%}Gd@z^%buq<D<@d$^uR9-v
zkq9>+3@3qBL87&gMCLhCYJ5)uO;-0I@YYng1PIFvXwe+vn%H}ASrMkcy&w+a^NVZY
zawVTtUcKJ|yry$yMKZv37TCmMAT^_V=DJ59ubpl*!`m3<e7VcVu7MclJKk<j$`Z`S
zG=9{hraiIq!)pWv(>G!nff?FHujXXl{VO|g-Udlz@YL~k_csMw-b;)>FmK+n<O1KS
zqWvH74V|+xn!T$&ZZzDkZIpf0?s);DR&T2Q_{aX+(ZSbT-)qj}E$Z&azN7JJ+~I>a
zJj4C=KHkimmQ{Ge@%8l8A7d|bYOF?_8#&^5&y2T$9uYxrXYTm(Qc=ZB`O?<wkC~Uh
ziSl~X=M87ew#{L~-^zMzy;w3gz|L$=^tWgGS{+z2a?6ni30D~3gGytwj`$usn$6k1
zeZ+P9@^L+vEIGTbXH3EK4jsQ<>SN;{ztO74u~i?MA8htE)XhIl$P~DUv}2a&jn6+7
zs#`kx!Z4ZB!}TM}z4ENr2%26^GJ3_-KRr()f8GXfgHK-y)9;^6?3(UAsLlLC8Yu&&
ziiiE#RWq!7zs?ZGzzKb0I-lF)wTs0Ol)87k($@2cmc==q&zg|!+M`x@TXT(GvlmV3
z%RG8*V~=!h(YUgJxfd^Wj3{V6bJ@6Yn>y#;E%#p4(d5;Kh|+>HX1yf?ufJQHxAfth
zU4fz*wnrB-+udnm|Ed3q_>`_)dkzv#N^P3sI8z+VU2MFfCfRVuu%lVNM=gT~9Ozy)
zzpQ*<d68S<fkYce*_(;jjl%S!rrXwM>JGYFws_HHT8Ow=$)ktkTg=vJ!f1JG^`MHN
zK1bVK&`a6TW|c7Kk@ndU1<$n1TTVR~H0i-)&hkWF8?M=laVHYI=Z?G7cV&gUvD2_)
zMQ6I}-8}wj=g`Wk^XD9;_oQEzKYIA>Wuo;Vjg~Rro=(`?)vw*wF@w8w8Ysvqot-9k
z+BM0XyXUVcZ21O@qj9qmPZS2ZF3COUQ=NS`zsJ_+kq3@l-9Mvwr|0Y4H1@a(oy2D+
z`^E(XV}^&G&zH3vbi!zp<AbD~ZrSIj)tKgI2Oi6{$@uHT_rH>DJ~rhKjNeqetj*l<
z4pjwlCx%Hoefj7wPZ_l(+C05?sP6CuNu1UzA57Ce;MX&5@{O&5d$$JWF0hzk*s;Z(
zq|_b4IbH8H^<R8Pk9kP1B=qQufbpA}uvZ9at>TSmW#muW^1wA~Y4`gvp`oXQM-Q58
z`{Tj;b32|dS~PKi_;c${xgHj&muf`OEwo43;<>$(+D>Wy>AN8AR6Kv+-f^sqdo|vv
zj&Hx*E%;&_TeHo*VAAJk+uX&ISno&61}}P4{Q1pt(~+MS#U0wF(f^8DhUY$mld*;D
z9ZeF#86&bs4=_Bm=G&BUgUj`#laDo@JFvz1xmLUG?iCHn`>^ZYocN34n1MzihetoQ
z8otY9`Q~>0cWd8Yl-X~sU3)+MxQZJAHS?l-%Xa9s@^mQ~I)7=_AJhFz@8^DZVJ#Lc
zo+lVL>F^i-ypLMLiW5IC`jmDm_f28@4$Rh4f$cpu_xr;FE&1HhV|(4o4~UZ9AG(?Q
zWq9-H`kvRm9SUr-ZH9iJSGNJHVs_5xGc~R9S<DXCN1I#iZ$Es%<lFts*RBgl=2`9A
zv*CGf?&>$49viKW^P2W*bL@59KbvlSKmE3!<-5&I9AD3fPA)fX`ekGCmh(xi<{p_A
zAQ-D5`n+T7;{1mbF1WRBG5TZlv%D#D$}XqLk{2)B+YMWK{d|V|D#nSgI-{5AYIUkU
zT2$64AiwLVo#rLoZp(6R-nDo(az<#x<i!5=(<&dZcp5vZt@lUe9@Dtv>hx6V+?o}n
zd7^BdM%?E+nibtX`tGlqtyRVt8MRhEQaf?n)SHt_&$2P&B>flb(?*|&nmFUh<^Ic4
zHqSp`=rbx|({z^&&8{u1E*S0~Zg%=m<s_ZnDKj&iG9>v!!yE>kXwz3FeUdJ&c+584
zVz(o(|D{JW7Pz*)W7lhOvYYm!%LitEIlr!pfzN{M6&?C)Z+h*(F)gbOe;H5a?h0_Y
z@jUCs_p(<*gX6nT>$Sy7);6`uI>OBHx_I02dnqH1PBe_wFbO{^<V0-Kh$*ZJ?m5z6
zf^*rI9XzA(wZ5A@+Ki7})5Od)<Z(x)cF=Z%^4<%*r?l=LzNJI;9RAAf31(KVZ4>-P
zjIq0OvQxF$)FG8&d%GQ2n)u$S@bRAYV>RCTWVec#`X*tqb*DMcy4fDieZT45gFUiD
z!ETdXHgC5Su1&tU<Ad$Zfd);!wa)pZ_cpB0*GF?cb6cA1KHB@8+p%`H+9j_nKa<=!
zi*<hT{y&QMf9m;-x%O0tE>5$Kc=vYN_{w|tcH?F~o8M0hzhq-(((i34t(UA-jMWIs
zt>N?M#8jO+kaexy9-BX<mOCb|?I>F}&;HKy3k#<6GRACj9Cz^5_w4rb@*eRv_8Q+s
zW*ZydZQ9($(>-syy-WI#YnwG=ioJi1KyGI*{c6*UZPR1L+|m2z=Y9yCBwgOwb!&>b
zrHRJ2NjGO%lyCFt&D3^x{doJ@!(KXP{r4E?ESfX*;G#!eCz-e1|9;HHiuIgMEJyQi
zWwUxFdi3BNX?}M~p_b0E+ifB?-wl{*-)B|l>&^apS^Y@sPrnP#=jC1WXD{s0Nj}``
zmS>tlqS=|IXDny(Gwo`+RhHXlCRBdjBNce8sg|Y<D|u?c9UWr$fPKHa*Yb8(=hv8|
zUG`b)J8GrDrSa#rOScAGIlB5wASY(A&(7fV)?>EDg<QV8eNK6(Y%qSj|NEq&rVLzM
z<}gXReH?x!`WxeX?6C0%w~XnP``RV``Hl8ht@lkBQoy;Mncj)b%s-;@^v>ol-#^#|
z-<#d<@b`+!?7n+$I<4-%{P=azc`Udr({ZZ7mlFfKvGTfIS&_E%koj%*%>4dGUvLb9
z3uQZmg<mfZY;*p#f76bcZpOJUV&+;U=-d?0Y(F?0Ivea8^JPE>r-xxtrPVu&y_*+q
zvPix6$hghGkWsHTziMJUfSSnM-1rE0*s4qq)WoS0zP@p4Otx^tkM;i!6)BWkq>{&}
z&Gpmgg19{@WnHHxog&>;(YqI=zXb9w0laOS>+*lF>k-~|_al7xE|Lrt{QnenQ={`6
zpcD|VpYsS`wwt6j3jTkJOx5Vb0R`qg!aoD*188*KBc<=5|H4*oy#RUFttCdW4KGM0
z`3)~i{=E(5{+ABaz%QP^_y6tZuT42kO+ec9oQ8&`h6XzPs{09{`WgP0-7nv1);2c^
zldaxx`XBNC#}0jw9(|q%Zoy3KhcXoFPkb6d%m?1u9n$G(e13xxY1q&-g>RxNe(#k<
zyh>U7IazF|T<vFJofW<~>k0B58ml&$yGpX!;>C&t#P&_-bA$9W20aKko4SqUl|P0H
zg#~E;b*Wq;5huc(Ich(>3N-|{)9LmBPzg-@bK8y+xxmezs80z|-=s}RfghZN?*zL#
z!|$_-;no}QRe2uVVuIXO8oql3-#3E$?2H98QWL{mnqpWJFATG1Xkbr2>0rDo9f&1f
zkD8Tg_Uk>n*<$Ib5UM?)Jp5Jw)K;Q}VJ6)$Y|T^+%*W4|TrLI`TwLCRO21Oi<jcZy
zyu{GTdrR#tx%?J?EVMB(&bK+!r24e&`wyd?cO6Y^t>e5izWqwqg)JYOTu<1$;9M2H
z>TI*e6Z*&H?%KfB_05p_^c7FONs}61)3tBi9yh<Uwt4GOYu<X<CyhTbZx;TNq2c}g
z@I&uZjnVTr>z!`3a>NPEWh0H3lqK?Y?!L_^ynOh5X3;0<#NM5kzt+jz=W{C~xY-N+
zvE4fEvHmjoPSwpJlgu@4-?OOtaC0K_`T+extCc)KLF;$j^^)&fwr&x=xO`SzFaE)q
z87~H>eY@cr!*!l{&Zo6m%SBbC5^U{oU%Sm`7N*@gJGSVR-A+5<<gXQdcFE-}Mh|2=
zXB?RHpsA^5tmCq(E;)~}vL5R;TsiY;Mql2LLo+|jo^V6pfE~Tm#wGq_4$V<0cYl;0
zSF^}|XP2n0F2`-#F5A@AiM70Zh3(FytdDnMYQ~lvh^siykXH^1-F}j>dWYt-KL^<S
zakJ8Yt=@4nthB?@nNQbk@67gJ#BsG~J;2H@<{sZSy5<e%jQ+D`+!hR@VoNt(j%JJT
z)3uzQPtol9HsIjtO+_>Jrwh71D`O=VdtAELwrK2&B`-aUA{Xdk&kr=~x@2>UkMm{i
z-n>p)_+W@h(@&A9Ee8#)xv^?y^7BfI*>7ISS2K+Na$aj&s&BI+o9TNi*0w@3WAMuC
z$xk1pZ1%~_ozR4)Wxhx2SQ}gOo@={l|5eyb3mci-|Ekrt)9<1$E{wP~smtb9(sr@W
z+;zOX=^JJzJRUf_vnIdUCRRb{$+<eS!`5CuJhtWbK1{*T^Q&gg>UZtXf<HPpn_=`h
zZpzWMgI?{+TCi@m?(NBe#&@IK&I+s!I`!1R!d;Bpejh5Bbne=Q=OqV?51c+S<V~1P
zm%~$x`sP{tc!WF{kkz5ZgK<XF<d-8fR}G6C@nKrnUn5>Db16R@aLbJ@?-u|4xz;Ja
zZg%B+n|F_kdbs@gw-<Bw;Hll^XPRH`vqj%0borD6<1x(RQg+`X51MUqnD*x+e22!y
zH1W9=(y&LlU$RR5GYc{<_MO<&;cMU3d(7`THW|WwU3_XXzBYH#;2EV~)^2Iyy1#?r
z?e959Z`?7udpTpQG55>-GiM*V-5&32zLR~cc$w3Nl8v9+H@6A@H2dV(7}v#481{*N
zb4X&_8>t5;oNjlu>e+~`3xdZ-bq_1C?lNeyP4&f<Ps8@#Z_jAzHP*%<dVh&_@G<7Y
z6)VGE_^v(HI@Rce<(6)SpY&5_w>7T#mKQ1z4%NIl^!Y8jgh>@wzE>Q6)qCoR2~!WR
zD5X_yqdz&Yga3V7-yS{R&A8nH!+a0hB`tlwHEVR-=1Y58`}vf%eZJqW)seLZ^FLL6
z8ay(4K(9}ZvrOL>`3E))b#DE~k?>=<ZP=yquvMikYRvqKTr5`<mF@FP)O*yD@$#j6
z-1Q#iy_%eP^|Cti@|Lt68C|UU=?wC|wARZv)|2}rU?*?;9Sg%dqpnEKvR`qXhU;V4
zBhI@nJM;=HPF30-tE@Ep*f9pre_ZuSR2ZDHVZr@bKKiel8L!NJ+<#uq*#hk+c{BH2
zaq<{@VDu`N6r0rn>_zT*ZXMppCS*Nc8T)}#BN>u%uiNbAX`Tty0cFFax2H8JO3A!=
zc23Oq6<u0XtlrYQ|Cro_%k$&<=U+117%AVmtBD{m%%V9T^mAFEi(5BI9qakrUOU^r
zg~rxX7B2(E-&S`GvYj%}R(tKX=m~EeR^=bq%NsIz_Z?n-rCm)yann+t^LaB~ZNE`H
zaH!{(wnGi(rv#b54-MECxan=#Sij3sub%qN_m2rGHh3zQeBIr1*v8qbH_sV5EN_uc
zsA2nQ6~YNwkE%N?oO9vn(2|Yw)?6O3HhzH6Wc7%6&<X3@rM=PXd1OEY`_&cuPZc*m
z?zdd#Gj&M;yX`F&cmMd3bNzO|N|+he-`eN?<vi;}QCm8BG8P#hU9#=<#EjCH%XZ$H
z#eY9+gVQm=0i$oLUEfSAr<L72I5vF6-HL~gxfgGYN#zZGcFP-MU5*hy4>@<xWSA(*
zXWA}I%39z*RPfQbyP3D-IO`9$y`T0EI__=W{zA88?TXo;zc*bqG|KmN;m5eFy{|u;
zZH&8R^T*hS5srawN9Gw`N^R}DTX2J8lfJn_*ET~9vfC_6o%*DFaO#%m>dTB-(f5~x
zlo)EPIru#MZR^Ljwj0gwuGZ9eIVL;x+xKqbvq2BAw)D6Y*@Do+*}Ocx1Fwhmb_sqy
z&awBC*id1`7e~t_-D>2muMWI?tjEUpuWj#c>y_(f`Y~7BYrr9XNKHs*EXD(rugeQ?
zkD@{o)WrR#sG<C+@$y&a*LCwn6hY1h8y5Hx|9|W-Eb};37vm>8`2O`hZ09&X+9-eV
z4z9KCd4pL7Jr4WZ&l<9F>8t|%+#y!n)y3P-&-9D%+Wax#oAE|wd%*zzL#<Z@J8j-_
z+oCemBl7LDzlz)S2{@8<cj?|6D|%v>&+`@Zb$*_+=+EY)2lj&b@UC3(wf8rF{miu;
z@gDUxGmh`*7Q2F<W=tl+nV=lYiMOf`dxuS27w287+qCC#>G(%|Tgrp!#&caqF7L|h
zK>r+)I&tvTr~NlNwJLV{^x3;qtFL=_i%Yvs`<$BY*;=IY=bwib2IU>SbMMKR2VPia
zp<8;suRqj3`OZ@G-u)mS0;cDaIJ}xf%o1UR&#%tk^0go17Xe)dbQh3^&SQK(pvQn_
z0Ls*TjB^1}bzX1Naur9X(;0Lo-HGl@ccHt|-RSOg4?2s^rgP|AI*-n0&>0K{li|d0
zX1KsFl`-5I9t;+P&EPP&3?75eq%#>zCew-O%yeP8GToT&Ob;fD$!2nxTqcjnccMEn
zoS05dPR>p)POeUFPVP<~PAn(36UT|`#B<_1)14X4OlK!&XJ;2@S7$e8cV`c0mNVO#
z<IHvDIrClUE({l@i<679i;Ih^i<^tPi-!x#h3&#|;kxi#_^xzUhAY$6$<^7_#nsi-
z&DGu2!<FUAcICKoU3sp2H@X|cjp^p(=IrL;=IZ9==I-X<#&To3aoo6WJU6~O-JRji
zba!%hc6V`ib$4@jclU5-xwG9l?p$}CJKuxu!SG;uIC(gGxOljFxOupHczCcp*d81Y
zt_RP9&!V#!EGEl|<;-$nxw70??ko=$i^XPfSX>s5#b?vm3^tSP#CB%8uwB`1Y<IQ?
zo5g0cIczSQ$L4eB90rHUapE|0TsW>AH;y~UgTvymIUEj`!{hL|bS{I-<T`Pkxh`B+
zt{c~#>%nDl*<22n%jI$TJUWlTWAdDM&O8^ME6<JR&hy~0cx)br$K~;Od_HJGK4=C$
zs7gMl4n8;~J}4F+sOAH<sy$f#qO0q#P(&lIng103f9w?cZSQT{w%G#g1Uibgv9Yl&
z7g&axfw1wMBKKyOFJEq&Te8j&q%p`^dACXE0?Q`Tr%%@he7$MYrs<s<X|A_>?Gar*
zpRYTW)kZf?c3r2{-g!Dek50cs9d%AelxaJzJ*sUPx<Gs28-aE}K!CQNerIhUuhpx%
zP%A$_Uu%-*7Of)pIa=!O!+|@|KQ{I@z`{g6|Hbxg+g^zt94LpKip2cfJ7*`S4?(Tt
zK7ur#QrX=q4<<jTOiN9z0{rUqw6toEIYrg|hWUR6{ov<}RWCoUpXu=BRk-*I(DP+?
z@Y63n_cX7$KFqJ?;eq6uEv8Fqj^yRl9IJX<1LVJ+((Clqt7p%zW6uou+Tq;DuML!s
zsz)5v<u+8GII7cSs9vFK3F<Et)h~3$?x2!UJww;DWZg^$RNv4U+y#{m>)nzRgmph1
z)jy8f06IN$&=9aK+FcxBjoJe`-8P_6V7th!2eyW7V>sx%A8H@ybPjc#@*1{N8E7cj
zR%ZA6B*FF~i@891^7B<esNJB`*6%#o1hpS@TGfS<j8Qv6r?mw%CTvggv>I$v#kPg+
zHVVTwh7Ptfbgw{r9!MtJ8@h_~#Ay=k4&8?~am1N@M0!41k79QN|CJ995Q5MapsPai
z&?ca(E+#9!`i0A)JCUS)K=-*Mebr0w|9KW{1z;<mHn|-wCG7>eFCkAe;0XJrMUOqr
z!GFygtNlx_0s9dV#Z0al(~fm`GigWA)l@$o{q`tnPtbkU?=+_3BxzUBeH}RF%mDEJ
zRYEpkqc*0--Y7@e-8L2bqa0<2%T(-<axGDNTdLS6<&05#7OB`P<(keU>nm5qeko@_
znsM!alThUhDZ8GoV&9ab?3{9Xq`BAr>yc(Z^}UMyQ%;w>3~K*%iL0URpaU<8Dc!l9
zRjv=p=@3^*-9d-ETx$Qd$;)PPC3XEMSLXt40lJV>t|!WA6IWH;L0jegwTP>%?m%5{
zl+z+FyV`#(<>va~b=c5#Nx9o9eCj%-9Cf`??iIQosQ+>m`3i|r^VMF@l=~pRuGB&w
zRmubV`cVr1l?RiRGNi71%2lc4PxS+ogX4r^ja9o6-9oz2bLIYla&Rn3SNQ*&r)d44
z-#7+3jf|UrJpQQMe^BlVIZv-Wz;URD!hcOyqFWi=q#X4x50$Djxn}8TvZEQT+}}{H
zW(@3gM%Nx{RL=kFSlA1VsXb8r5#`{RH%8$fj(>_RR@+Yj+Z+!Y1olC&;b7kbO&<0+
zFe&V7U<<-N2A&w~TTFq2eF}82FM;(8`;eyjbYiXnFGJX8z%_fYuYmOc`-q%}H}zrP
z0Iv|(C%}@!zCceNNz6kUGiY=jji(HV>NhEaqxwzilBN1h>XfN|ld?#v-=rFh>Nic1
zqxwzCQT?V1vMZ|Jq{EX2|5U$8bwgCYiIy$a&I7EFT~Pg|{w1&3s9uPElj=dJev@ip
zs^5%+l?DE(e)DHL1eN}1e5{I79gmz;oa*?b(mz_N$agYV>EKnzFXisLwmoXcGo`DE
zv^%Bo%~Zvyj(4g~b^KHA9%|dOc05GQTKlg$J}QhgitSxHUQ+MFQwP=YQ@MK>U2i<S
zNg0N+ebkPxii3@Uz0{7kik*Xk{nU=X$c$?LRmbC>dn80|+(>Lo2zO0Z*x0kLT$Tc2
zs4W_a=UwOt8cOn`?ZT-%0LDvGgaTs6Z1g!{xXGxpJ7f14KV|zEHv*UdsNwCt8r}%4
z?l%ZKN7d`+@9DFT|J6_XDn4ur6T?k1QzT-xkeBRDlV(UI92&V*y^{OUev`G%XRgoU
zzq*zfI+*q%2e7x^Hbdv0`ea?<{agBeGQFcTUFyi?jS_HpQs|fQk{vlIa!7PXnUoXH
zm+(f$k4Vb+rQL^tB7ul6uK#I@y05ob|MdC9laLv&ay{Xma2Hb{)QiOo#vFMvj$>U+
zSYLl~`%5e~#vc+L3lgO9xQ;MbX9bv0z~*?W|6r>VvB@TNQqCNXEQ3L(_Vf(p2NI=n
zda8j<d8PsPfE1}~05C7Y=4^-|(w>~spTMA`fdnTbbTAR#X*-k%KQ$aiApZ?<&Y8;!
zSVZ_r4u=S13y2S-WKNMKLj37MGiwV?e0ZC3@E6ujSPyJ4mWD0G{={x!A23r5x<&*z
z8<N)(8-k@{+1LT>Hue!S(_m=y)evd?e7*`>i!&JRL7?TSQbdd85>7)O75<?vCIfw6
z@1If^B<Cba1uRu{gMY7zox{W|ZeUcOXlbC6Wjq~Nr+|-H$RsS0)C;3oz&*^NN1DRp
zcy+`0pjtdJN4ZquD1~3FcFX{3;N=740z#uOM^*|i4PJE)=;MVBvJCib2g2ZG8IEKK
zb0p%D1yW9}0!Or4Y;6*Bf!EKfHU<1toFI|Zg|fjMQ%0!9pk!27L5+aVbi^c}LxEf2
zJIK;xzhS0f0=9pk;zjz?Dx6hY(8|G9iVd-n(%@FiakMDk0iHC<{%H;l4m9gzo>a<8
z<k4gjxro>l*#@p@@In2LzJi~;21#eqNE&ti#?oXG*CMgiY;C-ccAY;&n@mGfk!?t)
z+A^cnNBRwvfu<(jL?K=u`89vC3`x3m=_7UP;-UY9f*&d%^3tix%U!q5-&4V_ucc5w
z3h}oz>-^U=>(0?smppgqKS327xZto*KmYj1n2@MI-+=h&7+?QB@cZBxFc?hb(>s`z
zFwGtiicf~ysY}VBhA)+|*qAIig%2XY2nw#KWFVOAP#dcMRUkRMjNyAc#4{UMzp#SZ
zpn9zRuoZIDI7h9a3G$8c4f7<HAf=FBU=qV`zQ~d!;#3hZ+7)tade36Fainx4e4dnm
z)pK-zg!wFvSSrNekvQ-%78tdK#F03F2pLPn6p}z5`B+kVidZHjfjsiT+#p2=50Lm+
zI$a0|`~xoocp2ayc!BD4pi`L0N={}85h4K5U_t>8kcbe2E+m0G^05?gst_I^@i9=o
zBq4Dm4j^Kr1QZJ%i31<wCyTj4;z%6$pjS#}!7qbIgmvCJAD^g%B(g%1$Rk+;Nn{Nq
zkw=gdm}9VoB#=iwHXM|8I34^0FF5Dn4Db)U;GBnxz&{_8q0=T20a0^IqUxB$frx--
zP5^l%YJ*8s29qqLCoQ0FxNm3#xyif%(OC83U~8#Hrqk=iFzUtBQ$;qBCoMWOBDgkA
zoTw&3MGm%Gy;O{PWdQAIP47;(Q6DejCD!A>23C!OZR|-?iL7nidesA)S6!Vo6sdR?
zp0t>-zR}TCP^PASpaUhhwS}t@;TV-DVF^`LQ+;NaF$5;iNIcPr#5M?XI+Cd0fy6cD
zB)TKaZja(SlZYWSL2@ZbuG);mc?c^^NsL5zq7{iWgbA%lJk*jzAB5LhkVr?E-5kZY
zMdd=crVT0&!s>P;4n&w^LZUUo6HQUM5hfU-bOuPj5lW9xzX{4mAE7ZiAB1g?Tn<WC
z(u~ARgziZ0njVQs2=D5m^X>94{@;ZEULXHnAOGUN*T?@W*T=jdBp-mv<%7=K3zfGg
z$`4^l52PPqp(m<0gljxdeIQJ5M|#|l9)vlrC_jW1fryXL1eIrtKPsm;YBz+Ly-@zB
zoSA;8e7;Bz!W?uyDK4lUoKd|Zy^$z<jgIsqOmRfzc0lE0pz}nC*(1B?PU3kd64MaU
zkX#N*XM*C_Fj4&?xf6ECUJ#zQRc@Dm@&69|_xkwv`uG?By*~b5xjsl|LSZJR>{P<k
z_s|HZ@GLJfA1wp&e(Uk&yPv}gisus$)$57byHnnewJt5;2A%UBw6Mz}%g`I%3yJj4
zy;q-2yVhiRzW465IUUZ7yzH(0W$ChI%kFs(`cQqUlV~IQDRy2@<*@4SgM<r9@LOke
z@qOq>;CF)l#?A$$t98WZN!cte`H4~Zey4{*sJ@F}(BtDdX=yCBU=)Ml2K+*nR7!lf
zJzjvGO!@A6f`8qsOfXK7dLn|np8I}{puFx6s3E;n-Y|{EzPhqOq-1*{o@!aC@~V<z
ze9wK#=c}4`LppU;%CL6-6a2ga9okRELE3`o{NEr|{f$vIqQ+#i8_DN)%eqz}uWS|i
znev+*e1e;+P|t&8ygedS{;!Za{eMTcA$?SNe>Wdhy=H3SsWAQ6&ymT|hUxMN5*YwL
z9Vh+801qEmpMJ<mQs*4N=b$w10Lwv~7|_rY^<^3>!?m9zb!pY<*>FO=d;y3r&ii#r
z`wh80CrK0oe0%B%J`xb~6dCsc#PvO0UuIW6iQN@=Ij6|{%K^^;(85cgzq$Mb#{n7v
ztOocFP{O?@c-9@jLkQ{pT@u4U++*NhcE66-5KRGTMxb>40DAp|j3T|iS3ho_nz)}K
z8Ib#?SBSg6enQauPr!}<RcI9AUvSXofR0pyI{FCW0p)xE2q@=0KtMU~00PRX00=1O
zEkHmyZvX;H0ea?re}YGr*3sRPh6#H`5*5zWFT_oNyyurEIPLQjd<~FKs3CFsE0PR!
z3-ReXg*XN%Q@apf1LTgwI6yw&+<d-1A>yWEBoETH*CYjl^9u(0&jU>P2FhIy$_?l_
z$PYuhGPQtiK$)6__@OFbJ5^-aHkQ?ub7Y4?TnErq^Fn+nAWz`Wv?;{Tcm3z71W-~p
zfZbI5)`fT*kY@;>HV&ZPVg4{|3(&T{o)9~v&+b1{&Yz{E?x-99lfXGtIMfkFuTL<3
z4ZV&UN(<x2#cnjAK*p1>gcz5{5yE+yHCh;GgN?5H&U>N-HrCS<W65P=Ppp4T4Dp$4
zj3X8SC2|h&WO|g0#TN2NhP^;!k3nT{jz>n-hD5Ano=Oy7L`J{|XQKoXnVco0$&%!v
z5%8<UAeT`riGU>{9(>CsA_dlP)+iRuA5JMr1&MN&gi9lm*OnzFESe?|31l?BTtt?%
zHab-TH_ec!a3nlFPXagapvid2DPjprl1{V0k_22XPefx01uSV@X^90sEK-;wgr5v2
zSn<&;88`;Poj$O5Uk*o}jP<g{M7&f~W(iM9tX84bRy)la8=b<EBwJwQN2Y1Dl`ED=
zX(M>)<TsotE|;f{Ia<g{W^-BA7;Oky8Vu$H+8GpsHcBjH$pk_kMykeW3WblCviN`@
z5|b+p01vJ(z-aOQ;^Y(|FAexY;YY$npfWH|Pg@X<AH{>&TVvF+D$Lr!!2ttgL*6E!
zPmYTv)LnyAz=<b~j*Jn20FRZ7ksK;Su*6C%u_8;L%&QH8mPr(e`OseCS*a}0;20|d
zRIiXH;|+-e70p2b;FV$gFpM9C@r4*)f(Zqf7?=SpYL_mc{W+L45`&)|7xUp6Ne5#+
zy?UVtV6~|jQ8_d$i6x|7h=i6RggdQ(CIt2k*V>BN!$Ad+_E5hDh|iaIrxEec8xI;o
zAd?c&y-<8@1(LC}UP^jUeKo3x)=T-mO`$S>Sx)dPg7NW*B00SA^YjGwd}0x~DviU7
zCzgg1&%zr|Cl{%tRPQ1@YBeyO8_Fs0=j2@*E<qq!5w**3>h6Q<q6i1>hm~TYWeg`Z
z$r`vnc8QM%=EC7|LFTCf5jRkU??Lc+z|QLw24cmbg}AVHA?^$)01yl>lde~y4Iq9f
zpfJQ&cm8w<51hPIFbdw93uLu*mm-(&XjHchY&%KJMW3=aKvxvEA+~b)nZPd<sQU>3
z)>~~vgZ0B?fKDe_jRJ7FC4;UB?yf{+OshQ;VY&fEqopRXWY#vGG+O<XEIzzei3=JI
zhAa^nE2J_O?ES&T-i<0pJvq236<li%1Yi$3idVNr%K%HYV`CCK02mAY!vGt@ig|_j
zB0i{pULBPw_?-doqe3_UYCx600ED#_(p&PC<y-KT<zrOjxhnF1mn>CuwNMGmRKk-%
zSh33k9U9!Cir9#XShURp7kzZRNGwSPeRl>g9xla96ob*W)&p0&@x^jdMoBId^tS-Q
z<0U-M@q){h4-PV7?IB!O2bVrlYZ(<6(?>+hTuB`+gg_wXPw;6dJtYhEP(Px<W$QK=
zb$v73<KvUT(3+kCCk>#?oFrZ-CydPq3~ZE7Z;YS%1Nl@^J~k%E-W_|Exf{?j%s1LU
zG}O^CCdxM=IxIAX3`1K51p7?*S^^K18;(<OVL9BOT&fTc@&nzTNS>@z+PV%?Ek9L>
z&k(}*B2Z5a!c49hF2GXXbwhn<PqcV2tCT16L^2gVlYF_PL3t*)?Bd1zcrbZM<f-91
zN#r78nXozqu)Ks|U3s0wqj(a&P@Jkx0PtPp#8Sb!1RBbGCfsO^GfEZ@--oDQ9;Oo<
zR>%}AHn<W%cR?f#4Ulpephrt)6MMA9%gFY3Ly6V0>$yht3mVt2hW%^$r2%qP4NB#&
z&;G^oH?Cg|8@7i>oj$pY?@pC9kjjs)#0TcBl%Rh3TvYTmD%4>9f*<8C_?`Ug2{n{I
zb;&lEf2#UPQsempp|^R*<svv;5D<Mh7u*-HMCsHtA9Ig+ibwu{XpQjn75o*^b^dvP
zw)}w78sQ}<_(K%@XoE=(nCODBUYaCGCMNK5w8JAc{E&kUaJCV!$B8FLpLm#Fs`3hq
zQ*Gx7xu9=Vs^}lfgYHEL?<~}c|Af4Y!eBzGAjX=&zavlo1$k#e9=;8x?hJlfK1KeU
z@=oYw59x2#ze@Y1{=N1~{rl~g`ZwDz_3yP`>fda?UzJyBKa~npozH>E3QQLG3;Kz<
zLIdXc>+&k)gYyT)IWSw!59Po~h{ByS$TON%@5-)~_o%zwhwr8m_uxORqfTD@yYlXe
z<^M%-wdbFzDx3<1Rj-W3&;Mt2G<5#IAg}KHe<-ee-vjP)YJbfm-n%AlY=~JfN^d3g
z1S4mPSW2@_O%iaDXaXsGvDk*z3*4Iur1rhwuTR!CDqPikSTd+ZR8NOjqe_%@aKtI;
z^`eqfSQ4I^lOl#m)%d!5GL}3|g^4(-<(5hXiK2Q*VR2O=m3~A7?lamaq4vEg<i4Z*
z2dMbSzR{rr$@Zjkh+huK*?P3hg$PpjJhkCeDhxVsGJQJy;ktI7q(OmpQ>-awq782y
zwZUzph9-Prjm8nlBtlFMe_h7l&e9T$B}_?TVQJ(J)hr<xRj@<}D<uhI3t6HO3ihU)
zA1YV9DsIG{zOHzNFIx2s=dON+cL%fpgtz28!+rKX!%g-*!|wv@1;VG#Kf_}HwE(o@
z+%vokAnp1yJm=aoJOxm7!81GrgsmKG!}yq0vZEE((JCFY3h}fGCy$<1(I7wXm?GRc
zp$IpRD#G;#72#|8))60s!()}>KC6Twt?yriYYZsDw+&E^*B?mgeL1wg3`J$bitsxi
z&H4Bu+-z_Wer#|Z55}vezdWP}AKieyuKkq5D^UK>ZpeX5`7RHR4z&Z60t^101;+)|
zdqOarxDh{SF&J)WV$eX(UoSnwnVLz|nns`^-<_JMC@NHxcd4DpC@A=WQ<SII%_M3k
zk&W=_DtvdUo*F8jo5D<mDxu<B<wxaHFVFZ{d5_wO4l%rWpx@WQh!syfA(M$E>c+iB
z)vM7DCPJis@jtBJotlXJgT+_2pW2xYRl9#bA0_>D7gC*lYLGpx&+a08;19^U5uS;H
zzj{}lKO0ca4=A${UXp@8Qo&E1-@o^V|K1<|dw=-9yFdJ2-TzI$TZE@QEW#5WfPM*(
z$^9ZcpbX5DD!_c=Z4qAl2FydsL0_R=j7I`80hFy(jNb+LwP`WF0?<%E#fHVWrBN|n
zF}D~$G!M|UV*LL6Vq846j&5ZY<7qRL;~uJnA!W`i#$y*0<JAk4<0md8^;R#eFGEp>
zS;ctD^kTftl487Yb}>G6P8|=%tETS+%6oRMdR?xwmBZ<?$^2oxshc0EzcVCVWAmfb
zhUQ19KRG{YEMqnDiu0e;AIy(Z8=D_BP(C&Do7BHKKT7?*`B7>^1HYR4;@_Dcr8YD_
z`aAmT=12cr@f)8X{R8<lIzLLSn;$h;zPji840oxFD-g#^(?y(kxB*cEzeOn(<VW&q
z&!ho)CsO`rv;L8Mqgj*p%P6U*XYC_A8hVuB>6y$*izlBnTHC;%LX>}zX;7Z}pc6Y?
zR`;bR5KDt;8<pb_E2)&e097m2upIHokp?V?3zsLzl6a(qO8PV@FgsC0iR<epe?S<;
zlgQ#_;&^JCHyRlScX6VjXQAZ!6$M$f&DOB}!RM>!_d9;Wza2KLpiW-=yYf`|e@9%+
z`KvR#UpoI^QlRGie^p-P{MCxXB}&vH$auKIMM2(89aB?NQ%grjPtOoIBh@#E6dbh$
z6SZ-&4nk_fR6~T63R8s55w=Fy0bwVERtTwe8FmP%4I^C;QXeAoLWnj(!h#WoBJ7JW
z8sQ*>EQE;&lMzxcMNuz$Wg(o2a52J_2sb0#hwvoAa|mxDEJFAWp$6*RTOzbV=z*{w
z!bF7Q5iUb`5aCUPRR}wvhVex>0^wqWXApiy=!P0F72#oodT5WaScF><HbD)|LwFlu
zxGsrT5Dq|wP>yhtK8Y@9U#w3EPokZ3{y+wk)s)29$Z-B>Mq(cN6yi7Zs$RSqiBFJ0
zjc<w08yQynwj^4$Cov8gS{^dAzFkOciwv$a+QU+S4DPi9i3gb^UUwxi5E)*39};8H
zCHl5EiKhKX+>O4>dv6#z5451P1}zlSOC#~z1XR9RDE(3rdu$+a>mCvrCr~*GNW5K$
z%KrhCSC=$^k>(`kIgwZ%MxtF3iHoO@n2ug0tT{)bcR7ixTat#+4;j$-6cVSbC-LTe
z61TP@4Q0px5?L!rY+XvCQ4i8!b}uAx=?4;HhmZy{^Ad@r0i?kMpC@r-f6`zW6(lZO
zLK@Dr-lW0!8j%L``3Z@o`J~}Y$t4XZ`V46}@1B!}<KK}q7^@Vr2ip0FG@K5C7G$~>
ztq6QjL>kWeyQJZatRxL*y-!C1ujkST{E%cppjY3n1P+prJ(b&??gVz5MDCnxF~*s|
z0q5PxdJvI4)#y=v1Ri}!_EgO;g_HViVo3c)LkK)Kkxk&A3x^X}6fPyO^>OmO)gF~o
z2~5>mKwx+^*&~&{+(zKx7l#OZVsM^7sqij=VyjnV{q_4s%A1%G4gX+*HGzjO5T7E#
zW;Yu`pkYQTfyo|A2xN^Vd!EG^4+tDIT$3;e&W!E^PU|q3z~;i41iG9ick4Tt@rA&)
zuiXg)5vPqI@agO`1SYO-K^TbKb~u5r51b`%+8tZMQ0(oN68L9aQ^HVeY-SR;xPJ@6
zP#zuMLSVnhP{LsHbgKybT)CGp9HTzt2!mM|IG8Y)eE$%_U>L_k34@7?Odt$q$e!6m
zPZNLQCSf>7Cpr@b6K=hi=xMT=^(A_mji-$WgPCId4sQ8}HF;Ch4&sHC45FuzuUSm=
zG^Qu*h@K{{T{ZDdnRn(mvG#Q1l0c%TIe7RQ(bK%N+C=m;eJU;yJ<aW%Aw*Bpd8~yG
zM1dKX=xI9ToAn{|FLWn*nmYkch@R#;*Ob_2cIUABL{GDORuHk?)<29x^fdR(yeAU%
zHl>v4X^zg7W<#u+@RsOljO|A5CF<|95ix}AHh*-DD9`q)r$qRC+DC{r=vmw+94CgP
zDiDVF6d-KiI{;yW?gXfV;$g!C12jbPu!7$LgcbM_Ze|W}J3u(b--HkS02Tp+Cj_4Z
z!m;=dfbauiThYTnm>w43HBJ_w948C#2`39sfRhC{hm!?3jFSa;i<1SojgtkqfRhCv
z_>M>)D8Oo*EWm7>EWlWtEWjD`G;%jiX8ar{GaOHD3yxhUA5UWQaZ>RU@-Zfv4^UKt
z9%p_aQG=AnwMag$w_f@AW~X!LIp|9g$DctA3gKSLwafTDJvl-ii&*JMyuXd2e{pJz
z)st^zW(wHEvoPY;BT*twjZYOzxYBwzUJa!~uR;*-=n%U}*XHj|i72hvrC|-P=T!`A
zg999rb0EW~VZqGC*;sV#3T4&$sh$6e8=HVf3mTMnQhME^flAg7dx01Bd4Zn*v<6Tc
z5O$7wfj0$I*6#&=8BhT5)8@Uv4d=hWuT6e|M=p4Qcb!y6F*88g8Om|;naW{EhO<B(
zfLvxP$6uUH>J6MzUxuPfQ(xezQ(oZrvR>e~roF(QE0h7otEPWB{RN(xrCwLAO1yA7
zng39Ym-q^umw1f!OT0UvFwK|vU6Yr1o0c!}Yt3KcTL7ImeTkFxtMC{WwO75ztfZYO
zJYH35A2p9v75Q#}{Tol^l;wZ@p<!M5+~VWm4^!$FctcSIzEar{zy4$2M)}k_cg4rO
z>TR2pZ+QJL=cm>u!}db!uTk|kCI;)Hp~uXP@)_#8LeT&H?qg$R`QL0|P|w7#j=yUl
z(0(ZeN{@Aa)zBJj-`{;Ktx~?<e(YS&Uer8hR<cK6Jmd--6>B7aYmFAG>T^<htxkRa
zEMbYb;^cVpqYIui2^U6CBUwGBl*g-O5*tg)$s`!b!boulB9s8}F%?~&N<nL4%@FzG
z9=VdJtBog3E|SVqQp6G&@e1h(9(m*W>v~8YF`BbRfwIFFaIs|2QXWojD*9*~v0TWd
zzC!|kuB@$37{?Qd<%vl&X$p%&zD~=BZwP_-v=o+z_;J!Y63kzuJepL_P9|RL6$)u=
zc_L5+PlN{2Cdp(eQcp+6L=MLxQ6zT|OA;MH3Tb`&R9K%#+S4yhgVf14@C%#j0<Ol_
z&S6wk-C8&3sP$}#JP}VK;9v>4FY(CVq`xEkyZI#iO;V>@k=Ic8XY*I5qp@@P)jCvH
zo`%lnXUnLlBO+Sn6yKl8a3+4guYIFValB`eUxfJKtF?r)jZpb)1`}Ccd;=N$NS>jX
zdwuah5%J=FvRo(=$dYQGWQb{Uc)7zKhm57t!}Z@}jB9)}9Pojrp&d$aXFx3geKaq@
zg#be=OK=(>3{as(2|f_ux*;X_ilHTV%zzR+mk0R$>uB(x68!xj<+#y<mBWxsfsU>T
zC3s$fa(ozz)O(IqUxuO++!9=SU<rPNQ-Zqz|FB_oJQ%N<-Xb2PjaRQrLnZ&BI5Phe
zw@UEHdnI`Fof7;Spo-fic+cl0_~p_PTvh_g2}t;&1Xq{`r>e~F>OWRj;x{y2rlR?j
z;$wI9^W_F!Jwp0x=g+_PG*wyt*B>g^oxhs-b83V0XVr62nIEVAVE&w{ZvNbO{WLs(
zPW`?4bE9JF=f|l(m_OG$Z3TV5y{tf4{x@4#asK=}2BL2M{9A_BVEg{=vIUj${r0ki
zdiJ7b8A9DE1ZsX#yFUVlC6$rqQ5&k|5&OSzDZO;XD5V$e6y7z6=fsmNavK@d*C^D;
z2|1{Hs+Hu*Q;@H22>cm25ieCqF3dmPKW0#5AoN7Uh6hH4`a>`A0W!$z8y4mpLwLjc
zMg+$AMhznTfzi>v!GY1xAL$zz7)6Ntk}|#l0a1WYs0j=Uj0^#Sq>yiPY*b))U_=ZI
zh6VsnXi%uXZ%k<42*viH>i_$Al`u}VU+w#|YVVU3_-gwBd%LuObsuRWzqwZzCcn<7
zHW9^A_`*|gcnlU29fSGy0f$IH;eh;M1fU4$4~)SA0rducO)cX0Huy9IJ_(6I=Np2N
z&upo%FQ7guagi$FaFwvXN;puBPQ`G98u>tlaHtx6iu~TH`opova4cFb;<D1Qa4`Wf
za-J0803KIF`eKsg62cQC5kQD$$>b8kBNss_C<2qigfI<Efc0jH<Z#EHARb#nc*0o{
zP7>yuA`u9IKOO5W7xBPBn2!0%6XoFIjOL|)=^2|R!TNG!Vu%sqQDj5_k3)KZR;Upw
zgQ}nsr~|5i@=y{=K>^Ax;p0<yf9i<*Tm^r6o%s@B*ruMyAFkk!R!9fyj@sWqiuAD*
zbPYf}7%yrh9n_PAbV(XWgQ2`(oJ=9Dx^%r!oCu|3p|n(*AXFAMR<}okY8om(m@Wn7
z$wT$WMt*AI4%aPkP#Uoseguji)rb!00#F>Mk#z7n2uJ=%1%EU;50RQW2}k*>;{_qz
z0yR8EovM1EQ*3|e6x*BPQ|+pn7p0$SPf9=44jd#)opXwUtWYIARo>nT<>jfw2^G@$
zqPRqaQiU=o+74A_%2rg%s9HAFGN|USnm1Jkl#M~BXiLy3+75JzHUb^>L<0?nvFIIn
zrTfYVg$Fcl@Fy*~gy-i%tY;(!6xI7fhMPd#*sUeG8XIav$}nXYP3(UF_>f(<MUcY2
z#S#fCJsu3@Xz^b?c_zKFWa`eRu7DN(J}XM`3P4GKvH`&`v+sH(S_9&y14={u;+3Vi
zK8T0(a24tAxuz8F4#*r(Q$XKVm*Q_$lW8GouPw!00Nns_#{sPalmVzWps+QiwYpZQ
zp@)bR!>VaItyV7!$pr9bt@__m&;K!TSN?CwVjbDWlh>9i*^T|$I$Qde{<Aa-TxW^k
zT95#m0%#tf_3--Zv!0;cz+bhB3~K_v5ui4JEKnK;fWClY09^;^iUH*UKa{KPz5XAe
z<qhbX3*sj$@L;}Sz^1g<gMJ6l4&ZkNR0izn>xNR?dt)ii12h@XdO-KKmEt1-WdpJU
zG=5VleiFpL12k-VDSi!5cR<=8+y?MU0LeF(;xD(B;?gapcp)Hv;7<j4|0f8Rc{k9H
zgFIo+OwTXH4*|*qG!GCAzY1NiL=_-z3!rSoR~#2iia|V}1VAZ(VE8GJQKV}iZaSbe
z#7E!m9Kn-_ctV;?ET)NtT(pi6@z8cNTpqc<9FIzjR$&`pV0xaG!sEz@J?+5VCym%D
zR3M_kyD|ZX#wK^<Bpw36#~`E+z7kI6gEElvWHc+jlm>?_8jH)7@X(H_<Zq|;#C<K$
zDVBg6dn`0KqHh#As+Bh(*NcTl_qAuxU7cMWWBsF@9Wk%ah?u~r2;VUKUUH7q8S{ci
z`(9Km22$BOhXp#;ODW`$X@xw6)C$^Tg4~s5WPEoZ0gmd^`$sb!35`qzzH**S%r_!B
zG=89ygR?!u!_^%YiY4U;1nMOS78V;3>fbjY&@VLD5$TukV5{&N&ITpG9He#62#MNq
ztXF+R^)wXk7pR8gAKieex^R6S;kRda!iR7_VykK+!+oQJ=yW;*{He>kj_cAWS6$f#
z_=osL#m7KSt<k{7cdTa(#IAR0;$b*63N)#c8Yax#1!N5h(12)d*j_clooEQAYN45A
z`>2brJ5_q4Tt=f@b((8U*U_=Q8KW9-RmW3|a95iGNXLVW973b|Lla=A)k5wus8$#n
zPi(Y0W^A;5gM#WMLjA&>T;0@h{39D;L^qfRRi$($U2PG_Ydb77CMK-jwMMma!yMxJ
zRO%lZb^}rWS>Z5EDP9{mh)IZlf~lTA5%GQ8)$<oo`g^G7A3*$h;i`NMVqNT6#7`JR
z@(WQpHFQb&7gYHYmE|=xNq!~b(?qKJ$@RXi4M={Zud;rSKk<vPHR7iP)+-;u4?_GC
zqtxdghxjIA)#rbru%h~Fuz%l({_&B%F(H_vTq<!C3fQjBj*0MXC-P{YEau9EJgEcm
zcn2fm$Rn{6F7m>yOT+s56M85|JEolPf6D0_=ouIq>gwwmG;L;TNVCIQIAPu)kwcPF
z8<$i59lG}CYQ-O<)%<k*pZ$$m(P^k)L;Sz%V7bG>urS|<V5N9R2ZzQkUkonxhU=5z
zZz^zsw>?I#`-Bb}7`%v@qBvMqV-@*?h3NW<T1DWAXoN#aToXwm4I$++2cYmklpbN`
zAQV3s;ZS8c%Dx@RCl#1aYm|R064$gq;Wi{@qWF{+E0y#NMPVN*9^tj-=z2t$*<4vp
z)oJ`DQR`~8Fl8H1m-ct^*J*_Jv*p)O(DS?H)BF$c{>k*J=c3zypQ?u@jp+Pc-anaM
zzX38(@I#x^L8wU7x$0xe{T8u~9Q!$Y&{puP>Q^PK5#G=0Xoz%FNUwqNQ+0x=K}DyF
zh^hywp7d4n`Pu7V2Wz;kROwfA{w%5Hp`(D5E=<k2D%O{39jfY5JqLBJze4>&N8MRc
z@5eeQlta-`_CvjAYowBny1q>?Wv4QJAh3r|4F#ikDpP6fzc;>}*onrSRR}kbsIhk0
ze+8$WCFgmg5b_bmA&f#8h|nFO9m0+XO%X0Y*f%yNGBze2-U~+u#$a&qg_I}rA|@)a
zU<!t*IHG-|AQja#m{5)h2Vz388WyZi<LQ_pvQ0@Gi%`>yL~DfeOd7{-NY56O{tChf
zgeJ{N^!tbKpVs%^!Vy2<haq%TiT}e)8Cz5OTByjYgtbxlWb=O(|4?aH3zUxx#b>Le
z`(M}l|KISxUGJ2=QclCbP}``PeiO{Vu&GfqV-qcH9bG;BCQaIcgE0!=cvIvf4v=c)
z^)xi~wX}^*nwT|j(Xv(RHb{+0J8&>X0Ss%4e8d4#WhMG`zN)ISvP$2w(x|eEbd~LF
z?9IM6tE{rbb%;T;sUhg)3~C2hBaAEx7$G$^bhHSksiC2TnV6c@xw;e7{DCuo2OZ63
z#;S~_@Syc0ab;(u6w>}R;s1!!(1ev`m?D%*SVAvMM0%uNwbg@>bBi^d(fwfO`uBrB
zb05@@(*W(HrJ<**qYYXK++7=+7#kbw0BU30+Ss_0v8l1@9k;SW%iqSwB8S4>PRMN|
zo$Uh4P~x9@pLV4AIpTjA>DpcoY#k>92c)Lup5{G>e^M&c%oI5!Z%jG&IYsclnaiR(
zk;DAcjV_a}DZObv@n5oTrbBMYI>T0b=S}I(?QDq3W02xyaA!R@+|61E|C?CtUwUnr
z-{>Z&m`(IAdCkswcvF8m>GVzf^gB-m2b8~F#Yw$RW58h=>GUG?<itNZEj`6LqVBgL
zsop1O|A5FhV>2@wZ^OT%|L@Dg0;<?wrUojpJqL4S3q)Yvgz?e@G8(;sb3l*nYS$N)
zpb54K`a;y2sbmg5exyBSF3BbtPd|}U?u*OG9YKl>V~DwT$*2%wV*rzlw@L^Fl8832
zTlC2=`7jtNIJ;roY?#SO@%yQ8FNqm(X@MM&33v0p1BKv{E6LKfI5&eTA2pxXRtZz6
zr&1?Wd^2=zx+?K-R|~jdfxb#S+;o7cP#@HN2He0Jt}9Z#&$tcf21fpNhAHUV2F_#?
zpmr!sUB%HrVWd{wzCPv%H-ZAL(<RqYLg$9CH^?v;5cQRIYOT{Epm-jj5)}RmVK)~H
zvjlVu8N_yk5yOElKmv3^F$n*-1?D)nupc@Dm9XmT;FO)zI?66;9o5ctZo=CgQ-=5^
z+rQDq>N$;0!;f>z-9_a~H{bvG*}GJ$Z<|KTr_pP%Lz87sw7$8wG<GbOS(JS$xT*h8
z`}F;sD@WRnciN=YwNq)tFZ@WPF~%W#$h4csB&+Y;o#xom>}=%Y5h<eH1;%$5-xiJB
z+ck%OcBiFl%MOEY`t@uUgL6(uV=uRU`<eIN`bccmxrdn#%S9irzI_;96|H*b`uChh
zweV}A<bCSHpv7~=OP9ngo#A=tUb~L@&2>%(1rK<!=;WxZ^XY%e1A0iSt&gwmu&wjW
zUMa5%tU7jaY`52;rr(jczE79zC|`ek*MJqw=#gJvF4p~;Z`pS1lwq9s&xLd5?JeH9
zeW9(C-+X9l=%QvrjtO?`_LojLvMeX4!{)${rGj-@(wte%I~mScI%E5+d+s+*-fHR0
zG5>L~|7%X8qOFa@Zpf!0oyUl#u0GXqT7>zs>Fv(6bU9<tqFu+aVQuerzuYX~db2mq
z{Hz+`)3Kc@{X34GbanL#yABrTVtZNKNqESc*}30G=j%hwrw-y=Se<9LfU&4#v!3nh
z)q@4c*r)wW=EyRJXcu)j)^1~$yE9BrJLl^B+2ZcL$KJ<VwL3HS$dW^Q%HAY@`Zl75
z(TDf(Kr7dFCN+!YBfbZ>dzh7ZFLUF@qnQ(}Y0LS>uNm_?&HZZPG<@l}(Ziq3a7}u0
zXiZVit8BkH>-w#iUpSB>oFpF<;LZD!F{7w|{-*8!hrKg_i|PCS|4pGni#@^=k)?g7
zw6EHCS=#qiO^HZ|EK!ndp^!CXDY7JMc4bK@vJ~whYc&7YZSH(N*L)_Q&*%4DAOCMB
zPw(@7zt8*JbMBmb?wy%C_k2^!YER{}Z@Ro=xcS)?7UFt?^%G_gvqyhuGdEc?ve&bH
z>gEntq9&ZH-P?ELo(t&_Lrq)EpWd6H8<O@w$m_7VmZ99$U2UrAvlJin99I5VhX2p^
z<^NLRt5zA{8zA&b*J|OhyK7#WOPR_yI=)J3PK@qVaAwtN^>x`bIZmMu<)h{<`C(9I
zTYqfLNxSWnR5zV{VtegfdD!y)lT;;=%;%+D4E%D>LVlfJ%8!yca*2Cg8tk1$-)dUa
zUM;!&!;4IYrum5h8&&x(s6KNHNzRnrx7X0`jNAvGo3Hp-%!E4mm9NqlT@XtPf48rE
zr0l-qXXa<<4IJdw)Na4oXyl0jmxOAM4BmZq=cpy(?@sviZ)aXVz3yOnNx2%!Y^~ur
z2_s+UJ(tCtW(TNSI;m`2Zho*s>Ri7O<{jF8yX7|RwXDAx*H?V|s^Ba0OtY@I%ZpSb
z8nx{orp*wII(XD2XwPT+M_!eClUT;a=^g@pdJ4NQ%$=o?d%fk6-`my=Cd_5Y28%O-
zzh}oSSocUmyERU~L1o6e&x2gt4~L}u5bXVQZLZAGleIHrXDq(z{IuRAyt$~^y28mp
zLi?G~&f=9(+s+M(agZq8e0SQ#?a#FC#PnNyv?!vv(Mf)u$CroGwuOFdU%sM!sawl{
zD~2h0yH~2{8qT}_ZD!joSCcPtU#2dasXz4Xpz&=pbykmaHwv1c|MW`)k#eJvzhaf@
zg15(v(^B|DR#g>MKf7Myyf9Z};J5n|^aP((FYu54{80GZyOGjGX@#S{CG8g2c4vS1
zrF&x{!gall$mTUW#io{<PpzoD^3D3-ut9HvlW)&mI3-&6gy2`<(dwI$$0>@|%o!)0
zUj9;WM6GPy=RGr<-)k3o4xgCOATD{#EF=5o#5<02KC3Dg6~#&H8e5Y){#Eilrp2>|
z4wd=G-~QcC@VnFh&xx<tf5IB;$OmuccdShvx#i0ceZdw-yJ|<fGe-xEe;aHYd31cc
zwaexj6VE5D_eDYyifV#Rt)D%}_@d<WV$}sB<DZN+TX4s6)QGp)tG7l!KVL3Zr2i`R
z@binu{Db+1EgCI)`(Tj{Qzq!hquS#)5=7(&j$60EQ`~IyB)*MA(vq*!ZYE|9{*tWF
zbH#(&ssPU+1J3po>ci5{Jm@&)*nk*oMaf}tgFB{}%1Ih!)`!?E_H2zkwZpeT|8R+-
zNWb{>M>iU>oi{9eY-Ot`byH~Ru-*@I-%lu6t2<d^$&a%J`!*<BiOLqQ^86rRGi>pR
zoJ*m@=V#pCbnVoj6wQvxtYg;3LWP=18FiP%#BV*G*!T8EWyMB!-=i|U55E-=YHOBQ
z$lny6tQGuz%M{z)>DLX1sOBHrxF`BTp>1y3jGNj$y{cKB8<qDN*w;UQdShwB=R@1x
z1U56YhXe?ZoL?vv@r|j-jM*D9<kPD5xeZ&h8=t*9o!0-P_mS1t)Se}$H0-W>sPQ7p
z=Y-zd+hs}Trlc9Lyi#s|NF6IbxN^48@EzBt&-$@%luop!-S~;ZT0<2ECCEIkkegbO
z_?0Q2H2=t`?HA-6t(r>nzcxnKd!;`Y*1n>eeYmgIgPj_y<iA~uS6(bN?o?bDLvV~-
zwOEnusR!#_3nwZalpZ~Cl#Fg4qi6A6=U0|IiQI5XuwX)bY;5cCXUh-HZw_yZT7M?)
zW8=8^{EE*zf_8qt_f|mX=78tdgO)@pEm*Vtc6G(~eH+s+9eb=Fqj*8<y5!x<f@9B@
zloiAWDeKfq9BFocIbiKXMepW~p&fFrBR0xh)*kVCfmed?mi#pbuW8h8pW7~6cUR&@
z>Lj&S+ikB6P+w9W+hH4)5-T9oYsT)f;U`t|8+H2{Pde_Rd5Q7lZrz?cZCX8&=9rsp
zc)BHfRa4rDeS2~@JPx^SWjlKK-3dqEwkOZ^A9ibUgXYp*a+i(<^>5#&r<-N+aYoY^
z(>rxPm==~5irG<eA{mb_lsD{b2tSy<V9Mz51dsmaQCs5Hu1igxw)yL(d->{b)mYC$
z_bY7`&p7+IU+@~;TUXotWMtngITbl&M@+enDs#_P+wa86x#uf&gT|Ks(9bwL+;OFK
zZ`BRr{QdMC+#dB?YpjxAb4VgZ?Ci?bVvg5$>w8a}QoTqg&Tws0?#2ke@|zb0ohAjI
z74dDAx0!kVlTGULoy#_FuR63t>t4ldWmi|3Ldlv}58kzjZjmc?7WiVFJYZGUg=>62
z2F!`MSKFp~aqq1dzHRSy9+j^Aw%Y2pn2qDH>LC*s&J;dr-m(0LzOKgeGaHPgez?3%
zd^q4fQS?1Sz{vFU?j_f6ybara@vvq@W0FJ;5iv!j`S7IIek_^bAFHN(I>BGLZr-_)
z$EVz^10KkS3}c%0OYe2W+`CfYcDznr_-1C^SO3^tsia1Gi)~eB3Aw7Zy`H(KeVJaO
zU--aT>%EZU-s}qP{s%?H3SLUZO`YPkMt<kE4QX@Tcb(1Q@5^vG@m=lp)q>%&h1Q=P
z`^?gj8gVNrT)@X%&*1RT=wksD87J<oZu54M{8*uSF`_Qu3v1M%uRCAI9d1?;A1D1-
z^o+8(j7;$k;XOXLr->Q!jaT&g^J%O*b*Jw1Kaltm?)r?iSKU$LZSLb>yC!b@fmU;c
zYsQ7KZK8&!f~Tw(miyxVfbWVA^WB-K<1a33=YQKiWo0kEy0!hZJ}0bc(Ulo6;zO`e
z)TFfeH$KjLB_Ub#UU*#QHo1>xO%oelM4q2~k#*TZQ0;E~k}Z7FZu6&WYR3f?g|Y0m
zXe8d-xvfaJZ~fKn3s^~;N;Y4!b1h}~7%qNT-?GRtKQjN`(am2f=J%d)zG`MuPs1rC
z!<N7L@nMBrkzugT0fw?x&oP=c8yMx18GW-oUzBAf&C1zuqgLg5z{@4o+s~{_m|M5q
zK>tBSL3=;j@mJ<J-W@x>s4zh9==E|p@1oxJLkA@;k#fmb<BwW;f*9SPB&SrhwW_>l
zX3iQj8LL<gJ^4vbzNM`RVmxvQ%GK|)L3#Q7R<Bm4+d-u_<lj8sRhzf^x@yY8n9QS6
zJqyZ?Oo%QTyzs5;qZixyu3lB6sL6L#;=)b^=XEyP*Yvj9rF?g_9Uc*T&@}VPA;+8^
zSHfkFi(0mt`i1pAvF+N1-LsE=V`i=vZ9Snqf5FPDC(=sw_@~P58}&i?mf*?empTRh
ztF_~7CKgX@d3Ao^lVYRwmy4F2J+Qs@a>1TecjO0)WqVtlzAN$gbx@>1pX;K%-vl*V
z<fR&1Ik?42r1!-3+r7*`2v7SsN@(K^`xoa8`a}#e92}!4y6KFsQ?P|)azl)EZRVVk
z*M$z2J9WPK^$7RV7RjGy^C~7|+8Ms7cg;4B$u1J@f2e4ArS-RL$<&c$U*ifd@ry*w
zS)0>WW6;K<W-tAHR%~RBemW*TQv2Sm!BSz5{MX(+9QE~n(>c|~gmR^x2MzMFGDPMM
z(VqF8IW+v>9c#v^oDYVsO?^Z36~wE=m-5AKsF+rAbii_v_$kI$GsM2{*lQOv=$P=6
z^6z_9gO=vrD%DYU3sY(`_b@+pR+@j|{_JON2j1UySmUClw13!$>%Kktn{I9@8z*e7
zylU#HS*kLIvTsM9Pc2qGI<w%3aFw0ycH)WWp)Zg2sK>j^E=fF4%Q`3T@GxH_V9kKs
zs>E~IOm~Yif_3X#vV&9d>hwJE1bZ|2FUGGP%@^3tig**&S~RylQ2m0azsz8T+_CA)
zLjnf&@@dnZyrjw7z;vtY@%e5HmqTN8rGhVqAGV%at)n|&;^VEZZb}vx&4=F{t{J6y
zL4UAJ`t`Uc!U1QuoV}ZqxJf=EqF;var~YfcTeb{s3b>Z*F>qG>7Ij7O0rA&NOY(9y
z%N^gUKG{`0m{7A@C0@Hn_jT%=^b@m-b+S+CL_La_bFN>RfBU63kK)D6Cp>z&z0SQ@
z@2O_SjGc2H2RzU+n7(1qFl}k!Woc337b>3KlP-3Tb8a|sC2c-oSG<|HCC+eBYwx$X
zccACuM6EW}WwYOJFZ1-f{8nB&Pk2?#5!H(WbG9U@?PP9rc~Ud|xZmZiZs)W<g!VXS
z<o_f8OpnNo6W?E7rcPAW@NZXhjL5sIWiL1?d#hLU=r2jjWiqS8@^_`2FR{N{I`a6u
zYGdX5Uv{ucG@DO*IW2rwc)Z7F?`4*^W{taXv+Qxt>fEP8-U_E(?P>e!j#qL02+>0G
zY6<3!>C*?#-+9b!#Jbjgt#=msRq?CaNjqt%X)NCOL^{iTaC&0Di!MbiX*F4j8EKv_
zrnelf8`?&R9~!H+uX>tMv9`&Ve04k4U?o4{36oqjTA%m`+&{49{L#-tT^7Y}pDOz1
z?(Ui~W5X}LcH5e~tnKadS4+Nq5*lQ2wcg@bF5}o3#o`HhRaG6gtC&|*D=sa!)ZAPx
z@OVy+S(SU1tub@v@ws!{-!2ZVY&dW<Z>y+d@$Co8p0~|EvfL#xNwcQr#<~g5#h2uK
zy1Z+p^PmHtk|%HKxz}Fd{EpU+H<P?9-kSM3OtCN>Ci^8)aMgoPm7^1<W~Q~8+gb<=
z@7-9Ze(Twg;eB5*2FQLl4w5iX`Fiq*iN-5FKP{tZ#j^B-cm4HO-!JQ@@2MU<ucE?g
z;p0AM>rB_#B_up~nK<Zz=Ih(<#?0D~Jv~G3sIAa&cW)uLqK>1!g^`Y)!o{=f{i_AN
zAG}<tx4Y+?2SRDz4acs&p!_Yz)W|`6+>y!~L)7oJUbb3(Tt2X6aCXqyb<=(ORO<KI
zxWUBHC&TILThUDBuzr=(Mrz*Q>p5Zkl}h&l>x-7A22n?^zHh$%Tw-&!gzzi*J4I{e
zuD-h90RMs3<xj5_-E%x#%{QSirR~+T{l%j_>}3ysni8Y3bNfyG-Bnd4$|p~(o_uN7
zH=}Fs*D4NPCiz2EX8FB04Kh>0!&SVDgH-y~PFmY%&O86N@3Wi58zZ&s`OTjPjBzct
zJ!#oux9`2x%|S1|=_=e9mhbLeHub6`t9(bXn{fH#wa>y!bcCxaF3x&3Vzb7v+!<d7
zgdIv~?x{F<Psx`D31u?Mf}%0Itq7KT(y)nJW0uvw@#|AM(>~F(v0ue3S*<bRjO^ol
zhSzo^v62gJemnIk=t$!8MMvK~7Q7g<!K|%rPkPd%<+l!5)+`m-y=?IMge!apr;OJd
z`7QC$jYZE#j7s!a7JN+l&7IZjwIoki%P`v-Zk22ay;xZITrhadovHGTP6IcI34D4!
z(K_Mm>RsX0eH~Tv?X_znTaG>N;Z~e;EN5pATTK<EjVy-+)1BHzln)zQqk2U?SL<Nk
zvsbmES8En4MCl5Y)Dw@T+S5jETv^PY!#a_o`*nVS!>h>A!<F_Ox$d{*M#k$Ad4r!m
zwd?b(yd`Jd=9P-h=R}K=2fxa86f#bWa~Qp`)In~XzieT$)AF&cOZ$k;y7tX(yz`e0
zPiKw17NCA8E$*IK?McP!n^)yaykb7vHDv$o{mp7&H^a)T=0B`Uu+;6HXti&~erEAq
zR%XMp#Cwt6^9J3n8{+bOU(;M`ZPSA<d<zdv4?M)0?p!=0L9;w;T#qsBeU=SmJg;&u
zOEZ4-W8nwQ{3Y^hCx>fA4gAuS^GRyhYwclbm;3rGv5t<KU3eg4_>vOuHifnW-wZDL
z<`PvRW8(!st}h!R%U{&*y0=AQhG^N>s&xmJHI93C`plC8;hfrKcWmx`95y&8|BZxO
z$n71E%3Ne8exKEP&#E!or(<Z4ROFhu3~6^ki+7RYTk|RoYPL=>8g=*Tf>~oPzsWoL
zWYQWflYq**3-9-QQ&3xW#A2!VB=z3n5fvvl<$j8{5<fI1-KX3xU-<Itt7TQ9{L0za
z67OA~;5X`NbD-XmX{j#yhmM<EyRkU&{*dG`!lRa&Tx)P=zTGGDpT3goPTi?Hb*Jvs
zox0P1I`I)Zgcb(m>xT{hanrjwI=Nm_V%nh$`$xhR>7%zk$sgGykTvvi$Gn-6d9O51
zW&1Y`-1|88q3W;+{T3Ca3|1QvTyMCbX0h{<y>FFATzfJ2&3&TJa#vrS$9pzr4qB=(
zdH`RbbpP_KOHxrE(t?Wa@3*{>6Z5jn+pea#e9-i~3$gR#cK1CjI_>!`ukgl$g5v%7
z2dq*tdGP*PrN_gvp6;K%zL06|vs+-moa9Bt@og)%eB9ycsh+Hu9bj9ZBG$fvweW2(
z{WsGGRUUls;B{Ix--6V^&9$*{ZZ{83ep7uic;HG|jYC%qgKb89H~+En<9Jbrw5a>e
zZp_OUzvsRzxjFOE?ZKr@)!uHo_irs}2{X4pe);^9iF^V&GZsnY@o9(F9nz6`JpS~#
zB8lO_SE6L%X3LCRG;vhCaZrx>was3!x4dUwW!~7izGK<U`r$6ko-%7~OW)<o?XUfD
zbaULP{TjlBHoZm1e*SUAm9;Ux+1cb<;psbHYYn2p7svYFiy1Cka_mQ@ouBcVsv(En
z_kSwPR(U8{-*2#g?lgyiU%ym*ACdb0gYc-;5mS1NU-3NKB|UpWQi|I8GwLFf{PTs%
zR#pT}z8W9tr?}qbL4j7lL9HddWaL{$&F@#FR$yl!?ewXq)45iWbpf*cJ_QDoa@z-O
z5-%TRnyF#Ec$;d)!Y4C!?zTL&eABj9g?u|-EO5JiQ|YksqSEC@Qd*YA%m^-cE^6u;
zwe?}f$`zh=pZn@nUKL&YJwiS3i1XSkq1uH}>s~DR#MDjW7YV(xYSDwc1ar&lo@=%1
z8!Uaqtu>Q%ULTuXEu8;&Y9G<jp2TjAIRkuDCAL@-`g%QUhkHGC+BtsxnRwNi!y9f!
z2dgI5IyH+XI&2I&{YhQ3EpCRbM{Jsf$}H2+AD*U#vkpW@jrDjTcELN;riYl{b$JQP
zt^3=q4=POkk*s2}Prg-XSWV&4l(fSuM!fnaby8>8*sAEnZDxTky)QqQ-&$ubd@cH=
z>e5-gbu7faM-1}WA8A^*DcHS_?FjWs(TB@yM-GhcADyJCnfPXVLacPN{mi5H>gT8T
zh<n;$baJEJzOB_hdrHk$EIUv%dO%^LxPN)PsF~TOS@lZZJL*!GxR&`??X0O2idSJw
zSANcy!@nou;yBIEI%gu>7HDfPP1SGvI&I<BikgIU&+mJ^3tGOJPpt8}eW>96caw~S
z$)6{UvT5=?**<Ng!~34M)Ap40Kk`AbS(+*KMDvWPPm`c?<gokF?~gc!YtMJyviEHN
zH6n3WJWM3p%T>d63^NPQyuPht$<q~IvbLL5d@DYYxOnHY;-$;xZ%lftc)0PbWb#cj
zvk@9))gs^X#7oV8<flJaxW@F&dw-onUI%k0)SeLjxbXW32V?nr(IS14`0`Gghn|lb
z{$o)>e~sQdD(zjThTFb>S!^L+yWTA)!)n=!(hE<=W-pCf*GIyz^n6R;;O8Y(1u`ku
z>%ACzhJ={LzW2Dfl;1=qqi&f<QP1Qjs;m6NRlOL2<LkD5+)`jFF+BUci1gAQspso1
z3~D^Oxm;JZ^;nNmzK8?$F?aJ<%`M*76lM2PFz@8m*Mzl|?kwA3s#Tl&TW^z$4Q#jB
zFx%3!YENdE=2wX))qAR5u2rhs<T%^-iTWvjUCE)ZrF^!;?|1q%WaJsa`Swzk{f8Wi
z93S9(&wzM$sOVNkocWFF%_EmD%URXW_ETQ-lS`K><39)425fAYRpha4!O7UibsOT3
zYozx%G&gz?)8Mi}QSXj>?xFi<C0j1Mn9@)5p@QgWkGp+!dpgfJ$0t6em-&6?aW^`O
zZL@pC>|V3tvSZN}eU)Bi&P@!@lF|A{*F@Jk7sRBDWLg()yeAc2l(EgwOMTpSy{%R*
zWBn$4WvTUC;&fhXOm*N%&441yAB4{hAJME;gQkr-Y|q&4nsZBFd+qFYOP?pMqr%>2
z@TDJJ75w5wk>J<WO}m9;6%HQk^RV`_OW638!of;DYM;MbTI63A9<k+S`Ht`}?ZHa}
z+YF|Rm%6_?c(}OU(UfruoE{q=Ur{!SrCm1Ze%9p1&uO1mYV2MVaq#@^c~%X{JCCom
zy7;*AiRzrG4KI7e*c3k!ub6lItjLs!D&NzS4?3*g$u}#cc!DAE_{O^WMS^*Xp@Qy-
zKIRVL^A-lY{^8%T;)`>LK=oWHv%}&yH{CJmJ3WywY8bV3=kPG`!3wO*sk)z&Z%kJj
zIz3U<q^Z?exo_D?zM$;K>$cC(8#A?8d(UgFq!Ss(C(MZ*uKQ!wQlTAY^OG%3rVU!W
z;CW9C-8CXn??>&C&NvpJaX(XLPa?~(F6Hjxr4?b$R~H$W$)=a6O>e(<cXe|7{))rG
z(W7rvDYpnNKJb;*o^e2{G<(Iz+pmcDH>OW@gKsBnnefJ5%6`jIudF69=OHcGcO&*(
zuHB*1{GnZL%Ew0+$64=A%X@8l>ump>&#y1FDUWuH-+W$TK>p?$){cUbi=*E3bZ)5%
zlv-+CRM2s4MB4cg?dLq!?1+xcYB5o3Y7pt+qjT^^$4<u6Pec2ku9{eIthI$t>D$a_
zDFf1!<nIlX%F#X4oK$sG@VP;ZW=^SUIMc{1<k1lR%a+$yetJE}<I%~TC#u~C&65ms
z(0x!cXJPx)UXR!Ga(CaW7BN@Ox3`ICbck=Z&)T~e)mKMbNv&@&TOYf!=j#tAnHhch
zxQL~k{&w!sw$?kN#!lQ{ASKy*)TxG>Ax-1j%9Evy?uOU+dR$hwZP~W&(CWk=xAwS}
zdG4wl7d>6zgJrbsGFzb^{q`RCsHgUHzKfc*&gp!ckSMhs0qwV!e0$q+qu;@e9~92n
zWp?bH8<N;tY4K`Lo!uMvp0&%E{rzl8^~+K7-hM8YRG7Oh++e|q@P~p2FC`G(dz$-Q
z4SP^~()z~2Z6gAL`$YA6^1iy&BA{(Gzc*9JzQ=uu8(Yo@ojrQk>41t+lg??)dGCE=
zr%inmJYII7_t*GaP9x@<2KRYxKlH`zb2(Laj*AGlt{!$HGBRJ^{??BkdB-=cV0o=b
zx*X~7_W1Z4)6N^WjEY~WRPp}EI7iW*+n;MMdwV)Mx7W;1#NIiXxw8lEI(FLo+4&hV
zF|~1v!%FW5S*mS5DD&n0>^e80+v3k+Z63xS=F7UdZOQR-L(jQw&ukbfaAnt_5T{qK
z4$O1B@1DEPE>~)(^!>+W*X)ufD_zq~7WCO^a-r#<<IyWKqSMwFZ&!6WZSgf^#Y6pL
z6>h@Q_8(Mt^`E?AhxDQSTYCA-QW#>=bMO;C{@rU6F7b~U(noD)YlL6e;&0<l-La{^
z>%QlqbKKx#J0^DA4!+cJ-O_TOsB*^b#AW@bp4!(WB$Ly)F78E1d}WdG**0ap3wu}A
zZY}O}O#b`G=PdW7Ed!^AWL&LSGxzos(FXTHb03VpmNc#0Hb>fJlhO*W)x+GBYKN@#
znZGT5nyk+5iHSFE_;2DL#hlLP7q<V!;Hk#i&vXtuPt9o&ZYY`hK}$DkM0D(z(8b1|
zBmBMA+#7PUEopn|>7ae<Wj|D2cxgFum_g}=iomK*g&*sQGf6R*a$`4m+|cT0KEpEf
z)R)%ysP~~e^tFoP#s>0R*hgOW$O~IPviRvyHL>xIR-2YCI~4VaaW=VnkomDud-%;<
zADx}?BEM>do`KB82g3x0PAZEWkaHsN^f6u8&C(ec#czKouap`6+%b1{&aN>d!d}ds
zp?~{$@v?1&B`tC0uN=keR^RrGIzZUvH*BsI*)vY)`!nY87P0*|R_TbGSlWxweX=qu
zby@WAJ69R3PmUix@BHz}_29kGDKVvkWR8T$c}d8)=*_v5;_bc3<_uA9Wl=8_TDPs%
zy@M|}$CEFkQF*(4o$%N%_3^v-=JuQu7(OS<?a5Kyn@>7C3{p?(?uu66iz%up9&=bo
zbU@|krSdU1*Us#pa&yQ`_u+cg-ooy}&M!=t?{%qsFn2(6P5fHv!t|ZOs#o?LR_Mrc
zTBRhH7I{+e-KVM<?|N)3cy7JQ@V4L67pd8=EnRPZTI;;cy(aK<%&t(O3wvg!zbrAX
zJ3jY%-;f!1HyZ_xIGl7sJXdS!-LPB7&sNKxvYjIqEYPos-^FCQ=OnSg{US@B3hq}a
zn#g<^Q!MQllwr2JrSFIxi=T}+Z$H38tFK0(#jRyI>5G;%^omq)a}7SMJ4*DnxlVgc
zY|Mj|!)MgiF=wPNX<F)Iee&^T{qeWv3&vLto#|ZjUTB!kZOij>>jdtP@RrV5t1;Sh
ztJn}@H`&)Gd*!^Fc9GxJ>r13kfMb;PHSvk7bXQI+TewcZpsCO5z~qhX4x8fUDrH=M
zv9X|MN)LCj#r$?otxl=0oL(vxTqu1xQaQD-tnJ4>qYG9nXT@Rm)tgri^ph0dXCH8V
zzu-rg#pxDW)81KCX04ZROn3ek6gGG1#T0>W3ZKJ=s$D+0V&K>CMf__<Hg4WGZf>+$
z{{lY!g&KEH1z6|g1om_}k(G62!jDXyUQA2d1(qvv-Z@EZ6+XYN&l-j0pK3fESo2cu
z-xq0D`f;^H>BSDStA)!>yl+Seemi%q$i9i2mv1(3-jZY%kW-cH5hm7es)*vW=$M`i
znHdrfk32r0F-uEm)LRiP;cDTX&CiNjJ3cyzKg^FR8y9xBA#!_cUChbTpZy9od)NyJ
zCWb^_X)smUSySn&v9x5W-lMeSj#pLM>l<$<AD+j5PyFq0{RH1={d2>=MIM)t+ApAR
zIkBV0x@uCI%w&fEqm1e)hs;CO6J$GvB}z)9R=<1Up4vYBklpU<rTeF3%0G2}FEM6!
z)*Gq19PKUI(Yw|jT31?fN3ZbQ=9G`|rX?!otJbWZe(du$-;a_bbMKlZ?NB*rk@ZqH
zPx^&M_*rAchK}o52ck2rhiG4z<(egO;*4vh+qsO%O9sj?tme$uZrB(Q7(C@vNUzrm
zcew|fPYIg!Mq|nSewx~L!$hus8~em(sqy>ztNHy+x8Ip}{`<R8%fl8Fo!+}=`k;>y
zYa9l~q|3Y(2tLLNNRnyGk?ftgT{ltOXNt3bihEAZQ7?wnS?7Q!HDyD;y&obs`%ZGN
z%(K}?MaQo_@=k8$wNqk;hB!?<A;g?snsTYP(c*qREDEmg?<jv$UGeq6v4?tFXFs!O
zGJ2wazT7xV`#{q7{&H8Z<qDdPm6sA@jqBgfz@?$XRwirKn*hJ^7d6f!8V6leZs{}f
zaQte4MbdS}t`f`ZC*%&3ag`BxaYj9-Bilb?g#5w=m3w_=8s7ES4$P|``q;De`qb3i
zx0lOT3~3jcks_2ATOl-L_VNDOCtrl<I<k&upIMl)Drk*|##HCGQF=X9cA59C_9?t^
zzTxYEnQP(~T$_@9?pTxDr!Uf%o;lY_D+gQ|JGig^qV0m|3XU2Edg=E}6>Balj5Lx+
z%v~e9`m1r;qPi1D_V)7~wCeM-34#(W0!q)kv<0r{u!Plm-Hu-^{PxWuQIG0di`QCJ
zw>2yleU<d_^8}5!tmG8AaLE_XB&T`ZAA8KbcUY58zc-i$p@$;9t5lIHy(IK1V4;aX
zD1r(C3epJ)QIRISC{?N`Lcl_YM5z|43QCKBk_b{m3nXlQ&vVXs_ndck|Jv)?O|Hq6
zOy-_@=38ez_so0`Mhj{l+|mvzwH`^M)jyXopnPrNJn*_RyH}cUZogY=)4F3Z?eFKY
z=<oJEE~uFu+26r#-E>U&n-bUeCA(3Jr#n{8PWLK~pQCxvM^QX=aYW3Yg-;8@NzSE`
zM&V)!Lst6Izd&{1kJWPqAH1|EcWc(fa`G0#KMi=g86kh)i-oDck8fLEjG)dMUed0K
zS66B_3g5Azz012L?PeP!=@8oeYU!#+`s&0tw(ou3FP%_vw|VZZ{k(5HCOOS#H?tp0
zN}YaYr%(GGZTZ|ICOot7;CrMdJ;_siW4efT-M-`@9$%7n_tPTw$DbTU%bR67s(w%R
zp1u&g>fw^Ru?=4f+ag3~J<yuvcUQX1zhdcJs8e(6dQklD-QT`+f-Qf5P^7F!C-GXQ
zr#|(@8oxr91nW(gylTNc!_r`Zi9g}7sbTfb@fHt)P;Gg08+F+O;#bQ)Un+b3+$RJz
zl^?%ctZ_x-lK;K6!_6AMrjhquu|WYPI`HdF?*)q7U{_NHxGirz6gP8r%3lhqd1kz(
z`&lCr`Zs!1FZa09%;%#Yk45qD=ekp-%q|LPVY9dQrcdPPOQv4?+T7*jdA`x1n=r^G
z(5P3w7-2DRd9u4^?gmfT68DX#5&foRy?=S6-)qm1XBW3%Z$_C3q>w|ctKYJfK5l=#
zaAig$WJx{3k1z*|tAxY01oXnLtt&6y=s4JGbW}Z^eHtQj^uS%acso^JV<6a$G$2DA
zp%%M;S6Om%&mMS=Dhp7u{oyk_qaZKl=A&k&vS=Lqb+Oa$)uOWn`x`xf)kT}dVC7s_
zQs>$F9^}s#k>U?l?!;aee1N(uxSS(E5C7Y~%+Wc-{Ugxt_Bln3j`jZNAIWb5c6)5P
z%k?|l5asJ{Gn~}~RZ@b!8F}24zCwAsY*O}F^VOFY4=eHcNyWWQx=33WE0dF^%2`_M
zy?ev0`)^$C)(^Dx<;`#J^avaLFra>WxnR1|VE;Tcr#)BDsm$e6>8sk9F!#Bm0xtcX
zGzr@wvm%kYq+2{+xZye`x9@&X#ya&JVJ?1aP8i<qX|}+*WUA!*eH{N8^w?&|z{Wql
z>I0|OkVjvFdGk4K)$sMW*18UCWmZ#Hm;PaLmECUxlcW+M=F&OBlDcMhj<8<w>7$~_
z58CGp?ns>aqOlO!qUyacMB(s;Ux`zH4?jKnv19vbT?x!$hr<{0;BEuRq=B1XXqaV#
zW1Dr8Usg6c){@Nqv?OrA-e2|oDWN&wm^Wdm;?>;GtgJB}yTt5gGK!(yDyL*^N_lw5
zqKo!7&(%6ay>@xnc-0E&s`@$;FE9I3ki2q6AGH-y^oRw<;Y+pP6`LK=NFnnJ^>1+c
zR_HhTZEhy8{F&kCz*Onx&PLws!2I+!t6C4Sx3?<{QOXe?d@n4qFj1W`VPYxj9_b!`
zD)Qa8skyPCIeZDOdA#Lr%Xs8nIm+MkmpemBd12=wLQjkR{rqx9{PSwM_@^MH^k)m_
zJmBNnpK_!ZHQWl3jca`yjG$QQKAF}@(v?+0XVYfK+wM(Dia+|fbmokx&~NdRBP@L%
zjU>L_i|LQ}Eu7U&pW?jGlSltdsCzcS1Io~f)xIN9^5WFX(}w)t0A44!Qom&7Z(<tG
zuNBFUHz4$C=)12zv+~KRrVWjm8@W%K%HEvudtmp)?}1Of-3f5_{D=D%N!}}KC5sOy
zyJ=rDy$2(VQVN3PmX}}NGcogPZ2|2*F|m7QqVr=-TtY--FgzdwvH%1BZV@c2SK@VI
z3~XEarBXFUljkkDEhLyv_S5&_XC~c#3(_~P|5l-0T*AC33)Rl{tY?sL^1CN<N)DA%
zUWjGTv;NX=!K1wmpc)48i4~Po>`u)^h_2ryw&u-VW%CyC%P3hG;`tCoaG}MS_Gjv_
zj;W_$rP-3>SC8`}XUYDo#>mj+A9j9a(dPk|eN^?5lw-stQko3lS40kpEgX-e6xYQi
z#QXi0`3J|+Tj#ZoBYlUeULwTRew4`QOTu5CI=@y}_93#{ujfAfvex+C<h43stjCnT
z9&Z@ycEL4OrqF|-h?wRA_G^OV8KX!UcpgjNZOc-l)<9~(-5k&SVmwM^Wm{$H)N$49
z)0cRO+Mbb|CdgqH_(@#Q4cj4~4-yD+buRsWwy8n~yUb_#LnP{Lef26G6r_L{I(wDg
zP{r)@=+zv5ZC7=MsGFOEh#QZCs9Q>2x>CjSEGM?+Qo?R$R<+CQAaCs0;B)3^6;U_V
zMiIBSjiPR8BKzEdvDI05G5l&W@{!_HPLlT1`9u_y>Ora={a8MqL<dk!Nxz=0-#N8X
zYkolp@^kFrEltg4gDX<*((|S$^byMe>lXWx%V5OddZu`$l2x~?^G)!N-aP+M8SRGC
zHD7x_6wUNDe+~9|^QW9^RyMx^#rNV%c{0EEmtI~C%=`&d*#22!%e{FKRFSN6z6D=u
z=)Dov=zx8XC$2FQ7y4f&I~jt1`D-@u`d8M+@}>SvrglDY?VEcx(USb@XVTVgCe~Xr
z<<5I<x#SoNpIDCE9E%yDFB$^B{F+LVALf`EvORNQoxXqxk^1n`^ixc42tr@$U5oIq
zw<l%!Hm5JR2>h8%zP0)w0d{mqgaeL^zvQLpZH+$g%^Z;4mS&f7FcvT=#Tc-=L82wL
zKuhL>A2VGX*LlA1-FtiQq$Jn0*q0GAcOTqe*DsPuf0fNd1-*-GxeFfdDp`6tSDbxe
zjN}V^_T$g+?PpfjhBoaN)f2PN$Um;Ov9@s-Ef2RTt?)Y|(|4|ps$lIH;ck<`eciu$
zH^~3j&Q1Tk-C+MWY+A2+?-jYF#6NL+8(-wcLn8`eyiTCh_WOQH0*(=+qtEr?7v(i-
z9&5&iYkUOX5f6vm=rx(du0gxtl!DVZ8H9^jDW+5C$bR&oydVqj%v@B$aT+Je&br#K
z`N|Wm+bpjyF%7WcBZ9y26}i26RteZ-dZ>cv)bn9S|2s8;0(vJCg?eEYLBLVO(fQsG
z^CRbfK0<qgncnks@N-zM8mlrjX%jelTd*%521psfHd!A!NF63cftpy+h#-&@cM+S=
z!_VNDhcB5~A5NZoFn^-mP2<H>#pAqdto4|)xPk7(p0AKY5xT+trJoLHIFJt6?<1<*
zhr{TX_fHY`(DPsvY~MYdh=udhS@v)Jbh+ongEHSwWfW%oWw<ZA!S}Cs?Yj{6o|8vD
z8!h&xY5X`~#0EiyIpGY|@#dpjgfc(^=!kVAmEe`4^_x(}mH;`5*;pYoLKEtwS2tqu
zjZns=kbk}F82SHP_`@+>Yw2lv^mSi}@0P3Ym7@1gING!R%DZ5}w8IDn@aLHqIDY(H
zgj{9UCC3adpPG}-f;%gx{CR^O?l|7#+=Teta=IY5;Lg)no2<v<l^$h&>r3+f#a<1H
zqufG~ue6{vS5^Oet}TI+T)E1Ku5wMT+XxQ7&z6Ra)$wn^H+k06rmpn%p*^L*O}@rJ
zpYsUag(JLN?^!68Akq6AYt!p~vYYp|G*N#c8*_Tlyk4vI{?y}gp4;pQugv5rYof#g
zCwBs@$&+ZfkdLM#<$Ur8=Dk0#1rJjph6oX#YJz5O;7PiOj|aiMw-02DV{K|Cp78mM
zU|Im-1$$otOpSRKe(`wSa}C_!xb0mIz8y%g3KeR)L=f*CX8!yz6?&2gSs0L_LwwTl
z;9e?Pt5+rwgVgqMB3$d$OPqY@3j&4$Hs5n60Ge_LoW1RsnBLFOcSv?0IrPNCHvk82
zK}ff>7W+eKBlf10a-pWT<s!Ekr>)gJyoNUD{e!vK%h(gzTl3&)97oXD2F6GBwEUw)
zNMBZFc@!7pD?S3@tn-#V{}hUMA&ln?tNQ<zrUjJ{L8p8K0XKTr&4Lm#A577uIGbq3
zB0h)MbG^IJ8xQ{iPx2h|Hf15@7qq3Fx$6=2Qmz<RV;ra{5y|AkL}2Sh83zHLA%Xzh
z#z$9rBczli!v9;+k~nuNLaP-!^&J7&Onw+*s>JtNI-m6i_eaRBhu0FddesSm3|f4A
zco#CytuOiIloreXOa{jFOgibV?4v1DERN}}u>UQkxEf|Axf=c}KgHGE@qeZ?SMyB%
z{?b#zg|)B5q)Mbpq&=i-O^4CNth%D(;^Tbd?BmdJ!EwpyH@;;7LXR>Z2DBnhmi}Z;
zj_Oyk>eVoi;u+a^U}o?h#=FUpc9*#y?yKg?mXA4&<E>{7M6kI+zhOC%r>4@P#Q1oo
zn<SfYu*eDr-O)Xhc^FNK@_ux?ToQ`{QLRb$M@JCwBwAK7jd0yN8qJakxM(ae2<|IC
zaT)83uzG{*1%Ty2hDde;1jvfXtz76b*hJ(SMq&fND#d;RdlQjn5#RibeJYV9lWhy3
zaGl9#@h9}H6sRiEz>)0=W(u;8Ir|V$Ck4w*be7WMnTGO6vFCz(czw`NZZL<<B=~Kv
zA?P&vawgLjLQS6OYdJsnorh44a+V+r^gpj_E;jf8aOVbIG?tKOdWqgfDPp#+U7-6s
zx6`aG2K@msN>k8hHvl|RKqbdp-ZEIbO!nbK_i~;%X#CeJuGt9DPY`y5tPZ=P@u_|L
z{0o-Cs(ea-$3&%Pka<iM^AS?k6`)RVOV2O+wlf}=_X!2J8M0LQ-kg`6nA?>*E}ZLm
zo*bR4v}WRo>T`EU*m)(<TRrl0NyJ9EcIl)||HV5iFOFAtGaQ>=e6dAiN*>UxYzz~*
zPhJBVv+N-^a(25xnYcZ^(UshjT~dZDCN_?Zf(NfnZU7CXx9TvJOx6k(gW)#JYTcLq
z@Z>-)NbD%E{ki+?g$$y9M@n|@qzqiG8tOhNfSjzIxUp_-_xB4E>#RgjM>nAIRk3mH
z2`LW!YANq83Vke#_Cr#3kf~|SzcVP1_qT#Hm(!p6tm-UXDKdX0de5o7oo~LRB3rL_
zH*q9J-fbAW!R@y<nX#&kJ(|J3gtFic`KG@osQHvib<no!XgqR*!F!+&J-AEi56umy
zb|D{n%ra*)suNdHr`ehho9q}reqBD!c@|?+N4qMEpBveOOdYlr|5(p>M)NfOyZ50x
zsO!0kd&0MZ+4%yWpu;n2Z)uuuB>yBe@0ps``fX@Ne1I4+dHF97%+LMwMq%h|7d}~q
zjL3VfkFvDkHdJ?Qf@VHy>;8D}b7R=kP+vMfhRYxTe|zO>a-4vYg6_%>k0&2vY0_)G
z(GkDlTT1TKUES$lud%W5r`OE9;E4l^QpudP?yi%JaCkP#@md8EAFJJOlkZ-QAqp$Q
z3)bRx187_>otiEO`d8bPU5;)yMDaIl4YY;3HSC|ix@p?>A!K2^1J!52bBRU!Wd4-Z
z5+Cd#?4C~9$udnZc}en^tUvem!}Dgq%}mBwv)c-r-#6}Wx(z|hK3*EU$5V3bP(yRj
zxzCh6e=+(2xB3M(^$TWZQJ0ZHr`rJhG->+w`}cABlgjyzmF4&p<rYl`3mx*Co+vHi
zGk+?5x8v}7U32NtT7FM1Z{V^1kIlyHouMGN)+c8p9cdnfuj~7l-->0w%b%2wpZMc7
z*>fhZ#V~Mlgv$JU270rDl{M&b%hB>*E(f2Fk-1$CBJNsun@Zq04=%?Y=LH=^Fu8kH
zEba2c3zlDFFO~XcRDJk<@s7NVXx(mu6}9ciM>$^etE4kyElw3B#1^Hzm%CMPF(Ufr
z@k*nQ?N-3p1nX{$ub)wFel6U+@XKd{pJIsl$DEZ8jc0L?mz}~c(dxqM$dJiqclt#O
ziR1O_13fleI{o=_TT{&`e;VDtjr@v{D1WpUA0%usbmI`^!PxNQ5fr&R(k|gNqG~f&
z@fI$(zWjH$CVbX3XvkqGFNq#Pb1)jrzbQ90p7cD)4WIAK^q*~?x5?{3-8-wY{OX#X
z%>2^vReJ2&NQ~;6vhY3JFA*Df=gRUO-rNM4YXOdbC2hKlig$|ReB-<Lk8U@muLQmO
zGBq~Z|D$(yaHcc@%oa<&ao@`Sa(U0yX925{9^Uk<pJO~1)~Y6E#+}W-&-VA4nIG(R
zVsr!U_C2p%{X2PKOI~K=Li4@sJ%t+<LkJs-OLur=TrS=*lxeweM@1&m(EFolu7ULs
zdv2%oP*QH3{g9pwim_aGR!p}rn?t!nQKt6dI9<(s7<ClZ)|L@H*>S&ly=KXqF~(dn
zx9K;m?1xtuTxx!jy^|YM=?9fz>L87{erTAwf86-t+VMcteVeymDypPqUdoeAtQ~Ba
zFR4GtPE|~32r;Y<sa*23k*Ho0w()$r<Y8k}?RQG1=fcI-l(WzacTUI*T)KEaTQB!q
zb(OeGz~#-gJ%bP3x!Hm8ZCTmha}BJ9a&kKnL({o&W<!FxLFG%9HqG)1X6Z%7xnkx+
z$+?$fcf$@pDa>NBU&)glhIDg}5P8}ap2w28uWOc+8g8p4jbD34Td{r92)|Zvlykf4
zaCMTN@MhI^=;!4_THB9~>_CH>qrSzHovF9C90Ik!Hb~}nKYrnHJE5th_@LIE9yvJl
zWhLL{^LDC&Fk*<+qZ5^IcV_VZLY#8IQgB^J$ju<1;2ZS~f7XzTej(R63fdLD0~e8N
zH+5%cNBigIrbaJVCL`z5UMe+K8M{vFU1<(0DG>L>c$e&`k#;V;$$D$g@50H||7eZ*
z_aiR7XJyihru0(=m5+a-E|`@kxJFf}Nb~jW(<I#(TYknu@AC4l!5{OSpAGo6Ocod7
z9V|`?EWmGA`N?Yd`LI3)JV;Y9?av}~3yTXHU-&8Q_l9<_?nSZV{OIt=m1ltxHF7y0
zVl2%f^{o1|6%`G#Nu4K6G%=(6Q+q$Ns#(r3ip4%|>f@HQzyWWlCR283=jAR564-uv
zOJlsd&6WqAW_4fpNQ+yp{$bYVYQpsi;5mjub!TyGDSP*1ZnX8x0vyWQ7!V6*;{_nb
zo8B`$RP^Ngo=Q%nhDKp`7O6_k;N88J0HJ7&JIk~2xX@sO9rg@ARq)Ap!}uk=$xOff
zD0M?Q4GL$_s<{51F8^}+$%l7dhm({D4}B~wVl^tq?!1#bZSZcd<<NN`y76yrrF`9|
z>WszgN_vIZq<MUT=9=WJQOnWNPDbDH3qO~?)PR<jgOK1PUx$rrwlK-JY2_3p<yaT>
zyi1R=-{yW<OmV3S@As-NIK|ZVA>rxLbdS);Sr3Ie?nU7`JV!b*K(%e3saY`SmrYGn
z<?q$t7wgw|Cpxq=M4^`Pwqfy5U+BB>L67;N!I`X2Lc*dtkLmfh0~(d5>l|9XwWw={
zN2+}*v-sn${GbGW5K8)@^qF&Y=Wp$+7VvEU+{~95s`l4!b5r9M^AAhjNY~y{UqSjW
zCZ6rk%Sp+>HtD-D^R*d0@$-Eaa>LKJIwbh~Z~c{~@fNdhvtyo;%e;YM(1^d^^0`XJ
z=cWk#<KIhG3-rI+juV4@SFQ*9{zd3q`JP=85q|18pk<(UYOdsnKP5$dSZuAoq5lDd
ze0!{=MfP3g<FrutO&h-7U*X`ez*CWdqJmdSmpv<DK7P+wRe4bXj$ew4>#CsXdZ?e%
z&?^2tcc7=EqvIyr;h^!hMeFTq9PQqaz+?9!dw-q#=H`}Wj*$yVQB(~d1JjE5YnA;u
zx17@Ql4TO2eU?bUK6N2~hz+Mz><T03g&)4n&A82v6^8Dy-j)k+-a~I}5aHe0u#6N6
z=jKk@f{58vRmf?~D<=9LM>5OC={OJ#{Mby%9habk3A-kgvynkbW0C4KF?gTIx~}T)
z$HK!S{`<3;t82KtvFiKpch%m1f78Sl5Wm#(WH9#C(0Y^3$`!%oiz~Y8N71u`3wFx!
z^OBQ!OOK!JJUgqiaxviOD84+scVxvf>|2gj<<X<urQCuo>-F4Zth)ZM4WEbvuzd8n
z@W9$nZ@e2X(Jo><lw&kI=3)cBQ}cH}mHqi#`N0zM>X(9zO3jj{P5#B^#O$xRakfLw
zHuP81LvGLu$=M%rFF&nPl=&)OXKy{+9`_{oOU2T;KQ6hfIdwbuzGw8fO3$QI@E&`w
zAe5&{=ZjoKIv=x4YRkn&eHm68|6AU+hBnS2HQ&xupT=hQ6+MfxkqxR^7497H3R&1&
zzcysh_DH&oSF-ll-#`l9c>Fhs?efB+jZy=3Xx38MS}WywS&rY0=>DGMo*a5Tjbe1!
z7k;F_U*v)C*^I=wc3HRoksKg6>^N+x^xnA$P2GQ_*S(PiZ#*d4IaYidwgTVN{<;3;
zIH0MdZlG~JiDdqD#LX)=V~!3_{#Es89+qRCP)kb?_-I|9P)_&ii>RqP#?udST(7|P
z7dI0OU?X0_WgdOwE9)P&Kkgn|D;d(hZ}xrXszs@*p?D_0YSDvf9(}aD_T!s}2~Hs(
zSB`viwG@vM_#-g7mb*<v|KK!WYcga>1vS{QIp}a_Fj81SioYIw18FGL$g73s!0}|h
zIFaMR;tq(uk0_-LX^2Pf&H|eeT2rhMm{}?4DlnE{gp(8lK#i4kAY9l}QZO;50sQSy
z&=M9D%3BP&Pdujs9!?A^XDOB&)bD3m0JX9xV?GkuTG?#ynxWz|0ByqAP|+D+B<oh>
zL&yaS+@w@DY_K|RNHck82Q7(V+YmAUIvC451C8Lr963GF1w{TR&YOs{QKq;_!3OY7
zIq+Pf>?p?-#F;4Q92Qp283!rD2P7WFpEizTnn&pGbD_{&3ws9zujrZqU4dIyZ63+p
zA!e>9<Y)_IOAb?j@vOTdpO)H(m)<-S;+C6QQGo%#1SwUa%oT?m-wTPz#`ks&2X+!I
zr|?#Z@eTd}1u4$KugL@4tB1_}pgY#STQleBW-*{b7FnLv!xKvw5TX0g=|<_H70az3
zS)IYB8-<5f%(t#&b=se7<QY2T8DwgH18i$Gs4+4rAa!2L-GD6paG!%5&Ox`%K9VGO
zhUftxiBgGO%$jX<jk$X6C8*<1$YFPqE;_EqgueBJwZfRA&=%+LWE&r+3jPFng%2Xy
zXGY$nAHJ2e#7#DNTH%&`x9(*l!X=N7Uk$*=XjDPI<M)jTdq?xS$1C8iX+BdVBn`tV
zwXXTIv+ONk0&q}Q#E)av!V63RV-w@yVh0D0_z3i)A*NQ|)x*`9hYice36r}W%g1Ys
zpg;5gNk%L%I5@kgN9ZtMBO3Wlf!=e<b#rq6nmDY3_yJy^+~PII<Z|2=8qxwCW32i;
zzVl}@368RW4NJmQ_9V-a5Sxv3$Qk<nfYXBX-}Mh(hldK?#k-L^jD@Q{9T^GCXB|8P
zvnP>@H?(fC*=H{*hKx8FJ;^UK`{+<z9#YU5EYs-i)b_)8PhoqbE}X~G(^6z2oC@8&
zaH7}@^&4@lSP+&zWL-QWrjy($0IMWxU7cR|_P*`U@;CCWrllWmWhUR6wuT2bY<;^*
zS5+?Qtch40U!Dk;RE`%r3-4g>fSzS6rgEtHMJ|ihp!Y@FXCK0sI=0eRPQvThJHiDI
ztgott&zoH_D$Xxh{;)kx)?z-pPRLuXp14I>EJCH(TnNnuoo%!=o+MwZZat#x(%eoi
zONl?RA6BC*-ZvO7me-fd8ferk_?&a|l{QSY%gFS~T+vq2Hg0TLE8)uAs>%|$^~Z-Z
zA=V$0Mj364j+qX+5v_k^j;^vawD+O^>U3W9>QZbFwbQ-~KG^nX)#17z3VfxsJ0!ki
zaANs9-<7$P{MtR;%zW*NU*w+Y%1H+mhcZFo-t}c+{)LRN)Gd{`Vx2c$y_;KgNAGH>
z?2-Yoe+=So_H5i<IF~Rc;A!;6YyTYT=VDMsPV0c4O3CzZyNR~#-v*S1pqZWa@$j`y
zU0Bx(-yEYF@?wUOC%A2^Gd$Rx<NWe4bZfMu`Szr357)v!-^p531G6$q@_<OZgw%-4
z%<@E?!O@HsHLh{uepzs32-axMe|(GY`T^7HIG0KJnZJb}s>8h4!@MSL9#?R5iRmWg
zEUQopPr^G+FFR={i|Pta3_QOrs3p3v7rUaPbw{5P28xcido+9FToG_{APfzBbIV?R
z@p+MwZCPze+mY;5)SV*AHdk$9cnPXr_`<a6@8+x>`AwX{Hm+_1S2rHC)GfUSjrYp@
zTWHS+oAhfnWG(E8QN|t0Vp;vi<TJyC%@fNozJ=xZTOX>Y!^rkm^&Z!HfkTbpwLPVj
zm9W5tjOExnWsjDd|D(b!T-_$FZX0)F19xK!cViQmb<276-S7)|@w!#i_vjtly3}rk
zyJPTbW$Lpp=J33B(u<3NG$*=wLWfre{KxUMmwvMnjaH;y(D1JM#U1j^tL=IP4TS2z
zJLD@@^_De%zP;U&vwbCWx^?<vG-vCrnZLhRV}nH_4|NZVr~7AN!`(I0gOljE`2kvc
z)Fv)^8+WjQJJ`Y<Y~l{KaZDRHrY#)PCXQ(vcYgzSe+zei6L)_bXTE{^{L?#i$vbty
z+jk3RzK!c+<oxnZ{pDRW@LsDd>3mtzXLM5fVVL8%fA4$$Pw)NTz4!m{-oO97|L}W%
z!h5asq|e!m|KkmAy!!3^>ZkXsU*4}4y%*^mg|BrtaJpMK-A$bCHm+?0*S3W_zw8~h
z=)F=3YhMPB_s4tI^fXrW1QhRwe42o-Jh3Ct=!FILEo!Yt#l3A3<Uj3MlXnG{=T3S?
zcuu-il`wwXSiW0g{v+BWAnU)fzFT-s<|%qmT&h#)&%?*OhG|ZntDV#r<K_uY?W9H<
z29e1XJ<k~h-Y^P8jCp-kroQ-Lo}jx|xY@k@r|~AEz~6rtNViNFYRfTjh#n6zx~dmF
z99cp3%!OzBpUTjs2Ba?)FMqCHnV_gD8$Pjx{Tj!%g>N05KMumD*lPb8@2b<9fM>9;
zy|aItM?bI?Dv<bWTANVD^Pw8bmvGeWYgAA+?cetg?S2ow7x?_O%u#tZX@3z_zJlr<
zDYJfXn>=<kM!sO}b2T*bLg`WP<;Rv{EhPnK_XV%%Mo<G>=RBsOzb7VK$Up2*X-{V?
zQyg$og%$C`iWFe(r>hUcy%&Q8RU{)1PqzBJYo%P5h_7DpGoTg17RM{wD2~d8g|;mx
z={iZRp<f*)|0`!<e28|+p>J${J$t)f?8(~sBZGq5r~rcXQmi=BLdJmZ4cPMYX+|>*
zG&5?T-0+^YrKa=8aoL>>)$^8W>H7y7uIdiQVtGM)IW=LZW8=y9t(4FPRHhbnPr|QL
zut37<==Lz{a`Sgyc!H5bcX#J*&)NI@1?hBQ9bGQ+vg8(xm!>Z%*q}wdFuH?KE{Ww@
za(d7qwydpDY}Ug?bCBEX$*i4sF;3vD8Qr3+$CCC=kFL99R{tVT3f_KwWO4;{?kqe%
zzcyjnY`%cPh*CToV%%e2n~<UTAiv=0ubqc**_blY-s92fX{UG!YIHr2d~-hhs|z*I
zWL=xK^E4r#*6QO#&-~Mo9m=*4EmlnPif2jwWce@68_{R4lo}~BVw=&ap$U?M)|A^-
zmLDe?H{07`iS&}&E_+6W<69Knf#Uqyd9X#9DS3W<bXkhJ=R{ebr++X!O<6A{&F_pg
zz926fQKM7n9>2n`l%hrkIT+RM28?Y{V#i2fXy{o7_}=L9NJDo=&AgmRnHPCE1HdRz
zHoh*yTJx)I<W#X4++l2f(UQ^sZ7tdnq9^$2$Rs5;o3xzK_S%3pV+nVeXlx^Ii_yYh
z)MCryhR)dHR}=H%%d?9)CG@rZRf&*Q%Dn1a`+$)C-3+yeKcy2>WJ%!=k90Mv>mNoe
z>e;5vc`XT&FLAwl&7<qv@vX*?y|{Pwv)iotH2s0;d2!$4KTVWIA^5ECgA)2B-`|pt
zQ(M=WepjtE5$um|`Bokt_1VuZt3>=^-06$q+*Dm`XVay<DBs$(&3^mY#q^T)0a3=S
zwg2}54gJ#zf4Z~Q{?d=TJl4#N1f4UH@WZ^g-)9ceT(-V9ENOTQEw^UxIi5esIDfUQ
zv+-f4%fn*uP;`1RBQ|`E^fK$#l-&BYp9a_z1EV3|M+T1ueX(NeOYwqBVb((dSq)NC
zBN8%Yx;93ExpDpS2SFFM9#<^AGJD0c`^t1E;K7>Q)Ch}A8K;dAUv8X){DGL`)<M})
z7(A7ASHoy1AU1o1a=Pr7wbA>WxCps}Pxf1GB}?17FIacCb%vHhzwt13_GXVvoi2N6
zZFDIo?vbpdq%jM6t{lb<q!Ey+9BF_`^a&wOKYWxFG#A4>%1p(x6oLbhP%#X9DEJi`
zy1|T+;=YGw;b!u|8{hy+pkyS!D|j5wjAIRAnl{#&;@nLH6S)V$1I9pkNB|)^lz)a9
zhQGAI`vv2?Asmh_HB{BY15{6NKr8V=QtYxIrgAn}Y#l;U2+WRT3c`RxnI{NJM5ZHz
z6bn<9lz<W-6@L*2Vmw43=w)(gVeB$F@8D6PLSjsEc<WG+V(`)_#;M=Dp?ot;d&W%9
zKq>^$QI<K3LwOhUu$;tt4*{3rVg|CRf~<hTsz7;wQ#n%&$P~$3k2VZtW*i~50R&1x
z%mA{5PysXq$59VbkP;7Ko+c>cU}B&FV`&{&1G=c3!vN$&<bMV}%NVgUiKD#$1G*$A
z6)TP4wF0|I!7da0%As~>8630$skH$@NwM6+SaE}YW2118(-=P-mmm726#EhyOk~jk
zvKjNVLK-mBM2RSfB7xnJT?BDvpQRfpz)eb?WPXSSBISh`r?Km(vdRPRsxpy)zDQsY
z`cxs8KRARNU}Ai_kX-=XhtzfDyhvciF|7hR2>;LnT8q~W<;g|6mviJ|Ys*Expkqcs
zKkzQ2!2Q^tcY!oSf-1xcq@XHb2T4J2+A+5?I1Bn;B)21Sb)r>R08f!z4}sfw5Drog
z2sGB40yX0$GT9$tE|s%fW!6S0$V2mpGEwYLj79gE2cfBZpm^g1)e~tDUp(Wq*e_^-
zQ6MuO;tB{v!iq7Xg`AyeNfyvgDUnZLc7hLsypTY=UMBEuqEaS!7i&tCAB5f~inRh7
z&?`i(R+t1ffT;Nl`jU9+daXqMoG1n8gX9)sw!kzYfX@J&3}P@?$5sOrB?7MEIT$U*
zz*(68v-V6#wy~lWv<M+P2<jjhWwLMKSshu1G3-ReR@Sw|BqD1RvuENJN7xfW>;~)W
z96_Lo&Rax?6oiUKAx=ER0vWdgoyLc%g3>@2k>@gji+G3>^aO^@5qbq7N&<nA9G~##
zkesXNQ=!0Mq`(GX4iAGQa&vQ?1oC}i+9sG}0`e1oA!V$X8MCe+KoQ;<C+>%xMXKlk
zxG)BxVkgihp#sHFK>~j$=L{qgAshvez{r)eUB<eU3w*&?jDqH{8ASH$P;s<_(4h#0
z`CYjrHyDgZN&!z3<fS<M&`O0YOBh~9CK06iC@==kT?hz6vIa3E8PtGeF61--w(&N@
zSwK&vKxP;rRoFke!^<E#;056dj;jirj%1%=ZpJI)psUa}hA1*`5fnn1PcSH?E)Uek
z-*RMI!)_f9%s$3jURd((@V}E84&wO9mZW2m2$W|1$<3pw4Kd9=|4!kFojRYo>SN&m
z*{g~cW__X;cswp64YQmKoHt#s<vCq;&NA=w<^SiE;p8$F7jn1D(1n+!ff|3v*^?wU
z5pegPSL99teua2;gDVOa2iV0p5SEFy8=U)GM*tLP%aX$fVPFLrD%ZCHb{Q)Q0hlqq
zcx0#;Lm1FOs%&XYa*3?O%bBng{OM2;d2j;YD^jnJX&CUPT;d!+E))pc!1&|1i#hYr
z+XVGcwbm0?fzIeaykaQW6&ws)A>1O`hibP%XP^=g7}k>DMG)9H7sYG<eTyx?+i$Q<
zan3<Pu#p7M4W4~S95WZXk<dbf6Q!;*`Ck?5#XvG4?HGx2K@vL^TZ!fuV}F2tiqshd
z=^{CVp!T3zw1FdwY~m1-?HRxcDN@Mlj}>u*ik0(x0tbf*u%MZcYC3|i(d>A0B5$Z}
zD_cEe67!XqLG;IQ&9JQjMDb+=*$qGxivdUi>X2BApC>SkN)%5gM+9aPFG}=6!lESO
zSd5qt34+8k8zCEp`#eV+b{@Bnu*wLq2Zo6PiATUyxy3lg5qg7w0j!-WZyK{4dXwmv
z$<D@js0pkt7rUHThh)|fFJ=wGbNxoQm9s`+BtJn@@w!9<+=;6!`Ph&6JmSsJv#k;{
zEWw~aLK*%qQ5nZG!@dSh02UE^iL4viIDP~6Qs^;29}g$IAl}^&h=O)PjR1%ET4LCS
z%sz7*6a|0-58lhDNlBbe^cxkgLeEL@a{#b-HKeKz7YFzhLQ9CLKar0B2~`|~nj?92
z7;#SF=$oqIpFja<hN_C7`C8G?eT0T9%P_Mo{s1Z5Ds+{t0dNMdiR5nu)&pD6J4CHe
zxmM8`@ERDFm_(=~HX_-hL=3>C;Aw&_QZ9;Vl{qA_h0uXi*=LCZ8G)hrNuv9PWGMG*
zP*|kcF+;a7!R1gA6E%@elt(fRBuX>vFIO{yO9<SL$-yf~!A>M5Bh?E*iU|HfX8*+R
z<;-7z(Cd(Gv}iFC2nlrM7-l+41cfq;`c<w5&>6yAq~`vqR^fVZOQJrWc_RSFY5<S`
zWuONLIYfnxNE~M;z!Rc^^&o0)Fz*Xaf#;x-i5Udc2Gc&<k!TzY1%ZQem<He^(7925
zSA@eTlmZ45#-uo_upFTVgOF2%>!Bbam_2h_Ip74A*OBdmu}mSGKYD`j7|*<l<SJx;
zf)?B-#Nk+q!NXu%!hNJ}E5}vV2Ik4c6+${u7AJ7TI>WUF5+!sIQ5%9dVFTt;KmypE
z@QN6{0mFfh_&V7<p&^(^d@K=+gT=8KLA??~@R3C5245!J`2={u_@ou{tT7vj;eP<C
zEMj10>>^%O737D#fK<}qu>;g5#yLV{F%t;keekn?ym=_|GbRS~rGsIQLc`8s?-PS?
zkYZRqCY4Z4WW#~3f}Js<c#%+cS6DDOGO>eTNHp4ziV`wlqqDt5*Ag^{x;XJpNJOFw
zK6pbmO0<)GH!%Y*N7M)f#Bp{r9Rs1pXH;v6`%qRX)^M;PLS<Bt0<{F5(GlPPni4`Y
zneO0)RJn>F_Q2?JZaYX0;e;dbIsTj~-zR3xaxNXjsY2)sQHdMCj`s;wz77;br{ZOZ
zcS8AHSsTDF2$F=)Nby$w8K4##jy+EVZg59I47f@m4veEw*2B-n3&v~H0;m#H6^cJq
zje48fNa3SsPy#9Xl%&_4J@W8M5^uZu2d4{08L0d@3%DiRp$8FC+f&t3(NiP2>|keL
z8dB+1er&v6K40-mg=5HpL)>;?Y%?5GVig$9d+TZJs6x0yyWnh*ef8lOjSQq9sPZw~
z@#k(;Pml=VdWQFgD+We=$$TU}@+Jk+o>^+;P+?0FY0rN<b~oIx>rr>koE6+eROMpP
zbq#ULfeDckGr0*5a`5Z>YsR&shUB?$$#%)vG6@8%Dx)IfDWg&fw;oo)KBHWNtfW^Y
zVVzN7IUzT09<FAXRccl+>J+YNm{)4yP#Z9+L3X2%DM3^Ys$KhohU#14;vNpuH=whK
zk*A_J<O~Z+EjviEKhDQqSBV$+TS*H?2iGi5u#@gnPR6LkYsGWLD|g*9%J4L9tZJ-|
z9Mva#ShV>%qW@`-O1zR`ekp=c**~?c*LZ0sa;XlYleH$)!j=B%g$D_um-UTwTJQ0i
zO=M-qgg`sA#AL53cC3qR6z-*$w`RFl3mpZMD@n$bvDbM<4~+69>?X&x+8;I4{(X%N
zE?*u^f1OimJ5uQp&iA**@O6Pv>h2gy51~D=O=hB)#PD<#8WkBO85MY%lv%cnE>GB!
z*-6(Z_bKL-KFS>`FZCi-oqC7LMzx_T#xTWec4c=z=+5tc<Z15Z&{z{v9#VB|)%Y}|
zBBUnd>E!qdX@^oqawkudrpfvweR2nhlQK)OppH-sDP0s<su2}M1yYR}LS#yL&k!UY
z>V^LjrW}d@HH31BGC^^st}{gI6-A4xOO2*7#pu&uRCB6K43wtcl|z^7N=4mA<)PB&
z&i63RFYK}IF+Wa46`_*mOnYp5EPEW*tKsGFDtN`-nB+v+s0Bh$qr}dg<QcALm?>cg
ztF@fqBf-c3Z1=f|?Q|*C)%vD<I#~b4<?;VJj(2Btm!Z(8OgcM_o2J_J7<CVoi%LTk
z)6dW#wA1kd`W5@v;o{{*<b!bbc%!b|ZnUR`mz9^9mz_$j%2SnUl}eS`#&QPpD_llh
zCeDxpNrB`Qk`rZza+AtTwV-BDM5wY<f2u&t*{(;P4#&yedEM#VCEeKWobJ>)#Qb>%
zjqT=5=WRnO)+^U*CCeqNj!ocZaJ!Hi$)}Rll9h}nAvSPhxHa4yem<o7*dA^Qw+*Q*
zt1PSaDsP!MF88YPs)!s_nb0REjCYV+NG{|_(kx|#B1$QuxKn!4xZL21j~QBHIxxOT
zalCTu?WrqytHzh)s`uzoZO15U_{o=J*5T^2d21GtwY8(y!gW22UB<ssF2{%%mN2$z
zR4|leLNomAt;!Wr%ny5g5_5Z2#CRAvI{Zae#vjW^_a8rc>PyzqD_t{@8%=&~AvZP@
z?$RzgTk>|)kaVJ5ZZ>u8{NB^U@w#w$JKPX0VI^q}tH`K%Nl^<IVJJwUeQna{z?d+_
zF-9ofz_3`tIAGi@T+1+f_^IVsC0UK)N`=IT#h)}RHA*f;l-ZS;l-VqgM~54EAO!!H
zKIf1pNEc(+JS++(_$iVkoA#83n%eOR5}CpgBWsvyR8o4r%(%>YMSN#NZOmWq!K3O$
zQdB#82|{lCKTSz^<PVd*@=K)BaFurL*`zhw+Ho3*P65P7#h);IX!PXm_`v85N)rXC
zS0Z5|X&EqTO7^B~QbJ=OCDs9B-ziplNfPE6HUBnaw<*b#DC+4LP`r9PTfAb4?ef?`
zIMBmNaIBAF7Q^dd;!xvIX-ifJ7xu7s8BHiZLso2m^8cniVxSeZ1>=IFA4%-wR8lJW
z7e$6rO}R$-Md7F9QJg4j)SEFf@tpBz<HfsDx=TIJ&m-ooj<Y;X=k4ZA8f!x;Lu%J6
zv_~T+M9HzFSn_#FJcUL9Q?L{-QW7bN{F!o!;!E)&%aP>BXaA+v^W*?h0QnXrjIvE(
zr$kUCDXA1&3K#WSj2z7&Mv%rvQ>2M>6`@K{SX2%wl`crrqH%R4p$bqLsIocR1Vn;W
zg4uc{yaxUhUcEO_HdZ#_H3}uEkQ+&j<PcKA#QgaD*!;xt(}ePbD%d!D3_kJlb(Hyc
zvm&yPUjC!X|Bz&cPxwDG5;j}#UmoY*{^lR&;7k6O&oO#5T%I)kp0r5*Nnz2;8LoIm
z&I;!;Op!RB@pNEZZgi31jdDn=lp%^jxN?c*@&r@3w1?e)<6K@izsGrp>e{ghvM|Li
zMj&3#u*e8&l+*Au@P?>|<>W-f4`c1oFp|X&>yhf^G3EB;hzW@wwq@pr|6x=ppcv_{
zhn{w2=gUmXY*n6)RJxP4$<-7liaOPVdXnlBqZ`i}uMjUBuN%)4FB8w-mDv5n)7s0_
z%ht=Xv7)ioWkP#Ydpx0Pa#VXvd!l7DkbIXCLv^6Mq}-zXrHE5XC>|7MYH-Y{fBARM
z7`}MPcsLC}lcEVyrK#RA8Z;J~JWYtELvx|BQmtdyY1&i;>W!E)v`DHj)h$MpCPp)$
zfx1fQP})fvZx<Hzc+UDbXU@FGq{pVmg5lL_=ga4-<|~fPd(QWmu0Nfxp0Av*-5Zx2
zl^mBGJ0xY09Y_vj8YO_TOcA62skYQJ)Ih2zb)M2fiKOgN5=fFHNivq=Kp6=?bJo*I
z>;J#{Y2#2?JE1{(Oi`kS$7sbf$IE({{(tR`1-&kzlIM(j?AEJ}t=B8Oo_bY#RYp!U
zPK1nxjE9UJSIpPUKiwN$A739^pNJ*H7~V016i*qT$Wdx3D5?fEjLJ?0&}3-*G))>O
zErjaM2<#Y3g;QXZ42m&TjvCOO$8|iYoYREpzM|kYmeZ&^6uHv@{Qk==;(Xrv>K?Gp
zq^kw)_$+eor3uYGB`!`m;n<A+Ejh00?EG>;kIPBPfRC1){UOssg}^Nu>OfR_OZ@oi
z)46Sx6MsAsgd5Ge*HsoX2P5g}^R%qnrb`{i>Jks*j=kvp_tSumXD)w&bvQN|_|0$$
zSH9o(I3*ll+W#eUQ^T*GLs-zXAD`JXCY6x!lu3!{Bi`JkkBu=&R=(Vc=0{dLsxgM-
zUrqWr8Ixs!=Lu^up)VXa!D|rFdnwXVhrfe)pXz{MtY6_S{k)m9JJ-Bs&Jq=#`mhZe
zwN2kkIl~yN%U=${lpqTnH<==^+IV;3t)~kdozPvjuaS|G`;b*=85V5PC(f85p1Hh=
zk-V3}7?>=W+*U2RES4CR2{@M-ba9hKNtQpSyui9o#!9np3c`5GjbyrkR22fLGbS5i
zeu+Uje{2mz(wG+UQ8_8@p=^Up2eSM<<wAC#9OF9cKJ{m+b>0168MANii)x(ySdH_F
z4aVZQqRT;83)RW01<}^?iv1WE#7=RTV1k>f@)1`8o<%Y)G-zc}(yp6=7GTd1*m6=Z
zp=VvMUA)a53<<PT6nJ+9H&?YF&6q!(t1Dy?B^b)`3;slHlw0>%OmRqP*6p)6pc%Bl
zeXa758KjRlXS`k&q@A1sMm+iAE9{oH#vFof!A~PItotrcu^T}S@p4G`{!G<^(xB1T
zd2|S2j|dGNt@2SB#Ljd07#mmtL>AS;!2+3}7>rTc$fzU-1dHacQgeRK-5)5#`~dq8
z8Y<M`tt2!c#Kk8xAT79rHF4ySRjV;okoUcsWaIdGic15pq$*m>dQ*6rFzgCTM=FN`
zwKvq)OaY$)j*|M)fK8Cs=xWBqda!=M_$r&S_KQO9GkBX<DeO%j>U~USt~+l^2Q$#u
zn9wt=;xnvT=yZR64IjSN`T7M51Bh0U(<;mNMjGp@6v@pKQ#YOCXRaOZE)ya)D%^Gg
z=NStxTs|u{^osg_9iiRA4b=PCtujd_#uNEorD$*J>HxYy^My{U$?F6dQEFd!Q0Ig{
zH~WGyXcVDNVpfu3qJZKNiX<3wqA{Lr9FJ6m_^JB$g=Vrg8*?qX{EPRhm?ot=#zyjx
zzO+C!;oL-ZM}m;x*R(J-@F&nK!sE2)3j?i!oN4iD1)C}}X_%kBVrd6RY1dCtLbgJD
zz6!3)%Ak+Jl8bjjWn6*I>dyU&IFT8aZ>qulS8x(DY{3B>>5OITt<WIQ9u`V4MQTKy
zU`+l1?)Xc{Gf~Vz;1TR!qB#z{3hBVVKx#*UJDKK~WAU*Juz`COT!y9*!x)oP{>p{$
zIQDKR9F0{|^iML_EHYMlnBlake=d`w9cWvh@@tHp0<0@fs83l@V{!F$ipwA%t?E;@
z)i^j9#f+Mb?dwwx)dbQ~oi^dJ=u19MVwrJ{LN69D3}N?mx|*r($n#<Wdl`G9Nzr~#
zNmbvukG(G4NzHV%Nio>Uw?0LDA;oFaw6jU^ft8eVACH^R3!mg-z84G0uX~>to@8i0
z10y)++$Y$^TMsxxc+;f#ZSZF3DTeYta=LB#4eL($OB{CP$NK%75ChMnPQx&ti5E7a
z>Ql})GZ`?wO$_jHD$f3g?I)*rUijp%f*KQNiRrHVJxjN63{Ysd|GBH|zop&4xli+e
zEe_nxG(YfMNDfLELG*eb57b4;ZAt;JOFeFK_&48$pw)087G~fX-wF<9Qv|b6|GxZV
zDbXeLSX!PsR~nQLuaH)h4P!G_E9@0gtS;xcjJD~&^qAQn?S|Cyeeoqx4+-T=d!;Ve
ziWZF$4wC`=#@<J&EjIq6<_fO;u1X&n=mUf8i_Hx9Ezt?7>HE4KsEvJtG+cbc&~Jz+
z-l9MFJ7f*YK$V0BeqGqmi2?<A+ZDVd3gb8pBx@HsI$0vnB}kXzl$~bLPT(9UWT389
zWgXK+G{vdd_o2VTjG$1w%WXx8Pc6jQ4X}<-t<U>Giyq<L#Hjw{v42T;n()NGI1gVO
z-~c&iGBa!B+cE!3vHSCefRzMS)kkXn42~m|2Ln1E`=}<X1=tu1FAiT$yxCv+80fD?
z|Ma*#U+wy8Ip+5D-yp$Iu*wDousE&+Nfj>gXT9#7_T(DzWdHNF6IX`|H5qE%-{8jN
ztnuKpNT`PI_j+iHdd=q&B-nR)2CSvl{~1e^?r)DiVK7{%&5-c4_-&4<ej%M{LTcLm
zSA45JcEz(q&i?*r(bZ%ZwL80sutlf(Vh21uieF<Hu&?OZH+&!vC)wyj5@TRk!nOk(
zKEjvefY;MrPH?&k`PK@O-n;742#Effro?mobHX5XA#8xopr2BynCia`xhk+2bVs<X
zHd8G|R?Xf)!FT7fs;7gd@9rn$OzHQu*-MPzoDuySH~hpT|D&sgFoDEAq8RQ!Y#56Y
zv>@>#ArHyK0B^3%lzk;y;FxDV2_aSpFNqPMa#H}U#8|v+C_IXrVY?W>?;?>E_iq8l
zYi$@zad|@Y@%A|OPPTvft+Z3Gp`8O!CJc*}cILHY-0;4M7bXP%Z+5bvn70!D(@ZlE
zF`*>+f7>fxUe14+X$&FlLN4$D=BE^&ANId>@n7}|$y><5VCFMGUb%=J_&=>Q!$)D6
zM_K-hm;V<XRF@skOG|y7-IV35W;C9jmKCnCc=}~PebuzE$_=ou?Ckqi>phK#@&9hE
z78P#&4{Nok)RkB6bM~*b<7WOYBkGLpA@AjxY8tEJ?l=a*pFl2x@MFpU2ri?i>JmAR
z)gJ#pTV~~n(9EGJJ6+_tMU8auqHrboMCM1G^Y_aOo1VyGFZKsM2jr!FKgY>nX3ck^
zU4QU%a72H|O-PvV`ytLw@7u);4NdzM&gJ?p%HEcs-XDI2OZnQ>T810$k7yUD_lc_&
zC5ZG#U19&GF+A~?Xx|_6gJsRTv-XgHO*?okZ1ADgf#H4AXs`JV-tRjwEOQ$04S3a0
z?3oK8xIZz5z4LRFBSSsYSl__nvY#!O#B*_-em>>M@Vk6YanB_21T+3qHgl^Q8uphB
ztdRB3{6^C^D=s2b`qONfXu{ezxpC?dUy!QzHY*uCO_R=JxL(Vf4A<*=@gG|xmj`1L
zzI2nf@Kfu>YvqYe)z1m%`U{>g`D^rFKKsnKxQ=;r(Djls(Z5qcl126R7ZY6J?b>{_
zK!52KW@VqFI$Of8G~+j*dOxw}Y9~)z`ugzc&G1QWpIVXIm(mOCEIKcra(>Pu_jRAP
zsNvvsZkyw1U77v3dTw;!_1c4oq)5t*KFeqRUDV4n^=C@yRqErvXu;$0p3skn)hpVl
z7kV-AB|BRw$HOp+`$6jO!#5MRtAdT}e@*8&9O*Z7t;>$l2c|N{%Dmc-7Y=CTYYAV(
zOH>|T*cM)KXmOiZsV8#<QmZz}m-=g6+$I7l(uGs+6-|rk+CCEe^G3hOafEMa{;qd|
z{yTc<=`Y*hgS}i_&x?08tQmatK;=kh{gwUdgTP);!ZA@~R&uOt+-uZpVtx!hE=oEi
zeP-ZW(bO^q>hh&5H()$qR4Yd6Z+S^LU%bGqol3<>wR>Bs@=@^9L$kB<HnkJ)Nm&$Y
z1|VQF|KZoX@j5cP_z2XJN+0lXlE`>Hr)Jc@_xa_`=xGL!V?>SBGk&&HJs!aoqW0UD
z+N1sUIN+D27(97i`wo48{FedpaKymlGwrn$U{y&B`0L`2k303{8afHVU$#WaVI+Qv
z|8Pr^fL#K!hs}uUR&~mbXiF?#S3vTWxqj9_y<f0act5=Kr3*%K^KgJtdtpAEwkPc2
z&L7>aVbnv}Pyf01v_3O(D;6g~sez6!qh&`&H@8q^YRAUm8rjmh+jJ*9#w`Yn!|E}D
z^=kiddIj@hv#3&eTjR3WNTqCeq4syi=kw+Thxf1j#h#j-Tbx*Vxkcfl>vJBTr>5^Z
zEq)q)*;6^9;?eVX9{%WxgSAt%v-Jhc-6c|!@16SLti_pc3-1yWc~F*!;@_d)UpfuT
zW=yY#rbh4Q2bN9F7|2Z+If%hy((Zm4EH38p9Y~X??oR(8T-ojY*vHTRtx)trvRs<b
zV~vw?`male7?C+%J!iXfr@6-A)6m;TIK5e5(#S1#9mC+Fk8S@40F*#$zgYhR=_<(b
zSR>Xy+*&m+kZGOl@y&6#{nk8}%V8Zi+*)|rh>>GQj<KHRsdKm+ZS&pMY3*f0@FTZy
zJQ8-|FZk=fnz_>}IrQh3?tcrvSIpvhirz=N=*9GMdeyAR@_Fm5Lzmw>IesIZdwOJf
z`=#mcc|>#lcAqUawLNRkX#aSXw@6I1{K&-1J}?9MosZB3AEgQ2QWw0nCU}W0!v^bp
zY8XOP{~Zj56V&_H$o!CfY<dgT&!#We(@&`WHUqfMqlD^rbF@%x(PM<_e{-x*eQ;#k
zbO?}_4H;mlQ2lX^7phOr2%*~USwdaQ%HIW%*Rt|DR$jx(>sNX0Dz97RHLEPZvMqd)
zP<?hz7OLNlynf9U>Nkt>h5C)6LZN<>s931qAd+qB5~2F@$ln-}eR^cuTAoqlZwSf0
zJ@Pk$Wd9!7&X#?A<ZlAWBVPUnknHOt+u5?+eY#M6e&kiM?Dtb6RNo)jwwG=CdZGFN
z$u_+_-OdrJFOXBH{y_4#dSu-%e<wuNN3#7b`v%G143YhV<ZtcBK0@;MLu5Z8`CB@&
zuaNvL5!qkpY@zxL$=?-`{f6ZAa*I&EF|rg~AXFcs3x(=Obg@u<i7pYUKau?X5!t8c
z3ZeQHT_sfCBKdnH@=Em@q52qICsaQp`THcYuaP{uWPc-h6((CkvUJLldW%qfkJbs*
z|L9Lb^+CE#sD4Oy2-O$qE}{A($+&^CPm+uqDElSJ-#3wclkO9$f6@a&^-+>>1Z6)Z
z`I{%QuhJtz^;eSd1ZAHk8Anj|TY6HczDs`-s{hi{LiJ(#yHNd@o)xMu({n=gXL>=X
zK27rXQe?lTmxSuu^s-QGC;9s+vX9d%LiKZ!aS3H#C;59SvcJ=tLiKr)zpWzsJ;`{5
zd%(Lw^?!O_s6J312-OejBcb|2eJoUes85CJ6D5C#MfQvOLa4q`UkcSf>T99;NXg%4
zk^Q8;6RNM&e}w8UCBrMoK2tvl)o;ppU0RsTF|l#+T@n(tq~xyMx?6gr^z7BUPv6vj
z{Ra#@YS7WvW73WtoId2ZjG@DhA3h>8D|=+lsL^A_o-ppj@h43<`IJ+0^YRM{i;5>s
zDw%v*>6Ehaia%6VRZpEZea6gLr_Vm)%$izTUA^7WFsIQucb==s?eU)F^9P#eFIc!}
z@!98`yX3r<^Os(*?81vKUVh1?mtB6vl~=8}dgV3OUbpJ{)i>Pu$2B+Ie9PK(>;H7?
zZMWZX=Up4_-uUNx?%j0X{SQ3&mxmtS{K%t^J^t4xp4{@cr=H&W_h+8n_T2L?Z2!lL
zFYS1F=RbG7^6G25Uw`AxxBm6^JA2-J@BO_WeE8A6k3acz|7V|nap23ZzW(Ol-+uS~
ze}4G!;7>odx}0_O;t-$E_IA7>otwYoj0$*aJk0@bv%5YZh7B8LO?RUeVqM^K25fa`
zRrnoqnjG$c)$Ry5>H`kD71L<O^5yhS_k1)}?AG+M!PaKKqx}gx_&9c7`MbLIQRP3;
zYo1na-Ku;y{U}}Zy7G^&DffR_`F$?$rni*~u2p_{$D!9B{i$7h<!|C=Uu=K)9WN=r
zN}tX2UP`~cM!Dq$<$JDE&Sic*_Plb+Cgm;krz@3LKX>SK{a)MOk^g_+{-gi=>umqw
z)?;k{k*4pr-u`1ZDEt2$c^n-5((k+f{VzqX_qX2u$L{*y-u|ukDnERSvWdeTcPigY
z$8$UT+^yVv&;Q2upLtjN+i#MWJ>BFbPZzU@NfdDj#)lL1$0bb9o;~G-OR^f$TVKC%
z2dKa3)g9xt?gK?qYTq7xl11+U7B#+1sOyU|E~<oo7xTMYsP?~`-<|y1xZNhNZ!&2E
z<984<IIWyVUKb2)ck9sBtGMcS^`c42+vsCTl(Xq;CeWPzk}~BFCM&1&`z2G9U*UAy
z%az}sa_IF(fAWj3`b|7;O8dkAK1O-#Sml46s61x8avnW}wiYm-ij=QpKAlSMr)vw9
zFF5JY>H594za#(uzWo<Y{dKngaO*L)|47sKTW@~>xBuJH$m3wyl;3y%FB%i+-+KFR
zEdAf!{@$!#r_(pkFLQgos#cylP5CxDq4a-a`+H7nfBS#S^Sk^Q=V5u@%_Snw#kj6_
zy47X9xceHFzPLaAzwIBc{AKg4h}yo*QOjxO`00nqhmP_odU=PlG5wM?%Kh&C|I@GE
z5c$1sb^GI^{adAH?)9CU?xSnkAHM(U|8D!Ia{J$2)w%6YyQy>Q*~W6zmF4Tz4$^-{
z)b@X{>d@Pt6=?E`>M0e4C6yvQbC^F%{x?Ja=;J%S>)7%A#LzuQQPo^u@9_IYx!2*-
zA7xtIo`4l!nw)`v!!F7^R)2GSqqV{5a#%e+tKI2y)CWAiMZqy%pGRLpiF_{VYxc_f
zivC6ZfTPJ;Z*#dY+}j+;((hjeteC>%3(jhH%y-u7i?!M9KDm%Q-<)RsUZ%_G4_E^p
zkJaUI&k;on9re}*kFUvQEF#}#S81|4{PjMkH=q_<-{^GNjU+kzqQK^s+k<p?>TLms
zwaL*W(_SIB&+nI;Yj?Pv*iN}TBN6$Sc%G3spX01%Y_nYy1`~^kJk37*UDxbiB#LD!
z91D?NnFs1dYrW6o_mAKbTu%4As7=OKBq}U3OZ<^vxf~m_LsTOtnr!YxR*%==);HWQ
zZvm@(Zf~rpb}S62915jU&rdAVp(n>{lZkUQ1gv^C=;<nPxg2wBF00?+m?tV7Hv0&V
z+qFn7CwgUayO3Ev&pfQu>-1u&NUYC^y)Lt;*@XpTmwOtlKARistTeLCj^*lEY@6?K
z+L5(-;@q|-M`(|iN!QOqw#>IVUGg@!D3&Kmql7w}ye@~#8o6hTeACA`n!EwMbT(mM
z+U7W90#HcgKC}iFA(bWA<pF1d(;@d{lV?7bP|%2S;&55r%}sR}9Fgo&$9#;*(U<LC
z<gRb@dECy$m`RNoWo@*%0%2dV>5hOXMdq}-xC);q;HmextahJsK1S-rGZ3)VH>#tp
zpsK{`5BQqv1I<21*w!1#;M$B5;#gSUs4v$TAj_-69|%7#ia3q6p&7>`)?ssd>}}_$
z4<G1vc>?Mn^SD`#)bVE=2YR|?N*%T)xlFq)U<*rbwG%}Fsq^Z`PPxhfHMKu@0Qtof
zY`4?xusZ$v0<m)gjaarLu)yP+Cn{|9^W+}XcevXhz+o&GRyP;BTh1bPU%;XAy3yvh
z);UlT{m3Y}&OAFDaQYprF{*q`o@TdEe-wC{nws4xt9psjhsm}39d3JQ7pY07pd>pR
zJzlw+WZ}ZHD~qde{5a}Sit58EB$hZ)CX2F6G}eH;l?ygDsW`IEk_T}e=ESxI<Pjpb
z$Eb&_YOmQv6|+qqV_aMCAZ+$Ke17Z`f555wqy*;<R$Nnf90ZT8;P&bJFu2Pi2K$@6
zUXM?1YZVSdM?gPxqQ*p?GeX0I3u>@6IbDmQ#^y17HW#+azDVW(HbRuC43fLm?pfdt
z|K9Azl*kO3$N~=zR8<Y=2b#5R5zbZ)z4EVXZfHQEQx#iiyTWD(pj6uB@ff+B1|+~P
zCVBjU(CR%_AEuMJW^KfXu#F8%I8HQke9@=R1rcMaP--3O0K)FHBRy5YqucFp*s+^k
z4x8Jl*Lm`gno(3%GDEKoRehz;E7PM!_#I6)Z=(mx4%<Zi^btJ^OH)Z!ISWmp(?8F8
zR<j2ODyj{vTh%z2%h}w7!@C(}e>!TnImRHpx(sbvz0F<kkVjx8i<WhsV^LHgIt@eQ
zp=ccW#&`YD^f~6^WT6Hwu*o7iS3QTsPDDA@&p_o1+z#2y(969%Wy|HGen&m+)7QXH
z@N6QFNsrIwlO?U$9ZCs5C2pG+JHzX9%7r;S^#PZx$&3?T*g4BM*&6k=-P2@q8n<4<
zPJ6N<_UqNzqNX~J3pIc`6ROWNo2xnOOv`mOppvtzI#SP6AzLOY>-6@Q+<p2EvHBZr
zGG|@RI&9M-To3ExQ9Lk7y(iefikeD@O#F>ZR7DyE(3UATBRGf1Q<axo5Q?-+v79Pk
zY*oYpouQVKL$<tZQR`z%#kEM!Uv<LJ>#}-}JT1$1maH@D76tV7(gK|1Wo72GVQ2e-
z`=#CHBG%+-MiZ`1w!Ba)>Q#pPup06NOQU|Qxkvc*;UZM&EYM4^It;LKW4uxAv{xtT
zl?dlI_P5b;MBdMF8|O$zsF7&YPj-|oFNW8LDiot`V!9gw3y^u(I$6tvPiL#c+Jof_
z%>%zojuodMugB@u>msAB;atdz_NS9c4NVi4etAN(+8U78)<D}i{f*55y}Ao4->438
z{=|{)A1{x1eIZ_#eyqq()P(}txlY*!!LAp2Yi03>c}|zi#3_19+v=5P9$5ik_uKV+
zP<2u8bIStNFYONcN&0pAW7@P(xfh*D7tzz{dGw4H<t6-n9eoG=0R0^OF8vwZWs!0p
zdI&v+E~f2t3)i=h-!G<D(f81g(J#|`=(U`GKfh~>l?T%&(39zUdRt3mzy1XrzLLI;
z{u})U{W1L=Z8=+c1U-qKPB+pQ&{xwp()XSnnU2T#{bl+C`a3%A9OXgu1iF&0rx($e
z(AU!s&`;5?(EI2E%$INYz5BV!!|BxX+250Hq?gm1={<DnQsn~9KaHNm;SPRZN;h)&
zHT=GT{u})!{WZOu)Av}y_49iMzmKDLbGW#G{W&?jk<Q@o3VI=ZC%u%@T~BYIAEvj_
zAJXDH<rMmOdLr$h7t@!~x6t>}f1`KNU(l^|FYd2w`XqV>)BXJgk>%@R+B<lK?q$bD
zy0(MihAR#;J~wK7b_dg253`*A6*to3j#FO#J9)?8-*<hDhgp9`CzsPvJ{{@y7}Kv9
zu6*I~k#6Z=xMA;M#@9xTujpWU>tUAjzv5bYTc+}+tl!6bhX2m%%RJ2bJGuQG<<pUF
zk1_oUe&0g3M15b;fw%ld_I7f*++S&Z(c6<9wfw_ve`nKC8#TSPgXu&kmv0P@{$&4`
zSpQ4X{qi3*-ikkK?5>7-cTJ<mGfy<TLl<#&T+}vrj7v2m{T0P5pGC?CXk)mbEwr^b
za=hVj^cK!<^r@D2UGzInTwgJ+@m<zAvfH@2)ERHJ`Fu8cyU6ZXXiZ<-tY0{}<h5v^
z(dOn@m%}|L&?rZ19WKXMC7))<YcSsOk~brqiydLJ2S2r+e%aar)`Bfy4-osmY_)=1
zPzzeXCa?n>kmEl4vb6%VfVE%?H~_4lV>oC5o4_7m`2x!UUa%JI0OG)xt=XU!Sb&w^
zb2-clTEJSc32Xs-fcO&Af?QAwTEJSc3G4s|faNPJ3se9vSOGSH9pC`4e2wv-0(ij+
zun8FXk;`$l9N)re)^fTnU<cR(4#@ew!7_mrWP@DbwtE8p@j~8B^fU*?3*H#UpwjY!
zywbw*DS0Jj!tb#8>Klb#KpejL4xjL&pvnhZqOz!}ro5uMq`a(39OmP6I|5_d42@F<
zhaB%6J3`)Q@dteJ9wI;8gnC;`2)Ad1oCGPx1%GgU**75}IDgbgAtU6rwtgpHWoz|$
z^jp(WpLq3hlv;j$qoaP_2z@)l*59K3a@gJe?Do>nH~i$SEtg{ik6Kth!_vE0<hC<D
zeEY0ie@(z;ufbS#A54Apo*E{m593E1YP`?k^4RPV>634@saH^&{f-gy+q?l1AADa<
zR!T1U2qWDdcE3bE8dzj)^7tI;AWyejv45I)PthMepZ>Jd?r=GqoB=))YVhDFU!d+y
zh2M#cn9s4$t8Spydfdm!TWz(ThKA#Yt9!ZD+I0VM!RjDlKIa^_$EV*4^x2#)`Ntfa
zuTI{o3C<HSy?jJb?`dkX1(%xT2-IiE8{?Vv9(RK*(B-AmY9^IeRo4`hmlX@7!x%Va
zYH4+e@ujk;yt1&U()gNJSXfhCSu&+Y9WzzN@bYOzm6auhMUf-h`*?hIN7(HoA+wo(
z>ibu}6REzNWr;%pGv<(C!31}iyv@c3%BXmQwR=%%v9%GSFoXP4pP;<TnwMW<)W)IV
zav+X!zq$ddMm89aUHy&nUZ30JUhMFBtX`YlE_2=KwmNE@@_D2fk29N9RT&r^XgpaY
zCT67jtqnd;lUjbdf2gJg!dC3MMRE~x)XC|7&DfCOqi+3qs=RUTvm4{&Qzqk9u19~0
zW{jzKdHjwx57arb$>z1nWRJjjmwrdjFUl)RCZdk3D9x)bF0Y&-N=xzu&Q)Va3*O8P
z+Y~YWBvDzBS3OBoPA$`|?$OGet9RM_C~5e!pfs<lYLpRnD3q=GO>>94-lON3e(rPz
z0;m!kZoAXwZZmyw7ufZ8qC5_DceKeCKyvDveLnpbzuVE#e21Ase;!^`T~j!-%qkBD
z{8==ks6Zb2@}{+{N%T9g%scxc><9UH0dvW5`VIBwK<EjDvHs)yR&OI#q@Ty-obo|v
z@c5QP)%3;=LxIIkj@X&uyRJ=fP(2^?TjKh&DO;0Kuz4J*MesqD%mE|q##03~UE~_M
z7HqiPB`fZXp}hTUtl#0*Ur`HfwJe14(Z4?`?R;DrJcG!5(KF1bcW^w-aqG`#^c&A8
zg(LJqTw&Yk)s6Zr)I{<*p+1vOK0d&n2%E9Zd|sPhze6q?Rr+(Zi0ujHXLV_nDw@HE
z^?p5boo;8qiI!WSQC2DK=Br#?_=|h`HaDOmmXGf|`r&50(x)H&kw<J~diZ3YdsjZh
zP&+G_kE|c8r>DD`&p63yo#SxpH}G*R=?{UhHod;L8oPVEHG5%t_Au8%E2@3JBkZeQ
z3i*B3LJb3uPpF2%Ch<1feGy;X%}wJmUHY(QO>3w8*2{hm>N!nVebIJ0RvcM+HG*B`
zT@;-UJRU+zQ4MRMMP~q?v*EOA4Ac|WX1eGjx1D)Z{<?$D#lmJ+2|+Gvk?GWX=tP$M
zutFwOtIfib*Tk}^;ye^kvndo6i{Fj#EFw#<b+bfPv)^a@tskfQ!%3tFo8rQyQnOc{
zZ6Y?Z{q1g>Kh_M{LgE#N-GMDY)mp!3sJ=(*u>Hn)C^QF(vGKROX5*t$z3m{Z88`-v
z+E$J54;2$+6UV5UP7%X{Q{bfOYqGhxK~|w3$;J~^ZW4wraAKG1C0aJiLr<|pSlZR2
zCoYJYqJ|-<ew80+IC0r(y7AWbkAEI<vJ)20s;DJpg-|E^EJaM;WSbXyK{xouZiC*7
z%t%-G^zxynY&9CQ$RnE1@AMh;c3D*@H`QZBzg0dSZ*Zx;2bDE5#*M8RJGy36PS{#l
z5RYX3ih{OFh@M~8X?ACWp4$O+73z#C;lt&lNk7iVavMg-eH3<F$mQ{YJF^sJN994-
zo>TqFR1GT|JJt-BZSf+M8sl81w|1J{^W2^V?o)&oHY+;=VwJKa%9$fRy9ZvayJY}9
z=<0~!hO-AnO*f$Z=?)y#{_qaX={M2dBc1;@b_Ua9iOQD=$0(-`ZhyX~j*XnoaP)Nb
z#~xXFPUG~$=+D#s-^eG!8<?I=OkcA**oe~$rRtfGy--Aa!ltSytv=M0(I2B;@_J>v
z2A35oFj3nUL3k~qsvUWH3Ap@iPRU+d9WDw3i}cG<frf70l#&8#X-U~>MU~e4sS}Sm
z<`|*w#i=7o{lgWA$BlMHGul-R^5&I34R2kkNv-PIMgOQScMBS2?JZBQ@*L8p6N*rA
zX5`%p84pIrW|478WUPvxa7z3MXTk3<!B5?VXvG9Sohrm<m_Xj`X>B!$A6sMKF5;)w
z?&3R4@Kful7<V4rDqhC~Keo2Uz+IkgZS9U>NB^s}_0-nZ*7GpDH9ge*A=s;Syk7T&
zjnOZt+8rYsaqW&^E{DePBPY>MWqNN8z2lB-9AN*2u7ZqinBiCU<q>tK%1^dIor`6r
zatXfR6{2HdKsImZxIA^Tr!N{)j^OoflgG|3OKi@w{TkM0P;*$*o5#yjvHGS(H^cNv
z^x~tTOh&W|!q+Qf*m~4$lHh&Ruzqb!NfVQze~gp{Wbdj#Xf}D)37=H{5q5oSG;dVT
zr5ZW5UUmmPIh_qtdHOcm#<H)Q9ErnafzKwp_Z(xjR=6B!4&(UIyU+w0oqqZ1t<dD9
zbJ&X7UqyTEOL@!AvnaYDeuU|eXJ7rQuTHgwCNu^D-tk#k3l=QMoa1iJ^!Vmv`Pl_Y
zHV^Bw>YC^HGaCa<u2V8Kq#g|#m3p^xe5iG+3A;<bClGbLXB-ad{*TL^>Gx#nZTR55
z3;mmZLqZ=rVr1qCnb|_Wk3Ax6`jMF<MdhTT(wd2-CHVz4)l<vz@=J@V)P$K16di1R
zrn-7O*?6b9y^p-N*qInlzgHZmUz)z(E6!8Ik?ysj?c|W1^0H(zDa-AMxC<;l^2!5)
zvzpz`;F-uAJ&{l`z~pq!hMM3l>lhBREzB{(M(eS|<S=*GO}iux^T`6oPpq*#Z|DRV
zXDrVvdl}kXGB0FYG5;dJOnR0BXCS!+DPhBGesw*W$a%w(qJLV|N64sc@*%<0(3x1B
zqSEc`zpWpoVO_T|BEuHht1#VeoZiBhW6X;wy)ral*y9?zdiSCe%RG{FY5&Fgjr12*
zRa=b<o&~CIshV0+m{m2gq|mrblVyz+zkUnF*1Ql62iZYXzci?G=oc4qb^1#gp&Lp8
zb@N$&bHv|V=MOjo&Ah_s<dh<6g`v|_sH<k(qR`z@H9fut9HHv$5R<pL-V0s#s`Fa(
zcwSYq7St!vKgIeg{ZSoG^{drVdG9-~ps1#zvPibBO3EgNDr9*M*Bc07m9*FA2pg<E
z`okB!2FLC*u9@}hH?EC?Ctu@@0AoudZf1mClgr1b@>LJL(HJ}zXN1q*Hh+wngBRXb
zb(1sv32pF_UKWXI4j-<xjXTr}9JYC(<cs6@3`9Q0h+MHTP2}afTAsXh!374}Rh8Aq
z=CYz0)mFXxt<$Z)=VEQ|-mHE@P~Lk<2-OR1KGCrewUKi?o;fZ@mfnH5uDKygc7m1-
zuB^GpJpI3#2DFOg9l}g~q7<{YuD>;Uw$M?irb_!ytd=|(a~E^wl%GvnihMn*eo>8n
zZnoDr+|5m?CaWnUA^%;|a+7JbDR#BVwBD4M5*zR}J5rZ*S&w<*8f-4VBlV*$_nRIw
zCG6{B+1I82{if<h`SzDwn!5XsdId|vLEC7X?^JK5$hGTlL^x3L<X*Pxx4bdLFJD(`
z<_$}|ueSaomHt3OU4mG1vUA2{TCG(Mhm~y-V^cHjj`>-vLYh!?N6cw<V(YWy`m>Ie
z8KxIzy;&Gm7Bf?BF>BqM0}bP9^i!BVFx8B$@0N3PrnfFLJhL*VV!CO;$@2GxXHRlU
zm%^grys4$t$f5g9+w@HNxJ&;h^-PhA84-NDN3PErTA!7>^1scNsZom!W;^@8%X(8j
z0bpxcy-?_~x#u*?r*u)7U?eIttyt?8x#1}Tw7yfTi^tVW%PTD@%#)9tYo?Z+R#rZ}
z%py{fG$SJ{rW8$!pH@^^QasaQ9zQ{gmHQ!OK&C3DnZbR>46bqnQa|p3yidxpMCW~e
zhSn1YLG-NoJ;Eo_`|F3b9ptfP?ZojXr;%|$<$Lw1A~HUy=;ZNRD^$Bow)+}IC}yiM
zjj5B%u`(UT^X>4o9BzI&k8Jzp3e_G>ZD$#BIxW4!`o-&Np5t`0PDzd4QO0DQsA-C|
zF4I)Cn$lH^YqHJt`1D#OPXFq3<Ez>D>XlE$Qe*V5-L!arb3=o3VQMVCC#Icm)_N77
zcAcoMUp&4_b#hHf)hzOaQxovi@Y=?K6~tsDru5JfgN;yqC5b8HG)+%djhrR5J0?rY
z8QiuUVq{@(L-f*=Ql#}&F9qqd)`YgxpW5RH7ITtjF*2`)ryG5PlX8w}GruumCNnT?
zWsKH4Di2hvOJ<&aw$igUF{Qtj5<D{oPY`+*#HRGsx+B}2P0dX;tT&kBa)fPR#E4jZ
zM7|aqmR+MePG`Gm)3c%fd0MP=O0pI!FRPhOtkQ`|d~#(q`fDTHPu;aH@{W%K1G?)2
zPStuEd)Hng&$2bL_D;3vS(nx(NfV7}Ws*uTW!iMD3#*3|i<Vqmlvh2qvZ$u4ysQXy
z6)G}gNJV9Nb@?dvpvfym-F1}K&lp)XwW6ZDvbw6KsIWxuVPi4p`?P`WR7k;0$xp7(
z4<&u~`)3X1baOni!qqRKgU61%C+Fvp=dIgdPMxTxtuU5Zz-5MCV<huf&St%E6u-;s
zHW}MEliy{1Ag>co<@ZUQs7D5}?l?+>emf=n`b<k}Q-659zpO!WFh)x%@Op#okslA$
z9(lV{?UBt!d*t5Ev_}e#KmK=bjv%+%ZH=VN(vsBGNsTNMY=`uh=fbc&%B<2Ssm2uf
zL&Gv8DJ8zDx)Ke3Jxh>1(@Kh_<Ai#@DFzvmQmXZrYp;=qVU2t~Q^QrwcRCj6RY5|2
z#&VN+wJBa-Trf|$G(EG`(mw8zR-|d6WZ-!2sa9Q6J+q=HtTB+F>8Zfcgue>PD+?`V
z*(OjETVlqK*J6+vhi($=Q%!>IQQ06OKS^Qdd+7w0^Y+SjMkkJeO+v+TmdAnYow+vb
z{4US+@(zNG)x1Nfn9jSy&b1vaQ+|w?=kj=p>qI)__6!!0?Gn++wnX?f#o?yk&2=n{
z+D^IcdxVOMy@ku`Xc^(#ez^4+Z7sQdMvQf1+vIYLe9GW*I@*_$m|mII#;|ERyWOeW
zR(bzz2G?ihGUYuxqdir@w8?u-Mtpj6SX#S?P%Qg|POjH_1pDVm_h&8hw=ryg8vE`@
z_ETzDo`|q*?o3-WRfK-S%~<b|wt<a%nZ|ZU|878M%7@%{YegvT`<>j^(ed9mhLt0E
z9+k&Ji%>D?<#DiDM7GPrf1e<QX_LK3yNl586!eTrZ+pLUAk%rc?P%|Qu~GKh%NHZh
zJ5#?Hb&Kf4{*lug^-+e1tdn9ou|JIblyU#ti}SyN+msu&4`y&3v0TTY@=<<_{nMFz
zHS$n&a{BQ7&|dy`b~!URzr4p^!R3VK<B_D_nEyz&yP|_K)Y)?LOX@G99;)CzHR@J5
z-q>!V{2J*w+;+%ij^?r^h|smK5bYlqM{-^YKOc2=`$mUt&ymbmD^$HRNwi;%<>$X`
z(-`Xt&#UnDgx@1L)N(8$@}nKLouAS@s)3g_RqGLXos6blN)E3$O`X589+sTYvj6#3
zljVH*f7(T{TF>^bzay_dahd5=ae#Q;iAHJYW;`0h@-{+0t%tX{&gHDH2^*zhlzz!9
zZ!U+ANYY1))sh*oN44N%^$oGM*^ubuouDP^jdOjbxDK|y2vbDQI8N)rC?~1$`fSIw
znXO8VZ#!qA{?uN-712eXH@%$<cew1)bB@ruc)WUt(9{IIX+E&s9aXNTNjXuo@D57o
z`aMyf@94H^)h9GA-u0V7i`)U*!qjAaHx1Rg7`G_8>DNZ7Z8J%YPrEBl>wf4$Fj|Xi
zkei1ha0DA4k!|ruGUpgA$*n&XQhPb(mlTcIBPbe^wC=%_*64x4ShBJXx6aHWW4=l`
z8}^{)aXUN>DDU+y?DO_Fx?D~YorvsES?SWjK4&Z`qqr1n-F)ihCOcD|sIM^du&J)(
zY%0;cwXVVC=zCorx{3WATDPdJ>#D`+L1B1%GD(ZUG0mHkCxnu(?$!-yoAnV(<5u)P
zUh5i}oI|W7?SmMtce{&8DbRW~yY*j(^ZFdJ=&01Be$=Idf-p6FYPA$x`6tO8XY(0P
zH{`52o!by(a&XT4nB^ujj{bz;oy8nIPY!kUo>HSF&v*FbV-H*Ko@2M1ah+WIw6IzA
z&`smDsb%^Tg_5E|Jw5#!wWP2#$|^&J$YVzL&=O^cI#mQzWshorN1*&>(GrYug5$%K
zk)VcnWv3%Mj&KZ_9GehpiAx);^=OkGoJx`kiwa8fD)r|e7J&qWCDCFUmMHH=wcuk;
zdnHcm)o#@gSuuq+LEWGouf@4+bq<$)Tee%y@tvw}GE3zwsIFppPLZ<?>)fpRJso76
zoKt07ypdI^qnE?TN*rW%M}w`|6_AgPnjQK<o|w{8OHvhv{(`Dr+v|H`t{+tq4@Nm%
zX7rilsP+?R91b||>LW(+IIy`=d&nJ>_K;bN)l-e#q2GckET5WRT4XWF-JuUCE-lZi
zwwQz8OUkOpj<&=EXPBx6#D-5WD#sEh?;5KGl*}k9#1!$7LoiJj9NdZeko@xUQcFT`
znY_)F7+mJW%JQid7A?4hDMeLPc@v8)Nx>=dXI2+gS&}1?g;jJ7uA-=H>J&>iWM)^j
z3L_ESqXr?RmQX^}QhG!Tz!WKI1zMacC@EUE(!Bhl((pUr!C{p}6-9Z~D9$nA!~QU}
zq!Po-Y1LY<b}RqLVjZ@#%^mD)eJR}8X}6lSp6#92B9}T&i&G^}Rck}rJvHh9)DF>%
ziRqvjBj+{BURj&-k~$fW?aawoA9k4YQ=EQ&%F=qYo%T>C50{qO;U;!euc(t-PILye
zeH0a3vawTEn6y3}G$<oiHdc#oas(PZM)RueiF1lR`Vb9<n2s8WYW+r%{$|p8x4*2&
z6rqhTBclgG_tsTKrAHC22|FWXg_01fCt*+rX*Y_-(VC^+<#f0MH7XjZ(>+I>O2(^O
z=yC$}x^~zE@nI9By%4V@g}0e|X~}vg592CDZNWgTmp)Vmk@VH*uQ}@5m!OYL(|YP-
z^|w>KF7?3Duh+D}gbdY=(x)+=sns~nYQ~5fo7-N~X!AFw_R^mNm{UzD=~^FsQa&Zn
z`vld<P6DX|!k1XACCkieaxTUSJwCmz@7B&?7`Anp<(y#(+WF(-sw#?#3gzCJ;|XqW
zlCeeg^(w8n3gdN-Uw`-)T>oILcW8^kr|J<t6_(^()OMPb@M-$#*MNKql-f6Z)FABO
z`Wn@9w8rMcAO6&%^$GOHBJxtvQ#ZF>?UEWSLq5MAtZzdqW|jS2y*0sZ#i{A~80=&J
z0%t?OnEp6pdT*mQa!DD+xmJz|EoP`bc#zgd4#vS|lO4Ll#t%1E<7=*46wKNY`p_e6
z#r+!X(6sSda`>K4Nz~N7$C(Caw}SFQd0v`Tgp)MRkEJEmMKzUE%c@JJ6j@@zT2W|>
z4YM4N|A$zPtL!B=J$kpMePq_UMO{@4(fS$}=6*+@W`WbE7uP16s#Ak|I#WB^?LnEx
z0b%pm!yfn7sGyqcw$MSLi3uNt_D++{Tcf|usJDv}P~#2>O<lw1oO+{3zY?vH@4dU6
z^#Q+r0I1_Id`~6+K6@%Mx6$;)|8bUh{2y=Wg8vgNiTFR!qNV*QNlT7sp`oo>uUDle
zy&gFBknOq50@-F8&&PrC{3HvhL!H?YQcl(4=lb=9#p?@e?|x9&!X{VgOG}(wRZ~`8
zIVG<YwR^05r7N;79;9_|cB@Mgxew&{?w#DDSf0G?6IrDW(30(ry5>1GK8M{_ABe1-
za<xR6uWo%8^w76r#G$uBxzd;knb1YOmf%nAi9Oh@o$KIs=C9Ug(ObmDnuYgFYS>iw
zqn4LtVfdk!#5*a4YNm*C*!%G1ut@99$!pjpCAE(}*J0LbEJDrms}$${lX1--xiMik
zl41^hBT2Tsj0Pqu&i>m?TDPb)j@D9)9LBnR9(!{=N{;C;%MF_=th|{IGuHsEr!lph
zbAin#-$-G@Wu(^KSR{KZ@RG6P+hkc<oPH37J(U;1XZ0po5%a-*MM+Tss^+vYTD&^Y
zWSt#6)G(9!%4L|0u~Vny7gb`msap5wlHFVDQCU=7R2J2LFk-NA0x;n;W(f_hDxX@Z
zr{;3AW@%I6`)WO_^C~A6RY&(mz%s%|6qo2%h(~J!!iN^kz*?&GmFJaBlxL%;<rx=k
zF*2!<%PT4^#1&-J;PSGf@?u;_My*}Hkc&_0ul0!@ivOxBXX3IlYQ<GWmD5VF*$F9q
zw3NscRZl7}v?R7yZ>Ly#rd?senK$gxD&kl+{qE<Kv~NvXQuw76TH*RD0W~(4)8=RG
ze~5ax^QY1Hc2A>S{%@Q{aRN<Sf#Mo{NfouB5v`H%M4Jzv=;%{XM5eV<A;<n-s*uCW
z!Uoi*kr#9kTb*|Jt&YsUW5T!j*G}wPX02=FrQab|UZeGJ+GQa5fP6qyqsMsHx2Ib>
zci<zInpqN>PydaM@jXili>6eRqh>0YX;f$t`E=~>)P}FnEYXRR)l@slLw(y*>t0rl
zHa!~lMa9KM1=UsRhFoy!YKu8Mdv7*tJ=?p1eG;$Z)t!X44XAeJ$&|mBQDO7x{e+#t
zUuWT6N_D#IucdfBew+vA%coMt9ZY#p#L97Q)GJZrWJ5AWUQyXS&GJ%E4V9IQNxz(9
zhq~aM&}4bX(l%#~PcF)sT)$fHKT1moCJ|Q(dapdMy2WEwS8YyzP3TFJ8AB7&o=eoU
zusymI$BwG;yz*9(yWVJaw{!U&oJ$?u6`Ude)UY0eT~iW@W>l1x6qHo!z5ejMWD383
z)FpEKKBHe@UHJ1Ub4LyJ(CTIV7uI(%-srnnP+DG9RA}@zEUzdk(|dF3>p0(}^)+tE
zvyL~SH?jRT@=&X+<gEIZ7jee?5pA|SudI+MKzb_j3QohfU>e+Q-xG=L=%#vT)lsjE
z42|r-D!U;Y>r?MZgx1%jS&S>z;I_tf^Z+2VLSFX<w{l3>8hfR5FD)vYSUpL;9j4zU
z*56gpS2tfvQfE+gQLL`G+TOGaThnArUaU`@f1<vU7-MhtO-U&&nwW>WAit=pS|0o5
zmDNT^-MrG$^6A0NOq;EBjVO?^L8LdNWE!hbp@cW!lC@v~L`{NkM)5=|4V4X78oV<d
zlXe1TV0n|xGQD-xwu`DPZ0cndRS40roTl||x74H@s~v6J4Ob05wAKpB3uO~Iv`j2X
z6(5yKqiA8dB}eu$P1yT0GNF36^_aBS1e3*-R;6{1+Sw@swN$oF+e?+6LlL`QwbKiW
zN=v4cRO{)Rq-ml3Dr@%1RY;Hw$Cg(ewx~o+?MEyCZPB(n8})j;tk*9qgD)$ytdL$&
zX1Tg-a(u!^vUhgc>KH90RGN5UCU3JR1TRxnH;@U3D1^prVS}Qs^hUOQ?cp%jMEWdI
zFGR#0dY1k#n6%UmlW+tVn<r|$WYip=QxE19dW9qQ@Td1t@?5Ym{JoF3!_G8WmL%CY
zHCtjTgN=!__hp+bvM0uPEy0NK!QGN^n9duSrJTP1MJ6r5_<}3SSQ$x6Ur1cOS--}N
z^?PmVxwIOBQ?|>YhwrG75!7TjGoG^hX+4balA%%hi$W>KX#I?t><;zYXQ4@CM~%d&
zu0m_fT8}pGi=^afn*J7Q_@=gPakQB)GcPz(|EEow7W&%G7UOy+?42S$is-7v)j8%k
zjkj|6j7PnRGf7L3ztMz7Og)QY+ow*4N>XMO=T6Je5{$ot6^cmdqQz7d$tqPpu1oT&
zaQxn3*18zQ5;X_ke2J(|x)}pi1z=g$C48X%Moo_8!?puQSw8B5Mo+RaFef`_6sm-%
zL8C1n>zBaBppiAzvVtiuE1ijyhK<Mx8(~g4O6zNkI1!%{!baY7MSS$=abcrxZaezK
zu+g_*H1?b^dP?35i|h>7C4Wi#uO?ce9!L2nnP!bR>}x=wJI>y^?{P9U$4soq-(c<^
z{Z3G&qrnv(L(%A)C;Jb|{;-2MY!7_AP_ZG5euA<;b%6-IFCpVrOy~D~LdA`6i_rT;
z@?DGbMCkpZ3&1LVm;DxHzv{cgmj7q)aM<!60ndcZ{{nb5Z27N)z5FiwBz^?`9rj(u
z=1DcF@AAEj5%_xozsr841^9c4DYX7_{C&D9wEP<U-OTT@5BCN5`wD)SeNnH%-)q8_
zw+?^bV+w8G1Ni%iu<?Jx-~R~v{xbf4Gi?3;!r%MD=KmUho6Mp2ue#vx6muwjz45oz
z9C}~tSp1!B4&~PvbL9R#1>a8#TV6%j`0%*MI}R|e*q4kSMO(gNT(KXNcN|m}KQUey
zy@}ouyHfYsIOPhnvNvX>=*-7E{Sx&@Z{-7t%C%oESKmKZw)RuQEAo}Cn(_{x@`_1x
zUrskh#ZC7Xak^8KTP7&49i_a5!}pxe_0ygGM5ljK!tay*iV43>`fJU<Ed85C{ol#|
zmW$Q&-s70=3pu}w-#NaP-*eqe@5Pbn_nyW17AR-?nLegx2fg<E$muqn|Lf$xWd`Rf
ziA;Y*3-guvc!2qrJ*xfkW0}Q#&iQ@Izmfh;lMkJK@2PZQ2jzc4=hFXcmwzMudqy2P
z{YLrUF}D5k|9j`ZQU14F_`g~HEnLoyE3Q=Y&uc&bqtm})!LOVCU;5c{K-G`l?5o;M
zzfpg#{Z@I?_sct#e(O)mf0y*vp3L7F`IX9#h0FVI%g>fGI3L>)MmxhaAm*fNpEQXt
zPr$VO*R|%xC5ZI{*0m0A?IJe7x$uK<HT(p;73259jiv<gxg6dlK};LCuJs&zcf)J(
z{cYIl#`mMJ98ZF9rLSv!@PPzz^N@9|y&g;uyWrCI62wc#uWOy~Zi4s(ZuuZVT$#15
z)%#h3=$E~&br)LJiDNLlH9-u9&q+uW|AY_pOcZazJ9;MyZS1<%aeWd+HGC_46TG`$
zqF4`G`zMM!;EnJ`_?!WW;vx7OxbB2?t&;{O3KzWfs6=r+ykk(J_&c0%bfS0_&P_`c
zGsdlJtxZo9d*E;287Ho5ojoK`?0}PxOBB1tuWK!Y_rN>g18_w~q7Wxx{-KGY54;u5
zg>M~}D6WM|k4HM-x8R#6tZTh?c%sNSd0p%15s6|eyayh9%DUDWnTetWPR>pg!%kh-
zx&qz>?}HD(*(0%@+;y$X;eqfDcsM*ECsDiz-wAv3*0pAgN)*dsFT5Jw25*8bqZ7pz
zcn|!QoNi2_Fy~`BI0fDY7s8gY$X|E{Y=<YEkSJEcYvKFheehFo?zlwp4ZIq*6kxfq
z6;3`WQDnng;avDY8S)EWR-PzU6s~LC53hw&tB@~nBfK5n1@DCiRws&s@a1qy5r)GV
z@W7dgA|H0avtesZqS#!F{nL^tw!wqXPZYc1txFTdK6u~-*uIJDS`Wf0aOtu{kp}OB
zbKr3oVtMf6a3!345y}a?0`|ds;H9wr;zY3$eh^+S=Ua|^fS1Eh!GkYJ6g%Mn{2u&0
z{1rUuQmlW{y4LM*3Ow*KtRLR|DAo%Pe+=t|8{s;5AMAs-JdX9kyPv>%;oK*&K6o{}
z6W;p{wolHtCsF(i?}vMpV1K=f@&K=e^WlB)EI9i;lnb~8UJmd7G*P@id0p$mF`7s@
z4fzb`!E0eJ{2+YGX|g<M;tO~`d}^sI7n-;V9u2=!D$9o^vZi1<cq+UHz738&K@<Om
zGvJ~!<U4#F{2;s)-jS<`PvFrvX}Flg@e22WW1rN-NH}|oCicVo;Gf~ZQ<~^ifqaF}
zg)8Ec#75W-zX>mdwLf6}@W4OF`Y1_kfWL>ofww0liTRbt_rxTz3Km+DxE-DZKLf9T
zUxjzW-@>^`Nuo~`%2&4}aX-8k9#D<)(H+Z$1MsA&s2||_;2D-A@f5rX-U&DMND}YC
zgHw{kSMXlgJWbYHNg@S)3w|7~?VBVTrsKGU=fel!i{NpoNGIF^-wyAGC(Xcm`Xz}^
z;9KDz;Qg>R6Vvxk68+&8co;nVs3egKrw&RIpTQI0duAb@;U{4G(MjS(c$_s!j5{6q
z0<VYH9Frve3g4NA?Sc2e&%&-_lf=vL_wbu=%ituj2OgK6BtC#Q!k@_RLz2W7ayjrf
z@HY5Au;sWU@iTl*Mv{n`jr}|{NhH7(a98+NI0bGQmL&SZsmEhK%J1+o@HTh|oH0B}
z951Jbv*FqiNn$+w7JTY#S#KtZLbwzzftSH$@Zgb2q6*#&Z-rOnC5f?TVE;atBue3y
zpOD}1weUaA#PJ9Buwi|zNn&a}#>Xa$Ti|QqHFne&aJL4ezh|<jhtGjOl;2a6g|!jo
zyKAzjfCp|di558f9h2AuU;C9w?16`WV-gl8#{b78a^V9Ov+%;PL(F0=ym6FS?0_53
zFbgpk+x17Y$cDE(XBM^a!57S81-#;)X0ZkKzGfB&;MDic!a5J%KQ@aB_}VYcq6KdJ
z$t*U(E#?@p2cDD^BP=e|Up-?)F1&wGjPSyj4~-FP;l|7uu>-EiiV>m-%NZRbvf*)K
zVni)GdR&ZH0mq&kBeuZFxiR9v|Dova<9nU!2aaDlbIx$$qRD9Ksurt`x~i4Y)K%8c
zXmnvTEM4W$s--V2Rt~<^Vr6n+7>3LC-ObtExpsDQc6NImhGDoc3{w{lowD?$VHoe<
z>;2dB@&4R@-k<Axb6wwKF!;Z9hIJwFN$U(33r}8Wq_Ogpbw-GjF7sn@8uR~}eO59*
zc2_Y!=A6U)Sa~k<W64jLKgD(bQ|8Cg3z#2sE@FOc{tfeE(<RK0nah~}B0kSAXMXIv
zlKC;`TISdC8<`*LZ({z7SzinDqjMMY<K`~r$JGJm$BHrL{|(pIF6Kx3e&)wn^f8=c
zesmsYeq5es{yOG+l=-pvG3LjrCz&7To@IV)eVO@xi_6T9^=~sjuD-|o*tAAF>_hVs
z_VoenFlSwkkwPOU#|Uuvqd7*5oAPt`E=c^T9K*)7!W_fH#V_UX9huL^qjQW1SC7px
zvN(G}j$zfa{!?-c7dM}pW2AAlGRFw9_^ccw!973DG0flb{<S&Ba4`30%#Ve?V18`*
zCG%tWd&awr>+dqg!`3w8VcD&Whc$OF9+r$T-WINd3C6?V9>&9^S;oVb2N@3wA7($7
zbKdjp2h&fpA8dYs{b2SV><3dXvmfk!mHDsWeg0p}k7chjKjy#5{J43A`LX;R=D(8b
z`d#M7^7oh@v+pxMHm@;17VNb*H-+qf!`_CClev2v9+vI1x8Y;OVS5`9u6=QDBa4}@
z)BX><zo3mR$I%|c<7uzuH`5-MKDM6k=H%mB>kaFVynmgz-f*$|<n=}x*Z#2H2(kXg
z^+tkaH?23!Kaqz!)*B8MOs+RlSRAc40<3vzy%FQuTk8#@f!A}+2E%U9&#euHhnc($
zhTou{BO8neox?U5S*-lp2E+O@`T6b!!^OU)4MrMQ{0&Bod1zckd_Ch~_05cj&fScM
z!8XRj((R0=?S>ieYSuf$c$hoOcv%1N2JUgV4j<cKBsl-<2E%M5|IcqQ9CTjXV5G3=
z-y4iT%im&tOdpVI7=PiqJ}B3)u_-^-@YKU|4IeANm}^9T(e>vVS*$uf*RcM|IhN%b
zE>_=?Yos*}a*Yt(L-;;=4eysrd=JLb+<gtZNx#4CYh<yW?-};BjQ2V*8uR-Zclewi
z_ekOOjL-YH*UP>zg$d;e2E=|pughI~84*_SKJSfj{i8X_`vF>0<V7E7PxCpN>}9yv
ziUH1}F~j@ii}b?^v?J=#+C_i$9`Zqd_g>ch67>(W4|En-2jw2_CXSybFE2CR3!FQ~
ze`o(_zsU7?FYU2xH}&rlV@kNb(J|Yk^cBWGs7-uK4r!C!7#!XvC9kr-&$Y<{{jDR~
zq>0!$s!bBKj%}0Tf70)}ZPKWgx5+%3KWGzc5A|oXN$V`1e>g^LR<}vczsTpgZBm8N
zPue8!KH8n%Cf&r&m2HwCj&R|A*7*m<d4T<4fWaTzr2IAF#x`le?9FYm^dRHk(k6Y+
z(7%O!WbroEPaNIRCiWuU*(Pbqt-Bc)gN`;SAn#FUo8)W$x>z@+a1G7wHYvM@JYW;X
zTj_^pFY6%>J{D_!v6eXMV}8tHF8g)*86T~IHrcHE#|6yd3Yy#6q>g;p*o+=lv2SCL
z`N@N|y-j8{4_NVU+6}cy1I9Ru-f){_sShz%^EAS`Fv1$NM#&?3SV7)GT+x0zn3vcc
zYm;Tor%E2<ot*PB>z?F%=4gkF#36R0ImP&MdL6TGw6Po=tVS18+7BBrzyPy2rtM}p
z4>azjALr%Zyv{dEeu%C6$k%_E?}0W6iQPHIBMu&7zgj-e{11`GnDcraA8!+n*nEQZ
zp^K9b>Fa=eJj}RHwMiu!Pm>SY`_Hg%V(Zy9i7<;<ZTB4Q=h;6N%<B(K<N+<LKnFcc
z;}#6DMcXa0PIPe&eM~TmtJ?2{HZdQe9E&hQSAWd<dz;jwgFc4XjS0qR{e%9PLi17j
z;TY>ry~H@g!OP?e-B-ykdV9z#TCcJG$Joc~oCmsZaQ^C>tP6v;xSnI?dz<sYEav`~
z@mCp#*nF3M#P)m4M{In^Ixxnf$62q@F4gE`9j5ncmk2{#zzFxCwXR)?pCI15UDB9r
zXqQ>c?$<8nlk_tg2c5ijY1R2Z-Y(t5c7D68V0dV|EK?qSqFtN?*73=9@iBFHyDXvk
z>2@i4ig`ZUF12VM(Jo^ceZF0Co~GTVc5yL#6ysy`rFNM|^DFI=&-;Ogw!Tk%wOzJg
z3R^J5dfq4OV%Ces*IAExH0yYlJYp5vCGC<y4<qz(0Rt?0gYk|b55&>2?336$j(j{v
z9vt%aoW4)e598z8W#jYoD{GfhbWUiOM)Wbj2q)1hZ<mm9ypx!R*!_OH7)!(|_YrPI
zyW|lkC%21-@hR=nhpyW$t7x6dx?W&i=wN`=7-9+ivzQ`IpU!+}R+4{o(D*y!p3yE9
zX#bErp<mT5yD@tf`JlgXHtRzhV_i=*?e&M)&73#-SW9_?0da!Em_EN<%DMmXe#tpu
z^qY2Bqui`(mn^Yy3Hw49owsO*m6*a3?w4Y$LHknFdThV|TPXK_-!6079+xnUS@bdI
zZQ5ZzMp%sAWvmm8E$pBEK4yqxj4;6k%;FwxcRA}t6U}$XGZvzc<rrZ#npbjtqm2dc
zk=H-45A?659FxCrPH6v)e(y8>b*xkS`Q(K-xsmH+m2$MuY$lJoADq>BZ{qr)+(s82
z+>9>PV}z~R?`F;yEsQaB3-d63h&gNQvxWX>-pX}|X^b$y1ueg=U2;DlPiSL;9!9sb
z9<*9{ouP}%n7V^}d`SB{S^t6Dp9Zui4%)arF~Mre-3&2?9rUL>#srNn@+HiRHriWx
zy<&vJ==LxVCRk{2-`mT1Fpk~FJj7l<<6?jjngi?ueO%G@ShyGMw=vH_)Q4PG8e;{T
zgUp8kcB@15Q-@hM?XzQC_xg_urpe#OxZl2){9)<=&IQAVxW4ize}wA_(~q$ZG@j<V
zKA80_aowVwa4wj7jd4Hn5hHn>>*?dn^FPiJ{r5O8G;%XicnI@u%t)<zU`8U^rw>An
z^D>f~Po6)6>zKDNBh|#I&t;?!&7zE~Vf>|xR2)iqaYh2n9-WaDG>*$i1O41@Wu)vd
zbTZP6_IER~8?BQvvMGo8um)o+`2_R*AR}q@)QrUFpPmt`fc>AHkvdF%lo4OspPP|c
zV)rNP<C7mTobxkMkEx$!WRZHWCL?p7)aMx)F%M^+i!-tr!@7)A?aeq?i_vd0GEBL7
zX-4wbGY+m0`<KywKlX#m=x$-0jkL#-kFt-;$p;3QM)Qh{WH60$Xk1A@Org0y^I<t!
z>5Qbf{#~@lcYr0B#WKzFA6OqoIEPuxYWW{oANz9AV%=#h*7f5sx(yjISbu<<Fu`)n
zVzqizM!M0yn!I5O6AW=p>oI==^^J^+DReQ!TFhdj*8hclYCT3;k4svQt6KlpjO67~
zk2Z!_fmy6U`x>qbt;ay?aZ>AX5&dg9&wV(*zh$Hnv)9oM9X}&u>h&4P*_ZxkVH%6k
zx{-6hs5v9^=-teII5(q(b4Lf$7-P|=C=ckzdB(UI?Y4}xU>ZYAwH%#$Jk$OE|1Vcp
zxpW{Y=D1u=mm-FoZAs4Jy7VcO^BhZrkkeL)k+B?N<uIB<a%w1Y%xRLt3^|4?lTE{7
zr?%Pl+xPd+-nZ?&{qert-h02Eujk|bcs>f`7{u9F{AJ`@bSx5gWJhwpIX-4J?0#_7
zf4_0#Vsp{{M;jZrZ;@1*?i^1x(<|T{`6MO!{ovhkl$`^3%7*$U*Q%e{OxP<Q|Abfb
zTC3lt$By&dHhGpitN(FB{WeQB3gTCVrcr^(8fxY5M|7eea%AZ}gDHUCv6Qf$;=IFc
z(Ng9eHB8T6;jA1D0QB$?T7et>D*Pi%|JSp5lkd6rQUi__Pc78jH2l>>K;3sZ+EXg2
z%{{(@J3Yu$p3cN)NJ>oM19S;HC;8&nw^GfA@PIKU&~s;5wS+j3be~0i=A|nPL!i?;
z;E4YPJiJO#o>G;jb3+hFX{`>s2&Dy85H9f_#OY`D$L>yO6$SjnN$!ENp<x?wpT5ph
zgj<qzs%xxJ^D40wLcGIW5cT|zXGP62@G^m)zi@$ZVhOXLDzUUid&X&Qk@U94K2DS;
zjKmnZYC<T1$7*m7qp#KK!*RWO@eUVABNwP4tFv|6HdZ-&ca=b^kZAcbr~R>R>A6?Y
zc8CpN4rKcziaG3Qqf|cp3xHWsUFqD7H4l<LG_G5z)H)=wG-MZt*htCi4ge=n+*Jgb
zbQ_vCD?7Z|#`s@gMe1>$P=a2`yT)=(WLa*i8DF403kekOBEC_DgdKF-lwKXrt{<V$
z!&vQ(82bVbmoF`@_hG~4sJ~EQ0Z*y{^&_YJ7F5H>U)3}FLR8j8Gm*Y<vqw$7uSS{r
zDT|Nw)nTLxvB~nBE3wDs?`o6$@7DFwTHSUMG<XN6s16AZes#U@R@WSyMC$RW0~wP4
z<HLTMz!S>uNR>|Xzyuoq-91%Uvl87vJGW`WzK#D9zkn1A`5UG9!edPMIVpFB?Xmw;
zck^x_ybys7HI(cuw4cvMMQ!oUlbdjaUItLt*G;AGs!;KhA`WqVXiGE!SbU+8X#$e!
zG-<u?xwTzilG`5RlakI|4o5}bL9_+_n3P;h3;789ushiG0=N=Cw{;Rai25}DH#zIu
z9~{f#y<IX>2;GEt*qj3;7I8o+x$)?va%R#v{U}d(p?693%aCIcCo{*yTwVSBG4tRY
zQ)}LXO{?x}F|f=0f6JzGHciZ{|Ep~~zf*Xc>smYh%4<%WLncN#*UpyLV%*A31#nre
zi!t51&DUN|hIZ$=I_iI2(jJz3R(rS10N&jTPk8z-{(<LHi8+6x1?|DG$XX13!2uH0
zaV^jVWw17iL`_h(DTSht8WRO*S<Bw(&p3chgI%)L4(MaA0v=NVj8;g1K2d~U>T=`;
z9IXfSUtFrCQ45c(>#)N4{IV8%D)GKN`;lwi<=Ccc)099HI{=n`mW277^cKKJe3DU+
zN_fhPU9uu-%Lnot_tUh!`~NVU?IPThtR+g0O?j(Jq46QQBaUsDox<x&p~A`D%pUlC
zr(r#`&~_72#=!wvJ#$u_x1GmuQjNtH!?it3r&^tpypH%zU;8q5&r#Fn_|NO|<3fUK
zIA4`I;Dx*=KVemt?=jr@_Owic4ciZyru}u|*B)G+rh^}gcN*1W@=U1e#vWntBG?5(
zux3<V=>0WKLTGDb!)2Oslim(njH77`*+^22pG$CLFLFODY7D;{Z-*BT4M`Z!{UCc6
zH{7-=qH~{0ZReZY3%|t_x0!P}a~iEbMmmE?325<bP=6af(Z`?}v`O#8N!6&Ny3jkv
zVcpId#Lu++o2e@SXPU8$N}rYt>CL+}2X8M#gE&`;jRM|RIB)77+%7)-Gs#ie8J@c0
zFJJ>`B|h$NisBu6l9cEboSh4!w-1!(_TUdvivI`wWi^+!D&aHTP*fm}bPYO?@nk#t
ztXFsuHBKmC1`g2iT|w8(cHF4>PA=!Vs%pF;a$QxnWA&XuCU|u6tJQ@2j)(DIeAcl{
z(giPTlGb?aDN@<IhVc<{LKf4Il_<u!#FpETFY}AfvhVS577ztzIKw|L<LBYW1$Vds
zvUiA1IK4LFe{tb{LxN0F_M%iYqvV2!%~B?NSX<3qi{!s|KAM&0+^L>k=iH_KF(S2C
z2TSj|F#3(JmM;6U7^l~iK#yVN5TE<BJlq3{GG5?)kLVUQH1P$tJlCq%dEAgme{z6L
zQ07n0(!Tk$Jc&0XPg2!-)4P9AH;q~K&8X$BAgK`IhPlbj53a<49P)o<NW?cE?|H!5
zMAF4bT7LfRxs?e{z#9zR7Ot2m%v-fja3t<9)*J<JTMHc<Q3w`F%S=2l`Du6H!*HWo
zc?6fClNc7f)*R;utXWlGOPCU-&Y?ENk!dX7l@{@9ik;OA*Uu*L+3?!l$<AOCJ4BrG
zs1K5z6*=1VjCuOL^Y?V_hZ)_AlnVQvz2QiC{C^#hqbI`HJCSvl$nz_wDiW`^7p~+?
ztV}=Ny44jd&o5h9Z`<nZs+P~O_maX3gRFLj#3RlCSJK))M<T&p*PRTuN#l*vPj<a-
z1xx5g)khHHDp#!gW^aUl{Lg^v_j<nn#-90T^56}5{Pu}k8tvKpitSF)3hh&VJ*o9W
z=-bQZj&=5p-_YI;S#7*ktunZCOG7x%P+UDnU*RUUU2kY?fX?5jvk_4U;{lAHH|i?N
z_CDQktVDdVYD2X<Wv&*C+a%r&sNZ1ZBSOOvlaTkHBbveFg>!cl`ns=w<}Iw<xuv0J
z%b{)`!U`jw-}u~0i+rxrNsD@J`?*Z2-RUZX-bBqC$OZt<>wh#y;-qs*RV0XbFPD2W
z!`pXKQL|8mmAf4{`^VW#GbdC~CKkp1q=ZZTlXQ@=2O+A}7bau2@_NnjBTt|06WE^&
zq92Rl;{J!);1{K?8${3T=D7#b&Re+~eBwS$4l=}Xm@46C-}e#Kt`3PwV&m?kbi(1t
zI#l1HnpyGNHFwsBvglkWe+X2QiH%}9Xhh4ld%v28qJB}<0X4Xi_}zr0pmNiJ>+3&%
zsdy1t!B+0~v`K;Tc+c#9c2bosR7WweM@wG?mqTAtk#Qj%4Z&5Eb7PjE58s8AE~rhQ
z2S$^6P(SikDCJkINFjY|YKriY2WOCO5oObA!$aWB<1?!}dA9@Evnq9e8M|sl4QX$y
z851t88!4z2CR?>!D)q0%Lw52m=HPy^8)%l3Ck}1bteRt}=?fz_T<*!P95aQu2pjCT
z$2_%e_|y=vN$NSEc)uE<AR`_<(5=fYePjQ0>X*j+7g;{rxU{_pT2M6KLeNcGvk~ay
zzm72l2+Ldw4@~!IBH)s$QvQc=1JS-GVFtR<!(c{}KW1rH$|@gzm^yT0NfG`-8ey7#
z(Ss7JzJ%q3F5R*49@LTb9R)Z41@!pAcSLPhiVUFOrdhI$ce@3Eb_B2C`b|f(qlO<@
z1%H_ua9Cl2F?gC4@c7tGm<*|g2}`5q?+wUuWp1^{D4#58MAF6Q($4?_l$R3p^|+?l
z__7Uo<#C=G$$u0LhJ=(2u~s&U7YNUy0<mcT-Q!auW=K%Bt5zaUhGQ*0abZ7Qn*r(v
zwRM?k-L1{tVy8~lKVk+Bx-RA1^Bvm#oBTwzhPXsj%eG)9Tg_+TEfTFvC}c$*{&bTu
zh5Y-x5VI(LGYl2G3#f=bLxM_o%6Pj`pjHY6+sBkkyPRl;7HFnq^I>x$=3DBOW!vuD
zrW)nQfkN~C2ke%p^*`@Sl?JbQP|4anJV3^1m()2c@SJjhyUak6A>{0SC0^~<lxKWw
zcDM`nq9ez$8J-h;s<or*Ux?NM+mC`84g-JwFth5n!ED-V-Oe_Bke68dX>e?#BqkvN
z^<Zcf-Z7a8RVtsREjNg=EK^J9FG6~+HyN($+_-%pHoxe%NI-ap!oLutHV04M0!g#7
zn~3K>%)gavYbKI?d)(7iYC!nN`{3#Gpp1^B99S>IDZBtIMSVUI)=YbT@>+-eSo8@Q
zo$jJUV}{dVu4h6cc!c)+2IHPA)Y~o@<2%Yz<l{<GJ;n8<aHtZZQF68XjA`ADJ|2*O
zP4;g_&qq&sK9;!QT}v4Alp-Z|gxmEA*-!01#Qx1wXGv0@<EacDym?%v1QP-o3UB*s
zljG8?^TQOgb7rs>C>xOZZgvDiJ>xNkqC8K!FRJB~>`0${y{41KKa|5dBywK))(xGG
zB<^4BF{u4+&vd#m7M;I0(adrZoM;fA@EK>v?LV3`NgA&FI-+2dyL$%cqcr$uN!v<$
zk_IszovfB<&9mcwt@0k>sgPZ_4}hFYz%HWcql3Vs9`ArRC)&=_p2r*qrL(enrXP#R
zt_`MyvYf7LlgdMS+`gH2WJSNt<8J6orY~4^dB|p7`{FG(Byp2HE&RPnDiBD`Bpv(U
z8aYiX+dwQhNB5i@K_?jQ=&hSu15L2eAkqCLxz@l|-2j%YJrmwyB+7I8Y-#osh_ley
zOk8(FArM<mKN}B9lQ#Z$_aKX!W;!&?GcE3m0k=nA=-7g>;3wu)af?@0JDTI}U8hCi
zUeNX==JtB5IEti`h<WB`rwT%=$U3#QDvESgQ4A1U(`q$|kxap~z5JlUQK7t=Y3`HL
z*Q<$IPg3&lE-|z3rB&ZD^;oCe5bc?lO%Y<L0vn57LNINkb3NJjz8w9h72!jd#~b2^
zIr5$u$#|}jS=Qr@XIr(G?3?qw|4U(}!p@UNd65f)%x2mkdOg*0Wu$ZJ2RUVGIOqmk
zuL{W7w_j}DjBD^v$ZRdxu1!y@rJ(wc^Fi6i!fd@Ex?I>K)nj>OFfQRdX*}P}2<V@Z
zL;eIw6s0^u0FWW-Z;gmiU}p#8EHxD=klLb2^_;rrD^O`N%<&_cKX}LuUX_~?xHU5Z
z9-j{j868w2^^A7Ja=ZQ@gKGP1-d<>%XF77yxT#%k3R8Y-TFfLX{~12_E7q-uHqRae
zk7DM@imC1v%>+5F`sMi_1+NfZkWH(B2W!-VANJvXL@hiNnQ#+hgryIHwX1!&rC^D`
zxwuG-P8iaQmFItg--uz2s+*IUqY6nSTO$v`j}v<<+|J1p`0~s!LATpEfSw>2V+3wk
zBXFx|j!h%kX!s-U+6>GZ!)7_Q<L9T{n2YRdT&ve^H!;)Hr*RdF%Ua0*f-ODzGwzR^
zUhtlNdJZ7)SBI}&YRj(<f$v0$+gnMUq|5N;T^Y6nzb7jt@JYW6H#rV79&of3?GL8D
z8vsX_&ytH%-C0H)Wewoas^sK1dH&bkf-9-rZcpW22puPn@oTy2_*uhL_n$gcSP?7?
zvZkerlp*QkS`+#jz>Sy$em+l$L}oc(-rk<kOGlP$FYA3NOjhI#+f%W8_X7i-F|S&(
zhrk^BI+lc))jQnvf?dzgUuq;g;s(p^VA#&1=L_dSlXM2}Zl95Kaxu&KP&6_%><fEr
zfX)@n>g}CRg1GSW!8BTNbzdt=H2#tTZ0mZwM|5G2Z9o`iu)gj7|Dqbs2lOiPst@xw
zVT(DFSNSblwx6T6ij$0%J>_aF7T4+<lFyTRhmw+BYe~LmXFEqoGRG`&7LI1oPv#&@
z=CYm`4i$^`XKC~_?-u_<k9F(YpbG9iH!TfLB~aPAb0e@8sa6;R7_g=Qak5~jsKNE#
z5=MB#Ho{TZ=xaBe?|oT$dlK1Gob$6hw2aa{rPoLy>1UWCK*s!Rrn3H7i6n8!OnwxL
zj}u#bJlcQAodElalKP|+{o|QfxTYj%2oMU&_WChlBR-UvV+l)-Z{FhXJk)WIQZhW7
zp8R^`R2%MhWyaL7IpeMLwGM;;k2^H|h6xC_x)5fy+i$d~M~!_cR_8TG;D~uGW7%Ve
z4D3o%LNCP#2Tez$94_7znw(7)5_#TB0Ws4LJDOWD*N&*CZOt4BIx{ijrN{Ym(jOBw
zC3Io2Gr+Z~kf<NDkZn?519jxk^v@bWB))TXmiG^rFGYaD0g)kmKpEuh7{E{eZ1wr=
zzK}~Vr#PI4I*k-s&>?q*Ea@QT(wnI_%Fo*H=jiGSS4%tZUAm!PrtoaPof(U<6nemc
zP=U_g@FDk)=7+vAB<aG8*c5v>Q1KZjfwAT`1#B%o?y&d<w%Up@VZ_-Yjc-(@y^Eqy
zk({`-g$YYMZL68?gEuq8#Bv_CbvLr>OIw@BPAuERb60)A{=TK6WJC|_${T^jpG}6x
z@7=vFwEBZgSKSd>p55%)5O-ev!n?80ZUTprxR(^EqIaH6QZ51KGXS?CrC(qjulY@y
zYfDn+A+t2;LxJ7)oU0o<Ry}UY&n5u=Yy>wMKuvbTq{Wo=)UE*+$cUshC*OBgyNPZz
zKXG+(>JJdm=Iax@a)XRd1pYVW0HLXU#M&qfl*3Y>+M>AkKgK=vRisv04r#jFlPrsG
zvd|q#*$)c_c+j)NzDvJ{1(iwPe=7+s`<9UJ7npGG($o1y!v^W4fbO(|e`&}QnJASI
z{TwJD@G+>#|M7?9MnhzosNAT?Q7H;gD3+f`hgg|Wk+a9=Pka}fgJxb`(hE$<0a?e&
zky?6<jHd`G52NFHJkzCLjsqw1P<%AadQv<GftIrIuJZf&^Py+53>1W?1j_E@Acdwp
zTb?$)@@sz*11B$Y{M|u#lcMg(m65?SNc{vWI(Se(ysW4!+WFM$=ez?1D9A+2!Ll1}
zEt9I=k9aNzOdgrb&TFFSPChrykqp5dDQNcsD$ss*+KSV`pG|48D;2s8#rvlvWkPfA
zwp@<beRnk`HXM;IYJoF|3mDVTlK+JvRYGv`IX&%;?W{on)Z6wB-x$aGmh$%h`U-aj
zjl(}0u>xe}^hZ}T5A#kz<>|rfWldw;hv<^3EI!KJRmuO1re`)wuv{gr9APVGBdSVL
zzc%vkT_3S{7#D3-1)_sC`&TG0mV<H=zaDDOO8kvCe3b$XP$7};${<WXDj@G2)1+Xd
z^+}cKP|AOnNoaosk2c8WOOcfqe?lt2w@orsC_W=O_S!A=c8O6XD!7n`QH{C@|ASNW
z)hs^+db9fLFH7Fp_xG;zpsSB&q0&b@pR(l8a%$rhJljpaDT(w7U$P*y-aa;_Z~7EA
zTiZLHh~-~oT}@Ol1grx(hnIt-?81~T^P==66R*DgV+H#mQh(t0704#+=|N#cK@1Z2
z6ebe))IS0cpzNI4uC*Y{P1La^!2?z>t{fOqP@018PZ3?k_r1DOATCjXIvpQ+4>qLT
zFuQLkFXt2SMO3{Ec{K`EIaATmUSmYl!fp>7%mtexRs?(5jk(&}rcysOe3PMnwdcj<
z9GoH)N$ky}Pe)IgBV)VKDM~d$D^>D+v>@Tha@FCowTJ?WKA(1E5%s=atq)V7avoeM
zRQ}Jnj`u{shHW33>B#glI*Mky@25+5hRsJ6B)LEzdX)}tBp`W?c%c=?MqJLbFZM7W
zV#5cHs(qisd@_ulx&+QrYp|vhylZcwbeDkSFgc%LYME)j!&q|&5b!F|lzuU$i~_fR
zs$#d0=@ns1)+;@hvA|En3(xb3_Vm_mlEQv2crGy0*3aK+-XM1lsvP|zY15usbl1S~
zLpJXHNVlE=t+6{dGiTXUFOVuZiC7rSNpAoux9tY4QT$KTL}$-oQ7oTsaGTP|)bUSh
zogL!W6bxak-McL{%)8s9SY&p37*wFSL{rxr5=#opZ3VgnWJ+9kW!P^9><7R7bHZ^_
ze#R38Izn-YR#}p44ZCVc$ZN9^Z}m)@JkB$9hoHP5N2Ez|c|e^@P`SjARD9~jwRy7<
z>Z2GSJvUH*cwlvM*)u)7VJ0a;XPN+I*;pi((>3BjvoYRRsM4FHlxv<<LLX33psWd&
z{r9{W|C(u5I1=<R_&DyHa{~>uYCo0qbWeZas^2srnw9O<FdOgIiqV^)$*&goHelLQ
zA_E=|QUqz13)@uNIr^DRp&lmG4=P|*MyN{0*kplLO$rB^Tgr1PXQ97{|Ac@RA*Tyi
zHS$iGlaDF^!`ws}CzT}6|21GNX6wb%-Jjw|E<0kgB+Stwp*BFQ=IyD$L7Q;y5t3&c
zF9YWLWWDGuq+#T(exaEW>bQmwz&(@h{%A{2AB-=#tZnv^i}h^Ad%|=Qf1TnJxiNo>
zi3;=}BFCI}ph;3u{v6WgblIyKlj!od3dwXKGd#kUT2i@9>@YfwVTrLsyL5d!s%ewB
zR-s0qTq`BORh!qJa{QhQp5iZio_OH;_r)-h?ENWwDMR$YX;SjqiD2Zy-^Z#;7KZ*p
za6a3-P<JK$mC^AS^l~jwMf4=k+DK!m9-)+7@g+6{2xxC7oxS9Ces358OwbGj&o?9r
zAP9qoy~Yin<$!yZ)UGoAtHgxACknMZKRyVtpkA&`i=B@zLuOlh{2d&OT)WyE24uFN
zqGZ?zcSPOYjWZM0Tp^IEq6us>0i_w+{rHodaUt?Rg*R|Yg#IjHOSL*Z5!&9tmQmt6
zt`#ZB*twVpe)+20J$~Smi&~V_-{xg-=@JU0Qmi0Bun_aOH!9CVSxVUjT0Q56!xS*U
z59gmxrgeeR-xVU*bgp)29~$AMb8epZ`)2LxgJ<(@A6CWRN+RFN%WPi|eYpQvwkQ<?
zlWK+B2h~`nk5LG*Wti7A=WRJ?!$+N@Fz~<!kRRi3epU~<`_<kbbp7)5)-ckmT-130
z_IkgmClX)Ky*h=zeP2IaJK_>hB-w(IplLzJ!_D8D^%zr@FJP1k)E9vNQMK#B@`0Id
zzmp>X|Hp%2;6Y|e%WC^QpUP}6WvN&S8QRMl`7_OSl6E?^FR1q#L+~V)BeqknhCf*k
z8aS=F@MM+VEeZPn&6B%`^8jd*vv1J@<%)D;bI%Nw8vzP;Kp%}V78>}ze+KUu;hjHO
zL?g%0!(Xp0lARl*?lxQzzoVaiOFsvkf$j&4w5^PJBW~u_<f78i{t`F4<k|P}@O1vG
z>@$V6`e%&=qn1mO?G-uTBs4MJG(&8X`peW~w9`*ZDpY^BgaNUk2~G9xdyKMQFp@Ee
zQ^IF_1GmSEGfWtYy6MtGP%QN3C(9?F_-ugV=UL-2bC_xC*MFogRzz@BqjxK+rUo?I
zK$qmSK<OZEhoX)5Fd($vlLk&}k(SXJ&?$QLfmZRq%A9wUz?;HIabqlM&TPof-!caz
z>Oqfm#xlUc|3s{x4q?zzQWF0;m#J2&<+{vh)<oG$If-fjWB<ou3K~e8R0XZLQs@y4
zas)p`p)iFJEpvq8pZPqL%Kwv8*2q>%GjI|9TCiTc9FY?HPmz&8ma1ypH(?41v<&^{
z4Tw8g(e^5CpaQvN`aLcGWQkV(TI{Iva0MW&-12W}E(B2c`|)TJN*nS#?scspu;!e&
z#t_3R&HZxMZ?RTOP%%4^MtlZ6{2B8Mb?ivBA|Deyxg@DbtPg+yNcpV62G*d`Qdi$u
zKggH98H2xLMTZfCzwd-qo3_&#wCsDX5F+oyzH8#qY{Cq|YLfH&`q+_bx1LfMTA-N7
zmEZGW3|5rH{xbXCleR8=yl3}8a<UdC&iVLT@tqg&h<{`!=LynyYhX4&Z@|`P#FV<y
zfKl@f1yqdv+C7~}+^aR~!%$<@_lGT4txBbCvL&75Nh9nNPR@-m-?x6;Ta<dKXrF+6
zeg1uc{pfi+R5bq;=a0lGrsb$WZ<=gdI^T?za@LzAUz+uMO=~VSVb*E*0=WsHg5kIr
z(08FqVT@7nqSj8t*UQ3L_$QMP5GsZmxBrS1@T5*>exiAipx7Wj6E!VW)=oiyH38p_
zE=9#!Reu_@7)R87v97bHrp{qO7s9PVh~C)pIIo2##z!dY>PdhfYZHr6T|;uB!hfgb
zX<g28HFE!tJD}`vBXFlrr(Qs+_}yZzIhTC5_~QCc(sDJ!eF>h_wZP=|#C93I_FKJ>
z+7>&-Era=03283~l|W6ch+?lF1v2f<yHWDwsvUP^UBL@>JGZkE!mW)eKGR0{dO?zI
zd%dj|6DJ#8)|>l2n{e=LaXDC`^~-YbBhF52yYqc{>cL)oG?ONlxIFxIKyashEM!~|
z*%d+DUyCXR>5lwi<=uZ;)_0P#9@3__d_i8M7KKFbI<XQs@uO}tQrS&Y^P}<Fs`1Td
z-2l*byhmiQE%VJz%a+tOPj4J0h}!@TQb%Wi;cJ&w6g=m35`!(NV3w`Yc)>h`nkvKV
zdn#~?EWUleT+I#87%4}(z0@;yfQG@l+NK~wi+u)@;tg~Kygk`%2>;BevMbUdAF@U7
zQw@)pA}8CpyY=ZTjfc_<)d$hr7V5X|f6cKu<=049&Zw%&gNYNR22m$Q-LYUT?3$lx
zpG`)USeXqXNV*kqVpP+|UW|n0jjC=z%YR+7X?Z$Xi>N}TC}5ONNu>>_;+ixt_QxHS
zH36>@)Tv+goAqgH4A_%IP_jAQ*S_oArY(J26_kp%igLiu`W+wr%xoLnR|M1+2}~$!
zjSBheeOqf~3i+c{2F>ooXow$X{<!0%WKz40dt8oSMPshg_p|v_BQW2~=z`)Ytb|@D
zAK>FyuFurM4{l=+RX^?KVwumzx4O~($S;MpQGu35k;?g{A^Q)OpBZ5jc+X73Rzd1?
zz=|X1Y7zvb-bMU?Irv(&R$_)IVe)fRp$8{9c!njXH=Uk*-(ed4^aYBgYOb3EylSBf
zf4ScUpyjCUy*s%2nRoystvMlw!=Ps7l*(*Xes@Af&<Va&#?XmOwtSIG1t9@Zy?di4
zN~OpSi96HU;gs4Ye7lfv4gT@1&X11Gw;QW9geXMyZ!=-ghrxh=GYaC8&J!z17%QFd
zKz2nyIMEdDSwz%TDl$_RFV;`@+F^ePz(tBS+<}=TAbb)d7f=*AzP`Sb1h>*TA9nhL
zbNG2sXISM-4SQyA8W}M9cH4R|*zzud83vW<6s<!D;)t0t`G5Nl!*#lCFtG-17CWxM
zqNf&&)F@BO<I%^yM_=Tq8^eusDmRZoKc|id-oL=9UZs0VDL|Bq)-6WY5;r8u=!jsI
zf@2vP7`g%6?t`Gr5IGelUzC5G9uR9syMqWeN$Pm2{dJ)~iFg@E@6-kcsRYJakS|A!
zpBPi;W)HfzJ&&V>@F_wBGx7_qYrEbCLSB&ST*%ap_!12o`a=$slI%I|itoQX9w_mW
z_DrjdIC$DP{s%j3)0*tV8tu(zQ|1Rd=R9e~`@O=<**hs8Gp|^2!Nz}m=o#9~Jk9tK
zTPBSo4#c$K?0DaEKB+4lRtwD7_*S5{9{96PdbDD%TH0&)SG}5hBfro1FR(e<T5d!?
zolb!cpCz3}Ib2qPMgpn*zZ>;Unor>k?&FT8MpXF8&ZKg^VOKJ;`0m^&EpYgi&A&~0
zA%8iC1;{FoZ`F!g+$WWhxKpj@fvU%Gw~_R)(s3AI-YWIV<>U48p$-r~FS*Xu%r^fR
zdEON3mR-<c-En3AzA!8*7!Y{oW^t=PjDMh%xB35HBV9=9M*z^rW5_7)2{WX$)Z5*F
zCiY#m>C6BJi=1c^e8*FXmulOGw6=;xoPtHPIIlk}ga4YH>!7+5s3T7#tVq|{ii@%?
zCr$ag(9|I@*T5$rO;7VC0*Hd>Kh$6|CQ8;CC&CL;tW5tpHiTDGb2qZ)|4w#Gl(jM{
zSIF!9H`Oo156eydo*D6CYE8?`kNHA6T=~nIvKjEcoc+*3W#9Q+2bG$8iI-`$qXhNd
zE50D!n)G7YX4km0#WCju3N?-D!6R)db9(}=ywo4~O-9L%XVs+U0^K^zpIab^o={48
zDHG=-2mbU(*rHGT>o{{EJN6p4Yw0z5X2{dDv9CGDN#Z5Nl}d}ix<^axRboY|pIgpn
zgQXI?;Sa?z$^SFHW6@wQUNSZKn@vQG&(AZPGx2`P&#&J_D2l{3*%}-`t)ZMaPkueV
zR^JE5`L6$O?{$MTVx*<XYd`sSQaIduT7b3%#{M;TeeyvVG_i`HEH8J>6SbO!Jr#~T
zhQ=Q!Wz@a}GbV%9*tlE;)}u*VY>WL!|HU1ICWnE$S1ed@+Rp&ps7T&>9kE#5r<e2j
zb1IjuWk0Ots^97i_fU8aV!U04@l_1Z<%B^W^a&=7&W-Z937VsXL$iJc=Twpa{!c_S
zj-Q)FqfnWn?h4H+65%yrR<GBh?5cOIQ*#|wRc7IOAHl#`avC-ea)m$idKO&Ocjun(
zk3-`owaqfDtJ`1)cpzJK|Cc_0(~CUF{hCYt7LW=yId_;o<c!U~OiurIH1!Envu!2@
zNoI1UUjOgk@}%N8D<@9!EaVmDP{Xkmc3rLIuV-|1NgQfHW|9x$HZH3sXJSj0-P!6Y
zIGf);r>SY%_k|%AK%hyhI)X&JL;vqot58JYzmXoaXQ!iMzDvHa<#j5zq{oP-x{%QC
z=?M<2qy{-TViydtVcGu+jhZ`wL|nKL@c2a7YKP5D{f}PAXz891ZmSBAPVCGQPyz+l
z3P~ZGxTr<d%1J~QMwGOt?9M0!BUV*4+ME+;&x~r`w?J~Dk1>6Pl3B#BA8d|dYE$A7
zvsnHo$ro^6nsdCvexabe)y5bs8m6^<k}BdWLJ$rA(jf0`K4;DBNk$g|Li18A8`osw
z9Sm`}l7m;Mf+gV@7X3J>r_<(~etL=T6z|R)VpH5ANGzutwD&pz=eQj3P*s-i(?`x3
zRl>y%p&P=iHZM%mK7q9D6vsdV=Hr2CHQD$efK90lna=Q=T_bHZC-Q#hW4^3?+Y&Yi
zB;DZu_mw^e`0?oNV7?X1Wp1ioslbRDGwJ`ekD9uJMhnl{CA6;+avjgxt)hcK4e|vo
z9t_$<3vg-JGb>)1E}}qRC%`Q<SIj3hpe>B2u*qr6LU)SGwuhI;Alj%xNCu6%Q4-E1
zI*V3Um;y<OIr$Fi{?l!aXrQTWWHAzSV+EvHu%yCP=bC+n=?^@XW5&6u_|C4Kz*li?
zdt5!&vbkUp%Z2|S$4odhhX8N(UV-aeN_Z^L+oBy|z#ZZ2Dv0?4H(#*p2sf&spun5?
zgg=iN_02HgUKkmopRj57INxt>4KgY;Xa;)QBtPQQDh1lCK6|)ckWc~31MV{p&_PqF
zaV|GNiBOkwzM-XTy!tDj%rO9VPY<7rq3*<`t{P~j58=h3ExfqY+|Fya-@!0t?)!f0
z-DT5H>e3RN48QM=Bz!()j@T|7fXhH#dN|taIy{TpwX>nj#0}RM_G7`NaBAw1>*7IF
z52`|?b%857E@;OB)=!z&?i7BV4?`UeEA74ZnTWrQe7kqCC#nWgbAAh@dZDLgUW;GM
zT=SX&<``}@a|T7{rCS#cjH#S&u3keM^A^KNHbND;Yh9uZq&?p0H7GI(!FBdB;lhLb
z&|JkG4<_4iv(`s;es+0*Rx+NzbFIU!MyzP7;G#!d<<;Ul<DE=!Gd<Ugd+Yns{zZW<
z^wjmi^G1Xqk<$85HRLrLTh{V)Zot)1=+>N8=Dw#wy|t=cFeKvTN5xCUaZJ^ncM#bo
z3jM*{yH~>9r?DS@qY{nr8fhxIjg(k!^kUAOFRA6Js%)<<T&I859v^IY#1q9b=VB31
z^zcg9_bH%_&g?;8mY|H%vxO4d>}e*@M}|}VFl3bT1dnUM>WJw7lRWon28?X2VUtPu
zLb08xS}-2RW^x1_<Jfn!4)w5YlM9F2+$tO42n7@BTIK4eBqIL!j<*iy66RQrb9HX^
zMSwr!5g4dY{7s6P{H;R={#qD$+uJFfg+Mwh+aX%O3`xaeottwVh4N-!+fmNh+{4@e
z?s?Ms_H*b1ztEMi)B--J7s0ZRL2lgIc(m6@LyC~(gi+wmcuO>H?mJ*Nd>k>k)gV6j
zCfad^0M6z^?;G<b0(yT$*IkDXa6z1{4s^2N<l${#+RJDO5dYYImY^A59bol6j?|LL
z3MRFLAL0u>{`zs9)bjA(nU2%n4R+s=+|yYnNYjXru?_(5ZFAQ`d#()9`QYEB_B;YV
z923xozHdkqYv{wULUIElNZrJvFM!vu<ITH(;vDgoUeJE}oGDYZeA7K;Hcp7RI<z`)
zw)S3;X-;ycjFD7euQtBgGF@W`6!LD(C{dI3R(i*WG4fk1yIT2zjJ;G#F6v*wNzRuT
z9b0xllZ?w-`5aDkcy$?5qy@+8tHuX5@htI)rPOQ7B$d0up^lAh`{cH%eubsO6f8%b
z{8U?~8thr2GUI00GzS^%eFvGWL^xBxBV4J;Z?O;QOAfs1=(<bv!=KH>$uyGtgqgZt
zK76S<9_9QriG(2;WC>K3qG7vzUM4r2qjM>G1zIlpm*^0Zd%4?zIf!({Yjfn+32tgB
z2Ung%hHoEgJ-?B+zoCnV6w*^l_A;S58pdninGO+9ndk#BZ#r6^$d&5omBcFDA`0($
z&*@A1YPA_6CA5WqfD{n_^vypx4b5CBtYwuybJ88T7#PKWvT%4icJN8WjaaR!GdZc6
zL1JoOe>rk@EL6WxXreLMHEhhYs|b=9!)Cb(7!obklcuT8zBZox^GOw2kH04&p+Aaw
z7ThLP_DpI2TL8EQRMW$h*lb0&KTNGi`1Qo-tX%h%Fjz)v>PrEp?4)?wfW#g}E<hQ_
z`yesu&;2B^cscQ5a$Bl2JtZT4;d0{R??ZcXnpM&=5w@i4HlEUs+lyy6jbQq!gN3y#
z5~HtTe>^FK6>(=YtBy>})Xf7(gde==C);*%9z;?9l+mnC17P}7&{hSOmBK*@FV3l*
z$xtglO#-Ck*&lqr*hu5=acv_yO%>6HcX|hsXfK~RA`N5$Vb2r0%)}X7G}&S9U5+L6
z3AE6D*=uB;!4JHA^l2DmG^y`lS7x6BFL_al+gjTEz69zwBz@zw48cu=`|N#s@@ohW
z-AG&LKe$?IXpSDf*|sj>2tC>b>d(i1njw|S9Wf=CZXIUXmk$3!#k_oG+h|XvZinX4
zH6frmX&&LKgEVgM;7P|zlZe@*QtT>UoOIG2a1XYd-5_(w2<5L5@x`)lJkBkGw%KVX
z@`CgO$~*vwl&<FKa!Ve%o^zl@dL@$itjoWCm#8~8%|6WXsiGZX*y}m_LfpDcJ^^nE
zNu7hIGbl|zx!2ZSJ~Nn9&AAQ;Y%CvJ9#8AHXoHqheDEt(H1Un^ipX}mUSdBND?frR
z{LQ9x@WDz|5OFEN{Y_YCWNG2_slbBxq43h-KNPhSq)G~{hNL4!Do&Q8*DK4oUsb1N
zw9xFUERHt*TA#i)3$!6qPvovwG5%GF2vlkm9;H8TQ3-WV`JwiFL9bSbLn6ZOyOkEM
z6qcMRn7&$y&nGR+OKECoN=9e1Mvfn;ZP7dK1}&RieqNAY`tW*zyNBy4;l*kCt!-fa
zR9y(BaG5+UxPt$1&)xD}sQb&h1fEv){xU<cv@qav!N2=95vZ$9yN=@s<0Mi+i%X*Z
zgy~xFn#js<oHqhcoXYwH*=b#<Wp-%>i|+XcmZVifZO)ojZ?QmuFbzBuafuEVA)^V<
z$BJW~WPaPopY=r8Ll(dvm=s&k@)#tWf?`Rv2x(hn<3u~E>V7sDkN)q?`{W1i4MHsN
z2G$UweX)T6E8NREq@<Y(3{`1_Kjv4U?u1!7mY*|4ku|IT5kk}nhLX|UM%rhFCXW@I
zI;E%=3)Z4gBi&<MH%t9q6y8|Zk&OlKsWeGVisH1YbX01a^(L<q$QM~|tF4~vZwbP;
z7moXd0&{zNJ1+ELG0od@Gf{3%$G9|*WDVF~n4|)9{d}O^09`4JI1mFBLA%+7MgbiG
zPJwN)wL#aRZQkptVIxVR%}A_Ypsq=+`czD*g_ocGwR~IlNA2)xFgVO<{{>;JB!2>J
z^}uPmwq-J9348adV}JNY{XHl5u#`wA<TWP!juUGN@-bz7BU5|SA`NDL)$v5q@U@nV
zxxH)arLM?}04yqgu@D*XP&d?IH~d=u$y)vPe5%-v6TdqU0#Wx1b#puuElbWUi}k7%
zz@cv|o(do@@^_v1DpndQqG1)5;X-<CP<|Zx;<ZyPf<I*L!~2usU|*}Kmy6>%-d$@!
zvYNF+%k^zJUWI<+oy2BL{y^&sGG4pRUZ~0HPuVKcUTmbV+bu1&pTaJhYYZ;!=4y}b
zeH!t(=KeT-C^0Y-Z^jt3MB@IG(Xq1k!;GWw7x0y-w~JVi03kctw-B*V#m5!KkObOw
zH-Kl|$P_9n_Ojfqzfqup?X(7ZEd!nzcYOxv41cqhZ5HYRJ@yh6-8;M7(Xa!eS+1j5
z6de~w5c5J276JZVS6fr{V&TEdZVxKkugRlv<Vg}dk8W9<8mO=mY6f9|>_}!y*t9tm
zGj8k`dUzJaq!%&+9_9&zkBd4c7i-hLjLZ0cLs1YKfbNf$6k%Dn{}14`K!e`mX9W7_
z*sW{sS>L*l*j@ssk|{>Uz2F~ZhRM%NzuCR0n-0N3ZUnYP-h2sKNWLix>Vn;DIOgfG
z+qUtA!u}GjZIiqf9zMi?&A3~qzKy>5gD9l5U6K30Q!lXKk1J?@0bz7RY-au7arAh&
zqwuod$V}iJ&Ld=+R|I~eBHU}>7j(wpz<KV)h$%qHT-Wwp1N&`w-J378=7vK#Zm!Os
z9?X54G4QL$U}st~yu4q1ZL85J7T{}Zhlh1!`A>ft&bU7X&-p*RrGEveHZDrx2_Jox
zWhVE7{a?73Bd%Airh50Uxobwct!TmTyl&4vva7SiPWROrch_wto8B)`hLSaXV+Vbe
zy~xyxxZkPx4c<mqE)!#^`z4N>ie~EPX6X*Sx6rMplz#@p>S^a^3^F$5x8<;gqa+PR
z{mY_AB;lnj-F?%lBzAC{vq5#|uZ}%HQb`-t+}?rCwiP`yOcK6PgErgM7YHBv)@<f>
zU+<+XDWO3axM|Nm$Ku@Ce{|ucM}gjF{+$k$Hl^03rYvgKLRZnjGZS9a%z9<CGLLUX
z?R~_|gOKpyULn4<i8o({0auK4-_7z&T7gSE-5K{3`S0yGsW#e13h@rq2e9t>GOo?d
z`SDy&oA3}1R?PZgZP@Z;w?-Z(bm)VIREh0CLxTW=q!4wo+c=#szc}+TvD84V8Xi(Q
z6QWLwS$`wH_&}rlqMF2a7!!F~h6f4kuHPFmbkEK*QCkT+NVL;z4p^-Z2|6=)C#33~
zBPMkGlL3C-aPr;knx)zVQs(`*18L2ZaM$n@HkOQ>^&T-zXw6j&o45Nq{;LO>%{t4E
z3<TPY_oY90VD|%*1I91pc$L~hgY0C91HpGuM|d$)GyDKx26jV&gp=3qe9W>49kP}?
zPaNqy&q!VpnTB5Yi|nT@Zn`6y6NKZO4^Qcxh*Y2IwN`*!qj*TwOMVS5qkBPW(jl<`
z<`$^3A22xs9JHsnsdSHsP%M35C>UApUruF!L+s9_G_{6?sDJ#mC@&(y597PaqlMPJ
z&GT&gNtub_Pg05ZMTU#8ZUZ%ri2<R$R53~TGVf3RJQ{Ui-c0xuxnIJkAq&5bcdiBb
z0E8(1Y6DxkfhN1@6%42Jj0p7k0_5p7eS)}Q;E%Wt5A_RNVAfFAnR(m%X>O^*O^`^i
z-%)myo$1JnuVd!5`Ijn=8Z7Z_*T3SEOzfubiSsyN>N!K<+cr?4Lk4Y%{CnQUY8@>!
zZ%CxvUEK!CJMQ@m`Bkp@aA89!vn8(T&I)j?{HtOlCE#d?kz1xZIdU#8Q2h*=3+69<
z5{~B0zB43f=efK}(BwykLLkU01DmeczeX$IsylzX-Mdc8{!5$Y?<3c$$27?suZx?7
z-gi{5F57Mg=U*D(DO0<Agnfw(*yjTD@`U-!ws=9k_S)wIcz`b>Dzi$lu|%zItN)f4
zW=SDyaSXN_=yzL@gMVF?%EXCg86vi%H>oq^M|n^9<E;hEh#4|G@7FTJ3`n(&)yzNm
zr;l*OJ$uzEPbXrYrj{2WAL!#YRnF{mvvW6Xz>vr1-(X02<1&cmEBPmHHMamK&tJat
zB+(C=!nk1?`WdP;Lw`_0eR8l&yV7D$2zVa5q13>p*b64&x`x#IzO8lz9pliAxAOt~
zuRiWm)$<b<_VgD!ME-;|c=3~$_OZnc`OUMBx`s5}`mMW$C^Li=ANO$qHZ4mWz&?pr
zo+9`yVcDZT`2lNlwF#ptE=LnaYpj1{$2;Es2f{{+>z1(4DR+wt^D+NXeDd+X&_4MD
zfs9C(#dQr?%bdTc=ZWPE{<XiQM1V~-Eod+|2<Fh@**q<}H_OCHhym$kT<i*xE%4J9
zNV2?~&F~AETYfwF)u6fPZx>#uOA^1<5#aGz+19s<b=*}d-AX$%nN#4pWer^@SD5@&
zW6XS#mf(0L^~o``zwCsNESiyUUgVfUN%@@5R5){H=Y83YH`Z-4@$dev%U!zRq;I5Q
zgg#aEa;|OV_D$_;(>HZ$I=@g%0C!L79Le?vb(tlC9W_T6&s3Q&oYKiSV%-75P}%dm
zILI11ZjF9#a+Lb~n294tjVn~lBCB!XiXv~2IMt5)7Z+ZbR90mY<J)PH#RP0AzL3Kc
zHN9AWth!hjMX8GZf|*h~2HT5Qy6jCxfA8d%RJ|sh&Q#+cP8$~|sm|HJ7k_GQ;lrNn
zk7U{8J@D7JE}be1@?ij7Wc0WwqASDdLBai3AJUV;AdVbOJ}j)Dt%5nLS+_QxRKBQw
zw=EWQ2{<3{um`Yi_al)YLx%CaKbz}c2A16|Q6Kn2?$|iHZ|I#Lq_#z}QTP}6*j4Wz
z^VIaX<5NQCQu}eT*$ANTbIK8Bvg+oey^^+h#;ua7+nF$dy(Q7>tV&pq4P<bfWc8z-
z7P|^q6FlTlEQ>OmbLrAN+tlR+oe=9j_M*;3N@W_@IPjt3*2vfB)`%(LAV+r^TL|p+
zI*{g<1-BOF8TZ*FAD=o488`#L=14S6vlgD1buJO4OR7`<M;k+0*zurfDf~jZHvaaZ
zou`GsF0X-CFifl0roKf$tB(6_*{262uGM5nxE*O@!rk^m*2=AL_Q*s&G)ad3AU{c1
z<@duDkUyD>X8*ze+T!&FWG%OIOCGU*dfCyU{ch2pHcEEbgw{gBwA5zR#IlL=cXjGz
zal;0zWnXM-o9hqu8zf@Wr)}i7`F|oKD|%{h24C1BA&Mr3A3hDeukux=wXS#MWUV%f
zS2^KsQO#yftOq=)2aQDP(y%Lqy|joTj&=`iCh}!W17?n`G&k}KkKNV^2aaLZEiLU1
z9JLl0g@WD|uT#1s%&LMNhW!#OM-YNGnG4KaMfUo=ZIb81()WlD(h{*KyDXNc&oo<V
zJ<YY(>*ka_DSRE*?YHD8E}{ubb+`C^en{O0@jFCqs$5hyj4-X|6Sgz0Cy~*SiErWu
z-W9dIxz!SeB5ZwPg{vVj*<t@Eei<4b#dLo7&6?j5ksE(;gRsT#^-};1pZY!r;!lHW
zX+-|CVJ+qkw>mS@rccNJ$$84W<$J#ym596OKpE;&6jm6@<d?9jW=K4Z;jh8v1Pc2+
zfBFCk6Rzpq0S&1jaZ+hOrgNfQSIArr$Bh?!=q0SL(8|8&SQyG~O7DxX5`uJGE@q9L
z;ueeWPFM|?kaT(7#e7I*x*w8hvZW;F*k!^Rdn@qsX_yz*XHV!+*y`g_hjd;g81nDV
zuu(9t)~oR5pfUjSE$}7Wx$m@Z(AN`ucg`t#3c91>;z!fM<+NF~yHafDUw%v9S`zt!
zw77!zc&>&GaI6j3<~K`|&pOXt$dG6nRJtXs?=yVs7q)&d#_b90o9(&WN5H9Y-EfJ%
zeFT~uu$7#p^-@n?>c?UfbIdrd(r@z<>Mi#=zbA(i4yPIH)^jZs$=`!}XfeK14=~Y0
z{K-Sxg8;;qmNhMIU6A!S;(-rjUao5U#O5`hXOCG4m#p7IpPX6VqJ4Zkdv|`V@7Q#U
z4+J3>q-!otR8cFnX{|Xs5k+Bd9`<4>?DXDvrf?r8eF&*7bwjr5`Tbl~bHwQ?Dd_mr
z!4Z0ZujGY))*5v`9i5iIkDniY9tGM39rj8SNXh#NoA<*H<AjLN(^aZkU|;JSSkww2
z{N+Byg{ykE{Q5I5#?*rX7!I|+z5V!q1@Q#!%xvlR*u+TdS0>C@n03ZQAbBb*xCa>p
z)#aN3D8htDJqL-NYzpn}W}KI``RrKMdCuIK!;TKice3=h{yc%iefOC*0RfLEA9e3_
z;JU8=lq5CkeLBY=s;%{PoxNLSxUE_?eAvr=si*y{B52@l*s48*K_)rv0LMO|a648@
zD}K*7w*2lfO9y+;9MD|AV_h1Rc4(ZM%3sCA!7Ju%tzYVw{q4{!08$+{_a4E@bsU_Q
z%C$fJl@Ugq{2PSQSl_>I{R8w-)@XB~ScBi&bk>%+cGznGa0fgTYUYO)AY#)J@!&8n
z=P??X2Yb{}!SQ1qOFa&mW&>IBgT(-k*9cH}Lho70t=~$BNgvJ%BrW9o&mZ<eP1cv%
z^ZS;U7n_w63`E9VRFZbmOITVGdcCw}P2Cr`Jes+-UK+rNw|-N!6BI;i0lPrdBLPR}
zPw+)fEO>_xIX&27C+LC2aR=oL3&~8>WQ*8V|8Zx^1>iFSsFvDd;w1&p;E(U)$;D#f
zBlk>}@}i2R93I{8<URb~c6Y%yc*><4mG4F#HsJqAo&t$i6~%FrB|jx?-rc!)mX5x0
z+(C~INS1PVO4Je$@{-?S$v=CJ_K^IfQ^Pyq@G$zz!-m11*=;s(p;-7AZW!&d6=RA&
z{jj0`w`9-&-p6ai!vV`@iY+?y_QYH&nzcbgIQYs#f!ps30s;@;^vp4yt4wRe`~_nk
z%EzWM9-3l8d?8BD-cibp&f2z>90?je%C(5Q<h^uw;VB;Fg<v7>7KTn7Iu!t0dN>}=
zWr%@9fS}=#DixckOXfs@1l?BXf*=0XAXdlKp_?X)Xk^pSOPB9Y21BL<TMz#S%RQj~
zJ@Tgo=$HKWuy@k-KB6bIAu<jI30;+C;vCHTlcw>Up=-<+;+kkI+j*UyxXGy(3%3@|
zADT|zy}bmD7b8=SZI4A|0bll!5BxKz#9hEM7rO9LHyaD|PAA$Pn$8LN_+i0KNV6oT
zbE-UVR12fZ`AyS8Lqei<sBiIG*J+9PS09RE_N}~GwsVOWzlZq_f&&y<^a{xfuXcn3
z-BUyFM6PDZ$f^B1A1+LdBp$yfVPljK+UuDPnhSh<0{sdh--K71uh{dLLulf|0>o^*
zry1sxUq<AmmZ!Li^LaHOTb}v)TXAOe83j1myE2;!8u6xgdG?K(dS;1M&WzTf{+{w!
z8}lnr_`a|o9Kg`S&m;lz<C7QN8WG3P|2?&m7x$=4<~@wS`gUZ+<*|%q^p110MvDK|
zJLxwbeTbXJ5LH@8p2W0g*5sf3N|XK$z}09UfBiwT<!sZ4>b~3iq2g7CCW<q~m*}OU
z+0*lP8u}g|%zs!l;%k!63<^&;T!uYvrCc~!+~Wmo`uOYadg597gJOEcmhCR&c_G}v
z8+2w4C6G)zMRSIjX0vkBTJm_8a>Jjm+KX4G#VuQ$_<Vb_M6`Js6AzXsD-$0MI8d@6
zp2I@$+41s)I~1Dv-{--O!j4n15$6BUTGQN{!@YARN5nO(V^P+lAS3bW5Fmc=df2X`
z#Z{7m(YYhlPcB4`{B~ka26}kYvyQq{5<Rtu-~?o@yhLTJ(pbuczMG`~?CyhX=`(H3
z0i|cs0+p{Qc)Us%u><G7gX8lh@15BCqpM92dL-DYbD`lo+CNhRc~1qpUG4McJ38F#
zCZ<|RO-K2%*@cQdv$+KQovFdo9(R^r0k6Vg|0wjjaE}#2Gwu*qqyG8pe)ORvQzUpY
z;PIKY3Zb6l|KsS(!;;Lux2K$P`c{%zxyzKPW9EXIyD;UJ`?R^|Ms8&)Y3@K}xuTS5
zqN(JP=49>_YD%U;DT+(sl1f1Vipm%u3IZ>`_a83);sTz}bDneVb1!cDD{#ARlJvdX
zg$5<aJjuj|Kh~}@a+dC9UA$pNRbyo7JF_%AAgu2udvOPqf*hrzT~U=sUiOdl*JSnE
z|7EWdj%6SV;e^<q&pyKo(=xNR>I&H=?}JeZ+L1U%{G?@*)N>wcX7hTLGs8>!*pIl1
z%~~}Gpw>c204SJ+c$(T=AChD;>`ZFEYxOn940)ja-qw%k8=3gQv<WMltSPUcpaZux
z{k-t{o69(tgsUK+a_=P3M=0nY-Eozlb(x10Cyw+#eTmbW7?d$R9LR%$+(1Jy68Vqm
zRqBPT4ph>ewd?jU;!gB9w`S=1UGbI$zbFDY0m*~gR&F*<0V8pe1bB6#k;(gC9FzEF
zhnH#p%$pE{J-q6GC@;Ng1##8c%E=9!f(Crate+vhpQd?MQqId__>%y1AIjJ}5>~<O
z!YGo^eY~oxof<8@C#2R&x!wIHTSxhy_wOCHL#1|g0;7XJ!Wq4v@wuswH;p4D(O1uj
zY^JKR4u@_=&DV8ir?yFce+t4?!Uqq*g?X@py0e9<$I$glM=K3b3B#vo_dq`>r3;YB
zfi+g$*}eordR^L=XSfQ&8BCa^nlHfZEVJ-A+X`UWi4YdH2|20z1$~@Ji4U!4?q=nF
zRJy7+H$KV^#nGw$YzYjlX4wtNun}68q7b)hEvJ0uLJ4$F0Qwg8ZxM`gcTTApARZff
zUCsYL;StxV@oxwVkPz}d^I@8dFi><`a_83tVPEw&3I-hLI&ZzLIu0#zk1jMbewCw>
zq__9^DzF5)Hc8Tx)x-fKkG7&)(2CoS$0zjG#txN1Re;c`$UOFMa;HTQ;o>=4QkyFG
z)q?ToMk_$qsH`~GXGL|d%buYhj=Zhg0FK|3;|?EXeRJcrD>}pus<3;S1Sgo@@VxEE
zoG~-w1Hq9Hbc7b>!upS)$6W$ldadY~K&eaWA|*~jHbd{Lg9fcVl&#(p+1#oP(4d7m
zHOwxlP2PTW@V9~h;9KY~BN1nXX|TC(%xT?#_3e~Qe4xGh{>V(thL)(vno%JIuX()(
z;1H93wcvS`+MFA4e@Y#yZ>S&~ZGUNoA-zA76NB)Urg+Vq`tqcFHfZpNBV4Ldd{_;r
zUYuqQ+h=Hw{AlI(K!H+Qa1e7ESZstEjh2Co4&mlg2+NVlCHQ%Z&>a{dVkfEfc+-v|
zon|w&zU0v1xfpf+I-;Jl-+}h*g7wLM%GZ?h|ErLgi>vE7`y4Lb1yjOs;pgW;A`SN0
zui;uM-=<uJm0HE6mLN{N!Y4J4>p9mH#4@_r@F$Y|sJ75L_WZl^94See4m{{OH&!B3
z&Vp=H&W9%j<eVHlG=@AZzye(NH{hRXW-~jrk}@eZVremKa_cBvTp*mi14@3jeS`68
z+p2MU%^_UyP-@G_(#n=mWULvi-yJ$uj*TCbJuiB1S3*p^yV~w3jMvJ7+INbNw^y)~
zH9d@U5Ev*xoLYr)vFS%y6~CdFwCeVu6+U$Y@+H<MzciZQAL3;7?aVT-b?9zaXHi;l
zaw`<+s^^C|l?(z-ZSoza9Ot(o1P8%hN|u(<KUz)>7m?~4{aJ|*mf<9kMIZSV7(v<s
zm})r#4!TAe(;*)AvW8LxVtUf)*J5F1StO&d6jM_mp;uzR#t4QUI#%HG;C6)@IT-0$
zI`$g=|7wU$dhs^(tYq~euew3demv&n8VM9KrN8-bTry_W$c7gtru8i0XCWR5MZZo$
z`|JCdEP1iARY=r?v|vbXv23=?c3Jiq{<8|I++YlFP0vP92X8lRN2l_*r<hUpu(U#$
zYgDUJ%G6T-;M6%AqR|1!nbR-V!{4b*u{2CitA9e{txx}iObR-~+CjESes3<VYn?eg
zz9?KWJ+1kpk$7;_W-6K9cHpssSM8!bZ^ry|X%tO=@NiiAN?WXh$Xsaajz>PztXOK}
z#i&_M8AWS8*)yg8<n2F*r8W#m+^qUUcZ%?Hu;ZBKYF`=u{$P0JSSBp5D^ZhP>?QG%
z>}6!o+swlkY)_B<`1*Fbs0(h%2leD^+x@MvuK9#tVymtaBFeb4lbEYy5jt;qdXZ&s
zcUmV&OZCaYE_X|X(fq_1=~mnC(crTgzg~?s=X4b=cMI*bj=e11AmlukoTZg1xT`OR
z<|EG7duC2jM}+3UsvMbV<B<0>S;4*i3N~w~{R$btoyjyu{!6x}xx!^!yQUL2-~BDS
zluxRN>2E+}@Cx4D?tEauAnkE7MCHlufKlg@X&50ccgagTTt=udb{TSr-_E_SvTAeU
z0d|>5P@Hp~Hv~S)cTpv4JX-tlG`b7q-8_&$R*WJ3G4p1b=_IV{e>;=gJo77G@lzMr
z=$ZJF;@q>JrP|@*%I#3YhS@uee(kC3W0Y!dYuTW3^{iB#pQy?uuDX+`QPuMQ0N1jj
zr7Ax+a~-4Mw;eAg`IwH=e;{u-`qW*rJYkPN8El1Oyj=zu@_l*CiIytKN{qmkBF<8T
zfvnOUZ9v0u=4jPNDrTe!TUlB|H3D{&!3w*j0dt~iKC<?t?+(yIeazqAlyi_JPH^lo
z`pnt2?8|M>b*1N?u1P%1Ui-7!53N5AK8x48WE=|iBmplqi?q3r2OA)w7s^ZXQ7{id
z0*BvY=m@vN9eu*{zwDFI4Ik-F9e?v^oUHOlVXDO?=(VJrgwA9(D>ltLA`P`KBJ}wa
zgw<8W7)PcCt?+n@1ARep*+JT<-O>Dbqy2x2*l8-3#muDSJt7Mw&19GPuwQ|+f_2Vp
z*>2H)83grEyJm+vsN-%_o5?e(+~JTUqi}GRu=_qY-J0#dz6B5Nz_PB6fWuMhCWA*7
zy(pf&JhHZ__k2&R<48-Wre798jb<@qH*uDIi<bEuQLXxjazWU8k9+1{thaOh{e3<~
ziZicCkJGJ_QEYArTdwcroMl(*_XUp$<oS%1Z51z;Ah+_;)bTj{MZC+ko!3J96Qb<(
z5LK72ue6cH8|`5ivAv|6TOv-7rAipe$C8P<#nq*G+6<TaUVzjhe`P(jme&_c9*Z65
zJ_O=#%4gu}7a{Lg^eI_ad>>QY?IwmA^u^WjjumI%wrs)yXcFgI5UP!)_G{8P#h$tM
zQtS-x>MFVcbe0*%$Wg2~&c;PKQdm|X?hLOFrM|*6oxdRj&qH(fsR=rfNS!!V?dved
zOb^h|w_S{!&8$i}k_qv@<Agxs7M!G%m^8DTcyB8-|7w8bV{U9vBL`SHb6aSQPLx=#
zK+mY5VO|qNuP!ZS`q1wM(U7y&SeIA#t$w9_ChGDmU{%n2x>(!6vC0gvZ}y&bV5S19
zU7>K_rhnB*qs*m(iz{rVMb}o)QE#(&Fz5HcTr=#A4|;j(Sf!3A>v&<>325*;&Q}~t
z@E3rY3hBUVD@23Iw`(|h#_d{5W|h9PkR@f)N~ZXIW+@^~Lj0<l!_3?f=63xTgifS2
z^$**nA&C1ITmpC*m)7MCh28l=!S~)FZ#Y`QAp&rcFMx7oav)QCvw#_VPkr)e%gY>o
z#udsa*T~fQdHuS{sbl1(RN{q=iC~LU{Lck#Vkt!G{CxkbD(49MpWwZA@w<Z>jew;`
z>Z)9xuPS#LtCybQwH=d-eSfGggvHbp4kpc9n9ClItLwPO^eGxsS@YW77TOzdzjYri
zue)d!f{)TH^?&u2`Qq|_JEjoODaGuJ!jWWDJBoR+P4L3JR`BV9K6Cp>=$Qr)YUFy7
zfxkRKR5bE$h#A!z?Y4D8tabbHVG_il_X~;L*(?W7G8u9nd#mC*jg1QO<XE0!#IxS!
z3s)p{G^sOEUcIysa~bWHJ-4fwyPII0db#3r>mio|c$-u96~Wf0tkZK)Zj15dzH2X%
zLJ_PNvSX#fW>~XlK=Crs-%<r3*rTo60Y9USz-SIg!Vy1ST$bG3q^g&ybrpq&fQZ3-
z`MQof<CD#z6T<(aP?a%}2?w~xZ)(_{x?wU5?pnCupWF^^^jCKF%V-C;&c%0mtCTv;
zKh-O8(_8*8r&5Wh=JH?=iqpFQ(2kvCn(W2UZQx+6-KloUV0!h}IsNAS^h+^#SG@d5
zNf}FUXVqZ&Kl2rCCMf~awFU}q>~}H4kMWSY8#*_uh9wUb#v`ezhz7quZ@w<d_naq=
zAQ&5+7huwQ{7j*n`tpCuUD{P)=jJ6k8+w|dV-Z~;o<aZj8+Oz3$K&(ZY9n9gAl1Y<
z;4E@#!)Zuq?GF6IZ*Omab?v;X+?V6eQ#mdXKTTkL72D9ZqO|2ie$Rzv!jXdLtK@fl
z>s$-x**p7MfHjMrLywsMChiyc)QhW7S*~`cUimJIz#GFmV4(vO(c;a!TrI!7S18`k
z2Y$05>>L-03znF9z`d9-)P5HD!|lXZOEY=uGW~^pXwmZ<e32a`YnRb9Grys`)z&*f
zf@>vOjdD*7XS(49bxY=4uUT*NNoRHT<Uk}Zf!_rN<QiwIgx!}hHcm8P!ioy!Il7xM
z+1oM;NxuT49y4Lk_sZ})nr6aYbrBl0InLr{^T%XDBub9;cwKinH(-ivzY6K`yEH{*
z=X%RrUVqq?@T`Ze2UToA14bkhg2w)NZwPnsM)#wzo5QyTPfcjSD`nt_%$jf4ueU70
zGhP9x#VP(_db9!v`wE5TV`|aX$#GxEQI!y(XMT`3Cj95pXrV^$Un#nNdTM5sow7SW
zJv#oU5PlINGq}>O^bPs5s1s#L?jBajiQ;pGFGyiU))lR7Wbb8W3Wb=uFFm?{1o1c?
zY9BevFOg`<GY?%QnVhA^5RiqN(Ri;6PkO)sP<jCNZKb>is2(Xe*dosZ4gQg%Pd0JU
zjtVAE0DZ#m8wJGQGBO!ziQ);o8Cj~jEc|dLxO<_E+90!@oJz+)>aY-NKq84_&$zp5
zGgJZ=)o%k6jHF|@50cQGc91_>bv(Q$*5eJdh|nptWnnJMBuI4CQR2yS@|wREtB5BZ
zff?0bm>{v;OKb?So&n*#Rp(Fq1$=D5lNqbdgx%XGj_5^y>VR7TW^)-tVtv`KKg@2U
zLH?!7)H;;wr3P#cvEF`~jE9;wFZW@Xi6rGJCU4tb_Z4|rPz9a3>$8XJn8*S7drEi3
zoz(okDl>Ul#{5vZY%1aYfU>zlF$0rSCnyKGf~2zW*!Nafnq|Yshu@V*ZM=JuYAao?
zF^k$gQN3Y$`dKH0yWngqGc$B2-FPbL+rQz^Sg{?NTfhRE=<=lz5_!}3B+!RLmZ2z_
zp~Y@-uY95F6&<F6Z`l3Bk|^A&6Ya8@ZfP`htUxIGiRpTF+hk+t&<y?s-nT=G)K<^O
zd)TiD3{VBTjJ}phVAZ##wUpR84CxopvLm2(LOPE*0vcY6)-csww-X~1Jt*UBP6>1>
zC)kj0^4?<<wrkPBA6=AnFgmjU7EGZU6YG8KQCqcHp!wU-j<pCe;_mJKd(=o^$RyR!
zI=+>aagcqEYumj4W~B?zmPLhGDXY+@41^*b@jExEi%C4cw^@2cyjYB@%Q(q5`Ec}W
z6F#3?I45Aqk8!3U>A3s5Dq2B+=5$Zw+mlA9vKsgK7c!*jK~?Lr=*ZfnUBzYqKFniv
z<`eN453Pr2Ws45au+>rMGpx$@)=mI*>IBEyDg{gHx&A|Vc7Mj?fX~ew#h%8FR%>y1
zL<`mIpQ82d&&1!{yAjgyRG9%mIj_K4VLC)O4bm5xvj=p|$JHNSA93JKM9cg<E=du2
zi7k?Qzuv0IdLNnjEd~m#05i{xf(BK-zDBN|<CZ}$N+3dFBx;h#@~zzOfs}Q*A!C`!
zDpE`6#T<nmR@i>$*&@mwlsn#NJp7LRkFWTjk~>C58BddJnSeej`jc9c(KS0BOhu`3
z@Ic}#>HyyZIqnohHedmJCx{Uolh%TAWt*~u{-sH(Jj<mIC6-y|wtfqG_YyxirLbl&
zC!Yk<a#*c{#2eD1@qW_spU%1NC4s($pGKT$`B$TZ$8Hy?8in6F_>*&?NUP^KJKY;E
zA9j_qEWlUF2@512tlz6BgN8A;I01}}YKd5BW?A&v1+XTI*yu;Zlfci=r9c+d76zXD
z;LL0L)k(q^z#V}z(A-x6ob+)$q4dvScT`qsbke0F%E8s?VoCJ?T+J-#^DlL4AkY+i
zY?<7X$77}<!p(Z3FI0z3=Lqc&%)Dv<4evybKt3Q%6#}F*@V(=4Ln_l~9;X?HoCuk6
z05|x>ZP*RoERlbkfIKw6I3nH!4a!M2{#lDe4ujPzEn`1u$eDAVY1zycfG893*)o#*
zC+k0{AJR~5$?}Z52UT7%gP^I(%zdwVt;<xPKZ{UVXQGz|5zlgN^4NqSAT;(Q#0glH
zVGXG0M~gpiMrWdgfCR+EIuvLw{)7GDx3P%NgQv`a5eQbOTm#0msQnT9_nWaZw}J`?
zvTqXoJvm8fUD>w1#j`Tr19oQqX}NNbjPta|T%;=Hb`dR-67qI_^F2Ky2%@2m%XT$6
zAoXvRYb2q3H#IzaEc&3Ld{UbdeD#CI%oN_<V_|~0dt0BuDr#Fd{nfq;8tVW>aqn3h
zT~B)?o_%mDDS1+GjfSRJG0PBrt_<;>l`xt1+${|}ELI$gseU>imu<D?2JtpE=2g=q
zcaFymYA8=;RwVYQa|gYIX4PR!tZx=;K*JI3pge{KQ{(0V88~u4I+k{-QQX-KxEfRl
zZW&N1TO-<-%FcLlX#QdVC#_n$cN*aH()dukdGIyJmoh88XnOIJx^0+n_!Oz_*kal^
zP@L^IA!&b*DT>&18U+pfW@a9Id?{lB@MgURyB`CvQK`#$xs|E(-3}Z0ZVffaL~Gb?
zXNL9>glX86wk!erGTcXsc$BsQK2|d(iYZdypvTpJaD!F83zd1C4^4Pa2p~bWH3qo9
z3(;Y5`>*x8?gUft>P(5?Uxd-KO2M5YU(=Qd@snOyfmA!rF61zZZ{7QzKafZ!SXT#v
z->f7uZwk{~r0bPd{{@|IFBaiM3heLJhiE1-+^dvN;`w2P^{0dr^vq{S%d_uz;G90-
z3e|N2vi#duUVrwLg%H!qpOR2Kd8Zq2-|w5ybAqAK3;ZXf71B&waPcFib(UE%E2+N)
zTKn!(>yZL)RV{;Q7Mov&Bd&B2PaS|ACCt_?qh+n(Y=OQ4w1``AY+S7D3O!iid_ir3
zV37nf6ymfTPKTrRj6Z01xbWuj_~oh1BBv&ka!X2BzF{;Rg_s~7#C+38AI-n`MvuOJ
zxuin8tn6F7`9yix;YQSa4O-S_SicJKDT$ETAW)ul@8`d^w|HccZ0L5!Xfyo2J_DEg
zJ<h3##_hind_-Ak^?hgxVc<yb<_sCyoPiYE`IL+gs*+ESoDRr1s&kx5tl&(9I9+hF
z0l#@<v1#PyWg|QZ+d90>s`d9TiR)?yz?+*IG}J+pnI4nLAE|HuGEfNJ@jm+e=qqpK
zh=Vq>h3omXBq+)NaIN3U!&cBal$CU6R|6JGH6b2&b!v0@4@PG(0<@icVFgetPVuwc
zOEny^H~`zXrd@E+e=t4aXvNEXT3ulkE41thbXOs#9dTe{+eoZ&rQ}eRu=X;LWHoz_
z0LY&zvS=AR<o<boQNz-sA*Raao<*fOh=*4={3WX~kFOLZO`_Dn#QW%v#@nvYXWihu
zaf6ZTv`50B$G83PClye1X$7yWNuW+};_lv5g$DgCc)R-5*N@D}KO9yBXC<`(Ex1Fa
z81db$T3|vortJ0}_F2(LZ3z;6d*?ywKkLDxh=&$ZXNhkUQj>YaZ1sJ80k?h`nb3lF
z?s=MccieLb(DyV?rWf1$3aO~q6|bMqzs;C&?@o8QU{Tv!&AzTfUl_B(gvnP3Ovl~e
zA^Q1ge{3M{B<5^74DB0pnRVe=9F8(XRwn*BNXt>jAZJ5LBBvO?%^X#87;>N1c4`vq
zicv7F3Drh0<8hEN%PSFaJx_0*6|WPgGJY87fei=en3AJdz_qAyW{oiOTF4~)Zdzsm
zUs@(oVi?P?I;KBUppPu&y4j=`N&wo3_%^MsrFx)Ddc45q^^^N4%W#>$4F|sY){FBN
z<qnz5kzsfygy-vDo7qr$$6lxhC<tt1z!Op<f+&}$e*u;0f6YVpL}tkJ0}a+jnvg&H
z$hc<Ro0q4my96;pZOu?X1LnHzLPLv+a&I;N`>8I7nUN<e>?s5J1U9*|fb(-PGmf<h
zXyw3Si0{?P!bTR!=+P4mAu461s2gjRMh98p-~9;f#OJ@PR*>)@N=;vJ+B4D3dhAXv
zEXJ-{g06?~F)-Lwp=}-veH{J^S8|@|Nxz8Pz2>c1_FAP9Y@{lTLb+S=J>rA@_4>>%
z-VRG=;CM|@h3+0{^XKr8dU4v2Too2Qx;uc`DRCxj<Y{Ls7rF1}y0_<V`)Sgr9%!{p
zq=f=(kfB#m!0@_pZY`|biGyDCmJ4=!HzDNW?qh<-(<iUG+tLn)S<~fxLB>-9UrNjn
zw+^zkZ{A-eqy3cQ-Z{3$Z?0XOZ>^J=pT#)<l|e)Kk5%N^Cf!A17kWA^2W%8}haoe$
zy`lpBKNw0iJ$fgLdtbNZta|U{u!_U!%4RHw5Rsv`k()cMPhw-~7rA=EwJ<!WrxfNr
zN%o`{V@J09PEvacxS49=@I5wug+`Q`93!<9GxVACkgyO}kvbtlL2gwSlKv3k8s(Q}
zL$@P=YXyG<dx>4F<?A~OheQV$;vrmD`2AfC4`AiQ17%&A53N##)>*JgHC+Vedu=0D
zd$vr52K_M)&F)h<Mtr{N!GMelC#%0{gqc_ysZY3<TUK0ZmRSclaZdMnD_WAGFgc8}
zS?sa-o2tsds#imbuViC~j8{L{smjzJH&pXZ)B+8B@8l=SG1bP9mk<i#aCK+$#iAwT
ztZ|Yl?Y7Z2SrKrcnps&Z-n}uTVGvMGwxHdm6bz}4rHxxNj1%J!|8kf^`>JO0<TezR
z7@5(M-UUEQXz&Lx)&&kdr_q&M`S8#*+Vec{C*{|^roQ6aC7$Q=GS$mIUwt7pTM4`S
zD|Tkz@`;;k&bCRTdi5QJ8xv=v1p8uQrUi}rRGkHMUe=_R5=~qw8QUkDI+<VWRRzjh
zdHeQFya?S1VTq>iU#@E9xF~g~iQ#%DCwYz0DgFJ*p64HscYI8=Y_R1I4`SfS=dL4M
z;Wy4v!vEXe_o+PP@|okBH}V3{{KTIyn$6wyCcMbL0vvkoO-<ULvJz$f<f@bKPYS#g
z(Q0>m?T7lA&o28#69Xr7{kkiXLn4D!!fks(!obmAm1xrJ?J&LU*$0X(#NU-X+V9I|
z$&D+t++!8W69Au@g4e7txxK8g+?OEP&M4HfK?Rz<hXi|aJ0b-8u;-;d<i7bf#Zvd$
zTzt9SeDvqTdL)JC_I%W!?hr0p$XDt(-!GD5Ot)|nNphWgDGwO!L-K~F!}BBX(4g3Q
zIO4<o=09)lB%G@-)-BSzBypikdss7YKGTh$5D(ciw=G4N&qEZvs;}efUMp?*nrom2
ziOS?>{^}0N!B;=Lolaf<6X7|;0aVJF8&^C`C$;aHF0jr~kssPW2r)(SjKd%keI?xb
zHCw&<AWkE);^B1??5GgQsI19Q{fX3F$GP?0+xYU*D&)G=aRcK)ylDvEM(EqBSG3?w
zkE2PU!rr@LM-gG)T<)YNskeON#Q4zw>5m1O&X?COYTf7m44(UXL7pTt_g>D>-e5{t
zOC$X-BsU(Kxeg68-k^g^m%J*;lT11BvRH=a_g|zMe8OME?&nF};R+rfHRf?1t=i2q
zY?>D1(>A%?mkcLmPU6eB^-L+4@ti3|(8$&nmTe05RKHfHa2KPA`G=By)a>YXf>t=9
z5`C!i1~0>W(`DLkNM-Herh2!RIk1dpXHT%gM`bpDIB;VUUdhdqP2G@z+rKj43b3kY
z<!u~UMns_}@8ue7?txIO20Qx}yLI&i9%zR2_+KS(3>X?Rp>+*^2AFXMnVb47r>Vik
zN}yRk=|i-#WI<mn!)VPhq%W>5WC$xU_FNFJ5!2WJa*mHYSCQ+`6LIcD7xss6Yd?2T
zXC%?wxOQneDC$QbS%x&k>OzQK9*kUr?E$>3R$MxLeY=xK<i|u-M)BHwTW6R!Bhauv
z3LAwzBi*wi&yyk8aoS6m@7Kqq#_Z2K%H8Pe;LRH8VR{XSjF1<?kBMverd<3JSeq;S
zL27vR@@t{^=**Yb!oH(?$%tK>!q|+8AYN!!UUD!RasA>HekDUt-|R=Ud*!-(LNiP~
zhP(gqRE`AkxC13T`=#D|@o!<lXMA3|UvibC#ajR6d6CFF-_z!ta-p%On|y^z?E`xi
zs4c(qx)AS$wLEVF4!xLPL0AirzIXLM2^s!{zl4~mHxJF1G2-TPZ&N%*)TVYN%OWa%
z*oI(BN~Is-Jx4UQj~m5U`y@?jX?DrfFwVRL^+><l_Vh2FZk@s^*L`te3)+9_Red*E
z-sycDF3w7R>8A{HZO<JS<joXz*<Qc6G9lc>9sZBy>W_Ao6F)<))~DJSFMP}t)1ze^
zF%56qB(G<h1ih*CNO50LvWg^kOZph$6}iN+^c)Ewd6k#!?va_zs#q#1Q{t<@`unn@
z4tbj+K7jcX>mIcGbN-JH*JNzglfrL}*JGN=aaAShD1?nZh-*%+>nH4+iP=f0BXFV~
zPq_!#c}x<WUKb|*op~abcw{v0xu#DYKarqAC4vj-#<M9&<i;K8taq~u*<~dPe+@Y)
z=GT|VyaSANpFjTf-|kJh$H|+opTZF2R7}Wuy9rk4)kWdErzIMF1y<6x%bd8b!QYrB
z10BKh^#64kF>Gef+k{G8qi_m|q>li}`AV%isr#G@sm*s3rrlHZ*c1)&S@4qj6%w$s
zmP!Ag3YxpICfvCOu8>AC66M9=nvB`|gow)hNo^tpc>k1w{prv<$GPnk+1=0_(VxQN
z+#%6n@6s<GJMS{nhOM8*d*vhb=%IRQ>{-aGoI<v%wD1<sWa#&o*w7t(qLJ&<t0d(?
zwoE`|Bz{NO?s11S!a^p@Tbx^;ZZAA1CvM6Ws_PEp0<mmf;|4L^T&9IO#%p_G6@_D1
zh{3trGQ$HbyC|)}ua#Sfi?7LJPkvY;@-t2lv~NOPx$!ks<4V4!aVS0})QrKZOEZAs
z0;vENz-*ym`>mofuWd(5hEH5-9z1ZB)PA%ucpVuXo_lQbSs|Pis(6(&F}UYI+i8kG
zas0S$G&K9=L{C*>9%wUKcK^WT#Wgvq&bWI1#Je&?+e)x_@gZ*MCAAC&>GMTe{@AI_
zddc}h9;`GlpHZ?LlhJ%&uA;MCFePQC{`0fEaky~1T-@zVMf*wN!tQcD^v-eT*(}v#
zoM{ddM_u#=`z*EM9j1T*f(fcvXnRt04=hv(ZKM#5P%!&Q%rix^kfelVgt)I5ck@qa
zFfH52BJ9ph%r`ZUc6Bq<YY9BaC7O2H2B&Fnt`(ZujQE>M#Q@V;P*fErOgTUuM~=4F
zaF%Cwff)dnU~jYZtZ>lHqm6M^99(P_o_pgAP}>|>4@pW;ky~isCtMH>{K~<|2VlOr
zk=nInE`l5fAzY99B?&0dM<oP*{eC!dcJsc(XcR1%)Oso63H-;cD_EP$A{~Jt3J8^*
z9xE9|b`%&{6<vci01fR$wfzhe2bYR~3>Euk4wjeYe6A9Bys#9_;`DVP9jOlGQf;A@
zjN_8G7#-HkZ<npLWu0r0mKu6W%RuW3wa}kjC+r2W2U5+%VcClq=*|mCum_SAmJK$t
z`xmdC2#@>B$x_X+(qZZH0>4$(`Cbb-EY`woSWJ44@b4t&rPfJL!WKQm*0eiwvND<{
z@p98RFF)J;fNxJmJl;&udZmm5^4Ox2^ow!$k7;xN;-QCK4!ljgdMWN5!P;fN?+y3?
zP-+%8XDP55|31|(=etz4R@u|yi)wR3F4=ZXr_W~X+6+VKc*s5~WsbRvk!3JBEZimT
ze;^urOk&zs6TMeBnXABUeFaDpp5DIhFTPsD*0k3yjT=!4I-$9S8PQlipuCrt(sg-6
z{u42sG@<^PIvJe<Ca8p-Wq&_Sz-cNaVZ#@yE`qY7bB;O)djn6c{g5BMlsB<pU3$bU
z$Ps_KbfqzmZq$Vgz)M|qQUj2_?$4Fi7FFcs%&Th<)_m+F^~($N#`<TZv$Xn=5EFio
z9%<!1KbOU4Wlmt~G%X${dkQDblZ(eEb=KC(-ISLP%|P$xwaB?+zP;N-yU#0pjZsG4
z+sNUIo?o_5U~^KNcrgg4Q{4>C*gNMJQrG!Mz_rJ21~IM0J4iDrJkKm<|5H~NY^0q>
z|9d-Zgyxr~q-VDiPC4=LPu%E8o~Yz<x`~x}=^0f%AS%R6EV5znHJJ4Cn>QV0HlJed
z4<s7L#!(xWxWZmlG5&A7OJj#x-CoMeWx6%sYjnzPn5s_jY`&J!F@Hb+9fdX^@<m5!
z4=8y}2heQJb&~YV2yBi`66Ab#r~{QAI{?!RfY9vzZ|6{1;`T*dnDHCifpcwBK5^kr
z*riinC%_N5rI!G{HON!2r@C+((VZd}X(e|@uL&~*v3h*VoLmc}t%M$B@0)~H`M94t
zuIsnZz+tZ{Mf!0=7;vMFy8gW50kc^an=zSfFT~$Z5d1*SNWVh;bm<pCCM`?yv+46A
zAe8-10)D?^4nNAwNjlVUann?Mb<}DeAp7%s=e$YrwOZR}9Wz5FIZ;+jm4y%1=}uVh
z%3fcd^-!ATG+sUYov*)Ouvu=+C9hYg!d>v{-7UJed}!lr)P2MpBoVb0ZaTmp>}UEF
zI*+9DG(vMF=4|5cZ)3I(%sg60=A|ufzmGJ3Q%|eQt4jB3+ixE<26o03CZP&s6nQyj
z!ac;qhv*xpZdMRpv+P`VK-D_IkDKXDm#=@3jkcFoouNgzng_B*cGsA+o>nikml?CF
zL=7D^^O(#m+KyH;Xy9e+r4%wOT8xtt4AWI=#3A!B+wM)xGC&1)D?nPEZRNqHPA4pS
zvIPfFwslm4Ly+6H%u@c>_<y|SgU&zia1`2a?xzE+ELAcc!DPLZ9R2pC&-g4%@f%s>
zomNBrFU@&FY_Siijp-@2-MiA~v@mftrA$A@1t4QpRuvynGM5s;>lQleQXWTz<vacJ
z(p16v`lXIFWIFaaeh;Hv{^x!f<-c-c$G)*X{w(M5B~$l#(eHfMoalG%>8<+u$fxF%
z>*?`~oOQj%`ih+cPpK3Uy(IQ;C|3Vdu1irBXN7vk<I{CRqQ}=)nBo)5zppuot0UZe
z3|FYfJzVcppV48<`Y}Udh2W!fH``Z$E#55*2@mFUw#YTq?^BA+2$A+b-8TF>*S4zf
zKlHAMA0v6&SRbJ`mD9Nn$bD(1Gg$u^+HmdXVXj@WTTgPs&X)dM(Z+S5;ULu%Fp`zL
zx$GbgPIX&JnVZX%IN~v_HGOA=`T84^J;iBjJ)PfMpW8?Jg0!|bzg)UV%)EDlg}i`-
z)GuWSMc+$GKtNy>fR_<MxyuM?xb|JH58W0=Ae)>Mw0?Yd5AW$p%4}x8aG4j%vvsPz
z{fo|>mddu?tm<NGR9k?Rz_Ja93A;B?NXptC_WK~S*B;hlaF)*DF;oj3_aC->moB!;
zu|Gr}h-=gmrW`6;j84&mIns^B^%yCM>myCd-g!CS;Ur+4sPQB*Q;xk<1p|gkCsQA8
zMI!;Q>XeglfJ-6pBl-ZXy2_-k@?Yro^}G7Zgv{Jb59d5CvB{FK?a=!%ZSVjyhEtf>
zw|cg3-@Hs!nC4)n<5ht!)n!*#6gzu>{)w_miH<$4r4n}Wtk89wS=~jvqC)ceWOJZh
zS$iQD)PMmyy@L!`c~3*;$tK=1;v|85OKY<>n6O<V{jrBI_}}euwqD-o*RDD{qEXjU
zn3hVPJO1<Nu{;6zb4I+InhD_;A5Oc^kSEDqtt3Y0rCzxxb)XekTOjjqXAap+99s#?
zb{e?~4M4$Ta&BXF5w;%gN0$%To)5J3a<^YTU^^+E?P{JeAFq8K8*pr5AtvDPD|}|a
zo0>ju*H%bWU$2Mz-2dj+Y-9l;HCc?f>BE=S%e>w9%Men~pix(Hl!iybF0p;XbD>#%
zd$^9coK%o>{}qO=)+MNX5_bR$GUQ@t9pou$@N{@h&Ow!bdGyO3qt{98>W}+eFKHo*
z`Omt^U8ES>prJnsY!Eu!b5LrGKkN^B=ojXHmzvdId3%or@Y<E3vCpdC-jhu39H56~
z>)aIhGonCJayvjJR7uybzB(SH6@ZO;7jF`>T5l))&{fY`C#HiwL}2xR>MxY9fV6r-
zuGyIjqJV!{;)m=eiLxme&G7Yhzni`<&PDngP3+0I{U`U?0ysK=WNZTI0uApqzk#vj
zAC5gM4W*#R%jSGXs#+(EvoSSM-lNVViCvp@J1@J4hn|`Y%XSnYPoMk>Ac%!s%|k~5
zKbKBV<xCzQI{Ou#WffZVbyB3e@oYiXpyrqwH@BQn$eGfT)h<rp=fN!#%7&A$iM~^l
zX0<_3c`49a^KgH)nWZIkF)`XEq~rmYx6W@~xazcncY;u%{VJNnJx$6K@6joVFq5``
z$m44ftyn$Nhc6gIN;hP+rdevT*<FtFHG>>*Wk#6*res`I2OH}Gv3Av)w)mB~>Ef46
zkI{eSR5-G&grZR>DnfqBo88r=>1EgYqvyD0i%yYB$ndsUfi4E}T}6J$hq!FUyBfG0
ztj=!ubpVGDGj}I$NOG|{{5}Pri=TIpp7}iJ)fHa@j(mFyZ;j#I<mG^$Aj{KJ+TuuU
z2d8^6$^n87?~t%+^;tdsamFxwaP~ZM$l&j%{BpGCs0|OO*MGY?F)84bf1|CLVPQ{P
zSGjL+#goXZGd{w}?eG8NO%nd*Y7)|ltybPeExRy9N7#<aGylpCg-HYM4#jNMmRrDR
z7#?1wuHrqnk+XUvEVO@Rf2Goa;A{5LV`d8UIh>;n;z8o(70TNxT+Ox`({VaJ!Twp5
z8Mzfiwe(lcj)#Fw5Kq}kmnwa!$NPCV-nn;g;y=O<KuKrBT7vJ|ytEH?cz3a8Wc|h;
zeN^)KI|IbX`rNq=Rey&x+%&45WrTgyp`G`2+^l1_L)WC?(??e-(4G}bx1A}_%V6!V
zAZKXl5;dxR_t;`oy&4@&KL4^oP><vZDjv;qCgV7&%Y<0qJRJMWd+hvv8-vJeDr@BN
z^J5pH9|gY@5LL^GDh|K;#F6#?R`WR!Z8+-+`TQWjk9pUuxF+L2R5Q4OCj+iQpG9i)
zn$BXrxe2)C9Q}}tE%_$w-mU;@<s+Q~*Q4sievC90>h!b3S=1JBS$xeoeez%EJ36o5
zRJ)WoO??|R<OB#b8BQLPDr`6dJL!C|nf8-WVG-t0sY;lA1-0r?<N=w0>!a$jBQt}C
z+`a9hm||X3t;lqoI%szB95<D=;~=!Yn^w1YzEVw<d6LG{W+eU(cCN16s>)H;8Q=N8
z7_R6_=gKY(s3Gy*6MFL#>^S0vwVK|gqNA+zW+jK!vs{v@Kc!v(61qrNRp(^y49CCg
z4{;iK1^VOHdkSw?yCIpK5J<yfYveVB!u=Ruvu%}{jX+9GjK`V9@$SEYWhM?>a|YLz
zQn-&&oA@0SJCP(W#(Hf#4JmdOST{yZguGAtn~fgYqqO=rr&x9QqHR+vUov$2yCM@p
z{utn41Pvll5)g=Uc;ANvp4$ldq)d_ylT(w03P#g30x)%jqvPS#etAZeXF22k!tMLG
zusg4!mf=;~VMzzsH;*G`4ySlX2<ha=9iwq|o5g0P#*`%t@#U#?3Ui7Bu?}HL3&e!q
zMq54v&ZSIE-dt5Cq$sxfQ0|TeNDdWywYjy9f@#h+j{n!%u)`>Mlg^vc#%2L*^I(;p
z6^Gg0e_!m<`u8@Og^YF{`5J9GU^7w9uo24E+WYtFw5WGg|ELt-O9eY*j_Xyc(q9<2
zdtuXYYK6X5zAACpM?E2?67^L%=lH|SkV(W{b`ZQw{NWpXURse1Y)7C{{>p2wfX_9Z
zG-`;@$@5`n#Jb)(kYen*7SBpS7bi)aslM*T*L!MDQufpfYQP&Kg6H6D12<ZbrxdI2
zYAeLuP2W^@3zzy(>28N#iXO)`!f(4~nk$?H(z96dud?)|RsG1)daXfYGjLCc;U~Lv
z9M2Zs8jis073GxFt6xP;N}XNb)WQE^_dL86dsY;v<Bz6<@#>c2%j#>gc;9vWb1XJ%
z(duWUAB#VW@8UF^)aZMsl)uAtmM<(8mxQ47o?PP(r$bJ;-usUJ2w*Wwip}MP!H#&A
zMcK7oH(O7>l)Mn^Ck(SHi?3lSM|+HG;DN6HQ<3KLL)?1zyP2XUIp<RjOZP7;ixp@&
zbHH3cx^h{)`}8jMXPyqpWxDK1{r$-ZohG5uwy$XjsU=dwGbFG$AM#kD4m-z5-#l2T
z?$)ttI`5<t<M=k`cHQKtjnOoDZdIVhfV;R-YCHQ+cB(84Ta|T=XUGz4MY+HLz~M53
z^AOqnakCz8z=P+&i9hzyGIY3qO#m5Lyqs|p_75AB^K8iYm7?VHlD}ZbHN%o$BgP|x
zF=0wSeI6y=-BmI3kIWW-Ai$&jyP8-d_%PtrMsZTKeNgL949iMs2%UtYgzys6U1c0l
zJ|?Ww#=rPb;_AR(5eqlw$oiC;wKlO0p}awJo8aNP+rxcz@U?J>U|nOEQ7qmv5bd1i
zemLaNC3V2FWJ$1fOt*{OMTp=~>cm$9|3&}#AQLRp<~{4^in!1!zENv$tCEXHVvDvX
z{z|bE!E?efvF0TFDoLq;70MmsaV=&J#?Uoau9B_%(7WE$N{yI|bn$}sJCnf<<U{;N
z>&8BT7ED|7n@LPc9+&UElglpInVmhMsEgZmNy8bMV^~~QSSoeN2;w7!{coNAjp1-`
zP8Ab7v&a0i_HD*UIt*!-j0fV(lWQSKuwB|+J$XtN&pI;;x}drCn6UX*RJqtkI)=n-
z^=R~>B}+s<HYYP{Upx<w9nfIj-dSX!lkRNdd2m=kS1tM~hGt>|q@IYdM-|*?0*1Y6
z@T9@&5WqI4d<?C&C`+?MKI7)2-`D;}%Tj$pt*6ShwFG{Y9x2{z({c#%L}c3sNMdMp
z+p`6VaqnEI-sO<JxYH*P(P8<wWfzX&SBw488CdT*+P>mLi*5Ht&X5JozKdw_Rxbh(
zB~js!g;p*X&TL!&ESxwhi-3aB8ey-(q-VzE%_N1w?Tmuoc^sN7{6+;@IlUd)!X3~h
z2=M1@?OXk_K*^7Q$Wpi?mmN6NU6^c;C%7qGm_4xvg&zR(OwsYT`X_{xWBWkF-3>W6
zANhOE+*ITyQ{Y?2V4!3xz*{zR+3@fUVee-b?)epH?$<NG(e-Ec^DC!l*#v<fumY!G
zxay>Cxm3d$u5?I(si)&|!B42JeVk4RhVF(!hvO$(sV8LBOm5SEw4Lh(Z`F;9{%*JN
zM^TuhzHTp}S04RS_~%;X-<1@lMrYdnvr26LRxEpt*~{bFiI<*p@Lj#`)Qr3gQY!Q2
zBWF~Cp$$YPTxq8TQ@(eSWs8e+ye=3MKDYQon!Sm+`hMF*AoxM8<Ghx=kZoH;q8CWT
z4F|}#%&=UiF6l?R^{AlOq5lqVDlWQP`&LjtrA?Yw0NRQm7m!)~oQ_}*W9U+JkZff~
z&=uZpD^6w{4IIk&o0?%Q1+X$sFYEmmFs>ZKZmsN<kI7MRp3Mizh!Hi6R=N=W58kp-
zGaDI2)v65%Doj>p6MriJEQ^dpMHK!J9(}v6U|(|R7GT^Hi;xbyn^;*oK^SZX+%W0C
z%f0ixuo>{`X|B31ZY@l#bwAba99*VylnE6!A=YJ>(AsTjIDX>YgT$S`*tk;o-!IF!
z=#8}!XsW!Z>(Tat>&`^5EXpVG^s}^?W1l8)83oO$D1MmSyx<TJ)n0~67bNyQ_L8;a
z@>T%!W5mN`77qj<0U15REJc}&;sWCV#ks|pFH`z3lz0WO58YpcPjUSd96be<BP=W|
z>#UG?=%!3vR(O0<mS1@)Y)N})9~VT+gFWJwvNHBEuRrdO`lt1MrmhvFUKTe1S^k~<
zTH~qZa)#WDlA8WZ6Gb)@G{_p~F@Hv*cqb<{8s4n>OpKgkjtLj^mY(txcXQ7w+x}&_
z^kXM<^EgZgBFf#m(cR`fKR$cvinv*cEtD}hu4JN~#FrMTaNb>MK1&d7`FwJ<&5(`c
zgJ-gYeVaac6I(;F@W8I{m(A*RJBfi2T4v3fwSBLzR7`Ar@LB%*2L9DW{~_axK<Fyv
zm-wyQ-J~LSr#|G(qbZd;&=)z$gFa0vk(Kl}BiFl%qBMS)m2G<;no%m(Yk*u^dd&NZ
zyP~GY@2lJ>N5iIkKq|yR3n4iHlQcDC!y?;7yyS)5S>q{Td#;#Ht;_NT`G1I?6)0}5
zq>cqXFHK6H_mPQiRRbdwmEvDEt38)^WAp+H19i><qd*__n2#@=`bjdd%1Jf#76nnb
zB}?ARIZ4?^_33X-!P$N}3~!k>bhe0)78qe@qf(QjZbAt2Xy1wXg?w{`ab61f-x|cL
z<px6IKc}`+IKSTqCjQJt7yS9h-m?!^{`}*feofO}<$))mZ6C{CoIT`dd+Pidm78sU
z?5#O#a;m~J`ElPTqpKAwU4_Z+^IZ56(!P}|suWlY#z}pbU|Yt7ug@UcbAhcMFY5yr
zM)LdqGJf6r;T<)O>YtIb)ka=zUBPolx{5Vhpc^d)(-sseJYuEe2bki#s`oW0^L;Ak
zHC3M0Z=}_1McffH_-|7Yu!!p&{If7|;7-eh@qwISzT5Jo!KJ5bXn%6)hKOJdez7Pu
z^Y&RtG+D~3VB%ol=bBva8^q?D!QZ1$dP@i64(AjXJP!;S&u9B*`lPMy|4IU<M9eGl
zt&T0f8lS$u6{loL!N&r5Gd=I$>Cx;NrOWqucLt~C9uUIDe=5Ns{id(%Bk{P<i=rYK
z6PP(QzQ-UAixPF>Ohpy!`_{y{Yk?x6)A*J8a^MB*%c7yghX&JsWvpuDG3R|7%Ku`1
zsDnZ9rfcX;yMbaZx?t3@)#Jgh;+I8)#CXxDZi*8)BX;Arua)*{WZzZGUQ#1!)M-^F
z5~*q#ZAwM5cT^gGq$dx)AbVcGt~I6N4VE+#P;<i!b#YrhA~oNWQ7R1jwEC46FwA_E
zIA+wlnh24vEKDzpCRcXzm4gm%e0zfdrnD2Qq*G)gHdqS_9S7dfaC~PKKQEl~ZQWQj
zxOBDW)0flTvbkUxo#xy37jxgH9|=PiRQXcot`$6;?f$$oM@JkhvkoCNagNR411&AZ
z_Dj$L^&5}`;5(b8r~+)#h6BBQKnaN^Utq2QH{OkkA01_{%ph0$br!!xK7oLOKa0w@
zf}U$BUp-3hTR?s`#ua)}ehOwIH}}sRe_9#wbh~*oXgrb(&(bV%6qYeQ5n3ztHmyS8
zt>Uf5%p%psokCcBZ_wDzTbhu(Rrv-%F~*x7teT(#Ne(@<Y9t|X7u!w|JNj!*Qpa~$
zur{ccV<^6b<UJPdiK>N+4{uc(FL_e@Zs`Xuq@1V*SfyN8N?D)n{lG_f+EEk5?Gj67
zc3&2u`>f<R)2nB2kJJKO){*Q7iG>+<?whfF`glERrb4PXqg_xpPJF!qf1lQ4QLVg!
zy{Z+8AoYBp6T+&t|AtJ{$oZb!za()Q%f&ieBrZ4{;k#_PLe9@hDzjf+|3XWsf=Lal
zNv)mW$QfJt*oALB*97(4%szyq4(YQnMAH?Kw1~4&M}OL>{!C=RPb>*=0Oy@J3m`jQ
zI%9o#X$LD>L;j$K+v^Q;e3&_l^^i>*7Ve`*m+lt+yyGw*F*oq}p%Lys$c8;Dbbhp$
z-keH<Y#{Gt>GxicYD6Y~&58j%4bs}?Dm08)5)waW#bnf{-8mW+kCG}yr#wz;e~I5I
zlD{NwNNq_lxrr%Y?v<YoSiW^WBQnJXqw7!qSGtVOdV!oD=yL6WF|(Sa_*Ab96GNNl
zJ4W);e~41-G5Ou8UN5oTsllO|kNO)o;)|Gagb3~uAtGvEpv&wRC&gr}EhyFGi{!?R
zd<CEvV1s$nz8%UALkI^-)ZgMiZV}WIvbP-o4c(VE?AJppkOj9W{;)Ih8YJ}*ApnB0
zc{^X`qT#Xj6%g^t<vMxgg8a1b2wntexbS3wV3E>3sMTxtesz*IQaPBSGLkQ~#rSma
zF<HwcJ6c>)YS7RwHYq==>3MM0)#Pp;#D*U%qN;R9Nbl;cOO72S1LL(Wp!-;5dUg2c
z<6}3oJJiZLenhU#+r2l6s@>TqKYj1(2=i2=w>iLKE&_e@hPNr_tG_(E*{`GDV_`N7
zJNLNCWh1sD6zxf=4)2d`C+4$<@%+p5g~ObU)oH^GiI;S<hQ<h_cfXaKh+8<ue(}|q
zORoNz30Rg|%TFIWM!p@4Y3(AXbW}5e9&Eq9Z=v%_EjE~JujzFUkygJSausGd`i1i8
zn0LomjcuT^vMKVxc1J*>Ng?cgA@_AgDf=#bythD{Q7G|$H=Y*O*#tK5nJm(qvm3Q}
z{Sq$;oi|?mc6eEr_{Es|&8Gk5c5|Y*ZOm}BZ4jJdmO&rrGG5uZR+6|CN0U**IzO$g
zCY<SA82z=H72^~a%zowGgD8^JcP8?+uf`sNEE~OTOD#yu1ki7J*&v^$xmqr@V0+c2
znww=+DHQ^HzQ~CA<Y%rpoNWiYxWu4^tx=ip7Txhc6QsDL5<1*3oRcqX4PJ9#41>Mf
zw-rSVR|}x0UHGlk)w)gg($4HaS9X@S6=45oQGMdcMJ6f<UciNg&=by#dY4-kaEBjk
zH;!d#8uem#-rVjWf-Jywl}F1KLqz0LQJdC3V-t&BzZy}_2fFx4-`(1@CNh*uAn)z0
zKTwoQ&8U&pjKKensB842VYvG@TSCij%rTu6a1XZ26dE*7<8lsa<!;(3u339)^aOnb
zm)&}Qg@ix7e%eZzI~RwTI+%Q-CD!gAiSHNafFdQWSiFCzs<2>{UN`iey<&gfJ}#ol
zcJ7;&LNc!PG^jNmho31yPD|Q_PZIU<uP@mz)4~OJ<=qp*wr;W`rH2JdjNYJ-*p9lZ
z+nR#!thelU_VbdR_jZHW73T4kM9dkZ$P_epL_!|YA3=sKHL5o<C0i=n8E~WaPIBt1
z<dgL&65DuOQNH;zx%H5|g%$EqT7qWa!q_h2+}6vjXkW;;1sR@}*w-<<Q#0k;vos6&
zk=X&C75k(iND{ZVRs@2K4Xz?>u@~u8$}whM5Op)=BWCjJk~lUS8MsZov4WdLZG(o*
z7<(_V`tSuCnVlF8tz)p+O_C`15y0f~R`F@;55e`rcp4bSS^9TL3R_B@4_{pTif(jL
z#M%}$DkgiYdpDi{YXroKxx`ChTCaLhjXg=#H;A-qdQ3<OHOlUFiKREtTi(w|&3h1S
zvhMI2`EJ`j*6z&nmo7z(S7RZOc4H47z<^EE=k%s)iQB33gS2G=dM8TFTSVw2Oz&kF
z5H3YEZB(08TewIPiPOOppQ1(&#PGc;Cc2SN3NfjUoXz;28X)|A*{m6TCN6A1$=e*S
zT-d1NJw+|2#~9uy+~^X!ZggLJ_kw62+eTI(md=FOR3AHS=4}K;I|$X=LT~a@1Bmyu
zn-dGuU;C;^^ES4hOaCjSFV`cUw!YE&IXu7dIWor`d)g~1&tTNDuyL|68oy*WYwHqJ
zeH}lp=?!hhN7#)8##INs*DW(azC=_<RB?Pldcq6j;tGY#yvASax}p<RuL;xnjl=Lo
zJ3mxWqqrHFWH*NF;py=QHyeL;j#A8Ml4b}43j!wNq^dB8miJNi|D)>5<C09j_NTXB
z`TdTgPUEN*Dl<7{<(8TI!pyW-Svt0uYq&3o3*s6AO-`AbGNrlXLS<&<inx&rnIgG?
zOCh*Xpr8Ueh=7Q|@0s_%_n*h-0YA^@_V(QOea>~RbDfI3Ow0Na)-6mKBE@xWN}4aU
znz5I*zmZ*1V*Cu5irjSkoLkiqKgDYLQ@z@?d+Z-X#E%(2lni<b2dcLk;bTqRK*NI$
z>m!!5b`^M5#|{%(^@#h=x8m(L@(VIz<k`9G!KrilBtx&BqfshDj_Q_6LwH|XJs~`+
z+MH;y(}oHyvH7|nYTY4jV5;3TO0cyD#VD%o>}XX~CFv?w32`uev|v?WxD(?d%<SF7
zeU6%#M%RdlMVIY-@kT48Xo@lK4V3g@yG;E#BOl%AxS{6G_5S*F59r3bn|}B)?r-qi
zQ&A?ajW~m+I@8TA;c7o;n2TM;V+(E_8yy2>d_7686Sd~Z>lM4o=L}XbF%-6wggVaB
zqVC}b(ssF*RsIO&&gn@QVSQJl22h_QN$2L=$4Y`M(T~!T<az8~r>b|b`Do}N*QoiZ
zx0pIP=^DDF@$>fAqt1eskqc6X&67&_F*7^IFZz+p=cfiMZ0fBsL^<3Mc>7*w7$Fqb
zcH=ds{B(>~SBG<vXS3t_9|!%aNweUKihgI~i<;0kkjC(=%k=x&HI+?|d&SRN{cgW^
z9p!>A=KJ!3v}-QYnO(EbPaWX*bjeQ%SgtxX!mmBrHCMl)v}@X|?AB0iQ5@AE^1t9`
zuH`zDZkf$e_Vubp*YZ5=nnFQhuS1*h?V}A3((&Qa6B1uu?@`{+(I^Wx<+{0Xd=Cua
zK2WCo2!)}|iN4+M0>^d*z}(n>te!P2%L!0E%D$r16DcM-VJ;V)MRgXAMX7|LpG7N)
z$IOg_3FDrIv)E}`orH8v9V?M7o{m|FeOXdoyE8Z?FmVnvfgrb^w_blowvMDV>uk)L
zZB{G4IBrJ?iBidDk@JPj7tlsO5H2cva<3h6v27T~3yg-kvQ!tNtRO}2Mu{at?(<VS
zP8@`F9b!PJwLSam%8o_$q<;Iz>6nU!j(~*1b!%hf+$d}y(~k!$LiG6!6CZy@3Y`Ni
z6sbO$YJ==)zM4bT1C{I4q`*2VY10%LTx^dOm`%dapPd$UEL&)NwxV_mA6mY9EqEQY
zjVY95PHjaYYSYgu6JllOVj4r%og2%WV_jFLty0|l;904{d8$Pn*zn@Loeg&`t*;d2
zo3H?(Lt+Cz+)beqpI&Z^8oDfK9&<~p2n&LQZ1&@$DN1h~@=2QSg)~QmXJ&x|&s!Ze
zSQwvV>(LmMSN_6yR)9|@Y|@?(M4CL@;jVg_V5*#hY?k2aNGw15uDMZxZ1wE6PWGfB
zvV!!Ri*HyvD<dkuGHrmDhbmq}#C-}oAW^-Bq;@)Qs0H0UXAOy^m8$2hkAmV0cFaD7
ziJP(~e<gk1r8ripylhyCD6pks0QnQUg#ZqMl5Ut-B*~Jx4pW3vvjWqSo~woh53tF3
z&I}Gv8_PfbnRCS_FlbPQ5QSxxGs4^<^L5%aag)q?hqJEQi!yZ$WM$^_T7uyTOqa;B
zly`1vy7Q(9szFo(G#+n8_wa9`u?jyt`;I9Kh%TfTT)wpo&jXdJDZMRy=IlXhiHE*7
z){MbDn99g3$w<_VwfEC;o->eFMA$`jr-87Veo=jUZ!{0tt{2c;6@zPIjU}&TP<}{u
z|GG6szg|g`2lutX5T}Nj5#k~^^XvEncsyQ50N2v!c&BbD8?c`=d^o`S`n3pWfXmLF
zI#e8pzL{xk>{-X;?A3M{7T9G^+1WAjH)f4J3m;*!`(so{GQS{u>LlRQR?rDlZ|$`t
z2czJ1<G~D^WKNvuPtFDTX@fljn55~i*YJq-{x{NH9GA%*yEp3B{cou3iR>x;cA|HN
zP?SA&bA_&}U5lDDvb;@7^*XgKqli2D-_WE}+O>X5W3^z<JV>-*W2EX~|C{hyw1Y4l
zi+oXm(x<spcs5h(Yg`SQ`wx%$7<!sCYz2kiG-rljyG+!MT=HI1=F&4g9E2@-zO{q*
zEDjvzinVL?1LmmzhIm$H1vUX04wd1mOp&Tt)tS4e9F}OJVfCr1!A84Q`ueujNw78p
zn;K>8Y2!^Le&n&SgX_nXnWw6D&m_=qHn^;ke7cTeD$_GBWlVKLLVE&-Hq3=f9jru$
zh9^{dPC^mM+i8OZ3-Vr{>yHtbh#WH<gb&aQC<kGQ<+*{CFp)gXp)z-yXXJUB`#G}-
zrR>~vm-Meu$mL6>+O_wF#TGLj9d0QOW3%-vu}-bt1|Qe%HQ7Tm^yK@ZREhpJ2WdG1
z88_W6*+FthZ8n&Hd$vuDVW<7M)q;G4*v#3Q`-Ds8g9e{8TJEDAUB5-!QBWIp4tlkG
z88;m(*JLi8ly>H#?EK&+8o<)IA_}2e#?Fo0<=`ID{CK9rR?ZdoI|kO@_P+^^>p*;j
zT|%`x^d5GLs$_jszY#(7a9Q;J9UdLL0`;|5RD?|+ENM5?CG3IK8{Gbdn|x;o+TITw
zOKR)&3IN9nk`53?bZYm;1{y3GhGYl$;&qo4fnaYc%9}cLl=ssxCJH=5@7q(aUT|ya
z*Be!TF+AgF-_8+V-<c6*-0C$a@@<9{?4$Ff4;i6~zqdx#n};mz@f2wkTmBfK^ph73
zhLQDf`7~#awezj+^9YZZwG~jVVOXEi-0!Sw)x+CQI?<l4bYIRDJL2P@#-%$Thyku}
zJAZ?-RxY@d*YBeoePB}_*gpsnn8e;7lHmV%O%L%tt2-okcvcc!RgI%j#K-uG-!oMV
z({>eqJKQeekc81Wa%PxxbU{{i-nnCi*QdMkqeiXQ%YAbBi=5US4-qo>P}~#aW{^D3
zbW&wCxSo}B?W~G(Wb$#G$Sv~F=MJ)Bzl8ZkU+6s7zsu{)?KfzWxwcp7`MT-_UDGS_
zrS$cakIpf<?N$_|zK{WRdvw3|(AYf~-E{I@(*O#2C@xAmnsZ9}Bt1R?aAuH)EPysA
zyqr(rxY-Vh3?=zsaOq_R^g2}zwOM$Z)B5YX{=<S6s^B|u80V~R%+;5)it};YxxOPZ
z_pbXHLC<g{mtRT*iMpVsit|V&=a_cqm)|+Pw+}T$AQ~hs%7co&U0!G9{7?J=<oA5R
zfbz4;C_!;fF`1*N>ujNUnl7YWdO7c{7UY~dup(jCqxls%t(%8d?CWH0=@{!rJ~w|P
zc?^{7PA%){cPS&NQbZi5)Xpqa0rbap`y-RR=MlRCK;%3<4JcNzea64r1kHM&C`e!b
zc}>tfGJ_=N?J<*P<nHFOnyIoCtP!0#_lqYCzxYMTCU-~NtVfuy!XaJtFO0ofcK$|)
zFN-<97lW(L@6iYpjioQxJ))lgRh|bi7%w30v^2}!nxFvm7BS~jluWD}!wnF1!w!v|
zRh4WKu9BeE3ytZ}6OW2fly{wFJx#073>?T8Zlf{RC-@%)wW6>dUa%+Is@+ZBfWn(P
z<4-;^O<0UBg1&Z*HG+rZMtbAW(DL&jX7~9ylF_<Rg$CDIKszj2_^k)1^DLM8y%SqV
z4&ewT14s?t;O$j|t^z+ryRxHd=CD-RH5U;y+RHJ-vmF9hdI?H;FR<S7Xs(>(G1+8J
z@~`j4uDnB(i9f1z#yrr7(RW=UN3LNe%LNT%F}HHI1qkFK!ae}fc2imkJ&wy`Zk6#l
zlUuI5?FXAQp(&q~=*HxBkF=_5#ALw@dSAs-gecQH&?=9YM<?46=C?T)rPaoKk{!g3
z5t-+lMnSkM_DM4CwDnNW0uimos(K;aT<YvqubglU9&(Jtw6GvWv?u1B#ahJzxT!*5
zttO<_BUISdb-vnNlsUP><W_;n;tSJcEE|<C!ItS55NOxygPyDL>Ci9|lf&?J=}5Mu
zuw^w4I}AWYhPg`|mIY#j0DguF?!rnoW^j-BnCIi5$9k<Hbo3$A9}q|muVT0#E{;q+
z58ShG)G4nq#H~ZNjJhLN^0E$y!i4Ko9nDDODDd}3WbH0!-pUpa9+5SV!Bf)@t=cHc
zM2$aSq>*FU^O$#*zKRll)tD|<iBR6;pf@z(I~`lrB)U>%APW41dQb^^0;DxwR%qFw
zjY$Td^LENVhbb|W8(o209{gT%##Y8o0l|$sgt~^VbjBQ@S(#qVyBx2K*g=<Hy8bf3
zxvY5SI2w2P)n`ThdgJPajy1b7eWepR;qt4>4e`Cgl{?9KwJ#QSw<;>PToO+<gy9-`
zHo&LK27T);zbZSAb1S<=n&>UP1oBNR-)^H^el<2ZPw{$%dZhkqsP&7CD}OlD%1PoR
z0oYi8!<W(>|9KZnEKM|YD%{v&?MfBos%o7hqlfz+B~h+Uun6@W9jZpj5Ut9!Y?VIE
zv$VTW8dWcIER0#ZAwtHUe1eZJxKAs;6l8b9^A!_HL7Iu@KqOo}j;T3Xcv)NN1F<Ti
zY2RpZ>fiCJax5G4L*_`iEYush%2H+jGkTJ2cI0ZmOTgR!^&me&bdb+X=nW+2jwwYM
zkTScIm<ETIex*0|bUlfh$y^)<lfTvvwQgcX&Li)buE>*1n3GMC!WgZ9x%YMff+RkU
zjnSsl*cC&`ciRxAQyUNuLf_tLr6aob@~eIA#3h=jD)wXwV=nmSBieyf2LmB1bf;HE
ze83D4dTmLETB~g1L;LLbfiA`@=Z6qumepuULz=%jJri4c3Hc$-FRcg{rKWHccj4MA
zGG$?mg;{*0Fsm>Ia3m@8>`hE*HJxm1zp*M7W{JEMt*Wj6(A6i48WxYzxNhi&;->w>
zy?uLSNoKW<)Y*0+2b$fYK^SsM`zNJhNuzV|{U6fn#dH1h6<-Y1BTE?2@S5U)qCaA8
z<VNE1@N>a@AelxOn|FCnO6u!-F1X#eG!Kb|`X=7jTFXxX!XSiUqUx{P0S!@yRM?-5
z1#laJRjECqDl}jIayxLqspRsY+IBR{j1-M_DHjfH885meh95;P+6lKZ8{K|TPk-^|
zFQHeEm<z<@%7$uD&(Ka8irH(JuMT>hc1o2NqVmR?GQW%$iHM2E7d+k>Gdcb~=8j*E
z#zL*Z`g7#H$cZYAS8U`{Nz2&P39$HLH?T5OB^h7$(8r*Ox@J`8$O_HMrZ5r8W2ZnT
zqN_L3b+QCug+-i4r#?#g=Ph90!qGG*D;p`nxy<L1PJ~A1J=2Uk{j84Ovh;#4-AdOg
zolYoX^NQlA`ghBcHMovKpmwby&8lC6CB9vwX!U7GJ$|U>(Sk*MJwga!tAAqaFF{U0
zxR4~wgUwRK`|GEf>yF1z6}Bq^O5w3`qhWgD;@fo31Y;P&7cDepf4Dmm#gTW5?LaKn
zrag$Z(iWB%z=({pQ)M5DR~ruhkmkWkz^453-#|-JpZ>^swOJLk6te{qGCA>5B393|
zOqqI8s}!;DnM>XSLkxWu&HavYdz4Z&G*QQq|0Okd49*jK4j@B?UIPeCVVTm?nNHk3
z(+x=_X<`!G%vHgd7e-Mp7SKGw({$>3MUXB_QDH?_zjPgeICsDh2F`*Y-Sx^!Y&3-#
z%a-3ySI?pmj<J}1JPbwVBuhzc`Wq9M2}VF8a2B2qXEm18OVsGJ^Id<6hy~Md+--RX
z&;8w(qaa=Cp7ObWL28F}Cvj!Pr9Fzkp`8cHko=_-(au1+0Df|#HgH;Sg5=gaougr9
z+2yuywTl!8W{F45HXM^s-8T~BeOvkkor=Ah#t(L4c$<5Lfcjx$2ss}{^QCBsdM2FW
zAE-6`Gy+^wPG>?tsa~Sh&s}3-EmUtQv0Q##`s8qw366;w4WrA0aULpNTEsv}KE}~N
z&_d>Z=JpxO@TnhAhi0rv-jM0e0!E~AaH}fD2(}a8!d&8lIEq&e&5QdL0(Zrq8E27^
z_A6>9QACLuvvYy?;FNnA>&rHFr;v-d+FhG=(?ktv>@R04ABayFth);|Nc}T`-8y(H
zgot#MljPX(Ph3TLo@|GWM(luxiIL@9jEHsa7N!W*<=CqM%=*r>a-9T7w0cQ954+T0
zq>f_N7P=mzUjbn7>mhEiq+_#zL%Yf!0hp5K5Ko()fcPb%<GToKukcap1^IDlx+M>2
z<#eNEBw|%UTrJ*$ynpm5B12)a@=HM4xXMSu;CigRRyBw)jV3Y0JcN4@;_MZ-<X<Wu
z$HVhC?|`m!+dDqqn4LRj=H>iYUvzcO3}c$z;v7NZ9yg9CXIAD{-^|yd6AQEonuqKN
za`#E<c>+b7!sOi%b}g&hw~72m*TPCtq@DN4^P2`S?aWb0zZ<1mbp;-*_{_yPa{$2?
zJL3I$Lcz<&%4zV0auel!lQ;dwltVa_w!;Xla;teTvnmB2jICqxZfkeu$U)ebaj+yS
zGkSbNWx`2IF#-G1+m4vuCUKv%Y-fa#cf%^ec8+4ik6O31Cj+T=AXpXhm$;A;Bf6d8
z1qCxyZ>7WVg63NE%|J3e0Q>R?D8c!0JK<<$`A1B)$agmV7cHF?*>3i5_hAU&lx3K5
zk`CnQfG@=QsXGw^s@e+dRQ>uCRV$A+3#Io)LrS5+bIy63dxK%hSoV;y!PxZLAyJs3
z6uushreI&X!k`xMvhT4N5Oztj9U+EDOO)kBtgAha@L-`2FVYwNgK2ww+9~0e;Dw1(
zBQrwmE5S`JWludJILnN==wEEk<R0ys8_ex0V||T&nuA_TKV`cX7j)Wv%2?m!y&aFi
z`v<kiT8Z`_etbB<aOsY-32J8IQ&cuVU>)$xHQVtEdk-9Cba|wV(03Q4KOjjt6?gOd
z>FJ5qN{a&gm{O2b>{^wJE@MptY>eHOVQx^8d1qBnd{pXm^~wN>vrQ;a99WNcznX`V
zeh4I)ucJ=I^^k6l0y(hDT$$rjyOzPRdW16wSUCXNR1u`@@Z}$%QD!iX5t*eo?Y`Z+
zN}%c1&wI@ozjn)JhW9--^XnohBeEijfWV%ZZ$xdO%w%njL>MOOiSN<-?}C`Y<w6a^
z%cj*ke@frHf)+F{>bC=~RTnb?x0`wr^Y<41%UumZ>Zyh>SqS^Xw#gzufWn?~17T0P
zmCqT<=cuq8)uFMO6?&ho0I}Pw-PdJ?7*>g7a4%?ghCf0ZhpEgNA(dVI?C7_?Za3wp
z$2d9eQ#;wBp~-sJsf^p583>C!J#N2~7k+V@Jjgi`NwZGS2SSh@LH((9_fnb|`|5(e
zRiZH?RCQiRe6Vy}93}jYbLQ!3>`9yr8EaI~+&i<)h>XigPt>a`0hKH<C$V-3jmYFV
zY^7!-ud~2pY)4&0ViH5pji`t$<RKi#Fmc&>!@d+e3*d7e`U(5I=&a}6<LgMlZt*^z
z6u&`yOwL%v5BX`kJ;PD_)UWv#JIfQ-Fx_yX<4!3mgiQ7jDkAxj(hK6KLWyaqj(s-n
z3U0S0`b9=X0s#Eo3t9`2#_&TcPkWtQ17w`IfT(y#CG%u_8&p6T5r_vPsB$klSW`;O
z-ECKf>2nP3vjfeMAG@|Y9uPV{kXERFT!MZAMn|?R7a(*sU^c8*5Pbo@Zz!5_*6VXY
zij-KqyWoWSv0^`{B7DfP-LX5+S%0(_mTA{nbvZtC$Sz>6&yK?Qs*0xNx>kkbPJ7w7
z8Jtw)s{A<L>Ie4kwQn8*0FGh1w3ZQ90iKp?GhxLmO)wzU@=I*##3HT6@S!$y%S2;`
z&heD@-5k|^IRNJ}^R@x=k76zzla@hFBP~N!wlZ)1K=NK7usJ#lgkP=#gv*RLyp?nw
zlOiPk_3v9!V2Hnh;v;a*j$dwaq0`V--q88=W-RT;>;wn(C}{=p1ZBtADn^Clr`&+C
zm|N*nqGfS#Wbx)<={;uJ9K{z;nUNK|%AnB;G<}mlV^4ubt=i(HorOyg?ER9|t|}kK
z4Q+yAH$PluA`U5cW*Q<2e0LZreY;9rDBYO1m{i$TX0RfPOIzhpK_k#*8Ie0XWz{t|
zz_kkMs8<eW{1+q4bfL+=BmtYEMSOU6oIbKLHq}vgg~h0SGK`5u)dw}Q&LbX6P*k~?
zEKlPO<??-ZZlc;dO@@i~!;Z#FnD1prd3Ozt@=i*nT~NHrR53h*YvA9b&)Zwpkr>(6
zxw0G6TFx2*ojfz4;sE>h_%_qn9^;d}sW_zcbil$cm#>%Ylqe(6`N{nbfghbp2t#c!
zxUTaY)mYXHv?o&s>_A~|fy2f(dL4RMw`jXOxYM~-nyJiS++n~tFgftf2l;>Ua}L`R
z$U<*w{L3Z;B;!rS&Gp_s!CqDg<Ll&SI{eC<pJ-rp3msQ!RmeT0Z~xA#h1~XtwvV2W
z)PwK0BslUOUk3Ju3@d}C@=DY8&I-M0peX_`$EdwbNmJgtycUMFnNSt+*?KdGpUo_z
zIQrs{lJcATSn7uIIBDr&p<mL%K_M^@*zty7EZ>(jcI{yPskAfO?N?(GUOM)NE?o29
zz9{bQx!v@Twd-mOh=2NOjP!}9C-b-k@_MEf?qc0dJrbt&iuk(7`G%{Hz}*RVvF(N#
ziFfTdlO(&giccZEDQe1JuetiBZ|1|BPm#P`SKs7rX1%&1db)*<UZ_WCf#%*H2^fvN
z8e@;F$lu7mR6}mERjpi&aUIF_2W#j|Svg~E*QYNa^gvjfgh*_MXDYE!PuAT2$%(P}
zopVKAs#obn&GH#n`0>w<U%r?NtA6R7R7PBl*^+Q2i*H(ip!`S9(F91!ap7aj5|GzB
z`6;D`eN}wm%C^m`$qOql+@45rdMvBj$-DpfaT`c8gxblC^G&4}V@;HX@L*A(Lb6wg
zvwx!9jGuhBWRJ6=PA+M_x>C|$;8}y(n5}zgHSgMgn}M0Q=JYek>1ss{!61O;q$CY&
zGrrE8CtY)v`hc>RMqW+s*dLF|*DGm}Y`kf;-XJ<oHZ^;;L*Fcvzl7R8@j<-zrr&gZ
z;$%+G4J#rIcGK+C)BaXnffQqR24?=+!7w=eniF}O|2ZI`+x~$D2#^a(Zx>O$69CqF
zMgbz#GZU9$OwHl#r83L&#rnM5!vXa@*VT_`$1}^(R9oz%%ZH9UD?*x68Z4m|0@{?t
z^CLK})QFev10_sk?c{LBG7r_LL$}KTYf@W6g$*05CgWM~xK3WNGL#4W*O%ky@_kER
z0UUFKGehWMW|%ebb*0#OFV7lbJ!-i3q%$i;l)4m1HMZ|{?OlIM(We}mZ@-!9W@5R1
zf<=2*z~CN{G9%@VqWnzincMtp{u|US)m!5LX!63s0hWh^GGnJ0V0%bI!ZNK+sRp;)
zqF78`Z@x$wcl>fv^Sm5c;&AiJyAbj35(a<&dXUKVqa)Hj%>e?->`xbDPDylED%U{k
z-fH%n)+dz-<yKu48D5##3H5_hH~#9{>=$%#_o2PIX;WU)nSLl}1%q_Sg~=4Y%WT>K
zcUm&GAMu?g!{|d)Y-P4=rKHYRbw>S&Ye|<bXZPT8W{<$-_rw&mSH_l^@`NH^x_(35
zK~*X^$a{((K&0}EOpR7`kHXX$Q+hFg5s|&5dUMJ+CKCKf4Q?p8Y#Ejp%UIeA6pb)(
z6|wZr60HKl;!w0YN<p8jic9Uxb6pD~ACM}j%xr<l^a*udsyQRF(wXsPfB76u8`!+N
zb@(NDzN8PR2bUWohaQuml_fe9nGx@+$tvQoB5*`-2VRD-i3QN_Z1;S%{j`lod}#SB
zBceoNMqUSk-MxgYMh&{du%%A3b$k_gN~Z*4-V61!kIkN&W^(2zY(=qRh9W^QdI@8f
z&5zXMw5ZMD?S4HMI4%9!NJGF|^hOUjhL(@0ap(dk4OpUvhqUza0h#W0NTF*%Gux;5
z3A_xf3)H)2*D=1_wj<^oo`u0FrW|>Vyt!W~AcUsQWrXCP4j6c(33xa9H=0NObvra*
z);K#W{ka3e&g{dAi7FdGVu34FU4-@xBi9%v9tKoP{&e&J#(j6z7l1SvVTBsLNyQdb
zq2+S<;L;&!=R;IuDESBoGYtv&m)_#;EM+cTYUKsC@^-w;)Y<9HBU<&H`Q+<dJ-G|n
zSlljwJLdWE{xVt%E(xo5(3Ln)HgIg!0Wtevs^hS62Y#z$yB<++*Z}223LF&N5`|H{
z>CA{cq@U>jjp(jnad|*%>9F#0-<?@Ev?W^S0iVZ~-H|lYGGlivPb|>4f`VNlr*rxA
zE!0nq0UX(%{IZnzNE~p!F`61g&hKT}!1Y%bNP;1q!MUQ{nAXea{H?+_>0zAlgWE3T
zT+QBKmFavM<BNYgFq|}N1y&JOB>p8JaO><+VBcVVqe1appC!d1n9M#R?A=c?3pAar
z&(dUaTjE5D59y-``n)(%*M}5+i7$|vLJi#}{*7u3R$|!wdpihYYb9*iJw?PP&K>zN
z8Plqc0`#XnHrw&Q9yzyvsUz1W_Cm#>u|mV<t=x?58vI>U!TpXmSFn0ICrEKmJn@5>
zT~c69Qm@bKkBN^gob`j-O^V;PZq~5}pNu9zYqX&GvLCPCBBW#=7v`K&08hHxr1#y#
zjl1by-ZhUj*~&9d-U*T*ptQG><M%d*589?aMHTWbAIkP!zlCQ51)$2`pA0g;4jm<V
zJn>1ZFXTIm78);>GZy2E=O}ije(<eWHkmxS=2NpY$_&ou_v)|9M@tT;HIEs0RqXh8
ztLrAe#EOhxTohYQS{Wq1XTR9$i2#=(v|{Jp-?g9<pBzqW=?5Gqurl$;46ElNVxmAy
ziVv#CkJSj^hcyC6W?bK1Yw4SKO^Y)pn$6%TmO5vU)E3&+2_3N!7vrVqs~AZgSRXvz
z5L$WJuJh65_{bq43_oHgYw3rlX52+Zvc9*{M!YA(wE4I=JLcCTsl<HOwNPA7G;Q}I
zjFo8XRi<S`YJ!mYh5M1WkT9tDNxT)=t<wT!<;oz^JlFVOoJFMO!~Tk%1Tqo~XT`YH
z<7wBOIj(=h8J$hru$B&+1x-Iw<fvtV>~}WhZr#5>sd~<H9|S7uvDtdy(P>c8E)DGC
z?iQGsr2^htq)uy90tE@?;0Faia1u*XEPH=h*zL#y0P3H3&coov%w|eZeJ9p$ETiie
zG{rfg9<H(!g4sJQw9AIgV>`*fVE=qg+2tJgkCB8}#5}}%oKnz2jxRz$#M$o(n2R6Q
zS8@C@$Y?sOc?|Gfd8*fx+_r4zj(Qt)mH0!Oz@l9(Kxl~Fqt!j>xEdpn%aFc7szeMl
z2j3F_gPU~;@RZ&2>9nQWA(gd<aGJeMs%oJ@S786Py3Afo>1;F^1LBb{SCl_q_y6E#
z{}(m|987i{1xG=AIde6l%mI1VB^9Rud%3uTtN=7?&8rHdDT7z|@64;PolR?YRNaUD
z`XF=M(Z)xS<!z=!R`bYna4EP1Pq?(h;App3)w9mqsGq~DLNUz9tlja!s%t_9FMUxQ
zz6hB|ZMzS0ZWqrDSf&wZD8t0Za+?ZM{R;a?7t7$G!!QCh*QEaQSYe8ku^9e|cgI3o
z>FaD6p1sG+4sA$F14PgYT86X(=5!^FRAaAm&RobNbh{LiBg>|b*(vHBg5`lS9&R`)
zZ%JG)s}%))l)R%j7)Amp$AH3p+DrjUe4jFkYjW)}j1t~!MCy;CUqLP9el9nDFpzfs
zId+{(6MP5XA;O6jM)5ltE@>wdeCDXzd85uQQ;w=VpvD_^oh6rnbLPM8rIJxxzaY`N
z3pkrW0)&xS!6utntN>DX&0pf_MC@hHmc^g8m%5>=SWRE}e+ebN>sB0jshI5KVMn}Y
zv9=T8VsE34rX8OVUu(s@QK2I;ffJ3-2mx$1f@~RUMOc95X~e?tRLk=En;}Mm2J3{>
zn=w^Lj$=83#;vQoN}qnJ5!(be#)KI+=>g*$Uf@@lq&{8iCw*3#^B#;%JL3dN_5}M*
zujan5BcD0!5f0`o8<VjE{n%MTQUA4x%-FH|C;_rm&C(-$X02;BlN~B0-ftsRVo{>1
z8D*i-8aBxX)@V;+tzbtOPVPIUB&PCS%3AP{b!sQXWg4xj0*%^a=85<Be&&6P1mdUN
z^$sI~IBCA47*Yy0z;8Dr$W(((;Lxz*-)1G;geE~F#fSJ&>RC2<CQYCKH<WuYzWM_c
zILZ1u09OMqRfLFKIjW(Z&K)mN;KfWobuVI+ePvo>mh@>Imp_|U;9K5O0HG-Mi-dJ)
zc?u{*rGYS)C`8>V-=`t@2ydz!Ghr1AOI(4nF|m}%i^YK>`Xe7{*cw*>D@bYf37Tkb
z+xUQ{4ttYw)}>?`(p4L)p6=8EdxT-~6s!1CnGthfAgN3!sM!s3b5~@ET(*5@D7#F{
za2e)WjPSTXNPgIxp}Qaor#I0&WstKCDV7#cBpCC2?7!E_FL#(f_ip+6qmDMR!eU$z
z@lHQZzsWf37^Oo_0p4JwuVLw8IL*Ufiz=^U`l8I+%18p=8QKvq!vend&XG;^Mp(>$
zL4mgWXnoikEyF}jev?CSDgc(~!j%V0$WOy!7G8>c!*C;h$R&L1{loSxl*;<fY-XLn
z6hUqN(rq%x1IP${cGLI~Z)vB+Fw}x7_~%-Y4dhm)Whgmfln&U8q2ocBu8_I7Kfo}m
z-1NncE#-=JO@&r*AjQs|k>23Y9DT5a>9=}A1UbvA&E?4{lkx3zKbkeCcOoMM7iP{1
zhhizp5Ax8c9=Rb_aW}OdXJYw?raQU-gVv5^=P|-6+Yptp?G7Ju1N>OPG}Us@A-K{W
zvfEiCwS1zgtt=e?X(9pTFSd=YOiMAaJzJrh%8a=ARL4X6g|V2F*FPH+1&}TB(n>X)
z=LUBw=_C4-vbf})b5Au@KPxR2{rb}<Fj(<EIWH&nWf?T0DsW&B*-*k%RJe23JJjB)
z-*~BX7q?$ju!47%WdQGL+e`d)6*H**30q@iZV&b_WwOUfY}dc|_l)!fNqfrGwA(7Z
zbyI<TY=FT1le$RM*pB0MxiuEZbcUM>)IbNeGds{T7*n?T&^C}bH)Uf?=oyDp_AiVO
z?VbZ_cfoAVmimE&Ky?Ma`h`t>Yy<qN37ewLgX*eH@Yv}A<bM>2m%FnQs~U6E*ay0r
z#nS`obAk5%UV-v}IXxlKY6ii5nvVGzs0vUtJ%wmmhGo_HwE$tbcBknoG#FsGd7VLN
z2h}ayqmM*V&_N(I#Cokw<TgO;wo|3OP_>C5kHca_KdB7ZPGJf@(2czlOV;KUSXg#?
zqUcR|>U*8wmhf`df*=F6u4D1>_SD=F$tuDq)*w$T5vjkI1*AF{FS+z_J0zH_4EUaa
z5??EE5M?qI@YaTU1c@%Ih~<|X>kkZO18K(gl@Dnb#9{m{HhBlx=$`7ZgWF=|NScQ}
z!w{~>xgXIi)X&|YT>3`>b?lQmP?6-vy9-V#{zOIQclkC`oODj8E7Ms&(l`=Y-#&O)
z>~P9H`3*mH#rAGdsPMMpJwQeIx>L>}zEo)N?Hy?L6vPFdoV!K3n`-WP5a4jEMK9P>
z#OFlHrfvIoO)C2;6Jw8ZW|vX~<kG)#-fZDATo%(0YUOcab}%9ZH{CxeH_Fh<LVxb|
z@m?I*%bB@YbyY<Az<EQ{k797=-fXGRE@Py_y(F+#TL4=j6SaOV-ZH$7%eSRmO|47m
zrEkG(CE(uQ6p4%J{%Pe?Eejcxt5~L@p!Qyes|5&l5^M)acd5+Xq!iTVcQ{*&K+rC6
zk$plK9KtUj3tNcs%d%}J=Aw%09fo&xSgSFVsm6bFxoL{2mV?=TiPp$K3V_;=>`fyK
zp#=Z@zpl}>M1P-n$Esq&)+f=a5BeQ=nl+tju>P9jDDC`Gu&v${wLZMu7*b*~Ix`pn
z5X(COgtA2iFiIExPH7p;)r!Q~Cg{WPeGPy!r7a^+n6K4DPRz0=x9?s(K6q#^(%cWO
z2@1g0_IOisgCc8Jcw##3APAQ9mr=VP+%(V1!2kv?Kv{MYQsBq<P?stn!q8)j_?(@%
z!7%Az3AfzpM$2HExo^uz9Due})g!(~pY7@@h1_Uabkd&{>S$D8ZU}piSB(;jY#YO~
z4{OX(+5f})sr!$vt`(eZDsajaq!9XVz9dB&!;+4c&<@t+)t8X9CCnZMF%+GXzA(R?
z1~hT<5E_(sRnm~JWv8ci6Tn1c#+Otn<zfGVmw@NGq!y&#Y8lEGBmre1X;n=5z0Q;C
zj_UqZ<rS1ZX%alrLm!eRJYjiYO1c_-Ra9cA6sb6<>g%q~B#99TLiMuSd#3<cqFMRe
z0XgOht^rbq0k8CK!<xxQI$9PzQ&lhA2qd85_j~(B-ktJNqwgXA(myDSB{aS1$92Wi
z=}tKz%@-vlnrxVU3d<(c8{roee)d4d_m-Q$(~&e<&}D_UtKLx!Gec9Kq~pgfqyqN;
zhl*5T?;}WjKmQ2Rwms^2U`2No@~dH^H%?Ca9F^bYmk8!pg!BC+;Memh(tN!R#QXR~
z=(<xd72clySO^*r{kDqGn>DSp(O2)&peH0Z#&Y3>e8&m`IyK&{O1oJJnO0^AX~%d)
z`2m6JqY1WNkr(8rUpkH+DQOw`Jle9-`baB2BD>2^^iAHZXDzw5d|miz>Ik<3=ZQ*P
zJ5i}`F^P_Liu-y;4^(@(_KA+|y0cfU5Jtm!ij5=DX=R?Vj4poiDjw0Xa%v}0L9H3x
zSZRH_$G(N!FuERJLFSHFuME1rn%cXv%d}=zR^b`9vi(o;urK^@fUHHEE35JZV$!XB
zGpr~li?H@!rxYNY+P>yo>0i&HWrE-AsOVPnywH{H4=b&A^EDpqcAhg{(Riw%5x8|!
zcxyXM^=0MLf5D-dc3vF?hgTuVPPV=-m*z?#nNGqmoY*+dE$<0|mQwE;>XhHISa6hg
zlZ*XiRbC;(aQn|1y4-TgZ&od@wBnTNa?dtOH1vU)0&5GE0y|pn?`n_QDLbxLsi!F;
z^93rsUh4JK)0uhGu5yDCqYf8`WLE=@H=(vv2UPL(4$`=3{%Y;i_pu}SBgQ4o@>3jZ
z<hzuX{@na1U&<8)rN*2;7$z*6iZM`(Ry|`yU9KIQ%#U);9=%c8wBu%g7aJ<XXWY`9
zo_Hn2I}E#Zz~7?;^*?H~L!YrCR^g>6OYR-BQc|Lmtsm!{{@kcj2O+$~VlASaBlzdc
z=7?a3P79F|OZ7?+@Andb9wZee^>9r-5cd1w;e*Nk|NI!!7%n_ZwE*aQc3t(j7|4sA
z!-L4TD(G7%5J%lno^Pu1L_FfYSempd_pI}68Pd0J85<M8ofU!>_DyXEs$hveR>7Ql
zNDI*q90icrzP;svl*cA8gqc~vS>=sOwZDDhbk~;a0AXRxDE+~107+(lUb7mVcIu#w
zTa{QN$CCZQG3_Qwf8MFdiu_IftEpr3vg!Q(C4oITPwuyhU;M{riSXr4U1?9>mY@OA
zdq{ash^qm(H0<zJ&Vyv(W%|%#1i&3Jcm3j|ALUgmpC|~D5+O4U_SmDmHy@)!uqsYB
zK^n=cbX|*-1xlDR!I&H8NoUpOtXo0m3y}cJ>3wcqRhV(j?RwIDrXM_N3)o?hwW##Q
zl-?0kCE#iE=c#&K=2f*|>Uo28Z?AXche3@GlC%l?;nWuu!lOKGI~t<#5YChl*?z^*
zpoJDu-<i9Fth}1qS(z^@^C}X58s2gZgH|;u6%Bby8Ux2*L}<^i^6Vmle4i*h>RQDi
zb@g@#hck$Io`U&63@fkxsz1F;?3H7}=jG9kE7AV0?X!(j*F}o=#7L2&;)kVx$_|_Q
zb@9|2s?^}&$btd6JS(nIVZ&BPlbwcUN-7lwWLcD=|A_m|A6eD&R*cZ>xV6Z*E_pLG
zBkC<}k09~C$a(_%7T4eb7{IOu@6nBf4*jX_igTGbdX=(?=+(?V$A#J_&^xp9jRvC%
z#W(Af_5uUvK(fl7d{3|ABx_|mB)<?AXzpe;QI*F~wIc?!?VD-(fIpD1hyZt0JWQg(
z-+wL1<ycN100k;1w*YwkJ=>WMsMx{(3F3vcp?i51ErNsDV;(50;FPkBk`<l?RdW_{
z3apKOiTkL=^Pez{IlX~TB_#mwPT9O@nTmN1@o^Pp+}r+l--hOyB9TEFqnJ7f-7>Af
zPoS%|1;jCcye<n=VwB2MWOX8%Sv<8F2ib!lTc)+pTn(FPY%6Jr78Sp^b7N)wTXAGb
z9aN7ctHj<Q%TOG=)L!V9cz?_cc#fqV78oYGF_zBxa0YpIkiO2aDszW~2B|Jp!=o`Y
z>Pk0b$;ZcC0Gwgral`WTeChu&f4C-);pv}m%3<klM_>yDi1)jAJw7{T{Lp+4-)8FG
z8-yVV458ZvBhZWt6V10BBf-_Kb<wm!bH`05A@T1ZeE~vGBapV!snF6)WqdI%HU!Ev
z4+zWb+ju`{cRrT4rZ)%YT~1|i&^`cke}E@7R}zAU^k4*l!P!Ey6O+2sXC1xplzUC~
zmL&wK4l9qj6iILTAx-LscjR~X{D!g&<KwtPJJ9W@Y@}~s99jTRuas9d>%f!&uBjT^
zVM-@ip8YM#-q>lr)uiFqJI;Qj-{uzflllkLm$#RG*Y@o`hQ^l3%Gt8g3<7Q5JmHkK
zv&#Xwq0_7cStyO7tlKIEwe8{WgX+iR=pU9`zL$^ELA*!+XeO;C2oOa~b!I|-=2~cB
z&p$={Q{7}2+SdlEd#S(_C=are;roHYhG3j{0Y)O;k-&~vgp|jc-~xQ-B990|3YABB
zmlj#6N0xZ2*&}`n@kbh>5DS-9o8gMGQ^s<aK7E4L45HM?GO}cZ83v?zt-Ja!9Sosb
z)Z_c_c2&Cq6cQteOdq~@kbBxDX18WL<BN|SvCv{I1gCtRW~ywa5P@34OHb84RNMty
zfZ`1BvnXx#z9+jzE**@Z#?`|OG^Kz<%`%n%+xRhHlm*}e>^pVLo;rE21=_USiqI89
zbK)_+>|6mDH{_ZSw?aF@m=MVMvDer%V*}E>%lglr30T$yd*nz*bHC-krEFDFzR`@%
zEV#Y1cnLLt%~#M~K2KXsd!BBCxr1f^)=$KJK0S)4MtkBeq_i`_aSi`GqElw7BPWOc
zfwOlkIf=?HcG}w%YfN|g8Pyel4cWh5z-pk=j@%%OJZ9>SWoxa4XCobhC2L!#STKWo
zS5|6T(&EcCY$0n201Vr!>VorvE-6dMN3zozmBG9>HZkM}(z*9Dgn{g_C(;!car*NV
zoB;_mhRrtsG+)T;r-ZaTR?I3O%2{uX6kVG6NcG64SW<l9Y9uGED1&5=c6WrV=dnDt
zqX2qDW{vpc<5|X6OYNJkg-6O7DlhETujn|2p7ynm4IJtN0qN(2A4r!)T?4mGQ0?Lo
z6_G7Lb9yeLxa;F;1t;x}JoCK^q%p{>ieE?DHXY!d76mT2H6wZ@Xoo7RSySy)hCw7N
zX~FHqJedlLEh(kAv*mA72$bA0+;MPQyd7h^!Qt%FFaaF%QhlfjoX>kgr?}l{aa`FB
z9<mghNdHWss!MMZsHSG|;VLf$jjF|_SZa7vGr(BI0&D7Eq#D<z_%jbR42GzP^PS!&
zKYklB{=<i#TFpie$3Jjx{QkpFf1UWx&kyxlW>5O~bhXHAo_wA;(KR!lXst+TNWJ&l
ze?rEEp7Zfz!pM6Lq-llC6z+{YISM1-gy7PsjyM^wLhOhW%bllEW3MS(lfbv~zkRMY
zjlC9cwBr0X)KpeNKWc<}JwLL+=!@ce#$NjwSGoTSLBnQCKtcPVdA7&1X{pH<9qWGw
zO2%%THf#JHw0Hc^{^buv&|wwvoZd5JiS1j%psp)At?TXQQl69Fox3-2e~9!#S&9uY
zKgU~(y|!oXgozwk?_D?1#ye<RP%N+=_V>y(?>j-C9#L8hKS!+F-nz1Zcui@F0XvPi
z&<<V~#}Y|r16xD*O-m~JLA`;W3aZ<!gq_&!P&z7!6r11j9He<zdB^sx_vA#jo8X-A
z*Y>QJVRYrdSq=ZV*lQN|b^NPu|KVJk6y1Lz`31S3=dukF`rgy7KW%DvK^3w|Sge+Q
zBOEey^T!+ZL&6kpKglS|JdJR)Z}mycX(#RrpXPH+>-5Eg*DY3jv8w9n*KXeh`%YTR
ze;dSA3h$!L2fuN$erOx*cM<YTw+md9@jz9$8Me{{blj|2HVdqt(@G-2@^AergMVuJ
zZLJ)Cv(=Dv?()Z|R=2-K7>&_ZFIXoYxFuJ--#P<{RQhloho3i;rtbKxUG>&U4*fo*
z;tbf|xL9!`_L|*{r(gB3ad8GbKk2z<>_m3{{`aZhRYNy!G-FPkEI47%zYHr<_?u^|
z9^1a{@Lsd>R<nkbHMYms(@uIddY>f~W;~WWuPzcDku!2E1?TMdPTaOr%&)%z>pxQ)
zvctXsO=MUup{-<v%TcWrUPO0aZKLS^4fjRWKF*%3<<rymHm%-GOrB9%8w446Lt38@
zT)ioSN6Iiv?9)ZJ?`M_X+r+yx?649{$Nn~|+6_Me4l2P{PQV>G-&)*gCaHg0Q~zO{
zV(89$(wcBs(vz!t|C3$te&_KdTh9MfGEA2O1=&t~vUzK@mXYrRPxG?|J}*G?%YA!4
z;k8hm-zxXN|3(`2y=gLWz4cs8Mhwpu25Aj8_Q(Gx&X@Z{apj>wa;U{S{5}-p>l4NG
z0e7W8AkDimjSm{nvi$Ca2I@L2?Nd`!k463Z-t7Z%zJF@h$2?N_7bO6fhoJ9*O>fz^
zWaiCLLNQO0J`cpyprXm&aGx(7S!ErU5nf~J=14D$uV}{}R!6R4ePHgO?TG@{<@bM^
zV+$LSaCxb&gWD%SuBGbIIoS)<@@Z55gb>4LTKtKEcSV!}%3|++<u6OIrBSM*GRkXv
zr-X=%<S?z(<-Tv)U!;PB?q;bT8Q;C&q;mTyIeC83DK?(t_wQjxP<Dg=-NygW=DgoD
zx^HiCXn9fp_2t2DZa0HdDt-mOYTKvLu>ZZwccI?pbChbFw_=a-p=JGPd%Ncvs4K=d
zs)e4bR!gyEP}Ld8^Zz@g_aQ^5-&gb90`H-}dnU1LFCXZ?kds|(>T9L%_OnbcCvRqc
z;H>7mi2|+V0lVa{$2Wt&K{2qqD*j$te-2TNZja}tj-EEvSNbi`o<YX5E%60Hbrcah
zB)w(o#%&)_UMlcd?th$`p}wnp7PLSLHazdRdEOBgS0c08U%On-OFt@q?K-r5f^&gr
zHSCh*r2kCEXql4qU9jz5ym9~QYH94M?B$$Sgz@iYQrBbaDb2X&MuoT+5Nq9_(!44~
zG<fesRtW5@5IxAhx>2RU(QDX$#<>7;cpY_u<Z2;{J<zdy4s^Tu`xNuDb=ks0IO{uZ
zhQ&+9&y3xOBoFoTCHqZ~6Mo2a9o3Bf1P({a7g5^n)6jpf2L1;bH=`*hldCmdeH8{7
zq%8EK4Tj|38`ZC%``)oHG3w*%QRAfLfu!Ux+wDKpb#q>?pulHwe_)Pbb(cT1MlJSe
zt!9OcBF`<%1{?pK4EtTUPg)+esIpOLtuoA(;J(B5c%}1V?@7tZ-!l8xI!^fR(+jL;
zZbloby|a6QFu^;)-zyfy7u)+;uk9nBYsBq;|NE!p_T5g+(u5@N)9v$ajm4Q(lHUwG
zFIGfKJ4m`31aC^_W(fXe$BFfePVHgeASY%nI;(#B-+A3XaIn>FaBDkzjur_iN^<yf
z*XY_yLvFPg`$;#5@xZC^99a570w0C|Ik3#+P{&o@e1DJ->9dwcFr2Y|7=H;}APHVW
zBw;Ghzl{Lht>-&e9f<`mz*U6`wji4}f`ZRvp_8B0Rf-;l2!2yu*v9BBozSfG^46aB
zEs)m6WWNk^em9QY_37p_NanvQZJ)pTL;5*`cjNhO%aqh(+34>=b!OBT72|&nSq&>w
zrDn+?mVoIQoBsy!3HhG?2l75V*GEv4R4VylBxM}3+;{QQL_Qk!;hXIf59g!hAhDf4
z{D-(`(N!IDcb(gRP<%E+O!s;#YF#v*vHsw{bn&0a*M|LWpZY=vsXDf<iB~@p`q9Oh
zfxh2A;lgg7QHuq#jSM}x6~QpF8Z5THL*9SJ^gjOEHiKn@)?i)#iEKMSqDX-9Tkr@~
zE}x6D750Dk$y!6{duLbjGwC6rzXi=^e{D47cJhmYc){OGc#mR=+jpV9#h4tS;@gq1
zBQw@ImCL`{`}7`KKkJRz3^Ut1fqjZgZ*lSbxKS#yDs~6G!|zY2fBy}jCx-i^X|(_E
z%nINv=)IUZin?Cae*!&`8xc*pHAK-)CS6i?F|<qbe=|Qba%+1}|Ld?XdaK8lRA+ZE
zy1eVdA>RZo3qres_jipe6AIj;<vQYjFpC-5!e3`&>(!8r1^uOQ^%2p{LY~tn17)=P
zNWj2Z)79nvZ}#G$8?0BP|NWw?e2Mj()U`y^79V_vbYLwP%i2mIzZmU~&L~-$$T`qd
zh`sl^hvIM=MDMYrVWM^J<27B^r;LZzYg`k?<IT?rcMl$$Y5um-*A)Fxst0*d6$+je
zU*0JdK8UZ+xVoSbrao;HFoCVy|9;JW$#EYgtrhcOyT&C_V^L|%&A;Pf6>9wLNAb^G
z!W|c#P&eS#NUE_Jwh^$18Qf+)=9$-nh0yV)#|1{qA1sr@z_(94bUFfbx(Ye6_k=7i
zqxVDVhZDum=w5-X!CLR|LBk<9^N#yyq<d9$Gv-;u9e9qN`Dwr)bK2HFiuGnpmgqld
zq-=V~zZXAr80fyQU2(?1|2DAfs&)P~1=o!#!`V0P3xz<_gOA80Sgmn}SAp=M&!*%f
z;s94SIoRr5VyAo6)CqO3N7wx~R=3CR?SlP2a(gw~NAMfy{=yU4+H0J{hpkMkG{o^;
z^T9UnZLsV9!JqtDrk<s$v!LQ<nspQTlJyb9&+XHS4L9T2+LEo(c{7=K8MCP_$!zs%
z?s5CcO+V~=vk9p!{1+v1u;gX6^yiga3Fas*$QQEL4*Z8!bkNCXPUBD9o?UT!tk~Xt
zT*D$j=k*KhqMPc@+pY6!vsbmV7~)5B9pFDW%YzTy*w3{ZX0>03CWq|V#_L<mY8^GI
z?EDtR$n)O|AOEu$dqAf&FU0(Jg>?5@L)YbVv)a4g>SmSh{FguSvb%Hk&f9&mgMZ9N
z(+>PGQ~PPR%>YWHh<7zZCx2;4j4nEjT)Xq_i!k-BCkEj?8ZB<&-_)%>o5O<sknDFU
zy<IIF-(~wS^^;rm&1l7?HNMX4-;)=0ULQ{mosUYwp?|dv`NFH$$=ZKL_@9}4dbP$i
zDQ|$hLtE;x-qx!0&7yzUwRGA*`jMv_Ei*_zDLE_K*!B5n<NiMi+2l{iJ805h8@rPr
z_qQ8r0LP=pI-Pvy>95LnyRPepb^*d)e+OzzHvZjhMU#SGqGXdgukFX7SxIOwrN)v=
z#m>)@_~7#kxM$GpMP<&e&$-5efq$lUACEKQ%e0P~&79D&piNmtlV7DIEu46^ZT(P}
zzt|H3s4a`ebByZ`7IQw_Sp^QO=ezs&?^K|nUOje`I?JHi`Q;req46W$v&CwV$3)f>
zla0V4(O+(`{g0Hler?PDh`7>jv)B5Lv}y0P|5Q306OErdPV<O?+|u1W{HMM-_zACe
zQ~lZn5;6BoGbK4pW0i3aEdV`H7N>sPfD(cLO*ET{d&H0oZ0fH}>pO>Eqx!eLCmH=A
zTrPdd8pkq053=R2QSOizdn%Vd+y-35Nm4CtJU8S5rQSLNT!ID_%HS*Zt)VNWqhR1f
z9M89e?Jt!71$@ry+?*|Sq13Pj7nMQn{C{uJVH<`eqUJ}EXDQX)(_KDG&-dhw-;Y@K
zZS`4sT@6+OlKJ0-d~bSK+keo{Ev8}ExP;ded);jYzu##2jH%CaP5z08bxUG)+eO8d
z1<=j9mhnfIT*tAN--T7bOlbE>!5pLI_>qcOnGM78CKpyv-M8ad?eD@IXNv2uOO}5(
za%KGK_T72MiocVN{eOzCGpebr+g|l5pNgPz=_R5<R60n9AR@g9NQWSVF6GjtC3;bc
zH0dBED7_o1bd?gRp?8P^A+!)7%_M}pygwP^BxB_KIQ#6m=3INt`NDd|c8<5fZQsE<
zNhGw4Q&9Gme{}_-Cwl-I`bkL?FJlG29C>6ME502mLn?TW?V4kYtu~HQ!#!fVWPuD~
zhm0=HMI5x%UT4_7<GD)GX6x$D#kS3{4J?UcIz9sA617_cjidX1DeS=R;I&$W`!cX*
zer&CfdF7L}T-+<@;UnWqW5%E~V^C#`1m3X8x)VJbJ^jL3k@oq_F)~0mTK1LjNn}FX
z14t$+U*SI9w8>g*_p5**(v00r*&)1~DF&GBgG7e9{Z;pr)wA>dmWJPs<Yk;{lD@LD
zmkP((o%CvWRi08#){;+lzm;YW9OE&aytt<)P^Gc^kw?1ypE%czN{naWMjMNsMP(tj
z3sn`q=f?FH16lzCOYc79kV`LiPp9YV)_j0Ow5$6@*IT!Ff72sElrPC8_G$X)-#nIM
zi?e%0_M=^u(sHhg+5I|S4Uvft;%n=zM!StdIMhD>#lkEt8@IpK`3CjaA*}ysaVfhP
zJ@rmBDdGOe;DBW4r)$o3i2;(j!gbRLB)&(&12=iwgf>5M>v$uxClWhQ4j66WRoPci
z_N_PD_%WK2S0`gBP&P5O8ao5y`+D7%t`Ly>6xRCbYVvf*U#k~|*_t&ie{|g7EM}W-
z+EvfT$i2$qdoso|sQ!j}RVqK-Mp92uZ92_*_p92R+^cirYndmJ**a|PAK3=@9vMFf
z;;cYVy`JCID8juX!!zJ|{ca%IR8r%eT_B4-Fuq(FSc=O%zw$bKuKl)%XDM6AbV7Km
z$cV}#-u6#|>J>tlwh5LCg=Sj+WTqY6rn$b@w;vDJMF;PDiLPs_Iha>ytW3YvK78zd
zkszvO2GI!6(VR{tEASz!iw!~hcAuqi-z-~;b$exBWo@eZHR0~L=z-Kei#S)8ajMHE
z#(JygLG_fyy*{r+whBtw{byGH2(VyqMkPw9edb<YO4Xig2ciwNSdHANR1Ws%stz*G
z=^t4D$8s!pGKif@awWQ+m?uWu*t*cL`}L73BmUc1e%=&}`#Ai0w9^Fi71U&8yM?t@
zkb0qOk9vgdk9czRVb`|K4dnN51qD`U_;y%`NOdT<l&(+EA}X1(oD52{Mm$0U$Jq=H
zWks^dy$LXx{8XHu1RWpvi^r93Y-;8aWBN5H6!KRrpWcDaxM25GiQfL(T(sQe)NAd~
zt-G|(Zng_?iq(t~#)bbczRf;yDMUb2$91$8o?jQVh<=0n&xXAeZ$TRxRhg!ygdgey
z%}NCoBC4SI$x1Sq>DM{C!yH8ASrO{m_nt3oa5=z0LpCp<3@}B~r*TX9`vLA#fbA{Y
z^d$iK?io72qj_(USA|9WKSb_S4aUC3y?PBhj+9wI>%u;<(Vrq^eVLwGYlVOE)0HIk
z)YYb6Tkj64g_fm>96l26o}vJTqd7<e?4dp1ps#-^F9W6+Jd9?}pbgKpGQqlO0>>(6
z>{4o@NG>|>44QZRs*&Q&yN}OGFX7x>WK^RQSkYT|R^oEa^Vx#!j}$gtpTCO2qoVY@
zfh&3iY#gPa-N!HTp}K%ZJ>;d~xNXSB>+QgDp_R`(#Y=C_WK=;*c1+kFfEY8RqD@gI
zqP6QIGJ_J%bVV!1ybkqkEe$G!OggvUKlmnVQ`&BC&^aAfC;O`RB=YJg;IXEqPA!)(
z-y_XC<*gc<jJxGR-s_^}z8qyGOK+vAF)Be6_L}h4Qb5B}oOIC>{cr;eW-LgfT;RB(
zw?^g|^bLB-5yD|Q-yHn7_GbDcKuPM>ORk+3kZ>JTubV6ia-eY5Y{OeN;vSF2OK_HH
z4#IA<{NVhQ6^io`wU)ws7KytkI-f8JdHjI#znSzZ;a#=+<z3S)MVPBgU@uERDC;<a
z>+cWmjnp%77Q&Vue4(=et?N4K(=aVYX!ba;m9uy$Rhr$17O3-p?!7<DXBnnHb|zpc
z%=$Efed3}|rBlOmUtF#cC$bnIjJ;;OVh%g<-d7i`K)m29EXw^DiDqScf6fXo<6P&9
z5iJ*=BD)#br-=bVraC?Zy>5pgdSdimh~f@drMW)aB}C6tvJ34-gPjcKsZ2H_C;Xq$
zGb8mY9$FQ`to7~@X#z^aFm)Ky?>cuMsdpj%39HvIV{y$?ZNEqK7ozjxeUmT0{uZ3W
zzufFKWK8|%aAWMEod_<FwdjxKw)p6myn&d$q3|^yDbjbi>qhglhJWgg^_<?SIhd6)
z6LytPZ3Lf5ulY=u?mtqGH@gcm`xHyiw*J?$mYggWH#*`a)Bec?loenq_{`ZG?fcYc
zXl_xy`km~bEbaNU65&hMFho%vXYFa0A=0<?2vn`%J)jio%6sYG^8?<hZ!r|UXYE$o
z8pU6#en6G0gY#Ona6>d|%-`*s%Y2WOd8G0PUYno7(AtV=B@FvXZTfWD(S=Jnfp3en
zIBI`hQ4JJ&R#1f~>Cv`M^Aa&)+>5wC{;886>07(-+T#z$zDhjf%Y<v(g9H_&`X_8k
zH<52ap#V^Il!bo8W!zX5%xGI9EA&*+>^(Z|VhqRg(LExs=SOk~?VOZdqLO6JY1yS5
z7WO2QA@*nN3+WszBH4uyXxn0&_nk8@7xuDj%#14KV(|6&KCQ@U?swAf|3o@R<MhuD
z=Go)qsJ+>$$Wi;%zS(7_$*V<!MLVVEm}bmU1|aT%({Pk}QnWOKu0a~8x0W<NyOAHn
zdS8u?#r?kPv2SY0viQotmD8K6)3ozAQM11^y(2SlsSA1DY%8ZkHZ@x-JYid9l6-@y
zSY10s0*rp#QXIxn=MGY}ttI<ZtM{k4OV4&=UOWx^#CCy&OAZ^Jsz9pd+|{-Sdk)Q|
z_yr0dYIop$3>1!gd5#fh)=HA+m?GU^1Y6XS7t`%IS=s1@LVEPKH4gj0xLO_xi<6WV
zpQNFdpqP|Gl#dpC^)s8xu*po^QsRQluFM>*hV9a4=H@dT_Cof+EP|Z{5o}1Ak82LJ
ztBbB;0U~ZfW!wr6EZazNhhBM=zV~(FYDFl6f2|-+<@Z^^pH>0)$*%kkh7k}PX8cZB
zYaXiZ-<xQCIwlzW?Mv@%>*%{C(bQA+%45}6(xLvPFu6orj*u6U4;XVM&_XRjWZ*3B
zV+B*HB&^!n_<n}WsE~GAxRaZV=E;oAGb|zKi$HPy<1RtxU8e8ThR6Q@VW!g<ndw~K
z)DI+QQ_Vit?lQXLz8D<ACY+VR$;+T>GTuP_4I*XVKP;!+jU|ZYgj@^CW4{l)G!>VY
zEsD|6x^x$oEUI`PE{Ank=*GN%@b#8WsZ^N3{Bu6dU9&Ah*x+iofrpI+2x6c*l_t%8
zBwudxF|0#0Cs=bUgd%DkPu8>-LDBCY04GgV(yry3YXB~da2lvxlEYl;#LJa82fQc1
zMXeLgdJ~@Y=MO{$X45avVf8u#9~JFC!zmDtBX1(bH1mSX)n)PGYw+-6>J>j^x15s{
zf&6~7uYgc`A^zEYOv!+Fj9?t!@S&q+n<87Lx$1--=qN?I6{2@d<YD={dl4K9Ti5s=
zaqeUR^lVet()lclcafEjs!i%|f@99EEBw)jukaqZ!&K^oJp#d-zOsYRsTI`_USFz?
zFW>q_;v%jb0-{a7PP?<r5deY+U;2Ext*n|Y9;Y)J#kR$Kxu2l6P{tY7Dk*3QW#_q8
zv+eR!L}5DQ`}+slw#V;%b5K=N@XZs^oam}GeLl;#n^)Sk9Lyo~=cR9O_u#0zW>O>;
zrA3@CuF$EyA?0<g<~nV%QZr&C_T0&I$T`yE)wepej*?zIYZH;fL-h${k$0Li0psPd
z($rIl{ZvtQuv+=M1J>zEdrn_lj+%MCzIU`TlJ5%jMK01L6e8{5Oze&s_GNeDy42_)
zlxUrjMdxE%oW*;0zJ@-L*xwxvn5#{S*1`>*C$4=D?{sNAs9{qJs3@U~ku+CVb<X?`
z;k#doPpUhU(iha@pQ)~V7KmL+g!<(XUD#{DhWcX{29bWmwV`l5;TINlkQf$=n2wUc
zzy?n8Q_aTpad||+uFvNg{Vd$z`zp=u28frF#2oA)+4k7RpGfR{x`y*c-VA+yQ4Mh^
zcK4fX`{+r3rN(N6R{anc;;PJWYqVvXL+DQ<zpvQOyjoxDyPo-<Fa9zRJ2((0_XY?#
z>aB4Q>-sHn_|>!ME6nYij1O<uv7=L}Rww*;SVirhWW?W^yTfMtf`b8}TC(MS*N6%{
zZmjA!CXsr%4V}rnPPI!~NZ>d3My{|lzW=Rq38zniTb1R~!=_|*A4e;!^2hDwq0*-}
z`fo7r=ju~t$C2I)LEN8iC)96#XPM?+xzj6jhL!<dRKyoQ&CyC}URSGGWRpyIjjCbu
zb!kQ$(H2|j_WP7;IBjf)PVJS3tQ1HnB&!^TgeK4^gVAY0RSj0EyH2fU+#0~e#e=yA
zp?-a46`JO!QVaL<zF^em6VK+td=*#P!Bwr+bAk%feZtgTZNPrP!L#da#S8aWug<-|
zhShRQbvIhM26cozpzC&mZk;6u_m^Of*LoLfPSKUVigt17r2uBy2xpaVpzHKNFf*pO
z7TG`nSDk<Pm*+!y=;wbV5SL+ZwNLMOGSiOZxcLUdpYaVlhb+|epsRfK-4t^-AM|jv
z>07qZKVN6Q3Hu_@eQeeGP>uufcf?Xc_)pQLgt2MbJ>+FcWc252j{owxJYEG@wxxf*
z(*ND;bfoWK?ykr?a!$=kja{;>8}CN4PgE_LPwh8+=@kGX15LHxc;-)MEZhg~xJs17
zi}vt@6k4^hO}zyjepL=Sum8DJ%zE`fL~$@gx^Xy5wnEXmTPXP$Onfd#{#ln#wW}px
z%>DRSIAQ}<ypJ4^!=}$&kT~`w{%ZPH2!K3Asx}P?oc_c3BPHH3-Ou)!aeTcViQ)Sy
zA-iQxl*!!$ATGOnyG4eOxoTE6FD##ZVQb&Y;2X9arz<Q@*roP=v;K3}7gyt;%(JOh
zKfo$)VQXws=E2}3v6ttR+^&&-4S2`CBg9G~7ZKMIg7~aB-RN4ywYXI4my+R|Z&i{a
zO4svh6<wvyE_DC)H=$p}Vs^h~$Fc4MByU>elNO)hBtzY}+cz0}-+{6e{>Zb(^kw|_
zd_ty1py-BiaO^l4W>``-<+7{CNlRXm-c^eWH&AsFqk1(9%f7k~-ORQOoI{v_;1jG)
zS;8sogui7fPKh0i4A(X0Cg}ofm{w_H^}PN|4;EMgY=6#K#_8%VlL<Nd=64)E%()-Y
zta0hHNNih*&fJk(Q5lzlOQmprGHr`kmpuRq?J<e15E9SAGhdNQF*@xnk_pAEJ!51s
z-umLD&zCe8TrnA6mRPKfv+foxO~7VhzLm1;nv;-QF;L5{iDZ}HjZYW0@%NSzu;KES
z5ucO@1}WF8O~+n2mVI@uRR&=5(RTYZz|P~$xP<dsoiF?I!Wd9aOlS$H-mhttDnRw_
ze{*VE(Vt)~qZY_#<4Rn-R+lYJ+XL?>k#hzf0EF$<#3(KCIb0X)-hPuwuojL-)EFOC
zHQIvgIcy_FLOzpfZ8d^>uNc$z4y;G}leWN3^?cq=O(zzPonTejKXXymuS@zHYy(1j
zK7$oMjhQ=*z+k=mnMBUTx?5^NLL^io9Ux@aWHhZh9yOghzz6OJtGZ+zjFM`(8G;5d
z(<8^0jevd4Vb+fU?9W+Zh<k6f&z;(<r1BfwPYyP3D8A-s?U|&>vN?MrWph8}YJ76q
z-SB(TW=Pw)^8j;gvpl8RH`Gt{)9LPaFtOqW)^w%74Aj*jVj)8GAB(aW6S8Q3wI(BI
zG5Kl@e;eS;l6%QxSVqmFWA?!L<5xE@dT8xC4}RyS^xxo)GCtx>zlZbh?Bla22pl5~
zC64N9t+13OzQK1Ln9i-l{U>zQ)-B<MxMEGo1ku(K^-u569#n$<v)S&GwSXtrAb)Oe
z_UZQ|>p!DL%b)2zySCCOWWnOG0U9U!H$21w_;a_Umg4)7t}#6R^;NuePeZ0BDfTGb
zom%$dh$;APR{{|nQv`j?X+s$$@NAMs|5Ow$nRaqkBL#_E`@4fb3yDC7jZZL;duNA!
z_Jy{HrIHi=LQpnVI^}9;zj0@}0aB?xIz9ZkL~a>CXZIx>w+ckL@&T&Lu3oT9(4Lb^
zDc)soF3Q%yK{g@cmq3CRy1SeR#<Zr9>YN4rP3ZXGt(B)&t<Jb2p*r-bwE5j9oKc@~
zT#=1B{RY%)DM<5e>SW@Tvb6i~QK(KgD2Fb0=K(+p;ukolG?QkIp>pCLsqe!_34oQ?
z0qmt|qW78C#@OzsbF@M(s!a=LV;|qCmAglAT;iyXHP$L)YeQ87J)z<h=fpU(&{8%D
z*_43R7=2CIMB&V))Y@^>@<y_r^*3zrhI*~hRK~;F4^w&awdXVYhpHbO00GX7V6?|G
z>a+*HHUEpm?uqK=k7+}@I;<o-_1d+}w1z*nCe;53Hj=}#QU4y`^sG5WUKI?6JqKde
z`5rl5+PhF*#*%Q}h=hLfh~7+8Ppt*D9zBj-wB!(67-bMF=2O$+>_CGrzrB0kqbyge
zHkGSf`<M^p_srwkP0DWz3|}^VzN}U#)-LrNu~Z87tnH)Vg+EuwoTDMt7K)-&Z~oh$
zozkl~onS!WnJ%YIDJIdvTH!9<>N;=3MdIxH9w3XMK<|=7GU=ja4-zNK^ydG(U&B`d
z77=G<H8Ku|tyhcf5<!x>NXyM1UhL2LbTXmi)gQ7$CGE_6uPis_$E6O`tjHhg@GfLD
zmZdFh=~?rx$VI#%u?|*Gb){gYtOkR3HC~g`XE=eD0OE78ONbjdphddu>ctl2r!wRE
z*paylad!RMN63^~aA=XXCh~`t*RzK2O^7^|0*_X>N<tYI>Z?uY)?j{5p0=h^b6<$P
zNLc-&ypU(}X(6D<bBqD3c+nuNw3zs+9CAIHB?)f@Yb6Bz5hD$+$zT|lN6Unbr<~24
zLY*GN%Aogyrft5xWXQk~?8SN0oV)s3@lE9=E{Kh~8bDO7eg8|YgQ4FOl3LnptN%|p
zl;#4wqD_88a}()ritwqmvQbkfZEFdxPNf%wS*=I*=MCj(Z6QPE#Vw5BO0wc^R~9by
z$YF(<S_G8e==0Fbk5g)eNnn#(1sQg)&xJzx1gC>2)hDcH)O@N_HmY`?!o9S?_tlME
zOQSZvKZ^jE=?B8{gI;L~YoFkjUSog$z47W|_9DV|G@&NJjVk=T_W%2`cNFRm9X@!X
z<?0_Cs~q0#6#`Dj1<W`{x>|SNGo9tQS|`H(N%6jE^x^N%SKjvvC>U@;>}Ci9wdZXi
z>X)XQ^HsF2N(lODaZ0d7$z~S~p9$Mg3oCqHvwg3<q9E{nRQK%l(re)6-{6#s*%4(B
z!o!Ko7VY_897{vNY!CssaCKQM`kF6a13mC5Su9&C`(*dtQtA0>$p7N>Ev4TE>jyry
z(KtVL%<iYd>lvWkixYfyBPuuGDXzNAMZ+_0e^uU;05I;Hd)UDEa&7cG))w)%7E*66
z4P9Eay_)O)lqGj5#|H_;>I!B{r3M27o=UgE2WiuB+O0fU{nj6L25--qEtjtCK60MP
z3w+Az1xgiTWVsmLStyQ8x4#aipbv2GLk}~9`M&?WG8$;QHfzVpYNnp^(`k5f;yqCM
zl6Fb)^^v-F$6E}nMH^FE_ZrFzSSful6&ElEsAS5$V(k|H!?b?{$R<`P`#-IC$<1oy
zxB2@p%LaATSEgTA>^|Y``pm(ohFn*lCa^6exUzqY#$3wj7d}9mg|<#HcM1Ma-}1NO
zWd?NsJAvsazo*yupt)zd2O)xUce`v6XYi>KR#S6r9u@A<c_&DySVg;w#JtyWfuzIh
z;8LlfW;5GpGK`TR%0zv3j!8X!^Q%LtIz`x?xtgNS4l{$5_QKEf{iUeth>~yDM&pi1
zL_n0Da&>cY5?zd>cMwsYoQ%wtN{+gleqY(4UBK#GD^8`d)p=KW{0Y_!Qp@Mxol>L6
zUd9>QomL}4O>qr9RH~c_uP6#L!F&=6G*O*~4d$Qxz}`X5`4UUp1rIcRO*|lfIr9xV
zgbGbWO*yMnc1;DZ<r}r%WNX+}gPL%cdMxKZXd8tpRPHx4qf_n+$By~1`AQ5w8$FT_
zxSx=lDQ68V(e52;N$h4LX-1nYPe=U9uhlykg7^w)E~eBJX(lCe?{>MGD2`wYlVlb?
z$0+S}SaRSxrp>F@S^oYhZQi|JCJm2)WVgS7+l1cMt*R7WNgb`O-`w>>=AUomF@sIQ
zp8s`$Z}9pGR9EY0h$hFio}a9?GMymC_w`EX%X|IGr0*s~&97vAEuN1IWk~H!O}hj&
zB|}j7krZ8yA&wC#KieHl5!!SGtq4|Y(Gb^!Ipw6EM!z&sCI3>$P42%Vq9*t12%TQj
z6KjvZlcIx2BF1{aM64LQb0cVTvhnbZOaCf5I3VXf|53q>d#L&i{?*6>FD==P%Eh&4
z9en$b;Q{k-`Xu~f>a_?_6Gi?en^tyI1>k&6jqu@(M+;hAbCV%G#$DJfYfC><e@}}2
z{^#3ouU0_Yxy_F+63^PFVRr8p!m@Q@-vsXp2wOozAx+x}Ny*`@LQm*&Y;{xNf$tWi
z&*XLK_;@+%AupCSrj|)#+3?)m`2LTegpeL)ZunWsmPWY95OwhG*8C*(e-60d^#QWo
zD0VxwmcVzSyjm@Ea(11k_$ziox%Q9?(>I`p0i_Z;#00Iun%Hwo>vvEel^;l8JG{#M
zp7Bh=nucx?pYvi38(UK!<Pk(sHiFhQMVzGv1<!CN#MDvB)7o(5v@%XBa3-Bc(E9z$
zvj*kb?Q6m4C$sXcKbSo0J&zrq`P;XKtYrR!`Xt6<h}!H|e4XR#;=cns9(&;s-Ws#s
zl`|@KF}Kq3%4|b~xOKT>Ze^9EX~#yu>A+(fQKss>4*Q2T;>?^Amw;8HwusPW^(<)v
z^Q7UFdX$A<ebC6AbZ|){PNR)g-5-Sav{|+tRr`$KyW6ud>4qo`@%65UnqKx@UL(bY
z>v=KE&F(B7mk+rmI@T%U25lO~w~vcY7m+ZQLWN4c9hNw#BCd(e4_%!ho>uIU)$`^8
z&kkyyH|l13Dx7#d7Rd|Hx&u}dt-yu5EpniUJ{-&($xOK0)cimT9k*EnHSY5BrN*3v
zShZtUbM~$L&4lf@iVGL@4|0h+YdO3YG2CNHzFjNoQ2LeGVmX{~`f8uIx@G3W254&0
zydKNCX8d+TsH3yLdhfO5)RX4alaaden1Qt@ByP2Qb+f@?^Gj082Nh-tph|ZA23OUD
zq#19}JGM~8Y`db4&7llXo8&@k(58^vLX}()58i#D>SkSv-N&}BF8lq^@l${L!8V--
z4bKiG*S}5AIEQ@aX6bIycB4+Rye?xIvLC-EM<O2jFYDN&q`Qog(+rp4kIO5r?eD+x
zcFwKzYF;Z&#v6A%ITNd!_G^x5t_*W3t&85tG42Yjy>(g4im60~<zBYz*xaSLM`vf|
z4$(G@{9-f!O@aiwXL+>i*rEbZHtk7Nz_JNkPVot|!Kc|tW^DeYTW<0=V1`mSub->s
zvvBw=Q(oCVf6&1mJv7Vk>sPqHr%?vV47>v?ia9vM{cBTB!N~`XoS1g0`5&M9OCvm$
z=v9Pvg<`jq!b=4P385sm7P(#UKMMcD%k#gnMBhRPl+4fLEYTi&v`^(B9=fzoyG|AU
zlQD`td!0sUT%FkseADwmmbr+CE2^1bgD$f!zX%-7pzE|dg$SO3oBF}$w%Q)={IJ<n
z(F?O~{|yaw^9!_e@zENyK^$7hZB@O$nEJM{MDyPi27F5&R@Hczgk#y|cSC);bZG4<
zcD<+%DeG2V`}gTy!XC4FW%Q?qP+OI@CPNeWTwv%d;Z<uzdUJ6-b80XRc8rxb8c~`Q
z^|n_D7aWuOE=^zk(imO{(koKb<jgrvzaHtRkG*IZlCfaE!qYP2Yj}0i@WtJRKr;t*
zpWbq*w8{}0qnz~rF<P{yLXoD}Q;3^J`{Yc*R{3h*-2CNaPm*ZX$TJ{R821FYZ1dph
ziHoyli^@m27)Xz_hT=Lx#Uto6_SwqQF|`;MRA8K+PH|63U?|Cg<tL1CR}sMFYH6w-
zuUAsS3Xt0<>x$mSI+_ZELMymD_Q4%a`n6Ob=X`4w&KG6~CPfu>{_ENAyjJ`$LZDSQ
zP1N)xXGIJg2A}&?{&r`kZfBxGCZhjrxNtgX)?5e}bW*mZN3-tBbuwS^G!$nDgdAnh
z3G}-Z>q%1I#X+t%MFG#0K1A0aJY1egp*nyA4}c5kD&*rCxL97QM-lwb50n9+mOilq
zG(SZAx|9Wp8&3_cYYmlXic;7(-7ao(uG)c_-4nkDOUdpRU*Ej-KIjy<o-49$HqB_x
zZVjIau38PE5__KNmcV;(Ubxk;^02J-*?K;f-*2W;MF0C9vlH==!su90(xE7-xy@E8
zN8^%_DN#kyB+8<QxZR+_DaOENgszgNiIOv`23j(iNAGJ)X9xzIS>S(CvqJsu_U03X
zjQzUCahP&-L$u5aN+E<!oyCGJ8%u(@v(??foqJX?Wnf`Tmr-Hi2K>Y{F`!0fkJoIT
zvi5^UH(YFACemhSIysg+XAe+iMLEGkRyZdff33ZWkQooS1aQ6NSE^H0eo?a2MzF=<
z2w!A#{bY0GYV`c9VMuPy<>$W3mE}twWg&Kev3A@~YvY}xEd_#ps0<bPY3cIaW}VT<
z@|-x^`7|);`x?o->2#?)-vRq%r_VCCaBaD6g{Oor?cgp?QEZOE1c1W|>pT25pdu~l
zflmK;sg0yNxm-$`?drCTttg-{+6Ymg;KMODWc|`WU7Gpf(xO-Jp?!>r<*BLxZDc~t
z2)b`=n9Q?ZRUQ`9bwBvji+b3*gSs(%4DT5i3LK}_)`t{@E`nGilVSy^llEUsvbo<z
zc2uqvxGIKvTWUvWPQ>2*crV#a+9jn+x!DAL4iVBI$IL1TDz$A`+ziO-M1JU)NK=%@
zn%%4;eBBiiC{B=aI;6bk=}mR3S14@#%LgkK4tI6QA{bN+2H&Vd?^wfR)sMQ|Wc*Fy
z(-5$x+csyS;I;{I3LZAR-k%y7rA{L}ZCbgl`jO_u-2pP5b-r1bZ`Vr&ldiVdAsEm6
zZjS9%>A86b?^z2cZyhm14iwv;_R^9(R2S+RWmlmHM6hW){KnYu&v6N2?J8F{sB7@>
zEK%r=Z=y9~yv{7s4j3T601ATe1EZMo!#*8@611R|f{_tJ#^tLiR$iN1twna<vd)<4
zI+k!Hw^sPLhK~|2asiw5c6dPr;l$BYYc9D!zB<&*d_%~X?b(-WfxcUhCwVgNBKDJV
zBI9kH^L}>Xmai7Al5f`i86Vv7wvQO)C<0ja-9zAFOYPO&kEBIy{?zYAKDX||weGGt
z8%9kogGo@g5Xys=&Q%qr*g|c~7TksMp7$0?q<8?MA^yaHV%!xK#7YS)uW~d0yL{5d
z#^wap)uno7R}jtlacx_EQKhQpuFbkc)V7oRERH#TDB{l+<kyOi{~I~dc{PR0U!RN$
zxd{L&MT%SOSTjuz?fxK^Pk~$I@pi@7sQILfAU91-H8TMNPB?v_3FuMucan89_%uk~
z5PT<6t2p))d%ixdHG3Hen_0s~&z}tL#I$Vn>rD1K4eodTX5!bzRG6;R6XTx!{l7aH
z{NjR-+)QuQ9nAo|gt&3zXLcEXRB9_@SYzn(*-J4Y*vEtkUpH!FqOg85j&8u|EC*X1
zljqtt&BSK+lv|}{K|1x_N8EaxFs8ezI_Er+8_8x`l&o-7gRzjv`Sm0mz*d@gTApM#
zzj*pP#5sxkw#`Bt*gEHDJIL#`e{siET#xiIT^y6m>7v{l>u0rE6;CXx{X_S>6M1pl
zU$ZW7)v!(+mo`WqkZ)l;T~OApw_eo8FOT=jl!Vgjjc?YNPc{<K*T8Ly^|XK9=bEn!
zTn1Hr@qZnQNV6j;>!B`kC5HVzkBCad)PR3Rd6?C2@g#bzrygJnd-f0ihDa&0+=RL_
z?Q|)VFmY+@_kwNfK7^%as~9qGZniz8rO{*Wb$*ysdVl1F<h$UD$2O$KXAR>mBiO-I
z+x$l4pt=}TBQ_%?&ur6!)bPx4mUBe^x=b+4V7N%5?2FgVa_NA#dE$wp&_Tre6Xg<K
z7z07!1j}_tNFAWOylR;*D}rRSs1w|dlk0ft;<i;o>Xp$BD`-JBEDA~;^UBHFvb=-o
zz7MO-?uT`q_JowzZLUdVV504z`54rD3<}<Rx&~QQB&7KblhMwzGa&mKa2|%!=|)rk
z&SV6)C!rX@NU}BW3A>43wc<*OU_3rnOUk3~8MSF|_U1nAaU9=NP0VO!!!i6SqF!7+
zwi!<Ckkl;thkkxw=lD*%YP`{Sv*tE1)23F}@jBt#7dh+%p<6NuV6~x}5l&CEZ*#5a
zdLMQd4Y{d6?m7W@F6In(%R~o*)+_1;DgaIDUSmHr{;dc~c3JQe>-XI<YQyeq<Ncfa
zmLj36?peafFX-C`^r(s`d-8w<vM0#L<hcT6xi5|I)B$WEM~mP_MD^R(OlJ4J9KO*X
z5VAAiQV<&dcTRq;U!y+Iwl?nz$goc>VBBNxY&$<+KY&ZCQcJaYVl-)Qd@9G7_8V}S
z^sB)$_FmZGt&(V<b6C(VlfHHL`h5h%x}tEravJgByCG$}uPey>7BzX$t<PsB&q{7A
zak-$bPF+>h_^idy1brkY=aLlttv%Z<BOm0J1}LxNRZ<paj?HKyNImWfS+NfsQ0`{8
zi>O@=GID6SB>og({RVM5R8}p`D9Iky+8CZoEg$j&C8gFB%qa+^E}M<dY=x0*R?f?5
z77h)@xL?g`59CRz3Hpt9`B)dL`Wp!ISRgN*txdb9T@lwklF7L~3u|u__vn@Z%TZ!g
zU1o^%;EKYDSeHrOb@9}}>Y)97v1Re9A<Z*c5nklnL5Db_N+xYkNZfPxrnA48oa5%O
zqzPpxAj>T)zfU)VVt?pV{_xb;R((`Ojm&;$Cm2F@Ke{`?KcV&XgfnS7@5j~0xo&0I
z<4JAV$F}>m;Qg?zQ-~s$*-ZV5X;jvh$-6V}{)@rxB8%2KnLdKcB?y9T;RsYHWzuDt
zew`lW>@SK9SS%nq9-fj)Ml{tRXSKIW4tShBaCfl*;$fl4w9eKBlO0^SfpB-CDz#~s
zx~?y#wR>uIWbSb^MwLMh8GCd$NEU?kiOWdoPA&%&hMC^RRs?Tgo_E^hzR1J`+)vUB
zEF`7K?tSS5283_*%nY22Fc;<-&8H`s1q6rgAaL}|c%=V!&yYDaZ83D-t*9y|zXT}G
zjZ(MJP*uXHZ1Lw3J%*vJTdvLwT{1esbmwo_IP@kZ=b0Ynb`3=J_|&wk))=^PNBnpV
z0g;!PcaH|@H^!+YEpIf`U2u<<(ek&#-nih2y)m=luC_twYLw25_3ZevC?0~BI9q3#
zbQf?LCGx(svIQC+rb>LmKI;&S?j65u-Td)FmxCzP#RLQ77P$B+%(vVG6P*#AHB1`f
z{GuhXdh1Eg2t}30SP<}VIRRTFk?ObURP!7**$<k_(Q(^wyBRV`#lcM6qCUxK4j%47
z(sJ{?K8#-rnH&HpCh@0DUSkY~LL2L3Dr6|e?q~0qN9egW_l<LNAyTpTA%RJTJxg?>
zvGEdZqaKII%i(d2B?j`E%zX8JsAss0F70!|%Wq;}5-i!INqq_J#<Hp_@IM&JI2aM)
zc#d;?Id6V<hg$UkrGTI4zopp7wClUSS{IP1BvSHJutPyTo^KI0=-8HS8+)I${OxXu
z!pDIkt4Vvy{8Mqj;(WwSd~p_J)vJhM+UtVw+ej9*!o~~@{(u?Tddv)0nVW5kB<$&E
zX$n}e<}+egXlZ|RVK7w{9}{7omCUA!&QXOHF+-#XwXY62U8K;#JH-PMRe|*)%A}^<
zHk(Q9A{6|mHPU!>!=+>jy4;e)XpYb4_If!ldXs<(f=sT*rx*C^sCq_lH4!D7t{8TU
zfI$cOQm(fLLafK-R(*;F!~iC+B0wbUK9!7_rv8cAIyKqZx^$wMH@Qa7j>uZ!NL%YK
zW^&Bx&f>*KG~55e$g|w7d$R;i-X%&<I<q439q^IEQ6BIYxBIhCg)3mWlJIEhUqu^O
zhn+Nos^dmez*vG4*jjzQQ3We&h#gl=N(#V_>ns5t^we56x`=2Exv$~)TY?%D1tX&M
zjzlRp6bJ%ME7B|J!FWj%2PGd)UAh++^2_R0gZ7aRR^cz3^`q3t4x1U_atiuaF{R|+
zi+eb0LPv6|W}Jp#7|mc3Hkq_aj$FL_V!Y9@jE<-eoWBMZ!`}h|yl3DD?6c&ihn<rr
z`uK|tw>`!EIYx>|IU_M#>Qx&);cM@4Rw4HYw_@Awb;aJD&~cFWF`Rz5*KIR%T8>j#
zkKi@!XWIidCG^Bq5*lSs+~Iq7nl?GX*8CF+J4GioNuE1&$B_iYh6A1$J)fCt=)fpy
zb(-1t?Uloau+Y4LG#o>zd-G7)C!}BbZb-a@!`a7Os1U`8!Hb~hNiGft4=}fahY9An
z2mNDp93_p$m~n#niRBUb!B{=nj-yJ;ppdZ<*}hg^n8m{TZD+)4V}5H=w`Y5C4zs8{
z70n$B4B6|6n7D)Qw;F~<gwlO82spi&Q3G|=k6xOFE+2}u3;{&0u}IV@&NYS^msD3a
z(mfLKUCd0{11LhCj9O%_?e$6CZlY%tP=?E6_<fwy$H7gIt{BD0SW^VU*4!b`>M(!S
z@Sq?^Ja$Ff;Z>`I=OT5b;6n8{sW*Eh>LHCI-eOp<U#3`uz_rb*rPczypGQ`RAtq>H
zl{R4F3%}<HSoO|-48>95b+*Og%roK}DM-54d`q7vckG5iBoKp9&ly3Xq+l;hBDZMi
zCoBG7Qjri+1SI+~+647sJ<H(T+{dhZpZ?#qYBd8=AqVe6$%jUK_(Fro;n=RZUqxJQ
zlh=f%b$&e`|2XA3w@wQgu1ksTR1OJU>q4pX5I+d9#ZE_dzsvs?6}a8C_rI)s1Xi;{
zGL-SzVRId84IEK*t7UB$2+NKslFsmrL3*m~NRW7>v&CbIPThF>;@ok1e$KTFie#pX
z(LK)@#U0T*1TCQ9{2}UM3z=UX;9$54`iSQfi{zyp>GTc;eqc!BD~3Cl4W~nr!%tR^
z{A_~F8j5oRGO)Yy3pQCto}I>b*ALb9QkEcbtSk^G;FxJF+sdD_t&G9K4~~^b7nf7y
zprhk_9i~jjw3fG$WpaT+>MbUr{a-w2YtP6ZjYcs~kM#VznmkK7XI1meah$}YAdnH&
zca-8CLJL2Njx&^*i1vTFLk8udw*R>BwDj$c8dVzU?TlrYE!m#QVudcGr;>v>s2<z+
zcJBbetdhbuJX$_l<b8-6aE!Z=So<qq$;7|Vn`ArLE8(Bq!~E7<F;T=Tt^`mYC(HS`
zB-#x~fy0&#A;a?-9I}1P@gV~=z-#!wInCtO>ppZz`6l{iG4GHKsH-X4s0Zma$)7@D
z8XUxG1jlB4)ohY6Sz$Soe$2AN!A|u0s?;M^OVq5EqNpZA?wzt@Vp_kfBL*Fh{@9N>
z3wJxE72}vs+|S@0Yw!LXD70&hg?)A!UGx9)aEFfLI^O8@c3W=L3Yo}TqVRSoN9P%|
z>nGaba0=*i3S`(!l%Yg=B|n<!Y!nSA);d-plZup|fL~?CF6lupP`y4J4ge=t5<G;>
zMw_7WYDb?A8g5Jdo*TEz`Vv-7${-()3n>xIrXv;f4eNMR0}sk$7_;CoubvZS)0}i7
zM9X6!n<0)+rD?XPIxM_UkEfo=fGebCcGBaL3e57_b1amw?K}B+7XwC}K}2RiOo!{+
zaYe7HsvbWRHL=ryKSzdJawoB2O<igq@g<Ud(nq~@TQkBen7bStt9GBX+7(F#wLa~4
z@*y*}AB#iL0TcV<ooLnq6Rx;`T_0{9v-`Kj@1S8~7X9r#DB#wFxx?0B=YA#?yUp%0
zVZK}oS46=AeK+Jj$#2wQhQr+Ci*I<wUR`(02=2@-TzaDFW0e$o<gehL397y2|L2S6
zR#C+3$e&A{>P__>IUZ6-Wto>TIo9C>n68&1N_8P0tkBC97;RL<eyJY&9l(S9bEXg!
z?CI~wPnVv#VwhzW>fgyuRj3+1tC1(C(p|EHoYsY?4VR>X(UqyKMl(AMGlNqEEwCk`
zYGBaNlM!~g4;9`vQvQG*@$HyMDPpWHos}mzPxw;28L4!wa%;=*BT8$^fy;@;_5?J&
zHKR3ZMx3jVE~BV!Be2*%*xZe6ay)7EaFQw5_Q<gH%FHtdcN>B)N1n^l;Emi8k0fn-
zY~0XlO6@tH)ib}XYI^eD_WTDHn_KkE%p1|$RT>$)Bjc9|lo9qgy$uD6MN-8h!?tq@
zw%anXN+X1<Mc>RteQ=)P#@~?xK_~8q9z|cjY^!a3{2R^PX#dmM6^IypQOE_AS<|6z
zcYlEWrq2#j07=%N5rjF)(|Rkk4nJ_+lomg@b90t(Zi@mibJtj#6`~05$e+CXQOMwE
zNpAff4Sk6=s<$5Wt)~aMRTK@r{6aw{SwEJfH$h)Y?zt4(T_X{YH9}lA8H<J+oYdIA
z`6EV#4)ui`CsP{-UOHrChpx=oWy-5&7py%ga2wrLz`JleR>st(q}<^3u+hq2I=i*F
zrG^<3{9v6l65*AeOjutQ$vxJX6N<bPWZLDS8@k4swV_L!ix5<jJK7Ritm;!Qgvk?@
z0}HEQO<%t-jU7mVUTKhFs+Ny+%cx;@twD&3|Ax6`WrqBE;k}l3@&!bS7{X)JGw-rx
zWek@`runba9Qnn;+|GxdbSrV(hqnh-CIvGWNBR1hj|&{ywT)V}wm;P6KI9w|=60S`
zLHEivXZv;7oD@rjIQ)l|)KXrCryQWIZm&XgdX6b)^~Vu2<E5EFg)K!}_<^KUM^&^`
zMGOFgFN(%LniQ!5{G8~IxV6>s+QYv;xws=0-7nhvA5rI1ERYJF5imF~`M1%&^DE-P
z#5avU2Ajy*^P?RWed-8&uvW`dME-ta4n2X2d{9gbo`LN~h-1{;^6j_=)x=i%>?xnq
z;9c+Ecexjhz637|QP<PUF~dm>$ER_`Pcwhe=v}e!<EGyI&`xB`x@b}l@GNCHdh@1C
zLfE{<PwSjvij>Lb(3##u^@!AqGU)u^3)(eO*2`qBcZ)B0%*o5ro7b4q!CGR}wz$-n
zwz}wn?C3nvlUWgxKtD70^z@tK2iyfi#SlD0x8%Zh{VlT=+hV_-grI*Pqt3NnEV*DX
zF5tGqoUY^HM-^-h7tw_ahZM!-E+pTkKYEqFW&Uzr`q)hXpBc|PLHmy~mb~foc8oqO
zU2wHi<tS>UPH1K)c?X#pP{<J$S@bBaJaDH%B=6{pIQSD!EHgQ*9kgYgFdFjTtO-pu
z9BNvt2s52XTsAjBp?miqY^|3Kx`}io<x|DRVZ|Fix<SS_lYLGyw?oIH+`>Uv>yELO
zN(!gZcJESo^0-T~qT8jUWqei1%@F6ce8T>6UsBXg@nq0}3z$^vS60mBOW*8JI+k`7
zmXlzzZu<j1VIl4hZ;@GZKM9DwCD4+d@7xO}Df9O?eV7ZGJl@q{*>5G<Yn!a{w=yBD
z`W6NXU=i{UyO*<Ub&3qFj{|S2l`+-^yVO|qf^qwYg4rFC;bFInp>2LYjXM$@pReiK
z<RB3nydoMz_F1f7bukSJ_qBCDg^!$)Dr{qOdcGceOn#B?r1+#r)HrI&srMh(j(Nbl
zZiCm0S}Ge)%T;nh1n^onfhv2}P5#_fsp9C~AM%ll;zF^Wg;t|ff8Um4Nf32{r5}jU
zU7U95FXnH`G}voC@Q=Nlu?45%!F>3BE*bxWogWmp0P}krtKu&HvNTzOWILWb7uce*
z`rRFXcIBeK6qD-?-|PYJq#{k-CYJ%s-mmoUGXYw1$cSG8`uo)9k8z-NcV1=Mbg)uT
zbK$(+@+9hR=mzooW2~v!X4q+~eXrQ@kzqA7Jzw)cxsUmz=X-CVwZX=iI?~+_6{!TP
zT&9Ha=#sm)LsUQ_OF{))N2km}uJVQ<?2qV|(|s?fzhW1k^h|x6*oO~Cgmdkyw=_}s
zW0g&M-VGGar_DqF3yAAQ5R>8&O3(S}V=tMlm;XL%q3vy6-1)ZTrK97CdW-4&lE7q*
zZP_~)x+`h1JX9Q<`0>Pvpp)}hTh~o5UZpzM8vKShshE(~ynN0iovi(<^DtrT!~BsY
zwt;KKtY2Z(OkPAV5vz)@7ru3@6tLN&u-Ep|`MT;ES5?;+`&iLcx>Xh=%+E2)OgXT2
z+D4Gqm0xVam$PQoR$LB({PTI4PZ=6`q(LpwX$h8mC$a^BFRE6ed8v#wWEjU5G#ie&
zYTRj-6B~i~M(DGZMh_Rqew6g*^WtYzdU|9*JH<XK#dyhkb#1HlZpEZ^1S-~5Z8}$>
z1*40lS3BS*eGwn#C61duVnL{P(Q3XL%&jLiU0%PiuwjPzXy^S7bGLr}*5c*BOZ<z>
z!3Qw-0dug#ne#*O1p^m$t{0y=mWjRETMX3I-4@Od^E=bglEZX(`LbbQ6q^O@HoW!x
zjC3(f#+9b8m`aCb*A;U$y?aQhf4Hm{Rz4r|d!RkzSP{5+7q(U}lEN>j(0^c|eh^-B
zeD>|_9CmA$5$)B5d9$lD-t!b1_|bkn@26(Rf$5QiVf0v%2fasihZ0d|C~?Q1FbHLO
zG9IH;ZMeo(w3w>yfV~RFbi3}NU@ke+ruZkLnZWzS#pd6P%C-i>LukQVOXi901q9_w
z3K}N9u6dow|IQ42A+meYSBK4~t6Yo>p7ZpK^_nXys;&1|+R!w4?h^Z5GB@Ryo7>yR
z6Z`Z(ke5e&0`GW@c9t$}?#4}IMD&_}m~HYhB^?CqEu0Xu^UyD6UwVB?_LzxR0i<_G
zl@xU5NvygSHNOs<kV9L@ZZLcE57K^lwt0+43n9lDQZpZyfcFVZaNO}3FCsnx0>Ahy
zljpYoK3@KZ+Il%DEB9w0Ps#Iezbw_7Lc9BSrjNPRfy-Vf!>#NVi-7%guTGhg;LBLp
z*$#7$@+$=kleC5Uo#MmTTS`t{l<HO~?+LFNCPz)>Ll1vf7n?Tv%-n{I+qp!y&<e%z
zN_YS^y1E4(y)KA-QJrz{O>Og^{^255C!o;#A9Blw!DC|nI5Ds$iAHH3Tn&I_;R^@P
zY+lJzCmUcbKSDB`IHaA|Co=Gc{%cx0(UvTnr4|TzX=N+L+=wU+!Ty&#KKVA40NZTq
zU9GRbiMP&riJ&ARdAhI~COzP^4kTZ!kn+YF)kD99qH-6keeqaD&tco?clnzY!G|xJ
zgp&7@7Jq1TCCmkOFtB~IVATWXg>rSzSlJ_3iywOBM^90Y9LtvIQVJd2%zXR9JQ`u|
zF@{$yZg(j{^Zjp<)<@iw$sOdc3GVgoVg6fC*(v@BKUU168JIK)fSx#vtcoEBce0{s
z84>guY3!+Y6Hl9bmkf%EQ^p>4g5b?L(H+%IT!jbyi5*~{LV9pyLZ1f>U&Dt+CO4Mt
z1yjM{W1Jx1J}_;5A@jGY#U)^($S4ZLI#dM%_T~|n(e?-zQ8eDq!g10_LR89RMQ-}x
z76Ul*j?>>l-MoWPzX$oZq3FHH#z`DZ-*iFvmJJo<=r-9#tI#a(&0A6zJI3F50$F~b
z%9Qe^enV|-=UeI2o4H-Y0-9<)@zIleb;$;T>UNXRXU5}^&b&Sz<?H!BBiAFZ7A<->
z8N!6uGk-@qi(>rAxix4?i#emug@2EmocjeEHorapUO5c<d@Wt9A!v^ifY%&Eh~)iw
zY2NpaEV3w%7r2#7oWw}&<C9Vg|7cykz7FEH9U;u-0!|AnhsnU)zE8RylPlOR16G_|
z3u;7-Zg4e&3_0!dnw%%<8*V~AWuMd;RU+R&d`-R>0A!N1#P>&xReQyDiY$Oq1+6s{
zvAcR~KCcz9D6!^^uk*oL(6e@SLk7y%qTlr2w9c^C5t%1W!RUIA4a((;K8_QCQMc8n
z(wJf?IsArgmQu{OagbjR)4;(j@>I1swWlxH5t>bD8BX%(CL)tO`s1nHo2)|AynbU0
zT4dL|_~UpVnUoVNh1?qj0CNu<3gE1->l$+yCke>R7ggB@`ArIrbIa3==mmuL&>=o*
z`QGBAPUD?C^*}Ou??HtV0CQAwpBEqPKHT-<{tI-_uYAkK;^44s$6d{r%N<eouw`p=
z=<@7Xi6<++KOQ&D3jAofSUAsia(eVz^CnHI3tgabb)l?ZQS?Bfi~~M)j43;OQi3k%
zvAIrVY@9xzWxZHf-R_(XiyrUR@0HYi|L{PMQIgCuH|KbAVB^TW2iRJ{pMD85{<C7f
zNiyguc9^@F)Zz8mpE33r9XH-rq8gl+`y&j!TOzj@o9SZE=l_5?yA-oU@6YT<*gFTF
z2CN^6qaY9%a}U&lMNFgb9^Bn=w`oNMEECvB1>@BF%GcAC)^7W&M4>tt!Mqb{Oa<Cq
z_{mVW-f9o_R4FeLO^I#kdK35jBsfcnu9P0T;C>>Q+Bb2B@?<4R72%)!AX7<Z`Oc2|
zxD_6L=58^bm!Ent2hF`Y)83SNu<?aHyLRxb1=%<p7P*lsG}<7Qac~-P^IgZ!FsRh=
z_wJ4-jf8Ziq`aSDedETOgM`Cnw-^~^dmM;BSK=LCbIkKsG3-<t<zF0s5s}{MnH%L{
ztsvd(c$;!{Bfa|?SD(u*RMZ2p4RgnA^99O}qa9S#{*Kl`2CcOvMsdtb0IxsTfLfDd
z_AKY;9X~YexzbpmX$j8?Pv<wc!tU4(u>%W_rJXlSov<w||H0E{)<E87N7*|Jj^6&{
zs4&KZp-nM89CS48`T1IE7=70SI??qtP#74wvoZT#?zWs|z)lSIJx`mS+iB!CzW#Jx
zonhzWiIY=xwIirUs`^n1*=jP_JCxZe{gEv5g;_6N0<{Zes?OfsVEzl2j5C}n0SHsn
z2UGKYe^K6nB~e;<!Vo=$C({9!d(%V83?D@T^e0!<lkA5T5iT^fd9{c>P&k<tkJbYE
z(Jtb(d}|E)T&OAB(c2Nt8|XL&dhf#3305Lw^1|tGvWI=&2h2gbzeR8JDT9y;r(P@Q
z-eQ`$S4sBQ>lVw5xpb`-kzKe6f<nVoPK>Qoa#|-Qs6+cZ#B3++)G;agvGF!VnPXXM
z196Wf`RHUI)}1;=DX|W7;Nhir&Xby?!e=^iR|W71hVZr)Kj)z2DDXn(OJxGOG?`Gg
zJL5GV2@eiVRvXAiMHEy0P4nbDL4|t{^DICIN;^m^hZH;y5T;fav)!Sh?#1M(A{xqJ
z2zecR=qyuc*y5WVtF1rCV70Mgk5i77#w5Q&DPEd?kI3d*bAP$BKG&0h%R{R%AE{!F
zXLbai>8;5E@#C|EEi>-p?_#X0UrD4a1jD{@m&ntW+WO+ad4f`a+QBQxYvpxzg1W1R
z{;W@^5{8mmnsR*aW7%74Q+C6gwv{tMMIQ#!;k1N7qDA|5!@@;oT4(k_g%dx9qsTU3
zC(vF1#XNf6SH7k<u`M7^E?G_R#OwWY19*UYd*I>3w3IFkUVJh(v<^2brWhmMhA_WY
z1Tl>3E!~{EpVo6H4H;1{5?0fn%52e_22Z$N>=D~`q=wrnkLfPksaYLvo|?0i>43t^
z8VY=6Ar^vTZT+jYXa89BM<UY&w}iFaMc5HBHpXLzc!tpbadh3$Y`*W?C|a|v+C^LI
zW5!l9)nQh3*ehypMeRh4ma4s}8Z~Rxid7_3Z8a;ls7(-rBt+!r`}^xTC+9iuN%B7T
zy6)?~9#&G#;Ngk4fiOfKgZadbfi4bSV%JAVS^~nZZTztRyq~K&ZLY>`jr30TXGl!-
z$z}-!02MAVIW7}u89Rggxyr;0Gm$@W3V86_vDW$`sH)+7+UqLUB~zHzCEv>tLZ>UT
zet%@AUIJp#CCe%y&@Xt#8`ElE_MllGbP%>?Ft=4@-rU+?ELmV45OVi98M5=g?1ym4
z;b@)CBqgs%%H_*#SeC9&t@X$Y)8Y%fc-HTRw3c`>hx~{{$6Ci3_W_54;U2~uE{&Uw
z49=svrI<?5DeWBcDW+klftQ@rjEO*3s*n){Ec~o#$?W1LMliGb-gtJ1V;sAf5Sx&Y
zFqe>!frOZZyo8?K8$FYBBO@buO^q%(!uM*ki4xs7Nt5dD-(4oxEhWq+?Le;eqZrcH
zP~f|<PCWQP=;HMCuPu!&$R%(~c`SI;FS+@g47Z%WRq{vOsE7Globkk#>>ujMwN)ki
zFsL;)4<#e0Y)%p1P5yiMuwnjTu_pU*j=s2adI0$rcz;b{FKlQSa)V{IBL>6v1lcaH
zYN{HvYQ}_hqw_UF@Qtfv%!{@#;mNa9kbYy;{lFI$7v^1+zB85ej*A>_QMNfM`!JjY
z?bywr=SK<8_s_KbLftrdyJpubNTc3`lVH3p)z;lt!|ci-JrfYbQ~w*mVxJ%iEWsr)
z$c8{B(&f(|s0zd3?k(kpOg1;oJGy{s%9?xCnY_dOzi2z((YMVCeP7-s8X6TG_Dm(o
zusni(VeR05(>*2Q96~aqkKZdUpGjKk(oxwYdjo~lK9Qj)IDcc;477SS>8!An)MXBw
zwE7W}ylh;#;mxSyKNf-}S@2Ib7raIj;9lD%A;9m*L)`a&@Pkt%-v3QX^Z8$kDb>We
zLVQHn!(}%dRn^00lc1_LUYOqaiMIki+~lZu-nAfh+=9zG`nbSG^_HCExOMK5($Oe=
zwew$ESI3iO?V6oM8M>2+R*UAox4{jOU%Su4+3>8+kfAYXH;N`~=dAWWI){ElN0<*H
z8t$)Evy;$!XPkA--C(P&gM1{(gepVNbgzM^#XbBJb{qfOcJBQJFOM0b)@W}mkvU{j
z?TQQjbdj`oG})!Z2q()NEj?Ia3m@~df2TItDb}6E48Q&MfOD00S@?yv4YZ`Hu6yeg
zsxuATC)n}P+Q1>5lU-YW;ieSuS9C!cD-7*(e6>-BNZPG6BLAUKZB@=EcjrZ*t7J&y
z^lY4@X?m)EH+JO`v4W;T>5r~kCwKs?DZi$x?xB~N;ghO+3%)nO(~3cVwcaKb=5@75
z1@VxEDibD?72yN$1o|%1>u~(nrdKi53G?Bs&CBov+AfaZT6NHNak43XzQvJ>K+n74
z7y-Bp3x(hQ)edT8GsCDFpV7g^=z`RfUUzsCL*mu-j@o%g$ezijj?C-)gjIfDX>#|~
zgRutSz)x6yup{%KO4kfA8A4==@Lr^}c}jDVqrG>Q+GR=$FUTbzub*v(*Y?pSA%|Wc
zHWfreavPh@y&IaoZ2AD|=nMT|t!!s}EkmAd{Ru&gYji3-flF(X^BFf7fk={R{F$Kx
zd|dK-wNGV272{6oXtiTTH>%HOr$O5Hh!CR#I%~8DVA;s^bbIoR65(t9{flnplEAUg
ziDhtt&6w<hIxZXa*--oE&~FQWZ*No#sr$U{w%HCDyL4X1;i{TiHWTy8un-s~bE+}&
z=;r_y9?G970C_ufa-O_^h)5&9OW>}u%ntnc>%vHk&2g#+hgD|=FR{#A>$H3f=33!t
z>Mq7fQh{XqvZWN8%n|J))u^)+sg^~X{F8_=B}8V1YP*1c+MZhU0<^#=J%y$z5*0X^
zR)YCk$LbGzKYq^s{Gh+}g1TnYhlrCD>L`!IzTyizG*%PZT)1IDdCb&-{e@<+;39na
z`sbNB`26k<viiq!;Qk{rHR!c5Q>a$`$kg`*kCa_#muRhTAvprz)~=4a_fKIS`%yh%
zr)~kxa=Y8~a^XuXmZG7*Jc2#?2v<|x$yEROwII{M%qqPxRV^<hq@eMr-9lJjmyelB
zU$@2))tC_jtxJzF%5N3hD+hev@L{`~UM`sp2ztxbt6AfS54oFQVE!rlZWx)ytR~Br
zto|fYC_n8W*{TMxf&(!w4#ivGAkKlW`=h317|hO0A2~g2=>5nzSVti7+irX?Cwe)p
zSnhpXm=pdP*sSSu((HVCcaT?g-{4I?2pJGSeP+RzY|FjOSCuO7vEq3kW6KU|%!53_
ze}ku9eJmJka9i5(QK+dT$$Zb!ruv^xi@F4O5>&Y8_?~lRm;&J)D<A8ru&bI`@DaKd
zC{giZsY}edDUazW$U0Sp>%u8bFiQC_+Hb^f`>I9gLDRVu9LwmJ8E$@4tov)}{2%&=
zoOf3jYg8lyzst_O;OfX}ey;c?+Rd8|%0gK9M83gFwhjs7Bhy_d2YNcsyhM3rq|X81
zP)?Cp?7x|1=ESPLi@A=xwi{SUbJb7TSwr)hJrcA|7H0tgLtN{0B0Mv4y_czr+Ppax
zon(fQzoyNNA-jN0UnBgQV*~JMC>b9-pdF7Eb|bUBeQ^=XpE;LU5&yAkILKZVYpWKt
zoRVIzEwNVM;A8gK2sA2X%U&Gsc7d4tWf_vbbra5lXw1ud_cS>`lmpxG9Ou=FgbpHJ
zr8l!QH<rqyG#Y=)*EF`wcCeZ<kBla@RLP{mQ*60C{*LK=jiB<bWTx_SuvJx+HneyV
z-#ACL83jzaS}iWx_s6%2+-Aq`9`_#W9B{<#=iCqOX?x;6CTrW*J6%V-`mHz0G=-D&
zrFDg;%s45WnBEr`Uv*N<(;5U~h7*~t7H8RQ;mdB6Wkol9<s&!y=o(kfWac&f+>fvw
zfSW7EH$M{veKgNmeFH(#Senig%HjXD<cW70JjwpH6ZND^f~e2rzJXEJlkQb|D~ZY~
z<apag4y`GQ$0MafK1+qS+|s4ON;06*wx;WvzWqJ8pNQO(8NAC<J*Q#2nFs1=aDjVf
z*>XE9u%))$N=6Sc4-|h?*khQKRMe9m?rpzuCfm013O|z5^<1a+U*Lk8(nquE9p#@j
z_$H}1g}nX;Ra7r_N)`5k4g#Ic75l@8uzp@zn~4^MT~b8yOL0Vda^r6z^^IUbGWuQ?
z=LvVJF40Nl2+-W2n#PsSnhIdBEB}sdx*P22JJVp;<|RF~JwyC-U=)yW5a@;8)|zh}
zx4`l1wfmGU0#6`~Jv2>**&O>22T5Z5m2SN#%y5M?OUH!iPhHOX{Qh#T$s>7Ea<aTp
zgJJ!M+;NB8620L&_aFtkYNLrWl1{>p({x-4DeT?&;vJ~ta1qXl`KDJkHu`c)>wRZY
zP;J%QeYsM{Yh@3WG%~l-sQK6$DY9dgu4Yp%nZJ7MbIh~|2)R4m8+8_uX7&2mu`Wa5
zsFGy%0^z}n`yTrDJ8gVSlfq)mFYE`tG~%{@t1$CF4ld?@(|Gd=tGTZKBrD$*OSu+g
zk6P6zji$-mAu+83ta_wG)HiRN7ku(<QXYVRlvYn5_&}K~^&q}wjT&cqvPsmCRGN{4
z8U=}zA+FWxuSv7%Q*<M(+U~PSuJKUeiLB7yLEndkdKrKB8-tU{hSPOfPPB8D+_)-?
zP9O8WY1;*zQ=hk+nffVF`}2{c54i-o)vu+w&N6$_N}{6=oE$vWgaqk&2}J^Ez*%nK
zkU6=dlg#dzjDE7_&u{u}b3PXNPsJ%c|30dssIm2tY`4<JMk1N#{Z%YfU0!je$%|RC
z{L3>Mo0J?f5ftTVdg~&$3)NF67CYHrhaa@%R)>7}U$j^-8Wwx*xeb5a61Kh*hIr|1
zDehf{pL}ZR&g8;NYr*4U3_8dzOkv!il|1>blIeU4p&M6Gu|pwZu|q-g;nqYX4%nVZ
z>YmKf=chY*!SE)BTR@tXbAthGhICNA1|oXWf<i5d^-_edw&ei`T?o~G4m}uw$nujf
zDw(bmEe;=BcCEa~Pk*M*o)`KMzaP8}TdA$Kmy=j9<TtHYlKpXe&Q$iI1Uge+{I&N|
z_1-P_3qD7-x}OI>-gpu?7VK(nY_5&0k*NWgzbpHX{68(mp5bkIiS2T#E2Z5YTgqL#
zkdo2mOBVRHHac>M&x=e4k|0n8wu^d-xQH@OGDiUnvN9KH1K+|UP4p2{yW2nV>)vXu
zEpYbz`PW)iKqtX}tUPW0wXN6z_p;Jkyl$vvuEmusr9xM~h2855gM{Xtd&LeYO@upe
z#L=N<xlR)y^o@aUE{e`E>u=0rVI*J;$Hku@aulC(OV}@#<oRY+m|HrT1BrWYzmV_I
z_O&dg{AHVf#eG1s_wNsP^=7x3b2cUynpwN2qGT7hJrbe!bJy12SW;C_H16gs<m6rW
z4*U3M21OIS2DP5^$UPb8pSc5;c-gLf!Ttvl(0P+5xd0kzv*-rQl<nGbZQK&4D!@2~
z!rcyq4(hki=aRjc#x0&R$xg$UN<Pjy{ei{#fL)qrx?$6NSLZCRb`HC7m09_R!hH`n
z0_KJr6c0B7V}0v*V6W+1wYyEdba>7moa4uE8~PL=_rQ1N-K2spC1yDGIoSOp7JvKj
z*`-hrd_4|L15zYhmi#x*brZMgaM32L_MS4ZrFSf@=gFYSUj~~EgMs-Q%MxD%vWG25
zSNDq5sN4^G?ZR`2`r^S_^eoEc+Wd{50eTdkQ<k{>bQ<_U%iX{H;3($9j+Hn}1w%+y
zG7%a9XzAzkW&~>-E_rOWYaWu%dFO{IZMX^NsOBwk3Y2XviBNG3bVS4j@vewpbme<r
z2hZ`(VV`w8J#yN=O7*gU4r5u=aFautP`_9-a0MM0zC{Q6vxNggR(NPpc5<i(>IKKL
zo2ZDDAW^~{I=IJSo>O3d&yt=0htd8J4e80~{b3u*tAA?AVbii=%bgBXz{HmUxe1mb
zf3=xgo395F9t7E_U2+g)5jP#Rq+FDlCo?0)+;uFOEUFAFQj@G#c<4}W35Mf;Og<66
zy*ezr3&X^0n@US{2PWirSL6fOz`V?d$K6@@rl?Cg5KCjNA5pxdC)C*55e^^C9gG8w
z=fv3DC(GCFo5d2;*HsD43+JEB79A%K2#!?tzj@UFtKzhv+<y3Tg*)j%(Sa6gf!8^E
z<o1T|)YF|KZ`lMC=U_rKFC%IR*F!t*9{NX)c`;^0UM0l&{NRely|eSKEK=tR*x}7f
zm2vn=`<2XN_C8+xX(LxHaPo9v1$!O^z;V{r00Tq`sY&&KT7GbDVopeKO!AK<+5(4{
zzpKVk0-cdwcNi?Lxr9JuZpfp2n0Hy=-D~@2dfgn*$QcvRaTMV68XbuRE_-P0y4n7G
zto(v<ZHm(7F5y?vK2e4mTt9&edbT32F_>Tb<uJ?z<!!w(Oji)LzfD&&AS{U@V|wKY
z-yln?-7{Mh09LR}`TW?K-JxTiTasyG)&a*n-cc!IjB@$E3;@!-isxD2V^C~UzrIj^
zQ5z0?wt~%f95bbar!?*@)bfITfQ|h;CC5VZN#E+OvZSXz2mRrhIooWwXR(EBoP^0o
z;xFzvKE=7OvtXK*>^-PZ;Ra^|2dkk8t0~isp?PPvPQ#;RgP96A?xmLR&PndU+@60e
z-<vp8f)@E@E)8p)%XfCOF0`A%w!REO+NHgHySG{@_>VFoyd@^W_?j<MR)go(PNM(}
zV4&QQLAFW|D%eIFnlFH}zT*NHB&xmcQlf|ZJqIf>1g}Q`_O|T!dJ8`at7el|hIN_?
zYL`~TeZ#MIFdxqK-by(5^)p8zQ<+kJEEwncg$BNj{S7;_zQeNM-j1)KC;;}t4Hmj*
zG9GMBOkG(m&QqEe9&l*wyxFcd#(@?2t90cNn7}(L`m#rC*X>&<z-`QjV%;2w*{bDd
zch0;fu>Royzc%&dn*^{p?=}KjM!2#Z-4$_oZ^R`vd}LuC{p#HLv$s1y|6&E*u@p8o
zP6x01wX@Gvgz9=I`o8Wm0^nHFxi~}zLR!$F`3aRX^R@W>6|`Tt(sg*YKQ8o3o!7{i
zKh87vx(1MdoNul<Q(k?vz)opTU?wWma)V=^*#saO6#ydNf$Vjkk%qgoAv~JR2ZT-8
zo;JuH=uYXiofCJ^Z5LzoK2ePhT!ZG_Ca>`Pzmc!!F`qyW9iuQ7a;S_DjSYi%CAuJ=
z6*OYXMr1fBZPi?5oP48J@FD+>==4fl=gjay{dS{n`zSbUvu}f(`yM!FGs6>_wpt#m
zVl``NW_XZiWjN4xn|i)b3M$T<=v&?~)t&pk0J8jXMZC>$r2P)8f%v<rnjY3cx3|#1
z3RY*C$1+6$(6>V21ANuuN%L5tD8T#Nzz4Wz;ognSU&mOsp(}B-oByksChWUUsoknf
z#P|u1{XM5?EQt0vtn)Q+XVP4j&~9xqIcZ_7G#qf`6WXD6$Oh!I+Ij##ModC9L)&I)
z;cpK~i}s=%3C?vQ=J{tfmGfvdZ+r4ldS@6H3w*qscMsaFbo{k5-;@y!-?y<;4P+wN
zx$R;1X+bs#5Ou9?(*p{?Iq%4p79AQ$(CcdH`W;x_dKoo_rl_R?)3pD;)p)k=VR^5i
zx}=EUo{;<4fCaqv0|I@(!kS}LEfYAvIUu)7X_aD(4qjpc5Ld*q?Vg2nn=ZR0UB!)R
z(<p3;20u{>dH=A+=uR5E_)S12XPz<PJPFoWdu6+#gdvsvvx^lTQn5OSpYS<!Z{ble
z3zkg%zwdJlgl!E|fY32Gzq;#S67ykYHwQ6=l)YDU3~@+Odb~j#2z##8$#S+!aTVNR
zNx0KL)Sv)_x{WeH1wV&vil`0h(m+ujPBYG~eZ+kuG0)bj-dL%6SdmXc=4jaPjnEo1
zN_bbxLB+htRM7dP-8t3K0~q3tME(qC-MOJ0(exQO98*5S;DfZ&)TfYKDIP`%P)c&a
zR2{?gX@OX@L|!2bj|w+FTnoYdY*h4Q4#2e1nH2*ooCAl4gqD3C>aOPYVxDM2KLwMg
zLQM9mt&m5<Y^Tg_e02?5DrooPZ#CD*4+(xu8nB2!rOcmC`JHyByh?QSzMIbUDEzy{
zWl_K!X_G8HSH5^jZE>zi48DcEwce}qPGfRys!Qo&v$0Hd{(XUS`Z2IMv*vyQUcIxi
z8iMUTYCugYk*Vq=Qy=cPw~oDK9-0WYlWdPYV29lUSTE45cE;=l-ryT}KNCS*c;Gq7
z;%>ft>pfjh!`HqeEPS1w5+NYR*iqeTfdiILk?!esl2(be2X6%NPk$Maap_@uBIEq@
zOB3fVR^LGpCY>McPJ_%pCrf$wNEWwPt645z6)6A07O7$n=@*mGv`)*D7R?0*+8$TM
z&Ormo{CJdk$x(oOmYo#g?<t8r3YEst?s6RR{K>fvZ2aZeG2Dfb-Mk0+_t_#KGG^ZD
zwQ!GmvWVd0d+%6E*s?{%-RIQY+S>)QqeH{>h486Vc#0=v+P1o%nd&^%Ussn>lUp1E
zZDGDn<b-A8YR5p<&HdZYdwA!@gt8-48^Uan)fJBAQ|c!f4L{>HIt+bTmM|ucNzVK@
zhQR6LmP+-pitNQP9DRa}<{wo)Fr>H1gJnq)CC1aZN)S_deVNGmHgm5ysI+O%^)tt<
z<9vsa&w*)%869t|G%Vv<u8kZ!yUlrCbQa@(%ZM)`&ayU0JYuGQDSF?0cbvHKcQn=4
z|LeVUbghWq`N1_dIsWVnZ)5}FuD<uX6WzXSvl)c`ff9bi#L=Oj;!GfTx&^KnZ~j&#
z3>`Pbd30m_)K-!hy=>F|<aOWi%Wv_(%q1X;F*=W7BoaE^0RCBkFS<4*?UkR_iy7}T
z;E^6?o^Ftq7|+kj%fOb|M`g+FVa$}07P|FZ;Q8m@1i0#kwP@EV8V^74dH|PP$(z)=
z%Fnp!bdH(L?j1Z5mlhbE?Y1FOp0<^I4XZzxd8*?OZh{{txs3hg-MeGKgE`lk)V5Rh
zPOeT6uuyKqPpS5(&f29;6`bl1iQ<Te$i?CHW0veT_kcRfo+#VIPnb%Q@v-8{z^!>w
zzvjR<Ce_(SU@@_s-_qWM!RMhvcV(3*lKs!Hglzz3v0Fo^)0T|-x-Dfo@E#;q%n@`}
zqdIH(H!~qK$VLAs3}Z6)rF;p)OSd_zuR4pCSH$Z{Gx<EcyqD6cZc*TT0l1=Y1lD;r
z>h|rY!Ad^`mpCL8J`}C!s;1oR+Oi3d8f@i2Ob+_}<NF%GvG*#j-F7!uzo%=bC%+-%
z96W5QW$h#zjaS&@Tn3YfcSwiJ%(&}2f6DcDk@pj~#04Sax6H`l%I8PSib;LgimUTQ
zn#y^5Oe|kS@nuuf1-uJ|J4byE<_a7&#onEULm#W0)ii{B3YJRU5&H5~pU6nuic+05
z(@73f+7==w_d1PBSA}!o*)~<0@UrI0y)xvo>dqz^Al1mg5pVS;WKo9fb06?BAVrrl
zPs0CtNK92CNkHCg>DdTKM^TIt0=u0(*odBeVl=uxI;3p-X7sHs`?J3?{7IA##LFLs
zp^^u0dR~-WP_ON`Uft~y1|6OwkUo~6sE^=c;pSmrUQ5jl@Di8P2f={rZzmV|shp;h
zvru@fTHs3!Jf=RM=u_~-=CUsFPjSeygSqe&sYfffRjs${?)fWTVy9}h+AVaOaRXgR
zuudqE&vx^&H8Jn^8lA4g&rjyIosF1xF&=5oeQW%@;rVw#{T+*m_bk(X%Y-;4`xp{;
zj;Y_HYOc_jz4Kjf6QV0#U^U>&Le9@*DUJHXwzG%w>5dwm{i;RKq?Z06bG5pp#HX7A
z<Tw4xWg(ps6{fKd4G*&ZRz1xX3GRxwG3$R(3|Y`Hw~P%L#tVh|HE<;-PB4$upQr@T
zB<#pZ^d}uHO6pA(Uo1-Q6^v5@u?<viM9-c^;R6V&%%}IezwR}Vp%(ALlaOPyY^Ubk
zmL%GVG}kc``jI2U&fU<&a+X|V&=M8M&T5HOKG#M``t!>$J}4%ay74K|Y+z7oiBh=<
z^^h=CX!@0ZrKL&q=YnI4if&&C^xJ>B;{cmtl|A6SA<j-<P^t1IV^YfnO@ci@_0bN9
zG4+zyFQn2?X_A8}bncHl9be{O?Z3*b4o4!v7g<rsp~JhgSuol>v57dQ(5#P&GE?;7
zIUxqTM26n5T+wd%f%s4d90OA$Yc`G2bUmqrr{LZc>e=&W4K~;8u+I`6X`oE{`GiK&
z9J7lUx6|aEnzWlfZc)p*LU@VKKG6tgy)qjYar{du&h^Y)8R$)CVl0Ey`9)vf`}rMR
z_c6HQKN%taJ?H!Ep<;5#OWTbh3S?P=|6Zut@)s`gn`5tY4Qtq6vK~oPg--`Sc~uM6
zM-&Hb#%#-9q@Q$$v-byF%T8f&+XyAJXC)yk*P(9<TAC6O<!k0h?=};4C$lO75ur2l
z#-#u9spG?i2AjU%kZ%$=R)jZ8M`BE!)9vMNN!3UV>%7N`W<MZO)9jo_Z0DE>mCUDR
zwN+-E+dmQx^r?&IddG6RX2?OjRqLU$3u;$`ii2ah;l|eH{WhyO70YUUM>Bb+knb0U
z(??3>YQqxyoMqYZM8_k5!pQ8a_}oer<ns+xV>_Omn=*!J6)(7*Zb>f`)Yu!|-Zafr
z{A%PDpuVYg!>K8Hj%lQ5S4B}rr7!Mwd$Oi?j!1pNwUf+jXt6pEI%v^(%*J^m{>JMU
zeBNiMlQ2hK{LG2R+4v8{lc>``y1Lh(YWu9IkcQ{4ouiiA@*UJ~%+@?0v$XP#f78VQ
zu0T&@XVE=0Uy>5l$R%*5zP(};>w&&|t9rDiYd84H<g@CW^oE={lj;@MWKM44VxTql
z>aZAyzFm1WJAPhC|76O|vo?=uWGD$eOKV}ed=+ok@v)lgN-bncxuY}{oHA5=j?1ZH
zPffSyBwiCrfF%ZB_lvqVHJ<N03v)(t?kk~ZeJhC%oHy<^ik7ovd(xq24djuA$)_m~
z5rC}I6z!!a|AFigLF2<tQ)cso*feYuq<fS_He5-iY?{a$YaK>^TGsZ4dL*5Utp8)w
z_fsRTZEa>O&)mc>#zA@Rwsv^ajZ@yzuv(tFI-%WF-!|3iU%oy(mXpxB%cP*QcIA8~
z>c+ovxTeLSJ|aJgXl)Z9k`bKfsG7ZA=HbVloU36Q9UU~SuvUZLpTBQ`WHy4!h>;lq
z#O%HcKaA>bdAmoS^SRPzS^43rq1FXS83TWf?y}M8uK2I}j{a7r4K-N9$mw8CGjr|W
zIj2g$PbH(#!Iy@)!TGX3{$tY)oeQz>L#2FW<@VTaN<9^^eNs!|qzB8&NR`kKR1Ll3
zcr=lE8nc%VL-28z<GDK}Qg$`8L4o#a!yx@N^FA`i!}8#qxb-nj-8RPaUX9p`8`~U0
zUGdKk8;WmW!>>)%g^e*bgkkX}5jjVG0HQ`h4g{0a7q8h5m6_!e+_XID2XyScosarE
zc>egV9RJ{6orNkpmEXD@z_NcWV`x{x?$XLGMkp`bgWtM~(Q<Xe$3Tq-#W1S@3!0)y
z%S^iKc^L)dyO`m<wGLh&ltntkr!2)IT7K7QSZ^5PO|oX2L&rNoLUnyvp>xVcaC^ZG
zIYPpnYq9)#8$7g5NdNg(!sZf2P0D5I`D-h^V?BUs&gPVjKIr-y-w)H~nBwzHs<AAL
z<JiQ*P>W3wfyCHGhx&jfA0*32hk{LjtIo{=_MV66lmSB5rF8ekYhQ-W3y9K~5XKF?
z%*{9E3O|S!WdI+cJ3N$6QFEysOo}-Msh1414&bhl_Jv{OJJlq)k#bLIHl^K0n(VhQ
z;emOb-+O6iFqdNy)@*9FY)dQTm;M~h8Gfc_r605=|5$C<b<Kz&l64^`W?PnTY3z=f
zsjK#N0jhBho^ij)f9@d!gc=m@A>KT;(pwL(owS(#ujkGJK(krcW#5!?BvQ*WU&Hwa
z)@U71QAcYz9wtv`qC4dL$rEgmJliMZKs;(q&t9q|cWx~%>ze02YB1p;uf%$vHr$?M
zc;Syka?J1bLb^tHjvGF{m-2}$eJ-D;xt}?!JgmU4?-(72CKvdret4RAB`~jWTe*)!
zk`13Z0{}vQu|AdJ-UE=`vBFwR(xEm-4el<>1(%7%O_h^QHQdxrA?1pFn;qD^{wub=
z{|Eh8oeGXs%D@PA+Ihx=J`|L;M!qb6<6)fg`LM0Cf{&cF9`OuUZ!g!y!Q~!*Cc3mx
zQ>VdTWWQrV8F#V7(4;1EqP;Ztv@A&e3RjF&?Iry8V816i+?cVNyZ2QaUjySUJ@l*p
zHkIDJxKH-=dv3Ef>zL_T*}J}hk)f=`o`kS(N?dN4%JTco3j|PCo%El2P(nfQX!fCG
zXRCo1JS;tg<p3>pV(DIubkx{ol0-jjlMG}yfAUyeJb#1Hy|lFY)!J__DrDCfx^1l1
z2U^WwK}!GkM<>6T+Es2WFT~>5m`i)U!_B?G9{}HI-!&H=%-Fiz)nTb^N*Ct{H&|_C
zrpa3%C%zX|mfM|E?@#fP7_8DxUpms(N5*%Z0i<ILtDV_ki9pX-*SnTj!Qq>xmfIKi
z!xZ~wnnRl3`)a&cewz(crm=s|!K$OU@xXfI^(#fT2t{~P*t|^WS@5;G*Oh4Vh{jOv
zES+^LT42(3KhZ1E-i75r9V!s6akKtOg2Jcc_ZLO^BtT8?@KvKRZ%WAB$CjlZ+g_N@
zs~zUWBbdFhx?qiJ{2R(1X%I@jp6$bR>TzR7Y|Pw_dtU@O%2RpvbQ&6-^RpzMM47PD
z_T=@b+l1*!Q<_lWms*$ASL0)R70$qNU#~i=B!gpN>&Zdbr^&fMQRznU-MJ$eA0R~g
zpr8@CSMX$~Jz3+dJ|uvu6nG`#;lFtzSoNgGTJL1-bkA&Zhq?0)I{nAO*zbR#_@5!u
zGtb0WpYoPy;+%3Ur#nAK%zc!_20m!++<%1kozXP{oL<lcK>}wQc^yn2zA({>`tzzt
z<kW?9Tdu$Kq{zDH%)DpeIH0p<@kg6ZLDWexe!5XBb%9RE-omPQETywHxT)#kmbZ}q
z{elyb-8sznuYo%2RkNAxkxh<9*G{VRR#G}NK#|UzYua>NYbDrq>PAd=h>2Eq|IWfM
zmnd`{ta}0~$ZDSyeQ{a0tk`U*LP*tMlv0hYy$KdtX^iuKLj%{N3(8yJp(wDfj(mHV
zpxhOA!G}z{;yI*tUj-v|8!191u)!N4d)TDh<t`LuihvNW(6vew-<TicNm3Z`yf3PD
zfYL^opmKMGEvj~m(uRqkhg+x}Tw37?T?{dh`qk1Pf}ZnkD_8~H9h_p!ZD&_QREA7z
zKpsW922s0r{${@wL@h2nSqekijcNVt(Y#Ui53U)#chwk%Yu=Yuwb-2#aFA0b8C+FP
zxr5#g8-G27uRODRl{0y@VZ(qy^;OI=xqf*vMr4Kj$-t*y|8!S1G)B;0k-&$kZ)?e<
z8#zGDG@g|JAi`*#SLMuEvvXA5u}##CXhZJJ%bqAMABhv8ff6AH_gRsiJN>1=PfI!L
zVF2l2b*4R;-dL~wW!sNh_}JnkKhbYM_m}op5`C!1!t6(}h2<ljwjdY6qO)I~$tTW0
zeOp7lH9@+Ll&<f|JDbr8`%;6nS(_~^X08j>TY>Cwe@vD0LQ+}dkXP(-aCPzw^PuYZ
zbiW%8VA}^VA7f5oZZ?Q?edw;AGLp-;?`bJSfBwfzeL)LbHhO!?r5`9X%X`YW(i`?>
z>|B?nt!d#se1vyK1mDfVwfQeHd`zXKg`&#Ss^^Q6di8zVQfSrNdZn_D83gKT%=4ZQ
zQoH>T7HIqIC(o=uP#D^wBnSzCZF4|UOAM1tWI`jjSW#U8ZwfRdcHTtgy$`zyf*b=9
zd-_Tqev7CnRsrlFFII<^c$N-WsH(m2yRo1)(iH=K)Xg^3<*T(Gc5U=<ywmlBA&a4h
zU~}e5jpt}aiL^sZghswyc9n^2HPRknHz~Az{UxK~Wi$QqkQaLEx5y4rBqGZS8Z!UC
zw!(xlQ?m?EpzcVA26T^^D*<6Pt`f~{mg)~lX#UKv_t^Sfs4-=o1<>2}d0pr=k1yPh
zTl&8zioBcy>sY?8i%>70`lI?N4lET!y1KalMAo5hN1E>?7YukD$owUX{7g>)@Nn+8
z+`)gGr>c9d;3>9y24xRQB~N!bE%Z&0fsJm3Z;dDg-oqkzJ>!llGeS}x``J-&Mv=X2
zL2Xp-S_43<d5zrNqOa?(Rag}2EWG44()viZ$S?F$&X?ax1j$|&Cj{c<D0{NlB{=5*
zxz}5zK~Ug5o}J@9p1b{lqSVlBD34ifqeh6i6GK^3JByhyN-=x2JwAMy;rwWxApB*^
zVZd~}$lqRr9!7BHp3R7~RyYjEVvqXgku`CipW-GBPg@+MF&S!Pnri6ug9@$$MPMtQ
zSg!(7X&>-9F`Dg6GgYfP*e#DI7X`nO+36_EfAYJ}w!_=o7NI^V3rds3=<4UO{Ji-G
zYP+GRR2N#apWoL+wu<#ETCvbY`9bfjzk*jqNHQS<fquw9nex{3FH2LHcD0ocO^S8*
zV<7m<63q1~HnU5VVqG9Ft{)S55_9}yfS5=d5Z8G5Dc22pNCF;j2Q7sqh*5(qlGH)s
zgb<CoEi@fyq8|s&fAdP?ur&AV^(pvhg{PrgKwbR`!?hd<QJKTv0rOn=P=^-0FBQR!
zrv8X{nH=wa4@lNNHyCef*r_?U#Os~3m_IHj>9J4QWp0vbM~=^!JOuX9qnP(FvKpvi
zi+K+i6F!%>+%+J5pgePXN`5nowtnk~m{cz%wA(<76P|`7mVAxoyrZp$dl<oaXQQjy
zY_4nh(|sttb9O)JQKGK<z&&ZU__Sd8W|PhzXM2lk|EhM+ZmsY1(FQ0t;fHH=J?<7Q
zt*e_qr}=}DX2?EcQL3wQwd%b5GKk#C=QJyIvUFa#ysB3DJZ(8r6I|L$tfp6Oz>kXh
zP2IBvx<)>L&)9(N$+n*reOuOHbt3QjQbV|r=uW0emXX`$M6QE-I=IpZ)$18u&kwv_
zLj2jUpq5JkT}`n6cEa*oTNC&~;WAh5*7t+^WTsVyC*%~ct2!?+sV(7R`THs}=e@t)
z>I7t{lK?)=q<`r=_93!|pcw6a-rA%0RsTrv`J@XZ_SzprYf4Q(Kz_EEs-fV;UE5P9
z`G%X;`5y~U!*S}oHFscP<0l%t#)YR`E@4dGnTg1Xe>4Q?j0}zO27tE_UNu7ar<!f?
ztEq&j@)O^Bk6XZKu)?^Vruf8!i=+-!jfZP-4N!-fKx?Yh;Ol(Jq%=5Mc;zO{mP3Vb
z{9ye)o43rpMmJJw80;=eavC6{8<jQD$2`PW0^+O9Z2EI9f1$X61F@Hu@zj8W6RqhO
z?8u8HlKO%1j{^qyEvdsZ>tTN~{80kOGc#A9&o?sn-0NR<p_28F6aBfmkYBojI;?Fo
zzD^7zZiZckieTQNYVv}5UGRu*C3e(+9l=_ESW$6X{{X7{S4iP<f=j9tU7k(%%0VgR
zB<G*k0k^r;eS^deipJGQt>#EnX==4IEdpsT<bD>uiC&~1N!90>6LxGs36n6gA}tIz
z+*Fw&fm^ZzcTz(eh1?O}O_75h;15}xnAf+Z$r|MsEV}d7YVH>ad(|n2ij;<JkHt~L
zFV0`tXk4M-Hil)2VY`AsMWkVpNZVOlmdru<EJA8}sMRgRQLy8|%7(M6XRAYqr;h&t
zmCda2756U#^YBK#CPF`zz)O45zTKAGKgV6x#F#7VL@BMV%)QwSe9n{hp76ppv-<C5
zk2dtCgQ5SUL~F@U`MX{7PeX@(T_vz1H3=SwRR@E2<he?Dm{b$B$nJsG>DO15RUwaf
zI$KhBzgdpaX=1Y!`7#3+S#OW$v+(g%+u1sL=4r4uxpLI?@w+)-l-;LHtCO#btV(1}
zn#+>lgH$izKlndovRKSGy&{WI)&w?wUo#3v+7||Eq7}#I6*|Igew_lxEoLk+>TyS&
z*Vi(aGmb{k*KcF(6OIV??wbz-<XciUUY_T4Pof<44E=oW?yMzW@~9YwK$8Ser*9m5
zY+%@u_=0bUV;*zb!DZ^qY%S%pCv%-Qe^m*0<njbdI2pzXbkNAE@p<13s>nu@%M=${
zonN=SL&$xLe+_@-+@8K2sg?QoY<c596o#fsoA2-!QoiB(FICiyd?H5H`s3kz_zZ6s
z!&SS&<-y6;0{5K4#d9?N#V(rJ1SPRzy!0c(yNXpU_)JGJI3mk>b|B#9@+!)5m=HzF
z1=y{$+DyBYr>{<IN~n(Q>#9H~Z5tjCPwDUAl~npmORC)+0$Is2h?#_(Dv>@$yb=}2
zG2FXMfgeF;fqzitp3bI1b=X;FQ4)V163Ja+62C6vP7ai8d|>&@9KU}&fpDAw|3l?j
zpwuP1-_HgLmitDScAC3mT5M8?<JPXcq1CiI0?qQ3%~kuU$D9X7R>Bp<psF=aX)I=P
zm!L(2Z5ht1W!(lX4&1(uc`FiheAY9@6Tv}iy=wo1zZu;(IUM<Qmjbl4WC7254gejH
zQ`TR*9ZbwSj-Jd56@pHw{7T-3xIe5ZodEV<gcPQbZ0#hi72oRX{%WbD6Q1$a;MW`$
zbBBerc&>Wh@FG)yf^)vprQgnvFroP}^9UP-q@N#Du@Lzm5r*Go$+5`mA>({DrQsRP
zNgF5*rZfJ45%%yZ?8&=rIgA(Oe+g6drh3u;W;3A7@3$Km{kz4=FW2eX{0Wsx+~2vK
z&=jZjIW1hIvOyG_zpvZ${OhdNt*xKwzqdpdQinJgEa+VpSzLNQv?XB6S1kWwi)=D)
zSVS;K?WWLK$hdHo$+B4*N0nDR{xT$5wxjt4DOz?USd4(mHOcGhumXGK&veohKgwT_
zI7+x`JYlDn+f<;FM6G|ME6*6c8@aGeI2#N84xE%yO3D)dfaO0djTl3cS-~4C?V}?i
z9g-G|a19<cZm5D0+_KvLoDs~^VVK9Czh=W&l;$nHvo5OhCh;VNhbO0C5{i3V_b{AB
znBtkLH%&B@^}W#K4I4%KL;X8xm%5Eh?3cO`*?KaF-(lAqLbDI(FkzZ@3mll>ucD3n
zV}DoqDgD-uv=j&IOR|UiS)PjwbFkUHf-~=jy`!rW%l9%OrQ#5_o;?=>%h9@9Pv36Y
zcZPp`0Ni|JP2KQulx6iu9iwbO2RWd5l{C>m&GPDblIF{@Xsl;G;GY+jm$tt^Xx2MZ
znr>_F=y#YF#(!fQ4l0U(<r$v28P>JGkpJp{V?8Yw^E<U{VJi;s*#WQY5&LH=`Nm2c
z<f2wDrf}qWQR|DONF?RFYguq$!o4>|TlP@TE`5p`{Igff<&j8iQR}5s1oCQk^LiBf
zywfZ>ioK$EqV+q4<SIUa6(i>Lev9^iScL~2snepU@q+^e#SAc)@q_7I*dvU)pLSsj
z>^!RFT1SBQr)PjiB&c`A*mcZ!S)}2dJ%9t-Ju@>m5cYPp-5|N2ZG~qCmKC?Z5@+d|
z87DY%d??B7{zp~5WjBB>&3&PIof{9Oi4F`E2>l42z|2e5n|``#@;myZB)!BKi!n@~
z{v_-H1mp5EZ9j(*#A|B*owPnV7y9C#WSIbs?f4wv<{Mnv##HtoYa!eix1eS6RAbjv
zf5`J;RggZrx7ySF;yR<ONnE>DW<UOR`-bm;x*$YJkeai2Kf!JBU`l91wxb&xJA(gP
zJXATrAYA~;g)>R>JbVWAaPWf#>)AI`z#fmk_{!O6YPcslBp=oZ{!Uwit<eqc8G~w~
zgNCb<e2M(<1Pk!mIS}4^D&O#&H`Dk2(3Jfj{six3zNjmTaZ~?2@*^z%Q-c%(EbPfV
zcs!aBc6(fl2}VDjj`%DOaCr-5!@AH(4tC8@TU16UUbl$8zt8E?tD^A*`!=qQpJHF^
zf!VOgMQBc)R>?gBG)TlzW`_JIj!-m#Ecng|)&*V5^1D!{J<I^hked8BANtVM^xL>_
zpPWV6@jQ#l4A3bN3RhGSK1h14`3Bz1_e7bHNoaa#L$9e%u&@H?YsT?$5R2)ryg+95
zya;HXUtK3nSqj&G&xNb7M!E$n3xR&H{&30P0_wlrJtOCZ5E-OJ&9=6Rh*C%%BNCc1
zzNV1?5(4MALjn3o-EsfWe_`ban-up7?#<G3M)z(Wq3{(Nj@&$s#qz`c-Yi%ddqsKW
zCn9{bFKot-H5<9@^9Uvh-sdt%I*W`5MMjI##6A)Pph=7no@%l??4(7Vu8AJqRzQIL
zEH`%-)Of&8RvM@56(efZ`Yn=lyIMv}xy=>A@E%7rQ}({qC!D|jyB5vQ`JR8s&;Mn7
zscgKW?FUT`k9+ZQk#>v!^>ET@@tphyO<DZmPC!F~2Y!c@ss3(Vp<De~R?>cl1-ZGU
z3ssr6Vm?@uu9*62UpjSd)jxw$9LD2&{|mSal6df|L;MI)*e-1Zr?l-0TOP2}F$|fj
z1pl&;d(u2pa@-4|KRX)J!qHBjGU=W%VvLQh1uI4OTT(iqv*s_GCh&Rq+P?)?%xF?&
z%Dw>USgN2Ns49#vC%exVyyo4}(E06{4I;Zb#9Uu9saNBr1m-^};x~*5K&bM%>ffJ2
zVj<O{(7a1R(`lLUD<8Eu8S=fXvUYeGwaDOpBaCC~pJl^>$ljAUO&%=4W4~8nML+xg
z&>zKLa^pWW_2tHC9}QnKKp+#P%7VlnNXk<mPbVvK!yZseQo;;qEyP?l3au-vEZJR*
z%ZZWm%is6)yRtYnNX;0k7tq$W{j>8VZ*>%YZa%6<Do`}I|NI(6gcdgNUqK;8Fp{0s
zv6J0##nLIg^<X_R^IOloV6$r$iY~c-9Q7tdmC#g(H{AS_Faw!C6d7c?(W!Ar!GL(3
z%{_yDhc8{`8@*|+w}mIIC~g=AmkL-<9=#c^y5=gDSYToEx7<@_EAD7+*Oq$aij?<=
zZf&c+Fd-cGA=9KT<BkD+ET`wiZ>esuvJgRKbPU>+<zJ}|x=*O=c6R3fL4`_Y;!Eg%
zahTy?z7WH3ScB*JqtVgerH6Z~htUohYt6jet0>*V0PjH#pb9)sKPh*<;kmYNo+fuc
z>0bH5nKF*KxPw32$~#f6Mv3}|WqjXAL^#tos#facKWFQ5ZO$>jG1jpAi?`PIZ~gG5
z_EY;?em*3BkPX}a@%2Qr43}U=Pr~c)6ThJHmTny~t)PF_X?_z@6GYaKMG)lpll)?E
zr6&=`JJsN6N;w<~Gn{5pJjl-U483l4l-#!1-02WA*vuOuw2t!8z=`1vWll@I_Th`a
zuB*GW<)=X;=~_FJQ`%cG6(s;Bm8nm^<B^(Mz|7_rW~J$GJi$$Q+xCcWDjjdo|1G1<
zQ#-U^G*QUkpB<%2SJHQCVg-rk5v-?A3T&a=l#<6WoBpW_zy@i=J?|e%!@0x48<=%U
z-WKRRgFQ9RycuNs^YPc4752bK!_+mqTdVUHjPoxWlJd$eIfgak)W-Vr<+HjculL}g
zI&XZJ1({Lgh)q?)zdq5L?y80oQN9`aTxy0A?t(5i5GVEWypqf?FmJ-VEZ3C_WVsyy
z_JUE4;t>RP2t3<V!^L%r2Zty;E&FukCTU*_<G(Im(pW%0x3YNB)tu-R)a1F|1Ye5p
z&y?0}jB8)LXnmb)pkK0~9Ug~l5n~5d{;Y%x=0mWN23=665nLj)!$%C12_g2{B%IFE
zCgEgvR(PmDB1eB_2IZDIHCkrg*Cbu>bSBwBjs-FN;Jg*0U!9tw`IbyP%zSu%K}eS8
z)Y_}IKrqVt3Tcxf-2TywX^}nLu=Y%vq1PZ!&xbu(Z+|p4!}7oM15R$IJqP37&XOt1
z#Vs4iJuL?w|BD01v?(Uc7Q13Th*#7WePU>m79HHvLg+v#L{r>cXb66P{Fg}_am;7D
z=uu;1T%S$cg{kT|wA=IsTz>@2KttmAACI!KizB4CGZA$I{(%P)nb*VuJK@>y|J3lS
z^v<$Nt$lw4fb`m(x1A%H>Cx7T%CYm<bMyYhYXQHn_5of<swY7cPn2h$_<-gmH%}sz
zRKs}3S4PBEeg|79)X^GtsXPf3uMO*)uwFq8F8>-o5KQ>-60d4H37Odv%nq9<FE;i~
z+%2fs4R%$Q5;}X%uNrx>8R)Qa2eVk6^0C~XEaw8AH(6)%%S__!M+K*E2<@g9==<wU
z2e60mo`AM>+zCrRog=pqAiXh-sfdZJb$gqiERfg|D}lFmho*zphbhuE<cOR&g+0*y
zc{5mQ3@vJA%5ya~iAs*Dp*Gc{DAbVzNUVs`98EkUA<*9pH(f$Amd3zao%Ay;5ytO2
zksLhb%N(Dh)8Mzye^>6H_u0B)2U$-804@{3$dFJGct&;pmt~D;`MH+3kWe$JA!z$|
zhW>D5yNOltZOu4y!0x_lVQExAc^jj?LrAF1q|pzKQ=IR(%1oTQDU*vjx>pu<1*+Rf
zxGTB127V49Qn=(E+&RU)8do`hAr}O^-igKr#s>FBX8L7)FBXYVw33*d)Z`IoKgHc0
z*NS`A*?AN8i9WQmkshqehC@4u5cI_MPH}Jlhwa8)uxXvz<IXK)38{R3S2IPmzbS3F
z2=jMWnqFTGYI!5V4tv$TlD5o0o{?KS;XEvGMY^Dzl{fiywcav>)cm^sDoW5GEAHoW
zB|?W{kYKsi6)W!d$?4L%+6YR|9iqg5suW`)g2sy~pIO{+$s3D1_o8u8AG1Wahk>yd
zT7Lso2P3wXibl4nYdqS&W0>Crw=AIBQ>s$P0mLv}T98pfXV@18cslnhpd^)Kdmr4e
zs=KA4&jz?p1tL?qlVHhI%IhxY8_WIW)dkHDAdl~nnk!00+EhQE2+g>j@96o3l%I<N
z$(^@Ih{=A9Eg6OCI;|7jD76W0y{kRnvFrG9sNZc{E#%+Y?arq#qRHTU-lWPbW{SoK
zpecP0UFj=*^DkknNVKJVr~K2*nZGBKZnh?O+<uN<_QTU`RIbN=^4DP3#VGFuKQGGS
z6G}(Z{kz?H@}J}-RAbZcV_DW{V>LScbW+w<SW`=q{>CIZ8W&fm4C1G7`Zx8(CggZ+
zYEpmAJ6Z!9kK~}cI!Bb|53k<^t{-^tdNRs`PD^Ya%L?wXkI;?7mF_>86j={mloW$@
z6~urO(=_8Mr$#5Ja3mh8Egp+^FC-y+LBqS?$0J#G<6>xVWYSAz7d92{7U<$*oLQqs
zabpJ~IIhOTpK>hX^I&@h7cH=!QSwrh@TMDjH}ACL)xYiPt&Drl>VKIlTI`_c(|YNw
zAH4rbl^}1{x-fN<fZgpC%Zq&{HH@gwqjEE8eUER$GxiVb*|{0S#Uw^2UcY~E;?GbK
zGnW7p>WY1K*=9rz&OB9GMs>XV;oEJsk=mxWY~{FQ<v3`yG1NBuJpHE^Js?o>dhPp(
z8%xi0*7Jd;y2Z76=T?qqRvX--P&x9M_~njlVq+rNd=y%lt+WmQF$4K?JzQdj)S(lQ
z`+nMLBZT?Ae&KJ|h=On}g+u-`4^Odoq8ooSkXoK+$BJvD@mS7?EFZx@F~C%*U&iyw
z0OaoB*Ry}Y48Itp=*L=-4>7VPqsCrL>tRP$p5(X-S_`m*z?Bph>`%&Gh@wR6o?g^T
z&V$qXYnLzb9PaXr=3nxy@5NqGisnx9qs;?@q_xA%r?%dp(mIVJT|b!yWq2e^j*7nV
z?g8+h&st?EMjQBjds=G<c4K2!E;LN1c9#xU@Cz{`b?u((^n^ec0{e;r;@WwM3t5m6
z1NUv8Bo%Hs?1LzjrWCD{3Bm*}gz5xSn&(-4I>oN(s?y-0l#)mGQDg>}8~lbp6iS@$
zM6i>UJX!dRGOgW3hg->4P~@fXkGJZD8^Y$bY`p|z^f`Y~(<)M1WQJbhU`IbK?iu~e
zMDdIr`TE7fn)tMzfr*8v@<>4U%f#v?H&XRF_&z*gL@rC_RswsJcZ$xH-ryu8N$36R
z7EKM1ys7Bs>s_kU*Jk1Ki{jr>t**Vm7h8!ftDCk_H%QPxyZK+Q`~tA~WmIj7%~_3X
z`o?Db`RFK|^^-tylPY-f*jjMd?z%r)8}Em}HjWSYcPB+{L$7zV@d{Sw)Lt?iN9bT(
zq~A-Wl65zUJE^zO(Gm!QD(1ln;|u3es}1^mMnvsDknZowqp`ww&sbc2H=paa8)%M>
zpTSwOpOGJt)6~?A4s`g!T>Ri;`@le3(pk&cC5huo;KV=^vVApj4h}mMa$QSuc*XBR
zD&$Rks9yh!6LsG}LO<H^6aF3iS{xeK^;x}N4R;3aX(<_lT!ejgCibLh2n-8DoOBXP
zBWo$Z04z2!hWB?VL$J}Lr054z%8m$Xjm$rIkIbOH*(u2Fj=K#XnW?<j3pAQP3<YWx
z^0^4MgyKIm$o{)-v|1$p3M~`Ha-JPC^lqd_1$d9cKWHGyN@a{cOYF&1ij&8+5Sr2)
zQr)X0(Sk*O=`>XZe<6Geh1RaAMswW!MODm+<DZ=WZ2$fC?jWhA2ya^QUrmg4?3Iv~
zni^We1+xS&??r|FqwXyKH%Ca8(HNpmQ!pK?f74wcTbYoS%a@v%2EIyEFk3JL=ps4I
zCsi=k`|D%RY37cOT1a)lvHHRNeS^r`A!+yO(4sylnIoQ-&iH!<>rn9S!ta<c$s|0H
zwPj~KADQ=|eH^$}={ec>(sX8V@Fy+utJfj3sKFkQ)z5wK_oe%FRP>PnLMy@j!i3oQ
z-R`8RJT|ZJifExZOeJZhtxqY*3M<%k$@$-8!11GDr9-wT6SsllyD)m{8d{hebq$j|
zze|XEF^_z0gf|7ugqOcX`_^*&&ajqSPkMWOfxh&x-2X9k-qCEo@Bc4~qIegjs%UG~
zh&`%SRn;o0YHzh??G;j0Rkdob5?hU!u}Re4dk4|lGiD+r^3CUu-#NdWobx)#x&KJc
z^*Y!6y07c`d|VGf-5)r%KFZoz{TB3jYGkJ?y!o@*P5ks>#3PP^+8W4PN3+Kd{7RZ=
zN+KWm5fXe^)g)`V{6du|OcxWi_d3#r1TeNYfh3_Z?UaW;MRP{&Iu*RW>9>Kdy-gqa
zVD>sdt^TG)F5)5Zqc<VJ^H5Ei%8{#=XmSVEc{;VHN2F0N>83=(CV@UO$$um!&dYBo
zSF1L)-D=Zv(Sr(k_brij#|eo;#fB#B=-;#%A{E&Se09wbTe#ogYWw3#bL-S?8L#X-
zg*k(|nwUq!^pzuKbmOgxbV4Xdlp{xxjr%cvCYU4kDVQV{!SsTF-y-2VTce2{<cS&v
zZ5S{t_4rT7FJM0NGBQfP|Ni4n4qRXH@|B}h?O{)o(RjewZB7h<+)DQHp$@l|#qeq7
zs_fO|Nm9tmCG7csq6nX?nU1;qsFDVjx9u!vCs1Dh?MFXS(Rmy3^-iU@h>c%x^O#`^
z>XGw(;=-H5G}rYM%oV=VO|CQ=QhFKY)A%Boaz`;6GsSq+eIwrzt<br?NVIC!N~n<z
zBDF+FEDySP{m;ZUVr-)we|T962Dvty)??A65`Tjs)hsu`rqW+C;wD%OU5xvI0YX)T
zTdr=-jMrQ??4M@*;Yqs<GyaEcgW&pT1<k7&4o7^OR>8Ye*T!GpwSPK>U*%e%bM}Yl
ziT$h<fxYKsd7G;)b6!pg?DLoK0#BNAS6c5S8Rws1b3G|S)b%8iJUN&GV&<I36VbR#
zEokx9>dq?ZG4K9d*ZYa`yHJ6NR_fQGee|Z);d4}`{q9d8^w1;3YrIp&u}Ahu1USya
zpFg_EtVvfA#`70JY3LWMy{ee0F7v6)I9Gn6YwicscA~&n(j$Qk;D7knB>5^l)xR}J
zyCBqi*Wr}j&6ZOA<`C2=&TBiM^{+#vHL7c!@YJ28Z<HncLTx!fyN?Cf^~mbyIbfWb
zD4UD|5}?;4h3rG6O)B?5PcJ3rB)yba#~B%MS%9_RoRGLB&z3b2Wu>#G98}=T2}XVB
z(e=CEnJ&6Cg1x|J4BNVQomy1qLcZDo&sMq6&J<1%3R7VxcFgy);yX}uQb}|hzH6b?
z+FSmfCvBkGqvQ9M3Tts4MkApApts4~??Ua^<G>(=TUdYah57gHCR<=(KxUl%9V$N)
z9f~7Dgl`L5Z##{$py-4q74l^TDa5z%xe_j~comd!u4HZCq4@R+8IggkoeNk{OB}z`
z$CY3|Ce1c37Q%~iXJ3~d%itKDOT3Nq8i=%;BBOJY9&6dth)s5UAVzxD_~3y_Z$^Nm
z2u$2&<L%33+g8PrDv&y7q*$kWY?QPvqEFpN&Q@>(tB@tMP$T<W=rP-C>Ptasr#kD+
zt-QL&qE(cMydUcuEMD?=U$vS1I!m+{fO~O#3i;XxN}n}vH~AH_xOU;e-0w@`1j$xK
zbn;H%h?kf4ti5f_SfD)<%5-D@mixp{H4!H+ilzUY)+v^rJLQ|bHtng-2kkm76WE~-
zCPu;z*>20Zy||oel%%Q+_I??o&?_&pV<racb+0{2*968OpQ2-Q*PD`hEiReypN-SQ
z{()Y)b>9;hC$nV>=J4j{r+_`1NTLOv<k_>Hs*?cbiFFZ3C-GzpASicV(VI?2*oLG=
zFtdH^NO;@VBzgYiP(~gh{bJIQW$@f2iPFB4O<;EJq)l4KnZ5LUMI9L#d{lHQBwY*!
zx*j<t%l}2SFe$}exuu>f!HPYl&f$HYQX*}VVSH!aOzpE~y|6oxuZ|D`@!?Jr?Pk4V
zKW~|qhKt;X(vev)JK?{{pDMG7PiVemlbR54@_ENQ)t(p0>U5Z=nyMYonN^{Xr<z6%
zt{|R>VSgD%*JD3%afaVq)hwXB@-CFzAZ$f0xPH@J3Xc|#cd@<}n-tf4P92-J*K?oe
z^o1Ke*_^s5U>?LOB#<mGh~u7Lwcf<jmoz=q_xgq!3XbldJ=^FYvlJ$Dnqj{;Zx4__
z{@sfp`ZA=Pws)4An4l+W5PLIPSgO&319+Z+!Gk?rtkHu#dee$<PbNutxQH*?TsE~H
zXDo&L!EM)^l9-{G76R$6q?yd^Nj2sS-z*pRLwd3>tCmKz>w`aNl0n1_defBvVROTf
zVAoKjApUe+wn{X~6P6gWUrfPrQgx(<(-S?ydBN5CNCm!N`5l$K<QxMNISpO%&`!S7
zWZ(#e0<<N%|ApkyzMo>&ibwMNZ+}kqUBQ4?il+OeZ_JL)>LhsghM!p5b9&<a4as3~
z)(1Hn{uMqbuXBefgF2ZVsWytudAuECOwoxKT0vT|`iW;7w@&rf)H~!It(x6gvI><9
z*7p@lZ9;u9(3)1x!oabIhQsGI1sqW~?<;KFaYx28;FeASjC8Gn<Wc&{;Z9Csy}c*X
z*WV#g($*y(4><E$0`^w^0k^jUv#KWSejQSoTgE=Yf6_{RXhnGERdZ=VZ~T_h4-X=}
zR)#mgCL%rU!@NfK<}V?3dl`Mz>18&l8J-lTcb%jtOrJW1!Ji3EzdSpH3Y!U^pqPdY
zi%!f^A+Oe1=0Fomv{3(v*1J%SiQs@A_H4HyIODVB?QP`c)(NHEv4yhzr&}T?8aquO
zDX`CE(_Nro3UIi;>30(Zp8C)1Dr5`2ep7uZed@(1=lTx;VMM;j<p$;RraeD7Y>f8A
zU#6YQ_=Iu8`;Q^)$Pyw4Vv~P|aGjN5Hcy$Ew|T&L@mYSNj+U5*>+V9mC&ZPf`^hRv
z04i$hC!m*FoKCi-|0x?&rc;O1ksSBZNtdB)1eUNOsh*djIRwSHD>c(<!R`S*dY_w)
z<Xv;?j*VDVc~@iJplbgf$ll!)tAA$N2YL^yWmd{UO1XH}{`>EE?)%>pUU11}t@eSM
zFWNskUa3fiyHm{`avOOpr(GHMX?*TP`_iYBGOVTNd^k1SN}TT(Lm)mpa~9FF%9lN=
ztbwORfrmIUjwaon^BV};Ppj=I_WL+>%z(Q>BmM4vWhhGMF~3Tig2OBWcrW{@6zk|i
z{;<ShPk7;!ZI%-`LuBZ`;!Sz-#4WL0xriNG6umihMN|_Oc4)CQg*K`#`#0ozjXx&f
zwS_W8J*=v+S(k$%+w+VbIRU!3Ez8QYiz4w2z2MmEVqe4hfe#cGl|>@jwagk(`41E)
z$6qPo+oLUt(gByClEx^_K1{wy)`A8jvYyXQml?JRa>hgcL%xUAqMtnLZ<;COxds6%
zUI*RueRO0oK@oZ}ABK6h2Uxi&hd!r&J4Ftze`GP)dBo$9Gj@`aI;Qu}a6VDd+8|Ey
zL}puIn`IaOo6Z=kH~D}jgl?Z@Y3Dz<;Ct?0%ICNHj0=9}P0Q!urhYaa2m;{$UE>Cf
z${#o{y{V;}&R76N71obi4IL>q^KJSFNK0;7$xvam>Rt+7o0^}UDGTD4f=5MWFUc^9
z%>*tdFNy3$^W<3Y9sP04@0>NF|GN0w@aA0g2<F`#pWE$HYZmrhzSR>*?f77h)Bk{1
zZTu&Bw8W&(L9_JOY5q<KDCt?bctF#q20mqWg1SD3M~6etnpv+g<MsUxkk|eT4bJFV
zhWFg4cShqMwrMxFF_IOIm7bN^X-Js_!Wr8ECZ1|lq$t5If+%=068y2~Uo&up`-vo4
z_xB1b5q#vx;K|i!ZZe%3H_l|Ga<zXS3<^ehhN{;G9ME$14Eotx6_r~Ivk)5RDMy)l
z50`1rIqH3tZ=3pktmc?^ja+y!Q!AmXqfq5DS$5-8n^8BJ(e2WC%`vW?wzoM+7Y*Ho
zXpzy<frsa)DTkY}+TZk1Ku{O0fu8$a{<Xu7x=cXB-a2+J^zH7CpB}&;yO-CT>P`Gj
zi`**ex&G^B{4n;c9?8RT4++olz@-V(^KIJE10H3*y9?nBeH8)Gnvn%n4Q1+xvkC`)
z=p@|rR5*g-xZH+HkCq8Kmqyy19tHCy-&1Xwbg4K5{RYZN*MG=aCYDnr;hFGp_MJA4
ziT5I&4rY~07ao(AGIW+Afftx0F8}6~Il-)mRhbfCQm0H<WIfRPPj<bXI46ui<{p@K
z@hG9UDWx!bk<%$23~DQs4Kw^H6EfX^TjI)Il))Xv+|~y+9pzf1=KM%R2n!BdvRQWD
zcsORF-jN(jXFj5yT~(@zP)u5^%oRCG9d+E^j`?bGt7dgNYcc#zotgTO?9-)J-x5*|
zlqWd38DE5(h*oFj$j0C{?J~YBxBRdY&#&;swcc3~F?kDDF^v!Mpc2UxQ)>6^`*M8B
z%JL-tI<sYH6F0`OVvwKx^a%3H+j;F_v|IvG*JKp+d3gk6OZaHvq^q7EgY*<5w8Rqz
zH|O8aRPZ{>C&yrU-Y|V)C6v9FKCTm?UOv!A-M9S1TD6u!^SrcRk<c#8qo|*J*3YCf
zPN-fje*Kce$EpKghxR|JP}>wFcOZylFUoyw*^{POX;Sm_3|Y{`98UHbi`0}?&-5Kq
zYhX)6J)E`UT|Wa&=0+@wq_F1*$4t8s`*3gbo`hCsWOAIO3jgSVK&#xv)kD5(?EqeQ
zWouTz)?s^;$hJjRzJ+hE(YXP5pW@)hR9BQaO9A<GSHC$;9@gr%C`O_ET4cL$d+KFD
z?=NqvsKH;^uWrGoZZSLEVj+DDXrIx}&3?2KWcjWA*7By|r^WM-cg-JYg}ITVQ7Gyg
zzVUN4_N!r1xH-#O`};<`<v>hrhAxZWWd&j6AE7-f-7tqW20I?3O&D2I5~0O?=-2tG
zJIndd`H?VD%k!t{;^E@8LYAkiuqb1di$kdwyWSW6)qI-W<lgKlQN-unw&qO4uzWw$
z^B?;)T8cd_V|vS9Pg=`O;(U@EAk|FKS3|2uGRS{tO|;IT7|Hs2dubsrPGEb_*WOzB
z(F{0S7N4z*#=+EZFBTN8@$~1-Pm;=2+CLbIB8mIqBCLK&!}eqP?Sw@kIDsmbd*^M|
zUiqF<p8KmCe=(}>0gu{0uDLTG9XgU{s0jO&EvFcn$7n^v+Jc_;-EA-vcM8Ht*IT`i
z1J^<GDaO#6;i;ik5+TEy;NY;jEiuzo_ccyRP(}SUmG1Bn-vl;?va5dW#zE?hp-tcj
z17vJ6FGN|%qC(<?_wyXp!vv`<%P#tBC!x}Cj*gbh6`}Le=V>ZcVi|2rvn4H5&JvB!
zt3w1Y)jF+El}DR@_Noqi`7`OI>tkkH9ffB1ILLz+Ba;2LuR#;-d7FFZ3rw2hxwSAt
zg!h&Oa)hJUua*Znh_7F)3;Dqvk(6k}jDBVSMIv0H`*m|KKC7vZ@spuiQ_1Qnu7CV4
z9H8uDn6@jl6pq&ZuSSoaw0<q#!Jlq6<Rk1v(W?4Jktm008ZJ&@lBx&aBWN-b+JeLO
zq70AIl_rFi<xr%MyOMu#G|(x^kr36eo8puGLv5P{AguvKx&=<28OXI}#x<bTEt|*h
zCfk!`bL<l$Sz`-^HmL>uNhcIJCAd%mbk)`|NM$y5nFKWtLbr^kv&3*g2zR|_(n6ZU
z^B*dD5GhFv$k~to=1<vT&@&6MsS9l}_T6s~_4$*x5;6XQY0^#ee*D6JGV+5Ize+BO
zNL6@-2~#H+mq1j8JS{Xg<VM|y-CgYvOu7)}2pV5RT3FhYdC1c)NPF@7{=WIG)vkc-
zMZsiyqyDk4Kh1ZT(^{Wj$alv0uA^k?ht^<Bf)>nC{l2R*U(XjgrRqbTA>H)hG@&=C
z!v)>R9~QHZzi5?RHfJi>0z%?W52~y&|9*r^L8~)UUv$^4D!Q)2XpBz?VhJHhUXhn+
zC(nI(JTPNE+%nb4iyaMTtV1GfA4TKN=VU83VG(Vku!s*O6D(q2a5qO5T7VKTY_~Ms
z!B=}mf%aV_8V+A0e1u`nrXe~aHLZlz5r(obJ}tY*d?0vfnVyZZqzRUpqv_|7IMZSZ
zRb3Wr88KilsH$akpTL;TV)t#5VD}GSM2ol4HP}cUKc#GFaQYkP?|#`*Nh|ZWU$myc
z@)k1$V#ad;xVHfb88`36ADC~xfz`G~5zI$r9Oh3SXdaQvPf?<?1X}>FR~Rk3WvW<C
z0n8?EYfOBt*hIaXYr($N8QDL}OpKYo8jW>+0*fgv%dP+WM2L-fcN>%H!zer-YV{pO
za~!I?CP%#%Mh@B!sxrDQV#*=&+nnLflc!9y;K2t)9?}v#=o;3AJ8kJFJKPJm+I+~&
z`gk50^y*_0otF=6^X$AEBY~{jX9S*sZ6mR?-MhG6gZS0&Ib4~9^EX07yH`EF!2un5
z%IaF%BZ<A&{&1s;3&LeD(w6crwj;;E;;}YrxgXEjnN4v2WD$u3ky-7*As6~XBJ@5u
zK3wc#9bKQo+iW*_75Ay?R07kBHdAhA$8H?#&8dG#1GAib{z~y(j<0muK2B}7>(z*0
z|B<u@V$i0bH{qFQNQX3Qmp1u70o+&jq4byMH~du96CrO3ax<w-dw#dX1>q<+QmMmQ
z+ctuNQ)fIYJO7zKHA%N(E{1F5hC#SPNv1rhH$X=-r+oN<gmbCz^ZL>>#R-QNcmO|D
zWl)#ecXW(u-i6gf*PFN((6B>E>{Rh5_*cU&LH9|l3WRy};Gh>1{*T#Ue%d$g$wYas
zyN&9YZ`^*wE+9JOv2MAUad=@UXuv!3FtSgFs^$&Y^KZbNlw#cSwzE;-j^z=dHR|7N
z<0EFJ;wRPyq0RtGfn$I}dnVwiEYYUU=eqM~@u4POLOt+-#K!gC%))>6E{-OWybA0)
zO2BQ;`g-%0Bj5ZB{NRTol=79WCPA-iP#TypCixZ@$<9>$W*y1+3v8!Ddr8wt;K2gi
z$Ne^%&VSp1R|<2K;z%Td-_RhsK873HK13`4Ouk%V^_MCplvK<z(tVc@Job_c%OXiR
zco+LhQU`<{;NbNX_ULDd9uy+~xXnrh!yOfF^rBSNf{R7txJL|_8Qku3pMW$K4=FAB
zX4E>Tg8HWT1s;ZT_W``lWceEK*E3=N>C0x3fRWbtFVVg44%*v}MV{TA2z@s5z&?bF
z{<7Kfp>5rA!<PzHmc*fZ$}NzMd=b6R^DX%yRP!b~GcN2#DpeZ-8ZYMG%{bZ1oLGI3
zWoTqM^l_vy>p}LJxqDG?^@!g@&a%FJ*)&FK$ZEHm&|=l}dR}s&U8$}%==yVJQ@*Og
z{G#xmU;l!NrlRp5?P%K0?^-JYI||PR0umCzY77p%qBNRNZ;pV#p<QwZZ%rCAm5-R`
zg9}nUR?B>uRwVFqFYCq?M8Q#6qo!{r|3O(G4l!S2W%3nW)QU25KDMHxnvbMim+oOW
zX7QL=+WVlvTC!l+(fQ~lt0IqyZ@;G6_Jt46srV;LPK;Xmd!RGTu>8|ICC_3SH6CME
zh#1XOfU^ze*Xw{Iz{%UQb=}ERta9To59>yVvkhvpwNA$9n1p({9_iHVsQV&y+i!>H
zZmpp&qtBIqfReosug1i%QE9I3xfHQ(=j-*jc=%?P`(A(SW4yZbp@4O;Ohb*qGO8<)
zL)4A`mGB)A_0&oWc^#j0trJgYn|w+7_~Z?)T&s>}{J|7pf`u;<8Y%VO?2&IHv*kw_
zLii#+Pg>W~_nWhfZeKX7QHhPmbNLKb(3dd6KJ%<hXK-AO_apE_>n-`pRG+c)VGY-n
z2cn2!Gw4FIVCj7>zKd~R(7W#P>my?vj?6fM9N;E}L3E5wD&9mTwWhf?{!z9T$Uu%y
z8!H{XSPy#BdL;ib?#7L)23#3PMx>h2C@Jav6yW|N^>=-%ziDjTtmI(*&2@oI5kO(0
zYq@GLG-E36L}IziG#2fY!@==>Q#uEc_(<!`Qmu$-hV4FPs|lKOh5?69zL*lX4+&(O
z;sKH4F>*`Y{XbVRAi#88)Y%yvZmqx$ZIq+uN+{qnT`-eu)cF|;P^;CSCCM(@lrfF&
z;ERL&+<zOAiF>InLX}`5YvKx{7a+px_{^Z8`tkhkHlIP!t@Nki@H@C%E@x!Qx)bMl
zV^1#Q@%{I!J%NbQ!L-yUH3|n(pEVgkWhQQNPiWYAYSui-o5EL0M3g8Zar0z?@F%sh
zokyB5z*{~mD$tEIjxnQU7oT8c+34#&7fEtB-Pl=wvcD;d?9~r}`Q;STiMvfG{}w7%
z-$s-|GNZVIFPY{?!mQ)<On!4#`SWUVCZDUk9M|aVbY`FE8`d5hVs&f3OX|ZYs<rB2
zL*Q9C{h+pK&hY8>NM6Us;(gwO>#dLJK~E^|A_<VcV;?qJnkB8D!oLu5N0V0~JlRe#
zR2<D$X)h~}hV4_W#%LFhbV=JZ-MCkbDCHZfHW359g1QyMWYV8p+Hi1N7^q;EBHeh-
zXQ)+~QdIw1)I<GS<&YSpqt&lTovFhC^n{@ghaYaLT_s7*9X<V(%hg1ASRdb=7=5n5
z39Wf_6a#;i3mgBHdkt?_Ir(Zf^Sr<};YfToo&Spc2j_A@pJIk*Y+GA6q3aO7R&kRZ
zM4N||{Zi+5QxU1Ew}`H;`32TB9vOdby~TwxtqXzIb|qRZ1M0tA_ueO~AKr8fIFZ|B
z$aKiiG8$NIo181;u#OMLWmRQ-TmV^CAVOQS&jXyx<ZU{Hd0a};(lqv-N497m=8%mH
zaN#N=uP&(e(PNEHD9s`*y4j)A<MZKH?#X!Jy?`{Z0{4zfNzi+tF=~VA->;WyeDDVc
z(PDmQUq_qoBfYO6?k%#H%yPryIwgv$AV_lP*;!pi_l$7ZTHF}Ae#CgG$@E_)abz(o
z7hG!`PmA>7-=qqgJ!+T|QYo>;4Bay99mnmx@UN;Db8m{Dz2&pvrgV1N<~Jq^iNhsl
zeC&Lyq{e1dhn4TeP)#BG!|)(nxq@@{Z69hhw<^L)6|KyXyS=?lf)4QsfZMrN^}$K!
z)+pybO5H`CCgCbSpXWy;)e0=J<)$t6Xq2KTa%G0c55?$)@IUS|{e2zw`O0b&j9$5P
zTf0lbw+7aPl1@<gNt%MB!=-O6Jp#bB8hk1RCaz!3UjwnqF@W<J6z3OavaJ6IjL<;#
zI5_Bz>6|5K0>j;`v>IisJAbtpn(RG%<&l<VByh<%7malcPjk!Lj7W3HOZ}YIq9f!;
z?j)OsANerG#y6yapP_@n{H9TS<7yL>oc|#tsiC$+^%4&Uw1Dzg1I>wJ1bqC7(xwT;
zO%Y`;x{Lx~pvJXqI3dpAYZ<S6e9eA(b_v1@^Vn7(nPR>y$&(<THtE1eV?IyQ{rb<s
zV)&&iu^5bTnGo=g37w`k#d_4{w7#qmpSV&!d+5ZK*Kov)m_Do3+FdxT3?0zrx`z{k
z+(cvi$!}r@{eJa%(*;WWX&aDC>y>$>^@j!j#duC&;-BSz+uy*)=-Xg6?(XY5C<DUZ
zAi}06QTat5MOksnI46Xj-cXMCJSZn`oPV9?N$|Qd#^J53{n|Oq$4)OnME4+K$)738
z)8-6!aIx-;%;u@>_<jWn`r3mo=;bfP38Y_|JcBf8Rn^sG8}46J0StqUIz8KIj2DM-
zZo-H8ES8(k9OkYWRDE7{$M%V6%wL+wU@3*uh$z{0b0OLD-3hcjd8gaxS^Zhr7$7Z!
z7dg(UF=PTc6nhaan}l)%Jy|^IG3espT8n5O{DcDcv#GUCW#bP}DMxb^LKt4DZyi(#
z1RT}I3M4E|dsnz+$gT;ISATYLt-FR{dD-|L`Ri|`Cr~<cnqmZ4*#IVfKCJW%vz?Z)
z0rg)6!odn!o6B33zkJ+>GRa03#Ff~%*=Bqg-m1jL&~QsPx<GzGIu8Oz#^3J(V0eZR
zhDpl9SA&-AJ%vlvDwwvEItQhYA80blwBe6Y!czToo7==T2?|q>(o;YhAN|hlP~OuB
zlQZZXxy}J2l;x2^;8>C(2>$TWG8$E?m#Jjt@kGh{tEhv+Zern2PP4y{m(B#0&Zu5|
zeE?Sjefy)!#AulLtm&c0`gCpq<w9a%7&^8_T6bia)XTJrfza~4*(I+}>DnqiNlswz
zI680hfs=EdeZr5cx6)1~g<*e3mq{lWy8Y|aDt)8kk~7aPINL2^0;pRPIH5XZ5Jo87
z#BDq$)Pp^4pOAMEo@Qg3zFZa_8NKmgqf|1}zfS4)E>ZF81{{)L-xZMP@!t4s_%ZMP
zmo1qIO=Z{d|Ax)TO<A1$uRrS?(|-1By@u6{=OL|NKBlbzNPT8!bc^k_%?YA{B5j-2
z6*=V#6pR!$?we1xKh5}BF-rMGl49s5jDEMCVZgs`WU@`BAIv=|CTaDH#F{y5*OBvQ
z<uAU(R0;xzYC+R&TnIyyx#mS>&OtINx#~%x-#727q#nIO@2$x|GKbSaxy5R(on?#*
zA7<6itnEc?v&s#(*K-c93KZdK^)Csr_(72?fQBW7*%4n-8wZJ*$C8q{=2eTFNyxLD
zYe%g)?t5oU(S)GrZzkj;jgfLDJXm>m-*5aOzxhAQl8zXTj54-V$MBR)_T#iN6Iu!&
zDiH8T`O056Ku$`X_ebYja!sH|pK&DdVG0AJ5Gyq<IbB7k&^*>d`Rtb{5(`eFat0_4
zAP4wojJ)?Vlx3o|1gYZBrM=6nS4H>PuvXPv<c+eR%yA^$M?$-53VbrpAnoV_ik!y&
z88Z@2ZlzZCJ)PXNDV%8V0f!rsE?Jjlc#=DD6{Ef3?7$%Uw{U_y!I%Hu_>avWq=2QD
zF_eHKliEuDJRU_?<eQ+iVQHc#IIXns<T8L5JqP=clfPz@_0!d;XP<0y5&Sy>`Br&E
zjRupO$Yfp|URB74)G1e{S6ZDMKnjgKtu03@T_$w~w8IF>TC<Zx0%#h^5-qQMK;w;$
zo7|-Ul4+QzS&t)X*0Yc=*~lO(?-FVvCS+FcDjo&mjE)UZ4XaJ`w*o{%`Q*?czLrl-
z^l8N<)x7(qAFJ@g;~!Omd`s#FrkJglx`)QR$gVN(tsPXh&XX#Y^lhy~Q}q4Qe+_9|
zsVj*_c`OaiB~@Cb@gS$UjZw}8YNBwD)xofr+pK5Y7m_<VAzv<SPw+~jYMzUOY2V0v
zN{Vv7$!SE{ot#UC7A4bZ9jy+&7%Zt#{o=gP<WI5Klr+YE!E>H??O)zV<YhfVP>BB=
zt9LGSVKYv$cV&A<0y@CUnJ{Aaat|vHEC(NQF8E+b>o=4KUb?LN<TRW#NxMJ7h*YZS
z9@^0i5X*!0-nm2`k*&3%VIjn6yxqu9$7=*E+y*L-!*W>9&A5IH+cMDSIJ;-1Y$@sV
z@ut38V#_Cd7o*&y5Dqlrxj6U_g#|wjTCe%|&4EC&bqw||M}LbLI}rGDKnu;ipHQH5
zBN3`l#rT{G`4(hx_gdyW+4Hr6Fa>n=f0ujET+fkU^A|f7$nUOBbWZpGw(*{eOdV1a
zv`>@*YOy7L4w*+;+uk;Z=TGD4ozM3T<ec2|7IOf1-v@0UFw84WT+u>n2obos$pKy_
zGSmIZHr{_RJ|RD^fC8v)CZH~EwaU3El>gI^&Jxc~nL%FaL#MC_=^XB~Hb$s7d)(ZP
z;zYTvzsa6n;iVzF1YVqv)0^M9^nl^~_uYy2%F_wq<`WcKF&EEBAt0D>g80O@t(Z`A
z+NEbs{3VLQOjpe`KpUFZ?O_uI%-;jK@_N5CE_~g#d~k~!_FL>ggk>QC!gS12@&oJe
zB`rxHzEHkPtARsJ{zd`D0=I+c^ZYZDJ+BMU<+JK7PQuqW!-{eqCnjdmQ*W{;H72j<
zdN+Aw#?c22h*#AAOzOO%tRx+%^}IyfXUG{}L!8+C2N!_dgwlrM5II88XiSrqD6Mn^
zCC}C3R|1QuO2R@f-O1%5acfdIjgoeJqR_eQyCH1gx!62XyUK9IIWoT3wosAc(JNk<
zfNLGpt_t=~x_z@zV{xGWPYIN{nK>-+O@d{p^wusz!cy^`T0fwEHlh3vm?~4#|LJ(X
zAp6B8Ksr>GdW2(Of?j=oRpgK4`DX0nP>sVxG%Z?0X`vTZ6g&#`z^r`p-@ZYsH|+)j
z*i(CzTM7M$>rOv|6~cP@by#-F*AyXs{>8dF)i;|zcz6VeZ(bfA9xcuPy#zF~Bo|NX
z7Yb}u|2JU6IO%Eoy`Px0`v3vWv=1LDe;e!7+Nvh|g^ka*Y{QV4Rg3~EBry!h;f%7x
zTm<J5s?T0j`;6@$V>!KfPUIFGKZvk5+TYog1Itw^7xd+U^P=c~0<OLmSqe$7&eKU-
z3X5WLYa&voTLurs-}+dLryR_l?_Vo1nQx4+XC3<duoH^!MnAFOz$%?@`vlbZ*RdH@
zCn4f`^Zg5-Zq-U#r&!f}>_R7F+V1fDor)fhV(r|$9X}a1MDAW4{sygok9hA@qNk-N
zLesOh#~x0&cuJ1v#O2K{JLUSkP_BSa%FkciTaEj>EgE)1wzDF0Xq`<CcGh*!epkr-
z9lG^J$)->i?>oT&fIfPI;>$k!aL071@Ayo%m<VEcbPN$4OK;k7Oi;a!aP(d8L5x=X
z*4#DpVebz&teZ8@eLXQm3&bffObj))R=2%6#u$GZez}iyX+)O4WLt9agiHNH9M46k
zhunQ`u<39O;C*EvFgzOiiP<TWcI!%m0#NwJJpS%P9RO-RaVi9TIzde<$w9aWO`^bD
z?2v)d$(v}Pi*h4Gx7*f3CvGKDq8~#rF0|tLLeuY?^$!NopuSZO1Wgb@R&JrL&`G#?
z!C<5_OBA(K6m#Axy!wa2Da@p0YS(SZskxp%s8ir8M@t%5+ho_p(u99<KKzWnb2+U(
z!o5`C*CxZ;VQiEUw_<!JmNKFI?iR|r`UErWCZ@7AQ!DBtphTb>S=f(MK(A@eqmA!x
zh)ds*b6(d}lPhDykw?lc1Vw#Ed+YVrHHDIHgW4Y`H62*fzhkfVH|lSaoAG)g8ZzWx
z!#L3AlxkyY8}xj^CnS9Fc$odbxo+EEQxpK3=IXlCp_1@ODu0c4pbYu;ZxEGkZ3=XX
z8n%_7<}@V{jUjxm)%71%FsV973+P$^_?G^mA1Mfq4XraXB@UBIiH)!E70sWfq0>v9
zyn2`Os@dz3`Qn_;P#f>5mFA~VW9;vkwl&l76Y$k7X(FdCP)B7=kOC~`pDfOLwaTlz
zfvBJap{KKQ&x7lVuJ`K}w1b1?{ik86?}JPZN?vb3G<6ALE$u>h(t&GVY}|TsX}!Qn
zV)^?hS>AC69n)$b$Jc!SdA<mY>NK<KZqwTy{h_mV#u=y&78@_!%qy1vm>W}}tmP<2
z>h<dq?>G^hlCvJqrs}S6dvTTTa2qNxM6jwkS`T4q^f4V+8JX@{o*iY{y<ezPRoF0)
znG`hT9d$0b*zqBs?>)UL$UO=l_+lj|(b{yZAm>vZPUzw8jiz;4nDAC?NWD-%^9)}s
zrtuQ1c3c{k50PtUbN73xzD(oNCN@AD_GIpOc+|W2Ux(m@PV!@TsqRO4tf)a5$LgOW
zzQyUfo<&KbZ#3>%oPP-q3$T{3`sYS%o2hhhul;9RCxOp|AoV>&I<E5(2jb6qXwbZt
zC_wRQy8Cj+Z$)369ABv8eZzwM21Depu!Ds)e0~M=^LGGab6%CJFu&-JYLh#PaFepb
zuAJcW>*m_lBT_)eEZVdZDAO^K>ckaxmJk5HUO59xeX@ebME^HgTh-=f>Wzp;Uw|vn
zoTaw$c33rCPh27T`-?|c49LTy<<Y*T+Wte7*u^awD(t_2BWbOJ=jj1Qzu}{=Od|*S
zJ$H_<rU8DKY|erG_?vt`%zvLk7z4g7`&_)K&>Sg~>t6NQ+*dlD<vF~&<HSL@1vSnN
z&J>)|QnD}g$6WA)n9Up=?F(7c=_@MO98`F%>H{dY7M$f8Lh{WH&ulwbGzrJo^!oXn
z+ebLdqwf2pf@obd{uu}IsUG|uv>F#@M<<Rc)aN;>F*oJIkcfE9j!|7lIrMg}l8?Qf
zN04_8j?tkxj}mS}wvF;szm9B^aAv%4%N@sFv3OsE_*1yu+3UB+n+<0^!ci>Ra;=?3
zpa=<P{h4Zcp>qCVBHIZ;^0sTEOKoQ%E$QO7EB|f#f9pu^LW1NN*6A<Sx7@2g96RK<
zUm+~H!Q`ekQF7S#$7tgXLH^M6(=bh>XBsO19DlTt>a31@%1N_SqlG1|$IreGo1iA_
z)!|ZL%DMdn62M=2v_DC4y8o398qS#ns9T=3T<}Y3$$wSJ$lq~PnX{C+(k~8AmuQRV
z9N}LWJSx1_LKvyL5yylCFDEj{z3nmAiSEU<`|*YB1unJyT%6wWp$+w7c<WV_PnuCn
zd|ukMD|Jh+OawT_&?hd$KplJ5!K4yYct?&=sS07L7B#(dGK0a;(0{=#w9gBxb>E7d
zU9zZ^X^z5jctP@3gm4bo)?^FU`2?fvYp)l95^qMYo>M~4Cy%c(hV&?4GoE~gbVHsj
zpMG#XY>9iAgk<}I-8=zzBK!i^zak#{wU%$F%IFX)fu9OWq$#%E2<S>V8Sux2Uq384
z6_T6>@dY9}U6%;Ai07kE7rMKF>mQ0i&V_=Zskc|5_Hn$S=@h0%;sK|TYb&maB8BG`
zLo)BKhDT3B`0<-Z8&Uj32`k2_2=!i(s@*v=?KC1Sd$$hv|F0Dk+AKXcY8Fx|_WW6j
z?F+d(1$yQS)40ETzX7#@No}V$-TFpu`iOC|$+Kop#Wd&y?`iEzw%%0qabA6kB?f*@
zq9FuWvC4{<Pw1#izBmaSA|~>Oe@!Xj9#W#i`MR!y0iVFPr|SYLHRmd?R!>AlDOVQ<
zPcP*->wu=KMoHFtiic3v%M+1}<gsr;i6fA(vtLpM{w&jl*w5vkGtW>tm8nZXXVew+
zzh`#H3c@C-ZmvWET*TVvtM1H;a3o&D{0=nG;8+}N{K<)bt060Nv%CN3$YqO&Z~Ock
zMWoGoSs_2ny|M0l>#^YleC5XKV=_NH^nyAzMTKoqn1jnGNn|)oqqy57D)wXT>YwFl
zHm;=+=ILd6ah~;Zs|9zd&R=r%iJ@;oLQ0#@M9{B?@kG$v0}_W_leh!3p>5}+i}qfa
zyzB@Y^qjs46tADUn$4#e72?=s3AeZPdA_K}+8K?Qd0?xy8J_!LamPtb&#LT}=e<B5
zm8}D_FDetCq*D$?JARgh#~#FP-3o<+Y&W?=o{Ev61N^wm7?WiDigTZ663OL}psc{Q
z4`h6&C(#H)vQFo~WjC|9FKH*=<Pa`%^m@5654E>hla&R7x?y8fN^Hmq<R=-v^l+m^
z&)n&XmoZ3`PMAob7T~la1*R2*O86O8ZK6mAy|fHCbzTEB3^+y@9=?agPJyQ1hiMYD
z(}_35|66;aP5@{T%U7Ubd+Z-Gm&9=j$Wk$owV2RYj7zye2oLM-!rdEpgO#<gaUI%f
zyR;%6cJ%KS1B7X0!0sudjyatJ>YjE{V<jz)nSy3zZy9tuh{x(^aIrvyjC36n2Uv8P
zSNIn)kixF#=<auq;Z3rN>fedQN$z6ZIipx3lS%^{Gbl;@8Tt+SiB0a)KhR(6@=Jf;
zdW=vRD|tBEA^7`_ys1ih37=v%bf~eMzeCSHFXCOb2`?57r0UQRvNt-aTy5cF0hK;R
zAk>Rxat<;F6j|Jo?1J{up2)JSv4HDV^lvy)rtbQ8C4CgYHNUblwexqGv)xK^SIVqy
zwtGO$C`CAHg6y_ior+AenHElWs_M%0=_dC`)VO3FQR{v5DGHmr0gR0|AsK-x#2vWS
zjgF-){A5NP^oTaHf(ee@mK;|cTcEWWTJ2?Fwp%(|j`{wJ4|aOh4!k#!S)q01(D3=d
zcwus=&O}$v<OunAXJQ+#TgWU4pW~LW8lr*?s8D*4^=YLaZ)`x#z?bG3c60A}ZRwHt
zqUHa3avj5|hX!PpD5<Sr&)a~lhd~`@SWbD?H7_XwnDqL;_7W^7R5+a&Xl+x+v~dc+
z#~eAVxF+(cmFjL=3Q}u#JA0FuFM#Qry05R8vCk)3&4)_EWp+)8Q6Fxev&Ry%2=IO}
z>V23<F=$1&9#3Yf+|qONr)g@Q4a;`2YM|9U%BuSQn({$tr+Na<wO5(ls`UOpdir$K
z<k?w5scop#oeqt&iEd(MklzT%h$4<vLI)9z6W9O5h=Jq$mpr1<N^lktl~7|_T#;-F
zU8Ad?`%`*fM$Mox$iG%_uvE&*R@W40s<;^9&_yS3%ONPGgr;M^YpLbE+;5TxwUccN
z!yo4A?XlwN242sT_Y`Q+7~*#-%i}wA^<96|QfWt082z37Cs=HT1sWpC!}Wku!gH_D
zCKcRP%-JX{%Iu&A8Du{GwQRc{mm$Po*)o^ReeHVHG6&_}A@~H;%I#DhxD0aqCO@Ol
z_|CyzPo2R(>@SuoTH1^tQ|SIfHzdoxjvb30?``NDT$ZnG$p8~b#-4qO_5ZJ-19P{M
zC3j)-N>MzgRO8#oe|9OKwxw@4g8ic1GM^4e&m4L$vs6-8t$_IqJp_=qJ_$SwU`39I
z<y;4ic^^d~lpG6ypqxO&CTZz`Cu39L-sj{?w~6=yX(uvBIf&)jm};70{A(l0-?&%)
zZocWVH-qMtB6P0a%ObyMV7HH3GP8aDm{C}+FI(O=jnl$DJPt0+*kt3!^B-+o6XS}z
zLyW89Up{rEAt5Ce=+|fIo0OiJs<1oIhv}zMDK~%9PW7*%+WxmaBy#2xw->%&k>`bg
zO-jI%rT?V^heQ!lNMA9KwpgiQ&<-K>WeYyN+E{pA=N;e-gBWPh4K*3i#8OxnO=5@F
z)0^uKU+{!H4nA1Xv-W6nXSpW9>RX!Ht|Rtjt{Srp*pO)+)5SRuftKPnW3okGPpwnO
z2Dn{gQbsA!RE4gvsEl$;Vr8uo9ryc=dU1Q?oYKFRk?PE!coQ{Uq;i8>Jq4vq3?34m
zxwW#0(+!mflD%;OY;l&uDOXaZ2J>%%!!w&h)0sH~z;Yv>PQ1!0qm>L&$5y&Z<RlJW
zsJcwwC+$YSV(<}1x5PAv4&BP~ZjOCRYeRW>%!*vx(Y(e1Xqe+KfZ@8~!>_|1a+G)!
z#Nt52mtvHwUSTxD@oRLg)^$92=i3|a^hVTkRa?GzBGj~>kX0%W*|doKxTmC+jmj-<
zX3!;{x|>U)`Y^KG<J0Y|AK>v-isk1!n}xSM(wdt-$mvdFk|XIhwyl(7=7Y!~G*G>X
zEmoo_DYaL!wvZNjZ^E`<6gt4P7ViHgPtW9^vK9qo{*7)mU3u|W>yhg<{EXWGT3K3m
zP45ZK9r{)vq*LOu<~{8<hfZ+sg_7Nm$3Epxs^jtuKKobZO@^8CIq5Yic7+M-#Uph!
zn|~UKfe4R~jGnaa62y^i$Zt0EOw-S^+YjDptyYO{Xd^tyK>}NzKTJxiK@z(@vCj#7
zFn!b2&?O9D&mLDrvRS-iKBIK1B=|GEg7oB@;ITV1j1~1}_DkBWtT4~G4Pc%D7}29c
zUpDNjUAuSnC*8;ml;+C@yC{e=OoH3w9zLg&wE|Z6Am2S%#TK2TOQdUk$_ToRh;Fft
z!(_Xrs6zN*av;Z?E=@MHDRebC7U|V~*gc+2CgE<%81ok;Z@;igw$oTixntf$?|nj)
z;ckDZqHPSGxiZxLveB&fWRuGqR=)9Qw&&_HR007EEEmE&E7N)ZWIK-WqV07Oy;e3J
zFk->Y;pwG_<;sG#8AwPJ1yn3`ri0!xx|ZJjODs}|56H#d7?qcwkGR?H`fl6QwVfW&
zOjA-x&}Xdl%haNtfvpyo)ShHSB+2UbpOe&YZ18S9K@N~mm26g_b?s``pY{;DxOw!+
zSqlh`vQhg(ebn$3)20}ax#;)<ZIdJ)Ul{5nFLTT1);jj?UTL=Yqkr6GVD&EUlhb$-
zSF~<66tkVhgOy0fZ2#?hhj_JSvD9-^lL=O*rP$)`E~XZk9(eVG{&THRo4!q1p({^-
zz$Ly^l_*jz+`t<ZNqleBifc59xqU$IV_N5vP{gSJI#^*iYr#>{&`Q+S^j|$;1t=TY
zCz{&9bZS2=MybykG~>ZO<vufx3UYgxay0OMQGY6r-lGmaEcxBHT(3Vt58krUc#zgS
z&a~UtxMPmu;eyl}XuHLp_W&2O`pwf}qT34m35d@o>C;6WcwknAd@hS{LTKlHJL#F?
z1*%%u+YfUtOJyDL0Hm>9q3Q0yD99BGCp^tQF|u*1jyc@YpR$o(eOg0N{RNhPs_3OR
z5d3BN%^#lLC<kt@sJK%o%k$zOZ8z%FGs}K?+JV#8c-bvdgJ`@3W42b%6|c$?SYi6<
zs~3{9LA)Cs`&q`4yPL^w`|@_<+?oYv=NEneQT)6Lkw=Ap8;}w3qNniz`PM=oFPhtC
zEFcQoOy<yMYcL4Yj*aGF81agw3cF#<SRJj=YSw=C2ilHZ=K8~}pp3q_BPuxb&VS0J
z)ZDJ2T88z|b*Q`2ccDK(rgr5+RoT&y!NI#KTkAC3`;`3(8a{JjQ!9TGiPKfyw88b(
zMcZ$&7z}r4wekZTG_1V+oq;&m*%te%T9~){l|ePrG~M<|c<EAjDZPAzO`wx|zWHr@
z9anQ>o}ZJDQ;S?Sw3)_vlB#GnI`>X+b>tWZq+IRfVOz>N_i-^V^)h>5FucVEVD$vR
zptxZRL~hN`nHMMtm9!Sn-8+|dz3DPNMn_<T*;eByEVGhZ|74?$Y8y9qtEho&T}?R0
zL%6E2UTXe!wlQ!Gu^H}Jf9!623b>Da!;SPlcAwc|6H$Wk_}g}{FDp?k2<NiiBZ-JS
zcLxL}Te{hz77&7SvU?8~AE~-a-L0%l&oVA@5`+=J;WrdZK;=To^_PMqhaU}WxiZlJ
z`2_WEn!Fd?^43@@cUuDAUO0GuVDr(k%}e>sHI0L`vv;|Be<WJr(fBDv-MQcer))kw
zn4WcUd!*uKmCn4@+n1|j&RV-Tdq#w^ar!&CkaDg9E-=qZdW>iNs<UmiK>lIn&7ZZ`
zdOcXrV-z_kx6JDH{MYo?8K^tc&C4{bn;pE3Kc|`#ub)CMtMmBarPwD-iSsrS6sL!%
zeWP`=ZO`ln79uAevdE1#&HJ#5eXh5#iVx+(9GaYm!^p@N5-ZMe$5n1b?tAH1`|>2C
z#iEW5IXtktHKPIuVQAlq6x+SjdFc7`u!Hy)Vv%6o<jeoGF)9*U&-PS(Qf4o8%h6!f
zB@p$o<H@7VQ`t=C$<5@MnVlaRGzAsMr4CbFJ1=m~ot&IEmnWq@Q{<B?$-=j#U8cii
zr8FQjV9$Pd5YG8>^9tUlwtW8{;bTkrdB;=_2M^nRCwUe6v7!20FO*Ul?Lj5#*ga?3
zJ-^g=@sWMLTHRNJ_b*WhjZNg8d+mOKekv2VDK5WveUe$z4?^}hcwhTY<||uNds~1x
zC7GT*ibvl_*a>jD+s0toyc>h=oU~Qg;EqxfOsx%ZRQ~sO`v4D1GUQyzv@W&(^vVyO
zzvA8Y8YxV{G{k(RFHW(`r4lNO`4Y4LVc<37C0=2&hl4w_H)f<!M5e&c3<#e^Z`#-e
z;y~6P=A@hhk{yJpR}n)S28ItR>)z&$zdtTjSnL^>4_@qg3@Vcb3sX_wwna(4Dj^k@
zkDo=*L|`(FD94viu1nVTZ*z9U>>Y|8<3~oeJ06@Z>VH9r$yz<VEcb;$(7+;zy3To8
z*tWVS#LDTk*kH#i(o&)<mb%03{?E}6(=&|_Betn#-V6#1;d3=T5S0v(0p$x`hdMsE
z&e;=pDK2M{k*eizT?$sxXnsjZ%qKK|AS9L%2Bttllc0CVAxi)F>S%TqKXJeO7EiCy
z{B3Xjfv$411EpCqu8;u6>m)d)sq@F=e?7(=UnU=meha^cnCm%u92@^%?BAE1m|sj^
z#Ds9kKJ_~{PK-*Z-Hrg|n%ue(JP#!>F(hl@#Xp48|M+6Wsk(2E6KPQvM8u8#Rt2Ti
zeYZiYdr0}51YALImj=*cg$y>cowa}}i<MwmxJp6Fs9vcX%r9JKtc&QSo(hk`PB`G5
zaf%9-4gr(RJ7kup+1iy#=dn7E4YRiY{=Doe!{LUDcThD6?NtX{7d~xn#~5U|J`G~$
z`{#~Y`TzPGZX@?r-EF~wRZ}~u#kDNYsqp#EKecBQJcCfKAyP|CF@eM8>e~Fkz*U3a
z$Mh<jyJn=YxVzuNxGb{1cy<t6Y<08U+N|Zhec1R;{PdpK)hXT!F$#uHQ#7D&7-9Wk
z99bN@SHVE7o3R{#hQA5tCOytXoNbj!OFi^GgXVWcMtwbhu8~CB_bK5YI?b;W2=rH#
z-?u);X+VYk*XY6UmYHMo46K~t1m+men_ON1dUfxt(yId|)pz<7toQJeX0lo$8nhYI
z*Mi>byxS&ztaZT(T#_6cs@sL79c$+X<;FbM+KZ}d%@3O(Yd?bVHl~l4Z9hCsW*_OP
zj>ycDe{K2gLgWBf?_3EFsA99a{L6rdzP_msH=;FzCmoye1g7Dmt<-NhgPx{ev59ht
z`P-J|ax_|dw<*r9iO7TE>%!>fICdu#S>BXdI;<<cwUARATtiFA_-YXP%;PWUrkn~|
z&Ah8-DKuwGDIfG>eQeWiPXc_%l|@*ZnYyJpo1-};YyG=&4t`?n4L@C1?q5naz6giY
zUT&W~|IJTfW>8<4wwr?nzME;go96mD@dWg&y0*fg*d{N!<4w>?5`$v3(YRg}hni)X
zCliSk_ILDTixX;*A066V$Laso&h|-n^c9d#v`Lvbl{?q*YZ`pUSUq2)|FHyHD@r9v
zR&@Ni2k4_C*L0R7Kjpr`Ky1=T$eG*r9Cda8-RTn}f-_^tmkray%{sRYm&Y=$zcpea
zj`KRqVWZ0{TD!_s@dyqFSusv?_2Iz``^iC?LVb}~oz@X~IpZZa^!;*%3lm1UtgHFO
zv*m^CJw9(A{U=IhRH7l_SgPIco?~JVh?ap5@9=Eo<b8oOr~u^q<gQ02vGa<<Cd(?8
zmJ3T&x{AyhL3jJ^17`Q1O^rS9uqEVQ1syy>1ml&m(dw;9|AM4zO_LCAB28UY_$N)Y
z-ijV(h+zx&#6m?=mEF+Ao~nNrVe!V-wECQ(($;C^^Aur8bo=3Nw~Vyi?!{GSZa1GA
z4KsIzsQ@STq%u%^QuWT^vOcPv!Y6+b3mXpp=4)m;Yi9H?o<~cSIft|3x!*mzFVh-_
zZVniVjWB?%{{*h*z)RJIt9LBa65T}X3hC}F`mHC&jrIZ+dF@ydbfp>V6bOuUd@bob
za<*)C$tH|3TaE@{F2`mjt832z=d^T5s4qb7gI~MA&=jFmBh+1m2<=e7o@2TA9jrV|
zT9f%o^uC3AMb+T!L*gil)b~%4x18tZt`m4E=Y@H$mUwCcH}<Pv9nXIu^nd6ZeG>Hb
zbXG#vY1FRl=%dr^H)L0T6;ifLRkE7Cm1y9|))Hi2Z+Pil%D-3Wvn&?4zXk&D{k^nH
zwtR^GE)86q`F7<ce|W>Pq0f~~=D0p+c}NZ*mt2{LYc88TpiltRX0F&-Faku|(?gS6
z1kz$U&UzY*!8uDK+Y}WE(`!iJ0ui&T)Uz^(Cv-j}OM{`skTxHh*g|I;)-J}Kx57wS
z_KQMzjzI1>GQoYQgTI|M&ha+-OTlT)YQM}nf`uyRAv{r<1^SjOZq9o*&;GOYs734y
zVd%)^!!1X{_Y!6<C!l@T^8LFjk1e3XmIFn(bQU`T?&I8<BH%fkn2`zrJUJ4kM&9-k
z8nYlC;vdf3ldvbo3XEn!fUh6C47(Du)X9GyX%_bMM1|93=mTDiq5mX5>+tn%!>GsH
z+yiz;lX-O+vvu}l?J3I4=9N)5n%QC1_>f0IjTfhG^TXBcSMpYEyp|C+lS`Ey8l%IN
z!c%0=rZIPcBI&?VMXS%K!Nbu?lUUB|rX(_0y1=o2c!16wlvFsol1qrvWpHOeq4QhQ
zzBB5xKt=Fd7e>{3y@I(!!tYFrdp*=u)gpH_*<`Gr(L4VX{6CJ)JDRQkapOgmR?&%8
zQ8jC~)Fv%0wd$j4l-jjt?GZ^8)f%PL9x;lly`ok^ZDP*|LJ=$WNFwW(@9&?SlY4V=
za?icF_x*m}&+~eAU7YF{c7<LHo%7k5To?)ql11%#B@R*UC`C*&RVadGTRVAXypS;d
ztrH~S_YHU>^54$2fMXWT#V;XB+$2WalVdgTPH1n93$Q=y!-RBd5)TNPDa1lfjspbz
zpe#8-=cYkFLz}uKF(EHs6W-Vu%@&d&-cCX{k<PdMoaAd>Te}4AmOo?y^Wg!hTQc>4
zf4x4iEMD7G7}vq{n)QR;!E3Z-dR%L^_Wb)}<}KpdPX0bES^x`-nU-#yHNA3gUvF4q
zTn7H;Q`*7nvC`*vE7=-ujh(1yem)l9j@0wizx7XH<@8y}mB+}yFs$qK60PN3xV6a<
zcoL!2o-ALJ!vY+gfmho(GKf<moX&DumCDp}Uj1S;9gZBv$_JSPQtS@NVB6C-3QT*(
zhvW?UInF1;*sQUZ_Se;hFg^xYe_vK(hM6#ISw*}%oe>t*_jh$1_#ZtCc#!KXs}=i6
z%ruP3(I%9bdAxYZ;<n4mQmzP$P7I<6+RW3KI<4tz&C1-~Lv&q1g{lLTjoUQ~!=J<A
zl3pcv!n_sMTkisM*$9|@^ha;}2WMEpjw`%2Gxzr2pvZ@d=K5TjhKm1dA0+BH!&DE}
zXJR&r)EilW0n4qA=lC=>jvO(W+39?~i){Ed(sH>Q^Qbn|3VUgD)ISV0!XB?XXIK5-
z)jXlnmX<IOylc@<R~l2{#PPzt!2p`U-%@Ju`0Zq&<n0VX2V$;Z>*~Ilb5zcNOwMSO
za6?Y-%ZVcs_V}avTGRZDt7yTNqlfT&7=%h9?)8_`Zj#g4<J@N%QV+{}IGYs_NMM!s
zM`Zi2Op_!jl_VE)ZJQez^}k-}c9<=FIW!13>e-rU^m*YU39Jr~M1)^zBS$>?)S&7Q
zp-DfvQQb8y+OI`Iuhz_Q*TP0zoV<<oaqNN_#W9&O-l^UG(rWr`O;-`2KTbV<r%b-$
z3`(lna6S+n_5~)w>D+bQVi=M^9$!yoy7*@_`DAvy+?=xe+2sSim8%_rzCzvtR<rzX
zV#>3#-%6~f=p4B!X+lJln2ONiVhkm|+OjJ7pC7iKN&+(BuV|Sp#QE@WMN01=st(9&
z{}=eum(3A>&6Aw==lVIkER*LMp^Yr3K<osk=T`Hp6kZH&zdejqaf1+F1+-)r&*zf)
zIKo_VJAQvoP*0dG@U*l%K8uj>mXlwNt+D>);UxWf$u!rEH+v!Mx5}#5o61OI@Tw3K
z7r|uMBc6EO@Co62%W1uXNcQNrfH-v{Mx@l-3u2k7$iR72Gh`9#g9&EN=&326pUSuP
z{oA%cCwuC&X*hQ=;Z3jEqMh*P!zU@!mKzyYuuQZSIU}0J;BhiuSMT%}Y@jT<!Lb>+
zk@dDEL%Xs5CX1p-rLpcoJ16>PH%|P;LZa>%nV5ylpI&;hAbAbBS+gL?j9`gEGUfbJ
z$R=c`=^k92?P*a%OfLQuOJGy2??@p&tLG45Q{A?&(lR@SbGkxbC<kwM(z*!zZc=}j
z>{R?c6TgUFNX+$25~JB;KF{Be`u^D)R1saIBcdLxI|ko&#clFF|0jOI#>%-qaKy1b
zV$^q}_y&-?99Mc~<K7*nGp$s{it3n+JDs9ec5hm{B|@&XDFHBx*Kw_SLPWbPR3s+V
zej4un<KJ{pU@^~ZAI2(YrKCgb(cs~IY#I2+y{_5O+cR|ayWw*oa)D;F)nSLi`-pHl
zTDs)+*%3S&>G+H&zj@P~_uawRTv<!%S#?&Ug5>F0A9%8-nS~D~!n-cJcyo_l(yLC|
zCk=w`W0d3ohD+_YsBvSeEdP0K8cv2wSlE`K4<ru#Ck`u>NBX?J7dzB$VfVLUDa;i=
zT_6~3xy0`;w8CJlK;*Jt9g(RcJuFJrW@<MBVBbYEf>M`{OXvFdwzMt63Ya!MAMPio
zboF>7!O~?|@Hz~`SimiaJ!Zh`yx#e<AjUj0xT%pVgV9Fr`0Q{*1$hIFzR7p}q@#pZ
z>$8fRzsrx3SwO&+aUTQ;TY=8?I}Y-77k5&qa`i=<245KJg`kB5Nl1*~&M(kmnjxEv
zb67a`wsKLkZn9yVL901Oy2e}pYX>6ksMd6XK~^v$jc`^c<EJ>=6ZA`W`%MHP`X_d^
z<0sf<2}|#FWUPLc`ruBa6W^9);Fkur#CBto&k-pOrKJ<Q<mDfrOKTH}r-wKpEBr<2
zCOycxn~=|y2!}62ZcU@mK~+AN^D6E-8e@)>2V>#$szhuUoGXK52O~oj#Wb31T%>;)
zLT-3Zd0vE38JB*9^1(It3$fX|$?FvGa{Rk}hnRWd{YnCLaOUdG7C5{4KsJz+lfyzJ
zVSUv5kzCgpn+S7;i|adzD4^u@UfeCZa=O#3ecx9WyuHr*Os4GH;a|n!%_61~OU*x9
zi}pT+A9M1F8)*`A6(fZZ-^(?JuNP2dX>+h;hm=b4Xy~`0Ne}0ik_k|-kjy#cu+~p?
z<s9xD;kMeuPvA}VJ~<2$?CJ;DZ{P})L^&c$J2xDvjqg-3BO_0N9@ZK{ABdcfQM$ly
z>cbibPtp`edrX$O8El@3+T?v7WrsDW<Q!h=O!svTR-XvZK%_oCNT9(A*qTF`fYzYD
z(g8-GgMbKcO;NP6F`<()EZwh}_G!Oa{7~wDpGnHg$48OXEWp{ABP&la0Nx(FS4dhO
zA~eg=s-+v*f`3AoIu$O$0)x&8msOrT+Y(wdI6Utv?ZW{&&DdcEGbaf7Wo1huXI&SY
zs}GSAIN;bR|Kz~Rt&T=@G{^j<kfVR&2Xl7!nrXG&9jg?sgJBq|v}Yq}w(~SF;6Fwr
zegD$6tllRjXG}J`rktyMz(btkagWCf;wSGAQMA2)&0{>YxnqdY1{pp=V_=Inqcf``
z4tN7GG)O91V8s1San1;8Za-j(L4XIk&qZLAzqc`HX2XeD@QHm{eVs6`4c))l$30>e
zTCzFvdF2bXL;8upK?;$_SceySd~a}4RVNSOM^Q&wqJDCUeKeCB?z`k-CAX`X-CEv!
zDdiX-Z~f)nFqI_-&xfB=yXC$Y=O82>{<GX%n)32GbvxZ0oww|O9%jI(K^=QSg-4>A
z_ihb@3cu=-V07A5=4(y)cYh&e`L}_?dvBjF<aAzJ;f3YNy|GHens&{;Rq97+K49gW
z*&!j<Y}DS>%=X?{ZusleP9AlTbyw?FjJ&6ri%YAt=X_PtM)?iJXa(XNpD2~+)bfR)
zh+}9(>)O(V1AE&bv>qXJjAPU-tTg5rHQKIi(qhMQ^|-ZIRug#Tyj8J9ykn$hiriP+
zakoRY-(f1pHM=RPk>qDbvWP-5AXaSfb14mbc@i}BQO~!y%TlDisZ1AD9X_w-BfLdS
z15#eT{u-*T_wlXu%H+~=n2CHIBCILJ@v!!}>V%gqMs3+4CPf|P+I<ykxv5u}L`(p!
za7qvXh|)^+K$9_fma3-uNS3SrJTL55$U9qu_&D3v!G3w-ZE!6rJ(_e){a7jX`2nl)
zvJrTg-loeM9kuFy-ITRPD=%A-Baup1K}ylwP|iyKeIUuZ1J&&Bd$Mo7v*dFCTZ1O;
zmc9W|c#bqx9wq)4J_48tRX?`wBIrkkNq)r@%!Qd0U)pJG3PwaabYa6KnU%imaT3YM
zj+d@Shg|$i4_9O+JRadgZrajR%d@QX9;VYjD}@RGZ#tMDWSOWtLc8#NbN3y>)L~Ss
z0x=2)U-m2F74JU1v#H_LBQ0dk+W5JFy37vQ-fQy<;8$}5r6BzGTewl`0xzEmgt_T?
zpTx~WpVv?M7B?K^I3Fsw`!7+SNi$NL_eQRdBoXp|jm}(fU+x}LAKC!W7$u6WAN@y5
zW$*n9X?NuwjoXIPPWUKsj`JtnCc_S3^R^cm&h~+aDdNs)Y-0HHV}u?wV>1;K3=4a&
z{;FDD%NSHH7En!?Lrp=Tql$9RscP3e+M^mjqhkYw{g{uC0GAIuaY7XJ25EfX%{ZZ(
zkNrxUqPpz|nA$J+ll27>5^s!!!hL318<)8$f8QnsMM#It^+~a<xAyld(8K=PIk(|;
zO}-LGGHGq&&C8be{x%`se4{@|1#h&Kl+(bp{E{O(HU|W@01Wp98>b(%ClomYUGjNj
zl?YfCS6c!NPbD^-6(&|au##VOF>@{v6Lio4$iCPL*vHjo%Bh#4?4`bW$?T`T6GVbt
zGkzu%``U8kR{(j=Iv=fC#2Do%^FxlS5($J>sSh`@z3Uzt8tVNEz!}b*yd^RGeti#B
zxP?9KyZ2)Rb7&J$1l)5F-;7_P(^+a6K7AsLwA|)6U1xA&^Y28FU}xjK=UJFHHgBLt
z{fP#gj_zvb`9o>v_h;Zt`Nw6_9zRltJ=`H8VbZVX=4o9i2Msk>C#HAaXJFKcIvG#s
zkOGk%3!fjgMQyuVzvF7f`&+hVoDJM4e<O5bmH1$A)<1}F_iBptd5p*A_2t0QhMJXp
z2q0LBB=97EyqS6&^!v3EJi7SvW|V!3mmZT18R)!d#0)FUJd<}(g*g@_sv=hT4ASTG
zw*&Zve?h62Lu}r$WE-|@)NWN_7RrS-f=`s1=rUYIXSt`o4S(nb@$G6EUe#3J|HCl@
zzM5N<wC1Wf_@ne@;*XrTxQVm6N#4J}jD^BnHKJR~6U?~n7;NOK@=%XO%dNV%EZvGH
z-8>CeFa1IXyK1znydLFt_Ft@=(V)?fdo{#qz6=f2B^t3@i~RdiL!P^30~f9NB(;b$
z;k`;HC)i4FnN5)9S4y*)|NH9lcPsAAR{xo9OV%(@I1AAz-w?B@o!x+s!RN*91DJs}
zcNEhhvEGde4K*&`r4F4V<bf$_V18IgTqHrz;*N{%hnj^38zV*wG=>9eaha!R?d!Bf
zR~ystDnO%($=p$}v?Pu(Mjn23#qzvTGU8aAO+C-3)%xYR!=AwJ8-A8?PB_b>!0b-m
zpLOe>nwZ!Bdx3me!c0Tk3m*yJT4|sYsq+7)xP*2fGv<7S(QxNE*jC{*J})Yr$mP?W
zU`otH>u@xg36_P*2?(Al8iPn3U_Kc(FW!-60)A*xSxt?Qo@KOF!^c`JpMIo0b?Y_p
z@)-xc9kV+h`})AFy?*aDb6&Xr^s@bti~76j5(-g!{N4bQ=?-&#;rEF%n7m=9KNf<M
z{^q|fP4doY>MD~!c2rnT78353^vs{%{X=20vG8JP&GU#Is11a@nO@dY({DU3j+HgB
z>KL>^{k1NXW7n@g2YP)c0AFrsQJ$IT9$DZmC6~e{KM_piut>ah!v2X<Zc|rmJK{pA
zx^p)M=XoFH)A%cnsZ?jjo*Vz5+SN{bLN#<$u2eQdL3<AIIW&I5+V-^4-43MdXZ+IY
z&7I?yWZ|PkQ80)_C9W?ngJa(Nn>>yigl2xcJ{#*R36<t-qIS{{(5=n8O2es(ir0FB
z^j&HB-`Dpi)O*xD|IvDwiboWT^ZNSx-Z(M?7to3ZY1+qJ!RAh=SbUyR2Ufzvj#kTB
zI&W{W@n^Pc@vwr)`mmQH?RhZqTSIN?RcHGtoJXj(SX0xnTLIv=#oR5GFqH=`-p6Fc
zgEQ5s#|0TaQIjk=$uX9~{(#gzFfrvfBDT?HCx}16V{^2PFKJKZ@ATpial!rWt&PHm
z?S-)%XUbcpFSKbdevao~G0F6{FHE5|460Hq-)EkfgMC<`V((dJr1##)U2xbZOL{Qa
z0sW%Z7k<t2+?y?Pt6Bm7TJ+=923NSQ9Cm5UlWRKgnDC$X+P;E)F~v~Ni{5`%Z#ISX
zih^%;uN*=kAKQI@hI_Qy{d{z!;^~Fki>vL1!IjM&F3*RG)0tbJP=^Sh*YT%0dyTz*
zE!zU0sYczzm?Vfv0;S6V+7sn^Ea;j&OW#F($)YC`pD?5P3!K)dl-k5sCy*F>B*kuH
z{qJj;W{CT9kRdl1R5nug(dd}zJ9=R6SZ}yz6+pRjybjTr6_+y<qOmGq(My@bkA4U(
zTd%7xOZ4OUi~4d996P`0$9D3V4Pwsim0;6=M~CW*tT`1eUst=;%ETQ0cNBn#6#3~T
z^z~?On8mo)PGNB^b*doA1q}3Xd<wgHideld90!Go8@XUTemZ>afWW$P)nmhSO$zTW
zZWYNLh|$ET4b(?tg=hD8sc}a)J*yLS4<$Kvb;I5+ZN<dQSrIOk$6b2KfZzB8|8a(Z
zf34dSKV!n(?o&0begm&z)&6LNPv@8^x%lWR)UJ43UXb$kw4XZpiMo0~`q3wGVD=FL
zcdrMC#j`1)Ok@7bGU@0K)|whR`&DzQK`x?Mw?~;(_LoF0RT3#H6bSq&U%vDqPX5**
zg~7!$;jf{c6#7N)(RY2x;G1L8CCnipDpNx+3(XVp$EwpGPv)a_O%cDg{?X?fc))qh
z>EC3HNY*F(Pd?*k$DabtT$DKGD#5?nWA7V}&-{gE+4~@K>+|fJ)|QEd>b5^l;@S?>
zVG>+aHgt=&rN%$>cN<qObS!1IFn3E~izU?L{x2CRW*7etlyH@k&Wc5>e~|Om>U-xc
zSCA;ZDdJ>t{*LC8RPTF}^LE^uTlt({fX9>{r9q{`B&O7+?`x|;*?S=YpG*@;I`*?s
zIa?Ou1NRgAW<DNXA!+8!Ym*<)db<-HpQ)eDEzYZ#`$623x4PVx{a;;+*><|1NEX35
zp_@^O)UO_Zycu(l?ew09oro_{V!{BseD`ey?}W;u(R={KM<FrdU;Bp7(7nLo0qcJo
ze4UW!Ly{keLq8c*l6}(HPQ9{hVoy3!0K7_BetSkqWTENteN+ags_JMo@w9Fr?Xi`&
z*i8VnmVq1+#1bYMI|9~E>z<OSj)tc#1WlqvN0^*Wk0r5yl!bJ6&kR{sQu{O8lAy+e
zuscfw-#-WOtHNWMvB(K-k8>KY=$X{<G{>2+jiv!~zEt{-!RvXejK-VM!IjawYhm?t
zpuAfbrIz<&-l=N8RnkVvX&cQBe{EK5k@`fxYt5X-{mJLa^%67fh6|OPTM<s2J9ZWX
za*$wJZFTfGED>j?!)?CzQ|%V!)!j;g&mXr??8NxN_K><=OQ~%Ye#2%LO10J|N+BA1
z7gy)+EXiIM?cI0~{Ben(h3r5k6t^wA|H4c(J{{Z{?zD}2$W}Fsl4y`_=EUoGH@SQO
zz?Hh~A@6QQ2~Ydl`A>v)Js0g7?t<X0em}nQjw0-F%-<P^(`H`Q8(Yv*!f$VmFdx0L
z`jVI(iKl$ARkdz7ok;R`p-5^fNAEL-xzbdr@ZK!jdp{B@g?R#8B`FLtg-h;sw-%7C
zYu6NDB`S_E;ZPQVs>^4$Fvk#IbZX-(>E#byjZ)ytx0eEjU$=A6sT@NjD^hA~vTk*c
zu-e=Ft=&?~_plB@{?Mg-+WgB><i}dJ=2liACs;5oj?@T$*@uH+3~@^;I@LGrG%23|
zRdr*wJg+Ug<s90tX7+6@;!jg5pzbdY5)vE)G<hSg?@zy{6TlsF?0W5YrF<egnaA~z
zwPdJkPX8XSCvBY<MtlBj^Qs+ihbmQ1VLX$*a(meU1j$WK$#L>HY|?PCDy5R0OdjIc
zMXVt|1LL^<!C5h_&l2G&S2FXyb3kL!eT~DK{e&!rWc?}TcI(RsO0}i=?P+wMHOhRv
z8r4nO`}9s3i{MLHV6o<WM4F}%EDCdXzjzy^BGJ&Ajgs$@wsA2^9c^GL^nG<(Z#gnL
zx&xsCR6xB9ZSQhlU6nRry@a!F&0zKC%=%wSXPT!ryYJ%~K^8@HkKf_o^}a@GuWd!L
zfxv=to=g9AHq6fT1pm6ep_3fs0LrS(CL7fDJ?1KYVHz(u4%Yj4z3+F3$6M(aKE5+=
zH6Q2pjDn%Rb<b!J=?wsZqF{wJ#fJA@fjM@Ts3n~5tD{t-x_N0m)@skUgoe9YBKo{(
zVF>%zWYa)HZQB_-*;Va+k<)CH=cCG?C-2R`zGZW7v>81&(audr^8R*B6eQcX?e^=6
ztR1y^eY^DGV;ZGrTo=^%o2TV5wG&lh^#{XTXhrB^hqO!mGrfj`;*avEr$y?J%UL+S
zR^*<h#}L;I>NXDQTrXGQW_wzw%6{!n8ys!Fw_k8r;)-R9CAB7K-)&+#X22)<od(7`
zCrhwNHtO-#xQ)0@|GRMeg-GQsXM4S;`;1nAn|j2;+qCYIv>Ptv57eS$W}mU*c~wTO
zl={D6nZN>gg{&D+C@}Clv0TE7|NB0k4Pp4OlHYp?!Kk*iU^@AB$$zY6X<?Y6cd>42
zdiXCrT-8?LkXXGu6e^<12cXi!pgon?8^$Qhy`4O7`O(dU7_YyOr9ox=M=WVOvV==y
z?E;EJ5k=ry3fZ3A=U4@H0YzRF{kf)MfgD=duM8@azmm1DtqH4dNZo(Zd}#OXE~ZLb
zx@Mbd>B$W!yNdo?i^0??27)-trj55b8Wr=G8i|R^*{nRl=JdNo?m+(4W)!gZG~rIN
z+Wde9m1<&gi397D>-=4E5c`OXnOio5h>cTYu8`Rg3;z~9<i4GNqt>ib2yHuMlY;J6
z*Y%3oGK}EJVN+fMXoVOOB9D4ds%w8EFzgB9k!`P9bGAW&Uvr`k=HZYsmF_K8-!A1n
zh4svK((CL&qhonr3)4ZvIP$6d(}(!Dte`k^XD^Qnqo$dxdazZm<>|epVe8VzmFYiR
z=iZd4G%9Fs0p2z|*F<xh%xa~FN?k09Wz-V3$&g+F+YD1-Kcw|02$MQ`1h_lqXY$<i
zHN8Zs7#Bv0<@#GLt4Qihh}0Lav1N*kcJn7{xzjxTI|n**Te<_p*JbfM)#Q9Q1Kfo4
zx_To&{X@6ViFdL!7rm9}Q|Sw$qr*EVTDJx`-J~n?MtiolrY%pXw6Cxpwc>t}-0o}A
z{<&!Fuz3D8EVN!C;K^VQ34N^OSoTV115h=&C5}%#4nThq&hrAsHGYuBRBr^;7Xuds
zxLKSQPj+NBk_beb(K6lBxK^YpC=tmqxoxce&i9Q%%25VuTUEUU@+*n;?pJE>4cXsj
z$$gjX7-j(4xa`1sKvHFkRf!oQ!%r|HR8?p_1YrocO=ugP@s`;GI?>5qK0Yy4HO;;_
zX-~CYc~7PHLxoggFI$M;lkRNjbxB5U{pFLtgup5U)>E%zIC|<pM{l0bd1fpt3<$&X
z#SYtBk@PScHF9Q$<dy?<+Lv!1);C-EAx|>7h!mU?o^&41yzye<o3PclX9f0Gf4kx}
zUzMVlN9jH1tW~t%%4;_#B<9~BQM>RdL*b%IaxOJaQaG<KRR>b>RYy{Pl}|LD+6>-i
z4|-WV5o9iPm*FHe=$Stc1@#f2PCE3X3n=EQ5&jcR@0D`6YBAK8jS=Pk!#4b{i|hQv
zlmh4c&{G%Xd{gP+ve@nC0pe7!FL^V*?(v!%{o8lTp(Ab2WArzaH*Qb_EPtK)dh<RF
z4oRaevWkU1kE8MxpUYY$f0TamXwl^yjvg_px^0s2yuXPnw*9}U`-WR$;S=}q;`nO)
z-CZe$`RWk6`X?oFRh<tR$`#)lcbgrd^$?9A?IS)soB>7!<&o2a?rU!CS`&h?fAvyg
zF`Xx*Ybl8>^9OFwv!JxjqDqWU@<ubWb)9M@(Dj`9{tjhWw&<d85+wRRuT`ObO!KT$
za^rcuQ}cO6U5<m)dbi0rsmS1=!U6mVb%#LO?*U@p{iL>AJDYoDWSJhot7k=o5=QpH
z?LWmHJ=Eab{js_7VY|@RwglLkO-_;Vj`4I~wZS10nLpG_E;Q0qOlr^FbRdJf$FBVj
zDm6N}ISy`h2URRa4kf^nHcLPJNIc45M~FhRcUNF}ROI@&+lFT{GUSIg-+}HAQ<{UD
zAY|E=bUKhI6kT=AnOtaXnkrTyV7OMReT$oFUe*aHfw^yFO_B?d9b%op9`t?6Q)rdU
zhP13c&k=zyBQnpFLp#i6QpgdCEs#w6@fOZm(MC@UgSqUO>>b^ysw9A9Wp1*$Pw$<y
z$#LAVNE`_YeLaAt&%r*d#QM0c65|!;vyq+kQq|E51+xzNCkz6Tx1r4I>*@np<NLxK
zZax(w;U*?6MV6U~`{Up4^tv4+sEmFIsWAOQx}_oS9r0^FbMNS873{K~v<#WW^6icF
z4F?qHy6@g;_~jDb6tybuGoP%Q6{wy}pKI6c3w|f`-$xD5hU(-FtPbbd4)8KYad&oZ
z_D!+f*Zz&QuNx_SfD0ICais@aBe6Wt;qOmN^(&>8cOy*x=${m5_X#h={4&&rRf&0S
zP68>&gUTI347`aE8M|JIy_&4nQ|keV61QZm8GQT#$#xHK-P?CThG@o&aE9|C*1|KY
z&0-HfBwqB(S#{u+DVMrV_A370n<Bo97v;~@oq+&C4ys73cvGBj40XjF{vE%9Amm7Y
z-O&rpS~8Mgaw46WLZkXRlWnt5o3Dm}B{5agA`MI*jt6djqRiZ>z1+`I7$(4>g<Bo9
zy*SOhJDid(kjrr^_j-t}4igKH@*0H0Pxd^}e69{E0?_Vw+Wr+4b*E)KqpI4i0Uhgv
zTcc>2h&eaZrG$8_R4>jsfz#w3HVxnXn4T(me$?U(PlsW{8P4|}kMF-qvHez$c4Y8F
z(b6#9TJUt>41=GHwrwB~kTD3FW1<~rt;r{)k;Ctdh^%);kRhRr)nA53>$5a7@NZMl
zs|l6xDG!!Axcf^r78*JhB+mYg3QtGys(kx<;9GmoTp<-R%=idm2KQTc;oNkF|Lply
z&{AJKh(<|c@>UC8WuQ=p7@VJKA5_wz@k%?5!Z`_-a#&3f-3lf`@D5&C9`uzfy@_wH
zG&k?Z>=`3&Zw<qsso^>fnBr=KKnR6*y9@JQ+dNsJKR`g*?1(E4s(k-vV*CBFu=Yg4
zM`RF9FH`)WUxzAM`imFyaBMpEv#`k~W*n*sk4{|+Yt?wiVR%36mSV9&qg$;nr#X6J
zI`~rOBx9a|R-Q_v>Qsr5ce(Dyj44RO*gY<LOB~K*D6jVbRyqr<+jv2(N26bJ5BGjH
zodNa>L!otv7X$H)zvd-d!<H`O%!OBC|Jw4>6Cv4=I&S;$PeErYl~~h%0YK`sI&W(*
z#YBa=7;}34z`pVKER8y!#x(EGAj#73S$keTY@Lul9qF`SEKN7;yi&edgwKC=HxVp&
z@VDpD@?l~}I><D8mArZVAax`N69;A@^Q)=yB}~d4^t_wv1vzYUa;Sxvxp=JK=<lh#
zl4z)0$N?<d|Gdo%qegqz%Qw`S{1hkw-FEGL1TP<21$+XqI_!n>%3}4*{CWhE3EGgb
zu#d>Z+G(GQm5YKIWG5@MVAxP+5z@IH-9s{-8KgXSKQypuK2)R4eInGfOjDr|{w%oV
z^<g8gHQpV^wRMDkoK)f;o_Pm5f0K)zP13hSoH@0K52QLIa@jO@H9%E$avD}$&#E4i
z!V3_s&v^ZY^;y)S{^W(x^^mB%*s>#2XwK3Z-u$&0E2gF8`3;4#XS9+yMg#&4t-CiL
znd4<?#*f<?O`3-P(R;^)=*}_?RNcaa37vYYZ&09EJbS`-qvaRmf>brlU~%~4VaHI_
z#sthdFRoRHUo#c#;b=6){wn3iu&?zt2-*DJ#1fE3Co5cTV97nI;xk4AN}$=ym-;Ll
zxq!nq^R|w6zp0A`YA-x4gRN4&o|m~hK8mXEf!dhk7>GiX;)#AK>}~hj<GHC}V~&Cq
zTDHa36D5^RoJ#i5R^H<OsrpHKPI_#+QgdqztaQkH8RTEB(QkrwD7#u_@A^g$+?Zl(
ztLF8kfb*wc%~=+c*cN^0{28_`)Oz|V@Xcn{jl&h!RAo{Fm<e}Zyd|^*e1D(oP#XbB
z>)w9AopElt%`}EKjQv2E^Z6ObR1mQwfvPBv{=ynzqi_jSd71PtM4ai>KjTWQa;yN<
z&U}Im)7CE1%(uc>>qGpg6za&`nuxaKVqFD<BWA$5tM~1mnrH<!)Cst@jW!LZ2ax9l
z?(6}{7R+t!29*-uMyB$FAC?M1H_y1fE^c2Z@^xUr*LO5PpC?Ut!Gc2qD?Okuhttuu
zqh$9Rs`XXj{0q5-s>=_ho9e(R1~q}^O_xuI!UnxW;clDD6t7(HhhUJ~M*DJgNO3Cp
z;~;p@CnM0>8#U4ZizhK3hXsjeKj)gPa1C|J-fOm$@-%KO(NzDCFeXs<WJK|V8Q^^x
zarCZ0Rsk43rkrx5$XxLW^0n613iXGJMU_JAs{zbHUBfPy{t<Wh(|(brw))LX7cRlh
zM{)lqH))|q_eyNytspP*M%B#c(ZPSX?L#<I?a~5z(CsCl@<R+EpTUXd&O5C$%nnAn
zVgniKH>_$u=h|f(mP;wB<-jFZY-&W#Es+B!X)Aq@=DJb7q=o27w3{To6V+B+fGpJ6
zfT=YtsqRlhv9wLO&o_h*C3<=)oq7$0Ury$Ze0QYGkNc#ev_~ah+<_ZfBDoTZPm`5v
z8&C#p`@hl{WH<aGl=g|8SO%vxxFzzM-K!5VA*l>b6Q#dj6HUa4X)<WuI`7s?K?IL$
z#A3$|1gRyJoH@Tz#venT2=c(`>CjC1rQ3H4q)X?KusvMHzyDkr(G7Kc6JZ~nQE9S*
zy`I(GeTI*`%Fvt_WXVbLXYL>~v)4fw5d6QHeVx)Kx@y(Bgz&$!&o%A*&owM_Uv1Q<
zj@INo%RLOQ_WoR{Uj2^eK{_PrU8f=DeX?s7T)oBTng1gbWb}A*)7wKo1002(WvsYG
zZEznB)H+N?%~@9w0Ri>Be_lg-^XvStFDV<P2~qb4HC#)<-w0HT?`NDgB!FHv3h=TO
z(;|;qb>@Q0OckAuSXa3PIVbi}&oxYX$2in}P%9ySlr8PROKQOYC8msZ<M}yVSTCj9
z6fTcka43&@r}>7P$e55)FBI|!7ndTm8U=a5b79HHpPR^uHYTT+H@Du8ug(}uQ>_p~
z+0W12RSzN!y@9?ng2FQg(}qyLulXi0dU|j+PB)BpHB8@zdcNRF=y)l1i;GEJMKs>X
zcFOw}7vH^mT7z&C$1~xG!--D2AM{0M@)5Pi%Q9#50xPc~4i7r*o`cH7rh~pdY7n~j
z8F<z4g23LMe4vJ6Ylpq~F0DDFg3bv!B@d0pj-UW(h!sr8Ca+FK0PTkMh#nDD`Ir45
z@4Xjy4By9UFzhcd<kktFU7qm3M$MgLl>wlVgiLuvCb+tPgM~H%iiuEiFX`XV;|rH2
z=yONFLjPOyBjQp<#ca=Vr+O&{89NK>vag+jSP=ZSrnyTcgc>s)8fzep`2H-vL!Zpv
zyI<5|xJ7&zCM4qydN9Aa$_`JLzk3lgcJl$Gls1ylC)_=@j5LQ=(uN9tyB2ha2<Q1Z
z4-m(*Pp;$q-qGXy{-qulGAOwZAn3XIx2uC9WX&+IQ}lnpQu(u+4}OmGz+QsV!P1*$
z`Loy6WTbto^C?ogKK5@Kh#!iQw%pw&{{>3RpuZ;Yyr6`8T95=+81h&xzQGe9;vekz
zy8HJcU(dhj_#Gne4~WA=Uj)W^x;iL~wbf8>mM5s)Yp8AdWs34NU${L=OUPw+Y;plE
zO}p~Q{N_dllN9!ELN1bxZ(DfKYmQmLZX2jqs`tMs;0YZ_3>+1~C?%kN{tYv8&mH$|
z#8b`Jgo+G;Ni$C%FFh?zDc8zViHE-T0j<pmo~0)ncaAC+M*--&W*%2b>hMj&LQi{2
z+~EZajeJij_6ExbFxG!4Y)4Z$Ug4iXU(+LCt1fVIFIS4qqvoa|UGN0;3in8N3db`4
z!j*#`5gU%<>8xRe3S0`ZWrom*pfmKmc_tS2tJ$!siO0SWtj+shYI1)duXk^PBq-%#
z{8>Q#$5fSeH7w{!YU4%VRz-rOY=Y$@r^!zYY4g9?+N@+z24U--`2nA3V}|`pm3@B|
zF3_k}y?p?eJCw0UFO_T4juJz|(?)s?cz<j@uP5gT)<%4euGHF^E&>q<Cn5`5&r6TD
z?l@$yTe~<^PqxqQ-r(+k+$YyNxWPqPx+mk#?l}v*E32;N0=WeCzG9xc-&mVTVxu{(
zs+XKj+>GZBsm7_;uK6ca^Bs{_u6p|nNm2t$rh`8ML8h@g59*~JUfoPaTLgSP6L#WR
zyGcaNdA}*+@kpTa`6EGL*jh7MzI`7+S{!(|;(r9z0E)DD<{j~Di?mo}n`OSYQu-E>
zx?T29CDag_t5%*dlUi_k@-bX3KofQb@x)#j@NR58tO!$3c^{?#q&WOeJ_T`G8k{z)
z70IZV*nCD<ougDjI$Scuw&#zlBY*EG+X{l_dcA(m%|He{H0s%0lG;%Z{5!a0;u1Za
z6OY>UzFOBdps&Q74ZTqvTyiahRP)_418kh}txeja8rv&EpdnWdtJS3kj3ei??_O|1
z7-_`l^QyY=XsqkS9*7EPe?8iz1~07sxpw3S_jE9RC~fJ18lMM1(oYRR)QBU7wtE(Q
z(rG7gcaP8UI!K~Zid>kI>8a?Vr~o*oLty+#ntZUlKKG{IJ3gOs3+%=pU*JxxyYuLH
z-gF=`bTr4Q%Hvzy*oj(k`nQlXez$UGKwVBx%alJy9KJ}Ex2N<Nu!4ZlQ;?Twe9r@t
ze_ky+$z+*5FGONN!|waT*#$}$?hjvMy=Y|RwbfJ6T8?>%G5e=+kH(Up#nF5I?kwrQ
zASqS6C_nN_9oAEtv73CO(_5LUy~XXaMl5HP+^RTx8jpNRRmiJu9bceswK?&v4f5m6
zqh5Ste`>{KYVMzJn)XMB*U{3?1--H(xqLqErF~pK&Ubgzmh@zdRe@1OFrmw+|7w9`
z9U;r7V>rCqSjZ};@0Ff5r57|;)w90O#XQeZ3=IFLBjb^u9vf0{@$o=kQ$3H|NZ#F=
z5th&9BL@7(8gLNxG8cpMmh!vDl)i$lvTz6XL(yiDhI-sDn^8U)LZEE4QrqwvYT7>C
z>8aFFcOZve;PzFNGHWd=F)e=Ob*-5N10s*FsXpkT^rT>hQ+NpYPd!&x$B;^Ku2tVD
zjww{-@XzI5rpFI8=y!*O^v^^amm!9yC{je%(!vHb%x?;J9ATVG`@zX=8w{GcN7ux&
z@MwcnU49ceB46DT=gTTPyX-Jdz>ug+%qvgl9#!>dNvAL00J^^E4bK+%hrUEn6x(wj
z{YEkDXAjO*ryoig-`NTl;A2@&@>FTfH94riP;ly@*bwv~sxdZ2j_14YFYSl09&5DY
zs^x&B)1v8pd_u$PvDm9}N5^kInKI8`rw?kTP;PD(z1X!w8?GN#ca~xsAUM(XinTx}
z)9p>Q<M08i-(3c~2bJ%Kr^5e0&q_~PzE@BF;*oc85RTK{9lQ_a`ge!XkT19&uxwR%
zxG(^>?xkWjD%rb$0e&j2ne*=tpUOz3v{;#ix9v`JC;;PJTGts?y;Rhx3<AGva!n4^
zRCV~879M5`Y$d)AGPZQmKNKYt@6x=_BA8F6M12>_q{W-G<voL4EXUDzb+LiSb*U{k
zWM0!<EI_Rz;UVkUkpAJT&TE?=@?+Y*)_?r>RQ~y0-Z)Ck+gcZ$|6l}SkP&Y&buTcm
zv||O7b7L`~USfH)pl$6_(}vk@gyL?fKFod$br-wej`-W8v36|u&Kc&N#opbX4tZPE
z?$fHm<Qw^hDhCf}<C~C{sFiAcfW7K%vH+$xogJn9wTp>MP4kPLO^ULb=zoHQXZ@x5
z->g^8apC3CGI;0<>rE5~i8Q(LlFGST5jTOpf2S1V7dJa#DCq_&<G1C&HK;6weM$J-
z-yC*t-}2{2?*mrnHq`^6UGG^E$O&em1@l}ULhr}VGQ$wo&M@@@lZeqRo@e`S=KQ1%
zZgiUAN@Q&~@SoBCQr?&GPVn`3GZxqc>;Nd|)zUG08CH6cR?JND*;Kpb9j~nu-uHs$
zsZ&_aNt8HP|KzRt2Uu}=xKF;{q`AZUq749l<?qTy)IWA33c$ZNQH`F!gl=3pkY?!_
z{rE1GLH+P{L^U69NP|E>`YH)V%j~ad?_&Gx)%lT^#+<^}Bv34{tC13^?#vCqu{<`j
zDl`p2J@dVPUwh;<jShz7OXP!J^?kypGHa=ZA7siUgm%mxe3eCW;gd6E(G{*W-rts1
z`_t)Qe;m$gUho5(vQM0@<6kF!=q<lw)6CM=zU=N3LGw5naR%4c@(S5~mbJcuKkD3=
z;yms!qf>VPNL{L2iuPc|hf35XL<NQ7Nk(8SgN-!4SLK@n_yTe3sx#@<fg|J*i1eV}
z<WEQSrT^_K*A5e<IxDXx8c{~?fhilj(WKUnQ97IbXUk?9QchmMz&d_ZhZ*h<Sy_Y+
zeZ`h#>A>Nr2>$SJzbDIM$1gDrkF$TGuUkzT2uusPm%AFGS0|-D5fuVmlln@1IqZ~>
zxo0$}j6%AB_IGys|7%^~vkTt;5D=AMSB19er!!sC+nrbY_2ip*>0pfu`888TyxBZ*
z|MpQF+;dTnZSE0EceYjgGGD04!6@_SD9&<KRrl0=7b`Qk6Va4&)bb|H3`D(d-c{qi
z|G;KXFFCNb`**J3A%jtcg*Av4w>AE;G2L`;Xp)7JgF_)(-|u?|NsJb(49f1f41=;_
zKpTq^4-I>68Hbqi2-i|dT{3z)Jh(lbIqxwb!fzlZ1Q56@f`>r8#Ic!bs}2OfjlKM*
zT45>;OyGJZ)UC6ZYkIG0E9m#ophFD>^(W@^%Lkq%!{1BdA5xAQ-2gQhj@`>`BJST<
z@84sI#Sr7No>5ZOuuN;xfiP)mz#rn#8f1{pdSf`OmnSR-uFZt}Wf1nRN2xR*Pz1lz
z>78J*#D0EZvrn}1oQKYnt6^gyH~ZK3Tsje}+`H`L#s#ElKa&k7zUu0F>r_AO67VjO
z&0_~nD<~eHMtUz_a?TbxGM~a-a&8kmaP;))9lB)mm8I?V!EQi=854}3Nj2+c>*akT
zqEhWebe-X1*9`))(|SPdL;dKG_+iL6s6*nrwdV>iNVs3ccv9SQ%0tZwKrzIF%Ru0|
zn93rRZDS$V^el(6p%JdMSo7^WeRl1&KI}Wittak|>yL<|Ua1Sk`<!7@Pde_sjXld(
z0!3b|?^NxZeTn`2S)fsQF#GGNW`dv1+$Go_kzB&vPP55n#4HnRX>kO&bTRRDOJB3M
z(5GtJlo>W1*Kj3&Cv6gTppzWBBM<4(NgeL|*CtY&ZbQHLA{^s!*(qAdl%lT#DZ5sC
zq!*!tOYcw>d`Hakj2?Bwl|6q)<h2#U?b)$k!{}ZvLC1&Wy?;kw#9;aUQd+?5mKwMV
z8$;*NX7v=Ijqk)BWXTQNa}Ydc{8(;DHq6suuPlx=Z~FKdOz<S($)Jr$%?)ZzOs<Y&
z-ijC2<mCw6rh_y^yQUg)EyII~`}CF>5dp{A@x4|9-KVi?JV9!RW-kzxJELnjZ0_#7
zO0YLPp;E!4;S}_9elE1@Uk?57xMN?}lIv}X>9cZr&+G`T)oR{`lNgOYK0<aqBY<$P
zJsX!z9tO4-uVXms8*9G+H~e0No+fP&qla*)C7$yM-=Ht&Zxq(<7O4DLY#peQ(huAh
z%v{t9`2vYP)g$umhL=?@)eLv(YVvY?4J&?|BtE@<)|!sG)V#!o(BbzbmA#M(E)9v3
z`vm;vXLulbnH)B^QsT#WPN`T4pW4xs=Nd_T)js#_3sT)*`hm$ww8c-e^Fv+^yG=fI
zS|{Kn`s4ax;?wd_^jmb|NAKW{OlivV#AMP6Z`$?2bf+~vmG7kDkzmH<at3s9A$1!F
z&$s&VhcUwMVX8<ncnW)5_P>J3h9o)qN8cKbt7+ThM2FB|ddbsg#E^1&^u!q0rZ}vW
z5BJi4#7>xeP^dr3EBp^kKS@2}J-f0<G(TZC!>RN7|G|9+CTr`2gtLqP45Cj=x69fs
z4SIj5EbJb(jQW^K-Q(5b84AMyDmI?o{j~9HLSrOS?u)F@V#lv;^MeDGQJTNh^U)tl
zb^_&im)H1et=QO=r`f_TKTOqJdh)~b72{PJmjdOk@5#tGk%QP(#*@-;?@yWpl=U4R
zvNgm%<oOn^d>hypqjJ0+>Fx1b)`k&3VXu6z?+ZInXj%5#cd4=8PyOx+&^T(`?_J}c
zQ@GYE8~6kgmJRW??AbRA$RUt!s4U7(y8mDG6_xmj9qy$r==eJ@4W4B$ds}f%U#UZa
zcd_eRQEeO2N?rT!TFUu51{yjk$i-o;ES%|ymexn3V3!zqEof9%4WB^Nci<I_^GV+T
zDIvv&>(0an`HS)W#TZbPpnZF|7gMWhgN?NZHoczaM6dFr4qvp%WNEWMXl(8%FCgV^
z#LwywR7UT3XB=(N)7(~Tqm0&K_`!*H@!*4iVx`34D+dWbGy4K0T^_~dPHxiM$m4S`
zJ2Yvvr6UfqYNX7mvQyZg)X*Wbp~T(L9rw4ia~1Mw)Y7gx=*FR>%J0Z_ncQB3ruUWd
z({g$HYVYbyv&Ck>9atq;<SEVZhH<~4f2^9t-<&>opL9*F1EIzm9!t6wCzL_aMAUjY
z`W^GzlY{Q|hUqf3ri{o-eYeZ<{G#)iEc(wc^+LU0!I)!dTi|~!2=@2}mME#?sIHgE
z+XaP!M}VwTTIabEcMkDA1Kv$RF|o+{Aiz@wH^4u3$=m;xz?pwyvVY34qAs1ynZZbK
z$g;brF9sE;On~H0deSVj!z01r%R_Kv2q|>*K=g@1_Kp}^gFI(l*)n%C(nIfkL|W@G
zNM9Up`js*nE?Ajs^ZjH;)EExZuWMRKyg>wX#5Y$&l5>HEJJtcWRh&}0aZ~v;20X&E
znFs4}cha2}z<9*N?W8|BcZb30Fu<Nv8Gf4IYqOnMV^h6vOXZIbS&<p3?O8qqf4puy
zSFqb|z!Fotz!6C)fEs49gw+qKev^Gx-iB`Wrqy$AKHDG^Tmrhn>-P2T;4!GV&b`Ef
z!1R-1P<^|C35I$*@L}<W<jv3~%^ARODDF;7BZ^rj1%&K;Jiv7N>+0kJz_P3RM?NTt
zauZPvpWdA?>s?I$#pl7G73j#Ml7lK<k&$9Uu}_Q~iQe|afRb1(2CCSg$_?RWS!aNb
z**`<g@Tmyz3S?$AH_){;m!Q?z<k?hTWuVAS@QX-igVipMoY!3g`dJR2)4CaBE6>7J
zFQX@9^3(;wL-O@}(SsGzIGq#6gt7D=*3_FkSU+A%f}>gZ!p2x%Sj5}c=+45IOx4MD
zS+jmkpWlue@fqs(h87#09KMj|`vH@<*t;Mc@yLP1)zGB8Q(9v-2JH>%A&}V5JsOI)
zMu_X@OGlWe*&E~^q*fkbs?{SG#!GikBR%s8du+Q*B(gS8&vnbTKEz{CDy91IwT+c(
zVP_$}!XKk_{lcWKW_Imd2I8;TOm8WC@)CA=U&IpsI3B39JOrM6+m{~U{YQU-dML>f
z0MEpp60LpLak^=9J8L*y&aG7S+0IMBz%S`o;LPt%XL4rcs09rn#Na*?$0HGaPVTBB
zHSgnoz~3Ir0D^*Q?hT?%TS=K`oKAyhoXq9d%u|WVa|uz6o!8x~uEy<Ci#tF_do&>I
z`^XrD4Vp|+I<|g{?iok>4Vnz6f4Jy%$H!r5cWgv-lh_v<$X0j>ZGTuP`d6lxzB(i9
z+m|tL?4v1GP_+T?7U~+T7(RRbPh8ClD-Kof2=9k@tssFm2t_S;NhBRN3)mr>z-Ol~
zQ+`osNK;ZZWieFU#Wl%Bh40A~N-`({E~~1(xSt(fr9FUmW>QJ+B}QJNOeEn2NL4Zb
zZ>G#OTr@)1`ObL^_T!-60DQKfr_hpsJ9vbcR`39pXR3~dcO0^QIWhe33i955q$_k!
zlV7&y?dOvZ0`JAtZ$Nt{HZ$HeJXj3crEljvY19g@z#Q=Yodx6bNYeaGPZwg^HU0Dd
z>fzZ3jV19v5>?E3;H`&+e`4O~;#9Ox1emXHKZ$?{PO@Yscd`ZEY24qHwm9$F?cKXJ
zh7&q|1Sjjw(YFCGOnVuoE0(G-vi0Vxa6tK+*;8DW!})*I{ZH}xvhlYg`lMybwgXg)
z9t_(ZoYb&&<u)QZntr{Rf~=uDfIIbsUbI73)08F&8%jKW&X4<r-H&wJdUHYCyUymA
zc<gU_agT9&)pFq$AWYF*ghg{CW$9*Up8o~k%e9mm+*^ED4vP#Va-S~!k?kI{@i!0K
zX|yXCJ`m?U_y*3=6@JPB#aYEk;;eM~N}g7+k&mvxY>q!w4RKyXN01m_+`j&4zLqIG
z=e8!4g<PLI0Xh6sYgo<hzgE~GEoID}i3MNIWEfQ${Ez2M)9J!v&ZE|%QPgJgT?cF=
zKeyxSoBZb{|1{><A%Qh2!HA6iB#y(S0?d7L<95*YwkGVZ4zzqrh`R(w*LsMjO)DEo
zQ}e;D2@^z~c5*ACMjt_L&ggtIcX%wZtx^_eI|>@_RL_5cQW!<TifR$6!zHiL4?n*{
zt$<ARLjK?wCrS5$y^X#yD`B72B_tVSiM>~7PA~Sm+(pAS2Qg(E60C?hNQ!)S!_mS$
zd(eh2QJVG0CZNX9MGdyCWERvmnuNDIQCV{Ah$lcb!?^JtmijwyM<wfIOXOaKew?M+
z%r!@Cgh)M>Y5Fy~lM>frN)_sLSR;(>JMduNClma=Ujl1AJK64Vbv;b_O0<aylqODp
zyb7pz`dIQ==3TW*G!TUte8(1E1VXncJXVyxWbd~npcp~BgYQS@!M{xe`&XB@q5&Vi
zd{?JOd}am^dF;FzdK#9>s#6xrHjalG#~{3LOjAbFtdr^!F8}xq`qr>K)(76VI|j4Y
zoS&$sMS3n(e7NJ4*5jCezQ<%OfYGo<djq(ku&)58M>Fgh``cgPt8dGBLZYX?=`(_N
z-$zi*gGq1Pzz2O==LBxsrOMGk^r7Xo^KTHZQiN__@IxpV{F@t}It~iFI*rCSR|f7*
zo3@(LncndqNc;jO*LSKf?61%hp3x~odw1I{`bGN)20Pxo)T<{acR(}MnQ!I^>|^$;
z!wqya_PQKxd&4J#GhE%n_6#mSSR{P>M8T}~%3gB&`1^yD+wV4w1`|)~HCYLwjFL0L
zd?c6<Y(0|7=GKaVe}%r9FRbEN*0IP*Z~q@M_Dw`*h}`iTaR4l6H7w_4`pJ=~3!?}T
z86<2u7z(!DZD>{>MF|ofBqrk>0NmGIf7@tj9|h~@_vQU_mJa*7658^H+jatQImuAd
zdbC7#kVx77y;s`5*RAcc`}QK@=S`Bw9YD2n+?^Xk+wRD0XSW(P<Fw!(<Hlr!!=`&?
zeuBA6NIt8jOOKu?uU3*)KnrU_izCQX_u}be&<6+(Jm!$*PJU`+=BvC<&F73%M~y*R
zo{0~gqUH~1nE|5n8Tx^&EuSuIcrYK&MoBU+_~9i6OI^H*vN;i0o!|ZaF`)8vlK$Y#
z>#W}20bmjd8~4Opzr!fBOPg!r9WgEL7b~YUb}m-_lu(3znGreoc3X}X-snJG7mYg?
z1(Zl_%Q-zfIa~w{mx}l}MVN**DYd^J)0JqrIu`psD0l4tL%Ahs?ZsD~%JyEO)wrPl
z&R(#{i-vMGykn{4Y`Dkb$=u+<kbu=;jC{b-&{#;8Ykei5VR|vf`ETK}y=>|rd$VVf
zczsIi$g7d~&Q%-wB2KOaCWu$>9~0;BvsAN(kbq?#hW*vf6O9cSy?Aw+$J+M=+$UXY
z$~W;f<I>{FMDSy|kvDhOZa~i&DF3N6JIYUr52R_xv(|;!y_atKUR>As3>sYShy2xk
zsne2m$*uM5yxA|zh^m8#f}z~@jLY&9xLn?pNQ`}EuTvMh&uz&IQ#YOKe{J1ze<u>F
z`kfO*jXA<u0#xFdxiBG@+Q9|p)yG7DxJ(|OKSqz<MhFiQ#i!}v>pIPLJG8^AZUGyY
zTPG~69pb+WVdztMkDpcT>cIm!k}>F}KOC)3`*wS91-l^L*~hj5OC^?{IX3}Q#h0iL
zPs=jm3i!B5SjD3Mqv%SYq5R&k-A_o86ftD0knGuJvL__T*s^4oWs-fHAw?2HvadxX
z`<``_?EAjY*ms5*%w}f({@?k|ch0@%e(yc!e)qe}d!P4t5N1<(Nd~{4Q8iRl7+ZIY
zpa<$s>3I^`FBc?7<uqVp6_x%Bq-#U;KbHAv(S!P*+D3l-Rht1gv@}dqHAhU%?Yfo-
zu%s&6?y$x30n@5h!QY`cJfSIo$3p6h0&Pz}J-7%pB9PKGtccL?wf?Q-#v3t(hag0|
z-!0vom1=OcXK`e>!D9E6O<0+g2zz%!wBtq&4O6@v=mDnv5_&;+>A`>PKb6RyO{46S
zu%1VIVKXCm<zCS-nY51-zEGBF)_iPG)XaPyXV@7xyD)dFJDM=p_Ad+W6J+EkLYS=8
zfY6i8bjCM}R8wCk+azOy{&gI;qg{OuNZ<Uue)Ucl6<Wtcq`-;5bkfgS>C-!>b_5%g
z-VhV4`y*%__*!V&IX_QiK61B(t&T#)TN*s(`vtpnpSeCA#l9>>oFBQ~TnbPATRznj
zVRjzhB72NOm<NCTJ$5_;n9>6}`L?r{!=H~zAlRpwVQ|j6Xvoq=+^&-}UXIF|BQ+uI
zVxypcJu44$Gnt(fXgIsAGo~-019XkbrEeBk_*@BlBq6}MnX?&bIC@XRfRhZ3vnoU}
zPMrxKxBUcoT+e84#AAx0$8cU9{gf-d`7NP?Fb+N{S#~xJK(I_vEgO=R{FNtZ?+<u`
zs_gHudl>MB+|M!BP5p3IYC9T3;qm0V2s6$^JHnO^f;t~s+pAE6l)HuTe-9Q+bACjO
z#K>3pG}+b24?^{otDaX>gXkadpqk;>+Jc>z)N}rd!^rk~O$A!GN6FeDjCUN9HGv09
zNkRuFs=lg8@k>k@VP$hI1lu28z%s`J_{#pfpHl+PZxZsnihN&@a;uLWr*EuHsmu3y
z*J}SO9bf{7$r7ar+IHc({|d{$wPp64tbsUpUH{~<N9MJ9nk7mr_lyvmP`H~)&I>{k
zd@Jm9()Sn@1y{;zyJ~k|TV~S=pcR#4hSx}Q0K7oIoDc;Ak)*ukHD^rJe|j-S6Xx<<
z4MRn_iNM{<6Ad~YGqx9ACPt{DHhHZyIzO*Q!vLLOAHq(ggaVvYgs_5r`yN$s)<26Z
z>3E(49V?IS=(Cc~f!_i{qYfya=D9;S(#8khmjxz0_APCZ52nVvq+NfGx15YlY<r(3
z8OkCu!IZHoFH}35Gx)%%f4HYPCy(VpFJ2)79wi$oJJfuY>D<Aj$o+8OD}B>>*KL@c
zXW-z4&?|GscRvv6tJ9fRBN~^g@VKO~0Q^zClGeWa<+^L-GYVkIdr_%PrHb1>cIomj
z7mgvTHIvu(uL3FYVuT@G+d~K=WdABCG&#sTBZzgW(2SO#+Y8df6sNB@S_Ch2WaSD4
z6-RIJGeGi&NmCQgZSQG$-rq$0fTkLHRZ-o8%LYk9rupsER2|H~x#7y1Uh>S@wc8DD
z9QQxcr_Uz|ms7RGoSQb8Pmmt{b`>^WCJ4_c!>zYt(n@LvAz|=G_wP=Oe7OTN$ZeR>
zLe$S_>4T!w8#EVMj&e`xWTu0HJBGYIDm;}9PTZMx7E>K~CQvG9`nK9GlpeE&NcS79
zYVT3)X{|0pq)ck<I1}ddz9J1^EI9_~|LTKpSN<g)Uj?aVjW2jVt<?PIefBj2_jP9p
z^hBDyhP(89AMzC$1*=A5Q)}6}67>hqYUSHw$Z1#9UwDjZUC@d<jZ0%asyoaVzV5mB
zHsL7%CtX2bzP>@K!5i4&<`onxD(j<V-09i|@s{(lxv5r;0#D5ES2bF9Zlehu{Pc$^
z6*Ie9o0Zi0LA$9${o&(U&~v2ft``aS)_}TsyeYU9vnVQpdlO#8HuuNyI4EwJkI_!?
z*h}%K{4&OeoW@MXQB82<V}D~D6}?C*x@o47n8eAIZ1f_LlcCXTzR1hX&F#gnZ{IZB
zuJB%5nMR35SDY9$+}sp3+_u}AKwpe>!`?G#TuC)j)VRW>irU(19cjan_ZC}KmjHGg
zCuhO7l{2L5nc$p@8zs@U57%yNHnKzDw!@jbo)Pkg)J94V%I#)dxU|^!X5KLe)W?2{
z{=l!K0lwNzF81ZCK7*j=P5|WPyB2HC)E-i!qTb#{<39`O;;=&7kNB2rK4K|U>=5zH
z+I<G9&+%coq<MBgg@BA0nmA~wUT_@0g_K^Tv+Oss4FHBykB7!W?!``X)vo|Yr`~zf
zqQo2Lkd@_iL<J}Xce`=?#fq~{-EgBztw@nlMIYHPpfPSX&YB^kX(n{eYJLV<qFuCe
znRjmK{)(#Gyio1B*oo0e_vGtX!-@Ho+xp~$I13w_HL#kI?b)ZNhz9af$}}aRQYiuf
zI6wDpKFxA$!v@qtsWjm&ysa6qqt~R&R4>It=23(=HuqHhCI|ikHx$${fE1(@7@nW&
z?jA+w3QO{Z>~<+@*Izp$e@!bFMu9qS3pb0SPWcub#a~D_B_=H%Iy?J`k!!_8ar!sA
z-&e4TEWC3YO2kYtWLQdv)+<rLJNrm~-Pt1pDGJ!LvQSrpz#IMfpO-CIi<I*8%Ut~!
z6YgvFX$g;Fda%s-tB!$rH!|^Mh7BJs9dWnTqq?W{x@>Vs>%8^yX4vl8==(f}ss(xg
zQcLa;A(YY4y`9>p2-{RXtp6hR{3+(Sv<4Np?=1e0g_I73O#_@swRj41Zz&~h<_*Q+
zss;Ch>g>uTYT(^&r4HLK2af!K7^eK|JY!0q1R-x0@k?**>DR{4SHbjUFtz4rUEpud
z*;$^65sy#}C0Xy6I02eeI%F8X;-#|xW~)^^FIjBybf31qm-PzQfd8QLn0X~{m&{mJ
z+M!~n6>=+b@fa3cjqMiSKlt;Ix^%b6A#voc%c?bUq~2fMe}`)<pv28Lf$=ebqd3pW
zuvoc<vrwX!3cX#)s2OP5u@*TpnnsoVTpY<S^*{hlGe83t+WiYHxBlFtp^EwNDn~`r
zx`LI*n3b9flK4<bjjFu+r$^R5*qttw^dpV@!u}dx9lZq2S*`|D9@x@-E$^5}1IMJK
z9XK|4REz7CMwJfskK_kFIUNn_EodHTy+wRvo2Ii%p=-xKb|*Y8O)N|iDxVOGPXoA{
z^{%O^v?<XJuvc<RPBuo?{`Im4mUkYJ0cjq4>~VfXK02@}=Mq(8_F)y1J&TH=4J*v?
z@0W-vqmSyYpTLbf9X0L87+fP;c*7x7$~>ofM2wskQF${gCVeaLG)y|3MEoo(ESraJ
zTP4{ER`P}nPHi;uSj;u*THmxPEr*<o5SM<IFKRZf7j8Fva=p_fQhMu5A+~kCQZ#*Q
zKg8KLz;%8FTkrq#Qkd`t$~GX|Ahuplva3$-^MZD0Qv-12pIG#xET(zZ(^HNzmwT_d
zoYHo=e^T#OgAx`t=8^)#o>z=c%O#A>Ig34zt}5O?|08Sy>p;P1y#_dJ2lzCcc+4Jq
zkTv4E3ImQyy6&g;?SJRMsJId?hQO<eY?4QS0vkh`J!bI!^Zl@oB>S~0)hJA6faoe?
zR}T=rqvc(Nzk)OIxh}4$Que-8EDhdc^=Z#PTu0Xd{7dh<7p+&@!q(4WlEwnfJVAy3
z^M$1%9DQ;}bi@a;+T6xq>Ee@}`#|8~rv{!ei&Q<<lrI1&!%vB6tjJ&LpD8W>&E8qx
z@wdC|NjKXQ4bfg$mnu@!Z-&qslPZAI{HD0WV4v#;()HW9o^R<eSI?@5uXq6>FGiuS
z0IG8L!3%!mu332nzQX2yX4s~2_LLd7TkWIJ%%`rW9rvJD%Ox&O$u413ha=q`W7{oo
zvJ>;?4C}!{Xj2`Zs_89aX^z@GkF%*Np1MX|RnVKzNsc2D?2)Rx0p4>hGgA+72If%l
zAKBSa(MSWb^Fyfl1D500f=7~OKo3T)dhF{~zmOZJE0|ZQB$A_!LrD34(&Nm!^=;j|
zt}7>I^B#7qp;A<B$?g%V+O|jlHAXU^814Kr>g-&)90FGIz+69Cbi;ZP9&>cqTHhfr
zFdIP}bfrIhJHFXh$`nq!K4xipI{t=&4WbajO;6NMGF+b%n^yd0UXnj_Pd*K){Dytw
zKnX%dVZu)XEtE=4fU7e?0x_T*t#eWgqE_+ymVDvN-AsUK;LMManQ`AFWORV0OnJ!9
z)Liis&7B{_lkm?w>$R_wkaby)1NkO)0N?d1w5beP;g4ry6|W~4I$_X3kCItb)htKL
z)?_zzroDTPb0RZ<0eo|vo6P$?bVJ=fQ)6H9zgvD*^4;dt2*Y~xlXR^!T=+sYTpUFz
zX)*IcXu3?e#htzapL62tvg5t~)=$wJj>2J2pWPn$of^{QDV2hNg-Ffsnf$fOIv-?O
zdZ-B#_<H{L3Z55!mT|`Y7$={7zhx^2N1bU(X?G0U*ZflNX+_R<lQ4Mrs^404J)U18
z#Wg|BIQ5|MXc<A{BzivIgKUIb#%Dcx3BD^L3{{^WI0hE|oEW&_Ywdi5yCYO^A_53i
z3ILIxWDnsy{-|P|>J*rre-9P0g;9l_<cCjX;Bq-)eSTKjWNq&A5j8-lRYP&Fn`-0i
zQ>CH26bQ3vu!IoItsRaqleGzUHRxYpyjj5dN^AH`eWUM8{X!IPMvEG!vnWUY?RueG
z7Sj)=vAk;#w$Gb&7E)5tmbwewYq0Xbf)Y&_Zo=x$(8k-OK<RC<N5yCqbHvn0EvV8g
zzU~EHr5(J6Fb|BjV0~0M5!00K&Kyp=J>ed{krXQG3opVxYzT#1*FzSYL*7W-)ZY$u
z%cW34hkQqe##AlAR-1_>9Qkk8HM<9$04P#LyH8~a3ZaQQ@YsTB<XsL4fjkM{v>mWQ
zayK{Kq)=G5v41h>Y+H)p_Q2m0b0cE_g7$#*q|nhnBZKmqUL8SYJn_meR(Ia5#_>*D
z-43K%gxqK}i^2VQ5ix_61EApL0(Vy0dU6~2Tj`g>lY3Y$in$AinhI1M8m*9w{#XYm
z!pR?cKE*R3DG$&#|9?WP6n1g;CP*b-{<JhdYdYj+l+J!#{aE3Gfn>AS&mvrF_&)o0
zgdL`wxg7Pqy$R4NdRMcNFTQo7;nx(>H37l7wsXy-y?%H=@9YablBgB7&v9<(S5TlX
zk?}=t?DTfg>-U5Eo#B$5q8Pb0(9-=l%RBIbM5WXX$IuqX^|3n8k$PVyBX{<u&w}?`
z34PY^)Zj&$qif5=;6)AlzK+Y&uN?p7?a2+sN$_zZ{=z6PV?^n&>$*J$VN{7KHT#v&
z7JN8c$CF61qzX6zpX`tW@-f@K)s|?kkGW2mP0<uUzy&PCt30HD)R3GZ-3sHizd?jQ
z#gdA{!EAH`w)=8}zVWmk>T~UOZrbyMj6h&x2@$ObFSsucF9^}FV+;W%gsgkpA_&dL
zT|Xa#vPmN?UHFY#K<Kv-({S+A@035Mv<LS`O6z^w&VjtkEM~N4-+H&?*RZy#r7NUk
z!Q%Q}o~AV;J5b7(-x&yMaIJMoH_m+aXl(C&z~`@MwWIoX(%X_KuK<GBhWw+1;#r=I
z#&w(tjR)PP@AW*-)UJRRfn13xZzJLA5}2Kkbn}-`e75<j)KLtNHezHAX5UvDzK;xA
zKwCRR-0Gt&Kvy95grqr|iBA+2WeAnU4*N}OSXAN+_|Wlgv*H7WGOpSCD(VUJdo*X?
zYkk!@`c8Ur2*_IrcXQs2EqVjSvjjN;Fe7Z-WJ0VNHQp1DlH)47v#k|N72!8Qb}NpN
zu)woINl20J6e8Iv0h4MLhY!zzqj`K+7e+p>ED(qs>!NmBab+oAU|w{o4EvvF*GiN(
zkFOC@HI7^=amT^8L|wtrd-4Zmn-7n8mv72!DJ?N)Ame8a3kd8d<{NTDGX^~!A8M58
zfRqnqC+zJ2G7}$&dd#O{e9NBW;bIJ|w$PS9+=9sD{_b<NsC~+)c-au)lEdi9HtQLA
zjDti@A+L^31K2L2JflNX?>(BaU32VF#X86QdmUxl`?^Vap2^+Yo5lh=6n&iL4fsmA
zUu%}?^=!R|3-SZoYNfW_0Y}_XZ87tcSlYU=4CzoUNpp3aG>~wL_xdzVJNK5SYJ4Gl
z-#|;*$W?E~0##gmCc}cPK#^uOzJJ#Fz9cf)l+uCLQIpqev5r5IU)ECmU7RpHW3_RO
zE>Cu468Dwf9DP!4cPXsiyFC%Vo0J<=Y-THQ<iz#V_sDjc9mis=k~1>(bm$W<#{BqP
z`6S9S;T+&*jn*@~<5pZUBk@Pz`_0neuW#Zcve)MY^A<84MYz$3rA;s<t4^lzx!|Tr
zn)}NphdjDDgC#FNAgF_~>Iqyki8YWCQ|HhGPjt5TW>R%$e!QHhFqQ{B)Zc;QXF+8R
z$$;t{P^On&ON=Bo;A?SLarxB1{-IFm(lL=4%@73VJhdn)g+T!v<EBcCvlX)Z=|nZi
z=id?gE;lfAc;qXS&^1Cj15l)oIYovgMQI9y+9{@KJ%AtnhW;i;H7?6ILYv6+(xHP^
zm!<#z+3674=9k+kQ724==yL25S4U>#2h_sK9_Q)DJcnL=tq`7Z+{d{7KBj5HZ}@@4
z`ZFLll2M>>6LAfH<w%R6{mJrFhq&RxjbcvxAUH1oc?GW{1{#Y!SqDqlfsO{jW74$J
z3R8Oz$9=83=JU#I^J*$*PEbuL`bX{DrM6W2@{3=H5i-FAROH@>Pq^zn!G0Z5mB4M?
zVSQdWa^zwnUUiRanz_s*=9q+!a7JDq?fyAYnS5^A@KlrRKtu~6jI2Ehu;UGTHWwVv
zB$92olz8S~Pc(O8ftqOd%8LJw-r*-QR6^)H>h81>4`29Z*oqv102wvQ51YuPUdNpH
z3|*@d;YxiYP6TkJUXuLt-kCPb{Vyh>E33-E{ufIrP0{v)b^zDx<aK~Vau=~X=uO7K
z664=)W<iOKn*dVFP%A_E;I@lc>UMcNiaNRsW>N{8S0*T%gd<m*?}U63(;4tpbQ9NT
zDXwkPMD?vcY~CxlUelb5ttMypHR~!;4>N`5g0%fL4gjc<?UU-)t_QDz^gvpt)^B*u
zsRO{G-QCt}7H<RnAeRaC_w1WGp0NCW32EWcY3z_3z4BVZE5DMFOsej=?`!DDGvDVL
z?DIft_S0LX{R`%=KE;OBW`zd3ekQb&VDs6<8kk0rcAt$7bFou`0z|jRqkvFI_C^aw
zKf-`;NCVOA?b&SM?xg%UBBycRUn8e|tu!Gb^9lln(7BhSon75XEwT4k1WphWqb8ta
z#^zrj(rsV&*6jH{nZvb9Nx8Trc==>;9*-Aj-MI9TT*l;(cVmgMz_#|@N$<mf$D%4Y
z&WKwhv`f)AE#@5(Vn1P$J&($e$||W7b2t8ubXB;&#qFw9JKc@rHua8Q5ni|Lzuhs;
z09T&lHs;aF&EZWt%QqQ}@ka0C{iFk08zQ4N=YA#To|JkA<laFXvURF0H8IXGHzSTn
zd4IN)zgxF7(gW<cZK(`M*09Jn4h2$TqsVb>42t@;(z*}$E6c_SW*lh=PH<ucrJ2!L
zk~5ahheVibD0i@4=M>i7=Wvv=bN0Kkey+f$?QhWqxL?f~tA?qbD)52V5oHw9fT!)z
zLZyGOYtAMuj}d^i+NPx>e<liLf$V4Z@==`9);#eIa@s&c$?s_+6lGTi?FksUS-%j_
zTVgpj#JlPT?K-vmSN)81gJ$Tc-`mSG>bn0;%p=FrivYGQ|5{FxT6zz-LVR6If|9c@
zb}^-{1>!?nI|d@9P0HHIvN;}hzp?_0&!-|QuZJ~`Gha8hHg~Q*OMeECV+fAo@vG&I
zZdN+1{9!{IeNgw8S&U3e@h(Uo;GszJTY!xOWu@zqcJ<k$d#5ppNbB*TisU6Phg*n&
zio2VETJoCUnR#z$UhAu}Z*lcfrm8nx`8ajrCUgZ$&zrr^KGiC_&$T+s%-MC*-vBL*
z4(*<j=ex$B@otwMtz9G!Cnvt%bib#OY{Q>b#3G-QPsqvLyeb^eBcGwv=k6vw@Soef
zMs3^>)OXG1Peq7<k}80~ud}+IwBb62ht@HV*-iV^3OiS~_}DI;+I%i`=o{u09H}kI
zLa}@f*zlQp%TxF6-q&%}#9V5Yx0jdi<)s!~l=U@B9PgE#g}db2eGd;f3re1a=FWW%
zVhDq~p`-%T^H)kb_FxM`_u03$ZnKXt0WY<_?8Lf%irp`#!3QnD8<jq(W(s+HugzL=
zIugZT&z!jEm-}GfvhpV2v)aLvVn2t)G)xsnho)6tBJj_@==180D)|Eb;we(WErM-d
zBgLSqm<`WiYP1E8+g}qr=DOs$m?2534|#>y?W{scw^#yq9Cl8c@jtwteN(mtQW=8@
zC_ilD(?YC>lJ%DU&zGmm2S3Tj9ybLr)WoT{uxu|ryR^N(d#2?F*4xS(oQ<*=FD2_u
zx2MzoDf>u_!!KBG=6OYylwV!(p+ny%IEl~F<_rIsDHPF@t_g|p_#V)UE}$`@yijUM
zcN<QP7gn-3(eMHmFdoP3DwWM)@f<-sM~*pjYqT}8&$1v9W$#}g))Yr(V1G=Ra@TZV
zM#21a*X;nKXP(z|aXf}J#wApry^}?%`lq0y{|fH+9$tzlzI8Bjw$xqMa@)FPjpQRJ
z3=wcj-2X7q9XC*{ihXb?Sj*sio-#h`IFxd~&m!4Vd`;$rT1=`}ML2npo_H*5Zczma
zNWaMQ<g(x~xy%<xt3m}KqnenR@k7AJ>fAvz=tJv?9Jy@TUh8kf3CYJW^x;*3nD8jH
zROrHky(Nz{*4KL<5+?#u^V*g@<7<%(>VtV3eX%klGan%Tq;c35-SvypqN}x$$5`WK
zDXSIupaupzQeNe1FMfEhgnj}@E)}8mteu5Cn|!iH56U|5WFxE2-N<yv1^3>QIQ4Lq
zzRT3~NxYmbt(a#=D@|uW%Qr)-Lq+0zJ_MD0#Ls((|NXe5USvFVE$>md&A}E)D}~+4
zT1<@*|B+=2i|9zMJoX61aLZ6x%T9O^uWTD{SiJs`r@mhWBE|oc`BJ9XyX*Cz8?JL;
zuVq$t#`X1(h{x5MBEh|c*_vsUq!g^k>YfLAo*>y&M%i&nLRZF=O)i`hm2%nI?O-|o
z4LM-Q9LvXx+=)x|uf1#eYZNYjNvWDEXAs=8cCC3QYgxzf?Z29P=*thx_iO#~EQ>ro
z9LPt4aJe+4Z{1W&MH{pN)Gk>%<CyBy-_-%S3x)#kd3|gYII5L3v0YP_9#fK>c%)R@
z1(<XFGlHOvV|MX{>^T$3?_Q)nA61MzvkYy^BrVq0kZAA(*WM>V@|isCfFum_{<ZS3
zyJ2M6jg!ZQGV{87S<nE6owxcy$n{rC44cl;EQZ9V7*p>br#_&8@f2nHS(>WbCgRP3
zwx~(z#KhsaM_KiAmGLX?2jNXc1D7t=7l9KSi0c;IRa}fxMnA_V|K47KSS2Cf`;jv>
zd8$liW1u51KvhYh@5xU#*(H~Jqo-Ym!+1Bm*s90{*y``VrIvp?_xv=RTrQMCGwIty
zW~bv%jG7DYiT~<!C@jG--o_<jF!Tnr0g0DO8B;Gys@V;p3+Pgr_QRs2uOvKzMZT-x
z5VyYIO_afFf?h+urN(@f8r>qRrZQ6~eE2U}bo(q7$$Pg|^uJ+*z3?mupTji=$Ir<B
zGF6TsianOiA%)g2*c9##gE=D1g9SVK%T6t>l<4`O-;ZAo^}ej_nT^t8F$})bvFb=F
zhYb2KBB+t;k!g89?5+T<cV-UPw5|5AP|D$N$$&!ZkfA@q^(gQWxNUjsLYMfIbx>Yx
zc?;EH`l<DWN>+@8C|~jsj)VG`<X*P1N(PK)CT#|87w3JhuB;KLd2UU2KCGOj{H!)_
z{}VSZxtv|gw$tu>e$i-ly5jRZFKCM-J}d0@7vdk|&j*crU|einlVLb2-ny#PYLm?>
z$w5#=`F6~JDB7eCbmvBom>oOWEY+Wddd8H!)1xP*D~$_OP7X=g@hKSO#+V!_M55JV
z{N+Kqw^9jg=R7A<2cGOjMh#%&nqNYt>(w+Z-QOy$?)LFaIRcy%fC6vAAoy$BwN~`|
zrmhETl{F#X+V3~gALF=aJJlyIrsL&UW2W1rAh)-QYCX0e>f{Ug@9cjZq0$U6oc*lz
zndr9g0BI#o{Z{TkV|||iNv;>&kpG7|E6JUUFdlX<@Fz#NJGgrdHd?4IwW@BC>tJ7E
zP3PHfDF94R*qULoj5?s5P?sGKxCSUyOHQ0R?TOeluCM>xSjYaZE9ux7<BLb;(arPo
zi-oEfxjwDHcEav{Ttr*`hpcd=^91?w$s8^rr@Z?4y9(Kty`c9y+7)+*5TDgJeXE<z
zkId(8+AEpDR;~WBR>$-F4fo1UPvd18>W!m?HY`M{2RoFf6@lPExE~#GpzssNs3*No
zpvoOY2UH}sZouVD#}@1lYLmUnHG88ADuK9@HqQc^=C_AGJkdbJuS8*lO1sgE%w|zQ
zg)7TAEmb!_V;4pvJkgBrGd}-w?R)ij8XO(S#$<5q>*G5Ybf&g%B=p;$0gG%4trmx{
zEYT+Tm(6v39-TxUY9=b_{+;d;`f!PD2}7BuL3RTle7b9&oKs*&h9{)Cm&9)Fc_D#z
zDt!=fZ;bG)f8<8h-<h0^m|Zb~PNOVKh&$@V{!fqbGngir$k!c)!Er>U(SQ`kK`%L#
zlc(R;%`0VZHFBJ|(?gr2GKfJLGA7XEhT9bAM7rHYT+R{A(f6NHA8=*aoDHJ=p+eh5
zNWWa%e0d#oJq_{0e)814+E1Ov5_tf&fz#$KdROk@@8b(Jwi+@Si4}kNYo}z7{vjOe
zr+Alh1HU))_kcP+Ehi_$Do`?<Z%Q~Fk>Sfy(HtR4-M18$Ub@&y;Fb~Z(;nD<s7!x#
zD7~qT6uD}4)arf+Y&I^WktJ%;QlPE3cN?!+SfYnxu_}V4gpuL!{r|SrVJuaU?78XC
zYEOwZXMC1<nUC%LqZ1(MVI_mRKp}sT_NfVrB&kwW4?x>{4>r{V6nm6+WEC+K*ih7{
z(@@kig7DM|BQ=`=K6GGh8)x(w$3G=qNBZimWm?%gSEBJRV|c<8sExiS4=47(DyTOV
zJ)WaHm-n-ewaU}Zf0)6CI^<9_GmbptZ<A6bPkK=xM(|OpfA%mLuz{2E0mctBe;W9%
zoE((52?Jbn56ccS3d+8PoGT%GG#nMX=wVz_$#Z%i?|!+Ll_C#spfbwt3JSM^UbIft
z7y=5EB8zzBrFAg>(2rnGjn^2BSk8}JgpJ~W2;uyjfO8*$QKx<5{=qC^h~8*VUVbD0
zChbt_V`!YlTh~G(P9u6ZA}U_0I2nV@&5njs?||}?va98Ldf~kePEbG^s{FGThZ`<V
z_iSk>et%#<Cj=RD0mhhggH}vzHL?AFshF1JB4Vh8Dq%Jn(t~<YPqL3xF>%7AgoPx5
zN6nG|^5eWmMCWcu+4P<>oqR5wT=s9pYVT@am-0EKl4c*x1+vZ`fj4;OkIs9@jPoTz
z;|i2+N~fEt1cC|QExRhRZX>|DP#b=N*)0P1=ksQf^SzfXi_dL)64U-@kW>m!GBofp
zfg3wJj{#xExw$bX<FA54ZjS4Lz7)?0wH=!VhwzOjQ|=q1g()NZ6D7!=J7fs7A*Qza
zsIhwUc8%u85y~NT%r!_K%<i;7?S#ZP?K_8a8h}Agq6q}cR!@#1cXpERf{v>UW#=2I
zg}m=#Np<<+j1V&W2TM%B!D(Q50~$9glZLd8@EkRnJpqCg`nIh++Or?EP~t)Qv7Pk!
z0OGTwXFHWSh`2>Nm*I|WE?IAfz|SZ`PG+!!)-c-9;xI0Ia}^1ca&>>&k?TJW6z@RK
z3@CCYobN%ae>!{F2_FbHqU`~>nbb&!#{+iCQ4az1(~-anP|n`l017V20{!sv#TFnC
zs-=8~iI*8jyLij^n4AaugWpF%8=}Ww&PU(9=X&pG<!&|e?QwCb&nL>tkB#wvM(!(}
zDT@-@E3e7x$hZX&G?E*v-xU9=i8^Upic0VYP%o_-kD@=zXwW*{t$mkj(ZCjT{Y{HS
z!*%!I$E<Lc$7rL<QPL-9L%+S<2hO%Yp*Ay?2N02*9;o#8DUdCbPT@+e_aqRHvT>Lw
zj4X2J&1?lWqb;6xqCreXn-#PJ<kOXwnuhel{@YDbUlB_Vu$D9oPgFDx_7yZ*)`(ae
z+mAB!obgH>#Eb?>?Nxd^Zz5^K4TsPQ9`LyAoC%)y=!4A-W;=R3F!d|d(v;8#w(3ZR
z{gksVg0MwEZ=EoHY04ld`pO+wHm9t2zDsS&xVFsL(di*C5AJ6uI+ySGr42nnKe6$i
z=X=IBPvhpQ;|Y}h0{&3<G)w-Tp78iM$A49O!VN~%gN#WZ48{$3++K6MK^lLK1RivB
zJk4+%2#G&rX0zCw#YE1~D2-H`2=pgTf0DQKd@6sMpFuOkt(&P3l6iS_ohqp~B<MEp
zF#1gWX`~n>KcWFAu9jw5KD9<@4p~1y05%xCCV5Q4*R^+}8eyZ8?>3*%551)~Qg*xa
zoNiw!DeP1arSRe(fq68@^dGXW_eQniDo!Oa*XQx0&^$$}hTB?%i_H%E&^5OZ$I-;0
z!q!9ZJ*dFfo`}<7hetItvc0>0vk5y3M)}f)>@{{Oam-g8y66iMQ^;}oq5{t-92@ik
zOMx$L?j(Onn*La)rL$11=1j9k6Og7A{-SGCkK3uMSb0W|Z`)b}79|({@`eE*IZ@%H
z^dnI1Rk%oN<Z&nG8S$~6)%Eeexcy@+tm9t9hVH_%Ag{Y`IaD_g*Zjhn2fX6p)JMq-
zEs)q*^)5@;#{_C3l2^D5jtTszcHt`@Lgqav1l{7NUhY6b?;9KI5w}M+FxW)f;Gb%3
zY&*v#v<G1(B5ilaEA|qR>AWp@5ayv?d3pN$zK0iWE8_O6=$k&2i<lYRO`rMCjsb7|
zwfTl;DRkrsi(6|xA+`jR(3*s+IE`2Pvc%Bd-RTHJv1W3P_HI%?x-iIZxJUNhR9^8_
z+Hqe+y_Ilu$F#>HVDy<9bqM~9g8z51ztVx9;mB@JIy-61iT+n(SqMQj%P}<fR!g5D
zg+jZ2MqPt0G<Ij9z8~kM@waj;S*jYpMO7cSA(#Ve0qiF&b?P=JZJ4Dn&rgS%OQ4=U
z>sj<dcW(YF4&faW4p?^V5`nacz&r0VM|CL+a%~w2%8^`wXA;fSQ~HY|DeAqJ<OCE*
z;Zm^k&b(S{h%skcpb9GMTevjznZXu1!24c}v{uVEwgHhIF&jVc3*Kt7N(VF_T`o}*
zOnnZK=9ryhMb$2`DaY1^hq3)?-pW81B~$=%9hQoFQ3x8??ijEk6%WeW(}w#xg{*IR
zAp<0od+@XEB4|R>SfhY?D}2m`ZO<~FG}J@uyj-p}-Qy^An$R?j^BAd5;LrRcN0aNa
z+B6xx^+aNXCP*y<cxX5ILs6}?T<sX$K^53?EPmFMFq&e}x>eEgCY7Z1E6elfs|z8>
zu=G&QoU++Xx5wlv0Es|wou3=+j%=kL{#IXjBQ1Y=;FWKzO6#wGvat10)icd~p>Xqc
z_uv3WGluJ*&9L>B#Q-d>`ux1TJWvLzHrAtfbwv2p+<Yzsli~ijQj^FwK9b|hhSQ4k
zx%KutT2XBg#vN6;ECMKqqnk4Fy+x=Do3l<@wVAry`{L<obygp$%tx&DHE+hTmRlt@
zZ2!B>4#n41R!?**{x7uQKUohR_dw4Q@wt9^bY7cfz;Fbrkv=#%7#N_qkrcd-o%IYG
zs5J=?d(yg5(i%fl=7d6+oS>~QF~Fb4QX^(HEiGo{FsX<^3iiDX<ZQNmp|xYvrbFe(
zx%?`m*0V+`kMMLtEw*wsF!Qp8?FIpOW?a+eED*=B>7(ZdS?CFf*(G%m+UjsJNJ(6E
z_;v!;(Q9D+(8n5eSAxlIcnS!9;ykbSTx<>4$0h2#iq5Umvh7m<o~idOK!0%spY1Is
z_UuvVKl6B>R9l}Fv}}59SR(JVKh$u*{VlpASW6ZFfW-g#Z`hYRq>3c3;JB@Xe1DGh
z^w8Z?HES)&fG57u`Tfv*dqCkoVnt~9`N4}*$Jks$$4=2NYKfiV89SXv2pnlP;I%}S
zX!9?{-Q8Im(Jjpn6~BaP*IoezkXgv$FFUAN%2g+#xk3hg;@skjBlAS)bv{w(-@3pf
z{aDy79%p0H6-xC)Pe1`KUOJ`sgm=JJxXE{6@A{fouOTa8_ASyl*pQsJQX=^j#YEH`
zm0p#}&Y--dSKkQ!?<6Ik<BLGWm-VLk3o0^^(emp+^)=x}+2ac}5%Cr);cBn7#dFu1
zreF$%WnJ`)fX`4ky#rUyZ8isJ9b=jDA++S{I(RNVR7h!G<9ML%AElFD0UVh`LW$Ut
zjpLaAc+W>>TWoc(HuY0R`=n+bEAeFJ{drGunjH)Ad)0Y-^@gcU!@KrNCxmsFdEb0&
z_5A@6e|@st#;Z%R63p7UX-0WlC!CGrDuS4>$rF{kbm8cTfWWNgmW=klns&@YlhKI`
zjZ;W*`nI{X-#8;te^mN=PzUT&p%JhDYSOLOXP0tB!stj)z3qRH;V3h4fzjf22|rAJ
z2J%<(+tIC7^qNP=F46S+nRlCO{De{zbXiLS5f(y(j?SD9^^EY8^jK~4WbULG3sKRU
zl-!Ad5t{Hm(1-Jpr@3IL%(g0!2NNoJa-DFRpNH4%g^4tT)zC_BZ1Dk9GaXjg#Z_PP
zG|4!;!uZ6(d?g4d!fa(=L4%9Lgqq9eG*9&{Nafc@xjjom6kYOW$rrV0J}f?|5LKop
zz$aMCB^wj4=TiLKvvD3=6dZ5&Hay+6VKq}u^;K8dVpA=KX9y#iv=sKhx-YAI{ar|(
zr!$c1uSlh4&h@99H!JYsw%~vB&~ro4KVd;i3z&qq-w-XQl5Up)Z{@U!|CF^t{cBbA
zhZ}a*J*!eWd#H(~RggwS?-ucez8mX*EgTa+BRYYw>7j-sfUT<p9Q3cSav;zNsQ2%>
zLgJ2kUDkolS%d!ViEB~0(lQS}Y3ReE5-kIrlwd8oZT(MS&21BIU@+MoB2#qUSuTHT
zYUuiL<Bgo{k(_&RjV09kF|Cu1%>+xZ|A^;;&xur#PhAWVbj0o);DOc8%W=x~==eFp
zo#Ba(+lZ|>3O{sAOiEoU@7k!$c9Ij|ok6LeMGd|AXosGRrPcs_C5(C)XKS69NzwsV
zt(z*+%fBA!u4RJwy2|}?K5VK5f`wb{YdtuBx=MU_-0Ir!R*3R2iW=F_;Mwr@GUaJl
z+7Nhp4UTh_Xb41_rh}EOl_3ppfmGb!T))Hp+ZdQPgsV3ct54gGdbU*8Yw{BBs{iBp
z%g3k5s?kK{A6fN@-Vk*Yak=LpO;+jyQ2x+f491N4roL~>Tngg*EJm9YR*!b*ok=hB
zsz-l6ZR||U2zeWkH1fi3Af6x~wIQ^Ux1A@w=K?v@L3`({-zmb!IH|32`$~u=&cU>l
zLZx#3gp=HP;rr4zRp0jr=Oiizcqp|5ag3*EZ&sOX^2v$%4r^`>!kSX>p)GSpP7{H%
z{dKMSzKKrv3vGHOqX!2!y#oaL7Vq>G``FGMeCfNkb*d`pd+RLp8h~DMU6!?u2Tlm%
zpIZ}j>lZ+~I6A=%Bq<ILiA5{bsj-gZdUuCdp$W&+ee=rf{(E$K5GkbF!qd$t&u{-;
z_4ueyty<e0EbWJW;%s>030vIw$#H`xK#3tES=z65HR?|4mtOgJ%RrPJ&_y)I>2pDN
z_HDm$IV!A(iwNdwR|t9?LC$KgN6t0wqw}&T*2i`owwoW{@}D9kc%}>(+szRCWc8_2
zVey9;W*+_3KUJXZ4}%T3mO0(mu2~|oMhBj-4748$iF)-6WW2pDvfy8n1D>hJPg^A5
zr?+bS+jFqxEMcV~k@#t0>H>rt_95t@d6)-*dT8xLAC3oa^(^h{@^U~_kxA@>iL+)c
zM?!bGJ_b^eL#d{oAu-xTC7>`(MYO0B_>s%0wh}2}^GE6vr_6m=tkeCd{k-Y05Ft5o
zi+6x><J4LwSq<J*QZN($j}ZFvEBx-!SIYkxK7%g%r^2m8e4gPy`%q>+D!r{IzgRgH
zXh*-!5i~6MkGkyPHf865Q$jwep2hZL%qYbPFHI)?$XazYkj8VtR$W_0@wn-=Tc>j)
z`rU{Xpz1N-XBZAA$I+)YlQ9?;Yx`I%UigWS?=}s{TE7`MdoflFk#Ecq00PuU$k|A!
z7yJI2oholk&fV&7M-M$W8@)yM>@VV9=0{vEAeax;mAW71T%gl8|E)lw(h<#F7w?}t
zp+3YOo01yq0R1DVZ{Qi~d;rC_+MSZzuXw4w*$=c=5PY`rr6%L-j+$VsM~sf@aIT+3
zc`?zF38g1g%{4Liqt<beOJ8<RsMe(-uT8TWgS#4@;Y4|{3i+jzbt`g^4Idf;d+MLH
zwf&u^GX_^J2HgTj^Dxi8{!Ya^$&qE%)yw&}!t~H_%y`w`zwEN&`nW<R@S%>ka}Kd4
zdCHb$QjViWBG`Iy3qojZzQoJ2rIMclryeV+vWm^%PnQK9-SIttk2qFYBS!c(v%ala
za~7#g{O!5$Fr_v88&SN1V$LvW-?;wPi-JRW|G0Wm$853ms{l0c#Ms}GfoMAlcm$>7
z8tQrZeftM&{eFKz$aIJYx(>Awc**}xR(RiC&TSCHMjVto|6DQp9Nk-Y6U(tT^9c8L
zj*Zy4R&atgq14uscqR?J1{{y$&T!Y=p-CiIZ<)o)3^Eu9mX>Qp=&)tA40XDA!6JFi
zBU7LOs>dU5Qj0TW&Oz}xSBve9U70MT>}u<WlebUmXNe8**Hy1;>dxE)6%c4o|2Xo;
z8#{;hzFB-uig2@t3#G$@sRU>P-+@i@6O7bEdxV4tP`FiEaEJMTGR}-w%hN9E3&@L?
z8R^0CX}QdsK?8X620+v6<`wc~+($SUjf-iSzApgYI26@{4l;ROf8k7F!+fbY_BdXN
z9Nt~G`y$I8_j>>fXng)`!!_;r_uj1AqC!QN4J<zO(@2g<)4dKks7C~9r?machJ9XC
zsaefX<N)g<+ivuSR#j+gt2WaIrQ6YKBry@p=a7-FJ2~?~EbGDB6s>l#WKooO{bIB6
zC(HyL<@mx?V7p4)brbg`Z#@<}4kqPBv~G%lBsQ_UdRdOc#NNe^ds@EHc%<}~q#r+@
zVCXfw`Bm>n^_wx?{J}w(Ly9=o7rfO+fBF&p4cP0^W<JQ;1aBN<9aHMjNXAzMFjqIj
z3n1;{B(eIt#@WC8ma|-aL9TrCmYdHTyVDIsGuRU|Mz7iX>Tfc+$^!CqH}5!ISHEH(
zr@wj6RkqPkSZ;waTq&+5ui3ZXmLp?V`1}6Z+I#-{r2m{YLA>^6>v|crzbWi<3rm_V
zsn%vht9n&~!Zi+4U|zOZo_}ISo#odhw4qB`&4fzV1E*j74mqowda~|0tLK2mrzVtw
znY;MVwO_wp1mNdhO@fsKO8EAU7#XGLOjg+na$KqtK>s0YT*+2!u*0NH|8)Y<-wES-
z-174Y-!|8_bq~NjSGpphLYh3ZKk|6$rLKU}3*eTkk=kX@_&!%@0q~eNjtvtVM&^@c
z5?s6brCNO{8?6@JuCHf1Dh@=u>Y23X={L@dd4u^m(bt03R2k9b!@*5t^sjqb(uBE`
zFtYN}*vkpk8VifhDSLvxCyZlgf!#Yu<rmZFFZW{}=gy2w``QR_PC3iWZ1n%UA6HLG
zb^ZAy)wso1H=Occ=d4PYz)8qN@Uz#B%F9@9Zm)fc<E{GY0oaMvG92RgHBi*njLtR*
zx5U3i)+5H020THwB;t_v5y5xSdtRis21tq9!6Q?c_Qfx_jmMtj7-*&u(!f>148Nv+
zz7?B8h{GeM2ThR@u<!TeNFR`(0X$U~ecpDwbS2Ldiw!lN(i`_AM|<?ID%O#Wm(AM#
zN>>_ZO-n090ed9Eb}@C-{^Ep3y0zx`$xbPhJpRS6tba>pqK<-|=6Yn9vpKmpbaUZV
zOD35bZ)1YobNNecm&QO3si5F35(xLGwc6<On62tyE8M>g3XniRI8L<k(c(m@n7M5D
z>uI!3@Suy;r-o<`T=^rg%zjIZQ+XD68sO0PB>l%d;lxw(FaE!BB*_cf6?&ddI^7?2
z5*0pDPJ{$F_^%fnR5W_Etb1e%72M8WGA{BqRygUKTES*E-V8H(ANXHu!E$)!p2c5l
z*9}p1k%QRd=c6M58=+3mi^obrvzF#!U1T5@be2=$P(|IE)FKtD7{p^mj@{}0X_ky|
zGIY8tJhRXfH<#u`*Gi})5kjr+srogmwA+Du!p^fIg1BpPzgL@$d`svCyFQ+NwX3s_
zq{+AmAriu`@2baSt~Fp!eE1NMt0z;hi2f53#t}fO)WKz_KjGUZWmz7ZJ2~0*;s;qu
zh&nrqxtkzG6HX3=1_<RjR_)H5bZ@vS5;t(kqaZ&;pbx}shg#gwF1RUQhedZVU!cjy
zLL%5_N3YWX=qOzLUKz_u6Vo&R#WBT8P&qHvBTg=_M@L!iF%j@gjOu;-P~9=<XMcLE
zVlW^cWthbhwy2#Yagp0~0p6+Oeupx&W)2(IUXZ-V%IPRJtP8)$Ql)!&;fxJ<eqn~|
zDyMXYn<<yVg>A*7pygPV`7rxf#kwCI$wqHWBShy$6={rR#u_f_F6RmQ6&vvXx_csu
z$rAQKTsCv&Ya`cgkTd=(qhPn2Le~~c{$uzQzb7oOl*8O^dt~!CtXrYAsk!g0H$)&D
z!K)Ta`fxiCfW^@B#boDQ`iy`vd0v_wyKT&8!*itE{nCeOB|V<pL%%Phm0PeUetTwb
z2>8IUgmVRr*k`6PSz2o=@6R~A#PQ~QR0QR5AX$!5t^MC*=3I7bt6@^RX~!^oi*=+v
z$=dC)v{$|a!_tUfGlourpxGK*<Q6_fQ*{oZlbm^@7rV2x#kKaC`@eCAFHNBJa6bEy
z1r(=qE=Lt?!Ev}OY@u@(>$-s@!H(m<hF^q%Lw?_?@0f3gPb=@#uv{P=)e8b$b!V0!
zE0FO|6maR2)g5NzP8gkJc(l54+(NHb!w<1P$Uv6)c`!>otgum-%r}?wNjK-^?Fp9h
zfO!v{MQSv9{ZPP(e%KFzI0zJsKUCy>U-nHsYM!5i^;FRxyv`^>EzLZf%KJ{GIk5E^
zBR-~6OuZsMYo$`9Z@&^)x~(c;zia!am;Z_H=~lb+#|CyJH8S8z9dn%8SdNKPrNT-0
zGMo$AY|`EJij!h)C-Lz=+ke#Ig9~UW>HVxwbJ%4X>^{Hz?D(Avd?z7Q5nSSt+LUyr
z8;}$h@$2imt#==7K6av;=2a)=9;3BG@cgB2?GR4Fw4y*0Sex%=J?_%ck9{sDU@1IE
zF`IVWi)%Xs=L3#u%Rit$NK#Q}qvc!bv4~mg5Q{h{?wq9OM2mb<h5bF{kPJmX(~fDS
zM8=CTv8OZ7GE^NcZJw(sR=p38%H)vWalTMbnb`~DKvVyuv9`aqX;Yxzn>C+|)G+7U
zUn~Jrmv5qGe#V*D%i-j99WGg1t+I+dCc(d$i5^YlZ}5xPO!yU^-aa5$K>ancgV$(4
zX*QRTt@Kg*Ll&)R7Qr*Tob$Wix<H9DDOVgCcl#&w2nLGt<Ofx>_8tW&1$<|lSD4%C
z$TJu-V}0m@Ep7h<itk<XI&iqbUqqZnDr>IVQS0iy(a!;ATub&{%g3VR#udJt7=}6a
zUsv~r(w|RF%9vX7GNLD64bMMc)xdX1zuT9~@t%laC;xQ=&2{KT@=H7*J_T0&>x?RU
zYEniyD*6d3#Jq?MxLOy=yQ^DzW9F)jRv-M{ZJn?duGZkt=vf~kk$F19<rmDJ*51FU
zCGBtM%sa)<nX4SpFrrx^c`2+XLngJq{@?RM`n5ssG$9Q5QihEl!(9GTbF+@u6FF1*
z5^j5sLQ^YRZ914H;{C@tJQ>pU?APJC5!@q}Uwd`E6ra&G$di?}0!_Lko8}uIg_rj(
zl<m<PB-^-5I0Ym71uOl)AM<S3w;FjZ{+MWJl`YVe-I%@038+)N3V+tFl4u)$V(mB$
zCw=_A^KOYSpDT5G#q8LH!5OESxllpozwwF`Q<hXvTxq(?T>41$(meZjTR-x$3i-x2
zM!#Ig&!>wlk{q*FbJS01OBv6aY}8>_%dIik<opAb>D?^?o_fI(Qr-RV!%6PtRvvsF
z8xEZj7SuQuvv89k<=Z8Um1}fe=m(vq-N+vTuAZGz9kLPOs|{YAhk@}1(Tg!0?_Bra
z3+5Hb6ON<;fZ6CC^=m{`PVzTpihKhJWw{WZHBhmHB^e9JaXP=eK304ELh>12H*NZE
zpCQemL>k9=KZ@$j=#|!!QF-G+%cyQ^`$XlErzh@$b@*}?o#KwnyqV^`)j4I2Gl?9V
zA9My8T=k|=Ha1?LeXtr?Dl@NDe{@VlQk7GsEw>ia{4{L^`U~Jb#0Z691p>@oszaAO
z7*3?}8B+4jjaOeCfw1p9Ulk7DW2cC7?VLV_Ej+tkn^V@1&H{9)zB&$JU;nYrV5!>Y
zYg19V*!zR=MWgn@<@wZGt^p4i=E0*BtKtG5dwS(=6?0hRv0j3V*i*V`1=J0$V){7L
z&<(E82=+mx?thFTkaiid`;3YTupY-%mm}x<54!*HcVzPHTNtWc%KgUJogQ>)cAYMn
z47g0PyV16mjLE%Jrml3OiEnH=!2G6E3QCW$-Q<Y>s_>?Nn|(DwHe;w!!}icvbKa(a
z4okOZ;Z#SUwYRkgRl|dAyt)(3Ti}vLW|`NSh0zH|F~aZ1c<7&K5wDEH{m!6~`<DyT
zkG=TY$1-`Gq<f%T)l<$~sIzxU;U%>JGPLt-qqaXM9M7dW?W7duHD#;1e>m7`bE0AN
ztdiW0Vztt(f3{iU9;v27PCsyW#6(iB4CH2Jlm61In~nUZv-yC9j{)o-J$Ao4Vk-Al
z0>}6EBbQ`pk=(C#B~OMk{`9JkH$zWuwLrgC>O~X_s683P@5`3LT2V+)!=qeR%V(k1
zf6K7;FSfK7IOb!WhxhF-)g|ZK6hf$a9jI$J4g|T=iv@S}O6*4HrUOzHpsQ=J!uq`W
zHOlwPVFk-1+3P4s4k=Ek*JDZaTJS;^31+Y0%6Fh?q!*qe)g7uxSq<QWB{Al<ZrrA<
zZ&ZFdNm`e_lw|wiq?5mEvSKE1)aK~ek*7V$`o<)3A!WoAp0QQZ_f+gpR#<|Zs=oSF
zGFEvE7+EE0ud{XIK!n5MZdFzLj%rs2Z-oE++~Gubdh6x7dWn5U47hNryoz{Lx{vt~
zu2A{qP)*D@J)ZK9-$8um0FeINsV+m(UM|wc>7z}74B?fcOz_R1w<D}IS4*Y)lDpQ2
zmP=?y>J`y4yAGJzav4I%LiNKXGg;b<gRbp?$F6C7dm?!wW%pxWj1@E!W^`V?nDja`
z*#-;;x@i5#_o6%KQfULzW~rgvv`#xFS-<<fT{pIhI89@iI|xvGAqqfnL`on06>OP*
z0D;uRBbxaabVH(l`89v`^%k&KPSf^^x@b2-2jwcDba*i<(EkCj7|SM=I0JJ|Jm3sP
z?maVo*?~1Wm8YX@dK6WPe>Zx_dwi<!r`Kl5#47OROOfx_uy*<7Hm+reFnjinr=wGL
zELD_#{ydmFo!xx>M_<P-xatF{EK~6DPlTrpG{tcg_5Z@!_5${)IL-J|S8w}<Q@!>o
z22A%1^Bk=Vxz0MiHg+%bkLt4xPv8%Zx~Tj%TbUXD_~!-KyIlDLzmXP@<DOqn6swN#
z>FqgeWk>(x=)B|Edfzv06m3y$saaH8v}WzrN|mA%pAM^P)ZVFDMG{oe+O(+JyJljS
zkZ8@?J4A`vM8uBB`sMrk>-_P&&UrmaPM&k0=YC(;b+&~H`jOCDklSXbsIP5f*>^@7
z>1pxmoUi@Z7#w+S=DZ9g#=YY|2s*-rksT9TE1mzZ=ze9F&H$Ht@+a%qOe-fC#->9e
zpEj&VMvC?CULh7Lx-m=FT&mCJ=}{~z-n=(M_7Q&%uPnxWgoZN+)u_%GE5SZ{I&myA
z%B=O?sDe!%i;ssEHmh-<8OO9;b#3G-c(th%m1QAb<?boE=FeC0B#QoJcMjnNqMf$A
zymuFB7)I~EzZ5@LzTkkHc<Gf%r)&DL&<pj!f$D<i=mcli@#xBuC{VTc*OSf|U)7p$
zCZP`N_N+qpvttJ7iUkFX#nWRhgxp^4jWE86pEIQTorKWpz!Nc0@i9OLLREMj<L98#
zqK{2EC=y9N<(uUjS&T-v6?>_z0*&_*kIrrwe;Rp%CU#c2fUTrY%OUt7u1gUXtxEmA
z&1avzjv;R^21EhQar%F_U|sqAZMg@Tx%za(U1$|=&sgO(yRThy9dwJ+5obA5zOdA8
zcKFC{iOoqvm?0zFvN6d6;ml)o1(xy;o^k(xy49vk*FT&~z=&aM+~;t;!gg>!g9q=u
zc7rUEO$usQa8h1cawwD&L%<?DF;Mk<HGX%~>f@0Tt4xJoA6DjA&-^YMX4I)itmQtm
z;bK2F|Ds?oe^X~YUZq#er1KrVDTHf`KlU5nLWy5L|El>S0h7o#Y5FMqEwUk0n!!ig
z9S@tCmjHK|N7f!fUXZzD-i8O5r1#M}pHpEg$EtJ;e{XH4B-D6RpZqCw651LXk*?_w
zM~h4cI5gy)*w5IouTBHbYxN|Fy3O_^cP-Vp2U!4>%wiA^!-|_0IUq{h0bRqrp@S@{
zGuLx(6@^MOWt{9Kp=_8>D@A!Jt<{U3IjH&btKuM0<soJhrtHvJEBfg=6z!|d@LoFt
zq(`S|-!JIO>hYsRKG%FN09)fiEot>IJmtm0a`h#Wjtw)qiO$UyL%W`g9XIh~->z3|
za@iDloqHL3w{xm5sQnWAFUxZXTgRr3;}I<E+JP%oqhB$Ah-2cV{j9r0iWFzE5ryM$
zyCt}1!e#F-W13m#AoMWdGUq_6ix2*o-LL9m9V^qk0+u(jjNRD8!q@{!&Ay!g7^)af
z*dzD%0kAX4ZcugWB})TrVjsZ&o(M#-KZuV!<@!9*Mf2`V!4P@SDH#{{%SOo~p-w8|
z8o=ZF{4|p^v#PVKe`|<0iV^*F*wN(0t3E#Kz98&QU(ojJZmyJ;XO`=?9p-$Pl#+24
zdeP`a+{I2CjOz}@I5MzF09$#{N*?xrsrbQIr~`|c&BjCGDW6BQ89O{BNv(;@^`ZGf
zBeH4Urco}4%Do{5q4HA7<e(m%G0psakpC5exoZ>Qx7u1{q(|=inI2}XEj=N>Na5_u
z8*QIdKZP#@X@3dejTl-7e%NXMG!jRAt(mA1lWH+}#hKJ=_d-L<RB_kvj}DER)8OYU
z;%=PJjg#@Fbux_#U^|$sX#URtgE-OIS^seaYOHrgVBVe0eLla>%4qLP{w~W5YjqbI
zG6J*VDMPQ54^xrQM2N~2D<ikY+CO;{5v9x;Q!qZ8*~!pctyatKE!nskBO}AbnH$+c
ze6^z8kz`)EnjICxQT)4gp?MvfF%`-;hsyzhw)!2(j9%x0B20k;Oy(YpLBWkC)})G8
zPS9>tcxNUhjX!w!Gs0HItlF68X2+(uf~EKu(%z+`@Dw%WH!@~?u<^_UpL$XH8^N_@
zc$-R0YmgVm%a-j&Q=@}AC&5BU$JxI2#ZBo`Dsb;oyEnh3K5n_^huKZE;+Tc6|4fFU
zj!o0>eE|Kl1!g~EvvUxhPap-dMjSK4M`~r$4d$<oOSS$82L>!)QfQCI$zOaYbu`YS
zrE8j7rfL)SPq^}Opa~>7sR;4YgfOaSq&Tz2oU_?KEwviMQT<TJ&g_)y<nXI`g`V4g
zu$Suhe<bbne!$P>`u%xbBDJ#6d^jZS9D0Yvtl9pn*=FHIs|t)VmD%DSUsy7a52TXC
z%IHpiTn?_|y?Ha?k)q}Lze7y?xE(TK1h-G&>Rb*>#7Q&L)e&yuq>5mr<B+ekt9!~c
zfx5(oj`8H(G4gj9(GGNr2-P|H8o017Mrq?5H~kM{7dUh2MMeQQBB<0<KC83WUL}zh
zVbbB56D!4JffmJ;8-}lS8l6RH1n5_@XkM^C$LZFs9yxt1wDFT(f1a=f4+y|YG{4d%
z5!p%(EK9QCT0eE&Iz4|)o`k+dD>>jo0;s4TBnH?Uhkt>x^{qM%Tg*BqVQwoKg~Hy7
z=rfE*<peP#CAV_WSR3|1Ezzg!oRtC$c>aFynF>=Jx6rRIREw1K-UM#k$$hw8OFTD`
zG@6p7!M`w?cz;zLd|mM{!2C(ryfwU^$>(goSF0?fQwpOxW1;{Pboh7p<S6%|!!Xbc
zAW{rci)vmK9tQ~QEWguuF|kfZ*vZfv#?xy~JXX^hz1nUUtz==1pR`95aw?wM#hrXS
z5^`)QcQHl3xa)kZV`02=5&*Xi^JIi>*q(-m%)>SvE^E5rSvfa;(~ClcP>pD9KFC}^
zAejPrFkTwzyA!{)b)b`Zx^@(hUN9K+5XI4Ul`Wv7pvwQD+NHK6kIjCOw2_DH7uqm$
zbDI)Q9O=wxGPIkhrGyiGdPpm%`3AF34p0&B$bP7C0S!QpYm1bwt+Dwmpe_w?wOwKh
zc;Z$>zO<=X@B*1-mtR_7%(n0%$R(uPDuZ=wJzRs*0)J?^72$g>VEEFetK5t9MUTxN
zGFb&eY_`R=*1l>pZxq~(C8DYqlTLVV`3Qr<--Tuu^A~eB&S6;QETVvliO@X7q_X#v
zDEU3x9mR>9N6#6zX^L2(t*JiN8@HT{Bk-1%nN%PBsr;;6K1$;L_jIBozTo2A@DgDR
zuls9s&Hgw1rjgm>HomP!jOhX(2VnuX{(=^o=*zzVyWX}D5-ht=5Ag=IoajG!YCSS4
zluEaM*ED@GSN?jDX_4EV5EZ~P2EMLyqF9OnsCJdKkdFK>-Ufc$6ie=%+io^<(_61g
z39n>6mN`9CW7hQjujS(;YVYVl8@?>6_Hsb^As*s+wwr!7>WLTqppEtM!=JJ$X?2_k
z=NgoNW+D+MKB=SrO`z3y{EN_RLrJ0kGCv-Mn3jl~rP!(SIM@b^4n4_7qoVc~+MNHW
zDD`}$tu`niK!DB-!qhDpVm@%jUu3gEn+xXj2{QVYY7}ze4jmYZHUuQ0u#)3PM0B=R
zpkY2)y^|nbksn^vu(H(~>3>tf9N^3Wy5-$R``i=Mo2q?~(F`f@J&kRB>NVtIWL+!8
ziTR{HcS;}B{7Ti0z(08oy;u&vc+{&KP+A}~uj{q3U3t&8wWoJmC-c7akB$rQRqhwm
z85{2*_Or;2sPBowE@ds~+54L>2;=KHQwxB)S*u5d86!SBq$}}>E;qDbz?59Qz@xcO
zxrtd$#PI&z(Nes*u3aAl{q5<3x?=^@wPeE^HPTp>pZI++xS|zADS*zJeFaiJl_Gj8
zKzEBo<b+dabSEBEre)sTenT`I3cVqk!+uuR^`Sa@(@Zdxw8T~utT{>W{AGU}Ul1fY
zp0|!~&Db1#vbK2+ypW1+|9*z+djrp|l0V;6@n($kx~MbhFw7H>G+y?19=H2$gBs34
z-nj5j{cQHR!2`olOl>amxjZHN0bV|9{w2%ipxJrUcwdbAO<UC)T5Cr)ND+f1tJ*=i
zD!C_AhSQGncygZSF#g;G_r2Y=xQP}UGWwlA<i)6Y`u5~w$eck8`G6owC)g}f@O&=;
zT;=wc_rt^u2|1<1tremlCoLbJdZpO4KiWgOt^svIi5Gt%hx<qIfO0$^+nn6XJ{#?K
zV-gD{^$+es7HiK_@We;q+1mA+^4wbk1<fM0zICTLvaXc$2m}RGh>RAs-iEVo(G72!
zG&YiGhISY;G%A>Z+~f5a65O&L{1G8qi`SJUHcbUD8_i-~rD80#8&}o1xALk!?C36v
zXn)-xxRA&e5#eO1RE!3Ftc7uF@ht?{bjoB5VJ-k7jaGvz6p*XT`gf2h);U7E7RbGk
zYh^ZMOfiU;;)xEaR1B=?Kg^ra+_>4n6$1I%5}7<4f*8-)Fd7TCl|CS&VUPO~4dv$x
zaz`y&I0pmC)g4J}zW@!dRtY0-j3JVDDL#cO<{9Ky0XfYV*XC~=z=ytLUYGDqe<F{}
z?~`XfgjedX28Vk=Y*O>Cj{rvvCf9>6AK9whM9u?Xr`1nNEGZVJIeA<%+L9IgltEzh
zXb6=#YP9gcRSdjya)ZQH3ZO=|w`<KDl>JAELT)A90L0eRat#JY!yW8mB*vaD@;Mvq
zL2f*4P<$RESJH=(KX|{(#*0+fBXeEIl_Pc*ynxUG6?!JobC-^1xQ5kb$G4RGuDdzs
zLZy7TqDdbKvS+fI_Vd7ZSAksrj^b~f)#!yzJE5;vocZ0S6n!!S>V+<@-_S?`ot+SJ
zPmdnT<ZE9HnKQd!>m7nAV2_hrmVXE-jHmld<iWsji$jiU?jLVUG6!tGDEf<CY-x-F
zm9XWZMog=`7BT<o+_g@XG@3|?Q(t}`6g!OvmGA|4x*?~Ee{YS~xdSF_=;bJpY@%im
zs$o^8Heo#A`L)~_ga_h3<86OkyP4;^d^X6kz`uF%CxCs@{B7LiIpH<r^#EDMH+-W=
zx4QVyGrNbgJ?jLHpkIT@M>#D`4gV@_8n*UqUT9LM%fpWm;^5c$)H)TdLcL6Cj6yEj
zC&rKlFe1br<2|Qa=9$Ls;Li(a%>Z9+PUg3isclY*wyYQGmK>h0<Qa<WPH()qtZaK#
zfSyD$iLWb@wEba>aW)y9D2Fzb@oi6{tR|(8w+3sr63>pJdjskdO-n{Wmh*?zBBI5)
zT29BvsdBRq;hU6#AQWZy3U!k_W6}nG8K>Hp4oR(Sgxr3w9R_?Qauz#Ei;`af>hP9#
z=|`3_`)|SSIz&6^WJunF(53|wxM&^=;d(1AM=Ajrmz0IIoxE>NX>KaSP%m-kYhaOt
zzmK0BU}wfaEa=7#(BbQWQE^Dgw*iIo)-EeL8Q1UjU9`J&Ak1wjEy_nCa)QTtQdQ0&
zsL$f4+dnVE2O$e{Ir)CpkW<h(XBV?W69kpBjcF_zAH0UYl0I=N+iiz2PfK=P5qjQY
zyqHo%O5Kvdom;(o+AC9-t@&&*i?3>6vqEfUvl;?STVU3!zbIC933J+{WbLPD^KV6=
zzmobWKKG{IB*+KKX;0G&)tVrT&rRHbmC17iKkUA5zY=Qvu03YZsN>v9u6$JWe^a@(
zaAfa9hupoJaaOd5>Nxox>eClta#Q06?>QQa?OEn_3|ozFu9blT#lTm$4qaT7M;Ijy
zcN%i=;Xiry_w-)IlBv=T`}S;eh4rL6Ciq9Ycf*7XW^DylRYtfxHu|Ai>2KR+=btmT
zgYcJ)8-Z>aYH#3<?H7zg1tK)f96xC-RWB@hYe-hPhnU`dksd>N6w~}04`8rkYgc%#
zRtxXK^0OEk&jLzv164^o=DjM(o@2Zb%~MH1(S8_vA$K7ic*{s^SY#8!{9^|YjT`3b
zz!Id$mwf`TEt6ut<Q@`!4t-j38UE_os+XKsf|nebEPZ<Q5=R}T&mB;Ut)WPyLj~He
zEtyOlKNIe(<l@<Q%>IO6?AAkS(mc6U!|37Gdp7fWr6ukURo;LMkniRl@b2A|_sy`~
z56$nsJE1nPmsm}t!GS3qCo4h~?7Ha1g{mf1eWXDoA0yJZj?x@*Y3{^>HSJ3s@BXjk
zuexnNKIUY#(rj!w{t11FPoTyiv=}v=_Gu^c(QB1yIc{WCV%a-7s-1a1-tVf5LUb${
z;CwBQ*D+8vEPG3gqpNO!V=|Wz7sU7R9m{sZ{cbydi+uT6m)L=H_6IMjbayn}*3Qza
zU*C23pG=ZI9W8-cmSr6vF7>stzxL?jh3_}V+PxY?pMSLlN%6SJz}M%W^zt}Awc~LN
zo7+)P9N4pV`LtiTVRSk=krD*0;zjM71Z(;IP89!4p%qlYZ+A=SF_<E%F3vhzf5I8?
ze~*JqE-v4vaC~xo;Zq>m@prcQ2_aJ2gR0yu7s$(2GPul;mj3oyZ}!?I{(2K90aeeR
zf}yck?_0*qTFeQ!y&&)DB(zlC1^T2|h6H}1^gVmJLA`AOQomrmg@v?t92}os>=sJj
zEOu5`N<Sp=`(14b?>GMGD@bB9x#B)i?n5G>o52GF9_LkyH?MWntu$*EW&vhfcoMb>
z8r?`Zt+h!1h1K=$ZNzPb%%5~`INd0A(fuSW<?J2M8ooU-{J8N}$BKTV+M?_G4gB||
ztz8qpI|5BrjALI>A7`0N{h@`n*Rs*q>@(Y0S7L2SRzw<Py;J6{H4TFL1?PAi!~NFH
zd@z=!nktV>&wRv!qLgd^20;LZKZ23f%k#Q)h1gmH5^g$c+pBK=j6M&72liCRhAv{S
zh)AGfqG!!=iQfvUy+K+c^{;k0_JgB7R`*lE1CKtcKW@nP8$<oQ=9v6${(kQKXo@QU
zl|~tRZRRMBws-oJ+vOnw;|f^ts?IdJ0I+4CCXlLEauk<JJ83&(qN;|fxR>$4UGN*g
zBQCKF%^I%Ro*A}1t^ZJ!MoYggYmCp`*RoR$Hm*OoQPuFE`y{{uT3_yQcvs)+V|8UL
zEm%QtZiEN%41IOkpUOK=j2?8<*g_T3LS%NrGW_R>77e-Ce}de}sa)TOBp-P{DEHuC
zPZYU)M@jhd<>UX@5k<pdK?x1SI8n!8OOA&Ykol3+^m;pUBlH!hdex+pvy;dF$b2cv
zi%-J$Yw)wv;)lYxl+?+{=B=U35XT;d7b)haJ0ttLt>$~EQ4NA_dO<$%kvCxK-1puZ
zTCV6aK{Nt+D1IswW^28ehkW(C^Uam;QhTUWjolmCB(}=fmHl?rL8v+xkE5E#7jua(
zkHNkS^_5Wo-=_l`0N_J1(*xa+^+a;rfF*s|?wB~pqHKFU*~AtSlX&|p^V}BVjW%u{
zq*@%jO0j*4&A_wbW-z=Xf@%o1;8<_!({`01Bq21#XASRY>}(-~86`dBoos75{_>=M
zNaTFI-Ydz!SHD8@HQ(f9|G7qLs#lGmncyhA$1?>kvd%sM>nhRiMmm_UJdOrCM%V{h
zCt*q^6kJnUi2pXQg2Of?E8r9Fe1+GsB9RoA*MFV<xaHj%@6BEUUgz;LoM+Y--Yb9I
zWz?@`7PC)yUGX~4vpW;XQ8)PGwT!cUZKzYLDf;mNHQyaY$6)T2ELaxh3Bh(OBa7c|
z<@ndz?rF<-yYbggB}eT{YI$_rcK~XX1y@>9^r)uC49>2LKct53S?9h03bpc^6-}Jd
zCtam$dm640#QYk#*GDUJ;-y|ISN%2Dvbp=chUdl=q{VV_biso^hW^D_uAJ_^Y$m>6
z*DXwSKWCqc#@}Y%o--1m1y>w%zJOr*O)AsYF4f)lbc3Ge?yM|I2*JOAujwq72u_@w
z)7ngK$|tBh-TQGY@G^WjWxUSoQ({VjvCm<*tU3O_{8SmWXrCY^#Y4CASq3}Tvs#7B
zUA$wOCCVT(K2Ug&lg5u(b4R!3g)xc#>YQtie3OVXH9A`8gLS)_|4iOFN!Qgh=#!RC
zGyK`}J_&%b<%CE-*FG^uurZb>rW%jNO4($sYeOxYCBN;IF&^|1CVIb19cEF|)Xsc&
zT3nH<oJeE!^8$a^AIaozuSmNc`^D=8|2s283an(eUk>|B@JZV4I__v!|2gE@|Fm7T
zyZvQfcJA7t_>+z6BO46PWe(M8dcgX{H`0>_5?KAuPeZ??Z{Nr9ns4cP4-lqh8qz(I
z#2{iq+0R6z#h}$1-HW$uMRp7qd99y5dUGB?YrQ~~xa=4!g$7Jzt}+|zaZGRT*mZfi
z0M}B<68)8W9O)9PhlkMYP4e4MIC**<!v>?OJ!%dv<GAI+;6c8mcX*buJ90BktATed
z<W^e-Jxq|^%oe~fq$QO$_xC=(jpV3*#r7z*3H-Z~{wURW6|2I475#+3>C_oW!xS7;
z>hQkv?nl^=RE_8Qzw#*=<^~|ZGVo<77;eRU54&0D?qv3?JM5@nRFtExYA9GERrR+@
zSmZJI$#<c<Y{0I0F<cI~r}}F{w;)7zPkSjAyWMob$}I!@H#@$u?Y~dQqXkyp*<cM-
zT)cah7=|xZ5|Mc#)oU}Alw6<g;d=`{II?|6Vig1O1nO_hO?9<wInMOYZCsojck`i<
zfQ1+}U2ps4dHcb>s|svJ*v1Dpb4UKGRBHa?w1t)Ns%)LHjX(o5MOv@naD$iO$up$P
zr$X`74S^U(?Qg5RI(FDyt<+%lfG{nuzy?@qm#}h16`R?*f)*%eslc9;Y|DE}#Mo?U
zb&CWc?}*k+ComctZT}<Hn-GaoIdpBcmoQrN0M>I4%A2&Wve1_OI)fs-%76GP`w%Nq
z_Ee*9+*gCmG-#4RU|?UX9is#S9PEe4={A*lXcuvTnk0|h5tiGx{#M~ea#MEQ7FlVT
z3theicwXxO;14o%*}GcXxShuEK%o4@oiy;2TJl`YG`o0GIGlD4<dG+GQd4Az+J!dy
zaxWo@2&$p>6$bF|6jEH(&(}smI<Nf8Iz%fBUU8x)aAE&(Af^%cUA2>i%I;*kFh@HI
zu|c`hy<36^vdJ8NUug@-YnvarjP9A=5ooD0+D_F%Q>SF@CiAw|VtP0x-Y9Gu=#SB^
zQYvfjflq6WU7p1xNCzOBPWjrS^FPl1;;9nBh-Vq!>$Pd-({s1+You?h&!sJPtv`n#
zFs=hMBVB3*rQ~lUl~H?>B`z!@SfFnf)GJlp+#z#lr)>5ZBNLh63Hq}8{TW_4{E(?j
zt>Q0dfhbj~8&Qt<_{6(l?mlM!r?brX4ljQAk*n&#!{EzRY`})yh4!gg=yUBfY#|M=
z>y2FSfILh~4sz0_3d(;rS@<qDAf_Z)O&gXstD?D%aqXbHP|Q<ZaMy2S`@jI1y~0*;
zi&!k^oZ|D}m>e~V8h3c?$pc-`VMEP2J*m<#7cQbiuT1XO%708KI~57~zTGYyes`<A
zLihy&eWSt8l?!?6$wK?IrrdV&_Ofq-+*ub<Fg77oE7VFp-KWC`A+wUmEFKAhe~TR;
zc2x4<=ZbS<zqhDV+iO2B)`u9s>{|SJkz(JdIUNBID~zSY_VJ}@X7!pUck^4O*0PE<
zTmo|ebl>}0R=37xJNt9}3BF04t%|LgjYi|*lN{Udjyr*C1Rq`3VS1nwE=g?iKGa51
zqj(sT9oe3fe*z=?&{i{C6<8_Zoy*}oPQSqE4rDumnSgQ#MPm9xe84|Ey#htuAQ9RJ
zc`X6rY@&Ckswl7hz6XcBPKd{cA&aShbzk|A68>U$|E`6q70m>yv&8?D+K}rm4m&#V
z*X?aapkXbo9047YCoqAV61Qw>SuJ2dXtQcZx2MugEZA@T4!4d3hISqjNVCHwUVJRw
z$3XWhvj4=N2F$m*W*1%v7wH*QD)LeUk%QHC@Lxr`5JVn_Yw8KhpPxFcbzVy7=HAdd
z$=F~&Te<0B9I}eYp#j=55my5O3rO8_ZP;}yY%OE|z{9^sUT$7@0sS*|cW4&~W2AH~
z^6SRC`bjS(w#3;3TnZ+WT@EACnT%)N^mIzC>tl0Z7yozpnKw<Hl}`gqI;Bhw(2>*M
zHkmprBZW)4SR<#iV0B@e;Gw*JEk_Uq{>+@IQwEraMs-DB4emmD9NdtWZn6yHYxua0
zNCD0kHa;&gc{1UdvaU6xT_fP3f`pl2AHCZBcj6Icn4RUCuNv71dGhLa$0sDjBR?al
z@wfe4`Pxlc;(1cz)e_G6l4mwGh|J|KJIKg$^(0%L9lIy4lBc~BHHz{3sK~G_@Q}zH
z<lSM8Nfu>13KZPry#H-EQidZf`yh1Ig%z%Vi$;vU%PtQIQ!WtCShKNAir(~Of7i@n
z?Lt9g_1#4ZFxEe+trfeK{BPo`OEAg%{tzy>VWX%z*FVM?#q!J$r)hhH%S_?#4?O%=
z=t{x4egCjI_Bv;Im4o3@zhUM23h1}?e6poHe8^RM7#7Uho2k%uz3%;MGn+ADgC;Sk
zVBO6qd#@v;!`mb0X8wzBSKN|rY4HhN(eA}YR3GHnsm{w7m-7*HB&>g95~Et2AyDeB
zgrvHx8vDv2GJI@DOw-=TN*kufZNWtMwlZhRuIT!KuVCioN<h|qR1MSy;Of89!kfO)
zicS_7+m@9=XK^vX3nlv~o#w&(L$~ye?)zL{ju_688xkot>adyLB3&9xA`Zeo;`cOG
zzap6&?8by$XsQKRPuu%!*w-F8%mKE}PwC#Gs1QwyGJNoJs>P8z;n(-R3~b;RnHbBw
z?$GP+=i@^g33rFu30wV{+pDi@x<(a}Y%6NkwSP!~rNd??Cx^pYck70N3Q~XC*XMFh
zt|!>s&?x;Gi<8*-uq#>8QD@uvC4y$;%2pQGL@33QjB!`p={F6nT!3QvM0vfy?;$Tt
z%z<kTpBortVLFt4Kmv%#lZr%CZwwe3bnNwI{XO+pUXiqIiSlI%sCm;y)bz1F6)~<)
zq`#kZp>Fp;n8g-(UicF)aJ>OFl*M-3Sq0w4o7msiB{3b(Wfcgpnw$<r>?V2OsP?iy
zv^B_Kh@UM;4p4fjRvE!+i1@DQd(Ewtcm9bkZ*v1v+vCG#PhfI#Q(KOZmu|P{&Hoa~
zck<O<dFF2WTvbL_0)pPk<hPYim#2}h?^)<lXMT)~+{0G$DF4YkfuU;DH7v^;)?9N{
zqU0G6(RG0*C6C>_aDl3(2Loj-4J8JblkIuuN9uLHknGXc;_pdv@jh-Q1$R3@eK>Ch
z&;UBu&8<Q<#ZtQ?cP+BEL9;nGJxbyb+1Q}E*K2=ee&kGN@?B5TyfwMFGA(#*q@m$a
zTCh1+m}GT){Cm@;Ff^}TparLTQ;`AOEo)O#6L-C1<kiD3Ou4x{#%>0)Sa1GzmK4mj
z>A9@X+;PFWvu~9NQLct#dqgHw&l}roAFuV`otS+Fr?o(~c7lKo_s<WZP1emzp_MW1
zoho(5dMg-<G4mSi8=nump}F7bKaSyOOj1&EX>k`WutYm)f2nO&-H6%5x>QN{T7>Ev
zTBKPqBPp+C^T+eDV&4A2pS1>IPH6!zE4?gRpV@3PFWlKw6#~!9h1v+RnJ^xGy*}?Y
z+<0icRl|>gCNEGAbd(sr)8ZGX7l(0l(=2myt(k_uy(ff^-1$A2aIp{+0ha7E*L9q+
zug|(rmvegVsDn{epo*$$vpsrj5Z^c{qxZGtVm}bNJC4lt8J^dci&tLuVZ-;EXr&$o
zHLv{es#&=+vCscL3>Yn%Y+frZlW*(Y;%e%jIcN48gPHES^x4)8`pU~NUaYDU6B?X+
zqTdcekQonC6jwB{9Br{Xq6eP%D+(S%3OH1d)2qdqtE%*ZK{Rys4KFG2n>@{ecXL9g
zTyIn>X5+$fupTdVH(&yp`ir3O(x>cDS__T9eIw?&Wnvz|$5oNZm)~h|#f4~t4qh)B
zjxJM^cEXspdJF*r?ct9B!A{^P|7e%zC9@yg@uJOz6y?4dG2$1gF&C9Vrvk^$;Q|4M
zVeYs;y*mV59-}hJ(Tvy7Unr^R@+GL~_V~z<&;fi#ZfKb}z+@)!e!aJu!Wxg`v(lWE
zV!sIr<VK_(zvV)5zg*OoYf|Q-7tZhFJF#kX{1NF@eppVXjFu}bMpoYykLmdOpze}S
z{$mz8pD@uSQM4A9g!C_>hhfJT&*arl++Q#A1M#h{Hg}Hf^zLH=j$GRO$d4BA*Xda8
zm#fVM6hIumY79^nQxTWeif;@Oe{H9*I<2`_oGY2}Cu|O#>D_XH^^_>uKNwOJiwTza
zV(D=uxQV4ONS(#HCPl?;7KVkk6&S@YgzS7lC!KEo5rG8fjiYRVR)b{+>roa9f4d0l
zMuTBr#5FeNdbB}gwvfo&JHYD)p6Jk7a2+WJV<njWPs`WjHh@MoNN}qUyA^zdJ&Tn5
zJs_5EbFr<toW9U)=47titaADKDo%fGJDOZr9`-G)Z&kkO#?AGoXWYHmxjK|`2vH|<
zJEE2+KzH<H4?d(~Z(pm_;L;9UCIBK$!L@yRC$HFH=NvM-VMNZ1yEd}=0<6GG@56;A
zV;wbpYJpc)N;He5IG2!Gsx+cLwe^aq9S8NwUS@AU=~y+SJOnAR=jsyQIxU5}F5A?X
z<hBW>CvRwY$xXH@Pi*Wd1<)f{s;;T$F<5ZOw8wrU8-dv9hU%4$tB2n4YpqY~3MHx-
z>c5L&=_?O>V{j&jNKs2kKP~!3;vwQ0G8lFqMDA07oox|WsIE_ta~^qLLW#MHZ_b`L
zfF<XkC~@t0>fL#5S!NFw$@%g%G1)DiKWCB?G2RnDe5P*H5T~{XT#a<Fr6;dns0&09
zojnf&2hdHS{2anIVb2_#B--vee35ATxbf2Ew_fJOr*obqgG{O}MT5+|z#?hZGGCPm
za|Yvk<I_yp9z|YE8O}vsY#HuF?3xC6X~8X4dY|5S?2VJ^!PgCykTX*8)yPDoH!}S2
zkuB-wE3SQDc3wtruS>x&6Hecg&utrR<!pv|>~}Wj_g$!*;w-yVML2=A6oLG2x_Q~h
z#ZSa4hY2!(kN?!+J|8Htw7nXm%t+vmJj*hOEDg`)5}JWj>J!Q3NUDg>usW){9FB=U
zc+P>ILiJd6r)2h%Owe@mNtY<!x}Cot{gNkQ>$QwPWM=EUND&<Fmd|PwO+M~Of!lD@
zAhi95zc!7+v>f8lM(~hX@kG^Ryiv)_WVVxk--VajKZMGUQKn!jZf;{f7(|&rH;BSk
zfA-9bJk)u%*`a3J>9uiGZ{(kM42Bez#*QkGybsLw<$s4i;>CQak05iK$P=6B6l+3j
z2Rh96-wEv|PF}$=q*LF7-l5M4(XVE*YPe9vqU!Sdd&ISM{<;&srel3AUWSZ&fVfm2
zE;<_1ESKRs!>{s-g0bjF{kgeN!engaaJ&GbaC<Nt!mSPL8Dzo>wZIQ1uKFh)sdR4p
z<F>L>EnxkI7{==GR4p)ILXg*BD}-i1w0G>5h@57e%s<YWV+mtge`_}Lx$X@2sNV=M
zd<V&4B?!Cgc7W<m!(6b|Ef-oNFbZjcH&y{#;^q|tY6E6$7FkID1AF?`rkmgziqTlZ
ze`7WLa{XC`z*;gRmgOW*iP&1V>ej(Q$#?pi&*pvEs<lChR!?#yb~q-csQ9}~wQQa2
z+4Jt+Kc%P@NHgZ{@9;kGsreih2xsfhOp4NeYX|-3E4WK*`9;fVS;0Q<&SqZxXWp?>
zVAbAG-TpP-bB{GHOqQ^!!UPO0j?LZlwqN|!Y}0z!2oAZGGHvILm*;_2zRUq0$$z#B
zP43FmX7&)~)7#Q|32_jp3Y%++QJ=lzT3)1(LT%aIEL^9F6?-?08>lb}+4>CGXu#60
zlG=~OWO0v*6W%z;N_aC_4LsJDS!4re!<-$ScqLe|!dQj%1JjvhR%%3oBD_Uo6oOiR
zHP`ZvN|iyXMCzx4!%oAV9Xya-`6ouDJ~)l*EQk9~qcOQo$~sgFAGHBy#2`H>uyGeK
z#AKiDsP#h6Z}0rU#HFl&1mlk5W?J7Op%bN*OACMJ4;0dKIVZ62(WP6jXVq9$<^Ll+
zDhqW|nlsD3U;P+UM$h!<{^;t=-Oc;Oq((<y-&MFSX7O*hqoQN|pZ@b7626VSh2S?p
zBOUq3jrAA9CzK8d6l2#lOwt_n&pX`kAMqav8S&3K%`wJ3KyM7{*lk6@ziE8ly==Ie
z1+o>%_-j_k&fPSHxzXT2v#tIB>QMXZi`Xcf194e<Bcfg7x4mv|Lsm>dX88CvG-CQQ
zfKpIWD|HIFwVDWSjMp*_49ve30#*$1oifo_RVm858IbAa)6t$Mqw&PfauHRT5ojOp
zT6sC!_4x`W*a@NS%||$X3;bzf#|5=QonNg|F(qTrJr^rPGXJ__<f4;K9$(Bfx*oI@
zcA~{aI{0L}V=FSa)E5-&yY(pM*GdxI^8?Y0-*pV;##8|^GDepz@9uh^M1==^$geT~
zfmx^>%)}HdwWEaUeV!~)Xe>j3CDN2QqU#TKP3lRw>?%d{K=JRR#fmU_D21hsOJcR|
ztRtg*=bdyD>3oO=!Ol)>b?r8LNXt$~J8!?xcd=F3xv-Gp6x1mvfRwT-ykxjosu%)7
z&Ly9bYD3G>9k7uxWHep7Z!!2#?d@MVk@+F;quhmHho2x*xBGX?@Ha=ljrios(d(I^
zQOw66d8F*37W6qh%<gvALe%lUH<hDE(x-VDf>YpzKi_O_?xe_5ZD$T=yd!CX(00b_
zAycM4X7Qo9Fo5rHf-(}_Vilm8rxNZFJd^YOMbUys12)9w=t&r0PjH*Y2+GgIIc`jn
zj}C?}c{6|8YwpUG-w%EAS~4FydX@K>4ChrZ@&4Q6bk>T(c)t*hZo@A3iO;??{3ovZ
zcs2O6pDIQ)IGa9Y8T3`@mcJnwd>I?<6<mip6`ssq^Z(PAQ8?qKq~%9~@+$_Hkf!0^
z@u<hxz$Ce&qAC<mNb1=$=F`6@yrT$Y11C`-H<cU|(Y#v@w~|^A2W?6iBUR2G(0WEj
z=Z-Zr)Z9?u=ElcCcjkPjXu7^GuG~8o6Kf@Z0tEhg+3u!qKJs@H4XF4T&IeE5hFI2U
ziad^_2>5wg;pFW+qe5C{!Q8HZ*iSOboLeshXSN#NjvoDzENV>Cu7S^Ll#CWO9Z-oS
zrQvyQO-z{jhm9>6JikJ*mhjowuYI+$Um7uAf@A|f`{;IfV*dM!IUnNci|M&ku8H#X
zyT{kM`xQ4h5q$kayI(*1i=B^Oyw|K9J8+9A$UaJLxvv!YiFlA@yEEB+U(qW;(JZy+
zPhf?UuDG+SD9%k=iXhn(<iE}mlVvt#DRkN_yyBK^n5pKOTP>dPXK`+w%9>&sn3Hd-
zM>!BP7a<f+E$E8VQWETBV%CY)cN0fjrhD;1pV_RON{h}p`)BH!u7l{2ZY?b})OGy!
zl|RAJ(={E;SDLIv51!aBS+0zKL-J7w>-R)B!ChJMt?8dZ)6h=J0dMQmDx?TNNs2lA
z_$I(cj~qVh7^edpzZz9=;pkR8WyjhV2}}(?<Rvi6W7rCVq)!`co~WZnMVjW}_g_dm
zon1}T0H<HFoFeHaro3Q$AS&HVx?83SH=S`#b4d$zRZ7xKi>JhBSpSjN4R<iOn6Ta#
z;2_ZB817qIBR@aFcg}~={V={KgmN8B1P0j_-AyqKi!m>dWy8&dEl(yY*UPJSW>dyH
zGCKGk&oY4xffcdd@Srj4#xt$k2pVR?;vMj$VIy~;*fg`o%wy+HOto+zzyHqYp-kPK
zX5$2^`_n9+l+0*F^ZV*%#;>o+i;(%9uPyFc(gSudHd^M*W+s>lg1m3((Iw>BNCrrD
z53%qn;$+;j6LT8bB<u0|&m*)dh%Hzo9(b@P_~$hYsxyZY&yH6i#hr$yJg``C8}xVz
zSYnk_ka&$<6O))aWrI3^>!wFB-;~eH?1T@qN+33u+WxX41?A;~<lwh?t7=8Ih=u@E
z8OBburY)q>-dNJTN+&F0m&D0f#Z*SPCUDN;LbXL~BBL>KQWQR_-zMG>cgzEubi}=V
z{8WP~B0nLy+lb0V_Qf9w2NUORl-d`FdZD&@(Ki=>L#)eO2pT6fO&>stF&%Yvcw%;D
z-FC@~&BD0|%Q`dvqgJiR3XslbRp~1u#HdP6!$>qo{<97{)*65uh+cCWY1giF5|_wo
zHG~?3)*IT(fWBOeL^0VrOvYq4{)@p{aiV<+rb!LT3|Qu%c2m5CgX~yXVd4-rK(Rvp
z<U_MiqfMjYL}=PbVr5bE?KZzL7s?#8x8mMZ^m=9|1!<>Ci_}hkwRnQnLtPw<OTqU=
zBALk=J^}W{*{q|JoP%UC8;FJLY)-PiZq|X$(bTm~sSAWAE?bl4>N4tk9j{azV(jY>
z%(>JNpgOEDmK+l{@Ss!bVc+?;6eE5=@oi_rw8uNOSI3AgzmgjEM@=+kbSy*tXaYwb
z;dy^EVax$rU&i(c(1(`CZpF0giEyXR`N(8`wB9^lXeZCtly&S7O2Hnv<A#@t8)thZ
zN;rcwjJ8{XlSSIMz|?Pmiybbyn2ASzCsy%C-X(<jBL!QwuwS$Am+%_)_6Om|hb=oR
zC!;1oaQ<aVCS%J4ivY$?6%S1y_&yeMZn|`89oL|=l>cO<%`ic2f^Id$LtPj}`CU5L
z>tB4hw2>bk1t!GIY*b+AwOn}DHt-8eJO9r<>p9-R0sTYBHRoumM=s%RKF0u!7eI<Y
zukR+J)hm?SOygv~$$g^kJr3vb^tyXyA$6l_1yu=%C(U`OSQ{&=3zmO>sK(g#?v=FG
z`<ey8{p*K<shE~?_LmU*ip%q!gTWcX_7j+WEv+3luaMXGY!FJg)Al7VN@72-=8#<3
zsRpxMZTTAl!7Uks^;U!18puBuV}DsP*qoiKB($i0QY+@$$5UVX(ec5euWAmoh3Y&>
zc$84J-$5K_SBW5vLvs#RvqeoJRd60OeIISJxJ7-njGP|D@3#W$)+_SkU$4!O;lJ{!
zPIZeN0Z|~I&|(UDO6$`;K^0(Qg52=AS7TDe(M<0cv4B;*X}obY;0abqKLPIiuREMC
z9Q0pR&FHxP7=|LYz&6vjNoGyWzXaaXVsj=8x)%oyqzuBO+i5iBlgZ*A%!^QOq6PYd
zo~sU6cjLQ)@oNT2dy@dC66nW}SoKk;Fz7*YJo#$wh8hRrKvEAP>hm_o{w(_xq46^N
z7o|-WBc*{@R@;I^F3qpyKp8<5W}gqV-VD0gXai0!sy~L)erJqM>`rB-w`@}G0Z0jF
z2en293Mcco5ga_Al)mifp(9MZV$O0q$MKRh<W=K%a8AoJwNpXrjRTF&5D53uA^tKE
zhv@Z#Jka%h9HQTd(`W`Y``BpfQD;8jT{b{9OI4d!L$$H5M;Z5g!c13N7Bb8*lIsS<
z=d>*gR@&|DLth(hWAFh*b<brHyMYgG6K#{Cw%RR625ne@xQeg5d;XoWZM|GpRqdZ*
zuf~?+^%uHAoms+%{u;ehSQkK;Za3rmbSP&e%Dv@`{fV)hwA>u&dXCYjG6JfWG34p*
ziSI(D^sNOc&n{Ey)X$uBj$*AMhMs|OgE#zx#zy5f{8y)&H;{o68u<YpjP@@5qjJUS
z9e7Uzgg&V!q~*&z4gZrK)IiyWm-@e#ksP9J^ero)ZgwzjX|hs@&XPGjVDt}&O$yz%
z&Rjtw^`_ns-#RQ502NY>&c7ho^}6lXz09-@x<qltlDr+Z_?tC|%Lz=0!@Om?$!T>c
z?P%6_<M3+ykmgu3_LTUZqngtSv4kR&&kC2ewqd{B#IWvh7Pddm072_l;mnOhO0U*m
zJBJVn@AFnC*xrLg=0PS4?>`%Yy4qyw3f#Ac(AJz^Ic{MUAO*@KZzY7JGkLuSAGEE~
zabaoq%vbIx>p`wp0Qcg3u?qQPCTy7P4$D6EooltPLCQ>W<2Bwnb6%~9MStl(%-_w*
zckP_=^1gY`YL1;ftb(tU(MD9i|Go1w&wR;4WUp^AJsHvW&?C{%3-;s|yiM4ni8&}R
zB>Ihfv3)<PPf?h0=G;(emHZmG5fy<zWc19$D5cIEaXHzza#L)!tvu!?|8ooze2uy~
zW|3%u$bZJ(_WjA`DMfzl8kZ0$h!0luW(DFPdJprhZl|l$sJF5HkYs-wuT;zxJaB%M
zQ7EXnnHuSxXiO<OSKr%5sSC?)(+)_IlY3MRcowD{A<4G(Pl1=H#e*UST!}t=FEp{8
z5(KHPdF}SN@6j@+*g|qZeg*_`R5SRdWE$yq!kvlSPd#DmjU`a*v5Cny_bd`lWr3it
z%ox?><c@uv&}jy&h+i2WlE!&9!A0H?oO|$T92ykujgLCYiKs5)qG+17zFSN9`e<DA
z1t37WqjSR=Eqn5kg|_P!<xAEbx9C058mt8qDVbc;)N36WV=LKv7`NUIvV?<pC!)Ly
z9bwKGzi1<F3y+v)8f@CUER;Qce17vgfEzMj*6@HszAh;nl4bD(L_4ILik)ONi<($n
zf_?RS24os!v$(gb){c43RL$`%GeRla<kn_YibZmxo{kyr8CUhCS;(Wl$3>V%CMe_X
z%o^%Kb?D#wydNXX6G@zPk!+FXNkV-e6dbOt^nw>lo>ij)&i3|!FQ@JEfvT_xKPS>!
zV&%aR&QfM|YaR-EDVvX=ct)rsnJq%*AEHzd8#uM|+JueX6CvgdYHJ-OjT%iop&wnD
zs?Po*DDP5d$gOpVixDbd-)ebLSnp`!vH6ASHGe1Y^o5YKGf#R{2z?wK8OThEEJf5R
zPgw#sSsw<++k$1Mr%`LYXGTQ+6+B<>*#LvZX>=XpUF3AQ*t*O!dzQ{-@Ed!37ejXN
zo9b*&2MG5JLp6!r3EaelrTn(C&wZ4KKs@S<LEf7|-GJ4}OF*F|W)AqB#ly3M572;?
zIz(K=^p5I`r2tGAPM;KKb$AOHtRm*)*iz?<j!4Xg$vHUD2d3GcX3;MJODTs!FF1H`
z(`O{$FD<~mkB#r8z8)K9U9fm&-*(@AuqYP6psE*sh!@o~;qGm#WSmiWQ(dL+P|Ur(
z=+Ri)%xFxVK-9LSW>8A~WOmpxj!Wxm^&?y$9@WxoFOCTEiGk^76;fvQmRX$_5y~^u
z-VQzXrgoO41yu|SxP9!lC)idcQu2s?7CM46+@rcm&OyMQt{dX|Mvx}82|j+cW!c;I
zjwW=7ryq@&Ee_J_YU?A?!7kO(c%*qq-!|-~gUbI-;IN`ten~#$EbwAks41%D!2G+q
z5d1!UU*jkWxGe1i=43E->OB)=vFL7WE<Jk}9&_^M<TyR4QQx&X`?>?Cgp8<_7VNgL
z1yl8io+V>-2GI$~`i{hA#jZ35==>fS;7n>_#GX6J`Jp?n6%18z91@%y)<w{Bf#!_3
zysjKq_bR>Sp%Y?WS3qRZzB7@=P-NU|2cOQOW5W|;M%YMq-Yop`#syL-&wIYN;Dwir
z^NcdD)Ls&fKhOkgKngZi;lZ${1e@^W6hxC<KYvt$a@X0@`NJ$A`mhkOMg3dD(H1rp
zxX<*AZ$ludVfvI-V0?JgJ+d>x9cI-|NzI6E3;>gu2U&QVI!;O9o$n$ZW5i^5+@=FN
z-I$YWLp*v0F@VcQ1{Xl_gMEWW*g|2$K?C%go3hRP&!>RC4@>fIPc-?t*$&CaA|4R<
zPN_PC4<;SJnS2&=&vX;@QC7_T(<HtF)P>ymi1Me{f27FDk!Xcnsg#U3W$5E_FDLb9
zG;bzb-c30kbq_)~%H25LTY(zY%+wgOFKR_pcFGrKv``(M<w{@RN0uG)BgS7kXmi_2
zz^-yH&~J&(Bg{K7n32O7ur;8iGM{Qw%Vfbd^nM+9mLZ!tUT<4wXy-{3lLogvONKZ!
zlxGic$pnWczu9>qaZkh)Unfj*y;(DG`<9T^T7c8SDr42R+G)-|vaG89na7}P#51*t
z3CvN0$x&GPXd9+|<mYZpC!lr7gY+f8X&ka!fjA9YK-mPfZH(-#&mo-NMpMkMAyk37
zc~2G~LASPu+fqLEq2PdkcEzAirrOEO1@c%60>@vo>UZy2TwcD5ir&aS7T+n|plsWg
zb5=bC&Rz4Ie>?XZ!+O-E1qlL-L+xDDEwv1a%`6EESRMQ8dksokyIWU3Bg$G@5keb2
za%m6FXQf{OIFUgUSwnEi5WMt;^sJNon-K{ujI{@35?E1t^J>1S@=JDLrqP}yxob3N
zGLO2OZn|4w{%5z~nO3lF-T~kANg&Y5qtfk4w#`fB<5Gn&wf1GVX>!7QmmCeJ&+NFx
zvJ&w0Ymn_)etcMf@okrTxk9yR9d$Xd*+qDnm`-AN$@{M-dJ3j8Q<*jQRZn&ket<{V
z(Fox2kCX324aC5Ei?6*%m*ljDNp-pZG)DDa2^^H(U)k-m=%)yZG@q&bhmmFszq-DU
znb2yPx42(fynNrS>LntmzxppUwhtUcdlNlFXn!fH9&QTVq!o-B?mok0E&5h5hd(fb
zcKIk`-1be@ZWm~|I)F;4NV<FAD(!9g>doFCDb{RRYiz$&Zvd8TuK)Qc>u~E`<k^h)
zpX(7r%TZyo<42GMR<}^9#eoFNh0>-+&Fqvlm`H{(X5^Ye)^`)O4yLj&pYae6hIVRK
zQ)}FF{m5&=<6RdYhfklK9FI5Wl+V|%Y6^T7DP_`37CQUs`XbM*{w|TsmiPHqs0^?q
zb;06u<8P<1sc-Dx{;R#>|73^Eyd`T$3rc9YoiUTtXpyZfLSyxqPg&m+ZseKcH>jWZ
zD^g0l-z2J$GJW?;4^FgyAg^@pmoo25#z7`t@W%UiX}|n)zGfSJ189!#L)@XW@2jh8
z!wpbjxrW9gy9zsjF%d+w9s2PS6IT0K11FJWPwy<abg$MX<PuBX-^&w|6}*+Sv%=v(
zXCt~thL4>7n!oBQ?|a?!vHI#>Vw4%uz>3j(NAFDodo}O31F#7YA}VTi@JGwLG^4y5
z|Gu#2gBTUEhd=#?T9KUB_7OaFBfzdVC5J*UW50SY=}P1vCP7Po%8#v9d;}Js$~GlN
zzF=ScJz1@o9cc;X%=$|er<f_7L|<{p?L2aG7zjw7@cV96bzbJ0Rpw_k|28QzWbZdl
znL~qKmA7Ja<CMYkosKy<1|ejFrD67-wg^INse-Lns%l)L`%_&J+Ig!d5HlIo{1L=Y
zo$$N~mbRS7{QiNV$Ej2aZ+?0cgc3kkJ5nF_Dwf_Zq%lwCb2>9%Su!fS-hFu)GL9Ht
z0We~beGcriL<OkQ{QNq#kAe~NTJH#xj}H+3Amid^<_(DJJ@TU`_#Ma`ho$2*A5s*&
zM33^t9fAM655Jo{O{1xbTzG!jU|E(K=>IG4Fs-&`X;{09NbVv5-VbDY_!zHUXUss>
z^?5w~ZMG8=AVTxApS?v_0Lycpop<@($d&32E--nV|IJAk{!97NR8;ffy2y!c?H&hy
zdi+p+DXQ~JAO*^871*#ZMBiahd=u3vm7VCc#}A8htz#?x5h{Tz9~i6~_s=yoqf+m>
z3w>|W%J~t_WKX+QQ#W@?`Fio}j=t){Yp`lJJ?qv4W8#iM+K-y=DcYn5U*{wcn#h9E
z2j$d1y${kc!$s=CA9D)%Liy+F2U=fo{PP<?LJd0jt~GfGO%c90wdh7CBseFhDNYpU
z+2#}vERiss8n%&7RuVEk)UpR$2=YT?#!U*08{;Iv*}qU<`QL(EMVY|08lAgw!LH%O
zlq~QB^;BDnaWD(4PUr2)KR2%s>?4StVN+_svIrvGzxh<WVBW%Ohy7aTD=+$vGp|+G
zQN)|;zVrqCDQ06nVmfQHjb06ESjQeSdZEUj<qNZ_!kZ0Rc3*L0M|TCjg?sgA+ttlN
zxfP}-QfC;gV<>omN-}dGo!}7eENWIw{3qV29{Jd*cz)M!+6qMX>oeOVQ|SLOql-U+
zd)7al{_}65JOWIxr$91n?Z+QvjYB&5-Mt=$-BtO$3PfG&4udD1c`P!*Pz1jjvkE&Y
z9sGh?r*_bK*ZwO_(ImNk!Fl-^U_&vbS@gZdyBk4y!#Gj8uR;-!=}<w81zYI6(dHHf
z;W)y4tzl1SlWxW`6^5xe6W#a&3IE(~y<Ll7uvy)y#kY84-KYtV<_WToZ4+)Kr!prT
ze<5=wr+vNpY0l&&V5?K{c@D}<Y!j|St8ZuqtJ}@1>RRka&M5pJMdumM_S?nb+O64A
zyH-_Et9H#$Eu}?KdvA(r?H#J6YQ)~NsM?zn5&rhxdqi!55F;d#JbB*alNWjU%kMtt
z+~0Fu<s<<;5$bE$uH|r!ikZ+mCVLU%zPifyZ#bl++nLqo-&7c)C^uLs*nMlsc9mY(
z{Lp}r3b)ln=fQ<>JC9a8NMAQ!MsW*4I-@bf?7L(T-i(A;w9T?ACm$*HZQf<~s?u?!
zBIiBizD65xuc{OAE>lm&S-tPEIf4B~7kCp*zL@zgU)*Q_-f*>r^DJl4rPHwfJirPD
ze&hoDCcwlrNKLYP{58R=l85w6J!q3}sf^c3#<%GoIMbRL0-GF37p2Ghc`)K3<J4Tu
zkr<oB3=N7!Dhbnm%xMgrmW;yS{w4ydnvYn#v$FHv%I#606rlB`)m8D8I5B0CO!_z9
z$H!aM)<-Uc)<yG*T@V1nDIM`H_gDxdEjgy%sKtzm@_0Xz;HTZUB~v^Jm&{twdEB^h
zA0!dRJums>y!v&5Lq4;{QxK3MYYld2Yk5mOVD$TD1!~~OmG1NCdq?gCrym{EoM&q4
zA(eg7EAGDkxH-;gzhk`|=)j4spm)EER+FhVA@?q-WnbnePxTljC1?ms^nQB8SkLb2
zuLB*9JDDJ0SGK@PRWSj85!usUCeJ+clUj{?<+b|n==uB50T~9ccAW&qhiz_qQ6@ln
z&>d15-Fyyy`Ie)pz{4lDO_Gvfuh-2OfL!|WjxIP7DW~}h^G6R=O&?J#>T4-}p2Jys
z^p}&fpnHtz<6eCG9Zkh`^8JR!AQQSN2xIBU`b&`5D^!;&PK?45nBLy+4gHhi-+XzS
zye$){j0)gEiMOqOnxx?r+g_J#TNR%ScD}5;Gvzrwa>=?qt~gpuJwflapd;FP=i-L{
zZX4B(myoJ#(AUJ^>1{7_RqM>^lYeb=4aLSQLZt1_CLy{$1tOEp3y<w@RQHth27{d=
zsuitpJyW>CV9@?os?ojN_JNiU&@|#n=P+nA?ClpoQ3`lSpq1W7c@mqnf6_7tSru+&
zycpJ0y8RRvoT77b`5PHo!{XDl>s32FWypHauac3^i@xk2n+{X*emalQYqvi-xW+n9
z8s381xpvn*BW`hDzRxM2B}49o!G@Ho5@519TnNRh$KZ353Il*c+-+gB(kprQ0#A8n
zpXxa-YI^L8{YIVRe+ZU#MB`-b%*@PM*{G*&2oYADlf<L*A1+&$y7CjYPToJtv;5z$
zcwGhNoJ#b=N%?kiuh>ueD6dt-pRM`t?ce~BH;CWZ&+=-PGO(#!H2)CmN1uGo$kC_{
zPNUa*Uq|wWLR7rMSo6xxq48+bZ)Xc4X|65)T*;55jVAw2k_M7FU(}J6YzfkHX#0I=
z>D@<Yzj1FcEJ$V=_7Hn!jDEn$=Nm`|&P4CB2htAjP>y_sQcnj_A-#SEEn0r4DI?%8
zTaYOC*zdSB6CuGmI_qqukxTlJG*alBuVBA{7&`0JgfqzB=sa~t#le=ibnm^Kty~3J
z)m@pvM<x;Vc`(C#=d0HOaq;4>ow%xBE~ryE1b!QM&@iMJqGu}@)}54zH@>V>WMgj`
zjYUv7Cj6=hdXeWrVYC#nw;a);J0V}zG`5!R)tEQK)OR`t7%rZ*7C1Tt@9NM)yM07U
ztn|Dg&Z>J}FfmR~T4bd$>a;a^jcRXsw!WQ0Y&VAeSk!n19Y2s0S(PgNa$Yr<e+0v^
z*vgEmqnW+(9IYQTdoymBT?JSf`pDdH$WsY@H@J)=M1Nb4qN}#w1~0CB=%*pz<U`ju
z2N1CssAE^>(rVAA-)$d<EXFt&ZJJkHMD&T#?PC?XjhMe}P72O3<Ku1mp6Bnav^O}2
zJW0-;9wNQQ>K*#`fRoI#7pIuVC#}1Si^|!bZaW?j<i&t*ht7MC@~Yd#KUN-A8TpE&
zTv{$h%Gy~JUj@F`FN>-NTgZ5EiLKyWqK?$Jx2lhAUu$p|P`RI*zOa9;S1|R}ba>iy
zIIS^t+Vm%U)Ku%A@DAIpyj!~0iSUkB{$Ka>hEM6q6XnA%MDH4p>yOLOGkRNKy>Enf
zLUbTeTYIlme~4z5R^^vgfgabu#`Q(FU#VE4K5H(F>5unt#ZPruE+DOIV6P(Va0vRE
z0C7C<9v;uyap%4d(I2tw(hr+}R0^c-YHAlgN?_spt+Db1%Z}Lyo{p!cx>3I-TRis#
zu-|3#@$8(04yh@-vtWi7Wpl@O3((8_Ah}xR=FGh>p93!jf~;PbXz|q2{`gA@^f@~+
zI`5sch|(2tRA#pNZ%MT?6CaornnL$<e8=Y|H^GGY%lu2LTH~S)jVGVa-b;z|M8IPx
zzbN%k9TV^MS;XttfZh1;Jv)ZJzGHhpt3kKM4?6^w_FmPWdAAQA3|aAF1*O8<6@ScX
zf8wmh@ncw+#1w#QUoVuaHJD=wbiR3XKDlU2k;PkWqTq#DcFO`Vjk|m~_(~1PwULZ$
z`VktZJXjI%C%P>_G0+?<Y!5R?xt?<3gzIT>p4ghBif%OYcU6l=OOqw&D6{4gmo5V6
zF!zo#Jp7(|J3q>jGQN80w3A}TX;qprbo}I<yPhT{lh$fZF8)Fbo3C*YN(tBIJU9E5
zF%-69{L6S2T2C!Ok$+;_2vt2x$Q@dBj<R@qnZ=QKKu2la%ike$9uWDd(+4}|)c&MZ
zzcWf(o)#-M+mn3VS!kS7*~{ATso~?B$$^+~QY76V1wP?3T`=f6!xU31u70KGx3=&W
z9#1|f7+N14+J|lC3tjjNTVfYGL2z%EcFy*sPovL@XY#5>tP=aE`2&|s6Bl4T>F;5g
zqEizB2-w-WMg>n`EvnA<!#au&%{o#!IQ;f_kt$G*L`irM^X(aEMO$30P^sIu^y*w`
z#y{Unaef6zh!}q81oNRY`xDZViCbcomh=ZNu#M3LTWzuhpB5Edew^%u_59^$zx4k^
z<mu>22Lz5n;19=Y%3GGDU%{x*odQ_3lo_GM_ttKtSdo+&=g7_n7ndQr?=^sVN)WmW
zdp-2`lo{FZ&V9SNiP6xw1e{qgT6EI?)j^rA4uBFp+x)V?Unl=V!3D#6ydK&zWrq1{
zC*6hrDSBbbv!$$-D3sP6r*4Ip4_XK@S7_z9s4j%2EI{+a@<p)R`vwd5Zm9S(3X+fY
zJ{DgL^p+9OnqvFWQ9*yXegyBiKQR6x0=-eUZ=yR0WKcSy&W<g}Bv=|mdBA)${xo~2
z2Rau5u7py=oHVoFcx@B;>D)h4WImB^W8&StIyUF}528tV1ITNNL_=i!9d`QmKfXRj
zO&_22>cri}m#?=Lwn|cTXLx^BVG`>ti99yF3#kw{PPYNyln~Odd@z(iTQun+>ihU@
zwR+Qx#6M=E_zSy|bJ>iHw^yIx@j2Yv=95GO(B}a{OF#H~I3~itLaUG8qn6C?`1S1&
zzbZ@(sthE$ZVlBAli#bR0GgR~(Z~MizwmgI6C;H?*?Hz|*+<-*BP=ZKcXmGj+=W>P
z=wQ6+IFPHO>twaj?ZcCEHYgN}5h0!jEXcv}BaYYt#DIzs@*mNsV7Wx!)OSobKjT%6
zFr(o?%z3c$c(h19M|0zT5Cb6P4W27*07m%-1*ZwVDi!C__y`V}WDHR#M4KX8z)yC8
z`ahd4cu9`Pwbf@cf@@A{OoYQ3FVCKyeu(5h6zlwOapt$dp+R=7!12`7f8T*|KdhiS
zLxB?aD8*u0?!aL?y8eW+I*-QRU37Y_{vQJPRoMqT#~%U3$0(Xz(bbWOdeG+g_6Gs-
z<I^HL%xLe{ePTODDZCC__ihXASkgKzd&FdO+>7rY+6^sI5ZSXXM35;#>^H+?<oR!&
zugj>nYF}S75?gYhx6fa-VjaMeYzxJ|C0RH<F%LodKXA<4n4^{ykNJFvJbu0Rox&Ex
zxR*)zTh+9WZ=A2Eoatz^<L#?xv_ILj!Xyx{dN3m52(&Qv!zyWAV!2MA7S-lzw;Txa
zE4U7P4M2qtd+S-VMwnDdOxKc|@IKG@mv`UZ;<9wU?(kM&ooKzmp7=1QwO(0B{^<L%
zhHg_&p$Ew^pI;NRYtt=mfKG9EUpyNj0>l%UU?(oTm!4S-eBTWH5mM5sIbA+B5>~hi
z?al&Zg~s`cGx@2^+c<?|M{pjD=O!-rCqI6z-+LeS13mFyz=n&3Z|EofpFYFUxyf53
zM>@&g^Cj|@Y+_G?c^#T3C{G*p`Q&jVLN9o_!gkzmTm75wZ_ThcI8M;iRZ@FryDAGm
z_iMkAY+yEVelsUCqQHnP6)yw^o1QmX)Z{tsM;g8_s3N!C)g?Jxc`0;Ze{&NRNU#hR
zirf)_?3D=5%+$=eoPThLNXR+-bhl$YkZAsJbfQkb#rU25mn-*0)TDjm7=&~!(=ge_
zemlTbkr;R^F)G=DVq?45TECh9qMMhZz|BhrV*}c6KMu95l3G<@xnn81Kfl}*tGgiF
zUdI%Ypshr+g>NR>UAU%pe27snUinKd(3BuZ4E1E#We<iKdWWu91Is8x{Rj2OGn(!j
zO<hqRV!8HrpbA~t56vN?Fm!x_r_!EAopUzH(cTyM9^2c?zf7z=$%f~=?FEw34KEXS
z3Lcxfmi4T60zW#Wy)^23IP@{P>O?SEn#j}@Kvx%x`Y<2D`wHgJxlo*nSHxLze*%Tq
z6pMDX@C)ceH+#WVi2NzkD*5^-SL_#aClV_Mhte;8cSDw1DNG^=B0#lw)M5B92^t4#
z*h9n~VPpZZ2J7~~0K_s#c=*5g`{;hk2xrBI8yLP}`W2<6mE!IPqvmwCS}~a!IoxGI
zl-tz$f!xvS^hIEEFF9cH@L3X8k{Mo`fUg3CC?Vfq)@E;d=v1uMQi2h56C(h+E7%O)
zwBRaeI|+X@d)<UmGrIIP*qh1E+S7aLr$eZ5K|s<#-q!!FzBo<fal5gb#rmlk^*IIO
zuPIA>?JY6SZ(`Q`s*16fynLMmN0Zf4<XZr(Z_+yqoIXpPtGe|F5dE`P!2=e#qw9Yb
zmZ1bI{_9P0WM(F0RWUJgaWz{oc2%+9TTj-IS+{<FTjnunoy*R$g$wy&Rga_1Z<+az
z(m!I;mz!oQALB>1+Fe1WIBU%x-ouSA`+3nJ2QNX>&jDTeCD@GWffqj`z0;(O5|{TB
zc)aaw!?EI#n{@<hMQ?1q?`{rVMeoYABY*WR78U~1H{rB-_@_H`q~6a{_DPt7V&|}*
z<tIYU=kh(R+=`9ZB-rVMu!=TV)@bDiRmolORdphFkGZ$Za5K6T&|v1(rAedi|HFXU
zRtc)yCHn3$6!T6aD9nAu>U<D&!8UX{$9~M!oXR!NfBuKs+~d4))LD3(omna$rRIdB
zNgUd`aQL|Q!f}fC=j(K?nvTWV#Y)E~LiXbG{<7q=t%EusAt9!+>E@?sc=BQ(GZ&sm
zh{WwYekOO}7?a#u{7bogEzvZ<GhA99N~v`?@xmC-vu=^sPI^8hMtq3PY0VuJN`7O2
zBKRA`z<gZ|46m|$VY)?&>5Ct)Lns5=vb!^GRKg)y_sgtVJbsHLdl^p32azIgq14aW
z)K-}twDxLx)kJD|ZY{H`h!-QPiFSVnDT^Ag(Fvcajs!(uWKtu6*TzJbmN_X;cEtNT
zSQ6c>k?19&z!jVGf^LMoX1}357^tvrrG?ZVjP%e6Ry@fY7~IOU^bq8Pc?;hGp2%FD
zKrx;6z3ZNGF#nP-O^*(IL8P;dlhp$u)s62t@%z*u3G};gLsxjsqViAW55*&u9wn#O
zsExPn{U0-uK54$GTz~K$R=DCxzh=SLGSCzPA(OLDJZBjSyxiB^ez-h*M(BsUv~Vmo
z)lc@ii+4Qg2XR>MFkCD3mBOKGX`n|X$T&5iq_lCGMa$pgu-lp(1N6?lJT6U7JIhih
z#h$)2xI>1+kvS}=wTSmuGO6tft_5@<@JvCeRiafhTPHMsPsHbcw;P+1t}~skKP>Qv
zWM#}B(rj?Rrw>*9JDXoZP0Gw*M9a5(z3B1j6Lf1WZ3}$mHlBXx-Qt4DLWpd4r`0E!
zzWIN_of~@XBuAW@mPVNYF3>`1#iG4<=lNBxdjYba55T)m&Fx$tK~<M4_mxsMAuRUa
z2<&Gm+pR8gAC_iwq$y`9*J8xkm6OHq6QRz%kkgYzMjNi5$f*%w?`wmMYm_1m(R>Sw
zZKG1*Tzckn{URC=UCQ~&3;1YI@RGvLvwu`Nuk3*9eQ|v`)&Hv|fpJ+9OX_DS@#3_d
zM5lam3TpMTtq<p}hRhRioYZwv&WQgy1zcZ>T^^7RYK2PP5BApt%pcm@z=3dkn;9z$
zE{BJmtU$2@1U`b$s?RlaI-BuUr3?RebEEs9KckiS=z}vn5c9m@mohs~<>QAoh!>R;
z84ez5-jm!8z81E5k=K~$H}C-ygWgc&j0fyT@YsdOOi&wph-K0p_)^C1nh!r*XkqEf
zttg6A*y4#`sebwjDsu;)_O17(C4S6pM_kaL%z=o!C-uZkCO`5jM7qnWSo%M9Sc^5U
z6bpjTmc_CQeWjYVF!HL=IJngahY9LoUz*cPX>_KOF1&0mLtY~a^I|-cj_x}0alHuS
z@*v8m2w8p3`Ptte-do+?dM;PN6*6?qS?x*OzPrCWC3(@wGt^hd50f}lar;BPp}cYP
zMDfJRCj-mb5b;KdqU!5ta?u?qxLR2J`iVs)hxNE#5gD3SC*jW-f`_+!744w`2i`dd
z+ph06qi{a-xK~kIa{k^LL2Bo@=-O1z0zJR^X?UAN+pt6ss%zv9?Z*1A`Hz=zl|EF7
zbqOid<Vc@6MZr{OsItccycZpfU`#k1V?gXWW01yHYtFjp29B=KjhvvnW7@JTU6jZM
zWtH#sJPQ!((%~^HI8|E_+yw9twhIt~TDj-e#>F>6qn-0VPEnrRm5210db#ruU*&)P
zSHLfSj~7Fd#xQxxr!)~D*vR_lzq7`J7g93c=fzs)>)NfSiL$INcz^ouE58<<@nV!(
zX&%;jio!$hVDSY+mo>}I(L<rxHI2}od^+5AE6L{CX^+okvC;T<v~N~|f@KKT1?=A7
zAkg?aESELD7Ay%0>vmYtlse$!<l9qv00yDh5lmjT51&$Hq)=pE(GjnfnHQTrD&`4p
zq?VEdQ1@<L(pyW{N!dUpPOGI)o5TB+DwfJG*8J}ngy(7AX=rm-Ck&Ppb^+7TK4R0}
zq;yMVJzc{Q(r#Pv*93-Roy5ci?Nb^hCj_OkjzeuYgm4JhT}B`T&JMrrQ#=e#xO(jC
zzK4K*9l(5138i9Ggtv7EtB>loFdYo@o0PE+dm9Nu7!Q^T?gA-3Ta|B>A^mvQP%%bU
zom>=EI0j#Uj$Z46T_h~znRX|d0wTpOs0Yk2(W+g3&nl#()ss0{8;)XNvkJ&&c3pe3
zr8Dz3knP_4JwQo3uL#?gKD<B{>@$Hn{Zd8SG*m!7D=SRBg&-r(Y3A?=EFfFd*gYE{
zWV)_0zoMBAl!;7x3Sz=a4wc2sYMKm9@Chp!LKLo@U&M8@hYejD9778|u#dZNJA|3~
z*1-z7X&?A_r5n_QUb{lm@>IK_wvScNzpqarq0-Wq=ESBeoej0HXC?6=j<ucy2WM6z
z`k2_m_2uVUc*Y8V*-p`mY)&@fj6?s269JHq3D5B@4THZn<DEu|VAK72W)tA0XLLR!
zC*1Z<N_&}z3e=M2+$OqNRXv4&a6IO)_0?Q0`*q=f6;!pPREMg<K3WxO(h;m&@Wk@l
zjlcmMK7iuo;q@peWW!`n>>a-G&p%BP)d<2V8!45K!4r+*rT9aeNSZ7$WJ~<x%OS>u
z2xQfjK-!RM%ah+TzN_>9P=Lf18duvK`6<IeMyDY?AddbNgQ8mwt2KO+vk2=HWlKs|
z>M^zSiIBPM+DHwl9V&e&CgE~pHKacFYMFF;o)sy6^G>u8s`j38J!-ZPcdR3XkYfVA
z^~I8`^PGNa2(v!-l?fSr6K&&*Be9<ER^?Ps$##x;4SUS{E5F;h>P&z!vAJt$UHz9k
z(AhCp2_(O*=k+EL@<7+R_O<oG*wgQ>M~9JBdV|XjKRn%1eMQ)=z7NKp-)&oZZL&!{
zBS`(7tDv~F5<YwsI|ZBmdZb)b7DPA1-W+7tIzImJJ8!5~w*g5$)zurWh3J$&J<uu9
zK~8z$!NW~p@t)Z{@6Yz}_wzxiofq7}1{Y!wn&TjKXW4>sj|RQqov*dHL2iZdF#M#~
zfb@Fatl412;N6Bx2^iaq@~ZU{jw;pO*rUjf^x{Z&E@PiZI=LtGC=K<b^aYj=6JFbw
zhVI7JQvJ>ufvNR~SaA_g^`f^*YNq!u^Tb}YEAX?#W@xwg3)a;TNbhDD<=9J{(8Nk}
zi|qVzDv*79yWppnEA0Qk<OjNJ>k)bgGwQGW_ARr@&kOKrgX8$?z-@WZG@WSyEBa@P
zY-pq)Zk}=tc8epqK1Wbiz@NNUdRs$e6l|90J9r^^%)8Fx8DzC?HCXwIQ>Zsv)M%l;
zXFm7aepxze^;+NWpT@ly&kP$}<R`Ruq`OUZ*DrtGYn*HylMTRYyEVG6c>6SaTUKR$
zv4tD+y(Ymd!uQ4|V`w`kgwg3uCy4C}Acz_nBu3p3xs~hvcfGy_9C#!49b)=G>N<Lt
z=$t6{bu=T%NV|TIi<KC~d`yG(V!Sk$+ZI)54}oqBG)ZNR6kbb+tx1zloHu9vfNCBW
zAC0N+qelTrEqCWsWhR!C(Pw8@Q<5Wk`829m<-cB`D9MLpHg+_!QL_E=g5)ynnYijS
zFPpZm-}i*`(15y*V^y3}o=idS*MrJ4Pt}=D)kQT$#N4X-7OFmJK3b|wyhcOS+LX}&
z>a%MfRC$#96$%Vw?T?J_c8POCEZN1Ikt#ZZx1@)JBy!>qKouid<O@w>5J%TC4}eW9
z2i?TAm~b3bKSY3>H7v#b3One0bnb1QXek!pi!C>Cwl7EE!&~T@ZpVkE4@F4<cp@ue
zCDheu6bv6BTq-|UGaoO$5}sy^fP^GVlbZ_W)H|h&t*Kk@GB}{h-lU@_7uEiN%3r8e
zMpxZxOitu2WwD-(PojA$(NWyyLPEv$1qBak<5(G4U~W^bxpP>6gYN_u&r`|h7&7r*
zJq0l7HZLpRaa~5!(FY=1k{u1oT=)|+!M7-)KNQCLJuVk!cPxO6_PF>&Y+Xu;#|us6
z>ynyQzs0OegiGIw4%$D`fVNuLnCcdR+P7imn`{|7Rk??a^c{>)IxoOu3XgNZ*~zf4
zs?p92i!(!$XDMhK&oii=I|P)o0%$=gFV6<J6{fRbz~pyK@z9+_X<Adjk2wfj+Ul|{
z^%u4{0vRmxr<2N=Z6f0k)nw1U`g$27_JoVD8i?uWZqd$7cbQJu%`Ca(bllKY?MIO^
z{g4gaMQqD>l1~#Npt~N12)!Cqh;ROwS`bYqNPj6*%$`Fe31X-cD63+$m34)%A6GZq
z8zJ(Oyzz!?NnmDNJy$QxZVxC!H)_d&XO%=oFZb5Oz$MPKu_EW+Dq&ttU((3_!OK;*
zr_e#+wF9gEZBno?w_gV6|Mo%qM5^*jQm$!r%<FgSVE19A^2!UL;^yIq)`%Jm&79Z}
z#6oxBQ86#LklKeVvI3fd`H&_W)c->cbx*l=Y-)TeTZJpgV2}{Q6a{#aSWcOL71hhf
zKPN=i2JBs-1vcY&O>dm5u{|!tJQa}1Ee6<+T4%ZeB>n%}Fzmq&bRrqrd|SvBXgs*)
zAeNEA<&%cE*FJ~5jaHRC%NM}YQ|v(di=}|~Z9HB9bFEIW{m4ksEwv=Ps+ZD;$^v=2
z^N&xhzhYajfAGM_CwH)Kw=wCD$66VDihwa8kw2wis*{YN!pP8<`JU6{gX|2*la!GW
za?7c*U)Jt=?ijK;fAM{CWya&satYVqg^12T3#CSHv8j=2nQa(td(p&e9RJdut`D|Q
z2>%$3UCf9c=>PK{`h@Bd_e()f*Po$m3v?30)g+ru$U&|Vb&4H_QM`?AbIMVzTF93M
zX{>w44X!SN*P9cwBzO)Fc?NS!YUEX{&(cn5Ag@b}eR1VQwB#zXoTcEGI(zFsE?1fg
zwft*xMX7xHX2{kKu6#luMD0IIxP#;RFYPaUbkz@xUIDA(jYM~4iK-KD8)s1NO3wmr
zOfvFzztYuC>Hg&yi_C!bF<B_QQ*~bBLJU|sf+_m5n7mJSQv6v2eIBOT!UdYRNNYQZ
z_VER#ouGp5b*duGi?FF)+s(%|iyqr$zBSnkPrT1b8iHeER!Rl8=rc<G>&28RQVeb8
zeFnm{>tqw|He~$KDL{K=J5lIG8-p>t<S+^`Xt4pYGBD_UD3udD<7!9xr0>H}O+J^X
zw*|9b5m#Uu7l*^hHAlRd?{Qd5BG1*=z1Iq`5KG+`{69Yf+h;$5lEds14W~leg`NZ{
zT$Kgy<1sVG5r8}_`&oxkev-skvPGinn+=?V+JbFJC0&D|Pr*U?n%{BTXLayY!AZ;k
zJ=7_V;X-833Uqmd`g+t<JeZIEPZg$f8<<?>ZTyDv_-zQDJ^7Qh6L4*KFX;Vat;M6_
zN$^!1cd!jG+ZmcTZXKgGlpaeKf`d^9`@eo44@Ge_ubNwo%sI}m`To=L=_|~ENDO{@
z(thx?z0pwqV-DM7^VfudW+2{M1GY@@<to>8ZH^*~5kTd|#e>qUZ~4~}ruJ(w7uZ`T
z2UB?~WoBMFJBhvEE^e+02Bi5%n1E*1KgdkKEucnTCI+MSep&2!@gwEF>O8R5zuV-f
zD{ooZ-kErOnKIbKUKbXim75}PsO-a3r(?75LwfTGCTMSIh<QRCsaV0|`Qn-G0|J4}
z&@V>vBBaO4V$?I`>woV9{lf{EbZ5C0G5Pm?qM8lKpT0qESJy{=NxMIA5IjFZ*bBX>
ze3eD_tN!2Y7fgNk!wi(o(4xwhz=M!-b_uF_<+5w5bft~OwzZHoOv9T_m1v<uQyU~x
zli0SRBmW*b2cmB|iWY_^FYxC_*DXf=BV<CH{ENk&u^G`46gD&RRpgnNz-GMAuLQOT
z!7iNbI&UmTdNcfx$5VZGt{tF9IK;O)iR0CJ5|?fXbG4PDyn}J<dds;Z_nL&;6ySDw
zUCFjF!h<BesE3jeiH+?n(hSTXW+(M48&l#~<I9uw^E`h4=+@{om_&6qB@e^~g_CDZ
z@lm<=BHkHbV1!CbE#dqoM!4Ye3$iG%i2lYw<Gp7BvdBf?YLn^h!$L)L(m*dkJhUYY
zny*b6ILcAd!oOAZ``W13?ieT>pQ1s9bP2ry<V0hbMy-MO8i4XETOBy~tRX8hGk|YU
z**ATFBRHF4P5dqosA=Krk@5Iubck@QsG)20MBcx~OY0(qQF^(Ol-lv)?G8={=;z-v
z{1SQYT$0z>^6{$t2-w%E-YgwDyzF85i4iFIRz1=3=v|q!gZz-yo%(oIqP!>A7`W8=
zK%Fjm<WZ2bJcMUvNT%XcF;Hpg@KwtLoNKgBs3-Xi*oD@IZM7J8A?-U19xL{tAzSj#
zJMcLN7U!cqi?Q3>3R77+s1rS4c55_N@FRXUIJM*-w|Pw~Fr1M{XxcWu%Pc&vx~GMR
zot3Gx_9xp)5Jlap|JL<)mXQ~0EpY;G>q~?iObk=~PmVbqcZ2_%a6)!KZF6Kh-<m#&
z4hZz;_T0hZ^Sqp4|Ma5P@raC^0ifDCF3IL7A-!7}#6de==FyNDsuQBNVW50>d0<ab
zZCut{2)#fNoNxW$`q|ZUz~R>A#>!PhJ*@Q(J4uVW&8;$h-G6kEM*%sK`t3r@Yl!&}
zraczLnQ2QDD-$49S3go?2rckuy_m@l^UlV%izzmQ`>WV1X385^XUczemhwRLY`C;#
zpjH=5ip`<Ycc=W04Ed24hY?lPskN$6QBQVwb5@;<jV2ex+%?cH7fx(+??}pdYZX>j
z0vOLg8BCY&^K<fr3J*Fd%($vth3b^*^h^p~xF#CP%^c*kC^#5c=+61uL9nKYP{5u_
znHnDt==X=RRB+w;HQ`EKent=j)zht>EO+!zT>JN~%oHCVH0*I9KtS1<=1JxyU_ECI
z?#fHobA$V`bOvr^4~I|&py|x}UhTLuoa~`1wS4oFsKtrAgNtIkkJ8kl6-qJ=m49DB
zPj+3F1WxfA73xm0o9|QtCr?)zd$T}S)%!~J{{iH()nh&RcRuA^<k~)2UCCwa2Tmj-
zc{Nivr@B0K`Zi*{Yj7`*dBd-4O?&TniM<xU>Mmik){P{A7f-+2)$can;GG_TG^>q+
z_<ip;sTHn0v@W2^-9K-6uvri9&~^cZs(mDYgCWD(Q93DsQAM>ZtEsyagFbm4XpGew
zEY(^8IkF<wyIgW(sOuVbfC@-m-oB4%ar-!IO!$R|K^V=Tn6vs14xTa3iD70j0O4tQ
zjeo)2tN)s7U7bKL5U9(@ji<ZP_~E^?)%78sy~K^#XY9rEUMrv9@Sk{X%Mrx6z)d-i
zU$$hy>IVLIjq4bpj7q$(Fqc)Mgg0;3haN}OFv6(owGO-ZBtv`@-(2504coZQ@1@+>
zE5By>jIcFAZ)56l@}qAiu)v72N1S%da6)dKfL)qDtRuDwv&q<h&Q%we#p74r<w9e5
zuZn!Jd3=6yV0fP5CRo4qF+y+K5>tI2JZ!qIq2su|0~ol)9N)*(H+BG@rv=jSB6fLS
z9;rJA7Q8SFoC$O}5L46&4*CK85{;Wr+*rQ<w(^DyGVsvOzcQ58mEGQT><wITI=_~|
zwGq^SJiBIo1An=k`2tiD=*VJXu0Hs1Wz3FZ)ggCtZ){Mx$Bsg{Ig>9Z?(UB9DlrBQ
z=9%FTdK=anQhi%deRGp!jhw<mkUPp7dVY_vFhMQ|SsTqw8W%${q|`|{=Qa=f*+PKT
zkE%BPk<d~*BvH8ydLclT^`-wov9hjqlCtsQzu7(Pr1MohPmg6EkxkoE_lG74_q+i=
zE+g-~B}sSuuOZwq`?**hHG>hU@Y=UDq8wKOny)mgj@+jFX%(Z%PugN>3x2{{ea!d?
zmuLFu1Y=9St+&$$;a1P^p8?LaWCV~5h^pRo+^78vS~SD$<28YXR^~qge!l@=@HIhN
z=w^+q>#!e|+waN-^ACNBUh%I;>J=GC`W)g5?ynraE2~$U8}j=cTg-sc2p%lH*onFh
zUZT|1WWbqj&*U)qCg|`3>**&yVQhaucPejUvrbqIzQx}sw9~4_Y#c;_hGSqFWE78Q
z`#&7`wAMcRR|uY@smNdo(U++jrpViM3!to5<E#IKc;08Qg@U#OrY6j&xx-u&mNyt<
zoL$HO_{ge?o1#qJhfAx{T@sYyo<bENL1G{To}{2nxTL?3!52m@T>ak0yQv*&+JTYQ
z$aTK&0dQ$lQP9;Bc77t%TrQJ0FMkrPq{ZV>>)SM+)Umjc(gBN=jz2E>-kfAHE9>z(
zu*gcmXUv4~Tvnj|3*9Ce&d{iMklo8gQ4Fl)xjVi=`2#PkzLqSasJ<gYd3Jr8f<bGh
zUbNRVh}AqHGM(~&Pw+SoI7bJ(yBa!AS9IR>T{1f8U|pBwlV57bPv&tsD$J`*@=r~z
zL1OuwVvZ~B>}qeC4XwKty_$Nt5S=Xi@Y18rZ(rfVBRlB?^r3Vz?Jhdw$v<ID<23oA
zn{QS(9xR@sck5@42kvp!eE_^yv{QILO130-RpGm&P;W43U|!1T%VmE*$k2+#PUA&T
ztS(xW^GOVBvoU_19krs|+w%102Eoe$d#mPN!*afF?m?7Z|8)CQv{u-_xb{`(f;T<3
zT-#asP%m4Qw%$o2*iF=2mhst{(~_MT^1++D<UjbW0^0pKeI~n!q2*Z?I)^++Q#R?4
zv3W{jrfo1s7-#a6XA4jM;+~DD7onI&ID3NX6??C|e>Xl6kZLe}{8moQEPG(9W9{Yf
z(We1)+2h{+yijnB@)C3QqWo*?<`?(~EA53Jq4KYltX(N~*YDdI%b!yyy}shCcONZO
z)Cb01uJqprcbjrjL3KC{2a9cHfGv+m28)l{@fLC}AxPyDJvQ0sMG0q2FJib~Zz#LZ
znLSZ+8$uG8vBqNelklE+2EMch%Oo8<Ig~-&14-z!+X4LiPU_r2!_|LK+Sy4O%OX52
zrbfyJtHmo@A$w0eNs&n4BRi0M>Viy6#}bDLY?ae)K_S%`5YrJf2=}~OAN*)I*o8ij
zBr#)&#SS#IowYuHopaGAeVMO0k5JTFTVv@tp10;>3k~`{-!?5a^Y7;mJdxaY?IOV#
z))_L>X4JPu{0nfa_cvi>iaBFsib=s5yB!BD93S)IQWuV*A7t<3YL`PRdq5rxh13DF
z>1BTQa;FkpO1C8PzPIwd`AK6v{r>D2K6A<#YfbVLO5<pcles1WG`Khp|Fl;tFP@b~
z!diOC#MKj5E+fAK_<9??@_a%89BBh23#f5W?xOF*_2&d3zTe&(Q4qHRJR3jR8@?Jn
zIC{-+A42i!)?)(!B>chFacsA|8x#2Bg}n(hMB^Ytu~$@P0rseeqXLjKq8lvMw4g_e
z`^Wz>uAhGAqqH9r2v4U7;q9dbF)$2W{@RI=Ql|5bSipksV<3%kxDQK@JTX5-ms1OX
z%Ex*ky0&AYN6-JCDjzbi6Vv?dJ!!S4bsD6AZ<I&zf_BT)>M<Wn&hOSewSmQzc`sV+
zjRFEv4*|E%zBL-0SRi$u-L?V1m1v&gNThG*n)cYE*I+4H6Yu=;P+_v60bpZ&6~|%1
zrO0k4IKBzQz6+Z8(2%3HQ>Dg9V##yW+31CP-4b>3J$HHUr8}2i^fyA@n}{i1Q_KF}
zHElbB&5lmq9K^@@Ebv3)({8`XVzMlU%o@$Y+e+LIq%t0wfq#M2rTw;8NqcVn{QJ#}
z<w%9IqE;Yj3pli(p-K)fY7S_(O7x&QQ^<=P99Y8?Oz`7P<7CCK&gVSAwH!Cw9dXhT
zYAa`(FIu)p9nvnpFD{L{56o;WCEQrDSmWsJYUP?ZF#LhKE%%Vg);ZZ;w5sW-S_6ae
zqdi5fDLBvkUR|!3Zi9MxL`M-cdXdf%F`Tn*2sJ>a8eUjlS`EU3g?bxu`!>@$qBpkM
z$8H&p@`~=~Xf~wl$Uj}_H~7)7P<W{#w>^iI?9KOg2!4AdAw&;$uiS9Ujh>%$sGBMF
zfyPP<kGH-%ZnHrC2-JSL=^g{I;9Y6^t*m1IMa1Vc^r4+d!noWq$k;{OtKLVuK}%oq
zBkttWD2OY1(a!nCGqEP-Nygo+oe2b<8~>lKntQWo*h_}G7GU&j<{7aYi3~351%}>)
zuxdG>cBI8IPf-P@;+3Hmc6;1g@&7%7-(u2n=#b&_OtHn;stC<|I^;9Ue}X9sw1H~*
zr>Vzn0%8HFv!TCr{*M*mi!O7Ys31c=qsx^4KT;&fCSdp~vjeO+yx48PUrU5UcCzL-
zD7C8&y5-49BVEFVuC_35=yZqH4W%7+I9b=>5Ft(wbwfi!HXB4g_&F!g8F9G@BVgAZ
zzm>VuHE<y16Ye!`4_$HB&h}fMb3Qqcrj?t^vc2+;4muXASNIjQLt#_v_<cz=<-m~9
zx|V#9^=qzAmXgEAfr)M1;0gpl#cCkNwguYLD&4<%5nENLQ7$hyx+@Q7Ha$bXW^^#z
zduJ(!O*B4@EEjbCI9Obg+m70KVyZm&QBkxP<_v0d_RC*#dJbjQ3}*32+=;ew9tdpZ
zIeRg3ez>$Pru67nKpD!!PG66@LA~VWgtEb4h{+D*QcwLlh+^99*8zf^Ftuu=J7A3d
zwpjLX205p3WN(&r%VqSo(>thZjw&n5_5yTqAMD2UQ?DXp2<1MRt*6Ppx@(z3E`F6k
zAbgtJ8Yf$sb2fu6oi1Q#l?MMFSUKVTd8_qa;Q5sfC#aS2OyI`<kH5fb3;}^^fz0p<
z47Tz-)pXP3?o>RTdv&uO(EEVv7@F{E5Gd-t2;^JEK3=B7R=m2PS-3g0ntr#D*99%l
zj$TD5vzy4)so7)S1p7DKadj-SrT!qrK0{G8P2fRR5~Y{)9EKahpP%6Aswho#glj7U
ztRDI|GY|^9E$1!o%dKOh47VgBFE(RA<%Q?_8Y%@M`_j<9hDC+XO#^w;ga9J&p;IYS
z`&-}j_)1@>J?PvkkE$DXR(`3#%klJ&vbefPi9DcLyB8_MEhs3oU#zQ#2_tuyEzEN=
zQ0(SijuU5Ko*sROU1S^?&^dpQ)<!K+F{SfRtQR}wXYj~;j;n!FO7l;O(2w1@;~C-0
zzb~HobJl7gg^q}Ij~A6bvgR*-GLLe}N$>b}DY^~zJ+?TbhoJ0xKU(W!)E@G#Wn1ZE
zdYFH4-UJwM<_XvS!2M8Kee3mdV@P8q(8r5BVuuJ*T2$boTo9|RTtLWG0D@DmW_sd=
zD?3}gn1G(&QNWV6fvV%Tp+4cmu^le8%h(N1pD*06!(?Z+#t+(`Cw?5gHXA&89Tw>q
zdgI^TX+e*zzDnWPs6<AY5|k{oG_RJE#<%WC$-CN5t}ZH8b;Kb@X&Q~P)?6Aum3$;-
zv&y31I!+X4^V|X50sXB;yG9zY07(ZA^G8N7)p}QOtTy89cNG9F8uJ?Cjo~smPOh6<
zn0bz8$~vFeEl77&F7xCD(`~7#n&6{)ggVZ_A@y?5yHe6`dyv;s{f+boVeDf!B8hVW
z>X|p2hXp1s^XUUy<eqyCb!^_+SX^82mBPJWYNh3lUiiLZsa#ek*{N?QX8%!L3X6T%
z>?a-kh2Un8Vi@T;GJZ1ByuPT(0L{4XL17g(IiJhnL}Yps@4fB0wWKSOxT7qaU}?NR
zShdxl&OKuN$SF2&2;ExZiEOM`HCEKxzpV>Of40qhXT_)i<;M%e|J(*Ta5(RS2i3Bf
z?J;e$ej{N@V=r{um=0mWzdQ?(jJ^aX(arWZ>y;%Dr!}4QJliCtMVdfq=5K9W?U+XE
z7`Y9Jb$bEmFJq-)8_Ud4Za3h}@?l2u=<;`t1<F8a0Bxff$8fM>f@1d80Jj)ed33xn
zKeENeZ-*yc<CPgHPzS0Z*nx$g8-ImvCOi-37X?C62{@1g8rv&V3!IaA*df@y1W&fC
zI0OR*(!lv`q6g3`OX6TY64&GX1?Oi!hn_xu`}WvP3d9)xiN%L`an#;egW|4BP|GLU
zO$0Df%<*+*s8Bje?p20_Zb$XpvuS+!5Mgj;0jL)amdWDc+C*@v8c{en_95j#DD!sz
zZhHtWZBsjX32!oNRuOC`E#`DSwU|kfZ*}V4JU<bHZGCfTL9`ra_-`>3BvSL=qJ;&h
z>1^%~z}eX)xl8kq?I#Q$*-;YPBMv1C!_#H5n_R>ZI4!60LBw_T!e}>7&^e05%6O-*
zxEL)!Y)QF~6!FP$EozuH3~nHAlB0E9QBkmBYJtqqQ)yCv48xN(NiKZPT8Q#%j+s{q
zKfBXJCevh`>C&ibzMa@Y+GJR$)Dv~3#o)o=lEX1g;3rWvy-hU%#2iZ>SR#H9MB{3-
zt||DaE69^7G%Ux*q<AJ`o?tj7fcA)9p6E9z#S?w+aub)q^>If=HyJ@^U~JT%C~e0U
z3Vk=&O`X#gh!q*_ci<9%x=SN)3hSKs4!w=)MA;`P3yxx9=LpWyRrP%4fc1H$6b+a@
z<8=dftpyzAz&?}t#kOhd{Mx^;(t=rLHTw9DjM=B&+pecIlg~d+5ZUw?N6oeVq=6YV
zhnZ|PX?g~vCRaW!EA8-7SqV-P$A{PyRZ7PVn-B}T8kod`JQ7U_9>I^Q84~w6K)}20
z<J!S8(9d}0Q<|@yQ8l0XBWUhmzPsplcCI>@8X?6M?C+mD`kKUt`gDF#+J9|U`lOoF
zReSC+Y+v3~Z>A#A$TNi?Nqt=X+w4M`FcUQT9J+X#zfWtE*UG*ChIGk?i!{&fkXtH<
zCd>&z@mRVh{(!56AsrGXV!tNZ5n{qo9#obL)gY^S2%Gtmerv>z6d<vb+yB-!3NK_c
zSq2<0OlQ4ee<3tF&XaT5jX7EmZ~K69JR6ArbE|xMnaALS&}%zs*IhxmyxHI~1{+b;
zquANHXA-2<!>=yqVa|)XZp<)o)-*JoT>Hc{)w*I8iC;=S^FH#t0we6;92fE1F%9j}
zR{K{s_`K{Z^v0k9vSQGEAi3U)+F-aCd0Hk$97?m##fN6_k^gY|*t(k0w6vBC;#E`#
z5KvY+X7sy{&3<mKi#QDNtNjFc*1quG<?gZL`bTa$laDj^28RZ2Ep>e_hagch)%SZG
z+ltZ+L%r8uVyg{M{A;!A3S%#<tZK{Q25|7h3y2=NY;z_>Y3*(hnKx_SpD(b`+Q8bj
z$GcpAC*Acb(U%bb4E@~G&$ZHf{%t$}u_@}nhg|!x-$5n;wO@cB#NSu(%c6~XZ&!pZ
z)Ri4lEtqyaz1l%_`xXr56f9Pdc#pZy5I9fqIr4e%Hy`v7=efLBR@eqVnxk+6@^TW&
zR**kVrmljZz@n69X;F&>RI@Cw?i&@aaRc5?J_Nv)&Z2r*z~Z-RbaPbO&wU}40)|qk
zkg^iMlmCYOKX?8)IAe=^4(i?!tmt)F*_q2jq*>+j)}#(^MEyxUuKTaCHdcJg12i3e
zDR~12>p};b{MjYx2y?1Vef%R<JXcx~-K}72)Y8E0<l85EuZl=7KVm~@%x%2S@-YBt
zBo1q15+5jxwic~x;fj^6b5uM%yyDzjK2buRdk&t$n4HAqSNMZJ7)?mET=P`k@t%=?
zEnX87nAKPIIpWNq&`Y4F0ut0YhRgn^ZMiVeZ+91OlMO&}7n6Cf==42P<KMUkZtQ0}
z-R%lX?f)e;-z}A8EiDba+i)00Zv-O-ElZgw-8Fa8z8Khf4D2+-i_RDOM=i12S^aK*
zM<zolY&jdl<lJ>B<Z+_u-^clj0o!sX1nd9Z^aT$4HTw93`Mu?AB=o4v_A03n+n7i1
zFC>Nn5;kMNJx8tb7)MeQ{<;|-<@dwECS20rvvf5wD1|Zk&sVA%4J9I^Va0@aCU*-U
zIl3u5xYumvz4b!>#~)}-xqW%W1826~FNG?tT@_LZ_f~Nvo|lkpnvr8DYQHo20i4Xp
z^}nca!%PBtbmyt?P3SE2-dhTzkN<gv-@GHNVA9)691=b>QLOcpHXKi@(zm7A>z~>T
zq1fwXZ1Uve<{d3dU=#6hiNjcI7e&|uCk>O$)W7{lw20kP$4GR}_V4(B)T~4d4Ud1;
zV(c*aI$9+YJ8Sxm3G+An`J?M=3e&A>1KtrjQ?ixc>PCkY`x7f=>gjY1{hWP^`|svI
zE1G&F8eRruDk0vbAJvFt5Uy<*pgkrB@8&hm9CkwY_1g348e4PY%@s;eYF+DhOiRH{
z^|H8-4fF@Ut+?@83T~kVE+@C#HM$m%p0@0Ly2QNc@-4r04bDDx>PDg5F<buO-RD+e
zgU@K}bA3N#G$4a-GL`O__7K>I8MmD@)8x;0LuwLrM~u!DYL)YB4QntEeb3KH)pJyG
z&AQ(W3ljNTPMUS!pate@p>&m<9Pn0o<T1C>&+d%drb+vyb$C4uQp@kI67A=j0q$!y
z|GP@-Q2W};K^*h$p7S@(6~yN%4c2QXWuc3|j);rGHZTKnxPT!@*yp!~&-yd$VsX<J
zhK1>z35F*!T5~?m3BgmiLTX(w;un_gBu4c53&FJgnOhF_)BrqB=zp8kFZDb+OLP^7
zX>9;{4{umUX!^;BL3oPJxF0PPuYC<kg|Upb(ZdeSX5(%zJV^qg3kN!0D1WK}ng-6O
zauOq6_$;a3)WqcZgV|<x-hJB!ef@pbr#YUS-!i<1v9{;rgUXI3`#N3{vj+)|ay}oF
zT<NH(-X*(VfbTZH-K#sQ`59P+v5=WRyWwhZf<AH@kWaZp1Z+7SmbpMXKUaBH@H_m6
zCv&wIGsTF2Wbbfz>9zXLn4wZva;x&h(y9-hao4g2dPH(UmgQe{q(EMwW}926yY-p0
z%Sv<0Fc4D|<{cRJ^W#X_?Mm_ADgTj&eH~YA0$N%a%C<rwmb;Cdd`7TrD8i_k`(QIi
zlmt5%?#HANXh_1&`J;dt1iaUN1a%EA`{qkLg3hVaW%RA(B^5?_j{E%TR3Ji!O+tT7
znJ<jq>>l$<i&~vHvp{jQ;9$=X!H2$LolFfKk+v;wFi};`AH8QKEBq$Y<x4p3c;u-q
zmk_YFyNNOsO%Phw&_WLHH|BK9O~6062&d(dcTIVPc{FBFZF6IIcD75j3c;@%9>40Q
z?PZ`Gt#s~`iJemal%{#&KKUCW-DYu^<5;*xv|M(K-nFoYJwZR6WTwuVc+h7S*!d;&
zUHi2vfCwGLegoGI0!7TDCZ2;w)cs1!m8YTMN>{qhUQ{YMm=?)4!$OZ>^IQPye3@Z-
zW1G?BZ>YV$jC1KRnFp_nXX_M-GNqHDkOSz9RNgL?Uq9B%j_x_MtpAH~03@BHq^YUn
z!M1+p9oHl))&8e~c#n;-ARq$C6%p5vq%=_wAjv-o1Y|l?S$J>=-2{>bgmST6Q8af#
z|64|}tJa1*bOJUI0QK>q1wL@{P^$fc<;X7~HK)FYo!_uBA20Wwwn-+X$27@q4MG0v
z9PQiSVDU9_`UsPsG{y^!8kwQ5Z{z`qhV3va>d*rB#rqCYs{QKVpc#eG(U~Jc%XXHg
z;d=ccS18BVvPRoT3gHw<VBkULk9i2Go=_&I5g(H?V;>lC`+l95jixnApj&wJ32mdy
z>mIg<K>oNz85@$W|K!~VjD3KTqsmi5gg4;Ge;*&+i=asg)B3hnTFg!%lYC!%lCS3{
z3jA33@%|r=>4>>@UU%SsKmP!$A_POlQ4b&_(106NgMTqB7Xsu)5=wTb4+I9R`{d&W
z@B`MN;G>0o(>Lt>+0MD+Aisrov6waf^$Zu(KX0JI@Pp9$v~e-(8u6;Nj~1IDsFxYG
zmquID7vt}L3m(rrK2j|5C&w%Q7G&tE5W%KJ1vT62L$4xg?mF%w63oXn+2}96_*=+O
z@U7w>NQ7WsnN*C<OTgMdTgBS2A(m}N1hXDWZwwZ*F3_ek6IlzS|1FreF|$%cP(OG5
z3cGi!$YyeddvNtvwR5)>TR7wiX1ZXMd>n=0)+XdCIcoloaQgqkz9F%KN(QhXaZjsm
z0?%NH`@r>SL8^4uJZW*+cp=@}H!{x6YP4AOn540L53lpYiQT=3!Ora2+2<ZXcuXP`
zPuqSJch{|cSZsD^ArD+87K8g8V%812gOg*z#f!&Z-_Y$Nb>r(mF*RL@x}m9`onNW^
zqSo4!;`8-;723!b<n-YINA6rB?+J*goqm#!^-#*F$gIG$@RD^|0~H~**Yx9Xh2)0$
zo@He?^BvFRi==p&`oAk(Gxzc-m-1A%!gkwQx?eEP={h`WAm9Cod^KXpCgLA<6bI+)
ze&smirEAd7tg#p}eZzK%dl+vU*acCjwr6R^3Lsszf1ZM`PsZl@8^f@HM~ZNW(&5Nb
z;##}sw+XTn@5*MdzqmDDh8Q{))=C!Y;q?t789%=<r!&7H`CD^-<F->|+wsvu+cMqg
z4!*gRxbA`Aqkfw(7?YRZBPLt1DU(jEUl|0hl$KpNhOp5!A;st8@U3|U+cm?7jKc)O
z`F5(ft-n7V9FZ6O&q_P0LyZsl&i_p-f*+bPyruopX)X7z!uP`yVhwqjq0IpUyjxDx
z*;BxOv=6XVZ&qP&@^vc3AWr7IVscU?5U@QQ%@<XYcdN1ah}qv@>pUV@zQ2s`K}*U$
zQ*5ZDz`3{Ag8<w7Yxo9f&B!?O-;m85n$9zY$A`i5zr}4E$5*q9Y3{93faya-`dAv9
z6{KooM4o=~mU;~N*Ks%JcPXHE=Iw`P$y4{T56^k)G4q9ig3lr`_{U0tj=g>&)j9Lm
ze>Ziqf0ww&*Fj%&kT?Rvi#uga?wXc2Kk%#lGopzOsIC@}b{T#23$nymYBVzUKLGVW
z3cn8dMK?!OALx8zxz<O^wKMV}fBy@#X${8liu%PE@Iv7HO|FGvJh@oSd5*Z(OW*#?
zeb9e?5@A18Z0p6mr?}a!D3o6*<fPvjVY!z1t0Fdkk-qhy%LU#3BEKcTy)^#;FT5+F
z-uXAqpXcl6=S8|dF46s_HXeqInT-*4k+c1CZ@e?QoP9Cg|1`qZJB+n(zNEj<_+A59
zl|PH<_sX?-^#S8rkMeE@ed^t?Ih@7NTyJ~Url|AT1Y{N86H$HdD`%uH7xP)_e)#@?
zYj-3riScA3trcnft}qs()TxL+ANUAx>6>n*I=N6%C;UD-WM%(2!Y+*2B;GC5)I>r0
zbs$~YVV!Sj9QPqDXHkURv@gw98|;0~+KoPEZduF;;d4g$RV<IN>u9XFV1wzb@GOH5
z7U?iV`kfo$_wL-M+Uj7g57(3OsYG3GB%^+BMg5WvFK*QAfNE_aO}hF(SBtTg?xMIq
zxyIy=s?*i0j^PcU&pA(B2fAOq#^96bvvsle@iO{JAMl-Y6!>;sBk}EX8|wMG!|V!~
z4>ENRVCMeQl>SW-?my%{rOJHoxmWXxywz+g@goA>{*Y06U4$J)G7hh@uY2QoE(-!y
z6P4Kknb|i)SO>{`UDBSWIpVxHYcLuIlV(g)ns1D-mr3S*8*I-LT_e^5MSlMeyvl76
zb{z4(yg~GZ!Y$<896dhK+i;bjAFYq@Gj;bLV*NKdhUV+X&?S-u3HSem9RHRG+lS;F
zVEztVf7E{nWMhwjejDb(H==zJ$=suw-h~sNSi*+bFV2&G0Oq%w1kcNp^N^j@4W3bq
zp%2k`uw>GC>XvwM+GzYqO@Tf2ly!We|Izr9gY*WB!Te6mS(IMIjVZD{3X#@*cf{}p
zW+|}rridEHKwwqC3V>}C7=7dQz&e3#7x~)x-SPV$pz~s^{gF<dA6PlCQ+3z?uqI&X
zI&3sW9lw|8F!wj6DT6vX(lZTM^}P}GEl`6lXX#x4m+Jmd@Be_W`(9yl%$3+Da|~N>
zsy_z!+M3nz&4I098&Qt$e?!htv)HRyZp?p^&OV|!YXY=s_eUJw*LA%iJ2Ums{C6Pi
zi=Ri>51q+++&+e!*Jb-o#2ht7Y#Z_zM;?zjtE0Q^M3I~^$npI`>t~b5`Ke6K?1L~K
z?4=y~o@yZ{yCq_|6G`Ji3(|6sR;OR5yOu}$T;fp)#x*<HD1G2*cp$>u#8bu3uet3q
z0=({*m>WbsKCu_!PQ`iz_+y4VR>$%<IhMzgSU<}J&&<{cyF8}zD!%+!$NzmU|2Mri
zMd#S1p!I?F(%4$1il;B)|5o`f*DY|)(EW}{GNsD?Jx}<W_9M@dUq#q&ZT20tJ;&>e
z+l^>9KK>ny@!+8d`*y5sXLH#LgngJJ(vOa%m&Vpog-9DiTCOvn?zl0{njvd=TZEn9
zOqTt_LPFLsWQ87%uvLy^ohx&z<FaxNLHU0ZVbh)2;BUyh=eYkjWVN<MWIoT9_vPZ1
zF$7upk4D(T&g#oPzP=cb(+<UW{8&UEXDyx|;wQG29aw#kQ`sI-<3>zgzWR9OYlE!*
z-$vN2hVjO99<|PL9%Z_<quQF|kTvsh^B%RZyEf=1s#Ut*3$;m$WXw*({0bR|BwD{Q
zZmw#3`xAD1`@H=jqw;r{FXQ<;?X+wSV!3XB)blUMs(LbFx{E5xv{qLRtmmS9eE;K{
z7=NFNFeRQ2YpgnKHtE3aAIKVltUR54Q3}l488O^VtpYZ?Q_Rx_dsKf<QM~^O+6vH~
zp_ADOtgTZ!li~4SfQ<vwzf(R4tmyX<cBKv*1J?C>adxAK_y>ngQ<5LG+I&z!=^*`Y
zkFc|;uI?@u@h)I0i~T0Djr&2fqXF|2(QGL<+s0*j+jzFfZ{#Nt9wWuQy4-vRtT0;d
z73OL$RCUS+f9Of|e8hcfRHrkeD)Dw508P`gusiMJ4O{MBrP;>zRc+JE!;#<4$fWl?
z3qjYn(|ATy3aoc$#Bg`DO2~_1)CTpyI@|2m^|?r^N86t3rZxDb_G>Ux9FTY7#B9tF
z`8DlO_x;?bUuszUigSp>wglrr1do3LzM4O&wzm7wOAYbxNN&+g*dHicttf})w?>{T
zQF}Rif$q1e5BP?`ccYbWo{W#`vKxHf?ua4ge?PF<CTs*)t_f4V1^Y^e@%<lQ+1+CA
zRPF1$A8`Laq~$%Yx77+_{sIL^%SYM`qL1kMvo|)5%rSRpFE4u?c$=RW-=v}JMLPGs
zOZ7!p<B@@H=y@^Tn8v(owV_sBkAgPog^2o|{2WtTqmqklVsoW`8{_i}d)_9+;0wK=
zonKPjl><xjTkDR#)jFijMB0;@Zt>>Z3YmdIdG|q917sbmYv*BLZGL0hPXOCy!cvZa
zJz~N#fVG&gTwu-qh~bWU0k9^&@!R(SYxEn>{40-8^*c3I4=eb%Mf43w>oDow3e4MM
z%)b-ZY!em&mTSTWf#viV^&A71-DA`<DSeuf)nn9iCa_Fk-;L?HI_9IDo37@6n4stJ
zZ-C_kTW@GXlYO$rXpQjmZ}2sM?@*nrCSc9LZiy#rqfr*=+zY<39<i3^I<Jhy92h~`
zcvNSeRuoH1I&zvafwUuHY3Ietnt?PW5Q*LU=j9jl`f;P+NLBtJF&Tw18D)ZAU%%Bv
z|7+`bPv2@L(suk&9YfvEuF=KP6Cdk3t=CgoY5XYxk00|L`3$=6TQkl0y>8U|3>WLa
zR~plsz&jgb?{|oI!<uQab<g}6Dg3+%=>=l`bFYo2s}T?RdJE|#J4N2-?pfZcM@>^k
zF@_yUyeCCvFXyuP{dc4*7)!oS>EBsn+P{lkNtqwDm->!Uzt^L5?KKQ+2e1XY`kw$c
zj5b+CK&du|5q;Ws@I3^K{ySN~G6P1rUSN3vO)l9AMZhZFo7`5Y23=Cnm`4LJcToFY
zz4)gUm;y}aXKFrw7H;-+Hn9i1++G@njC#n3`bP7zt`+l2x>_H}85lo8!q4I?tv*PH
zOr({EguOY(sKde;?dduP#5tBTa8b5$$f$#i6LoD+1FR#Y9}73ezR6~!^&{<vv9!wA
z_tA;838bY;d|aAs;#!V?XE-d@^^3&!FJhG>eHZp9(k`O3OSH1{_+Lot9gg3gL{|X1
z{z>SlE-OK&yr}tpXm+yB9VS~BIxBmT-h5Waf5<3-jObkqKK=tM29_-_vJVD<rS^(_
z8iP(}7}goQ{f`EJuXTPVIhjZ+aUh3m`y$Y`fOfY{Uy<Jj=SAasG=ksvlC_<vjO|G4
z{<AjjQhjy<>jE}&Qs3B(w!X0>Bk35-H!s8Hn|v*Me4@=-me2o?vF#OYADPPH1J?11
zbq=L{`)Z`6y&7R>iE?Un8aut+8Oc+T1sWn~@-;-XQ3&!fA@2uTy~pN@D|O!@(T;<5
z_N(^33tIeO(f>0sp1ms0Lk(>oiwVbN7J#k_bcJ>@7Z_z$fwmd6*IQ(|u89hzI&A^n
z*sI#v0p-&HEWKasUAVUBnJ>^+3h6rt+78gZ$7!E5Dz#F#Auif0<yhFeuSM7zqQBz*
z(Dps>bx-I2pWJ)%M-u5Z9WmKt6BCmW6J%uEwl_`Mrkb{?rWzWg1SvtZp+RU=5M-83
zkdbXcP{b6Ob`xumP4wQ}n@u*^gat(qWRvg2KEL;K&iQ;k=kqVU_1pT=O5W#ro^w9u
z?{l8>oaY$x0IhL3NE<-fb+g$CLN+@AU;n|I`np*UYXFu#YRrdh{s&ezD%wS0UBEhl
z-6~<dz%u?OeD<{Vr}Dii^shqG`N@UanoI60%>R}6-x7UA$V~kn^tW-dUYH3iIBwp%
z<^c<go7b&kU<DSe0$9EUs|A*4!J2^80=rLS%<ew`n|XV;dZw^3mN5<4`$8Q1KaaOe
zVG?P(Pwh4U`q7^|$DOW2n*W8}>U#>E!&Mmj)$<Jnis(8(H-LR@7ty^T(Vc0g>jzyf
zbO|r*n_rRWsth{PYbL(O^}(N!yq7D4UUMBQG>d<JH1-Qv!z$Uiq$KBJO-{Y`L#4J-
zliVQqS|fa(@!ik)L{+eSt3>+uDg6#D-*rr%qIsu@(lI77nNMCt3_fz6N8R>YEZz#_
z<)UwYjcgOkT;!Q;!e6+(hfMX7m4o^Gjos|c0N=qCPId{;R?GTMd==o!AKR^NC%%u@
zI`Z9W;bZ<5;OoJ-Ii9uCT2Wu?S$)yC%KAR~drC;%toN;rthR%UqL%$!EY2NDLED9X
z`y1;VA=v=v)}Pe~Kx<zMc*~K`D|$Yj)1||aB9`41>}PTfV)^xfXX+i~rzo?Wb9f%I
zu2<~-8+hyA#T-2A8Hu;XV_~N8mVZow((r-(%!<;=kk*K_MS9wm`u?^SY1=>GeN!L*
zz``F0JzNp{KVTUXyLp|P)`!iKzG1!tLGwl!eB;R>?yv9A{{NBMpZQ}Qi}?uotgzmR
zk@uPJINt#*0B`w+yVa`L&OHC<c795A&<t4(A8{Ki{bA=nzy^Tz#&(`@zuVaX+y6jT
z!KB%Dd<Izlq&UA6m_Ii`83uN?gk=HC{A9QKxrF5dOZ`;nH40yUN`Pg5Dtr<x>%TW%
z50TBrTs>$rKHIG}>V4!YKBouyy5ElU!KvNqX+l1G{{z_c)NaciZChWz&Pg}hL-PK$
zTa8NfI|FRb=lHJJ?r{Fq&6kY%e;o&X=HI*3g4p6|9PVhE74_H#S*>60RuA%6`@Z+z
zaZ-<G{{NtDQg^E#i|-;k;4rXCC8QQR`KotH=OFq>C}bgh^`8~4pJx0ZL8*=lsmo`L
zXXLrly5r1UYDNk%Ug*1OAg|sNQeU=>X}S?*3}j}H0Bwdhq@E@E$939iu)^2iUZhtb
zy_CvEet6nt_jkD%(*KzK3v^As5Wf#7`tB4kB|c=*L6VM7P<AGU)UbqQ0NdjWnQS(>
zz{Y`D=Qei#8*;m$$2?8z>K&_M@jbtEw%BPo$g3V>aS4m9xXREEJeTVZD9a=p5c7Wr
zPu-{dtlf7~OlA1KTN#+YEy<hWbGh%pRSEX>kJk;0f0c*+vR_C|x2}CGa<ir&e`sC%
z`ZOQE7Vvjt{hMw7%;JB8E)#RSXV!dPbIgaeKlmrXZ?b=$fc-zol-nQJo@8@B$vuIu
zFEVcs*qB5|ZC4H~72lFA`iY^7>$mb3XmPaXi8ZwaJjFk;>#zZu|EPTEvxibVk9${|
z;~f^Ijp^|Y%dBhFm>!2?0y3ukA=BKhoS2}rq3p74b1tw}U^Nn!eIl=)atSK{mY*WV
zsK82rH32J=uqt5T6eC}nFYAG2q=wW$Y(4}>y3M`p{0Fl9X(4VaR=EB!0;~mCt)k4b
zzXeooUMKt~B`E#i)7BlP{{frSFpI3q40c9a3R>SBQ5I{yR~f|2{tMax&>HsWa{b;+
zJJK4^R$EMRT;FY}ly4cZ_+Q{3{EGa{{+W;VIUuCl_eo|Bu<irCnoOo|qD<`vh188S
zH+h#!HtnLcRxh_xc=wMpokF#Gxn7r#ymz7vx)s`+m0Eo`FPGO3%Bvdm+YSz~`=`Dm
zmz(@cd0x;-(#(gOlo#=Kfp;=p@OoqCW%f4k=6xfi-WVs!$rSfS?-q~Ys?{iHQ-6s1
zI5ebQ!}gIHZ7b1!BTo8$DpNjaCo)3nk7)cqTk2e<i1YW<fp_v-g7>a{<Lv?ORAxxM
zp31n%h4&z5-U;v)e@F1H+&A9rlc7%?9#S77-eX;O3!HhY!0SIk@Xpyc-cIl~eOK^)
zylkI%N5MONWJrCActb9{#dcom-|44dyzU=TFQ@)}@afk6y;|<yWM3-={WgpT=F|N7
zQs;Hv{C2eG6X$ilQ}grgfXsT#M@N#(XJeE3#a?7iLS~s?lylSne>rJg2^L`eKR}f8
zr2qeNYU@<$k9hl~OIRi_Uv`L}=?N?km>-xHpNiJ|VqmGj9(9=;<?{$lP6K$Fv(36h
zE3hVDTAUox=evN_{wO4$+s|gJ+3e=8IsrKY{{=aDr=tE(4XH!1$?0{I(*QZW|DST$
z{XfVlJuPIq=SBB(MuBG^6;eNP-aj+5zMR2^w2`<op)bu#+Y=W|n~Ylo0`HHUchxk1
z7n}z9$oEFk=F)gI9f~mfFK92xxLbdBgtb4gbAie4le7XWmoVy!UBGH{Lb@;d7K%|W
z^p!rO4I@oH2O0(z&N27nJ-|kR$@b?NU?ad%B+MV+@?`(`EMWfcoAbyA)^Kcy*~}DS
z+bIFoeXNiNjGcb~>jL(5z3eM>J5ht6x4r?u_J2q#$qn)Q0sNcK)||VT{Tu1qkS?FU
z4+1OyLCAJ~#l9bD6-d+KMbVg@0apD3V>}o-dZp~+e}VQ3?NM^)p?<(K+glCPC(A)M
z3OXZRF3+<T_&D$)8^68<#s>Th(>ZY$c<R1k?i0PhBEZsh`Df_1h+(8<Vw^t~o84&B
zY<tii$m;(A-wXH-T%@f_?2?Y@0VFY(63;kzl;Z`@$Hg)6q|Z-K3N)Tq_Rd3VW(j!e
z!9(X~zK3)k?X814gQYc&=o>)at<m4KclvFh9|1kR`{cX8Mt_BseiZacd4j%Z@ARn)
zuz%9%kK8+b0qCnW`oz7{*MPoVqkp$(uk;<DAJFJu-aGvu=%+RMhxSfC1N!U}1pQ5W
zr_TvuJcFLS^LBxa{wgbd1?ZbWzmnCzjs8k2eGBM&PZ0g#NE^MWKd|?2K|c*$_;u1d
z5{qK7t^C++Y>~XwLiES4-_2rl`$7w2IfuE(?Hq>2PzB^=XN6c?6W?764Ido(o~;yj
zM4#2zy-J#ATfy@w%0PBp-=>AazO$B1wNytvNN<Bo_IBO{3oU*<^h%`R%tK`u1N{{A
zXNo)RTe48tta7(d@OjMv=tk+hpT%1T*%<V$)0sZE&~$Di-a7HzVbYodeEfs7{wTgy
z`3_rXZNCk+@eh*rqqq&jrxsf2ua@ZpH2y(f{=JYoMf7hJ+TQ(;Y@h=+8>pD0CLv?)
z(PH2FY@t=JZ<C#uh$j=>>dv`$^Ej(_6-sqseUp~k{AjHy1J4-NY<gqZcSRwqbCOj9
z{3Xa@@7rGNAZvwL7Of?n;MuOpD&n#fv99D`%Bjx}skgi7Qx<>f%Uup6*!$;@weyD|
z^*J|tx#hm}Ph1WRsUx%VU&zbBnzw-pi&5jL=6ZG|tw%^}L>jY%(R%=v%;by~(-Aq{
zg<MLw5q-dWN}TJRN!pVXV`-d$F3aMxdFI(W3KzeGi6`j*A)U)kh_edT<#s}DRv@I#
z`wDW&7r{X+Ys+cK&6pQb|1Y+90RNcnUP^E=^v(Gp^$=%Uo>i9D&6Y=Ft`)Mnf+6;v
zkm9+`?R&lD&Q-?x!Z2i1E)4Nli&rt-@mz8sBAtB_X}+S6`k+VCo4jXw*lfq=yba=}
zE3^MD!FsYNWI8j;1=eK2g1{Pq2~#+$lX74Uz%Frn%W%?fs+1KjmBQj*L00FIkot<-
zxSO17lJ$gJV~O%kL0;z4kZIqMRFa_7oMGOJW&oQmGwj+d9yPG3GGSLW>C6?9&Rk>o
ztY-@USMX&>@@al*0G7T=?Ekd6n7zRyz3Woz`LXs3#dHsVr>-Q#;|V<*h~X_)2y>{7
z!nA<rQkMf+((SvEPs>uFOKb^<b#VoImvcS)m$ywAbp4>aj%;feJC?_)6TIf86VQ5*
zxfJ!gEX41{uMAk%+XdG3wiNVT%R~HqouYt!j(^-d$FuiF!PB`S#QcO95Bs(Y^>eH)
zq&K3C{Uq~vmv1uJ=RLo03y@FprXVk{O33^CwEr)8)R(rOj{SwDuMPm4S!F)I83i^C
z>{tn#1U47EvX7*1S%Q)a%)u8;3K+r9C38XB1X|5cd>N~?rH1`qq}%-#%<n_7{Xb|&
zKx^{<0v23tj5%80yMWcM;d-jJm!x@aC-CB{oPD0Ek+$;;erDmj>r~_HaJ6w@m?QEV
z2i@<8?z&U0_qN()$5U#{KG6HthSVddEgw2HmbQGvtu3iO{iRsn@V&Jp@9<MK8+aUj
zBinByy?-sYefXA1-*J`MC#xKE85JS+W{vM8iO!=>N^E^;ET#A$SR0s)_D8eo{GK=D
z-;B9EZ#mXG<dqlG+PTin?StQcge+fW$SrQUW$rk4)_b{wkhKT0z8;%D%Hy;7qol7$
zP&zIMnPR=?0IR<|#QhNEb645_aiiV;k@{*icn3E+zvn#{X=7)G_<Mi17Fc!UmGZcu
zJ{SajE7d=na|>dLEB3J4+XgJ&EaX*Q98&3w%lCmb{~9@aR^EQl*Mh#9=wB&t@F&#Y
zoMJZcDWXTaoIvIM$0^RSV$8Nkmo=ORdSUkel?h74xgqryb{^y?(-vcA{wy(eXe@R>
zX41vn*6s81?<x^SH(L95BE7x}a}$l7b*DJ))4DDDH0n1~;HzAZIgzbVGN1HL>}MuM
z_D(Fdb#58<pBIJH1L!-ibNNp5d^6%U-;m9@5%Q{PLM&E_Z^<dPJzXsKDX3fnkTVE5
zH_$g77*n}EcPkf--SkzMuTe+eq!_KIo$L^2urp3lf49duc(RjWjQM{;R^JBEj(41F
zYDeb(Dbn9$bN<P(=uo@d<_hNj33-#3gw+2i4rO<?W8CL9k+Jc32K19lL+U@oy<Il8
zycc@4LFGLwP9I;){tx=ex)8q~U6$s*T->u51>SvQNRJ!t-p;j-?M$*WS7Uv;KE!?c
zSF(C!cs}qP2fP$`o&#PDyubl(1Riw2+kuxj;61?09Pk0)6%P0q@G1v<8hDKZ?k|Ua
z?SN+kZ*af^z?&TKa^NivcrEZY2fP`0hXrT;|G>L|Yj*>g{s*jeOGrIQU~K<S{I&M=
zg`IyREpR#a0rS0bl10anTnBPD$?6W%D|)~?4qn=O`0hW+xSNLmZxUmQ=9Ll9<y;Zs
zzTR6-nmtaar^+=(d*&L{C*<6~<|k`e7aQiHTsdwPk2h5T-VyN9`!Bx3B;H1DLzh;v
zM$PWt3Z5#A9g6GjQ%{uiCOrtQr`S-nm>)<#c>Gs})Z2;YjT5bR_l>*GXWQ>Ovo-ci
ztOpwZ6Z_5|1b>glf8D<GH-TT-DEOD{JAXg;OEvz(zQXsf#r&r6e|*Bee?RyqHU8)K
zoxchEflY${j(z9v2Y;)^zi!|8eHGC6H2!11!uNwew_fn8dHeqT;BVCUL;KF(5B{*m
zfB(Mo`_4*GGOrT+m+m`%5d5_o|7l<0`@!F*@z2>eezHmSgFm++q`t;{oQ`+aXUEL?
ztj9&49g8#O^_H^}l=f?lGg>zP1M9lhe3rc(SkJW~(|PCsu)&M$^FQfU<4DVF45<yy
zwr1uvDwnm=#W|bw?moy0UMqZ>ypG>)jl<!YaSy}6%HFgN{b?k`-e^|N5_TqW-?0;E
z+qZ=D*v2gWC$LEu`Y_VkBznTe*YWjI+sjqr?=-L$U@^X@R^}EDc7=;^jortoOi-$!
ze?35%n)h_`rA^f;`3!{0)&{<@8~=A@3()r?kDWJ#*j+EH&8$)~ndvT@DBK$9XKIIn
za}t#7<`BOxy-?gw-o@?q<w&bQ+NYvF8g|mlBs-~eFFx~p>F15o&u8d9!qk_0AlG+u
zNG+P}4&u}HSVfj?Iol`9KvvQ%*q7>KhTpO~Q>15{i|<2viJs0cBCQs>Spm|g+s*#b
zrNE{njK)kAut{KBobDr>B~|L#($De(N}g3xf})U*KrdwG+!Ko7&hJJiU2BaEM87C;
z0wKN*f3wd^P)3oTOI$bWere35>p2Ei1HQ-!r}xi0k#E<%A+<WTIAo478Vl1(Jqz8=
zp=a@{&Zt8Fcs!)XaAEO}fz5qf^qEp4wqP;vg2#pa4h3?p@I$Ty-t=Zj-7)(ek}Xc>
zr)>TMzwhyo>3zlRz$V`csi&CkYFoy@AD!PwoCI(GV<C1XO66p?jxt&Nl}yZ{jArh7
z=(otTQuO=FSg$W<w;h&=zMl`8ZEuIv6GgdL{1af+Jt6%rp40snbl?s0d`EkSCh$#y
z?*_-a=VQ{{bI->P8`UxGUc(^d<Znk^OXG12Sk(^ky$W9sr-1bVd%^W=%Df&v;Bq#_
z-hVtF>*4Q0>a?O*?_x}P^u~D0GW&@4AHkdSd`R7t=u(c>WK%iTCOVgc?SCPw;3Z*8
zUy;@sx0d?`jsdTFN%#hy1su&tzJb$3KM>;aA?-19ZT7eu9qT{~R8PdlSuwR~`32aI
z{xPIJ<#4ys5>MdA_Sksb&d2&c<jj3Fq$Wshx*eF`f(-ym1$MH8jRGs*ZKj(9RwiLo
zN4{$8XMnL7Qdb&r@-u)p?-utq7Mkut>v8g_-v>cA_7?ZwFns!jKYu}-G24j8QM9$J
z0etxwL(Oje&=RM-W|n?909g(1hSaZH=LBX2)h^z8yw;A$;{RQU{pkD9kDTMgS#8P3
zIjV<6{4MNK$SV6H6k|+X?~${`+3$d?>M#F0<=O*TIdNfiTWqp+ILca@R!e7Gc^5&S
zj1RN7qb>8?+p@8o#lHk?RYF+(z)knI%rzkw-J8X~gsi0GusY;6U-WoQvYvLCFKAtw
zhOCYQ!u(9#eO<EOZ4_%z{>7-z1H<Z)+18-HIG=^ofw%P)afY~1i*>Y%rL`h0?`-=%
zhUTmSq}79u#diPIcdh3n%cZ)PgGiq5g0GR+A*z!OlE0DPf%L8YuI(&&qojpV=nq{#
z6Z60*_(!lW?j-)xWPZaBeyPL#`?)pP&kpjtM!sW@VtcAZ(z!z(rEeB;Q(}`#b6E}e
zdanzyILN-wkJyW?{~AXdFuQLEIgQvqX0Z3uj!1B8Z|@@>TZ6OnZ}3-QuXQQKM+hAe
zi;qB=OXx=CHyGT2@?h`sS-dFE-sL^&@~%!P?SI-J&yRlfGRb@XNLxLb*DKE}wu&kQ
zf#-LQu=mb5NBmM}AyJp5P@!@bT!Qr?98y20avr<aa(>{PMW=H)d;dG-r2Wn~%31ki
ztcNUCXO^>lq}9B(^}6}Dc|`orOR=B)DRegKgXhI2^W<4%(tO$inIqVjc@l)o+4YoY
zyvs*3`!{5D+!s<C=$!6&yDaLEhNxfJD;s^0#ha{6P=-50YA=oTBlYhz&KS2+c;Zay
zh9HmMR1Ut3;Sh^C<vZFw)}?;&XQw%x^6r3)`d^0BNs{r(;g08<y_WM$;u{8E?yo|s
zN_<Zp?l?caY?+^!|Mz9sKZB3nG4S1gxMe;+PhLvdIa>kf(;p70o2k7vA0ErNf6;B+
z)4bLKdF|K-u=mQZINW_+3pl^cHVFQa--lQXHs5N!{F*PtM&kpx|MU##ll~e~e@OKA
zI+owMkKXQf?nq;z<Z{gK;~_Pj-YmPxQJ!r~oa6RpnYf?P37Jik{BF7L*28UUpyw|8
zx;G4-o=*kOmc8@PAJU^5uE2bj7FPSkTJPZpN<5&zLc_6$^nz~Cj)L|np;vmJjMLAz
z`jOTHT_(lB79tr!zHri;l{$Ry*TVeGQ#U>49=jgH?jwLVeQucf4mtJtCoJzw)_}en
z^is@myUqE2b6&*P1-{&`hnY{bt!`IJN{MvCE+F!&o)c#A^L+<@$7<(pH1-9Fwhm4Q
zWYlMSAR`NTv-_a`_;w6^)_bj+P9I?VE7bQvVYP(hJ^Jlg<|%JdoWn%L_J5GkdT`j}
zgE|1L1(+PGViZ{Up<y0Rp-kKn5_aNgq}3ozyWdUyGIb;7KVYT0UV1j@7tjyY#K`<#
zK{I}Mn7?zS@H5gNu%2&*9qvR`==YeIKRW1oL6>WzTO-YNMW(w?o#5FH9{KLsc9EZa
zmu&!8OJ-PoM)K1d1(yGvF!M`@VXk@DZLXoYvKO)n&~BaVK6$1&{=z&XR*-kT+?D3(
zbLBMnJJ3F4)AP;AwCe8F@?=l>Wp7GQCO|((^q(E(nxE+@C~>QT-G2vvLwZ<!o%o}N
zS@Ubu@>`IWd7*V5&;{PUL&9ns^Rac$+k1umTS=cE2Y)8|5!uFkcO53q%+J(g$@=OO
zlmOD%x_6V7elAOA@xPEhhV;LXF0tt_r*)Y0CDTGoeQFSV?dY55i1yy%xtdL)rA+cX
z?cW8Ojg$I(D|p(_M|LxP<1lgl-N^h8wSJU!73QC+uzH7EtO`rq^^LRma@Rsu70URI
z+dka#j@B;6nDoZ{)CYN4=ZDqpF_vwv+goo!p8sl$w<E*qNQ~usdY1Chp0yJ4g4JPl
zlqRO7d*A<m?6~pK>}-=JI~%o4ALNf89ag(zv$xzi+dYO<C|1Sa53Bdbc5ia4n=Gow
za>&Zr5N7YaI_f2syD}fTZ1@_5uHFrKCC7x_?lN1ybJ1*er76goJQn>qw(s0HTU@a~
zLxPfboOvxO1C|R+JD;UFr5accum`MjvF*I3)piO)GP}WFadOynXJIF>a$wq7XC?lI
zft3MU7292u9LM2Mm=*}m(ogcP!TNJrSY76JcgY;P<{+1*<?r7>*7o^fbz^L@f^M>C
z&L4!VJ%wTQ5wX5H>T*A^>vHTpj%!iB3&YH}bC$i+-A;Qa8t28}&nXJ4A2^S5YoEH#
zabLoRIir=|eI@zbkiWAetd`TfwD)&q|8JIQBxrqCmfe534)ROGYKG`bEdCj=;!DHo
zNp54<az=2F%Ul>1b88Lc<=0_Nc6*P+B5&m^@>u_eylj;D3Q=ZS&%(gkfc;&JGqg7?
zffosL8o&Pon$qQAQ%tm^#sp;$*h-;4(YZhdu=JH-9-DhH9bEDAu{_`b;Otx=n3j2t
z2p~uQUL<JBLDL}7u+y{5r8*6}{{Wiam0@%Ib70#gjP#{0U_HQUV;Uo#7Uv;dxy)tg
zc<*yrubDmK`UIuxj4=1l*Y>yEpU!)r6pXJi&d^)g`49LyR)^L19M7j)C0}08^9~2p
z%qN@0qk){@nlO8F(sfKv*vB-BM+4sUGsFB{NH^YFoq5x5fIj^dcv<{U@OBnCzhk2y
zZ5ZqI(@Av4{Oitpc8gB%k;}v7<RsoA^6NV>tS%?p*y~@P-S_g!W0docQO?u;yTr*m
zpzs*Q^BkjFdyG<ijQ`@a;(2MMi_!x0o6>NMvYsX4zY7_%_!wmg`&Yz2--7k;$}oSk
z&wYP)hSUCz#iIp(>q6)EH<>*e>6IJ9Ja(r0T)oCDegT`SiGOMf`5%5Ye)j%d6ZkiY
zeH<%aCDW|~_;n1j`yrd|UivPc>uOW-+-C1Pijdz1`L&S$H(fq|`H%U(AT6&RbDo=i
zYF-DHyG)^#EFJ-5RX2oroV#+1U7<uP8IKK4?UHjN=G#K&c46oLNN<L`YmIs}<dsP_
zptXjbg66y?@P)xA$A)PKHrQa+ceVi=u+a4Z>j!p#RE}XG@1KfdJ)gTx+Gnn}-bYK_
ziv80yVKpFRF@I!W{lLDk%W9SQP5W1^9V@^)aDCVokA+$~328OghSjI2pRE3x{e6?w
zMq`mg^1m(s&op?hrhVapuf<~jbiQj@m{#hj-(irG4Wnx-y>}c|ucWfg`I^|D@)N1E
z#6rsSEzmWC?r_>Ce|CVI{dR%nSz)FNB;ADd@rJPKXLo`Qh~-<>y4@S4F<lOM1x;af
zg3A2L0q*vKo9y-inwQ(bKLP$6D$f%!m1l!nd9=P+(VU<pHHS@pnzg`uz~<_GVuc>_
zutm_*JL4uD&pa=kXP%dsQpei^{KeqEZuWU?gPEU?nWUSs-Zcw-#X5HNm<whbBisLg
zZ#(!d7vD(pL>aKmo5SjW{*BO^soT_~B~jbgAw7(A_KxjYd$mhB#^I9RYwo|9-ir^j
zID$MsiYv?eX^zM*aAR2A#rm_~(offzhAz=}-Aw+MVf8|y|7?!cc4UfeMdM|d^1n6A
z?!5Y<bBsF#R~Q4B&9|Uy1|7TGu)`|%DqA^nZoz&A^z03!d#&`FP4rZb3eXp~h;nRp
zFGmyTIzdNot@+Ng%Duu?j_tS5`{9Cq!R++ZkH>GJ_Y%2&?K^yq>l#>RUIOQ9cTTcy
z#rhBat62S~8Q)=CD`fl7ouJzTx+g?G+e<&X!_B@)c_y_aC?&UZo1OXlF46T`7XKJ@
zRiMk%`}WzoEuaKx)ku@?WmgJ%O`oT=r4CpnuzQ^MRc0egyj?M;HtB_ooj(byVOk8m
z-;6V_9^P#U(w?2ly$AFa_lCKT6Caao472;+x1qj~_DG!d+bLS3(YjRjT+q(_d00Kf
z*$2f`_V`45*_r<bWK8}ltg=gvi`jU68{>5s+y5Y~{{hIC=FBc&VPL;B%HFBRe?wZ;
zgJC@uAz{P7DlOO^U=_gR`|&ft%7K~Uzuk`c>_KxIW&!JYFl>6ibO5|Lz$o^wZ(XYC
zUR15N*%bU$;BS0T=m7$&2i5{ii#tqv{1#x{zYVLSj(es?`TpY%;vDq$#yAwf3Ktr8
zohBeZ8+qPq@<TS>x@?X!AJWno%e({o>4(DV+Sp>m&z~(ud<|rEKO9zfIQM&7%$r|2
z8cBFv^+Hy~@BTM+Me@^I6O_^C!|Kr9<!62s`Sp-r@j}=h)5I=+o{RjzZ1P7SfAIIv
zf%h)I&_(`=+2rT{82W2}Sp9tO@{7KT{C3DseaXSz8+-jMn@#>S<afL*=AhZ-FZe3*
z%kQN3B*W?_dzT;lD)M_FfAEi(Kdj@@F8_?LB0v2n(9Z||cjd2#{EXfIoAR^wm?3{K
z6jt9=%yV6(P-#b`sgAAxZJ>W7Y>vfK$@IOKv?Y-F|AVe799Dlsbd_oT<!Suw?PB09
zz#|5~rY}nOR5Lx->e>Wf2O7bbHx$<I@=_jcz%m~dXA0aEg71HU7h7oifcYF~M}SvY
zXeWT}dBjfZ`)Ptw3)&MT+Vr3D`moaG0&lX=27&cB&{hC%2ko&EZ7r}i2ij)f9YdmC
z1#JhgdI#F=lpko9OSA*PDjaCXfRBUrG>LW!Sipfc^=H^$TjXW}%W|O22c8o#%Pj$x
z<Um^mJP<M0Sv|0chwZejz{@POUBJQ?TH5#Q1YQl=^9VmLE%Qp@W3I)J9sL<!Z&{rN
zDJq9KeFo|6;I9(=8!hP>cg@aUfb;?IpU?SoH*&2(Pp=UC3psyoy_8Ph)qwPA?OVlI
z3gE{!;C<lR>Nq#lN>jsS9@`wC@Uw;y$QXre?JX(mURdl2N~{w|u4kQfs>x;X*xR9R
zKPvVbF8i6w987vtmMZXOM*n+d*$#PQkIrtJzTBZKROgf6t%{oKoMa~5ouCwK3-h>h
zvh9Q_T&wQ)E&dLQi2nxOQpo&))Mv|qO*|InaSI@CmFVBKck}#Z+9qIQj|m&zJbuTB
zy+;Rp5AffM@08}$=d@{*^xA&V^*tF@@3PaamFC`Bc^;nzPtLE+V~XP0`0v4dit=6Q
zcGhC?C-AxY6VM9@j<z>;@0G?}1M*7$b67pfEiZEnckh!fd3DB}<(yMz9J`BIhkR;L
zkJ)rS@I1CLj%RP?^Z4y9d4(mvkb-*?l;)AJS{~b({Cu}_blT%JLsrL|VHWFF?D1A<
z`_nF@jUjE3t$jC`Y!CQP34^xkEn!2Or^Q~a&~1IxU#39Q_ZGKr>T7+jHQrfnnf5dF
z+w2bXm-mgccABROfHm)N_<rk|i<1f|#!e$-jK3E)-B)e{Huj$RT(BG1sDv^9Phi!k
z|0U#S{l%Bg?b^AYsS#dvIY95+kLyjHkU94~zGnM2{U_dB-|I~EO=Sp!K5sOv_E6t?
z)};)s<}xgDDMPC$L)Oo+UXF#?Tg$%tzqFL0&Qu2K-({e$MgM3azxd5AW$5vl$`Eil
z80qmD{X646=v%0Z$71uPxXW$tOMPw{Wz0cep|`($$LeJ??ETx!_I_G7I*@<;2VwQF
zRLA^n_kFH)@$KyqXZ#cNJ)ej5yKn4X^Zf}*5LkV(OCDq9dEvxlmpBF<asL_e>f(m<
ze#+KAV70(bpkVb*z6)j>!h!qEV(?}9ALR9=4l&<At*r)tHS9m6Zg!hX&3T;b_Wm4;
z$JPn`(m$krNWv+WZYwkEuX6gA-A4g^?EypTzufE^mNg^W#VMT@1{VJb@-hz|V*Y`~
z-UUP1$2TuE(%yx|V*`Dz6Md31{S@c}PV}kH^jW{a`tC&Uccw1`eWerqTsu9DjV937
zg8u6s3%!VqMiF!6a|degUhq^LGNk_8t<EiedQC32B+`9+zeIa~Ye-#W^)aAcqq#_*
zXmODi{Vo9B{=<gUJhyU~&tngDDF%=K0a?9SL+WY5_((cJC$RA&hSXD%V*Aedj(7fO
zzg+E<FrRkJ%>U(A&~Lv#qy{Db;S6B)Cl9GNI)9sW{!5<C=dK#EwjDF19=Kmj<MZE1
zF7-rfP7tyx6NZ>g()ZctPV>D@clxzU;W|Y;!FI^ZIcbQ!x9khK$h6e;lP)sJ2tj&F
zMHlu*rw(yl+j6FMvDA-9muLp<C}^3D+u`ib@OCy&iahGGxc?3r#itGFx&)2IF<?Pp
zFA5!n$F|ZRboM+gtvS?A{s+*X7YwN_ZoZM`{(Oa-PRHV(Kvq)W5PwVDdZxJC`Am_{
zC)&Ul03XEyq`T>ce&$`{(N=$Y8J_EG=NZsE4vDcd3OVV;L;QVHOP!kavv1h<k*sQ|
zi|gUUPZu%97sw#n|2&BKWAPAw7hSYPIk1e9A+=pvqiTS4FLSM1>v+0ow(-;pSres0
zYC~*3tgGG5s%iadgRDvPJ+giIy#I9S`_{9x+S%?UjYD1|`kX>z>E$Wsv1GCJM_dZn
zDtrg?A4*VamJG2oD&I|xGOhJ@{cQJ8njvox?ZfV&ESriq=6#!=lH)xT+Cvs}V}FV^
z(9ZHt7kk_?;FG{*Kb7ik-d?8nj|9K$JKPFv9GDyfs>?xMuaNg`2^$2Kw0uZCO2Wo~
zl`S{(PIZ(2qnS79VbrgMHv?Gja-)1K{`te?pE$(#Y1T1aXjD<=0%J_Gc+B7%1z(}y
zGxYguO!r+{LFX$QGTnFS0;T|yeSvy`%|PCF<nITT4m$1Zj%-l1z_L(J>@E0vKV|*q
zJaImkA@b|e(r-1VGk+_j_amKz`Zj-R>nEmrot`eIYn^)C)jWdzBFg*^qwZ{W8&A}%
zX0Z3qz!$)G-KoSfZ+PmRx;=gC1myHW&dWj$7J{AZQ-j<llKLptd!!$z7=MT_3wY_O
zA@wHO8+q7+0^Z|2>?#%WIS(SeZ_SW;8%v-4eF@Ky_P~Va63Yt{^F1y~KfC{jJSNT(
z{fC!*f!4SBk(PP(ki(l&*O`1$CqP#Wy2qX8Ow;6XPn`1u0@Tm)wqd?sH)PtM7X#b2
z&OB}_fc09iT44PatZ5s?M>fv`?Z9dzjM`@#u<FVolbww8jDEp?x4?~f`JP%MkQRTl
zeG;_ep#4E?=eZxbts7Lvg2%|;XvlO{UJ9)LT%+8SXBDtMV2_#luf;FxQk!4adaJRK
z<o7^U)_F#r?E8Ub0;Bgmm1_3=Oj-CmPFD*UK>U-S&09aj??@@!_T+m!LGfQOq{p=1
z;yFv#$up5Q_X6`b<_UTkD+ZPdY=yvRUr_<<naA7JJ4C;98t+#+*lAh&gEs^6<ajpQ
zfE5GN-kfLmpMX^XTkNI>m~~c<>aMafJ=FgM<W&!;Cpp@*B-?w1!=YTQxc>qfl@|`_
zz73VsEWl1iU3}^6H)7Q*Z+3Kfo}X6f;<s4I=6~eTyTMo!Xzm&VHVjOAr;qupim}7q
za_&h`rjUNUTMVACIR;ZhT-r$T{Is#;MM%N?;%p>M=Hnl-vulU+Ga|Mg0V@NxR4>nF
zy*zCFLwZv!UyrnQ?*i5dOgkH6@81C%1Xd&DtP*P$%@e~&^KTM!<s$xG0<-@BFWzLV
ztxRuu66@{NW?JUw47>n%Nc3IFrhbQHfUA@3@Fn0G0nd%1Oh(K<5yO6-<aaxd+fEw6
z)6~HAx>)vHXU?+c%7ln8<aIR;>Gogkefn}yKTQ7tP3M*&)0^K(zsC9kzC$G}1K2dM
z{Uj_G*i@rg?+60(Uq7V!B&-}*DzKo0)d0)iVxBh|f#q4SHek6DMs?dQ<h7b&ObOo|
z)XNs#cgL_}QGWGUm+!&PzQp(AEp4(^Y7-v+p2~Lv?`OU%IQ>FVZ}c5If6dn)_V&!n
z@5S5a2h*O)>DWHN;z&OQeFAgv^JKTa>%CZX`2rV{ao`M>`)lmJ5%NjDWJrCJ?7~Hk
z`B>MxBDZ)EbT+h;<kbzam}$Pmn96;b%NbC>;~1QiJ&VEWI(s|j|9Wnd@;$p}FLiyG
zV_lQxSqnMC7?X5H;k!<jW4X)xUCY^CA?0CRlKH;6A2P=_W33~Zr|gNP9#Y-*Vvg|_
zQ9m@tbv%v!h_UuveJoe$_m+#1R?;Zy=e2j^h2QVDG{0Zc3u{1Ak1@mEM0rJ{@mwIe
z=dph8dnQ2%UoX~GM#E>*rQ)1D3+ZFmi!l#;g`O(LKhh_Wo-2=kV5v8l=Z+d+NjI4F
zyhdO?iH_NSfhoYQw$Ht`dj{<M6ZEB^e?c+N4O+aI>n-tONH>`V&jfgGHSq|BGo`bL
z1?F=JcK_vB>_;#^oh5i{M1@jXDbkvdRw~lgN$XM#(t440tVr7+*1RU*;Vp(fO>Nf>
zY!KLTdmZRcp_1;`2RdKVkh9;qe&>Ymza~JN58Cq_XfKquuCi^8wSO=4>n5R#vHr21
zebow~e+QA?iu4Da%Fu2Iqx!1_?c5uOxX%UieO(R>wL}kMOyj=|G?k#qw#@aSJui})
zlV*|~mgZ&kHv$<YTZhz(?Dco9Tz|@M5|p;BV$HtDT=q+}qVL)rV)uVQJH6Gp9+>|#
z($jA;)>UfrN?>z=9WHpz5%E&%f#(3%-UnVQ@K)e?z`rN(YJqnHFR|dv{}*`GP3C>l
zFtAEsiv_Kxn1Aa8@OI!@EZMD|1^Xu~Hs&esnz+=&B=H{oa|y~Q_BQ!m7uu&hpq-bR
z;OBdgV$e_AI;1wrvX@Hqml(3^o+JPGz0)dUymf)T_4XltFNxLrwYr~6AJVoX?N@Gh
zYA4NSgcUC5o|9e?|6m8&>nG6r+~oC{<po{*1p2(ZA67zM+g(HI8FJb2|3Y2s<#f%U
z8wA~RI-O^=MCj3CGWUS4s(nbk#h|O#MA2R|jPzlopAnml)!9b_RMbuxI}?;WcMtLS
zMAmV=O`0$i@g6hi^B<3mp32$)`Vr9Y7u)%=+g_Z-8XthHj-Da4%r@Tjdm`+Pvb=nd
zAExqK>_?s%QrE;}4?r`NV-r@GR_eVwF0CB<u0?63ZlRT#9#aYVb-hFUPX69)S8YzR
zDrx*f&M4%#oW<Mh$#I^v_P7huI^z~0rOwT^Tn(c6x{W#Yci6A(7*cO=yIW~F$4z(h
zArNOu6DV^%`r;!8(mk6uT>LZ4`^(ZfF6UIqTxI}eocqL(dI#yWCppTrm2>GV=gsWC
zEoAmQ!|m9<qq)q*V%=u<ZIRyjJ8n1h9r}jdcVV%+zCd$h)$`cTJny{j>TB(M9#g&*
zv~{3mag14P|7Fb3NPT=8(%O->)!{Ds0@Gb|eOt=o|ATL`&#-F}HVtg1Z^#rcDzy*m
zTc4rVXz|{e{}0j%UKldHOIQFbAK149eT8QK2OfAqoPRIp_jap+)x5yZ7ZuOC*^Q5T
z?8Zm!z8mv@fUL${L;8EG^#1{14ZFnnzkru{6xaZ;WrUr}u}NUQelzBK0p$h8;vAgL
zvGf<nzu%BY^^*gvx8JZiTqEtNi;<T4qS+=|0W9f7LoU@rEwDUb?>Wy0mN>kgUpx2Q
zTK@hcWR1Ki_Ux>^*62F<2+~GhG@o%y0GkFTzon%79`*5(v3DoAbAc%@iT*NA=x7SJ
zkL3#bct`tKrF2v~;jks+?|0TgM))Q3KA;)c;7ev3LI<#cmyGg~-rfUj7}&kWJZOx=
zVrlHrmP;Cm%>EDF{67q_H`^4blN8y8)(_qPc^CAzL7`)bGGqeF8ywPoqNxmdz%oaM
z)M?XPti`btefV9EqpxT!$@|+7f4f6qO~7jZCe{dnwFAo;8&b~|7|kQwfHebqN*@3G
zT)0~w{-O;>Ks)iykUB!l7co8I5iN$>6w-R$9a8@weN$3D*3VCec>J^rZ1xq;n51Oy
z+Wits*y_2RpZ|il@t<PdSHydqz)BJ#>QCc%{>%i8YFQu0MZ6@wvk`Pt`$hO&b%oD!
zZ6xo2i29yKvFPL|$b+U*Wb#so^LFs<85rX4NZ$09cw??LViI2E5QmfUD@DIxF~HXS
z#o}-0X_A!&=5Ivh`y-#veW(4!YFAnz+m)zXQ=sny{Vn7pc<5iG^~11V8S%`xrGfZz
zUPOP~J*4iTd=ee`JTIErSbkOD3xjVP#R>h#h+}@Y#G4uEyE?#EJR<BG?~Z8SrM*3T
zy!`eswecY6>;E#OenjO9aeD4wF{FP#^EU-u;C0L=WH;I|Vp~7SuUcL-nf>Rb1f}AQ
zAvH`kvWG?->_5_6<E`~MO*T{)wUE>H_K<p1GWm0w>!MU-|ImJ>x+tZ&q8ofApK!ad
z@757vJK?G}eft2?8<0LH&XCK${Yz8ZPl7J*vmy0}6zW^%{KbCOdvvmS2TN^{{W8Y?
zf4EPW?~ajp%XoiFTJCe%{eRGBC=vGFfN%3iyz9J_@3C67nEu=j{sLb_y@<YNiF2RH
zh%@&Ys)sQ6>f$5nZ>gS+*6PW_A5$0a$&mbM(4{6u)GMfb2Rh3ywTuC_-V8uL$NZ2^
z{ou3Lr1NKU+)(djUh7E`u`@ko95OQf5q=lw4E|;b&5<*}i-G^qcnf~OBYf}E{{a2y
zYZ3KNiek0phqPfpb8-N5+YgMWH`?zGpC#WNX7(@87F_T?FUR6EKeclsu&zVE@6q{L
z%vusK5oc^&TE&~sJ)pn3`h9+0aVC{{9n%k4JYJ*~e<z|22>qP}nbUp08_|G1{bw4N
zGoat|-H2{GlIFa{PMaoLC;GrsHaDWKruNwUXQ>_8a}B&9H<}x=$HUhc%CGMH_t{yU
z@2)>f^Rvc_3A*1jK@%%myYv5ux=W96+q}qEv(3}Kpd9HF--xJdXwJL%&(3>|uzBx(
zvRiyD;V+!=3id;&AKC9B7g!cBS$7En%LI0~z^I+dffWFouV{Vi99@^LLt3pxMl-M)
zOI{tosx5Rqz^Z`B{w)2#DlOOuunLR331H<GdCDN#Q=+5sG8b4WFzsGA{lT=X<Nz-Q
z{we{O>^!C1hi<W$x0(GDG*h4{6Ex>ab9xQZ@{f$T?S-vzyngJ|I;2Byhn!Bx`BQAZ
z&KJ7H(r4fQD(2^-BRpo0sFS(CI)QBw80DD_EF&kP?upIc>^E+H12pdHAgk~D5w*+N
zzUjToa+XD7ryD#4$D)7F76<GV`(ZleHxAy)+z5;3>XhG2mi(w4(|1E3KQ7|v6Of0r
zFw!ce`Y8sM@q-9^JHotHdE`e`OQfIAmVPeRehz@W4YE2R>rZ>VSJLNruY_cbKt@4c
zME&z#WxU{eHzgy4{nZH(wOi^Nxxng9jPQ5k#CQn;^Pd#q``t?RniRt;fae2e_x~>9
zZ(<Q%2fWsTlk67Y-N5DjStqdVzycDs9oX1O5&b-z?SFx#=127Vu5ABH`CG6_U{w~(
z7fw)GEm%6Rofa$y*d7ZO05<oB5#8^D?f-#Q0@L21V(%XVOFcQl?zAYIjXG)!Q@qXy
z_eb#*vdUoZ9|PZJ!P)!=+;>Vuzdy(3KVZ4QR!Z0ium)gDr9L_VY~VD^$!<0@vk!(_
zsN72Ck2!?#F)yO_Cb-D5*yEPE#IS1>u^gKrub?<$vd44)%Lm5%ndcetvxvSIX*o!n
zBhe26%XXlr^|2mlJ5ite(YpPsP)z>ax4Ffn75?1?5!7c9#;L5k^l^LC%N}Dx%Gw{a
z4T~e(uOmnS!$kW7Zv%dpz&&@0_6MG^B%*F29Ak<?m$Ub;fj0qXF`h60@IVj0c1Xo!
z_n(1JSa7PRG2mq-5tChE3Ro$yZ%SBF6zgS)xnE@fYX&C!i{t`p0@k3FcN5R282Cg<
z#BBcow#S0i0viWbAYo0w{7WPJyhh~H4y<IU8282e{wV2qJ;3XL?^YDkTrT!9o)@I4
zocX_le(vcJ{cfm<{tkNK-cYwFFaI#U5A?@7#4Z$jF5woOVVO6L^TIO7Xj~Ri*NHOH
zeCzR)>wcJZNbhq=Xa3koS4typv5sx;tKR5t-sSO_Ag^<Igx{mJtp$=#m*+9tQb22O
z)}JuHtca+8Fumo*-ni>A-Vk`oW4$0lyp`bXFN>(ZG}+WGz6SxH&C`JNr4I1suZgI?
zaJI*r$EwfSUz5h^IOKGm717_ilJ+P&<UI<}`v07u1lR4Imc2&;+C7yKwRSe0<Qa3V
z(5>zT4nBX>FIpfk>D&mv2Zfxx|Ixe|`1!;(O0SBj8=dda*kg%1UZUY~L)m*Ike9z9
zqAqfiXNl4MtcyG?Mt8|;khd|SzU_Qh3Gxz5^8Vm*$%p3hcF3CewA~hKlD+?nwAz-4
zdXS!0rl*CGme=Z>HbLb>+97({YJELP8o~O5G%ZFGyZ;2N7}yTyyOGxQ@)wTx7KLwO
zHDv9)2W>0Odkw$_fN5_~&{%B+R`zq~st#jS8mQG)hnZX<GYtN=dkh_l*1kGmt=B+5
zARA0*z-4b}?mItr`5215OywMa%#P-Wx`6B%>Oj0(|MzBkY`vYufBXydhg+aOcwNh6
z-BaA+wvVBCz8vy)-p$t#-~9s?8|J09n0C#e9|b-6jQciQ>1#~%RNh|D&w##%=vO<I
z*K(HWa_ATk@jw5H^%m{qC0oFu1ClL3EKKj1&x@&Tw}EHm-iYb0cptD~U`Gp#XorDK
z0-I;VLp&~yMW|h*-&>ppO$Peed(LyK_3Sz7Xetn82)>T>>=zOJUNMXR3~VQ`>x@0B
zVekA<ws(4!IHMc006Cg)vYT~6&QurXSj8^qI!VfU%l>Tyd^rz9`1#K~VJA}f-e?MG
z0i-#-*LkHR(=#poved|c>|^<(&`%zWsBbFPb;9!(*<Mr$y15TU)Ld&^4cYg-*!c~U
z4)7**i@k;WT;Mo=j(|4@yjK~0U=#WPfBzO~tq(`kf5v7%7<IcV&GtWk!+QBx#B`sb
z3|Q?G5tDyyHL#i|%(`F$uxeln1V;7R3akrQA(eX_v!(u0bC4okbC=-l1>Imzg!^0x
zY>?zVY3QpYZwy$~lfn*VYNxAp1)a@De@{?aKzHiwF{=-<+y%qLyU3;kQXQ8=Uc;~d
zJL9VhvNE4FkFQ=}8Ni;{`}jKEG`=>Q$CvU3^xfz7eSGDEZ|8H)<Esp5VWc(eWqgs(
zsnY;s{(q2>x^wU2s}FR;JHOiangQ>?Z@=33${&M%@>}QeRfe?E=l?t7s}r((yUgQj
zJFwgr&EsnTSk8;)@ihu8`$hBkngmw$;@-zs`kNRJFB#*Do&N)Ce$TFxvG)%lw*qrY
z2I&K9Uzq)#ocCq>-U;hC)m<j?$oqXnJ&fcWZI@G&*6Q7xpjNMV{|d6|2e5x|ZU^fa
zyw$B8*m>Mrs9)5_8K&5oVy(VOTC3%EVLi8-7IC)!g`D8a5%oS%uQc~G0c(6EqCOg1
zIe+R_PWr?AA0cmScZA2~lKR60@cfXuk0}2@eTNL4f^@sNz$Qb&&TVT)`OVm8Y_-qk
zfAIH&&2w`#u#zFeMuqB7Qh^PioaArdTl;*x@S(xK3)sI@mR!&b@8)(hU(xffdZuTd
z^LzKT;GY6N^?l#LJda`~eYt*?*#??0zL)y7&nwfE>H9Bs9zBlz9=@x|zBl~3yf-v%
zq;tNiaf<&Ik^PpO`PLhJZ2bpcdo;q|nseJbXWHK&WA;Drjt)n7oMJJ4C#d|x!bY@8
zyoWcB`$QzYjrRGI+5VORtQZ*i6Oc~?i*+pM^N}`)v_mEO5?~|1eoDX^qA%C!tC3dm
zXS4hUVCBG`Az*`e15MDkBW>o-M){fk3oPlih<c&87(;vJK44WN*wYzjn47g-GqZnD
z`d=gJF_N4qV2yu`=rM-b_rHVr4p^~-WdIuhcASLe0-FMMxr7CQRlXkK{%ry)2euQ~
z4H8xZEPph@;#zB1Be1SfGhG|7%)c3QRHkk!AF!ZX91!zf^yt~*XG}p>>)R1EpX#iX
z&HQ2Qp+gGuzl)z?@6moLwEeJH{(--L^e(+WA5oW*%oW1l1&j5o<fyVh{IZC3Zv8%{
zHzCdpSkf1YUn}YRA;0Fmh^lybnP;&DdH$+hF)p;+FrJy+uP${D`qxB69gyNUWCH8|
zFv8;ii?+xE*7|WoT}a=$QW}@~Wb}6)KVpFac^Ae>vlAtX_J^#tPa^6~Ql4$VD*tJm
zXR`axz$*S}w{25eKhjEF(#DV$bV-{*TE0tK`g>UKT+;H8mg$mKinO^dX*Eboa!G4O
z+RT)5S{KqL9nzTohqUo2aqi}(|D9vI+Qjug@YerR_&B(&D`htO9plY^ANu#dux8Je
z?`r3K>%iLz-rvlY?=t6nd%!#Q^RM>36X5Os{HuL$_6JxWroURgRp1?)-uHZItaXBS
z{NEUBvHA1o&K8em0<!je5#e`}EIM3+k+E?gAjW&v1a@9CVvcs*8)EUYZVfHE5zUje
zkQIciCzV*f$J4wo&-0P|FywbZ{%f(xe|%r$2WY%Oe%(jhKIwb+=~?2YSl=08W^ShM
z`aXod^^x$IdiLp9;?3OYW=tb_Wsn!ZeEbf{+Z>a;9d7d2`>!N#hWljtRzDr@+TS<X
z_m%9t1^mjF5%u51f8^8dI_pKwZxLpFl%Vu|$;XTD^X=~WU*?>D75FRv6H!Nr|K(Zu
z*W3Bo`zPR6)QEaN@!z%G>JNI6)gN>i^tGVBo7KOKzDlNN?f)_M2bg!yCfny5PsMV7
z^!V9gA@xIEEAn@_8&Z@uX0dI%1Zt$clYbKHu_wy)&LH<qVE!+_M-!sz^|ATCRJi%S
z&^+XWtk$?F)02Jco-+CAYUh$wCO5EB{@ytF(or^MGd}4l!zVIeeUB=@;$qf-ej4=0
zkd6H?$9iVx)pEh#b-T|c^b@M1yid@-5~KPVOPQ#n65!Rq&x@^&j-4&GNIPV;Bt^L&
zl_LDVfsFv$DCS|eH+iUxBcRRM&s;{@$4>&!1Fqd4+si!RXvAmxpHHFhLXPIk$l`wk
z>jtLXIZ(uWR|UKeIQ4gj_?Oncewt&w$nh^BFPt3ZcSuFu3;@eXiSm1#R{O+eV?ks7
z*r06%?FX~1$FG~`Cg%V08TNyzQQdc+*7g9fCSV^s*!s$3Ti;`5A7>W-8@%~xQGU-^
zG5S{<@J`@K63+I2z}tb#wy-{6UBI-rUPxaY7W~Yg;Bw>LcNYH!X+4*<tH;HpPh9MJ
zhC_K5OeHAI$VZEBPwQJLup2IK=kEy3ll^APCAau8?Pu=)0G?XNk$n~0fsF!_V_9tj
zR-Pu>o$t{qv`4+E-UgB0i*%YRXn$WSd`!lHhk;Z1l+_%kJZ6CJ0iG)5;r}P}Env$<
z9%r+?bgk~&kc;%JIbvM$GL&d#2+;Q<y$b2Sx5kWQw!6M0$?@!wcn8NbYNIyDn4BB6
z`>r{Ump(V0kH*CqWYrxU<u*{uxVTEv^H{ub(3T$*WpQ79DUZkNz8UL{cBk=^_b-Z9
z8kOVvn0<K9w)^n1`|scz0H1dLyjp92;NgR#rWhdYzy>v1McjV_HUjJ%r!l_NS%GEk
z4?cf-RJXlo@@9Z10soPrxa#zluuR<l@pCRuixtQGAA#ind&(rsbzXG|oD<;VAF?{N
za>?T#c=flUdi(%3{(&_~SSJ2gCHSdazIEFy`Utl@HiKqRqgmoiL-|c>G$%RJgh7*a
zh@d&#nPv(!r5eo~XPWeBtS1`H7mqs96o95%qj}evrV=#68co!hrU^94Hw4Y|&NSVi
z$<b&Yb*32vO}R#Mmov>IXqq&dEzUG^{||GrMsuk%O+IKwHJY`~G!>vpI#kdUIny+P
zCQqX|-kGKgG?g07Va_xIplQ))QtUMBJ-&ZKU(1N<_rWEf;NNKa3eh!zt`Bs(?R2|j
zx^1AV{$^C2mg)E#H6LnpZ2bdW0AoUnt+0izqbS_=*NC(r(n`n=^1Me}Vx^n!3H;H;
z@q*%t2etgZ6IHLJGn?Zdak#4_`x|#S#;RfW?Y~G+>a(K!KGmE@EO&l9H%R`{Os^^d
zef|+q^+@`b&mWG(hor>KhlJh#ok4pY6}6pd(ma!mw49?1J%ie#09ZD#9~kW++F#!y
zF}f<y1!ACU0bM!hj<eBKo9MQKu68eU^gW}XYX;rn`u7+<RMSZ7a7bhR|6gJ}9u+m6
z6J-P2CSmNp4P<m5CH657b&K_q-doTVo!pJu5410xq5Az^RK0-qFSmBP-evN9VZX{m
z{M%55;-jPdOxXRr_DpNzlHNmqC%``q{)=t(1_jaBKj`sg*!#c#!F-VuRZq40KFYDd
z)i`T`nNJesmw!xD-9q2{#6y-j!W*#q9=0H_>HH}7tu>dgP~P8AALs?`&VnevAG=uG
zz2jk>cM%g6m+3#CD?2r++ZrXA56CiU9!piB4}x}nY<ky`v&GKXgM0_^?YC3kc=<ug
zx69Qn;;kU>oMQ$3L$lM<*e?cs3+R(54#G_jI*)zRU2<~Cb}Vl#$!mwalDw!|PjlG4
zF7nKC$ysjuSN8po*KlH##ozH=Vf~)X_U~5`m7SocIEB8IR{C=L_k+IVq^SBs>RZP<
zme;CtJvo~VtsU|T(D#m|??24t`^{%egD&4+8KCcnyq1%rJic<`gZms`nZ=`vOH{gl
zWXw^lk5?Fa=uV^$oNCsa!@&B1Y43cJo?8d36>^f;IDEilZwUzX`CgOC9^n3;o<yY?
zvL@W@8Rq(ky6r>Q`6p!M1fpuWC>PCV4ZwOEqk4=*7dz^cPIgop+dILZR1(#FWK8>k
z*UWqVJ)q6FKC0ei%FD9n-(=tOXL=KrI`ADRDw*=l1J-y$l>5|c?V|0GGCdb+-%WK`
z3EDE0aXhy7>Wkgpt7rN@WOXCog^E#@K49a(K6R>tJw_d5(tHfs-Yrq}V|~r@+|2f_
zLO-HB{JumbuRN;99boTY0IO{>>`taUDorjP-2V;qeN9F=sjaJl%`|<rwkDa~;BUDx
zs;-s#^-f^LXGYb&+1j+n+@@4#Q{W4qY3d8c_grJt8C(D2Q6FogYOU8j4{xRA?y+e5
z3h-8+9aXP%e!s@r_GzguZO_g>A*<t}DEH51ZCA?jp}OryT5C;|`&X<qt+AE*8cV0j
znfz2)M+CnwAyFCI5LGwZ`B&|YpV~YK{!+B<0ddlJ@Ko!@E-HUDXi9FB%U`1V%QX={
z(oS=>Uz-p1?Lo5n`!^*2rYOIMz4x{IJh!!*`Tr!MKAWRzmr3Wb&D&c&4xN?xzky%5
z^}kb=PRN>j+gB?K^Zx*U*QTiHJ?SZ6x%I++!P?>i))s86B_%3Bq-k&0IOyv5U4PP(
z`+tC^v_7ie9bosLfi+xZ@2~9rYov8vZBL{9Stin|ux^IPSO4JqV|uG?$fW}5t+rB;
zU*D3b+JR>AeQ=+%Ov~Mo1{axhcZBA|0s6j`;w<7H_ZfS&Ql?uzY*bb$o2#ZlUr`oi
zG3+&ZZ4K69lT=$`lQ6w~Kdk5A`x)`=kog4DW#;*poi~H0^?a<0?4G^M!@LK1kGUky
zlpFaB(pc;S@9@ohp7t%cf41|@cBi?T>U$hA{1->ngDK|5@h<h<7jLTXa+h~|`r^g?
z|75HmbwWQ}a-WDZv7RkolwOYXj4Puo){^fOEqwz^r~N`b(g%^gmC}#CPm0%3tj|+K
z*9p43jY1DUP^K$2(G7rZ=SCs#i=R8nqqSxdbXl8(ynp=MQ6Bwa`=69VWd!p^&|zJ=
zT3TDEje9{m1KMv`?_RO@D#f~#Xn(VbbloZNj<rP9Tis$DcACdmo!h&MBCd8Y731s9
zsP1pc?xO%p{c%+7RP;RN>F*Ci8UKlNPm$e!1$_hPWuM*-VD%QP2Uy*Yjk$*UY(KC@
zV7D6e=Hjop&cRzYz~-c+{n0-lBU_)7&Nt$pBCYgJ``V?oTTrA+Z)qF8=zH{YAEge-
zwV<8b7FB;?eUry|kM(Js=F7E!QVd@%6wmdLY@V5v#h>4Ud`o^7RUeMcCwqgVov1La
zbg|2xkNRv$TB6c^x6sG-nuq5hx3k4I$noD}-q&;kOTEX~*RcH$u%vs;>rNQh+<Rmj
z)|u=Chxz{?EgNa`C~cv$z5f!ky?+;-IntQPo`d}%ct3Pr(~Hu^4lz~Wqb}>m*de^^
z^^iAuueoox02=`&-;wJCHh!=9%x^oeNeearY(~PUUycGx>WH#CTVj1;>l`gmzcgHJ
z*_lI<ANn<DvqZg}E7tZ*;9VU?Td?zQV4WS}tkrWda}cJ#CBV~v9_8;`2&@v=c3^V_
z#^S#M>jU<s(D$~|@%0uj`6+ledy=)Y!NL?FqYLz{o#uM!1=i7N?hk{&+ASFUiMx7*
z5?Ak!JM?Rb{($HwNB=I$V_O{L_cR_@ME|B1rLo`Q=_33={<Ow~{lmYFsu}w?|01e>
zr}#iWC6Z4n$sk{&gqUR9!DPJZAfpq1-~4SXGEQeQ(tc@|F;3$kCK>xP89fd%D9-X-
zG07O*Niudg$f$vg%VUypE0gi72kkQG!uHabWGrSf8XaUzQEY;kWbDUe+~6RC{DQqP
z$r#u{G9Ku*%V>a%zweAi#!XB{vxAI2$oNf6G8Qr!?>NZtVS;IkNk+Wuw-iIhr7_9q
ze~x5SJZzWI0vU^AlCg!!$a0WDahZ;YNydC8Bf&w&T+(@Bk`c#bT(iwCqZ~3`-w}(9
zzTc3H?>WfmfQ)Bil5riA5&yVd#u#M$I3^jVG8r#B$jE|zT@#axFMCPGi#>K3)sRsX
zlZ>5A#wSnOWo(0t@5CfyGn4T*2N{!)@#S-|$T*qF=yi~hm!K#kG0FJ9XGz9A4l?Q?
z<EfZr^fDPKzqZTR2^qJ?Bx4hkG2>7U1^e9#W0G+qld<I~yNn=Y1Y?r%&u2)+T8j)?
zgR9b^&p|JISmA$22dD?O4H%0B2Hm8^6HH6r>MbU{+4GZRefvy00JDFAJ_q{O--$k$
z=J&ji%u;F3*^jhIq^*wAWEGJt79F%GE!R`V<16YCNjI7XPX=@t@=@hF2)lGa5nXOW
z?hBX(vM7a>KkE?42kmo0S!4chhj9Jl7V%BY{|{I?*7=aI)!ac(HQern0(hGbieO7T
z6vC|uL9%F3^x2<6)yZFA-;tzH`PxbTucGQ3di@mBH?e(%Cu}HhMB5MA(ypj_LY$qJ
z-7%GHHItyNdO+-z6t2hkzJdK9us;%i8I^lJmAlwn?s;0dk0aG~7s~w-3O<OEzlx&o
zMiwE8VjaNNL*H=mbK)w<FMTM=@2<?_*Je87yrpr;?55j%YU4~=BS4q^h~ba3#dBUV
zse$u&Q!_oh2Q)#@9G$Gy@qD*BrpV{sMLx$$F4X#!a%iH`gx;^+=|rmswf8zQkk*bg
z<}Y89=3k=u{{Rm^Yv|fEPKtqz0?QX|a66UjHY!((4|#8mXSS1~v{KKXl38iweR(j2
ze?Mf5U}m~P|Nc$*^5T?Y_OICgf+p`bhHoIXUq7(i-xzt{MtQeT`)~EJTRD_%M>5OP
zF!`hefh;s3mnW0`z(5K`|Ifhqea`Hkmk%rznEbv=39zK+%;)Bnz<j{u*o1Y!6ku9B
za;m>=_`a!_=9%xadFI@w9p-<?2*o60;%SnRZIMBHME^I@A5fQj6xX`U^{legB^rnF
zuT52yuf?>6ea`Z)b@+zukntgD9($GX43n|kB7^3`VSK|RzTqBy?wF^~2UPrO%X~=r
z=IpO1-`x>QzR$9Jf8<d1TFCfMOl7}<$vD^|gXXf<Z(;xboZ+7==4C2&rM@#nnJJH*
zpzVFmIEUNf@vOm6Sx94>#_uT7^LL27XV7?KZVGq+xE9}%-G4j``}-YHQ%tZ7V8uJk
z{XQ31aEG}+2M^=&G>pEZT*%Yz+KBaywZXai@)k^C{*R!o+z~aue+jGt*f%6>8?fpf
zh7S(&{{vRFL(E?S8wS=0OpcSX2UvsFHw88Wtl9E?{!H|LOWkB;a(VLpJ0DmJFgaFX
z39$AZ#$KO|e_&m}wD;nupR~_Wly$!ocMPcU=N7y4lPlR+f7?MX8HJ2fVv=zJlX3QT
zyNsDk-aqaa>-FuP5`E4N>T`B5t=98lviUVIG+hy&vjg8wREDuvoWo<vXI{!yEYE%T
z-(t;vQ3aa5-<j*60|~b-Zs+%hsZetkxRl>Nzn%2%Q`_zOKV)R}MPrb08`JN~o^jCs
zv50-~d@M4GnT%5$WK=^&1Txb1D#OcU-1m%q-fjL4`dF}C{lcfrvVM9$@L4R{RKNY;
zZABZj#2NKFgEB36F_!PjXLf+L9p*As;%~;`(C6@7@5awoCeH?}21}UR6fe_)6wjS}
zfhaT<_|+U)q9IT%neSlN*HC}2%Key?^MFE^(q{EjY4d+4mzKTl3ps&(kTbrE<b2yE
zCl8Bq`aa0%Vsa8pa;W|rAZKzgmik}MBrJNtT>o^xt|Kc^=|*Z-k|K1yLI+)s>7_*w
zN2An1)mxC_od->mtg$vF(DSlmLQ#rm2@)3C5*DV=x0PdpYkD=7Z+nq_+nv96*#ASu
z+L&ZCG8q%Ux9_WV9+9Y=yRcpDlJ+HGU~R8N)n7|<@Hnsl+M-Rurh&~2n)SET?<OkK
zgJzp_Ca|eN^BR!{jM_F!!is^Vz8W>XTV4Sy=~Z#2BCuLuS-^HlSQD@@U~-Jkc3`8x
zv>3AN{u8j~-BCRTNeds3p20N#t7x1-XbLT!+q{f_1hhLthAo=-CxDfQqiWE?|B{8D
z+Na<kMR{i^mN{+nOVmDdUb44wBV;@mlZ@k;jQ$txZQOYz>Oai==oBG$1ae1Wl6we~
z`}~XcvSnc5-WHRLp%+O;okQ6Qve93{hEEq^rNHWj__?TtRRNm>=9jQ~U=u@@^ABKq
zhRk|UC$RA$%lU_pC+lDXLY|z*sE~JsRCjan!3(0XjJr}+cTEm;SDsGS2V#+t!epG{
zAfp2^K8eI4<0V%Ag$^>t(kbq3ENyr_li{<-V0W0l2Yq%(_=K@JcB$JOyE)lB9~RNp
z-Lu6E2E{vd^e67>(h_#^lIX4daI4}yG&M1a;vKUyRs79C*-xaqnYrs8Qwq~^$=itB
z2<Y3`dE%d<>fb2+RHPf@6?xrGWxE3(Seoqha@Us-(ss|+Ml#c@NAYb*ubbz%NnpO$
z&Hc`IG<wqO<~c4M*vwze`fbk9T%J6~1&-$Oz9nI0!2Fgxs)1F!ZroX<Z|sC}|IzEh
zH-{R<A9QKI+E=Ol3SM<M|ACBMG08ZJ$)LI1I*xrgiApYHoG5=ku!d1{-Q@tQA2okh
z09f6qc`TLzs~t6u#cE(Rz|N4c24KCT+^0jsT7iuN+axfut91b@{aaN1m*}Ind6wAr
z<m)Y4@}d;%a<dnh%o{XLCLzoBcj2pmEm?gsGr#cl@B3IEkfy~lr!^xJSQoIz36S@r
zJ#n6Ur41?D|A038ji~x_>3b@HZ3jj=F8S6m|0iH$z|y(BEz?uZ3&GxhL)!RQR6RmV
zJ2RPC$k_cCq#cCaz^!^&mhrL#D8T0e{rr3wbm2FnruaU4fQ`Os-V@FM8+p^b=k*_h
z{NFVCGu1&But{L|>G=k^tu)tjjl3tPGM0k2>Mh|v8l*k>W%z(4DJ9H?SEl=!)`M;v
z=;U|aTYwF`W%MuV-~A}urSHdLQ_24e^>3Qntz#q!AG0_n8J~}kj4q1|cK&}X_VXy)
zRl1F>$l3?T;=SL9vvk9SDQDU2ZruJ2c{Trts_(~Xb-G~xgy0?C+kJ(%#V>A2IDJc^
z_q%b)^u{XdTiu|~c{|GAXja5~<iLu7rTDBe%5IBqNq~d^lMqZfn+x*(ko{hq;+e+*
zasG>n`F2e8^D|aIZ@=bn{(Bh3lZi#fDkfv_HTyi&l8g4=6V+p0(K^uyY#5jpFJz0y
zb8fP*-!lJaq<10TZ|e0}ynjN`?cUpbE%Df!4Qk&>@+Uys{=QkiP>zGX3`~ooPcr8M
zYkgnzVY$C&qTbj*Tfl67L>mC@Fle99X_xRZS?al1KSx-Y!tcL=w)}&rdIBFCnYG&e
zSKy7n^Q3aM1Kak2Q7(4>6<9a0*Yv!^nMLke$!UV>$0#G&1INKvIuTW$R}`W5E|Jbh
zN<Eh(vu7(clN2j!`VTN)Oo)5Vr>A9JBJNb>0?+y|s$MC+!LuM)KPM?cTJwkIeL*F#
zt`E)gP93mLU=;$R{F;GH0Aq2*C=k|qK9_X@FZ;;6zHSFr`H?xF0bmUu8S4wP{{b5S
z*34wCV=|flEAYU_hK~@cZ6(?KX|3@ekNl8!oEYbKP+d9eL(o31aNKc{;fM06fUM%l
zsQv~J@+s2Z39m<5!=z|m>D+<R+K^T|DQs|38jF8~w5mz59vN$4P@jirR&KG+IjsMK
zcVtr3Q7yketmL6RKZ){pITUdp6<F;jV&BI7hHmj(?>#ro{{n>lk>5uJO~WU`huEMw
zPorVq51MAsEFqfWH2=+>hP0$V@I2~~w(}EVE9P+mn!sNUetd2}qv-%m?<dARPC>Iq
zqoH}U4>a3BBgH17J>257Y<lNg*9X(+TiE&!`njJ*wfF?ee*X9h?Vfn*35iPnr{eDa
zIcfg$MErm(;EfJ=0q_9}&h#JP{?E9tuU4nkz&bt?KJqjfdP>=%e<>e6OkN9U+NbRK
zbO9f;;PmY~foK0yoU7LB^T8tM1IsW61b3mzUJ_@hBxeHj-JoAh^i^s8^M!ohiCEwN
zX_ub?JpW&@%P#?a@4xKjuL7=oZqK&?c=6|U`ZnOL4)`|UBMx{!@XTpDJ_@|r0iOci
z<AA50g#GNay_{LV1OI2nsZ9%jHv?}ad^4?07>1kaP;(cn6{4vG&6Gyd;7rp5n#zB3
zA8%!opz##yMC|={(2V}uUba5qSznlO>gyxGYk(K%>mqBr#iX}xkX8#C6TW=(@0lon
z@2V~>^J;P4%IrT#o0>77FXRF9e`(zBVfG(jC0`n6e*ye$1k;UQ#<D+s=N-}so_oi^
z{sFnZFQcZnj<y3U1-4AeYXW(7$CTI8EU)_<@=E<7`s0^kPEt(%gDbfMA%=m%=aEal
z6#K<FzD=ER3H~I{rfmOyo=v&_WY4C2e~NcgpW;vTZW>Vh`+GNq6@Qv{(}?1q<J~l-
z_~X5s_9%XzchjWePw;M<R{UP?rp7pboOe@moL}*7YK`-IyqntNuyclVzu&v5JC4sI
zJwN32@eZ|XQQAnHcmFsxk$8TStnEXFK@<Lu`K)ITu+jgR?I<(A_WUPmdf&!>GW367
zrxS1$j~m3^qXeFzq8(&?b<u6!7T=b5@3)v*S(s9Se-&~51^OIiSnX95p|=&GPhXxa
zx?M1tKi|jfsZF5m1FiNh+*Z=9Nr%extd?{r@T4zfdd-5AG94G^mjjev+_3r?$uN9C
zxWB|!{lJYm6VT5^%*tD2@{LG61@!?L^7&dOuyJ6ru8{{!@eG^BL@}@oU~=E70G17G
zj)c_$%L1mwNTND#0u}(q=A#-4q0Duy4&cqenau!G!bWkpN#8sAJw<sqVK@eT`>!8T
ze}C(JyUw0@G~K<5MaJDs#(NGjsvu)sOft%ujKvdn8QqX^a!fJ~W-`8Jk-^@7Do9iY
z(N0J4y7E&Ul3jAFfVW?_e#TemaK^VZE#N&M&dD*un@X_d#Tx9#Ngprx5!OfFFpHNX
z&9O_-Z&&L5b8(7@v~S#ntpi_e{4kHrrSP++W?&7#nsvR?$*)D6bp)0<9$PF-@qF&)
z?LzfDfjqiV&mIRqsbE@Qwd@vv38h8e7HIu0_tZqCE^(OMd*U({O1=ew#j=d~DV{bb
z8SU8ge{H|v7;K*lK4w14AKB;XUX)`7<;ao7)*!I-q+#`!0;9Zq$0*8M!1lf_y!H|0
z^=pT`vQESL2pQTQg!bMQkb645AybpPmvgdY_9dH4(n)qBWLHULCaeuuCS=R;l)Hg7
z0F&3(F_hu@6Jj|-j(mg8kgq-1eukWNtfIV-97|jLi+#b3A32==LPmQ`GM;2I);P%6
z1{s&eB%_AOIMzYNBxEd%Nyd>(Mzci*^Z%KbsQl>Ic6D<0bLcUrbLbNA?m?g2AjLAS
z1QtZQX*M?Y{v)tHVA@)&(Y62|(8h(pI)M!XOO*Jx0}BJ&PvU3s&jf$F1s?}qih5aL
z!DoO|yPaUc=gvp@l8rS_!*hU-0Dsnk2Z1-H4C^tx=?|@g6~L!~-%P;iX@1)4EJ*Pb
zYx}JRq*te!zk~SNfL8)vPr%YN|61n%R;S-p*^cxcq&G=?EFKH+?EQ!NzKiJ`3)6D1
zOBSx2o`5z7>)#LhcF<oc$)R~-?gH$GfJZ3s0(SYH9>YGHi?r>>4Xc0uu0r}(spq#m
zjq)!+T7CJj`fIO|f35edI9`G!DV_(C#gZVtAM{BT!@9jwD_0wE1$eQ?jBf*;fA+9?
zaGV+M2Od~A%;O77_$bM*H2RK)Pm%meLod<r)F9exoxNXX1v$NJH_Hb$16s|8kJ_yy
z$n!f`)c;n`a=pGY@wY~#U#qtdxpmbfvr{8sqi6+9Ri#-6>jG9;Y2-!i&<m`_AurNB
zhmlr`G_vPN{%>rZyGFYA#Lg`X6O}g5UMXmABmF?wb%Vm5Qe|_LJk#a?7&IR?Fq?4&
zWcNb$uN`Cyn{j|FiY88IrHd@Gw0hVEdD-U-tJPB7^Z{!EwnV~)f%TnZj8mrn1FJcA
zShu+`{h!JQtW3iE3$edAZ&<&}$>Q+>s|3c*>=#QmPHqp??Ejt;{g?SEE9l;$kXZ%(
zN$`J9%BLP!YSpm*mMqP^Ex_`DY42```U;wSF9WuN9&Y~w?_iZt5A6OMu%z|F{Op|X
zSwy)n)JwWp>~oWfuzv-u9A6>>SUa$L_3{|Lpha4Ft~VEl?5$<sQ_dIlwZ!b(ev#z+
z=c#9xJ6ZnC;ORKunA6z%7r@dl7}noZme0LJ->mdJ?riHD0q-{O{#_b>6Ts@Lht(j>
zE8ZvKm^FO`=C5VwzDdDd)YksuM5XH@tRZGU=3<M_(`U)%^^e?>*&195eqYV7dR($H
z%lb(jf3scPUdZhs^hdw5$IguD67Sad7T;|wwwzzIZ)Z+Bx4VnH2a)%{mBZ>U%r+0|
zr<dvtzA)uV{bwu+A*lnCO#h-pC2!L(k1=Pmv3s`bq(PzogEpytn8$B5<{9L78AwY+
z_Y_-LZdzyGSGS1bB@A=_Ts9A0$aZ!m;w+N%%XZKVf+j8A_ASfF_9lw#4aVueVdl6t
znXY(h{hH!vjX_S^HN)!l3CiC5<*7HJp7MhZE>xZY#~sJ%EK3Itc0NPjQMnlXY0I$s
zQk-I&i=};eF+a8_5x<<l6AF2Ku=md)C+9|dN4#B*_u@Fcj?tv$yhgYop4R1Y@HXBu
z%-?Qb!Fqiot8l7Hs<v8;L-q~`_QN2Vy9DcL%dq-Ef=eF`vN5ond&^5^fA9Hm7RSG0
zvNu>p$~iW~^O^-(oI>kI2g=cX=dk*=dHxAX<3HfJ**5;Mpk^;Nd-03+uOYAaC&TI~
z`u!AFf4arcY$hFBHptI;^Ggzyf}alaSZ(X6?l47M$*nu6OBR5Q#$+Yv+CcZZK1K{b
zXc|<FW?%F={JPjM*6{mjU67IcGt|SWd+oy%yTDWDvOD%Z<3-9MhtBG)N_9(l#?5!o
zyTRkgQ<CD@<>)+ENcSroGx7Y&g~6Ljd6d{vic`F&#Jlli#X0gI<$AZ2^IQtHulU*j
zWBFch+<!@uYYyuFItMr0^Vt77gU|k3b>yKsDz>F8N%1cCx-18tDz{Equ&)*F4LA=x
zq~uY`5|@tYhP!p-*y*vgyV<Qssjj2(P`AQ*H@NcL=y9z1LZ-V6F30{YG|b-<ll>L~
zwDUClbSjZN4ceCQuzK=-_BAf3uW{#NDOn`tvoysU^(0%BHm}DAtjx4X(3)Mb0{i>F
z46BR0F6$TcXK$g^WoCW~tyS$S$p36uz1ch4oG;GdYdyV=lQh1SWQ{{s-y6f~`wr_~
zA;}8LwpGt_j<V)+e~;Xi<li)`Ug9y;G4XBE>v##zw*s`?<HOvC*|LAo_Lhq*d&^}h
zo+fjBC=ULV_x|R*MCDM;pOW?*v?k9WuiGge=+LTovp-M~`2#K4lIXqA%TH>Q9J|c*
zhRoCizbS%@i2H%RuYbFp*#UeFtC%U0@(z|ID*pF})dw7OJXDPL=s0<iUywrQ8TH_4
z`CwS37|O~SdixeS+q=DfJq}K>`GzT7?sZ%S#hzdc`3!%AJ@a1fWmd9#nU*^~^SCce
z)++4hCWlor`H&s!bnW~fc>3h9DXu)>Wx)Locn$C*3(ow1gnZNeFJLnto3U-craw09
zAZ-5+%r|MajSP$YnXgze^@DOf_Sz)UvK-Rb`PUhViZ`=ek0noiq({(aP%N>Ztc<tp
zMMBcPO4_^Wed>j|dY|I2Ku|r<IQrvZ?dl@xM@v?+>R|o`XOMr&FpC53D_R+^>x<m?
z>Q}m6U+9?EDsx^fdS2aHUh0Z?tu3aJSHUOZyr`6)bCS$X;ANk1JAiL|h4@}iQL=Ow
zy&p8KpK!aWuOBp({AF<(r(<W3KgzIr7Nu=N8r@YF7ns=@#Og$4O5<%sdWFH;g0%80
z+BM%QKl2NnmtwR((x*Q$`VW=2Psm#@+H4DXbMZ|8+dI*`Fb<l)r`S6QxmPhe>^kOo
zvP?MBG5cRR=BrP|xm1w75X$>M@SabFT@ZMQuy+>#?*%T$X(|P_{Zn%vtpe8fsktxL
z1KTNKR5vX`p4Fzu?*9vVYZ}Sw7xLpIStGO1PdU&ht#PN%T4SbX_D?}C-*qloW3P|O
zHM~AFI%fZ0!|U@<QJ>m7B`tzq#%X@-68UR!v90k9&bHj=rG7C2p488Vc`WNy=u3;!
zlGdd87t8l!>5s+E!hFK0Fa9>8-Sk#z_L-13C3FiKjqBOg*-cKSCg*BN4y}o`kkbS?
zTg126?5(ttR@m>VTTP-Y{x4(=KvpBkD!~|L=LAcV{~vAF16OBN{$DP4;|hqRlxUPx
zq-3-xsZdebc7e;rCUb1VjXB)Vp<|Odbj&eDhZ|0Gq?nkfsF+lkRHT@cq?D9YR9v_y
z6+gqIpHx_=sObCqKIfeGz32URxorOS`5^dx{+#EW_xyRzInOzV{FJRMqj{K)@jOlA
z=f9r}+QQyHguLgiA^q;$JE*TQ`6sl4X<lEWxp_Zi2O#?pjkmvFy=dM&+vy0`e{3C#
z<uNv6@ogss`!c$jQod3_AB$6wA6jN}?^vym#ig4t-n}=(`@1dNE~hcCQsL!jO8Z19
z?MivwEm5TL)6<*P4$^<pYJDhU`wd9D{XO3H8O_V@W;E%4A}*+(y&FY+)X7?2USG9H
zYdb9^QA+iD!B`2xI)OC-lg}sj0c(6O*gvuLPhc$?pTMSoHJkJ)o6$ZceQf^=Sf`|q
zeo>oB1Ktgs?wI6##8y_<wEHR8`=6V6`FjP=L3%%3_;3}VdEOt=?{}2fw^{oKJ@b9B
zhRyWz_4hX5mB2e$Ba+A8O)MgYM&B2H<>Lcvi5wXt?zpgNpTrt3^3{4;v-(A;OcE|b
z{*j&>kDLl@?0sIZG%O2P;+)a<C<K-=XYEIs{{vd;oN?cY`9HvufwxOoGq4_D^7()c
zV1YT~x9<fuG-n(~hJXzMTcUr1jnUfq51X=J>wXEMES^hj*568|fArnDs66KQxaeNH
zlGW>c@y*%(D&&6xIjS%2<tud`qht%}+nm+ks{-CQC*oa1-K+=JV!~R0wVTSf6Iho`
z`Ih2m0JLt<zHW>m$+4a1l(LmuYpjSj=4#t+%FAQP(@W9*J`nq5hWXD1Y5H?OtC#%!
zH^_{CAnLWL-fR8r<)&_Sd5qUQ4bsc6OX!ow*?wSS9}F4JCXE3LNEq{ffen3NUq53n
z=ltwlk<HxCXX8I`<wN6l$OIPqp;ZsN{~5G+(B4uMdA=F^4)S_sq3Z^xbynJ|YlW^p
z=-RtDlrAw3ZjEsL%J$>s$3#9I5!W8!jq8lKg8god;CJ;ZTceZ-w_iP^&y7RWnc9fR
zJ0onZU8%K6=5NC0<S4)TS(-Ck<Xa@o3AJ@!)~;fa_MIPZW^n`VFZ;;XPCw{A1kYXc
z|Dbz3el;L{(@tPRz~nP{eZU5RX?29YK>*kQu$%Qdx6Hbic(JL{t&H)R{S4{@Q!p`(
zKf$lRn<D3h_Roapl@}8XCuDLZkn=(AVjH;{IV4fryb$?mf?VkdeuKZ<4y**2c1D`Y
zxd&J=u;5s;nH?6}z&!iqy1ohU)q+p!huD48+bEvM&*MDp{jl`i#@m3HTzVPWKjb!q
zkh{SoN8h6yay^iX)B7gV8ceWFtfc7pJ8i33UJQHx2fAvb{d_(i+*8P7cQE7!<8j8o
zS05cLM|K}GusUG>)!VJ;zXl_u4Zd8q|Iz{8;uxeuXHcKa5k8(*Zy!E$`{PmlHg>PD
z^YI>A6!e2?oqW9MlbhN375A1L_W8&z?-dlE;#XgGk?*J3mE&aBO7!*iW{EW|lU*lD
zc9qIzkxlG85p1G3X!jXGn*y*YE8eft<*V*58f;?sh^;V}m6J^(&W2)`X0&u-a`YjT
z){eYaqP?H&S6`z0+)v4w&-eDmWtTY&X^~%va@gImDVMh*gXNNKS1vuU*G+xikG;%Z
z>f@$i>&$6>_SS^^1>o0WF2)Z-a-RboXZ<P7%%@>;xv-1s>h>t5;B>#bm&)_|-VlB~
zvUj6(>54jJn>>8QkO#@P*Ye<jE!1}0E4{iOo>CsAWGDIc@s{0x5Bsu`cpG$|<(2z*
zYKQVtjon(!cU{t2%^_*6ruk%%{wvG%^xKfWg0!^zhp1eAz+!>Xx`+E|@UCX_<>ln9
zGyfm-6415tlFa`HR-F{=L#f_20;>Xc3AORs<(9gXYa9c;afNW4Z7Z(NuFm`-BACxY
zyE@bTv1aa9p2YLZ;%%-%d7pv4nd*|dY>|2GSe)}}jBrhu1~9Lk4Hrl@G)5d;bjaNh
zd56}=kPRzf1I6aJzrRc`^TexBzR7+b8+a9;$E5+w1jgn7`83{?vPFPmE&dVo^5kHD
zOa8?)@=^wDgz~awnSDKGdkv9!5vC3Gf|%Wwt#X_EZB~N$OSh}jP4Uev#>pMS^T+Og
zgsmN)@v9FLAkG{lyYiz&_rE_{1bVQ$3U)*(>7VuUyS&)^>vEQFdNn5-&=7Q$g8oO!
z<BLlzc?|BSL>`TZHb<CqJITk%hMjarl>6SL`gdqW+7q7>X)D~%_X0~!@vHaKyMH%<
zcco4L=au&IOC$SSwtE`dlDeUr=jT7+Z~pP5W_Ayrd(Tq6+|nze6mP1Zzb$N9i`vGc
zPxSt?1ia<o&Cq#+{!fJzhe!QgB6w@S8$tcu`GzvgF_s}+K^b8atG|rR?`BXYE|lXD
z_Pv+t;|7&q4bn(G+ppdpPxm4(6>WXB^O{X#MCAJ?IqfVdc6%s)_+YWz*6hdhDU@pq
z+4oMiK3A;Y8Koqh=U1sd(fn_(SQBmq?mdt9bJWL`#d$8{w`_>_mO*a<o$d*BKbvjw
zwY3xaqN*t=R+~R1*_^ET-w7grW3Y7#>AogtYsN10$LEXwSgcdhHynd49^gl)9c;)B
z(GDE$R1@c<n@)yLk964@{8>C*`nDZNH#5u6&#JO^$RA>0?@fSK0~*cU+@9=^;}LuR
z5&R7fy4pY+)O7V<G_Nl2HJFcrza*&ZVoldHbfsJ%bk)zVs}Z^~F0j{?1zNSH%NJS~
z#fVmbzaIRHXpQo$i$eHGVlG-5Ibk2|k{jc&E9%wOl6}#1bg7x0;c~xmA^T=z!!&G2
zSmsy#Zh_Bl!>GLt`RrP?P&N#}hPyNyete-mo>o;xDV4c?{;ukeFBIjrGT27i^rG{{
ztThxPukY{;CgS)x3-=ut>ibm#(Cf()KG1;+Lw*nT#=;30@8g7jvo2^~!fyEUnteG7
zw{Iwtj&lq9&IsC90loE_eJ9OtU;7EvoP~X_U$98)H@l#x5_*nOJsP=S{%=?t5qXx&
z_FJvgY>q#X-Xv*e<FEVaU|Px7qCYDTX+8bXq*a5oJ{>30y7vOT+#8Tq_ZrMuG@SWa
z`T9D6>&Gaf95L}+tN)$j(2x4xk@`{1$<q4KY^2Z5+U8%Nf1lVr=+7<@-{;&5=KVhG
z4q)y3d@PucBIrrJMC2o4VfkR~20#5L3j1Ek((UVj-hR!#m$K%yZxX+oPZah&nx)ST
z%c`Q3PUsm5dA2QIn?px_)~OQ``Sn6yc9EaOF}jy$S^Q&t@21t{9<PY89sk~5EcuVZ
zJ=VTkAhwzJxBop~FPA=~udMg;J>GwxZz>mxP!ARi+aE*ydp=f_%S%B$vDZZ@iR(rA
zK5N!v^ZlXch^FW6^Ml|2I&RN<H0~Ze-?==@_d<yAHUV<Ww0v#~+SdWS?HfcsH_V^U
zN!XXB*>_G*&kXeRZV>tW-2C}WkE1uLgr4`$3y%NSb9>mD6(1Xy>f=9XV;jWS`1|wb
zAOFEW<)Et#wB%x;>u6|QRQ^NYPcIhramRTJs*lXyp?)Gpl>hSc^zWLs7xiPKpT8Y;
zk!FW47(ZPkjSI`I<H8jB^M6H)aUtP6{d?3wZ{bGqJ=~%5$L<(73H3Kxe2=knb^8XO
zCv&5ycfUV(!S#;b1i2wv<oofU-jr(iQ=3G-A3b-$`JR9uP^9I%`dmHVHPD+_BJy2+
z?!5W#Mut<hd}p7l&&e|O(fKUDAr8X_Yz{VmlK_1_xs;!6TFKY6D!@|>xs!FC0)36P
z9<&<J<UNKKVD%3C-Jms?_y>SBJMd3})?(tH1J>@qpLhf2$0q(XVBI$SEdQYOl+2TV
z@MLaw$UkUVn@#x#=5yfh2CcxvKLD)QfqxRT5)=O%uyPxIsw?fFRe(ls*1HS7A=j0a
zammGo2P#;dgOXT}s4FSo(EF^?{ZUF8^qeNrIOy7-$F$V!=jq$gn)mbc?Py(~Roc+f
zM0!=4-ECi=*X|Y+NLiGyyXNb<-HA2M>1Wi~r_c6(Yk2y0v<lFwLCYZ;=7IaAee-(I
zIzaOY+Ktj3ByFILgC^fa*bQt9n7rRN04!j_#(@n1TP$HSzy?kFJO`qb0TY%4tlxyC
z1M4$kUSPdiJrY>4jlK$@Pv)yV!0nUynhtRLWWM$TJijtu&jFranQsu-go$tB053n8
zZx+~;i7)oXC}q;bmkeyi#FqhV+QjDrHfQ210XA#ms|4o0%*a;<Ou5X+*9<Hc*t61E
z>JDJtTZ~vQu(HejhIq3fV3j6p5?GB1n*&yF!s2hj{KJH$0Bbd2nZP<sSOKtZ6IKeW
z&xBP08@$}u7u5qByWH9r5v>ihaR*v2XcG>!G0-L*XtSVAInWYn@qHa=>7dOx&<a4C
zb)c1lHs?UA15Md#-*2~q=H6;7t1e*i4*Y|lC7AdpfF(QdD>p|eDJK2|VCgpev>ulZ
zS_Wu;BpSQllHK*68*>%EudWdE8PFF=b+qheI{)hD@6-#d`er(>>Q{d*Fj_Bd09Jj4
zpTDy%$JrKAv|TWMpY?wv58h!(egIhWm40=fQJ&)ex5=+6QtaC-c&EVIL%jC;<AttU
ztnZwVY{o5UU)%lsUa)00=XCQSyVEM04E9RMPCzzKoY6e!S{0Yh)^o`?AG;5z2|V#v
z`PGAZ%yy2x4!l%aLoB2nTk|roc$Xmn9VJ)$)jud&I^>8xq$R`O2mnvw4!?TNyy<+$
znvQrIC;K4kTZLbL2a4)X(Ls8T-LLNEbtK!hJsAI63EGSejn;A-Kr7zqSJxQtXAv<I
z*{;{4=>^^3YA)ro7czCb#JAA%Ssg7-gtB@u0iO74{5*clSg(Rtfr<Mp<Ll7>f%j)d
z-c{hO(Rr8iyk~(owbHMy5_xCq(ZI@pr5euyEY<Fs{DmB=D(<JOgG}k}@bgV}c0;D&
z+WG4`mC*!v$HCjL1odaTz7?$<FeM((t<bl}ufAyDxrg(JHj@UP%&LXA8PZ=4*&fJl
z(Ca-NYxss<?}?`YJhRt1^RW1@Tj_kVpP#3s+;;HCp=h0DfaF12X<Lq|t`AU-xxsQQ
zk^h(Ct%5i8@Nb!P2>Po1>K%&VTk7|QUT2CsX5Sw&Mf(;eQwNz&$ULUYcn#m*@Lo|q
zm+6K~+6@bnnSx9^WV#(>s!cNV&65wKy!ZRncbxh<>K>}CF~aQrOUTYb_6)skZq~=V
zYS88!XicCgHTJYl(A+jOTGtu?%>&v|UN>lLTFu6$9W2N{SBsmT0bga!{NoJqCfCD%
z34^y1<O1*}9`LKXjQwdY^{08kbJO4AN1k$6j3Dc==@MCryONgl_nG#BDN2f@bU=)G
zy+||RMn8{@586lPm&?t0nF4P)cyF@u?lAKv-iG!H-n)#v)DP~Ld1>Fv3*Pjbj(xnM
zf7G8gKu>jTaQ~d`{{gE4wp{<-W$Zrfm12Le7xcCe^l{LK40PJNULB*oWv3iLeY)A0
zW&$wfW@nulpr?nR7lB@SvwfPh#_tBb5%ho1-|?x7q%t$@6S{6SZI>^nOA^dyv?wO1
z7&_B#@vAq|TGXG;lJ^brZDJ+qn@`%VGW%leFIPi4WP2~t@gDT6qh$M`vqITkZ3$j*
zusz{+%m<+JDzZJ_YP)4WztHuHL)cPC+iQ?cpw6%6Q#x~JE^@A`uHRS=c{<oW2%ST>
z`qkf(&R?AwM!7pL?>iY!wr4g(DOra_ow@1EkEG5tKxY6t50UN5!m*v*iLl^0GlO)L
z+eDpt>+>H;o$=iPe+4>slkMG~52w!j?O5teC(>y<BI?YJ&wnI!#(gK|)3^IoKk59M
z)pnaYbM`{(4EaM9NGI_Q__7oy_^%ZEy~JP{t&S^=T({UE9kw6z1(f^Dy=p7v;guA9
ze`^ToR5tlldT-Y~U`Qv&CY^$~%E<c`IoNFz-*n)W#nO2kn;5bp*hId)yCY~*`Ozq4
z?Aw0zR@#$zVBWk_T-zt?<J!E;?;JZ*QCg4=TPNI*qQ}*+^{+-`{DI(_4vhiDz~)-~
z{617K4fSy0Q|Z8SoQJULdFaja(7WfM2SU)<`j?<<HfQ4}_M7n6fCb+q&XMLWrR8zu
zxp9@ban-a*xg)N0n`v6Y@?8iWWhjf!iF8+)(yau&>H*XG7qH3)jB7;Az-mlo+5xQk
z0p~mq%tN1=haP)ZXnI-*I$Qq|bh%7R@8bDAo-%ENj`0Wl+S!=Id{er8f-aY70N9vR
zrWAKo18njEzGmXS|1+jD^0{{`%4t~aJs9QMy(HO{Egp`riShd9$m03W$=AMlFOTcY
z`phCN{W+xXd(f{A5uRp~zK^G0A*Ijm2gXmXrtgDfeLt(<Zj4{hNB4%i|Ct;-FHQ5U
zQo2}AY-laDJum(FU_RnX<rv)Q>3i9^7I%9vt!|_h`;bVhIdod2hvoylnx4HuJxUYW
z2lUWeGVblk!7^CZ5a~PUu2>Skd5N-<XWnM7e)q7U?A<8)NIk})d|H&zr-SKLBE2Rp
zy|~cnv9r1O`MRd(pJ(X%A*uI7DN_%L^#)8#u8j`9^WX)ou+^Sc3R)Lv)F;z9^Fz#6
zE?|9X4QP`Nv}Vwf9u{$6jJAiJHDv3bpp`n%20?2B9G!POTkqS)jiM;Ns--BZindl!
z)Gpd;sVZuZm^EV5o)KG1t=g1Ov$gk3qE&mvj2*R!*n%XIC%@;foY#3JCpjngea?Md
z*XQ%Ts$Q2FZYz{MRHl<3YgtiMwbj+8teObVU@}7rV0Y5PWYPDGnapO2)DtmqV@)9N
zu1>+U%HttS(#-y^gKJe|;j$DtWh42r^k!<gprHL=Nj}eHZCbbf@C+KWRXZatZqjp+
zz~TS;GR5+bK7w-SPT3LJsy=;X?4FlgMt-gYYS81TPL|WggX@<vuL51r8wJQPE49-a
zXP?YW$%m^@-@{X&5?{;ldxe3KEP(20U=&YuJ<nW0W^_Sj#PaP3E5`PYrR-&fAl7X|
zwV=AU2ZC4p+iUhD|Gb?+&>hI#?I}lp_0a35BK^i7bm|XMzoMt7%Gn$tThN$SVb5|Z
zw(_%@#~)nLaL)>)Jrj!B<Gm<Wp?x1Djbg(E{XrVDfZ)Lz+a37SAW?ORQ$e2#!?@f6
zFuCC^*<+Qkj<-A+_+%@t{ha`uK+=GsRSzq4Q(>LtJc&n*L=sf@{Tb$ANy}ubusKVm
z=AZJ)i7;RPxFf0K)Qs89+n#gPT7e_tnW!NX+O`QkhBj3QZ^qpY4;HU{zTaa74fk{*
zyzf*1o`b?Wxe>7EnFyp80aw4Dq(2YAR<NYPa=Rz|3qelBnLEHRm9YkOz{t@~5l)U4
zw4r)laZ7i5Ik+7}kjqnAzU4Nj&3{?U{*@yqg!pHD4%Crc10Jo}FKj-00}PGWGKGd%
znZ8L$!KTFQ5%^Ah&lx~9`F<9-St5!04j61xdEV3|^p>n#^kkc1c76M2Hc;A{(%S7>
zt#32+Fu8(sRTFAu%_a46ELK7TRl+D0ITr8xO^z)Rl%b1m2-$9Iejl68*WmExm?#*B
zmLekVrb5C)ydcR3=2=P$9wGk``y{S*#U6lbgdmK3`%d;M#?ReP60}#(j~A+{ivS{X
zJof3y7<@VanqluRKe&9){>092vPQ`WqIeIzb6%13%D}?!$6aIKXOD%OZc2y0dS*U+
zXIdbI*0g__2o=>kXsF;-Cy^_R|3){1ti{Nh+o5kiRjFhz`&Kx~T>=JsLUeyU-y?;W
z?dpyyi4v)m29p6gnG?A*8P`M&{@9vJs#5wDMhQ}rQzzB-#<aCFg)8|2NoVaJlFshu
z+a4BQYMe}kl`TkMdwlad<aJfHoJ&qM)lW{tg+XaGH8evjvR1Sr&&D1E^ja~Gu;HKJ
zlIqCqI=6CZ^L-8jNH=rJt}6|;0zi}2Cs(w&6?~=V&ooXN!-T!3z8eYXYNy#q1PGBo
zC{39^BMI~4T6dN`4B!oi<1!IS&MVnG49Bx`7T5Eu{~?qNlMwi_%}!O96=z!Aq>_-Y
zO3EwFq0=?5Ui8bhc;-rMDy^+J2a7#T!jC^J@s{fEp2Sh=YA*sa81n1n)K6}O^_`z1
zoDCx!g`!5DlH93uF=-I^?Y@b@f5GlM)xu{B`7|C90ZXJTNajR7l}Aet?BJxaN5waU
zn{Ww_-W;INE#uc&4UEg|aTzBrY+t>0<dr4S=&nFQiJL`97-OrKk<26bT(u!wCInRl
z{Q&O(38tk17d)Q6;)tlB4`I>g>sY;oKk2AvG2jd=oQy77S8P^C{e@rcfnJ`!DeFhy
z)o#K!i>Gt^%s5h+IlnVM)(C(r#`M4`D`-ohmapuz1j%qk9epVK`NGC)Pe${Sj^30h
zhATJJyZ#Q;Df-~;IMI%^HozJzl<S{=*S4zVUUl;P)4UGpsxxU4N6>tsa2$c)@oZc2
z`@f{hrgLME<kOk75IW)t__9qX_X-Of0fHK>Qg39ZajFKdbzQCYtsj>$tfy0(m=d@z
zhPp@&P$kpbwwFICs<;{-{^D){i~gP4-yq~)!%oCrSzR|Lh1|V5G7pu>+<mG@8g^GR
zFNMA|rwF=SScTmbBStJuMpaJ8t@D#ALyaTlcJfx1cyP+M29P^7FY7Mk4g*p2`B29#
zK$rvd$$J=X4YRgy{Nsm;V}f>nObE~Vnqy#R0-hKU55WkiD#l`VhE4rHwK82HQn1y4
z1P8o2Ew_nllx{;|-!iRkaGKP4b?ra(NTy4B4d%Jp?{kOwd1QkgV}ZaC=%T(@KwRYo
z)X|M(JB6IYphZv;F5$3Uc{omX2Y>Pgi}O0gsc-#~@Sf-!RRzmwy}5d_?Y)h9w&ZI9
z6Ui79IO;f6fdEEI8$IM7{hc#Kn!npn+oAaY4`NXS2Y+(_j7)LZa@`FyDnH)7hZl&M
zCd<rCV~?#jaw|qyq%k#gW`iL|^4lkEG1IDg3!#Femz}R$>IQ2s$IgGGJ?bCypS?wq
zd#x9@TiRNSb8!ilP8LbHyLsjHY54D~{x6hy4*`5=7@4#mr}j_2rGak_dGzyO9RI0%
zSN}15a#g*lfwRmng9vIQz3dhx_FpBj<t@ymVr4(5FGEdc5#F}teptS;plKSOBfaij
zy@~Npw$Ctof8U=CF0q!}3W}NI&e+#s#(l-Og3A47=s=UgH!9%G%?-KhSuY<anH|c$
zWT|+R)@=Kb<s=k~`aT#rQIWuD#FESmb|oKY>itH_;WenEOl7qIsHzT&z9E0S<QAg3
z_%knE4RG+Kdsnx-QX;`}{lAuseOz->UJr@lOl)*^w7oz=@m*s>s$I9cqab3MM-Hs0
zO@X?1F*t{N{?!itUtq*#^<jx?zSXrr!B7*o`<LvIok{E7uS03pRox^|*DfcLzMR%1
z)ip{gU-e**HIhA)0!^T~>&AWk=xbIQxH9vNxpVN%v-32YGqG>F3E4HE@pIJOUn=CE
zh3?bq8%WBHZ{8k4o^3c`fd1v!^ocLH(B0bgAv6Xp?~UiuoHzW^tt7s2wEf<{Fr+(#
zV^IG{<v|HDaK1K(Z>L;xyI*FB)4Mv4nVm$zQwO<ahcp9niu&yB#=sgMNc#1>l5pC4
zjOX9=|5m3H7{>JAi|pAD+aGs>yyTP6$3D5X=X{Yh*FyZfD>xBBYPlZn)0D8kx-2Jc
z)AGW1&lg>oaf4%bK05L)Ht;SeWex?hdv3a^s^i1HE4AzrS(kL54j<Uww%h1R+7A6;
z<JS`B?4B+Gy<C6R5_jd9HgO{`(0!Ud&#h~A(FMAdwPn<RNIlE8kqMu-uaD$iTin&c
z%eH+TscN?Y?rp_zJZ<?E{#Mm~cJY_A%W|8czH!>>8_woD^D_<On@+CohPQn!yhVPc
zp1lU%z?tmTqMuaMR$O$?s9=1BcH<R(XL@aZGV!jIJf!VXMBN>_V*ASH$i%&Af=SMc
z6wS2*`5#4WnWQH3g^g;P@-;t;I^fu8Mt9F%dd$jXD-3U$(8T9~RAc3hXx2O6_gtUZ
zd0s~)LAPxelKj;B5Oduji89db)-97k13j%*^R+nso#0V5$oRRp6J3bwZZzzR1XHX`
z-!Dp!lW#U>wptyode>39d^=*~N!kPoG`Zs4dFHS83<e<2&(B~k;-zuSbXD;f&##a(
zvO2V|_ox20_T}yq#q)Jy_CnzIph1OqJ$^;ti(j7KccWminm84FkiQ8?wh3yx{rH(<
zC`y7i#9`~RywR^nDF3EObh7TiolWwT)a0Esd&TBc4AvR0vx>7gybHX3JPBZvRl39Z
zBTv4@;ekpdaT9Hu*d%gHKA8<fX8M<-@Kei`0uM?c=TFs_q!9N2?@Ib&%i!f&oME%a
zE`v;8(Bx00htQmp*y)bfeUsIn=1tAYkIQ3V;gvSNV&(u()4}eKiRoOw^3DtbEuK^o
zvv!9s#kb^*8k+J9mE$jaqkH`_u2-(BkB@%5|Hs`Cnw;DEiRfp<1Z!jLxx1yv%9wBG
ztDz#s4ZA&na!QsPts8C3ghYpQ>!%P)STkg0QFlcegtc}|Wh<9;j{)QBZkr~MCWxJ(
zhRT4*rb!)ZpK{-BEG+!HjZ6Ze%~SBZ{0!_prh@3Gr=@8X;4LZ<U=HdgR1RUZ%H=bV
z&WSH~5;p9JY6@CR3d7!&)9>v5QTSXK#nqv?XQWKFXVXu;hglf@&dOA^b4dA}X~_De
z*XbBioK)U)+wHIbJac>ePkwmIcto{tkP4u9@z->DJ&*9_)~nnH!A2|%c*i9Uem4(`
zke|=^HexKKoJ6sQq9fJ5zwvOItG6i}SRzxcD8Il-!%1&}1JD_IT*zOgg@|ixw7Nii
z%a|D2@iL?Ddh9mw!*7-mWLR*OdWyM1xViUfH~GI|F+U*Gec1wC1jm=)KkN8=+`iKK
zF82(h(elw;*fsY#&hI?_Mwsl*^W1B0gW;P*nqCiXvy9gsuZ9jle4-EGdsV)KMuPsj
z-2z>Z%CD4<-91?B)9{(?=jdxy12Mh(s+3inPcPjGp1;B0qDHP?9phE<x7w7me~2G^
z+yA&j1r~PlOpEQ?GP#;quH?E_#q=}-UgZ5Fv}yt)2Ffq<NK6nSav?sd;alxB1)lix
zBZbkn=KuyGU%j8SaEl|33VnL#G`;y~9{|kU&AEHPyC4i3yTI?^YcKgG9*6M+(~~Cg
z?#>}&llc353dz$(kmS>h8lyBA$BWL*^EN9#;u=jO<d02vhn{cOW5KWMx#5Nscu|R#
z3t!vndHT-L2PnGAX2k4yI&}r5-{%SV>jwC9E{}$tCW^=<S&a0mXWQ^wf3DDr&W9~>
z%ih49M1dutV(s(iZGgZr*`;GAVBq-W5(J1-XjA!Pjz=srlA9KMJb8&)U<zSqy-Z~G
z;}de46yo$FQeRXW3BANNXAea!MSnfQROGn*{N2g?9I(lig8X}UqNRcWhw`6ZomeW@
zFu}j-?;=f3=4m@U6J%=aHTa!$fG_f4c=y@BoCqd47umZ3#$yH|r%cX)^UgJ6;<~2g
z92_pV44RV<IFaEo@w&~QTmkcf*g!2xv8$UYWh{=}qXrVL7dkbyWE*5q{;z_XWAg4T
z%-P(=BNctUL?_&S-t<Y@k!{)pFtsd#V+ZyYuQc)}hEhxy*ga;z=6VtJvD@^w(q*#I
zo>@wnLHF3?wNoZl;Zq%G(bm9Z(q*3+F#lV4W>wSJB!%lkfXML_@!f3TW6fXYGTbi9
z<0olRjq^=PhO_8~Ap^OmAx4uePqWG-w{x2YCU1Ny>4zPBCdu?d?gLTdOxd&dQ;^7I
zX2qJ9+iCDKZ<_^a4|L$!y}StW{)2h)5rEvMRmjt&i{^Y}=r-_C{ig5TfLtA`ff!l@
z`AhORLi6=GL<TEV*<}CHoIIrkrJCidgox}Z8ET*ea$u^^lC7T`a@zo;>B$t0Qg9w9
zUrX(znk`Vl#Us)(f781A=17d2$4(&mF52#U|Nk!l<*!+IP@|+kR@q=C0zSX~llLM^
zCx4bm=d@Pfd|*WOg8$|dw4v^z>RR`Y?0p$jzjvcnjSb>RaW$!+68k>xuVQkSP<UNK
zW$v>K=3!{)>?h+~4ilwX-8bZl{{w4CMlFN&PoYY7lir||n68|#+c_8W;ptgqt;dFt
z>whNc^tlv9jC;~IWf?0SpmjHF!HlFp=(zDa+L=a`?V_7x+}3o|WteZJT!uG&t)Br`
zde{7nH^8i$d<stVK%!WS?hKNDFZJw<0dEh|=;G4B35CmK*>8nS=hj}J3Src#s9Ehx
z9&#REg3V+kXw8DmFF6ac%M-ogA@T0*?Q>bh{)$qO_c&8WeWB9s)s08^3sQ;<AW<WJ
zQAV%*HLww7EJ}d?yrwc@!V+p)M)_y)9tBKu<cUR6?)6Bu9Dr}(97L&2YNE#T(pAW<
z&S;~TlY@h!Z*{qoc-bmQh;%5wN%K=pXSxg;QJw9~t^1iyazP>?DB$b<t?j_mFCc`L
zTg+dSDh=S0R#Hy7YHJ6bS)mil9kSRvtTyGJnm`ljqk2M+{T4!Q36_&w)*-|dMiVxk
z{Yr4mStnjR<Ajr8gy13<JpH0rnmJEeNYOD&C)U~Vn6I_dulYO7x0kP#Kxx+|#$@Uq
zXkVHnCM(89UrS_Z*N;oU%3Ou-Lzu^4R{RnRau3#rqC2lT^!6qM*FZel34%k%B+aj7
zLU^e#hgfI8&t&9i{uA(BGOcpr{h4^5NeJ0bV*wq=u(I~GnU@k=ZwhdgMO_)BP0+ZC
zUGa2oeX*rAavCCoKdD0uRur8!7HnaPzpi&iXENs=EC?(wNlA1FQ*>%%(!$e6=Jnev
z`dj~Y&8+crba-Z=bRAlVLvYXRB_hMzGsa7Xew2NaXX<73KpOw4KX(GiTBtTZp;xky
z!sPsw0g0s&xK{hmJ?61>p3q#7HIGmw4OxV2PmjKZYiwdRi`-?y&GLK|G2QMm!v1X|
zFGjZqa$}~=zrgfV8FMs%T^(mHi$eTL6_=B6jc@+9>UOJA@hc8DVwwM`Al90=OI>A?
zDhUycKphgB5G2kk=*UV3=rZFZqnaaclubYT^kRp&ZR5-I2++M}QvpODK{%qA$g%K(
ztA$-I<xHFD#p}1#&-oNrWA$JKCA(*TM0R^h=ACa6iH|OV?)uzfngsQC6L<{W5)yYF
zPWSQo5$&?}CD?%$LOdhgKB{$h_--f+`tZ1tfLZ%&yqgEtxOa~>+M#Kg12*lt0VdG?
zZ#7joNlrJYw9U0Mn$DrK#-Z#!wVjekBcJTMY-?<ig1?V#@Te6LN>ucHk64Sg`_K^u
zzUf%ALqkiU-H+kR#FKR_xX9t*K*RTE_C!@5Ux3gIrs;sCl4Vx@T34*&5umG7=IyY|
zaG*62d{67hl{Iiyhyb?cH2<nn&p}4HCcW{kykj!Me&ps|enWe<r9{a%+^F^C*OOAv
zq*7g<cS#S%#3sn_!zl@2NMk9yjsN)4b0GM~+N$?Y!CJbd*>DX%5=}t7HU^|R_Hc8p
z#MZSnBGcd|8Pn*9CItTWe|0kZ<zYVfa5{r_K^{-+a@kB7DLr6;DI6NUxO36y@3lh<
z`eyR@&-V6C<Vt9IYh*Kvf`Wt`HZNSS9TJoU7dGPM7~5C9#@@OpWmNAakujLQ&ITyO
zmnRTG^FtQ-7*^NKGk&~7J0#Eq4i3X;Lf@VXn<EJWF<OY6=fS<RR?Z^g#(e(A0Wh<!
z+;%q;W$kStz8`E^9J4&Ves7O}Z9y8NNo{7l9m4k}8L|Oclf!;)>E}jsAhu%o*A|a+
zB69I5ht;D^?zDqbV+2tR{8~aI_o#jLLtr!jKsmQxZ>?M?RY5ajD75-`Z}q{&GgzMw
zk5C6BVs9t9^E}SxEb={e(Z1eMu*H$NK3^o^Og8ie>SXW|9U^pLt5Z*7X90L<THnSH
za<meBKW#)&M>f8FnSM^8Utjgd)S<#GUFG>;0ZOfrf_&qZ>3y1&1hZJswE8&TF_2{H
z80z!gr-Z<HwUPeExV}M-qdmiX&(d+fc9y``uHVd3(e`J?o-jp8c2}jeaCibX2eZ=0
zf1evH{GO~=-ma<h&XyTB3*d&6xRn}KE@Q2TwqLc&VinFf3@&hV0l|X_zI8Mv{_-^o
z`$aYFBWIFHD0s3?+47Ahy^DIgWZllV7M=5r8m{v#1Vm5LEdwv%2{-x!_>neP5kU5E
zDMj9uGJOCL>lqUWgJT~{e%$0dxKllo<t@o5dIRRzj|2D9RM+D?J_sv=UxNK_1Gc2m
zO7~3P-`SFU`0-p-O&0GmPA3I5H%(GQRo!ZoLb#7RS0D`CKF{1`_9H0=(Ed&>1h;5s
zD~*$L%#@g$P<M;6$)M*$i#8Alg_EgbqL?cE+O~w->4fDAC}M%u?0yea>Dhiph{>cG
zU0cnao=HjftvmUD{A5gvicP_<&gxm6GcivS72UeD{29QmnifjtNpv&y1{Xp@U;Xv#
zFUJ_#dBvOF!z8nObTq2n$~-|sSE~I7qboT=@qJV?b<*3^X4ueiumx9Uj<DRP3B&7c
zu)N;0Rw-+!P$id15<QS&#_f+;xbGXRzT*G-lk8cv<u#mJGPe&E`y0;T;I(}Ou{pe4
z!Px?0_JZV+CRIDx8k2>6yp>tEXH0Gl7+j~EWE>bO^LDK&Abm?WUvmaFcp^N;nQOIi
znR=CtHNHGgb_gcxBzFf_DhT*N^eo#S-awvU_SxBYYYKjQs2^zqdA+`?_SXBBy-k=K
z)<;6abfV6go;)4bOg5`+y1A#)yW-xO@YHIt&D^N`9py^_L^(9paG0RP?M#^{(Mt}e
z<HF%*ds5Y=W0Yt)n<F;8L4>%Sd>IAzqJ!wxTWji$uN%e`qP0UNs#<QRhI88$E#pYr
zq8fwk)RP6_Q%(Y)P}hCSfQ?+Pha7WBsLo|XAp<T4LVng99cv4%+_Z|Vw_3xkciv_I
z9V_@{Bl?yP9WYHfmP7dxRd&coVJsK<JQ!=IfP2Wg4mIui!ny+z7xdh^5vaeNStoCu
z5B!RrJpyZj=&;6x{`tOp!FTi3$$sVboEph$q#-eHIrF*)Pshvtv6jRoI@mH$z0xkV
zrlogT*w{)lR3t%Gh{E7;x4FSE`!T0_{!CqbSc&myOCq$pF%iSmmbk>6M<b*d9CrDq
z(ObWN2&m_+uClIxeLVDH(T`_A?hE-j2fJxKZ8L8yvF?C3iy|nYXSK!rKQ2_->8cyY
z55VNDM{MRZaV+8zHFl1aXxiqUpUZlefmP^P!(?u`Ieiva(YNO9QJu0|rOgv8qJHND
z^z7uyNkq-)ps|Zp-#Z-OtK7;}O1ghiAkPBbawU)hmT1Y?_6wK<;_2WZXKrem=1pv^
z`p8+>U0yrB^3L$fSzbE;ghDhhX<YaXO-5s1D=e2rbo_z&b<y8Z>6Gy(yHloL;UyT!
zYCE~k-xxeIWe5-c6|4R*u8kSdasD|lNh4THN(LDs#>-h>XNX15??0NQn-}&m)B8kX
zY>awr*J%^8lDY89BMuGtRRffmL^d&sZoROijP2N-3z&O>t6_mwFEQmupcByZ)Ln5k
zEr8VgYgOyGOJwmH=?iYVK!B-n7u|Em&5C=BzB+*;yapTOX?3Pwlt{jXKg|h*DhRiR
zF5ZA;pmkJK)<lpPhcmtqOJuyS%22ysqK#!RL+2H8p#~UCyj?PEDN#cYM9=3kq33s2
zv}YA7#o0F4ERe9p+G@)iuuA9;2z{`nBGS*YgQ?x6P(<xl<Wd(`*tlY5V_EkyoN|U~
z4;{p7WOn?#UV4T58Y=K_OElgqA1pv3ucBAJg$4eKhL6nD%I#q8vo#j)7U-mHQCa`&
zYTm(2wpT-!zHNmp_+mb8KQ7<g0=msKArE~q8?HPBES)>}J<xAYgg*95;BmU`6`#pJ
z*d_AfTj_W{mJ@j~QMLmrL)81o7T*aG#9!py=oAgvggwr!f^Tq#Fmgq`-4Gz~ZKGR%
zZ<n3FoeX}r?R~v9uEvvvDz}xtQ)XZO@Li5iFMMEQLuUV$^$|V+xR~8lk6ozo<OrW>
zS0%s0?C|5%HDs%^s2i1$iNMU)h?C%E;R0vt5?_Z;^<y)ndq^v`Wd(ob07mA|zWZ{a
zj;34h2rMuZr6jw2!j@oZlHk6)Sj656<=VWhd@UuJ`v4&jzpM`}SzDT}V;fVI<(Mn9
zUR)2}-NR&uxgP8E1}Tw=xuus2&yT_5p>OLsNgKFL^DS{oz~hU?^WGPhPjSd}p<Lrn
zxw-rco~c>*y|uGi>e+Q2HF(snmP9SR^@7{(piYqCK)k6)6=Pk1eZSx|bA>VYMh5qW
z*ON`!jaee<#yq&n^J<=v%<nkG`N{{-x@gn@<ido{HV<cNI({qqHq<4iQ{;A<RstY0
zwJT?6_I|uOrxEuX;!@_~jEV&SKC@8{;f%0Ai`ib`k|d%n;H9v--KvKrYy?b@d2KFo
zPmZ%qskcn=ciX&gQKiIgB<vz`##c!Tc(?HyqFudoqy2AMmR#v<+N>1JD39ourtkkG
zKz9G0a?8V+cE;yG)rSOwSLVOF-xN3PYaKqAnyc}Z3(GL&_}+cj2Q%r6DVUy`+p1$}
zoNrGOPoh6~@n{lp{zkb<I}(k04Ww<9cDll20DP0UbLyG110~QEx3fQwR27+is`Q|@
zjiHXn<hqNHtORSgZz5{{RdJq+2Bmd(?^S+_5u}Qjv2pIYsY5PD-eNPlCVEx-P&GV#
zYyxkorsBs-m&G!xl|mOQgH5mWA7;XJS|*Dq-`&K?1ynGb!v)Prv{ks;ZrpiCxkqdy
zFlldivg13TyRkDc+?Xm8#Unv$#BcNFKGe&m1%EElei=-CTU6(Vuv#hci3j&SAMg~@
zuESH%!Y7L>hjz6yo3HiG<?0mpDw4A*XwL${PL7gO7l+=#7L&4)$QehCB4P_gV<>{?
zdbcQYZ7Hr*&3Ij|imve`$SEx3(v4sxQ*91wfKT2wy<-!k{NX!Ww8d76jZD%YrWEjn
z=-;*t_J3W(NlHxce>6CwxbGl2u+Ied0-}Vmpfn__WOJQVxOWgWL=F+K9O)yZRwLZj
z5Gn|vaqwk_L6`f_U(pFSRW9DU<sbWu<q2NfjXnb2^4TZVV+&8ej|2~l8dt|LFAMDV
zgkfDGlX?EtH!@FC%d@N#e}LmHcB-a*kYno;$H#K-f&7y+oLE|YX`hW9B4etzav_JY
z``7YwPXEV)O=dVn@K1=taE=Dv?FrT}x~r4vkK9cY&RTsofK2U8HUM?)F0I{_JB<<2
zx~i-a_P-E@+8znP|2^+7I!FN$c-tgTe|@$<Jp_PS9u1zmb6n!AAo(>>EGuwz4~G|s
z<`34+{<P<t<$Qxw84P>eL6>x(8irKV2j*qb)DWiH;V0|PUx9QUzw^8n-ykH8TqLgp
z--^XUkAN!a!v{?{(Xb4~9^xSZO_=r@l9~G0p!zp}N?F9GqcZf8ck)K&`Y(QtU>_SV
zR}!7qBh3WgpDZR)wGs?p=UwD$MXk{$xq-`KXTp{F#=BN?$5|_Bad67?2=%~qSv?6D
zNvVS4lqslSk}mJ@za*6d*&6SStb=50kB<v`NtG*(Q4{czha$=Eq;?jLIzzF~Xn2Xw
zCITUcZet6m$YhcIe5s!PTIo>DTO0N|2bW{$vmk~bG<O0pD{fV9_pJ$4?fk1rB1bJ3
zTLw+#eAI2K3aK3tY9r@AWNu5AJ$G1oZmp3u*`Up6;#@QyyTgIAcYQl6T&Cz|2T_bz
z5FQeGbx0Vr3o^TgJg1=_qMfn-CPp>m@@FvIH>;M*dMTloSj}nzD4KP&Uju*2Yo=}t
zr884?qGoQSN6_*(#SInRkVkxb&iD)=rN-S*DEQ^Hm%9ga>uQW%wbTT#;HBZ$o`MJM
zCvL4bfAKsG>JD-h31EXcgT<@q8vlB54SD=$GALK&r-!ei6ubS@ug`1K+ua-P=mKAE
zow<&LyKz4OuK~j*;M(gaPzd+&z_NMq>Hccnz&_mRR6mcGn;x!Sr0P*Tsbb5ut%4XU
zZR=fAZGiv-E-fOLBq#5%2F6a(h%g**lod*syjjfrC}(_Z6WY1N<@UPX*?kIbmnIhL
z+N0bjv_Ly|;lY!;_sqT{QBT%6Me`BteAYgmU(x?-y-u>5n~Ln5T7S@iqU_vk53j@V
z9S2ad+Xc36U`9>$Dm1jObgsn)_B_<0YUu2%gGX2hNxh$04QuP7p&B}~jyLW%Hmh$_
z7rSuW=KziANrT&>;cNtYu?VoHQ>ZNQ<!`t%tLMQF$YW}whc;7mM${D)e!2Y(yu#V<
zDhz%Hzx~|8)EQ}W%&d=NiRx3NTi$#UFn4jF1`6%Usu8vR!opRjZq0e~mBTZQOYr-U
zBJWUz139hm#6h~3*%159me8X6hjK0i4<+dXxg1Jx*?{{P{T)@lr=dj;tW#NHj5AaY
z*_CebdfX0B>|S@H@lXc_pqwbk4E^4a1Ztp^jdU6;Dn)hq?Ij&n9H_aJ5uE6xV#?|^
zTVdlBSxmCw_itQSt@ySmBkPs#l%#+BIeCFKG-xhaJMcsQMsy}`JSl8(s;JlZm%MdD
z60Kd+EK&Ccj*cyZ%60xhF1_o%Ufq^ZZN!~w-EOBFki<<~zI^oNP2C~809e9U3Lg?3
zM`)z83&<Z42v#rS*hy0n^H~NH6n?U}$Bc%f4!xi5FBGPt7(uJ6w+RW&7T6~x9&ZSV
zf^opx(3H)D0l>{M``CL6xSN}G>tz-~1LBHY+1_P}y21Z2`+`T+kI5`&P7JsKuWP5Q
zwcrsuEu!ob`&~vt<;483N}LWd+($NLMZ;9!h?e7v)A67;<P0kz&}5{f(=FvVV`#`h
zCS7~IMj)U$iUhuYlaHm>U7t^eQTa`mkseehcz#OL(rsr_zfgdYaQXK@@&w@gPl6Ua
z(7H`6oS)Oe@|^}e(pm@j9KAKC<i1Cp8t$7Ai!@Gg%)e0mcVraVB6P#b<%DyEhwcFW
z$b(*Y4tv{JliLnIdj(E|7)LLj>bm0N@`U7F0B*@5goWDnqX%YXS8uMv%@>swcv#y8
z-4<Y8O|puNd4eQPBQPsn9{6e?#5?J>=NfBD*#deP>BIg#>M~pE2Qk@)sHl`zHixz-
z+;NS5cko7F_xyDk*Q@2ilMlgpL0}o`yebISzm32N1HLzbxK&BWJ2t<3)|k=2J^M3~
z9dC~}@pB<Wmo~%tk5rf-IeWQvN~tYnBly3Ea0x=#&bMn-hisKIp)b1l#%zNE+`p~;
zby~_B0^kg+X!V!^!t8&f?F#rbSv>o({}ti0aR)u3zazf5%j4O^I<&fbG<he54fz#S
z#oDp<_>t(CP5m2?{=fil$<+^5UkL|wwA`Hexjb3O_RsDQphxliFN%UV_nr0ZX*QqT
zYhK?*`Mtu?ekSpoCZop)YT`h;fJ^vLPAnBL&uirG$e&}gG&87(T=lrGa`?hsp^K*(
zh;vn%lXydc-4D;4t-nJh?pO2C-&hq6d(oTnx@L%<RpC^h66*W9sPWT_s%J}wmXT+(
z!X@Kv52cnitffnqq2;30{(4pxr28gy4~50UP;2oP9I4j#Q=s=GsO9<WX*(1!hzgyY
z4CfpMwZ(rg>~Xsq`Uh0LjOA8hGJ}&2<3f%1dz+TtB(P8gtFu}vsx3KbTE3i`cwe8w
zm&*7k^Tx1HAs@q(Xe0eIn9|pMO=p%>bI%YKdSzC($MZnjI9D$mi?q4JFmr_L=Tq^I
z2*Z!tW{ToSx<aqATLxf)=Tyrv>zOMQ!||-fCUdhd9l&M0lTd;E!8Uu#SnB|>Fs1TL
zwYcMuEsJD%HjXZBo~2yMuh5*5;9Rf`$6SphuvROaen2A(0@vop_Z0;O={sj-X=F={
z3{b(3=kbZGXY|TUkdc7)54vkMj}l5=uQ7-*b$Iqpd*nXrfg|uIOs^LjfG@-p`9DBJ
zkCEK0mwd(+;A=32n=C7iN<Z$DquCdpdfDBl`wV(CdvXo0P}^{J@ZzE(IKj^1{{O}h
zv5gKZNL6%%1Wlw0@p+g1?kfg;eRSv;0a;2R_Oe8g$f1C_-rbdwQp?8}f}HF2GWT8T
z0gt_FGc<b@e>}+46IrQCi{{XruMo*YY^0p_xn!Hj+d|$PzRK^kWQCOHo(_d9^V>u=
zT^d>1y$|7foHw469@Mft0+*4VV<k?C2}dU@y#$O5zsT7IOY!6fW!u>UC+eApHm*=6
z6Y5%8Eqtu*=SEP_9PPQviS4iADqUQnZ<=a<{nfFCZWhcg`=8>3g74tY>p;}?q)Z3T
zn^{^IhTh2_HQi+nQH{rVTkAJ?^-K^`fRv#8ps^I0WHa{7&BMR;$~jQER!HGl(BP%*
zkzX=q#vTkzb|4aUnCsIt$Al$O?Ub;ne9hhXi+1^O1GSp#YUkn0HzTZ=anG*@DQ|o8
zZ(|C|F#e_IkybY&ROo{usq>ad-`Dkmo&#8m@#XxiVl<7;bY`+n|C37JM8xqpO&7>K
zBj*y)z6HJ!vUVCppfO5B4)~Kq(m?wB*tNq8Y5~HiYxoEid9v3*jvxN)YJ{piZn3w1
z)HR#?-ikp(>!Wbc#L1dcl*5>YL|&|wA`4XJTAu6vZJ&`%SHcZSZCb1{6tnT#e>pRw
zFMX@maPwHrU(;eo_QYH-&1kjk2vo4<eSgWY)JIy)BW1z?4d}`V9|-<l(l!6q!HlL-
z=0$$)W}*Lx247CB3R}b|jwJoeQhahsIv_Nu?5#*axA)q0I3w#6Spv)SKMAbJlk<e%
zQYA7!$##RTAYb#&m{!QpdMo5Ej9p&`tMM@nT6fWE(l_`&MI@llb}0B#`<o^5h<<KH
zuv6!e|HDDl(1C+v<f2#-x=xc!k4<vXoI>r$iptE^>NKlWt_}Z=3GKh}jj88kp;l-1
zJstNi8SaTl+0!mslo(?}A-fb?vdxjM0m_qmtK<^bdFqmtBDPt&7rL%^ThOfGpCigf
z7Ga`r9b`zSIpx7d{OkYK-|AL-gpH84+d(n-nQ8z$s4zqrgv17C*ZdP_DNR4)94<>?
z?^*AN7hK4cd4XeY7s>bwsCzLtkRYTy_pqfM^JmlJ+S!zvZpae3WyU{8Q`cp&h2eeU
z-Z8-(<@m@T+JdsXLA=5QOrPss+l2Mly}irIk4YrStHh<Kv7j`y?K$1E)yyQ*8I#NT
z6X|)5f%v)3C=^S`t+n~|Kh<=+lPIG*5h@$WchC%PI6}B|DdW3yX~nw3+41u0bd5Lj
zn&}!1zh*F)#Zr$j&Odc}sZgbkG-WXBwFx$3a+;3C_{v7ktUX6l>HKUdV~W`HEzk)!
z0!X;p)Y1AdFZDU)-?|W{ZMzyb+p}eGI%=7ltXC89Do78T*?V3=>$WEwY@YL6Tg6ra
zNpF_TB=)8l$;_44;fFdY&z%IC1U3ZRKsd^nW(b{xhvX#P!UtXywJ1&o-vfX;5a4P(
z)h3K20<Ttc4_Ee70a|gLHX7f<F!9>yKP5gT+kZCXjtp8fNwr1qo5@t>(f>~Q5$THG
zcccqAVhV)6e>q|~{dEs&QtB91y}0vMf(rWd8kFJGicX<v=oTV1DX~0Zj|UqohMpf1
z-FlOUniaXVlP;TB&Q^RNY_naF@VT?+P2qhkX*2>()LHASqnNFX(nHB6G&+WX5+|04
zwHr)7ZhMwg$G-J!CkGzwrTeSInBci?_Z`<QhSPE6fMf1lpyHwNqVkVkgo>e-i34`+
z{egLt24G%U9kO+CT6e`VIM(vy-8b0JnOfLyV~bH#7zSMY1G+5iL&RM8PFOVERzUCb
z>E)I$0^FOvQ{ME(={JA0xuI!uyp{|>ti$0?0w15ROB9gY)$(UM3agG`uM$VNrs7&h
zuOo}Q1q+L7ZsKxy@92%)2gz4ufNl=)>H(wBfwA{(x8S2O@RNeN<>0Z>044#W8<l^e
z3@Jo1pRgw}SKct;rgT;D56dgIaJ!N)N7|5?3B4Tm$SJ7Ew*wjiF1M!BeOYKgx{%G_
zZ^)JeLj2ul@PSW^hg)%3e*`UH+{ex=Nr&gf@RbJub#)ra4ef1N8p2NeqyLT@(ue{A
zE<yv~!-BvhrB;4@=mS_xusm|2#=%xh>?A%J?DIlL;PN+}PAKp_A&7rJVXoxM2|)u^
z;PwLaG{-iR@79?V>bQBH9oV#fl&@=NF(2|jy=+p*YgKp`49wLV&vyq|85iD^RU7v-
z2f|%vX00PsNpDg_52Ty1{uA`S`mLI^uaGO1NfmuAjgj3STX@vb6<zNo@Hn$og>&fQ
z+q4QQvl5#g@`W6I8HIk?GENk!X2Y$wu6`t!0O!aKETKvc69_#wmFz>CJt7^MTKSFs
zNzZY6W`Qy})Kbg+RNxR!7Kn(@k_940H1mzrRjiGi+-Bcid$2!c_b^A<ei0F;Tsm35
zo)lj0M9*og#JK$QaK7iZaL8Oyv8uBu{DZZrt{LWsir@A2dbJb1g)FFQW$UUOj~`Vz
z7^rSGm-lb%;HPUGzck{};3ncK!(`nB(f8c3uGbjl@#UpEEl8`VMs~v4O-6=?_)Zui
zr`YSCk-MsR5)k6ZX>Se=aILROJ|jB)tKYlw=zpg^Q<k}=rI+{{U-WtG>h`clsFEsx
z>q4q~MT83Ad?!R^rGh20hAAY^=8!2&;y+r{jf=EuM94b8H%#Joi19>L;5djK72c!2
z@#d^u^8T?S|LWLW-VH#{d5B9?Uqrqys<W<OXGJ1dt8wSGG+c(g@fN|Civ-BsN{G}S
zJ$mT2lDSrJGwe+3&Y9THuHLX{wuKMZmiNlK*Q!cRyVo%kHD$q}R)ZQ8owt{ILv$!B
z<ZQHPCo-Qr?v@<{w_LnRLMa}|aZ!;1S{|N6ehfv+c?sxjaQ=o1K2=>HQGt)8Uv+eZ
zJ1E-`UXjzg5c(QX$KMNVLLP(2WTI~On%FfD%R8N9d_`xfs?25uYZl&AVCL11_MHw7
zMsj~ocDmr1mOqJ*D#0sdb@7RN98y*-++Nf<i+}@qMW}PX%+=d|<zQWt9ZAv_`p_Tj
zzL>gCVMJb;j9_StKK_XbOV6<v4mTt$wl=E>pE}=(2eaX<3TEe}_gO(!DrbQzcHe*N
zD>wT^gIqCQ%0woGKGHp(-n;O3%_KZi+89tk$?80>l%@y$zc}_lV7KZ4K38bc;=XZw
zlh+dL0dG3{k4s6U%TYTtxhfd+Lagv&UNcuTaG>r>%~gDNa@Q(YT2GZIb_xv$!S(w;
zj)pb+znbOrIp@}2J`FVc{kyzB=DOAWRRXH*&cQN|<X?2NhAzz$_8R=#$<Cv8%0sy@
zNDq41ZnLEq9hCgBuj2>HqT6N*HXO6U7l53VIHkx9LC(@KQ+dNVtN=1}%g0Xw4aPKZ
zHi!DTkg(;`bIpK7Ot*h5Pfc#rQz4l)YX1f7ZNH=Tm&w39Zao%#(e2WXt)$4j#LtT!
ze2lx3^R9|Mi7)A<v?kgFZ{(4KAR4T~$<sV<gnaIu_l$40nh$-dzxR#)Igtb?NEg6@
z?^j90lu0}0&(6zkyN+BxJYGB+PumjpNfcxAv+^eR)#D&E;L<17+go(uGTG$3ZB^HL
zQ@N?Nn2;!zDrv&?&o_w`oIP1)QAB@22~2)+T%|3(f~9e_)$|?)g*vYz_qr7VJKYt1
z1gn_J@rfc<=UQcl3NykzR-Z3*^q!9}v)16-Z`I_|gra)GaDVRiNLsZ-_n<fHl|F=l
zy|kZ;spJPN4e>N|*<Pbd>HWJw>5FY$^~JCi_B48JkF@p|O=Zwbk%XL_vvxh7SjnkY
zd+M#*;91ZKo`$_L678bZw^PfpFNanYI5z(JuK6F_M=E@aPoN+t_#EzS87S=pbs1;b
zXADR=j5ALyNy6THRck-Dd|WR2)?cvje2()u=+ns$u`npr@<!!%dRM`4?dUG`N}Ofm
zK-iLGHQcNYU8FM;`{eVEr5*dT{~89r|D=|zR!`AS%m5iZ9HW5#6_QpA+oF)5$QJ+)
zE4{XKF@nqWHcbumx?V4E(Nl6m>nDAyl`F_^I1HE<S=BmMoUxlwrdw(tv9$l>VVBSV
z19;vG3*2z~yI)BaUv!o6xyX_WnaHdCcbENHBX@M)F7{r+F*lV<wxkhKoXITrlkXd6
z(Melhq+-vmd)*Sv09##q_Rv2t^4e6lUQB3dS1-h|uDztWuDz+5(}I_+EqfMpvxB{2
zq3!#s&et__zFIT-B3Rp96Y3}I6&-~(%O*=75B<qQcsGBNj0v%XAd8BpX>QcD3wG&;
zN3&I!vn-1q#>8=8D0DsZJQvAR_S)OTX&!PBf<u($aioj2V3$ed{>*~vH<P8xyGg5U
zGS;1>Ygy)hoM1AMjkm2ujn0<@7~`gOVqy3D>rIwWJlS$a{{ImSSN!9q^Jt+vGhzHj
z$UH{y<_y9C!jRAWCh=H?!V=SE(us-IWWQB`4u>^rsAJdux4l3!_pV=|r=2-mg*QTl
zI*4H77^I%BIl!z&{wJiaL9d_A{CD~oL8pPpJ$?x5%O70@Ki8#O5?As2uThF_{+81S
z^V6iHRq&qkqk>2OzYH7tL|%p&xoZ^RJ}{Z}{I;$Xj|X2fVj;c=ufqevWGL;ty`6O<
zFG&SWxfgWdzH^5Sgvc3|`GI!jXoZo~BtoQL&O7s>gM{KR*#PtBK`3YL;Mkxlb`mr0
z>GtuwzGUqqdb=YCS*BGran|K|wBCmpC3i99IsGeu_3<OIY{LYM@Xq^-EM}BW^UAdu
zS=2d7Tb$>9rfpS+4}CTFPV%mqU9sXr47f+l)Q*fOo8P(SR{;G3EIk?^!!T9*;CmHI
z5FPwYCUSEjnuCK;j&pyH=^vIRivW&`-rs%uk0rju0|X8!SMnDUp6%pO<c9{=TCnJu
z2;t_bGIBR?OM7)9lCa_KzUAC#*!;pvNXST)Yt3E(FqXH-=$dj~3!P|iyy)_sMsXd#
zHp6DtQ+jSw?3G$>rzO#d`?Mn>j*MSPSa$gY2ROFjWiR$$r|&$X@fcRP7yLF?Ci*^f
zmA3FCdkr~&g)=H?@%aoM&`(jK-JUc<K3Xf^e1$5bCWDY4LtRajrUqN>ksHU{91bh-
zaDjpeW&eGH-Syc=Qzhur_7|NAD<c#VOOEK!HR~rT@kdrA2eA&3`OOR%mQE7u+10yt
zk0a)G;QPIo_4NgeF<`cl?+TOgw?#>ae=zARFs|CS;$i+Mv7?kR6w4&8a*+~ZtW~2w
z8Mu0cwkM)oF7W<ba3FncS6=Ud8NKWFyEXqRYT1A-0!oH4<fmqj|5B)S|A86vazxQ;
zhm{X`dlxoal*X$JJJ^j(Ebg@?{?rwx%((7aff!nrxQV||8*>v}s>>UzVm*gzRDTNh
z66NLgI!o@*%Vb=JXlZldphpqlecN`_NH{6Z>GFaKPHIlx*JZmx@3vm}{y?2kNj&}6
z$PS?D<hqD{N+*gqYf$Xn*?73bi)6(z@FzS<NdDO&Qm{EcuvjxB8t=(7At4w0Fn5gk
zdGqCdSi48c&C$FJEL$fbt6%f}YMl3~mhs=)5(##mF&A$vBZ=km1@5xTZn+*=iaw_9
z&1Y1m{QMP-caSdI+^rG?5O~Wp5;&1b29O;uvw#dx%;j|5gTeM+zW4OM!}sgdWO0{T
ztm=I;r^YRaV?i`S(2f02Gdi)z5S+jvn}yMWXr1I-wPW7>>$3!ocBy$Pg1GB=*(qg(
z>zduK`?wJ=Yo0Fm0#Lz*T%3wHYPQ<Df4_h7{#&R;=-a}LHvV0MiJ2czCHD6KBx)Uj
zOYMIiwTwSJQSVuC3sfqQ-F4VRl)cF4*i*ReN4%{d1n1rpNqt1>5`qokpF7Yb+^!gp
zu(G!LEA&s8Ib4_+OnJryQu4$+=zhpDS&$y?mzp2D(R(5%al)kP0)O-Jjt87?#d9@=
zKnpP%OqeU%BFpyp?LXd2^{_anpXpYT=SBALQq|*Ur#Kp)BV9G0tD@|-Cfz5vUnH_K
z_Z)MExpuQrp54#<*b(3;tb9Dg+J1H^Y2OgcvkBCtoy{$6J~K$<7x&@uQBZpa^5^$4
zyh={0`j}g@c`}>snLoX55GOLiXuEAbqv6i%Rn~R`BneNw)YJ!bzT1^+*#XxeW**QM
zI&Sw-6896!;|;qQI;eKd(~yf-#{nKesiS8G9sbR)HRXK%5+4*)7h_M4uDpT=<z}3b
z=6(v>WM_cpssZJhu6-ZMqZW?L*nG6q>z;%GS8I~+Y2)y1%9$(j%bja8f;OTgGIe%*
zDQX`oXF}i^!20zOG&FxthEz@E1#6TO;G0?C?L%L>DM&I;naiczlJDy)VvE}`oO11D
z3;FWnI>?xc8Km1Fi8gNQ_xCJU4-}ciGB!Uqx(X>QTFVY=kM`MHa^zF(q^c7669iS<
z0A=iveqLZ{@a(6Ug}8CJDsVVht~SmwA&`&4$eoOlNLL2lmG~Ieq#`mScuU3VDK$5>
zUsN9JPi7gb5dOuZAM5&4=Mb7HxOrbZ>q&qf%W@rr4;3Iu!SfUT1UIwRr5{!&ty6kr
zYwYs`w$LzMlt%ayI{ccl>V)H80%!D!FZ{pvBDcNs<+Kk{c%FRa^i3WJ{a3^(O<Op$
z;O}bpYES6vLGqbd?~V3C!3%e`x$pGLZ2+37^(5=z^2qAnq017Y_QTuZ7DqKn;Nef1
zU8=zY&ptM4_|rX+Yl^K#tDj{{$e(2!AoP^~d$0Yb?>AcgG&^N{Q?>-Ek<Pr36UzOb
z^xTi#a%<5;$pItRdoTA=(GD)jB)aC`tMUiRc}dEv8*`-taMhCdaX>??w>`1?ZJ8ah
zP=JC*RJ^m|@l@7P{$y4P^MX*Q1lGa5%8OSz$L*M9?pV!$7@p3Qa}4I(gh!SV$i|vk
z;{mMhhv+-f_c`W3ihd+UpIao#lc0&CdEPC_H8!l>E3Q2kV$lUwb*Z7igD=c=2J$r!
zLX~kTY`2^)R?c#>cUhG(gD4CH^e-<&Bq|`-4f0`~nksh5-D4*u9r+n+Cq2QyhGY@W
zo9NK8eaT9^o~hvd5n9B;7v7CzWcqv9I4+1`fI}mc`Pe^|FxxbGT(P&2%MVy(Dd!zT
zvhb|`tX!x({s5p#*5zg{XMF%ZHEV;dYuDjEAkDweYwJHEfVKltk3YS9&7<=!RO^wC
z51IMo598<Cv$TSgd;9c{d}raJUX_R?-TKd4sXIq+{ZrJb5ZwYv-Rw+)5weNu*dQ;4
zsLP~+ds}HovGC+~^CIfajyCmH{mkka%N#za=7l!hfc{e-=_YVLd%|yFR=b1%xyQz#
za)W0)lW$doOYe#Mwh_{9p-78y2Quu7=;9!&>#nr3UQkThQOn9-UQNO6M_|8Fxd<!!
zf=P3)3f~~%ZD0QF$O8Z90$q<1yan}MmFzqCS4>^yEk|B6HGfhx{{DWAaeIlBR8lZp
zc3Q1j&$>EYl*plw4rj>IdYuQCbnf?^*jb3dGUqA9oO8v$1JqU#y6Zoq3mRw?q)D3F
zopQyaBpGKD_p;Q{0bLEp=?Y3;<sH$ESBVEqz0S1(KR1+wL~^ZU>P){L_gL)tcx7V1
zX*Mc{Efm3u2+*(JekXUgW<I$cguNS!s=eB<BzZIoTZH3|a%!&<E&0A+HV|{iTmVg9
zju;30WS=em-o#IQN0xbq`n;7}VA;}dY?_F&76JVS3)m-s8=#as!?5Zq#yutX1yfQB
z&xRx?0_CsrdW`u8wPn>AxIiwtKrUjLJtChe2wD6Y9ay6NeX_z<Y2Ya_T!j*s_X7M=
z{erU^*kkbBm8p(dX_9ok{QTzFWDc`uO3aEgo$ektB{5^ONMTGZ+mS*kn|xz4|Lgrh
z7fqY(Xg2H3a<o_Ti4pwEX!Fg(^M?tD?&YKT>XWG<rR)_>d~B_wTl6g6lP4umt4kUW
zrwrvAd8sgF$;A>(qErICMt@wrw2khJeSz08Uk|=Li)UHUy>txgfp*x55*8dn>uv55
zd{;=~NANlgkyJ%{#U<myP?AW29|9$ypj$MY%8>sJ9N+YV!_R304Edf(bvPWcCBGWz
z6<aH&*?`G+!b}5?s)Lv=K%|@AUy2kPy+Ys5%rWGr$x-jd?*(I?Y@M@uhtmCqNb<Y~
zzar#54K>qTQy74Vcgz<x!kiCu`yypeN)OB6tpcv#dAhc6(seK{jfWlFe)qJEyshBX
z7jd=Y*KbTPzL*TJ;MmjE{RSf4CZ4h}AM+D-rg*mDj#R5E#0rheKW^`cJ~TdQ@Y^en
zHO(<oHt19X6@@~94YyOdy^-RIysI75EPk@&b~)cc)RwMrxWAv#@HsIsy+N1II4vw5
z<2uwaZ{cY}E-8<MN))K*)W_C%Vaxbxag%e3<B-nt@ry|&gdq_&4k3#nuw>oGB4d!j
zb=<SLb6A6F<(@j8QB9Xt*<m!BJPyXcH>fHnoK|c`9pvf}Q!Xa0icK%W5tsk4Nq-^a
z;%FQT^)63w1L~K-F$i@73CWKb^}B7yx6>(19{E{MD}9a=>T7<V>%W>Fdc8G+`FHV3
zf;Zk{D$%F({;M`!+!2QFi>?A)-kG>f@X8=bZei%LvX)zM?G;u;_2xoHq4a?AuWF$M
z<5&m0<Ot0-e>-BEQyRXQmEVo!|A;#8aJK&U{~NWcXlvE3Dr!@ErmdE@{XuJ!*tKiV
z2t~C;Y0Xm9Ta6L~wMkNY?-4V#sSztkLh{Y~x_;O7`v*BEuQ)5`+^_q7-jC;EVfEY5
z-WQ$ca0w#XTR>ZFCMn?{vgY!itKC^IQ-0IpPsBGeI}Btb!S}Lw@^xK6sdiB|BuNYs
z-EsXc55$!`wgraMYcv#?9tHyJ-Sz^<-j=P#n;uF4Y~1!FL=T=q?r08zmx^5*wL+D`
z7ScG#qrI<pA0M4PkUBKUp2tsN|L7&%^{A4n$Cjxhr<fv}|N9sdmbZO8^5R#!b>Y_@
zB{$FG3JFsj(Mf=O=IGG<@}sgQ^1v5=OxJW;YBcIb)+AU>6vM>7C*qc5yz4KQTx=P`
zDvA;bQ;S>JGCCxhC4Z@Kh5Vr==FukH<g2AI{Cam|PZkl!^xyL1vH_DFs<FmYbY-;l
zv_~gCcKLN@Z_KiLXQ>_{-Za+;8O@U15F6TfQ$PdQ{r31|k9Lf}JqA1of7DU0B^c)L
zYumK?;*pnPf#^ZF88R@vH?T%Cl|@7Ek>xoD#>lpW@ayos<m)%}9VU3u<pzAi*B1-+
zm9<H~m;S)Xl+%V)cg9Ke^dPCl!B1ac_*8`u&yc8@l}}HPmdcL5`Hsm`7XUpqq$3Nu
zJNP$^Qnn#7O-Ha(nLm0j3N}wgI>^ueflziPN&`B#(54B6*TsdhvkajPx_Y#v;<XMh
zHx^hySaMN3dr_$t@3wUkP<X;0--44onl9AvY>uqBZ8bHZ6FC^uK;?`^2cgZSUi&C1
zaFA};5C(d$LT*NL?XluF<)2WJsRJm&TJ~|2G3B1pfH+~CKZblKtN9bfK#r#d2+x21
zhnbqysstwxn!%=bEgHu>fmkhHU~;@7g_qK<*K*&`=|hG+s@X@!wHFYw^+2)mM)>l4
zd0)CQJu&YL4|_TM`{R#8_qO()k+F63A5*F{b?Dx$UMJr#joCF{h;A6UXVTXhrr4Xs
zyr~lQzEQw}14ta=?o~F|L09r_z<>z1{s{^_^nCak%SNtX=+885blcNB1DYp1>cUn!
zY<aRTaH<KZ!e->iYzBW<v*=q6PXnO-cUHT=X<oePj9)U?&TWaB%*)hWVZSr7V)NLD
z>Aq525Sf%*0f+ui!2j#DX6EmE{WJav)m_GNY11{qze^X)b#cor@9r^jLz@rI_{5QO
zU~y9PVWD>xhF^FE^e|?e$9CQHE^AMy{9k*SKF5oveqxu*pI0iC^VVSYk%|tJ);IIP
zr#n9|uUO!yspMb;O-^5YFjZioo3{ZNnK6~@qe&q-@KF5)PJIM5n@N2nU?ShRcY`d4
zmc+))z@gMjS}j$a{ICVfkeEf$CafnY@PiJRiEbyF-r3fVMk)QZ_ntknl(ou7lM4{{
z7N7zI4n^!sJcqJ0G;tk0>?$z3&XeRsZ<uv(LEnpI+q1eEETr)F(6yL+S&DFoo=1L+
zscnd7@;~0cVuYE2viFpl8($yP-ThTPm3&agY_;vd=#{;krl$^m+2Okqf-}ks`P#MM
zN*$CT`XL0DpVGH1&FI@nwiv$aWe*f?GElyp1SnSUmmsoz6`F?lwnFA<i8@Ew*4XOw
zMOTJPsz1dl{1=Paxr>{@k1>*A^;&#3WfpYio)hSpi}x>O<YPxD2_KRFxKqNW<#lFm
zbvQ&|kDc0n&FW&Sx!bM(VAXn}1}?1G9J~l$@>6vRhI#ugw#EAkHcYX0;;G6Xm$zzn
z#D9JtU@=q^e)d)E*daP`t?=Wr4cyFECsL1N-CPzJrD4l6d~fFZ*%3!<sMPU^s!p{|
zB}J9${NL=)RoL$hF&srT>H4*Hp}X%mUdv&Z|Bzir%kjzPxXu1!_s_uk)T1$X|F}cj
z@xrK(m)E(|eGjR;a7*Q_h8yd*D^j<zU1Kc1I&EA~8sOVCAzZH;?gI8mG1&Vfl4Q-j
z63$u(C;@BDxGz9n$lj@RU?;X*SX~GaCXRg|re>0`zfTLlW6MxO;mrSPm04|CUDHYN
zg-;!NmuOWAv`)s<h6+T?4f*6i<XZy7qNKpgk4MtNQ(gG2Wcswp+xNd}-72r$VNxPr
zkNc-O^<p+tznf&5b6aYVuY;fO={ualygg&|g>~^?(p^$Q?y?pb(SyyI@U;;z`FZ-N
zBMsM4PGYX@8oNiZD%ke;VVR*;Q98abRk`=PAW%vURL$U3K!!+6o<~0&PJ}d%hWijr
z_gbTATnK^$^DoPsHnY5dtguR5F_p#3k;w03p^cYYKpW0k<-&J{oGx}5q@CbV^cCS8
z-Oe5|4W76h=|Dyx9>H-2FHWOR#gEF$QtD294nIBEQ-*ZnM_5^kG@oqM^!oW)*EbQi
zSpTWP8tjBx??3%~stlPU=9S$)m=!L*@{N)I_zkhxHS6bab3Q{Rwc^a}0|DD0=sJSd
zIG5cD1af#K{5$p!?Uu2?CV>YETr9a@wEq68j0eXU%cOc_d7G4-a&0RGs|#`lF5K`w
z8hR>lm`0{kCI-Kq&Gap)z4RLwc{+9YxzrD+cMfsQKyaN73a>40-`Lv^?)4kHLPwm<
z0q;Z?kh6@66oGmnZj_aDAr<99Ow|vTN1cBAm42=kALo8L<s`q`Hp57?^~T?;g4=hk
zH<pa>u9CDvc<UCf!5NqUP#}`OC<@WiTUTRf&>jG{zPj+a)B^Io;t9?xk-MDzqhb==
zE`aYt@)!kQ6)BDeFS!9TdPss*p8}sF8ofr|;uU3FrsSU^&avZl0h7NPUoy^1_rvu<
zDicNtld7e01PLc;xy|@|p^`fOx1*CaU7Vu%5Q*toqlVBJJ6D4>+>qu<4z)pi@;3bm
zDaEvbO!{~&5h#REg?fIN#kf9od(7&S;6k*01ow~z3yJS`oV2|dCQ+02TZ%oIj}bK`
zpNF<Nc7v{-LbpFEE8Bb;j~prfE8H#6Aks|Rhg06ee-8YJ5THQFc)j!~BYbwA?I-X_
zB%j`1Fq?m!{|>qlTyz*R43V}ATP};RqPM<yQT*4|<&<&Z!p;%Om~pjPiV-^ue#tEh
z7~_9c!|pK@yvn`H%#oXTcE75-r1(lIeX-#Lp(2f=KuCz_UM{o#F>p|-DA0?#$Q#tm
z%M=nQ?B=UwfC+}<%5(p@O6APm(xzLcS(B2veyVs}YE8MJv0}<E>XtDy=cJo8SSvJi
z8CqR@7VxJscavFX>)D3Iwfc4vmgC5M+sQ%u%Ea?ZVS4r?nX$w9kHn}pLMLj>`lMr}
zo%3#FqVB+%Bi!Ul#`9`zG%3jP!>|c%gbLzBEYCH*l3}-5&}3Nd9MZFmb_#fvmISPo
zRsCz3e)t?$eXH8_f8f0YX=PYydUYAob>h;6OIx&Sh2Os^V&kfmxUsY=$Dd5~N+J0U
zXG1U0EBaS7#qU&z(x7z_r~oR5frpyok?be=DdfAG-FCC1A=5D<v!$JLfKN_ZEuJs0
zb24<4V9DfK!_foKJo2$Hl-DZZLk+D}L%b;>=N6P1HScZLf|``clKg=9a*?!`^*RE7
z-@HvNXDsNm!-!|m_TkZ4w^C<8Qc8qcQQ2RoqU|?f5g)&o)s2_CXPp2ao$a%jm@uAY
z)X4oEptWe!*=Z5c&}2;$>*y{gJHiYIKO1X2I{N`;J&3F_9lL+VR>dBn6kk?$Gva1a
za>U(Ob~Xl0iLR+BYA&=|ae*0VCHUFci`89!bOOG0rM!$UqHdN^bDKPXBI2>~J*=U&
zNiS{DHuUIB;i*YPZLL%jwSj~ZzA>YK1;z4+#gx+)yhv?<4&i<b?$JTdf|aihoQnPO
z=)J$AR+>g`UxmPZ1Yc`^IoQ|Y{#__~Ne1nQHCZ#;CVAYz7}ic?mz=H1@NN3VN?H40
zUA>@iZ;HoE*(diX_9DJaWcyIn)cL>EjDt_0#NC1CHRtgC+Z%n#A8`v8mQt_b9O(G-
zcD>=b^Y|=9LLE(7e*AvrK6I=iwL9A<VYGFmGy8h20v0td*ni7GBx*j;+f@<{-R4id
zYbzdQ?HKt8sKk1umz`SS^&Wx~ua{|C*dNM@LxA?mTR&f(T8!)sDa9e&7Rwj(;QNEG
z&f(q#R_38Tb@;jmEA>aV_iAc#5Y^@#Ni;RvgQnOfmvy~LNw`<RmVwG;wPu>%3NvZN
zs;>vUhs&+(k81WjI*-ZDcjpy*b7pV*TluB*RXTz_2i)x1Y9ex|Ch(A08IQq7JVn7P
zw;fP{*z$;ySH>6ifi7spY{;B<|H%HIy{$v#TLBww{1b@EY(jPB9}|?=))SI+TGU)b
z!7;m?pZsNA2m=}mHh@dPy#SZ#)py`t8x`T;IqRb_d!eZDM_%foC-zf$pV5N}1GVHf
zHlqV2e6=D{B$N@2MbM1GE732}#MH*h*vcS7!dUp|*RNBF=V1-MDupZUow1YEE6cNu
zZ6m`!jYqzI9lzW8l)hF_M5H@Dq$fTZIvbyL`<V{Cl$0R(-9OErh1Bsp^Y+FRTtJq`
zuA`R5bTzx+rv$~RtC~F`T43z@+TT80zaa8X^q+RVT1;JoMc71(M83>O8WE@NRN1b8
zU^zW4p~`DISduo$46W}Ve0zICJZaPx87c^{l+V}xR?b98!=Qtq^d`o=nbh%LQDc$x
zFIEvSy5gJV<mn0b;)Z?KlVP+v{%;i(ye{Rhia?0s=-k_~Upn7p{ud>z_|4rfRO33M
zAj$9)2wF{28B<<5ez@`x*WFW!li4IWjjjjxnNt-k8IfOx1t|F!K&pe4$q1{EDi0!~
zWM$UrRTtkFTc?YIQ!a^Ws5$<$ee;uOG5cPjfzc`O=m&5x+#$5joT=c~(0~8nXSRO<
z=hE@n14I4%|Hij`I@Q?y)OQg%TqCVK0{NXDrn(*e#)DrCa4W74k}z6)l1-gmeH+6%
zO<~(?*UcR}0`zSqQG1WZ2UF)Ml6(B!45LgzQzG7E;H?-Gqcn^*w7Ll^XBeVT3TQ!b
zZmg6ZG3=oiGtRiytC~l0$)y_dpIu7Jr5kfQ0=4<4T-QS96b9|jZmH8t_QV@e87Mmj
zA|D&&KzJ6)7z~zmh?_4YS*<=WFj6JukmJ=%%l8+5#A9dd93d>#lyx?A*6J?7%ynA*
zfB9TY`?+~tPSX_C`oAn*nWe``ves=$K;2Of8MSBEZdX&)S<qQ)y7(~HDfKV-xct<B
zf0D>(_)>G<<(STzA)IBS@5|NqG?Q;alMkP9)y(5C2jzuIxCaHkN5c+9-+tplIC8?C
zBfj+f(OdC`T-4pI%NTLWFQ?9e&#w}NTqKO}_Q*Q#v!7$!@sd1sz}Nn#nj^oQ<%F!d
zFcUO0UP0c`!ppJ8Opg5pa5ZI@K)qqHid&z+gG?97<@<ELqJ)$7ee`hCW!|@U?d$<t
zCMN??NeDd>pNn6?P}7G1@l%feNM(u8;drc9>6L_(HEvMtyFjZ4_Ato3$QEO!j5R(p
zkq*`#X9DgTH*vSxO9wB0&x^`bUw*nX+dQ40=sR8F8=*e09a?64YdM6oRRLfeUyX3o
z-KVe#^kuX;1SSkO3RdQn+_Oz(=(e0SK5wWE5rUh))Y1jcb!TI`vklNBmK;A|y-<ko
zSkh|)@l&S>cJ?d{j~Bh`T$|TIDqnbT_Uh|IHtSxcdseRNfFSMh<^Dx=9#U*Dk8B8$
zMe<;Q?<1sFclL<bKM!zLJPWMZyq@EzhtB|<)z5?~h}KDa^~V_LWRr1ayodzNtS8b6
zatpd`vtE#~rM>SGsOcH&+Z%isL?~L^G7IHs9k9)sbzLVd-vczg#|_??_3eC%#NWD?
zxvH@C!FLtCGd^PwUCj1I(tFjF$W#x<@+2IJM0VMc1S+$xbf(6~Jnl|)P(Xj_UFpO!
zBVI0VR7(baS3fXoqH1-WYn$?UcbLX#Kd3Db6sP<i$4$#2=QxG*WV)9EPC?ql)Lu-a
zZrGete~Yp?XC<X*EM?gZ!Hd&bMrh(~=ZCxUH?`o<NLkYVy4ahOQb$O4s<%t|-qz$;
zgRYUu#K+)^e~Gy;Hc&??j0;H{LvzdOu;XUo9f{SbKCXo>jWwgCR_)`muu~Z$?95*i
ze_@r!-^Z@R3jAi9@aB>U(P0vPEIh;b*>hQz>%l4~KD~C918^mZe=?@QFWAzrYuu=1
zKHrxqh{t}X4#Q&q(=~C8^SBO(n&nZ4e9WYuD}JYb$k~YP-8cC>DA+P3^J@7)G$9k|
z8OsI6Y*19nIrbncjI30*<((9f;zm|Nu$$)XKHtWgLuZ(vha9zV=A$#N+D9gZALR%F
z-!Km?L;%V&=>}5R3P$|$IH2GR;xvn}8Xrp-eRx*(oussjIS$;K>%H7sd;^^HR#5m+
zV5*2t#m-?uUc=>3I8K-a>ntO*E1ulrOS>fpGDo%=Mw}ueAbps<0Lf!YgaXU{8|o}t
z$*{doR&kU=RI~1#&yWE&q1_xBY8JHKn?7q7P^v5%ZwR#o3l#NZjtV+Vo^V&nI)afE
zeyn>FvM_O0B_`-(ywn>lA&#(d8FEuj5a<qT*7bKq@G4!;S?xuk1~|xJQ~i&7Dc%{|
zl}Y<)Yw<GA3^Nv%7mP{tqF+sKI=FrH#)y)UB5*xXVmtx6)5w>Ee>?cr_)w`<gS<73
zA21GsF|K~=UXFUT^%9hfRL;@O(Lp)2CiubVX8do}Hlw9VZb~I*<ZF{Q4wQoIR^nby
zq0QRt^&58Ut5?|n5f{Qxi_@^fsIU=1Z}YqWku7ynS*aQbyE=1qdqLtXKPrq&c$#k1
zK3Y|z@P_#uW0a`#J+xJ}{3uZ`c>rx-<;d))Fs29IJqH^5tn+OfU6osoQ3CM|r~WT6
z?l$*LI-GUA%Xa#vMiKnD^V8CZFE$#LUlugBYaw|Wy5iB-Z!NNE_piIJx;6wry560Y
zCp94_d{*y+*E0DRIUjxWoBbp7nuSkY0muv-QTA$?ntEU%s&-rVlAmzmM376HlYUV6
zu6^pM@j)HU$)gQA>Eh^Z(R06|<mhJ8t>C(Y;x99v-&~h-AR2$ZmD==|aei)kR&eq?
zFt;l$@jl5(b=iw>Jn7+k8kW?NRHk}V4$O_5Rvp#q{tD0U!_|-szhU18md~~DE(m59
z1Y})k7wq0IYt^C&zj3nOfahuqUvJbuZBu`3%X(_vHnQ~Tc;93D7n}A9{C)e)6GuAL
zQwU89<||(#aYIdTC?t(+5w&|i?=5uXsfgygGnIZb!PATRp*q1K|Fp~}7Mu4g-$Iw4
z&eG4nkAqUzbpsZL@Pb3ZX-3a1e1x3$O#9XDtEbK}Y8C9B*R`XM@1@S}+N;czLHU!L
z#>5*HG9n)c4uM^V{pRwvn(n=P5pyUy9b384!k3%cQn^FybHlX$P#D3oE=ml)a}Yj@
z);Tzgkz8MKC~CBP?Hvl{5AQ6}6^7FuWp-Q^t~zg{|1ct2g+hvlaTZ+H?ltDOHX{Wt
z#=ow5YVpr$eIg#q;O%7=;{2$TZb=&PWS@9Pop2n5g5A~H|Em9<{pn*$rKNYS#>l@F
z>T<Ub8R3zG*mc<j4j~eV4>Lwc-{%ydOS;7XZz7%KIul<pJb*TwD@;3lYDazNe?xfl
zhJlb)52x(H?+dPXmuSWJ<hspCb9}XKBRYt+Kn;u<Izrs#L^V1_x8-}!DCs*u`9XpD
zC}kesor}FIlYhYnsG>`iyWywR_Klywnt*ltp|JYGhlCL|nfg9@Z($g=-Toft0f&fd
zLElN&*hkbwV)Sc6LtR$biQENlFOGQBoP%%#X|I=F{{xa=KRnHzOghP73zv_<iN08|
z1MMOmPPxLY^MREj7wB&m)}*J9Fi%~{38X2DH$BQ=l$SAC$YgcrUGxkAuO99Rp+<_w
zF4tss5Jx#*c^4mxzq(U{VWgK&k$qa_C+XODI<7yilRCY!RSHPJU@!P;1)cFH>?BUF
zuhhvt8ERFZvYsIJy7+1lks~-$LhQQB%_odR`b`1+t3r@r(0V=p`l;QdhFePTYdxlb
zXtVSv!PqiXi1D!7?H;)lmBFo$ZnvfG3DHQu<A+T5-wIwO-~Xcbd{R{X`7>NOrQfAT
z#`d<l(>h65ukrNXG)MlW#^K29>*9_7y;UCS>i9v|VsO^}gYruKm!TF7<)-yNaZ8R7
zf~tn@J0l^lyPyBE5f)E8dPv`8*Z(Xn75}X4w&a%u`<wsjtUc0jn&=M@96^_y*>ACR
ze%VT5D#<kYQ_HsQ!P}5lxbslu+gp2Y!c&JP?Xd=fRWajmaiIcvK`H+)`b#8xfnGFw
z@jm>M<EOpe>}!9$JGpTS4sFg$yO1*j4<boJxnW4{%~&h}!D+u8a43>$HwH%0wXhIw
zQYov1XPYh%+17TFNTd{@Gbqs0kT+#{qv>2m1fo)YmmgEG@`HbjcDUlL9`z;HNd}cL
zq>tGPlxwna|5NP71d6Y1f*bq2WY&QOgmpL!4Du=8hs4NVw-w6?j4Xx_kqUl8h!AUs
z^^<33N3L{qO8k-oP36~0i=-zg+;uogG(-wYQbj0SYVx1kTsZ#ZeM`R>f_&}GNW>&v
zfp!&lpnZf-bB_A`eIXD)hdbZQVYO)ox#ffkI!}g*@PPFj!({_4{|*gYW;Z%Xzj+kV
zNMbphE==xy92V810rv)(9|!S={&|4A>50BDCPcAU;Bs$lA61yHN)7PBie5P_Ng>^0
zI-dC#9!MXmXFZy#1K>(N!tRB#!%oOQACv8-Y#$v`b0p<KOuDa`3VoJxQ;>Jwob#9T
z83lghB2%GkE_nyGs-FA1nt8~I1xTMVM*NDy974C{1k`MXse7{h6>8F(pjWBW0~X!p
z{&iN-_Q*jKj&*5Di_ph1h_s|;`wZY9<0FK=+~F;dW~S4U_WQ_ts4c($75=hX68sp+
zSL(BpcQxwI>aMoNFdZ;z!g9IrZ5lltBOf*LS~9W2O9km((8mD_-~Ss&?OxQR`XwUo
zZT!D+)cb~&JdQ~`y3WDVmOjeyuVz_j6n-)Zo^8_6ZD`y;n0&4DQ&IU}=V5Q%DTy+f
zWiCZLbZF+(*lqnl<)GOd95<oy<U%#$GTEQ~f6q=)Z=YxxSyR<UHeLU~bXXr3x?MU<
zP@ec{4DPE<3M{aErOArEE?=w6SyojyYV*s!{1@oi>@aOYt+fBWklLE=lC*f+T@Lnl
zFF1J~5cT;`KG{>L?$x5oK2hLU+1eFK)K+@?2EAtYYjl7{iDqBv>X6WLQRTPNEhM~o
z#p3wU?;iVM*(kLHwOiC_*5wzVIE~xImd~caN4T|)$4&V23n?9T9^toAUs!*+-~Szt
z{mUracz%L-ej%sh+>wzwf?mg|Xcma*^!4yuA)d<Mbdni<gpOQ<Et?-uPvX4ZqrGme
zUUVr&y0YmCcQW7i1|%&1=rv_GQNQKM`(y4_M}=E;)4W4!11bC3Y|yB<maXgJ-ZNAX
zXjo)eM-jT}<4}T)d>L1^TWY%M;7(2MC$7kEAF=W_rIaTC(?*^(PME<15^UfZS&w%T
z8b9@hnAvPiRRue@<#05jV`SlZy3SQ>TfvISzu_}je2<A|A9%b5{&oA}FsT0Et5^Kl
zEhkNS`}7pKADfZ~EjCZz!pC$Yzj)B6uRP|iyiaWS1L*7rR$IqK9^!6)+3xuGS0+K?
zMf2l$f*{r}vc&fAA2wn3sbV!p`SeajK|7pO@khVu4k%8>a8Nku98aif_y|d){D=vC
z&GIZt@L1|jc(lfEh4<B_=dzv-#|ElRpFFoqUN)v6>tgM{H^^Z}wps=g%?rH5F3?4b
z^!CLEzn_Abnm*mcEQ`j@P!q&4%jTqHBAsJOsLbP7qh;}P;isVb|JJ|Lk1c8Z7?Fvz
z;Fjgyqe9ljXlncYXeZeAwrZSO1M~aZ@~%saLJFR(|CUu*Y)lb9zw^1)ELu5|HjM6Q
zhPOrz4*;{D0(rP*)`R+~e2Qz$4%*6<3X?5^KTVvUKQi2{4034qa^${K>crVOt`#EJ
zsUS3bKhp9S`hn6d+>+=6^!l64S1lyjc;Y#;|4KTuB!%P@8Hzka5kk@Ti0scO97Ja_
z1O@`6s@^;QF`l|&u>#1hTSEXaxH`7+iN{Zh*+@~7p$`V7CAU3x?S?T|gNQ$oM8}tl
zEF~(mcXZDM!gv7$JkIAiuV&~ju0-W=Y%scK9ksXDC&vhfGRu8(1ARrln{Vq^80zrI
zt7{!2%RiS%kxb}y{^Pb+6nh=IGJwC4tg+aou66KZBXD5r;z`<H+Z?ydZ9ZO=bI`7x
z7TTGBpyzBc8P*nq)e*u}HFM4zhQv05&*<_?aRAt7V}C8B_^`4VIf4z(l->MX1+B?O
zbgiE^g+(|*MZk;3!XI%R1x?&r9O-)}SlJ4h+j5qop9%vMrfSyLtVcmvB6eAha41H?
z;bfF|>>!3xYb?SW*oU*i%gzR}1a!FXV^P=2J5~F4x1H~RtdTj(HM-{wqkR=s=&p-*
zz`uXV%f*lpvH2rIw@+*9r*T#sF0qL^?2$%mSKCqRSMIbPKV$jpFD?NDo4wwoS)3Jj
za~#Vl?iC2Q7v-I#A|UZD`l4$vcSX4&HC*eQM^JOz9@k$z(${*s^y-e5fETI{8|BTt
zY9p|ET3dYKuPI<as04aqdhr8-yd!<$hO0Rw+juW<##rC4H;3EKMCDrk`RcJg6#3xf
z9`rVFaaa=50*G|hdm;WrcG}rGdyM=ez#Y&CG6Xvk!q~~=%en24kJM>Qy4DeZ{XAG(
z^15gBN6yrb+v>0L+EV2mls>3I;X)0sUcKc&w=mXmGSgyt{2nMC?)0*jE+s%Kcg#mT
zCR=kg+BaS2TA)+m{_s~DoP7Q2v1ggt@H)>sV}?lOZ-WOGsQI^95a*N52DQ~ktabXe
z2@}kt1EO;7Zc5c0>pyIkeBICO=ShpPC*Z+fBs$4!F@Nb-ERq*uVCfegRt(U6v4VG}
zhzM?x&~Y&D6j2n`Sk|MO0b#@9JUX<@xz&p1sP<{~y9AR;if(%}FXp~`Ak4J+rvR)Y
zK#0?Te{~Ndo?rgO?NOV|3iN=DKgyh@ej^k{LR=50<$jUeU-*8k!CO0sIE#lCXn$RD
z-Q4n%_e5%5e!H~ij%Csi9sT?`77OTGZ}am5f69R5U)TWG>u!smw|Kt`;s6M4ldsY2
zV^O(-2BZb?L-tT(jfM1dZ~ebHKn;L+d!Rc85^G5TNN56|r2OOav4fNV<*Yk>HGk(g
z7rYSBKk0BU1#69`4G9^WMK7#^3p(fGWb<W?uJ2L{q<rW~)1xkyOKpVo_f}%ZKi)fN
z`rlWDr=fp)CQwOtmj$mHUE5W8g-!Wn?2N^JLl~2Jph|Ezhjxoo#q^g^nKcuURgxZX
zH~z5KUfw1jG5damY0S6BpD@_T*ZX#zsiel9#y7WjRhF!nmz3JYR=QG-eb4PTeH6NR
zEY?%Z*IZ9a8GZ?L53S5{j%#dN-O?QsBccQupU#$mIj@ar-ccBGPtNWL<$UvdY}xhK
z@dod*%x-W(Z-OVt9x442VP6tKorZ?I(>OYL?QLg<K!0wN0#5BL@0$;{@|+0vlY7eg
z0$SQ%bi98W`1aA6IIUdtQJ}4}`p8^gf~aIPT{w?EnDH7dQM}N`P*M36xd4=#ebr&u
z&$r_*5}D3c%Io-;<PAiK8GaZ*h|MHs(oYR_T^j2jw|qz%lz#i>x25iUq$C<rxjMT`
z2L6pjyaIN~cIYJoYCd@?mHuQZp{NAUWVrRX&qNf{aW;~umyzS;M_WJGtk%fC`M=-I
z5wL2ftfbzOcN{@J1nKbH=0kEgu-7_(PLau&+wWpVzQV*n^&;N<sNqVdTvqhC!Bovh
z4`XU2Y()-S5|l0?c|+1uAIJr}!)ig}jmpT10BMt{j;QYpdpDGhD&Q;Rj>2toxh>L%
zveab>h4vx$Z2>=tP3J7RNIT3UbfWj&yuNp@A|h1>)V$0(6Ysz&SN&`>qCVS)RkWqh
z12nt$R`sSi`TC-=+1>!b`DtZWJ&yocEiZ&r)l(BSZr}_wqKE9YBP{D?6-dA;sK6Cw
zjUc$c*p_vnp@<QB-*&9%+OZR<@inyyx7Jqk?~h?~qZ_y=QZ4221-zHQJ-fm@M{bdE
z0jF`Hxv>;HH{7BSD)in9<fQ0nhxEIAYK}1bIfLRW6UQscbAHNAJ&!VBoQZ*cWoMMI
z7}-GwFcLGW5rm2iYl-iWF}>(}miCG{RopLm8qWfCwSsoNLgpsoa`mgolGhmadwT#F
z4Jf=9&mu`+`dq_e#Q{sB<e{~|zEf$+Ej{~6Udb*ZdBi{4=J!5uot!QK^)@BUBL@u~
zyO8=uRyW8Q*-Baq?~lclR;b%_GjSFmK~P!!3A1PkUnS}%hIYkmjhBK<GWnOBEK5-B
zT>!uw8``ZjyT0#O_BM7SimpjBlhG$^fU&P9)W>VC6l+5-a?TMaSW)qF)nmMEBUiWL
zk>!dA{{lFB@wr6vHpvq$5^>-5veK%CPVCw*_b&hz#HvImd0|9m5Qz?wj5>&Bko23-
zEu&41l$lV4o4L>V#}>7jH;O)+Zuun+n9MC|i@9_NIYpM=P||!bi&g`f3$5WhxU4{l
zD1Nm^VD;x64*F>3sY^O&1bInmOz^?&y<QENF>98}K{i<l!wm}oeV`@V5ic^=YR1Pj
z<aTCJddWGGkE)Rsxhve9R|?4;`u?DZ)vAlxD{_ZUtHt?cbEO8Aq-UpFOv?W4#key#
zP@liSkL71tf=+0aCY#Xkba{g&48!sjV)zX>O?jH~VRPb^;p5$43fp_^*ofGXJeVLT
zP{jKtYQNkHeoCHA2;Uo2KE{+6B6CRMEh=Kj;Hg;mPagt%y+NwZ5du1!?6g^$y<^;#
zTvs1mXSuH~Jq}khu7nIvb5NX0WSGdd0J#@xk7ic3ckw);M_~Rod7nJuGsRJCFlmqu
z!t)fV)_2Jz*msw-njH~y;EbG%!RC<}JKD%(zZ`9Hsz1UNxn*R<E(?6w{Wq4z(25cE
z5=8Kq<OJlC<F}DJe^hjf`hJV{*7K=NY;r}m$uoXZedB%mT4xu-pF#$qoJ2NSUcMv<
z$oHc!U++sEL~@oBMxU;$<(-&QE`R%Ay2=zG1xsV_qOy1_7+o0x>S4v><FO<pcPyV5
z*<?7ya0i>w0ijY-EP^H`dkN~3sOB(JE(_f5+U<^r*v{%JiqpiVZhSU1x!;wYS^{DK
z9os}c5P{N?X-5yKXX&BS@ePy`;RbeILDUjT<l;qV>96Op35Lg`RE)W6N8tCz<K5X*
zlG{>K<g}zWYZjyAUX|(ZCPxOCAt*9{yqoObFpIg6`tQf!cXl#b<7C+bnu<uPM8_+Z
zUR)cce@YH=%&g5oK3@uhU+xpM`E%L!Mjyid{7_*YHjNhT>4+rh{!_?cK$FGf4WweW
z#D5u1Wg{mgZ&+xEWr4+DFow#jfAk9dm!RuW;yUX(r@H!h6u59ESIW0hpy6GObF`15
z=};%Lpm&G16}Dq$zO?UELKHkxB?-6i18i%}V2#<BBvAeWm{TpUHD$^R>9wpT${k&X
zEi9oxD%+I_4vc3x=+RfSgx?;zp6=-i)xWfB4h~EYM#`g!-Pc{TVt=uJYX+l*N;n<+
zN82#{>{>sB-mtkS$mGXCSsvGgN+&c#E4bL~`J^<3d97ZP`u-VHFV3~6o+VN5-8eU*
zwxES>^TFp*Yv0e4DGyL5NtwMzG6}sJ^+bV)iO@?mv45xQjX}gvEPiAkK)$UF?FkX2
zUH9`$?M$m7FpfE!#pbBOKfoPVF0z@6<hFf><~Zszr6dn32AZ+>ultLhfWoPyhqI*E
z%8QN(E9uXck8oZ$l&%ZHwq|I(M`OsvM9?HUjO#C0&(w^2u<oCq)MVapfj|U6u;X!$
z@~$Kdia0(M<2b)p)qWT7f@pW-_Ed&5VmR@9LVrOUIY{iqeBdtwxstJba*@ep!ZhW4
zugF<x3uuGMG6x;k$f)zgh8*E$)i@uH$4^(pex?z8BlA}bU*eX>HANojf%n>|X^+W0
z88jEDC|{o>mfv%Y9xX!1Iu0Q5hK`n0wiLZ9cM7xFzMpMU3>8?MLz#A`e43nnEPwtm
z*(pO^=%N-p<W_V*nj%mp)RF>Fm#;FzQ5p8@A{_Gl;>G(5wu6Fi5j9?STc7ScCS;YL
zHXQ47|I<ie-AA}eM%)*B!<=1vJvNpG?61DF{$x=w``Oykefs5obPq0A4EC7Sf&t2g
z8e>p-H2~y;;Ss0T&CVHDiqu}z7O#IMF43KPYUYE-4?>HE;DDeqCVw*DQWc*H*|FjV
zLqHy+KYNnBEuWXEt-Y*<T(ryXsxi<;0vti?@@qMql;pmLir5#o$X&inWOu`k-gUdP
zD!tnFo?W)w%f#P`>c!cbnNtd|uUyfg=;^Fa|KmyhaYj8rdfB-bP4lch`jyA_6nUa9
zvl%ymdciGfEATG<x))m-YokfhM%A%&D=1M(T!VHM>TohFHF%~UM3>uEU36E`y0IfI
z4<oZ79Cz97HUdWqcncz<k1_$LVUt_61&>SQ8Lje$f^@>df{8ECt+|Pa=aNmYlCpTX
zs!M{rI02VLf#!EcyF9c?8;`-0ocdwT_%De6byi+icR3t+4z)~(*Sc5}e=EA{lR;_L
zWKXO0)fun=cX3;630S3Ko~@xOG~DU9_B{1X5lhdne}Ml&uEy<c9>ZUDRtA4s(3d8Y
zh=<X&Z#a{0sX`~Oj4Yqjuto%1X#Tdmu}AtY0amDJ-{c4$lOtsA#QACljoqG-!GBVH
z_6;-1`-Xot0#FC2lwIOd)m&NId@k0s4{-!*sdKjt=k~5Ad${ZYb}U9df<a6$ed?^F
z!j~X+BrygJ4wViY*%kjD#9kMazY|2uO4)Y=H5-N3vojCjV>#?-X8Y_FFbtBHB^#-_
z&P}HQa`?wZAjkF2WOO?H1H-Alh>izjDMm_L|I~X~qDeO)(<h_AWC_g#x(0Oq0zWvk
zG@{<SdT!#(oLWPT`tZ_XkGQE=c)fjGR{;yB)Abm_0ioF;az3x<%}>M%=L-K#{*6Wc
z)!K|qbC)1LEF4&88N7++V4}%E4GW4F2K4kmA%}4Hf-fykSUS2@{e9Xgh5=>S3?m<?
zNWD=MRv&sp9or*BrKs!1zcrhrF-pGf)Q{O5{Xk%5M+O*LNx}A2!KB=+4I}b&pYQpT
zw9(5?$z|++xeHRI`OyWm1<|0Mz_sg<&ye(vIMXD)5b^qm{s)0qc5Blz?fP1bUjlaD
z(G+Tw`b&2$e;gZ~#8_-pT!@#;y!TtEfXX8-Xw?6fz+2f=tDf^h);C{!_u=%_-8i`t
zEbPjsKfA>n5ezl*4k@zmUz^YOXtGYYfJ3nQB_<o7rc*Is{rlJo;2(cO^r$ab%_W0>
zy=iC*FW$R<Of5t#4E!{5V!eN*G(30AI8Iz^t@_xZGS*%Knd+Nu(7VHL!lME%-1YJi
zKlKH@inC?Uds;4(+3tIbs<4oC$mcHVThS-ENFk)#c81*8+@(p)sxQrg(FZ4q!luBF
zH8nj#QumiLXn{DuyfX9Yr4CYPs;&QSLSJ)Xu6wjR8DIzqLjBM6x=_^E6K7`vIE7F^
zae;fGj_ATY_t%?XDz8fNS8*2C0&lAO`p#N9FAj<cjNVQhcwnd#&eZRp12`qzc(f>l
zvmeex79&&VI>(U_%^{rWaKC$MVkB~k*Jr#)VtWvLYBVUb8t>`4{S?Q+29)pA&~}YH
z+V1uHeNHPg3)kT{00QfETh|t<ybF7p)&i?Km|{fzqZP8C^K~{p1$2+1yOUWd4<)L&
z9Nq7P<fs&04d>9_EJ6H{FgrwKZbtlY`4PLt3*Q=R_q1n>T>tS-raR;=CD|&sB6j90
zj26@&0%a$==k8Hi_>cwQufD?W{AZ|3Yn8x|9_4S=!eBtlfqT{tXrC-Q;;Q8>R0Q{E
zdEp1a`uJo=uPFWKlu&1G)xwD}10I;0Im#F0BjQbARmPA+wI}CTkHj10_*s8baOpIQ
zd0}Kl3-cfc3*Lu}{`+E-B4Aa|y|EuR9~Z_!?>t8QS3-JDXAN+nq?>=}GQeC%({IM>
zA~rOEfOw!WE>E+zZdc!{3!<|Yc9Gz7VM=pF^_zu9eFcg~vcZQ<+T8#$!fD&lKflr7
zz5wK~+y543TklvbZX|`-2v*|ERNYUQz}{<juG?K|-lyC6grTnJ>KbKw)J!R%Qz8&@
zUB^0G4?$y9lcI$UUQWY44bdF9`5ax4eUDd{Lljq=AtRDwf1^asi^Fk>)Z_DH!(&~h
zE!Fe~E=&O!cvJYBb3K<a+KoPHhO~w*^_lfLr`A56AsK|TU@9#)TLp4r1P*M;nv8%!
zFP@Eqv{ciGgNvI1158ag+4xSKJ4(NfW;#o|d-UXif|8Y~^owVR;_9oC>8GKiCBC9T
z2BZVy&>O8C(!t>4*JE;_tzXBhLVw!QE_-CRGL17CI9Ffw-Y8n6vENb_A!x6+4-NPk
z)?L?UYPd1haYY%OSnaE<5$5Q=$(U$xa^gJqaT&p8dQ=MtKS_(BMR{8ig@IkE^Ds%B
zj8Yud?H>|2BKFSf{=<A``+W>w);5B-5D?59$CzT3WvWd)3=O-ZIPkq~W**3`TlW@8
z)Erh?9Bp<4i(JgxfMSyAWXcn=uEIC!fx@%Ug%V$updky%DueKxw}<05<$&bi+|X*x
z_a5Zh`7O9hdZ&bdQ?^mB-%!qtj~*Wzx}x|`fIxHGy`=(UZ&yezya6$sQ_C#S5t-=X
zJD?8oQ?Wlg{#;<YdP%-$ao?=zRx2?q6kSf)+HmXyxA_lvA`M!mO(siaVwfnMiKY(3
zHdleZff{|GW6`5Gp^U2>*!9WOH=m#L`_>aKId1!I`f4nFI9w~%Xd)w9S>ss`N#y9m
zt=&MD-g|{Sqs)^}$fp(&PGJara7CFg_P&Ic4ZhBFP{iUGM?ZActZ@nd3Aed!9)5=4
z#Sf<rDY}6x1+o>otqZ#syLR2c<Oxn(bmSK+-FLBA;SUFn+*S$$_L2Xr@SP6$HCL{;
zj30#j7e!3M9?O<qI=6%`G_Ig<{sYf=(><F{%Y61y@&&RVbvEovM-!|;2gu}59WW_@
z`2YN^xkx4CZ=@Y)L<D-nDqU>l=BPU~uR$rwNGa-oEJH|SrJAKr#`&v4%6=ADT{llZ
zfxHPVktQhRV5_3-)V?Dqz*~Kr_je#P0BP6A?pSxjX0!zjbTNMBKO=7`@;rj;qE0QA
zDd!9y!$d8Q_vfPJKsg&8tv_ZWvvJ}mZ7GzTI;jTy&Gg7H(LP~5tHXk|i(y(0+AL3G
zCwcN4afj?eLT0LGlJ(sdZDp6swy`t+ot_yHXyGYW?f<{az&(tBC(1o%rq{cxyTySP
zXc@Hpi~#vKdh9ekE5!NF6Es)cmI?kIPr1!5xLL27gQyHBw|Y~D=!4|Hx8(rRXm;Yy
z?+yvUMDd}Z-uj9lPzy3S+K%?N(k=4ti{(B(*8|R{8VId@r7QEtlry2eQ5H8?-$qHw
zZY6CVgi86#Z1t6VI?3+r^0n-0Jzbwnf=T^%a_vs5e=?H~T*g5HPWdeVs(JdE)|ba3
zm;N49O5f@(L-*c|LIru%{V0^ElMkv$dwiH`@;V(<h2Jr(hQTrWZ2e2#TTC1*gvh&d
zON=TU-_++cH;)=soSz;xsrW)ldzqg7a$8mEr`s#DnTbYeyOX;+hETe8*T~c!9q)bX
zZR`D+Fp_SFEEju`283}FmtTu|0UUx1c^HfMTiKUC;r&2Z$Yvejxj$z8e1$T+B<|aS
zv)D#en!r<{?KxzzPNeY^eNx^*%F<9Ao%VCS(hoH@XWkG>>L0p)0U1*r`H<$W?a=&o
zpV>${e@iL#;^G|s@|OZjth_{*>Zn@(kbKy;#O6n$oc^>Iy%B%@w;k{(vEAcNxaJ0!
zIiO<iAZ_d!5uAs&{%2Q8cHtFvpk{Hl`@UCA{U7ep0AqvuipD3`sr4GHCz5oki=>2h
z-T-yr!_2e>m45E~JV9v<+9KB|hgscS|Fjo^m2c8Uv}ga`Hy|?4rZd+W_D2C~vlIT4
zAiVldf>4=AmLSa1&cjlYXKBc4{QABeANsxAn5(7@dZO)XCw;63^J+!38b_P1Sr>cG
zw(!@Wed*-MO4d<U%4m|izz-HX#K!J=X!D$KNxt}{-&fsl^5X<foUJPOZByH`yn3?{
zof-`v+tegffj#|k<5mE?9?mb2Z{HXrV<*e8n0HPAVS>L3iRMuX7~{FR@&ZO-I^}*t
z4CG*UL4h{5O!NC>VV13Q-GSA|yBiliRXC1^yp$T=?gzQ>p8IS3V%+B5V}CLJl0@6B
z@5&4voZ+qWcmUI8i$z~~&3?RtN0{W6tJ3RUslCw`S50;Y8;Fvd#}8|Gl9pTFL(&BT
z-37=GsB1ivb7x+<FDRI&8;7HS>3~e;@ye?@aV8H|qLi}p5~Kg#$r+MbV{v6kbqdbU
zha4szw>&qYTTG?NvhQ3h^&eaKjW!TIGcf25nxmAE@dxtTj|*t&OQuGHv~@qU3nBm2
zZ5b;hwOL`ZKDPfvZW+8-F$BS#dz}bs1kYV%yyu4}kZQw11gkDN$_GWN25Rh?8vajW
z53*yT)B8(VXWAh$=0z;_gKG_3v_i?g!zpl&EB>d7hhd9(gZ{-ufMNS%6K6s#p-*pQ
zyrpYmZip=P%C_4PEqoW8R$P;9qNxLvc{N_B<}7J}502{iwxKfP;(tr%(?ET%(<yLh
zE(!e5#U(SU!==nwGiuaoUw&fFpdbZ&^7coo>q-!z#qH_arNU_#RQ4ys2T$vFEoXJ@
zKbWr;U#vX)n>7G@!W|!^_#<KC)(_qtz0&)YGxrT{roOpbM=tr>kCaH(In!&-eY;Ug
z_+;PtUdvnLvcdeD>un3E-0xnT=?-q$3(wlv`k!h$oidb^ZyKoDfZPBx-=*ni@1tnj
z?%m{+2*N3c2!~bsI2PXe)%_Fput(;_#f6+eySHS>PBp<<RZ*;Npw@vk^bf_aF%q4x
zXLjZv{&JoqBlV6BMV#aO;57`Y{}-vBPH<#UH#`hq6nMrfY<X{;UWQwD-SWMVmoPqi
zWGB+nioj{W3+DGL_@?kjtm_u^kw-VHVeVPR7v+vhAEBa=`?-<O=e(+O$vxr&be(WN
z$p&L*qKex-xPz@i>$c}_YkXTR>SpdbZbf$FIH*uU^pTdO@5}87wnjQfd7E&Qa$>01
zK5wUf(=qI#mBnB)E&P5j!N<8)XrQK7xGO1xS_WgCs_cSUd{BN^KN1^w;sA!0MPNvj
zz2=})BH%JYj4t#r&iO6+*2kJ#sQit3=N)XxX#$2|M2PY@Z>9Y`f7+~)`1Qu@b@RPY
zO>)}qj`-BjQqQ#%p?R*{Kau$v4x8kkP06#%xt<j>LK&HK0){0ui)yZ9?_d9bTC5+^
zxi42bzpX;t0W~1u)iv3_ZcQUBdo=zRRbO+W7Cz-g`m8n|6UL#_bK*s#1Q74dXOs*l
zp9B6(;P{Ir>Axu$ged^cx^7IFby{#QRAx<@rcw9_;T6RCq3^QHkaG4B_U;pnkwX8`
zP=uB!R(bOeuMNkmsE&3bXH7VNTTV^3Qaqmne@d_!s_m8|6WrmoSn$AaN>$F^sg@#5
zt8vskD0yeKJaJVO<D1@#p2vM=3{fQj@dbct&Y|V=7X(q{q+tXf(#$A=+`edtx(#z-
zReG^YDS{$VWYHVKAOZBtr1#>OijBL=M1~`$KX0#D$!V79V5a=B_}EOUN|7hz_k1{i
z_)kNU74@>Qxf%}{fqk+}3tf&67I=1{`S081^jPg3xb90><Xsvi(BOq6EE?1ss16kQ
z%P3ncmB9uwWzC}W=FXWo)RUG4+Pz$)cHBmM4Jv%zEgrL(1G52@{6~sYlr3IP4*?k=
zw-~HCa+cH6t3pgZvbBj${h{yE9SJe9;u&fh-rHc|sE_=D)t*j_FF(<;_!ar32K<_s
zB}BFCwsYv(@2m(@Vx6UcvgRE7I7q;lL82#7fs3myuNOm$LKfJZ2$t02DbFsPq>Kc8
z3muEIekd}OF%q6I($_zh6Gs^^Ts<-#q~aJ~oA!C)a`n#y#39{7=|1z^m#%}3jAx;;
zrqHHLB<+7zD8%maBjZ*sGLLSLVwQ3Ebzo68Il>SGb&(4qpG#wyzQV%u&V>0Zj=0v1
z)L-fq%6)=rS49<Rvuin$>!EM2B}UzUWt&0DzW|FnGB`$?=H_78W(=P`E&uzGtXyz7
z&pjxSe4<sCm(%owV-|o+zKEHOH9F*AN0TU$a$#?>I<s|<ck~6=R-<&FYDtIkA6(HC
z-o5b+RC%;+?edd7xa4y)d^nz?K0BasQ?>T41zsQ-pm*+=U6=hO4#uu`?o+~6_qg9-
z+{MOLwezwdzC$;z`Yff~Nq4|SW|KayBg1$n;d|NQ>HiK&c%@JVT<;v@&OS|?O%s3W
z*Jt0|I5)F6ChSYmn<vTc^DXYlM5LUXO+u1!!Y;8r2PMCHZ6%Gx&`{phBx=*&)w)dN
z6c;(iOO@kk8F#Wo3*|=@**J7AF?UV8WlE>qX?SMRfc@PI08x{7^sjp?6ZN7lLAr1E
z91#5$&-nF_)ZVXDEx9vN;j!kyLTRw9Nj_C#)LB&f2FmAV4^9G&^XQ-?>bXDs<R*{@
z0PO*wj4Y(i>YX<73)8(#ubboofuXbguUfA!IVnU<Rq|lHp;E#VQ`<-})wImkKT?Sf
z5C2>GlhPuOmwmrPfohMUbiu&!f<)dDbM#tUL+mpj*^e-ypHB9#hR$;Y<RexyC<WtV
zPDaU-^Unv!9WB@|Q$6R~sE4qm?ywu`k7k%d{`dE`64+$avZ{OHmZVdsTD1Pfhkt7Y
zSVO2tMDjHhp^c1++`R|x`dK)6%~zl`?HuAXbWm=PC<sW)*G6zYq#2b*J<-!lK3sq9
ztm}0Ui&YkM+xc=KRN3rH-^wL6fwHKQW-G_6YU|LYLP?3fwjWhSl_<Ov9jg*2z&ssV
zFrt7JME@l$dy>WbZVpeRSp7H_?B!v9ehqndepFQsk`ZRL8jmS4{Y;fap>DLk)QvxU
zuo7y1{WHc`G^o{Qt1#<2^Sw7BzZ0Ap6er>1=MUwj$oj8tWOnP`eDF7#tXs+Rs#+6n
z7_!N5K+(ZdYWdqIo*rh$TkMunes&>M7&Q!s^@n;DI;@AEKff(AlqrX2QNl>$%B;~c
z;=6KlXpsM+gs_F}7?}d-Nd41^`x?*}Asb9iB@#*7`e8E;99S7akSda+sUx6t;C%4!
z3!j=_Z|kQsMx{Z*(o<ZUt1~#!nJ#PoXwyZBJxL`mZ=afts|UuOvL!Y5tU89yW=@WJ
z&lHc3JRulRq-*BpXjRHV=A&jc!`(cZ*~7=+pNN;8JU%rpR6NErb1sco>DLV%X0dM=
zOMgvM<%NFDV&-?K3Y@lxh^@LZ4$@ncFdt8Pf(fWxId)r=h_ySb83&^(BH{Dr`piKF
z7atDm4l+ICy%ux@BzV1RUaHJH?CM-v$Jf-Cn!<#;&LKrSOP2eb+cBHmFuSW?8<W><
zuc6xiUSF4S)^`NdrIWWzMGg5h`gc?l;J`bwWPIgZe_ec<E*_GWoiyP#Xwwta0q<WY
zFoNmL^EuePYi?0j>MtttlRTk_+gppY1ux0PSR(Xz=Yr=EPuacj%T~la$J~pgn-@Qa
zVjB)P$s_(3RYees^nni*2K?#>co%n&$sdnd_M4kjijyrtr}ReaI}Wy7*DLP$#mL!)
zZoeUfl5^u^-2)?f(@S%O7!Wf;Z990buX;vB*mIn};<Q>Ln*Ki57m@|Qx)k9_3X2ka
zX$co|7rd_#WEZ*qn4e2s$iP@0pLS#Fp?RQPjSR)m3P2pC!E|H&hh!Z82%)Vgy9H6_
zcG7Y2BYVHVSE)UenU=jp4sHhGD!mksty1W*q?24`1FFFk$e#~A4i0Sj97$pImx#AX
z4f|I^t8uIs&(IUyo&}Lsc8b*y*3>CD(-4M)XavpP-8f;(iww&}w+MaF@6!9sv=2*Y
zL0SnzX;FAO4YY0BD{IlJwR4u(O>S8?(hZb9tzi{Q9Fp#Q8=JT6XL=;|ryglpcSDrM
zc$KK|NDK0R99?x>lV2An1Vp6-$-xv9q#H)7s3-_1Al*pk=niRtAtGHOr2?b7Yoogx
zMt6@fw!Qnk|K8{G+&K5%bIv{SJ&l#e8w>m7wOfL*Gl$t1t;Y$iG2S-(y9TFsM5o%9
zIW~Fy2a!K)oxj~kEbmP}v!VECTa|RT?%}E2(};=rgSGYSWOE$3StHGsZKRM=>W#=W
z?#YKE<Zp;)8bloR$^6Rso>0!~RQJ*Yi21XGw=2NP_r31G_mOagqCu(N&p#@$k;8+?
z?(<*~(}{LvzFq2-ma$u5lE%L)@VZ}aDNTN{2=(kZVAJQ$r#}wr?tXkymGndSDB<7z
zIvBLz*vp&>9XN@c=72uwezPsws_Dyzy!pB)SiShA#^_yh$Bf)~%c`aG4do~AG)xZl
zO(OB{16IOAAOOxM*~c(}ENU=%w!!gzo4<urKmP5weG{pEX)_^J2ydeZvw_m)<)B5f
zn`q2oR#bCW-wH1pd+eJpwh_JcuC*AbIrQT>IwzcwijoegR~bUV_WUR@;=d<8dwWC(
z)5@$CF^h;9MdrwCWUZ^b1;7XoI`@}6zrliB9hg+%?AkQu)T58c7?fRxW-MR5TTnDe
z8!|OH_AKkqgCPStWk}d!ZNp)fvIr)^5s%eechsIoHus79-`&5)(sH)P-uZcx7j*lw
zOmDy%@#)!%1rwTt*`ZSx`8%>xtG2{cQvo?9n-xKIin2zlsOI1z>$6X#fz~B)iTdpp
z$n41V=(CGT??yHwk!-rj2C_+S<_qui8J<mR2C5`mq<#Umg!&jcxAf`WxJNdU)d5%@
zP%5-#Pxi(lk&VIdGo{X-hNWYndTp$imQN1n;K0b}Rr>ofX5WTUncm+FX0YtZGly{F
zyT0n)PbZd?FB#{XI`a&7Kf@Gu;sJoq4#v4T^4TM8g~204I*x9MN3!K4EKBW;AZ`@(
zCrMV_`6t>-fYmw9C3Dl4EKB!RElG`PvBcW=+TMN>10fNA5JUE*lslfUbXx5FSr2>C
zZg(=DLREfVQgvPee<OK+!lX<CNMk<}^Ej`{wHNgQOOP}%tg-CHREH{={)M74dJ}BB
zU8~cxrCMz(0jX2Y^T5+mI8s53nYX}O-gg!|99pqF<+GEP@7Tjz!}@f(>a>jcJmp%}
zsc2vASs=6hK26Ykd|t)Eb1d1^b?Ex+C(~K7;&bogYRT)4qwgOL6Qk@&*5_Y=9es4G
zXe49ml>?dMTHb+|Zpte@!~o_~G0$EZ!zXS=;ZN9nosSmsQ*3uhOCnu=SL8j<F2)7*
z|Ah60wE5+i>lZ5c=`wP4_3QwH`ewcWVhDKq;zWX`?QmPf5^2Sm<TqD=sY5a`6z9Vw
zQt|HIY{zg~w&^W?sk@TFE+z8ssr)GXC}Do84QCD0Z#Yh;#kns-PFv5Y5e2d+O8AY#
zqnz_|H()w^Q^Q9wxmh`<O81KA>)ul6XYHWBi*<{D@vPePBJ_2nr_|Eij9-3YsO*x0
z_dAvu--OzGC-~}y*XJ_wK5+wz89KdYQ`~$*G1k9UsNJ&}G7gh8=9`}5d}I$7nmnZr
z-QJ<E#AOdNnyN+0q=+zP*)@Z<AM7Idh~{i#mZx;PRz|-+GeEnEDhEBP-#hoYq4ku*
zEJ=FjZ`$1`v3=PssvMMmcrJbtXvUQBYVXlsjY~EzOfI<Wp_%@xv1b?~F~u?pUnh)F
z`K4gzMMQUlHQg+MkX0GVdsEhfe%A1LV?HkW=fl|e+&@;wIpwhreUIs;Ziz-)ZT@qX
zne>po;P1Sm`-V(R5B6YqO9CV~Y`0R?r7DkQr(wCHZPxz0EwOz*CRtt-iMxlePe6;h
zNnml`mJQyJ_&w-pFAV-Gf#s&yY$vi$k?(Q}Tkfy9nPWG=5%Zc9=e!g_JLAg$2iBa!
z^pscT|JdM8p8q`7KLrSr=)TqM774~{S%#*Eq_H<h?rveGEetv|D;X<?Qi;Df5cJ8I
zpZ+`K$I>Al?84ft>X^K_!ZAxT8MY()nCxu)a%@(_7mp$Cw%e3LbNmy&#?Ih_sc9+a
zJ8eM08Lbmwe%x^in&a<mcNCcmAyKg96R`iT*g?5Eu{KPSFFQgzKlin2Xr1OhGE~U|
z>+UWl@oT-a@txBc{agPQV<gRuX-)G=gF3?Y&Pe;1f57E@fC{vXwB7A*zgyX`=!0wl
zak)0pbKMEr)XR4$o{=}w>UP{WDH_??qRDFN+}=O5vOgnj&zoFN@<XiePbDfI8{Dv%
z1$qTz(D^lcbvx)u4!PTy(!uNoXDT^7?|vkk4X=R*aY7#q1{F@#%eUyTxVb`JqGhC*
z{WN>@76d2f<(Jymir(&jhC<qW@=g9&UTpi-R5}sNboMou<g|MARURoB8A8t-rY6Mh
zWOIwF>NKcm4y(mqj0=Kh-utF&#K$Gtsjb;c<H?W|xSrtj(TB2GCxeSJl#7V1YzHZ$
zE~BV*aJ6VD4d?zi0{#&nlPEHfSAogw<VCv#&~v0ctiydfu`N3Dt1JP^ysxs>BhjP(
z@&^3Fc4#}G&)Ow@TTXcz%dn0dlBSVxhiJ&(bCyCB919WX%}GfgTUD~G2lNy%8VP7z
zU$<!0teCt=O^++Y9E-$mv*dkUI&nAs%#v5@33F>`HO0~EF2VkkI!^NR?n!?0V&DI-
zjZQa@g6uqqP>=S@U<B4~EO0>jkX}hB_niXN3ZcT^S>vE}<a8~|N^ek5`rYfrutP$t
zS6vUit>A_nOOhX3E5q?sI<j?S!qfXJIh@(k?+<kP*YWMGwLwzLRmRcuO?>+)cw7iH
zlJBvQ<Rw_+l;?G@tcNCi_GjLPk#ze2AC2fk7hOx`2la%TQ=YA>`l7_`&Id$mDEw|n
z|8o6mo9jMKtCD^+c5rE>sBO=o(ltVNJ@H-VY-J67AYiN(zL+i1<{WZ@e6by$FY3W?
zEcxw$=UvyDn=#6zMb#TUrYal>pLJs8%*KAhKs8*~ZqB|Kx5yEI5?$62TPi43%%>e=
zlRT9f<pV0&`+NxJTX>lq@cUs~R>{WeXDwEGr164(3T4XO8{M$G36PHya(GaaCApYx
zg#&7ZCR{H<a=?Zv_faMF7k8(PrW>l5$v20AqhQJ=b~S^$-$w3i>^62y%7rP|_%Z&a
z89Ww<h6&_d-^b$Ck6+x1+uh>qW)AAOvcs+gY0+I`rq5EMw?p*W*;Ax)c#~Zk=HZ_*
z{t#%B9{BQq2w7K-rKh(~5{-Jh6KiO7c>ZVkiz0o?hX%!6nftZ^lY6SEH`(l(L85V}
z{<ffgjD~~F%)tg8?g}WY;3Zw0ui;oX-)D`)sTU%P$8^h*<<BBmwa-4LetbA$!t~Kt
zIoH5bs!fIE{k@XyXWdu$w6Rb=O>rkKZj1)UNiy%X3>AvGmLRGe9YyjA<*8U^=caYK
z3){aWD1Tn=*d5K*jaH5K^jtnlDOmbQ4?7m7!ki@a%W$<$*NbGQErUdi<>H4f`o?W)
z*&x%1w4z_P&{y*{b!9Ov?=O9j701PMh8$Vvz5-TkZ)F$jdhs=JwTqftIz|%SsWd;~
zZ+WNEQ!}Ouy|xk^k>IbYM7F#+kdw-{)b@NgU=sMdD15pw_YA~+d1F)ZLw>R>OwuAe
z9TT_0)AVWi=FzoI!|Qq;un)nf-nfA>BhM`7m>GFi&Sw^Bx36*XUkrTi?w%|?jLRxF
z<WGEcie^N5a4er6#ytJ`OE-47j+?J>#Eyg7A9mN0QJDTolM4G-i>KVuqyURrT%xpd
z3`}5j-ZIyW?~DD7eA(^Sp7C#rnE}f~1JE;Z-?GnbOg*SBV2p<kA^6InsyUix(!r)o
zWLT!zxGlg)K)*!5k9BXP1;<fXuqHOhHUGOJ#_{U*Lhj6e8QQ$;&qcf_3*o#i5$}G9
z8Gf*C(;)Zn8qlL*p6GiVAgQM;xl@UWpE#9sVmL1NLa<+-wKDSZS|xSq`*$ZKP}bQx
zT9zh^snrOe`7Z>Iza?x+(f*sWMcb5vvt*zfK5doh418vk20!tC<JdWp-Z|kvuag_5
zK6xdQmNR?#UUguj&)Xx$?vbzAr8{H=_qrY;^E*9G;~%`IeLh57_aGPGb6EMRmfOg`
zp-o_Tp?B!Fcaz)*SN}ow?;7l{rI{Y1qdHr3^;X06#|jDx_M>ct*B1QAa&xcfy*joY
znb9Mc*?J;knv;K9S*|J&V`i4#)d@SiqcUjrA-Uh!L91?7?KL2GjoOaCa2N8MT>a+$
zI!%EoA*MEBhWi88>C?sTAHNQ|o*Y4e(U(OOhHk7kEOMSWnpAgnt<x6n4N-M|3m?)0
z2Ze`UxY9t|)PXx}m?efKv$LG&8?pmoB5ixm;(Gvpw6T2?LGE?CrmM5qH1xFGGt=2`
z`ZJ%29Xv7O7ys%m$%tJ)2aHyl4aCX)LTB&1#_O0+@8*!IrxN(8ehpnNFxDT@*3{28
zW9N#uYn%ChS3#uUN<g;dqRf8qDU83C{sQ!4n)9{r)vc(eI>Xe|y^|C<>Nq^wSdYI+
z#kluXrSwaUmF@JKi4RBpiVZ1WbF4IF6{Ct+PyJQ=BpDyBH%!5fjh_WlN}hc5$=CX=
z5Gcg#_agaVoBn0jB0GD~!G&@1WkD)$Kw#9cx*LZ1gi4++&Zoucx@CLT3yC6k6}@Bc
zK<Z+wlum=RjEr&%lj>&Oh1KbDPI{oF3=`pgQ5Y>#$5*4a-$wURpGSf#`w&8Elz@_v
zsy~a3!*9{Pvdm3OR#;oxqIYPvD-wneC!PYK`MrG#l1riTd!{XmHYR+COwiw4!GE(9
zvYq8#NpH0SHD8V7zLZmc@UjN{NDe96qJ3rjO!HbfEJx`Y&g~yfEpL9eZCXGU4-0yo
zu5ebB*)_L3bpDUOo3NMp2}e_FXDhQhi}U`=(j^9NBu~Bx{JrMg89NGwvCh)Eh=I5D
zCsi<)@IBUxd;EsEPZsTZ%04{m^iUW;bF~0J9;xkF4a{(kA|4$L=+`ifMwhdWya|_5
z1(siJU;91%Y5Sy&LyV}I;W|O>&@0JhdsU-oPAfeiptLe$g6(JS41*`G;@)|w!l~cQ
zT0ViE!F^%D@%@KtR;*If9%h?>zqaan>2mK3^J>^{dvoZ4#H7?m+=}&g10!ghu6!;w
z&6l$r<}x?Sd0g$5)Ew)F{!#?Ze3$nG9xj5ok#7Q>My^s~9FBZ`>^?1Us#8=ra}~Qv
zs2#p9jnt{C)Rz2xH$^0WMMkG>0C2(*RQ_42N<5p;%V#66hE{EpB|j_j>eNomlVx{&
zp+nq3FMt%g{A<35;uV+3m*)7|cRmb$UIG%H5+S^p8k++;MOJ4rZDe{Ymuk>#Am0h|
zYFomj>*9+|-9JeP=2~?iji99qy6mpZb$TFYlb*c6g8h4W;3ZjQ5ucmxVA;3SPi=5Z
zr^&L!Gb&7D+gU>%LYH3anD?W>eW}^2>UAG-rG@p}u<u=|``vj-+kkNvpTssezs8kS
zs={x(pIj%G;2)UgDZfG;@xXWXwSb+v4{t35ZBPO((3H>1lW%HEnM^pYHI}38<U{!_
z46<|CHh&b;aq)usmstNACSTo%^&jad`;l%m%H7*J?*97ps?E}!+-~HB#?sl6m3%Zz
z!;9tmF2>a+o`76%9q`h{|16pXf@Xv-NdPETy?Y+P(_*`1>^B+jC`Ix@h?(Fes?tP7
z{o__TfC(Ti{Jq5Pb3!;d6m(<-U~vHHx1Vb20E&bmq_kuPUPg>uHEMgFVt;Y~ccxD_
z)HbmVyV)Z=muhIob#Y+2C|csT+=nx-<IVt<r6jKqd2X`+V~I|_$IzhqIkLe^Wi`%j
zZmh3Mja;3kPua6p>n1|-UY+fSc0{QP_rlVAc$u5nUs5EN9o2=`uZ?~7PbzN4g#=y$
z3y})#uSjEIH7`^%>2Aq_L<NT<tFPy7$$XPW{ZuCqNITaN;h$-SPR(%U5W7d6&qiKb
z=-64j>0rNll$P+K$viO!JgaTF-4?}x?6NuFcQkzd3!K~QA860W@O6(=bZX?_o}TYk
z(9-0{7OvpNXEw72GV>MT1qDIA0I*W_tj;ZXOMakd(H1;v+1ZOwMQI^WaUf&YK|1G5
z+cALscU$V`xTl$BYz%3bg&5(SJGjgF*%W6+VjEhd!&GMJI_~aG-;M<iy324_>!0<H
z>N3$IV;~71U253Cn;R!cYE(8-G&gODH2GyxMI9GlkX)_cfCG9jwO#s9#IX|NAsbps
zO1aLn96}~CN1CQ=5h>>d4zJKxv2X!h&Xc*)s?@lFlmnJ)o}@A&e<og-1->?y*VMz^
zeL@q9TknGt+{c^SnjQ5vVK$YqtyBnBjB({xz>Qd|#>wX+eA{`kzh|I=Rt^c<ag$1Z
z8L_{VUpzcpg?fCuH^ssEz7`^b%;Xpew<vh8Egv&Nwc)k$Y@DI-&Us%6xT~RS-5<@@
zF+<e4V}_{6Fic+AS2<A)6|@-gb_gA~kSo6njH8%K`C8^8TRUfY1EXKlTyWt4@lpcg
zjgGX);%qZ7y!T~m7x?sXG$bbQGFXk5wjEBGO!j0_Z8Pg0{5B<5?xhav{l8S|B+~>A
zS_Z}2EDkPa6=EFnPn)T6Ly~~i32z2MrJFHC1$yy-S9>greL-8$+3UGH-Vz7aN`k-x
ze+@0%?~%U_SQ<w2xfiQ5GdKjI_C|AvG}}mqh&6(zh-AJ6KQ4`zs0cS<t4hr-TH@*r
z&o1-glCjpF{?ukJa)l)pQTVcg0JtlL_2;L<k-t2rAJyJW^9wD(DLF?iKTZ_urI9xJ
zSLG1)PuyK+l=U%`vB+(yVlw4u&#u)gis%+C^dFSV_V5<mY3Z|QI=lOKf9=Nr0-qTI
zw;+=qqKI?0x%q;!iHsi}ChrhOb`Q_G@lHBtjBH0NM`|-p?;T)8-9@jK|1F{u>J>Ch
zyR75jA}K1<H4gZs=$b!l$BbLiA-unWj_O^HGq$-{byu6gmOxkqCE1k69D^Ev)|n;=
zbmJUukz?yjf97dmZ1bnsP1$@lfNw|5Bv}4)v4M5&Rk)tGC06~hiO-t%!DEE~@7eax
z1&i&-+TQuh@D})s`hN;Xv8u{HPF0n1ce4)9w@?Y)`ySI<AltKba1VV-KEiC3I|EiD
zY5Xw04B*Xtl2`5gy{KhEw@7mIGkM0(pynp~0f$<XCCEubO1w-?95ed6;W5?0%v`@`
zjggma+gOb<@AidncTi8g`OMGDQ2R@{fxK$Rep!T{^E8$QO1K8SjM~(qF#HFc+50<B
zB~DaE;8a~TPg;Wa1!ljNESFAP#s?K78q?{<kmF7APM!Wbu=hrseE6U^ZpZ^uV$K#r
z(=L3d(QH0>F+SwwLk-u5&5!p7g9;#j8;9B_f>~Bv-3bPS%v#zjRq>9^$K`oaZx6lh
z>C%=5$sDRjA0mAg0?UL#;-b@ZLU4Phvr7`kx%V!bYFL$ZvaIKm)>eQ3BMQXVrF)$$
zAzlQMN9Uh1i5Yq|EEnoyY9@JX3XVKKAnGmUlD%{J9@VdZXN1$v=t+I+I5pA%j5u&W
zRBCml(mPJu78YF$`$5^QWBtNJ5E>nTf;GTe+(1f0vVWWd3Zi%7fOLHTIN-_%FOhZ#
zQ0x3HRQVM5oOwB4H6+Pi>$!Se(cIluwn2tj)DKs#eWyJYo5h`AzSu_alayUQG1r9C
z-(r_KU89bnP=!z9GvyKB4)kwdq^YxB08k0zzV2MU{92wR4xIyY5gbr%yX9S04>CC}
z;$9Z&l>Aj~JPxb<zS~l{2#tMrCcM}ZXO5#?`}h6$6~FU5Rvnryeq*I5URjM2mRu>h
z5WcZ$T5-Z0^)d8~;|0o<Ie_;A;DWz0Fy`Vnt6^19`f@oaVx?#Ua<#)Tn&s=t<p(rv
z;!=|ME&ahG|J|<r&G%_%g-y;<;H8GXiT`-I$x2V<g<cs8gp5(?m)Bw?RbrrOrdD%+
z;ezw8#vc@X4;+-wX|<{s&S)QaSVl}G)sQcXv{LB&n@SS9oqT-TN$aoHvnRb&aI4a6
zr<Je-4_D(Jcgs&yCk<dri{FewY88o3lWsR@9AK$<{J}sN4U0k7g%6vgfZHo&bu}+J
zS84%tJfdQ|#;s(k*0UjIQ>VnU;XYmV-Kn6H3pq(PKeGl!`S6xWS_e^DwG(Z@x&gTn
zgxGqox9y?>ZOrB=d+3{csHcZ|&kVK;jbczlou97@-oVsqt?qISkv8Y_*Cv*T?_I+W
zazd((Yfg2w>}iX8ngZRG-4izd0q>72=d=57T!M!Lvc6FfITN&Y23H}y+xLTUANEb^
zjc&v&<5rs}G0!%XzBfyQ)9C6tfpxM10;_X;huPk{M@>eRej0~IE3^5qL=w!Cony0a
zTo3&3fMj_2RGEKlidOqI(Lo=cjjw@wjzS5`$c#yvCxWZ4f};66+I9;Mv0JKkP0`M?
z)i@PP+ZbL5HKM*Ng5wTE)CgQ+3YbX+rQ+cHU=7O6gm{YLUP`Z&!7KOuCj+m0SCoHX
zmSeq<b}fz+_c`wz&XZ)|9COcGPiI9=p>cl$9zDlC`_~+OwIA7h#|l@@t)>iQjnA@>
zWtqC|->iZ<2VZ&@({4xvtmG1{^}{YPkJ1$;iFjFO7CP1smpcq!<_0cH`la#7iEeJm
zh^vozDQA}l?w3gG-DL4XIGEr=5&-el`u0cgAYsUkfi}e0g|2D+dZ5W6P{MZeyFf}o
zs3BNP7(%vO>w2f7V(}526b5diP$C8`2hLC^Jw$kSMOaV+TA(0fpGZ)nDqwPCXfgP5
zVb=SAn`I?Xc}Pyf!>AV)JIV4%;S;o=IglA1EBe4{Soy-TtP&UM;&Hbw9wbPAXnw`S
z)#2b1m|dULgK7I(e8;CDZTtmNaM+@Zjt=ec{j+SPW(60)+~2#euZ2#aUftNVtu)bg
zzhJ?t_bGPgF*m0hR<UHqX8{ii%Jg&SM$wz&LzV7_eon1DeaB;U^=n4^NCy(7a9#+8
zG19tUn(FY4v}QZ&_>phKq<9BIg#Ew=FXl$6RbAe|fnPf+il^t<{<JqLJJ71JQW|3$
zFgkMdID?ttKqi@JKkFe<kM}>H%3km#%Z1JI%mX~gN`S<<{6L_37~sRaI=Z>dtM#e+
z<rl)!{ANLD7spRrDOiKx+Slt8Dc#~MsJD@=PO+|=%EaJrBSw^wLo-l>&vJ=1mLJ4E
z650(t)s2h8@CF!{%#)pRf{a2OI6E^C`6cl%3rVTXsoqBk#efKyD&<w<VT`HA*BNU~
z8<c-Cd^qSkG*caJL3O~jF&5}>aORs+orAWQhZc6sq{}{Op3@_kCOS~~1j$VX*}9BG
z&*m&9AyAZp?*%+&@8SA4LDBB0tL&((TULh6S^Dk68bPJQR<kYsRNR*sye^!ajJX_0
zSgsPsBlwg@&-xtok71A2?clCI+o~Uh(b~kS+_J)&Og?m9VIks9Dteds;fcPkr?li;
zHCcxNi>-^*ezT8O)#TI!CHJiDLkb8cjt|b{vKCchXWoio)OKcGv`rKQ(%qbow$1%+
z>-(LfvT{{dNhfRD*^_#~|DSO9JQrqZSWF6Ug@WF)cY{MHl&C<hvGr^9X<$Rgt_lK(
zq#+p41JZW{xt1jq2<QM-z5vL8&YOS8;NnnFg!)rRr~`<!9h}Y!VPS$J9YGISENzqU
zmw*u-$Vr(VV|gpDc8^tt#xHE9XsGh`yRS3now)~J;_df;n-@UEeOgwgRi*BH1_p?a
zmdTm1YZp$bwr;2R<QHb9xcn^0uDn#}tbLM%RJj4xV#%`OWU+%`>V)wG$n;?|`rwr8
zr|S+_H-k(q|FhS8Mj2e&8HWPX#hwhdt&C4G6P!OKxk?P1{d|7hj?e%v<2Row1h8L)
zKjj}+u-m560kw!cg$lT!csR|E=SwX4B~12ZD>3bWFUW5C_9^i6YX>s*l$H_F2H3iN
z@HVeC%bw!q>jS#7FABAc$CaPQYU={1`j&&f7N5<~R>arbe5_w^mHNY%ul^A`*Pav0
zT7)+MdmSjv4)WLsL=gcAuvE12WX*?*(YlS~>JD8u1lMMqvaHunPfVCy(u=kTkU5ex
z2G$7cMOaF&TIBApTS#Ju;`=!rJ0;nwZT079W%qN%<$s5~3C+N>e|zMXxUjx5>J81G
zfxUG$XT^8~D$mK0`v;ru3ZkrM^1bR?m)+h}`Op6jwe{62q?a8SrLYeYb*3In6k`|E
zVy&0Os*T{Tr?^EnauBmXrqJRi1sxRz8C*m&@mW_`OR9a#K65}uicirjsk_-%&&hV|
z$9WBCN`bnB>T@rNKcQ$Cb7bpDgX$#1mC2Vw^?~-&bxujl?xR?Q41<BxeEZnZH;YGz
z)VlX@I*@={Qc8GCG{*ubE3fnSf;>a8EDY4@y#7mCB(l#$Z|Jpy_#E_lwGTbCvgpTV
z6>#C79Ar|9^Wd7NTE{qydC}T?x9RRW1pnN&phsOFXh@>Gu^RpG_Gi<Ty^WueNsYjU
z!ywOjm&ss++B?nUjb1araRw+=y)?$sw$StI+}{%)-($(8H-U1-0WkoP=8ARanTQ2M
z{-Vky`1^HX$Y&y!wZkzR(Xx+Ai49Y(+fi|myFu-~*OlZ}D}&|0kG)3<x5kUqrYPs+
z0%wz>!Uwod@YXKNX^{gGINZYtbYu>|O7lj#C-PBDHlQfEgdtB^ARVfeV&SebiLG7B
zEl8Q{^WpTXs#iCy4#eYQTmNK-TQY}=561~1aZr#5BYa8%5K>xMjdhjWtVm2!s)`OB
z4*gwIIT?GLq_TNRTqAqYNT;zs&YOIm@#}9`_04#QI|h4C(nn_dp7KnJgii*cQqBLL
z)h#IoQX=?i*67r8=WuJoW->r~Csi)de5miOI)D5F|NV@|FiYeQBiY8Fz|Cm;sq!w~
z`BiqgCz}>*sQQ1)s(Jt;brfSQcT6U|p7iqnCD@XLfz)1m!sp{cS(CXB00!sU>ADlk
zO0n3pTb4N9C-y%24(xB5$<H2cCc4J(wFDGoG|TxvE3oh8bhcdG0r!9<5Z)^hc@zKx
zsJo^-FB3dxzZ8(<Q7INF-2_Zh|2wKc5{})q)!gSDMHeNtB^IO@733uqAkaGV`NV()
zL-0=_h!!nbRgf=mNhjl@!<`a~{eg@egs6P_vBxXpZ!R<Th*4ih0FScWk3MGYd1i1>
zdZ+3WLttlCUO4Y$r{gadR0OK{sqN+uzhb_Cz@!Z4+s@A=CY9VNzAnw{-w^j;G*xSi
z1WM@7PW@Ngv4~?%h}f-|$rBZ(c3j*_!1nWV@}I|;(}+M&)#v0^a7{+FTBSFnq2CHe
z1_*LXnl@m9_i<8MO{`%-ws&nUYe8Y>z9=V;c}1`)J5<K70C`)?4P9Btm&70|-4l2r
zp-f7V6iOtZZ)Ki|+ep3aI%7+WyxwK17yHPmn3Lh}fSkiUWbUQsHnIDP1N)VNg!4Rq
z?Hl$p2`+mbF{MnhnO9w5<}3#5S1W9>iP~7JR~34&3cRm^G<GS7NSo}y?ht(v&@&hl
zd$f{-#*JouJqn&!vK?dVZ=kf_&@Zanalpjj2TzMy>YWI6mC<N<uDYA`)qjT>VXT=t
zQ>5?6TzUhhaPN8F`WB%-gUx=>gojh0cCV^NJI&uV4+(Llusncir^bc;k~YveqL~Wi
zLP}4P^Nw)Oqm@n!&7T`J{_OVAF21y&mgUXhG=Hy;aq;I;KOSXus4uY!{G`G5Ezt^^
z6D9ZW@G#7AZ(cgdKE_8~AztwD9~?iK&PE}5)ggm+VWa5D*Dy`QrHb|-j=VGO@uG)*
zy~Ty!j1Q?rp8qXlSm4z(d5=K729+xU^-k%Gsn_7Kf&m^(u2%5oDw+!Ze&YK~Dw=gm
z<YSw~`^LG^p$4B<4PE^HRTB@66&i2~I}$G?ZEO_9@fjPKzQu@f0U?2HI&{uxsohvt
z6|xOqr9!SpI626)pzecEkdAE7)afEr<We(4=F2WLa_Pc@1y~rk7q+5@ZhYush(AP1
zv53gFI@jvpyzWPEGAbH)WL-3XU#qY!p@3u~Xvnp(ZCglCEPH0s2d~KZYQ9Ukb|fj%
zKP9@NgJa{AvR!et`7&yIjjDPa<Q}0zm%E6qM5opYwF;EF<Xm3H$J<G6FLu34!+{k;
zuUGN}J_ebJCU*XA5w=6pk*^=l$kuBdr$ue@VG6^C=YFddeHBxpl4s^3Im(JMve<1?
zo35<qe90zpWqDKBLqqP`GMyrv!Caj)Ni^)j1#&#-{us(9iQ4;x$$uHPTOY(;J2H*|
zw!FtBOtcWz#1%Lx`6z&LXOj@RoaJVw#>Dh@B<_63lKGK!t6>`2zPuTb(n8_LGrx~W
z6glr<^|bQqdGMp4Wl(%eQp(+FF24R-6Q_C58d&d$aU!6<_=8~2y;<MIC^~i`v*;J7
zcYY60B*-F_EyPt>64k%+xTs<xe))fw(e|i?ec7ShfxKwm)S<6zJB7cg8eWtDUv3UN
z2`ov|FLPF6kDc_S%NJDJ&Nn$Gk8f{iGO$ztjk=76<-AygH!YbTZj6>ol^tK*=|bTE
zLv}*A!?M!#F_SpTZTxd1aIX-wQuW@;Jd#gt>s#J<LLMVvrlB8A7;AA&vo9;@5ySV4
zIK?J=A$Q2_SQM)0OFbe8^hlg;&!bbXU)Z{30Qkx8ah3{JRXdfh^|mM_V~=>+GMM1G
zoRt5HqE#!k;%;FlO~=9>Kpnp(aE=h+=ks{)GWR50o-Wq8d_V!zZwNjZ20^O^a4nVY
ze~Lu_Ur=p-7H(Q-%TfvgH*li;xSZ<aC8yhE)+p=g&-%FD@tZVNee3qque=a_CCDK9
z%dUhD3PX-at?WA{I?Grd+DDex1Ww%kYGlBOGpd#EmMQwTZ9VKd;%<>BY%t;KoO-<I
zSt@AkXfJ86QTRCm)e+)q+CQw&p}1K(zoD^jWL3m>xQLf;ezls|ZMGUcTqt7q(5e5#
zA9kwF0%3DmT>XZ43=_WkQ?oR+@?7O_{Fx^b+T@wy)5bR?yTyqMkN?yh=~&mN0FtO*
zKM{sV|M!zWPFNBZ6tUSh-u=?THlT{{vwS~tS7CZ@O>WS0QTTKo3!Kth5lw9iM%;14
za<-y>pV~Zge+bNpGTN$|IStedx(_?ZQEWT-OTJ0*XN{7d1@}1S1?&J`rs*_29uW3+
z^-;Sd?RUXtnIxSag~+j6AFa)o{jZ)zKd>o#LL+)tc~b%%%x83(ol&W9CdX43nNur;
z^ZS?#0rw<ygBr6dq;SMag}e}kqS^W}YfK=2fNl^{t^428_ls4%w>2Fq_v(o6FAWx5
zptzE7cgr7`{)=~*YGqk6uvz$a_SGT%D%N6JlwaO@@FM%D0<cb(N<FwQC^W<&&cbgQ
z)a_5Y=~iKtXPI!>pAX+%d(*04B;6soqR?@h_}oX@$PcYRptqjGdB<<+lWCwS-0mi&
z(kb;oal%VK_&?AWwLquoPeJ-WC%2#Q7H?s-d}b2Rd|U7lbsI0w-IAI+c#~0vw}PWA
zaN?*f$A+i3rk}Zx+^ottHLAtQjnm2ZewTmlK}#=t#I#T1>V6QI{ff1yDGet6sX}KQ
z3672Y6n?;O0doUu3=Ame{2OeT*+C0S+M<PvX({2y;e+(n*>*AcL}mk|J{hyW7IsUB
zjVb-j#>6vf6|NH!$>nNsgwUTlT;^@lt&%NqZ<y6S9%K%^FeXH`tf!l0xdx7ICX~^}
z5o@Ma<3*#L4ZHSJm1K|S;oQO~ha$}W!>|P7?Q`!nW32F3;Hv%(DrJ;IPv(MX)K8Pw
z3xlO#8WA$gF!Qisya^c9as0SY<A?$b=mpIl`6pkG<LI~wDAc>1M(5v$Tn{HK(HdAZ
zawg|IZnLazc=Uz)%auZh&L!;ifmKFLi&vV`?5xF=LaqX8CVJK^Ju5~wR8>I#5p?S~
zt?Y`&EAXeh*f*C6i+6R}t@EvW<nzX_6I^kFIN3dGy35gFfy2KMPshXsF#l*(OsLH!
zIPu&}5}wGt@_R`1+e5YSb;E+i1Uo;iWYXleP4mop68*nTtk=my7@&(o=wwfZ4Q#Dq
zO}D`)S->+1BF6~d^Ku-<wS()6-J5G;LCg-I#`c6Y9@ZHV$bchgt9{L*hsGSxA_16-
z?;GC{k@V5)0A*LN{UL$pK|$F_8h9f&uM!ZHZU{E)0|}I`om}>g>kTaaR1!dd7XCAj
zOhG}|P0N*@h&&p=ifd8|7bE=sxi;j9%OGkoA3+3LLwEKk+}8889DL(Q1cy0*lsmwY
zBdW&oKcW$DSs>c~muG~qiirq|hkyd;nJXz`_E06`e1z-EF0~F|H<kn6H4$LIXmitu
z3Y=-)HAW7pYr*TmrhpvmLcj2Rh_Ma;uLb{!4xI~Pj!jJWGR@-P4obyvnU3$gJ}_cI
z3;S$IDZj>+PRtPuh5l<7_c$G%eg8VpU4uYT-Y;*Fpqa*E>d%DHI|OTr;c?ZKvkhH_
zURP+p_l4qlpg$C;9KSXik|o;w6}7eT`ap3&FI;ljLf2LZtuUGu<oBw=8aBYopnE1m
zJD=f+SJHF~3G=*pg2PwRgsySpuyqp_h|-)al&LY`_ygmCabIMy#K^?S1VzIIG%&k~
z$qiPmvR>2m@!x%p(Y}!3SSb_RFM7c_5_Ft&b{4MBb785J>+dk4TU0v(*xhW!)&-Xv
zB@`q$5954$6z!rNSh%|KW9xAo-O5TVlJ8QgSHG)7QGVIwWB-6ZftkIRnoTVhpGU1r
zQO;3aKjn68w`N3gjytu>oFq3|f@zQ1X1&;MAp^}-79ML7LHl;edpz0D@+?0@)JNN>
zdUS}hCXrm`3gxFk9rKgET_{bcS1|^4##}3~OO_%gN`p?ig4XF8I*)xQnW|pC2VTG`
zf;Dc)X!}{LE%axepR4o0-FII9a{GH_bm6w6-*u6J$_Q~nlHDHN!%1w?VHIhL36rnK
zULUCa2WdmB`%eizALXpA;Qae)jH2YeZt1f8y*PQoh$mG3C1v4rXp?Wp7MOztAtfV=
zi?J8ya~o~l?|Xm?S&l&GKUEBOJ)+hrI1KN1Zk~DX$|wb265D&6zy006U)9!>GSXj5
zYsl@kzR)Fa+Sd-5y1wtQ++}n7Ud_s24u!J^kN1yo(Y3uP6fNlY4oFb4?Tc`tYg7>S
zZxa&2DR7CQIR<f4xYH}n(NA;>z>`vAD_`G2uCy<e4<CmRBn&-{Vllr<PEP&!IXe#z
z4;IKHe;WNwe%a5Aiu!RsCCw*7!Z}HrPekm$_}K5fe*LhL@Ef%_zBcbl>0Y+l$Oo!n
zsTHr*%+Rabz3H-I`<Blh`}F3Wz#HjUNZe~arV1(Pw=)v=Xbi$<-6$-jV+EW>oejU5
z1>byZ%a|W!3}nxy^mv$z3d-AU@SPu_s&%15l}TK%4&qqMXUeVzYTg|5Kf<+)Jm}sl
zyN0s{>#~|>lCwn2h7+`oMP=Pz<$YUn({I~`PEUTU9g=F=S<CKuucDRnfWZ7zhh_Nq
zV+m0OU-u6@G?aP4%mtQQOy=3&2Mh4aiM_8bXCT}ubqf$^za(g9|EBAdwLwy?O2#E%
z(>QpRpj)416S`z;7>iRDa$t;j6u!sNgvu)O6$w*5dG%+1CNf;tY2dyY!)x^Xg#{(!
zy-ockirFS12URrbMU7mI)RjwY6BR;0Wc}(M1a0~~QM1;n9Dt~OQ+l}KYq&&~=SiAd
zwDQyNJm}k5-lt_RC;8BI6PI$cNxeh1?To$1#6LgB32`jdxEO$D=laet$dDdz{yh&2
z)^*Ee(o$!QKc9O6(d-3Vz6AlwL?M!VpdUyV7x%ZI#vm?Of@6m;os@P&57<_E^IbKW
z8=n$H*eqax83rC>XJz<q;i3x=6oUBPhg`G(7HQ~}3}E0Gx<TQGQolRbuWgw(SNTA-
z?C_C^t~K305T*XcuE)kK13kPd)*^vK2_{duoWnM~_#G^ZABRn9`EE>JbCfHcfy;p+
z1dAVr9d?>Z61lHJIUmt;%7}PZwc4vh>8A^LAImZG)q>ttOYMFn0{!=AUK0tNeB;_(
zALJt)37+il0K7K=3-R(nu(60(5;*mSw>%#u147rlqvDQ~NZ0zTOt|Y{#VRNgKyC((
zwFEpH>i{?+-9GBjQNmkdEgDJScQ<BLRF>g1X^*}l_P+FkMdVX0XkD9W>ETweioUOi
zd#=s&^l+6}3*T2lN-4yEi~BKotcX;rj!(gW(#~~|$vY{1E>gFHx0D`sAb<)}<kD9~
z>0UhW6j-(o1k-idcmkg<2QiC6Lg)cKy~5mlkYmnIkUV;TW$)>0T|gBRT>3ubS`jp?
zN>N0`+z$F_)d2`i;Nand*uYNlQptSd+D93*a(4N;zoJ-GNJ-q)pN1Z;1v|x)b$$lW
z%u26BiFj_yFenU=GA54+wFZ>wx|AqF<juebsV}5R4O}KUlw!(3*dfqS<!b%85Sb)r
zWEYqW!D!wg%q#^7?>SxY?gy8VC~>=%WCPS#7urF~w!pzB{#`H4@Ov%{A-WGS-0+s>
zgSf*^y(3K_>>E4G^zZ_(L;TQJgpljgu%3ztaAw`=3ESGQRv|vQG%(*W<Dl?esaDFE
zJbuLU^3~@rAxUQ7Td`zUu{OEXJR&Jh{69aynYF9$<oY|lmxHn`0bG2bh$nD4GjP5z
zL?tU!O8beDgD$`t{t+T_A0oYRZK(kQ3^2ka?nBfp0f4(P2qxGmgarP4<JwdM<fsr1
zHXORUH46dY?#Cb^iTY2ANyq?*)!cH>mMDak9-!9?w$}wvi9n?20pY!7R54v$pkX~1
zzzfJ(^qLFc7Pxu6_?6=fL<S7+5l#a?IHDgECXliU>q)@VtztDb5`eoK6DkDJqz4pz
zN3@oM<S~K^d3CGru*sqI<sf5gK)j`XNzh|>0r{HC;xMRD*9CurTJWnr1NK*RenoWF
zUEF$r0L4s7xg<(A<e8FTJ*Rw#s9mQDYzP3;xo*<|+T$OucqFB-dbfz`ADgPwa?Lxq
z$Hr>sx_1t^*}Nm+l$A^&mMRj#4f|yJ-zBPz=t<}VIqCj)htkZzTDKWPEWWxWL75w?
zIf$;b6@f2+0e;X~0*4GABqWwY3T}=emip0olgtSF<eUJZ?LCFpyNrXcDf-8xX3Q}N
zKT1mc+LOSu{Gf=(@Nw{(zltDiZ1JlFxhq{*&zdQ~n*Zzq;3|vX{MH%0IsN>+LvBjx
z$R6Qn@Z?psF75^8NWIH^pcjnLhkhT}3l4Mu0rsBvgPZGmZpd5@04!>AP8NWbs|sD*
zbx5d>8MwI<<f-dI_ZS|7-*r)laRC3c!uLESU4TLh{WnGFp_hmXv)#T}#UtncXru!R
zE8r4^$nb-{B_MWE%VDIj1nl?!y7p(Jho|XqM-F}Ez{?aco}HM(5>Vy;eUfFPhttL)
zZaMxxqnT8feu)IIKRWflZ?Eyp?%+}XX$XmuJ_(ui{m!-LR)G6#b@-J)M(_-D2xMHn
zsv8NY>RK-srbN>I*M+bw9|W&$DP_HpK9cQvi7W@b6@|zt^5G}WA<PGnVT6m_hiGhE
zZw9To+}?<=Y-i&M^Jl}<MEAd)hmt4>{GYW5!Dvv`|IMM9nO?~aChY%5fvgI5Jw%wt
zCRN-@I1lVmrdiPP&<{|Sl=$V>V;S{kI$K-ifx(esqfX|?)i?MJx|rn!J|>os#9F<W
zf$;0msVzunW+DscaKin4`G9ixg;>lXlIpE7^4lCNP+^G}7?SF8RDA<Ig*x0fxWV;@
zSR-u~KQnsK!45fZT6xRX{3o3dY@K{uK_4ZT1}tRO2XRs`{u{lzHsZs@Yme@A!E9|Z
zaL3A_R}jrgv~E^VZsawwx~nEyz!zpSdQAE5pG+wy3e8hq%VqH4S}u3EVl*WTwED_1
zN%>UHQb(<LEFvx&3_A|)d$9|&vUp}E=|O^UZ1dGOvdL6!j5g8`UMmV0IVf+{dMLUL
zd@`ZBqOey<{0FmJghle`p-)*m9EADflu_Kde5ZfN<oEC3m6U7jQ@@5SQTl2(HmCwX
zh^hh?(O5UNQYVzd$fNGw+R<A#Vg#MOSrK09`f)5o?x=M)eQAMbgJrtjP&MB&YseuV
z+IJCvS$ZhP<rN$u$*t40b2+yM6~`{Oi#j$8Zxd0r+CcAB-BMbUWX<dq&h=Xwf?pJE
zxL#s^-N4~#ht^deh6QaFSi(<9i+&c@fnHU&@R=<5rB*rk(Fc5jI2q_gEbf*LOeKGM
z(m!_KW_t%0M&0QWRg2gtrabZFu4@Le@7yxhCX$s<9EfBsVv;GIY1Xmwbt5+{e->x<
zT~*wvSajOl^DD##vYJmtIZB!}(eMuQ=>SKC^#!=7Wx{8{C%g>4MXUEYsXi=X3T47}
zXK7GH#4rS)nOIdxpx8q9OhcW^qsO%^F+IV2%**<$uln{=ptg3yjb`ZaF|+v(v#Xrv
zqIb3{A}=rSSZKNrhc{tijfwpu%du^OKU?ZN(eGT|)t>iIljN@8Aji%N#fGfru?d6O
zJdttFM2BForC6ZPa7x@uPB`k%ny~ZTp?~(2J73)@YGAtKk<;6<xQa0JOUjZ;f4AS_
z5)<EVzCW27uqJ*xGEmy-MYk@ye{bkDUq^~w$3~^VugJyKuHpxq5v#H`p<|pBI51h<
zxvpNiDzl;2i-0!QOR41<>o24$BiAFrwK;$1&b&J6ZK+Iy6n!EZ6M^l`zbs`4PW`))
z%$6A*Rh6uOy=3Or8!Jl|e`Qh4wwb~QD{bDU4O@cuCNBR3LQaU*xv1-60xh9gO@5Gb
z%~%`O_l;}8rSZwd@ys4iBm0r29$y+7AhNd7kCpaSfGwVsVtaQFb0RrbT01rio7~)N
zS^Lh8&+A)WdW3m;5@JjQU;Czi54?u9@Bf=a>G&4~OJloohd*DhY@X{q7Z1xOaYQrh
zsr)Iz-D|xSTA@uFVHK7U9vQ#Ar0M`oF>V)s^en($^&LktZ|h-{pl0ex_7aO!W37d_
z?No*fv-;ZxZLC%fzhZ;O^P*ALR)tu<58pIVg1e7LF>e0nZ2p&o{>Yd9s3-pDnUYtd
zzEj#gH|LemE(>(tW!6$q@b!A2^%UL7Wr%wHkY}r+a5Ehu&GDDg6A4CZc@>XXRNG4j
zV1Hahgn|{WSOa&tY3D~<`=~-7abW6^vf?dqRF+~xQ#1Coco)5W4R8B8%iXP(27AEJ
zTkh}F;91s?vxMf*EppSX8-u59?!S!n)?+NALx?Y$?6cUj%|xUF>Lw*08`HCpeE|v2
zI83BFP8P`*PGA4tjSWFT#iyH3SDZGYGj*V?w@7(<zxv2#dgZY|t_%LZ`q<iMBKbpt
zIze}z=kRs!Z|z^cf|EY+3}`jhxxDV8VW}oK=Wcx>--LU3x=ul{iRe<HHi2Br5MFb3
zPe_{MV3MnYSe8>WgZ?RZTJ4Zo@9r0pY$NSKmr-%E+E98XjJ{wS+IU4YXZL7#V;PAX
z@;=`9GK+oR0Oq<=g;P2Jm|LOGpG5i8r4$G4FgD@ngs<s5-llT~(sxL$ipe*<>t*9Q
z3*R_DAf6+uqKZ4qU8KBP=x!iKa2;Qiji9ObE30zltI#VniJrTc8t^^pfmaUY<h0&Q
zlsYNsB^mnoS;FouF}wD8c8R+@w;LkVEWxwwv!o6L=1fhusE8-iBo)a+%;jTIao<W$
zR7`};GpI$2oXO2m$eT7VUUQ!)M_W6dpl;}ctCZpwC2SQ^<P`X4%f2~g^Xbco&ru#u
zb05{-M^X6Jyb6d&nt1qiLMJoxQS=<bVas)VY}J)H_VoVBpN|W>()@>AN{?$dRvy`@
zeA^stU4J>RGfFdgviTk{oVUwll#4ZpAGif_(Bn)7?Gc$11pkU<O?P<Y%e*5tn<XGR
z7R|A^&wm^#Smjr6fR|8kq%)+6{l`en^coYeWxpgb>eAUToEf3ORer@S9Hvh0u@wQ$
z)V%^tYX(kE$LlwS9R3}7LTTEVtX?vD%XQNatf=g~SCaz~#wkUWDoS;Dy?6sRk|<Gl
zjy5MQ!JlVu?8ZHDmd88t-3%0Qy8F*<TUdk7I6h*PjFxYVvlxionGbBTDP40<w0>zQ
zPE?Vj%#_0mSHyQL`Q!x2VyUXxbn^T~`pbmJ6YV`lMnLBaRTn<80ZRW^(bloJF4f}^
z%grI@Rm*`VVP_ANva5F=*~NiJJbJ|$S}pFfU156NytTviS@yE=IVc{)9Y>jkXH#OB
z7@kR^Z|~*ZNOOu!b|(EYF&;VR?D|yA4<UlZJhMieTQ_6$r)Ks%laYD1r+nQrN!m8&
z1hn#ur?gRCagObCD8cTvg?m$Go%d*(0-Il9lrl(5?o_;7WKwAGh@yBgX!T<uPB*Yg
zG!QdK-hD>BpE(|E^uj^QBuL7oSLk5{8$a{-;Twmg0qa=df$PBT?Ks)IRtAO>OjHp=
z)+ZB3L_AgD88GV;D)=<;>3WYz&Zmrp+f(-L6rfCA@|$af3N`SP+gr@z7lAVC<Kd!v
zoJ|VGZzpgIOyUtpxZvZ~%QL3S-QbJ+B75pb${t~Vo6~UW-H~s!Z#ILZ%@t{yl!CYp
z@v*MFkYX*I&`p;-{bggFr;=|)q=Nm@lS&VPf9T;?t+Dya9_OkUPD|7@XG6og6hz*D
zW4%xbTs4_baVh>q+t~ik+{Xpu^$ID&OXJkMuN)Xz{d~(k5|q*yD#%hJvx;U>6S;%?
zp3V^utfD0NskYlL!o0k;F$Zl+;<%${*TbDwNqc`Ypz25$>(PNQVumhXDZL!c5Wru4
zo~f$UfdNBY^PupOuvi#xO}}tD7e19J@;lt?Dl6HKp?ml+vlJ>Z%@R68NlL=c;>s1O
z^YHQ}-v9iBH3T`s|FW6x^oa1<v%Bo^vJ8QsqHK$0K?R%DWKg%#lh%btA90U<9_#)c
zzQ1$)gL=i+ui!?RK%J{QQAUT^x0Y%|@pgEa;;<)@s^FIX+NOI#n(Tb!RWs;C_O3z{
z13Okh(RoDl;)?C4=jljE5fYz%>Mjd~c}E`q(ZZSSsJ_I4XA&a6vSxg~^P*+8Q;VwY
zHw&dZ51(RBR?=R2#*NZ%!L`7;d0yuH5WT=g%G#U@!=U#ophohQ6o0RR#_8TjHqMp0
z7;;t6A(_A1+aoD{i^>m&nM*-Yvf)Urf2yje5BoKeMCZU$HG1oR{71_*t>z!wa^lY@
z-n4%8<DJ^V0Z%GWz%z=5GL0<Y_aow{9L46Tm9oE;a#=CCbedU$+!_%9X|t`JiyXeY
zoc>x=Oll}so~iTPi)6r9{oHp{n-Z!Mn`FmAev5Bmev;zTDsn-;g^TT1F#Kypw6iZ%
zR{2PyajX3{$Lw1Bf%A#S=s*^>WNZHym)vEs)ZVZ;fsOs&J~pO*!oweiQz8s|B4{-|
zdzSAY8ofC)A}d2lb?o+;uvn3s4CIQ4kT+dF^wpdR#T<YqV|&<p>1lt9ohxW`VfNK-
zE~<Y40_b8Z)~dr{=8Yj}p%KAaW3{1+%Qooq$(igwTAE8(%qO084?!)`U0x&Vl(*Xd
zG*vIZ4+YT(zF73HLke}j<=7H2%cEflPc`rSM#B=Fs!sBIrQuEmO_XJC$03(ZS@~B)
zPUVun36u>Laa*SmCwX0R#TI~qoqDZ=#qS1<&9*UU{~P*%dNEKRjCfL*FY<sT4Tx`g
z-+xfY6MC5QJ<rJu1mI<a;~$(4N4l{1uu5Ub!Zw*3-kwld4$>EfT>amkz{v-hC;6F&
zHwG}dKA?=T;6~Umw0BG^G`nMCFipnVT5>7oUuFXr^oG313^W4cE(sNFF!1v6XbQx(
z>VlrUN2P7WSY(_}>89horOawI`gIw~5C61QB;5aIyT=ZT`?Dk4sSwL|857)MrQ9Te
zMuMfzpb-D}nmjcDogacs`U)|B{t}8F;cGj7WuGft&KTYwH~)lt(^~XD0F6L$zm0vO
z{6Jj~M}VV&o69*qpU=ZE{`P5=>Pi1SsVv=2Axn1|#I8c<raKIzZEG>c8#<#>^9zDf
z+%s;8@@=Jjh*#ObTBqUvEy@82p?q~1Z{(ax?XFkKH$~I6r8pTbApRd~fBN(S2=jdl
zL(MmB_0ad7^N{1*yh^no0)p0s0{WF+?mFhw$)a27?WA>X9&#luuT;y8I%hTZ`tGOT
zmxS84>1ze+{or+c$GjDls?!#tUi;lm#6Mv@yt8En#+Qd3>Y%li>R(O4dahyi-HM&#
z=un$IdcRtNeA3sInjh#aZGVxie;^)-cvN#=UGm*e-A`8}rW4H}rhfl5?dX5?=V9MZ
z`4PWi=&ijh^j7YnfHu<4$-hFZ?r+FTK>gykO7$^gFPskjC9-Y;F<8?yx-lP7qfquj
zeWm&g_+)#q>q7M5ou#h?W$ygFlHGx-rLU*O{Er&i1hir5p3843OY37UAYa<$N;M_a
zJb*6#e-Si0v%I&G&HoZH|NcPT$f92i@;#K#?Yi0i3cLRW`37Av>u;~Iy=|($(fnP7
z;e{B^Y{z=(_gsBWKlpk2zi!U%pBsAH36ynRtyI@H$UaJidI!kTzC>sw!(x<`jJD6#
zH@o}xLtYQK-`SVmE*NjrpOu>bTDB(8%XeL$HvY>z47pYrhOO>xR7x5Dr^Wb>9Cu=9
z!ryXS{F8FL7r?>RKQWzvc*EVdJ%jz>t_d*t(aVL#Pff!4BgP+Zj3vFS>Y-md$u{Zz
zLot3be#6g(4vl(zPhE%Z&FQzA&&2=f^Iw#&xKXJ-2n~M}Uxj$uU;cU)yZ;>VjK3Om
zOCNp;@jC->nx1;Z(-D8p@TaTIEBg8-B3z!Y`_S~?#;AYtRYB_#T@as#xD>!Y0P$kP
z<B5sChc?f-pYflg{8`5RXDDAFR2l2SX1{lN*ztP(?s8!h0rS-^?7ei~`vCH!IjhvI
z22Ymh&Y%Lq|Id#ohiyQZuN~*x6Eo0V?>|$U;P-f{RBzz-BR<apAAtB`3w$`@%PsKn
zh_AE2OAy~`fp0>*)B-<%_&&s2Q2^^Q-GyiUKjIaLM+eAXNBkV(*#Wq>Dc0AhV7x8j
zgDmhY#EYYX(=!<Hc>y?E|3-W<;=bkLWc*i%*mlI&eM!1c#{%+S*=MW6>Oaa9MhCxV
zH+{baeu}=|0<Wj<x4>P=SUv$b^M8%_I>ZOxbl*bPMb>f5(k;{i23!9|zS4x?_ZK0)
z&jMe9_+bltJK`rS@G`_J5bsZcC*6@x>-FFQ;%SNg@~r<)!Ttd8F?!xN*e{GURMQ^L
z$4t+9{l|EP0erNtAAoo<;_N=gSFmsGDI4vSeLsdrHmXuh%l6v$BQ7CM)f!rV2kYrx
zf_O6G4^e!mJM#Z@yOZsR4@10(p6+qnU_ZN)Q+oIT9UFrG>JUp!sxs`<%)a@V53*kF
zbrLrt=rV6+035LPH#!K>>hgeQ*k3lOQWqHcN&D9#K4+Z36=BCmziAZ8TtFGN-Q3e1
z*;l{gr5JIcX_Z<DVAd&e{r&%U_xbwUY^74rwVo5mvkG|z*q~wErl)DGse-A9J)93{
zOE}E_r8(B87FFtN`n%0@0PZQXi5Gj!qM4lmbZvu&_in8UV@~=SN+l`KvMTueJ97Ld
zERN2MWA-h<9CgSsC@hZO+f$Co795?TdFU7x$0o)xqFpe@DCBU5#ql!ZcrJj0?f<9Z
zd^okrZ@*y`V&@S1+R$GuY!$}_UD@$mu;)|lZtdlNaxe_b;!e~9goIC52lj12^{s;N
z&s$G|a(s7m<hPJvK$|LcE=@Fz!OdW8l7<b(uoD<I#RwZ~*vJ-QSYF#IV{ekS@7!w~
z<RbPk?W3|WeOa`Pk7nCWw4DvZ@InlqNW=So>bv6x^)P9$&yJ!3dFxTew`I%vf5eL0
z>1|K{qixUC68nF|*BNckDlb?+|3dKYbe7S-4?v#C_7>wm;_(*vc*K(faJK%7cpBmj
zerHYh;XG_|NDBJ>uP8qX<*$XZ)%LeLJtkOn9-!?(#<!B8ZO1A#!dOec$=df2zKwOY
z=oNCWksBUjl?b#kX&%0R`|VX~zVYo1HV*%kef>|aGs|S}K;s?8cx5!6S+`|#<6OPt
z8>Y{V`Bb87p+itqO2hv6?kaVxJ4D`@_gpi2hVuXUifrDCHBCur+J@sh;(JzU`&|M0
zDffuU%-VDrIrIOD@rGc$QT}Toy{zv@`A<mggN_Sz$Th21m3k7ue~o@#a-Mr$Mo;&;
z3~rL?o?#j%^%k68^sZ9381t8G#n#6(mOM+eIm`h1zZ@245XL#sM;`+-{qHQH-PD)>
z9iI6=#yEHOt@2wpUyN8M6UOvk#L^M-1hk_Adi+5qoZ4JfBVK@bkHBwEe#5Z-r|)vL
z#`ceLW}m+Kh<%4x7t?z>Ar{%MN;R1gX#1at$6Me-5l`+HtOt)qJguLucj;I$VoMMk
zYr>Y$`1yK2pkrGRE6VqedjK)1f0bcB%lbdWM)vpTt4FLZ0F&CtF#LXhED5o5_xryi
z9kHPg_{(J>RuO;=LTvB=e{48nClKpr!U_=cK3JvZ=@{LworPFFV(hG%m3^7NzvG8P
zxUtQ$>R?#^kNm~Re}6zZx!Pj-5YGrGr&PpYV3p=Cc!WEW*?%IIH&7d!=pT(Uq7e^W
zlfv;08%?E@`Hg~o!)`*3*swUhZbUg=x8S&f9EA^sqkpt`i0U6l9t_rDx+L-NbXXkK
z11U$7f&LtHydT^S+f(9MHa-LQJRO`L{#@US9ED-S@x6U5_OSD?e`r{5&Nl8&ScP#4
z@jX8KK3}=*M!aI6F>i=`T)$uG6yjG9XLmXH?g^j{hUxvwxefCXp*_~OhxGm=tKn{{
zB*d>IpH+|P_0US+8XTZpWjVP;{)l$&a~N{D@Evzs-7mDubO|~&t1(^Z#O{B>xRHaZ
z)Oi5Gdig}(zJ5bJEJOJMlz-a)T{tX_kQ>%ExO{Ct)n^h!t<yD4j+RgStvG*pxJvyJ
zg42ti{cxbE1&x!3adIEg=UZXKp=DHnajG%S19}-vq-%3*?)g98bd#-TE=RefNA<oV
zaO^ZG0koekL)i?J9iq#c?S^t2*6Vr(9T?H`@6M(?Bn%Iy?q7VK*8N_O2DhKl$Wi}%
zI2@}P#}EsSQsnqLERNxfWAor(4k4L`m0@wTVI2P(9NdmmJ7D{GM4uP3c7!^Hl<A~>
zR0f7^YI4@N-$J(w%kt^pLoj^SBMtKyst1ikY#n0H80&+*weffz;l49%hUFNCwX&V;
z{y&U&4)ckf|ITwqa*v{h;*Ml(bsvW1VcPGqu$i-1i~lOb))UhOy|-cgc@q1Xzqfa#
zXLC1O-&v6D92r8zW#|9!9j>9MU*FWW#Mpa^;6v;^ajPv~g8j&{kP0^KkFMbRONLcx
zHZ*<x`;@-e|K5*n)pX%ze{3=AqD`j%bj1GU*@iNue{BB;@p*_B8*RC}VJpHtuHDS`
z1pb%GjzZb%C_BI`%VleNWKXsf&i<JF1Ing9hy6-eb{-tx<R)`e+9u+g^RV-UsxW*J
zy!8TY6FY_nx2wU(F)u8RK8)jQ3y#Ie@gj!){XMS|<JcU)LHpd{G7r_*ay|5(*T=Ov
zygpZA`#0QHW3trEcaFNg6OJb@=yPpd(Rb?;ZyN5s9rc}?gm=R5y5YK>+^}BQ)19o_
zzud0zPu9zj*}ouGgxF&yY&2pg5R1_<I@T2<R*hH(f8PySKmV5hy*KRs50tO}CyrC$
zoUhC0Zws|g%<li_jPvIaRmMFV<}v0~)2r!w??l;>m#WkvfFSz<W>eptjWK-#_9lBf
zHJiR(X4}&7$W?({!}WZi?Q<StUH(<2ZqxZK_bPLP?@FL!Y8l2Y{g<xa=KAcwe1^8U
z4g23HcLn8I80!UAcW<)1>*?M{__fxVm+AAPk#`4{=c`rfcQpSVq<oK3zK1DaPve|P
zF6HBvhB#`-LMPga#A(8Geg>ztf8-r9s><+{V4;U)@c**~ZQSyG0?je9om4-lN4~=a
zRcgIab~zUJXlJ=caNoGov-}H?rl-@LIDZ&ZWt_vg$sMh<3G;W55Jm`k9UhN-i^t+z
z!WeIILa*Bl;bS?=o?W|t=rD3^nowof{?hhZjTlVS_ig&Kb#iUnSZ{~IUD&^3xY;%>
z9<jEFH8b(FMJyLF-}%UKTwizc2u(+$;dvN73d5f_g=cV&Faa7q9K-ivc#aX?-<|w&
z!~DAl!>?etXnN;j#Oe|IKMG(Aeub_6J!71|FU9bzN&1|ZT5vze1oC8)--v3IS&T9Q
zVKN1T+bPqg__BU>UAP<Di~FqlO{o0$yWfqUYdseCw4QK+e*YQ1qf69TwW<GIVst|C
zrLo-7PrH+97Ro|l=x?GjTTx~(%1rRd3}vPQ1AO(0>RG2yW*^Fkf%liy@l=B|tSs->
zPPcZac|!YO?>(4bllAv!2KbrDm(41?cK#RT>rmdQmn+?|^Nkm5{R6`*Ci}08u>K$M
zbBNz-!io{|PSNX#9)Ag9`G}d0g=qU<i04kx_kT=ynJ#Z$2cqe`fcU&A`noUkA2P&k
z)-zmPaK4J+ll}dbgz$CY;Ky561jC+xa2IM1Ri*wE@ZBR3FP&ed?$<F|o`r~wUQngo
z{l(hG{n)|3EVGeYzmM*48y;5w5{}OC-(RS{aNpa(I)}F{597n)xQlT}i-I`@A;+U(
zan#pQj&^my93{wcTUZ=x8HZ9AyhpPAUKw^jF<b4W=Ob-rhY|Y|u{(@9pUZ3;9yAs!
zV+qwRsqA%>6`!1~W|{3WP_|dYVsRUet`$@6uJk-}m3l;P6Xr3fyJka@L2rHx7=nhl
z({laR0@(Zqxr(u@n?2zF-t30=*654W!+nMl^qlu9j92(Gj@LIm4};UF<UIGfj6C<@
zOui{~+!Qc`<v0geokD162j2UzeqKV|Jow(j!N!yfXBaPPbG7btoqw3|+|Ah_q}?$&
z6#34Ck<T=5icxk6mi6IQCRyXI=PVSxU(hx#`Kg?4ea_B5W4tc$)oOyNA2@|rE@HlW
zzCf>g@wf6YA)z{qIq@SXm886h96|a&atsNJBY|<e9Kb>IWpsuN65>BYKt88)6U>)G
z((hZ2vIkJsH#Rc+cN!nr%M$;#zv|^)%rnO{mYX#CH>IcZaIkYY-}GK*`b~#A2ItF2
z<X9dS$CHf1*(o?*W_3e-#C29X1K!7MD?1u1+2@!odkh`66lJS#t5#=N?1^Uid_K8J
zz<z$VGw`^N?;gy^Oc_!!O}@L<gKQ2po5-bd;L)7kCLjmf6Rji2wH3L(F#3!DyEAGV
zX--0KlO40EzV7S5!|h?^sm${9h1-M6#dRAGku>ygIljD|atsLIVESKo)X(sHHiK`B
zq6XQTVGGm$Fnk}zW46U?e|M7c9Zdi0PS1yh4lly+<sri9Hyp-qC@HQEW6XG=n0~{p
zcLnEzw<8ZPhsBY`IL=vc3_^}xVR2N=pd2wXf;mc%BPA@3MU3P3>D9sGUzQ99A8#1{
z=-lrxVmyw2H;g`|2llno`MhaDk%$%dtiJwoC5xVQnXUfI!bUH<$d-p4?LazEGW(}&
z)CaL#Ws5dujD4GeEZ=(vn8&bsLg%(4k#7i=^DP5S?;dR0PrORBjl{v)=*K;+b@X&E
zcpb(aP*kmrB_YSaT$giQ0r!AH^|T2b-=73KD%8&h(y~aqorj!eHDQ!RJW3@g7iI^S
z=Wyg`5*EkN6v}aAjz0$-`-*zd^YK{!XF}jOsb|cuHht_HukW~O`yV~%dEFX6dn($O
zokDy$;y>PWo|>hN57^q~gji#w`JR>|LtgV5<1DWA`f7J=t)PPNk6W+7>ANnv|C=0Y
zZ&ah6(ftkT{%^80d(Cuqp02?f6TkXX-n=W+&1XNl8+i)a)u{J{;HeSJJekf1%`90B
z`#`Q-oWFLe(flgtf3#du5nqS+?G}4Cz38I#2mWTIzIs(~2M<>|hf^oM>`d##w%coh
z?Vpk3>##V+GY;q+%pu*$!!pGGex30?#&IDa9n7a%6CN&L9%RsU#^Hvo%?ftP`(fGl
z*_!=tPn>@t(^R7mGW5rn482Cr_aXRiJj$;_`APov4FUc{j5FGwh4L_%9b!60`^t0p
zj#GEksOI_Jb;M2}b`^Z@&Ar*4!I+!b@6&u9aTgD>?g^)?p1FtS^Cx!&m(?cZcs?wS
zWX93z?qH59$dP$ZIOYBQ-IQZo00-@(<9o}n9rGrJmPs!^-IQ)3`n0f~PI`g;=X(ZX
zugg#5wDt%oJS@JmhTXj`yrHd0Td$8Y({4Yb`ApM1qy*D2kEV@;Q9cEPR>qJ8MDyYT
z@{PiL@!5flqw{O5h;-bP@?=<rVL|s}Cv$^*$4=S(w<uSSa+~xzqu*hh<+m<d6ny_J
zU3VOgaYuEjQFHvypY$}{f4i9D4q3Se(9XYO{K9){)Q<k=-`O3wJ>7=|>K@0>QI#IA
z8simr)xSGnuf31Stn&%eRx&&P+y}=Gj8|lQYi96$y$=M8@|n(_7G|-U{TuR~Lq6so
z>mhgKQ}`yDzVV1h-dCe8G<1<3n!caT{o6DT@;eO7?0+%dsEitIU6YmPD49-Yy6NYn
zPSNyZxa^-_+B()y*{{Q9_CI~;{`G9bE|AulWW+{xtI>3C%$-Mcjg;9xW7sGR3-oI+
z0Pzuso6l*m@<+T7@vn^ZYUg{jg+0xWWez*B-AmT*VV3fo1KD0Hvwy(&@tHO1ZCYB=
z=>_4*__!PK48(^SytLZ(mVM`~>35t%nIe?wrNzy_s>eQr=A+OL=ldAeMvsrN`r;VQ
z(#`z;VEADSkMrLb$@1B9J?3xA^_2N+pl`ru<&QkeyX)!H|7balM;x+hjCEndhi>{4
zMu~TKHpp*6`DB!D3x4TgzDpatl4^f!{a2Syv-mz{|B;XLO$-n8KbM4fF5-cHa5_=>
zY-~?${qa1+hrLvz4)FNnLlIv$wniOK8gSa@j7B_de2w}S1vG!g1#Dq@wCtysEI~P#
zP-CoZ&_6c+M_fYO>F-y;`hM_rJav|A(LeSy>{ea<>H55Xy`}p)sfbq~9;xpWO{eWB
zXim)E$_IHZr(JS@<4#k)jP6g@V{81*4`txLtr<N0KBXp%GhchB(DCcVDZyjlb>#Re
zERF)k(Jz35)|;gJF@F(nIHSlt?W<U{{JLOxA%;&d!t<&3jlM?1^OZl!)uCLV-S23`
zuLOKQJO8E22jZ&`KWBmOM!W*?J^}bC#N(&xd4L*BfBif~J>toTuLzKLJs`tY#2*i+
zXQ_xok^Y?_?4aoRfB?JmEdMo^hWCs_zKo(8W8O;tXxl78e9Qf_wR3N*UH7EzI-B*^
zCYx9~4sS)-a+DpX%Le&e$!6;`&js4}(75#&Hxl3fl5v)sjl((S^MHI^;ND>tJ42d2
z0Oy}GYSaf5_&Yn{9Cw|-U$fpL$np8iC_uiUB|&{3_N^}(eIGq<L&uL*C|iiKANZF;
zmU*p<T0{C}drpIX8kxnz|9w~!#yZkHAJR4vzbv?24M2`=VR8Jql5*58_2-~_G9w?v
z@e#k{cjH`dgKn5Z%dUsE|C+(4Su9_7b8^Fi*ROp(iw`5WcM<AH##ycYq4#hqIR4Pz
z?BOI2ltEZhqxr6V(jD0cD-r#MI}uMp{1Mvs_WnB?p<eio5F6f^?h)n<Z~6_hkUJUk
zzKKQtn9iHd4ssy)c#yS$=Km4->X7fh;rKw#f8b{BcbI){r-x)1vZ6*^Z=|mWO<yk~
zeLeO4bN+5xemw${IXD>XW*!%2A%7{>p1!93f$6`9UqSpm|F%N4(0tRD!@qp`Iu)bi
zS2e~Pfps>`B0n4EBGixA8mo<w*R4G5v-97BP(N5zW7uez*9B;zviyA}4Ddh2`XAFT
zZ9FMLzUh5uYwHZg*#&Apl{-%4Q`x>1wfWhEa>e*w-#IPwd^tPFK3db6&S9KW80WHa
zE+X5!-bXi9p3_evv%HRf80SM9YSag9rnH!S6{Rrg-qaU>_Mo-De2iDNwMJVb4l!qV
zF`#Gd?c{n{O?qfL79(HQ$2Dr_Nbp+|>)Eg&r1%bWI33ytu=DR2FYim78~EE7v$AQ}
z!tTawd4xx>etcD<mU4di*~2nFsRcraS>`DE{m4~)phg`Ws;xC}^>b%DXL(wrSBOhR
zx;gm|Lb;4!{;%-e`wroFFZg{&D8GUH8+_;qGyRsNM^QgJQlr|9Z^^yMnHVn9GSOJL
zTP*#)^rj2MmR&D9|AX&tTUMjKZq(O4rhUL%EcOUqbMncz^_}CPWqBCmjr<PhWX8QJ
zJ!qPHTCRB(OWdFkhX>gFcd!h1o~cpm{cTFE{FzX@kha!k)5Gu&G93BN)z+w)q4uh1
zr?EQ7WQpq$q>1SIKjk}Hqb`tw%R9)AQz_vuTPLum&rgBtG5p@T8nv;@zpdq%I*BRz
z!ZVxyqI}x*8bAM6w0|0a_+rEt8vS%n^ZH*8-P3U&V>XXsg&4<mqeeaC-v+JbGSrT5
zU#P2MnEeNG6{|Js7W#g!gk6J_jE@)S_d%_?gW}Zp&0B1_ptr0qJJES^<m1?Xq0D`{
z%sB2<<NRV<47-A1kI=AO-~7EBTZ_oWur8!lvk%B(b_evEd%5$qJQ;@J*D?H9w13|A
zH#*dzoZ(DOFOL$8vpl9&U1K-JF`v6i7k%#E*gFoOd|KmLwU4o07IHq=%UvO9_g_4L
z{cDq2^>w4a4mb~;qn&ZcVf8QDF!-bS*#+YkV%!sYIn#BAbsSgh^Yg;)KcM_gYqhi6
zH{XN6KID~<hH|v~Uxi$Qkjv+$l47NZ4M5CiJIU_<LTnvksYc(?!)ITS%_?%Aadxg=
z+hU@5APhnI)LQLaD$9c$V_hy+%Y#xv??Lf%5Te<nXJA~RMXjcjuszEKMtvDPg!=Qe
z4jYAGZClo=vy8AJ7Dmf)7EKR^`RwRScUol|dQNZsLV@m@4e36Na{=T0)07XV5X)^<
zt8O;eAM+T#l2y4(-&pH<Qic=lYt<Z@!CY@+VTDb=_*KMY56&QJ56=AGV!XQaTGLq`
zvmUfKnVW9jf5~NcDN+BFS$cmz!W2r=J&W>ns8v5PzTdYN`;gg<Ap4_rY&Xgm+*Yez
zzNrncF;10*u$b5G|9MJ=PMvDiKg_l&4SG^<tU0wl=P0!9WT3ooN3H5LbjxfjUH!Mf
zc__{A(HQp}#(mxJ@0jb~zP*ChzIot%4V{k5n=oE_My>k7-;c|5XZHU>3`-##we?`*
za<G^69_(Ca`qMI`X4a}Bj4|RNzdEHmq~uE+TGgU@?NE#}q;IWehr{}bH`s<zw+6Qm
z;9DCZZ`==LR3vGHv5Sd2p1zazuLT(YWr6jrcj7pdtMGhp{&NKjRAL{Bzh$ERW^IV>
zSsu8*R(-`k&ZGWuxa)cp7Ki%xiGQe8y-NJz+(G=~Eb+ymec)F7S3Rg!vz25uzB`Hx
zM~Tl38G0u}#>2I~bzfa(o1YBeJ1?NjHb0q_h79ZfhGKvFNUe5Hq26Xo5gYnwt(s<T
z<7PdHyP#{wD~&ot`=2WqZ}3yKDjNd^yCWaf`&nlH{|vS#4EsN$yto`+QDxBgV)$VU
zFScy&`H!3DIo+M3%s&mA+)>DpG_+PbSNpI#@(DHwcQgC}%){_5817s1WZ#ciE@Gky
zD@E)slN|lFGQ_$f_7Z66%W@Cmo<(LFR)=9TG3;d;mhH~xp4UE{t$+O=j_(-e^FiRl
zQxUI2JSzb2f_U09wd(CAoSlC_JpY+m|NAcx%R?;6gpEdQP=H)9VgpQabbMHX*bv12
zdsDsM=RcS5KZH8u5IC*K(y#L3{xl+F`>(Vd2{l7t-~SIRk7sMul7M^}fcRm=HwWOu
z5g+wjt>N#K{w3qT@raK=e3Vh&=unsEw|}u5We%VW+v}n0Tp3!qG5_}%2G2Lt3o3sC
zvFj+GtjR|X)ay45tJmcdjrR>Q?8zgCVSkQcgN?AB__A!x4mVp%ODB}cK$$?lGc<la
zhGk*ccvJj*YAH$Mch~0DBT;4@$~4>;l%tPtj~Vw2WjS%)($oK*p;Z`f-}6Ra6X2)E
zH!eP8oS@6n{Y6(}yvX6T+Bw`zi#tcz7}d*N%2OpL*j$uGqxsSHS*)+fv&LfnqOSwv
z=Lb3);iH0YT*QceTZCFU79s!g7iu-151{qoi=U<Efp9zy_0C@II>Jv1d_{M5Z)m`R
zw67l4BWLl8wSM+8L-3#LIqY8%j}J$W7{SbCtd3#4VL5zu)8?lm@EutrYE@@=@0b^A
zF^<jukV|^0R{aIS;2J`2^$T@+N8kT^UWTp6w^7d%`i^A8hW@KomHpSs{mPtg9hm*y
zoPmDtX<el2rX!Fq^_5!nyoLQ%j>%VghGx1Pw8}d$7|b;0KQ#TX>2n!#`^cwj6UIj3
zP@f7-brTql?R`|O+Sxx2w#6aF`D1E(orZErDEC`<_sHFCeI~TqP5qu^;J;#g&!#tO
zwKMAtdz;;Tcg$t^AEF*)+G=HG#%y(vqYgRlHaOV$oJ%>LH%T-9{V(A6|GQSb;^&*t
zq=UB9r=>4y=QpX2+zI0x{!gvC*zJqc%YR-`W4IsH?tgoM?)TKHzBOLjPmV&Y3u5mW
z{p17MCX(iMg!Qu}D6<u1;tZJw4gFv%hHWou=<{hmcR-gP;J?nB8F-I#F=tVWbibDL
zz21M~_f6Avqizjr0JQz4V^}?gtu)5s9--?2j>VIOphnljcaP6#<Qnu=t@?!*8s@1(
zP5Jn5modMmdA17WuPm$8?u26L>f=u5f%pbWw*P@L1D4ksK3&c8d857dCINHVEN6c3
z6_+fZlV8O8v9e*#&Cb6e28cDesh@rQzPWt9+0E9)*#1BA9bQ$dt~1v`^E_w*G4g@!
z|D$~VTI{F!5b~*<Z%JCa{|DtWHq@#P!6dJ(2juux6K~gFLG@AZ2pN*M)T;k5%Nsg1
zP67El^rdpXr5-Kcmp~eS0LIVXhVdc9m_^t5`dE3D)pX-o7{37HcQxu?FL&}wT3^Jz
zAHx@8_$c1`d*~#!PQL+(R;_B3uluxCJxKZJyT8!<pj=0M`Dgz67}Nh>LjKQmy{?bD
zkmDvA_7u$i0mGAb)CTQm=OLaJfV1|GczOV?s^mS6?s}wpiaNsJn6tOR2I48d4K5PT
zSGU1R&a?G4ILozKaT^@x<#%s`3f?pSHdrKh#@_}<1kbM>V20SLsssEb%HMZ@LYwDk
z2iR-#eAWT3+dQi}z;=79w>!Xxk}|skY?VCII=~;2=Sn)PaCpwAL#?CL$#gg(D@W3y
zT=smG4)dIzt?6*g*>puZtaEwZO^5R?&x~|<Pw^C>jFR%pt#HKcIe#lmi|~AVD|{B=
z*>@{ki%9wSRyZ9gZ@LxEMSAwMhb11*NA2Ob$FsaW%!x{w-ySAMd#1F9-O-+F?cn!l
z&xLkS>P`8f9c+y89BKy_V>~<B!8@^@b?u-$Hs#%Ruq!U=opw+bces(3PYVbf$JTtD
zM6UNj9Z}x$!rNTbZ_)4-Cm)W6IlQvR3rG3>m%Xq=Scj5jqH}*V{4RRVAY$wDy%&n@
z?s6|2wo4yHL!CWuXEb~#_1O~*TO6<a;Dw#Ch%)7}h=?jbfXF*85oM0K|Ft0+_C|b*
z^=whJxIG%)kH-FXd9=7X8dgW2BU<`yfl_=bCC)k<%;ls>c393IB@^s$O}GPKgZLSJ
zuCsOWmAe~S0<?_&lfYfaiH^Bw#~UBn0n(C8zoR=r8{cnKwwrjm!mZ8p-}wJ#-tN#j
znf;EXopY|djKKZw`2>d9{|hfZu5%|rM}Usb69gWRHxqcwy_~=+_NfF$zsSNH0}lS3
zou>&5ls_Rb#EtsxDEUnSW66uYG-tw8><p#~iPIwBQ=!#QZdfiVGb3P+81rTX?6$wL
zHUh>tny!w3CGr&VVFa9UCeMg~^{#CkO8w+!Q)zW!Ho5n%9l}))nP*Em;30+fB7#4@
zm84%hM3u_vkJIu1%rvKb#zVF{G5>yZO6NUfrt4!71Bov^uGyUDEDy^#diRC8Fow8P
zA}(~1Z|&ktmoCQSI?g9+csM|){!D-0v7Fl_Ksk3s`#pz;&++MV;wWklXNde^JNSus
z54MA1PF~Rt7I4mzcJv;}<LzK3-|_o)P$-HQ+ramBX;B-fvg2ocDfKIB2cJ6RYi(h#
z!+EhS9CJi|)((Dk$ZOidbw@7s;ViFe3y0+BxozQ+EKg|*<DAal+rSoQClvg{B`s(V
zA1Kni_HaTOfMlE8l;D6{-qQw-y9eUH7a{L#1G^)X^=;sr2zu>Jfk)on4rX}XIMNOd
zMJd?6)<i3X?cp1*b7Fg_jB$={55L7a-)Rp=<K)F{U{QRh)$QO&{A`SSHsND(p)H(j
zB-OQn`bN_JHn1V7?UZ(KHA!CD2F5i;J@xy>3I&>cNanYJuaXC#{GybfFs~=4ifh}z
z^wbGRG_!>~w++1ABBrnn9BHBa)f&oML|kqSGg{6k<J!QxX$ilyhHYsHr&_}ox5z8o
zK=myme%_eYEe^JYjjdguw1pk5U5DGi{?;PC;BadfX6mWdRRU;b>V#r!ZpET>&L~n^
zX6p&iR=$oXza~Q^iK$D5KM1{3c@Zz3ONKeN|JEnN=k~~p$xvfILGZ@}r(B&3vz(_$
zZ8ChOC~H$-UqrKwDKIrEae4~;6qQz#0vn>eg(>iL^c+&00&`;HE0W=-SkLBUn3ga`
zs7!{1O%m6qz~&|~Q&QloCgQ{txZcEdAsJ3K6@N^I@}?qkS2q<=@_f_S)5)MVZCjQM
zA11%;YvVES6u?uiUwK$Sj&pT9)bVk?Z))8u;-ZXQT)zu4e93wD%kUSsksOraqTu}!
zXT4%Se4cB&AZYEVgpgvgnY8)F1-}vLs0$YI;sqBh=BX?8jY7g#F8D_1c)|rc#q@nH
zxGqMNy2wX1Wvh#PX^VZ=1?9Ggw_I?;7F*|pnfANuols`aD{#S5DfXfhK9TPJ)d|<7
zyuX|<PNuPn<-}z!I3<ghon)-D*_#R+a>|nwsC2q6y5ORdy5uyh`&gec4@b;-(wpRj
zf<w++On0dw9#`NCCCw+(Cqv$=K)?0e4+@kDNna>XA;_f)ToS(IzEt3xy%PrPlWxK1
z&5m2}dA;0hq8pCN&95u4MG+DIL=kCZ<x!1u;Sxeei#eE*IVAe+cx<`K2l1FK&Y$98
zEicu@!$*AVukldN$DNOdt-^osxm1i?6;J+<pPU^B7o48=;$fr9TO0>_T}e~pph9te
z7Y94t(fi`yx;uJL9IT7H^Q$<R>uFLF2R}ytXF(jSj7>Zn54&SsHSsVpPDEsC9PL#O
z#fwMd;ds3GLp=FD{#7G~@Y^4O0*+n~<E(e%w<{$P^xLu9JZ6tx5CID$&!PxeE5%_y
z`<K-EXE$7SL|t~n0{Qhz*z-Df6Z}!648R{}+#){Lx<!2c$-P6XYYU4B8Bge(AS-gU
z6DE_$<xcpBcs_Q*K0@nb4cGi5CoJXTmN?-TK6RNB>IL~T+TKQPaKd7ngrQZo{)lX{
z-wtrzehUHzq$d$L=oo+^`(&}iNv_EXB85(DrPG`uioE3%5t!=~QKW?4V_~inB?Ni`
z^o%*_g2&@lyWo|?<yfVNJj(^YlbD?@n8MK;iRbWLes#eSUMY6LIo`Fwg`;{8L@o)9
zsEmli+BvZuK7M9vje$GusaTUYNy>Z|d@FTE!Htea_+0O3htKcJ?eO`qyb6i0J4Hms
z;Lz@Zi7pZ2PIZYGTI^b@k1GqGC67Pl!6xx3@nAE+G3J63{^G^W*bIbSDD;IWop8e2
zwv@F__`sgB-U$`<l#Q5^j+CWN_}cL}%_dp?z)5B~UHdU7S+4x%lqa~z4SEj4oF60U
z1T@|Kr3;?B`?L#ok#Xc_{07ds1v7+me&B*P`TMrHV7$;9gJ+2YF!X2f7JS}qi&~1$
zwp%cCj(r%wU-qSBs|zN$M3kB05>aM`OT^GwE)nthE*Hu#b^SwcoAj{g3=&l)pgL7Z
zeiGnwK|C+OJ|WMSHV^DVrDqqPP%pyw{2I=O*ArN81N^5f>IesI^7Y#=8Qzn(L5W@d
z=r$;ml!}h9z!80_Bh)#H`QJK1ffDgcN0^~RR3fBAZRrSO-Afz*%i`oIx54?imS13K
z{1JTHnMTp5)z&wPINSloCGEpB?r)s>Ne8&pxDYGYAI)MGbbuAj<K}gM(&qJ;qD?Jh
zPIrXqt>R{(E}SNw><F{cXseplT2j;D-PVb7P$O;~SJDAaw|)cQL>s9#9V*(4L6I}<
zlym8Du^sI$$J`oIoempsjjK$D>RVHOOos{SSTLK@ofYX&ntqBm`YWK9*PJBz)i}-O
zdR5A>n{WD!3_tO%uVwgyN3{yx5mU}#4=%cDWq8k)U*d!Ud%qhpOqZG-lVP*uIx53X
zsZP(&g(nC(Na(spM#OuKpr5j!5&S3avqrF%$iFAT7GB2Zc|!bqNw8gLv@i*FiA{e_
zgsWn!`AJZ3lRij-)%M#KC&6WVDn4(KI{nm${3wkf_@hM5-QEbQW#wEVOmglZ`y0V=
zSF_qg_)(G0G=g6h)JK=OZK!0gazBTyE`s0F2(Co5_^lDV9Z411A3V;jiSSWW%7H|9
zEBe`Ojo@1JM9hpaaVcLV!q4%|PA9_Z1bIm!oJ?pjHxbl?$$Ucvr+R0ma*l_gN-Ym>
zla#$wTZ{dIhwa=>P4~K$>7CLT0lMA`@b8#80=!T1KNN6C!-{&6YqnOvQLx!+0Xy*R
zK3)5c_%9{6F2tRZV6%A3K?!rY{b>o+>!|$_s`<B8NU+2HiJ>P(0_{?YNYr=^7LnI!
zo-0I%5^pthMEYA6J$}EF#a1RAGMIy6%>kNA_d|OrA3Aqnm;$!~+$v2XaK|%-{z(_E
zJ4pkf%L975qPn<LOrX2;3iKZ2lZzd#s02G|<pzOm#DmZK$<tbTQb-(Z!<^m5^ZNx-
z$t&Lr<SjutDm3UsG|h?bY`<@4EcWvIh86f@1(B->Y$RD!<}T76XhwZPVwMZ!Fe$+2
z!<_u3Ku&T+SV3zA5qpM<f_P0JzX^VQ*TQzB8SKU1dr4HGK)%BmRP7MA3h;>_?h{C<
z5YX2(8yI<shZ98kg@@Ig`*$8b<{SOSLmA%)@k@LYjrSJP1YQ7m!TALtqaFk}NFskA
zP(j3>38^6goUytZn0Jwb3eI(bg9}`o9_H-woiJO3*<y@d7xgl9FXCY#D)l@Z;TkRG
z;b-na7Vd@T0iO3@-%v{$jpJYp7vuX*dMaljac&jJGO`8B;gler5ujQSe-X&}!0(KE
zhl{G<VLkUgorm%+e6Ha2G$`;8z(XSD`QVX8zP#*NE?|>zuM%KC?_7yJGT&&8fHSQ|
z%LG^^By0IX%W57n&Lc`4Pqq>HJ043+`idtf$Y+@Ma|Cgr0E-0iLxH>>P*#oc<6Z-J
zt;JD-I)J>Nke#GegDyhrN}7C!U)^y<C7bF_98m4<YvP?DKs||=Aiy|o4##BY5i*1H
zRCc;y6&Ho7jLOL$xyeHQ-YPdt5bpfd4POaf480+U%iS<jl&_$qn1mY3J~5%jjl)^g
zaW{NoljgeNoGo>N8<yDRaj4_jQ^&YrtMrfgZurt6s|wUQ66+KwkXbG`Bj!fH93^Ro
z8#X8jE8Xy&615QZALV014Q*(nFG9Ba1$aPfqs?2%?>nLEX|l%&zjBRtJ7EUD1eMc`
z_6<Ca;5G8ATHJW3wPO>o*YRIO!kezO!rn+IjZE^@i4FLY4aB{iC#7U6X2pJ9Jj}yU
zUaY_p;REV~lqzPxEv>cZTf}T=uRV8wJ^+2B%K|(R|BC>x$*A3bLK;sHv7Jmuf?Cd5
zEx>d>>3{$$`C?-XcC`{;fgI^6=y#VsuRy-mkym+`O+1*4W#pV8o2NHZ&q^1J6U8Mi
zD6+ZNyWp%u)vg<ogu2rN2bDP>i&I>%-Pvd@>LAWWsG9xibfM1wm(w+c>J;4>Un9V=
z;yK4B0?t(&ALD;H=SKpZ;Vv0#A>ZS>zvrSpm#}RqYb5xSTZG6wF=m+rt3_pr1lz<n
zjWIO^=sBbc67xO}e-g)sJl3rz0jjyEVjeDYy?k<wVFj|R;9|Gh@trNV*kK1Bw+Wy5
zKMXF<uxGFp&EzC(MGLuYMjm)DKXLdc&Tl!WB9lo2z6YQ85V@3t!(@U_2gLe+i<oYz
z|8Baekfz`ebbE<!E|-MO8q>`yZ%a^O^UjyxxZSx>f;0Bvl%qe%g>fi5j@Y+3U<y&T
zJ21n>k_rcG666gIq6*m<a9zB=(gBBUvFjXAYkTe+2b{EfQKnjwG4!G|lbG5m<)juq
zmx(e_#vHn}P=?QV`7a0gp6`OsD+TeG1HKlze~Xl2+-?WdiSc_Ju*>Gf(9^bW2?lJI
z&Y3x%Bm;peziUae%@TY=u(O3Ve99*he9hBc&Kp9rk0n%UaG*XWHv33|B{uneiR`z@
z3nlWaO`a){>$bZAwxAX)!FWmjP$JW%Ouzo;cG9{<0r|iNE6H<XZ15xZBbi}?D}sDg
zBnw3O7m+LxyI^pI_@G}rI_^=Amj}2v$#()w6x`nkWR~!VNylI^2T|rAH;e2Qpipq{
z5Xc;%hgs$s@+cgj6`Uv~F1SX-c`od&A{V%zkRP!br_O>0Rq##1KR3Eivl>fKYd&k2
z-*u63(sY6$yB+ch7dhmJ#b%>Ayclnx?3sfc@=?zGo&rK%Wur*cUKf6=yu(GlAR<10
zz^x{WUGR|*sXAe-=pE;R4PxXCCu(z^Yfe~XQ*f41XY-D6p*AN~JIOb8>6DY4wu>ma
zToMsq?~uxz<WGlmz)Aj+U5KxAx)9&uTt>`kz`TY9n5qR_A(?5%LX@Z4$&b8<&r5|3
zWH~k%TRQ%jXz%8i*Yh}nL;hw&Hj}1hF;GV0PsLzfc~8c`3=Wm&$-H+(ENtcN2)rjK
zU&X)$;rSCWa8dLekAdYjc~=a%W)llzVUm6LlvtQ5MO}@76O!~x3|Z@tx5bbn4tYZi
znJJ4%JWuwnK?Ye_6$4*5#dR@o%o&4tsVf4XFS~A85CdBk`g~Z4n->GcZu-2|{ruz@
zcqbwQpRYu8ofHFyBAxiGM#@WK$aGHx#`?-5Q<*5aB!;YsN<_{-qT~ZHWOZ~5O74k{
z{ml!fqCMxma49-=Yz$2Bdaih3vA0>Z7j}7LPkP~m_xpggjPzGh$2f3`nyO+`;H5vX
z2jkPON-#^fNai@8*p_-tg8jC3Hzc@X`;@Im77?7xK_Rjfl4f5jSRJk+{=U#=uL6gJ
z96-gS*%u0YB;w;=;^?CaEVH}!D`b;>CB``|xj#_IWQY45L>%t93fbkrMt0rN_;Uqz
z%kGa9azw@^S?G-3slXnmd#yssoc#f3crA7)@SDp$Lm^|7e;8vSooC<}PPMd?++)iV
z;RgTW^h9`D9QJ7<P9~+XiKN;VS(FH0*~K3d;A?y2g#<V%Nr-H8C{q$~GA;d@K+0tK
z&jfN>Mh$JhQ$mpyt`2nxFk6u-6UcH!#OED~yeR=LDe{s8vdb;6N+1W^|Hc6*LL7sP
z5#GfKa5z$)lRyjYYCQSIV@Kpq&+vr_bXonq1lSOL`^O1zKKf34-r<#}Cy<}L^27vE
z9P{)=MB>`bOoR(@e{v1q_6!*es85Z|JmP@!L|Kdd9;Y03z$sov<PxvE??BDNj>vg2
za=inV+2o}TveRZq$+`B()eb1L%kv%NlHHDyUr3SfI$*3re$zpU9FLm%%AVvtoWbCv
ziR+AA^fX>R<REi-)by|O(g_C{FVLmvQrjcgqc5<Jp-Q9F>NwULN#29~y)??)PN@!Y
zn4|i(_ZaGu936bl^U3&(!^1&=d?vK@Yo7<G(w47GYXl`kIgtowxl&S{2xDyWx<s<j
z)(xNEw#$bS$;Wo_heTALMwKT*iQ{JuXO$ni<UNVxfJ^=?k(_sl#}l!FDBBX@Tg8LV
z3nK0Kd_7XZx!w`a<J%MAc$B;>kz9?E7bTK$(FrKCCt9A62o=#y=i@9dy33kG_{8fi
zNQA<eCX*6jT};%q1h^IxaWw(f#{LUK55(nRtheJm_`E0Hj)^-M{}<;sH;e`99N_|y
zw{ke3Ip<T2yRY`G9Z-p&>ck}?P84Ac_YT47{|P<{f6Nr*zXVbtB;fN^A=RYobq1{d
z{iVeUjM$A;5ej(kA_e=aKJO_wfu2m3DX>wTLzZAuln!z$75GEm!)foswmO!;9G<Q`
zDHEMIoxi2f2|ox4S7ewVcDydbr=oOOhA%|tcQOux9z@32?m?L^Y_T}0KW~$8`u~f~
zc~HiJkNsAL?e>m;%202YaI$~h?)*lE63K(e2FZ)Dj!E)<43++e&r4+aFPW^7Uo_RT
zd&%uE7t=PEn@mpGU@tG1*>Ku-7d|f*l+8ByNqFHS8(a{h5SeR}R@=xsw)-2}!wcjo
zmKoxH2Rx#DiOK*`zQ&QC^He*ao|AVv$PC_&NGX3eA|DF!#|}~^*imw#c+Wuxc1ZuM
zb-+ryyxu{|?X8feQ1T$YLy}iG$d}S~5;RWlr;9aY;Ax!Daq@AVoaSbez;RleYxdaA
z!zNDN#N)hWrk~8~<R$nCfBr;<tc-wS{*|S4t7#V55dq_E^4k&QBU|Lm2-u0kVg&55
zM^1=<gOY^EMn}Y(5!gk^lOssAEX|G}7i8=%mpLUA8RN>C6al}x<lo$6qaxySjUr!j
zlS|4~^8bGy5^i37h(A9hJy!9sgp-%>WKB?BjR5M^=tuI{_X@npzkZx9p?9sLLyCMz
zA(dj(ZUqk7#4QROu|;iF=#CX48>NU{3f4V&n?lw&B*g!4#BNexyDTqJ$SkL{M<FH7
z_5fcwMTGxy%BvJo=z6oE@iHBs>ek!1rqgXOk?&G$gG0Q6&t-!AhX|(y=Lr$c3)_8p
z+W}{r^XL?SYxaYHlN$Fifz)#&P|4?;9Ti}$;NCBgPlemf-**>Dhl}|0A}J={+TmSZ
z{@PAH<fkFcR#Dk+hs$E@K|AcT$)DTF5!(W@PTPT`!CCxumWWdXeCu6B0-WNa@OdsT
zj}=HYpMcLd_*B0*E!iBo*?a-MAnrE>a+K`G(7Ajwob>+0yC(_cDu26Qy?>TGu8*kG
z$e{=*668G*sC&|Gz1FsnY>R*;lDr{;tdUSDobM13SmeOz<t+J`-4XDPQ{EmyRye7z
z=&?%bnh02?;1u;+rTMxD_)|F_*v4YvG!mcYZka|G3gig_ImY+#*Hhfk51^m2o`b>l
zzIlqX#cq3v1n2EfFrJ4=K2+dzw?c5vQOHk14IP8*?otJ{%~BCykrKH^f%S^GRUuoH
zD1d!R<Ozj*ui*5ZR45X_IVG(aXYy`wv75|u$D8u7P#`Lwp&ZPF$(%GZ3&%F;WEM=b
zM^$D(ffTdzUTmVVpJzaYGxmoJxa^GFmjM@D2`IT#k@sZ6XG-E{nec&ITA2lB-O}<b
zm>m(nA`>n}Bz~L$vm&KU8L&Ar>Vph8<mq0N0dGb{eS06gAC<W8KB$k5S&|7$V-mOA
z2j9d*jqM7*#l$SQ4>ra+3%bH*vC*~n!Z)!4P(zB7kKaqy#tj9S8K3x0CTxwDre(r+
z@lget@M}W%nr^T;F=~A`*qfO6UN_j7lvvyiPA5gZbstP<98;eGUo>_W-v@^qM_=v=
zRgIDHqbBm{d&$lwI7d9+B=Qobv1#HjUEyR?>1<cH)->{mt}rz@W_?#!oSgVJJ~vCe
z&=uA-lPbHyH_akXbcHj`V%Bzr%gquOc7?A}V~V=M#1`_Qdr5H%T8iUa<;~B6?_1fn
zbO*JSb6<Cuk`{TeJ1j`^9O({MZi%k$4x3xcTQbRx);Ns8&NeYqy26b%@}7Iiq_$fT
z+0pKSxmoabds|H=Y;PZZHWR*XAAcbe&bE*KB@;^1<HsR$y1XWnOzuGYrn1}eW@o{N
z9c}wFVSUFbwAbz=p3NXD?r6OIUYOCvwLS~p>yofG3qI-MU6=(+?v4K}1GeA$x!p7#
zyYG<RBk-EEn85!!>sTIqi{amr#2L*&<(f@s4(0qVaba_K*MTZxi5!KGYvh*z+eXBE
ze01Veuh8`hK7OdA7Bq)b$_?An=J1`jE|S)_!-O_bI%EBT$Wy&o>%<SEVLm7R98DH+
zCA5nY<jG#TjyXRXE(_x7XmU-UU%1C6pNNKEZDMT{jJ1o?qRAvX-4(<3I>QTPlK4?H
zoRh>G(d1_d`>7us^6_YxEQ{4qFkcoYAica4#Xon-({LW)6gNkM>J)#ECgWX{=3Pae
z;Dv*VI6E4CP{f7Nq*B?4`0NOIk{5PHh;yUin+Wm!XmUK_kl^2j<vUZ?Vf#I=wcnt%
zIoh{r>wwNep1e=45xVQGY~#shUfjjQ7rc0cCtsOXpeSccc`66#b;Rf=dIR)U)^afD
zM<3Q0=<;s?k*@MEhjU(|tF(P@@NkU{PI_9zd}#qk8h#719BW!9IYI7;A5S&ZN9H$z
zKZ&?B5iWBvQxjn}A61)x>P9T$CwcKq0vs1&$`jysA?k+&oCQ<-lqi0X2q$bY(-Pqi
zThzG(*k)(AJ?i~LxM+{~Jpta48X>YviW=JpODXnBBJ6bZMr5HZUrvOja%_DfOn1tc
z5@DV*>St7sUGlj^nCgnE#TksNghSEo5y~ft@MlEgibVK6vM;K~t35I*s2_QvjwRB0
z<AFq25fz2gqNU!J7`op(-L8M{!=xWG+(~>>hK!UV8D8$bOok)GdBXv_IL{Raj>DcZ
zRHB5q9jGS=DaYvwjC{aB-nGfQ9pn?6XPW~m?9EVT94lS-TRSKr1P6G!HQ+fF2jj>;
zkH*6!&bz`3^Y|EiUd_jT?u99WjL(+^&#^dID=LTL;F{>!8wcBLjqBrJj=jb7IJhWz
z&c~ukBp-~0nX-3dEUcA1lVhPymQTmvw9UIa2F^M?n`2;%;vF9YZ!0Osys+FYf8r(I
zy5)DhWO{_W(M#q<{NQNNj|w^R7Xh45{=>7k6>KIkOIyJQoM%xh_>mLmw}MH0=WDIt
zSKc$X73>x|mbZc>V)FTxu)}um?v_ww_kPzL_S?l>&EcvPv#vRubfnB`4pp+N47&o^
zyS^EG<`my)1{Yj0)0$z^N%<uOmboJ~w1mxW&-*Rm(}<>Hu>**hiMe*k<Ed{3-$i*2
zwSdLZ5$jvf3H`hHUvJdu=5WzF2pf1zT5T#EjrCk;2J_<@?M;QEcu!?B*dMP<O@+Gn
zd;V$;ClXRVYX)Z$<1gW>8p&Ilkz<YIvnk}gBzb#F@=cO_xj89pEN^N_-fCRt^lMMa
z61JVR#hm^-iS6S`IKl2FZ6a{L^Z|hvWYkGsdtPsE82}lyT@O9uYj3eYdy2P-gqq4~
z;yg)UE9qz5<^z6P@h$Wasg3+H87M!0lXylOujFAi=d9*o71y<v$0D53psW4A?qBG8
zqn&B~`)hvvgjN6JNS7B9xcgN-4xJy<E&Kn6xc82(;@Hx~zv^`QRCk~5I;WJ5q$3>#
zL<Soiv5f)SV8Geem|$P9@AdVax#8V6Yv$cIGj|4&a}-eo5k-yyBt#ZTA_$SA0D(v%
z=ghBK5+Hfzy|vzY^IPu^Sfx7M)zwwC_x`?JyLK-i^ps3ik}Uv3K)k<VtRKm0PX)ad
zb%a6&{BqyLL`$Hh^*40<pxXDpi@4iIYA;EM=*Ry-$IY(PaciZPLdQLpGG5rN5ZVB3
z)a?ZAL}4&d#avD&?%&y@`HO4X1MStl1fP8<;2cqx646oj@1@n({D(34|4DDVKF9xY
zh%_!RFi4{L2H7YX6AavttmOt-BwO<hWGnth26id-69cCe{h5JVN?@#sGpc>mAbFbq
zmO-9q&J9B#HLJ|PLvK>PDU5OCEK{(8q&yR)^sU7vwi<M=LAIOL36mT!YxL8#3u$^T
zAvMOZHPBk!O3+pm1`0z!kVV|TXT2E1U(9y|p&uB+p#RC(PRPr7b>sS?t=G}o>O?+s
zeu44-563ezhOh+sM|`FKmi#we4BTIxm-;PL2(jyf=}WAE5@r)CT_Q(_porugdA~**
zjCkKLmJ`zYf4;o;HPSHEo+#lHTi~_-#&=7CvshatvX|JG2}zgiQ4-0P>~#`ZDJ9lu
zOT6>f)_p>HOs$ReML(++v*=J~{cohl8!w;b?gLgY;u#A1O7<EB^Q2bm6hXwSY{d-&
zo26i*qL(P7@E7}lVxInJO?_#<{|jVnpZIwnQ3aDeOse*x^2q1TlSC{hdPSlDdDekM
z43Xp4C*rzHm!u$FN!*%(995kZ#zK#OVhXaTlM%*sOYIxR9m_>?du=)>3FmBQcoObA
z>O?m(kM>JKVIX=y63%dSd>Bt7{i_o(J%;v5!pfM4K1nDFs$;_fmm5>UcoeVpOv0Lk
zq{AsFO^Do`f~N`Q@h}D@n%lz|n`q{QF+I`D3S&{C**}cciAB|Mb)Cr<5G?OCXAc!f
z(#fYNl49<8F-lIlrlUxXx#PtEg<bceNbw!=;-(UJRL5AAt@GlrYLE3ILkr#0-DsG-
zI+^WRFW11t??aHVUps39$RRPy1H!;Na|3uFsZ-q`<~V^C&&YAT1ISh49{BN4iM#C=
zO&^uF1#n%zXjaXClkRlCj*Y|^;}s06`8Y2I%B(^c=*qsLW3UpsspFXvbw(#+)x9;q
zrFgy&!yZ5nx*-mQgwKz|6~d;)VTDA8#|fOl9}0LRv+J?wuh4U`IIOVavB*$qQ7rDM
ze1*VS8k--BV;U7eYMqA*tXJk?4}+MkyEtp0m+uQ=p_dg3yym6LVo*Z)WP$Q18!ynG
zL7zoqhRH8QW1Gp!qcPl~JEL*a;;W)D%okc4g$2IlzN&c$lNk3zTK9mkqJOhS5t2=;
zHH74l8Zzr%<8G)s!wCLj^&=#cSW5_*Q}db(LI#k}Vs>yhsG>Z8Nm7!)RBIGl0P$xE
zI}^Za)hY_$hRT)(uuQZ21#ndho%G{?Ct{l)J9WOFp|6*1@?*W%p5e!RZz#j>?f~@{
z*HHTc6Noc(gyDffpZduhlMeBd0*e<jLFIn}*7|(=ICl6(X|-h0^>w+Mzjj3c1Bm<7
zToT;wN4k_OYF10Zt$wjE*hW8g$#=<s0G_G|bNtw+-H^oZ>GZuT0qmyw>43Y5GD<8W
z%GU=3V{$SAC^Hgfh+oa9GXYXzcM;cban`<Ehna^ZvRkSgUAFv7Od)pWm%@6mj4x3j
z@u6R0n#}rriPJKD_Bl!vUiLYzC@lYT%v0&I&rqgD4gC!HT6q4aIIb-fI%BAp-TNF{
zy>`*(SVq~_&rm`6l+UouU^hNRACr#z6no5Y=_j~hx{S8m#}0mi)pnz?pJS@SPIts%
zhZS_ha>gci#AU{xb-*4!D{7CS0lKn1js)1`_L$6L2e!vU9$xt|7Dln%pWs}Sz48<6
zjb;@cF*t_r>WK3(EW0CS2I;_#xE>5|?SPT7`$Z4S<JsY_FeOBveual2cIqoEN^r)0
zjbVxG(pT7($g;l1oG`on6-vYLSH8xUq;U4v*pWP0p70I1_A1-+6_zwJbHBpK=IrU0
zC~D3xeTmtxh4a6}w%3l<)an07{?I+JCP*$y5jW#7NT&VckuS6Rv8bq&uXRfD{#dM1
zqpru2ER8)0qDbSLgP87NqhnF*;ey#r*ON<v$n;Jl6XHlNcSZCf_s@;P>WJiZaabN1
zbt#S%MV{1ZJhzHJv;bNJ7BP&HI&NpUARA>2a}?tgL!n}AWjLxh3m8VKbOb}5%F-G7
zX|&wIHI46ZFxbNuJ2>c}y&SC2`2`y#dh%8qGrfUzHtA(pb4A%uvu(^ZBB$D9o%yb4
z^O0$dv&jI94!6lDi}trkp+%qh$UbYSQqyiV6%r^IIeGuFfhm%Gz(9#aFHy{uW3CA;
zD<@7iuwBU@w+(V!U0?Iv-2L0eKx1c+jwd8}gN~V!F+j&IiJtc0p`=gMF;w<U)A3N&
z*Lu)Pi3g@CR8$OC-HLIlADF8e;<_9)aKuBdYP7^d?rSG%`BdK}&D_&P4V^g}o|0B;
zH6ahyYz@~W`b0&JZ0yx=Tn^k($rP1dQOO*&u-5&T6>?f>%GdoQAmQty{!TF9@Pwa`
zDg6zua=p+UH{{n>^}rz|T+ki&6#;#&s_Nyx!)c9Y{Dj3Gdh@rKq4N{J#d@9R{}zM1
zbntI+*URtz2BT>B=x=a|QgMB{!B_u)%?2I+1F}ut`v(-5;Tt`0*8IIdyjI}C?{Uov
zo%%gS`S{`Aqtq9%^7oiw^Nio)u1(MWjPnjJ{u#Ylc=^xR<aZYRj4OV2;5S$rc<cJ_
zF`e_}zri_9pZ<uV2!8fQoQnt-{D{qwZ0^rUkK+A*#*rxY_;<J+^ZLO*pe)F*{tokF
zBM$!#_hb3?-(h21WbTjX6(3yrBTmKh^*`WLh_C$}<|H&*`1cr-$d`$G6PphGdmIdh
zFZ_gU$+74DfRU*;&2@jm*=Fx-{RvskgBN>Xb#s6J9@yDD;#qf`ZtlO=9gmyqH@jo;
zYxH_|Jbf*c`A5usqiOD+F!k+@tN(=c?+zma{)AC2{RMx*!j{v?_CKNceHSkkw`wG=
zdfZAd*fXsgi%UngaYGzSKG;XD{sA*Ta@{$FZLQ-y$icQ-L^<<gYt`Q&tGzY82Nt#u
z0Xy1L(Z~HA;^+Q|CmpPeAF;3_8}cJ=bd0_C1CD*duKa-fPwOxJ5feTOp6!9_pVeFT
zN9_9CH{_4#`DOC%A29Z-$gMw+MPFN|ej@o_TZexl+rPH<{6xlg;%okd+ux^-60gzS
z%=#ndcQ<$ZgjL;5G1&#(*9nuD{%7mVpUJR4e^<+AAd!($rOzO6GK67L%H5DyXieuO
z2+3y;gx*o;iFou^`PO*MP}#hAoL1@MIIPilSsV^)q3v<V_9ThxcX_N6Aw2QW%^|V&
z^i>Hstq0bGNKYCoew|9K)gcs9nk(8j^c4v>Yoz8SV3}$43*okzIy(WIEcJE>+bq{v
zblj&dO~4JGXL$m8+H_6=wmIss1nhKNl)lYRMg0-KTYo*^*53)ZEcReTglM56BCsSx
za--<{5H3WiixV&?Ixr(dGGls(o;;4RGDBow&>9^gV}sV<5ZM!?Pvgm&ICDe-w#Q}F
zj6coXOh_(iN~gu+57w%9+?3Q!@wn%P6m68pl1K4E5`QJouiBT0!CI=hOF$?;ab>nn
zC&c4AHBQB&w-H$wk7>r|<)X&tI}(q6_UGs0g@H2m$K#AYa&tV=1D}`1qi;l=;USbq
zS{vfAJjxm>hAdha<;5|<KJnNaV+n(BCnhLrh6f`@#*+=P>cDuiJI>r2kE3zso_L&#
zGk1%A#*LP0<L<ghcf)SwR}VVaFSAt+7AgKg4mK#=fJtho!WJkd-#}GNt(%l&1Tpe-
z6cCoKqqk%n@d!x4iaY{RSa}{4$f3R-Vc_p6FLd*6ano*M4KQ$wuq6gINWoDqk33Jd
z7?_|Yjx#V$iy9<IrRHuE)Zk%h5Q^-d=o3kB68=nbk-zBe=F0M661XFg3NoM6!l6l@
z=??`(lhntufY&aKE0fKqGOo&|sDCIYKF4>Fe@}}g{A<K62_s2hi$rFU4Yj$_-^f4W
zx4>`deK$y#opEr8(A5ssOMI4tGZLHP2n$1pI~b|(hhm%*cFV>ih4!-r1Lik;7^1OD
zJ^`%gCLi)We4!7AJZypwQ*`>sLO(A*XJNWGakhn#G%&>?GwCg@2B!Z#giL<NcAA(-
z=qeNCBs9zv!^d)LLCNSC8%Jf{)5cRFl0NKJ=nNlLsC<|Yr7G+1hCb4>Ztw>$wy?>=
z@+}O~>0}F6bUwfmkUDX{iMig<TJ`&;l6XNLApTKdnQoC#zJ}8hKdX^D(!H8o;|u%@
z{7lCh0$B2N1IGz_Km}E#GpQgmd^mMsNq>qF3O(b+ZG{(lF<xbByf~@S>0WHp_)ss-
zXrWRa>7E?rdAo^~XPB%ZGX9Bel|?`7$uiE0mzL2>a`&>_KE~n?ZeD={GDee#4Kn7C
zK(0*kNnS0VryHx}o~hVGXpw<|5<4jnfE0VqK(-vZVqlswh!mP+zB=1eYtG#<aD{ai
zi5;%tItk6xa7g02G*Tg5l56tv`dBOeSWE1MmF;gbuu-CgZpde7kEl@wkOd|gsm`d~
z{;$X<)y^YU<`am+FV@F+$?9dJR0{RCQ7H2bHrcK7J2u98BZMFhq4stg8>v-f<0cIq
zv2n!kU$IGrv91ONYDHepBJ8qHH0*}TPL@IgZH$!pGMi-SY>}wf{VPSiH<a%ai;bW4
zky&(%T3Z)HxJf}iw=!gmC!q=nE6J@Fa~}CFohISWe3K+(L7yQB98&PY-}t|dFSm&5
z^UZqUzj1voy4sX5wJwR&6KnbHJ_J7WUnS_Y@}*DeBj6+dHG*&dH+Am0tnp+IVFT;C
zp2v~(1*o!?*T(=kkXs*_a^QG<ERsW~>tnhSF}VSm<z)qFxZu@yq#>VLSJJSb25zR|
zJdK`F7tbhLRu^jxe_maTG}(r_C^q@Fy2!SYch|)n-)L!J19BtCme#?7*kE2AjEQ5r
z>!2hq;y@kDiBCRW2Qx#X$*cxsRl-xF*4%$WS_@SJ@sEx036|_^_X*C(#`|zgvQPL#
zC*!921g0KE7T9Ex_R}~4hCOtEj~wvOo<4HYbHMWppG)nt28?JWMBgCQ^l>#JDN`kN
zu}0QQ`YMf_lhkaDEK}5N8abrs#Tx0Y3PAj_jTmA_s-=XqQV$aH2X*&LhnX0AyV4gu
zpPVN`lP6TmOKiwLfuJK@PcWO<s|eXfoRfqcsu@u4UKgxdT+0di5o<mn>xp%okewvD
z_8R;Z+#@vU5*=^3LH`pi<SJKOfz)P_Nft)v>J$s7^z$Uk!cc>bwFEIu8E9dQnYzdl
z<lmlY;e;8QZsCb(ikgAeg%@jBSXNQqL&769u~OoOXjm%!VTp#x^6nRLzHe4;)jJ1F
z%#hTvCgw=9g_!NuoJ}T1>uQFH@%mZWJ?~{MG%>(5$GhjCzINYnh)jCRcm;SRFt-g>
zNb1Hm!Zdyhp%blXZE#0XkF>!<rJw6!)A)oou3>oG8k;@*d~1|@!UtMogqP-a5TwXj
z+W`l?fh`@di)yn!CEHBvVtYI=16SMQilt5Yl$6=5X9vu6{CzuM1Y_em;1J`}I$)Wf
zJ!pevfne_s$Z^gFe}K#gbMgl$k6>#)z=_DH-5-!X(d^&{*c44Ke1JJIF;_l7VGNu5
zAqEC%{)f00jM?xZM#QqmAL3*z?e`J3#KjE$NFWHd<|Aas)2$z2XeegKM_3eMk3Yh#
z5bf6%M-pNNx5dMRP+nV%2y2TzB@<HV#WrMnDlKV4o~6>$ZOEcJw6G1i*tne-m?2Hs
z(GED()GF(M$*;JyeAKJ)f?8)avqpDBK{IE3N9=1B*whgf%~)Ya<TbbVbi|<7!iPE{
z<Mq+f*iT8X)^t~EvZA$lqYXB;HbtYmT3<9?>cl?^CDaAz66h(G1o4UmHCm$gO|nU%
z*G*C?siNkN<Xkn;SB@?;aYT7j)D)>~rio!19c<#f#_t;F?P2E)T=5tu4e~$_7Z`#u
zx&H7;G@}+K{E)m;y}+90F)WwtbGCbC;l7QPG8^Iuo8XLgFhOx9I=G^Q=8ON;vC=U{
zdh4gWHE>To60Y(+jgv8hME8<WM(9I{43p?hiHxt@P<Z~1Zrq?NS57}&C~bDbBkUzx
zr(v1IwtH|{qM06?ka<4=&*ac~H@u6k)W|rMF4D*}^<nL}xnJQY;3qxPbXC+11B)fT
z-M|hhlxN_H#3qPgk-H0KDF<#DNLT&}JW$vw1KZT_97CX7Hw^87hnG;?@Pw984A<wp
zu<b1?<44$85B3qh!h>rhG}hy)ztLWlOZ2vmbuvGx3q->N34fq)LBhwVp^F|YS1aV_
zZ3q(jdn!=FCc+DKoFi<4jztm`uRTNN$3564vqK&?l5d>{eN;ZzgDf@lM8i6DePtWf
zv9oT-(MXB*3kU}7DwhF@|Ck>W75^zeuBra?0J1dSMn6V+%vk|4%In|fM}ar6*pG$O
zJ2@c4@fpbsV5d);?8i}Gv?x!t=@>uRZPO=WJ{>yLPgXg!ub*sm1csZ!k`@L~#OfUh
z;1<iN5nn2FcFX{>qSn5|c2_z6rRC&!EFpYgJZ8!XqFf;JwLugqx+q^)BjyA#O5-Dg
z80K+A%@hxx5yTQbRg@3t^kE!s>cRVQ7$Puc92QWwzJ$`Vakxr@f}ssC_^CK#npD&;
zH|^3m*Kb-JhvOEX5r>{W{vZ}5KDs*=D{Y<=i=#GM9E)iV9UY5w#vcSRnYkzRru*rp
zAjybu+b@bt&5Xyj$UQYNY>CkK;(hx`^g#-)3N)D_)FC^Xf<rRho+2<aU!H<eh0RUD
zY?Y2n!9b1oO2I;n-A~3Pjh;)!NwK7o(OYNRlCfK-E0P6h<(bLY<z*w2F@n-(Nv>D0
zJPE@Mb}R{d3|g4vp0mzL!XcB*OTr|Jj!!}#AMc$cOgMWGMum@_O2lrP??}W=n{7?R
zT8A!7L>A-Y6S0}G(TV8qrw<cw$<NCZ&@WJDcL)mt*I4y?#a2;+eQsboUnil2gr-Vj
zRl5f>#2l_s$Wo;;ZAPF^cfno)Cx4Ag#M$<1VR!=5e=T@}G2qw8lY=GSW1k$_`8|3o
zZ(sZ#2Nh%O_t>Sf72jimM#p}SXBtoc9y2`b-gkK5q2=G<q|Wzzhu&Vc^*e0v(wy%w
zoARmOp@_0E-?=dgy}!e4gJ122@g_Ul4d+a{w;Og^d~G*ex7hM-Sm~qFx?z&dhjhaR
zoAv6345$8xU*nd;?svr!M$dJ{SU)f6iq(F$tt%e+>58s69pG7A-JtfdU9pGLK3%ag
zf?w-`qY<pU3#LTUeO=Heim&T}IZ-U93$8}d>0Pitnh))Q`_Zg-7p#w=H#%chkRR`i
z!XVq*8AD>}hR(Pd%jb8-*f=(=Gfu?O;hj+s&mVq^^YQHZx5CWO(r=NGzze@cZUS5X
zEgmP(h2Nqqk&pit{laY6w<rwL$DOb^iJ$L;eM#&@C!9~_`JFI0g)Qxby(x5RC*-E`
zL7i|smG$g|d3EU3Z!jW_ANdA3X{`7g+)txxzd>nTKIa?ss>h~$gMxZ=$Tyf<pWpix
zcGYKBeua?@=%O!iuK}O%B{CbjUhVRRwD*^o&?vm;Q*3O+c6^GhjoGy?FtiEX_XTb>
z;p@J@@TPUjKSjx#wBS>+=52cVds6W>J@F}--hv+ao|Lqp2R<doT5L?IX-k9-SVw|v
zLOpbF`qXo?_dKjC^qqBGU{i^mtLqxB;{uz?Y;RqRQ>ehH2NkxmE=H-=g1We<vgvgN
zW^%?0M60o3b+N-kAEyca#{|;dt~(dfFwx6O(@^2n_ov~BH+p6ocGBR)G)y;GQ5qJS
zzD;T5q}6;{J?!%PSEu1lz*^7<<GDVfk(hq-X+unk3NA{+)@bW-LtKp3%Nt@^jJdBN
z7RF@p8un}iA^k}eE;<v9-v`!3yXkgjM+=k}NRLK_Odmv%0-2tTA`fMHBZ|yb=<z7B
zMKLZ%VS>sYMWeqK>>Y!_9y%rlvpm+s7%cNdZ;3&XhaHL$cE&y(gS~q2LJXF8*)?$`
zZ80l|M>P3v3<jDbq+79Mg0IYasds-xI=I<>|LW}WVjgkkd(l&3W4$Pp8Wm8?msuaL
zuyc)`da*}gk9B0K4a)_URYN5@ZfUeoCsRFiqfX{}3Tj~hK}8qIm6-?vo8Ln^2~2$t
z6~yWP9<roB*}E7bbl<zK?#q7{8x%hKU7S_e&39bgx8)tAYkdAYV%pg3cTl0xLGNIz
zhhJ}jGEaC@3+&YG$M4~`&c?qctP#E29E&JF-CW3hxVSkUQ#P-K>$x4=0y!qX`!)`n
zY|Go2D0JW3=qq&J+nDQPPv62-A1!+eM{K_9E!?rgQ{TclCqlG*g9YccM6Tai+!8qf
zeMd_&AtE@sB@RdU#<#@gNWGvXSr8N0*b-Y~wDguZ5|b>-GlKN?d!#r>kH1Iy#L~;}
zk=$5%_C2yA_NgQqJrH8snqyjme?@cLOJKd4V|k)|wHf+^!v)PSB`GYfDM(@&Z(&3-
zz4IpSCi7EoVpIw{_$H2|(DiR(eJY>#CXS`D8E;}z9Xjp}^h)Es-oWfMcK>y3tjo8(
zj`F%}?dw=jkB)mCqw4b~uVGRB@RHYXumN4&g7j@j=e$PNG^EQ~kcx&h>owB9QNw*L
zvAod{f6bVPG<*+yZ&m16Kv=$xD}+vVw*q)?9T%mLz%Kpe2WsU!?<ZtCDI;uJ$lc<+
z6fdAw;^BCd$x#zRBv<)yWe77gdr|^6Xc0>ia6n6%l7Lm7fztW}VS8VB5W;?g=7-2-
zGeXp4S<wX{*S&r;go~E8J%r0XUDU63UKuKE52KGlWDJ`}MAdNq%HRZ?=d^bM84?+h
z8;@y``r3Fbisb9#aXeBLPp*iJ*cgwVQTo<+42X)^9*_K}R8c=Nnl6ba8=~o)cycE0
z!;J}ou;$nD2WIY+$OZ|&0)EAJH^5B7W;VcJiJhvCBN81_9~)&}QcobtaArL`mA@2V
zSK(V5V5-V`H9$X&t*ejy!f4mS8V_Gn4~IQrp|=+4Y;7|<(d{|SguzM}*bH-N;+0pC
zWzYk!VuQg}y^0BD)4W%aZm}n?2vbFezJeSdKi3q8eSBwA%(dz4rWoSzNlmcC;m;c5
zsY8!7#%adqHAY`Q8_^h(0{mnn<Ob?oYKXa<uXq(VIGyk+jz{o5ucBupzx4`ABI%>1
z$cf@5qU9*IsVOE!)1^)DESmRkf*CRFVPjm4q3au?B*@1!#+@J=+!#aR`0_?r632vw
zdlW|t8=^Fx=QPB__&TKxuqcrpY(P#V(wlY3`NUFxt?^tVlclc565`(=vY;JC%j{u$
zJk(m<`WSmW*0qmu*5lmx7>_)!>~D|hURBg*d;bQ^r1eDcirMsBTO77x$G1bVt)3SI
zkI~}xnCQ34KgLqOb?Rem_eX8}7$^O9=Er#Ej~M$gCI_sYALA+4C%40y$T#MHj1^Jz
zP&<+n<A{6D#6%aj!-!yDOFJwGYDMkvIH-#H%du*C2MmorNX~RXuY~A@9k4hdu(<<v
zBxuVz;C4c``@_woS28<bTQVKpfvitqx7(p-YO|5;aUnJNK|7qT6TIAxOip9V+v84J
zN^X0csvExZF%H!W&TmhyHPOX$_Pz4TrH?V=ReH7^S@l}oe(iAm4Su&R`n;L6tu6Mv
z86nE$ZzdJC#hQ1&5$`>rrBT!#8(PjK+3k?tCiOuF%xTl`Q3vdA^RxS%?uPd|;K~R5
zP6rJ5Fy>YV%>Izy=zxtM##D5`$q)Ip4tV%s%*75E|53v$;>wRw#r5ObnxcUjZOxPI
zu(+)$>hs&0Q`=!%+oM`7PV@-|x{0YIw#39fiOn@JT&5)k?#X<O;U4c4{O5o|rx?gp
z`9K55Ro2JASdCUtJka<-iZPzV$rLL*6V>N!E+iNsh|vh;)BSO{uILBj@Juld$6=V-
z;Aos6QmUw5skwVgD?Mya9Qx~YW*n~Re0Us2ds*K&9Q4v#u~<iWX)MYp+aHUC2Hg~k
zDJEYSi%lk*9gE%;T@*xx#U}(Y+{ZG4DE84uF<52ub1^t(GhsAmICQ%(my9ouK{gAY
zh{kp{&;yi2n|tGMB6?JH?8;@CoRO<Ta*mTT0wii5uKYE6dh~JMW4Ol|^*v^L-pKtm
z_UNjpKcKtESLYaUo4VqP(P(v7Z1bs;zQ++qfA|BQIlenRu#M3LJ#f_T6E#BvfeSxi
zMIf;G2kZ-I2Y<jkZujbe$r0>ecPxtd3P_JM3cI^XO<cY-Ca!-E+>3Ee^}x7b{RQ2T
zAL|q43$cNNT`?jqu(K-`#c2Y+9*cA92gC=C{TfT+19yIn-SOI~U*lZ-Od@_bm-x!K
z?kEV;Y2TA`b@azSps4OE%YHysJvyleIbF{uYKGMhWc`4Z^#enG!2bH$!ydR?e<l$>
zoNM&TlpnCZF`e0i^ln0TcPDFK(Zx#+Yxc_h?{KCWecF|bYkpi3RkvQRf3FKBwn&-P
z6&G3<gS+BZi=+o#aO%A@0jVdy?-d|>RV#k$I}B*8mk3zjnr{<OzKyZ=J4|S!&;AZq
z+we)>Vdn>L&HWxLKD2v%hsz(*)7^03qnJ(IaQCC+e%<h(?HGAucQWEvBZ+8l<hKn+
z{fM>Sb_K?FP963mws-#L5kF#E7xP#T?CW9<{T?T~m=C(5qKjGD75BPi(;B?Z4>#RG
z9_cNWs8}P<dmfMaTeznW(+OQ-VL#!S7VZ<4VIfbVeJxCr`E?UpWOmU+KZTAo-4tVw
z4S`D8Jp(&cT52Fi<AnweYizTS6Aztlh~>@48knJn_PF_LhE>Z+=5a#ylIk_Lmk3LH
zNp3tigh|TVqC8o<Le_*(sQa(Rk`-P<n74U`e@(n#fBseRxM;93@t9%yAH<=|WG4jI
zwXB74IAEm?j>9}(?A=)0^wD#%WSUJ&W63oqa7-9WrU{dI*56Q=&!T{l8^Rb)hlVhf
zhlYnRF(Ovfr$?rW$M=mk&c|a!bm(F{R>ZiQc^hIv<?$$uaZ`a@3N{pW`$(+1I)u{L
z(E=gf2>JUaklqO&)WF3{2$@YPQ@A+SBk*HjcLWNFZ)F57lR!oUhRP?T!boh=){|3_
zSfJZ0Be7pMaw2g~cLqcXE75pzBo26EhDD;#FiIl@osS(JfpL~TBoa$3dr%|}S-#bg
zLg4iskvMNh?21HBhvi0Mw&O33#1%j7A3-Js=siyM1?V$QdU1M<lU(kcjYKhzEQ>@r
zUsUUSR>wD3KO29hH+;gPxw~68iFL+@tr8pT!()lvv~WabS1b%y*nSJ=l#o~=Jw0r!
zg<OxBZlRYRI&30KzoEHfuz-*(^7&qpA*M!hL%){GZs=FB9J&+4G^NP>AzwQw4TwXQ
z*Sk3uIo=kce8=k*%5ETa%SF_?Ar=?tU&W<;P5+r7_L`xhAbR<JHz*E6Y<*uWR@kAk
zSWI>NJ>$qTf3Dl=1x}X-u{MHF3F1iQS<{J;XWSp2MCrM)WJYv7QQjF{A^+0nuIWyV
zeTyd5d7J1a59UdHp~oGHVJ=dnr!}!+`A$tpLTI6enabKKACwyh=x$;-OFZ~T|1j4h
zW<Ahwhxm`WVIjf88Yam7+@oo;6=S;xCltCzBLh{sK_jbGx?Lj|Rhp}jzFNH_9xT#|
zNDaB|3^!%VI*D)ap-f_VK4i)Cf`$GH-)CXI!ggD@sL&ObkVc+m;kwGi1kKZEFAGCG
z{ECUC9(KVL9Fea#aaK=!V4#n;;)U&M0oQ5xP;wIoPLbIJ>K<df;dO(#j(c%OVTZg}
zuF`d0WNLh_7pt_;6J6ln8CCnim3uXn{KzR`_-kOXn?J)E$MBE@?l{;ku|1ApggnQ=
z899EIgZ)ZeKL;~~RdsMwr59|`SH90iffm|qyQfCi*yO4(k2aa*r8zd)@1>J$GMLf@
zHd#$+hD{FAXwkwg%0}6)k$mLC6N8`gVXPTC<U@h^SMh7UwdfaTWxm8o@#jgxdK;K8
z(X$jwWL`|MQ)Wx3dsw13#TA8L^<tnJD)u5<?Eu_VS&<hDH7fYzY!4TFa+Al6*gWM~
zBv-flPtUi23QZIfI?u#ZiH|XnFNN+J0%X?%ddY02U3m`A765}^_hG%lE(+;VXoe4m
zRQ}L%&t}}QutKB9EsXH+O%`%IY^~*bh-M1Ktn)!)YV}ZwiDBL;+H+s=dzG<HzRN1Q
zIK?U!6JxcC-Nc!!Vx#o&T?I>JdQ~AOWLm0_VG2E`kktx3sF2OdT2gy_n&W{E@lWmJ
zW)b{%;E9(N_>fQOJRg=Ce2fpfj8H!xmYI9W79aZfx>nw2AVYK~L$eoZsLIje=6o^d
zs#r<b14XQZh*NIPqR>VKN2Rkb@~qT@n*nVOq0dwyFYJ_xp%PuL;(^4cs2C%Mo+(0i
zR6Ngp)`yUPt_(;G-1oVuS4Y^$maH8<<VZ1Ve3+%EqGpxCmigRdA-#P#q4JAj_*Ayq
z!eT+aEsXQHwrsg4yxYVy-JP!!I?XdN#Tz}t#7b`ypxhhbHcaVtpIBxz$45@l?X}}#
zo$6FA-a`aKNcZZP?#iSute1*EH#(wXD`B@3^p_frQ*lZP?N_i{raKjKxYF#t)HQ#p
zPF1XqwsA~YW}sA7$Jjzr+^z0eDjR9zN@W_P0~!}f`GLmreaQ3B(LTY!_)|;ZGWNg?
zIiRO3F=2eGg$Xn?(ZVXaLvoLbn&WH?vrN(cL@W2j*pIJ@?NwI?@RN&%uSx3R0B%cX
z#ZwO}EH@w|zUi6(#%p|O0A(7T8bFbU4+`L_hxHC%jZR1UvCzvOGn9DQJ%*{29%Gnb
z@U0AM4YrX9%}wVpL3j9QhJjYN$PxUHRk%L(n2Q0F`}pwymO19p0M<FC=tz<CGIyQ>
z_ZY)<qOO*N7X7YjKm4uA%>uSc$Rn}Fdr>NumyRKlwNJ-kDL79@wqlOaaa5s0b<$6z
zeRVQIU98mJ<99Q^W|P;83=EfS0abQM?4+ys5^stBl`-U^L6)oQYRBLHmUO9(qhQ&7
zVIRYb{n#rdZuaA_%&z;%S|xfN!zqQ$W5`tLL5965TfopqYkc32lUlg19|t{S$d&*(
z;ic0V$)I#1BU9*NZ>{IJu>@5o6rBPKMUv;3MK&sIfr;CSwb4YWO1GN0p*lNE4AguA
zl8w{iu8Oi73PKhOrD>9LI-O*a>-sIFh7I|oH52Q9842ET^^(5Y#7@atXbSBVoMPgZ
z6dqy<d&2q%E~F-06X;IU1(utkS%M2K(Smaf6lr0B=qj{q?WO!y<%o-#rD3t8UsAC_
zvQDUCK!dwgoR`9DR1A=p$uF<33LA<l(y(9BhifR8tX>*!O2JzyhREU5Di+qd-aV&1
zkwi__Fiq0SROCw50To-M;8qnUrErdlo;9v_Fil)Pjc8BY(>H%#wLkx1b#_-aUB_KQ
zd+S0i^2@>kOQBsJJd%C_PRp8DI_Kqg+>9$uu15%5#0(GSYBbYBmTN<#8sqpMpW)W^
z7j^xK_pl&=m234GvA?G|GJcL6Bjew8NLBYn!j<pdQqx`TQT~vyA2;1pIjG7lRiy{Q
z0-D_;?(vZ4_f(}@YWhGzPbqX%!ju>HL{*2iG|iO7tA!p*$dG1}s^8+OH^j7M3dTup
zqMn_ywnV{R`5&wI&8x<i4wrF?@cR-Tlh6?f6KkApV$a*?Ba1eAJ(r>H$gh?Xb}oQh
z#9kH<=!Ol95DZ$M!BHTy;oOZ8x)H!-C1zUyL)Ezc0rb;mNh2c2e7)EO8Z=NGf$2tI
zVFcD2+ITmm&(xYcg~3g}eUE5YBs_VMXUiRns+@dH4@yEnLaQV^B2{Bi8HZ7|PiyaU
zkR`DT4lYUbrsJk0z2^cCmc_78F|rwQ6@3vC>^yP3P)piqsnAa*=__b0Idt`e8?9SN
zXoi6i5}RuX)77llz<N2f#K0D102ynNU22I|+lEHM9ls3Hv{Z6qyVgr$zF*FldpLR!
z@n4W}Nc<)X%{D-)#*d%E-L<?ztS7cun{=BkgwhepzqcHnCv=L;?%HCB(zP~<6*|yH
znc|Fca8rpaw=q_&lVuB$9YeM=lI@vW`(51lCpXgS2(d0{$dnQ{YGS&0o<?TK$7{qt
zx!1XwHa8M|rix1>RG^|n@|UUPjMTqotXNbv-tk|Pg$fRBmBrerevg;&W|qJNH%Mr%
zCNwkOtC7pn)tYT|s@&pcL;XVTKV0EQnQTn+<CqXUKT0)qlph<ZzK7u=jorZn_(&A?
z<h)@CHG12KyesOh<f9C|nVI3oaF%+2A&0FZ|7U%Os&?Y>LzU|(*IiG8$#XfcidoUh
zC1J(?q5Ar&^XUAN<c5(6u^uK3{^c`uVemy`D^+Zk{0CHWu=dzJZ`XT4!k`!JmW$uZ
zE2Z#hr4&w*p7$dj?gw<lQn=wB)^heL$dSEk6|9vDpU>Mrl0Q`E844Wdf?{enI2o>*
zn>h}ubPXp%HJZaoj#f-W)mq)Y&s>MoB0r9Ln{Du8HBBDw$0UR83E+f5rwN;E#`Fzf
zpD7F*GAw$|j}umSZvaoNM_Ntn^1HX#69<2xLe@$MJMG{Zv5q>fOHIgNrfgRTU@!j$
z7^bjuHV!KGE*s^Fs3=s~b{iu#d$ElytsC%IOB7&umCnxka836W`>@d)n(f0$?_AIG
zaX3ZXynk$};vNUMD`U45Ixpk0wEg)wxH_Or{82{eBO4PWHqk+;WGrxSQPP(>SRu1*
z4j#yKx1b$LjOgPdB{7`|+&x-)z{oKDR&87C#(q@A_1QBVp%_`NgFTYD$$d9g=(wNR
z5X5Gc5_7;2kSWxg;fOjy8t5k%J#%Qyae8huygen%tFlXO&K}oIpD#H#b<B}H{k`O@
zYM;=B$)yK$a!8}QbaGp(BWk93v_%5hcwQ#rtHMG8e0OD8R45yJFvU3%D)XX`<i^e}
zmRSiEA{9JMk)wn}Z?aW>gpzzUU#+ngO{4;;S_?EtMs-|oRjwI3*ARMw?Q+Qr-EUyE
z9CO6LF*(%Vji?z$j+o@U`cV7N-m!-5b=z}u0xlx<5W{sTO*61kq5?{clVcVd$dyCK
zM2*m-3r(_4z4xECS7XfFGndmv<#gf<QUsm$-jPu#(<?IBCwHvjgAvcYNFoM#aZGZ~
z>8OyR4(X!XjRtrzOACtnVo%yG0ULE%tdp_&KvMI$QE-p;6)CSS(lA*K35=4jj;fMz
zizqSbTcqZ5;O0+XPZ}&SF;6nH44jeZVgsAym>dJ;a&no0>&i5;*CZpgLalZmtG!?i
zwh7`PnQqo^iEcG;NRHVdMoUf>B)y+Hja)QIwpLX0USWTSOYC+8wo2h=5x63=$wHGU
zbWRjzt1%go*ru|h!d7bZSQH*=F-szm>2Z(!pYhPWk=U-sT#Ld*J^4l?E_)|P7o$mE
z^RiiET|~nDxYd2B=_W-Ca7fVn^YTj@R%PG9&tz8z9+ZU+>?ggDzp6Z3bcrLh5i52C
z?=^&87%J=M9M^~R*bPOeLQ;mSF#{NusEI4Z|H1~(^^*eq>M!N*-JQhR=@W*_f7&M&
zA?s-)U9kq(*r~9|wwNC(NcB@SX0DB?TKJHl)}AS3u0!(l`=0*<v%OqP&qxwx3AH>+
zcBZSym%Z6SUCVBg*1Jm5eHG)?f33b(ugnSCuyghM2`w!CSw}eLt1OG-f@)oIzZ|0<
z6O>3}MFBj~=z;)BJuyQAc;*R}`SDC2E#2p2l<|xAbJsvsvQ=BGmT?j*G+c+-9w8HQ
z%mH^LgnFAeAmr_UNzVK)<gMmACF0+Jf3qrN40ib)W=PIOp(o{7QFGD#bj1HQkH9k$
zsB~dbVN1Hj_LuNKHdosq3vU5$#Y`pm@&~-Q){Psb!z6qZD<-|irWZ1jV*FggmlnWR
zz*oM71pjOZIqFMVR9@GJBsHYP66r)&Nn{YA+a$7r(8UrtPw0AyjFM<}t(aHAuirEd
z5b_)UQ8)XVew>h5M88PLLL%_&bV<z?!yu`mvBi>8dz@TLI+&>L28~d<Rp+R`(9RIj
z>1EK}3mabL_|p$)q(FAcH8NFoPH1GYx~`@_&iUDQ&kcFi?+^?le{=73b0)ikU*{wd
z`hXrHq>wbIb>{sSxfSXP%p~j{F{b(iz9<xHagVBJ`*2ttt^?<-q`5u}^u1k$<$I`t
zG5q)WWQUB&QkJ-Ht!x&$$}e2yuN*?`mAXK^#ugp3Wp$g5`SKkhlvx@T<)@ycLLKvT
zvp~m6y+_sa>#ru+(hyy6pCfMK8!h#b2X{5&fd|7q#yt-zJmwP*?s>ke?r$G5RA#+X
z1p3fdr?`hbSEgXJqK{8;1$u0XpuT$l6g*XEZi*0VJv#*zUbQ3z*S!<PyA87JEh(7K
z)NSHdCSW6`M%V=@xD}<YNx}W7J;GjYPckp0V1JT%Oth9{u1mq?q{zN0=#~7(2g$gW
zJluG(78=1#SbRZJ&ne`J<em{dt+?fL3KP6RQ6DP;-m61Y(nob_%-dh9IgdJ(V=9>?
zn%FF>JGmIgYeKAZb#*Ss2ICyL%rV;<EIPT=sh`bp#c_smjA2pY=LO8Z8$dqupATTG
z-`6(+$NaH9Bd{u9?iTbXU@jM^D`1K%%L49W&Ig_nx6gkeKUba;w?tiQHjWDxK<^91
zLHHRr1ra;q`d;eyjl@2g6$da)seda1Jyo_Pfa7ZYiyZkHTPx~4_4jb})Y%I62ygvW
z9D9uLaX&`+=zhUse2+Xe*M8mIk}c@<QAM4p;iMvFeuHXn&;%@uT&Ll#YR=ZsOZ%d7
z-$EfX6}$($XKnugozx8<ptthQx(~2li5=EX*p<)5w!<7PwDbe))htmysilqk0J}Us
zQSPIM28k>6--_}>Z`8AP7)c{<wZU9dz1kLwOjph}S@dcfH(>2z8;thp$J?UB_lmgk
zpiM=2nNz2zjk`WJwIM5*`@~C3U)Bcqm^!ZwN%y-o;{)NWc38pnfgfWnH}|x|m<YE#
zIl?^D4%aKo_an^0c9<5WFA#l*dF^;RoQa_u+mZ3H`b<$1|JrU*6Hk}6BYhI|Iqi@h
ze(gXz><iPpcI0kKixVFpFIAo1hMY`wpO{fcAJ_)d>Zs{$$l5v~QFArz4@27FXx*ga
zt<bk#WI<bG*5i9yVMD#>b!|~vFCwok?$xt$+G1pVeM>9MtIx&tN9yyvZE>YOKimp~
z8u0CHF{J_D-wL@6B6qdL?gso|D_m&654FYP2K;C%lr&VuT~8YF$E~rYQS8*VSkai@
zY>hrmnhb4=@+SO3YpiM7<nBjqlyzxqTzsX;<_}TyD&OB4vzs*;{UQ1{=S8h?x_Ohb
z53uRA@Qqd&|BhPJifny{iMP1%j-J&9Pv23;w;==Gb>DQ+yXuHGB=_Ce!EG?6l{rt0
zVJmZXJ1lHvPH%_2R_67#*wX5Wr#9F90&Xhv!IFQpu*L3&?Jr9Hr#?KA+#_X!70+WI
zN>u*>AI_-n!v(g>g%#J#MWWjC^I9Kry!JyMioJ=)1nT$Zz1WZVE!^x^%ZY!aAlk$&
z-<SNiDF(@ba*D}rh{`oNa-e~}N*kd!l*GXXE-0M^b5)bhQ1LX;&r52O0KY@DCIVw?
zNkVs=(CPwxJ^rD>)Ov=$h+%GA{Vle{v0lM0Tn0H#wuX3dz~f|iQSNcmDBjo2J_1^M
z)2i=j2+@Nt)q4tlXm&>t@T93Ij*wi3Z;50J{Fp9>@)b;#T}EGd2FFdW*=eGNJQBZ8
z#X)lB#q$G|M~KzF65fqHNAT??^1Qwg&`1@~>b+QDsyn~5uO8J`%f43HX2CJPk1v(*
zFN>t-_3pNSD$IDxSV0`RJa3m*e&i=+l#JiUUzCIqTP{`i(G6_vFigcv5?`WVBe`Gg
zSF7Y2{{s9A%kp3?p#rB5m3Wzkxf09MT*Ny>!&aH!Qw8G)9agbNp?g$vR5?~7CffCD
zx|xdS5n5p5G+|{n#z>*T4EH2<!{v#gaSTHgHoy^x#~xz~#==S+oLB7yHuAL4a0mGw
zOVG6Kp1ha7qRatA*xxGe8xyMa0I8qDkt4A&9DQWko8z*~uLdweVP^wwzDdDiSE*cR
z(qk%H84#$Eu60wo@i~6X_OKa#T=LLCe(ciu9flh^yUwt}OAj$O1NA0`9GZMtkU*23
zb;wb(pI!?;v?8xp=a`}E1Vkn5gpFQOXpV!E61!|;lpI>@h?Sdo%NDFaFhxdsdPdUP
zGL=^87ojIqVW-$a75fPtu40YEA1XL3g^nq>D?P5B<9G2F;4gNbj-Eu2=;MS9*0Dme
z&v>v|5;S{`%t}3CQs@>B_9=Xc2iKIuKElGQh0o{K#k4M<$RheY?y~qoF5pPq?g*R`
zES_Vu96Atz>oPmxek;*F%W+c)Rfzx9QF2}+>Em5%)f$8U>h@eeT-EpXteu8fckHy`
zp0dASAVUsaGcZ-K#~p$psSAFgn*!6VVr^m)=0&F5PQdQS1175c_+1Z>;pC=`3?)@4
zpWbS)kBtSYJ<xUoY{%Q!rSZu&x#}@y+34v_xbDM3??-oh7)G56AC^%|P?7P5|F{q3
zhX0ul8K!m4hiT@)+TXHaDG^T<oFNlr0Y)AxFTUI6d=tA(#$RLR$QVg>NdMP$yCew3
z*O~A95@QKp{3V7+iTgjn0x7il6WoyaqK*Qx@dX_*Npa4$7iuzPOM3w_`J7KNTI1tC
z#X*ht{1nqY`jJm?&g0zbh-^LSbVm&HrWAF=BX7#~j<`jG1s#!Z>N7eb-Aa7)38q;*
z=M(p2LG~w@>f@t6!7w{`rz1u?!8si<ktMF{h}BFV*%6yqRC-5@^rvlTk7s`W;||yp
zNGt1r(cC%F0R=o_o#+qevpZl!1RvJ{yCV3Y4!9MWcCkH<N2RT4k44e`N9{2nAvmog
z_9R5l>xkK5XX2MA3#W|v5?RR+y}!ir6z9Pg*qG{E`vS#voboSlBF#DW1uE(~C12n{
zJ!jh&=-<HU`8mckbS{5}8I7F7pJ8cZXY*&+*tqe+PjRjB&E)5E*CsSY6?Sc;JW0hQ
z^~Kyp;2(g02%eU(ltk>7u$3&S=_?ltV5CeptH_ksJm0g-lE^rzGW}X$YJJzI(!ajo
zc&xl07RyOz>baShPSh0|&)HKK<x2dTx)`Lg)pfC1WpnFdik6gJ7jr%Oy)>-#IG54{
z;EFz&CX`fSP8x1``QkLOBI$@Uu_F1SI><5jjXJn*u=8~=+Kk;-2fZzQc^!<ioY{4d
zZAGk3MWMxWQ!&CvC#B-9kM~c-C_8*O1;q~Eor1B92|#{>r3#S$)UOXo!Ki@qEE&@S
z!7IsF69^wm#y#%cmx75A>|ioBM)E63I1w2>mV^;etRxw$qWRQh?28T;CSgcS+g0_^
zGe|ckk;Or}G>M!G(!3;cJt)-SOI+T*5*pJ|j(?~7xeyv!#PN_g8#tawL4m#Z3%bEE
zQK3S`-%?uN;#i@+BZ#;fH<4qgc0zv0amhQudd}m5l^=?7?z&qkZwMeSSoKwjoRnJC
z(k+(>DI@Ophu;ZQ)D;|(U##n%3qD!b^||k=i$}69=3uzuOsXsNO#Gm_SfhmRr@6U}
z#?=$3!dhI<wMivzNUU+N9?p28`_#uH4<B70r8?_d4_mx-Cf3JBI*n{?Kvw(Ntu!nQ
zM4d~+a;~4OgKgZ|TL*`D;<`FwP-E8A!PSW1d{K_nAEjb&lyfx|nNiV4Q?Wd%o|v@l
zF?@L{HU)#TQ&AGD-$_AvtRpzno!Iz;Vxr>0n^UkbzG?4z7!;ywQb<N<wN-<I_LRvz
zsq#o}VCef;B=N`ZqNn`otoLzJ4xfJ)TNL%m`zTV}+{<N}dhLCj*W7@yEIm@xuhb`q
za<P{Wejk%5z1R|i48Ff5W*gy6Ez!qhms_CNY?jp$i!HvQ1)f^XO5a1NFMRQBl-un7
z8(84HUep4^89(y|N?EgEEwIiXUiStT2O>oKOCsvueIFCVtBbxx#`bK5yr6pMeXI-i
z5nyRkNI&~Fib97(-=>Ax{<m>2+-&xHC`)3y-bPMxvyAsJHHB||8z)ofwzp86%9p)`
zTd92ETUc3#j(iI<()i;yu`P|=dlQ4|(qnI;cRjxKO-!v9e)0xxH&9o;K_)chW$)rh
zLu=Q&Sl5VceHZDCX~jFZ+L#}F2cw#>l6P>p30?6Hwlw8g@8ERP@QoH2_bNU9HW~Vc
zc|-L74fDwRnDvG!-e~C?s_65|H^$V!E8mf?t2Yr?9!I)l<#S|9K|$&k%CyYgK=Yj!
zc2kZX9f6B7n;wB|h0cv|gK(Bapj5SQ22h~Y>Bq6&Gg>N)BzwKj%$l4p7XJ$TE8DCH
ztoi;{1*@b`rXmEO+DF%jBv*gTk3CkAPa2JPkIjbCHT0FEMrdS`Jg?T-2iGU!<~P|w
zXjbLf`Slu(NxW1e*J|busKh>1zS$<DY&<1wpAYM$`b%w0kXgA8hvfPjY%Enmmwi~O
zj*#X$WTWT0{tJKKJ8-{(HG|aO;06z|V-E79Mkg7@%JvlpBUEF*gWali+rcO;aR5W6
zXO`<Z+~B>T*I4InpR4xx=>$z+&CntZJ0*TdBd4TiHTwL^v({^5vP7=@G!i@74c|s=
z>4qZ0^1BIW?_b&tHzk(c4f)FJPkzK)l}+x3>+0(jKcZA)qq`x`W2JY)QxCh>6)W`U
zD_t?&%g%HaYDqoP74vAs?QU341qIJC*rBchHN1D^M+~yquC6Gx_=9h;(Z>q9Vz=$&
zcO`cnwzMk>8K2l0MShmuRoF~tYFBcfvoYfO2sXH@n_efqEAB?6-s^&jXm+Iw1_V>j
zbitD#JJJPtvHs#Nm=VXebiuVaHNOj{$48WP!>afnfC(X%*9A92ba5B#OklIR;6Vb<
z?1CeSY-AT~4Zl9PJ93iPz%Ce)%tv&_@D%o}GY+TFJDqVm#eeTxtW6DG`4*XVSVd<{
zON%(unH;R!yx(`&{i^@Kw>b4G-}5aNHnUcKi%ZR%3E#SWbmX_#(>(fiCyam1In)U&
zUgO1`kn#F^GdrW#8_w!ZnED1^)(J!2Oq<>bkKT0de}kg8`1NnF>g}{s-(YqNXX7`R
z`;95aam6>Lc$JOc?6zuSKBLoPa#q4VDfPL%b`#LjK?)X-&}muB=7AUSFHvy!vwIP`
zLBTc>8mFL~T(8E}p~|oF@PQKkU9>cl@N@~eB-M?|;18;Kl&>;*R*WFPU+*MU>nB4Z
z;+Axwt<n|Wx+WN_#O5_YfuiL!!40L;t|r)|g)^HV-4h<$1RFdlBb(rvhYx9j$vS(|
z5Tm^AVT6IyJkgL$GOW!FQDN})4RO@uvl?Q%WlnBL&iJf84N+{ncb&1_0}iVkYe{2V
zcleaXxW?$%#-wM!de{gD1N=@SWO3(MBOK?vun~$Q=*C9mLZmgT5hg_co#@ZVn76Z<
z;8IMITMoV|$_23rS&eW#b`lxU2zl`dgBzhNeheAd2$=~9eHx)Kp+D)>2zwIS3Zfi#
z@5>9jp2kHf4Mh1!3M&xprOYvE>JV4wY;eElt60lSOjbSHOmfuYIb@QF)KhGdX>?uf
zGs}AAIZWf9QI)@PsrYFradxU?ljH~;m8H-D8kwiKd({=HdR@gWRqd&f`)XqC_25*e
zzO;7{q42um|GofkK#;$^s`!KYw+UAMm$dgE`u8qrUcE2mzp0UOa-6u?hy3{-GE=3?
zJ!FyU?gEbWsF@y2@u>4XWQHfPhVJ`+eE)y`4ZW&w&$BjYmR$4iPtdGU<=;P629LUN
zpgl>_4qF(J$UNIUgC%O#Oa8?+=F9(6l#eM1(`}4a{r?|x-yI*vaisgr%=XOe%+7|{
zIJ=7l2qu9GkdPQfij;MtL|YV<C7%Kz*{1E&`5f+izO(PnHggUDNe~QRP5>haf(eWO
zbIv*E4CV-iSG`!!l;1sFeDB>Kz^}J^x~HeRtLm%n>Z%DYR5OEe`pV`w`mgZxYQ?zg
z#6>0bh7-5cRLU7@H>;hPV&5;<(kwU3{@zj%zuzq+`<t3@h~+Dl@UDxve@;5Vcv7V3
z_Y7fdjm%6TM&bi}xg0KT60}2tut%u#9Da2s)~jQth`-$~Jj>&kBduxyZ>{_GJg)Cs
z8$^74``ez2B>d>`KzKb!xQf^!#BPeXB-F$?r9OHS&VC&u1^hwF<z6i7KTm@eO$`5r
z&|l*N?T5k_b)K8^Zz<zEl!rO-tP!zXh@BR3I1xA<$@3=ex7T-5!msM==0VEMof0uq
z>ozwjDi;5P<G|0JtT7_K+?nL3{7i-S>$jT(lnPp<Kp*>!zWwiY{`IyEyac>t(a>~!
zc77FUXb>1~=D*2JKX`oIiDKlDh-G}=<heEaKAP67VYB8p35_=*`2xOrucnWDZ|oPq
zFWkczHVaWw`Ktx@NgFD~P$l07)XHrFA-fqi;h3bA+Jyc#Z4wVkH}p^ENn`$2_!=Jp
zAMtCi;{<c2ML5ed(L%AP6<ByEdIniIBGt(akpAK6VPO^1t3$$R*>fX=8H#Z}gv(0m
z?hwwXo(Vxru)Bu@QKAJO2e=Q_=>eS5-J=7zsXu(~t}M4#=M(GRuHd*3Emtr^bdObV
zLri@lV~XUyA>*bLIwcck(+<hPQJYpN3xk=qD`Br*E(@2Lwn-KWWUW*dCd#XyKOYN%
zhdnG5eCxT~j1`I4Crl7(d3zLyx|-IkX|7LeeI%?Fd^8cqh1hOx@l~9BHYFKKRa+?G
zvf!I2p^q5rE@7(pC%xNSGcQvGw0(auKaP8&CjVDS8zt{96UBnM$;5WiKik9{$z5r3
zXuZXU9kx32eKee&S$qS^zte}^vS+G~haef}!#RbY(-f($-CjPlYrL3kcTMwRnf;f*
zOiep)VyospWa6lHLaRB4OP)2>U#y@+(5}fG#9ojwTdYrmx=Yj!$`~WXN@OgNhTHzT
z)(`g+TqBoU2UQxa&wx9EXS~X7E$%5Ol6*%MZsLAG;n#OoD!6F#%}~&b#i&!0*<LBh
zU${Amwo$}P!B-}7Oq9<p*m@-AqD}JLxc&o;JK(x+r?T)BJGbsXYsYY@et||`rS0P(
zkb-OND7D23`9<p$N#5(JnWw+QYq4GezI^RZ@*<J{Q@rN=Cw%nU^UwYZJxjXEmmQO9
z_Qyi!#8`RmYs3!%2Q?BA>KqO0L}Q{xs4qNJ!&TAjs-d6F`^1g~w%8FnF4(+V`Spd+
zQakRG46_T<Wo@!uIL0mdg+Yoo#x4{ncc0S>-Vj<xJfjqR8R*I9F?^VmBhj-?<_<*1
za?e7(zI+B_4;cE|csR;3n|6^2D{QC5Ki^+CDd6vbzjK$jBB+_NpR`ROyuB5vW}ebk
z{NN<F72gf&-HH~Z|8`3(w0X|AL>cq%YKeZbXG2SDl>PHs@~!FVEiqZG_c$B9?5<nc
zIA-^ZZHXOPy^Gmcp<BbKmZRSBZ0s_uel4-tS#NJPF1kEVTcFBauOb^yJg!CAIBa@u
zw!k>AZ&Eg%dOa6fV3W@`ARDEA&#@MG?DySng1rIHo)#D%Oc~G=*Ms4UO|T{8Is6h1
zTh84t34J2kxEE0zap%2AI>xk==Vi<@o^ndT5rJFR5>J_<km6LQn6E?kXa%>Vckl5P
zs0~$we5O5=g>_8puLw7pMtEbgtaVp}?Xq@B77ohmpI_sRleWgLSqkx#_Y>DQ2Pu3?
zPRLjw`8La>HOFSjxF#K`y_fNAe5hGn&whq~&=zx3ecxn;Q$nmK;}iXeZ?tPiZJcs8
z*sw;5729x1dd$yqc&s_obBN)Sz*<HMX1I{yo=_y5qE;krI1_G4+CU~elB%EYd(yq#
zArdcwZ!LFo7@NkU*wxb3pUawW{{HXb5y7N--gIojR`?0G6)sA?|7DQS>tgJ8a2Iwv
z9Oy2(H#)FW^jy?=h`R$irr7xXz6ngr<v~c@J#_41qm|mWRS@02=K9O$?ew%W3?s!T
zjnXKo&K!nvX{Gq*>*W8Z?0M!Eagv0dqHmCd31X~D#0s&;v$mQfPnNV{3b*=v!W}4j
zj>{+!>BSf(`G_0Lm10jAwn}HE+V}HqvQa|Q9ulq!F;Yhdhz0+yd44KbiFt65HuP%(
z#LE)iXATLq{o%gJ`*E`q(4X(RizX|u(?x4lo$SID(LKV2M<PGX7$LdtIC=EgTTYy{
z#j2bb$=t`C=p)ye@5FN1J;h0oncwEwplA;aOjmtp46IgTdkuoj+EznYVb>NI!Zo|L
z))2;M+H4*^R9kKc-E?iLAq>zTe)B#|H=)LP<e~t<W8b6zsszu-01c(qJHW4x-thD5
zqv!qTZqxSqsZYLDe)MCWC4OvW+CCpjWM733dt}ctA4V#H1wPzSJac@Qt7_eR)F<B+
zFBaN8=e@XV*S2|aQ1dPE;*OSf&_upop(p!M8)BZ_ka*njT|74Q+aSRoo6iHcj}o5E
zYfb0|?LNa^!FQVBhTvJlLq}=_jC)w@&hH__PV>NNTf|x#=5wR%5^2r&mh<?}v2h}O
zXsvG`fuB>?MB#IHi*x@VHyWWpOyARpDAcp15mrd<@<y0y^OQ6~wXMa7I6rTi)(C54
zcVQz8P||xf!cf&yoq@foaU%n>=zB9TS?eYq%|MmIvpWMb4bP$asC0(6)yFiKXJZD=
zxy(fwC~<pcXJD!)yrVubde5YW=;PH#Hxy?0JpCHtw$F970ebj}<nH;k8}%_N;6GCz
za{>>2f0B8fg%6Vg-c4xXsSw?uV6Nz%sbGK<9jIWb<bEpC{DrQ|sIX}lWZ`P!2IDwJ
z{8!kNxWQP>v;#7iuB&8Wo?Ib(V~u<#Ip!`N2Uqx%Te^GJsF){eg=%8RRc@dASixOM
zJELHq&9_P6XM^Ju<g&iDf0MSqeSZGSw8wqR@ViIey$Zjiv0TAG(M>w=e$n?p#(0TK
zp{ofg)Xx@MCgXrjE0cwuOq(JLOPMxH7A`TZP!?{pyWbp_q~FzE3BRk?HGYVDG2wT0
zkcM88@0K0KlBdd!bCR~#PDAe_7<1O<SxEUz8*4{T+1JC4336<ciWTy?XLbeuA88@s
z>#UX*u4ZvsIGV+2VO18Vg~eH%7N%u!S}4row9vgVr-h+eoEG|Kaay>M$!XzyCZ~m?
znVc4OXC`Q2V<xACm6@CtM!djjq5lh<78Yc3T9};4X<<|*iag<gFQBLC8Ip-XUcFDI
zP~!7ECX(}c_Ge(b-?J-&$iTHQ14RL%i^8Bb`vt5B`X{`A-NA~$|3kXS#P5LLxr$`;
z<*4SM;OR#YQ`C+yKK<(%@y}Qh!%C^I^xr@OVIZuxME!<|-*3L8o!0S+@1#zUq+GbK
zqgsmW(lNuPuht1Zhf8#9xB18EIAik<)bYU92&6F>{dMH2;l4U%s#j{URv5Ip-Zpwl
z_^m-I+7!X)Dq$WE0#;MrRY*J#tk&_P@A8$==8TSW!k55W(N36So7fuYD+N#Rc)Gz;
zI*lnQBu8!fatFq-;1L~FEO<!A7CCrK$7z|goaKr>!+~yUaG#EyYH*K^3o5;%%pN4f
z(o+jQ(6L7g-lGP!2hU`BG^wLmw?yjXYy8^9%abLH6S-+1l^+rkKBQtZBDf#~iXwO-
z{21KGWkVPxk~utzN+~oVN+T6q5GBFd_Hu-DN9$4;Tjj`wFwQ9PrBM{B=8`DpsG*@z
zOtVMMg)u^loCu>pR|iKiUJvC)G0PD-7REV8WL+3bo$9p+N?q(w1UEd9{b39=(|3h&
z(i>S5#!g@42>tgPS0lLNH|UMy1J;f(jt2ac&I?8=!`K&8DP0}3&QLlOITc1>IJ_u|
zg<;2$2r9#aleBw6XlEVB#P<ma{W`Wf6GsKMER(b~^>P+*6gHCxQi+siVuYGDI}=yz
z*48+7YHU#^#u(b3ENn5{yRxv!$%s(PJ(03F_IlFh#<9+{cEvHvXKjdMxSthe;%rd8
zn1v%DR-A>IkqFV|x=7l%OcbVAtK+y3Q;9VkPi3=-9i&I{GjT9IEjJVM>sc$}m{i{?
z%*4|A{HSVE18a09`Zlzd#4+RrqaqVe8#(3^n}|E+5nG8n=4N4X+|fS^bK|@Jw7>sQ
za6OSoOZY=q8!7!3rPoVe|2xX&39dULRtaz16HzSs?{G+%Ec-wEME<{1=89Xy#Q$im
z6);lx@);d{0eoTQ`tX~V`Q3`_jXqo#v$p!NT?(G_VVzCg=*K{&ulFO@ZXNP-ci_Tt
zKY=FW7y&EI<OO=u&3>#hw6%V0GTJSqw9`1@!(OL$#)sq1cBg#U<W|@CaLsL1Qrcs!
z^5L{+=QH{8ZQ~TYDewzA-NZlKmoQDTD7~_FeAUERzw7P9dChm0ibXtR<ad%f-gk`k
z{I;UH*2eFpuD0Qh7_Q)kbmnq?6Fj`sh6%RFN*k8i>LmLSLIjAYB)1!@6Gi-$Npkz2
z4%X0e{e;si;~Md#;0_5xgjQT48rvjX5`tTJ2YWnQFAWk~aNN1+EFqiTc2_W_@i4&J
z5PpNc;dKcIq~9i=H9)+owMlZ}?Vr@v_a+Vw4SI7&&wiStp~C<Ez1~myiPJP9wrkQ9
z4HMOoNt$#;9HfdhOj|CXLw>Rz!F-N4+*@q;T^2A+aIdprA&GTj)$Ua`VovqIF~}Ml
z3PqC^g6Q66qbV?XjCl7Z8&2@#P0>v%Y<G#0!zDLqi&G?vTaUZTZKSiffFqK7g$-AD
zvRZO4vtfXZlA~?z#WoTHEo;Al@AJAot=V7wC*Ys-rQDSNhskemk=VmFN6PpijmHMT
z93c~S`deVL7@Ey31RE}rF;lYkGQvooQhJ>&dA~KW$IG2F*WWE*k)UnnVe1<{zsK7+
z848-^t0WfrQS>P(I84O@X&H&01xjd?iax5NK*caMt5zRv8vaLg`ZOu?`2K$I@9`G@
zUE|B|UF}j!eCj*flCOpnExFH|!!1djwhCIKw-lM(l9YLs(l?|?QA=#IMGm&aVD=v6
zR5NRTOYD;)ds||@64}ubxoTu{OB_{s-C=fX9p!6rN>9+W{MMMEhwi?N0glF$v&msh
zZi&T)I;<tCjD~qFk?-U_?@FD<trnQzQg5`tK3BtQE%4aoyV?RhJ^w<rx|;72YBP=D
zFXN=?9`!PAn6Hg_8E3ueV_Rd8&$<6)Ebv*gUq;W6tFje_g*@w9VUp$E(h8-PXJ;!+
z5C3*zYhu0DzE)TkHCDF9wy3tJHHuSQGg~7!b&z<lHBP0g^kaLy7iYJ|nEKk}*247$
z230F;Xsv36Lk)jI>Ae|U1?tevM%JR1I1>+yYK@0+V`3|G%Zdzcg~BZ3T1%|SGU%CG
zSym|xXyXh@_ibW5Zh?DE>WpcPaoPH?Rw&M{4{Xck58ltV?zh0g7kT=`i&jNTEPW}m
ztR+siaExz_t1Xt>o;#;V?5Dk=kzoB$D~qDDuQW=F&7$8EL~Upaf#z^Q3bsfY3sYz@
z+gC)<)5bZ$QReEIf-B6^F9p|S_ka}cyCydU50pAfQ*c%dosE&8^Q}tZyXKT$uele;
zkn1pyrC^d%T^_?VSG+ie1#WFyim=ITr<|dtx;6zDyz#3knB&v-r3goT{K>OE4ll0z
zRcg5)V6BVdcF-z`;!wz%MR37Vskh55YYqVjs{y5lM;%*IFd^z#pMqJ@ZQncx9V)cd
zMmf>JSKvgc@ZB*^Oc&G7I0?kt*EmV>|31Iz=br53cao>_U=h}CgR~`;9-PChqXvDm
zPU%6ib=bf?IsKFq;}!cvCyErR`cyH-Ix$d<ji+q8wbQ^YyLHgOJdHQ7U9<LcZ|uB*
zIl8siz<RwjxyMl;B#e%O>l`Gwf@>T&DFiDWxX<C#5;3^SK`iJK;#pE~g@g3D;4%kM
ze6ZX>aIQTtkp&k!u$U1&=E=c@R9g;~QEi#ZmMOtf2ZpP`5(j}xLgwS`_B##~+1ml<
z?7<=j7HYvc4)oT8vm6+!(+iL3K|+Cd^x=v9xiV2G65r;L13&T2tcMDr!Gd}iELz3&
zXzc!x$9&8fP@h<zy}TY~GuPvKSjIfv>tmJd?pYr@WKX~PSgBaK^{Era;s!WjH&@rE
zwV+O^k8aNRs0P^R)Rxv4Za5<c8sLe`mrr%wAxa-}+shlE$W)8#W1ug7sy_DkwE6Xg
z9)6Yb2l#&jbPcG~@brMSvL5<`tReMqDr8NshY6NSy<BTqQ|qBe*r4?6ur;|J`bMmY
z^>8&}jjxB9QU1)1s5Q18My3QQy(PsOLthoMM%6?2RI8vKR;BW~mr||#dMHf`Q~F|>
zHLM=i)UopF;a*+G`1<Hk&oR0_hSWRuXE9@930UEnC*iMtk_heclnZpDn?y|fpOepg
z`O0QtfQCNe-|!pBDru<IVr+;;i%`qsyZ^Ca8tzExk2Q?7Ige@BU<;ON=*d({7qeiQ
zhC{MS4Lp{ut#&L`c>0)PZMNf{GDiBh@zA&7w*MRW>&1ji7dC~Vxp9EuuYF4yx(ntk
zhOVM9gJFT_Bh_r9Xij4|EapD*L*Y!Eft$p8nlJg&xg@vMwiXHKFVx<ts?o>PMo5n&
ze)|#_BzRfCAR%~BApPVYk~$){&1ah#KK-DVObVax0>7Vc9%Q72TKgGEb#p7jLg`e^
znQI5|dkl*N-&LKy#$2Kk%I6o`7D*;)MjNH!B4>(LPa;mnwf}0_>P}Rr@X&V`?A9V3
z-L$1*tzJiz{K>C(N!Td-f|?MmNfMEF!GGktz6~qBm^cFr9p&)MKAA@;iF0djYq5kQ
z0^g;$BZekQ$dl~jC5)Cn`L;2B3H&Z^KOr(s!gRrYRz!)=h~MY49*DRl5QteIMox1B
zA^S;@u-(VWdTo&gq#2VHe9XP-|J=MM<Fa7fkx8)lZpkPU%^NaGCH0z&J(6)%#!1OM
zE#sE7`nfs(x5vSm7|Y;65kDVO>))e8@{H48Y2c<1SZ)yh)#ey9(7y4+z(wN$skm}v
zg99gIXE)BkBgB_4EARB?kzXRjf*0Fs;xdtL+y2F;41eT~Qt|{wXlsOEEM%B0+_3$R
zC=cT=fxk3HNti7-c^DuuLS+9m0sm{phx?8C#Q`22)>|X<Gl(($3iy>iK@k2qi#v;Q
zFBY(rS{H;>LdrLJ*uORhxB1CF2^}$G#jDsQ`pRC#IWausRh*T4gI*;VX%2W57i^!D
zzluA|$ZLmOC1csEs8D<Z+u@{Q_GyRx>Rf?}`)fwOS5csueYokXyVt82t(!ewMV`ax
z_A16X%%|;;XBdy$VTNH=x5Hk;tZIiX&iASAM3-@;9p<>qOYJb$?Y__sv)$&oc9`rj
z&a^{`$2`>z<IM;?xxzH(w!>M|tZIwX-tdfeq*EIs+Tnr!Hz%lW(74hTeM5|%oE0*=
zw<BO-9&3l4*559E6*t1hrgkJR%nkJ3=&u*Pit{N(SvwS^hUv*0sm6)6xSICM$8FIw
z-8j}3UF-hrep?KyXB?q6>;LjrTa0gD9BPXh4fVZkv9+PLqb>Hn5Zv4rS6(pJwZ-)e
zy`n9O8nro3eQOk6(iT;5y{s)JX0|!i7DqC}rEPIH^Mr|K>pvApHGYrGpCo?kxT%m%
zqPWJY$=@|+C9aYheeILPIg&|~@F6!cc}TF_LBiW46fr^MR<rjccd@}kK@2pw6UxU9
zbZ2H2u`V7l8cSqzm4VGN-|pI`m@5pNQ0}p3ec>^<^{?=8gBo7jBD`I|dq3c&TfVIV
z)+XZ-N6=RWw=0^fU^Is$$7I(U1y|)C)U;D`PfFd%d5gJSM5QoE_|y91HafxSB7XNQ
zj#6FprDR{hwOK=fFo~Ap5~=k<4FhfA0u9q_bCc)e=F3}cn-#)p{e_JR3X~4X`sqoZ
zF$O7b<zncp4QIvhI<B0BNcF3<wMstcPMYbOt3>P<{*e5ZKLUR=DkScY@03IUEldn+
zsCZWRKiA1fp5OVd+6hp<dB9EpuHF*v5ihdHj;kzOWJe$Q$uqt;Q)p-04xmh6c|lT`
zv?~F^-u@#29us9x0L3<QO#nA-?qvZiVd=91=q+bW3E;dOE)0;!Y52&`4Y!5|utPBi
z2GCOt_Y7dN+GJo5Csp;H9~V{c2|pgGG;NdY>R~@-*rU7s=&A)42Qfk;V7Nz9xA}2I
zi>~vN+7%cT#6q1UGLE<d6@DD_q%8B}uIIY^Z_4|36Lx6oMuxB4WsKhgKf=$2=@q14
z%w;qlo=J@K#Kt!mZi{L@<38Q)G8~hf)r^#AzERwdIjB-T8!y!E6(rX56agPT+bc*-
z+#j?GCH$;C_w8i#k+4iiyFfBYxSp){Dfph{10lVyMtDD^zs3W<jMtDasZ%tP<e_2>
z2c*aqjmW{8qv3?jJj=sNyD!;^DC%CbV+Tv8((W=3MAKh>?*K<%2cPZVd`o;U9zT`(
zOMmQvjADUc_*jvhlQD^hCLJ%a!94zqcc4OxI6YUPMW~*UvB~z2`~s$WO2$UU{mE{U
z9aMdv?4X)OidL=&rHcC-`i&>)|IgYi5mGO&Js(c^4}C34dRk{L8}AF|ttk47{%ui=
z7aOmPVryarm)fGsqokelOO{Jz>wFztmW?f3xzqNfV6hTBlY(n%`kEAsu=}2*V6tZQ
zj$w`FtBj$a?%ET>THR9>!$61YeheENo*}8|Ww=JAqQdZ$q+*cMSd@y<PGdzXs+@J#
zrjlOncvMH|=dSjAQ|{~)YGV5wsDr_RXH*>=7qXYuL5b)osDpWu?^YW2N}kPWm}K(|
zO688#$E4vBGoPlSSdMK=#Sq1FFGk!ddr2M4Ry_|>@kGsDR0o^wo{gy})Up@U!9~rp
zCKcs+_WU~N<M6CZ#Q{h5ygHa_c*;|8*T|k*2kV`l1*z!i%BJq`ba`&ZFv*=gGZoj|
zo~tpe@?=k=&oVt1VmM}IPfW#3ujh0OkG$E1so3cA9OM3QvkOwO$v@GN{I=gE_PSy-
zUHHp3z%W58Ffmr}_cdwNxbAug75dM6a7<{o*MmZlyL;Irv8^6joBqWfjI()4JQ&2n
z(>xd{tCQUH!A8Ct3+0raZXA|9-QC0lv~w;zQhYmI7^&7Nabbyi*IqleS#7P&Hhl6b
zkS`d;M1z9SpAoi=SKEj*`7YaSQD4CbMeKRDmp4%$bPW14hWSw~r~~}8eCmz~V76%V
zAbul$GJ*J$#BV7V+l(q7%5Cl|K3Ym?Yy2cvjPpLOw4C)}7>myIV=i;=^I;`(ulHd)
z%USHhZ22_R%~g%bK1@`NaXyr)X~fBPsm2H&E~sjr5BJpQX+MV9-A}!kYuB%PQEvbI
zq!;<xn%c2-C$XQpO(2l;o&VDQ^M7tndyGf0zeVsy_~6IS*-(U*h^_}VY!J%@8s%b}
z^?*y7uWQQgi>})YeWberalR?cq94oI*U3FpewoTaQt?A|KD|TG=ZM%U@O{~Pf=bHC
zQyz4><{jSwpSz&~+o)lm$aZR^L2>^pgKP%nRN1uKTxT@yYM7wBcVELC&2dS?a?L@d
z8?_G;ZG24R2KrM6TeJ#Xg%&PK#(9g7a>^PDqZPH(LLa@CG||F7w^d*f9sKoV3l&~<
z7*+79`4(3As)XGZx?2uvW3bi#*%;{HCOp+bgPCITca6V}^rD*In}oK;tSHt9j2O%X
z$#)@w{!AMZB`gwp8bKM;?nF?<w0jZUXa1`Z+>}{C6qD`h$`stUt9PR$!rV`yc%%ge
zr(m4kWLOG%I@}{uFx~OO#whkX<TFtmbr@Ho7;SiOL^02JVI#fEP}f9p-Ei)V;)!vL
z1o07%dLn`|p74PP=9}K}DOhLH0FCmhJ0h6q4R46xme)Hr1-*UeNGx8lQdUQ>DB_^*
ztd8U-_3nR3m=CLy?Dzo><oQ5Q%kAjKtzplK>H?DdVlzU~lGfMGBdJuYI4Ff~*-71x
zue4)|O{-F|o~VdN%$C>LQO-yj%#-Cc+*|O^NtP&S^z<6VciE0Ts)O1-p*pD9E9!b7
zc`kR366b_GVZIIbM56bF(%;Op5zDN>YjcI9(^Y<=Q7G);yKJJm){kxyEAk^(3ib1&
zkIg#m!vq^gU#D4%i`=HfI_V?y_7$*Iv5s?cwfgu`u5#<2D!bLok1d*Y)Q7Vg_jXh4
zu!unnFf3vLQw;8{@}|=wMlitjTY9%!CWO+@-4<Bqwz~Oo-2FO%5|8!Nhov5F7eCo6
z_b1Hb?Ok(LJ5ESk#?l{p(MK3T>t?JJ-RmO&NNP}?&Dcsz#rEDcKZda225N%+#ZVs}
zCuHXnIacn+bS1plPpU|GxF1_p>%JE|?CMZIPS_hxrjONTa|<Tjy6eSFU8QzLI;;X>
zMV@p@@9}(x;LtcToxoG2nZAqO;!WS-$2{+M2oBxwmL~Q4dgugn3Z0km<5#)Jw-!lQ
zF0|(^>Ou=7j1o`R%n!Y*imFtJX<b7YDb?*8LX{NC4RM>&ks-{r$rD1vLES|mT(Nz3
zvxPm(DhXkVoJr{`vRW0yZTWi-LRhX`rFLd$o?Af@!`V-Q7~-gZGK4b6S{k(nuE_NO
z#<^4O2T<h>bq(@JDSd;O>ydMV*yeGM4C0FCy923x)0z;(6mMfnS9#UT0o?U=*b~HZ
z-<?{_-ywMwJ?%IFcp-RHK~K?jK*4m;zFWaELKF%PiSOU!=CQFU3PDz$zG>5kD0pmp
zGf%;4b|X1XSqUEw<_#WpaJh2FKsN{Dwo{JqJp(%&#w{M4GE!||B<VZ<j=iPe6T#Kp
zhC$*VdfHGbS>3sTMJ>PXDi}RP3=)iPoQrxWy**JefgQO#)(b?urxHgRFX$Hq%t?rl
zg&e8zXJ!bX_5PJn5X3)+p9ZjAFfRpgQ1BlLkc`$=28eW07jY3-Z*Bk;l0H2^BM=@R
zz+*`(py9W<`vh>(7Jlj{&>kcZevrK}BZ!r<MQf^`l1Axy1lI|LtL`#dcd9YnkNIjO
z-;XhNUV6*k;syy+%_0F@pua>p$8{^ukL3=X1nmaLYwL-SjFEaxe@Xr0A7xAl;Y;&o
zh$Le0IxR23Dhy$ms16Si{*DX@VY_5K3Zbvf|1gBzws3`o2R3!1g>Edm%|fMYP~Gct
zuqs5NS$%AwNNu|(jI*l0dl<d#DMP|IY!4j_W0w}YWnq=>nni*^4@?ZBufsJhj1vx{
z%)$uMS`orM(;5^a4cvd<!d#!VEQCA3&}9pQLcN~pK90m5l>QwwuK(O`_Zw(h|69sy
ze{+9!e`GWG#R@M8m8(MfERnm>T`3BSp7&wJ?<u-i;5nZkAv6RUrV@DgG<~sve-04r
z%H!KxT%N0~)xQ`1qV;q2c^><F;nlX!<$Wx4dR?1mpp$Q?!L2oO4T4L)!L+(X*Fe7S
z#GQ?wA$CuSw&d$=;D&9YG~d8>Rb60UziMtWP-xdK8p1UD=I8wk2Vc=h(|XgllhgpA
zmvmDmrm#dzzVq!@v<n&)k_<m6XzMkc7JO^D{CBO^NY3~wH11hyrH0FrZ@EUeF+?)|
zI8#ZFInSKkbj*^q3A(UQzG-{@j4+(=V;Jje!|S>9s@<Y>fIEhqSBo`1j(V0D_&Bu4
zAWE^u8AK4Ii_I24oM51<^h186_+g=e%eJ3X7}%L`_jg*h&Kh_mFXk*(wdk9-s-z%q
zwrB4!P;DP=tJPI(!UWr|4+^;-@Jr_XKEQD?_~?E5iWxksfUz6zqlg8!ypIvGZ`1pP
z0wQbQ<sp>HKfna_CoA7WzCA|iRd%!dJ??E`<a@ZT@zTZmPkO(H*^btf?qgV^sICzx
zcpv+mZp!KHvhv?2jQ?9oUvyi;-p6#0i_!(AvHBxSF^zd2p}?!n{y;eHRf|5rd2i&v
z2k7oQ$-m7n&H4x>0d4mOC=Y}xK0t0rTkrvHhtyRcVvwb-{Sf(9!%ZJzT=<I(A7N5d
zU-}`oM}z%8L|*LI^yI))*WmXtCN;hH`#6#6>h?aarKUf44`pet+wWm@TKy~UVP+k3
z)w@_*=gk2hU|xC()!LWtI{zNdrl%i&51Z?%)gNMaUE|`1=vj}yeNMf|q4zMg(SD)o
zBjjajT|dN_OkXeRP}U=!HLJ-lM|_02FX|&dM)`~Ch>x-UMRnH4*#2U>(I4aNOFv%m
zF|IfJ;qi~KtGRKPCZc&-^#{mr(UIy7Zy8zn0rs?vQF>4-qtC~f*2<svF_yMc2Y!sv
zFS~AigzK%li@QEXX*-pEjQh@ucRs?U?`Y>f5>EWZFAjZ#ZLb@bKEUDE)2@Ahy!IM3
zw7h-f_6K;}o;SMUjbC>C2-m)wQS=E$e=lRiCm8mw<IG1G|L&YW^GotKJ%vHS4kz+N
zu3|5cVw)V8ZBxfNvCO7UaAJe4@q8zaFl&PY<7Ib&fwjbS9XKX`4+IE|c@C5*@u3bL
zJcMM<dez)XM5`LhiGbBtiVgI3I0iT|)NwrN*C%d`74b)YNou!XjS_K1_(5%7-fJFP
zs1tsUl<Bx31WI-E5xH=_ZHtf6NlpC$4{99mu45)Qx9X+DyXvS=BLzB+sNW^9V7E$i
z!m^P$I)-VxYj8pzA>r*J*xx~lJzGE>7lOxiY!id$2||m(qdJyKdS3^riOxGbrh4$Q
zjzzZMX`KYGI-k2A58l#=+=DlC%uwtr9k`_g&*}u+f`@fHRf89G%(e$l>UeAqUemEy
z<F)o`!K=g`^oA7<?AE&_&H_(}!d~$;tE>&?30Ai@7${n$Z7`LaLEaE!W7}Ye#GSm2
zmaWBYFkdFziF2CkUK<kU=AAZ};Z!L-*c~r_1$*4u<u<}G_iY-TU0!uV8%*@ayS{?+
ze(iJ{p;ypa)du5&9SAH3trcx>$g;+?!Pc<VrwxiC)~Gh9h`a?1h*|}0a4u@)x535~
zYgil1idlJWur@}8LsG3FZSXkN>eU8I)2yehu_tW=b?;JLYhfGos7GoYdc5Ge)dnXr
z%#&?U9#<(nE-U_|4bEg~2ipi$S-g9vveioZ;+Nu&+Th+x+RipYelx4Q4dyhX?%io-
zEo*~EEvz1Gu)n1>s0~V6Sp(W&b1UjW{>xTBdhTWJSaN%7$M!Zj+}g3J4bHcAtZRc?
ztsQIH;A!ip-?U#e68oWzD+K(*SG9Q!Ub1FL==dt%w~Ud3u}83macg)IO4CLCiHOpg
zs|Shw{ZtT$eqG-u;vHJy1%kd*<W7&aiNdjjGv;r+i|;4L1`24~r8X}m={H?1wc)(L
z@@=>ygzicNtjeG52ZWxAu6qoFrJKS7hUv_rAFGl&>$lo5eOuYL;kR$AS0uQuh*%`N
zL2!D4=%@68+OpPfvIR162DV7X2$8!&SRw@|XQxeDDq}8F*UC7<wD~ed%8n&6rppd0
zoi8^_erNjk)C&^Ei|mqwDdH@uze93dk#IzEQ2qretyV@a5L^#L(p}%E7D){HDP8&R
z`sQyd`+sUvm$-Lb;~1Y6@}=b+&0S-r)3Q4trWZ+gC<ew!m@TR6C1HUS{>Hs5!b1V}
zS3>0DZ(^hXVWh|pp2rpaYiw58Efby1V<vt{T6LvhtTzdc$BRrn6f6)xHKv&~lkq7g
zHjBHsmdB)vUYuZBUoS4PXn!xB%FBeyULNRppce;J*I+MJ+Fzoa3%Y-<7lRCSwigSG
z7kYbf->{CDsB&do^J0`c<Ej^x?#iT&K0@dx<O)N$!$^J^s#1zQabv4ZJ!;~xO+9Yn
zyshy~lN%{LaAS$=9%AB*Y~6N~&ShP5qf%ANOzc$Eg(gXihD%Lcvd6Bvu}I@jp3<xf
zZd7YTgllwTw;Mb4c$pj99IinoE;`KX9z1mz$2=Hlyt2iEBDZ6*i8A-Y8f>>p6c&i!
zOKz6%;@KvoBxQq$Bja=vQs%A2O-MoK9!N$oYhe>SV%Etf$d`XZ3_=NAZGuS(KTw#U
zTgRJViB3J}?l6uvA;mDhq6x|!Z;~7`V#}IfoI$N_Gh*dUaK(5JSmunCHNhb#<@R^Q
zN}Hg_Rmi=1daM~uFy6FEn&6>n&1r(YUTanpQWLom_1%DaDI05pMsYS)S?=lC=pIoi
zeI*)ynvK#FZG5({EQKfoi_+A-*%*-?FUiKqbZtnsa5<eHLsiyOyJurogZP|m+-#r~
zWDAcP^rZZ*FR166pzjN@i%l@?1!8L#UkF}qg0308WuSKx$DnKsZQ|&ijd4vJJ+m>R
z$*6DI`?PHyE4SmrZq&&=Qhc%<PbFH9Cv5S7b_`%7g3q#ee>)~Bk%@LJQ;6~QRISB!
zj8(Tj!{5FpL86v7e+5zpgVh4Ia>G%MI}-i?V|P7xn{Tr{5v+0#3dH$|4O{LK{-D&D
zCVC&U)_8D@k*ruK$8LMDM}C<mQi-kbV5Y*4ueRE)WgeWf^AEnH#VS4Ms~@BupLAN>
zYm1W`2|XS2d*Rm!2f@Zd18q5q>GUe85|0Jfb_a%w*Mws{m{`5d26qZU2xzM<ZLNd8
zQKRDivYkrzDF$gB^nFJhv~aaO4&lD4ZY8{KPup$~M9w&2V3fXzI&|95?ij*V!~JKn
zg8MmqX(Y*|=CygQge~9&VULJ090k<mWdIqMxgWLRwRzvl=l-+2^IQ0%mGF^llA8ZB
zlQjNmLV7O|8-(|2`@K*|2Iw<;M=(tI6^|ie_KYB(Z_hmt&F&Elkccr>NoLmwy4n&>
z2$}gLj8a*hAI3VF%?#s!934h_uww2DW2C~*surlBZDCSu%q?LYSJ%+QO?E`{!bIW0
zu3=0z%qk1JjVS5O%bdY#N;}Of7Vf#U+z5KOmHuJ$cZYg~vCaLfO<}C?m`lSLV|Jj@
zQ|4;5rtcZw{qUU3kCLX!+@mK^!W7Y<oSotql_bYlI;G25#h=!1;tbyyD&Y_DTQrJ^
z8w82@tOL}^7%kwfA3xJI|C6$+aXVudkCep@G0Yd)K7N0Xr*}zw6R(^(4lt}^jy;sa
zIwjvlB9$8xv(s<jC;rWEkOXkAc!Su!HNHKTh<qP<z4U3-8$ABh!Z&b-S-ab#zxw{P
z@8XVXEbV~qcF*z-xNcWhb|A>?spx=ix<REwbz^e}%+$R{JD||v8~i5rI#MWqgz?j%
z-^C60$1C5&IZx*U?Q!3<dcA?2UaQ9&nB#L({z0GB?F|eMY!FMnixVMZcn3TTg^D|%
z!m=o5K=_AGI^aRd`=#H-k(g2OCN9Q|b#I~~^@>PY^U{q2Z(>ur_v)J%Sl6PQ!*##D
z)&Zj$T2I^KW<%?7dz8Jv=sl-ju=3htRE9N#@-wXJ_NZ(Wq5S)eq7T~R7-<;oF(s4d
zRA;IW-$akB`rSLAN8?tMbEdI1rah)L;qB~gVr_UG1G25vuVZ6&UCQbGqSn7X_P^-v
z)gI?xeC_({xb%{C<aHD_HTJ)b;->MfucL1>-tyAsv4Zv((Be%>_igDP_$IcrjODk-
zkX9<?5Q-hv9(gavR=kdrFV~}-DXpz@uj6rRYgBt2ZDXB$9SdKv?zKmcw!Bv-+FF-i
z$C7r|9m;u?_oU)g>sEUldiA0D@5hzj$_q*b*If}6!W;LwXL3KKSN>OV<uKuWc1OV{
z{FJSy7(1+DqZnML;JWw<r58!TT?)UKvQ6R9<0)sNExb=54$IS<Y~ekLi`SICWeXor
zFq8$?D44^7TNG?!!Ab?ES#Xm=(mA+6A?Y04!2=NnS1BX|%w;O7WZz&F-IbR>8mNQ%
zu}VqWZIp?hzggBC69u!NIcZrRQTl{v_NN@lxX}!wY+=foZ!@no!wRNSdKY8on-P=^
zt#3xJGZ!~QzT&6+8H%}((rPnGZ&b~)W+<~aq4a6HS=x-GO}<D!W*P1=%`lZje{-yM
znyZ>(hRZ|gbFScurg-c!mo-HXkCSrpJm#XNxSvS(Hq9|j(a&2X@kay3gr?XYG$?%}
zXpU-z)ghkV5i$#!VUfktYb<kUGt3P0^y08Ns2Rpb+>|~P2|jL$8xiwzQ{0R4oS7-X
zi%n6PVxDh`4Ke=w-k5o+DR!p*hSKZOjI~WMt4^^%KStDb_iKu2btgWvk!hK*iDJhT
z{4}&t!5{gKH6eH!-Z^6AghDgS#dWpB)+^|5i<ByuYCE08gP$e+KCrzy#tM<;{0`yQ
z+}0^)KWWP1UlRb4SZ@dJNfA<}huTO)+_7~Y<)HEZ7s638o2BEp%=P()GL;=wa!8Y3
zs@|%-(>1qN?yyw>3>6~t1DMTUFhb0!4B)o-4}<_D)-6cgi(TXvA5_+z<&*{q{Juv0
zklFbFiJ;ig0Cw;f%vZWh4x&J%vI8nR%!8iBb_USXPG#rqKN=pyCXHLm?9$nQ08Z<%
zCw_EuP@|U|ITHfdU=TCTcd`e5Omo(`;>UU?m6f=<3<_X458G8Uo(WsYSt`EoFHrF}
z+&X8l$a<<M6l2#El#6{6(3u@kuv3cAs9uqFC++9-+HfUng`_<Xzjhy-&+j_?$)=C{
zYYu)7uUm=V->(UySE1wYBE>oe@$tDU<W%X{!zW;c#HQ=mB1MMkIL~GDCR^t{I_aSQ
z!X09>Zaj1@H{#gN$EQ@u>7gUHW&)_~Sv7VAY+w*yM{d(V2|ovJ2svAV*v<!kt;DVb
zuuqEZq1oU};;1cWc@Rta;6Gw)R{(?L*zy2o^2P@%UFHOFQ=zi?Dq9*rg&La{Ah}Ov
zmG&Qv4`OO!@Mr7nksmAc*cm^L=+x+1N6zp7p#d8F>jpbcQ{t?%-j7Lq@CUfM&>UTJ
z-FxN>;M1Be4>0g`?3M$4gg+AW71;>~fz8Nf2dVyq`lm~5qXP@1NST9FR1RLpGFIxq
zOcojIAkq7ez;c=OcVLSgxkCddFM1YpE>B4KqGqGKwD4oyyqLj9e3+QC$%`9er^JXq
zHF>aE(uA(^LD^@^S?Wa@m*m}KcHP8KId<AaiA-gql$=>!+*5cY%rZM$Wn!&8Lh8{8
zz9d&`IeSb@<VNPFbVjPvbv-h}!~h3}T8^Ab6I+ata<X50#e|(ATarce5}TNX@w{Js
z#hhu4agO(EzQo37ac>esvv7*{YqKq<pfQShzwR=Yn}t4dtVb56@_r3ga{4yL6@|){
zsH|HSHmP-PXX3I-Wqa&h9%Ny$MrFNpb~6(r^g3rVv53#r1V@)kS?I~<YNx?YXX2Dm
zXJ00I@VUC;>~c5@J6u#Y*3I^0Vvf7c`b=zhQ`urqmn~T+G`SgFg_j+OW0yC!A&%=_
zDm>`RSwQXksbbFnTOCJ!AT~da`GK$b&DossnRpnavh^W0CyoQ5I^*Ja5TdeER+oO6
zSQn=8>l0z4;usl;4UA)9gvM`Fw9BnH9!IHcMGET^$Ci}X!$!E2LS<WHosY&bBXzVZ
zIkw@1{|xJrNOZ_82FHok1rdwH+I@oG*9`qr4-I|jya%KBE+k<ycGiP=Vx6rX>=Jp-
zL5Xel5X-7F--7`*T1LGYn@3s@ixqmXfYHL7A+ymQES6)vJlMze)6ELwah;S{m7A6c
zt;;H6Ty8v8W9!@)W51`?uFD$V5_LQ9v^TM(#fFLaFhub6XG@bdU22C0zr)W{6X}h%
zgfXyr{!9E7SDS~6uH#=~viJ)45yJW}aaS~#e~DvK%F-{1zkWRbE9|iOmwbt{HgoQm
z*vi5)zQlQE7V&`X(cxdAP%)={NvdFjp<iLOY8HNp-FCHrp0TqbU*ds1{b3HqXy)Y{
zl<S8@YA)aT({nj^<TP%4fkIdG{ufy6GH-o>3GP^*&N%J<<-r{EF^#QX;I#QEJ-^S}
zU=Ka-HCKFrA%1nq7ntH_bHAX4(J=oD9P<adeSrZ1^XTU&2}U=5jx9lR&F5GdGB@R5
zi<P?J3tYC$)nDLTxWV=u42+m%UtnZZo$&=`M_KL{SQTw}<#U{mn%h3d^jMH;U5yzl
zKgZ2fMsF`pQ%`+{<!S8bXV{+BaKmS~n`SQg41?3nwK=Fx|3&Usm{`v}GY6yVo8_P5
zQGMTn&ym}}EcqNa8kjRb$Nq-CX`kbALvtea?S*%y<zRfqSz!bXL_Bi$GnB;5^Pk~C
zW*2(d;KpY6&bZ##di(_zHgQkML2>p6lwX}~j?cl#7lWg7FzqFyYYzG~{c7-6xY*RF
z>Wr1m!WTPZKy&}2FR`<Eojsj#v$?spGr?7DRc8!sX)f)IyDhbaozb<GIj=L$v@&LO
z#`u?g(>r7S%jU?=C~0jBqx{ys!JToxwK=defz~*^_u?yN*=N|&HaPb)<h3(qe1@T)
zg=o%ad^V?+{~Qo&81L97_}bsA3I0H$;<AvlvI!xGcS#+T*yF~SA^FcXuDOd@WXmaO
zLIgld`Z4RgBol|^k4W|@>`E2^JOB19>{WgStWrDgYmBjWYT}BWEy%(XyMJUBhG|sx
zMC-huF%IigHp9W0)G~+vOeS_ZNNTP$IuB}$LMOkKQ{u`Ql!?J^dhV#3t&8KD+fSUL
zr-!<6)su5Cj?Mg%+h{K<j$@YBpBE<{L}fF4IVa=j>!-5)eny<*qTheJ5uW&|?0lf}
z<~Y^_Ny+aU%9)&rb0K<cfyK^eVZG&Fl!YS}mtEnU^^Gw(@;&N)gq2YDBPQ|K+$fbj
zh~`XgjQuG@tD|G=Q6`FG=Jrf1jS*WJm)iMW7OGQ^xoYWqqnI$-%vm2t2@ja`RA8lX
z<ca>#aZKajeTbB^Hck?U2K0=r^YIK+FdEQ&nN>H!blHEh5thk6<3~81N7A>e)WmL;
zt#8DSr)M|9L-l7o^l<0laa3wlmZ!53jWAjFKghshod$H8qjPQ?Jq$je1<stk8Mx!5
z=hnDbMF#e{{KXl#?BdeFowFkYr5-BlX0j<67-sqhW}wKVvOI6j<_ui(QrQY0>yv>U
zKL52BaMnj<+x(r^WngB22J~7W=THW=2I;ZF5PQ%Fb3*=&jR+#sW3#NB5pnbn(}3;{
zv$fRyusO03?uDuBL?mZu94n$UpxshfUL)kDm}fFDiSzVcvCf0zI2C(ZYx{OjNczqE
z>{c2E@FjXkWXIBQMf9&rLpSNCzy;~E8)>Mt{SE|aI<HH`NSPixFSD6xcp&@p(nw7H
zEj6Zmx+aYPC6!ILvxlizV)vg&#Wp*Yt<*kUm4=Zzmut%%Irn22W6*P#3|5+oM}~iN
zD)OB4s{78*mZf5si^?XtS$-<!yZw)2*x;sFneX{@Q7Q(SZxS#yb1G6%;-#;DK&zEH
z?lT{yVyusv=;{BgGL6_Eef`7$yHAe=%+0B&3=lq?9Q<@e8Xg7n?1^t*CnTJ$S*y6S
zpx}rQ!S=?JLg*@5^MeE%t!Y6Fm3aO<`X3~;VD$^4+-4Du-fiO-gfFlzkAeh_I&lQU
zHU&s=@|Om%QsIQHc6k`YKsznI6ZV|51m!qV7@)I~019>g$N=VXq%hji<$e%P936;A
z3^sybq+xao;DSMAJDpwb2C=|J!uhU?J@uof+q~q*2scgS1NV<^2XVx+Pky#Xo}i0K
z9-<3+(PM%2@etznUvrZ*qs9hGITN_hrT(n2<xF*>kRzUpj9qo(A@lEbV+cn)_vM^%
zBy%}DEl}BRH+_e>!i{ncPsiGGNI+NHscf0XmbpnyFsHk5M5D5mdS{Z@g^mfVrawQc
z!2-Qp91C1^{s{|Qb`ll{?RFAB{O3gAr=3phmHf+`)Hf3J$8D_KiK{mMR43^$lyQ%-
z$xif={ezttEfZDeDXiMS1jT>OzyjrTGA^a(7tVen`U+|v5xK&kXZu*&gzvxAqaN3Z
z&(-BRF{Mc-K3JFQ#H;FZotSb+Ctgt(qgk0mKW?hVjJh~t-zLzH8M^r-9eEBXrN=wW
zN9pKo@bqxQypT=|U>ARAqT78b9YZ_@r3*b~QC;*fc{<lLr`5&1M7pQfoKhE;y*z#2
zYfh?*<364q?hlTvi<y42cU{a0@SG!oV9&a^6)?Nk#oZv!=@Bx!)<u4(o1^BNn%C%7
z+Z231v_!!#i7+n+Y??v}Pb5zvX84cXg$H{gqd+n*$|#l=KeIRghot$Qy26Q(LTJ2`
zmdlS4z<s}yfO}njL0v6#Vwx1{?<5dUWfN^V8=QD*Bcj~K*hm*?m9efo-XG`xa!$Dm
zYZWRRuCgaoPxYU3lJfdBKbP)2lcrzWU26wsCCu=wwIcEbzGEs_t3?d0fsedA4POFZ
z{_v?p%9V9ULVuB~y#pj}MlvNCFL}F=bOy$%BlH20(-F+)2)|IwSsKMdj_}t@>|_K7
zNF9sduEZ|@<dYH>!8GPy8zC0P&uq@fY;^>8WdFhl`YSw#l(Di1)~NpJ5gb%`PIrw>
zjgW}-kBp#5<9u81GAoKZI=!RP!A3-|+u`pQ!3C}w?=-rMjbee5)2fs8iJ*_md>qCo
z7k%9$SI*!l4sk2Ru^x6Qj9DJ@DBq|hjlaeQm)o?l0y}=>?{3F$|Hy+bvxh2riLtXP
zkuSB;Tl)D7J8ntTewmG(R*4@+wyC6Pp11u+b>veT>ByV3XFBpQt|L>s`4Zcp(Zokq
zXsF;5KgE{QQzt5<vek?&(|8oAQXbcd%GSx9?`W8;^taX0Sq;HgMTp=d`ywdht@jdh
z=0tIt&q|5JXg(^W*!l>LCuZe|jnRAzVgAJtOi9ejR+-U!9FzUU5!{k_PNB+ZK4z=_
z(GgT8X63S-(R@6z`v*jjr}3O}ozX08*8PvdIKg@9Mn{+NQOq`|-&F>C7{*h>ydEYA
zL;b$(%*l<CgrTxwZdMg0;x*5NNzPE&2+xnYMe)G1T|;ub5>RfggP>f21Aq8qg01#U
z+=aTP6EpiwV$iPYn4GxLxqz?H88)_0$6}jVq1WEUU~_crVCE<tr`U-kzs^nS&$m3J
zKl=}Rh(l4&`-@ziy}-w7fy54auuk%C@!&8=ife2+^G!_RT>Bbhn>^?$`<HtN*?i6I
zRCA`7IKsL1Sd}gHV2)~%MzxA_?aB6>e3QtK$|^NB*Ml9JIn{$xoNKSuJNKqG9p%sT
z`u`3Z?Jd>PXg-g`<bT{8vjslmTSQjf97jceRdd`Fc}|{<U1^R<HvjSFSY+cl`xrag
zoHQ!`j^=ojSQS$hwyil9D*lS*qzCex+bUbx9KG!R(&iX#=Q*o2R?-}MH2>u0xR_WK
zLmg~lb4+&lhd0M!2hTZaup#tb!{5C*`Z$Xdh?qTYh6<PeYBR!aJm;yKU1)|}kN-e3
zO!e@bZ6@2@4989X>SnlY@|>|gwxSv4`22I4VKv8Wv;19dwLorwX69&s6*ogwz(1-P
zdIY()AIv$^0-HiqR$#H=%}`|ddp5&zj*6#+bN04C&j{Zoh_I(kaVp}!))e<59K=Pt
ztZRWaDX($N#x6C*h?se_DT+8M9+28)Q43s4rLvMVcAzO%q?wzWVn-U^+pF`Vq81pD
ze$V$mM<;(OeUY>LU6c!<Veev>VD@_#%S8ZlK#aeYa@LBWKJU_cFnhgANPy>TkwQJ*
z#Tm)$_AWNtenL6(m~s3alK<~h`iUGo`VR6HbMrgMRqJnj2i0oo#<yt=n6uu-RxP#g
zZCugJ{I@aIk=pfbQiRM09dXr2J<|~bo#xSwSnf*Q&=E&m=DLn};$AF_c^AjbV8PqC
zW16{dqrWd$-4PRg=IxGH=no#}VUWxNR3V_Re}|t~uY3pngQ>IML2=L=_YNvUTH!mG
zW9bzgQDLdeI^w96Ue*!$;oz)}m=zA5>4Y&+{dgzLiMsc9!menrvJ);wL#sLwHaF*W
z!lc+s1@B@{%$(8*t5f6o@1iQzoYV<>)0T+Txzlx{C*H>RdS-qn^set2^)3qQI}X2%
zqWb2+w=tx_4=LwC1IP4^=+)4i)Dc%2I>vUygcpJ%J7Uob=CF<^&u|Rxh;<oezmC}0
z=wo`mTW0jmTNs;Zo_h=TGNVu5!mup!`dhe^6@B;?dN(#NzlC{Ce$%rf4rd!%-oo-1
zjoePy^rAVq6Xv~S^y`EbFPVKhVQN#OdnX)f8tmE$H=3GNZ{v0|<Ko+x)I50pZ7gYS
zo_!meoA(bV?b{Rk>xXUlX=t4dfBbDi#@)1`w-`BU!$k2+jh$S(q%VFpiGYj{8l<3@
z<CB46&J+cgxR{zLvE2%mkeE`ihl{C2w$A4i3}@%XKf^d|j0?ksw81WvappQ!%o*!K
zHD|6Hh-<rO&DY)Q!XwUH&)Ravxk<_q4DT<q-7bug>uz*mh5Sokw({8!H~Ofgl5JMm
zLaL|MokjIj;)I9opLKO(f!3o||4;6FpCN4K->%?qI7=HKvSkWJiLvPl7A5w*S4wQS
z!XpAdm2puToRp#enhe)5j_<Syu0=xfcQRD*G2vg8@vUo)M+YnTN$7!$KhXG`6mpg-
zSjoq(tHi^550)Z4Y#<-Ifws;Q`Ek^<vHNw6%zNs@*OBwiXItGXUD(bCu25pfo!k-O
zdS}gfSeY%S#D$@J;0`jjmQXy4l{nFt58OTZvxzS3RNhSJ5=Bl-Rb#`PSgm&9D&nU@
zUFfPEWVPS^d*JuMN`Ypq_S^rpyd?HLMB^J-tKjc`$G2BlsX~$}GL}{W$G!t3)?dMB
zDRPIqB>ofj{mUAWTcYzV>yi4iE$fpyAzvDuQi+Ywv091@)NzcDPK7OJ7dOD9vJ;H;
z=f3YEU3K*1`}kMnoYf@Zm3cMzYm<<42*@5=B<*5nEo|n^mx(z9_=ZX}cE=@l+QM}y
zw$H*~enxZ8mUB3ay<DPClGz>$^X1rj3p=?)FIRH5gfUX3va>2%YvHb1XR(C>JC$|S
zx-1Xl4A&>;>1?5eO1)08h0`4SY;km%6GjQgJ~s?D-9mR~Y^;R|9Q*Webr~PVd5(RG
z+-!`6h3;6Mg*_bmEb{y)H;mC{mHIzNZbXwIlB_`ziV{1{6{0mj!XXYvsQjexgH^(k
zOw1P5!c0_(DG%c~F8VIVQEJmEf2~cu7{?)7%8@wwv*^}1sQ~8EI1bB0c(qH4Z(bY+
z)W($VZ4b_k<EDKyqaP(Mb4(l~-M^%CACK>5BV6=2DSgl5yWR)~O`aa&4OTV6G_UVU
zBTVt}oKm0fQX`c3A4v3LzvbG|2us7fU}M-fDvp^Eo?a616~sv-@bu1TuzwsEqQ3i$
za4v=C<i~<{8(~(=ce@c*#Yo|;UGoXvIh3DGK9*~F=T3$5PGT$*xgt%3S*#Fmj1XU0
zCyjfy=0C4Jo2*WpP5v+T-ZMOo<4PBPyL+mqr>A>nx~C@t4GfqgBvO`SQxZXfq->Fr
zY-#PaEfSI}*p_UqS5|V`^@2I)OfVD71POu}B$xx3bIv(|B$zXKPYr+(<@L9_-~IO9
z@43%&e_)<MRdscBg>&Aw>eQ*L-|S63=6jPg6jn;CP~&@WBQ%urQNP`hvt2_W<2Lta
zWj0JBEFSAasMkq}*PR_!YS^aaJN|ZW@=S>DP3{jR_a@JUaEr@~RT5ht#xBX89j4LG
zH!>VKLnBzk_(`vaGMg1fAE!NzU!uV0qmt7tg6n+XFL$vqVQhEB2hf9j;2%_T?}kyz
zcY>a{S-&v)Yj&3~3i(dZ06q6Y7`JqiJEuLYQyAAh_Pr4La{_k5n|m;feZGU0{tjNO
zlp)KxjHX8W^iSOTBpc?$O~LNS`7;;MBPDiK#xyB*P$rR(5Yhitp7qm8o^_M&MIQcU
zFS0;O@~ney&a<|=lRRrEccH)=yhLVO-6)e|Yq)n!PPCjIx@nk{Xz*wDBBzH*Ko1Nj
z1@xnEQb0cmaRE)OUoD`ogh@d2#@;9MUOF$^TSDl{8~ds==U5n9cw>)ru}vY&aK(%1
zLEhN&)!gl2jNpxZ(9McMxa79;L+HU9`?8k1l3vKA%m5D?8NyhP-6e!&T*{2|=FSbH
zvu|+n>~NdJnMO89MTgj9;<ta|HD;Gwcq+v9x-g3KsQ#qYT^K`J-G#+`@pg`b&2(Y8
zBR0%M17=J08p4;AGJKDR%kX8MqzoV8O>R4uc=)zsp(nZR*p&bPm*KY=o9RI}IX1zA
z3A}B)ICJiJaEjBWNeUb1!CWOa)I;q-X>(j1NdNUwC$hwQJBiht=5d@jjeRzbh5Xgy
z#GJu3@R+}P6Up~DaW#8i9QXOFPdRe(YG5Uo?|n(W$1#@VdmPKSe4p&hxsrj-yybV0
ze2?R#VlR&4DPK6b;L16cf%ROz4<`8@M*+$AIFU6<o2}(;&%hwQvv{23dmI&dd{msc
zEu}s1<gU!XF}|}n)5k{8n|$%!aUA74i|dWtxfz&Y(x+ZFS<g5gnfB9kjPlc`KKAEM
z%)m*D(k2Gj<8%^Y_RVx`3sBnJVD5kn3=NIezNHs>5Tg|06$U0I^ulzJT{Tc5#`h6f
zP3VPFME4Ecl;X<_4B>jAKVu~Z#xt9^=W?zW=E-c5fmO2I&%kl67xp+=AL6A>`>qdp
z3Jrm~3OnN?(QI$`q2L+45J|XX42=^BC;pT>VhoKDaV_DQv&u$|`}?t}8ZRg9)BnGn
z5#zp}xL--TmxOTw8z<qY;2*=SkTQxSl!+NLB?70x2@)Z!A6B+gn(;7<pT^FGX_Oly
z!dNe=%lL^+bw(KbC3|8Rx1|~4SONsj$lx$xN_}Jmy<HtTM~KWu21jw#Ef0*ML{ljK
zv=$*rc-!;Q?kG-qqdTK`<TW})an2W^nBhhT!ULQ9_4Y<_(|@;$%jZ9G2-h9mggV_i
zkVx(<oa=xi;sIe$4oV$r#}3%w2;FLr^=vASx-YYf?a|8_TH791oYw00D5de(0T&eS
ziT5zZRdW^nsxMJYp8GdrI-r}TQh2kbZ~g!WG=0ejxT7mGa_~ftZOy?*&jW$4uSoMh
zzzLtaCI^>%;kh~JYSt-fk6C6np|k_eSjvL;@x;<g-be31ofYq6VDQ}?A7D_}UGzQ{
zg+otsa3j*NEC=hNv1RXJP|UlaJto953frSkN^n|xl&1tIwa3&{mGW#%jg4(jB-x_y
zBHKHXzRb=T*d9;pFvToPi!FK&T{BJ!c^@LLrgA$6J!)DHa?rijD-?6J)+b{>z>zxc
z!Vhu2jxy~-bgrvU`4E@u>fJxYiTZisx(_k2u|og!d#=Hd53%Pt_1*`<$>;xh&WEUI
z`it`)VAl)E<s2M(A-y681HRLi3hn=5WKIsYzGzc;%u9Oj53%qif8P(W@g=4IhnV%U
z-j$yHZl1X2LlnQN&_4s4H|Y5x_BU56J`i@a_}!@wu)L*mG6(Bhrt=NrmMRrAGdprT
z2N$z>p)*>2(&Gb6Y|X=`TYqxneT?}*toS_~{Q+-~TR-sjX^+ltWOQkdEpMb!%$+y9
zPpJ{wX54)bo7(c2TW!5J-b3ehwJyDf^X<Ha@8L<i?B3KhZ}QZcZz)&a$Go@n!|&tF
zTfEF}Z^zEQhgI*?%l`$+->KL07r6Cv?dk`}drvF>0Daz@@BEhSucy*pp!iu``S;GL
z1QWKu_D%t>*CFNVUMApA|5Ux7U)TB-Ua9mUI#p=<MsW~pg~+%7$$XW<XT`J!L2l`P
zK8QToy)lU1a`bQz1Duid7S1@;z5(2DvWFIyDazU)p}n8Z2x7MSV&4!BxmiIF$KBj$
z^onMV3!<0DbvB5p9)-f2Jdw>7mU|<+0yKsj4-etCkv=7eA~P}}fUBlL;VJ%lmqOU-
zuQxx05=)yF#CmIyR3)Pl$7zm=c#GiLdV!lr?@TO$;eXq?i6KJbPHOJ&;J1ONF$@yD
zw_=2z)#H32)>t3IQ^`IQ!x+a5aa{@*L@QG;OX)Bp1=Cz6g-cxNdt*d2B2QB>R+As6
zVx3ll;``{49WhMy?i7yN=xrzmQ!&^uj-?{cj8M#C^MfTeruupKxc`G0Hbw>O9k;P2
zI5#Q7b<_lE+5-i&Ov>p08GGQFRr~E_jqq`xs1f!GzL|{(&L!M`ia*=Y2oD@T+Vvdv
zF?~cPPBWu0lc<|cF^^?^Q6`2t{RcCN+*_9#VWkq`@yf@upTk*KAL_{KT8G08(ZdtD
z+YlSPd&Tq5VZ5pDX^bVN|4w7vF(VYS*#B{_=P)|-qesu-X-FT|7=6M<eq&q<mx~m2
zJf=@>jC(PEabuLEL?|XN^^=F0Sdt#O-4Mg$k(<Og;(W_49@*az`!XWe8{%39>A!O|
zA_p7dX$|g8uScy~D;lG)7GDN9Q#-P^As*M}n4?Z)XG7%Gjcjj-gLNaj8{$S?(%O6L
zMXoi()p`VmkJgV|X^1=Z^X31NjeCvnzgv>96Ti>6ojA4ra8ak2wPO2WGR8}Dr0V{Q
z|2sSI!NLz&cPD<#50yO@(#xILAQ}f`oDjcD;R4AzBNMMSPRO_=sTA`>3SE%-b<#Z5
z5jrPx8(9i(a)d6)IOpJ-oA({YF&TZBu}9_(dydE`X2u~I>zHv$<`<~%qSBZ=&WTR4
zNr--k+=OpVXjG3~@*JURJ^HO5ZOSIaZ7$13FY#pxUl6?|*|^KieCA2k;%sb?%<0*f
z?FdcHCf;aH&c-ZePRb^zVou1$WZ4>*%^jPK$tGsruq+$roaW$cf@{8k*%<B8duC&i
zEA4Je>~onHTH>zS-Eou>ybbrYM48uI+5+2szJ)Dt-lxxOfgVQ9fh{o0h&;%`5yQNg
zh0gxqsVt22o4d34X7-krSY!q7w7^!&yxs!y1M#jckr({(a7#=N>6==hARJlO0;OSd
zWeY5gG~C$|=OgA6DnIJ$(*jSU`n@cSkHybtVO7jLkcB5HQ7Usos=g!(Yive!yJ7q0
zXQ5Y`UYv!QY4I^x*pg=U%fhjAb3;pPjDNa58&@-YMJ;iyMlR*=S<B38Nt!a{VGAs(
z?VH^aGwPVrTVinCXhBOHsjK&DiRJaK2$XeR1G8rqMmLOh$-<e2dZ#R0Z`db<|7#!f
zzrj8xPpY~|B<KDMIL$2qibQti1*{SSTVB9E@wc3h=iGe(;}Z8$&1E@Do1nk^4scRt
zg)iWS92oopx^r?^;q0*K1#IOMWt5BEZ;F|&!11P7$;sh#wZr-s(2Z|}?sl_vO>xE@
znAsHfxrxkqEob!$Sf}&jFGoEc<~BhIrzG8dY)li3@CCXyK_RCk!;B8In&75EX)8^3
z@p<et13RC`Ic_4e-QQtq6U?$G?Y_mfJda+1!2IViE<ok?4dzU2g3Cc_$dXXbLMk&%
z)xQ*GGhe{NaNuE64B%~gKhmL$zBo!nOp39)O))<f*w7Rk`R+<_N{6*Cpnoc*9Z6+t
zn&L`oU~p4(vZ?qAJ7?t!*p~JyqQL1&UQ?8%2lh6>(R6+gVO|F7+yrYg%&X6nq$YT?
zx`uM433k^oS2n@f8ncb+ei-4Xw8t3udeTnmUK?(wbfQhtPO1OvL{ZyNp^n_XuVXl)
zZ08s|)`oj3THl5^BVRX=b9=vzLwuQRr_!NME6nB=C7o0@t__B$fv#<+E2vM0xI3(E
zgX?^ZuhiJ(*4U*5wza0NptN0jhm~zGhnp!q@v!-=F~A!b-kQ`mr48_PSk?wt_?Ta2
zum`QM%?KQAh114w`Oa5|#ceQ?n<+i;vo)>I#|lhog$WilQvbk5^V{G?fX|z5p`1>w
zaE99{%?q<LBtOG}E!jB4?UdF;avo=6LX^@fqHIGpI>iEWvN4=@LS9PFy=)vyp|rwO
zHX|D=QUimsu_u+%O6{DR*~m}hMnY+<Z#EvK1#Y**z;sS?({rw7<3OAn8fCDGmROPz
zIM5Q?GAM0PjgKy7V^mG<FtTP&_f}X|i?a2u&BnCBnA(9Wtx;T?vgOywS=|Qr>rh%*
zU3RWD4%H1TY>jJmDeXYLoaJq>us)@AZNTQV#_$G#r>!un0i_LXm{ZaQHyhGCUDk-*
zrsis7mbJo(Mts+~aqhx4D9ogJT9L_?x5Cp*b6_hBe2(urKlf2_8|;66PoN5~-4lc>
zl{X7SZl+?lpcL8sc+2io+!w;LQ?W)ghNWVgWL-<adC5MIf+Y@~XRCwlOTjTmcq3sn
zW^ABe*&36=X>{il40iH7Q=RNd42zxNt1)y^jEnT^vR1^9@3JSyaK***bX3`R0)%RK
zKnzDzqc{D!t&>sQcH0}G*r4$|hc&i3igGPn9K}N2D5PJH)j5jo9{XYhQ@lLSQZG9e
z!8UJrTZE>zv5|faYg`0#4SPTY-AuJdL>OQ$*8b*R>2L0TQ`%(y6<?(!;)e=o4YW2N
z+xSO*0-&p?pS4MH>4YY?B~}&oO6DSJC~2gFhL56;u+dlHF6QpK%t1DKs{AlyUw7zm
zDhk}@l2j~o^Ht;RT4+%!&S~a?RNT}4$nEFNqEvM9ER?v(wXY%-WqiQTGtFT()|u^r
z34U{kjd}j#)pweGuW}7*loK7oU7h&q*CaWFoDKXSLkr-c$Zp8!DaDTRi}R?%yE{4*
zI&sEvuX<l)X0_ie<!k^W1anOQGx)|<UomHL5SO{`E0Ngr0JcbhJ^`HMx^I&sr%RB!
zxdyPADF*^L%FNjTT;ui^yX2f<L`Jyb%~K~U2w<QRxMg7qUq9;a%DEAsj($5~r!_Ey
zZEE0t5T{iRB+K3GZV*r0f#X38)_BZlo$V)1qz6_6u|_{xX&X1AYMt?Jfb{h7K((IU
z6eK-OQgfKZwgfO$3d|2+8L#VPN6yk9I&)mUgRx@z0u~q*z#VQRbX?AzMMZNf`T+_X
z5x@i`kQcy0Ue|H1+%fbVw@z5AvL_bys^&!t=ec#lCU<T>s+dM;*EDwC!eh<cWud>$
zmvr@yo(8bj(?79ak>5oS{*qXkQu-L^BCv8Fh6&*fKAaGYIX+wxt)4z~lZ>NYjC5F|
zy!=wqhaSRsJpW3@?s$k(#LsyMIz}dY2w(8{)lN3vgWXPhfCo#INIwrADtw8mz!mA@
zL4Q^4<`G7!y`9f;E<G`XBSb%PI#kE`+GMWeSK<Z>xi9g|MBMKx*N8WG@Ofa42i^Hv
zVug@%(L*Dh+9_XRg;YH$KowZU+joW|=a2_Ic>C^UY^;YgMPMLRi2a4@2-cs9aGG5`
z7|AsSwek%e;}r9Pj=9RN>b=STv-*@|Lw4q0@Oh<d_(^5eFR4`ZU21jJ^W9W+Dyo;n
zHmTHT<^q*SGv5tx<n(dls)N$zFg8y`DKp2a*v_X;vE1RYivG?i)oc3qt88(urE^=H
z{pm?toaOPPEzaI_Zi`cvp0vf86HnUWtWW2*I7`x#wm9SCIKo?Iy22KvqeKbJNXK^G
zGK*a~1LGLRS9VXUY+5>Qse$}-^yDkMH{3a$;@F`P9iFeVk?Dk>0)5hPNaup@q=)rN
z#|=;5aT>aNc}zbadzglCzQENq%=ht_r3Sm0hAl?mNE%KW^hHNZwm%J5OmkBjo|-f+
z?)cfFG<3Dh8EF`9t<tN$e^(VIf7pN;_jH5m#wBcBJuY@M;NxO(gXFka)+jkH7B=AH
zVr+xzagj5<5lZ>j_fpvC2FO<eT^gW>fBi^T?yyF9?BcvtWt|$}uo}2j9~IoT?w~uD
z0B@<rpVQfe`pDM<JL;o|+rf_X<W>;h_3-DsY;%1a_6FwBbKK7QpfC4mLzHq5*~?_J
z={YknjGp5la-=_ZGd<_$&sp3M`mn|AxGT8L&cQ$~k%>}nv(qcYZq-A6C~%}6inz_r
z$Z+mddM-?ZXL*G2i|Qig>UuaCp~15@nme>1ro|}jVvLp6!`+xUtsZ)&@Gaq#k2*KR
z_SCVygiIPB3dF4wI=&!|oq}>Q&i9$R#BoOmA5SMR9yywhl@gENBeBEjI48xorIV&N
z7N%n@v-+o##JBIIVUEo6tdZHxH0+V%=h8^W8)wq^jiDuJ#C`1XX&B_<d8W8nei~8H
zc<(gyQjKo(>$Z;AnB=xs+oaujo}L;jwJ}PI7uvX@8Pn)j=Z<;1dF(T(IN;%V%029O
zDm8h0dn$H#jZO6Hv&N_5qR;M@ij@Y>v)5n`Q*gnEUrxbN(>O=Jers6@_W13>6im0&
z$tl7-YrXz0-S2wiInslFPO1LCqa)$$IlS&|d}tQEjW2Qt=nCO!Z{wn1PI(&-1&TN*
zhR42*>!LaOZFH9SA+ePXz5CmQhWOguVW!-A3)fl3k+(2dHcQ?jy1tU{T{@M;Z{eXc
zI{qyTRl;N6LZM<ldJ`*@GQN|ens?vCNR^i`)otE*6HDCJC_GJnXY1S8<VjiaCeC@x
z#cyJWFJ<<dDDs&D-lQ)N^?nok4f9Sr^z^5cx5H$=d7&M4S}Dic;fiJMZ-<e=l&$Ts
zAZV^{hcTfapMM*3!zm^0ur+KhXoqtVv*b<eil)qa6Julgpf`!@y-RuSr-ZJz<EHwT
z+F`sMI^7P7Z1YGvY)A|3YKLQK=H_;|njTu!4qfBs3VK(3ia?J|so}le77J>q<!y1k
zM(BK7JgH%xZHtFB7mAeJvu?`aH?gj+dE!kJ*0avOjrH}kef0i%=Gr$=QeUT-?e(>y
zb~s$$oY@X*8fa76;ckP_gm&oH(CpI=gBoew+hIkcP^Wg-*T~FkheM6Ehi!4Lv3aL0
zE@jRVsE9|;r|fKt5lzeuZE>SX%Hg)?*VNq77H6BL>}!jTFPN*_qVPL^IMEinU(`$6
zV%|%M$Bw@|BUCjGo=ceGvkHdagwOHoJ^siY&$I4?s>Ik0h63(mp@;OVQ8KPd+bV5^
zJ^<flpj^9j^cG|5^dz&|qZ6~Dsa@h=gFV<xx?aacZgR1U<xKIQNap4dGIt!=$r-z*
zV~q1FV35MD=oqiWPU~2zbd{^@VfekEY`zD7j!pGosPG%k<vJ|%;0VWTGbKh~qExaw
zc}X*n+$?kCZ1!Rbw}-jH*fkHHF#D_rqq#jyZ|BdKd1+V@<(sLnT^v-{WghJ3_ApCb
zKP&VSquZIVhshrya2xgnpcx+Efab16fF?ki^1fg^_R}n|_V_VQGN$=a?6A(7*yga;
zn;6TCktXK^6$aMI#%Tlloz@HkH=TBG1D6zD+7pHCurR<CUt^(*8tG(Vz1o7}2fNu)
z6O-NcOn$gBGR4FlO&x0rdHNjXTXWd=M&mWy(_yekz|<-{)1ea26l?fAHcCtGdGFzS
z-fwb`wQPijV#)5!PnuHN5=YKDjW{oL!~w>7YPiT^Pu=LkE&LzKtlW)W&e$n8CObE>
z>i7QtWt-%B{kc2=e@M!#D!bsWZhT^2Q3<<IJ#Gm(3*Feo!N_2VomGhj#CE7y!NJHx
zN6u6?^7yx|Vr(0SA+aSY)rKFklsj-sq)IUIG~uf@fkny#e1m&WAi2R!h^l&ndl$cB
z&|VivZg3N#sy<gsykd}SFAOBl)e@q*>*S}|hr1X7yJ;?aY5?n9958HE+2jC@sW!p4
zM=HJcuA2=DpobPC1~N&bo*1RG`xd6_v1=CA>Nl%!*@h|{IUq_6a4(W<fE!V2fHxDa
z>CZ+`B-vYu8uBVGa^#$jVkocTDaJNOaFf~dA{fZ4_(0Ct6U6}z7$z%hZiFCYd}M?s
z1*NTY<*tjOfWxKhDjOa_CwKg5n3Nem&!XinjG}@A$+<dv9L8$hz7WO<4kXuja;HWy
zl^Z%;@UnAZ-0|8w!z9Ql?XK^m5m6lCH}`&9M^8xT=wk^T-I43)z>#$B!}3r%&2JvR
zQ(_0waaxLRPRBxrF)y8Z)8Yt?*|*a$OXhi2%B&&{JLUN4G!!_Elk}@tgt<x;drTS;
zGoELXi;W=6=8E?qET<Zs>DO%?v@zaoudulbVan4@V<k3*Yw;O2E@{SO`qiz6sp#yn
zPo@$?=6No9*pXB`@Wi*IVyoBKK)*g~3=v(Q-8q#Y5zn*BVE0mR)`(w7!D7=mO}~C?
zNeXuQ?HMVUVyP2Tgra|^quYFki1c5Q<DL4OTaT<2lm&H(P=&|T<(C0GtV0l)Us7>N
zQtsD5H%Itn9n5uvR@5OOXcpGNA;)}?AE7o!)WLWscj-MtF^AQ`GNnl3JXF718~5GZ
zmr=gQoL?J-9wOd7y=HN3<a4W?CtkCtHU{`8w%ljltc@o=&hI;!p<}f%(lnRV#!Qp*
z`?da1No^eVn~Q7Xik}q6S<75l8+R>!Kl=5Eew!YRZ1Pmi-Gn^fuaZ0`%1|xO52_^3
zvlByilpAxUSXb^X;MaU@E@zn=1Nq$D#n=rMCs^!)O1$eMekDnVLN}H=t8Jl3V(;aP
z6ap*t<D3vH@}nbHNSDN%6@HX)g*4Q`MiWbS*j;EsafMXKa+X`@&5w{BkQvG1i?V&&
zU%ddEGsnU<z5tu=VmJMm<+9KDvB^bKb)Cx2__0ro9rDxMAnkR|%?|i+%N^V1M}KXj
z^3A$K;)ACL=z~WGk{>)XkW^r!gIs}i2__ZT<sd0Adg)EZu9NbSxeJ1ce6IF(<{Sy)
zBA=@Z6?Q6s4N81(02laN-Ra8R8pHxl`tGP~cYp@9y)i)Qgc_=cmb*NNaz0lJb+#dZ
zrMg`jz(GD&mw7&#6T~?0Iqo+i|4&4Wsnvh2toPxMY>JO$OQ4GnWr9)e#TC(7=|xY;
z7?@!3J3YkW<3ygPGoHPKu^Aq0WcC;jO68Q@gbAE4Q~VYuE7Nh<8C$Ajm6EbVCl;p8
z)rHlr(SPF;)YqoTztd~fehJ04H%N-DG?-Lui4%gAij6ojDYn_cq+%-wkz%8?GmH^O
zzRm1$K?0_f_DIed8p0voep3}j5`D2^4+vr(Z@(3;+-@OE;_Y`vWhBvWt1;@60lfWg
zx^wRav7fi!2%UAJ?$KlS0$9b{ufUUgA&4H{bxL)86SBE5NJ?_(H@+(JLP;e_&y$k8
z6i6z`>p@bI+@OfD3jtIxdq)8Mczy56Ij4fy%j-K)VcWQG={TvDJ-oi9uH4;0OyKoB
zrE<-3Q?<thFp$^xmOGd4we$Lp)Y+H-rs{T&01;YBo96jwK@h#Y{guC~TdQ>Z5z_JY
zT2E57jP@o~%Q6pFEd`#WYU%4G)zTtya%7?h=UJ?;2c5Wi*I7B|38{2$-ql56+#9PB
zyQ32e;0pw<4g}7wxHeYl_{~*%cX$fdyH8_Dy}Lgpsdpd8xZbUZCG~DuN>cA$jd8tu
zGM3c4BxLXMhFhz!<1y@2>|HV3<PCSkl|!PpL?xgx*3EXrFvo4LiD9dotK>ZzTNT4u
z&7L1a=LGZb<zdA!l8}7uc8Q1TIN!@A#jwsB8yUk1FU|bDJ~ljt)4o{W7>UT6m1oMH
zR*i!lacaoL@nl0D&qy}p<T!80zVT#3ZpldM=-zRzqi?1sb@Y;qq>jE$>QAu`rdN-H
zoGBT|=Q{d=%J!$@z8YVVj!|4kch+);XW%?1_49RB%9k|alZobXQor4k+am+>_|8zC
zkBz4{`Qkm&QOtLS@{Qd4aXd9zBzA^6r(>sSUroa`lP`Swb1%iQkQ=MrwfKTZ*MPkz
z4U@RBTDRaw2S_glhiHGJ+Y1xA{Zc}=_vN}hejy#l#mKpIY?OHXQHh;N$2BRwpPzI#
z=mWMgYXnu5*&WldSmt@Q$m~%Xj>_?CX()0USLj!<)}&#hVoy&a3C;7&aj^no<gWOT
zGz?bxRW^g&)>#{~-1cT0Pux7uAdRgjMy|yd+Jvx;x%8`B-EH*u*jG|<(!=xI_OJ`Y
z$i49csW|90cGIuVnx2XqKD&P^HX1z7F@tqU#dRZoD+Oy!;~M??t#v6l>bDoBpx9Dp
zrwGgbGyZ)`NL)N%&Up^+^ELOrqCWgNY!vm&nb;?G6ZqA{=EY1RU3|MRkFkB37|g=U
zGcl8yqcc&;xCgsKvN@dFRdD@W;WP(jqLadxmV3L*zL^-~DkO!!N%LK9j6)i~a`=|V
zJl}{uk2v2+uX(BwZhC*g2eNsz5zhN4cC}#^H^v@=7jo1LjcSZrrg@tl@pG@ZQ?1a=
zMp$l{*BfDn^=B$OV3s$+kpM^0ouc}p#^@jA9wN`h^nHzSGq#!DzdX&ixDmFc-SJg_
z`%e?9hLL{%Q>?&^AzU>+5jre)<1pVRU7tAGw^xcCaHB$^>AJ_!Ay30x#!slsmDyl7
z*2u9ZD&YVsXPvXdP&bLmo0axI{gPN<uEnuHftADp^DM#wU-M(wtTQ2bhke<?6^;e=
zu^fWm^JS{WSSPz^VU9C)+`=Zlq`OLCTP*BQVyi7&R+e*{OO-wGW2tIi_v0X6LR;<5
z8E9d=_HQ)1byn_2k!~OHW1D`e>WuWPDlD)lNLXM-Fo^}01PKe!J9bN~X9#B{n-oH4
z2g!>HM@~ry+qiJ;FSBDojF-8Oqvc$<PH^VV452G`BDG%OK92SfnGNCw7p{9<AB_%S
zvC1*uYBxW*zQ=9f2oScVLXT@X!wGS43s#bC6#<fM@e={U0eofA`w{899=<JAevI-*
z3;e2@1P|`Vl^MGl;0yZ%EKUdp0f}p(H7S7Jl0p1<y2F}pVV%PsYGD@3ru+{X8(^WY
z9M7ZHcSZ<=kusq80ScS%r@pca{OI9|O!VWXOC9AG`m1qDU91{IiB-F;tHi3^#z_;`
zHLK7>U)}C!Vy6C3dB)HF-{Zo)t1!bIKVgPr{v>7?VG(BdI$<bG{c>2cxBHWZ!aXgl
zWWPzAme@+YD#z9ky5nSctCJCqJmQQ^;SQ2`$1iZPE`Drq*>_Ex<(u)_)STf24&Bu8
zGc|VG#4^pkVA51O;QW@&`2R`%tNs=j45<2sUVhSNH_W6yTk22hvr8t|XS>X#KAYuF
z>a!gt*Jq2(q&^$tCw<1r!*zuXGSSHudu))P`iP&d$(dpjE2a+|=VlKL`jXf=17#f8
z%+xvzG0{WcnmjMtN36sRYio1dFspVFHxTKl#tk!SbKEedb`m$7tDVFR`L#K2=vO<5
z8}<`%ajqA*Vr6}5W1Gu<S_|a~zJ60>k87ce+pegEi3zwcU1L{kp+vJ!)*`sYV~$hP
z)}jWschy2a55JS`p_dJ>g}y$!do9f5+I5JLv$7U$aMvWOOxCp)cANI?nz+uF%n$i<
zX4JxBi-yvo0IR5pvVeV}Ce8)uBToj|;hMM+jBTrlz9AZ#UBYZ>O$-jlX4k~*@JUZ~
zo9wCDPbh3meKoXkvakAQCi|*WW8PPn8YTNGFEiO!7aH-t+R-T4SJxXSvB$PXe0^YH
zqvZO)sm96mf%%R2`oQQ$$@PKVjZwj|N2$(6(VO&mr$)HOvBv>V?%Kv!#<53FAA8&o
zqkP<T*HYd(1xD_I#^{l7!ByyIHyU8M-#*j;N4TlaIxA;;L&6$-3<ucW2Iv^HOB-Mu
zcfr*ol(VEE&T$u9^TKR#1FQ|l$2Y)PZU(U}k~^s(in$A}n^BhE09|5sw+5KVU2t_x
z$?e+^7r6_r8L6ye11wIp%j;twch|DS{^)K4j7}R^rL+F;p2FYTQ*dK6q4?1(w6yZ9
zhVoPPOLX9O{qj3ooGvqYXG`LLGwqo>Tw3Ahz|YxA6`%NKswfrA2`UDNk?k%_7t00C
z*!AHmCOR5)Rxyf2cDpc-aRbN0a%86qx8&oM`rgV6ofOdKAAnIp=s0((Q|a%y3Al;O
z5Fu3Rz)T?<xGLCJ9Oxr*s5C%|EOlVIMA79^WQhY^9sgQYuiBX*0!_Vy&`ha%J2Et#
zf_#DTlo*;S;eOKZS_Zw7zgImhVYXmaNLVTSjD(38>FPkS*t^;W;aOYicfMzDR#70j
zAF7xm8jn>Bl-y5M;)g~@H##|DQ`{KiFgm-@nZ>5L`NDEnH}Yf-lzO>h8&ynp{g`H_
zE3!c)q&q`M+DUW~xmQ&8SOxt>W4wY#V&*)BUsg6zL0?B~uEJd{UUg!-{6i82&Pcfv
zi=6|ipZ`gvf9$0ydJB;yDhZ6p4i%S0%DYsG>{5yN>%H8V;xPK~Zcjb$#u8@q<9B1k
zFS@y(^+Gou%Zo(rNHDTU#a7qc>hJ&TJCOq#dJ2(!8YT+dum3vHzf8vg@eLxlQe=;Y
zhx85&`yG)T8lfM4f7v`aa!A8Kr+!2uRA!vi&|OI_*HNGtr!_(k@vAykxgwo(9CA&i
zH+9q^+ccU97b|T~8-Gt<>BQ^S1Sb{>scW6sEm-56{IKF`CqJw>#z}DCuj`#Ca}2Kb
z_xZo7ZyLX>pOVqqS|ek=kjkAu3)U(bE5+0^GLDMY3Ymauq?BK)J*v7csUT)df66om
zjtH!`1DAzxxrEODRsXyH!5vzq0yr?=ESbcck8*^)%3%^&-t8!rxLLtFBT{fmsmE!A
zZ)1%5^Bs}_{Z+O$hCOPd)iHE*n~P(paC5IAQ?%N|nYU=~+=*eeZcU3}xW}9kLr*W8
z5<@?4pdf}xUUOm$<9!h-XN!+}X}RMIb&a8~VRnw8zsYT)mYAWjG3+qS(J>VJ70S86
z&ql>?-5(keBMGGUj1l|nRlUAu;U(ZD<$yr2H1iO@zqoE9J`3Dt{eoa_Q}KX*@KMp+
zq7q)^p57-qOd6T<9emWUW#&Ycpnt-du+to`VwiJlrA+bFV*MoiaIY{x!ep`XUf|c7
z2Mb;JF-?cbf-=g5qe9c8E({fwzAj7=&GQNti~OSPgAV(ig1Ziqf`gcSM?n$WQf==*
z<&uidx+Lu5E|Hs8%Bk<h?lSztyF{)8<qX3TA-bK>V10*PBr01O7Ky>d4E?3pLWUXA
z<LWsTe68s<2mZ`<InYD!&2wOcP+mQD>L+ac_4N|oQRhndjXFodm+52q5h|60+jJp)
zG{4S%keD2636JT5Ud~V`sFxVd2tT24iMUg$9&7J?KX^<>&ZmT;1!Xh8Gs~W*6Kne=
za9UKx>$oF^d+X>Yk@&qLDcyDCIU+YS%wdtM8j<%%xrRG(KQ5zOkqQk5T#=qSuDixm
zt>OOs`#}-_IaJ&lL0zHYun?W9;Wn42+eCGcMsG16yK!42guhQx@4JZ^2hO;0pG8i%
zaYK$AbE7x6NWSBYoN{B65_#yxX=Pk>+f(@ulI5RIl)wF(@=FrsPu7y<PtbVzeKbsv
zBRxp0I3wLO%;V*cRU*AKqFa$k8qJSn`Trf`qj|GnUpIdAF29FRd7$FB(6rQz;i58C
z#Z1vVRHYu_%l1bc`dJk>9O`-%j~wYVq(`%rRsL-}iE9UbJzT)>sypPL3Qd~@FDv*F
z)op^H98hpjXqxZBKv7w!V4~=qs$g!SZo3@z8imB~CdYqYeSVbiv80^U@SZ|)dyHV7
z(P`|d!*zZe5=r&hQs}sb0*5lugA&I{ajFN)oT2+Vjg!z(jnH`Lu!a$8i27`fIw5(!
z+5n%#0}_|3ju1vCd7%k@#p+;Ti_pzMa(-F03=V;tFO&)vN&7>B`<6)XEpbWtQ-0_7
zYEGDim$xVwFTPx;V5*csdi1Ik?XRGR<NZ7Z=N%7{b0O__SA|VnwYtj`bac2k@w-1~
zi}dtu`BGJx!Fp^0$&lH?Bnc<Qx)kmyHL7|(2EM-2O;CGqpJ^%l&X8K9wss0{Rkizb
z!A>+*)zfbLHM)wQ99PGZ>J?v|rV)k@PoeSXa8tM+W5YFEaK=Wu(buhw)G*RLTc{of
zB)9%*o)_p1pH{us4;!%SRtWgoyeg2~_}8ks{zT~{;bV4|H>I_n-(zyQy4^I84E;#|
z3qG@}{^#ebl%JrjU1d}HUEsUkA6AA*rZxBe<Ub16CH+d{NmRNsEEL%#2hNG91S303
zACM%GyaXk0NL6=fDTzBQyzlYwZ^5f{SukgN@mL`8d{eYWdeNO9S$-nDw1!(2lB~ly
zXWBgvx+;C?ErZn1a4)8-A9ELCX%9Ro;%4$=HS-PywO13T&u)3}R3p_fRren7Vxc}u
ztj4wrIOP|-TZF3d!=1es2~mP}2StwcE{k)7>aoRD{R|;`RKhGVR3>3fGR=qXRAP70
zyd)AZ%&q#aCO{MK4=Tg_T%Py+%J6r9?|9oK!nKt5(5ORI8S|)&d7`_ggyrG~m3{W5
zewVud&~FPU77PlnN!}Y2UMhL7$b@fZi`Qg~kt6iaLeA-)<~JhH${E&VK`(O%#X<?+
z5p=NY4%~9Ej!d}k@O^u4CgX?3Qi)KTIzpn>P?tz36Ldl;ouvT9kC0xj$`?u8eQcJB
zc<UFuoy?^KM)+!6b)Aq2WGbXrUkdb*&`!M~;wM|hD%;J(-J;ZFAAMMzzc$(cZCHT=
zKMwVG5N>i);~o=2k0cV>I)VRA;(}`Z)i_sq?7&y-gaciK;2H-`3*m<jl#2RO-dTD_
zhCE4M<v?Gld-XG(gukumQ;r}0S{0{*#>A_E2?E|po{iJd5@;D9=JAio`|Ew+KIw~v
zP_am&>|d(#ad*Z6k~hCi=4;x4`-Ax{>*B<pgXd+?s5&cSwwQWaMlXqnk4dpYC+<u7
z04KURN|I;1xZjBo39NrkwugxZKm)czK>PSM0ss1O@;ms_V)(RxJZ`#E^*r~B5FR9;
z)koiaM;4G3o+99<&&2V35fYfKKl<j|D({r`cN0ll{4o(1PxM`6FC%V{LSW>WU`}T!
z5;I0I;t3<9Z_49!37nwn{qfuH2=o`w;&18_AR_SNWLy9_Ku(B8#3&)KSi~G*UUKZz
z$LqlB+$QNKp&JZ;(XTKXg}zbzE*0|x!)6ws@CjBu{)6u-PeuHaoe~L71*phv+~w&1
zy0nzG%0mh5*$Ij8wz7sqgYbQdm?s_<s^l&oSBwZ+JM)@=oF!GV!Q0fkT|`U0NW|Mi
z#cFv=$RMWw33Y!}IsejrI^2QoLMEx7Q-Xd^!dg*1NH3D=Y>_aZuV+8=occ9t{p#<Q
zQy&>XhDt;1Pnp{#evQ{+LV}_?lGl?|&~~vFP0L&2@2bk{U45QOo!$yNgkBDQOhY#A
zx5iGzcegeAsH~(l_G+G|tue#%Z<M;mn=!Z*Zh76KT4B9!h(J*l=0aB78r>s-ajj4k
zt+lK*PDkr3ZjJu2VDDBq8jDV#CsNW2TVq73dWc?>>O0U1ms92St<ckUUvGsWw)=Q1
zjI)10px$mWyA|@&e>I{N`o!h#tuQz4?%E2=;=azUuq94aFUj~-&sLaSL+aQHJ8QU~
zX5&Z=_v37wuR$YodrkkHY+R`+-^#|QTJ9U!m|V+Uk&U8SCES{#_J>_sV_zM)h^kb_
zy|xve*72`yg+X<9(*Qr)AbL3)iyKBSW}~9f_a9QY@kS@H&KIL+veEyg=qY;1OVOj*
zD0w-0ARB$Z8{M6a!tX`5Wn;_tVvk#6e6#3A%JWKeZ8lcC8eNf%;jcwYvQhq8bU`+T
zwun7!jr^9{h1R&yk{=f8lg*oMVD>1fYMyi73JS@{jEU9b?oW?J_nHWLNDYoeut@T)
zi(s_lpHD_m<kVMCSm`RzKZ{gW8o_zhxhjHHT3~4e$Fy*M1buX0w+JTaz9V5A)#F>k
z7;3sJBIxc9l!Z~?5A+LTyI;Q_!b!irJ%k}vd}Rm=tdYsJVgr1^xrg9AA`#lWo#dsz
z!;8R+`d$yRgJmA>9CoFLl%KlJi(=8U$;<Boc<ezhS()#}Fj-yV#T?nQoK(1zJ@nv?
zOC83|z#{#;d^P)$2L*bqm0pbYX!%}D^Jq^!nD5cbJy_}4RoxaZR1H^8iHqO2(BFmL
zB0pxbiuo72uuEoyx=$$DKz`-A_CUcs<;PqfrV8fsS}tDqwikZy?I8$x!ngDvKi}{#
zRcK8qGe|D-w+t4Q?FQ+1Wh=FSWZd-OreusTu!pg`KAdtI!wf8TvD-eZcdP3SjL}j@
z8Q7qi{S4uj#=058Y!AEcLz$0JnOl7tJ$2BhQU0?&jpAn*=5j+=X1t!<@5t{V2}J!`
z04=O8Ejgbb{R;Ysf$p!6IA9lFAu()hZ-xO<U~4n1mQ0Gd;$TN!!5xQt|0~2XjJwTn
zhXrmoLxF5uX@=8s;BqqzbQ-6dVZSqQvKg*Ajf2fFO9||6h6jpHCFH4U*K8cp*u|DO
zt`V<WuIuMpqS$*tc-j&N%+TsrFh1zs{tEU6*=ULhsRgfKaM;~38?(aJ(-wFXwobIb
zv52v%1(rnh!7XqnntnYC+hRs}7DlI7o3hX`)mV{*O{w~<EcCaH30XL4zr3d<cBWaw
zvM@1S?VN>SaqDVxl*Em5&5@U(?tcvzGOX3Fp-&B?^fm0Rp^kqI%WGP_U&E=IMz_~!
zMynTJ#faM0o>wuycKrG)D6jkT%Pn!Up1R=`VPbvtX)~dyq5I@3IMC3!y(N}5*2|jV
zMB~;IT4L%;wK`{GQ8VpvORQ<e=&7=1gP*m-%>Sj(o<IZWPZ{FESmCS0h#2W2jc6QF
zuuA+4m@8SETsY-m#1P75b&v}s&a`p`r=8w2iqJ)2M-*X^!sz*Bibi?vE8bo%p@*y8
zGrk2{2rs?Gk8!{MPrw$zA`sVAVm)LOvS_i4oy<E!79KH;VtU9g0V`zh4q4bH*L$|E
zZwjs7(r-Hn*Bi6BOTXXny7E<&Jre8V#1W?Mb7GVnEplSH?49BiF3N1IQ^<2_lv?Wa
zZgUD-_(gk3UEC<)TS7g;uuQNvFdPt!X$*rzl>pam(K_eAK*`?Vz#M5yQXc#Sgkw9X
z(+&LEm}+32p!PO!LohlUq{h<5d2v=U#(1&AVa)VlF0*Ks&v$0b@M4@|^zh-Z;=Ss{
za96z8ixX;?in*ums61Pf-$8iyx893R^b!Imog4@scT!~nE1kHIaQnAL;_(k8cHW8p
zj(?!=QwKZEy%zHLO^ls&;&>w5O=jbqLT~w|@U1oOOmO8;A_VTpI4OAV$;9c6`A+N>
z)uGg^lKn_VxfFgNql;smRE=f+4E#B8Ucx59UM}H+Fr=z2@@omHRgS^*fsBf^ix|d=
z)^;Woi<6~q<~z^FooV+K^g9kL73`r5<3wvd6XuCMrDysh72L*jyr2%1a89tEhy;x7
z<NRvXA<ve@vC4WuT_7V*v^U8(FIqQc;h~uK?A_(sN@1cv0Oyn#M&fST^wvINHXj5C
zaQ>S<Q4kgh`g%b)Ea(pe;err-W~}Oh!(^GytnY`a{7EXOB}^0DXF1F`R)u@a+ljjX
zY0?my&lm4i%WyXilWsZe^mbG5w|vNri;TNX_YSGF56=Pj+O=5FCu&$H@QWmmNxr^(
z)rRx@nJm;*!xp9=b(7drm%A}f4osl193AAw0B3)ZpO*4hxN+PSUFpVs*K>Sh-@8b|
zVzp;AM`#LuGtzDczgKKBvuOw&W!4TSt}|ltV`Xm_1%+}AV2A8|K*LC`=6pXRiURs$
zMJ5-hYfP+iv0@V|wE)H3)r{)~N_F*+feX65#=roNG26r;k2>7M46oJ6#CorN)4)ta
zn{Q%~q0v)ojH%D|XC+7v^k7&k*i#v1iq?82tPuM@J2niY0;&8cW<%w#cp-_&e^aH=
z(oO`32=Z$P_KEtj08Pf4D*`BRuqgp_W_m#YC9LMe0D3stf&hj(ePb!V(>E}H3Wbdi
z;DpXP1+dG~DD{}7(NmW!jpFZE8pU@Cd{N!6t;UEaMVu4^iTb}PypUx~aN#TWbQf_9
zyUc~IqIupWoNySY6%1wW%OpjaO<H=gY>spZi{!=9Gh=O*AWRUxGH#_164xK4;HF^Y
zr&0^JXQbk^XfIF2erd4K&lYaGj43IYp}J?M;FM}_O~EdApgcwB;<0AMu*c&Y9>Zd<
zF(8JnKDA>EH+)uk6vGVTY!n?$bAAki&0hl#OyfipWqx%-6h)R*9K{}spUNE(P=`d3
z7qp%d)(YB7A}EY#^w5&XQOCDrh=JWYjU)Xv0y+adrO)<bl`OdJ;Id#yLKe*9vY_YR
z$b$buKJIg{E>PEVRK{!SUKu~++vOJpeo(TL=;`Yu&dw@iY<DP|W$IsL6c>Z;jWV@$
zMlrwrE;z-Bhb)71!5BF>n&iK%-H@?So>w)lGr(<*#t5E#zInmA$XF*%<qHT*>n7tK
zd$Fn>>4|#yiDoq8LSU(&Zk1?~24?f6w_cp{=a&n@DIvu;pH8}DT{<QS>66mAE}4*y
zQKEV~4ckQHavIi2?$c?)1&47k4HKEVA&o$zRh)*|vN0`<X0tjh4ab~T$25N6`mT))
zih9<@9GA7j#%`Cf-o|iMou7)Qsx>YZlibEA8X|7BV=6XlR(T4pX~y{!6zS@=6pZk2
z1MT^q_`VqTKyfV{Q;p!wbX+jF<=sPr$4oMfoiSWB)kQJv^IH>X%=qIpekNNy^}MC_
zhzY|2YF<njAGqv(_I&DgN5bA~p>*;OSmI!3zCu@-6?{$K!vTJQOFi-xD%3#FKVX5o
z;g+v)$6agN*T~nRi@!!!kG20RjP&GF&iRH?^a+anEbnV<4YDPlU}f0a^%dqv*`iM{
zKE>Ml6=tMbM?b;TG`8RqtjJ)qKf#8Y)`3q53b9$AU`Ab|>??Gx=bQ2sHrF#oe}xhC
z)m~Je2G;E_F};Ct`Ab}DpdS1ZM;cmdzeHXmqvT6$ZKO{75+#kT!C&H7W25Jnn4kG#
z`B#|uobmJvR6M6%`2rW8w+?)PzD<m6Utm`gb=enK(bSsy1x`0L#(aUI7t(rvf$rZi
zI(~sY-%+o9j#V#Ohd#&I7mXdCW6n$J^3O5%Wo!E9*!!|E?sH84uHN@^T>Y-m`ExA$
zo__!Ln9$6)_Iq4yW*+@L7QbTb{yn<CYOeY{M)K>>AHQlWqG0n{+de^Ab7RIQSe|7R
z{vMCAtVzGeg%-xh-(z7*wfpZeDcid788&1a7e2$lR_eab@T8Ts>N8AiZ7li><*n7p
zpW#RwYrtp7d)?^v88*GH_V_0hf8V<KDfWHexcVuk{XpIIDMq|um41q4Zy1X|MbEbC
z=udH{t=0Wg3~CoY^$E_u8-DOLru_rk^fmVWIzruk_1D&wuhHdW9v<_tb>eF*|5%&y
zH8y>$J^2dzKGtYZocdU!F1`A(MxFWKV~skn+b0@z_@GZT>c+93XuJbI+2g6gV*Hlb
zHH!C^id_ov{VR(1l8Q$>INaqup<;@QuZ*u&z5CRvaro?-Y7pG{^BK`QSHew^9_lA~
zrzY2+c)k$nnfKaMkKrKr=ITYkb44T=5xc>!5&kl%?<?Ij^1bjaf?X`(lF&^|%CAbI
zsGek4E!cM$ri<1%Stu1RJtOCSAY|bWz#ohqI$^}nSsl9t^^#7oM&;JSqS47i498rh
z<Ah}Q^x&YQk1)|IOxMGmy;!AR6rP=Lsa5*}DoMyAf^|#8J;B~9VwgCn`h5UlK%T$f
z5$a<K{WC>)d8bMu(wL-TwfJ0xiiwh4tdb(^Dipef>8y|Z?KRPKyaBwS-jnd2aZn<G
z=v^sct6<OND?bw}*EB=_5-MTXDb`%Za8!yeXSgdJsgk4WD>crGcz;Ya&d7R6z3D^?
zlc0E!pzd*!j5j&t5LE&jb3}8S6SE|BixUeaa}&P+Q!S%-hq>N~RSD3USRZ&Ec;35R
zKvscJ{e2Bl2dHCEmQU2t5~)k8yM(=heUGC=ekJR2QN1b(Wr;RP>eu9RWfDo}aS})R
zy(E&(_Ct|0HQ#1lC92m&Ve_}2ix79V04w|(yrcd?XdnM?NaKA}c`2pZ*G-VhnCQj|
z@wqZLCP?;lH>Nsz2>mr-4!iI-ee}0&oSxty%2WrY33?9)7Vz_}gT;Sa=D;9ne&ssd
zyDNn&tdkcjT|derO|2S7JvgnJPdvD*>W@6=;%*CUch^1dMQ2Uj??qp&<~lD*HFchs
z=zV;+7Z><m!T|ke$Gy0ycN42|B=4JOFDK#Q_$()3o>TO~&eE$7Wn7Y?)V;-y6yjTh
zW&OU4@$&krapG$DZW$r(_SN6i?jO7h+}!MFx0~owV6_|FMSZOs>llyO#P8c0EBgrS
z&X)CM)LOD$;>Hw(C(cxe8DP3wBe1)`J+bn8|1n|Eq~>`rPB8B4G-K7VIyQ+`7adnc
z<0(HlsNU1i*<oDQu-2ij)i91(Gc>GW#$*lMWwnonOR{y>jc!hRt{Vl;hgJK2#ljaH
zo8<{^QntMXZ|78u67;UAgaeczseBXhUJ5Z9^FazuI*dCh1hCcPDLBK7y(yR=t7}rw
z&uI~GD|Q+MDY)ZQ2c_VcVm;<wRg60^Y;mdgqFAC@r=vKk8pono=r+1Wuv#<r6MWOz
zvM6Th-Z@b$)qhD0$-^PrX%B~NJG>mSm3!l(BN$=^hDR{n<X6Jbc>9s?eeh+Yg_1fV
zj9w07Q5d@%>gF((vB;1J5dfnwjM1{TDva~8u_KIW&d*CDIH;uW595q$q_i<AJl6K;
z&y3;L!YfsKE@np^D+RS%Lb46gsTB-r@Q0##L&Ijto~&b|qo=UkBOKDg(>=JM?Rj>7
zaXDHkuXKW2rv;l}7<JZKSvV$MeHI7C@HOzYy3m21f;!xRZGug7t6Vt#jXdTuqCn8Q
za8hfJlu;&Ht7YNHx6Ao|Bg4XZLTEL^L9ymqMtnZHp5bXC^WVw)Vq!1Dy;($SWuu6H
z&B)`X2@OdeZ51+ZahI~e3nGo}j2rxV=-@Gab#(ixXIm%yK<nc*Ocjig8qNsnIycse
z)=W21eq#!E@XUsikdTbY+<eUF=EiA<dRs*iODCbegI!D7ke(9~o0n`#Q~cK0lS!PO
z4b8+h2OHZIhaJY2Oe~k#;7sgOj3X3Q+3-x_aK^Bv=%Lr`(iCGo#)Bp}>Cr2iV7b>g
z*9852fx}I3*q6F26MGD6Lng{hV@DH=^Xu!H;E~@bq5PIUrwMumQVW{kZonAX1gnE;
zw<hQqG9EsUEus3$n__0zxcNLTgsscZV|~Op{X7Ol^;yqjQ`8v!JbK2=?$4tjrq0U5
zxfEkjCibV+K9h-SjWw#_!^RqYMfXgNYCbq~Yt?+LpTOiQje{nE;}U+!j!O8#BxT)C
z;M)l!guo^Vg~GY&J_`L?sFY!kSaSs<bsJs9@ZkTk?|+V$ftNj3MYL(gU6OlFiRdqw
z+}yxZ&bM+XxJvL`;wDHop%lSGuX!kVxpAF`dU}LN!KtE$(8vM~Lw1Os6C#fBOR*B=
zSBP(#kFxN2WA409@ZHVAV?n=>MNbbC#<akA$#*3SMbaQ)L<{s`X&18i8Hs&a7$~bd
zvyd;FtFv%dHcPY6(`hcv!da)ekYb$X{4DHN^f_5Lp_qkPSmyFh&cbGwIVlT!RO?c6
z%=EHN%`wGLhP6PkVV!M`@uqd6IeJ>GtU1Po*!t!e7U8KABi3Qc8MSsc$K({YwmBx)
z*1qN_NVB#y$G|vS-5mKf*-9$24qHyo)(g>7CH1WN%`v0CGLgddttHJdu^}s_w`8&+
zD&cu+LKYT0Z}z8eX`=Va!q_Hek1RZBqIb?h_oimYEW*~K1bVphi=ju&G3rJ0T5~*l
zaR`rE`<g~|-|?D8H9hj0Mm4?gnnv}y^_oU?$!o4rUHUZFs4gR#YxK^7<{G`TsQIqy
zwW|L}FTW}@No?%#^~paOlR2z2=ExW*s-0v!5v?l>qa=G9Ll1{Kh6#flhsAH}XAi<a
z*t<|bor3E1pJ)A3c`9)#Dav=N@yvgW6B;I**%}We{7&5^VYy(Ha=K{~>Fg%H{+RD=
zsZ%83Nn%|r`CO`CAq_}tJCh$KP$vmOzEJB~9O+H$qjeG|i5MeB{?mH25MD+jppjAT
zz~|~32epee+ks<(J<dVnwb50+E&crp2SM#j3ZIckJ_}c+;r|^t>P?|l<-4yq>D_Cc
z+}fqkiGzaC#fbt@-7llNL}DJ3BzqF~1^WH#PONieUUMR!srj-nnVl4${dQl~+NW|$
zpzmm1wMI9P@(dKc(<*W979nBG;JaTBE$!L$@j)ZLX!*vh`Zz3@r|RLPm^Gt5fi?3)
zJpyZ4)9T~A!#q|GkC}d?9wy15t@UU=vH|tbTQxV=!wz?(cRh6Vu}5{0Z)Ojvj~#xa
zXFaS7um^RqKV)sJhsz;zK|NdwzxtTUjF?mE(Y$;0VLhCVng#W6BGtHE7hB@&W?ihQ
zX<V&~qS~ySe(P%VmSuG{D!Ht#My2hkt5Kd4bu~&YuX``4_u}{?@W+;=PCO8dM=~~w
z%{n_#CfU1XoRi9v``saME0exr^qfTE%fC@ViMUFrP8&!e8d67yB?*BQB0>8VRcTsc
zT~29)TCuA4ai8bv6bBj=2umF_YSjW78-h91fjh#PZ|pt6apNf=Wrc(%LSQ0aLai>-
z!f$}zs0&1V85kjw;$I>B-FN-Zl;KIN!<zF%yxy@|=4*-l$e;WXpT(;Fr=b{klT@g@
zi=pyvJ!^}KU-lJFs-(eFW~ewUazo3@QfLzqE{C~TMTO%rPrfdz3spRn%~>k?IumEP
z5_6MpBtAD)pdqD>6NKT<&dvWUoqsDohjB%Su9pZ+_@_%4mF%By*Y`h~SEM^n3Tl6D
zfSXbwp^s=C;%1@N0d9<A?US%8VIh7|EUlJfA<BPQr2LUBBD#p7QcjeAU72QY7S%2e
z>=h$tIq5d&`7TmugM@r3FDVDp)$gEwrG3?S;rGE^VGI?#T_Wfxrko04v#3#czxW!z
z(&9A=4sm$ThcU^)y_h=mYhm1X@XLx;$^pWs*JNXNh@<HFAq-VgCx@^~QHO=F-Ze+0
z<StsnqahS&+%?ZVJ+w58LXTP=!d;I(DT2}7v}q9x@&ylsaLgAtA3~oHqc;u=F?x1b
zXlZh6*7{(wV*?QqxdFkkF3t(U7B|WiR_w+&R|9@wk85T!Z^m=pfiga|ddi&F^`}WC
zc>D4tMYFd|t$Cr^jy2H8TP&fqS|s65UXtTIgq`2K4=(^OsKXfAs6!Zj=IzRe?OXqY
zz4r`{<G8YhPj#5->6xDC8uaABV2}uaAOTRMWQn9?1(LF@U1e(>6(}m%3bxnlwf(KV
z%sGQ#0yDt?Qp`E$oO8}OgE@iZduuQN$=x;W_3rcj`Q9JEQ&U~t)m`D<bE<CLdqcrZ
z7A4_ZEDfufrwzWgMmf-r1&2G(QnE%m&`19F@eY(LzA+BmSFCb}ph+zq*rlo0H0;-^
z?6my(8e!6J0(&Gv?cQAywz4_Zee|SjDTo7cqmzX1M$a<*wA#)vrOGCwwS<PzV+`+A
zkHv68b$MtI{4Ow7roPTDB~g-CNl0E7_AeHV;-4C0L`WVZVT?7p`nvg^vs74zyfs+t
zvivDo7Y&aWTxAm8$!;g%_tkafBsP&<eT1osN7y$rjRx;Z=IJfWtFp_5h53rd<W%lE
zXquk*{Y_zO)+>NRENzmXCiHRfV~dhD$B!xMHzI9|9`oal?e~-(rlpPYqr~B*^kRo+
zk019OSu6bL;|yQ%<C-&EA>1IImc;WszGd_XbCYnH*wW8S{pjT{Nxp+G;Y!^@im8~T
zEtN2pEq}OQm52?I`yt-0dcRDJ7kfWU>ukd`;n9V-OOviP3{twV?lz23|5)7*1XCMn
zTNr*3*d&bTl6LXYAGqfTTN`VZf|*S3qu`VrA$i<d`C;<DgpF4l8Nbv?D*ww!sT#`&
zS>i5{P<Xd`476ljnEzreOkw^twdg(6%34@1|M*TV%v3xhbBI%9->QWhj>xK7*sn)!
z)WR}nWQB0dVP30+c1G%zT7*8GeR8mehnLktx0KWcwTL_Tmej%?-+GxIaU&95R14>$
zha~zjH=a6=o?T0=sD*j8IzO@pw1*hL9@}>gYUpV{R+Dd_7Env<4b}TobzT%SH0jS<
zECPD<Rm7=C&saO=*#3~bE}q+&x!OyZ&fIMYqcb<%a-MxuCAUIqEyUtT>>bANCh(@S
zH)B8jt~ewkb`mErbuMF5*?+Jx48O>GD|pW_P)Y7}2T1`OXX~oRcV3Hnn`~mFuCrmL
zWUaB`sPqyMn@O^^O873fR@ksz>0cuo+zFdX=Rghb?6+6T)I$BccrI}^sjbZJN)X#=
zW0-CI^Ym6}%b&+)7N7q-Dw#h0c}$hEC%=GW5+B%@U}JVkV{DZ}_ZySq%I?`1N0eBb
z=W$w%-D-?3c27lP47A73HO3yh_xAJXrp4wq#xcz^qcN^%*&`ccf+I}%#~rcZjj>#h
z4Q-76M(jo-^m7~2U%)Q6HuVK`^~BCM!eOs>@e62anG;{YW}mh81swN<*S~=2e&_5L
z*yd0VdFu;kn`&-;0UhJv_Kh$;uC;1JeV<v`5S!CQq4Lb&w=ZC0raJQl%*;|ZzJSX)
zKVM4K<Z1(7z@gl5#~0ALwue4%KyBBlMi^DwceD{s)*c}ZZp1nlnl~F_OrhGp5n30i
z$DhZbBH!Ic*j5yq-3aCNyfYhNUcKxwjc}u0nDQq)6&uwE)9S}AQ%?ObJ#<2YSY=~W
zG!W@APsi>w#)_v0s=%R!L2AF74U5%>>%C<P8>sv)H24GR2lLkZ)B}Nv_i>7aPrr{c
zIXLknEV4&MG!VPl>m&5je3c(!hh}X15O*BB(}!55+pc_ogL-(~hZyFJ_WBULUC|C7
z;;Ioj@G-Tk_fm6AHhrg?V=))$b3FgV$C&2Tr#5HDtXRk9SmFzIYmS9}=ZNN{(lXAs
zz~z9yWpgYF@;x8nTF`ssBlHfLOIu)On4kFw+rs+Fk8m^c$;FSbG&QySGn`8`)_;!q
zF;CfNXc_m8_ze5fHA>IQ%%AcZ9%SkRKVzji+L{(<mzRIP1vcdAJ6f<owO^%Yw#@%?
z-_Nk3j^|Vh^eph6Xn}Ku8m0Hw%b))V%AV2>v|!Wg|C~zBYT)enDQ-4!w)qsr4Wktw
zV0EM5;*T-0v3JMEX#IT7pigo7`QWwYSownYY;z2I(RY%*{Uwp!_fmdkbBughAJ?4S
zdRe>hDY`a^4F42Yn|S+uip|Y@C7)v6_cTh6{6YT6PjT)Cdbdy6yw{@_Kftcne+O)M
z!`kuz&b?vG{{Vg7^iKZ(qu=y>`vEH6d}VHPOnWP|>m%%cOI!UBX1$#<<^$~bVanVV
zSo>2~|Ie`Vr>@N{aPz0GjV;jTXRcK(aPa4msV#8(=b@7yp!fR)dp^L1_ah@d!0GqT
zXe6&c)0cnF_I-9ieH4EYcy3L<TC>b!^{|nJhZl(r%}zz=DW$b4B9#}vU5G=Hez_1c
zWqzhER>|4>>tdV|yH$X5N^EOg>{4Tk3rRuM9$h4Sg4`%Te}_4{5K|ob_(H65n0*Sd
z%Td(25cl=aodSYIO=lEgxG{%yuZO+v@69X1Y%}Fv5pJ8Y6$RMEW6KIK%Ntu#fSxI_
zMFlvM5?fG!rB-ZS0ZM(bIR&WnnVXA9lND?&!d-u@2Spegj?F4S`$%j?0S-lC(+V&n
z>YG@AZBb)%0S-rVXBA;cYV3Ml97zpRx>qcAwJvVPoJWeVIZazsgac`LONy{J-jJ@2
zOOIWyiw+t71w}ZO;h$54bD6E!uDUp%wUL@~Zrvb#$JV-|tKyfD0$of3a<Novc@g@_
z;fY1qAiMh(VV|7Vy$JW^czb%JqTes17UM$;QK@7PF2rs%*1u4Axvr$Pvd78_F-Ci8
zauG^(o!V!Vo_)3u9i5>Qg;?p#rko|N^!-JcW7O*K6vn!ZZuPLx?dwqwEj`}3^l=`e
zPd!p=nFH#f*wiQ2!)Y@xwI14Xb5=d{;YIW7VQ3(BtPqof`q6qg6Z9Rghc=<SGh*p0
zv-MNx7>OMz#K}nP5cO9ycAyZeQ)BxIF*g?5S%`bF*Qw0OwAhwHl*hxAJ{XU!FU0)x
z*s4NI$cQa1#K_E8aUuF-#TFEzeRhn-z?$rLsN}3#vF?SqQ%l@6DJM3q5La?UdQ5I?
zVj<4viuBODSa~59<PE3cd9WZz9de@}NZ;PQa78s{{iLN7niaxqDYQLA?JVptD`f3#
z2*VWb#Sm^NDZ4|cv>EdVw%cP%LfC5$EeMg!*C;*0GUm{KpRqH9OFqxm5LWmzmW9wE
z6g(fo&`^-_XNBH<$j_^`)zW7&aj2_m9rp9-?6?i5CFe;S!Iz2BX&XvxRW`s|*c$=j
z5(AjtllTLRUk+ltWSkGu+ZG)U;;^jE3e($~Gs0-8q|6Cpw&JI6*{EofLb#|z#)Z&H
z)lP)aS2YfYFj7s~7{XHZr}INtXn*ZyNVv(U4B?!nm4<OkGunpH&XF=Qj55bhJB4w=
z9k~_8UQeiR1Xn%U1FFT;?u60NbdQgqulc>U5ll*n&I{vaib*9GS%E`A+_B72^zFXD
z-XMWP?M4{0{Mt3T>MyR2O;;zuPYZh5@UgIqxy-DAHguM>p*HlE>XzBCOo<#;aZtHb
z#b>?0S4Z0jX6%s1+Av%lSdH0If0x!(#WEJYpx_!4=_OM5oI<R1Wev6ngD7UUMjYiC
zm1zH3i657#z=(&~Uts3Iw-SCF>LKAbo02$orGhO2kh0bCuvalueRbl?Xk*J6^fDIN
zB0WT;f!f!bVXkIfe-%eHeaNdgue~(rRV;I8lylIbk7$MphcUPr;pm@tX@&_-y@JX+
zjdRVg%K75{W?1ObcQq5C!L~NTZdZfFlw*8D_ik~A_P&CF9-Y!<p7@Ses0$*LZe@Bm
zzk)@kXG|09GWB(@;D{NY{|ZiX@3>cRhsXQBf|cG-@hj+&qIZ7<15#e<^a?6cd~|P5
zOTYRm23qmsui~QhD&;KjY3-X~h0ocl89^6kWmDYr3Ag`U{rc&qDE9}CHN_IYv85?C
z`s;0KiVcC(#Z6HX40LINZ-bfFUcr`7ctum33&qzp!S=9kUNf8t>oc3-YB)Zn8P-Hn
zZ#G4*Xkd6#jE!b?Yl;D>saKkkqznvgid(6fcblMdT4-idOiR;mG{K5A<8l*hO?&N7
z6Fi8=_clRUdU$P9EKHBDY=V&)=8h(qmJ#3F1nn|Y=h6FQ2HH2l@yyIaui#2nsJIE1
zW&eV{Yice1+h&+wD?X+figQA9sXcQ{%D<Ttn*A!~<%$+wmKSRK3R=|`JvF|zxAiMn
zP&?l86<n<?+Ie8U_twkUo$u-21Qq#u#ml&pA3yRkTGjO)dKtxa;|E^Gp}L{nFJoFk
zXxq!EEYLT;jP`|3t$7*eUkXz1w0${9_YQjbZqjE~B!O>T>xI>IU=j^KW~>)hhPRVr
z?YjxbEq^X`pobJ5;J{hQ)7gQJvUOLSZ1V^+R5^vN?pDJmGz_qLc50YqGnQ&tZo84>
zH2!RrsOF0!rSamdL6~^q7`fVK>~jg%!Fr`#Fz!3_U-Fe`m>}hqY1k}>Z`p})`Fd%X
zqhuFr*s6wzL!3*7i5B<&u%UmA18+7HCbXXE4s2(h+YVw8`cwyQusHGazGAuLo)n|k
zUL}XxJ4iPDNw`PJ>*&BDH8j+LVq1vV{6#HDceZ!*uHiNMbJ<kU`$MX^Lm?`d@bIpS
zx02GX*>P72-LRul4qma7!n3y6QKs?=J7%c6rE0k<j%2P^yd#Cs_{rbY=Kq?End@uC
zv6lrenHZx4FPK=Q<R3FJS=FX;%vKxE;;67`6FF|#8c*g}sD);jxT%GvnV8{-594^?
z(8h6e(DT0KnB>$(bIfw)jpaD%dX=uOGPE+f>efbZ^l)!a+G;$VtlQgKr?&K6b)c6L
zx$MAX<p-x6SfFY{b*xYumg!V?WPyW7%i@}~k#sZ%n#V4S@6w3z4wO=ed`*yI*JZ4$
zve>NBE4L)iH5DD?8|;QkEf%653xwnGzjkeo<hiY2wKSLARZy;k=*Lo}>RMn5^IR9}
zCrxjPjXvLXVUSRLe*N#f_M~%hfw9bUUcxNa^rA43^_>^{O@B*$PdaD+r2Fn9>|8rZ
ze{QK@A~8srMsxDo6WirU_dTJlpLC!9-;4(gotSZtVJ_p8UiYwFp7ae*@FVc|_R-({
z?SJoBdcrgRZ-0Y@Ujo16)R-q(gc`GzFp5pAtyGzKx`zmpXy+iYtQ;98<AU_V<eG*!
zyQ>{wsI|TtYeW*hyS)PxEModZg@$x^iGsOOne?|^H<Pl_ds^57Rju)8QF{|)HmF)V
zs-3b<oYD<$P_a?!lav{y{Uz320u}!QpB%?I#wW&cSyo5HG1x8~3J!IIw#6~q5nLX}
zX2&6_Vv;k|Ed%SFo-P@<>-^#TI6LCfI#Jr?tV~C5BXA)dla1j13|uy>Y3XR=iOq^*
zfT^9$z!_6Joq?|WS-N_ZTT|m$?6sz(6H-(uXHkm&Ej__9%HvpVr7p`rr4_nDY2O=^
zp6Cx%#Ief%4KOpHwaQ@agS;$`qd~KO99M#&PH{{Kh4!Rjb~vS92JVMLyV8hUgm$Fi
zLF8w^zGz0<OcB<!R~!q{T=a!&(p>a~JJOa=WAx3`$7Zr&ndYNh^`)dN_FvbiW&Ptc
zw3kYm@K>rI)-XvnmS|Wle>PP^chx^x!%5XYQNu!;|62{)Z4cMC|CC&da}Tzt$9y9!
z+?LET3#VnRvxWYOI@!Vw#lJ8GL)3gqm)N`=EnK$wZ>C_Fz3%B09MDqdr(mQbx4VUt
zjv$q3=k|9@L8-ePJ$aaEcD1nAOc`yV%<FHTg3Dgt?G&_6SyLnPSF(n^rDb7kmO8Wk
zVd98Z*Dx+9UsBe2RqGr^rK-0MqrJ_#8bU9-emR6vyLBmq<C>os!yR$NYLg?SFBK%M
z7D8J+Ha3Kly49Jef-}4-jAEBLER6Lob3_=&T!FGMP8n8vq8x6kBT*esa0L+wk2x@m
zDW*9njMZjfNElnV)i#8lUX`9a(`$7P;d&xnnqqYg;b_X+^nyDr|CA8UTNP^cSQpNN
z#xm;~!+iExGOvmfTdiemmwujHLl&+NNlxChV<+RQ>@@Mk(U}f%tcM+=<WoxZ8Y9uL
zcddR3K0jE^{lcJu_Kowdj6aHV#;s)MZ5dtVw$<}BJz;|u>8@Y|^L18mgqd9x++tsh
zq_lLTrrq5MH(mjnWM9vyzPH6o<{1NT9g}*yF<pKExFR>`=0<<j+0TuYs(+9heQYY_
z%(eMX8R%>GpD=L5t{*mV&K}=lV7TU5Z(zEn-Z!vU^N%nv$dM}24*xKNsKuSCb%KTs
z^n-SM{JpDoVX3s=j<w9%V8=vBUuP$tXsxk}p}b0jyth`^(OdCT$+61W>Ncog&3a3V
zvd~{Pj%U+LhAw7ev66Bo6Wf%`J()y+{{h4q-<_L<**5<|nq7A1?rf~F2li$Y@$t{k
z#43k>F6Hayh-}=~d0960Ijzyz!lsMv8f*AxXQJ4x&&U#6Rns!D$6bGXCYF2rcQP>C
z^xw)rf37{qLK!z(Wn((eYft}E{5LYt%kp0%S>iv!ZfB!y&^VZdUO|40iiV8SSy&L#
zE@WYGIJi6uyTg1<77j=Ll}av(sZ`m?nEy%!#-@q%rZj&=22P|+tFa{tJZ<(=(bT#u
z&Z@6xy~UC9F*S0w$|r?&SokXZBH72k0e<6OBHS>1QPc1LIj>e?8C`3w;MY27lOfDH
zmM~~NBK9Cdhr}M_uIe!oPxyVQT_NM=`b8O&m}i49!%f{Jwm<I+?kjB3uCh?Mi@H*u
z@4^E~9C=x+cxSjU(56wkm6pH7CG6-YxL60>f6j?RPS<!B&N*kXN9EiH|Dbm95R|fL
z;PsRAVQy@Zaw%uF93ALJTjfhi_f>y<-i=GDx!a8gs<qLLi#9*y6x)sUZW@-JA#Rjw
zukLlDhr>UDp5Ra^z0<KaIcNQCnYC8<q-ZXpO<3zCbeF2)6PLclUd1IEbC+auA%SL@
zFXpIJ{^=0GYx@J%$BXIC{OcTdoca;Y#uysq+;`_+<yh^}&u})CyDk&@7Qx4=HzE?e
z>2=`sA6~X$B-1VlXHDig8^Jznzu0&1Q_gxxyC7UPnR{)*EB0<14#|GXxh|I`v3Ts+
zY3!6rTG2eA;x4mRs#qbXELX8xF01Aw|3#U_i89;d@<+?;N|f1=C^M53v79np#Tt2J
zO_`^svEwSPGX1EEd(2v<VxF9`gp{>BzPd~_8U8G-weaE~&i#y)3Wv(rCB2=vzLquC
zPo(0j{;YLOcuY8!Dr^e3q>_*^Hl<>TY;B;lQq(er<BGK~72DOK`>AMav*xGbysfA*
z6@%>7+*BGkAJY^1JFGjYSnaUJr(%NsbIK`p8s(`N=CsD7;<zi?ClxIXtA8r`82?Ul
z!kyAL6&=kf65Tb&OSH8-MW^J|lxXi%Y_k4Mq<zsgshHsx`KSC*VNMziQMxQ@33Jlu
zcPL#M9aXcxNdlh!tV0SqO2YcROtuavG%iV>_ff2U3Q4O^tLKa0bowqC|7OjVF^yTX
zWmK}zOc^E84wjVZ!lcHWAme#qmfJ>h68Y;c&3uT#guk62p|+VUo$%T*X3mhQOO7Pp
z$6qIPzJzyE=L$2BXBSG?#%lKYP2y>wKa+&UaOIOno|iI9Cd`&TM;4ZD#4|ffhidji
zg^m$Bp<|hQl0>zZ*XWI^_!#CzHx@8{%8izid050t;d|V~-t_|pS}WEv1LGAw-ylh>
z_c5?VweGlZLFFf1m}1jcyU@pOO><$gJ$}WB&Gu;tAGW10v1hQ6D%!}5fhLAXBDmWo
z$urZ$2$?T1X>@y*n*@X7yG@K%yGeUEn`WP=KX#V-fB6|@iD%47JY#X<8LJY{*hq9+
zi61pFfu2EgeXf0${`h`l{e<o|dphtf<DDG1#LPv6!6ZIfLnm49sNuY9ky`7h#Mav}
zT6v)SZ@vGMdDs&<+TY2;I<lnWBW;>+=by6D#0jR4HwkuV1L$oft(Qr{AlTK!N?Gf~
zaa`68nA8CA4jhXV|8Wy7)vQA%k<8SSCMs<zweNL3*1^PDXVx7LE;@x-=vpIVD93rj
zU&7JaT?kBZKh=ffqQ|w_#2wF>nlV}@;b%~5sp3c0eIiawuT%(ViRs!$5)<`+6rwqL
zLmDjob*}$}_WEzv^Y?Q6CtOQO=;M@L5?;u?!tm*0_T>C0eNQA`$blc5Yi0b#9516a
zYdA=p%orv8?_95y@ZY14w3D*QYH7zfIjyZ7B}#5<J5Jall+)5)?dzvj!faX}W~V`v
zb<ak!C9Rc!g1HZDIBJVf&OO`zKg#~?Z5Fu1JXeLu-Jh?^7%7J+JzxIIbM$Cpj$Tj9
z(b0)Hy8Zv&9Q}Xq^Z(xGfAT(0l$TeS=Z1_{(w}e17%hh=z36XQi_1xvdYXG|_${Al
zBY@?dZX>)Jo=ebN?!ac#4`qt<-!E$=&Omudsg7V?lDN~^hlzY6;rGtDkm2iJRDV}6
zVQ=Onfcb%U55xaw>=I1v->b?8bpo6D+P|azzg3t2ha_AGbaN6GbCx*?G&n~%#inbe
zj$4v{qfUUmh|)KdoLf4&*~05}?6dv(zK%WioI5&^U?1JPUjJ8A`JiqqwP(*SF2XJr
znOhI1ByC|4hRA$KA$H2~L50FQ?W#iTP~s~JF+k<Q<Ux%uEJTTo&nd(PTYOd_I@|e-
zB5bh7i;K`p<5LT<Sc^|CL<fgDzK{Ss?<Wi*;w6Pxqx*{sG0N%RT8J(#|K>tmbotBa
znTCH%A*Q?iqYBZ_;~!awtDextLX1dJ=N4f`iZQ<kXDwrQ5f1xXN)<(z8rJAX-)R2+
zBJ7Xq8;jV|n6a}6J>xB<i$yq^snL&(+4*~m(5IHZvWRWZ@vkpLyW0L<g_u>~T3&=@
z1+Jw<*i_I)ejHDE61LiAXNh{EUs8|OO{}xz?o!Z>aZ>UVnR!Ln-RJI5aDvdVu)a4d
zh)l~@YsRdJR!p2-vDPt^uuqd~LBhmxw4^Vz;k*<YE*!83Pkggg&lVe2seO|5?UP>g
zx6BcS#&>HGdwTUm4tmMf;T&v|&22dtqxd)GV2!Hot&MxCw`Crd+AK<!+4VI!Xs!7t
z=U}%M-d`JI9mek3SnqHy&q06P985X7b7*ZG*L`KRaa)g-*A{_&y4J>GLv39fTMey$
zE>0R+aW2NVv%BY_gD0g`E~a_vp3OmDu2Y#|+;<=sGq`ay7q_`{doFr;Gbw+%*E*An
zBVO}jE{gsBMLC!pP)loLVZd0PhckgUyVu5?ptUp)cZ24dJRA*Ki}O$()<k~TSec7`
zVRK0?u7>^dbI~bMcT6r8My-9h7?>K~l#A)9u?@M{o|<|*7nf6G>vGX279Np{iLuz=
zT=Yz{_T-{-+*(L=#jV|W=$z%hQ47bj{Bv_KGFzRIgR$9b)MVdOo#pit2^yVPKPm0Q
zSZ9{l_E#?(__2Q85D`>v7?>`le`}zNtQ|ElRQ3|*nXWY3ZQ#D5-6H0r`X?IbZ%esv
zV3kd8=f*Lc$nR&@D-F!Bi}WtLe#gKAdx+Bgwci3=9pP~XO#|b&!S*?`TN1HyEuvwt
z$Zc$Qv-R%B)_<S0$Mi((|Ac)j{n@vP-gahBCx6!ijn7YwjyC*0r?Xh5(A(Mw+Xk+y
zD3$_8RD3H(+uN{1b<x!$YR&oWC&^d++4ssttnB}B9p%h(LBed-^pb?(l8@3eAJ*~s
zcSI6C7~gBDU@PN?WI|EiBQo`4N9nJ(*I#(nJy|?!f8tpO#k1NapVd5p>jGO`_@&<7
zMOrej)ro7&Sm2~K2()scLeh6RaYq_s1BN@Sc?M=VGKLt~<M8(uj*2q|87S8M9Szcq
zL88pvoWV;j8Wq9gE-Y|%tX^+13iLJ%&jwoHjo0ws%rhZ&3QC!`Em08RwN>oFWU9*~
zyx5wp5dJj#*2t@HLdX4VzeH`~-7DcD(<ps|{h<b%it|(X?Nxju7JaU>=w$_)C2g>Z
zp0ZY|qQ5-wp)X8vJ~@9a!_V4OuT3<2Dt)6vn6|HXP>YJS^E;Ax!hxl-@00^QmFPJK
z<}2DUhcJhwbbGshyaR*mbtX7a><FH5V7#Mx4b#9Uz$Yma8Gc{m8?(xG+xd@p`sw7l
zhB*4Kbr4fWqfT3tTqa4Zb0uv3jRi8^)yK+s-|Qsg>-;+s2C!w--%uyP=|fX&_)7SM
zTO`G%*|1O!O|oH^ERN|MS5sEoa8qr?lDb^1>p0Fbyk>17g>Ecm__CP&)iL~}Im98t
zG9G5m<KpngsA@ac;|klY-~-?TKKBcBU}m3RqmATi^92S;{Nm?WBc+`DoS3M8&*xYx
z^QoU>oWjR`j-v|i`#F}VyzA$rH~5{;h=A~l&xAMpgP)<5W^Mlr%Qe3AGfZ*td7sf3
z<zqj^KHVDmDF!=vhfmSj#an-hH7<Vg6HGL+Z?r%glV5Iu_S`q(3rzKTdwzjoDc0H+
z!hCUd3v9Hsk}t5+qS-vi=Nr-j^L@^)EpW`Iw{C$8KKF%>G1Sk`eT@Bn-<FRtFTneL
zjMhQDqB$M}t)0zL8cLts9A%O0i(leOgirbsi=x`HFL65>oAM>Dr}~b5$>zn<&VGrC
zxH;iV3{THE|0Q;$^R8cFXohy>m)M?>-u+8#%k;JVlAX>hA#H!JmOipM`!+}K-ki<M
z=}BF=GEbe{f>q|J9lv0!YJ0~w$I;q)`{tOG|1_nq=4;nJ!rlCX!rOL1WZEy$uh2XB
zYm^uA#oypip{MK{lonaDzsBAo&#JF6q+V>_*XaG!aJJ`HY}Rw$MPFgfb9~QNc<`L3
z*VmZWkgxg*cN==fe}zSjVh6v%w8q2PmS3^%O?t8;zrv8F;%MXTSAC1VK)>&Wcm5Jn
zzQ<R6fqUQcZ2AIozRxdyfy>|bwfqHk{2<if7g+z=P`2@xY{0wb@n4|)U4G^lIQp*h
z;x91bhrX7-MEQFL4UbFj8LfYfwja4he}$eOxu{bHedO=k98*8aIQtO}e&ia`9A`h;
z?s;r&Oq}bkI@}d#BX(?JTWuI5TX$`2vV8gxKN|*9;%d%gu{oYofAWa$uKa|Lw+#BO
z?##bQtTATnk+7TjR|q*nz<;o0&66-iYVyQ!|BvkD&#X=+0qa0p6O$!RcauP`r`SXX
zIjz5m%km-HU=uxD{+k{gaH*9ZHrb;c^kBV5-RWUlJfqlS-<Qg~i3MA&gt0ecz}IPm
z*<)BR0-CS%r}a~CQv~doEo&tT7Rz5Ex$akGFZpaKi9+VQC#-nB1N4@j?WJI^<Rngh
zLdqe9FF)Hs!FJhsCUFieorUl=@V2&6W<U8*9Edcg$XLZXNROVCC&&l-3-?zsUe+e4
zm?jTM>K;;R;_x*;_AXlJ8{fqW#+Sc~c9K5zU7VJz!S7Oyy!c)0mGxHd5;w8VzayL?
z9DN6qRDJV1=xwv+y@Q!HKII+UvFStK!2!F~`5h7gyyZJsq3IXjCg^DGd7Gdk-}E+m
z>-vJXNljT}-^KtZAM!T#JN2$_W0A|c`4*13_=UGf9O(PrLNB+q@-578^Z9R~(yfns
z3x_;b$y-89ba@L~O#Swon9i-^Z(=v+d*8$juQmHk3{2q@-^6Uo>iQ=3TfFs~7~|6`
z-au!+weJl~^z$um;I?01^al0^tZ{FkWsnbj151K>*EdiWvTnYP)ggZVb@U4BdtS%2
zu(kYk^pEg4uj5!m@AwZ`8MUsyhO<$A@iojy)wjQf{xNIOYnUJ7b6>-bG^^)pxShtk
zyoR3X){!4za(Zmd_wXQxFZ>?X=IXt^hf#Uf(O0n~kKb>G`+552X4q5Pn%NB3Yx6P9
zFehKHXo^8~tSL<~zfNpS6LhJ|r+p9W>Kc`=qO>43^Ht0#_z6&4$OkpUrb2xm6)%dl
zYl>4vyjL@ftf#MRii&!%Jx$R4slyq`F>tjimL(tGm<Spl-WYu)y<cOTm3X(tD3{GP
zjnPTrw;N%Fl6I*PrmOr!BhpA|`x@b-jc;j$;r8gNM(CjN1&y#wi%x5VatAMOgyW9r
z&_-CR^O8nr=Ztn~gmX^bsu3o-qBk3&kHIfA#3mzptfA=2Jq>Z$9o^IryF7eFLku*d
z^BSTh=TjPD8IO)>h;lC<+z=<c(c*^Kmcl#H6D<AUGq`D4Yo0-=k1u})XMFmYXRzLH
z^?n8we%|dF%nIlgPh()v+V?c(24iRIV|VaYCaU(e#b-z7iv`w5v4YD?;FzwmXN!VT
zd2!7g$$&W3Rl*Fh-_0U-#AZu#;GpE0t>8jp$0bqDk$9e`&tLlOOK`sEbs5`OWW7u>
zX;6*b#5+m1iTZh$@QQfYMM#kEabbg`Ulaj`tvybfXMC%09ivZjqKj$`q_ishL|jt!
z(>k`<tZl^3ZIPimitQKGzw{2j27Ya<k+FaYJDuHC-i{L2hOwr6WG;buy-hAo5tz@x
zP${}32c2a;D+ep&=!6_hQ@A+8r9=nh2(KqSsEjSzE(hK0oLJ;)d-QTG%+&a)TDYP`
z57fe82j5l;gY@W{TIlTLw==Q989kAS@h-kRlZbhAawaw#vEdom@8!e_OH!i51Rtct
z*5zQZ^&6mv&oeO>Lwti%lJayjV=GuoiI>;MTq%7@eT<g*%K8|lgg4YjrNVdB$5l0a
zq&_y;___L6WDj4jk5Y|4s80wl+^GRBIe2jc%+`H_8{nSKr#HYLm#=$WOmV$W)fs$A
z5l$QW>LRRgM>iB<wkJHQE<0=T33V}&>$B>jrPrEY7w5d;({<Tki&xaeUQ54I7qfiU
zgSr^t4~#Ehn**U~1vn7&ENsBq<yr0PVtHQH#X4A2JGQ9~4%8;3`RE?*0G8;O=!4og
z&-k_4m?TBd)W%?$AFPeta&%j5tW@~w+Gwpt7t}_D%BR-Gcw2M~F>5;?R2$pv(O$K&
zRO9Vyqn#sqHxE}Gydn=1_2`K_407_ldD!iYZpy<tYWX~LH==X$aLwQ)wJ^&aZCMK?
z9)2<#8$HqO*_dF)CTC%txh9-^zn7A>08`bK9&z4zqlfTZy=@*$b7Zac5Qg)t_TZFm
zQ2K^$O!8o-)3e@#kscS7pX5oN)hjJy;!B$XP1VXER!C}b2p8ncb3sf{_{ktHDxOtA
zOjY@UpcvNUgV<%W`Ua^+-ZhBXcD;2Foiu(cfD>B0R|vx#k;NgD==^E`hjo2d0IQwW
z(g4mo`2uk~ST75pzhU(VV73vP<HtddI>pZhn%P^!SYl>R3uBbuRT9D!|I9~y9}54h
ziT)6g9Vas9xD?@zU`YykNyfGmY?LCWQm|5P$4V?#rt*0{99EsZeduE2gDotx8Q)rH
zX^$+naLe9~ZT7Ky+CJB#&)?4&q4y!AdWXoFof;7_;X@jst(rNi5q&qGBs?9*=a9s;
z^JR@NM~iQ0gi;6J)d=?;@gt4sTlu+0*zSy9Z-kjH{-6;C81YVxao6C*jd95xAKVyQ
zJbX-J%r)av8e<UW^Xuax_t8X|=H&-yig@)?^|3A`dcHmuTH*c;ScQ)dYk+dUKCS^;
z1*}O8a6S;;*MJQP@na3JFQi{+fN5dtN&^gu_=Y^qwnzP=pT>by`@F{Nc<Q0pqu)o^
z%&Ep7!DjCV_$oJkVoY^o9OHKl5`JQ1cZ+1LCYCBi#u?Zu^AQHRC`LC!_|$E0ptGu%
zi%njuj|;tQyoU?>ZTbx-O=;_h6Nl`P8N__;J8a21I<N#=(c6WI=kU8BVk`E`A@q}i
zhe9|m@dF|BmhIa@Brt+YLc;m=q7dmcV@3$)l)(59)~I}V2wiPPzYq@Fc()MEEu#&M
zP&>aJ#AHoh9v~57O$rdl=Hmirt?RvLB<fbBpY&U-s~;nsH{D6hCS<+Q&V?Z?eA`K{
z!b_c)BZ**S?PPvgCwLb<tYfGW8K+~eayS`t^|^#CjegUGv5Z%^2$vdXTto|bR~Iqa
z=v@(DmLGMZMA5f6iE2f<J8@4Lpe5T~_-qnJ<-Hl-Zc-~46()L0d=1A+$+MZGwagE3
z;+Ogv%2#4NI4P2`(lRfbX7B%)-^aQTVU~JJf!@OD-5VeT9Ox<HIf<jR0~BkDilvHY
zjEXHva-I1RzjXSyPF$e*;>0*fU+qMt6xrmY_U_2WyVzZ2_G59>|L*$;rze52xzCH?
zj9=u~#Ei~f(pr3jmwH^^?!{D@S9oz+_T1noSE7Tw7^}{e4y3T7_BO7^*JKMC@Yy!}
z!QWp*I*aTQ$7uLu8(PU~8{vH9sl_(jkt4HJYW%ei{YeNP7-lonuam?IRR?tWRGEnQ
z1WKQftW`2Kyk~_>IQz94+%48F(t9$z?FCw75W;9LLV^9YYd%n4ykV059+J@CbE<Yi
zlj|_zU9`7RpuLG_>Lv2VvxISwa68(G>7CMWmhlHMES5YMV#H_ou^6!pb59IC6uv2j
zC5pKshW;edVmPa+Q(~x8eM4hdNrEkgHg>f*h7!B4Rg7jIe~^lPnsz-E)3rJa(oo{y
zS5vXwp-+lpmTnD<5~t@SQ4DwLw<GB0vW`bc#qvWDRJinI5o|N8i4j~iVr5|h^b2`%
z+=(e1o#VhVQiGaU06L~&x5T$<I4fJ_8agYHd%~Guxmx|*KgSP&9~u{Z#Q69rA3>MY
zGk&a-_+cOJNvUo8I3n{sJ`7j%tv*~)_&OgZs?p^>Aym5fNM1+pSQu^RXDos)7D?@$
zTI6sFE^7~r>N<S*7vNv~XN7O<$Pyx4Y@qb;nlLK%UzD+tMW~n0JaTOatKv}f?H}ta
zB3RD&ya>%JPk978B|bDl;L0qCh&SvK!B|CY6(MQhyA&p6z%P)JQq^N&Y*T$(!WeAh
zo5I*((^iCW$ySFNbu+1lFnVZupAf+<>p>8G9sEuZ`yKkhAQtP^@*s}ud{K}DlRh$t
z&MvEa5aV1i5?iZX%RJRGC(-64b5<r~&Mg)tnX^ygG(mdF(JM||lQ{|8_Nq18iP380
zfllwWt|p$sAFJBGQ;bHV7!<ddL4#tG#LuN-jqKTzN&w~)5JBXdQqfV>SEOP;jj&Yo
zw?(I<3f(>?6%*{y!Kvt}@#0i$)}ozK30d$Z5u9;ECr7Ye7fp4@X<ZHDfird^gu$*>
z-v43W_&~7aPyQ=n?KMI(>cS(}9#q9S=fetx|Ib#1bR)l6fLW5~L;>zfd|v_P%I1~=
z^ilY#0_;`H1qFf`5$3z3YUKr_Me58b#0C1c0?f1PB?SaQt-E!xNaL65qP0UmR2K&v
z){44lrSo}pu}Rm<>tdYK>QPrjk#1KP{axzaI+)<{ov9<7Z=b4zd4|5D4*I&Sd37+?
z&8JYlTOCseojkshI@spn#UeDV-mNz7nbxg54Cnl6o-j4uo`=0&zJYR5^s+p(wX7a_
z7;Ev)dBXYc#awLiiG7VrzF2oc^8UG1zHmNH_=Arw3kWhWCm_fGsXkI6qXL2qlm=+L
zavDj;m1u_mR;m1+A8l;WtA0TXX$D@kTSI*$BKSZbc58YoALco%^A`3wB3&)qa2z$N
z+WM`;x{a~IqW<IaEOeIiDV7+2V=VNOqlBpL$h_F1c@gboVKCL>#SS%k-iygLzRioP
zw&+qXw%Q{nIH~FjuIfH4Ozw^O&xjasyiCVv$zQCC?z`il?(-7{@1sO!J1|MvWc%x5
zDNt=Ae^I!35Toe<Ynxmv+0GJypN#Tsyu*iQqm+4CXNy{IWeLyF7qf6q;>WWvNA_&Z
z!abR<&cbp<U6_TPitpPj3{&~IEF4hPVOcbQeBG%eLEbD}wrQ=i(8XS7VK&a&dCM$J
z)AWm(G|#O)nV9R~n=)zWSQ9dFRp%o!vBatO$|OEx-OLa^|1M;p(xvxJ$9}`AjH9KS
z-;86GTi+MQM31#Hj;$WPB#vIDJ}QoDrqwf!K0J0lhN*mrRsG#f6Mh+^GdwuJ_(TtS
zNYODKT#@)N55~*U0UmTG`06G$YF#(5PURH_j@ztN2HM&qtqcsckJqZ7^;Tj`>HRJ2
zV7!;;Yu^M5Cnes&!caMSF9od?el-OPmFSri3|Bd+_HAl(tylQYp5i4~W(=c#w?~$7
zth1kY;ct=w;_Qn5u!wUTnI%@w9_`aAfB*jL!o#d!<rP&|=^B9&5j2h;kK@n6+c)**
zyf`M1?2Z#;<wN7d%hi%N5dmMDxPb7jsBIPVW}0~K3u!o|n#a<x#3sCeSK72qX#^+h
zv`Ht($~UCZjJU;aQ#UyIvNT+9>K91vxvbr(xaRU~OT`pJpOuQiZfis;7Pw=hq8RTT
z?4TP~NBpHx+=_U5MbRPJU9HAz!oQ?RBb{XU5aAX$+D*p+iC=SIfE+#Mz%4l<_BfPt
zHMZYBOZWrU=6Uf?Mui8HS)7ua86WMX+l>x1$t2#=ODe#)%mq3>%h6lWj&U4PcuS5_
zHG0X!4VCXSG1V4bVWO8ka@~V(?PbotVJ=nK_xf*%HHgS2VS8HD?xpJ)TbgY7mD$wt
zV-oXdFp*Np+a((}CEhAq2;ZAo=%w%rSy)3am4%baQ~R>9LFGrX(8*@*$`TNMLl!35
z^_f&svxaBkj^-SY#RluVM;7TtwOtmGRo~T2EOzqCnYiavPi3Nq%eNyFdt7{5CQ(QI
zQaX_;Yi~M+y7`WDoOJ7R(y_*4m8Ii?hYwB1x28^g+J{>g<CxB4yV9_gms*cw>BRim
z<G^0VOT;PBXj=zvOZ=)vbjK1Q8I{NojR^kO8cg$Cl}x;82*g11sjZ}+F+_*7HH1#S
z>cV-M?<JO?MAx{`L5;L`VT5{C``hNjldg&Q*1`u=R~9)d?EYKTtb_eA;V+XP_T!)R
zC4R!le3l=BB+n>64okxQ(O@}p-H*1U6#RrF)ee4aQ+(HbLS$d{VUMaGvM}Fft+hng
zkhmXg*NG^1(yV?KCTP63g$hl-oq}x+>v#&TIwEaT&|SamO4gr_uYj+jo9tM__)t5#
zO406ilB<yuHnf)yDi7OE?AsY*686Ny+_=Z|0dC=$e+p4bIXcV`fm=ElqU~-Z+HRU?
zyMc~Jc)$!B{^&2U31G0Dn2y9J2=|a`OB;sCPc5+FrW~1}(rl>V0fjH|wKky}#@R?)
zM$V|%CGn*;6qAIoVTSzFRvWr1k+mwuRNeGI#D@F`_$aNFi{wwjLy_bqLOV$Mcc4`E
zop%y=3U6@Yn0%Zru2Q|zoYaQG(!RB3O?P3u<{9V0T#bnLZq2jMg;N^M=P3@)Fc%g(
zA|O5M>FdH-$C(;`Prn6zYaJ8TKh^Ql3<Q9HMbtU}*VW(uUzMx2Wv~bsm5JQHkQd1>
zS|sDA<^mbNbq$fxh537kh~(3x|K4*_lc9=?Vp*JOxFHFzkjEq%bh~QCqm~|ShDKHX
z=A6lRGT#iSvWu<qo9$gGHe0=`g%@@Ia&ZnLW3GhBQr+aYi-jofV=)r{t2`?a<Ig)?
z1kdwMm2fzD7ABB%?;_42u3%{=B|-%QST!#c``F%(@Lue%mh~rNzI#`R?@L=Dkq)Yk
zed@;z8rL@zYom&xs%O1Q%%$3Ppe}^3upun1ze24e&S9>R()ubmEj=d=?pZSw8bQW*
z1v?X#YE}3ARGaC<m)bgE)TNGcl1fqsI5FH28R<kTr)x}ANLI>szEvX=a@2C_Q|A}~
zk$*H^#tP{V59LK7X3!RK+(o0d8I}w$D6XYc*`)T7@SgWN!{-nE#tHjV;koTy{i;Mt
zz)K^v<Y8QABjIORYs*l-rVlb8jxNk(+AfLamv@_l+f3Ub;!%64?)g$dO`R_SFQ(s;
zNO;n4`NOc}xXXlab2o?SH)L_j;+l-9l1AynQpPR8&buVv&CFE0$at}z)J>c<`Tk#g
zA0y#v-s;ED=+}6{d%F^TH{x%hY1P@(w5r%Py=1)Or7Hg5>meeO1}Y@dan=6o{+2TS
zByQ2$P#drek`U_?VR)<d6O(azyNEcwS-^A_KhLneDo$_d57|Fvr7ZE`h$Fq14_$P<
zhYvS({~{m8I<=D)7CF^}7CYng5A$KDOCvcw&!v`G?0{SA=ELR`jb!%u6m^irE~lJe
zkL)G768`BjKgauNiQhj?F3(uwJgAhlIRp(<b*%?`?doa|#^`E44-p%^)Prt@Mkunx
z5Dx9vxUC5$PPtt>J-F(2t@q%8+eP<w@wljbKhLn5`l1=G$u@EJc)AVeRAZ{}7!#Rk
zBUVr~=UylMCgOgFcSNv33a^U@FAqyZy!fz)gQA8fM6lRqjf`NDJv<<SQChe|09`<$
zzXUxT{9YKV9MM~0oO3K!4$)=zSx>S~p7bqSf1a2O5B<`;RHz^3c$rV-0(y-QYi!YR
zoP>Q~AV)tnYad5v+e<`HM%mLBaiT`ixtxgm4p!{NaYt#5?s4J-&G!?Er>B~%uj(7>
zuM=l#9@gh98YSWc?nnf(5c8v!-ciPnESgFEn5V0VTjMz;5n$Ik3k6>jPuhgouG+!W
zD~!-cVRGCGJrvl(@cZ9B9LvJbo|}YLgPK^U?!-Dl;1<L0`mraJ^LAzW7zsm}*-?1W
z?#BK~z7H*c7CMdhwk#l`bFePbliuSmJtvY_8`Db@J|T7rBp(_ej<X+S)z1>~oV_Fn
z-m38(==haNljUEs9@Zx?v3EJc&mNZftxD?o4_SZf@1&o`krICFCw}<NnrhjS<fCa9
z7|F>Gll3(O8hQsa{KKbD`erMUXO>F%mAAd{D>jiO%L+XgSjX_&FCX6jpYx(PN^N>n
zO1rF}l`P~#2PJSx!4T#1<nuYezuG3^ud6f-2eBU{^>CFx;EWLprZEvI?5O1Jrr?^i
zjQxi;n?P;$h|UzgR*Xp!z6kV`NKh?j$$W86tQoyq52k+0Nb6PAqb1J#dwx?j2ShaT
zv&_><O6m(SJ_6fCj9qn>uqVrzBjL;=@sGuNshh^ZcWc^9OW2ut{;?|kFxI!T9n*#g
zzq?sg<=%(Dz5^w5k{1`Ha62zLCg9e2<#S@2+tuD8Hn-**=*0*}_$0@Chxm||PMxmK
zaHi2z-tH8JG?U!Mw{+D_uxppwv(igMq2_Ecf6+NY_$qyBhD<nQ?<4IdmY4$b7+Tcy
zQ(D5lOlvRW4R2c+pLb+5oOenp>B)WKsCU)(h}h1aA6K=fupiW^op-W~o&x8*UM1sy
zkN_asP!r9q&Zh9_JkKK{4IDQyO4e_i*dxa}a^g<bbk26$`E(O~HEpJe)mn_G+<b?3
zzsWW_E<V2I{(bghBx9?F-}<I$n8A1l4Xq^4Av-|=zSmC7#IwYX4RW}|j&kKUdo?Uo
z^=@`{QPtbo*)8?vV}81OvVYY^))6tT@8qMq;;PKYVb$zh2R$`s*E$&H&<@nWVwblg
z<+zQ7^xwQHZK{JdDI%u%G)t%SvVgj{4ps-Y6RRB*Q`^?TaB=tz7qZnG`M8oT!gf{W
zWFM`AE48z?)WMQ`*S0#?kk9AW!NGi2`#LzA@4A(b8~ICX_=7uvA)Ev_UTgVK&Lv_$
zbYghs^XhWGL|<`2bW>OwVUf*=^?oGr9u0B&(-(?;{?ws_gr(I<IZ$JtJy{_v8Y6(V
zO=_}AK|eX?zD$avI?nPkRzGc5lpY@55hdtp&Wz$F^OZ-5`0#5&rFnKosL4fWuXVD%
zHiAJ4Ulu{7;@KER7nLT>C6%uUV}VVd9L6xaRT{>8d#%GEban*xg;3^jt_fka!<-+&
zZU^rZLNDEOHz*7?jt0dTUlzm~XJ%;-4_txHK@2dQmjYN|nCk-AV1(ubQ05NI3Sgnz
zIW|Cg`-cQZJ%P~y%=S3T0$AoLH<EI>Dr|?Rt3)z{u)$Vl-DWt+3KC=L*9519FM@-z
zYqgGxvS*o&_KG%L$7IErs$+p-OxCeh32e}DMDb44=?jHxpn+<5u#TN}tyIThyEZ__
zX*+?k9-3CEv+)kSwT>AMA+e6@+BKb>*MpB>l|l&nj>RlIQiPTajJ2Us(kBSM<|G_3
zL=J7XVU}#{uwi+^2(4;d2-{+7l8isr@V<<KV1Jn)tTs?+ot(ae8d(;lhe?eG$=EOb
zq-IPBALaE%GSY65YCYD6>2rifS972+A5H4i(&tzaNI86{uVU;MB0AM&rru!eHdCia
z>^>ns^pRAeIfEo3gKW4Id~{9)6aLEsTL^B41>Yzni9UrjO3ICgaS9%$#a^vFlJ%Hf
zo$k$kWbZbbjFBaL=TByyZW2~8S4(ju`153WrfQGfuc+R~pO^K6N1o?Sa0b^<v8`37
zstjkE?tPABy6Qc=FOl~=%XB>bFfW}xPy}`N4r1(0M<2#MbaZ9xSFX0~vHI+)`)~eT
z?W@2`B6crJxg<h-=pqt`<fHUjDR@~#7R|4D_XLI@Nby#6e2020w|ap0Q`mau>!`3J
z3HSFa6m_kF4T`!~VOy0)?ClfxRK?aYhRH;k^kSK9W;X@Tm(}$$Hp%LKnQfOJv(a}U
z1xU$x84as^*Eg&Eox3KXf3+vaWZ5&6qpk8WrKj19^Cm7jgp^;Q2PbkI(20e#b~d1l
z3a37q<FM(Xg6GY})$;B4ReEQ!9iOO`cKowG$BsV*=Gkd<w%8%WyGgkfk~PbY-m-s&
z9b;t?c5#_(mDzDZ_K&dRuIwLXM_<JnViz752idVv@ej1)q+<2Aqpj-iYo|Hu?_<YY
z)!ZSX*shn7-zBg|>T@WFC4c(>Uuq*f75xj>|Eu5W&*Q0B^%xN!qZ3kZpigD&C(n&z
zte7=^r2R!15eGykA^(g%k+GjWJ({sz?AiZNMi^V`)JWgaXEXNm=O#1Omwop?lu6Vz
zOVl-q>Uw$%V?D%#`_E<m^7~Z#EZ3hxPR%!ngTVSihG*#|+568;6mbIno^SZ8b$^<`
zWP!^%zTUwe=qQ)f+d3x7zoRj&@S7w?l|Irv9mi~*>pJ>rY8xj8Y3~77v|5zx@1TO+
z^(d9tpu1W*u}62^)p0^suj)9ftCw_K(yRD+>C>z(c2mu}nbt~ShZ6>Hm9k3dR*DxW
zR@D9qN)>gi!iGJZFbTd(YLfm^ZmC$K>NiwuQ@@+M=J-%00rkn#kIZk!<MPMuO?&wJ
zPwbzEOZ-N<*pXSCju|pvm@amhrlw<&!bhizo!5cs!Wg7`y4WFp5XXKSuZUxeogayd
zfa6=^n4|G!addF-DRFFdh`oSeI`0<8Ii254!yM;XTgwde&(iwUV#Bf?u*Yp<)KAoF
z_T&paDE%=(HUa3|J#F}@Hr2*HCN;B$siciM$?Mq?8;&dPMK*dZb(D>DQuVnutXG}g
zZ8)T+(A68NyDKR!n>N_SN^MOaw`s^t?pYbd!efsxE1oIUE*55sdM^cYWV2W-5`BcE
z?{l$O;XERthydvzrtgv1687;HiIoYr8;?GhC)Z<~dnGJMkdbQnDAtdiq#Zt)TrFE%
zVf{DAa(;rspCs=UcwHwf)yVm8X!etuIgp|M5p|qj;X6Nhe2rs_Sb59nDAvWQ);JPz
zFN7XY-$!HZJ=Ub|qvP3IpcBD)*7+G;@lfLJYMTo!JMbekuAjtbG~B#i;>9oNM7~~g
z_GEbP57l$=MZ$l9FY!-xs@o+INTh<{P3<&e%`=ERk6=Q{&Ji#42tKaIa`4Z<Kdb9h
z%$82D!z!jI>N1thQ}iV&t}Bg2j{5qe<KcPMpz5AYHo9lMaD&@h5pHnzE9xp6JE`a^
zguB=0Dd&vpTxP>HwHJG2jz33WCULGy(iXYcDyccd3?An~h0;}7<-%&GI>N=aI`v^L
z?00r%kJ%l%6Fkj*is7F|CH0wzC0Dg@qjqzV0-Vpry3o<4w{oGc%@p1>Y-S%9&3LWC
zi79#}T|KC)?Og1buJ>@Ety68|LMP`2_Gq6N2~p~z=RVh>Ixmp4zqjs))ja135p<+e
z68q*rgb3~=2bQZCCL~c`#dA!>D1~}`yJGE8aaw7|s>kAek`4D2ttA0RwOh>|ikZaO
z);0-q#R_2}Zw@_oj%=NjiKkTMonX28nLJEo#-=>1U?~T3>2=KFe3VMOXD;c!39N0t
z5QX&Pl#+Ho2mMuX`KH|%mxqyB%H~|`(##QgxT<9g%)@X;M*BPz>;0u`L@bQdwfQ*U
ze&%pKN<0>&7kl(MxmaQvLvyj+G%x3%9XBiUFpj4U%*C2SdTom5QZ9O0%~n%2R_e?;
zcn~no=AvKFe<}wR;Y?ylt0EC%NyDRQ=X0<;YL?{UZqy>KG$}RhU_N%Fnv}kmn)RSI
zQKA#>WSfK%dq3tG3GLW#LEmW*t!^*<?qNTPwOOMN!}mX|&hsU<wo?X)s2ianB1YAN
zn)&{xq}{S}lN*y*=5{xsRdcNy<x<)TH`Yt8#cs5h>-X?rm+T(zAqk&0-;FEE_scz4
zrM_D1!7!WF&4anNpY-ye%pRta`|W9S-I%2rB_332yq^c>9U^~#p0?19*}6&T)q0Pb
ze!k8i{Ef|E&ea*%&te-gFkCXbW#WL8R+d4)-lB9L*|Ru<UgEp0GO<ZDx@2Oi-CvS{
zO`6du6Ek#w&kR(!e4{ck#_*iX#9`yL1(`VKe*bhP_IqAGnu%$qaXb@O&ETR;jO5nx
zOmy>RjLgJZuXkl8rda7iGqBSN&CI|IU&i1}boZwY&BP+VZ+Ip;1kwj)U`-%>N(N>H
zo6Mt}P?OS3Yz}GtGI2ii{(wvz3I|Fu(JzwqZ3b>ev@w~O74?^AVsdJj@(-kD&C5Wm
zm`UkgvGLV5k57MNEVHAS#aG*Lj2RQ{XeXt8OYlr`jkDvBRCu2toNTt#2w0|5`m{W&
zhUb#p6Eb=-GnRx&v>H>w7%Zjt38R~ATnpoY9OxFo4x7<2f?KxC-Vw~Tn{6UEqjhET
zBAB2HE2Xn~+JP`;IMZiFaM7vn4&#>7AkJCpvM6V!%XL4D%dX(<Fv^T6%Hjz6`TbqP
znCkbp4daa8Ul~Gq&`<R*5BjP8gP{<Wxfv?1=2u#JunC^4!g*RS<r(BxrC&<M^w9Qd
zC}-J+G@NC|4vlzM+GY*QCD%HQI{u4+4s=x9gB)0_WUSF}MlmSohO()q4Xg}(AE~>@
z9tp1*b0z$!e-$S6{2+}m{nz=U83wR;Rawu=sRJ2W<P8$*M;X=c=Y0Y7tKZKkLU!zl
z`7b5?Wola;#D#NqIq-m`Y;a(X^rI4@v_yf0(_r5+2f8SMfjS|Qj3wf%Viu*_39W*^
zR<GF@^^$3yGavD)^glwl3m?d|T~1P38T-Y_esil6GnJeTPI|s;wG%^C-!dn5sz!+m
zy=`eroWvxuD1F+Y&v)XcL!aeDD}A-}SKlEu@H!gQ|1Z*!xBm}$ZviI9aqW-(s=KSF
zreSDjW|>zECXuBTSh6EIv16^|7;a2)?8HvuIF17jIbvp9X~it9n3<VbD+Y_18Q!UZ
z-C5bbwr}3M|M$K3eLMSApRTU1s;)Xz2T<#O2CoXKPCKg_y<`Ts#2fPP)!xl9T{Cua
zEYw~mV!{1mbqwakz7CZz!U_7dWyAa!YaCHW_%Ym-K^LoClQp{79GBYBk8^Q94$-|o
zv)_jNrM}$m#xdre;U-ij8IUWA@zBM_s^(1>yP}pS_zf+7nwyA#80y9ty$$Q+#(qc2
zbr)I)vCD-c;>!-wB)$u4=f++$euoS9O|i{|`L=9hl|4c!MT1F}E<*%-v@%eM$fGhI
zR>Bw=`7Ag>+L6{-AhrL&Q8Me<j~A(g*!~@PHaV1MDB-YzJ}h`pYNB4dE_0A}3DL%a
zDy$4%0$wtSWBEXwWvm19pO%p%T?E*{%##d<ScMoq`(4N+X4h0Z-^3)%*U!XSt<ew@
z*SI~<q`~?InOLU(NXCS4xckuhahSbKY;w5AnM4WgVI~d=-v|@8MfEWzraRZN2`26u
z33R)cStb0AI+#f4YohKs9*2dxjEu0v8Gj%SyPY!A>nzK=GY<W1@0~b8#RKT>Qcndc
zpYe=Si+R7AKu!Juo)>SimrC(|-iSY2M>bu<K*=pc`5c*x%6*Nvyy+1>CzBY=;Y?=x
zOr<GV&BPJLHp?TCSUxupKJz#uJ)5&PN*&+C;<-u;#Y1|byNZw9T~&NxUzAjJXfzLH
z2bDcgh!vCUSo*$Zn5vyp_PvUUqU@GtG)upu@<k_K){Jd3%TT$e?e6m`rh3da&2h}@
z>ChaTed#-!VSL=rIyJ{K|5Fc}p>;yF!_6=!F@+%e6YWLKFfoPCYKCbkQqOfHm9J}t
zvFX7U&2cvK=_SpuJ<B3UhipE(Ii~0MTQ$ek9Gl9E%D8(q$F(v-mdm<(G{?bmcDLr}
zSzba8mJf7kj@}ijQ@N;uXF)TxsOY)T4Cg9}Yt2wt`R$|Ba+N1<(f_LH^O|AY6XHrU
z%zQHQ0`=#qwEX6n^K{CkX4vyg=2y+Iv07Tc=GaqRoNI>7HLBfdhWuLMOf%fBWt?h;
zrO(<Ynqf#CdrmWS%@ysMV^zIs^xkpxjUuX3-`Gv>eeS7E%`o8kr#8?eHaWohG)Kpm
zCNZkD;pIz=rmlU{H)-mQHT{%8C-UNlG{gP8o2B>IZ_&jhylcL2p2RZCcRdS5mUT7@
zW9+Q^M3P;pRNn4MYe9tBXI{<1N?*psEIbIfZ)f3HeA>WloJvT`&&Hx8_suMHOnKsN
z76zmyU#6PrY5lS>Ff;987UpISj+{4F03llXnFU^Sx6=B1G02rN)QbbICkA_Q)Eyk)
z#VvPH@ml)pHI)+;ysb)~kbVxnf=H-iK9zSFd{q+m8M~=G)y3Bkv6TsDF~G~`C1Hqn
zF*R|($LA#BsBbQjwE^*gB}urHXl+Tty+mtM651zO8<NmF$s)2mG|5_&gu*0iK@#R9
zJsn!7FR(hBRKCx^c2zdkgXb0*wBHjB8N}~r>^9KakwB0g!oAVJ5X0DPu%(7|z`#bM
zMyWZ@&1ZepaR!PsdyIjJJY$G~d|ga7a7@n_WnhCtOf=9}WQ;HfKZpqimOC?s(Ou_1
z5kBV$#YEX7Gv<9H13U+otHjQnisJK{)0wf%O+teCz=cDKy~K@&N`;Zq{IL9RVjHz0
zb*~%CgqZHe4&x(2&I`<?k+`=c-VqL^pIdq)s?W}=Ln6%tHZd1-9I5;3V81gkHdkh<
zn3hZY3h$kZDQ-8F&wF{BT#WS_R9@jXuGPW7cz&Y}&LsLq=h6gsPb4nnnR3JHVA?Y>
zg5&7w2~=KGeL7L<OSLU(|6Xm2T5Dg&qIP=MvFO>Mb(R%>_ov>oXV^3hW3P>c>QJ^e
z6yR`^jbXekJ7lA~<C!fsjyV53&8DTWusHsGjSp6;7o~38d)B}aji0Bf=Jo~yS9$sx
zg6lyl_i-exGw{ISqr2V3^(ar3iZ0Z<E<ApZg^_$BwYf$3&RaMth86Qg9(3_j9lyQF
zj{*LAAy{oJr+zPI$;X|<sRS1}<r(4<Cst_YDkoa=c;Zz0>M6v#9C7@JAnlz`QJuNY
z=OS$eqjm{<q`X&dt_(C1wOQ~&M!aaNBo(O`s%&N@{aB?*MQZ$YjXrSrygGH0Vr=6W
zp}Kc*`u1r%I9l<<EgS{BIOdTT=ctWy%uk&1Betw$Tv?nLm<E&Cdg&AXX+#d~LHB!T
z6))@P!;>%Sn8J5QWXo5FvkIMTbW<t}wJ}_)FjD#^*<Ebh)9m3k&U2%ijaI}X+bGn_
z-m%ci!F$+59K|gQ%Y}V|*e8*F(vnEvxP?j9nD9AhumY!@-gGh>rsAklp2{87icwni
zoM_4LW(LjH-@<X&WDKQt3U)gn&pXEE;E-cCP1j7ry*UTV%=C>p#9=f#kV8w?y*38}
zZLvNF`&@i<4i3AfOM>X*1nDQuaM0PGOywp1CkN$_Y-#k!LC=79VGd3Oj6FG+5-htl
z2d(3ix98wYyjYyWrYHKZXQL>wBGu`Wl+z{$E0bC<x)`3~znhI^DaP;|bW8Q$mO_gE
zW;U**l8kvW&7dlM)5ZO4)+)n)H5;2Vf|s)~KQrq_4i02KdyejAeFC(~4vx%0es-`|
z4(4aO+vQ+$wzZnNpKVdQC$l*X_gpro#x7?ch}C;kXH|}~Cwl6{6a8LBtu{L9tg|Z5
zjJt57rOx_sTDCiR_81vH<JlM<rvk3iL|%8q&-S7~xMq4WUVJ5YgzIT4-*Ne;d(qXs
zxR}p%hGJ@E_h8?0Ekf@7*?$g~rL3I&xhyw_Ox$yc8B-jz((MT{5Ov*g4op$~V;m?_
z6Gl03S<RQK7VhsMFp0a{2`uF9s}5}7lJ(r6duNkerw3;`a7P~=S(E7?p7<Hbh&M}K
zEzKpwT4@NCLgm#;e7H_FWH^!S%s;?^F-po^84=KPTgO_}QQ*K9^=RZwE0C)nQqWLt
zxE{*0XBDiI#&J=eN%EnhK*PJ+qG#EaK!Q(}r?upC{`QdJAtSzOm6Co<!*JDgMZ-=l
z`I3f9S~?KPw=E4>0~0lwV10xpMUZ@r7IWHI4WpD_5%yGrgm#9hPtqpcs!nC4`L8_4
zQ`5D~NA&WH;v3?XQ3@7#u~YrsMlVTqf1+K$1N0#eaDzVHNq&Pq+kTO;)Qbzw)a71G
zH2FySoL+0RmuP0OtyWcxq#=z|#U2AQRQFzk<|K^}>Rioz&A=M%IIV|5BkP9LY3D`x
z^w2qjQ5(rmhpwxH-R24XOk<w?92=Q^kfW#KJ<PFQ@too~q1g91t}5e;@%E>X0%pGQ
z%ib35DNX4UtCfdXgvEk`EZpY&poIs#A#ucd9u*HcjGh)QJCgfb7$!1@S?J_U>TY4Y
zGl|M8oYG(Ykl`m(Gu^cITUcynk-T=q47Rm!(~R1*1wwYSMv+4Da{4@CNn>)6dPC>h
zenK^k#pihC$HnmSS=(j6R^NQd^Y&oh1y2nfSHuz8{IfX2@UNGp(UL`_-SVs<ivPnt
z#0gy#>}8^pf}^ZnF`k#EWG7f^FPYOJ?4K_xB{jthX_5Qkm~^QR7-97?5nYwEb4l&U
z@b|3fJH*pTuj8fYGvWQ0I!Hm6NSogT^POVp`!!5e(+_I23`Q2~twVa?)Q|9XTI78)
z=S(VzR{zc@p-(bm@==!BO`*N;^?rX>AD!={(%k<et)#uMzCLvk!$fJM5`u;4X6j6a
zk;SmE9wBwU%%PSO+rMtqzv6d=W3#6YlJ+(k#W3mGoLV5`W@Qw=S4vmo)Kn7xR;kZL
zbg<HOts$-Nr7V|7?Jy;Kj|{`)BjUS8O`OSbMD0>+TTBw^zf;Fc%b}7sWeR~dER`g#
z;gLS3Ze`{}otQ)4eI3WSc}d4WJ?VmunR>BJsTIogoBA={N&CiY@l4Vic=?;}c_H=A
zo0xB_w3ciaJ!7$%=H#B3Gv7K`BIQmsVF;}})j!OGmRjCy59V+)--8)O!XOWh8~%YF
zv@r8#dho#Z5xl!=SvaP$m+A9ZwHw8!&Jy-9dj}__xsYn~a<R**G_+gAbK1IahV#}k
ze7v}56IbuKZeyxLoV3{@k$%-CHpxBEh3SU>vW)|V(aFW`8BNE#P-Iph_-vQ4*2R{(
zJddC2NRz&WOpwIAl6@e<qq}Yzn5{_j+xu!lXA^z2;SPk(Bq~6fG#zJI8#Stzv0lSo
zg^$zFRgE8`VVTN@Xl%7Qq!{%+DhMzm#puG=bJg0E8slRzcpkBo7dx`O(t++{Vy>0y
zJ5{1E76EpuS>OBqL3#fZd4N%!xWA36MS!9o@cjSD`&KA7w)hjWe-)XZs^a&h&K}b<
zfBxUvB9s%&W9G9sCeZ;IlW1@;esz~`LPEpes;!XOh%0;>te^_Zf{ZP;LJ@m4wn6Df
z<)fiM?bkKllCwKnsdW@OkCmP_;&<#P)WV-U^tszJzL>EtL^f#G@-Y&>@Y#$_W+nDB
zUyH>g*O)X;{fgx*)}*80LJb=gK2XC0B{5$k63csNY;LJFCZCaM2Dh-B2^u;pDYPQz
zD!iRWgg&tiwW9L-DjW5+XLiuV4wf@rla6RpH7rzkHw{;m#4Z{!IlPU=CVuUi|Bb#$
zKlYn+ag&{8r*w?c(oX2utML^&y7IJTIyQ4YPiH&$c=p(tVTA~@mNQ8sNh76Dqou|>
zYBG3ddyV8A{zzqG|I_|SoDsHxmpEgY#2KSQIAcZ#XWR+ljGo#kM|2%U>{HfiY&w&g
zi1Ql%wsrJF+Lm=Aw)|9gv8+2HRCj8q?#)o$Zra#r-7ucB3r(z(btfryOB3@IX<pY>
zOXz1}ur~7lP3?aFx^{>)wrG=oQ7iIYrOlJ`NtWcSRoV{9S)E{YWAH=+$Q%)an0tmp
zdZkQupoQWdFC`2&&GJZ9`bW)FWna!}zJU(hm$~4#@#bqC7^O?6i0`)B3cdFUmLh7F
zg4xb`EM5F4rZ3_({!9EkIf~!@8`}#>cf;opGIYc`<{QCro4E&b>DzZ!lNlcmXw-Y(
z7LxW=v77`6)jdnY!;oew^8Ub^tg6T>ZC{pFvGjFv)tGmNZDf7z6<W^Ld1(*#@%J5n
zjStw1;;qMQ(i*TbqV)H%eXp?cqVfN5PEsJ#zjh1R*Ue$#huYVD?>@OgzVOx*MzUMo
zaJ>MtY~L@b-p^Tmt9j`*bDFW5BGzs%7_!@QpHb11-Dme@g3V5>xKICGALYBHtYmFu
zXwTmGUeA1&UE+7!EoMd3`!W{Cbk<a+CG+i2QK(p}Rm_PfnZ8%wL-RIY&RdfoHr~y0
zy#MvXo;fX_`O^=3W|e#<@Bgu9zI(32Hl4Y97~#HZF>B~2th&|cv9+IFx*ccfZ~9$p
z-QlamGMvvmhNmhMeykSLpG?RsR$~?KK9z7Ht+*blIILorTJE^aYWV5*d*6SCqdkzJ
z7TYV<ECs!lpBB$s-N)wfr5`-Lf>ah4QZxx-%szIGVeD_t$t8@sJR|dl97dd<v&PQW
zjJ@vsN3p$`Jol1<o#@P1eR=a0y7{j4c`TnVpAQR|&UK7UV$N->_<6z^;kJKCZT~jb
zHa9U0U%*&X-wwt;b8cX)C3CL$?q|OZF2@;yca?1pmTmTp9p?{iFA#CAakh}d{-U^F
zG{+%ZO6QmVV>{xnU6*0WZ#ma9_B-ct#{TJ?FL`R`bjAiTYeMW8erUVI`?)Nd-W-dj
zx3)#I`?8$!x1BQ>`@~tu*uR`38SBcdf|7avPsj3uZK^#Hnnv9tYM&dy5nlpda#~ld
ziRR&3U<J>zs#OH>z^_~VHS}Q5E+sC2Ir?horSPsAD^!D>rO=u^NW*cpZE0S*E~{42
zzNg_$>l87;EU^ct{U>^Hk}Vx4G#pd-L5<y0gZnjNN3+jsn5ngAF*@Z$=4r^gDC`s7
zMq&Ak-)AvnvOp40f>9S)VY{(}khx?I$zZ<<E@Aj*a2P``_I!k<hy4T-cSx&pYo^Sb
zT5-059?EN>`#o8NVNUOmj)6+>L>lpkWzMCM_-n3AM}K{QHYFXqEZ6dMjCGyWmZqa;
z+;h{?vDlybFb(_t>BG|T$RDIi0|WIZrDI(%^?n*o2GiT5qf>m4>JN*5u3b7-C#0T9
z!&eFEEz;3GQPv-kSie;|HYKH=O2gTt^t);3n0!!+jIlD>5v$)$UB&vwVS_eMIwOkJ
ztVJ9O4QW|7*L{GU^P!KoU)0Z9x*3_rWpXi@SiZL+JyeTS>$FN=CpA>Z`9wwfzHh!%
zvNpoL-GU^TA?!!r0+W6aeV94g#zEFq8*5{{$%osRY)Z$oE0!2wv#z!^(#AYnth3oN
zyOgbb>KFNJt3V6Rw+qY`)=q)t!rCmbStLj6#7At1;?5{Iz{EM}lRc1y?|p%v06$5X
zW8#;@JRWBDERquxyPqWk?%pwRL2=(QF-vvdFtJhw>Yb`p*l1!Gx38Hv$<0e9?r`@N
z6Js3q1yg2=JZECP!+nPMf8jo5VwKZAVPdz_JZj>M)BTl++s+wEWKT%D0&^C_69p{N
z*DAlVCtCPi9tvDz6_!~TBz>^^s(}?2Ca5QMB5+29A`A13nNj-#DZ`x-pkLsWkKGs7
zoWLbtR?j%}iQ~iL*nqgwx&Xpgx#AFG&yOJBN#-G0_73Ciq|b?`)H!d>P&|t=JuDQk
zEA-|rA~?;$YLU{*!ZB$VKG*r)0t@*D&GZc8y?GXTn~NgznhL4Y7|eVvIi^StzDY^}
z8^^I$y}_dGR}1m$1K0(DDN5OMg5)t*e<!wTzB2;HG-+^ni5Id~PHYk>bo-2W9bw(c
zO;rk6DXpaiZ8WZ_q-8JNXKNMuquJQ1@V!bgUQA`a>5T8<?4-gsan?`ct9T3@4Cz_j
zG(xv$ksE{D(ucd?1y(!VxlCto|9+d!jxaHe{wtiyy;Lz=X9GjtmBX}Tf?Uu9N&IcN
z7_YOfT&&YssrgPq29RO?1(nR-vl@+v$rK$W#Vq|@2)F9oj>Wb7Ju##Nx35&#TqUIX
z6`kYpH{LRyeK~_}PE+iTNwh>0P9<WmYV1nHS1Ns+d0N8UL~PR}`st)6Oh~{8y&|wt
zPdJo-<2u!t?+9#5K#{|kpMaarz~}@lG~$LNVSt&@I|1`d`+huDn{|MemUtADajFgn
z*$68kKLPtJaVjVe(Dww{J<IBrfCAgN9*^y|?@~OD+eyGf+a8?2id>#<iMZzSj7mgb
zcU+r9oN@nnbP_gte$p-xL%imt1WfaaD+xH^<pjCnwa+D>oljgyKsV|BkE8y$!|}N8
ze-aoK@U4%>s(^1+JWdAqq<D5Y;29T>wn4jNJcbAPtspB5W(`ZireGVwXxozPcFF8e
z(vzii81b((J*=UK{rkFxBZ}B6BPkR{^xI*(Skar|`C|KJTFKIoJ-FM8#;d7bS2eiI
zOVaBfq$5Lez88}<nO|YH{$HJZ80hew^WwC_pz?i(Z;lrWge-3nzHVL|6<<-!m8O4;
z2Sw%!v_mZaB@d=q{{kl4!8;zTw6kbe+QEGu+?T~6uHY&UX1b`j+ZCMZ!FgHi<_`As
zV3hk_^sGPr#aBj2-_w*4D$X&{TE^K~9odU-Ms$r?hut`(7_Hoxs7lj{d|vgmOwMZ`
za$%94zQu*}y0O%Sbq?d63%4EbjCW(CGxZKZoW@xfR@hlzQ44m~Q8zkD!?N(Y+{)M*
z777g~_Qm0Me0v=G?0IRXE4IdABjao1*tU>0)dNMe45F>-c@!XwCewr;)vQN;wB*J?
zKRR>wE<anweVhF30q?*L2GGr6^bbg%zd>;{m;9WMwG<5?EkAn6{L%a?AG;;qSW8u$
zKN}N3e=~lDAM;IPxF3@&am|Ny7T@n<JFLL1I2^TQ%hzn*DnA?PdTEiLU3VF?{A{xO
z0vq6G1>SpFX&s;B9}`9^sOKB0;4Py-VXc_mTOpEeUuPt`%koZ{iYIn$rH62OJUv#&
zLzwPWagw18v+pvJrN>9UN7c&7g+#L07c+#k_M0Mzn!YeiTJAnSNni};0|gNeYmmS|
z@k}v(3dd0r`x!d3a4ydHO0UcaCEJ~*$|xDVWZJ4VEV_<m9!^1%{MTYz2~Q;ch&U%t
zZ{C;VlzD205xF16&E*E$&yDQ{YpK^BVXy_dvEE=ubqSy9Fee!75g`hLjS<y*88q$H
z28Nt3ryFdWQ{FA%bBUhUZN=_!_JG;vIGdoDUvYLz;X61Rtjh8P^}TDH9oC-M&)GUI
z;W4sB{NL?ODjUhFty0-#R%4gS&MVaysWI)BVJVjTmcnY*x}>mi%s!>CrL68Fg{@X(
zxr8@(xifp27Ds2L`sx6Y3*I$=8~Xbb1Gp~YI|k6tcv*&qG^=+G;H1Ud2e8lPC;V9E
zx2WbOzeSL}ev2R{{9i=d6zQS@$_2vZGU5qT2}F2CKj0S?k&+paGu+0%ShZ?@j@1>#
z)GsNA{7y)4eZw(~v3Gwd4R1Jo#r2HuVQdR~O#f=U^2HFTH;TrM$qk+H1y&18Wgo8<
z7^>MT1y*S8<wR7uk08tV?|~`$uZfKIbJQln==kWiz+CZa==m349i(1zW2H7tyWqwN
z=QVj%WCv-ZKeFAc-01BJ(v9)1;9fU2xZDfeIN%CWovW_k7B}+U?rCm}b-x|$pBK{T
zb%f$SsbGcTKA;rC5772Hp!rvFJkZ?pc?9kX#o<YAt>C@6Q64A=>38sm{d%>Algfwk
z?EKdYBlcayToLVGuezmSL#SQpqPt%4cU7fUv31mb!3g=f^=2DbbnP#vTgz2<PYv7D
zCXqVwEPEqsr9}G}j+x;qbm1#@usG&iDsB)<b;D^BB5q|&rrJ|2?+Oo=Spy>WMj=1X
za6Deua19+5Yqo~Ivg>yhg8-dXV}Qo`hV-;Ca$_pw(S2v;ohE}H8RJ#9iFsD5#0cMK
zG5Y-QSXR+~iuSV&O<x=CmhNDogfWQ7B7F$nhr3Vc7|EZep>X#>dHO1yZ9;2Q=BY{i
z3trCs#_MRl`3477v{0it=(j48naVvWQ^mg@`99LFU?p?+l)6h|{w^|i`^X%=jIA`!
zTUFjK8M{<kiWp!8+9%_l+ishTQ=SECmt>6apOt1fNmgMph9(8aCSy*L43xSlDL6VA
z7m}=D$+(mBYII!hhy51kIWU1$THwHGCT7X}mtuwkg-XU02R10F6CAj&WDIj)keWKg
zfmN!x$brLZ<`M@wYJ$qWHQyWumTHyvJ8)JHPII7xBRJZDA&%FJ_mXtaN($|z-xcqr
z<(g-?wAqOx$WpnNCWrP?U%8jII6jWqOMhzmNSWZ3S=BmwaZi0`oEQ7GPY7~>PgCh)
zh|_NAMWNGsoup=?m8{#tin}U<;P|P0&*eYs!7#VI-Gk|FKRvM8?LX$hNw>Y;gBxyH
zr=!PDjKL(2z1)NOp0+IVjlLca*n|Ew#r=83jhrw*wf{w!3~1AXS6sz0KLnF}ZBy}=
zQaXeN;<u%)WBFd$MmV;zaZu{;>xcJ!)kkcS%zPUcrL)fg&t=o%{2*P@#im6H?b%vu
z6%;5LOT+S&50|NMS((93(}vKBihWH&E`{0u6{a_5mEbyg{vZx$Y?9`o@*=HVtlwUM
z8Sjbp3j63RdyHQ%&7TvW|9Y?`W1pk|9hql<B(i)wW5d7B=RYByE2VpsvUTDFhPU63
z!j>xinQ<WxYc%6v9y)SkM;`X@z_mP#clfU4VVCHt9L+;NOWerAINRQvhk+h`FAqaK
zQqeKSyTRz(41H7iSM+om-=BvgX?#x}W@YeQ^jPMHboX8+%_zp@y#62$56kc^d1zgh
zP}b?Psdw_wwwye88eU#d#TFI#27*+OW~s|6^JRHhT!pX5!-^^gsexfn@+I`%r}(Wr
z9IM&K)v_6G{y5OH87BS2cP<ZYUiO{IL(89*>E8@9e(LMn3>$x%*u5D}{nXvN86NyJ
z*p>SEN>i$T=@siy9`3zjUCKlIrq-!E^loaMpr)Hzhx1U_)Y_JZIZdri^x~%0x;$)Y
zYOTq`{-$LXQRnikRe9){SB~15n^zKhrTk{a-AczkjgQiCSo;OxH|}1lV>b^jmM*o{
z7#*$jya;UxhbONoO_W04DJWvjzEhb$M6AU7#Mb?beJK9SJ}DKG!HlR<>x@<q(UZzx
z5F($Ez&C@j0wxL>u{H^@_7`?2XsKLBpFdLqm+z8{q}~J-%?9iz;^(Y+DZR(fBYHQ_
zatqs;SZWc`5%(+-q${_yiPIjhJhD*8Wq|ovJmH3gO+4<Tg>HH(!T0ISA6S^~sCdW1
zQO6-h7fYOhJr;I4H%9CQ%b+_AqPuch*==JhKcf`cB*-MJvav(hYit}5{fm8+!ggmh
zJ8Brk`Y1B3QFco$Iu2h4mfA{Tg)H$ZV+WbI%Sy@J0u_J?H9rdP=>|Z9n#42wH9^`&
zH9fB2605aS!B{0D5<?(8B%jr!z5IECB%Mu<Nc)Lega<|{8Ed0;WL&12dldXJLF#>)
z9#(Lc)!L#EUy`xrf4?2$$-K2PcVaX~$oIir=^>nuO#<+*)1^&V)BRGjSZjlVAxg%I
zXdP+Nk-c5Puc%I2)^wkO6RZ|7M1z%#<^Lzzk=rAizSl?TGLA^o12TqRE&6gpm5h}?
zq|W#0&-a<b|F6!^|6T9;u5o>%{y!Ldrd>Ir&vjpxr|yZsV&*=rU=t$}dY#pz-B73y
zbfw~^4;11ZWekDItmaAiF1quOxeqB3`kB(SMv+DXk|M-7)!e7yzM8m|7-#K`7`~bM
z@KnhuRtWE|Q)Eoc=A*(gfk-euLDqYrvb(yE=HTtbB?|r$<(~r~JoCajdCqGtVd%lk
zNm1G3n_~)u_<N~nY^R8If^}0K5q|6H5Mu-e2(e7C@j}cKY?{a@O%K*lht{cCH`EA!
zepm<n-2DVD>cls9bhw8J<U4wW`8e?me;>78kIV%vWYACSRcQ9ab%h;J#Ce4sFC7QS
zgTaJ{2lI;CIo9x~-m;oa&=*|=99>!37LIw$p3O<5bS>bRq`C%h+*ZX<j@FtrlM`7q
zdUAF~D}BZy&pkr%=@v3Hmx-o-U1y;ThY-$(`DG+mR@_Y&_A=*n7v?E-JGx2Uab0$y
zgIbv&OI6ox7kX$-y1HfH{LXH);@uRw=;4UJ>%w+NRRWC>8T8l&;koL<HSvhi#Z@Ez
zs0%aAss!p_{e<4I!;%{OgZAIYy0OO<#iNO#_3Pix@K$gd!xsjzjjdSrg6OwQjm*Di
zEXQ6obs<L!t;S-G+1l7*{@~3>+&i(sL4vnug@Z<8Q2Bu(wm8sL73)aqP!rdXjG=m#
zIj~>#EOg+UnzYJ+zFMPg4xG{wsAdoD+T_4go_N-Qb$mgwPeJ{VXz#hpX-hPG$T3dw
z+>{|BJXbi@DoM9FZYcFyNPGPRx_eo5-RCr8i34<u*E&UHsvnX3NVG-e`<-Z^`}aC=
zUiaUmvLoTTla`O?s`SM1T_%VK+$PaP1n)XgC_Imx*yOYhI<eRJaxv|pC7SVb;!yr!
zjZ_FR*tD$2u=1m2=#Afm>tqw_y+9{H*qE)8X#K}yIu@#u(;J|tQhB!iYPeqfOlFMa
zwBw0`8Ly<Tmm?Y*;UBW-9t~@;G;o-%ygyb)AC(9vzT&A=ZlS*v{YEpGv7BQoGtO}A
zlj&i1DCuXUEqy_;Exng!O&Y%Hg(@a1y<+6uFzzwh$T(c~DJdR!PAFKUycN2i8Or-$
zZ<Hs5$ud9_^A~C|-ryh&ci8FTZ{&f@4S$B&>t%-8k0US{fO))Pw^cD)c|Y>Lh)?$o
z88yl-lA*bLyA|rwTao+W{J5S;Dsc#cdb>iYzFfs^B`iyehWrgQ4%<h&bF7&R^*HUK
zM(rYa$wC^Crhkf@_kKVfdlo}|PBZcRe^N(ei(FI+_bo2Olj)ln{_R~Q(c{nYwK~3J
z?*@j-Bm@6S-@)*^XpBaY?P`dpqIT+%PU+(qe*AeczxM=x0oB6yMOjfFRU_rPM)BOl
zmYr`IEf{_kbEYUgF9%D6h|$U~!#rl(bK>uKU;QKN!_=WNd{XQ=mb_oj{wF?A|HS$+
zb-2t-R_eZtt0GV2W+?V?X)$Wd)7T-!y-Ehpaj%fc*aOQntW=F@8r!TEve;*T#$JXD
zGO$Ja*)1ERIIZ@4y|RqvuJ@!ScZpOgUlpDUHo7_WL&QouIYC+&#wD9|GNcauzS)Wq
z=%JM#tMh3Ziu3R8XP_7Ru!VuvigDkGu1b7Q0}~a`EhknfKb>IUw$^;2feoCvp)Pvx
zp%WwYXA2B0as+QUvBQzw%D_!Wt1$hk8c{bH%bg@w8%v!s3DZg^kzjeQcwBf_JJHse
zMv#%t+(<tvL88+ItX#f<V@w(pw$j!qV-1|sceC*Zwuz?H$KlRUP?<2@3L9gk%u}$F
zsnZm;Ls1VYY`0QMeyJUa<>Gm0pc|Ka@unk4<*~xrZ(xQ9ZZy!sX&g4t$w@SLm(z97
zz*o-VSVPq@k)EHZiM9sjY2Nk*eFC$ijGZu*jWaMympsHCQI3#ek<)5z;JEY6=({sQ
zdY-^$>3<qGPo*6z<;5F{f4B6`dq1+ywn%?T)jLJQ5%mLvb(QiMNGEJl^H{N7^D|?j
zO0t1#fQo#!q!_1sEBsHiys(y~(o#FYda2(D|H4=x?eGF)R6^5Bi`xmuo7Vq=O7DHo
zYe~!XzoPQDT}vI3{wGxUw(IYDUYZ)|e?!&iwbZTZ|3<awwKTiY|AnW&?SAR&q>w+$
zI2jdnpyDTvQE4_nY9*fx?>piFllAOUHXD+z>7SwOdlB3t<HG8+;B!AHsUt(A>Hol!
z(RXG7nff15E`lf1%d}L`R6oY>+ENy!F=3yaoot-U!AlIsVD;}~H1yZXhVGwHLnmJe
zi|XNT{yFuCgo!P6(L+gCUl+%e_-S=<NAXXri?M3iqPjS*io3bEuKJ5|F<P@1*2Qtn
zzn~sganYw9(MFq^xy}7+>tc*vHoqQivUdq`!12z!dRQ&o%j*(GdA1ipobLQwoO7mL
z&c#-<A>AEi$M49+CR?n?MJHD#JvGN2f4dHjxW$z^IOd7(or}(1(K8pbeDT-n;E+#T
zs)L6<AN65Gob1)=xQDEBUGxfOb*GD<cu+_BnD48DOYwnKb#OK*Yj<4?Nfz7cqA1xz
zFPN8-but$hQpE9G^h@<Gt&26OcDs7$ndZNri%DsonYmb)-e3y7I75uc#pDeC>bf|U
z;ptHi6EgiPsh!Mn{pw*zmY~)qXZZ+zJWI5zi!Ryryj)Dn*3ac)U3TIen#yc@R$a8s
zNj#j3AvyNGTpZ0Q-;Lf?#^0qL?v)WUXv)g^JJiG0vUVr>4CTvHo4qRds6X>7$o7|4
z@ZZQq|B5M#b8)hwPfk#!OltpFCI8~Om{B=pLS1aB?8&c-i<QOTTnww?X;~NZpUzrB
z)BW^qGqQ%Ngkng#PjacSCysI@Gq-U(VE*}>I7IJsj$5idm7|SzwiuT`8QL3WD~?>F
z1;?8?13CUBeKqE?r>HnfNx39Vmc$Wh7=1*E@GcEVMseR&3I7}0Rl?WiDV2B^|5lao
zb(>;5K&vwxfL3hq;WG2C@L`K0=J;?%@lNr{E-moUQWKMWn4}To+@6bDUbNNy*NCgq
z#T756>O{oP>i&G6lxXgFF~=cpcyZa`ZXZX8*n7l>m4e9oa;N)|54{aB&xh%T`<M@V
z4EwAP$Bj_dA4y;8*n4%n=f1DY7@7NZ^i{-Nortw${LX7)rH)QqR_V|0M)9~e;(j0q
zt4?C)i|6cV5Kr}%y-dfys;$ta<7HPJ%a}YsxuuAS#2%}u1YfOsTI<-Ywu+wnoMzZc
zgkh^D+GXLSR(5a}x^Nll<dLY^Aq#7qapN;F-mrUR;)G$h$wCX;-y;*FZP6|hJ8f^P
zES#|WQ-ANfgGVxP+Y`Sn6C=H1N+z~@v#9=HpWQMO6MRHM2FJw}W@2g_aZ;P(+|#pg
zJuX1+8{ju4Wn!hjC!>q~LI2oHw1^jjGchRMOOUnkY1GVvcu${9v`X~nXJTxk=$DDR
ziNPJ2*q@X|bqbU1TNyZz?4_DhQmPQ-dWwBN1JhFNs~K3F`Y^_SKWu*{qmVCWe~G}t
zIWojGhH)&6+fserW1$QiE2Ncxw3fZV>{Tl6vdhJD?hesK?-?1N{cc3|_#o5U--UmP
zo-QJj_FNaHGH-hq_Or6RT^O#^BuJ6s?JI+SJwL#OQ>q}yCDq&ACCPGUX=G51AUnCY
ztBZIOZ%1ilAa2?i?htKV81IPqic|^dE8HY-(0cEwV<vO=rLtmlCxJt8_m+Z4t^PV%
zsq13o0%?P`iiw?4;V`Ip9H~)0eYT1|OiHx_6fs<-?oKGKQ`7IIH~&?x&wu|;1`rV4
z9k{9ZZ|W#e#U7al@_p$bB5v!Lp~;&Iv@1%KCLE%64l%J<#YrafeVkUrLKT<8{HUZ&
zR+Un|USVGm4^jBltb<ze?WDGKqiW93ut)tg0t@qKCJD6tSlIs1>CYO>P~-2>=j>44
z7L$aHe@Eipg!IT#&=iXpd+)<o|Dm#>z&4q)WJdU`eo{~}x~arS$lL)t720;}fOM;m
zmHVCk_ck;9=@S&w+H_~dQsWuTY0q-^2Kr8Xc=TN|Cuum4V+W<5ljx**Ly)8_&Iz_n
z%eo`5iJNBxTI<F&L0oeATLOD@gK8et*DA5RVKc}`>-&|Q;fZ*pw4`^n5bw@R#9`rW
zm59sYr@&%og`tT!<@8=mz-^~Ajksrcs7hzkdpiL`Ob^|iY<iC;V2RnmRXpD<sNEKd
zpJc>7(j}c>_3(fe-~)$idH|ip+w>{L(^mtS=Y0EM0Lu)|;sCZ8oekiC-!n6S^ZqKd
zngZ_jL5vH09BH>Iq}E#oYv#1lq<mVay83f`rMd=lbkN?Ta%XN8a6)|P;kjzT*>x@Q
zSe0=vVp+%^sf#9xnxK!CCo@CH;y9kxsfkRYG`0y^IlRl7V3fnVs0rpf#HuFP;0X3<
zf*!)xuZc`r+ocKHAiPtW;DYeZYl801xZO=;a>c?X#6EkMG{G&WcTy7!Fub#xV1eNs
z-vkE@?}{dPWO%1F!En>Npb1u(GSmDCGj3lKJTS$aCKzl5*EGRgD~{eiz>cH0pRnWT
zEt6ew^p-a6IBNfxJC53)?1`iHyLjWM{Z-yL>T?@k9KB_QFOJ?aF)ohYawaa0-ZI@E
zM{gMz2##)oS%JFL{?&k#GbY6+5M-5%xQTv=<*ENm6KhgW9wpi|-qA^MRFfDBs#B0|
z)2PR#%K(;BGyGSZU|oiJy$SARl<)l_3bN8VG{IL{Y3-VzUADEhG0tbFwV^r5u~s+6
zjhwVrO|Ym;S__)nGS<q*SY0;lVPl*rYb|e#E#=bgH^$X+*3!l(DxY?@F@{x0yWJS4
zE2Q0QjLsFU#f@>LV%qh_m{%$7YGWLzWG!rr<(1PeH^z`EHhr}vRf2OGV^<aLBx<v&
zS=bnJpESoe#_Xrev5nE{8FO@FbgX8Mq!y~1!>LXUb7*6Xtoh~O#yD5&%Yw$3QTxjQ
zjd8Eem;D=KMcse&ZHx}}zwF%@TN{X;)T;*4-0Vn0S$@>eq|vQzWYW00K5x=kc0O;?
zC<<OMssG1bFsZlWe`Hb*XZ}b=+Kk=jUi2k8(pPie;uxjvkM84_+4G?T9ZwezA^uJt
zbYx|RdkD{(%RMM!8B0BcNyT!hA(4TshiPJ@hq&Y0)cP<{qtJuhqO*wI&rgu_3i|Oe
zIyxv4UyN5>qjcIIVuDUM_5`DgeBByHe1o1IekKSRW#>9`FHq>obZJuJj^>sMMsxt~
z;|j^bi83xl*wBRTJyRz6kcy^B?KJ!*?uLq1%)F%%WwZ&fRw;W#B{@$JCG4P@RPL?z
z2+OS>vbSsVLI+;SlQBG4rAZESQ=D@h)V_O>L&h20=wJtx$!w<sokNzX`P`cAz&vh^
zbg)%C2{_Efa0lk-mHIevU$<sT`vQxa?Bn<-My~%2E;4B_A&y%(rMOR8Xs<qV%)(C9
zpz=lavm+J`Yb47&(rO*Du#qQF#g4i-U}3JFLgf>B6{<ejAtAFJl6a4C+WV+6r&VNO
zsbNr^^)gRHWL!Uw7(e@tsBA4WCu;0AGf%6mwQ_;rmsL*-jkVVJD2;W{gp7{kyRTt{
z4AMMP^R3p{I*nh~*k+AHrAr#8dyh2Ug|jxiw5@O;6w}Eplxd#4OJ$V04aH-Q3*}JC
zDj?a)cc0<?%`EyI<@xg@C1;aLb75~#ab1b#Au|ajf_`<{g>@IthteA-TvG9?3i50)
z;ev{>l0NQY3Fjm;Q&lR<6Nq=2Aw#3AR}zR_J|>HIl!Oy9BlG7G8D9D!1aHWUB!7v#
zD?Sp|UCdK3kGbYZ`>OVlKKep7GO6=OB(&!+{PMTqdG#{kQ>(H-X6cx8-%RIi)C1}T
z#xOMhs08*j@N{4xL*p2jjGgQ4&QPy7zlsT|a~Y=OM9x1wxJA<NEx&t70PO;eLa>*Q
zvD}q5$q~uJZM0NB8EMl(qE>fnW`T_nj!Mgk-4foRHWoPFqH=#j>b%F9#$W(mK%u`I
z2TcjTW(tDeGY=JiGb@zqCHNWM%ZbdJL<w<y7?JmK#r>t1d=y9h{YSZyF~}otnWN>4
z@+ED_b5z$K@nYD{s9Z#!>!;PUL@};vSf{*rNJB4`_@^6c?KK*vXs?InIg=&KV|=GH
zwB#EV)?IO|l&KKJ!dN>$Cx{Y%>@LpX;l!)JtNsy>U5_le4&`@P`0e+<vHp_(<@QH?
zd;Qmd*Zed8!}^c+XT*2(zxDSWza75r$M8{&=r@Yw)S!L$_qN~ho<aZ9YghPstcs7;
zD8;bQ*hv!lP4CB^+xS>NT1I_iyjVuaZJEd0I)Lq-)y1-wvzj~s`?T0bCq7~$5xl13
zq>_6>$B0M{k&s^<aq#pLYvke;ONxCFLUF7~<bGJ&J>z+FtuxhG0$&&a{oMVNu_3U#
zBnE7m+W)}2kyxo^D*hI)JQJxe(fpK<-g1R9E~fn<g!hKTyNNlT6kmdee|?M{Ve37(
zLsV}i35opoqdn-R)5gB1n?&JvI1IXb*J04j!_LgL9*i~Wul8V|X;XQ+`399cSr4hb
z4lZM)2b)}iAp2a#T4|MTQ2D0o42#Zt29QyK1o{^vcAekkgK3$uXUVU&RgHGi7L}iM
zVVx#}dSB8xL9XkP(KsiJT`t@Z(x~f%DR#JV!8}axjkf!a3)5UyUpE%HEP}6dS$kaA
z<&w_ikG?G*3dxC2`4(|}k$FTO%e7RNagy}PFX7m)4J@9s0m^H>7I8Sj?0r5gR;0qC
zwQ3jnFhRBN`*20|-SlCP=DSXCZr}A`JGZa;Fj}|g`*2RT$M`VAVbAqppToZF!$XIC
z(TAnNciTs7y8Y0HDNcK`4?CRpX&>%7?UOzXH|*U$tTpVNK3p>F?LPD~?X5m6GVRSi
z95?NaK6JM1^*&6u?6p4Zwd~bCw6N`!K8&^P<vwh-?WI24u<gY@4072EeOTeLXZvv0
zWzY1Xr`w+H!(6vL)rZ4wdm=$R_5^}>>~RF~*rR-C=e0-pknati_hGU(`vCRO8yx1t
z8E<w!AG-M3NB53NR7O&o8vXb;UVpP~;@4p!jX#O(Xw0LX)cj7CF;*cCuu0?_W&v3l
zFNNue%p3B|YiLsLYtM##s$5$co}N~+?lQcu#QKIBRa`_&>I_gGx6AYKCrbGiOPc2=
z%G-wJE?2OWm7OdtEzE%mt}ydq3BHrMi<-L_{`vdpvl$_sU%goze|(0fVyEJ7&(TG7
zKhRL1P6^ZUr$Ri9K1Rjcfl(^{Dq{e5Wo7bZ4tpN~j<Dcnc_R7ZN`>g;!Wi02Ja6JJ
z{)xY5e&e+Z#4o4+zPk)xomq?rzYePp8BKNy%iY3pj#WP{BR_pCgYo;%$o#jthjkoK
zQ@ZN7trBy0S<7uL13IN_;#kWISriA#bVmJI?mlS?T;r00j!J75?I*FtN%1e@sY>5+
zEpdeT1}Zg(xo<v;GUXy|OMT#ZR&TnB2}-RslA&u;{N8X}jC#kV-({^k3VJEgvrQvl
z(gw~b&KFqvx*(7J2rX!lw$M^{J26W$W;j_do^aENL)<QOvWdEDn-fDEPcCqxqX>+5
zVx$nmovcvQ1dfTSgAMd>O5ztQO9?yv3FM?bRu0A8A-0ize3*(ciddksZHhsX*aO8H
zCXbtvLec4FsH{+pu?r;n(TAyn6t<TcZKY+?bEWcchWN=3(Y#D_&(Xcz%zcS{?>+dx
zS;vE;(vM3jn{XzQpCJY7bz;+X*9j9vy0oLeVwhCEZ-isSX8$Gq7|~ND{)mp_YJA&J
z+99H|JvHBPY0TR)VrSrO&tBc3pughWCBuy774Kypua06RH1}N)3qU{bKpR^XHQ&Y#
zMVdJE<=)9Q?r?RYjr&~c9X2_<qil>3>IfT!!aLVS3#U5U#zw<?*v4Q}T~9o<=_P)-
zi={5L(cLPFth+ZLW2{b8gKb<WQq@*2>{q28b(gLWqq20lo96J&aiKRg?!rXj&39pd
zQ|;%%OsBUSl?}Cv3xf<Pv5hhH7F5UV9hQG8Kt?J&&b{kQtkcz*CN}DF2b^|zCz@Cz
z)Cnfmi}uAbM>eif`Ksz27l-wl+B*)Lw2Kz7z-tlFS>uh;>7ML>Qgvb?4r+XABKmXZ
z!bI%hH3+g=7n7;1r%`#hL(ELXLPtE6iyYo@iP$I9j)~~te1jm1Og=vmw@l~qL@c!`
z&P~Js7oSegx}1v>G1i?zkX;@=I}z=@&ZPwRzD|$@z6oqXBCf`{+b80r-=Okk|EY-G
z=r7o7kv(dXOfyw8Z&_@qZr-pk%wf*9S)pU6TyK`AyNzBpA7HcoHX)70wr{J=cG!H1
zixt^H6143K{aqO7;$vNGs4JoLo_%k&Vjqvg1a7YL%b>*@{FvqR?eb%v8Mn=kp>Dp%
zk3z5KvLE@r<g0$n@L7BPSmFzA@?)1Tu*8qEKHr%*^o~p3;m72-<Sl-zi%X_9kH-yX
zk-aK&QaV3JL;DvIJ2Gi&Hi_BGRknp?9Z`vt)Rsw1m8_jAi9lu7tC*|SEuB+Ewh<t{
z`KRvB!t*12N@YUPGP`ARHDfbl)0wfFv4y4Mninip*=%*XYIUuTb!z(B`tk&FX?=`w
z_%A$%VZyzz5r#SA=QhGb!{4V7ju`2upTktsKd}*Rn8w})Sn3K=oqKMT?hXrh<~PFR
zpnr5j><#{`TSIhD2&`&^tx5468nN}s{uPaIEY*|W2=mjP>eUD*)A^R?urk9xyAcLv
z`W7`nzZ_?NLyRiJC)Y=>a_>^j@fG-i`j}in?xA*-j9v9Htdg;{K3Z0`wlu)>%89q0
z!-2}a9`yFA@dF#Nb5%W59{Ef{|9V(cy-ZOf+^Jq>cOwj`@%*|*I9`LVX@oO1__9X0
zSR**O5!%$u9MK4)Yx<@%#O9iOW+UvVnJ~Q(&ecqw+6e7xB~ECFp|yN18)90mz>Nkt
zQY+Z65pLGXJoFs;KkNId0VY2yAuFHF-1!_%JnK8u0Qa9wy!sqg*UmZJ0B39aj@C!-
zI=pv7<kzw8KZj9u68F`|qB_2z^|7UnZ+1Q0u4C<NfHt{_1M6dZZv6OqIFsvZQ4cNZ
zCibn50d;+Y>Y=c1;ACCwt7}cHkCSyb>9OBGD{|i8U!meEbB~sOelHQCQZnbMxTv^$
zMsT4AQU(~u0$pVm^$#O3>9M*xbpEk9qVvv*oEc>ns@Tum{pGph$I|dBbDdPdxMvmT
zL6l1@{U*bk#da5V=v*#-J;UcQd1xPph2rCxe~jh1%$Lmq65W|SvRHHv$6=`G?5nWf
zI=d=t1#`AlO34SA>dU3h_$6(r_c?x1E+XfI?Y8PuhsP-+SjlsO$HhGNOavEJnJ0aE
zeh%E#!~#L`kC-Dcj{g}Ltk)hcFwjx4v%pG6?<gNpqrw6e@7^r&8!3?;tkAKF{TY6j
z5aB5^9IF_6>9b9b$5GUH@?&vlvP<!z-}amkiKU)1MeG@jE0hnyeUxPEmL=at@{?{N
z3vV}$)=LY){P!5%e_Hx}%FGBOiSs1(+I=oG&H^t9z|Dc?YPT4A8N?kX(*{Yi-3|)X
zpQpIDD$%~gsR^a}7H7r8_L05|QXyk@R`3s_wZhu60#;g2CM|vsDUEJBFkHP-B41a3
zqA$Y-KZ&`Pd03j3yeH9FDP|7hH#6QxCAL#$1?r$$gH`lVGZEoSZWHh}bBFAq3n~!P
zE8|J5V1o9;1{ttziXy&J*gD17FHMw6$2`=Yj`hze8@4m;sSz*gyC%=yYXP&BvJYh9
zPxoOJ=adG^B74RkvYmT@WQO0@IVwZ&Zeo!!OM4uf#`kLS-|^|QC2Lx)sXFiC_2kHY
zJ;`KL245$c<F`x%Ce^%`nXiwGnOo)u)$@n!ZeG};;IrDqDi^ZN>^tDn4(Ema3jS4(
z1nmWEeJMDxTAw#KEz`S3;DJzF;TL*q_~Mo{k+~ET)BV4@7kU341z*%TFWW2Kudl%a
zVfX_XkNVYKD)zG2_x#W9Mczfs_+LI9BD1G&j?!%DZ|Hs<^{af(YpLJn^-;O(w_HnG
zDP9ki{!d-Yaq{Q!RP<WPrn~{Fd~<)ji<vP&3R^XZpUqbrMdvH7f`2eW-Q*q&zY`?n
z{i$vg7fCzMHzzU-4y8+q;<?nAJ>(AQ+!`&BY3rjgLc)0<g0zCWg^<xSmOu!79kG6h
z$OuwpIg<tFDOk_kBz0e43HkITl@}xZmO25o7Rp4&A^rN)7w~lWI{1lwNU}%v0fx0q
z>|@v(N(Ua64^kTri@|r{m_IdM#ZMC>{bz>xHT$v}Z{f9Xx*y61xQDLxFnzOh60%k+
zY=FY2NS6$f8h0ty8HF8HN}rj8ZS;69Dpm-~ij^VlSX!yPNJD$|Md?Rt-O^Y$%_@>f
zZb$~)uUVHgc1nx!0SLwUlEGkRD%J*7hA5dyYq|89eyD$8V`&*Ue+;wkFt(BLV+`9E
z^{<0sk*wM0vHpov>vdH4aRj$WC*qFGb5AD9`s=sA<h-QC$HbA8eG4ZQ<|Cy+gA6cR
zAj4<J^5KDy-HE?IK~I*jQ^uiP6Qj$NX?&(L|7dBqay<qfcDMHQP%whEj=|kk_@||4
zQx*Q#QZZGsMDJLi&D4oZOw`y+)=iQA;dXxwyH(L$V~1oAmE!khRTM)s{5GkzbaLY@
zHR+QvOv3<GjF1uWBe|%g-2Q+WtvFk*@e3N(XpLgpNUCDcz#5x#7~V22%M&PLos5F?
z>*9HM2Y9C*q1TlxeS?(x^NXL&F7G+OX?fW@I8HNrA15AA?BY1C_^xo=jM&}F@diY-
zQsZ|y-~0A>UNXnhY<hIIDmrRxvD&<ppAG+!7+NZ(+ZZP9D(ti(t}5T&CO!8nvA5(o
zqP@Q~S4y*Mdk$k`WX{~9j1&1f6UujevBVntQ8YiU`31^{`BzaU?q$@f9JwcRUVHwA
zUsR7=OT6Ry5Y3*9@INmDFZ;$byjvWPAbb`fmeG{|z2qG-N0jF?yk7JFm)FUl75D4J
z<tpJ;W0I5sJndxEnDY_59BlZ}H3bux++ho47$q!I8bsHCk!%iBSlN;Q1(AK8SV^p9
z>>0vnZy2*=j1u1@#s;$(pVmy4kWryC!;9&_M>1)_--w8?mNHR%48Hh2brM4hK?ZGm
zP3i;pF>#9Fn4~??cRkChLY_O!W&92&f-{FU_jOw1I>u<crOpa98H{BomyiQQ31i2S
z#~QC;Vz<B+c92PZPGXTjOU>LV&_x@-q~((!$aZe-6FA5T`Ju?cHwt#kA>nOABEbiX
zm_)iEyZ9fALnfM?b<muOe1*y@O}^V?>&%KVV|$bRbRaYD$y^@B9S8cU{ECAOQ-iAo
zcBtkwfkWza8cGkn;w1+*=+&kOJksr60z(`LJp^Vu1U<FFA*h87j@In4aW(1B%!@jP
zD#m#ocNBhHXRX!XJO^!mbCd(iRH^^!#Vb;sO}yF&2U_ZOTL*^e39TKNs|$K+sot^_
zFQ0Hqaa}Uef}0miY~!y{d91#lN54UsCYswdbW+438QRYztT{`Oxj`1m3?ye2<CI21
zX9uM;O-Kppf&~$c=k4JPc{Y{aG3jf6{7O{Dkio;U4$4S8)-J|&u++zBVpuU9JTG%o
zSjQPV7E>dPTZ;20N}oB*Ri*2)@1%wGs#N6N)Z<QD80C}}6^G2=F_~&3iOPMg;1LVc
ztgIr7?Xb!}whw|tdqF?mM(T9<eTCgnvP!=<2}CRZTKSQb#N0<@O1gwYGCyC9Vti_r
zicRXpOih|&m>UF^XdN6S@Yw{Pt(n&ZmT9w#;VzJj`*Y(o!-xG?bU!?a_kj0|^^E;S
z667l(+<S-dX)^9xFl@di9h&%fdB7gaU;K>y81qfgFMVk|8}CY=7tiK;(>uhop}zDs
z@$8mAy<I%p7)*Z<Waol}YNp5Y773UWUz=VN&u_-#PQ1HE0_%`aIu3%A$-?%62BC^h
z(#z-s<7XLhdHgP8S7YeH52;IXd-GotuQ;Fmxp<z!aa~gTNd3vIXq!*5vQLSj3VW7>
zXbe<16^BX=XbN#q3g#$$rNR~}kH^kS3MX*Cs-Srn)>g$*g`ZW}D&^;;>d82xGI<dH
zLut7<l+b6M49Lr;$vB}6V&<9d|AOye>{s<d#wZ&Yn;4_bdnElGLpHK4RlF)i_a#bA
zD&ABgIYmM_26)v{bomKhBbL^CF@o0h2vuy8L71i}rRc8ICj|e7Pu~q)zYn?3TQafL
zLwtG4S`W=!!vh{{R{TXC5_o^s%8UM*JpWyzrL6Seg7)q`4_fP8lzkp77T)C~jEZ)w
zg%_g@y9;q^ro3NZ&0}<br+qYPuN{x}w1(SjVxf-iTJ@niR%%@%wp`&nCt@taZ<-d*
zkuQ|HQwCD_)F7_wZ?zxebIVurUe)BnKBm#amNpS1RDM=tV`aFu{+h8tV@ouPs+7#D
zc-D9ajh+s#v-D6PU{Rp3e~R7;>&FZtb=#S7m*IfSfmDLitFtP##Xc1~89yuq%YPFc
zP>k&=yRKMAr7FT$CSzk79W-`P&5EUi(S+xMu+nH|Y+{(g>XsS@;m(G}6)BVQds00o
z>l3Oxqq26Y^+3fK)m@~bg=UP>SSRf<{Nj4bAX)4)hcv>8=0p$kN{-j?lW0B_Y2U*?
zz$>x575^<>i(X5W5dQ>kRQ{IwGHxdS5KX`BTDryXzu>=~iCoLvS^RyxTsgwm@gJe$
zGZ8tWGZBo={12^k+~ZQF4&_P@`#+CTCQ7XL88DT<IYD5Ct_>7yj!v&@<w(dEnCQ?(
z2sYIbt78h$o^WEge5JsF)|#}^Zp%L!;J^h=h;Wmx^>nZ+dP;W(x;h?{M?|LeBUB0Z
z^Eq6kZd_FS*9}ZpKi*)VK(p5wn5NnD4V=~5FuHM(yGPJ%J)?zz?K&}`Lmep(omk-5
zrk3o*fF7Gq#d!MfGiBzV<nVnN!&4?bJHVQ))(H0)i#4`PX)M)RGL6M3bxvtoUQ$1A
zm4?}hu}EV}W&QSQ$^sc#zjS@Mm*n>;-;Uw)cZy*H2^pSKu|=5{BUedHd=X3Suj0mk
zhAXB1Rw*6xJNEh!YZyX@zF{g}_>1&04Bk>n91YTzI>p@cRALzt=15Q4;3XN`J6I$&
z*it!tMM;<;k4~fZd(I{@64DzDOU4l1UT+<c@m~AJjBN(3vl%=v!HKo}R`FSxHH0N@
zG%<%wFv9%rdwdYbhcY4ABt;gdE03Z&VDq2JGo=n=dW2UtpZsKng28M-@%8T)k<iaV
z##UiHZk6h#^u5ijWeR)eT<PyA<5)|gZT*$~I+pgz7-6f3;H*l`8c~joOY;pZ$2O$#
zUgg-<w0)ukr@TP;Ln6zZYX*)m_X7i$h~i65kBaw2?iB+YomrO*+;V1JFfhW%I%i;m
z;kaS2?MB^_cBsFcTd}d2-mJ1n>QJi8V3<J!EHvL`UhBZ{kBn#?vkS{uCKq#7WdBsi
zd;>pD43$&ctKx)?2ijA2b*$p$_Uo9Zi@iFQ=`R-Jt5?N#hCc}6<-Yhs1Xg2+lF-^l
z7gY?hF;q)vZ(|^zq|?P^)8E!cH%ky`x+SQ*#}ZWauod-j_w`_6p&}h%)+iXq!cHG@
zEY-wU(j!I`$%N?PT$d@Ii>q>_=XH=#+GKgV>L&zyQVr|&d?Pe5U#1lot7y?^9inmT
zUO2Ca4t~s0e>237Nt)>GN4~QgTM~!KhBy|7d8XJBhXIzj8;9kt0=6s;TRaIn<IvgL
ziqRuoeS?a9xI}qT8&8Jg0-8gZXd^W=ABXR~|DqTe#84)_3Q(U#_aJsCvV24lZGzY)
zWci*D7XujW6q5s3>3r=@0H=*}3f<V_8mjIJ$Y`o-0vHyznbE~vznB-mfPkR#@IagB
z+$8h}nbe+PU$oWGMim!ixVLEBxPwfL<5E8wiMjWJIIJL_1p1u{rYXg`Y-d9;J=WLT
z`v-AaBL=C69n_F74_+eh+Jn^&0y`bznga(Mk-TxlXTG$Z@m7KahN+6=3DVmL%-5bG
zNIPDo521cug(RILyb4J=UG*y6=&npAHp5Y+onS{CSyZu=jKDEM{9o*S2Y6IP+xE;k
zJ1LulERaBefD0mE0T!@e4~mKk8q2F#-`GJ>*7k~mx&lgvr8j{U1W}5sRF$%T6sZeH
zks>RIpnxnLssGHGdy<_oAjS9lzwf%->q_o(&pgk}Gxbb4XHLy!DG7DB!dvwwiSIgJ
zEf&mcP7#OnSK$tmtnA|2=t+9-hgQm@bh5~G*;nagQ*z3LbTS}?O;6{Ox)*qloLX~c
zI{DCDer`IM?5;T{oosQ}oRv;Sq?P9))6;5xlTP-gT`(n`^h~e9T_&VgL%0_{+45jA
z@8QIQL(A+7`1S9$n52$kzte-_LGjn6+}mUT?}!GtOKs04pSg2>$tG*vWq!^kbJ9v}
z$R?}Oa@J*&cIjo-W|Oh$Wun<+UV7$IUcMP+=Vg;A89CE<?Z_xQBbyw`$oV>(EGUsZ
zz6{w|B4=zFvLUn7qB7+7%$&((NY9d`J}yH>l+59EYI(^r@ociK<j%sqnDis`im;3K
z?|tO6O68`}v=PZ9Xl0B{<|C0AHYcN#ioOe&l3n&Ha+&%beb(jVVtkvghTHl6T*?r!
z{8wJy`z|OKr=<QORrgA*q-mX8<ZJ6LJ{Ig~7k<~hEXM6=U0q~`b#G@E3EDjh`_-h9
zRkVAHw}kPnn6zAtXK2qFW>ib&1Kg`q-X#t0E9{4AC-c7Irj)`13&gth70D~bHxv2H
z`0oDb<4bO!?nM?K5T|@+kt4M5{o>Tye48nG;~mA_S6#l1k{5cY^rSZM&F15>BKf-Y
zzT<PWHx$pTAdWey^H5hxI@4^pl~3nw)OY^};uu-D$!7{Gy-FUGeOPJdEF||PO76|%
zedrUz)jH1O;!V24cG(_Dd}N-^uX`k2pxV3herXo(3GXk%=OeG>@RWC@Pau48mTB4*
z<bsR;;l=QZya9;e_(FS13i%<a+@KWFH-$|R$Mx1#Wm%Dk_2ll>%fE`H{FEKyo2LUQ
zC%?L~l}zc2#k0@%XRfE@sf-!?4)~6Azqn!jJ;|gmb@M)N7|l48%$wl{F5Xv8Pf9tE
zOrpt^`SqUU!e^^9oU=SK_@L*~gtLC-@Gx_QIFC#|Q<dqgsVuYN7WvgGkGfRL{RXL@
z)|A|QXEA*66SOHFDsTtfe9$9ap!?EJ+m%YbwNqB4l3p%%pHw~tOc|3(mbt`7BG)Im
zkEf8WNohZ(kPnmH^Ha#EWIk=(k?bDDQ<IY1FO`f+*{rQ0UHCa=D_vwF6_2rXw%vTd
zyTW#laghVId#H<?wBJ<qUcA%K9wgV+2Im7#5AX4FDv-oAj`?T5#=+-u72UmDw7U4{
z+!5;DYSU3x<v}ho-xB9l9kAIEn;f@UXBTbjs;RwSdA8$X^)5xmK1$x|uKI=x^W0yT
zB@bpzE=#)6UiOz|$uFKw*2J=8RN3^YWyzOiD@wUWgb&#HU+T#cd^VeXyad1f{YL*N
zL8hd74wWE3rF!<2ARoJPkCx!KrL;X<C@uAXI7}&p%dAXG-CcrgNQ>BV4pEgnOvuBT
zYxtxfbD3C<NSP>hCGy2LBr}gvx{qpScBDJsIL&y2JYRzp%@NaDlgI1J{>FL6^b5LJ
z45-R|E<P2pQl;-1d=vJ@MWxA6n)_X861Fm?l_t}zLCJ)yNzK?&n(RxhdAKy`pPt#X
zG#Qm%rfq35Exl}@G?|!jY46fxXNG%ZY0@dvy{i-%n^|f_DKaCo2T#b7QjGhqC^a`>
z3|rQ|RO|c8+VwPkrLBGcg<WZXpnXH-wEh>-@;8a^@!Y{H+h;VLUrnYd;@~qjUq9Q>
z{qm#y78*`UlDYLUA23B2S(7Yz+9yfugEX=L-Yy%@`wwPRd}CF`opLd&M{Ds4Ug(zS
zUy>IB*Q>>4Zgfi-9+vj!$d#idzo0|7m7U$Je;N(BSy3HMrP|qQ*RckPYet^RPjwcb
zcHs)cDC?}tx~zmfP$L{y;+{~VUp8fri+5ct!bdvJZ*jWitnH-Nt@sLgf>Ha0vWeb&
zm}5EhwPLLc#k*hZ{Um!KWx*tNkXNw5N%lr&A7Qqm;Hb2B<SSFpCGJ+F5o<=8Fmd1u
z!jz#Fs4%aTVSdZ(19YynjM*KS{S~wOF?$)pbbdY+W<_^XlE=fmh3mb_G&|E(n3rED
z&gNwMnSF?Ev3_Ot6lVX(>;=sJH8IQ$X@y}n<6$->xA5?u%GSc1n&zCF=bPtZy)#La
zvB8;SW)d5bNj^_zWB7F%n~+IXrn7G{$-)daCzH%6!MbD$ovIahaM$v`$N1md;+Qy5
ziqplvP2%54=btF6s~fy)oX4x3G1rXK-qu2Ew~NGF@;P5u8qm!u6>(8t?_hV+M~doV
za$CB9ElhG`N-|kz-7m2@7H!R@S~iz@yC`0-)Kh5}ZLMr;w#>HMS!}*-kG8ETHVxa>
zOy@lKx8Eg2KT%iHJ?uJGi#1`5(jEH~1)OjB=8xhx?ZoG-#P{=9DN->Zy@T(e4O?(N
zi?UTI^e53Qzh>-@6#L60wlT$Cn`A9Xp(jKRElFluQ|x2OR=ZR>Foo?-v1g`OT~g`1
z6svctX`r}QTv&<)D7%=A6{mVFq3mHcjk5o+o|N$!w0KCo&Y#SdZG1hiOX7>P)=t~#
z8*ZfyZcpeNUZ%~4(whR6X-AuV@3n{8&H42R7yHd?M_i0w4@zP)ymmNATz5`k2fTJD
zWk50~n?3A1uYK4f6poi<o4od*QbOopX*R)Ycg+&l+q2nduYDr>+Z0Z;a^ihtj+jdp
zIf^#VO0ad5zFU-zi&;bJ^i^Jx*oV2RFmaY3Yg?E)t#7-9=2a-HPbs3pUB=Grn#lWH
z72ogtM$tcs9Z01^lG(0Qx`7v6D(#=bj;GQEDOHTM826<O`OIc8Wyacab)Q&2-^SS7
zRJtdLO;4qxlex^|WHu?4c1U4MQt6}=mbgZIim>>-@?&QUe5!DdQtL-bexPVkWr}NA
zXRjgbz4I$>@4#fX+fCOBOAjTp4rz2r3Onhh<5JlnH{F_Q+M9b@Pv_)nGwpv@SUe>Y
zDLW({^kL$wB-U<9ep4waeTuZ7rG|Lk^s*CTqtwMF6fX74_FmFc*{K@|>;E^~|04OP
z?bk$jGkAC_Y_``v|L{&#b<fW3lJ_${Efk%z-+G6<d78>V&N>Ze9=5=W?2^;*(${f(
zknwqD^PBhx^JkP@Sze>3S)x>@h_mAE{?Zbg(o&-~6Wa}6Q1a+)ytn*bY4oRTtVMXQ
z`H6T*yYX;~{0xoq^_@6Auta@(&my1GhQ}xwZplZ5D}F-Rm*NQ`HqI6&5$v}3;Is*!
z#*Ma5Z{k=!GO);U%4UkS<h#GN$b0tbP2{7biQ)+!@$lC&+W0ez>^w6Q`7G#b@#+_w
zWRoryJ7kf5R+GIJ2_wR*?_}dL`Am$xpGo>#j1T=!TC8s-nZ>w&B#Cv)B>j@v$V|ff
z^&y#LZwi}~$p`*YnPv8ri+N426k`mwAcOZw&pQ*9NQT(1=CdQ49nK&NZSg?EYR2Lj
zq^r2geU-$vXOP`V1zbIu#l%Z7q7|mFwOk-oJRxz!&7v7jB&CPQNRr;#X&-kbRsnX$
z%}Z&~AV4@YSgbju)vnrIEOM~!(z(>>ov*3VPpnvoLoE{nDc;%qOKZwDil+(v8=b+G
zD;wIyJ6FBrMne9RGs{J0QgJ9C%~{|gK}(!>VdczokyRKI`J~)?j8{-wtTpCz5qk&x
za)UM5`hbxkqNIj1CY+hnDRD9PuAecB@?cNpQs<I;2<gZ}OX3yL7Ee#*v`-=<M8FfQ
zoK8vPfVh0$&gquKr{(Ldb62|UlKaKsLpl4Pbd=`&&b@`??^e#qBr?SoLD@OSlgKCH
z)8IcRF)r|H661b{lNfjInw<T22UVgD&xf1suf(Gs>=Z7gZ|C@|z1kwLXDqjP6sL90
ze8Upcna2BynsaeZ%|)xA_HOaW>Dxt4L27T}Qr63k(_q?HggV?}`?AO?s|8Pq&3b2(
zUM@B`n~ZclO2{C_c5pvY<og(#lSRfQiPL3|rmzY8I+d-=B6Cy4V*5TfYsYoc*!nCo
zNwl2VX{<{&Igs`uFRBc-C5ueSV2iRyG(()_a>B#LWRY-5_DvS~uB3Rq@n|VFB8z-l
znjOs|L$lD(N>7x9TXF}r4~Z{R+PqWgk2IFJkmFsq4i-;c!lf?9ruJ+~`m1j?w&pIM
z($18RLEECPr)My+pZhP~mB_#cQnrPXNtE${Nn4f8qQm1ewRKeVxiYLbSby=3DErVN
zi<Q`o9G5zp9h6wBKZ{j(fQh#~*h<lNv!&v7KlYtPPQbfjZ_4)AWTM4(ij%EaH=As-
zSV!LJBdOW<F>yKv>%!{+pFLXS8)%jtB#xNi1<HQ3$XCt-Z$ap=7=27$ETyN)u*^%D
zGpkxcMYz)ZmaK;pU>{37K_|sTzVb=Ma!U3pG5?>%Du^1pfwFmy$1Jf~A#Rets#JEN
z>?fOywb%w*<jngvS!1z)O(v^U-p0h^BkT|HyaGEx$uO15Ue2v-4;5MWsgrew;l);p
z2WrGc_>`&4x}1pz0z#q!v61}lYgLv*vo~495>NIn<aa8I&9%s0gqn2~#|MhhXf1B0
z1E{dzbIY*_8eTDIYRRJFbzioKPk1cG>-l=;S*nqCz9VyCA3j_V=OKza`EpC#)puKL
zv`vm!Y=lkrsBE}jG&Wu+P8=(WZo*}`epH+(#MU`AV3j3qd}mzPr*1@#-8M#i>-Dsa
zXf*9j-*b^3=i7+hWy37e(_$Z6qNbm!5tZbV%|FTgRV(5%l|O7z8~2O1TUcLlG!F~%
zaY<sv@?MuWOrB96S!AKg*x{7@D#k2~ccDuy_PfQ)3>o{Q%Gky9R5?~$D@y1qzCBGV
zYV~KaziLIiulUvJD}L7diW!Nm=u65vh==)ES8=j<QD4FPhYu{a#UeAD9;2H|<#N@E
z#-B2kr)ouI-=l1Scy2&c)v1=KwnzS=8I^5E*?h6f&6YbW&5Mgh&u7$*_!xAiEezws
z%^xf=^gLv-uq|Fc7-N$^5{o<FG!|YbHWkHDmg{fj&Da@BN5w;M<kPb#Zu2kc?tXMD
zO&l@)*+u=OUc_&Hm$OfcJTbpXuffCyK}-4wOIXk0^Bcz8B%5h-G%?+|uEINs;io!o
z)jDaB{v-G|2x5(h&mX;s?=Xs*eMhCPSYGBX85eQ9+WQtCxF+<FIjjb`5?xw%x<ZVT
z_>Ip+ezR+xX}HxnUh93E4@gfLt~dkysKvUv_&ubSR^MC~vKt*NkMxz`_(Z9Ik-k*1
z=3R;wu4{3gRJ0Dts<EY7&ZU-eLg||jilbA7-BD~9sLN?B*?vkF@%~G#tSPzj`kLBR
zY%8VrvUri0E|-wN64&t99}=C58WI)$$@Q~G*>an-VS`;HN?FK7J6qG~Vw-NUSwHcC
zb!I$2SDRhOXU6jSQdXbbTFmts$aosE?<pBaD=ZTe^6c|;8{B|i?Pty|-TZ1~ofXNM
zUX4tzz-CvYGjiGDYIJQb_Z?NSTPk<&Bq~hr>g?0%WMXwzv{&*sgu$nok9HQP?zUHV
z^QW0O5MY}%)J48@$$IbveNbf10K36359!Q)Vjp`*+jPds@N{uKDV-h3q?0q)flRtU
z)aBzDmvPTcC4^_YOd&Wjvl72vn0YC`?(SiOJmd?{6^ZL}{{wOGhV|rBI^0D*wBH!w
zBC{~=NvX-M;o}~8eKEU|G%Tj@Z(<9n_@vNWO4g}DHQkVo2R5bFBV=&;;-vR0k*!&*
zM<p7~W}Pe1&DnJb=~Z?p<?icp_+8^zPIZ2{pj=%-rk1ybba}BC>Rhg`z{i4QMkThe
z5?NJAtJ5Nmu!v(@S}<vMF4<a|{gF$TXR-acbc^^hb=xvSD0g32mWQ^hYz=<-O-_A6
z!sTp!`C~cm`iFD5vb^~A(#VSJi;84g#p2`Gl-4n6Q!ZImn*EwfBU$X{T)HBQr(<t+
zh;sMoB92(u8vJs64$tgRIh$WD6><FPT+S{(R~&3ok$qH=jQw*QLq!}vq@7@Eoj5i-
zacmTEIO!P3>oECN#Idz(b$%Jn;ZYAQXY<R2B91N2<yYm!32WUevOyI^YRowPC(7f$
zoeuFW6LvkhQ&z{c4!q-|M2+k+#j^82dhHHM{!sUrl1_jArg*krsb5ZRf_zo6BK2me
zo|KG2WiG}k{bAA1?xmY3hm%FiSKNJp_@MVHx<GSh4_&S=s-@Muq!$%8&tAr2*(F28
z#y%TrNMG8Ul1`NMHl!~dM#Xl_FikrBJ1R!@<E;AotVD71uWF4O3GwG_6EAP`e4a^j
z_%QL9xa?@<#4HlPDDe`pTJ}l~AAL^7`qbCr7zgonU+dXXwpjM$4lC7KjI$~>Uz~hD
z6#ZriXBa4M^COYtz8d%NqNh1Ao6HqqE~hy^+N6gFbFh`OL5y=neXw%Y*d$~>a?U!=
z+Exdev%^Ie37vy9C+;HCh2VB8XOoM3F4nfz**U9RWT;r%TIXW?@+TMLe!sXF7jBRB
zzrQi43^6roXtx%-*~L3#-^=l3n-@)hZl*ge(igd#C6-2Bu@8x_6kf1btVyF2Zp~ZA
za2mFLFIxHWye1Csq&?{(OH7(%>Ab+i2A<7lo1JmMQ>NHM4N|)|pIhP_^Zzp|WyZK@
zocNUWpT|X4)7t-LeO+R2FX$4}^<y@jW_?44x%eDkkS;FvlX!1icrQsDB>nFlBVA7~
zf0+l&C-Lu9C#$WG%N?smy5+Jp)oAaEY(+IXPV|vuFX)!c-FH-DhpLh8)vrjHYn`Y5
zpT|bx(S_kOA}XuXamYRHJ6jXd&TbeNUz8i>I*>`;Ph*@cO}m<3_f2QxJak9~8||SJ
z#keJwaW(ghmf!;!a-@V13}uSz8JXqz^(N<fN2YKe;o;&D4_oXZYdkC=UH>2AJV{IO
zvC~&J?{NckqD|J?fBWD`Jac{L(bP)`S(~;jd3-L}mBps!(skKvLN48v&E1EW{eW`!
zsp4L}C?|_wPAJFw%OT}U@ylP!i}Oad<+6Rb<V0>_{TAV_6yeTHo0>c{m(0y#qjTw(
z*=$5Eotw??+ilCXqujl(2zPW&7QgHw!aY!~6u+ETUOZ;_eJ+dTk{!i|J27oU@`(y$
zWESg~OM7LrcDZz<2zPUtc9gpx5cmC#Ia&O2M-C5nRk>0^y8L_Mn1oyw$t8>a6z(Ds
z?x?h$$)8jp$4j#>D$w7u*w_m6couj6l84LP=ZbLGmd)aq--vKWmMg_Cca-~?hqSQ*
z`?UhuU%?Fbzm>oL4SWBm$2<h{_fo9B_WV&I=iP8wCZ1s$Ci*H?<WjG8f=gkSeHOB5
zyjNdqkpt=`CT@ZgD2q}OSF62)DC_4eAr7|4JhfV`R);giBH>4r%_!RaE!m5T{oOsz
zF2i`GpjOp0#bO!{ySuaMDiuDYY`7)%dq1)Ggwlv1ZKWl?jrP8sp#LppKT$lp#r20%
zHpW?X4O?P`PwK06w@lF=d`j6oXEUHMNrRmQ%uvy7t#HNCiQ%{-p;kOge(dbehnxk}
z-FggzE7I&M*$<Qs7xZW9{+)`<(%vW1%d(_c&AyMlPM%?JkrB!!vG#i_Yet%~7sYdP
zj$?VbRQe4STLrw&8beuxl5G^52yNKcRAm0Q;>9C2lky>^)GPBE`%;`o!lqHN4>E<4
zo$$$hmu;isDaLsg;r7q6$QsIaQt?2rOjLxL7o(Ihr`@{$i;ewul*KKP*xxO&e!>Sd
z>uKJ{39He6B~Z45v)<0r+20~lXyaa%*!gh0PW9ZvS!<MeSL{OZ4C^86Z`@fN`T&LE
zA9Of71yvUsXzkp`wC4_)k9ACZ4wv(w!8>UDD)xcFyKB6@p<ka3(4O<H%U;p!smtEd
z?5WQN8TvyEK1$;acvDa0H?og4ehr(X@jTw}3i<!Hwp6w~WwV_vuEms06pt|%j=%og
z%=RP5ioAyHrsNZ6JMnvGGj9`R`+1vFt!V}|FFyV|T2mLw4vPcJ*g=b|70>pQEi`Xz
z(I%o02-rg4gd^~k5NI?pVdsKRhj`<f=xmP7q>TqzV*lf`t?BGF{@nh)`-?}L&Q7D)
z_GGr7V%k@S)3&ew`SvvGwC(GB+7lm)RN-Tp`Z?!xowh{e@-FAG!;@kWB>S9#$-I|M
zr=+!b&2JS7I`ujB8flv_6e&)oC2K=ED;Z}!-&NVJLn%poG}zhmN?|P1uHY8kM3JAG
z{NKyo5DPhugQpE!;OvMjq2z!Xzxg=c&Hf|ShNRG|Y^wO;udryV8ie$ttgTh}9D(}#
zQv@a3J7Xu_eXXKm3~`DWT8pknc0;>V3`3n-KhcQ6{T6HQbUu!&`#&r|<s<Aug(qY?
zCGRJy5b++*MOX6HZ$Hk&hZ$bxS0UTI#M#$fVUs!HbjY1zFje$`ebWupnaf{tF?W8=
zK1uDEh=S)3zYJOK<>Kshwpwg0S0&;^mjvZpUH2fhe-yeq#d}9~f6KkVB9ooH+;4>L
zHcdCSo;vnc6<Y)Oy#KYG9()UR_Y|i$ieYC5vC|vYwD@dkJ>smz#Pe15QEEHGOFont
zWyw(<kNG2uOc06@O}mAoTZek<UMAkRw>MEcV7bRTWjlf2%SC)kjQHv!zDuuX;(c;^
ztjl&r65Fhs`Q;LqyFDX2U91x$dt8?gGJ++jA6tj`!~tF%t%uv%_6Xa(+$OVaw%R81
zMRCOS;vfsw$$Ys8=?hcaxos?`?vu{IygeVWiyPNa-O%7VY3Id4ueH5_7l2Tk=Ir6m
z5|@XmyRG=}n;5j~y7wc_s$w_r5ql)H2MUFG)V<$n27id>jVp_HAaq-E6ZP6$vWnXC
zWZiKOcb+)-MC^}OCURhup!f3+NMoI{d<sYHWz?P{6ywxARD4>TjSzNn#p$}@Sfy8s
z>kXjxENV{@dYh>`=*&|3ih+G)=c&#_z1N^uwHkN6-R33V-g%b1llYX+8tUfriG3oR
zfMMr#KcM`C-Urm~N9`%py+a(R#Q4;7y-@FL=%lE)YL*pijnk?9g$Vjb>h5ZZUcsr|
z+{7`4UUcob=?z#b`-*EsAN7&=+&uaL(XQH2dpxzB2hf*M_i^XZ5-zq+6y}F|K>2GE
z+Hwn?PTLv#j}tQpdo6YI;m9FpR(DJ&kJOa2&O>+Ynse9v@H})2&O^8AdFXCmeeSwr
z&qLRL9=eyGhwkB3=dL?#m0YK2D_#&Pd<4z?4j<(e?s=r~`z^27gS30+;0DxpB^w~`
zgNNvy{3>R#IktSz`=nKlJ503QGi(wS-S0-D4{o^X-0z7gtIqwNxcK{XyC?Sf9{p6U
zdk9%6tQGgQan4rJmwaL^bQT*r1>Yy!3)fS78?`%H?#UMU#A4rw?+R8H$F}M^m%+Yj
z;$Fy$F~s;Z<9dEyuqV@XF8hdcGaM}LfMXJGgJl28g!^D$>$-K8ebjP)YLh`W8*h_g
z;y$>*D1(U7sntrXO4&0-vfSOBr|x=Ne1cY)$R(NtovwvCFYr4twZ~C=iPP=vaJs#?
zIQ`b>_DIu}=XUS&uEe-N=zUJ@1Jqt86n8k6eJ%HFX9zN1JkC~GeElOq{pS_Z&dPPf
zR?b{%FQ@ii>JB;2DvlJZS(U}{W?F<{rBh3M+;;)BS5SK&6$71KmKgc;7drZIhqPI7
zZuh;0E6)DD=UH)X_pi0f&rL71JmJ3AT7Iy~vAKFnr|fx=M5+4(CA%qWC%&UpS$r~6
z593iM?%U~=V$Ad!8_w7<TKzL-pA>SFZJS@7u<b$OO<4EvByyawAxWgIcq!!bq*B`3
zv^@RG&%K}fK6>uD1I|PD(eu#to`>$w%g$YQ^m*vEI1gRldFbw6dhWVY&qKG((my?&
zkocD=cFtZJVE1y7ZZ79M3~>&`-R!tc{OqtTUbTwa^dO(l+H`;=uIJgpbDJ%`DF0#6
zj_%3-t^2uu<8GnQX~6Cxk3#=?b_Z!HuElwVPqC4d%H5)`F&W)Z_{P7KKf8S;`GjTB
zzS8+`G@Ts$CT%I|(0|y*6xxf=Bi%MH;4P^(pEqqwv3cLPImPC8thFip=FGOH+P!SH
zJJlX#e?WgrwF5~OR|_RsCsXYSNu{{U`XsB9+x{j+1UEm0b$8n<Q`pWF`(O%NnM!`d
zyRdJ|xI>gjDPmtvS?3J8i?Xd5;-&UjhP~cmi_`5xe0Y{&ceB~7412ZBq8avH9(}sq
z(ZxDu*ijc-o^JDLc8?6ZEqiW3h8;_`csTo#tMEHxinS}<j;2`K)9rYQ^-H?lF0~XF
z8I#7oPqU|_u^-axIccnahP^CJME+3*`yzu(%SbTr|BQ`I=q;i$|76XfKc|snuDRB)
zX=H3lB~G@a+{CXZrLr#Rbh4X$kWLqfQ!aM6-{hX}rSr>S>1<3onVeqKZvXD^PSR3M
zCewp1KE(c*?s1XsVi+jmxrkP{g)OG^Gx3%Hb>87#PuU*qS|#kiUj7gtqfNEG%;;W$
z9LVH;+e$vpFZ+~^i%*M{{grYuL_EJXt6WWf*}J?rT}rg6hbLQmY;qDig{P<0pa0a&
zN6qQ&laG`kOH0?_qnT`*UoObz0e3DVE<2Z%qIIA6D20!}-S)C<@<p1kA$>gK*E338
z%qIk;g>xv2J0Hjrmz%N^wbr@qsoCTsq4gox;@6{u*2dDpxuek9kR>h`6lzW4S~0hM
zB#V43w1%XQWBht_DSkbrv~XTmnqQ8{5|^E`&ml2q9f32Ky83zMoLN7v5+9mwFEgSN
z8Ci~fS&4pDo{g?VXNkwczpL<>#obqm=M=Y9V*4tQ6O|I`+20TbFU9-%&`+IrJ!BUx
z_NxceCDu+CIf{p~QeR<h$UwO_Ta#AIwHw<FIC;@Mz<Dcn2qisfCFgU5+WOagagV*2
zmak*KV0WeNh_gd9SDcbq9cP6U3fFLCdDvC$`)%=-&Fk)v^K9WrvFTb#Jn*N5eR$s4
z$uF2E-|={fwJKa$PV3}Yv-wZ&j)=L~B}{B>O{4Z0XS3JY9oes~zzOHV2%624det$u
z4^w*>6`!+QAQZP#w=>BU8{l0n;j9#W^Drk6FE`}hI)vIYsCy?R8^y#{n8q7(7h`;V
zY_8O)QjdvgPJqo#vVTc(_em!2C$pi+q;oPGm`o-lCu%Klbgrj0Ycgm3YK>(NcHRo=
zZQaPPoelUNwtKow#@lSRO(xjFvnbMz=c(UF>5Fu}@8}OX8~v2?jDNwm=b3(`FE-6O
zh&Odb`L46bVCzPHeMso{x7~A{HzpU_<QrRfCZu2Ki;as;j{b<V(N8%~`xneH_dd?9
zEq9!A=56`WIcL{4FFQ;5W3y>7J2yQkTU)dRRkV9U&Z#{Qn2q*a-5EuSo!F6L4sHM7
zEDkvH`)<y=fxRr@sT2!lpM8723_4XVcgDD5Ty2x=5lQalNn~~sTc1ScC$ZH@B%YM0
zb$FIskE?S%n@8;zE3L%iK(oYKx8gw`?%LLJPqM_OMA#yuM4YoNZF)U%7V4DP+YgA<
z6?=g52J;4bIlp$6ftFbAqt08d0dYXG@Jv|$KTrM3mA)vOwv>;R?Lm|cu=p(Fa(+EY
z=&!Qe?Znpu#aonrSi-YNe}Cls;-7e)`maS2+GKmj{twT_{>znqEqTx2I-#>l|IG7D
z|4jL8n|Q79S;h-v3L1}kHa|rqtUha==%)Ts9<UyE4suDn#{PUIc2&ajBu-ns;jXS!
zyi|&CFME!(me=W3Io4yhl851Ufh`Vadd7(p2g79E%;!|(9@dAF9#kHn?#i&MN|Yky
zui<KUiT51%RBpX39w1rm9Ifd1vI^qlav|=4!|hBS6OvMuJwUFhZ43ZTKcRQN>v6Yu
zRWL}|Y!{hL#Q~1Ih4pdK1(vuzXbazfOZfJ13HJ$NBsJZ|R=fTWywmp2{61lRAE5Mg
zF@5#3;chB!kZyZ8Wz*bZ4!bkep3JBDsrF)vZA`WM@Hwp8o^7)^Za$OkK>NDwV3PG~
ziXBd}xbmVTtGC<Ul2n<yuT5dUr`SKIuze}^yi~R}m26IBCsOS{!~}nln?>C=Ejq()
zETu!8IW+Iyc?07&lU*4$zttVeus2#Po@NJawmr=rWwXyp*t=~uBEuf;V$(A0sV;Ub
z!wxVO&alTb);q(V&6*ugvjZu7E@+2REFRhfaZnkbJ@3d6vuEx(Ce<2~VJ}K!OEc^>
zX>4VNy(NvcO}7uHu@33>zI4_-L%asTr|Ww&*taF@4@xj&KK*~q-h1e6O~m2;JFWTj
zlME7M9bLmS$jsDAoa|2Z^6MdPwm5^1Ok?vi=rr+S$Pa1X3DMc2|Jjtmc4Ux)87%Qx
z>i<HRavk7=O+r>j`iD*WxzOi2>i|o|mtDk{UYxeX^L!sACyaG~E5tg$7uIUeno6Xv
zXh6~I4=BGLS+>866W#@I@<~PBmwsKb48Po2F@S}DN4whz=d_%jR)4;0s+c=}m^`Bl
zSzo#WpAlzQ<d-YN-1%s>%`catYp?Fiowv9<BzMmy>q~Lbc3Bnq<!CXFk7e2Xa%i?L
zIzM?)8L~)(+Bv%dzx-T;x;pz7ez{(S`t)or`jh*;<b~Pf$5M?58J|^wU#=9PcF3;D
zFV|(Cqpd%<e@fbzMaBqQSCy{FFOP`H{TEp_zue`#^OG<y|H{kf<qL8?_mW-Z*$gi|
zSb<IS(r)6h`*6j%7I)v|<=6YX?4*};uFQ&?+n;k7f1cal&BSTBbLl{Shs1j?#ow<R
z+|`2?KKz;DyR^A;(x<pzi+AZSXSb0@62=1v=agr&CY~*uO+6R0C#V?nJj!07FM3aL
z25oU?)Rv@auZXi?KC#$zixj=5F3xnUC&GJzzL-^Xrej5x=NwdevgjrIKOLBN1~M*j
z(@6AB<V4P+a&Nj)d|SYtlWebX-8VJa?vP~vkZkWsvX>?&9L-AdCR69$SF)1(1#&%W
zO>VkcjQz9;L9QcHj;7@;5;dFMyd<e82<Uq%xNj%du!qQvd_eNFKA+eyN$uB)xfJV|
z%!Y}w-r~Brcd|W~*~gRY?n!p<<b<Pb$>>S2tD?IlA4k1Q?&IUE&V_c#^KU1~d0Os`
z*AnuH%O0I<f5I*t!v81P6O!$XN%jmat@lqVOzVq0t#6Z?t|jsahJ^EPC#kf~5oepR
zI*W?Znl<UK(;A;how~-$D*IGtB&1fmkWb9i>!|9Sg!6Dzahxhn)QSIv=YysVrglVp
ztOPar6vs%Oi5P7A-+2~j+9%@iH*wU?>C<^;V(QQ3tM+)}TqutZE5|2^`TVCzWF?<x
zCy|iNzDy$1T<qf{@dhpT9m|CKVP^4mo+O-mB?<AZNf?FR%?45O3hO3bu)aw4(oeDR
z;^R2%Bat%ccG|NroxI>}=*CSvl0)`=hh2qjDEh@;x1q6Lpbg%*&G|sejr)uAgJ+=M
z!jZ`k{b5zxIKS6bGU4oHk+y~OaUxcyj*3II?s448bf@+aoX@mRe0WbBRV2%267_##
z;qf9)J39|0snbN#KD1hNw&f!(;?A_dI!;G0@)KTME;Za5N!Qq<uNajKa<MheOYUjB
zu)isqGNd`@s~0}-n={SY#Ro$DQeD5KkuTih#lA1o8NU{y6P@RmkE-XTUPOI&T#{Y*
zw~C6n$jscLsaaWJOU;F&99fRcY$#}1K52;!H-hG>EJs$h6ids@5}&NxfFrdfZY>pX
z1&Rs^$cC5a_j^C@`v-h(&V9Jgb=Eb$*L7b<3#(upIE_5|Rp_>;fgSqZ{M_=*tDo0a
z#SO`OLUcXzTTK4en^G;jR)Q{=ii<)PgKZ5Lw$1V^?p^T{lqpYHJUih#p0oo$iTM*i
z>ZzS>m=g{}Oc7w_jOyOAcl6JM)HJ>wYUsbrzVQ4?x7n&xB;ku$LMoTYz>uMMH0u8r
zNCg$>-7_M;nZ%vk))Hu9V+Y|^1W=7&D6f|P`SG}e|Mxc2y#nwZC1VSL2@t59p%rdK
z6E}1r!{zjpyVJ`Q?j*ZHZ4~b*eAB)SJ}sxNU{0{_7h22!mD3}_)oID9s{k=!qm8PC
zzd0&g-bUq~+^j2O|820ITu#Q`a_X5b5F6k@*k0(A%gazAnA#}Z1GN3x2(^(@2V8LV
zzw!TW7ySR*Z=rmGij5}wOZxw<M$D@N(SSMWfu_kD*5%dG-NF_1fGOv;qW+`tL5Y@0
zot&PcXZp2ru1*$EU9OX$*U#EH2>9QITXX*Zld&=y|EF6fpQujdU_Av{2klIO|6B3X
ztx|$Q_(nbX?hKM$gw_92NIZ8N{J%}Rq2~erb*W0DLtc<!7QWe=<Z1u^{*YLx`F{s2
zQ487+QkSoA-Q+6z?=~$NWJJ5HmR4S6Y~L@7?=OeiqOtO+Xvcmx;pRz^vpn*`V6Nt4
zdnE**OjTmR1T>a7DKQkvG$lLhhP2y^jsY0<XTDFRsJ8tj$mgVPPKhUYbwB~FmT|XU
zmh3w+mZz8E4=6EMN$#&v!?pKT1&KY6=~F0SCBDgO=!5NW;E6`OlH`k-RKj!7L|eJR
zM9y)dPH2-F|MC8dd`5cd4rWcMH4BY)Z&KxIQ{EsCoLO7o?{jMSxPNkD+TVo!;rH(i
z36p30z3Qv>O->v$F8__zo<!^&d~SQB+slfc@FoMB?YvM(eh3|(RywX6J<V9oyM7C{
zZ_-fd_0+GO3#*SaCSR;)9u(Ge;_|kwk4}QKgq=C!l61T1g8{_|KnvV<?uQu(6t(&D
zxz&<XRj%6IYr4}X4`mCB;XaZFT8xiZKRW%rxe`R%b0rOMee3}J^>27o&O>Zu7Hc!F
z-c<)d95&NL_Z8w*5=Q0TnC180#c85{7NU_)e{$vh7dVSYd&92w!hxuYX;j4HpSc_6
z**Al;L(hw~R>16{6}UTWo`?wX;hyNf;LXZr9Cd{6pJ@|Ipgq=-{Ns=LP0?KeznrxN
z;9&iePcSnKlSVQk3oM6-YDACvcTbRLU?hd3o;;SYgWO)oP$hM4C%-qmnBwBC;zi>@
zgiL=~9@0kz-x4@;9j^r2Bq<)X?W3<GZe0T^D~SdPE+EOP2;%%(|CQ882d6mfdh0zz
zSZ!JDpTw7Bn-09{bm#>(RKtIoboH)!mFmoK5Br9fE>pH=8tT^$??6`#KsZ4Q2Pdfw
z50_^aeU5OBi&iox0R)Tde{cA$w!DP}3a#_etG9Q-b$L;5vEO(t>TBPns|e+PT0Ppf
zwjA5DviItJ-lis|RByG0z3uum*?29MXLWrV9pNl?iCuG~>paT)Rw@i~P7^ULzK3L8
zEy7C<9$d33%CldwUGkZ8|NATD2=~GXb?(?uPuMmoLRwp0HRe@3R$Wz4d`uF8f9jcb
zbnex1+r2gK9Q+wD=0jBhT$=?S=jkQwkTn$OrOl|Q)WiK!A<t<`ZWSC@#C`)me_thQ
zz`+J2u0D$Y=Ji*1WNe1V!&6H9`su~rMi7f@t83>QkSV4cOY}%v2X4$=J?^5(zg0Tu
z{0T@Uiqt3H{1`iJHgE38EEDgcxw$ZFx+uhE80l!WZf2`)g3=dvY26;O>Y99Saa$5m
ztV<KW`jKnK2wdP9uY2?fpLZcW7&h#!{duNj_g<`Ao!k>3TjARlXD2duU#n9WCRfBZ
zFXg*}`vLdN@vl5_AExrxkXucclTV!A4u8dvq;F&Jb@=Ou1(W2n=OxaCsmDqXm2=>d
zmAy2jM<VmvT$3;?#cs}U>2CWTX&VJZTLYNF<@o(Uo7%W$qTHMO?Q<1%)>yfPbflyr
z4#-_G@$%!QvTt935aq;#Q-lP9389@(kZ~a+D4nbjqA-FD4E<BYy$Aqi62`NffN9#6
z%ISN<jjq2uLHuW0$JB|qYX>!Kd(pANHIs7P)BV(V{etVDqp%T(uwwH)?H>v?0ED98
z(l;a#Vwp_4zxqrl*9hVrUOTngflSPCe1}){DvC8dLvr<%g#?};=H1jKKvnL^r&(JF
zG6KsJUw3t$E(w|DPn*d2DT!g(t-&{)G<W@Y^t_8r{>>^oS!Upt{U#(U&dB&IbNh}c
zGr-ml?amK!*J=FCq#z_t$H?8qXpr?mS=4qg_QAURBj_u$va^HE*i)+#3H@~{EoF+V
zCKXLorc!LDpiys*`4?v)H{#`cfyBJqx_SYVpwx`AJ)7EGIcnxc&^ZN}IAUB3L&?v1
zV2^TnF`LXwEj%3;*50)ucW*SY3Ed>#y%e}$lvY*Nm)~E|c8dqw%Z86|>`2uOR->oa
z-b}IAZ<<dArv<La?5&w#C=vB-)*Ay#$dw5g)u?S9ft>xo=_JR=rEr&kNA(8eIncuu
znOJ$tHuuOI3z4)J4LaMN;6g;kg$upX?f%~xkFO_JSP1qFfVwTYa&0mhsCaTAO!)8^
z;;40{?tBsZCgc~6=`)^qqJfAR4tN84i!vKGJpO29HIi55&6Wc&Lsn0rJh8x-aIcNi
z*$g)%LC*$NVA4nZkaD?o`MHYjIv?|3&8+-)EF7uE;cF}~l>WMrSzCDLno%xE@^y8j
zFOR3cZo~-=I^IsWQxzh<`WjaEp{xvemcGCzQHII}lIc<Ls9!hUjsfqZ*oA#J)M1?z
zjs~fh@{WAZCG*j0REDR7)O_qu#a!ENe+W3u%io_FR!RllTuJt)24(^$3<S&S;&lh|
zKg_)hy66|^Ch8opG%9hJzcZ7_sAORs>Bvys(%j}n(W_Vo;$rQM5Kt+@jz@GWg-!%f
zOE`o4J(&fJ53I*&>O#RHvaKDuP{j%n(na0!4*rI3S!1J%ts@`@M7<w1gX4g{k~sjg
zT@)>V<5wmsSr?Sy8;6oHn47S=-@WABo&wY;pP?*GsOf_WzrH0;+*~2Y4s+r6*`hZr
zb6I(AUkhWHKh<(?oz>D;V%RzsTT0d)OP+UjAYWlJVWs$1e`-9Jj>NQEne_9~nv0@l
z4+m%jvo~T^vX<LtXflvI7+4`TY?baUh29LM>iFr2i`sKbhxx^o4c(Ae4&+$o-p76L
zkMXdc*DSFzrsJmM)Pp{(|L7r~0lrZty6_!qV#>kaXNZrK{itP~+jnziXG9l*`Q@nt
zg0goBQqB6R%s6qBn)rA$`RwDq5Cde~mp;s{3YPVcMNwlr{@3269aXH<A9SaxTYZUo
zqP);jd|)8e?&RR17J>?qGTY|B2t7ju1rH>zWIK=}nb(5jNq@JNk^_%Z=ieDFw^P7l
z{rtd8|EAMaEbRQJ65n{-1Z8&55MS+JJgn_;UxOa<^wm=Q%Kq;a`R#Or^^u|Ezw-{{
z%S`<cnp4v2Kqz)!2Nv<Eq(*kkBBi2s?_%d?2lR|Xg)<y6Twr(;CnEtdoXm3SBq=*U
z&od9%Er?2=$D`mLr6G++s5KfS)~QlE+;Qr{{d<zHlrV%Ho6(>A+3~(e4iY*>L+7^I
ze@#jq%}hJMr&;v+<2;H(=r)m$Z`zGT3`73;5hw1c43(ojf4z}Ec(U8kU@e;u;s%Ky
z8ZSL{F@QucKPqz#MCUWdltP3iV+NuvndGa?Ty@FAcK89Fp)#6C2~#JHQ99Kn)$LY#
z$mVvcA+o7`%n(`Ao@ginWlj(mojNHOHDJFfB?cnZOxdcQ&_H3@!TWhPl+nK_A2cMm
z_EbG2r9LIiAcFa?GA5F#uZ%%3-?pP|c$YF6Hat`&*e+@CMoP*)4OkyV*P!)HJ9b|Z
zAX7GiXnhe`84=42(U90S{s~zMXPPK85X=Z=X%_`!h`ie#Wq`!Bm*^w!x7#^amGszV
z_Gn0Q+do`#@ZX>GxZT>I^;vt2VJoiPP*0?pNseNAX-Mw1!}rO02GVOSZco)m*0n=z
zdG?w9w!CAR5F6h0OzeK%mQ2Q#H)CS}W#|T&zSHNXIh}Th5<~;#n6!;|AxD}=S!~MS
z5`JWG<wLkr4DcX-ni}siuT(0n%I?Fa4D{RaLLdvG504%2qX=52*Pu=9N&4exlcD1!
z@Cat@R6Ob&s1$R6_prS0-1=}b2j)OlgxU9<{XO1p+Ha(*w6C)4k8Yq|%}7_feLz!c
zwB3$Vq?ksby2-EYFbL>6pU@h4N2z*~`Q=S%3xyu`ZaSnL9rw+gFraA#Rz@~m6TUvM
zW`0^>wrlKVBD(lItCNe}b{3^*;>tVz{2zXiG(dYd^cKiYR*9{$g#L8rF}SQps}FAm
zPfsc<^e$5bdX^2d%%zv-X6ujpJqJsul>Al3wz=GQx{G!WLBtX{w&)idxgj0+oX+2r
zY_gChzi{~_)pzNLGrZTgH@Ae1T*a}W#SonAs@lozZ{9obqV6h<KZEwbLX<v)`&+l+
zvIwkmbdKfZSz^idB$>_+klLo;UR)Dqz&7eBduFWKRuOeaP$zMrE_j|`ZK7?hDU{=M
z3b<|lXga<=0Fk)kH5+MBdOrcUvT**BV;maf3{G=%28$`HW&Mn7q=F!Ifv=}nAfMKz
z1-4OOv)$|obu;3=Jz#Ov(}G1wQ_SnRXmI1KducI)BkUaKJD@LQ^f9D<kdlDQ6;q(m
zA77<rgR6I7dm`1>F1&#4A+4q~&1LAyWfE*`_DPl&6V=y9L^IGXx$bSItv=qw%At}x
zgpmKpcUmx<PzqnI=?g*)v7D{W5xL=t>wOBqoTvr9i4x=qh<l_LBr~T1SMsJc)fGJQ
zILLyGV#|KOUzxFHCNtK8)_l!C>bsrOaA+ir&94;{+4*@lsZxlUQJLsCcOrFnE*q)&
zaDa8F*#k>1Dy2Abkn1bA#Hnn-@}crE29im0V?zn89!zK@mDQAw7VUgtP9e~WhNvud
zC)!`^l5m<@BkkwkHg`ZI4%4JJ?p?RfXJhQ^1t!^{4@vVfo3=rw6KR$ASPrPM<)!O_
z{5UZo=uu}-Pa*WTpn10LLW&FjyZ-Eug?{ZjEH1JV@OJGRXeAynBGwKa8QYkos0Vm(
zU>yB;Rs%Z-*dhlYY-b*06yJ}1%((G_kyH_!><m`>$VUDodNy4&<Uh&0Ik(8CeRxZ~
zAfNPp(;7qJp<12mwO~z(3ASrve~5m9Tv~8|3xSZWLVZ>LqsLD+gH#97>Dx)0!NUR6
ztFZ(8s}1WTORIku=Qr18i>i0;Rllc@7Eb}G!|x;8lsFsp6mk$AXnFSJ9g$*p2Ch3!
zX1ZSshiNwg+7e&B$dEVv2En~(jpOb(e8@O;jXfVp0tUOlSP#pvmSv-S+f1*r0X`ur
zUh@5h1HS%gUybb;-z*b?gh9qSb?!?fmTlrAXKytOPhiFhL}|wn=%Q08LUY7cGTB`Q
zy1EXYMWCrEWX{$X0nh7W&=_1?!ZPF7#Kaffd)Kc<Jf!D2pw}(iLT~BP=4U|VCiq;G
zik@QkL<in@tsbz}VE7%Nr<jvsib=1u`vbC3ut*EQ$!ujs+Jai5Y^vx$$MgZo*Aic&
zmB@4w=~@2pkJoi%gUg?C10C=}?NYeyS!y+AQKXycFFi(0>!!`0sQ3um)9#a!y5X3o
z#BX%MSKVp-GYN*=&t9Ja77(*gihMP;m!xcc(_#Cv-%(>QlAe%!83MmQ!fGSimqP7e
zklcqm2c4zo=0G;eCy8!A!pM#Omq*^>3AC+kq-0$2>RW302n4jMR8o#CSxmw2Do*+E
zj+Sy)_<-?vT28I!QJ`~Jg&E`cqw6l&x2bn^Qk;t0$HpEp+KvM-fKc^NwR`et`BMwq
ze?&kV+Xm~X?)v`awV%vY*syH2ocJ^AwULebA>yMtu*}u~0AxE-^&Y@EWMKgvasLzK
zdUY9b@AyKC+jrf`a(Wvlb#=b@M$z2A{#uZJJJ@*_nT2AfnUJPz1V|3wxB$A9OQ@if
z{aXn93m73rjcW(3qOPT+_EHOh5138AXT|QshBYs?=+p|gGi)9sI9QV-aMYicGv6O!
zHzV7)DuYT*lmo-Lmz%`{vd=Z<xcVHRL+#fvYk&Bk{c4;m>+o^FA?RF3J@Ho=<%%;j
z_qRCmfG4Upx8*yOQxj;6l>e@#C)QluH9P?~T5;*ke&l5HrX%Bp?h_dplu2MFHj6Kw
zxG5Zgs5*-4tjgndtX-~-jXK@rv8PdQRbB=#74FI~CLm=TCG^z<KQ?+b;mf-Wl+#@q
zkYgRrP@U>CO;Ws`{KM>jpd}j{Ws82U0_zkl;gpXxsgL>fLGCH@&~O^CjpRxA=J0U;
z+)PYBUyK&i=6~?3&ZC;sO2Li1-8M_BAE5hF*UWS$<hb|i)Sdu;0+nscNG6XEiBY=b
ze24b1dHA&dJYz!_`V|kgLxsz{Gb6MlZ)gMeLSJ$L678r_$ULE}*XQB$j{Qp|Glkqj
z<S!F&<3}s72rGCE{=O*opHABD)eO9c@|jO{+uc?1=iqwUBQe@QS5Mffnwf*9LFUxB
z4G~d!*9ZMrl9d+qWpV7BnvLqo*)Ekv1FOHz`MeCR^1F<dP<_lHzbiSswKwmOC2zY^
zF(a9!B|3|jiMx$z$Nh`Ja3AXKJ#x7p(ZE5alSG}lb|@OOhAvpaqWA|RdSI2{Ck-J)
zFd62IUi*+5iIb}!bgZ`Pq(~0bRLcy4Ercm*i6EJP4A-M2pLqp-yEeQ0TzGlaRt|GE
z2%?MLeGdRT;zYo|gJ(0UXLMcdabx8mc3ZwENq1$+QrS_COH06_{To^iPoSQaF6zn?
ziESa*!(m@jKQnQ3b56zQyF}`XKZDLBWdXu>7j5g_(XjJ2N!Uvvr{Lpf&S7%7M*aTv
z_4=aBo&Xdp9D#OjMc+S+KA$xfUugo91%SsqAGVsXOetO|UdKFi(o9^dISlHTF>+Rd
z51ZlPa8=(=PfsZ)bW^7KswqxR)W-GM6|h3s7$E*)xK6e7MWeHC)RRjT+BR`7uM5BX
z{sjJ&zd(?k!L|&tcD$a~fEgZHF7T+O*k+{))4u)z*Qg|#R%bD5+_76kh$32(&Vt-u
z8O&)jljl~JPBlkCZIF--H)r8r;2BKx@CYLcO$Zx-%%i3prou*kT&A-V{%moos@;ow
zo14(AmLSS!uVj^;qmTf6&7Z(6a^mk|?aEY#?^l8B489CqRZur~A!@d@R>T!pOT$u7
zuY(!b`4T~VtHNYF{u59Srzmp26R50t58(6QFsQK6Qu(803gj^j@E=hMUD`^U8f$KT
zonC3$JS}&@@+Dk=+U;y+?i|=FG<<O`WowBWzP7B)+hi`dkpg3eXX34#gMP8!#=*0V
zv0E@@y~pE#-RZcA3=lzlF^jAE9Y~YO5||G8M@q^X1tzC1m&x5)$~AWx?p!4<asrwd
zIW6xBvgr}Tg_T8Wb-^m9XP>CwyGyFUvl!p2Y9!Nj(gVZWs|eQ$g{u6ugM(^pfZ9nX
zRs0~!Qh`f3Fn%x$GG>q?Cg~H7P%q)5wtc_xB^DiNHklD<>gGiHO1*?Gi$Ie$jca*1
zoy%(=H*8)bAisvljcqNPsslce0lXfvPU}jI7lKn#UjlcH*Nk;m6LsLAf{y>0gd6*(
z!o<p<nb$(T<0G4cEFTzbat^leoMg&+dCk-Z05SX5)Np0QA|)ePW{U?HOKw9@T8+_|
zIEY+M`l7Dw5~NXYIusqdPK7H7k<DV4tP<cZIYF?K-HYd9HFY6ND<7*rX96KfS`Gix
zmXr-U@OwLwHLuHNQbpYw-9=6FYk&?LtpYB%24hcj>%u{X?f+3m`V|)fWqcMm{a`69
z$^D1Wz|^KR1x@N>FG7?y)=DjD0JXDQq3Nr(w}DRk!a(>=cYO)wFH{Bd(=&-+A8>!@
z+3p4Gf^iOv6it)wtl=b0)x0iyR`3>HK`*SeUs4jRn;HuP`-B|kAF*jCOMiN|YtqX}
zU?u9v9o(Kx=2%~L$Sr6c<>;NV)C`8N1=pK>tA@vY^POeMsvYb3moo`CQ1<W*3#{&9
z8%AYZqKQbG0H2Z|-?Q+0QR*bq<ZzY2{U`ks+s8Jsax(xdPw#sLK<TOTH#O(lM-ZR1
z3eYQ0zXsWW)_gfhGro5VtZpTV=oCDxz>0<n$f=i?xDqdAwdk%D=Dj}p6BxqRfA^uJ
z;yPJ1@e%fW+ZQbFI%0O{$1={r0bg0$7erq`wzN~>wXDDpnn-L7{D-ge)5EdV;|(#D
znwf%f-qTdISCpZY=&SB*x_8ouugZ3kmTw{cV{SrLi`r7qkln?zPH}1v`CmFd1jfpe
zq0MAQP$!tclnJx2scER@YJRrRzD?vsK8xhb7WMa#dDQaNuO(>e1bZ#{T~QylC5-wz
zktRyagtP=vr@I{(zYkNflNX2aEgXRs&Zjwb%U0-?MZW&;oP>`m5(4dd?^W02uSG;c
zTqvYL>5@}w->$N8*l=cXiqo|A*B)&TC;sK*7kLZEKPSzU_^$j)ceE+996-P95}mW$
zR1Q9!)Hmh(b*$iETnPW&WZUjMEO__X#rYe>aOxolT~ywVM<1cWaqn1^7zgx1e1*vH
zd>QlJF*xmvGk$Ht*9564A@t_;mYmuIaJKN&QGOo1y31zf4%ewZ>3mxN%!8BE>LDAB
zoTLtnS?k^ur=njfQM*JLl5ce}W;3})@&!vnKk%1IW`5u;CxdZ2x!-bHcY+2-w)<xm
zth`~_PQ{mzJ*Xv0@nwTSRH&iTpf44?K1%OdKNo=Z|IVh$R}l1)z29&vcLKiwLQs3=
zTQM>Gy0!v!e0hV5U-h+`Ii<(LvJ@?@ucZS$y*=kR$VrvN#N;LDu?I+lIHKVi|HW@g
zUb^q2$+or0H~y<_nUCTS#$8-@!kF9`04*P@<kxj$4?ysP`maf6;(pDU&}Fz;gRSZO
zaIy%jREhp(D6nrdypEQGM(<fR%x8Vy&^G{AOdauemc}cPeFB|0)}>MUB85!&d8V~`
zSrpSzLz3Q(u}M<P#78i{C^IfG<(0t^%vELScM916`LumZUxo?HDnp~0mDqULAf-te
z8_R4~#*--b)ln+swg56XfI3{mFn-I}_Lc$3`WJhk28&}<pfv2fxezm`TBA`TU%m4;
zsHvE607={qJgt$W#5_6umdiGOei0pBh6qZ^kNexH`B(lC+5_n|8!~6uo+x)z&RPb^
zVwGL)P+2Pg#9sIF7}Q|ceAQyqFxPs`@!JhlnL-FzCqUdk<MkT1Sl~Y9oj3xiUOOQk
zI_xX3lX^0+E{%SF$9}|x%zqI4Ylj~Y{+mef&8|dOA=oJug3mkcL(Yv<xD*DFivz_k
z7Rj;E+n4p!o6w+Q!8>vgIsPAv#k`lhA1AjyobjL`5`THUVAc%k^E-lFve=@zP-rLo
zT77@7qzjeOTJ#>Qh3(SoztPfV)0hGqQA@<QPZk_avz`qWE)8^Na}P#Ibz3Br;km<V
zEB*A>&FHWA5k_YsafF|gSyEQTYEYNdx7+<1<2Nfgz&WLT6>9M&=PFsd^WsVIc`mW`
zlZvy%b0$Seue&w|%#$xpT!Z3$@t6iuZ7zBi>(GGSzZTQb_sygf9mRyD#!Gr#N<*fw
ztT1H^(v`|E8BWgh$Z5-scNwD?OZxfCUN_4UPEvi<NwZJ-7>8nqOSB!}SDArU@uU~(
z!$~mx(sLI%45Xr}NqqlOiP~8G&P4&_<RITtmnPeOR>|>_vlmOpYF@G0l)>lDF+k5q
zdGT3{*HalfoBa96;m8HBLXOOXdh=r~Sfsq>%89wuWq7z1x6lvtjB-giwW@4hP-aU?
ze@c3^=|a85mY)(vmm}e}9s1E>VkpIlMs#jTYE#QA7y~8-uN1({euQ!C(g?wPYpzZl
z;!<Nt>-F--=<H?s(KggP>@{mj850Dj0%}L;7bq^17)?{DW?7hvQX+usiY70xcC^k0
z?k+`7?ph9<e~oGv-cPyU{Fm}{^m#wH-%+*cLewdQr{St#xu<U@6lrDZRSA<%Tl&O*
zxp@D3!8wD)`P#_|yIn4rMX7It-D8VcwML6FL`%Nu3%!8fH{QO4Ax5wRfM(}`xq9n{
z8&?@ho~=a>|Mzkybdh`l+4Q;THSanL`gX#Q=qV|C1=Wl^Ds?J2d}3|yFVgAip1$oE
z2ZPn_?=PZUE|%g@)Tjl{o6*v*+(aU|nmUwsoQ>M4+LCrP053yMQh1W?6aM$<!^EMJ
zU|j*(!=AAqsP}&<H5m=TeogFF9ScftBNwr9op@x`D+;Y3-ui(<1<87%L*?K`UDm>6
z%7YRD&q?F7E<+zH7JC5CxiP}Rf#INV1VxTwQ!a3M^$c1TO?r!Kd4t2g`CAmU#^KLh
zfcvCz+QJUvL*;7!KK=2iR0W;}8he3=%@%rjye`FO*6^zikwfn@W}dP7)R<vGH_~1u
zTU}1vwf)EOUyzs!CW#wYjpZLN@0{N;+CI$nAvaOkto}1Z-;-p{0qSf2&NhXBUqLMq
zWmw#gGiq=D)`X<j@E0{GRcFUqv?U&rLJ2nms(O-~i<IYmeg2h*7)ewcapE3lHe_s>
z8x};^7PmT!9092cKsl&FzCu3W@zgdBo@Vvq^1jI->Nj?p8qOeTdgmEZ3!y+^ihGo;
z;NjnkOpSV_E;XyH-y*^SZRK55c4aa&p&Lk>cw6e6>m1`u<Lu*%;<m<Zh}#_}A7>dS
z(cWZti=k+uFeog<3E7f;hOL|GG?}&(0O2tqF~g1GMOY<ZGk#<M(=Rg9DApPGGl&33
zd7y%qoRtC|5UXsWlp@VWZ5~$`H?ZH-Xpp2pOO+Gb)oC$zP+|zRgb0F7oIW#(5*Yp`
za}z|_R#Boht|~(ZGU_vY)1iQ{<Cd2IX@qWqRR%)=uNbQ|m@C5yVluc2aK!{gO(05X
zQqD>KXR;p0glAu;QKuW{6t^YLJkHK$S?iMr<se}jp(=ej-HdXDqDi?H-dC{+E9ato
z1z@Bs(rh$NQh&mK(q%wUCZwhl<={#Q08Pbw1wX|;#ag*o`FFyZh&cMSJFhc>GvYJu
zr-J~PQxftw3GE=$mJmxg`B3@~vzl;-@Q9#6C?(7i0`FhMUlyNRdq6NCc*^{Aa&^{m
zig8X%Yl=I?fI=hy2*m`p!X2ITkqp>9ZgeJDu2qd^&kPPv4OjUm_z{0ygSU?oO}RvI
zD>uk(8o<L;Th+!ljcfDtWwT*uv*0tFNHHcv{p}U@cTyk#ysMBQ=OSmXWpBtcuVZo_
z;_{6oOV@yz02?sx==seni)kP9?DYYO<pzugm-d-_&VP@4?(LFm#Pk;$!#k#UsB}Sg
z1Y%Oqkg4>g>z@aQIjA#@2^p6VicZS+0FT<v3FzzZ;x&lr83r<s#u-4o%Rhx>cyhyo
zR;3jNM7(X{jzLt7IPA0ZdeX;-<m}bS>h)B|Qx61IrikN3Z@XLKhZ|LAK?ln|+!14b
zQKFq{*8N8fgoJM@4T=Hx;Uo5+cTL`SB)uTu1>C2;BVe3dPXE9V_U|LROB8_S1e)%q
z;N+AN-`ej(z%rSdEqfXG*uak<@eGm1nYt0MsFXlo<!dgkR;Lv^HB!ODvoSVRJf3RV
z$gFka%!bQ7X3jXd$zQx%aUgj$s`SQPEcODG#`$;PL}``G&*7e#cxSP7^?GU4`+ok3
zOz!DwmWUA#yZ)%pP9G_XF2%QbQtjT49OAoC>orKI(mq5Omi17>6Q$Qm_bj!O4yYiC
z`ylrgWcmS=|4ju^-v^m`C6hW*QB<iks-_PsJ+jtuqXU6H0edl%x+`Nn^8kt{bil4<
z^!WfwW$Wg$alDCv%*WM37mX6*VSC=Qv?+_aSN2R*)L(2qPvDu}DI!`ZLrYF4m947F
z-d_EilA8QajtN<3e>`m8e=T90e5oxJ&27m<`nvLLo$iZWKzPkWs&s8;`6@oNfRU}^
zfKPnghn2vn`ZYI&=X26tp7r<1DwS;h#;PwHT%y<4Bnkg64bBSLiKX1}53I3S2XtgX
zpW)I-GAGS5W&J+~7}dCc$S}>#A4|RVwAN<O_@8t(skW-&%p&FdkfX}V-G&?V)+5jQ
zq>pM@hWl>9+OqnbpE^h_gYf8_v$TZ`pB^Qo7S;CpZeqcPhK626uP*4H2rgiV^VmEm
zh{5Xp$J5GMh;r;<si`xr6E`#4(wJ`o|JLjv?W90QhWLpk^!4lr_*{@ap1OY==m@xr
zelyWvflU%3HQ2nJq{<uIUnwG6n|fAx{Y=cxUeviX%<K87%!4H99oW~kpar~q+C2Km
zZ2fH2N3Z1qbSCdO>dkuSByWiapC@{GN{}}nuMfu}6GYgxsInp`tFPZAzO3}Dm(*Gk
zvi_n5_t8p2l*W8OVce>@=IPIrorgyWN%ue4LC+EekTHB?$)a$78S>l65_SuZ$6zOa
z`2*1hpbugkMx4GQ{f=kr=HQy(Ow|6RsBm=n!N2=41}v+X78mrh+sro#H~t=V8V~s{
zWxxLfwLd3&S8K$if>?2~`DDt71MX}?$O85rzve84kwfhpb`b5#3epk!s1Zg)$DDzU
zn^$TcLOVi;^BiHo-%b#d`~pkl4huxKjWrz9L53`60h^H>|MX-Qm!Z6g+KJvJ(tS%c
z%CKB{z*C#sqlCSCLwN+3-h{Zg5>uVF>mb90EPjuVk$y+Q){b%i{h1;lx@`F_M*nsh
zb*dyzN<&q-BLqFB9mPe)LI-CB_L0lt2izlg2X&qfbHa*EeG@DW;GBDeUo08%=P=B+
zj_vrFT)9?Yp~JwAid82Ep(+PBV*Ri58aPekY2RrdCx+@SC;#frqc_s|GT>L`?V7bD
z%Oy65zCF6M`+0RPcJ#99QFD_ErQIN|>t*M%qyCGlZ{d>XPtZ|jCfUCUAA2Fp@TXA+
z#FzSsSk>fmyg?thMUgLO^5G>Ncv5t58pIw}#%3aGm7FoPP&vWBYlVOZcQ>(GH(h8_
zY1p&|WDIQn>!HI`vs5Njof;t5H-Y(YN%es%AN;0GT(X5*I@_4s$8$>Z;~UtxT;$a}
zb_Nw+RYhffZEkbK>~tyn@ys`|-Z)kfr5vgesvsKu2MhUJIDJf+{M&PV$nJed5^!Y^
zwHJuo8>bW3X`YfAvi`w#>Di_6#CNE}U#pga5}r=uORVS3KUAXqg1)slL&Q*}Ju)C)
zAL8ArH?G3lRc9Q>Q%h;d`{dasi-O;K4ngL7J@;`Oc97Obh4_&T<}W@TYI^K@q;fX;
zkqKqvTu%sr6o*h1f#RlEDK5MI$xQK!Olga^lz9cp-}O|Kb+#sL9`)7ovj?Sgvj)CH
zlUNI4j|NG$WVwpVwcA4?*RaVCC0gaxVBXs#aqmR-@}q4z)I(<TEI-<GHHKkaUDCj^
zytDAjScZ5^oAedFSbEUP3~hCL0#W~(rZSyUUx{?-KNcmKA9RkJIQ|U%5@o_>J=3LQ
z(AI3kZW6TrbaSquE*Ra8_5-6)ARf1$qlPaQ?^vU5o~IcXAdRqeAq8A&I_0b#k7hM|
zsrWe-PD_>vf_|?}Vsi^+0-zH!#-8mbKDVA?WvucyW%^opws(>j1UpItu%|r0G`RKN
zFD5G#3HW9jb`W7Um8J@R_=H+QljpWp(#LX9%rli>J*4Kktye20<B}{kg53!xz`}30
z=YNZnZc5R<DO*h-<45zG0e`_IdX_3cr-WBcZ@}p|?7p=PdI05jreTz_ohc%~L&>Qw
z8J-Wod*4e>MGee?ti^%7cHuV<%or9R6}k5ZX5n(;(<hr#ODZN$Z6)cv^^fDe@8?|D
zDFFxixstcd0r~;E#w+RI929crB;MT~ZcfIz;cj{1M>)==fl|R%lX6CMFV`!Lmdg|@
z2o9EG#<r}=wLLN=n@oT5aQQUEVU>dovXIJKCKXe2wmO4fAzg+!&)uOSL>KU0cVM5t
zIT({pDsIMs1*;R&DBw)kE>0WB47yf?Lx$na*=<-iO&TOSg=xE1p_61C22~W(Zgx2W
zR)1zqX=SOIyr`!8XQR42n=^2~22tpJf3*JGxVIn(3`R}KTn<6HYtGXqhnsITOA=^6
z2ZBpDN+WAXDW#M`_8GGZtHj|IzJq8rx8wG>+EXM)n^Br<wc1=48<aU4;f721LJV@!
z`U_eD8H0szOH=rk6-x5!c(G?ccO=K8{~U1P12Fk3eNmwFUGiiXcB9RDaaZeZnis+2
zIY&~X!)^=NiVTOPeX5EH2PILWoh7Dh7R22lBY7lHQsN4B3iTKRYorl1*$sqSQ#1s~
z)R>Z-dQ)iL5Bk-er09+FNP?O|x1?i-Ib-h7HJwR(cN)d8%kKCqkdw;$0)E(#wT0$e
ztAB%!-;w;V9F;=^d!1LEbB})sLM!kuF$?5$U033+(&VdP+y0%EUSK#=D&96rr9QVd
z3QpWtwcqOP`h5`aO5J<It>$#g(JQ8E8*(C#D=5;B?!Ptj>UQ$xc%_q98t+=3pXf12
z+ZEHZM*CyFv)1{P#4*(+syOwDnJ<AV6yjlhbR{dUGqo%=w$w3k<)?dWf;+<W+m)`G
zBhB)EZ{zviy!&kPy4mcqjHC$Kh#N7zY;QmtHcgsB7cPFGf8cL7bRp)zqdMVr)9^n`
z4@BMHs^83DTV#y}`bUm5qO)i6pI<kwHWG6Xb<@OgCh<xV>-l@WoFVF+2A+_EZTPPc
zaW%=4@XY_yw2m#ZLPJ`hAsx*DC)IPB{n~Z(z~{=eOGu|I#8<r?{uJGG6PN)Ck-YGp
zy>}Zy`<6@>mQ;Q}jjU7iNqih#rJ8W-vN!sGkMST-KjS7in^n_oop7s8+d)}SnE!9D
zRpo@Mq`Mt|Wdvh1?XNPpB8~)#!qG`#e^)h5O75)Rx0&!q_Jmg)w7bGPbZad1Wi8-}
z?(|u$TJ34}Nc0mBIH~fg7Jn!sGS2J+P_fTkf6;rgzy=(A8*%d$Yr4;(qVNv+_ju$K
zD)$z!_SBgEr_AlRP&8;_&U|0xLy_LmeGiVDfT~U}s1Qx{BikY@ro7CZwnWgBOv5_0
zOfp!rKAu*lCT#Xo3uAL1!D&Bb8FKhiH~pSFQ3DScD#U0<fKvoMh2n7CeQ_2(SLOOZ
z+ZJ-~xyq&_)%07xX_p5-*(@wdmb0Jj>|G_dewRS)lm=as9C(P>Gl)?V-zYCg((1aQ
zV-DLOa?wTYPM5f6y`*Nr$~RA6=iyb12JJzsL@$@e<*koBU~*!$=_t#NnnKc%I)(@8
zR42Y>BTg};Frrr_a`Op~W=(J7!3~#Pn@y*TVmCm~b*`B8GvpnOBN}99m}<1S^!o4T
z4H!+=-bQZ}#pbb=wcxq%+|E7hutLenu1q%Ku>C&Fj7K#1fx0+h&$X<nM001FKDdZ&
z>^|#rprmqon|{s#<qM(=HppzDw=>yW8uy^R$fAvEPExANt;_4weLJgH;9C?!0aY3S
zwaFOQCq4ffEmg(U24g#&Y8Q0frS2ns=fR8n7n^wr>rs|#O{%E(Cx*ggspNV3&71hz
zvr*@rg*zWU|HVCg%DGBVoUCz;!MP38PgnQwG%KYCN(uwLXO)LRksJ3Z>gU{Z^)&lz
z7|1AesMOxKT3TYjNqKQUZuu;yd1yncAJeW7(Q`1`Ihr0<>X8!b4T+T7r&v9eb^VsQ
zn}fpkTmo*MoXeA>|1m**{x)X22Uvt%?hTPka4(GTUcU6uuF`PdcO>Au{Jy#f@|upD
zh^BlH&cZbGjkz-W9S*|VW3)&rP_xp)SZ{Eo%HZb>M*GyOr#>S1`!<r}^PXV~uB?5Q
zZ(Tfl5dJ85b3$i6Xb_}->z?akLkFT)rIKa)u=A?$F;=bzfBe_jH;62L!Md^G=&uqX
ze6wb|pW;5%YJ}$@cY&#KL#Bto%%g#E4)@7%BhKU37|WJ_c0-vMau9xIEbw%$F<?+>
zAyeJe)3hz|mTZ(bE$h4Cv0Yr!>%VlG^fZ+Yne)Z_{R-*kY+i5A2k(>nZ`>SKJoN?}
zlvYhW&dF-Gr@jQ~H--EnZ+R|ybSq}8hM%`}sTn-~-*eq_%#1;%VctEN-rzwY#U&r?
zZKdEC=)G)4bFTc$RV#wKbkGM(&VUEg*)no73nkG!4gH*96H*V-45v0Iu6tIX4>>z_
zPM5jJiIzk&TmNtkMLFtmyhI)gI4D+=FmAzjSat>Z2!_0spBJgS82}4!+FI%7%w2F4
zsT|+765}?Q!JhJlvaJLM2f3FksX1VIo>n#(H9k;;lAD&xo%T|hOuwRp*Gvv79n&HB
z1LkLM-FtE8rrGEE0L@kt8KZeXg^S^*mRS;cQZD7zO^-E~EIA8?M|f%!{{4z|=(Y~f
zUG~RV_mu5XfO*7o@QV_@&(iZ-X?v_(qKo|WRzF|q%2ao2eq);E&A8T&xhu#Tu4)H+
z&nA7c_GWBgvJQVnWm>(Hn5?SuTf%sB^?-3{<e}dlF5*J@BE;D9MVIGYxE}^QL_K8R
z?4{3Bxv=qu1hA*5S1mP`JD~f1!kJ2)wHvt}0sAVRzVx~EKoN+Fme`5M_JEO*S4{D*
z4%vh7$U;=FY2<Ap{x&l&x{00adzI`kxB++fdhX;^=+L=3?&FlQ2_Lrc94m~@>P8RL
zN^8of6<hdhET{Wo`bDn?(|as3!`hCbOwx4uO~D_Ci}&AhbuWi?q#s-71{Oc6P5Tt{
z{w41YciE*wylZW`F{95BX7+9VRLkBX_{FfBEb3<bFY`}$#>BO8h$d=M*CNVwOR4AD
z%`6tKjsy|Sn|(sN?33>N!GavDxOvJ<Vh};S(N(<KcCOAuX`wTvI04kbjWE7!J=$(U
zXdcNtP5zS;U)@8Hx*u}Z5F5M)x;Mkq#U*w5+?}HXBoW$N+`oI2^DJY1nSOk>iIi8V
zJqTRLRd>rd0}{Xf?Y9)wc6=E!iEflOfnO*6xoBZr=+fIIl#t(Xj5a5<*3EjgnogXl
z7H~!zM#WFCUPxm#*Xz<dcd7fkA(2)4XUMtSlovy~h0sEMdxk@4hl}^2J;5(ubi^zm
z6$fjfE!Rj*I<r;ij2XD+_mr<LV}P-kPg=rV<|Wk$Rw^w|6U!$R>Uyplf7=+Tx36PU
z0^cUQr}1$k?8socdPue4P=5goD5m=;uediSW|A{yET<D167ZRt?X0_GKjwjGdl#~y
zO=an@*?q%u&_WKI6kbY}D>3W?$~I8<hj*xhY>r`(X61joHS1Fh7?~9TQ5UO3vOR;b
z>zbdZ>|=A#b}wI;nHQ4MpOL#b+RHf;5i`z8Ov2Po#?zyd{~np|$%sjOhYWuASqwb!
zVOgpSvt*}Motc0f4O+f|K8<;^o=cfJFG3n{vahST3hc^T?M^ooJZl+QC2Vl)yRYYE
zTKfD!4dZrQR2}>_maKq|_348dFCFRk<4kM>4PJBP8UJIIc$!*F4{6a}UHQ|1da)sO
z;6q&^bWKe^{hke4Zh2jPugTRw`at&DK9gJEkvd>C0zlr@y<>bs!&i=G0=p-iLGGpE
zKl}(wJ#o))d!j~yk$=sseSzVmOYXs{^>53(rN5)%$RjuClDGm5bWgWm&6ZKYg|nyW
z#Lv?;*~TvK0?H(q01333PetaQeJ9?xYevb;7+NzsoO-)wff*PF>L&lpjs%@}UVm@N
zb+ORTTgEE&cUml5O3P|f5vrR0*2E$jw&6ei8FKk-sRCF1#xM-~efAeOVcjuTq*1CM
zH7lj84C(G%;QuKs{aJoi)96wvtjo6*x_#+dTI<*;&JPX8{4<r*+yi|l#VVgGl8USj
zJBCBw?An@IXhfX4Gn1VyHA--H7fknT*@2R|%~5a2YN-)}Eca$u;E=C#;miW}-B|9w
zz<2A>aio^a885uW)1@>c@I<yTctTiMsodfqTVD#7k>!6=kvR^2k)}p%A<HE!!XfYi
z_YOzHs5?aGXyc)|0<X9817ASd{8V+vuly}(!^~-ws;w_9`x3pL;JG%65wI#J`3Q-N
z$CumayDGADOm|c;xy+uPK@o;r{PzNDdQmut+(ph|tli~q0-yt-f4R&2M%%oOHYN1m
zjd#(Flw|H;>O_T-w8n4>4%#A0&8kw3HFbi;F)p)RF62{oua+)rD-pZX1V-&u(%g=y
z4XAI)c3t!5+lkH(*XTN;`k-%^<FA}<c%FZ;SzxFI+sZ2?7h!6Y$k|+y)RLzx>1&|4
zWi_Zu^g7Ji;cidxL_$vt1)(bT*OIt185>DkmqaRkjCs~-9?$O(7@r~Cu{2@4oI9Ng
za2{a<EW7d(jkf(U#DO}<nUo{9M|out%Iv49!U_{5%q@m7!kM-+8$xzpmTrA1HN%Zf
zyTFcfZD?WXWby@)I@xjhX7c2r*7|3ASg`&J!k@x)E>0Sq4c=QILN+{)mOg}zSxfd)
z8OL{Nw}Lx<>qIvL2)Zh1RvjKn;0)&W_8wEGQ_NKr|IJQ@)77^SU5u}#ro5Y3{+mQ6
zv;1|P*am5gnO*I`(sY3i(zfG<qHOSy?GV=%r;t%cocW18yx-W3*k^60rt`|}nq9A2
z#he}F*@lci%_d*8-Xa2tU{lWxFTa>wPc~ui*({JnB&d?~@t_8GcAiem4kU)=RpN$t
zaPHUGJS9X`h`oS(%2B}OcA}K4k(b2RK6e12e*8tVrO^9Kdr=txP6V}JmcUzUtLWv#
z&@;oI>?KNK<Nd?j^)Z$`Gu;6;rHDJq)S!qYj^KuLvMJjxGeiw##iQSvFb?&Dx>SF$
zcJSM8kJS7N1|D#7#_qX>+K$6MAW_&K8?eSb^F6HFqnxT3-Ae_>u9PJ@-{nsesb62q
zH#HEgl1x&1qpulfr*+yx_e{-tM~C^OfZXkiEAfzT{~#XZn|rT`4yp^65@(Xsxk{Z8
zK$%K)-}LgmfaQyDpLK<TAf6c#K?C$YJQ$5qEzCDecxC>6X!ZWdp)+|m$BCU0c4{BN
zbJw=EE%$@!+IG>|?q{M?Ft^!_s2pCfu(oGJFy`;+ECU-}xbCypUU1DZtJptsQ}@Ha
zwctJQvEOx|9TP>mFT_*Isdt1O6FYV>tTOAshn5u-s*2UkUo=8IMR(CPs};Awb4i7@
zeY!gb?K2zmS%JM9lPEV2w)J|v!~f(&(~*t*)GmCnF|<<qL4hhQx!t2s*`fr~aCSEo
z<88MpKF915_<sK5cN$tgova#pI*1Wd(XV#P@dVSzo%TBSJ;QN6?YgIV%AGajc(YTC
zJuZ_SpSzg&Ds&@e!mY#qMZucnaej1a-BsPvaIk>nw`kwQkNAviayF==E?+6l2M<o2
z;Xos2(HaHM`wRYzKavPr%<y4mEpH``Cc$E2$|mH2@5!Ie7Obhz+Z*3IJ&e@pfMwa4
zFL~JCiqq+s&{{V)I+C=%<Fg8Iqo!$SMxE5=!2;!wiq|!qT*Uol(--Y1(<N8?+i}~3
z8Fl$}hSLt?2zHV(M{q!3Tq(Q^gLd=Q9>z;4$Um=p=6mOR=DX*=^5;a?aQ4vq#v`vJ
zw?ZYaLfdlBOw1;1{Je@+UiElo9NbanKa6$S_mV-ogEV`QUpHzzKc<0l9Zd*Ywp>5*
z5*h~$U->+ZGBnxzqTtFWAl^_s{$U+r*XPKx@tdorTF1Glue^9&#+_}|b#n5(hb=fG
zjB&cOjQCrx0_n7`KX#l*NQNdwK7Cdu+)Jmw(QREk6If>J^iOA}ty6Sy?d-Lgd}>$x
zWRBr2R{O${kXL1=%%s*MYa84lw^<Q}Z3bU*S@}Oc$O2ydUnKti&*08up$wh-LJF6|
zB0iLCaE9~=ud>x;wPclzXh*J*{yjS~OD{H@2hY=mvz#$&7U|A}HQDPbHn8)~dS=pR
zd*b@m<DaNW3gY?Xk+RjpLrck8*c0Pw2L@nzt6!iHfl}k1M)SyD8ip%MT-B9^X){9;
zCF0T>6t{g95fiJ@2OO($de-b;0IDU6uQse9KDLMvAAfMbIAt;CEbT*262odCbu%j<
zE3EKO=M#n?xMk8Llx|Z?h-KUU#JprQ_WX%u?}=$KTh~o64z>rUWBNf?KYgJ$fBREA
ztMuvIczj1}BtVpllX}Lq<QslizVtEdAy#{y(p(yu{)4+Wrls5CE$9rcj-HKo8|RR3
ztv(h1xpZ|*YPx2%bgHvfjn8#=h|MM$bT#~Im@FrV>EZwqjG1FfXk)2+lPftb_dcGR
zq1N)Kj-ESZvy{Tfai-<2G<>1A>IynypDb^cx_Mtv6J_A&@-ZzDpXljz&jBrdJXvcQ
zznI0GtA8@{C0n*60O}00rnWZ#htF*m2xe`U)e}C~oNW1AXXq)ZD3mxxfCRPAKP)##
zjBRknNt!SxvFL-pR(wRp{@nObX<hsNYg3z7-#xgetF?Mv(|b>u<e>o(6Y11&n;H|V
zO*C7xnhCblhisi08Ru8$iJU)lThpFIN)9{i{+1-Kh28TlNlT0Pd&f6Hs^|TxM88_6
zsjaY64^|bn!ZJ!R4%x{rM#-L~pcvx2gsnbb03KbegEMyEiB6{ZU5Nl7pg;HZp5FaH
z!u45{DtSEt_0;IuX_1BIOUQexFSo4iJ_xg&$wqY~@%DFvDjC`8Tf=4n4<fv|xfW^t
zEDvSU$)Qy<W8J|4bbGu?ibIc3WqqrKv5HqwzIKXorElddN@JOJZf-WU_rrLBvVNML
zaHPyt??J)N@eO9UoHg~dyY$`P_csRL*Y$L=`o1?EnZqz|Q;B41E#;~ev7vX<ZWOeG
zX_xC58y6}ooR3gSV7Ywt8NONPM4`!&K|!X6@;JD+KW$Os1paf7LG+zOr-!_$4o%hM
zYA<)CDJNyWxeiYH@(E<}a6N`;bmR{Z6up>sOfd1b;Aft<iO&PBU5bBY-34VI?y(20
z_yKZBM=L&%?iE2I)94=meY=<>9N<u{Kky3IHQu$%?wA;;HM2IOKT%6F=8xu@<IN!-
zj}>r?%*#uT?DHC*6+G;@G#+ueii!qGTrYW?^7zjFNGVCQ;cL6KePf>{9?a^?6-u2Y
zy0`1XoP*mneI1=IW8LdVXOV{^h<^TWVya5SCW5IJnr`8tLakvhhmMHeUxmT98QBl{
zaW7r&{YwMR4htyAx-yoY1H%|ybkXHB@nV0n^k3Z_3px~}qIe=#vOtxj9TIRK*)zNx
zr_+AW$dY6|uogK_V(cl^{Ph(@eKaa|d=e@BGNgtpxSqKyU6!9PUb=qm5a>wqy^ky8
z_f#Y0wt-P`=c7nz-4IKnJG(z}TjU7(gD_D?q^j=D*R1=m(v3krg@Ert|IS}t^!eiN
z*fzCf`5V8?PVgP`gs?n5m4Iw&JubQB1b{ymx-pOTs&*x&{WFEnM7HT=3Z8^d;m`Ox
zs&X6$n$h)Tr~}=69}8__5IlfN6{w}c@E=408Y~gvPEud~d6JxoBp{4h<34UTbN*<e
zg%5SFg@!kz5;UkGmSfBG=#76fht#H9GgukdR0^zQ0G~-7&z_Nf)2-R;zh#<Z%GnSt
z`1}H1Ntb|MW0Fwm*Rh-CS0pObz_RHJ>;6qvD1V{sjQ8AgS=O+V+-x5F6AGuR;4eKr
zuVt9FY#B$hS}}x2&n0(xMcZG)Om-#VJZDBwkyB`e+q#8(CCJ85^zUXP<SnaFeHf`8
z9&d}%$5IaUT17j^{~xNZJRYj={U>Y06p6A-C|dbM$Tm}{C`F6NHdCo2*|)(g8A+18
zs4SBrm1WAl3}XusV~MfPSO;UwFqkpxZ@z#2Uh{h0`^>rLJonyn?sLxbyw5q$!=M3+
zXbIF4X^COR%Cr#Ku~RLjf1aZHM-_VO)8BM#(i-=%W>XGssHf!3_9GoG*IQkxoJDJB
za6oK)by!Vq#Wq8Fz+x9CC0c0@XzzAtp76R2(gk36_R96R@p#A^E>Cfy@B(4i0rOpJ
zk00Qo|9Ks<TC6=ZsjX28m0oU^Kk%Un%{!Z$4@d(@kJ-JV<yo?-Q6EGAN~ul`-(yN@
zU@cEW)wUztYzCUQOgRVMfiT^O5nJ?i+^j{#eiBVRG}9384fL~Huhf~R?+!WQeMWCd
zbNcp*-@^LzmPm<vS!3C!xihgMp^dG&f3~mV0ldP6zB?YabftX|qD;-W(r$DScP?!W
zuB};})jn)$tqrkHTdN@cgN@U8|1JqG;_7m)EI70kT``2%wsrGNL>-w&BE{Y?S8K+*
zf39m#Z|2eA0|tj@?u`Dg`)kN+XX?7pU%sL|YjXfCH#UWOW*F%6HPfP^a)O6vK#vuE
z1I}NzKfDCW$;Uxd4ngkeZ%|Sv=tP_R*`v?Fv4>f#%?{R)<<poIo13{)#)lCpg5zmP
zRNI$=`P(awtw~92`?n4O=5q&LRbNh2xr95qe&9Sv2Pq2gi`&0es<(vRC<FeaKL2;g
z{DVawxW@9PKXL?c?j=!cH`i~@v{NxsYnWBEl#hztn%4FEd)Zu{Ew_XYxnO?i%Y>k9
zv+KEsl?sKa<#kBIR^wL8n@>FJl)dyLZ}mxD4c=CO<mXKG`x=LcZda%@CGcz@aNS9X
zZv9c!pwHH_o}0O6W{sWQNgsznv})F>Ld_(msv1%KRi-q-??jj-NS7x`3H%5sH6RW(
z)@*#XvLL3t`Rvh+R6TDQGmc7It7!~f(b-)(hfvGUTwzb21Mx%{!MsnJMyVbv0#+Ih
zq8CO_^3UW3Sgf@+3U^K=UyKxKFw>mPJWy*&l9D&%pk+TtaO5vd85wmmmphJk&7Ym&
zoHysz<01q~k^t?TJ|6}(^bUq%rLY*QwMocxE?U;(sBEYor5qXvRvD~0a8&Di&cy+Q
z>=pXqG|R^In>*_DM?zQi>OuMdKfq#P7)|?hZi6QuHw^3Gm=ysmXH`xMo;&kCCxM5+
zGrR(Z+AXBP<@z_UC(0YgudK5koCyHdsEH5?mn#Ez3o`6fmn=R}Ud&Of#02{C1L5xW
zhFxLXwSZoWRQnzGRa%g?7+d`QrMUaf_?=;z*6f2Lqc1s#eQVfQcWIPg42r0w33hmy
zE7Z-#It>z$E$q0Bn3TNmy?`Z~smqoD;$a9|QjPe0qZm?~e?yrk*EE&23~zxE>JZyg
z<x_w?k%UO_^R32B<c?WHRv1S_Jn!QUbHyrzu5@W~*eYLfeq5b<Rj|rYGVmL>QW<8r
zzbMFo<ST4HFGgPzh9*3Uw4ZbHkL6n|*_|BpY}m7bJ9T9^euI{qUf3!cD;jq2LM|+v
z8$Kr*Ri-o5Hs}3+wHaCsCj>Qo6^$u{dM=nyRH{ZsSmZ$NBr~el#*-`du&#<LhwQMV
zm~MbOcXl3K))AkUd1yTMxQ%tbOJpY04eaOEkA2^4-o9rARa-gXgKskg7OO;CP3El%
zXQ=PWmDV~BrJ-2tqui{?;QOPbm5mFidk`@fF&A!}Xwc9hMQe4kZcqh1ky5?fmo6+o
zJ!P&8HL|oVXbU}PC>O-U4D+LmlDlL2{d0!-S(|6(j8=G2yiD3iY3@UA#o%}kB#l4r
zBpUj@WLC<}b5z<<ozFV|BT7G%!O4~>u1(e#bHiUzJr9?vxcslYyUq>#mtw9dRr0=p
zY(pE5j9-p=1$S%)3sqN~V>c3S&QhWGkXj2Ge$Cq>z4Km8rFluFH|<p{cYhdx@_t8N
z!qDpNW36l<Hb=i5;XCqXsghVV#^#gi(EEE0M1Be{;$D(2c|UR14E+Wc)#L%~XW=;_
zq(?-K-@aj=qMUN@p>DThfbEhrl(n;Pwk}AjT{%0GcvFK?X_R@F(;c~YL{2seK9YE%
z%#yb85VX>+yoAYt=)!i)JBlx%i|_5Sa{d?^v3_>;!uHwTGJS_(rnLbqBQ&B6q8hnc
z{!j3;wyIJ1-WtH_IHPK7N!k;6Gp}$O@$Q=K+K5&^Wb)EtM@lv@qnOeW(E(@6*S|B_
zs)bDS0SMJqgh*s|_`ZZSpSaDse5Gts_x)VoFLWvFUJgi&pCV6eEORl~Z@K2aSfsle
z?)?Dw`tr=5&6zgyV9%vdoSyo5%Q(1j%V&nCdHeHJQ?Nuh%C}tbtX0RvT`0wBh9w^f
zY+!%&rVeSf&9WXSZjZ-rg*^Y56ik_-5ocq@f6Z!4nBqiJ+^0F?g@@<4C(pMrFMzWj
zTCPg(1x}^c=6lnpFOK*xT2vW$r{$QB?7BeOWf5JUaSLwC`f|8|ka`B9bAb0epKg~n
zO|`u|oc?CYc0dvVQvZhkZy;1_(pIh5|C$z}<4k_I_KHK?<n2A6n0(OnO3WXc_*TRC
z5M1r7e?SBNOD+Ye*jX6rfQ_3IAffSG?;TqW!M3Y(*1H<~ixh{B`k&wr0}1C|>K0Lj
zuEAM|IW7kYT8W&F!#vU*&e0Ne$DK#>hn?r)HTO(A=LII~^_cGR9ZN52H4f$Q1t7Id
zrLjQOrHcb=n$9QIKnFJXeaRO{XQlW9H@Lf!i3*F`5$b;&H=n}PUqbpWCwKU$Y_#+R
zw_y5W7x5~oyJ35B?FL5AS7!F_+>UEl1dRo^<SNm6-aQ0&`u#$2&zGfP{RhK!O~Ik`
z2`2B%bMEtlw)I@2@Tg+z^J9~k?LbKIxd&EO<qegHM!@M$z<|5sULwQK=Fm3MIr%kz
z=;o#%6Qi~W!-za!gbSy30D11s=jxCdGut;)2BYUhs?GLZyurSC)*Cke+{i2|Ry}xV
zJsyc&H3;WD-~P<ASA->5|0PILTH^x93T%M)vzO57RtH<t8WqEzE~g5Qk1$(A(@2jz
z34xSc+7;Bctvl+T-kQaYM7HyeC@qGJ-CDz!PQX)c(b7*Za80%msw~$*jm(=ud`1Z?
z!kH5n5o7tY(gu6zMK7LhRAPL2mD7IBN-RmRX&}^IY4(n(B4Jf<a^P;H3CoLP0Mk6S
zDq5DzLx?Xx80I$t(a>kBt<P#8Ubg|{(%z?0vO~r+!8Pu?nKhQQ;<h-2u6<ZxuA6nJ
z-594rXPdSs7xsyqYf=upqP#>N{R86(-dPG(sm8zw49;#1A{h9J05)~ZOCd<&-5(!{
z=7=}Ar+b@|Q1d}$a!a_RhwS}n{fF3|GGJ+!^S3N8`Lh>Z&^=1?)h^aa4ajSG&}8xl
z)z*?Pnu}kN%K2%e4&Qf$Z##sPuLg`HTYg%wKr_!*Saet~N38ni1^<HL-_8jHNjq7r
z|5l{Ce_|hl5jN3))o}Z{LFuJzH2nInT$0p7)bC#el5xzWOlFiZ&rFe3Ta#=gmGV#e
zJes>V3~-B|*iza%|0a?|n*Wfr)^pC>d|;GBi^01oiJ7J(QSF}61sYH5DfFQyPgs6_
ztjRuy$Zs6WRqiKj9#~cSTcl*4+&PEp{@FmVgq3)t7@H1?*%0^Ap89ooQmGm5#Dw;2
zQ+O+18vdh*)Aaw@g2`0pdF(KO&x<1?3oSSX`Plk{sPgN)|7L7HVK<)xwHs%{-IIUU
z6)L%J4YqL%I0?zz9#H8Q2JXl!rYo2|+J?+}ANO@)Pp0GyQfEgmGu#I7CX?Lnw~RX?
z>!-PZ&`0UHYc5Tu_C8{$+=`pyiV3f>$2<8uxYL*6z=veRN?wS4Catt$xEl@GW4YU#
zg<u@*9Y>HX`ysc!!_hNQb7n`K5gJ|M1HbG`^i*c(TRgS326ejYoPW+;QyyyNoBLIy
z=~lgNRN%L-uTM9Ekd0^rvjkfd*0EPXM_>9v(sN6xAjP>|DTU{9<;|qaRD-nUE~T6}
z<ZN9UgWJ3A)Ojiea6#nT=j35v^TNMX6Nidb5vuiN@Bz(Rjt}{pQMplnrd{?phV}}B
zMsX1NDq;X_$gpgsWve-daDRAyW%3gAO`oSQte|7eXW4u0KjCV~<Q-Lq4J%^$cJ>fX
z`YJJ~0vtvg6Gef^{=A0Wc+|ZC&UO$G3@-8B-rewXeJB&_?Qv44(W48#MN5dYXghNz
zF)XrV>HN!qikBUk-cK8itQP6Y!}CB7QS_3;MY}&XeY&}m_cM_p2DBC0{daz$AI*}#
zg#8P$;;%YP7N`PLh}HPV3qU|>uF^#OmTH4zC3QJIurV_fq?2P60{OC~qIvcHr~nsd
zIwiP<H+*oa7yc3@))GDqPkfWSMX7&2=0;!(54Z*#t;WL)>|SWB4Nsof+xx1z{x6LC
zukvD6$i{0vUIOLSE`YwqQ^x}`oxV11N4*QSySlJHLMqbEuFLN6srN<!VSnKM_frc)
z$j5RA%39K9$|Qpq_613!g~|=Tc?)}vV-JbE)2JSp+6Y?N!_6$X;}hz@tEArS;rSL;
zw1Et5{HZ}_1m@1of~&_1oyJCB-hpP}Z-n&W3%<wT0k~|rumsZGv)^v>m=(W{J*G|v
zYBzRVq)v{N3}set)6{=pN_(>VuJk88$w<WC_Cy79CoIpu6IVYqJ5W`cbm|Z5+Sb0P
ztIRIDt6s2P5Av}S7$u8zH%OXAW=%(y^G8$C?bZ0&6>HRgoV!F(7~CPZjLVyg>irv$
zXM`X4)5*UkfVa*FLSNBr?h-vKtlm-6_LU<nlr}Hp{l|W4en$ncaWG-$zFFhSO*=;Q
zC@_QUU#|JhKO_;LSIO+e<n@eopne#SuIn?~Iq_cP{E^z3y9ZR-cNWb5YD}k|I(AYY
z<8jM<^_U6je*M9DNRGFMALrb03M|Xk6z?{;5#*1(DU1jGlH==%_IJ4(BC-TuGU{&!
z%R9L1&5E{6X_ZeTUc8%}Y^SvKRrmy+V@z#RDfDptKucbx4TV@20S9%TEWf|Zr@eYS
zkt;nDN8TzGSQZo<nR9p&I7@7p|GrQs@8PeIbscYzc{`rE_8>HOZsc-gC|PQz_V`fb
zH)=wJ6F4hW6Idzj(aNs-SBH2w(ne{027E04fnTOT{9f_CP%N9(#WtaRLFPVOD07R6
zc<T+)3Cta{VZp412s!3YHW4A$lUENCv1aS0w+FuehQIEn-0O`y&x~pM{iml$+a!`p
zO<|s%tVS)|_fxY7<3u0c)QMWcOy)t;CM@3psuMxL=*zt}2hB+DfnoFQag7g!Zxf;n
zXcAkuz-1WT+qlLM;aDi$D+(?l(5+A9KO~k;8sF*C2?RE-&^3r3BWto2oyn-TK#2Nl
zUeD4}w@{Por&eFqAaStYr#R=*mLbw`_GGmOv(I^Da<j+xi$U_aw8*d}(FMVjrlA#o
zKxoQcYt*dw5DHNlgoYfj#FnQ(fBB2Ipl}hX6|UYBenNlTir@M`s18kqs4h`!=&xRL
z-xTky5n>Jv|EW@Le<YJew@yr6NCj=ML9M0_2=ggM?j9Xv9p2$lB1ZSXbO`8c$Q=Kg
z=aQp*0dpz+PQ#NID;6N_5Ah)_*RK^m*s)5|bE9s9tQ%93wyq2gtSPicKB`jfz-x0?
z{cVS}H5%fV9%_T9W}gk~2tI|tJkE@?g&ddi<fDFk!<;Fj_*_mS$|EqhYJ`xl=}BQf
z5g&h0e6DZpO!3QC5>$9^@7mqWBq;r6Ps;Np(#G8w<zEZZV>sW<`oA`4Tn-D(SMq*f
zesC;nT5*0jYvoc@(WVj`=e@M=6OuRhJ2Y(1=wSBY+J;M6@9kxlU|z2%+B!ENI@FGG
zHfKTQx?Q0Z?U2{kPC|bt;q+7UDc!HPO=b9$!~Ii9I#K5{Y&)Ri6#}Jm=9OmJ;M#8}
z(?9C@O6)T4B}Y~Vr*p}KkhAcOuebhau&YFI>Eg42K$Y*bo?l<Qm!5?^fCRj($<0U?
zVU5ZIfykkXpdvL}iV?wS6KB^qm5~+_Xbv?!mGi8E`pQ-hc5E!TU`*k&s5<u(C3{Y-
zmml1&y`_QGA)Wc<5nMa}J+jxQ6S8=)zck$B*F+y``J(wWH6@uk6f!|FIhE66GqC+;
zbSCoPx!TF%EugUadbaa4M`{0(g#Yieky)<bJl(HK=fOSe-y)N^DGCo~YHcgL=NB$n
ze0#6c-XE8m94DF)7cB~0_x$AH)uTMyJgZu$wY~kZD1PZhzd{wEa+nGF0;$#@nXYkS
z!tU*RjpQ6(@W=kxoE0>Bv*e`4ninqkG?3k%nn&v{beyvwQxNq9%;+%%Z4!}H*l;Bd
z^Y(*g7Us-{uOECgkHwR0M)hZB&E&u;Uns*HmPST-As3Azz>h!#@4^qH>dveEE%jlE
z@khp-eDZudb|#!2Fwe09)8$@MiihGUOVYCu8r)GM%`n{-(ME~Za;0glu@T4Mw`9f>
z-)A3}PJvNCY=Ln?&sW9i*^0-~ZLZY|ppPx3H3*b;wh};EQPA@m43(v20Eq`eriwKB
zES<*ca|-?K|AGCBhnF!*rtl>CHJ*nMHw6!)ixMWC$@Gd5lJP++%(JhdzWbA|1c%Rv
z{lfEiS(sYvlou#?ZxZsWI|QcT-6q80kXbG`H<Jm^p!>r>oqR)>l~tT2&LzPq+os4$
zb0KDVS8my8LG09e+O5p^9?I|(Zj>_DvpE-q%bkHctgZZhl#tNPJbn-bsWJPrH8j$g
z!QrcZY$wEo_C!MM_~osoqEOofo1p)$pP(>ZO!$6JS}Eg`2ib0PhZwJnBq?r_dUmM`
zV-3lc-fVUHH8Qjqr);vcS_|}Z*vLxyOwxFR(39uff7*&98cY!;<hl3DU-JDbGJ>Ah
za#|=IKAu@w{5P!~-kxr4Pfh#jUTuS<1`N$-<fL=?BzGq7C4w%BOJe9((ufZv`RwOf
ze7>1;X2rj!=d=>4`W0VeV3`|+dr|nEdTN3Mvx+A$5qn82rg>jpe8-UQtgu_~xSx2{
z>QU}MY%b5;sOeYFmgkmpFzIrS{#5l%A-~u*jaJw=Ie=6RCEex=KE(6`Xt`9c_9%q#
z;>ZD%KDen&u*@1-X(YVqa13s|%r!A@EAFd#BCxvaGy3<(gs#)usMkH$pBSybrbOCr
ze2jY9^`OA4{wVegVfSB`8;<)7n%93rl9#a7T<ydzI`O^3!pQjFjRSmxD950AuWE+^
zozh?&LCf0iig#DzY0C6I)cEOt(6}dG6Hvd$Dwi6zon0Ro>}H7v3rA}91y6Vkw)&1;
zJ8fKl9DydT!8AR<{tkBrDE!bf_Izbvp=-y<xEuD(hr7T3Lbz;lWBxkjl*GP{K;7uR
z3v#&n!l=?oqo>Hc1E@Vldy=>nJw#CX3%Q9W9d$FR_PK7iNO)B}Sd4#^UFI|X*s5=p
zW1N)!KnVT%VYB>eoEg#W`v>EnU*k5X%JoZjCzft6RQ}D@fyi1c@S6=6-?KK}t>G;W
z4<ESolYUmxs@~a%d3DIpM8<`#lI^&7tgBk}jpbu-H>)k`CeC6$YGLlw(c=V<_s$hf
zM%d!~_b<P<Z#jFtsq!;*_YcBrR;zJ?3J?*vseZZH;=jcB-??dK`?nvM9?Sx;pYf)E
zOtJEUkFz%qpUx%HJxeODgcJCG8^+<EnnA;CSbnc`c04s4UxN(0MVlybfhI=)eXhnJ
zioeU3_AD5`BZf!tUlFkYQ!2LP_gN_J9@3E5*}jlh`sJgE-*;x;wO<BzNhJsq-0+fX
zOx5eq;%ix9PZyZ`%I!ug?ofFJy6eu9`8+c<Zv&TlTK%)TB%JhMu|I^e5L%)0Y~9Sr
z$v3u~7WBP0_`;$}kLNK4>*D5VE`@U&Ot?v{)GO87WUALe{t<%zLM)zQ+fnt1-<zJW
zxc8SdDHd%)N@&Yek85Ss@s3%mdC4PA;$ioHg`bZoHFM8Ad6WXCQoy0EPRo~+S>T!1
zkLvACV)a)r#m{clnt&iHKJN$BfLK%K2auGK&}&9?a1F%$qsz5T7Qe8AYV1YgpBJ(U
z-WMHJQ=0C2yY)+GdZb0LuY7*$ff_hvKzB>n<4V3DOG<rObs}L~YoqA)->?9m3&KB+
z<<5?WTMY6)G7pN(TiUS&e*4Q8f{yPC@4g%Eol1S$E6%H0quw(2UKl^NfCzoPweiJQ
zkxA%XtMW@)x{Pxe;CZSGOy~uV^ZT-O_i&@0W{1DR`Xt8nwvPz)p8LP%qqGH$myGbU
zS5YK&F6yA5(RfQ3!fVjl60Whw;o*;U1z{Zm@cykHYM%tpx76RhjkMtYP*Je;TY!0k
z@2S0QB4RIBNcLxb5cz_}53vldX;b<wN#^<2y;jvvSF8J~`__L{_OI<l*JngT$T5R{
zH7N=$h6Ak%YJXXLC^Ia#A)J~nKT^KXqnk@TwfXm0@p})a6zAncs6_Vz^W3savB6z|
zy>8??Aw2;X`ggbaC9bbCyO_(~OK6t_vr`ZArV+O{0rg=YsLrPzR2F$!Ch3~_ed9KJ
z#Q*2vTxdE1@XMHe(+0CVAwbQ}?(QJGP9_>Dl~kIQI&Jz^Sf4cZOVD_5EU<oQPr`57
z*O<q>qA3D8r)mmjL5{%^7jWy&3EKg^{loLR^p1!e!`8=*c|P$G1!ljm6*D!wnYq^R
zTtaoX5>u`RtlRe%1p4B?C|so%6&#r&>>6bg1k0|jKSm?Z{-s8$Ck;itt}S&&X?%5m
z9opcBD^;n7F6&ZU>}DVRSa9poF)q3NW&XcE>CTOx{uu>F6WwmP=F;Os-;b_cdNFY+
zqTqMz?_er7Is)n*ypdl2ckQ#sN#~mzF@HUuan8?h?k80{A0Cz-sB~nWN|oX_ouqY%
zj_M@mBg5h*`R|!VUz%}k#pG_qt?adR$Z!Dv(5VkpD1UPh2Xb#D5bdg*_hNpRT-#`^
zT8slFav<d+o6YLswfK?&nC0poJb0net2g<tAmZFLVNhbnlENBy;R>58o7l0U@X-vJ
z<r&6&4`L1NAM3H&U4oo?3Q>Y3wyh-3&Jc@6)SZf;rgMDh348?R90Kf6o*F;D$!?~#
zuh=XEYZ?*0%P-K7^<g?)?>emOBb;L*ld;^O+QLJ`Fwggs?4f`OAyNMz3-D^Yhsmfr
z%&+nRDg<hDHiaG<W!nels3rzY!%fE%0`bRYqgvPFb-VOV-2|=vii+~c-+s!El$p0_
z(9azvgMQ<{!L<3v&%xE}-!Ylr=L1}0)~5~MvNq+ry;y?0jPy}K5A3n<4Bf3Luu=C<
z(AB^7x4%y^qCPnn+!Bq?{;Ltjz=|jF>V@rt{v(<qe_Y{5hEoR>sh##;ytf0V8{08Y
zAu9G)=ji5h{=nf>wYN4NG3&PDC6<592(Z7C=|F>jbhR^8xlWI6gO+Q4no^%@R0t~a
zYsZZRb0Y;7Ch18YJ>6C{!vISy6JqH6yNs;hsS(HOGiwtLUn(uiA-8|7_GvF9#6T~q
zR#UdeU^q%0g(807LE~-V)X4^wtQ?uaI_qcf6`SeiH7a5y5($~v&Tgj~t$$F>Om&H?
z7-l@Jb0LUMKU!CqqEqB$epH3WL7dHafifLvo{h}=giw6s_MU!B-yr+8YJGUT!x82}
zuSh0)PO#=o-n)F{d$Bfi7UBcTo4#g;tC=b>kCv0OXDl>Y4_d~Z=H7N{jqtvPx;6tZ
z&b~d%{LyB){M@mKl^&t-hST;@v-OOo5^>|d?i6m1YGQj&#R%@-Ny4u8)c5ow4sDh%
zPp-$D4;7GGaiOe;*q6Nix?g6w$h5oC*X;i4wV2F1qb5JynhwCTLm#pz@J*J+_wVwo
z5ASI@cRnP9`+oJ=q&~L<{oJj){)OY81i*O0|Kqc!;lu3q)e~ptYr~49=y7hF;>^bT
zsyrk90^egDl$VE^0JZKXxQLqw{;UTRZt!RS1M4|<h=s?{;qT?2u|l;Vg}?{p_Sgkf
zOzSAwzxwfJ$*zMym`9_-NveiI*<I`@mmB8eo{js!1u*+RP2NXBJRRr$bSF=$%=hYl
z0E36A-CcG}*@S~TojO@>DLwj(IX(L`N4=NVhq;)6WZyA?UM;DIV`j%^Dd0?&&NyL~
z5q0Iw%xecTsrc}F5S4>TrrzJ3i181X2UWm>jB#ln^#xcfL2dV`HCl|OrQb#}HenTl
zWw%A^fp1pMzD}^~ntkWCAIo%Sp3qvWiTY7UyE2rnlbg&T)tP<%Fws%HzIQo}c;4?N
ze9!uUPSZo+Xr98lLFaIC+D5~9L*SN%vw>qi=bwd1qh*0{r%y57x8%m$DNf{(TxyZ*
zrMlP++3j!XGit5-Z<`;hkiLZyp$_klX!QRQlrLF4OtQRlu-tJ;IW75Izt!vAvL8Nw
zm##G8{)|-q9MFn#*PrrdXw+7*8+_p?eJe-dWC9GyK+yIys(b^!rq54X#LFGx^Q<lf
zzG&7-x!L&`m9nyXR4zz$PNFmY5L2sLD>EMEBm8NPvO*E|1}V+aQo^mL<jnLl8#`D#
zS^(A{soM4ZoZK<|C7jox26iu5U%ejj9;!~N$loZ_x_xx@x7jKG5$obezW+rW`tr;#
zWbCWz{8X4oWiGjH*x+^vC#@DAUUWT@V4_Grl?B7-Em7RGrwEB{K2u%h4dQM`GBrCW
zun&oCYLC*V@(&NH9T~7FN`<W!E#ac18sZLq+!dkw=XpZD!k;+0<BMR?I%o@dUWo0;
zuF305FZ^CiNPztXMB&Btz`=LUC#JCqx?p(kr^lh}t1KJ}9*bnrqZ~&ZY`$gl$ZJ-o
z1>}H48P}k27f&v!1i<I2sX22fPd57Slfh>CTwo>8H`SapQj#-LfoVdc#t6ds{=3}o
zJZL2_urq9?(i@z5NmzjqcE^kZpdD=Umf7>3EVXsP#VOR{Dd*$&iDFMjv|8$c-!ldx
zT~9S^Q`rCihqu^Z{);G`ymsXMF^ctiCT0F_VJZ_8IM%ndY>CB`O&s}GU>bz%EU(hI
z3x41ozCzvItKXPfZ?4}n8M%-?-xe&n4})hOJR*SBI0Wi{hBe0?mhXJI<S}t?;6%4I
z_HaF@b5DNYfjJn;y-qJ}qb&R4EzC-F_m7}}T4{vOK1lVOF%PMh^kl2Bid?hp7wO#P
zR;kDG>ZO1{1x=A&@$g%&S!+7hi}Fqh_@77(eAyL~BObR~U42l~aKsGutsIhNzgyL^
z25TZR2w<g+Daep>z-;3_vp%!xpYDW{M-5mRiJE7Q?mv3>zi!@3)~C;(V>d`U{JsBJ
z5>|o`i+!oBHi;X%H9i=J*bB0!W0;rUyf+SE7f*l5wqE#qAQxjC^;Qox{0;6!f*o-9
zw+Q)CY)Np-fR>)hxlXvV;s0;zj^o*GH^`0UKi$OFuU`jIP99}B&gpkqbbNVqpuvtQ
zw<*^81`;zXw5S#2)1-x$$CLl^xzGG_S*+3CqaupC^@VnzC9LrEWnb%s_RnuKI<8ah
zEV{Il_u6}X-42J!KD^na3#i{u$6IEfd`1emIS}z)gNvWIjftNsD94??&w(ryyy?S)
zh5lmB@H3NBTf(T_X}uk|w3Y{Vb=?MIOX|0Jo&3JX{Rnf4UGk(4G`Ftz45;QBpB#J<
zzpko3P`m!|^56%cK|;$+%leBBoY(bAW&2^L#=>G;#lzECM!t!PRVJE`4||>P->Q|9
zwX@ppwBnjv81bpsze2M7JztPOHG2Av@cYl$EqM3q@sB5;h2l<Mahs22T5VrCQck#O
z`6fKtup-YhmWE|bZTS^=KdKgf#doY)SFZr;(_c)kw5s{q?MHx$&SwHG58IVjS$$`L
z##U*^X2Wzl($m$dug~9HKDIvhuDPPJgopTfWL%g(o>pA=vTFUrNnh`*EI+%X14$MK
zEAP}DoqE=`Bi|)CF;a2sVAvn4QNz`z|As%`QggG}<pz*et2D09KZ~DEDS4w*<{Q#z
zY8F-Y@0y$bed_0S-%%(uZnvgM(B0v_y{(sZBVRtk*BF?gROWxL15F_qR$$98M>?%s
z85rak6N%IMob+;6{Zw3fxtr73>a$o|J9p_v5RdV+a-*V(!v?4@h)b;#)KpK#Emb%1
z&Y3TJLX|KQE(L+@M%)sCl6R-i0@;)ms$dgS>djTXAJr0dWi*N9SZ+2KX(y-h@%Dfe
zQ*solvQlt;^zkEL6o>eAj#Q?pgt(SeAfyqWxQ!NV6HQSx{I)a8<2nZQr_LqvUO`UD
zsO!xuYZDR72KkT4E)aA5^MO&bu?<;iKQq<p_hwO#IscvU(*=FHyFJ>0`p_`Box6Rc
zAR$=JGGc1t0YSUeug*$4%0@2gj<c~J_L<X?S?#6VGQ&pF!4zeDIoUkJb7|Yz)Xxa}
z?{>CI{d<F>%(>oUo3Nk++3v2&i^H>F<*}3Gv4(Ory7if!A40Ix9w+`}R1akIWnuj1
z#Bp_<XM!k?GLzb}dx4BScEIFsSEp=NEhnzk0<HkDjmCer9y;A>y>bx}ThQ=%Jgp-0
ziNl&2>uzqGYZVK;>M#IVF<AFEd3Qe}GztpIc^Ks|GTzY89r%p~NF2|`IPX&<syXf+
z%ftC0w}aEFaP$BC*Hu&~A7eaR&R@BS{2X`O^Oe?sD#K^iyX~^WG=r>V{xYlxB<!VM
zVbkIxG_xpoRX4}pmCRz>X}wcDLwOm#gWpT8RXwX@-&6Pbc=#B>D7N9ipYiS-=;@B^
zx6SS+2ZIx?KAu<p-RnH}(aSI@bN|PpJCDsf5<=insS2CI_d`-wewUuHQP5~PcH>~-
z>oXUkQrlN{I`A^a;m$g#*RGk&$uo`Y@;6tf-j4I`lI$z|Q@^vdp(hU*1sYl6K<SU`
z3KK%8TiTQBivFdh4!Z9vJ2rwYMIJa7l?w5mhS$T#jyyF+z8Ot8^S$J4)Y~v`-O~@>
zry0}^uZ$&}!Q~FDOBR$LG*S9A;gZm8b=BM}K16m)I|pXrJ+gAswe{tw(}(#Hm{UUg
z;In7X-g@3W&u#bBuc!reZo~fd*POz>J3SX({FB8!;XE>~6b^X&r%O3taN)`Q@>a<r
znr}u#m+#ksh_K+P+nQ^1EyBXYVeHSNCiTf4Uu_hwSc-kaFs};HLhm+BE3Nns3CSPJ
z@A)wTvJA5aBd-rUda}8%xx(zy$b=yRU~(PU1Kh2@-sX4K(@&uY_1x&t3A?&y5e*O{
zPr#O))nn$Bx9E2fRTg(f_zxd{2}|Fa_+g;jI~K#2{C$=7Ay^bS&1I_7|DTgJRC>4O
z)K9a2q}i^m8~mBZYH9CaW;d6#z;M{=dF&at&F?ODY(*D7HOsK<;Y~l3o4Pi5YFo^8
zB+Zm)&w(dO`sXcGI$3(i6?!~sc6*w%;Do#L*WtvJtDN5`0%-ej_;IzN?vzt^#T>2T
z`4NBY5bxn{4N>XvKJ5(L7pJvzP3Z7}4N$l%qxYkrcXB^2VWE1?!<QZH`tAs!ZvyDL
z7IOx31bny1EQH11^d8gt)&A^vy|<R#l+~}~i}O}zJZqJ~jz!tOxZGRb3(jIElPcKG
z4*yywoCmLQ?fpz!!gB0gOY#<~^<X*V)~3OZ?{G!fOR^dH1DYUCP~`1oJZpB2p~z_N
zFxUe>0gELQ(9W^~1=u?>G{%2FTm@E1*0}wOC^Mx7uP3{ZE71;;#P%ZI3Y%r3&{u)n
z0I?o2-10D58$c<#0Xt#MAGXo=wfGk4_VU}S9M2bmy=47no9HM>jMS=%rHbVt*fH1*
z#yr_T7V_@u{GJuN`93+zoqSfT06>PyO<5+gfoPz_)WY3&EQj({o7P#V%JTmDSJSLL
zO$}s)X47aY8lQQ2^YdgP$zz8pO1|kYmTQN@B+JeU?i#n&ffcg8ucMli=*P;8B-B__
zPcJVGPh47BcXkbnc7`O8P&+Wl9f4q2hCO_54LzvR!zyG)fm&%^2(zgc`fR_T+S{+)
zSGfo}ruT<br@FJzgOUC*9YGm?h?jvMfssRJG7sSahH(NLw%^0d{c{es?DWx=Ypg>(
z5x@olPz<w+PrHD!m)jUj?i8FLPb5E$6&xJ#)?M~df>AyU^NTXcfWW#ZdhW@<s!u_K
zoM|f*<I>VFEyCNplJKk_WWDr_Rr1tgX)KNH+Dxgs2rl_bw`7DL3#&Mc!etf-PCj`=
zBcwS!sb){L1~Dqh3M<Fv1{P~8LMMQHWTnQ`*z18)9+&7^U&bm+etz*3l4)dv%FjVE
zuY+KP%Jam{FJlIc5-eGPUJci#5<XV>HAGncX25D6?;b+~?S-zFi^sfvqtOH3+ZY#Z
zRnZY$?Or-&CTV$_;Zkx8FP2K$?!%niAV_0$U`N<N%~(m&VYV)#P=X{Y_(j%Yyj4Dq
zl5|%QxsmyWMoA*8$f0Bv*{RR+Yn$kBDbz(q>-as(eYEL9u6iIui+yw?LbU5gLQq83
zi}7;*u?}aXqBEm0+BE=pG}#%ARpwo0l%Pqw1Ru%cO?V}qS%6JJ7plJOM4}p5LxP31
zgdVG|zNg2O9qP3qr%RG{O+BsbLP^r)rsQ!EZvPTQ?xRrqankJHK5NCQI0N=|bn-L1
z*;@})5#Z>KxMO{Iu;7mIb*_fqW6`EX#Ot_oLU%?t)(SeUf+p#*ACVo<%*L%yGGX%5
zvj0wKRME0fe5Ft%9e6GFI2k<kV@#;dlbrKWYX9{wtc__}#8F@*NYeWii1n2ri0Lpx
zRZjS`n@kHS-j!w-FjdnBkx9PY1jadUQVugn5(II25T?tnDTnoai$Dn}iVyE#<Lh!l
zxuZMyrOBy+^W^XtfFfKCc6w{Mcqi(^AmZ|nP-bcWr|h*WSAF%^OJrITDpms}KRPNV
zbgS-QZ<mb$0TL)@#uRz%#MAm^Qf~YBCspUTXlV&b;OvmIBiH38P#LaWvvz!KOC<jK
z3>R{NsL`Tc<ShF9$SFDt#VVoHEO%&%p?30+3;s$J3t?fC#&|s7vKf9S^0)KT`bZVr
zIPtg;&6MozNGAJI|E-_a+pSACfLSoUqk+3Y4vcF7EMVJqxNlqxVEZ=BU<I{?`5}~|
z3Ja=~RM^-jl$#;%6&VJ<ghx*!(S#0JN#+pw9hxN3c$0C6J&Oh}{mf;(%%fYRZ^$)~
zq?1Km4OY^$S6i@$9Znt_Z6ipKe$VelD#Ex5PpZkmO#sR81;q}^Y{kidp6fUuTLf_d
zcY#zU<OGWBs{uL=J;cia;Iqgfm-@`XoJ+jj43*|dGBLRJm*Clu(3SBY+mHbrwFj;J
z2V*96X2!9l$vMp$!LJ;e_zTk-OM+CQ@`-++v^B}&9On)%XRT-~4a0l|Xr~Mno`cq-
z+0H%jl;<|XieTBL{m-LR_Tm+gPED9TmAT~TEzHy|CPnUwP;mq=6}FS8hysN9iTj7;
z?*%Z~Rmu}b_4rw-*us=j!QKLD9G{g36y1ZD(`E49;BYTgju+Eiix!35>8y+sHW##E
zF4e_Fb2D_Hec?gKRIJ=R)X5r8<y6-ZGcn6Z<2Ax3)WLD=PVh_E-Wrzg4B!IlbWO0u
zT7OM|zI6DIA}Knu_<;p*F9sdazrUC6&=x~BK>L6dMUm3*1P*BrN<sja_k&-;sV=SV
z1R$>R3`fF4UV<&+u?y=Gq}N+b#L;vMw`706MH`f!#Uz>Xqc@~Mf&Z;E#y47^FoM}B
z5UZJWC}SGJvh>^HHk~&+&|E~D%5%)r?=eE~C%SC`-8jgi_9g9ka-1+Z2Kp)_B4^r%
zVS8{XIBId=9a}LEbrSaJz><L^USc9*M<9@GMb4D90LDn?39Z=orDu?09Nq~9n`o>!
zUXJ%xyrjEBoWCaSXyH7v2o>jh_kk7R35f#hKBxpgn(Q#Ph?n5IeIl@uG2@HEfJ2ql
z8<>BapU)q7NI5^^vNJdHzOR?oM!8fP@(8<}tQ8=z%C-ie1&7`_t3NE)m*yYZ$ZGE2
z!RFh~l;jCjVKUjo;G|POtAxikS}%}z_k!Ws>ep!$8FDUp?_&5PE*Tudgp-S7mKqOn
zWF}P@mL<<=09{0G+(~f*Y5Fdt9NV1X${;ATN7@BPLfU5?NY?)er75Aa!3tUyD)L$u
zyvpZ1(C~cu-mnSjbPZq^SVHs9jcrtOrC;0RPv!|KP|>j~@3tv>^j%GKAnZ`hm!cnF
zWy^mVXYrG(lHt4fCz|C0N=fxiIcP9oRXGeq2^rtRLRVAmEhjDwg`?Gc@9@<b-}=A+
z%YT<PDdvn%qTY0K_^9+-l*9z_Qb~CE)tPO@Fa^nQIpppdvC<ffWU1K=sA|B85oDAx
zl=wW(RWZDo;7dNACscraYFH)^$jD|3jo0fcVcF!ykQp(3R6wDK{lpP=WI#i~Q;PRO
z3&x>Y1DypVBv%U;o+36qr|e6xvrVluM~hgpR`ZEwaoRslo&1E}21Z;o7)jQ+F`VM^
z;1a+9)kM7|Yx&~_jAMPQP^DQwO?{R*#6z~xg`wAE-O}q|8?H3aBk4b>#AM!Y+ZKHD
zcc8BIJa1Ivgg?iM`y0E@Lt{vQURJpWpd(ZwySrmYvJ5|hjFRD3l6^1l!5@H2v-dYA
zLf(Uu5BJi-G-1uQ_kp+zi(rLS6;5SCaW~C$QTh{D6@JZs2D{6m5H0#LkFi-Ty?k;*
znIqr1DQ;Kem+DH)LhSfIOiIBRSOKneme>tv6um%z*;4l@9t_hLIpF3mE%uwW!^mYs
zfY9*j5KwM)&xCJqgFY=Luq@6z$wOXq9}g6eN%j}1MMC+B#k?f(NyF2nvZ4mihw0Z0
zTWet9<mT0<b*3?Kl7RnZ+BabUi-f)bPu@XsqU$9vQhqWZpgX;kgRe7K2>piL!A=)-
z<%ie~<f;Cb5AX;um19*592@F5V=%u-Q4F9d&G6iHX|`+~Q6pJ1^7yAUWd-Ur4h$oy
zd+O|qn_l9uJ=q-&lyf7(x9n+h_;W7!4h=4;xq~hNdb)>HSj5Rh$ARzgE!*OQlz7O1
z4zJ@Fb5&Lr8YQ!;h<hfpyk<0n@g+AB{snbv%5pJElu)u>vj?UqY~W?y1jxDjzIhFR
zcZw0-WNq=vK#Fdt&UxYw7nX@l@Fhi_>yV2w5WSnUY_UfBk!=GiF->630O`b&B>Cda
zDrlP*NEx1Y9tk8TKwaVBsOyIrtXQxqnrh+52RGwYI1yiN_;u3HFsPUN&2zavt{vSw
zQ9YOOn@=i=uy;WB&y0Ro3e*4DkJ>RI-%A}KwInHtKHU#CE>yx!z%C^J=1->lXkawn
z?+fYi?k=X<44h=XcY>Ap1GT1F2G!veSM>`uEwy37FMsUc{hT!$a~0|acoue5w<bBv
z5d+^;3idIY?2YkuO_lz4_%_K}+>Z>Vo*MtW=S?W-$Cg}sTF$bmxA2Y$tm(2)gOT!+
z)PD|f=?+LF0Bl)?tz)I|#d*O#Tpov+kk}Zk-o>;SLTbUzF%rpRtm8rhk#v;Kra}Xz
zyh2-GZ$(i%^jO$=6Haop1?mP(xO-K2eh3IVISOdZ8)K>al%T|GwsZog3R$`}&WtLh
z8@XtQtaD3JDF#UWs)5VGhybF)aR-cTn7jXvFx~4F!%ziHMV|M_cZ79iy7?bhlzI)*
z>m64&HRoh1w!?QrC;@oRq?;#wcoQZ_=psl1WEvAUsg8mZ)R?FM3^LSYH8|ODW;!Mh
z{7|-?Msnn%Vp#h)dO#caZuWsbC{q1h>(<Y)Qca7bVZfxrK+a|W1M`UvyE8-wzuOS+
z14@CSjxTx1@w4)P(Sn;~;02Q2M!ka$f`9Ce@Qt@B_JzQ8u|5yHlXqm%CKkz@oyPY8
zqb!%a8ow?ZppkROD&ecqjc$u5F$CZHj<8QD0I`=-n7u=Yaq4EuF2=<QP@jM>*Hf4b
zy)-0;`a>|MB;o*7Kv;`}9>G6Q2}edFWBbDE$oM{kko)RN98+sB<BcnbehzQH82&y9
zVMF-Ax&74>qSgM#?vuX^Kd#V?M7IRzaO{Rubu{gZZ%6y@$Nk<tGlT|6W5p<fyE1}b
zeb8Nk1~Tw@p=L=Cvmi7*d>`*2BNvSUfG#pjn>yqKM(o|qg}E2u8DwU&og_*T9#6(Z
zLyxd;>UmCDGmM()N|rK${J$z}A2cvRwhJ1d!e*g?{A+gIVPyw6-#b!}4@f6r1W!i`
zO!kBFQc1qn1!3Rqn+9lL=#R>r?|mY3ETP$J*Q&IEB(WJNg}=&h@Ew@vRyM^q!rrq=
zj;u;cQZ`@6)VMpmLU(UU#M#Z`a>@I$iAwHhW+d7<0OG)?cSOOgw07u=(gx#2c}O8c
z_8MJ-08s+^0*0t`Vek$(!b(f~ELQJ{kz+4)R~;FbdrwA0tRDCQ7O~68%Mi!vEgJo=
zu;<sOh1$~dCbv(;nFkoaWZ<jb-$?1N@G%kH=L<d6&vECti~rTk?h`GU*yTw$R~sF7
zpJKr{c;Acp;ajHqkUg>d2EK4FB{W&O8N4S9=Fx&MUt%^Mf@HGya&Wx??W5m1jBJHY
z3}Vyxn>#e7`Q<$vobWaAbY#*U8YU%S9h|=5FOHIeSNsI`%A<O<`OKSs!07rH2uKGb
z=Q<}yqqTN0Qp0*#RPt^Bq~qJDcSDla<~Guua73Tp(O}`7+k`jmX3gHh5Ut^&Dtc8l
z7-@C!f7vCn>2BLdQb18Q(P5|GkOCI-P(}!??sq6woBN(kly4!86syS~ApU`Jz0^~8
zEJ}!O`5<id3kk|*20CY$dP>Ane#7Ny?ONUW-_FBSsaxP*`lszG2~^d+%@LEW?@NLp
z4l<%@J>}Z?Q6F3V5ANGArM($}XwAWnQ8p7($T&z|)T{1I*$&fTs<MdN37+N<2%COU
zk`lU`s4jXU&linlkd71%4zhPAg&PPV1@zuA!>UP0P(owsu*F1q(F1v&l@+z2>MFK`
zcv|$gh%LJKjx6GMT*UG8XSC=|t9~+T5<yt!8aYvmzJ4XT?{scq5Cjk})2N*c6DySq
z%E?=mqlQXBM<R2YU3?mP_sF_ojrNIN-m4E%3GtHoANAi05Z36Kim27dQA479YXzI;
z*0zgGbL%QmtWGJKv4{cYf0XtA(klN)k$i@!yKm+ZsJrus#l!=K;dik{Pp~4^HL)UI
zs{f-LcZpat{&$d(``@9#uc0?ZzrCQ%yj4w9_+_6%v5^d4npsTG%Ds&8Miq<na3mh<
zyMZUPGW~LL=hnG4Ige9wt}Aug`!nLpi)q<A5a9~6CX75pN>j=}oU&a@Ju{=lIKF6M
zueUl4kH+sn!9b%?ChhXgg*{bU%-xG>S${xuLhVkGA~Z_|w}R*iY_W+bizSo-=qTwU
z!4oMRi1c3^ga2hQxa&N1$}u(m(HcNDy}T|eU~(_#wpES(Sx2t238xw@9m_YJ39IvN
zhi_UH|1)bVmjqf$Z^HCO%?`q~V6a{9C?ZI5;T|vW8-9>Er(Pihe&aKd|NQfyM>YT-
z5(IMmMskAhlmo_6g}I0QhkhcW37Tz-43of004A+DJP>h`3_ORI`=23;Rw=`naADki
zDT1Uc`2;RTUQMJ^3&lCk&oSbSL56`-V3dp4CTqF%AKyDXCax)BiY>c>6SK&CF1&Sa
z9*eSLJ~d_kwJ0W5Dx5rQQTQ-jqY(>~YuuAfOkF@@_i&uiq~jaFov0g&C>cQp`P70-
zrdM3VBE65oB{h<ruWR*g!gjOiB9kAwyK(*O43D~={M^g_4vqI@)}cJu7S-cuj7JcD
z4Fkpb@)z(jJWw-nd}LG>ff#!YJ1c>_yLU}5Hm87$-6e2It>n``34iqwa{Z0`2zq?F
z=&QL@9fQSuU57U5X<)~|-&AQg7+;zwGRXbx3(W>nP_bUFDs(5o^89?<TQVmU{gm>A
z5iUuPBx$jakny`3f3+>}<rb-#H?4wDB0X$Z?<~sAVBzNE5cPKewo))kmO2YH(3fOk
z5BJiwKnhdK7uPXZB0j>K_h<2Yl3h%10X3oeZbRc=a}{RM>M|R@?rzDtlBe0h%-}xT
zIsroHZ<mi1WO!xXnlY7y+<59+xRWC?U-+CL#+#+%_{p!0xi1^THQuSA5Ps5Z#gXX<
z+i^o53+c>h^C+v)E4b=gFSj+jK45)XKha$sIHuDeA6d4%Z6?X?qr7HA^adR*@+l*K
z0c8v$>kfoh9YQLxefub^WX*d*|04(_VJ(6Y6)Wg?WJx;2*FN)B6#8+mpu(WT^67~s
zOd{(*6guvO;0dF%H6OoYJI5)BpKdj@&HT`Zx;%1BJRE!>%>G4=G1)+d&uxxLP7_4*
z0b=ml8+dV)HRG||E4&Unnk?8eN?{dp(5OQjdT5k3+gk)8IzLD0u;0lQkJEG)qcD1?
z8ib!GxOtnuNNM&k*dsy&G~Bs>KqQ{7$DltlJNY6<<qBSJ!>Acyuve%Gw`3c%*lX6X
zlm{qS9f*t|t`EQ09gr?KFLK`j>)L%ss1Y!GXMluey#Y!2>u-D^_Y<#x<>}F1PiarN
zE&_L!HpmMDAIyoickQ2LR$Mv*a(=ZIp}T?TV`)Llo8?~QMA#C=P&H8OPC%oBVB$^S
zEHohinu3gZKyexgm*cXUdYiTJ4i})*OB^1g{RG*i!O;Tv+-vI=ms>=(&l4&QSUKj8
z*R|B~!%LdZZi}Ed=_w#C^Jgo~T{u>k!&2s?-}m}NjxZ7YjT78h#K<Az69rEf{n5x{
z>@nFD)*>wCmY-Uad;r8??5U@)zlP7DW7nhRvF$MCh=;SpeSM+B@jgGBADf$2E9%5I
zD-2x0Z{mS}$jd)A*&-jsGJL0mn*!%Py29TJC`;JsO*uh>CwTX!6yTI@FTsV=k|exZ
zR<5~u_TlMmphh0YNQ~2KoG${|4l_!P5@GKt&XTso`n&w3(VbgBJhg>6^oV?)5%}aN
zwJCY^vcLN}|KDYXkt80#g9qeRTSmiUFE&ErFsr|pVe6V3F&BhtBT&5+p%fC!DEuAK
znMw8_=x|?tV|jw92Pyjf$dHk3r;!6Yrb_F(I-Udez-8HInuD7NOQj3l;$VIYL9&my
zmSte+@2=2zVZ=oaS#HaE%t#@hU-*fM32T(+S?38Y*-$k8Hxl9yRyTcKkV&45`i2~i
z7Wrao+HUg_xeUVHWwbUWUVrPSw}Fi&ue!a0CWqyQf`;oaqRhlNnY*}N(f*2X&6+U1
zQPgf_CnTse`Ll<|PQKo~xQ+v0b`+YlLy$lYj}A9?oCk=YIGhyx2iYG@Q093u3eYHN
zWIA~vPGyD}&^(TgtGcz#h?<a&u4hDnRHo}tXW8R%KWI;7*aUR4BtRr3pbqJhujugp
zJ1Bc;;7PVSV^$I>13AjR#h6D!C6VQ1(`c|Rdp{#wf(3mO6cxQ5`rjB+r%!mrxjRn^
z$Gm@B1kJ4j%Z#M>9HRjKqZy-nLK{Y2OVaiM`E<e_oK6j0xol8{-(bP6y&$v=z>{sF
zNjhvtMy4cKoTt`I5c40rJ)h8=ypLzdn3cfq$K7CzH=U3~?XaxL>6(_A7_r=ibaSXg
zLd8*688YlRv`sTgg=fGJ2RKL6C)`Lzhl_)6G6ZCb4Co;5R&%mA=_pKrt%O#2j@M&f
zU_d3HVpHEUyNGBJW~sz>Y^IARuY8KEl@bq>f%_R$YC@%;S|WU{T1H^Z9z+Yp1o7mO
zKJ4wNB4X<90CBuVJ1N#;=D|extL-M+01w6$5!7E8<1-U^MrA2XMR0N_VY!5ZI=1q{
z=3AJb$f$2r4zpL@!t69q=G|eOxL5~7la8>f$-=!n2N956y}8#v;>DP~f*Ac2JC!_}
zbc1gx%e&TG_}oC`q>51_A(A)N-X9pbCg?u68EgkW_6&f<B}Q8)9O@-ZuI>nr221m8
zn(&I-2u<82;5)o{Y4u@{*#B{K<#9=^PrtIXw8W*f+(@l#ajDxaH-yT}yp_~#u~H$m
zva(z<6_mv_HA^yYTDeeJS-GH@iiY4qVOf%y;?AOmiV6zI4llp=pL2N5=bR5`nP;Av
z@62~bxl7QYc#Bc%gJFV#LL)k_tf1o{%Y5~ip7LUwZz|J4dRS1n60(VOPB6&2{&XkA
zoRrBbOvafg{}JS`q^uzw7JO>c##RQlUWL5Zs0`;RpPXyS@W}e~SrJXeieZ(sny2EZ
zh?i+hv`LKGa4cFN*dWR=B(!y}7wCY4tE5PM#DqPkMfNG4)%+9waiwDWpHpOMlKJEB
z2HC!CgfMX6WWpYN#Ukw~{gkZYyTKXtnpoU7Y-lNAQS_SXRW;SL_f5scVYjIARhZ4H
zA1tqef8DLNehb+w-I0pBa3h#9_)~IFv*i?ySrSU^2*Q;Q4rqaF<=?*w=O#i0kbQmX
zRpq8GKFuTkB>zN{A^i~@2$nSa&sO+|e`+D@ofPRT8YY|(qqlPpyc_cG-wg?<Dtz#r
zTcKS3XX{REE;8>M^9rnTG3p7vY%%zIOaI*AUG}9!z#-2V&D(~2!>+eh^6cAgYf&#*
zX$2P;{A*KuP)AlKR2Q#{nSDx?dB(-IrZJ@B?AVy#^EGREaRK@G<-hs=7TqBvTXXk+
zs9T3}lGYtfaGSlEf|jhiOxY_k(99Y!aP8f8f?GA?pQFgC`wB_n0Ca%OP2i_^YJ&#z
zE4UH^^<{--o5Eq-{nV#Pk+KK-w%Nb$mV1BRwhCc|{r`+AMVj79p#HoTa46NR)Iw-`
z3&K#CTqSB5Y4r%)8@1A|awU!gRUQ|83T%4-$Ofio51osaI8Xx*Xa*<GL@p}&_>PT{
z0KEGUb?(~u*Y0Zq=&8s&zcY~@i1nbq{ha8`K~31#?!yAnhVu@^ue$dR$KA5zE^h<$
z4Cg_@Ef;q43nS`M`>`l#i^G_nXJSSi+3=nVg|ALJ?^}I9k*NZ+#@XfACi!T)Bc)z7
zU4t)qH^gNoz28ubg>Ne(e3MD86s$WfTg6gkfHj!jjcq!t-j!Ttl*j34wd##sn@m!)
za}`vnRccDl6E6DQ6yM$^{I~G3k?!@y*o1fg{MVsPnqH&oYAswtwn0^~B+ti21McT!
z0`>6GJN`f_vbE(VHOoLX1#S{r(#{ur2aL@ZcCSmCx{r!YQ8nz^1G7G){5M*SetV*w
zZhFqdRbBxCfP4kFqiM??!}Z7D(dv>C?Sf(`$FA<C)Rh6wxNBf%n^*}Q{*4EBa+#A&
z2Lwh6{{N2BRjES$`CDdl6LACY%#^Xw=o)R<hhRebv6F+-$4u?~tyuA%meW>vP_ym@
zosxgnUdd*DP5j?KRK8^~+A($PofI8X9She+7feoYCs`#f4l04sSqgpf@A+G>Y8W4;
zg*h<n4VTLqC;M`NB#I#19?`%8q?)f$gQTlcDF93pi<zpo5*mC$iEjIp+PLY(B8Jtm
z5~4feBwZ^oSc%usp21DgDy18O@>SZEq)dBt#LE&=&9j-{PiEsL&Tn0V{N&9)Ddx&8
zZTRI0_t!I431F#M9q<XkddR{*ZJ(00umS-%UiTxe>7SrN;mzu<zf0~t&}j$53nNx?
zc^_Q5<jqR0r@tJc+K<uAz$XkyFK}pR+GVBTj+q?phKRaK73xg1I=FK#6%K%S@5hYo
zQU-mvN*5N3PW4X?BLAz0G_yWw>Gy=Yc)7-R@DoiEq|s<%Z~E_h`pn|b!!xJtZ~RTF
z*?2eOpMU=hgr0wU_v?Qhk2-dLe{np!XZNA95W_3o6>kc>w;elXSk@D|n1qd|j3&rN
zqnO-^F}`}ZzDOZdlOXdr#kd*;0uUO93zb^#7HLVx_!R?lNq@m2Hin!}^$(z)#%4Mf
ziH023n=qKjn*-mF!G>GGx-_R~Q|^iNT-U-Tq`yx5%dx4Gi;`U|i^lC9^E$$lTtECi
zs3_(YM6dL4kmBv%9M|XcEwJlgIk)HbNFJ-MH9so=+6v}w>@weyr8<2XuDBP<`C4OY
z;3-$$kgUpr#LRiOm&VL{pEGeuFA>y+`r<1FKN=w)J0R;<Az!Pq!ynd{Q5>f1swoWj
zCy1v$?c-TVY34=@ro?J^sLACY+iJA`RZA|o{E4)~ZT@>hK?L5E{eiSWbb(s0S-2IB
zZ1f@eTSW+8gxM{%Fh7#!LTgR`iBEJckUjQOef?LkmIHA)QnJZ*$$NM1P=c(XajD4B
z*yiX+{o$E-jO)AM?EyBt7q~5|NWo>!;0;RJBqi0?l+v^knI&a~?*Scg+<*p8*E1_D
zZXz8;%c=FyW42&mB0s!D(RhF}L=oGQ_2X}6Md?UpugO9Ln>pdFW!Z2Ys4XnysUV00
zX1yqJ#I6P1Ls$xSP?J&}jDXE+W&O;vi>?HN>mQv(@=j#%la-z!<(Egq&HGs1zx#UI
zEzg-@Y(PuN0v#fuN@2TdqP$vL{jr20`4e2CFd{g2^Dw)o#R*T7Orzv^0yj>x%~lge
z94Ld>&vxWojEc?XkqjL)X^=z3qxS>M9t5;ZV8;@6J|DjUf5sejkG$}r0HD3ykfwP9
znF&Kxe1Ox8H$4Qh;#&6k&##?nmVLQBu>k=Wyzu+k*eGudcwXuaSqEAS6RojMhv<VB
zOs7K1b%^sWvV_=P*GHOW{(8S4Nl9on4wfw+JeO;kn(~`Gwc9#C^6vIE(oW1y5IHjz
z6S=J#eH9!tir-;Zt=L@}QV>Cz@D5UJ!g87kCR)kL@7&FmnP`tZL~w=zZf>jQT{nyw
zrES;#2<zh(Gknb#E@ojj#*6|s9UlS8QJm&TGh;?vZ)5r7YlS5>&P#vWm>F%(H;C~L
zp?x8*jreOk2dQyPd%V<WN|kt_T49qyr5$7zNgaR0a&~FOHfp&xtxDn0L<OLBN>2P0
z)v0)&$h`b#C)=HxRB2WURgPV*Oo*IWay`=sgchis&{?7=IazR4u*TboNjie4U^rq)
zSD#`@Fy~i7bduB3y8ZvCWX8Pu{@NccRWQOhsWgF{n`1E%M7V0A!Bh#xE^}R_`OoYU
zZhS0d%GWXuvg9M3ed~W~;?BV%z2wDl=QM?j;&U1-WY_6`H7^)^_x}d7;=<GV7z63V
zHh)LNYkJIR;SDh$@(8%K`_fvJ*og=py(V7Qz(KiQ#NI%sU@qnNK?-yst{2cPw`zp1
z`yfr$JVQ}V^ub>n#%-YEi=Bm8(7RK;3#@h*mfzEU@_hcvmP>Q9M>FxX!<1E$5av({
zI_+kJujFj|SO00W8K)V_QM{ZCPOu~RUsR;U+hSV-Q+ecn>;|XtDN6UP@-SAj%c%hx
z((A+<rDX5{c;fE|<2Dn3S)MRJEJ@8Le+E;5K};G$u_MpLoiKiV0;dV+%*0o!8sPTW
zR<Y+X=$yIdS;a-q5^b5q?kw_t;uv9#ZOani9X0TBJDynuX))Z4bzTk6M2eILC+I#E
zz}VI5WS&ACW%C84?3m#K+t72z+Ka{yCAOWqpH$n2#jG7);fcFsbL(q6$cfoAMN#O+
z>BKjL*;s4LxCSbVVn!SPA$~&!Ptny3JbNH!`0)df=Ciy><ECsQf-;42WfGO`TA^9g
zE9N8F^l=Pl#;TYf6_1L8?^15~rUB+bVttqgnPEPdFXWj&&Do2m6&)bX5Kt?Rs*3k%
zC5kUUsBxP2N+YhS;-R{Lhi<8*ipj9QVn!3b*;gx$g4qR-xI;u&S()U7g(*X^4V{&c
zQc_EWufo}bEkKW@A5DL8w`i^_ik%%Y%8e<C_44f;W-8YRj<}f1d+Ao`^+0`3WREq0
z9VQKKBJtsuWe@gtYVH(q_t9TQUP2eIo)_-@^Vv{aZYdL~?<p_-_oU6tcmE2$#Nbbt
z;U{P9$5swq5!X^)mUd`aJ*O8>>HSrSnT&etP*cWSb%MNk!Rq+Jamwa}?B`Od+Ib{X
z8f%{6x^0a0NN|9|X!FkEQyfWvh0g)Io%LpsCC&#*AeY9^u`M_#>dYr)N=ypaM1148
zEe9&svTgTjvli-HTX7fBWp=-7%lh#)SifT7_U<%wJL$QwWwp%-CATQFT(T^J`{hIr
zEl>T+3FL4DMA#_&Px^JZvk^Fpl#R6|CIm_SeskkBwg3L*a#RD`#9m<CYGeGjie4*c
zcCAU69B>ODY#vFI*TOcmVb{Y}W50}^eX|9;XFdLchP_p&B^;9Xfqd{M<e6SRc)tbY
z^G5<JPC|fonv-sBsD&S1;#b(o?S2JR?;Ocge%FmUj*8jGPNBkE0uiehbR}63j7}8<
z%Cwh*Us3eYz+V9Z6ZFdIgcM&>{OMqX)q+}bPj&tS<PWUJ;St$;T~B$Q`m@DL=r&cy
z*h|UFIL)Rg?IH3%Cwe5?(4)^DMZJrx?xnouiOO#j>}Z<rPV}w*w6`@Xl?MHQ;-cF-
zLY=S@3>%j3#GlepP<Js>RS8ZIeVe7yNuf=$YDYUR8IX8VdOcc2zGDDq<4@EptB2ZY
zC+d{G0{>noO=Yg&Sxi6vR9ps7kHIXr;W(f)igwL1egIUuw5dSy-UT(PSCDXhGwAvo
z!8;Z+1@iYXZQCV+rM{%pDG2{*O#M)>80!dU9!1zL;DBbO<}N{4NOMdW+ncMeu~1qN
zH6Zq<HVWdfbSq~MP9F|oF2>{503UA-!iFo&q}~ROOpc3ki!?;=?nF8Pc1<S4835}#
z7c)zZ#`gCt@>plh0&QZ;D#tOu1D3zUeKT$WhgV2;+<vS1tuXkJ>B01!@>cpU>$e8V
zUY1n5)EBJ*R5&ZGs?%n`Yha9-Kv!RMatZQh<E@mq_bGjp#s36r2d-y;Uuk;JLoF|;
zs0Y}mYI=ckKc@^D_=XtR(2n$SByAFP;f?1fqr{%6>E^B7E!!_QQwk5n^eR?YyWa^O
zwBQa?hg`1dKw^Saxta5tzwg(?-+?%!5a+qYcCfY#scSv$)-S`DG{~*#CJQ>Fs-$2p
zgzMJ>U%?+(KK?6+I0i^`IFB$Ps%=z{!t)#&Cli(SR*h$U*~^_OOL|I-8qNB1$FS2U
zFx`g6=y|y97k^l|6i^*Mb0>qmok|VA`8Jwzi2aGhl}B!L`2Z*Db?40TFc){q2Dh!{
zDn42lzU8K8j-vpZnQz30u>=1S!M=I@1~GR_a()8m9)O~*%q5YM5ve@MA#u~>p+zCt
zJcdlqf?-|k4L}>>4U_S6I#`m&V`YmDspps*VW!=*H4eW!`ia+k($A#P{}34cYWlJ8
zN9va|fy2rL)Fz?pQN%RAc_|H2bqi%dP9>)B6ySC64AuT~{281w>el!>MS6KBG{9}~
z!K}z4*)2`7lK+>HxW=jP>%mS}fibH^uLB={PBUaQQFIJpw>Z)FqBHYSQ9u;wuG>d*
zvb8*GwY0Zq2ruxMSu=a5Jyu+n$wqlsVrHVHy?)Zf0bDi}*>Xu7d*l+SS)bm4F1T*L
z$JynAigQX(hZD@R7EZY_3#-)mu145_9)7pergfgL;I6t{gE1Y{<aw#=USD}jws6jY
zWIW3QM=wSfIlPOqRTD0HK8*@Pg<#!?^8nhBi=K*?r)YOONuH^I4Skz3W2U3#TrF`(
z)qAn9XN{XS<P>F^wxHiAoP3v^C0tg)Uo^};CSS^L_0t@3%r&TH#?68^VGKXYQ~2$`
zXf);nKWQWLXa&%H)xxGNN_W!3{dab9KwoBP&@}7l7MJ~r9y8wq&q16F$KB3J9iEu;
zNjTwy203!?Lr9bXK1)iME~8mTiGe?;vfR4y`e?J+<27>n)eh*uCSCGv!^OQ{W*R@+
z8=Bq(x&H7e!O~_Vbe&9VG=EzdxI3Y_4+w2lmTUnTC^Ww2m&QI{P&H+^!3C#S<z}|f
zu||1Cwwp`zXhL(%#`vq}RV7;mLUaV>+79X3PvkQSBTRP<@7QNt4UFEf1Psa*st!oE
zi11^68w;DxX*%`4m$|pQY{t%D@4M0K<mHeyBE61xs`VdgIJpm^*r8mGU9R;GzvryH
zSbomlP<RXEozJEpssPsL#w3?43gG;}t*2UkDgJ7*cVZ~))7}yK6&5?niun=5myY~T
zW-;eORaWXvoSLHu`2AxDeGcXK4D)=Zn`3R<&8fuSTYphnmeYc7jGH~ZhitiD9kJg|
z-8D<HY*~X;yy&Ay+!w>2TGOU}xDjxbYL!#xFkntD?mjng;RKIwE-;P1TjuZYmsUcr
z#I)_72>I}Udw;GobA1I|zV*-bdtOZGohe43>Ynw+!npSG>!ZWjZc#PDzmevghPLir
z++RlcGZBzD*F|L796>}rZ#UWZ-fKuJN=1@(joom-6#C;>SqZ=FvkAN&z>O=K#byvk
z8<6!g5%-VnnU;iE<@n*V<7T2Nn2F1fh6+L|!7EGH5+)u7*lIKl<3#oD#rKEI%b3WO
z+*N8r>6<cv#+mJryNR~jndOmN^x+}kGM4V@2A9grN(%?%P6(d}EHj~V_+G!d|0Y%D
ztR2M^NBQt5W0KjuUvkI$`7uEgU(ZZ<cL0qvbGKW1fs%TcWbV9iHO1kz1e#B~sHloH
zg2H*+WFQ-&o#s`=2TI=E64&{2h_B$$`o*GQe|vhHSO#suTP~P+0i~w7!(WEn6LrVO
zE)rpSbKiW(_4V?O@R*>1?B&dby^FTLX8@(%$`I~@_wAJLX=Hp~xOxRPQ9tTlbK@LH
zM7W@0Q0#zr^%>1_A28>L98C!!wbtVq+}*u9A_JW-+1LWa%~vP+Zu6u4>gt@%T~M}8
zjphwM`*6z%Ny5p(cG?B9&}7#4yy8OPsQ~*~1RAXkt~d8_*IyceH!ip*ZdkAi5jQc6
zT&G%Ub5R<-MdYhKuK6KI`;cbZBiFNg#vt-}X{*0u^)7MClWX@nWRSef&kdAkr_<e%
zUH{dHn^t`&qwk%y<SRkmj$(H?CdO`|hVl?l_8R=%XY?occA3L@^y{LZ%nyp-l*WhL
zfvD@r&A;n6ifbH$^+t7F%v5K8_g%n_C))ZG`=MwsBwyJhiFg_22r=~B^wAmKlqNH%
zrW}i#hJ4(@+<#FOd?iCqTaP3-<Mx$fxt6}PK5jv8w&FiiPfXEGc+W>|C%l0uT{U8r
zwC=OK_uWfDB|XFCNO2lJ6+e6pPdkkmIL9vUfk>*hkdj4VI}M;iR~5}~cebBy4Ad|Q
zJ3&@KyasUj+}^y>uy=ReP}k>BcU(C&qhCV4dbNio45?n9fMt0%3;N{2&t}{Rqe~<*
z*&H)}h?40x`_6WJ;|YunVYwoyvZQOQMhCo1DS0M{CG-_i;6#HUtjlqH0JLnpV4;l&
z^wH)O!JUfDXYYHLG;x;?K*Djuf`bzsYuHz6=6^3`Xt3uMKW>bpTnzAOsvBs3u+o~x
z4U5~Io3TU;=7m~mYJ?S;c)@+%IpA3+0`+1Pi>L#0qSLAkELfz-0U42K%Mmz;^8sym
z%cbV40rpb(WpNY0p04?*u$03NSbRRnG`I%-x(K%jvpHLj^c0+;ZW0StfAL{ba<+OV
z*`$?>{tFnk1IyLH`hCIzb!P{`hhmDX=1;!PL!(_>@}-6YJBak^ge%%?8d7@W0mySc
zZ^Oe9TIqpeTn@y%?et^DOR>i?npit|gl7lV)6gf0U+UWOJAni5a)jvj?z3f@-x4pe
z>LBGjSF-O>Hcw$OO%1F!QrLt~lHR`{JTaJm>;SSE?_=+n2tg;2)9`mS;#-u3#LXN*
zjTdv1(<!>;YIrWvqkO}k97;W2zE&w}RIv*-ze~!v1ABT<KzTM1zH0zJW<jg6kH45o
zYiL8=48?tV<J8SymNL$nE3Ze2!-s6?A>}TMGoeZM6?^v^?n{dqF`MdmLC`oVZ{C_q
zm|Klay=f)#de-^%zeWWA&CI6)$@G?(VPB!M$p}tVt2LA9o;||dF}CfoS+oSLWgLXJ
z|M6ygTYTO)Y)k2idCMrIE+UFE$TFr1+rqNV6O17_o%G&dAIK9<bbZB?SJcH8Fu(b}
zh<W$kSf<Ek^fN{#d25(pjt=|9i+!Rxiq}JLo_3WODc-%J&)Uk3emUID1{aEUguLW?
z%b#!$^Y?w88ONJy?dp!Cdt*NGS}z~q2{{X<MT8(Dmb~%&_!gc7G;?_`TaHQv2MiYF
zD*hORLY~e_5T}${nD3y=J#d~#PP$?-{YhkuwwNxWq$3Xp;g5li$Ipm9EA3jqg-?#j
zKe&XA<*7jk<ApTUN9Pv=?-5ZGHS~k#`>sw+V88$CfIKc0yDaLsvRB<1$mwX$!&C7a
zH;;3?`sBSK%NFxRr8+*q1BuL(PUtUu2KYY_;{|S;YU$v4M)Lp&v}a@7r@EGE+4Zae
z+!h7n?q))#+T7a*2$g$#@6oz0><G6=AdjBAT2w*ADV>#rs^$UcHU$mtJN8Jmwc{|~
z{XunLW{6E5INois7%?q;eVIFWbi#dl7w!Pq6ru||jA}bN5x&RE*F#_Cr+l$}!eN2g
zrjs3o($Nm*dOE#1RkY`T7m9L1u8*1pzG+>lNE`dlP45(H3}cGyTw<E2j{ky4%odA9
z>zGH>MwDfxM?w26&?^R+<_}^VRQF>#ft-->JOGuCPmXa=_pYq;y)zQ=lbeqTyg!xW
zhuxx!JS0!g?#v%9plGSf=?IlyrzwY$qGtkqumLMSUQYaMhdrukyDV~e1qW|J`p94K
zLs8kTNC5H>$q1AyEj)cvZ;D8Jvl)1l61{UVMHEqP2RsT1wOC9+wBDJ}S%9?0W<@>d
zAesUt;4g)UpKC?=6X64E?<<%eOEJlAC$ZAqh@)0jX~50U&Tb~_K{mfMTb({nD|wp1
zTipyyh;OiRy_cJW-oKbRTmIvqjR`KtS8W6+$x+(Q?}O$R`Nv#ajk$+lfhH^mcR+x$
zBcKRy|BhMU4F6cei38+3^5Tl$uJ^o4R%LO|S<+b<L~uK%OpQTHd_o<vXV(U$D_@Q8
z_d5(WCDd$Ou=T7rv&Z}4^|W;;I!q?^E-V}~2F~u9iFJ`3%j3Rcemt)HYL6wu?()6`
z?*~(`T12P(0hH|<TAnqFaP}=_zL4-+y|M{@hww|_xsEL%u!k7A{)E#)DbSvt%}}pY
zhr#z4TG~O9!<E+<gGu1e;9r3DqA>Vm?O9IvX4zo;hCi#U8#y<Epn2-$(acQ+5VD0Z
zcUHP3j5+&KTsLVUVh?CNLe<Cp5iz5Omy)VKqihxR;12TCm7yqTTU_r}_P)FTmnv_(
z-;!@-hjOc;TKtl3i{^{p>b!~~FOPd7vbEezIf{ku{A0gR$9hV2jiM^;z_(2Qm@gE9
zX&}3K$|l)t?U*2k1*Ur5ItVtUMC@98D#ZwlIDBjh$aZYs3C<tQaxZ%RUF8-nGL;2c
zh-Jl4A%nR}TkzDe`vwcT)8}!W`10Po09d@1%3%1Lo0QHIO9drUv7OzoN;bkhBBz{x
z2mZ?BA1ZxFKCAoZ6HXldC-QraA|pc0AGBYp>r_jU9zrf_I$=ElCD+B_5<7sOrVBh_
z$?XUj2)Flipd7L(sFjNdd6`u1oUc|UIuF~JM8z&c9wo^SQp;<p<(5k+u4(1qZ9&XW
zH_@xn#xl)_?Zn=}D8zZu>7&5arH4VH-HXMuzr9jH4jAF;8OR(>*Qx{a7a~dEeBmwk
z&PYJrZkJ9>SJZA?7DHjSlr|d!R~pKImvM?C`)6#e6K?EZd^(#6q@lLhEPDOXJ~d=B
zAX~Gx6pHdOl)pat$wf7Zb8`_KWDWao?)It#E4IiBA`#>jyxD~E)})K7$=)ewy8xsk
zD#SdJ{$1)LF{N*&cU{!%ZOxe?UH!u$?;rI0rqy$v_T8aOoG70jI+jOP(4Uy6%@KWz
zy+;Jf<EKRq-a;xycMyorlpR_MRHrt3{2l^8a3qUR-hcpJ3-m0SnISykU#3KWtD$~O
z2rw>9ltKvsn`lfy&!qhZPh6-pO|Hy`^uvdGEB!}fZDCE+5zLq1cG70g7ll6f19Cyv
z6Zoqr#46Rq7E7+-Dk46Edl}ZIK2EE68*rJzKl@$l+;T1ccm})f(~&%lK>BK7B{U%<
zxag*;cu8+2zVb(AMn-6PvN9+zOMU?3Pt3)n%~QTN<$81oCv|7;7D-AdWs;I|rWE4&
z*z3zo(laSAR=wUvRW_M(FP&CggOb79!=U<*b&6Wo49e|qi_06+8$Fzqr@SI-1#OT)
z$#DhK%qIHFqJ!EDc3f$QxLQ3)n_mrei;&&M-QEgPhIjcsHlB9@9uT_ejMY^Nb|Ty9
zDUFT}%D;#hLfH`{TY)jg*eLf)hlB;1iw6-(LVIi*;Ou&v$5FDopVBi`S7j(Dd%1Z!
za3%1hpY#L=dgd;k5{R)xE%_))7fW}xCk1^#C7xx&3Y`E|+mx1^KE4^4e{YhRCfQlT
zf8oHiCykx00J66#xfSP_4b6hz5$E7)7&}TCB3mxFno&Tnwp9W+Eu@SnvNH;RsCw4U
zYz|?XLiB7z<$Z)EsFX?d9d!YfbuOBL+nK7a#Xwe@s}nQ$7~*qayI65`4PZ3{(>0?2
zZ%3V~oy3sa;mx;XNP(WF0ra{-&`b4Y7?YK`f)<t&Pain7hZzlkumO*2Q4j=pVNjfo
zJ=ed;<rx4kbl+y`wigvNDy_6gQT@6M?5VazR~r*B`Q>EFgY-sn*P<uOrnCU7su8qM
z!}pnis~%0Z0FB3*K18b`Csa6nNoA;PjX*_(pw=!`T(p^YQ4ZcHaJ^<nQjQkj^_a&{
zKgK(UlN@oVLkLfoF8t~PsP_ggRYF!~MWCwmO*@1bfY6nGyxRV$zlPM6|CT$}u1)KW
za8`P9AZadDJ5Ug5vsve`B0W3}ivCA>S`vsJ=xvWO#qKtW8=x%;S-{^PP+`Z|UO=Pj
zxT}YDvB3a+jUkD<w;hZ9IfG71j}p}@LDJ#+X<}7I<GV2AaZC1w8GT0Ft!sf+jnzMf
zw>h(Us&xDcLchQCeqwt)Y%-N{hB<U$6h@5F>GF*?(zf$vtO}?R#I37RS<v-y$j%w;
za{jN*nO+Zlg1BZ9c;`^?3aB36!VYyMjO~(2SV8F<n8}PkQi7x|9tlpzA<qyo<z7J2
zbXWmlZl_Xzq4OlQjk!qsv<5gvwUPWK?Z5?+$)5zVRNtioCD=p6B_G?6cIH|m%rerS
z*v^VK?e!s5eWs+R(JJu$0GDEZemiyrMHd5&We;I7j6kVRw90yTAKidC*uLoJ@*J4-
zZIKJ7qOe1`N#kIF!%wa3*f=>s<c|blEXZ33I)iXyD+qv^?|NcRKaai)Ve6z;k|n#|
z4p&vFvjg_Pht9*AAaW~#OB*1W5EX$8A_^G64gO0u$!;I(#si}^%b}dYHi<S8$5>~g
z_Sa+6+RE1*!EU^X8;)Hqe;8g>GUJ_rg@O!Fk-lAA(l*e?{9u<vpVb75P??Gl=4FR5
zL0t{+Dg>mdoZF$vP%CHBDQy8pboqSV#=`1;e~D|CJ0_DmW;{8ODBDHS#8IMEhR`j+
zbmz=5-p8qqJ^aXBkX_ouc~M?_8OEeES!LH`Q^l^mKg;7A{$1+JuWI#I(nG@?rJPf4
z^X}|jZSeahrOROeT9x3gAQhe-u!?D56Mqn4Ndo+J{qNkQRs3+aIyd6JK(qeWBg$|`
z_a4FhqW05&8-}sD@PbCPDQH9+?}OvQd&P*sh3;{;)$z*aI44;kzNjx|Z8?IxSTI#L
zzX9!{bv|`nrnZtqUXsR)Oo#(&TXz6u7v`S!#$wWclyf~^YFr=@$jkrbqqCz){4xsA
z!dt#YP@GY~<7b+gXe>xGc3t8GD+_IeH|A*Yr6vsUox3(tXa$-k%7aBGfAJD}Xpdl&
zy1$=@<e#?ep^95ZFMsI0TukjH+#BV}!iw(~cAbD(my_P_h0PpUI<|PlvPErC%qosT
zj(^6q>K8dM95!PgrSlZq%tO<;kJSB#*?ufJ`R<=vcAsC6GX<xq24ig?)xeO8c@A=2
zH9ulxWdb@>+&A`_q^8bvQ8I;gD%I)qa!e>)GXKtv@c0}&%HmJYKS^Y8FPmF_PIKOB
zrlY(cSOWiHdL3v2N<*k5F|dkC)tkL137zDA_F~R7@)6*q>%WyHk$X>ZLn!7;!I^FT
z%LaS+O%JwK$6W$0kn6V4b+*$Z=w|bFr3N-fl)dil9oc{!a~mIJc2m37bxEa}GWSCf
zCNV0nApX`nz!37(X+I5W1!wxI8Uqz3oJsx8d>Qf=R_xI@xFX1WZKKjd8kpA}hrgjX
z#D?N(P`~U39BhiWqlS-m?Q;5}{<6IbmkKf68bl%N3tuyv7J+YyZ;DlIYFIB^i1^wl
zJCE~Er2&mF`pXm1n>fhMMMzsm?s>4-`*&kl0Ykc)Ho8Lzt%O^)wUCX;%P=>r4PM7E
z)Zx2hf}sFY&51el92H&cxw9tUH?a!fbF7%>-S@g1T?kwdOit~J{2Jqu#sl5*PYkAT
z3NBPrDjpw3?U;3F`YHr&r#H^Vb?ZF{_ZVcZP*m%AA5&up_XH044*?zN5!Ml(R>WvE
zuKN^Tx-tI9dDUM0rQo!ZLb3bn$8Q_$GkCE<DfrNqWNS41ENxfPQz3CZ`WkYYAC8_F
z;T|@|UVd!ly0ng`$*;)c3hM0Tt%+YdW2fM)%SI@=!YlWq=Ni%dc9DDotd0B=q$9C*
z#D?LpipTmZ+NzP`A$@vN4C5JVwy+biOHqR46X*C(^)(^Bl%!~#k+6!sq??Cq+H*0P
zTEe65bPm{8ot&A9XRZZzeDPI$7fg1mF8`)!#olUi>jgE>?1IaOYb`&S5PevP7$3O-
z?L4iAw$-BHs*ks~#_Q&nl>a)+Kh-xwcx_u6Hi@E#jc5k$5+9h7wLE6{aPC5h9qO;@
z(~+p`g~Zd+5GwYp#|&MsT^NED8%_*6vS}gMKL3FWTTokO38P!Nj}LI`V+)H5%}W^4
zwLRten0Q_JtzQX)PKf{uT0lZsl&wl9=`iq+oF;jWw^gkY?B-M~g<_iC;oZ+b5@tVR
z_>LFC#S(*Uv!-gNg#vg8JhUNtRI+^q|8HM}h4c?0gK2A14@4g&O{$-^`~Ij00hMfI
z0RfbZzQ`#v^dJ~CtH1nP95;HW>JALpan6ImKFS%QeKBV6e*X8kTkM`j?9VKQP9q!Y
z+r0uVR5LdTx54C!cB(i*qHD@v2Kw1mGq(;O52749cOZxW?IJV;QA{^z$EN!-h?s<H
zTER+tyH_V@D>k-Na}-&cH(m_rsTtRwJGUrt5=Fgcmb@7sbKfp>md%T8G#Z_2lsu^1
zIWs!=<d2zp!Y(_s(pK6VsO;gc#4H0KV2F*g*KF=O1bWhKjs&9*iWK6cS3hxERr{wp
z<XLJD;!<4ptEl*u^1{RXRP<=3pS{ZWCrz@U#auMhXtfRfy6ij_-jG=0()0>zD*ugn
ziCvXg;+ye`o;Joi8$r1P34hQ>L9FHZV|xgxFbNXnr}?p`s^cYGuUY{)_$msYv0$+|
zQ8l_r)k4C&(yU0trJN%uj`qC5PFN0P!U#ObO8PQ}M86&a-RucK<-`CT<^N1Y)jPj_
zgxMovd*3P+Crp0uga7dq9V2Ah4C}sTCd}0J&xjTNc~p2x$pB*(bg^v7zEVZ2dx5LL
z6sVmYWKApNQicz3SqrAH?1^Y!u6=jMVS?nbD9IW&p$VGGzZ<A{P02YSPonseeJ*Mo
zx=ql#r<rNsg!Cyf`Za{i;H_t0gy?CKWrsj|BRItQT$t}_U&Wu=Q%yz9=+v2|9;@Hb
z-+|&@g>R*z=<+Codt0H-lA~~aSbcO0-G{k`G`Ei%_hMQ6U-PwbfsBl&>*>j+FC~@p
zBxgr^^zStj?BV@dc3-Bi0bv!!bR^=XAV=CgY~YaB*b{G+km`^^Xb1JF8h>ab_B+1w
z*1Tl!e>v(wOD@d?xIIAGgV&Ohr2rOePdhKQQN2cX0JQ;e{(e=!Som&!Xr&6!dODk_
zOSe;>b5?Gtrg)w_yzn(;EbOi|;bM45xOSJqf&o_p*J6x7W*~s6H&(KLaqkdBwh8%{
zuSl-2#;52}hoxsAdS24N&W^^`anlT*x<d&PS+bfn&lyEeC!p;vZp@~5(zjxotlPAj
zxsbFDget89Twt9NR+hBF*$#+}2z`X}f<kDVDJy{L;8rovVy%H+^4OPqcER;`_=mk_
zBfHubnQa}}l-tXZPcA9a`E4pQ0|q)x-#jLW3dhn$xR0b44q)W)_89YfYPVUsuH<~^
z9HIF>f<u&}YjA`tG+})NmbYOxi5WrIRc>}kn_u#?;w_!3Q{4u2jZ<&wlSML4Mz!1=
zEsZ-d6E9T#+bEVmaR>NFLSKNwTXgCbU$=AxX7xy;5q-xMtywACkKpUHi<{nj*Ppaz
z<fs_6bSy!b*i+0wDLfWq-&HyMh`I!GG$rdOHYQqI{1gA>0I=qw$oC{v)Vw)O#5}-X
zcp7XjYJUDu<fJ|fCYY*>1h`gJ|F9fsI^v_0*-hvWG0?x(fl5VVST>P&YjmSdY3*45
zgQ(V6#&F^QXPa{5(j0c}yd6wtrd)~pg6VOKrc||ywdJesu{CDw{I&q*k&=-cTrEZL
z1@i{u!l(lvD102NH0<WZ_V{i#I-$<b*g8(`7{b1}FG#(^uF``1TCV1aZ}-4!)jY|M
ztI4#~@dZ8HtVZxiVt->mroQ0blZmyJ4@&hC3eC~R)7TwwG8KPif)4+gl-P^@s2>U$
zJK^Q-Bc4F4s?9&s(Vw|<Ls#K<UNY(_Lmo_vXX&(wn|$$~(i^2e7I(2q&C_|Y5!TP#
z8JX)!IXGNnEZWT{hNz3ad4h}ipnWepZ6hU~{JjWmv)ajjvcm6HL55qy5)3GM%6H#>
zrt$bnvO#I$83Y#24*!qeAgnmHfqj8h_t2r4&ho`z)}W=B9>M{1#KjHDgdz>$jOqNU
zYK6eB2I#xwJF-q?8yMc5rm+5?I*v<9_cdm&DqUX9tj7!(#2W^x>;!K+_JeKujJX~C
z_@jbX9SvmFveIMm&CFdR<5`o_EDRM$u+@GjZ-KymiI|Yo0sKWv2{)pw)1LIDFCF4r
zrFPJ=6pyiNC2XSat>9m(6h{l@q~t3p>-}}!SE?c}lQOJit}Bh{`J=6sDaH24f$QcI
z{D{E*oYE=o-u*w(fm6W&KG>sJK((3FsfZ2)C6A9$l`9y0wd~C=Rj*#2HnfeOM4#dk
zhIy$+qj8~0!GeRgzB2=tnlHs$zZ(v@GlJu7E_I!4Mnwfz`nuj!Lzg9}t_zg`f*MFw
zNh#)u3oHC*qtz;$OGAwCElzA4L=j@)IupWM6@cqmZX*qeEjUv@u42YpAbj&<xP^6!
z)zVt@_aRi|5UJ$X(Z#(&a1mZdn|0u={QBiQHk+wg-G718Xww!GH4FkIu1BgHqeu0I
z^-EW&9XQI)u)pSa?J%qYrjd^)m}b)33|eW^iCh2-M*KqYF|G7uX|ojf;BHS5oosxI
zyRvN>W4*w-T5X`D@YWQ&5dW~xN4r=B2n8#Nzy-tQox3>rluxboxaP(k%9V^5;Lw>b
zU36M*fbgoI_XIxnnY?)H$IpP@AJN?}ul~YUDo@KzRl$EuS=?5!jQ!D}Cu$^oZY1$v
zk>|b2lKnq2%*`)&lAY4AnnHm+tFRT)v;$<WEGkc@By=r0LCf$9wdx@3MN!(lIdO2#
z0d`lL*o)dg_mqT9Uc9GT2IOKYvlg9J%BL=NtDbO=G{c!DvXiI21an6dSj!XEa8)hR
z8=ctWorzT^!{<K;BlaWKyYcz5hmb3!2f+bmEwF_9I=HHvbKDdMW4=wga!cv*QiJL^
zMQ#7vinEUJweta=hu#h8#@O5F+4yUb5J!ZoAp6#-!q(nBFeJ-nti9s}gGa!ucO3=X
z--fwTAo!bO9W3Y_&Q%;2)I5tHfhPN=Xfk4~GF6S}%aqfeQ|QA4MJDd0|DSw}r-)5{
z$xwA%oio-9HTYvz+Za}(+k>rJfyUasecM|+Ysle0F!sY&xsY1dneVY5crH2VcfGjj
zhA*|Mx~g%!t%G;blafkHh3WwKD<LXJ`U<F>ja4f0B9u4}j9il!x4XETw@h^EXLzz+
z+}#p+KgI%a1YLoBX`qbSjB@oySR-1?;zvQl8&m*}meWQ!xv=+<va)~O0_v!!=piKR
zu_90r`^g^cHcu0T!vNA=>WphTn{>%nVtE>GisgL8qv?LZKhUk!Y1v*G=0@1^!hu2G
z_&;Kk7Fyal$n(Z%7tV5e86c*vTYZ>!lg_P${eBs@guIY&$fMJ=R32P%`lm1Cl2{Bg
zQYl^m^|cG00jV#iy>O+0X441(CwLN`!NdI7An><#k_1nY4Chg6(4A@Byi3lX2g_XK
z$Kl+#nq<+Og5$x72?Ug<I(XRzNj7~WtyP(J^U8J|N8CQae(^K>AVH#vqx>F^9b(=E
zKYur+m&%ya!?x~XA=}+q)i3tb8%e3kO?KK#@2JFO<MW9dxP2x(ms0y%W5BrSeGwF_
zo5-yihP!W-EccUt);Z<cDh3}~+&qw7Bj@Xek$umr=-wx3utxa}LP!f@w3HCFau!f0
z_a}5frz9zq-D_hkBgOfd9bn>8RI^LTk%jxX!y}~|RAH=A``s}5kl0Hfw1#BYe*q2q
zTt7Gj(LvwPb_tBPTBB*>`>IA(ly10A=TWy;p3ZBqDa}cR*jJ9l{;dRt(0uUu*_$C1
zxPw;B_h4Acbt}Y1X{Z1sSn(?Xn1eLF!RWPSg}m5r2qkC7IsE?OzJ|06bXbKl;P(Ak
z^kXfs_O=p|6>*KU2MEiB*+@m}X;v*O>bW6l<2uz*OD-`cYxwA}>rCv9uI=5xTwkoo
zRb1fJ70R`BjD*ovoh%;zQF*=!>Too8ZajkVE_+YAeU_voOPnF?<*&xs&wKeH>=r6m
zU#Yk+`cQlI;N{r>BdjF&f7@v<?H2GXRrc4fYJ>dNy+;P+SR+uve?Kz+oHo{MXESyK
z1N<L@ZLj7$h<!Fgy9YK_#GQDP0{w{m74D(THm+7g5k9v8f6<eGvbAFyP@mT>aM#P~
zuISGC4h!F_mM`8ap6e)2c4!Gx2%uL(OUc^(*}4fLCUCm>lG&dwgeMdDbe&@S77%Ps
zx<s1m$Z7N1cHYyQySdbK76qz6J$f+Q5}OC$56Gkf&;le&iM?v0yk9Gfk%7K8)_Ck^
zhW;@CIH><!v6Pt&X<nwVrB*nlYjlD+K;qJa@V8MSc$WGbV=2YnJXCY}x#;?>*3)f)
z>rASdI@y6+l=E%v*p<LX+m!*FIdcR0#!%$w)^>A1J!vCK6j7ido<T5HcQrbjjtSz}
ziSV2KneCb_V5z;Ru_K+AQ0w933%M}-g{zu;3Ew;Ng=-`wbW}mU`nfTWc9mDR%5sgW
z6{lQKj;N`lJbDeVSTRw6&%!UnX@6k;!{<Mbn&pl-_&!osKz}BD9!fkPx3!<}wE<eX
z#%AAO6LjgH_45xT66hfyL_5m0#d=`x$<)<z`HiWW6bEJMJf!lF*We{?9KY|po~xVW
zYu6M}C;t@fO%7(OS$F=o(^aZ(5p1sRumeNAR(PkZFZ0dwu{T5N_Zp7@Th**MYxqb7
zymq;Yy{&@&j}L19pwJ0TPVJVA9QjSZ(14qxtcfYQqNwm@Ez}h&27bC!s`lf{{JU#;
zT^527_XeDJbgcqEEKH0y;K-Wh!jd9C%OV@(Yv3%>eoskl*jGC7?<wvu`J>UuDzFXe
z=l=Wl+Ug#Xqcyx!f_N$Z(s+$22-NmPmhBP(X<Mq;)z)Hm9s~E7b*w?pt`(%N(i#?X
zty1TYJjND5O-B5v(sCp!=YcT)Q%z)K{Crscj_wzme!6_1jjn~&bS_m)CfJu|ccX7^
z8w4;PU_LmDlahWyO$aUKsx1qYw%9EEU?%1f;!D7J-z*oEg~V9th>d{E7a3u<n#w4j
z``M3KwSl)<R63yR71qq<db=qNLu8S3`E<C+uPJiPOk)n&RHOrF$9u((aBU8$XKT^Z
z-#S7m4`<7*?_$cub!_8Gd(T^VcRkQe!rWe0Yaj4zJ^D{W*zJ+K!?Q6sD{t7`2Vu|S
z4CH?yitp<Mg0;ipVCg#L_nP=IJsiD8_*ob@A%j^q_A^7QBtx>7lHTA6jlrNG7FXip
zS=R&Xuang&-Q+7dVHBG1C>5?=9%D1LQ&yz-8Z_hJplw|icZ(wG1N@?kWM|}?&^F|M
z43_{}9wl}au;m{jSn@<xCa|e+g2x^rVn0mo_17nS{IbX{Psi&qBofckFDhz%0Yl-3
zXb*3X8$*^J1fJFMrX_n{Vm&{XMy-%Gtmn~-n%d2)P1WlVg>~)lz$hF~KG+2KE&0%~
z1Nsqn&u&Z<J~4bC;42eE4!@4lYjUq%dOCfXB2qX|`{-@MC92{>L3s0ZClWCDJ*m>0
z_1>U0plsrj!?YIQ>$Kv?OBpPe5@wF$7IYNVJ??qML{zSjzMgv_l2f@L8VZ@C=qQ>Z
zXYuxmX-z1FZOC2tXOInoJ*8@kS`ZF)t0(dxkP-!#^vzx&AGy?K$VCYUrf0Fjl5TaT
zF+>zAGlAr=%GEZJ!q|3$tO(4P**o3ziIQ$v)9u1o%p1OTbdz(8?uTBj=pG~VkbZ1!
zS!(q0ED<)%ICD|{TQIX$a+vFQ5p+C>_Cq>@cs+O9hH!|p$}RH0qVdGzb+jrx7Zudf
zE$*&a5;wbS=|EZ~g}dR#S!=lqJ2myOUJJwHR#=D@-E1K(U99G(Y%^s@ywW5+3VR~c
z`tXvtDHTjThNr2&-A3d7%9idN*mNxZ#>5NFoxQLt*GL}3O)gbB3vf@Gd+&*2Xj69h
z@)$I(FAOqitEAr^$6i>(4p5|g@1=bj?<G%eU^|A3>Kf#OpsxG`F!MOaWt;@k^~49b
zdk|!i-4Xh;D~YwIOJ^?=Ys+G`kMM&C%DpA@E+3S=a!tZGbk$;c>jOx5h{M=}l6yhn
z7#TMP7e9_od?O@v+g0<ga7_pc220CFq)2nwpbV~b+@iRc8LU^#_z}%%HvD43XnuC5
z)t$cA(2dRv;#_p_GQ0>rKnXZP+Q2!@+6FFNkI#$blwq1XG1vi#CFdr^WDqZLS>U68
zHi0i&-_FI(+j8B^t!`Ia+GLh+10bAc=ffrpIYb-f&TM#uIDsPAr%C^ss>`NiBJOJ6
z#g%*EEEyKY%=xOm@gs9-@yG;1?)+3@%yrYVj_DTG*mp1BJUGSN(^-()HVk-VccXqu
z6hTwjrMWZOIQT%5hP!B^1bS{|*hl6DKF(Dje*C3Twmd8Aj<Z+1t%JyXOUBKR-`yk6
zW;0Yc$X14Dq>^w%O&i&+z^Q50u}hR>gy;Q$0gtc1(S#Z0u9@h2g6TWt(hJ?P(`wJI
zz=<--=%u+#<z3z<aX)5S=x~`bw`w2-CMir*=AzOx&G_eHTec;aXAIHi=~r*&3}qs)
zJkprhwxv2DEIR^dc_{uPG{;^mk-M@Jh*{iq$~kfYrm;MER%=P+i9R`pFrN_B;5^1j
z?ffgwOgL@h-{i=M@ToU1P*%}DH8k0w(AI2uOCoLsJ1;JSuiNb`<;HCp_v9k)<Pmd|
z4m1dxcjptUDP39Ev&p=Jt}#R|wlZwTV7GYZw+Co~rWW?uDxnnjnM!Ao^k*OeiwS!S
zpNqdqlDLSglWz3F9BLYYBYV1SKjB7DM_lje+au4U^Sxlf{f2h2WOIQsMK*Rp8dMoE
z<a-6p2a&_D(Kc{8&`I;w2pzY#mT5(QJ*5m@N)syAl?l<)9{-=WD@@!ptr$C?^t`9G
zE@pURUqTYrFqgxsSBsm{1cyh;-3;b8>;xGm2Kzo5nK&Ewt->Cw5|SdMWkL^=#j@Da
z^~Ow@d9~}PRGZ}xJNf`JM1NHpz2uNatUi6gp_uFAydV_xj_(VHL@05*sO5tUl@~t0
zTkQ&-p4Fn-CFN*;4@SpPjvq^rRS3fs-zoJ?DcABcw6m1btF9Az3~<A_$iEASFhJxs
zg;whGVTvUZ-VtjM<F6%$2wUiG65&%Vy$yU%G#m|6WbsskH9=jU#yuj17r4An$2szn
z8PH<52a)F9m87LuFKqqkYlOW)(Q>dX+caA^1}5p{rVPH-A0xa0RzI630kkYSGWbBV
zf2~A{Ow4+{Ip~U!@28`lmDfkAW6?qf?8olIMhv8dcM$J5Nc#XWvTosTzByO^)E~5F
zWITW?c9jNjkstqJB5lO>E%P~7AHukd5N+a<Vfj&l(D^@N_orx%2mgx+0cFbjP_$6x
zHy-FR*u>w7ChTS+QD{u84Q-ZLOsi0?az+1H#a&ozVS!*TsQeQJ;N4?CWMjTu-n?Qs
zk!-Bh`$^Z#i^q2hU&fY}!|rr*JIqVQA3}o|g^PvShnT!dbZ082QFvLQjOV+g%7d(m
zoK-wTCos!SE3Ow73ttF62&K9~F}dELnBed<1FdQqSiwbFLxcFID;=Xt6N(Iqxh0IV
zTn`G4h~YM{_i^QT{~&@lTHi@yAV0v7dwspbscPM;?J`uYv<q6~x5c3%dZf(?%$aG$
zxyuyKMTdj}l;7r6C{Kj)CL5T_Q#PNUDh3?HHaCqq-kv8ot0za`lgvBa`9B(qwWS<F
zxo%P0s+qDiv8HrADW;%^KX(lTF!!Vvz8dacaE}{Cl0`D@=CEdNTPfC)ws$61=s}d_
z3Q=FTRHH8$#?0vy6<*C!mJ2)U?oWE)v>-R~%<&+_cIJnI2;ih$^>`Aocv6l|JMTKK
z*v#;D<@0&cyN?@}j`8gSJ_gZT?-FyPbYrZU&p$abP`TTx6|%kA5zG(wiTz*Kb3Ep!
zsrCM5rVKK=vV3x=k!H-mByEbBYm5bz2+NUMxyl{z!P~0b1gjV{bAR6tqT(0vQ<64h
z;??v)NTdbC*ho6g7Sl#4?}bF}xj35y=8b{~&87oE3TVJS?n3a9AOfy^K7KDO!4p>~
z@#-F*<XvgP;JmVlWcnlC)u0=(nphru$>%Fs<1}l~GJliOtsycWomi@ee7CPw#o8|X
zQmp86VyMgtEg?KLPT@4BrD685X1bA2{DK&HMp0dHC3D=lV*DvBAueiLOmKopONnql
z@y%pniRI)rFh(;TH-G5^VZ7)}FB0X-xMQPT)n3yLM#Gz6w5?4Glraq=*c6Sg)9j!g
z!{R!A#PBpY2CjTQ0UWs}rYdtC+L6KY#D#RL|CRy?2`j#mVSMcx$P`d!Gwb>5@H^q}
z*<?n<v*@{`KD;B43!0WB$D)1#KWfbsV#8$1DOynPBr%a09ki!^pR`P}j@j}+HSAUa
zSGmsHA8*t)!x(6EP%UU`v{vQ?74%9vjT|MO{I<qrGrDiFJ$P>=`T8pMJANR#;$FKK
zxJIr{Sc7{OB5v+BtmXv~+EtD?LFLKY@NKT0V};iP{SeC+6gv$h*KWzSYQ1;G`_&SA
z^2hgrWt_xO<N0k-z?UTJ;HpDk(H#!E9JD%~?;cMMM10;^pcu7R`f{+T<!9=ZZwm!}
zeU6%s&4SW|!1;NP?SIDfiJ1Quo@JV^K8B?ie(@my%T&dT6a2((aYKR^7kP$Eo`nB4
z!YWad=HK@bZntF6Alrk4Gyk5DLgk8ibDKXA;%AvfJWoRT!F7%d^!*y$Zr=DMPBY}G
zmKCWa-tAVwR>aJ44YGLR;5P39S3#ce#QR(0KR*>j6NdI15+IvFq})Ci<Vl3tw5v2U
zXyzC3_ZQ;tTKWG`bmj3(|9`wvsgyY?m6$6!Xq8Giwj?2H^;JpODwRsn5@vQJgv1<`
zO14T-Uolb{v7remi+)+IjX8#4n{9S)zt8ud_w4ie?6J+>pZD>4Ui{b{+h0eIrlH<N
zN}2yl*5OZsgTY!=ux50rkWTs&eQlY}kHYe_2K7^C2)^Tq$IRV0uqZosvYe5YYGw?I
zb{wcKAG5GDp7pBlDsDD6rAVFtlpQlb3C5S+sxPejU;0${PQp9T&V~Pgj}Tm{GlYnv
zPGluj=u^0yC3|5@GD1xHb$nU6jOn072M((WLl6y5g{PbxA&be%hhwu9G6LF!e-5`^
zb|fpcfJPYnTbu2@H?AT)92{E_-cEF7RsBm0o*i7oA75HXzCmtw?>i^1R{cKX5?GE8
zwHh~`968Iy0_=TW`3_=Fu!a;-Ih(Kj$7s9@!*kuA+UZZRRjZ3Aw$DsiIN~7!&vo(-
zL!oS@WW*FbxXKN6&{)>gQ}=MIyGR1l8^+|5i8PC_bkJn$Cok;Yvp8(x1A%=Rr+?wd
zm-Z?6;&3bsD1un*q`i**yIdRnS!w1qq~o22eQ;JgXzp(p5~~03U2o-bANQ=0{<_5f
zargNDytu_*URs(6x-6uXMPpiz<DiTnke7!YUe7&8-p&J_Mo3n()8wTMDLzIlT<J;|
zsrdZAWM_<j*t0IbsXV+7_Y*G_w4w@7#SeQHIZ<S<gwMhpb>`|_@?c>ME(OfLmN4$$
z9O&hQWCh6wq8>97gXI&mkLiOTDLrj$cE0x``||bN`W2$J71AEt##%OJ$v#$p;KEMn
z-pY3|4ITmYoNaC5V;4?{3E#^m^j%j#is+i1aIg1Jr;VBbhcd_@IBGl;lnE5ozy1pc
z=5C2Y5&!(f7#?Qb?}1v&wR__$(o|>9(4rSitt^TjJ|GFVp2vFV7kA$NtZcNNXmt(2
zO&n*?Gyk;K-;?J<p^HR<Ytr=;TW#2TXyQ7x15V*9=lq$%9d6VeF9WS#uJbBK@XwD2
zJ`5^8&gtu~6P;W=6{6qKz&?Pp#jmR0DVpwj8_lT6_Qcte_N|p>$>lC5IO%-tjif?l
z&y%STdd+LYL)m$*!UmF{zq#Khcy^7`0B_YWY*KNTV@2{fhMvFDQIl;(yZT@(!!)Ip
z_z8=BAk2+EJ3FgI(=*NxzO+;IN4!Pdxa!g({+|}0IfZ`_)373HGL&*F-Jw3&9r968
zi!+%&wc-YTHq)DgtWg@|pGfmV%D2y{@BM-8SfV<}DyI#f{1Mn4|MVX2rFp0H=H+cX
z%!KYijK^({kx)=I30096c=tK~{K1?U4@vY4wqg33mn!zRu?{w)pqZ!1byt}#!#D=L
zZA$jzfZC6&S;*BD{3$3(m74`O$gVTUk{O<rmJo~+pyh;oHQ7KHou?BI>73>WP_;t?
z6ij_zo)r?eXzF}rx$_o-;~?@U?DvB}f7Gl6`eQUH9pgKYxO2){bWjLoR2RIkG~v{r
zMDG@*Tmm@P1yK6V|9C4brq5e^w&wU$UTeTRe<kkoFXC}ox=ZMG_k_n|Ekir2otVc=
zEcg1zw|G$2G;2nj;PNw6UT8-v-o~AX7CdTp9uH=#1BW}tL)hm|r4j~o@Yt?c(bmzI
zg=pvzk-9lcQyO$?bC>?HYR<x6DvR~ELmS|?|BjXD>}W>#Z_UidL+wNBqtqZP9q5rf
zxWzUe=jSQDlFS=6r+kZDJ9kt=u0Jcm7apP{>@!e?c2k0#P&bFEXs5>Tn}DI-TT!hq
zuT19o?^3r`hdWd@_$s?I!D8hNUcKQl>k7W_R#XF%<P|ErDo*E%ojqqJ@oReu)^RZ$
z>(U0Xa!p@Tg696F3RT_9)!+sJ*-ObY6@H11nsazESBjZ~F)7PjE9RZFOjnNnN_)iK
z^*HqFY8W#Q2CC3R5V&o4kH3&7o9Mq*-;-T=d^fFOvpQC(9sUqe#Eaf8;$PEUs&e)w
z@Gh(x7nC)_yJag4$g!O<y6nfg1#W(V`$eCI-f-ScOt?c{xw$e8be)|EwD-XB+bsTe
zrx;)KT<qSEA45t^*~eimGXyqc!1|dJX;r~|deM|pw|0bYPXRDP%og4Apr+L>I9Lnp
zfBTuLTtur!UA35+mSbVT8SU&GNqizNj(lS%dnug=1gHvcnAZ6g<!Pj_=VI%RnK96m
zcvNTF#P-e+60l;KdBpgXeFM<)qnDxv3Ht&<$*>=QL&IfD6b{r<RyL*_cm@%f@1s0r
z@Ui!B$%DHH-~+fPvZwD$&lg?vkS<_h5r^Y;ookII|E;~p_`@6M_N6fWE}IHKI4BCI
z{Wpi|Le(GR#aAL9QK3PTUiH)0hm$j0;GRXdo#9?rNZS!Qrg(SKbbK0)&asOkH~!i#
zd~eVUDT7&FaPatFf|hj48J?NWSO44h^A?V@wX#sGzHetqGgK{2<?^b9NM6`=7hXca
zfqF@zCqveV|F)`%c-^t6bn-Q%0Reok^oV$#g6|(nhTLEeCLq#`SbRPJ${~oZL<qI#
zAoio-p<D!|wbY2E%<&E7do4wkgL)ZKXfza6Zr;N96eX8bVwZMq`}4DYnGQlvekry|
zndZChc|sj0TnF*g$ity5%16siu}vDa0=b02;$rnIAEL0Ur8|}@=gyxdBsRQ{?D|-d
z#j$d~Ppyb#Uo4gEp8~uQ)*Vs1PPgW2s@?$%CO!}`7bp1wu8sQU!lh%8+G|_q6Yg$`
zQo7mqk$<d=0oItL$ACy4Vf$Q@p@VQJ(GAAZYsK<n&A;R47g)rP9d1BwQQCwapwXA(
zVxI{``)&d&caI{m^Jmc5Fi#kf{&)W()w7zX7k&6~$02o=oRx0<Eu9={_B>}1%{0LP
zH>r{~JQr^zsnyHl^3L(@XlMVN{>!n&ZkC+YnYQ7JAvqvbIX+;+l$zBn{X*SVGfZpu
zETh+1@OMqCUvS#}(llPDVb}C~0s-l!%zlQU9X?S;|7b9O-oau%mL{K%L(sdoM8(Dx
z)B7Cao+U@?%T(VjgIJ$NdF4f2iIwE#4R|Ie64J@v=0?L5aiw=Z#Ta2g_r*fonNr$k
z?L_R+=nuc;+a4r7{sUKU;4k9Vt`}e6<NwDTIgK1!AmJ<{->L78joV}q#OmD$xJg)+
z$o0X8p3{v~$R@A`S2GSd+n}>{cj)~&8`HV}<jX^3_&jWXipU!Pv294Mj>^R!IAc3V
zHFhdx7(bw!lFTMbWEM>^PZ$o#U(%5aLAFq+7oO}w%uZCio%rfUn0zAK%mqywyPets
zHLE@Z_E&P~P4%j8<6boaBlzeet!0z?dPYRd2fAy>v_q~&+L{W`)Wi*cC%ximI)voi
zYnC9II`G~t=IY>nP4cv!*>pbcoTh@h%?C}SIO-N-J>*8he_<;qqECQBD`zPf1YM~H
ztkQ)cLkSKk<lbmSZGJQS;#sYD%Wx~`41WHj@O^S~!_8(E!Gx6Pi{3BfIyW;dJ`W5+
z@6GF3LiWoN5rAn!DUH!l<c$-fYexmxjWxG*_a$!x9>xL#xAW`^KH`|4%rj>H8o-Xw
z!MT2M63lB9vIAa}kL`GY{muWm*+sFJD0YH#-NnxtioNowZ91&QhQrzk+J(g;GTs<g
zJrofxHC1lxE@106u_f+3vb}prMfeuQ-S{QZ1w`$?MStjW^Pb$#&GbWR@|QcVy7zzR
z^KQzt`O}mUw)|2Zv@Sh%eoGf$u;=<h_#)VS+}W9!TW#5VlPPSxGAa+x%9M}_PVj&g
zZX{Im9%`Um(CvUoB1g?dK*!*HYX&IOm+2tnn+39txlI(z9r_CB!cdjsa8PQE=I30;
z(Af4f+GqixR=J<Y8(!EMYn1^w=tP)sFsn4(mkS*@>Lh^Xh&yrGTAA;3TBnMAj|A{$
zv#3Vx=`zak6g6PjhR{MDu*^;)W%kp_eAhF)wUYk#v`agc?A^mLI~tQ}P>B9=8jJHQ
znYc)hpdTyn2YBBnPK=Ml@!=+1Y%X_W@L`Fc-z$Qdc-Dv-`AHbRqv=A&3St;BVTG>n
zaWeE2+CLPmcx+~w6Qx=C*2-N^OI#2gdV<OV3?S+Z@FgL*82HBc(m!b@?~*I4^#)F@
z*G_*>vQMRyHh1<9y*!ngc<~Gly+>Z%@vW9QxDV3p!?tzb`n8AIgxEJ5HEi2dT=o?%
z%osW$vw^DKYqso3QOy`5?w~S6_cWT*V5F%isVJ?B**d5Xb1ujCYAQh$vGz?qXzbc@
z`ll4$LHgQQ`H21yv*xs}B{^N}(wsj`_?IFS=AYJ`x-onn=&$$c|M15GDSzEL!TKWg
zA<3g0vMt|+)W-AtMP9`8HMU$zfHnzU>Zb%YECL5$|NJw2f?=xOdV~z;-_^1)&_B$D
z(nH{5N>wEonm-LgAOT(teTk*Nd$nhaiJRX=-buZ#)_nX?uVFt12jh$0Dl*JUi7=u_
zDus^R*2b6&$Q4I`&eTC%CYv~)(BPArXslZ^K%{DC<6K+L4~D-2S!vc0GC~X|OI4YG
zFfHonj#+?9=k9T3AksY>&`f2t?xf$EuHTGbB$l`hha9g-w1FRN$M=@B>3<-+c=tSL
z^(5R2?5*6}!NBjDblK~r%|URgJ8%8g*&WxJYA$*wSWf;canNrh-`K8RAW95bMvnhE
z=R5?_olp24*lfP`EOhqja6x+f%GES!-PoS9E6BIK<d#BkQ@`e_V(xTv$C_a1==x!#
zF~QMSE}=WpSFjZ&W5|zd5o3?XO#7F?4%T~x49DDeqKuko2X1r_lUVW)D&FVzdADIs
zazqj+5`z6>Q5N0jDd)?VM2wla2B~?12PbHg(yPA?bY!}|=nR?;nycw7_?P(#S!XLA
z)8226CAdA9eke$fO`6_4nIc_XUrvHdGjfZ%1%E)dXVc)u@I??CgcA3_^Ks1zPh3d?
zuWP;ZDHSiXe>nYo`ax{MYXFEKl^R?jX}f~Ib;Xh&6py!m-rn57hJ<oDBF&V{k$$4u
zZ(;?(GG`wdh;m^r0WD?mbI*Jz9x3#yzYPwr9Q%2&3r5ZO+N=|OS%JSuH=F))wy%D}
zz$#vU_xK<G!CYqfd;A%YB<L4lO#r?pzx_e^mX}jgDGuE;>`HtEED4?PZ^yhauiysN
z^PH(AFgF81I`k$w`h8$SIdnW>IJnaEK24HkHl#B+t((o9fSoVhrfjTHy?_ZKr6|bD
zXzU5J*<Tj__t)DrQ`IZbO8{O<4cu&4QP4%sp@qWarZ%mApmg>&p?<w7m2F1a#psI`
zZdE?r5s3scoAY73molpcJbibXM2RD9be-+dP876d_ke-@<o1mklS%3Re4}ptRR`#+
z$3qKjd<pu>9RSYZ+dTN=xA$(iY~{nchyR33b#E8GOHKh%!V}ug4HJ9T;MWaAqzlbs
z%e8j$wXhD@hOOA^9v%Ai_Ud-!W0wa;_$)ac=d+2-osV2Rck^?R*;v|n?OlNOg5Qh%
znNU=;emE3X>`PH)X?&6A_bEd*_%zU;1}M7)adqoChc<Aghu3i&?4r^deJs=k0(duS
zk0F%u<z3p>34EZPGNpKL=X%?lxK$OZ1ppV|ATTS;+n^fglRKZ!o1>5)fF(C<!Urq!
zmB;*0Cg4~1d<owRzD;&dpPq;TYV!OTx8)3JZP7(;(5uSr7lR4cvJYz<2omiG^h2?<
z*STAv4fo>4ww@b&ITE+AOl3Y#Wj18Qip|T2cmw`E`R^fRXijE!nd+M;w=)*KNhD(*
z*7f}EEFg7JY4+N-eW6HGh_fYsgUEDf3F9k>tE!3`AH47^o(yl4HV4MB8_aD7WLJlk
zVFd;DE9i?V1R1+=K63T}K&Y?{ZbJIoJx5T@PK^8V6y`3?33S)klo$&)fIVCG9{}U8
z?GPl83RBdIz`4@sU_L>+j8}JZcXKUNm314+d6C=6>rZ?wRv6k>u=W7PKyH@!;{S-Y
z8y{;6I1MLZroB+~3KUM~@#80|KvTd0L(MbsU*@)LBD7x6y_UpZ^>J<034M9;#H?G{
zF^!vf`_had8r(uIrf8j4C`Wuh)-(;I>)>gk0xHhDf|u}qouzMc&jL(OPjaUSHj1Z<
zNjrPyTG^&<PcKGnLEkIniFUQ)-)sRSf0{$Uc&K#0VcA=|YY8h5p9lJFyf3W4qxdZe
z{z&;${i*?^S^@}w?*Fc2dsxp?Y&rJH`ix~P&3re<`_;&JK)(2UsTgy+P8f=(p<Jiw
z+vc}%>yL2gR;s?BQBxN0MLoMxy?HwE<671FztJpSk=l>raZK%K1IuqTNH@Eac&x@<
zjvKaQn9+!JN|HQgrFs#SwYuXIa>@&TO=k)ZRgqV7`*asgSXzey>b$czLz=La+|`LY
zW`&xGIS9ZxyPi<lf^3J`XGt^zQEv+WQUmm;4Q^84kX;o@h8tQ{&?&<<6|7QYMolAG
z4ww|Zg0`j#TEFGdB(go}d|CK!pr|!@o_h%Z)zTDiWx1+5W_O65B)H<hw4_8CXQ_PK
z{))w0OM13kHKbHy|5NWzAIdATa7N(<eIB;&tKd0GVl^od+yxOg!CN0shw8zAUDCE=
zEw0_GP(87B89lkAClJ4jrBHP{rVCnQ<l(QZd3$`4bDKQ1S%Sd5r_EpQ5+orgg=c>#
z3N+{E9B%C$PrS=eEN3`@1|DsGE(77%w-Fq#beCtzb+UV9qXHdI)>6_>ZTLKmoQJjJ
zeg1;pLgJs7oukhh++>+HOYw(_(ZE22b(^p0|JfqFS}BZ>Xd!5IeltB)(<jcUnMsLH
z*5ZWkx0%$~tURMp43S<5PIY{9zT3GiOq%fumew2wTZpePVy{uCp;XqjVd5_V;G1}9
z2AKklub*IESb%YA)b;~WnKs}LjUx^QoOjHtj)!17!hkrEUPIEJK>7BGNXNTmQFB?7
z_K@&_Sqg`999=b~2T(OX*KJolsOIh2YRvoei^N(ke2Zv~PEK=NN<aYKQQZP3Vmv}7
zJ9-l#)4Kp*MCZ7_Zw@?|y){rcl<+-q8PZcgNzE^s_a7p_BYpS@Lx*@6OV9dtli?2b
zC#(nBaq^R4X)fMH(#s$$fmk8@3CO%@N(-inC_nN%T77*#XWavqo`08%{W7@Mz=ab`
zcy3V!y5hxD;$wJH(ff7((;tm+mt=)sMH;xL$bt3m&R!PJ=5n5P0eY8+?>|P1+0om(
zR5i@#w;?GmmM)t00a7FUa~^~XFLuD2$ZSSzn7<w1!F71!B={@JB_F{F`C$WHJP$Ep
z@m$?Yf6-het1@6K8ZxO+Ru@se;%|oiY;Ay~W1{}^0rCM1aw0GT*-^mz0W#&7*f95x
znt}i;l|Uz1tzDctoq+X5yDHuZ3>J6S`{Rzu&v2Er14g|p*&?Np?u|R($tqjK&7inD
z0^Weoh&(@R|IXnAMzS&a0vGrACHUs==#ykECrsc2$=7bZk|YV*uGX9J!j|@qkiMb5
zMqOxF3ZAo`wH^3SFHxCa^pWK@r}Jr^t5GxlUk9HH8gA2O+3~-{&koM}%fuOc+EKvb
zjPTcG@YW#w?S=@&AJC@G{h4;1ry2_hDXLu-qglyIKQfKraYyK6A#JSB;gB)XP*t(J
zN@qFy^>c8xR`^g@`-{93zDV~FUmCljmj$(su81M$9K;Ojw^>!NSeD}Fsuf5s#=^ok
zlu{f6;0zF%eFMTQvGXP^O1cTStrLJxIa8X0P(8&lKEeESjdR_c1iK2E7x4e)ILtlq
zlj>ulxk@+UcCHdZmti}kvZzG>%PTt-IB$_@jaY*_W&^-DgdK`vR@W9_mG^ybeo?4=
zWKX6trKMSu5#;FL{uu2fbo@YH2Be&@@VCIdUHDyO>U{pG2sc^&LPm8{qA3gd+qP-W
zV-G`nrW=5I+*@xEfX$!nuXsfsPVltZ)R&@(Fq-_NoAwD+{aDBCivVEGzKF}f>#FZi
z=bw&^yo+i)=EdzJ*yqFg2$xM^D`%@3Zw*F^94a)|z}z~Jb1HSd>K)?~(Zkz)?{Ze)
zQ-D}b8|_;&A&y@T%jEMv5>XbS@;_wNVqD9@GWur|maRiMZGP*`zqKnG=KZ(dub%h!
z9;MIwclZkEXXjIQ>G!JgNbS22D1&kYx#Q<1H(L7zhqUP{gt6-MsddvXuVc&mHca#K
ziwq(wI}w#4kz%E$JJ=kK+wO9A8ZeR=DGbm~#MJt|ChYcBZ?PdrY6lt*m65YXE}Ky5
zk4^K8DSES2Pn7@E3&4UBaG9s(Om%EGKpWF-83Zks9a&A%V<$EUvHv-m{a)1^5BaQ~
zJvr?Eco|Ees!b$|Zf%`6*AJ)Xst~To84v(G;M%Jgp9DpIp(?f=7lVWp&5Yo_u5>}o
zm+W)tov5e0#l^1eg)idBUdDj=H4LB|5N&~JAP@2>RQ2sbcO+**oEyVg2Y~<4*8?yO
zNYi7Xs&?R)fPc%uX|w>w+dy>ApT0tVdKfraO_cNz#(_x(_;uI?qO(!8><Hkez`X;t
z1Ph3A09L5B`VbglI~z%DuX*+``Vv%EfV=*IbGdk+G%`RoS#nnecmvMkF7m7-Nv|nY
ze&_|FZXUk<7;?hPm%d@ZJCvvL{t$D+wC8tMMIK#8=6IG+PYq0ObQyGz`QEB<VEc7S
z8Dwgw?3W$S)wHHrf!XWYUTgTn4sYz92DtZ3nNa5U&&I4tDNuW?$1bI^P62vIr*elD
zpnj79Qc$E9H=)WMJhwgPAGSj^5T1Fe;qvw4m$6^99U6V|&&uD}1MM88`^_3BD&5G+
z-B_h_CEjWS4;G}KnSAch#Q-S$0MdxvfSO4QW28krigm_pmY$f<zc9$)?Y|GNfe5kV
zh+s-A{jFCYjFs;=SDLVaJ3dbJn553q+)gS7{#V+`r)5%ml7#RgUO2b3Q@pc?il^JK
zvUCk?gm}Rv+2M`#CYuN!b=Vu`-0B1J4k}VO6&GseSfzBKG2By&=70IT4o6;j_Xqwr
ziDni`FWiZ7$o}$Us&w`)c?dk2aA`=}nRXf$;WD+A%GMQq*2m*7N;73#+TXMuyc+uB
z%h+jMd(asH^n(_n*dPi%FXhjVxEjQ5wS{hTKF<p;({UGY^(yGs8njlD$oF`e^>i^F
zkcG|mmss4>@c~j|iXpfOYKe{);(P!gAtu{8>NWFwGrGJ+JBrf-76aJkchTnw$$!kS
zX`;S!Qbq5&f|F$sXtw-ypJ=PvlJ$}t(hy<Dtvn%zyY9rN0Gnq4Zc&1P8*?Zg@h@qy
zu6IgvtO;Kt%myu!?O&yV>?LVop1RDeh_BA+UlYneKfDKg!8g|`Zgwb5)y~sjj~zTZ
z?8!S<`giK<Tn=oAlANZ#D{8nQ)pXiwYszW22VY|TsDeTTx*IbO+FBKWG2DuKntKVj
z)+x@HJN0$pM01r}CoB9#7lf8B+635yKlsxbyU(e2F16sI=6<ns+j5|qPR9mIGG5ER
z+~sM~Bax%E-})3wl)Jkrz<j?{)Xlg3;5@Z;ey1--y<vV+dI6quZ(6+s&~U_Stp~(=
zIyl=7(aPT_6D$;;d$Lti=5001_fRo>)EsRm&$Ssnb^i}iYmo5hLTi{zmpoaorEbxt
z<>;=~q^OL@CmaEsCn(AQWM?U?0q}|FJ3dBmdNMvk{>3uh&(eg&|8VIx!urx7vM+Fp
z<{VUh>9`MlD#6gL@+G~$fH~i<_RB>qvlq4hID%?M#S_O)E*Zur0M)<k!@;j9BU{`H
zB!gR*6PeYR27>XY9witNtcKX=%ugAU{L~fy0ya3jWS%MP_)%)aVq82>3V||ocgRiT
zU>KS1Bgyj9y(j=+&<FqqrBrMO3^BW8D~ML?x_iPaTqTsoS_klj1_<*d+TXub6?rs|
z(YKPBFHOWdL9Uk-_0O6?CIk_57<@5!Hjys;73~N!K+J@61Syumj$qMF!!fjK_o0Qu
z=X)O`^(pvJ`3a#0v;wAA!CVdzt)XcXJAD4P7An$@qz79J-?%lc>hd14gq@{TR|q{A
zrSj$ETg`LZr77|5S8IcCK!A{=&Qfh9y0j{V>F%W7Eoa<oM(Wz<g22rv<{9?qT;Wn6
zM=v!kRd-NrB%jg|D`SY&wMwndZ~I6e!)X1+6H&=ql2Lv>OOu;W8BIf*Q#br@D6p^H
zIJRr|)q{H;-F~?4*8YR5UXDOtZ+y1P+tuc9Zf;~Q{;Bk=SU$s&X)1Kjd5)2k23a4_
za8wN(hXCza+(T7<yUN9gJ@L9da`$RHN$w~7RGK1Kg8c0(XONF-u@8l5@Ip16Er5ED
zgo*Rh_k1L<&u~MI+;C>D?^=ukgsk<unp=0TnXO|!Bsc-vIgAAQ>W6-+TVLTE*~4xC
z<Y94b1xu6i_Ee85r<M`F`>Xn(X!Pg0AGVDALjT%@A0kc|eAJ_UOCb0Uvwe;#j=vX9
z01qAIzn~TYin<#qW;yjx4l(#BkiNZ>n4=j3e{(;mUWB$3dClw~0*kAMVS7dMJMY)<
z!2k`i6CEPCTUwhUdv<lMX(pB9;*ai%AG7p+{`AINpG6AT0Uz;P=ybIN|0Qw%9Cs+q
z^vAre%vQZW7+urd>>sywmUQ{M%Y7e&s9t#ajPBd*Bp7qonEvfl<Wc9bSofYcC>h#i
z)Or0!n(rO(K^?O)#w%Xle=tzXvTTcZ5wUrmf4jc4yo&8}|4d{9@!^5`*XA?MCnWra
z^g2S}vAN>GHu&ME+7eY=tsU~?F;QUXR4VqKWCH&_bF@r$80s}whxgm0;8=tG=ag87
zv{B-`r`Br@1M|E8bKjKD$dw?ZD1viM6oJ!8ids{MA>nfos`H4D$hqyB)F3gSW>CL8
zG+dKT-~Zy_82TM_0bX7w5$wch(fNIzWP^tx5gv3qO7(orlh_{ZxP65PmWAFhE$RIj
zL%7C^D}K-avKrG|^K@iFctGgXth@IrFxkjuQ3<xC>5173-mwRnbzVCVp9|+2(rlvc
zINXVJgS=82%Fby%c#Xz#F8A$Vte=?Fub3eVtKLOSjck@V=R$}WizTvLfCAo#zlj5R
ztGfJ^v7uxe{H1;4mo`9@13guw&T#h(#j{ZtXsRMx&bQscF(zQ`#@)C_eXNi5$>BB%
zc<YH>*-NkIqh2#b0>W9en0XYzT|YXrFkiP4ZyCzTRO}0uJM<rgUcdi|bIg2|PTe9Y
zo8CF3DB<9p*Wwd9A5w%c`3$6lvlp`#v;E23*VZONrvb!UknHmh>=>A+klmdO>Tq~5
zV9<j%xANfI+iYL+1e5Kq?`9C7`yXy^>r%d=#b14BYfm{mgbB&?)i#RHFrha*=oj<V
zrTLYen-nr+Bi=ydmtRFWST9@sQHKs1j-KydI9fAOaxN^+S3R{-p7XAmy#M;#_TMQo
zZQtll#BllO5V8xmY^)?)qsnS$LaOHb1AliRKaF1YmzK2^<mgzdp+@d;OVw$kftQ;J
z*PhNzR=;Sy`d#oWYv1_pF|Vt?0{b6QT+KwEKW_nxcg<B{O0c(F=MviZnvYj0R`4=N
z{Y2t`_&8+Z1l?nPtGfQ>I~aG*&516Qg$Fop@2)YQ?FX>QmL%k@c36aCiY6<-EvP;l
z2u2-|jJO=9*k7*oVW)VUXx>Abpmz3O5pNWm=BMqdVq5Dty0vrd5dpN}8>49qGkUVS
za6KRO%x|p3>7b?W9FvxbB~oX@!B!rAnZ|Hm+V8}4b4D>P9mJ3h9D`0mJ}pKij}jrC
z^uLU>q}AXkr(Dq&as30%?;!;s1s4^zg9vvtWd`<~4=3d*i}E3=<MJ1o_RKT(^%{Xa
z`C}-$!QUQCO5GRJJL++I8U1$ek2C>t3zoSiAKZ7zq9Cdwg$%o_jOjQvg!_SFMepJI
z!D8y`KQ9&4lJ{3=B8?+Vj%w)2CTqeHWe4^FE_q=IwpF^WG-I4<Nn4mOWEH4w$VyN9
zRm@DS!QH);AE1CiQ+0O1tyx_1GyIuY)4ubSy@nM(E1laPm@g+=&*rM-PL&arTPP@7
z$-CHr^zWacF8h+H@!RGOY=9KkSa%w++?#wbOYzzA{OjN24Xw0xA+1lHUOQZN<C?Uy
z*hzA)`sQN{Fjp~@!HA!3#-2CTUwUGrJfYx0L5;teWgF`G5?FnR-2YO5R$)2Ze(5Of
z8b#Rp{i(Wq<Fs>ui{d?QonTD>G>R@1en}x1ur&t5r5Vv~*F7ru7LD?v%SuHhq^b1D
z2&ONn4UX77=3>F1&aZ&L6QV7p6y?l=qdoY-hIY*0$=K?4;^Hd9BcBm2Ejj8=uQT9W
zb>G*wlq{HCE^MQ#<BU2g>?#i{EJqrU6X@-9=%qpJwp%;d1y5!Y=FA_&1HMV|8$I2F
zuYIp+*CTMIDGNE)vrf)qW>^sIe-DxItH-vN?!&G`Mc2j-#00t(Kn)W={MffvW6NdV
z;_n+*|L6lNO`=T?V%OcUC|H|^Z7@wYFD_?6@Oc!8DR+6hZWYN_&B|{JNf)@L#(fr*
zHH`+9!ZUQc(Z3|*udwh2bxwOt(ORv(=ut!p`O4)vm$_6yrg4R=@~B7T47rc4{}%U+
z<PGclU*xhs{38DzrP%=@p<psPjnIX&9`^fN+Az0m{`{=~#S?K`S-gP`JgU;&leR$v
zwOIz~;X}B0GzB@hwJbN}y~a5i-BpX@7OpTNw861C5Za%I$OL26UOQc<;0Yz86nW4s
z;N}|bIDY*R&4;Nxx!3JPQJQ#2fLMzdIg!u&VpAWW&kfQI5-z+${H}OKxG^osDT=%<
zq3e4f%ssyPG8dYAc#FIC^0i^Up|Y^*46{KO;E#}lKwY*`dZQ=dEQ8l0J{QJKYz$+>
zS_arupmtsRBHe$}1?536I)d3v2=NYOMyI6%R){YD`5~UtvuBA9b}^(LhAyZukf8%$
z4e}bO2)_2u;A?*91JsLFBUFPKe-{czw|&qT$Z^ZIqpi_S*NAwn?PM9EW}X*KdA#)@
z{Ef_NDZ-R=Ftl|N{eib`^tUgqKXw?wRo2@kOD-Z=yazqf4Sv$^PI6hIr{*;wK54+&
z2-<a)uyhg@{yXX#;jdvJ!E!pjcY=^5>2IKyFi}9#VQYRJ@=R-1jNAK>!=j=dl<oP_
z*a6?Zs}?TbOj-3;mWp6qg8ly!%;=0Pt)P6+D2%=mqAus%*iCv5Tm)a_RzBjl9pEoK
zfroNTYk@d~;^z3^);G#8??>_?3t~f${5LlI69*jH%~i6G^lax-Kc-UIBk^~rG~`;~
zBxMC~a#L$mK0h&H7@!lRC>fb-AKMC<9W{er+X@^arL+S>Sol&@gTwhPD31tgCY7Ck
z^MTxgTF_Y4I%*8qGD;Dto4FXu!HuHdm7JrYf)Jq*;6qmb-|<wSSpr6Rv{LU=*=3c$
zdzTsci+lv|o3ndr+4)BPp#nc&EBpeK)un7k()yuCx<i)xf`H`q)ngC?&Ptkr`=&7Y
zO<|k)88Xf0qA^u}z=QdarF!;HTjwJeyX;FRHf|#XQi;G<+Wk~g|4Ifi2FI9+gici#
z9cQn0sh)M_ss{;8TCoi{dHJ{z`df4}e<b01Qb-%PVi`-dSJ3fTRd69DK!bq<=1|!k
zw}DUDak~g;R#y=Lm$Juk9VKym5tF_`0Jg7?EjW}<veo&nu25C@HQcs{pD`Sc5^f*z
zAHQFe@tSvdXD$e42s`v;Ql;wDl&D|0wRF0Fa9(C<$9_qjV9HNP2zTdMi3>ts6A(wM
zV)R59F-ovjByIV+f`wzFKFn@wg!Z>^&!^70_|Xn6ACB6<`g0_`D9Qf<&+l&n+^>tg
zE0-PkOTg<Jg*|<!d+zkVz;C&%pq>oO_ISd(N<st7eb8RlZZoULIiRloM`&v9=5;ZG
zzaug+`%#|OsWO4M@4(np9mF?OoMnW<kq1$Yt{^}AiUi+%s4$;>8GQAcqoF*?KCUYP
z$n{9DPNuSJMu4s`CC{K&t>i>|(;w<ZueR5$`7lYrPEk6~*QnmS|N05R-q)XkBc-0_
z)^ze(qCe3~AdnNA1@e=lVM7$h)_A<NV6o0RK&f&4?v0M4c7&)hDtr#({S^OPWxQFe
zm_x7G+%5Iq+8&*X^?cPv&!nEDJosz+`18C@rPICVG?kekk*Co(ZvOY>#7zhZ3EEqX
zpH+SbxEI>*eL4?hFp;wwV5^RAs^C9+K)L?S4Hd>31tL0r9_7}7x$ajQz$QMSGB2eG
zOL}4}aL&;N@v*`hahs0$bs3zDR?R)3lVX4|OT_gp798)F&kW6RL9@I0Ko9neB(yC%
zEBo?aeRT3el{0Bt{i^;!B;?zq<B!Nk+uEqxE7!Az3%wDV;8tmD9{8l^RN<4$+58)|
zJu}s>@BRgAN*=T>7QWKx{~LXh+UE8w%MoxvNBL>ol{ug2wT8i}Kd-!c@Sh}Rk@UU;
zp{$OA3<BDP`@nzte^U9A`_0J~0qplCQ-69#AK6%OT1KsJ@-APkxpG@b-74&lE2*!D
zh<Qt^)5SfdRz!4Id`6I6Gx)B%pHVBkMlxClZSi>rN4QpUUv3>cz|NztVk6wWYU_9^
zE?qoCIlV^n^tEmuK&L9AIQtTcuh|GTDc%je3#DAUK#ZXOE!NEK>2t`G@G)_Es4(Wz
z3_fP>p-=(HQMPBSOlA|Mj`~cjhzWBfN=piW+ocA$vrEnF@XN;5s_nLALWXKE<dDCV
zl6rP)h)Y2aEB93^*$S^+OJ)By_n*Unqmh89XwHO{$lR5|Z-^*MXZ@RmsyQ*;C7!7r
z>iqT(vZ1sNadeakxcJ{u8w_bnnro(NuiSKzpKIeQH#N@x@2>U>gOrdi4y);Kz5U0f
zMBU(a6S7l;`ehn+LV|u7;aTzC%gas|==7eLj!d;=nO-2QnA+2}WsV(vR8cjQPke%H
zt@$Tvuc*L^{Ln|Wb;veDc8{Lrpfw(?G16^xFOai_6bz|lZ6Sks06Oh<7Lp7oIl!3b
z48gxnb0--5J46Sz$pA2Zee!pxko8?M5iIra&j2l<AH!}$iv&lZ=I+nsUnoa#wi$Fi
zg_6O#+iC>lk=fuEyC=y3ftjy+bs3{!m_aCCMSxms>rZMF(D$;)Hgs1^RP9jH+2#;W
zT95@JtFPHC+~Zbd_TQ&|V-<Hj_A}r;xd{$g<3*xa<LIFKMHu4o1(;BuqaM62!zixX
zNqBr!jEDTC>O28H9P$Zgc>vcWMHHAwjX9WQtbK7l_a3@E{a*g(z-U8M^?)@eQ*Dz+
zsC@ace<9bx+=j0F{yd%*y*Sa(0Hg=*J0m#+wk0fuTSLF>oa#Ra<gO*Y4%zFyQF~g#
z_vnuH`D)4FEg7P_Z&v>H)0OM*BsO-g6rTUN!_p6b&{;mrg0EK+(mgHnBIiCkonyL`
z6oEgj*7UyCi60Afh|92w2dN}>GwUv$y<+CT9J}WVp)K*3miaLWDcv)sU$chP&3Y(M
z?C8_&3}kod$(r&sKl__H59LypdFVG5tCn+C;dQo82*WyoClk=wL~n_1SGJsJ!vT3a
z#F#r1@0MtY)L$gMR6Y&&ZvL&AJbFmgZ_ECtA=?YO!*?_>DH?Z@>$SEeZO$S^l@6L(
z;Ff=gI4k>{?WIa4E~WGs$FcXk63PmPY~9Y2KUdw9_UjeBq`#c#N__6x5>8&BOtZxw
zj`LK3*07gj`r=l_JiL8q^&cdwHn6UlV+AwdGoXXN=<sDMasC?9Ut0Kz=;hvuq4l<@
zY1YtazM-Z#m6@V`WqC#C^M<x$C=Aog1RE)4D`Pz2ldb>4o@gc}o$!VJ+Ukv%&?`K%
zrc7xw6(1mX7t$I|aH{^9)l`;-gWF1%5f;rkDPMt`zV1QdR%+&8!^(luYcK{cA{Dj@
z0gQ_V!jfNN2Wm`xJK^Y|jc&(O2Qw;Tp0%;=VXKlR%qUk08J_D{zmK|o&HIG}9ul>~
zn;l)aKGg#sl21^A4r!NMzql{$fDSv%8-l?!TQFQ-CerIQVj(vkl&UQ~M5NK<me!xE
zs>O3AlaNk3Tf@e8NCZIYhdxw^654V>g5p7?`$CwVLiyENm(;G?kd57QXdad^KX9%u
zX4o$m=7Ue<1+JreFi2%X%!0b&<4}^MG^^3|uEcS}Lc-r|n5D&tpvFN{2I)|n&cj4n
zbnY|H4B%(`HIuzn1o7_Cv~=y|U-Y5%4-F~=fzyPge1i|VeWQUiV}<nB@2%^V4*s<m
zdT>pbuxv}Sl-<!3zGJo#xd808c0OPauXu9Hm9%%4vHO&;zg|ivEEDB3&)InlJ-R<X
zXlb;6{X(>fD6RD+VjUercoE~y{p(om0X7F|90ELwt-#t>6U*-;I-JvPQkW9`)z1Uw
z9aGdc+~A>*bb@mAoIW?i-s%|b$}H?h;bx5bB2#7BMRfi-PgZYKMm`p98q)k@%o$$+
zS+0A4x5SJCOA@_~fV(i}PH{!xP<HR-+J3|xm=W{&N)3Ztw8-su3g2UIzt4HnE2Vva
zH^J$V)<RFGTjoBtsmnA)-4D+sVY{m%pN%^7J|usf=hp5O?LoXZCA^YmnrZiXegC7n
zMk_LO>w+Nf>gHZeWY~JtG)CvaPGXmfb_`yxF&G-AJW)5UWGGU{>n`^OybCh?Q#R~4
zypUUV*_u?p9djF305#Vj;ON*<m?|Rt`G0p3Z73|4ypra$N|UO%vO><?e?~u-MC3JE
z{;+KyqWti#$CxJUk-shIii%#wS;XEMCV|*#^csVV!9|8T=4y|!6Pyo^F5#EwV0l49
zyv!d;(sO-nc6;fiMqvK~1>>ck<hA4C>c-?N%oREGXlscnXWmtk4AX-OkA94(m|!Wm
z$pK-lPt^k<-O$#zH0{at$ej*HXVD>}gA7~tVbbUSJ?JOgNo*o7foToZGhV~+R~B*G
z7a_N+Pqjrf7?3uFGN0CeSf@R#?v(-Yhh#lACv9Ktz{BV-ho<&CpBh8lop;c*B6H^b
zJT85Q6Tma{e?|-L5|s-yw4RNuhR4mFe@d`rpe|Bm3Sj{vas9Nc5cA#9XW-1HP+1y5
zA5^h(jLy7UbdlM)=B=RB9{I^cF}n44XDZmbld?lGda9B<jlH!;ncG*Y+92oolxTjk
z4&sY$HW1#IfTfEdt8`mF8H%?^{bPl<ct_c*-Sg1;0HmjB>Nk-kwtx?woORBDSZU{O
z=f<nA&t1LdAX>uz)yaQDtAp*G2~RLA+#h^-{)(_1Ts)W)&DZ|8FTE0xwmw?S3J>!e
zV=snV1KWSmV|19%i4oo;PItINwq;*g-?{A{x5T}T(Y6fjE^5&CPlrcs;e~Sm`zQl2
z-!e}}E@nC)E))y-jItXk9$jZxjUa)1u{P%3{MYK1V_?yD^0|8Vi{Hewq4j`C<1kdX
z=;mPSP27ELOU$TGQ{<)a(2@NDv^veXmkWE@KAun*RtQvVt}fS(UuIMpmS}g9t)U;y
zpvKC=>&BYwEhSpFnpcQlzgMca-Hdk#)aBiHA{$8o(kGk9BUt0fXp=kc61ybi!uZ&o
zQu07H`Yvx0?x`EMc*XHn7R;n*!U9yk<6eSI12pjIdmdpw=P5Nll0;v6IAlC^akU0C
z+v4s$!nFhVd67etjE?bh&rK+Ao~x_Z12$frL%ej*A_xi2oNR;y)<Tk44hol3%xKBL
zD)+~79^k-1Un(<(6-#XZRn7Dw51)RA0q=T4IhyO#RGl8LM=VwvE`i%Y4YB(~y+iL9
zoP}@)+FJK~`7z-s266f;Isu`s+$OKnv;ieJP%9=zZMIL}U;F&#f{`VdSB(OV2}%#U
zSe^=LAuZ^Q;RQ`Vt}zoE#lAFSfDq%;m}&N;9t0>SjEDRf$OV8C$X5B$tuj5Ku=->4
z0!u%&!KXAiamf7b0N~ujePd`tq538mqeHqmtKE~(`Zqx$?a)XDOpkOJyFqTlHE7f@
z3X%mj+Vw!KIeDl>p<aVN#bq@Xrx&cc(BM_SmYRlk7Ov(NH944qS2J91XY5Dbc27Zx
zNc+L3JRC<lTE#7_bwvLkiU~O@UGL<q0NJr$_-omIeS{hI#`bZGLUEF%D;RARG~Mp0
zeZhITO`J7>T&gK=>c>XoDj-_(=lpxx-8Vg=*ZSkjct1^meSDxL*PBO6=O;{G=VB}q
z)qC>!ii(YSELqfCI)DG$7=X!Cn9bRO{3GZ9l(p9no3I4``WOR^1MoB>F@vADc|CAV
z9+ayboVm_bTC}JBFA5X2HEq<H)+FD=evvx?Yn?y9MzxRr7cl_3<Cc;3UzFm~cw<(K
zttGb|4Qqi*|A_6j*pZ1bs}WpG_62KEWppmgh$UVc@?=DD3)q22J%YQNC^M1v3hm$0
zHyCd(=-ttgM!pGrF>zA`GjfG5Vb|!0A8m3+l|wF-=Hr}4o#mI9uyB35{}bBzVXt^k
z>zl}$fgGIOu+t_At9D2VHXXfIeu-PBTkEZ?xk3ornQ&Z{D&HbhGAPMFUfC_5Ur0NO
zYJrFm3%1Ijnqu;N2`kaN+FO(1_N2umPj~MzKi$fk;P!~Sstn2^j<@>)T8@NwmzRfy
z%C|(h2s;L%5++*9>?sC_NAiY_VGtwSn)4XF2)zh3C_CdVojU-{0BYQ}Pvz*g#EjA;
zh#hSi)<EPM@*44_%@Q^W%2Bfi(X_)@vr&U|-c`52=le@%0_tZMesmU{5q@S^a9$Q=
z_}ocMXX!JGmD$iFUNEEopw?AXdMpF`7i=HzMcXPG9@@@*Hx$L4yaod}9KP1G$?AW&
z=8Y~!%!M3p^*Z1N6!G5BO4H2_Xm^QHIEQF*vOPudMYxRHLic%YhgehZBzh~TB8TTY
zq-};DlOx#0?SHojS^~ZjHe-<ELG_U2*pD=b>GLevr59JUGBomBwu1H}(x+T}4M+TO
zbe{LGX8DKT`%ZCu;?l9M?R?cGpeU4h5m@@;ss;+}S+Xkwgr}i`RO&H|#N+3%9fhOI
zqMpCi5N&;rT481gfH8-nfNjk3=NIWTg7MK%4n5trLV&b0VaXtCO~`laJ@Ti%EKm>(
zfi3pMe9JJO)j9R}wB1u{$CA*5CgA!=U*LKlRXQwH%nM1UqgSiS_KsYd+Za=iy*9#}
zBDY2bt0J15A_<wA{!u0SaT=9Y^XQ<v!Mxi)<ul}i^DeG8Zs_n6%iVKA<%tWwC60un
z@vP%$CwCUwaNu_kdZA?F0%DZC`o`kB46qgF0Qzws$nyFYtm(>CZrQln)6LOC8$ZzC
zyf<;bWEW#LmaVElm7tgB^Hmw8zBJhPSeX47P0w<X%wYw6iB?WTvll8h{-tQ}MH0S>
zIDC<bm=J;f+hgDwz2l$EZD_UegO?gfR<8EYLv>awmQU+o)@uE~lj`MK@oOMB8#=)(
zxh2)~Zr<vmw)=k6$O8kbqy>e1da{LJIN*)BPuq5M&J|(ei(mGARlI-g;Bd5S_7wZ-
zcil?GgVJAy^4Yv>3ObJ^hdq@~1+If=yqU{y;^464QK^UK6ho>dFF*|<kGxjyRj-#y
zeQV>n*z``@+SfjU^<~I`(K_&+=RjUs&f!qOj0iC6*c6ddlv`@7f1TTX^1i<hUL})_
zndRZLYHIh6)J6H_^Y^Vt4JO(~T+LTC_CNj@l}2MoHNSF!s@SXb46vsv1-hd(vr}c@
zhu~=fJ_O1@K>*+4EASCuKLG7knu4*1LiGz3-xuz(XVt&jjv7o0^_G7BBio)q0a5_`
zF%s3dh{1a05r)6Y+;#JPR74c-O|GHLnH!BE^%!_~ZjGN>|A7DVRm5`1$xa_aOULrz
zo^)sbh$A#(8;^$E=uii?p@8rG*amipo#!h(tEinO)cGM~fCZ8I#NSC>$TVc3YLCuu
zlZO%?x&hEib^5p~97zOY9guorlX!MWQ(^`5`J>iA8Y=oJRp!{K_ai?x4UB@A&8Kux
zJ7JlMiZ2pY1BTND`3tgB{DPoq!t}QIRPARv7dN$kJfTI__&eRLvk8=#Nh(NUCFwUw
zRiAO4;jo<PE?HFfI}e}dX<FzjA7&XpaW@_qwjsCD`L*0oE~Y~6DjI>`$D)JhLY|w(
znXtqkfw7G2oGTBbx5qqPO;-#!@LWc-_KMRB#&h$`-t%%Jf90PqcF31J-&)xds9Pj?
zn4cex8*(UXG?+D^nJdJMMT~qvik-tsaC+M3DgL`^EI^wzRaK>P`T#3s&^c-Aw?>3T
zaaQyws?(^QbZ0=XRp?!RrRZ3wcz6-F4o{?ZU@Re4sy&d{hc30_Nyh*=p7(B`W+dBG
zk#Kewz|8^JBW$p_|2*F#O9YfQGcR)MqH{b$#a~x3_J9CYe8SLC?lXPYujS&#eZY%H
ze7P9%VOP{o5c7oU3T@OO;b*}upx}|s`mf22FANoLHbea^zGupE-<m}oKT(z*X}QL(
zf_bVe4;D!>^$Hc|biDSF`P~oNtq|l8tq^Mxyf=!%e~nnv-lYr>Le81O*(K;*ifdJb
zL7A_uX47^X<TD5g&U8>&k^ScCEPvQk@S9dKVncaGoCmk`^52Ad6ySM+Cxna|Jy`&N
z5~TfD93QZTZJ=N?=_9yR&txHC&57?ANLotV6I+aA0Ep9gSbJGDL4}^`!h~|{*rHwI
zMM2&~npw$+YhB(J&isnGS3v;^`ydfwX)k@Xdm;Ky<UTV`tR=8Oxxh;OGX4y^80{$1
z3|V)NDD`C9OgIaGil`7?pLP(tlbZiMi<*?!onD%hW(sI0fK_;5vjq_JL&^8>BP=J{
zE0Tw#8D9Vn#CBj>7|Dnnh&%Nmn{1E)6V{COYnS9jvsf7G*#uv_oFj~pSK~P|dN)}e
zZG=X`B3Tk2x2p~xV6P$WJJNwpBJ&gIKC?!M1q4fd4{7G3$BB(=pYU=msez+<zlu=;
zHn%w}J;<Av?|%U5MJ0i^Bma@4L3T^i3QQC$C%Od33k<h~J>e{kFI3zJdQbfDmR79G
zs7W1>Bov%4{T2ak;dz|D0B0`}*9VHa|Cu%a@>6`wK|6d}r0(jzl4fy%j*kcwe_iwe
zXl@zzB%E7{`l+X3WRg0JWJ#?j_bOKYo%C>w`}WHEHht%#QK=<8i~;f@_Lmfy@}AAO
zzxojSC2Z?;-m~o7-LoGD=iUvx!VPWhNr+yJ`kAOQfhe`RP(Oo!F71(o=dSATb(2Gm
zBpUunTp&pdu%jqu_H&<cTxY8~!}D#+d3zk%2`3M$_Y<n*)#hr)>Dz-wZi#mzH^$^z
z{^XmaM<RIE6(Xlp>MZf6RfQ_tAcL<xvlf*V4JZz4fl3iZ(7Th1p~pi}4YD669?iR)
zBkTtb#)tja>_#=T?#Tu!@>BK|ikl{=pJ_fOEG*hxq`cGu9uQ=}F5czGd|PivVVXK;
zfbVFpS3u?!;`B&b(J{Q+qWKi3y#kLO702e^r*r20N8Id833Nv;G4cAaK-=alRbRX_
zDpikO;$|I>8caNjSgE?ToIy^}-sUosc}A?n4yJK5>cH&In3JXTi+Ikq>3qcx0Gxn2
zXH!Yc02|umi;4As;mD_uLz*|Lk7eon2F^lm9l;#nYT^Ods3E2x1Adp3zQLZQ8oSTh
zRm(Or18RJk{y_D=*$KF)d4CabiUU-WRU9C3D}nWfA+6^(_t~=&hd%(XzZvphW6i}t
z1}*_jXgBV^GrRsf7|e*}sDQbl)v(NKq+#QDQRl8>`Ar2$swNS70A=XDtRlhtWWsPZ
zdN`{ozp1z>mUBjs;O_v_S<WrY6P$f{`z27T1OKxSRg$@dB5NtPQ6%SpJfRlq+%Jc8
zYx4v#W^>|-5_SA9!ky80Pj=T)U{1X9GmV&w4cIq#EsvEr1E3*kIq~*S<|lBs0gRz<
zaKa}KP7j$1$^P~UG*>ZeLy@hXY>3OXLsr?S7tR?pNwsyG^Eifzhn6-lu)EpZ4L^Lq
zCcwJy>J%$xaQSoKUEp&Vwp+%igO9J<|4LE0#tS`g-b6MLP?xmiVJ}=7o!P7SoHjR;
z@#qpM3&#v)U4QGye-?v$%74bOCd21Ir;Qc*hWD}N!mFp=ixUP}xAHZ073+_M%JKs<
z`1o5JP#&PlbSmEAiXQ4Gk75c@lJ=km;f7_Aa}T#pKnmyKZ{`KZf7apd&w4v(>WD6R
zR1#;I5pr1~b|!EIf#}_Y$+jsN^%>BEk*((}1Uvd)PH9U1&(XEVGx@&%r0B$oN)oGx
zN?Gwi4zo&<gi58t))_e`hcR1{kQk{H*@_|&2_dsN8^xUGyu}!X&5WJ5-}C+b<Mnur
zmuL3e_kCUO>wQ3_f7{R2)a9ZXZjsKA7)EHVdXfE-6A65U#)$evljh90JcmX)(|5J8
zh~YM~)KL2)Z7j?E0L;F*C&71IhgxR|qn-3%o2U4Bb90#Nrrf=3{bI^gdZPX3&G-u*
z%M#C~l@GUdmbP?6CHlfWi_=1J^Lje2D$AM4a+r$@_P0fzM09l!h1TLv5@sxRFOB~&
zK)tGfrjv1oX#=Y-pW$A5EH!?M1j}j@D&wEU{}WE~=Dgz-8$w|o{M#+**}qGSW2+V^
zfFMv+DhsreYYv83sx9X^MI%0nt^t`gv`41LV8b)-FGRi_o+)s%UG+Eirad?qk=cRn
zw8)axI(RVCI0rM8>sde(g1bIZl1sG75=9me15Hbd*^zyQ@pD(#NdI8~`6z$;aNl;J
z^((|$9X)u?P7&X~8d)-fjtEk&>ZA?_EM1{hejvvO$082(D=wnlszh&oF(Z0Ha?IwJ
z5+&<`vh$6B>L~ljgeAfY=*Z?7TOq^dKpgc0A+Q|gErHfaYhW<a=G%D>{K$Yo@v`%g
z;OOz)KnPr=K5%PgX-%QB^FS^2zz4W!*DDs^1eOuPFso|OerhX~-8Hq1iadq~zVifr
z_ttfF7V^j8;A~|U;KcLeC~z^>wBk`4U$q$i1#q}9fCOiQfh{uRHW&!S1|}}dUO<A&
zer+$|MPJ8@{su=@t4_y(p0(b!`G$lI_y#vP+QRwSTn7@`rM~<1+-4nT51MWQ;9_6)
z2l(=R^H%u-JSSqJ0(=tXZnTO$S!+CZ8+Y@NWcS<`v8T>2K*HL8<VB%*U360@?C={N
zFJLcsNROmC>f%8%H;?5ViL#r^Iz>2b+vi)+=L;-SsgdoK|AY>@g2w%6RA%^>oMUW)
zt_M3Dy7d67>H}y7oz;?RFQJOp>6@jk6eP9xuT*3SM)j{_NB-u&{|_JV^Sw(bbY`E_
z@Dpw6X@zX-tV{B*ff8C&yS_BiC|YA_Z~Mykw^|E4*@b9?{yA=L=6Nftx0wroa;>({
z!yd2bq5woo+ieavGR14KZ07DCcH<B2*U1s8iakRUSr$FJ0E4Tzh>6^sG}vIdeB(p;
zFVM|O`AD}hd=DgRa%vsVN^x=%h6Q!b1nZ|kMWZ2l!5!}Uz$n`?Ibub*6lYg!8OsW(
zyYMP-3zFny#c;K<_UTo9$h_P`1Bq<SM2&E>l}fGqQf+@vm;32xZG;8rh8U9&(R+yt
z?d7x$tiINd3K;IIocXYC7O<-M)=|XA<Rq{Jp}@vKGzlKdAnU<-V_p-PE&=<1iY>Kj
z`tG*l`jALWYSkjF3i#kJm<LCv%mS}@ZVDbNIcHEzO9Lt-A>1sugY_r@uYmOn;A+3Q
z2mk7V+9Vm$I8Nl4=lQlOlQDPBp%-G+!0oRPKDf6RxS|iolLg4vte;CG#-B+dV2D@9
ziu*e~Abn-$vCIKr27+Ksa5NnCk`;$O;vF!CP1!jh-Ej(-(ib=qMs3OFe#5N}3nqRq
zLO;wx?IvO=XI=bzdRy|cqg6{y-p;>#nte)3%1=XMlhK|U2B~Pzk^}1OxJTNqMSs5A
zPMtLu^B)0yN;c`*Hfr>zqfMdF3w}P@FaYv6QT;*?(PtRs&@#!Uv)&+f7Sm33A@^nQ
zB&(_O@_dg*t!(dvoRCAMuPNrXvRl2l&;lsU$7c)&lo}9tm=4e8dN%v%mEvER3x?@5
zE!|-KOm1ocU4^Uzwcl<Z`52z`(D%_8-|+wv>V|i=-X1G$DZX3+t`9f0Cw4b8ZX7*^
z1_FYViYeR7Qqdil%OmeRC{oezbumS0Vh&^htb_cc6|pT$VpFKL=gCN34X4=wPPugD
z0B&4On3as^&qt4XPrCj2XwZ1p<;d)fu{j#Q)OGkK);G|dg>KtR)L32jz)?O29p6@Z
zz2wVA@EV&f*6Teeuo4AO42y3S@FWU=(WCy<lsCwJxkc<Ks#%d>b`DkV;wof?`PwZE
z{HO@6@dpNi)`$37yQxE00=k6`00uK3@s2AQI6-}Q*GubXSxs{GLzn9K?~^C>fWEzH
zD^+5)c$*bW&4}n0A89fjch(<QT?uurC=PW0#$J~tdMLS2Sx|zlvcZp?1U`T3iAeYo
z;L0_wG0@2n$sDgvWWuNh#loxBK&=M-Uy}orR_2k3u(+_Wk@DrnzD~A09^q*q-TaZ}
zn+wD7<by3Y<%d_|KdEoV1h!zhklzD7+$aWFKac2^?C{d2sU`Z3|NO7ha?u|k{w6ba
ztlz=d>=aq-zWiZH59}8!?9Pkcd0G6yPt0B*CGiU7%$6Ii@4sk&r&6^N<eRKEU;Zow
z{5l?rX)nuk5TOp(=^ZteH~ATbxuK*8;KDJ$o`pWNw|Id)b1xfqK_8hMc+~+u=^j0?
z+x$)<^H;OvelMxSRSu6F{EZ1E?s68D{A!jRn~HJLX^|ZRK%Jo`*gC$t8%)z>>Y<E%
zpjejL-8KwHWfw_r+Zq5v_1Sw+^s?m*v4c%;he1jB&sF@7&H<TgMOlTskL|YrD{V?z
z1kL&_xFu$Pmp%kG5jR&Wcd<Lr!NT7I{qzVR7bF;GRdu=o<51{JiGOAxhc6#80Bp&_
z24oVqPb51_NmcwQile!Iymk9o%o83zXlUN$w9DhXCPS%CdQ02H(u3Luw&RoP!p?)Y
zOsm8nIQvqu(d$^gLDJ5Ql-_eaupQh(>;y?X-O|WoX+Q@1nN@)YVJlY)%OiYAH+KXs
zxCxgA(EY!XD&(JEK_hLB0_U-<ssS`pSqbRjc6Ik#l3oCYZZ`q;j77xGp<H(C=X3&5
zUh|@gXrKn1V>zt}%3UP1!1id+n0cY&>I~Y=Iyjn002EUiL}w3*eYN_9VsUzUB5dL*
zc=%<B^=`z%WKpXdY-VW{UCiP8ShKA@iNu>JiY@_=<v*8tNHtLI3xhLgU45P85$13A
z))6AqdrW$8fTWpY&%e6*R18-q?%}3e-SVKA3vGi_D}C_nHd(9xa6X8)&Y!nO7fKtN
zK`KNxz;;-zd=R38;;A>~pwF<r?wj&AC)(V`jN07Pm)eGQYR8GinW#JVP5o8|J7h9V
zY3RA?WN0rnYxVKsJ%5VDYnBxMI_uKqs?I-&i33af;v)PEnnJXq;CfL?!-FPDk;dPU
zn=uA7L&9}0-k-<aa%%>7#_u~bGRL;%4=cxD&A3vewPK!z4Cp~^HsDT)pk`t4=LC6_
z(D;EB=ls$x1ij!Ug45Lt0si`@98NF&ALM+s);{ok*OCd(A4Y%PLabQ)tlu%pbt}@M
zH*}ofeH^Le<LFM$ON)*Vs<ELJM&Y{{p0Kty$$5GKU5Ar416bt88pMGcV?V@s{tHxR
zIAII~%Bg((PN7McykIUSyKo<=wWZTGPGo5L(@eAleSU@VNK^7(M1lZJ?;O%66=pSE
zrCx~Cxk4_qw1#C)PIL!&gL`@vBdxn~Y0NnUnH?-3nXFuxf8a?Q>>c3$^@hK$=qKb~
zqUHk~!*AVlgc;n~2|J)Y#{1v(>b4m)V@2ua{<<+TyFb7U@rGT~@f!|I4}O-qu3Q<r
zof|J`mwyeUKM9Sd092O`la4I$qq_-#m50o!&*k2Ylm=Mr$dpAVlg>YI{f~LsKO?PT
z^s7_iE1qh{K+oF<xvVseI$$Hpu6V(liP8k_Kz7?^Db_4ZCICTZzj|yh35Dv6NonHB
zMcn~0%s)|MVR<X$cSd3rj(-9`Oyq!xjPHJr0am8>#P4E<y#Ve3xWuCI7YH*Fi(pSu
zV9*U_`l*TExH-p_p3q+4wE&=qL%(wNpt{;j`1^}03sqdo|G5lvj+>!wh9}AchUFIb
zbTK(Kf_x1U;8t87KLdbPflmycTGcN{-O^zju=0ZGcB~oI^6~jZWbaXK?=kt#F|adt
zw*geUND3>9t&j)qgZCsa%L#a;#RED)e}v|=n-=n&n*pki<}9RpvruhVfvRo^JQnq?
zb+DN@{&u(-+pVNWYheh%0L8EulEr7+--~-Ji2-3hbP)f_OIQoBQFa5F%r)WsQ#$LV
z3-y0^6|4BeW)dPX0{dh*<XD8N_$orsc)Ean@3#vCzgm(q@;XW(@`L}q?5jIfq0`3!
zd(=(xO%m&>+-#12m&q@%Xq)6NhgMgM1r%nj1+)j<mY&R^`E@LTrrvn5oWuk**SKSo
zzAg?-HuR50dPMwoADIQp-*V#Oz|yFT^(WYHSxq^`z?-Q}kI`vZ!TFCNRDx>N<k4vB
zv)m3phLt=Xw|y8h6R0bHoYU0ypJZT(dp`#lisO&B2CgU!MC$C>D+A{&;R19?8@TKL
zgBv|%s#7C7K1TZNfe$wh1O41}aoZu_NgUyocY-GpePyW^tOGuFp!-gK_~T^Gdb1uq
zmPfn+{m!b16NF|xN>Wji{<{)j#rg4=^$0ZhI_hOr3M~Zsy_Ma88<1Y^^dEzy1+dVG
zkKFl=?h^&EMI-h8lk$=r?K=h9s!#3JA?=C<qg;mp5xer=C5HqplEbKAi~5|-6lnuS
zIXI7Xt0;-G5&VoWv8HPBEl2bY!P|3p|IkoWLIqSY{+1_LS2Nmjz8mcl=FX2AftRQ3
zdLiu}$T3JG#{X>3!z_;tED4R5hHs=`lA|`>qr`j~SW&5W4uqAKSr|3!n))Amqj&+e
zo^b0Y$Npl;=i7AbW{koDVlnvdAJ@3b7{ywJMa_MZ!^73{>fV)rw|0CsobxoG!8KTp
zN&FXyc8EAI2m@Ka-iO*dPvSc;KtGn(@UV(5?+;j~5S7!;EC^K?iih^gjpk{h?W<o}
zH<Y}5<c2*NZ4bo#klv-y?_L0AZ3zsp_Ij}c8eD~CjJfEtBb_6*%=^i=v}YeAB#qak
ztX#6}uMGWJA-{0_-a@>c*siu{68<Bj0*?pyuhaTVC$yp>M>zFuYONE!9Z2NupMTj@
zAGBP}nync^D&~3r+ZU<xE%?Om$_lB`gy+Y6x~55Sq`f0r_Q{nS5{(I4_MQh{-ZLPf
zIf>-Y2w9B$m!$#tYj-(&6sG2)PErQR*s^~n{(`8xU9!TCFdK!%n@-IAE&FkJ4fzM9
z;@}g-*w8)B`)z!RDxkAws5BKh`FUW)Kg3Hrv1_gDOzmm&&v1CQ#^qx=a$}?$XT}!@
zw3FNjqJ{n|O{fgazdllCy<XgMkCH(@<lBKR5Wz;1&Ph%80973cT)t_v>^Ya=RZ96W
za3p+PRYv>R8k-NiXUVqJbj!W!^}Xlh+~5gH(y!Y4GZvPr=&SCyz8Ud1P_n(1{YENt
zJvb&la|34Ei#g}IkW|YC@oCa@<76Ai{*=vnZpnVtKqbDJ8c~gFUZ<_{4D<wQtKZ<V
z7u$N#j#XiIrFgL{d%vu^34<{A)E8<4sm}fa2Q9S1s?|i3tfbBz7Qd=#h|;J^;r}3(
z<Kj?1a><l9Ie0Dq@irVtI9w2sGI~{T*t+D%FyJEEmI`X<d`{P@*FIRO5wXO)WF%0h
zXTtgnq#IMi`5MCWGc+MR1>R5+EB{I;;f!<SXVWh(-fh6d%9yW7dMLxH>G#L)QE(2K
z8i^=HhMQ%{fmf(mjZ`_|2p5R9>W)lhhzWbemts18f_JPztbumE&+*#B6MO_Xe0$;v
zfxpOZ%@KW)eJ8oe2D#bdM8Y@-Fc79v_Jl{(*(yFOvA1%|Tq``)5PPt42BrH(4De?@
zGJ`p$^u^l^0FWwMz26h!x)O2524o#@n5PFkzVDE(!9bS0kC$>wb4F_TmjsFQejLrj
zY1!pp_$e&T{xE-6cH?{f;1%41R|c;YDKWU9nb{4+;)O&2&>o3bFPXQCMr?&<!lLR-
z@;)N!s82L5XvqGXDxGv7-L)L<Fyxll!YTIJy28cYZXBL2Hl5+;MAZ(Wtzny3UR;ZV
zR14eoTEHbE-qHci-jS$Z%=|f#h_M=*witUnsyJ!R?0o>agV??Nz<T)haFRC#d54KE
zU$!B~OY%@}GM-W8gA59B9Vt?IS!2S#Tc$UJR}|jLBU8>)r<ruI=^$J9<aM*z?ua+`
zs13YzZxe8P{(A=E3iSdjQ?5f5ksGodt5tEo$N$>iq`bDKz42?OC}ADV#0NkGXdCrI
z94fKhv$kuv)9b;FW#)rKSQN~Jts>Z9eMTZU!kg4-a^X4l`B|Iq6W*pPOp9zDVal>;
z@BICl6GI7Z$jbpHQ1Gh<>6DS64zIJ9tKa)Xs2bm#cxUF_9TN6RZmcqylldXP{jA5)
zVVbUR#-dC9vVdly9Q-qHM!02p{^1)Jv#C(&E(d1bf3!juiC4c#OJDBtl`U<)=v^*^
z77x~{pQQ$pytR}B=0Vo+x9lM9;=($ce;fCg=TH0@5cv*r^2|KM=GpU9Lcq4A9I5$)
z9YtM;%5<vMhM$ebzY(RJu6<M&JNeA5F=7^%B3S+wB!zpO|6Pu~n^}$>XBI3>zrXWq
z#2}S_!E`F{sdDXglC7-U?U^|5y|v0H)V4}146VEv(alg{o}wHn8{Hm6^>dXQ&=2|K
z;eNQuYr&w4VphbKAs+jF7W%R351d90V9;_L7?v1}H6;<39X%-fUIN5RyJy=<?)9qP
zq?IcGf)0QI-zzy1m`f^9sZ7FyM#x@6f339r8Dk~wk_vAqR6~)XM_jqu^uEIw{y2JU
zzasljs-%3&dvo>l4q>>vQp+LUeBE!WMN{N><@QIG_`Db~$9;v3agtc12H0e<&A{xm
zZSnw{RrR%(7b|!3ckY$3fkcpzIlS^$aIgPrugEAh?7H1T>U!d90sf$Qxq9%%(b}!-
z1DD|c%4TUUega@z>MC2#NJe#s$Q1@ArJ^;gB^|S_NRKPp-cX}CP<aZdw8<3z66~#Q
zt_HAq!x<-85wFgVD&x$$EIR=M5+p3Cs#84F6pE(oD_)M$0Vw%zU|p6(PXjcSWhNC^
zO6Clg3fG<Z@C!4zm$i!BeQ!**cxqq)_DT?9wkp_*w;=z{cH4#-I!n3JXE<qJKsBM~
z!!wrP4{$HTkK`svj-3>NBNUepG13+-aM6vwM>PX))t;T4(c<h4*0!&XEo$vPG!aT`
zs$Sc(tQL_Fu>qL)bW0pXTK6U-pf=JLoxMPz_wL?;!ML6;tnJ)S9V}6gwG?p#XaM&s
zWl5-iG5Cy02ifyvl(6zMO`JokAYy@(D2#@+<m$gj)$cRaN^hb>M~mzi(VsY#ix8jD
zcc-{V$6E-!=NRl5UAPi9z{rES9$Klc2hC)jc>d0VpVR=jK)gt=BFcA|^)V2HSg~T|
zJLb|iNJC^uVO#4HdjNRMtN8M$(w2CuP$<oK#J+>ru<((uJ||ss<FnT>hRNO%eh*9h
z4glwrxTnbGYaqm3NaxJ}mC|h6==u~YWDhzBBsdZj9cUEaepIF-S;rOCD%N`GVj1fD
z*#16mYjj4bJxAPVq(27GFDOpo^)ioI0Nrc@Jw@#uIKo%Q^D^!hB2!8kYMPLxU674*
z>DvU!xmO4UVO%PEBU+t{)T1p&r@<V!>{!_AeID#3D>*TAk3by#0l+Ewa@1bJ;U!Yt
z=7B6qhQZNhi!Unrq+i=7e`CwDK&binfmMQFpXdvT45|M;-xdFxeH68R)%-EhU7Tq_
zYd#Vy2kjI-8Ss4{TD^P~oj|54g&(ba%dYm|3j6Mr5y3~|akq0?L1?ta1QS)NUV^dE
z`Kt!?`RsLi=deoT;aKqcaHx^Tve3xTkIUKdj)pL&S?%)Hh24oOg8byTPnq~JXg6X+
zZ}FD}?vsBvY6&+R(gWQtkbXyfsX%qSNr-apE}>{d4wFIGgu?xD&7E7=vA|>vX%kTo
zq=MJ1Cc{pTM%fEC&fwR<*Az2DlfFNt5e+5ooEUlvD30>K*kj^lKmh-(a0zw0mJ{&9
zORq}TU0_NsS;G%dlO2wjGVPKBIn(HNmTwdIxxWUc?${&0>vzX+QG4-%STZYG_Jun9
zp%tDaK<wRCrP~sys3m+?aRPD4?QHuw1{3>4d2TaEneCHn;B#~pdH#<$e9leXpOLRI
ze53u}-wbmVm?B1HH9iCHDX2LhxJ-`UD>qan`mF)&1hA&y$_ClR*R&si$wJL1x!t;=
zO;_6;Wm}M*8uAT7{=)<U5rkGnX)S5dVOt@S8tC*0Q_h^J6C6x1U7DsVCbS9zsg;CW
znXvh6bgS_D2x6oo>eBFnO;8C!)P3U;@xqnun2W_4Q)orvu2EM<fp3sEjQ0|<T-=Qt
zk@i3`3bH{bDdh*tfZ(*GMEt7b=xTDB4!@pKlH&nshvqV^skg^JKdKnZDHvP4;WZZE
zPiKyA%0W>6^_8UsmZ~nnJQyp{sj6n&VF;S{$Ch4ui<DdHLsA|c8ssg%v@hJr4Vt(~
zyZ$ZkXEM}fGP-}p{EIXcjS0}6KE*-PeSR2Zwnv9#_Z6;L`R2T$BKH(X>36BRMni+_
z{o;(FLHY6d3rNTLQ6<<=GJ0w3sMJ`EOM4pC;DqixD+i~7u9!|W!p@T1jH}g0L$RE5
z0+%CI`7eSxOrm1N`=15INDjWSug;_q*Dc23{5Z|@LtVMdr)Dt*F|1{g?L&hIy$IsK
zW@{zFV5BwT>%F;>jXGcNb#C^rucaGt>RJ9cw+1kZ0aCAb&3uQltkUur2~llNF4muV
zXnkXia1GDviP&%cMy(E#Y_wEZF{81<d<tvEyPZU*5BK(!hh&K?mK3|#Bf27krx-;c
z%gGz}RPy%jgAdjq;o66ISiNo2AOEdTdk2>ll|e+#BljoD=dfClGCgQ)eWCOg_a5gu
zFqz~V;GRFy_BQvV`l1r@1)OOm7TRMIRHvtG=cv8(XX9DQDYAH9$?|mgFwV_M?BXNd
zO7hOd^z$}YfFJq)`XmpWNmPQxrD#?x2h2i#%8Qd{AQM;XmJ_Lppl#TrjEX&)wN6IM
zcaPfdUXpI)H0I^WACDefg~>98RBO#9Jeta;E${0w^3x?v$!6@v(>52K$47f4LG@=7
z6+hinQ+{j{sWm#a9e$o7e-gE~1Ub7qD89FE`A|e?P{&B+6Z5@9ZOH~6>-R0NKxG0E
zD<<P|%@$HixD~-LC4g2BpUCj%dBdLDXQ9#R3#hW+<$%pgflDg>OqLWbQ)kqs<)K13
z15K>xJIe$$?)p?njM7}fBhM=VV9tzpFAV>q8@~k!n$^TUayK(x_@IO|pLK~x!Cqms
zxQTkCJzVv3XkEeS39EXlI&1^_9Y8|WNW`xPVU3a9maM$LzLDcsC%<P+ESP4kUXiyY
z93LqY<X>K#$$L;89+R(LvQ#j$^bLHvTZ+G#p``-FUCS}pfu!fsKbbWk;&C?kJK9%T
z|GGSv#iOZ{10u!7IQDZ{{wJEF$Uqh^;|vXmOr|$r-tv^s$&<`PUT@Q)l0OvMQ6hsD
zAmA11pM(5q%QD3HNs_<;y)j~q2YcHl#15m$!s@n+Q<xR3lay6Ky2aFg$^TCO4m5d!
zH52wgOf7yLCS731aY>M?$W)eo4h<~qNlTVl?&XR+@`{sDu4Ib*CL<K>qe2w<mW?{o
zl@s{u<!^Y_s&Hc}<B-|v<AS|tV@tq*Kq0axfubN^1K`f){ya#Gq_*_}w6HEqowjAs
z=D{4Lw7Ue&lGpcz?207r)maOZ#umuUwWOGnvOi!aXtVi7ia{|t)QjAQ2u`n%-RyGZ
zelE!07vVoqO80lk6j=?;uvLV!u&hX>Sjc|a7C}BNON6iNMwAf*l+F20Ld`C~orZRn
z5;%2+@(b0Aqkd#sO(fMrm{}sXp&2(AEoz`IT?GouHeH$j)xCUl{>XA+0n>4&8ZY3}
zixEyzp_vF1Pf+G|9EZFf@;iz^mXRw9ZCVdfH`+XjQ0FW)jXV`MKC4MJfGNQ*-UQ&&
z6XPwof>g>AStdQ?Dy(X{mi<Jz&XjgtL1!IoBk|f4kRT2{oK+uf`V6s_R!qp_+@&K1
z2l1PQ3l$x!!fgPpuseLfkM|XShI)L(<2f#%$+Q!8wY3k^>Lp*K^v-2Qp2z4%ju-pR
zbw`MgFCCH}2YihK=StQ}_f3S>1&#*J!Q@~7jP)9`@t?a<=|YOklPUWTGj9*3uSM2^
ztC*N_W|T_NNJxkxYt{OKb@y4)FR#bCuJU6u?6asN0@viPBtIS{j-bJ{-D=)GTrQ7K
z1t@ylNKAJa2d134irNTArnX_f=>RStCc~S+8_?>6H7MA`U#NQ*0=q%Jdlg@?L^(*V
zxwQBnXTbf3jsNXp(lEfqx9jcHNe!<!MkP6<Ld37gzT>8wtP>u&G{~5h<jD4=jG}yA
zjfKf4+NssQ${=NkC`B>i@n#d+c)}ws;=N&#Ize{`xfOMy4XlVi3k0iHI#BTRtb~l=
z!+@pw4vz0<l4?Y=raoo^VQGsiMVG!&55LCdsbDWh!-3LEcT9jO>+FS=)nU~TYtV0a
z1P~mV*Y^Lyr(Y{!^6@Eh^_}7pivOF?@crLwd;`i><w_$zAg9nHVOjHK$d>nPuLCE?
zZMnAl*jcyQv2mzPZKMstu8=$lO3SLG<MH-I@Pi)NzZx^{pI^686^98yBirH>ehi&O
zgBZ|kJDIZHPDE_Y?~QUzcJ7qizIt5uQOUgN>!`M~#D=3tos6NLA}T_@kF6`bjF;D-
zcDA{RKuB1dmE6`Qi=j0_)~E<cblZfX=7x1{P#;$TopB$UndMomI$Z8xdT*qwPSpDI
zwuttKLH95}lO+PmaRg7zYQ-XBG4{*efSNkQQ?yr6f!vf6H1WO*uOQVuW@Ph>u$ikv
zE{P%JVgYHRFhD&b=n03t0@a-fZpvJ4I35IEGU;-ibm-1qVj4%dPlPKy1MSyQwMhi5
zzA6*!V}Ox)v>m9q(oBIRJHMG6q6}_Mu6iO!#Jm!E{KTwT`u^q+AmZD!)D3WG)9bRE
zyq?q~K-Pg?!I~l(n_SMJk27);y`CzcbJ<xH%b>;rAd?9IS?h4tPQ?2U%k6o&?l$-6
zRdFc<9vB#Ryg)Tu3L3+Fg|9|Rb+#l(5Rs4<$*AoNd!4PwX!MvG;P8a=TJ+A%Hvq`f
zJA~g3hF2v^-YrZ7QfiOLp0o1yKnBT_r?RIsJJPthDcCy5L2$E{Uw0O}NP7;10|3nF
z<}lt}!*<Xo4Eo&%LVs|j_UL-3@+Deh*QB?<s4<-W@4J)K;MX4lp8HCO>%Kv@a*(N2
zX@sRHkk$jIrR#(EAjr}S;Jxw}QzO6UifjNXnT{elCL)Tn>5J3&-S|+F-f5dJFUc<J
z!AkHoXvOC?zPYWNkr-&2iyi6jdThX6Nfen>YddW6R^)pi;=c;H8318+>fR>yhK$u~
zH@J_g6;HCFX87LKyVfxG(y|!xC(_&BJ64YnT_d0qmXMd9k)I}<v!pGjp|?{`23t__
zm;*YahaxYZqx8mEkEYoRSI=un@%7HFjdz&pGZ}_H_cv3P=A`y^!To1ljCdzTl5qcv
z>~;K@JA}yJC-;PuMNiXFfj@GG*y79DaSL?AeG4BaS^If{i^VM}WAOxM(VuxWv`b*R
zn?m3z!lIE6^U6c!cumpB?G3zpC$YFjO<!GLSk)*>0(weiPFoXg9Y)=Q?_g8jEkDkP
zw(Yi=d2;J^?Kg|lrUyDB_F+&OxSIRtB-p1gk6+!G&7y4eGo<m#J-@Vq6+LK>LM5HG
zRQ~2gMJ(>12Sw9JOMM^n;DaL5xseES?)8_gwq!~up$4ck`<_ZI7YQG*3%`(*aC7eJ
zz<zL?B2QYM{jWiNX)khn#0(`|MaZmI^i3m$s@t^YjhgSpPw$k9viV=kxafY^7IU?a
zL|~VWjkC|80lN6^;LM)3J^7JF6S5k{y{eQX+ZjNM-0IKM_-?iM8tt$aM$%f=e^a>n
zcQ1O!RHvWcTX#P!=Sx!st@kUfkuQm|`h2On{}bR^=PFl>N;UZVQS8;HLuR4={XA4@
z$SCPgP53k!y(XeLQy<fQmLgxJqfQ%`pq<BKmthnKE9<p3jsJU4Ei<#G=4Ae%04Z!_
zEui+d){+J`;BL7u*S>0Q2W2uVVddRrstf7kE#+Q@f=3gGCv5M#!$QD-aF(1J7Lt}7
z<K~3!IZIjpT1)oh^~gqvew8xnzlfpQ$`!Yu6UVV$F>WKi-$|YDCSgjB7c9b6OE{3q
z4_8BuVP^bvF--Sx2ifTRPKRMK3+=e8&0vU(eFp7dCIR|gP37^}D(YDmONPnYB*~5@
zTReA1L)LA~{4zJZttz5%zO|^9Y+{uad`k+~WDEZrw`E^D=t1)86-8U|PB>5$219&v
z2XmJgR-E1Vch<B#V#YqUz?K2Fi*{t(f{ODwmAAXbECyY!A6e;VU+r%%9iVOH;y`DJ
zGti3w-3LcQ_nmbKCzJZgD3G_e>goZ&+h=$NxpU=3fYCDAQ*RS+vQ%7|?`HQC9^`r*
zZ&$fQI-<zmD&Icp7#6VJWgk)5I+nMtUQtipNPh9N^8k7s7d>JBKM>ae5Gnu#-7CrZ
ztW}}nf=8F#u<)?tTc1tS@k$Q!(#bc`1CbAHZFDa&>~%jOgTMomOL@?2Kb{}l!@1=y
z;YJC(OWhf@wJKeZZYFA-Pv`G6#atF%(GqH0g3$a5GDIWRTEfb`_*eQ|JK^_a$<2Nc
zGMW}rmMk$MTQL&|INJ@wWU!sMsz6GKsY##>#tQ@DUP7R57g3}N8CRUf%uj*_aLCex
zLeIZw<eJf;<|CDds*)JF^<#i=N}KM?IT7SSKsuMiCrcIix)}JOm40gm&<dA+4Qxjh
zl;B_=?&-o5xoA9DymhOIKZ6#JYOzeChR6)-W9f$7L4flG;+te!8bn3N_Gh@9w%MwN
zjK;{rgIYHVU;~IS8d#G118QiwpB3GN`S}{M(!7wIaX4j*XdIDz8s49Fnx^h|namD*
zR(!-PLVOzjH|_f0`y3m@=r1O|sH=K_4sg_r0@`7qDC0Jq+bs}=*5yWK3t=ej6Re>X
z5Q)7?oQf1Wf9d=qtVEV#rkB!<pX$dbt0ti8ec`sm`HU~xJLGA6+9BHa-q3LSAbziO
zGlnH@b`Mw{5i&h)<P(0Mj8J9d_MX9xPY!bp|HZtD1%4oE3XeJvrbKB|ty694?pAK@
zoY^&GVZB*ss{F-+y&ehoxPTW+8hvT-a73E*KO-_2x*_U?%0VFi>U;QxP5fV}T3dDl
zPT^LIJFT#%F<G{ki{)=ezZ&o2+Nvg^yx~8)0}MckP@?V~?DRr1$gy@0h|IUGyaUe)
zzRp`$+1_E32@%%2h9#h*5mlqqoK{Tb`~}tZU|t0|Y7TZyFtVQLIR!aa9Z5Oa=0UcH
z-VoF%MYsfcIm~8U{t@C>TprtdNcagI&)ZB^&iz8eJi~?2PExiHA$ym#Tw?4E06z}x
z2Cx#wP&B5=l~v&|Q48)ffCV{PTSBk=>bBlTIT~Bilh%_`lXNwt$*WDeqnj>GNsw{&
z8N(%XigpYXd;xf~(u%naE!1^F;({Lm6OGZ~k^IK7-4GX^aw#Q`op1f#0FCRh4Y;Y3
zAX*hVOPYjlW)0lFJ(HU#+gYyN?lmq|m0lg)W512&Slzwx@}lRt?Yn`0s{F3k!<Z(O
zY^+f<By!VgyH;37JxgZ?RFmw|9&2v#V(HP1Vf)sx$y7cJV!mZYf?JD}^Sm}=e8(TH
zd@YX+eEZ?^+*%vKu3^lxzQTPxWo#n4m2EsOJ}KMI*gT%PRLB}gfqj(9Q<pc2_RLMZ
zIUgsT@!7v%qCKjDq+PYJzo{UzmMG8i>vjkiIeW<@p5jDf_RmKaYlU}VA2F3L&F8d`
z9=v$M1ZB6mj-^o~%4zI*_WRatVEq@EJJqv-^DBGaMtr5{qGNOdUAlAGhp56!lJ*KG
z$$7l|mvGw@`k+Av5P86^&%OavdKsyt)!aVA$N*{sEmHRV_PP1s`w0hr6VXP`f<?Hd
z<H-hwwwED+#Pa-ctul>KKCaJ^Qt;L~ctrLv<(u0*6tdpa;0(#oiAPh0y$@a+{1H%>
ziVG=+K<Vj$kr?MU_^n=xX=t{}qQqe?tMu%|8zS3e+MwJ;19`f8tt6Tp4^l_glD-Z*
zl+xstgC)$EtnBT=E~=VaDC}t1K}p$39BfW1WVyVM9!hTl_m#|@p<N}%Mlo!5W|NBX
z1nrFW69KYS=YN46@nD;{FlTj8AIeX1=p{}2^5U)Xks{Zb*7rS~mL!xCwA<~$?ggY`
zBr3j%Qn}w55WC1$Q;Hs!WBBqd7><+a+>Wr_Oa7%z!ce-la}p{7yi}=5_jPfM`h7W4
zGjfx&Za~ES&l=f**1Ew~g(;eqh!eWpLsy%@yJIL8x|0Wk{z_zk4Kt@u_YTRXMK0Ph
z%_^KQh=hb^pi0Z==Cl06-b`9uw9OJ&+a82#7Bnme_tRuYxTW&82+}9<6|ZJoSNI+5
zYK{CzOQ28UvdKP-b|k?OXV&h&oFt$$Omm~RuB0C#ovZ0*-}^N(Fd|uv4oEPuB;kd2
z)7tW^JX9kh4U(KH>z96rqjy6#VeLGAuNVUL2gFIBg;!+na1&T<LQNnAS6zfgsHkKL
z^Elfr4Y{DDM_iu@!n2P`z6*o0XvfCGfpgPHEHGaHT;!5Lt(f%HjiL^5?|!4vX?c-L
z$$MIyPnZH)R`@sH5^{m~q^j0!c=;43RO6Oh+ZZ$#ZfK(%PCOh;cjD-3H0dz+lu7^W
zyydZXaW?$*;TU=F1>OwmQstUuL9|+_DMY)FP$cwxb(CIzByra=Aoz!G#~nXJ<b*pu
zMsfDfnVxR%XI?XaGz7YwJ3FR=IT$?q3-Km+egv}QwEQ+KqYG!n*i0D40w+qA{SMgx
zljLrch_<&&lsM6=Od)qiP2Zl#Mf&vIPXpa*eY9Wj?N37B?H<)gF!?^GOEFg^ss*7S
zw`J7anm~XSx17_l*(qYzz6kB5=WoLB0f5)5&|&<9?ZEfaT^!GnJ2t!bn?~=6gg?P?
zu=fdtn8jzPdY^xh<0TWOgCW;Np7_`c1pUbalP{XCCIjAan@_7@9$SxJK|4)vHi-Dc
z`bzz;fIUKQqkfSp_IB_+@;vOT@7_ZrlomS<83u!v^QJ?6OLT2Mys>6(h)9QZu|e-?
z8aRII!jjr-)p(tR2t=EbPqfQCxn7?3R|M+8(_b|MeI<!uti3BQPRl!`>XV%imcDdx
zTp6=pMluripOB(^RTvAHc0qr1!;twgL`fRz<YY^nmL=pI>>+$?UVnH&19>@jX|5n^
z7s)|xD5+JD7zEMQCPwWB-;~7(Bx!<JVm@bQM14S8RH)|<t<exTal1s70j@o;s`20J
zrT*QLYWH0T3YjplPEzR3Q6J4M6f(e-pAna*Gnc-%(7fZ7KTAX5S_+FbmYrXz4>)!1
zJpqxFk!Dg_`1&Rqu=<XaTqKXZxu^Z_Y{MlvzV!Majt?9yIzD8WWECY^sOeb?dXj%?
zykcYzHVZg6rzV6EMrJ`Fd-2Dwiwd=es~fdb5x(Oviy1I{knNI$pMgGFW^aY2Q16ew
zSC9$)g(IsZ!(dzL*qaxLvRg0zYCyZTCcj9;o%BI@ZQ_>fFmxS+;NW?*>7D9Pr&SJs
zsQiloPXYZ(4$?W->WfD!I;6H&=zNH3;UICMijx+%L+j_tUanfJ3h7Q37F%P&++7J5
zZliI(Jm(+#SZ&u3a_m3D`A_0AwnnY>((Cj_U$1;djsl&Jnyb=sKRq8@k#2o21`Sc-
zYQAxjOSA}dgQ5IQ4V}jiTw1hSuAOx_aEW%Xo3_LHy4s5Nel+)((Fra0^StdZGgb>!
zq$7@>5YvfxHzj%5cFCu#m%L1oG!uYGj-aDJa}|3=r7z|K%j2NRjb}*t?_U=R$5l8l
z^-5u?gvO=zhUI2_DA5;wbAF@sLRwf%Y=B{M<ih)h<;?D$A54eRkWCTI#xs!23}&nt
zohlgEt}yXX^AJ@W^D^mLD)y-1XoWq%`oHnzgW&4f(B;u?#i=fY)#vPyMp^5hwum;5
zyVJ?Ne?DbroQs+xO1-8&6BlPoG`Wb=m=+Js?%lAv?Md0)ZEF1AIim#besHwyd^ht<
z|KSAG5BXpNEu_wHbUi8iz>?%ZQ>{yVBPB^r0*<`!dW`-#D~$5^fjtYb%M;a$twz##
zNVU|ud?!>HWKW9!gMw-=c>D_(bU{W<jP=;a#GhMD16-aF3_T`Zio8&dZw$F1T_p=!
z<|^jE!Vy+x-F^$q7p>z~?44p;jr#`QHtno~KyNy?bRYF8Wp#l)w@u|G0_npqOA=1}
z+PS=buA(GI;4<M50x!Jcz^f|7eiEa<*Eb^GqAB$er~)++>#C2r0i&#5n;gFqb<d!_
z7On{~sV_WxPAqPJk)4VE@M5cQW_$wgcpR=%B*9AMj7t{I%d(usH_e@|OD6(%yX9Xa
zj&-J`aJr|f6EY0%N~Tke^ZZJ-V7w2lvWPsdnQ;4)i}pQ|kdPgJ{~S0VAKD-b-_bpJ
z!YKH1Yj;jmlQYxWhXR<@(qe;;UmMWPzO+ag`_@)f<Nn~JRObun8#$hzLB8fm3n_TM
z^iEg2<^a#inExUh=kyaSTi+hN0xxale{O19N6siRLaPz<(62TKas6Mktpgnh{VS8c
z{dU;!SmB2mUviD^U+JnZT~^${zG$U;9PwHm3g^tyQ?^YLr}EA<Igki9iex6gpU;Gw
zy}SRq=ChLIn<kO81s&+rBt+i9j)R8Qj`m*W>7BlmpPArjf52$gW@I$eTh0frA|($x
zjN^nDwC|EFl)By3aqemtf~PSS?zvfne*+BD-??o@|GXM@p8wR#qMOuw-=?2E`ldhy
zhPjGk&)5W|4__{s*{J4XvnJ403vCK-$#rBd4c})Vdoz9pUIcON_ZvD|v0n+oNQ+4W
zEvPfBpCbOJX!!Oh9;#EmX#2s!DA@0Wz>uGqU2MguerE&5NNt)b!;G<ePF08Z#lSLN
zpU9(p%IrVo@o+EYJMRM%7-+R85f<6n1+Fbzi*9Wv_S<OjikdRdBe?pvF(q%seDWa;
zIHWBU%(HdBZ5F$qm&;U%jGAx8<0EaB#U^trhZwGANrYnT9=`4(^x#6?@~uMgm+Z0Q
zYORq^Dv>86&R@JK+Z!>X&?L7`#5;3_SGHEd-aM+HjnNl3_uxdb&bN_2n7W$zzY%Ul
z#J}Mwm4Bm5efwGkE9ds09Yz$auU}a83?(qBtthHnOOg#`?tc;-zg`C})Z93J*UOB8
z!}9kp5y^MKrdzG<E;my`iGv%3uWfM+w3^!&8=reKPn6PPH^CGZMOT5PMA1^YFZ%|&
zFmdwYitV`gE90o0xIei|X7Q>Ly9V=f+XNHdHexEf5Rd8#v;hx|ZV+CG*F0Nm^fbP6
z0~MY4^0c^8P2P68_Vgvr$hIE#FsV^1Nk`7gv8RP!AK0~kIyYTVFOW4yJEel$06kOl
zhAK+apO8&VpEg)1J}6AR$ku)XHTnlN^IUbz&`*=x$;CBQtdE1s%7Ozk8-Jx&<x`N3
zW_GnYsgbkjK0%%_s6}=Q?H2r{9kWl&fjmLPqMYkqDw^h|LB<TX**GvOya%gY=c!9I
zHoJw2EhWXIU$6uT=UsK+HTgcqKIQxHE;i7SoSO)1KRpykT~^c5Ic;@Ij-cH4k3QEP
z+W9KGGKub=wGk5GwtqZ~bCgajFh*>Lx+K<H|2)lDGKJc|nVu=}nAISJ(Y>jAmO{P^
z1+;ZsS~Sws5J`N|A?3`=%hrwC$X35I#p(Z!9y7vaL_2HS$KE_=_3Ys}>u$mn=4fjE
z7~q<q&MQ&|=m64+ja-;5DfdOh=}k(K^0zZ3Q$NS4?5+OZiNdMC_teJ(@DoB=(o4Pp
zCw}z$jPT0vDQ4Q-_pM%+?@Pb1OQL%=EqFLgn`*O3G5M$i%QrR1_LXO47wtutmhpW9
zyQtyk#4|F6eh`T3KjuaQL1SXn;zLoM3gOlV#DT0!CCB|QmaObYC`ww*?r*~TZvXp*
zZB$_=`&EBc;7;p(zX8X6Q<SCC(9$vVi>%z)F8PW^t8o7<-^1H4*EPjoD$yBl0JM~5
zu%b!F0jo&oyh~P1l~-mnnDrWH^%!QjF_AYO+ZWcw-Wl~Dh*znO;rvRK^+Z3(?gD4)
zPI^xMRm9#RE*_QUP!7Q{>%{2z`*5vd;h^qy{=Ssi>Q=FbHy-qv7>SVHHF^p8oBun|
zq&ZIV{q?<z>GirJx!S+l$Pb^Q|9XR9)`pXIG!4NXE-vs4oSBw~ZNP}mNi39!3f8>p
zzxlo#u#wFR3F-;sZsOpY-!+QELi=Upsa(}v2#h1DOWIbgeGH$Hj{N7!vC}?A%=;tA
zd=V@S*u$$#4fB1eaIyOC`v#`{dTj=DTQn)p)&B3K$rRzd!;COTcjE8a(x#2V&8hsN
zv=bctxsh+`(=6BhcvWE<9j8By9%E*=Z(m$)MZo=MFa#43OG}e&X%rUTLTuMeEVKl_
zdD$u|tP<qgRMu)(5B6EZE}Fw7-#>0&G*AfC#3Bt`xFacF-C85&U5fFy1}*l%xyN1J
zTF3YBcQQ}9)E}&NJ43>L*a-cE)$4>jlV#J#-x{A@5uRHz8kGMvrhZTJyoZp=tUA~#
z$um!dMxF!VZXcOWGfN9QFuf;!{MtOxvZvIZ!nXLGLxa736pASIbZh#8xKFUJa~TM0
zj$F73+^uurV|6PS#4v0wBpx?*i>dx9+=n!p@dPbDKY$SJxosWMa&$@AGv3JMB>M8a
zynAIp;hLMvsJusI^ZD~0saNiNdGmYk0X4@>=RD4zzO&JXu~zMs<N2};2Rqh2EqAOe
z?z!w}eq>BALqs&P!xxvMC4sH~Mwj24KtrahL~^wt%8uxgDdr^gl{WU}W9gTkiY|)R
zNRxDIouKQcK+Bh5Fj)Jlwt`n%udaN8vn>BEhg6_yM#EcW1<f|@39zFjyDn!5M0Mev
z;r(lMqHhK*n~1egIdpw{YD|3g8y!dQm0nA-k7aj<B=uitf>%0#FY9bX_n8GJtgt;5
zV84FC76W@J8&3na^MVf1)bn_?R_N;w503p-0HO0B&@J-OuYW}ES3GwjNZ%aczNsUm
z1<xZe>$hmLKlxw2#iLK;NC%<UFi_q@^#y|+s;!xk6O?rS&!D3)q$UahqXwX_;3G(k
zi1>ghRwLeFJKJ4HH^*l6V3LI4HlOdRD6BnRc|aq~$Z_{xY(K-`?>d;ht)$LuqLNAu
zeFLO9JAKKxfQ2g2M(kIi>sO({y3OK##R=(u$sDcpc0{H!;h`=%!{YB-1HYaPn1Zqy
zpH*LLR?|A(UHL}qJ~lVx1>^_f&{XB?$(lLLDT%3_bfd*Q&X~iw(2*_G^S*#)KNk$~
z9Ng%{%pS!D>@WrFVa9N7krO8hqd{B=f8+BM<1D34@Z+5Bk#J7IlTUq}Qd|38g%|eT
z_k95?YXb8to1>#M+l~0iSF?EwlDBz-oBw;&)_jQGJv3$Tj#T;mLOVuy*f%x&ow)c0
zIqt%ouL_u6gkN^#33tr8Bx#(F-iU!`EzFaKGn&SRrkLdlM4_WVkGjDNu%kL1|AY|T
z`QWAj;h8@DhU~MgN#}9=OyClAKSvs`hnRM`_RvUp^w-75Wg_(T5W#}WQrSvxaX?CT
zX0f25lYc_6&qB$HMR=G(8onU$LB4D_de466WaV|)5Ou9ET0hzsJsEyfFZ>^N)LOos
zqkHG-&}h<r#{spdZ41-NHfwbxH<6CLl-ipwRJ-p!hQH;zkGztu>l42aCb$<mKyJWX
zUR>ia9Z53@Bumu@j$wE2^iJ96Cei#A58Bhv^A&kS0%bv7G`72Tn~V6+ozR$pb{JmL
z*8!s?I3Fe6w5a>EJUj5S>{Lw!akkd2h<yXnNq9N#O`XQHLZV0Lpmn^&qkfJ2PM#G@
zKCUEZln<E8FeOLPYootE#}L0auaEQzIK-J=pf5KJV~0vi7d}$Fm$GWH?`I4J$efu#
z(f4^bvfVSraV?s-*X=`;{Sbtuaeh!I>ZYSk!tBDHg>D0r`}RiydyAo~ydvk%M@7{h
z%94KN=<F4Pu#+_S4q7Jsri%4zN!Dz-y>@~xI%w+nU3;EH_C#h#--g)~u)<?$r)5~&
zq)DEsWe<8i=&zplc&>;=eN`V-0-F_lsTxEeUc;LB@I^he&HHN-ABp6r`l_nDcOvBl
z!adtgCscpHXW;#bFXgL9P03Prx}0K@ZkL_byQ>>xB%be$tKxo~ugRXgNI$MVO60+Q
z2N8QiiHb2^Gv_5XH)X$O3*Xi?R#qWbu6h>01};9ZQl$0&&<fK_<n9<?|5u?E+=Z^B
zAZ^XLJ@6&3YmQyd5<B<hkICMv-R_F7Zn_3L4A!^W@p$07`0<uTIp_zwtU*v5)egEY
z5Bju-qMjPk_@f@iDh_R+R0oS@7RhNVrxft(h_C`Qb^fLvt9A4;;_He#aYRv`U&?^)
z5^!_`LQ`olCJT?uRpxRpGi!DrF@1`nk_;P+I}jBELtJH|pRL667*Q}cS<`sU-+o6{
zd`3?=@<#p@h~URpPDfy%K!w&UCR{7IAySF-dnah+mhzw2gI`5U;zLS$vm!Xf94B=C
z8h&%hWY@xR4yW@K<j-Vuw{o=jyP!*O+c*ew>HA%jz>1U5^b-*VKJ0?%ti@)Tdk<?w
z@f&I>rrS`U6-1ftNImxZVO3;1>>LeCxc`7Zer*|DM6-SLPl5OY%zOWdkS=u75be{r
zZCRoZ2qFfsyUu&1^*e|g4c=e<R3>pBRv@oO-g3t*FFy|E?pn?o!Mg^pL7~ske5EF|
zA<K~Fz?S%|80Bc)-$$9@C8`%?_h@=l$_3+#VZz9hG@pW)L0WOU>kS-g<m4RW>g&Mj
zjn=y*KVUr1u#{${`uI_~vAE}U>VR;5E&G!qc!Tx+wEviT^hRX|dBm@W^038a<$BPK
zd$ig*{+9jlnqu@5{3qLgfr;k!ZH<+Yqt^7}p?cvD!d0UUF>LtNs~>0s%}RGMlj2F4
zP3!40WncU_t(>x-E<Zjvqg!2u9{vx_2&nF4E!3o=d6#u6b)fAf(jy7)rskJ5V9W-q
z<^h+V@hiEaM3@tdqO%qN0f|4Oiuf_{HW_g37Ws_vYboq1>fTCIM%~?%M9{+O<4?D{
zELu9klh^4q)lkmLZRHKI>g(hPer_PB5k2<CrZU8jqs>Iy%c_THvvs=5J;IGLBRcU9
zm-Q$I6sUlm(YJg@<BkXM+6*SV{%8rFv~Ka+%I6>7P6O994$np{nB9-rMutcOALQ$&
z)VVkpF8?HS<ZKf-dVYq9)5wm-udD}mPE|(5$QRFXVc1cL%ShThtYGe47(UXJb*77Q
zD{^w_+|qZf*t7-KX8#F<b-=2`;-c(JZTRdW+KE~I;HioGe{8QQFG}5c1m9JS2;Sl7
z?nfLf1}op$i3B2k|C7N(?25D&&@AtPjWf1dO4h&P{@|mY*k66EmvS6-dkgx(RpCCL
zWLnEf=F^`VJ7NOYFZxWjQ~OE<$$zyfEmtUa|H=7w=B%<>kToNZ_o_BTDm=l}%hH2<
z5sdws<aoU`R5h;cyKOCyzH?QU(U*F(>YLaDa!GH*L}v9ca?_t!C&01ONTh{F*~G|H
zL_3_|#LOoidg|KFX&<dYqcy|HkZ;d(`2+1>^0TLZY|=uizi!}JJP+E<A&ZK~y{#RV
z{PLclza^$~+#h{|FTWY8cM$Ar^_1&T?r{ymM~S&E26A@9g1C)*SF=(cvQKcE^(;^}
zr%q3U-b4H)GV!PPbe~!6<SN})!6DE|v&lxT*A0Bay`=Z+?rODP4qt~0JuJECEb8K&
zEG-~YuU2A<4{_+@eFr{`VC!<L<N-3_XYpL&#*L4djtC_fgE+9X7SoB&0jmbhe7L_`
z@&TSkjz))1{5Qoi4g&q*p0>{~1#`dbq~LJR;YZoi8E}_Lk8h5FM<(lt5(RWps`apR
zAhAvtehx#-i}^o_t~{RU|Br{H)4nCC9Q&4}a#bohSE*ErN+{PVAt_684BPlhL|N{N
zS#+pexpK@llKYq=Bz8DAHrwp5d;9J8*XNHt9-qe^@5lS|`Mh7xlfegMesJ4W(k^=h
zEgBvf0zgMKo@`o&vP0Q*pI+ROl{Y&wWC^{8@2iyDUKc}oHS-z&zRiJx(;W81+{xZ;
znK822rZci^<o<s0sJG}JZaq>JsaFaA=H+wvz{yRbPlci42VB#cp5U4AS;9`X%=s4~
zFvz>VV*vh@b!eS*C%bDd6nG}nnxeCHidmKW#&K%ggRHG?_f!+Ucp@x1V8?DNC+arK
zbMU{D4kYV8l`EW6!*>Nb{YJ>J^K`EEX$h5s(XIpb#`@$t6YVm1FWaxIEZj2a8#T^Z
zxQ5un3VM?F?|<R0v<lX%7IUc~c1TTll~Sa24_GeW*=DncU<3{fVx4>JR~Hbq{}$yK
zI0h4Q3grD<#0Y8_t7>-gr6kC%;Y3}YD%~jJxNx_0a1G)~Qn_PXP(*1jw>!!x1Ir8&
zTrK=Ojl=U27wi86{inFFIxzF~18AGZXclPo)dXGr7dY*#RjG-Ynt{h~f5@j>Us$Q%
zm;<_|)q`{G<s*DmX5%MuMuzC;8R>FQHDe4he`_sFmARF-#-JB=6N4lpGI%5|j42zb
zqa^=o5PBy_GGA1Z2He${i_BGifaHa&L<?5Ns_J)D$U;}&OZ|!P{4Z!W=0OwezCQdp
zs5|5>%ud~|7<aO9=VS6+8XjyMB5m9e{p-$(!iIv}p*4OO&`Ep!a04gy;g=f1OiP=<
z89ZT!c5v>ZKHNbpQ#{~o<1L-E0>o{I{zC5W#bUO@sxQmS7hhTAzVk5&t!{FMu<b!j
zLfyQd%5kl#AK~(SGd%iVSuppX=H3>?_XI~Ox)u5DTR378f`8fYHCrgPVc+UqRC_zU
zFpV^KQbgCf_F9(QO3;UXibIWBJgB@N2T6*Z5`ejWS(gnQY0fQ<<Es%g1@jW)=kApf
zl)pNqmHsg=a0O%N`NWT%v+`)ky~jVAyND?ReQZ6nxGaq&vX;N6N?Xj8eIhJ?GE{pT
zU9Y?{&`P*xe5(0Y(*+UwPP?b|Q@LGc95HmLpA*sO=~!>^tNujL=id)#KRo5%+WD3q
zv&Q($^F3YX4aedYiTN6E+&ZYp3I6v0TcKj`(|$eI@k#lpyi{jMUe4t9l3os5R(@10
z!=CLAS<$NKArM|DzC+EZ+TX(U`dJPd2JO<dbc-1ICeF=1R905Beq8mXxVtdP=-6pO
z&9|TlY*7-$X)x%%6cMB!`8|X7kkyaH7=Wxx4?tKuf2=i#bL3Uw<_%gt{Ady*K1~~6
zZDvtp!R5(_pFXk5YG~;)KNK-;g@1r9Tw7fd`<}a=ZTKKX;rSoFf9&g$4mLjM@4s@g
zXZJieQkPw7b<t0{era~gpQMLOSoiB!Gs#;-?SM$uhu-r8pRkiUunp03M@033tm}`?
z01Jnsmet_3l}ipqAB>71@j+8OGPZf{^fDU5weNZK(?vfItpDl*m-tzsk0eh#Q=G@Y
zhItnEvzIkjMmJN8to-x5QwJjP)t!Meo!>H@LLOehCONR<V?vl_e`I@c4R|vH(QawV
z0UZQqN80R1Aj5B|&5V)URI?JER?fZ?*A6=Yx+C_O`RZH&`o3Pu?yVlr)oJ>nEf<|4
zheXs)O@7z8xIM$HR@!%BE}(giZo+1*0qiao%G}r>$rW<`Q{<$8&xiai5qM6dZE49<
z0Z?%{^DCOt4k+xaEW1uVe1NxsZ(Cz1`Y@*;6qsGP4`l>i^HMz4hfI+@fQ!nw0XWFE
z^5V5Y=m*+@I!-(KzAN8pLhrklv;vU}ALlIX`r+uhfSizZvVMH9D#XAxnIuSJnpW*6
zH93G?_e!>L0XAy@W`;6_t`N@<LO=)qJ2Q4z=QnRyQ`&aTv4CY(<3^o#Jp`?{xs6B7
zS>>iwzJ!!8_c<6LLZCmbY=<ll{&u<t{aYEif{i5#qc%Jy>ko<E@K;m;Fw-8E;kE05
zR^mem-Yjpdx4_1p+$di<!8ROgg1-C}o2f9_#KP5uL&#PWiKr`IWj8_66#H&P5K7Qx
zu!^_}XE;T&9$JXM6%35eOzeoAAOues_FD4Rl4H-}L*#wU*e?Fr#fxe5JjOYK-SXTZ
zcPsrY?{%S-#P&82T7D_iA$-;WF3_6S8Y?DeE-N#A=%FOp40ow!3ilN*X$O(iDu{0z
zfq3(`x-8aOgNX50PE3}ueCZ(WP%FULE*@leF)jq!^+aQkFb7&D%@nI~AXyF()PFQ>
zQov{J$7eFaG*(RZ(_{O|>DFDM4w{cCD|_*um2)k2xy{Kf1T)1i-tZbq;qGd1$$M_P
zqc8zeJD|^YO$16yOY3V4o;w`;WZZ9YC~T*U{dSJIU-zAg-4u28TBqJ~0R9OJ5g<iH
zXkJkKX+$V615q($lR+3-RBw1>Bu=oEJ-D?3T_6EaUQEefdmwHjdr~x4gwxO#EVR}&
zYh0^r7BTXt$aVO>5LC)YTDjPEpK*};U!OT|4d}r~U4eeO$CQ3nPW~l^aX-4iA9Cwd
zO^tiJ1lVm+eUerWT5*MsS)aI#@<N<W7Mx4ArywOt=~`u|KKmzlhI+ZiN7MsdYmHs*
z3GO$HW1a2p-A!@ZjDKzm7W8bDx{625Al!EmdygL0Ndo?Py4{94EH5W49cOp77rUwp
z<64gJM$t^zYDeb^uz_%2Ry=~#0_zN4anDCQQI4Vw=QZsF8>GvEDJV?e^*iD6e{rpH
zLLyLho)>&ipy{%A9K8{q31hA^upU>A@cfJW?c2q?J>KYL*A`e(fQ~7yVZGh{JiCNv
zhwmrhZ&9n}x|V!u6bmF7kcpM(QzUOJA5se`$085qaM)HiLH)suCn=nk4s=ATV22JB
zpiWY4z<;(4sv8Lw+NJScV!i8u4N*x4YStwG+qr8QbhO3QJYt>olBokDbq_f1IoIAS
z#!JzM44O{fo9UK6k}1%O8^9WHF^3BML0`4Wz5!Q*_dO=FIGv`h-aI=xdYI+qSL(7^
z7|zFRN<hABWj@TDuNEa#`hTxc5tN)Ur;u~Cllsw>5h`&DUv3ib&8c&??Sh3NDrZ|Z
z`qefyk2MC-eSY~du3`T@lIlNs4p;h$j-1ClLx*4BgouAk8u6y}V34(RvXxM4V(V-h
zJZ}ghIhUL~Mt*WG?EauC3L_G2sXRqM4FiIY>@==yL8HIor0MgJN)D#iNax%`T&p`9
zo#L>dL0Su9ypZ0>2fXI)jxjBoImoqIrz*fbUbGhMmb@&9=%_{u$A|pY=3k7~ICRi?
zbw9%RTpGR0|9JbRx>mHZ(d#hDKJS=Sm)5`&No5ncg#{~yjop=HSam^OW`k~v+Rjmu
z9YzFyZKJ4=e|22vlD&0r=jIPWYZ!GC9|o+3KvW`YceERxE+Ju!ZFQoLMO@|r#>v^T
zCGRd2f<Lz(J|3`Aw21Ak|Bf`OMe9?jxL1XWA?3Cpl0}=NkA?3qkNwDev}}C0R#I`d
zcXBB_C1!!7@itajapG$d`#?nMEt{Q%SBR!vL$!1)GJS3Wqo-}>Hn1=PW*h5^g)GKH
z;Lz1%Tc%}#y$7A8VCF<MO|XzF%%92EdhX9Bh32;+cN<Cq;xg%l($&i=Jgi53d6X;l
z=#saUiv=)EkDv1qcn)EX43HtG9I*VBHr-x=l|)#eoXZ=+e|r=25IGIyHkgOzce^#p
z+=lw8_0V{E!M_gmCu4rAtxk|oCb97mXMm}SW&8iK0o|L_`?R`v|JW$@+ujxYqN@SG
zA7yV0bVdI_FII-Ts>wqs4ot&02wm3J7|wT2ebHQHlbx8n(q8QJ%hq^Gq&p5=)EhCo
zDh&{nRNDoju4g{YNB-R!-F18gNyG?1=UHZBVh;;%b-SY!T=-w(VKx2g2AT3b^4(%Q
z2Urt@+HHT1H6(f{N?2`iTy2tdqrywvea5c9Q$+rb=(|8g<nlslN!R#gnes$5+Y|KX
zxH50Q#o4aYkM&fthH4iC;{Wc9)<y((htm+Al3HOHNI3oJS2C;&v02(x`!~pnorb4O
zwVmtsZgEl*7~kk%Eywv%uC2fZ9Jsh=g?MhLCfR-N(^BJB*zaV2nO#H+VDigJu^v0J
z<-_Oop>dN6BdMEbT*&GQyLV2(C7rGCtd6=i?~57aYOl-!GM(~us)X8{n-f@z$8_!0
z(i5C6xL<SefVT@ZRuvH_4jEX<*=y08r3W*UZ`SMr*+E}nCl7#rY)!aZZPnEteCway
z#L<|<Lg3e!<n|mh@^|#Q;{17#l`6n*Uq1v^I3X|696l$#y>cM~@jYtt42rxg1U$_z
zZ5UnJPEF_xeN2s9(7aR>=X^d2{;(Y}9R^pIwd@Da#!E_qsYYy!i=uu25&kg<^R#!j
zYj~(*Zm=RZIate;9xXA!XKM=i3bx_{^_&P2iL;yyA)!F;3GB0R<-oT+%Z5GKr|7W@
z7yT#oi02hQ6*c*%CwwpyK<S00ttY75)2hpz3M4H!qW;UXpMdg`hDGf-_X8QLi~i^Z
zSMjzgbX!mIA6S!C%ZK7$=-fQ>jGK76_ZKZI8G6r)0h2?8`QZNCv%=HK=LpM;An3Mo
z;L)?x&^Y)iK0-dK@D=xl%GKi@U7yxK6bt_j$gW=>GCR>izVPlcPvD``Zr4Ir6C^ns
zlmos)kCp=q9pM@CmWG+Zib7p6@fWSFwObufI6v^}ZO$2b^61m~yWow}owy;vU)Uej
zgM7@^q$zQ%2}Pb!;q!706WdnsNRzXUO_QhUK^+c!xpHXPSo(>PJu2D%@vbcX<jT!M
zD;E#L7Ef5r=&@U%VHVd{d_y8|dj`XAJXoE$^yGnDl>WPm7*TF#AT0=9i@Z?WT+dfz
zUsfZp<`HXS&yS8=sL&;Q%14Bc%gV!j=$6W0zFWJMNno!yxvR|ctGAaeX)i69tPV!d
z?eB1_Z<x99IbIj<rEt2hJZU;`Z5#EicISk(=H=3ey{Zckq#CmoQqOvqyF=C?wV_AZ
zy!D_vK?4L)cY)p?M+EDRR1UMLA7?S!4lobnX%}p|gZtbC`sjx&HnutWZp`~rf|sdL
zG`DKjA%W(T8)-Pxxni;{+wl!Ed_tBDBx%EM#M_agbs7!vK@oFL7N@CpsUzh$YZL6)
z3Ypz0dlU}%kqDf;A|9Oi`gGSbVE%8cmF(g=Ubl*s>&cA`EVt3ta`J5pHqB%>Yw;?N
z^s-A*{};J9%2#e7F7Q9lHq?iBjewu&+pnWm)>B&7A(BPGgWL^l8fzYW%i;UOKw;x+
zVUgiegRHl*&D%lEFvQ`SRV_J67me#K*lX^h$DhJlWZ7&I*Sy4)nvrdfZjvyj2Z~_X
z>agLl5(Ge+CU}p450Piy?O}aN$&cc_ggWJtCpW_HZHRKY@UyI7Q~2h~AYSiAm|uMa
zjqB~P3Oo#0K15%Oijd3{2CYw@<(@Wtc~o5Kabj^7;qo|QXT}zrXS7(0J%93QPHQl`
zaXEPmw(?|9fUXWf4gQ@$C?m);;FtFdiB7V2SP!Dzq+tlpdik{8!5QfsB_7vlWW8_v
z4o~z(K9T1rRn{YPv{ydql1KK;bquN7ADo$~*7D5>s}^08+5HXrqf&2itVa#Dv5A$r
zcK$5stuBP0{n^@D&@@~>MrhWK9t;$r+g_(xJPDR{2|fZ}BAze&gg~b{MWi5#25^Uc
zIjgi!QU*MX{4y^om_2=KV`+$V<CKmo|16hkJh$NUrDie;yUyU4+haO`w~#TF^eBQ=
zbgb_~_{xq5en+hx4IA|l@`xG2X=c=<Ntg8xdpJ?9X=t<dsUV<!jNhk4fD@3K7>8DW
zmnENv75>Z8^RD%XvJklN2Yw9F**K*RI*ODg*tNuJpRx!;upa@>s4!e~1*q&Kb#~g%
zbJT&jJb_xb|1VfQvyr97xV8pOmY!OzXtNCkap?e|FSGoQPxf!%=ahWUT@!2K)_&zB
zcd>wCzkG0$%uyElv_-Gbsl~rkG%NohZ+fm?g>?3jH8%gdYJ#*4I*QmMs+U{!ktvAn
zCeQS?c*we#I#RFowvu{||Jx!(+nM4v9I>Lg#G+ttMdkaar@*IiKZOtr?XSwrx%{7h
z^u>dh$)V;i(a_QUSm_q{RpWVtsY~O{vvGxpPo<tC&nbB9m`!ednOO10gtYf8-N`f;
z{#}y43p6Y^PYxfi<Yln2<)t<f=mxunSCswW-qbS$K8N~<Nw=mH+GmDv$=kL&`fY4n
zfh^x;a4k?6ewCitbKnJZ<EZ|CDssl}<zljBp4&mf;SN}`3_H_B+`rhi+|^6`*;K!6
z;#a?$yU9RfSswTf6nV$!yKU55@*6~SC#B?LD`}OUdwFa2G#E0p(6n3e+v0`ax22Bb
zvzL~9KC{9I0q~0hu&+vX4`ci!KcblAjxHzWOTKL90oca*d3Vv30mwe&D^-KV3_tOX
z#xGtr=dR`|*s+HYcUdLJ4!n|iQE=W?<;Uc0?x?hG{yGZo%(s%h0GVU(aq=He*Ojz(
za4X@sr}b*}Bw>}*S&cu9?lS*lrw9XnP-K~qL!iCAEigwS?k>TYE!wTbf~F@aM+<tL
zM~C_lH~r49614^eoaUEvyt&Q_`)}8G#G?LU>nBT0MbCb5M#}K?C$|=tVM$Zr1YZ}r
zM3p3yR_pP~K62l!vA0k~Zl=}r+$toSRkG?Nzvar{7@G#@&u&Wc7;QO@mB<-vY~ms3
zN1feIp%q4wyYL}9%GL;COzZT<1z;1O*5@aTtYDWD@F*Re*(ce<8Q{KeU4s1?r0BKq
zkyKh1<X)#vB4UH|H6pv{INrqBhyn3J<?)?=s~ULsy+W>Y-wW{=!ImhBuPamDCSDIz
zV85^r@;<`<?h?vf>j>;xrcVmeq=pb`1IAeCyYIp?3+7~d*v;-I$&XU;W#sq9Y>JVX
zxV8*mohoc3obAq-kmXY(ko%zV4S!;81jtzTE?z;SR17kldE|SN%IDa^Pr{WAYrOz=
z57MP;V}aABkI!Ui*+iAL;oMNo8wEmB@XA*9YY?&V&hdogoUOQiHI|>g4I_gbBByee
zIF|M*5iQ=ME8ZO#))DL-*%xA_PN`*}a5J`Z>TvA%R}*%MN#?I+>Er5*xnwnF82GSM
zKy13xx?2dyAzDMozi)%gK0%PTi1>BT#;AGEH+Jb_J!`Q?VLZPouly_DaWS^)q%7~9
z7l>xHJi-{reOK*ftdzXnHV(ODeg^(j_5~lZ$7!lYSKaQ*iIr<AE6e9vz-q|5@{)-p
zew`6`YZ5VbV^phv<MO&3jn#~l!bHnsV4|`*Za$2xrFUHeHadz0NKAwztseBGWK+B2
zkS8QtAkh}4ULB}v;Psi!?UnUCoe3hj)^hv(JR=`5_7aVc<BR=#2aKvDextOeUpgQR
zoRicv_y{A_;szZZ_eZO&jHkq~)mFPmr=vGd+1@O?tisW~LicxtR{mPGE_IMbdg4Q3
zAXaROe=&X@L_J2C8cEYMYz2gNMLimi@>Ri~cU;Z771PFB_MsdxZYP{@qQyBfydH_n
z7Ai?{9XS~TBG`pG*qt`ytk&PaA4ZsV>-;k8^#PTbKPIazQYQ)|qZWf|=hW*ZiN3qj
zATlFgobT_OlFbNDs7tAWdA~2}T$-Ysu<wc%@19qE=&)*Z*?4(A0>X}O{G6ZvoiLZF
zGg41z1z;@fZ;R>y`Tr@-tl;`%-%f3pmo1U3rbc-9hJz7Tf9VHb$mhlt9gKJjKI=+H
z_K1z7kHJ!Zex-R!V(FoQx>#4dDste9w0u-2^LUmY=VR3DgdqQP@?(4rVLv4(bz?MO
zlQiXWam^yuw?!6LIa=d)%#f*T1g#H0I9YI#XA%_}Bv_bp^jK`(JB?0iX;b55S;cq4
zSv|g}9e)loRVM7;;mnlCPx?~{b4T54B3_;&y-7znwAoB|5^ZABb7@&;QK*Qf+Ft<C
zrNS5UX7zRVP=#JWTI}D6qzpTpMgK$Dvt;j7g`*lXhfIxfq&9@V;s}LA@i4%@Dyk;F
z^K2KXylqJDcdC@S-3nAwtsS{+8L%&x1JbNJgV*-Zy94`n&fDLqE6B@-Twf;)x^apK
zJs+~P`%yb6k`-)E7wV)bmSxo?Wg~)YTO{_X?wrZ(^bpAjj`z=Q<Sjia#1XaPbqXD+
z%j2pJ_4DrGeh2}_&nb?qKb7=0Cg>2YV1Ry@caZEs*8oS3Lx?-zq@@M-g=!o!s=Cj>
z43g%<xDKpbd|R;m5$*V-Ni3R;{7vj=3g4vrqb(hxg~GN>){emMs*;kdiRm^&d6{mp
zI+y`Z+UTdh2>n$B(UYc_Wy<=ymxl;-AM;jkfse4i*jBqO)ZbvXur!U12FOJE@7w+r
z=%-5bQ-FAGr_6Vd5$Gi48V|Q^rGVBLygmIm&8->rx^r;`SgHe1H^}KmIVq3ok&o&m
z1C)-+X@&9!dTH74E_;Ss!Ki^Wu_e)<t1za8FqzaqNpP97r_*VB6+tJsqgQaNyWwzX
z*BGRr%tQ=L7EXK9vl=ZFhxSo?f4uXx&dXy;d?pi;Lw}3En!*>?DK>|5Be0l@m124$
z2e(zqz85Or^JphE=WJm-u_i>t&ZhDJu$5)7J`teCWPwx-a{M0Cox4dWDb#M6dw?C>
z;*XEycN8%*4I$U+)7g5_(JdI`gR$QUhh|F4_xXHYJq6jm&paOOnZQzdR+{I5cJ@`Q
z%7Ds#^UX^y@KF~ce=S^hVHnwTZja>mW%#ij-Mc@`fAE5<;oXNsa#eeTib0kaK7>WI
zldnSv%NW`Gq(FulcK0@L#^-rJnxKQ(=Vmav@RmVC?PcPY+OwFj(VJ{o@HZQYq5&Z4
z+qpPenj1tn#5M_2CD=#e?~2kHg4X)gC5M98n3YLq)to8VbUik8gm4SCtD!QVWBeH?
zXQavI3(F=lY+;|0VJa~vPlFi#8;2gPSJsHKM|v=V{}9X|{*}eI3k>6H2nI!Wp6d9%
z%}Q1k<v1l?I7BfZZK%eL5!VGd6poe~e23pK7iE!OD;AHhv5me;Z7@(4kP0i7imCpa
zFY^=F3aAJKt|IJGO9JZ6DqHEd*d6#PA^C7lvmNzUsL6vxKkK{Bc@Fh2Z6~WBeJi9d
zL}~{$K4|z|VohMQ+cd&)SBNoWi$o(QLQjKu=|{O1+rj@1DB{_W7nw&2f-@dk1l%=4
zgLcOucCEC5T0DjB5HnnRd3~VuN1JNF*qR_2stnkCk(<yv{N>u?_0VQw@u>iu;O{@e
z<`1~~XZ;rqQqlihiF?Gy6fqP95{DavqSRjT!nNkx5m<M}7m3j&9ZQQr$(KOCj*bs4
zIaDTJf>#DTr6L3L_S@_$V5|ae?ED=5;t-=lKk<23`Z=Oh3Z)djn@O%_hbOY$Pi_(E
zjz!gqZKb5vrSH{t51OXMr2EK8tDAuhoD-su257!hTSli=sL$0WYpJ+Nn1=P!wW7-l
z;&<p1VQb+o0V|?Q1A_kbyg1`L5NP*{sqz~JM-5&c-Q56*p9zUgKG1()E~&X<F~QYo
zX#B{ZWjf7vBTW7Wl^1<KTl7}>Sm`vawQDL~+P*9#j<>WKY(N}|6OsfpDCcztC<$+D
zQA_A2M5!=szlGN}unw@_<PL8>QF)t_w7Cfk{HH!p@0I;L>hy?O`FRs1@84I7KC)Yx
z>yUBby1aGo*oK2<;>qSbi;nLI&f$P~f=s7y9)ukNi+1!HnyHa{r#91d?Lg1@k~EMR
z{IY#6?)`CdV6I-81JDFCeGE_6PbQ+5R#hT*mP8b@zG{Yw!~0Km2QNMh1xi@6C&}?5
zHLH#np_A|%&C*CYA(}U5{L=~qQbcpsAeT;(>()j;-PXP-7mYY<(3rBVz0Ba+BUQ1e
zijlF{J+1W~#Esa3P!m?EKpUO3-s?u#^w#98@081p@H8zNbiZCqx|Y2e=yl}Y6?NJ4
zdBP8^395Y0fCJ*q1rp??uye^)uz$%Xb6uZ;VE;l`oOHBy%(bC~67`AtDD--D_cuv0
zry>=F2|5aoJ`?3|ir>u$LQRsRpB{~PM*Vift8jYi-b@nytVaH<cwjq)iw#3q)ZoZp
zyClv68LrxGXmSd0RAISUI{0C#RNdjuA>PYMSw48hSUBWHwCnaC6CiK+e!z9NAL9i%
z_XB%X_bgn=l5x-(28ZRKlUo#XFXlo{#+Z&jof8;$FW%l3nH8^LH6C^R9*X=q3%F@0
z%6E;yF*RrrxlP*LWcf$&Z+T6M%vH@mc1BcC5B;|5&xeCET=SOj{%qgLtAjc8Rm)NQ
z^y19eYzJW<v-hCOKw{z(`2I*x(%is8=BI)r*g-SUl(-LD(}lnCM1-K23Lj+VSKd^c
zs=pzzlIhtyQ@3qBY+=*-kmIG%WUY+Gy;5*;5=OpbB|Kf4efl`8?xAMfq_6bh%HmsV
z+N=KN@Yd(o`$yr;B}8k*Cu*_A*tdZI!IsXx(WrCVKwkJ?K9oHx>#WI`aC35db4Y2(
zzWh$PB!z5BU~gdmF-R?WsOjFnUdU}YIk*tKS;HXnV>%aOyLXU~e>UNCSq;oV>hm67
zqY%Kev267zusO$2`p-e^Ju0Ui*>!D~NDZ_GEjC<fmn7=PF#Yw(enb5;g0!;P#v<-r
z@ztv&bqXZM=Z(I=EPep8-SeFfZyo3x>X7DGC&phz)buXY*C8^2bJzsXLz=*tCGEId
zvUkcZQkT+Nl`0^MyIcH2F#?+q)1R8FPv{<a^S$YtqC1y(dpQNj_T)%&*B#y9a)ZNU
zf2u2|UUub16k8Q!ph3|4y(hU;qeAvf-e?r_u3(+Auajn)=FgpoYca%Sf&!@+t?0Q+
z0qipQ&A21b<{o(i{t6m_-zobsSk5(A%amP}m-mCq>(^qpnmZf;f$nZt6~CPs5e+u3
zY!n9#cY&`Ys<_~{i$AzthP?FMh}M`g_F4nq4E68rC9W~>9$T(w{n#vv8(W@S#BP>v
zpk)>O*o@Qv0(<9hYyFhxPn7fbz+Eep!vbu3S_>@b7i5fJ3A5&qcG;`RF-q_I`N8pf
zq85SY`%Z^{P|F6PquPH~7L;QG^?ccFQ2jlphv|Z6Ie#$mQByn0wu2-ztM3vEE6<<C
zN_Z^LYE#8t(CbU0J834#D#*CK7>H<@TFOSivt@OnbLR}JdNn>KKT7Yk%Ah6R7~bc-
zqUCZn6VO~5e$1h9Eqw4ihh(G<!S8msWo(mgAP+tswpU=^4<_Pv%Y3fT3+{k+jlDOX
zZ4_()-AwcqUV#R3F`vs4G&{4E|Ka}lP2(R4rR3qt`6%!P{3hjFvRbZ-svJ#omj4He
zye@B9tNEngf=2zy$z%8ydeC2!;{|#pm2P@lbG)dbEDx4nXQPi+@}&Ly{4%X`z?Al_
zjbm*9;*C5-2KND$B!#wbjjTi%u-~8~%ukHZ+tJUq=M^4llq`92yg(v;YztzIf&Ey2
zvfesofM3%zdX2&FQ^HphS3hjwUD@(v7UQDZ4YG?Qe=@6i!TPoj-^)B`s$y`g73FAq
z+fodzJP^#yvQj}>|4Sgx(2zgYpiOPO3qLOJC}+ujVLP!gX*21ti0x4~{X%qvI1o{^
zNAjZ>_#VG<XW<d;Q>GVrK^Q??2kKJ-Ip&Sqqfg4Fe+=vydoi)s;j#(}DeHizHbfMl
zKYW)UYvqw+BJBoNjyLO1fKa5421u<Rv;4aAhyul9TfRUR8s`~qyE1;g8@1TY`r+nu
z;9D0@7aqNbp6$}ybBlV$k)|~`9(Lar9=mPvRsD)klXuFaI}bZMwLSW>aqBX%w#s&2
z$%J>W0y>GuCc+Gq1fo8955n+JNvuM=pxNG-X4@!|KD5oi2!26MbS`jFe@4t^^kSVb
zQghz&1JUGXMJMyWN?g=3Wd~cPBCt(mcAyVZ2DA&Xx=<Elp$f_R>~hR{>Xz}kIKuvk
zw2>C>@@c<IX=pR_iTeO~%hjlXKe_gQM$Z4VlI2EOh?O1M6VhkrW34NPhK)T4@2Wgw
z45PpGLJ$e8P2qe*CX6vs!pFP^;fcxEba#WkrQL0<0NXMas^$4cRwuggpiMsc<ZY1T
zB{hoHs4IQb#8jG)0Td)L)9)xef4$v(+>A0IJ4=5%-pKx6TTUdCewsFRT9}+5Si?MM
z6kGL9hW?i|y<uo7F;cHjvkf>q;Mg0pUfyU9!>GeU*4uqXGCuRQ`&0}jCYI~tsE1d6
z{?n?<#qc#9sn?1VMV7s-0DCjnKb$~Fd@=>Ci_Vto%Mhnc&YpQ+hyUO@+`y{shzHho
z=cHwtjHDpGr8<mR-4p=E2xG(vDze4j{1U-izPkP~;kd|b2O<EuFqN!a_!?QaO)#<X
zeGy^?xQ-XLMHR%>&suItG-(Jw?Iut1^)o|s%+PU4+ST?iex5F018UwCz9!z-?mvUx
zz4n1hfVai5<^mXd$I&uDQgL5a!*(@gznM<m#7Okkn~wt@;?&8X**jH51?_VhvznZF
z!#g#2)C%ap+!-c5xe}yCK>$bWKW80Z)KXHD={0D7rX+wg`zJ5G0!vp8__dsf07|`O
zXO#||&)=o+v37y&!=I$;Y}{<-dP)IfTAQET0~K7!f>kw(*RdVJX%1tq@^#USOQ+8i
z1<A5@5K;$9;|Vqgo6O)d9YYf?t&ox_(J0Y1EZqSG*|>AQ{oqVPykz%9`FXNI-u&M!
z%{O5Sgtg6dtOzpWuyE_G+?rp%G^DR8K2cMc>y!NHi9~h@m5W~36di^68%#r-7gYrm
zNESxA7B`8E7l0kMiG_NfWX<uR?u38w{ZG@ur;<&BBK!!dq;V5?E+2>yahX9cYE+p=
z&K2e;{#i}1?SvB*v&7_^V}MJmb&dodDka%xn7Zl^J0AY$>!=d)qZ-CL$(BfhsdZBV
zpBR4&_IoZ(bT8GlAE#qoDYG)5_V|x*#iZ|+scDZYq9?h(boPW!S>^CyDzNz2R^%n~
zrdxQY%$?=Hr{26O@xzXt(zPVy2~d%@@|(c@WeR`WX)~Swl!;9MzbYcLa&++@F)ecP
zi2MpD4;w$F-t0C4i2f6<<TR;&HVJ(lr=X!PEQ%o+Q6qqUizntArea!;Qd$$|x_9E2
zgY*G1uT@R2MQ29%bKbW_1wZeLF)15$R57P5B<=W5=X`pHPax{*wLVUuMuNnJ?qe#q
z-(nYsnftlam{a*L7}HL;aud|<E>(nj1s$W$HEdMqWP=_`$(y9KXEQ*qB^9iVh@?@)
zuYztFf2-H6oNqo4THY3AepWU@tBM!BMOEBEgwP5HOxDLN?T#S0G4&3yBG|@F(7(sW
zb1YJ)?H%$35h9yNcB-wQFE){dEk*r-y-l|=1yqW&yRX&jvfJ`(ItvD^Tdy$H!B1!N
z;;hURlz~RnCcEu2e*x|TWM=%8dm;5zx5SJ$9281ijZNgj(TfQY_22PGzHcD%38}*s
zXNDh|`TR0!P;G)3bGFEq_9|c)veJ)K2kp(`WfDK|5?K01aa;g35y%*A)I}@S;XoOy
z!Bqa5=s`iI6CM2Eu?|k(Q1MF`IpNE*WEtH8-`^~(B0Kv>JwNSCv=nKh^YJS|FQVl9
zemT(<KQsXUn*gkJ<5_Ibhc`LJdHyUXqclLxN$hg-*XBE9uH=mFa{-jCcQ}McOmMD*
zVVTrR1(S_kg%@Oha>3<j;~L>|`oPLwiFDN=GA={-;{^RT;(f$j!GZMrKAUA=3$?Gk
z8dnC4cdC2sP!)5jPmM=%4<6u@Wi>~wLm7ruEsFX8)|IS}^=3E|**`YP7x2rsQ9$4}
z{P-e^K^=4C5RRWs-n}1*Tnm^-UA65zgB<yVf}DiuoQT>xVaWJ-U#TpsYBZQ8uRfmr
zY=dlwiu*a5+}0{E&MtwCiVYs2qGvQp6`$i?!b2FVMcT2OQC8iWKhzx7M>9g8Kl~^b
z@yWz&gC7nBp{{fF$>TYA9W|*kamw`pJ#HB{$2F$4g=E@}#3mKa1o>@6|FO<RT#_I9
zG-d^tuO5tppIRL!wKuT0+q(O1^Hdjdf`ry1XB98XY6QDtFv$#-$AA^jn%BHnd{h2l
zGyDD$3{J64aH_qb_lWhyBTl6No|)M)j;F-tJENZlp|UIn3A*Qw&_5WgZj%(Y!^TZl
zjba)qZR<e-6UO-FD1&Qj*<F^!u5sH`Ed2K1!KsS=^c&GvnyuZb0nnd*mA61yV^uhu
zHbrA#J{`6N6vtSAm^9x}_<uq#J9yEpIFrsA!e#P*EY~mLwa}V+C0Vv^Qz+c)IpWJE
z)5qN9SMn;MZ_Fr@5GmAXykNfJsKPom;_f@qj2v!TFCwGbQRCp@8<DOLrt$2P*dqhW
zfQfbRr?8<3(zr9wRX7dq0)CHmpP1bMI+i2ud|CNfo~!`IH6FOll1yoU3YsfcF3t*n
zBLC6{BG7tZJiYq^?5}K|Pf0etI`shV*}C?>WbF1%FL`9U^8Oe-iU4=vz3kbIF@YEG
zcAb*y1^<hyvs=x0#<27vA72yw_UzxFhZYl2X`6QM8@AbF@(V2!QHox?_YPSpA!>bn
zyHgr3`h?m>k4jXXo8QPz;fejY1g_D=UE`hCvB}<e^TM<A&b~0oDV%e0g!C8eC2Pyy
zEpUp@)V_;FgnwXp^KEJSMs21s9|bQ#R25_(6HCkkt)D^=`b(f$E56O(U_sGmHROOX
zUiNO(Br8#o#cP}xDe68KM7XvxYPY=;)IF^scJ1@~?b0gxd@b(X=+aN6@H2(bTa;Y+
zanNRKGbRY`pPtR8{@YzQI{r;Xu;P*|W8S7D2o^L;o>g`<Jc%(hdV+F!dIABtduTfO
z2;tX~ZTR(Iw827OKFL-^8C5;h%3xe!C&o6gQs%Fe!(wy~W!)A{dbG6d=)wWiaEI$w
zcO}N{!YeIS`(DArOrA2c&&Sa>(eS%b=OvqijX|9=JxRf}E{D0r<%LgnHGtA)Qkn;g
zV!q={Xoa|5v2(t9o97lICs`|)V<E+hUF2kU@)20Xo}D&=Vfbaj)IHST@-UzS6fyky
z2Ku7Sxtkt&!EZbyF9QAQVXWF(FXR3BjIR?I<CeDYZ`+P-iB5jXCU{IF9fk|^9+Mxo
zFMh5EAv9tFb<k65Npt#hMjxbGdKJ`Is{kJ~VW7ipM*gF@!a`FHDbOAC%(Ahk#$Jpe
zaVn-4t1MpB!mrb$s?nF-x+@pE@s^Lxr$z|t;qPAl6clb%cq^u{FMlF^zr^0_s82k4
znvlrx&(Da0S=7+}nK}<gVbOAU;B;(ETBWI<W^Wmnquyu#X2LVvw9Tm}ye67^LO5jq
zk?<&#YdMDeJG&Z@*RM+6;nqCXCjL~D0w5fA?chyrWq)`B36888j1^a;#KR>ISgn9k
zK4uKUKK__+1w2I_1BX3}Xr5-;dK8wmXrw7#0XC^1vAq&lF1ouX3f3pxO93SS#V;72
zyIG&hioNHaj#}C7S<|fy{(zjGNZfl#`SlUh+!?>?gU4=QzkbUzQHA7h!H&0~oNV@a
zU+O0uG#NNzO;qMxa&JfjsX2zRJq^uO_0KWr;t6ZPdc+j@L}!_ABu$EBbg6EhTV~jh
zDVK{s^0#XDB@jUeq%kdy37tD~<+b5&->Jn^+`)ZWtkTQOOR33Bt7x&PNw@mS*)!(!
zj+iLb%q|3Okoj+0EQByHsX)Nvbbq^HwQHNsS%K)=2VS79&puf(BYW>JS=FlZGWf~|
z?Hf=havCH4P<&|Ep-@znA^Xh<+7?Q9f>Y#n{4KKYWpmnhS9r>zqM!8vfc#Q<+jMg+
zOP2l4<N~^UbTJf1uxYPDYwysR8<WdaxByvW5>SHWAxFV3^9ynKY($}U=P|GWqbm@_
z`ge?_VOLh7)RNP#w}B`mwVrGpjG`!(P;1M6Q_us_#hVSJ;jSoUM*I<5iql-4Ufpfb
zD^3DI@A(OeVzXUCu5gg!Y?ToE;((3{FdNvov!bb-Z*rcRJWw+Q-MzSxg5NU^yotiD
zd9qR;$uSa=RRK^l5PKIpt);E!K4`&WUU*8%fKgU;?1gJ2$Bp}nf|39)keW?0QNP1k
zkZYvmgfT1y_!C3@?CSE}<;JEwMdHR{P_m=O+?UYPH1^FHf>_N;`?o_Pt-e;ITX^OV
z<|xOwA7tUS-o|*?TE0PP>%X)sj~u<@FgVnLy>xNP=5NH<hFgqPy2k-i>=K}%^T?OO
zR0m&92yE-*rW$lz@pml!X=%zTuub|P&CNh(Pep;nM!gw5#HJxuN8Hj9cMh1Kz{I+O
zz8r`Q`a}y}X&>D9PNJhtUqCn<N;SZgaF06x<Lpput&QZRM77kP3W2+Z&wv=2x`c7S
znM12i?hQL4ef2f8*`x7hPlJ38$1|R^K5_6fAK$<9N|GPh`#!k+qyR*Oe;h3X_F(tW
zF%7*oh4bR#$isIfGh$Mgt2X{d!T{9yF%zSd15(@k;xv@3qHt`09=%~MJ*vCh#TUCT
z=46h<?+!h)i@1Fy5tUc69Ut2PBSWtq96|R)y#*;YJw}|u&zn((oZFLgJ54;_H9SdF
zYU3os)sn4>hVZko@jyFQ@dVR#S=~UUL{zrHH_P7QA3+meBaOfrlRnU|!XuIFkG$sg
zUT4sAO?MM(-lDu)K_VDXG9tE9_Zt_zZrr>&^Xh;|wW-cL5ue@v%5B|$EQC|cpM_OZ
zOX&|zoGGaB)5{rK*5Uffz^Gk}*?{(gjzVH&KoxRM#T1OKFJmV{Ovs_IMnO+EvWIg<
zdo6|q{$eLTEbGoyRC*a8qAx%+NLtaq&Y>{<3Xr#f++yeu6H<yVDUFA{7!#dWtyGz+
zai&XC-@BBq0cAmd;NID44`%U+;TE(c*Kgf^`9ugU02PtB31fV;X|JRNLE-?MO^V5?
z3qOfv2gE$g+`txiw@qP;jSj~1_{VKA!dC<1jK$hZ!VMO`Kps)i*EWF4zwm1M%}lum
z>A>F(kJ4!uC`BJ~zJ5uWX;8J>o6M*rD!%#dYNWt4dRcs>l}ZwJCBEeAe{u_B?7i>{
zJst_JN=&H^%769kJHg(oRa#Z${v96@U~yRiR09Q;%rp>B(vrT-kkhjaP9SW{4#i!t
zCyFf*_L=9y#@vRW>tp!t?kms|LeNRPcjIp5g3k>xL4m+jADwXefd01?Ozd3L7Q;Oe
z#a=xPlCaV6Ccy}}8ve^{naq3ie2JFz`{%L7Qh*%~uy_Zf)A+4P7#F6NM*!b&-Q`(%
z(d){a{Z5}8+R`tNH4@g6n3k*P3+&;7-iMUd-%0iqC&Xu2vi9}oJ<@vV@ymqUo#g~z
z^m@TTQ&v^!I`IRnu#>S+y1OS!+5j%_7o0s5mkzdZiwg}4r4r_YPQVRq{@7ZSg2o;E
z7fT+fOaEnG72jm|7G)oAua~cpN#R$d1oZFjf7IeAjlWa1bYB1&FzTM;FY?qlx}711
zG*cVr2Zms7S`G)72ELkjq(x9_bz6dd{|Ah@1Tj9FK>C(s;Jnv9SUULqMC7B)fuXsT
z^N&QJYnUl`Vs->Y;mx$=YtvK6-#nklT3$r3Ev-_tR=w<WHxj?SP{y7soDaw^9u>%k
za<7(?t!^`!<ySdgrP|;>qTJFndE+Rt6;kC34;(zVIBnFDmk6|R6p!${b7F?oTuqz-
zH|=Ad+Do_40wb4*;$JXo1a38*6vP)*5YC@`%2bD+-8!M4C1~W|0#&U-1Y2F=fzGnu
zq~qLUr(BOxe=Ygs=u$LJWRi5($XrjnM*m~^yI&1-5A}smo6b+1e{?|X#MhC%0^}dx
zS13M9KCUCPCQ_``k*bQzjy%UZE9LDL?z^|T9v|1a<q+v*$OzsYg_}t_-xd3yeMo=n
z$8X>@;AL(7KMJV@CF}q8hAYg9c;IDV-cb2{f9dP;zeud-(S{>DJZ-=bwE<VJ$LiV%
zdzYf=ASRdjkw0yS$-#N#laFFvNQd9xiH+fi|A5k)oDgW?zAG7>i=oPJ6iSBfzFX=_
zR`*?TXC#K}l4q5qi0uV?oq-3E@)+SsGbzJ|FD(WBx;50J_NMvRgXj9zhql~~n6{=Q
zyNv2+-;tHH8185c&onvKsj!|K&<g#lhd-7zpcIbrKU>E+T!QhZ4-YbS3{tIzIyvhm
z<DH~S;@}{!6oQrMW63^yvkVIcP6ToHdH}+aY;?E)uIL7G{euNkY&pfyL3wp!Zm?tM
zxW6+cME>k-<P8dbRG<8!EzYvmjb!=zoA5}^L#<1{p<a&3QN+f}{a#rFQxn9)jcm>G
zmClYPF1thx*=G^Gho;DmI5YMj)G>yJuHM2=|D{~ZW#8Yp7XOl-nrg|_SATzc`V;Nu
zhJVD3Zx`+HFt!=pfv5XM89>G&yA}<DZ=}(6>m3QE5t0pg(oKp=w6$AHTsd*Mt1T)A
zAygqpRO?Hczg(U@(%XheDuf!!$!g7EvE@oUOlH2^Psp?LDmY$k9|up0s^7}!(;rl8
zd{NQ@8CP-Ob*UQMli^zh*Xxff>;jy)lkJ`!pryeKSzaWW-mHNG-Sz`ZT*~lg_(#+7
zDpdhZb0mBh`#AMYA1nyU9;cP|F)>X_9HYz_`+y75h+J3Lry~%kk6j#3I{7JH>Ck81
z*O{R$%xLwh?OWWaAY7dbg`fFRA^ape_ZIkaphb;tOO8rHdoRV7BWxj7b9?I!furI*
zm!2z>;EN6xV#S*~I}hC7`rbIfi4;jb_+{IE#L2+Vb{o06lL`<?+g|rM4raJ1R6cA=
zT(OEw1H#w(=|*3@8xUiLtkr8MLDINi=K&ZKh$Z$%FZD%Ci?K#?7@~ebuXpu5VY+Va
z_fqJlnA@(FO{}zl#qP$(guhFhrtRmc8dt()ZH5#Lbd=<Y8*eYjuDu^Zr6(yK`)~r}
z?tH(lS^dS)Vv2<t=$+iYG>y2H>Ae@Ty3P8V;MHp5$%GJaM_ikzVp!mXppYOG?}g3z
z`j>~j<Fxa~mc4~vtR%oa;y-qiq;<xiK>1uIi392U<vDdnq|n07Co^IhV<>=N+Gk^`
zgNH@wWL~sgo-N^Uv&BmLL6J82CIaHy?vydRNG-Zk9|00tqIk`sQQHI!b)KQoA`&F}
zy<9mk0+t9mo1|Aifar|(>3}%B$BI(|{n4jt@e0!o%P!JF|9|6RPf_oRKmI+1N-Ifa
ze!Yc=O-$fu+>O@xqt-lfY5@Cjpnc)lLp7$tox``49JEdm-hDTjJf+bfun@=^pov0K
za;8ryK2By96R3>YpQ9O5roTq`br3da%%bN;HOu7=cMnHKzLFI7zH2Q;oNcl7$ZG+_
zev&_+18>eMfwd<rm3jSQVN}>bE7#$$^)c^LRv~=UEywq+-&g&^)fIYYaK}oe-Rk?c
z`>6;JpB=WOSyXGz>#1?9)t{dsJj)EB=P{3OcR+xt5xa!`V;c%htm_274;gsK_6oo5
z`#m%Dvu%4GR)X@55<cC@16IQG_j(|9bwuTi$Pp@vD7NGI9>08S^zqB$64vHxBu=+B
zE)kL12wQ;R+Z1I>IPYu0Cu43Ghjiv`b|O~@I%JPnAwfHfV9!VY(Z8(ty-Ni>QW+|0
zx@LINiBt!A5T-|u=3HOVz-33+dDjBDy6EpN_roS`^?J@39E?89ihNu6@aQ(%2$!cd
zal)OHX@W0EQJ+zbk6<2bd&qxJEd!2ukwYRaB?ma@U*H8DZQwZ)CwtXjRB`FUZ{#$9
z)_H$3PB8FT!yz_%ChudT4>oG2bZ|Pf;0-61wu+Rhq|GXc+K-xd`Md=32!3cBMQ)gm
zo%zaeM9G>#yB$QQ#lJXTa6^NQX^hVkGH8q8&$uvz^7y9v3N20cR>0Q4yCR`K9OHF%
zx5?{MIg79JCj4s^FaR+&D7i&&-MB7d7<rCFbtVWCqIR2L-kRWS>mU8S$>9G@9S|7k
znKXv#4Ms)jN-63UvYr!~GP_f-f1yVX17BtNp$bR)HOACI_lhI~!UGifU5-hg0--jA
zxj+u!(~r)+AS*PZS%Bz!r{r_f(b81NM?ycO%t}R$URYH>u3-RGK7N2VEsbT5MUg9O
zrK!Z>(p>Zl6~qm50SWy4G4CVQnHn3L^ue{`g#z1RwOhVU#Qlu$QxoX9AyP&Yy<DFW
zvYKQDx=M=qe83aJe8*W@%`NKDb<tlh3KgzXxc?GbKI~6*IH3q9?i<_SasDs!t)FG|
zmWiYbY+aZAWXz4#-vc2X_c+%+Xd^GbXa9I|6wWYQxoFJJa=9o1NnSg~I~iyC9fxt|
zw=cGRL(tAy+LC+S2GQv5p&CJouB#Eqt_zia<iVjZS+uNzZ;4hlK#iiP(wIY{*KMg_
z4!3o*Bv|(SzNoDu`9n!jkWDY(<qz?~v4L?G$;3jaCXRfkRCkuvkI53q_7)DozgSE)
zC2NreiIHowQ_`6}%z=?2?je-q1jYC*YwJmY|H@O&q2}cKd;!$*{p6$N5mE;9q@z6O
zY|E5C;WBSBY<WbS{a|1pNtEQUma-UlO=mqVt?S4p_`oyx^TMFOZu0s~(TJtRhpW5H
zdP4*`euP{-zN~*#4cK=Y4ap`4K!w&V{weuo<XDy-?<Q;+zm50ejk6uxZFOAy#d8fn
zzuc~c%m6*8SSi}~Tbk+|K2+~8Z<(e=b}vjOVax`s;JTJb*~6#&2mh^~*a~T}eIBrv
z{ejk2FATM0v&~a|${_f$I2z~-=WfiRL?rxFQ<sj_h}jx_Al#+TVp(ALm~_xmURJdR
zXTRq%UEsZ8%I$oZ+pU@!$kBFeO{0q4Y}U-CTP2@(MI!&U9mRt52MW9zsOc(o8x9<I
zSH`Bs$I7n(%ldPg+Qo%bW^;Pf4i$n0XhceSo;GNlHpPAS+FjO>(WhH=(&$0PJWy;)
z$NPK?_wjLuzn@2ZlRtBKyAO63TKEW5gf?m5R_7`%lWu<)t9N*-3(CUF{sIM24SYxQ
z69{*52zRZy3IM!c(LX2V8VPj;wdj~QcD&Ktxu7mr=YDIZ-^PMQnFrdeW-~VL0`w<N
z%Cu<lclZtObA{J!wz-_86d}j(a}A@WIa%dQ%O}=is+vf9HGS^wJX_>bKJqT&XgS3P
zml4p6G%(m`XL>_YB?%icVFxvw4qWN&G$}#^g=P06biccaYAHs;x(h7Xk8QYD!}9)g
zV=wi%ieot<Pj$~vFJsYrQ=q5!v-ln_G&5egZ?IX{JaLE-3$GtIiQ;4Hhz+p-_Is$3
z2k(cgpHqd<NxcUEc5eg|_AQgDfY<|Zww<RlgjsMwT*>(!y#Db%KE!Y{{vFMFBd(|3
zOYZ&oZl);)F%CTr{e5M|u{3YXtwe)-lZ!|2;<??N+g1U<td+L$u`h)NPg?4tTyGgO
z!sml0Z-VJwW4nqQhQ-k47Hr}TU==)G0CzFNhIOMP)84&}#@UFwg06+{E>BP2`iEY5
zvo1GIf}YW;2{{Mf<JW7B<)y$P*BOXvCMz41V)6RhO637BYJA%B24CrQfZzTaL3@Rt
za;UeavjJ)gYOGsMzGa_7^0LZ|4K}>l<oU>6a?wIEyj6IejrM)aMJw%FcL&}KDR#5p
z8#AS~3;4YyDuSbX;YQ@6j*@yoPG|ya8hfpjJU<a{zp(*rs};SEj)z6vR(o;-Obv;&
zn>|1Gv|{e=I^AV8y9e)VEdr`qAsa%&6O{YokrD1FR8d;TId?iiR+Uc)BK?n|GY@3?
z|KoV2^6j!piX5vXU8p2swo0W^R#9@UawV}!Z0stM5DOva97*L0$-R-Am?O7s?qS$$
z>^^?`{rmaz^Lc;X@AvEVdOjb|;xm$gKxL8GR_w~rGFZ>U$EKB`k<`xn%#Ti=Ap?G;
ziw-$AeN)ZgrQ+*w-z)jM>g;}6FSeLkcG!821)J~BMbc&?Y=?rKug!54PHuplPf01q
z4_`|4r_K<<#w}CtUOhW7S9(vh`s<G7z=C#sIlFef#ERytLl|z5JK|=nlzp|aAnhuQ
zA~w{AB?$AC1f6BEaw9HepL&*r>ysL%zG8^{u@*ALF^gxi6fvDatCIRjj;=oSTMPTF
z^?3v6ORYNW%UHC_Qv*}TIu{Q!tk<@s#?^-ZSQh%#T=&!e7Yn@}9UUesw29V__ahEi
z0-wmC8u*cV>}N83<)2V<Zi3%iKFt5AkguF>M|YP#jZI@2a)KA-F=J`0gPiVXV03O8
zKgxNA4xMSZ8p0&y@OxGT9*(l;IS=lt5`SWPDT-XWbO~;-o3cm|Sl403jE#vq@_2=O
zh;pFE_Nz?i$<g5TJeuy(CF;J&uC|!$uhne?*?gpEv}>k?vdF1e{Xl_2iq&PAHLD*w
zZGvi2P>Ne}$Wah;)KBeAzi=F@6a{=*F4M>ySR5u1XQ?cje?N=L^n=+~_45g(Z!F`&
z&SHlu62)lm0^lal3V4+cFO)271f6+E_1MlD0tsEripE4HH2V=eh4z7p2a1XZ%F)l#
z6^62V93a~(rTdYrb1NZ&QHaLtu1(I8fURh<tw1o#G%|Uw<ygoG@?vP%I+q32nOC?g
zwkd$*CVpU9-@(cAvw9C?9Mka$`*>)nXkQM%71}4)&wx^?Ve-m&7EWFV393@xcUYL_
zkJKGpW)AW-aoB{(+mSYVUjqZ>W;^Wc7u*9UZPU>)N(62vUa^{IE_%%*9~Zg%Ic2}L
zyh|^sSX5!Wb+Hi-sURnxh>M5W(_t&sE3(Uw!Cji^j-+<NBK^cl?n>L%@za0`-T%-s
z!W`W{D`j5r0e6uMk+URZ*p+>fhiY=kG5;Uw<F+C$DfaSE38@=UPC;z-4Pnk`RdsHQ
zKwQQgySN^6ED8S~<mgbDr3$`IM!s@75}%-1@AB_o<%9Hdk#v$Nyd-11F)mmtlTl29
zX`j2-)MX}zz`Vf#x=Ai*YnpBa^Sm1*f|PgzWBJuCG8l-pk>V)|4ocX6k0!!06O}ZY
zl#bZF^~EBCUFYOT!;aZ<JMa<HXIAtm(de=fe!Y~b*eJgOw&a);%E1@P&x^R{*`rsI
z`>4*6mGdNZZ45(!C^?UgbvOYGn<z<tUG#b1Q!J`Xc___XnAK7z7b+;d#1AbPv_TK$
zN+_WIy10LRG=D}VQ|DHWAL$6`ANy^Jz3$^et}Cy=CH*oSh!APKOuwPV1D7$0BCvnB
z4NC<Z+*3d~Ca#nC;@GP;ESVD`no&X;hTiaMEjrlU-Zv>5dTo-R2vzoUkEK84RcaBA
z5Ki5U$>=ot@p7|Zgg(Mc@RV17Ilz2<R)ZQBNY0@<$-QBSm4GhQ=Q4ksoDz`u_xWD4
z-6x_vxd^uXQf`|HkJ$F7v{9t9>U^JRg;wI<DuDC8Z%c3RmFiTpj9K+{60gAW#C7vp
zjJLSLHOK{G2|>4Tc(DuM_3JwGwk4aIvvvoqgmu&GH#)iOvTlqMe_+a_<-|MO70I^%
z+!z1tLQooNSuTzvujiCSJFg?XHOu{0cZK~HR*8M+I$lhhN9$RqzS;!_3^GT|&YZ4m
zp!Em?Xa#jTY&}wh@92s`qH{3q-3@}HWbQP7q9eZkcTEoSj7VVr;>MLZhzip7Mgd&#
zW+`!4cg-fUR10>0j84d_`ITmsS8qQ}c8bUOqSvS@d?4zPP}X;X1vMR%0kKzBA(iB)
zDUTBCC+iD1#v&5xiqP<Eoy^PJn)w5{5beiJ8b6LrY*}JT_EZomLz`vVg$@+USB8*B
z_4mX{n(crgjSq;z3CkVIGT=JuS~43o$g39AN(aYrR7i=GWi^=L7&yHNnZ;;Lga%Pp
zS^Eb20i}4+0hjT<!YRNhdi`XYV6Y(i0KQP?%|)qts+D`2T>#?*G1LFh{XRs!X<j{k
zY*IKn4=<64dQ}}?hm9SU-EOQ^T-9OKiMDNnM*xEX)x2%opG289CULC|SWH_w0#16p
zZkpJ{+k5-6tK{#}Yen<hpvUYp$`zi!Sxafj8s+{(YSgkMyU4e+>wBS+=3Yv3*O6Wx
zu~<@SJ!Hg7>wAT0^_)!r`bq;j&19o6%}t=6E+mnX;BBJZ2{U9ir%0G{^=GXj1kOU`
zlQb$zUy#aJ7X5UVg|v{hrZM{1(wg?6>P15mTk9);K<%%58@N`jo8h^DVvXJ?x2DVC
zGS&(IW>xYxYV9J3-sSr#B42%8#S13FANS;yRYF=#2VK{kiEZsRfj)%dv2xQzVr~LM
zZs7P^+u}R{7K!cm27=kd-Qu5??Ch7r;swzhr=VoY{9#5cpblqg=GGq6{Yi29Ua}Q=
zNHVz}P?@VSE!<KI%t|bLpB|Oj;57b**)CbR&68%0c3Uc9Yb@t-oY{7_^drnKS<@>d
z>NE8`U_9g@8@x?!7q@--6Z^ZRF|+nCY=C6PJI#;(MaFjf?BG+O@+XAA#nW5{N-mDu
z4rL_{JRyV$oN3Cd78jho7UE=c0^H!S0q`3o$1-3w?gcY^(K_t5u~uL+v-wqQ4M8Wf
zoB4fJHY`~dO~s`@g(MYKaTNE0n~Ey_{|@_(j311X<JVBHbJ6c`(ngFfFVb_8eqb4p
ztjS#aP%$1p+dEVvv8l^GbIhXbJ)mPnqx!yc%+$kb+1iHMk*2iBUU_%X-=rQ>7e{&v
zE;ij)+Hplrk>n3#%5n{Qtm52u9eMdM8@3xE(-SN-V!zg0ruJQjKajaa*d^?{N4V~)
znj<@bH7-7G38&$aJJR~RAqmE#qWx7(iQwXz7cs^|Elwe+5}b5%;Ftl*9Dt>60oDBE
z+9ZV-tN?_1G2%lg!m|2!af1%*oaf@<=j0%sdGOzh-)#wcy44=MC+XsC_{hj@N2%pi
z7S})%qN^wF{zSZuYk}s_YQI&$cPoOlZ~C)-?i_|y=L#A~{1=>QtB&Q%>mi!*nRiEl
z!N^li;%mz$KiX+%(uEaQq{33)!c=|UCV+kx%_wjlK=h0?BfYTOP{4dt7}{B1k$!=u
z;^)AAyuu9IQV&1^s?e8uS~&QVBYWoJ4#x~^$yvs!BTFyKr=8lUr&wm_<&j(jegGB)
zp&cn6@3~Gv>2r3t^ehoTsSg;6hD^#bMdN0c1WE9ckFMOW|6p$Y&_aX$@V|t;7y87Q
zb*qt??wpk(NGgi^186FHiQak#6Z=BnJ|~QGA?#6Gh9Tyi2TpeVtK{vyJ48xDSYYfn
z$e9OXxZlC#!=8{^SBxVqEOqJC30|5E<&-2Rnu^K^L5b*H(%mN#mbbjQNG^^x*u<WU
zr}b-yfp_N++VD!uXR|th9J}c_HJbYydm+8j>PCGw(z9iOr2a<acY}BnpbO1elO*2j
z`HZjmcU?#PQ+v{}G{nNji%{%y1sItkT@N{nHzU<Pe9E=IOB2aD<K995RT$q=8*fM^
z^O_9q3Tf(lFP%vHhj&nuIO*>YsU5{pC%^Z5W%!v(3TrI|{-@BNKbtD8!bApQh^%q6
zXNiMf4*}UGA1qj_&Ap{UAN0>4!q+C_yw+;#J1BvcUcFuf=@DPq_0m^=cpAOoV~VmT
zrd(M664_oDJx*nh;5+9XIE4c%E6YDRM^Apz!d86szez6Npyh1CcIQa2P$<|Z%aL&F
z^Lmpk_!xgdbKFHZ@BzSChj*vmvFF+xR(LshUl12HUf%ie)kpB~CiG#}M@3%@3p$=T
z|EcAa=&q4A`U)YuQ(0>}D555AhLGqnjm~Ssos#@MtjxY^BM#WiFRHWnS|#|nF{y_z
z#yblsc<jN)CGvd^eAul73VJWRd$Z8cEykH~s;hI`y^ak8LL&C3lmmaQ7`3Z$_UKj5
zi@2*ll)O3I6QmX}^ob_EM*!pFuv1+SC(;WYJ`pYtf{F7~0X@b~4=$t&N*?pVZulkB
z95s;LyC+7?vwzpQMr@IpuBv@hF-62e3^yS2+}dS)$ld1Zb%04}j7oK&Blc^Pc5O+q
zOwTuc0ex-&XD3bR$2|3**X+FxKRK;%-(ygCTHVdFfVv8*?m7V?iS(i0HH3wDgK7bJ
z!Q=tmeE3*3sZvJ~+j?TyzBGkwulq9pWO8Q|lzx#Qj}_J<42;FySQ8rhVsIw>)5?bj
z2XOv<A<pV21Z4=@(J!4D=U=68;Y=mnuB79Iq@cepGc%w%Nb43zQLH!_qqZLO#9$4q
z`b2>>lq+An<+~nWKc0wZXW_?cg3_Gk=(iXC3?y#C_KN<Lqvyw*viyc}Bc>LyLWS|u
zMl)|xfG_7Ti_U<hvBhhlW8Xj9jd$7m#HyPUI?C{huftecj8Vi!_JyzpHvJY^90X&w
z3$iKViEFHe4MKR_bQ9Ad2lSdETZq{wc|Nvgr90Cv%?4O;M$x%y<ERzas4h?TAxrJ1
zux2~lv<1AJD@V+&#rzShlq*n+ijoLS$-gBOA%-S~&Ohq#cGm!&l+q;zQ=BEilG7K0
zkMFeJz=}bC<q&2Fy=jOZKA@y2+&4Z(N&x@j+57IRV=gRE2RkI|NsK;$1A#tR7s9Jx
zs)84C&o`-e1J{)KZzOdj1$-b>NKz9P)Q9mQD=OiR68Gh>RM)F%Q%>U@;6@_ekDi-z
z^uM%3q1-nuiZy(rNO-j-+dPgH<4SWAxBY=L<W28UvsnMF_8QYfU~%P6;qmy@(zXub
zrSFpq-svb`%+i;FzRzNXjqUcTrW%P@@Mg^JeHY0fzj^yF{{?~Tz~>Yp?*s|~#JD#i
zn>n=KI?~;ZW@Yz;1MHzD3l^|&4&@{5Pdq4B`SI4b$h!ekvw6Uu)~d{8HQ=oH=sl-e
z*Bcjr*iw83?!K35wIz<H-Sr|C1<AQ|hv@x#lBa+EP+a5<DA;P53K((PV{TuQR!TV3
zl;QW&cp1(a6{$2V19uY~fg|r9r;1JwLc~3+ls1Fo%~HcXE$~1+Vd^H*<rm`7<0abM
zt}eL)xY*Qy;~H{fCuvccu-M{4Ke0t-8<$=#YE67CO0VPvSbYli_0qBAyyk7x+7Amn
z$nhIUyhQvXKTt;lDMxigDY&1b2FAZ%{ivvFEB)gO>x=H~4wF9MsG9?|nHElvA9F2y
zx_=Y-Yq>Wzn38lTYGqS|SA(v6=6-!SHO|YOUwCLFyvYC;e-TilyQKun{@~sO=|@!1
z?tMGSaNFm;yW}J3BxB=WHPrnCPNy!$*RN9a$->&Q%%8}6Zqj93E$2n}i}CRGZIDAZ
zL>imWCt0mAg*a?Jh~956tY57Yu=z5dSIfH=NjEm}-=L?CjK`?F=i#qS4LeB)wcQhj
z{Wz<OvQH{2y7($)Px&S-=hmgZ3fma8_2=o+nzVl6Zra*a{{RM~`p)$ibHxwcx8Ecy
zVt#NIcAmmzEa&o*46Z1eCEg-r747~1Xy&_{`}Ewtrm6TLT<~!r<>za@vA2q3x$WPw
znEdqKds<v8(b4>ywaTIav(>Q%q#?d7b_pS`hj^r!;U9ae2qq3fDzQ@q$Ga=TKwI-@
zI)&{5-}#xv+@q}Sb+r-&)_7pVR6fKL^1R57Z>9DmK4(7~YZq|PeB;8MDE`qjIV&_m
zUP`CMN`HyK-gy^+MczeZ+Xhndar1{k$TQ5KjYL3fzNwU~XiC#fbuA&cTKLAv;JnWz
zSou1xV4B}j(8An$nb@&RS%-J)`mw@^C;#lIX>k)82JYbNrA_~%0`y!$#2@U0G$C2>
zU!7Fxu7)S)?(!RE<#anLoV;=Z{9F`v0&QJm*uE5*Co$p9<X8`|L2ce!wU!c({HiFr
z(`ox+Eqbn?G!27wR+gF^=!m6I8w!q9&Q(*EjIZ74n9D$4Q(=+5g{E5Xq5Q>bZX_~)
zuZHwzcJ;?nzH4>o)_y%Fbi<2?ZnLIy4cg1%Bm>4n%llPgQdzV(PH$x_XlBin<x{q+
z3#=TLEKwoVMrpqmX|<&<hjvXZ#3~-0?5h53zfZ`D{ynopX`qSNh@hd`ZJ7{p<3-nb
zK(Xn=h9G`hT$9}_L8H(zeL>NV4EnB!3A$!5oLXMQQ1;Y(&e6(V$X0BR<Sc=i#yh&z
zNfns*$k#1L#<5%Zp6Varo^mjhz`<gXqCb%WbI9I>249f+`EpGPcG1uONwcgi+9jmF
z69N!-*6|g@-RNXkaqPN`fBRaS{u2Pc+J)?oB;*oa2@2d?xj@<yeSYwK`~u%~tcqR~
zl?mY;)zhL4s+z}*Vt@w`%Hrns$(?<pWyvgO%#1;jmUr)4J_FOXMnJ<a+pPG7xv|Uj
z3PIF8rkATEZ?2Qv(i*0H@?o2hLx#hMxFQ?aV`kR0Zi=K<s1rz;pOiJXqQX2%a(DH)
zw=8LO{`8mzKCNVzeNn?U9ea^6Pruwb5huZDRNZ?PO-Q=V_*{clBo?I|z28NB<n;z!
zpe!2|M+xh)r5|gC#wx$--EHds&g=JQ{NvQ)D^AF0eAd%#TnIF&uzI6)ykoE|PTs2L
zjG}&jB1TndOE_H3w+XHOm*%#JZ&@vbtmmkKS5~Um^K23n0P4&UxhKI~PL~d>bSmfu
ztY_K`!gYuXsrG9A9n2_rD1>#1A>J-_I>85JME7MFad|n!C%P|dvy4b)b!pk`JxIR#
z{Q3^Ur>7xWPqM)$QgHohNWPLCS+*V&E3is{-RMoIs0i(nfLJ$uVtA)}0p~oCSjRcF
z3-nh@EaMGS^{2y1B;Vhwl})=8M;_s{ZP%;)5pEiBHTZfBubIQL|6V(N6df^Y`Hxt;
zde1Fj9$0O8?u+@W2iij3G;ndfR-ohluX{v+Bsq-QCJ3A~6KcAXMC<9ikur6<T;Ub!
zC~k2Vn)p>As5%{mXPWXKIZhKk1J|lTX4W@CL~jP?{)4G}axO*mT}3n!535L)G-Pu}
zO@3f)R*QpHuCOdR+U1g$E<(T`th=2HWft(4d0F}qoxSF|ICt3e)Az6HKo4LaE{YU%
z4fanl2n!hFJP?%!YAX_tEUO<TmQ<##nKsa!SF307Q48A%klU&3-D27f@O^3gOdrVE
z4Ik`My@H(4AHl`!T%rjlzXrsB!}YZ>Y_5c;pE`Irt*BGoq<@pllPEuiIsmzg5s=iY
zqH+Ya)_EoJDg$-P<>f1Fpw<#s=l=3LO*L&<`>L$jw>vPE-^i{-ylFWc1AHtzd`BMB
z9o-QI4BKUJ_yBwz+U;}ywlS0%=g;|;O|gk<&*nC<K7%5*<###$FncvF<sarGR&kv9
zQTKWIJt60h9)J(~J-)iupn;&<-&#*|wBiRq5SD;0@2pWp|3W!?JA1M|vQC}b2vO7P
zDi3_@gUTveu2>_+k6Sj|eeq&$E@Xs*)uy`QZ}mr>N2D@vvzxSD{7r+1y$s|exbXzI
zMsMU=Viog=oS>Dv7vfY;Y>{oQj=R3QN=;ZUdMCcBkoK=-++dRyv9^d)O)9niWGO#^
z0t=|Dwzn6RYB2D*8Yud)f0kZtRJu^VFOS4~2OzXgI!Y(50ND=k>GJ%?ge{_rP+|5>
z*{4NCjLSDAUu^53q}%Y;9=Zc|u~a%e{FHwM$nxY_5;x2;oi{F<=fQsQv%1zT4(bbZ
zR~D%&vP?!z!!u%4IplrU-#I<i%ep2#mws9N+j%5>XHT@tp);3@!gi*G@70+&dMD&g
zcJq@S_sdM}x0f|9z29B*S7Kl2P2dU4WuU>aVeT-k%#P+=WPV#vr%HwWM0-TODS_z(
zFFX`&caz!(DR&MBu?ua19dDJFO(;um<gBx7fl8&~iZiOITzSi7&+Wm$<)glm*ZwY=
zm(dbeW6yMUh!J$!say{3sh>Mdg`Orln>`RsW^47bt?d-8NTE#swFTv7lwpOxFGqHl
zrXVA*^On+DK3ELVG<)F#VJr!(w8Lf39jAwAN5B69-tzXj3`~TyOeat)wh{>fizCN5
z+&z-{l_|Wr4ylvxg>7bjta(5RRsMh<C;m+1<)}tz?C@fKC_2AKT4{Y*fk05eXOa?n
zOqNcq`oM>)|6{d}r=M@5JmZ$rPOUz-mTOjAnzuKQOgqi+<9%vC|NE=Os1n9!$Va(Q
z$vzJvxa+^kS^9#pbph9g)$tQ;f%ESMeptMSfwcfE;f?JOd4xUuy!76key;~u=J~1Y
z%}3+BUOK$mD7~qjR%B0gJ&PQ>GOt*wt!Vifc!=~^Zxyl{FZXuUSh&$EC$v|>7}tO!
zlF(%B6%;NebtLdcLrnLQQP0HI7rZ0Sfr6{m2C%?S;*WKz#zmuEpPG#30$G*gGZnf|
zrf|SekjsE{HiRG#t>l!0_L@OYnkNfF*jYW<6S8nN(DcB!%H|6=s?KTiG1PYMjCa3*
z8pO#1-Ri=t{kOrj36OrwmzvLgAnrF~!wZW3B^S@tPDE%gVkO>F56HefEnSYN=!U|y
zkJ#Vnj<+jw>#0i^fwTiTDSXze>nfo9Qa*2KRuuTRsP){gz%8bB1*dnJXyzJVHp282
z@JR;(;R?&)vnWOt`;7XS@kO*&lymEf5%*UHcjmwp1099?g8_1ABiPQMtqcV1Ef^PU
zspLm<HofD3nK%>?f%|K)Bjv427U0L4l`LqtAj!OB-+hFz;qc;nyNcnKln*?&JBPh7
zw&{k{lz#+%`Ebm|xCu`x{x=`d?zZ~Wc*b+H>pHDl&E%8XmA^6H%{K`FJ=;B69B&?E
z_BaHA6Sf@=%e@9b26y>b<R04RM-gr7ug|WULluy^8^5<wP6-Hjz9Li&*y|!Hi`kK4
z6vd%U>BE*%u1Z0+L4Ow%P`C!LzOXx!{2ks}{$)`7+u%`OF=@wT@}}`kUmM_X7V$X4
zsfo{DF||C}9E?quk|a5Q4L|l(`f6#PI_Gn(ST;Lvfbqq6kN&O0V-~3f>8CA(r!s5v
z0K7BcpVzs67IvhQ>j(y4kp;&^pI;nV-BN|?SqGXWViDURHL7Ef7*yIh*-b9u9b|=>
zNbe|ZO`LtfOfgOkmH6ljQ_>ertkCy-a;cKy3as>GfsC_2Z6xXWQk2rimCcvZ|1{Y1
zU5)$kXSckSvK<RNS1b~JPmtn?Yxe_Is%eKTYiD3NzrYSOuQU=V6FEFt=0dwD8}_AT
z=FkpWhEhcDTI#j8z9+Oerqw;0&I$n1QJ7Mhqi6a@o9r<(`|I$1GArGp{G$nr^W+6F
zEios(0W3X6>R{J7&pym;_rgIu&D9iI*HRpCE_1i_USrh0`aNP8{4-uB>8p^mCwE?1
z{=q;kQJQ1Mse7c2q$TrcH_m(S{a#|#X3tH43F^0=%qh^SAW%R!GH5s()1o@Tg-VlF
z-mLYi2SApAtOvrELz2)loR~->HgwVXw=<`w0axXJTai8r#xCdUc5IklR+$OKu7i`-
z;k>fNxID7`?{%nMtI^GyQap<f8*ixT;muhP&W5k)R{jb{R1{V*{t|aqpK@6F+7u$#
zn+Z3p;vK0nm_#wJLzA)Ue~?VudBNAerHEaO{5Fx%c+tsbgC^1$9Ch1rn!eET4;-^E
z7rLna)3^u)3=}?|Y|---SFkr}rJqDx<Nt@sgvv&XRRb%>iABkXEkPfu?9E8(l^Z1x
zJ4P|$`k%x}_?MTW6=LltOi>mm(MNUh`@7uTQk{UqeP^Z*LAcR@$MvTWqm|6oRfi+k
zF0EDlQFOCnY-CYB%w`1G4S_FIA1_Has8fiPgyTjl8)|@GXuYYoTL27o+^phKH4xV<
zeya#MS~Q27o>lQX*<vt>DF-ZJC%3L%_b!K`{GUVp63M9iZe}w#q4`Ox&@;cTYjZ6M
zr2+E5b32y(6CA=JgjpNUGz+^)0DMhH>JvD4;sdlouRR6G58RHfrljx@yCY$B=89i<
z`DC9<H-(MhsPqgGJ~NL62w8S?ch2$CfjRS>zIPvAT_XF|bSr_D?+Hu-aNLc&$_@8&
z1hlilqN_4OA80n$XcPS7b=unY(DQyq0TBpQ9~wSH_e(dn7A-^U;OxW=V>nvgEZjmQ
zE???%Y)X6Zeb;~iqsVAlkF<yIYaO)qJ~!x}1y7R`;yqkspCt?ENGX`9IY2U4f#>BW
zS1Sod^rffGkWV!OTf<={d~Ze!&$GlVz@>XVNO+<gHZZw1-9WoL?JIH3mA%KIu5$8S
z#kIg<v-zg-W<aR%PCPUo;=z>|vWAXK(zRQgrgr3$K2PppjK-n0gRsM%U7)o(^VOD9
zVn$SN9z9rSXYe~v>Fo1aNZBq)ptH!E-bxCw+#7d!$OPVhtJT@x^hhS1?E42&^Cd7J
z%uzz}@AV7|AG?ozppXt#*F*$*z^!EvrnamkN!+`u3FEcv=Y2<(@sEze8IN>wIjb5$
zL6y;7ThjiS>Hz}Qfj&BkU8O#u1&x`H9Pl%0)X}ZDpn1p^!iV7qr^9#9ZZCs;P6TkB
z%a@HA(0PlJBc0;AT8lDuNh9xSL>KThuJIh#+#ztw6qz!bLEmM}yaP^<)J{<cz12Gq
zI*6(7yFTDEfzkbgQTQezJci~z5NJH5JeT-5fUY!^{jzc`ud+NF8cePKUao0gb2or<
zkLcYVFzp^Q-OA?ZCh2Atf!1?4dCWR$lyD@|6T^CIED!xDKRc4iKLidPHGarenx&78
zv40uYVdNhEy_RkxThekDs!x)|E7p9s%X*$^J^`n(@zad0;VGQz2cE%mq)&nAXTa&_
zDa#WHBT>%pibg`psZo@ZN5M6U=61oB+&k2Mu^{*F6rqS|1U6VJ6(=-xjG;`4go!Yt
zLK=7zh%a4JV;x=a*-kFA6#lTdjqw;ZA7TLfcRv**amK0ddKF6RN0&lnWZ`bvZ?WT9
zq|?3`lekAb_z+)pcvm%D^*6r8-k=8uLDpj$Elb_hPTaZ1lYkfPT;@GHta2%M@RkMT
zdru*PEclo8i(>PaBtC1({Gy;&(s&VG#qX7LXA;@s1Q|Kt0^=s~F#61@+RJs=xkIF`
z<rsPLi+Hd-dju2Jq1bKbPpK#xzsN1mVE5*<PGL|xF(LzYE5Gyu;JM4gl{+IAEI&PC
z5^vz(DukXM0FhX*-e;grbOJJsquUKi5Tm3G06|X*zno%s3-_7Xd9?N^eUYJ*ZG5A>
zs1&q7Z5XN#&1!(NEMj3Si{(h)`?`ICeT!B~<yfy>$iG@`qRZF=I1Tpu8ru@=;<!AN
zY~N6Ac<GC|I2TjqZ!nUeAs<xtVzLZAz;Q-GD`4_iyds{Ghbcy#F2zY`T;8cE*R9@P
z=5xBU=Pam?im|&o@n>Wkj0wLtjwRZ%OSXX4PIL1T*t!9L<uq5m-s(iL_-`NYAKm16
z=S<l5mcs_ph{Bpw@KsRk0SVbp|6qA^J>9UWd@lt1N&_d_RzMTCsj}W*DX|G4%^pXJ
zpG@3hLE8xzmb2nL&sCeq-Yz(1J<j1Rj^T8tw6&gUaR{ZUmvKsSv*UW!lXT!G*wes~
zEg$f7?0v6uQfRZN*_(6|He=R=#f%SZ%Zaj+g5DyMe9}TxnNdAhLA^oh8OU&yF*EfK
z{Fye6yl}~na25J;S)fs~6X|xQ%~@~2PziMITRNBJ#bwwC)VbE)U*%EJ+`V7BXbaEC
z8Mwj-U#^rtXE;YEApv{PJ!*5;VH-F_y@XA<5OL7P*=^6sU`)|k$cX=5p~3U1=t;UN
z?Sc4QI`F^L2AO>}txTADlOB@|j<7jo^4}s_%iM3Q7G{#ZGT}qvF?hkKuN7;}{(<GE
z`Iu%qeO7IGtph;#<2dq<gK*zPdd0Tsw3=lBU$U)4B!y4MI8e<N52527QteX%t6VNK
z^<rcu8*1)?upKAM!Qv_8^xU^D3cJLBQQzR%3QuZbUUlj<ozkyj?y13Uft>mVZ>X_K
zB?P%yF4m4Hju#*MWu2$o!An_0Iq4f0xy%|*HtLMnqjLFFIA4z!4}iV_e?NabZqe%Q
zeC>uIGnzXeM_hfE7IJelFWRmtG%fdV^(Bp!q{-WyqAsU{>60$+1fz*X8MwRELRlHD
zO`ac&wWofayf<rd2;<G%T8oMYX)#rkNxb2ET<`BEUn+Lco#Mp-$Mvd)&4Vuuwwjs8
zP|pP}B6pa>VB&LoEuWu4ig%SSukK@geBC_wTPy(bx3tW7f`iGPvU(==0A}r6kiQ9%
zRh=cj4aHTjl|yBGns9+z`B!ELbzFk-{gNHY0~65cVojCL`H;P1>OU~WAh&u3+5q#o
z6L@sJ7Q%w<q7NjYDB`OtbiZ@YjFEqwuWbCP3p9k@+~qEXEwrh#IJ>TV0#3<RiEkuA
zN4B^BhbiBWo}=F-CBmrC56}$jQP!fdz2^*8Da|aTr7(`*Dp4Dtx{>BAo~%5q>FlFn
zcs2j@27s%D42S15yNKMUnV#vCO9q<$jDVW*B;B;h|2XQd@DAXAvg^{<O$IH`Kx+>Z
zidq8|af`wHmeqS^&tdNK=4LohP#6XW6FuhHOfq*4e&`7gnF)P)_!Jr58#h3%#BAWE
zNe>R>zS5eS`ptbY7bx76z7~q`z`mQ8ZEUuDzP!0Q^zvAf%f_|S-!^C&4-`P2q4x!*
z(gy_FJ!@ok<&a0?`YSzJD+RSJwsfsm$gFq=S`V(iwqpiI-CVS`59_7WqjyY{&Lb{5
zh;Q<+mzzY5@rqx{p>GCj@Gg2fwNIHpp|0o+(t_H=(_t$_HhUd3rM7|`^wF}z$_ewj
z=Gh)#GAwNYJ{gQ$iC>Fn2e*6~5PR_KLc&gdI`TaVT(f4pqJ&9V8v9Xau_{iCFz(cM
z!!`;5H^@NubbwSq6R@1e4|-0+oD~e%st{Q;yDcGcPVo8s>G0K*rc4W<_Mqc5%)SOK
zIsGzdY)Lm^Eqwa)<Lv3;b;udreBH8X#HW4^sGcwlF6p<Yc%rAR1$OdKBS~(zUcB6B
z=o5g8pm<FV1fD~`BfYrDH8m3toV)&capbbG3$=|u^sd)+VBh45;egGh{dGbvPGG=3
zZ^wQj=q($6GhcH1J}hz8M2L%EZ<l4*Wv4R`+OanPwhyI#2CVmA<}V%cJ=X9rXujER
zm`Bucr)k$&)v_)tGyQZV|1!zjSrzrm<}K9+GaGmL600uk?oYdVpL0a&BS>gBV9C0?
zCus<>4&+9b0Mqshiwg4=;5cH-a(&-4s`vHKFv34^f+8c<mJvSf{Q1TIi|CT8Q%l$z
z$!?hoP`SvTaSxQ#EYg1p>?>t<ZigI4c`~<s2z(>6Bo9F;s7{e8u=tw1+_5N;+t%L#
zZc`iB2|6yjG<Q3MlhtD?)c(`jcLLMD^-m5|AM`j|M1^f*T>z}$*U}s}YE@sR&A6lA
z?Q!rFFH5_Ez#9Q3hs__-_f+3~-=)PC%-R86(bGyjx<*pJ<WKv7S8&@qvS)7zNVH=o
zlJ7D;+{hFAC=bYXOku{DKhX|zFt77P2oaWvJuM|+FQ;&iv(HFA9*>{BJ}$Z60k^%i
z$=tC6UX1RFvK1D-)okZ{(Rt{dw%?S#TlcWLxc=XMAmy&eSJIfCt8{D8=GSNNOP6L+
z+EqrlYW~^-%E+g)$+|y&&3W-MpkKD!)3jD7Up@`e6REz!mth@N93TD^-!uaV4;Nqu
zJ20kw5LZ=TgXq8j?A0R&4Ez-cvrA44v!1d@z5y`UOk20yxkwxgIF*Jqp8mvd>9Q#L
z5+d!8M`ENOvBGQI>I;N<tTudJZ54ga>_TYXC<?qpL<qzMx1;c0=l&*<e2=nKK5G3I
zk2c<(&$AUcW6DfzgIsODp`uAK0&_?kyg2B?<46A{5DCC15{nz5#Zu%TOmp`;4NX59
zBYa1nsq4t`DNp|z^9CdE?2e_#G(YG6ETb2Wxqv&vB<bsetna28?W(c5x(eMZI5;ai
z+0lyCL@-py!KmzaW=Q0bi52^I=aG_|L!s?|ZV}2m--3${W88V^kL3vUA7-2{UHO8B
z`E8F@tZY5nuKeg*u59c5iyma`_rfmjnBCIN{4)nT6v>)9>s#AyY5x(id~aAV5`Qu?
z92+SE@HDGf`I(Iu*}Qz<OG$pd?C&X0b01Zv;}Q9{vG^U_5`_>E#3?G(ZK4nNAzbTo
zJtpVw>;4yzu9~#NJmHdPIRpZI9rh)L5U^db@GkduKiT%VXfC={39_e`2y{y;t(VY5
z%Cg^_MD5|SE;)<Lvctx_L*FEs*iuW2Ijt!ES-+IszX9Y+KvAnsD58;V<`7Bf${Spx
zY`|C>V?8IXbOhYj%^jGBe&;jRF~*wt-^A^N2V-eR66Y3aMYOW>N7X9~z8_^NZLK|z
zM1E?PZIGOp4hGv$g#8JXtJN;TaC_Q_+Bos*NDD!r2(O8d=29Q#G#QPjr}YvN5VeY0
zcW!bXNG_1Z{>HVNL&suMF!GyTF6?h7Vn+`znUq)udUK}NHGnAa(89o{6{rOsX<qEd
ziNzsY>x=U>-H*N>%1-U}c_5F;@L$TNh@_z_EA#QdiaPP|p`YF@)4HD_z+G>s`iBC`
z5t+12&<xq{8J^ZD=$;oCXN?TcU3|MKH~W*(=i{JAB)lBPpo-@>VZEdGWgqj`y>iTE
zmQ+>$*mT$cH~o@%40rp$*<vN1<qiGA$+e$t*O@2W6}bn#TiWzXTG3R9A>CeQp5!D>
z*d)A(*<r3`oA{D$G+q30RJZc>#pxBIJf`R6j;&9za0P*X08VhRzPpic&UI}%=EB+&
zI!=Bqk5SZJ+jbBJ^pfuH78o{%`9b@Z?Ofz7LF+YlX~8K5=>WJGYs1+(<@vRT=MqAT
z-4g>IvjQIMh}>)NhiLf}7ez+xaR<_$N(OYfVOgzrpz}~OdX>{2Oe`$cUBq@cEl$Y5
zt}#{mh%JbZIPZX`XQ!s7D55=)k!^%|+rc$Y?D5T%h^N3MkT8DI0Z;$TZW|ahwRtgJ
zTr}sw`!DD;xFXtJb;{iFUj37x#r4QV#~Rl^pirxaxxqrrEd~6-^1xJ@!FmbPDtHle
z_WJc%lc9eCYL!kV6w*UmfPM`|1uyR+Jk)~P@xcCk#$*^V&RMiJz(DV#zY3rVDU7*1
z^@y_t<hx78b<7STXu3gI`zAe;{6ip+Z`A1*#U6oL1jX8sd+B7xUlK)uqEs1BT9+~u
zGt(=(zpqLS^eF03S%+%P-yDA7XuFjoWE5&OK~8-|CM6hx52o?k#l`C5yDU^Z?bC4W
zy%Bg}z(;K4CLHN3gK)6&w|Iix%U8e1jCS^@;eGXnT6ByXILAO(`eF^21Pmd#h6PAY
zh$rs2J~gXIJQ`WEJ(m~^NVmHm^mm`FU1{aX7o8`U22Ht$fXZ%Jpo<u4!k_r$h@kNG
z#J`&TQ<)B%m(^yuk=RlYQe~++trX{wUJ=5>2R*2D51jl2cLy%jAh&S%>hA$9Sx;Wx
zKhQPuHLXm%G_tjE?Rz6&FVkr=V5gk}7&1S~>c7|)S=(X1<}>}Og4-nIuDYT5qAb#I
zHlg04M*epK!);ZHy-#O(!kP{8uZ>k*Ont`n##~wTIZ;3p?ruB-&4@euq2KVZZLAiH
z=f?nUwL2m;JuVwtxKbU`vepecJ)Yan#txtDkwFJ&U$&xO-U(<Fe+<8uAyet0EsBW8
z^C918@Z=wj@eTgkMLWYgr1#3CECUJ(==bANd4DVnh0l1K$aIivn?M#Qg8%|=M$ceB
z>kou>9iF0fUP-ImN<>r^Cz8MQZCgl*sopRAkvO?}KR?&sXgV)e9d`5EJM*nUzyKBG
zv)hEEj|+cE4%|P>dIR5;2<U<p*a*?qZfxJUvw8<U>PIxXKL!(M@A*e8_2}g^(|J4K
zCs3X%4+{{jDLv&aU4!pxLu5Ag=*P^4F0^9M{TCAMiNDHh;_US;nDhW!*vvR;OviiN
z_^z%;K&erMaf*CqO(68w$>dTt_qnhMqn{n8M_!=HCA+6El9??JB-bO7=ay{17yvRS
znKgQFC9}Uz$qk*6*2R$Jyr8SGHg-LdXFc7E^!Mmzau4b|+HAwHQ@R+?M^Cm5G{Yzc
zg0iY2LD@>*`=SC84PVwaRoiS9&aEvI6ngv!yQwI9^<4ocJ#PKel={Yhi1#HH#;AT-
zyHVudkAckOnog_Zt$+dJ)qfVUj3>Vs*L=X``F>lrUwzKBN8jE@yk$`Re0_^I&RJYH
zIf={5y(Q5XPHWCYE)xAp5j~^Yds^&klqLEBK5<-~*ha=3)_)5(|3c;+@W`5^$xze3
zq(Uw1u9rS*4+j|sNo&7gQyC4OYcY{0de!aiWoXtn-#<%|&d9Y1PPMN%cG8@P2pzR6
z;Gp=BB<H{+QTkl!sj(bR6|Z}=?{Fpb0oh`9<!$BKM9%(kgQhvL@5!lsXX_wsa|7l1
z@YiXzlSEhlFK@)Mj}C=0T!NqhdIDVHM|iozNS1B8Eb1~>pVWO09h-h}*J6fNlK7I-
zi`xGfe?*`xi(W@oZ6l7`Ct=i7!<|@Kzh*kK<TD8yxq(~~{q`Cr(I8ahtVRt}x+q7f
z%fK9Hx4;U!8>mOKg#S$>z+bd4@l-r@#sa4DOMrC%Tu1g#P(Tsja=A5c3|ktf3N#PK
zJ|4$IUZ+n{Oyf=hcZc2gW0FX`g97mZk<pX|Ul#508v!AohCZj&{EF(f`qwa2UA|T)
z@vhC<$1k}$_eNn^AoXo-DS9;(xf}SVXn8WfbQAL0u5#IEJ^nI1`WOYA1yBPf-g}w6
z!PFLh(@7?F^^{tVOW#E7yKzdI*gS21JRCSXDrr9=qy*OJdegg_Qsl8oUlJEV#m30z
zwUUG*Lz}2Zr3jk-xq5w#ILa^dn!@bLtGiB4Dwuw;>*S~Es)@3Oh3sT@HDix`3d#7_
zF=>F|yiW%-{poQqDE<oDTd<&htIg~MsewN%3Kw61DGuV7<N>b>82N?3@UJ2sdDQfQ
zEU&8bEvl84jM3=%fYhUQ0?&beh<?Ah+YTJT)ZOd+B_$U7qA@jUXlo}pFO73HtVnAC
zQLy~P!4He58ikH;m{M3RDDn4rcF^>4&{z$kZ|_{#LWK5B^2w)fY8?+${;W#dI4jVe
z)2esWYtmhD9plaJFMA8eUjvkTq=)LQ;C!E?c_6exM8vx_ai5q4{Wrv^K85^Y{;3}-
zFW&;e+tDvh@Ht6hXh$4iwVqG|?NPx!OazdQ-eg>Vcu~cXfwFj7DKg413W8fgJtf;5
zrxG_0cls4fl()y4b;RX+h15XhBO}wd-M{(%VKX>lr>WnsQ1XdZQi*6!ttxXgf8{Gc
z_jf4R<T9|-j6NExxO}v$W=ooSc?h`U@V=FC#>j+anR2L}taKYF0ijiZ@6P9Tm!_Nz
znTZnlUx;SE(5mO>YnG8>6y{Rg{L?jiAVasZaV^pOI}H^uvN+G|hi|>(pMC&-;2YKG
zaqdwMjJLdJd6r)3VZeSB3|`%Gx>|4$DK=~iZF<3|*A7{hs4RY<joM5tVH)<PU7-)F
z)$DKKUmx%3x5fLs=)<Rln|UxU*Ddg{3xA{@b{daXD75h{c5{Z|7Y3wzFfXmeuH4#V
z$n*Z;&0!s29og^8^tJm%s5u*c&5xrj1F-;W*JB8~opzI6IBk*egF1d{tG8JNy>QXP
zA`d6pURiMj^Calmf5?A(=am`8{*BF$-4LhsxUE_}j&%I`uJtYc4ZyC0SfU3#mU1#W
zfMcS^nWy+MEt-xE7_2xM%Y(pz#S?FR=O!lGSwkWx3^+_WHAZ}@Tc>T92Pf-l>`cHv
zMsMynNCK|;>_JzM3wY;u>zJ^+64TMcfG=j;$KM?BcfOf1G<1U!%D{I%@L1SXfg!zK
z`FQ*CXX1{fH!wRVc|G^4NsFK3E&pFMBa+R3Zqr?>4gjL}BVWN+3fiXJX8}cd0zF*(
z^tMUiMC|Pj#1-^<^YSdai98+HI2`&3_cEBN*Q*R!_zsf$g6zJhvv3efbusEuB<d2u
zD=TEit7z3$+K8|T`pY&fS~~=OdR#*L9GK31oVKf7_jAqQVnK~}P6qLPK~T1gUgiIV
z#(U>mP2s%PzziXTYe^bLn|Na%UCx+jjw;FoZ)d&2EW~@p5}jVY2;H={7zr60Sqn>C
z4NVW7k>xAOiVd)$dlFyp-1FCgS@X2Vfv-K~+8WFU5?ztp2Ow%@(u_z|2a%tkLF_YZ
z?B+4V4e{>}a%Qh9EwWmAGfc{&d-hHzkRc;LYzA>~5u3Q4uRf&%`;D(9yJL!_po5qb
z6)&6~u3PD`H3pAtS(eq;l5lS8Rx7oI4@k>d3KL-mh5A!uJ%ygUdpYHvZ*qZeHQe{m
z9Ha&92Ucb3%YuJ5p5r{^q7^vA=s%fT;%X*kAF&Au{n7ylRCF~+kZ;)MFh<Bz0Sj5;
zQH{mH&ChX)uu0li+}$1Zxc7<9KmD@&<(0dz;ba%RS76uN@-K1Bo?4O!Ohue+e*<J|
z<Fm(zWr6RqT3GN-S^n8QQl`GSE9O@28_QcUxF;{}Z$LgfGR!a=?+-hOP`@k#of`P?
zXs-X_WS-FnNGp=u>Y{|v0%%7owNHg&uRC!H&e+Y`8Egc6(Iq!CiDnvtpnC#~Jnsmt
zLUe0(moM0j`J4~QJ{jCpiciwj|31BPFlZ`e7aw&IGi{Ck2#P+=Xm?F7$}sfTOh8Da
zC+0_o6no<mjI00hD}WT!oEq&ONZ=R`of19m^ssQ!vI9j{`_7E2WN_&x&qbh}yUl44
z*&q8-M_Q09=2b5#KhV_kmx$zZwUi{G1eNAw_YksYpvmB2<77;reyy7z!nmc54EL5e
zCz1M9`Fa_COWv)64y@1qy#VlR<>{-!->uk0saMNm<HT0TFR@Qb@emD8!T!io1GbrO
z=p!4pgr~otRWt3hRCTfZG;}Cs>YAz|M7F>UwKmp5|C}y9Bz8i8u+B%y3$w|{0o=ux
zgOMu=x;x7^&k%UHY(7PVKRmeFKO9wMpy5AQYXIt<9oDHVMK=v9zu$JXYBfCNHDTaM
zf<>5{a=7IHqnfCQ^UUJv9Df2EvHnz(dVG%9QiVJuePoQAq|Gwj-@gM`vXr(VWl#8r
zUFDmyRoxVL4}`Xnv_)$&26%V-dfzo8A^J1u7pgl@0g2qp8v}hs%w86KW+jX==OzZ(
zxT?)*W?|6BxUjkE#j)p{!-5IwGFw>=QElXZPGRE~#rl12Jti9<v}MGn)DM{aOvxF^
zu=g3EKz)96YFu3ni2Npqf(A%{m_gvMxQ&8H>a%_W23(OHjU3!AtM9bvI#-h#3E9Nk
z6TnQ|k$wXtbv6o9vdMj%dp8o84{ZY4^gwF7y)eIJkI+aQ)x;eg<;9X&mt(2MQ3Av@
zS4YyMps(A`@0T?SHhXNUfmy}V&LTdNe2>>H2P@bSCs4AF5>o}~@++>+T<s;<D?V4D
z^C52oHaXhKZI=XYU)#8SRbWhPB&AHKN<blN=#2AC4gBqf^47R7_{Ypmw#w=j<3OkF
zT3E{$-f-1g$w~I{RUGRycJ1UqlAYjro)uK8C-_xcf;X<$#ch))wn2)8OSZIP5^TPv
zUwC^)79I4n+}XTu$!v~wlODTQj_*l-uPP592GVxvDyc1WlX{=cUZ3IaQ2N_UxG8r|
z1o^i;o6Srgn@d1MFTVFI95B(W>C>R#hhAP~_B;^tDH^LoYD<yBiH3fy9TUJ2-u*2P
zX}T2>amwZg0A}652AcW>NNTL446L3s`v-8*AC^XcCnZZ&`{WI&=r|B~1_JWbGGIQ%
z)bYz_i@P#JHE@tEX%mfEm?m`7LchEo$aiNo7;xSz&ePllgl!zR-1aZ>w$S;b6twtl
z1}I=zFjpRuh3{YMPr}pgI$|@{JV*Z`VaoFs9SUQQ(W{5r$^fS5lGh;5+l0R+a)7n2
zFOe6?lsV!?KEA*8W8Jf`U>A`&JLR6R^uJd}f9^!RsK-Ds8;~0$r^14PuvX&bCuuXE
zbz2T~83Zq{pMkw4ncI<4f>)~d&Q~8Y43}vOCK|?jE;28<IDf$mPrl$NxbG{KzR4n`
ziB=V%N9Tn}4fPV#7%|bfKD#Rd_?L<KttuIAE?|5se~Zay3?kkjV1ESX{l6r5o^Rw=
z2=>GM*YNeOW>3=`>#g+SA-BQb$ew9Ay>@TFzMx**F$OeCa>k74ek{l%*oquy)dOI*
zYMH;LmFREFA;+2#|D2I5KQ7ACWtMdu#Z=geeCb`;i4%%!Yy_nbufUTXw0aac<=8Pz
z=2uq+HXVlSB<R~opYMD5Phkvp3H>ApP64n2gQv~&hRbFaU41n7IMSN>#$QyUOiAih
z8%WFR0@OCMi|WYv+5$Oua{fjYbbpl0RY<Q^=~YKTBYd$e*!_%_=qilL?*LmW72=X!
zFdqk!wU`}Hu`7`}%hAg!K6blvHC~EPCm)1MnVI5niW$~l1$*T~3M@JHVAyQ<AX9%m
z{8t1r_g&Y;r)O}DPY2>Ial3>bJm)CfC7k*cJ?0!Zkqz)%B2u5O26(jf@W!P^tiZeF
zfT1p<>6qh{yqKc=T@qJpfPf2Br(F`ZuvO*<{^;_ii&LoIe(%M-6Fu2$u-zRkHd%oh
zu}*4VvW4&c9(Svc133dOEMgecmMB%*&&Y)WGj-Vmj4!T-HZw*3KN3~@>*NO!Ofiid
z+4YsiEexUku4a<cJ*50Dw%wBS+WcBReTTsA{$R0}c>p?eHH6}MldB#0W6!eLey?-m
zJgGIrtr_=gJ&9*Dp^}7)otVhV?I*)F$URE9y6M8ktE>#Hy+VBm)7^k}wCc*HwG>M6
z9ceuLU59R)ag6a%om=h!mHkK95VbGmoiJgLGP>ka>ch2B+#Acncpx?LPsZt#73CvG
ziTt>g-1@0`<0tI&7u#N%y9isT1&(rTb{2-v!S8cy-Itc2dD>j9DjxGipE6nT$5BB2
zH?q$R!FnTlS1B>~c&1{WlKXtV()WZ2d*#(nkWVOKh<3Lfgl>d<R$3<MNKfMyV<+aX
z7<ahRY42p5YrEantf)R8=oG&WJ2K^~gu?n;YlrktVSkIc82E3xcuvO63aQ1}DUTW2
zB=-p;qa$?+y$;rT1{h8SthU*#WTwHOW6`iZ-8?0?^f}GBuv<cBGrJp=%HX8g*`yOo
zhrtd<WR;qnFGD&g&GJ7pbapk%&@)e|b0INd`A?zbDE1slc)o)E+lt=um-hXm-0E0u
zp)7J$Ot0cSbzDr4ovTbaw6B`BBJmafN+^M8<<VtoxOv@zmW7)Gif67BSu4|`r%-v~
zd;zQ|m$zq8<0*^G@~c60m3$Ipf9oqnT}Z4`E}2JZCqbU!`MF}6FL1U4#o~EX24vQ`
z@X-~E$@4jzQ6_`b<F!xME_rgZpr&%Y>GCDs1VA1~=ipM#2V=`~7x_1=RF^!_I^{0<
zJZv-U4#=##>k%*8v*f$9k9rHqTZeUUE+@O~LCR&*mBZDciXRhI?Z`mL1?tPHfalxz
zu)oR`dCU^ix}PCK)hoSWS2A(a7y0#5R7=%1{#<9QK`AT@kQD~MuK$<#0sNL!YsqEo
z<iD}#p0Ju9b?esccr=-YponiOJ|}PHnTM`JqAfdJUv#fDG#=xWNo$Vek{;A##JKY*
z)Nv|?O<uw*C~x}*(+?s{I-xwDjv92!5~f=xC6`{zLblNwnM&^)Aj}NSawK{OG6Sz}
z>>R00E4w6e_uqFN|38Y(#jmCRkK+jOEe#=b8A7h5LaDVO3DI0j*C7efbX{vVNlMWW
zC8;6Zq^6rLYpry@u8VGJTlZC~-P+oH`|bA+?6Jo=+d1#g`}KM~Utf}2g~5%EhPTtL
zMO8}F6V7&5>by_-oA@7^M{vdi#F6BYh3Z9*ZB@MxQ@X@;36nc*u7E8*_&BM6tLtuh
zCbn{BO<!-)GQz$W2jqZ)dznKC?}#_|OBMiQTP(m}breWEHgZMk@b`-{38QV7B^+2A
zq4~JeTyXYkL+Wzy4qBl2cAj_)!F6vM5|#3k_eQA^(EI3Z=T>_c{Th$A<}aC11D$U%
z+FE))wmV3#b`Nc2u-3}|*ts=Q?II0UP32mA-d(-s9MD}kS(o_Zn$$W6)=`x>qdShM
zQ}?JwNe{fYS%s0tf*WJ5Ijeb%p#w&SwrV!rSpR-<@F(lCEWy*E-09J=RU?(v;OsHx
zm2tmfv(%al>BF=zWsppu0z<0?p`6WUmF(&Bt)C;6$P$WIjbB<VaqAxCQJiw3xC@di
zw`28&kNun(Rn!WDEeKJ-ev;xy_UEY1$C=58RO_u{fXA+EDwfTvEWnYKX10!Ogf|cM
z2)Y0ViDwpPpyRoC^Ec4WI;xZJsdiI9`AP4b!f^{00J5}#wSStw=%8*p>wt5>-zm*D
zWfjUO<}U2)^6pxCtpWP2Vq8v>b{P4jHv?#hN0yCIdTJ<x@=->(Kn4AlI+QWRn~}8t
z$u}}<+tc5BF|1x{M<<=BN^%cM-gx$+Qh!mCL6lsQ8QIo!XkmEzd~x*L#!G~eRd~=o
z%D>67R^J65wCj}`x#Vnecg!iyx!;s_u=mEMe~R9zWS);@E2OY|V#Ifn_0a>Tw3@Il
z@W;tc$4FgA7ni;j3z;cFt039A!^C+HeTWmQq)Ks&n{%9PduSHhWc2t(dh2AKN%-U$
zJ&4Fw=@C08{YgKhx*<NECZnH{<cX=oR@0AFukNC+BX9gZI!&7Pa-h&QG6%_g(sAha
z{3iCq8P5q)rP|!*S=xQ90kZ+HS>$G5_lDQKyjx|$T{mzy8?3x63lO5Lh&vIsoA-Yt
zc#Z*<{7dE&hTayAR*Swff-Io5kOtScgbE2c0#}rN&iBj$`Rf*3TxYe-xW}TCnd&9P
zo;KYkT1T`ev<1+b1*{_5TzVi!WmKL(^V~_90$@d*p)K74-YMZ$E3S_^MQvCEqeNmo
za>akdzq;2gMazFpIcPp}M0u&?sOhzU8_K51J&H?{7>b7#dlevMewr0Qn?y7{z~y@f
z^j+fFHyiPyczva*Qu;by0XcBgH{cZYixLZd0#t-ugwK;3BCJJ6W$%`b3v$1Qx+@+(
z=8E~PtStNPi&d}bS;Y5!u4ZaUc=(@L@r3A+a-YcCKE?JG&Pm!a_x|2?<xTk`#o2dz
zkElx%(`LzgN3X=}c8ebxEnms!UUIP(v|vRL8_M>LGfY16E2&*oEchyX%tpAPH}_nP
zsFVJCT@g<SJpUOkuhIdT4khat;q=HM7nlCdW%>m{L1J(?4>h^&(_+A}@Fvt}IG-Lv
z3!ZHee@rSW{>>R?*P5i%1N!yYTNa-i^ngDpIt0P1`7!T|7lThDMJLw(K+dCoZwx;N
z7J+FalxD_ivMyO*#*Zw%VKxx=TAM-zQFCCvK!2JE<VhE1z;+tUKzYg&m!podB0GJz
zTnu8Y{m0+&UUt8Ax85zgCZk^*ssmGPY)~WYB<qGSq^9?>oydxqo)~)`>jLO{`a}CJ
z)Dt1Fhq9~jb<_*cb?*Xr7p8I>U`%!23cpE{ed2(fkEADNl$TuMyl8Um?i5zUUamvC
z0O>)7ggo<LE)5yWA9r@>^T@`)v1FqU%tu%yOI1@=nn@*h1@}Q_Qnt=+V>$lAIvj7<
zu(`hM9{$2{SFdYlx@@1i8D*HH#&#ywXn|eQnfNcF*i^_1a9M*%%20A*`-EX$=%<mX
z@IT_>R+XAN_9HTeh+ripgS(aeYyUA6P_F&1yQ0IytK9t&`(GdWM1#)DH%T5JPz}k)
zZbM(j!#>bu%jMSPG3e5%DGQJ;A!gFGkxGY|inVdKO8Ayx3H_XH6b}!k%QOMKmObX#
zzT~U3_}s^80Yx2@pJGN-s2T|JlVY%phI>hhKM(ncO_iAiM(pW;%Tp8*9P9kHjp_oQ
ztpH_swDkCMSeT4n#rrG{jJ)?dco?5v>`b4MtXH8=OxRV4{1kOKU$l5#%N2jF3H7VT
z&bdcpdG0%J_vriFHM<A_tioT&#gvIdNUu$(KH<N2-~PwYe~0L061r5!kI#5z_p2OX
zBRfZTR&jiUgV)}vQ`e2<$m00Xz(n**oJV!u#j8`dzs+VG`!`oso1t?a;*l<KzuKWo
zzQ9+$T2<<_7xeXGC+4To{ACLaTx^FS@@^NnmMFQ20bah*dSYA<bKN`A1~YCwYUmWl
zBOm9$5)guA77Lh2RWeQ)mLNz^(*uP&uy~NZ3*Jll7Yc+jq<NQo*eRp9g*u|{sqqf*
z<R6(^_rjV5YXwEttuv7C4gYhkCAZIT-TAM=mB-74M-a8T)lXPn9$9}md(qjO-3<ix
z7nU%wof|B^F!-50;+u4PD`l?RUfs~WY!dwOwOK@lD2||h?e0nSi=KIebw2Y@9E1Hj
zt@-;>2gvF#p|;blGP7IUjM@%Y0H?o45?$H|B_a>RGuh%n+~ykg^K4%`q0kFFo%=os
zc{ZLA;bG|Ro^QgxF_n9WQkaIUx<(6@ERIH6t+o|VKbc+>DH2~o77UYOLuMj(6{W_k
z{VvPaRaczl1#hus;4fth#WsP#%PBd*5iJfoqEb0h5P8}Sr+$(IvNkq4f`eq|9$g@Y
zF0Gq$`fW+BKDZLsCvWWe+Vwb9P%L>(K3&?G(>Y%E_+kium68D4uzAw;?tebYDz!i4
z_Ezb_jlgG;KEpZz$=r6trpJ1k2imAej%u<5A1E7t|6=Q}sxfYhA3rv1M^02-X(#_!
zsE+TFfXO{F<rj_^9`9=3HaZ+VZeN@oWw`@^YhkAXi}ple2g<I8?bH+i+V+9u&%>&Y
zKC?QUF*91%`)e^{YhzQl*|;mWB;|Qi@?V4-E;S&f3o;@qjGzcd>1t|~KGU*Rb?F1O
zFyi~OloU#id{?|?s$aj2j~r&p7`CzuLJTf=kk){z)Ab2P8lrC3e(`}zTf~sE`2?XW
z+`_b1_0xky6@O&?L)bRKKi^o4N!BF{O4QD(Lfb^4*EDleM<ZBzl-}t#>^Fg`;M_t!
z9UJ=dH)iS0xYi<-X#uqsS{}z;JT6|$CK}j0YReMVUy`-EsYpY|pl7zUw3#*{T6Hiw
zv6lJHocm!Nz={j#J0jl;%%>_sGob_(+kN6sdDB-+323m@;Py-8$D9?D$u)51n>58l
z4hx>$@e)&!)k;lfW}hhSjP<hNSYo%nu{_ibQ&`U^`p=&jBfz~dq!pmbj2X9e@|}w^
z{(hpb<au?)^QM3vQC19C!@Gg<!-eJs?H_T+H6K^=|B3y}p)<L>dqmmPS#KK>=f4~6
zQB~KIFoja;+R<t)8)gv}Kfr&Un@|vw8iV_&srY?a8AYp$Yj&c!XYzDt|1o{hZt7tY
zqR)&5di!(G19zv_%6DV@(YEo()BN))Rn&6pKVtEgar?#Ojr?&l%r`|TXyNCYd1K7v
z&jiKwl|d2L0xPF#LES^%_3u=wiW@?7a~r;>t)KYlA$UoVfVHxdKY7nvyXP2%Mrlrm
zg+D?JsN|*)nf29_J$aht>x`Q7FsgKgm&a2M=1_&DLJnUpPC^-gJyia$03XtG+d&Y>
zABwc2&&S6*k+%P8L#eGF%)Z*?CGioi?!Om%rX%e_XW&%%2Q5Ci-f)_E=wK{l{q+IN
zTb}uY-Lw6E#K4`eMdA`pzw1}r&Y3XJz?`&<zJ0H7GDlcUC#^QaHrD>$Pz7`Yw(Qkp
z=Xg`4!zlHkS|SAAzqXQWb8XX1%rdB^=o`EP@6{@=6~=vac-s_Il=`7YbMqAGfIsXa
z+t~vA^;!SW8hPIxF7k01`<svXWI?pJmA!|iA=(ovi~6vy6N{N?+)x(Z23^#YJix~<
zlEe#1O{UjZ*rKiqULH}KJ=Bc2HYcZZR7aPP#f5>bz}a91iRyB7sS|ZIVwkO0V*1kX
z#6DZTb_DjyI}Cg`_`KSqb9194?OS_sS{q0M523fzGLVL3X&k?D-C>F#Vynn=vf@Tr
zaHG|3$8L?0>RLBDca^M+5<2sFxK4`OqBsn{_9u#P*&Zh4W4r-s$$zF|t2`@)lYbC%
z%&=-G^;<CdG6Vk-KJL1btSX(qG%vg)@lkJfbw`3-E#-~!%nSQX6LjL@H9!0zrvC)t
z`!w*T4)TvzLoBh@zTy83X^|*Zg-7|#vi(^mh~$0*@)@5Qm^o!~7ciF?Mm~y+63NwX
zkt#yAcF4JLHJh|hd+AQ}oYf%}B~Lr7Hlv(6KdP2VR|*O8iZs3hPxb*)sB}2dW&!O|
zBokY|`304Wj+!M!Lz4iAe#sl&PTdhKKC~^8px%2L*6K!(m`@q+d*z28BGopZh}q~@
z0D_uU2x$8XwfJTwrj;>HW1DtxMoSt0$p}JM-I^!{MZ5}B_4a6bgIQhMM2u%I$Js|d
z$>%->cle0XI7xbtO_Je!!jSuNg{LbLkl0J9wM)F))Is>kJ&r8?B4SW*sp#$tJbYii
zLiu~rPWfw+HZGm{9)UYD{X<+kr#?9E!!A)4=IW}|DR%vbX^OARrMNCh$r5dHd|CKu
zXWmy@hIZa_y3$43B{kVJ2|lgO_hsHUYD8JwS4N#>Ug%oLn!mD%HADsNWC^?)0VXQE
zOb2mbjPP8tQAK~c>|(BVx+7L-Ki%T8%8nb?$;&66KC?OBk`23Y+8uo*FOI))NJGt?
z_FkwH-|XCTm=3zU%C=lhEDbyCr4~|FVE%O|`}5*dZyY0j>c!ns%WFEXK^<pKkS8@%
zNd|6|<RtIOUCEPw#=G8*zOC@h{+T{$u_&&rP)ruzFiwa~rWZV`(mqy|!@?;&UW)_1
zO`9W$E@{GGN)108_SD4ly64Ddba3cWba@TCkDX_#6djiI*Q#qVLM)~%^I@mzZKnZk
z^vAx6{r)wCZ6m11C;Zo|(nA@y*KQg>Uh_Q8``Tbz`f#)<D@-O{w*sGUs&s3{S;Ooj
zeCm#ij9{NWaUq!1-t@&E`?148XXW>TtbXhb+fCYcFDx5+SUi>>u9Y4-T;T9|(0i$2
z&JrGpq9A1A8@aEm#}#W(eqa3_OW@UrS?dmn_#KZP6Q`LUu=McpxGx*_5v%;J69N8k
z=$2l*@!XE=^E6RZ&)+GMwV!0AJil_#k)6DaQB4hp+Pvmyg3Al!Ip-+D*%6^$0{Oap
z$^jN~(QEP<VrvKC0k@!k8$Vu<F4@f73bbCRw#TS}eQV}U$BcF%@|xs6FKj2E1NPp(
z&%uW5*zbk4klyN#^nj~C=}O7M;#^{ko3X?~)+e=-tKAfbiA6%YDS+0C{Wy<k9+goC
zpWk<)NEyV`uW{|Dhde%P^q|=$aX-!%OIyY*C$o_v_~=f^OTuB(yp1j3tYmM+@+$w`
zvQlqphdgFkxVG>#Aqp0EH|=j~3gOxehKENaPTFXyzW$ZXJDrqSeBfbfCUTfZtN+~#
z2j}-nt+ptap|%UE$BsOql50Cb6E$^Z@q`YDd^6|;w(6c^KvWaoIjMm&1UUm4>CrZE
zgR0XBIQNG9(!pf-Rv@Mg<ND3TxF6D{&izS3HS~9KNZ+?r4G!tQ5)lzodnS!%u6Zne
zgwbY<`5O_tyZcR;jgEu4P2&ei-ft-8Ea-X&VkNxmBZJ0jjEbruH=MERC8X9E`#-Ro
z24+1z4IYd2u)12ZHb~&F)+nq#ePLcZ2XnK#os1u=dvBK}Y}bI6Pp41#!T-YrVec;S
zva{wnA+w9_^KF<$&47b|TcKL%(B^{y2o?*x3P0|(vDnN9^43mjos8-%=jzUQUiy6E
z6@y$4dg~BlEr2pEMjX5S-lHsxnIJ8DE}!j(Tn|`{aq)lgx}B1fGEaMvz~B8^1-CM0
z-)A>+ke~c1yE^w7y*fsw8JxI~EC0~ql{Z~Ki`xe+O5%NRzon`A04`ZfzR!&v7{QEm
zuaF&ckT%H+CJ#@+p`uD<Sbox^c~Pt~S3>tb%=38I!!VL>4gWJj@00>d|6&&|vDvQw
zT*O|uhgcHj+BVS6QtP3~K=eWJ?~fpQ`?PD>X)0trE<l4YQ^&yWB^}2jw@A8tXzCgo
zfZw`_iPqdZUm?$jS#_`jKRK0DaaH~hQJ-x`M0n_GZg3nv5j5O?`(>y_=!No7N5=27
zW`<WieZm&EhBx2y-Al?inO9N^0gXG!hdVVX52G+uIhg(aa>i<;ww~Q%9OID|uzwQ{
zyd2)M#fF&V<#AhN7I)cf({8<k!{3OjE0s0m-|vY0i4m|fv9wO7dY8h7`Q5VCF7-R1
z14f2V5aX58fbd}-O{Az_5S+KvWtpw6b30$XN~GAMER%j#j22psR3?|%?m(a%{Mw=<
zwlya6#D)!wkQ(pxjyGuo52jyAJy_-_*Y6qAFMo{p&-Ts5LXejvTUdyQd}9`DC!|%L
z^k3R9+fr~yfALDWL(NYdz^Fe3eceG((1%Q#*EY;jmvbm;BaVQ-y=WXJZSJ+PCnOa4
zC;7FFtWx~C7||oR*lRkYve*ublh~qLZJa7aS#Zn&ifP*^b(trY7vU;EZ!FXK@plDT
zcLTOB-_gD6Lsb(-z2wcXoB2;2f~q3!qzsEJ<#gO6T>elk5DIR0$yV&CA+ttg)`Td>
zI>2;t0qX?;c?o@=WBXldaAHc{JeNh6dIpv3%wf>D)JyPv>80fpgUp#2RsaUxzi-MU
zW7mj$l69qP%<sW!k|RhT6o)uCj}ST3!kc{kUc*&!yBPYLvNy3im29;KQdHy-iArvE
zKBfT~@RCho`s_sLe`(@mc~lzi183)m>&0yi|Lx1#ZWrrs5eLurF8s4oNaJG{`u#E8
z_AF60f_fv_9QP#+J3x;gY7>iBu&Z}VPBTx@w-?x97PaIt?R@4!RjyX}>8lNf(<+>7
z6~h4+zL=bZUJg4pj#<g2)Yf^#;pWqw-lo@MXd{Sn@7ZXYrwLBz*XTMMt-u^oJzfbp
zLeYx|j~DmzL!n!N??y1HoB+63ULd&YVo)v|UAr!Hqx-Y?gcH(z_zfu9Lhs;r0Ftt<
zD%me&8QyJX$)~C}hT)YZwP9ta6`QGH;Rwn@fdgS>TALX=Z;|)rNnpa%Htb#WpA{{x
z$7EjI8DM>3lcXR)(UrKi2X5cRq)B}o=i-PDzd@3hnsi*=dw#T&=0VijrSjJB@}DaB
z5bF<`Q@gww-ldQlXz)lqvCu<sPrn@#xI_q?c}P?9j-GNu+JYh@D9YL-;sAa?u6llI
zrp{I9)yRbFBvr}H8#7goQLh>GR2Tfedq*N3WU<$!Fw%q91o~c}^lR*_*1+@Q!PA7#
zhTr7Slr?3HKbDO$ABUJjUHPAZm{2eIt)-G;AecB&-F7^cx17%mgU?g|F%IOM*+gyo
zF~YGPLL<R9W}L_ll<jx003UbL(*#;<LfKqNDWQ#;)J_bLLSKfyxDDf1iegRH*;A`b
z6c6N}c%J#Jr|K?n!UtNRsHCo|gQo9P)w3HWB^$}Sj2X+VRmZ}^ud)$4^b#rBPE~;M
zZESjWDpg#b@-3>bm%dsgpHWl5%|9#B+U%^kzv~)et`JEP*y$&eA@ToDZ>o?spA|oL
zD;`N=+>MoW*Pb7(JaFm0NPO?r$$}{9pM1mG2xk&MRd!ImbRo`v`WZqMr|`-$EUZj`
zI^MBD4)je{$}EJz@gPpW<;8pG>wCxUY2pme%e|c`{$Z5*ePR%0KA|Nv^U9#&lKV??
z+mVP(yiTJI2B5OzZWYsBvfy}F)hOTafhNKP;av=!1<C9aY86e~k{JrUYqb1EW;b^@
zn{AhSDudTsj(8-RvBD=Q@#`WGvcdZ^=$d@ZPV=*YinK4%Nq3(&*E(U3l%mF1qD^Qh
z1G2qQ{09Av8OG(k0;s3Uu}Jgzf!mU@;q^~{6&B$!fJ)|?4L)y)oDozn0Uxac7^%+6
zdnBh6UE6|}A5RL^(O>9NnNCbp2T}c4ucH8Y7fk=WjsF-pv(P*4!7A=Xfmmx3y?#~I
z|K@!Q&isOiEl6;Ll=N_nRuhlb@>QR3$K{K|EAtr;XI7a_yW?nNLtPrDBiTZL>o>1H
zv4Jf5OD523xjze(^X3~!knC)G)uL`o-RC{fW*ZL&pX@DC^)y}8b%r}Q7GQwcXY)$7
zs>fuDBO|_%itlM%`21~lfE(<T=5fiYLiR~qm@-Z(esr?&{G|Q%a$ybq{JUiF7w|3M
zrDrND66Os!^*Q9kIpx#Y#KSMBJrT$2PNtenP(B399`8;4Cea0Nn?b`f_H*q^)SDox
zY1%XIb(PQ%UC?hM&X1>hsd2cQ-djfIYVTz6Ne-D**IVbppbdnz5dgb~+k<S}q)&3D
zJhI*<S0A9N%*9rWeWrt#J)|9UA3N!5F-5hIt3&I#<j4qkgFOzRbcRf^=B_`Ph`-&-
zV^k*+rjOZNZ1P52PrL1;4XxZZb3=N(s*0jvbUzP7-GMFd(e4j!wbOK4W`w(_d^N<H
zupCw8y5rOIOj2KZeF4{wf10y=345o$R>x)KFL_t;rl=n2U6xwd^uuI79$e*?1qt<j
zB$rbURf{mZzK7x?in5-((5}3_hz*SKfyaNP3u%J>(drNC&t&XTB%rTf_9AG4bVepK
zO~Oa@MBb`;P6=gfil(sR8%mR^>wUzL&x(hV4aRlzh%?q6=wl`+AhfO7&3du*fltnn
zjFe00w+_;wr9!?zHG;@3;o8@om@${G{)iJV7z~xZ=_#OFL)2r8YlCr^QoQ5jh+YV_
zQtYYrHWwJeHI2$Vu{4vPesiAFX8Un<0%QWR*^KjVtKq};I;tuWv8N`6daY_bp`Hw}
zh(w~riCgp@rNpSvpHg4Wyk?CSHqnApjxI`Q<T$hO+TO#LvDSA!umFEOPZ}A|fb!Ix
zQ-C>!?d|1!@o({M5DOqP0uN<j%Fyn8oKjf!v(8fySgNF36leU?NVq;+d_FLX2H0Nm
z1~hhjc3UEAgBFjFxUWw4KOe8<BHCMq@&v2>*Euw6EX^#>DYr0I2+vYBb^7Vu#?#kF
z=fiq`I1EO&{6mmjgPORSb)VIl_lwGhA5$rF<eQ6*jR)w3;Rhnj(c(B%fi$FWQgr=<
zE7s}oZS=#2Yc6HIch(BN`XGb*Av&PDuLY08CKcet`jsVEmXllHe(7B30&yx--8B15
zDocaK5yI@T?<FS4<lB_EHq%s^9K8*Dx(g-JPp*Y4GEEk$@6G_~^=R*z=8z`?0RF+N
z(dC%e1(x8k5;aCE6XI3?deZl3T(cPO>#_q;x@qk{Wxwan69<Ai7nqj5tCV$j7T!zh
znp{Vr>}f18B&X<IaNR1l#4Gs&*S<=OKBVJ|<Hk<AQ*{gkM3*8wbF$3yp0ane(059&
z;{~|yPAtBXr1T?hop*YJUKdx3kNA$UQap)8jz63;V2uBaPO;eUok7f{Ii4$x6RvFN
z4t0480rX+rM*gk`JtX8=efwxq{q&I1bW$;XU?%ab61glIi`c9@z`0cQSC!{RwVcvl
zz_e3c5&;I8yd*t$vb&6(GF1&j`j*Z+DYnO<U#nEU%9)S=@b8iB*s_muNiqla^OW}|
zCphJyaJB#2c%m9}KzXI5t+Fp~aS*r*m^Ty!w7j`W9lMhZr(s4PD`(=;Y(Gy~C;pi3
zo-L8w=#SSyHIc$5P0N!}(tc=0JAN>5{7kXT4);CaKn{$3zfpE?j`WK0J2Iv$8GA&<
z?7??QUaD;f_GZ6MNsqG+x-yQBd<g~r_v6~(Usoos<%h{)O6akl6S_G6D!ez9Xa5++
z&B|UkPpoZ;mpJ*=YD{g?D_I3Eeu+#tp8-DU3>mH$N4?ddB}K+)rZr8`UI8t<q~A4w
zm;JOQ@-OH=R~us}#xh^|6PzWQpV<#b%A_78u;uLiH<e!(w#<t+3<WNd5*}Z{+J?Pw
zF1SP;89Gh3=p-`)x3of(H{RXn>@T5T7zw#F(E;F8egI8^hTaB`x^Cq#4&Yk&SN7ok
zI0wSp=B7SHH3h*)hLN?Egc4=!xwK8FZ4{=7!22@fb6dME-CpusYc&1wAZh!%uCya;
z>0>#2i(2P@(xV39NJ@XQ^ITTp%#zBdQv^{B8!T%z1Sv-$D$&iEszEaR-CbJ=H}oGO
zukA;*q2ff#YvaZM6Z$qY8xO3-kd9owy2uu83FR10BEw#Smz;+NY<~^lWa==zm{qSc
zf5p8F@A58fkWseT%)?HVXS*l6`f!0l5uVLQEi|*-!N2RAc?;#Tfa)@pv%JKr0X|&@
zyQ`dE<wZ(FCCi`tpx!$cVR#FttGAzn43eA^5w(z09Fu~Ph7%1SgfhR6R~I#hf?H6^
za)z5M+5&jzdpRXW#s0!DCxYnGf)w&N%y<A&DZ(X3Hhq4=dPL+ja@Mt4W-C*y1IdSy
zdFM+BFLC~@%1_=8o5kY8tv(+Ki-r?E>E}5qI8p-7d?c#4GPW0Dj2NN(7T*15Y{Q^T
z_f&9==5OK3pc7u)*xTbri&Gm!<0?)t$FO}+i%_ybu>cm*$&>c?_5pp7Pv>P^HK*M-
zR+55Rx~-|oGTJDw1!JwsWTrP#6wSg_3j=$&lF{yX-);G3BWhlUgGlL~sWC$kej1V*
zm|E9>R|~r@Sudlcg|XIOHP}t5?C*e{HBzHh>@#iTgo*VNP9#MnOAQI_jOW>B*uT?)
zBVA3Wfv2e}X?o?W*&b@gpCli%)i&r1+E<|uvDOBzo=U-4zcL)!qZJ^b*HU7MVXJ7c
z^u>62Oas$P5iHY_M2-y~qtlVvuYDNQI2{+b3&>ec;Z>nv8CMNtMJKVJW+l||X4J}A
zvO{1JFi~lRdOx=&f^KF9XVTz?k+>YqUsaxd+(C_TD^m6^LF}9j`c$Z4*;e2+cZxsL
z7_N*1dm3K15*`ej)ECJE*u;?-uQ|5tl=^f=L|#lVQeCKK`SI|xkv|>XsJoG#Wbqi=
zaRGEXkkDsdV7q+@B8zxzdqCj^{-8#(wO`?nX>EeKDOAsWn!QY0h<(Y*pjRCA{EA)#
zHgPJapmLeh#<YsxKdSf5r3+MT(r*(pkqhIvwmQNp5w0NB(Cf(7KIdlB`m|&(H9C^9
zcAn#{#trn?n|x$?STr^}O(f3yd>41kkz>*}sR*B@*#qoE74Q6~H*MMB5JUO&`Ofa8
z1H?PR!+q-dch*r#+HitRG^FZs^O?PsPvXk03G;7h_)g?@tm#+l1~wi6er;IwJyco~
zlm0@<ASp7oq`d$(o;O-hR6ic&b+^`Sr9`LIrmv>;K3HK?v46(y&J&zT3(bqW$&aV6
zAK$yQgL{d(QPb{;Y~m6qzIuD6^eoFHiDSU8uHm3vGlG9+mmNyuEo|Vfq&FS4OB@IB
zoL&ij2(=XRRe~|W7cdH|HWsT5I3QUsQlQ#xMUgH8?Nqk~2r8J*1b#<32UCn>qbrum
zD1vOVfA2e9q5d(ty#0#aZp2vINM%>4-Wyh;DZ`ucRN?+p+%4yB)Z<xgnL*^k?#IV-
z7uHKMU7&rkZ`1hmV~yRct(=Y@iP46ep4^SsG|La~;)gOKO|;*8qAHH4pjCYAR2~Tl
zq3)UAA-eDro7J&rPWo)__BXRy*Qhf%TRmGHHgUJyJUouk1*iD?9d`byZIp5<f;!)}
zlDk!U$PGf)AEny`5Gv)#Cp5Jy9X-b^uv!Ys4uFA<(bhex{AKcAEQ>%*g?7HFG`X!_
z&wkPhd+rXKc5vpkwJ81H<Ut!pE#6!F9i`zb5oF5ifcgxo8*$EO*seZ+GC?)tnJ5)K
zaJiwKrx)`(%$(}#$|FU@DP5qXZJ;AA{Avvl?HIp=aUZ+LH~=%ohd2d2=7mQ>zSJ38
z0eYta@`H3QT1&*er%ir|*v^$oy~TQ1@Kj|pp&b~)_)$w3WX-Z=Psyq?oX|x2zWX9}
zN|WC8rmKrKEVPrz57v+LW_sR>ve0%h2{s(D$GC6fngx7e811K&Eti|rS(anP#rk4N
z+Xu$hr-ZJ_y$mPAPg8HP%kY3X|FVUw$v~-Q0cbBNTK%wxXpcpykBX{o`)xct<)Xu#
zz5%a7u~x#zE#2de0SesEFxT&SKRoQV_%SA#b1BWw%?M006b!F$D_Ogy5rz1o5%^kY
z?)2dcCoXpk>l(Fka!;Dt%JVjKE%&hG;$mGdBO2IA3KarJ`b4YGl0pqJ+klu;a>;t7
zTT?hhvM1gQTiJHv?;|U?Bo?``^BiEX;>IwFYj4%TSXbq2*C#rAghI<p3&mrA?0!yz
zIaF{|?TZfs>}rCwQ=k#Yv`<%Q86|r!*{rC{UkUv}2!?8h&B?lo3q4@GE#YW&lv?_L
zScQl5U)|Q6yZ&33hCFY1Yssc(PvB7|UGQ3goC)Z1brg`Y7+H3=6k3}j6K=tN0RNIg
zccMnn*IOw(IMQrzDbu(dmvks&s3~`JEX83=6YW|MBWBvuq;CoUJXW~h&}78Xa!Q=w
zs>XDRV!iDRH|6iC<)+{>07xKJxXb7Yr)*@wzGrkpV1O4ds^LQhP;G<>vADwvUokN;
z?SykTJY5g@;rdEvj>2n%yu!gG2Yc&ak&g0NsC-yVIa7S`CFjNNE?mo;!bN3F-tcy~
zl!8+2#9gH&i$%WJaPF6*-|T~?5)V_{<%Q!3Rg)R7pf->faFcV?Gf$}z7mcRZb2hpg
zcB^|Wzo0rEr0-KDA+x5-FpnfF!8?_u9NKF3@NTEVr^00QZ&+Q)^K0!{v?fSw_vyup
z<c%s1&@u7;AUhY{{DyuN^IC(W(#q2=QMPR<ge;!3o?t=hRPw^aMRFUVkn%b8qbK7I
z`tI7PNUL2iiOQEkUmt)C{Y#m&&mnQ6h$>g*-5t$@DiN`tU^j!_{h&xYuI(2kte{ME
zf(8HC{Fi;o49zpsr7l-(CJZX#AFIYxLsQXgg(y{R4iExvptrv?H28F8LO00&yF??o
z#@N)!GPx84z1q<IwoHwV_s@E!DRLOO6W%4efJl6(h+JZmUv=I6Gf@_co5#9+)eFBv
zv8BgboyhML=U9upy3e-=$lZtri16z$fVf5k@MryGmbsQVGtP_1oto;*#iZ%3vnG4D
za5h~sDiC2>D=|!)-2)NhMs2!WH#)dtX4|>FswTS7JJFM(@8ucMD1W2hQrcOQ*Q$TB
zI_JiJ9l8ux*&U&N_x_{Mc9Vb+vSsu%@71;RezD1$tBc}@hemlCl+RZuCUkfKIx=t5
z57T%+1e|w`TfPGqq#rI`H3pT?;z!dx#}kcTQQv%$w{H_wOY+oTOwdD-(Sjpga@EQ{
z{ET@UZ0b@5hyUUN$BmM;|G}TWnA_zj?}~+0>EW>1A{H#uIZt?oYxI0pRo3&uq?MC1
z%N8pij9IZ4+^ecA4hMz&%3CDQ_B=pOUR4K?6ZOCMin;5h(WlGKzX*o6bsFF4eaYBW
zfqaPk<1|}>#p#wY?vVvt<bS;3Hmq>Ajz=w3+mqRm0(ZZ5t2s5BLVR=IVn{F6E$w#r
z$LW{phinY|l%1nHQ+yrgF_XyANCDqx(UM9TO&4uK_?_9|_}tj68|$Y?t@~;zvc3o(
zS?kD&K43Jon!ZazFtShehP`WNZ|y|z1)z=wG<5@(w6pELe985!fVnmee)b*w(fhU7
zn;DA7wc@oY^)cDc=GqY!U{lXe47S;(_E+hIFKCqM@$#$prd1sa1g^(DK@F|8Q;zd}
z0X89j(^xJ~b^BteSUK<ASahfvWyyOv6{>1}hHaZ~Oid};g;>0MJKuYTs248Aaqc<{
zYF(3?=}Yt1DNR@e*$R~z5PV<;)59owpd4I1V(WvBn*ZZtv4}Ml@8ITa=_$)%CQjZ0
z&QkA5!(ci~icpdKTSzBYg{1%6k=<WmwGR$4H;I_|jKV*7?5rq&=Zib$&$W6E5-FL5
zhvC2^Eom>IYyMHDXS3cCZJg2BuB(ckq)A;KcV;q#N$)%jmf;p|%=3@rFZx!G_i^hN
zN3NaXtP){2+d%HK)VIX7ZVIAFla<SVV6Cbv=ZRCB+a~)#frm@6tZTH*pod?^YeQb)
zTV8uvkM-v(K6o(n^{+#P_0tb>k@F+P-bSxQzwlXQwv(q!<IXYMy*fHh?v?0g+_Me2
z*)BeLN{#4+gPJuUfcI&oQnC|r4`)N77fE+xEn;0THSj<bs<B+5yWQ~@r=FAKYS1K}
zxw{>XmECT1Typ)sSSn#kCaIsx)#-^a3JNSn$BMh=In8J}d#{=ZlBs&hi^P1(ZW)lE
zXEIIPv&pKfJ8<Pv?;fU_QWS<2aIcoZ=aS@HT<|Qx`uJ%6ig~@z`7n6Mz2#!bcNXN3
z1|Ir`@=#RIF^ArLD5>kmkCzT`J?2P(jHd%{G9a5(|1jjMt5ULK<?C4foA%`(Pq(%J
zQQMeX&H(<tvn#dsjo2xUQ5q%T$v0y;wCN=hR);-CK8@1bQFJ8aT!uPS_6-u=9607w
zcx|oMuZe3k#KrV2Nk;pCvvZN{4kewj)8mV}KULuyrs2CP7ns27`w!Sj0x!cl3LV~N
zJaI5}Nk$dsOapSiSo?z)wGXT|yo01X<>}XGVBQmdVV~ZJx5O6j3XG?meTHIeY?wD#
zI1ny&d0l2LNZdF$MJ$Ciy2d!|Gg{kzRq<hV5#sbE28nCxT+T7at6s>e!)o8n)D4k8
z3qv&V;Dd?>7>pLVQyKQ2e#EX{94i03vI8zrDUO3rOM55n1nZUp)A%a?BjI|r_H$|t
z`FGWsV*qS}U4w5Jw4Ygve|!+qBo!ne&GN)w-;cX3W~gxiONPGI@W|wFT}Uy0*vjnZ
zCh7MCafe*>t7kB|aXX`zZJV3~0Sa9&GyYk01*gin+t*iK+r~o<>;QArcEtRm0d>gi
zpa!I5fb$7B`1Md2^Yc=hU@U?gE9d9sLoOBt#Tm~X4V#FKnCb$&7Lv29UXUHCj=L!F
zQ!P|-Cg!F3mT+2O-s=2`>8?lEClDmS*3ZDpNP7LfQ8Csw_u$DGw|{1=VplED(pwZ|
zcJV*1K6BHw<3jF^3NG^lX0`!h{Rgys4*C;vvcHVi6kgUjr!RZjB;IXy&#&y6tRPmY
zTa$SGIqt;+O1oKy%Xt=0@fDSu1UTfjmMpEYi+SiLc4$fNy8^wJ{-#peunWz-%AMeZ
zt9N~*D$2&CXz;BqO`8i|DRXl^43bbjwG)Z4@CED?XEZ&e)n`~{5t{df@k|Q1_+z6I
zLcLaS<84)aW-x<jc6~E;lx8~2Am)8*a()Q=34ZuVPeHW<$5Wh<4ly%`dceH_Bh-|h
zWR8UKI^bgOJ;+$Yt?ui}BjQ8)AqhNsb&pDPSZ9UE1i@O#zwRgZY7s79$^(WsyYRjy
z^A6TxI!e<WMxlAeuo2emGT3IErt&*1ZisY`vp$>fUU{^7LH$Sd{r0qvp*F{EdV_Y8
zf5==t0k0Ic*!z#Fac2xIbQ^90b~C?5SA>bvRg>rl1A>#0pTru)$M91C+rD}R>nm@I
z=IdKkIQ$ZMvjC>HV%;l>>c^o>Ch9aFRPly0Kh4`JaykGlo>~!Ly=tI5ar2xCsER@1
z<_JS6AMoSy9Id$W^N0CKr#Sv*ISxj|qSS2iRj068yw@+VkJU|RJ+>u!wrs9+jEZ+4
ztl{n-t&Z#gWNc{Go(T2UmArV8SC&#Ij&<%~HkqGWTl!MVni7tLX6pz{5{@8oL>=_T
z5Yr={c<DOZ;nF1px0(KT=wHQo!})F(<fgE6exO>h*L6EOv1lGzi1#mrg%J=4ugQXx
zasS2M|HubzZ%%$q1>jN1LQaq5+0+UD{wUzP7PuApZ=Mmq)Hy^SP+e-oQ(BZ!FBVBv
zw&`<R+=yOIjd;*1#3$2Icq^W@NLEuVI)LKWyfH$Blvyg8v<g`B1NBpA6!9X$QdUqp
zdS!W;@&HVuA9oJ>lZ>)m0Ya0lcpUvv(e^KdnE2lI^y;Cm@ylvZM&57uzKDRl0^~(!
z%A+-k3fyhQXQ(-N`m?$e5gtphthcjLfj3stddw0cJ2_Q&@>ZhSnO0}QnZTVb$6PY0
z#@n^-$H-!Z@0Cw^Lk&!ZMfHL5WJHJeGz3!Pech#c#)`WveEz-!GOdDW;3Hi5zG#mr
z`~G5gM&CbvCh(h8)_KcRi2R}Pd?&23_AW9MXDm2h;uLe^m58m@AZ+BaSAaud9HE-7
ziNW1adYdXwHQ{6RTn?B$3@g6svve?p1jAYFrKYGE-09<hKN}foFWKtg={4e7!TC&d
z_x`zONl{G$>uKp+5+L<SLYL?J!ib3hNTW_bm<&rjCJ$EgGdJoz_yMwCDVz)Q9$E&%
zmdQH*W?y<siWvvSPv{)oLuc%Dy34ugfLQ@K8YCQ~Lz^culj$>eIpyYH_IK%y6bzN|
zs%qtjl&}Dc-`nITNBl&a5{}!OKAS@;@1?JwvwKB|KNbTPIuK6G%YIDP!(h#-LTM(^
zW0ZOw!8y1GuC_2;59^qBYDhx6N&<8+dw;*jE^fZ+Dc6i%(YuvnW-2K{+%EWCBCqJI
z_zB*9?cjX(LADIP&iyMc>;c7_KD+|(RV6>eeFe_PHEu4`srm&){>r0V48@iu;xUrJ
zeBF=CIvp4N(Vxs+i%smLh891`9$?VFYjWVrlg9(r!F>69lw=*v@dy4hu<N|H$;fwQ
zI~jE6h<5RDgucXNtdv%D;p_2lxOWwmjJwjYj^jT~qFGj*x3L@x-hwq3_;1wYz0gGY
zm=nACK|Drsf$tyaf>W1sux)*thQIlRQ`-9%FW8C~*D7|`=KZcy8932X85m;Pcyx6<
zO)AH>PkeQz&vUj+uchq7{<daUj%CwiE2y;@j^)BznZp@P{Up)D;iwqbK7^r#?Vu4!
zSKVrjX`$81&vti6pY$)BL`R%KetbBJvbhgbFf)l~YatZGErnotG0J0)?SX{F>=2p2
zWuaMmtr_=m6}>EDnz-RQ9F)pSU;fUY<j2b~4hnQf-(d=gA%7?x^Gh8$!{-<A|M7$W
zAx_hSA5tz-(OT?GZyH<IP!kX2q_<7Zw~Ia8nc6dqVoRmBmn$VY>=b<D#&j3kFLdUc
zFb3WuMMV)ycxu(7x<fpQo}Dn2(w;wU^dNluM);PT6{k#MDEZeW^Io7B%&zPtPLOOk
zdnS$mVJr-EXXGu}ExplqgwD0vWLJb@@+vQIrl5J%yTUk1;57ck4@n2^zGNFCG!=Dl
z&6BbKvB@ck>LrcK`tLeohA|b)fBhlPHl)qKfsRV#`xrk`T;bln=X*K%R(MfJOhEF8
zb;05Ai#Bt*x86fY#)t=Z5lQCNcL8!{=(z4M5p2ix0mcRNH;Mfln|}8y|Jk}ZqJF`a
zi|C@@Mj4Vb%qIh}%NZ_71b9TaOm9Z5|3X|u>6IoSTEVO#Fz2Q6K?Z{c028w(JBu60
zL@V>S>X|C5yS#auX;FPSzb8YF_t&5$y6?&%4G|l`*yA>=1%|NciLLb1D#me9T74{?
zZ>dgY2qh+F+@EGYOL&E|)M%3uEN88{H{6GFFdvm$%ke8^uY>jdmHas|vv?LLCnUu&
zI^ZV;9G83p^<5Ks1btH7XKee;?1L2tDO9^AxH@@f6yiNZG+W~RmM5`Bol+RKS0vj=
zs_IPQWQg;~bw8yeCN%vjcm`b+1eu>s4nPm&0nr=xNRBBet4Am>DHlXxvGC;Pf{10T
z;=-R0th1)X#A=($2iN_WbEnJ<COPzAx8weLNbu$L&=f|oleCN8y$|%1v2HHd0=<l>
zMXq=4r-Bwv&Yuo#Sk)K!B_^^-=L)FwBLj2fvfxpRtTTzyY8xxI8m*qVY%oG;?4yQi
zo{IT7jvH2|s_LmcA+0=DaqG3{Vz6RqZB)1GSOFHioQ;CA9;~DD9?jKTw=tkwRH0mE
z)L34Wp<$(P`!l11`vDzdWX{+rIY<|zM7+k=y>$mYuL|tK$n#$i0y%|7%S6XQWd(9A
zHgQ6|G@!?{PU%5p&(yA)1DRN1I`5qp3X)d|R6h7BkCLG5<n{Pdp$KfF%r=m*O};&R
zMExplz&O0%d$rI+B*wOfyf5?b`-<0XmlCR5`8~iQAymKB233ja`K`St{ohQrhER{f
z`bzzv2vFXh)W|#UGmLr**XiXnu2!%~bzBc?Xc_9DWsPp!0r>At8o0+>l}MjiTs(uZ
z)w#;;hU`8k<JfUIZ1y$@P&$(QT6smopsM4^{2!93p?cQs*Rn!Y-Y%baUEDzt2%dBb
zbx2Z4_md@77K8_nKghzbfmZolueRe<THuHqCeMdcyTv%}8vf~H$MAh8eyW4a|B0%E
z&tID){Hh#(z5(sJd1|U1e|TxL+~qVjmNuc!{~$Q~V{L%lqN6cSw>pdga9?4h^b~!)
z_wCE#s~%8y;t0|-;SVk+Pkphxh8=^kHiHWXtI^u>sPw{WU}~+d%Rb<60^_i`i|p8*
zW-8Hgi|TgN%p>N@!;KHq)<%s)e7xb)GW@v<l!Ui4-(p8-{UG87)*DBcnuT?y>W)Az
z$?gRDR|F>cje^@$8LX;|yq`%FU_^}lOyA}AI;SE4E3QT_yZRlu^85L<Uee{W$3ot0
zS?-V-ec+rH+5XUuUFY8HN?Z19Q?%=%;uVWVt)$4PUfUW^$WrVu)bw>&KorAe5*|^e
z6+Zb`V%Vk&OI@w<*bgj3z)6=fbSBi1;guAixUfC9IHFTs%B928*&g|C;=#LMSb(Vd
zWYTQ&ZRC(2D_AEb0Vls8z(sa8^%kmE;v1E}v7>#x4Soz`1lU76<e3ZNiTKU^)nUgj
zGB&TMn$e!Wy84EDJFagz8+br=4;g^p#!ZndOM)2?PJRA8l7@0K-6+9dufDZ(_snid
z^Wie@kTq!7uVIS&{VX}wcA6}=a%IBAkU$^tdPG1=Y|2cV55iO$={E0EB9ES;4c)ue
zG?=mZp8>6)xG?Vq4RIcu_F5siu@tQTs#*thC(DD=0oJ6{+1_!1JOGS{E~q^_t2CKU
z3YaMX?lLqkXL5wCr~Nse0o?JjDEK)qc=q6Enq#U@V$KFmO~mvTqt%cEnZ>jyxWky3
z^0Pfa>y;4%Z$0^29xXKMI3@?R`-~w(o!36Q6-E!6y<I4~{v+mYFf+x3fX7a~r;waA
zrhZA@#o%4aIS&e!Lrha9n>yWk4xJ<>`rGX_*{t`*G33L@(!Dgp$e8E%84KxuD^?9A
zCeG>pRyKat%7rvt_|~fXG0FX$k>a}ajwoBI0hncWZnItkI;pA{N}+rKqAmwcpPBhC
zxgO~1>D}P9b2M4JNr~#zMPV-BoXZcac4@j<xdtP@vMo=NtP%f~YEo2|qzCeNgs~04
zWQaGa#oW)+lsVJe3c=XQr+5po`snoMtF9&p{c4VWFS+uNgHgi%pkFeIRb*3^3phZg
zZ|N!ewQDZN_#eOYQ`;{msL*T4Tb|@QXwS~S=^40H{)Ae^&TfnKcu}b+`|vFX1-<I|
zSXj30%3w?3xV<)T3vZja<1QheO`FZW)%TkD&@KzFUyDCys-8W~7lP*N28vXBUDchK
zIL;1=4`+9Pn{)b&24NeoX5#k`I77O;lK7PRAe4Sr(e4=O=$(xIcY=0ol#ZaoJX#_^
zOC|zUI3%a%f~0p<@(73w=01^nAHset*(kZ27UsQZ_eAB;as#$xHy*sCc#cx-n_k2z
zoTOjg#Qb=36ULjRjtz7EIkGg)^H*U%BPu(TuJUJ9;U(fH8^hsIxI>sS(WikG0Qo#r
zJj@>QQawYN4vZl8=ekOiOibpXyu0vXy~TC_tU-$MPwO8Dy!~MY$ZOvgz8X8iRFmu;
z3->TcFHvV}@XG<x;k1~PiG$-0r4EO&Y|Rm<f+5}Y8<#1jJkiW=l9mvk0j<t`2qRg!
zF8ME&<)><{^SI>6E0F(eNTmF1WJo6U8lMruUU&Nb`P5vn`l+8=M!Em6F2Xr<?ATz;
zYykGJwoP?bfVX^X``l_=Lh$Gn|2M<$#-H}JzzVLQz5A{Kw7s3u;zXA&(u4B%IOhr8
zY5+Ay2B55qFXWt?2c@g*1kh)|5U0SmeQ(n>@bmj5C)TCa*zgmse}gjv8eT%kfzx4J
zV_TW7^7n~BV!jFcZ~>;U;^yJVm`MbKY4{)LkENby8TW{^EFZep@u)QD61q4dsP;ZP
zIy9ICId8R|`MlY?<F~SI-OQDMzMUQ$G_fnHDJGn)?l?oSGG6MPS|-1*5gLVw>-`DM
z;+_=`o#%PGksN<t5#XxF(_;z-W5KIOWVEv54{?}uxoN}RxyIS+)K^6npHgFE5)T^v
zvKhX?t@Cc>-!z=%-CK%Bc5W#Xmpw@+zP$7m!Y%dqrFz+ixQl7__&uuW7YA^0m7}y+
zLj~ou>H4IhI5{XxR*(wcW3*JIPueIy>Fm&%Edjhk+kZYg;>%f4B5fSEql;GJOu1e0
z?oih}V?}}W@m-|JR_SisGDs52Dva`_{kWh+y529%=V{FDzKC`ThjA7=h8*DQh;M&w
zHJc|793TFwI+^}gKAJr2%k)4^1C3Tf4#kTf1V4zwI2qh@3A)d;)uJ@8)2<tcSI4E@
z(F_Z%T<R8(`*j5O)h&>r%Z&m((ZynuJDPmz=jST=#4?7cbdoXOCp4^g1-^tI*V`46
zJ!J2@@3vg?TG-VxQC0Q{f0G~*gWMDtkljZbIq~L1SRt0`StKXDAz+oyDNRM`P;EwC
z3^lTe{EjxbMk)2;Pk^bPzZG}kTk=}_;4UUZ9o3f+Mbfb@T4jvK%uoJa7Uy4;2SuN9
zMqYAanaLMj;msu#MfMN%3vRiI<K}5|AHcBnmIiGT&)JD{*Rnwiqgy4tAA<wPIj6Oe
zL*_%kL;}zJueozY=-0X$<AHN@H5Y%@d+u=Eh|Srz<jICTdmikCPc2<AJ6%*6yzoaf
zu4%u=HLQAR^Am<Th+AEQdxpL4E;5W6SW@`Ms9FxNiJ@Y*P@v=%PJ&_SrdI$khjz9u
zv0DH&87`z?*P{6tD(_ztF*2DBMSIjP)a8<an2KDX2c>`a=*~9Z!Ue<Oy_&y#Mv5(M
zEF)#T<)UpOgUc{>@73{a8dWi|4Ey8RI5~Xu5?~j#tdDUg_;Z-P{LN$+Jsb7k2;l<S
zKT`D&6)Q!1&H98H;F|2`+YYwi8w!IX9bf5<%rlc?uKR7RhJ~86nVA~=0c##qR@@7X
zsv9hG@i72vgWADKF6sUvu(wfTLFZfC{HnBW$1daP;g8i#KncPQ83q1$2>XeW_vT}T
zE>uY7Y>att^CNt(%u<A2Qe^xk9(b7;#<6{JUAi^GQF>qG3$~4e=_G-MKj)BYG$15S
z_DaKRBiM{%m_uD=f!ZW<Sjdm%08JyClagFv9>VU0q1a=4+J6ogLJTC1^y5XG*LZ)*
zUW03nu&p8YB7x~npY8;2T{1G!smKXl@ad9t&Y<Xl%^@qQAFr>UuA8(yC0~jbKVa&u
zbN)qP`VtnZ;1g?SvR%;u!jw%WEwH4D2n7H8(w;bsx!om1oOtQg{Ewlrp6p4panNGc
z*)+8ev3XzTO;FY1CZwZr8Gvgput!pa6v^joURzTLp@AKvv(o6gvq@CNm5)GYUBHp-
zwmI&sPoah}ExgqC5brzFjuBlrIE=q5dRNrBII4L-9Rh+q1G+kH^p*aPqI2<Q`hEX+
zNGfHOkgvlkYMmvYlH)3sO3_(}C7}|M!?06Q31x*yY%4-?K80qR^D!GapSGF99Jet$
z*zvdDfAD@h-uHc9_kCTj*YmYQs3F3_hQ%Z!If1#d^baawJrLLk%4l9{vtAW7pL&TP
z>|$Y(ZGP@a@mcYX)$l?))FQygsj13lV^bl}IPext!$CMY#a9)|bXm2jKH$9+&7I(#
zsxl?cb;+ygo<`&pv@_4?+ljC_I=W9KJ(k!EenNidSe=WiY|@?G!eY>&mUadY@{L<X
z$#>6y{sk8w{~sL3lrZXb=R!FOjzB5*l{w`mIM#WbGEcF4*;@GtS5}jkzm@6`hL7)A
zixqm_-95qHMmIn<pg*>{5NsHr_R9pYyM>D+iEn-)R$Xprxu=$^z+C~sH_*J!#4S}4
zmOj%@@4ls&91CdGK8!36X8JL|mEYE{es7SzY{siFNz;7u&DYuq=wniaz00;n9!gv7
zT>O_?H|aID7I+ZZ6FC4%bw3etSfIYLZJ&5pU3i>+1J_aPf))RP2oRDyV}Lej$~Are
zcgWsfr1|-<!2e`A7_rcryZM#Lb>~f?%(J1SGwxEoVRJl6u%s$EC(j{AzHo0!s7#U!
z5ymg-#8P0F4WAJoI&c~-ubeB8@kcK#o^i*ZhQ%S3$3EE`Yy18+Jf_O>JL2%7Z>9J2
zYBpZtXs;ifaGFs%wPIpW57dky5$E`@^U7#_-AlqzM*E@EVcMMl!x3Qk?qcGq?+!9;
z3oRH`NDk~K{h(EH>-lw)=^e^L_nY1*<Z-UUm(x>M1X?R)If-gkF<XgOYDI=Yr}^_u
zcNmR-I&}V$bF1ItB58=Ks-2uKStHQ+)VueSJnUgJG%UV_NILA`y|NAUfgP6!DHkq%
zSQsLF4nVx%hYkc^PVrUcsL{nc))Zw@fF6-07-FttCe{g!P=hrT3(8m`fpiPECPu{I
z%udX^k9=(Z^=wo+t!&N_tKKoGw0KPk{OB7*`aAz|UjW10yoQ-rWqwfh-XvE6Fp{vY
zP1Sr{ZJYA64N*4f&m&?(FOL5JcqX{TScl!>|0)5=38>!G<4*Wx8z?p`#cj6IS4Mdp
zotn!YpEs`h<VIChR{}rRlMK4Axxn;biFf!-qNo2GtJnCO3}-2$nhp3>#MM5@2-m79
z37S19Cs;+K)`lxEuk&8s?1vP$%cMm~P?Ni4#O{uv<ISIhtp+sHDi7%n%THZ9W86G?
z=dklC6AF_45xF}GK!6QmAm&T9GV?d9<oQN>mO6MPldkQwfl&$@9kYyhW(_}3$om3}
z&<D_54-tPolg0q((Y}s>(=oyYv$$XdHbWZI<nU%(HUVfXKS0b5@DeEJ*c!{e%N~R#
zzLmG)H`Sx*@^EQpvjyU%{js2hq*35^s9vPif|EE#2w}go0u{Cchc1&20DjvJwGNd+
zBqDZwp!kc$lcf6y-A$5rzQhHe*(RS!i~(`Mmeck|G+t_4!NVRXmY01I8xF66go5af
z-X%Dbt~upfws&F|-9r8dLi|j$X5jZmsb#7{RAdSdVt(vr^I;43&$$KQ+|?1XFXY+4
zT40E-0LgmJK|nfh+9(rw*Ctx`0%pu9(ZHKGrD@zQG`JCf?QTyUjta!>k#|*)W>VSK
zSuAtcpl<{Rw<(L|md)+4(?R~&TdDCW)@~ldIuhae4xNj;&p>frRks{Wj<A19m5G&~
ztnHN`Yp)`kLzY3{SV2{tm-ryL)Ru6|WM}F{Q*#R0&P?{kpn9*e`t=_Zs379?E6dnn
zc_-bzutzomoA#Fb00mbx3T2WW8a&mPwXl~SBprvXr%Ag6Vb3W_+}Z|P^F(iaLIz-+
zA)bO5oZ0&va;N={{=#1YI`v9h^wXy{+MvOWiNN=c`_W!&NHBf-hcV(;JNZ9F?Fwu=
zHazybB6hvNdw@t$p&Eah6}q)Kjz}_&${XbUS!pB79;X*y#8x^6y8rZf*n_q#O45i2
z4}!EYb)#|S0bf0@C>v1j_l8`44P3jqhVQ>X^3{0y=m)=fCav$%FB*>wP<Whf-&w*>
z=hD`p*Um(GO1BgzHpEOZ%Euvx)2=?J1=QOWLjFq|U_(seJ(;my@+i5U{TmqLr;)r)
zb7j@BND5a*$PXb>hnbt(&Gye;@LP%O%x&4n#8;a?609&@su4n%^GwG*q8nrJrLz7%
z2kDKQpdJG)DEcOW=bTCfTyh|U0f<eQbNH8>sVS}$K0%W9aX9?M;Bv3{D0{P9vS^5%
zvlFZm`r~{2$E1e56Te7;5(V}7>7j|%WsjP*yp+5qUr61O5hgK??JcYA$MBT|{*j|D
zPS`#Xm9xN-{5zDlHom>g3#=Tt5m{#zgYtOV1NfVy2r60_d$JxqB`e0@L#uyOTQXiT
zlop&=n~?v#2oRq%zt-{^zBWwx_qaD+{mBpe?aL!N>A-vYjz;$NRt6%XT0vprQIlLP
zu$K*+DU+dUgHul!h-7EPer%(vOKLd1ca0!=V{*ul5;e6HA=zO0eSDf786`i0Sv}mA
z1*!a3j$9q2cIkfg2+8z|rTm60^ft<oafiQhlmIX7fnjV?RmV%JO<#?tm+~vAZj(G8
zqiwMeu@Nb8oEv0!KVfT*0dp{AQdhQJ5iwZ&=GBRZF&02`*=qYwgv;@!O3)kek2{hy
z576~f_6ywinZVz75QBR6C@Jq}*~gYrd6zvl81`LT@mlu(^gz;S&XQJ>>+A&8!ADcp
z`(Aywu=mOz>1{xCS3-MYpK*6!@+LyOHn8B>e^#3CFPVr^=pld-;BqeFuST>a%>~R|
zDn!w%{xa;Qn2F|Aki%G2(HQjc%i6WFr#7Bl;}-q>QEJ&ClbHc7X7d@DF;?b^+47!!
z#<+p1v;*nFTcx>f&`2vik`;MLML+%8N=ii0D&fzvlH{E;BYis8w``BxAlv>oq`xef
zXx1k!x>1KX>8*CIJ03IKlZsfeN`Xo=tTSxy#LIDZAPxbB`gKWT!v08d#!$p{7(M8_
z<qgYbc0gwoYD=nnWyDKC9YF7UTRk=E5JuBd%iDKDefJs1<vsJ*dC-iYd}aqY_c)j)
z>2#~1J4Ff%I6*ZZxweT_IR)HH$EHA~D;@uZu}_;v+FX}4P<1q>w28%E=3jumm!ANL
zb{%W4_!GdW6@DVdnc;^C*7P2%g+z_JH!xPA6VT~e`JaUSEwbnA`utJ974ZZX`fYzS
za4lyP_ndRG5Ih?@?|$JPYH1rWzi^%c{$?*eSAnhW?D#TYDg)O60_TZU_l$r@aB(`|
zcV~=&_||f6m)D$<^{MhBx#M_UEWoC4jvTt_V5&>VKpSd!O{lY0fi00Fa`Wrdr|q$M
z!Cz7L6CsjK7VQ6jjvHB1(A4I(6Za4={FD~|LCU=N3Y79IVR79(U+J}%_WT~vQODUE
z*J*k^ZlC6Xe1d8v+LqtL_tOr^<gjN1lbiQCs~E=&KyNcb8QK1c@O0)dKXeTf0I6Y;
zlIqc5I=OvIqzd6@Hk`)KU)5`yFg5p(Dm;x<EUWi^AIOe^+QkOFp?rJA7S(uD5(9aM
zn;A^eX@GnLe>LE0rPOK>*;q*O(JiR`)x1A~m#rCn32xG0Th7qExyjS3dv9##OY2+7
zqI8`e+ZOm76(rqQ4X$FG!8`v0hEJKAI}WKyhc0#$93>sTv$N)!vFwpO&`(Fp0CGSY
zHxzZM&d5=5-3*M5KZi;Y21===by?UvjR)+Vpu=y8g6$aX<9~cikyR@jW8{VLp3Z6U
zq1%O5XV>3J!AS!(076fj9|yw%r5_kW`7c(Wx-OJH#?)u-xIp7iYIh_95D#F#1QXY<
zBwdA@5#kR;Wfb3ZXPkJ2EqHXX3&E>(!xS37kfnns*ngi%x)V9W!E)#(;l#-h+2gPo
zEum?8pYsFhCEY6rksI^oTl9Dio^nAa)fMyT(ZQ({==2fCQRg^O<J0!<!ykk<|HXfs
zWJx<D-)EbR%?*XSZ!br@2iZb2i0D{>kDPYw17?a)@{~hz^%`G5SF_R_uK!Q`{5rpv
zdKtBJjq!S<2*Z};%(nhW&A69wm$(Jl6if>X*PW##qpm)b>UlqMR;h(O=6zs#pV+_Z
zrS|3zExq;#(gM9ggTVutWo=qgt-D}-73*hd^ci$QYQJa_ly5t%WU14!ol>x!Rsh@&
zjgY)holXy9nH5>TsC1!u3vy4~?M7m_W96*tN(jh7iZ^dwMe82(3Y2v{E>4&l$%?S=
zjhmf3xa54Cgx^@ruC{*HY+>?EGsI5(SoYtK9eiBG*;8PS0e!hr3;YF#@rXq%9w7Z*
zFBH^yAya6j+)w6*^QkW$5#3_+@42i_#?=TWu}XkzN38+{N;=NpJ<OdXrWQ4~RPpXk
zLEpNTFWvqee$WvV=`!Jj|J7$o?T=KZ7ymkBc{ch&>k7;N&KmW0M=(B-^QgE*5Fqb%
zk-vO8rI-m5=LXIDD`a1GmPrPnt~r(~_g(lFrVH<X775p${ABoAwf+?r&Qqy1XK>E;
zKz1xHrZfg@M-!Y28zuYA7!Oz=S3`SDQO?A-!fh+Li_z0H*ZkTv#5zw~m&Sg8gr<c%
z6?kgk4Hd+}qY))Fm7$G8#g?MxKSNPI^7>}nt!`c5TYXuMq671w_RcN7SxfI=PyT+s
zS^1GQ_brHys&~HDQs-t`gJaHZ_{j~TcE9b#Daljmwcf=as68g0E5p^NLcfy(3}9ys
z_-~M*N%_F}670hOxm{1yvRFME%}?-jqn}N0qAYG30aza?U*zZy;4+T|Io2{F78)tH
zofl%Sf$*Nebq(`hGaf5cl^M#&vHMj486?9MnhSF<f2g&T$I-EIw}q&JvCyP04V|CG
z2<x)ZLc5g0VxD~j^`J%{2({WR&$i{^2%=*!>5sE2$f}yD;dy>}RE+Z=amebVj@|<h
z>BRz$QV&S}=w3<e5N%Zj+TpMm2gkrRS)|C>+}xNfs7+t{u_x#i^ZrR^qq*@O9hQaI
zO<q?n%WCwL_{+S*jTWzFo@t<^pvU~1WU`~OQJd8~_BP7YXZ^1k@@0*+EME;tWlI~=
z=5jJG-#kDWlk7@rZZD5gGuV#kP1U(p0zmyj{bdd613*Rj`$-ZDp~csSAZ`tt8>V8Y
zS%7eQ?~xG@mm%n}T!Mp~&1T`u0cNhb7sh35?PFCPU>cd(tabG3Er`@X)-aO+eVRav
zO_i348i%0!n1wd%?vsJ_YZn6BqiGzs5=h=YT#kwOWlVAs)g>dPY#(pp>WaOO@Bb>A
zJU*xT7Iaw(s`?@i?RRGvFg+X?O#4Jsxt^}8C)2s(M8T`GZ(QpsV{zavq~kgTEIsU`
z###6#>mQkJl!AX>C8my_eh(823Wrm3M|67Q8|zef3i%_xE-U>+F`Bm%29RwD6+7E2
z3rM-aaRr>*=X#5m&3M4Ca(93=%YV(Kb5Qow&Z8xxPCldb`+{vS|M`GC$ZfR(&+#Yo
zMZXJ}75s(o7<Pq<{MTr4WfwieY=rQocIgv}aiDw@J<^EdmpR-8nT#pH#94f)JAK;f
z0VSqGqZUv*A%4|LRyUUThdmIAn*i4ucF0cExC@DlwD_&OhMeKGXtpK*#ZPIha_$Dq
ze+&I;&E(42+_Es_+>Lw4!J=c!M$UF)HHVGB-(=;A2$F<Z5rCr}yORlhMF!Lv1sqC<
z++2Ixo)O0CO(QG~ZYL$#^E*U)PeFI0ln;)DKQRxHV7be=2JOXy8on{icj^Q5-4PT}
z&D!V7sDOv?T?V~~>%^sEO3hrda|gden0At9`-c4&bX>PsN9MaZjc&Fs@Z3ESh&K;m
z+f741nX+u&Y;ot9IQ`JM3l5~Iin7Oo*L3R|Z9=09-_lwOV}SGL?)TkZCXGV_`adHC
zf3qP&pKB*Uh)?Zz;LcOQ=~Jx|ncnzE3gxyST`Agjp@r>pb9#*RsX5Gue8dD%0n@C+
zPeKx^gD2Bz6Yj2}b%h=kB~~QZg|NE$9e&?5r_vfZJ^%(YEP&*VGaT}#Sdaxa-NnOE
zuSs1+wr?C~BiH=!gU^?Yrns>%RBgCZztcJOKkU%obFuK0Ufa9MwnZT11l0SckJH1g
zvTlsMd%ljSva1m2xZW_?9`4wz#%5p8w`#@2i`9e^`P05jgkOIMvA!Gdh!Qr>lXU0`
zQ2wfiri>;Wi1$SNh~0Zz?aOSQO0D);!oz~8?wR+Yv1fpQ1ME}sY7I%<_6awt^w#Ue
zr;8zTsl$}32n8X*l{q@gV<IMe4^Fc!4y>0`Q{kT9R^B*pCZ0f61Inh3n!P_fiave(
ze%OmQyl7tIv6HE`BR26iQjQ5=3Q~Yx7(_Nj<w`f9)a*zXQO%%nI13&P6({B5!WJqH
zi;ZH+jVY#e4qLxrHBFp+gT`Mf^*PL`|5^t(<dj6SYKf1dV=if$uam2U_t_v)``!Kl
znjn4G_5GLz(Jy1nuN!{avKDcA8=;YymN8}c`u=CA81q{OME;=c?gY;1cthT9ZGZqn
z*<P&mhQTg0@um=>xuwcJ@PNto6JM&$Kh0-<*mVBNmKLI^Gi^oGUuQSpQ8ZGUH5&cN
z*U1L7=*7qej7LOj+P(#ERo;Y3M-6X94rvWD33W+Z_ONUwRtg8Vt!7rQc8cl;lmTF4
zu~%qGdUq@`lWU)jzZrT!EY4fCIU1|@Vu{d4Ft%qy_~LW#Z8Ok+MVSz?72we>{?gBZ
zK-pts&KdXVpcFPujpel8b`%k%-5A?CQ^WqJq3?)2aWlo&SbWEKy*T{_&y6dVZ7(w$
z{ntjmhqXejC&AogEYLu(o+XvI+-gLZKb_0Nkap_EVrufj8)s^})C>u2m?VAkM4I=p
z?BTV)S?^%!k5NllNAV5L(Kj%si24J~7kcc*Y%_RSKk+9Z<eBaMz<v1Sl}}cK)AI-7
z^|YQ0DOv;TMAK=&6USeUQMG6z9DwsnHR31tO4y^%7wu3VCCM10Ey^tXk+mv8qGLh}
z(L3?Y*k;Mh<JHnA>#w|4!(B!wgUN_g&>SdJb16b6YYbGtC4v<jwU{8$>=cKPAM)h_
zr*|OVKeD3fdwkQ~DF4VFz3}e!H%h95^f*HfA`dGklxYf^VUV$np50Q4O&&>&u7fF~
zoj~GeOrcs->!ZQQf&_u!^kOX}()E9c%O|lS!<A<uw_xj_2CjyN^x)*aKusG3o4r*r
zrhcwz?s$3~rtbc58f-u@C$tVJXXwU*MjdyP*UrI9s=epdGq`gMQa{S@EU4loqh$|#
z@MCP-QTF{I>!oSU;o`}}QG+@>DfNzYSN0f8RJ;Y1&lqhfAPpHyDw(!(-Io&^{qNkj
z7(21a>bSe``>t;dNyDisze;S@krp2@wy{zPE$m}y1>AT3`^JbOAV@RjNa}bAv_kLN
zCnD|i49l5zun*>R8F{Fjotpa~5WyNl-@dhMuQ>%QFOi{hHiK=^j+_4$X()q3Fsp53
z0Sfbr_Zr+Cd4%eCVylhf!s81_dn<w7nPHX7v^jQP4^hi4p8`3Et;PV&k1-&6Yepz7
z>#CK3g~fbJw$>KvU}50u*MxD0BY=R=!O1#;;8r5#3@xUeh1eh==q4s{8j3QGV84g9
zT>FF_sa>7b6{ec5koH$y-rGYvyTS%G;<7)*je_|ZRUWZF6uYHT$n`cBoxb`4sTz@g
zLKAi(HaM6A>N+nAd_2v^h7Y@R=k1XJe%CnFAqdM~y1|y}_zu|KFel01BeUq|yu*TL
z?P&Dcvs2*Qxo7kJ*oYZTUkAv3+4n1s8#zV6-KlwH$5YI0((N)d_lqO?S(RNEWDW<g
zrAT^kotN_hv88yx-qggaLGrpfmt_?@&fK1x-P7Uk7&>M>n>)}xVzv{%1fMtTcbB?b
z0HwcXi1N?=N()c&BWHHYzK<&RPx$#m*~MG$zqGy@D&Cr-g!aUK?%$gE62@FB-eBl*
zW4V@R%2GCT&8RuR0ZpEpnktjL>Qcv)eyk3NUY*^?IZU@F9gdh)!(ef7$i)Ng!79oH
zp*RN624SzN^GT;*FrsSuWNAFdO0#cMiEjAY<^u4&1(U#q`&W_f?Vm?4)JX~ZV!Z1p
zzt`I^F!qza3S{%e_Vj69G307i&GU4NO`Ch={;sbiM^f}h2%Uc&CgdtJZ_k3{H)l;!
zGMLBZ)jQ=kuj(f8zy<5T`#*@j6|j;cbwktNCaQHpuN+OXy=W6M*?x*1L)B0edqFH!
zdY=0Lk>wq6wHWMjacrSSkW`m75+68_I%KigV)%!I%$V=GF*V42#LR8LW!-4n6W_!H
z)XU8_<9l5B12Yx5qAesRR8~91UeOB_+Ar9pOLdpqOM5iHB=P&uqR%)R6}iq)9Slc#
zq}Y>Q3`xMiaa_LvF5Dt)j&UgloabCZE-O<cC!3Ziuic*`_e08+<u@<LEWxW)=Ri56
z`P=m=I>k+ZQ~HyfnyxD=303#;74Ur_aq(o=9iKyRa<=H6I^EQB#fq|sJjUS|ucV)n
zPl=enS}(H07D^8i&yc})aE(t+<<NARK>1_P%cl_E;U#Au_LLIyav^Pj+Wgwo8{S$g
zjrXsBIVN|%+e6|T!su#uJ)MrV0}^~_R;XA5{Eu+)9wC~vUaq>b0k{HxlL2S)$M3Ag
zoi_gbUmtlN6LG<?{=T|Z>*CtUh=nKpTz|#7?O#nxg)*;e;l6nAY^c%4#RHE{F2sh=
z0-uH)ijg#LfjZKw`#aPhe*L2Wz(YRBBfs(7XwI1@+w3+kiIwS|b#_S`<$AO4RSiF%
zUCS9~hnH-qDJ&9ptyJ&z>nY~{OV+M)E4tu#Visn`@kG*tPW~|Qp}-2gX*R*-I)z<d
zj+^Wy=30T^>Ov$%l1cE>!iDI~k)w`So{^xX4!oF939CJ{DQfEEOfjx-(w2O$O5-ES
zCL-hpV({)%Nnhm3c8Zn3cDfk)hkY(V6};#^;U@npsLQfVM3jg_4rUIguCT02p_%o?
z``|Drau;V8)xIRM=kH@i(p;i>zHd<!F)$rQo7(>z%uQY#3+_M03XGf?CnySoO*v!V
zf*gG!{K;^>bXWC%dU-HfGNuZ8nHsqt-xry=H&Z@i7HDj8y0}K$N04&{WQ|+FXVnRm
z(TLV1=d0zLkjQ-mVS}jtOU$;Bpx0bNR+K$88D%bh9<2F-m4@T2mz)8u#rxJZnrr4>
z=(Kekf70fIgeHyJ|Iv_KpNT-Ox1QE!B#pT;!>3Bv+WgY5l0jEGv<~fO9Pi8C)=#^V
z0Utm>VH=;*JPUiLo_F1qh_{)e#r}tbCI<r`e%<EXzOq~%C0TSah}=3ij*MQRx7u7k
z@5yzDQ9&0MwaJ|q+baWC@t+y@t=9TDX88eQsSN=F|F+<FVTbf(@bV9}#qWuOQ+yqc
z5wx0pjZ|YGyZ@PZ&mf#0CL!-=cD@^^zgpOjuOP|i#;aUW8Z-5-hzI7vv)Bj&^C-2j
z_JA)2hpSa2<pKA5p2tXD+|E-aL%W9eh_!{?AIuY2FXfG&ajsw#A0uHE|1DnU5tcjq
zV{wAdg^tFe^!If7@c1M6ZkqB)>UQHgD`+hFQ(l0<<S}8-+8Dg1A%MS}AcSuf8b@<A
za>mPT@oxMkR0E+nNKL|Ftvn8@^IO{EltCYnd%%(fs^iba#mcZDfx75Ix=u3at#HB$
z)j$iQ_8oo88{1(pDsXyO;!J6^SRiSs(AwaXf0qzG#q``+^M%dGegr+{wG~ZIfgU+a
zOHT{Msu|vON)sNW>+*v=YR53po(R&^spD57V%me*QsMG57M{-(l$!u<vriC;LS6=E
zc9a25IX!4mntEQinAoK>`eGdk;?DnWBpRLCy+Bj=TjZk)yTvb@WSuj+?4#NFCSaaA
zDP6QJ?8K*lulIm~7wMi0KXOk&38y(fI|ER+Kif5_z`SvR%D^WatADpTjfkgTqu%#h
zB=DkW;2+^Lo#Fj%&xm)^8iz*z24KE7dNw<pRe*vUHIkS!I}tGU+=^#&e$VHzKQ3e=
zZFwiyQ3>^TyKt>$s-C<6(61+Ehp<o5Y+rfk1T9@{&k~KtV#PZR5)yHSH;gqqWLWDC
z<npm{UY-cuPApu=tof7zg(J5h$qEzZjK&RjOCO&fjkwO%<lNWcE6J}~m(^Fl53hAr
zPqr}~)`pMM-OyejqY6@IRO>pxN`}gQi+Tb1hJL{EnJ&#Xt`cUqo3vcMY5r1`ao`Me
zKjvdb(|<ve)VCmS--d@{f@(1~S^gnDNc>D^9pF*0z<csCBZC}(>yJ%ZrNCH)V9QwP
z+L?v_@Z+MLH1Rvw`n!Y5EXcRWHyCwii)%!A+mibKRIH!7aK`J<xD-S}S6&Af#XcVm
zOui{=TfE7=HxDzb4r+{aY%aroEsN1+6XXUFf^~|;A|5Vjpn0_(%j<1iSqPwM`XZ0O
z{MgsoN`@#G{xGZgk*I#Qv&a?fd6~XEJticXa5&>-F={Sy*T%ryB*lLwi?RlE@806&
z>(x!Zw1@s97VPiNgKm&F*B<F)=U~ptXp77`GmN**-%r28zYVzXm$CVSJ-*o_d**@i
z-?mhkZ#&vHdAhhAswLVa5AR0^N(P)d;wR_vA~Drzk$r2qb-uz2nVDd~9w-gQ*%kf1
z3{)#6k21e$9<seh_&G$WGh2{!P8D`hgk2X12DV2wfCK(;j$$cLZ1tZHD+jG0$3ktr
z8Zs*KnPZm0o!qIQzO6^7=}$ub{NetWkO4wh=ZH$W0`p|*5w|p^4~7*DF6*ognt>(y
zLeo5N+9Dj(sLGGuM42&%s2TR$UjD-S++TeFzZ2g|P?OeQnBUWUN6oQC4N%)g)Y*wL
zj0SI!bWa8tJUAva)lu1ms+v?ehrB?dejam$v>u{w*BKYDn4_{;=FUMddwPUPJtaNP
zDWROaA(c~3I{5FBFV~#W2E_l79<^e0r(XGmbH4EMCd5Z-#KUVtL-Fr{M~>E%A$ji2
zWyV5j0~Q)?4k3Rzp1Oz`nJ<?b3a4nC!OP>wo<8U5;))I%Kq35%b(<N$e^HA+t!T4M
zL-gv<zQnZtP!nCuwn3~;&9Bh?1SU~^VCE3=IA#&c(?uda(+qNG{w=SFO5hY|%TXfF
z-Okam=EcqV|1BGHeHZmh+E1<u-p|LSm>Z~q;do@#sa5#~@Y7lju$;ZGC?02uwH*}{
zaozK@Ob1j@ww&1!Mmf(5sA_oIVYLu#$z=DfnVCANgiF|*iCBhaQp`j1pZ4QP$ZP97
zSQ}Qxu8_jj#3Vqq$(RlMQc#kpkcnYvo5$ju@VtJcd8tF+s63s!&N=}Znr^qEwu)FV
z2Du2w6RYY-C;v@2Rl3E|9@-#2C)EoEZ`ks7T3!z5WWV>76%G@+M`yimL{!Z0>UIj$
z1j9ixH(*;3efh?#(XrT9&>_fb^J4I*)$F)KJ9@6?wN)EMxu;Y(zc&O<iwB%4#y7YN
zNlgTjyxm<W`Pbii6sk4oEf_<`<Kt1Zy|6DMi%T}bl1r<Fa?e(q#Zf+016NM74-mAK
z--A4^6fZjeZ%wr~>zE*$9Xo*MQb|OL1@9D;%04{XdhL-6#JRhiST!4yh!gMXVAa{p
zI?bxdD#90AHdTQ={j8A_uQ>iiou%P?f-(2aO8{)6EHd<%iwvnB-dC@rf!YCnNGig!
zX9?1c5kG%GDr7O=>%2S;1l(7vl>y@dRj`5xD_K-+s1}hIVYtrlg#C&a`#-7b810;J
zt_~;sB56*-T~rZB4-toJJQlsCxCPel#;bm<yk>WpQ70N-gHp^78g{<S&_^~9X*V|b
zF5ejd54Wzy1s6DC<xW%GTt^oGeS0ls=woO~<Q4ddu0j$*cst0eYKj%nQIb0~SgYpA
zwVOE$n#mD9PvGUE_J>REC~iH?^bCOu*r`jNMYLhDS66PCU1%l8{?9fExQQqHgvNc(
zwK8^=_cPbVXIm%rEeGq-zSNv%uM4<Iol}QQ$bJYviZ=*hAG+favW6DCDzXjJ68>fi
zKP3g={6Fb5^&cL$t-zYx^IiI+fpaGAE?(`UIo6)Rs$W9N@Zc348Nnble8EYkP8z=P
z;vwRsoqTT*eh!N+Sc`{~NK?Lt#BS0m{S5VL=_YrXk5p$I!Iqkb(H(d+!?Q|`Q9z;#
zNt}b}B{U&#IvK9VM4Du?uf1rynT846gnYDhd3feVpo*c^5k-dr4XcZ0<(=CVhYbjC
zwqZ4A21bT3w2;Agy<#f-jl_66cuDrGA61PjkwwJyKCQ3%q?j~|b~U<_tPLcbRE6He
z{@vDp)^W#Ky3OmHQZI34V-q!Dxn<w${nY+nTHW*Wd?d=uC&ta0wh0N3s7hG2-&+X!
z{S#I^)!0=33#!#ayq8g9VJd7)o_nN*wTe}Y5WHLeZ3k~rHEgh2oFVa50P?HI0nr28
z{vOM$yL0$O$xoM?6Rpn_lIzeKq2AXReZkc<*#UZf(zzH#suKm|xIeu6qHq(^o31od
z>6)SW=_-6<{2c|z+`tjk8`<!-Cb<2W9q2XpVY*T3z8d;>s5?R3NrQGb4t%#&;q({p
zN`^$>`aOLVhWG|ZYKDS;>H7`1mPYJkeg5IJNAisj_pvbGx78btmv5)ZJ;|DmVsx4v
zn==@d?CJ#f?)NPqnw#x=@wpFkSbXb>B9gZ7(387@w)D+N;$gH8_f<=-wsbbP%*?I3
z*XfoWDO31_J7toqZGhS_e7Ki(<;knLs-3u_Mfph=7h*eS2kdNRYO-QNq2P~I?nAf#
z5e3%}#m!5t?~zXt?0s~ne~)dxTN#5+*%#TnPJO7sXah{Hb`pX8k<UC@Ybr7|%m4Cp
zYW}H$`aYoho-ZVQ=zW6ugpIsJk!Rt;u2?SKx!iB}upOWDBbCs>Ds@il^|R@z8V`P*
zqWH^HgSJVslisrsYj#Y+H2}>r9^g~#m^&!Kxrb6rO`?Fq^#srtW0e=75dMJVLfV$L
zwP*eQKD(Xcqgvm8mW<jgPwJirXIL2X4P7n*Uku$`@d}mA+wz0H!vcSPm~i^+U2gp|
z9w0t`jmaAT!n7@eniMWI*~akjgH`BN>HAF0<=^uaIcWTeOdaU7$&rLBx&^%Rk3L%8
zLp>lrSl;t6&r1Ho;5p6m@`Ec#LHvV7ZtgD-ybiFl?RD*R5W6Rt^4eN(>%PrS;d;8~
zzH!mbEg=li6WTR2*>|%er}K@%X<>U@WHpU0z?EE|c|fo#Z@cB&wncXJ^1E@r^duLN
zA+fiRo6%9gd;K?zVo&zg@X<(2Po3_1h0^`S(=j@J=##2M_172aX7HdA8gAT$S&zBv
z!o%BAbrk&-Qh_UqUL(osKg?G_&lOpZOG4+KbqmJWdh4yndI1r}ddM{&Gc~ZWm2mXF
zm3A6NaWe)!6c)X=SdT6^fSOVxo#K4yE#vxB0h9q<Ok(cG|3Dm?ck0MlRJfxM-m>K7
zqKXX37<j_8|NJ5i7{dITK*?su*&GG<g`GqNNE%GdWoZ~aFfU3G{W<@V5(>1Cz0wo3
zFk5hMJLMx0E<M&w4!A2u&xivz>7LC$Ab8=++Yzehr&(HGktfA!vOr93dM??liIdu{
zLY)F0n`#F7_lp|qP)jG<-TH8eRf_g+#5KO;{)S=hI!+iJFo95t2f;|%86SZkY_k7k
zV;qX$9}sc}KL3A_L5J4k1@|PSw%N3E-Mt+FV;<H(zHi!MZnON>%61(oi|n6{b6VK+
zhfTgL)3Ut5&f8J8K?Wt8Sjy}&y?9F#Yo(1DUak_bEqJA-1wndY5^@fugDM~g?<Gkd
zylVwuyPU>u-bT(_=?9M}XKF4)<Q6<rTJ<YJLXU9BsvP@kijJ+Dl)F1b5<9jQBlxB%
zj<pIjhMZk}SA$0s2IlTwetrxyJB*J>-HJ+?TC)s!QJVlM`gN&Y<ZD^$XdU6kL}=%p
zghjLcvyduD`FjGtq5tlw`a`3dm*g)sMZj>=6!W(9nO+b8IdQH@?~_uD++Tf9AZh{M
z@DitDcp3Pu*&$-HA7;W#L8|Yl%Tjkh%gO<7Cb%xcr9c;E5XUHPGmR{M755T%Uyzt-
zah#=MJzro&3c0m?tvCP+y~)x(OCtq|@BGrfU~B$ZT6mB0E|ZgnM7qfnGN%-&ZjgJB
zX~{$3o9H5f&F!m^IuQ<$zWgaA;dggq=K)-Ki6SrF9?>EhuVD-^tyTsHoIFZj56mG3
z3#>R_qW&q?yC&q^!V^MUrHc2JGHf%0a+<Dk<)QD*PK_fzlYx#`b1mz%rj6F#fzYpj
z7YPmX=ZH58f(c}UtH?je4XEr;=EM;-@YCqk13->K8{s!A!VjM7DL$W=<jKi(I>492
zrpF+ak@Pg;Afqn+dwnEo!b#vxw$2_-wfJYW0AgSNpA2py?Q)!0JojX3%BuN8Si)Lo
zx`g!=OBSRYHL3=C@IALF50bV>+B0kG$hq2|OW_b%&lKmTZgWh$4cmX;A$4$i4KrOc
zDrRdAaWm~-a-)XvEo&bs|3l|xlJ-?7&oA79!AwZhEYByM1Hnrd%g0TQ-8F>qVi~}E
zl^<(+tb&Lz@PAKK7b(Y@LkB<umCE9VjGO7Hr*}y{I(gp!|F($HD#_1(EysE6f`5gf
zEJ7~~(9ZvFBoW}IVLhc*$UNz{u5dlh`Sm`Dg^rx6R9&397>hZ4H1GWQ<VA(-75b9>
z^E|xSs{9m)bbp%un)_*cWuK0xc&Plu%JF+E934HBVR&1ij4XntTmp$R9Q9A(F@())
z4|dGWsV?AESmKdNoO8b9Fd*U;HlgxzB&R%X>c{gv&W;_oFBHvJv$r5styxxz>s+t%
zozJ8u>*r$Au)EQ?+N8&bwqobjVuLWI?2TgbZPszjy~?)be^V}a&}n$vUAtwE$D5%=
zZRsbwb!L3hGf<nY;aeqYNc`KySPED6V&pjIaGT6ca^37Izb3QQ7QNZXRzI6vCi_U}
z-sGNBTeesI=&dBtUp-NgZW{{ob;wC1_dnJvrpH9E(ytb`BbPqPT-^odt}O+&U0*7m
zW7C6bTd!dsOa5}S7f=T%51F^FQ5y_d&$;o0x=FqEVi(|r5m$~pd+}FuKf>=I_I>eW
zOHyM!+HiMGrEtE}wJ8ekt@amaP;|itbTNXKDhYV(Kf5!T22ln>RnQ~*!QMRi`Ot4k
zuHuKGZB+{;vaZCWXkk}PsBs|iQBke*dJN*PvD_QUykao_^Qe|dn!!)Osh~VxjpyvD
zwQ*CH{tpX!3^tUR>yB`f)ZU=k$RkyeZTqVrrDxpvK_BNSVKUnt;Y~M}>m}h)k+W=e
z9Cvaem=bvxJcx904>IC(-(=NL@6h)&X$?5ttFYzIzqigBr)9VTQ9W0sKWSV~bX4nw
z^*dyajl?Z}yTzI(J250esnSX;AyV1e+it)K@~7*K-am(kQhD{t?tEu+ze{74E<suS
z{u;_?ha%g!!*#v?J(RYO)!d8F3&JwmbFaJto^q4u#*FcwoUb*#8`SB)p0QpSL^}lN
z+DJ<zHp;MlvJv7Igj$4`N6eC#3w?)g6Bh)eeW_uTu9~<Yvfy3}6s30A@<X%yG+Jsx
zeO-<C?uIHFc+D2w_;{mk(1y|w@$tx){-knw$`vHXS6al&Uwx`fOKkTbct&hqZJhtZ
zZX>M&pSUM_%o{3szP3>9UdB8Hn21y?vFQQb&E^*%aqWh#q}kj$M3&a3p^T}-uA$<S
z3d}IJ>yguD;0r1HJSPjKpzFZ#Rk|ecl^p?VPgZ7z+SN2Mys34DOKCXy-QXqXq5IGT
zLG?_WgLEwfyGt4F63j?>698;*p`X=DX6|o2PT&=-?nPEvf8!bSKR$~nD}tf(?9~_f
z9>Zx?bpRy+E|`f=d72k`5hgnDwZfR>_C4wJf>j4KuDYtmic;h6C$zY@P-UBR#;?$<
z`-TLqge*H5X|OOr=_P@XcNeGlf$~+uNOQZD8s*mBf~_=|$Bt@EyAu4?73;o2G2y8l
z;qli)McRTKzj*iYd8#;HZOr+yq)KomrZSr<E1yNJgBMMx#RK*`lh&cFj({Hr2fnCO
z0h1W>>><JBy2fSo6g5Pz27Y3WYpp_*|C*|28G+X+R1K2O6_NQ!)}VUDty4IZ5ogw9
z{7*NAUyI&$NZm_>%~ugZy#tTR^fy{RMUTokc4`tUHvJxrZo{#&YL``=qi(J(rtwn$
zDPW(EdIfn#yif42sLM;OPSP1F<S;we(Bt-V1yRI}(}+6+Ic_7;s}96jC-c&v@^zv&
zTJkS8v`u5QyNb86bV5zr{<7g!>XpzR9`^1di~PETp|qYvr~F2=nqj#M-}ir<d-Su*
zMYJ_l(Zs=VYs(-|^QcRjvyY^pKbGelD(<%rc}PpkSH$rip-*%wit{KDxcC}Q%;Q4w
z0OSVAN6oU)6tppWi<DcY;^XW99YCrEv^S2xoPc2$ostgPn%j*3b6JjfY$_N#MKlXr
z@oP`#Rpv-OR(t=3ndI<ehHUm*+%q`&BYrkSz_F-MS6C}BSxEPf`GZYP_~Huf@YUFo
z*Ch3ldgmy6hR$DG-=!-AQ(g!YYWJt1Dm?(@+E~=a3|(%W@w%$Y%0(iTki=Jxrx&WY
z1*gWFD0-pyQ6t6aQ@Pc-WVv@0YAKBRZSmF^ae?+{V(>SfY4zsMEr7*t@dNgx@xobK
zx7H7>PnFQ8C#egIqjr*rUHg$E7M+hcjU!iNOK^W@z*LOD?kF0jjNxSVc`jNn81aLu
z1_GH@z;)=cUvT~@4lYWpap*;f0Hr7Bi@3Ipd2-KhGPWsgxeRxT!u*djd!f(i2ypSu
zxb0z-=Zl-UI<k=1#n|CS3wmqljhM@Occs>vzc_JgC6Ha~tYp|n>vA&ZwP-knP8Oxp
zTO(NZwKTPe^kcGn8QXf*@Xlw&kGVKD?<|!VHhmPeo^~>*LM0G*cHAd#v3xlD2^~g>
zo;lAUT)QJkk48o8{9aw^_QD*{HI~X2oqO>RS$h^T;Bs-H0_w<Iy?_jxgD%<jICsao
z97K-TNPX)j7w~IOsK_Sgqf>&V@ueJTcYOLk^?Vp~9WC`DvYVB@$Z8eY2oObrB-wsH
z<AmWFyLy?BrWB|4%tQK=zRYb>8x@G_CaswvpVhW8eP1vu`AUZF151L_)-S{91$vbG
zdUfpmVa$r1`j@QXe@)>0pw%<04?j)~uT0<Cfck5FSh>C|x&(%WibQ~OG+zhy5hT@g
zV}$yrjN&NAg?eFL%CCj5wS}TxmZPr&1tErtl46W}yUqmMMD}f#8+U_GpI?4X*brc?
zZ?RL{azBKt9`p8)318l2t;Ao(e~;s4jT{7;))1_dh4sNKe)xeGpRX)9bw=iB*pYJl
zNJj!Bp<kwcmE<O*`krQ<p3BZXsu=#g)ubeEZ+(`)`aAKjm4mx)_5AT^@yQW{+M&nm
zBU{A*`@t73KDMDeJ$h9*x>_~5aglE@_l5^E0iKo4S1{lUt+GgCPFI}dD7pAV9HRKJ
zMJabSug>WAoc_f2RW|w+#nv44S9|v{LP6v^f?L(`I>F2ioY;jnGD}B=FoBk<<|E?Y
z?DrQTrxvVd_X|N6Z>1K^u9%5;P0y(_#-&ef-|`A>7#u7fH(y&%syV+_)*PzfumXdb
zF4KmGMcZ+ILSI5!uGreygr?`$H70HfK>UEVG6ZIaic702R!&PAo>Z~MSKrJ#ZXflI
zL8(%M^w*v^2yB{gt=|W2evp7W&|11^2<toCe+x%CSxDWbFv2W)>I-`u#$m@S_CJtw
z51Nz+np>`3$5@NrGoFv8W^0xtHT7#(>Bl(s>AQqmp$^)9vaTqQOq!7=2XrL}sN-OE
zY#XWomT*6O2mdu};Vvi-X8L*2Vueq${&0B_23|W^&cwfrS)u-!j;(rWf2*pZdiq0q
zhCsE3t<(4Ah}Cs=;2;a}pDyCrVXHu1)e^mx7(&}b*o>q<1*m~T;uag*kGJRcC*d7S
zEfv1g!@WjyQ`lz<SKv8nUV&U^F0Ws=!)Y2e`V;BRb#8U)Cl2m9)wxEc<aF2yt$Eqe
z-J2+TVBTxb;+_cK97qL2bCwC|W3cD6t1%i(<=^booM4vrek&hA7wFnx#?NXMOD9wD
zz{3s5UsVdJ>fWIkzq%~vxJGak&EjSdTiFTsPjpGx0^2tr2v-iDRbxbVNyE3r0%_dR
z#+ZL*(}S;w|D>Pf^FPg&tzaihgLTE#PjZC%<`>rbf;dox@cCTipGKAog@ONbSfl14
zbFutU@vE<M_#@O^mg;Ml4~c_yg-+!qUge78S`iv{Vs!Nezm?3pNZC&<VqmTGu^%A(
zziQ-DYGU}E6<wd;kf<2LkCJ<|If+I6SG4I6B8CxfF?0vF+OzTw!n_`MxhVL9GUxlm
zeTI^#ML`kXLRTVL37!b<&rh-2u+S*SVzno)<uOO7{`7k8X`P>iNmktG56l~&ykGFK
zsq&MYZ}7}O?lx^Z&|=)ojv>SWIh>e^FtshlnvisFH7}_XtRRtsY~P|0s_GQNMT_K8
zdjq;hnvHjti`&mln0IKUaG*~H%Ki4dz&F`I$*Tv0P6Trn?^mwoE{Ye*%)-zQj&nE~
z0jP!nrykl^8Guiuv|MN#Jw0r?FenY)9`pu;K2W{O0yjmq)34qYai9QEMPyuvZ;lDR
z)*Q2r6CiITe0S)M4bS6!!ThaUF9c;iV1G39cm=<!h!UVeTC%4OqB>06XqQOYW%7fF
z6pMLOR!V~!4k=jAp{2yhr=Pyrr%+4o>p8J_^KNt1DL`)PiFrM2a8Z2Sqz$|9NBlz|
zWfQht)Sh)(FhPy+e+iDOR=~%<cNq~hFx8_YI{Co6k}YyF{`NrYkj$)S)1fR$&uT#X
z3y$D@kT7CX_=Aka#AY*#yW0fBeX`M-r(&%#d7%wAGp1lSj`ufeSjqa>MSj!jDr@r;
zM}6%e44p;4(wV!8A84IcV~KCk?kHW9{N7;&oFeO7ky(V2{$`SrKjev2L*E}PdzPYe
zU-$}<wkQ56b8ea5I(^+>bn#-^ommXiJy$Wx9$0wIO2Oa@88CB&(5E}K4J^3!9_dA2
zwr@7aoBucMFneC8aGencdLa*EAoCfWGw$-un4eErM7b)aMCBLotHG>TOIGnsQpr1b
zR30bUS3dA$xkZ;_S3U;^8_1teA7-Se{X3GLza}00*L%%jXRZrkWq5E3ft7tYk)H>-
zwnNnlZCL3V)L=ld81&8erex*f`Eb$yhVutbj;%F<<?4Vdz$sF0cq3WND)a=_IC(DQ
zm8Kvd-!BztzbZo>4ShlNtU|`({d(}PUb#Ucqe4?~9j^%Wfb)f3B-@+Rr-E1J(Lha5
zjVOAnUacV_5QNB6k<3O)n%~cmMRu85&a~=9QT<BKEL&d@IQ8i5g$2BXa@%QkgS4G)
zZ<FX=$&J6$jYhFrmT2}|!ot3GOgFx@r>Q@p0@<5&8~iBMI$Sh6?_Wo4so@?z<xhuo
zUIq%36an)#9s6o3MPbwre*(35IWSV*_(gKPxJH@*2{4Ateh(di`8t_jL1r@C*EUg`
z*4mf>2qXRQ$NnzX`Qk$AdeonTzzT7Qh52F9Mr)TvPVS=5iaIsOP@|URBP_XzY-QmR
z)*1F+kpw23(I3Am8NR)2=YWK^Yp+(J$vu`XB-UL<zPjjGxgMr!N9tW?ck=uO=F8T%
z2OP^qEqb)wffp`X!da^yrgAHp262~Z9QRtCXOYVv>P;NVMME}H{~_}k@|%}n{qVnT
ziNFP>MfFyzfm=a2y!32Zf`nvb>t>j&7d~bO^>C?KYIAb!DGe`{hY2}367uC;Rmzg<
ztZPS9P@Q2czx%wQ!$@;R6f7Wgc);w+g5rP&%&PI@h{H?&XghHFH!k`Fxyl3cCNVuw
z7fjeGVHB=E^&#8KL(MSq2IAx?oeGKuqungdtPmx{8x$njs+BvV!>;=xjnRRkn-4*2
zw@G)&?0~U6_|adbOoKE`Td<43!?W4FDGGckz~8nm&b=+x*Op^~pY?UvD}EsRuUTQ@
zI)P`ZheoyT3!N~4W(@{*1l*JG`vcbMNt|fUIyTD(<EzX71NqB_i;qIv3&(rM2=>UM
zk-7OM6hT`+h!-|@SbpAA*lXr)AX`Q6k!J$i89$flG0(Kr_V4ai6g2H5>ncy+E%rW$
zqJ^9P_jhV78wPb8sU|d;9lT?D+zK91EbNtk(*yk&v$wtX7OMYJXSfv_1a6*!uiCB<
zl>@9fM}?-%`#^e8ASwX)rIVs9o*?Do9$iHCgBri&KVhPS`I@OYH?V%}f2S1L^pOv~
zm6J`?-kHVZ%fdE9udI^{6@L!OP)2djN&;`LZRh%>Y8;YTFxq`v4IWDW29^dZK!Z(`
zlEyf_!XntrHe^a|KVzc1vB2!J;-ujR9prr6Ibz>Q3p7l@efT*|^*a{19zT9-<<z#C
z$c1+Unq|(RhhT$QYulF`I*tVZy|DUErqPy)*JZ|WCD9G(v<@|j{M+bX{5uQ_{+nyR
zSbJ4`vqO}ckVyg_&_u5z3J-+7bQ-fT6esL;HveIA7lPPiKvVD6)Xw~PFd;sHVumIN
zgBGpD51Emb37Txe#Q!^VdT7>;aO~-ioT}k8fa5oG-XjG!PA<?a@XeNZsje?=xy*<I
zH#^14^{~eBr{AqBcEfie5_wy+$Ee;8k()^=XCt33qfT?$HV%6#PB>QbqVMjZO5Bay
z5<SGem>jm?rM>Ov^J%o<NY@qZ+jm2bIH5xR7cqONy<Iulve^~W#8baf+F^3ehWoLq
zxgo}D#Xd}yF0q;$|Io_9GtnfwqE}j!^sz7@mK|vvaZhnqkw)>XZ&A$?*rFA+`3p&(
zfiB~L0O5qmBh(Q#aVzq=>cps&VGQ08laWFyLMs|ipRAK%m+vwyct&s{n@Ia_af`?i
z_--8hC-NeEV;*CK(%>5{_XXc<E&uH(KybI$c_m)a&{4*%vo1<vB#~U?SLmL;ZvuIL
zDkTBu_g?<Si=Gy5vM8A5XTv#3vrS|zgq5$ZGO{T*&Pnp$h-_I?WLR81DC+)|Ax;I<
zL^DRJnZH#i^)YcH(1m=7dN>@`ue-7bV1(K)%iE8a(ySiVW%+eL?$sKEVc8!-DeO#&
zm(#!%!-RFHAP@fWj$lYZhY5Vpq@#Mtus)m~^%yFn+R`VMrrEF7Vp?=wGE;MKzXiak
zm}G6Wzb32I8>RbLRvYv3AKkJ&c|G*4&w(i)j?rZHoHkHfekY9nWRrl9NG9!d293#H
z-ykstAMV3>);TMo4;(=G3P?Ba@4&Pb|8Vh1eR2Pxbn7Dk%m^3dFe?t4hT!Tb_k-es
zi~gp*9<^}II?YJ4E`x=cgdgO*i)NsC{WMj>d%ID-%Wmw>Ax%nc!O7H0LsY<07RKte
zWP{XvpEK|A`ZS&%vZj6`69$N4Lvq-aVgp|BZrrL%S_Y-&oO@9;<L5+ML~;HsuUg@x
z7y#7LfAwR=){a{h#RZnn!AgTajMD8RsW$DE`|>3{TLoD67Qe+w?Ru}F;>^L1`Sbsb
z;sucqBi6`q^4fU$pzzoX!Hwn^wIDo8y-;a!$)?B-g%)ZiSnJmqW^fGedy7~{NaSU!
zAiAqS|2PY}mWOQpLAr}VZa`lBRb?Q9;?K&cZediiQ!4cViE+EMbj_U-@D3c+m&k3b
z(;PR3aB8a(#rq?h2oCXqZtDd6Ye#D~(a47Zm?pK`wHK)Kc_4tQ;YzgFP&(-*91e~1
z-Csto3j9Bc&OM&#|9#_?%BK?@sT}q#p`4afa@ZCsq^u($R!P#q$k|RIO-TzOVM{8N
zV@|_tb3WuSl2dGRp5w+gw%O^o-+%jed+hys->>VwuIHsgB$qo|sY+)~KbxNoB5k+M
ze<8fHl5QIo2Y7oFJmMe0)?yF&{6VL~GJ@?x`!LtUyEjPE5EioK0{K!d#rd?;1{ea1
zvQU8Yz*Tly-`@DU{F6+Eh9wgAmLN{s2U;x+CPo)M$g*IM!CZdadmyFhaPFq1R<c@s
zqm)B-k91{!WZ27Q8;EPQBjUyc>3zbY<lYo&;o9yYtgVY&88Y+Dqa}PJdN7!XGl5!*
zSE`4@{{0Wni!J{d?@kY~S}Mkl=VrNjy-lMZ6_BT8ZjASfQT(G1ERxM$sXBo_p+EF}
z?Uk)x6Xqyvqx&T5B{QDmI7O54$~yAQvCCyaeSxaK5VTl7>7gLNqpUHME+kbQfO3!y
znVExyi4xCSey%DSkb1fE4T*Qib0EMG9D`Ov@zkjx+am89>z!5X<Quh3I~RQ&<jPzT
z*60;k|JI_ZSXRw%l`J@n-UWx5{GMu=JZ9eLYlXcid$E?m%KEVY9TXV(XD!+-<+#sp
zECnsuKu7IN+DcdUVN|Rw6NP>uHN(&)obHH)A4;|n67raZC{lC*CuzFN?Z$FDwnTV@
z802AH5wDRI+Eb%p$gLQI?{BYah5x<Y1@LuXu<z=7*WujtsE~t5rrAv9Zv6r<bM(OS
zS&!wRE*-`u$ivjb->tftl1qV4#=QIi!dJfILBgkt@pP**f;Y(QR|aK=X3lr1Pq!$X
zEauU&di6%{j++(Yy%|yVDife9qY%ZNpjv}UN7{J$P_3wk#jwGz1NLX;fpT@(VeH}6
z*&}F0jZw*CX~ZqL)95nsCa}bERgAG~DataAk8WCr+ppi&)*wj5I3jH!rDT%&X6ut=
zVX~4qX#A_hDU>$C{q8#B8E5pW)3i%~d!V;K%4H(@Axjvs2!%(>yhmGnuaDppIGqHC
zrFDYm3&@CZ$kImgV-s?zCCzR$J9AP2{2Fac-#w=h2q3K_M7}bU(!j|-Ub$gz&h|jN
ztF~J!Qmg&DC28_ndAWBip#7~Ivjpg<x9nRo+>&wFPp@s5^E0nzBi{5!|DK!I)*f=I
zL!lp!MagAiw$+v1PkRVG<yhvCKFf)4*Y-7oWL+i5jnFp!$usFo-uOIb13M-E(zg}i
zpJV=IV%V!>-;2fi`#_u{4;)M^v)j(+nl4?ao%rE;i*nq&s((+lD{|(=2s-gLGTtD!
z>sFo)J=WPFV#tw1CFpNr&d=)qNVW~O4f6A4P5{swnMCtT!u|Y#YlmGuC(S#d<rj}x
z?m~UFcPRpYNaDOsoH{AyJunb<cV-b*ZyNOAMAt(b<}{e!l8_a6Hbp&1N%H+pfv^6O
zezz*8Xhm{o{!+roAM6vUv3Ha*>KMXbG(h>=>T563iTAknZPy4(#IW%z!w*g-LFd)i
ztanf|2D7MP%9cH|`{cv7r4qkb0Qs8up41GG+xh+uYhrje<W7;xmp)E&SRj)w)HR-m
z79tz@pD~vFwO>~Hhb*&}CcKV07gx`>^4*~~9NP+35SbgamlHhT(2q9a@>(;%k7t`F
z$AHVd)3}7zPb=pd{iJH<+F0k+YbII2;4$ouL`+%4iBrgK%oGE2d(0bj^R}pJGrD`=
zpTO+D;D;ARcWkzjq*KmPH6rL)X8mS5VthRc8lf93Njm~xb?y|s84qerD;W;ezIt>&
zxZ`iwa&_bt!sw+ff$*o$te~yJ_0#@0v8sreM56jn)*z^*I{h6s>GjbCaQ*K~C1w<|
zLONB4E7AZYN%<lou_Jx=IAfcqBCYP1;T9ZSa?}<dja=<|BYmR~f|2bZ>27jcf$T48
zCY<$RZ%1^^)t1um1)Uh;4T&{CIA+uuv;*bpF*;OIj|JW|FFiAvl`rhoeqFSHZ&v`c
zPG9sdfPznED8$}+YIFlWWd|hQdYC++NU%Ms5~Q{Ju)-qX?fkItP$8zJfXQw%k-Zq$
zjiLC0sQ2yB^&^s#ekzkZ^|}Id3Q$?%rwGji?Q)uI1Z(b<vTJpo9j3MHgAdnyD|&WO
zd#+#)>oQQ=R-YS(VAfnRnVsl$D+Gsj#d?_m|1H%1yglQ6+1%^*N2}|$TH@K0=Im;`
zM{qreXJ9sMqY{7AKfSZre(I{Ecr@j)FQrpQ)(CI`buaizYi0&^DeSebqIKb|mIBX#
z9T8&<CuaQ+qtqAx#BRA@X!vK*Y?w6tzWF7Yy<AC7ECT-HIgk7qxJBdC6W8qi?36rt
z!=E}y9X_>DW;EudE%dhKlkRG4B3fL{t-~EKsyc=Ea0IY)#clI&k&Ebv>R8=Rv72Yu
zCgHN`B(vZx83>raeWcAV!6w2Avb-;-twXk5S^FybeFGs@)H5&mnyV()q!DH@{dqxZ
z&*2G;gdN*M)4kRqX3_=a`xPLkA@g`ZzuI$EzVR(EV#C_<o~EewX_z7o-gdw4iGN2&
z^o(b*uon<sGVn^k2<6x<B0VGbf*Cv+eLlZ*hZHjSs~Wy@;A;}dlzLnxd||V~ez|zY
z0ll_4R9HML=S_MNxB?&@3Auhq^h0>3&-W4_e&6n_TkKP}kT)qinHu2!?B1%K%X4~R
z>=9P%XoJz>!a7Rc<GV}AhPz862Zri}3NXkEsyu@T+iz(&iIKl>#vV=&hRnZ_eC&fm
zs(*k*SJsrDWIcZUF89ST*pd?D*2c9{`yeMvsspc1+4SIp7Cp|tDvC~FcCM!en+mUc
zgm$of%8tF1{GHaa8;yVM2kPM*{eQ?GL0t!b>9G7ED_F5#`?}M|O8)5PZE<*GE~<>z
z4{oZH|0cJTsf7QvH1DEa-9SDw%}~#C+Yq5)i~`t4AG~SH+!p~|@gV6ZeLgZTceWC)
zk6E-lC`nylL@YtqsYVtGS=UD|JGGgJz7M2ZLyyLK)m(dVM_QepbV7d#KRGh(B)KEB
zphw>LcZJ)M&ejyBW(&2ZH9TY?8^VznhXAEc2b^Lcx5dxaUx0381Aj^j&e?=&FSXwA
zM=yK&N#3$Ng>T@yf#e&gj<pMqY8-DzUKE7QeO6bl6`*ofZeiez6N4;d$&r5fhyoOH
zR@TLyN8Ol)RsG(zm&jZxHT%8fNgR=hf@))?e?#0yZsz6B*vo&5@u9$PM%?a8iX39I
z;qQw@IUvE|ywnEf(;%wgoCW`3oDf;pfBh{=<i_<wai`jK<bY%FlAzC>wG(0of9Zb8
zn|(|6;`b1DX8ZH4jR_qEB`X+ZYuPD*_0h-Y`A3QU*EetSxP28pmdPUH?M7QBgIFCK
zT@QC@9{H_C4f&U1Lv2SI=Q-WT+n7aK^DH$}dTy`&POCU5Q`(KgT^%Xk4Ea!UV%`^@
z(X=ncz?%pOnMl}`GE`*2<up83NItd4vvU7NqaF51#QXbronEM`u|nT>GZ{#)b=rvL
z1j6;HKQ(o6`do3U`KFt?z;I}&@YG~3`sS+P*TZT&o%ZKgQ$X|FGjZNw)&Wm3;q$@B
z>cd83@I36Bd_Aj*=fdAzhPWFsG+H^eKlh^|(7mEy(pjS<_ZQ(;z^DPQ(Sp3>mXKW|
z5_pjUcOJ(NRA*-Vc)27U&5(C`D3SQF3;3y5cD1UvZ(=(fN4;wWm#;~lNH_aNVfECG
ze3W)-UO;tt!<pOc@Eis7o)Zb*zgk?fO6QNGKS-W!7nKk3GEbe?|CWE)#0n?e96n>b
znASN(601eHxi?u5)?=2{LPzuYO>+rfAJqZYl=BHsFB#9m9|l6f*S3j_7Mq=vAN>M?
zrtI^zZ&E5G!W*<q#&r2F*Ul;P0uyreX~~%O_pH2T1vNjAwK!Rj!%UD~<~~6Elg{rX
zK$DnN5BYVf(65#AzxsYLU&7PrNNU$`H$-pC?Sz`ea1HX3FkT@+WK6ep8J(nFQAa#e
zP}xH7gnBOA+$^9h-5eb|@1rU%`NUo+>v}hz<YA?n@Ez+#OTj2i)|=;+$w4=m6%kg8
z^V=YkPX(ZlL$wpzw)%4`bUmHfv}#U?)_172T47}ucV_F36M-s6k@1+1C;ta2m~Y;a
z9Mxhf_%ohaxw*CBrT`yu#jbzo)*3jTb8+AbRYScS?5=&|(;+Sm6r7yw-@RPEf4*C^
zA^Z+`SQXQUCcaZhUT1YASC!jh`ij=ptLAo%>|Y~pN5f>}RD^(247B5u^b|hWI+=AM
z=$G)RR816n_MY4RcteGI5?@(V+Lf8GY}Kg<t*Tadde0*6{N&TQQ^yiswR}5TZ%#hL
z{2-k(tn9=Z4R2hVY|_(D&iGE*#g2f3wo2Yf>WQLM<&SsdI`p**sR45gs6?^ew78QM
z5Z}Ak!UHov9LrQcx&4TQ{-4lnNeRzmvoA*xcGu`DpT~aO%>n(T+@jCgH^@KA?jiuW
z>HSoxxd4>I?JQ1a^`*nb8RZe*UIdA7iXy!4#vi>2#5l8W>J86ZnnMDYyraa5o~#jp
z$?BX|9W?O@YO}TVM+?aD@g~xs$dD}^`D?t9dDTeq?=MwN@u-!%aWg^*4^IoTe~eU}
zwQ_F-maYCxh7yls^sQWWAjJMoS-v+{GJR2l*N|^Vj$zCbIE#w$sS5<0_we8Wvl=5}
z>hbZk<yu_D5svu!ffrLc7Vg;tihy)+1njcM)v(3fGmYHN#e#Rqp=)040$*CIK?L~F
zWmB>^Zy%avJY>ilp!5qj(K4%F75qr^4-p51mg%V+`(jypb`<Mw$PxZ19X}bbWJbkm
zPo<7H`!G2aWr$PU+s*^%Rc+)g1%SnaxC8n9%YOlxD^2B{?~fPh$;!Cu@ht`wJ{YNj
z2kH6?MksHhcwYJXSX1hLU^p8nxKCU}N2Y|fMx0f&Rw;Ex*-yRC9G3D^YIPns6fvj6
z0A)GoQ(XnHsi)8pyj`I9#5~}1c!*ol#Gz=&Qz)hCJbGimm9HwFIfTXLs|8m7(<dCI
zogkg0D#@08-9|aP8XGy+X~$;q>hCdx$~e)BZ@GQXTd41{h-+;ff^1k*7Bi%72I7i*
z%-Y)~Sz5Fr(taLW`X3|V1nTw_ixiF->JRFIdh(SWqo)F^Ahj@7vc!X2)~5U$_{Z3V
z@`QCF2Yg2gs1Cs;)ap#=LR<)#93Av;GhFaJd$b^B9GlSEAbI<*$N^`qxey2ND-tel
z7EW0PqTM|rPp%99)-~y)5$x|1O2YV#r&F8cTNgNEU6buiBM8GH%L&*!-*)ABRGbuO
zKz`V|xyG_U);IImpB}C+q_lANwnypD+M+nGt$;+d`ZzKDwVAQW)1KHfKM9n9HHVh7
z`bjl^X7V>f`1a-u(nf1N;$#aqr^eH4lPKwnswFqvuUjssZuM;AoWYfblk8pF+IkUe
zi_z*rE)dN~D6c|VecJQko3m=3vNro7r53e^cO6*GC2#YIFoOQ*PpCEw*<zIj|8tpT
zbC*EknP`V5YssqLSVnXJ_RYVoNl`~{U#g@3%Ilj9TkyJ-r!9<)|G9tCZoP{V&Z*!`
z??O-suDhi`!L?8xE5{Y{?CHXaHTyy6_~8lO#?i6M``mo&cLHo6sc36nm@eY5Ye&TC
zwME1|;`M5&eo!6mu?{jG>ly_p^ICh%>Hf<0VeMTrNp84JE_P*wbM}XC8|}&TO~=4C
zT4%~`<+Xq}YX3=7K<HQAF<#r**3-}2N5Z*r<NjWnLmC#xa>0%nMU-md<dGS(0idKu
zgS1>dx7u(2?}sXKwWjD`pE9INRMOUFwuD+yTylrOYHw?S;nSv@pDW9D%Z=gx_S$3}
zQaCCjxChoANlkepD+BZK^zRdMuBDWp@Qt1U^BOv9CHT*4p6$5Rb*k{AqB0rli1Z6b
z<Ae7T@vUzFariI_?sFF+`FC@LUQjCYXpsNQ!ey00ByjdBD{LOeq$;2W$oqa6VgF?@
zSY0?Ib7x6SEO8ZUw_4YYZ{$cA>&Ky^c}*%coOKH~Px7?g<f-e0o2HXJvgVrCP3;;J
z?PI#j@5-VwV=nE~%9}_4v_{zM8#2vcy_>OSUB(MWSSpRQ(09IW(CD<toe|^yQ>RYT
z0`vly_XF>&51ej^Ss`7uVT*&WEAu=f?qdw@#6h=zQ!(o-@J32ag-io&#`Cj{O1N!_
zS+~!97Iy8NOSYqj8LO(=z}}Kj8;)Ve)hqSyp|k6+NM>(|Y!J#pZC8ePPo3!K=M8p0
z8ZrYX2xSeoeBFi)SP9ZWm$=vS6o`j~IrwPHlc%hur%M5CIC-W5cioBG-XhBln6I_b
zX;pu12>4ZbxcxsN(&m|uz^XzCC%Y(0oB}G_8+0jbzGs+x{-gs%L6{zXvwvnw&O7W|
z_U%UFocqxFG?E|@qcRHoLt<@8x6i`|OcZ-SkDmBgIiq^MxXrYiw?me?@I1@TbEEb%
z2Xq}{SE0qrnv}}cHHcYYQ42!#`^5e^wD}SFYS)u~Xk0wL{cXD3c&qi~yKxK;rv<Jv
z@kznl-htdC?D16)MDj-Mvjp)FJ#6N1B<=2FT)D(n_LqIgWRtc?Z_lAm$>EyliYx?s
z&-M{@;2Gkf=${G6BPy_O;YJ&U%A;8B+b>z1?V9$;O4s>ckzFdIS8KLm_6R*kWl#Pv
zI|h^eCK89MxK~0|*^=<NuPJnk^Qz5G(3nsX&-db`(Xe(0nOQ0Iag=@7O>)yXd3euY
z%dWNa$$1y|yeit=Ua0oGYj{tO4ub{y56y6_$EiFMzc9R1Pnk-yX4>O@m2mC4vRj^q
zY4=wHZEw{x4X=I()6-Gq(<J6lMfSOPZY~vDsH{zaK6|{9(9*4X`Abd1+DN4HA?FEc
zWJYg!=vLX|TuS@6gfyyL;jkgT<dfQUc^Lf%XzBaIS*IhC%q`XdSD8K`txDGudF%Zd
zk&g|Q+is-MUgajLny5>xMnk?GVkI15t@?Mp@LM|6SOC;o2RUtqg3a{UE!jC&3j#<`
zeeg&wr(75$44ymks%d>Zb5*fE|HbV;KI;4Jx*TI*1s9>e9eAy5+b~kKHRQoN9A{Zy
z;`txQ{ZvfkUy{F^MKlw7oopJ<i%#SZOW6I(1{eNWWEuU;5*Wvy!+jtA!0=qJjfVzK
zyY74hPOj9I9`%*>J~#}|yP+<H7q)j?+7gsH&L#z=qCXtN?BaK4CG+%y4{vp(mL#2#
ze!R*#D!Tq7`o46v;6XOkJVg8cN*=xRyUvcliLv=nWjs&Y{22*(I@HK{MKhy8jy%2m
zGM82`so5`b*fqOlV_==;WWhUy>rAUCGY0a=81Ych1SaH3e^YzO%GDSX3Fb1oW!hIS
zqlLphz*({oSW9euhLrPE%aqx}`H}f;qURCmyQkkazYXN17=5tEBivTJ5H#W(at62?
z@WiC?+-Tt4lH>g><c{!GPxh=5t?D^N>g@0N^$_Z>Y4UyO6G~&*rkS){YNUzqP~H*j
zDy8}IXy5_5I2Wh(Ke?GM&84%I_|B52IAl^?!Jhxg;YXbnk-cfc2B40mU7ccQY57$$
zI$t|)Y+HER01ALh8*1(3p}e$n@xQPG?~8WSsfg7kim<b!4wbSEOezd{8gua1egr;2
z)FELL<NJUIIq6E0J;C)k^sp@eV81ka=4FS+1nITWdJK8)>I1By@gbF56~7Q%dhG=J
z7*P0p<;$&$AYX-HyKLXm%>K6Q&cKgbt&jdd07Q~&tLE6lgN>oM@B^}=Rg*ymLZ#F;
zS)<QDSh}W(S2O2ZDgdBZ{OG-|_Ky=%mBkXTy-Y-rVg%K#Rmyvhv-SlMbI$mtAKfD1
zfbx$n+|nKMpx^27ZEVvR37ac5vWH!K$OOhP_bVW4vpx5hu)r1qMHls}MrW&}*stE)
z!kUzc68$ACg~7JlFYjy3WziQm8^%F@SB1Qxxs3X@C;%Xg5oWDUc+t?@yHl>V%sudv
zo3*JI6y3#16E25c!9>{1a0(v|37kg@T<<Z%al@0;Y1U7j5MGC_7!#Zomf1Pb+v1wA
z+sGv$!10`K%F$QPR#J;M+8j~4dieKN8;45wV3(r1yT}C$H*%@s^XGvbJ+WA6P0PH6
zAO$8HZVP0Ky3$3LEP|&05-v+w_XS#uj-_=6xMt0AQ0cNDTzxn|9Ah!s$8vuq3Q-iz
zRd$f&XYQ+@IeQkxclR#rok0Edam(`UzAd!w2NAZW8=`=-xtzN}y$Y=T>;I;=c;+Lc
z>A*O1&JIvuEnwga=VgPs?26an-}==n0z)gD)Zl1BMfJ>2UhVM3U|S_+*~eVz>zbd^
z5^KjOksnNKU<03j_*9z0@@6Vmvo>T+C&NDKTwZt@62_}@WIy&Gk5`Ch5QiebYOaMM
z=LqrsIfOCi{nI+kaE|phBe;&02R0#p3#cT2SU<OK!(6;dC2I3aqn&_$$^=7Mj#?iX
zS=-6fj?w<pouISZ=v<-RR@DNp;9A=S6|s+0_nRpr=(cEMJ0e^y8;2|^ppG8qKTPKn
z)x|>A;qf#}_uMSAY4`ky4Gr|jl!VScfZor+|6#q*rmUZ|7we`6jBj<2|BC!Q8#guE
z>%C`$_(<%X8fiz+oDU~&Z_xG%6YoD6qaARi@)2s?nn@kod~eslX-LqPNKm`FfH)P4
zAG8KIX#0P@<CvC2y=*L!3@du8?lF1o&IiE27uxTx1vUn4z~v{limo?V^}GH=9I4D2
zDqz91ws`IPL#aWfMJ<nUsv`aY)0W9VA7x{7=0;GaY_4=j@I>K-%5ir*!r#!IIQ(qf
z*P24q4QB3dD;OKoovBMNdlt`3F1(_x;{$WsX@xt}52}*9yP9OkgXa~U<)C{b@x}Ne
zmv`{(dt}I_NNrO_si)Y7t5%sLUAwiMxWat6p5Bfyt>CQB6Ec$5On6SE8sv&IexgOk
zr~3vPzZ@Kw_zP~1cAOk5rF(l)w@NZOt9A~R2O(oxL!0I`Dnd>PuQ<({QrX%QN@VUN
zqV$u&<JyE=OXAPpk%fhKW%F!t(y{&|xl#Vg6RgZQ7`l5Ft~Rex?6NjYuF(*9x*J-h
z3>QHn#zR^iz1nc}Tv@Odk9Lhx9{}Gp5fh`!N>vs0&YVI9Vur;rfFdkJN?&V^oKGZN
z^@sclogWHYbIOpH29u|HU+hm!BN4S_WqSxkw!rErky)jP@miys*<UgdYH~b6NmxP6
zX&@lp;E+(RALqXtj5ti6M{vBr%0`uHO#L@r5~ER<%vtet!DQUqBkO~@Lv_)@pcw{i
zB<yOgonSGDDX%Vb6ipVtGEwnmywUuYs9PSH;g?|nEHs1+Jw`Gvjf}B~k|yh(I(OU@
z20U1AiD-r7*FzqbZUP<56`Jhe4jH^&fv0M{Qf0h7z6P%+-|vq1*Ttos4fhdyc^jht
z862t_iy(iULmU{of{x9CsnTCE*~xhKkupq%<WF&9p_iomGIEf;&v(1>hKfBL;<I_>
zi%(d{Ln8^Cxu<CuagYyvT}e&wpNaJMg8ylkQOeCKoG`<}tlZ2IXBnh*#l!!Jx_=tl
z9{qO8&y2m!mGhfDC~}(6Y8~bz(Vn#OB4@_Z?&B_&;shV`x1!3J#x=<`2{264w+n(T
zfP4nrh~J&Zwo(rYeI)IfEk~0ufp3@BXPsiK<tZ=PG9G-#-`AMH+TzGXoRXUEa!;YE
z)n3d#AN(bfg`h)M{?mdhTJax;;XL4G_~om1<=4q$v=<;@NcnpR4LhPYVi*yJR*W^U
z_)p|Pse=IZ-2fqC6wxg$nO+Ni`Vq2FwChs<7k2$j@%xoaG1{8Oke})kfQ1Ig7ddXK
zWj9BeSzWyn5+QJ6R4Z3<UBao8BKpOjMLb)1AOu-xBqps}tCtQAS=1+6F3BzUGoJ3*
zW5}0Ety`8$RsjBy>qK9GpUF_vzDU0AaxXjYfn{rzhJamwpKGuiWDc<r`OB&~VHtF^
z9;0D!(^};}L}I&YOtSZT`x0J@qAvV)DDSH%$BlJ?X!00&@>wNJ`=bc430F&izc34R
zc9s8!?s`DPxlnaxnylPk(c`PaHj3Q(>(X=QuL^7a6)@v1f1(I!wqkY+diH4GWu;{%
zzwEau|8UU55oUjw`RaZ}D<`q2b(;pHj*Jzr1di20&>@%2aLEHw&%o<WGd|7_sY$_M
zfhF`U<7-d-0bQQ@OAuIVP+lzue;+wYtp~Lee8ozj%RfWZbRgX_)i(K8vU~1Ooy8kf
z&99dfsl5~UbBsT6Jk$cE?d}++17r?9h)$B6)kuK02=jA`f%7lVFg<4WE{|@9jWDO}
zV{HX*pG^#H$&E84#V7B3m#pd>gUA@EE;q?dY3Uk-aqoyrrZKG;La!ypuh;)aY1h*Z
zKu}jx-$vijAp0qJrwQLW2KgXlapAw_7O$}R<3K_kTvJcAj=$FBCVA~y|FkrwsjH5l
zJ)S{tAq1#U1+mQ<DuDaQ8#m2q@5Zd>b0Gz@A=_pccE5A}MfBr&e~R?OJRyr&Fe7k?
zw9oL3YFtQ*di8Vkt`;{fTj{o$f%T$asjd;>b=>AZ+uC(D!Oj)slEi-`hbz^M$!3xo
z%r2^>g1IlD1)I*$!^alggiPbj)|Y^d6_L3dU?O&Tep?m~%5~5=MQsbpfh_ZW_?Diz
zcZMGa84>p=%l6{W>88N$il4=ca<2W>9<mrPoZbTZgeq#W9FW8^TM>zB1DO&hStz>-
zEu94Fz^_jcf_?EH+J)y^bZOJd-)cUuoSRHNUxD_YEqo|V8LvWnel=Y1c5m{ThHQTz
z;q||6eFAeH6#jKr)LpSiuR%?!zXSkk^>4J)m|D-hK`+V%qFFLhVU*J((+Gl0U)H8t
ze%?ON!_;!ek>foNMqWDHHg+X%{<-!_@;pJa${865ov6ZVFOBVxd~fFh7z}7l9p&7y
z(x+0*W*gil;tqfb{mShCQniOb_<lL6R9AuK^Wy1oOL5@u-5BaI3!o@BkLqy%u<|=)
zSV&x&PdyfMUuNf#gG)oY!}uI{3<4A9^?I2(au>a3`4M)Kr6Q}X_}3*l#;KRjx>Kjj
ze~y$#+{YPV&PYsTeUAj_d9P;sBfDjT7Vhnc*5PNJ$+1i+OS_UaK!6yjk(k$bglL8s
zo`Cy4&M0zI0R{Y+>|I-g$TX;i#L1!Y86bN?@Ss2P39Q*xl{w!$(2}jZa0Pi+_9#ht
z6bT%g{GZC^Z;<~1KF~lA%T1t?PZ?MvzUs4Z7l~Y3#*bl>fuM4MN|%jlHhzR{M;7c9
z9f92y>?DCVwuF*UhaOlTDZ&SSYM}LX>|xjhlC$>Ey^#-Xh%l!2wBTkK4_>aF9hT7K
z8=s>LPC`dW8TQ(|xQLG=j-P*w_QC*F@rG5_+^g*lE|7RnTHA{62_9YpN2#JwuP@pN
zb`k!qQD17;A);RrQG^*}9jT4uIideY@E<koW9V_{B!OKuoUOmas?kt?kACgxMH9~=
z2X@XRrUbL^u(F3gDM#)Vq-$+aRFTUc){ONDeFt+~*BF#;Uq}Pw$=8~MDN}7596CEi
zy%c<$whRF{>^72DELnt?+|=JoJxg1S4yg#CQLCw=)}LQmC+8yJHJF}wMu~b)_q;qF
z<v7P6Ei?(gU*?h)kdrd%f;uNQUG^>V7zX|KoB(fIp4J*+E+VctOrBDVN*>~esAfyb
zd#1*GAdO^BJpyeNe{tcYEv0aO9guQ=mBa2r4XatLo?d=<zaQj4jE7dM#C33LJ)8W~
zsVL4$ZQB8tI$~du&W<*m!C6Y(QVjs;5N>rPV!IUpw)RpsjhH8e$XMAeHxenh^V$Z@
z1Cpz4Wv~YW7bw}(M0p+;zGyu~6t2<l_}d;}Fno}E)3@?mm3GgB<xD%>8(#K|-Te?>
zyph|``Brf0)5?ojlHerH6jziUZ?<XoBV?=V>!3wX;l6GiJ<>{u@9w!U?-N_G#_U_k
z4m>ecpq1q?0YaRlW&w#8HTUX6_QY3n*v5|e5r<1F1MMYYgDq9Ir}G*(vbWQ?tnWd4
z+T~B~A_GGB(FsQHUPQEpxuNeg264apmcgDDbd9YD&Czgy#D65q>c^^KXr_nnEi=C>
znXr%5m0W_?j85`gn3A9}q`2jiGCxsz0)$GsfsDJ%T1|{2YzOBGnxs#q>0(`PX8TNL
zQ`anhKe>3}pX0j13(r<TUnjfA<NLZBs%U-N!8Hzr(yhSx{sU^^X&i1IK)g4yaqppu
zv8AD~Cc<RZBvC<pO5JNSXP?+xuH)fyh*+civ~u9&rpN)PqJoGF+nRvGAEUU*AU+q{
z92+kU*~bGiDBoJ9q@mT+Vg0YuxQN0tU2C7=mwupBo%Jxa-2J5MkEDlmM-X1K*ZuG_
zbbl0rd}Cpv$x8)7Iu3p>2rfJeX$qI4o7AuW!qeHHBHxY)$GNrPSfv&6QwhWM=icut
zEjI#0$4~D>%M5BxA<=t}q9cjbA$k_qAA?M{&CuRR!mleg4P{j;zqdbu)OhdC!_oqH
z+WH?_T;0QktC@#Sg_qQVfa0SG(_3!O#EXXm5H26hnJehpWEoq4cgPWeNXtrFCS{jm
zyhhUw`lmS?%Fay(ih6a7k>S}=_s!D#?)=Xw)1t;X<>*oQDWcaekDaSuzf%O3k)Vx{
z4;3%zuB_x-Z&`k3uMKAd=%qL#6m$QAB?^8{b<qjD*YDIs4$#RtpCQZPkFJy2c6PnA
z!$skv)=l4xoMvfV%7dbTG5ws&Qxq#0Fh;0Weopb+ESR4aTuO$d0_r}#+eNatwMw5`
z+~e~n5;=7<s#F#EIAe<#?-4j|*$kz<K&8+3GrfHA#cxag1Kqv-s$)={`%4d=a3Tly
z<0SOzjImcQQ)saZy>d0?gZ=_)?5@QO@Cn}ApK*eT821f^2)yh>g8MjIjml?d#zDeR
zy8}4rU`vPFIUFNftITrvhg)|qILSQTE{*z)+J@1a<@7IW-^Ismv0XPm;W~;Eo*rx>
ze(UzOoWIcFcCe)8g?0*7ux-IB)Me>+5e#+bbPpMKM89AEC$!>IWw^n&l6F>r1`LKK
z%}ywUGSYP%eT{7Y1~>R4yspb_Yj|z)B3qjEpu2&#4SpG2eHLfTX?8OMbr3E;^WlWj
zxp9Q3CO+xZP|=2=L;wU*buV->Q^20Lk%LHR^Dk+XRs{=FxsspW>|uRNAG;9VTvNyd
zTPugQ<b=3`16)<w9B)C}UJWrPy2*b7-LzLu@Xm=(;>hNS(@K)DI_{nhn1N(Hv)n22
zZg^k(GUI;&+33UOmeh9;zli6T0FRJooeFxnSO6w2i+&7LE<ToU0AT4P1Z<!9hi*j|
z>|-j1<UiQaK9{K<3lxumOq;-vO=D<jksj-u?6K1Xvbz`cCBpXSvEGM)EeW`?t~(6%
z)0s%guC+cGm+)rg#q>SUWgkb{3Ca_HNt^#TZb}q3eZkq}m8wfo$Z2!5kyO9^7XEdF
z?Z7r{d}-Zf?*E9&b`!D+UVdjpw5-%w7^*!>UjeZ#y!&eghgkmf*3p`e`uS=6ygj^y
z=i2lEG8F&;Ff(i-*3ApNj=^?Hy&ADzE`xzPtj^P;`}PfVz|Z7VwyhaSH-Ku27TUEm
z1sHAvR?pJ(m&B`QLlRb1y2e0yJr6&UK1{s_2!^^$sRFsGT(!N-dLSv}Rrxk9>976=
zMU?)3vJ4nRvS-s6^zQPIL^2+G64P*lUF92Z+xpaExo*|R?~v60zGJ7i;6m@lQqE+Z
z5v||gjDsMUO%eoGZ`6@jO%cMg&5homM8pCfc~@*=!^b~q|N4Pn{}Y$r;EF(E@y%WR
z*WDud8$eRZf8p1zqDf<8z&E&0&dpuaelyHo>B$ZVrYoFwb^zdiZ7(Fdn$o_o!fC3d
zZK*en7pthn5ag8{b06u45R)Y2Kg5nE$Yz26<Ed$Qus8Cr^K84;Ob#TK@Xj<!gIHmp
z%_oHXo5;or8_o0VJ#T1QOYEo_+eFsuLE%|5FI`_<{4}6UmoSLBt$A-!Q75b1Z`eN5
zpbr<2z^)tQ1*ww(n%lHsyG3It00O30eIyiHt<ui%Irf#aRX#++88iujBi4P-uen3-
zAgGkMH>!&U*1s%kxrFDg+wN2IRfB#)dr0tb%*OLtcler$smU=ExyB3(EBP}RTefz1
zUdO%UWN3D^hp!mnR{$9)f(cBUvC}<~Mle4506$J<(Lb=9dtz{Y*&pq#Hvy8q@Yeml
z#{uS2nTB{1z<EmOE15YJ;mkugr8anpSNay*-iAyow#P{FSIvmr^v@cFn<K}3uZ>Z&
z)L%p{V}0A;L`j3|)UuowPjG?$p<1J#sVYbqx1XBeyo9qH!W+Sn8xo&T<fBbvkCK%9
zkzth^Rv%XM!&eUdF#J5=GZOY_^I1XXK1#?2!3EdD+E4UR<_IDn@~@u&m70IGO;)N6
z_V5|+JjEtg988J%+Y%$#8aS+E>GA-S5sZH*V5*<R(T_m-*OKV5+QnD)l5&$vw@P5y
z%<`ZPgPV=Sq;xt(jp|~<^uRVt>FYHey!Ocpa`Oi2ZuZziz?br0kGy;gYTEf}_%x1*
zBA)AO-GkP*P>q$D@r#pwXAF@Hobq-t165n+jA1THnD25T(w06qvvP2NUH0QG<$W*3
zqb9XxGuOo-@)7#)>cORCbk{1`^#H*724~lxRV(aoBRXOPMc4|eh+3$e<-~kk8dDz&
z(B^-h_MK^WYszRTF13R6f?qaQ2KK+AHDb@sja%Aa<Uy0g*&fQmDb^&0@{SCym1JD6
zH>XNG6jgQ}_=ljhY`8?zs^nZEUAY_4R}UTJa3LjXOp@yvq)LR7hlcEky8kWE-PnH%
zh<vo*`;_S;Gn#1={m0S&IUU%5fA2byxXZ$5?_tWO+`xHNJKOg_X?_*=!L-16M;$@#
zHcynWrgko@+-s}qGu~ThS98`nJQ{WBhU=R4K|_=|%IKQ9_*PfKyw%?(OxIDFU`j%K
z?AbK&tB+n8a+0^Ptk-&4f8nL}@Hw>>_SMap?1&mdWypVDsb?9^7oTYluFW6AYrSVS
zB^+F-ZA<?L%%d%ML06X@(dq<*`c=Z*(K*tBSMBFWci)1Oj7n+&<l6Kaav)p;>2Jw#
zL`_x^(F2lq72QgfYvVH6^A&lUH6?<L-uL7=Iew>fQS?M<A!OUw;**({0{~&}VXHi`
zCto)-v*vS_y*=s`(+Of?rJQ+stMwSj9wC3oOj~eOTV^uoPTlWT#7z@+2S0O|4$k?i
zj_2(7%O4~F5+}7PaT0PQ$56iMU}B5VMIrmyzC0Z*&zXW}jIg8F#@{7h#(c}0lky_a
z0@I9>%^b@-&MD2Azx$C#XXC{P(@0dxGUJs$wQ>YjC(mG8T?A3?$?hqxv8rn^%cg!Q
z`oF5*YhLaqZS~ipKi3;9&+vz&>R#@i|8Iaj^0dBc9cNnx^MmB^LJxRA`;_cs1o|2!
z_-oU3X03cX+meM=lIQ3W`f&o0`3&7pfd~ov$R#7b*tF#PD@O+Fh_F#EgafZVSLbQ(
z%=aQ6XJ;9=SxfB_4cWOLq?UWP`crjC4`gF@)2}{Li7Rx2-tAzc8{c{))eD_t!<uP?
zO&>Gl`LC~7rQQCcX@&3z9b*5;g1^mtr(97TXKB0yz2+zFCuT#pakW!gVZVUbY(zM#
zb<(1j_(ul^lio~+>&l^$InqyLJOwun*5aEoOJJ(y)KsX|im|vJq!MokFok}CWkI`A
z2j~BOCK8eEPLg!9B<1*+)bjeb@O>B~=bE95%zcUfKtOcg>oe7_CtDagN15)d%O2tC
z4DQ!t_XgVPA01wND6yHQsdKv|vI6+;C_saqhLdLR;Ekv;7f_7#-3^A-0$&!Ok6g13
zCkfzr6D!6LQU=M9uT|M|ai7-p(c$eg>tjbK{hadiD!rAcueQVE%BS~Y^afFFoCDMg
zie99M%h7B%BMbgnj0Ch=&ym*IE_UZ^`q;uRjOmHcA7}=gSSz}JNBI2W;#dP31;0qL
z@AVREPq3gSk7yL0EV^&~gPG@9YnSIuNmp`|xQ?=3E_#pUJIJg_=CA6yl#V^tF3VkM
zM=wRc<+dEotwcS}pk2wFYR{3Dht<YdJ<3|2tthFdgx#}WHLV(_w0G~p20HIzmdBj0
zj|1e9Q2%4aM)6wcVaY^OaCN%GE0214Rq5Hje5Mxd<%-0HxepQ}Ict^16e@{6r;dB<
z<trL`!V)2n-F2OP>DGhl*@}A?A$eC;3LtK+o{TY1S*{CGtdLx-CLpXyuXX%<&)Vd*
z*CUIXRH*vuuMb8aMH&j*Dv=s%M#^Ujal*yUVXFy!S)BA@9;f`wy)GOQ$dR~HnF((M
zH`MT%#fYQb4Yj_>$>E+c8~#vbAN3{D)3~0S5=h3`#AgvRE2JdcLH2YM$}=(Vnd0eC
z_xQ69Qu897H(&i(9g^qYBB@sQEO&-&Bbt1-F`wiqAIhcMSr1;8h2C){svNl));U3D
z4y5Ov3+uON2NiL8q|`<38}_J@6x4wM|I4cMi(4q_gJhOQ{Hf;L{vvv1{l~Ghw6E*&
zC;NK?jBy@xuzZ?7_JXpauNVy!(3=<z{|b6#?aV+|Bx3*DHu>#GvTLgR<%<4fr8O&1
z4^#KG@*>jgI<%8OinEfZff6xPK{;uq5&kBHeiHOg5x&~#?#jIrYW6YWbDl_3MvZ2#
zAh1)V1UJmVDP5QBck}3GIZX#?Mm@TuuCQ>Uin8o3OE!s1exqF32l>x=^~2-^*Ho{`
zEj?Cw_QpNiBEW^qYVy<bn`Cd2Ysf1(`vJ$h3Vbt|@ijxXvp>kH&%UOO-=k@bWw&8u
zj3rE(2b`I&I4fIFk9tW5$gdt>t46o4Z^i<-?Y?WZEQhSp4`|dxFL?9cxZr+y77o?+
z8D%~Krdc0?gau5uDfTS)lXo_A2RpM{xL&1M_7aA&Eccy4$oaN{S^{`|FFauexKaXS
zY4IJ8SN-f$C(CRieIqJtP))4wo@~@$C+a44XE%fF8uGnJ=+?=(z2E{1SU}9e5i=rj
z9qq@zu)O*G-N2)Ts(nBDNB8r0Nbl!@dF|eSSoTT|WL6*fcK-yv^!_{)tw$BVy>xS?
zE`l!G60%kbE3E`Rha5i;dBekT^nA0u8I*5w=!<BJpR$AVhM-E>qviFDK(rK{r*al|
z%>eDF)UA2HrYL`!dN+K<P*`;toz=8$>QhTsaNtS{tPQ)6NEx)6<sAT^FK~m_wKSQ%
z3ore3I54^4n^IkZHCz0$N6E*0nEUqm6lS-IEi><EgExyFqkK25C{F&;wRdx%qGQ6J
zba!WHRM?|S;AE8xjBqSnQaB!yn5_M}+gSAq`grJ4)yW>NwxRN4X&%-f`AOh)$szgE
zB16?f{*Uyl$-MILxW#yGS*X7@=4fc~_3y$~;iK-H3(F=J{3yHSobN>bvpdIMEgx#5
zi}B{zdMut&N!9nb4cV^AFo-|hIp_Ft47Tj`Wy+hT;*Ej%p-Zjg+xKAlaepZL@p}(A
zd(GDv(xzVKz?MD5eZFU&H6cu<SvbHJ73dW(lbwBARiDzTcl&9RP%np1`V}!lYZIz<
z=d`yuyMdn`=f~C8+aa)lCxYeH!}V8}4xJ032dx{~o-@?4`n%K(HpTpeU3fB&<P^Fc
zYh-D#QNwmQiG*v4!z2Ua6}~;<FVcjOdY~cVoOR%!Wbv5ysGa|8?9>kx+%B-aa@9(z
zdCUI@h>@T%OYffEll6PzeOuo4QS5gR=JI{DCUQ>yr(9tx56~3dq>3XaTC(j4uOZ*U
z^gm&bC|q7ybJ&T*WEFSXcFnkg?gmRobUy5gG-kY1zkiCCyGKO7$Ci#0^pfD&oTx0F
zj`X<9nt42t9jkqb(!@P9@Bwl%!zgRT;>oEksQlU0l`N|*){yLoe2S0ZM2=ZJJa()h
z#&PM;0T%8J+#<bF_)DS*n8>}fnYq;v^Dv@D=Z$Kn4wS~2b+X<h1EvwYS3g_wYr!VW
zNavn4Z}%!x`UN{d>U+#R&gsI;Xu^aq=kvGcG!4&8$m!TKWmQ~NUpGw558-*Vp!mV1
zK5KkieMBCP-YP8iE(z-!qfxK_3gd^AA(R)<r93@Xpo;7Q!#fY*y!>H#J?jVo_$e&&
zCBW*+>OZzvfPaZ`rvFE$DxJP;2bBj-#JBX;{(9IJ<Z)V$5j<J?e!OV7gK*DMH0b$T
zqEWaSt1WbJ@IgC7|JQU%cVY{m!zB03|NJfI8D_sbg`@w4WqBU16<H|^h{M2G?SFs!
ziXb|*dC^J9(pE>wfpI(bITJ6Rj5<jT<esPv`e37i5r8q;qcS2nAe3jdDm4(I%<7_K
zzXu9pwa>((in6styTAh(D|*ZiMx#7Z5|kGdc^rHi&u`-2TQlmHr?nGMrL_qc6@#FL
zb(^&pLw(hhGRhg9JH41gFV)xr;=TzeDxq^^St5?1qI+w?U*e1pz(1(4KHEIhcuagm
zz9XGA{$zDZ>(GZj@7shOcxK8uH&3@Hi*DtIFe6nSU2|!!CZKKZs#Ql51-kp~ip|*L
z4m<xgpxbS;``XN#u1UNtVy?yn2-kRk=b<<>Ob%C*Ti!nciwYw$|1OaLoh>p(AH@Uk
zrGl4I#70~Y0eC^vo%S3(2Y+Ki@m=s4`7PO(m0VDhaL|!!u3Zcqn09i;3$uVN9%qpQ
zUZE@#K2Ghq8JZIp63s@yLg=gb*0-BxJgsJPL|d>59dG6TRXYOK<Q(khQHWnS<NmG)
zA)77M!k8SE2c1`Z=WYHbws@!4gnoU<{JqK0FRKGeWW@;C`==hets7wqK1pe&!ew*!
z7M;$Z<Ayr9PPM#iNi0mZ;C6IYB(oq$yGhus%QerJkA2krNF~ECDYu%j+fzXo+rcVc
zuccC#)`(hu<gsUeE<by`%-N>_yA<xjnl3*)MvI&+Z_2jI#v+f2@2#B2*a&303OU~P
zqtAk?&)6y_)z{+!;}0jRysf=>TV9hgf)xqmh1*}$(Tk#qQzu*{Q~ihTdmf6==Kn=8
zvzxb07RO9>bL9{_Rc#idbbn=ZP@(uEb5(FW7@j{KP3}*-qbq!OUHn*T8fk;uKh^)r
z*mH|KsG2M3GDr|04Ms}EHa2;q7|56;GQj(P6H2R9sB^x7kglN1%zax?dnTlu&PBKL
zV1r+eIsW+@2-H4{9_N{1ml#&A*peCIUp^lD$YKO>_(%T|`LF&UXH}B5_S&$JFcO>)
zaH8y0z#p#n-N&tj;4sdZ$vs)?w%4uO<#`27m`^xjpZVKcPO|LR2tu&by#Nxnp6Gw1
z$8yOGzuF`DwSE2rL7;c>5aDuvVByJTg$)3^9Mpdd9RYt4(7;x0J`Qcv9D?PwsCePz
z7M-2SDz|VoQiG9<t*8_H8GI6er^?FL$7mQ+(xsp>Z3QoTl`iQ!tWnl=`ufP)=i(is
zH$O;1^9;`vM}_!5<48fwPc_#oVW{)J6K2Hw$0i@nB$ywj?Q8PwWpWMxeq9c&8>hU|
zc$JYv60}yBfhY4N9__TfBQK<px?m63c=6@>;mx4(-6SBAu$-v+C2ZBpZn1N;p<=pA
zAlnG4tUwRUc|{ZQ<N>2M1*qoujO9JA{U$jxh#}*ps_4nzb2ll&wj&@1S%<^kI|_!u
zz0WSPq=?-Y>R32FDeV(R1r!>60>aB?ChP_yhO5!uZwm&8bhz{RFqiCt(OjljXYrH$
zbB%BIdBl3!gx7K%S2SFUB}}>wO8bw`{F+>!PmzwEmSk>woonkR&wIK`B4@2ginSn5
z(>0)4!_J;;HFJDqwWpA`2o{jvoV2RteP&C07p#_iD<Ka>EElUr+M}<YXp?(Lp@l#*
zpjV~K9-W42qp8|+Hu|1WfW+jSg?pf)GGHj?G|xoxo%>JltfTjV`m>N*TzS9tqAgnQ
zp|ov`1)5eJ`YP(gMYajMUHm~$m+8V^upemJc-ALSWBa}`SSs#dnX+gSWJU5NMlE0E
z{~}6!jTDtK{_@m!<VKj=SKtGvPPX#xy(Y#{UZI38btI`=(e?Xs(N1NcI->OG4C5Xb
znqP$YDP79VGlK8nn^woKRVx$rG8bewvZTWE)Mc;{e^a+z*o$Vx5s|<Ioz+xd{Oy~l
zlpj>Hq_{qyvazoIYJxE5`836^UO6xLX5pYo?_6ZAjQ&rCd^g!SY1V#dviObgUEGQQ
z^nx1ruOMd-9Vga9b3DI+-=HS5P9-;-z}77aCeviiYhhZ=s;~67xIJ9!vS#G|(IK^@
zSsp}Obr)BvMLLx6P49ds;bEV9aw7a8WidUYi<$yZKO9%9a0{Z{^4@;3uhH;X76vuj
zgHr)kn<8K3<OdNK;-}23HJje%c1K<+ve!x(*_^CgEJ`zjKH1#|zojkfyUI-tx(z9<
zGhMjxVW~m~>4n;k%KutD6)iM_0qm&~?$!CXI<(wi{}1h44gE6N6?TdTCGaG_HJK|Y
zT&H;*Izy_#(!;iMGS?NI_RH$K<@*s*83ySkLvD#xC*|KKd%I#WcO=QNY|-fLW-L2Y
zeA`nT!;>CllTr<xqj|?t%!?yOX-;}LgsSPcQcILuCPjWE#0o(V(Pr%YZh33%&<B`+
zdqftoe(b_2w7KXQ#qc89RatnPy;rajTD3-cvz+LwYq9Ely{&h!^H9maG_k`nL2@I2
z_e`)KAc<;*j)lz=wnRRSDWSZbNZl-v%RgqVCt}`vWiU^%x37j32%m(b_eVZ)6M%~H
zecPDha1VUJxZ8NqlqF>CKhbTB8e}#00mb(D^3==?OXkS`z#cULBF#$ajeXOhkg3!B
zZgC0co4qQn4d7LId*3#NHDc7d($!|oUwZQ(!Jc|XU=Eg}@u-eNnrQLch6oYiYVwQi
zYVfzz=Mdi4h4?IG-J1VYFhJFcZTv&(JuQ8|<+r05M_w*BOgerfKnyPkC6hH8K)IG3
z<)dIv0rSa6r-cDReR9vnKfS=a&>!)|Yi--!sJ0ql?i^h65<t=B6hoq$!gZ|?i1uB+
zBcs-OFc24`>o2{~UM?~!X$k~>&|j+bfM?1|gx2>7!Y6{RgP#4uUUfQCDmxK67bj86
z<H6R0?iUW*OUHc1E;YoOK!R?scO^LeF*4a77|Uz?^;xnJ!}jd4jsgF*9(x0Pc5{9^
z6DTP|KldrBCs_LvUNm)kJ2@6@i_!<Cx5z0$sgGyGJJR5yDu7mr``Vukv6A=8i9xri
zMEwcxJzH8rJuu?O`K&LBq&z{nFp4$g31KlG|3<X1LufwHMGbORz3#kK56@C8i|2lp
zu6v(8(9;t18~P7azF>X}f?B$SHei0jHx|jEkDHZa;L>a;xlUs5qr5|IHnI^rZ{XZ<
z>Ff!<o`Q=vHns!2uy9#2nQyzBr20XqCMwKjgJyv69)Mr^<AF7LJp?{Feqq6Q!PCa^
zo5)xMpV0pjLi4aXt6G>NiD`1<`8UWZzi+A4ntUNCQLe(_qK1<0oX8$xW<&*ZJq_wm
zx^O#x$x~9Om9!^s&%;1<@y*sweH?Y0%KbjsM+x%<o2+l;kDe9_E&+qNh;32(18|Y;
zdlkjUKs*Ave8-k*`L45LPif<#LNZ9@^=?z}X2k-u5%QBNZYT%c?VV&`cBe9t51*dp
zOp~_u_ahqXCV7ilC66$@fYD#fszK%`%~JGhnrY%A8w^g`L&C|q@a4Oh7msn^YK0O4
zeos!LuYp;|?CD{J>Lbc>c>rz5`%?=#UlKz{{1&exDd9h8%`QE!yz@ouFMil8{w5xm
zRfGqyl=xrcBq#H*2ZX9rtFsZd2>CJ&BP=vgL==Ft-x44O;(HMluT|RsdWz!KE=;%G
zYFPBb4bc9u)a5AUBU`4iz9{~M!V{Z>6<7a{qB9R<`v2qjw^S-=l_bfQR4P{`$uX;Z
zOHx)TDzPN_My|xLs}gcWB*`(NBsbMC+j8IL$Q3j9=Gttt`}*zo@BZ5H+3Wp&y<X4f
z<Ehue{D9byP13EY<PfpB(I4IcgKe3+tR71?@v~Z?pc#k)VhzqPnHabv7}zX&+@hSg
z2cil{v2urPje|HjU!UG0#^*&>^<>8<#`iLv+_PxdBr})XP^xGLFEkdpJvDQrX7F>t
z<nID@+Op*HqRHy_cL6iL6Jkwjs%<EDFJ4Uryj93QB_q&^<u21GwArk=c#K-os?{N&
zKY>_K5y`A~>93=qLdtIANt!0#x<_oBRP>}&dz(jHSn|9VFRY$_WLtuGjNw92>~kEb
zo@j0nro#B}Zo4m!B{<{5{_8C7BTmv4blq>L9~Ntoy}A}EWyKB)`_~jJI_i(Q`^nBD
z_<BF=Vn}a9=W%OO(!ovPlUGLLHg-|z+&9&d!Sh04eH%IZA4=L5;xZ3Wvjv<4-<5G5
zy4N_1-Ci&k{gL#ZVJcN6ZcMYu6H<<|KFW!_&H&TdZY%$xMm*$pPT4CU!PN|8h`D{5
zNS`43xd!G5M5Vp^6133{@d~tN*erQO_*aKsv8K;ZlD_OKQjBzeAu74M0<izpUAhNE
zwE2j%<W@;_FPj~!)ZRcQe&3K})Ae(0ITLHQW*{6}=YjBIze8>pQ2wi%%}BQla_6_O
zids3Rtbatcj9G7g0nEO^en8_c<=C$5d<gh`zCHc&(iW|JV^c)m@povm<0V6|eb#Wh
zCTp}F-Xk#Z^o*{ux8%fpqPuJ}3B6fSI&7$+meAr4ch=tch)UI0OB^5ad_E(31VM_s
zcGsuE9)6D}@|+z%Yi_9vBmpoxPGaWZNw~v`xi!X1YC?4fsl>;N5vi;cmir&aQOo=M
zy-fYjZ)Q9M9}d`AaJhyn6U?L88x(-cu&Ub8ww~{pxcIX8@qP4_y`Y<8ihJbLVEm!!
z2>u5}VIpWH=fHk8L5pDBA9shZo7<vR-<xjtW!SQy-Jf-W{9*gC!+<FT*VVO4ZNQfI
zhc{RCsDI#h;U_8^9h~eV3o{LNctm5{B>Nz5VOHX}sry8w0!_xSvF8H5t^IhjPogH%
zE;p<Jc<gOC5j=471Uk-u8%USupDT6X1`}~luas~^cLo72R$~Vg>wUpnnQO0O!G&yP
zeTN_7Bh;@KNHTS!bcmH<>iiZAE6>C_@PO#{Igt-Pwc`T7$OzN2c<JkfMC5T&=@GVM
z*;Lvsy;4S%cAPF$=vo`xi*SWX;IGG+N6yI&e-14?$-ml(cubPDS~8s#OY2$XP0h8m
zY)a1;j3M@}Qf=C^;S^m}WT&FLIBlmyT_36SA$ot-C2^%$++tW4k!hb7yy?%L3xCDC
zJ^N#UsJoouSJp>M&}OUE0)MVYK`ug`G<QlWI=<P;Kp%-fKo4C;X46_}k!1_=V36<a
z9g=)N&BDcw=bs?U5$AiX&M%bDL{cPS*Ta{e`7GpRmCZSnv2@UZ48X!v5VW0UxH}j;
zgTi{F5s9X!l%5H$Wd7h=x?M<YJ4&js<ecu<3~{XCYizPfEIgKp8M8g9#)i3?FlRyW
zZLc$(XRK6Oq#G$NFsfFkAUXZ8-i_hc*eD3qYm-^1yjj7W=#G~t7j7SC6aX*)%iDFN
zMzS`u9>?bHN0*u(Lh{s;Brf0<y}Q2&pBqkEGPT}c<k&v`0P~hj#2DNw@QNmOPUMkN
zHd^ODXKHJpVVux@I)3?nAzz%__#ec)E7ff&o=__6ew&DZ@fzUwcnyn(c_%TCyr**K
zmiixiVtg*64Pe6ud}^z$9{m%XAL0N`VfD=@v|kv>-J$2T!&M_?O!%3F;FafoS#Cv7
z+q7uIdxpz8qg;XdmOk8yF-=frYj;Wkw=NyxbMDU$T<N?|;&P>Nv<nIMyOHnohkxle
zZvQAtf9Q&XRlM8^-=f@WMwT?LE|26b{cT+vDV#9>jkBGuqUgG1DvA5g3!ZW(;Li@o
zonJp-312d;FKZ|!aoy8H+N#2HNI%E6ZjWWjKSH}B!iwr+oao7$*6k$=Pci_kAldbC
z_h*(fHnX!ow9*V;0`EIM^Q$JvZA$cx+*G)B^5H>jyvZ8jOU`h|7R-?v>1*4$Kl~^G
zCF0Fv<mF4!Qepc#&`J3oJ2skE!Lt=KcBhhYbpu!FeJekh+$lK>#Bxoc1Yz&h{BFO{
z;8JAIntLdf|0fM`3$REVQp>oGJR=Wq^IMhVtjc%Hq|FamO|6WhPq_r;X*AA}`R<L+
z=G{rt$3T8z$=B&q*vs3y<>^_`sI?`>KnP&T?x=i#4J5M<U{xQPQF&gSDiG{3vIj~A
zvH{qYb=j<^cXQm~7cP>vqFk*PJQ&#fV9GlHN^&Fc`4!$_XY}-eo`EV8;%#&{$m(*)
zBefaO91T%W8~AVC`pHX2SgiqH@2``@_BTM|T=Y&@FV^uW?Blj7J2cV)XQuNv9>xup
zUXgXnjh%LgD`C9m>GzQvg_H#b-X5p2%geN%I6_FZ-B=M3c1XU*`LWRk%)ZMG*(q=C
zx?bkY7S9F~`G;maI*+=Q!&^@&H_E>lY7-+jdU(}%WhKf_?ho&3ZJ@pEGBMnXTI-;m
zP>d+OAGWWkg*EVV#apXniePBntsPJ;Fgj08o`2DGaSi`+SiMgH;`)4XFXp~v|3m4)
z*x$5WfA1o^etF#(bxg#96OP7W16;zTDTB1#DdSNef@biG%^xB6MQ2sRaSsIuI7Mu0
z6Z?{5(ky@7MJn7|P5Fz$O>bZOUE5DR9$zLq8RCUcqG{1L#+g6^`QUfG)AyjuAV$sY
zvguEHU#pi333yyw*k{QigsEYRuIzQz44>O2@v~pZBIudc{aahjDJ+SmAT+hEl*`hl
z^XKvw-(S^$W6VEe5lp<NousSJLU_CZ0D1|``Ulf5I*@wMe`dIh8+UVZ(SmQi+;?-5
zXM-zyIsqLi+rsuJvG(4(wkn8?Gn8X_jsahBs{;XCdwPZRB2Kn<0Frt?axQqzTWdzC
zV+-Gac=`4|E4vcrwGQPq{R9%>{?0E1+Fn)gWEA_!ym9mU8~f8j5?vtJLId_C%$ClK
z+xl_T48?IFy4-ZinrAr}{1GJB8~za{b;*6U3aJSY0H4Fmr;SPC7mXb|nWx{^je_48
zcB$3g=4xHr@{!6psCW1@i6Z_+yO^E$1Pn95c=^{>i<e*iY{nEtd}<V|Y9@OP<c)QK
z1URd8MVQTois1Cqd;DBvkNm=f7b*I+AyW=vJie09@b>S)QuU8C$2l#pQ|N$=vkGVU
zo=!X?3dp%Ei<)a?NRscdIy>FBgDRajq{VupJNdE*>?9MgyYvm|Mw0>v<9l(67EI#r
zGjcivl;7DW)g`&q?h4zssALFSaEp=L36wqr2u>&(tqXTAamvozx}pK^q0h*222s*_
zLE9z<B2WEzp0UT61$8X%6ep<Em*#15yz{M@)yj}-<|ClLxv)J-@5}cj(iaaBh4%es
zq_lRLHzwQ_ervrMQ|hBGAzv$%3(YvTeC_38J@?x}9rt%?Sxmzl>SFpZoUc!>kNlUK
zi0!TUPBdG5<&t=^>^L&+LjfhO$?22#WIl|<x-__|)Y|cOMEZW9H^TXiU+~|;?><tB
zIpnA8glExAT1y&MVQA)luY#p3xOuuqoYDxJ=?A1gYu~L5R``s42@E0AZwIe2_AzU0
z<RvV8#}eZ`;a6?FH1CUTy$Z$p_nglph7lk>^St<_)oJyf5d!7SzR3ynLK&B~<@**t
zjJ~{SRrvJUX!l<<UlTjn1bM1RV*LkP@70z8!vM)%BX`R#{rZKtironnE(}Y^{mm5H
zRlx%H(tKj=Va!wIwPmcLFr8MDuSo03kXE;*4jU6xy1AjE%Y=dcy2tYato?+9*FQ(f
z5PlQ~=DlQW$d)Ehr+x9aW?|oRg@rpBQ>^OXw_CP1+qk$pbRzm^7~?zueO!p+G)3tM
zqRr-P@1kzS?O0nP2K?@^v5agZ+R}pNg2FcQ^s`r~?8}8qNw}H?p6@qTWdgn=_^)}-
zQTo)Dad<!IPha?j&MPop<+`w?tq?hDsWrLc=i=cD65f{!t|g>=SRL=K>(nKFkdXtg
zL}h!vlk`QF1}GZH$(tqVFSW036r*qM{Lp;fmDnqr@Y6w_kOv)|QOfQhr*E1--++dk
z34fCT5Y_+%jt(3b*MS@KouH!=75w#;gBo&tP|w4#@`Kzdj;T(5bF-$_B=*rw8E4;G
zjOuEhWJ1Gw1I2Qz8<8)+8TKpQgu;zR#<-Dm&F}hAxrd*9bdc2uIV2P7AHO7O#;^8{
zB-M>8{tXFQ$<)hw((j3&pJVhG#rJYQvwWxc?Dfljg1hSB=Z=?f^bls>ccLd%7UG1_
znA7V)Ten6#AJ7}zHv`uWUQ%2yhD0d_9DEt&Bl4ns*m|$M*s?8Q!$qZ#yM<c<JG{+E
zW}mm9DfT*vgSud!&(v=1g?W=Iq$<c_tG~jTlt7x#EPA(8wq1O0sokkwi;o)}J=~=>
z4>v+)vDPU+f?v8I&tS=zC&EcO!1huF>6g`+s|cD7?NqjY%~&u%Rs|KUzZT=Tz0J)f
z`*?ogT+nN>!Xvq*nJVZc;8LyMQ(eDEO@(FJv2LpqDb1#Y^j0lH4A*fsWFP0X?;n{P
z4P>?LBGc_C%$o}^%t#-vWm+!#9wBTOG@^#N-X@D%6_^_ya82A@pV0NGb(#5QJ|4O-
zQ7|^NU*aWIXmoN~yPRcBBKx`r*&jD57HTELAKogGu4@fs!@X>ipGtGoY&Go4{b!&V
zu)+d8+)nh&3LY1GLNIZXx?8|`Ex|91@ZH=qQ3%a@r>wE71CrNo4eM9Jl7p%W>@`8x
z@1A`SM#^z&YdkPT8ZFz?3r^TwA+yg3El*vANa|LpYkaE0OlT;CkZhoRf7!2-IW4{R
zHi^d$<K;tCzl1s=#nNqTU#9%XX$EtARS&Kea5i0%F5M7{8*8%;SE=Q@2ceW9E>FN8
z^!(RT(wtfExx-SGaM;9(sayx{GFu+2PgeVT(7A9oJOgt|DSUOqC~C>8`io&G-Uj*W
z?3YRYq?_s-z$OP80kpbF@(CABBG&k^V!wI(${SFjaistkW;sPmX*TkM{@2PBaWg0?
zl&VgGe{w!p=6!SS@UkovNOxBgTP{7NxS@OEeEh)PWZq=E&Y&*Jp2%YIR%yAb-6Hed
zj05J|2zutHh0MR}tnN>C$QQQ@)CV4c3}KXSx-5HJ9EtVjEgf+$i^<0!53EfhlXu|t
zcI~|coT(PeF0`MR&U#h3ImEj1*f#U~#|fPCQ0f-B&NT=Pzxcc%+bA{i6o%LX7#Y~^
zM~W+jJSa2fKNDC1!*6XW8IXKV?@}{`o_);v^8s`Rb5rQ?i)n9B1!KlwPxeOC{>ENl
zL&GolPh1qsn*6DF_&R`ekyy*!<g8N7uTOivPWh|;L9w!^4OE{n(Sf}KDLM=}h|9=l
zI;ElKY^Oygep2MCQbC1AWD1YLD=lq<S`NYvUjV7VBOErIj1F5&_yg`(CC$;|UrtnN
zkt{F5yqP!Ej~DSj>9*Os5Srrs`UheFvs*H<-Ih1?sI}e&2b41YME82luZZV+320`7
z!3*Gk!*e_dSz%diarc?lI`CS7yvHL^79*IpVD29!Jf-KZeW?iQN(PVc5%&rdPZRH4
zsbnJW?ywSR3Ce0^l&vi5Sce9+k<C!W!)nswVnQPhmW%jm_qp_y2{c!n{h!o{${r<;
z;GK+mwh1%|S_QG%Rm>E06hsmH(Ada@=<3;c!gi^7rHUhit^cDJD+t_eRWJfw1Um%K
zgaj~$pO>WEl}J3QO=MVDxk|J`L0gqnq9N+B<Z^S<qJWdb0Fs;W@&&MP%0>uU%29^w
zkQ*kx|7yk-CbF%p=@~iEKa=Dh=)Vs@NR?p=LlC03m3TD=vKNV%(v=Tg5Cr_~5sM}@
zE_OJKhSjH`l2T;-X|NJELYV{#2>dd2E`m6#*>fx#rHleBE2BU3TNqMr;y~5Ar+D~}
zV*nE2mE`nT+P_|dFz}H`-qNP^Ye_<zvdsW|c~7D!!rt-_WK{6-wv@G$yoGAuFVBIT
zof!rZCI57*nY$s&;Wq$)bK4#NlU+bEadD|$amV!Rs^E7P<*}#*dbaMi2%yu=YVY8T
zCCp*0iS60+B%v5^$e917Wenk~mSZa>*pl22goMT5Np_nmm>7ln8|1%oeq_MjPuoB5
z{H*V(o6HV)cNCC*`w?o7D6?KrRCUYQgFjxS+Go)yW!I`l?@*rWtqJp*KXzufaA8Sw
z(KYIzp5qT$NxX6SZN6{b*5my@LWAb7j}E}43~n(n)=f;X(KxZKmWq#MsyY(?n?NvX
z+^kz{_uS0%IeR_i<0?&bYl?ipMSfzI7TIH24B+jYCuRR$NrZdvWv93bJcJ*b8mAgv
z6^oOzYrhG8+VfRYa_zF)KpolZ_z=#M65AZ(^uzMUnBl};i(%0qu1U)-i?hzmy4zyc
z{cvYi=lTslIxY`2%Klm?pRzuc#T#am^%YyG%d&|(XHL1Ct=@N|eu`r@MQ>JaP_-<R
z>tu$7M)$C5$M!Oh&GN+3451Re)0hA7S>nTNjmpkF1xRIZ`9n}NS^v^8W6Ft&F|54p
z=<4_E)$+(ekHi+De-Lv9r_~KtAF?p?KlAtp?@RZ2K6>tZUz6$JA@UG_HviwUt}MA3
z1&W`7`*%>!)NFkTYyca_iP745VGf4Rm>C8U*@3Uel$ZbP4bUwNXzWR~)>LsTna{GO
zXSF^9(%_{8KZEca=fd4t0@wMNgy%Cu{MPztw4a1Mcy_jgVDN0qY6#;j+c0t5ikBKV
z+saUAO~I5Nl@<?M$pqJD9axmB<sX&MN)jc(yK`(4^kfM%A_nDYC72mzRtPpoUJ^>F
z{ZH3(uEV_f^SpC>>tK#m>qosc=&%DA`vTH}f-d1x{ST5d&T%q8{X1&`q`y76P7b?!
zo^zLQK>?q8Vjfn@eM02NIUAJm{QR5H1}KldVSLu``K~}Jf?Z|+MN7H`FW~Fz`0C83
zdM5*eb_r&_pvM;99FfD_0=aU!zDpXbeyJ`H19F#nrUaL2h$0Y-^03Oa1~vRhZY%bc
zguLtR-7K23;}4j7)_dbhYjy3fI|_=QGfNC2fuGtF;*6p7J!dp}M#4NN3ga=y&5M0#
zsg5g>8z0)1(ch_)(DlM6dtlpM0M&JC=Ts}91N;`FV6n%o%&1JO51Ah!y<Ypm9!!8L
zh#SazLBi`YvI_=bfsUkFW^lencu=dQuc1&H0=^a7&Ag(yPM*@qtldCBZji0Gv0B-3
zb+2++elm2d^^D1?7B!IN3wRFI8AahC2+R>qFXs0|ma(}#RlQ=2nf=#b(C|5#k?sF0
zD>5s5aR`@~@ul`5Q)Rg9j+qL+$}a3yoX=K?!+vQ@oJkhC)!5a@dPEuree9D}(da6#
zl0EHKyVIZLwfJ=EHx8}fzC4a7Ql`kBvE~o>r_@@^h{-~xWa^`Nld-<#S>%YRG6s<+
zcuKpTT@&j<vMc5)c1ff6moGcDN3;toYXn=khohtHhv%<Q^TuMxkEwFc?7fTK2F9*W
zfGk(d1$;9c)1!+`Ixl$q%<X|S^5}AlvEjTf7FTOYwG1Ez{Ooq*OHeE%!#xYmbYIDa
zq5+sL_PrR52WASSafur%dgBOdh+*ldwdWH_hp@UAlY{8D%kCy337f^C6vcpXw0kNp
zsYsnoFE)a+56*^s!jmw@ul)69As^k|-z%1?*5%i|)({!T)#FYa?>=$4(c;*|w#)iZ
z^4j6yT@viAWOD2WX9+0Kv1ymYn^f&FxNEu^V>+?iX+59VosYsHa+=d#d8D6~+3tS8
zxQWJnAPzGqwkNGC%cqSyF`F*E^4B~}#>@yDVw*@7g=*2j|8pNgm*737ftqKT&d$iE
z>4N2jZ&%-sW&u7#ctlfbyDK}VyiR3Rr<0^wYj6IWOCg`f)b1DNGC!>N_oz3;+@@HN
z-|Bz#ieOL8gBYj6Ep^;}WZ_CTKqV8V|JCif?^>4i(`xZU>d3pqACA(^4?4>F%|n}P
z%mC)k)D?+T&Fzszle8nF_#?elC6{`1catEmt=&zZv59B>h2(<X#u<I4H|?WvXa@jY
zEUmO?ck+3&6xKRE&DiD>=~01lC4FhSH%qh3T8jLqSNH#e=TjfSgzezuTBm`5oL~t9
z#sCw)E{(LN#8z#}OLQJ?XHruBqOjAjmT1{QS=kF<9Z=5GA6$2jT5v=?6|~v>7`XCm
z1t*;7gFP$Xu0lytz0byzg5C+0Bt3K36VT9*spLU>4eB|ovpod)pr_KaRF|a+D;HKm
zTi8QBq4`5^qmN>)enu)n>4wxqjYXSJ9g%<+M|`s_Ge*+3#BQKY=u^9_swn)wN1i@L
zI^rh$Rn~f+_vd|?yh${i4DiKao;Dgzc3olvk^VhLdzv42Fa&$$N^6s^{J>Lg^mmvT
zNP_U?Czp31(TO?~ZeuORx~|!2nhyAxsI>ybb=y!K8gFB}t18QEsCad2%ok<{8Gg~f
z(WoqGV@2)PgJXSE(r$mF_0d@0Rx%XwXNrTjEU$ulQVreow}W3JKp&_hI3<+7k!AA4
z;v)PYjrK_6;9hFDUiBJbTBVTy+Y7pGON)Pu0Wq6MzKT0TPjl_c!7_0qdoY9=GU(S0
zs=cv~uR+E8n4yhP_YI-R;m}%nF`}$ox#o&4{s9-4mD9@ZiOk9{@XG$Jqri=iQEQ?(
zj9q>N5eYFu%}zG!^uUd(V0vnJ(pCZ;-`Z{e)V&TDIcvUEq)E@#5gB#rf=A=1E-vA<
zD&a*aq(-P8f4?3>Nf}rhIPiqN^Wq__6C~vkB<zKIDTTF6Ls-@blRlO7cR+z(E_X1*
zr`@yLc7AGI&CTd;WD*sba}cpQJwc2}M={Y;VJ$X(*~e$rNnYwtM-0;bL;<DFfM|c+
z+-T^|p1s>akQ~9$7%JhTSa}tf;w{5*J(Mr<QJ=$#0WDb(nPPDkXwI_9g8w{Nz#G(A
zH6cpchc+|t(Q++-{doYVn)QU%xSB3L|A7X2c4uh|zq6{uvP+crT$cQb3y*IxQocep
zB-fp|C&RRP;7Ig!Ew(Ms(2uBy4g2Xw{xy}CNO!J!eO$(8d3joFmGv4o_i#69-?rK{
z?F_KuALadFqGmn2)U<SDBbM6jiFW8$9u(vSf`=ge;%g6H&xKA8w%0+aB)!~YWanbs
zQ?Pq$dO@n>9D*7`31r*D?A27GJF|adjZ3IMkscH^K|1;Q^izI}!vz57&|6L7oK&gi
zvvI|OzdxPWJS{ihb8qg@*#JdQ`(Yk|W+y2stepA9%z&OEU+u<di);(pbW?Z9RiRrm
zZxU<oX*(x&WL<FB-d1`o5>l1h8afv^YFRJ`RdfEj3sPbfIPzqAt&1T}UFUU(#(5@~
zGbbN#o*5^0Q!{nSPMr_l?u5za8&JhDvjgnGDX+s21+Zey>*S1$WO1+Y1;sXHs9<B3
z4Hab1+*THXZKM_*xZnMN`;1mjvUG)f{~fmGgJ0`ml>C8^2^pRYLKK?z(^v;BJ{1*q
zK{gb2e#fiS+4V~?JFtdWC)xV2swF>)hiVHVWqW`?XfgwCJUy}8_EANkwD2gcq*S->
z;;hxX9bF8S=TSfeOc0>l7$!c5K0qty5m+8=W!V~UFDeEfxwd--E*E)#Hi0MK97jao
zC0(Q6@QIZBFMTk6iG}Z$|3&CCWic2*-tq%KcCEQ=15Wz?Nu$oS=YFRWQ4p41NDXQ2
zkAw%6t%pV(^{cdAR5$jaqL|Md$qa;B%i91sd?)AW>F~qCExvcXq87sw4}^YMJfrnH
z+RAy-MN7d$_oYAIC=NZ(8h(a0o4U;@`f2<@!*DBj`qymJ^1Z~O{<7bcQdyLVb^fm;
z1=-vPcDN_Y$odX8#b!7Oo0qH@d#4h6to;T>E5L3*FUn<hVU+MaefVc~@(>0f`n#0L
zTn?mS35YDKe`vZN5>d~ykbV06i6s6e0h3l1LRh!mIpsc~gj|=4h~x5W_<Q8UTyB?3
z0r!s7U6L`2kTR-5{a$%Ip#+V1o4sq?Q4$1_KM-A$tVpIw3*5$x1~n$c52-ExK#!0G
za?+pp=fZ3$LG3SZtVPsLPur!rOa=wB>ZjwtxQSIApL1zC3`vQ<f)6Vs6a;9Q?_U`j
zWY%2UZ*g7VA?=<ZDft;Fh#vAHh3E<O2;&O^O!Qe_nsc7}?Ldd`1#t<>4Lgbo2t`O|
zPX^}hc;A|lgpa^@vt5^iLCvX7&X{Q<(X?WN{{Be9?D3Rk_Cd=Ncw1ye--<^j11Ro4
zxARKKKYqW#tC)N=PKktAn80-U&fl5+m8<X$>3s*OV2!I~!hjZASkgrIW7#E)N11f_
ziGbRqJ8t%a(^MGGzpajb>zTcq-#!+^99;V>N6j<IHHS7mX+}+VZxoe|cX61g09ou>
z!(wm*s9g4womR{UTveKVR2k4Bx?b`a`R_NEH0}&UptLkz`*lWs0P@qb;HoUhYD2U>
zJ$vCPJs}rSbsUXJL{SAv$c8<9<m`|Q`vIDHcrJYHl68u5=rH{fNoc+T)X`gr<P6@S
zb8M3v^|rWL9pmmDw=d(4)ZC`FcKFMe;crctC(*(2h_{lYum)rOY4juXQ|#%*BB~qh
ztW)$3)&?0yUsw^&Y^DUujV#ivz6{1g#qT-qEGiRibIe`>&&%C7CUD3_P{tPMvh|;n
z^mU-lQq75ZRFtIb#{R!b;ac=}(P7Z^V298sP&1<S0}ZwoFDOlBTPc=Zp2$^01q366
z7!)JSbEyq{SWBDi(h2(ozdpH>9Elx#NRe>TY4mqc@x$tOtc}%+Y0*zuuY$&M{p!ql
z8>R2RR)+?^4tqE)%nX|lJM%heUZi`nI63KlwR@mXMjE{jU#Y>(@j_j+F34N^yEt^5
z*Z>l{$V#|{TH-6b)6Y^A6{vy(V-b%1AkCY7-F98Ol4(*xmHg-_TL|QP$J~FKz0;rW
zzj`Q*jpZ5r?i^mL=7ThD#MBe>6AD;2ieBqEkthOF@b<Jl!2tr32v+@a*;LT9U>^wW
z6nJgt+JEcTu1`R5{A|A#8s1@1!w?|Z8h#FgO3TuHbnP7Y7YOBiWFd>6>_hE5F_8jO
zxN~=93yy<n+6??Q)m^`%ixk>kGrGrGeSa~y*I%y}ei3#P?5jn$RP#oj4RqYV@v_Tj
zz06Y#0G%QB`P|UT<J-Ic3oef_g*NGD#f^qF!F$0=&6p)b*ug;2*_znc<ooF$u~o%9
zz`TU{vwD&OZ^C|SVu0tIdTnZJgt&Gl9Zrb(NzzJ^kM-u!JKbr+b14dkzq+3^DC5vQ
zuh&#m#X7sw&~3t_mQ1(of01$H2P{3Ae!DNnW?sE6d5G>Y>y6Ojh6qj^KNfyN@vBL(
zWhT~9$ha(H%*XvTS@YS6n2h_J*HRtx3jV_u8^CC;pijcH?9FRE&M+Z;S;dPey`LE7
z^SLO^pRkzJ8=3zQM)6&wkNm=SDQ&}RW->RqY07EinX(hs<z-{AHSul{r7b}52>mi1
za6BP<GuzF;e!X^VyloopmTC4ypjL008s$vN|JUK~R!p%%@MFfQYgY?*Me@G(Te%mF
z!*37eKO~jIoT9@t!UJyNn5dp}?O}U`CmW}>z7$bj9Aq%Jdm!JyFn`+4vGg7m%nnTi
zTkQN6d`W%h_O)LKYT-K<62I@$mrYnRd*;4#%un~ksgGhphE!1C8AO`KoG+~K&w`v|
zb<lR7)NfW-s8<wt$Np;{`X{R>L;8uelSM(#IKl>~Bi$n`#r0{5)FxOxn2bT-aG`(K
zzH4whIk)VJxVE=$U;4|oFNvSHDXxrWN&6S!dC7Pd6MufBaGnjg<`=XfM!_(NbiS5r
zrg{N*$_|5I0nTiSAy2f%MqCA!Zh8XFb=hPgsng1rCS>U%EgM9Ts{p^~<8D<53+4Vs
z@{I<4OAt9}o#crzo~Oe>vOdXLs2}NRa{rW<sHX*C%i~kux;a-kBdBjanm=T1i_=w8
zk1FHaFw^KBN!Y1avfX?wQWnKJX-na|ARfI2Y*B}*K9n*&*8@87QU~ng3(&+`=Eff#
z#X_Z-Ev;87ja^Uq0HG!#@Ly>m|93*&r`AP%(fLHpNuo*}4cx89KF8yG%|FS$IHMF*
z%~ZX3K5@G4nf@A*X(G3u`kti{Zzg*3q%@0}-xa%Gri=Fowx#5V`S4FlU_nj5#O%sF
zCjn->1YnS=y1%rD>U#NwnQ|?>c>0aYkbhHN*yovJjJ-Wp-QZ%(PhMxwI<N5Z0{z3Z
z8~=o-FC(2{B?A-90t5V-)NYTnUt^^Y&|in|Hk-FhpHcYMXIBdLk1Tz^=YDCMFKK@=
z*|E`8Xdqt4p(TU-o}JoNYh1WSk;sQ*k0aj(h#!N*J0#nli-|<6V~EbPY99^nx!tm+
z7my)L@m&WA8Ca<j!Z0z@W8a6#5(kS;OE-(rEh}-RBHh`bJ+z&@I7~kGH3g=4Q+4+n
z62j1d9kw-V_>&2*wRphZf#USnN@9v^lS)u-qT8rtQJiJ6inV~ED@$X&GdwKJ5KNt}
z;kr&x{J>#f#z*2(`;8IK@NmC?2<tCOxvjIC(%fokn?dt^f)^JpNag%%$gm{rE<czk
zI4sF*@q}K3{8U(<?zC|VStpD&=4e-Xu-vC2tS_%wWYk!3NI1!9Rp?xy?+-$%rD^jx
zzODtW)ouR=$(Xc5yVqvXj@iP(U)*{?Pcu>vYImr_;N1P|O#~=Q<GC>x_W=^tZY7gK
zzwf>ZN`tVDJmcuWG!9wE76?0Suy=P@k#!*T%2K1X-`B2Xa!(uQbFWU<wGeSCYm?+i
z`>$})o@6-_Oe0#B7w-t{-a1u2y5!ueG!$+Mw3hESsNouf%z1^J5Px)fQ@c_0^#RW(
zYPN|zhKraQ6EkW?NcGDzCUcR?l)-(GEWog%f1?1aVh=^3x#WzkK3N>egtV@~N(asN
zire#&d{_bW0Db57=C%01cDcx-Kev&O;*5Q|KmUc3^`(Arx@%l41kz9X!%)6<G!{a-
zE+cX4t2cn>lV?XKT1W3+U5Wuu^RSrfUCVE0^TFt6Gl|XELug4luVP4zTPSfUQn1A;
z=C@Fe;r&r?M|C~Fk^<IH!LSN=le~A9>YT}SUYzR1?P-O1FSMv=>;(n<yU(3h>##*a
zNK@5DZ+{I;xy-6=wmsRKH~+>@*mCM{1#Dfzx<(<){&OOJyxPOvPB1wPKOB5)XohbT
zHhOciMWeyj5>|R+>-bWkRmq_C%46inW>!7Jz4`rxo+3QAKL+yd{z};NqU$@TfMOJD
zyG+q%>W#2;*-dYCAvEiCIOEGz1|-*6M@fpisI<e0&pw89C^4>-MH|}Z+2$!Yb1wVM
zzMl>~brmQc6K8n7X$`|trsuSJ32P^-h*v=$QpZ~aqts8H@8q<O_kY3DvR>T<vWILD
zP2b7?DZ6*}(cz8?lGeEOQ<WTB&v!sn%s*fFugGh*rZt}!hu_X?->iZa5a^v7_{hcF
z?kaLZo_*S|fPQ7Vpj|%AUY^1B!;3t^?gNP|w~tfMimmLthSu7!2(o^XM#sULO0f_4
z_~p{|z}mAlKh`51oT$Qye03p(!ocfH#LlOo8LK+4SndFqvs5jYcg*gEp&+M{L-KsF
zhtT6ItS_~#F>{cA4|(gyDc*F(o*pY-{Rn?wPZ0Jz(^)eUT8tuXaG3DQ{x<3-PdRwo
zz~LSBKXJc$Ez_)7Wys9*`&JneBHS_r<A<qB2F*WFC5`>J6--;|FRPKH?-IZAfSCib
zb|?BeT)y!TNVa{A9;0wnGPAu`vHZH_%%bgUZyXrr4Rr5G=&AOYcCyHO(&nR;MO<3Y
ztyV_bpa91VcTU^y#<v8BzJ`mcISjV??Y>7W?vKT`+eWCeDZ8P4bgumhelU$!`Vwnm
z#}a6)di_X%9+Bs6k<{E#5=vf&tJ70`ra`62o}=B8RNgmCj#rTtEiE2)+mW5lijQlA
zr|U(*L%NuMg_`V;4gw}?DM*1*aB$9U3aFORW;vk$U~eyg)@q1mId7KZ2FdXr$fL}*
zJFct&^3NVU<MH4RC6RTWsdaZ<JHFkU`~`z`Jo-6R;LM_!ZkUe#OJ`nH9Oruyi@zsi
zQd1~Dkm8R!*jl6xa)m`~tIj>Iwnrrci?8kfoCk3f(tg4oF!*+KHL-O0YZmE!Nu0L)
zddT=}jlJuvRqhZ+Z!IX8i?6}fNbF=A#i?%GVBTAA;qcn;4KLUA0ZMdhWj?aVRTJ;B
zIINU(u5^!msR1;(09YM<C4Hj!P<8ZRBVb%%F-CH4(EGApYlZkFms!j7xM#i=tSovA
z?>f##X_3w)j+CHqoKH7Ylgvas1)#HiQ>?}XbK})>n28rwyr;PAn&!00tHl9d)kUEj
zYrRs@ee6Z<zF4`cqIs983QLO`pp8>3)ppQ_fWXI^GrFq~Ux{H}Yg+T^aihVu<xgux
z+G|4zZ7S-|#224GM4odWroMf;p+~NN?FVOolQ6=^s56nV<BxqZtr-)6%R$YydYZ86
zljv7ek>wdDNq<0$zO&=L2otYIVJq1llCnEw558MiX<0e*<R`t|;W1@N9B3-c^!}m>
zSny&QKWFw<n#jSEmf?v1Ylkg_Z;ng~-G_l$5kOYVa@vCPuQH(<30-iTc!WfQLj&fA
zyG%w)u;XG=G}>#f(5Vr7p8CSM=5%6~%Cclr*wHVkp*Ide9jAiUDd>TNx59S@TnTsQ
zTOT<=q(txYm#w@sTYF)!?gpCMg8THUDEPhYPwUwto0y2l)#$do>(dN|pZs-k_j|o<
zr7OI5NB?XyUp|UBUEc%Fs35sMGB%hH{xIid5r6KXCPV>6M-@BYfcY&?UXuFmvB%Rv
zGU7&&_@|=H>Uez0n*EvhN1@SB5h|fDH|IM<o0#G~<NxV&R(4Eap0*474BK-D{dY$K
zE$@WXGx%JecG=A`AKEW`t^yNiYd9Lq3_o7Wg=te`nSb>X$|X~K=zVpaPsAC&Osi4N
zDDn@e4?0Z*8W`aA>YCJ`rmTF+eXw!Z$7wc-BKC)W4>n-xJ7POQGnL(c0c1FredJpX
zX&w)&k~B^;+u(y~uWwb=<}urr`ZfC4MSNle+04R{%02JG#^GEcq-!qSAnQJ`^8UY0
z;eVJv44TK#XMI^9zoU%Kwtv-#whmwMGGPLfrC`f6w)!ZeFX@vX@B$y=*8=%3<~Q0y
zOE7<PLy*qqtP*wPn_-|F3HSBN4q1uBaU_z`n3X9SQV~CO{+@zZ6EoW}@$%ZxOF;v3
zfBo1x^ZN$-#SQES@rifmdFC-MfT5i$;!lOTVGApM+L!y@Dy%~iaOW_0=?(0igYYP4
zED`=ANEs&!`g4m*V!wYT?$S_I!eNh<O43?(4CF?a2G8(k+yyH!uW2EPlL~(1)k;`G
z4q%}vT#>F=OhhR?mve}jkR1@C6xh8^#x==r0sDI^qDk-tvN;-W7QjL9pJw}fcT~j2
zEM>89_CERTm;$3>QikBEY~qtq1Lxblh9G=mNRA2{c~fH0DA7yT`yM4Yu|0D?S64P-
z;6F}%tN=V7e!Ew}=#hN*T{?S`n3Rcp6jG%hItUe8E0O$+pEEZq;^9oQZ2&}_aP9dg
zy{e>&a*0_=3XyWh%X=7L-Y$5P*{?EIc8fBqA=-IY`&J4=uqF7ly;n}+!dtMb5&p4s
zv2*yU4tjgC^(RcSK#y4TLkoabIE}6Xys{!N7chJ}vU}B=4V`UGmMyN*4Av&kTfk2c
z?5Pn{?h<+Ev$DwTQu0$iG4VVAUl>*leJsgtbN8L&h#TY_a9>&ebQL!mAWE<6cs#1z
zh;@fV;B3t`9%Lgf86P2(ho_220S-UxB+zETOVV##StJ1b25w|xE%I0?qo}nH$1(pl
zhiP(tFfY2jMYqk%p{5oBe_20>@O$i8Y#QJkrni%gW#E<WB6R(ajq}YixF4*eh61HU
zAp{{MfaR+jB}e<C&G18Vp6e|T`j21xRG6i06l3XI-49`kntV#T%O_dCs0tix-0b6u
zP9W=a@IL{sabMDAFu`cEjsmNzCrMUaSnJt<H{#OiAdu({L7`u)1IT7wZ_G!e%!#J4
z25Zeyg0>C1(3t0we|os5hDcXtppIl_Za|?SJv+~8RH3iIb8R1`WY!UEsSwn-w7$H+
z5Bm)y$}_IBd`va1f-H?T$QtCS(nuO~zM3|vA&SEieHa9pPZucV!ZSbArU}qLRP>JZ
zceL*fuA8MnQmy`MEWdXS@KmRk;6-@$5APM+(4?a0Uq#+nVPvDqNBKo_uCc1oEHUUt
zD(eR5a?iEWaCxk@`7Dq6kyj)sT@8<gbwT1EXTSK_LCcUQ6&x1K)1uR~+iE6^rjnau
zTsJ-BOBY!~7XUspBErHZ_rz&C<7J{R{(PISw==Zp&mh4;4hNr6U5^<;(pG6Z6>KP0
z>-2i^17aNfLW%4|SsxrPlrWX^NT^i1>NdeGo20Qre%O|2n@KO@xwLx~OzS+XMo(IK
z-Q13Oc{d8sY`Hs3aC-@dxC7aK4Fpd-5}wo<9bpqQ;2}CY15^DXdubIhXzHmQMa06X
zCl}1O)hw1#f7bDLwb(v>=Ze<IDL#>THd4I#h_h?73A%cEz-`hlVP`V=jnDVllTu%+
zSJLUaMxN)H86}f8<5O0!M!`t--%*;t@X3PlO8ZyTNlY>0@^Uqdx=^;4`2|+A(092-
zO!7Jzc8E2juqkuJ;Z1^XWx+<6C}sj^dk^w}NWVpIi*vTlqnLv`t2!qFmfH-b8gH)V
zOODRYB7}qU#)iO+pq^^J_Nlj<^pr36tjHRM^H^%H%5B@mj<wi6f6hPIzIQD=QW4Va
zXqcnSOv=88y39XWS&;p@vfyQ}_-#E@?8feGU*xx(A{+Aehj8x9F1}(TKKRT3+aG?~
zfd*&A7%QlksIO;-B}LMiAKAb6G0bO#flZxQZ-rzCW(7naNhaF5<eXY3PQFizQ25B4
z>F!(R;OTX~ndj~Y-45wp{CWo3gk|37)5LfkWY@USb`GU29D5FPw|fBG<q~sbCx69z
zp^GzmD8L}W#dh~ra6=hp@|E4}MU~6eh`iyYr!wtno7+Pv$jX*zaDOPm%&_~Bq!DI{
zF{5+$f-;<B@m#|v7MhuNbu)j!*Us1gXxdxH_{wL{nS!v);Gv8LCeavWCXu7I&VV{d
z3U^BVpS3_HrWrXyl;3`ET;S*!_B4fq{rXA||48H0d8$RK)$NmWtp-$dd|1Q5|D({v
zyEV}suxxK2p6SRo;}PPP@l()l>K%-pf;Fb8A=~8Vm1=!Yk`3P{3kmM_4-CwEGCQbT
zi@IEUEd_ESI99T5AkH_Q|1^bylYO?$vDFA77Z_cQ@K00^ySx9rkA*OHcQW?U<Q-pn
zpI*MP?Fheqph9JxALtKtFKDo}1SdbR-m1`83a*E|iTRDm0To8GHhS$CUc1rKAAm4e
zqv!j<-e{YY7py3H4cIRcE`759G!An^o<4aK*j_W|YD=CS_ewa3!h6;Jw}EwvZ(Gb@
zRo$Ju>VTvE^{*08Hi;-Yd-&ZAR8A2NDzQ8pbXW9{=IHAcLBk%aa^5O(qQA4dXl8C;
zp=@6EO_+F!$lE_R@GLD@yeODYqE6<M8I*1A*}Z$aO@2>|eTqPrIBsy~8WzsKLL8pe
zw2sUUG?L`Xa|bn4UjplHi(LT7wv&m-$FC0!^|X>QY>D8+F{bCv8JlnVzc_DlgtOgy
z+WgSJMaEsjR)>}Gw0%$Zyhxcdtr|4+g1vCtKOnm|{wImG)7A9UI<=pV>+~w|RWi?B
z8^)CZRlNb@*AV`DIZhHX967nVo<Gt1F|xy}ltL@Tm~;M(Y7aVrmps>zEHBTuFB!g)
zw@1>*LJD=yPH3Qmm!z&;FtQvAFE&0u(Yz`oqT$+W$KqH@TAhsX*Tm41A>OsqX$8xO
z#=~vuA@z&f8q*HQIq#w6l1pp5);x<P%6R1)-p9}nwzQWFjt<@3YP6DseazL<`fwb`
zU!wtymdtB!g}R917Y`P1KW?AjllV|Fk=Ub^E`yM%W43I9c$|-Pwn?PS5N+0=htPuC
zIN*b&Qxfdvg*b}I-@5&>)4dYsRm|41bHFwTiJ-R~EK*a5D^VN8J(k)><es&Mhlx#X
zWyDyZ_QUKKo)*q4trm*4?xe>;Uc1YO)Ha=9gFVB}5x`Rll^%aMs^pREHFrNT>oucB
zC(-lB+SQ`pw@K(@=1xyQOQ>Sh4{@ielY1JfQa6O^Zn4%I7z@oi@j&XV3;E+QV*aGx
zQ~-&1#N0Ikrkak#sftRg;$c-$sH+Asm3+_Sl8X+#Ww_w&K7|>EON-*mTCkhwg<zg^
z^xpF1UPV9SFODhk$f~1yhj8M8*<}rjSF%f(y*a^?7*B;=MD>y;h3Ogv`3U*(*{W2+
zEA0)J6#dt32mR*@Jt04KCY1b#!Gyb&33Uq;RvApdVa~rs8r0&q;JHoBo}B75FCp!@
zR#J+FBFG#QGX5glNlj69{r0VWYyWG^88CW!xlGnYZpPmEKeW=o4_(%EiPv044)UQ-
zF}>#^0}ePneUu&NC$CM2Ph2}4Ley_Qve*J$LaZnvP>!rxVP{8`Q0tyUE&18alxy^v
z0+AcXCDyk^UbC2O&-*K(va6n&R98@c8q>~@>f4{L<1E$&jw{Wx-rjaAwSLy`tHOc4
zhj4h5TEj~CJ23_Qd?D|n7vAa4`b|IM55C=gW4|xD$3H&t?Cb>jN@Z&8Cl^1`+<upO
z8iyU-ZN!fRy53X70CS^%eIC|VV0JWdJDr{O^rZa^`&E%$6bs*VL4NW|u;06s-324E
z`EeubNAbadIWr-Wlt<$Q53;q#SfC@d%o+*Em8MPQaHXt~jFB7qPQDNS7@hCFdCXf~
z^{01>TXX9~)3?9ZO7>m6{`1~L|A%p!2sOkoloOt94dinKG6@GYi}YvGh-C0ga1WS2
zF1DN^hxDyXI90d`mX5H8nI8*Ui~{U;jpD|aho=;;Wn_<#3^8uc&4m5e>MJmb(L}fz
zt*2f@`T8rHGLrCCG435GB18wJ`1-ka{{@ds9cnNPp;}G2EfmUwoS{JsPo)3GX;Zsf
z*G5%9dla;=VISq02$459%I4-u<J%QyBI-M(YAl*s_(ggO(vJf14yDZY_Mj>mdNRX8
z#UVadEJga;j^dWOOvG~Y0tV*Xvn8?9GaqJNx5aNJ`)xee!w$W}ngdK1N{5u|3F_*4
z_uPt@=UFD+b%H1CI@SRZaE=GC3)>uKbc_(%gxT?IGjgwieRk{gffmFOJYO?N`v?i%
zfMOPEuYJ_%NR#p3j<^RrxXtp)Z??28*Go0UY+7D9NO#A*r%rgXgLdzq9<(Ja-B>=s
zKN}BVYBDL%!du6)JfcEw-4|{QId<bvcptTdwxD4LdXe|nw%@~=vlj%uk8WCCoV(oV
z)loM1=={1?L8+`?1z%>iA$)cJXb@guu=qIY&X=6-2@L2vJ>|VLFgSTu#NYz&8@EJT
z2Z@XQ+>r-_s*O|3#Ll-HnIS88cxr-fjY{l1^Ka&Fv=LkkFsNi@TDnj=7u06eCXQlz
zw}gvQzWdY$Ul*!%>is!eD8Q-GVt$dR*|T^DIx%X&IoYwz_gVK-+UEM+yc(weSx%y3
zgTH$gg-HmCl?16yDK|ceahNHiRR<RwhE^HhXi(D1AxASzTtga{yMCHXzU1}eB_YJH
z4`IAQzt+Wi>$qJM$lKWt(Ft74D{|p|D--Y{hU#;tRq*D*K7Z7SiA#ZRt!}YB1f*s2
zPJ5p^irg2m9TOP-u@U=)_M5imQXbT<+}oH@&D7rDc5b_gK0{$FpV0Whly=k#9<^;;
zEf_{<RvG2Mj1NVpx&NCRHxlh1Ic5ktrB-W9dp>vK{T5?Ig5nqWV7iyW^xAN)q<8UN
znc)>964I8HwjyTO&(??Xn?&^vb@AY<-%+3@Nr90XbWj6pNOC=TkJpOH<MpxCujR$$
z;j5Vy+uv?73m;?w;~%5hfDe58ppEjqE7N29ohQi+Jw1Xg&bt#gJP#yyp1I$?3SrL7
z;$yWDWuc?Xjfu_`O1CMJMW&+H{2cCF6j2+lF2t7AeWQ$ZhhGbsnLT%-IPv<3>Gb%~
zZhzXtrLsUq%Gt9#e@jr;bL}v+uGIskt%mF}c`}7T3X;l2)oy87YlogQi?-Lits~q9
z=TDXD^+tSZE4%%|ZDEtZ{o{_ebGW66f8?QA#?NbBN@n}4VD4`?6OXdZ{@UW@cNj-P
zCu<~?!fqWiL;oS_)L1VTdE0nu5c-sRt$87#kZFp}CL9xMy58jttRk~rx-eEJc+4y(
z&_?jlE9mlaZW!?z`dN;kcia99{u%ZO!?Qf*v0mHp78&V77U>_woP2G~cxC1R+N{%6
z5`2)G=C%&?$8|YOQ2|zhM*lvE#2-<RYcQcS*ZIVy80pw*Diypsbse|8oC{`awLZ3#
zC}gj1{!NxVEha6Y*o)HH(eCZ<!+(ohVu7ksp3)H3UZ7`rZsm0rOz{bCp*B18<S~B+
zB}D>a^a+bg466;8Geg9W69mlV`<E~$I2whZK%*gNNxH9e99WT<WlEa*=8>3hE3B*z
zU;D^%=X;V>AxL1O2v8eVqtn~ix|O=mfe4Jij2;l;YN=$PE*7KzIlWD}D;g-vnlAJx
zhVa!Sq31_^@yZozTX-w)#S>Rv6|9=v;&u4dzYmSY2yb!j)Qy9}>G!7e8;kmS2}{9o
z5G8<DFh>iVU5}M~D%kQ&wl4hN90aV87PM@0&F)PzS1Td=+=u#AxhdV+Eo5Op13By=
z9EdQWUro6>jk%vS`O)q5N$XQZ3cSpM3O$$d2vl5lL7FzQQfLGL8?)dE<A@>soYvDj
zFb0s!g;dFK*DF8LP?B?7yY8rJk$k^st5pm5TBDvBOa}ss1#Tk@`phEp*?Q3x{?RZG
zau~C}2kKaNexmdWa2fcoLgTU242m26a31izI6ho`wrbf$BG9|Q4gv07+aomJu~&?n
z)10rH!^f&58oJ90nK>ZG{g1e{WjSJr5yX$bj#j74Ons+~Zx;ZVo_x{I52SJ#U`}42
zeam^Gf00NOC=<Utqi(cb1)TN%HbxURDNldZ^|NAcul3(ISg{xAx0rH+R<0YF)?p%-
zU>4*u#+~M4Q9;Qq?MJ1Cg;MT}@`aiIvR@oeF1pkUZ@xkL4@;~hKW=qs9Snuu#+5Dv
z-tPuwUy$I!lX<Lv0Yb`3gh=B#7QlvUlwf_4C6K4l%h~T#T80H54|Wu!gPF2-j3tgB
zg4Ha$Cb^urf;clyFy<(8Y@fgTvQ;_B)8QOuc~PP3GQp^VAFf@G2B_sk{|XX+*nc@E
zc+<5#pyhGH)46D~x}w?f31(c{Wyv;*4tQld81P)KNXDCo+8=%h3xz0Lb$_lk5#>6F
z)EB7nmQa{z%ZPd3MS4B<jo;bh?hl7*&TCc`?d`AzEmQ>OyGiLsPFcr`mrtIUe)6yc
zaxfwwZ4NP`*T;-XP>0A7e9c-~7Cqsk*P~tCpwWqDA;P!L8TI(kTF&Q6`5rjTHF-HN
z^ASJho4?uBDNKKStnKz{ZpD+72AVMip4M?_FdQihWK#Hw>8llgKgVK5>B1b;5N+`O
zs)Bb`8ys%}>Gu#*!w30Bmye(?@p?n?kZMCsQR)R=$Kr_BA@W{?AKkKHrGRj#MnOa9
z4PSO;|9k8-ruY2CCZ*g0hnJb53IL<k|0p{1KqmY*j(4lCvPzL0ORkDYl6y-km9k1D
z=PD#AXO3;QC81IYv0Ph{RIZ|Oj4d}g=E!a4Hip@KZ@>Ni_9wH?^E~g@>m5%p{Pa=x
z_W|bb4e;T@(a;VB73Z&%9bE?CyU5O^Pkmx-M52v&d@V&vm-Mt<2=ZEWCAj+^qaV-K
z+_!<8b}dGfAuterOy>A5tV}T2|J?m2?@V>BOB?$)T%g~#hc@JDyMsdGC^4e~j;BVY
zYJQKJ@^=6{Ft$38^Bw$po>v@2*V*)WuiZzC`19N^lw3yn(%5i3aDkYl26T581<7~H
z)+2Q&D=)(4&;3Fq-l+_u^Fg&QAXnN*mb#DhHR68$MZB_qvZZiHY-UqU_Y>cl@#w_>
zYT4`HXI=*>QJ8+GCTfMR(b?<mK7v=!9Io04$d&VZ{lz<|_37^vI^xzLv*l77dS;L{
z-;D4A$gRzm6SL3X^yomU1-J_+erx$EVpYz<6_`9er;??c#%;DJ7z|)$Oe)V7o&x$y
zmwNJX_kjk-QE9z(tC+d&V#@3KpyC8AtQx+_4rwzKtzb79#Y5f9H~N?ulws?kDQYqj
zPOL30#RN(W=kL{bKfJMpG+j07mg)c1S-w*gb{F%_h4<aS1&VIw$+ByUGkPbPcYnY7
z0ZabAuX4f&8M$mruX024HF_LsmqJ?ZId;E@SwR3#0q|r}9(p=?;?a&blCka~q0q<w
z<^>ZYNW^<a%JpNYX5QzHdfRMsQVbP5-}Z%I=Z*Ylu+SscX2;t!^7X7{lb;65IcmV%
zDPnnh(5;vh!$P^?==&H3@8&#vhY<2EH|bI0D!w5-(X;xyfy1XlK)w1x#$qmQU$;UD
zFyOrLR4lPpnA_c1fZS$Mi2NaPLA(d+R&wP%r?tNr{wF4IjFIpP?DZf@2e0~vf%acj
z<odc$E%qqQEA=YOSD`_*ntM!EI63ejwUeG%I8c~H!C7bIy^?K%A7kKiqdXI|qTNxS
zcD&sGPF03=V+M1~Ts}AkMbb{3T-Z#EZ#Nl3#J96zH`1#t4IY77FaxNryAnmFDRD?t
z-O9S4<o`KzuEzo#`T5oSg*##Ip+YL7uQgCmKUL}LUkr-zTi=_HKTP;urJp4_K4JMN
zrvB9rN$vwU$Is4vC+z*);8>will0~uvb<H@dn@SEKl<mXMkRZ|uoH1ti>gs4KdT(T
zMG1!+CI?D_(4&Xr3!vu25LPTkQHNBthoV+$c;n1WTtZE#W7)wN*Igq&Y<h-N?NP>S
zr3cwYX9W}LLhmB=ukL$tTsl`E!$0n~48uF9$Ajwps$MU6*G{d>oMpHG(i7FT);(ND
zo61#WB{yzdi|hAQNG<PCdj$YHp$+&j0DOCdi%P3t??zW>C@H*kPsct4sIQ)eC2wzW
z^zTy|6@kVcVmCBupymy`qgNT3;-4l`;!M-7W<lu-VJRj-J<k!7hCC^j1%@s!IfuL%
z&`f^<nE6Ds=#*mK=1{n)EH^!0%)u?ykza3Ikn2k8z?N0I!t}SO#ZGjoF8}CXJ7Tw3
zjdoaDVDyl?9{xBm;O#&#g};5=qu*|5)#X2Mhn;>}<>rF58S`<3JelkNsw-_1V&HXR
zdWJXOC_?hDzOURV&wHT)a4`<|)zD08a8$>Ng6T+Sz4SYQCj6FjsHEd-C2!>k3Sevc
z=1LZ}n6YxrZ90Ey)X@eiB4`LFp7K2M=tha&!QnhZ-UBk4cl5xx)F3Ri%9dMOIsHz!
z6`sYM%(=P>o3og!Ke}!9{|z=@YQ@2tW%3$(7`vtru_^<w9J_Dk?8R}6k}ej6t4xGe
zz-xg=?nA9>Lnu4cuEuh%r%BK+b8Ji3VM%&*6;b!nkV-+xhBgm*<sA+@!L_~Jl+zTU
zK=wuvi*lZrG~*$k0Xmhr=c*3wgom7+`tk%HlsoX`<(fgdbCZ#`F?5@Z;Ef&X4$N>p
zj#QO7*%Mv2#Y~5i9FJ^%iZH;3N}ipPSCTJY^_w5jIArrSx^zso^ymYh&O7}Wz<%;~
zGA*}3JHtYK6M4ZeJP`mnqC+A^L{Phmb`qaeiF2-Pj=6P~OX;@xeN#KA0Ep+%yS(-y
z@VDT;g3@g_dhv7L3Xc<&<<_)Q7Txe2b|J43xS|2orZ{iOuqY;0i?a(?f;H=GNqp`T
z2^lQgA4#`CV#vzN_t_FAbVtbfv7+`jxxjDM-bKo&8<!(Lw=WoLeeukNEq&1%U{?l5
zaHF2Lh#bnUIz&FacW30sZK}?L4<=E209j=GwT%L`GWyE%yVt*LtJ4i@=9ilPk_LwA
z%H%xTzcZ-kamDnmlB_n?e)%H_0f8#YsGOkNZ`}WyM66j`$Z9j##tGpk#&}zPJ<q<l
zgf{|_JMhn9@5pE1664hyN7*U0xTz`9g9>S6kgRn5uXY!6RbVkzpxTlc@fP?K<q0Ef
zg3hIl51zudqPI!g56d^lu1Tm}_3^EiY%(+zI;vNF+z#F;#`dO;mGrQN?42_V0c-DM
zA0jjd(}sVkCq0UJM)=1>ndCVdh0z8K2L=exU;|ko>dq;zwc+)!mh=-BpMN#9N#iT8
z<mWDIiP0P1O&zeP;<--B{#wUgd?csC*OE;&b77zV`Q*}@AvVEqPY7}B+4cl5+tR*m
zN;UOVN7R7Q22xZQozitD=9c-?$1@og(*2(7D@49L)eZF!?_2JaO$WADn@H+j%f8b5
z#W-G)gqDVxIBHjp+F!DyL)u}UJWx?`4@>3rRW<hjk3&MxQ@$0hIP)i@_6S0-Bwyv^
zx}j#*TKO8SGS3m4F`F$bnb-+iH5U8OL;XeiJ`ZKj+V)kVPgey0*+wr=y~n$Uj<b_p
z3kwqBY3ftlon=uMKE5}&|C@i?QungX@|a5Q6Qifz8{xyYuF0QIG!Xy2_0A?%4L*-v
zab)xh)%_p7((q0vL?s5()B|ft&QlursK`&IVl{o+hrFSeC+_4b%t0;(wVwFF+SOi7
z-Z*-fy|2A+K(ip|NX}puYjaZEe<wDRqB)5HLwjtjT32MhH`QFYesXYe=vBnM-e^`F
zCp&h`@xfe1A|PJtXC})?<?)P;gi`ZCwi>}A24|(vOXgcD0tjd6K~!<K&_wg=`@_E{
zS`6NFw;m;4|57cVcwdT~{R-xX>$K!PEF9>Il_2x~%eNlD*>ELh^1P{))wm}!X0BL-
z<$KJ(sG?1jdG>D*A8Ra0v>n_a3u|6U%C0JyOY+6^u{J*Pcu?z~6OuAA#p#I)tC9e4
zzjVPpLn{F8VpMseI<7kO%372>^>>^Zmoeln)r1Y*ELTr+gGg`BzJ%YiX=R^Ej+vZD
zbKkWc`1=Je(gcC{E<PU}$g}Hr?U9RXBT6>APtn~kKvqEWTdAOeaRS6f{{Ig@9$u$g
zVwF7h4JoFBt_DsQ>#Wu#yO+f0#~i^kCVK`uAvn86?d(j0kDtac4=rXKzE=K#C&W;E
zTw8C3&M$69dM=&v$4(=z1E<YKbJ2D)I$PQZBZ!y_W9PLFV(=pAW%V_y2>yH_{AWs?
z9nCMe^;bPHF3E@z@pT8ENL)*3hcy0f6KJheEzW%Uo!a=vZWW$U*<5P;7BpHtW=72m
zJ|Xj<7L5MD{_ex5O}5}h^BjSDEY!M#C$OxPrB%^n>sXrqWK91wkE5xZsO=3)NYrd1
zDKW-T`qk*$Qk!yC22pbpnYVL+lM`hku#cfe{p&JV7Oc0m^%i`*u{>is&)5@1icgFB
z2XC>B5M^Q(pHmptB=?aNx@O^jrg#kbQyR)*IU(C|rEeRe8&*@76!lY?F>26YFz5(J
z_>Z(}I(pd%zL-fH6y@5b4XZT=&~+Pyu3mp!y(3)G)PTpYh51D+`_~M^UT4c{8~Hts
z){f2{=Q36=YDC>+d4QjN_R2(8&DJv!*wWFmkh1WMkyn7RBi+yJWuMehC9z|zWoIq8
zrWLc}YZKP_QJA{&sCz(%<nu+GTXinjoztPh0(Grb&C{sHBKjPu$6<pU<l~)EZSGSR
zJ!^3-_&A^zBu`Nxn*DaH6DH<4f`?v@X7YLc#jWV<S+LE9tV$c{iGM3`u5~sdX2HR-
z<xX%mBQNk5%7$o3(X_!et&noQC(a%__BG@kS@rp9EOGc)gPQE4LJU{bJ%vukrjB`e
zhlv~@sLD4+3C%Vv_%u540koV6w3WxpVvdM>Bz70MElRqn8aLx7>MR&!6`uF4Ju@4>
zUFa?$dgg;t8^^p+F)_ep*y+lkB@$@be>>gzO&p=0>Wx(Y)_mcJm0O9VT&@V_)t7#D
zt=-vRtt0%X$`}{T@Pv0Qx~pLC8zgPXlBMajLCG!Iu93_uvk%UJXEQ+C?<K0TXKEKy
zJPf{<-~`Ay+CyR(+tGPT%#?UFO_~Kh*76GxEHo_Z)4s&=AP#12T(i-MU=BP34sWmv
z`6$j8d|l{q*xgInOW3RaTq^f3RY*71<tg02I3BZQ?Stzg6Lv%iWNo0-08?8i({YV;
z*zaM62X+Viw!I+Vp{HNzbT{O=?50Iu%-d;pNEs_$@Cxt|kWG%Wv3@ScfP=%7g&9k+
zKhPdtZXfH1V>b(plcFv<00J~M<bydF{hLvl4#Bqw=>QdH+GKqHalm@?n>6q*!Xcc}
z)$w=3hD5KRt^COM%L!9OgidAZ01%}yv+>B^k1eqPQNoj={)<qdo8*&1%&ms5BxBB7
z0C;AJW7VSYGh}A`r^5&ZGfK%2uMXrjy|D7bEMw0T?lcwV_1(9j(81fS*fo^8tu=I=
z0oEmd$@<0@K%0vw?6BR)uF2RO=Hr`%@cWwtFTV-BD=J@{n=T{1MSd5#{W|y2G53?n
zJiTR<AN5k9#5+oI9>oi6Pac_imA{s)@KdXZcHjIz@$b<&*3+w<=xel}(bcO>pPDMl
z69+9!!uG(jiDzVG-p^qT#9ovedh}s_{S<C7N@pJ>@&t`u9D^CC^Hp=u!spKa2><xo
z=Xt;3e?#ft!*M_OT^mx@oKAdhKdyrRQBuvqr+rWe4yR42CO4OYqDY&K&CtUtJOt%c
zbC5y0=GN)yx#XGejrqQmVtW5n=&XlI4JG}Kt>BB>Ux0`7lREp4Q!0xnn0Tf<>F{j2
ztm_rTc9-PA!cuVdi{XO*`Y2942F|`x9r^0q1KDjy%`=Y(^W|tSI2G=~3NFXI@8*-!
z_!F9TnkZ1B))g1He8~LKKCH~#c&}1k|HoDVvG9-dJCqXPb507!K(={YiRHGeZD~_x
z9H$K23+yXz(gI5Uw2I%2S&86$y!~Y!@Mcfgp?J^D3CBqr+V9xU3)JA3&<vKPvOM{;
zU)S@U!g^+Q17VHuy&0+ZO6nY1Dro)Y(u2VVNnn7M#9S3hxjnFh|NT%U$v5ZgWNGlT
zN?ZlD?DJC}Cp^cA=m1zX91o(uAwSbfnLv{CSSPr4o-7YavUC5RM74Lp7RWL)FW8H>
z7^Y)}>e6vdxn)(Dl-^(OW7Fi{_<9lDfL#cg`%Q+#1iO?p2@hiL#N2nA)7y|qY}>vJ
zQLZe-+ps@`2iXnGs!gh_3b0R6FBwzg%8Q-!39L3Oi7<r?FOXz%f>S*=PrY{(Uqan3
zU&|hlUB8@<DAR^k!+Rg-Q_MS7T)~g@8Jr941L4aT_B{qJF^q!OS}(Dw1i}!Pw{J$r
z>^}>Y*+i33`Z-$EiiG;J!qR`+jV(XbVNcGnkFr-G!~QDFOB0>KM#%fkC@x%KWx}Z2
zt+Ym%eg9<ihw|>wWzR)NYH$Bf=SJ5e{|-oVbe$nG;AEJGTUcr?P$?^pP!>hm_1-ek
zcJ`P>8UBt^^oO5(u`1gpoL~BT`u&`qey3lqH{HAyryv1JRyC6f=kK^KvV2hJ4Uchq
zgJeJEI+c%m6V-hr9`kXn6L{Facvif6He#wpBPnKYFnkVjvP*#oYqn>g>`Mt5lFFDi
z0P((*QYQ>Z7Hqarc0@JJT8UMeR<9p>E6a6B2?5gg+I==fl)&9vw3L9<wLHKK5_%=L
zlMinEB4aPP@GQ3zkS5)?a6iL{cX{_NKxhttxK(5+e8zP!GZB6SRk^w$q~l>P)Re&3
z(EZ|N#~aN!!g~05NY_K;7p(E0<aa%`LqAyCR8tk&K3LDHt(%6Z97k(RwJ3I)#WQx<
zH?&96`J3h4I`SaYDU`lR19W@1=-g-M_K6RK-X)y>(F6cH&2$_eVM=rYLujHsQE~x|
z56{-r?y*c)?!akrnnWLFP=x1S{bmr`yFIj)ZD;Im=(-{WrMrnQKx9J`vdki+!@i_-
zIzNCo6}7>)Y`cZGV2915A@V2a<=2d-Mg2(tu9p2!0Y7xrt|T!JdURtUCzO`*+epWl
zU}#k-dNqcr_fJL*t(LTUbi<Wi1VvN}GRCSC*bUqtys(g7kGcBM3X_emz3nspGPn4A
zP&jL-^avoq%$1wfyL#g5*4HEo4|No2R7RW(rS0@KHXy83ak*)Gn>YY+c&5C~VW?U#
zU}|VdS~{!|h)fNa7>li13;|c>qL%-7jOfu?@k>$j=#&4{aCh{il0e?XO>BDG6h+=1
zoxA@Sh*{0<UAm4b)g@^CYo1!*6}@kzdA)yoqfHjG5^cSm7myFV3YrRTQT5(I7}XKT
z&(~8$FCa<V6u5WAYa#OjkH`Z%SixKUbN71Ys0Ht^oXT8HAGS-<>S;V#C4DT}zjjN5
z=hg5jaHMR9F+sCNMH(f4Qwhks@<lZq7JV>v$SygiTnhCzl<xRqVgpNSav6>IcQ|zQ
zwqW5RP1j((H+|{1XDb2tnC^m;`?@YN?{SYc1BW5qL$3gJvQx?KZJ<r3aqWDn$>Y*H
zRdY<>@atf5_#a!EV4|cP5GlQN&yH~xA?&WNl%mV&<BCDA?Y1YbN+u`;;P$lQ2zte*
zi7(*=!74?o9ZNMEaa+OsoIW_*p{#;IshQpcQiNum`$Kx&=3$5|;|y7Ev0M9budUO1
zCg>V!InuOJtGGdb`GWh1GJxHk{Z@vM_bU}-_wbH&(E*Zq{SeNbDV&0MReAn}*lFv+
z#;}1<Gcm7U@U*?Xr)zd44G+uXyy68M!9TF%uH75CfG(?bt3A5x<l5{PDf>B~(xsf@
z!t~*oVUNoDMOS_H6WnX{e3m6VB&W&3rnS0avu%#sp0QRHbY5X*Q+xLw>BO^DiZ{iN
zp884V!4e_M1Qw?OLUmA7s7O>I%%*6{m7o*f(~-LLJ1DL(yN#U+Y%KEoJw<W3fZCoY
z+d@YFT238M|CF>Y@k+9<=!OFP);pu`auiI}9_0TrX@M2IfIp6x>{EA;8<}ecwk4C5
zydOAwonVcV-{gqp*Pa|!EbQQx!)XtBm(Zj2yw$XX(K_sy&3jq7=#6)N?(l10`Ii;+
zjyOLz6-dIBr{UKN8IeD*S*r*I^E^jFs^4#6VklmkK4t{cD&w8GM}G=F`b@o|LQ6(&
z>h*?|5b!C9DSwAOCL+3m#7>UwF9xoTKV6j}p$k#j#1zR3ZR2Aaw;lqxzIZly0wY5K
zgs4u#H@9m^`{g}c$%vl{pyanL=5zSLRX=Rhw@%L;$PRD*v8!5x%pbUA9cSCan*up~
zKyC^;+JtBoODU<s#oTu1)h&WV0`iqgIxR~g&w_WGmQaQiS`fxt>1xtT(NApOyHcu;
z^ypkvG#Ey{^zMmEFhrTwjfI^Gg_@L!f(#yF&opR%9*R)fEpOcjrGJhqPc)TNpiAKj
zy=8;eCfJLozjta27{|(lZ}So-%{T**N~_`TV;Uf-5JV;XRqx`AKTmTIsBe<uM*CqY
zB;Q#+D%p7n^-@cY3OBE?Mpm~9&k}!ar7Gr$f>iBHm?5)UQT~Zb4xK11?^0prdzyTo
zaK`b4ixyt+@k9P7=DAu;d-)!CVgB&g<MJXdVd-1`z1C4n*0`S*T^e@yprCZUJ8=ck
zcz#+)A=d~?Qab7BmEg^GZ8T}{H=p6Dfj-RAnm>U3cH(76XE)k1L8{*y-Ql#y=8Z&S
zah~NUPg~`Bj`41^{-XQ!RfqA{Ecp+9%nmYN;&|uxj$sabcrv}A!ZiT$U3z9Z1bi}#
zzl{ux+4B{2RZopLw<$7M5$XOxlq<g|(QnC*upe44G2ufTUAXHDmd?rft_xhr4{_B%
z-khbL=fXmv<QK}4<7}Gjs>$)B-XX{-cD%mbYcfqvWb(f>1gte4fGksBQx2ALg<%M3
zwA;S>Ng}LpO!y$u(m_0SgEcIv^6_s&T)O&6Op!1uCRhCW9Fvkyzg{(|_2)R<@vrw<
zob@k}O~qBTg+CfW;{n5VFZn;eFF%>XWSmJ+_;U1Ru5w8w!zn_`myQHJKMitf2YmkA
zdx{o5tAN^#mY$LVus+bNLqT0hcaEa9zyr>3e<qg<8`wCGrOuyK^gIQPYy-P%SWG@$
zq6%R{y<Sg9Y}rrIR)stTt#`SVF%KJ(<d=-8Q#6Z#rD@q9&#DIrmcQncbE&%pvndT@
z4yLEvOz!Z$J+PC$3P!!)7kxwxEe~&}nreD_O18qcBF`7&9C|w@GrEJk{O}!395%At
zcEydV?ZoyXzc<j$qK_T|2QIj&fAsV3_73IE{gJt}B8>K<8RI1mPSIz%z7gO7``jle
z#(!ecr&=g%R-1Q2UMXu@p}x12>6KGBjNhL2!Etu4@q=!KoD=Z9$Y6ciOw<lgkHVPv
zc7Ncqt4E~?#kmDh^8zfdi(9Z3y>DC@a%EV<0#=jd9%cDZc$BBP!dDib!1A(oBtG=V
ze)uY1id|OfpEv;6LO5>Yva*Hypk%gnZ7Els8j*gdo32v#qIM<2d(3LGID3?LzAVb&
zB)N%Lydlb-R~;`|)Dih`CZ;NTk{rr?ZYIh)YGxZ&;%66&aZ?!{%R^YMk{#udxZAn?
z!alZkj|Adm;{F}l8r+B@zf>*O(n(-wlTIX)q4&cS5U6jJjftT>KByF#-0M+qGv9i{
zwOS4S4L><0l$T6JNp``nm@s6fwC#0<#7O_rrQ0QFQ7k@#-bc?OCWS*5-lv2<!(0k7
zn@E$eS7;M1NoXKpZ(7W#C?W2HLU?k^@>Gq8Z!!Tnfv=Ge_=`jmGKwiiF3WcEwEWr?
z<Ucw5yJqkrpeJ8BRi?V{jR4SAS(tjyEw?XIq3zBqk3?<;Y(rQTX9{ZjkDg$W;h9<Y
zjrW#*`AfKmjm0?oN|k9J&GryeTabC4(X|F!bZiQ&PgQPoMQTk!BRi(`8oN)tvPbR4
zGo<p(-0YRbBu+;bYad8F|NmP$iPbv1(AwaXP*h~Qet~jR%QCOo9`c1UJUcz62>AlO
zFg+Mr7u{g(RK38A!0v`Z(&pV!_pI5^RU0)x;>~vNK(Frsy+QG~I8L3}t%Yp=nBZr#
zf4j5)+O{hFd^ElGXe+xdoM|JchHDpQm8D_wur<zyM>PoGVVnr-aHI@hcdw==sxiR;
zIhNCS)Z{G?eRaF5F1nq*rH!;-njHPY&gzTkOeD#0%#hixT01cpv$-3*XP+p_c)M`a
zwaMga>BP!!hJAV3j^eV8z?S~jPI2#-p;=zo1z=eS2t@m}OnPqe&a@)xdYKvIzI#_1
z(C#vC3uvvBeWs-{W+P6X@^eGiN`faLN2a`KkZZF?ndttNL@4)Yn0!|-vKj$GCfO~o
zPP86oC|SYutST-2{@FB>r{+9m5$_n<3y&urg{9BfMJ@tLTG?M_5z|jUjZ&n={?;=-
z6K%nx)l&pKGZ1^X9DEZ1qty-0WKv5F`oW{Bbe;-J+{okh^Ri?QHjpdMMUQoFMkQ!v
zLQq}8aDDMQTw(NG*-3;qccbMqp597s%8ece{|?+}H99rf@Xar9PRBlP$-IsPs<FDj
zk=|2p5nTcH?GWZ9vxiw(0(W8^;Jx{qHOMfgF$boPE{Xb?pHzd4%Wmzp&GV+~df&$W
z@edO31DCcWz8WHUc=L|1+X_-E&ty=Z7sBo;ZG(<jc`fl#%s_yiK|)al>QgKC1#^i=
z)+g|HlD)KMPbN%4<{6xC0C21AolH-WID?_RIBq?AecKsc`=_c#wjIw=NMz2_23kM+
zZ74CAeCIrD!Sotaeh#STjq~mw*FPa`gSy5_T~G7>&_^ZjW_lc~3V*w#J8m1nSd6N6
zpg%j$CZZWl(nqM;Lyv)F(j2ed0d{xl{2&jBaQ#8vIXFjAV)diNF(+jc_V!2Eg|`l?
zQN!ZGRBBY5M__KX09<;C$B3Xk#Occq;GN;LVMT)h{@RHADBp<2?LoEl(%p$Y$`_g|
z+xA+!N;KgoW{@WX{9X5zp8t&8?s*uEOk${~1=yij<eIF+_7mt39k*rrwqqdO8N@<h
zZsbI+P4zr4W@opWQk_>A`|hi?gt-V+(+S>3b&@_Lwl>#A>=&VbIZuI}sxeAPhD@o_
zl2K?~+lN(AF8|5xStb}zpRBpAcWxX>%G?biVZ1%G%r7621l>9t+QOWu|N1HFMJ1jK
zGn$d$sGc@@4CdVRX@@iKlF(Q)&<RflCO0scH9%-O5k^BP7bK8!8r@|rr>H6B)W&vO
zKWQ%ll2_@AzIRNz@Nc-$v0>^aI_!YC$Q#P-?+)!QP@(*7ieR-!1A6+ijVHFA&xaj+
zNzJ{BFu{Au5$(t7i}?eTpr=|@mjsXGt8lZ|(1+sbDb$xaZAqW7d0wG`_kgm3qEG^+
zHgX~cEe^O@chQN?up?=W^uB<YrZ{Z3^@0NcGDGlrKV46xwa+VijdGv{`{-#`h=GiV
z6m}cLFCYlQW+bwQe=Nzr31oM~*Qx9OVMeV)?QE2F@>-3n^oby@;^IVc_wTz~W{;K3
z-Z{zqeqy6=_y$WIg?|@|%zM+z1mOIef*yy{0uc6qF9uE#?*MN)+l0#ag{>e|7DZJS
zD7gR^Obyje?8=^NwT96V$7AhlF3I`IZX^2j_3&A}MT{WjP3CtQxJ`LPz!YDidcm|I
zMaorM>}qmOG;~X7DEaGD&H@Mvv~VAilj4hj!*-I+SF#4=Lf!d$C1#(FFjUzTGg0&4
z#xw8UqBfr<;xZ#X(q#iqzP+~C+dOGRqtSj~Bck5w7UY%+J8-+CuEhJGq2&>IRmP*J
zn_R=vHSB=$y{-gX4HYcWPr3(w#d@x?gw%PKYU-wIB_D09Y+{@~!-`AkWy?bHhs1JO
z0x(RF4^2vkcmzn^i5VSgzv6BxfXoy5K(8zNA0e*~&Y#kXY$tkX@Qx^mu;*x%@Mf}=
z<SxxWrfx}`Hrs&K+(|eZi+-5lBt3NCEBhag(I55$>O!vRSL{>{zZLm;cj(P;<C7#o
zAG9Mp@`+Y;TOFqEq($VU!jjx`G&>(vcwyp_G)W#4GgX7(8kkP7*{Fj@sv{<QVNDQ{
zZLWeFb~ZqZ|MsTX0_;8SA_=0pRT?ALv7ZFbnRu_^5#RxFtT*zHcg#yMvDf;tRB_=f
z>i5O|qr|JAGBI;snJD=Nvs|mpT43C>u~tZvm)%n9Qqdh?bOwN+mqO&fir4zv3c`l6
zw9hgtq_sil<u&m#y^QI2vyADpzA-H>mqNa_t}cJIo4M|*VmX}{K)D=5+v`hNs6lF@
zj1NgS>4ne4zuw%NFBF!h4MGSzQNCI1&_k@&Jq_4r)q;<I%4=r^Px0%!9kcdkc<ate
zG?Q8#RR*mkiyn6wS2wZ$tWGz=slfl7obQg_ubujG>Fi`UVh(MD?o)^NToQcMR3V-M
z=-?Jfe9YNT^gG@{@6toukOD%K4O{!{FKm8#^ZLfKtd~z^iyaRvj|4sm`A0aU8f>Ao
z&IH+l_+^>E?WtpZamZ`c#Sr!><?Q+cBBUztehD-0QWbf5ozhoFT0p=5T`Ue_`I?r1
zslRl)*mgdlQ@EaM#^|uULs5dGp^T8mX)0&0MR5OT%jn`?(@hVGE3R$pwL7aD{CUX6
z={)M=?!Tq(cHE-flNQXMn!DJC^<L0xr$>lR5A1Y`<cb8a>opcMU-lw5j*r@c9WQ1<
z5%gl^$I$M)<rv-V@H5tnB1^?RPA^c;tRKyUBdD>EaqG^Cg69~6KzYLgD=O`0xht#y
zngGF?K`z}L0ahTO82wUDJrO#Iv)!<S&cQEm`)|1lDag+G8H;)(RNqgHD9e<|K5mC+
zxeM>pN7;8`hBxxO1qbE&<z`@!PmCfNozJx8dPCyNn+{jT`?oj%Jyk@u^($i)`)g!J
zb6edAtA1`HbrnEQL8rTt_yWastTc6Qm<L9O3@Tr9W<B!^C#jw^1-<3XFKgJk!DflL
zYzoT+pu~owKV5~f|K;1>0Z_+2B%171DtktV@s1U@N2`J@o@pVkMK*RzFxL;rCT~C=
zmu=ua$P-D=7LwXowu<s#%j&OOzDD(td9Fb4hyVUu14-dSRN2;`7uPgSJmp}Do&ni#
z%!5EZ{vvJAVaukcGF(Tp2e20&`wDWv)1T-0<`nPf5xZZ}#{&FD1R-TLRB?JQ<%Bzt
zqp)^eAG9>vvdi_6_%e^2!@Qwupjo^0DB%VpX(gWu9xpM=aXHHkpYe=>mfnzm$wjI9
zZwFM0H&pL0<2OtTW1-K%guUY;y0*E?1LB(wC3%e!S(O@aaWS8xbJ=5uhL*mS_zg_S
zwUH!bIh)R;xvJXvelV(C^a_dKpS&pkVVx;9U$cpSwy>jBdc`3$==qRfba{W972Vcd
zlbO1|82w~SKFrPdY&lOilEGSAz<b}6^AsQa(<MY3fE-5z?w6OxhE_$Mt^0r#o?$oE
z!GgRM5!WEmVM;R=15d$eH{A9#KMfl?M^OyK{(Tj!WOv|_4QPu{BOe$-NltpI_5QL-
zz9vnu>O_dzplP00#@}7HT1>Gc@dnErCW@b<de?4bTX!lSmfelKr}r2~+~ep$oc4(L
z<J9}t=@z9eAmRs!H)hRx7_arruF|$Mt!6key5Z=}O7W`UG)*UH!qUYqWHWtf6ei4r
z%cIQgu#1B()>|cY2W^5;Tu17iTGfZJ=GXQyLjl_U9gex!j7uoNuO&z))<BkpY(H!h
zxji;$o1IZ?NPI4OMX+D=8_Mkx&xcc`7v}u!iiwwzv;DNXWd}}s_DU%0p6s7LQF^6T
zo`{jZZCTqGBO%Ry60!^ql`bhr5rv<%DV*fx>H!~r!Its!(!Ue^0n#0?<{v?_x_Zii
z#BF*D=$%oz_n*n&CdmQxP~YG)*oEKOj*nXSZ>N}X+=;te*=t2X$i<!W+jd~Y!}21J
z{Xa|!U?xv?v<<(Hc!N1(elLdD!uRX8f8Z7)*VU``sTL_jN1lze)O|5cJ=00~^kPu$
zq%+N^(bg;LEsn8-|CP5*^!|bkCx_9V^&sZ)<)P$-!2hsTM=#iHs0(%B=XeW)=-`AC
z&2+Ig{z1g2j#tj{j|{2lS$8n^&X<0+$L+9tTU*zBI5Eo<;w6X=kL(`P5Xdf50vSG)
z^OI8-<iY>T``6nQf1PcbCS2%>54O=z*=>g3Gm;~LAH`o+i)RGq!D7B$L>U<$8ay2x
zaIcDn8T+{o0F0WEoNuuZ)Hf%Vd29uYJ1@?Y!Yh5D%nod}Y-MP79rs(SG?!8TPgPA;
zCdZv^ngc730@iZp^lGe$HY+x>vzaX(5*CBLCQ8Cvvuo>z7gVM__N)9<g7deRP?*n1
zd5+h6mE1vv7YrL+`<?@DEmYr}6sPo=&}jG)b3ta=9^&#DC_(HUd078$X`}27#W1<%
zXPQW9^c($!YIz&|eJ+|=7vf3{uY^M1oSYo<lgF^M0xM3ov4Z<_8hye?&rj&<^}&s#
zqaFO`3N@r?3}+#*L#h?N5;OCAvVhTNf-lUd&JF1`Nh@%hhhF^EXnc7$<w$*H^@?s{
z>{&A5x&LU2sylVC()AHU404z$DMejJFsvp^2pvMv(SR}*rdKqM%2OTFAu0MQY>zTu
zc>=xlkzV%zHmWpiT2@6rqY&~B#h|P%Hc4VxBkN1a=Lb@1Tlb#bbkpC1sKY;U8r8)`
zZede5^yQcE``g|$*&iJTsb8@9fi2vq37TC!Q)}j(dYdsrb)L-m$W)vfgcg|5Vm?s3
zI{6v$@Zo>!M+t>XPeH%mqTD1gNyckC#J71vrAAJwW62iBaYmmw9QVO^de*|KDBC#I
z1KJHKk)Hfs#3jp3wUu>FuI(2t0V{*PpRpLJd|y(U`*8GijEG|GS|0wA(}PUCFG;#R
zZlK);xz-K|-IK4#J|KR+*kRIxguj%P<Uy6}Cu&2kzFy^jWd-2|=rwT)2}iD-^c*GN
z*@tS&##A4li)xoGC^TDiBx<Y#Eg02;<sAUrbrz*AG44Z5v0bx;Y)>il{y$|K+1Eq<
z{3lCww-z2&n*4q5jrze;>G(Nhd#A^OvmvnuR$M&wY+`nV`JAL*Ifw8GCOOd`QUZDR
za=j&2Z8$Abh5NZy9~_SpNvB8jisHI@T*LN;PW(!{A-qW3Kn2|9Y}_F_C|hqGT44(-
zMWr?>dDD%?>8&W(oVFsjRY@al!VUOat4Am5KedT7-@CaA!Q&yJGq0so#AUe%@9eVG
zI)pPhe+~dtx-E@<DO#>$25(7S2tGpOzC$Eowmfw;*qV52VqR}1uDdGY_Y0IS@xPZr
zp`r1>b_0VD5@%F$sQPv095%ZZ*o1066#P(l&3|VkGtcrKT_-p}3wBr@)Bm-WC%nBJ
z?%#gHV-_6qooi@Wjfa*b+%}+f1VJ5lLhX~!o5Tci!U}8?0Gv8N9^}a?_^kMZDC7^T
zjMBNP>`m!nok0w@ntii4)NOksVVVLy->{N1J(ibhh+ALk$=P?YcI1>OaAC$G@hPx&
z&ExZ(Sv|t6<S;)Yd>?A+>!1%kD0u?_F*A0g@dtpCB$I1`f-O<Hg==xmo9oWK1%E9P
z7UiyEEcPG?X|-+y_}o^0xIOppG_^!$q%7teL`u&I+#^nw$NRm$+5CsV+h@MCj2W_~
znpPLM$wm@;*D9WhKd;Qx_BQ#Yy=#>d<E=d#{~jXwaO&DyZ&Rp{y9@ePeb!VNWD#_v
zmFY!CSjVhdsSss_)A{4;{@VNWI+pPs51s-99RLm2C7hUfMv2Kf<e;^cjMj)yT1>QL
zozZYU2){W%*>C*7_KhU>TSWI$+~t<EO2J6iMwz7+F*BBT<wL6ky_&3xTL&(zrfc8y
ziRp<z(l^bJHZ5}YmDPNZ<7f{H<bpx*+4<z{>8Q+Hqmx&qdTeFh_;1P?_H;%_3fTr>
zxl7=7L?bBlZpH;Zrk`o@nP{%B4bIV#4F&t}j@egeVjdIygt0!CEGh)*FCui3s(9H#
z$j$LxH?PwyWL5W$Gjp0tY`T>Hie0LM<0m2#wEnq82frIQ`%EYy2?exs&@v>WQc!ri
zl46JpfIR`ZJmY=4N_-Sy>DCxQv1KNVQG)yTtT~(;VeyI!r>>)TZ)`asd-Qk1+ina2
z2)S}NF`Q&-cF8Aqmz>!*{9^H%a#Wk>BUr+HNGwau{V86cF1EGDPRfIF!M^OrBP;T;
zJN(Zluo|uzji*~l9S1tjzI!{dnOR4Z^;JjC`l$j=_+X!GAKleYDd}+-ePE|TQpvXW
z{QZ}s)0LN~5+O?Imj8uKO72!vI{E(rE{zz`*%=HFp_C$9_HRkNz$^hj%F8U4{q(>L
zY=@tqTe*`PAZGOeX`hCE6N}V<%C3?3j<Ec5;wkM#;Va{N`sT7XJ6j&I4UW!d8O<)`
zF?Vwb?fa>OZOsZ5W|&Nhh!FC1q_5wVMCN@+Bc<eSi(X_BJ2jYTC3=;ECdOOgvk%(i
znqBIFiv&iwuy+5Qy*k37K&2Q<%Rg$wm#_`+rP>x@9Ua@q1BKJU_p%jH=kt&!(4)7F
zxfQAGUh%)D)qS)dixInhMbSRSQe@g-@Pa1bJ;m%|BuR{@gE3w1c=M*w?+f_{Kb_<R
zbXGjn;+oZm_=^wc(;w4NX<e-*q}|;=Yo{j#@_y3_gmL6!5L1xI4-hQ*5}%MD_=W7F
z=qbE@Na<f|i1eUj>3h?!vCziHTB^1UU8;ikdKvitAdK;y939&QiAzgx;_8ccgwB?o
zy3%xp`gr&(vu7i5FuJ2vNtDh3hpdQ!#4x2kR~Ue%V;!*`^;(=T=izN~fT+3@%6EIL
z%~(8`8#fH%LZ5pcP1lre@vPCPkv$;GwY?azs-%PT5F|BevZxr_tEw$?diIQNO8R)V
zuQdxZ&Qrx62OW6Rjh17Xop;+S7V@UwooXq3pF4$~KnqZ&;(#fFYZcm*YldUf-jZi-
z*A|wDJM>zT-A~&hPKUNybjo<ULtOV-m{`b>ZpKvy|J*Y4#!3V^Q1tL{q<OqJ%;kxz
zBGt6kU^snaVY-vvLaaCM8qZh{+=#&3#A*E6gNM6UkwZAye$%o?K-EG$Po>gq+Pw19
z4+_%7>6c$SQWh?!deDl{cdWRN-gBGTRO6YriFRn^PeQz5n_});S-E)X!`{hrLclF8
zrumGHhayp}RJ0tmc5e4#M{tjgtd!0{PmjtT8!|cun${O#<ZsN!d1B0*sWeurUi2y|
zFX~pj?c3H0L{*V%?81+=`62Pmj?!*+d6C~uR-MSpW<(BpWDw-;3YVJ|-I_t<4pfU{
zafIkA$m6y5_A63feP*P-hHb{hjQ*tuK?%yP1bI=3G~$=}TBfyH2kxhb!^G`x^OXqY
z<dZb=f4IX9PWrf{p$6Htzp^NQJNi&q^5L&ZxTNC7H+s9Yj)Bb|XfA9%T4NRC#8j|+
z8&f<b9z=gn29ERKDyIRKN029ir5f<9bj~opY%r}gP)F(K90FLTfHUf~HpyShmA#`d
zNQ?7!H>EGg*b>$|!diXQM%txrJNuTXxYa4m^=UG5^&UkN4bJ$yRne<2BeA3ERwjQS
zZWF=sQ5-l6?NrhjZHmf`q-D^9QYG6KKu@O%s<Knk>Qns@#9#II#2ueNN<jTnfQc{k
za;dnt$3Z?9xh+fjkNykwi<oH=dVF7C_~J^+I2pUY`X(wkhw-g~6ou*ID~-R=id=Ao
z$oNJ(u?GWqi8=ZvaGf1LfqmbY9V}~DEx3a1SsRX|t`8?$ube^0nbl3KCrK?(v+9-7
zPlJ?Y(Z|0^V2JFIAUwB&9*Ye%j7|`xwj|#3=*>sUZ=|vfl*m(nFM85!Pru=FUVh$X
zd_Q&6+8cfVFA0qPEP9`(5HC9l?DJEn!3sFT_*vx-3ceAd!@2QV<Uex`f45HC3xV#E
zkm{}SpkGz*67`(pPT<~9#;JWXb~NACWlzqdO@d)1W+2x)rgr5UaEv;DHm603Blec`
zhXlm0v<VE#iz4X(vyseuGvkP-qTh;`jHx=W{{F&O0A>v@D<Y9u;|kek;#Oym*L3&4
zTn3*{v6)R4*9z~E$ai42bL)f3lZp0#%o(g}DLEGF9VN;KRlxMym2OdfKd`B{O7nAF
z!S=q(Z5y+5TW*d7BQed;KE)#ZR!RXZ62`GZtt0pM*ijDGs@El%jC;hx^jFWJP+@eJ
zoF`i0#nld^p9<&|KR~uUAjz=W+|~>Yh<=ziyQWITEjJT=`z3cfh#a}^=scIQ3T|0$
zrn6HeC-9>YKz3?_jElY3Affsk95F3Ih#!C>k6#h_2}r&Qe|)-TAtiJd>iT7w>;E^8
zMTOR<#LYH0Z_?pQ>$rJofxuMFS&c;a?h1st(nr;{I6+FNf<(H2d|RTBQe^$oqJ$pR
z;*h%VC$n5v#ZeW!NmikQyL6p>jD@Ci%ZiZuq@HOS?!-ZT$3GE#b2*~Brv^aJ%<_I{
zb9(&Ut;~-`oviKfoe`rqTd#4xPzjK6sjlSBU9{49Y+BwIhvcUu#j41MCs};TJMd*i
zyWMd9F3IYC>fVES@^;*VL|Uwt@aw@3MLqO$(-!R}ZWBiRrrp^!PSO>^jl)!Xmapux
z);Fz<7;j9D<J9d^O@|<Wd^!)lNw<W3it*6|p%EJ69!|_FYM@}S5;%~GHzK{|Z=xMu
znsB-twE^7=K{W}re_Ct9N(I>nsLy{hK9Pqfeu{?B*i%}}06YD}uaJY4>3$Z)*zc<s
zmM>l4q2Ll1cmKyGi<mjaD7JyX2r3sa%zHL!ohNoeJuTzCgibW8S9uR(_JdQ0n+F=5
z<J7;}Tz(im`IG-WG}8l;I=!8UxEON`?JC(GsWZBgNO{B1E{b6Ni?a=m*Yb1{`ElGK
z?+s31X1msIO;k{4ROP?4N6>G%n@OKkv6Z&0vL2m`!@)jM(<LKIamjMroLT=_Q&jSj
zZSt^{`yS~b%<{F1Hc@d}?pHG^wy^hJrTXkz%%3xy#yZfulY%3$Oo7$(SC8`l%P9L`
za}K}HbjcmIY+Lwad&@2%AjcAb8<Nk*tFXOQx4AdPkW~|5o1%F2vfQ9djC#h{W%KUG
z572^}@dG>DFU(vef&unCL)WT`i0e1`uhPPbItW;<eok35&^?yGk)gIp4=f}kO`HZy
z6Mi=z9x+xX=0s8+X+&hQs+Lo6i#<c8AnUJ7kYZv_)%|6UF9=kW$$lj6h`gMmxNR@j
z?%xXDW8pvAxQTQO5o1=`<L~nhq4fg;6T^}x*uvwiXMGe>w`QOB*|M@KUasLOz?-)*
z`w9F1BQFGY1xIrJ+-MGUf|4Royy+WUWC0)8$-gu-Oi>)ASo8Zwhn_o9lZ8;td2{hl
zbS0osZoe@|CCjIiT3RtUF`H)$&*k{;Q3wk~)lseGGJ^@hUC2#S(6U89O|Ei5?RxL5
zf(Z9q-wO4%u@lXg@A;z=wR$gcdzSuopW=<k2~eI7^=R;JV(}j5eYZK=dXV$cIh-@&
zpPaL$4>L&BVQCSBFj1Jo_*0Y<XZO5`u{{83;1m>XKJ<uSm~y;bO%5K9HM#T#A^$;(
z%$lYT$#z*68gB&S%s`)?(1yauSFtP0fkWVvRdLYsUoJlEFwrE$Q4Z@VdDQ()*>(7?
zs0%(+(p;T{+;<oe6dIL?Z%Ur~Dc#)TKYkYEP*CVUDSI@}ARFVeb`n;qTKPhzjS8=h
zSO_|+Rffv@N^h(@nF_IS+*+NCMHQa!4_Pi1H54q?P8Tb7&R8wCxU_4@oxvg}-{>c`
zCGzkS5?2FgTeyyqQ0~S=A3)I3y1EKW{IKs2mLn31T)=0X``X`}Jw@m51m7C2ONQyk
zuiEhSuYj7E&j4z4@a3xR)s6RHpDa%_&<HmY9p#!SecX4ipxR^7T{O@62@9*Wt>T+!
zckjg^ZG&fCP;3tL5Su;_Z_LV<ud+?>SINr{w&0Vw`-tr}_KamMw$E%vjf;n@-M}4k
zX|p!4!(!qI;f2uD1_NVk5-^rzP|o4dx&2c=won%b3nvq|xF<KK4`8)}FYGNFkw@FG
zQ>}LHFQ(FZNtv=|23&f|JreW@F6m7uKW9dV%*!`tYA#}f=Mk~wH-?~F8vin2Pgesa
z`Xpi<pR({c*!u~qZt1x@agzloL^7F!Ve1{D{%sFv5kY&SlhC+YU*Mwu{b>CBK{9Sf
z^*nY4gNg?(&P?=+r}svhzgU}c=BvoexhubB$ETnFEvwi5WiHj9Nj3x35V*aoCKkwz
zs6&Tg#-042;5Ai0j@LXigRoxKzfix{mut~f0{KNRe7nG;KgUBiwMrjFqIztW+nt)-
zVp}Zo=~uj7bEY~)S}=ss8#l7lh^kG0*1BBFWFwY64)Z21j_j<1Drb6x=F}PNl>zzC
zYrF4C9`#A$#IFCMMv#qI*-ll@5C#bXTvP*nL?J30*@5e4Hd;c0H%gYld<@5(2!4u?
zZiGKRD;Ovkj@1G!xdPP=fbWMwXXV#XZe&21g-Ncd^XFT5)#-F};C@Hev(7d7$&+&y
zDZdW>lBIZ~{D+BbG!39$CHe3h{i${I5i^)u>Nj1Ld6yv&=&nl2!sPHTGH0S%3P11J
zH6u8~Z(Tx1whUP3D+dA%Z)rN&_BNJ3XJw$Xfe==cZV&9sBAq4&q?f)9AzBA!0=1ys
z{wtn3RH%?B{B<#U-v8wBgM@jW;5xh#^XK@nSZb_W1j_=Xn3Zyh<@is2Gu*Z9C$`O^
z@39TAdXt@gZb+N_iTXrKQ_rTFL`V`ikgAYp%k}>W9n${NZxM{I9_0V_nh8IS9yqff
zD8)0M4f^ZA?sB7W>`<Nm#^v{05uDRYZsb4rs7V~#z5Ynr88#J>8jiOhAAT|a!qPy#
zIhrrkpYlqG4Z^L}UNDCYD@_%gKD0#rlx1L)J=?Q%wMakBHrXC~8A!a4AXa@x<kL}V
zk14MkNRcGTwc`v*<@4nV4zwoQNO|EvYT}iSKs^jdpId__AGBgt4|iEew~$$w<!^$o
zfF4P;Yfz+-WpnF3WA7ulwuOWcc3ISaC1zEbgVi|BD@e*Bdho|`yjG~EC=m9~v8Peg
zc1<nlD<+jAx>&mEAhXg7Yp%2E$BPa(qtRukY}uzhl&4vXh@;)^Z~qgWyn!k_OatRC
zQufxI4$aB!pW_YKf{?n2gV4wCgFg?mo}2&6^Z*?hZvm#|{t(r=xa2!}^YH!!gS;({
zM}qs47(ACiJFM4VLzI#PIKNF@{$Z0A-rdg^+zJa~{5wsxck{J4{Q-J8A7)E@pp`cE
z<mW5mQ7c)8u(}}KYsbFj=`>>h!3A&nYyFD`@JZ(`*-_S>3$51KoKU`6j*^tFvD`@k
z=Za5%amA$#bOO2QfxM6Xcl^t1ka_B#TTz4|!YxT-Sr3xAH4$Te8)MH>kmn_bZ9?}R
z|4=yFD#Z`A@Tohd<2X0ozl)`;d`*8(p=`8!l7`R9Q0;n7xRmOBtCs6@4vCSO3IZz<
zqs*3~8WXGOC+1knWbpOKmI;BR9#F^cMYj4E0wd{wMJG3^+z&9GAs)7J5?tcv-sgc%
zS6(W25_~zamMC@67khm-$|hG-VYUgNg_7eoIa1~JY>E?aVmcS{w&={Ngz_MB#AM>~
zZ&=N}1e^z%R|fDMgnv{xue4*KtnDL1o3L~{{N=OTDa9WhTa+oqvX)oHSq5vbm*dEZ
zkFb|%+ul#N5c|vJr6Z_x@%Bpix)w)bYHg;p#WxMfx}J_SjLWh0$G(kY4keIgeEp%*
z|4(cX`*m!XC$9@s8W$8R0;Q;0|3{I_fcb6J`J8<dV-MI_sTN6i%5gM*p`3LO@<7;#
zgZv^2>N6E2BaUSVN_)6(AAVLno>pvZ5va5r31##z0h#u^GSjBag(8j2Kdc5Bc^_IC
z-V-BNd^MWQZZgnSIepA3IL(E&ZM>B8p1dzx8Rm2_=OOIHT<1()@cTKS{J9~!p<?-j
z^RTU1>>Z)+7#<5bcb;ejym7E{d5Z9(R5K{ULs<Uftw*AZ0Ytx!HzeN$t-N()&V>Ja
z?O`!ruQZ+}q5QE{j(Lgwym$3itz;Au-^c=H&cx7@AoWhw@eZAYm5w6H>wU%iwpDy?
zM+a&k9h)%|1@2NX_WCF;93bu`6$;`415gOyw+Pgro1+kcgRP$C719gHg<rf+F@Z~a
zlTR4^0i9EX?03ex?u4mR2lKpQwf-V6_2YBm*Ic}rBLzEYMrE9)Sa9oT%t3s;&90L&
zR14x}zGF{?N=wkgw47VDZe_=$HD5dcwx5ql52bj31zPa)iagE4rL%v0?9NmYc5F<#
z58c2zGVxUriQ2^;ErKkrpMT+e;6jj62*cz*t<UK4c2?!t-qwFi)r<u}HUlK5`eTEW
z{?eZXg_G!@9e<=bkrMKUbtT{fiOb(}DMuBb;F^#(N#Z9A5Y0E(^)y=Z1D$#FDBfRQ
z=U|G8!g`Pd{-%SOr-b*V2g~;{d#>?&LQa31Zc6Xk)9U7hESa9P5I!42{W9rB=?zwQ
z9@Dp0u=|1;^EZmx)=V#}WoF#C_#M0H+o|s{4W+x+rVN{txut_syZJn;^5A{}dB0wY
z%vx>&LR*yUN*{l){W{0fItKcPWBV!pXEtRvyHLlLs3_^rn~9gbRnc4IZfj(O^gi#D
zWBO@G_I>mUXa?NV2(5`w8o8LS%HDju*6!>7I6Ct{Cj9@8C!vTXMRF{u<gVmqODbKc
zRB|qfRqk`HZA2u;5=A*il25sh+_v207|G4%9%hEI!>-@HzyJ2<_TKw=zF)8B`}wF|
z$0rF@hV!XOkH0WYy|cEXLL>IK^XP+6M_X*#y$$e}CZUgW;l{6;<|<a*+KCxPmAF_z
z+(po4oyL>{C^y({eQk(45ElD!Df~`?4=LB@d6P=fT5unLD>#FVpTE?0-}28^qv4zU
zyQuH!saY{z!|=ORaRI$iz@K*rtSSm(sX)duVg?g|{s=W?p7j~Eo=w>P0+w$shf~@a
zPx0oL!z=fPy%1h%v$)@V9J_z}vr|MlwcUQO4H>-U&?d@w({=JCN0!Tw&x+@)cQcI9
zQrIyWZf$rS<Z+Bo?Mzs#-|>n#=dFKvs2wB@6*0dOu8EHLdU|U)t8{=8`|z}L_Zh?Z
zUO<H0dG?X2hrxe+m&dPcUnds~_2%*9yTdA9@X4_Kpp~ez(|etOsM$3c`}h&a$j?4H
z?XOXZbJ$(C5~#c6m^bA|AA4LpK?;2lrOmmu&V4wgwm0)$`y;a4Wb=<&t1V{deg(Bl
zSx*sThtUdp#PDtJA6_ng*L<1+Wd!p{rl<CxCy_rZxh!wq=QEJa#-gBPpRj78*s|)^
zkn%&UN3|zeC(iQR;MH2Tt`T(%Ps;Z5(qvN;b<9NLQM4Q<YG+`ZoShd3{m{%eHde1O
zvXA|o{?97+SFsV-tqcJ(B{e-%Xnc4pRHw-Lg>C9C>_KeT+K=RsYl?__ia5Lur$L%Q
zP22gmzPM+<S=Ef`-PsdfaD5<(%gA|LlBA%uI$vt{Yb)At#wd>ZtEC9!&0)UNb|bcF
z{~6%X2gYjuac<NFL8v#xuy5K^bNJ4lU)nuB-##f+(cc1*@lIa~sNW^!?~Rn2bBT4~
z=xQegMu5e(-myKa6#@Nex-a1hs{Z_RT`Zx*Q6}Pn4dbWGj((6V<S|3($n_)#YZ}wj
zWDKP8BhLAnA0!dZ!{qE3H6_Ru_Las#GBkJ|TVs|hQPX2JA#--7+sB<lXLWi5QM#w{
z8J}M#l}R7)Zc+<nybJ9Vo`dDQz!qCmaEX9FXN;fHS1aKqlx9x16SAbN2Q4$aN1iUh
zjWN2KJ`_O*0p=)g^*hE%0XWCq6x`h}U9_U(fe=*i=-T(-h;OVt6Yf()E7$2iv??va
z@Jyo|Vdg)8cYJ=ttP^7}SAZ(xOWCb`aRsFGH%Y`+?+WB-cbT|b&Rb#rD#gpFj~xL$
zPl1<*?OxZh@jwC&f*l@*UNzr2ePb(k#8AWQ?M#TWp}zd~&%DK-x8VAvs!Z{)hZAI-
zCbr!C3W%RZ2P0xyd<OhkrBLr{j^N)*)}$Mob2<~m$zZKRrm-OMITatd6cxa6mDCCN
zT<1!!@`NlEr7YJwU?Q5DeGyz2yERlB?aHg++WO?NfN4#3&5kwa7+sl_f}bb~;xmO`
zX&nQh*1Bet`35>jOD_uG;}r4nn`&szMQ`}^s_&EOmzJCyFJe{M*yZIzDE+g5;5*xc
z$M*`pZ;!R$oRFL-Lelj2kZJtx`Qf{M-f>q;O#*#{H|#g?P>oGZ|C|Rolk?v%4Z@Mq
z&cBSJ$}mE>z=v7<tab6QMXS{}Bg$^xIjS{^=ZtEPr0hCr{BtA<$;hl;KT{OIz|^nb
zEgyrE(N(0G>fB$gd@vZ}8^6blJ`1LdM`H6t(#R_jV+t!N6Dwol&8}iwhI?tO<hF0p
z^Ta;%%<j5ZiwS+H#S$y}>ssmPDlDKP$3?Se>T=K$^v0c@TTj6HXk^`4KaRE{loO9J
z&%u6b;)sHakQP~7D@B^<LbwhnB=h};r6p-|l;N3(7xWbRM9BPpDvOc<UY42@Aw}D&
zJRxBf7V*^VV|}43u8+P>HUbik7TDq|%P&=r60wfzqf*w0Klu8bv3CJ9>V_d>=rMn%
z=-j}3dzEA&@5j1K^ARs~n4fI6EU|-%tlrO<!Ev0aXs3log*&FKaeLato+O8D${@@1
zAgw#m&zpGZ+m7&ii6p`TthA0<@yx4SrTG}p&gnK_MM=3D5|qLd^V*~wFOUhgIyv}>
zBMKu0ELZC~l9!utmq4>$MqQaa{@a^rKI#y*@w3_{$M?H!PPw!3JciVIXXw+Imk4I^
zRIj_=?Ri?a7rdur>Cx?45t$A@+{d+A3vPf1hi3I>kv0y*msPMpL|NeC?#7c6iS8*Q
zayod2tB?V;v?Vr51in}BSa>uBYZfH2Zy5a9`vhLgrHFd-??;q6T^4`3d{WRe*(3tm
z&3G$#&Se@sHF+`RHmPwP^Qb?0GcTEiSgA~Aq=^0<=52_<(iC^8l|{G=mBnzf?d_vl
z%Eo48XOQ-?h>hrtM$5X>N8!w39X`63F18kQLors3@;qoY!8iah7ldRUSP(3I2OcG8
zyU6TZ{-}Z4g&GLVz)I#Vs%&i<FX3%wWO)|)^Od%LbR6J5pN_1T*dhyakN93U>#<g+
zxhX6NuJNT`4fP;)V>WK!&w0HLzh!c=$z92uYQ%PP;~i9M)7se^ffm-_^T{_`D4k@b
z#>LNz8?Ic%Vr=cGPUcoo_<6KlCka2Fqqyy%i)#on1DQ_H^*)#vQOjmh*+)5sWRr@L
zq0CzYQorjSnYJk5rdf=suoj#QJbU-yh9&-o5@%z)OrW`fxRYN+{hlzW{Jpy@`*ltM
zVC$*2Ojq)H8~b{JOf1fpZbm=`F8mnlTllO!kQIq0(A<F5J<b!RI~DNw=$dW`2Xxe%
zL_nT)%*Y$=j4kcV*ZL{o`a!<Qha_JTIWdKB*EceXU{nB^b1KT&Ontf(j}Bkh>%Yd)
z^jTQ0=rRK=I~^rq1I5Dn?q&;~+m&fv+Q)t>wdEp3S_haeH#qnh`tS4qWk;RjRH_V`
z+uj*Ae=Fhvh*5-WT`%ADQ0NY|(S)ar*fqOF45BLIq=6$W$!3OmNcce#d(~n<9P7J#
zo=*${ZNQy*X5EisP9JQ$?<KO;yfDp80$&2HR4kUC-4VIrqm6YXo<oa|B7`2p{KAPX
zi-gKM*kVB2`<C|Tl%L3QDh3)o=iofyP()O{e870sZ>eeQ2)k@7bUH_A#WsT6IG1W|
z`mQXxd7ku4aT!_0WNkI7#=eFMt2#gF69|rXnSJ->Pm%UB0#UpT1p9!uo3Z~g*A5q-
z4x6-V+d_4{)|J=`>WsT@?ZzAtRURyBb`I)QevfO~{<oBiJ&|Wn?c!03bgxNaG@_pq
zr=m&k5})VPZ#4FmShNxk{FUidw~A8?iKwf}0Vr48>3S1Kjxbz$!AvM{u2b)Q!FIpX
z^KsQ@@WuQO^9|GDjYN8hri8=vG1D)*O)2~}!vq8pHcF8i`ke!uv*1xm^UR3}eQVb-
z%&wxj^Tpd?)#&{Syo&jN+O2mYnmObH&BL;xuSkuRAsXBD<|kc3R});1+j{$$n9_V2
zk+trQ-^aPvT}SKvSz+=7mKgnV%GBY7iLxkf(<en+457W4j3!IqcZ^g^(DD0^V=<v7
z{tq09W6N~F1?v|k`Unjj0Yl2hve)Pp6hDQh8g`@9oQ^@JzdCL39#)~L{l)EcaDE{R
z)3<nw@e8xT-FU62V6p9cbnnoHTZpr2X$4(b?QSQA96(T)J!ty0XlH2eCI5tH7JvSu
zjyfp{9Qf(&BEB=3SBxyD&8(qeFy5IO<kf4?+Oo0ed%nxxBnK!6kWk~|2>RR9vGpE9
zeH844DEo)HVTDmOu}><H&>_dQ*<vwNsWQ5S+fEKM2$`f@5%CYachA2{4Z6mzhLf8X
zIv#F%>8_S7nI%}}OT@4~23t*vhh1@+TdO$V*Zgu^efwpw^J7E<`+jP=7J|x*H!*=%
zd13!v1t=<GeL^k~t!EcwHkjL<opCk3EHN*3&t?s+IWs#G_g*36LKhtCxpUa}j%bHA
zT8AsS6N%HsU0_VCKzIB~x9yqnu-8a;$cLNe`I|QP2hGnl`hRdgM=k!~Xooi@+@+Zg
znwGJ{&an(0a(fpS`|i^G>NR2~;$V8#rhAI!+B#xP$SNLk9_&Ecs{h8GbLkc9kL6+O
zh&2#gtWRi1Ep?nn98`9GX>qr-vVShTE1q8yf8x(?<30#-L(M{0<Oj;C>UYQ0Wr4qq
z!_I;EcxBFDhbtnWXX@IY*LIMJ#{m^>1$)L3&LXCXd-82_s5}v?v=|3q)obb|#I^$(
zj>=y%VK3{!Or7#5Qwx7BaIT2GgfHMp3DdXSmr;W@eMFeZD$J&B<rUSAr_lj1Jh-l$
z8_o^h3f+U0`#4id^|;qbha*VKOR=2SGwMsrUEXG>9@U0jA61#}jG=|&V2MMnrm78w
z3;B6*m;Z9@O&?6~?HZ3;4PlzrEcNXwLO<@9<38X6HP@#>O(oI?Yl-Uf%OgmqNKC{s
zW?}PmaD+4(;WkaTMvkZ65A*A5?s9sn6ap&A1fUy^I2zfI4nK`v(0Imab8J>@zDd&w
zjB-F4xbov+_{lmU%j?g4@56h%{2Ry0515+%r*PSEQZelJi;1&sJjpu-7IGSm4^g2<
zIX9+vZYuV##jtqi8rO!+I8pt{9GV=1TFEaNO6)4`{64ph`b5;ON!uEG&g2>EL;i&E
zfn~uGCw`?-2MhU*4vUUYvfy2(U`o*GKwPn&1mT^wNV@kRn=jfmEC%!we5CAnzAG*D
zXVAg;u=k;S4|6KN5UllXH?*4{rDw85JWr+Dn}MFArm%je`Bq-kT`Porl=C;ar3gy>
z@yT?AGgs^W{uyZEAz#029)<Bnx5-tgnMdjFdA`-Zr*@64#o}Y8e!1#rs1&~s=h5Rn
zw!?&;6V}=Pb*cG!sx1w#o4goN+t%!v#<cT~{P`d)+3GJGQ5o-Q6Jo?lp6oPNugum1
zffIXKy?cmH14sYSMtp()cWeLyNke>gIw@%C`+@zMng46BO{|X8S1&9dGC&S^;3<v>
z$Xz#=k^h^f%UE&~%-&KT^~Kv4H&k&qJX)wC)3D?EWo}69kjXis_SoyjpQLc89B{OP
zQV=7EnrJ?=GN;on(hKo&h=Vh(QO85?;lYDt=iy~b*=p=4HeF`pS6!vx0;hRxJpCeQ
zwwXOEu|o06ahfFjE!M$>!F?FE^QdOqC$rXYpPSw#!vm<F+#YsM^}@_S29y_%j3_j4
zJ5JSj9?@-*4j|@<z>X07?ZN+ve`OUva$ZuUYJdtrYk3_7sK*5VKtX22`tyimb>laf
zHV|#(-olOThsI}lk72dJ%Ghu)-*JUt^rvNZ+XM}2JG)2Bo?{qZ*>;6H>6xRxQwp+e
zo{t|Ud|z$Ct!X-Ved4IrKRW8heKzgBj#TA;v0>mv6tr+N_!P;rUI?L>>ik4;dEZX%
zyUK^3%6b{;Z1-<t;pQmbo<910i^}C!1#Pu4NOhdA|4+V*Dn#n=AeG@N<7K`p+-65O
zSbV1T{o>%B(9*OT=<<Z7v1f4Z_G89o^kNGhhN*f)0+WI$vuwR}CAd}bfT7C)1LBv_
zms|H24zkbr70rlc$VIXFjr7j4_$zpOb*=9GSIT}lF`%wibHJ)No0?Rt)9PNo+f+(z
zpr$-%aWYEbzc~!V5h=2J)w;vFYDx!o%BQLDCFi@<`m718wiiw81773Q^f-LUX1IYl
zrAwSY8;jFAX)MY*CI9o<6tKb0@7=CzXrmN%eSubRt5ysVmhEtyAf$*_hEE)ZU)ouL
zYdOQ~#kkiRiS=%<Dpcyy4^0fIQO>kP1vw+p0xx&qCoZatX^X74fD#`^Ktt--ii;+-
zi=!JZyHnA~L+^pLMs2Y0b|k^U8&p2&yw<4Ih@E<-O{;pp&Qn+cmp;byV(Yij#&6S!
z{Mf7|DXa4E?}Bu@X{Dy;^yFGIfTkKK!_kd^f@m#mhi)R+PNL-WCAmT!P^Y^0jKmE1
zHeyYZ#%@8ZJ;975XMns-B7tBHmOJMJ&YWKIuV*e`B03^{j8YT1VO*JF4)%Y~vSdxe
z$O{Um%l!Y8`0T{xG}u2~Cw#K_xo-wqwi!9101rCoc=_J$q5eLkLMvM97#R7?tU#iT
zCuIbUXfbgG<c|T)7{;1QD1K_ro^|u_(XsA6J0W14{*rJrM0ZDfb>SL9pDelk4nB>z
z_6xPrc={Y)d2?-xlo{!SOanqA>)>|H?NH4Gl!--!59*u|H4$_hGt|W|s7D-YOowp0
zw-3iFGiMGi-CEDNAHFiQ<4_eg!%v*jdk2UmrYa5_nL-~TU-&I;x^B*?Y_$wHz!ciF
zFF(SJtzCea0Zg<wlVZw~@)m^JZe@xK;ZDvKuFtJ!UO?7WKu94IPL2SE?Odw$3I3Wo
z-s4M77^!^@>VX}XNah#=u*MP%6m{k=uq<y_b=}u`PQTIT7cGreaQB?P71-}Km-Og*
zx+3K=t>(=pYN;YlD<2=yuuTr$c+9Sz?|&QX4f;lTIiF4S#?a?pGLBf#2y2gC<tUYH
zj1&eA%Cadv%MxgPbjtuGRY4*aF}9+~e<DZl&*>nz`BB@FaIHAEN>_LO1L^A&t5+85
z_?96HzI9ZYy_)%aH#Hsiz?v}#*H(R*<~xvC_tn7>q9=;gxk~Wh*k)eaYJ77BEUjXN
zYSn@lv3(B;KdTtx_vqQO*v!z*(A{0jPzhGR9jXH|9-AwolG^F?EP_bwp1U+bKJ9sz
zD>hE8z4{^;=&~!ceSPbV`e7eJ{cj`ncRs6R=i>{}t2SPt9f>kS%6sWwvVnmqbvYQ9
zU>|+v+4ZRtTV3mS8}1ZS8+=0mM=vVN0&gp%^@Ax#Ln>>+QU8m}Pz{pU)!ZQ^0%nxq
z6`15VTFSVcJGB9|Khsli^OY*2*5MqtJ;3EazgG3mIQ%1%Uov5DUMzllV}hATa?egf
ziZ#wn5?2!enQB>2;YC(AdO>{=#ROgB&39V@)S0HiEcMS^=nSJ#eLSEHF?782gNhG%
zzUZW_9TvTwH<RiV@+cyK?Z~Rj`Tf$Add+ILolC}rpgsDkhRB&tQej8vlNt#50C5vX
zE9stXpRLj=?b;dcKB3YD0!kI=5tdCAW<1BzhV~v<y;d}A=?6Mvqo)6M^=$~5yit@~
z*ccO8KD6f${1;DQ?41ko{Cqn3mcfS+{R*G;1SaW@{+3w!PU9y47G|?8Z7}e$_FwI$
z2lTAZCz)5FVw`vXjCiE{UPcCfTx7)~3Gu|Be@zqIm}H`n#<hnO3)fZv3TDFMOA`TV
zT5R{-+9I!rP`~jVZ*_hMNdZ<GhQ%ahrKOpSgFZF1F=x#ASC7S6<4Pi)BiA_X0^vi!
zy##h%Am`q{HmIqDwG`2(VR#3^*|Mnzj3%LooQ@Fdv`+LQ%zC=R>Th}{-s~m}(44H!
z*V&KkF$Lf!H|UDjCbD0C?8?Xe+$tP1^$qu6lDdjj-Z7&k4iVSS?kfrdVlO}<GJi9A
z>2o|$8RRk|(#i5$fM`{m8}KO_`vH>yKe2Bn^$O`Cy#CM(v~d1)#h?x7dA7}&xZymJ
ztEjvO)rO>X+L6#wHD(1u!yNbrV*4{+;-!1~SH(5w=Yg7Yz*H)t>XJY2A^UO`lB~pl
zzM)+NGrT61M*|-EzaUzME6%0M)Ek@$J<PsUNPR&{rRnahl(vpE=i(waSg7?_!y1u`
z>$c*2?8-FB#63Gd?N)gM;TEa`$aCSh1?y2MwMFk_G<;I$;yXnUDhPXdna!ARQD;AX
zfb}}%s?yz}^i1Y~Y3DJrN7zRE`Xex2p{nlEu+8>WXUagAi4e~7lXJu&?;o_o#)Dnt
zDpQ(ls0v=7+NkvI@lg61j7COwA;d+Icg%bG;eui4B&o737*M;|AJ}@xnF8Ahw<3Hz
zJvRVLLL>uKZ*ZeRCCpGEWp)12I~v;EA~i=<#LEz@tHFKdXsKR{Af#E23Wn_?S;T_3
z>|qs_H|I|7WH6ho<4lmdN1N!4oetol7VY@LqrHlc-<YLCUe`iJW$p3q?dqM{{;Y~J
zWCt758g~xt=d4WZ?LhW+(V`S-W?T8p{)EA{VLtDSThJ=Eegm|cKS!?dd7?tUWywv)
zwm`6-z$f=}0G;7@F|!Hg&>MXQWY5x$OCFIkro7LtZnA8t-2@kI-ZE(<>`9x9I<R!5
z+xC#_aFL8N7D1b$0>UZD=k2};3LJgfGi*9>ZhB^8`epUpr|gkK*H%c`t216RXM*VK
z_&?o7udmlwzdd#L=&k2@K#e1MPdVV0NM_OjJz=?Z<#Ay-c5i3vnLEfwSX-U!b31`K
zcE}Un9zTol;k#=EVY_Q2Y%4tMFio|nklqZ*BLtr7M$<2Z?~c_aqYd+T9J@2^BfMzZ
zE9phKqN&Ygo*6<a5~RVU*?EHZj*MGq;QdjJ843~$O~;7M6sM<9E$}$odop!nKhsxs
zw7`YP!ZnGJO%tszVV??4S!W+;s4!{3wuDj`O5HAxAzLD_xjn>imVU^_%y|)vFezNH
z20Q1S7=HQ6>k8I73N65cp$Zfk=U$F2xKngUjkPYke+v5mMfssRWNZ4ab&L1&T?Fzv
z%O(t=xHAKuYnm8-%61?KQNLHfS(i`n!m86V<PpO!FCf+)|0WfU^TrBW7%Z;DqLMMR
ziKRG**uK8Z9uc#SqnVPf%t4;9xZ$l$wO@h#0}4Os*P1XAVTG(@!IxvyD71Txjt}G1
zKU2^bT{MNgmUF>}WqN_~QiHPMd?n5Xa)8N{809%%;0|T>EudjO--!HrSVhQC3gLH<
ziNfLuhca!R@Ibf#W-O9C4<8sM3(R@>TD1(UmSO-q*j@Z`__WA|nD4;9K1!YmaLU@(
z7fkATDvgtGqtQfKQum}TcRL3{a)~|2NKWrM&DxcPH~zix%zr@<nniw6INt-^hk>#G
zYLxkp^Um<YiL~X<kRL*(qk{g)nvM<ZGcuV6EyL~;0)$JAG4ztJSzr$00vA*)*p$ox
z`hz2(%&vWaMs&yk=V_MPw9I-o=8-3M;pk=>_-!D=SRT3jYZ=x6j6kj+*N$J<pE{*|
zhWyW}Zr60#WV1u$w~;f}8$sE21zbUdA76*Kr*qLF`>>qN8v$J2DxjVF$><CndFpqS
z3cx?JL-rNG!~uncQ&mp^>=6GF6c6qgZrvM)Xz+-=;|P*UR9Oa`p$$0DB#QK0<`tS8
zoW12G$f3kbfjMT8KBCkUvIOVdQzv+f0g>hzP8_9mY{c<y@lF-kQ=aJwsC#g4Xm~D1
zZyHjJzvBk@9l$BcwQHd0RB~}|LO&BYqo!AC;az6lJdq+aZW0;43oPf66c76jJlWhk
z$48^fjE}4<cG&^UxNOy8?WwW)xKkX0Xox}w4IFZCAYnIs+;j!^jAh9amMkn&;(_P#
z-cpGDL0Jy~Z?>R#_kjfG-!xNHWT+jcB_(b@mNWezj*J4nV?C3gbpTHjKpQRw1Gtv`
zE)+Wm=Ryq6d(Z=SEsRTS+c&U;%fJ~cGJMnIK7}o#LJT&_v|l?u+Y4mQT_H+Um7|<d
z{L9$Ev?7M$=|(=ZM{0S71-<}ENR<akE#V!M257<$J#{^O2#2<5DsL&q69zcJ=1usq
z6<`a^=95tm41LIdU046=n<v5E#z^TuskVX&8Pg#HcIDR4fhhQ&fu%CA*y`rt@v%Mx
z<9H34QBaSU;ALKkYews0dxLpZd7SThJIFJLQ`t%W3x$ISg&L&5l#lU@Cu$~CZzErL
z6Od2~UP|d!k)53?@{?z#T%i0w>D>*1%dseJum>60so}@|L=g;r@;GPsc7rKv&cRt1
z;s-inXQBZTkh%owutUXeK{Y4_kYc*Z1KI;>b8N3-64luddXguEGIXd_p>utxp`>2L
z=rHohL9x37>?PNG7`WU@+d3Np7G_p8xql^&DJF!>8T$b`cN?B-PhO|+w;XCaxp^N>
z@s0wjcK!O^LQ*f`>Qxh(-+Ab0fAB&|SDs?+q8<4uui2vCf187f-a>Je2hk&5jr4_~
z(l)Abuoe@B>e@m|L=3FqdHOUg8P-zzloGp$Yk}{)R<~qmWk=I+4t-ni#<HXL6sUFM
z4Fq3_?U8=g4wk1~17;j52PXIku--8xMbMGK>t2yE!ze6@+{<zS&LqdMXi`@IS`bfA
zTv)4A3c-2b-s|RGW~s_))2Zd~N@N1Zr{N^~g*1xOuaei?EV8H5xHOoW%iE<yCrZ$`
zL;d5t@36=$Xc!Tj6BEqPoE3oYpVBsvA;0JC=kY7MoPqj-Jo8h}Iu~zkn4CaDR%5vO
z!&Td%b&ySkHdtO3FG(ezv#Gm+8!#=4xHP~Lcw+Iri^uLMN1}3klJBs^lLO+;O7MzQ
z&?RHM>2THV9)}83)-nD@Ai9E^_a8GAT5ett@_oj-6--fNp&1#5IC8qR0EmfWwVIv_
z2CRIxzTVidkGtF^SvFGGig4uSgn|(wIFDkYfwA?QP!#tK6Ho9!zw-}~KC{>*InZdw
z>Qx%p^m=%LOlXB~nHUhDL^zPA`EAN)zq1B@w}5apluNhR#o9$ISpBu4PFUG(Plys1
z8gQ=>Q2&MR)cXSwLhDDQZ4Jr$r(ux&xBRu+>HhqMA;(yAyzGmOCl_+N9OE`&NV&Oo
zMvq~)ZLKQ{6L3Z<8)vD+L$*Xf7PgOVj)Z<PdavEVRY3^($1WL0oDm9}o5x*=h}`1U
zJ}4*fr|ActaU5&QliG+UZauYVrrZeN)ZPh=p@uHAX|>zkXrvfx%iWQnK75nNibVDg
z<n#7VSvy5jPv^o4?n9<U9xtA#!RkbBMa2ogpRm`0Jqh%O<!C#^n07g5<>fMK0MPxl
z34U=?u-Db_i%^Jn^Wn<|#v;i6!c%4b1XLf<(x<x>G^qn%t(;Pulq-i5kWrYYp(oJ;
ztqqqo{W5*ZxjvEIYpBgQijqk<_u%@w;m;hJ-hbfKJ=+t!vj$dbae<AZ>$idj9QyO7
z5#l=$D%?$&;kb6MG{#6D6)MKVIr;=B0U|Q&_2>|sGEaVgGg6Sx+*q+F-XF(rsRLbD
zc=J=>F<&^)_KK1GzA%jJ6xx1YePF^8e&wnF`ARXWW!|t%a~9JmdHJM68MtE$dI6G<
zjfBgxD51JHPXr^j+E4#sdbmV<hnA^5<2jUG7-EWDe?oY4$0-@v&SjOhn^;#<f!oHB
zV?hMHG1IzD*gc4=SR2U|8_nH6D&rPBGe@{?U>yk$Qu)hM^R%8h#7dd5ZsNd(@GRX;
zKoMzI&=Y%{ig^N`4F`$u4*5jOb3Gi>Ex_Vid$R55&%hnWb>wh;Ii-OvmLt4l_$m*_
zLJJ2n<{_WQ=)DHq9`I|%i6ZMt;_7*5PRwpm1xLnO1e?DZ5&#-$Mz^rF2Px}LiK99L
zqZFbV@=)+YTLegO5nly<IvS0xJ1|h<4iXD=4f5l0Wml|S6oq<iI06IVBFjNKhQ7->
zL--e0n!Lrjm~5T<7*na0zHLzi^KRmuS&m&Nu8?9LPQkfAD_9!4@bl^3mso|`ZQL<%
zCwpMPmX<foupYEI-Ac{ktN`bXZ{I~Y*8=CASmhEYjB%V5MD_3nfIR_+aQ7u+50ZBG
z%kvgQeAzOu<=qkO9QPlNMy|_5$m^}oS)rX8D`gG{cTnvfp~_$Y)wgTK`~0g=070|b
z%BDv}@Sn~L&<+>jLMP?7nW4XV8qQxb%^5t=mCm&Qd?E)0I@k$ix+0Uw;Tn`cBvgVq
zXBE(#a{CZ@QF<_{qX=t%m08o}2sI9PPu4zxUTX1HxP}#`L|0LB%UoEP!pQ6Zb>Unb
zIEJ+%If!m1hTz}SQ8o^R5%cPzK8oG<;eI#7Z+{gtLpef2p=$x-n3pfHFxe$)<`oc9
zajT&&kw(k3T0vI9;a?B4wv2i-fS}ero?x*I)dBmK3_BJDDn^Vs@dZuBSPPySHh3M1
zGnrQeQ1+-Zu-95fa(EGTF_XPR*WM2@DS9;^=QF_H3#WeH*U;KZ4c*BHK2J8so1ze3
z&r((d#9lx_e<OgrpF-m>3#2gXt3$09f0oOhJ`v=|5YgB_qs9Iaij{Y~21>gEyjUN&
zd-@NLc-17U<37(-lKoZ(A-L>D|2N>&3U~P-GV<hV_&T<q0(XoikJ3rlSn>~x&p35p
z=!u=yU9gZ*l~LQ#8iGqbfE6BhQG$owr;-41f}LQN2(cY+h|G44^V;?Mf@m}iL5u}Z
zl-yT_b`lQLLi^;v!ev+Ew?-fpY@{ca96>cr4nV(QZ>r9Ue1~cyq`OU-GVYB|;nI5^
zgnb|v*2*8~TodX*eV~2~?|3rS6OMi+w3*$qWtX+~?s&C6MqEUr&l?*cv=l0`bFQd1
zxbijEUVM=)kS3R2GT(Ik2_)Ex{{4|WQ7l))PLWYt&huheiBDkxO()1W))xwCse-c@
zq_Ttk3{-MX3}k4RcRfL@Pie*OP6p(MHgiw1(CjoO-f!;U4z}YfT|YUu>DNjNpo$i)
za+geSBfm6|e9EQ*E#6B2UQ^*U5K!o$96CpvYS;^Qdd+u(0(eDUgOI|F7-|{m31=Ld
z-%K~m73|I2YpqH_O1sF{P!Ne6sNN|||Jv0ukjUaxXkq5k)UWifjz%Jj!l|x=4qE1B
zws$9bJHQ2RtQcGn4=M}S8h=T@6`dV?Yzj+rTx?5l!Io1;RX~6-b#ZDX>%%W%UIZh@
z4uoZgo<OsYguE`6prO!l{@ahK7-JGMM6nsjNSg84%O(nD)sppz;n;0v9R_uAtbjK`
zz0Z4w2ojqDVD@djx@w%D(zGq~0=)Rt*}bqiZkHhD_hI<rY<TRxh)P^5I${4FOyxJ$
znBV&y9!KnCmt&n@v-S$d5o^x5`oIJ!iv0D^-LvJjJn1f;XboXY;k}QBl|N8&!Lu+r
zhUt)H+fK7#_0b>s$lS+sk9Pw<#cg)$F1BH#434JS5+H3`Kp`^fno(2TJKD&{TuR2w
zcB)!VZ-nILvmkrL`{pcS(kbK<c+DM;^IaFHYhHC)=%PI5&am!cEs|};%pSK_-y?Et
zw>D$9yUY)tO7DVs`LgevT}%znppNiZy7%Ikqdt-F)-~hilPpSOcLac*d2}-F`0oVf
z5DsEtyeJu>)i*yfj<I+XEGc<J?;dKQ@#ebxCPxlxynGQ9D8=MKuRtG*aO1}j`$@D5
z*eBx$_STsJ0W-5wnJaNx(OD77t;|@<#5VBke_T4Of@31fp%2eCW%P_B_OU&30aF$}
zA0-E5euLbYCm<c%a1F%7%XB5IX%Aa#b16L!&xD?c%a+P+=jzYk*b>`i;|4yjcikvl
z4Fz+SDAgJh&6(=TFo_Bdw%QB+-#K!X5*5Lf=^7+J_7AuO_2fLZ2-#lV1DAEsQVBv~
zm35=8awp;p#e;WB4&qXT=UM3&v=b=J@>5d*r=a7;$IvZ)RwKVR;JPOVKcCweMt#PK
z#hlyAqYJY>O{4-_xG+bLQUJAZJZDd_x+<)f7qd{!lVf}?>CLwv#L&69A`{`G{n88;
zD)sj^)Ni@A#+S$KTgM^3zVV+uIgaw_3dK(EH;j0o*E@%<xmRkxkqK^23JeigPlszD
z@HZOZCq_wO>pZ)4<WYhOTxWo_*n1yC7J&cR-k}YJ+0aA!`tayXzG;0Oi`({Ic$A)>
z9ZPv|(U@$l9mnX)FV!VxbH!-{s#7j_IP;gW;$hZ?0$<`zgk_grFx*FVPGAhEpQkUM
zLPt&L;JUbD$XUMBOb~3c7BDv1JscS)+fHcpE5%O9`|yNEb!ta731!cCkZ7kZWqIPs
z<IIT%793m!&$1AxV`WVBQ7dNs0A!AFCbT=k>98pHz_u^KMv%40km(D4__)pFlgelE
zJM~{x7kMp?WeZ6sb98cq`HfCLq@Tj{800tIyn<uTmsGChQ=gmQxRE3Jc-A-Dj1{KP
zI&$sQl>t8EN&3%Oll14??0ScNP!?&Keh^gtCJ-Y|Q!XL|jp|LJfr8CURyXd4*EgzX
z+W}%xIp^QlQ#d$zKL=bh5t_v0VnVVuNL_u^ke8*k!DD{k+R9pz_f$NQT!~3TbZdjx
z%{Txhi=0tNf8<$<&*Zk`u%wy}`i9f`Pw*%LwokL>P6p(R443_;?unSkyjv2}ghY|T
zFSe7xxa}(lz-qmOB;axStQ}S);#X)aGrRI6&4=KPDU2{C@ecC!dT0?68JmN~Htmy^
z=*1xi#r&LTtrA9W$W;Coq4_&*CakKM<I1|b!=#CQ=80wf-u{hiI7%J~&l=>p6a7@m
zu0@~)Hk*L58{~0>`i->=I6{VmJiACO59mv0gF1gDe<rE%j!fBzu30Ra&#9%Q@(yS9
z&0k0=S^+f^`YiRYB7_pa5nQzldOP?tg$dd|@Tb;jws+gXUS$x&;s4#^@Ho^{9u4}G
zkR83rGp<30WIq4uuy(y0U3MV8f5WUA5);<+s+8wDn&2|y6ZW=#V<JVyb(#UnMOt?W
zF%H*gFPK_>D&vmGR8j8*D0G-=n;BtcR(jTSOPUTafu!vU_Bas}!;D{Mt&U+1Eb;b_
zA76(zK+3s<xF(MJR&+@^Un0}p$1M^GrJ<^S;tH>RTS|F5hQ%J^<c>u)J=><;LPiF=
zi<(F-YlG>4_h`z2`WF1io({kGAv_M@b#8Z+3bW>pO#(dmzQ`onZ!wqVCm<TJG&ac4
z5BWqUxHN39*O#q-72lgQuGM^aXI2*%dv~9^b~DrMe4Hjlwppy}B~pyxD>c_d==B5R
zB|@5oS+>r}Tz;{P_^`sMlM6fe`@V%_lt|OOCx^48ZI1_niO1`bKe0RSI7hK|&OY@?
z_f-JDC9@PCU2Nf%+n(k%$;`U=b?>PAL9)dCbEEvXYiz&5w?$7VMKACKYY4HFyB8Zz
z)792d+gUS$4fBt>0RRzjc857;Q|$@CEip4_!KCaeV+it;UZoYLo0W=x*0W$As=JY%
zDS&WSiP#vqNz{&h?#`MoEW2SWO1=8o2}T&pHDy!w@!n{FH+AbEiu?2rOdzn$I1Y(l
zbs_m&z-H1s<dKG6qtQf;5`UOmlN~I~LT7;Uq0*SKz74aiEsHv5LM-1*<Ac0dL)a55
zm&!2VS$Gmy_h+ZTEwnE5H6xRmh>d%O@e5gEJI`rE^>W^=V#2@*Gb!~1>W@GSwrl>X
zidhbu0qG-t&>5QrsqK%uz*=nexWJ95El^z0?Y0G9ASPjtb={f~VkIvTxF@E{c*tdg
zo=y)xG-5geWgMirp<RsZn2lKe)g4C{LZ)_r3324`Qb7j)w~*{-aW--Np|>ISCW2(?
zaoBp(u5+1rb2Rl5B7{M@N167-6f$$hluVv<#kax3mPt|E@CuM&ugo7zPKT=!;X}up
zN&Zz_-3*m=?J9eSbg`6mIbfRN<BZy-3BQ%ej^~tx32uKZ@aEA8k(=P~-fMhiAjy;`
zgu9Uo^dHpIe}5(+pM45%l^ZJSGEf}u6|K?c{bHJMzUV)5Zf`V0V-8ILeHFIbf<gdd
zDv0h(-z;2<0l0;04VT*HjhXQ-h5PeMtkY67$pr8;?LtVpSJ_!akWMmzdvdmSXP1bN
zq5Ta|!fajQk9yZZV(2OQ6ZY*ET0ZOd#-2b8uMOxry$sm`88<>>$l=&$H04V^od&-J
z%k+k9!gY4A;*|Icyp<83&Rw`b4&^BeMo9E4p}z*U^INDpnkRr<gTbUNG7SIP-$3v~
zO)N)-AiA~LkJTaGa^^gC>}pin-?#pi*d$Id&JyETKVuo=W4D<-%hWFxSOu!XfF6s2
z3peiM`G`ayqsZE!#v5fmnK)xSy>Zi-+^2a#xd^q@QLBu!-)_J)Db6v4ix+gyck7kL
z?Tx6MTxOHUoB_ezkLYh$8pQ)W`uq{>v3?4-%jwG=TL={yJ><d>qg-L&gt*T`KW-bB
z^IW4^H3$?0J*L65_A3O37u*{#9z@n=scgViws|HiW=(pRsd}D1;6sc1!n@{xg!nM#
zujPRE(UhwpqRU3ttwZ!XH3?5k2|;s>_qpuj#WKcpPpsV1RKUJ`Io~YnXW^ohHa@gt
zYL!0Qz*g$^>co{HQB^bBnx0rM@@**&rPa?W`(^2!O_IYbypM$5zZ0QML(;@=THl!|
zm-GG&-;?Fv(lt=?!fArirjOv-8(n3Qj_`|rc%*XpvIPSqM#HW)p9j)j$3BbLM&c7l
zr_Fl-ey^d;08UqWYeQAjo=g)TF{Eljapz8U5#j>N8QQRUgR$NVR+3$Ybk0HE$7R;R
zxC%H<bJ?V)2#?wxen2Dw_|;I2-RIn+r2R8{pjj$l_5c)qWQqAX;GB^OF}mAlZ2wH@
zRSbMrWJtm@bAb%`?dRPJ3;CRdCBzMCRZhoEvXmSNU9EedoStUD9EhVhm{h`20mX#o
zQFO;lxzKgwyz=0-(jsvQpo|6{sD~*Wo$m$SXxx&2kJEt6r|7?KhHtAsMO|d6p~yN&
zk5ZZHVCBv>G~ff($P*l@+#asYIJyX{V8I|*N%C)D{&5qGKqzmNQ8GzMSv1MTRM@^5
zd^EWiXod+h$RdJ{j4g41W=P(fCvgXuyiH4k0p+I(pRrVFzBmY?Vpv_77eH*O!NPT?
zNdQ+nO$ECTFt0q$I|S_T8{B@rdjLVq@3y79Ht6|vqK?UQdkWA13tb}e4z42C^G^|d
zI`{5q_{{YUpF)Iee~_6c402UG*|;{NN_aET^&qaXf3IQtVq)#IT&D~18;*7253w+E
z`l<hJ$vB95JwTzHf;dcL4e>4$Ya`~Zk0>5mR5R8#=D4r$+F+k?6JWT`M%mFP_pmpN
z2+8C^1d#m(I@|Ia-F#^2TZi-BM*kp)8ZaC17&(gob}{fGeL+9bZ^$}jP2K;vov1eM
zD+l~V_Fh*CL1TAtfPJ7<HHvK##ROZk5A5JfpQE|@Qx@AQPw`T~$WY$L?C@v2sdB9&
zRgH*vvi@ANrZg_AS%_R<5zV2#OstJqkgguy<h<FR%;Pv*kO<J;gnm}U5>+mOBGBN=
zNxWR^c_Yw_qb;u<eJu<#9N`?Xik@#?Htq{*B5(@-E5x|<(CauFv%K0bgm?@ct(2uL
zf`Mxc8zW=cOzkVcb6~<-vI<Z8iDTaYTe^nu^YwSG5)FqGoi#z^Ody-qZ2l8LKP$DM
z4_N21O$1oBE@5lK|Dj5S4S%np`u{n|T{VC3$j`hX*FM|uva$NjuA&DHQkVTowESv5
zRhOJ~_2`+j_pkZXR8sKNLv?cQ)<ov|1^=ez9tnM@NLH2kz=Roby_`yuWv(asu0FWo
zXhV{Rj6IC9-uis3YpEL&v*K@)n)dxBLP~;fqA5q39r<)1`3~f3_m}F)pD*5>(YxJC
z9a++34F+fYmH+IOw)#M<B<cE-&GnWrix~~Ck9BEkw=7+p{<Sy2pBulDHSW=oh;V@n
zCi1=fw7II6sI=5fIeww1$~>n^@O@Rl4K3s0l^1{g8gA_gK=&8^7d(2h@?7=D(FVu#
zn3GE0FRQIX;pfb3+JAmaWLVZrz8a0uyzjSbhsej<OOaj?@T<D_KOR1YK2F+g>;L)C
zyPC9gCtXdoMYK!lmczGMU~5Y4?Nyb7KlpURzoY)wd*khklx%y`KYmin`t7DRV)<kA
zN2-v6=g7CebB|m~;UT(bccP$Cy&u24vPe-g?pK?0{PE-C;r!9npJOCAc;LSs9kZ{5
zLrHve>?c{TFGth$lWo0%zSt9f7@Cg_jm8q^q^{<zU93Ft+{>-v$BzQB2XLsWM)2))
z*rH~I)%W^qXIN&cnxvxVcHMoI--^ADO4<k>Q(xttAtrxJwvGSxzV_Q~@Su!nms;l6
z(<6KI+2N{VsnMF(iKvNBUjrw<OuzcH7L&yp^Q<p;)fqJYfwkM8{v{puE&1}vKZB}8
zJhNNBG}NA%YmT@z)@jn97Ei(}d!{~o?KwJeOOI){!V3E0DXsj98XWbp!sFXr4DUhz
zt#{Q{T(sx?t3NPmN<Y1v{v2KX_YnH8X1cicXP59z8=bde@TJxB5E-@S7@<o*ZvM!*
zO{#4DtxhSA({rtww{kB8>2Hna`(GytblD4A`DVG^jXG&~*mIY(ZSOD)n-?mPeT4t-
z-E&MsxvHK=(5*a8hPBzp>IHwV?-QeIt)IUAcg?=<O6K5^kFNWZPZzxl5zx<nbvh;O
zQOaGg`Aw{|ir~xF_*ZPpBSl}-AWEMn&+88y6x-v8Mi`m%W`;r^-lR_7Ejjy;RC2B&
z#liAX{uJl+VUF|Ak=Tve&z^ZKilb3nYT&~k?k6r;-@Q2+zd+5JQ_<=#48yuTxN)=Y
zSu9E5^Xp`W98R*RoFyl6ubl9={Vho;y<ZmD`>nE>@b0?Q@{ePmtp|GmFMj5>{M(RO
z4Qw&6H|nK!g2m3A(22n4+n&qT=X}!oo`iHybgGh7j=wY!0m#0q1l=pS*S!;|^ZJuI
zZ8GV?a@d^~x%f}IJ2*KRrOfOfw@A+lt-KDNK6>5K=HSQo1$p8a2g*IyZx(A;QM#gU
z0_lX#M@tXRT{>pK(YExysry?S`m)<!=uY&@Lx#y#uLLBJRgqBc1?wGYbDN3pmXXkO
z9ZTbH7C*oGwWl5WplDWq+0HTQOYy&FC8K96CSFo!n4{OOr=0CD$@6<^bVsI8Iz{od
zy^j}eFzOg1GqFUq#7M3(FM-e3IH#`j^ijO7+Re#p#a=rZr=VX{Q!^)|NnLLp|Gv$*
zSJ0Vw`ccxl`9-DvR=o<P6KW5gi%H+Umk8(O`KY{Xqzk;6+6@20F0i3|whC}KR|Cov
z<vslMxG^p|rA1Zj(7S6!=Rf4W5N=7;rK#=E%s%ORXK73vdf@cE)izhHYOKFC^x-Re
z155gCdHPjnXfB@e<}Uv4J&g>xcQ5Y<rk{>}I7J-$7CS!u-<@ljgG(kiY_UV`Jnwhn
z@$ANlm&Ga9&jc!qTD>SKlQO-^J-z(FH`JoImsH91uzXzfZu))ZwZheA)rEs!u2tv#
zck5^F<M@KY55UQX#Zo%q=2K^oDaUga<$|TIx#bU^^51@~H*_TM{u}XvUzSPwl~(^u
zNAjLX1xcS--v7BlRblLa-SO(|ns4R@?2{08PCWc7W_5U7_FWk1Nud|IXiW0^DP);V
zXKv&NB#c%2BYTQ;cjYSgo`XWcWWn)^zaCnS8ht7C(fyiuUC3T_{<*JZ-QDS<LiIP6
z-O^H%YY(NaI=0?#_1ayz4R)YhE($bJFsppko_A!t^^k``eQD2T=BoprP8F`T4MDm=
zKgPPTKT0gqMSlM}+<}PEeQ+|yPxa;7n<*L>{vFi5bj0Iu&@;o@S21DDA8n={Jd!3A
zM@wFA|MDRwL)n<2GH@{PYu3%W{2!_Rjs4@~5B&_{S$@l@YkL}fPQ6{+4{G@gEBWfg
ze|S!8v6L5?TM|9~N^aTblEa^UZz7+<4)qxP)5sR)NvNOk5?!o){Bhml8RLs-{N2Wp
zpU~0c@p~%Y^Sqqu6aT$W6R$jNyr1)P@!92l?e$1Akz@^*9~VzVnl=0FAI%(eJTK<d
z9`9hzwKTZzC7EwO8XWlG2+Ys?t74a%!XsskvC*_8=DWxLYMZ7VeI!YtcJxVU#%rx>
zLEdRE91HO&F<y34$NsCwOgzaUIC>{er`&gq>V2^9GW=>~(8p{yEn8cUujRLdm1ufG
zUoZN1ZInld{!<P4k><4e-H*|pxUv1%iT7pL>HTPfY(l@Amb&BNKVF|+1e^xW>~6SZ
zt7LwTaE<K5XCD0{apC?8xh|BP?St`W9@-C43AvU=*FvOXdcFkf?~`0@IGW-s_3Z_H
zVg5@~hhNqptG+tI*Q4kF+AHvFMgeCxWf%Ll%s<rP@x7h<4v`mt3KjJ;7iuIQMVF|j
zwf9R8wU&4ZyexN%UH)5e+N@|I@5okYRM=w=&8ui{?d5m(k)K>k8j=?0Z891rCqd|g
z(kJ^s{AePHtJiJ*`TzRrCqMG)vb(Csx4egvJ;;xby8-{SKNjsrI5;2wPtdMMO#S08
z|Fg;uD_hl6(#B8PR-3pynfJeqNW9Hmy0BRjH0x!wNqZvLtNEz5AktXPK1%Oi=Rn#m
zk_N7uxVhkn2G(mN$+Y5a<CCV;N@N?B{yS21XCkOV?PY-K@DUneN4Rz4>+SG9SmX2m
zj+(qbn}G9+RSHx1)_W&LK(c4z&)K3X8Ry>xAykw7Nt#avFK}*bs^ou*xq+2%w0d%8
zNBR4q3AoXC!4k9J-S1vqhREz+H<Y<Wab-5~M`ZNHiwANYiqn?FXzuW_5CxZ0(qXnz
zn@OPC#sBf{);N!tDNDQDCIZC*nS1O{!^nWWvyhRqHB`@Q`)zA4cL96eXWz&?dEur=
zm(>qvmBK^aW%~;P2*9aq5cuf)YVenZ;*J|ds^pAF2iRJ=9xY&f?!pJXz%yNnS@?YI
znsqwjU_j_vym)~=bY-bdafi;m@*4+txjAQ7Y4kR=MucC}M(J7kum4*(({<>C$}T76
z^oYpi*)v^sWD?diE%nCAT(^=$fcU~0iwyCsMMh&%YL><7uD>%%OGTVfuYK6m%0H(`
zJ+y9mmN48jOp$G)U;TBV?#>se)B3xg=(Od(kG{)4|2ur^WR=8O3vr=={SreX8ch`~
zX6i|_M*x(ag>F`KfJ?Mip?tn1(Dud6%gI-1Fpo@G?a-N;rIjy1%qmBxCkwaFg7S+D
z?35L&BZLHUr}C~@`U;<~_+s?v*=t+z+#NaH<K6!qc${$k(tprb-*SGWblpwTTMj;T
zc}61U`;_u<VEFSd-l)67USgK<5$VUCp_S>u{oda%y+!_}y6-PX%Ma>*A;d}+f2!Xq
ze27NZnBp2|ka#lpnC~PO|6}g*1N73#D+=N1em@p3|GgJdQ?lvn*!;`vri$wAI|77j
zy4<YCMwU*WCyejW(_aciH|n<w*94c3SJqGzivP91FB3s}V$~2-4hP!R@eDj^{N!%C
zz`t?DyW&K2wnj+{Jk};3cURB&)jr+5pz;jE$1)d_Jhg9j>0Z~+)Sk+o$|HCV)y+rz
z`mk|Bw^*zBqJ6&iAMwo}_wNqaNXz8j%EkU1jnJ(*wPR74U4P6}%SU(e>s8Z9wIt*U
zPxfVXVES`UgXF^&JbcQvf@>h{XK8LFRa%3`R8DTdL|JKShAtgPl<bCnK+Yjkcw+~D
z_co25koqp)dd=X<)W2INq<&vII9_u`p(x(iPavVhC8^WIRalC{Cr=d|x|??6>YX1$
z=htqwJrDaJ+GR!yOc<HGQvLXh{@}eIFCt^vKg@?uN}iNDKQiQQ1$(1v<rvwd@JOv^
zLHxanVD;n!8{1WN(;tShj?*=NI=rm?{lc%+uN?U$k%+9F>F#(hAooZs_VDOU|BI(H
zg#UEBciFzK<qi0l052E4_WvKO1~aZqDBjWX4*!@ig<pJjB<9qG;uLQ?f#k&usNTWE
ztW*EaT(a{J(Q#jibLcI7qJC38u``TuGF@vu<Y95L^>yq%V0NG$;f>0^m6v}=ngvn#
z1f+73*mw=Rj=Z&xr1N(ra>Db>IU6@S_qz+B?<-m+Y7(nQdE=njIZMgYw$-_kYTI*b
zl5}+P8OFMlf9^deDOb;%7RQEYhb&_LX+60iGQuU_EH}DqsAgB<oGVso4^~Jjt~u1@
zy6^3Dvbnr|u`4gQc-ObzM7U~5w>;KoW}iovzsa)SFO?E>a+`_Psb601us)qp;R>Yj
zXjt9&>6w*Ztle^i(PY^8IeCZm#CpY?$Nufwnok-&q>Ng3DUrtiPV4$5iaw86HBz**
z;0?Zdn2eDh)wZw~p9)+ccMjcp^=rAS!{?fJm8Je^gkD2p0{$(*O`Pa{!Hs?sae3|k
z$U5iX%9^%c$F^<T#>BR5+qP}nwrzXInpl%$Vos7ddA|33&R2ELAFJ!yy;gVCu3c;2
zzZ>2Ch;2wl@|5E%s=X=D;2qZY3;4O(VuQP((S^Y9jBl|28vWT0vC+XNq%Q;L*ld;m
zii5GmA;&yH?sWyDD~8gv{>Uk)U?L9778(&R;sZodeV@xHsT}VD=+XH}>+kBlr}~by
z+3ZdD!ddCKMCSZm%Rvh~(gLY0&-vxusk~P<FZ=z@{O?Vu<>xoYV{H1Ryd{fPe=d+S
z9`FnC1Ko)m-J8^FW{>G-PhPX*3p_#G5S<SG>r^`hUbF3G`OW8M74dSH0>s@Lv<_Bn
zLDxPN@w4wi;+YH7-aOO3@q1nQ4z3?pdly;W+VJ)}?#t5jQPrnxc0T#lcOJz}%fra|
zGv|UZkK+&GGMfj=qE4h<GAx&Q^DtX?<(iOb2<Y(U+(vo68-1X)3=T`I4Zo)VMQU>p
zBo<&pT_Z3}=-%8v`E*-MDdXH(!Rx)#=}hk1)J0NrK+W5pZ_T#w>bBG~Y<6+r<5hT{
z?jdcc6quoGWDo<&?ULg5v@y||x`??IY%UIFS}}gRXRoh~Wkhk~#|h!t{obD`&00$@
ztzDmbz7%ZeOJG#7;GNrA?84{q%E|T3S#3Z>xwGhY7kh*Ljb4Af7|QyZ_ajvA_Sw3o
zi^0JaO^UH(7>pub@`0hoO{om%g8W(b;_t5fd*fENmF`R!3M`cxD;1G>k0n|Z<{BEb
zTf5BmsuBM=Ge4thMvXk!LG<Z1vbPUsRSv)>w)MBrRN_%>={8%Dkd%bL?2SKI{CeI7
zg)S>~iW_}eyLy<kP^G1BG}VBec2f}dQfLZ?CVT;x*F^}@x(NO%AX6z*lGwc)+5Gno
zr^-ls{kBlOjbc-^P-F{|dT+4}snFF?_hIwtr>=SdDv+PSDAoQ0ZH6r#G2v3H|4B{U
z(24(XQyi<^%0*TGWfRptE*_J{YP!jwZUc;k<7X7#3=~MJFH5)juy=_5YJahg3)GAt
zHqadYI&FGdyEJzZ$vHdOoLbnuYPfI^PUTB^`Z>BNl_>&fN>}8|&Y3+eBh&;ew@}rR
zzG8~^4@$M<cXt{b-c1NuP&8q=t>hY%3HugUJ23znVJ_kfm>1rj;cg9YH3j?Nt`O>W
zEN~sx$_k@VjtQM7`0@qpJXhrr<j4p|t$xamN&C|Nv<@T|zVL*C#Cx*`9iOsCL^sYS
z#5n2R5>Evl?+dZ2LFS)F50LJ?#d*b-%WJ4-kOCnxEx}42v6xZbr}^fgyq<({VBc)D
zhp}h%7K+Q0FEg7>(dF?a+Tn(DJw@lX!}1op<1b$`!cGH&i%!*R%U1tt{WpA>eHu}W
z89A%l22Ey1Ma)jt%D9y&Pij0KN3CipxU%Ugb(yMn8~9c*v#dxL5{C0RC%r?~D#$SK
z4ox$mrKV=Xrz!>Ty4AW$W*NdHE4xZ?7TTrsYSUES@I9+**4;0r70VJ5g9f}nzw;S3
z;TOj0?(k>LW?AAj>-SaIa=o6$$6r_sj#&&PDnr%A#!>{Ae^YDJw40ln%6;gA&1;C3
zIt-?}_MRh;Hs7DH7kC=T`PMvo^#va<9Ffh`?;Bfn>u?X{oaKL7wxd<4-Y{qn@Wg{!
zlbnW{nUI6{2vQ1`LN2-cZJ%`LRWgPkHW5S+V~7g`Yp378Bh;<z6oC&_8Q<uMU1Tqm
z2NIfDKF<Vh50}F)Uhn<I$a_eQC(js%(^K2+8r~(Lo}W~PW)Vl5m&Eu3x7|Otn7I1u
zO*IT&=ju*Q)aLu(8Rjb+DY^g|BY4Ij_TI<U+hmOq8ND~1!|6SM`iP7+Jfj(VZ|LeE
zKn<zC;%lRuYMnRw_*}=)t7~;n25YOM0Q_=swaKv1?}tRsYL&_K(u31EcQh}{v_(kt
zFbv4sPy1*4w8#Lt0zbz}5Z*`BoT<%-N)DIhCc^wvINtY{k-avxHk<%SCixTgE*-dC
zOZnKE#W=AA%|Vic9??DHQ=V~zKH0JEee$>mn{B=zMMQ#?NPS&QG%JxpM2MlyeOZeh
zjaE$S2-sW`QgI2}r%n9qS$&{h>=o;69He=>qUE(1;>_>lb=E{}eaz!^E&Tgyh=`8I
zv0K<0Fa&B676gLaZaq(wH_`b`J(9MPa@DA7<I~{DaQ7u`v21RL{n+b?Tr=IrzQG(Q
zo-MUnRd|4=fXD0H#~ra0Z>zC=^+wKVY1{mGSlwEafTI>u@`}8Ovo-1@hJKRk!qmqD
zaC7~8NSrzXUqBy4o<WLLlgB-ywh_T5_;(_Auy{p#drnTu_Nd^oz*=SrkE`~DYH*Mc
z7-4rTx$L(M7ONwVJY4zOmYK2|s-=0*4<MC4e}jvpL3(K}5ycyayr~}l*1b512r#VX
z4!C_m3zRYbIlpZRD7;qig-YtDrT7l4of|r^Fe+(vM3<e+WwXQ(D~exd2R}Jo!~nZe
zJb}!=Z^QX<oPhW*I${Zc0R_gg))oqE+FxM5uVs}kVot>R?X!~cs=8mZJw@mi#qIwz
zohb&yNtsrcN`}Li{$1Cd8ufWxMVP?E$kj<w9~N)>^(qa*2iK%ug2DWeqsepZ@Z1mM
zS6q%OR5)GAUxE_9Rom7I8*SCkC32<=%{$$8R7$*nYP`QqVp^9&5)-`0`2(#vdo(*`
z{W}`F7CQC`3mai!anAUDL~+XbvorW2jq=cr{q>i5g%=#bPVQ36&?B`uj-60K_&IJ|
zVaF2L#<Jk~4G9PsV-=Df_wqR#?lGqy(~lIB1v#|?u{``}OHf@pf;%Fe_=xnMBZj&(
z1sr{aX}|jH#8n;L%c}xvP#$quvMAK{U25S8&;Z(x7u@$U{g%FdF=y}rrm?B}EV>ZH
zBxn~;(+}mGi}zL|pzd$6(9^#2Ox^+-nL)<G!XkX~vYKj_#B_@rAMqE+G)Eoa4<nvo
zB!VSvTb%;s8h74|dro7*;dM|?9y)GW)?!C9DqX%eLHq&>C$kO8W^e=O0M_?QE>o^g
zW+cD43qTUKJD6Ka?JIL0GE`6t_)&~ymTR@d4V<5->|((caW9vM0n9a(&G1${bUj@G
zNB^K2Q-5CioHKuB%Vw@qwQc@QUuwo2?$6{I446~MYvpms0p}`V#8EsUAou7>Wb}a8
zdn(1HN3!q4;2=YR6tQx<e;CO+XtClf7I#G^hoQ1;4gn3VIoyZdY-T<Joq2R$SBzHu
z1jShJ1^0k)kN{!b2s!)X9M8zt(h=T{URG*Ul?pbAgDZ(9@2M;x_^L&B{?UWk>^;X5
z{B(d-9N~oJt@uJ?`RDQN)WFX_ew(d#8t=NqWATy%u$x`3`Ik;0Z?q=a6ngt`08%}s
zfv<Fi(^!yVO{PAg45<qE0ds)Xaz~c$G!Z<D*U!)&<(h1KmRWLH2CZbYR#@CKSz^$e
z5D=Lyd<Vdz+ufp@vOhm0P0B4jRhe_xO>*Y22}x(~E^6-@Y~!Vn+ObFJp*M9mO4ka1
z7P?5^C@iAif@|ejOB69uz^+p88Bdnam&qwmCJ(&L%F3x<oNwEr{HPa+BUM4|SK0XF
zFd?&Ju<_+)%V1^oV6ZTa*B$DW>?#)0N4~J9&=9cm4oI0fiwQR)Hg4`<?-HKob0#+P
zyhv_txR9F^&c8}+59j(tp6nKvRluB>)9$g}x4oG1+SU4&w4%$gy8Y1p<qK25W6C0!
zb~+n?YhXbhU>5g!D=Pg+CHBR_pFM?Ym(B5!J&*g-hMZ^Rk%~5hb207=raVH`tKL#m
zF8_?Rd_w;X&TmvL@z>>JoNka7zacDg4C)*)K&Tk|Bsisx42o6fvU{~zzLxqE^Zo{#
zpKLl`2F<j7aa0gW#etS(RqJF#^l~+d097-*Nk|<fseetYB0&)q6?uY_0ddzh!!1&-
z%x4+XG4usy^gd;aI*0=mHM_()w%xRwUe#^sI};yKiN2ML0WZgdWMMg_1u<>G{c1b6
zn3`?%t3l=Y77)NXqh7+dWJX;`QL92|m-2qb?iHeKG-^$cGHvf6wXG6H5tK`#4V84p
zsxEBGMf>sAn}#$h-fEn>uxXjHpedCtuT_=C3H@1nC#6W@8>L*K8{#&*guVoC^UDMo
zH7h?)3g+qWqxxsjXtk(+Q2{cC-B4d5_J@HmHA$Me_0z*8{U^1h7P|E)Uul9N&8u*}
z<PN}G#_BvsC*4RX1)T@V$(1M?(cHzn{122)Qg-we<9#2+Qn_$PR7HR@6IdPy#N@mp
zY@0NnrCgPa+$SRox>(HDW~hNVTAjYh&tinAl^u{DPnc-b^p6#(kr#3PI9qSRaa)6S
zr&JBJbr5c$j|MJi97&xf?AcsD<7$$G;*+Y@&8!1qVDii$_~bwLWYyPr;>P0}*Qy9o
zDlxy8$cmRGGzyWxI8{`36}tbz@taj4ElGig37=<{5^T==-c0{Mry+Py)h=PaqBi1r
zMKE~eJ-S`7P)PC9PV>^Ew~yS+VR}0UroFt?A17_wvW?@Ha#3AtE5=aCU_JvQL6Vx*
zasmB%0rA=6fR6Ny+#irQq{&bQU+eZ&OC)E;MUUO{mq#Y1K7dvF@rhUVx?BM#W16%U
zmP){RZn&U|>H56XW7q}<b{E^az83l+km_?G-Rige9WQSQZEBGay-igY3-dH@c~>IV
zGM1ws!g~|z1q)X(_imwIp5WF<r{M-@1472?yz?48Wg4V&IU%CM=(V=o`IyQ>?#1vE
zMu-T(UJZaO)ATK&(pGYVR(_a*j=SC~+jb5^ST~8PJ_9+jp6=<jz-DY4)YK)nks4c-
z2p_SRokZ(dmM%Y+$M#X%I5fk89R_OVusk<K_IGfYUH3IVW49m>p6)7=wdvm2PR^0j
zdGV91r|_E;tjAl;Bj^cSn)^IFrl~aNspX*q8e2xY^EIuF4F1T1^U+=MX0fK+SBbE}
z$3XD90q}lXvQ?-H=I;T<M6fFs@W@KAepE)931fYd8Pv_f%)C=f9ayUNo<qW<o=EGa
z_u=oZQ7*NFqJUJTErR!$(>Xp<^hnchX!ROe+!g0VMZ43>%tA(R{K;j*u(CPA>v!9@
z(;Y{^&uF^wVz7`X;OcvB4{ovA@5KgW^>^EcbzO6mos~WWuerOkUEim=X!;m$@wRSC
z&GXU`-+5fyu{j&Ie^ocefO&h8OxhA&JQtF8w6ut)mq<@SjT`?J)86kiX`yYg@>d%O
zvcf-y>7qaXUBTj8xKq1f%YIV*o1G3-WOHm94m*2q&wkwlV~k@C$C>oJ<q_VnnvC9a
zD$ZTz!kFFg_YRBSsP=&}&oX`V1esZS$r=dbF*U4*E;Ye!<_=AodKdsO_H^=Am;58{
z^%TR2OIkEJ4j#6^e2~p1V*RYtT92$a@$@qu0S~>MFX{UXpaZvi>dkb;=K!V^$m{M@
z7bHjbr|kK-IED#UBVjq3a)rF>hM+-0tb$_(qkUr_P(dh&9Hohbg}B@=9kU2c!HF66
zs;a3=79%o<0<AnyU)m!lgQ=1HJKX6nnJaK<{lD;Phq<lw6)Q<`eOFfmPhpNo+95@P
zY#UNq`^&S5C9ONDY+c@+)NO04{!CkO4n5#0ZMei*J(^Qx<CM1JlA60zn%4A@Hp=*e
zrz#jP1cs2Q&a}!pBv9+=>|!_Szt3u)^$@#QDB*NczI+95f=W;VJp;^hJ7lVLy)$b}
zpGpvenk06`8-3cPwIo?_C0B04wX!Q}4C*r4uQpEg;^t9ns#aD~@iPRRslWFz*D}aR
z*amKN80q!<dwTtcQ?OtB;Qrl#7U@_0MJG~AeKH1wLrQU;&b_+|uLGw%UhG%!ZVK&&
zlu~1YTB}NhrN=ei4kYAFktJci3~#26R?frXTGaMJEFrTbheK>~S<N-a#6tVF-a^g{
zv(GURG77$!vW%bZYol?W5fGm^9u^UEM6+dV=_;RaI<%PuL7r+)e`!SD>FTZ_)&a=n
z3q1m0#XWnnOR86##pZ2)OMMCfow4J7CQ(9-Pk4F8b?ZXvN!O@NZHavB!2S^LN|Kc(
z4B#YZU2R%VU<Er%!-PYh7CU(CBR1m@6-~zh%|4~R26G8zpM{i`_;OqQqhxy%y~!(<
zF^!=<rA{xHw%s_zk|9jrg9heL4)0?ei<4P@GZj)R>@dlPtV2^ED%%uT5RPbf>v98(
z`$ZB^>6;$IZ4{BzY49Th=BsF;kS>!fHaE~F>|(>Y)hw102xXB(I*KUCG#D%ZploVa
zvBGXR<DREaGZ!^e<31AW(TH_j1n3pv+x;?HBCgGIhO()^Gj6AjVCoX_O)u%v$*52F
zGs3P(V&R#&C9Oo9-i)<iG0%@egb6V-AW_8Xb%HE5Y(FLAV8k%590lQ5ki|em<73w1
zQ@kBCt;b6SaSL>HC{2)HTalU)Ewouio6LupaV1UhK8b@RZ=#@XsmoqbYp;^(5Ew3z
z%#BrC*Hq}0z#$MrnS(^VNeP!o5`7pN^(i}0B3trJ+&lptph~tBnEZVoWPm2cMtJQ0
zHpm!FmW_Dd<GYV3HhvI7Pgx5|Jc!=2dD_Z3s9>_$OPzkrlEJ#vh<H32@|$~!U%!h%
zA2PX(2pH)1i*+a&W_PWYm0Kzeye8m&#7sR=E`N<nXWtcj@?7Mw7g9%Bs@7f@gm4Tc
zx%P_6vPD`(&FUdqlraN!QSF}D?i>?CzdXpI{`{7BrfAc-^RMf7vR`z-68oVTS$0zm
z&5Kk1Tu=(d2<TbN$D1_lD}`)4H}Sf-ZtsxMgLaEX#U~t%OzPbw_&PY+|C5QdzRE4W
z!KQk!;#D^K$eC{;Sp-}=CLvyZm6gLYJ4T=JvV_)5`_98=Ebn0A%r>Xc$5*BuSj|ry
zSFvJLEbS9br+9zA*jjzSLNexYo$9j`psVA+h!+~YuWYAPx(YW1bfTtDWya<XD+o|i
z@KB<}$<yyEg`HB@x0tmOkbsWixkFE7pk^{Vqcu{pFn%?e{$6lVJU@Cnk(xIVDwY>@
zkU-5_@%<R+8>z02uWBkN$8<^v8z*r-ltq-NtPMiJU)RWn$D5eT)VHj!<sr_feElRG
zdbxX&-K!07x?V_-jzO~wUK_VA?X?>4IsDp3xiAkBv<&@*7#t%cx0E#_dX47LcP|h%
z^y*>ce&f_xJ;|6iJ^3EnG?sTlnKV!kgKpghxAd|N9@R~!O2kt|``Glvwhpu49*!dt
zmq0>dO{}R^!ga3ETZnWUJY!Gr8FqvtgM_AQWPw3g|N1+et2;^)I|!e$sX?R0Gq&S*
zwZig{GdzaRdHZ~fJm5&srrPx4=2~Ns{PS4b0jb0-v!uXtR&KuG>wC!`k6CyG2OeHz
zMDMZ)38nu7vH4CV0~_eLGQPKdAxOQ@3zD79RH%`QNPj4Uu;7>0phqnu?WKssMaYb5
z^&SN{{h$iJU-HN335fHFhEa8=@#t`7j=|tUl^@7K7sl;TaJXPXm4U{v%VTz^*nv>N
ziojyj<uTjAP-Yvj3nzaz%1!i|<-NMraI=$k9GYGSYY8+gs<arEQY8Z^aly8r9X&#R
zY^NyTwJo|+$u(XIP$UOBwKsfF03NyH?~3->?lvF0V*d-=F?U6UunNq)=@sXipHn$G
zmJzcZ$IAy4t;+zhBTfp86Edzy|D&rR-qt3c`HtD(+Y6*m<X?-ZD+jBS$sVX9MKDVD
z^~R54BwrrP5bD79)AAg^O2;F@vj@?68vV^Cs9R4p{TrkCL*o4afvne8k0k0m7`vO!
zQKt_XId?pfZ6yXLyuW}H{0UvzZ%|Ifp9p?pZgm6EEW9ZU^D$tj`2HQ4I~;Fn#=#&N
z7rMs4Ar(ASOoBryda9U*hGuqE4ICrY#C`FQ?=dK%NyUFEgB?aDbvVl7G2f>m6Jj2m
zUUVx^)u1$>)smUy0Wo6_xYmpoU-t~gQOvR8y-)nAWyqqU6zU#5uVrZBilEg1k%WPo
zd4)M~Win-D$y^@lBtrf>sZm%FLQIT2C}p^kIFau(%=Z*SEYO4q8R0&Rso-l&NP%#D
zZ2w9dvg^`I9z;u^W35M3ZPSb)_IZm(vq+Ezh?RcFjr>!i1}G|<m0InF!fyNZ*!vqD
z-tAD;W(O6VqW_mK+e#MJSLQ3s(~{ypFWsSma7;K4>Ifm~Uli^C-pg1lE|RZ(3t@CU
z;ype>5YnjtyK6+4%&rzx8HUwWcVO$EBdC;V!81vZiZ*OIC8;;ul4x<0QhiT0w)4)S
zH01&RBw7C0?~K#iF_(td%Gph=o_OZ8!R&yh0tDfAr_>ilpz;8_I-BOYCqBT+mx1w#
za0&)f;H0sIgvu}hhn{n&UR`iFhIBz$-)D(AMUW`#8(6d7ZKz62`#;N2DBnFX;R?q$
zMBIT@vTRSEgy^uL@N(N=$|{=Pd-;<Llao4-1hZ{(%8O!q?SV}=WsFYPN@1u~<P(N4
zmsI2tQVuJ{ggOst7JYA7CB^rJGn9VdlIm`<!9?rq*nFeq)c#dmydnCa#KdBg{AQ^^
zz^z1%wP%?8Ms<I7>IG*{;ueKMX}Xa-=DjHg7BSN_QbL+c(lEm&ptS`kNx*LBsiBwN
zR4&joI|<yE(Oe^4!Ho0o7(_`tVM!$E{ZUwQp8f$n=Phgz&uG_$U#h8Yk(OQ!u$464
zu1orBo$)TVbG|P!yf5-&HXSVtC*+i=ATHC1t6$RP>NPky^eQE9v%9i-^gPYVm@3FQ
zS_MC(LN1q22JuzFDBI+=H4Euy<}ljCz7?v?&wa0OL3~?{G%)F8Q<vdK>iB)hWLx=6
z0d{0OspL86<%|b{|HAISF!3J<VI)@|r;L^RXWV{qfXWoKNebC!uHwcC*xo;LQ2lle
zb|8~tqBPAXa_kWjC$vIw(4S=Og;tG8Zr`lFhR6%4h%w+ai+;bDL{?JTO!A%1RFb-#
zCA3#DT+z(UeAtB@@1Z;)UL^aOY(e!?#d8oDPYz`sR>gDlUzq$CX8(o7e_`cc*!UNA
z{)PQ-NS=jN@jgZ-Qc9kO?<tZHj7oO3-+&i*mr5;l8L@v|QYa?N!*vHu^hY7T*lENK
zeoUc~It$+=DlHI|;^DjsC;lXp26P#5B3)4aX9~&hDID$hJxr4RJ0#}6Lp1+8WSr!C
zNN*RhnK0h(QrQQaX(42?DP5+pcHtjjQY@IVMR7<-Ldmn>DweolqKRZKLumO55dQ_4
ze?j735cwAb{{`M}7<C>>)%S;rCW$%?*}W}tK#O80blm-=e*7Sx)++lTBuum-Ir%<9
zj00>Foqz;VByPMOko_`{uo7wesd3tOh&Ow;bP&l!B<xL=2^q}IC(VFJc5^k!J3oYn
zPo4ou@o;R3G`@^U1{aD0oen&Nhex3SA$!_&KonbXv&e*GP3Hbtantz?a9V$N(nUcP
z%rq2QDjv_)EjW4SOv<7)>rJPw@EDO{BGsf8@A@q5?BW7jh5d7EPzQC_GS0j{r(Tpr
z))>%MuhW%PEI7-4H35{BkT|mOi@ZO$wCIX9m2r&q64?t4voJ~&V9kMgxKOqfEnQO8
z%cg4^SsZ9o6(&{CrdcjXGNf7FWc1p5Aq?)b%w2q~Xc1yF7~DaVP!1ZpeZyR%YVGEu
zzl$Q(i36%?>OP}Me#<&FQi$S=X`A*`j68z7i<B;f-c3K6B}Pb=Xg<JXn7DE^idYIE
z6&M4ffH5a`zb{jw1QUrXYXrPAq<{&<mezkg>XASPV@c_KUi9$&=NT2Ozwm)rpc;bz
zuZU_mT0y%Emh=WF)EsK-9lnC!CwOZSN)tzxOY6{%2z$F*OyoXkTFIz+>D4nxPlwA7
z0`5_SHn5zQL8&p3uhdmQ-jYx|uYSqv&`=jk?~umDs%G0<UWbLyo9U=pe+w(s(Qwgz
zhK74#>XM}|C(XTs4TZWXTs|vfdI+!hA_MiA*4jt{$Vxe85is$8#O$M&NYFoGmdS5|
z@xSopWcZJml`W{i!x9@m3_0<_1?Z{^-WH^+RFiZ-kCF>xA6CFU0KffqT5R87xL`<_
zBm9MUY!vLD3xq#uQ1<oVb^+*>Sx>$hcBv|DrII<ftRmMzk+8DLA6BnJRG=ujAfq0V
zCl-;Ps?AqnsX0pp%NO^&kkl!Wf#%sMUeP24Lh?TMF{x@cpjsSoWyFyjLRPi~{sT!O
zkzO+09ZTO;EHeuqPWGmU0F$K)$~`HkuiXUcAZ8uIBkVLKbL7*7{7-4AxsDvV!}NT+
zHGr*0L`a3==jm<ahJwMN<bLYK0%nA{1^9)hnzc=^xB{H>m?l!GAq5okp*uG@-0-MQ
zU~KpYTKFy~#VncQ7#hUEe<9rX-yU;N3fbPSVxJI)0TT8xJrh>EZdo7&*`g|JIz5U&
z%JRiUxO9dRNXGjM&BT%#nJ2Dz*WNlT5T0ecFStymI}CynV!<$V@xjoj+ZB7OpL5JB
zwl#ewe87k+VtUb6whY?;{0Rkj86-K{OX_Fg7a$>0D1LM1ERh(G4NJ3(ob~M*6|{TY
z4AKQ^+30N!)X+vYvUI`*l4UU2)MH*^sAz#yGTG3m5T#@?86y!65OQ!-tUOYN?5I+&
z13K}`OC1z<g~iQ+kl19*V|1dJirAz`dURqC4xcWCz_cw&)Qt{+%?;1Z6+`SPQvgGx
z`X&xJ*eV}L{N21;GtO<P%uy1MUV1%pEySrq)lwT(t&6VeSNBgqi9th(Rbv+oT}VY#
zOJ!zt|E9Kc7Tb{h7J;*Dt$PT+1CV(mauniv2kN537{Blp%Z?0b$F?pe@>+{(%(L@M
zzv%FHs;>|Ebu~Qc@$E<Lr1p~zAvf1=fA!q!0?TuBN|#B4WH6H<Q8y*p{^R>PAQf*h
z>sGcY6Yz54VKx)g@~nQJ>56Ju`>T54vNFTOufcic2z^}>6hX7V1UQ`~7Mcqk0`o#1
zy+{tYF*E6j@8CtU7)4DtG4|Yg?_eyCv8NgU^!hB-3o9C;ZT&ktJsk!@Y>f9T!DC?p
zFGGF^TDPT|5r`P|qe-2IA&SXQi^>SuGP%?Az1d)dWbvFjVJx<uqbv7^z+x(fT7hui
zs&zt{2xQtUlfZ~_#WXK%;+Rrbts;d9OseDi`H7Ks+A<}#Y%Odzh+a$~So9M~wWbF5
zkV5M?6Fi^M#)Lf(*qINM`20fFEY*kZ=2dOOdPR4l)<$S_TQ*h-*0P0as9dGgarOl(
z%P_?Xne*JE-Y|5IVo6S=E{}}^EgIC4`b_^K1^Xh_3|%zuBUEc||BCheKXtkFL(Jza
zMb-Yon`e(h)Qb~$U<)j;H))9Wc4^|=ZbiO>R9Va_&co+SnqG2<_z*EiLavS1X~sX-
z#w(N&>~ckLZx+*^qt?8O*lF8#(X@}C-@}?@p1O!h7VhrEy;puYGj9kH0Hk63mZcHS
z=U;#&X}c5^Xs2=j($Z_KDE?q3o9Hp6pT<c_SY&zTaK+0e0d3Met*P8q+L%MtiZXB$
zSidk7USGS+-!c!+3qH=4$1)GOHauO!Ou}QR<3k>Lb`Q=oem>z&3~`np5*xrpDgUEH
zg(qSx3qhO9pXZ3~MM5Dix8n|XoWPfj=hw)Q;}`Q-2-jTq>NB{|4a4>-of8h_TZM?z
z8aZSQ9`o9#vS0j+F+KXL>H-(t+O~`&hu)A!y~DS5yZibEw0b)ASbKRr8p{l&7m<vx
z`Vt5*%8zu6h>fSusLD+YJ6VLYk4^V8q2iw+OEC4_(h@RE#`lq>lGe?n4wTWQbkv}V
zRVNziv;Zw#vSq7E)hK>4$-~Mp%dyw}SS?iTGIDa8O9eQ&DQjl${&2t)O7i!U8=?!h
z{>G?%Snjw@GE^b(V#5=QG6I;CqrR~n$Dn*U&Iy?bLg~UZ@{w_bT2Ub$+(7)NlIEb#
z{UzORc%<*K{xEZx!?C{+&A#qL?A=FMjNUgxm|fcHQ5(lxdUW_K-#a%Co0=sdG|F5$
z#{60&eYXxv>TQH;4?oC=lrq7{qN5~8L~?6IJEQxmcjxlNq_%BWlYc$BC-9`;;o`)L
zp%@E~G)aomSyEvf`J6ZnlN>O-0)4pq-QGg6b%*7j3dj9`KMDBTd)w;pR#uXA9-{QH
z1fQ^A9CxEI1|4&!2hTebhEqWhtwr*YP^3vV42&HsX3Up(VEO8yn|3M!j{q+*Hvn40
zMo233Ln#O7D6{xrj3*u$Cu;IHe*8FCWk7Uz!n+`Ti=ALUu%QS&Dyd*lF$cCfu;4!z
za1hh?ZHylj`o)1Sj8^1%@M>tKvXw%bd|H@y;f0BjeXLkvqN0hAC5ce5UQ94ijq#8r
z`zEi9nAYw~hOHkme3EBZWxRkcMf{7QN{YjMe<m3HVRL3K<MRkSUIQxmCtz8q6(^_n
z<b)(@^e%}LbV!X$%mAs>%)&b)Jl|NXGgt&Wqc!9G7`XN6^2$Yzl5Pj_xpr&i=AC3@
zr@O;~&W0KTCQx?DETdn4RTs3`$`J929zU%Wx)oz1-toe@R7yTnaj}V&r^1?);8r)V
z>|#U-xNl)GH7+l#FERak<PP_m$w{<XaA=|;vtz@fGhD=8vb!_tWC;PWRmB8wr8nL@
zDThZzLE-y-HRU7ZfOBo0BOQ9hzt0jZsgI7TAj?Zxs+nSl5<0D>RhGMNsqr1?545w;
z_vI2IV>ztX&vDy7`>5Ur+3Or;^qH?4@*~z_um7+)G`L>X>hrj(GvfDP1lJaLxUjED
zN7v^npkDn^E6JHn_H(Mpfo+?5(-8J4omT#wI`l{bz*z|1&p7tuzr6+4N5STbid=pB
zBQ3}jozFjPp^nALUekh4QY3Ga8F6pl-+KmS9(Xo@Z^B2CuER5xXU5j{{b0fWlnH!P
z8W>3|56}jF9bVYa?H*idbZ$^qWrWTkT+~jLFtAgT+n^P3b(he7m86E^sd`|E;jbYY
zCKV%$fCnn01gq+D?x+jhhR6sKLP%?DsJD-`i=agWqd{Bk{{(JgHzp<T8zyX%)XjQ{
z7COEkW`+3D)1G>Leh%`eEpCtOH9=}~eu4==v9Cu67KE014%vUX(YL0+O&INL<%Vtt
zq*vc}>*}SZ!ux&fvc6EAACr(I!#;Jj9H`#*gnLt*>F5UqV7<E&5kjtUkXbdo<RkuL
z4~efNvJ&x=pLv-}C@UbTB_i(iH<GwuV>*>r;xwnkQz*`58Gnj1PK5XhH*iPyHZ&xd
zIrpDTiVDSK^2>23(}geaECCq^l7O8@v`$FW+R_#vs&se@^H^5|kgaOB5_|qDcf}1l
zl{Iw!po{HDsZx#etEY6SD?!?c57ThM)qvJz3tpY^i1N_bK7(=P>mW63T=<tQRvb+-
zzL!M!vFaEDAL1EoHOuS@S0>>0m_QS<{)R=^R4NkSJwSOPv%QryM@yy2$$NV0R(&ul
zk+`wz6wd~y>9j&P7nNei^w(sTMRlFMM(q+pMYFG8^D!P9Rh{rFDb2=ZMmFy>mt{uo
z0!FUPyrsm!dmxt;-I7_aHDk1xkWlgh-CJ(?nIxkuF&eAkRIWY&CYSZ)O(wKa;f_5L
z0FVW<aO}xF5VR8S;BTp7vReTD#q4}E3j0xS+Lyy+!f~RL$4z*LOVX@MJo$z}a)&%b
z%*(hmu5G@q2^-JC0M_83F~JY>6Kmk}d^uYFYi!XoX=;w*cJBR_?o(p-^LJ}bz@~%%
z@%bM9qNZd+r31Ssm>{$Uh-Z9|f%=7<4iwio70VSUf_`s8S!`$d8h3wv6-dD$D|P(L
zT`xj_N-Zo2vcD>hdex8p|H%A|co-oXwJmMz5*TAaS1R9m@bq(g19bJM6%2;rUzT#J
zC)I_&M$y_$t$K9H=XBjvRKets&E)7crq0rezn5~=#Ve;#9jD@@qNQ;M&5l9qy1P}-
zr=cmOS)<1ds{H?MKp=Gk0I-8|?SPr;TUj<6?idmv6{#h#!gC;U8{JgJDXs5raOF<;
zh7iNYAlu_w$#?*F;QLqqb*h{d!S30%(Uyl0aV9{uf8!~cq%bY!Gxe#CsN)R&WV_|w
zo$QmA>5MX6fJZI@1A%a3fC$RkLXHX+9_T#SI_*#oT2%9XmpcP2e&JhoumyGeuk4t!
zmtHlwa*p0&yx5qUKk*!HG&A2#N3_4l^pX22AmZ_q*3SHHol*P>N2V?B3w16+5jv>Y
z*CIiz0iwRbF=f(1|2PF16AO>SSfrT=@WCS7S(LfG6iWL2imDwt(sJMe1lrn}hjV4F
z&-uGoYzf#lFocW$xilEa{uosyW8Oz>qgkc>x=L0|m%{8)O@5j?lxS9FT4^>QKJVYF
zIqDzKCdb#F&Q-08F-&_?b*2h`mEC$5r8oE-pHSiX0e5$&+Cvfk>KWY=5t?wo!tvHA
zlDK$BvULzxTjj^NJ|=z~=i08wRJUoXhmzKxS@-mTQ}8=AqBYsX5IX`KuPoV0d*Gr<
zhvrXCTg*252=mfVdNAi?M5FcN79E{z$+}C4YQ>zA?8Knsm<fF7@qcuM$zw0iaQT(^
zAjX(`RTVX_BBz{oh817!YHR|}BYMvH+k%2^@}Sk}qKGiIEftE?eoc|2EEq5OPzYYM
z=&^l?2c0i3UG!4(_vwD`t#tl;0mvn0cd2rim}Govn{luxM;Tjj$S7l@q)EgOQY5q0
zKevnjwffdX?k1H|&n4j|Nl?5VR2WfAt`WvbP%_^*#pDKAk|e6*aXu_+fAt<LMq)ei
zk2UAQixwlP{U7AR`!?)XBL|kUfkMJdnLsh2#mvAI&|;*{IirMZ6hA^#zMHUrnuvdz
zsP9H3<{_nM>}_iC@Wa&7NdQ@U=i?X^3^66GgAXiB^eSqIip*FLPTUCOS(v1D^ZV0q
zGJfngZv2D6-*~)Mqk;FR=)$a3bUGxH3?<_W1QP{a4nIVU{49PGRwJjBWZhC%UQLbf
zZQ;<amXd7t6&EQ(vQ}m|ZYCd1N#lQTcy<JQr(G<Xc~w%B47KdXrix-ToDeQeBKxMV
zpZx9giORGbRFWxW#<l*4N;D%iN~TjP*I@zNwHq^8C7Wf(g-gSM4N`S%z7nup<7=Od
z+|sx;fOrr1*fk|W(+U{kK(hbZjz0Nd{Dn&y9=iYzUcklp>%2h0l5EIR#zGFKZKagF
z%KF=)RhOXuRf^W7e~VXIapnyai{9dZ2Pz}Os?uHGsV90J%ELwkEu*!i-8SAn0CtB_
zCMyjZ1yVva`Tq=>QViq`mZ;sQ=LC_p*e~?2$~nu1Tgn44KctT+E&+ucL>^kZDw>9w
zRWYf}#R&!56&JQq<3hTf{FbKm+W#?ELnozeOIlKE{&&>c6>jlsR&s`ZyaQ55pfYx3
z1HlVC2XRkrP=HUQIH|1GK;+mhO?)XdbUP^R{9*&UYYj9fN+pI+pIQo+I+At562mmy
z@YNu7dZVi|gfh|FeBRXLLC<eLhf0lu_wv%sfB+MAi2@h0Ba=T8X&*(r{{Td9*z`@<
zgy8@THnZ}`hI9<$T`&sg?ereP|2Xyp{L3CiQucWup|g|%8k@n{wAU_qQcRW3U^yN<
z<?Rm6o6eICSppB3-<E*?Rf?++`qAhib04Xz^a(g(lHZ)rF;W+2?1_H`X(3D43&0^j
zcP17BH*ci9ukr{!3Xx?mv}5Jg3R~u_Qw(iLim!AMsvIRyI{8ANtXm%71TNad!rL=I
zz2;F*WHNt_DAHmSajc$25IRbUk4Rl7uT#J&b4uUN`>Xtil`fAg&g40I+>z?%laY`e
zwYJxWOVUxuqK_I&!vIazx<MM9T^&psH!&BV#wm6&A0?D?iymeT*gBL_d2JGUsJhNc
zvv8Iy>B`jbB`OFv0!$4xSQch%A&jvc8C?r`7=lX~(TYTfPa3Ma*KsW#c_$5Z>I|yT
zCBz&tQoEU5imgqM>;MCG(Fh+*5%BM6Vrlz8fsw*>?66`a^p8*taq~2W0-&p;I}bm$
z!Z_24zjGz~(y$V*ctN4oB}_jU&kHes1gAq;l7ApBrZ_v>$bb}kXF5UAh^Ap1PQ%E)
z1MD(x6r{WFQ@vjcLih!kM({cN-NLs&iv4tIS0m{~#DPGCf;z6V=vGqG`}r^H)P1P@
zM<W}J&kdCx9jBmYdmU4WQ@P&HS9+ykLn6iSbgmnfQ_!l$ogGgvICZC)Slf&co^7#q
z)r9=|ceZy$WU1>rsR&ZidE!>nzed+-R^7^!TKuT$8-byL5sU38ZKLOKunjuye4E6)
zSerckwNzE3=FSqCB~!pJdYafgs9A$iC6G+VE$3}x(>qfesn|v-nqZ-)Xtk9#_I8l1
zO+kc9#hU+i1~)<pri_)hqySUqQiutobak!rK;!~Qp@)39M(Wh%3K^o{r8rSxc)mt&
zPn**j%9MX&U6(7rl;ef^9L4+QAAzW6iIrn)WDG;(;E8H5ed$g@MfBl!>WV41A6Khv
z63>JHmWc_6NhgU8kUUBu3BTltF=OQtJzat>R%xn;+1Zh07Ub*Lpkm3UPD80vp@NdW
zL+(tkT=w5<a%_{ya!?@%t>yo3RNiE@>NvDX3dKf#-#e{y(n7JtJ-Tkpa1z-D;hbAK
zg3K;UzVy1)YTtTb@I<3@hBvtyUtOK7P40t|+VH1lG_%8ZU_nS1Rkm?44D(t9Lg_n!
zo{B+;0rTmm61--Fg@W3IlJAUr6dYP{Jl;ukK+VcTM)sbG3%#}S>1te*ApiIlDh2Kt
z%%=#WK|Kx{#`O~&_8Y*XqBNtpC_W-;(2jydk1y_%XvP-9Y&50s0A(W#%4;lWIgkEk
zCBDdV@-vDByaN=~&T5KozW<3USwVRGuO^Zy>w2F4sAl5B4WC)Ms!<C|lm$dpG{2v%
zi86{bdp8WPoC67kdpIsSHU)<#ptD^t7doYAZ*EIa+}3K~T`ea2Edv73FHfSiwWlL(
ztn-d8vuSRr1yT+>b;|)5IcEGXihBs;lP@kkF{iJ9^oZ-TU~e(t7i*<+dtuJ~(<nL;
zVR`V#IrUbEV{qE7xxz5zmSrvynq9TY#qclRkiO_!?4<T_v79)PJQ_J6Cq@2p3!e%y
z90CaXLo^tVpqo((nNXpa$u<8m+~FZINl~{IWOQcZ-iMwsvdx^l`_}0XAS!0d-H8Dn
z?payvcue+B*#+QZgocKiWb@9KW`lv3=79x2!R5A$+<hiU_N~gn(HYu@pAH7$@$M&q
z%TKd+ik!Opx#4DK^fLt8b^Lcz0z)b!Nz-<Y#35GNFHO`*lWv5%B9_@}ezwwN&byF;
z@yv3U0vzNhUB5#J(X-0k2y;+Gax<-%&%7jD1PV=4l7dm1<kFmg{Z^tJ<Q1YjfdW33
zKSf$vf?a!Q+SrBm`0+BJ?SyheLp{vz6|X2=we}MX5St5|_a*uYsYZ(uhT@!L5W)uT
z{SWMPec$(vRO#<Q|I9L7A)ap#o~N;QBmHF+`#w5#x5XXST>H89;qWNG?czX|2EyC(
zLzkUbz!&Zod%(UDzkq8)>L{bQ{U{{{SRnr=LL8Pm;!SwAN)Q=~QQ_vJk(XPN2%+1l
zyQ#jO<|yKLNDR(1mbqm_;X!c(e>fs-Xh|1I_%7#MoBWJtw}R0LObb1Dbdvi}-igd-
zbVzqqL%;W^TDwa&2*4-56E^NoQLdwN&d)2hab1}2C7S&4%RS}7owhP((c{^r=f|>H
zxg-YWm(^XLt2A0v!4VhpI!G?%%eygLbKN^^v$JS+ijz3`Oc|ox3Klx-)R|qK#ts^^
zxIyx(A~ntQ?b}21t9m_J&9d2mqIu82WjENA-x{UmlBRO|D&?$wVI{Z<--7d}Ivf;a
zsO_53=?_XeZA#l4FhQ%APYS)<oKra6aXVWoKsbZv#xgmuQPzCUGxSLT5+&j1-1QI9
zf)QA~p~*gSsp=|>DIo0)#BF1|xSt+O404Q|)6rnJ>4O|BFWf}c${lDfG8Y)b&+w7^
zwlQBS?u2mFi<j-I`xbCxz2|~H8E+YpQ3Sw1LfG7&+`L#a7GPkX>>lq5Sh;h{0rQ6N
z1;C@%lqz!wW@*0mk2D&)eFUo$kUDj*EYY-@5IyPjK=;csC$ynWyrZZkO~Fq621#2e
zMg=&3{697)?rr5r(azbeKWS=pPI8&`3-K`=Zy`(r<2$_a3-#=mZ4bD%&A~#PTjW~6
zP7HIDm^1Gv_NWr4g71&!TENbSUXC6N`3PAHB2FE%Do*0yP^M#vc|1<xIg52T+tYCr
z7O*55&$I3zVU#g5PoZ@&u`FPvFf)<hWWUL&2o|KDU%+8zzypzEZi4WO;I>l(6+yzI
zO#ovQ+f!x?v;@+Qn(KyUfF69APDmSO9<cTTG@$hrhPuUhgkh<;$EUV`;QQeEy-EJ_
zA2_Q$SBoF!8Brd?EsS!@;l>8p=8xtE5I#L~X%J39Q=x0u3AA1Bmxev5lRj+l5|7%(
ztw{1jH!PM+u1+IS;D77U=C_@P#~VZ6l;{qalw0(Sj>Kn2Pe5vVPMnQZ3S@egWnB>`
z7@tSLJs=sMZ}jFJ_;Ve32R{EyZKd}g=Z$;mgeMp>Z39l4biI{qd*G7+4&%^qfEzwA
z(TlU8FrlX<Py~Mfw=lHVuSqbp^HLK?*OjsmeA|s_S?quiwfBvou*%tw8xO<j;lDwz
zPdtAk(AyU&VTm=17E<<+!em}6mTzFQB#|-dVM39H(2nz&?4iq*J8V|-LvK|De^h92
zh2ciyOthbu>t(Fwf7QL2CSW|0DLqW;7>ViZ*n1EXAUO*a7*`S7q_Y39py#O*ilyfK
z((}`SN>hl4vc?MP4BsFSM3^WB{#|U)*I+!u(u4>f)`u!AN{ivdz%WBH>iNef7VeoY
z=4YHBSc3%xR{u-rh~`_=n$U1Bq<IcsDc=YCLLfwDfK?97IhyQcs7VA_34b&`Y}~~o
zQgKmQKvW#Ztw{H><z9}E8R9m@^b5(Ax5(fFxSLm*p#G3)*|Pyt0ji1}DtKnjmI3x#
ze!lg#)q!c{784ws)GCM0zE^cSc1RsJ^I$0yh0*djM-h3&mN^2c;3|hzq(-4_GH>J|
z1_uNTjkkpaB|!0KX1H=EGJg&!Pd=d~_UMcn`=zFkx6E1<$V)mMD#fY}4rH9wQ+jb>
zTEfp{w-~U~R!s`&`ML>YV#L(HCcZb!WcQtuZVH%v4k3kl3;o;k4(rQ2N{RIr26Mj$
zF0InKq2;UZgJ<gj@HxhJavk?UG%D#n=;UL;tOvnP_jS$uT$Fp!@}u%!n$LcGzy0GJ
zsV!A6=?S3XnsiY;jTU(0^__*r7mTnPM3bFD6(0~~Srag)nz|^oUh1Q;V;d1z<yyL-
zVMKjTywMsfRxA<1I0P`LSb}hGkvp`e!PIh>uuB4^8MqtT_sBD3TfnrOr`VJNzwrUg
z{5boKUK`eft!v-o7qjeH5nP~2a(PeA>%55U{Zf$*4zF2LcWKiR66$qVn94k{=mLHA
zNp|n(XCyyohue2;$(j9S?#4g?k=rRpj^F~Bz)(B!az^DuCrYBlhY8LoDV|B!$+J=K
zap;BwEEDahQFGyg@Rdrq%G?I<YT^9LwF>x&I5!b`BO`lctN^bnf(rP#8vG8-P^k!y
zZP?<yApR)=Dd>vP7Lv;ke2((JZMQLyCr3bDQSqvakXF%d?;#iMtHHHWS*v-^SkW`(
zf5ugG+l~0B8MZBjXc+#O2GKHXrxH^$@Ky(X_o+@v$>Cx@SJh1u5`=xk`0_FZEJDl&
zUY~XZnH11Sf?5RnKJ&X@5z&owA)f@A6?zooox*;or;g<6%e-2At_}iYC%BixEa<l{
z;79k_7H~{m<mE4B0a|`ZTAh~HcK`83fQ%u7Hd_%7^~o>*C6kYJNzg+!+ycao5XZwd
zja3ZKFyZfl%FL!9{cKHHFQNQneM&OQR~fB$Co(azRKxvJHb?Q0_z5`UTH1xSD-hBZ
zKJ=uxz(^Jdku3~`IYHvnhDOIv7m_M@Ejpq`9@SeD3Xg&ww2JKwgBz*k490{S=Xq_4
zMgFA*GP9#EpGzkK?zv-{SC#XfPm9#kgSRhcMrbQ;yU`<IDid&?RK3698wc?ej_HmK
z8Dppj7q7;eaOX=j*&^XrO0;I-j@UcN9h73v`rfYaU)cN?cK-qNToFulCGZ+ZJXPr$
zxBNiH1szfw;N3sxF{_i@Nlja<BKv!8eIi84&Z$e5p_$GeyoMy;<$)kF?d|iZhUIR1
zF3@|+wSO48{S#3iU5U$Fb&}xN3buK)_NR8%phNr)ivJFYFul#F$3xQ_Z1Xr_O>M1l
zr{q@g3o!JoX-|T|%3?w)^RKc<B&B;7+nditfCZ-N^Gz535vC(NdDi5l?g}yq<0=Q@
zc0ji@j^Ek;jyIEXa%~kj9z#HuqJDQ|TEQjZo<>os%EyPR-;<eEb`9yXNKDLpuq7N&
z{{ir+CT?b=XYEjkZ5fOm^bIGjjCL?LW~v7;fGCe~LkJ3RmouOc0$1(uL8m{{1%mR{
zvM;3M9*UFz3$&$02$Lk_$R)n?LW9(ctavQE`7xMhQBJxv`D2v)g;c{p&OMj>*yy~{
zwr`3W-3C(}Z^0m7<{?bR<d2_A$()>cofO0Wi*+#l5;@Jyj84sG8&E*_tmp>Br^?~j
zZFg0l8F&PR>Wzj0t}o>+N!l-A<Rme_tfaY<^x%qy;c?7|A2x>1tsr5PWEr%dFnk#E
z&-a_W8S|zuIb36N#vwlaEeg^uF50imb<!mKm`0*i=jhSfGb{z(;>trJvu%=UK$FRA
zUg8;MT07zy;Ur8ycFZ)85egJ>03r+Hm`&f<EGwTvUeC6SB`IqK#tkC<mN9w_<SX2w
zHa=#WVIxAW5!<59mu$MlqESq;e(b#1nr0szt(!6<w5&c%P2&u16BwqZJ~rhHPouM7
zRUbH0!{s##oTiB#sV6*L+c{yh?urnlIHj!FL#}ZsRQV%K)sVVe-UU3<oQDbF!l(M;
z2L)6)Tue$3vOF~gr70-=#37r}KDkyd1$;Z*%zmH=)2eiCCspe`oqS4!Qt_D8Pcq5~
zpAn1ot(ZW|pkKE?q}#b>kE(2AO0JQeF4CRieUp<11l%Rfq>*BIqy!zojtr*9NQ3Vf
z&sf46GWT~msmFx)v|)%bp`0e|a2Oe<1mY`tiT*eWoq}`Eo^}~R72JWwmzEpFMoqPP
zV<IQb%;l_W8MLbzLdraMC9A*~yY5%C<B3L+Ik!+p_uEDX&IrTpMEFl!<DbH?*b7d|
z-wH<lCMrk8hkguQsIQlICtDOM9<SmX-QZB-^W8_bhv-_gimEEzck%#Jku!?<aZpq$
zJfI```!~WfzFDxys?q_6)(dF~oEjzY&})WvB#SD3mTy*K%%7#uYEqLKE`$9W7v%Li
zlHZ)ur8;c~J06Ie)p53~#Vyt~zsf6H!{FU>bU3Z?d#C{3dLW!xneNqF0~K4psMM-B
z%Nr@GmH+<!cAbE9-WQXAA?3Nx=gknMwwi_WJnbx`Y!llGD*VYaRvoGqq^#AFw%NQ&
zMqQ#yrKi(XQE}ei;upz2)mW4ym*Mivf{v)|oUx0#r4T#b6)jb&QMn)#dx_iO1)^Lq
zJCT@MM;e{BqIZabO>HbCz&CXb_L6uLpu{@<PVU>%8s{K6X?AGW&?JgkOUl_XO(5V(
z{_UE0BX!KxlD(~|+k~-O&q@fdn$&b&Jr7T>Da|U$CAEyEva#;cHnz>?mJH``tU{O0
z6GLuBGBNBjp^rN!XNY)l=~g4_Mlc<08XWT+1sN$6(XID<980?-_R&qrwuYK$cQW`g
zltc-TZzQ`@;KzMcND$&f`oZNv28@|-{$82LOD{dl<e1KI=Lkt^T!=)B7#TD?N<;+F
zthq=J^6F%lxtrVdy`j>aI_m;sG_MUHy41S3SWnd7AhmT)ea`=}lTPD)_};fo8O=4|
z|1Ia%4FdTt!Z#B7TS>jvVv|iGby5aH=}4^x2yL&7gm06rwWrN>S8%FIMu!k_cr#9a
zL`OINj5+y^zSB?oa{M2v-Z{9Ft@|DhCbn(c$;7txiEZ1qt%;3^ZQHhObAm~Jx%d0r
zx9Y7rwQKb{yQ{kTkM4E$-e(^*O?7ESA#~{&_B$DiTcapS?ubt^*0Ee$i{T?PEtm5(
zoK$B~H{$!&k6=&uL#p#4L`bCZzuE`IQkt0Ii?ph0sJlpGGsXH!k!HB)0TZeg=jj5`
zKk~_!$aE<2P*Z7~0%0om2UK`!B&-Z|tN~<#+7z=)mCmco0^S;+2L3=efFhwwSW6vL
zNHBV2sUR4f^IG~xV?$A05@xf)$~4?Y$(+P#11h7<;zrRDr6-%t4CGW7bH^<NQ^D}~
zr&&iWWVo_4NwdHPP3kIDc&Nt?RRfzk$9#MH33B{RMicMUIGV@Qnqo-H4*H80;SrsV
z;OlW(Li)Hmw1ZIS-0P|`VmoWgz-8p~`F6m17ULzQ5-KO&L|tvv9N!^!Vm+`kzyWmq
zS+m$$o@tGgWI6n=auT@Mp;y9_OM+B0UKk&3eEV|31>2ZKa;Q6OVTrSV3#?N`ZTmth
zIQU4Ki$zXuF$8!cN!_I86CJVsigqSdy2lnJp5M4Hs?y!0XdF;50rHZAZ0UH6n7I58
zUDORODHsueTNBn!RSl5JFXanmG^&U!2?wbBSJ7~N%Oe@g7Sis#BE4Y9lIX)=2kHGN
z@we{@DKR<BmLJOBk}eqYLu8)5#hqln$YElaqtvx+2q!^^kMuFtj&^3}Lx{%oiRvG_
zr2mg)`?eDcFrjy%G^TbK!$Qcz7*)S?{K7*>qZu@rIt)=^Br)|GJ0*nNkUk7W=Wn%N
zAhTnDs-EEvCYb*YeZFb8wQZjh9Jo!Y?9N}fD3X+Pv`exaO%zfnt1T9fXYG0?gI_oi
zVKp|Yv`J9*?i5cvp%Bq6pqmu)=uyEu_O|^%JXy<kCiN998KJI)>==QqBUS0tcJ&Kq
z0vmxtLZJp|C+)3~wdkZLQ3lE~W5{;HM#A)wr$>>0QL@ti$TX(U_#l~YMYK+AGry0M
zI}oasJT4gHSBin@Bj(h7I!_z^6TU>SxbHrBjx#ds_T(+*01aS@g*f3W#2gWJ&Q**)
z2xy<79KN^b1@~m!E*rXw=auth#G;hzqaJ3mA^sN+Gi4KtdCux=!Bh)XpcztiZXHJ6
z%KJI#gr3n4T;B=FNTOBf=hz+o`XC88{YMP3yq=-WC4I{yvwLOg0t(g2pA<=TSfd^F
z6jY>{)^Zu%8mI(`vg{PH-3aLa1M>d^g5_$~66|YPtYBxlbwnDZP<q?E%YVq>UPHBU
z7ec&+>0={=x`{9*P>H@s<-A{VZX|{s5Z+>qabF5<B;<y2qD}U5b|i+GT^P{OWj7O|
zjP})dXfs+#FeZ#^)HPTo1({>L7<JKQmEyA^d9fx?Cx2?N?v>&cb*O(gC=`DBIZp*Z
zGW0WNdL21ITA%{(B<)!%xvFgs=IWwM3MVo684A@v9p_U?Y(_wIk^c%SAvB@Df6UOw
z&j>WmcAvEh^e~5>citDQk#Kb8X)m~wMZSe-P&WntGgy76!|lhE^}!ZxVi{J0Im}!$
zpayG{zPLvdS~qzbuKP8F-JqUBG9vy(1~M?FH=s@qGWai6F98}9`)c#rp;k+1{QkYH
zR`sBMuF<cUptXZ^l>WLaRH`&|@l`Oqm!~Buo*%rMILwt3lPZolNE_pih)$Ne+fOT)
zI^1e9+Lx`0ILf7}wb~c>Kj8Eq@cKV6Hq#vm)<mA_N6!C1jlLL3dNZChfVDG;$A24X
z)E!IUKExzFg3!7DEAt>uKjMz>0jWp*nuFjj>Zto0O78eMOh!MT^r#;XiQ422V%GdT
zRu;AWKOi?W%qI!tTeoTFP$!S<zf*M6^V5`mc#zLPGUA_Xt6Rfcu<Y+`au#icDr96@
z)X0k;w)ylnk}iV83eZiqfd$k+4nKUe6T&`{@})jszt-N@uSF6{_C9{SZ#cQe5*GMQ
zk{T~hWvV%w-n_rfL)6Kx64v^YPuKXBx8s0WprWBBWi@aov|N{;pL<@MTZ*uME@a36
z9cc&%7brcyK?mYnuwqLI>x4!4VER2z5ezXlsWBpo@%3ZlE{x?P3LZ?!96&TdJ>Cmj
zx8i9sI9t~5l#iD|17)&MfUJiloN2OF{s2PI)GfXI;SnQ%qdaq@vXwaKxnli+2V|$~
zwT$L1x^>#Yp}Xncmu*%DNmk;<E@9}2DbG`-isRnUTQKpWj(%Dg*CTACl4n+I5S)6p
zuu*4*HH4xT)wr3myO>0AfIZ9;WblPfv0Qz6+NsQy!5bB<Avxek=z1g5Ru{zB-k|gL
zvk%g;bs9=QWf;Pr*DRQzr<t6!#fvEVV-!E`_XODj{DEQFIL(*&8u&2-$xUwM!B*^?
zs?qO{AhDgRG78cY_`FrH&}!~_5|I0SHrn2C4@7u)f5s^as-{}4VXyb|5Y6wO*uhTv
z+3K7jgaG(ew(?~roCEGduBrP`8_Ec{%_$#)^3lQBlEh@?K2Tk!7hA~G^udC5|9uNy
zmwQ7QLNf>uu5d{{Z@hnXugXqc*t0*l(?$V=%ly=th>R>$`byh)h@B*1GyP?smJT^l
zQcy-h`jCibhEYmz)|zNPW!1`7h^C9qO?1mLOs+X(mLR9B+nJu1tZzHS@sVrJPRsnQ
z*p~u~bcm)EVVO1&Lf1{s38Tx}4iC-!hLV;Lq|RLoOa2|cB8PE?7Bf>VPOl7wc{qgb
zDHxIi&&&<4Gn9v`*`TMN+In!SE+ZHT9xP-xS{Z^(m2jy!2auLj>lqM1H{UGO_0*h0
z*OEPABsx(J0X5xx5cwSPt;T^q7@H&#EB9G<|A@W}DA#AVzEQa8LOkpz@c=j$HE958
zG`iM^m`sJpee2Kb3HK_m2e!4KXi-dV^4jR+;mM}2?0^>(BKo}4j53bYYm#X~x@V^0
z#eAeIxNcC@crNgdD}?qUj#ko-gXu(J6gurbnD0=y%`uA3?Vojsxc#87-W`hWkSaRe
zfMuh17h$;pTqkVXD5Uy`poSj;8ts#QN=}o_1A;G-8yTWU&*Rd+@ylb{h<4m&;HW?i
zue+CGVl(rpGh<Z`SFMGdEP4)XQbitsoNPHGPBCu~F!)RsE)u`n=Onp@77GbF!GevE
z%=3?KLrDiQ7+#A^wjT~;N9rd&1u|T7V>9t{zeoa{x?69|2R|-1DKxC!_qz*`9$Hh+
zp;HKAIheD#H0C<`00g<DNXw>(JN`XTpSJ2K<=2opF{kAwgc!bE1}j009iZ;V`1%c2
zGFPW#4+SO)#}RxR2B@^P2$2&mhHGd=)bN71=*VP2%yUc)9IZrca?(&*YQDZmPnB*G
z*^%~3)}&vDo9biVN5^X=Av%4`&_<8KuvO?}`S*-OZXw_p+eclX2(wK~Gtf<Lj8d0I
z5vZvJcWW)ixd+A-P`}gTI>$!@1H5tclqaC(ex)Y+U&I!CmtW17g>B|><_Yd$7-hz%
znMn^&11r;oanS@Ri)DkhkG5D(T$=~gsky3U#^io%OUdbM4$UbWoVz;Wbxr3J0fKP-
z%*KAtrb*n-1b35;KBmv6iEuU-=vDbBLx7&_p&tbvVLHV+lc68hC~L$MMD)KN8xOb6
za*5}*cg)I9&DIc=?zj+z-9jQ)!aJ`<#Ietj4$#v*8P!eX<NT&}QI|S1tYGT4!{FBX
z>*dzivDD+H=B4rX$WEP$rsC@$uP1Hk%VBnB;{5C9>5b7-TA(kUvw;QqK%GWG_wwNg
z(Et%(URUGeEqAgFR0YKUWB5*HQ)=<W-*K1_SG6ZA{sOvwv}Uyha~KCIJ@bX}R0^e9
zl-ku*n7nfvi7tXf1^0oo(!T1}xsB#TYWn<Q_ejo;(?mrq-Id;?h}&=DUFjGT<T?xL
z){0?o`SM_bBY?BmPWRUHh!Z|(aD*?50*=`G0t{(`6pvD8`Ep@0=9212-d%NUE{ws@
z&%1n)8O;D=lHXbJ?LhhH@^w!bBb}d5mHl2g9s0E0U~<A%S+QDxZKeb@%HXoLtu>B~
zg*uKE1Dn4o+?)Su{gmE)v9kGW+Z|Vd#JUO`#VWnCPR@fZ*r3LF!uDrb-q>68@EKkN
z_GB#fo`VEfSJLl=$zfO3h=CRd8>~A0XRO!-E+h*}3*YPL&yzdJSn-UwKCIjkZccm)
zK5#Sd(}5~Ek$)(Hx7Bi#gkvN7;V{1VbCIG~%&dGr2eGpvDsI$rXYgJ2hV_)am!SdJ
z3hxOR^YMuvQZ4HymIhoAa9*!C7s*067tYH+H{>8dAAOko;r)9--`zT^Z1t_F-qm1F
zzc-nfG7S%&Qms>y4Lj#rINlg#Uinz3sr^!veL*9^JMieh&U}+uv97;Wb1(MJ$O;2Y
z485a3sEn76r9bpjz~?8+C$XG_$m6n7<&v9C!{q*yQR0)G&cfhx&@cM-=Vb8SSCDvR
z<#f_D_q!AF_y?SN{|9{k1!lUlpJ9}G0VB*2j@O&FXr8o5lqb`0dVSwSeeu0HUMf#Y
z(~)qUOs3A&CQV=W0QM)6JImKF%<|o;eWyV)y_Mj+zTl@3eYIisQl@kE5_Q9(+bFmK
zOl4WNtMK^r=%R<))buEBeMFw?s5SifjS5&*{t8mxRKhU}PSsTYJd3cYQ)P|ms6=!$
zOY%aSdRB`6^w54KsS`c=d(<J9fdjyi10$*dxwTE*8&<NzgIAwIS(I1IXJ`MHO{{J1
z#2@R}i5xKW4bVszIyYTL>U;Z%0%No^8ox55wtFMxvNvjr;@bDmR6VhBc4;Rd>0X-_
z2OgZW?=OOu16k<7aO-)fOtzIVF2}GchcUck*?H)sps(syJm+XvISw;~hsKClNrpSX
zruHX|fwnA91^f3C{;49*QN^L1mf8iN%#_2SzmGJW2M-C>RjlhfC|s7~tK(vKlz+^|
zD*wEG!piur_r%5a`>8Sh>-kj4uD)L`uC9YwII`5#r@!m3c%CGk6ZOiiEj@zd`HWbs
z4bk&oAaP2~U8rT#TCT=>WtP!7NSE<ej|54@ug178@oW9Xd9otjAHvD8)#^cb7Q3-g
zLr4&|GhB)*u0ZlY=yozg2CR%`13nv852@7#^?tc))4#x1sL^-i8&p||jGpn6ptE}9
z$jLHCwUIl{7E+C?GYFelsiBGgdNg0E$i_Pz2hKF8mRbg8p<#HhQ#-1n9A>rcN|Sh>
z?mK`be9l7>v|DQn7V*nZwU$FUjw8+kGD|=23Ii!|oj;$(=KZ5qi!N8)o><5w36i+X
z7^UUA^Dh-}U9l@XrLtMp?KBWWxa^u~!~4f5hW98JIq9x2#YA`&etKw%WRqI+h89h0
zl#VDMKMCv|q8toL72s3i7Ldvv>$;_uR!O|j>t~nUE>z3oC;cpaw0G@q_*8lrJ<X!O
zh(x2;+G|CX`5kECP@ozhJj_48$xH5VjwuPi0d-%=w=z~QhVmh!&k2`kIz&Hmc$`7|
z_!^>bDpaC-74<3L1B)KfgH`5d_Th<rWo<*CAYPC}IdiLBTqI6imlPg<Pe*Oit65ck
zS|X_7J=uT|ubf62GMb38oa0RIEW@ly8jFg&<I3(VV=;s{dbw=)Tgsi6up03J!;Qzu
zI>~F5_m!7kIIE~a0Ufcf&=gv5D&@5Q3rXE|4+b;b7Xhw20c#x{3Tth2v&4=U#+GI|
z3M-zH@rv?N!{7W5<0&FouQSO4_&y>#Nc9;doZLNszT$y_ethie*<(#WX_0t_-MZk7
ztGz5Zk&?0ArAse923d3A=Z_cFg25oj!n;vpBXuyvZVaOFTn~{~2SUY+nL&ipL0<}G
zJDIw4f}Y6cqNjd}@m+lWU&@xKBO3~h0^X9^e^5CZvrAU?SJ^!cW||7K->p|~m!{QI
z7qlEM7j@my@<=z@#Fq?ruA&V*c&`WkY;|LG!FrFxx}LTpAh!=Jj@NX-`^>%P$qW2}
z@8ZjJV(q-gh1fn4@3>r{mT<vA#q0v@mSbzd2tSv1lL?x=2f>E#qRFcraQ%Z$F>k(8
z&7lx>qqG&0y&!a5iXi1KkXyPKBV=UTxZSDWiPC`I!khXq-<y^8SG5Z&u=jJybR`BO
z&!BC95Pto~=LLc*DzQanj=4k-C*D`gAXR`=+tn3}!G*!?XwKHc=@1R*@V(Zge)fLM
zd>&8M!D42wG3?}_M~=l4qdBsue77gVWo#GMQny!*6N<a?Kz5K0#Fl2tXzuW~^V(u%
zfp&l*XD0JnS0?_t9=&nO5b&zx1~;(g)yg4jTf+dP#<`qLXLTJHpP@sM6zZS6M8HcR
z+Y0R}!l+UetiVsmJFw@MbCct4{191@p85<7_+3%j>E-}RkAw~31;4wM;aW8A4<mh6
z6bxY7-KiqV#aprAG3$|>qgXs@9cy?x{n~k47TB$=%2S=Y1^PZJoe%II-q7d;R&=X%
zA#(JdTD(W`VqF1p_XQwa58huxYR94Eo4Ygx&=Be)s_A_1?pyE6P@Y38?qWvcs-`b+
zpBizyUeD)MJ-fqnbuI1li3#R@Ejldfy_Y_BQOo8D3hrHhm>MD4ZPGmYAPN$&f3zlr
zyIn<VQGi2(Qh*e=_uc{0eOy)`YZE%^TdSu^`ErcgXq6Aa@)C*P@NH7?k$WFWk)Q>d
z<kCq5T*=G<P$;ZvUAIE=Xfa>qIMLoJL1R;s4!>GO#x^IM{gK)}ui|mZGc%=Ss(CNQ
zGYg8}w{QvvJ0EC~Ky}5BBo$Il#2I#Q);jjfu=7pcP=n`I8>kl{ryil_kr!w!GY2ZA
zsc)h!E;8gM(@};XPHnl^-8dp*6SKsC-tG4mVm>Dgvg(oFDz~I30xdfCK6WZeInDW0
z@UN(Tf~|;3axN&G<>4TwZ%!SSxVStBDtg+Y*5F@FPh_LLN#srKTbLENCG^GxC?E%|
z{g6x;G3IW`f$`dIy<QJ09|yCPkM%d0Bx5#j^;n}7hyC~&irE|M8XZ{U*6IsTDW&7&
zZ%yhdrA+i{KRo?C+&=O{J^o}hR4|Sz58mr#18}&84DYt$CgNo_tS5!d_qC=}<E(pS
zXm&F#^=dzQED=$A`bq40xA|1Nc2Pc})xIhN@IWco=WP!3J%t>W(|bw7TTdW_#~g$1
zcm{Dbv%%B#U(%s#r?IXFHS>VCUxs5V#5!d&noflDuch05)1xHJsb4;7`brj_JnvJU
zM(%Xk)(Lc<yvOF&uZMMv0{cvcEvrV9>>&@4uoV2gP^_UQ5i^W&pdw$6FvdBKaq<nu
zQJ!AZs;MehrsfCEb&L^?Y;%FTwGIbtPmZX~{BO~ls}<8*bm{<rB+i2)Zw)Q+LcmsW
zZhZ!>7h!jjz$_UOVpm7l%Z4vr_iA6O9r&D(2s%x9nhJuBlHVr$EY6eoH6flN#9?{n
z0od`i&dXCOy*hSILWCjxrSo@z2s=^rs)&!nOZm>1Xi$9B0#>BqD_{D<#nf+)A)GbX
zs0{OC1}9tcb;YlMi@@2-*-2CPMiF5ju{RNAY=Y=O#;au&Pnn@BdoAoZ^hq%o(Jo+e
z)+!A2`5WH9X;!-zYl~r=dtgY?<P#dV7zsmd##L_#qW#U!x{Za!;iGy7GAO`WdMB4g
z*E8Uc{Sp>@eLd1db>rk`Fv1i`C~S}(N^z{b1?|j`1D@8FHF$HeokKp{pYtMIp*`Ik
zpW-`0>cXrG{R2V*jG5CAJh8;w^$mGQD2G(6Ir!i@^Raa)VByqBuoO-d@=}Q?=)zRM
zSC-JZS!@(p2Xzc&c{)>l3}#bMC+?5ZQ08h*e<n1XgvdsE771*wqEMtr#yp&aF8&7s
zKZl@-6An8$^Z)(_9{vOG|AJ^v!FPhzyCLYKxx-11J(@{%;(w%MH%JWG{J+HF|A@f<
zh|T{zV*lrH_@Bpr#N|IkCdOh-t5L*1;`2`=cdEoclJ#HWHyQ)2l^1*+pQF2pk4ax{
zC?i1t4PW>8Pj&-75H)Y_BM0k#l^#9%jyP*s!RGI9nH@#V5O5Y5p~I{}ri-8<OKvt4
za%S4|^!HhRR!U}pgU3V3EP{p))V=A1b)4Ql<Pz4g9XZX6OZmRU6{WL757pGPqEERC
zDFx*)K5`n3b;j5#Du)jTjAI_(8O?M^G_=Q$pV~?X%sD2MQ&TW1;<F!NMs-P-{NmB@
z6=-VG$?z43YEfeiJ~Vx8`VOCU5m#p$CxJt+;uOuLlQ}TxCj_~xIVJ8=E$W8lRoVMg
za{lKK+a0nayf532ufX&a+FCs67Ft@4OO`gjRT5Pi;9m_mPmL<&Ql%0tmudNFA$)dI
zCa)~^OY10IF?$}gE9lVrxZb3SiT^NdmI*Hho(Bz$1v#1M*OA@4YS)$>4DR4XaZTG=
z%rAJ9XYeZiCb7GU7#D;ENS)m)n`JG5MFjmSr<d@CbmgKf(ZV2whdx{W=7`%}1o!iz
z8`=pS;wiMh>3imJ&f{{qsFS9_GI)rpCCj@``lJ)WlV)@Y+$>;)Z<)IT;Q0xf_bq&T
zn%wQd1-_-QpV!?itbciJ*-ZHWC!xCdt9Gtx*t$&PgPSG1F86OZbb|g)9_y<jcJ)O?
zZ#<8yB4S#(I#(qImGe<83UzKy*L8%PemZ!6laoSu>y_c0BMZKC;YEJoqcoJnGPzgh
zu%x|#mA^lUBKXitz5ggZQ;^O<G1GDwWU7{SNY5r218`#(IoF`93_!r<sD9yi^AzTH
zpDj`ps%1Y4jj_I3XL8Aj)gVj?=h|qEjGelq0>tq+?$GgO8k#DkhHGOv+l~y?2i%V%
z;6B@lRR<EvlXy5`U@tIBKNBfZ%I^yy!ZMhe<LIBrHwuL5?v^Q{#&Z)TT<*ii2?xV!
z7JQY6eOPT@|6KemB~_|w6_rKWpRYH^^c0kP9fHNXB@>P5X=fIG;|%O!BiR@^DMKKD
zuEttpcU<Ip%gjO(^@0wA$>sZ{{5DZy7ao_vbgIR{?lKJJO%01}i~LtZ%?P34o;50k
zEKhYnLKDk;sW!R4WK9={#@oW|?_B_5l|lINp<!{ixzFtPfgz|>?1o2Kh`hmyZp@L3
zVw)`j12DEgl?5e=n@T@%67ZRf4tq2JPoWn!!;UuFnZ7M2+hH?*9AdlLV+R%SMoN>?
zU)hS6q5ck8QYpn`{!x5A!9B=cQYy;mJrO_3b&B>sRvL5<6Wgo^M12icoaTxz>1<Vo
z(C5JADz-%($z>PKloQozzN5YQvpO^7Do!f<G#1r@ML<pyL6##8Kwe?JSElnVjgtXH
z?VJfGxBVdt_5=Q~oQ{S{P~v5_;PA10+Z1G=AXPH*a0LI8%}1(X<e^08E1pWRMC_#E
z;pi<aW5K7Gn}LMKq9TXi!iB@oVH;eLGN6Oxz~_5eV;lSqtNnCG66ivrJ=JzjBd5+n
zy_BWb4dTsKI8SBhgJW_z0{yNUY>7wWkCv}FqQ5H!<u~lm7n69pO4KjlFGRj7-89$F
zB~|nw)D+7!_zep4-<XJ_C{iUT7{Ql-J6WA3cgJDm2&lOUdb)I-E7EWPP&Rym!F9UM
z?>~5+p!TDl3N|Qqe_KXg_<HA*7wum|<WC(N6?D6oJGc9Q<g9y}uVBch$hFA#Drd$i
zyzl>>KYNC9w|uZL(Bo0%+B%<7*24mNBAypNNR0zrl<A6ajop8N-@Ww#zG(UyQ=`68
z^ff1%zN8p=ea`+G8F<b@ZJ33e36|RDqLn~oFZuv};XA9`*D?Mj9Fqtubn!2dIUx=K
zK{f=YL@Om;n&IN2k+Dh-SK+@ntz_gK{pS*)K6V;<A*iyjq5qNaKN`J+fRyRJXn77Q
z(6|b7$7`4KAw7p@=*Byh#ZtW8bEvF>c!okEz7p?@55mkRkacW5;o8Z5nL;A<KPvhE
zqq4p!%NY$l3(2O!1&G6R`S>hnO|EQGev5|2zxq^Cszh27w8iD|RVD>Ws-w%yYQL$C
zt<tMi(CV8e)z>Tir#btIQ76Y|9MT=lspXu07bo&^d^=n!Nt1cme)}I4r%F9<e&4=7
zah76T#l&5s0!1h0p`U(xGnV!~Louz%F}_4&3_x<>6U-6WqI65FT^A$vt}W9PZB4zo
z41w*A^y%V?{Yc;QtVW0Q`g`d4h|4C*OR1&?Q>1e4O$}3opZt#M{RDN-dLh;(-=~&K
zDBWP2T*0m9bHu$ABSZ0AN49W0@U~jKuQ@T85@}y$vMnXry3A~2QW(tj9Kl_YhX{IX
zE|~uoUd}SmlsfU{f~sm3YDI_fWkptQYWwrShe4g2pwbY9#mImi$8Td!nm>=og$_H;
z$o)J|N0#o<iD(DPr;8-%wD3yrC&s-GK70lFk2i~-m5D#iIk#nog(!t0oW4V*SbGa2
zM6uDg!05i~KfOT-BN*~%7ovD6Qu)P$<!@$kXeQ#$2D3Pk(n(UIk5)d&{6uuiKs}k0
zd0eK>n71De)KX(D63a9hItyn?9*n!6h8JV3Z+inFoTT6uyGU3X>5znooie+hXj`k)
z8B7HVdK(LC&42-x3$D1<AwQ0B>e8-)fd<ZqR^`Bo*I;sYZ|HP7J^I|!VpGW31$1B2
zL=ov58k&@wlMu)%`*K(iGDTo=(RUL{j@~2Nt&amJ@qk^;Cu8K8D&uBH2k0WzCzy`S
z*=(&3<t)A|LVqWP3m49mdXg|rv~U!$=MmAny|Fi$`)X|}So6P8LidBn(#V=)M**j<
znkt8|Gff_Z{uwgr^^KcK5EkY7>uan~yXCdOADk=&Vc=x8V8vCZlUYb=XTja$>bbYG
z=wPdJGo>>i(-F{;=s+v#7o;{u(+#6MkT1G=y9?jUlzJc3ehN01J6GiNBviFRV+ZS_
zj{(Jt>6S64VAaV)O>YR!@#8ZoaJ1c77D7;Eqvvuq7N8S|EIRq!vFVSQ#nQyKnk_C1
zh%3q=a?Oci6@U06XVb2keE$#7?+~|;8PrLqfi?o2**?eUV3^nKu0{AQs4W+84HYzx
z!u<a~iviJ-_)iui#z0)c>Jo-)f*`$bDWxtD#u_NNFvcDezJHZ?w<A<4>M@TuFt;u>
z0UO&u<P@HF$Enk7gE<=*h>S>#MH-e-%2r@KA`LiF8Z&sv4twwi<FPQaJK;YW4ar4e
zY{nL>yBgT141HY@#<Ca!*0*a9BpHx}FL>9?D8TT#F%_TMThOe(+X494;-k+W{SF{b
zd_r;9JjSuIt;{GSoq}P7^J)bU;ANsn`XZdw>Hc|qB5(p8316i*>u5z=#VH+yDe3U{
z0Ep*)R(boHI(t7AV_p2!ko-nKrCs_m%oZPL#c6$bQ!8taEr{K?2!R{(hSnq`mX2Fp
z3fhyZ`h=S+CKd*Nbv2|<OBq1|B%DCg+Ss;LOB=HVvSI9(;Lcu11{$^EA1_B6kaFYO
za8Ktl0E*WH8t7Fr=Ijdw=m>mO7G_~%lvO~sOwNIAYna!HZNZ)_E>|gh{;o;<-MBqj
z7N$t{;GusmldbzoI`0O(B9&L?Hi6&UcNS5Hs-onTmH4uQDf@DL&hO^YwWKb49f<XB
zZE`5j$~x`-{C>$=0B}ywE9YZ124;NyU}cB%$f&IEB!)cI9tDW)y5;;c?~J4;Xdb>7
zdpPWdzHToWWGr5<lFIUHeTVZ&g{}y~U*OTa;PCZIfSfq6u=14Rsejaij3EV_wU|8t
z1q*~}Fn4nsfqx6%59Fddrdb6(aBNHRSqT!@UQb(EG#qXi{T+&`vEYn3+B}1t$Dx*e
zHvqHx%_U`!(_3I_qoJendau+Q{-PAEC&~dDRZP0o7dL2UL0;NkE?a)7!RgVw15cC(
zZ&y#H;OKHyQve4HZDf9N4)+~w=Wq6Tzye|)+!{%-!+-(KZ1~RXkMEu$BevzVm?`bW
z`o;_{;v?LXixS&_lwu!PF5j*#@ifn*MLHXSpf;Q09joo{h>I4e|4_*w9(tn!3yaW6
z8TDJD_R3;DrioF*KD_Br)A+$eF|0o^4iK3iQ1TP7f-z{GF@(U_H$?zsG5|!m_Aey?
zE|37{Uq1mf7`&oDNmY*0_h??GDXi!WR#c3W&aUn)Em>UF3i)Ul%0ODA80WG)4Cn*(
z0^Wb(9ce~ib69|gI)gMO>0co}Q&hqE_zvBF#~tiFpmA7!4Qy-p8GlT;i$UZlvhwG3
zV<{lTvy@PX8H3pn<T)0iVSB#yB_zbR#;lpQTk9u_puW8m<72`90X1hS&h+>$LgN?v
z;G!60$o$?(!I&L4GGNVB5P(T9AT7O(9^@ir+%BD<#4N-$Qn(Vvgwsyw)3IoxxtR0#
z$pQP*bbJ;5OGB)mShPX7QF&Ikes61g;VNF=3IQ~z>>TLVE;B1GR|tIWX)yRNq~79A
zgT~eI4g(x)`Xp>O*MVN&FVfZQf~S6~Nb(E}V$=_kF^bbU%WjLHKz}}N2me7#tlOb<
zgoxx3##y(_>;Vg^9qaFCpJglthi)&R+4_YOc+=}gql>F1%8DM!I&%1o+N~wXDEmep
zUd>}njVvP^Q<`xO3JcwBalUiTK?iMTR7)}6FmQ~dffh;iy0#}=1-thncb*2Fk2L&_
z0i5lCnqQusbaFaBE5k6Gr5h%#t+iWp#_yBu@c7k4%c0k!2-(AFHt1acScBAcBU1wG
z3TyD=u{~}k$O>Q0VE)SzRbzs^)M1fjaUO%@K=}Y*e%my5V^<539eSI}jbgZTo%PZ6
z;+SZi_4tkA7`X2VtAFQ(4b#|}U8z=c*lU0N&3wjNa54Ds^htlAl~IModRQ|3O?xv8
zECU<I5aJO>H^3A732aua7JQI=!?I!U5gG+94KL86JAw5@LB3bqITTps2YfgHE(mY^
zb${u=4;^hqz`#uiw==2Fa|wq=oUDQGD;rD_fHfROpcq5UVk1GQ(8&GpVhGj{N>EqE
zySsoc+|s=UDVSq43$p5Bsnz9Yh%o4xe~=C;>=H+X94G8}#eWaBN2e@sWzXJ&;=7i@
zA!;S?qd(>N$bA!`tToE25`yEmL6R=!)gt+%inc+-buVQ&=hCzW+xVb6d?@F0Cp-z+
z2%*^fSu^5x6$LbL^0eECCmI#hoPK~uhQ_8+qb+cw3jCiJAQ2w-f&<>u+_ToD_)TTf
zmyATOjKduIww2V)iRxRbcIq~YGc`NOYst4IvcJt_fBqe{&ZIXkq~G?hYx|m)jwt)7
zTe)fHhQSZ!A0cO5SOGFnZKNgx*0<&-B|~dEtasV-f=~64-=F2Z!KzaSQ{qwM5=Jkc
zA*(KfARGvq{B;?s$9b;n`^wHF=U8^}aen$$FV{_O4_7O%rJu?TtgT9pr7WRvMoV9V
zhT+U;8z*z3B#`#m3l6_1`!{tU8u6h{S!%K2=83j!>T5|zXJ#*m=6AhCCo!xNr~2xI
z$R&UaoCTbif?b*H(}ncLB}%qdB--W3ipQ#r*g!xHn2z`%C+gJ4iNgXP-EWCgtEA)w
z(*@INWzqGL$MU1!MALD{7wy>D{F(hSf#0;ui1nD;lp;TmoYIb+cB&a_ZS4D)7IEx;
zVK+P#Z0|Cl55?#_)CjH_DQE@~CsX)^boJ!8u8Q>bpZeH8%wkX^t`U#1s~o~>OcNVi
zPz!iDaJuRlnciLzfi33<D!^+R=b=p6oFgj01W7ahkpoxzK7|q-{2GX<)%&mDI_6mS
zNTYn~Z13B5+DPYJ*n7{)@rtu8<L<B>7Q|^T$qtwKP1w*cp%oX|2sV6<g~V0GLSi>+
z_`TkNOI!aivFlaz8F?(HVfLL&NUFr?AgWWGm_Z^D756o<NT<nf9qdJgROPCc;>Hy|
zG-Xg+=h$><4y^`$X?@73T)4?qu<cyIW*JTuUHUw8nMSC?jrR9Ukfas)YgwvtvtzW?
z$h4GrWwXL`1ov{}nB&v-LHm38R7yKc5my3|63(BJjgBEaDXWRu-M+Mz>cuCsJ(#{r
z@&hE>%P<D5tnq7h8^9C^b%`C1q7{1ZGcJo#C*eNPi>wEWE3etl@tZvyOpR6#4qdLF
z!aR&$#ryfAwHeE0xK+o@f>9Vq8(F`Kj~KLXxGgstL{+aKM)7y_JP=lROk;<VP}$(~
z!uXn?i=wWV*Rha#e9Nm<9-r&`da^bKvbEl601BR!0`+d>X~T&TWKt-!aA=HJ*b^{w
zY?+Srs%YtJqzq$7@+0&WX+y(FcHu@VhQS)VA%PA240F+?Nz&v#C>)Kq+h52>{q<0)
z!yi;yW*6)HjBT&0#IZ+H991Sb^X=xEwwhQplyza@n_Ry;T*Cpp8-_xEwu_m}rMk_^
zN~{a<rrFsB%Ts#KVf$A25A&S)pa7h|8>J_gSEiedN>9_7qf_=5<$yZSsr$Rq4;6NZ
z6o=U^Mt|!aD|?Lbw6qf2K0^2*=M+4Mt}D?ld|ojx<XO%rnD8g6>as@cqIQ%g3N^$5
z&r0nhn#I`v_5O-Ps@{s!UV>b)t1CAQZkh?Tzi1$;OhY7Gq0#d-^;48*$o5Jnqa^{+
zOVMtKno;n;%l*-$Y&Jq6c!j!oCs`XezER=m+ZQs~clnwgio|m1p@;>*0RXDfFz!;`
zO2wkEo+5m<(~LFRY6X~lIdOj>GCap(b=H4em6!Mq!E|yuClnc5L&sfn>|@2uCVH;3
zLH=&6fHFzba-zy6_B{7AIXc?ZUVz;0=J-o9lMVE&NQt82fi6ea<cKAaQerj}2h$XB
z6}z?!y@}IEZ68{^JZ*4lX-1G7pn`R;SE0MN<uSv*r6Do0vRHckt9{w9&=N&u^fHl}
zLbB|s$*W~?)$tB?#Qs4{v1^n)e|Ywt=5Z5mL4amP;1I&CjwrhCee9XFgK?4D>>M2$
zJ2^AIvqB7{j*Jy~GSX%!+c438ki~|ARYZ0d+>Asq0D1RlrQorstQ6{_e+HJb8_&63
zkvBct;X{!Q;6%HS&a<S>K)jxk?*<0Psn(HVkE=Ru<8Z~V0@|lkU^i`ab|QknyvA6_
z0$Y@wMcfos@sHI4aB_-1Yr4JG^GQ=HC$dxVbJbj351OhPH!BrT|DG+AqGm0>8ut-Z
zH9}uWoIzd&1Q2?b;0uasb!GhZm%DtS;CebPu(V7CRGqu6(yC!%RvEG{k{$uGC;smF
z-bSVxKph=Q`<s-OiVD2km3l{_<WwyHBh;<=J!6|jLuZjC>IezbEP^aa&;!K63B&~t
zZg`%tB708_+cX;?O5=UNu-R*Wq)i{tQ|7JlYiU}M8m{4uEF&dkO&7~#1D@b41R;l}
z5{kA)t+32RS$(69Bq(h6*GH?f7zy~b?nZ^{Ps!4Hn^}m2ZH4vflSHboUm_EQp|M+L
z%Y2uB>)<BGwE|09%*}XDblu;;vaT(XES(Ee_%nI;M#$7DGgZNAA&U4!c`m*w#lPx5
z^QP&=BSx2IF3g99-1Zr@r{_PKMVca^b!y=_?VKk|j(*MOOtf2H6FaL;9md=`1!XdF
zyBmof`aB`3WMv@5F@$OUlJ~MHt0rGAu|#;3omE!=Ac~_q8;Sd=R6wMnCP8#P1PaTq
zrEF_PHYDD0Yn!p*EL~904Zqd^v#iB(1IrQj@(W2+@@&E*Y_Q|3C6#Byj8~)_)0{qS
zf#Lw<Eyvm{DM-Q-*<YsHIO>H<S?8^#hHxca(KzO;E0JO=(W;KjoY^U2v8wK^z;*g<
zCzu`P)0zFMOvatpz{9w}$GV42Iob6dO1h02(uUVvpH14asaWd?TzXb_&8-zW+@Drf
zX-7(2y;^(zaeS}T$IBg#>3k50T4+@a9%e4lD)oS&bWsjI_N$)j95Vm(M-e&{_CvZC
z5VD+atSm{KqOmMrQiDrH%~MIm0QKjWb3U9qcrFhewA^WcgIo_~YOOv)mPC_SW;j&<
zPHcL(DHo`B1*rc+D3*edUZk0+0w+F6@B9WD+p4;$ysq?pudQ@%xU-e(qd$$v2J4Ey
zvR(ad9Kg=NmsLi0pS^_sIz0(lOTUW&kdId5^=+@Iei=?OsvU8f8)!WdT5LQ1z3-8H
zdUD_auUQVu(~<jQ#%Wg7WY+`!{9K=hjWLCP;s-B;bUiH3McQvYqyt}QxXAEj`gIMY
z6JK;5ez=1iVa$?f;J>u)IYDk(&<DQQB5oX!_0`^5jtm`aEo+OUFQjYovO13P^Em*Y
zz}(<dJi@J`2Pc8tv@zuoCEx+QjfP00(bcsGwVZ?6KZBC14Wv@42{8%c6tC-XsdN^z
zi=>m4lE2!>G&n3xb{3L{U28MXQDQ(crw@u7Cm6G2ZC+l-e0?L{a!xSW_2i^+pWC4o
zLooB9V=iHr7fqjaSvrn{txTcvElQyd=@^#f3>KiX`vG#-B_&M=dre{qAb_@9nsJn-
zPJyfk%Z-j=#H$U9B)7K~tkzcdcB_`9G}aVAVf+%i>f`r%gkwJ>d8q!DjB@bMrj9Gx
zMP^A(086BVn|vnVMeGvF;dclMo%(G)kJ00!f9SK_xaC1M8?n@h_~u<qJioy?W|z~j
z?9uH{T@ms;nUkPQ=yO#w#CebDf=&_pApQ^dMc1rWA;!*CB7LArUgWY<igY<~!HRJU
zXVf3DJU+2O%BJhuxt{BlyGP1CA>lc`_I%2w1j&{xI?uq})5<0c-m%QG#?UOvwH*bT
zk59FGu_0G=vh7BDs-Q48=4GZOhq>YziHSiA{E-N%P?jS()+vOFLFuY+y39Qmycr8h
z4Rckgq|nRr^>^2)%ik+|$?l~FgMrkX7`GPEC4iQVq*tP4MU@<T#>%;|aBNlVkGR;P
z9b5L`wR5Sr)9+#WK8v%)=S&urNiW&9l0sYMEIJ=Xd?uXon15VNwAcgkSyyy+$3&y|
zD`$5x!f13JB`*c3m|v<vLe4)1AFKpN4yYehEL;TuFgEF=*Em_s)L1K%UgmQdTQ8;8
zcwfv!ekIqioM#(rLDngjc2235yp2C)=t^1Q@RSa;lMbvgUX!+y)VKX->?WNm>7+dp
z&DFGvq@CM9;oC?O;C<itx7_VpPm?yzFci7^mUb--^z(z4jIjTSb2L0WyZS23qk1S`
zDK+WHKZ><>G7e=8xJo(u8CNYjv{%v=RzSU;{pwX0C_fOlpB3KxbK9_M9)n(K#sP09
zy7RZq)8}5K9F97JGmn!%+m@G+B@aAQj>#OMSkzf#6xmY$TKMCr``RVPM89#OwSYsI
zapK-?e9eusk0E#RPiHwip{+GmU|k9Kf$t!Q?7+;DQ-P8zKZ{{xstYD6FHI#{M4lRH
zpss~kNINmodHEo)BAFB*g;GT|ElVv=I(9amvcr@lN?duLkd5q?jSOB%dH<3<Gw}mW
z5?eyq@R5}aTvFLEo>fajlZ_0zhYD+=B-mFrLU}Ve+C!Q7Sa$3e2U)D6a=~a*D5*(F
zLWq1)bQn1kDI3%kTf|<eBrLhCkg}{0zpN0=_ozxLPFYU*0Yl1aE}8Y7N(`k<nMfEJ
zEdSllx4T#>5H+!}B$XPfw=A(Ygc@pG0@pv4{H(Cp8nOE`d}4=NM|za?nTX+lvm~hi
z8Bxo^Sd;3R=}zDUwM=+>4~w5TA9l$CGtFld)rmF-b}{X2>6#Ln@+bvY=ynPB6oqA3
zWIH24UX__0*iB(Py4lK(P8;RXR2x52*$-x!uB5@!@5zoXRn9EhMi)z%q*Emr*4qa$
zeU6s3+Q+wGk-dMI?dNj&RTZ98H%hGldll)erjQZLqA-><)w%?YGig|(XsQu3t2SV3
z6{=6keuJ_7XjZPP4)5f<oB@lqUar{Kll)Pg5Jx_SlZ-FH=J;I~F#<_(V~k{Vbe-Fz
z1gx569lm%}y5N%Q#}cgG$+mX1c^m;c4YvGCQDW6*b#<%G(PlNYEyUaDkFKy@7=!Te
z0}o%j4g5#gNvi>R0Th|E&GhQJ?6YY0&>-_h$h!{(iv;{eIa<5(2H#!>EY=ka&1KHE
z^!-EAz$81!2f(ZbR-#~>KLxXj1c*)%xwkmt2}!<}iZxa_wKIoPu9+!gi4n*&78_{5
z`<=rwBxJ0m!toz;bnO>b_Yxzb3_v-lL;oQ?8S0Rk+jFoOdznk>dv<F58LhkSStVJw
zS3&;CBvXwxYq)5M`6#3UAyiLY<>9EMStV!#Ih8AIag)Zcv<Pvf<Wz={y$y1r<3G6?
zm<bq`__DoF#rDA(2+I1m7~`$^Qp+~ePy|HC;Y8HN&gJT2aG|dea<jLApMLeW8i9WN
zRz4A0YhA321zR8s4QuhwBh=|Pa}<2)qV4TgcALPj8*1JBwC*1XrmuY0?S%B6xWN~)
zRq@x9$$<D>g6u&o`%oeSgy~S8QhlJm3;r-ZMpTb43MXN`t%?yCBL0Q9CsNXO2Wa2P
z@N4UKhMsWod1DVr+G-j)TlZ3S-`Ue)*urkCVAfbo91BxxxT;4ZVZWiBMCC-4CRP}m
zB|k6ob$IZIuvLhh?oL<Rdp?rCJ7HS57sHkk$<wO-CYWH&l`KX%tSYIXIYS+)0s>TN
z2Il-75kTBKt}Y#7*Gn+Cp^A0N8qc=d3Z)IiVb!?nf^AX2SFo(GiRfb>wJSpY)&gl=
z9D?2DS9-4I;*yT7m#5Z@y6NRA;p?6SGp>+3yFuL1D?1CLgZ40>fHBZz#_F(CmOC8d
zeH3AG?3_?!c5BOGfvq7I+7C?C(HM*m*{Kz_-=smC_*Xz)XHmkc55m*^vn(!(!2un}
z1cVs0WRav<sXn~*?wbzGPFc9ZW+BF!Y%VubYS0-Lr&xs67`U8Rs!aiQ?Yw-}TE)M4
zQWGGAzh7r~g(UiJGVCk9g2jhA=^$*4Xx#=qY(g!iTIsTzL>xaC5Q-{THO4xtD}?%$
zc7W`$dE6}(HDCL!2&^rX3_<3i6pTPD7<AH5r=jlt;VsPw?0}VfG>+FeO0b({%Sm7Y
zLebllG*ThdKvGDmKhPX1Fx7g^d|&Ip8fOOY&E45sq{U>oL+#&TktF>&xb#9S;OG!`
z*b`PzfI_XrxF}W{hVr5)A)7wz!02HV>`_arU67iGNxd3vDSvxVng;9hwg9^DPO@qP
z{VHFrDFG~9?GC;#*WZmcK`wL2{Tw$?(^thrN_KVT`Q%6*?ZqEvl}dDZAv6Wf%LHWQ
zy)+pF3Olf6;ofz)>4_{qT8?5b{Y&N%S6ct(mLi?Q&iOIv7~7hISOt|`SOnwsOZ!SO
z(c90{N?i(0?sX-jjdwZ$RI)9Cef8x9wWrRCL&j9pla_Wn**O47MZGE&1v8OM**QQ9
zS$qfsDsuq=8etCn#Uy~*s7Uci&c5)YM-8TuudILOX@;GhL1diXDlr%Cpctpl8VqG9
zD0*2-XX+Va;t2Pi-Ax=_Yv2(E6*X>@R_T_A+SKB}#*>e*W*{)1_dhbb_!-n=sAfV{
zVB7%&>p%EDZ5uuJ^p0|xJPkY#vu)Uf`5N4IKb?L)HLb2WSrX%VEX@3#<NfQKm!vG9
z>wf?nv^%ksOU&)ZzG?>M`gv)%MVHWNG}){<=?hzJ)1EWhR1D_Bh%<!DmxuC>hrk5=
z;D~tnG!(bgj#1r;F}|kA)#^c&XC#miI~Gj$2lY>-*LQ+PtyyNr=`R-MZjVKcJASG`
zbWUi|4D+zH{2VDxV>8a)rok&b4|mZ`0%oHS)=AqAG>Ny@iMK^`v5$XPIOrcY{Wm_k
z#g4c3H*8$gk;YS0X^m`Q=Gf_(5$BOdpB?Qi?{kbt14ll)x`f`vEQ<huqj+r|N$OWu
z@4o8}c>Co&cd9V{QyW33`}S__0BjP=$95MLoa>fTVTtAH(A$JDhs)A{zQXF0Jp3U4
zh=}G2teIX>Q++%*;dg7?x8b|V(O<av{IR=D9Kud!-i`30L$D=WaiWViQQ=45y|S1m
zWVVov!O11`p`Ho}s~v13ljN3V@it<EBxo`z`Lpj2cb8#S**nl{;fS5uG^ho)jZQ-W
z$nXPrH*liliq&)LG!vhM$`GHa##j2+-V79Od?1r!!3hQS#er}o*1&!y3oBah+va1o
zH{J^;7VVRN)-X3m1o%Czs&z(g2WV#W>=8(y%Q%M$*QXqI8g;3h$DRN9d2AK+T=_eK
zt85feWaz_>7jv7wyScM#`Pr;%`8;=x>vn;x5J*6-x3>O7q)NjyxIldU>?D&auZRCM
zLHrf9zB^0)(L-mx`MV0U9T-j>9=nUfCza~g1_TCPYp0(yhC?itF7q*Pnebyy%;&^B
z-DTvRUzVse`0Bn;#Z{}IISeR#Ty=xMQ8fHH`YdU0<-;uwtb(I$X>P`K;6tOxA-N-d
z%u9GX5$uS+SfnRZ(hwd(7dLk_`=!7vve(iaiv(_TVi=lKH%;@-8G6_Xa%n|bQAe=8
zmZvH7B7JR%fhGfHMqa{Gf4@+OusQaQRy*nu0%1%Fc+Z)q5w)$1Z0;XZeYt_0E^w<(
zf+ac8=BqxkU3aqzx~*26Ju%<`ckIo0zH3)z`=kJ=@{)UoBIbEaqU*s&q}aLw>)Yt0
zES#GOVVY|SdWn+V%#B>5N)?~oO!U84^L2N&oDEEfh634R*%0i1dD6z?q=`#UNMi(r
zVuIL*y@_($27#SlABRk?;ZRxwMB`hhmlz>1@*-dCF7KAG34vW?@p(6x(7K*3-AQUw
zK$>?9v>KWJI#6tr_K^~qCmuVJYV5mB&wu4qVU_Q@qx)lvnHp<Jhqn|pr7nptnOvb5
z+_3$EWw%)lwRweSmv-Q+g=tY^i5R)x@UZyJO%5VG@QET|2{*?!+vZURcia5K-qy1r
zYv0O3?rw^`t!$ThFvtyyhXvR|+?wtrNkYW@KvOcD7uLc44*@X?$y=myAzj(sF5Q`;
zmnNg^w)ZdDG`Nt7tpJIzuuh%71hHhAYVd49LhH9E3WXEAg}s@>rrMS#<0$vC^u?h=
zlqtwQ&|D~SNxAfq;(MNCl54;aVY%j>K(Fl=hZm-!rD#MuO~Ky0gnDsM$5iooGyPa!
zuRkUOv+`UTsw=`9=1%RnJ=>Taz_7!9;(AW<rqwU8^RuNL`1)kDMI2t!X5R?STNb8A
zWO|5lnPsKmq;)AgGJT2e^8&Qo>{I41P2HPX4QyYGiUWwWKu2(cB%BkaIJSY$gK)ln
zY?e9$oV+;1c(fSu!AmPuLpK!Tv?`|KxbNDmmWWa%*;(qzkdtkVjG|2sQhflH9_VWw
z*9&$=tJxEhkEFk?B2_yZrP3hgzmSg5AB}a8wQc(DrGC{9V;@!-8D6v3;F3L|<xE{h
zq@0f`X!4Lj+BM*Pcs0)XfEmp2k;nK5DCmA+tl-1nbpOfua2~Y@Dj)FI(A$i4dFZ{{
z)?atNLNxus%DRm#9?#xCk9I;6?o~8rP8lNuyh#f$O)t}9-l5KFhilebH&ksi=~-$n
z&+^j4+Dj;oyBQB3upSM{#YF7(OsVgP2aZUI6ghICKcv7wmE(I!qK6X2(s}4XI0?Bg
zE(lV(Ig~IsYU%(K<zbWZG@fY)vdIiw>vAyJkKut02$*?bZmrLyu1U)`*|@ZRnlzL@
z>{7y5l&#IT9n>`&1jV(fQ!h6co`cbQ*{Ivam$Ld^Q|=DyLJUlt=z&bq4CyB-+7PCh
zdgC<~uS+8)Usvqye{_Rfz>~wP7jq6<ukordi|{msLPhQe1&xcUsP)ayaFQ%-8Wl~$
zi9ez2uCC*au)R(QCPS(s^5a9A`Uwhc_|Q=+EgiEp>D%7og6eb(O~RxW`fw~U;rhKZ
zn<sR$%Da{hubZ$hQ#I7trpHjl=x7bR9enPO3*$sUBnaqENHOlwh<%y(Y$73>iuylB
zB|#f!yBay9OC+A<HBD?x-OL|b07s_O`!UP3fapKa42DLiK6df241$PW<0+J!q07EK
zyRkmi{kkyfeR*}Ay?=iniVnW$5&v7v6_BJ1LHE6<8A6K&_8i^L<`s}u2t@8{X7RuR
zQ9eL0$bnS^Tk)#bu?&Cg?GcZw6XbcMb*T0MrsjGsZfJrpCgNwZ;$hVNR6*C(blt^?
zcVIYl|Nj6<K(@bIrSZDFxvkr+pUdd6fg{$(`K}#;0nN86NlELQ3&%6ZDUBs<`c7%%
zcml^HpnV*Kd9Sx0=-V)$%nP697F=rLSsp9i?TRii8i6;&!~<r^>)wEQ#V($xLt*v?
zMqB*i_9x2iRFg*DkmUC8u---Nk4PJ709#x1d&E#@Q!0&P+)1uoRG1`eekm=C5Jl8Q
z_qlIIFYyxUb~3EX>R`M{Qm3I>(~ZE**6X8>E;Slay*nOu5q&aZbd0g6<qW!4|LMNj
z?zqR}ynQU0-2qL)b{RhUyl8k)0v!U1QXwc!l|AHvar*vZ&O%&@AoFE4MB`gypN8Al
zv#EdSIHGLmlA%UV121=?6;c&hZcP(TY4C!+EL78HwaDYnV;!NB>GXK+!FGUoq96wt
zhExu8yIw$JPDnLSXQw=df;f*#?YHC$@XH);jGk=b+U{UB;&ua<NK16487;Tgt!vKh
zXIyI9&~w`IZ@u=tH{8o}Z@Q5khUTC4^9$dlU916Zy@5OLZHMm_<sK&clQ(n6KLJ5I
z&PV3>ue39aGzRL%d<$2G3}94Qo;%-wcDBW}-N3JRX7EfIGU4Oo2INm}H)Lc#Lo?VL
z?$%KLU<r5h4_smV=COSzgQ!i|Rt}|uXG@T08ZrB?YjbA+e3;d`pmd+Gs*rnJ9|%k<
z0{hVv@kMr!l}4ThQOEW|f@V1U24s401^<JsLi=ho1zX}90}EuRnX#A|WQ2pw7I;^<
zycI*{Ef1Nub!6VkK;~^LGH+|xaKKv@&SxNK>&+fh*Ra0%W)N|0G6<ok0mgm-jTs0W
zc1l&>8WNBpPqzaTJ{v@8W5VUb5=9c3&xvNBm(s_$$v`-4jI;DO2w^)6OhLDiY>?sW
zH(Ur?>j3Wc--fue0y<F0uJkO4&5F`<6Pv9wn1$Igwmb1)mY`5^NJAxjqYv(^G6Q<?
zV!C7a!kmu98y40MAa5YG*FK3~Wp`s*<Khlkc5`6`Q5el8lW#DX#Q2lkJYC)!<h${s
z_dv)6=o^t3Orj~V9M8q|C^GhlNRJ+4U2<a1-Y*b5Oo|<UQ{-=u33N?N4BilmTU#zB
zfe9lro=vBV3y-O194wN!&6c84-<YD*7@)w9_u~hGBwf^if=Q01o)7joBPw{&@sbmK
z8AnSJ^&O`02D@dx;hGHo1onu$ytO7teCnFAp|pR~Cv$AS!wk5XMUxJ<H|>a}$+H^)
z7U2eRv)uIUYgz5r0mGcFieA0U+}CX@qHD`JiO;_Sh_C45rW$2;FOrMjafGb!%6Y2C
z#uKm|xNwwWicH%AJq+(%a5nXPJ|eC-M-Z<Z?>Vsx$elS3J249{7<TxBzME6%6#ZuF
zb%RRojIsLmGsZ{c;HfHmgExfp+@j>g^MI-d21bRqQ9#8Pa~fBMFKDLq!aI)vA&x;p
zl1J<bu|p7|>{)(vV^bH3@`FvR0YJ(cR>ed^(8GOz-rAzP!3Xb}a*52ckgz27hCX!O
z2apB3!6UwmE4BBRF?1gWQJ1piCt^=}|LaC!&<vw-8<$^UZuf5H*Zvc{)EZOET=a&q
zIc?m`pZJlHJk`Un#e+K=UCC?zQ5<`;D>*Wtf*Ug)i%YRtFuvMz3^QF^VOBbZk3ixE
zB<94uMzeU^!(Tf$-W;%266hb;L|oqEuvRn>XYp?84&38gC-)*>k%kSm3C4!YQo+24
zDJh=%I^HwVzHRmt0_vwTH^{Mq@u!10Rk`YL{v8euZX}*k!fc>eeQ9H?e2uuBK@{*K
zvur>PC1Jr)k$zZcG}98}fxg8piBqC3SP;O3cNd|(DdN2`8mL}k1HXAV7DIt5(b!-r
zIOc2vPD8{Yo+!xvAxiTnmP-0$zOf_4#LaTMZycrjmgpY$O=HM234wZA0vx6LRU7G^
zS^OTq`%Rdqvv1T}KrV0$@CI0#ckGZ=xX;gS)H!ba=tj&>oO;3H=dya-;k~A4oa*u-
z)ebj%MPv<~+1Zq)?*&$T{hP#r%y5$-ng&#D@lV4SZ|2~Nk~guzrV4pppW31CKDci#
zYAP}USCo!dKG8m;P?cxGdz@0!<u8FDhEerwR~tPF4r<C|ZyT#7zOxpT#`1t3%F^@V
z4Z7fL2%>R!cZ=lRG`PYL{?ClgXwne=7jG0ChMk&(G3Vh{7B1Kfxr#3*^l@MzE24uz
zF(G#{cma=c%+^gYt~)ncbkoY~-tEC>P1V{0Ybx{%O&czFJV*eYvS0a7ZT%9#p3<r1
zFUSOJlF`y1EJV2G)zg)J#ZWLZrP25Q8ee+v=)?@B7^oRx(ken_2G1MhTQ|h~PoCnL
zGs&7)o;%0mqIs@W&xIMw7A8dP3Alf4Kill2T7{?@&wJz_u?;6awfL!q+^XWw(QaXP
z_lFFZYZ+vJUjd^GS!-{{hM^^3KoD44*0CYb1q7npfADPdZ{Mc-K>=K|X$^RXF`>Z~
z*D&artI)(?Hl3P*{TpChzG4`t{n^E%OXHpY?Vs)lS58)7?~vbDKIn=ra?2|Pdx9%K
zsFlUHhmAs$Ehr7W@3YAS(759}&BbU(3kU6AY8WGKfMJ^4)b~Ke_0YRvr3+P}^N)?b
zeE=Yx8zCTv-oRxkCX*g^JS3cIN1P}suYGodQFOLI%cT|`)yt1apTSc_?HGN_&R<0@
zz(#)uc0@Vx0BiKmb~w=d=wwkEH#Xel<p#M(UvUZ+uPF}ubh;tlRbYTr-tEl;eP-cv
zu)vt2NsW#zgRz88`(9`tt5ax)&rddf<I~KCLPBDEDj{()qVS0zY=6VHQfMB)XN@Ot
z{E)q1zVriX*-S%BM@7k4G_j;qme<x;USyuI2d(cQH-g2`1J1Cgrn76JXXSWiAXJ)9
zGdH20)A;i3gYgDVj7Hqdd34|S>8!R5;8|y6{ue)dqXc{l2xykk#&XV;E?~fG8u+GV
zM+;_=-%Uj{D~muH?t{#u0${Z20Y<YPU}*IKLp>Ob3PjI#6~96BfIdhYajOccb(2B)
zpq^A1d2A~l`WUN~BfR3Fp-s{DHElVyUACU*&^dKBq_eIGX1)@L>(Swh=Zp(~*ztK{
zB<s`XCu$V@R@KC!w@3>KiGyh+?gp*C2DIsp10XHyJ2IaOe%5&v?&Br@e8|7d;k*Hj
z-+N&51K-AUCPkfvG>E${hOmNfqglmM3`9w|O*zLb`(l~+(S2og2TV+VwnY92%vC<t
ztSuHTW(mP0&Mg>Y#57vubC9Zq3)gxHJXf4^zUokEP6A4CSO`lK*}Vl-TZ4ndE$-8p
z@<c7iw5KAYLNsag=NCSvBk`U>%63ytW)XcSZ>BBwQ1D+YDGM)Op-CVbCV+W-;<4-x
zHZnzLn{Lg*$eZ#3yi*z?Z=Ff`k-|%+*!}*zZ)2(U`2Z_fOW#upyw@n$UPIbmxR{Q-
zSg7P}lu*pzdEOvAbz<*q8m0A2#^9SUp&F9u?0}~9XM*)8R?QvImioNbPT_`BP&L3E
zjx%6XypCHj`Zse?xuU!F=rVW?4PZ<|k8JCeMhB4~wBdhqLV4}d14z)uatRJ4Q`7hH
zwL`{6)%e(?8hn9w4;Ul0@my+qO81%PHG))#CqR%p^kNKo8S8o9vW@Pm;W)M*+PNuD
z+d*h7TMfW|fO!fA%MIX&edM2dpKbO|Wyi4c?8HA=-v9Rn+cMLa)DBg!#u|LidWxKX
z`bxuaCb~ujFXNzZ?bI;~NR2rfj56E$gZ7>NZL-I~CBgsNWVeo6*K}&)dP>h_XE<TY
zAkB7bgcXFp9FGI6pWeS2VGWvFwB4pKJ@NPgea8khR$(5kL^M|-5VboE<Ocp|#Wi<V
zJi=gYBdq&(p<!FAQrB#;-2{TrFvQ$L)S8&$fvRCX4m}dieBTS0Ql!oVSJnu4>(A_k
zu^5rv@-6Qao$af*XW#PUK^PmgHb?HH^FX;b7bD8I5utl^N8RV>CDmShLRHZ=y9~Mm
z!D4NE2N@lE39H$;M|*-|7+3>$;2_YHB*oV0v{OTEUY_aAV+(v(SLLAQnyfj)wY>3i
z7t&t%v3A6PetWmVkz<>p>}bYMb4au`+J{mUj57F`nF9v`_R|e5&p&kXG+0}An3s+X
z4Q7)=XvXKwVSL`=rNA(ka54#LbO4=RlY@7+!O7S(;}T<bD4Bn{|IWabpV$YEn&5y(
zm&)heK9l(B*M9_T!2zt<Ns+9N)g=!n8t&g1BU2qlG>zj46k~^@9wezc2?-j9*OTq#
zE)#5!R}Zu4hz4n}c58=Eoq;zCtOIGKzkZ+DPGmEkwfoHBfEe#S+7#=8a}SjOBz7W+
zR4Lw2v%$jy$lty2()HZM)SHE@e4fut$wbRj1AJe2MMSXnm;s!_z#l3@=OZ1lP%c)T
zJ5*%&Jh++Rj@>v-Z3^QCrzecD=gbckX`LmiS7sRTV&406&1;P4?!3zZxwg?fp4zS{
z4xn2BvI?<*j`FM>isz(#Q4yGnqn#esI^L%xRf$U`vv>em)f3qRst&Ioz*7?0-mfr!
z_r*r2)R~K$roh)e9IR%0)fk2Y*FqpWwhi;@+PlQDLwA7}C!KOHwt45h-Qn1>$F0ka
z0haYvo8VOry_-0o*`FWW=31^J`xI=o*A4Ye)}iWLd8Pxto-{7dWgu;wBb#<PbmNG9
zVtdP`aQ}v;RE)g-_FRgaEB66LRhA*0<i@@Iz)@RM^PTT9#f_tfH>haz-Hu?6lkvoi
z%#ABC8^CI!E6)6Mm;mMo&#UG@U5sbEoJ!%9A@vnR99U_K2hemyizdY145(G`6P?>g
z+_w3Nr!e&g;h1rvA{t|N3od8H0NmSFP!#IKM~-6~7szRa3sp4k%~v{vFHlrG&S@}-
zGixKAtx9-GgY6pkJs2~VkJu!?R7DLJVMN)6XzP^~)9l1U)N=+=i~a1~If{Y*^HS=(
z21S!K7c+onS<!EOOe52Fl!j%`ZN5kWJ>3wc5mMYI%T~L10|x1`?{O*_{n3Sq)mB;L
zCbUd{b;wl#vRQ<E12Wg4ZqYTkD}#O06X5TVoHojJsM8|r^{0z=hprW@6r%FCf4VdU
zSr4mAV(@R;ACms9S&*Hf_rK|A0IFvfAmF<{={qxO?x<_Cqvw}ZJy<E=!o$MNlb(xP
z<)g(TSaNvCq%~-gez6iJg~nba*zyd_-kq&93>z1bpd*dg{b7Ujiw)OW!QUyJ#$}v2
zoc3f@XLD*s)(hX?jnbm<D!1CY_ApBndWe(dzJt8RMfKi4eO6O6wSSoJ9%j{>XD$d*
z7gOfQa+5G-&+%pWK?|e7{~Qd&v^pT}+I{bhRgIbETJURv{|*ePnLk8G@Pr4DkH5gq
zMcKwmtRK*d`F>C<PARZBrNF{YP8G=>rGS-f@IVOvDW#QZY1CTg#$;Q>EF8-etLg!6
zWpl)`I$nZqw)wL-T1Vqb80_vM+_ndB%?|Idk|4MkY5B9A9ILxd{8eECeSOojLfT;L
zT=jp3``11#0%=p>SbFHAItVkSQv5rkuC>?+WmS>3aR337?gMWTsBp7vZ*OW8+aays
zawtDZYS_ERtyjxTliWa2`7M;r4Xdr}br_8mG=(Oj1_VXhc^F!K(+&#ztZEaNRPVvK
zjy%`4uF!@?H)Y>YM3+sK^~|GJy3<5iYqP!HoG)%bv-`E!V$Qf3(R4Z!p52X!CG-7S
zZ6@Ga_tU}fz|vA<YhgK*c`8icf}4Q9S+dj)Vz)7-;AFAgw%9my>%9@Uhnb|5r!t~`
zC~VbfKlukkkEfX~58g_rVuCBtWEHh;rqRSPpTmo#14JCAq_D@;y@~x!H`Y<j`d@3C
z)|oxsP{*5A4Ysz@eifTC_ih24iW|h`zkrok>r9}ztPY+pKeHXId`ArhNc-pTil5hF
zbY_vo+RT?k`!=@&eCuus3KvBG9+Uf637ZuGrg(1`X!mJ+-?kGinf|5{LEEXSYV2&%
zCA6kLq+#^vItx}>3!l*q3aq5|6O1=W&$n&H+g4(!uLEj@eH#299>ID@JJ;r-gm#**
zpqZi<zB+xt{MC8ZRts0!u=0%_{eFQv*d9hrNSrnziWUUD8@Sz=xi+Y9jFRS@EiLI*
z!-2yC$N179icBqDGZ^!8s#)&(6CSzoUzXah#^a5jX?LDEHt_U6R=B!L?uj@|8or3S
z<kDS`u^E~0M*X2z8UX&(bj@cx%RC7_G;l+p^$xk`kBJvoslLc9g|(euI+$*?hQk5v
zsmjgFdI@c_%qB%nyQIn94&0rkIvW!t`~K5SLcWd5AA2>pp~To;4YHg-V?!d~eyt8(
zZJ(XR_;6cVqwQZ}gUkLD$l;%ZhAFR2F;e^CpVMe5B#_R^14$rn^FR_v8%>cQr)t{%
zqHa)fdwasSNzUyF;zrR~zJT8w$_-7HB;XTXmpw`p|0&L<aqD;X=&BR1yNQwq@+B~B
zeF@Cy;)b`#Csuf(?#=gQ_b0{uq?qr=rO?DHWj*ZHx7~NJjCO(peJ`}%4{|#AqFJ1Q
zdTZg<Ddzy6fhQGVa0k)j=iaJBY2g<C_aO$=Sh3^%y@_~TP(a(aFP7dH3E6BfOb>-M
zzd9s%J(WT1m%K5tuJ3}00Q3Vo@vhvgsXtIiaa+C%wmdWFS;1+MVzTLo1@T&51Waee
zqiqKsvLm{AQlF^kykDE0YwyW?!z!iyzSYNN(cgQvq%>ZK0niQ4dfgWqrNL7{4#5ae
z;=>THk0Ww?lQR}ErE?mvt(CxAINtk?MN9MoZQigE0qrSbSMtsneJ?_SML+(qzIhkJ
zzaLxb1$~M0=Ga*g|9x1e$TN+^8(0^P|H7|WRFZvjr#1<Bet#EdWuvQ#!3=liD_z33
zP!h1>L%5HJp7z0~6?cvJgA13w#r`cnvtoVP6OwqvxZs%(xTQ_@`km64fXB&e&9CB`
zk8lg`TsV>P2NtTg=Hi45c9=jaTZKh>Sq*ts(Vi!zScY+JKRpacixrmd-3|%c6Use_
zf{k3yc56j>!zxQMSVoCP;x?}BT^d1H<gFx+*;s3=3#}+R@n-OS$k*c)RgjZy1IDxN
z@hB-7j;uB)*3}UxC%?t9flojw&4R$gV0UP2fTJ_BLJh%4b#!enJ8BRBkRNuH>8D7$
zy`sn^`b6aNaFcbWXfcxjNk`sP9L_aQH6My<u|*neGw5wM4WJ-{Ad0;UfDH~?h*cQy
zw2@nO+6eqNy|#A&s4z9ttg;iZ9S$pYb{$sCnX>-xI&6l)I2spNHXveID%St|e~ot`
zUQxXh!p$+YK`<K~Pn%-(2z<}6t%ZVTptxW&kkM;|8T1W8CT7SkFVG|SBaD!Dy$e=S
zmL-J2HJO^W%b!O~m}8k!csMov_-E*N5j%+FnWamigcL`gpn@T6MUt>HKE8F-wjy2|
zkKiRNE&xym_MAuYRzH_#rLb3kP&0>y@R7Kt(+hs2%Ib^oVuHdy(Hgm9We|wgZ0UG0
zbH!y_OI~W7M)I=NRFapv-dZ)(ZnTrn+THF2A-LxftWZLjV}+-}AdJ8g@Py(q>?DSn
z5P>}WGXeBjHCA@U340Z27SbRR*y5H?@sl6?5>t-fL-X%~EeV1eYv@ZDJ4zCpj;daa
z_)d|Sh|6nsnhjjTeR04CG^KWQ(T#ZRTRg5IE(cLIvQsmJZW~Io72|`e^6-fL1>V4g
zQaVmPj7Qypx5gf@COcY@gfBp|i};G`;pB5@=>llWkJy1vQCsseYN&URsV<1?5DVrH
z5_%TmQVQOHx%3RiFM1jg9?yA!|16tHy@Dwv(AqR)w^@1@!OX7pYjSr*u7>~DHzfBT
ze%>2Ty(`I+Veek{!PVp4-Q`gB<o@x&7+ya8pX`w_7+n4^29ihp%f9g>1ME`T{pI!b
z6Er4+*SItKe*z5B{x1hVpNxCsVJLapyN3I{o8Hysu=n`D2yO<}i#<n*<1f4e<AXo3
zU;zBY^%RsOcx%E&Q+&ayDPN2&8|=ggI2~H>oml|lghHnmf#*dROt9dr!fbwiWleoP
zC%PS_m6!%?5IZ;t;ca-N>hT3I^>2!IlG7TdQ&SZ9VMn{++~!pY;LWxweS}Yx<s4MB
zRyWb0s;JuXnW{CD6I9hS<$@j3$KlpN`k)*ednkATZ9c_et~D6RISmPa95NzL!)Hw1
z60dgKjqXZdC5h0{F8Bms6Cd7ZCIY))Chx`6eCJ}FB?7Z;R|I^>^bL3^bz|9=-foEY
zMVsvGrmmtVWpBHsiGdW8nZEnq*tuYS;Q8Owi^amnE*A?np14U7ezS9j;4gZj>|uZ}
z1`59Y>_r}bBz`gFC_4EAn@84}n*sa_zU>8b#ZUyq<DsJ-d!{J{=&XhkMsgbRPuO4b
zW`nqnrhaVd`S3Agqjsm$zVKfbh&kNCYaN9bb>}GS-8nm?DQ>vcyl_zc!hJj7$|~+&
z*MxFo^D9hhoJLY}wVLgO*iUj?M{h2lbW=>wZM83~cas2N-|Z9~nkfpj;=)$^6s-wy
znC=fq<dLcG#z&C_Sg@CQ?E#Hu0eD;^I|_kcHBA@iZ?P{|w-tWd;rDqKegceE>moFv
zv5DnI!NtEbJ4$koj=F(=vl<~K1-aHt3~iEHYFABMHQVZHmMAI~B*G&<Jn>`cA79ws
z#B#ilCSXi-p)^yHqm`Q4tz`F25J=G0#F>RJysh}76#OcG4FpV>q>7S4G1;f8u@7)A
zuQi*3Md{#M%w0>gtEWi9-T{F-rjDH)6Ft>mI|(idGaINA%}29I65wR#N+ZdEO<jRc
zW?&>oRtn-yCwb9IVXViWyrsVZ0}M#DelyiMjKUk3w4TqbR}*y01jhFb>w3-nn2+C3
z0P<Is^CsC!tCgBWDm?2w6806`9P@1_WQyWb`T%z$^T#*}_Ly=rh>B7Q_}g^eOpqO}
zhlUc~z<{m8YGvRRSmE&R%ne`cNrXQ^4dEa0#w6z7CG#f-4aON+YK`8Y2180;)3i&D
zZYRxl>cu=1<z?|3z!RpjOFXgbhPQ^t9!??(7GRnkTS-<^8x7`D5VqM0U*xtk_y{2@
zT(Z;%oY4Fj3~YTeNfL93teP_6RXv5fnrH(zCoYGH-Fgp!t=v?r>yPjzo49cV>LQrA
zWa1|=QZHEDH85C7Eazi}Z>`vla~+uAxc`9p1sAciz^s@tWwtZnFN6$~WxJrKrpZ1#
z3Hc9de<hR}N^0O5os^JLnk#PsER)n^Q9B9M*GxZawiAX$x4RO8twuN5UrT8x>EBZI
zRhyu)QqMGP<z2P3bTh5?>Y1*k>^WW2w5;dFb=uPFLfVP(0>`U}pOzRF_#%wP$OYk&
z*V!de#rWbhhl$KGQ;3>+MUlOtq+V&rUTLh(p7L-j&XlRf=*=S_8sG!4xm-%oMS}M%
z4_S@*>k)VCL;7#(0%ZyFz2I&5kA-KaBT&9fUcOoIYdT{0LUuFczun~p{Ohup#Kp2p
z_zgGF_(b>sJPZGwjxMIJZ1<kWEkU+w;juNEi|99=$>^~|MrTp-Ha8|2`=eP9{k~v3
zuHXmr2%_I4V16sVi@$ke2^}3KGiSebI$d47k}|oJR!So)Ej?+L>q+KQwa&_%SAnBb
zdL3-2=(mUx$EzdJ@39?xYjr@*@n-;%7ylg7dHi#VM8O?Y!pCI4mg`IW8kp7(FPL9t
zkKaSSQp6%Ch?Y;S3#0-WhhUgZ_;27V{0+pMFsgH*y1ZPH3Px`A0tMa2one-M4VUbQ
zRvUO;7`JFvAYKW*(oM+{6-_u1&LBkm7U$VANbwrLz>ya&LAwK1?9|0tTqIx=WT9g=
z*vP){NSqW4%{ksPHxpTr)U;r2Utp{$xteit=RFV2XZ(Z30514421OuTYDM624p>WA
zUW`37E!(l91^W)jjeqaWaK$p|*ifs{P6*j{;sVXiD5U7U;*1EWH3Me708<KZ_ZB3+
z0r&wf=-h_P0fLF@;E6aZw}Gt)vZYcc?!jh85iP3X@i-&iYj!W<bAA6XBTy}`i7{$l
z;Ei}$gZQ53q-?>J)<~LMO1A}VhJVE7E=op`n=S-pAt9RmOeTHf;-3Y-=QS)aZYH7u
zTwNpECZ0`%G(>dpY%IR2v>GI|71Iyn$XfhPGv&B9afl1X_c)x(YOw&xs&ecLb-=B-
zm`}Lz1k)oqTAH4kQ7OY0jP0@WM_k~|6GuPeJ|Jp>zXcO@WhyBb<AqDWHS)i8Ti{fH
zt%zJl(ZvM+H-x)j#X@r||AX0|V+Ust{}nE##AmTny1c=EFoxiP*JZ5t>JN5;I%9Tp
z)NQ1KH${21b|)G+t2>}2Qg6UDKEL{73L-8tg9XkC56qppX*<l3hmJt&n9Oa#U!d1O
z&xl`dcm(wGA1j-5WdnBDlPQ?jSW+gQY$NVZ3WFv^_zwR<V6}Wn2ff2JDn3bBnJ}QC
zWxDB(6;)3Lg22ee5kcVwuQ7-ITUWtQ3<kEq!UKN*tz{fr&o{>y@)<cMp4$7H1|AKW
zd&Lajln_qEp;PXm4$8{*-b7nqLhw`4g%!hsUSI?-FL0l7__DnGXEp`Z6OJ8mf;s;|
z#vTw3?oLH?U;N_t!KQH7T~IDdb0MI(7Ms=`Dc)`>Ov1c~d20sGpa<<Kk8BBR*yA%C
zcL9A<nkx8_ELb}U@k(uo;28W=69bltktjNdJLGx3)5H^JSo5vS-L~FkJ`{UM-Y?K&
zo8ZA;WEwu>X8|4w&NOAf?G%jAH80>P{^;T>OUG;Mpic&d4HD7=^#wwo+Ta}FTT?r<
z#7q3}>iL*+?S+qPH844~hKetWL;sM1GuK7m5EUFQ<V-{%bS!Y=gTVzniE*b3oMqs!
z1D#yZKcNq%SjcYTOvAq+e}Juv;lrhcC_dl)0s+Utd;_Jyp<Sr}JaS_->)}oINE~*j
zG&Bs!!28MgKLd)d1i17KA4ehDiD=?}>nNaeLN0e0AFbFZ6q1JB=H0~iK@_pOD5K(g
z^Z4d`c^BIXktIAHTbr0u+gW_;=l~_V!6r9cwl7TJp^gql9;Y`3e%KEZpLOnAv55-5
z*fy*SH#BhxB)srYJqKXOz*O^KQ1F)yvKf>F*6C#G>HS+<Z#DT%Kl1pJnE0(-*b{s)
z<oZfntgILy*_g6m1Y%^)-WlKEf(#Z<xA0tVEG>xd#iw0)e0RR6o6D32BaelS<Jb`_
z&ckO@P--_%m-hxS9<G^k_5;c^i;3qT@P$9Pi=si?qV5=O{CN0Dj6cP<e_lVqEtnuC
zv3)Rr#aCk4^6}<oU<}Fd^81}ZQt$Dm(mnEfiT+{`GVf%;<og*=e=K}Va3Z4xO55HW
zTX5Z!;M+lS0)!0>66r9QAj6hTVd#7OT(TQbKUm5A-t_xyEw$IbebAph@7bXpcDy|}
zj!Nssrp|a(w$*qTv`7ct9hlC6_7A8u%$J3CmPZ(1qLpE=J)JssVEo$~bjaM$*aa2~
zQH_6%f!P~Gns3@c?-m~OvkGFo22q<3>-}9(x{L$__^I~>6zSSr?gMDJy2bl@Td(W!
zhD|9VUpa%4a?j&2chG>+8PI@xSVQlTw{7$XEYD^A!!*{K(wk0aEG&=f((J^XN0)jN
zMht9wNsueW=<_No8EV=rArFt3L&0Y-g(dW_6ogf>+~0OU`3^;fhk{A^0x^CRylQ)R
z2;i8GdoEar1A!YmZnn+tKe8ns@n9pyO2cCZTmX(%Q+c93R_hus@lKEb26V-FS#9wy
zOz}sS(!>)4q^YBs$|9Ws?%a>qF?<cu{l2(#7g%1ArE+!oUIjl|>`(*7P&(q=zM*#&
zPafb-9k50ILiRNAU&DZZSaOKvU;-jL)@(R$5LeX*PS`H*&=xQ=%F5UintO{`R4gnL
z=G-vtju`@O#ImFZ5!MD^5&*u~&XsCw$(6v^bK6RAp&AcMTRch(%sLxx=ts9gz{OYE
zAUM(kueQWb8c!-V#K>z)mTa?wv}nK!*=8oEl;e~R)-+t}t8-1EnJEmFILQR7HJY5M
zu*#-{m%1aiB#9z$5Q6Xlr59pB9vs{d*Z@ExY!ylDhz6Smt4N_Qw9M9%kw$4e(TT%r
zqOX|0vBvievYNg6>I2;LJ~iWywADv_&vQ806irO*IQNz3<Y$B=OlB@5y`n;rPdjJ`
z4ba^`*Fo{ZR|bfbC*V}D=~?2?+ek{K&JFkO1~d}+m|?z<PLNd5f6yqFIXyShH9^nz
zQr_iB*BCuPCq+#Pg#3xA=q%}m8CU4Hc@uVc>U1;9@(I{oO+eO5nr#smK1EO&%4bGe
z0Tzb2K?ZSpk+BU_l_`cLR8KVYVb)NBVI@TYa^Hj7ik2-Op8R$iSKf4Lx??=toaOLN
zOpB`BUoihC3#NCl$*||HMkN$X-AUAfhn_~f3Jf0oO=912vkFvs%~LM3)DG@_8-O0i
z+}>IEa)-L<66@spSeBiozJuA*G5qk#^A`!7s5IESyr8j^bJyly%(b~>X<ELoYQX0|
zUAE-Scp&^`f>0beG*3W)0FJexRD3DTi6c(y!9=xQaRoOB9|o61Y8f^-mkQJD2kD4n
z2Wtk}4Pg>8mKREwkT~6sC-K4P^{#E0IqPeF`G%@43T~}{X|0vAGNyfN&nesra0;W6
z*4V)c!(W-<LIbIV?3v&NRYm3yM@S^?CSj2`vCf2tXThKX#VyHTnd0H{Qii}D+Uyjz
zq^YGnppIoH<E$aqVKMC8ZQUk(VgRD>Us4XU6j+wb4gaHSi~ChTkPWU0-zb)WS3^b1
z3dSY$5I)422?k1ph0`Xc?c|zk`+Fb2q&vzPr780{)>vA}W9g6?bcTj}!t_6~zoN0o
z<C5OMKts+y5`BvUW#tW&)X*$$Wvk6{t!t8qClfP@OzS1LI)h{kTg-IgW7h!TgEp!;
z4NDlbH9Kr=c<yYqrSmhV45P~o`v+8-bI^A@&(sy!%`$G(uDoEZ=*GLxmPxKKNEXhf
z%<6{0V`~%}RZN#Lza@653O=$iX3!(J4&__^Vq*)Pp~bXR&_U7m-5w}H`z4*wm3B(0
zG|tV+(Bk8a+E|?Pq>ENr9W++#Y`T-T*hO9WBk*Q^FJ(u832blj9fzbi|F%Gk*kD57
z(TG>9Fgf3GLqk@+A@;3eyElC}3}Xcy#=no7eqs-a2RT{nw1|VE3$#+kR|HUm6iZcs
zVgH^xm7vqNDKHotUtG<O7ewDfpoc58flf&5o$-W8nB*`&<%5wl4wNPeTFIPd0yy6;
z*f`2+H{;baw9qB?X%KJVPP&xVGUBq8nrlHG<htGcJ)l`@slU0zlxnmVOHncUZ>&<!
zFv1TNwgrK(z%(P6wHfYL4=1?Nx@CWpZtz^V)=F!Y%fy=9!6j`X!!8?bf@rd%C(nzF
zc>5whL@8j$t+MqrGd{~DO_zd`;gaN@#M*rD-g51axSuZ5>dVvq5|K7V74dyWU!W{2
zGn`{@NwgY3XT_Fb#&T|gBk|&m1^-H13*580igNZWChFrkv~xs73*SuNcmjWvn|xrV
zKD#r9NhgfPw#QSYa47;=PpYG(9)N=LQee@&r@=ELCEp^HmgO*>YFv+|DR$oFgKcc3
zcY~~GoZXzq?8i|)LG)k*e8}o6uuPkOFx5)N<VzvaTt@ezfKB<o1I%g<P(dr|0O`y5
z8N8Iaom>62X@Tlpnh#x6#J^GB=gONE0GP6H%@?fV5EDupUdt5jU}-u*chhHV{X{2*
z(LvbaQ9)gr{MZ<@IZJS-X-wi>!vvQS@X3qYAv@bLs)1rdOffv;4Y6kT4BIa5pKbK`
zbEh2J`(%kzop-bVROMAL?Eq&a`z4N`eMkg8LlGJSp^55lm5vm!rA&MV{Eqc9T?Z|y
zWwMRbDpFJyAdiKC8gKe#Ox1@m+tb%eFgb&sEhf<xL1usnb1(9M-r+NFyKpxf4qkp$
zYU%mSx~ON(ZX-*<%-x~PxRiWM7c_a3t23W5m<^+naJF}nfvsQ+w9a+AyI>i_XRzT8
zdKQ?xbo>|d0W4$gMDE9rZBb#@NQzx(#6|p^m1oq)YThiA9v_fbIHtW+xN#(=vC?8J
zb7Q$ohAg|EBAd#6;{x$-v>HSE8NRTlEZvG*85-}{+oT5gP=`tjr!+Hjc?PsGoo*=i
zC}q@klAj_b5ZTEGs<zH(c&Z<J&YchOd|<n;>~3z{CR6LZ$(Ce#@c?tDyYy8WCWamc
z-&dz+iOO#qv{@t8W+_$X80}uj`|sZhXK>6IjIHu-v;t$hGUHvSjo2Dyece+Q+>(cP
zVW@R0A+)4rNmB(4+E^fkIk1mD_d|P=3G<JJ1nc5+Cdq)Uc7D374L_hj1ul9Co|y#V
zEaJ6?(Kow}4YJ{&pnul@K7qF~GhpM~*|tU%>mPo`g*eh80%vu>kF@C8A>r3~J;elT
zrbm7mOu4iy7&l<jX|6pjW$^ge0Gu7-bdeo+w|EG&&CVBMn~9n#i{kCjO`qFik`?cj
zp@d;)tax&rG{NPC6FVMb7t@hM3UfRQ7N^-^PP4*^9X#da7pT`BNbDkk@9zX7+BZca
z+JEMS|GtZe_IwV`koh<y#!m;65Xk0Ijlc3sHKrEQth|LZ`2sYzQrJFeEH$w(3|=-M
z8P2sZ{4#b3%ihA}Nj@8;`4YRY<rP2N3A_N`cJE+1{%x|8brOZVZ62XgQ?Dcn4M_`q
z=XQ%nP2(9zLw4FwU-%n&70yx~hoUf-<4?xTtOrHoR>{&QL7Kc-SQ2Bi>D=O#vGMd3
zb`+M{j7w(U1m2W$*LRdotH44h$^Js^=UN<m2L+|CZ&NdP#VjI`C~QViz-?C*_gP3I
z_H8EKgh@@}6;_^E3oVB<VlE%yB~5Vaglkc!P{aq718bchv6mYuD}2hG(qSz+Sj`s?
z1^Uy*x>0zvv_|^Vex43n0p>5F7tigk!Y)lFgVsPwtv1Hz8)aAH@m%lp8pmiifxbDy
zm$eVn*gim6$<2cvJDO_ULckQA4nAVXIKtq$euN2@tfIo4r-tkmxW{~N5xCECQj48{
zOvl+}*(9a@KYMSwoj9_si>@a+1Bw2pjg?iTolcG+tInxEF+j++(ty|qOuC-_&L$$%
zMMxoR*IMh|yGQMnnQlNx5i@4<HPklsJn6%Zl^$H~P{0XEUzx}Ow8YC4+V|*?K@sjb
zMo|M2>cXG;`f$sm7!{m3NHAC<&L@>#hrftD|0yBH;1HP2A!Y}wV16fXSfdRbOqonW
zUbwbASoLdzX?lO!z&RI>1F~^4wlW|CFZA!Amh&LroMv1e?o!-Vn@0^zygvOo{dxuG
zMM%fjtNW6@+2id|=aih@PS2s|39((#d{7*NKB1H0*rS}128ysb&+`HNWl-P#r>QqN
zmno^Xj|?7u|AAn;5PNy4-C(n2Nq~Z842j>%VMypIRPzB7LFIu~{DFlCT!ALG&(R^S
z0BI_aU6wB%9_bZ)`kJiW%#XcOTt)18<9A56`wovEjQH1Yvn9eC)YgHT$P=oK%xZVo
zj_2{H<t}CK;dwWB-(|vNUfhLT(#Jl98W{)X<g=5(e%`eWtg~saJHxgE_9XA4v%r#$
zOfWkl=X%+6+BKpYJ?~FELId>Dwp4Z1j<0DS_7MHt(3|i?eaAO7B9y}IWzZoXmLUDA
zzh6P#wBO4omLg=Za_8htm3==*UDRmopk(A@9M70WJ#9)OQ))lPq<)SY8SC`liGSqv
zvlTVpB=Dki>+ZIr4jnx3mw<KKuqTXN+(hDWg4yfB>U&hIzB|aE;|1!C5h1cj<Y~!3
zmFXQ#-eu`Q$2JL*h3d9;J0f>q^(}(~@rVhT2+R<btp7aX&Afo)uX;fHJvnT}6r1K_
z$!0?>T-9yp(_?5ta}DwO_xw%|DDjcU5ImR>iaY`t7lW0;jA$wh{0-7^l)^+#K$~a&
zfzb7B4JiHE1WMl`#_>RljoX3~w=Lcgb7iRD9iL;x{KJzr-9*tI<9?9!IT}1V@tWZ~
zzEEH6sQ<GeN@}YDbKiY_+(q^hW%YnlCh9aTJb|s-256ohgJRV0Q0ts7DZqB-%n<Uq
z1vyZcriX+kT!eGqraPQ3?s!jf%Lbca`uMrpBA^LPiDvV(z7H)A313}u>1a?D2{zSI
zcr!b$(~#Va33!M@fe`}3s7Y$cE3>ssSpWn-i42(P79W%uSL-!4R8W&qeHo8)xqruo
zh9F<7&T`}_VoMS6RPg$OIXl#=I)z6yuPq4h*7pH5+}tF`ixUFXk}yGglo8Wtk>t`9
zLxt>l7@7(+gUevC)n2J7Im(taq{28S#vTFTGBN^&4PRq?$>Ic^PUI}JdAQA{W-2hn
zHDiWBO2fJEb!Ew!^{r6K{GNaPc8m~LdzYx2TrI3L<}6z4bkn%pyTzPTs6<v$AtaOd
zasSLdNA}KsF~s-~992+Ld>)=`7(z`P&z|*D7)v~Gi3_89Fo!cyGMIPS2EsD<mB+9+
zfluM#as$`?vAf*|0-$mmyHKyF&bHUR#=(M`#>feW;GXgcr7ki`UW@VzP7MeEmEwy`
z;uw`SE`96j@B}65?6o1aDNGeSM2o@ySH}wXbub4S_9@&&&CelV7j|&`gwJJr&Vh>{
z-GfKU;3D4&F4B*or<NP6o9~YZ3gE7K=}0pbHtq9sLOY$e@Cmz?d6)TK8V@VKqlq*3
zQMAUz19fFH;vBOt3qA=cfu`I|CtBlNqBYTp7Amd>5|lA!SrBC7T9L(uhN2g29=}D~
z=@t|79<M*O@T30;<Q*d(@bWn5)%QQ`4d4DOie4rxx^oBd^$V2aQF_!xGTKpPefM^)
z{~U*ARp|CN%ptP?-Fz;U_?kodacs;y5GXi0bbZ;GRdVcVK&O8)usnNgEo-SPOe4q7
zD7=XHim4ojTmX|^5h{)oj5g=MSpTEfs~ia2>VwRP-B$5TOBV^j^Nr`k3?queSpgr~
z_mB^<f6LB<R78pSVAvQ-W6G@qY_qNS70;>h-aJ$fdi|><@Q!OTR=_p(2%?ikUQ=#{
zE(wYdX~T0B(k@%pV$Zi3G(GXN{Utwhk{WMnh)$*IXWduYfC(H;5Lli&_(PhTGm4oO
z(me!$XpQAQn^9NbyGXsku4`K;SOuACKa(^$sR34XVRv-%LEX{D(yB}CwVNcw77b*n
z*U9=#fm6!kk*v9?@<&Tz-_Y;h23>4m&R%2L%Ku<SOACTlJMPMmhu6MOUBKjk!UH&W
zku&7!6$B)F*=sS~t^(QjU%(5D5c?P|(<23$gLyO6#h97I)>h*QoGM9rI+(k+<(=&f
z)RSY(WOR@ffK*q_XQ=HlTm!xhjX<<pMxt%&lReGh@O$6(Y8|OfcVHR?VyamRpSc|6
zvjk%1M=(4tK2a5-`t!SP`9W*x2)d<2v9o|r&QLQQyVTY;oi-DpnqbDp-PEWi@g=V&
z;nGOyu^+0QWpHS#A;eh-8~p6YhF{}OX_mNj@qS7qfh9=tc{x&WgTTz{%|~*gN-xh-
zQ^a25eZ*MszM+;6F=}}@rg#8OpI}c#lXfVj3cz$IwXoouer)$6Y6QfgMG$T15-RTf
z1WU#EB|@dh{B+=od-$hHJ!(o%!^GyiCEWBxOYn<h0w;cSXwKog9i5^ZtGrC?p-PIc
zXpWSc8gMHuO%3@;5TttABezRLPkS|1sA3O|6U;6XiPG!031m|nIEx}otJ1sW-)}g{
zQJIJ8=NX|*?MkfX_JJ3C*Q|}!FnolIDd;o7b?x@6)AYwqi@?bkGe9)!$;|CCKnWD&
zxeBh&_xvqc;HQWG3=A-zOdvWB1c71ta*<xai@&9DS`O&rdU>F+ln2VsV(RLd`Duk9
zY<N$Efx$-E#S}lwfe&&SBpBZO`M)5k|6lCO1$kkLn8*0|CSKX{D8}jimxn?TVhn6u
zoa5b1uf-pbL!nzlU0UILlyt9`p^DHG6zOUu>|~|oYB)gs0UcA67#O02rsZA<dKNt~
zMY#3+rcBE9Mu%v%+|U#g644Z4-wIIP2;upPMa2AfcnZG@8$O}baqvfKW#343mN1Ue
z@5JbgZIzt5Uqh*!?0YD&vlJv`dJ2ycN@)ZZO4S$yp2nQQnL7^pmc@m|8#A^Er@^z=
z3)5NEvaAU$MkH+RR(~u2jK;k=^cNNTwb-u#-g$OH<irkk-vpjJA^2-SPhKB0jjJ6T
znv8j|z&}eE;glxwgY5StIm_0pER|j(yKKNvK2Jss-{1b&v;aJdaDzy-j|#@H0=0aC
zQwf>6Mo~g@4S(P`6U*>8jE{dt%a?qrYwiddD9h;Mr8BQ~g$vXJ2{FsgQS`E2z8P@Q
zMwts9I=nygll{G(5Gco;q@;d<^0N{r4>til$KXAdtN7K!GBd=Usn88=nPBk+T#n1W
z%{R$${0i5jNsN0l_iezaava+*Kb@YLqQ7kw7Vt96x<&jcY(?}Q?@><}?`iP!pQ%sF
z%QbEb3W>{!NFAKAjUJAX&DCMx!VK;bmNf*f_kQefB}gu!W^v(e?9I`6kb4M{Sa@}y
z4IJp+V)p=P1};WLrB~Lf^LP+bK^JU{P(J&Fgpl2cUbu@Nqsbe@dZ;#=QJJHwwX97|
zH-ywX=-hNFR~5Ro@`mGLiO!foUv5)!D7bJg=S+A!XN1SI<gC@F?-S41Fej#t*dnYz
zkZaQ>N%qs3VVUc@)o^KW80IDhJ;A9S#=Q;Zg?*fzAuADwYNRekzsehKaD!aSIE4K+
zhl`00ejolyS%G|a&Ip#=2@hTu0@6H&5H0-r0f22#<s&ELD}3*pWj@tu=sV|^A6NC$
z?*a`Pq^!ssu>`2uig$^+h!|h-W>1@*a&{wQxQ!4d5VBRcr}Rh*w-ggbdI`Qg*Ft00
zbIZ{n1Is!ITE6d6z-M;JO&GFZO#~h}AEcP*=OH@t6f!Vua6Ce_r17Yz$xCKh=0}n1
z1db@%E9j+Zo<{zw)UTHl0l)KCbVy7SxrSB@66e=(`V;Rcj@BLeExnSgUnceHB=c(M
zxzt}`>1LkQN#l14%4_I@TQ9v<N5?F{1qP~HSQXn0h<6t5Pej603eqN2i(iozrEu#g
znNfbZUbiY4DY7pW*JK|D^atIileK!{#=%kzzK<RNsWQ9;Pa|-`vT`u-x^xZdvM6tn
z#F*nKLa4epCiDee!(WT}Zy1a`pD%xt9K|Elmap@NPiPUvT$Wg_G%j9exo}P?|1XZV
z3UiS5NvpMcmSZW5FrpxA&tXu_!6B1^*4+SC0cdkCR?PQOvVBdHlbhXL{`Bz?H}@hf
zkON=#AR(gdlazYV#jY}EI%qvu4}7^;dIhyS3H>C$XjNfxfH3jN-^DXN1K18xH)#1Q
z-k!E{)0cI^KUJi{lCxFd3Km^ZiS|4cq`5MUBV9TT)92(2kFb7%nj31<+s@<<NIXzW
zR(dr*AE>7|K_x_F`Sgf~i?7AAF{`u){02WAC|l?tS{zP<qcQIyuP09nnPdzFTY$F^
z1NXe^`02+E+hfssdKdSCpnrxtojL)buxgns_wkVd;l$gpZPZn%tAT!@g2W=Jfk-xH
z>*Tbu0G5onYl9wE4#=Ch19|7i@hOco?5a;%C^X8aabE#Tb$R#j-_v03b4xj%&2PnQ
zK6MEn-JzC?t`lSKjtYt$aulrTL^Wb|m-ca`?oN~J4NC+T6z06{O)}kuo6|a?-fIi#
zAtxe219`ct#Z9Q<!k$C?2&JD+>kMzAY*p~>E)ZhN&0Nhs7#+g>^38-I4t<x&i;k%7
z4y&X=svAL3{E_9tp#0Lh9u^B*(rHcdt%L6H5axi_KhUQM*3IM)cKz`B?JsgrqH}l@
z($~aMsTO7T+3&DB8`_RbAH0Jj7R&1|4sXo1WwcwH;l6?)R%DM%KMl`M4PO7hlX?52
zLqxxf!;q&#au)F;tX>>fE)Q>Ra-9A^V%Q9IXhuiE?O97lYLBb+2XpjC|B*tS_zS}k
zy#74eJZg3bWi&#p;Z%z^9{lZ?Faa745D}wF%obaE;m?H#@aN(uxchjVzM$%Ro0ZUt
z4eIv@pLHP{^q&~ZG%F)^%F>J^!rF!ONA+Q^)@ub8TJt6G5f_J;+x#x2eX12Wk0<XJ
zq9-LMjJE+VnU%ikHNE5xsdaAYK}rDYCJLdjCz~($Dy)beCN9CE(*iMz@75E3R|=lR
z5Y81R><{=IRDP8Cd(lh<i!vjP%_Oq|8T@D}16iK2bp<y`BQ3P#%}XTm_sv)nGzfD!
zf_Tlz`VaW+uAfWR>skL;U6tUpGb_jzF?|Rk#RnCyb273{@t$;hjih$RS6I&ViD9e|
zx&>p{UKk$#_WT8W?XP4<l(X?Qy!H!zg*o_=gX?v8K9``t1}-QmKK7PESYq)pT4xPh
z-I_zafL?>>8Xv#!ZoZ&XI00YLc!m@-mD3Cs{>?Rvj|gUtV{{ZKlZn*cabT7BQ4#1*
zl)e9G+X)9@ssW9jCit*;<&GYtn`|)qvU#l+chN9kZ-~-%r_J&JHxtTBToIe&KY{M8
zYY6*-BD;8w*F=n%oppDrN=i2>4HHK$HEzC(7_p@x)nzlZ4BK)pV6Ec0sLxf$f5m&E
z3>=yz%%x;wsiM+WJaafR@SvjmBZ=r)?@m6<nL!p8QaYEuknho-^EcQAzozIXMeeO?
zhZ?mLq?bblCf^_dKOk-jsVv}Ri7gWN8PwlSi<3{Md>>d-7uU|0MCr(?`EgUdHOMfl
zW$DzepXIEyuiz(S*;Ol~IZyjJ8BKdOTeiy^($e{YH>>L_3fRxg{J?CGS75h&2r{+8
zbhElxbdaHki1E`ec{&#b?}qqOkRX!s%16sm5<l?%w7sEh{rllQdRpStX!@xBrUlz8
zIAUu%giyC#8Np=BDhwLUm2?GUpI3SPY&F#_o=b@(jicaD4t!tdW3dpn_How4WR4=m
z(QZ#=@K+n^Y7%3SVT)gun+@V+5N7-Z8E^lRlIHFE4*98ZUVxwdMInuPPEIL=gA}Tp
zebW=+FxMD|OP+p^^h>T+DgpeQuux)BD7aq@t_e1)o7wF`aDpRWT=sT0%O@Mgy21wW
zJ!M`(>q^P?)Ee)=^>s>LS1LI9<Th?-hd2{fGJh5Q!MW;Uy@=}7dF5|pm)FSF>d~LL
z(OBp*$8vE#xav+jYkpT~vUvVoa=wdRqYdSav)fmM+at!{3CG=n{MQjc#hzq&4jJMT
z{EUE+lgl!cMj0%@_t3V79xGK-3X<AkAwKdV+;GM)#5@jvGe0$-e&^m>{!;8=z~oIg
zK&u`^e?@Cd?cq)TqV9oCR{g>^e?D{9+>)mb-<_uhKQ`L{S2RB3%C%903k&X{AVJ+Y
z(EpxKCAP(Ec-9UTI$%(!tLIs0Q&5-O3vcl9EqRUBnVzd-sW2p0rw9KNO`WXmZ_hr>
zE)P>FTW@0WE8J#J!AsOzRpoy$;oFw;p*+O3WfoLQf<C$j7q^5U#5mFZP5ru3#!iFR
zp#O?dz#KM8!e~g{*{$V(^ZJeMe7nr7mQoKDH2g-izR}D=gVIPkEbx-(Ysn@J-elg8
zH-e&h%^G4O;SOwL>@ito;#r-=D9+g8V{%@K6ZWLDrY?NUU5K&>Y2-T|Y_&+71__WJ
z>*?NVuAXe)(CFhv89$jnm^A;+r~Fv_k{P7odls>#GUKu*`*+$B$Vd3rSw4Te{cYtG
zZ`-76o7pl9xYtn6%K6Zkr7-dI*L?kIiajfNnwkl-WekMG06{>$zt>;)>GChOqr!;d
zb?CtpUe2v8H+)f80_<y})^96)%8QLI^K_RgW#uAYOK-sG5L{ml<Mlg2a4l(14wp@}
zX0klCQFv%%Zh0N$ryahrR&4ur(Q>XkMJXKo(SD4s$A^g6(WsELq)>+3k4rS-yQlqX
z{FF();s^M1dD!7?eqZoz<s`+Ss;C1GD=H0>z3i12c^+u}9Ipi)zqQ3($i<x(o(}MW
zEa7c(VdLyVA(U_@K?Z=Yu4X4h0jATQ`3fn@xSu~6ktNj{prqE3%1~EXTA$x75YwzU
zt+f2SK59Kl+b0&ua`vsXVsb)fOip)^+z_7VcZlzD+<zm752YYK+VcKPbN-X{f-fV9
zpErxXK**WdG+*4v7{=3aP@Z2-%{u%!bHbdMk?YU_o<LVfmO5KT%BIcC6;zg=Q;x*w
z`b`E}{1+nIHpy9<7r`50pMeICi)5ls1fo@R1(jkUN?aqVX@rLZUUm??Hc|<?f>f3k
zV*Xtq=o_}#d5NJ*{)jj(pE#Y9NHEOG=Lscos8vWRFX6K#Rn3R`xiop08izj@a&W3|
zS;$?TG$o6OB!9Bs7xe%?s&NU)Fl7E`&RjR|Yzg28%g+&vU4j2T44&6L5FAKQ{gVdI
z&k~7;ZYP(PeJ()0eg()^?e_ZFAV*2Pk+_=;_M*?#Obb|S;qSBso0Ku%k@czPwcWa9
zbo4Y*iUSUqA#wbh&~JGEPKbYlNU(oi;|O{2+7UayCtPRj+*VM6p|#DcTBYd>!Iv{k
zZz;UuUkdb|)c6@SD#?UlMMS1yw$;IPd2hx2m#dyt75DGdHt+Vx!Ww=8`);J1L;yVn
z8o-Q21Boxxiqg%sW~TMSTkEM0oOj={pQAl!bU7&XmU1iTeOi)I@O2RHUa^5LmWQVk
z)~}7dw0aHjwn3=gysla0*MUM->~|B%s%#Kp?JUZ=TeNb`Y%zcJUugC^=;1x$&w}O?
zKGHtaxW$kr)B+asOcTF1f7^vc(ZBeJ;TZdz;vium;t@_#tvgGHnOf_%*kNR87pc~x
zn>gJskKyz5F<{<6j~cyAE}SI}KP`ROE^~w*?I5yCs9Nw)#jQ2LM`Q(*>4n?F+2NGJ
zc6@;UE%9&gh^+8$TI~EB*Wcn4lVw@D8`3Q#Pd;Z^-<EHyh@a=-g%lx;sTQ)7@cSgN
z->!Z)bqPJicb5B~Eoe*5FLmnc#L^-gVkn~5sC)xYWT9lIl!U-dd~+&x+_lSX%>&LF
zBgPsBZqAx#9p4WeLVD-tB_9=a;@p<pyDr~k7L>qXvQDF|NOnz9#=PWwg}TC$V?5n`
zOP>^vEO$~qSSk-1Nck!{k|JI0^rWL&p6P|AIl0z435h#8iH=|Xj8>?dfU6bCE3$@a
zuGj4Xtv^4}zUn>M?y6<ia#g2i+6E0gALd0*3wcnx+|%o2+Z8{*Y)Ma#%AB(?J5qbQ
z*ggv}8k>7GHU|}-kyeX@@;ignfl4z=<~-GgRka3Ovc#r>lJu0CH&0C(muATW%&kvg
zj{j8?38PF$vG?h5?~}S~^?5XfnQjNq4al0)2;!287wL3|_xrG$IEI@tXvw$Qj~M+{
z%46^xEZy@U{f09=!brt&ztolP;SSp8b;tg(#x%wlY@xUBi6iu&7>rB{7V4yeeU;ax
zf9u&6yh`n7AknHm)^h|RDzn&X0X+Fp6$6Omug@nF(k=WuaxkLs8nIz#63(FB-Y84R
zOyRdr<`NIs!=&5L?n#rpv*B9?b>|Sy3dAr!w@P|(lcZ2PWvT2`gQOXlA$wpyb}Q5X
z$$l=F#g=#SyErw+d_PJhti3%2ttX0vz(xoT5wxj6nV<f4<@C4w4YX--MQM$taE+>I
z$R^u3Il!(kZV#1T!;)NxJ~zZ?3^4Bt&y!1(Xgc+R!k6r?l`Vnvd&t*BriA3h=4zi?
z_%qrdqary$J%GFKYL()@Qz&gReuz~0)k#>!-h2<4Ha`m*7qn4ES{lW<wy(pKHv2y|
zy?mp`q~9+$5gIticI}^<{!30-MhX#I=*Z?|geC?w9FCtKFOvM{e1Aatzl&tP!}eP{
z3F&`Hb-w|3at8uyn@jC=a+$ndOdq7bI!|LGsniI9)ZO@gt{dM+^l+scFO8IyhjL$h
zec)Kz#fzYMKV>HB*8_@*uExs0kt%DTos|o=%DGy%PN1NFj5Zqr4rkU=F3wXQiK-}&
z+`50l1>K^K6vfWAm<kg8?BUjtl+G^@dF3sXwFa}@*YQC?eb&hqK8iN*xD3c*JFm*-
zVZNU`u5w@R5ihe|&#%|XShK~Isr-PXPpL&#qm@pRL0;!$#$jo*9f90nsR=P-5uNyr
zwt;1+nYa7v>BcWIIN@*FnQ%t*7=I*=zfe}LAiqeQzis+7vpO9*iJp{f5V4RO<ri3!
z{uL!ma4Df|gSrsPs!jSb*ra11xVV{@;ZUYT5%Ndcxa<p0!*3!e4jB+(F))+b%@{Xm
z{+56INGx1k*oR~z_6$RAR=>lc9DY@u)S1me@0kJYp#_y<@_hGuBD@-+t;>b3?+ygY
z&ebv5#^LWt@-m%$d1YAXUGg-KAajq8NRkR;Y?>jiVfqytAb3Q@4_DohV9v`co)n^t
ze=#cYwjAVCfHN_n{?XjcbPu~d6CFd`EmzS-OjDvynB!vZ?)yVUvmo8;JGe2Y{d9MY
z^-PMbKkhryPZt!A|6M8q`6Fs1FzJTSEea<UuFFll3dNFY1reT($>ZaH4BlpNtwaSz
zc~OD?0IW?Wmg&ko?<^35$pxK~0UcuR>F{dN-}Zd!T*$TLsGHafM(<%+jYs>(Akj<0
zU0!#F2{evT@1f{M1orH;%nf#laS+}pE?*Sj>cmVh)3#TStWlc78^Gt5TX7R*aOj$k
zUjbEDPduxCQCSi7GOOX+xuZyTe~&lHCY+cPajlNvaw1NZx2h9;YOK_K8i=SSw1Z9M
zWyY)1+4+@1!%%4LLMPyv-$j_%bO)j8`t<l19j=$*3x<_oGYfwj@1#*7ZlLV2Vwr;D
z{aJ5_;Z29E*A?)+*W@K)b)DCO01w2zS5$=9;UF0~PSXCCTO$}WzqSbV$B|N;pMF`r
z;*m^p99Ky7`py<{P>G^l3%n+NmZt-RS~`N@3Z~n;Es12zC-?(Becj3NIXZlYEE`h?
z7r{-xgE#?+fVqhe5l>=ko_!+<XrwekN|2@Yg8gc^<H|DW-IKfk1WaQxqWa~PvPpv2
z)+>!?dx7hvK?(j(!(bOqh&Yuh84Jjf9SLt^T-Cv$Gygow8zOT4mY9AdAKM;Z7qxfj
z*OA-X;zXMjq0}=eUSLDNLU2X60ZK(4Li_^vnqCP;623mdBgy#+iwzth`;98229R*b
z*$xA8nVwKPL(uBn&L`%T=e_6PY|tTuWE0J~luVYB>qq?rrKSYTtefOfP=^erV9?9d
zcXeAeQ$;J_@hWq-i%m&#lVNziiiaA<@wRp%ESH7f%^KCP>iBiIS)G=_AI62y<&CSx
zq(U|DU3H@}q*>7zRo_507@e*HucMRhh33}PEZ_Z|PD~BY&P*ETldN;v!QP3`59>3;
zxNB)wV=Y`PhgfYJgkx7}zl)%(j964Xx&zd2DFO*HJ>_>GBnz-4ZrV8F8#r<{u#XKU
z4jpOYK;QXt+H6|ZBy|jCdyZZ<Eoq~+Fuq!^7iXw=5P%V_c^vytqiA3oaC!q=toh8t
z?>#KfcL~v2@m{=1^mMeADC}e}WWg@a`Si4Ugd-d3NY_&W9x)yhgZGtJZPVwnDtUd}
z$kcJqIa?joF~e?pCh(AJow-&P+DrTrV(}Oj?9Cf$JqO0zy~JAZt0&U?tRfm!NqzqY
zKLH0PM7XGfSgz4g?%O42t_xA(T~~-W9(uboj@FLj9i;jg6^;DzN<~~zA<iUuzaVb+
zoE%=5Cv6<a3fv@F<Jpmp=8wxA!w2rytQm-5Zw6c<L9H3!*6DQ$+X$BaX_r37kH_Gl
zkR8lIy8T^6#qoSC-cSQ!zPu0VVyNZhr-cI-Ev8hMrLhst)Z7-Y70op0(YeCKy+IjY
zX(x~LWjX|fOhhu0n;8F(iV9ss)}KTrH2j!^WC#gwhH`E)K#yrJ*7>zRG#V~ol0W8)
zfy<+|etJ9-=kGSm!oO*{f_Aplh;p#9HTI!=A0=e&qTLfZJg#S_^qB-E+6YPYb$;<@
zLTGTa6I7lAWg3lH&m{#OxpXwg+1oo6+5Xej2AUJ!>396_5XaUGFEx&AhKAxm;MWQ<
zxQ#&zAp$%1QM68Ha3I|!$zIAJo7PFiyHfX7;Qp`0>X0ng;W9m5_LxvTwT2$(Hsi_N
zc}(TvUsEzYU+iWJaW|W%n7-dE!cBUB2*7$Z;pUFUaZ(jBc|^nIU>-nlxDkQ;?hww6
z4gB~N`*-vTV{9Vw*YM}=Vti@p`UT(N3oIBDry&A{MUqNvpQY^U70DBJ25)&sjlU-G
zjvo8epumYDvlyY;?XcT|m9wdf*Nu`#n~_elMLYFPMjABb;>!Lp{S%F2lfPK24nNr>
zyE=7vZeOw6;Bvj(6K}d{npWpUn0tN$p_CGWU^5?zsxw~RY_NN&*&zE3qV$+Y|7#hS
zl~T8{opfAiCuQmAEeXutq?=m3$@YTPckycCQG+-)Nc<GpYFcn(da=LZjlDq_zs4J`
zxMGc2ubd>El2{`}Yy)cFo(pwuqc;?L#bg(Dv<Jx$W`*Am4~)vYm&?-=L-@&i0;r`8
zP<Bn#lqL!0oO_<~%$navpol)}WLewyEil5KQn-;|1x`){lNPKAl1W}`geelqFw`hC
znDJfOG78?5HqC(lk~zL&99%OHAZIkJxoBb8&bAAs$aeWlY$#=G=42LFENpoHNaFNC
z{BY}vqV`9`&ZejMHBEMy>-`|;;|{jI=4g~#FcwG99BqTj@Z+k|Za4?SP@0*eW2-Ot
zKiO_*1+3!iud29xfoo^~fY=V*ADO2EWr;^Lw(Y-Et^z?T`lUpJ_J=qLqZkFQZD+2T
z(kjawcv?tn{S^c&6jrTgurk0@`Vz;x7q!?;O?>AT^dszcLXiHCym9*ZQDuBg=s*r;
zVG~oIazP$VDN(=dSS)%$;Sx)k3zXGH=51SBle#H1b~_bi?4pi<J#VOXi|Pg@s<SdO
zdVJOl!LaJ34KatCJzK)och9)CTk8m~fIjp61vZD~$Mp|YB&a^C9MR=$AKT4jy9T53
zvsvrKY>ui^0yFvlpMoZuFD{b;Uj3X<HO!nDR-$p0tSV=q@`Ol`CObD8_!?+edH%!)
z)2<pI0sU+XmAZy{XSZZ+w2{Q`_M{{}XD`@+t&kbnexWbqc~xaQDwIkM6Wq5Qxq4xY
zi*k@OS|{{Z@B#e0Sq#OY+=|)ov?Z<9V|@{pt8?feqk=ELXRTo}zT{G~pBl#v%>MSp
zHgBWh3js%tjA$%$Yw?sf%zP}S?f3qE)hh^Fh#$wtk=(O+Dpf9DelP#Th=s3boiu~u
zz0o0BEjNgCK#n#;<Y$hgk}pImxe+r`mr_0NlCB_X!>pHYnVjHl&dgGt_9WC5;CB}W
z$hqfO8gwm_nL7E|YPYY8&55hcQ*wX}ziljzZ{vzbJokKj?`pGuUf#o@tdb2%ov^(D
zh3uq7e?!xB(iT>?DVf!0S#Bd-%J-yTl8h$GB9Z)^S~b7n-^i=GhUlYwI95$Q9GLqa
z$n`DAydPn4Xy?aVIO!kar{~OBxvW-VjSsyP5ft1$hj++3OX4sF&imb^<9xbFTRppX
zg<<wEn-6B^8W>`uuoY^Lm4vPSlP5&kLvHTcj4E9lbFRjR|9ymWe6?(qZ?Q?lID|`S
zH_pL=orM5v5V*5h1A4-a3vNjh&4K;Jim<5iA4}YCZn?SFRn`kcF!p>&=HjESAtz~c
z|H;I&T+Mguxut&h8(dqAq*Bg=NikucS(M~9ZC|A^nwQ)vn~_qzD)Q77x_+_HmAxqx
za6#^1vfD+h<5ZjHjKbx986p*@6|S0d8H)sNhGJLfG380^c{hoMmQ!8wD(8W}{o&wU
zJDwcEZ_zf~zj+<_>lJDM>><LxqIE~nzjhT2qumokob)qBU>AweTw>Fj#RO_IU>ksH
zA)5|h3(QkJg|mpz{j2NGKGT$<eygi)L{9#&9xYn?$%Y}DAB`u^r`-$Uui)lJ(F+9J
z1q5-)c_jZt1bk!$iYmvfk`k$nxrYRSn_guL%O)*pvyEPUQb^4=h$;J&Od71mwHlwd
zSNAXwhw@6Ch7qZ~O=}5EuqEZ#6?SZ_s=l1mG(mvkIJW!0HN3;7`VQ6Pp}1qZBoI;<
z2TLj#+_8HiVO**$Pa1hWrwLJ~KF7$c1u@b%S;!ky%6P5X7%^3t-^ZJG_Fc?7uWeEE
zN}6}dLxWw=>SQl1t7L7H3btT*yxH;%6|k{Y=}4gR#`=_lLkd>g@sPY_@ag%{@0Y+?
z@IT%lgJ_{<>T+|2(iOP?$?mlcg2m^l47*tluhvA=vxm;P?TGaK`Ezo@7CQMX+$B#^
zJLlCD3eUBnuoXlG0=;p_(c-l7KJT=uqrs?lKz)BVP|XI939ech%{0Rs$&p~*At&dO
zTyj?`PuOH}Xnb*BvM$Tx)=Suz-JU4pY|2ctR-GtUBC}nyydWB9QY#N?Y@Dd6ls9t1
zFJLsnuY0|soS-t+(metz>rj8X(R8<g&%4fHIK3XaG9DI*EQKhk!5kCGGD`U&_Y_ti
zpV+z-+c{P&#`AK+cLY}t%NZTqR6i1Gz4$T0vM8mlv{DGHDcgV7WxJ04BSGphK_9jd
zj`p#h-&z?**6t9iF0m0t5U*<+L!<{#>Y<nSmkqt!^#wzTm6W-8H#AVC3I@ZzM%r*o
zzNDoR#Fm`EMP6qtzA2jhFBXzjAbm6S6Oz%Lc%_VmX`-}~;4@>L%#8pPeE9wsdq|2u
z_&1S#aDYAe0Zh>mK`mf42d~T)MfllqC@*pP6)gfus^}|rJ&EpejGoZFD8fO17)`fd
zC4UsDqpxvFqHaha4bUeX5yK)*&zwS81%`TaQZk0Kk-8ZiQARn5i>u>Zgd9h6Hkuc{
zBsjzJOyUJB!@3YH1Xry~DRZ`-_&RU&JAXxo1do<#Gc*fievWY=Lg^N35$(CaX+atT
ztfQiSwk;j$C<mKwad?0$!pg{GWK+G(!^%lVR&0wz-Ve)3SncxGv_xb(HPl_$%*UeL
zaGCGQZX=NR31Nq%k5$IyE|1+sc8Nyd7@U22sC3d&mc1yxV@keDP1F)wp^ixDkllS#
z^MPrtEouMVwxkZzK2~ZGB7GHSt}Gnj!@h^-jQ-qEckbbEh=zhgsgs9^8xtf06RM^(
zW*0Tme<nLq__pVd3Sv+=yHFB2^BOPF9{jG|?XJ+)8%`c3q`iw8WE+f2QA*Du_&K}s
z`vdXQeS&7d%X_UlAw`$8r<_Zg;R5>K5E_L&1-xA1L_z3RGpo5a(vBU$U73S<^Jeh+
z-}ZU4+yxO$S9izH-Wa3?)-9-x)i2w@{tYsr-8fsDWIoT+YmMkjm3X|@p<uOK#jhTc
zn4pr3P+~$i;w+N!Rh2D&m<h;L9G29F99F+`S-;2Kc<!u>=UD088SvP_Ue$N@k&M+K
zW|KzIi?P0|XPz18O|8zCv8G-$<pVTA!R&_UsQ()(s`xRE)(HEWRv?vxz%OZLH^>S|
zS8=5u++w>^4DV386la?a=a7$mq1)&Ux5)S1=1tj&H2Am=__wqoI%L$jpvfu@+&oc-
zyp6dxUMC7ETjK4JLbCFAu6WVN9<u|OQ9m5L?(!-)hP;!tI5!)yF;A;XhE7H4M#&0*
zkIOVpOgp7tD+<FY5KX~#*8+gVZJe)DapU_^+eU?|1M|hjuXOop>?id)naHFAsOF<5
zxOO<U@e@}(eJ71*u2z$6*RFF-Cz)f6CoI*5`_RT4^HE1GKV3e)4m9{PcJ%PI`oo3H
zjZU!5_=Sc4s9qZWs_qJYb#r=(cfyb8+r#AX5&co=b#lRclpfb{B2c=T035bbpnuX~
z5qJEBjObi0Qb1rMe94*+mDK<c4b8O`Bqp#$;4eswq&_anG6u6RE3+))Y!=Sqc1mkk
z-n#_X93Z`21?in~h`W*z&IS{zp!gjX@LGa6<#<+IO&Y|rTX{tVWMfMq4Z<M8S#f+O
z^9E;ZBU<%gkq2kfMeTPZ$AGg9h@pE+ja^l_kb8To;p|ZVTs=J<&?-}E{b5Ffa;StT
z)fN;**N=={Qqn-a)Xdv`<lLwq=Z&W+sX)t<LxCXMj9v@E6xIW-SJdd~Q#}Vidx*|(
z@1#t0`L{T^^N3c2=@A7(n@ujpQ;4NflgC-S%X|3DVaxN*8(2x!)<@jPlPC<#sL$%8
z`BztUnB)p=-Qiv#EBZP|4RJ$?fkPs{Q^*E$Q^H1YPyg`%cbzVw<Q|=Oh^ZP#i!;0o
z93v=BE7p*!md?R0pM&ZMG=dB9n`PJK)?u~J=>kjgp}DS7&>Zhi>9fFYq&9504CD;w
zsRB8>Oh0huQP-pQ#*;&mruel79E4z_IrThz1xa{OV8j9vdQ6(ML`{4RyiSDwBAl}d
zyJ32Q+r6vD>{RhqgPR0}yX1y14XH_z!CYE(JLS?*$7ZS>GntXJhwsxc?()af)TTFv
zTrxmysOfIaPZh&`O<UVcaz$l<94rj}^*8xDjZjt(|AopCaL~qKsz;?B<V6rblzhG=
zW9WIsxy^J9Pa}a3AHGqCU#zq1<BbK|0oez{*TEzB%j>HP!K7P+I%mxhPlFfJOh$ig
z>Dsx;V)Uu__yJ|mW|1718~SHX8N(GaJb+IM-wS3<WGC6FtW(k}bc1r8$~p=;nRKY*
zK1Z)?sN1^}Qh!wFC}l2|wwkAS9{!?S7HX2>s0~x-;&iirVe=qvJmu_CBA#4=n<i%_
zHTzS}Ot)msRIx~<k7dpwoGe&yf_0K^=4>fcx3lM|-8{zZ<+OzN!r~>=0P72oZtW<m
zi{;br32so<zOW3KDz!Mqe65h>G%(9#C-wR$%t*Q#rG2057;f&0ZvI%z#ij-~u_>Y^
zHn>nXCE&g5KIzXh4JD*=1aZ7-*k}U<+)`v;jD<uyChQ`KaF<7_7Nb1_pIGU7@k1>*
zC)eeL1FmsYF4!)QLUXW6G3J1oZJ}bC)717c)jVf>HTCtb;LK5^&+#^;)?+3PN#k{6
zRZBW5g-=9Yb#tSd^NMnz*=^ae7~>WEx2msuqZy4cg;?(1<n_0U$|DvNC@na1tFcn)
z=8(x{$4u;T4XCD({BILPMp9KvY{^!8x9Vk+OKqzyoE8H1a9O%AryX=ZA40jNzgU;p
zdILmT9|-fljy4h2h4YD+F?h2nMap@gAFt!%H(t-k9^KdlF^im~&Ry~(w>lh>cQIVI
zG)lf&2w`U|)xS#LtG>!5a`0TdY%}gw(~LtF(-7w9c%@}CQbA7!|BlJ0M6SJoqTaGN
zSB4QPL)DF>kEVW$CuD=ANuuInuJ1d9lJgf{#jWBFuAR-8Ib-=a?|aw}sZ0~S9{okj
zK$H)lI99?U85YQzn9eNL<ZhM_qhjKHT?bXH1ETecKs5OH`op+YDFxiqFsGF$^Cd^v
zQ!E?o4QOhINRzSsB@(D~I*N0chHA{!Abx1N&10<P2=Pg;7N_TQk0L>+@c!ErcTl*0
zdq>fj9YCGpYAGqd)?fGlhoFlCPFfC=<z|zbUbM=!p{ZtHkAqzx0c~>>Pba^%iddfy
zhb{WQp~N`q28sRgFuf%}Y`!7blTS-sBF0&T1Lf1O5eYjrB4LsIUQDXno?(xR9jY}&
zJBDyRPXEvDm>&35@IufGfj49P_(tCEvi^yK9$90vd>@^GXxXI-I(A&&EZMb;goIo=
z1%3e~XlfGpB{);<I&e(-e2>L@@SVt%;coeNym<>yw5z0U!GX8ZU<+*1$IoAhRp<4F
z<!CvdK6q8S&>U@Z?lH$mI1Ieb75T~#=SEHCSU?ai`j9}~MGfkGqeg;BB4JaN2Sm*Z
z`Yo3F8zZ58q3Jrd#K9xNOBBZVo+O&5OQs<Tp()TZVP~^CtL?yQIS;~?5UVbG$Yskz
z#_KQfFWF$58VRIiu*kUMfwGHkJI(U?+M`6VQt~_$M~NiAK;Fvn?NuOvi`zqG|CZB6
zY7I~*E82hj0J~8_;d$dCp-|o*LrKa)ubo9gjypVqE4Idm_-pX<0f}CYs5Sm$kJ?W1
zm{*;v={njS5&2WobvMMXZkJ8f*~~>g85;RMCJc&PcgHEQ$b^gwkI6x-PEW`x-~>>>
zf7|3Wl7qlOcsy*x(SEF5;N%)xRcYdqCXL_CG-*ibLmUxv^>_@PXY*?)TuHCUL;<rL
zF+|@{r--hj%~^4&dEgK4qcd@_o~Z+gDo_MC{T++FHYhi^A^qG7QSDe9&6N%h$HA#V
zlh$~gpdX?V;jn5>6^a7*JFba4oG{Ovih+hS<8WHNW#N&Ej&JcU-a-*6Tgf(B?0Av9
zL_4%e@w$t{o3w~R!*Wb-X6x#7HD{gDuD-2~Vy*GiuSu>7gZQprH4;{6ER8&KAcbhz
zx9UBz*#~82o+QL17lriY*joCo)*~$-U<*QG64;rs(WJFhE)A<a^^fSMI~^#!_nD()
z6M8y4x5dmM|6PT3Xy1U^-;wTB3;R*2BRqXnZ(3P<t-QNEUtwtP66G~L%}I30TcO%I
zLkSMO?$gK2nO$VEv%T}Pq#f7sbjwx0UKL-K?ETl`@Ue-e#ja<>I6D{AITaU<sko}0
z=KI+>wS2@3R<>6!mQQn~2is)nYO`co!IaT2vE}iEIY)Yw#3pnaxwIo#U+u9}V;tgv
zCuRCE1?a-LTAJUI-p49J5Gcg1@Yy<Cm*NEZ06E4*JV{PFi_b*6E#bnxt`&9kV>4hl
z2TxXI>@;Owh&vIpf1!8N#7Eu(d!LSkwcl-uq<s;(UmykCk;o$H1@PS=GAi~-io5X<
z{+t%?uc^6hLcZ6Xrynm#)Re$^Ic&QzM;q#r-`z2S2(~mj<Lgi|$Z7B@`$aCzAFoLl
zzg6#No@~-!T@#U52L+)HmWF?rHT+#q#y-m9u7%dSFNo?lh~?Arsoe@A%>4g=yz@U+
zljRk5_RSJm*grP7DnxcJD_aaBXBH21jS}R$RdpQb?i9zU8j<VhB_5hO6Rh(_W7IB|
z@sS}5cVUc=`S7m`kkw>wtW_FI9!qA8Mplh9qtf$C3%{0WVJ;KOH5B^RaZsSWD<T}R
zS#Er%h>YY3cXvcMZUwNqeq#kCf?wfHepC=Fi+q`J-rfjC)HsEl$8u<+TpJG!na!G_
zxP4G=%@K<&7{3dvFi2s|upZ17(#s#ZlJ$gc(U1Xfo(IpQVE4rW5%D4AY7~NjtVVMy
z{$fW@Y6=#J-+x?AZ*S9HvZdB_{vT3m0vUHRY+{ZOR!ewt-2{T8jwE4_&v&IHo^w%c
zDA<0r2xaJMd^XNF_`r0`wtuH=`wL{-ly_5Vf@88>A~v#CwjgkF+=nKqAFGjImJSE|
z6hlJ}8j7xk%XOYdJpGG~d`&a<3*X!v+0NENFdn{}U<?PyHoy;zXobqP&40sA5<H)w
zptB|p^uN)MM@kjj0q41h*`1$O8c$9Q3b-GnV=9GEzCNH2_HFpUWqi}10ig(}dyl5`
zt#aG+UA+RD9qY;TJcT1>ZZ`KV71Lgy65%tX7J?FEQWVO^nmSxsA5La;VGZt4J%#=O
zM<c?6vN1>dr{G6hHqSw1|MV+;5jIXwSZ``^fZZ$Ui&%Dq=}C~6?bSOT#2OX@+;n^*
zZz+Vb$M}h!4czK*yNC6%Tc#l*%8DLvx+X4g{p3s45z&SuLd%`E2b7P-C{nU%H8x3W
zbuIkHf!dicd|4sq*<|>NvwpvpbZW3wHxQt>A0a=Zp?5?;XwzynAfdIRB}yDYO~eML
z@DS5yjK50s!9j;%_-(H~+dr(t(A3}RV0v|5!V$|&fqk}`CV~tsa`A4&^7WSs#K<2=
zl|{n{pOY-<+qlOaj@f^UDr>+(RQnB2vpUjJ41SJ1-8w7@1ZmR~4tZ^_Jk;lSO7^0V
z_xfx!`kit+L+w1OHgNPHBQpYx8(C+A7czFMIuSSiCeiafEc{`oe^VkpyE<jZS;eZQ
z0A5*=YooDK)T&`6<2`|ZhB^BMg`Tr@%)Rk<-iieSw1HGRG<?ra{jcD0$Mh%NoH|o=
zOW@MOO|OjnmN&it{dUgHXJ(d-*B~aK1I-ZO8`twsBwPL`YxhGgj4;^=9yvGoKf1?|
zMX|IT#fnzfaMxxxr_AB{64SI^!86U|!vu@<N;=P@mng}TDK`#@SCy*3g-Z|3P23L>
zgBp}NX!!8!h*tkFl5TceBv#HRle(4h#Rxwl%#vA~v*DcdNghw`r<(++nk*_%b#JJ|
z(E=E9<*+18mWK_wQ>XHfEp9V)#%@(-w>rk0o*B!#a-XmwmwfqR@Zm5+b}JmPKVb>E
zD7_-OqbH_uTr2H*RhD+W60!o}hUT>+j15javyE9La*w_#uupCA{5d(H=Tk0bB`!Mm
zo*(|Jn$Oj7W)WPYx_G(ixqZ{BX#4@aG<rYyxJLm$W5zI;b;$jW<i8Yfadvm9f0!iX
z&EK}GWRqhEb@?lG^q^X_RYnu~=OYQV2V0uixx^lutTe@*8!2(@Gl)8YDyeXm$zO+`
z-LAAMTC?{!N-=EA=Zsw*q&qCO=4Im@zE%*CYZ49d#)g+Mm`T)<tu@ZW9qm(*nsp=)
zG#tdehJ*NWm(^U?#qW`QPk1_zd<1rgUy9;quB1lapCilUM~ZrG;pT+g`gyb=CweqD
z`L*Au3Z@|ESf>|PEla-bNtNrLkYsgIJAi8bCEkCLYQ>Vod3*W5!f5t7yY-J-RC2t|
zQh6oegQbcR?!Z1C^V=J`WEKS!pJGgbOjT5G89y#JX+-)^4zS9C#x#ei!f}FR?T=HQ
zCeWqV#|}Qc#v=KatWTRZa1*&Yt9YV1TgA^VQ+)3R2QYD{8kh_j8zIPuaL*T3E<Ru1
zCV>UBgRnZkXRAOplVzPxyk}`-(csEI>OPJgbHSiYs{7bUiI0<#3kN0b2@wrOe&%R6
zglB+YY)KoeCUfoQ#&{EdTO3KWvlv1%7-BnB)lu>)MOCc?=XXjP6^qwTku$<kDJ~4b
zfF%5ZuMfA>#tGEIZ-G;se}znN3V-3O2iHxfyl^VEdlzKo<}Fnba`3%^Se*hnn3@BZ
zkkng-$6FI9_#BL&W<BkjwMV$GOcf&98&0GeLxbvTgYH-_#P*kq=!v5~d~LX2qtMC|
z-lz=VcoV@<`lMb}X+1UZQJwoN83X#38u~ZsrXG`4me4>^H@#w!jzeU8CTkqW^c_qy
z#`;@!(G1Thn&E<fcJgRw)yf&m2Ji!g=ij5v9(Bqy6{|TMZt0XF-QCvXcyYHK5x|7g
z!#te`&Oke_%C6XhC(`bCb$FU?;dK{+U{O8Z!u)+Y5cW|>GN96Mn!i7fcQ5qS3pVcb
zF7A#@x)9Cscc$UBK5>T!>1nsU?64e)IV>3T$qXe0&#*FluL!Ej)4LI#jrjU-nI6j_
z=R#>yvig(a4NZEcC~kdYw$aNcJOfT`jahB{ky))IrZ5tGzmL|O)>6o9ncCLGP@UqO
z>pQh0sxZ{oRkE1UY%?kisOlVmBp%j2plX^#xCE1yPQ#aM!Cud_1uZ@mouJMjt<7-T
z)8<S~qm>IB3s*MBLMvAaF9)MA>YcBZx|>C8zlOXz3U=!h8^F^iNaLdkqv)JFyuD_~
zPPfk<gAjhhNMi92$FkGysGJ;1y$pp>mTkEwBr3fc#0n3=m_**AFFTaXzCTO$C#>vc
zO9DHbF^f5ML{@4H7t45qq8Ze(pgNF6ohq#ij|F<TQ(B6rIZZ>FU4}Bt#!dsNKWFYj
zniK^Wzh1@KlHMosRDpS|nS#v-VE^TAxr#Q6gu)qPVx0|K0yBp8BRzrI87(RR*u~y4
z764hHx#bT@Q(TfOv9C!TsS>x+AozdTan1&KjV2=@<qpLJMAcsNRPvy`8t5Y-A6xNm
z8Vi3<5F3;We^eMzJf!ctFU#X{lZA4Te^jkfz+pboJJPEBd2t3<dG4jW!tU4*<UBg9
zXO9*2lL_aR<m6P2#+7J~3elLaKa&-u;8TBK6qFX~_mB@!m&I+P`zTsR1glBSZWZ}y
zAU4`8$Ryj~Pq)m*xt7^Px6BBWUF?-d{{!z4UZMd{n0C|*G^|v{1_n8ZN!vYokT8*O
zyOkMqQM%rxJo5(`R8r0Xi@~uf%-9n`8N4x<QX*Mfs4YHJbrfTiC|ihz9LWZ4%f=uj
zX(~??r1s4lt}Kb5sf$-@bvGjAZ~SVO$1dDdY4@bB?i;CN`@-+)n_aroK^NZ2S}Bxh
zcUaOGxOFNN{}<98d>_&jSXFSs;Y3o;YgN>2$$c<Aq47;}pB$fKjpAjQA3TXr9t5?1
z8d1p=l^=Mf^fY7<%|qE*&7W(<A8-J4AQbPn<7XNlNN(9$nXZZ@fexi*=5Bx7V1yM1
zxWKd?DPB<Q7}8tK(X%y@X~=`hP{xWnmQPaLQvgnPeVkuOCoaUG;uP`SeQdQx<2YN*
zeV&~6-KF%o6|V!NDMLn7bmozX*j0&FR&9B6Hi!X8RwDIQj+J;eUL4-=6vtPX?$ppy
zQ_S4&KKIW|+Op*{ti**S4Xb^UQk#?L2yM*8FEe1ViD_25IosBKn<kXNxE3kd9jQ}=
zfj117bQA`eAN%JJZhv#t>!A)5q?%7qSswU0{(vW&ojP@va=EgX_uNR{m-%FJ1-t0&
z?~3<xEtMzUu1-<e+STS%7fPqP^+urN4V2Prv5J=s=5qVzz1P<cD{Mc-@;PQA=w-bh
zzi;UMq&-1`a-={5D>Fd}a9W4|%mDd6%|P9VkTo===tLlo2;9rXvUPskZ|vK9zTyme
z0p%s!>H!jkDg-CUDiGLm$%AeSqUe3Y4f~;jmsgVXl#6}VD(~Nbr;eRq^|_@HTcOkc
z1s7gG132>PaV07n6HBC%$~AriguF&v+3P3R+rq&KyLdMdbo=Pm!!|iQI~$RG4=V@r
z>P#ih>eZwgT{tA+?$r5qB4tq9gDdE3`GoJU6L`c-ogj}<BxBA(*wYX2|CaSZ9T3lF
z1-JR>5o7(oVJ(#vQSw*^&&!>a@U1Js%FWe-)a%|v`!rV$Qej2;yQ$Lqtv)V)Gsfkw
z6qg6EJa;Js|2zihhk*Yq_s;JjgBL|JWMY!LgR|(cpl~~nw!K9hz9@Off}f(-;~!%6
z$K#uooIg^^U#Mmty)N)dSv3z|wTIu81z~@Jti0S0C?wo5U5m-$|IPw&ZG`f9WeXJx
zR&+sDH#sk-VjJ~h?L8&3=2l1f)9oJWQX-BhyreX$D7AGB=K^Ql&1^vxS*nAyOz+!(
zEv-&Q94p#ypIOoJD%eI_*wgi}Ez1;a8<3I)_Ic2>r7V^aqw*lvUbx2V(W`bT1dLr8
zJ4!yNwYI!2uBD!jbD{6MkbFm{4`>kfl|ne=g77rAaX9@cr6lHX@~lq~@1H1X`L5tj
zL7$?-ze?&Jm!n$Ck{%b7ab1n_d9R*FHkgP5Q&=~$H_M#>!qCGOyeezuRg^pW?#dm%
zQTHkkGfJK{=-#cd?im~E-M((9e^);{VVR=nk#rllvNMqj`O@%IM8&Uyrfq6b!|V5q
z$PV#Gbci2g9=FcvxYu_n^Pg;l5V`RWn;~N*;rO$QYJ4r=zb(|DQNf@=Ez<D&O~OTv
zp_yz}{}}W>wcF?r#m35e`Gy7=Y`tc2QS^H>6E!f0_^iyS$>Jv(8Pt_j=N2OUnx~Vv
zMj<h^7mWrepg&ap*V2y-ejTN+BWZpOY4i-v6Z|toVGI2K)}UQDjZLC}lv!Wq{muBO
zX20i$Qq5C`@Y$rnulikOb1(5mIQdJ9ew4a)XnAUQgKVcaS^kyU0DT_O-X%}6gH&}c
z&(hJ@y>}YR4MZ=>@4;R1-h98@X{2o}Oa$TfQV~IJ&nb=C!uoFIhcNfzf^2MT=hz{&
z4k>oTwL^{_l!&s9GpNIr{9?VXW)o?}mHMDQRPYsYxbnqz+k|=>9wHI|Qor#b!-MKc
z={_-VMI3v7+|0kvPkSs1yw2-7O=!c4k5<#~c@Ap&vVUXH)2H}x!);KpJpJNk!dR%*
zs6pMkwMR2g(?*V?G-V<__dj=*c7eKmkB~|A%J#jSqJ2}U<m85Hs|rz0wlBp|az)G4
zdWo@Qa1H0$k3Cac%!n<MY^krx`nz~FX#iaD<C2y+s!xJvP$rd7^_1svg~4`iRxiua
z0G00ipoiHKa*JIn7t~;$MKxBWYekxqfT52WMztf9wq+eO4IiZ~rH23q@+2ub*i>8x
z&Uvt`32Er7?;<A(e;_&G`7RD5)2WH}THYOB&g%=oMW|rBr#%<QLk^*)K7?3=(-P#Q
zl8%c^O#DJ=%6U9sA-nK(MYDD-*G5EKNX+on=|?O6$=*mPe2Ny(2xiX)%LE**$QDFJ
zsI`9WR{%D>Ub)hV5VAYLCiWWj(bDT={WgC-J;JJX^$~aEe-oipn_;~}gAKB0NHO+s
zhQw*6hFO(u_R#?{6F1Ct?F~!GZm07usqNafv)BDI+H7tyaUz?QwvyUIGZ*wXGfloK
zedUelFGZF<kI!8>{g#>RjOLZy(kmBH&|SP=8e3E$s9h-XKT<3ySIWr0;&dH9k%FSx
zGM-cVf0IpHVg8%<3mnnes?SQg!MHrG>xT-z8HWltZrbd4zjLZ>$S8*$2HWcR49Cjs
z_Uv$sbvs5;#~g&TAU{<rJmoruR)W`N)Y8WEQeBKOc?n5Pt&U}>W|m?r;Cre9I`$-Y
zh~~$;)86-%_`{rJLtGM^WKz%Wb@p0-LL)yRCd4PQH-Cqhs<a~{Gsl$T^i$X>5HLdH
z4KOL?!PzgBTUsE!ZeL;PmM}T^kAZwCBRbWGb*57a)FjagfvrKRGsXz&SK}92G$`r$
zp2E?}1;<0yAub-oP4Wjq&WJ=&x+Qsyj0dlak+e-Sv=3V_#EeX-gl)Gr3abe;6}JXW
z8R7M+b4H$H)HFMA$1H>eurVO9KMja|<KPzF>>*k=G&3l&w4hu0qc7ArisC0(yia!}
z&{i4$+~lNU*FIR1j}CQS^MNBj@x?x!6NRF+m)^fcdEI0pKNT~X6dAiKwbd^6Q^xoY
zwvy+fP^!z8WMz9sS=lCD$TskLza5hEeR8$iCB(#B#r5cP?5?b{r2Zj-`ZhiKWB%wV
z$vhK`4^I)fic)7mR8N+?v{)d^=AreBChBygU^8FfDE+rT@?th;Eq(US1LcZ<jeKLK
zBvRpV*NiGbSXodQNBflNbr)t$mGt|&W$f2T-1K}z@B|y`k|3kqvJ9%S(%o-+mcCc&
zO8>ZWpru*&Wzd^_+9)bp+;W!B*ChN$O>y=gb3f!q^mW3c!cOB#ohZ>*3_v)Aa<m=^
z;BnPV>0H;7K`BDW372TsSoUi~K*Q9-exwg+>Oo3SYV4s@WSf0*WGlj$uKR>+CAb!b
zJm$k?se2`#?v&0xssc+{ZO+uq>&Z)dltsJg`pDPD>`_w>x#%P0g5EPz>X5{e+*fDE
zLnZ01L9}-QR$1LcQOLJL3Xh*De*T24F%?_%`xaX`+Uj>Uafs=bDb?o!3Z*SDt9uK7
zMjJeQlG71xJJruO(jcn7{gaP@gbB*4w3raoj>1S-1N?xKVbBZW=he0@)%}B60dzQI
zZNa+dAziWu@H`-AI;C)kr*Jgvr3n4K*P-89uHskEgLLwdvnUb$3ZuQgCl}Z@5vik>
zS<N+2Aj}tNX!YdufMlfZ@SoTk9^WO&3tZRL(W;<VYgv_<XSkqPX-YghZ_bxxk|+$q
z#>-*W)oq=Q%3)IzLF<+Y$zkbTOmrOGMqd137Vy7bu9aXvZ%RuU)}-Jmm)7OBQ8s#b
zuc#2GEHfLG<5tE6bEyogrXa`4Ml6<hKl6PkdkA^f>615_%B7ga@BG-QVUW_((B_m-
zaGcM)mLSVLQ2>Y7NS9I*-Zl9ht5aQWI=TRQ=|LHEN;%g30umPav(&_GF=M)>vb!hx
zJj*hI2MJYh8}m;$Hc(BIK%>hWKW{ka=$JbpLmVk<<)co5QreG4ye{?LN!bleb0EF0
zLR8LnHIaJqj@PY_cM$4}N?D4Ab~-+K19}%&xh8Q)39Pj_j5nq0YsvL}Wi?wm?Z(;2
zA~X22M#IZu=tNp*AWa<N=_@jS#PaZT!lI$v!#0J?hQ3#)>|;TC(%m1sbom%jN(CQV
z?U6MXZ6@p7!d?w{`z}N;ZznI?bON`Sq)rsCzMMT|DxW2)nz6lUpsEQug~ZX1Lzie=
zZdF_4M`{t)<z5jL&3XB~OfbCqKzR`QV|T`a0CLIS9xgn-6;{Sg3Irl1wqEo}ER}2P
z5*)t+;pO`y;ytKiDn;zSns#^h_vn{g5>)f!62n)@+MaoLa~EFX;FoM>pRHCtpFXN7
zz(#J%0~_C?dKiC;<b>25!vqv*AnZ+z-H0z2SX$((gfU%PvzTM`5UqHBd!&BJ$L00g
z1!8CQQ*EEFOB!!X&6kR5RWsSwZUk{ul#Pb4)z~dfE4FhFqgVQ>ad<&#l1>xPsAFnA
zITxb*`N=P>rF<juNb;vDyhb#;tx9v$S9zrxdML3h)bPZ<E~??Gy4!W8<qu1+K>qUu
zmGBN;AOE6EUeP^Pt8cfBZoPtn3MA>sHddquoxrq|>*c9Pf%fpx-U9CS7wwP%LpHmx
zdIMZR@yz*W-W|Z5YUopfZc+l$srtJJhm9sYUHLLHY0u~qUdg+NCwNk254(moo1S)8
zQDAQ5#FWy>DLp3Ai{P@CHsf}@qSU|y8~xVTUl}<IM%Q_7tUS~jfkm~wIsXRYT}ejY
zu^%WEHO!#+_lU{%x;R#u?v4qHCv2kMP~})cn--EjNhA~$n#IO_*CJb##mGP7LnLwK
zB<41!PS{+csJI2cSU%ww)F7{_nZH#bHA7vgu9(pwyhb@{4VR~yV~#YV@2j5^`2Q;B
zro<J?H9Fo&7OT0Rc&KCxxA#4VfUjm14*RA!Jnv~J33g!%El<>Q%ZNS}Ol0lceUSI$
zs<%lEw&#44yp$}Av1a8mhe^G#zVPXOfEX7hKr(f|bwz~?AdiOEtqd;;YLf^#D5y>H
zN7Kr`&GyorY%BSG1qaEZmvy=(d91>-)=jj)B*hclzE@U!hjZZ=?}TDVz8kL8+AYsz
za#qO1jngmu2HKdG<U!v_e|TR%F(VJ=oSg>xi?uEQ15GHDw$9V9>;d4&y}TyIC2>?x
zL~MSmZJ?XA^K#Tcb*=TvqJ_GyPfsQ*?6PTKE0mOZsTY$bONUP_FOUC%OYbS#5eNqj
zq!P+TmK)Npt5h&;hCkkbj#!C8=OGZg@)nF{!oc%zLUK4|UNhLQ@;ewGmT3JacF|el
zl|BP?+csgQU&zUDHVd`%;F`?3pRGMIbSoC((>mJ3l|EP|GG-}{VGWEI$xF0D3wLjD
z4~vsf-CQA~n{1jBy@OB76yR*wb@5?8)?HpHHDYM;KJYo}3qB7W?%7?OVqaS+`@32e
z8+-rCx7f7A`fTc)lemCIv`7f)LjgSRz`i^l5BP|PRf<`rJo9o2aJf#N%zTr&%-7y~
zE*?QWs|d2;7}94bC6@MMs9<u{t~AE+r@`kcB%iC$%<;|My-$Bmzg|Ha5zf;q$cOL`
z-xtyo$USQ2yM%3f2H9rM_hOZ>M{VY}WXoQ~BDvUdf)J$eP0uG+iw}06D0&Kd{crIv
z83`Hugo|ti;T2QMWBhbVPAM{)XSdJW!un_r!S_9g3J`<f06N0MTPk3M14o%X9LzZK
zd^Z6bbR?_M0=IfO*GK6()#7kFWSyZntnv-Bv$tkPj45xBlTJ#9mh&mr#O&~rlOY=l
z0ye(F(S?xa<S4Mg6{jM_lW9H>`11$SQWD|oltv2jp9gi`AoQ74%G4j!2%=ZS7l*{_
zIL4QRAh<lRV#Y+^pGe1AN8$2~td`U-Q@?TmzYuB_eiXHbpa05^Oi=N_cNvLFdiM{g
zyg}`16o!&7^c}w9(D|v1WQ^WFA4;XeZg8&mqU8EZZKUipI>LfD2IkhV4cC4_y;qBC
zH#JU%$bE;X;d!@_W_UDq52O+@md{nm{mWy7KKn`nO*t<#XNiq+vrMi6NH}{!98riu
z<jIBNaf@uPzY9}HRo*sq9}lPW*zHiW2c33cJ1L}BI^8XvPrH{%h?RJ5<oEC?jQ$+V
zIyTOyC`l;Hr*gD^o%zO8WVveq{6^w7*4A7(p&B#v26o$Mk;v4WMLhT$>Widb^shA9
ziWBPBy_mroTEiQ&8r+691WE%?x*)sjHcXbwm8S0F0?1$_F$Sr|yp<4bq<|`O$n{D{
zJ!VNugs_Y%03v$DMBQa8T6^D49vI%RA`jnE9;_)@9kgR7Yi)p9cCsNC$W80|EQ*X+
zg^w6EN~7a}gxS5%>loj_-><r!$a8<qWU`N`gXfCG*C=}Eq@RiLp^+JwKL=WxDQ4Ce
zKKBEpt*~d43(7ZNbmya6fDa76pN^<f=vH32$x^wQLf39zJUl#KDLE@uxJDTTZZPS$
z%PM_2lXlldsB{{Kh)KBqR5^`ishG~ynt2OdKZt*tJ9hr)$1c`<6bXnGqz}D3SnMDM
zWh4`C;I3KX>?R7~p~#*Xtx8q+!=lbCw%<rh5WTW6MSG;4GJors>lGaLdjTsQla2i$
zPEc)#7kOUJz*S3Yq_ngMV53Odb948)A{y^86oZ~Cg0DUvk1@s<Oi}K~)~a#*pq(qy
zH$=6q>Fmqv22q4Jr|mXNR;}QkszH<gf@^Tlo4}{RlS{B^(K<f-=QJFx1A6Mt4eO`#
z^*N4$5oaU~U(&ZwU^v|Ft-#AgLY>{;lM~#xD&s(X2E*Z!4foTa#!YJsp@f0#{g=hz
z6kR;H$csXz?WG{o@*}CF!ltRjgLF{BHz(2;ZD{%1?(>Q-q!oDs=`^y)<_~&YVE~91
ziRd!vts84t)R#tZawUg~h6st|LQ)$i>EjaFj0llLg;aGe=Zhyftv3S-jM{vKGK+uR
z+BK_e;}Hqz93`G~bp4huB02~|J(D6=i+I*7!BiNS4>AF!^3>dF1Z{q$4#N;iX~pn?
zt-ybzQ3_GxIzCoLudXzf9x0n!P3*iMyFHDnHp?gD#%|j}UC!-h$<6w_dGvH04<A`y
zjI2P;Fm_H4%eU!YtmnYr!1S9F8f>d#@WkZh)k1ZgeOVzRE0|x&Zx7V`S&P%e!H-Rh
zBCagc4F6g7<^bQC+ILFw!E1)c>1{g1)x76{+yiQ?lbxk3wp8DsT*#}giK<#_1`IiX
zh|^y6yO=D%uF@$I+m)wmzfti`GAF$Ls8Xm4No`hZ?NdCWd!u)FM3YGK;EFo?u!1TE
z5b2?t9@o0nx*&v|(e>f=J9(L|vl>5*mWS|p6KhB0{6Mdlz+2M&Ex~5$DKZ|*H?Yo_
z320PfHyE^(d=Tetv<>%fmV}enuX@y;fBklhaQ2i5KejxmNFP(F!oR`+jt>QLZ*)?%
z4Fg>q2C0QTtalUa8;f8RftEFrxvDUy8i7R5`a{E~dCPTG*2|flN+pMWxl=n&rIPY#
zJ!LvoE}sBhK%&1dFU|GTBgX+tEgUf8-ADPpya*fo6K>u$W<lgR%)9OS^!OMZ=5&%b
zH(xV(Ac~6^s1Cb{rR8b}oz%fA!xBv$YHA=41-sc9cat$<RWm<dl-jrcM`CXB96ngG
zV~7L%l|0(!s)V))$d!go_8QIdu0#$x0RJFz!u$@l($|tl9zH1gO{qe)@Zi{-lP(K-
zQ_RJ}Z%{;Mc>iR-*ZGk?OKdxzP9{FavzDeh=`E~Ulf$k`t6w`}=l5{dWu|jkv#%T-
z*C2NI4(~HpJwR_j4ij)H<U9#p<Jq(6MI7272KB1TDZg7HSZ|FVs5cNbG-r$OR-Oxv
zyuZ^f`n88u8m%GV69vt!A#RYc_PubqkB^L^;BrXgm@s+>v0Sgk6T*op9}i}*%ss)r
zH{01Q{6#AE)F=gDT8pP--ai7HU-|urDMy^t5}y=XS3`OHerY_BBSM~8>tMV5B?{=(
zV^{p)dp#C*L0;bzl!-SP(a`T^uL*IG2m6v*d2=eB2$s~P+OzF;jfAKlaLqxA4`BD?
zb?A$jP^7tyZs3d6S4?(&@uHIeuhEb154kDWU=CMGSVqFJLysYOf{HX|R#-)&=9{^k
z@$>u8P|CPT4UnQmHZOA+uQ`l+{p;jcwARHqwlW*JYI#Jmtknw=5`B`82w{_-h+%1m
z59o5VTTcH}MGN&ncaCFuh`5%Tw$#@jsZm^=^Lz{NZqvA@ppoPXPV_u{g|^ULLgKb-
zhCw!gLS68e@Ah6;BPyYBBCNvxn5&jT+|O_Wz96v+NdDIGa)%Re660xf7H+l~)0xzO
zw(7uQH=LzXe<9A>>O~f~dy#c-zRXcSH~6u^H;2CnDZl<r{wFPsjc~R<qt$%*7;#UX
z;&YoB0w-cL9rqZ6q20I|YVqK^9HP1kw{>Sp8vj!2ZF;;|gWSqIKM&Dk2uW3ra{UmY
zH!*hTA0k4Mm^-wJ9?pT&>&)S8Ab+R)v^rTcqZ^9n0S?A8UId=;JWWQ$2HZGj%o$F5
z0q?VH-YL1Md{OVPxOuW!teZv1#@q&Wi<V|2bM2hZ5ir~9G{CzqHvXyONTQk#)a0rk
zD955>VzyFswr#OrnnhBSey6GTvu)ktp@(h-yXR6tlhS(|=z@KK(-KGz$>e!?Sm)}M
zv}Uw3E{}F<j68N5F%fqYu?X&h+3(-)1La3Y$Zr8b$voFCb$=Qy`}`4~K?}Gc2Ja(J
z;(a^WPc_eC{n7tE!7_e~v3o#elX8~HCrh0|{ak?f7*&M~IyrtvdJaeUTokUwUZmF}
z74nKDs#~SY=XOo2%ypo$ed>ctRi3_u$l+%@l5`I|C6e8}OZy3pQN^devJ58Ncto#p
zSD1AyyYBN49#QyA9zY*k5qddsk;amc6ON(;qIK?F?-uS?1c&Z(;_Nlx?(Y1w(*9(S
zG-8&)Py{*a|N3wR_4TbJKQy-EdX%~aGDXH0Glrw#WRs+@CHcq{Y5epPGRk!MiYhp9
zdj3V4_rgh`_Gi$O8Hk<l&>pqwtT>pl3Y{^m{S@aSL7WGyRytr%eogZt-g5sg_q6z6
zPayDZfd@BNHS+4Fgr)dOT7d+9=gUAHuaSCA!76j(%(<CjO;PHopGyt(Mhj_fk=`W7
zbdgMw4Ig`Lusr{OHcq+kUZ^~|bQ=}@k_c2^gGUUEk~i0OFJvlc81QmTPMeMXTsn_Y
zTo9edw4#JuI--|KCFiaAh$^3)I3U}<6(?+qqzU-vOh_8$xkl_)6kSY0YTYrPWF2#t
ziA<ePMB53Y4}s;hmubrb;`vTAoaSn+grN%<^G7Pd=Fx1nJNM7~OzPd!awIrYH>ees
z^CVp0LuN8J4K>=R(BcV?vF8r$(`I@~flb}BT(aznRNr(d>T2ssC!bl4^;gT~MJh8h
zco)n?EQ1XzNzfOlJ9;TSuzT9C#!s2W$hUYGQ<8=E|BvP20!XBDk!(DkON<gvGya*k
zyV;Pl(ba1LDK?5?d<2Q)@_=42Be*U05$BUhUEuy=4BRwB92^MM5olfOOWoM1cO&_R
z1sZarBPwsD56Ndf2Z3lxWQ@d{MRJpz5V}tO0|wxx#p%zikBh5&ByxsXil#=FrLfD@
zPix>t7^a9V%rd+#1p=9hTRaRbj*PBgy+)x=68H(4kZL8D%H8_6&#Va>B(%Lp*bIVl
ze0kICV?|@=R7Z2VoU;z|2Uv4?y>&vB{W*$W*2_0%hpvCdeXDX97tOcI`p}~r9FiOm
zmPm~dL}hjF;>QT@PD%+a?(POH$KQ?dF>vwY`mfWYYorm`QyNbTxkWrc!d^~BBf*`;
z-(-wn5OA)s5EcyR$Df;)_;1RG+EN8*l;)45i!XAtpODiUKZ;$15qo)fld-L(73PSX
zJk!&*Nv)|+kas&4G2o`|kRckH$0<d?y91<FQuex7EEV~B2G*$N=21i!zeWQw=ph3G
zwr==*{)cMhf2-A>(_*qNhi>tp)Uy>;ZcHB`C6hJfB3W2ZPF<sUB?e2nhi4eU*^hk}
zl(4yv&H`U%_G&;Rj59=nThaMFL(6ys5O`%XDzT&wkfWggJLR+}b<7EAk+I;vNki*{
ziK#8f8ZMy{D`qQ|imFDn19E(-c{)5WV^=oWG1F1Bx`J39ypbhMDl5qtsNY80Vr5w|
zt%KG!myO;40x{dj%dN;su9UmeYJ%bvroBP~44*(xA-dF@#qj>Mf+t-PJlVe?(-G;g
z=SEwPGs_!~N_Ig>UDqdP7nJK0)z#eDZ`8Rh;$g8a%2_BU>UFY(WzC}&)j!8J;zpd1
zu)jt5fPXaz%Q<p={Z6S@njamqzz45moK!(*{eLe6MS@S7P+$R;`EmxS+j*&Ju<0_{
zcyyR-xHe9oFK(Q^Q-abPXUz1&Q?2%-s|e_Le_BBRNAeKa!(!DIJ;m$d*h@uKVzc5>
z@^HlE%fm+?LItN=o*HgFzz^7Ij%H#-mLv>}NrIqLGA}37b|~6k!6(}_bQZckQME`J
zuAZ+|ovr6|F*$cL1_HlWUaGV}eX!iFA94APAj{ese()>ZpN?ey$wA-6^`p@Gi1nPq
z(NQ?s?~ezID^QEnXGn?wo2Zsrv%-@+V<W$!$%{x=hnG*tSKR8|^nx^`v102EAo-m<
zOu9a%*BdTn{?BM|_3&-N0&YauD+yO#%=xjj_Nra35q7!$7=50*<3)4&?yx$ichd{#
z<7x5~9h4*yIu;o@fSwoguc1yC>TM|+AUuEO0TTajw-K}N^XdN~>VV}kd=K7h!mBc!
zKEYWYP1pk0H9xknZ|&y8<2v)<)LQlUJ`Tw+?ghV|myp{;YqCdsr;bDgG-dOaY#N6%
z)+qztwV9RF@zi=Zr|n*@(xLoDi_iQpPcC`a;rz5ByqB3TQ!B+kLShN!o3IIEBQLVo
zEIq?GO22}m%qJj4>}Vs}t@{n0P)x^l!C0@6j&F8E$XLcI$!3EJqR^-HJ*bLkkLv;F
zlCAlTpi?b=CG%KvbGQU^TExk~|MLteh@aPOyeA-|e}>Y6Gt)BE%K=>6uPhVndX~m7
zHAK;WqGfH!M@-(fV!@)8ExX%Su1z(2Ia(R?Ycfg|!v-aqwDE0n@GbKm{DI8v3>w1C
zqWvS5Ti{j3X#hz$7!P}uj-&lf`&rR|M@250u@5tIzp`Mzioynn2Ejk|u92RabtlH+
zdFPR=s#EL1YKdtq^9`fXhVnPlyp%2StO)dVI6R(KZh@rGWbV?#BYY9^v;D~dxAc8P
zM}3=UVx^~!h@Pt1>>Jqd!Os?$cq5Oskau>6^dS(<8!tB~#DATjwdGnlU`o-O%r8QH
zBX@uXuBPjQZ`uNhl}RM_;4^*KO>!HpTzm?L>Igy`kL({wtAd<R>=ItpRc#8P1$9kh
z?v3Oed^q@Lx{tzusuld3tw&+nYyA_-9q1T&u`#cMgnh_;VG*bC?s3zA0COZONVA4T
zvcHR7qYZwmx@!&Yb<Gi8ElS%VtoRL+#s8fJ;vBEpgP|Hf3tP+6!tw-B($+=kA|XW{
zxj!3JOCF$tg&WF1G-qy#6M^3!V&=;`5ijftN}Ho*SF_A<E#_>59}KoaT4%(I&x0V{
zL9oI$ru!sA<PXI58suGr;{Msl)+o13DeT@v`$I%iTGSz3C!xC&8uhS-1wbKXNu{MJ
zQO?+wvd*GER?D;;qn!0j)n%mo&sEh$Aa7<O^CI$X)!9tDwu&@{AU=Y@l9$wil0*Cy
z@5Fw2G#+#&aO9Y<kwZpE4(N~mdt4M6#u*)wxlIWyDZ8D$BH}Bs-Nkd@`xIxDa+B6A
zH;l(V5R>=MlFGb6h@~7A0PN)&;3#!Q()M`?Xr&YS61`buJS&!@D9Mi>O|Bl2rO0~T
zYKmAM;$a${K;U>_aSB3P^~5Zk4+LuOH%zhAk<u-aM(ZV~{oXv@?(-W{Q`%~H?$)**
zB&q1%_j0vKCGK76*tbw5=wc}$y@5?z@EoZAMSDp9fSnBjmi=<T^baG}H?c|YTT~R8
z`O9pdTE97OI)gt5`ef~&k+9TM-m&Zq?V%-W5MOp9loUx%(v(j-*wrsMp|DIJ+=!64
zo>(`r+&QX{FskEsud|Dul>dk>r;Q5k=b#UpCEf)Og)NlZHRs%}S-8tcHJHip>e-r^
z<)+z3`yT238FGE4PfmQt17!Ta+WV84s)C~PmlbAP$R?40A+t$jF|CPfSg6c~^wml|
zqlr83A&6o&zb&0qITt7E48+lc)-Sd9${w^9jeCcR)Bm>r1Mb`78&M+R2(~tNtwkiB
z+oPgyp!K}1AGHie)lo~6<caUmpR##D7(|43$s6KVEI)bHC&#D*jev`=cb;Xet$0wS
z4|TO(tK+16xQNYWgNezDIK%2OE^4fR^KVV}IW^gb=gB`(JyY$eBD?FIz99cL^jXGK
zm<SY&gZoFLP?_nh-UP!3>I=jUa<G?sYJ{{BFQ}N?K|Z{Qw)^C;JiG}S&?yg(x|665
zWMEq0>gv4VG|gm5*97g5DRLR_YErj1pT>S)wsorCs&54pco3DziHv|&EdULf&4C+S
zD-t+5q5eQz|0fh7?n)-Lo+bsU$bU5}oH^j~99==25UsZ*9APLK9q2M3QdWCJNZM|>
za|*dVwvT{onMhA5^-wwL_6!j9_r=}C^xl$`@n>=Abl3ZQb$eO28!j!xt`Av@=`Cn;
zl5wwAv>Mb{MzZ*^5qwAV)JiBSpz8*Vu8aQXwA`c^n5G1Z49KY&{zI|Mqdz!64Vi2u
zB3ZwKI4+;eU2uF9N+7<b%o;)ly-N_|fRr!gaapF{waciw*_>wOLbq!*&Ss&+y#9Bc
z^fzz$lEFxz<iLmZa^RCDIq<)DJ5(-+(b7W!|1E@84yS+5zbarO?rOxEW8EIFvvSk(
z)3+4TAg$YrKPZ(L;qjn~FBAx96$eLqZDD3bxQ+J7UZ^f;&b<UbJ|)tq9ejw_Qk$Ss
z*BGH*;U-C=i?M0LG>Tr5$H!o!7s(t+Vez3Iy_>r@zb{kFdh7jS4ZU>NQNtiTCTSX8
zgj4XcP!&E$+hsK@#m0dX^|)zQ=V~A*{VYG-EoPBI#q6pNi1wj3@+RykcgtwAEPiGf
zYP#`GIW1`@Wt&<B85ghED!|DD9$sxhOBgeXX{bpc!0VOXtxNyb$v?b`1KP%`^Pw`R
z9EvUL$lwmv(gYukuW&MZfqZWo$MT#j8P8G&o+PNzi=2)<aZKn7tco*5Eov#{Vbm$z
zZ3OvNh$V^vBc;_kcK*(*IKO4;PQwA-gnT{d_pdN?&C#iJgL;QFJK;s6WTon#qBopu
zmMQhfNmc?PYmOgM_3J#_J0^|%sFBbDfvTGl%$~F1wqXcwAIeq$k=}Lu^kaw3DOizr
z@u(LB2r*hDI5U@y<rv}xPS{y`e!E?wuh8zSWvj?lMxd<>Y7sSI#PV8aN^@@7T2{oN
z{p7K@qy!3RYf6h=xPw-<QLE8-r&WWY|7CMZpDi)9Dh4_JMmqFVS60hPZAI-=68d8m
zX^eaVjNq2ysa=6s0N}_L))<yl#2R0z%CFE`@0fjkT5)x*Q@^Mt^tO7YZ2Q?0-=#Y<
zS9)~?t~baWOyo&IUL&NASdq=FYY3x-2w8p*tq7;+7=fu}BPWCxC*t+Vb??UxbI&zI
zckBdeGx7xiewdyzLP1386VASHKj{yqMxs6zDws9&0ceB{zmiTLnhZH0RJ3B86D!u(
z11q5Pu5Bp2D{e^yudndLmfzLDS63@T6{K1M6>D2?aY3;xwj1q|!7l0yqvI|b?IH<t
zU>@C!%YBAIkD*U!QcGMhjuWc%>ehJWt2JSlrgs<~M!}k`1_O`u(VU<0NYo#&g&5|2
zU;Ug^EV(X@UATE=&ApDW2|bkKYJKk4$^Er)?C|B!a&xs-8IZoyS`)AhMA<Uf&0JP!
zhS8c+W|Z&pvt!COw-`^+{y9QDW^Z;NryLcWFtIEwK@G=8cA_`JfBpSqkEqzi0jqNa
z=talp1kMvAYCXnHjt~Y!fS;i%DKVMu!p&)Io8TBBFHVV7&be(~5zIGNq>`O?HYzxl
zV17D%F-Sev3{P=0S%iT22aMabMvKA1<jScrz!k-P><v62?&5Kuq|<WuHN#P?kFQiK
zpjROrm%Gcx)<all*p+Q`!nr-uew>d5`9!E*Z3&w_fPIWmt=V}CzcIUI{hCW0@(Qv;
zxARnK2Zk2yKx+pzS4L)Si4m#Y@&q$JQfRVZmrZSc|MS}X7V}D<sxa;M%t_dv%fk-O
z`Z#XKLz-6%v+9n0r!DOJ#BbSe-mc%ipg~2lc#iIm&)8puJa4&K?QE}aWEiXTY>JMD
zPdG1JEyTqX<3@;&XDkK0E)~F8f#hV)UV@Dc6>3nwEQI;R^J(`o2`$E5E{T3=xofFK
zD3)MBFB0PFDl7|%9cED#mcclEPR_8(-a;E*p`ePKQ@p_fPjwm#RSJSLs}he@p%<xG
z;WqP^6Z5+y+0Ue2#XSV$7Nkon6yU?~6e>fyXz%o}?F0EEqlyoZ62;rvKwe|!1EDv}
zPMoH29&&m``UBTEbm=@Y{I7A`Qr<mX-MX_-zMRbC*Bh}7lhf`f&U^-l5apT7NrCBE
z)Zy#iBW%^OFuq9M%Ig&g(^~o50GF+4>6Np{4mWx}Jc+DPUoDXG2nwPW$B!u*Yf}eb
zM8D!ALgd1<3}SO#?Sss^3LZeSeU%+y>Eqs8P+B#;xfK0Jx=KAkve>0p=!MB<gXx<_
zTjqjB%`}i7<2skV48O^;g?%;QQ!M{}%b!iMh+WNo{&ZCvGYHX7tUgee`i!)wr)oMl
zf5wN1uM|Iy*P+817F8F=LQT-Qdf?5lkc76u-;hd&zQ%Fs+jybF$$n4$07sP;_z)TN
zB^w1_t(SX=?VyK0s{V+XyJgB?homQbMWA`oC*=RZjFw^bm*%y#l1cC$*yPE*nx#K-
zhWliBYGrlx0p13s32r7D+L}6j*iO-}@#65t`p_ywV&fubX*!Dz93AFwyYRVe*x?=@
z>gR`&jA<JZbbYDT4N+A{-8smIuz5C3Y3yfy_+IY@qfQ*kw^8#+-z$DyzWoRnD&g=}
zYGxDfUh(C{^6+#*=uTa!PzRZuHOdifgP>wOy*s7{ekUZhT)|&B-o=k^dGU#&2Q|Sm
zZyAMm4%5RifeO05-uJlPw`rAOt8@ZU0X|=v6WcM5W~_%+H?_&bl%{B7cF-!!y{zs}
z4Zbc0L+XpGyh)=2RY_OuA_@3`n*=-}MQET%4Q$VY-~vCj#ZSO|f%F_7!)J^*CATnR
zr^?`_Hl{EA4GU!`Yt2>)%+vHCqNH<uiNJcQu<?Y~Zb%jiS(iWHdJPuQ1}c0S$!QZ2
z)cUHY`1-w<8%VOBc%#kXbM21bmWLNQpy9S+TiB_n9_e(z&|`I~36QJFHv=o!^i`Dx
zunybZ&8C*Hi-rScF~|GU76mpS4N-}K!+y@8Hj5e3<*3bf0tma>S6YvDqbDqSFExP6
zQ2GcCIUbTXD537<>*ObEoVda_uTH<{pkdFX(s&N>=ST&F(rkGMp9zRaozUe=B%UL*
zu6dsjU`3TI2V5Kq)ugBw1}x|TW&(ZrQ90s8F*}!a_E+)1c(^)gMrvA*)ni+}C8wj5
zb^h0fIL#Tkq$MI_3yuC7E4fBWrT4Hr!xN`&n7J2Ly)fr_+O^9tNHTl%&R|z0U-(_U
zfl8!5Dm~#VLK|w>b)(+ZchGWaTeqG9VTsatpTt;fLToJ<+k|V%X|>g&Zf!uj4<WMF
z9DMl+JzT&b7ishwhMkPx@qCOrtk#{AZzKg9<g(hw(>RsJG=j#|IG&ygbfjp=gbH>s
zrMX%FhrmOUkaQ*i;u$GtP(X0Xn67LM)e;)s<96y4i6N49WDuUj>ThN;){JRNeIYJh
z9RHROUSs+R+Z?liO!&{|)Aoi;9KIj!qo*a_%ju)~Tku@!9bIh9;9cg*a6gYpY&W)o
z1`3s=-(8@E?)<o(a!GY1D=MwK+!9;sYjO9h-5dAmGAR?Y)K~S`sjnU!S||N!ifyPY
z!))ie>cjCSl1D+l$b?_8sTPi|-|nK_)A1R8s($PXhs)|Mr!yAsmQYz2O?(VHsVWJf
z3ytzsUg|%IRSB%K?Gkl5;UDKUOZSOAmMDn9F_(B2Zs3I&NY<)QEPR#ER~UL;Pkh6U
z`$jdTn{uw0ByhJ6w{Zr~&1oJyC&`N{oL$Jnd8`<2HaKV>eyPf@GOkzrwmMnrvYxOU
zWfgK`i$+`?KgnWIsNvH}S&3#G$4#m-2iPp-?ze%$-Q6cCRSbfvL3^sP#-a@ckaN8&
zs8fPv_&n#m8pL>>j2@-?$n?v~Jso(s^*X`kaRAZrd3^{h(WISrg0&~tgR|x3Qd}?|
z9E3u?kxsUHrK2~LX0y5-+&-U`)M~a$#8o&qUQe$OsSb4eYA(8M0%w(2ui79{QHh31
z)oS31sZ?mL*2ZWB$2q|#t9J!n|3$wUeH~-Oeka!P>mjm^Z9doID0b4!$@z!GjzWj?
zMEb*<b#G_UVH>A-THZvv_+!LmjjB*23I#=0Fncw7s{363C`@<2+8k0)*0p!|9xIGy
zh6S#vfgypYC0yK;2^Tj^xVRBEo`qP4G30@`u>ZxZ*qk}V&8f<QH9gsG%tJfDCuufl
zox{K2!%T}T`@5|-$S{z7X|;O|sla@boTp!Dq)83!UM3wsH@eWj({J4_GtwwfYe6gx
zrz)!~<hc?$W|&hHI7I`gC4kt7T=Vi0fDF8JoW5iq-ZqM<oLv|51manhY<Icz8HyO0
z)Xx-Rux8>0bqt~aP%brw(~$%)nmA@I@VOj+)7iSVE@AG7EJ-#pAWa>6zlUTcD5-Yw
z-;_+{&||moXS6|uMM&JS@PCP}R_Xn6m((<C3=;s)$Jh7^lCryaHR<8&*sC>5H@?TM
z)kt@Y%gecN)W*-N6&|-=5TRqH>`Fr;thzGvNn0xoQ|e2p({=JIS}!trt+vR`IOzU{
za#N7;NUz<v;86O8;VgbIIn$zyMAa?yJ%?f=JIzP(4Qc}FJEMQZbzX17zW6kF;r31%
z#BtoFef#mIh1kz-sp~v+@nNJP@lv(b)H}jURc@4Wnup46%`*Zf|Gz#!Xq(Z3FnJJV
zO@V47VxZYhGS=e2@u->W^_phZLY=v|J+a;9@H{1ggoj9H$QR%?V2|~9uz_ZZNXo*N
zQCWObkECoAWqQ6ns+8-)tS9PXY~CVu7oCNErnS^CRs$Vpz(WXLUmvdgj<^jU7)Jt+
z7Lykx1Tf$MJ0lT9Uucx>rQqP_cY%Y6Vp-_#$S?Yk@r5{)DoLV*%}ucZ!rqqW=_a7=
zxqC;<pw8ncu41hT`eY@OlhyGhaH#Zkb*BHbe%jc|Iql;AIYm&Vv-zXdYU|3~YKx`-
zRFUHLQB5`$rJT-xt9Oq4W^|7HS~BfkZ;*C=XeHPAA4xmU8<976&zuB^TB&&bx4MX0
zF}p5UWl!7sRauILhP;z>Qrq!?ZYj}IWEjQ;1|njcJ{`hWv4eZN3!}|tXYT$kkh~)9
zPD>0}8il8WRobCAU>VK#@eVtOkm5l3{DTBIgP*yyA|K@q957d<Pq^c27d4cUzOJ9O
z@Jvm+0zWe%2QW&*3mseJ?|#Ox*|5E=qAHg`-1A|k*|P~sp0_v$7W$T~Pn(Fe;xRX$
zRx)!WNvlb9jdySNfs#1Ryo|}1=LNg<R957T=DiX=RPNgvI^K2tf-1fTk1b?UpLWqN
zNMUe1i_iYw6j!%x`=ncId~8t2=fr7_Vv5sM+w94Ox$P0j;dfXCn_9Aaf03}!%eQ!U
zIz}l2y>Cv3tlBmKw+99*3WePEWfE$%t1zQ?N3tOcsf+%gEX&qEhY-!2hW?dFJ=Zr~
z!Jv7g1ZTBTY>NhlitE;_f$nu-XP;8I^(idLy%snbqc9j%8%}LGPj(tg=sbOz=}9OV
zG}y6h|9zFXaYJ43`2F^ezpBXY<v^mSdzwnb)+qP&qQpSkbC%jhik`ehKJiwKk8@gb
zIlpq(cBC)$d(e#ID7J)cC4h=DD|CQ44$Jm83!0$)ygT+i|C4QST99O<>(H0@SF|4V
z)G%_>NSA59IktqHd&ePDsQtKKH!ALNTAnpWQD98gSzBvxJiIAmc!8Ri(}(#~e8s%s
zcfl84-01U(n12ya0L*ViFj6i0U=@7NwKH5s;AU=dkef?CLG*ki;Le-a?Jc)|z<P0z
zo*=?f?mKhKsoSZv3ktB*50%cU;e6OADaC+egAO{$w_GR;Wmjn^4MY{|hJEHsY7KQ-
z$^{g`P_^5O6>{#J97>WP91z2GLaPu%i0nT8|2>(So=kO|`@{Imhm%c`W;$&1<0ds8
z4-Z)hugvZiC}WD&?T~kgd2~FZyf>+Q=8N9uQ$x81`=90-tYBA=W>NVJJNvT3w-1jk
zbyfv&Nkk-Us?goIrV`yEJg4v95PfBKr~P<>K=HdcJq{=Q6~%;=_FT@rkg|WEuL%(o
zxPOeLyu_@)>tyGz-=WWYwOdn+l4^SyMyvwXC<!W<acI<alS;>yk-s<0HnTKg@cg?Z
zc{%OpETG*YS?vp><Y%AyQO^m!xU|E<#~{aQ-!SQ38P6s;1oCi5NZeg^Eq<kj>T<nC
zoHeFl=^hX24Loayxt`AbN&V{@h4|fjaXxBK$zey<OcL<pk5Lm{&mwv|%&te_(3-`g
z;5n?!dPlq?i9HA>8qWJYfs-@0pd&5N;J%aQ)>SIOYUUVZ2`xXHXgm$cP(i$`#-mSb
zz!!9d;7}yX*Eh0yZE*eOmP~~JWocDA@zDOd_xCH$$2qY~2#}B#;=@HF+NBg#ObIb7
zD;BXl{er4xYc6Vaz!;GEuq^Xw>`XyGe!(uR_5YCfrrV9%TAOgLsFz61KV34Ns63Qj
zOO<rz4;D?)Hp`T#7B!S}_1_)<jsQr?u9LI+J1Zxt@*s&Mu(5|{aD#nNfR-z#zu7*3
z>j-x5-u4A@gE4wm9Pz=PAZ6K54+DO&?*<HFYMa3{U}5yG01a7aNszLM8~jufP-_9e
zyr#V3%liZI3Opl5-<_wB=6-wTi2&EIGS%ij+!V44frus~&s=P?i7tED=u>+MwNZA<
z)V4*bKEO2hYs%{@=gRBsOPl09Mk<q4?b7~3c$QsK-Tu!SuVt`EMuSu@gXC``s<EmA
zuEcR??KDTxQb6Nh>||1?6%8}xfMk{>F^>iUxYH<pre0uzjfw!WzCxR#%g~_I)?x-g
z!K_xRNA(GWm>#)nGppw$(U7QP!VV!yiKdM+NKX_J7NL^<h@3crf*5TJ&HYB&g&p2t
z89BTqXvbVX$0r#}R(GeZQT^L?`FcF8AtZ4inyW2W_e;W}lI-fdhwm}$Bu`8P+@VwQ
z7Aom<ZQy!Hh-rJ2ZX0la<_Nr)h}%G~qW}rS8aWjyKE0dM^$x<yVF=IECoKh5Q1EU}
zk8H`Il~%akeOpe;Kn_N5z#U(TXpMY)NW}wrAhxU`NN|MXS>pt{gHXI2r1S+OmOqZ^
z;ZvByMW*mbD7^yDi<cu|V+;RXq6=5+Xs>-8-M_wBVl9gPyCaf56-+Ni@016za>Po1
zN)q~g%FgE35#^F;^jrFl@_eyA88DiXbpXPlY`SU_zh=fuy7^7l9pwmjSd$);*!4@d
z)#X_B$b!U($~X+EhpcH`%$mB2rL3%P5L_}g>xL<1Hig8I9u9tO;lIa;zs@KmH}HWI
zsSr*)@D5ZVybtWeXA1DTb4NL7x=LKMXiJD)F$r<QQ9~)0vigC_w6T+d1{wrz*WdOJ
z$Cxz~+t!lG7sh*lQb5pOV9j9JmB9_H-lc{FL8FU!zf)x#)=<jl`<JzqeojVWG!QB2
z(y$6{)?CuJF(HXaDEy&i9=9_2AAJH}%UR!~Y}P8Fs)$1QKGiR{Wz7aR>)0*$9dQYw
z#~I-UvBz+l!()Pv^|%ssr>0xIE3*cQX_R{Y7~H*n02QE2V|*(3_dH8P6!Yx3-@{Tv
zEnCSaUuLq(7o@UIpCkmHqkT&9dfE8xL(GAe<#tE1NhUCti3CwfGPqi=zxw-oe;YkR
zs?<a%l+crDsgH9&(%R;@@d~cRc6zAOr@{@%e-r|3My1*p)A&YkD{+rkg?C_^LYB2;
zWhS`X7mU~OMiVt<JTg|lU4%orxaBq^P`NNeb<jPl%8LvGCFsw%urzw{14W(HU6Qj(
zzHcLh|N1c<$OEKsP_qMFizmfvXcFu))YnxOwuUBmfu!Y-ek7Y@>prOM<S2CpHBlv-
zHu{I>WG{79>%O5w>|kLpL@9=}&XNW!;gKcM48bhvdJN0{5TtRE>CE&*>A|xE7(*>v
zm;j{2J%@zv&Z=eG-W$NAWm)w%zATQh{>|w7?g`@yowan#J+|YV)cWxgNP9zw|LfcW
z%yBr?=Y+i}_L*wnj|S|Pw^hzEbo>t^v$38P4RTP1>iX_~-zUf2JhQ9$wZM!Hhl|_4
ziGD(q4<U@Rp!S^qtK%J+l)*cypcT!^&z|Ezh6c$^i0zy#?$i{A&z{9P*uZ%sW!f6w
z&CuJQ;QVDHcAKoZ|DT<AQ(V%`%;W|95pAiQG!Cb)wZrKv{c!q@J>6#FZYJi}-ot8s
zGoM|p=HDKSz5cpe;E3zE_Vd4?j0<7rersN2oof98A_^JA$JpQhi6gid6q?-}{sVhX
zgD>HpMYle>h2xYPKMX}cCeK&S=vS%a5@&ZRmLj0&?GXtL5i#pntatc9o*O5_qz#M-
zXpW|-r!i9vujo=i8MyS|buZF1bm43kPw8{lXgGyvIO81-H<4v%3*JE*y!Q$3=HeDs
z(Z7o3Ogn=)Q=32=tua!sD{8N4C9}S7;b@Iw;^KUQfJ7md^BC<dLYQrv#s#fe7a5V5
z-NmHRMDiHeFQCt7H#IQNyfdbS1=HU&T3UNfFL!&B!>Zr^)J%TdXw4!`YEbbreF+a+
zLrGr1ts|O&pZA}rYTXjD&eE6eGJq`*ye<*(U>^8>2A`}$u+mm>8VwFJ`Rq%TeD<Y4
zKKmjV@kOpa{Id_s{}DK3+NOsrZTB9R4??XS)mu`}DXVBUs2RlSK8PpcAMcAl-H8x;
z<j04XH2rg~on9K0s*P*)PorshH&cS%DnXL!w{86Hl{G_5ucc?oavK3zvT*)QuA_8^
zON~msC*+(A=zwkF&YGN&bRzTvj2n97XD%HuD$ncXNwb#?%hw;$zrX@ew)xRj*vVFt
zxiVF`yVqRXtvZ#%f=6OOv7l>z0>#N04%~#rSEy83z8;?;uHad?Ph#vWq|6%`1&2Ls
zq^3fHhh&2WZ-&yGEFUt@m0DXz9bl*T{qQ{D1yqfGt&^)Brc{((eIT>yuFUVw7v~dg
z=5g-d@hQ5cpRTp*jHnw%M=JwoJrp8cEWHLX(t5tdw>{^|ES@OwJNdCRtJ7qMD(UK2
zb#~TTK|q-^SnR{o3Sw%?jaO=^k4Wz&aeDOYy98Ix18hnR_Kusrr-yKZW0&B~!!J+P
zlCL$7mxm$!aefy&9{!*HN4&dS<{j>Dbc$lU0QI)jW?oUDFCgCl4XsJM;G_X!4KhqZ
z$b#bN$sQ1URTWmOZ>CuznF997W+0iXV>$+P%z_RnWY>fvA-(PF?dZWPkq%iY`8$Fn
zL8^mFAPgc^U*wXCYcsd_LQF4`^0Mlu31*M41Gi@{6>$XDGa`kPhTMf(C7Kw<Um&gI
z;zs8GO*9M*|2gv}xQ9)h`Ha;Ao*u|r8GDRs(mIz@)7p@o9T$<x-?jlghWX>osg2;B
z_mz{E(*pJqx+O%x{D;&NTA~~CF^2t2@ZF5&;tgp#Xi<>F-O!UO@agpQk0!eYoyXB5
zZ<-EH3sdyMC8X_VRX~RAc(q>Vyc@a4H~vpns)vug!P4h~@s*nUc0asEEtOd%On-Ck
zmOYkrR^C5m!r1z4$Hf<?NuKw7xw^{-Fo{1*6QG=>uSiUF)zO;p)sLd^mF`fakzn*w
z-__D(Om3fSoIc%ybi$&iB(aM5#&xuZtwuRM#*?&_Jy>(kzujoT22r+JCA6rx#>*f<
z(+QM~cp-6t>!z(}9N&$6^4jwl@Qv0q@az6lbaJ4;5NRag;v^`9mc5yuPglEfUTWA_
z3Gfz~dZ0FrogQOE1>IbZ8n@MQ3u@^#+S$YqYECS=kESdy;Z~gJDRbU9%DxK)dGZ#)
zLGm{zl*Ml-#@*Krjkc0-@d*cn+*J|x$te^hw@La;m@DHk#|?OzD4*~g`?hirGY99I
zC%%4z2P{9%JpW-2`>uR7m+&3uhfnpdGB-9YeFHQzT+rOCo19a<kSPpm>r17J<$G?m
z!lv&JaKD{V_QjdR2x0L96;FBkpP~{3(#vO1<y_g*33ps!0TkPqQ~a--ubCNGKbl*8
z!-^Sh-3GTdY74x{3zqhZu?r!s5MML{w>Azx>K)~Tr&Q2iw+51pk&(DuI=>7#)|ot&
z>!eg>Q`$KB97E=i@z1-o?H^#V>32e@k?)xr`PbaYM@{vT*ejKkIv{U0{?v%P_jXAt
z^B~GC{r$^7g4}S~!fx}F%6#)Vfa}+Cii{=!<9V9(b+92MtF|`wphjT<cf2I_9@a4w
za?mbzz4BiOb0%NDZXdEy&ZRR%5K<LXtFT+1w~}fh?cnjr=eIT6No?%ru!ovGX=xyA
zyRaG$DBHaaAHs0W`b_w=8<r(D<_&%mG<Vjlz--1mEzFo_*^HUIYP5&`B=?9^C}_vc
z=6MvW4BUE@e?}`BjWBc{p|I%Qr{Xm;s#1y1shUPK22gh*U2MyXLw-tp39a`G9+rz%
zQx(HD!%od$orq`1o5Y%2WikaCNTh{gx0J;m&l-}8iUFO5gfn;kc-0?^+W_KDElu$K
zAWru~v6#&kp6gOdlj#yfm_p+lGN{!n{Aj;N<clbX4)MGEB`lh<U&&Pdo>Yc`H^Tb{
zU;ic@vf5M{LvGEw^q(>P`$IOdofRwUY|Hu*&Iojs*HZA6Q%`K&fha(^b23;R#j9XP
zIn;beEI?Qf=(Bzn>1(v1MJVJritvd%U10LCzz`+x3Vc6G&(!Y{4em9qCB;m~d?~I^
zGb@Vu9mih&LhQe!UccgBEJdD_ma`eSDk+Up)b+L~mLFBc@~5!tcqR;)ZBHz2uaE51
zy^i4y?Xk9$i1KLNy6NK#=`uKMk)U1&fGQo)F7{v~mX^JKkY6A+;f7a*Y35ZQNLj3B
zTK5{BGOENhN3yp-e%dt5{<{SM>(Hn_I>w_9VQ@P3=rE((B>NKbg%#agp@*Nd-N9H(
zmYWuM;wU@t0<R3Qgmy<Er05@O9S#N=PKCGpuuSkh<dieSnli!bo_|B~vR!D6>x&+S
z(}!eRX3LLe{`PwsW}!B128WDG5?;R{7h@Nj^E!AbI_I!jN6UlT<*1>HJe2m_swy*v
z#VWF`4wGujys88b1=)tEm*=1q(u(F(1-YkSccdv52Rv9OnWm`lpK&k(OAXc9a?`8}
z<<q3lI*a>SI%#rBGA&ccE<v$B?_mq@1E`G)8ofm98h=v~vY_yy?G#$5qwYv+7A5H9
zkdLpz@6uA#TBxiyvU>`VP&c#D`X_qLHY`?umqvRSt?sJaNjmvlaw~2VM^GN}OT@hx
zgt$WunF+MCtH#`(@}?;jWLXm)?hq`M!~1mzIpW^nq}j0kt0plYmQx>~^OCY%s=bia
zbg>;^)zHALi6yAjt@UWY<1;s7pcylsL7CA|(O})p4Ax;CRQ60{Nu=SFWUXsLiNY%d
zo1KUWD@vQTkUQ$Ct-2B^=3t~`SiH<BB4uXSF)`;u+G$gdn;O`_U>uYqt*GTNNsX9@
zO0?Yh+c~!|%FrrPNv;#~HVNLfvJ|k8$vVsBcEO9F`MFfVgIgoxc?&%YDKjEJ4k8bV
z-YRuSWZgN5jUQQ7Jf&5b%@4dy0C&%4O9mZ%UAt6FdwaS{-oh>7&|sy62Tai5YQ;7@
z<B&Qf9DwbNQAh*wJhW@$v@jcV`mA{k%Z&BH^-ZKphgB)LNlKd&(}pqWtB<(*{};UG
z>^;CfSgbcLt?`tm*iFi^$1m@+7&=YuD~dc9nrc<`crXlg>jG(mFYd!ig`mB$J^aBh
ztT3kfm+f6%kWH;mEIJmCGuJT6t!>O{i1+!B*+R8DxCh_2GkCx;O6lQ4C#|dQkK7Wd
z`n%U%n<xc!&*?c0{OxnLoK3^m*1lq{GvD4vaU8*smTcE4RuT`%xi&x^NZ@il-(gE5
zN!YcOPNaG!@dT@-wKkq+n5;QBJ146|sxa?oQXgRcSThqiVUk)Hg{Dw$$@wZmfDlDD
zeDt?(uIGJ^Pfa*O*}JNNPwPT&xjpkOF%PfPxD&y!K3o{c4mU&Oif%^fVI3uQKMr^x
z6I>)W^SgS|zG*6P{iSzq7@x?b;@;okWDEiT0xQ_QmAX;<1xg^zqvuwdZ;h#bm8W0G
zF7rNyqnpCjYzi(j*ZL++Agz1k+8CRvXUe!bq0qA13Zn{B@*yYCW&!NF#WJR4v&Hvz
zh?ucWxhU_k<g!ypok-0n?AtuxC+z}$Uop(FAV4`BNc>Ywa^fWUb;?Npt}N2>Ubd4e
zOHN~=Dvc^dYe#p846>=Se#+=5DULP?Il+HKlxqSx-Me93LEecc%BiYX@adek%BYSW
zkD0$Ss`7V66}bk!%dD;LZ&Mt26q>nn0sm0Z2O&z}dQl~#;N*=4C@CdYB&tX{b<{G^
zD%BC}yz~@ErVJAa{NOKpKjy*!&#@=!x-D)WD#IJ(oWeg(MI+Uk{L3O-&>9fJ->UJA
z8J7FYEv-so+_zO@E7w5;2mKZ$04hE#H5%J9yT<lhOJlxiVFKy>Bv18KF@m@w(%T70
zl_m(qk?fe5(%+EOwUuJ%Ok2@PVl5AA_)yqGPEpUeJ*Rpq)s9u3Nx2uFEHtbuvsFv7
zt`KEbV#uw%1@oZcu{yHsB|+uK%481L&y{N7cv?~BLD{((3Q_!fHl=yO-59;3#}t8z
z8G;#AzqnaV=fXr>%YG1wYNQlF9q|au0*BA`9-<VHC`(x8sYJDQWiSXm?ePb#Li&&?
z(?%Bs8=5x#l=5BH0Mfg+RcgcSe#uf`wqgjV)S1pF+IHB)06(x6GV$yg05^!4_`v7Z
zs+#wm8bMqg&JgMj;l|q9DSnb>zll<*|6m~DoF!DSDzIz4n-hf&L{#>v9j?SUIJC0{
zTvVZw8y6N<oSYFag_p|*17~|tfUAOSsU+LI)b%A1oCO4p0R@L*|4_m>K6?OcP4%4q
zUtt{IBG{5XPuBtP*qk@~j?7?FZ9Y*HG56{qQ<plCY{WQarzgo=5&6Zr1ZgFb@WFpE
z^lOcl4UfOhvccF&Dq~ao5bc9KSwKFbDIyj+kOCiGueR$&vb)10(j<GYYk`f4tslO5
zahCrq;jimxU+Q)JCP;P>zD!M&^tgpQ?W`UARO7qqE_FjNJKs3@Ln6JJ<lf3YUw0|v
z(K^B3@>qJ%n)W^ZFt$N8WW`=aR(w|Q56kSh>YZvK<6c-+XH)h@Do{XFpygCNV5?^#
z|N3i!NF{sK#FQMes7+bNS<2czxDb@zo$N#UfXJ17*(YZaJ&SFKXbFG+ZeExbmfiFr
z*+lRMsPS+1PzpgR`<_W9l`9$ai_S_)*m<!;00a`CqODRKZI!a%@;rMrexa2qO{nC7
z?u44`svGj<ol@XTVocK;`5<kso#T}|tkNJGvUTlEIFnoy{n@LW_#YKGY(I_fMA^<V
zJ?TC+|B9d6b#@V~#&ZO#Et_Wvi1ow6aTntcb<pbYmUjYwW5U7|Oopq;@i}EVKC0{<
zm)C+t_LhH(Ox57S`Vx!V^T!1y%0z*R7aX3R7E9Gmp!|zaBPH;Vs|Mzs=PymNja6`E
zWfJA!0q4hO|2;)7D!8>4RvAfi{PhY;g4}h2E=E8XU7x@7z8MsME8XZC+*M=Egy^;?
zK(|HK&94QGg<f?edzxcBF?I~{c!c9+i;F`ok(SDf7Uc@p{Zu@nJ{9%$ztBCby;OH5
z#cdcwW{qHll}}}?M3v4~l2Y4Ul9IF-g!iZIvvE-yGs*Ehy@3mk^W(Z1^c|<(p^|^q
zYfWru)byd%JkPX8jES4FbxN!4X^jq}oa`)9(m{~^sLw=%$pClGY`4qscJvF_e0^ze
zZ92te_IKZX{Dq{jMwf?vuNn|qD%>|6_@BjUq`aWOXLRuIHY%gjXE3hdd>DV=D<9Zu
zkF-3tzfe~Pes!^&3nX@61j!sp^-^(iDHfp|adbGyR>SDaJMxLSpzdL>;!Gx^$XnsP
zx{i@wCwR2~8ymt51Dt5WveYM~HQ^89Eq{UhG;@3_2(3j>%Z2nl@B*ZtbvQCTCfuF`
zD(FWc?~t^0rK4O$@NmWH4;F%Ai?5$z%B7W2Y(jy%)KZlP0QTFEsQs6}N72F#r)d;r
zz;Fm8JAbW>MkBGr?|H?t^}IMka>a0)ONOsl0J7TABv(7?vJnPYT;O7t;2olYF~eJz
zDys}eSrTR9<UvWCys4(>J2j(^%G9(^uqlOk&{q^iRz4EapILragg=9j(g2IntroF`
z(j)xmSt&HFKH?Q-Z!+3Q&W?kB$Qqeup0oOh)Y!nss_o}Y%sAqYh<UtUEFofNW@Agg
zcyrQf%UP~P)MHRMuj2tC6@$F4Q|cBWxb?A=WG`;7(<Pj^@PCLYBlyF}%*-!BG#q!f
z4-n~vnQNHgVB4an9MrXe|CbkfK29+dJ()U5A-QcHFZ3lVQ+4<6!-K!hj4P|R&?JY|
zlO#)=`iYdyM)mWwO3z}%URdtnF=0^4D!GF+WcC^cZzS_2#WFQI=dGdIqc8Bf-*+bH
zxsgvYC1uX<X}C78{Sh|A%Gx52QsnCDDcK+XNRl^ifg(*olsTbXDrA^JW8hr4)Z%Tx
zjZtyNp0EGjra`)J51R_KYQoSevO>1utENZDnfA}ILdR9FRIM+RggL0CS753a=AfC#
z&JCLLaNo6YC-!HLGx%BTh{4xH4C#h;)wtzVsiK~Abg7SADP?k}`rj&UKJ)p;Nq4S0
z(+UUr*<N^VuQIV_<$$`V5uO@Ok1{{=xuKbr%TCNZ!@^5l;pmX~;)rLL<YXK3`gyuQ
z`hCiCk8KpL>u#Nzrfk2&$tt#GIWNDYHLK%!t;GK(a(4Rx49%>u9AUDsLACD!R&Xo)
zpEIThiz%FhF)(@->00z1++H1_x`r|T69eZvSH|*ImdzkI^!-0&5n#vGv^Oo|4k<~e
zr;CKM-q+8=C3c6~6q-r4ri+rlYj!6YGFG@^(B%KD88j`mJ{H_=Z4v@8*g$FC#galu
z>-Tqj8sGO_8m$ZN1hswW!(|Q&L6kL=mQneTwgIs?RzTGqld`8w*~HJzW83L6+^!*K
zOI~X5_qq-TJO};UTYC!4Tpe9Xf|nRU0F^=xs5u6ytIu~!E?vk=%;-pJ(bUylt<Ao+
z5<D^_+lkNS<2>U-bKghmU@cQ>uct)_>iTdZECmY8VaJBv6bF;X?aR^MuMv#u?+>(w
z8{xjS%TwC0h4$`1sHBvkq$Zdzp?vct%rCSgkwHhkEH}>>%u5Z5-{n6_WTG2)^^#p%
zN&E*G=+xR!mmJ7Wii=`KtZ+(aTMH(nicH0aYsi@SO{VE<a^Cpc_uyhzv2nqIvGqJ-
zSWx1=ntWucVSZ=^CqLJNrMnM8`N&eq=Hb9y!cfAIOatIDsK1(gD8(ez9xw6Hhcjg^
z$C-u@X`0BZYfQ0CnDAC3a+7nbqmG?$7AM$L>;`6S+k%NMZ^2xo<~{zC-$32!d|)n>
zkswCh29H+`7NP$^b)>1x!K&&=Q}NBDHdtkQPG!@d3GPxG%g8V>YdYE_KOsST!i>{f
zAiW80k+yo(>3?M-qt@1?CURk`xq|ClkqRpA=a+D=y0P;O9dE^F%68<A6Y(!&^;Hza
zJjn<0xJ)HkNE5hlJWt&FB5?F-?c=Q;Jm6Sru{hyS7!sUAoRU^Eo{-VnnBZJ)|J+J`
z+gu=g$qEFV3AI5lRo{*CBNT1ky=S|F@y%+@X4??b%oA$Cu@{czNX)%VC9@D~<|m%^
zeMzvZv;KQFU+O1?h5;aQ3QH<fh6W*~?NOknxesvGP-wb6Elw3N+lK-~BB&rFRI=F~
z)55&mNB@k0Z%AW>PqS8X82dz@-0dq^@KsD+u9=OqzCzIhnB&d>W(|O>yiO%cI|q<m
zK-q0<$qi?Zv%c%}FvsHNuSuoN)(Fc~+AQ@_(VAd_1kCUy+GZ=(-^~veroK`1s#2Cf
zMRH1sVEhYkl$n8(*`x@;oLvba9(plFk=4cNy2=8(F1R>dizTt_MtgF#@ivttwP;1G
zkhoBv>Ns{rAV@uH<_5QRIgAm}oIF3*LCy6ut>zw;V!M8eBVywjUAjZg@ILw}5verc
zaYlE^nPkN2-f^^gZ7`m%799=}Jql4mO3PiWbN~yJlvfVPvxrON_j-L?un=^5OY(ZZ
zKCn?)T`d+Ku`i$~hGjvzsBi;*lfG)j=dP5@3Jr<go&oG9%o(GDY(<z<yNcH5!%WOj
zj(I!uRcdoANJz5ol=j|1S{qWsw}u>Ygc_k19PbN^s^IOn+-~`>r^{pkoUKy8Nz*j!
z%l$GfFd#nwZ@1GL9|>;d3f@-mX;A4fJP7~vbLfz5<LRFeWvX}V!_ol9tYaxNSXV7_
ze>~M3-s3Kvp!x_>Xyh3;x<CGroR{)%kcn?)ZD_|7;05#{^1o#ow7i;-a*&VlKLJ{b
z+A$*h86BRtv{S-$m%~A48RiUgDQCD5tl|`ScbmRTK%=|Ogt$-)(ZUKlQN!@XNgn^p
z)ESZcWbCI9?GhCAB0UPbTsK)(tIOt%_`$SD<8+^|p}IBsv|vrH?m=S{>$d$zTnbFS
zRSND&_PA&96GuYKIXVQda59QBrf$cbfT-y==5KoXVcA8gEAbG+(WUcXdk*E6)k~E;
z><>>iP!^`SIB(n0cWOCH$QRDU#E;`<2L&0oC?9SMhr^)Ut<HPZgYzq^qc=!4U#C?8
z+W#MBWS7!kI`JhC{c9pZq*We775<pEqd|Nl5Z~`eZ@9u95$#JPF118UUJ=Ow!IBdV
zShC*ohYzbVmL_E$So&{9{iMnygSydNNn{V3E096ut9dVyM5ZZbQKMf_Ge1t}n$Y!F
zPf~)F09!z$zaWQgYWuEM%e56TXuMEl+rZ65+-}9gw`e7gQxXGRr;S}@zptA-mX&8S
zxkpKUeoiz5fc)4vz{fvOnzQqdDXs>n&4Ms)e6VfNrDv9(7?DI0Ic&L1tE<*Ph1)cN
z<sELbfs^%wn8Jd&PL3!L^btwF;u)*%lQW?|=&*8VZ&HF6%2x0gPb7S$JU@ym7h1@K
zab};7<|xlI08I^|Y4%K{EDo9}i_ZLAbYPQ<j`yhgW9}durQ-`<qwJ3?I2xc8m?KSB
zugC2hgJVmAN$M6?)geCKS?LtEJA<D4*+Zvo*M<FdVbp&ltrB9jalrr5I^dUCZIyse
z@TG1XChPOY8&)ES!9}JJiWe9{kgELv1%Rn#*$NzyC&XO`Q6?w3D)bDmfpn~w)P$6+
zdv6gjXPy!itd$zLa)auvP+U2lNuUz7TJJSZcVNm@wfJafkh|*Pa{n@<`-0&<gI3xr
zVLju@acN_!21p0noXfAJ3qL*9W6N}}J7VK{ZxOJ}q3y&Q?y(qzMS5<i{|Gjg$@a0V
zGo1n&<~t4!4zJ0&h=FYC0L@Gi*9PdzxBz|mPHseA6#Y=U+*Q?qgek%!f?I;>F6J#$
zNTbvopQnmw4Gs4Y;SNJqrpKX_94n>7ON8t?CZ#~i(R2?*lcdR49|`1vz~!7}U+Plo
z0OVnnEG;{g&)GLys&4Dy=iOzu+m!us9JD8MgrST_SKD`{3Tf5+BpXQa1lvq%Inypt
zh}{XzcS?SqR|kl!Psf9fVk&pL<UT>B)5A=Mn`W@vnk3P&^EAcGfC#uYU8IT#a`hDl
zJ;58S>YI}hstCvm1++(g%c*QZHnsJp<)=-9nIWMa+xNY+3e~KfjjD6k?I{q`45MmW
z1BVf}TG0v;HzTAQ`~?zEOR0^`@)JvV0fGcjQ1~>c2CiKTR6}go6bN$RH-)|nUg4Jh
zR#P)B(xa-1Mr~uiq*a}~2M2p8_!p5PgYI3n*h`Y@x^4+N6%iU+RB2{)ET20dn-O(R
z7J$)u++1g5q2n%~B!g$TO0J_O^<h4v`iSw#@z7=&8q!UlvgQ|@ByJDi3W1D}POcKE
z1*ZJSO8AViglBjNY;z{~w|~Cx)^G<`d$htsR2%Kj`5I~F=xyH6V=FM+q<WOR0m>q%
z54oh*IItgaof192t8!68g3`fb1CK2o^uR_(8*N%8y0zCD{2lHSMk$nOX$rG(d(t!c
z&9m5=y=_Y+el4`Lgy*v%_~otC(E%7ddTl~BBY35!ZbPy5bp}MgO|Rm}PqTWnkQPo5
z5=hYtzkxd(bE=Hjizz|?*;Ffq#RiUbW@{uRn!oKIkaA;ydY252Y_3!l3ueSwgolC!
zGq*k`@Yf~$6?Idu4tF6+ALv&TAyhO>RrPRnG)B+Vk8sMqbMmm$uM<fB_Qx$X+~N1B
zt)1!_F_ri<r90<g1(P?keucy7ppC=nl}SlyDjiNW4}2SonYf#Y+3No+BnPW-N@$!o
zc|YKfN;8>3a$-VQiPzDJOEjGAlQg}Hwr?Di<YOLHLzIkshS-JY+&QDARjatJY`Stq
zI)Cq2irzN+h2vMzz7hv_yW>-gOJE;(F-A+mQ{e3{|B5H+roSHOHr049wnw`;gB>67
z(yvUqRkiGp7_JbzZtFk&{RrC{zKMqF7Nt3Bke-&u$XHMiZBj?AT5M&UKQcI3H+F<+
zhM<y!Zmr?SI-hfUYOapbl-H0sW8%{^W2e2<)+@pI37la{^u0W@TKMlMNo&-9H{~J|
zQBx*uBQjcl1Ib4i<Zc%i7_6w3ya~!(8yi2MkDZ`L9oC5uCn`v}!xDdeQX;WOp5s86
z2vNU*^9NLaK`ruVdy?srNMFg=#vlo!!x8H}i;y_v|MM<CS3Z00)&p~$Li9XEzB0mY
zNlBJPg%ZVa#8Ls0VjBOPvA{3Sf6zvV=XVh9_Uqb19;z$JxMQ7;0}}(&8C6sKId3A9
zb8XiCMZFaa@c6k(X{J5ols&B>dgO8yB->g>A51Gz1KXP{H)~HO>x4N@a8}9gOM*YJ
z!v<7SZ*L;^XQ3Xz`{l3MS{!A+;9&imlpmE;ku$vC6~DbA>yyph0f!H)R8(!(F2~}d
z`bFONIP!48xI*&@m%roWVl3dFmEa#$e_zfOm&rU(u)FwK6jeVY)0uYF*i4Q3y)yy-
z$cUif(^akR36F%+^hg?DcJCLCQ1ql&F)N@6EF>+LvWw1>(?cxulBFy@hypK5-sNhr
zHM4nViX{<WOhNCC<vl7wh*UhtA`vn~l0KdaAsu}%XuO15apDXm$|UL`076`kgpclM
z^To~S+uxi;i$D1{;S!TQygy<7(HE%b9K`-W6Ve}prRAMqp?`zrj?ubeCImnCm30V6
z3G)S43k#`+^Uc@04bKUojy*+bbf8n}EyRJ}(o+zP3Z=itaggFOc3hG@B=Hz{ABu`L
z)9hPaJtA5>yPStF37;BymT`>>s`bx7q(|OrfVJa38}>ojSFe8u=h0OhV}MR!bI5l~
zO-<#x|4m5&wm_5n6niIE^$uj!W;J)Rq4$d;pK10Ng41Az*9@d^-S6Afe-4+g*oHl$
zOB4(Hml45`YIG9EZ`&sRMKQZWAD~-oA9L03x>RW<dr_{<=2rs|@IZd^lv7G9CZ04R
zIc{O^J|EZsKA^O&|4S67J65M1J<E-Eg-~j<(mgS+>G29;G<veFSaIn&(c5iFJ*R=v
z`jC?s%Y226?Ta-nH(eU_77KP@I_(Ecr2X|8VXoo!6hXZwJ2|&p*{pL3wH&7TD^<*;
zYWYO)KQu|%H;!GS`q<UMssWZ1lo-!QMx(B3Q6|ns@_hJn2f+kq0ce`1FH0w-AtLps
zueRIdKqZ&sqCYK0th*%d>Shv(3i707*IwSLX}R~|rv|vLJ46+H-HAZkHaJbQ=R#}W
z>?Yd85~dPmg*hd47^w7!pGaWvwGoD+;ga|AQ<;xk9xvm;N$DfW7^a$&QAZ*ltJCq*
zaVtMMHVeChICppK^eR7pf%c;NphSByompc<d~c6C&LT$v|1B5VTKO-YRb^m;JtoL8
zQ+|aH^|yO%`rDo<reDkcHrilb``@TqJ3+OUb)GI;#3S$j9-~vfj8pFwR<DSE;xqjG
zBQN4jZa|AiWvqBqx&!p91%z39=`n-ub3^7haBM<DCAe=_d(dUlN9RoAcv;8v9pCKm
z6>bXFpC2>;H;dBvX%IE(4wh406tk3|rXMQqSX39Cisa%pW@9hAJwlDZKmD3SJo=h*
z#ij=Pdl5sRqq73G9>)34Du(yRr*~)UZK;g{X%5?7r(V<wOjMv&a|4DVI|>f4)5&6G
zYDVB)>u<vsA9Hp=cGxYzy%mqG&(K3nFBaqIsv|MDK5llhvy~wj9+ydD4K;>%L*-Tn
zD0<82Dcza|*qRt_1!_^okQ)2Guk8g5$`F8(3xiX|-d~KPqhJE7r^KiX^xmL-VG(}e
z+M_B5WuUqiDulvX#<@(N$dW%~nARw2IYwbZ{sB7)Id7<r?ssKQq?CLxG*gEkZl*F1
zHF({BZVO(j_tc*jBveKB)=%n4J8t2D?dK6syYZ%-pvutQBgi#2mL~EQb4%c#LKB((
z4ppW_>AeE3K-@NI=ziPD#~H^YF-H}U0j*fwW2N!tFEQB}ls8EyhQVYXKKU_09ic2w
zQP*BY%#K_EwYze4(;)-dv^`|I{7gZ2r<>^I2hywlxb82e(Fe_S9J4v;8e@AmrKwNu
z(HNm!7xroX6ZFSsJM0hfWOxzx@hxe*LahRIfuBc-X-wLCwWPh#kGJi@suQuQ+K<h^
zzRDhO>P_jgvAx+dDyp~V3tgx_OI_RWfJ|V>e83ZkNm)&RCz&+a#a#33Ga9>@i{>~r
z`kAgQKf+yg+zH&U=N1pO0+A)<U#YYQiLF$}Ye<KkQMJ9&A7He)!I=~;W-Rn;Ju!}M
z14(PoS)KV0l*4AyI&3yt3Q?2woaKrC)y<7-@d@3HYbj%J?JsUC-3|N%!R{Rai>@ID
z;Ca#oY^d)2so@hzGFf5Tq;y;KQ{bkD#c;u1FP3e!meKN8+8t@M{Rc~|cr-(P)n(Mx
zt4J5ql&sh&OyAQ(xXGAQ`1|x{f(rctCClpApm5i+xX^dh_RhrI5V`dbp5;`~1ST#B
z;&kh==6RQ?Sptdq0NyIr>%}95JwwJ5cLLXESCM#S!>jcU+YmSbFGG+GJ3Z{a_|tU;
z@`1tqdP(;0<nJXvjO-QTE5k3NtPJ6eOZZhgvu6PDJ=|LfH5%R#g3)AZk|!7qIAu)!
z+NdG2p+`N!Wr)#n0Wo@&Ax7B})?eaDGR`XgUr)c(vZpLi5_hbel4g8~7^GE)kB-5p
z!8gg$A7BFi>SiMKL%Jwou_}aCLR4x<jwI}_EF)RV&N3Ovh6!Wl3oC_V>a)cSIfxW7
zdLOnReeG^Qnwb@L8Lk&quM{1i1ZlrOv>A32j+vjMeVU0g;XR(2@*?BO+7orssgf_d
z#K<Lc^pt6>RF@V$@>NuVt0e^2Nz=MVJpS^2g{|`3rIh@}I;?J!qxy7}yoForWTQkX
z6W%#-3K|k-+4hBhXKOZ_^_nT1<cfwFK{ZR3yv5a@4Q`L^`-#N{P3dKe+9UdxE9ze=
z_`6AuN^@fThP1?1`S7oxw+!1P$X`qe@>Om8_wYT&#+xug&nva&q*fU>@Te&3v5I=*
zsS}6Wm&0q8$;mEV?ZfoPnx!D{YY1rApTafGaXt?hZwCAl_-V_6v`{A0C^)q&LwA@o
zXPeF#o@r_Pk{T9e10rltAW}#M7T=-ylczpkdCo)H)E$N&ZFo!r>0uVq_4jRTa9fsO
zLWa|nVIOXiQ+PQ%W`e2&%IN9eg0N|_uF5^<wNHSN&S*C_;c@x%<~ZiB4f5~Ob7COf
zlWxQJGZdbk9kq3dza4;3n(s}Cd5nD%CeJ>~*))B5x%GGHYjThkrOj=5Z$w{bS3H4C
zi3~dm8Be!lgd7l??7;D~b=`Sdph{%@#w>QUl65kcs-+tB#z*AOyXzpmTBYaBDxj)3
zYNJX#O(C+PI%MD(1}<fU-;^k=++(S?Br?1CuKtrw{;N&3*{o?oS?-?vzW$YF(U&wc
zWe+oZpw!G1PwASvCVKtjJntF&741VV7RW1TL?R(fxw}HZJbd7FhEH(DL}afYptV7C
zcV;P3!ccZ*(4_9Glhp2uiiUQk&X<w?GXeExSXc;^h&@CY^us3ia0=~983s4@U7^S5
zQTqJ!iy@@95<@y=04ds}!vc5~&pYa|oO7Mh%LaLl-g~j_AzGZ^e6Dr5GsxQzxq<m8
z`=ZUo-0kP%);N4VAR>4ly}Ta0*Tr%s76#Xpn&#asFOGF2Aw!>2H-sI^A#7nvuV%1@
zASNXPtNhV!dS6x&X6g;$0-|lrNH|bF!q;iRNVuRPPEg>waEcLAJ4EOq;$QH;CqMSa
z2mXUSd69}p6Af{r^AN9L<U(i8W|NIwYGuqQXPb(zX|la3H+YcZ;~S{e`DV!j_Fz;i
zcci4Hk}85Ad<Zw`D&bIW6uxXxBXyn+=1{|0aA-FDaC#)StYfd(WT8>bWRR($$-p1f
zC6Zg8hc2Iogie%q5$k*|lptJSU$EikMG}qNNeYMsY9ii~1$_`gUWNx$+DS))!UXoX
z-AfZ@k#`n9;+pJ8*JP~Px>zP_<jfi9VH`!)p_z{JC3^Y3O<AS!E}9JJMLq_@9Q5m4
zZ;^jVdacRtG<!m{XE2mt75@z<8_qdo#9>n&)~4X}bqU)pc!g3A?m}DC#TVt*xLD2+
z??G>)$U&bCsj)TToKen0c?_|9ybM%h(r7UoPnrBM+xt&t!CaYwkFOI7g0zQDCiY*!
zGGt6)iP&H2emL|8si3j0r0SZXozv%Zq)1!-Y*m%m0^*O$ApRJiPJDrJaNiL{g;T9o
zpuxW<fOix3IQm4`GG=`kTnrdX^E?^OKJ}&~%fPYmBfMo=X1(n9(Ay0@W%3q<o@6wS
z$uCg&DMn6C(3sNPzSmr*KGPgzCYbh&-LeYvc_L{4UqpSLi{+g@i`F#}Gclw>TA(*A
z!5gK^e1C~Q!oNmOMc2|AKeag%E@#2md(c1$TEbcQXdiIa+ZSpo(}88KCZ^QNK+!dI
zf)z*i`Yu>u_g<LgOfbWFM_&(aJhaMieu=5gpx4&a#*Td$&C>-66>JZce7OPr&|w79
zcll7sUQfQx4OxWExQf@S0+7-t8@-Igkhf%)tnT~vjC<kHkJ8XnG+h0(uW0bq1<@6m
zByH?y`C$%hhx-6;^31fHp^(rA&5*_3V6w`iI0J>akd}pV3TvC5d=Ld3wN<Omr3*4#
zaFvW#M+J|vlr-E>QwvTO0`*-4{9Qf}>bD8>OXKe05*FPt_V>!)eZD1EgIQqkG|<JO
z{&Dv-eaSit!~19(QENB57k~Qu3%n)m!WbhYJ<!MZ_k4zYs;AfAOY%8^Cj$pB%4o$&
zvTL-V$_u~<9y+ozA&QpV(__Lpm+aGVmC$Rj6V(@K1K(;iU13<}Jb=$}RoTYbw2E}Z
zFz-qk>G*jho)7Y^`)!e3iw2<cv~1BsOSpfvRxTq2$ERLr$EQedRi`$->r}Zx)NZNh
zV7Wd12@LN`RGVf7=i%<v!rjvIlDZ3FWyB=pDk<P&fkVUE=)aK(kp_#T5p+y;;WkcQ
zx;NMgteX;wqVRRisQj#cPlsX4qd7MQ-y(TA1@+fGkATJV&(uF@D=(T7p~WW`ovY*~
zPN0xnU)-e~R=c#UgWQF}QxU(Oe&6oHXFOONhCJ$HjpS<5fudS|1ecQjT?O&g@ib_b
zPUXj&bp;iy{|I|j!j0{dFH`b^Pj!fiMIq;zIdV&Xx<(u9DrN_<mi?!QVc@MEsET|Y
z#v!)7ro!voAevQdfZ=@D!5$|HI>mxE6Z)}5P^v#Eom8^?%@SDa@`o$S`oPb7I<1gm
zhS4cCJgU)>R7ss7_72ts!&w`;Ttd7J_ElwF9_gHD#(6aMe+Qn2dMSTlKTmmaT`Iwu
zHMa5hyEL{N8C>nWkdip{4uvg>o~fUZop-b-{0Nn_>@(OMTRqA&s&e6`99)g^pKfwQ
zFfd!7wy1fl;W-y5$_8V3R;ZEHAoq!~E>10P#yfh&*Nb}1(=6ob`?58OZeq}`RL*G>
z>Mk?Gt00E6X9R3knZ<YoTW$tl;%fgN=-U@t5>EfGFph6=DtQ64EoG)e=Pq$!4GihO
z^RHJ^5iC<wexv5wsr^m6-l-N`9cHM@;E3}gHIn9w6YeQj82q~G`~offHuq_n#mUx&
zzSY3ibw|7^ONuV%6NsPeyYedz|MuO~vFO}R9qaLrzq6<sCd?azqlvuOU07{z?UnFy
zC<?>SN&!5o6u|g^=~wC2xI?%lG}lw}U>fK7+(V-h`FB|&uMp;jHa32|d-d7IrWPF3
zM|MWCbyuO;B4CQ$9gg|jypxPb!BIsE<;0`4z+|~g&g6iB79hdk22*jPv$7^X7|waf
zuu7!X!-geM;nblS%Jckxr+ciT94F#mLpmEZ-8dRxGoDq?<#fJLYrKFS`)Jp>fOKoj
zJOU-Eu2Dj1G7qI55$fx5A6c#etaQstyH&HP&!;bp+t3%TO*?lc=?kX9WO_%S*%C0y
zC`?`jzhD;wi-G0wiPDW<Qq#2I2<EYZ=pNPP$^?=rsPM5jLQr}H$@K4{=MWcR%5J4_
z(`H#kqjjVBBjXlkcXuLvwCizkVd%f<+rAD?a8ziFwCjqRM(X5ZFmmQBR9s9g0Eg|B
zLn>aE4t+|Vu)`8L2Wha`*>T!bvGwKWmgShHKapQ5CwB(@w*Mp^VoLcRmcMh>>FJtR
zQGtws2JZJ4@rZj7{zV5S^|-nLMe*|8-IL=Yidktd7|JGnP0@hf8m_3Q!uFFyYQ(TZ
zg7*Lqg|*<ZJlSxbH~#)D+}lSmBZJQ?e6ta_-WRPJE(|}1Pn8}a_#Et>iu!&>zn8B-
zv~&x%!TY_xg$qv)_)&G`jZXG+#Jrz2!N1m`G2@$cZI>HL-DYhLg|FtdIj2x3tJdo%
zeai=Ch7`A9@?-4XIm;l~p-dQT{5>wQ^fiIv(CqxhW;2d+h2kfC`pWUq#jY~;5JglH
z6jGewI(Q6Y!V~|`5zdO|C|oc6!>fLpRn?<HtEeD-rp!i*tZlL=m`cWJ$)!Mx;4HvB
zEpz^o|CVfbQWj(Z@Kj2a3)$LGlOk|O<(TcGxrLcBS|m}LY(EOO$l^;&){1xfrL2`@
zE4NM(1;)-Byal#QE0FQZ3t1{>^YJg@=qV8X{w28V{z8o?kVWV%&W$F~)OzY;9MvGo
z^GH132JvxiGT60S$z@$u#fo2Mg<4_K*scG035;;cE`AUxya?~SVSv=eg}9aN!q_IB
zdlA{V-k+;BA-jM?nq&mCA)Jjb;LaEDpB36{XKtL9Bg+Ecvh`qfP}N?Ap`rz<enjRq
zzF6k9AqmF@pZ60Yb%g1nA5$KQ_k)^-b^>E(Wr~puS7d2Strvc%XsNYiX&kzz3oLSb
z0-mIUPZEE5d2oAhpUyt=SLJpT2mi%Bd@op7DSU>Jomf4>CN>?!Rwr2pG`d6toTT`V
zMEgmiQ?p6}RI-iM4t=P{5iaIE+<uSSHygYj9Q>ZLW%`sblQ&f{<?kwKaJd}Se@5zO
z{acx{QN;hkUlLk|eykxY7^+N~FLiiel+|Mc0@2F?E|3hwCB*gX-`EQ&NX@k=POx3{
zu)J+kUEDXdoC=C^*jmAg<J1U%@&q}fNdy|+f~^vu6G!+EG}io0I=74UlfY4O@|=wX
z-@<oEhEsUj>;aCS{U}DZud&fu;>^2FQ4{;YKSeM283%~8@izASM(R*xGFp=Tzjs_L
zGpgcR)q?U#E4oxpo?I`5T*ha!5G${%v6ORFDTmi9AuER%Zf+!CA!TDayRf{Dim9H-
zlfU0bw2&gbI+pfO{Q$ka%}|^r);cKH>Ec_#cQF^y2`mh!HBJvO5Eed~7eC*JoB4)Z
z?C+A~?YNUha?Au}!BN<K^u<j4vLQhCzoY0|3QIanSINxZMF-B#X0Y<&SwX4C2oP6n
z)4&_U)5Rb`pU7=Ww^$H%&>#p~LKwCHY+{S_OOhPm+4?(7-L{O~EkQEd2Tzt)YVAPN
z%gj5T2Z$W?WG?^jp4j<;y*l;8)*XnJ1Jq`1`QZ&jOR2{=!!lTx&?~c;It8VMUnkd|
zGD1>ywJTpGv{uEj9<B*3>k-?4O`pcVMk~;@3NO{xU!(h#LsClB-xJSkL?W&udqb3?
z_H4JS1&`M)q|2J}-G(uviK`ma!`9rc;Vs%{9XhUGhh_ISdd9b0+=F~^vu;*TcvCd;
zWEvCpSEu4?`%VPzZ!8ReTx8ow@!SCa?-Tip`nMHSEnn<k{+?tO+h1}NNfLf@F<i9=
zrw>o#F+t;}#XfwFel{GbsBSR8PF&fpg_RJhJz<*yWX(g)^B`s{vKD&<0c+rHR`!8|
z2Z}mH+TX+{W7E$><&INtar3xL;NxaOtj)+^US5<0KQT1qm#}GnJ=~&=KK;kx2YPK6
z-Hjcdqjk7Nb)qca_74Z7E5fPl2XB~*+fS9MM1V`h_3!)SxV!h?pF*X!5a~`EyONIB
z?6&AWxH-ncxvYh$Z(E2>vVJx~lfQ5M<KZ>j9wKBqtSR7hmiMY^g7OnV=S1A@$%)l_
z%P95R&LhO(ehm+!%?|HR&E~D8^RJtDN)gT4+^k!^!g2q;N)~<^_+4X-y@!E^@syV#
zEX*LDe?`TJ%_fQnw>A<Ikah(RJfoK5SnB`aRf*yXu)k5sT78=Ps(+?LD6SEQ4;b#8
zI4U`9c*;{^+ff18#o~RLj+iB#p_Xuw=Gh2w?D_&zbg}WbuzUCOwsQFYrRbTW_aFB%
zSaqAP4#g4k90u<F0_Aik;-0@PAU)jsCbs40Tif@%A9n`_?w*;{^Izd^zpR^D4=|Ia
zBC|T5(!1i-apV<<%D;K)e>P>^ooFcQg+p#2>-Ai<&1i3B>YcXei1d4Q8CzpzS?#)y
z<ltE6J@g5@rH}aG%4cH3uP%s&UGJTE7J&|?*A^r?@C&#G@atyJX!@-|>8aO%Kqd37
zLeFzbw7Q_>@UVl4PdDRsz1B1}4G(b2r;y*K@JM!fB6_J3VhI_}xUH71xqM>Ua|R7v
z!g++p2}!L~8vYU;?)~)5qzs)km-_|bQu<A~8|Ednhc}+5-ez||B}uDMm@%d8!w+CO
z@I-p<5UpE)VJa%-Mf9$6Z@*5f_U$Nsv+;ilE+-{XQo~2VdIeK#G^db#3nOc8gdOQ(
znm?8RnG6GhLmu>PJew*WlkJ}Yd!hSr^Pyy4Fm?Uw(bak_8)K_PuivZ@ez>fb8FBb%
z*0($pu>Nc+aLgd99%aPWVT|=!RN3b`eWczF?p;9~iNcsO+wD{oBe_olcoEicuO)29
z8Rzzt)wF2XADPpl&+w_VwE%aoyJ>w})svdap#srQ?3lUTraLqBpkCUA-?3kojja!=
zR!BxDaI$~DR^Ul;iNPhVGWl8>(Rid6tDOD-4^sRIY1GU8u1s+RZPmNi$Mw~eyYqa6
zFPa-j%X5q>R5SJG-z#K3+r>bd7#RB+t7L||KDm$LI7&l!>vhUy;`MQ_8ujA$Ia!3g
z+I!y@41`*CBBv}hSi&0T-hDca{EBu@P5i7^sVGE-(<ilrHdccltLWU)H=hnxXWdUJ
z<ZKSJEeg37$SYUnO`2rio{;E(J+wB`aKkv&HfWWhxt*0`RfaiM#gfaKBobK2xvf<J
zl?Y`E?g@$Uf8U{K=xUD-VXv65bJQ$FFtQ9n^(n-puFt6lCXI{ia#0rUEVkzw+w`uR
zx9R`q7=?%U{RUQA%!o@iAcG?71aI2V5~iKRVGEMs@x6RNtsOlr0vNe)4MvE-TtI$?
z8+c*tAPbKgP3;nIa4TrGpS2GOivElc3#CoePFusx#H0M}J5A*Ry#0<#b%$(WNhK-O
z;=}Pzte}WPY7Fk->ZG5dMYFd;Wt^_yh=B}teaA%u_0APYR<p_*!K7xFR~5wDy1dp+
zUO%9l&{kpyNsCx#%(RKF(fs%WNSV*2<<*J*1#n!2^aA-z5jfqaa|thtI4C;i3)1s2
zskyP!^lr5@y+8Ccy(Qh5yhIBBFIGeslv^y%hnrhdWU=<Ax5RWS^9;bc>Ob>X%5Kx8
z=Wttl5Q<}{;)dx-Sf0RK`vmB*IU~4l+w>VVPV=YmKLY-#k05n>X#f}3R0iogHT|q*
zg-~^Q<SkLXV=jel+hKd__2w99BH#Z_Z<BTjPCjeG24reE4L>uJ@75}`!Tv|sA=|E%
zSAd!!ND;BdYE@6~`Tg+d{=x@mXVe<?GAkfNnvK(K%8amc0MA^{MuTFne2CQ*`&Qyf
zO$vD!lctG`bomgmh%D>GH0B3^Xwnd2$xr@TWD-w0A%KorM0ltQ$kh(71O#j?LW_Cn
zIXVQdC{N9=(bUP~uINDFWS4;t|DMjbm{shzvkqF9<}|o>8$z~4z(y1yaz+pEu~x~S
ztQ8I4<aBF-UzWrbxV48kUBf$&!|(Gs^xtZk$|dp&Z8Md#AyXMRTI01l|0#@hjvcq{
zK#QZ7AUSRic3ZKFi0`cdD^pbVD@bU|F7+BhVL|!j2YjzDx*0xoT>Y9c2W^0+J)kjw
zs?;AAPjM)rB1~*{Nu(Y_TO)_ol>DcTG<$>=4sdif=Yi`NfgMaZ(X%^9Q?oXws5{C>
zo6^y=Yj?nEpI7zk<#ViT)$Jb+e(-8tldhvaoqT7O#~v?}{Q;$K^!}4=7{dh#*M$__
zxhB~zY2zCcI6d?4Z7RQ78lS2I`vRJoD@X)Kyhhl%g#;`xvU?k7n({+vs?Opm@bo?{
z_pP+8Q`I0<hD+%#3_Oa+_$LI<VWJ>liwXR~S?~6zY3Wp;rAD(P4bOZ?HDVsLrhkX~
zq|%$LP|fX47n%C1fm}yqmU&QQ_VpssU_G113Z#|Oz6K&p_0b{?Q6SGKIg27hR{HD~
zrfNgTo3_#wE~eBmz$$(L=ZrY{@Fm#olE3&Vu5LB4!nA|=8cGimk{N~goPj(+ZH)1z
zT~V2_wB&Y}ET0B=z<SYQ@!Isr7^hebEd~W^^Jn<RmtOn~qc48&_I<|!2yF@y$b>56
zWIF@jG)wMc<Vt#TG3>%{3m+RkFuW=pCkv7S`~6QnB(pdTp+Y4^RN;YIeOVQJA}k7=
zMeFQm8C_x|%vkW-^Sfv?^`t=G)k+B5K9ISd(sz@SS%EV$C0BRVySqe-@w1^p?Lb|r
z4bPJz2#E8SB9P0n&N8#g%|=Npv{jaxe0i4~!CwG|(=?m%Cd_g+lXH%I?1?Y7oQhKC
zXj<qT&9crBs|$OOe;_5anDI@SA*yNSJ+zYzf^0F4*<$xI>QJSL+tmuC@H4aAD!JUv
zICIr<2@TpLC&=<T!xgsSWFk1aKmL)Nmj(`$#SN%oy7YC4qX98biT9${lW_);W2RIV
zr<qd`y${}v)VOwO^5*ofC=4(5P@Z%GiGO4aCxTZK<tu03AcQ?$KZa{4(`41yr8!XU
zKTPRtBOLtpxOq$;6#o%lufm{JSyqGp=oHqj1Z?R%NH?}zO|q2wnxas9jzNHY<S+&~
zyL7u!k|BG_lCn+S0U3e9TNWzk<&j?3NS|h0uTr1Q*a-iUg)>xpZo}sJx4_C81q*Ep
z=K_J@u^{bd3$U4S&0Y!NdV2|bhu$FeA>ZC6s=}sK%-Tj9qV-$^qcqtx*N$O>I<@1f
zbNDV%!m*bOw9TNgLVZ72p8Z{=nB%JW_dg%>P+T`!%R)*Dl1y-?AAAy-ggc+?#O_I%
z^67!HB@0@F;XnFk9<OZJ&{E%*FtX2ov73uliJ(A##(PK~jk_!E1i$c*DZ#>@3W5OI
zCQJGLkA?k$ZDmIA6uv|TbL%Eo^#Lo<eA{1#0S$a^b^bFAgj&5<#30vvsz?axg#~%a
zGO26gG){hoftfg_ZNcJ`@YhPRXPHL&D%PeY-yj&s9Ai9<8Q_TTg#hl(Ub{Kk{WBmZ
zwUr;_6P^aSG^eOU-B^0-$?$5B6u{|L93)Xp*OU6sLA1?C{h!`X{%<+~i*4$;rA<xb
zF;RF%(twB_QD$Ob*JJ6Gjc8>9mxu50RdEbbcaO%{1w4)g3(AH>RxD`KkuWAZM{Wpz
zpQ9;wOLOw*hj!Z!mT31H)}sk2Y{|UXXy|7_@n&`gPEQ2w7Z5Q=CnC2p=&lYlQtCix
z=Gn2=ahaBo;n0}ehnr+yYRs9&>UAfx7d4`Wl7M9k#Lvk{j0QaMqs2_JO|X6AXKaV>
zgF{^4l#@tKO9<H{gODXJQNRc?*`oaf$OOeh!>Wwx5V2(|c>)wQKo(5)TshPeLC363
zrO~A69}fXp@rZw5|2GNh_P%c+wR>B}$ywR|E|J>t7ksV-b(R~CVL00eCyYpelQ=VD
zDIY^vTUbb!Evtim6k^($L@+G=^pjp`mAfb8+iXyYEjPa1FUikvoxxx5bfArk_i2I*
zy_`0EC??!;JAFQNv3<B|afG1?MR#WyZKK&}zVmUj+?rpI_ffB0{bLy_PQ=o91mdg3
z7>Np0{7Xd)^Z86<lLX@3psh~3zp-NWf3tviKewk+J+NB0Q)X_XohsoDa|o((Yar#=
zZ(^e)`LFR`Ud4XM#t0mzVfcnB%#h<f!++;xE@Zn-L9O%YBF#(nJX@mhYr~fQpgL^n
zk~$Un^z-dH{HZkWwRx21_HjOQRWu$yGB|=%D{5}G*fqsMF5F&tb<VJUb=_ZO*sH!u
zE+?sSkVDkUb+bfC!S$2EmJOKx3w7NQQWf%XpDRdK_Zm<3PO{ESJ8Yv)7{c*3cLxiZ
z=yT|g@Z`q<SuSNFc_lT$vp3Dk5S*Nv(dpdXAKpMzfShrL#?n{EpE7wVx9!JLtCL&$
zjykBI{FvW#@F6S6$L37u>tluLj1!*_yDE{fl~;Qn)BByg*RoRoh0kFAjj=>O)0gnD
zHDJ1&dXY%dE-h)pWbt;XQoI^xw&W%+r($s?WjOdrU!Y_68bPI@pPI+!nta*KG#pW9
z+-L?^d?4;Hb3t4s3Nlkf%Rt@e_S83OP`~C`WQwiYN4W<q?Z}!ri*l)@YRZl+ZRZZH
zj~G9!5#tw{LuZCg+W3C8eV;3;6729gYrF`|lS0W;lTb1bo13+Xr)aL8X%jae4t*yR
zc`&GGWS$4vDkC{2D^E>3go7j`Dx;-XRSYWoWCH~?N(zjrSr{E;RK_ukzt(SoarwAM
zhbqkg!`ieS?y=kD>5U-tiob={mQFsvfI!ted6x`B(a*lHA+OdxdwY`P+*KSQW9`vD
zXJYIYwT?^|r6kp{uE}#0=N8?7*IjhSp9w+3<X3q8LvoBIpzBf)LsRu$RqelpuPx3i
zqyba)Z_(_B5D0ZamIVz7-+-_ARLN;BDONH*$UyQzE^z`bK<nBRD5R=x;bck#1Agrh
zZRa3U2vf(wSD4APNR}|4XDfU|_EQAzyA>amz$dR6i7m%FHb1o1&>_wCk~Ac|z5h(K
z)OQ3qmuoB=*nbSaiJtSY&f<1QDYcirH6EoJQoifZvE)HbKi@9nWcL`pFitv%Ou}Q8
zeqetXhcABc4v8V$^k<R@#Mj0)C@g>4tm`Vyxu_YAtwsbzz`>)8i@EI|FnU!3%!v|5
zwrgsMhpvs!^lqqy5Z;JSH<w)g1fPsXkr3{e4Rbwp7P_g8wlVli5EQJj(a&}C66r0x
zoN<2tCAZ9(&>tQ{IN47a-qDqkX94cCI?5^kl-_l5C{Q%G^lD|T#6Gq;t}?yQmel|<
z&;A|_{-e~hGTIrAt}ArCl|Z<53YL{fmx-tFkheAIJnNZl?mWmq#CCUx;b@ntt59R5
z+Ty#(K23qqb8!Dh%+s3YS<?IT-rrf?s`k2%5^?A6kkVDfAQl?L(`P@H8uzCPTu?#Z
z3miRc{0@->RuGESkGwmG<1}zVYyDd3ko*v)D1-|ym#Q&buXYD&%8gy$%pKk*>th^}
z6>|Ps*nFQG_>jxAaWtoVw^U@LEj2S}(K!85S~%ZGk2$xceWk0P0|jah)G$D-Y{tBn
zh@N7EG&M-a=6%srLYASrxvZcc?L(aBaoDMedbws%uV!3AP#AjaMW_As8kV{^ZsDTe
z3;`#Go3Tu2gC1dpI_~5Wz>97y%9I?VgC{W#$3ls_W$az0;b5FK*gBZ?+gV+SKRj=>
zt(bam59yxY37hMvY|Obs^!#2l_l~5u_g$2ANpHFLLc-Xm-RnE5k-db9Hr$4|$&zCj
zui*9c6KRtkOn(`6(F?1p#$4_b`N>K2rc)B#A{*-)nhGtMigxvciKLt<QV2W<U4m2*
z)G`YE>qbUXIU9PU*uf|}G^baPGRVW>UQ(rZw;2tnPP*GnXtu}M5u3xZ?xwdm{R)x)
zsJ_>9TA3Lx*e3rPmBnA95=bcGCR8Dk7TDeU5F+W;G({@GFWjEeE1y#ddYAZXIE=f~
z^RoVTR8{({x4&E4oDYA`F+gmI8JTADHYhI6=D!iedLYD46cd5p*d6wI&8w<&U0t+7
zSI!vQ!-X7>Jc)|e!)u@=&^0plt__s0@%Jsplef!&pqj&L@Ia}+;<PZ}BaLQQg>t2s
zE~2=N5{tp2KYjgJSF9VFw@D<WB_Ekg+6dOM$_BBzCgV^x84HaB*<&=xdYFi}6YS5E
z``W@d2Wzlnu4VIT+i9dOvAY3Jz^<uHe!0^MdxUu-Q5RyJ>o5ssPR({~Jz$qG^)_6*
zj)KD;0-bi_svSgOLm_L}1ogI5gii@HM<sFlAwHb*#%7T%(QYj-`P4nMxy`U6I-Um-
zG6*%~8P~?gu`LxA6ubdpLlwQ7$_V?AwJ$cCY<`-KgM9(Cu6xJv7oP;<j_J4kRe&rQ
z+BVOKtw=_LG6E*CB4C<OHjdJ_FrZ{EZJV1s1S>o^MdUy3cFF!wQ4lqf`15!^D#@F|
zqu;@+h5}b#Mfbf8|F|%6RQ1#b0fMSsOYa{far5anK=jA$HaTxUM$v6db@d+eHgM*m
zuJo!ymQ!S%VBZ&&dppY#U!YfUUok&E(GbPvdHhMIT1UnH_Us<ccgywXI>)WF=KM6|
z*;#vIg*cFO7U)%%dX-njN2={A^l}qKE$3jEQf$i8FpgDlox|_jefVq+Y<2h1Au313
z;nn^H&ik2v@br?X_5`j$ot42dgT+4l&vRi5ys;q-`XI_Ksb3HX)xq4xVkYipVz&A}
z3lH_Lp#~yz3Trn2PrH5}$|txWY{J7OeBZuN$bpP<8NyvUL_um@Sf9-(sesxdo8!l*
z>i97dWp2nwL^f_Dzrc0b@+B&%KRsiYCTi*$m^eFyY^KsLeX8TzTl?BOH}g9WBSf@)
z<9U0h*vfQGKS0U&N~9gCqdFrlbt))is!*4}f^wq41;?z^7NYpA*djUsUN3nk{VzzD
z;O8D_Je%szx#B!SMPFqKN`k3MGLNu`JRIb8fj$f=<Pwbt*xGxl$wQ(2%R)~Bp}cE`
zLL|G?8Hzc)jKBp%FF417yHMEk3!&%~MFsjB54e49x6|47yK;MKH((l2DXu%>s|0sW
zwzHNh+!33sJGllD>d7ed(s0ZUnoVRaa>5$2$fsxlX;^E__guFC_d1UBna1X<M_y@t
z{)!c-Fd_^uvDjG<)>|xRV!=(~&C@;(^{pyXQ)pCZqA)KkGPXwSaT{F~{-bd_`ib8m
zn#A=gh|@hRcJ8AG@f~4ba5@3&C3z;0#sV^;<(=^4cgIj#$MECxNBkzf0&HjXHT*el
z!k-A3`l#fCNh>aszSrEP@m=zQk=Lj$nwNQZ{y*>esz8b!e&yq|Gu_(``a+|hz@vE8
zG>T-uSzOq>pX`#I$Pn0tv_xRvK-O#0SF`N7DZSDzqiWaz!-(xlj*z0lom$*pr=$=w
z5R2<0ES^V$v2YzUFudQva{kZ3hl{2#X2vj0OH$^orc8dW3ws3kLwLKoSIY*;JL?T^
z#G+6WWm=hWQ03Zk$YD)b-Tpj<Z4|}t`7~oqZq%I$%yo=fUgWQWJZ?CKW09t5*tdUx
zUWO&*GZ`z}86t@YT53*}%gBVqYc3V2k!fo+pGNvy@hHcuQ5$`e?9qz5m3v1&#|-6?
z3#F5{<;<%{!3&BmU?t9$n-SJ8&>-m(P;&P!@VoFa&J7tF>{!OQPlT})oe&}R1=mZS
zVSDj2T<d&;{m}uR+H?7$TOwW<WH2l9q7k$6##d`zp_X`#vcek<Hn>FH9yc>ikdKPz
zeX^lT_7-|PQP#_y2sNO})@iH7W^YAJq-#jI4WTAsKRiVmDSscw-tAyJhS^)WWTHN`
zLXIr_!>gyGKoK$|7kudGT;~|{;B~bG6WMFyC_8PTjBcCIjexsGX+B|Xvf)6{b6B_3
z`u(zXk_zzGkl^@o`q1pAqybH|^t)&ZD}zc{(HW8UN=-A#I@JXi>4deF$*;NEsfePC
zA>Qubb=AC4m(Ia4j+~6qW5^6@Udm-2{9qC8B}W8F-4~`$#Cx{bx0KsM4z-8=AQMN<
zHMg+{j(e1(#8%J4_j~VgJ~K|jG}4>77BFTJC)AA-{{H2-ftO@)68T+soot{EC|jbp
zL!(GImo^KuJcgFV8Fsd0aTaMkQmTcl5_7HM0g&TbD!hh_36B;~R4<lB>$XO`d*KsW
zoNh}gP-OJG&7^3rxIh{RcALAdeR_+8Pt)jn$V=op+H;@aQ=if@?fiNAS%4r6S4ECD
z*Cww&!=g4XY4V~tFN*Y{Hm`cD<yL8cvrWM;Xoxeo#T$hO%LVq}k-2i}1c+p>yke(>
zKIL0quZyK^){HPoz;g~OhixHy)@2X>g8NX3slhqvq#WPr@mUz>p4Q3c3(48FQ1iPj
zYd)}4=sr2_jKt9<`@u%TkkSLv2*_D_RNXpi734vWO-FANByGsCG;D{I8kaFfnp%nT
zSeHu)AR~i^=KqSe{eO`Vlrt!|`3+Vvb$Ww4At_a~@KMX6kWF<cFJ%N6Rb8lQn%5$6
z^VCZ;Em+9V8mv%B6L=^dmN#u2PXDOf+oA9phR7Y%ek}c4O#}DBv9;@DHcaYHnL#*p
z)=!ftpB{&d2M4^WNYilOv`LQLCI|R@Ad63?Gh=lCq40U{2ZGKuR`^{l3&pbAgTwx~
zPm$D${UpxMTF+73A)}n+-7i`_nC&laW%Q{1#)U{?OjyrZDc-DR<)U};j1y>1=6TF|
zcvnoo>Q`@0i&G{RQ!{SP<^2A&XxdURy%-`>t5~c%Ahp;pWwqE3jX}yok074YIanHw
zP@IvPLUN#0FTqEO3xuet!(;eNNWvT!+5%8IS|qz8K1A7=MV=Ubf+$p6nu5CY%8z0+
z;-nT1r7{b)@vU}sAt8g;VWm>K98*a)Vqt(BnMf<>6zK<KMw29-_%gmX>+G1^kUCI)
zCaCPEg61mG!0$}G8(f)iexdClVHowCi(nrVcEW5QV1Y}frc)OAgfDq&Sn4P~JvXs%
z_=M;9|4I-3E?pn~*OOGIsEt7;!b(Im%tG`G8mEs9oLL4b!aFeN*PUZT{-v_#FOCvU
z3)qj6!ESh)k^J%UJGqnZTe@GcN#SVaJV9U|9oAp|(!bTTaIjsEMYn3jYBX+^B!bEQ
zEBPFpSU_yGvPss2KVbwMKjh&WAMs~AU4My<B*SQ??1t#r0OcPT5O=LgU1Xu27xD20
zR*sj;zT&~a7+y8GsUZ3b$Hb>(8>AS=8y&YOzGtc>oKc2jL})plK0xHK;O~d$$u;)I
z<ym5E3OK6-R_f0Of19vs+W@6tT7qE<o-6K4oIv@`o<90qWUAQ`ts0gBkMC&xQzAOq
zYpW^U(a~VtA`P~Ur<1;I;IbvJ{7v}6{19$d@CI|u+%ctzB<jJyMwXmI)qcMZ5B{2l
zj+)VAyTr)pT^*856#M}<WsXVD?J34#%k^=y$y5o^d?U7AAjT^Kk7ZkvZ<{0^^=Jt4
zGhFvw@5c{2hM`}U1j%+jBbgHv2az)DCr&F}r}PWz=i0kvLvpx_ws$Dud3<>xj_q|A
z`|l6S2K<UDN2cln=<%W12u;mpEc^h5wx>!haAOo=8}KsCG!k`+i3Mda9&d;kG2jdV
zw~uh$`8J4;>+pA!gfexXN?i>e#8T~End`Q1AS<spjYM|q<?(}qTVXiZPY>%T$tVlD
zWZHesBqVZQZO)vvkkIAM-_CCd>w*z?WD-Dn)O6D-qcV7r$EcM`(nwI-GgC=wvQ;g=
z(R9AOPhV81Y~iZPg0$+s&N4OmPs|0}KHM`z-Gp(7gNRi42L_qw`!>o#Tdu4YLoRnx
z8*+)<;I{<wFUkdE)7Y~&z~-$1+h{_rR0Me1j-GK=jF_f*inJwarEv0SBaoH)k}f6@
z@{}@nhg;yNe=t5Ggi;YZ8<qQ`vli^_k~EjRs}mrg>fOT!PY<6kU5VNrwbSe`?WaMG
z!?05t!g^hFf|l1}LGzjAz0y488%3p&+bc>v!KEDV6MI1*CvQ`dW{HXlddn2@$$PPm
z(jR!MP5RpsT5@erQ!smPKq(Giu!(ro2i$VAVLxGNb>1k1vk6CF^dhh_$EG{n{3ycV
zeKbqhbjlKPEAF+?2&PH?Y(P~)O8RG6&RjrKRf_}Z3<G(3qCa^co9DTgV?1829C1s6
zku8o72g#o5_<%*Y4_^0jl@67HY6<(@1v_CXbL{a~6Tpk-Hl7T=5&$ZW|7@a!&M1HV
zM?^v)WoDXlgWx{QNjk#&iecJyc2O9F=LmLuzB%F14iCp&9Kt<@V-R-qjlk2K0I7Jl
z7b}4`(tyA=jSKHfIA<?<)y)e#QF(0QTR4O$t5dcTrnF1hjz2?~a^vB;bA{#;k_90K
zm$6uhOv94?zMLB&?=?v082fVH{~Z;mrb%HpPz7o}FEaH;jiyaKn;q`R`-k7eCO$YR
zok;%ir*OT^xc~)~qJjZyp&y>?1P-^yk8&w%J$@7vg0*+t-WQqVSe|;X*&WDv9iCDI
zE`(Bt!lwedTyXqcpgz8uEi=cnq~v&J%nl(9NbKo53x$*y4X(S%z5f>eiRedlwjlYx
zyYO{}b+bD|;VNr_l{7pgPAdujSb9i~BSSNdo}zA!6NHgd0{%8X5G@X1WSlt{Y<V+f
zumUX8m>5|4>TW?wOZl4>%q6RwO8biF{o$v7x+_^1bbA3)XOkX)Vo1>iia_R}k=@8G
z3$+srwfF1guZ*=#L)Bh`@I)&Vvu!5a8raA+a#HXQi?K3D>gJ1@8meFSX0Knm%=V?2
zMiS>EFlzah@O$n0uzmXLKUktcHU9G;QXgFmu$mKxFg;*4tMC6+J7J@uW=rK6sBIC>
z;$&+BeC{D#M%c5q1yIru=SC`yL?S=FfnS-YQbBxaBsz_@?4(fWQY?;#)j7H5dHIip
zvFD~`WcFu_)SjdG_Y3LouE>Ykl`T5{KIMSBFkqDpt}6NaNGOs}f{u!1P9G@<*l>p<
zYO^c#-{E0y;Qu~k`K%s8%#%#WP-#QLBmb#4WGLNf8!ph&^5I!egKlgVNZdXpZ8;11
z29kg32K@_3oLbR?yc#Ag6b*y2+7{JGBv@Jhqh*PwHyX6{Z?iY$%c7_^eRt{ni+559
zK$bF^aUyS09n}|j7|KLRtP|Gp#^1k%d*nwRd~LxwFj3*Kr!Dyr)EJOS?!V@Xcp-p8
zdL3dRO2{sY*<sG@R%uMh{#@1U4T)%3q{kiItCVQFN_GkHd;Iv@9s)}j<p$?V^zwa+
z#~iHryJ&zK9#`u%bE@|HcWF+j**FDS2+ipKfD#g3dzC2jwYvW4IwsMqrg})po^LWW
zZNY<ek-kQo)amhTo#nPj^G3^$Uy14)a0>xe244Ql-jBKJ@}b^+qOK!ut+LPq0%PEx
zM#K96TRGccv-^Jvi!{+dk$yeSxmSTW>twK9x%~ft_e*UE=W8v(`Km3#*<55h-uvMn
zxT)d(&VNsi2Nnt#;D0<LB5j%;p^l9X$3s5%>_ff+VSvD<e}q3X&_G!oq0z6_qC8%4
zTeE6SQT3r68|?7>2-lxId~z^HXQmY|J8XcE+_S_p<y69fAmP%5^fQ46IagF;d?`|6
zusb!>{i?c)V(I*<+G+ueC0;Jqg)~A#ip1l#dv1hN5ZH7`SduufIvYgm0a4LLY0vmT
z$2m?*6|3Xw`ufpZF7<6_8=lG}99D?E4o)g*t1|vRYSP**1NU<AP(tuo`6AIJ4B?vR
z9ok}`WQqwJqkRz#E`G3pvj)yl3{I2^D)njkq6W4zT2<EDEE(JNLdUi~{EAn#;a=Rr
zF^Cu$64^G`ISk7EC$s3zv&6jM>?GSs=!o<dext7Lyq#UbR0;{I+cjr=&!Ao|;Oqvz
zK9=x7yn!oat%(r_7Q+-Co-8LAV1d72bV}fNshS5@8gPC3d*)N|<b97%9vsVG(ZsPw
z1?>3GBtrgzcfF&t{D!03YQA!W)Uxir*NS3Wx_-8<j|W#O;Gl`(s`dm+Vo?{H96>}N
z_&eU?0>Zfbi{Sn?E)iFCVRXoOrwW^IW<t5Wx0`5>kYvW0vP+|qYIH`F-$2=T5ZmMc
z=bwtK0`oVx?n9gkKZYb&Yz*W91B48lKXN;l?4zPw$YiZlCN%Ww@)AT0&!H^O&k%+(
z09`<$zr&i->p|rQm8g{2^h!GzaeJyaTx=5cGYSWNeF<NJD=gAu+DUHb6K@q3<=nfS
zfW-*)7yn2O*!*I!U-5RB%5jAR(!ifuHKMrx0SCn@`Eq=I4);pa)!QtBABLBie0k>_
z+c^C%^Yk17m&DY$w2c}uLl7*ukZsOX@4Bt^T3F$%&XYLbi^bj>S$S^%{um#k`h-D2
z$?C^Jh9bK0@dw}AD!2BeNGs%!{fF?ZQ*N~+psjs&hBA;Vkdw)C<5WH;2BO0drP*o6
zsDs$Mq8gcwGXf@@5Kf@-_9rOaBYdE>%>9!~(>es8+!**PjAIf|y?{)Z@|3?Fm#`3u
zSQTRa6{}aqWVC-G*Skgsm3C-T$6<~L>T9(%D5!U0hu2XWVB|T4`}e~uO2hn%y;zRP
z@*VRl&7dU|%s8*;cs%r^{`L2L+=1h{9IEo*!aO$9M{SE7Azj$;nVZ8<HBjTX>IYLy
zt?CkC9jGfMSY+!ON3J}%ry}W*W2GqR4Vt8VPu;NXY=DIpVf%P;hZzXqgE&Lm%0aw}
zzdewo6Dl}NP?3@rb5_Gb7$I#3RCK)3;Ft(P=T+f{AF(U^gJ6g^VnKjJnPX3LkVy_t
zut}wBfewGxljfd5eN(T5q|Ba{B^$co6I|+B>(g;sJsmUJ#8@_;N{8eE&&YD^)M1-{
zA(iEUI%MrgaQx}+26k3GeB*>kC!E$nSbF_=64HjyoH-)=8SbO!_e;+qf)*@;e|K(G
zyE++Mu&*hEzg}m`6R>C&D}g{ulp_o_i(B{u9TwQ&#lZCQkYK0HICrv|Yu`mrGlBro
zh?m#EXdOZ<gK!i?rzocJ1a}#FX$Wy{jU7nOY);SxbN$JhJ3*-rpx`_gbckORuv~0S
zLlCz|r|B9~cQ^R*j{007^VKE+eN7xP$+}Li5)IYK7*E3;SIm#$0m<dL_{XDO9=hp>
zbNaN2R*5`mtJ|2_i7lvKE>fJo!8t=g^byHl)=E12hzvn`A^`0~JP{ri%446HWb+>q
zGrvS-#3LH!-6PWDTaK88j}RWj239g#%>9k9>-=;W3q?GW9p(M}268PP75lM9nl}$D
zQ=0tJ1<8fhKHhtOQ(Fy3kO;DyHwtW^DlUY5C`K-m*vJxrFFX(PPA6F9{x<@?q8N_w
z7)ONNM`}S##ntv*Am{I!Y<F6iA+Dpfx1c%C>vkeOh!)EP#d6&GM0HQwKQJ9!yTc=+
z`-qea#|`13!>1(v(ERJ)q)~*=5|Y}~c6Q?r_LoOo#!vFT_k_oE4l~zEqn@X8a&I{B
zCuLRcd4c?KdC$aTuvG!GId#F75~n)1HDc|d>oo3&o^xEfJSz~!Q1SF#Oysk#;Eh3i
z7kx@@vd$S}l|6;*XSo8vrx`^H#hLAwUdmhOQ>OgGj8wx=5k&?|($i!v|1ur#Lt1TK
z6YYXJ0dP=T<U*zp6u7H`!CQ(^kcBW@sTmb!?ln1M$o!Vndhs^9!#nn;%(hvY5tB2$
ziI3^))t3C858RFP7Oz%3VjogWDo_iW92WYE0wLq!pPY*Jx{a<wHo@qo_9uKuRL`YS
zz?ShYqfzt%PctOsBSMbde(u=?&w~vpY1SE3F6}od&86#>YP7ksR;fkKrtaxPijoZm
zN0^;Yaq^PxaIG5rD0Fn)bmlZ#AaIilr{6RmXBFyoEMB9R*AOusn9FjL`?5qE=O<`E
zDW2Zt>uBaiGD$P83OUZ!)wD)9u0=}eVVRJbSORGbQ6vvZ9E*Hd*kTQi%N@IW($;rH
z!DFr-jPtN=MG!ZRH&7$%u#jJ!Ef#+=GSzG_S^}R!M)4X3Z{HMUP*&y5Cr(-2&|EIs
z?9MHS7&Tm%4K1ZQ@O#$S%5rU;`ZD6W;D-87(aCXPBcC>r)P~F$nT{(2EQa;_HbC8=
z7|Fo+7%D#nFO(ji#2X%6i(A%yK^KsbU}M#hP%k0&VTvL#Ee`5|YxSYJM6UanILS`h
z8Och1f%GWC5p5GJZ_ExwooH7T3vY)%2%U}tR}P8pqiqBcjh6%-f^_|uo~v9TH8o%m
zJ{_J3V}01apZ)020qI0ssz4u*ntExjQ_73JyvvERh7Y3Eu2AD!m9u6D8l^6*G?JJ_
zP{M0`(5o5IN78XLilU7b*{FiEDS0RxKb#d9E3nx<XxGV*K;3vm{*@rG*mOoRiVLbf
ziQ+P}u1U(Q1kh@FpkxRQX%7-06`?KHqU<EbYa5-xCYGbK*y7F-m%UkH+<+(t<MOM*
zZWqs6*vHEm-QsVSx(+KU$C0&NxV}nRPoiG!Rno+2E`^(=2IaU&QE7y&GdlYCU;g3s
zF^q|Bqx$P*1#!&Ax$iisbK9D52U0TJe+~&$Hl#$_oQ0DU<+@1T9U?V$<>!O9A6DRA
zPsNpXv<62zJj_+uZ{Yg>v5<7^5gWE+xPzy5Pn05jM=CQ<lpa!!F9QD%yoy7r=bltF
zQh2ytlo;|9y<g_cRw|=2CLGQ)B6SKt99OhehjpfEN7B;iO93dW--j6ihZbZ7X&%nE
z`Ifn2DMBpSAV1j2`}KMb{9SX0zvuvtw6HE_**M&}kV`5Tr7I^ob%D%A^J_d@>kPUq
zyh=xh?iSZZzGm%A?a%f}nnJXA`?kGC=R+xv(V-EA`7>NP_2^)Qk+`1933|tEgm~iJ
zVQ;w?JV~h`s4=I=&SWwLWAt)f4wS)g4uatn3XV>#eX7TR)amDWA$k}JI5ExyCObW|
zE}%WGNJW8>!i8~k$6(BVx(i?Y;5|c)Ey|0N&)ja1#ZJR%xBphwTZ2?^e}M36%7;<4
z3qmmj-kUuZ&_qm;BPQ~7k0MO&`x0}i*ADW`gPt<B$dxdnFF1P{%~L$KX$aoQHP;zt
z{Jyg30!ls>U#N+qUQj3~dXaq0$;(dVoZclbSz(dW`qcudmcDx1te#zqq=R|%B?*RJ
zvayf({SEeZ2}DG_2*Qs@n~b7EQX_^h<Jl@9tU3WX=h>n*qV)*Z94I*?g!sj|{d=31
zvOCrJNnIv{_nVe^f~nFF_evpCGHLFrmtvzcM;L8+s$5OP)wtLsRKObDt+0q-RHfg)
zkQ4$bRbmet7Ds@{XtlH{6It9qOew5Ch%Fgd9=*MA$m>F_Lp?Rg9@<etPYO}Q+J1WD
zA*SZORh859(g-bVg$$-~jSF_7QE<%%>Ta!DTrC6gh*UueH82<}S}f}NG@9|UVS;SJ
z(10V;M)Df9aY7)A15GG;BE#p>88=<NMLX)rcNub_T{LmbSIJD3eFfW1<dw0VD4Ly7
z6bvx^TTWYu?6&ZL>n5&ydvPj>MZJ#Tq2NcwCvP9$G^&F=dnD$H_Y}9}3hvhPqDg5_
zsVc(1%gJgT7E#Iihj<bQ8;QP7knJ;8r-=2ktt_WU@?)LX7L|<;%P(TcFy+N9+0FjF
z`l}5ldd$KR1<?qTH9=4I)3MJaQWk)h0PSM`6-)i+1PbuAIBw6_>T1(a|HDro!~c7P
zjBl-aje32Q)~XKUqILs2JwRG<v8=;w_oT_`qZfB3e`Z`dC~U`m4EG3$f%S$;4|{Yl
zh})@}xTQg`Nz=q~;9ac?F(G|CZsGSNc+C-Y;K*+!SYlZ<$!7VWg(Wssmo2XjS8Um^
zY;b<{4=tPpP&)r6PW(el(T3-i=$x7`bAUO4PMX=!@N81Eo+>r#V;ti+lwDd0J*3MZ
z#^n|`f`%`eXG>Y;OysZ&$$aL{AFuiYaT`2d4d}vGTU5@3Tm<pT(ewO&`#!ow55;0O
zTX?Q3?vqoPY3oNQC6DjQm9AI#(SDDNjH4hr#P9N#aO-EkvYfH^n)f8RZ)_L*4Zi*j
zzG3Jzly4fzM`l6=)ABcShUBH%Ge170J<}K{nuy*lc$XPysIht2m(9aC^xwku=QYBM
z9FnHqOtBo&Hey%}vKzOA6aYqhny57)P}Qzo?ce2Q?PPQ;o`2@8o0f1>2`Jq}a20(~
z!Ik!_xKau|Vzb+d2>-P?#$wA!n{PBxcX~5a8z5J+ZobVQ8bx7ti6<(gC5KlMl##=z
zCWQ_C&epjRTx`L+Tn|$0W<M^a%0X81O@%ly(E#VoFX2|4n41x0z;}poNP!bRIn2OO
z@$GN6AQO_J0JoNCl!S=<ip#!$(|bDM5}uH_EKMl9?=b=p@xF}ZThH;AklE;cWkBVK
zbWB3zc){i&1nJkijpOmi51wHf9TaR4!Hu0PHUIn7N#Iy%Cr_de+8lZ@V8b(<Tu12+
zXCWOf2*Ny;T?6VyG=+O}$x-E>PTyc(suT^9RX-aFhd+amY20}7U65?Jg%I}FE9_JT
zB<ZP2V`0+_Hn{lQ76r7iqQF`M?<-a`VzD^=XdV-}IbEB`vF8mV)KZ$u<PyRyfl=^?
zir6TNK*$9aXsrQ=G#!TzGe!3RX@=glA3U?rsf_A$re-GPL?iDfgznr-=d)vj(S5ft
zau{_UIbiZSk0Q@9LTCN=!Vn$5koossV=VM^6ZM6`(m@Z8MIRt8I-)Lz`;@-)4;1DD
zHnh1*{I#N&(6iuqs)*wl>Tf7L-^3a6ujV2MuAM36hN)wfC-U1BeBkV`jKgpTu|pI;
zf9<^QHvMyp(3A7pf5$*hXMYAlS>O(Df}t=GF?Y*C@K#eV9Q#ClSdG*979ZMvJ8NmV
z(V|^fKy9n_P-@m?q}Y}qx=JS{gTqMq5^|#?v#IPmCQMW_3vI#(;lA5;HmyBrN;rVg
zHKpR6m3bYP?n>T+ueFQXAICZat|u90<%HFyI!!=c@~KkXCPizCwy%&z9#SOI5EOvy
zI&<j|Yg?wK{`mMSS#(`Qkw;f+#a%a94OaVhO;$H9iisR!e~+^v*mkSe<MwS9d|=zz
zd@g(U{`(U<TzUCXbBdbk`rE>Su;2s7QA&>CCNCt{EuUH?NK&EGSiqPJ@VLQ@M#5#x
z#|**6zd@)*rVwO^OKd7fyhJA1S7*e>MkYm5HQzc<IkQM2f)B91P!Q8SS;8rpObt7)
z+fanhW~Cpy+9P{xDVI1bV5N?tHHwX;?sAtP)++z*<CyW`xM3mUZ~F%+20edPfAS9H
zWU(Yqp3nMq%=t!SxXjvJw`fjx9X`{eP{KQPaZTxMUc-H;+hN=ctwwfz#BhI;JhJN$
z3bBCDgb*O3r{f`<>u)*MeB_sBMDK2%_J`zbRC?BO`3gjPE+?@+rP#40;%ijlx-yAB
zT0r`}$R%+)4g_|0(*Fm^C<Rnhw?0T~#G78fOfN-4`#`T>Hber}u&!TbA<AC@2GYy%
zRT(B4PX(tBKfQyp{#_`Q;gay*G<{9Zy97S#MFRVMEw`_wM3!5cV&)=Q8A@{@KRP}f
zGElQ<WOXkwGZR9V!%c_ei`9<t)_R9KW5u*<GjEpBMsY6-Wa<u8P|m0)*5;U?xv04n
z#gKA+U(FchGzuW;-zJl_G*z6(%fpcVIKPV>5C3n3HdWvjbpQ$C>e6lAon5BL^u^2`
za<UEg9dvMmAr1MQ(N&7As7C@T{DELprT>ov7RF+hIcjG^GF@b7POv$N^YAvn4%y_H
z(0}DT;68*@PdcL_#2EkfX$OY=P+rPIx!n-%sbO@O1&q3nfqiKkxoqxaMiPbP7gH5*
zw+g5+Hu63F%ij~5r9-E5Bx=A+S5#xIJi)p-Y!)De)0{_nJUmZ$eO{+BMUkAkHH71>
zY2-aXD<9mQ5<*sx6~Dp#@t2R`Xn_CWN~V7c-wtEk_edN0v}3>CUQ(xECIU1PN*K_P
z6MP|EVdF>A_(VEh{Cpp7<{K1x9V`h<p@1Tz?>l0Su*`3Q8elh%kS}C*Ir<0RH;6rz
zO<^I5-TD8#FAwjrd2dzdq=XQ1CJKE!n_a;ry#LeGj~Gj4A}@+9I#uB67I2jU4!Zrj
zJ|s98J&aMeR36C`3UNx^?Cw~Fb|9XLy`!^P)TPAK9?l+TeRsrqB;Mi&)Qt^8K(3!1
zY_U<?hyodHE$p<<CJi;IrCW5+zhpY-2vF0D>Q&%E%w?7Sh@U?7ed;)|eWK|hJpXO_
zj3cii3rZ59E<jQ`{RNiAn6y2FXMupvG6K|?&}3%@d1rOSi0fEujVhZHNH9rdo>9_t
z^9nR68bO(aI6I2Sxg;W|%)+A|O%ie~8|Kri_4+&a9;4T%AD3%g^<lmI75Z;woLPfF
zm#Jz$>*;Mq0K4`!$YWE{YUAWwpw$*dYwIvYoq{b%;}0v+_>Chkh9QxL4ea<8ZVcPJ
z>r+fu^6=Dh!ka4hlq-iOxDODL%>F42jrfA)m@HsQeR!om+lVI}D^P09HK9fCco@V<
zYM7(eVI=flsr<_nwaQpV7VY{@Ph`y8b0gr^-JU_e#KqwMW(rx^^Czhz;k5$#HF&_a
zl$_&k`DpMfHRrH_lZpFu8*6D#n^6u^65k=C&Y8q@OG8UT)L(j*-m7^u>6X#ff9=sm
zXFrcUEYLQ|DZE3?1Og&_ScMKfk<A_vX+>miN^oct=JZbRX_#5LCFCe!fp)L&DZDa-
zV*7^2jp|P3>3ln5L`3|qIuP5J8BN=?lZMI|g8;0;U;jX{y4MhOKN`Yn?K4TS9j`EQ
z8VD7(JuhCOhc)C7LL|Es!Z?-%0<VK!lptJ%6Ovzy4P+eo(lhvBUuup(G$*9w@(;0c
z#41zI?~Y}L^MsB#+R(*H5b|gA`_4r)8j}%4Dd`*Vyt!<qhOW@Unoa2$4Tu1U7gi87
zYSw3fO<0%O<(}q5^9>`c;^sO!UCY)JD-~vc<K7I?h>f*$W5Z;`f}n^Q?WhHM$@A9`
zurbN$<S}!(uT$+ZNE@!A#8z$0JSVoQ#?!hxebHk(?oGxd1I0+Ivi}YAH&_*gQxktk
zk_gMtbsbqMATYGZgL^h2(j=h2)jf*}FQoG!`lz^Q>pVXDOM9tNXCnQbUg0$b1Agbx
zS4MLqim#=(@{M3ozy<y0lec^jcqcMd%jcgsnja1LaKUrnvO$mRvu|36q7UCzuTk)}
z3{}WhV`hC^h`i}K5plSEIlOw0C59a;(hS7L9#^6!oOmm`UzXpN-Sx<Bf(F)fVEKF0
z5%9>>Akx|9Ia=F19Qz^GjsEFYdOFxnml1GY3WxBtvpTe<)Pb76_BVnwd--}itkKqV
zadSE~mzmQ#+NOm{Y|}7mLbY|7!=W)YsTQ-!*Q9wl*5nIvjegXcEsY17xX30ce3zy0
zzh_$bSqG^gD()lO#IVkOk&B~#Ikt9j#1`jEoIJs+7Tn#s5ABE!9Hsms1-)ct$?<Z8
zdK|e2zg;R)h#wyw1SW2=|Dw&DiKdOKsIX037Y{ljn3letc_DPa)*&VI@~lgl`JV|9
zYCqL<mAr*pENz@I53cAfBwL9AkoH=@E}%1|9Y#4qH~5{J8`Y<wALH}q37<Q;=jymD
zts^(t{8{-sRit-T!fQEG`;GMQwl4w}9^~`keiLn#lvh0^D}wlNTMskF1d^Qh7$r;|
zH26+0NBA_E@Vc>AYEjv61`?0{C4{?*q%0H!Qo*F0P_d773pTZ@?vjL2lv_eZL7E~)
z66*)L^Zy@rU)r5EvbEbk35ofmjg>U99rGHJe((9B1wz=01>ztucK`ajhpN(4C6%z#
z=iIwix)a-&L8{udhi6!$thUvaZ?ul#2Fb|iUSFhp*VRuIx_4gwxsB3|hKsMISoM8R
z4G)a)iF~2$_D~^@g%{o@aDv9jMWUm$HQC6dwAm4SA~?=YDIBvYL{@{uuJIUC;AfVx
zYA{K6x=KGHCvLuK0aDd9vkX0|@AIKAx`kgb#5X`N<%G(ey+=8K?N_mo8SzuAm1V`#
zZuF2Ip^0>d#t{4X{rcVPhI<M0F0Q`_I&lD0ggFX*nJ_cXWb+6p$NT_cs-ne?-MTcf
zXtmdo8gjdF;LE(tL%q`ao{-yzbH~H6s(7YK7ij(!6MzME9_B|_fyPtWT=6W#Q(y(j
zX2=bB^KJMJ?+e%Dbn7`|me6@PJTj#8yEq6Pe+Uo6ui#OZZQkMio@Pu_X7O@gx4c0Z
zy!QJXM#_SNu7h7=ezZt_Mu+2x#YtO1(b2q2fLSH`Ax_{|*2!rV+cD;c6}?%VnomPe
zC}6yLMVWitZK5hb6A;N|ueW*Jzy*pnXc&=}%4)s4Jw_JaTA`}ZSW3PTcbIkW=z>sl
zP`*oE2(Cjzgvw9xzMOVjq2_lvw}qu4E+Mk&MEZ3fa&&{JliY1DeU4^VaILDJt>;aS
zr=&ocb%A1#71+!Nnd&g4xX%|@j(OjI#3-iVk9@^a9ZF)H%gVPo#j|;N!C5XUdx~D5
zD0-@Gp~-Qo_sPx*ralpK=8(id4$eMfc9@>}E>j9cC?rQA@+Tsb5r#9!oLTb@_N9*y
zNg<akLvDqYBii*H^`hWbWmRYII}7>UzRsi}x~b)5;xX!+AIIqYcr~Q|I|Ke}{1G?E
zc{(_(us|`ALEr<9L}guWApb;Z3`yOU_pA!EfgNa($Ch~lJ^EW3A5Ygfx!puca@-jg
z8&(bA&p#y7E?`9qe*>AW|N3~VK}Q6zD1yIjrZK{Kj{SVE-?0b~%ATao-nt%e`=vDk
z|ARLz0Javr)ep#?xFeE1>AL@QvM2q{LL>?BT0Y+r-`&WY0{_gW(7qee_lL=5lZHpV
z5S?ykIXyqHzi3zeY$MXv8~NFux}9HYts^ufY!2MVw+owEL(%;9wx}lCGth$bo!)}S
z6O`Y`hbub~`Ei_v;R|mwT${_6&~5~62OQGZ9d%{L?8^!tD?mdFoH0N09OcNhzdVnV
z6V3}6jwD+smmp=`&dYT7iqHs5&F2`ec41u4jWC|=a8CPz9x)5HjI~0r?c2u|Sl4!S
z{St?Rcn=R2Cw<ijrqg)BSEz)6q7nvmZZ!(Olagl*wgaSl4HirdQaf3rr`GIbB-?))
zR~X?!u1lW>Zz&v;m`0pq(ZS;L1@9TcYn$LkNQo{Ay?&5jgFJNk3Caq-CNxCWR+^@G
z8^hgtxjQnmYM9ZQB@eO&b>C?Qs*w#z#yr;y_ljmUmt782vdL67B<)D2B*?m->ljJU
zk`FCr8m*Yf9awGRTFq9}kc0T3dR4mQMboP?$7a3%o<?c-w<tnhrZsBPgKV^u>sPu4
zRqjkz?i|@4#~f0OG_bWfTLvihWjEX?j&u4@Y(f2iwk$Ek_0-M-uUY&wbC^?e)LLsD
zZOjz$j69U>ovSi<M?r-9a(6T(Fo52xyVKs^pVDX4)6pArm9y#0@v$r%uM4wICllb9
zzTr&Kg#+GnWQ^qTpg9`);%JbP6u3mEv=;~bTV5p{P7nMV4uq3mQtJxG3sEX749sw+
z50G~ZeTF@zS?r;o!4JMcmdjbpXh(fudKTp8r%Mt<JN6->F5l4wRHVl=uz+9r>Z2R?
zbbjkIG_UX-h-uNzXS>Ry{2>LG>dD!4{#>S+u+zhy*Cp2c;))>xaN?7Wm*@3g39J^$
zY(2s`fq|x=6*03Q0p`|x&Mo!U$}Y7<-9x<LW>?i~6LaIL?5f(>R}t21`DT~XF9?Ou
zl(^WTh*<b!p7x<;-5oDbN^*KR)g(xdc#<7)LmGZG4_{FS<egSxkKCV&qc`h9xI_MJ
zGomvqu>X+6-$-dz!u`LY4iGWBEph+KDD{FYNHT$B8g$ExWbI3pI+`eFdaMLcDzxb+
z7g&cvEH^Z2qm<m%QRBS~*l&+>-gpIX&<4~&ri1pKPpTSC=nJM)Z`!xO;`16Q6I-v?
zvH5Us??2~1VF>o25?iMJTJ4_0hHdkLtpcq;b`16GsUfdxGqs?x<aP2E@>sGyx2})^
z9^Kz5p@W2(LXw`fmXzOFsjp<`e5PW~NC;5oeWnJ8dgH_k^&)r2>Axtml%L({-|zE3
zUeN4$b$9HT=VrqX&&|9a@z%p|g5AQ(JA~uX!&iYn<dq$H>g)N`r!InK7iifoRy@4w
z!KrC(n!FL}jZazvU+g>FimEr3Ame;{*utl@*Qx9%Rru-s8+31Na7D7Dx%Y+Y4zE!J
zao}(!g}K9V>vQh5HWZ@Py8i11lwu9c%Fa2H++Sz9R)eW+Y}MTCd}Kyo2{~~Y@y2Ht
zWNigUY$C^D(y@BH)f#5=MwOtI`|!9VCWm1}ei0xGvE5iLFdFY#m`+QZHVuZX)P;2V
z!G15V+fjx0D&_kFjo+SMCVp3YbGo^6*UwoYwW<Ook#JrkxS*$s$y0Q-JRBnYbjJhX
z|MkI9=T=t=Y5F2j0wI@}ioQF;Cn?^Fs9XG&)~F03wV&*Q@bk17Wa1x1nfOAV#TWWU
z@r5gYCNxnSXukzNSy%Nj7`y@1L&i&ptdO5Y_p81%o|9e<bir@1#Z<ll)<Ee&&Ja+5
zr6UPE$gw#_Q1OPD^wA|6N|}j{dIM%tr%6==Puo5qq;W;<%^@=A*Pj~6fKDbEP+8qY
z=P#krAy6C^i@ZXmEh(%-5hW@ewk%t|nC^L@)Wj=?U+3D9Txz1YAO`6BB{|a4Q#<?x
z6%s9Rj2|(3?)JYPk~5Y!u!0g4S%h7HUH65ML!eSXZ}zOmK7A|~?T8K`tl#PJ4#H@6
z@SC&H=!02kWxMveRTiM18-5hl=EaKg8c8a_%`l6juy|Co<GxhNI`h8^lGubutl~o~
zFp7VQt6rBwIs=I}o5V>97rkSxi8oL_q2gMKYH%pNta`w@m7ipkcx*??Vow6s%C2YG
z9IQMAsm#AD<gDDTA%Um&gUbDQle6Ol^P(Wy`KY#J1^Tk+r<XzF{xl-NL^`J(Q#*=^
zDXV^z<5TBK^`kV97m429iKdB9LpTGz#^fZY*9EJQZ0oROn-XhlZ&|E{gcirAP;CEv
z^_;qTW=xG!flnuOyq4Z5W8%-EOf<iq+^MPeDjM4tb?BmEhfZ@z;?#SbCy#}pf?aE<
zf4_&zBk=gY6-I1ZboNg;KF(3Uwz&SVeAyqOBnYFphB4E`+5HslGxiUmDMz@a(}s5V
zz?TcAnTv}qI&)7@ap&LsT>n|qJFauyYw?LI(i3U(=c2OS@<R<78J~(z^)>rcR#B;o
z<7~`ONLYJz2shCitW7*2Qgpk&SSzZEunuHdN>l)2?Ftc2Vg4UTT+pCDorix^=i{81
ztV4L$$vY}W_$V0xkDgWejmr%w7Qg$u{UuF^;Ug5(5t_R*a$@n?@pmqYYQSkNijlgw
zYr<;?=J27Q+ytN0-0Q1PpIxV%j&h&vU)=J`(qxWOXg0&3h7#{i1g%%RIhq(X`?4Zo
za}+5wbbun2`4XB7!HK^9oYE~cnr4#|SH;>-*YPQJaLM#uVo7O<=d}1mUSZMbv`4m>
zI-T8KPJ&0x3K{?GPg4@)VM#`d59Q>*_iZNba4jDUJTh(5(e(qk_oDg8h{?}tL6%vh
z=4B2?GZWzYb{2ZBgIHc^AMm~p8P?mD+o$V)<zI&9rCn}zq}T6vsH!H3gei((qFK3;
z;xhu!bZ>wprMJu7dyr-KR>-y9et#q#Ck5mX9dxLP&IkOLDF@YqBY)n^9|S!OtzeRu
z)1JjdJw_}G+5dvvXh+D6O6~u=r$J3OvfybzhqTtf-SL`*>WOJL#^zQ^>?p1Bl137f
z&^IIB&%Lk^$EVlDM=Uf^-g*f&>bhNI2crPvEi-S5R3xRlwo7D3_j}RT_y=;?+S-Q=
zAYGwjkn?}6j^Q+Nb3>mS7vk#aob=qhliu``{PMn)4f6;HL_lGFp@x%)OoKY}02du>
z)A<fQ_aga$1q`v6C(E>LlxvF0vFG%#zxO>6_G+QG;vTWJXo@>zRZXm~uxH7M$71<J
z1(#UZrI-EXd0R1M>X4DhnjUOS*We@+jL)k$p3Zd=br;Yo*t;{r6HM@=nh*vJijS5P
z#1HWPMo9a^-~EtvWwUNy_bUnMyhbzaw(CQoRvmxS_aq&NRBz2reXaGwP>(b~=#nJZ
zY`5%%@%{3v$spo}!4G=vAS;#eA}nA-`9{&fVq6N{xG;KzFlp$_m5p`Fvhf!}sV{K{
z%&3QIROd!(yz<dn9orB(v%@|s1M@F4;@KoN4QmzQ$NLoo3#{b4$do=A(p-gW|JaVL
z(UZvNhNKgM4T4liFIr0FiDr`cr8a|@|DIMHIVt_A%DIA$lG`n$QgEkZkxy}VnhOc7
zR8mK;++|457XJSdYwZuchF+Ao1HpgH*Vb3-rP)2KaDN?ELS%4#VOwVba&|nhq6i+s
ztrZjJYw~#0Ct{7x5t#rGi3=@~>ty|2JzG{ELti%AbM<`b{j1T3oj&-k@4&0Ak*;NN
znwHR)Iom>$qV_x$Er<&HW@h#ft*|JHjEV8}`_=A!0@vjOlnD+akX~-s&jn7Z7vuXu
zVqUsP{tVy5&ihzOSG=gQqR7pS@;dJbnuRSKr#18b7L|JeDc*0ei(&3fh7=%cUs%hq
zp$0vfC=Lrh&HUx8Y~RKtZ%Ol_HPa1LBTCeCQNzRpt6p6r>f*UtTRAXoo2L64+B2;T
zzX<F|=gEJe>zBXfNg=lBrDtmmB@3tCGx1#vK*D9jWC+yshAfmExmJSDJe)1x<7ByR
z@T|k1cB>m9?|?l=sL+v#iq?1_w}V|Pd0fdKj3iN*t#_~(gQFZ?Zi@t!LzFP+agdVd
zimCmHyor3YM)=VsxLVhdL;nJ%ObjzMWT=}OW9nxAW4A~8GtvzVa;rs{9v^nGf~={?
zQR_G9=n<g;t>oiIjxViz%AVwblBhGZvN~A{?e=1sd21eWh41{EUMDu)Wh1F3PN#Pf
zYyrVMyIS}@R*dXxza)R_@NEyfm{7;{PNCL05-NnA|M1UnJ_c|&`m6Jr=2l2{K$S9!
z#K;{~ik3R|!u&XfQbFl7BYp%Ixjgc{RY|DXwn@#BhdcwDTR>H0FL<2IDKcYu<CX2E
z$Ae*DrniqPbob1ijls<cMJ<qhx%r;#zMo=cHm+lE)VI7?bQ@E{Jrq{>H+@4L=^9Dk
zU&cm!tsmiCw3>{s;Tc|t<dwG}bUO5l<U|Q4NYC&3KV8R7-_v8b^#g4Fd-&}JyF$()
zQ3Dqi@p2WtI!FvxVx3TS?$$A7Cy>!&_3o3yh|j3uwi^(_RfU?lJ4$jU3ag_HJSW1@
z=AFbwwFE}m!nZ=Csb1!^mxH|)B~ByH(2!jCo^4fMJQiw4!Mzj*TaSiLh0|l`usq*!
z8i#1S%<)7^la(F-+dHCgXi^rlJ9Lg!wOyvh62-ZXc5oN(!q-p@w$!oJlM>wu2*7!>
zIFxcWbK2>+i73*WM`&SMC8$X?&o~ra7;KI6j7n65b*?jJG}Z{xvL^&!F4wqqsMIj%
zRH^LO?2@Si^qWr;NLAqh-i+iYD7cQZ>Lv@Cb-eI84R#^+S|RV4U2!z<Ld3}Ruv$DU
z1Ak3?!)i|Po3u?f&4q5g&aSDgXM$r=3rGPP8VHe96$yt*HBmklWj?>pQ>fqOJ|zQq
zK~isqLw89HyF|wZN1s@>yl)MNf)d(YA`|4Gw=4~0uUXr<TCWxD`B}u$ilnTyjcNWj
zyF;R=&Xx!4E#dCEPEZPEEy-(AYhNLsb*wi1^=Oe_A@oozscRhXufw;7X*BEJSKMCJ
zEJ(q&A9i6eZBU&6quR1H@(cYI_{Wez9F_+NPY|3T3w@zkMOGz0C&^3W5juu@ExhvV
z^ru;jNM@N6B@<CFx^rrb?(z=}YCZ85&pT(}w{|{oscaV)+=S6;pl1wlIWWJUiU_#5
zZ=4p@1dEsC7)Lv&e@lO73vGxI2Trr?X)8M@C8SRsnnFZ4Q4m9ULb6u=^6+%Rf}4+I
zdk~iLi}|z~$k->wb0av{cfxs_x<60}DGibX_De4rfv*}1WgO$v*IubgYV7zaLcI1=
z&06+3fg61b@W0zQ=Mb)zF^z7MgU_V7*+p(SfA}K#T(4j;>|Rg|#Ap2`Rsv+>=Kzk$
z6tX@j&T|!W6*5;sF`~OCgIB!hH+V|PYc#uU(S7x-g!7mP<8<jgsHzZOo-}3PUX8+k
zpJ0a_6Z!^=c1&;K-$Xz1Ty7A-?I{}TieHDvZdbw}051G0kkpDl1dC2*N-Ah{kYqN)
zXU8}T_&e9C7rO{b%sE#yraomgv(_0l8&h~x(zwH_R}aYSRNx5(N8Ubl{+iOCvO`ek
z<x89_j{>gZ@4_Rk<s~sY5D-KHU!T7KBQ`iSER?9YOv>9j)q0YBDSP={EJoeWbe?>c
zqb8E{V>ClSm)ca{;usj0>lXv&Mr3WeAS*i=2n<i34S<Y1usYWpkRU!QSpm04^PX&6
zk_4EIVA7yX`tmO6x8_mHh4_k5^2$nrA}uxz@~FbDk*hFBx))D8S4}MF``<~qW+G<(
z+LNyseeynag2XE;&GrWE16Yy!<=Q*P`PDZ&!+LzIhquwh1~wJ^S=Gp4lipBXZAd}}
z>%&Rj&tPTcXRtC;cy;=KvXM52s3fM+1ObixQw%5W8#Ygk<B~dQ1}Jeu6lIv>azbhZ
zzfJKNjD_oXi}>CgHklY15KmwU1TU!DZ`VN_Juc54wF~c(Cnm9QCTGt14LXZ0c->tW
zuiYL8i!t}*lozqwp^ptav@UthLzZ+`U<`N3-_SXeU5FtcJP1vJ+llk4{+IZKi9w3a
zKrK=cG8bDOf@dN-o>pk3aA42dTm2p^Nvm4J*UJ8HIar5YEK!@B2ZbqCHHj)6?TU(Y
zNX<>NoTZuMPzX!2q5lZ?4iBw95tSMy3sY6r;5;>-Vw)UdO9TeUOmHiOyC4eF2gt4Q
z8Cj5A+Z)w069)CnggJ?#nxD1kB-%Wz<uIbz-3YD@p2cbIQ!a{(Vchdn^%+vX@^HtN
z$<xw>XiTdOx2z%tXnYiNbmUa{#G6>iZG=>t$;v6Qn(MgAB+tK3(x^yO{#e%3>&R`X
z#_fb_4bPNCNefJ&`(xwP*vg4LGlldpXHCt;ab+)bi$fD%t{5A%f#{YP6qbwWh{}cA
zwYX*B1nD=zBjv~xB0i_bq~;cAC#Pv|Bhs*xE#fWp%bF1=&R_<oFTx{Xvv08-Q)5Jz
zb-)ZJHV${Yh5hE1y8+c^SqZnCZ|_+feD|`JBo&1fBfYjqsqi+yqZBW6&4EoWKE3>J
zQH<Y*0sXS*f$-1e>1>VY8f1Vjb|}EJ=VEM^mCLt*hVhShe-APQOV0Y+5|-xnNU>BU
zT|dZRa0hR-kdT!(MU820VMwXFv`$BPrlg*(V%2aI^=hj_tgNo$SS1On&dY0v&ngDI
zReJ?El*Yai57Ukd&2%a;hi2w=Lm_D+nE(3?+sokJf?s=~3@z$%ISy+Ok#xD^-bXvg
zwNlcI@oLQ6ziQ3g$@Rn;9EH+RzIpQC!yo(pI-$Rf*}t0UuYVe38M7-YCsr75yPY}Q
zxgv#!RHOFaldLh;IFs)oa^E}a7q){NNG6GwY7y0Q-ee0zPHpE=K{-6e)IEAsP~LWH
zUzG;E01o^5+=X@C@B`;YyK0Qbtk*4$Q1!&FW^o*+K|EJT9k^H#L9(|E*U@t49}`xA
zX%u0Si&u--p6{2t=`AGDQC^T~<V$N+ogfnq3F!Hy0VMxni6zJz^&i?Ihwx-C8sfrf
z&uY#7TeJ?gYjMb2nt%~QZjG5`3x=Gw8&c@AI^#)ne8*@p=;0olhapOwAsEx3O<5oi
zA;Ucr6cGH{lD994_=@OXO7j}fY2_ZZ`$EQ+Ov&UW)!$IxKzGIJoW7M(Gef{Q5W)*t
zC2u2*l)@$RG4!}$cW!psX#vcDQjjt(v1uEUPBE#ijPf%(<ieqihe?5R(G&v;^ZG${
zbymNsh@574Po==CvtrRMaNH94b{~|w)Qmvb|Kpd}SMM7wQivAtJWwM-zQ|ec96{nI
z6cM_|y9Tu@7O<TQ)!!LsYOuK~pb~i4m(hx?5?1s57K(xn{mo}k3GQGttCP)o9qf$N
z8u|I=$M;xlL1zRN{qpqmeDqazX~8}0&oeONHCkBO0WzZchG~tIC#f@=%)hG^QD#Y6
zgV;+{A=pSbyG9U#iG=i)xM0xYrL26R5pVGqvX&ydE_4pZ+P#SgYQ2tq0cqgIfe))9
zc=nI!x|j*pNwgfGY>|-p#=H!fv1M|th4Al3#IAD4f^6umIpXunf)>m`SG7p7tgGDI
z`ic|lq8u-*Ke8RS0v3EDV8NgM4E}2&vF(0<K$Ta4(gNI@)SGQWaOaBR?4L>UGM#;a
z#3iAPwv0(_%=%4pa1<0h&*|Qrwp%5n=V8isUCN~`KMGYb-JG2mtXy29B()76W0Pc3
z)%wnlY<2a610Lw`*dMzyHV1I*|K+Ma&*@_pMN5pOY27Y<Lk7p3+@v5pzv`T0iz(O0
zuZ4LheY8y6d$CF!A@6%xNBTNK-=}Bm(eGi3?@?;&v>M$s;oV(`bjwXhZO+Fq4q;8*
zLDFq`QfS*SMSlWTjXxyY3ka*6=5rT)MS|`Og<T;F_K%z`D6=~FjTF5@<)MY&jZaU}
zPFjfaAiu;SANa&hx8TaU!y2P9)9gv>Xu$2rJiaMC`shUVcGMKKYny`BxC!A1wW6pN
z?%`P7!s#8yQ~pN0d`dmHBxNC5>{1P+hX3mkyU5_S@iC!iHz)KwN9-zrcBaR>XXhW$
zd&UZwUkk;Y$0X@|jV@dBFFrr2lhb|{m*C@*UDhFL80>qkr@#8Q)>$OTGD`Phz)L{(
zq3Sn})4Pe%7hWU_IF)NHS*<kuHA%-jjkNeVZOUC%`=>mk?~_JoNuLvq?+*TQhpasG
znDu6qNPN*xUiB0-XE;r>A@EvE6D&z(MUAk|V>*Y}-CDpdQ(J&cv|M=g<s84t(Rtcp
zUqu8SD>+L8VJE|047At_pY9U|(I{QU@P-<v{YEG*hPwmYv1AMP48a9BnMEj9yJcr9
zsv=k5c55e@LW@m^ed(LUH@@)6#?PO>!%eZC$dNb@`~!uY%>j1su$w=hj_c&SyP;Jr
z;z(J%WXg7UvjthUeg6?dCgS-clze|pUML@G9wv6-I{XzbU!=^xm6Ndfy*u1WrtAey
zRspHPNi;DU8$1Mx1b642kMm+qC|xf;hcDF~6>x51N~OX9#m^6ey`8bNSAc{LF9_+>
z-EG~Ti2c;t{JfxBRT66AQ*_k@A(TK#7C9#)RKb*I)+=8j@OpZ1N_FYd)ih22vpChh
z|AeX`sJRCL`*CY*2N#<IL$vsyx#Yv17uodr*+Ur`$_1Ev(b&W5xwT8K+QzGv0Y=ee
zqjhHmJY`3ycGx@Wdy*@rT9l;v!?Dirjs*Ib@p<{4!m7nCv<>d1=Tt7K$%i0o>uMTZ
z1$E9+2d0njcn1rQ9H;#w`oDh`GpXz=V}FS;`7L%uFVRyG1Z&L>7{k?Io)TWTFRR(B
z*CfGKGE9(>I)4Z3KVO~7nwtp+<?x!u@YtY)JITZ|`T@2!U^Vt(F-EC(l#b*jik4R0
zPQi@i)1@Os;HE-r<)ap{u9ZdXB`si=NRU{d3lkcal2h^tHJt=Y!Gi%SvTh@foL)LX
z^onhyh%A-6q`41UYz>j=2~LdI*!i_#%HF*16jQch1c%V_zyvMVYkf7T6U(^*2TXy7
z<z!}7YYB7Fv_W6C6say^LuhR0FB7P6db30LN*Rihe)@cw3W~v*UJsORyhyT_{ljMv
zszRAIB70!lW=fVeqSe^{OE#No2T<FCu^$0wVIFQz11;x@v#Je|2Vzy7ft=1Rd=hPk
zYD+ffg4mAg!@LK0zk*KlcG}k$hlb>lPCM-4B2wUjV93%w<Fd5RCC}3DRiC9L*So8R
z*$Nhe7=cXLI9(*vGBje~d%o<?Q~Co-3*)d4R}Nn1F#Qi2un%nv*l$cKqLZ=#yZ0l8
zZ+gB*9Z~W55Q8xGuXgXWydiUa^r=&D&p$@lcn%f%q}oQJZ84uG#Me7R^}kgnn4eTV
zHBHD`R7ctlRaPj?BNEY=1+m3K9V(0gibYY6sZ^RbYZwnF`@NJguCBsy&bQ7W_DtQI
z(~jaeO-&(jfm>`WUYkYRCQT=>ewR9<?+Dr{wC>6^<HcD4<G%f40Cxw^B*W;y?PVf<
z6xh`wotoq?y|(Sui$Ry!^_x#7f^3?F4t%ot*e^gR$2kb)L_sJ?I2fYGjSq{qu-?al
zvh4JVRAub)_-nj&M;e(-AB2wV9}K0hhz^|@Q;`!s%iYAGcre|VlKL4^0EA)1I>TWY
zbGnL0g3E%Qccejn6UMl|!u28%bacVYs#d$v2M2xz1ZXcSCgAgnI=aFyfDO~EbMCnF
z=j0Txf5H*AdADfmQGVu(#HWNMa|Lhj{qInq7{@0#z@#YMg@Qo>oL=e%4|vdq_OM7`
zQDP%46qq;$tw^8|<tnt<TuD2(WRp9$7b}-~A-Lv(CFiQ`5FMDhk8oRjnch|3tQo^t
zm&s#vftqr;mK|m|TzX{m*uuZcZR=m<jw&H8Cv2)=Y<^PPmH>Ci4Z=CRXxb`Fgoc|P
zAWnk+<Zu{RxH#k7`<3B)q!d}z%=-*CZy#ypE4o7~`-CwmBJp^s8d4OW)W+gO_?yU|
z`azPsM4=~)PsaHl>{xDRs`WkL_tE$75uc17oZEHMCxs0BD5-fxK;Q$iDWyBgL&+Uw
zpmRrQBR4Vlv5SrJ4@M1KL}NT0SP$}U3D*}rW$T5OM60B$dW#0J=M2<}H?9`cdYcQ^
zH&H2GQ?m)G>N$0iQAq)@!8Z|HvPVMYmH;*vLZ!7So#oQB6DurJ%13nXe(VvSy*S`}
z|1i2s()9gmz0R%YbaHVspLy0jfBSf=kV;v$ol2#4NM<(sQ=qze1z!Vf@G84Qq_pD`
z(*fSb%iuQ1-h<}SxP!+KLH-_sLax#vivD_r+m-IovxDU9{q26|AK)ErjwViheSECI
zp}P!+&Tg(a%D+T!VzExO%KMD+AePubDtx!gXUw~^OEHd+DVbHpiXj_P0B$m!>oi-9
zC=QC!d4vmw<aPMA->7o?K}2*8U-J}iBXiDOlMk@DJ5v#>XjeOQ;a9v8RUt5{G!(iS
zZts5iMpAE3)nF4CR|W1Ym829_rHhh0ao|%|+Yf}knqF(IIbqav^fO}bO-L@B+SAqM
zSRd9oGG?c`TT*|iHD0pgYW2va&ejPa_ZmaUjHEtXtq4fQ*Km7iVSYM>c{!^z@0?Y!
z>onz_S|i{T#nxI0q$6eVEnGj4B-bKQO#|89ZD`xt+}Z|m_{Rq9?dhpf*KTVfrNSn|
z7?o>`NNrjZk-15GN<XXREl9WIz%46mXRm#!)>Y5ec7`UVwrI`CEdTPJSI!8zHD{Bd
zBSo&}cyfTlAHVk)ZbG;eL71ZVX^Nsr*dFi%IjztkbGw-)-629g1zg`a+#J2<tW!qy
z*8X$|;aoZ#PfI1VTQ&k|ZL=chW<{Q0BTR~|#Q01SDRmabI)xRFY}F`C*&;G?j}Ww=
ztZ;M(JcvFW=+gNoN{6}0W~Wv~pFtB=#k$s!nbgTMECr^#M0zWz%jG2D0v+oXmz%*p
zVuT$`?xvYJz+bc+;0a0WjSeBbL+r{v9g;JwAAc93Fxc|&ZW<^x5P{7H#MnbN1m;9{
z(e5Q&-$kiVT^yk%6y-P~votq~x<zk4b&5(ov+34zIzkU&kt`6DZn|sZ^aQm@bcAzC
z-L~%4;fW9w%!^4$ZN^_8Eu33joXSpcxj%+*pW!|I4{XqA6G35xx-VL5)J_9r-Rw^}
zppG4>*@`g?4on15Ai^0^6NNbv?6k&_FXx<h%T*|NTJE6KQs>ivA7PyLT7xQFM|*<W
zsJU_nj5PI?g1G~!CEUbZmtH7D)jUuCK&mAu^taWIXKKZ$Eitk`p}3F^LKe2U?TQm^
zf4L=xsy2#2bX4e4D@bW-Xpzez@WiAU$uFqCe%%h)vZ7fnoDy>TL%ndHKFQva#Wkh1
z>dIdyA>PaKEqiCmKsr-ywbcmj*B&VyED7axOx8pUm>DO*9X1)bf?scgJSrLM<)-KD
z8ZMu?rt;dfC6z4dteHh+2W3&&fnPlJ20r)Zs*<5o14*~4<9eY|M5Ba4j<eH(>im(5
zYd<V+XRtZs(YR5)_sZ$`__WtK{a!80XSt^<4=J?c&e0qwiRl}xnb?Lc-=pJeh8cc{
z31^Ef!Y4&z!l_`rRl-#ZMSyz7^dM*d!W#CLZ1Jd+#?|Si*RaF-*yPMnoyOlGtWKU!
zyGAfOYmGz!(i(LQFOl<Ex4Lz9Z=wN;y~XV*_MI}6$To-vqC(5rFkfs@yxnrocB{Vu
z+JP9~RrCAq`0BlCr+cLV<;5{wJEBZ;LrE*6AZj^bzGWChrad2)wBw?|WeUaa@<m}6
z>P1JlXCn~2P@0xCc<j>8T>IfB#Bl~TMo@}f5-%Q^8KaF{8VAb0q<@HaQ|~@mG@R`D
zEoSWXMwE5%I-$sj;Pf`4jNJafLJnTW%$#Yh1g5YKXD?fG84*m4F)|_;ZyeutqkCdg
z=H6Cg<A+&MLKvLA8pWa3s9@9+xrg@(2j7DDmJrA`$>F@jL6UeN;)1nns@}iDX#3HV
z5-Pmx^3w43kj`Uk6hajtt|iSA;wy@xcK7WMrFU6@Up002t%wQ^m#g%>{}fHZDoQnu
zZEF-y>d6HfwX{5MexOoc1^;}t8Z^6IYFR*J+ry@LZ!aQm4b8v2lC_BgHO;nb)oeqs
z0J+S6DeLLg;9<u5)iQV?eUx98v*$r>_B;>Z%H}MxwX94F%Sv4KIk!zoXO)n>#ZL?e
z<rsW!LrfXnAg<&IhjdWc3a_M^BY(U<!HvU<LxO%fcR(YD&hnIYouBA6w4?=kOuD7C
zx{MgZ<*1pLHjCxC)d`^9xy}TGM+dtO9MU-${5tm6>Cw;nnbk}%Z-b&s?tXt;yCVNq
z7^Kj}aYpo*A_uc(yLsB)Hu}SOgF{FlLTzor11hJBwfaOMgD41@r{PczzRuvCh>mh~
zoF<Li%BHEN^BIA&9r;W7mVwi!KzS8MaMZ8SHUM5z8)Dtjj~(3_sIuWC;CSidbQ2Bd
zG-wvhsK|`&v%n5@sVXg~8UNV*TlT$a%qk^oOHtIY=m=w%%TyNAqKBIJ5Y;`=;KSCo
zire3ry}s(&4|Tc$I*UR(<*(5k$;HQz@zkU1cTtIOXu=f#>}~hQ_ZAt8hp;6vCYi{6
zKGkYy!vE+J2c#}NrkQTcytXyZ=HSvWkKy|~qEjy-v@`M&h*Bf?MpodD0z1%o;8lv9
za?J55Zz)j*Wx&)0N}a@f6(=pvwF^`fji;VFAu{dc5OiIkLlV%x{i6p_q#n6kwx2ND
zFlIZ7H9ZU%k(TxXMjO8d5QJ>EqrU91c&xGN{zVep#!c!Bsmn+*vY7_=S$13$&DB9N
ze72PtC}fn1&o$j#>RH94zn|J_6h;>|pHL};koTT(=G6Cg*pJX)HX817p})~JWFB3o
zFtDE=$@=FeghNCK=vbK<ln5)+^g2n7XcVx|6GF?$z2*6!Q4yjeV-coDp5nkAfqZ1K
zd|D*TXYiiIu6G$ArV>_0Ri=7$Oh-53bX?W{r)H+92bHy8ehP(s(K#~DqN{RBT?`@V
zX&e67tq?Mp>Ggk4raOp6ls(V8LLF*Yd6+kAFA7QILAOF4B;W~Z5I@DqY8fLvB|Ux|
zn550k4I&w}sZKV9%INI@<jL#AKPE9c$$0waK!pn94DXfr9!q#F2nYV_4h|T)Fb0*b
z{)bh%O!<I1@7dAJ{*2daIF|~NeuZgJonmBA9;%jV#~96R07Ll6M9EcKzYY*r-Od0)
zK)t`2o@%o?ZobVEMU+-_=qr>!Q3sMbLB_C<c1!p<=Hh4t8_e{Jx7_i8N_P_;4!D-6
zx<qBeo~$$lXy7i|gqTbjV<El0u6md<rK~}V;E*JHhVDE(>MGe5mEV7XoT}61(BYrR
zECYYx8)>DI9q2_Wt2~0tbe@~z!<dxcyY8c_2X6<T5C!TGYPr6j2#@0R3yzK-agaG*
zY7(>fS?JPB{)XD2Z8`aER8#pIzd<e4GN;l*mR#8W@P@arlfH1XKbK8mLa9@v;nhmS
z)U-sg#?d;%HpJ)*M-eG8Jm5(&bW3lHOQjGL$m((cjF@{i+`k23e&$l))m0j4SL}~W
zQUh_g+@1C~js5aEdu`Lfkc0<~BkDy&I}72}UZ?U@hLg@Xu_>C@b>{GyAlav$qgHB)
z%)N9TqgV}dl=SyUz1XSaUhUqeyH~jANTs{|^2$+4;&@@hOi?bMS<i6QB@v$a`_uW*
zugCuM$j%rYTke<dtFY#w!$tDr2G9M1$WJrqPL!rX&Zj<NxLq~3_?}RpqpB`k8(4Bi
zABq7}iGLh75(2}5MXo=7kctlNpnBL)H?o|?oHEaMagbfOhJxpiyk~Tm$7=fv^7gM&
zvLD~>|7e0d7O)S7E_;b7Q`J~9^yeIfEvb7_i9y#lS*kt!VwMCcPC@gnj%;2qkpCJ=
z*SDx4c`QSV1nPu%u^TwmW7DkEY$De4{WsLrgh#<fO}Qk6l1|e6)|l1W5@T!u3F9&#
z0Xb@w<d6t}3uXF{5>mCrNc5Vhbv=n?sJHLIM>nGv%(rwP^#f!Y)J5{;>{WE@?eI@@
z_3Ms4$FITOd;+(eDSr6RYZ4U~Foo0_TuN2|5Q?<D>%ig=YoamL$qQ=q1sgh?a>^za
zrm5b<3O`!L+DZ`VFBdWt>z9<<EhpMaIy|2~dPBh=mSgamXDo6T<kM|D%ubOt%lh{E
z)S$YJvlPea(1KmAqF2X-)8lm;iOG+$FlZLU7c?GmtuNHYXNi+&=bzG0s}bOgHEo;=
z^byA9u0;Vn>-OYIQizXQGNn1fTq5`G^zZliA9E{ddw1;oX0`V%slB_t<{gq&jZ}DN
zVR-rVd@3d1Z;KOS#DyuiPF)gFe+dVf_&r}A3eeh$S-uG+0?@9ExyUcA-j5;=z~!Bx
z=zZ2uTmzsu5AZ6IZVq@fyW-zP@K9E%S+W1>3|m_BBsGO;v)mWd*(~!=4{+-%>U`_?
zQ!MO1AJ*{OVe>h}&;{eL0Rcb`VtiChv<t46oT;ZdLR8y1K^@gkBe~Y2{Bg0v?gT`6
z%+sUI^nZ89^uVu-5RWVPhcbnjLVWW2uY~%KydDkh?xK#IO<<F-j4!-UGlcpm!pOuY
zF(ia+_WZ|aMv518(c`ji314@q<)NOvhlFq_0O$T8+yu#KcVyWq_pCS5%Gn%BAZO0z
zu*m|aCuH@7vYlCRs?N5>Ov5(_-1P2PEERT#MmYtmKOAIFQF8!MB;=}@A`dE7PiA<@
zyyL7iFLRMid={UDP5BI_7+Q7N41VmonY_k+`5q_BHOp+&i6=ONOjSvY9Prkod|Th%
z<yzY(lx8*UoUZ4`Sg#>lXP8OaBADhL(HaZ2NBEYkPt9!w!K5TsCX)R&NDA<`*b(x#
z+vVPV&O4e%2pPOOJVAuGV(-kydHQCz{@gx(`L~~v9Gnt+O%+U8Gs-EDu4OxJf>&}S
z>A{dJ!#SYWi$xU}T*|Va_W^&E?x^roKJ1R|K7sWbyx)bdVeC&+8Y-39J`L#Z*%yqY
z5QaRPUa4hcM(a{H{D4bc8@89*{Sv)h#c@Rq$l9*1dzYN)no{q<>Cs=<jppKHOGR$3
zQo$ILoDh4$q<{j&IFkr$m%kD?-Xe8<)K`nS83mrE0(jAmKiocbLK)r~1Dcj85&eP}
zz2UDS?c!z;#OVPd5@!TKd`BSH<$8U<hR=rhBQuDFkU)9jr^7Wo4jw*z#2?}_j8RjL
zzlV?Gbb_1QaM$#HN##gTCtcd8P1yahn0&x{$m!0o5rnPl@8Q`;Wa#X*P&{K;+a*Fa
zLtljJtqgi4=HdW7TA5=3_v#wWO(1@spF?DGrVvQC8_T@0E7}{$6Zw2`nl8Wkqi93f
z3bW3qGY0b~%-a0TDUSJQ3ij`Qnx<h_8$W922uN5wLbzQbY_?)lI$~K%RFtfh#K<%!
z2`@j0cCQ$q{pI25gm<rDw%9E!0qlnz1zJF*DXCG?ON(8?G-|ipZS<3sk~l#R&)QSG
zJj{b7{GU5J8)Dk<NnyM8dve_~Jl_;q`ZOzYTucq;a3tR)iR6m*=WrpP|AOmE6yB7M
zI8qU!m&34V(blx}mA=VbGTN43B^wNPzjEAf@Y>?Ou~C5@iq6*;j|6`eK1I7`SY3ab
zK0-DUzq10uv4QI|tR?u=9j6ck)ZlDATTvGcR<g`ojP4DWz)JER25}BVQN;$Y@0Xhm
z^2vNiiZD7(zp-zbB_srShm??`VII`(Qv!rsT7^5^94Ix}cxMBm1NImjX4D#r<!|~J
z(QYiI_`8qt1~0jbj`AK}7oin$?T_RQ5h4K8IX)0d*GFVPvWwrv9U!ZXp7N#+pOVA7
z(+U55ieMq)+J7YUw|D^D(&&#0|E0`!?HD-D38rsz{i$gj33rIE@%50L_Fkk*>6Jpn
zkjNoreF#gCNm*#j&EUGR1|~<AGnw={K1hu4a`Lx0;4d$94KcXvyKzCsqaWnyr$Tp6
zxTqZAhQG6mN_VGtqt@_vbxDLUmNSOjs8XvK@NZQj56h`kG1hs;*L1fI-z1w^8w5SJ
zNG4)*Og05+o(K(_f&o3X+kX77Xitmlz?>jv)Avf8!lb6ki&KV_;T~{f0z~`b99P0S
zXi7v1tkOWjK$sec45`SOVkWzZE_LZy(C9=_Z<%UgNih;=!e@AW1u0Cw5$=!#N-U3$
zFN7$(fz#uL5QX#aei2k?*WPfhqo*Icl)z8ZyQt@R<2h<oB124Ui2R%n$G@c+9|A|#
zkooTenj_wl(DJL)wie%q;F?OXOvAuqntEtd62BATB?{LFDrGIdI>cN<vaDOABd89T
zG5)J{3leQpDc2T$bru-T5n?!hjvk%g2H{-CJ_M2EfNIMA^Ep`VQ@Le}qRbs8+H%jD
za0S{X!NM<peAM@+G@ylgGnxnYn`dG5H2S)lv4`mC3u)(<D{15+y3;FmajSwF{m&KD
zsGJ_-vMOFdU_6gds^bc`gF<1!myd<C6jQu8J0|MW*9I1<zVEHG<}zcFn?xBSug8R$
zSKc(PQ}_i1U8a-Ge?nVKc0|LJ!#@S7TWI}rTR-E|!>t;;rI1pQz%h0Jj(_8JKuB{v
zqDxQ`9D&6sp?4L_PF6q{*x+{2MJ0Nhlk;C%vN5b&QrW^sBifvzxj~QDPSjpg(q1|z
zqp>>vuAGnAjMZ&6wu7y4L<i)?7Zv@Lk7=_P`vJXXZ(0*d*MK8*#&irw;~2QM$8bxh
zNohF4r-mewsYa6?1>wKIqe2=rK#q1;`%3bcvvhO+Bj0_KXZpils=!o7<rcSTgqXUP
z$|$AL)FrYgf+&VX-nd|^J5sK?4&*%{aw8)}tTsLRCSqRLX-6gm-eUo8I}51gPJ>w?
zG*if$jS^|~abFWoZI@M-BB%V0+#JP}1&-Bv2^Q48DYTR!*-ejC+?B<dWaMw@BU-ns
zJzxAB5kkj{zo75p`gAlyJ`YP3KiXML*nhCD=rx2FobZRGU}#&wmK!^)?q)MMgH&2Y
z8v#@Oo$8KS^^Gd)N>!pIt^lM+1wc-hLK60H7f|$QsQ@S^jrG<S61g(!b=+$8I{q|y
zr*WJcXOm2ei9o3UDVb1d8}<0ZHmX=On|nN80-5>ssqmM6xkZ_iO&hE9i3p2AR$Kdi
zgF}#&;FHHm*A-dx`uZJ<PwZR#+EPoc7r=+Jzfzfdy{togoO(kI#B_Xy+@J)j<1>{x
zi@JTKBGxGImG$L*?C>hBVJlpd->6a?r<ME5dY@H`{=Q#A#Py3k3T_MhWFx5C@Vz2z
zE*leLpG!$Jyi=t_(M*s8Yzn=K9AnWuekt5Yr$0Fa_u)3!zk9Hnc41SO57jbya4e$k
zKGf6ORT8tO5W2mRH4pyd1R<^dpy6nt!rNuCtGU?3*M(ZhQjbKNt&B3uPSK@G3o<e-
zwR0Nz23b-yhYPb^Iz1_Q!6qaBuZouS!vlE-;lH=knvYT<(Azf!29z$6N0HL0as3f~
zgVoM&E!&_KiLJbZp|-0AwGU#uGvS<<Kf|}l^RlKsE9$8^gh=}nlI=JzrKadv=Mp^&
ziQ$|d=8Vm@7q-DBj`yH2fft*$LZme4hxEGDO_H;^t<dR6PdCE<rT;$oY~mb<dgBAa
zxQz<wXQ_}5t59E>RH$ECEAbjwS}#Z-GS1EoEyH3i-Y6s6lp@z?GDfrNpw{k`#ksPM
zA%-rXh6#sB<g8Q>G>h!YK9z<Fn6rO@WApD?&4|l{SQ*VZu<x<E9eiVho|gv8eJCq%
z;ck2TyqzulmC}6{1a{beN@ljzHdN8W)Z?jf$=dQN$(d_quIryMU5{is5_u%9-#AZy
zM2?>AJROO_aH`Bu(7~I3Rnv3?!pLks(W6lRW5rOR1iCHPK(0fo4`nARV=Yv3+D^4K
z&=<Wk!T$(X%!|@Jgc|)VqB4{d_)L@5^;E~#1tG`mjaf4CL-@#PzekAPJbGHLlEaaW
z{8rk?q=Al(5jlDVr)~gS^I`;PuJ@Uv%RAlUb8<@Iv`=9X?Qz5IVxOSh>twq`AP&CB
z+vc#P##{Zw44K3t;jsr~Yrtt{m9NSKy2XsymPE`HWEb<kr^9mpTr&^W325rEXC?7W
zY|cR%g#Zl}mqmmeWCG&OD8*SJIhaRiRC1b5mcaOhse&i^fdy>zVmeR6INa=1Yk@v!
z;>l*b!&_1gyh-C4-r@AYKbM6P4Q%3~wy5JGzmJ)HT{ygrvcbh|>EfJj@*D;)4{Wm`
zm+d@hD6w@c$PT`ToE8GJ+;kvAGhLgx3C?&Qg+X|ZaAC-G)li8QGPDtFLBZvZ+kX%j
zjo!X2<Cv6&@uSo}2Trky<Vw=Rw%~v|-l~=ZI`||GD7ohFpM_t_+J{;FuM~RNE4HGz
zpZALw)x}3K9g%I$J<eL+g``CtpHUUs!8NRHx>Ce%*li$3Y@Q;29mSO3CQDwn${}+i
zNbTlr^~<kQCa6=>t0(hX?%`3?`!9vyj7hW>dt~0L=X65+if&3n_^_BaUn(g&2nc{H
zRJD(BDm?&~C`)9~L(^Mm!0(_rcNE9?N=L}}#8(U76E#+A8`KVGNEG-Z{T0(gvo2l`
z4Nj?fWZiFaNv&Hk`u0x2D-2>WnSxXQ3=jMM%RCH)WKz^aFq}6FB*wr3T{l4N_2J#r
z7;u&8?^+4dXM{l0EYTo3_jAyj|31+<#P_d}n`e>yNQn=p563NLosVIf#INDO3b<*f
zIH~d{5nHMAS7V-4F|uplIAfJya&+P4Rs}f(dbg6U)P*UXn-{7V$TPMY5?rD!e9Vr{
zmldmoe<Jkrl9Ptik!8BXAz~!FzOc{BP1Len3Tg6@S1eRo6aQ}FPZs}Y=85hdR~+FR
z<mK|NN&;QGlT#{I*mCH6T>48$9PI&{eZ2Tj;bD<*?mPX3Wq)D1mmY8c={OPp8p8DQ
zQ$08$d8{W8y=Kfp>h<9R!MRjID^R=n5&oOqq>$u28ff1rPl)u<(n(<5&+L^n{?#^B
z@lCfY<qf{~=JTts-kdf^>cAcGvHR-dJ%e&6nEQH4cIo_3P0PHkfYwE;*ix+PGIZys
zRc7pjP*PZ4gdz}u;M?OBY_nTIUbQuPQv8t*b>Q`C({&Jyq9o<R>emGRvk)>Y$^!5R
z567lNF^7<6q@U}fRIiwIbV;|EZqoJpcbd>l;4&j~db$zKPvREJfV4$27y;6S%3bk5
zuAAnQ)H_RV;tokD^r<n9+b``d_@6USC?Y#pklp0T8K=ul$if9D$K{ROTFc}FPY1uO
z*C=%QV&%x=w?<i*o=r;mOY`a6!ZVN~<{F=^hj{}jyLULP-p57qqA*5=j9swdL|QzC
z{7i3Bvnn)xkZu2-uERZ%gZ%Sz0wER`0w=x~QE~As-0V--X@EsW#L;kzEap80dSs*I
z525x61vwi&AuR~s2B}jA`J)I{)!2WG8X!apq-qo<t<?**td$C_d0kdA#F)L=9z}Q1
zFX)yyolTr9p`^jSo8j}QY+{%nc+ADr99u7YIS#5B+~tjZbllf^9G;Zh#LcY?u7ogN
zvo-*pgHMoxgoimS5#*}QSVrRDp+N2JYiy^0u7?}v1f42uVPRFEd-kr2MU;fq;on=h
zKKBsi@{LbS@3Fy%yQhBl)^o!DTJDZ1lut9^;)ZV-se9+>7(DxMxzE__FexJDLypGS
z(XvL*U`1;Eb)jniEmX(4<Y7!l8i{AJ*mPS~<hag{x;`5k7jF!ea@OfwjbAa!oE0(e
zJaw#_-PW}fS^PC8&2M{y#tQ<lg@?zGKvE=9e7EgU{qV|Z{XYYx>0AP%sovGEGG^xH
zPhxbh8+{nO8w?;}mwmWyk`q?b(c|sf7|}GRA}pr2P~es@?V|)6<IOB%YL3=ITWK24
zkA3>*^e%Qh{LiSRS#*Lab6KE*g1rNmkH$!f=AcC>YD@$j$BQ@j;dZ(ubskJI-nUol
zH8MTN@S_1F<L`QN7tNS)q{fVw>(n&#Jq89{aIFBr94R<+pF3O!o=xUp2^Z_?*C}?l
z=>Jtdt4c0a|98N2{Xv<oKRSe~WsHJj=ntQwvzhc1XzbNrF;#ycsQTiPSP8<*(>3j4
zSKLY*-d@q&a%?b!y?VcV`+}Irbh<+cl;bjZ;fc7NiK;#e%y`}yr~^~9#w;L+lLo~M
zDKK#ty<8?R@!5y4CMui#KHDC`7_AH11YaxK1fncmuT+If%3nTY_E5xz5?Rqoy2cs!
zx)!tJOHpIDQ>az5GF2{m0rt*Ju!S5s-C)=+0d6tv6cn3-;(C;%snzJ#_UP!Sf@))G
z29(G?eQX9$8}s^|4w`nnE-l&}-+4v-zNMIZt(0N04CpT4NQ67PzFw}SUBYA;6JVM>
z87?dsrF}z<zoetphSF#jl^qdt^Qj8x<%1G@u|AmMGV5b;lAE!YaE%Sh1yaqfC;8!`
z3E?!FeQQQeZdb<0yJ&S-9^R+BAU>@_TgybJU#eT(!5qa{ex#5{zu{BC#hHikMzWY>
zFHzQ<eU;>?E!!qq4)6$saEV=Yp*(3aW16RAx72cA+t2wg^?f>P^Cvf+xW*F0ke8B%
znCw4bhro-XMg=N5dV38=Zy{+?BcRLF_MBc${uMsSb)N#vH1@>&pmBt-FxDddMKYlT
z`aas7j-nH%gi38h@+;C+g^!+{{7T@wrLwu(d%<zdSNbt5iS;De!lA#3-t_3<Ht@8J
zj_>8?q}mi;>rcgU*lV7G)6{8nzdS;TlxEIUskfTz{0`_Ubjv<g$OgcUXK6~Hwob=~
z>+K2jg6r2>30XJU;_~685!va%vvC8dnWyErlS6<Vc$#9n<L@+yAc-!zbMVuv<M-q9
z<oUFF(VJjXbjGL1MQ3(*sO|P=2-3tZ(P2Hz73DT~J?A>>3=N}yl)k4lmGfpJOkBTA
z@9b<hYB64JhmS4JehOGGnfuJk)`CHK!kjPRN04iTBpLmhn_x)36vbs(xK$Z#^==~u
z9;#j-wo~qV7HPL8WPjz9YdN8Uw1XysH(B0cpK>`Ipo9(@J&&AC48=Da#G0Bq3`!!4
zCujyI$&v5pI#=9*;XR3-y!3S$hWg(jsg~E&YEbafIbqjcO_#)6NCy&L0#<xQNvo+8
zB&A%4*Fq6tGP!~)^8R;|Pbg~*cTqYqPn@xAZC2zRbC4ss81PJ~;iF{b-un28|FsyY
z8yteolw@5(;%?SrJl2Cy)n2b#RFF06ngLJ5WELW#mL4)XQ#J%9GxD{V=Mw@_dsrA_
zTYb~hV4$=1*x&Rus<=JX@urq@?|~*+4D^FSAV6^}oTS3v@lt$(k)#1#;4W0Z!5FS3
z3rLL*?qV6mSXWYazhzce7Q6b5(6J9@u(cQxJEpIVyoTAutz)DJ>$Q=}shq8TM2CPc
z(qzxR5GGovs|WVfk2@O?h9#`^oUQN>Q2P9<j<ixY`%fVk$8p3-Fs6v}Tcop@{XvX<
zRCD%wlfzpV#=6uhTRiWafnTqTvfV;aeHZPr5(=&hrf6avDg~w5{XFJM10Em5({B-v
z5nzLf`2fV)XoG6yAC!hK7ptwS)TT2u=P+!rFEy+xXQ04XVy6@g88zp|c#*t>JFM8?
z+)Q(pA4);Lp-bRYy8{McXIG_y0#I6O1J=lsa71CFLxY;~_Ez)HPj@6jR%S~}BK(yC
z;6h6x)8nFdutWnT|4}BS5loBh68x-epU!THin~CSLTrF<*fUve2v|)|7O5_ZK@sXk
zi9!7bD5V7eJg2lJk~Be(Y6i-lmMMB|RLi-9?$F;H;3_m765WU0{P}cTC+FScX(zBQ
zo*2N_3|C3<9OeExs3TK>B8${xoFU?s1emP2%dVYTU{WOd1Z6mhrr(-DN9v(~#)w~X
z4v?t`quVY7Wd9>ZA!}(=E8xjXRHMj7M7BGG=fS@E32hQHYbY|Zfugd+jj^{}<iTLl
ziC^d7g|ynpV;XH*?w5xbQonXF*QGD$lxbsKJ8W<-?@<?p<L2xLhZiJHQkry)L$qc)
z%X%P(%)%aTe`)tv_bSCQK8rW$pJBX5`5pd&bSlZ>krCk8He|rDr|q_$Gea}Dz1TR3
z@kBPd(dj|UZlS`nv|pE=i4OfOcyC<o49d)f29`34rn9PSS$oFwq=4-}&YIcL3l>{6
zpZIlJ;D3~$u6d3~9`jlPy^@g$vQD;pWoEKiXaEnUVQIa)7@TOHyiitD^;U9c&KN`8
zA`#PqYce#R-q95lDF|i!PCK+s<Hss@U<#k^zZ*2>jt(Kc8v15J26Kix?C(OHAuJE?
zc9@l})8L3}QNOvpX?hnvEn_sFQ%U&+!+NdcY|C<|3)$S7u>7>uF5uZ2dUCh9^K!UZ
zMll@ZV)EBJKQ9}zqW*&Vg!APlWH|%}IcmGp{tiAIO#_I>6zcDqjl76m$5XVyG#$^D
zazl2C14MdXET87eId86!Yd0SsjkUCB&^YewJ<6K5Bf2PyWKZ5~xU>y|*4hZ17Y=KH
zDe9z*a_Fj@;6+lyM{MYb4U5F_HvKSb@I+bX^wJ%usC0Ic&q2^oxa$n2#?#$>`oxxq
z1rzy4!}_IT#Fg{a33ei3!+o9lg+o&?d5!9ASfJ=}Lm20bg}<ZF%uQ5Rw+T4d)}OrI
zvZ2F<p+%c&TQM5FB9B&D-Z+lYcb~r=|IzMqty_s<Zj<vXDez+P;4e;cvji>tw{nxc
z2(#Q*QUm|G95QBB`y-Se1}seHs|YN6hmBr}$L3>my|2L3eF9T|$n#S_Z8rh^6m9c4
zNj^y0A_0dJ71agi_j@^<=0s5-NeP1pxuE+b68#kFM|XYXQ~4shXgeMsQ!z*rDaD%;
z#R;AEg&cF9ic6<qMOiup7?b?YH2t1HvT`CPUwj7xY`vch&K<ebMj0V@3q`wdGm>Gn
zj_@V*s3c@TXQifb6cCxsR4Ke3T<7ZP=>Tc1v=2cbsxho;VXMr2zXZ10bWm9M5ww$(
zf*ldW%V>*G<=}-3o5SN4ekiObwK!TLEasG>&$HXJv1?tWypD2|*Fmo}<8|A_gcQht
zA{fE&_WEDqgz|(u+D>HtM(y*eDp7eI41~9eb04Jv+ovBq$#d}Xim`2lXM~DuL($Q>
z4c~>l^>phE9=SKKZ4#M&$r+%2$|5m~RbTiKhS_jat{ZFEeszMonAV;(Bkc9TM@XlS
zddT($)^z4e+@krHlKP{r9Z;N{T$?5*S3Vtk9(wEDEFTuW_ajC$?WeUKE}H+e1Q-qZ
zL%1%P9wZ09IB}R>xp2I*Pug}RcoMK&mi|)oL81B$LW;BcDovxlZ8X>TEK9!e)p|W=
zZSxjauHVFWw^y~n1pWJIdks(hMV(a^ZSSH7gVW>AW6mMPR3)J%3;nL@S*nBn5{uhn
zSJzM_1(hnvc5K)W35_Yc3i;VykZIG&{Cu@M9HOu!6458<CTe?jc=ntM&0Oi`Qt)bb
zJ^;bQH|XOwVs7d@%}qD-C|VtZhFy&Rh7a1K@|Sku6`BMbM<~?;aUn+JNQgC_lO9n$
zEd2KgQq5yRQ<Y;6qXho*`+Nd-+rLlNVzi1sVEOe4ya!*@L;S-v{Z#%4t5ZZhQNY<#
zY~iOHW}i@A1iZU=GX&?ECb{&Bs2AS=2h!F4l9>mWjTD%2RZ&AG(0^GxN5RV+1Cz0}
z*&X?sSfE6ZA~MYj2&2FQvTeA{#NKS@HeJ}&C1>uExP@v$1f?cKsp+pjBDCOmfo;D!
zQ0HWH6Qz5^#-pUe3L7LnDxPTq+bhH1=ld|A1vjf#sdfe=bvRYyo^?Ikl=rC?Zu<Yt
z(KoJ~eAQ)_UBA4!5qG#W7Eam|pj#M*X<a`UnD05guZQIPJrPas&|5{4J7wRR&1bK&
zc0QYGXZ<u<Q#hX`z<-#-W=SwAo)YpTv0?El%qE44=*=VpV$aN2{l`Sdw^nnZ9QI?Y
zRg3u6tRAU~aBiX(^yXEEwM1@HHKhT(q3=2Az?ni1rXtYSUeryYLNozK&ujb;X=kGc
z@wz>ELCUj{9*Wp7X|aApIn2@Gez0D#-4r%zkcBWHq*osLNy4+fMl)k5E>3dC6!x)~
zzTG3mh0h8yX{s5bb`}W|f>StL3RagzX)iLICVeG;x&8$y!DUDUYeNy?CjvX@EQ6w)
zx@XWJ<|(BH;l=#j8-300p1fg}J@%+gtSK5!Rj@U!$gd8fQxQy;^W95pw0g%CyX>wo
zgYZea5G^6*N7vElb^EXz`o|O0YtwHJc#_WV{pmMWetbsV2BnVInjVld$f*J6{1qKS
z4tykM=TNV4J{7Xy3XL_S?OVZO8L#T_ryvkIWh#{(n_bF!yVDdQ(YN9I8ISDGY9Cg*
z#%_;-yiOPKu|_kIe`dCZsg#TcZh5s4ZehDLCf6k_Z<`V8gY5S5h-u0RZvOn@A21|}
zRn{K~RI2w_wK5p8CeRrtfOus!L;6f{NwfnR*h&9Lu2LQ^=+Lb6m`_2oR&ttqE1<er
zmek?-LLUCsiag_tmw1<jr;E?{G~pBUs?U6kH7=JJwv#ird->3eXWz#phO@Qcmu)jI
zX|z`NDpu;f&$UvYr=xwc_p=UAOU_0YvB}Zwwn-YIfHxduyn(V(DwClvaI(K`lhpR9
znUkF&7CgLWI!Zyqubc?ngshJmeh)*U@$Yef)X+o62x9Q%Hnq!D7#Qcmz(j=s62C*Z
zB~&G+6@(&uBcvJ4`-LX~B(y`#6jVuzP^c49^CKjW$$r`>$16gOws4;Bm%Az2T19y;
z+>tNAc%Bziyhmy1)am=vBO+ZPTcQ_Wn!;CPTrT8L=|Tv%6n$xc40Vf;q3rw^>(38{
zIT&Chnz@Vs_|L?5ght9|TA-J}AFX`Q|AA94OP}YH39O3ZS*BmaIonn=NV5QN)@SX5
zX?nN(`~7nm*7J&ZuOr2KFV<C83Pn}29S#SUTYnFCe0F=T0p{pzqiW>5a?VkHuz`w*
zKR|<%T=y8EF?wP@eCmj<Ek<3^Cs)@b^&!*IzDlfhUQ|Tv$CYX2_JmNrFuRzxI7vNk
z;d8d$6Z+inYTMcp+E`F!5G1VM(EB&s1@92%UiHdhr7Wj|70rEuw!jA5UOAEc1D@##
z3Ru{$ui_T_Sb!Tr1{Dn|=Q?`&vBR!%xSrlcJ<K2PPw_F@$M5rFxW^RWSELur?n!k3
z-apk!PH%T<;_hH2m146CWuP)Gk!P_$FKu(t`5vVwY~7gNP6e0S?N4{XAw;p@#}IC0
zN-7=u<MY*SJv*h(cQm$(v~hvDs>Ys<8R73d@JIRyOVw6<R)?>3hBzpZ6B+hKpeM`A
zChWqqoGlY@W3&;(`RNz<BB49FjBC~Y3xd7W)o8Qpys>I=plQ@MxR3*%U<fziCiQBP
z416Ft4S3!Pu>dzdT5~}yv7lZ^$Jdt>s+&|ltu=0LC3N|{f<!ZNt%emKeW~!htW`IV
zJVnFFP||S`;xC#U=X-L*`$y{>yKm+kr*10Xjw`*Nk_h?q!QT>h%wI<v;ZJ1O%P3e#
zLxjO20IIs<8yc#nX(Cq|T{IzBVSi8-MEi@bitvHWGdZV8k%GGwV>5`MfJLjRjiOoM
zAP{Re1E05xg^+k>Y<H4b5@g3{hUkJ?G`dv}L9fMbsTH&0x)psxICl*$+a5Ug#_N5o
z#ZDPfFuK9r=YU@Svy}DA=C(%TW!*@Oth#qO?u~TwvF_-zY*;;nwT?3Bw1R~-%mkXK
zXf4e7+-|1Re2AW&kEre+hnu7KJcGh_HaFwhj2T0mLdNE}UF1?Cr1xs!``E4du{-0a
z{cCu<TcX|+)H3@ph&EAxOWZ20sAzw=U05&Q!xVy<I@6GFC}=~q=I{dWE(gt*7E2~w
z$!#me4uMMH6gL#=ROxTnn6+jH&LAVyG5YK>rR9R0#0RWZ`pT@$C+m@E=xKQHK|qrx
z*5v)@__?uBQ?y^2rhnZoFg-*crU~55r{wT%;$b&4X`JExUY^c*C)r=MPO|!$M_Y!C
z7Lg={O}{U930&!9x3&^Dt$Z*tH}nq9>_4JVRcm+RK$i7Aft7t7ndqS9I5d>b#s$zP
z$Dc0{y8o^n?bt1?4$ClqQoCAnb6r>7C4ael7qvQEPiKsMnfQLWTcYvZA$o=LO!(|d
z9Wz)KD22^8txpthbmL{MCU&~hIsYx={qqtHncgt+)vlc3Hr!%_p5AS{1FE9}GdIZ@
ziy}3j?7IWOi_-k8R-?8S!0Gf+^oIEpnbDRs&~Q2|B!_cRh`~L->;H5eH+_c_YKx-n
z!Hb9AZZO&q8U@ZEfQujJU#x=nssY+I>o}LD=twh;h@?2^EfP}u!_daSw7aN}@2f%R
zBo;1*cB(EtmVUhr<~q&S-wvTL$bxl?^UfCO6x=YRAX8_U$BJG)jrtr~Sjl)VV}(_n
z^&k^C!0V(?RqeH~S%_owq$m@C91#(kmuwjS7;bVt+r6A+LYvz&7D5V4W8rx{`fAEN
zc^)UQ8mOBAd)+0-@!fVrLK%E0;9W{2lx_BE*5S5W9shZU<IB_Tp^zWor9jJV$If#M
zcUvr<JX=Z)A0!{*&~$7#G@dD2ywPxIUOm69ea$8HQh5_ySTo^0!+S?Jv2gPihHSLm
z*sz%nKDt`3Sx3kcTu4%=ui;@O9Ac`^Ud6>|oF{%iJ|({o%Y(W`7;RJoqqVg?=|Rb{
z_SMNR&9YoS%LXjy`mpf`SUyJ&B+2_s4uTt7xMv0|Yg<f%OcI8^OxJ{=#KFFcuB!xF
z^wIx?$A#0!Sd%?Zs-4kS0#FJu7lVdHWcg~YL;JoE9Lsa_g!}hv^1@o*WB&>=UtH7=
z@N<j#{4i^o%8_^rNe>%ECr*iQscCbfdD`=#Ky(N2LGT=7LMbI2Seno~yHqEz7pPf+
z9nyTfIJ`fG>t&E@t=YEJxOAv0z3CMyDk@+Vc`kC<(_=I%FRtWibh;@myFXRsBJ|%n
zN9Gi^=oU7bKPRVH5Eh9*lD7-f&u{XzbGM_6oUf6(AFd^EU1a20zAk@|*NM=MP_?s1
zw=cwbj>{O?E-4QiakN;20Bz*L4Sy^q1Uvr>!#eFruR${XhLjFFzoMEJ7-~XKk9^rd
zYxccEvpYDVX7efj<3U2G^IA7M2;6C)AAFajb_JP~-0K<iKGQZyG}FLLNJ(g=BW_@$
zNWToAaDD7jCTG8B+a!Q_`K_hI?*bLw+9>Mgh;ufEP)5adrL3TIxX`X93R6ZkWXjHZ
zv~ceRNd!?K_MYm*xK8m0UzP|mdmmv_gzCp;naD<IDuo^<q(xz1*cS8(0W^3C*VjoB
zb122}qQ3oh*_aD1jCl^y<<$7{QDF;6WU0@Wjh82KZ4_t{A3<T8v{CEi8j8vcgPbyh
zszrv#5FWs7fkgQ#hl<F}!U$klEKl65JXvmzM4hHigk==^6Wuo<7G>s}Ie^B9eJxN{
zR+(Gq?$h8cg?kG*cMywcASl~sZv+P>9*^AjasAo30c%~jspALv?@7rR%ud*@Pe<2}
z-7$*!{K6pj1b6h+Umed$;2XoMrdf}J^yF~Fc=F@88Sz>8%h;pVzfHaUfR*V^MZWZ6
zZDK8YZIMtX(B9LGF8SXOBBI?(mf^U?goK&0yO)8m7R>1fXvJ!f@|TI#+@71LL4#@f
z{S?PIgT!9yiZO+<Hzpe<2ttRm4K7?gf}kB@LbBY=9mj#z*^$WWRq}~zLq2gc$KmQ!
zqF*-p77E;k(FA+Z#20wc>|!5@)azsmk<m|2E5vZZ1-`Hpfuay+#hd7mqL2e#jGo_6
z*BCPhC0RqyB5JX!q`Wc@uC%UomqYn=_{YByvI4d1Tk*imi~b4$w>pfqym=TZYLzUD
zQrQ(jQO9BaFH_-^puaS@DHuvybG~!l?v+hn6iY9Ahm{n6*0H~9FnzF*igt#NjBWgp
zhG}ke#|(5xNTbcWvIigx(S-^i|2{>*3z88^$xxM??DnX)AhVvFDU(LcP9(BM{ksd1
zzJo(fS3@`Q>rB%xOSs7BAc(`<Y=Tu(d((}Wbh}`fhT+RTA(H6^{+<?9FZ3-8*wo%*
zYB)eDWGQxQXSKmgbp~&<6viFoQP81(+7U&WYL}cMaE&I&K<-q@AukzIHB=}6bAt7;
ziO^0~ocp9SXYaiI;jHvi5kzAT&Fe9D^<F)v!&de?lWSw?SS{<}8Ejo@C5|gV#LA*_
zi|TF)P?vRqj5geT$Ua~{Jr<TV=B=oa+k@N{@&9bbb_ro08^v3wpYISHF|!8iI+dEz
zhWt04pPt|};?no~DJLpe>5)hdu|eiuD<E5y+IL)WcYSG{+1hKPk_A^?+S%UXS#ZiM
zdbssQWto9AhQlbJG7Z%Ls|nMrzD}rc)LrWN%f@J=Q;4~kw=R*c<C11U>DcVjTTt-F
zcJLI#xO{XEYxq#8DR_mtzCy*IiZ<;~p^XEPgzPuw$MFf$--=;^hIsCg3QtKzN!S}c
z+MZY3y6ULbRZb?%&|9ikogd$aho?|VT9@ypNa6igs9j##L~d)8t)w(Y5T=Rc$P@f7
z{i<ra{z=+ls9jmm6&v`)=sw`787g1!3&=i63ZcDEjE#?=*gD?oA3(9;O=n>=I?@&4
zE4R+H+A_M;)%;1_UiL}l8Fu)JdFM1!Py4-}Hz8tAB2Ka#VNR>PcUZ&cXvO!;*COVe
zy>}C(FHG-4@xmS^d@bcKY}K`gxIUR+Hc3t#i7kc79k^ZG|Kw#U7(&1G2I-n4eLPt6
zvlUlB)k@!oYoDZsDNyND>z7Y84b9=6AAqlA5T3`Puw<D<nb1wdlP)N7{W=ZXvXZVl
zR8x^B8AhoVB-!BCvStv0mavABtC?{V?KR4BREJeXr;LXeTa4WPIYK=tsEXOSripB>
zNt`p=nT%jQ@TFL=mSB!|j-GVNC_gzsSnlVL^gvYUlWWiM@Ggf9)WBFW+KWi(f8w7-
z$DdCHHT@s(yD4&~t*F!3o^Cu)w9QA{K!e_o9W1BizLmmsqp2jZT3xB#fkdwHbcZ4D
zu$x#qQ&`P*oe|q2N#-`H93b_FSiM9V<jA*p?f5&l=jR~;b+#YP(h#=36oYbmFkGXE
zVGHQ83FzH<bbcSu8-1@EnBjj2s+>5@`*iX{>7PDF`b=6kREPgzHwS0yt%mBKg^&6j
zyRkscXqZH*Rt1${`8GwTu0w%iJ-n@ZyoU8h7t82O_Ir=no`fW?+jLBFrMpS@GQ}`0
z#s$)M8Sg()?eQW*nh>*W*%HqC6&?7q+w#hQZ!K_`#(yqEhWA1^L#S`*M+(tU(_GLA
z$!nZWdvKO*4$Ht_M^CW2ZB1EdBmQg9`<)x{A4UO^2#uz*;fhc8C%j%-r%!dG)u*~L
zyRCjo=e)l6?D!?~;M*D*;qf|=`PU=dQ|?4HOcwfCdO^3<8Auf<iSt$qB!~OP!A7{#
zc4-ZT!tiRn#<7?eJ+Gpc4uk!BO#d7gZO6jH59-N^{gYZNKvIL4O+*^r_h`C{VSx(o
zBzliSksKFVYpdC>Uz*L+(7GPMMU2)Y(8~^1^nDp0+Z09q4ry0$7$WjV`MByx@7Ahm
zWmHGC64v@<$?1<RcGg8r(0?U6YM5{lzQY>e=%1JIkwckHnpU+CTRfk3FO#4}qSk_T
z(dB!UJ%PAuU!pfb=`vdLthj-IfDIv@*5XcYjv?&HK~KaSC{HpG0Z#Y);B;7F7m0XP
zQcb04Hax8JDQKDfvF_Xk*W_n`CmnX3BLJnX^_;O{n9%-+!!_eD+BF|^ReH4t>o7qI
zO9sJ@!i8s4>}HV|-BW8UyG+=DZdVHs@pIrMWq2L+aUHQAy1^`LfGr05zOw6R0Som0
zF)z+w3YKGY<;|@?9)T=qOzyckI7n4Tzw#Leg?YjRGfID&Qb;zUU6oJ(T6fG(aNI`6
zQ)Z-LzmzobzI1H_Xv)lnGeW<087ZwZC^Oe7Lha4sMom3@m-dW85D3J7%Y76@!c#l%
zY5}2aPreff0_6UCtS{N>04Dg1kYd2qi>LE0TL=9ttRX#AB7bb7Ah(Ef*#HDHg>0s@
zKE4uN1O*uB4XdxTPcK_P?wE|pu}cGKOhI{lPPG<iLpku@1eNhA+OiDI25&uwe{6dx
z6-dnfAV!|{0Zj;R3(ApH`V>_oz1d7VBnw}mxPo`wxHbxV{okiBJu2r8E$@~<bj3h6
zMuZo2W-YYvoDQVsKivhVUV80GZMmKU!3a)3pN+xmOY;ih=F{~RRxK41R>tC^{%nWi
zNmk{8Cwj=nrKVba)zsx}8hGDCxrw)4(a2Tx#Z^oKZWx*bZ4ujFUtVXgR9+<KfRKI0
zLvkv@K=UElG<1dhEnK5A__krfO3_Idoa>{LgRC4_7m&GZ;^mXR14+mcDzFH>4H-Hr
z1PY|q&rA@lJ?>}XHg>K9lE;5VT|p>#^H6NVT2L~#760rECSy^FbR9V#Gc+OP%Us;+
z?`j+U@Ci};#q}9bSUQ%*KHLiapr2{!bd7**-`dH^WaMP_aWdODS-3dS|D!jldE*X*
zURj(x!5X7+DP`l^^vP@>@u|`?Et&WiY0>Co>t}zowlY>JyAN4N$=2IcIBW(@<kD#|
z$<Q=8)R^0fqSt(Q7nxICg*KKTbe$aqzIfNyvaF26$-XQw3q3e%7IohBqtZZj;me%8
z9j2JlxQM62uWeh&@c2>TIr-@p{{P~6VQ5L1#Fj}0Vx#cq#Prq^6#5-~q4*Qguo1H*
zNuLG1^yEE$mC{oII>De4_ihb$%-^hy$8wcaF~YW;SY}Efb)Fizh2`;g9pAq=Q5((!
z$duRj(e5sJx<dh5xVJ1rfW*lVk-x|HtK(g`OpguCpRy+}e*lenLvDZ`9-eBYeX50?
zuF@g)t}rxIpG}OQ4d$38|7~oVTnvk~y1PSIeupr9mbr;o?7btK{`_`K6OGY7glghJ
zy#5@>H`{O0n^Qx({pQ5|cC2Z4$BjNdmtCbt=qio<H|#~UH<pf4iX!@!j)e`k$289U
zf6uYkLvlw8r4f&fc$NB$T))44#;SMGvC^U#m1eDV47cw7c|R_9=$$^YxpT}~_FDae
zP3Q5{l1V#U1y&yvMO<lSB%V&=%oo(iXcjsr&JDt_#4W`m1FkQ;?lIZ<;oFkeW^*av
zj2R$S;I`u1Bjvt}^M9e(XM&Pu%!;!f<!5Jm-p6t36#4Jh9H*mMJr`LN>98=ckpe~O
zS_&9d%W^Ac4wA(f*1K@@wQG^IFzWGpInGVD^CJyuf`L#uSOQn6C`M+7a0B%NE&#PQ
zTXdS;ZVu(v*n%$5*^7rz<3iKQk1P5wZkrkk9Oj4YSm!^7OB(}{@`>g8Q#_ZKQ>wW=
z5=CpW89^-91hHHTE7o6kRG}nl5#Jf>T~$^0VGjCl4gPLI8FqVm+<d0<Wq3(V;3zcr
z@bHw`6)}fqlBL&|J6lx+BA$soL*eSvpmFsug<6$~I;S3o#my)&cU(wp$*Kpje|6`~
zS1pj?#<#(5!{N~{b$oKLl$+GMsmh~R^ETN|H(oMr^DIiP22}FIC{(Ypu#&@dWsmYP
zzdNidm#4Q^Hqk1f$K{bL(mj8(_hSJ{fDAq$9Bq&hnA08|_g2=)RU1>?#7mI@3*xpK
z-FK60t>aLz<!e=#+ByCoOYYCIu!p|KUrX-%Otv|eO<9Z0brwj_m><^<LS2N1QJK0(
zUR9(Y5KLNc2U7A^{$;RH<|_D@u7zOf;^FS$FYi(Nly3f_WX|UKO2Qhqqo=(q$}$t)
zg&*sNW;x7Q4A;8%{9`uLzvoK{?S`G{_8HomYZpmcU0#%63ZeVW>9Bzc22yjKKbB4(
z%QzR0r=-=znh#S;nwyx0DA7!G0%19_Drn;se=zhi9&FC}ZjA8%vF|wIMl&{%bui@{
zEIHiK%aqH%9xdGo+*`^LoGyK>ypL8adN@zfJr%M5jQPW#Nwl6F4^XR9F(vwFiz(y>
zUJs{zvTLqnHJmX;By@f!MZ)uTnZ9^OJ`A_JW3t!k?H1yLanzSLq;TB4*LjhXSDl~2
zqOTn@oXdD5&7m$JboPotdYz-(XBhh2Cdc?6rOV^-z4$Kj!KD@s1-T!8dba~_WPQf=
zLe67J2?`Wkv;wm-Z=>LSv!-vcf7rdxH@Cd#xu)6sVfn3(g^8Ye<DC9bu`^KLtP|gA
zM?%(LDz}5CY_caVe}I<hP*$#Q!*}+fv4h@^j9tYd+0-rB`qky;c9Jy0a!mGNMfA&c
z`}IcfMiSKU!z3uL_wum+4ORxxtO;1&Mdvb=`*}5O#HiRrj0&lB#41ad`2J}RsIm#G
zyhZtzKyEiM28l)ui_&S-LacW}Q=h&(-s;^l@zD)duJDTc0R8jQ&~4Xe&)2CJ?}jSG
zB^72OqB}M4QydjUYj{AiGc->%cSrCTD6u8yz=P{tJv|-5Cw0fNinQp)q&d3uoejO@
zQ#m`wlOu^!kDX^Cr<3`Npt;E7JbKi(@pI7c1znr@auX6X1J5!uj<;&VNAR*mm>yZ`
z!gcZ3M*+IS8WKnX%E^|XHfzW(FDeA=*6h@BSsT1@7->mYp{u!`)ENM{!6C>FyUF9E
z>yG9D9B~9v`c;3;yV-OW!X7%pXDyI*Sshh$bB%a^Sj=b2@VM@@FeY=w&AG-Sy3h3V
zJA@^Uy!BH^QG+P2h>YmtpSogISiX06xcZUTf{u&=`GMG6;cGy(a(xgewz!GIdmrth
z?P)8M?^ml<0jH=wY)8m0;mnYQxhNh=$)rZ)sVVbfkrtvDhbc~_AzrSQt0<0+){d?9
z6W(r74Mf3Wq@2t&_Ih*lCPHCGvb}c-zaSsy2{9{k5-CZ~2sb)yl^EzOBA9B2>X7^8
zOO4iHu_|}^bA&CPP-x@p3G!XX<$0{P!@yqS$(7T?c11>7qRrdOm)DLO>J%V7WwS&L
zkDOT3TFpo<SIqv9?<DDEXVUyuI@#AgD)4`?(aHYPG>^O1DDWeS$@l2E*|G-=g5NT!
zY&e}3K4Bb$MT`$ifYBYMh&sN0hu@yShwjlV)c(qtNhfAMMz?<xEuVHtdW?b;cJdAB
zU;fW2lmI(z{{h~KzoC|M4sO6bXav|qJIbZ|U*Z#vofCAVX)$#F0~K`PK_c23IDxh_
z`&K242{Wk`+v<_n*6>4OTUB+vj)}(D)>v+}*x?xwQoMoud-}h-V|w6c!AAKN{DW6|
zw0WPxau$7WFA{B&yQm|5>2B%pTMM)gMTYIZ1mdV?GMJ2OE_XbWSjK|A*?ayu+j~e1
zm}H|dPODnct<anaif`;NB7%i3M~#Wz01_=s351=cwR=Ig4h;H{F2eX~Ewt3z<(8T=
z#qCk{q<K{f*N2WEL-L^@7ITX;?)z=sWhWbhoYY_Wtq40GO+{fH`nnwYt`1Ka_C_~R
zx?diH=P9gtk9mzfs{1KH>G6Xn)PAI31jQJ^VhzeH)^tTN(1UlllN#u;syS<uxN)Tl
zD0{wWod#O9tX%O}YFHV2<vmG6C_}3T*URAL#~yFEFvolhF;U|Y6B|8r{JGEltV6i>
zQLy#{X3+(G$p4~zM^B>rhcliUZ;<OxgB#UPkt?Afrzr!6>S-7K`xN^7BMQg#{elo|
zSLpq364YP9d(o3#>#YAholks5sekdky4murcDDTIr7f_WaHd>rsA_aNgq`l=$q>K_
zTy&>5FR~;gkhegSUC!~g=?y@1LWUa4^Y(<B0i>6t-CT(^B|N}NZ);L%;EqU4JedDZ
z(T1j0o$YWigVgY7Rhb<WL=v+le1tW1Y?AOVYc%H2>)8t<#6dLduA?Kx;#U44Ztv!h
z?71!==45gb_H>@ka_*5YXTOZ9fWs~8K1Mqn5uwcAcXz+)j=sU?kTXah<>3Wz0fTK3
zfPD$$r{YGQ(?5h?G*C<hNCSUaJ&wv?y;ASTy4jj>>&IHy*VMx9S+=mR8(Y|R$ds8*
zTk;I+p#nOTt`_YfjMlKkN{6<~%n$kO486r~vAP(1{_A&f5aL(k`Af8?VOg8gTDHxg
zR$8vtI9<-uVk<d<I}Z=9QBV%JnryU<A?D~y^d{99k^`+RrTS1_X#)4tDScmJe(DaX
zVSX~kj8f(dR%d2L+mx(52?g(#nYlc1ZZQt1oKJp=%{MINXxxgZq%(3GMGsjZ0RqX5
z&f#g>)u7s)U;gk8`VQVvivq$Z)^c!MEcT1tV}v+{*XW@^gQZa{bo=|oLccDKltu{G
z0)~7w>Ghbk;*rM<YuEpE+U~U<zT(%R$w69nL_9sJ!=;t4UrA<>fT~{g?08V71S1lo
z{JPv5_(vI;ug40V^xYZl<DXm>QpvTbgR*t#O8VPyOW?GIo`NhNyO^M8m^<w>>zv=2
zbuFfP4F0(_%`Vez5%2OQ+)yjq=wj58LRf~(ZL<^VV%{LHJ*QjnuHsi4|JX%p+A2_W
zxba_Sa5bAW^^0Z^P{I6lyTF9*VfAY=fsgQ%9NydL3N#6yAS6vd9%)2lvK%aIz#QDD
z?#$DZU|k1W<{6g#U0flla`hhq(^Xxl|KG;aHPn9NIRqM(0M8`N9n;Fv%>(QDc?#~i
z-3mROG<t#ya}bl(yp@c0xeZjWu>j?Rgbf}-hf+cy-1@$e@%=?_O_ig`x(;Irv0qX?
ze2DuyR1cB0l*q;<kv8DlLV{DLIM!#GdRGUyDIzN@tsTmL-Ld|+@^`8p?rS<s)tm1w
z<Jf$X=aB{7$>YQXeK&Llyu+jW8#@D)i>&o^u<)NK=kXX#sR&OwAGi(Q&!{lesz*OR
zLhv!JQP^L^qQPxFLwSqGTOm_YxAT;AmWE{BPRvZQCNj2A`0wfLT=(LnX2sGC6<QIC
zi+I#}gv9a$g~2gs1Je92MbS0TQ~Yy~Zda*K*4qeYwm$tGN&<DkxpY!-a8^Nxa5{4L
z!<Cj@)3+4j<*xo{IGk4RPVe!wiU3tWs=qdz)hu_%mYAlwr7d)d>Bgh9gww5oeoFpL
z>Yj|*&k1rl2W8D>%Xhq}?er&O^moc@Pnr_Df#8Icayy3-b8&fPPM1gT!NT7kV<rrd
zNL77xJ`$9Yf~6y>53s5~$^2lxij&#CAI)^>?82nMkng8M)+JqH3+8H^R~Hn$OIdLg
zt&HB*|I8GjoQ-51SehDC=;=2oz;VFpTQ(@2?p?GAF&?JW)x~{0sh=ABsht{lwB-kE
z;0T`%`$qm|2Mb|7^Wl%kM?|lpy@F&n8*H!YC)@glW@%}dr5uY^O+<lCg%D<r9@=Gl
z)H;zrh)YqW*=k0)6!BN2??uvai|LI%aTto>iad_+LNJ0*o@$;*k=nO7EL6$duGj~n
zg3x$)6^YM{?p?;|DXEUI&ZhakMcSS2cA1H;9DQU3Q6;z7OWyV=|MQhDRFiE79<Hv7
zhpQ|p@00Z@4rz>}Rkzg@u(qx#ju&t4!|ikn_r~clL_)TW>E68RFI6GWbo+|vC$#Yw
z$wMlX_1J@^AW#TfW0M@h=m~WKf{@OEW(l{F0uKC7&KML}(9C18lxx0>uOZ$$(V4V*
z3Jo}`dSz(sy>w)j^cZfYU*_qnr}BovJh)Zg(CKCWrm{dcE=KNpGu@~NcXkQirvT4f
zm1BvXmXAqnU*u+k^AwMcv|>12il}v|QCHMqX1#sJ4yQHREv+3iFthr8+FrwZfy6<6
zxV*8=;Y<dTLhh%&?>fqN*>UA@>Gx+C?=jiETCb&$;jj8wY~+t+X>lP8S1cU%(cU<P
zssrfVMg5Tk*j+7rUvH{bZQvTNue@a>r)N`WI->~+SxvWSAIS04ptyniuUmYa*jEOk
zqIfR^9wsuSrZbID1)6=;H55vVtp5Y)BxwMFGF>DSi2m^e8yWaHP*n2p8m?=5t+rxf
z%)xj#kUjS9Zh3e@2LKbK+Dcid;NC>>a4m=6Z9%pS9%F;RV-u>3z3lnt5}GSD9?No-
z*L})z7_a$A=v3A^3`}G0eAQBFcI5g!ZPTYdT(q>=#o(5eI@yM#L@<(Vzy^Ym?$&j?
z+Jc6B>(OEfh2|>;*inrOQGt*2F1GxlECpT@x1ByRmJgVI`+L%iD`O$5C}KX3aL}fL
zI330s>Q(DPa)ieg&8M5)eVQAv1q<&>4A8L=wN%~kqWBt=4|6}@@kSJy2qy(JB(Dbe
z^g%rRW{M`*#fJr$!*bhZX+zQ}<XTE{jZON0?m*}O<%J=x)=T0&I;7WoEw%7ufFWl%
zl<L^ftn1z138=Ojdz<n~rzedW`NlZi8M=v}+tBy$jJ?9w*=u7zGZUuBx(z(7CL4h1
zzi76gX4)No1TKo{@ebB!cVM1n4?a$@{Sil4YO~lK{4wjJnR7x%Wb!|w@NDD^XdA*t
z>w=D-Qx{O3wTK#JftZK2oI>M}3KJ>rh>Qf?8RtoV3IwafciQ001{o_=xZ`NXtfG{~
zi(V`K*x2xQ+{q!pvXs<*$hWge?8!7&ar@a27)i3K?<Py2!kgQ^;L$8XQCW<@b&%-;
ztL{1Vm#ftwe2ws;doyWLAB}JerU{}OgC+x-T+g`e7@j5^Uyr{P`<TlQjD@I4@=Bz3
zndFtDRtP3Nur^pCU=H;zjY~CXNDjOMeqhrqI>);^i{&Xw0s2M`8Yv*yuQJokin0>t
zU_SEOrIJkxv76IXgC!Wg?GK7BozwnmX(!lq1jUCs8M0HIE;pe_9|`3&$(rX$UGu!-
zD}P*dT)+`}@1LV}xMKjMBDD^4!o9L(M%2+uPx3(~iM31evRF7ve3++@QZ5axgYwyx
z2NFmPNU`q`!sv^P7m1^RgzI5TIfc*Z^Qfdv3%Wx(A0(t9#6Gsmy%hUEEzkL}hbnd?
zY+jN1EGTri-9xxq#uWAs(bF?&)WqTD=snNo*Zxen?%AC;R<7IiQOd#zzF|+g^2ESh
zz<KE|_UT?To=o4(G)a-^>kQ_rGR?Y_99L4_Kv2>oI=;{zvKygQ+6Ao}LvC-5-iNtQ
zr`R*3<aZUvm=a)*GxbdUpU=#`p8r$X7nziP1cQkpXF2Uson%}cHm)6(-x7P+&+^4D
za8Y6w$TM_~^>!CG$qC*?&hEkv88f>*H$vIQiYH>pw6iclt!xRms}4LQePrM}{SlX|
z_D9^yOy76)g|R6ysUNi#P%61u>%Tstty{w#t}2CN!oC#yvg;}(_+RCt7sc>)%flf#
z)121zgPC4^u-qs!ujMQ!8x=SyB6Tk|r0e9{8*GIg%$3vdNHayRJY?h@sW&dWpww}C
zSL<~l2mVs5R2!ZY7V7cgyi-$?A`MkMhb|;`e}lSqJGJjdMe(6;#YU?OkhHzs$$sB(
z;@5|RtO$^v?G|AHmd6rmkTn^1MeC1Ns>LCMSo5M$MjcmpE9rA?CXwbFDdE`~V>80D
zd$v42*FkFAj|?2m$e^YVZ<HA+$9Km?Kf%2aa*;hWPEs{)GzI;w?q6XX-{LTau&Pp7
zI7-h?hvoj6^?2Ip-7MeAdN<ZeCgTVB?}_DV<&f!Qp;C71wECX9dp5jYt{Fn~aA3_D
zrdT$R2P#hRzqy`Q39+Vd6PiCAu@___dy>NCQ_BL<CXx(hP;6mS6HeeQmAn#u;rm%L
z9G-3PmOh2Yo#>@lE`X7@jgANp4|m6uBjHqwZo?)(IpCNPZ)kf?KO2eX7Ci;@FcY7;
zv8y$lJWk~NMLS2zbT@^-`T!-`j)x>o4o5#ul4gzdwq)r6sjm-MeZ4BZj+dC8eLDNH
zQVt;~!#@90U`S=PFEuw>I@|WL;Rt?KF@u_-PneYRt;Z{I4N+qn!Hu@Tk6n7&;}BC|
zm^=nyP{1T5Yu7<e<eW0a(*csQclJX4B<VFd!5ygyu7-z`O`WS^7nRwwR*M7e00lIo
z(KukFA(Z%7aUy2LnhaGs_Lnbs@Mgi+QVNXc%p(aHoJ_7@$GmfN@ZUxQf6((We?l&=
z5TZdEGUQY7CcgyRr|u~GqEVAMzt_)o+-^A){R_^!y<n57ipuK}1M)R$BIq>v2H4`l
z>`o|HXb*HlG4sJFYw_Mph_$S<sRjUyF%`s6oCPdXbCXxwV9g6Uj3i6v9}?Z5#2FhE
zL;#0XBvjDQ4QcxAUu0R(PJ(QLo)xGVVWG%zZ&Ku-C-InOyu<?u6*(q8K}TO3%{M%M
z{uTRC`v=3svcPrg=f;$HaF$U?wURuwA;NX_Fpd^C2*sC#%lg{Sh+EA|SffmV)2rhR
zWUr8|u5r;?XjE`hy1zLj(z<tEHp@eFUuO1Bt516<l0aPH^TB@R#fl%R;-u$jo%C3s
zve6Mfu<Tu7#CnU454#)cT?sSXh77t>sk@4rwJrTsK2YX4Y9NU_%G|`bou?%m4%rgU
z*`NBa=+Ckv7~@m8^Iv(e5GnNr*T08UIr5j(V4Z#8xt01oxO>S<6nYQ;Vh(5i2eK{o
zt%bHjJ{YbL<H(KuzJH&*hCT*NF8?s<eM4mVHHHUrJb8V9jO_twKR;sB^YI_x%oOit
znmzU#2g^akDwt3M|NDex;dJ}$Zj1J)n6$w=OrxWe0fLw%FzPiSS!w6Fjvt_M-etOZ
zXwe2c7cbw2?o#mF8o}ZW%I$IPj5{uW#dVo*uA~a=)zJQiOS$!M%|P-}ebV`r>ULAK
z&Ue2jm_Ijxk__w$iCJ$NgP9&@Z&s9>o^xU*V9it<@o?7QR)i(vD1U3s5UGOmu#8}X
zH#&C9NUJ)^z<{Yp*aDBsIYj-G$2^VE4tBaiAZk!E;L)&z-R{+T{TK!($cbJ<hE%d$
zi@>ex<d^hEYK<nP1KW$l=PpyF)SM5)6TE=qjvxiyRQlxY<~1h!9qs2Cd_-OIb7r?9
z`O=lu`7}JDQ+c3Ch}7iwitRRgK4fxNY(Zrl{NlV9=e{%m#=-BcKbub_WKbirQ{4+a
zoSrCDU12_k1<yJRB1{nXNwljmo2dcDLz3|2|8n=G-DxA++WAHALK5Rg8_Q{8$Ke{1
zzPG>B0wHY0LgFAWasT>v?_GnYDyf8>KIh)GdPp#4kg9g=;ThnB{I63K9%F1G2c8QF
z*=}8Atz{&GuG*<DAs32+FZde9uD)ATmIRQ^AwAjvu3R5JUTl*x6hP_*6^su4we1&c
z$Rl`u$v7R<DcJ7{f@qy0GvwKa(+i^4h%;qoL<sL?AuQnyJFcDtzjS<a;+-mDOIhxc
zNStJ3Q^-FjrU<P=Mt5~Ic*ac1-8GJOQ<Pyvt23X{qa}RdDTMqbH^bYeu*6V<2`2>v
z8}g-3ptdUG4ub7vP@ng(R2gLcMEyUbLnv+{d3zGz633?KEd5hqUq>|Ft94t<tFg6V
zO>>Hc>Q)I!3DKL4(Xkm_iw-X#mpy2w5-Grbj#kbOWFrn6!o61Q?1MaAoC-3}<a&r_
zw;<-hd0gpb+v<4=E9181!6D^=sX<$CTg(v@lqy2<;EF$&l{bC^m9;~)(9v~x#5F%%
zUKOS28c=kCo?W>^#s%hPyR~m}$F@jdg_^?xevU2fJpzr<QyohyY<6GL=gy&f`u28H
zcN>GNJCK7(@j~24X(jRAOKhMRa`wKL_wEJiAY+Age#s6{BMZSj@#GAg7z0IPJH2+!
zMI}xS{uzAT7k`XmVvfIV6chUZk0UCAjP(+BsBjgIiuDrx9nv3h?Ykoj^G*#8aba)m
zAn(bJ&Hdd9ZhuS-v2Cd*78&q78dixrE;vK~4z|2*5TNswbcS?{A-EbIjv@Z|dQo9c
z3!ZC>Ynn35#Q9OcwG0Gbq5dOfm1;(^)}S5yVo4Vdlo}=C6EaVhoEB*s4XfAm9#_dG
z-SOAZn}hs@_*|cu7Y;RNDEu^usu~byzN0n#m^B4y4B?AuV}vdXbBt!$eR_t2D=;MF
zmBFO;DFub)QEh$e6CyokRmUuEo;j6O-|{($h1gUrj*nQ=Ow7Q{=*VZ7ns6EAuT?Q+
zaR&2KMk5Ef%$O*5M2c7QS=4Vo?eIF|D1(RL<?3lc+P-%>J&?%vcS7N}$Hf)s$=$N(
z9>*Ovyv<HONHq)NHP11t3VH378*;vHqeF(8m+-MBi|6zNxoi5=GTo39UU_C#@1IS&
zYb7@4O%G|7-ABm_u5bYw(XDn<OR4#ml@C6i)$)<~4)cP_Ac&vzN|^x)S1z}#6?|<I
zFvnpj6<8eh8i}4@p?l%Fq&_eC5={O`<2`CRxkiMAE*^@Qk-d_+vFub(m0h5sx9rtA
z_;rXll<#}gFp%*Kb^*VPjgkx{JW51K@&wUYW$EPZ?j|UqRnkpvOxt^KdA@B?Uy(kG
z0MhWDoPf^ga}n8qgG%*Pa8C;Zx&pQc1(P5PGk`bhS%JX=Y-6XB-h>KNlc~ED6QY|e
zzHl;S<e-fzU38+nHuje~1k?p>nC7^xz2D<{&7!kb%*}q)HZ++1N<xKIgL1S#t@9q`
zze${PqG6f*-&N?;hpK#Bs&2mBlI(<R%6qHRI8EN!TNQRPylV7!Tz8yH+6Rggk~@C)
zHYq!%G3B^tu|{psjDrA$oO5dW2U=C>2^9u83h7P#xH^}1Ha{P2WtZF~JoZ<bP;<49
zI4vcOdqGKUr_pfc5)EUi{Aua~7nXpxIIVw2s~0JLJ9vY{#Oxb<MQsku{(_f3pTmSZ
zTZouCfgDDJ16r~)UU@#iO6H@`g3-Vo{6CEGVyAH9*QQ%kw<vI~qo?l)+JuFh*?lzb
zb1}8m=7t-=39UX3u5K|q{SWRgI{k9NTEi#XI(xvYVBfHVPzWr<W+u}}=&#qokNOrI
z=K5uVasx-vmK}uRbvJOx2ghqtcbKOFE{6&XQHS_dkhZhXDH&i!_Jjk=E#zghn!j!m
zVs`X`CYFd6{EX`KxsS(1W8g-tc!?O`U$#b+mW^jX38TtJKX1tJyC=_N4)9UQ+eWJ3
z8N46NIhsd3w*_fZ;qWMG8y>Ztwa&QC=*sVQQ3V^XKrK;|<k!|CeNr)>HJ#~=k`L=o
zLZ4^Ii>o1{x>~8T)x>Lrnar56!q8W^0MHZk8qCdtDSS^tw3=w1V?Ieo@}@Gb8k-)5
zTv}i-Jz%`!$HS1LYxQ}yPPg9~mF%uLMf*-K$(N)37(Ne5u&=xU700|Pq=J&+o}xbp
zP~aya`Qt$91Y3oBPZ#T3DHRh4B`V$a7}pj*%XdrLE}-bg&jQF=r67q_^Q)evqGthC
z(%i(VQJbMOOzGo^r=}=SfMWB2sqtwcs9Y?rY6-LI(}qwNv~V43TPCnSg<E@?6(YoB
zrW)ZYUswJ>HVzfF!%~Vpw#f*z12EduJ(je17prZ^n}GwVcX<_ytciD{#KYvE7eU77
zJJba<)~CAbTCPv;ij9|Ut7D7;RrtF$#<B?0)o(>B#XPfKYmfUf+)!)KPWqENidau0
z=uN@a;x{pS5w7YQ;ub%1Dw21)ckm$Xq(fHtunLGwp(B{9R`#pihzt8*GWB@vvBd4O
zuDMjp?ka1*H?amQzT7U32Vi4fBO1-=;Tg4n>`xj>Sa)l4CUkR~Q9(s-SD5O&S&$@K
z%m$mdOHrMtg5H0l>3*-Q|M+WSJ4Ia;4i>ZPKA4m-b9pKy$xCyK4!t+^R(x{qatl!@
zIXT-vgo(Bhc{pY?+3ry<2TN>vMPZ-i9Zm@?TJE29skrnf^foZBhvBzm@q9XN(sROh
zE}xN@-Fh)JE|EXrKYWj&#PHdeDPZ@AwWR6j#Z$8X`PT`Kd7p6Ft4*53Zw%tj%C-S%
zluOZ8N`xSQ_;th+WfQHEf||nor#9jY^7mw-rOa8+HLuC~Twn8fxzach*>UQjH<@->
z2Xu(7`dc|&s!DF<srlk~S~mf;3%Ib<4yf(H6YvaJle;7GRa&|`GP+|oz-2`*k--Mn
ziv@SKJVBjs<RUzjcZxio6^Dl-Tb+Jk8)Lw3@YVD40G<dRyH6rY1S=jhdW;@|7a@d?
z-oK~hSw5EixKf*4d{S~%Fxe^CsjY~FL(l8KiHNa?y`{%ejXuA-iR8Bl7DM>MP!G?t
z?~s?thEBiizsMWqJyWBc2ouA4qrAatRA)!j+9)q~IMRj=N1XX@^?_PZe57?oR&NHB
zJj*o6gu&aOIrjHh9`CgnOlvj!A2*9{0!r%iu-Mz5*fwDo_EQR+w|3RAQC(A^($C50
zLM*afbB;3#;&7Fm_O7$Sw4cvqQOb?uXn8BMBs1oW^6e`9TySc6p@}d$p2y_jDVvo8
z#`dd?Hd7q31^&!0_50^Y$uJmn!O>P(<3d9NK2{RYv|!J&EOhOAc_<^VS4*ju5#(y9
zruNM#u4+EjN1PLCM<)f+q_H$N7+N|$XC~~^jIua%b~BiscUWib+Lh!kfwCi<kAtEu
z%XErc91$c439S?FKgx4>a{YFdyiMVvet_w)7P74MjI7=X+nLV+5og#+*_nM<8mgMn
zEaQp_b8M%toAcO4oNCYic@N>t?f*{STmRvX5U4?n-ND&6mZa1>DknP~#w9CG93wez
zQk;+zt+~Ods<xtvt7puH*K+BM87E8p`3&DZ+v89K-wMS_2r>x^T8@Ke$QAY&wNV4?
zIU*BjjFTb!;5K75k7@->mcB7Gk=XJnw0a7XQ}i7^!+3KjU2rjm+``em`unYtB9-o~
z9(CIW$Z_S#jZ)>LV9q`3EsbESS;+)N8r9dhej~nkH>r^BJ8-oS%v>cG%VIbNgowLF
z=c(fB?KlM#vLDS+Q<bi75uIET7%{ZrbD`JP!(vne+%#zA)j5DJkr}UGDH6A_NB@Hd
zuN?T(gb~B`GJ>ELKgUBV&NrbraT7uqC3~H#BfQP}B#LW|w$LI&frcji0P9RqYG1!&
zh)fLief)O)Mk0ea7I1qgt45@C0>$(6<`a_Kk9<td4$>F(2p0p&`S>8kfm_7?B%@G+
z^~<;MgyRYi=}vTQ1<;Tbl^nlPC-AnWQdlwDk8z-zq6$=G8Qg*_12&gJ_#Jq?Gq%x>
z6Z#3JYZLXOu1XATxdz%G5|e<uUM~n5A1gMfq0!`VbTOS)jqD}`BfF_GvYXgx3|coa
zA$fm-um)FOKB_+lp4aOO$HKU)s2L!<kRk;8-4-);csFcfZRF7xvi<YspeC8Mo4$~~
zsQXjd7u9+uK6QC5)ZXpk0DI}9`OubhYd1?6#TEW2$0+D$<jzER9@tN+%ZB5nR)_|x
zZ;*%5n~%0!ADOB13+good%H=uk-mc0W`L2W(3YIwm~xt)OkuFF>^aW`GB=27@>u+M
zF}1gDVrrM+EU2@#Qy2UKfqd1de@K&Ag4865^36p;O=1%bZa9tsu2FI?YMRuHxuNCs
z5O{9DJCA(p1oQ|y;?^;=4J&CQw|yg#As({fs&b3L_a6h+m^7#rj^S$aHpRLBLwe5r
zFS&j?pHI+|UuWU!KmsdbhEW6)yk~;ZL61`_!`&#9SDQ60G6fdf?Kt>F3P{Ce0V(k{
zU7il9?>RTvv$c@L7lJI_8Smo^iUxOZCUPbJDl%K&xHn#SGE$N5f2AYLG~IMZMX_u(
zv*7*2igT0w3>E<_=ttWE1Sy+Vmq=cY!tDP6E4j04hBLUq6FLfHZQ{8LteU@PA=Gq1
zd_sNFMHp`%QbdC)bWXL+_<xJsUFUW~!h1j*V*G|F-Dw|g@RuO|?bfn?J0q!?C60j#
z{v7X7?^2K>l99x2hc@UZF`KgcDf{~E!CziI{!e@6owoq6p9E)o#rCjTrWvPYhOvy9
z<64ewqnbRsZk%owtH!S$uac(-0Ur96vL2R-#Wap83uE=X3~h8(A4M7AK22HBr1DNo
z4##Owq#Ke}>;+v<jy>gLNm2g!hct2FmmPK-PjdLB&w?sg)jH{N2KWaNYzw6Bi_!j4
z;K(klwWOWi;3kB3+d&}7WkM>l>6zZudBSClFx1rSXEIYp)GTm815Jqgf36M*_pR%e
zv)Gn@{jVi4vI}r5tsRO9To-oOz=t5DsRj_{n5n(L*@Ql8Fpt01n#WUEx2V5i&$)w2
z@G2PpLI^|02{GuZ4wn%`Z<>vpXT&5VDrdD^5I^soNAN{BIjtgMgKe5D62a=o5kXs|
zt-{VnDePVLWV$)lR?aT0r-YiQgp5I@0m#g`7LrajYfL9#Bq{0U`H7jZASFF^J6<dq
zrzn~gHlY2ibC=RBDlO~RY(h1zijg^<fKqVLJouF_k9?lu;d^IsdZha@lWGJ!ao}#V
zJo2b8$v<*IWo>cG(8b_}%}E7~CmYDpY1c#4L?ul0v(qjoGugD2N206Tdym4L1+c<%
zvEJhq-a~ryVHF<&bdU}A8HbUp<fB|Dc2mRUWDE_C`66g!D*(<J${o!GEKo(4|LHz_
zT0xwnNvc9<R2bu}q_d{B9c`SvZ>K?nc7$&COgWorSfwu%EVL>p`IBX-JI>Mn<ujiM
zCe4Eb^F#)&kck_C@VP^&@|55G;=#hywJ?U7kcAn|B%7L)?Wzi*`Cq9P3a*N9su@9@
z@8Xzm&8_z)zm{y7U?w6A8l&y(zmsEj;ID$G`xX3wXa3Rljo@K}S1x-X$h`MaPx`&w
zEe5~AYv|+J|K!m4`NHnu{$4-U#99(9tfQC`S=`M#IDR^G4JsNc?j#Ar4WtyX1BJUf
zHtLyhh7h%eWly^~b@$6+2XBeKfmDW}r~;MG6O}X4W2vJhX13L#qjul-$`OR%4VjB5
zaRpMpeuFA=Eqf?>N_@+8k$ZGll*iIgJGxK2ZH4>p1k<>~bli0X5~^K*sNKi6zksiC
zidP5Gdoj*kAO<_VD+pu>k-lcs%_D7YlPZ6!nBIi`e~no~lSWvsZE`vsaK5`gL@COU
z=Dn2Z@_**ONW0hZDtRFg+A4Tq!Sf55rqXBpk2gH)V~cCXE2$~$6q?(r)k68^j)vR2
z0LL`qScRekYku<J9I%Bj&}G{=UE!uH3{K{OQA)qF#BgL=7f<qOsLbS}QX(Je^7sSI
zE*Kpwng9HZMi8HbJhzn8ZonTj1}((?LqJY8s1q}jvi{D1vP2q)Vf4vlp<c;w`BLrQ
zMA-|U?l0jY70W|I5`<qFQ6HKb&G9t4#vig=|G@?=U%XcXM&!O*<MRD@*}8?T7q0%s
zW5-gCXZTS?jq`;@Kz+h2cXOdgCGQhw2-i2sw&+WMMd%jFi`T_HgMYN=U!ydbY}o#r
z#Aime^XGrP^i2Jb?IYZdYqpiiJJl)q#~V1AD<O<1#Y$)}&4perCYp8g?rNzMCl)3&
z-1B;$nqlSjlFvY|^1O1}P7eHTLP!QU{KBMZ@v+H3<O@-BdZrSv!6)I*;P!_9I>DAa
zru^`WOnM^b0%5p+J3gn$qyP=&8fUfLC=zYWK9z_c8zQmOLnbj-J2R+jSW`TjI8hIj
z6JtM9j!Y&5@xxdkKCi=J$M2uscmD3_cI(FqZnA(!Hqk-*wHug?l46D9J246`b(ZXp
z<~f`v6K2c~8s(GjqxBSlw0tqh5mm$I9tl4*%p-+F`25vi>-nj~nwAO;FF3JH_EvaX
z4YCGeX+ky(hjb4c<c;$*x|=?5HI;}$8MdjGt0%=(b2zY4>cb&pW(VKtIYZeRgRrc=
zuI^ze71zt@vamx?RmlznOjaq1@I-zLiM-4{_A8twC&p$@g}gArzy8e<xGyYQp*_q;
zBK?}Sp3B5uGp2cy4DE_}fs%h<UM33Azf8U~TS9k?;$n3B#aE!ZV;=_eLLyt|KZiT?
zBArYL4}7U@dg16^m(FfMFQp4{Hn!hJQ%(%yDD0u2iKz?X;R0<O2si^2zs;36GX6?c
z`@ZY}l5>r4Gsn)iI{ICkliDj~==Y5j&mr$JItp34Hsy+z3S-^E0PfnB!R@`GCI-=g
zs<6dwV+RkhKsM;aw~x;^ENir^NpHK0v81^54cgpppP*hEqQ1<)kgZX-sWRYP^}Pg0
zX?VjZdR}+x%I7OQ2fPt&O(@$+oLh~n?{mYH8n8{NKsDNP6&9?nob(!exT*)F=hWnH
zDotV~)Lb$<GizIE+#iRK-3bjYMk11U`(KS*f}WO3U~m_3i&xMa$)rfBTinz9{w9p^
z+l8A4I;Q8(>elF70aP^+6w<~20E%0QAUQ4(B>(OFHoZ-xTeOLsU1SECnN1$?zST?~
zGj4G5ct`!en#<!CY+V+79>vokhA+g&w2_T+U$}?^_8c+;-K@yYaQkXOVygxIbS3QA
z+dy))`pn@C?yES)u|hUWNcFr8JnEHnNpMbh{JQ!T?M^$tfGjgdIM<QTM6uWTyq?tK
zxH`GgYb(eVSqnTYmv&5UeL;Y&`yh;BxSZ6Y-v_WRkRr}bh-twYZR0&H4as_3itYk3
zlI0X`T<2xyp3zvmMgekrX*Q+C;s#~3j-#A9@UYQA+L7`w(jM6NN8yf;<FIp3yTq@I
zbe(aO<-0e+hhI_Ugj8qw@K*H4qzZ1fzn6IOLgF=0=Y=dO3Nk4+;uaI7e}a4ud|!Qj
zA$$~u(u}BVrC`zzQ!WZ0Huum2m#Ra}4w$7uh9?KIT0b)}<*=ZaPjIC6!*k~{xhhf2
z3{`p;8o6DSJ>l|9^1V3(ucT@{7oeBLG1g-mAM5L6iJnPhI16VLBwNxztv)8M5QS;?
zXnd+{`#!^8WGe5^gWsS~tXnr4-%TY)1jl*FpJq(ANI{rL$_5wLwHiujv6r8<*h@sP
z`NKnqPM4zdxXAhpa!iMuDl(Rl@SfbtziR-_=ij^YKXSRtAQ4pgAyU^sEZ-}5@wY6>
zn&2aT{c28x0kyWFyL?U{kt*WVn}Q)ho6zSA8#SBrN~$*e<Hp|IbGebo<tDmZu9nJ;
zE_Lj_!}PWaWUWi_I?g6#CFCn7KtNK05aTo>Q~(^9qRH0)lz<XDAM;)YGrW<ufg@P3
z+bE8)E6qb2{S7Wr&W+OO3Og3M!cBcjIRfhE>Oz!VGz*w&r-D+sR7_fO!L3>(quOv;
znfi68$*vhDs(m>|)WTBekhzQavl}J4$_YtR=Gxzf;R_FY?tbmKUskUxIRq{FjP%-(
zFODZL1=|#t4_a0n@elCRhcH9Hk#Y1U_yCt``$~+XwNc=R=>5FIaFd>}ydr0z*X%8W
zBj0q2YEwEIo*ap#pm8++kI<dz;nFz&=hWm~&sTdFfpgVGp!@6$LeJOyctD*(I0bhm
z+dZA9au;q<VgKBOm|bF~+AmSCK6v6D$~j|k7<87zIM{`!EEKwX245kc`l4kOK2)JW
zMo59TQlPA8Bd!7>N-s%X-IUp^W!+6*Q*SjPql)G*BxGlRuohX7i)i>16d(_F<#S!j
zXsl>q0*6tU(_hF36OGJERh3P^b1O2h!>v|mjP1BzqXg*@<iu-g>Y@Zj5e)%>*WjxA
zF-i)vxTAzZoslUS$0fF!v1x50mb=`(m3ZaLl#J|fg2mVPeMEw2Ev?>2NNMXrzrd&Z
zh_T2T28g<gCX1g@VJ2%=gO9NW{~j&e-&le-W*2q5><BIy>N=aGfQxdl{klDq=yck3
z1FIr7wN}vCZ<MF_t#ridJd^^+m{~9sB`<7>MRK)lzBPmSzB2fyp>w5i0CgNfbP04-
z#qiS@lB9n@S;2K}&J_s%a5lR6RA}CV8qHhd+0tqSORv@M)n3amyvo`0d=J~JoOiM?
zZymPjWx<Pz5t<pF+mm2H9Zktze1kk@8!ZukN*L3BQbXV?0<{ed0ew5*+edW+W+nh_
zE994sqw?a&6hozg_{KNzPW$!bNv?~@e6<mZI^8A@`s`5>7%#}oz3lmb?pDW?ZKGp@
zZ3Et$9AVO%axw*XCgD~9$G6#*tIFrlR&8qqi5M*7@;`!Ra*>%|C#HH!Q@)lQ7FzCE
zm0duHn*&kK`6%9>!vQcC(7I*?D0#@EqqRI5du4p<@o%DjiD`eWa)ujfsGNDY9>ab*
zY_U4kS^<<ptmFAvu-b>%rP!oF=jB)s9MCpHkcA<n92F6Vrg?CnuC~PVA|Xbr*(l^f
zZ&A@1oP0247eauTswX+b4}m!$@<&PR>620U=mQm=a`m0XS&UZsOx5-9fpYF7GFn<_
zuX1_hNmnJcf|R0BcDi{fy3_r>eNwEk6g};U!F`6TK&(!8lkQ-{RfMCkYmN0QHAXPR
zyw0}xtpcbP>J`MD&dORXny31Dv4;>f=#P=9Pe;q}D)!Vvu~a&`xiPtcz++EsN6G_d
zi{CXRW<zob-CN3+*A;0ebc#_1tI3r(1MC=Ww)V|W0;h@s5{pM7@d}Dxp+q7jh^%>u
z8dz2&K%B#T-%vPJaO>F<E;VV?*y`%@b@jFmP2Oa)dSvGI-vvTy?V8P(Y;BTb(02st
zI*)lbrfc*W3S^>@Q~YlAxt4}j0i>+!XVveu*Q;zdR#8!@Q&QinXqg+tV65ou$K0w9
z(5Ie|4UV;k*Z3h#%2(Ks^p`P4J%w*2xS?opG=LCWYAqd=cQQ+s&!^;N8t7@*+5=}n
zRfOt+${~}lS=0liM=Y!TZjCp><lDJ<Hqf(ON7apT<#k&SW$gR}`$&IdZYpgzN5Tn!
zi~m#NIi@Fl-=o;_@_-zP1NJ%*s9f;WvPj)ViYz5zJ1(9?n97OPOr1@oA<vscv72au
zb{RIRO^FO!*K_HW`Yi)i&Q2=L(#iCYW*I&P*-&`E$}Zz{l&LsWMDwK$9D}(uelYx^
z&v3lJ`^|4(UoE9B1}_WR>Np8{IK{C65?DytoE}yGgfua9#wsWjJbTZ<;h1u{!3KuS
z5-RxVDvqh?hs#biR!XD4Zd(hd962<7-Q4yKtFv_L!joX-+vt!T8C)3sRxUNTkcKKS
zzi5rvgvzp#ahWWhqwVoN+zQC?1rh|(0`v!sdYyu;AKzIUaTY9#Iz`T?Fou`GuR*W3
z3LSUGSDQ@*?d(SomW}H0myHOe2V>*vp1=p{)b(xqoXs(Bd=<x6SrA1X3sp1RwO1XP
zVNZM{bR6{yqb+UWqP1K-wcgklrs|s*KH?jvDIyy(BRnWO#+hkI@z0R=v6t47y-)2o
zp*_KWy@|bFtJ<2hb~VzSW{0>8g%DD<Tm6z^er-)=lt;}0*Le@wP{D~>5vMIx%D+Ev
zN&Bl-qJ<?<Yl~l?v1dKb4+`Ua0nM$(uGTI$p3kl~6To)TEXS2W=-`czux})Nx9y;*
zTN`Rx%(@qu-xo)NYrxjjV(Cc1^_QuPV+K7vNRW{XS?@0JN)r3`a^YxO3G!354rXcx
zopA6zB~Z(uIE}VG$kF)Dq^u;$Vf!t&bpO0}1}a|^&1qWjx*nw#xZxHzGM6eAZJ{;9
z20V{1t3z;Y9Fl2=Iz%T5FuAA65w2HN7?FFF$ylj=M9^DFGnTEdPKo(zblJ8Y!sSN0
zw=N~SevJI}`1m`=$ak75|Ll(-+A5oQga1J(6)u9ra9B0$SGnwscsAqY-sM&WV%2Jo
znMVA--Y>3*{kNxHXtbskcr6pKlR74?6$+M-UKX<HhHQyvt{D%;cKd|wPBBZ~2X~@R
zDFjie7dYGa8p7&1Shl$(^LjNuG>f9ecKQ2Y#>aXxN^`}G5+x-&c-e8|I1&FfWE&RM
z1@Uy?gp|G<1~jPxo7B_HhSJU;e{7a)!e7p?&{UurHHf9bORg78fFEC&*5<3g?H#1`
zJlXFFcZybD#}<xsE*z;^s@mQ!d);QiD%rj}r^y>`YRefk=F3IWK+ZRFG>B?3VYfmK
zlZm=%mNPZ8>%5}+Nk#(mQ1xP0D&1~YZ+5YlXf%I$?r#jfxqh9X`R~(x!*tb4!lzZm
zNYs|T($6s8cx=m4czXsrNd+t$B^h+YW@AD)qo{mC*Xe?4+t^rbF6P8o2-bT_ofy>_
z&SWjtH2-%hfR1br%Q&osc}UMtnu2yJFXbv3L0=r3`EnLhMrJ)-Y<3IIokK@5gZi;L
zTt`oY<9p@}hTrBI`bmf}7bGz*GY}{oEF;0OXheY_dh$egAC<uKd^P_;%UG6|eNlh}
zgFkpfa8}Ame0au@S0ZzR-hhtlFsO1J^vyn+PZ#CR`mBS&Ks#%}o(uRpgV-+I<#x`(
zf@q_6@o3J}w2-$?T=>Zu7cZK5OsT|GS|?d&?Ii2t&2M-&MbjkDNBtQlF0&}|8>GTW
zSEVQxh7VxQ3BP#<e-=bDT+jTiZ^bDJ=by-v${B0J7_*{aiPL2wOYygZcNx)ini^a(
z%l$$>u^>M58L{<=O<c*L#kC?_4!)OTd@uW^*Vyh;IgCqg$WPTea_`MD91_q(wTs?}
zHk^=&bRJI3O{!)z141(JTjnrA49@2uJ#oEeV^XfwUh<^sQUVe3X?FDe^^#q#snmi8
zb!&Lg;*htLcjjV1cj+;XlAA348lv8_(MqpnINoo6Pn+*hcpZLR(RomrN~+H;Za(EL
z_Lx=!`+$$2aOzyN&a4lgkZ72sM0J$#9$XyhmY1w@E?B??@rNJ>+T*8!q5(D|w=!ib
zR2+ZdFADiJ+8dffa)HY&Q6_@RJ%W;Rje!Mn6-0sxFn>!g$$4CzAuiD%Ti-tFT?Ej9
zINFxO>WqZ?!m~p)JIY|L<_5BSK~Cew+epNb9l|XO66Vz{FY3)2r?jzEDQ<g(&*Xa4
z50GuD{Aa!nx%FO;RI{vTH;+_ZEX4`hLwY2s`EWxrupRDxrDdhV{I+S$3R{C_fZl|!
zB-lkkj5ucw2@G;4mb-TIAQa}=q-+C$9g;jh#(D#@oXWHCcTa1Ef{Tb$AQAyTgdcfQ
z$K*@E&d!iFCbPIx%(J*chwxG|6(?PXM_O38!_o7kY5F{OkIglaGbwOXMW0`-{7RPl
z{PX9}u6~vIimnZWy12a$F1O?1@>OTV@wLFCOyu%DO3!e|U?Esu)<O|^GGv<~PcErZ
zqU(4w$g9-=*DXM@@PIDyT+Dui#>zU7#7mp0d(W=|>vf$cj%dB0uPj~KGzE)IB|rGO
z&!ginL@xaHD!#Mq{TS|AdMHs>hS#g$<vR^lSV_kT&j{`ON^jUPm1zax;U%oyD)X*`
zT^mfdbvo5;o!F_$f)r~O-rq!NcMz((31MlZZ*0GY%ky4rRgt}*N}|Z`?us@jREPsc
z6=VrQ<$8y3y^2>!5VAPj5{~;2Jv|@&=lS9fHecK_!YgIFHHrQuAtAnvt$nPBi;$`z
z<Y@P)=-N2&r$q=iIy%0Q=q`M&zxnZ!4Gst~5J(~00%g2NC?~!3=fRHZ66bq@=brGq
zQ$<NGI>dK}$A6AR4gOg9F6j6-8vg}YwCDY5lh{-Q<HoAy(u#&KU@hzn_*`6}r@j2~
zbgr%4tDo9rLR0=YgYto3_<k+#<d(q9nzw1fH<m$v4xjlT7&-HIg_VN(R2Vso!f>Ss
z?YUKLz-3w~-f_%{y#J9HOX*EsTSn*}#J<Ta`I<dR43fpzoKk96dVfu&%ky3FvqY88
zf=EHA454i6LBe<wQNGq^^8oWkKGD)B<7ll2T%xzqx+?#`m!0JcRd!p={WM@xPh}*Z
z;}l{a6<V@YR?!^L<|eg)FIkXVAN!;H*hhiD<hUe8(C+>?aNK|V{I7q$aX!+&UBxjS
zXa69DT_mV7krm?sLFDodr-bT{iidqW7RYrASRgI1-cS|%-(shC<lLJKT7Rp*(;zSt
zs=XnriDW1#{D{PdgOJsOTXu6QM>hw<+bTY<-ZDtMFsGp*F%?__c93CWh)m5O+8Crq
za|8pe?W=^OWWOJ}NKDL0yte&-alQHhLs}UUq13tuurb0Vt;IP}QeCz<b_>u0F<LLk
zx2UL!RC{@QAkQLcFO%)Og$C#lImd@L9H<)RxmsEbU+L_a!CDHQDQA1#$PT7<!0z~b
zRUDtwQwEh#1}lK*ckFP+(uN(5J4WTsA%uGxa>Lh*Tq3jIIymakI?&b#8u>Nzl<B%U
zWx6iZ5Z7$+*>cL%j))h*NMpk243%MHUba#92onA@5Le#u*aFHCR2+OJ!gXK)kcIOa
z+sm?Y&Gu2kPKhjCbzJNw>)vk*k9~W9|KQ-|7m9wsZ|skUOfGO6VaFC^hCZ^ou2g6#
zGvY{?ty&-GR?6TEVJ-0mlwmCOS;`u{RqC&a0O^f#RShOTiLfBY(pWA$eb=n7vFD^h
z)&eT5?>jfJ!Wvoy-FnZJ*yxF`E!xnU$jB9;#LrvIE2@15ZJW@Fi`ZqZrZ}Le{SO}p
z+X48dv-6uD&1qUQM{UD}G&#E69U)P9%7olcOG!FGYSv-1M(sbnUZBHT@EjFclu4T?
zN~C~g28B$g;Fo=|v{o0l54fgqoSYE|+#V>E1NH@AA`_r?$emhqx3fFD<u-~kqF)>3
zql)5FHGG%D7r0n@P;?!R)mcjvt?Ppi$l6|a^~r}rlaJG$1|Rb~{p16F@XALV116rE
zPdGZv!7I~j$o5Xh`D(LKnppPdv;2;QUQ;3RBIcSdaktxD>C$U^9#Hi>AJQa6jTPPx
zqdzq*6bJcV{;xd*Rpdm5!Ao}9aorJHwa@a=wm5q1hwJp|G+~IIdP2Rp2Fv!cG7TxD
z&Te?tuw0~ub(lwV&qF~0f#lzC_KDJn5DwAW+_^?GhEy4Xb{3?te&ABV-i)b@(n0qD
zZag+m6S$mMa$uzr+u$OcTKqOO>E7F0ll}DpCU?SDtpq2~!CN%9ZHz77qSWDq&gKIj
z#U>tk%@5h>HC)PvFx*Jx@vh9Hl0t7w!^Rm4oxws)fwZL6hCAQ!-p%YUV$Z4ONss>!
zvyR#GJ!}$hXm06@-rdsizsHe}8w)`Iwa-SWI_L0_4;MUD{(UjSv%EYCaS&l2rH!Kw
zJ{W<rCE38$Ev;gGL4};XJt}Hb1XX!uCoG@Hv&FlVdh^<Pt=ZbV3*M(uH(MuL)WSy{
zOb@t|NqM*k-j9M(o(sp;4#zbEsjX5aRAU;x)0a*akW4up%5@xM)h1c;v)e`wkwOTW
z(5X(^-lAdCp*sDGjD1nv^CsM8O}gFqL~n6gql_!8U93Wx@B<-vH$3wu>?(O9l=e3P
z+WELx>bez}RwKZyejm(wMJ*YwD~FpjK6kz+*=iduo)P|dM#>;>`=g7X0j*pNGEkOE
zx*<mv$xu{yzp_`Sp}$h^jtbRQe*N%{E~vN4TT;X=d=~Q#$IHb(4Q3shhW$+(L++6t
zj!js|@?2NfNvMnJR*~p#lyDe?>oVA4+#DNGrno(_6g9=Inkt1*3h8FL&milZAxaLv
z8x;`L>Zz2C4(C-OSOc!(^_$2_5HPaDHty1(B;Oo|(6;<2Xx6azrEbBiydyOjL~x;w
zzyRJa>moF6m4N7gBp&J^Qw1$*3t_ILmxiv{U3PG|Cv%l|IAC6J&wE?Zk=%>+79vE<
zry3nt0+(LV3DrrtZEo|P?4t}CY_%Qi^4s)axhdybkrVnQ<nsvRMf}Fk#hZxJ@LM>$
zUYWD2RAc3Qa~AuKE1=7m?JeO&<M}JeGMo}v4VNwTsnbg2<g5IZME$SW<DJRC(wfj$
zHa#`Kr7qR7!WLqDjP~){_1i66zh%074j+!sMn3NN=EU1#`}^FJq&s&1u>%_O%3(N&
z?~LF7o}4jb!t&2gP}Lp}d6DyIPfd?E<fI%;Z$S=6H?*efxw~~I63PhK+gv<DFfNu;
z6HVKbOe@nTw*amZ(+4Q04jbO5=3}Zu7`*N>X}%#F%~IZ9cQwhQ8O2aF7Uk9aJ>ZPP
zUJ^c)lJ`~z_sR4SK&}+*-!O$bULAsG#Nk9+NOF@W2&kE<>)!@Oa|vc!T=^EAA~6U0
zH6F5IpW)zzSbfz0V`y;2uis#Uio&zb2KAhk4i9OmF*s|4c;oA}o)8yTN+C=nbL)1f
z>lJb`60W$4BM9{*Ata<Q8)n@X$RyyYi~~raOI~&}FRJEa!b<<Nl~q#LO}vK&+oMN<
zm(`?Nub~dA>o|zjy&BPf-QMNEU4zDtM)Y_>5B&}MZWyQO%W2QWX@>zd>zp1pWk=xI
zj4C4RpGlS50Hc9V71c%r=2;9&nf^Gtj~yTX^+hVuUKID5A!=O+{oL;U>hJ`sYq~n-
z6w(XT3M9}+_x2<Cw#3anK?2~ooFDp)YA!2B%m!eD+f)9XA=i}^KyyAii*m5&#g_4{
zmKpA-GRx=xe~EC5wCV<kJvAxLz^IKAJ!Pj1hXKV_&PUskYf-DZqp!iIu#9nOn?94d
zPJ{fzjjR^iaKQX&+Rm07kiu2WQV|%aQN;{}s0Mj&hoN;xkAiO{OL?dm<oEXHx379|
zEe3qQbhyp6>TJzXsm~2lR$Tnce74yxnTc2%k7O>%rLs}~Lv64)g*`!Yjr(2S$4ia>
zM=ApEl@>}sC@)_1TuqZ#lJ>wgZ$B-#x;-^SX(Vap9v!g2G8{l|Ki4GY^KMBg;sgUF
z=dn?%#&^7{O+m_7s4de3NF?GBT)n8x%h*m6IR6CvBGOE)CXAfF^%36sXfAx;frTNV
z{w~sW^b0<LbJ|*i`VLB;X9YWKp+JUJC*f90-_||^_o*U>x%TeDRppBjy+kh=su!Ow
zAKq{&t(4y!S8!c&JMdyTe~}(Ntu={JrU;<cwL(GYbjYAwmw3+uKd9NSYz1GgIajTC
z7mf?ERAr1zJw%szenU=FfgLB}9mj|_4-9!pKg?69E>xAMtU+#<w|;Q@>xz9q|Lck)
zQMo$<{LMaf6!O=kNOd1MLy;9Y4n4l1A5c9pU>w6p*e_Y4Hdjk^NnK~~aM~?X8dlPS
zt(jO^neE4T@jE@X>qQRH9r$k4n8Vo=IlQ_dR^nCv9VJd{Jz+#d$=qp@gFo{rU=!L-
z_!4p_YUC>;o+u7iFMJ@(Uf>ReF$?ym-70%g)qOqvuh8PfOMi6YYk6d4?FlWPO$5kv
zug)gg`eKc;BYE>~NO<ufZQGbum2rgO!E%+xf2;ihCkzL70Dq)iBwm|qqOEvZPos=K
zaFnrZo4OD3SEfy(nBwX~YuCBKiO{GV*3#FAs(p<*$fV$w?COp$o+RX7Y?%MTB6tpW
zE7d`-7)s4c+|pc3PckJ@#-q}}t}BK0;eF$Fjt^PBoRSQ+vN_QwAPAc${idxzKGvQ@
zIFWV-Ig&;wT;HDJnEIk+GE=t+NRyR{l#R3oe2t3oCPylPR+s9YEMI#par?}+Nvjk%
zGSRN341c92bnkU{Ln#4i;udXwRUF<%+_8;Imli$S>=THZ7aS)@O@+f7Dt;hJvS9Ky
z7TQJcad|5f>!K>(15x~^goVGNql7$UpSDlo5%-c{7dcRM!x!XQj82XT72E9M?#@Ih
zZ3@IhUH#y!1N@=vDqp}|w7&it_UFG<Ew&bX$F(w*<prwap!F0i*p2dNwu74vrAv4a
zoA&O2)Z*bVU8eVlsFmu@?_@VM98bL;e9_*8Z+MA^Z2W-SQH}%@oa+(u@h1f2P-<;u
zQFSyvtlG}0E@rqRweQ&%Eb3inAB919j<T>|vVB|}2glPMa@a55s4=s6U^rKs@U)wU
zBF-vTOOt=i0@WN&WEADOC6+h5#DBAbB9~p{Hy*IXqY#Ze)~6?t^F(v(R?zAk7ao@t
zrWqZ3R!-y6a11|;7Ab2y2wLicTJqsmlaETmy<9Zr+yrz&FTnrk8trB^zaxAgKEf`W
zjbGw8uam_-8&G#fBUK|{X*?5WY!2Ua2ZDxN|53qOr7VmTaG_+BW)oRL=Fd$g&}Hj^
z@0d!Wm5i@_wl~r!Ix&2#j90EvV05hOzPvVCcPPtN$r%3Sy4}%p+|=q>L_~OaY`F>s
zA0r3H!Zq`vV(yGkX?ZBa8hJ%+Jjh|5PN;{KE0pPFSA~{Kn_4-U3FN~?<;qxA?dmHF
z#+tI{10r{VRSf%Elnn*ml!cq#2<{P)tF@XZRUXT(?0%qA=<jZEC`>|2^!Tw<A~aeh
z<nav~_h@Q0+g=?xqoZYtHIS1Ge9QarHH=keAd-%P%r@m6zonO~Dd!5umG@^D$9Fhv
zBkF3`wlf)~xZ^`e9|Ub=pAP96a(<SCh)-HUHD?x3A;%pQ*dhE1rZl(FeEvF*A}mD_
z;lkxdFga?T`AN9}r6@=0MJp*NXC~cUt}55inO>aM$lQeQKakuXY=ygcVTqyp)u`pG
zYj1m4pMTFndT#{1!*0FGMC)2O1r&lvN#c;Z%kgM0b!RYW>@GX{hL$4#{NTf0+k~l}
zXgx;h%nEc?iSW@m^m3Qa*56yG$SFIb>@Ssh69!|*wL3l&xX^+ZC$!!SdLkpj6kDKG
zI%{#-5oWOFzTxstGwqOv8(dMBtKV*vF_z=|*}8V%n3<{iL8l?p=|7Nb5k!o+WCLr{
zn$?c&cd~bG($Z+?VL1+G<&Yynx9L!I9uCR99B(U~1AqRkAWIWL$N3G(9|nYl={mVR
znf}p^sN{g;I&D$R+STul_jS)1JW>#@_fHGLbkpxqT@o`^*Qrk8#g~v^U8g6yY|C_s
z#Fu${vp2#SJlQqf9@CXC^c))ce`H_gpA8|#=y*{Yg%@2-8v4mz_3O%(a#?g9;{lr5
z+!KAZ33)`x@0G}XyNa1gsAz^qE<+}N0atoTl#VaQ{@|1qzM~cnD(GBJa5@}V#@)3^
zFeQ#@V{Fdwp75uQDYL20!L7doZxyswy2DCFHh{x+I&*m^rji#9_2Zg>pvR4Qg9hay
zmPy5jCOL8^8YDw!SaU2H{hsiliG&T!ebn>ucRw?<uHo0i*+kh-*%`&^1ztjQGa?*E
zF8-jG!lHeK`aS9ZWk8z0leq2z-svjyV-f^b7OA|0qkV5*?>dFQfZgN~V$;X?pNWN3
zEgIOCap`WKeBmVj`6f-s<Q_w|J|4iHoh;LrFu~8_V7DNJ1$lmk9hU8}Z(#VfNwq#M
z)yA5<X!)EtLso1tHk4qpeWjr59Y`Yn)SW$Ed3|;lz?H16lhrDSvjfEF>2wY^kh<zh
zJ``{F9N&<4!~Mcjy&l8CK@>#C_)YwhTp{!;O6Y$rZ#SuieuKw3(naj<&6;hFuj~j*
z?1Vd}75U+g{_6y5Wg8)9jq>Q3&{Kj?W}0vnup!!V1WtJ_6eMTX<!*+VhFkh%ef7yy
z-N=EMCKgHuf<avz)P#iB&{(y8*zg^jwN~|e%2QkqmH$A-S|%{p(^HOQX*&D}qWH?r
z{2ZD(hKqBC7dB*Sg_}OaL|`dEV8vqHTm-gwv*~KdTu2uRniW%G^@f-BN}|GI@>Q}c
zlrJczxtGib3U=4Xpb)+OOib|0y?jsjs-2PuahHqi3xP2)DDyyL*`TM+{xzFZt9DIA
z0JiAch}&A~hw7RMp$Ir#SPGlF=F0==E@meF<3cg6FRcap@LC~K_)+oTw3C%!6h*tn
za_|!)6%6tAEuu0I=L!9hp^{s8I2anpdg!M%X4NU9gJ~{FXZFK3lO%%!3a(fRl8#V4
z0b>5!JUzRdWwLlqPw|Ex|Abi@dxq7zg|~@z!iBRXwXGq*FQj|oC{x&4!jf*WX^>Qo
zNd<maQF$2F;vQuZW=D+9aE_hE&9j>XLGA@!2NUVmlsTb7Zd1u~3?f8!tW8Nbaqb>1
zZKLalYgvH&;u2bW;NekSbAFIQ>AyRI>ZhTZ{cN)oIw1`gqfO+@WGzzmWnYz2a~v)q
z;#CUafgt$J5?)P1fFbN8sJINeXwBJg1^*{<sU&7oB0j+7w%MJ!<o;^2kqZbD+N&e%
zk@e|lX;9-h#B}6H7zvhcWl!pyJVaVHQ~glbJ^ruN4q1U)@v{tpTCGz@Q){Y#fEzK%
za)1Rx<rfFm^IxpcZ+vl~@270K{GYim=w>GjH^$+VNw3Xy%2}S=&ZAkD6C*ZU_rY*A
z?a|OufGa%8+KK9T^zq4oG5R#HS>LP20j4xRREjXx$-;p2CUeimg+_?cJbgweD7stC
z&$TZ8KqfCr>7bLc8y^<zlwKsnI0(^4#3mj084*FsyS+*15%CM;=7FBdHrh{Zl)Ua|
zXTIQVq=-wLR>^5uarwCB8i)7NMmfJkE<zg|d^-xhg(~bi^qp_vJfPR+q8bL8K^vE}
z!#31*Q)zn9(44oiG5HufQB90>`+T}LKds{^xC!yrhDi{GMhiNbm0#)w>cOvIC9p1*
z06}<3R+bkvI^zav>mSkGNQs^B5<T!mkU%IT)M)w5B{kWZ@Y<C>;}7b|bA0kMr%i(J
zX6)B3#*F(X1^C63FQ#pfs7mHlQ!~ex-%O`y$)BLV`?}F$l|+CwWRltyD!p8}B+gJ$
zVuD(P@WCIimW&B{tO4e4zNg(3$}i`j=IxlpbXw(}P72)9sp6huSJ-j+o5ksoZ6Wu2
zUHnlk$H%-J#}lbhOpRc%o{<~Vbg_SF8`Jz%@Jn35A9!yz+P)Qy(#uU^x><LmGqyp}
z;`;Q&a*gaoW)17&y2>t5a+J*Spc(5=Z7^q+eLke8{eASJBwY2Fqk_;#0bp#aS_WZQ
zK~j0d>!e#oxBtc@Xz~}K@dk+Y%iqNk^oQc_4~s80BaVAB=wzs{eBU^fkL1#9WK(Xq
zGk~a%5LzP7`Cl1iO^JQr8f0Pkvd13RcAsXmy0eLW`>q*MTy5tO1^?TknU|+AaWl$~
z*E$%U(io~qBEY`Eb_iV5fPmwc!$?Q~cX~K=5h{R!r;n@itV|{8({<xZ0ekb(#n=i-
zP-$V+)D&xGN9{aG*HhK{le}&4`+P!pLA&N>tzFYLR?z5u+%?hx>cp3uQ-S%?;=#l9
zEzpErT<woB<YC9ZG38^y=>W0em-dUhgkrH*DI%M^n(6xWfNnltz7XNj#<fy7U7X*+
zUfhWWZb=}t5Wtz_s7slsR@SBCDp(>mlB4<EPvf8&gL_e~2mT7n>>8UxPVZ{75f9An
z@g|J@%~MD?KZ07IM2!GejKuTW4Tf?n&l~}IA&QKqvwbG3Sasv**a_g&q5mLkG=nw7
z2H`8B0(cN~dU?Bj_6ra9=n-T3Haey&c7|`$Ua{E-qc)hgYWT~h1a?<F)UBProy+{Z
zKTu{F0nFFwuW&;P=hCSF*#=@`VkJo;)QQ1~*VAbQYk0Lz56255sP`H9i+8Wl+`wOK
zHZvXxGvgV;dvWr5Fu{Q<75|v>Ex1$|dw+0_oY=ZLx6gG)lHU>PL#WbL*|F99fF{R|
zpB>>iJE9KOQ-bIT>UecSs_CqkYYlq^tD%w+&l&hmqI0i?Zi>xfJ9w%qR_nC0a)6#>
zuE>+ctaHy5k|Y=_o5Erjr`3@ENH8%h6=PsQ!DD}=*qIexE#Zlyfi6KyK@cdeVAXvi
znMj)xdL*xa4(s_5-g#XsHrt70t+2bitQ)iHY*!rrO^W-vGQ{%{X^gA=TN1zdIwc-M
zGFv%aMolp`zf-EKiG@#>Ibd1IWV+v%lx&V)VQ=mreb_`)Mrh+lBV2)8<S_3vBNkdO
zLa`}YGp8Zl-iOl;mF{m<lg>!8(^Lv(cyiY&q3O&}W%c9_IH};%Z|DJ0p4ta>4q+W3
z9u;5QQb*kxpw|6z^^_YF-UZFvbBz(Cql_Tw9{vF@sZ&_(c0ygq@@m!Qp{O=lq5_15
zD*ssTYj^wD8qAYa@2?7gTELhm`MRV>?$dPt8yU&Q)XUf&hkB8ix$HUG5GHCKG<D+s
z2?-Dz#!zc`Rgp#YD|DoXf+hRm31#by5!Rk6YZR*I_qV8N?+e_BZp3H2V_tSVDEBcd
zC85c5b(|x2Ix}El?Yn;#d2fR=qB_k`dFUE7J5ijKgs(dKvrPVq_9XCnkZt=$UTldJ
zq(OMtx#!mL0R=-dI2^-Y`-3_qbvb^^e7csiIxaCCIoKIB{t)Ac@Gh!<Ws{9$8Ldd_
z<W~|`Tz52Jsg?nE`=xSu7?TP<nn`CdKt~$QzQr}GDy~ubsiyYR=@neFH`E_}G^jbg
zNB4ea(}w<LYC}H=-FrUO%!VuFGnVa|-G`B-h_n|%4@jx=SHtmO6A3Na7?o5@W<<&b
z76}c_AG#*K{E~w!X2);`2}(xgrrohgf@1z*@%zL(RE<i?!FX_CAtzesh71HF%uvvO
ziUH<ov%+OOxQ$P+D(I^H!m4-J=S{_DNO9;+8QsMOTq6o4KhN{k@tK#nvh~%Z-+DGS
z3~}H-z$~vYZy!t%^CgT8C$KXZLIm*4&b#0W;o1!yg0iG#@3o>LxicYLO^8Z5;jbX1
zEp4PsRa(1>B!8oHQyNJX{6v5|Kas~lQ3XJ#6A^z%iHz3fYJ4L{zpDeMSqZ}h*M}Br
zSy%D?dG(->!m=B$&B<t5iRnwh;=qr$U&GyOhb?)ye%OD4w87Xa{#YOHnnVCj1uI<p
zF+E4cATH@@mOb{>=(*_ReQnDyFD=HpJz}eF^hh-DCS+wK^SNqhGTL0g(^h*rLZKeO
zk&UPirL^cGD-Rc&X61dtchy?0b>%ay<CqoJvjwNz(Dv@;8`~c=4L8{$+^rI99?mjq
zoca>5+?O(I!j0Eem#{eN3OY%=d8hq)@}!PL4?84uWbkSjBPr)_+uIz9ip=zR@G{n5
z#VySvA<&zn*Hs2;wxJ=n13U<;W8c<BwuJ+M2;!PvtmkR5oa`oq&Bxcq2T@4-qLVH6
z1cI3g2d2_GkNgR&0Jx7&c*K@&1_CwutQp8Brvo)L2<`^`aYeJv_`E^7GQ%=*7DaxO
zm-$uI%lxX~WiE+y&Jb2_lA(Eb0oC)B!9UulR#9fz`2Eiie*LvxR5(u;op855zA+k4
zUerRKw|<tbU+*8k2N-m9p&Zokunys9Hg=gQ0h~IsMW$(YSLwBx;WK^{eFUv1#Pw<;
zJs@~pNlM@?>Z4^LJ^#>~|C8dr{eF?N#`yo2D>!+NOMYYvkVOIH&~-2v`6wSxwUya(
zS2Nvl)pQ3=tNwku+K9@uFCXM;4*DKwi!H0;D%uK{ICAVTajx^YI#X5w;pni0(k6RO
z<Bed97yJ;ej`tznPzgx1#WLW47SXD3!(&q-I=+6pr`XyjuPOV3awp<;3%xCPUAGN7
z_s@H$0GO&OYmI6%3!mdtlLA1s@3yu49glZ64(X2O3Httn0K`^B98jI}Vp*C`m%%F~
zkk-b7O?J|~Q4aMkANjb(;X;UUSFv|v<dz6J$v;$mn5iv<PAuNZvFOT+1D%+~_-W}l
zG*=^^wbjUt`3(KW;GfpfmBZPUd74#OJ{`@co!%CfD2YR6!g%U&V~~n(!s+q+riGp^
zH11Tp9RoG(J;D}!fgch?q{zxgRq}MpjvIW85r7A3vJU6c56}H)1zy|87Godw1_XbK
z?cO&5#})3Qy#1%yFFLNtm>GOaYIon|diMCq@p_{pr94wiskuQU+_;X)-t$iH>X^bW
z|B<FIv-#~Sd32JFFK5VjH>cfBskdWtn*Z3;sj?T^8T=_|LyErI&n=t@Am%Z=gADEt
ze6_=@U6-`00ki$Mg!u$T6CVX4aKWe<7Q!ElxC>wTj}a)y>mrLO%cR=YE#tB*+%kD@
zcTX%VY*lujeke;E0t%2W7!5v5Q#93dg-;&-f>NA&IO<AzQ$t3_jqK4MC}@iAncJ&0
zpg1&PUYk73^@^5{Wt6dp=Z?}Zwh@w~QMUmq*e{R4{q_4fUcG8%Psp`C?G*Uj%k(D7
zUR007{OV(#x-Ji4Ask7w?wbaR(OF<!%S}|L$7LVjz8@NV4ofWK+A705vad{}!Z<vJ
zLZ3)PNeNzWld~%HKZ^0L<(DQr+~6%s1HAa5l8r1HKk09+g(^((*m9lea~QnfIeC?A
zsMA;iyxFVvds44IIbI!}W-AC>OLnPj|9kw0H+BEv4dO7_^6QlO4>!!(1XI3I9Vuir
z1{>7yRvO5Wnoq0Lm%_0b74Y#*!%zQ=>tHqI_%Or4?jp!8!W%I^{L1f(UDc-5WuvC|
z@i{$Z5F#_UDEp6N(EYQjxx)jw0zyoUvLHDgXi$$Kbs%xGWxM+K>>qV}gvb*9yBiFq
zg8leT0UsCFB7k(J2%6Rsj<FinaeX-~qh(T#4g|@OG8~+o4*N#%n>Q)Yn3*(hN1<I^
zFR43<3hC?x4cZoP#AKQ7Q*zjV+5ifJuTt1Q!B1&y<Qwr12r@?bJSKVhTai>%1Uw5)
z9ypLK&6H(_+;KK3Bg}dv^>wxRIyN_oX*rz#`VthMczxPJJ#66OR_htZp%ZYKQVh7P
z>x!(3v+BvWoegdsELPbeYEGrZK$_15+c9k)N~JxiTrUquE{&o!FR13PzM)#G32>mf
z7-R~|RJINk7N7EldBuFG_ACM^JfDNrUfcMR&4)=fACbxYdUZHNcyS;Pc`8XkG}K+n
zgUw~Z6?#qgxp?Gd7SnAb8v#cWK;|n_Z7L*kdieRp+TZOJ^mwt45_sJg1XtrW{1d*@
z^eu?P%sirRW}IsX=Pf5O9^_Q`Ea1}%0#8GO2~QtoS>25XCu_~!Dvoj5e&HlV@WSlW
z#m|*D87Sogb#5AK%o6;h;D>Q3HiicAB%I6_&}*p_j*rnk4n<o`;sA{D7wY5GKJ}0T
zDGQAux8N#+eGXZPG?>n`9$ubG7QVx=LG=oTL8ux;K4Yql3{Zi*Jn9D1*6xtt5afbe
z)5odjI%8^vZLZ%C3j{|jRXRU+^Shr0Qof9Lhz&j#+k)NXPK=%c@(^yH=?oya!!E}Y
z<8z#@S8;Za8pR1&A-uktWLD}Sw)YNiOF~p!w(Ut*UFbh<$;A|v25J)cL7<$LJjMZO
zEPIZ2nd_BQJ+={XK67ag{(Z<H?SQ0nVd^kj(@$~PNjTboUe%}+vSj~F;<L@^W)<f>
zdijz2au^Fiu}~mYedt^WHfmWFapdlBfzrX>Gf3}$1@Q@Uw?!ClbB~1Pv4g`YGmCv3
z3DMB{H2vMA89ma-q$i*Ri8HP{rHua&QF%zo|8ck4^M&KFA1>V30|JM_*&MFkk|BSY
z|8sPQ2dD?r9a~XbLM>Z%Ts^hGZC=tN99i|QR6b=?&33(GLU(;dV}P${4LJRW@H|IN
z5*+n*qUUgbnZoai(aa^KkG<bj(CBxC_m=HmHqoJiY%BVnkp+SDJyXLie;&vb;}~oX
zTm$qUsQO#lvW}-iH`+G>#xzcB?za%s5dzCGMUR|c#)D;<LS_EzD}>M}BUC^iVGL!9
zlkVeaRLKw;RwWC^`JH>*1==LEBq*lwZN7j#J_<N`TIsM_4Y6G0pnM}s&3!z3#Hy<?
z_*cxB*8Ugbm9EJu3r?C9&BSIug)Aq!f^1GP@>{S<{3i8^{Q-@KFD`3QEyV~kt@b>t
zGa?OsuSvo{qhVmHuGpW{^jC960Oq1oJb6i>FI%Rh3nxEEd5~+T*=pfCLK*`b?p?$7
zM3sD%O*Ne`n%o+N=tEX-QG|4rhG{weqPt%^F7`BU;SfC?!mNZFZX5zgC}B~5=!AnY
z{#BdE05_3r@#vI%tb6u9eL-8tyAJ<{IG(`8-Nz?Lv-CJXUV7+vwGlc{J<x`<v$6?l
zu5wNLE+-nY_4#jg==hpcdFy%gz$YDtO?@s_j1A=eLyZA)0Edq?Vm#srhKKB<mo<LJ
zhY-?xBxFH_$TCdB<T$2P-WQQ76p7}G&&;nc+rS?|ltv92pR2f*NE%u~K}9#l!4}@%
ze~==o=iWrCrvy%jD9HFjvuv^2Qu`^}LskddSP1sD_M{zw#d}AyZC%8ZK(u|qq>#lZ
zHvxJ6#%#i(C3h9BYt0I`>HODHs-Yx4uMV36+&S|rTF-^U9tHJEi(<f+K{Q|dLAJEU
z`JYsP!(>av;u(2Df1^BGgMiSD(I;XcBSY4VduR8{J$q!kz+)q+8~_Euk`2Us9lizJ
zp$RN`5eg`;e8gWcPSfcfYN>6Ro`bRr@ORmXBNWD~&lVZlWW%9KB1J#a2yx<2x>8mp
zF8^}2beI6k(t^j(>`eE2`8BnUa!0a?$Wjq^gyv}H+_;1MbxE>lD|&fLb2js_kh$ut
zA+nkW7O-zod#akZ65i>bfL)EFpA(}R4HO=&B#+!-o+^pDS`&}NDGkr~jEAGaBd;Na
zH5XCbS&i6jaPZ?upUi5sv#fz}mbJ<6pnh^=KE(=NvZbk!g^5d@SmJo!;JmrT^N?D$
zc<{7YB#8SUuQlpQMMp6bCU;rR{%O0BlSVxiSK*@WsIb4u;wHPp`n##_pr<-6Dr}&`
zCfVlEXpiHV`sZiPykg2>Y<pPkIO~j7tjW-zjL@?oL2BeD+^_o|aENZ-uvyzhjKl<s
z#4rdc4WF3s97nIqWpMATe~U)osmo>1ce^GCj7yBT=R=x^RG|<N=OLltSDQt+BcK8Q
z8)*+9>5L4aT2SR}(wB}$7@=iq>VT_J+2KrVW9|}nkmxt7Mw#rBOLDT+WorZuy+g{Q
zgIcUb%VVU~6237KUI|z~p7KwhHKU`NhGu$8yZ0yux8S=xt}6%s!PXa!Qme;qa|c?@
zZoemc92uvb+`WhfSTU5;UNYS1!@i#dt9_S-wICB}D~dV^X^ar7Kc8D^smQo5nZ#s!
z*aab@E7xmN95f%evS+m0aU&Nvb!D}Ud4qUaGm~%tMOBn&S%i=1m3|W~hVZ8$qtL(F
zU~OWtZ@&ps^F_DS3<)<+rGCKO(GP~4>UfZHc5MePD_@=JCDt;Ht6I5i7w)j2{xu#l
zjxM%iH<Ny`5`6E=i!X<^6$-7D^kJnklMQyKNBt8r!geN5#S(fMdmQl_ryF+~)>w!q
zJLB@faV^AdE62lOBToh^bssLl8;4hiCm|saeLUt(S2UD>)ORI{zfMTLSVP=u`7={H
zHa{$~IIall<{j*g61}d0>7j>^>x#vWQvs7+N41IORyHQvtv0VwCJQN@FJpZdHa2Vr
zA~RZTIe_2kQ%);N^KfIQv}L0&)6a3W;wm&}-Iw1_Pcx1P@^Qp+R&UL67-EYCl2(@Q
z^N&WI=Ed{rxJl0m=DO56hV_p{p6>4VJ@IiM%Mvi9jO7oBZj1OySJ6sau6YN`*G{9X
z5m!TUUDSKW4ky$Ec)Um%l`D6^0+M{1?bg!ZJ-4sD#GcM1<A)QgIzV{A{Y%kYlcB0E
ziM%u_Y{(s#gikBX&q?{-EE}X8*ORJhP=E0f?J;8K1tPbdp!OvqXSKm%TwgBlapy5B
zIgP%P5*3C#9NTbls^#j5Bp1ZXSHJ>0AGN#r0?EfbEhzmGD8MbfVD1a+D4;T7AK@YR
zQbj!p{RF<rf`GwWL6)~*T#^75Cd>HiniAxOa?`m*ViSV-AUe*|7lWIfg`$K@0_+wj
zzB<#W09flR205Y~x{VGQO2i#my7i^cVGB8|ruEm)yJmQ-EzlW)$J+;p&yM>eIvh`{
z_}k$j)eve7*S=XK$>z8k*LWa$JF%{aU$Y0T)^5821g0hQjEb}!qIdbbi}^g(yWbg6
zXX7^d6>f%oIi=l2Y9>3v3$kgN$TqaR&C)R#GNH;(Fb#oKQx2S$lHkSLL1Mse_!w9t
zBZ3l)cj24wzb-jl)hvG30{$5LzxMDTWaTG>8Vh89FfS0~G9h>>$IyBngrf(hH6JS$
zjxP2X0l$j%ZoeqpNT65SY$mjqp^ht|Ma)mCifiGS<+)s3>nBH%^>g3hf*gRh$i7P6
zaC{aJ==1iqzDSCDUl<}y8mv32w7_XQVX>KsX{n+pq+6WF-${|zkwdDogRWcPau*(l
zTEC^^HRkySzn?a0n5}2M;}*~Q_Fk$ryzLC<HLQgp@)&qC5a$8N*g7Sf61CX~@GEga
z2MRc|Om%I-R*f*YI&V=y^Pg61j#ix2=vWZ+B<NS$cu2T)q&k#5m&=CUL{D(V;2;;d
z@N6sp<XiY;c<$HLOQ-@wy?WGoRqEVT3i2_!s$~qt5A}`w>Wt7TNArXah-~tsNURGV
ziYC+e6(|o_9Nj)6n?$mXXNWVxF*Jh$ZicbE9k}ke(?ftQZf<x!KZM)p7d+%sUlEBi
zu%_S$Lt?dBew;r;=4VR}9eZc!!RW9hEJ`#so5+sZC>Ki*9=HFPbKGAv>c7+*Zop6k
z(n6H?vl&r2sCvU)u{Mc@MT10xw*Kbe<Pytk1gQX=><N};*Aaxy4GqGu@}miquSHe0
z$jv%EWNQj$o#i}m{B_SS4L9}_XF&C2khV|nI~o2Rum#zeu*WS>W5NcwU?;FWd<u_o
z8i+)5a1P@1i9?eiLlwPj6|6*`L3Au=R~I4&4;a071&lk27z0zpkO76qjBzPue8zUH
zh#B_w(_ASCk5dPs_dantFw!C(U<cn{+xyb;@0dyH&73Vb9MH(Un|O6p<Vx}%{1L``
z%G<E8eOxlbYNv_N_87*Bd97<h87t{e7h&mh5Jri(0`X_Ta=<);!YFJ_Axo+nqZ+Ek
zATCr%RZ;vs;o9%lZ`?Y%({$mt;49%nDuJUMWjRz2{*zG44+5Ik!Pov5E(Fj8Ti&H7
zJXs2rvd56x{Z#DS?>v{@^R=O&Vu0-;CM4+&+$|ULZtoBVr$dGvRdNq2Wz3e?b4Yb@
zCl?gx%W|<Kg*Ie!$aRG<ZjBRdEHA1YH5y0eVt$klX{QxSR{iq4UNAA(dRhh>1gnx+
zIJ`zU=WghXtsraRm)rkz-i5nhx3?-3axr0KLjMxgHZnSSPfxaaH98zZZpq{YrSI-s
zWYyBKapk<+q$dP{$<FgXpN#O<c%H}N>p|?W)LFs4!W1P1s|m|(Ssuiq<vA=#-sIP|
ztQa;b_11~7RHyRht&<~su49WIj08?ytR^1K%N${2TG<+M8-$c`(HCzV4`*Vc4Z)Tg
zF;bq~$H08kH83mE&n9N8(=VRxc>(d%F7nIN^y$x1MYW30z_C}aYF%aBcpggiCL-`+
z2YJJ1J0H?{?ykh=DkVOP)`Dzb6IM~su_evLLe5KXfH*2y^bo?mOk`h|lfO}r#xc&m
z10|AHM;jo&NkDjtwcZ5b2E0bJBaN3pLA|S^g3Q~W$PrI0HDBPY=p_wUpz#x$*c-)T
zDsbH%-j|0oDQo4qCP6igR^G>f%7qp5?5!)d+&m-3z2|J<4WOLECYc@5)Kdn$rgnK@
z#FwwG2^XG)T_?m|KX4xQ4yQCN5?FqN_60p6A*sz*6ij)#4`0JrSxaYASCYLQrU>GH
zEtiNK<BL6Q8bH}YteorU>3f1Rez;Kg(YTL@)vL{hGZ_z1gG4{&J6lY?^Z-4rU4r8g
zO&jCXLwIJWdpduuK=vA?56J^|2p^t{(2AM5{!aDFda$k{aXt!cf|AxQ2vs$ZWcBq!
zL3v<|**W41EQO9^0Z??jnp?CzH`Vb<KnX4H^plV#Ba`LV)ggkkT*wFT=x#!WX6=|n
z92k}$t^YcO*|Cnq{CL=QyO{)Di=pPiH+oClRJ|o`xVOZOjb7kKgP5v5a@Z0#fAnGX
zqYqiRML6V5bt{u0qjVOjdQ%c4IW|MJc2zmJYN(V9Gv)!$6>gyRp+*mU&XJ%v&#15W
z`iSi<I;OC%%_wb*wy*@?gecVA1IE&Q28(!x03^B^87%vFcGm^#kAe6G|ACaZU3J5{
zQz2IIBb7Y7edi4F4ZMg`e)$6be&_b7({sNYlOvhNo_YQ%<!0oeE!6nC>pDr-$a>D*
z%aNr9&6%L2=A^A@O6%1bPov`-UW#EKPn|_bkt;yG!RVNtS1eA?aM^gC!TZVBn^?Vs
z>^WTRXKnM#sJ3<Zz7b1fz?ViW?<7Y^OxPp!o!}F!*f~8I>9!mV6a}I;H|wDGgv*Ne
z8T!I)0p7CNMA01=`@R^^i@jeYm~-h!|0lc-l+x^3iYDs$&}}v#6C$XQqDCxa<NDNJ
zBh;o&T*a*K)#gN|;~Fd0-2D1uyqohhCT&P#kY|*qT2cN~N8hP$HWb%ub~oCI7gLFe
zGF7w8CG=w0)$S(MBJ}>VZw&4$L$pyM^8N<gfHS068?TB;x^r8<29q^e-M9{%7?81{
zA>=Zh;_baaLh1sb6n^C~e%;&Iy~Voak&L=Hf$TxlwR-{*i%|j^)UxbAqP81zXow!v
zJ{8`cxK^2x4?3pob++*lO#+2ny|}xpo3nku<YSRlGyt;7fWi}sX<RxTe*T4Klrkf+
z994{%pnNTShOPw&?8t`%wX?6g^p6?5SE=yjJ`^$or9%JXvfQFhldi|-mD_ks^+kS%
zD3i6t?bmqm8*R0g253doX?7p2r(H!%$0)vxe`qViJnxY*Lf$(oVZ3w4Yw~LqOAo7E
zj>41xL{gcB+rJ5qkVYx=j&<ob;YxR<_r^AJCkwEO(^nIiw=FUh1xC!}S=lYySfr`Q
zQt|e?scMV3ZaxKFZ85Lo#tOb=boqkOg>*^&U@Bqggc7g<1~?Oqh~~5@WqwGHx9KU_
z5Gbo_&eL$3@9**SZUNNVP#ApGxN6JCxn!qLFyy?q)i!|)K5hc3*U+?{KwjEg!`52w
zD_6yRyME(El;zfPC#AVa!nUV4X6fmeZew_&FIXw%f)L%nH(4s+aQbUJKt8L`-A5@U
z>XUbz-4fnJD7Qg%>`21V;gnE}p;7nTAl;nz_wzxg;~;`erMVK5PlV}B#qt^x;EHZ|
zdv~r~7j*prx}Y@s&^UD)D<LC+5fj%}Nj(}09wU4Yep36Nw(#0Px9Jxhs~dj3NoloL
zd_+J(55uedKI~+9XumzE=v{`{kspz+vmn<rd=%~l9&Y%wsx=QXr)e&rs>?>sNvC6~
zgNR7uL8gwY5v%b9r`0116+;CSEZh+ydxipxu#fgp7=-5tGLt|Slnj>8;CR}{{7Dc<
z7jriI;wwRlu1DPBFQ&ZP?ev@mSs1=N`LQZ17Vvi=ZrU9f2Io&;Y){yP)IPxlNTue7
z#u*~-WaS#?-G*re{UF&7kP{Hy+9=TcTaniT40DgL1HNrZx20)<eOhP7=y*EjDVuk7
zc!I!y@yPol{MAB3)H|JdeSa4nN$mV8*?ixlmb)Z^OD9ZY%(LaTaVKE6S<j@)Mt!$n
zty!&Z{Bhfpw)*0}<MzCz?Rf*+lZFr9^X+Mk5keiz)rJ#HFwdMHLRf9Dp*SY9rV}-q
z->xHkg2!|mxVi4Ej7U~<FSM(-2ORq(!JBn=!$r*aExJq6hlcgZk-i4f(Xi^B&bw@S
z8IT6@Qh^39H)KyhY~e<`k`^Jh%uN{M#G0@|nPCw_F;2qv*YGWH_#R#eQfSQBSBs*K
zh=uS7snrJuykrG=*v>Q?Z+==swju72)N_NSK}-+|;)|&1aQFzlh0Z=^^g&pDkx(@h
zKV!Px8ji45o)wZRV0}teJ2L-B119}H{tY(3C4~~<fl_xiZjvqWwG@JDv+eI!2LI?M
z^fhFeXq~nQ{E~vfDn75?GL%3`lUJL0!3e%UDH<tKRTZ^Z)KisBmzVHOG(h1d{OdRL
z?CjKK46e0foUgRqxdy?Rwq{;ChjwV7w^n<dDCtbW|L1A9&)81*7ret>5!ORb0Q8pW
z(ieR!^Ks%7Y{Teo(CW~5iaFj*xX<zr?|V153xkInu3B_paQaljGGuK(!HscxaKuG$
z84+WLqS;4hAfAyXT+oC{;h2hwnqXOd1{EwB_8*>Gkc7(k#6e@J>}o*&b^7!_ZiaH@
zjo#ylA{Wsji{!xx8`s4q!Qm-n=LjW6j%-cjtkzCX6CR_$79SE6n7{~rT%XM1J*F3(
zVOHV}V0RHaLc9_mysiY61829N@gJPj|AC~RcVeMr!)9@Wnlzf<{fw;CI-6uydz@W*
z4Obu14|ze9X1kXgA+ECUva)IdXVi+9?tFL!zrJFd5HjN@(F)4wG(&&CAWo@;M8CQ-
zpuJ4Be#3HY!T=0Vw-fst)6Q~yc4G*)M-W*)4o8y+%6(`0h7p3E>%)pj%i%V00xG&z
zs@Q2tD5Ue(Zg<wbl{aC!(XrC=i>Nafgp3n(aSsyBPL;NLzHmI(vHq60Wqi{0)8De*
zB7(d)ygH`aF5-z>PB<%^4y(6ysLqJ)YnxY+{damep=rW?wef?v*z}zTI5gGYcU>Ij
zF?Y!0@ZcShmoRyCe0xd0aT_I3W;!DrG1x1XYyAftuFdDKbG;ftThUBAN$PxXjgQPE
z2WqdoUMJ^MhgGk;P8`NTU3a~~#hhn<9d+03f{HUjMZ#0OIzU{3(*jq)`uO`P$6S56
ztX@rJ-3pfePVyi4Ag7f&P{T#*^rSnwr`VwwT#oyoz>J*x&E}Dh2>9d5$Gy|cZIV5w
zXIQ*%fjUAPD-FFBAaz4XlBI0@sy_p2oxD+zn8$m0Vm9$x%{NPI>B;l}1;j4czd57_
z9cD*AdBW+C;Y;L5bZ#7)ziTF!qZatAMFqNj^2AeA-uwxE9d1IyAbBd_*y&U58VPHP
z8fxSSDCKIq@`(DIb}@0sDP#!#&z<P&EV7}<oWycm{&;BQL16PMN`qreU+I)&t5<Yz
zJG_L4Ozz!IN`HgH20o_^%fuPXp!$VWJcKMj5q8EX0x7V0xdf{e;p5_>c&Km%K3(U1
zEKw5<9U(d5ui&u7!`fgPy+(223ATsBK&o+8ygRk)e{S-PZa4<?L%`~}Fhp)I?;Kvg
zU1DTdcBCmm!4?;qVJSE377;3^iC_9L97timy<Z)lSr~`S;MAJL;*d5NNgN3)ECl%S
zk8mI1)@gIWit;?K0A}tsz#)ZFPI_85v!1kA4bROLDcP4SP52kAT2d^3XaS>IiVU7n
z7k?dDCTe_t-vdn;bFm|*XVPEjB;;D9(_M_ln<%H%84tFo2h=Z{^65aAXT0GndBK|2
zEMy^;2j3;IGuZ%z{9fxEt__VO(p?CR^UG=KNaolc!Vp(Tqmg0-l;4w}e9tutW#$lm
zv3CoTBxj66D3MyO;+O^x@Jf+7W*g3EbI%KJfA&t}-!_&a6bG=kEJ&Mm61TP;UheA3
zakN~%g9x?(wO?B8%f=h@wSFo|Fgbp_g{*J3lU^!6LP#gKSEpa_@f;U^I_xw4SWC-S
ze*4;xxH-dj9j%W+y&b~!|Jz`-{eFwIVhv}jX`9d!i$+42XJa~v>R?qbq5nN<PW`gH
zv{|Q6(+g;&UkJ^*HbKjLH`o-0ycRn_&AfsYxIrVkaCMLoy{&(26frF{kNb=RLMyBu
zSo4HkE4Gfy9@FqT3#5%gA<F+&Ya|Oyc_qc`>l_C;y6xi;-|LPj?)4=YZdfssW%?2(
z=vnMKi0OxQ2G@q2pW)(VsGW};61LkX1*`)(pSO&8EO60%pGbKXWVFot8c}@xucdjh
zB|SzI6Pl>p8X6~jvRU%E5S^0pIZ(gG%2s=$p!&I1AmpI|nnx)yuuZJclM+|4dWEx_
zt>F;I%>@^gyFoV&@rWYrJ;Hx2gE`bkQT9@hXqAetjbuL~_)(M6_m>b?An)g=pwg>t
zp7L@nc^vxi-iqAv&WL95asW?3<qHo6uWi8v7a7i+B)&#-AuG-mru=#`l~X@wg8D4N
zuTgG3NweyjKn-&g5ARXT{-Uj~nvsLA`{Iw6q^kGx{y1=4b3bzQ?tY~IJ>L0v_ppss
z`-~(YhCs&=BPGhnSASp3L`c<LYPWc1`?X-RA<-i%+)A$c<hhhQ=6hc%Kt;cV(8Ek0
zB9LJ#u)jmui|*VPP*gDmJnTlo9itM!8yuIKnx|H~&fTLV<(3iNu2<T&5K3aPclm^Y
zr_f!{-iA=HWdDr=Bs0gR?7iy>obNSa-v-=7`kuO1{^p7IvZz4-k4W8N7ABirBD;d^
z0vq0Ke9E5h(<fBw$&AUK>qQCXB^$<rQ30VW<kU%+6p{#JveSCW$ni@(aWr4O!C|=Z
zIcSiINBliMCV7j@C$c)+!YYf<S{BJG!2bo|Qr_;`AWyfLhS@RAvb;lH?;hyQwN!)}
z1#!4aPJ7o`VLs3O#&Kiv_C8$~B{7dWdmo=!|274LK3?3Jc(p$uO_Zs~<HFa*ZEwuV
zm0-hIwiWi~ltj$l?=jSUpxVztfrSt=IwjE&`_L9u!?-d_GPEIOHlgutE{ZW<D5T5}
zq?(X3jSt(!mB(gg<ftmHY|rr5E}sTTP`8i$Xl|=c9~fR<C{HS%L-UB}pU5wE{|oX9
zjZKFEs*iF~I>O$fY<4R<@&!Fl&bJOu2b#Sw^0zBJx3HD^h*mXr^{X=p&v^*Xq>c2P
zVm}b?HtvY8I2!u{0r~a|uzf^QQkU2AJuvbgtfb{_<~%b~E0aX}i=+QOi$3y;zN??z
z!GfxtIG#H>m!e}+C2BIcta|Bjz;l2mt_6M+g<W<IvLp_Z!c4F@u7y8CeS{OA@VJjQ
zEhiTimaa$GxGBPB2(ORvbH67rCjLo)_&epz%hw)DU~ie+(aZwVJ#L^_8Y2tEpdwJ{
z1033ac2v=`KmR44yL@OG8h7rf)a8^bmy4l|7`<YPu6Wr{<*#9X@lP76=(!-h@5vOF
zZH&u`Ub*8?whKWsm(}U<GiD(Sp==CUK1P1<qi{C10*g)UTTL6Q(J2^*-RbFAvkJb6
zqy&GUtb(b9^q!gLgLm4mCr@gk?aq=QK5fF!*jfGnermaNL^Xx0WOGO(SbumGm#a3}
z&j!5~xXC4mn}MMqph0q056@KC2;yTooZU@k2(~zj3H=`{3k9&ylr9D%8qLV7`#Ecf
zHn*NT|BVtMZQIj=Y}6{w?)IdLq_i#PDX_iW=z!%}eXEtF2PaNh>qT2|3UelxcZkb5
zX&Y6?oTC=n?yf7^?vJbU1FTW3^`tto6;nQm*&!q=kbK^0Iqvk_o6~MTpTgd}J;1?$
zJk<>T0(%0kKT_@}Xu~#|M^Ut%qbET?ejRQn69G%zNjtmP3^B`GnUG{Je1>ufbnl1w
zpOJw`Wo~R58VjZQ7F~DT59k7b^gjsNYQ`c~9MsK6o3Q}jGZV9;o>j(DMNKM-rJroR
zZHsQF-Hv-LobpoOVD6@8t)<{`M9|gY3Ae%cCd&4!WAKa!sx^MPK833`X>lu0Y8z8S
zq|@?-kvIcd+C{Rx%kXnJLz<`%(V0nk5BN1wLXl+p29CG=o#TzWa#MJWuktsiq2q3T
zq3JADKC=yu@6k3`fAnd5gD1SJOto4)#7acMJE82F*};Dbp8c-sw&TFP&9amR1Agg_
zE>dFd?vWY4-KW{Cl+v|HF;}OC)jp)A+00KGRj(m$j?nF!Rs&8WOvUN(87jU*t|ER}
z(O19>HkWut5ueU-K*%k-3@_?<*)u%j1%>~%(b05->zuX6Or|i(l(7|)X`1%d<pR8+
z%uuqT*D&NQ@SfOl$d2&!euIliZB!7wb5Iaj3MC^nUUXj&+7%?nLoCCrM6AG5xCA1s
z{?^HN8H$GCwJ)zJS2mlG_n$OZksbCz8^uD>MOn)?pFX*MCsapt@Ra%GGUKao))b6b
zwx{ASc|trfMKD*fK3aM1j*HQf+)t9|*f3V_2x(G8S2+A|Z5+}J!7p)|?zJ3Nje2`s
zaau!Obt)u%m)p91!+Zrcxbh(rG*(iZ76eu)UvsgXWhoYRn?u(cV81#xz$~W0<Ki^<
zk(7S>_&<NQd!%Y`BxRv0A+kcpXi=WFbs!Hu&VjsoY*mCAC_(R~xMK<jm%TC=X{Yem
zO@CKV+nt>B)~Pz5DmEyZi^#Ei2mM6gu^v?vd6cFpaKh{lVGw1)PPAwtpM>Y!-k{Nx
zmD}M=6b1w%-Iqti0pA6W9Q`{lYQNUEX@%zNazf+nA>Bz;wxX<!Nv^GBv{uxu^LWuE
z1eA;=a79zDaouQCu{|%J2qSPo0*&BQr;dJ_7;^ph0rdt~n^){I6p?!KmgU<2p5SS?
zfuosLx+9Pg4-$LhVGUXY52(si`kq5ghR+rpZHS@xw`*w@ei=2MtKs;M2%=!Sa7WFE
zEDK$$?x5Qz!7O;A06s>r+izEK#_J61HVA`3wmI#!%W|l+Kc)S<NufyBs#B(_;lJS9
z6t|Xx02%7~N88zdX9xIElrg*nuswYrt`i|Z{k0Fr+>z=I6#7PhjYd8bGYV4Cyix|s
z4GP(KhVR<C7+Q2a?*~oU{gh3Y|1<X?0XyLkNxZ3z+s)LbYlVg^xmr|_|AAqX_iN_I
zgOUPh?PEzcfyS5&F+lxI%5XZ&GCsbyH8Lh^``6#t8b#0EfCbr!#(&o3%j9JlCd>5U
z_^hwL4XRuwW{Odk%NsGxTviXQX%3o$S;lWGkCJ8`yGI?3qeWg`n<<roNfvr!k}lx{
z2lPIwLImFBT0Ws5LahiPR@VWULZ0PhP4@$qh#kb{njy;O)&@@VhY3z|&AANz>uUi}
zbB%80oa*(OzHl;3ZdU#cetv0gHB5L;ZDZM%H`m0X&07l!y^Z)@-jFitjTvy#j&M$q
zEsty;C29*^Q1rWuT14zQf@B%Ti05x~?radmc}kA(AvV!QTUi+z#il8N=V=YRSfOJ(
z#+(Tgt7ef$qoZG(&EjQ(V3fiUmK?JKe-$LkT)`jsl8Ux(bfR%a1Jw3?I?e7Q+yjrW
zm8rYle#84tlN5r%xKA@StvmNMX$=aSMcTU(@z$e1kQ1f9rCa!GJY>QC#I~a0*jn~T
zSDs6FWAyFxDM(EgxxYBC_5{ndY4O(^^P{WH28}<=Zrd&wF_<0#&kbmt^SYxmJD^9H
zFf87*cP;8Rz#hCirXR~xGkevHJ3rn0`Tq{#_WudaZulz*_gvl!=`X<x9tX`84g~Y9
zi17bVWG~lDx9rPbh+@w}J$zN0V1Glw{>~=Ye>DaB8(px!!C+4|vws$<w+{f!Q_h8;
z`7_EnuHHJ}=H<||*qV~-tI-rx9pxF%f~A^$+eX^@{m+N=?60{t$D%G%*~fgtP#6qE
ziX^5IP@7Hpl9vgSZlK@bK5L3?ei^p_x2`?y8mq%1Z?KsY^g?%Ug3wo08(pNvV2%VY
z=@F8^DlWrqf?_y~cRibEUB(QeCbV2uU{EHz<W8?(cv?+mh9eOP$$S4Uaf|J|Gi(!<
z9x!2nkSz8~G$%#>rfnm7k_=n<t0<l@X(frv_$f@-D_sTQf2DrPq790>q%TqEfBTCg
zLD^T#msg}f!=XjEvA%RbQ4}NW`W531Y2;pGwE4z6Q|t?Tg^~Cavo8o1z9Lljge}Bp
z)o<Hk{WVeTBV?-J*q=WTubwi$=U0Y!d>r=Y0mWnv+WeZkzWIV})ca6ZTa~bKcBN4u
zw=p?fJfDu6^qgQ#NfWVGF09kO6EKv-A?naby<o#et0B&G1RV;6&xbUT1El;T&clP~
zh=x0oU*>-!njlgwPfFTEIGRTnwv9$&DDJo0n;`#iF=o3!)p)sZm#hb*V|EjLQ*Wp0
zSMm*O^E0Pne%6$va@B=uqf#y)w<p`AmBFBz=ZY+Tg`bKG4haZg!E*ZpDqs!W<FXpK
z-JZR#?AbAgf#3mAg`}W&s|2nMl7$K-D`Wz9jB3HJ{Ku$r#Y-hpiGs}}B(s~G_FM=~
zc`7$QllsY$ap;hPPNcnUdN{9el5#A0kS=G<X$xI^r$<j%t)o{5gLD=N7BUSmqXHhx
z4)oZs#Guhaj0tBbJVO1a2o*`PGtEU=Y}XPK4&6~8XB)g1_S=wyMNP?Wvo@NPkxM)$
z$CGl(d46}EpV3e>qRI{#+-RKG2H`3jJFCADV5C`;j-M1>Yf&pO^GLLf@ITqV4lHRo
zgfxtD1gsvvu6{+k(@tiJdc?Y+8E8f)maDO;X*K4DE+KyCgyyvqQb^a$(;e+XGOQ1B
zCo7)%jrYMIt2u`HHa(O=r!s!m&^dK0t)h9@sz#jWrB$|xGkFNl)pl2d;E+up&K+y?
z$Sy{pw=8ozIZJmS^Pxo%iPGR3pi}_4w1?)LHmJ5sJk=J-#~u5Q)v6(92UL*R?G2~=
z`4hBG;jJ>`V7xrva*#!GfX}jso>uGhaOB8ZyWg&~_3k5gB-?UVOUAej*yRh>MRr`h
z#BAh!G##?2Ac3OE{`_pTv9)M`lB3vHD25t@C(F|bEN@9#1$l>IJKDUet~Wt^1df^;
z{aoe-Y)wgSp~M!ljzK3l)emsaoj*=SDTh`!0k)ztTr2W9#tS>3gr<i7Oz=Nf)y9%-
zZ{2Ie0KW&8W?j?TA<K)#VwusagY@uQ<^aWP18u~`+eFV@_*7o6AeBgMR!k(TLW!D;
zep02<KXS*S4Q;o}dg>1S;XA2M`ak8$mMAKPMD3K|3AEZy|23-qz;$9@#Vs>JP`0gv
zgVo7Pvvtj(>&PB>h#8U)Khd6it)?KYzQ-0KiH<wFiC%9`0`9-2)`|KnvNyzhLGM~$
z!j4S{GmZd6)V(4ih)AZIN-K{_tNk0{BQhTR#n7m}(&|7&p$Eoc6rJE^?xcz;o5Ckp
zrucVQtK^19$SW<&xe<9aM&K0+yv!D!jOD6@=k&55;t=}WZ?$Y5rF+K-IYw<)QLHaI
zbYOXrzfr~uX#~zQ;Dd>s82v2w$tIO+i_57`MNWgcr*>782ZZ#?6+IaBQ-tgh;avKA
z4i}{8Qfy(oz=do@l~jyG8=8FY^b)PF!QKnhTmms#aNtQ_`JsH-bdCo&j|r2L3$#Q~
zOGPP$wz)oKzT<3C7NQ&m9yc}$g{^$)ww?u_Qv4TW4@f83OtIxbvj&68XB{452um6r
z*j}!T?KszOTr3-&7R3BI3%iY$db=-O2lxWMVDRa=U(?Mg4)4R)Fs@Z~^z9$J)qFV#
zvI_hmH(Bp{l1Ypzq!UsEV#9NzvFPaFKL0~B{luhj{;*_yAzt3;D{=>PJ`md|o{qNZ
zjQLdozI7?I+Jj&5D;Q`vN8IBs;88qo#m}ZTQM}<I@MFI);6`sDp#hLz1w(tqr9?rj
zYsVwW5!9=K0*i5QXI)&PL>A*C&mI#}R0SastpIPqNVVeO8z>6GyRAXB`m2>4-NpXX
z<FbN`Q#RmNzHmUg<Kf#<mW@fkO#Cvgt!p;B$n0}XheSRS*T5eQGB%i$YISV1&_3*d
zk@s>cvV6Yv`ANkK#wHwRl|WsUe5xe5RtyyCq>G^>3T#ljKrf#mk56a(lHXDe$;zan
zO|CQ0Z8j=~G9N<2v`@J&TlFZ@Dpq|Lg{h*lIrZfoM+i)zye8C`BUsw}5iW=uN^((Y
zUrhYn{zx!x{}t|Dh<~F+{Ye9f<p?FmgQGqPpQK%l2@;T(b-5xK$499euQr$xO|m>O
zYlLfIb&jVLzEf$nE=7sHVRE9(Alk(r-`?oL9QW&N@$bnQrwBL10P}NDQit}@7-J%_
z6vV-=GxfEt5{AFf2o^7T(4I59gIRXJ`a6o>en1X@DH#0it=Ve2c~d%GX;9j92x`IF
zk_Fq?MwQZRMDVyz&mp1zKN6(UUS8Ywg9~iKOspegf3bO5f!9*LIe!B@_`A+42K)7C
zxA#?1aoKoHn{U0foK{`FmgxNFHou!F+oxIB1ng=e>f}s(*%_W6R!_TC{S@f7g6xOJ
z{_d;*xp3hJ#7%{lnP4bh9T0&=xvB;XP$+WUMQ}hxg9Wy$TNhGCu?W{{gk?MD>7aeU
zi4glUdel$>&2d01Kyr^*-9yF{cU`FFDx_`mN~qD(U6l_k;I<()McgA?f~GN41NK1~
zV+`MC_*&5mcKS$S5C)`_L3Ni1ek4B@##YIj_$X+IG>5k|LX`24DfR~uXHQIDoZ~*;
zzRqQquF3D+Ub()bd2J@Vm1}O)zW;@?Z3LhyRM1a;8uu4)i=j@2Py7|{$+to}u4#;V
zy=vdOJSS2o=z+*}Y!hN-JrYJ~bntd=uo&b4wF4>?$r9{-4%&8FFlJik_Z&)Q1WS^J
z5l+mjQB}^LIKDMV&*J-W>CGK+za+OuIK-jX6td@F?cpnwlaMB3r8qO#IF^xV{X2q!
zVvB(e@2X>(eX3V1<t!^vt#oULa@6$>;d&Jl1u71=N0fXxL{HC0|9QUn40WVlan{I)
zH;fCqnS2yhac-1xR`tF;5nIRs<*o6Vvex9#RFS)XPuA%v+2qgj$>3CHzN4uoJdgCp
zsskf5BqlFn3|FuK57bJ+XougEOq3K41Cj&G*g3{^Zot!*rWA_5j$-C35^X30Xt}=4
z@vW>x0Z)VV@Juol^ea%EjTyuy#_44E6a2jR1GmQn{G0!9LqC;2LP$o)go4GMsu2Ei
zqx`GL&4gDSu`?V$L&Plpi&%>6J~jA3oQ-}E<s~?&bzKd8$JVaWw1Mt#W%12xevC_r
zfw5cZ#!hI%{D89+ch6&1?4D}0FWy5tQ=oB`xa!h`Bv#J!q#?jER7JCz7dl$>aBB-)
z{`%0|{%8`m)C*1OShT%rzo1k4on!7fO0t00Ffimh2rqcDr+pREa+2sofejyuALD>8
z#=#r6GkCR19ak?>{tEM;tOIkkrG_07$3o@`*KZ`X`ayN9-6#-w*kTeG{iaD^ecSh5
zZc)Qiv6mZK2_-;lS>&cD!u4R(>cDKY^gZa1*AOJzhGP*de<;&V3557<O=UHpLfEq+
z4UC$MLN!JM;_gjR_}jiVF{)ha3bob{!(XIN4x)+_bdv^H&668>&AzlCZ_1x+WEtS{
z4t9H`_)xokrhK{%@>*myC;&@9w7)^n!Vp*xR!0CF-2K`cVD>57R1EVFVE~E!$5}>y
zG1Db4$V?++#u-)e%|V8PZHU;5Ye+697Rja1Kq;ixc6+?7uQ8OKccj}V-A`oRS)dij
z^1Lc+2ni&MHmbJm5Itxxf_B=RwdJ_j&;16e=QAo4wF&lM=|$iAk1$4Y^f5kA5uFfv
zLiI=0^o_e!A?-9sj`|*Jbw*KZm?(ddJffj`&~^GNr29o*<-+pZMkUMt!mTvA6yE-T
z5N-dK#qSKs`hfJ_xY(MX?*sOE24Q3$?B6=(4ZWQ1hs+Z`5D<jJV%8vj&~jV}M>>h)
zpw@@e!&4q^O?o(ru&5>_9h6lg0igW<+<jSh;z+h`{UjvjM;psor0q1<kk$9}ixvoB
zD=iR55;)zz{_Y_{V}umKc6HxAt50Pn*bGv{jy-%sOR`c;TJshhE)E(fGpy^9Lqrda
z&KYi3hj%&tQ>z}S%Twv&SoaRr_g-p_kERke{AN10ktQZMcloe6ZGP(-h)g_qvXLW$
zFI?0-sgDs6R#|LU$fT<dkRGf2kf=N=0y!z%P~~^iWc{0)Q4Z;Ex{fo4MtivM{nr`W
zQ{4v%R{I#N+wnx1lBkq3oXJGE6EdsNVvx8hrijFJ?nsg28*;F77HVsaDn?<7(oJEM
z_}g5*uVbfh7!wu?)~qld(+8=M>=Vl5#<qC2_;^YmcQ`rW!)vZi#F60N{00S)v`Hq9
zW+H>87D!rpU+Pq0I@TH|Cs@^~m#g_GC9<r73gg9Xib;mnVEM1<%R1q{{rqB;TjU*=
zT&J57u$j@^r{379Nosu75R$Qq*`!m`oW>)5>`KwYPvB}PzW|3K-0KLfk&I0`jasnn
z*b~6UyiS0n8RgEDxcMWsCrNJVbadD7F+Y|tHDOC~H3*qU3Ax;ntM64)j~biR*tEu8
zb(TgI@v3bpZL5+iSs%;!d5{vm1uxJxbkE6qOAusA3_8uShY|dxN_<ujY}C=bdUE7e
z5hV#*8QOIoD~WLnU|Cib*0iMS2-PV)^e+fo1DRyh1cpbsu(07MW>&BbHb8&r7VB7k
zRF@4mv0!1K_9Nk$_&BN=0iteA&qTLop!fVs*zvESxvYBmsX+O_7Ka0l&rG|ILN9pW
z!4ilN$s79LkRvRhu!V-ayd)p-mdBpHi6>3TO~$exg2Rn}Oc(?P=ebk9AXhG76%jJe
z=PUm*t@6Zqf<g^(yVDE~nQ1<A64R|j!s(Nz!Qp8vE^K1;X2PU(dkaEatFzpiNX(EY
zgcTfP6eg(6)y`dPws-4JxD|Ya?S?1s^4~Jb>&r8nY}l|g47o~t^3goE=quDjnrw3X
z&b5&Qr3z)2WX97Ca+y=AI?vY)G0TNy4tAd=nd2mfgk$<z{W`V%hg6O}kOc@tj?K!w
zSU?(;4>SD*1Y<xUaE$29+@rQ+s)0h_r0|x>)sX%RFN1%;Df0oO$Ys5<{=@n=2C{n+
z*3tmc4J#-Ss|BRsA{%A*fnf%215H;=ikw_+;oMJ011EUdgq>XGs;nE9q5hsk2hNjO
zBuO<jkd|O|dmGv9R$IZ6$OM-Ouxa?RbZQ{~hwxc#n|!Y$So*P#SY(&G!1JrI>oL-P
zzbPv5HV7nIXjca*7TR3$jxwPMDx5W%`(a2?Ud6#Vkf0m0(H(&*u-u@8b2*z`!EJc|
z7X#HY$xuH{uun><xn^*o^a(X!r`rR?;DmqK-1`*AAvIl6FGEj4odWkj0PcvLD8Y5e
z0BL}W;LvcH!t0UPQ-Z#@Ob?%+ySoq3HAvsDAjqr}iAXU?Q(1AA7L?DNgIv;in*Vxk
zKdN0Q!*~nVuzf*EQ3-?==I*Pp8^U=hB$3P#VcUi)5xrfnw=yB-fa{dmjGu<99A)4|
z=@YZXl(xfkFmE<Fhi!tb?`%fYA&v}XwbRKRRwNn56d5&@4<7p`M3wnYJG|7X_i!@}
z1L%VY3AQ`A^WT}wkk)`MI{hwnW6E+h#BJLyyGBV4h`NtCQIJJOI7xv0jK>TKR*;lh
z6<gjI6(>B1Aa3bGoB_F06g?uGgz-(vwpJCbGyi|*NYifEU)0jVj=o~<${agqIb$>@
zhls7~7wHpCuU+7;!QMUNR2Gu(=M$!%w7@<K%~`}7ZQgToU#qX4uw~8$BSK{IA$gW2
zXa(S&F8Al@fc)K=ST3+UPl<4Z(`t(e?-0RtE_D{04^4ad5}m>=@j>33?NN<R%+^Et
zVg0`GucIi18w5MD{?bY?>qeqk6Jd&OWOHcQVw_I{*b+`bk+~&sJnWNaSiPBU-sem{
zo4WIVu`nk3Z!AbGIP=)ZntWrI)vvJbzAC627c#afb_mQ{fOB`D(Ipx5T(#hi+6F*z
zc``AH_`%V*M5*9P15EOHZi;azv&>ax*#;VH^=5d_v{o?f+zfjnSU#|UJAYDiZKKtJ
zskOY4iEKgYHkhWiw23f^6wg8z{A#<VF%{u+h&Za2m1a_@BwK`NGB_HPqk6yRVoxJ_
z!~O<ZX843|j=WdaVeY7lWLfl?eu`pkpY?9*{&b??Zix8<?BmI>pOKFGFaB>M2o!}G
z%8F!6-sXapb8XLuJxB_%x(;?)xf}LP+d?hNGGy+XzkY=)4RKl@cXb+kGs~$qPO$la
zw<v=!V>8DK4xKRa)0Ge;dZG`-i0S+NgudfhdgZ9}E~-_ClFNYiZNGl?B|Y0%r0qM_
zqbU>s@XJ5pchOM58lna!_Gew*d`^*ztvm6oEH%>`Ka>GU>m_ER9hxdb{OZqsEJuLz
zkUxFN?x&xmTgwXg*N~`F^hkg#jZG4kgBB&Ik?gC=3_z$vLiI(?P3k!shKWJGw0TL%
zERNgs85nn4pyGTYuBY>Cub)L!`Y@l(!oZfO7rv&<B~x55Yx>Apd@&^D!M6S!EwkwJ
zE?F0o<t9{dDM_fdab}$^-kpnifq>%+cP-<V=ZKq~<BxPX+sfs3Rn-m@L{u!2QLQLs
z{SWwDZt>;{q$r&H$D;&_8X{<Wv-L4Zxnide+Zo_e5zd(>|M0``4gnw)`n@8bP!*-U
z3P(bwzQ*W}hwal>qCZ+F1||10E7KK~5VSyJ3v?kwL)3hVu~iW_V^p2J2|7>b>a0d(
z?bo|O*w2~aiAQar<T~2EcLn?rxyF`KN0>K?qvse2C9VQ<+|x0~l|v>KbKGm0N={I@
z9=;Cck-YlIj7GV})G15_C#CiIt58(CG+f(;k>e)xFQO$xkSd}jxB+SvRO{g)TG%Yz
zuHO@Pz1hV6Ilz<LSqK=UQ5|DjkDFgJ`2PwOAfF{xJy0eIydOa)16A)%m5B7q*V4@_
z(bZR85}3HaRIxNZejsGKCA+CD;=`@HtG*8Zk|kOA;-2muxER}`NzpOYL}~RPL5?VM
z^O0`hY{U*dCf4c;siXDp8(JZ5tmD**0Pfnc6+K;^S~ce4kB7{HgRwX@nHvX7L86BK
z3>SB2$DO#+M30nWlv*I9Q;!m3;&ZinTEK5w@X7bWs=G-ev=KznP8|vTI)G5orZ64O
zPnRdi{9`QQsnKi+KUy((m*aSnzmiT5sO`ni<2WCm*0gE!4n&!_fi@)b?*x`%W_+ov
z#@$nZp(C9a8y|=uz*HF5ARDu4n-b`uaPU)iz1_ww!8h-;XQF{kuRPrN&%r^b%v3$5
zI!IpgVbm{6+f<DRk~BKHA~<Do9NDa2;N#{u!Of|JgJWT-{ra~XHh>JY{UW>fDtpL&
ziX*A{cC~(Xge@)PNN|9m36qz2FY)0N)-WXvn!QEc8?#b>!T>Q?d9a+Wcv$$fOx_VG
z3IBklU1$uOWXw}+4ANhP9Rg=C)m#EX$VYQ$#~Qw7Z$^)+kLX&csO6VNI>d&o#!f8;
z!xJQ_pe+^EaV~_dgjCWo(dleS*s#hPl#i5)q-e6%hffqwQ?u|c{7%x~`f=JrUYXpY
zJ|EXAGSMp~mv0hhY4_dq_kkp4q)>=UTTBCvu2iPQA<{BH@{z9X-bGfF`wMle$X@-S
zYR^(a5tMG74IRT?)-g0e&&G-K^sfF^8Yt7ZoPv!z?c8$@_P|9;%}*fy7fWKT_L9I;
zE^eQe(Nb;ZY)@(pLpSd*4rc}fxc<0epp_gU$@itfbeUV*TE5x6%>Ruh2}S=HJvQ7R
zLX+ip-21|&2F?WB^k34gl&<~e5BCjfY+^3&-jLy#KuW<{2I`K3N=(I`+@QB?Ap{iZ
z31R~bw>~xJmEIv<>=lWnv4@pE&9<hC*xv=e;UNlzXsc$~{+?{ui0d%_P7lHXIUu?y
z=etP<t2QQLv%X9@SvJOn404HQBGJl^3ZH^_9=WMhm8<MIV^2tI;wPYzNW%G>97{~U
z-Wz;1heU-(QfRtf*NfSO(xa}KFkugh8-&-g;5hS6A(XrGOW!h4fwAkl()9AuM=_-I
zcN=2vYyDBC7&M9GiZ5@%)nsidC00m<CDvj)tRZCfry~yjUH=*K1VaOz=_@({{5XZ7
z(K$TIDY9a6bAbeHTV+;pR>xqh749o(eOf#Mje;aPT<uaJDuGax3iIz`Vw}|@@X#@Q
zzkWw)nP2J;Ri7u;xu~XTeMRoHT`bu|FIXvqBb9R@CpjhS!#07$^eDJBCI3F$z!md8
zsRYX4QCf{qF~yQVfO%;zAt^#mVwaH9kW>QoW1vvDJ)hMlvtC`e6{2L1+`kwLuK{yh
zz;lJ`m$XO2J2vLTQf}|>8|6PLcW<Pjot3+MnR*I0K5mk*G5;~e4h|`3<`wF^o+7Y7
z+Q>zLMFCx^@_8Ly)B005f@Zv=p<9`xlu<3ySsWz^J_g~#ClE+tS@;S~I@E@Oct!7a
zts8Z96!GN4F%35x?dm7;9~qPAzXwZi*$Obdetq`y@cwvAhGe-|6Xe#wI@&Z+OWF}P
zko_G3y>>+7$unYOmU&5kMr~Hn-JQj(Fe{1L?@OZgMNNtf1OKMwDCj$UgPS0E&AWV-
zjp+(LMqt`bf?h2dKS6=pvW3#P$1Y`X?J!n#W%O6y{z|fc>)}1<)e!QU=}RYRvGT9>
zAw7XFzlX^2D1T_i*-5qu@E}pdoGC|Uj4jxhDuGxMM-tx)$7+qR*HJX!kGlMT?9IM;
z<<4wHV1Qe@iSJ?Y{fuNpbs+9!Uogs!OL0zkp`=X>vZt8W3YBPjI)?tdgS))Y!8a3b
zn2--tDugno*Y8({cTDDKz%WHdIoT$3@u>FBD|fD#;j9i71lW3gNE3*l+y(oYz$V%G
zc&o2bD-};p>L4;841Tbmebz(}7z22zRWvXBm~(RwxUu`21D?0%KM0t^qDLS0YUv=w
zG|7*7IKfzzY+>lKaz!pH6G#RoZUfo8#-$Mz&S#(WMp{{gJ6`EEqo#FH6oT1=SdkH-
zLe*_X3>IGB+pOz6qNL$}aaEk1fyf~4T)Ub(z@qt++RoTB<j*hN+7st2R*8BKD+!H?
zs*9KyHji!?@N0a+R0SFfvc**$RuK{8e7wMcHtBcfAG-^fyQmk5^cxE~q&ERXsFb>d
z9gpaZEKxIgb{W5&OisJuR2_RPkz`wIoJCT<4^>J8)>YZ?5@!p_D)6={69p_SQNU^^
z3b5Ok5K$Bat%A?OouXT#9I+Lcccu++8csl}C=Ygt6%Q&<t!_;Ac0eA|dB`oDQJr}I
z51;5Cl8O3?W?7{f#JG3|wWW1RX&p$R6F0+SOAMH^c*(8S9poS!YsxvRmxDE;QA00>
z8r2ciR{!8XQ@!P4vqyG3YCFs#0rSF6mg_8lBc;`;!pN^&m#$LF|0<5xMK}4;_1b&=
zDV<IlJ7fI^P9~v9Ddow0Yg)^Yc3sW!?0BS(bfAe>iVZ)4uQ6MvkRT;jeXI(}DUaUk
zDm=cdf1LKDU@rexG?FNJKuFx;U&eiOTk<RKgUw8{9J}O&Bz4S2R*#499nay88_h)4
z2h-q))*n=Cul_rZRAe);Ya^?!B+D0>(Fcb(jUcmDj{OT8d4fnx2-AsXf>9C6>Cknc
z%%fdY=UUf?xN?QX;~8S*`f){=B}~rTvba!zlG$z!Q%VPH=5A4(i>;9`4GVpK*su{-
zcz)nORA^FD#GInPJZ*5Fn5#2VX;RkhY^kd4g?Q)zE<Nn$g(pL&nf;P~l;ejIQkW_?
zIg3)^f;BvAy>UAHfCMjDE{>nNfVCi5F6gDO=;h7fVkMROK>6n($b`tZd}_Fu&_M>B
zss*}p)KO9?ZHL<kJ~-4BJuyDSA>`sFL6bHyY-@H7?vYld5KyXi&#J0+_4<H&p#<hc
zQeC+#)#TMSNRU7EBn`IfU<})G9}t$1zSOY3N>^baoF-1;0!!MCPLN&h*o`9F%8gJi
z?0>;;iOYHuWY_gnxUQ{Kd8?O2ki@CtN|j4P$w|=I=hO#|4H9Ud)?8}xQ>a?9NWG90
zQv94n+%o2{`Y1zQf)X>S6pnnM_{UO%>+P>olEOh1p7w`IGt*RwXRyg^+H1?H&&cD<
z!${1vaE#IFhpX~0vW5lkW8Cg@r7mUB6u5v(o|!^o`Wi1CJHx}sM7ah1T_l=%CvB=`
z_k%+S2l3YBP?7UAm+&tLBSNf|6+`l87wh*hT5p~Ey_I1V<mRk$jHcAw7vcf+<h$67
z&Bh`PH1iyIX^*LEadp_zI~2xSsow~xS=0u{jeu5bOhb=d5GRP7#Bc=L=xwj{AuBt^
z56G+{V`7L6fGsfh*J*zgSZF=prsrrfNt66#N{iy@bim-OO<|OlS1NiO(c-SAA0Wpy
zY3Gf_RQD_3mR~&?8^t8o*aD>#R_qWJS1+f->&&C}jZ#xXg;+Pv)t(DhnI9ncbaFyG
zCx;{cYxntg&#>EBQ7^4DIc-a6*`;lEHZ(cs$|fguM)NYHRLV}VDkEd1PJ{a~>45U#
zF0{XcV4HdO;yQxw_vDAzKKr8x!_35|0<)}Jz~{-^ljb`6jSB|{LgL}!-;<F$8n}3~
z1loh(U1Smkw=ev(d!D-+xABD=ZqIdgdoa5#?aT`#(4pMT!#{<7Z!cd<n1pvH6Jm}k
z_=KAhp-`}6ek_xbA+LsF@!tERg;G<+Bv)jStVxn?gUC(Z4|(dZiY=qx2`rC;vv><}
zVPIxZ=~N6ew^J$R$@cPHOcEHn9BJ8(6{G22LY>S00#HTULZmpO(1Ec<g7GK3U(&Q(
zZ<Nu5kosn)iUtQE1<$!532%lt`mR8tV!k!e<XhZw{G}@`D!s_AGT5bhH<#wt*te_S
zJ>zIf=?<e3U|P7Ax4~~wOca<19Z~#s%Zt8RqNw08S08q5Lvns4kJIGBCZWxIu|)Vg
zOBWIg5?A<j8lb_JebnlUjA!I>*>&om^jae0bXjf2Z>ZU`PSY3<p;rvN2eo*E+Ffhx
zvI!+7BnKZcbg#L3^oLTR1};h?;zj6p4QS8&L}?h=auP$1fBJDm%G25kg;mN5YPQ-0
z*}mG4Up*^NebPvXEBhhxyn{5Ce=yLl>Q8E&3AI;bmNb1H%HKwQ>cM|=efAGZ+%+1o
z!YPpPVg^z!U!GHy_8g6ZX(CGV<?4@DfhsLUlr@l+G`uo8+#WG_uG#G@$y{6{9TJMC
ze1T<6%aoN23GoR@NZ5P|4DO={M^dmYvf;JmlKdQ_VitG7zIj2&jWCo#cGbYG(y@C_
z;1<UDk^KdQVbZnWV_knWhfdw4KEV<R(o>pGtL(utdl1f3=4jF!5S6LBi0Z%%l*_rB
z+H65Fq0;cx@EK(1bx1V=0u9kt0*-+L)EG{RqMDq36_Uz6CzVaD<XP)@M%|F(&CqZX
zXHbU|LJrX$Bs<u$B>PhtGEMoXP}7Ak%b!#H6Z>}`oF}&G+gBOZ44~U#qF?W&S3=r!
z8%aWRKBQ2qM%OYg(h-XxoI?V+m4jUU+EC&ITL2j~oiUV-r@7B6l5y!=?e;<bl!gh3
zAj363CB#%Spzc|tD%rp}I}`bLnL*WwQK$$fZ0R}Qk|-N9k>-(b0D;osunqk=i^hue
z1DE+Ke&%$cAlR&v^2s#=JTncSYMr%l253a$YyvGEy>Tqh$~3e<w>jl4(WFr-$xLe~
z5(zOePr5jF4~xY3863d~LHzcY<_b|_+BU+oEZ8DGA__9ExRx|?FlZUqlqewzcTE#>
z&HjD#Mzab+PYvn6MB?1X{(h}?D6c`Mt>MFw1&k1~bx2pl{{MBK_P$aApxO@?J(liR
zDwbbhG0@b#pScf@Kb+Oo)BmVjB|0C34zp*AzROMUjD_}-_ar%?GUWJai#fc63Rb9c
zWKT0j;GYj!he!J{Tt6$@u+))3c~s$@L)NGGLEV#=3_`z@OW|CTTYg!q=0@5s73<1@
zDA)2Ia|&5;<*9O3(Z)Kjkkp%`_Q}LtzXQ<KqF5imKVhd`Bl?i89hyDelWMxNefDWP
z(L#nt5F=xJ4DaO)-NIUd6E2Cuv+tsx0Atf8Zf6-un+i5rDD>H(;~(pow0DD`ON!w7
zzXM6n`-(Y=1Qi63CIyuDIGoe;>6f#>kH5#ZU(0mjBVf=?qs-?m%chA{T<vtV4(A8h
z0cn!5m;D6UNq9c3<1M~{>7>i*u@I#Fky)2Q5(_m>Au8e?KCIDSwAuh`A1IDdZ+7<L
zd#{g2q2;>S;5tsIreig=)w~nW7}m|2awt3ySE){)UZ>Qi9$!qee++IBR$hg))rAEc
z@+A?@o_+3ob&AUscct({?n)KjO3{9#=7m`v5xnU}1j^jEU@XF-J9WLYHvyA^0JfGM
zc-4EOca?0b9NKIp)qt0Z2y_O7GOIH)L~l!D$u70(REUYrW+SZ|&$bI2k4A{1LGZMU
zUd%EoDLra^85a#sCMX(G7YSbt=sRs7$e~wVo64s1D#4*%s@!Wt@?fSe*2=nTaQ-g#
zhp|TWlhiOL9!qgi$ce8Z(}UCESIQ`jFHDKajLXGe+(vsixyk7h4(i5i5|fRRbPat^
ztGA>P?hTDA)QX_(*TH7hezs)0@k1<Nphk&A(X2OlR$QS@`3?7Usw2j?LbLV*8n1=1
zY-uX{yB&2{!gAi6GSFer1m<j0D%m=gO}IhP!-jwyn6+8QMaqAH6QJ>k<GV7dGMne>
z)@;_1u6xP_=*rvZE7u|0|J6SB92b{Z@)tqg)l<2GH;cizV_ZH?9*DhUyM-B1y;gUe
zKGYf7Nn{0}0;@v>JsIffg;R(fjG`nUrxLYQa72}+1)@i0O-MEc{`n(Xz8^ek=ObuV
zIg{Ps>Xc;{#F^2qw%4w6Tb1vqW8q|1MwQ;SHoIHcG(Qi?dgnuU48!OR_nm-Nms^M!
z9O|CoN_4d_4L4N{%6sw+mG^~M3K|t<VN<FzNp<XExr7dZ>6$GEI!CNu&Ul_ML0P1Y
z-GRN_p&z*WcG$zzM2<d;4$r^#NB2aiDQ&xuS#9%Y$XNUt(-Dn9g99B{zpi#>_3^P1
zv^Sk`lL|>k2iB%rW}Yz}kM|PXwszEJ2wVHO>GumLU6*$xc14iYDKDM@{M;I6q}C_y
zg~V#AYZcL`j9-0@v^^Jl`$!SZY?vwIhTTdAyR<&EcM_I4!W0W7^D_9&ZMju+ecJ8d
zpxQ2!rEC=`Vh>jFJA9i=N05#&qO+Sb;ws%)+alk^Wx9P7#`V%Eij|SOE1K<EM)(S?
zoIU~?6mmJRSVg*^2h{XkrP7YnyS<;eKYl(qPxF~bo2+TcntqZy(__N54&P7`{t#h-
z-zL0UJ=HS0b{WszgxDe|gG^jdm#4^;5pAswoin{OL8tox=~5KGt>bM0{F5{o%1o=C
zC?AqH_(t*u4rv|f#VW{%YrH&dFxhi7;kjNiaZU<FIvQ8<Sgy?b)>OW_f{450SEt`N
z|DKZO&J?~6FI)NgW&iG6&v8!z<a+S_*8v3;A`Cf%-zu07!c$i+%hA@I3DF4jm=tnO
zx{Opns?y1C%}C}4CHC+;3DCoOqVK$h%JUhm)q)+=%-AGc!zI43O91<I?`5Y@)+|GO
z^m7=&`sEgzZAm}35|^`^!XDf#r1dXQV9%{~gi9vKO|66?yP|Jp6_Q@Qr$qw^MM7XP
z7jpnPOevt^)E|lfWB2sV_0I9-8jtO!pnTBJ@pRY(TgXyapzfm(vplQ|-y%rAY1bAS
z#uucZD4vg{vdBR5hLk;WO9p|bLv9h6fzX0Jx=TEnE;9yCCURj5?FqPf216<f1M0tc
zvM&pTuBOBtoed|Fk4XI+mRAi_&M*c-44;-6R%mn*x?`f<K{!>rD!g0$U?V2+Q=~(<
zjx|On8WAgnpSJQiQ#ZL4L|^?Kn24)a*ss`WS#OK8_4z;PNX*VmyY%F~xx+aAxbFVX
zaPQzHv|Yt#qf>;PNmefWXy9c3Ud~<NZdlj-VEuFhorQT*$H>9qE%T(XWkOO0-tV;w
zw+zbI)YFZEY-{O7N0itudA{dZ(-t#EEpA61m5Kzf2=^T2LgU;W!`+H_!-1>N-SWaD
z9=eO!Y=Leb*`NmHv=;bg!g#vyV-U-*$_u<84c`muTlC|2ijzXlMrv=-2ubMUG?Y#z
zYPq(RtL3iz!zx<6_&*?xR(B?Iv{qG6)E-ML&xxCO?vDB`ZUQ9{36w2XE+gI#u%HP;
zv5&UFR`otI|1XHTujb2b%i(S^j~7VWK02mk_9}A^g@VPv71r)jN<H81(_OfJPBx<U
zv4@q~2mWJ?L<JP&Wc5-vxky|0O00Ej5S>eC#%w6t8FpE>!!k_hNmB8)Z!f;mK~Kp#
zhz=N%@VvkuCe`@+=viKYzuTdsWff%voXq^2x-zOPeR_eF2XPcFo4-dGrS9$kInVO`
zze`uv?$vc=I|u>|B<hf*QvMDe{LqQHrp420f~VEDx$C++0%kEZ%MgM>*psUdS&_CY
z4rmIQ&WZz{<iKk#=h&#)eC;k^Q_1#IKZd;-?P0s2Yc&MD2UZSEV@S)?5@I}Tp#Ib`
zN`kVASOYwP%l0~aub)YKGl!Z^c>nh?&W`#><Dp|v{uG6XZS<cPnt71?z(GN_nwWpm
z<z`2ez{5^27as9kXeup!tlR<N;)?x~<&`{oJ}CN{$$4>k&$vTaHKc9K2cl;<eYWsR
zipd|5P?YD8=6Lzl!i%r5|N3^tzDF_vgWtjrfy2X8A#~>uD2RojNA8eQ+K%(?WWCfO
zuT*j4BapQYmS<MM@{ANW4#M-y1jE*YV_W=sm?(T{rCLlaQ%+)jaqMQH^)VkS!S222
zR36BrH|RM+GW(7~aijbMVx+c}QKaIV3?ELgajo(E;KekR$6@Nr5+z3vE5%sIG8%i3
z8#Ck2a-SSFKX%q2w5}5~{E;QFM`Z`R=@0)+9Ii$pGZpvY%ppk`eN?$~OZ#PSLMJTv
zA(R1JrD<?Mi?ya#RFNyX6gi2LT;t>h<pjzwOSPtRHBXo_H3Kde0ScY9_aZX~j$2X>
z_sQSQZ#(Q;?%PmXo&oRp8^ZG3U7s`9ihi7KSvv^7?v^p@tnL<*uX_WBP-410*mF>j
zKdrfEYoikxoRfQh8>|m_9+POoyww@B1}e5)f=7sqiUGz$bT3SxDu-YbyO<-;OF*1k
zxp3a||3ojM7TgE@+)VF=lkdbW`0H`F5zo{pQ&50zvDR>R`spzy(&gQnQF-v;ow&mq
zRk<dcvQCD=b?Q2A=M37J%nz6Q(A_PgQG$8XyLa9gAvN30qh&NJnMeP->KBDijS4U2
zQkK-Y)VXRj_C;MKSo@Blg~nvgB})NHGk$`4l8TQ){wABLeU~xIZt@cBaUZ#v1~j^Y
zl1@EdD13wGm<$w&+m_BZ)I7pSTo$z<z@1jJtCWpdgUt6%&|L4%QYl$duQEI6j*`i3
zB6-CD&Xi7?5?-XL@@=rF%@y}5vH{}A7Tu{IY6B0a`ecCt)!k;H5l!32zIUsJfeyLS
zV+t;sb776~u#R8-nD<0|#)TLTe4a?~U7$5nT|*;>!&$>`CnzA{Gx}RX@nH3Bxw?f}
z76(*>*UwclGVF;Ys&39y)LvS5jCLa;i3qJ>HKB+~Q%FUycg5gRYECZ{MiHL@hY*3V
zZAu={#vCc}lcF<l<%(tt3j*KNkPsHRd9h}wV~BwGP6&uU;p?MW!Seq|4M!J_e)x(Z
z<S=IzuD2l1dG-&&TY7$e{3nBFT_J3b9@Nw`!jIFzB?R6~W(o7#%^AN5`g)@UWa^xq
zpCQT}yWb%X8;ege|Bn1AZXV(Uoj*}k0CK#8j}Ljy^^l?o>-<yR+oKjTwWk{+s1)X_
za660|Oll$doMl)m{bpg5z^8S@n1`5K?%E?Bc}s;VjM?GfC&r{r6yqJl92_P$8Q*j=
zCm6Mu6O3Fc6mVR3EB+yS_jNF5hFbrM_BDT^{oX87q5YIVK5ydHVLou~(V+SIJ@peD
zGz&9(94nKv?zT2mE^?~gq_=1ty!z(s|Jb2yanyj7P>Jg(GjL1d%1Y?Jya27(aOi5|
zi`~WbRkjWFJswXP@Q?)o<OeJFyehj>$&iDS>FThJqhR}k+!3&ABdS@92`(-V4sH1w
z!rOLd+I64OL;r%LWk3@TT3uJTYw~ak@3Zs~cx@$VnITG`w-;iMCh#jW*McY*Z8@6L
zy2mApPuM+IRBZg@mY$VQ;U$MNfH6!*TFU%#<NO=S=!*$1Mr)puqCOVSj_GVrOpGrU
z<45+>SoWobl8VPlDrt1WIO$}n9D16h)rX%y_|JmqsP&eZO2wgAn<i*<v@W&g(2iy8
z-c68r5Xwt@4b3NS6j`_W3k33E$^tvXC5ex74e)0MxE}{x{Ai0#ySIvFFL88;9s)0p
z5=fm6+k}lXZced*?tX`MR|Sj@H`nuBKMe5ZG*>v&vJ(LHx~Es$Ei3+35waMBH8i4Z
zvL%durZd#3MU{EWLKwz63`unxuK4X4n=?!xv3QYW*I!fHn3~V%WUzImo^pCNpy}D<
zYntJofawWeINJOtV|qTA^Ec^AmJ_X!)&*+R?gCXx{-u+zS=Rq2W&O91_20U!aziDW
zls&*+K0Jb@Z`pjue2rQk*3<5$FfbtdK&^I<c1B}aj~qq+f)6y}zqZ<C)zq2BPr}W9
zan^YowaPVH1L4RbX+LTi&;qTiiO8VrROm7%YO|y6n4hb)b?7Y8T&N8HoDlr;C)vA0
ztpd9<MjcmdPRx-B6zl@&s`c?cnPuVR_6-u|Eq?HUO8}$1OvL_v$>d^Tr)sIM!Y+pG
zE2^y$X~#h{{$VRJRca9`%P(bpQ{S~yw*niOR^p6l>2}jny4?sB?@~m80C5ii;$8-b
zM&ux+W=FV)#ng=Im*o*s!4rJREzi2|i(?Vny+<IjNK<X$`x}dPt~NWd{^4&BGmYPJ
z1m&;aRh4zIG@Cu50_3xE_T%>-EV#)Iq4=O)39L+d>Pga*a3f&OlTJ~j3?v@pU=$P~
zZP6ZWfn)iL@bnxUICXUtRL&|<4a*l4sd-}9m9R&zg1h9kTxygU^^yxc>8e!H6}fPm
z*EC4XLHC5JC}wh$S1Zyx<<!$2prjz?$^t7?&|kTOKm8C@;G$D%_vVKm>w`?Dv9|pY
zy_ql&?0$LlU1cD5mO>cMlY%t|lO`2qbpt@CUvt_n2-VPR-`#H1hn)&8f@bxb({n!0
zNA==^)ROsRRRgV@YTd?G2v_DBgIoB<afArdN@+aKuTj?K$}rU#g1YI)`O0c-+lps9
z);Pj=)6DVk3us?WJU<P*xSuUV9QAfaeol%;6FTop)iH!+{W2H+cGsuhZke{yL_L4Y
z5L`=5Lyj@mZIEX~DL?|XPo9m6!I5Yne~QSDs!2G+EUb_uPq0=ZNQE+IVYG$*)GMWU
zQ_Ar0E)OZeYh&w_^|Mg5PPl%&Y_@uW`^W6@aIKC1iUNcYIu|?TW&XR}sFhRMqkr-#
z9izVEJrvXI?8};0T@bSnV`N=r^*>Tr)dj1RPI%Nl!nR%&Oy4|}D-NY?>v8jI2LE4P
z-F-{0Zr0D?sZxO+Y-qr%ZAE>8?C9Sy73Fm`K@8ux8%A-8<!({@Mrk|oi^FJ>=#&?0
z2jv&F{F{Jnbz~dG+i^izxD;^PrV!R7izy}ft0X-hyyLr@B);vQ;OY^@2cFn5E0WIk
zTna)MEAU&n_D;ST{8hdk{1x9&{xRI`q_~9b(~oNba|Y1;%p9!Ji@z8gQIPk|CCx1<
zX?}>(qNaJLZi&c7+f|s~lq$@Oq)YgElbG9jyFTJdYDLm1hU>X(O+MBixw538mS0$h
z*WoRt*PWBv!zfo>Sfas1Y!4-uU%WizIarJ{;+Y_Me_|7HWw|R`jlxh^=1gw<6h0!n
zG_3v|go#wE=A=WYeHjbU!qfN%6b=41$I=Nxo%-VtRk4HG)$U_iKG7N&O6F33S)~~1
ztu#V4C9sywh6JmqEenEZF@JQ=NpAdRE<b5o-07-|ixpHS;nm;vgd0MxRJtx-&^B%1
z<~Bj;2%gFouG*kPN04usdUI(KgzY2mminpZT&VkGs7VPa(${HHwnDIE`TpO-TC0=R
zFhREF3wRu2qvaM#E)%*-S%`h!I63+h3HI8j8cf}0xmdSqkKne#54(G8?BBF?7u>2R
zez~hK>;f=U36W+TZ)%gP$Cg!d1bvuv3Z&%L{M^tp$;t?N4W^t5eXVg>YeC#ecuWju
zwsbRRwo=9S!xO<kY2{gk;L3h|P}+6@H9ktM`6(&QVV~bQqhmMzi)I9}5v$Ri(!<Zx
zr-NO((=EuIS_4D=avcDl=@M2=lk2u`Xool}_@94t8iY+j^7%xQb}}aY&`7Afh6fd)
z$Hv}`$o?=02|Ar&VO!M=DK}4pMV6XP3XeBwfa;S)dyMleOblnd*6|%=_+voDqFMB`
z8|Oo(qFuWLHeFhs&$;l4MTXv@Q=5oE!&^>h@KAuIXC6{F%9u*`v|nv4&EQu_8rY<k
zZ4xokNH5j5qX?%uBwl?lR_Q<=w_I#3<UB!q!b0lGg^IAZV|BRfXP_Q`mXN(Bk%Ag>
zQKdg%=l<<v956v9SC)o~ZUZG9$}^?i#!^6=_V_ChRR1tgi!~=%sH213=f**{yCgbF
z6<c8gt8LyrwaQ&5K3S_ICsfEgh{bObgK6Wj^(NL-!LO_%wNvWy&dZ3}mVLq(->O~w
zCduB??DA8XE3IS9YWB4+SW}hVM5%AKjkoxBO_0fk)cq=@Ub0$C)1|7LX@?*{r~~&U
zfCCS6Ebo!p+fe3WyUj&7b2H>ZL%QA6WOwgsccHrlMW3dIgR({So2m+Z!&bvO^K5GX
z&TUWo{k!|-uU}=sz;tNZe7c#Ceq>GT=X^R%a7E{rZg6dKKBx%`UA;BhLt?AFhN@X@
zJew+6Xw{V)Iy-5}6`GkTYV*);8~v;DP|d*qvtZ4IGJ#JSq?qstn&Ef78271byOvRz
zU{l9PwvZ!F(6Z{e@S-ecuaO~cJuB>dx)f?Pn%myI`6h_B%E`zDu>tk_34VwcUn8&W
z9yJ)GlxGZY%KjaVQyldH|JH(W>(^9P_#l*^#sT>=z)q%aifxs`v-}}P3^6}RB<JrH
z7H$;U`IDftEkkWa1@h!zjDH|T?{eT~O9dLkVqmLBv}qBqKb;>iBFBdr=3s^S+Ec@u
zm;oPuIZ)w~dD*Ya(t??dt~h7v4APiWzgViu64o@6w76XdLJdV+I0@F#tD}jZ$OtZx
z!hoQTEs=vWbNel>`Ota`a^T5LkQ`CB5tTwVcrON&hqoaQDsIJXy?@aHDki=XzS5)t
z(^c&E16w*FD>JdBEBi6gZ$a96xCe1B;uf61794d7FC+XE?hC0uaZl_cN?aH*cnLw0
zAS=t{C3@Sh5APm9#rCjBT{4w${olSPR3BfW=vCX!EsOgw!?q?)+0T9gu_#zCKcTT3
z<X?aKzco!Gi^wIiVWKDnjTT2W$W~6%>aj^v)N$7F!5<=E1xBB~n?qCS8F{#t2*KyG
zhM!Ojnbx>;{BWD!2pC6<raY=tp2mW2JUbp&4Za7T)YtwvrmM&z$Xw^C1V^Z;2$3Bi
z(slpnmp2b~%6^@^wj)BUDcfz8($UN@#|&hoMId;wS9Cm$J<R_Jpj|L*mrS^zNk(}X
zZ{gjuX2>wcT#4~q;$;e!oNX`A2`ypc->)Gwpbnfr-~I6YtuPE%zR*Aj*fHY3p9e(=
zq!qicKi#c*u7H}VES(JlWq&MiayQf`+pZ!iv9Au>+fx{>BJnVz;znK?hi;nL?Nszu
zMg_eUFN{d+j)7?%1XrY`-@xS<0l&oIy8#_HC5SPep>vMcOmvkHTQh{u@u-3Gbh_2U
z+whdUh?8Q6e|Og*it}Ru=)D9XB=+mynwJd|G+N})Bka#HB;=DGSedAF;F7LjaM(pM
zuTg>3kp)dcZZ}X)U}uP-CvZ(4@KvQWjC^+X?q$LX)BFu|uyeI!?mtI^FPyT&B~9J}
z$g40nAdf(Tpu>(Amq^pp?Xf9C-h|Qj+*D}U7E0N_Z#MWLKa^YI1>Qhrbwkr%QFd-O
zE++cX&fTVG(rLkEK;w<ZlK{&y+n%itIosg+9kmJaY`uOYS4`^&7N~Lr>6C_=K_`Mm
z!>LB~RsRY8n-LhC1`p_<>;PT8Z^YoV24w_=SkKgP!a0)in6EfB^=;YOdGep(hGg`R
z4AY~^TomR(AJTWfYZ7=Lp>q4}LW;R7h2G(UkWN_f=jCI~lJDY&>XPrSe6B;Ra$;-o
zm589?xlAG-XmYxR7##0m!Mfh@gz1&5v+OQ6Jmg3(hfeqNbiB}pDRn?h`2ls5`G+{=
z^^8wd!OrqwoZZhs3}v<4o1`KJWsr^5EjcjZ&gB7f-f5$$o)neqYF6?ndK-7$yCefo
zkHJ>+C#*62M^+tzCKLqCu(->Z{lhXoYekvXulw}>JI{`yW{A~e&Au>Nr`ZUyt?xFF
zeK)SNrt`x?@+?Q625mR`Hn!ZbGwDa#EVw=8Vh`@17tX&Y>@$4l6*pZrOTaS5C!Yx;
zr9Zo|YAp>y^U5_l<y$n<&HN%+eL5HKDA)51B=*V-sOp*QwFw^d`%k2s&UZuE*v2+J
zsz1|vaw@R6Lt&7Grqfnvg2=(ViFsA-<h}G`6mieK=oCJHpz?}fHLBu@rM;G!pHp*q
zDEST3{&0RRP#j5lDw-ZC=yCurap{?IIcU7E;e}!`k;d*XSTb6I`2Tm5No$k}vRP4L
z@lT{Gbery$QCDq)+;W7pv(!XXHah}JA&N{HAiK$vs?#B>2UqAiNQ?H^ih+mBxPK?G
zDh`m3#grmoUt))A>(c24oce<{;uc+NzI%%_CIh!eAr+U)I_Y30mkyunC=()DNyR(S
zA&=*`usb5raOu`->Ck6%;N1uA1m$G#J}KeER(}VZi8mN(7P9E|4=7jFGl$al_*1t%
z=tbyqI5+FX9i<ESh|4Mzuo+=7#V7zib*~QZgf4{Z_S2=N!UI2zI$E4s^L1<_0Vj@*
zQK9jm@AsO)=Mui=R-iv`u|WM?s9h&Gtuk?sS-PTPy|kJ)M){7nv;%7aEkq4&{I%}J
zUonrNbl;&&lxGT@O2u1PxO>Et^AGT(kSQokevT**hK;z^KHexmG1ZB-e^C|?8UHx#
zXN#X2&A1wzqM6V$C9nluA5~^X8u&`V{rUisi+SYKAxH%R7xp310Za{Y)WQ<mfK%pm
ziDmP@xHy^bbML@2d`wlI(o#xXG5G@iS12Xu-^-b<l&IqKc8)~=y&sY2oA?CPQ=Mj+
zX5aup*X3lIRAUlHCsN$#b&#R$O)020DwZG(^*-3lN(9tK0HvxB>ehSdeW|rtMddSK
z*M+j!G4}z|_iFD>NOK1KrfOwQORvmn>6JMxjWQ>zatdY6DXAjSi|wE8jJOEnCM0WK
zyk!zY>}-3JgpItK#xblt!i9TB?nLsKx_<vbuJmf{q82uQnvG-FOKO)0=L<EgT_}ZP
zLssMBozhmes<>y1%FTov(Vb4xYGK@FcxG92B#?Z(=AO4In`kv_Douq!3$nc|#b848
z%I6d5*7eV@cQN}-`LCF-Y0lX3jCDQ*z(S~g<^xdF1~yD?7~1}!Y^G<D%{aPj=0;>Q
zh?KZlKhjZkcHELuj*<}e#sa*j0|c;L&5F~b^0=?@UD1d`_U7e&3DgC_woNgyU&eN4
zYeF_#<{^Ag(e__OD@Rvvs=J{RWC0!0zU>4rL02uA|8g767BMBvcAwEHTWhja&2|E9
zw$qeW%OLi-cR(>#&HDw**~|&}nvLjU{V!g|vorWJlhUqUv#A?sMt1D&r=M2@H>di*
zqBGZF=k&jk`OG<37#(aTY{ag1mmNDWBz~q6viS6haPlcJH0U&Z?k;&)AhOEF<t5aV
za^v!CE8#J6{Ym9AwQ0&~Y0@88!dzDo3v(583>Bi_>O!Ne0c(*$7&~!VHWFJTu1KpR
zY>%)I#D!d-DO{mOOs<4@N1idH-v-xf3;~Ri=1kEBck0Ewpyou29mwo43AV@nF8J+l
zF-u_a6oe2a^V(Lx#f$B1^Tpm=?pcL$Pb{+T{lPx`ib6!CMn`$lp=IozG@vNnDsDay
zVoe<Zq__$#W-E-I;d029)8n$m0j`6}SNDlk?K=(~>;n1QI%RsMEjzlh?Sy&)1^aKS
z^arzx&zMrV>-hPEG#R0e(z!b=9Y+daga+8y<!I_Q+ao<6qY7+V7E;<zmSi*URhuMP
zW0#R-Pna@1VYl%Kd(D;cfAPu>2^i_L`14kM1r_VM<7vK3!`60Rq-gi`vE2u0ke69B
ze7;EQwlT$5dq7V!wDY{)L_(1K-BK;erRG7Phn>Wm-uU=^@eQw1xY?Ui>Z^k}_LDUv
zFLC^2s%tI98D5#_RIAJ2Btw?qz=aBJ1b-R14JU#pagGZ#KID0i%M(2orFAzFf$S#l
z`%M%k!tB$G4KSdbGOyVYc|s47vKY1Ax<Dk26^<&#sX+q{kM!P3PCFyF9BW3L*ej=`
zb3~2E=3(uq#q?HlVLLJNFQsQ1g50}?%@1*QhKx83iUge&6bp9>8fLUlRraM2o8~(f
z#d~+1ctMbT0|_D1*sZ^{G~Wgl4sCLTclD*tLG~`0+{i_^F4)x%?lwq%;d*NDId95(
zZCg6tU!Qh6tP$H-1ph8$wE;q`JD#*NcOuUYsU}8}pfxy)Dv4F^K(+Q>oet%uZ|m?C
z{tSbS=k8Bo8XU1XPwmD8`#H+HHKv6tN$*k@<8(wfqE^4wR;8D`m^M&PMK<EA+cX94
zOu!9{1)Ot<AY<5iBh~L4L=s0CNd_ag;hO8T*^JnfGf7rz!<P2H!++b^k!4eRJEw>I
zpHtwc;rlJDy^z)7gKp)Z(wMtO8l2!{F7&TrRD@!sOGxw*?#=~N^DS5#zs};J6opmM
zvzU7ck>`mdG+cLmco*Ny!GuYq$ExTz6w$9R|1}DJDh|hFE^c@JT1`h|rDI`ZbqZ<c
zHExl?&1ruW^Tx4wqKi`0(^5+#`qYkR9Y}@XiK<d^Ig2YG&9dI;q|h66>b=p4fYM}q
z*n|HjrCo3&L#t}5pU7$A2!v%R1m9c_R0v0Xd--*P<Sk^8kR}t$XuE}MG1?(Stc{{d
zf(dyGR%ltC%QQ<&>oov4=Z7`KgfWCnN%RY(bk$$wLcV!8qW3Nuv3>9%g0Kk-IC^(}
z(bXEm(?5tF)YnKt)=ZbDtC+BZr#%fcp5d8+vtOt&=q0w$7>WI|xZ`vp53Qd-84{V}
zah<-n{^5LH$9T$zA*&@ZcxoM_)oT4hxk2uvnF+giI=KS#SgyRjjaiA2tEAy}wTC|s
ziBu?hVh<;|umhdHOgoWsoJl=A9(h5aYy=6#EtU!OB?Qj$v#8j5^Lo{!4DE0%?-a+P
zf^Kd9smD8^GgwmHhto~YJJ%$dwV~6E{{g?1Hv=mj(#!jRpUes=`#o-6avauwDj(#+
zMfg%$ggQ&FeB@D3<?6$36D1Qe{n3JiEk&zJU(#g6LR_$N1goI^_ap@F81{Q24#VCg
zr-K_dZn{du$-3D7J?20y9KuV0?Tk|WhW%C4;&Jy-th5g)rvjoi7d3%S+@W%)Y?^QG
zbd7gQjO1Nzk*T|oQqd)wQ+etJo%XiWj{_Q<tl-dQ$b@Cx`-kWBWfdWg<qK}FD$%TV
zJFBo5d_A~r+N|<A%PNJ7Jk<X<m#w6kw>sV|qW0Z`jx}3OGA6|&qdK$x9AdIzYi`yc
z0pCefDC{mOq;K)|%c>pHs1L;)L}On{zN-r7rs=@~Ri3!WOh)47wTr?g8o6>$h#NMz
zcTtH9b-tVIkK(=zi$|lTe<Y;S2Cn-X4`2AHV;T#qr@p&rkgC$EK!nNsJ{TZ18I?M&
zR;~*NMj5wH%5JbxUQv(WaQvg@j)<dx%npYO$ug1S?s5l3hWkKO^Nv$TgYmCaBm5hR
z*y>iSV5{zk5zy|Ut3*%DGW3)(F3pwI?ya6!^?zLWpXR!tP9Br=VOL^`g6?Q2FL;Z@
zO-TJR&YqpT!;kGbyW@p>DLvmn_1&Hn<Q(fN-~%o<NaKmJP1s{Jfa%aqYxfcvVueii
zj16>cDw$P$2Ej5qtHkrl_4LGTfc$;?t2)-<bY9BkER)QsVZYydv>k_}-_kkm8DVrA
zB)VI>$EC5H!uqO{ka_b7m~mO*^_yhn%V(}NPaGsnh3|hs8oUeq?fv>+@1Jwnnl_ZE
zvV+A^B*!B#G|-}!{?k+7OXe!yTs$Qq`*lm>6?OAKC4KXQWJ$4ApoT2iy>c!{#ahC&
zmIda?7^UfkC)e1EYE-;zls4^?ujldI#b;rayyeD;^-tB<O`cxABR1)DNVWc}1;>R6
zeift%VDWJMPMQ&)(6c`fRifDE!F~$99uBD(8PHY2O|s3*O`)uDIrhLEvPQFY=$%3)
zKwx7e7jm<C#G1LKO8l04gW|(Hab0K-pRGj13{eA_;e(qefQS%P8}`t^{E_2tab$`$
z)-sYxVl`#xZV0)|)R!AIu{hMRH;l%Z%@U6#dY{$5kKXS6vmeql1HC*jEfGf481)(&
zakecK_f<1#v(m93b^+<B)stb!5>6PTf`R?Eq01C-+G)~X*95UNH6$Qq$oD1!(rQ&G
zteTAFBtF-5lNb2)R~#qq0`mSX;73eXCFGWv=`mp)mn06gse_Ns!jLxyDIEV~(<z&C
z%nqaUtqI>gl~R{j@?<B>{BVw5{YUO1n3)Jpg|LmZ?;tidQmgA>6*4D$Vk{O9p0z7?
z$h4%za*7?fDXai-_Of6nk+cg{D1-trexq6+-lk%>VGYWuqSdE=XSB}^(^QtpchoQJ
zxg|T^n<E{4Lcw`8Us<kDcQWbongHK3;Zkw^8W-KNU53)`->$<D(Nwe8gBSCT@6O>F
z5(l{w(c3bKM9f|<C7`vDxoHn7K`;9OHSVbS;s}ItE=z7rDIKC^v(45G`}rtL+B2{+
zY39w``<c6%KU_*?uxwHg4{7!Q*Zmx5kzx%cb%Ca?X?^S6ZE4(P;K9a5Xb{@BXs1-T
zAKVlfqrzqUEIdoYC_4VT{7MbnNxzldNt<2f=gIsK!V=y#Cuq?y^~3N;xEb%a?163}
zFNxFBS|AEqWK_qP#qIW~lVLRT{?MLQHlMUF7*P*VOF1hGs!5X>v4*gTu36OrSiQ!@
z<P?=zQ<m9cB_O;G+x2^hC>8_6PmbuVS8Z})-fEO-iEemjqs-5mnGGuOl(6d;@Bm^!
zoxg}Q1{PI^FP1FPdWPBs3E!@vX<ze{DfjACm``0FOeoD;aJW*xdKEoH+hF%j4eK|L
zoT#~N*HGmQT=<-1q=juvQdQOy`e_tE<w<68Z`o)zCe^As)+zeRdL;E?W?_`T$<fPI
z^vj3ctN~-w+%2`nm3FCGfuQAv{%Qj)h-fj$Lmz<w6}IIypOCsOi0+=u?D;aO31lX5
zKS{S^ys@}^SHwdbo+*w5QqVHMtenM!;NV4@@^wM3w$;?i?w2_OWvJRx>9Ot!aa?s5
zbCA3ryq7pS2!=u74*p|}$I&$zO+T#PH~zH`AI6_=Lkf&BAEM=$W;6*?6>Z%b+$>zv
z67@`-L|DVD9^7hBWlh@u4}XI*Uc6AFfs=Ua<7adbwA;y=V&`KO3EGlC%-vI0O>~?n
z&+m29Vl%EY`~9qeQ2ff<d;cJz@6LXs+dr#l^*{r~0V<O)<4|gpFp&k;%<bXKUAfJB
z>L(Do_qz2vhS!7NUKL(a6(D3vrqyg32x$jt=WJ*3Pe}{a26!6o_j7zRE%W24yv&Um
zHRb7J)HHp>xP$!)&G%EOGWJVyizDQDh?W^SC>mJ4w;ak^avVg)0z#%Wt-{7{ycV}G
z>n*5#qxRVMJ4WysK4ljB>*KRnx%RB_@(3UMX98O#ItWEk4U`H;q-$A|%L`s;8ZQ$f
zIgbUpZw{XeNm1}Y7pp2g&9sP`z%E{UD4283uys%ytrIFuAXQN=EJgc5L`=F-#~1~X
zEmUr}dVY@mXH*S5HhLp5v}jmVsYES3_)G^Mb!}eV9Rk~#t*C1cD~UFR#_-}rZqaEz
z?=ql$!>8~=;>x*e6czlVqEVWg^<?~BGtJJ)@w5rxS#r}Xje+Yz4JGIKPcwwma+=1%
zR-q))f<t>ZMcepuMY{$5!J;jRRBv%N@FmshO;rNDbxyEe7V63<OxUqXm#M)|e=tYR
zy6RKDI`X2>AVeG!q_x&EMpS66O^|zuHEC9u5OZ+uRk;2<!{nm*fNcHH_YJ^N17pgG
z@qn%<BKgZ%-pEjsscxyIu`KL;9ejVA316u#Y1{gaTF^NeO<u+Ex`=M9j)C%f(R7Xu
z5^QBXY1pM^;m)?QfAF+jM!eEMoA!B`{J5ODYHXTXDjKpD56=88pWGRUytNU~GxaYr
z<kTzrH;qVTBiU+m``%oTnGprZd8oTS<`+AKi=Afb3%SIEERzaA8OvI4f1Q#vSKD6J
zG&Da#+iz?ZOkmf9*z|I6yI{xIec!I%KX459ueJ=Lp?&2j(<4jv0-%JR-!7B0V`gmL
zpX$ZeYHrIPYNU0ez?QsP3gp+I#AgdC%vX=}8g%rdTw$Jd?ck-SQYNDifuvW90%+6P
z+PCb*dr(kNlV?04qA_~tsZLEZNghDLhyH~N>a{c-YricW_GF=es_@SS1s5qowtWiq
zEC_-{1Ms0HS3W=kjH{vRb-`P}2c5bFN&W=29M=hgv7LoSsG=YCabwxYB9udzT&c%&
zKsmr#7^4_x9NF1V(h?#-$-1&*LCG#9%7ruG{^p}X-prcRt>VclM&%Qe#QfqG+{a(i
z`;V&}Ns-1!zC*;6tulBS9!SUjK05oZca9<Up!^+o&A3Z&z~X^l3{u|ja4T?ji&`T1
z*P>mhd<+p`!NDcimz(0F^fu#c!p>HtQQWuY$xRUBgtm0zUF|o)^C>zd_z?xVkpGV`
ztO>7GX?}x0^qqbRYj%EC`r9Bj5vNc2XaBLha#8(Sd`Er~uTt^4eMgATeEHL*-=Dhz
z^aH>A;P$OQ*GXQ5J|6kTucGWm@`pY<h5u9bBjJZG4XCXOG1GFJl_%5YQZbIz=h2bN
z7|{;+sPC9y+14@eJ^w9$n3&xxSPSVeJssh;e1BTr;|*K5_*V&6zjo&rxom9+eRXqu
zY#^g_YCrfL+YdV&-$fiFM9j1;cPYk}ICn<g(K8lW0nI@%cELsv&{UMqPvdvQFC*jA
z9A?z#Y;W^xR-|Aktx*tBR`}UQ)M1SiIw5i4^OtH18`s5|I@hO+=@rlpIijai1yg^S
zftra?3QBva0j`8i<5aw;XQwMf$?1L_zOCOASWy_=@^0ZUJJd_)v38)WOeqvfz4E&G
zC<cVnr|vVzx(U10he&yVO(eON0(GFwg<nq$x!bQbUc8kY*w$#4<=-jyk0+U4{a3m`
zhNKFi^xD7+f_n)kks6Yw);qQ`n>sd*7gEm3<AX*-c<<a|SC}DoxG*2qN0cP}lLjz%
z=Vjkzh=8D|aO}r!8zM4V!5H!+QTBtD$Ms=;M-oE?V8+DFc}jIq2A)#%`US|vC+1JZ
zq{S?eQe+m8Cn2m-oso<oBSAWUIfE+XUht+v*zN0g(#RLN$dD6_TX#<B$9GCyDvy+M
zEBT~0zcNWxu4SsCPExKlSm1#I-^A<Gf?)gLr|WI*jNNDpKPfBZT0Q#F^(Hu5#MU8a
zKis+t^s?3vevUlWZ-wMogZn6YJsn{Oa7kXZ#cF8Q<y8NL@QV^JLMA`(9`)9<;74hL
z2R0jy8&bl+pb!>~NF*fILyl#bbzT>yy={??$Sr4jeyMe6l_wZ3Sh<gN{EFI0!RiyT
zMS}g>I4woB1xQ@s;6iIh?mxGxDD=@|mTax}a>&+laF1c}HYQW*6=oOvZnYhd-BX;r
z?@3ArRfTFAT-gpjdC341!E)m{OD+coF}D3o9X>5!v00F>aAFEs*zR(vymllca<=-P
zg(J{P$5@OMmqv~S7PbbmfPvzFsEpXW!mw>D@rZZ{xVMssbd|0OAp+rnU{9H@Z8^US
zW~v<c{Vgod`@Pkwa%+%*^-1Ry<1`EWsErbeff9w<&ig=IwajN)vsx<+|NdYVzY`xL
zGxI#i?U@1i6jR@T3HK8?T%nTjS*t!5F<u5^xcaomwZa@mMoPjrrI3Y8l5`tHE`n$p
z*8>d>e?wM%^x2xu_g|ykt~ufuOL8=iQdJ{1<H~egEH_gDM9ZltZ6zs}(fs@}IK0xM
zcok>MZO>f>La_ybP$bv#>f=s3vp9xoUf3*=V2i)2sg3m$ABSQ~wXZn;z`i|eu=<==
zoqejN3)6E=Je4Jr604P;uD3<TE?jaWxgK!=;B11_-QTidi-5v&V6FCI1QBo~t6HY8
zeTgTxdG7|%4P7X7V-|h4ZL)ulVz(?RFu#I}?QvsgzmW=rZJ7sxy5umVXeC@X-&V4k
zKQMK+EIi)CA<j~`(tx(w^vH+dIuI=^(E;43kV9~-KV8p~%Pf5DixQBY8b@w?Iy6VJ
zsuYUVyA9$by~bVdEYABU(UB266!_Y_WSZMT$oxpJ4)2wVpVU%m?OmF*L+8g=+wC=+
zO_k|wgRQjtcG`u}TcwCsT*o&F_Lf*i)9uDBST}oycATy+`<Ysg(`tKGaxZXty~jrA
zA2g*1qvuOeNRT&qD9$6e0v8Fg+UxZ1(n={Spf^hyWGC?#X&Bi24T|~&T`oeSVrY}$
zttrs9q3>T?SdAj0f4U2j3F?ZRwQkozC^R~&>V`W+PwHM0c_B-zm2Tl;Ao6f=UIYzX
zb7d;k<Ebz<cm(8_q$3s8M&C98slp3VtKo*)0!koZ>(sspP%g3<I#QFDFxZsqc!61A
zKo+(D-C*ZpTnkVzTqZenrR_>wtS3|w=F^~M#=2n4)Daoq;@rW(x(YD;2_HF5Ao1~&
zRWyU|5Y7svhMFrC<cyx`jN20VBv+s`4^-BmWEN72U~rhT<8Fs>I8H%_?xtDb#b4Bi
z=3kKEsb+wBztFGnz-~Ou(d+$b{l<NUis6;s#svQlb4J4s9S_#t)x#uBPhA*<Xi*)*
zdGhlRKn_U#BY!K~fTDTK%TU-6Xs8#9yL6*H6w8XneUit6U-QtvVGoBHTS60iT*@*S
z!B6ZNl<$ua#EHZFbbCg5oHGt*xygJ+To&wwec;W1@oE?>;r!p8LRbM0I30PE6IEwO
zH@-v7Y+0gEzQ?hl6b$HX)?4aK1euJjs-G`?koI$jCmgC^+NuQEGB#?{dg%{ud~PEN
z3OW4XjP=bk+jT7O6klM<$2p0$)rJ1snnSPTAzC@r^Wl}E6NFt2(PmMrCsuo+lX9ub
z2P<!>PDN^Sn;lz@Qs|<xftzbU8>7&Xbb2{{J;9wg6qRzC4DNNo1j0p#;LXDlN`%Ea
zeUWEKXB~q<u46!bV%F&w@)|O$T=S5Vo$VBLCUyi`2u{Nlly_dm8%)gnzEo~Bc;Pzp
zKUr?H7T>2;mv_0o$>iNcqnDIeOejB`g^(CZmqAQ`1+sE#kppQn3tuBq;rdKY@2OSX
z+vF@`^_Qfz%LI3*7CN+v=+0UE``j8Q89h9y`Tk%Ugrg1*1^J`rL=FKp29|G*)!#<$
ze*GIt4V2x~3J4YFcn_REV_qS8o<>OmsaysbsIM(WrB1v|9wHBYMtv1)QM}=}mS;Fs
zHls>=*mCl!J4+`<hc!I;=Af*#`@E-E6lYyb9dnyfga#~T(RcULJtT)F9+KC(O!KPd
z!~5fBi1Tr`fNQPjH@4e1OJMKoo&Wv@M?vBow%Q!L>{!sB%o994$gsfq{jxqKm<bf-
z9E2MnGC6`pgNU2YVIXH#Moue4_C}eiXPN{nA;BuB`LH5bBTq&p_-~=6Uvq>n^gX$x
z)e6<L@0m89Lr!vUZ+7Zx(jnAqGHIg-FBuPozK7Dfgyc0aG(CsWW*w^api9GC<34a*
z>AvF-wAU4}+>;F6`A$tOYt(DYF!Yo9kLaBAvW?MZI2}0X_Cdodbdy`bg(A;gcYi#%
z{%^LD+LC@YJeUN}kT3tr^kvme+lnlOz9<;rp>|6BBJdy~;;U?UOC(j+fak%k)tliw
zXiGn<dXN4zhZMQut3#rJi%X#&cClD!A;6R-YLs+nC{mTOI&{cJn$4p{OKBfLeFvxC
zwpoeW9%ck$d0!=b${JNSRhCC{(W~3A%9xZ}&NgXxU?U9eXZPB+U*ixNJ{aPCL@hI7
z!kpFff^)!@6)f@9V>4biT|Ya9>HxMS<m^R2kh(3lILuee_JbHMY@#Ft3EUih=Kk`u
z!3+zM;SRKk=207iRL4}(VhJctk~lZ=DvsU;<q4*<X{O5!VmK%J59?!-Y+GGO&$<qt
zrN;jJK9~%!sKWYyB=jEEPz1ttmV3A)ucww~ENE&3u`h=K8E=<fpq4ipH!~}Q;9@JO
z<M`YfAWSLOTCR#9lu6P}A_z~sl`Iz<n$#f0W+WnSVek80Hjrg!hYQvtmc08Ile)sM
z?Gb&qCxnSWti;Uk_YvY|QsARkeFHu`-E9<g!3A20n9Ov4b9V*4PuD5hAP2M+*tt{J
zJwt5^>lX^1zxZ$PQc;Yu3V5u2$41da${5aXHw4IR6)Z-fr~Q6?*xm<+T%Q5A3<C%A
zp#q+nXpBTFyDUxb2<I1r7F*FM*6Lktx0Pb6Ca2KA>Yl9+xaNg^BE`{;!~24Y<xamd
zSQ*5wiZc|DY8TrPHFy5i&fZ-Ft1m!-A+|+@0K@L9(3pkKI$Vc{X=C0A&fwZtymsWv
z3E9Bi?@89bZQoISVAWZsb*3t;Sb6ey8q#ZNQkjHD;B+TU4c*+2bLe78TA@pgvh>g2
z6F7VR{Yh*${17xTp|W27x*Wo^bDh2s*U2FRN2s!w)Ru2P-PICsnYA2~tKBy*3Qv3O
z@Ktdri0o+)(4n<mzq{LD$3fk9!u1;d*L)Bc4Sek3!uMbC)I6My_pk%ud_)J93<%zR
zHA)qMfh#JF<h0qJLf6t&<ElMAJ>gUmp(I~o0{ia+W7$&$7)zy=^rj=X>Xe+DnfR7l
zQB3U6x6GtI3ML*p-Itn`hjIU<cRXzn8hVTfEU|+>=VcC-I+v<_kzQpc!Gws<l8UJl
z^DOqO54;Rb|78Tdig9q8@r&y75BhaNj+;Luk^%9|Oppx=4R1rLlV$yNvwY0#`4HWG
zb=YEEv-s&Oel5--<*7Fl?S5G;ID1Yp*KO@kqxcfn;`^FQrJiN7YVqMy>J&_b6+$zT
z|BPwiLfAn6wM^|{sT)5jw&ZVu7L_p_hRwF6fDP=_)Ze2T47F2~B^tFOWs{vX^djm-
z#y3G1HNOTn;dGu{ZD1j&hWCF1QY{~BE@v~?b0e2vTSIY`NaH67k}CFW+UyoP6>hP}
zYfSmgC1f^n&VtF+m?Dh-V$66(KsDZ6PPlvU_wzk`dfQ?$6_0|h-=QYJvW~`8LKu;r
zndgb<7?$P*%~2r|(*jMGsd2xrG%xxIi=0#wB?{-RZ2M~W5CzFyOLrGXdt!7t3$wZU
zn0){Wtz(h0_bR)*WwyR(XyR+uxJ@a+aRt{4@f%l(7X<%!fh(Gz^d0&u(#21v#}leM
zW{iy5`K5MuuY_WOJ5${Z^#Lfabz{Iu9Hco%r_^~W9leXYn}p0?p?>vX`#cFRpwHO3
zOSyRvF~Z;^`pGQm#UH}wV4e6#9Cp)aPL3L(+CuL$rChQxNkRBqwKs<G7T!lajmB1x
z2I^kO5bQoLU0Csz@ldnniGVW7={1C+>wwz*gx<hkrf~}%s7No_uj6;u|Lys-J48x>
z#3e3G;ePU1fYyU&GHDt&UCo*(juAv{(-Cvl)H#_H2M~CnIa07UmuLWfL+-2d>k<%U
z3B*(*Y}z(N<2te_DN1rxIiVy#SN|O)V0t9DpVL-H>vqE1lo9|s?v$kb4{A=yb2A8P
z6+QgXta~zazcXYGi+{t49WTifHVPJm5HHJ<u#9HvA!8wVPo$dVvRFZVP^MWo420vD
zu#7ipw05>?Y*M~@#}(c#|M?mq!cKQrrnvim-XK&>^ZLy*N&Q^DjBlK-Ug8LX;r1rl
z!x~^+HJJo9Fg>eiBNi{Lz@df@$Kubd$Y_3lpEh_fk3Itw#Ym@-%m0&NSE%>IwKKdo
ze8rwCARthzWT$C4cHRUxr*io!dfWc*Al<1sLpA?-o{rGmM<O0C;<L4+GX%RD!N(JY
ze2J0QjruT)F}(Z<x7d&82QNHrJ6V0{8P0bXr>!G41U2yjeG1JmDN_Wb{0lSc0e)3E
z4(rpy%ftGZyhLf~W20VKx0a5@bua}&#N=THRQm>RxI*1clAzv1+zIe9OyHt;reb=N
zB_!;yu3p7oqGLm2uBBqJ2BIQK3-YXIN^?q$bjVb9QSA9!I0)W?!&V0~Qi<G+NaT*B
z?r>6&T#d88cGHH>HSZcXg3VD!7Jv%r*)nNcA%J@A8jI0BX^iMT0vnr~z{VbRjn5wf
zHWvKxw)gjN?ql<pWW4`qrs7Z(nUqtJ>&&dC)p2LA3&PM`_}!k|;My!?sKwf}X;iLf
zR*eutAVDm6_KF_I1b&8*nc6N#BV&NvbQRT|%9YY_zLUS;rKE!HW7f=5*35YdnR<jD
zHtVUf*jc==zEJG!v*|x=;x1ON&}LO-^W%*EXif{FF;?r8nl_mYul69UiIaw-b~Qs;
zfZ{4>13mQIrNTT}RK11e0m)KAs?FHNebs*IT!3M<4no`$bm#E6%{^?YSOq&5dyw(7
z1=3T77&=1g_j2d)=AJPZ%R{|T@TFdo{}$)+eFIJRT1C^{w>L^%Qs+5DxztjdC+GO{
zu3`&L#kL@;d-Ye*PprIhmSiWmgvwJ>Z)$D~^W2ic%G$%8PU-TQ$@SPH;>?hlMh>9d
zkhRXGGho5%&)^8k64V+~<yV`ynJ(usfxWJwO2l?6zLfJMjKZS*J`#{qnVS!*3$Gb}
zS%RyL@^MPe*1^h*DTxh$HC1un0e<3$U9k<~(ZD3Ww8`6d^tWrTgzO<oXhbojP`($S
zEYCiQ-+yKeJIftoQ3OlaDM)Zh!MFr76E;fVLL2#8@R10=<w7Fq?T>DfB!2&+$QZ=m
z`YGNP?)~_`)ix5wvK?kOcUlJ2wEN?sVy)253Y)bs^>*TDIU%w$Gzvz`iMJME9y|6?
zzsT>h|Js!}itWET4YMMqQJ|M-c{MUz&Kre`x>UiV1nC~$Whg(JdS22~%Hnnl_rZeT
zV=_3E<0td^r63_gKk-Ct++iGWbfiqqcI0o(WOa2BA{YU|J#69K1kcDTWmD~-ZFP^N
zR{Y(Y>g)1U3mYiMT+NLJ>8SIjAemq*?u_!QY@-ERvDMqSKYN;8xTU%mI}~<ITJoye
zx82O70w6{9V)_sqg8gYP?XWfDmYQCsMG>4&ivsfb?(#&qZ`f^H*y-Mr&H?@2?0A$U
zDp%kTa3nQPh>6hxFV8B+F;<R0mtR>pn(KL%6mWRJhgA$xPPA&&7#zn1El(|*y5xsS
z8JA!tD>$^u1|UIBP4qb1L_$W@iM58CUc4DrAHhI5)5oBIE%%!HnN?3dKr}b)QTZv}
zN6)C!Ct^glZbut9jAM-+SBGRS(@b9`7UKg$SgLT3C|7PCTu<hE1X7`Lz}0pu{Td)|
z#!J$n3fUMWkpsKYEcvtihc3{z8v5jCoTUIJ*mGrPa9r+sKwdwyl<<mWdJOf)g8n2~
z34?MRX~6OLbjNaQiaM_@_)sq0f`;#AAy!5Z`Dkd49>Xoo>f*rK?y*OgdY#rvwoC#e
zqsY4g^H#(#b)cm5X@y9C(t?QHrDdlj(tTNYDgtsIEQ+%KDn%w{J6e7C(5D1)zXU3l
zrm2VdEWAxj4LRIxW40(s@G;5fK`}#o1tBFM6`{4xP6|ER@<fqRin8yYq%T(<rF#{O
z5+8frSaB^`E~|e!Zl=#U{|NJwRUw)z()h1+Ocb}Stdp+!+i0B`9&j<(dgAr)YW%2>
zA{sSdjL%)cpH-rnGw3vAmrw}41qaBw8FH=h38|)&!mCl4Pqt@IQ_P<J>f29WnLpLn
zUOgV?9LO7$f_)KlKHaTDSbVsSbeq$*AfcS`{!Hf2khc3B+jkjU`NItJyv#LOEDb76
zmFbZ^;%3e%hIo*2_hOFbh{D!Z#l7n8qJ_hBl=H4~uRJBvwUZdi6f&D1euCg6S@B7K
znCcM;iA)z<vIfsxk^r)7iIPT#V!brh@&|4C+xd4d2m+jVF1)?ed{9XrPJ{yV(f3xw
zOM*oI`~OXjUYNwn-*BwKRs4Ly&LZU6(cui)glLf*3DMLx?6iB2r}S}$y$brQTujZs
z2M%N4vG0$&vE+f>H0aJJ2y%XezuxaH-wz%<g7eQ(kNQW1NCC}Mw!YW3-lo-wj_Mv=
zkVXc-H53@+fjsg~D0Zb`XE9bv@mxU&QQwdvVORWj&ER;MjEZVIpYe%?gyYK)75Em(
z386`j`ruQcC#+%S5qL3N;_IhU)!Ai1NDM`As*bt}iF~VnAMAXL<O!87m^HPC(Eh0u
zp+(e~V^4(jFC>fZa~!>qDyWZLH>@Ae)oCcA!7`_F1&%wvF|0l?%?xe`68UsxTkf6r
z#M`>)y_TzFx=d|{Tq4-g>P**q75uSqe1Zg}nYRF!Hb`Cz@)`O=YWQ%1909U}_#I=y
zGGp{L$fpT96?T9AB&YLuUIGF;*64@-hDZxK4N`UrfsDV(Rr(a<az1jdO+kZTQR=@c
zx0e#HL5JNHI?PjN1+pYxxIlFf07DuL>wg*VYb)Q^S9b3s+k2_>J>v>25pA+6wTmq{
zS#G%Gy{gn5UL%7d2cW%*;VY-wNjrL=bXeK;oS<}%vC?{|>?vf)XQiD`+t_XJrJa(x
zHWGE0#G$B_3^s$PXXH*qXTYaGt!cdJ^S3>uHq^&hAmBACS8n&|E?hq+8*%z7YUYZW
z6sEcoBrC@`6?;9Zi7s)HmMg6?=vH!ylb7gizdpQsV&<+|!X8W5Vrb^8#ti)sIXe)m
z3Al2k>lL>8-ixF<_r2FTuvqhCMq~R>!H{DITukS+$Ew0=4(lg@bz6I{s~AeiKVjv!
ztQE;fBRML8W$WMvKNLr6Hl@*M*T{TX1!AsE@7h?d1^ccyw(o*F_6Bvz8zw>>ds5bj
zQ)X5WT&Aau{ICjDK^A_cQFdl&qmGLWCnVISgo#?Fa0O$m+hCoBTZonPwumBJ;&2wq
zxU2NuM_iodmBIv7)%oMHdNa3Xa89`4?qi;Q*aJkaA3Q1-J)agfV^XL?e(t#k8@-7&
z0yx?osp}qAn*Su|h6^m$jl^Vkgq_80Q3Q>fXAG{zu+t*yr5x1Sy{Z!?rA4gmaTSKE
z=%2w+P#1E`H?qCjkzz!96jt|-rMSm75_z8bm1<><5D>{#%!+9v+b%Ulx;DaoMz>TD
z_9-mZh3R#nrw)r<ML0xBY9Lrzm4v=y8n&FaI2t65nhe302%CoR&s35jejex}9Ah7{
zIsTE$$q<SjeMy_qtdm9v)@88#O1s|AR>k0gMp0^IsW)<`YlYRIERbjQ>EF51J+ii_
zRib5gl7n=S--!=oVlOwMzEYAso3Q0}|KSv-0nNzju2>Bf$j1eof2G`X|4$Zh)@lLY
z1Wx-n$I$gRhn(G!tolt7HsUZ%*Ys3yhuMl!&^d>>iy%~*5De)|y5CP63}W~v#ybT_
zaB*%KoAFd&I8TH!29*csB_;md?3a;#luelHlGaSD<U5RAiEV_f&Q&vtm^BuLQ~Daj
zHef%uiB!6JjAug4Wd2mrMMGWSGj7(g&{La#CwGcD+O#=HF2EQud|Dq~Z3kA~8CKqu
zm`vyBl^bAF_v-LYhnu#uUBVdRy&?!9NdQ|tcCV&Z0xEGXDk#HC21M(n^VVtg(fodg
zh(PxMSA2I0!}*!pMiX>#r20-kPs>ZKdHQ5q71gNZ2xpFdf>Ry;jAhZQuoA}*(r6{#
zEcQL7-Nqf0q8wT)K|3Hy=(oRq6qO!4#}2kFakx~$Tcg7J-vqIoYP4ok<9U*Yg)NH+
zYsB*O(GI7uQ*N)rhx5Yu_x+ywZg-ySiMWt>9vP;q|4M@#R?La;>+&}E?QcheOz*aS
z7gTkUVn9|*+AAe!!)U4L0F_o4Lyp}QFl%>PV^%!<JYQqAtcQ_sznMOoHM)h6!>gU3
zzlqRmwhE8wld&FFIJ1{HI&d&ZM;`sd>apBcgl9FrUf=!8w(R5`3XeTX0m6$?DA@|r
ziFvq8hxFI^eF!HRq}uZTcr=vP8rV`12&N11d%Q8-7c2)4QRBtZ2vb^D+pUz_nlEn4
zSD$(Ouw(ugjqSfOkL}RdRO%7dB3V-kdtFUouL~*cwM!Y9GKF;y$24?3B2K$d>9g0e
zIYPF^dn!X?yC1OjlfRG7{_?cj1;6Qt{V(IoY32E_9S*fdQJc@uzi2?sfI=GyJ_?Ps
zuM+W5bn+*4lIn#1gdC}6=Bb<AHurzaSm6d-sd|7tk{a@;@=V9)juV?p%#Vw1Kh2nT
ztN#T5%~aIN9zU>Iu%ROF+jn}#Ik&;Hk^haFDO&YTdq9mT6<%S4Y28&AVl^oYn+hjj
zBCMsf8&2h7L^a(aN`l{b;iv({obNt8D8-*8Trz8NH-UOth)DL`ZLII!MD%MFiPSaO
z&G$i*z>M9?{Jehn{uZ$Up|3IUDpJ`oifGuXI<pg{gxf5e+@dy21!mclC<#Yu8v*TR
zEYIpVNPz~nGx)M-p0{S_4P3Q5{~aPL#syr2mc0@#fvD)pdvOdu@`HqN#3F4XYp}1a
z0olPO-Jy)u1$T<shq7mCDqV;*3UU#$fh?L^I>Kc10tVD5hgTmW0kM7)qoN{oOq3v{
z#<)p?m3g;j{7MP4cYavda>swTjFoJZ{nH7KkRL10i)pgs2>MIY!P3nw-n@9}Q3GA5
z|L?LU{+OEhRbHn`sSbWvWqi_Bl?bf8C9DQ(oXN&$HLA`6h?YDPPmB4N*fjEAXl(6e
zVhPGVIBq^zv#4y?70+t8N$kmf{l4*KrWmgOg-UMX`4+R2!O&Iq72I1IPbf@!y2;>7
zalrUWGbe7Z_2vgC7=5ZurNIsS?9U@k2kD3LRxodbQHr~u0Hdvpi{C2a;*3hsOc<#Z
znwBN(5Od1O2PMrv(_ws4GlI4uO1OK>NHAH=T%l!p)hdE^OS0uR?t&WZ_4p?Y^i<MM
z&GtT}Bc}+Ua7Nsab(Ai9wJkiz`%BczC@AMqY^gC0RPqnC({jV%rT|YJ@76&GrNs4+
z4iZf~GQog<5P^<YI~O;O-4IS_c;5VC|3dT=T#QvDTr31^1!^9AIFrt4>A{TgyD7CU
zAqnl{C#`TW#vU9Jh+WO>-b^@`c3+BO&tmVv-+RY*=kOdHbnUi!U!meD+s9&XaSlXn
zdja~B9SxWX@COr#CQ^L8qeNF*9tG())7c@Bjkg!s(%9(Wm7Ml|M!|(E^o&!?78(OJ
zEU8Xm`B|;lb=4ZNbH4y_ASfP@*<$@YQf<mEi9JxrZc|fGEZSu{J;AZZGx3YH*@Qf4
z3CsHhiibVt*L`XY`=h^G^zcYPkWx!I(7K8#a6lvCC*4EcUua!u42D$rpL!>*qJv2^
z$a_Lg-}oU89{o0ka3z_tVM9r62bEK{IsORK`rl~D4nK8F<AgDgeK>THgXY2oVXcYJ
z@1JqzK!XT_E*Lc;6BbhKs+&v=nNfyZln$(F`2p1kv~jf5?-gza0b>~~vn{Qj);W{l
z{Iz&uFW=Tj&H^hhi?>Ys4G8Fk0IlX$TLl=6(>OA^?m#qRW$lZk;PZ349v6k`Y&#EU
z-h_{VBdw@tOf4(E?HYx3L04fA+OAViz~Y{OC@-Jxc9r(wN6o@VF=wjErLXXV)+n%>
zfS0ZQD_jnUs_8qKv2*rhV!mqBZyMJ@7^;rbP<|!pfYQv8@1CCha{9PB7H7)NT&RV^
z%^_^dl8*O|QWHdRu-FrFDWf<2o-hvVCyfveXnD|u6Q(|V6xGFsvIZ3TO;PXI&76rC
zEh#*s+p%#LQ{hGfj6D1OBFDpN+5l?iK%b*<a{W#+3?6J@%JS~l|9ZzUH^PPkPl`bt
z5V5@8O4k(fQ&`8|3#<@|X^?DTnNBWc|6Ma4%jS=VreC`QtjXo~Hdhxh?5=kWG6>US
z{NogchV9uZbSNX4Fpjt~kijK;z`Kc(S0RE*D1<bpG$XzQ!R}oiVwH&z(U=4vlG`xC
z1(MYy?)|eLGXB!^&KLU&3WK)}O3#fH_)INo?A9E%X0<*^KWmM+aq#>?B!<x6rOwM@
zc?XHuyh7fsauzHnL!*>*Z@N`4mc`|Z`;IhwLjfFR<QrvGj2;qP`=yHca3F~0Sd+<F
zKE(lH{Gb<>8DEiB)BQSr7SIRhQMi{F+P4)*&b2&RTbPdpirxvc>$HSNwn40<%74_0
zFbOJ(WO)P$s?LH{LxMzSEQr7AP!ebAQ*cEsx(O`ONzJC9`P`h@kgCC-D=gY%HX<}8
zhm}*RiAHWB`88d>1iSPew^UHsN^N3ojR{`~;MI2!J0TT~a*)>gm^~)b$z1!TX>cdn
zn|enUlMHMCpEfl0MEIK(oQbPM2Rw0Ih{R!%Fpf&Xsd=tgW~^oTVkhBL<k{AWjHwu&
zV}}FIrRMqhT@x^wf~=3Jlpa*k6{FnGggtmMa<XYCCZ&kpRZJ9h$opdjiqFNzo_q){
zXMaojb_QzBED4xd{zzRvES}=StV2<5s0ZR4w%@)|4@Aj&SNJhnLqXUH;8)>ly%EWM
z@zUuvCIz26cmlIu=NBO_=yecYZ55R06bJ7`rFqr!;FxL(^$v;|1T^j_0M@v$y0E93
zwDP}}=3i1rDuJ*nDoGaOuCXHW;iw4?H~ukUGExJ<|C^HFe`84SZ&GsBRLy~-8++DR
zvITav*-74C9>XA=7t@akJ(LPk{Rrwv^w$&0POrhS;91uJK1qiyYJU&ua%25@<^BP`
z1naa*<~Tj#un4Dho!Yq*2AuY7CwSQe`ZgY>=P~t*m65wh{D!OHr#I0FLKOqhwypD)
z$^y)(FH886{+3;FE&=$I8)H4jXO`O4^%3rypxdh&3o3)au}ep!OpHwQ=VAs%mCf-W
zwZa~Adr91%RCE_Kc}SB0LtTI2uEmQTGm9;vdteJ6;pXCsj6EkrkT~(&ZH;2N-auU<
z-4q7uCU8%y$BIJu5;er9=tt!ZZ0)sZ0Ea@7NXL_;v}!w66JA-f*z4P#!2c49)1ybw
zgV}P`C2PsckZm}Tp$Q2TVc_vd6X>1>vM+s9s8GEZS5BZzla$-hVDW`q%Wr=*v=4fY
zp3G7nq1aD8oOy6q;Zy(?cDIB367S`iG@NI0Kt@!r3_{CN9dC*W=OJ`w?)}W2t^Q}>
zh+Rd;#ASep?vlz9!dFiaL`SWWip`y!0`|qiVKW@J0lpnEG57#q<&^ixjPh>OqBqi-
z!Bi{#aoXdM0D^>!0wjjNNe*!uy?G^$`Ywh%K^f!Kve`w=%da2N|E7h95EuBwkoL*)
zv;~_ocwM~&aMEF?rhvE+$<h2K(V)Q!pJjl>+sw-EXeU3LPVL;9=Vw+nQ#&KMI&3ks
zG(Ywmm>xyJIun{lEg`fmCQk|!iDY}S^=>+a_r(+-*v<cM5+e@QvI73)=Xf2G4jsF-
zIFK)s?$Q&Ps_EW;O3GtFdP?&iN&hN-rXyXGF57lZXhQ-64xtDS=nId_fqcd;i9VSz
zM5Yu=4B9*dW;i%l(o1^yUl8)u<bM;TF)f2_TI~pwx&b8}7E4W8P&%o|Jy8(+7|97%
za7gfI_X7Wrx)L7bHB2+hkggs@mMtd<lI2xR6Fz>feQFI^GT-a!T@)B<yD5b;Wcv^S
z1b(WNx)?pbq|qT{$Ykvx5y(oyegC8yCs*mO9O4C4&yVAomg$f@q0y7QHMwC-Awf8?
zw+CxD3eSElREXrI&z^5G`mE127$q#iUa3qmH%P!6oHfj(W8ei0)-vg<f;=~+v9<}Y
z_iD+4PFx`)k(evrE8>SefO7@`HwXCb8Wf+aOL&PmLc*pSM$vKJmbKLvxc~?kuKB=~
zPz=WjDPwcp=$KeT7aJBXUK4sn*y(+@JT!n;TCyI#cwN@LUNcG4Ij@j!$r9{Zh{h@+
zn#t0KNV82ifZYhbt;tHfh-R!(<+J;w$7g*^k1w&;Oeclx?1&V5I3!h{U;qai0hBTk
zcd68(;Q=%jv9?9USJg>V*0hA(*){PNQEw<qMY|jB)$7orrthcSq45W$5)GOuV}ZqR
z7H{F(AFiNOZ8sUa3iD_QL<<g;QYA3YY&H4<70@gx%&w$Hp%zwq5n|Zt;fpU~ANvb?
zwI@Xhv`0{|^&2-cck;M00tNn&siqX$`d!iv{RFvYYE=NCB-I)6NWPv+D$t%k|4xU3
zbJ3u9Id>(ARY7E^0|=TMjQt*u{0kloG{ig{eA0oDy^&#MYS}VQ80k4j^&*}7Zp*Sp
z$lsG4Dh#s<BL+@xCS`&*aZwr)Nk=(FxYlEDjp^8Z4!lrB;TUFe6F>%^dM|S(tVID%
z9Z}{8JEMb)f7Qg*mK^~jLHaQigs9(oxktx*;hhP!Fm^M8$Y$%LtW(-=r@gCwZzka=
zjcAHOr^tAGUe3!d7@xPYkc`O0MlGl|Z^+DJPRzf%*`;b`6$3IQ$N|IZp-$PSc%EDx
z-m4w(c076gzVrFrMMZ)9eza>B)=y^aLxR(=Vn$MNTU|-i`GM7L!AK}VTMt3v-B8sK
zbICB0Y6mhe6CAR=c~Vhw2=a>#K`S+Yx&wQw_?-&^VepTL&YX4FsA*o(9-||&%eWD*
zkE2tA_$S40v?cg!9VhdrHiZE=)KT|+nfzGZDfI*@*wY6c_7q=(>JJETH|s}|-b1*e
znK*^RA~E7zcgY-;@Px-Wh*1C4-BaF|>&Zc#mQiFo75wc4+9q|AzC;B064j2kk@D<<
zQBXb7wVAG|T3fXt5vv_CNeZerQi0QrqzcnqBo0zJ!rc=dfuIPk?1`PRSLd#U^F{-#
zdx9c>>n-K#zdcg2sB1PSiMKxNR3FO_2c(-~e8$n#ZK8VN7Z}cRx2cxKkxrDn(WJm~
z^m^DGv%{sdC0AyLs_LjI^~-yRn5frr=-*ta>776{Pn7~&{l1D#<JJu^?@H5mRjeGx
zTN;!|OJyAJy6f}rp=Co1a?k(rQLG(yaaVXlE-d)4_TmVQ40eXug3_BnbV007Xoh^m
zI6f1I@EgZAP*keysJO;1D)E_^6t;)sDw45`+q~G|`>vV3Tyd$y`D?a>yq8zaGCG7}
z+ezAql=@WqPjx%EAarT?T6MC}kgXmVc=scsUJy#F`*9aO-q2;Jfaqxx09W0zz)osr
z%u|@fTy59*v8HHVG>cAR(2V0s7g9S2R3T&rLQT~gxq{aZpDc<YC{lLxy~77CCS#j3
z`9`%NO8du`qgAkXto7+D`u)1Yx~o?a0kos`{?Fh+6fWx{Lp4lWKixTOTSpvRi&nb6
z@UP69pK_e4LGdUK+oe`erlo&I8Zeyv)Z}klf?r>JEU`@#gKK(5pm!F5?<s;uD>La8
zYPj1|7~+vdODPATtkZPusZqOD)k&DS`_drnBIIqKF%=vJk_`W#gP13d)!#-?6a02t
zths7O82aiM@6#)5%qLy$vNdrVOxP-V_%^G@6-)Ua(fxYkOM04`kIMilH9}qGv!_+j
z4<OHJQPQtxH6yofA*&ub)Gqg!KBwqry29jKh;QpWCv;G;zWuk$^4EP5#2aItf9D01
zb(1&v`q@llt~Mi7q%wJi=Eu(s;&SfsOcitmMI%*ngk!1cHW+7#9DK8@(MJ+F6S0XY
zT+E+`Q-YXz?2q^dPbz1smuAE8xh-+b%d5K1Hp+;}&>EzK&=&`NGH~H;Q7<O;ciWPo
zsT3gTX2aPh56&|F$`g<pW!J?X)^*lIUZOqCq0r@&^-w;rIrbZ{p(ZP=t(WN*?oi;7
z)LgcZ817DzLb>-+5#WA_v`>C%3)iI|ol>JMHPv@oOXc$iJEh7FOI^3U-QcVu$7frw
z_y8Wb@F2Yy=^b2@25p+tpi*6!8-xE$cg)boKy!<Hk$9_cIWyBD>R|CI2N*^agQ34!
z>)c6g>ju|i;K_4!jSbFstwU+I7CULSUq`=vzA<v47K%sQUyu;U!ilke-4B&8nJ><(
zLj}@zNRyaf2KyFQ@Ry7}UWE1q0@`;UU{{tp#<I=bo~Vw6Tva74<+D~AR6u4wzdb|v
zBI%ksjwyqBRtYdFoRYC+0}oTthCO?h`aoJ~Kci8hPRwswC8;~kI2-&1Ppm<^oEh_k
zztQ;DaTnC~-sBR-8d$pE;7WU1B(jmLj{6d9X(G1p;6kp&jCC17=zWAzOo9#eXxj;i
zdQ5PVg!n6e%P=;NEX&zU$gP*PfZ@`WdT$LHzi@@gJgC&9p9(E@6G&eR2Xlhf62fsi
zd>8v1^DKh@Dv6k?QrcJ&r<bP~sEDIBu_zpULx>*-ufphQ605CvBsQgcQr%l3KsACq
zl_`sP8za$)J6DD=*ScZMl^Dk0=mlPiwN~!%F^nQePeZmz8YWw~8wgOx_Ku4UBDh4q
zPe*0`Imz`(MDbDO8^{4o-C0s>MkqaPl>4B#Oo+NQCSs5Vw4&;othox~xREQzhh+NH
zimkJUuqBBYDT@*<nr>ycsi;&P75f$~n0(3K`R`YU?L)LZv5<PB!J>&4T<>bT6(%Z9
zAcv#fa8VEsAGJ_~9MCc;cplgIxh**+&$egBW0~zC)>CeI-)3vBZ`WElDh`rg82_<b
z`$rv<%vvWx7eQrM&Oab8qES9IN)8a;Jnh7WL`9~o2aILVh$#qo5myoZSCrzlL_($x
z{Z8t^O&AYLp_tJOC9wKb;ZtRfowpI(vaA<Ee0^<muXEOhSjr&8v2}DxbKBMyq>X+(
z^xY+F^y54E`9gK_245b+fikY^Y3B@{$p==S0#<6eOWm<cwQr+!aWGBfjRZ12RtFYW
z*^m}l&WxP?(~qNy17W4<tqzTqMQDv*vC>#Y5O(k{80IS@oFst?SyPag{k+?|Yh&`f
zeEQ1XT5AojZ;O@DS;|t(vWfCg`2KeG{hKJkdiS-gG_6NrtAFsHi45u@_A-n68SP@a
zjoiaJhRoD?^Rmo5enT1^rRFFk-2uf>8?)P1-XElAn4zv26{@_82g&<^EUg6bps@4r
z;7>n94-<%HcJE>R>Pzw~KA526$rmU{<Y`a<;UsXF?xQnp8dXi3MisfS5wU-oJaaxG
zkJp%AkFE}fC@pl|I}71W)IxZFR_jK?_F6{S-R}iF#t_@amk*Nd_33xEXcgCTdJUN&
z=}~+RHTnaK$n?DxC#e>>(eeI`T~;zI>Xec@bBU_m2_s!<bzmnX)9vFo4T4;FZ^%0V
z{wU+vC%M*M6uSvR@{RonuqcOkIuu=ua$VY_<TXU%`mwGI*IYgK%e~DE5hWFqP)y&J
z?pATMU%`j_rD=HP{Zgnl3OM<v6M^LIMu_~<$h(PJFt&R7S37Gb4@cqk%Q~?deemIj
z^}&@1mU6hLgRCtT_P5<g=WW6_mjk|<PKTg;Hc*EzXwePU7=b^e%db?>GH!h*kWQk6
zh!>hK%S<^R+ZL2J?)~lmBkw!A+eXqg{fqVxVE!mka5t^Q6)E?<{RIaEK?xQ}@DdEx
z{Q7-ERUuU&P*U&A?wlT5mc#^9)tjCWdRr9PBnRA2Cj))~7m)u`#@DJtmMT?N=nI&m
z|LFRi4{unZEyopA9OZ5grM>bB4ijGD@Wc;CEHkjcbocO%H_1!0Qgeto7>#EhcY^ni
z9+`N}XY+)R?NzYXHq5BT@~$P`RLKNKN1QULZ*s=dm{OIu$C*F5Mqfbl(5**$a$-;4
zqe0UmCN{plL0e;zm0O3QLFeMjv(OqrIIF8Fhzt#?Wm;P8!8yr$aJJ7?2mUg63Abk3
z;Iaaznw4Zm$KGzIBq{qjywIo!8tOo`cHAbYlj=O>ZrseLNxjmU=<bhOiif0e!~hT~
zFyWP#P~rI=5<T%F9-tmq_fubk=9*Q*5)s!xlFckht53}m%zwlUYju#pyAJF6ZUael
zlQh52W59o|bZ5z*s>;r?t(^X6pkGPREu{vp4ktSQP}q!hcCZ!O1U@$AGy<y<ezO&2
z3!@a#DCwhl+&3d`+FZts8MucT7xK6L8dFGf_3G~{js$gmq~~9jzHoanMZJw$l2#j}
zc;CuMJZU!*l1X6#r;dwvW`$F3`R*@PG)E*P_S{_t{i&-VV^q<YPovIT$Nl&Le+pUP
zMSK%NZjfBo?^dVG=A3_mOFzBTPgHONJ6yrXog;|LCmgroa4pb|NM?d*M^U3wXH;e5
z(HPVx?-bj%o!O0yOf0cW&*OlNh&!32<K~#ZrKS3!PRCuaZL9jFcK7}m9YWHsEgO*5
z@)Em~r-{jq${v*=rfDNBwXV|v-ugIYDjJb$LT)b)5|WpwnSu<>0Y@sguU3!gxn}gf
z?j2j*yVzSzUXR<i8-;}{s{`oazvJgEU13Pb;Ag@$LcTmPV~u++%Zw$o5F~l}p+`DD
zFZk(Piup^Fm1p%O=K#kenk=`WG`L%S%czoEW(wF8CEFY<t_O){#S+dLu+Q$!2-r11
zONLjg)pZ<4sGqy6B2?t$RUsvYv&4sBbKIUGofm6`yf@X2EaeRCLa1qi(!ubwi<7W0
zK{302(lF-||MMq$dCJzQ1i(luW@s|NW^O}|<Pq2zD~D7oijYvhtayKND3XgsHL*i~
zzVJE3)Hn?gbhe4X7=nseGLBaoBbzZOB4L8|B43iKa)49;_fCz2Wo~vw{>m6H>g2;d
zJeu~}&Y#I+iQ$^Z<$50kaBG`)wh76t^}nhm$r>VHUG+YKGcexgRq=Zat+)>k9$~1d
z+lu!`>UVlkb?Rbxt==07-R7k{+o!n0`N7*Ct|W#IPSf!sehaqfpxdXfm|Y~JCkpKy
zg<af*r?|pu<yCUa`hHCzsa06ryRbW!P}{48>)r|?Mq!d^)PndF@1~EzUCZ9pRh~?L
z&;ZEL2F>vP`g61ZOe^q)#6KwjuVrpG>)P96@gndJ(vBbf>@JRXU)RgmyDH~o655~X
zeLqvo)*vWGrPhmHE@n^wzu;%7t41=7kIVQj%N*fF<T%3fXi(H}xH#VH7p8^LMk>o$
zgv1r6r9_Vu^^<fTrI(z&9c^_zf~Np(9HCt)^E@jAT6LS9oAXVv?oIQ=1~&E@<hy0T
zCqRc>sG3*PuyKPv4|>N|eQk1qigNAiu~KlYt;Q-a+gZEzId+C|nDb{4?OGAfXN~W4
z`8r;?g|q%Df4lign+@dEcm^&zA8GJ;gex!U{m5p%kgO@(@2B}a+_L-9gue=TZew@C
z=UF_4ir_bYI+R0{;4EywpT&jCSj-iq>rHC48i27B215&H9AKu&As$ISWc)4yoT_6+
z%Ak_vG`pEm1MvYi%4T<X=S$ALiO|Qk>YtD-MZ$$8A4ph1=vxDEFne4nC*KMgQ@b1g
z;X_01``s=z6V%(<)r+XrT7Wq^#Z7Fc2PcRm+T~R6TQowS;mrR7F?`Dk-eeB?Z1>gt
zB9JI(xf|M?9|T7!K7oYtW*EN}EPjb+l!%$kt}E<mt@I3`c49Q<?XBVOX}+^K*VsDh
z1&XZ!jZ_P*xr#U5NprSt7x4hcLm(n+n%7Ma!6unw$tq3K3c<HXr?H00c)=IKXwK~W
z>0$2nX_>&9bwirVvv$`yT(gh>3V787jhq$YfcO|Im1Sle5WivojGd)+Biuv_ESyv;
z7i0^1ln^_pwm(b3!du!QSA!hW4Zv=b4sCW^qq#i&d*rkAZtx1q1*~y=<hGJ>d?d8p
z5J$37QHAdNg`LX2zgPb3nq*NI6lE)^Dv9m5Y2vEeQTmRE{6JomSuWG<35w}Qx=GW9
z<a;5DBYRq;=l1}alB8$kG_y|llc5lAz|XaC`+}1X5dc>E7*@MTv1#=9gbx^HdN#0n
zRUYEd>lDowdijZh)un&SmV&c%o}&|_Ey)jfKZ}l=lTE$Z(W-}o<LvEMiz&9VnG9Q~
zyUeDio%Dcoxo_Ymui+*^xe?U}#a;__HV8rrbrJmpkC?Ig5gqlRu-?GT2<0&j(<QwO
zmXNaJ(5F`^yu&7>Vt2FKx)C83st>1b_X(1fc*9X37xrXez}rAcvOK3qYrFc8?k_0J
z&b@U&O;2?GKoT0y)9G6@$*48f%V!&Q2fff`k3eM}m*Sc-FxfDdy@a0#j2#j%Hk^^S
zb!}h7hCr3btM&xf-BUs^4Lc+pSbBMudokSgs9l2zLln8kEz%C$APN)VAKmDj$9szC
z6d$r<KJA6<cT2RKHfy3?qcEGkfB2VWBe&r1cuRx75dz-u8$w!Oz-n7o#}7|oMB9<i
zD!9pL0^lCJ7e^K?9PH*UWR4ERyLvf>T-!(dD|c5)?V{#6%uupyCDtU!rYebqoSE{N
z*=tHI(wL$a<XoGWa7wV|#MbkEo1`OGT0|~AE&fmuyn7jf_je|E_g!Zsx0Aza(zh-l
z%VnpjS`^Xh1i$@22u<jRq{Gr2*?@1>olJQ&lT~H@RdNj!?JS$sr$nLC&^g4eY~Ix}
zpsKsEgG@J;ogEssW7p-Iq8)`C!V=jr#cs5l8rBX+s*GH0{G<-5CO<J!4;CL<vQclO
zTEV(lmS=XnMt-%EKaz`9mK91Et${XGj%7;DH?2EOEXK=?<E&mPMU7{I7|Kq6I|3b5
z3y?Co9gu@fit%7Bg3SN8zf#`J>YOk4jq44#+0w7vQ_#S52;OPf7aFnMX12b43<p{N
zw%=|2+aRKGVk_L+s`Cw$&`UpCL9$140u-l4)nmV+V!*@%criG`X@DgEuuMtOQcN#N
z05(9$zmicP3G=)z_xEVv4tg%@tS}XyhUxI$qP711=!RRCb%SDvqH0HZNs$qZGT+ZS
zg0zt<um-};P8EBtY`jKhHg;KsNo!tdb=XIls`w|9_=#eaBzVmegGBsO^Zc`sc6)-p
z$4<tQ1>OjE5eF_iVi)3C1~7t0M5#W5^pFY9HGakx`x%pIE}9ZREh&FAo1K0&kAcJd
zxdp2~J-RxDEpMkMD%_ZKL1{JXz27x?bGGw^O$d?c;+$+I=46@6KSKMXnELXS1BD*`
zutGPqwtBF74{$0k5HP9w6>wLH?hKcm1^Cf7mTHKu`_s1U<UKhA8@NYMD^Yu5v=WYD
z(`bI^)0fk`$a3)i^gjv#T>qoPq%{z=N&2$2Bd-xoPLS5)2wrXuwNN1tMQ=fC{U<k(
zzFV!ia-Ga|lC{By@d}Ommo>A#Eb34@*c-ZvHPpBTO59v)z<^qK*O@-(4;TJxhBH7?
z*8382u>+Y~QHH507MDiMKy~NFpzgPJhSP-RQo@H-Q}9U*#Da0~hXzugrkprGF5$b_
zdNL&o=_RnxF9MqnfpCrBS;F6RcNN~F!@q$+bq;5HM1f~|xO=T2*A6~Ru63TH5J%gH
zn5F+Hd{n#8n47^0f{O+6)2+bZ-d+rXLiU12X!QKMSP8VN%|59TfOnAe7^&zZR86SU
zV3EW|*={6%3#n#~-@-Sii=>Sw9j*3^fxbGRjYNy3WLlD4goX8I_3wAtA1{d3y}Ubg
z%*${18Ov|u;6<@r%{!#gKFSabU2?MFl}i7fPbHVO3Dh|was3Gzzy&0|DEtD|icX9L
zmv%%eWZ~L)4`m&WWLqt*KUL{Dng<(idkCqAiO;+B5w*10p>M)B)Zdi3&J0R9?u7@N
zS^O5b*?0Jf5jj<$#Bf)a)An4_N5QEKltA*IW{#|O&exqLGw};|;d1Zo->;7dd|1(U
zi2>50ipW7fZTN`qLT~i1S9s$LOg`nXpb9b21pC%0$vfv;X2TrWklF}kb=&k_9pJhj
zY8e4JBP`Sf8p*Q$k<1ry%shR{**c)V)Cm{jP}oLHe?UeuaHZh`+#yUp`w+z5?9VXk
z(uvWu+A^>JZ^#WttU#AO6+3lVebhWlUm$5FC5a#S0TQhS8j*MAG>%mgGj?6qY}bWg
zGwH;IbFvWs*c>Bwn=j-9q_KSzlujnMmF%kqeLjO`@uWhtNONAKB}fmKqEOsWs#Ayk
z`!A?<+^t>~Q>U{IF`H{u#7Mdy>>jouQm!P%<&4yP-TS@FgDZuhL6{MXp4r<Q^YArg
zm6sY5HVVRfJk1VBg%-0J4VEd@FwP*&<fN4)O-aIGBV<k6G~1LS-UUpN9HTacG*nw1
zsq0agaHQXFBxORk!CMFJ%MvcO6X~8)E@G`AQzh_1zMFPd4z{pzz)TGR+rcTo7Kot9
z!*VYu2(WfQs1Fe1;_}Qb%_=R3`rX}qUQB9w+>(sZ<>US@Z;#R=4yB46f>hvewa9GG
zu6%*Rti+c+Zs)JZ!zw;+1$=<Jm1U7#T;Q;}`>ylw96`<MxFhtWN4$z7G%f!<P*FLx
zu6oHp+tQ-zjYDrj6v7QaQ6d7{@EEe1NhLHbi+Tn8n#om0X+~3tQ*S7p4CDPTjLVeX
zwr;9b#U*T3;F}~n?M`9Lz)`1&%+Dp>TgY@0pMaPK4)FMnW;r>d3^N3wG@2Pv8|NT!
zy@P8~vtx;=4g#0X+;wS@JE8V1p`sV@L}B?e(PZRGt3mjKuqZw)im_p?ldU0XqQYxI
z*gah(1X(>P^qUDJXBZk~W)Z!76F+At-|duwZ|;{3PhVU`c5fg2&oP88#|P?(2NYQH
zv{K3$APNW01T0MWRBotgr1h6+E^dVI=7ycMZm)i%pAK?w<3ki~ANLQ(C^D&$XzT(c
z^3nYt(k0hgLfRt@P25FVCN3dsh?4knio6mhly+8=V+miX(SUDu4G&8MKq;UOP`t;W
zC3@L9mpypdmtgCjScE-f&?3A?+a+NF*P|BU?EC5QZ#K;O0$08fjin$4K`HkfVfBG|
zZKk4=0+2r#*-1KBFW6~@H4h~Ll#D;_HjF*%!AA?B*jFL(JGN*v_nD<<ZS25>>NaI$
z!1a?TZO)$&9+JsIhyTXAZi}yrXv};%5r%DWVA4R&kKzR0H0(}2a;FSa6{a#%wQjLF
z!@?X+Nc#AhB)f3P;Ck()N;!Izcx98y?#^H1W3>7Shwb_uuE24hgr^{Sue2^KK4q_4
zPK(^kU?XRVR+xz!?SnNJYjm|*u~$>`dsDyxa6hLVFjsq6=PhIA$;oNMDH_Em?)^Bw
zE*g`B&QK)X&g>NGlaT7uaO9SNd-Y&E68>6~U~ag54VSR3_dD;Pbxh0$2?-_Xj?yzY
zpQ~Zd3ifOPu+gb+yUF08`mJp|R0l$EzsP9LcTyqZ*0xbEb4Dl|*&64Nt+WD`t+nc_
zs7g{ryo-&9d?`>K&j~1u9M64;G@zCdUOcKcjjXU$5;Str^XU@r9ox<yC=x|tlUODu
zVyQ$XYlczvKdbbp%qJlVlu@B7-I*r%%6D;+lx*Miroed3q99XG6rF&--ow1uTmPVa
zd1KjT>cHWK)2c^6TqHjgCDbH?feC?Ej47fv)N|(Zno<49)1-^Na5z<WaLsUwM?p1^
zUDfD9<CFL-v5!g@$oA42+hq*w#Nk>d!pIAF+!E6xSke7NcEKy_4(nux`I@+!<Ru{!
zj`?8>zpa<1;1bPQW^o;|lM62eOUozID*wH5k~u`#fb9`3fQMNGq|uxax;)?El({(#
z5(j{@Mks<RfA$N62R;up-44Kz*99_Jm*-|$ggL5f%}KY3t0<zE!?%2eZH<p=5a;d9
z3b%GV-7<@GqIWiHl*C$nk*B)Tgy4i`pPVx6wfiFuw^z{%0?S@EqF2~}%6v;6LU}H8
zx1fNZ6sq>5NJqv{LNhEJyd?{F{-@jgYV%P3A?D<O*T)KVgFK1$jL56LzGZ`&C?b>0
z^lDmLh@;*YhOy}#-pY})dSNlpj?-qahta$OZ<d*jwXEttV)XbQXz^eaLq^><Y7=GT
zkgK}N42j4em<?cJ1)D)MxylngLVfjP9xILMU?R;PgYltsXx2>POf`r#AkpkhCS?<9
z1@^@OLj|hR4|?AfHJjHa4OG3iz<mw8oz_E7gA_@z5oRHJxUKoHWwA#&#&o#Z*Y858
z-C+^>8}~`+&lfc-Dj~oZS%2M=)2VQ<r(pyx`MmUW5gqmk9@M|TVyE(UsWd-KkjQ}k
zB~@-eS4Fp<D_1~c*e>$AT9}+3-peVI*Tv|rqJ9~4CsGS0wF6ruGGb5cb2{?H>cYJ1
zyEmB7#lphCQU2i?YB3E1#%adiz*7;D)g|Kabnk)NQdSq6ABf<g_09pkP}$<(?}XY%
z0;pO8mq46=7oENL1Oh$E$+V$?jUVOLlXO1bsihwqLALV3rI7r>v@}z1ifJkB(w>|W
z%ZZC$mgKF`r@E-|R4OViJQ?zZ2YH?PZ!V+=aN@Y+Tt=FL*suSTO*E$ZjDl^;0-*Nx
zBjoFFA8x}9L^7dUaMDh-Yx?1oOvn4fC7o}lXXA<LW`PGTEr#`xqya=q&FiDntj$!d
zGR^f%XmwJkE<)L!=Ai`NRuRU=NZz0)EKo!tT(lYpn`}2A!J_7UR=uTAh(>zgT|pGs
zNqlb?EcW3G?Aq6)RRJXjhEfy;>iA8(A}dmtk3H?oxSvqFNZrXXw~z4M|BoXb5;W&c
zqnW9;r8!Mdr2{)H&hJ+bD!X8%X<fl*9A!VcS;UTU=-xczncGAg!%2G(yKsw;vf2}X
zrBBDq`@+De7O0Z>78(nKls+iR(wPQwC8pwYjh?v~=7cIn@p@f$AJfXM)L4a_8^@^Z
zfueAjUHo1eoJ@T(UAuFH2R_<-q|=~J5e}`AFvv^H4RjK7LzI{sm?h?*MjDqS=K34-
zEP-1*b!Va@soiSR<SN1y_wM|LEn05areuL;Mf8|_h)E2<=7pzxif6cUS>>&<S#c_f
z*}g{Zrf|q*H6D_<W40@^vc|TJlN1_=>NS}ao$<Zt!(tA%MaP?49}?v!`2Xw%A+}HO
z|LRWTCfJ}b=Jal3kEl=R3%{I-p<TDAyC*ZRT*z@Oo2Z0QfKA&3CwW>5KjqStLS=HI
z|77D&@-+XW<|1ZtD{&FUbyLDVMT5jV;k%}tJ9r}?iq&U8O5XZ>e%xV31OZ#}iM59r
z%`TY5g<qxM_?s{gZ8^Qty<SLsnoRcifk{ZbUB9%nZwe{Lue{Qqo<3CG$_mQ5OQEd&
z-a?S*u;0$F>)LDi%J3zmFK&Om7MISo1Nzwz0u?O1q&oL0Dnf{oO9LcAl{S1dX$3G(
zsQAm)@CgAa$>DJiX~qt!4}JN%m|n~nYkYgF44b%;E2}(`bRWJ4`eNfHZ{pCq*fpn9
zw9IJ&QR$1|Crh}gK23(RF|V7}b6ZprPkE?IK~K#XMvWOO97!nS_l}M17Mls*1rLR)
zv;JILvd4^YovEJ5HML~tB}uIsoetZq(@~h~(cWIs@wzIu&_0J?xoSQW={ZOa37!|<
zM+7yU`8S~vJdE^qd%C6TKayN`;pBj1ZFIDNXW+&o-bMd)zdc5UCS+fNymLP3O0b}g
zO03b&{xmx{yO&DY9N2@PYC>04ChHvy)XAvo48nF)wrR~yNy54-|LBWF(#3#L2W*By
z8Qx~5B9Pz-(^aTXvap;gw6iYMYLbJ|k3W-1`uStrTr)TPtI4?`k#lkMz^}!{5dL}X
z&L{5tyUV}T$q;qLjN$8%KqX1Iq%9JtM3|`1s>o<-YCf9XLp=~w<`6cFnW6D5{2fGi
z+Qr8MY&kmoZiFm{>TTzULmxZU$!P6mA0K!4F6dx9XOH*U8E)cJ*lcjx(kw|cIK?M`
ztLPokgd>%``wTgUmQajs<WAhXi91>R_sn5(ps5lo8k=!=HeyRItrTGe7L_nQFBV~q
z^Kjgta$E*-X&|%oIgYQ&M|9Rwe!5)+zpX)LR)kj9fsexA{lgKC_-PAJdgw?spOmZN
zpaN?HZK$z=GWgN-$FE--s@iY;l(!F+SxK3O^wwNgB@l#tfVYy-6)*qzoc=f-6L6j8
zalf%09WP9$9l}%aJRi@)7gz(3<(f<R!ImbqnY3y|1sNf6k6oL#Z5!?NU&b8lAAu~i
zrLGP6C?=f@IO{1x|L)=(YMUI?kwa&T7Q&>#<;|q-SSjNWnz#*(AODRnml?HT^$50c
zotYK8D<)|Rcjv}c4>mq{yg*<IwM}((5PA1~UxrOkZ}pZ4&5cGefL7XL<2zFIHd_T2
zqu=G_whk+F+qC!6d)XaKMY?A3Vq<-~g0n<ic5EUg+DU^cu<0hRJinws_EZt%X0Ng_
zkzv`=G~w_X9}_5564($sIj`1>%{3=pR``w@6kbpwB)PIW`1O@Fq`y8S{ZgiR=q;7d
zqou@RFDH;z7uIKpDkr4dR_7XO<L=)fCOKl9@>6iY_I;{&_heQs`55m^kj~`eU}wc|
zVc-Zh+Bo|I37+^68I9Ex`|f>w3S3;sym6W2HWJ7fMn676f$@kUQ-ZVhnB%O;-@Syh
zcJIz-bv=JQ)Z&-JlVFj;84Vz?Rp~*Vy4b(NZG9tOt<NG~>hzRr@U`|&xI=g0I>3{U
zyQ{YByH6BquU0pCxL?uSrIFwEXaYx8G$A)l_z0CwxCY!y0rUqY?t55GS1Ie>jlM$|
zy!PjoK^pxNob-%`fiREl!NIxSd%n90U*JmC%Dd;Ha*r8(GB#fw7O!DKQuDm(m5wq&
zU8dYQ|10p`R5$%8SUco3oR!=kEWOn-)Kdzpovp3z40UyI#`O@KUG`rns+ZKPa)m`p
zF++KTftK-*=Z_U>-*s&^p-o^&MoQx7jiS*Y4Mr4x$ZMIuacLydw#8Ax>v_Awr3dNf
zOS!Yqmg|*q4>7hs>Mv%$RH2rKA+mLsLg@+^vrI)cax(;BS(DLQf;`_yq${_ot?TgR
zd5ccX@Ye3a9%RrKg}q($e*L}(wu^Z28ay0cYc$reGn+wzi0Kncwx}%gEqHf*8uZni
zVoi<ISic3HJw7843sw)cid0?uaX~1$m^rzM$W4-<XJ@BYNE<jriMu+Sh?Rw?LONr#
zn?o<8Y%(&?0L#^!I3IY`E|uYGx-n#ysb;xUsS?OAtBYktfMaD=2~b9ZN(@+b$KfL<
z?+Ja<RT4{eCoHHiU2>(QSg?&ect-OEvITVS5*wJD6hvs0cnAwXl`-{}5cT4m&~*a;
zML3#o{2@?q!Cl20cx4==RL&8M2qn0mk0u@W0yRLb2ThrG6ZnxQ4ljL~r>$s8m3)}&
z@IkFQAe9IsWyS)Rx4jBSKLhgaGvT6O+_MZ}CA~wA>h1kk&dT98nUGB92zS|BZ{_U}
z`j4%5cvh=Vy)6`M=U<RG4SP<{^b{m;x=lCyI@CPbz@HuB4M|b{qO+6fIIZ%JF1yGV
zkqNLY7u$kE!1j>r`IWF^kFku8zHt4XbqWZDQNUeDp8`FqZ);V?q?5N$XB2h?gPyaQ
zZ444pdUUyYc4kZTA&0Rj!l9pU9s#N7G2&uw0qd<?;PcT)tswPV6}>DToeG^XxViM+
z<N?Ks^YGdz56!X2T|+&1l*%NQ?GrLwq9h%1EQTklNpxUU(i-<M4njSNAhRH29b@hB
zuooI=wsac$T$XWIL9_@RErWGpPiG-{^*AnGtD#FWMQS;HHpohIR2Uh@mqDz|ToJ^Y
zPCl6`qCh#{VNw38q9Ny=AY9^k;lJwPwJNHkILYuQR^jR5PNrLe!I3{5H5~F{CLOpq
zJWj?KJ;5oC*$M(XB>faR;h=b1Npb=OH*XexwBB{x_0A>2+f%cvX50A}T*Ty`*{c$j
zt#&yY-;10%Q|=W|?9I_;BM0uJ;EN~1tEK$$os&j&&E&E$yG3zVn_#B&ydq(R0;C4@
zmEJvi#4HSaApuu)_X@z5cEeZeJGNc^@-Xuq<6qC)Ll{xR6qYn(gK#c{wDIy|+6L9C
zHKe774GiHyxwrd&1cx8+GnLG%Uy+}%>;c{2rP?sWD{(|6yPs5!GORR>Z{P!Jxm6~h
z8dg!!QYssKE=KAJEQbh0Jt@GG(c`=TC(~%2QKQ}5j=A5IDw{f6_q!#+Ro-bBHI64(
zJFl=+sVw`ncs7KRhxK%=>7#qxCf+G<&l_(Ksg!n{-s><el{c}=e=o37I$);~RUPCC
z)%W|`jHYcAkCNAf)zLdTwltE&+Q>_Zc|bS_U$*f+wTUzKFJvCrI+wmZeQKsWY-j}1
zXUVNE>V{&2nWkf(QvZHwIaX0ISGr~12Jf)(@$*i9Io1HSdV=*Ni<ZRi&M&5Gz^~zR
z!|#~diI;fESp!)2>BAm^GrC8J%hZ=1qF*uN{ztjdRxh9Dmiz3ND{|>un|6=7M4Gb)
zu4Z_MJr|-2TsQ9FSHBx$e1VhW-VGCG-+v9^L*A&(rdg#ymp#GFQdec<3F&%ifjLbc
z)pr%H##CrpLkdpWaD#cx$t0ZHu(&S5WXmnOi%)I;QxENdxRyB@yalHfS)2Jnroq&X
zCngb_4COS0R}tzDD<B9Ci8Q@R(OK7dc1wu0mZz56)K>pK{4G`&+0WTnEi7T}-eKU!
z7!tl5<0DB(Q(NZtRgd1T8@)zO7eoH+B-8^YnVEfsG8i?%N=7^eYaOdAMT01?wE<#L
z-6o0K`9@RNtkG0~Iwe@fc)E??x*{23d_^W_xcC<_e_Ifs3p7GS8YCT}=6u0VK)w<O
z-~y0zKLtsD4}S+pcEZdAPN;CEqhBvv2@lWvAhu-G)#V_%{3BaiQ-*@{(o!|15|Too
zyD9aD2a0pA>~rRSy7C;aH+TPm=I-!_89i$L<SGlD3fQ96!EzZ(eA$g>2m{^3#y7oH
z$}wIDFS{qo6{(h*-fenJ$UHIER2wmj^ny}>FctNVHb;bX58+iA@kSZYKi6`2)7ofE
z#jH%HnPA>*{}=B!iZ&xXLVT!t`Gm=kV=mx`*bv;<;hg%Vf^c7q^L{l2#h8c<yaWfb
zc(Hr#Mjrwix}{h)3eRA1dl%PwQs+o}ojJV6sL<}LXrxqHkg`A`GV8sqA4F6oZ-X-{
zM~j$Ci2nux!cDqRs#}Z2bRC?gE#1f(-3Oa^pUcFo;gr(9`D?hwmJ}8s)VSF^nd%dL
z)}~bt;ygvU(%?3Li*$%g1bH^3=nEww{6~tan#W22)Yl4tT7x1mpIZjzE`2IG(a_1S
zf7~KbUiJ$vV{|BS9*uOEPP^<P#jZKo|G4<m#F?G3IPN!W9*hx9^>^3)S~yi1^_`b$
zx?FT<pG<XKpYk2{A+3O`GV{I(OPvO(CcOf}lNr0Q^j5A!KSCiCMK$)Jy<A>{I^=1j
z&&muaABU#lwl;AnB|TwNcv{+)RB29_8(@W`sZmh4oI8-BIIgn^35y8n(4QD_@Vob}
z$?>C?->QUyq^|o-19oR_R#I@4NvWK<b5sjXKp5R0KOZi~kjuKWG?V4}*+^~8Y97G{
ze}?tnwM!xi74e`3u#E0+#3WPhZx^9MHfO~%y$Gr`>e15}uxVChk)&Pwqnkj67^n)i
zD{l`kv!O&&;D9*u72~NVKA8I4PLZAf+)%T3OUuTgk5rK$Wfr~Q9LC8`4Nj&sP0;x>
zStA7d@*v?lJWy)e3`tx|yC~4c#Ea<DsR|jrE*Fpn6+JVm&q`5!A5m$xQhg?}sxpfj
zHfkRW@oSXz#B4rj+NzLg1x7J@Fh_sT=LCxK-+pvNN5y#%tub5WvzFg;=wl}LCuw^X
z4|(|C=EPvYVJOlE7gzBMBx%L{*_X776yPB-oIe{5{xF{nHmKy8zz6vJ#$?FUrxrMl
zOb98lckAHp7#j9cdPS=ttsB?>1F#TQp(P*Il1P3_NJ#F2eDIX9d80f8sMsbBf{9f7
z(}A&lVfkIH#>Tr`S{ydfCb8%XK2gN2LgTu;ti2E<G0xd%1~vS8O%iQNRq1kQ^>_Q=
z#ML=pEgC!zsAm#e9r{Hg0Zq{;x9k42EjxLK>%2jCA^*+6Z;w_2%RP<ehdzBdy^Aad
z|4;v$QU7k>ho>;gzL;s*j<GFx81(K#e;+3SDmNx&)Hr1_Cgy^bCM)H1#Lik1L5vM{
z6Y@u|p#k)UT9~j)enladUevtHi?)9VQeB0U&;TVq9#&i11~kiB^8o(zQ|aWcO+AYy
zC7#u}-=)gdUsmK*!-vQ66}|WPc=$7jc7f6$EQp0JvtpsOC@y7et33x(T0|OKWumWQ
zYg?>6-VnFch3iTbjh^SM^*R0!^F|Uu##~3`RNIS+RTx;}HH+u+=xA9XTe%OYS?z2#
zn=>~rGKTNn<gg0k%H~&-eOD(CQIX5mI<`O!u=lB<L~{d^4QQ?QeTw|K5&k8JR&TxQ
zIfv;y!Jqf>>KGX^n4*=|=Zix{bTj|&TFN`m(aCA3xg{or8qF=MpEArVz*sf6q>tU>
zW8_JN4c;{@`A^Ez2^>m+&#Uw^va)s>Q|(8pYo|Yn0@U(q=0R=Sh@+n%7vXV7cV1+u
zPxDyRdmpE_W_-fi$pphmvo~$s+6$4JEjL8}EFEir5T8YySD&>q>a(@o9BafXk=ZC|
zKDYYhz5`c%5kKQQcMOu0#g3^)lGmJd^lrlBErnN1Oun)9Fo*Y(4v{RjsS{tTiXy$n
zB5fHtNwsLcdwAHs!~F=(c~d(>mZa^$$+EdD-MA-7brx<UoA+9tpZQJJuL<1vhy0XV
ztiS0>T43tN;4RvLwQ0ggV~Ew<LIV9}<LHE(qcxciRqiSZsOSard{~d@c)6$NHN5|&
z5t>r2)CR1KU|E>Kol#BOd#CG!woIa&f(I#|Cajd)gZJW?2~u?c7)t<P^4J$fzUT>A
z;axal4~I$HL$Bk`r3CEImHkSg7r&>F`p?AgkvpBEI2?!XK|Xvtl(28SEv(8tPFu$A
z)%M-R9S_IRtxHY9d;YN-??l<sDCk?_2sbIp)D>Sks-dCb&^S-;<Mnh!CoxRU3>?%O
z6KY81w(a^zB)^bBPHRZC{Nkp_sMK50fQ&NYU&lNnMoC_(0v^PbE+b&SKzmcRsxXPU
zAk&uY!7lwRF$SXO)%rz=;(8$G#4MYwsD%~16oHO3H^Ys9yZ=mKs!>Ups&Y}Kt{c`M
zr89{8)2F}FZ<~4$dh~&YS}wcw{NW_Eyk?b_tjD@Gt+I5Dh)n1^1%wGtR!bDDC96o$
zAt@2-ZM4DLBYOq{L!B+l;W@T=xudi;oS~FHtV5s14pH5tTpk%>Qtp3rkdv|wX;)Vs
z+8XSq?sCcCSWdP|&0))m2`u0qgr*Kwbdd20hOM*{IWE_b5kqn#uu&;3Bq=&X8C$c7
z#`l>|q80A|>Lqlt-x2KQz10yK`B3A^S>^C~yNr+9RcZwN)#jXw*W>nW;<qs8Y>TqK
z3wvD&lD=BF?yc6_OCOWScLV-`#aPn<t^KSUMXb|`r5XCHYlvqT0?;a5jGni+kXPcO
zSeAfI36{C$evBCpvhj8T4r0D!3eY-m9i^qAb5t3)JgPFSvs$q&EQ(Mn{LV`b!q$9V
z9cC{)A_-!dN}Q20C0Z$tT(l&C-Fo&ARV|K6ED#zc796-#wIupBWhj?1t*8RAHfXnW
zbxqSei_~htBF(0jmD6NZm7rq5##eF$THK4K>E0A@l1c}0n;sAFY@5EhqPbO}hoI#Z
ziu8U(3M6ZNf25}w_Hrj*2VN>8ZBZwWz9HfTte*;rg`NNv2&vxbGBrOyR4*BRkt)cB
z1d@+iG6iNyn2P~FDNwjE>a$rDH2wrp$7J9UPeL!1<~sr)(WeC|7H9=ofk_E-f?n|k
zr;ed171cKn@a`NB!DR1uZNHrhobnMtoP=2SU6*A|-Q+dgB$R=qs!&AH*3POHZt*2x
zaj+q?RxieK=$I(jbux0a+7xOQ%xL`Ox*nAL{3-Q|z=Xxs^e*+#$5pUAzMy_=243bw
z>-%6c-9TP}28*-T)t+X`I)rV(KElyo;sGLM1l-1tVscvJ^=VSt(Ofz0Si1nF`oCcb
zRqO|~hNg^5(3E)_3%v0TJ5H!w<NRvWrj*5^CYj2XU1ehxZR1CaPH>88$Hn@=b&X?6
zw|jERG>7%#Q8V@TXy6WdF5cgS3<`ynJ6`1K3_gb-C|xTXE)l%r4XmSwAXo)tdzI+(
zL#w-nwUn+egOCS`u;^B&@@g1oyc#CTtAUoyMM+|mn_*Q^Mu$H|c|_rFle{3F&h@v4
zz4=JFShcA6!QN<x4P7akPG91sYc85@oJ<tg!;NXulO0ZwXS;XiNd$K?8qOR(_X;<0
z3TfmMf+Y%)pKj?Zh>Sl-G-`qw(+%U&iK-$U&EeIE;^Uou_br4<E>0bHYxmr&$V%E!
zEgu9j;VoZgE$X8*NL$RSMZ5Z_0Fr71B-6V6j71;B1u8*GmVl-mU0AUrb4(a=4d~o>
zsN?(`wb&cglS-Z&nLXt)I)mDg`Sj6UBL)v|r%b`eF5WzhK&~>=#<Xe`yT_eRb?EJb
z)uB+}EyI(Atu%5NNq-;Gbd#Vt?u;nN@Lg>i(;KSIa^HtIrte)DI1Pk)NL!N%@IZ&7
z91LM#C;X6Ed-1{-RJOPQ=}Du5fd1LFBy`Iv=_6Oen~kt4ldw;n(w(Y1GGg*qaNj>r
zewcF?gIA>qD4S0Z?9nutZYRh69`0lGE;~cp7eYKYM?2TceGgFfG(J1$g79o}?Tvg>
z<;*>mp}D7m;t7h`wF|eXoqiKU-n*MUx^&m5f}k)^Rk(qpU`{!@2++R?*2u5V>c!@o
zi~=I*F(QW4wxO1RGaF7-@!?cftpJtj&oIFYgCH38dnos7i=4U83c$2hFRtMm5QJIK
zrlL(wsW9<_OFJ$kVB&i_&kqmpGQT%?_MRp3yA~|bwbHqO%)m>6-17sMUi%lJj|#`o
zv~HwPDOZzvX$%mIiS11IUjz%3FqN(w?-C0=(NI+r-Y-2bAqDI{+(0rg5>LiG7msre
zTIGM>e<;EFr@OG|PrY>{=>WlsMQ+EI_Hi}{V0Vt&3**0oeO%B=aKz|eRo}hoHatu|
zv2M&Hw9O`j3HIC%g5FQM(e4@o%?aJ)#@Y+ewcH$xXcerzV}!F2UaI<ev|&guYJuuw
zQ~?If7Os_T(Q+-RW7+5#qA8;2jG0GPo23g^Z540e0$@5rk^=Zs9IYPq9}%=GUGcn5
z+mE?coo#Lq$~B%18OC(Eevsg>;9$&t3uVfnB(s-hH;VJcCo-b|rn13D$&DEffbTz}
ztIkbK?b{YXWpKkwG9Oora&sJ8s(Xof678G`or9hezHUAnwbdL8Q+G<&2p_f@C6qVx
zI9(#{k0jpm<g=OxlKBAL`EhA763TFXa#HY9W+X3D;<)aR)p8&V)CN+3;nA&GCsk)V
zIJoxwx944*AwjjIwB1@#x;z+9#q;NAnZB<Gb$%pncp6gmIs%k_vioV)SY3LmFKZe%
z1)*EL#l$~vLyCp5fvSVQnQlOfDaM2jwCwwEdlT#uwm+<BQ2e1aGQBDFR~usthP<Pm
zyz@NVzTx`se~*sID_?}}HOYsIp9&$KRycz8L;kK+9P)1?DMUss7PgzfGJTEjv}Qij
z+;P{k`CmN6nMQmL;3($=8(25bah{_MdE{b`r1YdLY6w~6z@-jH=%|0sC(<alr6P;o
z0Ggwf%3KXySlKd!eB&tH9%{mEnu3dHM>UJ_M4vG(p`?uLlysciE8LExypQ2DOrf_6
z%BAMsI-p2hfBqLA(d`M`LU0w41_6oZLJqk-rX;w{X7(L+11Ap^5Ox|poHu5KeY#W)
z{O^2}arzXkc*Z*8)T%u&Yj*1ycW0Ib)g3JM?+?Lw@-*p^IatKnKL0fuTs_?jO!G?S
zhBd8&ez;j41E*+~SV@GixUoFnMWK`yD0xeKO3zt)I(8{utI&i;KtB!P&BQGFEH8Dn
ze}QM2cn2q<6V2!KM3wtxWw)GT!}7u>$P~RJrq`iLTP4S?LN^1p+g!?rwS^+83R)@k
z3Zoj!#r}^p%pn;0kEiC({&Z!zh{1t%ZKW!98ep^T!IQQEIsYbTS|0FR*_K=Di(B4F
zxpvP`$s%0|4gNX{N+R7(iK!6!;Q<ZgXgk#))6_}N@n9q|x|7KjT-f)2843%nvnQIV
zwV0YYC&-7Yeba_YPZ6OA#{|6-=k(PhrNLDOXV_{@-6S$5Wlf~O4nY*vU2@|DJ1y8I
zQM|1z*mMB?^4k&6bB#@{0Q)yX(+b)CxlZ-JVS7fNLamx$nbIgjE5d|`XxY1cAe$&<
zg^7|vof>hrKZI#}3jIPF2>Q|6!Ponq<n~pc%zIH11}|B#A5C5nUa)9`{4U&msfMNW
z>f~(2M(rA@HV6+KhKWm_4tfcWLWEs9R_~8}e13?<7%*^_p}z8Nq18`QO{#Y?SKscS
zJ{tR~p=x3jY+nwqz4NPg$W!nRE2iBczCtkYpaM*>IoSIYW=HkZ?b_B-3l#c4P;!<|
z-CWHnd{*-xfMw#%Wu>DnE3eCnGFqd-ma?c>od(7ep*JS|S1pIC8|}ewwDRe&%4CDQ
zQHL5?HtihZ2J6ZG^a>JWc<4py9gc&&6XB$H0r)&sTo8ixR2FCxsd9)|U_naNDPDD`
zyl~!)neJt8rnlY23M*HNG1?I+^XAukI2K)|OF%Ym29cJ0|A?G%SSJPSMS~btJ7OI{
z21I?Y3=LgWFg>iKg|csHepXhhvt<LH6R`~KOE0)yT`^`E4x0w96Pr3XRlfMfNU0dd
zLR?UP@N0Q-1)tAv%9m#lZco_0g@gX(h`<A5iJps?y|=|{2=7bI)bzo<EFaaUUNL-z
z)WeFiR{|>(vR7>37rvhY>u(#@8rAVtXT$vz_(3Q;B^n#<njAgjK!!(KRtLC&saEr`
zd4b$7l<h@ts5n8t#F%49)WLPQhXMz34Rq&_xs_&Q)y+%?kR>i|G?JYwCj^#Fw^)3P
z?0As42`!TPTrfL`zNM^7WgT2TzbY>yhGE2ATVr@`_EJnw49XPJ{W{K&7nL&XEj^qk
z&R3OOl}ho2E;bhon6zRJf?6sEnRm{-!z-DriO(Oh0i*tzdYO$D$5FR0p&qEku1=%t
z_lF~joIJ#c{?LJW>qbGUr0jhrd<PDFIQXQov8^>W){{qawt={56B0Wh`=Jz&L1fw}
zJBM{Cc}WbN4{fD~UZu9dVtEMVWCB~LfhI|=6&JN`x@q*{vb#{D-;Sw+%d*tS_i|yI
zP{P<&ylFh!2kY=Rd<*tx&&3prp85u@yVGnHzuk8U@UiG3B54XK(ZWKEhBLpBNCkb(
zT)yhw+#zyJo0_03zl_?OLVmgR^oc@4Vd^xV?BgWC@4<}?V3|UkAs(P42ubj3PMo=)
z;5~Q3+58XEXog%%V9nnX6!U1*($Gna30!_I9x=Bz311>u2fsGE`tVnVuv=*ok2WaW
zb}$GeRULuSpFm3$I^&xqh53_dVdxGMxR}R-@Ax#rN)q4GU%%qPSWI}WA^lsPxfJp#
zdFbZ8&wy6ZZ2q=Rg5ZsgBq+38SID5iSBIFD-(ktI1NASQ_4&URu7kg)?5#d!(3VjZ
z<R9W0I(@x6Sg<+7$gMp1fDQRki9sI18RvC>;Cya~J3lk8qkqq*a$eV5kuFzOUL-|S
zk5w{@o3+C#wd3RPNT5N#uZ?wMHy7_)G{M3)n@?tUpX^};g^}>EdfuKfgZ&=EQMclM
zP$cX5@$v8l0KCs<lvMk@Nh7&bzvCl)wU(MKSudV;ikn?@;b>yH^Sg56RXGNH8e!k+
zEZ|@hx+h#I(AZsE2_9r&bL0&!gnYt}r5QPEtH$nTHRe}J5n$++CR>xD|3jK$+(L>m
z)uUo9i9-@Hf#Og_HGC@4k!xYD5Gv!Bib*3hGx=jRxBpQuliZ-LCyd<W*jdQ={r?1J
z(p!DjO)5f%1{FM>a978jL>aiJ^*QC_*VdqxtU+(!>N?vs9_H|g;GRIj90rn%5|5xj
z&sz-XL<idGt_leON`eK&rM5I1U9DCO6`eII$0BO92GzI&BYb$gJHpx`5R6Ysr%{Cb
zrl#$<tjSvQ!)B>H5UTnpM&4qR6`f9e{)pnG7jf-!K>^WFW$8>U8&XQH!DMORRjF`9
zjn};PBIa5cLvAk^<lge5lz~B#Eic^K5vBZIj|tMaEM-O!Bb-F6!zh|U;C7gB$(>S$
zX;<H0q0I${^?R6}Rb9GwVv8tVnbn7jkn<^EdJTE+@NOjBeG>S`eKmAWzHEP*{1rse
zElT1ermH26rUgiezHzmG!Bli~6DB+F;J-2*34Y76(b;B+DM*ik6CTKRPl-qgfvEW|
z@R^NNMsw-jV-I^W)bPw7BO`esQ90ExS?SxQ8N8cvOyQ<)yzL=O`#Gel1Peg&B&4|>
z3Mn430@4d9W~7g(CCBk}c7R22&nx#KZe&pa5h9m)m<ASbG>jMVTd>70fi)HiUDrtJ
zzz7*YG!elZ-GYDn0qwe4gknB9xemWHIr*F{QtNY4EOJ$bnCQ$*a`~a%-3M?E6ZdBy
zzPui=Wf2AIgY%kpr7oK}pq`G8`mzFUKm%04ZnQebZHQgM-9gjG&$Xd!zU-1!n^yRm
z`7mkfRV*TFobCqI@yWuCa_S?t1rbG_UU*t6hwTap61{lKj0tt>+4zYTZjB<EF;^J+
zqOG{u&>V-Rw0r+`|3!{M8X=Qx4PbTiCvsaM6C$mf?wfW9Y7LQ?D?5iPI$#C=Hn(}3
z1GmOBL8gj)c6;KHlbkr&{T%6Xlx1GtB<)QC|DPx&#ts8cZvuS%IKku2kMQw75Q=PD
zyAX1UbC?7vFWEiJ5B&oa5W)1vBb`R`g^OR_ux!EnhYOeE!5t|SCO1S7m0APr&wcn5
z-_AYi%N<<n_%Ia>!Rq!zdPKOyHL%&nPG6AO*@WD(g$9C%-qZ&>`z$P0fKbSztsQol
z0KqK~#Ch!S^bx|<%G5eByIk9d96*a}+}O+=V5juMyYySf9hdRiEc{Y~k;cqhA<hi1
z<c5-op8S&CZ?f}M(|wg4y;i8)W^-@BJU608tC(92y4U|yx6ddVe?i+!uGdi87}JV1
zs{E&)F@f*9L>y|K{h+n`caz*+CDP#AdUu3RjiP@z2hnG~MTb=-#c=j^4wG780qp$U
zJH+%P=$f{ZHTUCPu$muMP`crUNM7S;1q+F}h<EYJJb+RJ_Q%!XE<jBc17IM3CGpB`
zS4z#{`kju@cBR(E+DNH|j5HTAAhOBgtuHO!gkvM?AWT_bCKtAaRDx-B4z>h_NJ%Dk
z7YhTpGmDrRdx(xk#D^2k{9kRx)>dbCT;h~4Uay@<ZJ0TlB!qkI*hkZv%G{nF7FbB#
z#rv{|O=72F!>1~0?RLD?L4cRb`lvN_F9ncWKLc{Rj^ju`+#vq15Fdc2Yik3*9_4xR
z{Dlnc-c?OA*E{~6V&*}~<SC6s$|fG;PQz|mw@1zx>H}rOjcDUjmTMAWmUuTUWxXZo
zr=kZ&1(pD(x{0^WAXK%O|Gv;Z%1n~4P}(EL-XWa8yu#~9eFJ$;NtG;nC^j*icVtrt
z7aQ$;QIF!x)Utlozz`+np+;J`A~VVBY1Fd{M~ppKWkhx@8=h2h3z0=bOy_L#VLAKt
zOH<n85&NEC&x_pG<ZFCuBBRnTIVfn!(yNFpSrCExRsmxbz6Ev@--4PqR<A>RQ#Gy4
zr&yx}+N(owc|0B-*QC_wRLJ7Cj_*|{+`K6EKqrblbXf(!B#J$BS?$m;6Pvo&<S=}g
zp`fM;VIxT_R20sI_fqZmGD3bUe27F4EDIWNEf{Vb%4=oe98-mT!<;vgg`3?H3Im;D
z>Rb6OI?|~jpEyHXxxeK^OKQ)6Ap=Yrivwe;NG1YudgSLF1hS&kn#DlU&hQCnT9whp
zh4U-Zm$ka^8X=A#$c0uEUk!jzkEM2RTfYg}2dX_DN?DhtPN-~X<Pd><VlZ2S=WT$o
za&`TVsvf9o`U@NUo8)EhH<G2Yy6E<vuT(1bR!%#&gRnrsc|jy1TTV^?YaxYBo6OI~
zGJuGro}N23rzzV=Ljtpacp`qi<s@Q$P4BWNZAr9iZoc!j)7y}LyWUT^`T{q%{OMMh
z>Y|#90GBmWwJG)5hnP~&pRBLM0nAIfhiJEDtz!3OA0Ky$qFZA-ns1?vr^!vQL$a=k
z1JEWvMh*z4#Y=sOS=hE?^R_Liw^j5A_#Ozu6KTT481VLn3564@BprD+Q-IQZQa1Jl
zV7g;^h;5e!uk`jZqg6<@ywz$imViMi?<T~mCWdS^c@3e`f6B#ynNQ6Py|NZd>kR)w
zXaWb?MND+d7F_#VBj|)ejMbf>;fv%Pz^Sx4VSD0gyFy?kV!4x)Gng9U6rvfr%wjj|
z32x}@_9h_?V9$k5H-Ik&H2^a``q#1`&A1K^ge$CSrY`1lEo-3L)f<v$imNe+aBw%j
zd^{-Nce?1{5=0RKl1Zkt%=IeLE1QPZ{+<ZPK0V&*G0H%lWmq^P@Q`-^He}u8<es_j
z2JhozZIZHK(xg_bltXClyi&StTF*$&$0=zGAjkMoemzN-1kMTM%Rn@e3X~UUW;AHt
zj@0tWARYe-qe#Akr{D!U8w}89#uwI<@TudysXr`?Ggd)XAk6OKW@G&FoP-@9)to~;
zTjVg+C;>dBRFaHHwZZjIKj*s0hP>i*O-bRp5LwP&UB-7Irx4LduJT*1jWH;3BPR9E
zcJ;W<Z1WZyWL6b?Dvq$->u#*u3MTd*^$ReiC<;LdWC6-f+TApw!1+z=G&uy+Ig+(K
zVG(c%clmK=6rd=9$&CjXv6J*+tTZuDY&X3#w!&;-m*`*B2A_px<x_HA3$!DsDMwVr
zpJ{5aYcOTbaQQf2{T}`fR)gNfUNZT<NayMhZ$kgiIDVVX$fnim-W)fZce&xr9hS0`
zk#!xuJZ}@y#G2lPqaGa|pV@2Ipxf*&oZaxL*HP$`qID7IR?<0Zp`U?AFFhB!=ZK>h
za@>;40i3ukah&=?yf;U7jYg&s@~0K#PLJnpt-V+Em_KWsRV2Ub-e`}A$_5RWY*#vl
zd$ESl(gLaU$7=q?<<p066DFYWD3qYcSr(mx&jP1hqLwUNJ?QsG8IXZ8vC{WmS!1BW
zBFH9|4H7Ja<RE|+$Mrh=-KHa;@7|d0x)26%Ipel|0H~iZ8MjX{Ngm@OIs3uBQFo$F
z?>42hu#W#t5>@sWZ!7!ka9xi3JtU=smNuW%#d%;C5y4O`-w<){asLp!cqEO!mS5F4
zDbZ(@(!43NrB+N}6}btHc{A{GqZ=7+R^djb+pcZh$n>6CMJqCRj$n4HHy^vzxjD6*
zLsIVsJ}W-nX&`Ddvky|XsFzx`6Gg7;;!!6Z(x=Vaj32aYM}K(d63_NKvu8UdT&fG;
z`<fK=6O@G*_CeRY+J5e-HC=Il=Oz@6xc*7FD~rE@%f`pHR*TG-s9}AOPVjq>;zkf&
z(M}kDlDJSc!6~!KVPV<_xGqJvJP_tw>v7Sc-q9W5VQ+#6+pq9WezhovINQ}W=Braw
zP8Tw85KI?BOi)lD2^MJ=?U(v)_=K>Tbb?-&x<i$9D9(h7xjXN~ix(jJn%4Ik2|?G|
zrY0jN(h!bd^%iKkK!_ji`g;sKwuUs2$K~crDCrNpl65Q<+*>G*psu(^7lfx{GI<|N
z_E@kH#%CzdM-q=P%1qK2kYq40&Y`TWX`+kl&DCz&rNvc~u1-dKtQj(<5s}m$DFeRm
ztlLtstTG!lWA=%Od=6HRsn?PkB!LHoW$jLpUT!>2&Irsf$&M$q?ZiLw2F)7lCb~2B
zZfRMQ-A=5F#L!dH%M}?~RXXpq7Le@v>=WlB1=&STKy_k_WddW)+_Pa<`9j@cExxY;
zFf+V~iH~i>#++oC*%Qs}!Wn0<PS&ic3f--Y%4!WE$)srNOHAt2TsC#goGXoktc`-P
z{u>;xe(+bke@kGWE}){SL!KGjDwj@=gv~`%t{3H=JWU3|EBHdorano<Ih&1P<ejbx
zS>;GcGEVX#CBXi+%uzn8R!%tuAs4?0N6E=D5a1uxq#&Ik%VYNt!#}eq5_+h?aOk_s
zP}vrp8OTpot7lyL!K$`5QwMpv_uhg^g%GFguU;oetTBgWz=u3$VRMY2EFoWFqfQp4
zxKWUG<<9hxnz5h?6ok?cq>c&Icn$R_+UZzlHItd58j>!)nn`KnA}kw4fdoNO5EG_N
zDJ7_-aqm*vC7MD#4&f@>;!l^sq>(<&)7&Al8$A3c^BA0m+vn)jf!pi6n)YFzrLNPS
z2Mb=qX=K?Bo&+=R9npWEKvDgOmI+_#Dtk8Ee*;a9;Zz(J#M#Ln7x)dlwfKE|v=8Vp
z-gbqci?bW9-EDwpohK05<pX`d^mVI`)VA%x#h~ZD1@AS(PgGP~7152UrZLLw#%p(V
zIMIn^;?$=OAy)3`Am!e{S_=xYo0?g4)53!#%=GQPqGkfoiv-wARZ!I7F;%PD{)q`x
zQKBI<88>Pf)UpABg^gOD)9opK3wUs>X|!lzSfa#{$*O>1_1rxAJ&z=yA`5;eTM8{C
zv}!iLLWQfV0#@q@A7BJj(JR(Tg%u>hmfXylCwTfSIxcC%{)|J+$Dp>Oj<h%#7t;kK
zPdyY?smFQuGB|JV_#3hd6f}Sw;S}y!p#}qhoFg!U-$<s+h~UUUZJ!CYN)QJzUZQi}
zZcc0Pt|>GE+I!Sk-CSjXJHmEnn$jYyC7id>v2BIxZ(cyyEJHKHP=@_391xXN@LG`X
zE<1&&<+uvra7%)A9+qiQ?5dwq^fBcRVMQWrxaBHcDCVH0WFdvXJ_@pWy*Jhn^F?BK
zJnnd<Pgg5yu8~NFNg!I~JT^XPhZ|ogm^?wwwaqd-r5A8nel7=(u?IMD-1=lN><5A}
z##^{}U(2f38RmLP9j9G<P?8)UCPw`tViYTTz$b%{uLl|BdWan)z0tNx3I_&vB^y&R
zzuo-xzxKiUe^Gj$GY;>Qw3i>O;2NWPTnW4=Clk2~*myu;Y(93~DpTy-@g-21@CP0R
zcnTvT5TDnC7L+APO$9H#rF|oBBfmWg$1MxZj9h7JTy7OfcV?U<p*k`SXFQa7<pp2Q
zlDG-hNfibfi#If##Fkq-Q~Qog(o&#cg+N4U)Y^A_awflY%u2%7*s_8D<2sOA<B+V}
zyT{4Zo$R1wn&a(OUYmw!!M9#Hw#<%8C>2l@9fH{o&eHcRSgW0VDMR)CH{w3lVX!L0
zN=irK^pQedh9af2-cG^9+Tlkj&W=b>`5?^R2G{QsxNweWA-;vXzh2?Gl2J^HEXT1%
ztn32^-$cc}%*blw3ZY*I{-6luV;2-fj-|*B#7!z}wmX@+70isaszB5?hcjB+5Z7+$
zMf|)Cf8U4xK2GR!_mErf=sQyy<MwaWbaU>!j0$A4i%{u$PeyCVc+Oy-K23_#%h!A+
z^n_L@?P^5=wQNh?9Jrlt%4^3WOZLx1`%Kr1A{U8@ONx)&%WJEt#mA7kGsd)HNhkDB
zIJWC2S-MQF+#9jo0$<P0t7U&oj5aOXSb5|D_64jw`OU0W_EkYE8*lv;G4h>S)i+Y-
zS6lLmWig%k9aLmLj8^k(%Y(Y)?wqo~`LjEpODB13ac38bdBml(d`<96tsh&5AU$1(
zG_%`_gH2;@c89pxYg|Q6_;ee77D}VU7T3>|3?|=jE;GYJIl-m&-j)0@>el8pEB_hK
zs5I!!Clja0@}#NZ*v*OSj5Fdo6D6)Q7V0-QE|f62?&#R1_GG;a@uzA#RUlwmYdek2
zx}!}$M;~iRnl|j3yk%>Us(dkA+;K*7YBAMGPa!RKA!N|I>cy}-GZnugq;s2!UgosO
zErnhC6XL%~%%b7mwWY+~lXuRq`0#bv)||E4F}mM(3XaiP-0C{qhU5}Wpl=JF3C=2|
z9$CVtA$C49A<W9D@d<y4q?&H(xN!dq3y&IAr*VFYObFPFVGU;F3RhL63LEO#Ok)jE
zP4FTXp_{hv8MO$NKs@o{YX&#BZArs_#wW%$AGIExIx8!COw^X__=yM2kO1%S9pV?c
zoJPxsDFQqMk4Nj#<leieb5a&L$z8+-kkCqn^AC~D4X|ow|D~+dwj0n}Y)Q_NM!`@W
zO#f?pNcQ|J7*DR?3qEwi^*d?_I{g#bh=-!Fd>3})21a04eH&&tPbFJ!;v-60G!s4!
z^%_S78R<yC7tCmjip$~5zUT0!J-6AZW_RYV@e#_A_yv1Z$k_?54sCr9bb2aA4^?WW
z@roHE8@^!Q;fQprqUG-!(!cW@Pc~z-Rx4v`U&A4UJr=Ba<Pse|Z<q0LyGmthxk8lP
z7L0>A`CH7z=-d74!sD8NyPIeZv^6cL7t+O^dNp*Va_)jB8G#vR=hF18rS`aK`lhK)
z1*VRwV91#cWIr1m_`8&gRgYTAfFfh2h1PC!Zyikj41PO_@3odvE}tf4actYZL7WdC
zRJaTa9r97;$Cd64g~Mc>J4|l%I?0y3iXjP!k|3*v*jj8=I)K*Ioj##1um?o$Hs5p}
zWu>7aTmVQ*_h^>@b3ly0BVG2S;T{^5S%WoCLTTQDAA{S9QaMCq05w#@f^RJbC0lj>
zs3xQ4?$IaSqiM@kBS>u=s?f&9)^y2<=W|WX(@d^+6DDt*%`NspVD+&v_A}fcj$YJ~
zoUb&b+rqvE9*y*b(7dicN$vWPXc;D-fCnk{JM9kM)j^MUvIHGEXrD9lQF(dUr~{Rf
zW-)i%y>n|g>(X!)h44acK7&y%!+n7~|KyS}4i{*!r7md|!m`=K`*$78>XVCQ1*U1y
zq0uT=YOpqDsLgc|YIB`Yw!GH$2pWJTB}^38jb+maPEuOv<1=eI^s#*T6E1m#)ia@#
zPcuGuo21q`GqOXS8Cn11W@L!l3JJHRP2K7)M3?f82gq#5GP3SU)QKC}11*}!rK5=?
zON@XdeU);5__vU$Z@OI?bB4=}WgX7Ky+B`l$jYx~2d=9j4*2GdoAck&(E;G9GQz0m
zK&{opUAb(cs7lwgONG-mQ<kgCYiv7jcP)RU5kN6E7;-cz%f|Qw`{5dU|4Qc!w|Vnh
zSme`GwCHG-TgjVwy0S@xI=qNLGjF7}Jb(l$-Um)3q+FGCBfOj-@8Qe61Y7sSB154P
z1%o?qj1Hme?f2gMboQND9qMteAIEQD;5`1#z~<}^WX~IUfm!At@dKHl(0A|AnH8@i
z)6cO-_CvNSsi%5EMf696kv&HUS9Ko?ltcQ}AIza4KrNC76VzVa`oVPb<8H%X+aA2P
zFbT0_M6@2ZI_GyXtM2>M1w9ke`5ZzD;OO(sX0?oMUA?^Qkt-{j{7pM$qnZInH%|dj
z%4QN?KV3Sw#%Xkm$chC#?Q*7v0koKCRe4Pm(1KO@NOd39?iBm5+sI|e(80Z%xDU_w
z&eL?_9ut}}YKFE}PuAU;3ahSYx5~n%xtVS%(tHsUo7o{23I#ykc}yUzCa^qre3fbx
zgtT+83>vD5By&H6AJOuXo#n5Xt!PEd^@4)!<|-qatJwS&QYOZqHFJt`ns3wHdVu;b
zyW~}Y-YFp<wJOv0&^`R#Qs@3GBgKt{^Htc0xY4GM?wJM$ztO0dVXKMNO<v(w-%xjb
z9UdCDN$jyIk#&+{#y6_@Oob?$A$Q2OO;wX9OZchNV6ny2v$~73<U+VC*y3m?m#QB+
zNZ!KTxrXT3Oz)@BzIJzU68?5K0R&=*q7AmJb_*WYSy8PfKo|nVH%Gyg;kRAYGoQo4
z8(fLX-T#J@iFLw6PR*OqzJKQaoWvAN1WUh&EiCf*%n-DaySK)1BqQN<>7aguILCJ!
zb~SKwkWvcOvjbGdxbyz?K0mxi)mAI*+ba`$T5t4+nIt4o3rzOmOz#R$q-_*Ph<rf@
zq?0yg|8bzez@_4#FE${xx{@$)3RXN>w188#;u*UPS}8|?dzUpskWT5YBk#o|Iyqnx
z>-0yN8zi|Dm_a6daE`8`-K+O-+(`d!`cDE-;04#=@8d3ilP~A2bn3K2^Vo4B`C@M8
z=%@i{tGH?z+aoz$&o!IH3r-_P8qwr`j>ETRld`W!F&YyI_02P-@1`X0*kwUODrB5W
zyF6u5S$Y#;?~i=peX&2yfJI^&S=9Xcb}2Ek3Js?=jbb|vxKTGKz}d#sT|z;7?D2O3
z{1-v)<P|W153DYH$c^_~n(8T2+Y{B#)f;By?2^JX5?SNkid%Fncsc!>?x*VC_3wAt
zA1??8^y}`>F?aEXAMfH(5ASc*ek{F1>UZ+tLt^%!qy7!mt8fZyh}9Y9qbqEzZs#Tr
z5~xP$Cx3dU;33}PAXobPG|-M7^Yj$1J8G+h)Wv{{m16Z8vC&1SpC6)Hmscq-s$5=E
zuf?(gY5AEHwz@LNTP$Hg$m-A3vCwy@gwe-O(N3ZV7YMgQNwB@!ShUZ&ZpP|)`xb6p
zNb2JKTLl=gi#sBZL~Pc*mGDH?7pUTs%WO`dj&gIjCj9m>$p-O6myTJ|ftJ0Eo7h(_
zsKrd(bkVuS$SDv|?<H4bESJRszTw1lga;JOBJ_(&&!MwMu8g$vV9%{hXZEUKNn>$(
zWv4u~D0RYy_9c@)%R@9iX8d=!qYJ*bdi3{AxDQxGpq5i<TiBydxs>8QWMy{^rc~4k
z@uIW$o<JbLxtM%NqL2vHHG@4$$Drlj6<U^USGaJ+6cVGgf@5QoEv!-at7{kyO9lfO
z0~!s^LuDXU{iFY<ClaK4%Wq6-)FqG)Fpi5(?{EkS4IYEe%#Xx*KFnYqWks3c1L6le
z#Oth^(Fb(S$YqL?H7F!vC>7wtmJ_VAZw_m%lqO0tOPN$M`COd{NIQkqWgE4KD^iOX
zxie<@%w08fsK=t&X=nF;A49mY@84l}Mn)f=B3Q(>sQ-l<6bl`>wPjmNyK|p-f>}nH
zH0u?q0I#t=watLQnNA?AwS_c}xzc$_T@T=vn*a_`5U*WyfLJr#Uj34L@LsAvwn%!1
zd4mk%ub~eU(qX8tk6@QNvkh?xEq$BKqS!(T$%fW>gSnlBbGv`>Od9S7>XCW-mw&n5
z3W;XB&nh=lHIdrpMnwxFPk7LC0xE(Gh4R7kHaYHg@m?0+<LUN3d6D8?8I2#4Js+!6
z%dBT2Q?SfoHWbs<S}VFs%Bfaxh<}Sh%6tKOe?ex%i4VTt@f$kYkmi=iTx{=<YD#~x
z>8xIdt+*M9nxTQ8T5=*1WZaG#Z_5-IfQRDu<?Q5`+D+AzzmWh11XC^156(8CKq|fJ
z0h3B8O2cJ<AkE)!icO)pJ8;STTie({7if~PzXUEoR-fEQXE6Xh0!hbv8xZZS@A@sk
zR7e#WtEMASHL}<Uab2?B+9JMUi#~%H)}=em`rHh1OapJJ#4RZ9HKNj%ks>v;pu*;}
zZHgyU8Qy#E%YbouD<>4BSuUc6B|^xDg4j5n6`?^$#ja_fL}Rf4!XED#zEScH5vYLY
zeMDL*$n#CLog}CFEnu}|HwsQcWYgDq97xp|r`~X|a~r%v4S`4Mbm_o3O2w^o05&J&
zUxPs`v)^*!NZr4JD7r-q_ywhjz>QQlY_D?-+sZ~*x1*#0)V7%ja#vOsz%VMp=BH8u
zU;)fB#z{z*G(sbe1(Z)g9TlP{A9)jw$&4)ea1idjJ?;|y;ey&3)GDB>0w;~tWkuyd
zj|atuo<pkgJF$z(WR_{tQRb+Tb3xh%$WJk(TUo<SYKf*r!`dqJw<SU78R?u$XN2%l
zXEFHG`WtncSpa5F`!QTyHa%-R-f>sQon3qN6;-uIU(nOgZYTtlFchzpc~e#V4?Hk%
z$>A&I<A@GOcs6^c5dl&rZ0*##8-IAaOJB@iA(_upS@mJ{!`Gm3EVa6CbMg!7+A5o^
zldxf<Uv2L65#!%}6XV}&(`kO?N|-WooGbbi|3pKrp-)S;OO{l^cI~d~7o*W1KOZi~
zMc83#3(&IV-OKm|mZvgW^l1{H2nN!aM6FPbB<?ltzBFdmz?F)3tlBvJh4KR}=IwT$
zvdo7-(a<wdq#~x*Wt!x%l1hRg3hH_LKQf1?GN}3%CLZDwnq=GEaj99YM>#em5DRAq
zF(Qox2amF)lcul_L;aiV4mBQtE`Cq8qFC<|AARb$Tf67tY8$7kt${X)%u4GFgYD8K
z%GLmRd!7y(<3OZD(QbKgOTwMh-l_;VV(2Y3x~TQ1C_&E5m-2L_D^_nRibhGejJQH5
zHG9@x7(pU+-KYItk2>iusOCWCBqdySS2{;uMP%WoQp-Ee2gQ$RHHSE*qsjTnR3w)b
zqiq^d(j+DSgZ@O~&)`f%Si&LR3Sa;}dH1+mj$cxs=Y6;hDJx~EJy@)?ojy)RD-W(a
z8jM=IG~xn`+A4xAAb81jz|Fya89>2m#2#uLJ?#%WSF}%TIk22JMb!8G<Abxfdirkx
z`-b2cufr(U{a}V{jR&MSzqq(j^xZYFOO*JV!F$<k4c%JMJ#DIDXZ;3tG#$tj)bub(
z$I&TTMD}szEh72H2U2G7>>P?XG)iczan@CavIlwDO;O0S4ibbp#mWtSqi-)Vkj}53
zsY9*GGb<DA>BBJ_xSR@D-J4*Sq){(}roXTZkfuHLv2%<g^PiAvf2I0HHCl(fr$`IX
zs8V>5RZu6j3i<+@psMo?F8?Dde^@nHU5hD(W%Iv8o9-8{T)aakLzl#Pjy4tJ2OOrt
zBjLZy_<{aCpP0rEy?)Nz#htETtHh84`0sbv{ZqFfjrW>N3j=K*Pp5*+jnU2ItlUgA
z?&B3s_i~*Le{x_dXCqa~s&+{5|1FBNiK)QnI=cP76x8r3DAB&J6selqg$&-vA+uo0
zQD+j;P~NH1))wg?JAe0H*}*eb&{EOD?2VA=d1kb_vdMfm_Ko^n1}CnPNKt$A;y;5}
zUaQjy^8iUF^=OXW2-7esVHy%?>Z++a&AFYp<`aaj#4pJR!Wpxmw0!%LAkFA%wfX~l
zum*m9%{enBuOB?Llk0%q>C8L4J_Ql`uW}G7h=PcZIVz*#<o&ZdIaHo>eZEPIxV(9c
zunoQ8V=jZ~b`&##w3C9B6onE|Cj~f~)S^gYugoI){4k(Pb4xzpNde+9%0N7>%Pf@<
zxADp(l^;zddu<w4usO^_d~mj?<PK*ErmQWh*QK`L?&cj(T)Es$QxyY>STAX6_cT;b
z-d-7T(+Aq?8Rledp=q+Ttjh|=Xft~x7{G>2$~3u$D&(yqxLeYdQqMAcf=t@lW#V5|
z1gR<iy6G|fxJ!ys^o2utslBDz>6BrBees0q161_2(?hWpy#G|P*jDZV>gtLxc&k@1
zD__}u@B*1Zt+xG$I+YOr98*uNx;E&iX*|tHh!u6~qjjv2994{xmlzN?B=uAgGj^}L
zalU6MG78m0Of;s5m3)b>$2D<JCy~~V%1D4$Ms7atI|JC@n8&i@)9g02!7kW^6AGQ<
ziE6Xr2Wu<C`c(G(MsyMc0%Lo#s4m(ak`;@yJ%oGNViw?!)zx-2i+6Xpg=*3Th6m<3
z*3AHc-)iKg&FGx^F+;Ducdk7UDd^hv<Q03`=!J>lPSFs=T>d{!t)LF>UTW@-+~;km
z<U>Ts@5(YJq{Zn6t|{fufMWWXLJ$Jw`u&2gH}1;hJvjs$);NZ^fdv_TO^M^z#A_uz
zxY-ba)nqKH>t?{}Nv8%yF<-5GC?wH=m(XH8!j6GV=xxZ~GZA^p=oOZp#fii=IH$52
zs!2<S9HfLUEd33eOki@`-5<BqKT`_Q&4F(N3TRLvbnQiag?c<VkLTcX7j`kzsv!}D
zX{gm|l}Pjmw%^@^@=!Cdt1LOtfx6g-kL_=E6e+u|e)hwBEZNr*O#+!$mh1;*>R4eA
z)w~DG0?4PQuap-1012g=l2EX3xY1Hj>P-+NK#7FjI@5#~Z@4mx`1BFzn%O*=!B!?I
zgWGM8xZrIJY4P5;U`QI$?iMh#^C&)JVJq_V4~SB#eoAFeWF$dnCQNIqSw06pTLnLr
z1Q(<%Ov1RuSF^@%cOITEqIW@dWQ|B^P3Qcr6vY=mbB0Z=@lga)x%derO69{`tGc0<
znTa(jS@w?h!P1K;8bd@(kRdF4F}0Mc??kD(ac49Xt84u=@+hqYpczP-mPKDYQzUVI
zRYA#c0jPtgFdM4LP`gj?r%I{RRH#-FhA|mdc}p2Amr|Q)zHRM2GbZ-*>8g(+e7E9Y
zFC79UiF(iTqh#NAXOqc{WD4U`pjsj!zHNLjOj36;zuN5(Qa|*=L-Z~lgj#LtA@e`n
z`Jb3XE~UCXxsg1=_a9mG3f{;u3Ao6qvTqRG-JI%IyZKAT!5b<csMWJ=8_djEks*q=
zFTXY>4pyIXENl?r#hY$LLzm>RU#N`weoAR1x^QDmD~0*c;{*JG@_xV3tsNe*JM0rx
zI2vfk<5euBC7yEE4HK81Yt#s>B#0nzZ14G~yoV%p1KiDQjD(ZVgnam@mH0X4NZAuX
zP~mf@L5IE|K1DqcTG1r_+GE(=Um&S<IkUT$A$1lUig_>p<?Xla?0k`Vmd^utEZ)u$
zSs0vLfTrB;;!Ba>N(T8{v&aT~@A>3iMeZ4%1~zT{cHFruh|OZ($xcv1aGhP@&v0|(
zMj|OtLbZb$vcm&^Vah;9Q}L3S%C0XeyYi3Hqv^ApO+}72KiF`Ru#u>{LFv;a><kxw
zJHh%uD?HnPk1@R8$qX&km+92#%Y0lV8Ua(OAES?XOGF1<Emj1z^ds^Un6A+CcO4Rt
z_Cvl2jg@JzXV@ko&*e?FQrDpFvxy~ANT9nqHHW+qC?a;R<KMw*A!>iF_el+p;!6Jo
zPQ}*?_w()!nH|-oot^Kwi$i!CI$};dJLQwK#=~^ha2Dvd>S1~xu`9y-vz}3wuSG4m
zKk$v4aDT|)7}_412s&*u%pamrQ@mc6y_z(`{XF_`viR?r=z!Y0rDgwsr6QJEa&d9;
zX+Dz{&kCi<<j}Rc{GF`B<fs6)u)3ndzzYL^0o5d^b19SPh6N4D^?!$Y2JuWxO+e5V
z;+fn%q+FZi1!u{0>g1zL9>Q(B)znasNlC@F=oTk<a%bd1yVJc|t!Nxoj2#+g<Czlg
z9=t^KB{-z7Z9%7K7rTQn3X<<8Q#($2%~Bl7E@dT0#UzJy9~`_?n}_z1@X2<)<8O*(
z&KPyY6N7hlb$Q5Q7NcqiU!BWaAHNVN4EFrgj#3(u4@8PlHT$pzMKBmc>n@RXZtj3$
zS=Zsq^EM$6{`4;Fp(81&wC|$#>vyK>w${Rb2+ntbw?;6(?T(z)OF&T$i_Z(>@ozt1
zBP9W9%Ust}!Gp`~U#koCU5FskT@0U&y7DsXflMOV!B5wrUo-!*Ev*Jx-PlaO25Jr$
z76ljZ2e<JUWm7jt;c?9%wM^KP<v9FEHPY){7_AX3F3fOOlXpJ~Cg@i_{=R2L{dXlX
zVD;h?do-rQ3=JI>?~k>Hs@PqHFYsOsozSsn0Hz_d)S?0VxAb?RhrwD=k*lpfnw~FX
z{F{lJ6&8}es-YT18>cbp38N|FzQ8AHC7@3%IX`6K9#IA_ycZLrQ#&5&_Tatn@RfV>
zP&YoX0^fFZwK`!Kcf#51^_x}&ke>FDH+hcLGZ0mr=4Xy_i{D_E$U7X+y5aDKL`d|F
zcXwDStzBsz;ZlO$dZ@&jxl%jFD4DCd;x;5pq|WGaMx81$&f#C)OVCiSkpS_15i#kU
z*vhR?OEiLmdhg>|O}Zum@cvDJBnPf?MUepR8r+VdhKL;YMsgx*IVX@OarkWc{wzzB
zQIG-d>UzDH3MfQ1cX$`C$L-t1H((kxiX;DNJl`@v@Q+3XYTrEJNvAu5!gS{nk)Qu0
zN$@66`BMJZOPd9h_F<yaj7?FfmuKE;CHx#WVXcK9J!Z@{t@1Vz?^hB3&D>^f%(RFn
z$-j{`b^d9@`Qq8&BD6h$nBJt(s}Z{pjj}2oSlAIMCiz1h-?EmcD0!9GkC}V-xq@&F
zcY9Jv<hO{(FIKT4^ScS0+ti?=FOG0s@cmz4G|{Tl(ZXDJ$Sq_stRgL$Woags>=70_
z3==oO9CzU^4OY#9F1&vc&j+bC1Zk{1;C$+4Uy7*l@Db79b<pp3$*O&hWN^!c#Zmap
zIVAcN<i$Xie~$JS^xdXuxvKfglQzkM(#_U%t^?EnzlYzp4;vC(#%}oE@VfHNTm}@a
zYQ9$vs2HM;n=Rq0j#Xq*n^ofgNIjv7FjPciM?eeqV29;Uq00IyOOgE*M<PA(H?X;8
zO?ErkTPrnjJ1XPR^8+eRU3-XR3KB<F+Q^@4+*;WssE23QfW-@do<FFG%IPd4t2^0W
zfMri(044%xTMAnOmSkEAeMAaOQPP1^e<zyhHTH`%zXE-rezY%$Ei#8um*Bg{n9o@*
z?~`3a{ScQ!ksBuGW#nz&u)O1uv?wapu+U*KQB!vVuj)e0v|VFG48M5x6XBUsGY8SI
zh_O<V|HkBn2QZZ3WO@&>oC&wD!9L`}-OzL^@y;zPV;GH!a5X;CmE4{t!|qC>_MxAZ
z5ztvi{yS&fBrPyS5k`FYcNdS4ZE{eDES=^8eU=(yof`;<lwHQ;1e|C)`JANKbS}HZ
zrQPP+T4cV}Q51PmNZytXQIpVo(~f{sNJF~VK=xSXgQiOvSI4ZzPSrGeObuU3A;dtU
z`Ta-rfK(?L?&OcZv7l(FOLgO-;M8ps!Kr)G%DO2EPC3sJqPko%z?eU)IY@I~AN7wc
z=d%fRq)+0aA484QXA)ylV8(gCc(M2VH~gm%-R`i11tkNdOvh5(^nm9by4TSouvf~I
z_RK`N)Gu#Jt*Sn+5J!ukQ0o1?C)hUgU*E(Al!&RD@aCAuOr;<I+eN!>)Fq(Y9eYnn
zyssDMuE82wy}XQ%lbO}RY2{5>mXc5?eJs@ytM5+X+0kKeN3SzQxKkmf+68eS<genY
z6?2szLSumPrv`?x;wZdOUCe}bg|%z<Ah4r^(3Va}Euf<~(bc`dUV>R6>xoStUEv+T
zYe{Evc&?-4jf4qHX7+Dc!XpbI%DE(GIs5fX1K0S9DPiN2)JnDe8&3*Jpuie1FA7a_
z)0Wf}b+K`ZyMfwKpWo`F4!d0~;`AAEHYf2tlB2B8xJo#Lv_*)-8hp%wO<cNg*`9DP
zksKb=iA^(I-hrAviae^ZzNl?!wYV%Bo8>5^co$3A&H5((@Ggem4fgL3^T4MLs%R16
z_x0&w5i48eN0JABtKv<OO_>ASSj|{R!0F*!#1R@rW0jQ{6~?NG?+_Jn6e7`yLmb)T
zHy-!x(S2da8t+f@xQL5sDt9F0Dp<`%LSY2sVAK4-vU>1v#HPWPK~K>_9-cjL+dBwK
zp!~d~0<CoxwdDYTbcgr2f_Z``d{zA49u`pX+0`KjOsir*j3oWCsD&N(r^$@Ix((jX
zm{_y}n$=(pI!_6<c!_4xm?~L=F)K_a@ogr-&V3PgQVDf<hoIPaY6^4Oiv$KAto+F(
zD&cht_1y!jWTeklho@2b4bF{VgY9EXY7h*%`=>IS=nGPth2V&xR7D{3oaVHpJTxh6
zcquD-a9`&HRK#v2KLl`V;5G$q<&AyvsI8jQItP!Ss9WmOse@$@Zchl;MxT}=P828B
z2gDv4bWA37%2Z5nE*nl`OY=bA{eFz1mZVvOM(c8EY`%T5YDr4aK~3c%kX_@CWOeVt
zb%3EK!Rn5d;6zDRY1L2u)T*CQ@vBhjt>z1&>3_8+gPYM!nC!fR|7vIrX?x<%5>NIX
zccg2^1AGSd;Czi*`%Q{8CvDE?Rt5Q#&^TUz#hn@=P656kBMmzMX?m=g!!;3Or-}>(
zs@X@;n}KtOkO|xyY}crvBxVzz0#{569>w)A(tZYid2hjSC*6eeFr(fq*b9x>_pSdb
zS^=$KFP0@hB|l+Z$g(x7`wmym0Fu}!=t%-)i3BcQ6bi)2Q?HUxOBDTzxn+y)T7&X&
zXmqq{4eo`Tqn%1N;TRffhdy^N8N`G#S(Rdx#2CInk<xvG8xWA~_;!W1YwPMVEjIw_
z;20_@-1n|3aG|>0!JB)>eMdkXFC$NzE6$#`XB;ylW(&@|ry#m!j%Hq|sOjW5JGX$f
zwxZcZW>Z|QYD1?+z{EIQyh4C_`b(1AYn5RtT9o+F@8Tq(60yD3MLR)p(}JxgoWoXR
zjfPNaq}OuJtGcq<rgbL2D^Uz&j1I$;=-g)=#(sesV0Tk?^FDleJ-7!P9IX$|>kRV7
znE+^iFy#$(c}xk}CEsh9%QHd^C0pl?$q0ZhzAAOKsCwcDJB=+c^L*|3Q)+=Z*GN?v
z@fcX{!v|Qy-_v}%*>L=cV$avB$j@#M%Nh&8CYEcZMOW}#`*hvamb1I0+7zQrSc9Nd
z>Ek3n%V3&3Km{<p3oTq(OM~iRp+H4;1cQ#{+07+H@~w)0fn|IKqmD=hLcA6;81C&9
zBTn{2Zr?A`DZu)M$#gd-Lab?VGA5%41$Y0Ly3`ce3PBhH^t!0sSyJKbJKNQjY}7yi
z953RxV2fb8K7Ca~G}P_{_!o`NHke!+0O=*+c=l|2hA&AqUXTE1DGh%0zU8|Ng^lo9
zpy9-M6;s*)Pud7h+n+p5y0*ZrtB@Q8-u4Jb=rMV%4LN21dIOZCy#(w<1eFmoRP67N
z{w(6fYw&P*t!oP!!H204-z18+mB`l8C6XV|?&rJTlskw+$SD6ryCBo;>V(+obPtLN
zsslv~uHO;8MkvM>$%(Oc{@m6<w$Y9Eyzko94PvT7UxJhvlQY7lPQ8JOp1^l)Pk<T;
z+IoQ~Bu3tyJmA`DD+`oM+u8Z>BeU~nEN7dK8`AKSHWc3>9}3R#{ta#v&c>1od`+Qv
z?pz&WxKV$`@!NFv{lwEqD2(U939&}+L<hlmj`AbZA9&i|qIBicRTqjGE_+luW1fq4
ze!{b@-=7!XN3EJ-el6AobDOzdf}Vdt7L|QD#Z3W!rqNP6R~f~TOa^jY3Z>A+&qhGe
z8b(siabywiNVT6Pd|1~x73k$kN$USF@Rb=2-7mYEl@F<W{!vheWA#0Ey+TO4XdQ6C
z?EQ)}rZ*<VIK%+{Uhg;h<U~V-9pO?!P_J1hxiHEuqD}3Qe9}2wUZQzZR*&pKeI&~Y
zIAo}dRr;?&z9AbpG2COSDqb7g3Vx;ZR~AT-F|2B$hc>D-)N11F7KUXQXu0(*MgaQp
z{Wmj7O(#EIeGCp#DMsN5LM`S|R`MMu?fk<(g9z#Xmi2gAxCR*y-79v7g)70_<U4N(
z$^R<7K8ALqX2li;!&OFo{dEM{Wu4VdHl~f7O?bdY91_O(6qu$$`(+~gskG9};?r1%
zGU8gifB-c_-iw|NbGfTqg*dim9hUZ86KggT60=IJQx+Ec;3Z6OPP&TL{?>hkkk2=@
z>;AN@!3!Jxx(KU!iIqP{(>o~NdIoHB6Tqu&AeuY`!73pB4IUCT*h-8thH03|-c!r=
zny5sQ@JZj8&?Jq^;ws~^!tlMnM%`}3K#=H)oIX(FqFJKa+9#!bc8#cOGW(R3QH!l?
z{7u;L9fj;~f-aHMBGL0DDluC+GjfCyL6XYd)G%z_Pi+N8ASP?qRc(+x>gc{v<M|~x
z>=KHPm6yCqPneV(9Fz8cvC<rsxs=WL=6UxSQhw%U5Dk=Zoz?9}iq`q3v4;!+Lj=uD
zfRj9A-phW4$riMJtXPoRHQ?RS`3olKw(viJO}mb9S6cdUO6~fF2g2QU<m<S{Rd_mt
z-DW7c?96YBC*>j*IyuZ&Vc80qnkwarlV12A&UxN93IZ@p=i$soOH_3b4h6i_nfa0b
zt<cqSy_3;9Nk8hAB)Tn)yV0*>aXFvOJRlq5rPwjM@+m;Rc_z3%nFyyP6wjBmf+YcR
z(`@EQR)Pr$Pv!9i^}1`M_x$Y7zf|wJQB!P0-ME9$Bodt=RvYY~bLyFF5!;X<`gvzh
zLnUoBF~ZfiNri7YXW2=qSe9JD%O#s<w`aXVxWR`rW7eot|BAdq|3X=ns!(YUSTQ$~
z?I(*^tWk*}EZ9GBYq+h9hoxjZMihjFhQ}X^1A#T+aqxi{tXX?gjb&g5^SXpi{j~fn
z!tbjp1?382b?82L%kX5`mg}B2p#Vl6m{Y%wk(IVWKF4+i$=5Q%8?yJE2<43FF5#`r
zKg2Nzr)n&dtg$pD7DpT5RkYTYgw<NW&KAE(L83+b<C^;9J-5$2nrhZ7{&v3c-o=yf
zN^+-6;?2#>+tyCY&OLkzso&f-dnLGV&m~@u=*ns&env0obf!A!?T-Wt?bQ^w3pK@{
z4A`8%ondV*Nlq?tw?5iHlZL5}PAW)6b49F7<S5D(a*P>rFx3wRH@UhVr6GaLf`J{~
zWs%BMaI78^Z@Wq$ChnB!&ZUy*M)ysP;3(0Zp#c5q?XSZZY<GvR%oF)SwNaLQHyahV
zM`t2u;h>U|lsQI2R?~uK^ko^EUuE@JwKpu+>~>B0U=(cK1ddko4k3TNZSX?&eJ;W0
zjLm+#hj^XWeY_PTs!aNLOOs&K5r~fmxC!wDe=nAjyBBCjMH(5(^xPU3t}U*W;bga?
z<Fljzu{|VvesQeruiy)glHvND46?L(5KnC2d*w=@u45#mx*B#d3e{6jwK*yK{hkVI
zh3)jHg;XIdz(1itMYZe5V78<y#y%UzXQZs;&VQXZw;&W+U3wMy!qjk?GPdO~3jXH^
z<=P>pZ(!Dq-*1*}TYWh;6yw^iJ*6D+aeqfL)6zWWAx5O9)ZxOTCO3`dYl&7nx52wg
z*u`TZG8!341EiW}duP1|yf?GiX=aqLY9y=JW@yd5@6@<JomqJbmRg)o)YjX#Bw+Qr
z8S$cARzUSIrZ9y*@kRML<9p|NEy0!m1a0S#++f<{4=w?j8eDvv@}-n+I_De+Da+;@
zmBJr+8Kggc>Sro4Hr6SC4XaEsKA-_s7M9B71=c`}s^g82VTa155q!h$K5yaW6F-Ji
zWD(Ci6qTIdMsM3!6u@~4{j}2c=*B2W*nC_uR=I^vaI1MGuY<Srk+qg&FkNqu-?3sg
zKJkB&hQiaoi-^L{rnICo5PV|LCAT}e`I^kC|5?b*yr9hv`FFZ(t&G|X{OHOxO3`%D
z9XM@TJEI5K=ai?<HRA1mR1<sdwIH4!6(F8EbYuss@P|SWbXb+a$NG(}1+B)r*dEWs
zj}>}`8{<M4?t{$HG|^_{i;y{j%<)z$h}7-7MIO1yx3OAaM<}*$Hm0UnD&VP<AXOL;
z9sR^8>s_h6Fh)@4Bt8o1WEwiI;kthNkP=3i&JjZRkfC1I0x{n7Af|JUS*gN(K?8Ck
zOhd3f!Y{ciEa_6(Ym>ljiNK9dbBGc|&mNG~vt7rsThNZ^qfdNv!*1Ko=rrNcTIjr+
zWSofm;HE_@ylS7i9;H;SEQ4l3MK#nrAF{ZvYph*bG57q|guE=??^5Xz+sbfFPN65>
zE=mSs537o0GP4gGg<F%;=CG;@Y78<XotZ1<9gs;Ka+kSwE?LG8DW=eO$SVK!4{EzM
zKUg)U7Ft*fwGdi^%C6i>R2iv!&7B;oOh?zywt}$ja&ZUKcB#GVzJ`$XVkiHcHcgwN
zG0KX*Dd1Up31@I6Z4I`B0$&jlW2jJ7;?Ed7!;9(qS7Ua2BMzv>@=a@Juj}p$@x`gy
zO-3utmH;Ik`{gUaNp`2eZ^|W}&3?PBF4*`Zpyr(1sWGiE3*lK~dK(Wx0!N@&X4<)P
z3skX&^jzDD7+<Yc!s)UZ_fD(dZ@j!$Lk5r!KGm|XN?%aUWVr@j&6cz|P99IaOp{Y)
zcP(1jcu?kq%?{p9kksyy(plQTq0!KJX?wbkk@@11^V1pf!%YCmCKTWb4c8C~05|9>
zp#ZITfz5TA4L#4i^MqwT1)eaM8}yu+zKBrA<d}O?5@JptWKvNG=hXnau+9$H!XsT_
z=l833Oz_CfI5cVxd2P3La1FQhnY4lk&z%IsGp12N+hb?+J^U?BX-GG@F=|rz5u`G0
zPvAdP&5hfgf8sa=T?Jg9I!)D;Zoy~X>JvxhdlX|@zxR+zvQ~o=YgqC~X?3Y8smhwf
zv4tC23SG(=q7BqHt31&viO&;vMzbkRWmS*-%?9nN27o?$wB*P=)vQbkHosP96}!i6
z@*2XseS(`b^NHHoZNN?#O}s5Hr|UonAey`HsBm@IHy@|;S?B;NLwJb^6k)&H4UsAY
zmIiaOTd`~j!Xb&q4OiCuGx?Kytd4Yu+STE-Gh`3-4%(dDNYD=3xfBiM!*E$;t$jKA
zW7!t{A$lEpvR$VMr2}m%5RIFYfJ(WT>5Cc3B)UM*&hoW6|1=M^8(qJPBNP8cCQhxP
zcC|j2Del6WywXvC3A{O5z+2aa!%s}^@VNS=OF#@VqvalyhDN3g>=gJtV~*PncT#B2
zXrMAym*EYv<03mccE2Fqo>wNPhi$yyZkD*&9;D>W38a)Bma=l8(^2+TXSZkcJfQy?
z%>9Q~gc6GPsr89r89>&dhO)91YjtO+MS;cP1LQOg;@wVpg3>l}C(2}$a_vJ52U)N$
zUhbx-_sj>anJ3Z*goH67I0`Bwj^@G3M!Hg^$0d&c<F%U`Ye59Q>^4DadygrSyxRsD
z3zcN%ovKu~TizEq342U;IPpfat=t3T?>V$IQoS6UyvGpuy#1jWSf-zXWxgXCzU{!M
zob+TB07VWrPeMm)3aVp>7L{BGBHicaST3{aCwLY*;S7?(+5CHxq@au#HLZKQHxE&#
zsGOZuRT87C2-niP^Bc~ei<En6SfcXan|{EA(l8hIcGE-dESL)^&D>~Y)}mLMPEjfc
zBO@u{T{Uqt99xETW0+r9C~JBdO>O$9MqZ+><>Ns$+lN9ALr6b;NC~p>WMUwQ7F5X4
zm?02uDVG@sRrq)kYFo@h8|r&B;n6n3dnhn=B_gK>XMF&-LM4lhQb$fddU-jB1`6I?
z>bNP0d??X2E}JR2P_1kdtA~9Y!R;q3tmvQNm3rBG5#xcq?P0p4k{I8m#Detci4aES
z;>66`zKi7pd3QLIejZI483->;AU&e60S7T<y7$2bKIyZ%I2I!Q$VjRB)8{7DU4zP>
zJ(v@ub?-eLx0skgaeoa9oianiwZgq327V&S<K+rlUM{>a=$%LZnVR>u($m7L8g5VU
z46p{#H*ymnf_rZZS7pE0hbK58gqD_^O)TPx7s-9prvVR=AK4nxNmDevqYos6h?0$u
zhmudtO+o{_9+tNQ_yUC|k-iVVf@^2(AG85VFKA-fIURWe8c1_(h7;D|;ks-fRe986
zLb^s}_n2TdkRm2jj0nB}HY&RFBi40G=lTC|_pRNDBgwY?i|#_={n5s%Zn|7H$51ur
z&X-&=2wP=93<6W0Uw`9~nR;bPDQx%j+*v){RR;5rG9x2)?AUwr8i+ujE_<UwDd&6h
zN0udBcp_kdj{#F?_q*l(P4khn1Y@2yS2A8FgM<8`J`boWx!SGBKrCm1n+qXE1a+$}
zZWfDL3k=m;nq93{@&{J$YRPPO+rpB!!XOxZ!elACJk{dX_EiebVUNb}EP1Zczx3qg
zWy*RVg`ZKLnM2Mz_Fc4tW@9R&k!}>cq8$<bjdEOP;CD<HnVn?5+F7F1ib&s5ByM1t
zR9`h%{B0kDE?Nm-sbH?*40aY?w*cETIvS|1J%*PrID3vtX+d!g$i%1b(Q>`87P0l_
z@>_0*2hQ%abv^dK+EpAhIfraRHk?HpZ@D+nJf$Ne@zcV)tKzK*s<d(;tRryc*{@64
zIQ1!27oztP72#GShF3!4+VBowbqEML@usP_U2+fiy&v)6cnUYTRTl|9NSnA#Pt`W0
zNLz2rs4(0|&%2_TP3{P^sBZ|sECz6AXDA1=`q6wJ?{1Uj%fy$d$ecY?GwheqPll{0
z&wwSY>1_pvPs7-b!Rd1`Z$9FgNo$O06)J5D1ty!2MyX45ZR-+UnHaZMBDh5QzbYT#
z%K@HjIDVJx!gLv%>Eb$I_jr~44l8;kv04UGad}$uip%H-r70c9S*bA}qR5g=7l#v(
zD7o7p6FA&Rc;ege2|G?wqhwYg9C#h(8jQtqhHv?CPHzr=pg(68(Wxvg%e&c;Nh!q2
z>m=C(@x#~0%ewyD&g_Y;87cI~WlC9r(MV$`5LZG(EUS~_?}Nm3*<CP{D>vs%@U{!_
z3A5Vven+Jvh>Q1<14NGiw+YmeM5Xb%^mj!A$fWxk91i-26?}A(@G~57o`v3MSu7QB
zqAeVO5x&Oqyf$6zma`O<F+!*u%Jl?kqjiwX6ps5^czS<X?|-CB*`}o~KPy<@gtLV(
zYFx{w%>N`7b#%n@)adAJT6H~1--!O4FLH%(d*VbjAuFyzb#`FpRSt;?ge$I7H>TH3
za>B_ww=7p`3mKehe6<Y>nPu^d`2IA7%AIEq?$>xBk1d4-8oJ`rAtPKzbk5pbZt6+L
z1_u%2QeG*Fre4a}QbEfP{)RUwL`jfxd|3x*c!)@%-CYff;y=AvJV+xfPZ2(z$B$+(
z+<}r|UZI8-o<UJ?&d3}B+gjt<y>7pJawvmW(PNsE>Z0`8d@KrMJvEYQa9wZEuBQ-M
z#)5}~NWzLghywLesPFrljpZ2ByPfa5RIOV0yVB`cX@10WeVA`-de^JhD0V&s&E7KS
zq=snmGC9kYN*ZLw?3Zu4H&9|(dSs45Uwz_%xYO&5Wv<r0Fc}Ds=5S(a?p@f0X_zqb
z2E>@(KwbyC?I?(yaNbtsZp(uuHt*Dmgj%(42<eaP3-Q=LxeGqO(AIH>(L48#KPNQ1
zncu{10&JE2vyWG`Yk4T4UEd3F8L$%y3X|~X;;lPSw@Kxg<B8hxQ(0%t>^j92{w6ww
zERtimp+e&pTL(d#tix_G7h4_X;)~5R=y%<{G>Wcs^KZf~K3!~r^-8X$rVdyp3nfPl
zrhm4ms`C@LkFWTh!ugcIbo_P&d5aMKhi$9q7v!FsH=016(oniqmf6td!<9SzUu+Gd
z)XW~j9^9r?^lOSWHyTn%0SpMYahmDg#P~+9IHrknuwEY?<5B#OA9#?Dz@^kLF%LxP
zEVdH8E>p&Ok3b2bGEgVuUrSQ7b($>snYS8#h*wVC<&mK};EwDN!XJqyRn@I=3VjBj
z0*|2W07W${b2INqp0?XuRh;(=A@Q@SWehzpOSqzcVSWVx>hVD-aFz2fw!6cHO1I#@
zj|knv)2^lY*&hNAKiG=;IuQD&nEfVkQ|oc79LgK8?TToK8UQPdWJzOQO<j#siU%QX
z!X=WH&0;w<k{m^#K%$)3U9HvLXu<?yDE})~hi$cpZeytZq$tqULI^#R=`>j}+Mgbc
zAEVx+3l`@!sVTaZj@C`lLiX`8CMtsGL~B_jxnv_7j2a2qs>9leg8p)Ymtx#7X~YY$
z+iW3@z~0?yi+qKgu#y7<rLX|w*2*s}6(F=+b4n?G3YQ>cH8?j}LHa{U3za`@w^Ppj
zOHVV<31)1@T7JDog+PeyiXp?X9Zd`Nh=W7w0nvRQEw`3J*dm^wjzFU#zdE6-ewoW)
zq#R9~tV~PH@vahZlB9v!0CR!Pvm2anR&au(#x~HGilWYASm@{Qu*whK5<**Aw?zVp
z*q<>481z1lDVnzDhgK}54gPsp>l_5^ASn|P%plF2&COk*TBlkEe~f&ey-#eCAggRm
z&J4wf{F`x_pnc8o!4?AYghuB~s05T<m&dExY}IRUBc%z_Mjh>xB)FT+d$K|9ERdlS
zRU{3mVp-Q^;)>EQ!Zfa7Cz5ENf;FsM^D*G(mkhBZxSZE*83)!+N0N6Yhvo2weMz<5
zxcyl32c_0!x`&St3EVU9z*)?b5K`z7dp>&v2=kK=O+a$DKTUCd^9^>!1ck<6+2+E@
zuOkMZmZ)<5d5lOQixo?u&~p2z)oE-U<I?6D!vgg*bMV1w&#m;oGWQOOJ}(uk1J7;`
zTSFWhV!HqqU=3-^{c3M3`LQuKMF$@yLYBlwY+s<2<O*Hn6FklHM?rh}6)VG;?UFD&
zeS$Gv8}`Eo`%iVd1_P@1Vr`!~%;Al)F;)0NJlZjHMBsiW*eIZbT^n||xT?sTZ<tI+
z8QYMeiDKEj(`2P}YF3hZwIMB*-tdj)!xH*a>qZE>TMLv+b57>L9k_Q5>o?l}W)y_H
zv?o;&RP1Hpn-0+IIt&SJg1~r4R;Q)SGTenwRdyCc{>|6d4W4T^r|niZg#tE3-+WX^
z$dqn3HEOk+qE_t&_Y3^YhmAqc#w7OXkeo%l7P|-mzK|V}<js=Yc>#xgh^LJd*7sM*
z7CtMB(eXHk0v!zg0=ZzAldRH(+F2`cx$^(qfs+<w;3oaSg5aRB?3o;rG{v96vWwuj
zhRf-B_zHEb;CIESFYFJ4ZGx{tdOsP)u*k_V$J6|L;l@f5G%u<*l6|Vf<hW6kaZ)eJ
zI5mngera|?DHh@beP<<cMz>8?1d(7vZ1LI=JHIFH=GpXcy)%a8Yc{0G9lIWSu3Rb!
zWHtc}h1F}k(C8qe;4xXTk>2=9?82Qh4UaryG5V#7lGpzf`&bqAJtJ0=nK|YZE-XrL
z4L8xOP#})~meB-GhvUCX08RCVO0$G!yw~@?g)b2mIrj_=$pr3Uo`l6tg*Qr%t2hw|
zbnAwZDM!gEw>4hRfh2etP=QR+pjI^b(T4vLX}Yc5v&)Abmr3s?#4n3;T-UwC_%#)@
zmMMtboQf<(oddZG#}&Yj{9NF>d)1!<aaFt8)JApfUemb*zcFLA{5yy4wVqm_S&&VH
zRIC&S25S7<7Sp?eqfQ4i?20>%GjoEdJd<!AA6YA`meW^-n{DcJe=EMKalv^iNrl8^
z`emNJ2DV(njFRiYl}lX#`|JUjcNndox<i@AY$6fD@;{>Rr8JR)6P4MINJ}J$jVfEk
zw9cRG_oeUwYbsg3AU_oAHM}&Fxtr)IlumPlN0cP|&QoS=bE`$H_ZTqOZBn$ctOXt@
zv0*1&uRqnI@AFLpAB5iEcI)8|_uvnNcSuVK>;@&$q$`-cHf+=G{&}wk^;8_3L&4b1
z3P$+kEGR2$#uCTdN&qa?RX$F}-XmcITiZ?OTp!j$UNt6o<;l=LSsVR02&qb&{xna$
zKy+g9^q@~nVuvQQqib`s@0htEhvMZpQ(c(<D+o`UE=isQ=x57-_dW&!nL1cT`o166
zBhGQus8@wm*whm3)L)KLKUBuUrWxBJ{oVf^DprWo;W9qH1*N*u>+2c$d<7~62Wn(u
ztTd9*QoWV-N0**i=$T7f)@edEcd}3_Rd8e~379(I(S?TEJJktX3-4ii+CdOpUTmeO
zlkjPp#i*4Tdod_*RKz;5zSg6N4f(9aV7|>qYEYz`3m)n{DC@F!W7Kb#;L>%etBOYO
zEI6w#kPP>FImvLW@ZclPyMq6zRSbWS>aBGbu}6xf>LZ#Q;s)F;ic4j%^{$Wq8Se?~
zJB%=a#GaiV0e0l{dtR_vLo}XlVc}rn@gq7wsciN)!r9q;LZ;e&*azONct)H~aa^!k
zfDr*Q){HbK?|ftX6nEe{*;#82$*13^T2jAx9#*|b`m;q(;#xeC{tecqO8iD_)r`7H
z(7xT2nb&0xgx&F(yrdn4>`hm$=Lxemu*I*Ub&_jvXSGY_`1%B^R(l4!f-x}#lyg}5
z9GA1FMeyhXUmb67wc8~}X#>3^hpILdLS>s~?C<}R0M|_a!|or7Pt56oz#<De!igGi
z!?>WXPUmTnGb$CF`zsvbZJsm1?}L~bB>mrn7GOqmPNFN2A@i#%k((7YzDs4G@7RSw
zF5DbH3K}{6%;|d{;hm3`CU)zR4XT7~%u=>i9S`SHUP~fSw$ma~3>>ZzWVo8R!dq2;
ziJq^H^}Fb-vZmMQ8tXU|K;@_N5WREjhu|uB5?Rbo=V`^xF+FtC<7ybEBE`MCpq8r9
z!|_$=FS?1tj;{9m%^R%o^cWvcjO4dbEzm24s-Mx1n66pw<!J2=MV-RICwe>0Xb)S|
zhen9Q5Z9&#^#5W6{U;^RA3o`B1^4PeUV_mfTA^PK=_d#x2429v?e(kd+jsa^z-56q
z+QL;v*Xf8d24uuHC?nw2w*X}}5d@dfx8I}--$?bTTgn1jZEUm5H!ErG_bGh+I9-N^
zRlz&F%4u_6pWX{mhJQ!9W&A~`6wGAohYY5X*@h(b&l$miWZ<|zM9Vnk_Pyy`950fW
zXcv>s7!JUlw$U9a1xSP4dQSB`I%>P>SGS7J?ugK!?z4q*h3G(=h(%0iuV&Q=^XSze
zlg{t@Bqlxkd0{7l{Ia{HY@}wr3>RU%L1>6z9t;bktJ5#mVPZ0f%qLWq7LpE&&6v7G
zVf5-G1goBGnRZ8-Mm^tn0nI^8)4a+6t^$_zhHJ+N$+gnkd3D)YE38XwQw#7sD99q|
zrE0^K^1ZW4^OHZal$(W3@cRR^W0bOAPra|oh?nM?_96?SoQZm)LmQK#Szq)@;5At@
z(OEx79K$CwC$BUH?~%;?O?<%NNZeQ)=3Paz```B2w*G~#n$)=YOrvs#zN-u_wiY3l
zB(?rqwc*hpedCQ;6nB@G21VXyCh>P1A9SBlan`HgW|w}15+8eyuI(@eT4>A5M|qFE
zbvG`z?lSH5))AmMg7rS1^`Y`v#~;j+SRvMi<0X@@&kmTYRfzXQ*;0R%zSI|hx1OJk
zaVP75Rc9^awWVF%KTE_V$+>bG&QO<2o{7_c63;TfUGonwXi)Fx?XhOh4&S|Jp%UH(
zxDI?__=H4nM9$|>kg8Q2=)cdWQajm6PV9JKMe4Xd4{6jU|Jg>H+|<rDDN<ZGIO>N-
z?N8LsKD)SwSUmwgwo*^<m3l%`7o};!vDH{v69V4BN+TtL`Hh_0Pi!rjS`CRT^hh1?
z_5hyU+uKQisGwQNS<CSm`HgwPq7tjg7RJT0=Y&R|$T0IUk20Q3bK_?O$wMWVPAz29
zjI2GDK_!x)jPEwua?Y7X-E5uZR65i;!)%V+T&bdjYxW7g&7aOl=N9=FRJO4Q@9Bzm
zn%<o@8yt!C5e$^lr8T;D7HF2XmkcKwCr>X;GY70m5J+hr8vId4Y^K?vo*L^a*Ijya
z2-3#a^&xRZ{Jrr*lqQ?kNPeZ1TIzJ_R9k8UoMOThtYXy@ScpDD{WDG``)~?L5&)58
z>L)WV;i+5%#=KPkIVf!p{3?icT)`iBsm1FzN)3(J9Dz9q*P0KS`kbW=-KgreSxt=X
zrkb)>(<>U&1$91~CSv2*AcVz835t$$^gJL9KOa2n258Olm(8;Zz6YN+**$6Y^debU
z<i`1;3~RM#^=l8MC%Hl1u)f2N3TYJ?CbwcjCIIc_iMi1ezjJV{glcpuR27TTz9v1R
z#Qw9rQp2h|d4*zS1B*iq0jPdSV_%?)IZdAHrI3(fBa41qy31~ID0Kc=Jc}|Q>E-uL
z@)&LiA7svum6}vAq!>>Q%WrT3@87%*{PAkH!eGEz2dSKn;MrY&DUQKoFpMDB?4pJX
zV-)046Zr{VAy<Zm>3x(mms-n^FtRMMStYcv2YgJZR1e2-@mochit~kj7x~ioqkoHS
z6v|=}0<yWWUKnF=aEmh1qwuS!m#Bt=hNRptB;|HtB{I^fm;R7&XWneW<}}b96b8uo
zzYh^w=wSsuO-Y23uGwOGXKJChBX~4JF(Wkz>plU?Y0GMpzHP<+5WmV9&Ki$2#r0T4
z%NSv}y&Xg_dolR(Q$aa6Jw{uk&XK%)y+~)F$>5M$QM@+dxTJ7Apum!1g5;BWCmd}D
zEW)+zD?QDq-ibE{&I(vX6k#RIDJQVX;n%<1BFN%4IH2v8V;}lmne>z&C{M5Cs;PG1
zwXK?3npL={nzD^S8b?vccKT}cE~D=n_7WXs=dD%C!LDmvahFidJR=(@z~P<Usze`Z
zQ`*()X2h;c%yIS!6hs*pO1QW>TadSoMaNiljwK6Ow2sYWG}@;A&mW)qzoU!W)$D_b
zqSj-{Mduakp;+@Ola>q%*)({s8agXpPpY`X&xwCwj@PbUGxm(%Gpa`9ynKJpOJ?T$
zCT;!U8vTrJ2iHD+o%?l>PRE+Nv>9fKy5kK(RfnqG3JbIqT@aSVaK#E5++KWrz$&<j
zC|{ir&8Vhavds?B=42Z|Gfs!M_2d)3MguYEkp(5MCNiir2Ym;Gt)zlx*{IS|_}<XR
zHG;ITzNfV8q)%~R;MMTkco52dsttvwAd5kwz86XWKS030L84kDl34Jzmt`W6-SQ_9
zLMTP&NlJPZP1j+j*D{3Le67_Y`#kpayO_@Zfd79L+ypHA<mh$cogm&AB>nP1hFA0;
zRZ3qCLW2j<C?oIQ@A(d*_nW+E$XT3-SMKH*qZB+$EJ|b&!^%I>i^o}oBA0$E0X{cd
zys=4{xL6gyv0M{G@a=`zhA)wLj>3Io&$Y6GqzzP%qb~M@YW(xfEgD1OhNKsqqJ?no
zB;yyFCkJ9O^51w;J7gG)8oj@Z2iXm2tZNN~_a3oO9g2%yuc1aS$|tonRQ>ztOnUv5
zZZQZ<hU{OY%7XK*<EQUC#8R>49rprxGFJ79qgOa-F+$QGwqg3he-e)|%KK+1s&UDy
zwe0z-Y9PlV8U#B*{tmArnb&xG-`y?s`!wK-)I>;AlFjKD;UlP4XKAaIb^P<-VKX+B
zI+k9BY4c`XCU0?g!vmTR<LT}ToWIC|)$&&@#vPfgXegRWUm&j~F+@YeeY9(-+}osn
zSt6bevMHyslx-#>ru+HdBC?BVNu#x7RkktHEF8(M^FTquOwEqCNQ4+@$7hNYc%ub^
zzw@IMX{R=??431pR7NOt@cZgPIad_g+ZL0ewv-g72_c*eR96CxyYp<=818-?@VVr}
zxpdk+okF-&D=dYM)c$BZp;U;gA*jP!#DP(C)O29woQ&!G;eY55()UKd^7<7UJv__D
zQcm^R4Eieml<_cGB(RDHy}NLiKpmd!R_w$%x;f>9cs^Fo#zYn_b6RVdz}K3=iWj)j
zJT%18>~)7&1;0dZ79LvxJ~Yd!eLi!fgUk`H-yM81c_e-xc|<7%v6GWVsbu{4*u*8~
z&ay=VDK2Utl@SUOJ!{lMYB+=&-8<Uk$kn%M($IC(h{U4_mLA+nv=NMOwni<E84`ds
z(W*&G#sGvG1!Q~?*d26@U`n4#di*9(9k1hGHR=yF88sTa``vHwQQ`@#XMQP6lCX-M
zcrC?7s?2axxee$0!%vx*<mfN$z;{f$;J4&N<zxLkWtPaPQO<T;n{M__^>4(I$%Pga
zTr^7yiW92(SlG*OdYV)p&>@3~Hm*sIHH+|x@Os(iF7Y}yL9k_edapA<V1vD5>#0Lt
z@B0qR=oQMBBkJnYOy(ikqC05tlV9!!TT@_>X&$>U1*)nh%0QG*)<KCD+T|!cLPy|h
z&Wt6^vnx1QV~MJ16uDXoZrL>^4@KtZ!~731ga0$AKflY}(xEh8s=qDz*cpF|cQO6(
z6O*@#{2bU_PWd>LzutA9UQb1w4-%0^QoN0So0e`upY_|~8Qh?m6p_#J$1!t%4w0r3
zl}j(yg~D#{NQfLmRU*Okgo=yBS&4H|Rhve;)i!;)1Ou8hh3XdGMK$MJBSo=SVkPuv
zr<5#WQS2A$$!Z}L-1YGBnmcc=#{JIZfRTlr<JeJGi9NXC5?vPQ&+8!-eGEp|(x;WP
zln!p{b89aHd6p`S1Hs|d&m`W7-Co}9cLK(?(lU<%-6qM)X%82>^&wh;|1-%X6MQm4
z4CJ4%1^laH!4!vNcp&0v6@oqN{m^Xbk%j(&D%2H|Sav67c0uhrJ(>qp`mA24PBBf9
z-QVC(8m(+4MAPa3^}5uvnA0%Gpclj&t;#(l5@DrX>n@<Cc_{Cj6)(Vt6f4_KiU-Y;
z;%#iCCj$MUzq<HCf3ty_6O%vmL<DZr=K)&?>VfbJ#v2AH&hQ?B?N)~c6wSspwLip2
z7G7h6fDCWyID3q0srp2w^yPUs*BsuLot+;|2SG-G(aaeK-q4ur(5H>kZm#%8HlZ}x
zB)hr^rP}#HtU1uUgP&*;{i;S>>k;!u^ov*AA|ZFXwo3MPa2KUSdr)PpA#{pW`~<&c
zK|8uU9bb=kd{v{0pI3gMK*!REI_BHo>OT2BD8Ij_5lUIfO`9%5RLhq#l<oQ3{YSDo
zYI0X=nsC9HTWLl_B?nYCTeIJxd0Q2m$<irKv$QRBat(bL+hLx^@^5pJ*>}%)MreYt
ziLMSPy>!JBwos4$bimGCh12RrTv~PAQL)D$%?z)JKd@c68C@Qern8J(O1QqQK+43Q
zKA;fp*X4sOkn+stO6xlemz(s^7qiJ^7WlsSmb^xjd}DitA4B@j<(}H@2s~`#WqjPc
z$zM`^a{86|7wKU8sCvuP)w_qE-@^mt7R!a3+|SEJomb%-id>UEkJ9FeXT+JRivS9K
z7#C)cM|s0?r@3`s15}4-d7}P1)J(8VMFWl6OldcuZWb=xI9mo4j-PSB%-*K2scnn=
zC=cyXWeUxhz5bgy8IYIk&>~r6pl$d7|Ay@Kw84}#<Kw8&5MK;6%xH3cYJ;$~6329H
zdmA-$HS4+3c5rWbQ;Wyz6`eG&fZuIIhLy_y(u5jc4V+s$?cz+14%YqtjT2||)8@zc
zho&+li$J7{G$U_Th!6_|j^<aQDVJfvLc9WZ$*!6Pw$D>1USl7P9n4>;>2)QjQEB;@
z&L{3hLSZ>cymM8Jv`!k@Hig;_-ek84xD)aa`xd@EMvH_=__0Z8v#ES@+c3%i-X~t8
zb)>3H%YU-a@-gsq`{MWu8<5$wp_q86X9!UqoqI92z)^_h{38^`{*tP(t-jdB1)iHU
zS1zf&iE!QG>0<4o=*{4B5SpWAHsrsn;Ma0<T9MY(W=;GRHK1d#RX0e;Rmm?_L3?R>
zWD+H0)jG|~kw$OgkerSXt8FKDWjK(NC#9Gjx15h^E5j+f1c5v;=x1of8Sh?5Qjh1;
z<+J!<Ey77im0CAw7gtdBw2;-kfj(_ixz(A&_lQ<El*F5*c>l(2chi}7A<JvjLlp<q
zOUHI)csM}FZ1C^EtVBxcV*BqQ&5@ri9oGw#C5EIdv5pVv5%xaGOR&v!yTieMp$~+~
z(juAc_xJ||BNTgX^<!Uufo5A#?JzE_2D6Nq&W6S!#$*UJ_W2zYGd_hwpJ}eYRV4i}
zuC~(iXXRlv`ZJka!54l*L9QWuGR)iI;;)pdm^m43$aZmT?8|AhdHbIe<YwzQS|O`w
zYMfxinfGD>Y*p+kY;PzSsHUDF3n|>7cky9m?naU(VOvj(=9WA&)Uhp!@YwM-Opg?k
zi%Jup-+EqSTWhlsq`!ZL-`C?~DLT<?Rt>2v3bCz<>1%DiXO>HQ{1jOjzwqGpxmLvK
zZy^X%2f!)XVTb>VryW^#^Q53Qjq58Qq2PGuOpv&=J?W#o9%EhE;3jqYAD#3Ssb$bY
z>B1(uSgIYbZMEZ->?~Y(IQ0*BIN3FW4PzKXL0Fv7vxnjaVGaga+@)_Z)y@i6yl!Us
zFq?m|){se+mQE^{j?I)XzI;*iA+4C59yh4YhZNnbBV5<V(=oEoXAOlqx1^Zp;V-IY
z;N5$<E|=4Sy`~=57nhazhixTZ%aw>7uGv>^ab05t1n2ZOc$*!Br~}Gpj>XmPjYf?i
z4f-yK!|;tCMn*QH&nl}a8)=%88p&vgpVCu`=V6<y_ro;WTrJLPWZEjuq#DTkcr~69
zx0#?HD>srJ&9fu%2Zawm5cC|E#La%Hjw>ie#c``zdvFSZzlps*M@91nOsik+Ib7lc
z!K-o~p3<lYaWt%<60M~uS6YTAc%G>lW9aey$t29%_mE|Y<_6HwY@NP72e=mLk=%=#
zhbD$qQL~F=B0r!j;pMs#uW_in#~tkgW?#<=ggcye^ci?WU(s3S>40wO-r#H6#GK42
zxONY4!X#U<ig2cZoHq#fMX8>H7F_u|vR868N)24Eg4-7L{N|_q9*6Q)O0CK|dQ|+l
z{-`h%fBklwoFfwGZK*xqR0KZ0`TcCQQW&`+g)h>|cYhy4{pmI#q~q!+FO!XdkaKUg
z0rNQ%za;|xO+<|@2xvbo{LN1|jNZ-5Z#r~bNAxS2huyxGS-)3Ln{X>HBF2oI(KlR=
zG3OQdy(`Snv{{S->79fhc2x3f0{7cB1zCLQk$mNlb3ZqUI5%i>n-*vfA0%ce8`Fu`
zP=tpkE)*KRrxxAlizTeMOXW8F{iEmq38#k&2FlNKN)LGuJ#?6GIfJ_T3@Rx$Xyq$O
ze##k|B3pxN<;DZaG)md!QA%~jz^7krXhgBxA91cOL!yWWULOw`l4g@x!^~o8Q~_D@
z^wd#-o;ng#wM%j;ybWr}5pw`hD3wb?tp|@$GP@+jg&Pr!Fec!Kc1c^hg385(nBTWj
z(ynM`b-3|-L5TktdbkW&O%4|^Mf-ti99M;qD<LyNF8^=plv7AC1*KC^LIssmzKYp=
zDztAqoxZr>vWY=tOcXeGgD2KMgS%&yT=_i9k9mV3xb~_094GLLCcdopzEWnf$Y0VC
zWgZ=5HG$o<y2Lg$H5F_iPJ^s(x1=^Q-BDZ5&l&5s8b>y{hWp+5b8<o%cI-7mE`~*V
zv|GN}SXI^@w6PsmZN2rsY)<JjFFNnb^fr)>QF_|qfT?MNmN*|sojaB!HfKiRO|5bk
zrv#*hc)l)iyKepqNh<>mA@Ir44Xnd8eCyZw9|HbqUL{Q?ptk-)(Y~}p6~AnO;2BJv
z4l}!3bwR{-zZ2WjMjp#<&9mMfBG3hu+7J!w_6Y$$YxwW9NG&mBVY`i(h}(&{yZYAX
zCkb_Ev?q*BiVp==U9k`CL&QfW0{)%*5OrX%s-GPt3chXTpC?fuAbLGVhl69!-%PQd
zS1nM=ET+sJ(Ak)}lk=s{I7FU?|4s8}XIdFnrJ$A?_C%k&PJT(F^-_oE9jaH(v9^E)
zqZnx^sf*(*JL?P8<0uaNEw#p(`CLPaC~L+b{gQMPq-%DA@#C4_!F*EH>%NWYzt^Zj
z`RGvknJ(k_1P3_@Oj<_5h6Pnp)lOpQMsC4(--o!MDi{~9{Fq7<9G(qc1Fyr*yE|Fz
zRtD(1LT+yLiOnXS?>6jB+Z*;a3b~ZL#AYiBogMDShc9-&LOAnDZ}RGxtlHpGD~<u#
zgehBSn;mB*2cW%og4G#4FRU<>9+K`-v$b<h1)`m2Oimg){awmRFdfNBVLi6ExTd4V
za)R8!p(p$4TEhKZ@&c4jNZea~bVu)Itu>I>TIxxmrFoi@Phy1+CI69}u!doj!Y(mq
zXh)mqht}JwCEi_Rp+CRQtvWCw1X?s}gf!ccOUHtL=vDjig{)C|d?cq8qG<)6M)6CO
z*JO0gWG9ekgdiT@sB$&Rs76(>&xy}yX`Ybe;3U8~n}UpU<*F))iBelYdRrOX%Bx0H
zuvmgmmWsDkO==k*>0@<M^Z{|;@7J~4ILnJO!yfB2Q%kEdJ)lx+^X?5YSFVgY=?g1M
zv?*yQwDOIWu}MeS-mtI87JFTWSOsHN@GE~3LWh>-{28hWAYM@cg!bzL{ML+q^O3lK
z*|4|aYxlpMpy)vMa|rurad^8;mM=Bl^#z-P{^ViO^*t0OTEd0FWxyt#^P;YJopVE_
zWb!&!t5yCCHlAA#+~6py$kJm4|DvcTyoLZ(<}MN*gZd;}NDAca<AuIFV=))fnrC+2
z>XvS^zeLuewMme?N00rlmGv}@C|(2@HS$Apg=szO$6%aBnZqGU#WP%nHFd$se>H?1
zxqnp2yw$n7)C?aeVZ-Z?4PNlor}w#0EGZg|9~{!H6Z|rHG)ylhywYYbi%iyr$Zie^
zCKUKwPb|lQ1ZoD8*RgH}qoKFG<6D<2D__rnWWgE?FK{=<>qGP}zD}?d<#oFI0B<!2
zk%bGEsl1|wH6)dCsKi|F6$R2%)tBRI75I*Y#C91Vb4>|LW0wU#S~fo8xR6m-niAwz
zVnm~xNG-lO6sD^XPX60%k1{X5hs<J?9CoRJ)i3Wn>rNnWB^yRqE|34lih!?`-}^V*
zETY+qloBqypKyoXYN})9BA>l%7s_HepWcNl9%S`EU&9Ky!{@>{X|SAlhu|79e;NeW
zns{!gCsv@faYJB>I&@Hm)8CXXeOqCs<_3SmJWMB>(hbTp3C7_C+Z``t8AHf2un?xk
z(B>a-e6W?$&!6$^3i2oM(}Eu9f=}SvA_7>jvT+zxM1k8UGR;B|h^@kKGYm0XhTKD)
zB&{aZ{u?#5efGFb4x%`8MSK*<HK*H0J$GV1KDxS1Df7F#gm2~Sg85V%CF0!5*azM-
z+$&kFiQmG=xtjkQT<&uI6wM`aJ_G#{|B?p^6uLQds<MUTk4@v1^fA32BeOcs#(;HR
z#yclUy9L0?EQzYlTvbaos|~3&7*Xe-+G6nR2x>u?0P4u+X!!!a2Q|Pt+@wtE#ff3U
zq3Yo`?*(a7*QfQmi5zF_h4r(36C0<;)aaV`MQpVXr!bO?iF`@hYKvuDvQP%ALWHZI
z5L?|04c;jiy&>GFMl$-9q(J6>h=nH>zQxBTFA{;9p1`qjHah$%<^m?hX}3u77P^`K
zVM+@h>5k~mQO*`Y^sgx{u#~b{RHQd73aQ=#U&0u>dN<e+!Wk9X?TrHP^1N3c_8~Q&
z_XZITKW~$))taS%f)effYcNy;Pb$ZhE2tBfnL}Nwa&SEnTxcT>;R^avPayhgBoO^!
zCrHf2oXAuVRaerk`6F!WRc>;**jBB`J6!a2j3n+H^(OeWhhuw(+>7fNvf<U3w4)C(
zEcp#p%lL)_lhos}`{zAk1H2Yj#IeoerKMH4c-}#PYYRg9)C-dvP@^+-)wM6?nLkit
z&_0urH4W1&1S|n!Vzi+xqA(nx>B_!Frc~jcGQfvut&!8kYezsKChi=|%(l%|=Xl-L
zt~+(3Y&Q<-X;q~HtZpbyn&HZBH#33E#_pLGpCtP%mHmtCDLQ}Aw1R<K;?f!8Y=#gV
zkv_-Ul*aEl@RN@c9Id!}NPYt^_S1osV5o(DoIVm(j@P8<Y#Ly@2uc<H#{lFUbA~;~
z5)A7Muvj=NQdHUMpl5158jPY#b>vw}F;%GD@1Ygvm=8_tS<<el9Z)m~*Lfbk0$W@~
zs=e6WoN=|mz;W7B3~8jN_#U#Xs@8-Zo)6d^yM7S!ZX4p(!QU*lsdBLyR%g0|TfQPa
zfR-*;|DoB>u|q2faZcac$I&u6$7z(EOahMFK3wZfH2w3Q%K2|%`lsp%yEdMFr^Zu2
z_pjP`Y9*$qvr0D4=JeenmI~jgo3Zpl6spB}J0j{Wt2$f-0J%VNXbH7HmT>l#ss(ax
z>QK@k@?>{}Y>?V25M9{*M#EUt*(9OL!pE_)9LpF%*XC92;`fK5312n|gf=(mW&N)2
znltz+epgP6U^)4uXN;*C?I0Y&Pm@D){`Q$3O>7b<_tNExC|+JDlk`BGxj8m2MrAGZ
zvO7x&Rx!>x&eD|vf?u36kbsygqav#}^3AKf^+Z2E;y9;d!q&{HFB_`*og+ktkja&e
zkGF0_hrcR~=m!0u-ekX5h=U%eVyVm;K(i5u_xh6qs#q-dZ^7;fUNhr%{B1NV9{zIC
zih?lvyHqQvd!?P3m3ECHLzAY3za)_={aC5?&ok#p|0s@QlS!eqXtgecAxaj!V)VQ^
zJe_C?`JrH_YwW=or@g(w)rzst>o>(Wy}%K=z_aZAKD(xE6EA5oWq#CkEY2TXjbPZ5
z+zQLr_lLL!_P0<|z~#G2mvQ`$X9%`($f;^~=_>n8PjTbA`vtC*;keBpkN^jsQyX*$
zA2B487_pMWRL4wM6E&~)kB67~Ps9>vCJ7|<5w4z|4(RO}WkMH@qvxa%jO!-f@$tJD
zNNE7B_<&~kqNKI@620@YDwXn^BgZxNJSeLm{f#p7+_rY`PHxieec=ZU-3edU^Kepm
z1NfK5mbuW0rM=o%w@-}OfQR}NXyib$?BxUBa$_o!*YGOK7E{GNj+w8J^knnbj!D5d
zo1$+#AWa?ga;7p?*Ud)J{=PdSK>CILb)z{Pxm7f#-cq)N8sI>YzKSywT_(Qej61`s
zYMS`&$oA$wN#l}vu94cwF7uTwW1QmNQ9#b7xVt_}<lm5u!~Nk-8um`t>QCHDFLbZo
zvhGz=5UI?RdOmEKe-IgU75%CS-{OQE55+bV<W;0@j32MmMeNgw33s3mS1d+FMnqa?
z$A+#Itd4N=HF{elnO9o@U6n)W-3t|QhKGpE+=K0QyDSm?dKfePj+oO7O|%kc$ZiBp
z)o6Nt{pOb4ZUgno=w~syi5^c+xe4Puj6&3!A7z#UciGi-&VBd+oJ)@}Cd*i%tWXn#
zo)M$8`kQf$j?2!I4{XB5rogHxp92x|a19R|)ln&Nu4IJW1RUnA&|2!}o>lEWl=Crc
z-L;PKFvAqmaY&{$I9I(${a}YM$EsS@dj0HYv}rt#ov{N{=H>~HF8}0WU~VF2tm%%6
z&oUT!4#q1~3qUQH;GuxMV0*G>r(PG2*?xA+67`0ggm%VGfo?`@GtXB(1h?_yB*#9k
zMI!u8?l9Hhwj(SNTR&f24goiytB(Gwg%Eb<+WJ=+bgHkC8=6|$NRh^h>c+d2?W|<J
zwj@$)J!2|z%v}P2770h7=^EjXQaXkE+(R^ejZeknl1M%IbP7@n&Zp#iHzm}aiotqe
zcC?i_OvXG>^R>tT!NOl^#~H?)-P5KK?7mc5J(fGu#w{`3Z6MgJen`zYqHm^@s%EUZ
zS@;H*auwWeJuMSwY-A7W9CoYp{lPblJ;-_M+F|ehyNA8&0TH*_sWvC7uGc?d?Oko2
zk^>yf+d8)9Kqu#F%YBua*1mVO**}M{!1ypeGBQkh&SX#FzCLUyd!a|tfvV|#jXiBT
z*X36Gvjx(E`WLn)iq7V36m3HeTSn0#+esnHHKgxSc^yIP(<ap0vLT(TSThc%DeDi-
zzPe4w7O;8a!H*|nzhoa&I3B6!jPMwb)wto;i=#9Z04Gwo&O^6L`aVhoVzT(Zvp}kw
zhZ}gKkLYFng>pnbBrsx&)38WA)%l4W*lX@e{V7VG#nrJ7Eo<=JN%H?d%7!wTQhF)c
zQaLfjJ|A@y9Ip_XJkP(#w%z=zFo}Hj6{@Ip19EB*)VDTj$<-)Fui)}DA=w5kphi)7
z#qSt%r=aK_Jd*o>A^_y6uhGWsGoUtH@uWzjZ6>dluY4ctD&PF}K!)$Ggo4IS-L`t%
zBGZ`FIFX$~=-|}jNv8WXu9>^=HGaZ(>9KyBLzdN~V5OVAq>0xc%31@j3?+9Y>$4aO
zR_S65D|Ag|!=?q;<}>Lpqx-;_zFlC~qEI22TT09U9tz~CaP%6eOi|N7TKAj^_}H*`
zW#PcfSlXQuVccxjh*qx4O_Jht(EAQ2sIk?SC^i}kN7cewBG}wmy*@I(LX<jT=TP{9
zbi0KJQx=f4p<rW4)h?jQ2yWfP2e^bx_nsxZ+-9@aSv;FPo132Say8PLhG&l#$xF0D
z2weA>3j=?-`L%Y}*);N30EbM!CG})Xkng)wgBH594bpuwMHrT}!iR#0wZ&s_lpz<8
zCZwo4d2x!c+KBBkIqi-Ls<kbs(NvyuIrGQ9>{3)8LJ(?h4Dbf3NG9@}wfbACaFkp9
zKijqXOGKFr^gcIpUn;5dKvC{Fg^uJrcvlc;V%}ih_@2LOVZRRK^))=!y!S|D6hS;J
zf{^2jO-$XpGwLEDZghz-qK>Y3=$)_#x3Cr31V0zjF)6yyWa$Q7IEh58By=i0;-%&+
zT2H{CbW`&^47wrf#35;n4<0kyWx^BQuMOHmT*(c-!#z=I+*Bx7l01ibTRY*XmxGv-
zWHaDS^oVn?O<OK37ZKSIKm2_3D}|-F6O<Qk;7noy`)l2?lyOJA5_crs!#9f>{RqsH
zOoc`7`-{VyT=#O#&vB&va$4hmxa4_HtjA)9>Z2L)70n%zwh|{7QJQqxOUq9#<;L<x
zirxhn*Ok`TL5fN1Nrm>NW9Ar^eMTa3alYk9x-z>xUgkH*3MIY1N|&#WM-*aPB;O$y
z$A_jnY7@-kCwTM^CLh__UzhoWo4;fA+@APaV$e=Yy@{*5RI}E~dn{V47>%w|kVf1S
zC_q?e-f~qoZz*9mxTR3UeYfK0-py|XYDw<k5LG)7@~f#WQngH@dN^De%wA(-m>(d=
zZMy1Z9eEcH!&ofmDKi<;OEu){&Sc#cQTiGmeX}ndqmg&51pth)Vbz-pmtd>dYh__u
zd%fOT*w%bnmD?Jqzjb6*j%;wKIQ5$Ihz*a&17_7JdW-DoGCBZ3qd8<LEQ*ma*UTek
zhMcx%5Khj<v^k~79FHgVRHhhOapFQZ@6D4Wk}`tm^AmDk<IHQ<Wd<gb;4|J8(`~OY
z>9)QQ@f$mjaCfkY7aKKKu=3V5KrZ>eT7`Hm2G`;8<@-J`M+X)8yuth#6+|nStwy+@
ztTUxt8(|~K5&xOGqJ;t1te0Bs+BFPB;4RLXI2oF9y<AhyHTbl~TYH+$m(SfKpN}$b
z@~(g%>Kw_$H%!(9wl(J<r6g%ofig4tg=->G8n&m+>gT~Ztd)O1B<H(CNfHK+u^EZg
z%b}-Ul$Q_r>e6MW=p$#m3UAzy*p2@g@5#XZ&^UQ*8BZO3i?+$3fJU(mj4yN|hw~1E
zDsoAI`*0{^Yg!kqD>Wz|lp;hu!=_BOG)Z#wAOI~-2guqv@z)x~Hi<LiEoB~%M}*Kx
zHePEL!3bb$qRzE!^u1TNx$4LBarMcN>yvaw7}te_k}4CVcGKB}EVC8CLYB*oWy^iN
zd}7@5(4_SYnZPQ1bMfj$XS6DOnnyGYh$zXAIGl5OnBI+YKF|^l_m4lF<x%R;cbrUz
z4`Dc#O;^trDdheb$S_pgBE4>P7FA?Fk{nw3h~7HINKhyFKB<|P>;{L!E<u(Lai&|2
zxBcg7b)@f^Ln}P|yDOuv;--@^>Y6b?B{wy^kv0u8YI@+5ERL!&nIByeOF{VJzCxFn
z1tqbvrTGM}GJtSAKYzsD?^8Q{=eHt#luiKVkLK50T(jnoSo-)I6M#`$?t;Y8!L8hi
z<#-;e<>9hc6Hzo-GN#EA{63kpd~-PNOw-%&-|^<{M|2?Tclg^|LpaHcEt#v!T9PDr
zpCU%T!Jh;h8KXK2R3C|@@l5-(Xj_?z*c~sQi|CsvPNn>AC3Wnm1x&2vcl&s1in9_N
z5G+O~<|1Ax>4Nu&X)&%ZexC{<px{U4+Gk_esj2DEy;^0j3R|v5&IWF;Ly<9%5;izr
zjyAC9O~JoB(kXfF6^8JHo1E%ReICmrRZP@)fVbP_4?`t(X7YAwEQx8OFA_ObW>rRO
zj$}jB6}W!zK2g8}LZ5)^4X4-!;>9b^8sLEOQ?wJWEFT&xjsYY?-%#jLgoi`;Hl2N;
z9}e{I!D>ui;wZTPCx7$&11byn6EoP+TBdu`FORRd$2htOyl?_n3`3Q8j{Qkh0=1fH
z9lRpj@P6UpxFZfdQnEFa?=#iU{xeWMzQ+jX98;W!C2!b2Z?~K&_u%8j5MLmEye2OZ
zvXAEXe5@gWhsHL`XR#-1NCa(mN#=Cbo|_EUj&yj%bG#y?c6Pp(4U`X@sQ%Ti&FZiQ
z$G8T640^NAvk<Dsw)K=q{~>yUD-#{6BO<oriQm<t&mqGqP7^?E%KWflvF_idQvF0d
z#y@n<0;{!FPn1%_Uc16h7G^gT3ezBfU9b@IKZS(0%|fy5R#PjXSkq8%SEwmo_|Y*z
z7EgrCqKk{bY{0v{@cB123W6)lrp@~f4fA(0&s?Wv;mfCbSgYB;9Q9LtK_gubLx`ps
z+CcFUss;uYlg5mfo(;1=&fUXkUNN<ym?vEXH|g7l>Cw)WB-hlj8<Aetff$KVq4iLI
zMS4^W^ZU+@2hS(47IFjPet(Jv<zvfU%p>mnLxeh24P=b!necg;$r&n647p-`UI~cH
zPrFE3HYu`i>?Y-EQ<0%DZ&LQncm6uq-{Y~7LGMer**u2Qj)H;&QNiDH3i#zy!2c|O
zU~B*gu0-`rxe_x<mK*hDa3VzK^H)rR3+A`t4i2HBatsC;`b}m$1Sr!g<}BL!9n~YP
zqOAo7`uFINIGA8v3X+-el0`CkJ|w&352z<n>SvE`PKQtzuMKBKzf1tgJZ`&{E(GU6
z2i*X1Y(*5DM?KndIp@(UOzCkNC3Z*K_;`kVd4;_!VV~UZ5tGQUhPfZ7*A+*TQT2Ix
zLQEmPWi5q#W06mn2+_XZnt0nL4~m9U?h*r16x<?rb@<$K*jO8)kWHU&pFi7&G$tQX
z*qQRZkij}8tI=!R!?5@HS)H6Gsok!pJ>=QKXtH(!7~|BaP%d3S3&(PaRtk@C(hSLR
zJ`gjc#y`XgIjh)nwtE{{SF0Ck=?RhnJ}N8K!o+8Jn(+b;4^OY=UcZH)uV&Edc}4BU
z;gw;piR+Y2zp2E2vPsg@A?j#V_OkkGYa7>^nY*G=32OU7daB_%y8qm0eUIIsu9>Lh
zb}-i{>1LlVsBHolq3xTtGswnio|+kC{B~SneSpu&JlUiT^GBXHpG>ac#=iYK;^rl*
z0I7MH>_M-46YX=#Z*W3ftyYugc(Z~v%iYi}JikG&t&_>=dLxRgSGyHkV^T}~rxkT5
zRy@i_qLOX8BnC>|SF$WK14Eq^*qWkN*`dNw`LtYOF!}Wh&hTxBLX2W5(_Zp+Cddj`
zZwi0iMQ5?rb7x1Br7v@RYNfb8QbRpM5%7K*O(@4j6UuQ;`+TCc&&Se)@<z;qq6y_#
z5LeeChJGjDAF2)xW+jw|YV6`23a8G4R&P=HkK_FJ=toSjg0dyTBojY$7d|M&gm2=&
z21{xx@XrVL8kb6fhb<Bj8%qL+d41#oshLe<W=uOr=fW*Ubefas+E#P7Q$ELv{QW|A
zxhYO|O;}D*uA!%P<k#f5iFY^Y=37KsMwT5~o1b^@qH{%d#@<hH>>D<BT>7$oG7@>4
z%hoZSCP2^v1$kdqO_7q<5siBOn+eoC?<NkPc5rUS%M=-v;W}C*(_OlUFLOg5cE!(3
zKSm(=uNx}&Iyh9GKEoA!k>yjodyXGtDd$~Iaoc5&UBgWNS<z!1s8plmReGYwXncpr
z_cl(KO{o@(QXxN;6gcQ_j6C2+C8?^sconP6kzb<O7T#-uSgo^NUSE3A&%)y~dMnq$
zKZjL`v1T7AV#FT*$g`SO0sKZ`@G<?DOqF6n_3hH&u+x&gPzgWOe`pE`D@OU}iQ^`f
zR*@~e>%4+@oq2yEF7SO9qo;eg3Cy#~g`V(GbCQsgNcxu)#WPv6(zd}^H=OMEBo14D
z$B}WD8&dMSloD0xL=7E-I%+UC47FY)QCi?3Iq5`c5WEmxazsl%1H4snXuA!ZU|fna
zDTVF8^Z5<3?Bqr<r`kcLIXY#%pa>Q}3B;SS*wz_7*8}{2wxle_A}Lwg%HvyX9`By6
zj_s!5s;@kdV_fhxAmiPgHXF(K{4iX{8)tA1e|p$b)KWkw=M@nJ19CI_@`(5v`YGE+
z@MDeG_`>k!l#0TulSvCdRsDTFW!MICzom;tv;Tenh#td)7BP8+1P|>B&ASa&x)6FG
zT|hO)%eL7-+7WN-siB3$r5~ir5IN5A(;?hHr|+~5aV)VKn~yctM&(}r(mE}fNAW35
zop@$|rJCh=!|Ye(hxa5EYpRU^55A|haQU&EWxd9_@W$q`E@%8BpCo256%HW?u9x5-
zl$w{ecnJsJiaDA02bM=-4wdG8=B>QLd2m0sh`~1?S52~}o^eLSe5f7|(hwytB1b>K
zK(O6!MmKS~M*;~_G9Ga|_Xw*cK0=S5IwAL60;nLZWs5*pl`~Z=XpLzrxv{Ya+>=uT
z3I58U*K%`xwH+_k-O){z<g{UqIVb7vK)oCxF(*y%5}fPP6CN+AaMr9I6V)r;T|_Cl
zvgf7y{|YipDaD$me828B9M{Grw6<i{?=<|u>#|rQw-1Cpcr!VBlEV^4teJ}9vbD8H
zFFl9*K%peH+L;4Hcf<2^R%9DUIzFZ%Ev^yCKipCx3tukF1`6X{?-<+8X@)xi;5of2
zY)>?3@AB^9H1b1yfApR-&OZi3uf0v4W`}4U|00Uyf2)wom}nVjwTzi#2gkhMsI5iU
zw6=>#UVBJhghx||Mh(~*LT5hbZfYf%CMMU1aLLJ5>R@GKP-B0mc&y)zS;<o{@RT!8
z)R80DkmVX&;*d$AR;5oq{5ndCl1gGCz#~(j4_lNqK(z}zPg5f?_elI~W@Y2iFp%|c
zqVEJU4TgIupY#Bk@EzpJV=U8%{BG`u8}cWg{-7?HN`}kyUBlGv48FlbvDocmg?FVs
zsRi}R3jmKy0>G+9c()Mnd&c>lrD9u7f)81cA9Y}e-^=LpS2AH^P~8MkSCfM!EDyW^
z&rWqKNwM#Y8qsuCoO5OCJk{hVs94~Sq^pusRe68ExUqBQ3)w0&lVyDpl$8{fQu#n=
z5h50=<EwZI_bGoT2-G~twrOlzC<2IXTg+4`W7ZKMF33~CY1Ioh>u=F^y2a_|9#`io
z3ao1EFU)y1r_JcAhq*RwiW5BQ`6FzME<{s`&BKuV_&nad&`)KdcNyrarf%kW6A*eu
zQk{=WRixcx$JL9X+RE=jjDpX&h3%dBRFH5AWO{^Y;ZZ&_UFI><H>g=wB_W$jXq!S-
zqi0+GYjiz5)^2vAmam4_wSGg(eb`e*p8C3SC7D{3A~hh|DNOO`Pou<or#}Nkeree)
zl7-al#WP!oeX@6RMX$nC3JlNMIz6G4unmrE8L#dRcAzu*PDd&^xWPXU%<VClIi00J
zVK&+N0n<yyc~}FI(JPvy2W^tb_c(A<<g}TNO4SW|j$V`W@oN0E1EZfd@gVDcgKz%v
ze;|YYKh%;Jdk9+STLzhrc<ubA3G7A2#e3N6jW`rrZt1BAIkRt;O?ofQWI!E}J1DTD
zmCVG{6{>bm@t__F`A^>B4I4CLsiHvCNNKJJY1KA_EYb!C>M$^P$%%5z;p6X)-@?NS
zd>DvD5MGzHvxx7({afoTbWID=U4MrpnscmgNNEnyHhIOVC;Y<ZT(vK|Ee}zeY+ex)
zVLA-|R8P%yas%Dug@9=j<cvFo8UJnE`drQWuEhtq^<6W^B)ADtgjc)uv3fI2pkbWM
z%=+%(ao4hCEXxeS1NjrQLCKwJm&!fyi=u{_m)=vdhSzTdPs$!AP6QU`Db*|_q^MXR
zig2|`KcJak$LY%4lrXRi#0aZ>!rt;o0k!z?Sk+gcShEmasNV5-C|oU%ab9tLCy=F+
z(U4qykN+U~*e{aAU-mt|pml-Xkt;dozkOF$43$Vp`txEv0NZ@LZ3+5aT!L`(H06io
zvQjxkr!%e?zIE&>buyfjG55E4cbh!jqJF#VqI)Cw!5n^Yfb;t5cpHVO77!={d`A5m
zKe*=xNv-n)rz3{R=SztQ9&6AkNMW}sPiw{TW36ww+fdDjaZ~!yB2n~=B&`|buqkHu
zzidtrXh|6xIo1<YUQC|S0jyex9+Vs8wSf)5noS9)l_r*#Q>Ieom6_+&fP34=D%y!v
z8KK+J)oL|o1t7B|C%pM69~YWhHw8p~@gw);{2tb4yCvOR<nJfT7tT_faW4hluT{0+
z1aw&%NQi%UeI>NFMS)JiX-5ia#~f!0a;IUdW|!FRceu*Lt{wXE<7R$8XN_UsLzcs7
z&lt${8{8nsjZmIMdfODBl8%H*lp0ozLR_(eRq}9g;Q4dBWfG%B<;qwwud0Bvl?Y@|
z@8~Jz4zApEPXlXWSP$W2{OVyH%%&GwfCM2o*nFq`5@Y1-E8N=Itkh=Dy9m2!(&px;
z=F#Cb&RK7CH81lnI;%DJs-C7){GA4<e5ocwd#g=(Wd3Su(4&4bdW;4?<Tex@G%%4x
zVMk$>8LMVgx$-osP5ZRSFtwu<kk$HDp7B?D%z--W3ziVf>|R_3&T>vCTUKVV4B%Ru
zah1ap<At5a50^0SgkhetZz+x6$ut{e1;YdPgg&<$xnJ_gy{)FNuqBy{tymGt_PU&q
z%kjqwwKDkaLZUlly8?>Av-u<_%q9A;F?mbL*+fVfkbP-HE}58Fo9NmFU|nbG&$LjX
zV#cCi%H*~nkhR%7-QU`1gD&KYMhLWKdB(Gf_>y4?%kRxmza>|7>6yxld6HW@oyjgU
z+o&e*n_qC4kGi6$5a;=-J4UCRVk)#EJrv-I7Bd08PDQ-iau3lphL51yi2xHc&$1Ys
z@F^>zvylk)j##{Q#17K0cgps)GpB6C`MW;JE0L;Ky~ff|9>t~9u9eysRPmC2@cLVv
zru%RimBRJq5|KRMC*H`jra4MWiO2<_=Uwr`_j+`?3Iu1KlEWL5x(~}|C_d7t=i}#W
z$eEg(Lu_T?KSUd{#7647=S@?#7Q#2RX*n117%ZnX{)r%2=~m@^n)4I!jyx6?a;6f^
zq~lDzvTZR9DM&^AB?uuUIDsv}p;79V_~AsLQ}b6B`0$$zKAdo$Ja~OY{P3RP!wJHN
zF3DEFGi*B9aw^-$GpMwQ1!X2YnWXFoVhOkRQW5(q-aNq>q8vHddK5}HK#yEs0xt>t
z64nw3H+v4(pTN4fCp|G(Wlg*sbPdaM{eoAxeXoH)k+N4rqu`@$<K^_HbWNP2Ec|H$
zm+c#Jk?!-5p0jv=BX;=CA*f;95Y)Ar@Mq{dC^N0dl3@n_54JJ6nZomKu}_FU{U7O#
zVm4+n7&ee|9QCk|;qoOd))RFRiP*#pyyZ?&msr-Ierr;PF84S~!qDYcQUHis-c+Xo
zP)~C&DV^4pUz;?r;`7C`xl3x|sI?1kb!ZWP`5WfoRBJL&9gFp@<EQVtl(d4TxACYK
z1fv@w&v`i_f!RF%CcPA4DLVPCHZ(si_8U2@_3q{<b&b`%i;o-#9q_^7B;1kO)b$&B
z1>&Jn52dxPps-UwbmsHNw?s`bsI0~r*R<iUO>Ov?G(h%H`Gto_C})D&o^Vm~>dT<_
zscM`Kt4}#V;4k^TtJO+%{#Nr%a>mSrW|-(*7^IGuNTig;L`APqN-1V{3(=ziygYHt
z)_fd)-^F^kM3!ZiG7On<WvbIzS#WHNiDOdRA5ktAb<T52sSDTbZi#x)+r8L8lAT6f
zWB$@D#$%!24r!>NeKQ0uDcYa7D&5txv8yU&Zi+Iiiql#&HbPOHWAB+<kLXw6fE@`)
z0K@^OS7^)NCdLOKh{;-(A6(I+>LDycBS>9old-!DzuYkUD(dp#d5k>~>WdTrHqtz%
zU+eHR(;YP&k>pE1!<Ujx$i7g=I_28D;pk~_pu#h9yk~r>C$oS@%xoa}BY~G8DYYKp
zVo;kD#atihL$!4IEtIKWLMnf}@m+K-kAB#CB2D3XU@7+tZ=AUo$n15U7>F!copXfi
zdbG?um(2sc5qz5&Vpq=zF=Z|?5X?MtI7P0_a%!84#VVj8_$a@1jbm-Cud+K#C;9Zs
z<*F5c00|4$bkX4v+mdg=Cy=O{vT9t8Ir13^n$#R{UyMAniFpwCu3o0n@4aCB|D7Jb
z+Q;c6*-AVm6M=zc<uIO9>`G?nW%=x`3dc)^Tla9<Q5je8FRJg6bm5xZ?`{y*W(;<5
zz^Pf|7B?u?x11xa8HZu7!0wkwiU5_%#@;MCET}U%f7>me-)St7FWpk-L73FU1#{P7
z`(4bKo!?k*%%dYa6G+~{fkbOkd%K0(4kbxi89H5nmKIYAck?S3Jmz;B9`i-wF<4YA
z*jKrG+CPq;G^KH<hpXqOM;T>OxCq3EY89<(IU!~bTNUK<le6z&iwbxdUl7m1sP9;d
zult_SH@5(_S5;3TZjzFzymAFCk<ySKQw&KVBaIMpY3O8TY_Q=1@-akm=suCbdsh=>
zXyGY3HW|wE<hlq?zos+#DYB}^0&B`OlP~mnB#z;eLV@)Kw@RIqdy9IKddc0wrPOdm
z=(KB{qqZMzo@DC(fK`U+H|?`t_5`X-nqzy_@j*8>?$>KL`z(!(_N67)2t8Fr^i;vF
zu3E{#^kV6`EvXtXY2_$xCt|Yrzq3G`QWP6TnH82;Y~o}MY0v_9wqnM15%OapD82eq
z{VbL<SXo&)D2A6)E%%cXYLjxRfB811u?emvrVxoXY;jnRTzX8+ArjHF$Pg__TL-Pl
zJC#k}DY5Ze($H0+0(<dAoOZ-O!fnH#ZvE0WFe8waggKbSVbfJ~t7nkhY$`D-YQS`1
z%A9#^@vgF-70Mme=*T-J{Syo2#>LB!tPGWb;RWnd470@EV`Ry3HeczH&p!{F`Mx`&
zPB5&A>1;|yN)T#M4ds~Z1e^-VflF!x?cI89Wd5#$!}Z$)0>cJziwiP@YTMsNwXWBN
zd3=Ln^R(T=E`wy^HcpSW{N2`yAWFvab#9wiZpf{@k<d_*TGqkrS!-yTIHBfX;xV=B
z5)y)l(|ETok~i)AMmM&mH-An}8#^1bT9z~;`r~q#C_oTeouiDf)k_Ra@5O5h=M!B3
z0?gs4<w3EckNCNMn8xp6)Sk&7D{(HwC>e^cGpBf=gR`1%e8%WanF=1)xseabZsdcK
zs=&aCF~cGX#R1kN1W3|dO?I#F_f3QaVkZ3O`t5l3LFh;53))OWV^#dc0e#70D=z3S
z6R5fI%WogPT9J=>+s|Ib_jA3E6SnH!Cugr?4pU`)mNI)YP-ImH|4ieVRl?2&6x352
ztl;(J2ax+P4+Ync?)y`^)AtAF_rd}r5`yE<eo-A!oni7d;9X>p&mE}cQP;DzRBUKq
zZQaal1{FTg1x_}GOPF!5E)M;qh_YfyM0sQDVyEvFbOhn}*~6W#u;EJn!5zwrW?o-#
zeuBMbEOAjmzA^fbv&`R4#P`@iQb{$}zMF|Ewn)%D@ip8S+$RjrS2OeQK9)M5bmSY1
z-s^zdK3v|k1#H`J*9wLn9ppoAB12~FGAq|t9W%MfIguTd^92$j`FghyeX02Y^=J#v
z*o(A4nkRNV`h&a)4dS8F%pm`HEjd5mvNmPSs48pZM0oYbDhipK-OBVOnrxCCeBior
z<^tv_p$ZKKADL-K@7uogY3~oeqdMF)YhqcvJNobT?%=y&Jc*ZwWi|vkd6;zlfD$)I
znqJ@m3tP*F+<b@YeixR6t$KGPPl-b)v1*|1-?G-}+#nO!jz&plI}MSt$qA=URDQ7I
z`M%t+UK*|`Y#x(APq2rKyQ<VCE`f-yV=;NtS_K{!+_f$@dn{T_)Q<`nue6<;T@j7p
zd#;96a?ShfK3dx!{c9|aTpJ)PW-M0mA-xD`^ATyolS;3f%3*7)UF~^Nw@kHAsZx<T
z(S`RVza%xj)S%1O!|{4bktMSCHLn)aJ3og<OHyibkhQ3U!pG>Z(CW0=EJ0Ee3OrX#
zD7WE0*giVN@`1cECU~k}hNo)ms*LYuQ{mH!qYiQ|>JIXGspMSBS}x3^&%1z+AE8zV
zH~VMY3*z{1ju)4mIxWl_<)Dd_%rAexCPRad5$qW3-yjd#jdOSMTe3QBA{uzkJ^^m9
zX(gA%-kO!pJ1E~4Y)0B|=LNKjdcT@J!5G+7=@P>pwY-^*Tdp!|hI1W`uo00T>C>qt
zcato!7aHx3COs2#QOF*2g_l{d0A3C#dVF-N*FClo?D}wNg6&WG5WV?6+-V)xhU-79
zUVp>3cN}%W>&l&otTj0|$N%i;$n1FVo_pT>CEh!l?3BmAx$WlRiMooGG44as4zvuT
zn>(0!aNvWQ_!a%FT$?_vC{9FM3M_*3gQl)>6X+28JE~1wd4jn5Q0F|)=3`N7<MMZ8
za#m<Af42GfHn7a)^A?#prfK}iAxTsG*+aCB2r^EwfKHcrKhBY85D^)XhzN=GWVAXb
zT@X|Qf$KpOdxI>9wK?9#Z`AAQeZj7yD&ftEf>&EkMy21Uz0!nkOgcJ~L!@|h&2!L(
zAxWFY*~RK429Yxw@!IZ-C6sd^PI@3+agQ=@XjA_SU8mqT;3B0#&Tw-ZrY}t`o%Dzr
zy)x~8NTnbTUK79j?X)?@6S%cZ_M(YBNax;7Pw{#;STMv(6`ti4=nB5-B7KgxsSkh6
zF(Tm5-7pZYSP`#vv{1aS>U#I-Rgq8WjS8>HFSii?OP+X`cmKG{3Dqyv3_f`gwo@_h
z2&VnC$)vgr-jwGZxmV_Q#PQdTzUWz9_Zx4fX~-276Te4fU6t_VzPA}U{O#j4^=c-D
zbfH9AN@WUbFQ9W@DYSWA`nzIa(?mQvhSv3BZpyuwo1F2|4bL1kNbXq<3#07lFfS;2
zq~y9FJ^BvS(UvQ3V#}B-i0u$t%yPL&Ev|MvVTVb$?rn0W(tyBCE=Qp_{b`CzYEAfl
z73#N^D^4wd8X%fcKi`7-)sKeTMz$I@zO8@hYcJ<TvZsqyZxLq}FEVAVO78}C@+v&S
z@`YWyL>PvyPCD_YG?%$R)p58QA;}Z$Hey1gr~BL6tA%>YY*M<Vu7#SEUSTK50i=?X
z(gw_4U8R+}@YVs7*2FSjxj8v^8yY1VnwfLm4vM%`UgjfJT$(Gm7J3Cf1kLN@SG1yf
zv!Oii?w|MB8JF`Vbs~OCBczNmuDp^em<+;HQhrMFJ(U+}Q}OCIePsj=_;XX2sJ8LY
zFoxfS<8eIQEuK%im&uaJmRdx{?ylt0kQiZ4=-cWOX-+m8>Ns!av$SY`l-66XVZ9jz
zC8{8dDcHaPf~;6NijkcTUsP)3FE<TctTLK}xp4+$R2ek$6r$EVE2cS+&Xx;`ZyZW%
z7{E1vhIao#i!Zd=tBlT&vzx+8a#U^`<tX1kRFXe^mJorLmrcVKU68`3v0=1Ty+86T
zgDZK&tGkLrI0?T<PvKy8bh$rfB1m5FPcb-L^Vu;bjbyKYt(ZTe4b(aQkcCPQ>G3Yv
zeK~D5S8I4WKZR}v?xx%fLmD)+4ox0%++3?07PllH1zG<>>XFxy{~-G=x5j(d7C!p{
z3R*qz=nh<J1Yqx?2o{F4IEC=BO008Pe`9M3-(Mr~6E<{_(=}z?)@w1{GQ8r@y)tNb
zVibsv3xe{F(GN0@u_goa^pR75Y8&h`Mr0-~BQjIl_4`AP$QV@A8iI4rI1pc)uXM$k
zTRSG($%k`Czhp<g@;?W?*{2@lO~3@a{##sZok%uTHnQMCZKd_FXOc|2^760gg}>E@
zY+rv{I39*50!GHX&vDJ{LLHM)d#B+<LbN4ObqxbnYxXYlj+Ck-rrvDZq51D_?8iQo
zdugO`SAAXEod>Ns27iG^LsewPwy9w|=2IXkcZdb#;t)l~4Lp$>_>1)1urwjQ8mDdl
zD5>a^m3MqxV@BbeE{$f%K9gBO%GOYhJ56uW(x6lAW-RctD&b4^*sRoZU3KRa+BpC1
z2}tCz`g%Hqc+_#q>uZSz7l0pSdWn#;e>`pXY$g4*4z(F=!(ZgGj4N6J6|<{Z@X%s6
z`$JBCiNp~fpY>z7B&1ncettzN0DfJ@k23q~7Jfxlt15BVw!Id^--bxhvJ|O%Ddpu^
zH3o8`MVIkdZM;(}`_)nhtyS*Pcga1jZMnyl%sujE3s)krwg*d?W@qxYL>^JHeDTIh
z{Iei1O{4?|3f>rTLCJOYiv0KZVR5NfriU8lY_P0YqV<QbKVozeV_UUb=l5vDkMVTF
z%@uLF3t?mJ)9AEH9MZB{OUrB;O*2qx_&zR4;HZKgSgd2(zOiHM=m*4KHcH<a>TH&%
zfs1+$H+b}JEK6;qoQ@4$vw{%m#Gmp|0RKX;*dfI%BDYNuuc!Z;9{A-w*d{-fMj{@3
zy<@B>T@WRD&pozn+qP}nwyk??+qP}nwr$(*d^7VVlT6<0tfbPNs?<*Z=-t^>wU)ho
zd2Sq9N%{?{|0Jz^A<L8<ln0bH#VHt3{XL9y{+n{}?P4N2j~JO|ux;VlFifNsYs|vk
zDKCA{Kpb@i1g~EK`!+ZU8P-w&)oU3|t6stA;p~&1ps94i2ltL<B5VRGWDqN<9nM21
zgtM)`nos6NDpMlqy7+?mcpa`W_lbn%Jmx_oDy*8>A*AobcKjupW_;xul~Ai^0svmG
z8_`e_mcX2wAE4mF!Fh6Iju|N^iocpT(t&6A9SFpP8#?X}d=M?dfSt-Ao<!op5Yxab
z&Gq4^VPohYulUy_<(Dyj=n8Ko*c0db*<#>Xew3U*MqCK|UM)Vgk){;XRdOafHPYs`
zGA}+O-#4h)rfDi_Mh<(Q&gG(%IS9>X&oy*=qn}ER#oirWkN-MyyHyCaln`>WT+jWo
z1rV+aOi}YaO0125t*H~rb##5`<3_RHGz6Fw%xBe>i%Z$}hTEbFq1fWIL@0a2C-e0k
zR&R^~PKlLK89_g4P}JHZjZ|dub^!vUNxq9Y>&Tv)y}BzU&!o^*3?2>1Wpo#dRZZdB
z6iwkr>w~IHMiIhO`a+T3BR-MYafMMxO!#k}j}3mw5Q76*$o%`+Y^wwa0Q!UCEnh&#
zJnmH;I@4MTh*`8;#^17TJgp*9PJtK+$97rO4$}hU18jsT1tV0hj24cuWEO5ZZk@bD
z00cQ)p+%7@Iky1;w*e{aj;2uxU>X^{B&=s|?n;{Zr4f@?Y*jm2z`ZP<<fRLFEJ^78
zZG<yEZ{}OA2;P?#1$+001~%dyeUdiOJeF#N;0}&kMRSk|{nizCcvdD$p?A0oK%AYi
zzz~F0Z-$=TUT-X=)=qSRcp<^vUKjH4G~v=!HFIDU<im${E>Jr^WR9`9LIC6TtT2zd
zIUdG_Nsm;AGo^$<9g)avnUBrJ$bHN4@CXHgtCAd_cTXJ3Gr;iqJJGk<J{Y-@F@cU$
z=#MXbLXPubLvE!n^BeSLRz0Zl6fwfTSI7nQ>xdOLfw{9V?j<_%>=CwRM_GvzdG^CS
z9>qqS-QGFM3zk_|t?=^>+0wj!;6ol-kbu(y)@If!loA<aFwjelb!c-PJ}eMJ)FjhR
z5<C5hSJJ6hpR7<e3-jXd*KNdsRAt=T-%I6%L52n?1vpD(oYz^#FvXK;!vfRkcpjd9
zfASKNrKA6#f3A~qLVfNXW6+2-`diCOP#jZ#9j0&0C?i;hu+*vZ_Z9#0>PhgPBpwNt
z3X(K09#L@wb$+*MJ@f-0+0f!FNllc{OSvV40SW&KLl#>kl&+$7n2|p)ks529(Po9b
zD*~k$T{5x$HA(g>e1>6NGCa;wk~Hv<+*Qw1g*(m@``y*NRH8cEf}NeMf2Pl>&*QiO
z4?nKKXRP!R9?wh2$C~%K^J+UR67S8@(SER;^&S7p(d>Ai?I$FW0b2?+;)@-SxC#lu
zR`~F#S#ZlqETi7Hoz_C@Z;Q;Aqc!znQlFe5dqI58{Q3Ekucl7+`to3Z;ic96si+H7
zIC--ydfH6bk+=S%dD8}xkc#0st(!TFak(T6dT{@hE(QaUK|Y;A$%?&$`Z8}LemTJE
za7uDi(~f)$UG36wnEC)M#7+gKIvAjrNYR?oC{hvl$3GoEalQrI@*Okh+>`Z|NK7Gr
zcO|~fB$2e~Ah$8ZNuCfFa2mdWttfaF=MZ1X1f0C2S2PcUw<DihH9rqitI%kJl)d~N
z8St6xG|yPi7gW;--Rji0d8Jep7&CgJT#swwaB#4moCobi!RPX}UXx;_cs{G@pj2nw
zy=e<PESrq=F8Y%)yYLFdaRAAmqqgUlu&#c&zh$&sOmy|ME(i?a>p0cWz~_~-#@QL>
zTq17&GG!%gaD){qHbAE#Ka!VD!W*0_n8Zi?J}?*@gc}s2BuvwA?#Y2l$GZ~$cysVA
zfFK8JCH#(ax>KfB9oEC(yOX1oQVlETBzo6^(UUsiHH-eFlA-C4txF#!p4x0o8)j0%
z8_=704=DTIs$Aw=!U;vx)yX$q=W1I*npO}oKh#(W$=2d{_nbgi>umWZx?DHL^b7gZ
zk5#+VCxa%isN}16L1TH~p1bpGksXGRrEx2`1KFj)2~=8k@-z)QeV1|QxNh1}t8Jx>
zsow71q8wcvSEouP^gLEZmhhx9<TVou#mNsO(<psINj$2TF%ym&y*Y|$$#s+_IZ<)s
z1Cfd&{XUi<pZ!<BX3(h7Gu;HCM1hP#OBAWV`{%<ZXVAR9W8LbMl!(cAk4#mc9TZa;
zmA84>6)D+~mmq|V)DLiAwKNA{1C)#P5}RVld(!|#Iv`he4xUgV0_>g@Y50_uu`DUL
zBLy1^O9QIF#N`L2pfDq*J^e?@MXrWN#;9CiDUL6s|0%;wK%9@`8}IMFAM|halpdYT
zug@Qs^TWT&P+H2&bjoJ1>4PZBB;mcI)F!UM)dTB#a??+q+Ep*x1H0T+DPDgwEWAiS
z2xY2TS^Uem;IDIn!LayGcII7=3<4OVY+r%5OHY`pX3Ju_i%vm@Y@3zs-faLkP+FNd
zeBN0O>?d=_Yj<Ippn>{*%hKBw3D*N%4?H7^ncJvQQ1|ih3(?AwRE?Db_T28%6DE*8
zM-7Fa-G>_+$walSmI(^x8h!URP*ZINK~rWG)|@XSAl5TBg`->njqfIxg*kHneO&bR
z(;WvMK=em%#I1RCFq%AH!RcnN#E#bu30a)LZVzBjWyrycdNN}Y2lbFF>{CNIkz_Cq
zaW64xt79|xHCjs}(9g-p*RallV6kY{aS-Y5dcp6ZGZZU2-swQHhDq{x-|kU~RfuQ$
zv0lmssUPmoKuD=&DQ?{Wn$DhzA*gaqx-^1H)Yo}uYsTM$)K&(kAY6-QVZiC4ldCFW
zjRJ8ySYSGMtHPUC>OerW?re<jC$oTw8{2OKknb73ecm{RI*VEFnll-eU#j|jq_kWH
zpCk?KfZ#z3HTAGIpbD;$A6={LRlZk6be8+GRKvRrxx^mPuT#iD=6=5UQ{5=h%pFk|
zmpYFmJ-H0?FN(j&oT=CzJX?Iqgv@@F&aoQ8MMEurmVyGRshb%pe1hihnjy*;5N`T(
z!EAqGA~{e{nlgWjUWCh)kG-w)HCgFmO%LuLMzo1X4h!$YvdJ|?H?V1Txl3?+23gum
ziGA5-_3p$mNNf*uGj<oM0^?=QJMKxNLMMz(+m`*dqNy*L{c8pUTBmJH(mhD4qM=Bw
z*CHGh=C7;>lGcQU>`WeopS|)ys3B4K&OAkXHc9;^Ya6kd;Wl)pP$24;P&h2iP@D>8
zfYlTCL835p&KdmFSR-->l=@^5(RdfO$f_mFqwJ<vB^;r5a91k06zG=Wgu`0r0)T1^
zKEhGhPX5#wy$r(U#EqeC6isocp8b{`+e9bfgSOt=?2|`XJ7x9ms{3ofbNi{3+{frT
zR}rYIB8@waQ`_<$T0>!CJ1$T4qPG<<3Z7-^-qkbD3D${ii5a2N(G}A=rJ9YX^Jk^;
z)x-IUQ<9Z|X@9TcjTZSSoXrQ$4>TDfaNGFo$WtU2IJ{ZZ7pOEo-z-HhKeI>8g-D_Y
z$2lBMIMYR}JA`yr63bd!{6tK6A9ydZ>p)ECAiQSNAosSxqiBybUpuV#2Z0YKQD|fA
z0HY&wT;^)Hfo9E=5Afs}zEfA%@zKFF>Al_`j~080+Krxi#~O-=aK4?Re%=i<xz-UT
zAR~z=dPJ||NX##BD8sB1C(9#?m|I1xxh<32np(;aDJWognz5rrdqfEXI;I&V+L2!3
zS3dn{9RV)E!T75~?7E9a%qCz9X5gkt3U33Hfo|gYu)DT1=TD{%-Vu}6eWge)$1lQ-
zg~=+7P<G}_?mFdZ?ZRvg#+K1u@8Z(^(0*Gc*y<apw9MInr+QU|i<nFHPFehO1fBzt
zcij^JRZ1<(QiL9G&{XZnv)0%>13p>Z!c}1U$R~2Ib&Npr%C=$jbZUV1(NiJO%gWNt
zF=r2lS*6M}1#d(G-b)@+t&I6ex)?S>3)0PmstZ7sEfiS`Sja0h;uH_m;__1B%^Njn
z)rV%Gy&YuHAa5OdHVxmz%MZD6`v;{PWzm&<KzHo_HA{CSDU0<}g)!*GEEEe!`jbTl
z>v2k8Hm1T3q(`Hpa-xCCOF~cU03;2{Tg4mkS{qC(o6nyVpMw5n-T3E`2{*~=WEuyR
z>f!Cjc)!?Cypk1<JHY3T8Ti5Oh315($kyZKZo)vP8RdE4J1Vl+Uv#2K*?7Q1T;YJQ
ze^N#g2=BvS(WDAtIx`x)H$!;;egG7u`3jcA4}`(piZS2Aohf3+^I)d4Ct(x-hFi_Q
zWIvaSv5FADLkf~mCJO_0RA8vb!|~ceS0M)tUf?zAMYZTi--ZoQALi#Pjl`h%R5KNm
z4DGm^T+VhTK3uR(Xv|O~r-p82Z{>0R;u=U`ZO~xtEZ3c`0`j&9T7|3t<vr!U5XQsg
zUGv(T0yi+V0cHx+u=bO=v%kWz#p^FIFvadAi9fq1XAdcb3g|~3nA$mfRzI5;z+U-i
zRD1exijK<se6Bg7lR`}rk?!V)f_tI-kMd86l#RJdd6@R<N4H?7F|cQh#e1I@?k~?B
zxdo#GNw+evJZpfCmF33f3BmUv_fNVX?-}&&YP?&kf2ww9T#%r9<fJ_eA3b4ZMHC*j
zoV^ST?HoUDE^#vkG?;`~Gjghk_djE)5SJ6&JpgMD)V+kPn`;@TaBamn`(-`~w~dQi
zOiVFZY&Kxwcc_(fVV1J18<y6csT|o6WryI%2(wA)6Ubm^E@qFEOpHnuHch$7o{#P{
zZ*S;9vEG^<6580B)gs6WC{Pz~cK+MY7*dy3mK^+hjV3mvG>GH|Si-z2TzX`LHrK)%
zCVf`P3hcrJhjBC;mSzBuF1+pER`=neKT%6MGHn$ca}!*HC_b5P2p>ixVFKNA&2=3K
zbI91hOJ4$16Y`sX+1{#Swe^~!sGOH+vJ0={w{2mWKXERAeZ?oLmGqo|RgprkYFN%P
zhUSVqDmu~u5?#OPQNg6o`H@+-v<S!X-D1W>BWBZ~2|rs6;9vi}<lef|P2_PK)zH$i
zDo)$UrB>rqa<pc`5oY5}#^>u{d__o$)`hyWUtLVp$cQ{W472x4v}HEcJam1U?*LcR
z+$3lA_~ob_UwL9@_OA-<T{ns%2GFjWI;Su^a{|feN%Mlg+{G<H_;ZBoTW*xkX*(TP
z9+|e)7~Vo#<1{@uH&k(1h?<}1vYM?VkQd3^ONJc<c2raW09A-7Fb3$j`nRFB+MEKH
z^MJ2g%O1aqn)_e4Ajxq6?L6BdRhlDs!+|b|RGdapw3d!ypu@p8kJ4)q^q1LmsH51W
zo*0J_04d86Ju-D@wBT*fA9nf3$QX!@Iu;Yy+o;6RMNvt|WBVGEhgOmd`KBp(8S~||
zZD2U|n@fyqR9}SL`?B7b*-ToGe|Y!>8c1A3J$MvL50(0b7<CQrxU!`p=wsNAMRI9c
zUxg_wen2O$=m$8n$BZv8?-9OgNbRMvE3ZNarytw@v*HLBUf3^~Z)4{4M@!{Yn^VGK
zY&p-UN$DsUQZ7H-p1s!_Z1GkW`t<93y5;EX57^1qg=>FV9>kRpU8GyWEV*zDI3V%y
z_jL7bC1gKYF>6=xg%BtS4)?CCJMGKo<dYhoFBOSHt!deXcbTf2%o#`QM`9f23yuZf
z;sk@Qobe7-Fc(IuA#1o0?oc*#NJ&iKbaY*vH7WsW#;S_5$WN_rIK@*HZp`ZY2>s;#
zhSn@zr5*B^dd)uQ$EWWjtZ}GsO(NKS)%kLdx8yampM=Kee>c%!6GB6qLoG{_T%^id
z7!_8LDlwQCEGIXiqT$kohTkFyKbqyiHV_kHmt2lec*7aroAoXj%0Gp{`Pw64$A50z
zk6;xtgYazvemz@=opuW8CyVd)NVp8WQ%PSq3!mV$X_5|4t`c;G)oFg%W#{T9?i@Z$
z1>xpf-_81zP5jH4IY+H<9wacIm%Jf(<<h^90BmRTFzXldcc0c^hJQme6MUY0t#=uc
zqCr7Pz8c=~!4nI;_{>@$vRL@9Zz|<uxexO0A*bahTUMt9+Z0@XCI~jEi^}$&>qVg$
z*r;ljj}thVvR)Gc^XcgNS8DPtODU(R+6&Rs#@_qYo8*s{9|RY^>A+E^hH!`h<g*0G
z-RCNB8&^)V&oh)Xw;#T%6~GS00ypwc#hKKDR>d)yNS6GkD}1TMM+w&=R819sUL$nA
z)zVtwnt5Zap96Frh48CDSVha;Up=hrl#H_+vw`t+YrrkQtZl_2QWrRN-b9Xtcu^4I
z7Z$HRAr7G@1u?_7CF=x*OgqO(r+pNq*1vX$xr03%7Op2Iw1DLvWfuewKGU|1_swOp
zWvoM~yUkv*A$LtFXs)1!R?*wyu*2VnJAK?|Psm>h*AdU+&Sg>U++OcEaH~(E_m4x1
zk01JuzI-{#pO6VoR0J7M%eXo(!7-{5dsKh%nvTnTs3j0v-+pz)s#RH0&nEdQ#=DlM
zp>I~XLZ19Cc#Ce(#~zCZTYP4hFD_EwVkMF-J1X<grf-SaB+^ZLm2Q|>_4dap^xY>Q
zk*QH<I7i>Ek14mpza%e_3icU7Et3J7tgr^<p!VGhnOqVwU1dYy2vU7Ilm4ksY?@XN
zLzOs}$!JMAm1aTmK8S{dW<x7;K3C5W=nMda2omr05tIqO!^E$qLe3pBCnmp}T-TEd
z-EQTsTGX4Q^#-?fshC=6Pc0@}o44PvU5+90r*&8!Y}II~bu1?D3^g<M1Dzk;pye1)
z<;Fj;AVj?*s!ru-$*8p!#yb|6kDYz9s9^*g>3uhQOR*d<XG%x@yU6v@leJ_Y5?L#6
zHli&@+s8I44*D)La?S)S8V~7llpuU_Bm@RpUUyI&7p8%WIzPsWH=dy@QBgjy|0{k-
zk+)3RIRk3Pac)*8?1`fl2srS*k`SS)_3;QqO3sQL95S*O&<KBawz`_lL9y~FKF;hL
zivHF<jT>lkk+E?}ok8W^Aokt4=@jC--m<la-i|EVav51g?R-FWzHQu}?99Ms*hiMC
zU``KhgCLM{Yv-NSx5Q4naP+{>EZwmma`R+X0rrU`Tl=L%Sx<<s{Tls+EU*}LzWMcp
zFR#IMlL~5^xTH;iShN;z@`e5^dr;ztmT^(~{y1l}zZqCO#!0vaKh$WS$jlZCNt2^!
zsc5wSj6QR9-~6hvhKh{c+S=P19-#?W^kcFrv@y)jLPB+xC!UqW5BsEw4#meQvI+2V
zn?UUa(grGBF>zB)?)K)m<O*d#9SoYotyL5E^GM?I@hh<F3(vz%zKawNQ`w#ZA0d{^
zmtcYoQS-uSMCBT$g(-iFHbRkWWHghZSVz7SQVAb@2I|(bwvvGe9GacFRS1WTYxDx3
zlP8M_L9+#x?HjEMA3d*Umb%m-$Wp`BkX?mo_wiG6+@64DZoQ;#gL*tM8C-3;7Ejh8
zOw!RL`wvNkCRRW%0Lg}^P!Fy!t>M~P0%fmefAUYkJ-RK>Lo6Oy28oT_OS#{lBPR7V
zi#Jv>Hm1$@`hUl$Dr%i!$r-UtEb|!FA@;<g=MqD_{0CPHyw>%;mFt+DJTrP<lJLCq
zqdG&k&0g?PIQA=h5^vA<w>{&3f(6bddkKsLmuX|)h~|xQmsRzoUjGtEFt}R)RDt{m
zsn|%i+*|rpd`C=_{|q#r*Fduz+A%?lu@PC&lDr#=;i%D`>v*ts4`2;H*b#hU3DZ{G
zP64~8zKL22j&BAZxJ3Y>C_pv*0F%114<oxDXjhf-MNv*-XzDQ>e@CAn65`_u@q7_c
zNJJ!635~Q78YyrK3@3w6*HG~G&!&*vJDd_A&cClbxyNAYO*yq~k*xPI65{%Yxk;@I
zQw?q&(}+8|vk0{92%^WEj&>TCr7p<7`j_|rfZ2aN#a8x~S#K{7@2V7(ASte0<k1F4
zg4nN%zsBeCh%LlXVGd_preI=t!Q|5<BNEMI-j8U!d7$9b_SA`i?W9O)NY`Vl$oWdg
zXjq#a`}dsk8G~suZpIS6ZU_JP98k{>Y)eo=PVU~8p`^kEeDc&Mr}2AmRExgS+V)D{
zW}r<YjB>T?(Vo$%5mrQMr*F~-p-^qsTXLa-syd(`BLKdP&W=BhfJiUW*UXtPZesU{
zB)-57p2AcEYGZk?!U*>kc*C(X;dYTh^M#o0ePV->0Y}rKbb{!F1on|Lm(~nQ7w3LW
zB0WleQWETOR{nYSe=?eQ0t;V1G+|yaYdG%jT6&E+84D}MwX^l#*?&Y;evlzc;=e4E
z^wzr?J~kTVPDFaYhZ+RdL5)11SXW<~P=KcH7JWOV9}NPZ%pF{I=&{z>HM|0rsSDXR
zT+X1QUrK4*6tP&H=xgp;?+6HiwXOFqS?bUl!X75O{`c2!Vt2BKRpA&z%D;?(rpO9+
zdOcTt@%{~Xx}E7fep>G#<*D-tKTuNYQ4|w8H`m3z?uGyNyow^6G6ZS_E#z+e=1A9X
zl<vb!oOV$l+3V9A^&*Yp?dq#qLuqee0RTO}o~YICk0YkopwF{KE&e~J2pupMwXfo)
zefMoV%ic=_i~e2zy5edP;!?eaZxrhiP3Ga%U_5g$9T`IngN~5Gt4Fd@Z}u2SF}uK2
z$4|U5lQ1M>hQJIJ1mq_nqb%V_`iNKhQ*N((#+<wc>%?YD457Ql+%$A-FHp_78*;Ct
z4@1^7kmb<=7kxSmE3V)W!N{IO#ELxk<b|H~SXu0U`|C)(`;gafpRDK;hSS`)!35f)
zPO5oKTk#336!uCwiJIhq06%ibn4s@BayPMAtT{RAL9+E~+I|;*6b7-W$^#e)j}PW5
z@+7f+4J!^vNdzW=Al=s|?l15Sxhf9#IzMqIO-1)Hc_UZB512P==SGdHO#^m}!Bwr=
zwj!WWJh&VD_<@(^=Zk?7w2JOMx%wq>exxBtN(u<jlnU9qAWeHQ!W&rX_tu6z269#a
z^AGBAXws525A8NwWw;Ngw}tFfXw*M>8Vie@&k~i0#u+;`)BP4%_17DZA12?)H$QZd
zBGizAn}bDz-I%{Q-TBoP{e-#I5Q2sISHn{4gj}@Qft?eTH1HD5{`mIIQ`~+I;cpgM
zUh)-+{!W10j$$_%b@U4$(GgW^lZ4>LQ%|X-)7vF~nYnD-a!VWL&ebZ6EG7bF2+ZJl
z|JD>ICZaAKbNL{L5EbuU7|m*23_>}J>@|00%!Lg8(5makIKZM3<y~#m8@$3)Jgo$_
zfX45N^AWe?MxivrRor#7&ug5UQ0wdCYelbZX*-F~#;vSb)*-j9i*f#&0vV49h?`%f
z?gssFg~!RxCzQUDQZy(yfZDVnB-wW%=mu7OxPk3!*|oWQ;h)_rFZ8pwoO;=V>2Tnl
z%gVvAUllmmY8pALdP)_t%3ovB%=`0d22-iPwuHWo&E4dB=Ge&t0vn`rVI_X*rs{WX
zEE5wV_61?=+CMTP_=xd<73DPgskX>o&4HN+mbwM{>MEjTD_%TdUJyC;P~M^<*NXYT
z6{m-g;?uH+^$pSz<*LtH)Ghmb8fje+uu(;t#yQ#n(+c1Wjed+(AA6Sb`0yuVbDe4&
zrQ--+qyB0Ui6Ux)srK;H!R4_?YD4Mhxv2(O*^R7VN}OKdyo`U1y^gEC=49hiFEqrd
zfICqPN_2HPrriG|<Szj(8-bu9-3>;(eh_bk1ZB_fXJ$@=j}EOXG{G2YfX2-t=ugsZ
znpA^){YNm;)c#RWsiak6S9(c-aVu<!eZg6waI+^6vYi9jrfD|DebCS=@?D>(qwp+W
zGppi~g=lhRx{*uRG30C6w1hKY)Y~@iH&bKIdb3b)tl6f>o`**SsuxmawwV_}E<v|*
z#vnV$Qx2V`^WEWv>;ig)`6kw`=1pWL4Cz&th${jhXnqOlH@NU!1OMO96R;Q)F4YQ%
ze~?o+0J*ep%k0^TPs~M`V%3X@)|Nd#c9~8OtJNyg9tA&mRqThQOk;FN?SH$QD0d6p
zI3~S3(ONZP?Ps2!OLuEz9dF*i!fUfp?BNgUd$XZOh74zgYu%nP5TB{js^{c&?3tyN
zax~YTt*p_NPuJjsDQ^qeA;czHN}DJfUpSgaZ~X_+PHrK&vGuxWidui$1rV@0vCpBd
z7AS!g=4!|AiZ~?MWn*S$xM+cD;>gDhcA31q!{%58bf>WD&$zWdPl?rQh*1eNm`PhE
zBm9Q&50N&VKyt8+gQ=wi3Nlm47bpb*VZw9)udn4@Raux5ikc(|AfNc#zR;DTlbX9}
zTkL&Hy)>&)1Zwx6xX=sX|LTGHOeYi@?A=+jN%tVq#`%7^)oo@!(om-wXqRp<3FM=G
z+w9Vb<f`dJcU2pp0A8TF7mEt`f(aCky2k0i{#E?p=o64)Pbo+a7&A6bg}xV?EpRWL
zr2|cPa13gZlXef4APO~?hR3i!kmuZrP;Wps!~|Q(o^B@%u@O|4sg~m5Y>XgHIz>bn
zxP{vIr$v$n7QrF$KoH*g!gR;ok^(^rkjDaA9=^*vZ=$oJEo38UmfD+=Oe7iEReQG^
z&p#(hNQrCfqPSnvQZ+{9oDz1(vrOdbT7!l9ptwL3IoHvAzN5n`eFMFiA<ZK0!6B4Y
z4{U_I6FcDIlEGt&KVLVmm7w{nYF5w+PmB#I26@C-Mq)V^(n)gJMf&a(b^fm~HD{~P
z^BsT&SEbF|Hg}G`>T{cm9!7rg#<+>wTb{b2U$rTm1D_nb>4rh<pPRb5j;#bTn|m$h
z$_v{E^%oBzaeXO%>-}e(adS4|652DvN%4YKB{+^GVVWZX*GZzHG{s@ERgwe=In0uN
zw?>rohdZ}PsF1k696y1vL!le=LWvLJW|r98sdnXoGXdOWd<qF~a*O!%q?%u=V<6rT
z;0p*%fd1~z#Xz!Zjxh>Oj&=+xG>UD3b$CNii>8`qYB(*U)_4D#r){iavsOYx%LEw@
z{g%&6MenhZKnhFR?7EX}HVoXc=X%-~mfahk(`&wroYkEeD9K1=$}@(w&86$!on*XY
z;^t`W{2|iNDhv@qL}2?sXJMs>#p+;@GM}Oh>|DB#hWPDW2tho!l>#<GHr$kK*ATH<
zM|b9xiW47OewkCXCu$aQ)<kHt`5wk9t*k}CfTgWrqKG93XFCs8-r8ZO6P?bHQ>ayQ
z`V+CbasTpz4MIQN-L>=-!gPIy`Byz~*};FZqH_6>!<Di0Y$JSj0z@B}^RdL7iq@cC
zYgE*`1OfFPB(XiCY?5c2Qitj6-`evarP+FEY;iP3s;_>RA}_dEtK7|#O*m0gEn(_9
zC5yv5KwX_}@7jtA>e^hzfpe%34~Q94!FqV`{CfK|l}xXUx4|am>C@t+HFRaNmlX?6
zMIS=pGn)k&QHd`t$9x_%v?nx!8GJO7k|D3d{o-V$6yH79)g;4lm(?$q!EkT}A&}vr
zc!Wp24!K7Z8`dB7QY{-<caM{e3(rK7KxI#&Z5<w;NfaHt$yg3*g?1a-1dUoM6JcU}
zp@D1!&wmWqg(`ut*y0fP|A-bMlYamF{E~s!Y*)a##=u3^+qZ1Y(5QBK-2B{qlyVuz
zDcw7XfDn!SK#nXC<WpW-2+5mF|1J5bWJ(KLbxd#A0+x7irtuKH#8aLRO2E^0YCWpX
zJ5_OtsU_P<@ZhOl<ERPIf1;MJo?8h5GD+^!mJU#3Edf#}7(EgRQW2)FRjUb3nG}i)
zI~uoI7lj|<Nn0LXcUT+UxP?e5@k$YEh$b?(>$9dVhA4pn?YxL4VmgKkfNLQ)@L*X9
z<C&<kV6h{*Y=ZI#QO%Ej)RI!o(Ag1O|G_|+30D0~pQPfZFjy>djLjFfUk@E}eg>BQ
z_XT|+>qFJ*cCr*7&r`{it2prOlM=;!dke&8L?P&8aW(S<5>nbd-k?+tHsR9eWr+rB
zf+f`Hy+1LR)uJdxM2Bm4MDed;Us6~&KieTqa2zJ)Sm+L?#wkVrUl81&OaK`xQWiCJ
zH%#`t!P96?m7c@$K~g^Ko#JAV*V|a<a-rwhSZCPDexmbJs!8~2H7)QQ!5*BUS*=l%
zWyHN#bxZNhCckB`y&5e%y^HGt4q3S{93(6*W?Y(uFv)1yC|=gw;7cv2u%^WK{PNYY
z6O3|!%BR6yTPzX6^IOX}SEYhROEk!p0K9oeqe<kOPOwhkr~$pXV^d?anB>LmMVwd)
zd;78{k>{!&78opmp?2C-wlVaDP`)jxr~MJPmXW=Q<pt6m%n)igsZdhzpr(S(-9_`^
zLK!k229Xy3Jecc~6I%eAl-Z)OeqyQpnnIqKU0D`|-)=GgXd#sOg9Ha95*&f?22aB<
zpQuD8u?cPtTI?*YAQyL-A_Wx>8(eVsP8c%fEkJ(G0X%#Y@CS(?q}^6YZ;XyeLUF1y
zW4|TSPEWCE5)wzO2izogO@LFr;7ldGQu|N-Vd>JgLsQ?s7(*qs5l2Vr#+3tgHZ+ii
zXFHYxh#b3XJLuEoVlP<Zcq(B8K4#;wwK2p@7i5g=vQ)*D2=+9A1**v<x($!9*28J{
zh<N+t%2-YB_OvQMgY8p;2jV=YbO3hm9V~blB{aV#Lx%=5LMf+VGkBai1zn&+AQ=lo
zvndeqF>*meH-kUt*Nz%xYsZU4Lz)YkTRBiyAb&kQ>bILP|B%qnh!3EZwDaiN5Uf5D
zv_h*Yki*q@y(xHCXSFkzTXWVrXldu00y*jzcMtW>^O3cP)-mPT$_WHh#^tq|QLI?*
zVvLB_I&$#Ca@wd@V!!ic(CP>y{C$|KrUvTh-a6Wh(xRs+c}M%^#Z}N`VhH)wOJ98F
zO0!PGeNjx_44oGp-LXK2cUdiXjvbYlr>*XD?GNY`wnj{4k3Y^AMKri4)cDn2nPUpL
z1Fl0VU#LGm$(q!WVOI=%vY+ZUUe?xYC~G4>HlLqTpcYu#CqRnHyh6J5S5r!5F|9=p
z(Zvl0?L)6G4Pb7F@han66o>__hM;~_G8h%a__uPVr4W^2%a0}j1>~PM65UqKPf%|U
zNkyr2Wr!!K^eiM+ed{_Wa~<iHn{#!FH~*J4f&Wlx;{>y{V1<6;1z|wd%19WfCxv;A
zK-_{*@1L@LhUwW_{HkntSAo!LVhd$aN<K*jvVQ$qmP!unItzA~HOqw)tqcMV6F*d(
z_3LWC5H+Lat_jVcX<N~+P7(#;(B18}#E~-iW?RJLApHh@r+I6p=W93iqWo31TVW-X
z{C8>MZ(ZF4D<3I6L5HXzER<l4xkQC@BQl2jbthW6YYsc)S5>3ddwtoST9`OFyqs2-
z{_d!F<Xg3}<f=8bGqYD)QgY=Cz8&HP?~kXK1o6`}@h{~o;BjB8r@oD64pgW$Sw!wx
zn7#0Ld*Ou%$q-r<>A4wqU5_gyVEB)*zP8rvL43-BZOhAEgU$Byo$Ln=^4|;rC7y4>
z^!mztHi-+lhiDfn#fi6yHGxjqsD*d?JR)}KE)~nzMtApDEPu%XNnZi1pM8w5r;<^K
z!7OJi1p3aH_%Lr@nSj>kbPj#Xx;et`WS2guvY~T&u6IVQ`4mi$X!+3D*n6F6MJY2(
z`hxX)sinsHaCBu<MStY$aYmIRt{};_Ucwc#AC5g9Xw0T`<8(M;ZOv`^WOq>z8JUbe
znLG4Nix4!v{C!guINbqd1H^s?Ng9OvCM?cT@Y4(8fR(3eHqTEL2-(=#hKQI{eDQK}
zgj%qyC#s<oiGH2l$`+%DY77OD!pw&>^Pz>aLuwMr$f!mOPmmOSUwZd$u&*+o;e_~8
z;l|kudKs03wdjro&{gN)n>k%u5o3aM4x3}}F_M*|zLe+AP}%0BFKT_}z^?2&wWxBs
z(K@GV4r=hvFl%|F=VVP~z13Tt2DAum_>SDTF=cwjHmccczZVh*K!{TR0hBwe<cF?x
z>Z`BCf29Bb@W_Q(rgUk*GSy&y%H}9TT<~3-CcAUTOG+0m9VQD*!$@?DbT=6f-wsVo
z9;C+w%FTvH3g@KS_GtsU>MQp?0hT?Z7v0k9V{vH4J$_UqwN%BWw)fejk9S!dnC@tS
zl^d&d?&Lew%i8PNlLq~LhuW`U&BEhBssfmAt7z7$Wa}h7EeL4jYOxyg%nK1H3Wk`|
z!{|xNyDV}N=g$77F<)UV>RS4Jn{I(kK7T3#^6ny0z3BUBJ?sXm9!BvtRPJa1&C3ZG
z*fSbuRKmI26iUxJ&T}y!mDK2E?}AnhiRUr4{~*i)x#P^&h%L+LiQp*Wlarzfp{flQ
zizBBBD5(s7fp-aL$#~*NoU<!1((JJd>17bHZbfX*k?roMkQY|U3$e!x$8s^O#3^?q
z3|)!<H7|3EZIsuO`UUNI&)I8@>zX8{;T;o`(XrQmb!I8}Y>ztcrf>g6SC(UH1u?%w
z7aFzV-*4Kdn&x{M)O=N~6cP+;H?_AKpG7r{5QoCKi83Sa!MaZ`y_TfieIX{;{1YLW
ztrR*_p|zrrbP<Wk@;iVf(3<T3j@um6v37JeC?MPp!v3j?{cVomLuE-_8T|I-wNX&0
zl<S7O!u>R(m-0BYHg9$segR+6e6cN%X35v&U(uyiAb-#kux=uSd|-ypBU<(Y`kvxw
zQ5#7UjNeyN1f{3qr!E(%=V)&z@5t|9oa_BN_ufxsxep1}qje3rprmeFP2OXY$(C`>
z-AWGz7pSa5L;{3mph|`Yxd#O0z3lWdH>U3|SgA>%BS0N{83c1jSA7_8z|kU08p#AM
zaa%l9=gE%ImR5yx(;X}zn9Kz+F}CXn-x4{pfjz^?AJe+HxRGN1Ip-y<buMp%a0Is$
z$WMyc?w3Mw1`ro?_J`Gaf3(J11RHpZ2<2P7*+M<cI^r-1HhJaS2=D3s1Av03N_cY;
zVBW1oKT72FZ!K`p7p-UhGFU*LO7k{{Rc61_NSK-BR^$2%s+~e`QR+aKk5Lh?+{z%I
zf6{5HQ;v?n8U8vk7I)gdar2%$Z4HEL`eI{;_6Lh!H#5UfWu_WKZ!>u3=xAxVp`?)A
zV$7t2IlWP#mM5kSxnKCOXN~6;{h@*?(gcDGc*KU?@UqV$XSWd~Q{_Dp;s_%I@3Y0F
zBDX!h+fX#4W_F)@evs#??E0()GS&i6{(;bwo?9Q1O7U9sNJ+2JAwOQX01~bz3By+I
zre0sPiWv#1!?m!Jl&~-@md@1I+bdUOP|XdW61Yj^5<xCY<S;)RBe5=2vMd|$J4)bS
zJO$nvu^J@|oAP7=ZeJ7sn`U%OQ%RJ4^wBl`mbG7zIa2Q~f}j;d7$@D+-jvflhNTTg
zfnYS^JV&z-Aafh0sj3nKlgK2ot!o=U66M2Z6nU8I;Z#UDHp`&XA~}A%_wLhs)ujc(
z#%#K52(4FJSs5cGg~>$PmCKP*hrCp7DiX7GIK3te*8bEeZeXnaK>`(qA!&^yL*3#d
zAsQC<Mq%EJ>Zow8ybswwk}dG(m}0-ks{)Mlu33Kj^)f+K6_FZE$tBe4l0~dENQsL}
zW(NCpwtz5AEa>FJcYUZs&lAqjl*eiPcIiDa|29_jY5i?<=ez@L$r|3#f?lG-&;5OZ
zjgZRT@S|JrTN&jDg&YFxn*_UxD){ar?FhRU-QWvbr~%+Ti~xkBzVrxI{}d&a+tPKq
ztw{r0{b!}`DJWD3R4S@h`$6Q1<+K^FmXZ<&J^nn0u76#kyES5^U_|Lbq?ca^GqvMT
zT9;BaOF}`_=vAbB@&2)sy9DS7^dLnB=%hle3p(}@X_a`MXhJ4CxGlH5X+y0YDW|^i
zir&uiY2g}fRbp>}L@Z^a)T+)#y%`}B{j}EBKasB|wret@-Ch#;+eE1D>uhur<t90N
z_9-`E(@>TWZ&tjcnA##T6)pr)qfsro6Mu;6dPO3Mx*e#uOx*wCqK{6hsxQ-rmjcj0
z{SC$cNE`A>oDx1lf@}7}QT+Oza87N<^k`l%eT5#It~OpQr^8gKlzLq`h-b5lhc9FL
z=W1Z_vVZAP#`co>51A^N$P!pw9*5Y^oXtGeG^T<ON2q{fH)s)BXz?<X%atM;+y^NE
z$7fJklxq?H%1}*r=IQJx>c|NKJx@5Swn#7tsZc2b$U<ndL|6IUf7n%7oZ7(F;FtcO
z+f=@S1t5w7Z|F*{^*!{H`5C6ni@YsQnDr1veNR6s&-*$?H#S}orehGJQ=$mO(jcM8
zH=QL(Omf@_1X4)#15)7>x_FBf^@7YOC-Ah>`_<3bz3(yDN(g<m8qvwZNcfGY6fEku
zTNpSnF^M{YLYNP>O^BfchcK>+&!_2dSL636?#Pic;K2@Dl!twbO3XW{7TjQlY^yfI
zNsbwEsNye`s5^fn8cn3uIM=JdJh}lVgi@Zz^6Gqsa(GY`fd8d>g{HWito73#f*ZYl
z>;lfGNeyB6-!_s)5D-rS^uGHuHhg{q<Y-zNmsuAhz05fQ*XR9n>Ih4Rr4{Qj;Y-p~
zDGCg%#bma%0{J?xxzs*m=YWMbg5_LzToQ-BtvzTh@khWQ$gR|s{QA-Tpp`bI4*)Ii
zY@p`<_yA!zQSn)a%#LnSKRNr5k-W^oq*_EgwQh&$Qofpa6l~ej?CQ5OO=#mA1b;k?
zwc_ic*_&DX#?oqFAQMkNjC*gz{GbTvqysC#>c*T;K~anY>x&0utArJDP0LHuV5}2M
zM#7B&)Y#g}c`~;wn+cGGc^Bsx(l&@OH@Jckb*p0gIX1G&Xj*t7cc=T$;ga_`Py?Ab
zdNQPySuX10^eNZe%3Wb<IBfM4(P<}lp^DB{4P;!#b<~jt%XD&+pG_l)Ft3)v+x`5C
z4(DOdGl2c~9XhUv$!KUOQ6Hmg*oKTd7$j@L{-qRLBXVjehXG-#Nf!TkG#WAyYjNc&
zOsZLlakF)!!U%FU@68<*-h$bYPlabmbB_?-1CwBSrUQ3+c{lsM$0G4Q@!;Cn6<B>S
zRXl{PP3QTgg{0Sc72RZwVQ-(V+E>mzkl%`-!|-U<;_Y`I6?B^#?~I(OleSgYo`v>!
zt&8QZ22hBkWHlo9S=k5|9c|g8yyUMf)=~#a2QSV#yNHfUQvQQ$%@;SAY7DZxHy&Gd
zBSy@LDhtTf05x|%?%=vv6rqjC8w=zjJI7M83v$HN_8mJT0gY6g#K*ki{4%Yu3sfSa
zex^sR)z2PS?Ei<j`fo0zWMRsAYoQjMF|EiJ)-%3ZGZ-EDhhRYAk-FA6#VLra3Qqb4
z;c)tiHX$Q|PLoDR92wCwnNE*CUS|K;+|pnGq)RiNE{d?qVvF8CL||E;{W2(#SOm8p
zNyWa1lL_`mliy+vSnRl$O_Rv@l|Zf<YdFQICvOsSs#C|kT|^SrW<J2vh;8I#z0<QO
zWl&D~v?rU;RX_XY<BXT@KH^_YNdR_`gVEwfyr-~hn^Pi56hq2B11m`sLUo2)N;TX*
z|K`zvUUF{n&2ju@!6ZxcC6H#aQc>zXmCx}^WdabYgQ$)CfA@NAna=+5E)(|LCz)oi
z3ZDA=n$|<R)V+b%TqIs@<{q{>#6wjNg8<gGW$FHw_$aDGMRTDoyBzo+{J4x=yo#!J
zwM6~%3wj{pF)>rap}>tH8FFmI0*Q^;!ia28R`ds5P%#boK+!9hf9;LO{LZY&!ep1U
z%5G2F;>h!{)@@##cJ6*R+Yg{nNo2^7fjcUQ3!R#+YiF$$&-PBE_*=Ci7(3+N7lUS+
ztU<{NWQ7-q;XV(S0Z@EkT^Rmx+ATIhdDB9kZE!B%{yC(#(=-x&`#l1^$B{MEqtUS7
ziY2#tE<x?oN=OR?^U^pzz{8D5-U;TGq)vE(Psw(k@{OoWE-Vyz#Navv^f*7SwS!(N
z+O$rZ5X(INko>K6;i!HJA`+N!%~%MOY+?#S(u*EC&eb5l)Y3oALq*707&4)OFrT;J
z{_B-4dL;fr)8pK@)e@z|FN8*o8GiiXmzS#6^$ns@mU#iZSnh;?YP7>dYbkmmq-2!=
zrTv!Fz(NiD-g&W+WQcLRFV(@v@#YBndn$T!ylDnEiFZV+f$m%<VtR>Ky^lbmgArnv
zd9D+WbAR@v8>%a_YoPnu!@mv^l=FO$jQq~@DmpMmTr(%+xbDlh|Ar~)$QIz_n;D)+
z_`mBfg(iEYZsiloZ`o}HmZSEkF-><1KUT!9$`hODI?v=(Vz<)k7EjBctkLV!4Kro{
zXLU9_3z5np>9%?I6MMR@$e&9oQ1GC};YsbzySGOGQ@LQcXBRoIFrIf_)yu7iujC~9
zaiTmWQFs4KRy?z*J*xlL!>2-|i1e%g@qDtZpln+Q0&0?~Ya`5MLuCb8+;<VX+Z$1z
zNfdDVI761L7s{jYxVUi}9L>0gNXxQ87lgDyYwu1@PJ=A5Nv?^oJgiBG|3E%BSPS=j
zX8x%mP;{I8JM2dpS?&MyipAgAc&>|&20DMemn^*vA}WW6+d$V`Dg&GmuW_i{Y=0AC
ziU!IA8(_v9XzNeE4Td;?QB~~@5$dI2b>*lrDzIK<7^FdVgnv!Y4W>@CCKM5Owv4f;
z)eM?WI^zM4z+ujPwPKt1`si!(<svTNf$mW;J7SQS>wd#&$1vJi%Zcl3fNPxbAcI%N
zha#h9+!To<pq4!y+$bo$SRZMC>pnz9syrzHR7xw#tw1}(CcV7L34!;gy8W*M4v@Rp
zt@XNO^s-L9SS=ky+R|UH?{e#uB+<=r)-SuXbsYBl84>LWaT7Wr{50fYc=^!nm_Y6h
z&6R&+=UkNq9}q;q5I6u4&7mEY?p*`9J)pc-Np)be<#Ay!(Qq^aP04QW15lI(6|3<J
z2Jvr9^zXIyj5|a0>8Nk`C2XDxc5J5adQc9~5gP^#_obDwfH{e}6;D%o!jAM-3{5bP
z2)k8q1)G4GZ|SOH4|&IN_hE}(r=U$qH$9`!e;+b&>{R*xM#<ZD@cGq~>+7WIR^Zk6
zP&FkjE#Uo$g=Q;#rejcOZQYBnUwRVRi<r;lLtzJLwPiW8gbp^{Pp*Iyj#KHd>DA(_
zyYPDeZ_ZbrFbvFkg661u-`Vah(xTlHt`*#^7NQ*qu6S``*H5HcuS%T)s0PNF30uV_
zeN??8joh!x7XR1?Z)SLQiFz#^TpLmjozy8MSQT$w$ixA)5`6&6xQqNG3(njeLQ5Td
zhG4U<DB!cN%e>$wys@Ac27G2mE*H$sO~3nhx@f{rsn4CcvMbHXm9Z77PBciNSx(<P
zmq5uDpgDdsX~l=QpfO|2GOS=i==-;A3T6pJeJ6g+?0F^ji7;;h^>0_atT(Z1C=fQh
zjV~CZXz6?%%5(-DKq;<nb>w<3_FW*{WbJ2^2o)95_VyHbO{%NumvffSB~MzPa3;Gz
z21Qq`906%Fg?4HcQB)6weNbhBM2U^RE!D+-5HKLsS~(L;(u~B4Ttg>NL<XXEUZ;w!
z!2I!Q&)&E9mi)+CfGrBXsRCN9GmROeZSTaX3nn=EE1SC%-PMA^{W4Jt9|buA0KWpY
z5uDgZJrzc1IV?dQ^B;qCw@l6)p>KnFk)O1059WrG{^!TEb$me3JhqX=m6Orj%)vCF
z##+Y+<QAxvHTm$C7H&e6u!Bta3=Xa`NE-M0+B8Sz2I|#1CzdMVSpri=cbcTfr)#r=
z7GBGZ1%+&Wh-0NSMg@xmaZ9q2j_J>If1Mua6PKO#QPd}?-ceJ_g+L!7gS$d?50N>P
zh_5SsG*6<csg`EptkEh*<F>~f2cEXEU(R-+a#dmuVpYq7iKEhywbpZt3ThnS3u7ox
z1;lQA92*cF`s$F2Vg0QY7QdeCEv!DS^tIKmGJ#YleesGCv1Q+G;k}g*eWPT=oo>dK
zo3&UJjjH`#m5SAu(B`lon2;_*0-JqC;n8$Y6tc?kRU^~4<z^fHIceTH_lP4Fxo*eU
zW_!!HCI*{{tchqve8|5V#Y%ULmV-F7de8W{!H8hoqSCOmy9G3E-K2+Et+N@<Rg?K7
z+~5|_{Fv*wZrNSFSzk0$8t2;e2qTq9U1$T^gPtIvOfN$kJ<_Jg`m-(Vaq16jqNY{3
z*-vgNsV3WU1>mV3)~vibiy4MxwX0>atYpwqf!OBys{dXn=?4dpH$c?sHjt*eq-OY<
z<upHwq4s?gaLx?Ssf09&3=2l;0RTU^w8q}(>P_~iz+F_}KQr;rT}&2AzB@TXSe-4b
zcu|vyDwNq17W<Rig_E|%>58KaY^lkwbvL_Pq6`scTcsG88*XVf0UwOj{8QtpBjF8K
z<gK|7vs-~p%S4nJ4d8OeoJ@IgFy#r@wX`6=xLzn%48*AQd7reW<ih6N3RFU{!JZlM
z-r7)Glw4WyVapxIte7nzMZex8k4iH<8!7HqhY~<_)1^Y6+u^qdLhq^lR5sS4Y>wet
zdJi~^Vovr;h8(VLu5q1wy}7wI)`VAguPvIl*MzOdva~-{I2~06xpirDFYVaYk)nak
z4;F&lf@`9~crRu4xOb^j)KWI{9;D!eN8d=@hz69I)Nc%22)7B>BVS*!0WYPA<;Zi=
z(ONHZ9@d}Vh$4MA*0?ca+T^oEZ@_e;VXR!a!}V4v9`7hU1uN4VYG{3iZ}5GF@!gVl
zE&DWSRvvvXBkO9|5%}RcNxSP@`r%Z%8z2)fCO$qd9~A2xH+*&de|#{$J%fI>y^ipG
zje2-zb$-~dUUUy;uy1#E4iA38+fm}PjQTpGdl;kq3afkXewY6N`$p*bT9i4nvoy@R
zdw_d;_g@_F)k`wVw<6Df$nyP8zkmN&f8CiKhW)<c{vI9v+TwnCswwTc#=02!xw*L$
zW%-uvDeTty`P^BK`B{2-J0R!o&hyUY`BuR6{du@~_;oOCT)8;;;q>bKO#S#D4?=Li
zGw<I+)?Zy4?|9$$LO$;_A6q>LKVE%xF@JV>c@JZ(I$hosdw$|rzMXmggO+C(kMFkt
z<`4Yu+%)b_JIk&g%eQUQUC!sqf6>D;3%)<1)}JL_zv%Soe!Tn1i~0e_{XyjU{_w5J
zrvG~XX<_+(r{&#`v7I}B?fz;=%lY}`j(Yl7;@yj(J-yq9T?DW6{ieOYtGVapdQIUq
zjPd0y8A*D62VKAE@ruDtK>MM={SSW69$#KQM>w9>OV|%?8&8NaG?71VgRii!|3TJ=
z!t)c8?z?I5wdFf0%J%~Ic=%vxgcs!`=I2|R=ext}b5HQ;op*No26O#Yw)^ws@~(-P
zyW8f?>+Ytd@s1OA^)>6m>T`sB<i_%V_xL|#AUb#Ye9|`F<#Y`U`!<^#^ptk#@P1R$
z`@Y`5`ldwn^ynYpeyMqX30i;tzR?}duQ-P8w1>Bw`-2*@nTR{z0&ZVf&(8r*tDlvh
zFGSp*0$ur>l^b5;E7{MF?U%LJrJGv9Z-~#Avy_Do-fP;L^MJh_(;DrC15e)~kw5S6
zUy#XnJuimMuwQj7e7HZna*}{RNPqt4h5x_o|1@B~#@xox%Gt=6_W#=p_W$rQwY4?1
z`u}rA`@fy-9BiFz4V+E>cZ&bg;{V~!NwwsL`11$iH{`!%{l5$OUn%}~l)jBS&HuP5
zQqy<bU_to0*7aKm5wSt0u)iLNa%^MQ$hUqr5*Jk%Gv>g?%*RWE7On*{7M(im+1UUl
zlXsXmDo!&W0PEdo>45F{^X^Sw<y57Z6%jGzP)0$R9YI;8+U8+0D6p(xBwSVgsDnaD
zoZPN4@m{!t3aD*UVdbnF(SS<(y_X#Nt5$>m$%V>gB2*Mvj<eWb!2IH@o&MnCn}?%R
zEs6G^(m5^p)UL}xFmsYDhAU~NT!@lZR$<j$#;6UZPBl18Hj5zg{}A?$F``86wr*Ri
zZQHhO8>?;Gwr$(CZQHhOt=8#%zOzqqZ*upoKb871E0t7c)icLC-!W_}l<(;ttKybZ
z-qUm3rY=15slGLB({45B8jMpU2hJeXDF8n%t7?`7`yPZ^`oz5HEI(sEryRf1P^jWB
z4C3brg(A@<mQQ0azuxb|@(?`M>7||p!=Fc%!h~r0)9Q}3_~zmw@%E8BW)znP?M#GW
z=?Ba-X;H<R^cbd%TU3)@oeAmJBBX>sc4%4gTMq>RxHx^o{}6D{p>b|ksVGd6ntLA!
z85SYR$NlCyWP0y$=%W++wZPGwj!+&hgXoMk6KYs5qj>O*aEw_P@=#G{g|w_XP@P0P
z0h2Y!4+Hg5CP0-{Iadco!zOhCh(V}PGw`!x!xg4J6NQgbNTn$j7g1GBirb-3RMc%S
zj=1wrCSKB`-XAf#pNjeSy)tKX!G!k9Yjut4;e#cfe~@=|$PPUlF+&&peLE!Z!68#{
zV~`?Mkfz7s8##cDeLs99eA{J)I`}J1h_E9qMsTNx|1c_nKE#6%175gJkFEO*LO<k|
z06#|F1&K5zP0GXi<y4%e6_JULsdbq9Ey50!_-ggQC_Q3y<A8_|M_1yL6co5V7CYpG
zDnn+EKh~>{4kzm4h6K%H=ckR(1v3&JR{J%7Hm5z1-h~B@@IL3FrUjyRp&JFnIJyHn
zNRCc?wDN7~haYfMCdPlyj2`qRss+S;EOzS&%L@C=HOLJek?(t`+dq2KS{O(SW1?Uu
zw1tr1=7K<`&nN|C&yo(!ab*wR4FfLlsS!oW0B(Z{E^Tr~#+wNa1r&<$){{0&5K50t
zCV)I$BEgQ4OL%$<PeA|ci#t}I6E$vHnXQM|O=cDWZdypTqYeJXQ*h_7<OL-bbq160
z!ki{dzh2+nYk;j4Jy5B~4PiDA<hK)SZx?YC%pe1?&W;S&$n=t(0A`a_GbzOJ%HB!X
zh5UVIE&jRfbw&W2?ZxgDXo=>1do*OFfWsTXRxp_SqjLH@E<v#fhv+@h42sLo)fYzF
z9#{2b%>@2uyD52QKAT&+`rmYfPd82Sxi9&X;e6_FOBV2s{wFD(5f<q5C>Ns}GX|Ho
zN-Md;h~0TVVegv5DR)Nu&XKd~$%RY$F}aYfu(tJ*O+?O5ibmRIgW_aVcW;Kym4Kon
zUFAbcBszHmh30Wr`Qb^olKVHF12q92h1J+N4#c*7y-;pGWwZ;+>_tRH@4iFkm%e89
z^-IfmK{|$zeq6gK$tfc>qz!7c6`K}$Vu9BH8f6W#N=5b4wxBb)OtocNf%jCpU*%(2
zZf3)hicE7V;@mFsQ!0S#J^o`fqs&KMh=_b$uxOkqi^p1txOQN5kk*<Hv17eraD~w{
zvwRX-34wT-a9ci#SCVCsXcsq{Qo{rpq!j-R5a35(uFr!8%(tTD-27P3se5gvE+lrx
z#uwHuZoW=|wiCmb6I+1Fv}p^nb_Tm)W%$iEKa<>WsmVb9)vQ?8Y)}7(Da2i8_@SDY
zd(eYSNBTL?q~ShpL-QT;D5Ax*=eA2AA9?n2>b>Dv_R^K66qO3xvZ4W9aB#VCe8tVV
zEBg0A!|Le%*6`yp+X2V6psWa2!3w3c^Zu|o)iZ0x_M#z+omnrodIq9~Yp4Ks*Z{@F
z)A{?(aJM|HJZ2WK+V?k%T8-1>AD6?==(qeVPx>E7w@&Q%<s5kx5u`R755s3SaeyQ9
zf!&=j!pThubI&%pkN#S*5<a{@jmkSu8mgoLY|o(O_iog7ZG&4!hzyT9E|Zzo0`3}_
zSPUB~^uK?P=hox+bL@}ntOZii_o*fv5>IjA<o$g}jVdV>hplEtSV3<Z^rRHyZQnNr
zhGFP6??1qn9n<F}l2#lI<0m(8?CV1<?yG*PoQrIxp2|3(jum$Wyt>+}()LEbS3U|2
zy*ErKTi3jX@!w#hSr6Vha-z;}+1?g|qJ0jjfNHF#*R>N>wSD&qWqkgQQZ;WJCB%No
zq21H)Uw48SHRn_g8|>0;iO8UW%vGF8nfScg9{7;q-Znn@?5=Ob-(|qe^~CY;2+7m!
zB>S7FN!t&D%%`NCZTOS6O;IZCcJTf@JSW;uNHcl8G<EFB{b?MOb(#@5mGa;$I#ZX-
z*0JPB#27@!|2BvGtmKh3iV2Cu2xdhY?Qazr%059D4L|jgH~88ST2d@(qq=yOB??`?
zUN7udn79_Tz$l0!)LA%5grlg+B`tpC)Lrvxsfu62qL^dw56MP^@XvQKN7LSbj27y}
z#yRNPFEOy_{eHMSf7hLyCD;>)SR)g3JJ0UsX37qHW7{gb^x@pcJxg@>2+Q&&(j&3w
zW)pe&5Y1=IQ$=A(4&mc+Qm?DcI_17H>8Q~dei+`h#s?I-n_F_}rj<wehZBFWMxlg^
z7kdeyhF7TS6lg0Q_{_AV7>?8FDY5sYSwx4@a+1^YSU`0iWQw+hu%ssB<!X^mAJngn
zg`z*x4SkRlOxut|35tV+Q5|{Y&f^d*vU<;1bS=0lSW-@D&&~bpR+5c-5F-n_Sqe+C
z3Z??n<#+)P)lOGWaDF~XImc6|m-R*8nOaaCtb`|(yh3=GSnZi@pigvmK@=J%t9hWo
zR{^fF4i)2v*@~iNTBk?at!DQxCTH@-<Ha@*j+&wg>)QSV9zvfEc4~_}tW4Oi?M#!}
z!@H7tyP0~r#tGA4qYSB=jw<67=P<`*%AHDwPZ48Xy>yOM##t=RXQ<!yw-1@Ob&PJv
zIYD|@B@RNHnX%zt{g(vqc8e4IP)alUz;o7ME4BLTRv`?ZF#$9?-kF7ME4Ab6+UTuI
z5=T%Dp0{Fp!a(!4-(P`#vwy#(J|0N*h-iJA<~j#DJa(?j6lPRatOf#+T{uq7x$|Om
zTba5j`}IYXgcB1ah_UJG;Sza^{`0iO$3#zhYyLCYG22@1z~R&I8)y#!opb+kZ=X7e
zWKf5Vs$4ZmpS@7&$N<Aj-bzF5O2?0e<*gcGB?nEiZDkZz_M+fQk(5dI9;Fr?+D7E!
zGL?`sWfcla+PfqT$d*9h18}y5PaPk}=7|VG$5vT2p_~;xxi_!;&Uj7xmxC*mXIv4;
zVc)q!B4RT+Ra$7(J5<_2+<MQTCb`tVN+%6_;@2bQOwE--Q<Q8s-H4f`>^so~mpNF=
z9l~8#E$k?kK7!euXG~PQ2iT13y_lH6R{0R=+0JSW<Efi6$(uxB!JYZqz|rCxh;bXa
zT9?|>&2rN-8Ikbn8Mc;grfjHq2E4hSc>j&J|6$K%V@^baKL7v>xc@)wX=nZ)_FPui
zcHC@3@qVrCdow=7NtbNsv>r9*6q0J1R##UP;V{owucv@Yh?56N%{yx2dcWm)1<E7m
zm?^m)lzr4&1hMPA<v^2er5Z`DaV~MR?@^~VG9D^#Tk=Ssyp2jLb*5BSn55J!9#)J9
zu30hnUb>FRp~a(Y)>=L|emwQH7ZcVp@`u;Y`J=;BkRYn6$pLpZRZ%15xN<#nta{QB
z)Sx$h8X#TUS<H0gWCC-30Fj+B*3Rf$Y?7&QE?6|IWfc{qK5!<JEaAhXB%;An=UqZ{
zqtcDoaj@$#_)_z%MWdXO5EUa%MUm%QeW5V}%51xg4fjl0eINMCp5C<)#bZtkYEENw
z1S!OqOs1G$AK!iaL{9^nDd+9Tm(k@2p`5|P#9Z0uG&JpR@mYeal!-XhR74ICL>Si7
z!=HWBW>XK!)y62?))2@o2L~|zt&cEKmR1CS(HuXCG{ocX9INXlG?ARo5|@O(*;vW^
zpyQIo?dza9NFgGKb1(VFTk@2=G6RuLG~-n+zx3HU!Xe*WpM#>BC2C!}2+okG%x5R~
zM}6vERk6G;skx@OZeHMcMxO{ujk=ECfgM+r?!uE2S518&iLtO_fI|dSO+f^ur6tN9
zckcdNB`eIxiNPC7meBw7-sp++M$Fs(8#XfjEPCXY^!|8RSt}as%Pb+xZf$gP-w82y
zS6VDFXb3wL5*F`KgWZd)z&DCaAt7vDcxd%d0NP!i9x`;1U6PX!_XUjY%gt>aA&wxV
zkOC58X!RbMtF#cd(#K0Nigw7E`CNN{_Kq8OXwkLmfiMSFVtd$3FhGz2mTa-jl?j5(
zz>5hZHbFej_lx};X5fwU0=y2;L*$7RQ&z+Q1s3e%CLwEnQ=gdtZ{sH75h5kzG%#$b
zzV*uu@wwz^<)%Coe_%`?6ollk4DArZK73D^-F?;GAo1*$Z7oz}9<Fv!>h107^_N1Q
zZAj-?)??y`*-poqb9SVO>^U%>Ij$s_-H~1kj*`)%5Mj4u5bGJf>@XWV#0B>1fM-wH
zB&G<WLKn>#+cD%0=kGu`d?O+H7vM`jurKH1yjq%(qDgPXnTG=#=Mijc3A=LT-8d`=
zf{6s4JQiPA%l->QvwIEDwP6n?&DJ8#2E#zQqZ7|S#v_q7;2Ry3L6&yvZj+eTM$S9d
z=uTlx)rQaruX@ABeOmFJ<A!Q}Nwk{^?Q8FBj2i%lH+=OVE&eC;P)$tCIKx}IpD6~_
z4baICrJ2@QCDO2S;h9Q1vZ;0H_(929j(<UE^D<PCH8aL({OpNfyQEcz<q8lB6dYC0
z)ssm>SGAR&#}GZzj+}aVZQS}+%l1JdxxGuf47=?~V`*8GRrBde$YgjcC0UCccJ%no
zi;S45vWe0bV_A=|vY`$wD%-kWGyRkg?O#vY09PYd=aO}8mY7s_-~_NX&1<1S2cCp5
z8;uG_;hwy2swBX(;vGQQ{*w-)&{Xj_r3#RIxSHQJA@(SMevlF1AD#mix-<^ZJDtu#
zralV`tsV2Hx+pp`Wq{W-L#Z1}3M~zo*Ti)rDo!>}y*xgb&DdeFce~n3j%>+bne;q6
zSNyd1Pk)*|005djVnorp85c5Hijt7z03bqfXc`e1b@^QXb_T1e_yL@3f9<{I2iOGe
zwc<%dE&~Q90FBJQ?Mi7lsvb6<V~pV58T``S!N^1}$UUnOZc~tg)?*b74HORaTcYEP
z7Dy$eqBJR1V}Bl?mx00*P9gzvCQXPZ9lFz7OBs^<`}0he8qR1PqZ3`C^g>GXNy#k3
zPN1?ckA>`xhLz?&U5G&d(WW6Yv0*<uBpmOEXWVW~5;Ndk?$VC2pu+B0q`0cFxh(hU
zq`V!kehccI9DOz!IQWCk$A6aW4a4ES(UK!&_S>*6<fWPaLQ;aIFNC>Gn_?l<4olH-
zP~)CCPc%ActeUqpxNk5y$*qko3z?HutR94lrmYz~6pNgW29##B)Z;G&n@L}<mD?oS
z6lYFUG^04T%JQ9EERFvmmz&mg#i>AG_kJaGyZ?+4Suo#OO3RB%F1k*OB3HPjQ^e08
z0RJJO+Qt^KC0DNF`?LALp&zQ1`YaS`%7r?j+N^vvtxjE@?bCv!msuIm5UV-Zy?RDD
zc-g<UvCym}&z%sy{`(>^ZtKrO=$OdhvW@6{6+a%OJ>=McmNS&+ZL*~Gw3PnJVjNH6
ze_SSkNfYg0aT8LfZ?|tgPcm6>IpMJG(dgepG7B_J59owNOnZckXNbTX>_G{IQJN%6
z^F6=}>r8)Y_2dfmDRY+2dsA_#isnZy1~&S$gU4W-HI>PH$t7|Mg5*-FAz-6q<nrai
zT4r{DX?J7iA*>tGlbt4U#S7pU`u}-`G7HC&luRqv&bfM`k+fUVPr_4yWr7kusS}v#
zO|#ghOjhmGEIOU(NAbhb|5)wzdC#;(Se1swKr`EefztZ`l5xzh^e&8Yo1yKkV=?Qq
z(0ihG7K8^{mGplj^Ekbu-z<#uaup%yIxa*$lVkuq#*y7OZgU)C&UYx=4}8-2Jc}o}
zXHztR3Z=rnqf@wx0p&UKptmEJ!>k_5No?Z_6L^->ah@8R!LWcfd2siw<}E)+eeJyx
zqUjdKI3&|Q%-w*$xmmVxYFdA0ZIp1y$DsN7yf|Z$V}$L+YAp+-PUB)MRmclo$(h<}
zN6l@1E73=!I;VO<ipU)A+pLU0Gz?$uLpr}PBJtf8SK3{;{Kb#f@(@3`#lmXZ)_6=n
zF%skkK&EIT4+0nep%(U#EHiarr>_c*5@G9!79Kuc{n+jIAOTtF&4S#Xa6#94?+iZQ
zTG1E9C!^>m64LvKzGuCHW{`bS<XGm9EN<=bZ4k#LQLLYJW1C{&=7$trlTptLh0MFp
z3E<WJ(WDXAgfb}k(28q$YcZ0;Uioargawglp#zU;Lz)<1087{0JmFN5svGWa8^hk7
zHbuMV1-FCJeALOx4uaJYa;n06MKz0ZehL}Eu51O#L`y*2RvpB3G%3X^sD2?Nc$55;
z0FEZZV%uZ|rsT?h`$PJjnGjJ`JapVGo4<ShnP0#><Eh*PZ8nG9T|K#C?D=!v{PEE~
z1h2(LyN5uuu5t6Wi)X=MP;!XKd}f?y+Pi-@YjC)$85sA}6a9QhUSj%LSS$WX<>#aE
z*e#Hw2t*gi1!o4^dI_Bl>~zaG&g)k5SvDn_0yqs3&lAl3IZ18DqAUK&=%AoKI)*cH
zT*I0xMvKC^YEd;7^&F)3HSv|9_Q{?zU6cuC^bJWRvpyei_H#R#rc&WA=Y&j2SUYX&
z^q&8M*`6}H`}c9nmrJAma$lL9H2Z!3xafnm<rsd~LWlRBvsT=qy?ZuMnbJe5T>iDA
zGY<V4JGy^vc%T09^_Q~yE0*ZVflp8uW?E<3uD(rnOL+_ZdLe)EF#YE+Y5nfXo*Njg
zH(OEapJ^u=xT!S^m?z6=Z*9%d3?)9QOuX`%B<6>DuHC93EsU3^;LYc#_iOS1AgC@N
zv^@tBCqZf9ij9!#=XDU62qsdt7&`1A@SM(sAffydLYKuLBp7`|;7=pr?E3@VH4DE1
z{-l|m?GRW?(G9nsx|XZik=rSQ%2iT29sJPk(j(sPFkNqVWH3a)UY$+olZtQguP{zy
zMbO&)r#<ovht!KOr}KKU^CU0@bdPIbjm!6u`gbP`Wh`m#_As_lTjxg+abAM^1f+2{
zww#<AOt7v@si98mmd!i<-S#Uut9l}%!;iFHs<}oid;NLyi!Th$TQk-0PvHZR+|MPZ
z)eV9c{_c}{)$_6$+tl0s9hEC|5}7u%JF?|P+zrRBvb8E$GWM~n971>9YTT^Y57>VL
z`mYlFzvbZnI{)YRpTuE9TWdRWD`SWMm$t0W;q4X*4FF*EJC^46F8^QJ^8X!fXXR{a
zZu1}3zt*s}#bQJJzR?wc0L^Gh*pl+>77758&~7!=qGLsD&4q<8)0W)uaBU}PPgy4Y
z`N~NrXzy&;y7cDj3!|ao$VxRe!JRqz)Y@jpveLJFw(ea=KV265(z|Y9&Gk^Z$WvJc
zJB-M-X%)4uvUFnS;!{Iw;cBz!{Btpkru)fbqo8J8uY4h+P33cv%(T<ysYF{J+VXW2
z-GGJSlB~A#QbS)+SFG^X*8DosT%vp#xNx!gx=Z85z7*oJtfH@R1<i${oUhqTs`9TT
z$l-0F46l}!cDJWjITK3qZ>jL8Hbl0syN^zWr_v_u2u*9%X+zyKM~@j=!Js>LUv90p
zyQt>wlfLP;l(XrE-sb8c>+@CaXYxPwPDQ?06X&bnJkwqC6*8{p0ahF*huOr96N0ps
zpybzNRqbut%9X^)gIzn2@sHwHKv}=F>c!}_>nK{Do-V&$ANp#0&cClSpBq?J+w5g0
zLXeP{HtU^~=+r6VGAkc54OBEVt={7C?Fia#RLaWTwHwtPZ=a4UU8AV>100(jH*BXO
zP1jn=x;OAJzqV81LUB@smI?K>12NqPPrM#bITX_+1!lKVOcJ42ppSYHyk{&0>zKfe
z)|z<YrfzkW&i>vztR`}qNMM{eE_X-QF$74U@7dRv2`$YX{Wa-Xy=#Ooxn16mwUg^w
z*s6eyaRUqi^=~1(AP6nx&#Kd?k#atzG<a%un^E|i=5kW`sbShV+3!MFPl5kPbDj)d
zF0QH;hqHG`!D$nLQ^);lXROdD^)Ar7Yt_tIg!TF#%4HhQY0HeZD$4Q^)FnGf3ZO;g
zEQXGQcg<I;&5}peyObAP-4kKk-JHf&Vo)L_t*xUQ>Y8l0@(8gxkK)^UH5c1e7S+)f
zO7xA*z4j|$%aAY4XtJUKD3yWaN?W`eS!4Q=>=Unaa|C?l{(WMj{rHq5nN?a=Xz2FH
zM}LDZ?_oWss*&ZW(C~TMA7IoeU)^0vd5rWumBlOrqwp7B+LWFGKt&Mob^w*DV_i>c
z^^;7tXWT~&>-trvQ|U~lTu=%VN3d4_%b>wh*UYO#ax;vHfq5aHq#8DR*(FITMA|N?
z)z0ur<_k77DGN?62IpfkV$vUT@6Y9RIJTp2xjB5?7SIn12Mm#{NQrDHy`+c2E;mAr
z&2|X>OC3|;1^2gz)A-Xsb3!tC;L$4sUJM<rJLJ-LE<59ouZ+u!#7N6hAc)8NOlavB
zXLOfQA)xSj1Z%`+*;N38T(faAUOM9>nwT?R`s5aDtPUJ9srQ;^QK}FH^FU4VO(7*G
zY`r#WhBUu>xOUs{FQFJg$JvRIdXJBEL!nua&k_7-&V{NWZ%9BQBfPW_;3fP<ulA7A
zoJ(`lT7{qGQu6SmtYCt;G=f_FW}l8+XcVWY(qZTr+6*<NOQWT$xxdRuZmb>woNU=N
z*&r(Ea#NngWPdL!#f$V|$XD?Rp^djrjvCg^a4-S+d_OR*$(LhDK7}4p71(6&cEZjT
zfSFuLUc53R5xxUWT+q3W#}yypc}W7hRjegO8yRw-1su7rR1qv*8(7>M%wAHx8_>cb
zN<_P?9ZV$y2@1luW%njXe!sL?095Hp1B%gs9B-_NvItw61s%L&=mMPsg~9~>4IUIZ
zEBg%zS29Rs4ERl)Xu$xOH{2|Ms?Bg5f)U2RLLBKID4v4wept%*v>ur|nuj}58LsAX
z+6ZUefS)%gN}}%?&oO{U>#S3PS4dRaV`*6$`;Z#Uz=a;naAmnq;!<*29(+Jt`7lr(
z>d!}C-zl?^uNp$C5{qJpn^h^b=_4tN3$&kRlgJ5vl^qoEF(ZQDEV;)<tYo98r*~M2
zwFlHpEe|@XQF3C3i^UHBBc-h`4jKWAEX0XLmUY0D`xK)M?+?rDr!qRlbTW47u9|Y9
zp#)zI(tL>$<Ws0BPx1==z3n05cj?(snGKm}JZ?<_fC&g5lT7$|+}cZG^&7*fPr>;}
zaQ&qYr`RWd3ed9}R$sd|y>pt}Kl1YyfomYdrN2yR>Uy44It%90z`!{6VEYi=Xac<$
zro{!ySQ8*`*;G6j!xr@H6w^=o0hT@E#wpukyjlcgP!+FT>G?eSa39*iHH#da4A9Q!
zVOV$7r0EbKs4E;wAUdK>{6>*gUIjBGu)$s9%z1t)J4;v-PP>MICyJq`IG9rs4~?wt
zgD*50ZERau;{2?CKZ%c7RPmR_k#)k^z4*&%6UM&YRf{<Cu09m#W$hs#2f{MC6fP;5
zH+B)Symv)dSjSR!ioXf3j3!!*&f}UF*qOsO)c|&<Ixxn&R$0368TJ~86a4Rc(#_Ti
zMSZ`P^9Cs|=?l1S;j9T*6L~AEW*x*D#7%hp=4zK-Q*CX0e}8Wto?kDB0X=Rk?=L6Y
z&)3hXmA^hnm6xryKGMj(fA79aGczw;TW{4;ceUp;Uc=9Qv6n%$04u=AG8+z%4g5+o
z4Ih-OBFkBnc8SC+C!*6z?YYzmyo_T}YarKHTV{H?Ew6i`Ws9|7iQwO7khMmMK&b$p
zmXsPCu84N{)N=Eyy;<EUi(vw4-%F})rKda^*X1YVkE0L4{6}PWGx_dNJ#LA|-e-hi
zHH($nabrHq@xE_of5vkU>f-r&CBMB)IWcpZl><?x4KA{VlYVC~F&zq~%~1k71M1dg
zxZTvbX!t*OTSP7a@PZ6ARb}aZGlSW^b^)P8GB=`dN-Hco0hPw%DB8|O5+5Z^5P!qv
zK0UWTse&9PGev)N&zf7EV-r57Hr)}^Hu$2G&9t@a1#v(3iX3M1x39cX<o00;zy4y&
z`0VL*nCORM^L@NpVXPJvt6}L(n*jN>5X5ND7{*(LFB>T@(1eXTh0o<HskF?FHvAAJ
zV8ky-hcHStQsRHe`n%c4^vo#;nT6@1aPhC1*2dxCP3AxL!yWEPk+U^pYHz^^k#!6*
z0KFI02jtY!UcvH*V@t<Z_U{6i4>?Vl?t5(w=^<*L92^IgUF@Cu8<Yl0SqABmY2du$
zsK%TzD|{eS$^pqS<&Kpv3fQmd0fPII-E-SS*>8||GYq>6CnD0JI}2lgGC~+m&#{=h
z=bc;yN`nL^9%19#jWx}W+Wi*9kiIbuK>iZD)5@_K$8T8$r~IXs8w-zS6w$$ZwHQlw
zzb9vEz&D-j2|IjHr5#<oW~i>NlrP?^6R;^{B9l94C@9D$t7kShK9D;`24dHDM&DHl
zndi5@)<#rSb3HNsm$!7e3Y4b8Ycw3nU1)ysXg`lByI0P%s(jriodqV(f%c$PkhICL
zPd%e=_MN~a`B(qR3Z-Pw5Hs;{ZN!dVJeHy~(RfHL1X{%o4L_>q079@lw~hkj%?W%r
zk&76A{kVQN-_6)P+(%Xm$e8xcTO0^YD5ZluH(?_2EY%R4YeLdd<IxJ=lPLMN=u#nR
zxv>uT)aoCnvi2AHAKqj>ISE!pz#2ntQuI4!i4l2j<Rub|)5l}>rnXl<ZaSUB(6eO4
ziW(RVs^L;wNR}l_r3_e+I6EF<A`yya65N1yK!51&L_ILby*C`!;M;h(69FadB-OrJ
z?h^O0n-n)|YJ!N*@o$um#46)fotqIP#kJ(ByTYJ8KDiU&oXJ`*eJ&=+*onz>b3w7Q
zsPEHaMo0#G{)&Y*-akf^$wS2{kvz-?LbuQ=^M%3WKB4@zMFtAtpV1HTx^WQgoKe@j
z4Fc0KQE3W!p^zpNR^TYXvjy>ClOFf!#r;TVQZSwlV>1N7$25dEcGye#;VPMY+0d3m
zbbX={v4n^Tj}Exdy0A|9QD!IORavC-X&vOOPs%^{ff04*mNr>Ww8dgWU4CyT@GdRc
zR6gS@VFb`p!B)&~k%kYy9%b&R41DJLRc;b%drAnF6aC`bYdtUn6L5hqS?E?QN`Gi8
z0&U7+|2DVY&}y#+Ta9&UUKGK_I^4b7vm~dUZiTM^uy({~v$71Yh?nPbayrl)<=%<*
zMU+e%!3kvR=l*qG-q{q?${-VJchZ(#N=Q%X%4R-p`Ztds<_VkH&+gos_zzwex$LQ6
zFD%=KeWDQVGe*G%(DB(n;UaLY(30+28aKy8bW}av=5UcpkeKbeDN5M;VNTx3+So{%
zHnDw^lVtgC3A8+;TZ$1;^L%0!IjImwthbZXP*@VzX8YRtm5C6r!FI}f5Fl{9Ezay1
zCKB^cX$W&z)=pVW_MMQ2BsqRz=ra|rVO+{lX03699dnIxq5I`%;}5`pFNpqAvEXM0
zf06+P00{rRr2L;&G<J5nCdT?s&JM<o|EF}JB4fMA58wTv7B%1xY^|l()^w3CBZH!l
zKxtnFFSs&->kHxO+T1A{F8{;Dq|*usL6{s1-1F<z=FarEGeru$KSExrs4^&$d1^+D
zJ&>#@5<N>}GyqvvB$SvUhzilp7;PtjKJfQEx;$c`|IEy3E3{9zM9A;4BjhF%G!S(f
zvyoufZf$|E3|mWGy{>|VLa>4ngz-<aC=o;8G8l*!H7#8A=F*sgb8<nExEd6Ad0gFr
zqDH!cy;GPS4~E#H2#C9g2sv=i$O4D8+yMO`%Zj9u<6uFhV_F4i5wQE2CBz2^tJXR-
z#FZ%LJ?M;HUV7I29y3IfINu)w{@SrJ%<8B>f3ZJYwJMoPgqazVT*e{W7~ltJp~_~t
zZ~e}1V8NC!v~&Hd0Q}}^6ciTdmfOA!aTYQnUEG|UoG>?mc><R0LE30B#j>_i#F)^n
zw8_AweHada1yIJD@N|Do@gW*iQ<eb2)B$so$JH8k+{p7;>IqbZiTkYzuL1Lo?bPDi
zgnRo#o;;B8ZQF4Nve^S3#mf^~8kV{X$<<tZSWpSK;rS_6P*kKE=Qbo!=MWsP9^0c!
zR?JpD&&LMeDMLDqs*$IwL#4e;CBXTM`o$bTD1RMi5>4r256m#-OcsrLie5X<@*M34
zki`o<!0z8aDI*f!24#}E(uG%3KX7V1{k9_G*Hm2%?N`bN;7m|XWzB-4CN_{8k-})n
zv|+kf!TH{d%V0_dz9w$>xjuFviNf2E(1$d2cp!6z#bP81?jzBv9`Z)t&zaUtZj(-6
zWTd7xGGNV+d(gc3ly~8GVQS6EQNy+w7if8D0cc3Df)Qkdys=TOMJ|yX&i9#eyjFaD
zQ$#U3IEs3c$hZ3*oo;nC6&>eSvVC;%U|XMb#MDj?;lS%qog;-ym}p>g!0efFhZ_%R
zglR1%(LwIRX#wsWsI&4}4Kc5MxKZ!D7`q<^o3eVcXKYG?<SJ+IcI65*aSd&wO&_Hi
zL`%8+jqn=1@vdx!WKlQ2q}|flU-&e__z>qBAB7<)UMp!p5_>CmUteJ=)5YiY78dwK
z7Z$r}?qW#Rr5+7hvSMEwuw_zjzZu4Bzk$Z#h`v9tUp-Gadf<8h|DTgmck-uWj0*sO
zX&L~4{C}8~M#heY4(4`FwhsSCVeqze-4spPbN!0o%z#TljA$U<w7;5unn1j!r-{T&
zkla`#lL;giCjbLv1;|iv_}qQvy#(a<8Io|BHE}T6U{!FgyjZE$eANyOJ*gP0^hzl`
zSvRQ<i(J4?Lv!zuKJ+Y37gI4xsEUYOmr0^AY#fVJQNG5;&1m%U)+C<HoWS1g{rTIG
z=EHi4>6lRx(vw^gHreKeHQTv%T2ircoH#h>{>du)$O65ht=M}*t&3A*ObD)&Ge+Rl
zuQTYDlcW+a&8CuIN;+|3qBKHJqjZvKfVxPxNE{iVnW4MRuvyf>;4a{Mf|YSgnM)RF
zgh~(<6CSbF_f}a{anSA`zf0=)CgqHza>v&;!#v$8(Zbxwok_M<J|qi5QIj*abk|E~
zfkgd_J?YaA?pCUq4M5z=2vg|#VvC<NK8T+LS=6-&>RbM^66T5kA@rZ|jqcVO^as?@
z2`XAnw>c2dXZs>#K$Y3HdJZnM5Ph<zjVA$dM#+y}E$YMSDCZ?O13pK0#q|6F_VL2z
z=kRh^V0Z|Ay<oQXsrG{12yUp=23aX`&gwTk^SHz+<5ZLATCh#s5jNAzqW}Cwj!0)t
z?kuB<fRxmaRjkmt_}d-Rh~R6~`@n;Q-pC(Cnnex}CK!)7a|pBrdO;v-_#-CLS|$`#
z{kBJUU&Kt9-FUzEoz|G{UMu(aKEB;=x41n)@jOqg?4B*weDAN<ytvxfZ(+nvo*uA$
zy0PItW@|<R_aXYPa$@oxX}!6+y^KA6+Av>4iI~tcz9%aqdHVtZLrPN*eQcK)z9t(Z
zFCV{;BVz#3PaNn)@zK6gzZjaZ;W(L{8cQ*_+2}k68*TS<OK1O~ece-G{)*&Y;e$MQ
z&<Jzo?VLC<AEv8lr9zI*JYASk9$>4kJ9ydJSueUTGoAF{=&MgXx7sn&XPb+Wk#_A6
zrgwwJwqcfcsg^m<dL^Z^v>xo()h}IqSJ~0_>NmEge!^)-BH)10H6EtkZ(MuD;E|j-
zJr@vb3b(yA`8Zz8r=@gqx_y|hyiqu7MU9vGw<I$-@{AomteCH(tA{!64Cq-%8)Du2
zuV0NjXXWkaQ4sd4g}5>&pH5zqgTToA*iC-De4V(@kilP*_O|R@J(#cHsULNxd;lT8
zk2Cj?WyjMt#KLs_1U9G!fq5^`InTi7wHde@8m2R_K~Z1`vc`q=F|8-gPf9aYy{h%1
zqxGcwL_6!TrswD9a~A9IQRn`Jz<Rd0$B#gN#ZryK26H01`OHmx3VU61&c{}Iy8CMX
zy?}eBzl8Qc@RaRMwRU?0|7Ep@j3PIMrHAbP(z|V}_wp^vmwsDlfP0OE=7zdo9=z+I
zr`)%)aI(x2J81+deVf7=Rd7YdeoJR_pwbjw5%W%~Lp|k=y$=eY71gF-4o7|myN7Mu
z6eVS1V7G$?S%>Dw2@E@c?TAa4ApLira2EjGY_qsCQUi&b9o@E&IsF4~ih3gMRaqn{
z**xfVhMVF*J$Z+aDq_mf%t=<L+Fxyc13t+igS->vJKe|&hRAR`vU9S=T4`t=n}e~A
zH?eBPT_O3y@B9Jv?QZr2t5Ir^W5>Iru`$NPR<B&tP8M(PAeinw1E20Oyv09e!79BJ
zAKdBDz`cwIwsO;13wP#vYE{XPj^8I@N0b+RZNtWTNW<{2sFw5|FNM^>!(4et(!z6E
zGMhqu4*X=OLK(|0<Te%HF3w0Kavk)vcCXjJ#i-HWj=VMbf$7LfQ{1C<;+X<-OgX<z
zQw2zv3IilQk_KnX<gemPlowR4+63LZ6~9S<8?d)c<{T07T4WboaHS$65aePh{F4h4
z(4tJ!SIWleNH&um3Ol4ycb$G2^y<~S+F#EbXoh}-9)XZmu2Xdaz)EP))*TC&CuR6$
zK-pDs0Tx88VU+C{{Ioqc@$D|$Akil1Afpw8tvLQ=2UZQe&kjTRs<7}9&9b!dA1p_Z
zM`kd+SDz5Bh9n}8R+pU8CSgN^*W>;1!jGri_fzhWZpyU1-u(Tjan?$6=&C{1Lfv@O
z+_Y_4o32(V+t`k1^G%5>#o1v}nee!c&OtgPt&yQGZi+(-#1HwMuQ#XD?Cn26W_d6Z
zgtiS{ndyIx%5G$#7uk5e$!NmdMmRw+d&ZUEc_0|-oHMD<BCL#&h)O(8y}LL_S5tj^
zgD#Qo9CYWgfEIED<MFGv66R3p3S=UbJ(0R)<XQh2U<zfv{mDxNy*dUf(gtdcj)Ozx
z-_L`ryJ80?@QwOJ_=a<%OkfdzYGvQo-jf}}_eU*k*my4WnD?~zc!4tc_w3EJ8tH~H
zZ4+%*rae4I3j@#rEbrt6U?FZ5zsi6=dEcbalC$j>_fNDWqQEd=nljWJ6nJz`=Qz?Q
z0II-41i=b<kq@vCsjm={7wAOJv}dbowa&(*atcunxmkD%+5!q2erUv9;uI0WJ)=m%
z`H~3SDCm9<J^u0eu=IIX?(DVp`dvXi>j_10h#9QBF>DcC{ZH-2c!@A`QE%Um9MT>I
z=*@CgezKi&kz>*a0-q!M*m@SNh7K4087eJ$-ZA;MXe-IKKK>Qn5ola$9VhxrO8z`h
zWRdXrYW2a}H$%<-8SjnP-6Qb#`a?)1={Zztn7wVP3mt#sl#(i<Q(|B;J^O~u8BCdk
zu*aG*$r*OrIz+=$sXH^qtLWkQ-opXPBb9AMf2rXQ($&<eE@<v~sz>5zG->RmOpguo
zdj||%b79wb33*uGLsDEk_5Q=E5~bUCqcSVx)9nCm2*sRj2Vl758KiC0n<;?qKF4^O
zHNuZ)BL2G{{6GnS8TF|!7;sDcux55Z>~d=95C6;4quT5{pK-z|p&Fnu;(C!i$_L`2
zwkxbI<rvGmEQka=i)dfaui2%XglQ6!bgxSs5TTJ$TNzM|s+>%11iOv@$x+H-X%uTx
zv&%0`Z07TIESCB8jx1MEbvl(#lxpP?2QtJ|bFV+wN?}OKYJ*kXVL3h|`9JTc=3-zw
zls}tf4CuGe8$&3x;s7kHOVq=O0-bm}Q1g@ayNSJSf^Ut?XU1aHOn&78Yd5?(^NSJ<
z9aE}LOh+HBvYc{c%jI>YtnY_4x2uo%i564p;uV>3L$TM>Re|$g5)&OU3s3;+@wr{F
z-Sj7G-TJLIwfLYn;SLXP8m-_@B>0A$#0H$qCbDO<<yBq*O!pQTYd{GH;8hK05&QZW
z;!@F$bZPmO18JTA`*#5t2iRy=%Isc3vEHKg9s*5d+|(!46{cpEN0=0V7&4j@sz?KD
zbc2FuT|a(D7`N$=IPC^xS5E=Tp<m7n4*rzL$Ayj$jKE>C5@dn3dtikte2Fj~GE{K=
zAj<s1l;(rSKkh)<mIXN=+H*dKTxpbVI%Y^)1Ia|67UHT<QLz-?n|;-=a28GuA|N|6
z(3JvLYp-tE<Y|)pcOIfj1yK;fxx~=9xzNxTBPVP@D>OJCvA6|{9B!kn`ay-*deoRN
zeDKCAt}ET_sOIx6@s1os+cu*=8)x=eKF4bT!G}N3xm^_yJ;6M48R{09K!~yu!iKd+
zAxvOqK_;Ev)S4NrhQu}4jHAVVjT5`geac+nHXt}ysrf7e`RUjG!RJE&^)!-`)Zx=U
zpd-nc#6^-0gKWCpt5|r92>88RWLJ4!v56kOF_fkkQ3;`5kr*bq${$P;d2(w6jaqr^
zOOY^rT-3d<7@^OY9|GG=C0_KhrnPb7J9c+%gEttMs^p5+o94Aj8x9YFQP*keg%r@Z
zB%Db^4a-7#Uvt2Ukv9v%Z@oMd@RQy$nd=JqS!<WfW!^_PiPOi~Dm)4pKME**IL0br
zV(PI?IJz>-^qo=4Cwv-){Ev1U+ac=u5hsy5U>oUYWGG<y%7-=K3S21|N6E1jaM$7l
z1C2QY2WAUlSffCkdSUO%cIwT<(-lD3?k?`9CotO%kn<mB$sjxP$BwmpJ2ieI#g-+C
zF87!XmVcNHlKOF90RAf`B$}o$s8a^JY)l5ex7j<+q>{}2ZWw9^9p4>m^@oLNKKsUT
z8|G+&RQ%n-GG$PIZl#a<jXx-{@m68&k_(Eff#1>!dueI2HDy}}?R`WRd*X3?-IO&f
zs9IpjKqa7V2qoo5ln*f!Ek)Sc1UGm3C?c^*mh(x?0z_F%bTqG#htSzfk5}=uY6EMN
zgdFJn!X!OCI-tz`R`#tGNAPYckt}mdvLw4Bqch)uO;V`|4?M^=GXCZ(0oyqx{P>5X
z93wgM^1niH!grj6rV&%GbHE#$@H2^La6o)h&)v`SCr{Q4umK?|d|}VB8X?qmj6jDm
zY*x(+`=?MJ30XP4S^;v_Ked!lvY+L*->-clsmqi8V84u<i2^mdFt_36Jo_~LgOpES
zBbAJ_I9|61zi;~Ok9Q<1V%fwaKkA|T%``XdUUhR-p%Ghmpl77@xqU`g0H4H>NPOtj
zh>oSB6r+<qktROvZj4;qr=ZP_j($6QK7Q@i|KZ?-8`gQaDKxP@ji3QP4J0#(C$)60
zi_=G($>$^9(F1Fl9;##^N2i9Q2Ous{QSQ=Ta8ZJ)+Zqz1=h72s!Vg?A$?0RmC1=L-
z0)fdYhGeD;zeod_f{shC-C9m#nS+%cl;rGxK4TFc#4s>I`Pw3#<;qDhlI?oECZiF2
zt(BxSJnB#3yaB&Tj`9?VM=LgDGJ72q-DIa|1FZt=1EP)h6edY;tABo5R<U*9Z4<?-
znG5}V`!ulQR6X{SA+z)UbZz*wjl&ao1$Ty>PD{N{h-Rf!RGrU6uLCqdpqDhWgV~A!
zi20X#C<Z6pAn%s$@|?ukb@aA3$=sG0w)L>t{Qb7~nuP^{n9JLmXvo4%zVYwpEPL??
zciFeNMc2KT7Ymy9??NkIzUSLRuw;SPzk*}HE%k9q0akRHRL~ikmd>w&F*eJdl5-be
zcPmkBBzJnK3R%w>)IN<%*x{OY*4+Y_`oWtGB+#t9{#ntmzeL9B`!Z3C3(O>%IN@nS
z7%9xjG#JEVA^5CTKx%;dDht9OCVF5Oy!*O(a{tnsb6hw4Df#VJ8_?`*c1RJLeXB)@
z2|?O?bf{KeT5g8z?7WR>EFTUhcg&pr6^x3~*!vhwUX<W`r92(bFv9TTGrSwxCYjcb
zbjSaN0=ghkWPdR4aCQGutOATd$6m+gvHFx1b~#d79~1nJD202{1{)R3awBDrpZmW5
z*j!8&$T}m;7&#ABNAT`t_g?8tgC_Smcp9ij`}SVzyvU9@*Wk2oieZD(Y&az?uGa%l
zOd*6eIr!5l&?nA(upv;O_OCujYny6bFNd_T$iQ??hH?1Is<3rcI0A_ke)?cFr*@i*
z%UOv=1gP1k!=`TRr{f0BJbv`$rhC)CvDL&8(d$TC@3U-P7(_)6xXLk4jX?DS74u%%
zJXqI${ZAZ;#DFZZfwX4_)#h{S&0`b@h*W*{-Co~!=OT*MjZ+{8S2dE*GmtV(5N0x?
zl_FTb(VHt{*!<J;pFu)LfpHBXqZ{X2XZbc^BC9eB0bQzK*QxbXU0i%kwqt5t&G?qJ
zqJanJL;?A<&HZVeg<y`l(PR?=RJxq@MQtPmpDQTHLIsA-@Ka&)^xD%Jh6up9Xpd*i
zP+|h=S*rR%Gk{^AOo@f-4hxW+xLKfy4+bdDNV_tQ-E42+oIKz!w;a;ZmuT`yKSuw+
z&HhajQuu5rYNWtyuzj17PHXEUe}b-n9b{OEl8rI8S`E6+KA~<1<v#$;ksTYf2?xI)
zwMn;C%i+X|Skq&5Y}nqoptjIaP>=?*X(}-sXRPg;kH7+S1z;DGk2_?Jl@yJPpP|e>
z27~}+3!!vr(*aiV**<V)IWj~UiQ=@2QwH@Jq86MB*mnjZzdg@lQw^iPM@Wo4nS}a{
zO!ruVj9M#8m77LV(9vSARqwme{4jP!#d)1o7IO}1RPkbsxDboULe?q*aT-K6xar%u
z{3axnn=F{7iSC9@MgvdhIp|Lq3#voOFz?&lgL11t@?0TO^6(T`&hXe?dCq;@fT?!P
zYAGDVMQ>AkmL90T!40;jlt7|+QiN}>>@ijK0<o4wY@0O$YoMUn)7THgHhC?5&DUXb
zDAPM-t%f0~myDDr<z<gs@!rrgDuR6&PeayT=d+Pq6V-7i;->8+f=>-3QfI_UV=_52
z&NWO5eP*3kO%R+@%0XdqE{FuW{k|0SoCpUdXx$8K_Q_K&?FwQ8xtEDWVO)EL^>ggN
zn~{a<(X!Ju$y@`&I*N4IQ?P@DSAm4+--;D1#QF4D8IIAy=s6o%+m(~(Yh;w|V`{Rs
z|6Bo^*lLFy>L6k*UTDV_%d0w`UT1q%)vIopTa>DMnUE*k5sjg_aY9e;{A0E%A#dbT
zOu<(Wkp@=skT&=_3suYe9tAN2uX0QUBe&xmp?l=wiCg`EU<k=@>uBiDHWBz7T=?^z
zVM&Y0;`@!|K$P{`h5@rgp{5^!PS=RU$O8hk2TbCzJgK^X)GZCYpQl4nQr*FYnC&tj
zryoRxVYbwgb!e_v?+pqY#*TtaXz%xcNv+5Yj;UXf(MaYD)?SSCry;{{DUQsTk@GqE
zPuYnGan^CRP1l#~1bFY`pxm^${uC=(mk-<!MyKHTc97>8+Fe#}8-$nw#v8qGE<x&m
zZzWn~It!8*mkj3-BCRgB{#)F+#eMEkxFuEMwZUL_RII@2p00ks?@_<{;@MGihNlF?
z4poC_v3-`f+1dwJ){nHt$Z3_0!g6&7G@P0&YyY%+uKw=nsFZ`eK#Z+jn@oSOhQ{A+
zZx(SCg2RD<@qXqNg1CTWCK*AUFf{<0#~d@&CiYW>N`xPew=Tyf7XX@yX>(G=Cw{k)
z7`no{%7Dh~{dl7J!?)BL)9=3|C`@U6v3Z&~d%Gpc(QU&A?C|A>wQNy@+Lk$+J+nk;
z0$IJRM)~Ih26i#jdMnVh;N&mw;=a8NPaNK~yv2s+Bp~Tqb!i)iX1KZoQWsInxzJ)`
znFpk+)eb#d?b+&ylW|jQRuw-%aS_A)i$C8O<@uJpA2(^RT~(KJdI$W0c%ba%1f`Zg
zK5c~4l7acH22Ki*1qqz3zk~Qr*oe6-YyY@8^yK|w3M%)x#GdrC0T(=#%qQpI40ii!
zfZM&Guvrkc7**4BkxIkJ6Uz7Y<86o<m2a*cUluYp>~6Z?#Y3#zW=Ii{3Ug@E?k#pg
zFSrn|1y;iNS?26dY(g%&KS)F9LwB^ZBSLuALHJg1*AbykN+)SW1q2N<uL40{u6Wvn
zpISJ});(Q{KY1c@8K_&*#7keI;?!DDr&*5PH&PyR@f2CoT%qRjB8(jYtSB0}Td}`U
zRuvn?_=KvOs<5SGQb!~F-%c(nO3kh?UGnPpJELwLOXHbV1_m>QPWJtvp$iZ=>Gahh
zl`ft!!cbft%c^-#GZ9v`xXwb3OEBcL0KBn@f&yz)X{XV~!fAdJu%#A}Tqp0qkVyYJ
zFTbf^v#l%?cl89+WnoZ{-f_;+gzDhXoR}<EVI+MXErq>)R<M_N{>`z)FU~N=k`!lH
z#}a*WF{xAxzd4A&s}{hl1hVCRu^myYJk8xoky(hZpia8=rpC;!C<()ptUbiV!fCW3
zFmt6G0t_i;_V6Hq%f=y^P$D=+)e7GAuDz?>uD?Ld--P9x9HYI4K_2mOKjg~_oI%Qv
z6$$2iMO*j*O54aqvI<(=m;}SP9+|f61Z`W$4#Ib(?a`_$G7Jr?zc#`{kquPoBCp+*
zxsv#<?nIdaW_xv35&q40Zp_Sq_S{Y)f+op%Zb*1l@`WmR!~KlYr3xN;uE<O0Bqa*F
z9vsO5L0ZOXqCv>;rx4u^tr@A&<atwPx%3!*H_{VqM&g0za#?SVcBGIXA5D3Ai>x^*
zY0yof5yzToOusD!B<OAYoBAnC><)zT)MuO|HOaQ-f9|kNo<v*#W8R$G36@cNkvJ4g
z<u}lkz4f)B>`h9!gPECMq$$Dh$(;oM0x+`dSTR%CR7fiO=#w9tc)+*aj!RFT3d8x1
zyZiRxCBswj^&ktz%ppyLj(Ax_gMbY7ev93trMuD3-856gG1yYJbEl2sul7~f-(N^(
zl=<7Pq$n1^Py^3wN7dmZCuviGDHf+^<4X+=Lp+G^MNqMhc!77?GEuf5!-zqq^<{4d
zlbR@|wXP`{=|D#|Y}{RVxm225#h}4d_uWhXMyl^$k*q*Hf?kzjhI5O|U}6BFuMo!P
zOQEmMNMb02%bYwsbH}4>PBrU8RiSXq*3k;&u=0><O230R5Je%xctJ}f2ja_!TB)RU
z3Qd1m(VzfXWZw|XO+Z$7eo$&u5_gI?!fOaLYSP^fbTU~m$WCJb!Ymv-*U1nE2RS)C
zR74h1CioG{+Nw6lXL0~P{^lHO3^Sz|CC!Pv((e*R2uhNg__^B1Fzv6krbK?|l3GBf
zgHWs|YZZWJPou=la~AZv*oWajddM1%Cku5343}l)#GtR9`J^bVN9cn`2aUmeBu}n!
zLMU7TY<v~q2t{CO)IEMH<k@5K>cM06&7aK{nvaE`bI?>P5*HWtz{O|F*<0*>(yy~P
z;EOYv6>>eLG?|0vl&k&4%Ba16+ZFc{{9~nkOf0%<%i(XGxg~rIV`0V|F*5EI=mUdB
zOkQ44L+ID+p1|NLB*+^jHaR){{Px~&2w!)wjur7folX<>yoE$1-?E-iy??4cRVhBF
zKWYqt4t-Kw2XD5mfc#pZUNN=nen^OABJG1XdoZ%^;TCQ1k9tc-xnD1G3;cw=*4;-^
z2is6SL;xZ70X%(!?Xn%ByI3o7-YNwR9cSQP-v9nh7;%0H7rIG&*t(5NzoMv5ySvm`
zsT%^uGb|2h3?}V3Vf0ft%Dbmu(Z%Q*E|!gwIthNV&*;p>LElKWY}!bP2A3$?%bAU(
zr!G{yJ>QLBgA%&TKyBcb_1h62M)v@%g-Nj*AQiV9P-mjW3X1f%JF_6%IgWsYUz{-D
zHtpp{-nd^`{PSad51YvEyVJBf5fRWxizlQ%qihE(U>uiGC=OyE^1F=<Lq|8}gU-`v
zqiohaCNoHrhJqSR0%a3ZgyLIhVToCNF#XsYdU=A<>)IA(|5pf1Hq$v`aR*~frv&$|
z;09imo=Gm_gz0lwd>;-=yEcC=CWD?#1AYiJG>6nps}n@v@ZZZ_mI3DoRMolYxXHQQ
zxRtQ)Y~q=Y)ZvfE__Ps!<^Tm?E}wIFYl-A66FE>66vJlxUwpk&duGwLMjP8!RVuda
z<cpJvZQHhO+qP}nwryLd*4gJ=?0vERz`X0v9OE7RZB6V|+SuJHIWG>3$og)0sGkJa
z_m<7TS;sa;Yr|+ngd`4MVxTDw+5Z*v1jtY~F=OiXd@`}cwyb(J&_Ob5(=_pv>O<0A
zkDMYg>MWH<W7lZfPruf3Y-HIq7V`<*+Mv!WcG%xCr9MsAGIkCn1?t*ED<7m?jGcht
z!o4$N#10pfDY*G^%P^%56D1s*dTt|=ko#439B{}v!ljRmr-i>z$+jJJ?(hH31ruQn
zi%BK@i8@e2PUif3;%Ic7sr@y>uphbPT&<-AbZ0boXDn*d@T_4?$XAM*9xmCE&1IW}
zXVJZ78v_34$jV}8<jPBHeb_FwrLJ3zZTI!cWdr9@y{=Vp03BU){^|$UhleaOK`H$W
z+*BHC2x_ysKSN!gyL24LmdEl25MBkWNNb9g;-_pQj`kqTTMtT-WEAV}me=C}t**iC
zQ$AJ47cg*+m4yERK<;s`nKNz2!|<AKJp#Ny{l0Ea=%Bm%eTGm3fg8Kv9|2v4(ek`7
zZxMD$9T#3p{9PYuAxwii4-CTnaX+CfU$w%($#GwT7h3XcJ+ahmU`%)>nMKU2l(|P8
z1fXmtb=Nu%=a(vISjj6MlCur?ea!m3qg-<~7)+?WelHUmJX|ZIC6G+{Qq$ZVr%ox6
zwTi@H;zD0wRbT4aJuS~}48%->LLQxICYIvF3JM|s)GKh~bW>*rT;Ym#L`|o!aUAcp
z(YCK6NI5ZZ@60l#zyhe1C(hHz9@V<nzBAg{lZ8nyXW^4P#M_v((j3zoSc_A)RUwq_
zgnw@rQ0`UcP0p+}GoT8hVjex!bOs02q30>Javq&GCw}ZbR@I_n6;k70N}|dxcM2{8
zrUGk{nw0JvM!x07`OxDF0$_xRdXwi>{9=Zz4t~N=%&JRhvxwup;$?roM6V{sUZho8
z^MpUb*DP<?d9B!*bDeCv-I39(lBUyq4v5ic&c`<(V*S(ZwcRZNwP3TYmfr8-it7Dx
zxC_ZT|Ai>U^SOv-!*gGk-qyuf>wa^Eut-o|e78eF_Idljbj$1T>{4|3*1t4%@Mol3
z*?muCg0YH2Oz_z<^CHf<U)h^?kq~P9B><~S!&hC6=vhEEZt_TYMWpr~3l3DC^<AOU
zTw^*#+|FOUG~NL?C%5EE+l-!CHSh`?$q)byZR)8usNq-y4O}k=)dE%{5Pw0wOUDe@
zYULkycW+29^z<n#EnZfLI|(<%R4|$V)zjkBd=RQFFT%I-ut~vRrAe;2amKMTt2@yo
z9Y86WHfeDl$AfrV6m&luB9VJ|Zyp~*{P(e`Lg6;*FN%#p@jQ8s2MWx3LN$K8bDSTc
zIAM~F{0Rh1Y1jk%fW4eGD5<#8C9Xm4*nvOgG;Mf(AybqWmc@^d)ZokyjtU-9V16I)
zY0uYQob4J|d?qQN69n18)U09kAmsrMy3QxrcJ7!`ar8LtYif$Xo?&ftGZ_4-NylJy
zV+wg@?7k{wcIcvtGf<`AfkGM>6R2i~mIHa>`}-713I-%;h&ZOpVe#RsmtAAmtaph=
zs9MQ7&GIROZC5UPl1bboTYQ=`57T30lrH%z6!2b|_9qDs9*-Rzi(Dn@E|UY%k`eEH
zu=Fa6cYRP^W!awSRTTet@G@1o02;B2dNaQgD9?`}JGOwH@0y;G76Zx+0S4dKm7l>K
zGWF=QQ?o1UoR2gxv+N!U3d}Xg3KgZs;@9TiQY!|zyr@BWt{m{q*nu_U%u^Y!%NdFV
zX<C8!)s`9E4n9tEA$`Oe%CwJKl6=L!Wf|ObX>4xltT#op5uY5<vLzYg61A$paSQEs
zG6}nist))-!<5mF@XOO{aVQ}dti$NA!<X<V>g0HBam-THZ17pR=Y8irQib7>5l1#M
zbx`?bkO$kSG;?Im^i;dc<C+6of(XV*(xHTH?rDF0l_aKTQ2uC>NVHok`z=L9mE=>9
z|6poxi09F`_=#HU1d%D!N6+mBd;5kt>G!hiwtTENO%U#;$#L{O`yq#PL2FiEEQYvA
zc-r)Fm{o@-bfHTaeWogDP7+ph#Cu>eiAu<<)trQ^fsj_GQs(QRhA}!tARFJM&mQVB
z@+TfQNg;bgvAIhlG)WBuS5JQxcZ=;D;KQitUCCDT$yzI-7f1qAjrC87$SKUBJfP{}
zMts7XilS9OyoVZ(husM;(s^b8Or)%*xERi6Ol^5<G0QDOg6gC0uE*H>!z8fer()f@
zr`Q3C#R3e)#0pzN4&jW28fmnL7zQ;R2&CNmfwdE6o6gCHDYswUP7CWdl?6ddz&|%h
zd+)y#t7B;0Q52cV&Lk(>jHfu!wHSdrl^2~}mKUxqyS8t_B{4iYn>)wz5(U(@OS*Z&
zuix({+<`((&Eg^kn^?P(ANB2G1_XL}>KQ~dxXpUm6+aZ~kq&C8v6u*3#<er={18gJ
ze!ue0j(1vm8q@z226;KKVrBn`ee!$n&i~;{?;1a%z9}%pBt9`a;sq9AUoUz*&>}Hb
z8KhYDUlhp0NAbb#$StwM%W2W#J<FLJ;!CJ?X4ekUVMb6ri4Z(!Gj~IGolC&{q^`6o
z5UEH)<6{|C7HY#!mPH+eSdF(;G0sIHnHxl~Vsw-@_0Oga$_OUu1~TB6tfYzylS-wb
zv_jv4Mbmdp#%!JpLn<fcM}h{W$rT!nr<cH`Mb4U03mlVpJe+}fCFBqkItxu!PR@PP
zQ~1kwXpco719MP9JV*$zmhc<J$&+ePF5I<ECvJnZQst3I2>mu1C?jNmY5)q?GP8}W
zmv>zZ6PHkU<~Wxlf(t&;mgC(X9aHLYS$24$=SC1e>#475TBn88nbE>jjRY@ZCvb*=
z#mECL848BB7%<Jen-p1goT5ju`ZInBRla<nAz=PKP@bkvIshIv<e8erPdq?P3Db+3
zbX)`wdVX#uSTyS@pJbjY(NY;K9Owk_WRttuVK<dyU=8R67CMEqrNo(9v@oZ}Qh9*{
zQr;`bHsfR7t0NP*m=?rJcR`Ft5|Ly@_0|N*Kg8U_b=f1ezVRjTGO09JT!JWw7Jkz|
zS5c_n!`RnY`VvQd;DM-E;iC`@>hFjmPBP~~qUs}2$**q+-!~-R>6&`nz9FB+;J!5^
z@|6*M{qflt;Y9S_1E|fq5S5)8R{gu1t4Ta84|5AlVKr8eXW19?-Y*7%6vxqp`GK<T
zK^S~7(s+zc4k@e0&V!FbW13B;vy>3D<}DSU!z>SU($(njUcguF)4>v2$m`|<pKcQp
z!w#EiHo<Qm<sNEP9WXwJ4oxiNarGjK4?x2Q)5*}0gEG(7S(ZJN6X0;c)Vg)FAqC)1
z66o2YdBgJ&y%hX$caA@PtM34zox38cT2#!u5pnc^b~ay=a-P3#Pk4Ur?w~!;ol4g;
z?nH-F!FM)Ak}~U9-MBxUre&qp6y1w@rb25Q{YCd<WKI{r{7xcn^J6?I{5Vmiq_X%z
z1K9P`taB%qoIc?v%FwLVfL}fOqdS8oXr@l=avS=~r5BZwi^%FGsahNM4gd|4=tju5
zaIvbj(x05wr8!FPOI@ingb$fON|O{+3WS7vaXxGlW>(U#l(-#KQIiHSJKj#dpQ@#8
zxLUh}D5j3C!Tq<SSA$E~@}lY&#(gRC#Q6AiI+Bq=0Jf^x04+}p?z-golzmu?6?;N!
z(}Tz(1Xg&H_@^>45zj6ZRjP_?Qjj^4zvl!3?9E`G((SPnUPruSs;Otd2bdxe1Um&c
z{vbZ7OSWAU6f3fD*gec44}@Y2#y+QTLHCIem;{mqdV3?ud|G)*?Qcl;auLxKOB(Ng
z%McN=gZ%Y_SSz5F6E+s-R9WY_VSF{KUCe!`J`!>2NyCcgzEE@ba)Xc&_N-LFkfirH
zRxr}kg%w0c`o9QdxrxP(%iiAA#VUj9gCaLjU(5n7lo-e}Q4pc$$V4l}84fZ9t-z7Z
z+<i+T<;TbYa6G`Ke}+yl!{Up!GwQ>bRB63WQ@oBrv7|a$=mO`58O7)h_IvdeVG)_$
zYtILQD$h6`hy0<uhvb4`6#2CsWlDpa$-%Ddh}r7EI1ttLjW6?qPt|g;n~OHfi)DqN
zx`}XA2&ml27F9=oIXCxWo--bT;_Xyo0g6OWoIASn{t4wuUgaVY`$+akdi}|m<43a~
z&x0xFnhQ-^Yu_8|V)sILa3;CFZGD2<)y8*@r|7E(H$;QVk@LP-b%ytB+}cR+LbAi%
zeEfxV9Ccj4Z$)m0P<R30oLFJCSpRgBhHBMXtXtGuQ#eW_5%Sm7HC<uy`4nLW^FULj
z0>Wlg$w1d&>b+5(CVxsQ_4}OfI_1Dx4{#@(YDlU#)?D6rw*N@*%>*|$(@R<-INr8v
zypDkn;V<#s1+G^BmPH>gaPYm38cE|5KFuYlhmT=1g4B1!7=O<?{L_cTqM7JH#hu_5
z`?@6Cv8D}A7_#syU}yuSHnE#@|C&71WRfw+F_U-dj6MVNAiR71XS`#}w#{4QH2;d3
z`4AY=zmdGb_dP<k>ODJxjX120qk3|mhv;yzv$k~8`&rnnXLGgI9Mkd9tloVu{eu0R
zaeW<c1?k;(am!t9mGABQJF<f?9i<57joD2oFG}bj#K;#CLmwJnbKIn^mT_Fc?4RWB
zo8WNAfIQ5nVxdwlhRUv4mTIdA%vU#;of`fGnYI(tHBMkvLsNF-1bdifv!;HM1l^o$
z2~1lx@InQqQQaDsF1i^I$y$Ju+&^S|pl+uQ_ad_hq9k6|A)Sl%Zl=>zf}<6gZNBM%
zFms3J=Vx9hoFTVMOMetAeBKeJx4)hE?{bO+zI|T8pqXnY8=j8gqoqC-P_g=k$VN_F
z&ww$8;*@QrXeiy$<>0T^>cTGI0ZuewVyk(=q!yTvoN36#)Y3eNkvVLY#Q40ou09ja
z_9zsBuszp`>W60)WrSY0xRZr8=%8dua8~#ykNIpQ#@><)HRw5`Oc)g_(4*UetIR&t
zunm<byw=T!C1*|g>Iea&7(0M340wojmU2t|mw%d<=y&F!0=13WP=Xt;-&IB~aNoli
zILo#7m!RwQoQ~zor%P&Qx~H~Lkh@_6L}dMo@erLTR|;{@lrWuQI9+!mc=Z)LuEa2y
zS${UxOlfs_;-bd~D&YV-$9IfM;iZCb4l3&Ntq-AuvpF&eUOU5Mc5-Ei&7wa`Cp$dE
z?FWPf_dBWqOZU44Q+4h?;WiCi;LtZ;RMf4jk4R*h3h4tV^%0NXL{H1{ymgFR2Ne-*
zGh$(o$D(-=a#QD!;zOA-PMxTaf7vk)X_bufr1~{K-+bwZz}tPF&P(P$YQ*>Z$n164
z5WPEMHr6)2#`)E#Y0$sN%c|wG>}b7*<F0ugOtwx=15*e=J!OXAnSPpxnT4tcW}W@*
z*$ZVip(Qcf^`e(eRB~F})x$?CO?SUu2vB4S0UgOiO9>6e$ndoZrOqPEWt2OBcqtkt
zN19n<0K-h{tV#>1TN{di56DVl-#1)x+1N2YO5e7_?T>p2UFGfj#ZM;k5ZRl?PvImw
z-o=c#X5EpU_W^L(9we+Ap6ycsC=Ax>z&PNPAh^t%>$lFHnZ(?$mYItTgF`lVc*EmY
zLqKNk#=FhtZ`kh1GH+3u<YCEr*Ew7wgksGRC=mnIdQMh+EiDhL&D!O=OK`z=h^dM`
zQ%fFTuPfG$u3UM2OT(+27j13$;jW1W6)BnCBV9&+h=lEjf6v}`qpRwdi8a1KIG36L
zT?3V?&<!p{yCah-sJ}<6SSLnX(Mzdz``)Rx9L$|CF0N=cDH_X<qT+F6h(GR|7<HyJ
zFRZf&F@}a#^a$9j`h(S5ysQJl=?smu`~Li#augdAHD;zX1Q}2dhhs@-0>|#bAtB!v
z5cj?G%4Bpw&<UMVYFO-J4mWLBluL5XU*()3Ax~z+YPW-MFMA-hr!1Rj*fVp$-uFWM
zmsc)@2v6!!A5Fm~Z|}~TH&-_iAHKgG@(Shv;ED^17hD?}HBp+KC1YRV3c%=XyCjr5
zR<Iuv!S>>xMT(s$xUjr7Ub#xYPSV%Y5>ZvmS@*~y|JJLzB6-$=OggQB@{qNRWAw}g
zb73NZXHVB>dle<+xz}Q6=}hst{AWE0nRmy}N2Va3E6Uq%XSCjrud0*uIE#%5BIr-M
z$GlBXM3t8cI)++XcxA$P@RBR|6PblqE1@NzMZuSfj&~#5n~VRpxXrQ{(`&gq<JFTD
zoq!mSZ!6xu#()YvooyILqVAj>9w3^UIT%FD{#<O~9?wNfhkVa*pMQU_e9w$wsh6V!
ztD|@brPDC2HX~e;V)d5$-3ZFO_@WmOj2IC7;2EGS^gYn*hL#+e@3KccH{@|!)duo$
zTWa<E>Oz}A_X4#tMP~44Jy>GQuQ!(i=6Z{$1z9T%FMlivjM=Mxb0z$3RJ}}>yt|4V
z{E1{joe)*OhP|i!)o}X=4X2$xHfj40JEz|!C}d);)T$eSSY?~@O;wc>f(u9zY~gMj
zXr*n}fS<%eC@jUT7vlYv#$!lbqi7m~p_?eUHHL{?+#%k2SKgW$BwhPB0%BXKANxuv
zIUsdg(Ac24*qI+lXXFv9h>Y_eH%da(l+_?>!g0}S*6v6<kTh#gB1h%`RYngsp+e6F
z3`9ioRp<s^1@o)ndzHcWTk<1fP^?yC&8OwD@N5`%7(qwUNHWbfrTL|mggjVMvE4RE
z<aOu+R};#&IP63vu04JGf^6Bv+w<o&@T2E|PaOo+dkH^hQS<tjv6IYX^}fT)La!z~
z<UwB;XhFtpn64?Zl>;yqwIWL1F81@j1vy#~PrI@0Qio%qoihX0+s*QFb`3!+yRX;N
zp@U0ScEXpB&jL1GPTNuF`LHznQFhX%t8`o4o$;qCV-9@p(!Urqp$sR()ye(Yg@T~M
z<oogdGdju=|1SCvzxn9fNSameim4@yt)OmhWoiHJMfHiJ9;L32b0~&vCrA5nMrPvx
zrsoF!V@8KV+KZ$0v42G~mfs-7VnEO8U`*r1Cf4SgawDAlW0K}b%ha+g5xhK09h%W|
z#;)sBs~gKF!iAOR?0Wjj?I!=Hp0E30cR8e@$91Oe&?ic&DzCPVWhcq)IWqylRr$0h
zhkInP+|EHznvNENuhk04?o`c&Swv$&m)&{`(FX3>*rKgKG^Ya=0QkYz%#>2}K9(!2
zx^LN7f<@j?h$w^NrRaFj7I>upcM>666u2lYSd`8~r#DZjK)pO?L-RR2X?Rk1D%HZ*
z!N)s2t@fkmEwUn>JpM?{`xJ=gg1?nyW^>imIm9>}nfg`hMi$?yth{kK#$l_N(Zkhf
zy#VwnxW-HY9H54@`~Y0uz&)Y0ar*C9;A!tYn!zI}OUS0+UTV^=7JGCx%R2{FUW0=?
zl+V_Zyi(hpOQPs@6swI>3r>A_#C|hXU#}dH3Gm@=n)W$?Z5&m1cETQU04p9R!$xMa
zBsh>4dbgn?^{w(_#lUo!QTf!@QJfUZTOOK}mrZ3*qb@gA98{Cm77c%>Gn0iSz*LN@
zC`-?#l3;F(m7tyjl<_up{w}$zmQS!sAo<xI3>WBuv6XM@Z+kSr+%o#4Odsw!zc9ut
z26`~uV389it_eNYcODEnu*yCZ*=+ik%dr+!gw02vy=wnX@>1!(yT@BPXVO%h5i<R&
z8-f8+gsGlI(GxbcgH+u^bm)COSNsGS+a`=(x~sbFmbqrXysf$Z3wAzaT+u^17!sf3
zvg^DB;qTkicPyfj7}>3}BBArpT+^5JK(HHGcvlA*l)=z>4HXiRW|sHRd$w1os}86M
z{T2%)M*(WZ-0BK$<FLOxGTTzEXMMQ_=Z@K$S=!Lxl`GOXV3;=5&~=#C+TYn4Zd&+w
z<yd9V44@ZxlS4i;m~lG5cjzR;9BB`Z%P2v*MtJhV+o0A+d$cxL$kIEyOo<Hid5OwM
zS=PxvEc;sb{g+06`rh`2K^w#YVxiZUbmWKDek#{drcA^*YcMkuPa3})?8ap8FBX!K
zYw`v60e~#-2PnW}ZZWy;F*!5wo;l|Qhv$K+wc-x{>p^>M4tw$-$KY=e9MyUI``P`i
zQoV$(VNgnm!1%4hi@NqmVsBPUU84Mv5x5fUj>h>Cb~onj8XX@wi2<#CxoXCVP3*s$
zStYIQ)ZS3^GePYSir=2jPrc9X&)0>{`k#1+g*3fBD52j5$!ySUuLRCEQR^i-y54_5
ztHBK0AZRU5(=buLRa{=M9%f1tE(h>c`|o*cIbL-hh?<53d%DIJj{Q5dPt2+uAQivx
z+Z=GD4i+ydl%KU))J(QdpJhAZ>TF`<PM^ZKB1CeCt_Eu4LAtvTCZ?qd2Ewj-V>qsV
zU9Bw4p+`a5cA_=O^Ne*bX;wUe*$ZXT`eHf@FvhmWJ-;y?;FEHKyl<MxUwI_yu}G$8
z<tpzdobwTHQSe8$?!ANOMiv+nkmMIWBBn$btrUn+KKIH-{cG;kicuGy^Ea>=+hnB}
zF-l!k^cB8Z@Bp2(J!o@muO$BVCuNBuaoWzeiTFk-7VXcM;#qZ)KdT-p2XQE}KGn;N
ztXo;Saw~hNhwK$rHdP0WDib^AWG%v|*Rx!*#UUp;%~iuh)9^>#h4iA~Jl!LW8=Rt~
zvr<&x^~yNRkdKq*)$3S(tKLmNCtfF$Rhn*`>29`^F%x95H9EXISN%zTfzgD8NGJBH
zF=Wk4B5I8!>oTNFgjA&2HZ_}QJTxXHKB}ULc4_+-=BGl)!@25}uLGnH|I3Qv-)4g;
zs==ad>}#`SJ(^Qv5&#9C=9eazU%w*8H48b-2Yh=j8FkKZ6PuDb{o&8~*@z}`GDj!r
z7zZZ*Y1vJjQ-r(KZX{g8jd~X{8_{TkLfp`<oy<M*dGOw6csR#Zbgv0Z_}e#+EhVog
zz^G^PNx;o=-Hs_Ya&I$5EFxN&Ui?vP4W_SZrCn}T!z}O&Bg~kO(h-*p%ASNH2fO=b
z+jvd)hal|cVV28^%WV}kr;gJ*;*6!K0PT6T>H63HsjERagQ#lAWA;RC@k*?<@Rs{k
zFSK2qWl_k`fJ_&0D;#MOw{{pw(W`O9caIsWD^g$|?a<;pnD_qM!!QQ-U3z`m@ccqR
zzc@Natii_QV-@b9l6-*Rqk`V9JE@a5!O}lcBN6Z1jD11&Y}7ltR^R(ry>kr%kA7jX
z!RBmNg4cT>y(ZIVjU?3Shxra$<?f#*W7n0NHj&3Ov5ix!@{ulZvOdSxGhqA&#LhJh
z!tw$ZAiacFL=MCX-roT>aE_a-NNr>11!iaG2fC@v#etc}vZC9vP6SFIR?*qZP>Xih
zw7W8nA<xl_x;*jRdJ0SJkLQo9%V-KY5)^u>rr!wu_KSw%HKdGzgk>EX&zer~T{38i
znVQL>Nfh!=eDG{KBn{kC4PVvdZ}qs3NFXx)`UsYK0x9If;aEG_p)Ou7AQ5CkpMSrK
zYvngl-2j|Y^kL~g2t+o@_t~Tn!F|j7CS>d`ubllQXbe;C0Y=fM<}nh8o8BSqjE&VB
z!jW2liQLJohv!FqJ!bhb@iIe>j-X$U<BY(DIj2~iQI{gUJ%hsDy?x!}Q>*Lhuhd*x
zR2pvgf6_I~+4J4gM?r@ENl7Jk<y!15gvsGCt1<*sSc5<|o3P(c-K0zq03VlBCBMPX
zV8<23DH@*S^2(rg2gy+}lciglq>f(9<Pts4dvWT9^pyI_*N)XMlzIrH&-#?wfGKjD
zI8ZC~VP5pPH)OqVEtT&r(o?r&3=L*bA^Miy@3kyF>{{JP{7U4`D$tl6y}~I*hq07c
zW89Qbxr9N2msW1CBa?+2yYqrpA%wKJv4coWw+2!v&}wvzuv3^S?!8zG?6Dbnq_w(*
zub`gc+OVXU{r5Gbo`jDPa;`CqvHKMSSDR~|?!J-`OOf`XKnYnuzQ~-j*JBiC^JZ(;
z1_r$5j$P|hn>&s<MG0BzH!E7t$+P3CDc!ciLlLcSP)_M6cF5_qa=_OQ!wZ$>4+_K-
zsn7ncL#I-Ot6tk-+d$hml8(-wjH%OaJrxU}@L>EJCu`anI2B<ZHOJe#wGv45;igAf
zdg?Af7AfE60P}pbnd-RdHG7PJb#VQ$?Fn??oDx#v*W8}F50F)9O7h->(yMV7I}M-x
z$Zd13FMvfWngQqetwqhksg(#I;d0zZlLL&MNhAXEXGh7AE5GY6VT75ai>%@D2D)<=
zt=H0xGvbb_>3s#7abf62XJ}n?OletqkwE+exgFzkMwrRGe)>-!p{7p;?TR4kVlyuq
zkOO2_JndeQ4eII-b9=*YDJF9rq6XW->PYg;$rC(@m}>H>wXa3!3qCjP&$uF(DR^F`
z@Jl0vXfJVQk4Xp`mhEeKO6C)G=x6K#)p>^p5=39l_$J-V-lLW*EHmb6&as9=qO@2A
zU#{fX&`>VnR`u{&GcvsPQlK?f$xQ7ta<w*tT8Khj_{t6Zj~>gQW`r~A0UimJb=~i*
z(GBWDvd!+fHB^oyvH!N<f_a>71~dppd@M_;AJq2iTgz~Wv^|{hz>eO?H0|TDepGLV
zLp4ykwZM_j(73@2w9u!-*8udlKI!ZwDIR0b81d(_e@p7c;WcA<ly1&`C7q$ZjC0PX
zv1RoF?ZTg<yqt>w)yQRF`<6ol>I1fh4iIlR%+ay<B3i;rk#bq4g`F6hDwad5*RQ+-
zIOQ|gt&n)~ro4n7Ep_<043HSfASGpg%30CMh^P&yXS0KEIyRN-nlyty&K0{#_nG#>
z=Uv5d@Qh_MQa5kO7X!P`-mAkTKMjrz3eRg*nRw~(tE+^AAfcNjk@^&xqsPaqWE^$=
zYI#MhBcV%gQDHNuoU70zMfb9Sz51@S?6f;tBDs!)NcWj#-FC^_!?Wx?A^0o1Ha!sM
zSr@p1!-^TRN{1x<)sXue5-WlGNk>aGMve5<p>;-eSA>FDQtR1(g>3{Y1FUUD=|uqc
zgZtE}2x`Q1Z!Gk?y1wzveEsb)--pv4WxoSy%DJfMTUaRArFY>6@qf303$`FLVE)zf
z@lb()NdH?K*vVec(ah%mqm31*S}AOZp?pu*oZc&6_30UcW^6(vD?)4dT1Q<a9NKyk
z8kkuoj^d<<1iQ98_uMQHjm5(owp^F`i>05H<anoDpE+_ePb*dfl4g(0SrgKViQ1LT
zvqybQ!-Z(cr5)0OVhFP&)5|Og?z^Nz+|Apj_umYp$+oU%ilExeOp({b0mf1aq)n6A
zhK6;M2HA8^Y9**+WND=&iE0i+CPC(NYRN*;#o%!WLaO5la+MF%+12-|Ma1)=%If|Y
zW=-P&vwwwSMMH}LnU*t-X?$^`W1S{OPfW^i6FYLO0x7}-u&)UA86%<DPc%{2QGDTO
zK1-AM(i8S9h0=L)V}dCFg!r)u3Cs7}34(x>xiSN+60up`JjZ7&EWNQMgOW_A;(Lsp
ze9}msr2)rsB2XkldisKC2nKU-SSTiA!!{{M5PXlKkgioDNE<vR#Omx@Pb<B=nNeZ?
z5}>%P)PGrk8%>!J05L|55mx=n1|(P*!gPI>-kRKiXll1iRjhbvvR!e>f)v888g^nH
zM4F%lQ(sD9><yF%ZH&2JWvmQ@5;jSavNK>Zsuwv-l8Kr=`YuGd;WI6vWRiMb65C!|
zfc7|Wg1um#u%(ffM)z)a_-PDZ3*4po1SxxD`!r$0<=xROMmWU1;I8XLdk4&s3Fq<G
z44KF3$co->TS|iN;TzmSy%$u=WI9hL*-4MV%$*mG+u?RJB<*c(Z$pUR#jBNlNLOFs
z4MNQZ7#vPC2n2R(i?wf7U#XR1Ph#O5`WC154Mfdz5tnU%N5TC#d~oHp`5{BBl)(n<
z=C+}(2XnUTLEH_}#)`|=cCWKdRyR1ptmHJA30AC+0V2f4G2`^9^{K0+;DTnmWA9=&
z9((1q>V^wX31+R@lLDeN*qA_u-)G%|!yQ}?JN@|c^#)1h&8LaKmug|Rmxa#2@K?_>
zg8yQM>oko+h~(#35q@hQvF)il^EqzINA%0s6~{LRyhyj*=Aa8)TKBJ25gyrH_RHRf
zqd}J_*e$(X*KI?*)`C4?eQ!uazcTo<?z<<`QC7^hgUC*gU}K+D)5f#w;Xap`EsIX$
z1};z68cgOE0g_BJxQeTyJO>`znk>DUJ$NFBb_cH$pgsq$?OmLsQK-@^tPKv+UE_YI
zrmSfzR4x0O(Q6<3G@my7x7`k-cdVBuYl#~T4-faK^V=xeQX|SAvkOlf8;brK5U*lO
zSYzNTAS!b+7;!A#QN_QgZ@vntFz|QW8e<RUUe&)T;eb-;9g=cA)F?AtC<mpxwI#OR
z(#ua8QL7jgijx<XAx<M)QKZNn$t^;bri~Lp(|B@G%&pE*1K&w%&+51~Fe`{-Qs@ma
z$nJxFnZJ`z*ZxjU%N!b(Svi=%Azq9j)Zk6Ehs+kykwdJq6Q6BQ5WlDT*AHpB)O9eW
zQZL5N6(}Kh@pt5wF<K-gPneS<T;MQg%vGQ*<{0<r(h`9qR;5&|SZsu%X%k2L(n}7j
zy$)IeagPvFx*Naml^2&g9-E>#4n`j%39qOABivpr>nl#o7yvsaOY3kgsYB94SZB?E
z1Y=|2$M~~a?#q}K+F5!BoO+>2oh)oZiOWq3+G-%yn}>fmBVSxR%*Xb^7iJhVI%s)3
zZ1k6CT7c?EgplxBd$vYpAv21Wdw>TNfJ+|1?ck+fN-}?<G08)(wy-y6*RplxY(@ia
zEofBp>X&H~3s6tQA6Mbz9q6*C6Utu-jI5^FFTSH|(i9%w<gXmIDr!dXX}}XVP+NYR
zP<r(=u_~zLq<M00DpId2kJX`{KE5iQRqM*>L1H?SgF&B33U#w64>xK20c_DN7UBDB
z4t<DifxdU4cm^Hqf&a?ssn?e8HE(%ev-}7!>`$3pG4=FJ8m99RJ~-`QM$jp#OZY?P
z<iA+Qj4j{udpYk@=i!j6?Y4`%JUK($t}Y8rx8)-Bp;$GEFsjisyfdAwY1106x!z&p
zt7#TDy9PCP`@OF1NlGfj#>|~)$ywj?T^YHzk+e-(<C82tEN#oQb6ASSYMAvTwsW&H
z#=e|RdZRH^!S^EK;JWV`IY_t2;b$n{2^^yjf;I->AA@m+*P5xN)GHNpJjPnxlSX8`
zxojNQqm|2{NytxGQ%|a5uMX${q8ZJ>ch}tV{O2(O4)`weW=K=PI_dJ-{?A-0<(!B{
zyYR;;lQG(0G9x*p=IYdIzd{%siA7d*M3{b4DnM^*d>pvp+W60VltuxoVg!P$BY&JC
z07ENJW|T10igW8xIACcDu#ifFa?17~dlcY0p?4X-TxMOj#9%U{49aWWn`8<X6s?5n
z1wT_>f0G)AZ3ejl*K3z*W$>e=o0~2q<TUG9vp)Fo!b8~Iok2A!LbSuhZXd-JD%`?7
z1jrG8D_A&ixpMh&pW#XLfyHwC8pr~Vg-J*n7BZPba@fWuI{1{f^9q|ZjX^O*P-3{t
zLKnN~_*)!+>IaQR=X%O*?8^HV_PYT=8ZKLAr>8-B8yP<b;l<9AairDs94LI@^Gili
zg*)?`#-pWLGJmtxOUGO@Io+B<m$kd>GYl4mTN4jCX&hd^*(rpIQAYNxX@;b4rWIIX
zF!6xKw2T?zhm47+#GZEY!9=ifQ<d0R3G6XgUXWoKlTvUQHuCIj&W2H8=qlV{5UU|b
z^-~7C-pAlq#)OM`cY!?sJI<=RBkgW)AjJ7i!$kPNfQTp@DJxrcNlSYA<$Lu5^?#ox
z9y&4zn!$j8xS)Z6i2loI!pO?j@&6ZODfiiLh`@DyP|<fYpOG6DcR9w7`4OtjOB=-#
zP;~IRDIZF#2OidUNOEQW{qE`wuQzgG<XMEwAoUFifrOI90$4XLG+FEMUOUgLx<X1;
zy;OY;0f;hzmblE$15RI1oYx)uwE_tS-Cdc@eQa+xK3;tO67+s>0)?()bWZulDW`j^
zfuT9rTG!(D*T%inFM*Q6KJ(I+I$<K9#<^?|#UTljm&ZocPnTYuCSD6X!bd6-($u;$
zH$B=kmt!8!Jv1=6%3cGlzxKF4dU9=*W|f2MP4Z(wr}ijJk3rBsbeZ4w{R$k=Q8d{&
zhg`bJTlOj-AC-?4jlUicit_gM5}x(n&PrWskDHBJ&O?y?W6+PG;U!Zn&ewm|q|lU^
zr>16#97#XT^fE=Io?2%ebY2MUEe(d6eP&PSzr;!u@39X6l5zaT!~~?5TRQSM*SqX5
zHX?oG&FKS?iQ$l_e^7VYVBtXTb_O@>%a?gF`@Q5R2wixdyMI|e@W@X8rn-o+#WCqX
zjj2sy=2H!XSYvxto-h5AB+Uga>SSw=dl(u3%f*Zoy)tl~<&nFWMhbiR$0D67Qi0hv
zn6#X4I=M*!98J5*722q|)H>fEnD<23c?vbT_Y)%uZlAh`=G9)Qk5YrIlAJ&S)iXmG
zJjbTIk{tS&k&@wcek1=8V^znkZyco_<W;HrI5Y%0oV<#i%A|L}wM*Q!Jrh`;KV1o|
z{#d0GFhiN~w)hhrXbG%R8LIMX!+c_)z4e|5t6h|69fuBvCh!{_J%;U~)YnttP;Jcj
zT+$W0hRAy;9*9F%TX%)JDpynZ;%UMjnyf=yO@Jjc1=b<>Z^2u-9H)*|KP-ld;_`z+
zBq8D0Q>5>B<`7<v9A>bv@X(c|Kh4?+{Cgg9{3)fnew59(#xG0xPKs4@J5llRsm@B*
zrZOz*2I{-|l*-m)1}eUOPO2{3jCeOjaYbQXp8Q<fQ@@!9sj;p=?kZI|%lmMXGmXnP
zc*?-PM3K^+%W4uV_$DDnLo@;jzq@gnTGbdlbz(cUn?euC<+@rqT?P`#i|H=gw8hr!
zr&6e+usICD90w$yF)~IZ?RR-Oq```}Uf0XaMyFaV?(8#7x;uI?kw{iDUuC}85lM1}
zM<y_9NS^{CU_U}P_HaG@C41g{dOlt47((AGdbyagz-@XRd@*=lh3i*b$nfDZH=o;w
zF3?OH5M_|_Jn#zPd!FC(5RKS&do=#i=XoN(?BhYs$lOvMQJH*JN;-sCOsn^J(uX3K
z_hi?2cGNkUn;vaRH?@ZI`Y{!F+Rts!Jt3c3)7zJHf=qaR!^v+1&<|wk7>do4aap(j
z$yo(wtGD_o+@~ympl<F?=vvjc-<0oio%a50y*7%msDh}0(q^;}2ljdX{RGu?ddJ^c
z@DRQsw`sAo`+Ku&yXMW#^vriWxK{hmt3m(}M1JN55Nh7`>4yI&DQ6;xtqWm(&jvy)
zhLt(d&+noqNZa+TS1Y|<Tq251I@iO1P)B>jc4%Ec@A4Mu$0qKczQ<pnF&OJCo_t+k
z^n&mXdfT1mR=Zp;$=3I#xA|X#-*;e-0gPFV_pGnq2mAlW%%bE%uEg|@-28_B-;qkj
zW=58VI#zlP7XO1(s``(hg%#sJf|gc9DQC1Ysh7NrzrPLBn%gWS)x#uM7tU0Xpw<48
z10-dem!!WxvOR!fXG2Q3wyp#zVSB%Z+fD#o*;p#=%Vo5KL(XlANys*XP0NTu@7tk&
zm*o$Qs>&TnCLsUE4OqE?3fi@%^fpkAVdL|<XW}9>Xta)=uY=~l5?Pukw^T6R?r5yE
zg8NXtGO<`d`3N!Ij_6sPaqeVu0O!_F8~kV+C@rO!oY6jxxxu+o6l+A<EYe4<_t-3f
z?$a<Tsdlx>yMQd?_8&pZ&jrm!$Ff@Yq=GmjCqP+(|A({2A_>~mdy>hsRHc5H@6bf<
zw4~D$sf@NE69JoZFkbO%I!)x~>*zm*mU)fj^S@zF%m1+h>M@KZ!+wcL(s~n@EIMVE
zBP2Tz!Td9{<Q+3|(Zk{_0FEt`oOD>hU;<iQ1$V8QgY2Sch;tcEeCmUUIp~<OtXIk_
zi)7Rh-)2?Iz$nF(+Nl5Hx=LeVi1VKc?rzE+d8P-Z*jJ5K)}BjjRofxludB{TP)Qg3
z(*u%Wgr7r7o92zf?NCypr`9hwp|En6Zo;wV+YX_?5{De<J=S~Y@7pDjOo|jKs<5Xh
z^eHLI6;;s~WI{S}w}qAHbGA$HK9R-s{zuTl&>cxTG-N_8qEC<GlRdb?7S@Wrr7e<B
zc8W-McSWBzh}mGsoED$@@QoHS<5tD@NuBQ#MK<S1DT0c;6J=vC8sIPPlR7xpNVLDV
z>+Fn;Si=RvIB1&~8@usJD_zTk?WFp2C(h80;xcDw8^HI0d1saBX`G~D$4Km?QUDEo
z9%1JbKNzrP<wH2!Fy_h}1@`8GEd$x|^-9}**$;7wJ~v{T8hR%6^X$B%70>j}97%d8
zcv{^Ws%!SM&r0ZYd1b^M1_9l+<c;$ul>WY1(7*V=6zPCzAEmGC`_N$|EKB4kQx6|w
z$mplq2OeMN%g!;ju+I`@EA9$v%+Z-aYTqzfXy2W={jgT1U~I${NoprzV=fVtEknd|
z(unV@;eRA8IdsMgse)LD38su`Q3<Zho>7@TfIwX{{1Q5j<pP2?OA9g_Dc*$t*A_^`
zyCwAM4cI#>eWJiq5VDC4+{i`gGaOO(8KQ6Rj;blx`;!k(gz`v{Em9NL=_-M%uN)oj
zyN>-KEgoQ%SzYmEe{Jh5>`C&Tf^Sg2b0y02*Fc3Aue&cQ!u#cN^3oS!W<P-4<nZV0
z^J{HQq*#aKJ<<ZU)7RM-y-V-U8zKHt*G^D@Dc)AVR4l6XFpbg@570PPFg#xSxKiAf
z_(PJ%PT%)abLoRr-gSx_@SnFo=jIjZH12mKP5swwN$SUzKTogu=<(@Em8>stg7k^#
z>Y3-!SwUMe<>cRT=Ov75R*7aayr;8lCo2K8vmPDo?x${;9xPcGUL?p}ByJ7CY#GA3
z!tON^ZN9kt74psAvfsy2K*yVivjviWve85s)-$%;^I&~(A~0~(YGxJZ1OwfZEe1(1
zeLCNzGwC|+KVLh9*|=OXY|v~Sy18Y|lx&$q?J27)m{kps{G(GRI9f8^^rb;uEAHTj
zul&_E;=%bHN33U#qjrs#STKFUUtBO95NGg^1>_EScO0Q2Zn(myocH<<E_Lg5XTfc4
z`}*e&Ta>~AU^#F3JLaG)A%$+K!R;oBR;~GK6g!GM3`O-CRmEe$DdZomyD)rmK+qMT
zwFRPHlH_2@=Yn-S__`fXu2n%gg{HjZC|ayrjuv3x!@nHj3K7b(*I2~AX0Al(!@8|(
z>!X^Ff5)hHnh}~I#e%p@a*BX_9Hi=(Oz4mF(>%-}{d>@BW9rym!vR>k3@K@t{EDN?
zK<|MadPu#XiLm_`g=$+vYm-`s?yv);)??7Sq8+;VF6b?D*}vL&z7cLE7YaVYAE3)N
z^Z6KRc|M44{yzM%#_;wa^M1Aj^6nMkhff7tWfW6EEen?C9@npc+u_1&Ihl^8`eX}s
z03)ioq@@C%43<Dc)`cieMuEA^nvFgO@CJnDMkb*39vEx%ILp29fgNj{wva%#-b%zf
zyR5-~P*MDPmFFoj58$JDfM{ISFOagfftQFkq|b%g58?-qu@&1}#YV<rJ6!~E1rqom
zTI-Jp3V5(tong`b3Y-J~KsP7lo2`Rmy%i!lyRN9OIyxpr2$NzIai!iToNlbgNTw`W
zue8@hVbndjAJ$Z`*+yd~{)NtXiq@-zV`M|ss&nt};U|5gldJ+IS5St$jhs7zR_@hD
zJcIz`(f?({+~ofvaGCg5<&}4$@2sW%mK0J@05o>il8iXsXPhj=CACSJ(}2~;1QN|j
zyIq|4&x01ANuuf4tzolkS0Gom-v7ayQLmE!QjB^ApQFK>*+m6o+B6s2c)gVvyMD8-
zh!qLOfl@-cXIFE^hh8x$>HP)cZbobp0K9Cbo!bHbb}amwy++D#k4-;S1aqH(&xX37
zNUUEw9*3o}<i3WMR=Mky3TN(#n9d1XFCJ%<2W7p_|J54>ad3421m35YyfokcWmegO
zJOzgGU>f5PAGMm?v|UUkKh@G%hXi5S+m(qmb&$_Uam?kht#&zi%DhGH)9Wgx)NVp}
zZQn~p4Z#;26^Sbk#Wo_g%qh~wJ-5u&dM2YykyJnfR4yBt)2wI5z;i$;dx_|@>bhph
z5_j7C+Aqhghg~upP?=yKS*<_4%E<>_4QcgF9wIuQp1IN9h)iHNB2X3<#2jb#zM|eI
zC2xzB)SC<>i%_t?rYT17n|}D_%2{8V7$oHDs`jR5@p-{zKLy{1$J~efwwd}n@ETuR
z@%dQ{Ta<-QLTJ1Gx9F4)fwlKGL3nod4^DP9V(Hla49<sW+<B<M$46~;{c<-R@@R(%
zp`HouHH)JR)q8Y~5#G|;fRg0sR?(kCGYE+8YpFa`mYGv6@dpE=h3X!*YG%YUMI;So
z3YQE}MFXP|?n!YAu}Y6O7)eYbd2tz=w>l{rnmK|$&grXSHUH$Y3X-AsF7?8$ChC9a
zYC8oLB!)}PITA6gwiw};jh)X|K_j~CHx6{yReGYfD7J^Noc-Ow0WYnXp(z}~ogm9g
z(y$_JvRI9YO=#zGm>MyFwj*Q<k_iZ@3}D0tWVk?Bc#DF#i~=zT*#>!XmLbVhe;7!u
zYeu^U#o{(G+O%fc`*D-V3_Oi^g$s}PK`B5we}XC#`mBe0Hf8fVi$OYKRo0|#&f#>x
z(==-cYviw&Uh!C%7`w1o`#>CoSIg(9B0-PF`KNh62_x7?ac!zW;MHp8=?D#cquw1G
zqrxIg6p{SL<|h>t3F_d&;sw~^T7->SI1wY2)D>T*3~v8Z7FI7;V%v$-Vxx7u;Uz^a
z{>m#?eK6Hs>kL;qIIH<HEE_*`%9kA<_9inN&i-(N;mtg*81qEdl9_CSQC7+2D%JWp
z;@jr-mj>%hs0LbE(>T}-@TVct8yP4$ES7PEUt@)XW5ipL-);hai0$u!<|F9a<k#k`
ziA_Wz5vx$nkCzz5nw5HsCF~DFM0_`~T!Tqgh6j*Q3mGzx$5q<UIz=0KJo3}j4|E8r
zOjNW)3iR5W`?87sJ{wf4FqTg58}Qzm7%Hh7FFnDGy<#~>syl(t*X}Rx&ipsGfgf)q
zn~Wrz5JolrKeNKL6H~>p9Ud<@*x}AxhRJ*SX+&qVD$c$sA%88dJyV&O(bSm?ac@s~
zLd-mL6Mf2wL_6}#PDVUdPaaS)*3R=raqY)bWFBTsBttz!OeJ+8esR?5L&;?=P`->1
z`ya@ad76EcBjn7V!*KsObxm)^y$hm^Cl<tSCP$Qk#}P9%J{xf7R01ee4|2Vz?BY_P
zwkADweYK9HYffvid_H-#vTo6Ka^LQF)SLypYSdnx_K~cK4x+6X<_vZzf_j*}%!@4f
zI55-ShygYdw1}N?f0(u^9$2YQnt5`qp^kMDwicCn29LPKYP*3tH#m{-m6ksHafSAM
zWf)y=T*(__U=dnWBJHje5OJ}kb-Sx%5A18YV+!Y*6FdJ#SS?5DT#sc^F7U#(a+v-`
z<a@R`nE3cUbQkHNoZ7(nYs^5;2&)=^H}~Q7GHKG)boIhSkm<6Q&?prh5o<bDQ$ZiG
z1joKJ{SErR^Okc#dIp+*fMpg)ARvnWlDC-H{2#t@m7<i)#{ck@?axS7nIFN%34HUa
z0rAHL=;f3a1~I={o~xTWAo9b1w$qxV$N^$X8Ip%<ZcH}Y-D`h*gOrs?$^#!rCuDKi
z{Vj^_QFgG!g3x8fA~@He(})ZuRQlZofH2FqF9>(kuztlzb3zF*-T{*uL0?b$iUhnP
zDCE$?ZD4^V`E8*?M4CJL$Cje`@j5t#sO!UQ@IbNaX#K|Spo^0;ipwP~+=7M;i>)=H
zjQSgf2aa4kC(N!96pJndFf--2uB@6eLn?F)DJnN(=X2ry5>f&NKa`swIK@fTwUD1-
z@-Q0$jntEEU@z!PJ6R%pqY(3Rm&6xVqO#JPRfg4EZXPR*6L*x;DDuKI$St?ZBbLH^
zAsOb0T}>pesB!cz)q7#N8&wMKXC>C@I--2ljT^qQ^{V$-BCVS3r$fxW`d1B$z78}h
z3ciVn5jEK^I8ic%b8t=W<wv==KoA$7Iu|$Uqa2mX$H2(yr&z{8eV5Q9qRN|+PRvn$
zz*YoPpx^?PWlg%vd03@nR1Rwsd$wB`*vA(cOHD|__9Oy|l{4ipS;R`-<IJooc%#;~
zKK&uZYe%DUj6N)5s3e=Xu>DnIgQ<r%&B|tzr6at6utR~9QS7|J=3MZAxZtlbV(3&g
zPulm0);}>Sr|W^JbNFk}m8XX9WYZ(hh~Pm1t5SSeIRX<!8UvZGmnjT<>nWG&`P{}<
zXEuHg$F$PaW|I(V6z6ws$r++LZ_L$>pC@Vh{Mlm#;_u<q;FW}k4T8<EdI3T!r+|PS
zsyfx_m4^huu)m4H7P4VChDNr$dwC_DDO)75pcH_sp1=iHCJmbYh*L@!x;JpUDpURd
z64K;B$LLHt0NGaUhz%|*3ImI!cDx8uF2;0UG)%}szpY;}J(on?OK5$_LW4gdOBYxW
z%?nu5pL2iONRImi5G6f0HXoP|gm=y>2D}`eUtHyfPlAUBS8t5_m2(f3V<%E#b*Rxi
z?pNB=MIH=ogGiiMb7l!Ys?B7=VY-|5#qU4uI&6F9EN$LQM?Y1od}>ci5wDUrC`pJu
z%9cUaR}<e}kKX@h=5`|0&fx!LoaQh<Kve%_=FIh+_5RP)Z7ECH9Q-HiR6)AVOIaP~
zq^T8)4Pc7{ZK+0Ocg7HqgE~NdnoDBo_hh%AzTZj7jI*rSC?=Q9<@btXA;cdOy%(1Q
zLsVBIQ3A);OwMDa_vI?Ohv{L9g`vu=q%l_u<rE!F+=kkSAZ(SJl1_2c({to)H`UTr
zpCIUME$`)H%AL#I*5@R~ch<oEH+(b_pduVJ$b}Nfr>rU(i!8;p+kU=?F)g45F6i|t
zN)nZ03mE<WXe^Z+=qe?Nc)tiIi`niz8G<Vdi4%ik4fL!GXbZ@PXq3zI_JiAI9LSeQ
z^8?(G>_gXqNYyhMSC~51!)I*azk<iGpK9E@L`G%&u}qg86|8ZJXdXe;5381G3;0FO
z>+2*Czp%N=hm*^LcZQUSe?bu_Kxi>$ajD_sQi*nw)uRkA>K|lz=RZKhT!b!%&;ofk
zi~Y^?h1cj1ZM-dlM2Zy#AHm{90`B4B^Kn`7xO!qWg(G{7LheA#z=tI+XIapog8kRu
zGz3{hsN4!}9iar*<5wP+9RW_>JZdKXR#E8yB1sR%!n82Q=)>!r!p<wYm7fQai(s)f
zC4H8f#yb&gRgkm=7B62<42G&bG=jBJ(W5<#27;-hq0mTYGa2WEoS701HF1GY5_!Or
z76qm?WZ*uws4`^(F+`!1<OZsP=!qwgO~=cL=nNL_j69h*`{GusJbjn+JeI1Q<(TKx
z9I)?fjYt{0e<P44U2t{&Xzr^79|bU>9N_S|uXIy=4m2LFLRXb3mnEcX13bB&IBw0e
zvsQ~%O%waSleAtkt#ksb!&)Uz=@2_1P(UI)qRWK2nKqBTVINC+z6m;QSSEa_>7CGj
z%~E^*19;`FhpYN}7nZpSJ>ts1_UM4Ddv=dCty-4G3S3L9&xJa~bUzHtpx!#CM$H$>
zIK}dYvt2@#YY!atT99fUX}lJ3ano~0+zhkLnAD;t3GOeLhkW@!+|{<~Z0q3tVU)uj
z{u8<*2J!i6pP@W4=D|v-kVA|0&k652^2ixLqtF(<4rRP+`Rr|bC{P5^x-f4R6yVr$
zFdDIcqALs~1L;ej0Y+cNL*1B^)h8)84)Qk-&rDdVy|V2n`l<iJ_I_-^m9^{FN50BK
z&dCe@$>8Xl5@b97LT;n?icG{7B5_7y<Mg*vf3jQAa{f7e>;Kc(SwPj1HESDpclY2B
z+$FfXOK^7$?!g^`OK^g7g1fuBy9W*K{N$VYZf3Z5X8p}toYRX_Pw(!-s;=Jqt*Y(q
z`fVWrpt_$%&8c*5JvRbh<(bnt!_*h?&$y+gbQP0?Vw5fsa$!+ED_oFcDIz$QYU<n<
z8GlY5H|Upx4ybWJoAe07oEl&@X5T#0iSBuA=1`~-H}oP=<$dchVxWLiT}8x8c-B|`
zl2ly7C2_#et}nI<;rN_u#_ys?V+eunRm|xf{<ZeSy3~g21>Vh)-K;{kqNU>RcXFyM
zVgBM*uk!A7<%ITMyo#f(vxA|ruA!}sld-GQAJd5WzuXGjuVx8w4(4@srPdx)p8${=
zIo3I0+hGoq>3Ets)+d8G)RT7~CSF#tC8ILXL=Z<hVns&NZdRpDP{1mWBAD}w^xc<j
zR7^K;c6*O3t}+58xu6^Ei)n7YFHp^=o)E22LJ=_?OBK3!K=OM%-VPywG*eLk>3<C1
zuNtQ+X%thDp)@(ww&VvF$R|*-)|6&jxT}{iM-bpfYFND#27$}|rmeErC~F%fn+9Q|
z)G<Mw2R@6}q<F`UyV8Hsb5UjJI%$JgaM3n0alxA`Y3ob{Z3y>W$@dO%ky8cO#CsZ@
zufE0UR)Fhpk>|h!GT)q9Mj+9jC(hw3gvI4W7q>sg@O5`7OM-vb1lMJUgpu^TgCW6z
z+1cyb#+Fl2uWKpYG?XY-QcBtne7a%vSw%u+_B$7n<g?BsRAgl>{Mcn0Oc2-ni?({C
z$*k{8J3q5<DC9(7D+wUvxY`jEGZJffaZh1`g2C*HHUzbctE0)!L<!I)8jl)#)5kpF
ztE*bR7X&lUFG1dc;EFs2kidN_=&TFV1TVsiP#SLv$j~Adv(ld51m1AvFI{M)u*l4=
zYOgKMYwhHafuB<lWA(Dt;HJzvGw1*hu~J<Q<OKE9*<GNE)_|Mx;4wln9(qV0!vv@O
zPG-{J%Mkg~T65d8k@~wf(y$68!|mYLzysdOwIohdknec6BTO5wt0?CTbR4LL>*ild
z4Khdje6eCo!2QS`gD_pI`g{4V_(_S=I^c(L!M))Nc{X}l<T$rPBo9n9WIqtob~Ue0
zP(wSam!BJxW5u*4hf_k|!G}}y17CnN8JoWrdn6ywYWN(#l21zkpX8uF7-P;MgOz__
zVVGI<jYwm!5K2ZkZXnsWJ5B`e>jY*{PUoXHPdm)@63poaarcG{hgjs=OC7g*o>@W_
z?q*bC$c!>tvpPE5t_Ft368Mm<TX(mqIMYU?7WD2ww?6XyWr%<82E1oxIoJ)xd9|Kf
zt0o4I6u;ic={T_wj)Bur%c$by@(se!xraYFzb9+2U7g-7AB9JYCGi6Bc+0o?<{+vG
z>Gwyan2Kz2x9R!Fxv<#4EA}0HdOz#4V3#TSqS~uzDl)=?mOUFxY?s`QN?<)9^gV|{
zU+f4U1kSR(n!P3r?0lGT7BJHh#?HXYAGcrbeq5MM51yxW^D>u$`}iIL$w?nV4yfHx
z&J}85g}wHOIbqt=*6D3ioGG*apmEp-0RhdQL5c_WW8v=UhJM$sG{eTSX7vY7@BpUW
zib9JH<7*EU#CjX<ni-ugPfp%|FQ48weL5CHj=Pe0&|uX-prvprF88q>R#IxN9?Ud!
z*;QQ2vNp9?ZbO|q_KzQKSI|C-B=YxO`_hv0Nl4WogJ2cP>#U0K#(v9;^|E9caSvXG
zDK(>Ov2%lp>iG+da+z6Tv^}BcAtofYQ0}vN#Sm|l<~R#uU1PRNbTQpepLl|2JYacd
zLnoS*=lkf~QhTS(5Z*{fkdvYLtp{i69I}mT*da|N3vD8m=<7_9=NrZ@&eF^s;KLhe
z0tm>l+AEy705z}1l3?i0iNy|Q(V{t_lE+)O%ej5qzxzB4-w#_s5I{hk2tYt&|K{_Y
z9GngR$JZ^{yoOL-V`@llufFd17`?|v>qBjVa2ZKMTsn)~0)VA<CV|zTegH@0r6qW}
zNAh|SJQcE!009vZkxH=&yG&9kZQh8*wpQz->Lu$(oT{NqO!Rlfs;~7H=(k!1T~ccc
zc)s0RvE>F*MHx3P&0QW3CGk7cZ*Twn(m%+Aq9u}F?sS(GPxWwg*!b<WD^{rYcnTGg
zRU>MfxfMcH4(a(-!Mj&giU&BCL`kDGyG%xEx^kwxlKFVfAd7M7j#2z>F%L|eg<!OK
z3x(34&lJ>JfW)LV4oz=z3^gn9GjW+^1`-K>9(3!phssvK#W2%F@-BCnOlIDZ@~gPx
z;9f;6@}<>Xw34LiIHiYt!pW={hie)p0$a;^7&MLR35$Z=8Rrms*jxm=9m^1pQ!aBt
zu$x2aKp<%<8dab@mYx^cD2;`P-A>=vZ}ereQ~YCMXlPo%sO1c%b&xxjx}+fF0h5Y`
zGl~uj1Sx2QBi6gU1LbCH9yQ33>fVn@Y4I`^F|#UZ8mpbym)8RL=D7_%F`tPuC^%-8
zsk0myY6?{Gooqm&%(NFf+c|Q?jBBq*+2!Uml+n3%Tm5wh;nf_(cC2kxRFZ(3#METP
zvwe_PH2q|5TVWn?P0in%dqd{R!1_32awMrCf4n=HL=gPm{7$xo(r)*#A5k!fvrdrX
zYxv0dN&mAW`n<ll_lMD|L1*7!Aio`vD16!epBN|Z2d+t|AP{ce-9+V%$HMj4cc{=$
ztrT~dPS%j&G>_H0QHR1VDCeD_JP0lukZ?v5gD@nffKO$<s)u?z!EE;4QWV<tiH_Fq
z3)g+?jn?LMgf|j)8s(;p@m^-DKu7h{=|`*?YIe&<HprIpQRl-$rntPcJ_yG+QNW><
z9|Z=Sj`xTvs@kz1=m|YUvz~N_OC2sY3P<Ta*Ktu!8sN{*4dcgsK6Jz4oZ$L?FnN<i
z;$a5KKH7<(8-Ex~vdmQ-I6N6f3yp{d6^wh!ryCq4zV8}~4|b@seY*-f{fGhMR|I~V
zZ+7gF?zqHVOSsI)a!5RrJbs)IdEvW*K0}*G`q@3)%oCoNxPa`_U=q*6q%*y>t^Ni0
zS3jGKac{p(PGVg<G7c^f{kb@9O!(zIZA`f(H<Fomd;X<6kzJ2X5BtI62a96cTH4M(
z<i<veNejBT?*m7T&wX5;?~h95e`*EtPL+W(>fyH=z+jWvdsaBs3|#VNc518GRSb!?
zog8yJt{DQ=2P~w(Em>L&u9S+U&-4kZRn;}P4VxyjyKaY%+yPxAxyu_89Tgrh%Z||-
zV(p(3I93)Ladl9ksV`KF(G#YY%EFQXWSF0H5KJ!AmPuAH^H&RUCUz{mK|)JfsKY(5
zo%N_D7Bx6NI$svlaSeIzU6PD`=@HpktxjL<$7#11W!y)rxnqA<kYV)*nZP;^l$?%k
z!WiuuF=bs`B~1Qfi!bs9D<3?1d>aa5zC_~_*({5B3k}arb5=H(<=O|aqaD8HQiTOJ
ztX>r*w1REkW=?<Us7Svj4x}&OO!=_VYEQEGS&LxYLCD4R(y-a=pW8d#OAhMn#KR_k
zfCVCjVPbI$8R5?<g}JKzbQm=<@5gPQnm_*@V-{5#TLYMC4iOHuv5sXC`3h~T#d&NF
z&#gDMe5TD0+kO)~=v%pb0F{~DjqajvS=crf0#wu6*cAjqSPmNEQ;kp`O~Zd7JK}=c
zxG|;MWRYXr>gIJVw}fNhHj7OtaI8tB%86O|arm5I%4p%U<vbo+V|ukpOl25buaV}@
zCQQL@84de{CK6|ONNlvOOIv&|3XK)j-s@924e}?1p*kCOxBQLR!`jbTV+@Eew%Glk
zK)7UR;VL_QtG;ZKw~_LWaxwH$O5UpZT-o=6&|j4@x)+l|?N>>L+tY@CGjFN-JZ0!1
z3}-ZYr<_R;+qBecm+L^p5BRn-k|8eakJd7(Rj`-ao+>@G000k{$!FZ<wued&wOs%|
z;XvQ|!;_fMjicH2Dyz389+CGg1K5vz^c!Kde2h*Jp&AeeOL#1Pre1!p7es0)^A3mw
zlSa`Q)-O}WOThaz*%XU6BiZUtj{M%Kx7pd`gl$mX#Wk4@F_yL*K<9cWxw88>!yc2=
ztBcO3wzMwRq)ka(@w|C!#@Fh_AhzGItO^8Bqm<(T4DOeF!52zS4F!XW_;S(R63<c2
zXFAPtkrjR)!zXa=C$8TA{XTX$2ap1X1p;Ek1_Gk^m;0ELxwWyQlfJdxpJBVYwd3Ne
zi26i#Vu#Ll9R_S(;@V)%yParhP=B2axuUAZ7;zG45h_v^g?v@}`GJ?06xds9Zly6D
zYj@`$>EOWIU6T&Sv{>FR?7)dNZGg6rJcEWcdM7PiPys3|PSB)7kjznnIe|_DFlV74
zmw%(dqKoD<Z}ZZ!EGUbjF1*4)&YPq}?wGPNFuutfo+Ey-rAqU~g-Mm_vxZ~K7|itd
zgv2nGLeW@^+B15!AO#(x2`3d{YU0?>)r0S*bF|C8fA|q={w3r{=P-%g3?Cg<G3B{L
zRdX#LCRYOus@E*0pG@GHi5dnQg=|fPm=6tBVV%F0IckPWau@9zS%j<7Xc|i#ZIsl^
z?VfEk+OWh3^#};Mq-Oa!h&Lq|%P$$V3y;dHj2cBn*w0FjYmf>8%kW52wo}YPzyK-S
zjEectScJ%~?|lMEC7ZTDLnJ+1rNZ9(gHG|+WNR2zsT8yvu4;@?A$@XE;h13(<UOsv
zL(ncV(4)ml!)19<clH1Z11gQOm2XnhpJcxZC~x<E?{25+zE)hGQg(Q3hZ1@1NJ!18
zoHeM39v9())IjVcygmts8j<@HTcQEjU8f=qKUappQ=7-MZ#TwM2n{Xcc~7@~{2aIy
z%g%LC(O52X%kxR>YkKQS;gqHH;xuk##mBwJ&cg7CEZZgm=U}f01g|;Hj9bz<!{n#(
z;E@OSa_(mGha`Zd2SKE^1AQMTq$|?;r{GpY4|s>5Us7tgG2CBLYEKAkj-;sQgy(PB
zBK#{7xy+5#E34qGpX4(9wsb9HO{4gY>`h6N{2EzK8e6B*;2P;8DNbCs7rL*n@GIE&
zxspDu`6I+gT~m1M$Gc46!x5yu3c*XVkH5n=?M@cK%QO{&ruCRxK15mGc(PeO6hTr5
z4hRJJH3L>0&#=7#`pR=HHeV_;pDLhd_2ceWhE6!GN?T6w@f2-07n4f4wKrvCdDnhY
zw94$|D(E(?RISL#j$O-|F`QR#k!O}A9JoA{V<4h&AkduMIc;(-29A!`eRN^E&X}l-
zVs7&f&N9brdRUyxC0?>J=p$&DgBy7sFPz9KfyLdTZ&LFp8#*~#Z^>+Hf+N|Gww|BW
z!CBk`-CHKOw$foR$fD`1I^^K#+X9cmhzjwY53S8Wgl|09;_|>6h4*UQPFJXV8PI<k
zx(b0Dqv{fCs&G+oUt3%nI*r9|ogAyKV1Ai+9$3|(_J0rJTtEx!4zdHpOg$4y24!PJ
zQUGY~ppzDkIu@yYEnWNCC|wx~h+cn}TJ-9>GMlYRNZBS|g4>}~&a6bqhm%2Afb`VC
zGsJ<5J;f)0d`_vD1+Qj=Cs7q{UMJ5SG)&qfjE35R*kMvheTZT*Q@FuhHwx<$FM}St
zIk{=<_4M7X6D-O$Y-~O|*M@)s-MEpkrM89H#{rIK3fzOLmLmf%Yj*bocVC<gqAh4i
z^stuE_2j-a`2z9S<ZVytI1lFMU`eOJ2o)lO3<Hq}V-icEY=;3@2?ot9RTESC2Jhra
z#v$QKy7-yTMgAlTCZEj%!eqdSe2AsKh1>~8g!$ix9?_x16~SQ4%c8c44N*!vK`TLb
zd7%x2S?U%FWFYd_;HnsR9`v9P!0q$II|fRAv7*hoA_2*I3?oBm84SA|ZlnSM4fLI(
zY)r!PQ!3UTdo;y<2L&mEv+w0$XkLmG!V*KWf)kDYaEF4$v@90LNK2-GW{BREz(>V#
zv;Z0U<;ZZ_scS@$95ZOH)PcU=-<#KSN!Y6sTLjvd6-Mf|?0OF`VyrG-ZI(R{mVSuk
zF2IaFXxgTZTjuGoZmIA7hPi12)cf_ZXIG(*pNGr)2DoiD_{UzANa0OHaIOfiDBOpM
z92V8BfLaMK`PRWa?4CJauktwV6!hJ08Qucjl`4V&e0+Sb`Ne9TiZXEwX0NF#jrJGU
zKow8AAJQi807pidYQ0Y%uGN-7wA&oA9wjpj8J3O1NS7OEG+7){FJM=`7g}5`!G!qK
z!m>l}<fSe}s5j8s4CYpt$7~oee4Eo%FFF-2D=T!l;`WqjYoNuF7!kC85tq9Kf)j&n
zL}f&G!CgRPds1I!6{m4IpNnX&3gdph-eXHO)-wU_*MVfb?%vJCv~CTH%N1(mO$v1R
zis>*gwekpOKI7vqZ93Y1Eg)m2YK7)*z876(@S4Q??%_#`lF)O*>SM{wu(+41`o=v-
zQDHRFmY4H=AOHS-rR)naFT4Dqg~ePF7rM}me3>KskQ!XUsZr<hA}vEh`Ni|W&Qgb=
z@90CF?b@@`WowHJw^FDTv3Xop#1{_n&}jS8mzNmJUR1j<dpRjW;+N?O`IB##7NyK6
zP33}I^8%B83O*=Uwz_Z;(ch|^ETd*&RIxdPI;7}xvC2kr+t-&Pnn##9R+HFU9Ple$
zm@VEpcr}I@u%Om(;T|MBQ}<x8&(N?uZ>R`uK^wVT3pLDg<T&|Xi>;(GeL4;mT5Z`x
zqUexUR40On_LLvZdMwrN3vjMTZL#b*BmgQ1^fYv2Nd;&=`H>QE<!X=WTD-@7eirE(
zax6`Tk35}df7evN@8Mf>Kcz16ecw7)u!5mxI~Q`)n`#p6T>+jG3bO@)EKaKL5eH&k
zM8y&4qLHNXfGSo%_{xj&K?H+|tiOa(E(p^Wt=(&Pt;Ew2TPdeL*hi7hmlGeu!Lz4Z
z+<MsOzM1FelB-B)T-}S)Hm_CF7}iuf2@`&yP*=JW{Z6&r*kv_b1SZ34WKl<_4e4S#
zw)|2EbNxmkCJ@F>6x_yUOF$~>6EX9Qv<OzJPK$a8j9i$WzN>x@IXog=yh5&#y)?mY
zm}(I@#mugzkwgjJ5ziRsp(f{S2ZJ>-uKB~)jxkl{-Oc`i$7C{Av1vfIhP^eRuv44&
zxt`P5_Kx(k2fE*uhWLHK7GrkoVP6c?t|Ed@xBiZz_l|*%7V4d-j=0iDPL^awG|5JA
zaCb~mVRjD!I^ySilA${P0!{W2nv{>=z^;rkDu8hZw>mdK5$(X&{Z2CN5tI4?+)h^r
z9qJJ;tMO<3rVG@$lu_=s6;3`2LYGyIV+1^N1A?8fHd`1KYKIlr{TfYJ7A{=!mvVs!
z(_?M=ZRYp=IcP57h<Zs3Fq=6;kze3ox>!>>Q>FBBs++OWciMjlc`d>0xRT20c4|Ih
zcUsZS5cc;AuJNX@Q0UMo3#>NAP0gxiB+{7HQ%VqN?EzB5ZcXy8`n5`xEycuJJe9R6
zKL;rp7X*!hiPAM1p9}`;sSw)GRL!p!m0Be(e%_OwDOe$?8@{~8Z^~*)NVV$6z^~mj
zOYK-`#ID5XVR{zuDZZY)+DdXmVHVJV-t1#=ceGpKQD;LGd|BVTT|d8VuR<{Sx|Vei
z+S>2@MQSAkkXuU;BwlgGS1iBJ;2kfd%TYukYf4@exT7{*wq`Mt%QSq8|Bxyw_jC=D
zu#3`DXco#cx!2YElX_|!D?v*R+$^9@QC&ELx47UQT<uG5&Z+;8qE_yGqdlhB6o#A1
z#(;)_jkJJq{qTl#U9?*EtEEg6o0D4P3VKkxI|wt(Ex3S>Af{}*L!0|?gzkmsa!ssN
zFDZ$~%+&}6-NX3z8k-2H>2;I)ra#h;Qp$u9SWr3HS8fB!b(HaG>HuRmmt79Ie$<#*
z*c!yd`*rJdS>83Hu*)2pP$80^b}Vikayuq7a^2{C=Nd#RR+$MN@~t#*clfKG0LNxD
z5fNVx&WuhUR(;;|CM8_uBbRuc0bj!c0wVdhNZQTL_>UmEOkL}>D=C8atAzHaR2pv>
zn(nOiRy?F+jy2o&Z*gDn`3FcHj2N>ysDrD^jt_j^`(jH@_cX1H>~>^x)Pr6C>lK3L
z3MNpiVmp;ANMqovcGW1#r927<kw^lY>kN`)hCfPlN~6On5IA#<D-Ef{@{LGwJe_Tr
z4uR+p)B&f{g7Qtti_?Xhrc{TT>Lf}%0j4CjtA?jh5^BCCSKyb3n3}`8@v{aw#RS%a
zq~tZyPMWI}P(#L2$eV|n_^GNOOL;TPI4YFR^R4(NRi_6~-}<NkT3{3Ms#q|{a=~+A
zeD5*MH3q@tFC0_Xg*Y+aJrna+Nw?(Pp>|WtDH=?6cgGpsO{9vxJOd1~AXrQ2!c|E0
z6%J6g<YB6ljlzrE3rKPK<Kj!0B8_3AmEf^qNU>!`+`b!PSVS<#(i=^9FCi(<he%mN
zxu+?cEiYoARI=?gSrJRj4hi?n2=3;8i=XZAq~xIjq7la^>c1pEOK0FA1C}Ag8HG0<
zTqfhegq1L1EumLSV;&XIwAj+H>82_@4pi?@R(#4rg)z!p*OJKhFQ8SX>JWycVHdy!
z*y#sBzKUnFXG%S@HvtLY?o@`wG}}@|>oCRNmZuYEXF(03ZJLn;U#J^hKrqkT&~9CH
z){cd4fDu3L-{l6kH?@YY_Yz*N5P_M__tkY#o;7a0P7I+q9)0fj95x+2173cg+YT>u
z26|>A28y_o?ca_qnu%N6j(ZKU)ym#%13c)PO&A;F=W-|_j(ta`+A;?HjK16`a0=nW
z_0e`+1hMpdFgz&lWDrq229%T{q<PhK9gG17l9b=c@A1$>-*(-#&ZaGrElbDlbXgy4
zBa#`*s!7V>@gW;G22sW(`!FY8)@418>$>(7+~z$=9h)3490?AmS!|Zw_BD@ZZ+-p#
z7gV0=()sZx>j)=TD6hTQ22nzv$FYeHva4P{52;#1@lJd8h-Ndq2D{@2F9eT$2p63(
z`1ktj!Fcud``;P8C>&l3g?6+PgY&ucW%m(Z2F2onZ7FQub-5&8ctjv+{vdMsYIuw|
zV5-DjPRJAUAF(X>4Lf}+B4slkYj7vB!KJ%GJe-OF!vY|(jlrn`a<zv0s6lu=KFj01
z)0+Nya|{%ZY81MkMc)zkJ9z6Yr;pZ2j^S0XtLPk0+|fsMm+FYwrbEG9b4`E=TSEK;
z^qejlPk%$v=c=ut+}!+-Hs~YfTDmjfT2LMdOevKwc2=@nR}x~|G(tf~wi8$^nMf%8
za}F}zd5Lhc_B^o-$tDi|?A(|*GSuOcI<tGaJyprmiP;VFrHkAU1h%N8O#KG_S>ITN
z(3wO^^6@l!WF|!t5)M$D$0nsuid3g60I|#(7!HXJ_2ptKkumCHB7k&;AK8(mL+u70
zMv<0lL$nX+B}wTK<G8C7GfqQ|mw8N9SJo;#)*$LAx_h{x>w7z2I{Sd+U91^C;x^^Z
zlEw5die0@|g!6fw2WM5f`1aijyiJWn=u9}K?4UoAElvTlebgYp#i3!NlpE!{aVWXw
zk(r`AZd;DpHBf^rq8)&gD6zi-rc#5qSi5+Ebn}UJWXgHVsGePxMOnQmInXJc)#*sI
z6U=Q%c&%UtFWdJb$oFboZx9Vp(0hvcy<Ss9?A_Og;ax?>iUyrStxo_sS{b=Iotkkv
z=|SdQFx+#zrsSQT51$dC0J`KhYozrsxKzc)p8j9yqo1oqvVVd-FctcD(yvm&#xrVR
ze#{0$;}DFZn#a1;_>P&|d`mvDkO5X1WnI|K-Phli?d=*9IwCh44ITo83oSm&WZ!>y
zPR5BS1AIK!C=g!AYQ?#gRZg0vXB-{C+=Dj&yA8i+6uqWh%O{xI-m~rJ<6cSh`lPAW
zo;h<+B3=7g*G+esPpZu|USEojxiaW00;6=oAkOs1HA13;v0!nT6qb-85&eKWur@pr
zA8O?qtF-*>YWfewLl}se(6SXw1trrluK2fG$oXe_gVtrN`?i2516Y!%0FAHZl1iR6
z9*D@Yu;N|}$1^rIz0MA@2qu}-jRMCAeRaYf49D*L%p2sa6p&RFH&cW*=ROXVK$qo+
z8;ijKcXLfMxU(}Jog%&*?X)+J1I$g8b2zcxAHMc$LWQ-dnG?rjM6R(4mY;gcp+TR}
zYiO3^s1Z`pwO;h<o$`0%8W<{%LEDYmo1JmMK^LoQO`5%1ir^bF8P&tZpI0|@8*$6h
zzR3sY@ZB6=Tnma0I<#Fxt|y%fO};3_{%DhTn1@6Ny2E~7wZZ~FBl{&4*#_^}NwzBt
zJ7uyM8Y1-QGy}p+0<re&f|rXv&z`}o%!O)k)rltwcA3v!|KkmuXI@+k_-UMIlsVFR
zYZy3!9O1^#WJ5g@EPyntkK%mF<RUVCQKN9;R$owPH)m0pRiT6d)(#CK{1V&L@P`ZO
zC28PjpC$Dz55IV*p%hqa=XCAPHlu9$p!RIvX>5_y#Gmfj1;{4xK(oAzM;LjyH}Gm&
z_rfGhctVaW+t`Juc$cmdy*ml5z~Ud@?~#20Y9R-Fc;;0adGE3C%-Zd2QpnP3ks$X2
z`Bcb}hjEW1RQbCsP?RZ%*v_t01R|`@;j;!~qN4!^{C=81&$}!}#}4<~B{&LC3)6V`
zowl#?DWjAY!|_@jByrpYSzJYt#TCo@KF}@~D9>|3+kViO$HeFD-FGkeB=2h-s&EI6
zx05NK0ho7f89D3<#~xKb_i%?|i3PjU3V-4Wuop%v<j{iW5ctGsA`a3iEk5FB`%%!v
z7&nLd&#b7IMg$R7LxbET;XI9pu+Xd(;%fPn5^{8!30MHr#B$M38W+I?WSk!DwNGco
zXHKQIOc24t)FB088iWoxX_UfsE@EJ+H7bW|+QLr887YUrDqY~m-E`cfdD-dKB44Z9
z7D4^AzE5uk--ev+apsZkrR&bW6hTS%tjR>^U}iAvAD0u*y~Lo>FPxF-15hJzCS9_k
zUA3T9OJKl5F@ASx<5%ah_BYS7ek_cRg}mHLzsXS7$1*=b@*EYh%)_pgbmUGu_2M`8
z5Vkmx;-!hXfxl#YH*~Y8GryczG*4rgB5_|WWujTJB*s&%QD1pw=EKYMKt(Yq*iLyy
z`cj?Q|4Cx(T6_#gqfCO%WS`s~o~}mfZ6KBv_8kW1b!l!G@!!irxH#zB*%>=H{#S^w
z=D5j*<UOVfh)-H|=BOvnklkat(fdGb5i0XUYM$v|34Uuq+Z!j8BKvZ4GRXF+zR6Ge
z;sdSa&5|vD*(YAC_ELG#9_j%72JJz?F34ocn!#;E929-9yoOkjW{f+@PDONFeR>E`
ztfJ#qaWzX&HA4Pp%_g9+Ek56PW4#*|G{vD!5pu6{4cw}kuMh#kt^Ly0jOsqdPxpXD
zxLVd&#PG0wppX4SNfN~}vGkJh#dyM*ABx^hf|L!CBwmk@jEDg09-R<B6=?)eANi<g
zw&Et_4Y6Q+o&Z%4Z@*2O#!3Ma^_D>OWU$mf3qBuas*$=t{}qWjOl}*+=G`eP<+c$<
zLs`fV1!<I`K&L6<PIo}PY7q>wb<9d;qwO4wC)Ka*xMyOBvGkot_Xd#ZBCt$JR{C>Z
zyhyMrbESm9s$?X|T-F7FAh}+`VTorn$f@bsnb>nUtAR6vJ2OBk{f%P7r0Y7DK)Yl>
z_IJl6MiYvz$j`K`$R>WMek@<)^?)dvP%&`>FRZL(H$a4yxC)S<jB)d~eU|{ExIjso
zt@tYpi&C$z?1t|IxSQ3ma8qYCe*a)=EbScVO@*#4fS#aMlkc1X+z{--<J;Z@Pl*2&
zm~YJU)GvAgD@d+>KyP~_)03|Oc4IUxDuvK@E9z$%?!6~gU?w5ba6W3*MgEH8GKHSc
zs3!*4`d#~}sZx|HR=dk`OjQ=-GQLbMqYDM^2ROTym=6VynZah*?!377mU3q{8<}^x
z+}d11d^;QQ@NPpwNu4Y1e88Lxj*l_XIYnDtwCAQe?Y`%@7kVttx4gJFv7o)+*X_$l
z{@kWqUK#WouF>=tRKYfl3`YIa*s|DxRSQuKW1__QGklTq!epGs$np$^q)}tvV7v10
zUW(MZAdaG;j_pu;M_ZUX@YXU^ArZ~d?v66+bIAl)-~<Uoi339SBFm0|F9>f#z}XqD
zKxnkl7^F;&K1abvQ&Qq-u3s>~)F;F=5nnu+VK|I=MVmf{zz{1zw)Cl5j^(G9Eb3>z
z2#@Cl^F|WztTK9@#y6|725&>jw<yfBcEwN@$dry?YO|%BLpzE^!0~{%Zv%To2ls(8
zt+R2cf(1odoj95Gj}XiqA3B^YOo4mDj^6sAzAO?P60bYoso#mZ)ZCBMxYBkfLI68c
zHVVzh{+#V-(%vCFBd`R-opv16Dc%rkZ!r{M)cS4F=_F!j$5buT8pX-;bG7dmV2>O!
z8j8V1CAG$%?qLknGUIZi0;=H+gFiyN=lF!8;S6md9->v?9y!u=lxKz0kmzQG8*3J@
zsN>fUl{QEV09IU*OUxODYYr*>5?rpQw8%<Q3cj03gU3kH7m}QT?>ueAfNHg(m<)l%
zIxcL8*#B5jEQDOhA~mu)nJC%|5jv1+66HWf#kQ<yM8qs{tZ}m@Eu@FJqBw*GMP)vp
z52ai4jFFjYGZTz>&1(Hnd>#SbX&i_)@SJS(vMG3K@A(M-bz?Gf>1t=Brw7BaC)GC>
zv<JVYCZ7B?gMl6+#j_V>Kp|&LFHCWj<$>mES&zsLzDg0>d-YNUfWs03s%09`=1?;P
z8OgNNvjhBE^aA-K<>TiALI4+2uN!f=DPDr+5^#{L%-vFSCFupcs#If-aH2VR+n^9#
zYd88Vvt+GwnQZ(*C3xtSCfbrIH)3pIq#FG2b7=!)G}DlGA)3%&BACr7+4RkrPPAK&
zB%1RomG&)NJBG*_s*}N0R$Z;3<-><SKFIXcS%&vN{Ws?%0~Q(medvKK#;Ii;rPgO~
zm~RhuH`h+%wM`_GFF01?4xq!zWRkMsCsB@Q<<7h04s^Zwq6sOcNWCvVel~VrpIdag
zTOguq8$Bm$JBJ6$b;J@~D^Mq}r(F|7v972X#rS#uqno&nO^ifGw*>{Dk@;@3;cuUE
z$X5PD&_k?AfSj&Gk-9X%rn~9FQxgdBq_>(cIiZ<z{DW+yICGQ~M|}wue1Y)?O6jm>
z*vgeT-HqrE<{q*sR5YzLHI&JvsG#HT8#izAW1mv=n__^0fF?kIfL>LzKn}+GM%Kpk
zPOeTWiX#r`3~;RvRIRwjWPZ|e8Ow`!i_6zBm}fY^nOH-H;rY#8#u$qOBZ8AR!SpGC
z_>hm<L4FP$sNRgxeyRSeVS&+t3o>j`pZzYZdYT;;zY|h))a~t^_VKLdSdNgz4NA>j
zIpwxX0593w)<x~n;~UA%ale*Aq|l8ieW-*v<p{e1w38T525y61)!&<41f|itMy&%g
zA<NP(1BMwhf9|Z_EgC@b*Iub)bn5`mKqM-Tl%pEfC=hA4tvmRpGQ$%hPv7U9!>GGe
z#Vv)*1w+2WxQysON8CcP4`Jrw$An?0rVc_c4T0Z4?ir)967S$rY<{7J9jm5>R@sb9
ziWrK%Su1nHwQ%O(=$S?HbkZ-%RD}U1jGcp8hzpysQFa5w{&2}FmJ^a(YE{cEpxlwJ
z;`GJ2)XBwsChJYaf3cT~dRAAF6YXJmEeX*8dt|kb5K?YF@-9XtFeL~FE0=3S|7>*0
zcVehon-y%~Jq+`y_l;HQw61n|bNxO2dkBt-AFX!>Uq+=CE$N1J<)wf@&_K~%zoTCp
z@gFaL{(e;_{<$Fm9Si(=YhZ5kx)l0fi`ObruNKwbF?bQ~j6intasT<Q|1<%z_WL!V
z^UK1{!Pd#v@VDKsPyGEzzes;<zm7EfN;9`Hv~o5w{>#yR{r&G&uc6AH+b^rfzgU^t
z+L~JZyYcIU(_f6KJboYYPvifL+Q8Z5FGKj_gn7RvTk^jCSHrv_{yLyMKiz+!=-d2R
z|Kj&`_yad%%!Oj`YcZMNEp93Bp9iIHXZ}YB_8a%>bpAS?zwZ6IK%TMxj5D;gwllXf
zcKBZ>tIz4>8vL5+ZuLs0`|lNdea-W0`v1Y%Svi}U|5-!q_elRZ@eeGJmol%pETONv
z)PF-qX8y}a?d;x&?B8;Ahh7@{xq*O~NB&68|1Ubvk0j@xxkkp0h7RU-PPPtjuj?P9
zeOou}H<e-aU#NepqV{&AZ>y*LW_s`bGxIOCRNeyL)+P82bUyrN;M*z%Z>evSj($^5
zZvL72zfzFiV&CRf{KgtQ{4@6d$g+3~ek-m14X%IrXYl_ew0=u|D`5OhE(K%yAD{Ks
zfjIs}&iI!2R!Z`l=mh)E#5cl{x6rq<>c63_82<wOpE>roytfaBzj<Or|IGXQqvBiU
l+YsTuOl!Xca;Coo4DwRouaBibKp3w-*{|<pD4AaO{vZBB{=5JH

literal 0
HcmV?d00001


From fa7b52b3576aeba803e8d1f921c29969b9d2c048 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Fri, 6 Mar 2026 21:30:23 +0530
Subject: [PATCH 552/591] Drop support for Android API levels 21-22 (#12676)

Google Play Services needs min Android API level of 23 (Android 6.0
Marshmallow).

Fixes [#11474](https://github.com/grpc/grpc-java/issues/11474).
---
 README.md                                                    | 2 +-
 android/build.gradle                                         | 2 +-
 binder/build.gradle                                          | 2 +-
 cronet/build.gradle                                          | 2 +-
 .../src/main/java/io/grpc/cronet/CronetChannelBuilder.java   | 5 +----
 examples/android/helloworld/app/build.gradle                 | 2 +-
 examples/android/routeguide/app/build.gradle                 | 2 +-
 7 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 47502009c3f..272f3e0a783 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ gRPC-Java - An RPC library and framework
 Supported Platforms
 -------------------
 
-gRPC-Java supports Java 8 and later. Android minSdkVersion 21 (Lollipop) and
+gRPC-Java supports Java 8 and later. Android minSdkVersion 23 (Marshmallow) and
 later are supported with [Java 8 language desugaring][android-java-8].
 
 TLS usage on Android typically requires Play Services Dynamic Security Provider.
diff --git a/android/build.gradle b/android/build.gradle
index d0ae3b9c886..e94bf03ff37 100644
--- a/android/build.gradle
+++ b/android/build.gradle
@@ -14,7 +14,7 @@ android {
     }
     compileSdkVersion 34
     defaultConfig {
-        minSdkVersion 22
+        minSdkVersion 23
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"
diff --git a/binder/build.gradle b/binder/build.gradle
index d1302ddfed0..3d743129420 100644
--- a/binder/build.gradle
+++ b/binder/build.gradle
@@ -13,7 +13,7 @@ android {
         targetCompatibility 1.8
     }
     defaultConfig {
-        minSdkVersion 22
+        minSdkVersion 23
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"
diff --git a/cronet/build.gradle b/cronet/build.gradle
index d6d773a97e4..e096761ddd2 100644
--- a/cronet/build.gradle
+++ b/cronet/build.gradle
@@ -14,7 +14,7 @@ android {
     namespace = 'io.grpc.cronet'
     compileSdkVersion 33
     defaultConfig {
-        minSdkVersion 22
+        minSdkVersion 23
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"
diff --git a/cronet/src/main/java/io/grpc/cronet/CronetChannelBuilder.java b/cronet/src/main/java/io/grpc/cronet/CronetChannelBuilder.java
index f42dabdd55a..7ea1bc891c2 100644
--- a/cronet/src/main/java/io/grpc/cronet/CronetChannelBuilder.java
+++ b/cronet/src/main/java/io/grpc/cronet/CronetChannelBuilder.java
@@ -21,7 +21,6 @@
 import static io.grpc.internal.GrpcUtil.DEFAULT_MAX_MESSAGE_SIZE;
 
 import android.net.Network;
-import android.os.Build;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.common.util.concurrent.MoreExecutors;
@@ -340,9 +339,7 @@ public BidirectionalStream.Builder newBidirectionalStreamBuilder(
         builder.setTrafficStatsUid(trafficStatsUid);
       }
       if (network != null) {
-        if (Build.VERSION.SDK_INT >= 23) {
-          builder.bindToNetwork(network.getNetworkHandle());
-        }
+        builder.bindToNetwork(network.getNetworkHandle());
       }
       return builder;
     }
diff --git a/examples/android/helloworld/app/build.gradle b/examples/android/helloworld/app/build.gradle
index 6308e03b6ac..d20bd03d1fc 100644
--- a/examples/android/helloworld/app/build.gradle
+++ b/examples/android/helloworld/app/build.gradle
@@ -10,7 +10,7 @@ android {
 
     defaultConfig {
         applicationId "io.grpc.helloworldexample"
-        minSdkVersion 21
+        minSdkVersion 23
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"
diff --git a/examples/android/routeguide/app/build.gradle b/examples/android/routeguide/app/build.gradle
index 78d309c166c..377cb417100 100644
--- a/examples/android/routeguide/app/build.gradle
+++ b/examples/android/routeguide/app/build.gradle
@@ -10,7 +10,7 @@ android {
 
     defaultConfig {
         applicationId "io.grpc.routeguideexample"
-        minSdkVersion 21
+        minSdkVersion 23
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"

From fc0842312dd4c9745bff354715844e58d9737f88 Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@engflow.com>
Date: Fri, 6 Mar 2026 10:26:06 -0800
Subject: [PATCH 553/591] remove checked-in protoc zip (#12675)

---
 protoc-29.4-linux-x86_64.zip | Bin 3288836 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 protoc-29.4-linux-x86_64.zip

diff --git a/protoc-29.4-linux-x86_64.zip b/protoc-29.4-linux-x86_64.zip
deleted file mode 100644
index 1d1f13996795703c5edc06d23503d48861bebee2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3288836
zcmZ6yWmH@3)-{Z~7I$~I;!caZyB8}C#odZK6qn+z#ogVZI0Scx0D*km&pGFQ$N2K&
z+B?bK$;_N{%{9g~vQ*@uVXz_o^Pu?e@jnNckAs<w1Dnc!uR!>CP65&6pFkYr%>m)`
zHwgmizgIZ9IJ!BSpLZd8sxLkA`by{%jynY_z!E^gSYsAz&cPv3bK5Jkhf&@YX(k{a
zr&1zvE+padg<5M8t7z1$R6605K_irL7fV`eGM5DgswD1)B4{M24g1<%bSWpf>fOKh
zymntbiENvvW;d?9Uo<Zp`CK$daIq*h7xT<pQ}R8o{3IH**=hA`i!4%%$-Taa=7h19
zHNXO1^bsI@PC^EAF~nsstBbe@c=x)fn%XE?sS&TQ#HkPuOkirYM-aSy8FF4K5yTm}
zc8T51>jqp=SA(6C0Xla<;lwL5jz#o%WA8K^E^1WCfHJGo3F)@XxpUBu+Xe!qO4YO(
zA<Mj|g9<iLiTS1UZ8hQ*Y#VH8-7N(Am0zzjV2ei4$^A{GnN#jqKpA3XX<YF_L@X^g
zx2m~T`o#-N=(1!@x;+j*ZpHD^GL*|ke&Ja}>!@>A)U*w5;(#5aw<hs{aeg7)eaU@l
z%Wm@TWx8a*QTa(g>HYcoPU$vWUUA7x!M!tMyA@oqRmCySwpx4sGWgWig}wavi~vlH
z(`5o#OjmXj6OgT^9KKR{%zwuq{P-Ez^Zx$wdUjRY^Z!2qZ;AFjS86#)8+NN;W84Zq
z(vQVkO{>`>PNCnoj?Mr|a6sGsDQ8@3Ld!zKLTf^{)QikoO$3=4Lm^r>9^##>O9uG8
zh=oJ>uFhtmix-+yRyY$wWKqMy6V7T#yckKA!N<*!r7Qp*JnSh9yU9Z3HH<q5E7zI1
zwL!Y(g~=@qosO&t^*l(Ukz!dEQV627VI^*5PUX*{X8vw2kvO^ri6WPe5JxMCgRm!-
z#+*m-fuT$i5Yqyx=2+14*UAg6!GlP~-sBkce}m+0j5)I}d&8QpjQEHmZLh>IFT?a0
zkonp#Qvd~oX6J*SR5bO@=bc~$ot}nQ5UzEe6A8@PG(os>pW59XwaCd^*WFqL64#fY
z^og5TuRsu__5hYFPgTMdSlA{8e^2Zd`2mb8C^O1s_zLy7(A8ej%7<aP{JT-|r=`)&
z)It{CsbvLb8=3b>b{HA2dRB#aaU|gi0W9H|U2ivyv)zs_57uGc3B#m3oa&%)M$)<{
z?J5AO_Tpyk44^l4?>m5CT<01WewGhFaZ-9AYmhra8c!Oh7#>sH`t;%&i8I~)71R!3
z5<S!+js@`5Kc6%=@_~<nJGO5Qlf|kJpQII_*nW;X1VtQX?W%-6te3|hwo1io+|EMO
zi0%40Yt`dcnYf~+d27)^M*ClQ(j#BI>&kwzs(Cm)x1XHmS{u}><jQv@oi%&N^ny5n
zCHn$xvA?pmu48E9-N&yyvuf^g*n9}=yd5S^&-7%SqxzW`zBridX~toVHM42}9ay<M
zhdj;?6RmSp73Z>SLkwNr2Dy=4AE^y{6rY`-KN-Xiy1;l84&wQ-{AG<v=6wd<-pnwz
zH(+sbZtjUi2TCWCm_^noOm@1F7mtm4S+3(Vjk8%s0KW<4b0@@cHic2k;d?MBsHA?|
z#=UqD(X2k<m1{n9qmmHf<`PLo+KGlJ)Yp1a7EV})(#n*nY(t%#!>Sx@dKh9hYV*r%
zh`Q9Dps(zI+_-VF@0zV)EOrbmW?ddHgOMxPS``BA{F`_HO}<8sRdw~hgJu@EbU*Jo
zi(I9^U9c}<ASc1rPmk-%eP``z6Z$fun}ZzW>K{<$>Ltf?TmW5V)@$Iv(FF5_8Ln$5
zvoy@?@mo;6Ko)Wnobu^disvHIre2R>yu+D8V-e3nTFNpouP!o)-wKo6Md2%XU3pzR
zwgJ_SMNgNo6fvaFq=+~%G>#X(&@Qe8-?Sb@piMPk<=rR+Q*&Um^AApWv0t}h)$p2_
zwVuUKSPFvS-#<hog_3tU@yRov;ezINt+50Nzq6J#U(HU5<qH{>VrI+NHwaVC$(f|%
z$+G#WU|fXjoHWKK^J$6q;ULmBB^wawC}KBt+az!XL~7Fbs``g}4z%Fwgvj4`p_$lj
zRXpF~hoh_nqCCC+eLN05Chxq6Y5SwF_fz2>c-173KIr_-Us0D5C|<27ByN_s*vc2#
zXmn#MJ{uRJlGfsDe&WsZbkriN@t1{<iK@DdE>ily=ezGIqFr+B9FILndXuEmkE?#D
z>%^IlJf*Y+@Kb9*1|5Q6r7XrHzcj;jrW5MuouA;Dj>~g`Z7{iNSSG}e)oo=#QD%e;
z<JV6T@X5ELJ;BT|67V!Fe(|oxPs#@@b-+(@GUxie-3HQLqnxYVyU&osp}3GAiE}o<
zuI*r3Ua&lg5s!4K3TJ2*w&dPJVI?bneTR-IYY;Qjqd@GHpebc6GJKS3MzE(UG80dC
zOh~}$G`Z`Y<w<WYCNBbpm{m9YJ<Elr3l|f6a3_nIE}OO6V9TXakS_D9eCJLpF<XIz
zK~Q4ksJ1v%M=r2|DadII<u}VacgFDglS1P)d^E*&wmu$$Q?_|{K<gBb;%g$@q)ouA
zTsw^v;4#>fMzZQpRB`aHI1-$VC1irQ#?Q`~%c4l9btGBi<E3dYKD{OvyuVfUNTsWG
z<mi|StMLIKRjq4RdOsPb2fRV?V9(kq&rwXa*0f{TpLdu3q9=9cLe`GaKgPC^-l;A*
ztbv{Aqh-zr(6&sRgAr?o4~DYTNyiY6$W8E}79>%f>ercN@ELmI=Bbw4Z8q-y3w)BD
zJMr}bJ@)(YO#&Z^h)b}7&;&|X8gG+XX61<I1XN&ur}Yrz{TxugvFU1-ZFApd>4Sw;
z!-D3QzuF<TFNm5o=|S{BMAVvU`OG0$u#r+!-{y^I)cLd5Ye5houJ`EoDbiq8!m4VT
zh%kbVO0<qz-02G<`V5pPiKjBkqM;BR4zdPhGm(mET~Hz`D>px)2GatKNu!uK;PAHt
z2Cw5%XzR0|q6M#UX&4$OiW59T4f+s`S~mYrA9!bB$d)hwB|{DWP%}C}$$HH5Imr?N
zEpmb$xZ@7hO`zC|TxjVez_|(EiirJjrO59PCmSaWrSOEkZG=`I1_#)oO)^QR*d|T~
z#@h*41C$}*ai9&NgE58&+v5cXzOe}?zHm=8>`y*p8oVYmL|S);6C57l8<+EzR%eZ<
z74F1T^8ukWdNeSrQNkS4&er5UrMy!J)il-=lkG}yB@o%G9GRpEHxCl;RzTUN>J^Ip
zHme7w-tf~?R!&P{9*^#z-jNXtj&t6dzpjiO#->G{L~9SCNkPI7C1fau+bPJeGRR_h
z!VZ|qy;V;`sBdE^=W9eogb$0seCLk+bVx&V_Y%pQ{oQtdfOZl$&DL2rRjD(;0-zKO
ziv3jfN>ki7!5g_mQCm8lD9Iq-Ew}7IKIE?hix-@KkxD+Pi)G(w<lL1kV=7K^wn+)G
zVdurcX#4vBnKi<apqCa$e>;B?SOT0b{6>1IXELP26$~&sy+6s;zS`5?Ku4=jR-o(=
zq&N>`fCs@xg5*TN+T<&jhZL>n`F3!*vv=GogHN<g<x@E|dA3+oK8q0McX4uot!p&P
zv~VUe4pc@smCTC1)?>c$tywd6(C34UooHqaY=Z_uQ;;&rX7xy>!;C)Ee{EZMX+GiH
zmRJ|u%9r+!uKmuOG^;R8vaLYI9K;ru&0h+o{~AR@XlhomQ(UpT{b<SeB#NXL{pu0`
zHykoG>`0tZ6X9kZQ|ZCC#<07I8TUKk&Q@N!lX8ZKbKZ+(=jZAcHV35%RL4+aVt27q
zT2FwHk8_?*s(w)FfL>(kqqTNut>8}u#SKTyCo$+7Rld3dh&F-*S3Cf)YjF;qF%IN$
z(5tMN&yWWe3vI_$!e0FhRV^8F-!m#8f^ze1&iseg**OdBlg=+$ZQBwgGdn2f=5b+h
z#m5lyghm0VG>EumB)G6mKYk~|zkA13O`38=jjRwM)bwYsNEI2!<@MKOo3MsdG(6jl
zB$cPL?P_kq*XQpCCX}bK>bAW~>vP4xvLKV#UV|-NzYX1|WGcN1dZOOv+IC7%>?dKO
zNKs+K<Y+k7_MEd;>C-u};9t+Ba7bF9&#a+5kW&}X``<d!d5Fq#TLZMY4dXech^#wr
znuHcoW{9c~9f!a)Q7=xp<^=5WX8;nvg0{iU!JM2G!W*xMU22t+pYFxU;bT4+w7((a
ze?c`WY_r1nVX<FH97Ow7PXbnwc6%YF&8m#%x4gJa;+-#1dntv_Iv_V5|Ij1UR_hHe
zh&4i@eq)qZ8?tqEc4vy#`GzSx?Z`a~d)a_597kK#{~n<}WY*YNm`Gnh#f{?;J=8|W
zSHo)ZS&RP?uB@xeE-ub3Rqp4Y$pjO;i}DeME0nw%0s-zbukN6F_Z&63XgO*TH<Qf0
zLbd`tB7O}#LR*g+gUzTCzL=~0%|^??SMnXg%El;nv(!fK^2VB1wZ_I8qO0ZLlWh0u
zv>$HEn|&QU5|WE2z|PJ6qGG>4j*Q{K0>XJ73L$ic&z-8r^8}&3+iG2nmquG%S^G5C
zUV@{tlzF_6;?6J@hj(cqDa9<=?zAFT=6nw~)aD2ZjFCWWkt<Z{71NM*y#-H_O=us|
zza{RMYJjD<lAzth$FadIIg4Mbzsfh2h#7kjk|8OQX0~ChB5~f~r&u>Nw7G(@&_8Kh
z67=8ei-5zv;x_?>Fy#-Xe}7{1$hXqpq`elz-Kwrp=vv}I$Nj9iD1Nl0YgnS=T{BVJ
z?5$XD;c&`xa$_A1n;`t@-a74=qZVT2*LJwuIn+GY=pR@G2TkEY4@InsHs>mX->!tj
zEtJqcCgida4|g*N)s(Z}kf<)4o6=*8ps8-2;R{ID>sjAR3F{Uo_@do25X>8`qng%z
zkr8ACmr@n_%wYR64=DB+^T6~NP8968afrEVn*tq5pNTn$92uth3mVb?v~#7ZE+R3x
z+4jrzc|lG7fl&BGAU|Wi2sc>^oB9iJYMR=?U#P5t${ZSBX(Pu6N}2cAx~SfO`(UvK
zqh#?`^*v3ULM#6<^3`q<BrPD_Hb2Vdib_DB&2p?m@^-hB5vQwN2pwcS{m!d0Zr8tx
zID+kZGRe0Q<X4BhQglmZLt^Dz_cPq-cgFha`S^0;k5a>5e?-bM<q3OwDgBWtiuq>8
zSI*ZViQRTSebScunuVx>!Iq4)hXThNWl(MF!Rw;n&SPvg8r}voxis2o%A3KPUA0+V
z-@>gWkeR%*OR-l4wi6d({%Q5YGL2=wC?pKJwHH0ISu6qM)Qv?nMKnjhpWeppd#B3x
zHsYyvo2O8C+5Sd-I%`j>>OTA6XSbM4uic?B_hd<P!^asSQx(>xA^(d^H~6kh-@uxb
zC+ncDe8B_!TA~ybk@<}FHuFuH2pqDi?(g*2lrWupsWOvG%rTo?C`AZMt6&dy>gR6V
zMO04*KVX$Kfc^Wa-{(S442k*BHv9W7z8BK9BoP!X1@JgC0wsi<Gv5Nf147a6PXqWp
z2rDxMGv0Y8bNmk+1U&=>8IF{O>)ICZ4Bpz3@7+I^0<~Ph-LIc=1Wy>pHf%7n1p8pd
zf^#+J==oL=r*psd4kCTi1i$Uua4F?}tsh&k|E9DSFTqv%WO4}egEK$Y!sk{I+*2&p
z=zLz=2L(_qpE|QK_=Xv$Ge7$_mc6r?<K>4*Jl+`fIfTyBwAm=oN-16m<99K<616M#
zW@2F@gSQbzmoQ2-Y|}ligTEN=bhHqmbjo5iVVPr%;vQ0w<=<w64#&qg{tgmRI#(p6
zh&brd#9rC8S33bZ%^hWicVFajSuRy2f?OI91gv3wGeZX9>-RqQQcWRyteHKfn=dC%
zl4IHS<NSR*r4U~wvOI@qUy2;jX<fZYrPFp;Dj{J5Q(DOyU~W3^8O9pWi)~wqZSh>9
z#T)N54iuDS4u;Db8mZTN^e`rhP|GGo=bUyH9XsK?MIoL)<9{dX%WN7smzmAG-O?SZ
z(5EF46(4kJAF|F7ribABUX@0)_sp1NES#%T>y-YzOSnU#f?3M-JG5VM4LQ8`zDEzW
zD{O->O{{t6{hA2l+z>3MdvN865^?Y`4);?pYo)Vxor0|<eIUn`B<!C68Kr15m52_1
zJic<`=d8DrBDK9I9ex|^D3X}{fPr{0OoL8OeCAHG_QL4gf;V}Ww|0(aT-m&?EgD8;
zB?r!BCfzExc2T7V3gjz!53=TiYrKgAq06-B$PrnG1SY<)Uq>x9*3#ZD1K~t{+M$Lf
zwE6N#y2#_p`Dj#j<KW3J*3^N|=yHvOfeKPG{1z7bdHZ*1M)HTgYzDtwkSoiwQEOG&
z&U9azwfhf#kSqKi_yt$QK@wy$k-x#Ty&SO-kzm@eq0TFInM$PL@F_XDcYnCPiFCn8
znYbmau|3^-PO{1@Q%i5v4q@!bx*PWv_Q{OpAz!1Ko8-3Mw9**uP=7NTMPR(wY*yAL
zW}qg0fREXNSglD-ISs7E7r~B7*a)IwgXht(c50_v+DS|wu+5*%Z=yR$AfBdB2=UPM
zmmW>u+RmDcy=w-gxrHLDsqF=Y3O;c@Oti|a3EC|e1+6BdYV9fdq_|1bGy_cY0cgI#
zJAd#Mg6ELEnsLS~LNE`_xuqTip)U0hWcFRlpq>pAKZ#Y{4;!J#MVtE_c`>@vO>{xK
z;w>0dEAPOE!*^Mqqz}x-PRk|-mbx7hRg8z>Li3-TtFE0&KB}1o&^|aXBHk~`twXZ9
zM||IgwlC-%c2wDcJ>h_mAtP0!O;5S1%`eubdPD*NeeL0rve9DVmBxoVseV1NPINR&
zPZNcCefibW5G!%_M-6291r(QP7DV24|4C!NExjy))e1*XV&2qp=B<p;2OD8thxwHq
zG|S$4TPaE=buMk4wWeau=T9h{AoIN>#WSzzTAII|*8kxM+MMqDkuY0{X%RPB&X6oG
zA(b%zZU-Z-c-~M4`l(lDQb>vGO%!^UhWgwxl#yI0E|iU+00Dt58=^lVrj7tXSH?30
za|@;)mb%I;bV=-QSm<-gP8R&{s>P!(t8($$?`^5!rW4tnh4^h(DJ5iTsJ-Sv<QD;u
zgu7XIPC{T{lu+(=70{JJ#0=AIvOCs>s>+i>ks%-VtG><WT|bhgA1sTzVRy29V=*gc
zv*UCE0$q`47Pe!>+~g$~nZn^Ohn=?;&w2qU7nlnOG^@R<Sv#qIHYi2K0r^I@kn{cQ
z&u4G71udjziTM@eEIPdbVuUx_cI_<+)hBqCa*CqN1MgmC6pBxpiwpOpB{s@oC1RL^
zdDN~17oV18){qDx5<T%pIBj$3ZZPWY@yoFW-mirQw&;rqif1CIi)i7f<$rO;N@^}w
zR8*zLr2sH+>+Cpk&sj8=e`qtr#tNqooGW2z*@5-vBZVmtrTeAeQ31x0w5`#we=eo=
z*ipAv@5pSeQC8~W<p$yu20DFbujfLLP!+)$;Q-PK(@WRM5+b=WMPwpW>LBkIS2qJj
zlY3|8oPl{Jg6YBI1p;Bn`T3)*mn93Flt0AzlG5A@<U8L8g=T-oDIRU6nClPU;1?AW
z1oS#{?zJw-^E)K*=Ps(mo#BtnZ>H?o?*F|+=lg6)T*@AYl}KgOAFet1@%o=&4l-u>
ztl`$}kPVNN?cCQAGWsX_;kUz6jHj9yAECYXJKJHyiB|3E5_hjD`32H6qp|t0%CT0A
z0Hoks*|;Cs?kR_2dN{wUi<(B1pe~TVHmd8n4%(YEG0SzlAkQwdXU5K})qh9(O{2Qz
zDB}|~hm!J$l}0jR-M(Zq=m-<{qAbBt?UWNekA*LsHdjetI5Ds3lDTUul+v9uX9wk0
z==^hTh3kdl>l6En+*dY>6R(eVjm+<v@p4wbgTG_QTD3dTrkzso=1R~F+KrDCzoV+5
zhS~<{5+xP5<s<3xc$j7_ml_*=IWAv{@y$+(ucqwOTokU9_(Z|z8wt%ewd%W`%~NS@
z*xmib?_hyaZ{$nNJHzi<^ZW9c?zp)-{LMc|M`h6{_47lNrzKrvGJBw6&$Ow!J$x;)
z!8ES(LpN{VKnjOQPJm%JkP@v`SlR|Q<_|^gX@9+%k5n3**SmyJW!D&Bh&9SHp5n3L
zo=Kd4EXIn|`l3VXvVot<4{qqq5wMz7)r%F=mlfkI^4kiAz;Nvgfv^R^=yN<ShMyb*
zeH=~=L&1qo;^V@3bqInXvdu~HW~)toe0Yf7^21DR(dh61{hc|pVV3xUkM4_bT2FMb
zvFXVav*Gl-WBvW-H2=6_<;MF@X(GMz$`iK{3-?qFzG<Q{#Xb!napujm;;Y1iMmH;6
z5&4#cgU0)690d{iJgbx8jH-8L!-?Cc8uH3&XZt@1kx+&;eV}~-`(hR*ok8E?IK3B^
z!372*CWA|%5nyT~l)O$m-GC@bKR6gUMtZ+V=>;tv#Z9pezEO=_o)CK+Or6pbR29J9
zbBFZhyNRFbI{5>@g$HMEbnbvV?l|?P@Vi&YjhXAfu{P1yqfpuJC}-Ob8v8K^ZVE}u
z#^!r(M~i}7>FPa3W5=s8xq}~zNZj1RM93T1^)UVozCp*-^sflYt50`~UykV&iCjDf
zO1<dMUn3YiesFN+LmFQ@oOy-)dy>=i(v{s`-z$ij7;DwW$hZcf!aXC3t>6xh@n`-*
zLQB^7yKBbbH0nZ9nX_kckj@+%hQxFVGW>2?VArbio24)gf4uKJ;OQ%t2X=1>@5rKT
zolb~u`yl(0gyw;QdyxfLq&@p`^znV6b2&UU5xP_RD;YW&5z_m2z!0roDVm+Cp{^No
z8EVsbMg91_YB?uvr$(%AKC9#wnvGG5XU#6{k$gBv$wZ87GDJ2UvdQTs`{@_}4=>$>
zZ56s*?PE$15<$;0h5sHwPkc6`|56_O^BdD(E%br5<nx6oNUjIz)~+8YTym(50pJxF
zykf3)?6>W&&Ae%h0AAz|6{XqwmtgdiVf5sr7=J#{9sv?afWEQ&4^7N#h-G&g)D|WG
z!VdQ~&yce{n9g53at%={RVxom$(WWecBny->ynC=MK6D5LAW6z2H?q7XJ62Q0Qf!9
z5}@}npy7<>%^3;6gMx1K%BO_vz{(7y7YdBE0EwvF33gJAUR_}Hcx0rj`S0QP7~+Wg
zW5#R`ZtSE+2a_}@)38zHk|cDPn36BT;_cF|SgB~8!lCY*d5>TmC=J;Ds+6B=qb8*z
zg4u)hNx^Q3tqyRVKbC|W-fIQ7#9n~MG<cbhPad~ZtDD3yEyh-chR(it#|e?8im^8B
zR`&w4zZevb9R3+-Z~^~N<Fz@$!i_Tsf{5PPOawfOmE>-i_zoZXBNZ+!6}Szk+EJ}l
zuSGRKRynr8GF`1EL=;W|s8xpbMGRYDe@QU3a}nAk;3hR2>L!TCSZqekd_wfp1{0hN
zTr_DV7HO4xqMcE3zOyI}2)lRSHu_A~B@n*D3__`KoWxzY)wtPLz&bj<9hJ!5s`Jj~
zcN7OmH2?BfVB2?{p7_{&=fI`8$Z??9Kj=+szROuJXE|a<{c{&S^DgwG<_6CE2=vdH
z2xc&PvC|t9j7Uu*%FHEkuxOwWClPmYoC6)6>JJh*Siyu_j=Z<$G;NkkwrUZEt0a<*
z$D=QD<2YFk_QhDm71gtTVhP{nP4tqxsTG&M%?0#&3)s4z;VnJ1S&m*Fnr*lW26@#C
z>7BGqX?^NkGg40T2+s7UyxN-TmN6_ftM44b|NC;(|7ICwd##4DF8+f5jr=`878x(u
zk8tJ%{~-G|uc!XK=hqZNx}O4~BwjNA@wg6+Kia@H%^uk|AR2b<VP60B3ZCk-t^cO(
zJLY5yU}`XFc<xJP6Dr%36k&hORCeP0*<|)T`{g3)cX~mzM&q^c4!NVWCXRIJ31#bj
z7J;ns=XXTW{Z;tw%*OJf=(pIgTxq<yi`#l;VPDK2S$o~zZ-JxEWLr3fz1U2vYk~Vy
z+G4k8-;X_r#{EefYsKTPuK5|CH?$Z}79|*;>C)aI=g$ib3%TR2<qrBi`#d8$!{=~x
z0Q@Jf0zw0Je(y--+LExBy-?AKqDG?&Mhe9kE;KV>BF!UAT7MLED}4D<mO+NRJWaou
zQq)Bj39iuOAALwFYkyT9Wzia-^USgqS#6}(2jsVGhmJ_PVXD<U5OEsBD}k)4mXChp
zpa4kCl3&Fh%;e+1Tv}zJ7r%vmy@She3uWomP1R;xR7-shAI5#4o^e6a2&e2o#=ct`
zX(xHB!OJ4_`3tKFQv`=Lef}Mk0FRRS2`=*+g#31<@`AAL3kXC$z%Y9K*LMT_y5F;P
zB+{kZHS_lN?V#J1p@_!cL-KW_JO1p#wbW1IfrQ(*p33<CCZO8JMOe|NlKUbsQ$%$m
zp(NzYuKm)y;w00ng2c<_sg}E!`Iq!c@74FhlMI*417(vFOXdJ;e7cR58ql%m#)|)U
z^}pSZWs2i^x}WF#F3|Ioj*4(dhq@o{*%1TkYTxFhn<|L%G%q?w-bx8^{qRe6N5~j?
ze2*k6Oi^q-D`W~xy><hNC}y~0{L>zi#r@^Va^&qdo+WMf7F=z5jwf%?>p=Qsv!L6y
zd%1d(PP9hC6X+<$Y$jztET_|G4_n5P;QC0?le4M5)obK9H%^N0qWCSg(z~v<r9r3_
zRi-p<^R*#k$L?jxE^dUV@@9QqI`Qf!QEm-rvN~UAxxJ%O4$qO4ih1!DMhEt(Zy+_r
zqQoqv^@p;gbnoaJfr7SGwWZGRYCBMEqC;_n>BWb6P15pov^snN>NWuKojceruh7L^
zA({FeuG}Ul4<3Uco;OLH+0Qyb@jWP7I|^z#u+t6x?1SR#)FlZeSC%Js`qu44B{tap
z0j|)dk3)p`0b4K>^W)(SM<$OPqc@75=gK-9xuU^8aKXCX5hQOpa)f^|D!o<$m;C6<
zT_sodIM(BmvL)${dN`)zIc3dty<2mp?AILnx>XB<yd}!E;wExl$(7g6!@BD+1Ga|p
zT5gWqL0$v_NY^7_q7yfCcmcS(GmXGIly?wGK*`<=HpmMmV0dqa9z+l)DtSYP6QBU(
zf(Rh(&65J1got)smlD0Z1?SBHzTA}DNlDESTx4yG4pK>6*48?E!tYLR2lm!7U;-EI
zB44qDgFE)JFbNHgyZ8dR<l?r1Jtdgw*jQ6aYQ}nfpx66^82-R(4>&{LGzZ05_wkKk
zSj7W31Jp-ZzWl+WOGl_V%;`+#%VMgaBUZzDs<q8Ns(-=)8frEtQZ>a1CXqF_)U}3P
zP4R0JO~oo)URi(p@dXzF@@o7(ut(CxSX$rJq-E8Mr61EC^J&ERj+Z6=5_wf3e*+vT
z*brbcGf$hqtc-sDu+r;RBjpso)CTwMF?)zc>wJ9DJNfPlS_6R3d@JrL@phfBG=;o%
z4e_#oP<;Q{9^Ee63M+dhQ^;=gX;M)5`mDCc;ZM^;vX2?FS(~de`Fmi=d~5p5-wQC3
z+WT$NTqJ3wrzVDS#)#gK<CuCTPEg&G)^&$~!Nzy2Cj{-s)s1-A4RlzS8rDPY?7i#m
zQ!BCkFO{BixW)`Wt(XBb!9FrpeY%Fwe#)c5u}{NDH`>>jE_+vxg8A;(Ut)t@n+wpc
zwjN)-VRoz?X<Hl5LV;?1tLOe`com(B8+KUIK7%o})zj)ct=|!jBV1}?YVB+0NKMB@
zvOIfB+P-ngxi*IO=4!6>YJc|7GdZXW+@qi_p;^|`TD?Tof%XaQ-C9gt<MwFGEq}(5
z_xt9rebh;HSLjm1=Drd1#XT^H@-VgC$_`ZTC4H`{WgSW1D-6X|;{qlM*4c}%i`)@c
zCPwlRap7*%$sgrBV9_bpAA(-A0MOK}xiPTwB{Q|dGs+t6tFp52SV|o8885<9QA!=^
zCWP~Mym9mi3&0m@LT;62#^breING8S+~%!WL+dZW8aPl3HZ63P!#+8^m$}GmK#oM=
zMEQgOEyC$W`$e#IM^^#0$bj7$S)I|Ya8&k|WO7pM!SqCX0A~3^B+4~i()iOgTlzkz
zu-+;uJXAcSiN?zc%4VV~7?@=OdO=@TGqGPqS#zlfY7tOg26lu|%RRbl`8r{lv!;$8
zY5wNjMdqCTo3AuaVi+!QTR3$QcrfSC*TxH>L|8V-p1YI2D|tIBz;XGkS&}W5Yz2>K
z<Vei!{8AXkfWtnB5)QVnk=@P|)6DV&0lop+4g*>Id7GMXP%OaIewvLxn^LC;pJz;o
zxVfr9%U*}Hb!X-)HN=D%P^s_1*_BTgI~QF&me=J*S;sWKp<-bWHE2E4m5?vTWnP*M
z%T1j8!&ei6P)w>LITi>dJbrKX=jBD3a}lTS5hC}`V#VmF_(k^x9dK{u=tEs#(Yu27
zr}yn=m8BbSqe#m2OWyPBRvZ|7UBKb^UVtvX&wJGy)Vn0(bQu>~-|JrMqmz1Pn{4GH
z30heIZa<D?{?c$pm-2N5kxn^&Ge^x+J&zCM#_gx`Tr1#RE|3f+S{|P>hM(IOrZX9D
zgQWm7eY&;kpM;QjN2GYydoyv2?LjDb4)}Cl;B4xN!4+qQwYO1mk%NC6ulFThv1*K6
zYlg(mT`sYl_2-SsZTJ^#2fn1l_k8+AaVn+5gaYCPeX76bQ1wStkkp_3A3J++Voxop
zE0obp!~)3tdlQx>6I`?hO=lR5O0ewDlL>B0zpB+nB&uLYUnP1!pg)eeoF`vBjfm*V
zzZCt_W9&k*vAa~PYX5bbflRdudrV43GQ<$R!B%xSH_JASFpb62>ai5^1DS1YTW2ld
zz(skqgb1qSl~e%_u|z-g4WJO)!xI;8Xk<y!KXD|i?A@<RwDp@bVSEk!pzhU6_!tmu
zcTehc4b$iKS<UH%GRU%M%JYGs4=`WU9>&P!t;E!~^!NN;%0l4=#aUN~wmz|ksJph1
zLBvVVZ$Wougwzt!%vIaAd{x&2JumYVlZZkd4DTgPZ103iQF57RG-7lrw;2+rU+rRW
zM}Ldbjk5xGsasDqHg&a9to=5?@4GZ1k@GuR%pr{=R$-9N9coh&^B9^NG61;`hoY6s
z6mEW;mar4(_9fB_#jlR6Won=;6H$8vBkPQn$jf`rBK$_%CpyAlth72v?F695bR;UR
z<z-<E8q^Du`6V(gVGfIjPxpncm8vqd*CBz$6SE(d?2<ee=JuxM9JH30;cFz1`uQ7w
zm9#%@cB$R$gHAFYGJ9>iVsc(umJn(t$YXv#*yqzd?h#urV7B6i*Xu?6zQNfUer}_N
zYy3c~ttS-%Z=6Gk=FHb$x3(9t1q+YvO`l>S4sA^flam)$Ab&^k_8X^Zo5qi~t*y-A
zC&hx+G3L0fjPh%#kZ5z?pR`U#-4^$Z;rWAG*SGMwOx;PYQ+Q9A2FWO&vQ~J)#cgVw
z>HPAKbySzL9G&NTM2D{(SM+mu%@2Q2KE0c7xlQ`S?Pomm6u%?fl@eaVjWs0w=pCc+
z#Y1M*EA&tPmgphS#H{DDBH#e;$E*EZ{6tLXJM_!(*iOq~P1rYG$m}*TxMQK!Xx|-0
z4b{uHZ$h{gf7`3+?l&gAXJKt2V@?)soU(~$JXDX|aINN^IYGBrP#*c7RoP8<E_PmV
z?^D{%R~~=50Xq8Y6(oZ0NJ8V@>ue}vhP?ogR#@K1wdQvCo^kpO(UK?AK&|$U)j06k
z))zi}Mr-GF!n2a_>Pq~E7FOizaEta{kBMgvRDdV)!0ThhwL^IA7Ev6yC1$%|ShW8-
z3<(59z*ceNM<5~{M8>!`Qh7r>V8wV%V&U6K*fS$`;|=?M{w=)cB^C*cHn8IR`#ONY
zxL|n3^k3vGD8~7{$_Y1Ii@?t){{#N+=5Yu{0yQf(fGcnEID|@jwa0;EJzBfkoI+dZ
zn1^6a|KEh7xw|V&*Ibq$U!HE>0V}5KH_J}V*q*J}=N>3Bs=f8f8)L3cr65sI!8zEt
z{Q8Wb`-LeCJOL!J1<8f8Y3$&QdaA~f&0O;%fm8@Yjbg8+t}~E);R(oUhmEhsLB>I%
zuR-VFRNGf}U&Z2nu%&MpA((c+2OFr#>0eC<<{rSKzs9lvq44;#4_Gl=cUg9-#;$Pq
z215m0Z2yB>^eh9+be+oiK7xevZXRA+p#toQ*)AIvB=GNo5>+3b(cY8h@cjd|Z9J^M
z1SCaqRNFDP@b%&8{)2oM0Q-LZbrt+nc5U=Q_&==mNX7=l?jqv=VL6R7_N>@_<Df(}
zhU2yOUb%crpti+_Kd4tEFskj%+a!PO(GC+`%Xse5-UV}ZOT=yuUX#N5r^Xmp4zrm8
zp<w-kWAX}y(XD{Yu-z>&ycIXz;mRsIwOwqlJ%nI=x)17oi(|m`24UM%*O~`N;D3Aq
zOvnEhb}8q-u>JoZY>t65Y~aAv*t>B_KiT;xs7K-B+x;U5dxHLjeZ=)I><G?(VS8|P
z8hwz>whETl1R7siyc<{i$0h+||Kb)MxrRjo!4Qak(2%m*hz;E0+$tNUWB)(84OhWS
zo~Q$^|A8$Pw!Izn91!^-8EDwaw`7Nu&+lv@d-1J91fk}#5!RUPFS<;JZyg5hS=(UL
zqSTCn11(+K3iZxeiTj?(LmJgY*7Uw5!~R3s0m0JCD!zz#P|u@s+q<nVUHB0;P>uk+
z=YaF>>!StUjCz>>#@cp9{A)yi=zop);qm1E`tT0lsI-^NU-}X}boxLvppD1$^5KMn
zVGk3a1gw8h4BnDw0Q1?0;s4Kv;NV>@93UE}h*7Ku*Z(nt-UjwrJmU?gn?VlyxU*Je
z@0GJtI>?x2Z>8d+-v0HWvEV<_ITAQ(>}{I@VPN0ayg!%$@}tZ!{GSggA6{a2E2FUA
z+4ep}xBs7@=pzw5=8KyrI{JDpnS~ZmEDRa>CaSpDNhNR4Y<%emM#>VC0!sd6xnyU%
z`X$FOj!~q#$XkHZ>97QSVy2(yL#rFEpLTwkxUwk(Q-S0;APpdZd{7?fz7K!-lnA}s
zs9HFo)QH%Zj*{Kty6#q@c_pg^<2=ZXC|V@W({hc35GJ}JM!z!dbHNap$RJY=DXHp+
zAIPh{#ezJ^f~MYzw46i<q_>byd1N=QmQ9>(%r41Y^v6aGUJ_O%sr|$m+oUBGmfUc<
za&|gYZHTwS{u)nIm2DSagIg@XV6`P9(Lbi|;Qv*yWB3#Ob)^MJkH??lU*@)kuXX=R
zoZx>dSn(g?GM6X8IR7U&9-}YGfVN-3KZU3oTWbP*KmsWch#JQR<m@)$0N**cDuzYJ
zuKyRA$prrhZbUZ%p3wvzqQuWghYtN;35zaA4F&v1av%#z-tS)Y)SJB}AaVGN#*W}9
z(38g>X5b75*yuR=-lHCNHGIt@i1VQq(;`sbgB`5Bqdf*}w)JKB7x=qn_>9_)&xGek
z9LDZqVFT@IC*Es^MMwV|_8SHLb_CtF5&zV}SDyEgw10k32B&{FA=vTXu+JO#7x)p!
zKZ)6?^$5N=eMTS9cGUhSvkHbk!c!&4n0)UGk4WUMD>krz)8Chm^lN%EnaI?0_tRt0
zwL{?@V%vMvEr-kVqpep`+|oyWf-()jGmCdPZSQ#ur)+y3WjCDQ{~8`>@`m%zr*sm6
zS^sSqS0<iaPyvscZD2?B-39#aZ&`&Od5y#)lC~?11Y#uU(TYvK(EVS#@SDv2pJ@Me
zJCh4od++Ff?V@GtE4ZRM>OW?Wzz6?NvM2U`(+dxOtEhKm6!>Th+H3d->j>ktH?TU+
zyGVHLyT*Ugi;Us52dYPGINBCOk^9kE{u8>wD0$_*9tk%$Eqfo`bEYQo4UC23PxaB^
z3jZ&<dhgZ?ji7yVN4BiZ5T)qwsEeA?lWwrS92N7jJeiJWA`eE2yb%h>d!T2B=likI
zU~$|?E@-^sDfs`9@DI@K)~v40-Bm>Ljfrur9R@E4H}^mV0BPFZM76G-ID8*Qq8`(4
z1Q&s*D8^;IYza4ogra%>m8FwVH09s?=t<uF_|>a;2ajNxF7Q%zGg$hcJ8}Mrtp71;
zJo9g|=1u)u2I~Kby<lSSB5?VC`5}SxuEB*1M#8yK9{$J}VU!-Dpge}Xqskj;0ulY7
zE4ICATM%tHFT*tlXLlFjhpz-+-<>|1sQ%&}^oN;L|6?XA4&Q?RQrh+ZYCz`S8hDQ=
z`NyV>GZXJUy29HX@z3CI|1@qSo^I&>_FsEG(jIBP*q$8*fIz?ZCQ+(I-j|cDG7TYE
zMl!M`e5Kvq0da4?&s)6MOC-}LRz6Y^Bl@8T$S+2Yx3ZEZ{b9hIOiAUpo=^wJK05eP
z4~Bi0BtB^={?Z_eG){h{j7bezSj+h$1zLt=L{nKWQM^1?&BBV*G0Aa@RL(Z(jC=az
z_0+Nc@B_SKoU+t$i#Sex<%~%!+ES)u-SK@sOHTC+>=fB#&J64{W<*EPTj7b%9vyvc
z8*e2!euNP#Gv2y<CtK(Xa~FDZ#K?z%%3_x&qYusD1_o^Tq=u>9^vSfAoU$1TDztkk
zvR#}6l?taRvelep49V^-<)S|2f;xRTmTSV%uFE#S&gK0^)Yx;y6FfI3w(25;?Q>>D
z|G{CL#M;EjVl`UY>jey8j2sg6^#B3?$NviKfF7ZsK%H)CXA|xO-~sS0!f>|Ug}w6c
zO3X$rLz-Z~Vb3e9W4Qs7L0g<MqMgGbz-QAnHzy}Cz(tnqwym9%$x(PJ!&S+pzgs}2
z3ytBpQHgH{HTw0G{03?McIIYASZYgx84<8q9cVGmKZM!4DQsPUyH7qRVdywVYl$<c
z4LZ8M+RvWnYkGe5a;B)e{i>-s-5=i!>#Mvg7!!&5S!B3E@sWuF(iDc-<YPmH;&x^e
z)|a{Fv$jwppKqvzY|_wDx$6yc{-&Q5hX}dZ7G|Vs5l>s5(uSe$=W#E}HM0%-0E5oc
z+}iq|K0uGpZqC`k89R8SAa0sG56GU<hzG$~V|u1x#=xPPV2$l3F^YJs0?Qkkzu8L6
zM|UD{F7?JEj)F-6p))>sYTZ0CNqRpI?icV%q4R6s$nwo6lR8wGI$ic169Wdf7@ipY
z-{-pNi<B>Cc!V?@)-gw%Ju=}${n~sPx3FTZp0P$(ABKJXX>;4S7_+r~Zkg1`F<%HF
zLbayH6Kf&Q2R&l$$~*iF=Sq$h=Z~3*thTm(z9e1A&!&J~YF!<Bb*r3Tc(!x8UGmR3
z0{j8|m91Bp;zAUB%F7mU4HBT%?(B0(<AIQsdvq+iA)(aaH&SA<KPw0JyP-iqJI62G
zgwk76nxUa$4^6>IHU-mxZ(ewPN4a$H^<U{lM0MzEqA|D+`n&ZX)5Ou{VnW(|r+XiF
zw6cHWZJ9B$1R*&b`A*0t{whS(UvZtE9+_{wEtBWXJLFE5KONhy5&SZjBYibKzTKb5
zIeJ<=X0u_jZP6J``Zmm)ls)(MmiV#7w{SBM44}Cw!QMs|C4C7K@0TvuLN7o+w8Yz0
z%#UoI9~^5fW*zia^jNb}Y+JXBn)3gaW;j|s(B&)Aqs?W}xE6TjnVx}gsVu7ph}c8T
z_hNR<rQV0LX0Yc1nMgl}Z}U29S+z~muA#0T;0_3Jk|x^0<m!k|a_u{55c#QMRZQ_F
zmwoP^?zqZL%6U6xjv)UwoR)P@5&OuEx?-I|p~d<d-2VMXR|D9>QoEtS`HP|T>Rc6b
zZM3)95JH@z%_(dt`rN`_lV{kX&Z&gr&tW@81HaZ#RzJ54CD3#MF{HQNQi|&)uS*s!
zn3iaLT2Ji1^AmDyL<gEryOC5nqb$8#L~7XC&24(j_<p}MkDqRcyfZ8HQuLNCn~r4k
z85%1lGcP{iTrJ?N*8DM#<DPGMnTy}FurLwn+}?KrJYW=jHZRKw6>U(*U6W1thF1LJ
z6L$0C;Kr~L4M$78x)(}wGP!KAP^Ar5#X}>O#1C(mw6}5sW%HbZ@g3s=IWW~%8~Pjr
zAsdNNl_Hg2#n~Kk@;1?Hvl5tC!D*SPGn0+3!wWAqT)Ex=Qm08$aa{9^`uhM2X2{s$
zbT~c!M~V9Dil?@m`j@R~ou}d1ONI8E+_s!l93?Wc2JJ`R*Lz*mHKr1yC0*wW;QIR6
z3T@wb949rldl3y<3^JjeEGb7Cq!Ku-)TPozi|_M>T7&0~%sLti4pZ}|vSKrw2mjx)
zl8>*_$?JcwHfa|Xeo;)l7bA0FA@jXB7X&5?2Yi+6v$gSbZ~k&&)5m2Vvh+46d-@kg
zY5PY-g<!Y8`^6~3K2H67(PDVTvslQIf`i225fN$n_OMxER*<GO@NXTGq9gmuAG8zh
zag!wEKbm+|WZrDHHhp}|zZmoZr5xh&#0I!cQe&K{G~M6A+;`K+83zjp?*Hx!$mV^u
zt5#op@nb0-W+=;QLS4PUVyU0CQx0VwWE?j;+%%UE-Xj><yCaHeEo`W$Iv$#9L2YT2
zSR%5tW*%7s%!#jqGKpfE;axTV)Hn36IeqLc2mmOpiK?;3KvI=uwc_guL*BgB^)M{4
zwa!US0myM$vF^Yhza_OYIIUjHXDoQJ*)kdJ#>Pnr++R&pu}G@c=q24$nOW+cHD+0Z
zi1{0oyeRQ?_ks_)s(d9{ZGL*PWYVH3CX+v_@jcr9y*};6+Dz#CEX8Y4H#IkC-|(HH
z#WdBz-dK>+B40OtCVM`AeV@T@BFbOn_KyP>mqwRrc;A;U>mW_4ki!#+DJ=NXL~;3(
zqe&Mbt}va`KJrR<d?xkQ;-8d=)(j+i<J35)1<kw+w%eTT6tB&8v;H|{#Z3zmX=++e
zXAuK}e~EoU(%KhwRGqc%!y+8*%E^e}D|yGStyT5)$j^53i`&^!rzESn;HMV2bh;B#
zXHa<26CEV(tmlL>=DoS9T}leaYlcw?F2ep<mWB&-Ka0S4=)6E>W3}AhxYM8E5z3%1
z%GTC3@|~Q8;_fqR=?z<Z+mP~`|6YFhZ74zYmam($N__G<<Mp}n9Q-qm3d@Zc(shx_
zWM#N%#Y%n?U%MgZZzhZ_$tM?i=M0X-EuB4{xt0@8egnOftahjF&2*ETQ{vXu2X244
zs}}k=S48(qOh}H#X%95D0!l@h#G35dv#Ywv8f7K*gbs|`kZi~0D=9HJoa=H4F;i@Z
zbyS5SFF|ZCeH$a9%oh2?7WD!h6wIaAJ9}+w3~F#bxd-{a5C1kx#oyA(pMeHpfkPTV
zJ8s7|N=JezeW^Qxs7@TDp-fCwxM?~Av=wrh+!FE@iv14$?dbGKGY>V$0c@ynwOz=>
z{aB5C)KagW*-q!EPE}N<ADyN{4veEDh|m7hD_v>ye`1hY)hY5xa71DcPjI|QY_?P~
zS0ocxnoY^Fbct%jeI%6jePK1A<6PP?38u?glVteYlJ;$|)f~Qlray>SgA;z18|W7_
zr0CDl5UZB}rfUGVt&Kil@=p2uJoGCbz5Dw4cuZHD@O~fmpXEWLzLBX+nh~ZdzyE2z
z6Y9&BZRQill#g!WlY~VGn(MjT$D%17N3#zzy;2=V|2Y^5zZ!!*80kv-j+Xv*c((JA
z`%3l8)?hfxqm*F?u6_mi6Xkwi_7zse-^T+fF}$!q!SZW&?wS12g@sPyOuX9Bv$;C6
zW>lt<4nidd`OzmQkv+{q9Xv(|M|5;VJ{<8->DkV^sLn?2D+Q6Uj-t^HvAga<FZZa<
zZHllfeuTyAAqhi&STHEVH6K#HNjBq;_^f<j;ULJ3l;a0}(F>)?l^4$rJltrK9(jHz
z=}y+2soJy%%&(a<)2(i?jN@V?7;FO-XrnIj%6dphrZdRg9t>I<bdKmV(~>0>+WL8H
zn3!r+Xwve;CH&yP-3JJB+x{ZAuQA1>B~Okive|B~^bnUIMbzWltg2yEnB!B(wKv+z
z8-A#!2Z*c?N+aps^#=$rO4P6TK%NJPJ65$oEy9RE0=%Wb9<D$oZw$!zMQ9;^)#U;f
zsISY=)JBDYFeeQ-5Sy&!kiu+Z0>1HqKOP`FjFQ}eFpyKHkiIA;Nk&q=yWWB3;w0aw
zcGkTEuYv_EDD#_0^RGRSMpIrWcgT7wA;B+(%LTAdM&<CHZyvf4u22vL4-m?RC4s~9
zD+s@Qbx}Rf8>$B25j<N-O(rdMBQz0YYT>VqO8n&ya~3cfap>PWU<I<KQds*1V2vde
zl4wuTuPuV_{XEr}-k8>VpRs~>?B%Xs<*w~^WplWxI==@ui6Q!{A?9M|#w5RQN#+`P
z%%qjBTr>`pteicDDb~g-Czh_nNqBkt?VFNhiFw##XKu(pcJR9>`nW6m7VAfXAMzz4
z$h7G1mj;l+x&w<GY1=9^0Y2HJ4A&$y*TvTsRVfh%NxE&Xk_TqR8M|U#+?YW*_;sj)
zKM>eVG;ohe<T$eiDWkbstmpR5J#V!V!i*|N3Rqn^vn68M$mqMLs_uQxTPX&=Bp{tR
zdsULAFO41$XnE5Lir@f}Xr`)0EDeNNZAK3uwO&ZuxF=%BIOrE^&MpftUdkzA&B-NZ
z%<tXB@^F8|jy%nth>@SaFnI-`JIudz%lcb3>=4#qZG4NY{z{@)tPOS`S9Vrp?t7m3
z)Y-kb$Wu7|rXZGWcoe@nCII-^4tkS+GG{xuk=!lR7WhUW)r5~_f$=CL6RzWc)6*Qa
zjSQfv^u$U(AsgT{RHr)6boNLx_IU(m^`|aqX>)}n=+IcBi3i8qvr%8tvN8Q>C%4rb
zVzjHrX8E~|G=!JA`l;(%{dl%|7kBFRVaB(^yhnw-Mj^cC@94a!0cu!5?3K^Cx>S4x
zXQ}d_s^zaTWSPV3=*l01b3JlXwRPLB45?tVJWbcBwFiKT`3R%P74}~SoNxFGY8_f7
zQLn@!{TGOqPo}GK^k>!%3!bp0+E%cVNsdwo0Lbzu1XRDoTJj&vKUfuZ(x|C(kvByt
zN%3an*J&T~uUeT~BI&*ZmQd=yuAxtn(i2@<^cPZnOxO}K`56?gK0P^W`Q|)0`_`)*
zaR~FdPJcqRa%9|@h;x+vlMy=qv(ba&2nBHNq1t|%fxW$9BYf>wT(47jYY!cvGJ;+K
zuYLTgwV`@pA8<6wvZ3l1v8yYvNKN8PE1agaqwDA8O{~osyCZoqVbu7mkvp!jMd^OD
zRvIOMNz?pe{uWBHyhUf|V@UU;od$Y46~;E%QSd0SOC00mV?w3v6VP7L9L5=SmA8%%
zosSUD_LlJ+j4g%l3$!0995PX^LUkk?JvIllkTAW|eA+1CYD4;&Gi{l4-2|b;WuPv2
z#%Z8TP-N%{iNBq}jc%;8?_jRO8=U;Ydxoy%Ii5iM6K~dtYh(vnKzX<FYboFlQ7Apg
z<Vt3v9CkzjX??n`tppGry_qn0<Vc|}pv{h>_ydL}Hb3Z70z>Op0tKLxy3pl;Crdc9
znGUC|@RFvakx8DEu}Ofdn~OEk>gmHLhGB?2FwFXPMg)OaeOotq>fT-B-#Dc1EzLD<
zZwxE<rxRwr2{(E{tce&bfZe1%PjI8s#8GN~3tg^)qLB33LJ7ZOM5J;!dZFX|Hcl^a
z-W#F2YJ5w=+Zq5dow4{aB(o^973dn994Z#cZelRiILE4P*li{2+7F#~<8AwwoPb8=
zAaSkx`-~DqmLbh<Nhyy?iAt;ico?rD)wX(=(|;AkcSKFFwmhzVo6iJm;+d%ojG1h1
zd1?>)ZKofS5yF=a()eRyH~^P5@TVb|hcQEbN^s;Twli|!r)=4|Gxy&@Rq9|<<NzrR
zW9bdL#ehiJNtLIZb#5Roz0GkxBoNT$I|JgM7si5f!cE^g@5HnLLo&fGky7mnTVjS~
zYp{#Lnm;OeuLt3Idzqa@W^<E`;)0AuU-#_|eYemFlh8Mf+S?!<NvVYOHds*Mi_oJZ
zK*Bttb^8Sx9OR`e_@QyDgLd;HZ`WsscY^YEBfr(0za34<_%vUkRw@1!hVYu`Q!=a1
ze;y~kGHl1ek@Yr#XhSZ-lS!hLu+cW?YEPN|{{THe!oQ<+X%ehU*^|(DHUSymm;N5B
ziWI8Ky^5;j0nm3rgSt!$@4xi~O{^!#h=MHh&}bK=qyJ)(c5y*Td)^P1)Bz>s6FndV
zIk<4<x1LR*9%L2Ec6JX+=<*s!I01P<ZSV=beLz55sQI3`1DbCqkX-|$kyH`;Sn~0K
z5-H_<D-H3-P>GiT<R6PKCnJIAxS;X6>=AnBUX9fMH8bZsMXKIFZb!_;w~67)>M<L6
zYP@EbJ&NStc-0)tvbxqq)gU9h1xEwEp0hBCvp43qrKI@V;;=ltU=Wca9^Zva`9Nj@
zzl*#`^}T1%$X@B587UA9&eiKod7s=MEBn;BWEK8qqwrPuT1b7O@%L&_|4E=<c>5+E
zsozsepmFj*W$)EM0LHSWoZSd^?-M9D^V`y5jOC8WHt{$4{y&!{XI@jzF_hmn0{U!m
z|I8S>-zt`i2mBA>{Vc$|Prw7y0joQ*T!`YBhXv)sm|}G=M>3UkA+gpr;8QZb@cBic
zzyQ0!&gXB1GvBaAWa}Z*@rM(jyRG64;tsgv`e^|9uo&?ve=8p5?k+xjZdC}=1ueuP
z#~B)$@*$MZx(>4Nr=IUW>Y%<K8}zvJ>EM|HlBuyF>_=deX8@zT*hW~ZrO@WlV7YW?
zbeus<cy17W+#62A8Xdjiqiovf#=k)anR<&f@Kih2bwsdn{h2@<PKb|(h>roWKOs6o
zL^}|B*ol9<#fAIF>zsO*=42gR+(k>9`VS)4I+A=<b;=bU8|?V!+g_#MBq;~LzUZs!
zl^`DkJc<CW9-uY|7=(Z`^#Dt6%79J?$i}4Wf$*02VNMF2ZueW#Vj?Gp0BIMHCF3ZF
zkV(?R|DXY&8;L^Y(vW|$C{&99U=1Ms`a+HGByIvX)Kl(VV-B_Ir>s?L?Pl;()}m>o
zMXyLJS7VDdhEr9G9)Fs)=--}z7M%}*q+>6^&yV=?J^c8#;ELei`13FP*@{0nAo%d*
zr@j|B79^=>!Z5icBRMo1iIHYyB!@3;*WaKsjd{}P8+7&2IhL(Tpop|DnC)fRfp)>{
zdD6#>cs4}LlqO%G#2<j@kMy_mb3tj{*xF)e2(OizBaxKs&Pu+~E-id~3!9%hf1OSy
zr>zpt;Rm!!r-#o?aY+&&{dIt1bbpGBh4ZIMBOk_b5XaD?g6qC;-`Fu*_KnAzh55!i
zv&m36;B7WQU6hBya;eup!d+uN0LiCS@ViZVXjQSC1Q;pv?EL^c12F034{%YDuFY^Q
zg=w)KyLU{6@rFa22b?_^ytYZHc)Q|h)p!cXvf}DUtNZ>)!C9`ex?96>cPzS*=0gpH
zi$w;Ex8^_@AT5R%v$4$am`(gSG#=A<o1u)irDpL5zY*+33zk8&Ee%CmMZDEp-FXHY
zaEYvQpeLx#=RbxwZyL|>`Qymy|BRIRk%n`^l9{tlP?>m4wrt`+OqhuW1KEXZ>;rEy
zBY(gJjlBEqa3i+{sP8>C&DKk)zWX`TRt;D$zb&?lQrwwYvbch9aaFUJxWCEbR)@rm
zREYZ*Kz%E2H>jr<z@R?&=4}E&d_hBjfX`dUkwGhobJ(!?maSAr0l%?9em_3nU|`9l
zfhCay78XF>nn?pl&&N{m^E=Qc$s0AyWRHW%d?h#Vn=@CWsQSXckY+z0wgq#a?|#xB
zo3@6YOst9D``jRNYt6EMZKd3=z?(~*zrv#GQJ5q2Tlg5>4BzJG^^-a596A&|)5jW-
z%yTco)IfSRRa5U~8%MhOJ_^TBaKHr4-jm$9#BZ}1;);Kc6x_*L7?h!CziuFH=e=Y<
z5r%Py5J?lwkKh)_u)pJ2rw@&FU4UpL#JCW#SNNc^G?(m)NMGNF`$GZsh=UXg_y7S@
z!Z+GB`e-EEcSjmmK;svE{WtV~o9kKV|4C$GlwrI=`~POS|DT*z06C?kzqgKtehzEC
zIa*=B9GyKK*P`M9X<a(jEJdq@i2`)S!RA0I2_|M^sbj27yejwihm`%@YZkx92^LXo
z<roYcP~1^Wi<d(8_tNeU%30kjXm>{e7szXMukiU(NN@j@-o1^Hm&DxyayzkAti>0e
zPe;>FoJ=1w6usoV-4_!pq$CnK50TpdO2{jgk4q=h*!N>vs{BXIuc?aP4)S>iGT&CQ
ze1WkX-!klZMrQs@t9ZaFUcpyD6Ruk)g}9!E)fRf;V^mFfS0#+|gN$=Pm!^)7!Qsg&
z?zM^st>W+ai4-DZM3{{8p?#vWvNhP?B@5Y~N`<_RLK+zVGR1Fj-^Cpz_NV(h;<H+t
z`&pfhI)*b9Kad!9_jF3E&AkvhS&H7Y^2s>zbwz2{#AN#3c{HZ9{`~zQ@yP_iy)Y@U
zR{FVDZ}q!S$g9{FCeX=5Vk$mfm4cst;ru#$MG6d$9aEFpr&gRLu{d2FkW7d9`;zH<
zQtnEopXx2)$@@^k>O(dYZ$O2%8-o>sxS=D<_XE<$Fg3`)3r6JiF1Mt2NE+itsFqf|
zMUhtRmkDTXxoTzS?kC?lgvA0(WuS7A4OOlTKljRNH_`&8@mdVQ>XqT!T?Sfc^~$hn
zSp#U5#tooV%p5>p{UWtUqgFjG4P>MrT3~Gz`)ipQAWyDxSyDq)E=o~Wc}vP4R=H+;
zc$N46s;sh2JSz?A`6soWoYGLO(^JA~J+nWp_2d0%tta%SRlL|dSnG5~I^Miq|4_`|
z;%wy3H*yb~NN&(f7X;UE!76@Zb(Tff7He$0MG~f@XOhtwch8|u3GT=;G8NHC<d#%h
z1nx~afs-!rh~KD`mzr2h_We#vj~jY(7R}-$i&$gTc;PHLCqvg5<Y;XJo-*j|i!)qL
zkjXKOG5ub?2KLO_bsyT(I>lm07K|lxJ`r4aBde>4;2I$bflB0!+eiL3A$e9!0Qb&}
zhwMEB<9BnMImzu~9OtZ4aGTJ0>6vP?=9d3h`2L7k;+u%0g|jp+tW_F#|B{gVD+W#*
zxyMvoZ73wA@vcpgY__G74<^A#I}T3JBCd2DZqgyvL$G;<J$QuXovtM_rzro@(Hxe_
z#_JARc7rqlyGI$OOK%@ElKY%V4!Qf+=^-|cgZYPr-<B1Vk$)1?34Gp5q||gBy%E$E
z3&!y`pH^TEcr(OX8OGE0dBfew_gnW}z|R}Nhz6F60_I~StN4R8{wIM?`A*2+Z*PH%
zW|+^7!54`;dRTLB;$v0#JQ^HqyiEcMehGnm7stkDNET7b_so0Eo}3}x05OiWeqP!B
zC$ZHMa^^RMg{&=#%%DpJcgJEOw*-eZUn0)b$wn`<Wn6F*V@OnRJJf{#bXFKqWBF|+
z7+Sp!o@6=aWpaGp>_~c@4poH6^6zfFX+fJSTWfWtVL?9sYci&j!hC)a7vjy@$Yz*M
z8^TM?%^GOvlF_8$bQ-#`Jq{-s)A5#WE%Akbbo~b-J~N}WL7QhmiTqb5lM>qrgXV`;
zjv&h6ERj5CVso!1dE|?+*Q916G-Oj0^PxpQHQ=tSx%hM>-Mv-Z^&W|R?h*!ee;=^o
zak3{rsw4D>XC&DG(i?;C1Jo~w!nw?}2z;F&RL>%alkl01MTY5Mr2MX6Bv?mO5lgHl
zM+}BeFYEPn!W8xx0`~l`pt2cmgO?i3=@GDo8<-Viv4M4hW)BiyBW->z@rX@)*RY<e
zw|=p@`U+E0lY{{fF8F0#@V?1I1`VIzhPe1sh9tZ+5QoN05XeOzms!A=3gKvjM&K<U
zQn6FaG$egVtW4vPAjc!uyF`t|BQU<%aEB7t#}HIZwK#v-NiG0cr=%t0&K!i5;V39G
zJgl7aw+XJdBBnwGX+-Ic5v8jfQRb3>a@-Q}lp)stQ&>D9FEy)`p6Sw?OV#`h;+<sG
zl)_oEIcK=8G1LTRkPz_r{4C=6Slx&ZNjUjLW5b~UE3lpz7q6Ny<(-#7`C&Wmqu<2v
z;)c2oBwRA{OVX0?THQC(`0R?zY5c7{kUB6d$(%C`!>d=DVLZd<=iLefYD>V-QDk{W
z?x-FD!G0)M_Zxu*dw~S|A=I)z5r;LD(V+S(o%~0T*av5+<PsdYUJ$Zx_3xnK2it@8
zO*~>Xmd(jhnHR>0uFCys;ERKgh!-RSWj3Q^kGC3snA2-WPI7#V<5x7b)p+@t?;|Fm
zrB(h!21T@Yqt4jx!4u7z;Yl!U)Q}H9h?Eerz0G)v&rbu(!{Wul*;|qxfm#Ssb<RDU
zpARDpPQQ;-Zn|_Cnaf>F!bEN<js}X$aj@oHB4KPGs27d*a37Hs@e<tZrQs%97rrk3
zHcMU?_Z|gHrT%PPyge(W!3FC9dBJKQLU*r5kPBuuSC%f7-?qpQqlln+yRMNf$e$m@
zb=4qjbG>Uwom&WqL+ktlaSHML{M&4Not{Y7txrD;%kD^g2r@uEYhp9#Vaa8#0|$Bj
z(QEXE5mZm=*ArG<8B}2QqjY~axR8rcuGNyR%eR9CdO)doNJ`6df(y2B(#pg^A!9G>
z)SFCmT1Al^tj>P<GCj$i%yKVBLT;nr?$&h4(kZOL9%QI*Bma0lG|npC!ujt#bTa5#
znqc*&k*OG+ofR4J^M8+Mt?s$x!X+8{6QtLSU`B5#THWd_jm7Jlu@HZ?WZRD1j!&*y
zR7zbQsK2h}^J_I+1J5X2CRCdtiQo2=!DPW-0Y<Y}a><v^t0cbC%#h(;q6e~`Tr|u-
zVjt^5BhPD!LsNB6vQwS2C^isdAJo8Q#iryNGRLHL_Yxqxq!@#zp$m$9ele&*F78z^
zO%w3jHer4o{fO+xB_qI(`!YYSncVQcdVI9Juik_1tKSdY?Zb;t;pRa+ZXSSv^-^vu
zc*osQbeKIk_cpuk1IANVEg7ByfHZBnDNf_N5=nYW9A|H@=6V;@)pszm;ff5JELY_F
zOsGf?R*_z}sR&*gu782Rcso@K#!*#cK~-NSnRE_Jnbg2m$UTJECq%qU*@O1pl<)rg
zvK!Q<=%#u*q$CJfhk#FS;_ao1>%G{X`3W#65TAmEN3Ye>$9?EiRBd`?j$j)@=)$}3
z#&0uu^junT&d8x%U6BTxyH6a<;bY0PQE&~z>uHJmrPOwV$S2PDycX<Ap|dWM4DHWM
z5Zohg(o1aMW5#{_vR+Yi2THet+&>_mw~F6OCFDv*zv|&5*fSJEIuD}pU2xA2b(0)u
z$$SqPMeShy3&iC3AjU7?J+KV624J$;?@i#sn8W<{g!D=WSRln$v&;JDZKA;dWI-&J
zZ2jfy>)6k%u68g)N-zN;F`$CT;q#8si7kv|I^^#fBH<j<i6DruFdZh{@3HRa2kl@K
z>lWiUNSH>9ll<Q_<alKhWXIb(3>>c&bG*$H(5dIf5-9E`24SBgtQmu?n9#6)dLo#A
z@_BD*$jm!E#rJOwz3L8&g!>KBy7*w%Pfhd)uGR)$f841*lIXFz@N;uk32}n)H-6b%
zyaQm$SM<Re%^uRyU^6HurS?EJ4$hT^)o+H2&&Rt_67m$>ecGZF8oSnz$(g@5USEU(
zKSTW08h=#K9202c%%3q7X0WG77xLQ%Oqb?NAXoAzZ=PPLi0n2f?AkVnOMz0f;UcC>
za^FKosBD9d0E_GgDFZk8URPIC?m>SJdK6e95w&y;!_e6d?{A1B?<eYtGVUYhfjVdo
z5RWAf3~9;*&0fKHna{64bHZGMt~l^|GTAC9{Y@V8LqXl10e$=7apaQTaZUIoy(4Tf
zaclN%LdWP)G<5tlG!*6PKQI~%Y^?4jNm5$d-T+&|HWjq@;idu|$jDd`wujq~^#3q|
zk+~<QBsxpSh0k@I16Pg37}YNnqwWWygAmOjq6vsugqRT`+LXa+K|sD*c%c&nt0(Ji
z?#>JX_99?nJ-{PDz$OF?r=e9E^T+cLyg`iKJNzt`Dj~@>j)(9yMHi$`hW3NWE!Yd1
z+}-c>hgcZexg`Sc4ipfJQRzljKMt2C0~d^;G22|{&J2hn>c#9~L1|4;+TdGkQpM&|
zqQpOc|8@CJ<I^1naiZkwj#Hy2pG9gv*Sry&zo{T%XX^L+JXB}kYCM2zLI-?zwwViF
zD@c!{TSLRYqwyh~9S5`HgY4M%yL#)hk@zLIGk8r^JU-F4HzAq(gZWYtZh(5r=vEkv
z0b*alO}9Z31aTI)e!7nCR=A^X^dPssK{`EF@TTj@SmaKRquUzc@2O6YBk!qBPXL&S
z!iEd<5oR%6fQ(GY$YL4O*@%@s9Wr3?z9NUCe>V4L<e_VE%Sw_eDj=y91tj&pha9$G
zq~u$!*gy}sXap8p84I9P(?b<Kcqj{2NTVT#I*#tvME^geeF=OM)%NhDEfCfTn^r|E
z60k*<R$FLji(O#?DHK7hii)C$%2F|rDob0E2r)!a!F@%aqT&N(5m{THEt~8Din56?
zVOT|=Y|VGiId>+Lq~-trzR%x#Wpd}vUC%xD>}O3M0p$<NZ_&IIUv{9EVqf++f*w=Z
zW1d6v^6cUWaSnF8AbGs8&@QZiGY(KowKLHmaMtp>RP584NiPb5FADLN{cZ&PQ^fwM
zau&nuYUeAwR+V!qdoqw3MmxztuM-%4Rpv0kkGV}5O#7V3|AWgX;PW4MaBD5uxI;h@
za?wu0T7|m=lt^yxL?&(~x$iEj8!M;tr#N}SZhr5`GJi^xKj}n(`c5Yb-rfCj-i_cb
z7U0c0y$A(mI=mN!<eYOvczHuAFAOhlg5@hRQNOZ6f`2Rl`$(0BudXazJqZ<Ljb?Fs
z6Px9bqbb;$u!;^vNy>Mhs^5ZTujILoLg0(??YH2>l=ZwjLdX-lff;}^HGEvJqlw)L
z+;{Jyc(4=vBgdc>;kRk@ZEX0r<DzjgAX3A-9}E&~-Y-z@<oynyH0hMJx(d%~brnr8
z*Bq_f6lO0LsI*$n*sWQm>0O25b5?KeDS=EPFWLW++!yP`rzMOJuadhlsteoYeJBgq
zSkZ>c>jjCK^RPj>^c&X^*2v?!!emxp6bSDMIBl>I&qZ!Tlc2od|7$;dHwX7)pT^f6
zzZ-{9PD{1{hjCnV0V1$+^cEaSGmrx|4UT7!kp?6?Zq^1TJ8lCzX4Z=1fbyKg26tO<
zaJRzm#Nh89A%k53!ebNHAso1gpD5+akV<odl`hIZYn8lw5;UupFe~2*z<BbKZFmwQ
z0%i<FFq$-4p1lnpB-y(S7GY8<10s8Wn|EZq&HG{^h{Rf=yob?iR%cawK7)~#IS3=C
z;OIO4g1CB;H;2(u12V&Qc}5pD5a*;g!QLFxfBIgGm1iGC`Rd<yz_pMA>ak#60&h;J
zJsT3=kcU)PwhPJ_vmHv5To{PN)lNZATy4dw8NboHy&><YnT%ER?vIdn`{>>0^zLxT
zyFcljo8BD@d3S`~JxlMDkax%FT|T`#8}jZXy-T8Z7ed~h6T)r2nsH(wM*g`CqbIIk
z2`7r8d4&e@dr;xuhzeJ(s7^%_p@I@o;RTHz83q-eyc%9%Ca=&~PJs$jA}V~&`OxNa
z8>sMB1f$xCQ$;Q0^Q~Ehn`*-=#MY{c{hd&uG5T^;%Z^P%!HnG$W{;@9E()xkEuh^%
z?RAJQHdp0xi8_HRYY5OxzTqHy9s`UpS}*rug;qGo9y`d+n>TrZ$iPGlg=AxVu}E5Q
z*>#_R9UHWw2a%jFy>x&ty_O6ifav@8E;7uEh4@<hl}SEu7jc_$13bC4vAh@zG3539
zjXtJ_<DLkkjFbqYj8t|i3WCaP22h6v)Iq6l#=?wXVLB^ZiiOr-p%iI?ktkbR-OvOh
zQI2oLO)x?$jMOSLf(k?RHX3bzAsdZu=kkR5?|;b#`pwN&&u**dg4I*YZ5r7Q#e&8F
zbucFQ6Gu#9NoTTVGr?X?;6LI(5fY0zi?7R%f{4ubk_k3FlWlOqc-mkLHIfM%+z9lx
zUuD28%zy)Smu-I6(*C}5McrMad=s?oTxa5?CfakMGwoq)e^0Iw%iqO;<o+12%f6}c
zFs|h`NK~@!;#!0KZr1XL){4KQ^P|Tl+DL7h234!`&{rhiGsVdMZ({$C%lE#NDEZob
zX!WHZKqFWjhz}da5<ZAYo%kTEp4<bm{2dPB3H~O8AG|jLpn8V0vB(Wdp@?^~wGJ42
z###rA-EX}ijFpnZ=-(oPkQX9A=!JmlQMw)~JQ-2pNv*;cP+>?A#*Fe0n+V1>p3c+x
zACy(YrRX1O?t}6BLiD}HC{Qr$@mv6=XztDUIY^8CksGv!2%84G=&Xryv|I%ww!dLZ
zpt1Y`6Sy~=DIX=4KoF7YTyp_Y*leZM2i#3ofgET+=lGeR((?Nx?}wRO;mi2&QXo$y
z%R13j3lyI3OVkwEe2Y;hnRGEPDL{H>hN9v}F?uyE=_2C?W16QizSLd*vMBrG!NVlR
ze$@X&G!pKNNvS*(4^IpVKD^^zaJOK@_nQsSO~L(JQxNwa6<yt$2?CkU+ysJe&w9YP
zD-yd1&Xwjv$RWKB!_Hb|MCwwx1N3c-7)U)44|F7G5TP2V_$5o_l!@#e>$?Bn@mh?t
zd4~SJ-1vYR2}}}mD?sw#U5Ltc=do*65HW(u=0AY~ldIhE*$ux;1g_-Uq%HzzT>u~X
z@8AJipgp<#P&~?v;;oFB?Vj(s3$$Z4&q~x5sw<0vd-OwMYwiX=Mt>>t3G->MJeO<<
zXQX8{0sOB-vQ&!??i5{@S^=m8tQCQ1t21B#CA)LG(BIdFZOjg-!k<oH&i)f6F>i;>
zP$P-iJ0$l`@WuiNWETw5biVXoVQJ+rdZ951YaEA61YT6qsezuSuCt!bSS=USA&V{?
z86&l<fHP#t8Hk-QN~$;$4N1m5mnG-nYwSk)1=_V5&Pcu(e6$(lq@Cxp#PPYmf*NtW
z?N`%z2D9vkSi+vO#Fj&U74WY~a;}Y$EIS-KB+E8?=TQF=qtzqw{Os&<HCoXi|E%K}
zBgyT^IC|pJ1uXT@5~?d6jNq2c^|uTqFDA`r$R>1PWCK4@q=|<E6Q?r2-jB!&&2t^h
z7_^N6SEuPyTY{V0LD4m}Im&+J{GI^FRiI(ThP<=Qz)9H>j<Br&eF$W(lJ7_f1oGWS
zVfe@8O?QAD7#%nG7wdb@qV)?6!)CcEy7O5N{=qGTaNAcUR~6aLKKO9Z_H{QaUIRbm
z=O%FD*Ssh}HGUmt*BigiV|D$RQD8sKjX#D1W^f{@pXS_vAYf<j*Th4E&!%XHb?UnY
zvcLgq1~h>2^4(np0r3@B2mIQIeFSnrIhlRr^^(y-+c(+(RnB0s?XUP$03nvI(4)x%
z5t~NDjjGO!=d3-+a2UVPQ1Uhk6d2bOLyJd})48r%>$}G+(tpKSJ$+-ds`|zmC|%i4
zSe4cLhXLAX&ej|`W)?u+j#qmuK$8h}u&HduoxHbwIv(cOs=oIc0IeTM)J^O(JNM2N
z3kg72B}YtE-(&+QGBTm=OTDOCbwk?IQdX}j*DT^Cp9yrFWV4({2Sw2ZVSH@9`3L|?
zyKw(12C1y7=sJK%B28j+gQ!}Jz>hfi0Wg#0EJ+upCV}4Il-?d<;s~4J7|f_*0kPjB
z`=wjS*^^<-$p_eXF~Zb$>AP91elf2<c%fQ9#_C*O2$c_GnBzLFmOGBD+Y0(jb5*IV
zcZqO3QjcbMO9ly|hbA+ae5ElOc!7-%>kH77yz(wuS%|MpkoEgL2nSv#w}`o?)mZks
z1$!#Sr-2N(ntx1>rYr^+*6O}^QI5*0?yG_r5a0-6O$o$ci{c1)UcvUOt-fI<HX*B+
zy9dl8a4?@9)q@ZlY1T?4qui%N_d<qL{40<@S&5q^m;Dtl@cV}K;GbpW@WiI)pAWV-
zUZ4>%@+o(M1svlV0zw-G9(ZT_J|Zybp+3Qy#j}Rt<5V(so6oTxeImMAMRRX74+Nj}
z9AtN7=L7LL?-9TXynIV1bgCNx;Dipicu%RYwT%B50YA$54^gu=^R6`SBjJ&w5yMF}
zJr>Z3Kzjf%X||H)0wvv9WX(HqF>Iov0UQZKmUFV10q#R9i~`^7K!`n$-OK>^A|P{^
z&OCO=a$^JRKCYC!Chh9|&jJt~RFf$mJ2KX?s`qdKt0%954l;2)Ku|X|U*FLzXn!<s
zzp(!HD}U75&&2kfRfW)aIW!)_j_*qI47@lh=Or#+bjxJ+k=hTO>EL_<RnSNbHe#uo
zG7N92V8;x;s*yw~&V(h6mON)dmy<#WdozPe3em!4^CDc*&u~eV_krI?g|X$b!E9$x
z2;*qO=qKKPF6&$L{e&(JE_0EA6Fg@d0l|avPb7HQRWK!0-P+H(FJL_mhrn<*9uUl1
ze)~t=9@`*N_MwK($<e87JSYG*FtUDKDv0%ozGJ(gv_*SDX=F42GFx8JmyhTsPb0^0
zTVQn()lo?i02etR@I{rQXh5IP3cZU*uXHlQ$pHH%(cK#NPp2qgtpHU3G>dsOP}RkR
z?itzaT!yG$bnP?<Jg&#CH3Ayvy36tUq()s1ID4L7l@^l6FL{1R4~VWO`EktmPC+MY
z$-U8@SUTAl=;3IIrbegb2g?HiHq->=Mag+NW<sm7$;NBlpL=40!wBMV&sOm1z=~Tp
zK}EZbt(Qq$nrC3>I=!~!Z5_Ow7smrP^3ujp;!_(&iF+#oY(guyOTK1Z7_Zq@s5la1
zHT;T0o4m{a5L<3s7@E_dHGq}q`T`e}#)PsN_96u@$bk=_Oc`*de^+z_b&{X1QYXWD
z3>H+UV7VtNmVao6et4Un<@CwT(HecS^m#pfVq~@bts)ygo2E7%_b6+;6>t2vw7Sik
zwlv~5k?1}eMH+?EL&L8j|1orvhgg!{GL(v2%Hk1?wq>Mx(th=#=Av%6ntaKzlCvrn
zuFTVI`ykm#v>)4BwtX))fj2{YGOV498~Mt!MfNW0mf9J}UT!qu5ARUp<<;F^oG>!!
zA8)Sl+Rr1|yQB?`w>#G2R={Q_fvDb735@(5K%iF~j{(!@(Hs^gfF8QKA7&>3Gr!SN
z#orK9p@)&Ju44#Ymfzo<4kS8~%f99Z8w1G&PZyfPlf-Cf$s|>0QsfAtW~8{POt`r2
zvw9lA4cVA>8@1MGMfol+li_y^{{uD-H7NobeG-ZCGRXEFz2MS*ya6D<^&!ja^}zB<
z2^CVs<pvBT#91v{#A#mxU-ZSbKmc{0Q!S)v)pVatLRFh3bHPvy5p^>GG@HtsjC@5j
z1{MJfk{H2-qw@`gwLC04(lufZXCb<pATFF<sD5N`N8ya_wuaX{gyweBN9bw-{*jXg
zhu2)nYI>)`xB?p>amMr=2*lG<gCn~tx>iJSA`<<ph6Sli_gq%p|H8F;D6StKs+;0E
z8dDd=6@7m_6xYMaL~$MIk`rWQFYJidh!d3q0!)CMtmV8t-s(As{?b;6sVfL%2YSiQ
zZu|QHNMr&M<q+76L97P(uU6?u{l-EGI6%ms|6wM1Nvm{D=LboA;EtLEi6wZQNm_>w
zS#8FGmaPZjiB3qwE;z;~ITHNc;B<QWz-WOiCfjLxCSsZ`d1HjUH1H$`Aara4_8Y)8
zKjE~V#j6rsuc1uif>d!mT5?`DKxz%fcuT%E@zQFI<My1BEdNaG1FZORt<WI9n1&2E
zV@>RR@J5C(Iw}KxXFRe|Ach0lO}QiF(+QQ5XOsH1V=dbTt0(;=+ux}zP+oyjqP?Ag
zkK}Cdw3g{YzTp_n_sbA=5(T~J^2s?$bs^lB*g0Dhhxhee>F6C`;-aB=fQf-ay9k^c
zBqA13{^4_hfZUpO=ihsd=v#yt!*3J^i{wV~+FkKN=}hd-fR>U5!U`~;ixmdZ{X3$E
zwsM!j!fG%`lH-~rVgp3!ro6e8m93l!J{lFJlF1-7KuL_(YQ)dKrq5Tw=c=L7fyRj%
z46Boo-=EisE|@a>Vg;#1Q(RrRg_9f~-A7On2ms{hA?yHw`#vY!H|&iMo(zS}l1_$;
zEyeB{GQ)`@a-ujMQWeyYDQjZs&&Uqgo0JwOK&)t1o^;CjGc*$|y5DC%y=9CNMnT^&
zkc_>Ge)cK8gu&WEE`OWhOu2Vwv>mC{y;%Jyj3z%XMJtipcjmV@5+D9lKDJC4j3ikq
zL{}#m!v3UFN~hoptPF;m4BisfN)=b4CCe_+dF2uqk0<ZTa!zH``9VgW0StOyV#IhY
zDc21TAvOm~Y-?FHk=yGh|Dk*-$36fCGKX2c#{OGtgU|V>Y)Sb(elVk$8<_ZPYS@r}
zh6ujPC&FB3bRw97V)=Ro%rB$!1A_(GGz?y3+zQVz>{<R{C>9JK#tP0qpatQ=wP?j!
z@!!Xu{JqFP(0`Ei;O_z@mAKFA$XH-Ni*!LrS9<wH;Hwh-phfl{g1V4sh@DC_xR=eW
znjgFY$O#|z(7#-5M|U<LyN`USIjh_O+8f{}Ukq4cYG^;ayT=eL^mj7oYh03lh8nlP
z*TFhXXc9X1aV_s$op8rrbwJv8uUSxXmB+Eg<MK1jc^m)|@R<B7!ajZ}rjMYs;k7ML
z+os%!pA#Y2mrYuEQ5mkvGH_f<J_M@ks0>hg!h=cQ;GErhURN8}C!6C1rKxg@a<kG_
zX&oGpl7Xhxp=}J_9sfU2pXzM^pP(9g>Jov6=WDZA&@L56J97JCPj{*}i32V0+V9Qd
z#H(7vejxZ8Z=8K{LNm&nd2Uah>fak;FVe^>)kt8{Tr9gcPQ6!CAwLr%gnDR3+q{d)
z@pyg*taHBQ0=upN)Ph+~Pz(@ONpt}kQSG3DwiOM*P@r+X=igBO7gd>JIpc_hEl_{l
zW_7MN<y%fV{!m7Pp~Y=M70IpeyGQVM_YjrIa<CLwd@+MMRShq`45{-47-!51uj8|M
z7LkzPJ2Jue;t*nqllG^rVbigjn=qOd`0++$4syoPlslI=6s5-vEkpK#IIlJ9T<y0?
z@_ctl2(?#1w;taLvRA3oY{gn#4qs!S6Gc?x*O0x+1Dd^x4eV9G2IH*#uY5*WH}?*%
z$@TRQ<a(^(b|LFjD+>9g3mMd|+6PM8zew6?Eek+5;#-W&Pmuy+1bK5~z<4Xj{wC$w
zLF|$O%PHA;EdxM9XS-vwT(paTFk<5%_8gXRs~?0&&Hjf$WiJiHP8q_WlB#*XBWtBE
zKpn(($kECFx*jrzM%7WtJ}z<_o542f;qm`*KXd*K-A{>TSE$XdFgUvo+A!~qm>pD8
znrju7Q!_<cGevbZBSbV)6xz&d2F(JF8-`J9BkF1m4Maj(8xh*t5bVx5T2(nzI~URu
z>jO}sQ0;u#pcYKQP9scH9_~ufr41p`rIFUl=tJ+!A@7I|%(#=@C4{`|MDH5XyY3<H
zy3o55cjLQzL*Df;KvZgS1gOrGalmz9G<SE1q4f9FpxZ#Ob_A4(?sq_z8n|9pZGVs2
zI*T8#yZD_51CWQWs75F|&SePx0TEUz+pbZCrt(6lP<}1KN<}k5c>^j;i7-O>@w#e+
zG7c(y5mDjbb=3$ZA1Z*n4*grc4)YI&X;?jb(KbQy-iq;JAGTt)1|x<Az}RIE)no(}
z#3oHI?7SW&&IEUtEYC?yuc)FuUthFSDFz{SJlyO>%H5j&TGL{(OBE=^A{*Ylfps>^
zU!p4^3c@pXJ(yKGMaXn?1n)Y}X-qXE|Mdup+kW+LjnT)y15Rb%LsleFiy{0{E_t*k
zT~zZJ$-kY>Ky8h0L@aPzj;4%@%@eX_#F!P%`$(P>@*+!r0RvUM!pWyZ7+I_>Z8Eq%
z<^{<0(FDSgaDA$)V+&ZvT5CmZwAERQ(n(ULChD}PmQ9k_Z->orR#T)7HIHVzKKbEt
zChpN&$t53T>0Enyfi-<H-*TNVuju+xP?e`ARpsf+;mT7pSDu~>QJzA)9?=w3pNcIt
z?WxuGQtT*699IQ_Q*+t-5~{}j(X^@SK%1Hn9<R@6^)xeEeFI}b@`DQ1^^6y+ar~`u
zlBv<4P+e~Xe_0cGn|VP58s-P<Kgr-UtGXW=_*y+ZvZ``>#71t#ayYz2wZw~<z%e&g
zbp3|`&MHt(0#kuw!TfJ_Fn*z^yITA>$gYREU3hA-{@&z67)R!^+~aXl2E7Y_>KkJ=
zP#5UMj{>D=tK}Da$Nt`CvKMaTVzIxk9Xh&nI?HYsZ_`psH_;6qL=>`(<cjRtogT+n
ziZ}0~fPx{8G?SswLqcefyUcGua+gz#^lt`omno@&y$3*Sj&dK{zkJW%Xw=NzvHyGm
zTvHgYH)oxgC+B-k`uFogF*36ciiK4lBUM0iM*jIu63}Gbk^@3ZHar6i?=61@Eg>Fe
zU>|`5Cg(V9B8To^H8*t5fh3q%<Tdbd8?<r1*i;>N2O4)$e_!$`T>NN^;S-SGG4v5I
zN;Hi0=lkj$DPN$be6(-J<_H*{E0{)&6AM5Kq-wct;MaZb{i6G`##}fUv4va2X%_&9
zj^aVeDC$&)OWPw@cu%k}DKt18_FUotHXk@L`KZDW?ZgQCo)>YBwQ?oA9;Hdc(JcK3
z#_#&C81>7W*`ASS?V-J=I^{4-n0(M0r~;Dg!cZ%#whpUla_r1bnqXS;eiW^Re!SF}
zhkh);(2pZj$Mn%Q?+ZoZQe)}m+LAH+Je(KD>&5vS0~P1Rl{**$F^Nl?nNXU)$L2Xy
zdO0w8x6&Ixy-A-sf=H^n^=MoU0TFE3p__6T<7vdiwX6ZrHJWQBjaHwVj8k&WMG#(s
zuGLCtLb)w8ewgR5)w2ck9GKaHEnE>$bDh2sFxXxJm?vW7G6UP|^xBebVft>sbTQ^g
zg@x7EtPT4vrVULI`<T2_dE4s!7zmks?<yjRuQGfKL`beVo`y5oT&&z2qEC;*S}!6Q
zGs!48PFlTl5JVx&0c;P%Yk*_V5Pm9{g22ldgyFWEa>09NHks-;FB`;HUxEx)zQI={
zXGJYTx{{c)iDA_!z*eX^)s&_y&87G+CW=y1_E9By>1>Mt5rIpQVt!DzdV5M~!(@jA
zLS{%Pe`pN>Gcv{5m09APN^mL@mu^IFNilZ=<d(DgN;E&P-b!KC5(8swbY-2D+=T{^
z>*Xb#%3Na5y>i^GTmQ_`3x+J?Dcp6w!+^|-MfX~U!qMOAYzH`MEwjA+z}Y*?GpNR0
zUQ(@yB$Lk)EBZmfQZmJyEN2MHx54%=vJn_WH=Jjy*G<b#@i7v~%#5#hBV3*aD>DZR
zY8+@-!e!x0DDQvE!j`NLL>hq=gbIrc*0cv@$4zYUMAt6}1-0^DEnxu}-qp>VO-i6p
zrcbl+EN_APb%vem-);r`-yuh}r-8EFP&TCl_{Z^a7sznaTD=W5Pg5uNG);sPUtIwU
zB0ntj(On}9e_EgoPxbN`I(DpSb4%9ro!E3E9vHTfh8=PnaO{wX*da4%zkUX;J^^$_
zdn67vWr%K5l)-TNoAs_Ugls?_*^cnE(ke#?Pdw&GL{J&+A9zjmBIDaCzOl8I-0}fb
z<xh?=G`W&Ok^Xkajojf%zSokLJj*^(K0&O*pkXwFhX0^i1cEw;8XdVY0HBxrk<y&N
z4~Xu!5Cl@D-2W&X$U&}$X~pFyze3I!<qc_zwyU&*J)UOgX-GhZR$rdJM);KqAr>W)
zQ7AVtuA5HkP}Z8Oy8*vX4e<tE6)i+8mgrssNp75E+*cDVPEW#sG0i)$U6n?*DU%GF
z0!JjTm!#L|g(6uli>`n1_uI&arM-<xMz@Q~NDK9fEI3|bzeZ@kMlZjWX8%p>V8K5a
zd08)MlU@eT*Je}_+LNO-YlAF4x3P|3744H)QIXoLz2)*$YIZC%dqof^&HMZ8p>zfE
zn>=(PztPz0$MVp7C@*hc_q}G0CdhU4hg#EmF&g4cgT9q*H*3Dg2jx5KY2`o^wIaG~
zute+(_#X-~@uYzpBPDEOgmvQyBbR5<Ohh(7<zBuP>h#*M{-iW7tc&Aj8;2{;HX8>m
z7v`woH{;v4t2ZMrc<VNHJ6^>lL1x_Ei^tq3)pUjqbC5LH4s#m-@NT_5M{6YiHacy_
z(q*swFB;hkjSPZDVswodZ^LMh)XXGoW>iQEg~1m7h8Frm3v1g2Td2A<M^NrTePhZE
zsDt}rb=1My7C9uh0^6uq@Yfol+Q(O~C&3viinxnXjp{#jiTtOI-oSs#ivCkzi<EyP
z1L#WdpW^b^2J$x-(@5h7?5|$v;mcT&4l0C{57<A5sgug(t39(oW3VFw-`w42FccnR
zh4Qp?#8XMP0iNn1c{YJQnWB~44f(&YJTr*D?qkh-&svt>%?S0SMN}oeasH|<6VvR&
z3=<v>b5P+G59upD4;8n9<Ly6b?9VCqBd4KWWRA$aKbB8s*PrZYhDx9J+VIlVE#dn|
z?oJWNF}<vc)Lel4I(?x&Z8oQ<j=G8RxVZw4Zm{@WI%QqU^LWL%tfDeR8LSLa@|6Kf
zXT_-8sl+H*Y~H%uC&N!NWZj&-OHl4oIw>8srgKha@TMQ)P48Hfr;m|hk~8^>W$Z<r
z@y=w#Q=gJ-cmW(sMw!?wis+gTq963DvH6}d8<pFG^yP6mb!9x)V6vLi464of;Gg2T
zh8rV|9zlz4(d8C^y;(CE&q=wH5v0P@pMfnwTEcngT3D!r4{lMdN^WKQu{@K5zw?&5
ztx6yqEw?IJA&^zcd-p_Gm8=RP60p>5!5Z!g%i9fG4Y6vuRqKD<BAr2R^ew7E@B4iz
zaP@86SjHpijb-+;GppQEr@=s}rOv>z4@Mdb>`AJ}SfE=Qq8gSo$q~rw;k)JW0tRS~
zIG=J$3!@lSa4^bctR}Sa%_^OLL<l?-n_#ZHREH|!7JW}+#G80_8ox*#jMQJza)H&9
zXC1cz-~0Lrwk#gBlZnT-@`Hb8aOWnnuM%BrK~P0*+3eu!^C>K~n*z?-9(K`LJKWwx
z3T$$m^v}jX@>in7X|KUkU=tGd**kzE;AAR$Dnh9l$k#GEz|Q-+J<7%hdVY!0X~0-8
zC#>9ahJ~0&@ZUaY6NtmpQx+|w;nEG*Z(;jB*ZL??Apq=~7cj0fnhirVK^(r87(<SA
z$pgqu?==|NGKmtM1iM@}-6HVlX+&R#54WyyzCJxT&Q^7f^SdY-XNuMP6Oc{Tw4Z>~
zvJWK({qEEy(pO_3N>P=`>cNWs1cORDfi4~;(@0-=*0McliF*(ad(e^g;0n&K?K{$=
z0;R2HYq4z+Yv-__ZVtFw;^u5;o3ov74(^MMPn0jxlRb5dq@V96uUZ6c;f(V5?F2WW
z?xBf1amxSIO6I;AT*(c8*0qwS4YZPN*p4skM>~$Q{O!MLfBI1jFpyq99>RSFi$6w=
zaXJ9D)iNCx+TJ&7B^gwn67LZDdxyr=4D`mt0e5S~I6Rl+XPz~nqb>i=`vwxtC~g5$
zZ<E#X%Y>?Y@7I8s^Sx^TG3Q&Z+2hdv<|0P2`Awd19|+&<%|TKKq0RqRq81t$7Jx$>
zs+w5S8g5oGi_M9c6Pvk4X{PZNtP~iFp4_#nNS1zQSL9vnCtKz=?E8||H!}ZXt+o;0
zD8HtD-GqG&W&ZE4X)R>5CXtcW0*H*_u`oG!;olqCY|HCvvx|P?&DKUJ0G_T@E4|Jt
z`G*ldw6PU5e`m1y4rt5vW2+m-@py~(c$b_7jXAGJ#__1q2GyQb@yPxqtbpCT9ki5e
zUmc~(IbQw<o*2?iUX~|lxHw*R^Wxi=)$b2kc9P;V5U<Cez1=Y&=+~guYnjY*d6tm;
zA=c(ygPe?qRPpRuk2i4Vn2~URR;hw@N?ybj|B{FD^?+{|^g<T7qN`sF+LXoN_n>94
zdM6qsc3GW(n;SYPU54X;z;leVyA&vhgDUf)?A_FY)HF6^(fu`kU1CJNekO{a-D%O(
zBKWg4#1w+;iUYcq?C;U=tCfMoN2zMqN#!<_=T2dzf1!c0v&x7y3sC^o2h_}Sa?PUX
zIssTAZH(FE*p8MG`3ZlAIu5xe#(-+&q_yH&wAFddVDlW}8i+VB6t<jr=~<iM(2HXv
z_bK~$$(N4OSoy30156L}r2m!gJ_TYK)6^D}I0u|aHws`47O<m{uw6+LtcE`&UyOna
zZT0*S+yYobn2|pP{TFwzz9!6uIF0U8jyIF`>pLj<RQXO1A80)dgpV7x3oUxoGzbij
z?TTT9&CLzLipKx~|Ka9TH0{E-ZJRb^#Po-8DFTsba%tNXVRgK~r66rf;q_#CE#Ged
zLF`|%a8uaeZJ5=9XLmxvYv*+eZU5SdG{IkqChn)eT9NT2T^9(l^XmkGt-H12dUP(^
z({{NiQiiQov$*-?664+MDq%$iarQb#J`la13240b!2ARhU4zxYJcH<7&9AEhG(D>{
zkQ7RiEE`1E76Zwq;8S_a!UVxzP0IVqXdd8fc}G|hhd@Dn;>fUc?%PD0$H}AE3;$aB
z=1u-h=JFW$CJVo5yCa5|lA+v#ccjoy5N!2s!wLSjYgnz-w{v>&URFl~`&9Ixf_*}I
z{4Ifh@g028fq!AZR_*3?P-pgAc>SK8@UXDjz$+YTpCb6bAXeHRrH->1jPw0KEsQfE
zbes#?>&E$3YjvCt>c{DAuN!A($T&^fICJ#le5gH*lk8>R#Boacai*%>%FWoYlJ@&&
z5T##>S{uHJuC$<Gnzonj<XSR5!@VqBkU+c=2pc~`q{ii5dwiXOTmIX(2?#}r21gE=
z4LJh_M>EPvxstt9nr2?CHaHr{X9lGRn&02f<BYA{$1co$;cRWnOamIoy{E#@&rMmC
z<#)kCKUZ6einPRe21gUg3x-M)WaVb5;!q!{qUJtNmGjtbY(1V%gcOQv3BFQWrEp05
z?@ee<x3?QRX%*esr7==@LTRQnfmNI40gE&6sKce(alJNxX=ZpyoV<pWC{x%^r5MZj
z^nd?`&2SX7km=#;4=pt&8?oE5Nu>aPX-(OosRq<r(6qPwSQ?owvYQO61sH<h-z3U!
z%@X*o&YL9!m(dF!F*GpbhrG~u^X&dYn;($#Spnf(mx$hx(uhuCwCcyidM*J92h5sp
zWA{O8SW$*TlQznOelV*Jc#dP}{Lep;yzWB+=|c+9clsT$Y+t3O#k672S%^lc+#9Cf
zxXA7w1HA`VK+!!K)77stN@>H*g`(?z3`@<&a7mu>lbLK+vl<YZ^bDsvis8aS_D!J)
z^wDwlc*&C{IWvvM(p8g5V}*?aY3>J2wJslCyp*8m_2F#vGhy_eKf-RKfxh&(pg!Dc
z*=7^_U1nE>P0YTGCRLE_y}vL0I$lmguBOp;Vzh~vW0HG6m?~ewKnTCfU9T{>1qCxm
z!1o?yb$v1ILH&$OfX$O6d9sWHd@;4`UlU)SG31sUr=OF(iL)eE5Z_3JbZM(hB%1^Y
zw6i2p5MTch%s#mPdtOoi4PZjnKflAZ^V#C~W*tU}B{Pwb7$w>(Mu~f6HaN-VeNo2C
z1%w6|kLJ9%vJ&Rpp@xSUPOq?8Cd!W1l+8q*dASzU3NC2fmlqh-LH1NSHjNU;yVS-T
zT)tAk{@q&+f+Gm;=ti>Ia1tqP%=2h7OZWv|sgQ3&@4pk)e@q35Ja5u^`$L(f*KaYb
zBVb4N7jxO_waW@r<0|H+l_Um1RP;??S7t85%fF)^Y!TZCj29!u#)9_A`<N^_ueKDY
zfy7fPy9(*)MCYUELX4Mp&d0q3|7yOx`ustxD=Q`h4Uwwk8pCrb{yq0$LGEURgnmn6
zk%Afp$Bu1%JGn0#6UJqSWSjVjuX)t_Lj;PW?iE5gF^U?>^)AQ2%a<{XBjgTmSoDgQ
zgK~KzlB}q@dz}==9i{qA^dT`wzG{EqyxMreE0VW`R8i5Cr@#f*Y(s@~Z*Kb<>C$2U
zI{o=V`A=Lu(vve$Bt4mUIlB%u0z~pby-Tb=rxrZYF~6(xYRrUK?@iv^_SbyP{zMYF
z;*hlKkkoj)k}XxQ#hkqE{q`KjlSw=L;?ndMl5a>rT$<ZHP;od~+I76*NVI1M`$AmW
zLTbE0YFray4^oCxvR?XIN?M!Ca7jDx<ne5$0?F&6;9Bk)j_wL<-c@KF=h-e*$c-QZ
zPQ}S))}-~NM@qz{Yez-o^tF21LmYGu!gvXX@s}t);a3g9StJH7I3b2HvOnm>{$1;T
zCPGQSSBu%xehXufHq@efqaO2!Z%hLNGw)Tf0%EvikpYuCF;buurxO95|7oBK-8x+@
z2nzjPZ%~)e&;ER*#O%xV_3Zgof%e>aDVz0=qk;O1=bP#FpBH-j%YUHxdq#3+c15>m
zOt8GUlTM13C~w|FoZHB6@xIF%HiRLCM(hB~D9e*PS9yeHsMO~d5NJeamrhO$^sx7a
zT411%Rul};Op-&{zAr=I%5Td08m-UyYNVthkFDb-bv93toLv=@D5&Li%kxM9z6*1I
zSUuOm!s(bK=PO1$(gmVxDw4l1n&{&H>Ock>^hlJEQ{Ho%=K6M<)pOcfaV#c3+RlKH
zaM47l?wM+|V(e6m9Gn|Z5q9m*QwSQunQVVQ&l$prazGmLwcj#$+E4if)`^vOk{{Vg
zD}5(c)=7U~a=gTNK%PGf7jP2Mv2kRIhh{8t!oy^xv<8)jY7I!GqW(zLJ!jf@M%WV`
zf0n1*hD~&SgqoNfYy!kZabRt2;@+=p83P5Fli?vQu!;*w3A&H$Ht&f-yG?(L-fr`6
zwAF~_E{jp(G)U_J&Wqx-;p|EL$y9cwTQ`Ac=>^}#$HzPDqWeDNqq#8ym`|V^J-93Z
z<}Tz$6LUHO9s2?|kvJ!bIa{I52-Qx40%@vBelACgg9#Rbg#_tWUbN`o<JCV1K1QS5
z4vdl(-vXOg1)Fy}x@-L%V~rjI(l}6+unI%|fQ_Dl+gAj8+uxg;$YErB7>rEG3W1S*
zd&znmI~s6{1|_%aprnXbxFnz0AB2;lNH}Q<=huh%5p1x5HoynRaSv?(S@M;~P_A}w
zWcb|)S_Wr*=?j?7)&DYbs3Dq!?ShKbUj9(0N%&bHyEc=0FU}L{y%+z|?!|G0?52eE
zF-Gg7t-g;3!u!arzYmwz$3*PI@8tJr!7cUR)UU5*V=q1a$&Lhcx5E&*O!h|@==TbY
z1rVMeVzNBXK%HSc@47nc%{yCruCC5z3Tlqrkf2s=5VtQA!bPErYuOMS<AXQeIEWs8
zz5v+0OYKy4?=fKa@|r+)g0sk1r`^t9t-b^Ke~~kEfR}p5sNCIlV+!WK#Xjnf?*2qT
z4c>lmJ-a^dkGNmE@(P813=-nZsJ%WmGWwPu3&UbD@5aJ$!NRejO=ob?WuZJ0`tBZK
z3Vn|jSw0&obd0F*My*<*15_xDFz7bas$B?B;h%^WRD<q9`QSQk&@GQ@&;C5o9(~A^
zmdbrfh8FDj;cX;KH7Z7}tnW5e`I)|ruH)Tv^Y||GZ=@+;P4eyh^^&=H;rYSX{a6@9
z{AmFxy(E-2GQJuZgrtjd>74lRhy+r7VF?)MS}lEz_Q$|}76`PYQ=mB=0siVBmksiN
z$#Rv;d?z5bQCgTI%o(eutdr$SQ`ka)exRY%JJ87OFeS?`6Dqh}d5jr4rpUhDXq$JW
zk(()Yug^X)J!qe}+vceu`^0Fgry30n?}?!hIB)|fw}#piUbcF+fjwah5D9}uMGMtL
z@rzw%Er79)+<E1RuY>UMBdXwCX-3Z&kR%U_CYf#_;|;+{7E{HC*)L*LyiN=NMnJj0
zOEbKE6)^ro+cOBUK|uP8j1yS}w3%~thQK&FANP$0d6Z+IDxBsQsX=_TXJbMA813`9
zQCQyZ8C+*8Us;k-hq~tks(au{Nn=>l9?OXk-><B)li@a_A52z8&9ZsT=6uhEND1>^
zBlLNyF2Ch)8+S114h9PY3fbODvv8lJq@inG6vJ}9t_s@1EhcX}0S4pwGvD&BM3kNA
z!l*UQ${JQ|^Bl4|ug6Y!)LL;W8a)I2VC&8r+01zVEnwZA3poQ!F}u;ceYZ($8M6zl
z+jlWkIx)<;9V?aO?$(UktH89o-7Lw=PGvru*C5rNos#gJ1$%ZbA{xCrO~ABBo_1!C
z${1mrkP-03tRppqx^KZPfDm33+M5Sv!yS%?_$1+w<*AVp_DK~r(Gap^8rZul#S9m2
zr~zCkYPit7v7|z25n>eggFJi<*hjM3A7Jg)y4vC!SD~p^q1fv<N06Cv2llCdAH*)x
z^K)R^x|cKJg`nSPs?TTM6h%#ztB&JJ9_0V#LsSiO+&fDSC@n&abGCx738u7^7p?{p
z>XNb|#GhcLIT$>;c4r!R4uFMkKLcB;^jh(a-q%9p8EmT?)oI>)Gnn_@Oc(->{N!DJ
z!!?{;n0%oS{5RiL-r;hvpy3k{O$>$3!XmVi!Q<1KXHy-xQ$0R_%#X|C4il*Wtpwva
zq^YfpsJj(ouoV-u5`S2aU$M1iV4D__n0nWW-jJ9&PF}vZH-=06RbN$J|3yE>79$zn
z%$&KzAf?&NM$vU=H0c%q0@XCr{_)9JhRe>+;&L-w85`wCPv0v*+7!u>3!kIXn9<2`
zj05)()FP&``7$Q<eV9FWGPE5mD4j#%bL01@uGSF0=rrI`G?OvOmX}{dv3L=&bD0Mr
zMCm#pq?U5C0Yy>qg8g<ahg)J;+~)1u(>S4aH|vp|A1SawvQ#?KZq&hYgVqbUfNZ(R
zASf0+Jl^2bXx*oW<u`9q$0)iQ1js+7&T+=Gar*xP86zc86vWrZ;@Z!~n-<zA;0zWI
zWps+W``LWOv0xULsgu7_a%~Lv6d$m9c1vO|V-y)+V^B(~^Vl`Gp)#%Bo5&y?lDm6;
zlV5z;fGpsD0I)FLfd&F?Gg||B*t{?M$LiT9*GyxjBY9fKzy@|5OnEZ6E*RL0QxM=A
zM@thG(jw;SY<{d2yXT&7`@h)9hTCW-Gxap^?N*A>iNnBvPV5diB7(#;p!8ta=j-!h
zZ)7oCj^mJfFJ~BXu{t(+fHQa^<f-E@Ex6=OH`8Sa4q>?(IvT$<4aZ)@$Bv#A#bIOb
z50yC4C10NzPqv1IQDMo~Xxk)D1><5VRp2JcYtZdlSODnEpt;wwmV<@mpuLj&oX-|e
zx*BAl?mnMgA7eDkP*)(A-p%S^RNg#IjLI#4XGd%X4`{9~V#8^=MYN1fMsrf#8lpr!
z+`5zSM|ga~|37=rN0({#p6O-?py2KYk$?Ij4WH2rO&?Q6wF#Pcwrh^&ooyMY%YoJ?
zMI3SNMqnhq(U7w<vGSRp*o_GxPvn<c5vf1b?_=$vf>7y>X`~R+JJ$>8?Y5)|N+ZT1
zh@8gHlr4;lP~w9h*MCe7ZcYpC!L(A{9xQo2Sx_dxh#c@|H2fI`o7oI-q<g=kxddXN
z({eku><R|dd5bkBUq67<nfw5&ro>|WT(%fWQ>C%e2-;|+rL)6sUSFFL9Kh#e0iKV`
z?~fJ!=Tl<dtUD!pJ!Hvua8BM0^4*o4j3+BjOk+(UeIbA9j0mnKPGe|LZj?$F$#Aog
zn_64F-9`63(IkP+#EKFMn22I$cXPh?B?fvIMAt#E_TWO~6`DSdaYC7X2J^x!Ylj-t
z{}@Jz<F}6z?K?*0ihFnFxp&$-ozD|j{+@4GXYFvcza@E}-InKjI4~-&!>&Bf?~Wr}
zAHY6o9)Gw%fX{ZY&m1lC4I8X%9#&_CN%?#hO7Hf_zpf>F0ZH;gg4Z?`M3r8!<KkwD
zvA0NG2jehe`bd}ll9IMdhO_vvmhdzneXD1OwZh-X>e*nekelTvZOHQM$SOTtk|!?R
z2>CcGLgnmvNgMrl1XM3eh}@US2t8SJ{bHafgm;lXLHF7kr~-VJ;3qe`t)laDR(GKH
zsS5&x4onoL{+V>j|C*rp->q}~Hs!fD()#VlH>|aGxH8bvb&u$RoU3{4OtLlHl;_#u
zI3V7E>n9(i_1nlkbF{D;%3=Kg7TEf6vBn<x?Fw4Kc$=qdg&)!pQa(@&D&2XD8FNwd
zwS;KLxQw8g;mc^}%cv<Ta2c&h<^SU{)(;|g>Oh1|@qj%k3`8<<e#V13_~@>Ok1uCI
zw7=T|m04+H%!%U6?rg*S&yuo7#iurN9D)ZA%A6P+c~ZH53K}f{y@8qpdz==>r!efm
zzF3_G=cX#x+`xd;oVc_MTn=XBnj5mmN%YvrY8hv=7utAwXozq36i6k<m>Y2Ylh^*I
zz&%)1@xZ>ZARbu9T8C6&Qi6=Mn`PaEok|ON{}v=~MfY9Nsu<3@tT3D!u3QMzaPba^
zGyWcN$0~W-<mqI<552t$1aYZgHURxpKzeV;Fbv1NXcUP(*aTi-6J(c@=Obk3;C}qz
zm1IE;pbBW`Jt0UYgW$EDTr)9QU@Ov&T@IhF1)A!8HZs>vdvcHsY|}L9qVsY~$!9Zy
z|2Jckv)R8n`#@TgDPgt--X-h*6@!Z2h%sBX;T|N_XasOY+;o4kHWvBir;uoY0B;L5
zQKfewu`EHtpp}x%C95mkI?3wQ6WM~7<KZ`AdFaGidI{FxlWx^pga5*6`!5Ui_cH&4
z+RFp_Ugqd}Nr(-#H@_vMhv!+%dhE?jP3sO&XQ`8}c`~{ly5{G<iLS}|BRjZ=$s?2b
z+Ac3(SLf(D2k=Idx(5K(_>luR997Q%QuzSN_h$p4qz=Kr_7UxV_`Mm2rVL@n@Z>tW
zHvu~2Pp5I}5-!FN>N0pt<mGevK`+>_<7;JY(oWY-(ftHCK+j@-<Q0wCpQY@Nl0-q1
zL?uO|MZO=T1GEt%wE=ck9#f)}=A1}j1#K~U6QL5v?Yy_%+DI>y(G7pymnYPVVodAO
z)b^|DT>xdRZUH{w&3@%W7XVcrin$PwR=9+;LffiFgN4<%3Y7k<@kiVSW}AT4NRYfN
zK_A%y15RM7*(y2xYqQ|RNGe|M7z6mlXDtJ>)m$;J+`TdDXPKTiLbO=b&3p%Px!ge)
zxYuV6bzu{u-v-hBqoC*SSBwZpW;NddG7~)@Fq8LJ6MMgh*OX7Zjr+;Hd%-qLbajQm
zjycHfFB%bcB5ysep2+<T8QuFVKatT;Tn8-YsL>up*RxTWgR^gr-w{=3(`$~YO^+_q
z9rk%p%tc~g?DztHR)nc9{gVuo4Wc|0OF#8^D3-R7nID>9pe)&L9x;ks#Tk}<j$z5?
zQSw>@C+(6wSs)vFo<SK?YQQ!&lOLIY$hnz@ocl&2a_-K97`723F|$p~so^ffcIcaR
z!#aG<pxZ-{3sPqA-V)_j>j+El<XAdUF0#?#ff32O9@DV&q`Fu0g}>F+ytP!fnh*bt
zs1vwF`E)Ceptl+{1pRv(J^Jj*YWp$Ar)t5s)_LSM*5(&Ru;8nL(_;L)UKX)`l(zdH
z3hM5EEz~*QilgdypDWRg_uHev@%B;2`*H9>=@K&D$*i`Y-`Mhk>lt-p%!Y>uW4^uz
zFsA=Su45~yul}BcRR1xoA97aQ?F_-4lgE}N2>!MPL8ueoe;QLazE7z0!Z~-Xp3z8r
zG~0j84#LB_;mI6Kto`e~aN5^1fbZ+PaEj_1K=lC{z@T5%3kQcV>(OK(6ptKb<RG^#
zeY;bNpmUnEui{RVM!ah9nxUIy@ilgn{CSP+T%jrXy*p9_`Kf4jsvn0x55u1aqA3Q^
zn8z7A*%~ZF*D0y+=U({JhHjo)HLH{qtM2H?!|4Y$esz?fAJ-o%)9?oPa(Z55KAh2b
zO3q_+qjxDR*#y)cH++X*0Zs6hsD{iW81DgXCFFN^cM&i$P^~;>52RwRW_;%T-`}J1
zzB7>XB*gW|uw)F^eu!=tG#aKiZ$6yN_@31Z31I-yl;wSuCl&bfhcT$BgILKOexzp;
zd(Pv}v6N<%N1Xt~mq=KpP`>hgHvy<>jHFY@@KTWhU#K3TVC&TIzuizyi{={?*bF{B
z2%mb+$PYTr==j*fc`x_6tL$nJl(9ii>N^E30QNz7-yx7PElpL=KP#$)1L-wVy5*0I
znsc>1Ms=?42ui}G19JSST&z5UxAxjkfG6#*!1H7C5ofyBqvlPOZ*2<{2+LDovmb+Q
z(1L^Q%HUqzgkTC~j)c--Y@YQTm*sos$7peAE=BV=G@=V4m0>Izf06+MRq>t%LQgkw
z>~roQOtT@iv$&yl*!~l(d1UtIalRW~&Jg^*D1B4W`li0Br>V!)rtJ68xgE$>0g&R7
z8Zws(x=nj3Y@V~?>T_^t8ttd^`^FALe@po&N^9ym?|fl){Z8LJvLl=C{^9Rv_a7>w
z-A^i0cfY!eLGZVWqQF62u+{KzJn%s&Z_>CUyAHdN9Jo3(aK{{oA@})HX7sx>qUAPT
z>HyZ6c%Nr8FwVhHPZ*r!uCa8V7wGw*Lb%UkWbbo$pT}tT`AS3ZJ}+eVd9yn2^Fwsn
zJa#%a5?lUPrx4GY&24%P%8#!=&>Y9}Z{^~R?Qg&V_z(x+Z!ULJZ*p+V34%cW^#VFH
zusL7+SvLqgsNEeBfxv^o2Ab&`c(R@bI%y5`qz3Y!w*BG_V4->+$N$?HZ`BK`=iR9K
zd%SwwHh%i#uX2+4#ern^gAWoy23te9_sHa++|f5A8LdYf6EO2ws+bve!nQ7SgNzPk
zR_GS#17g}|$kXlM{u>Km-_eXd#?58ta5``?7p~O?<g@Tcfj`IK&tdjQ8KFD|4g)FN
z?%yc?p3Sb?d?<SW{ye9>sQ5lZP?Gu2Lixve-T3U^0}<$L+(!ZD^3~QZxJTW~@&sOv
z3)5$qZecn+saqKP{q-))L%gxWrQz{lizP_qHW`e;8oWJ!4EGPfv@2@VB<Iu^VQPNX
zYA}t1)M^kj0nS<>qJPlW=A~wPV-i7A6DVhY+fi~Qo96_0ES-7_^N>g*^J3H#B)>RU
z0jd_JJ^)6rq3vNVl`wgIUSWUMK2J}nYx*s<X*VhHtKy;cZO&D*u=N3vt;7Az+8dqi
zZFUy!z-({s*_enS_r`XsSi8`W)lxNiv)2uz0l03@#v30D{k34~7-{-c(tb=xq;v}#
zf4(Q#jIrrJx3q!Bodyl1uZ=+!7<ylj@(s0C%O8#%wlH4@@YOYnuHU2Ua(E#3I|$`2
zPM?j)13cqI=bLz2UIb)RAiD64FCFry3i6|y(nt`=UJdft{|1;rEy~o^Xi0JrZui8E
z;IqSOfQ4>z^sir(hF4>O&7gp1p06D?$9^G~<1IxJPg@dylYnXu4g;Dt9^Lk~YGZOk
zRwlM+AtRu~_lh?^;iNr9ovGEi8_m_mz%tp*MUemIPlV=suai)Zt(u}VfrPvbxCcg_
z5oO8T<UUr-s2-Z_)W@@(CW2_cL$N?!^1hT?t`v}^6qq|EE(b>@GS`=*l%9Ai6+$;7
zY~Dn1X?_!{<+P(YzISaDT}cM=t~Tb1OZ^NU@P)Oy`m=V$YJ5P3Qvb+G%ROM4GAYYz
zJJ8IsVaixvfx%O5+2rVk1H!8dRlh+$0XCYHd8Z+A5F3<Se4-~qvw@Al>L})eCuw;@
z{4h%Q;r*8j_=oqg53{_ibB5oW3if-m0_)j$1~$pEY;inn^ZbMH@0ygp+*EK35SLD1
zch;uN-Y+z<pRjtiW_kWqdXAb!pKP)Enr)TJDg;BMKSh$&_qsrL2<zhv1WdG?7TwXX
z<q#b83PZvftY#d>?3$A7DOdLamPy@*FKa^fp;2%jUh((TnQB&7$HlNKWzL>#^5)@W
z+Dd+(1w_}k$jg*)UZx-NG6DI^GjKsQ0*YEsgj|xZ?x4%bxglGKFq7=8#hhHfFpZNv
zCq4r1W_@v};pC)WZ>TH&iFo=JAF(UpJIR-E;bMUxAH2jam6;dWrGi12Kfj+{3k^Xt
zrnEt*;#Y@Bp7=HUEE;|~+5I6nnkctv6)^N)=Y^>Ci_-k#3gw)S=-S`^N*>NH=Y9e0
z@!>icI;6nnT|>TQU&BR{Z#izihm8D2h1;7!Tu4yx-zlj6^b{qT{OQrYemJJuC3`6y
zyM%dYAO-OrtLGA!XE9EUF+SD_@#r4chN6E{90}G>puhwX<omEHJwJxX8O4vPiO`+v
zk=DaMajNA3MqL170odQ!>?~q%tMjZ=24cSE_g6898W~e288!qCp?(#XW6XjKutqk8
z$3BMyvHEsdlb>4*f^nVbz8I}%CKhZeAZr%6<?aY&dF?I&OJB;@<8&g7<E)rsqf9Yy
z0mcwj;8HC=8x0|HFWJD3X|241)%6bo8g&06M)y7w&0|z!?AzKvK`aFh0Yf0s^^HM$
zYofRQkx@MSy>2=fBXegeP3J6r6Ef_6+OSu`?Cz(r$%(sk6r=8h-4(-6nCN<i7@>YS
z{#PTLJ-bsC=zO}dfC9>3{v#-c{B<hxw?V7-CDbeC^?uk{w?y#^jp->Nd6HK^3-fez
zq{rccHKL(9%WH3lVvoDdXVy89q0x1rikFpoP{sCN2vroWXIpfL%Zvsn^$1Dk^4eXX
z_9sA?jrg%QB$RqNAQ24sF}-dzRC-#4i%)U#>)=?3Bqw<89SApEN#TaC8XQlvp*F&3
z!_UHKH=n3yw0H9Uzg-uJ*hH6zMlTubx1-59@H|12^JOHtK!E&RK5@t@Sj(;xQ`S_4
zuJGL4qI+Zr&pl)V+etJAKe0XHnC#uIZg}bQx?@tlJv-DWf5G;81&j0Q6q&8|*RvUI
zx6opIyta<Ta32s<BYC~?ydyUv-T3V!O?r@FFf^by=~)lB2JG9$M#g@991A-I3(X;S
z!*^sZ{?8nS<UbANOeS&D5R<%{y`|)q&J1x|xMh3jSN8_gB+#G0S7!R^x2-oeyU*0T
z)<(luNfCzYzt^hG_JazWYazOF9*?g4sE}2adwZ<lKLFg*PiNT8_9OiH9{$Wb16~3d
zZO*Yv?+Sa?1^W2tGdAnHmCm}bTplQj)kJqEibyBZ%ATjziIbm(I?-A@kzt=@aN*}l
zUi;{ab;$4HqmWP*UEL|Mwbk>l#GppLE@|m2+~xKZe*WU<{GE7<pTA-{f9=2y)SNY=
z5kD06&i)CggP0Nv*Kz=|y|QDo=uh3T8EhcCZVd3i?yK76n1k@lH<>|g*xapYf@d8_
zAPx&?kQR&at-0a~V<N|33Mi08jm93KEs)$P-Sz&RHqQ|`<tIU?`^)YIHJWl8il%H1
zw=b8AkJTZu*-lfFo9;<dC3P2bjd2YecUZkI8LeqAne0x9(g)9A<cihV*J$*=tQmah
z4$;dPeVg{tx0GRKU8q;`ONoyP_e*KF1%TJA4<CAG9l-ZqZCE_ek_B|Q=CDmvzF-aQ
z+I(YKz=(i)3Z7)2_y?mw>q!LP2Tn8aO*>T^(7^8C$K*XR@daJ*8k4-?;|w*P!IDgY
zsxIbLZ7-lnQeE~)&XchqS*~6O6fVP!rmYNxHsV5}FE<CVDEm2QGl)`BF8so(wB_it
zjLI%S*~(V**;xGSRSGZxw!^WUf@T%HhgiklY^mjbSgS8sDaG2nsen+M<XbK|a$Mz(
z`&iAdj<A{|qN&MSH*42&NF2-#S{%&%1|A1f#s`oRw83akxk0^%cRv4;f#h*k4I#1>
z0%XS!c>se)`7aP=!s*xGkqz+|$=A%2?=x=$gKm!IyH^pKU%C?ht<-sQzc#*5kRRU!
z^Gr6Yk!}ZVqH2w`YCj%kdz^~ZV$2vMM7q03MzPKEIOMTx=7#dkvods&W7beZ{6ZsX
zs^tqC>k?_sB-VtnNvT<ZN+3BHD^}@v+~&C)lz$jXi-{i_%=od2-UUtUj0LaG^8Bjw
z0{R`ltF-!Js-*@RJErHyQmww}#E+E_KXwY!5IEV<$W0q#ZX>#jK{nQjWMk_#-1t1?
z^YhS1zW)t&9x$3OTj&Rlgv*yn-iOTDy!EsTi7T?h6M@Jd`?d39lt2A|4n?nVc^bd0
zI}Rqsh9XmPskBcw$17;G&+zjL&YEtbd!s=55nwIls$~$pfuYVe$a1V_gtRT;3J8JF
zjj<uhI%?&|zu{gjr)9IVu25>PL}83~5Kiy9BoQ(_rdZibF?~ujPn~kR_Q7#O7#|U>
zOPg}gKn4Oc)TWTYf0$jKN#$%^OhL*4gGk~?xi1dtiWbh}!#yTDrqwlE(C;&LEDAd5
z7}Cjw*+>XcxYaj_t~Ib46paaL?3xWoDrMo?0=h3f;4UP(p2Yo5`G^<)!ixt`@l0O4
zlouycv4<Cb%8PHOVizx-!HdbzHO0w`U*N@ODC^o3Ui>gG-bcknyf}v!S5WaNUfh)z
ze@n&B@Zz?-_-!hFo)_27pyJ6?{4y^-&WoQ8E#6MWbISb#>9D+0IW{aFKpiPunnVyz
z`>(4hTw2UzXK2fHY|L6&2dS7`d1E52MXh=q*Lhh}fe7cpKG)R>bD=^Ha=)p^{uKix
z0vU8&;;<sR-ZPS&i!UXIEd#*K#_6yOAaF2=u1!Ef`BJ*@ci&H^m0Lu`Z}Q@IcyV!K
zEN;Axic5I$%}ucQCSE+67Z*_RMqWIa7YkIpgctYb#eQl#c0Cn$<i$D7u=wH{DsIM$
zr&IAcUVPzID)v(GSzdgA7k6%s#c%WCYF>PuYM1chg}nF}6|dyQ@AG0KHB!inr}5%q
zD&EJ7pXbFBn_}@Be3nCb@q<)*!AdI5;Ki9#JcKvWnHMKe@#nl)<i!J9VDV+%c8!~g
zB`SW6*FMaPWh%bHYj5Jk|59-SUV9NQzQcsYnS2{Q;>B-M@tW0C?B>P4QE@k3dmJx*
zt0fjYc=3b0II0yE&*8<Hym&z?uCfOtx%p<o`0!#xYodBhTK?<ZP@-v}pJ5FxA4U|F
z|Miv-)1_y=cPhKz+ZtOvj4lMAPv?QU4$39>Q~1pyP#6FBQ3lfRnKm@9^nvXz2048H
zBf`x^A-H*6Q-Oa=-YO7ubI|Jo(hWsm-Brx(#854tC~yI8oV@%Qnq3hYBn<e7TvrN0
zS}%jv)fmD07cP7;oG}Jqplh`p5M9$CdXmpwj+3Hn4|$MOjznvqC_&>WZcpohpac*b
zwZAW2!P_-yr~K*^@F=SZh_3mFGOF|$SU~=kv=b65i<}KBf{j@_DI@6SVY3_;-5t5b
zZJgCN%+Md5wXE#TIq}sGT0o?xWQeb$dZ4cRl-i1gwq6Qr%YHw@mBw<EUAUt4vWwDa
zA%wo>Taa@4pW!f(KYi#o8yq|5A3w~%HD}asi43Bl+2w4dV6OJZ7z_CI3=HJ!xsRK}
z#`X86%dGqjDxdLRT}N)}$X<6xrx?ZKhbu!JABJELicJo(b1pAilO2%{XR$#OeZaAe
z6n(7QcLNRVO)H2Z`{ajg!GDK=pfENh{?Qr~0itA+Na4?5DBad*B0#J6qlOx>zrHz7
z`p^)QKHLPSC2L<DG$F<tTF&*qKal=6lg`Z(@6!%T<ot3!{Pcp^iuVUflJEmY?#-Z$
zhx`a*c>GH>ey>FN5vaOHR)M338d41T4b_4V4&cCF1nz;S!sK^?5C)}7cu6cTab#(S
z8-7W_)5QP<PmbvN7zi<NAwH{l+E$9w7J?<yG!nEuvI;Kt;^4(Tkrnn`g%AvcZ}3G4
zd(n+v%+SB^W9|iKMoW74-;j6T(z^>Q@!g`3cMAlHgc>9g?hdFvx>Fb#>~9wlVIfwl
zFdQm0j;N4wO=XkQphD+}n6v-YD%=VcK8>g_T@yE5X0)xpID%>_)++3S3gCrc)u@!8
z01Z)GJZst#8FBr$D7L-?2C@y`1qlSkz%%-9kHO%1qRS3a&iQz(b^Z*|>drP*L+L3>
zH@24Fthk{@XD8sLK5S&l1^|XQ(4As@l@H!Y6Hp(Q={m(zq<<I<@eWuG#{uQ2&M0ab
zyN+`BU9)ZloHU1K5w&QADkHrQs!ifd{zoh77K*oTt|EoU2q}!s(!$R@hNAgi`s4n9
z*80E8bRzdY^|W5zjJNKX3sZb>cRga(|1PDI-t+rxS_A*wC~eI#Dk}&P{eQw<mR0T(
zcszrDWcQb>t{u3qvdUNkFTN<R20`PaDA#vuUeu!N=g0}Uma7w*`!k!+EztKjjqyXs
zqG3&QQwohGk)K+%Pv3{Nc!96QJ<Cy?a;EXanoqCXp2~Vcy(msc^kuzdRk>lU4Qj3(
zj}4@Ux#svPcD47`a2}EYadPY?Lcp0o21uL?D1t~4$O5aEiM;S}q6B#O$*kFF=v7k$
z7^oPp_7srn`BuR`DJ>A+QPAH5_IMQ6U6i+M69k9_bX=-96m5;>anh>c)#0}p@NTnV
z3M|%aF^CCVf5D03q(OD1nl>ZoAFSm|J?>~hn!rmA#Xk?X_f-9-Wj9bzrV`fSrr;qy
z-UuwbR&i1dBd%*_<Kj;Rlote+_^(EsR2#)E=cA(Qzm0HXi-Hh=hEt*2I$@c*t%ISh
z&HxebHlnB%McQdS`BoZm<7MmN4$%oJLYjBKab1smdNhiJD=`wT&i$kgzzqXPfC1bD
zQ!ZVFUW1}L6%rIyx#5?={}Nj+_UaXSbvwO!1z$Z9!1Dqpz<&f0Yumy`M6WK?)2rM1
z5xttp!wh<UliOwL$k0sr`%FAyl)-*D5Na4&tSXBd=$<Taua!1XqNc@ukp1xQsipLK
z{gprfHS_+eS{(5t8u9bjaKw{v#NW^fhb8nUUW3JRkg&|X)80mv6K&_%V&7t*cT}<G
zw54pZn(!HYzm$^<t7opX3G(XKlGT$#SkkvtUE}8d;b>U9Q+^rC4$5VV`L}W}#>o4n
z0FG}mj;}Ecor9izd=TtzfzI#cU^fOspJsfvWUQL&DR`;Qr3=?Z@4gFp_cgs6P45<l
zyhHlg>y9JX0edY+t5D?DD&!ojT*3y_l&{98OR_Z}V?Spt(Qw`pK5YMznDEPf;(67*
zcow6g{iDx^U$l$QtKr(mLxulDRG6<-7zh<UKF@{vRi#sKF;^l;rhK!c05ziTPb4;t
zG8d=3!;7c!;s>Ji^P94So4LY-)+`PYaxYwr@Zmp+z7Z+*#l!|$SVPVl1KuyreL|K8
zmpFJln^C{L7E<*lyx(&M&NWJ9)nG&H|L`)ON9nSah=SbnE^9M`5`+K9Rn1|wRFk2L
zuI=GcKO|6d(RoB=nT8apEYn4@3FoSxi^M9~-_B5J;o%e~>#cDl41JApxnSqUtAq6g
zXNfZTH$~bvkMVDYv2XmtIeTTQE?vg&5q}3v?UQo%0$Ph&2d%|@Au#sdBDM!D_#UJ!
z3W2e%i&PjZgIX>5<=A!+ow3`Iq)#!;r}jVL?E@*s@Bb@&1vQquPe|W?{HTNPH9v;*
zz3@lPegOLJ#QT2#N9^+lC~L=$YK0+W?uec`LDyPGyIDsHBx#wy3oMONzG9!VZECin
zui(FWSzogWG<+9t7)}0t8F%i+k0!H!lFH>?zhnmC%?(~}{<+sR&?&}4@%3d4|Gt{?
zovy_V95h~qiFcscK)Jff5Q~v-@*{7C1IEi^Xp>(6Li#ywMaUqsj54#8QD(M{I#3N_
z6Zel$yeyip34Q4)gRSs4U?Y^9@2u5LeekyhJVUGJpi-nZHzL^Fs~3Y8p}kA!#(oxZ
zu%Cd9?Z=zy6m~W4S*Y&pdkeH(td`d-B&e$XuS!0StkJ+{G+i?>7b$Q*JI3p9b98xB
z3Vtj=gEC1+hw)@6T3mY|!HVR(4i?o0WvUG7+M{W#w>6yf$^`N#+p7sPF3Kt13=Mgx
z(UvmhL22|<1cPs-)|WSw@hy~BmjS-Kq|IRr%^~wba1LX_<}mYz|Lq*g;=<+-$A+US
z$a7iGuKl7r?h<TR$l^b=KwbQV9|}~jjA}W1K?w4_SF7c1&22RNg|&5{L;G!*6%qrA
z#Y||S1>bZ{I0?16nC>aKOHtw~sA$+(ErCa5liq@A<blmWzL}3s-ybBpFT1o@WaHon
z<O2lMfqe_eoLP<MKh2YYW@cj{(4|QkE#JAVHlXeyfVBSuc9G?K8(Dc&(Ft)lgIlx2
zpM(sECh8EgXf{Q5idhwe?!vEiDAV{~L|gt`cA%2VZRk7$I|#?WH{Aw#&(X=Zj|5pI
zhbp=Wp7Rm36d*wc2Y$wAI`E|>8JKaHSBJbd97*)VZ;*Zqz!$^#7XyL9ZpumjvKc{`
zRm0|F%3g~~;w7=M`GpG*f_O5Ri@i&B)zzcPYz!UR56TKDv7i^hBB)C4O!=>=B<&%*
zAOTzVAOy~NNNK3VC^sv?nj0;&OoQ*&8E||#l}4P-3h|3zVzwfA`c(A*P2ttr2EWae
zNAp5KUpTU-j$r+&Cv|yXFt5SOU+3jjygVpoJ^E^z#%mEfA@6vVT*2NCR*s{}Kk>@=
zZ4-GO`>7eDWXiv#&`2<IZad!N(7}1Z`8DdPt8pcTYTOeXE0!PO<+l#j%`$@#c}kMj
z(A0RUbFqM};>}81rM1#htD7~20Yd|AS!3nIDJq8QJVmuoNarmqE+Bgusq7?Ltb6R{
z(UhzT0-jKy+y-N|5N^tZ*nuxuBwrSfnOh-=IS@r63cX@%WN{5G_#j2GkCn+Uwqw|;
zY&|p%nGrwVj2CL@<^nBr&f&_;Fn<Mhw$sg$ub&Cxo1;gYSI8BYj&8zuO&Et!bbW*)
zD?~FHlg&Fq&Pxg?ZA0RPSv_a+Eobb-1AJY3NIOnRzL@XvjX{>Y>FXdduhp|BKjD~F
z%-Ie6Nei?=le0g7$oY;=*0Nf#Phc2_eN<`_ZD&~tnCpX~Nr_F&Kbz}0>n<;zV^6kv
zPO+XG?<mbQei>qIL39f=vK|Dgd)9visqX#V&^!jBnMtwY(!ov8rXZ=@@@uBJ^jFE(
z<}J2<dtxOqZ>?n6ivNUa(?h=XZ1w!AtR;7K?xWZ*9^53v*jUNi(*~CW1)hOK?`?*H
zt$vO4vl@d&x^!4dTFb*Y_T3As+TX}9HtV+Hk)VBVaDNIG87{6hi0;OKAiN2Z_gSOW
za!PbzGzU+zS!oIIgo%it_y~vyybfdqo_V*kka3(5C5}UR-cjj!?xR!p=6k1(!2DeS
zIle7e8arBW?+I&Qi$hkHVl0o)sOWFZQ}3v!*D*NC<2P9`6ywrpq4l5EYL-FGX}spZ
zd3DLV?ENFf>rYkGBl24D1u?NXA3*$c&py>6S~Yl>zo9lzpZ*mPZq`x*Pg!Me%K(WT
zkr|<qh<tB?mDbjN5RPU1#kEny&3HEF0$rfA(Y4Rl+rBv8`!ssxU7f?$8lnnJKAPpJ
zwo)XAL?9XDL+^Klb>5O?IVjE?!cJjs+GKO_)RkDt=1pWPE`!FXR3PFy-sX*icQT5$
zc+Ps(VJzx~bJ@-fWSw!(9k8F%IbBqe)5RDx_W!yXz^m=xP2A=mthf_@1~icMGur&W
zw4^6$vDk^8B%`T2<oK4)%&w<--tHi3_wq(+*BH@m`z1ZqNF$JGt}6o(3Mh)n`9QIk
z3NpEP_?gMw2Pac>mqI{5BcMBm)!L@6159`vofTF?{DrJ#fFtFxy?`d;7DgOO{r}<M
zsMph-tSeTwE1Q-2Uyahqr?vBQ2t`njBC@_~wz{W>ByWzkpQiU{KdH>9hC+--``IFy
z2SH_YSFD7#h?I~Ja~#@<gp%0Q{wk-{i>1k36;%Hcc~(zLq~fUQf3kz>5^W-0KyR<3
zObk~W+;n83VhNBqa3LIp*!UwHHGI21I0|vzdAt($yYYtl;Hdkeo*0qSl<yrcqqivd
zTfX(bYCMV>pI==cFzxs;1enZb)avq89TN&kc7UWY5UYQ37$g;y>mX@L5Ry8kL_*T1
zUqnEXqbMAT9M%YnOJiQrMgON)(d=aB+#9MjekDhhr=MlC!$wy9i@9}Jsk}b-#s<i$
z*>a+M`?Eo_<-)l)wr#mr`|9{;Znhj+VaqkOLKRe4#eN0}M~3PO>}=5Om0OgaI-)1d
zPQ>D_ei|8Nlsj|pcaz*Mk<&lH*Cx3UFZ{IMjpN5{K-zew8Dz&cj~an-GwgXR+7_cf
z(@Hb&<4G6g?H_bRvd=_6&wbw!2N4f9?$F8ll(4K#%5CUEKhP?d8B|<dq4o$|0f_C1
z!H?!=kuG5bK-*}pOGuQ+6PhNOC_mGWc&-sdzSc}iL+qM}N$YHus}O2>JM!?5#>wVO
znZ5rZRews1SLH|$>|~0wEA5R*O?K6BG^7pt6QODYh~qi}{6)j{YgZkL5`RNw!CvU`
zuTg9>f8kxw@W9^{{i=ISN)v)^F!sAkXPQA2fMKqdp@3wz88|$oPwr|$tWUgba`X^9
z^UbIN2@UX<2n*K|&OKW=3GuGCojISvO`aEBFE$}_>qIaq91&`7+0p7nGsBf;43xX#
z;ytK9_nel6Nf{VwVT8d@m1};|z?tD=Aku@p5um*B$Z|plI3A>WTqt>G(p<d;DJ_c;
zxHVwrgbom~01ie~&}H*3BnPg~4k7d%wk4dSI6+wfX?Z8>TW0v5bm@fT*&|h)zE9e5
zMKbJ>3|rMGi9nl=fN_AR6Ofxx-qsgf!H(I}ZM=@s81zX{l)#zF$xC$lBq`d(z1UHq
zH0x!yWn0Ci4epB>hoNgm<Jes|Q>&+v-DMD&)JFw2F;|B0tF!RX0Ot<kftm2D;wf`s
zG{gjKH_PfRiG}m=R7FSBZP_e#NJI8Ct2V$pJcZ4F1qC=gehqqpL1TufUN-NjAiaA;
zHe1m*HJsj67Xt(apKnAFh5bFr>%`3En0wnqQEn;zob2mwCRy%E^JgSxPJ50OFa4Ko
zx@Dhz06V?LixmdPZIXA0k*$;CPRX*vp1`At9(*KTQ0`Kb`cV!00m*rU{cZ(8!}s!v
z$5=(qbWeK8ER?Q9pk-vkDOAGXi@C2sUaU@=qsF1JGE(^%*OL(g<J753o)dC{M9fYE
zsZUuw<Zm{RXvRG&*!Y}R&6K-<AFU{~qktK^QCtwqCdNwOkU@MG(QSr|@N4n~f_)d&
zUB<A9K#3Il#Z~u<hl{OrkV%xhgCO`;EGDZQ+z{{C{B6SlDXuK)fjAO?Qodsg2X@I@
zI!oJG%>5P2!_*&;n_*w*^ia;}dmlx0Y?smMRW|Vr9?yTrEk=0;Y(h7y=K!Qip`#VO
zkVg=LTFYO`&<p#mV0*&Hgq(84Uony|8B$3bQDmjGWh|e2zv#XnQanAt{v?5|fHtYu
zHV2glzQS0bE#uUe5Eg>MtIWn*0&}p)#lKK?o!23^^-4-7AijPDlQS^FG;6gQ)Y&)O
zJR<2-m_NM>qXNt`^!Mc^2H?D7On5Q3f>ZNx1m|4(R$@g058?$gM7!FN0VewPCfxi!
zP++vOdxm`n!K~aH9gU>wip=f{*vCh%NjypuB>(Xo2o$h;t&-xk>hhe7XN16@4^S}%
zK5;?C*arsmPYrgjN}2D50kqZ+K&zqk7bsw8yi#d}?gZdV9klNViPUJL<l7@CPn(A#
z=R=x__ptH|m-z#_Za>6t*){wbt|9L`4j_A8u!I7Au)Vs5ETM_vZg|o{iM%a9C=t;$
zN1(v)Y69*yEu5EIT79`9L=;*3Gu}61_BNZCT}#mzV0bnUC9s6Gj>pUd-Xul~+7fDP
zBahfDhb9jOUfK4IRmeA7gBu)&$~Mg^Bnv#Wb)rGF2&fcio&!Ba706mJLdNslH)n*+
zOC2e5@LXJ$3oqUaCY8#!q2$*OwW=9&zsDK*H5UzXNb(CXL9vjAL*x^Uy!D`L9H?Sn
z+g(3#LK?H*tq%IF%c)%~0xcyQ3D8pVt3&ECcZc|KkTemJAA(qAwplWeK0g+8DBh3g
z=Jfm~4?7bGFm6|^!uF+r{gcbi!cbKU$iA?$nq$twDl9gmMjU~vh2(r0lzdNOO+KKM
z7c(#%M(A0HOt*uVnR?QTfE{I{l8JT^UH?Hi_>yiM?|h0le9Br~t`SU9brm$EnDp`P
zEsA|WR%v=yq4*p-u&2o2({joFSH8Qvek!UGuH=s&%@BC|YSZ7V_au-SAn^zbi1_;p
z6g4rEhmB0cIKg3+mb{=+VEWmk;+qq=a;q<i+Qp!ePrunw$o15KorNJpx{(!E4TskK
zH3*RB*J@Gj1r@Fe0e*}jEYqwdA&`_SXt4rL-(?Z}KU~)m=lZ|6jI76>bLz+iv;hnA
z{||fb0v|<r?vKwTo3MtESp;Q4ghXRWBuXMdvLu0QvLQ3cY=Vkcv{Gr2qf~6z6{<+0
zo7hapvD8bey<hA(w$@XtHY(bZO&|#%cLfyXrox2f5<nr`vj69K-kIImO^A5Tujl;x
z`JB&3!_Le*Gw-~Y=l*=3=t<e&#9iyYq`Uru8r&Xja9iw#7-npU+4}W&!iKQ*31RDw
zG`IvC?4c}z{qTxuT^oDi8((qGY^=|M#>41vQpOLd_R{1x*eB0^8?(KZe~Pu2!cX*4
zz2@2aqF*C2OmXMw?{fN%Kq0wc8%~77E7EaLZhwL*p9+qo$={jJQLGXCzRdVN8|fFB
zKroeFR8YJ0VO^dELog(R?#aB>`fp2+Cr-Kp-U2V1g)jSNLm}5S>I7kxqm}Ge3nG^A
z;wjkR9Q3B^7#Hyy%+_B%Gm)bxh)`4=`{`VyC#+T1CcO5|uI0vIt8p_z4Kww{wV*Jf
z%?OQn-E7pg(tMM#><&M5C6UCfu5vDPRp{Ta%}-bx0woPiiS%n2^davM>pUnYLqeCJ
zRd2{p<L!|xPge7N-zko6bEOSBJT#Pw&l?d+!hak_CrCy6K0f2CHq^HtVE7VQ`VWm~
z(<WN?8_On2H@?R1Dv!hulf751u{Ew<I#E<B3dH+Y-<G!-ZLem%)z;fk1iiF=i6fC)
z+<n61;2plMS9xaB^{8*++?O|=Sn3khyG0X_$C7`yOMf1gX+w*DEk-3g)`qOo>+1D?
zF8s8GJtVKiG!U0W@FkcDn$U#C6JpM1W<2h~0-5i{#e%Rk=-!%BW|IOPw@I#*OZEib
z!R~NNuQBcc{c)jawErzeL1Fs<wlR&vaMzB&J5SPG`Nmx_^3THA#{C)Q`vOmr#=u^=
z(+XiRcbU<Dqd4SSoqr356Q|qASS|eE8d6o5ZGBKX$H$qjvQR~wx1ylZ&?oj3aKNoe
zw?VtlY}rWlT`{(rwWu>&Ff?f7_*AS3Q7!}r+{To7^tce%3(&r?1|dji2BX`eT=du#
zF2kHa8Lwq>G1n)feJL}dBL{JiZQs+wjD=Mo&Pwp_P%7+<*y}`o$yA5NE!o70LWW=B
zV4VYn+1_D8EIfoI4{wZT2>wh<jX5Jh{-$O9*psF%8`v^5Jz^PJcMDL8$#IsUy5~(i
zK>ZcC9#TRX5kF(mJ;lbpy6zrk2wF4AlB}DhUuK+seNtR~?imtF2*8h)lZx9IMq#((
zHxoeERfcCu=r^umrq`jc$sCf3ZYtE%?Xt?@@VVc{unYZa8+kLJd4&_!j63iTTA53|
zXvvec*`k|@vLK`s$-fWH5c$KX(UHiW6_y0gN>D>l*u&xhh=DZci3X0DhQ+`tEbzUg
z(;Zm47+yX)Q+VnLBHO>mm1I6T<h1(3=1gBq_qtX+dRLzp!9y0On_t@lqWuMZDJpt;
zNg{peFN`k@J>$mxFFf@ab!d*$?2Xvb_EPR&xX>`fAEN%)%>LZoZ-3A!>&L``3+fA*
zPv1zOzWm1Q%THn48ELuA828-hxLf@v>O<oB$KSx9n)5`xIsT8WVgO%lOIE=fo@68k
zXCc5oda-p1JjVDx@uYeCd8eSnoB|xF3;*oD^Yqy-n4i52Iz{Mf!c!V?gSOf3cOx}`
zRxQqhX&7szmlE}lMFOluz2Q+9uSDuzdKl;h1LIiiG-l+;1$B++(-o|1zcRb_T%4zD
zZoGey;Stdme0ZKY9O88sI2@>7=$IrCv-fB{*0YgtT1P_1k+^v7GRa(z1AKh?*ZO$O
z;McEW9r>;K@z3}D_<ryJ=6RHLUZq`9HeeklWIX2#AfUtg>$hCTF%N@*LHqc$OeU(t
zOXY`6^`q6~EnelUS2^ic4vQKhs3}MEzdd?2DYVK?eNCN-Q2XjF452nQ*2W$wHJkpu
z>p-ag(yR1(mHn~`4@RYz@aI&N*^Q1}G?xKcGiV!zymwkwj=B|H$2wKaN)W5+QQIi8
zArk7xA4R-JgvL4&^N6cSb6Ytt7BC{DAWL~L%2F0!4B%1{rt@Dh{6%kLQ26qDVdv<t
zJ<=NvU4aSFtj**|8-y)dJ`dYG^#~KV9eVP!h+JR%gfcMSdZO2aZ@FX!@U2CC6oiox
ze3vh3paH_@8311Jy|bvAojz(pITtzk=n{tQm;@&+a9?(P=B(mAc#wF5Y~1kvwf*3s
zpm^#*-wF8uXEJ>9ED&!DKf(;EZ;#7Te|B#Uylfj9jb|99;Jh*8ImE`B!BFxr{#C@v
zj@ykQmQHkgrE6tj!?S2>WCA59aqhqIq2WgTc%XuX^FbwP@Z){zqp)p2j8(<l6G5BL
zp*~p9c*1{a*USWt`md}H>`NqEdE|wG7U=gHP}_Q-F>KI{;+$T1(Q*+av|w+72x9Fw
z#kbEgn8LAQ#s*PKT`q>(VXxX5y>Z>q<D2Wc<E-yN*C?UkR~(+P`D(@Rdfd-qpqH=v
z7)_el8^mBZ0a2~}BfH)pTU9;#oJ|bsn#{q0aDq>Qzlr|Yu95yi?3=4qX#6Q$3su7d
zd*~3Y-=S%6c$N+^{6Cb->PEsLMtFh%6A0Q|BZbCt5;@mI?OE8Q0!|WL5w#@S%QHAo
zE=2pHD{&q`KOWNaeL_C7i+m@m@uOWb<Y73armm6HTVY?`$o6Ij6Fb?1ifjLbjz}hf
ziV7=xg7r3kga39gyBCGvYM0bd(`PBB3XNo}jyg*%#inR7VTgoDuf26UT|&#u@+6Kk
zV_OY*t(bQi>32q`<Kk$*0gAFwadWXLZc=wu^nn49Dacz5n|0{hcSa@9k{Cj=pHcYG
z2sWUiP~K_GO2cy4j?3KjbqRxoMn9%ooT%W_u|_KTzE#R=Jq>E_!w-xnqc$seGn1)r
z1#V@#j`@A%Li3@97K*p_2p+vFC%)dL^=bM}VLazn+7Vea@f<>8ein1xqwLXVJ#@a;
zx%<A(9bQ@P+UH;1^|!NRvG}rKU^I_oM39WJf2;~f&TcZfz$SLrf6k+Mi;9tNy}J+y
z1A^;r=VHw@f5S%p9icrKY!(SM+lpfMAk!5~WsOKxf9h@)LU+s6G4(VocsE-mgrq%#
zFihWiL*&ewZh;P<9_P?lUrBHt7%LlvM7vcgW&->?CxV9hQxM6BYXXv(CL(t@j2@rs
zo|QQ9u`{HI+{>bEmGMXlPrXj~Yrbg|ia9egjXg9$ir_raLob4dCcB#kh0++k!)NY%
zCIaf@ze-jfvBw2ub(9ezk*r)<+U~j1$%TGkf)sg`?{H=9o~z(o2V(LoZTfF-W}1g9
zyF6;ICfpP9k65arUMjMzD^st!jL<`n&DjD>or+YlLv`xN<9PDg=qk7-ro7#2$Z^tW
z&^z=cG?cqSzl>3+e$5gu@5YPts!0E4=%el_<n+HSD2%TcJp-SpPLtI~?6ND|pF4OE
z;f)&g_;#E1_`<9n-=P8O@rhKA4|&cy5xYzE_zKw)8-Ev?D`SPJ$nKjP7f&dwiyV~D
z_*0xE?CiaECjYUnwwMWTLMV-`SC9w2uEV|=W%Wf9xWz}S)YOACGcMit88g40r_=4s
z`_KG&mx@s{EE=CfFA-&{amHDJzIkV1JYr7tWBS=Y=8(^^W9o7Pc|r{!v*@r3XqHGb
z`IWJ>WS8zA5t$4fmsE!Xz4SXn_u&q|Ec#ue@HjVmJR#;g-!Z=v4I0;07$L`@7h@Xz
zF52jXeo>^68kxoK%<B8${d}*i);S2dkp&%&lhp-w)T2nJjG01M;q>jHF>&^+FuI`~
zlIw_x6pMECE=k22%{Z^y5zx%rV;uN4;3SWQkN0SmVUHs9ghu0;sn#=vG2i-2^IP@w
z>BX!k)~WA8)Z>^NmRSeqV0nM{+(*8e{#H!R9RseID4vorbiQxGnxT<fgeyOESzLSz
z>OX<@EDV?(T1I1Y2x;bX7lTmpDTPW_#dRU_=C0q|UT8r>Wb=0uF3~`pgY%{0WNQoU
z`U}HIGB{9;0OV!BZxTg=ZURZe{GKzGdUGZ{bXw`*xOf6NK8`@<MhN7mk0LFc6kWaf
zaB@AJoE|-iwWi;ule3~!^NyHVdJ<=4h(R@{dx&aw`QqkM_|ZZ`qBrU5Xrtw<KG96K
zht2%<p0Ws;UFN=p2&t@2#z0gDj{V3hGD(DY-v(3Nkw~kU2;Mi_&^{`NAkzuWc_sC|
zy>%0g3k&!@<*Q*e+gw6(zAL!jCi166B?yhfOSYi3yAyx<__n;3wpjgOMr5-QxPY;0
z%>5=A-lW|4_0v&q*ip)RSm4h|e`a*k`6}3kJ0yXik6V8Od2j8&6a&SRmkb!1_BO*c
zT2op~PON^GqCV!<0hmDqpZF$G9Sa|au}Hq_K-&q8vd{-}fGJeT=P)RgZgg|Eq>e!~
z3l_pIGJ1Etd`lr`iI2whnoDyJTA4akFS?Hf8#*W`41FvP6QJA-HUw>b(gz9&*3*7%
z2{uf(1{;3+hu1@6j4sZdW%;IMY=0Q<W2)c__$+D)D+-jeX+{N}q5sI|ZlfJGxhEVp
z_`wXU4zErl#byYVr&l^|>-u+RHfP+m<L~BOJlqw_Pen;NDJf@RY*>tWTx7<pSM?K_
zk=H7zshQ}+w@Z|q5?}waes7)7+&Wiype45QCHk7t{E*ioDyf-svB+vVjjW{}W}Tdw
zJ6G@pVdZa!S-MYTk<7DM+BmbVW9e;6y?2lBZph280ue*XIOkOkV-!fGT6Deax)(Sk
zB4JS!7zlsv`+7kR>;=hj2`II5Gq$7Vd_+cnrT?wD!U7MyJLymN&wvhZYiVquFcJTB
zO94?Vo=z>(yWC-%gUI{g<uVA|!QD1!lT0pXpTm5O|HII)^IAfJ$hU_QW&Q+NFnQ3I
zj=?00*2TVT0Qs8#<AuuCCyOsYzTVt)9{Ku(m->~je^>m~^7YcD|A+FmyOPP*A71`n
zm#<%3)Q^1qqeT}kUyq(TfP5V;?jv8D<pyzc8l{PWQ_DmXl(2r+(tL(rR-4bcVZ*^2
zrqr2LRZ8meY2!b(vYs=FYPDIstQmB9m%e(mWjsuOm$_K5z@bqMYQLzg*WbMXtx$!s
zvJgh>5sY5c|9C?&*C)hSU=+t`arMl5Xh3qlo{hnoA|U6jk<i<N9P>G5j%M~M9F4%i
zEL`eXd2tC#EE05E8M6X7P)BxB_+~_m!25lpjW`b`Unbp9Xwbwg<eLPXkA&TSvDwH!
z0@v;<mz8t+_8EoId%N`2a7g}2xCZ>TBIdh!{L-cV0l)O)8H{r|ifFp+R{9;c^5}6B
zF6?o^!ak3S-~UmSOmHOQ2&vOymzFtbypqL^>1;cJy7uk9>KaVxIp`k~j17eii$tIE
z9|%qQDupd7(T*xK#r+mG7vHZj=fVJGK$^e0wd3(W*;3S(JV|(C7^621^&GGAr4;<!
zR;3l?pu%x^O-yiJmEy^<qel~|xXgDWLyJnJrhnStnTB^kS5mVm&@PoJF$hQVjh$Cx
zt%GDN^r#GGSe=G{_!iT*t?yA$%&Ddz&J4`p4(<iwJyBHhhZ?aqVxS$S0M7V^+KIID
zoy1}d>CNgdCr;Wcs(0JP!n++lj}f9+T#ac*6?PPqWo?c_(iY*))UT>WHQ^B_BjmmM
zCDjaaIo;~bX31O_Z5%z>b!Hh2C_W^;oDoQ8IkPms>SUH?IF)3a`X!u-(I?I;k2@|*
z9>1x!A9;LgZ9npOcI}1B<IM#ZDvv)|@YVA8yn?7a-rxTG(f2NBe`XZ)vp=odbB0%0
zDJkoselBH$e&=sR5(?8XT_j6l34Xd!Jk$tKFX5PNb<~S@a?G}FM6+w617#y4nB9(T
zolKftZ0A6{Q}z>7j6Uuej^&(Spuo?bV-ekBDWZURZi2g$ge>TUFw~YHICywk0z7#i
zF=~R9`SQmsrUmr6(Ja+Y&Wsnve_Tbv_>AZVWX$L*Zo8w3*$l6^v^<8MG5gXA2WkHA
z5J(iztq1xsGsW6p|6BH^yRMJeo8ED-@Mp~btwbcIcQE*r6r^8}HR<==^v}x}svS{~
zfD*8Nc`}njX|SG16>_2~Bt}%Ba?Vhde7nWQ6X#!9t+LXtubEWL9%no{^k-2G5HO#r
zVvKs+a1O4-z@lf+{=R}`)Nc(xvzvPQ`m6NMJ7`YEh@SZoRHUsEe&FlRv+KVxt}lsP
zZ<dflQmhUekw4Ihg}^aSpbM&y)Fo$}D#r3b+tcA$J`wT8QA#{aVb&+808)5kXji;G
zX|%uQeC>_TAaF61sk=O3%xI^+(@7am)`VHP(BcsLcarh%HSlj7eM5UiheHoIGLgdC
z^*bCBaXrrJI{G&0TUwG>jFyW*VxZ2+`9O9A@(g6zATVoL+BP(EPs3&)E-28Tqk?wg
ztgcyiUrG6*uOA@!pWde>eOY9A<PZ@Uwx}(1=u0V;Jn7_AGL<;UT+&hIG=&_2o&{a|
zhFC}s{pNw#&nbbk-5@}wBaF^t1tf3O<#tsZofz?7;qjnjvBw?J<Ghx(zT*Q^F8o6@
zI<ef9&xKM};Gur_u0oaouoDIF-RarL=x4>sJIQ_M>9qM5L{B$e*AG24`BA!+{S?IW
zqoR0;za);Xmq!@XYxiSkZiv!`8F2EKbaHO=<agj?6P<h{dh%g7x$u69ZN~tQXly&W
zTVmPLEQ8sk8ms2ZJjRyF`Y^Ckqov8})*3CZ?$a_mj@A9vXgRbGs}mxu?$JDx)fw~M
zM}9;Uc?7EWW#jJqrVPt6xI0nSit1UtH=qWH)JXOC0v+4^heK0X5e@W1gObpvzTeN0
zY}P+AnDc?|+dK!<^YMo9HgpwkoEWjNOD-?uV(pVyk8Gu+{&^KW=h4BOKO^S(ubAiQ
z`QL%(e-}QWJcZJWFoMtMetF&rSkINJXHqT;sNUr-z@v2YXc`_l&7<jf<S>uC%t(6D
zzoP3SVz9*z{~NA`%IG4N;N*Ac<So&YH^a#pbn>3)$#22QLOS_C^yGJAr|h1v8GOHH
zLNV8MQ=d7lF&bQ?{}CIM^l4CJG)U2#u)#Hb8kp;6uzoK#7zKyGuaqNtXIUXtyG@Z?
zD}~1&?zPgGavWj_hPc6il@gj;q60j4SyjyVR$0fltjapR)m7H<y*)a<2iW+Inuh~)
zM`VD2F#I)i7hK@y#SSN2_;=c$`n`DJKI?^_hrSCJHqeDy>xE?@f9zn~Xl_vbj%#5s
z%KD7fG;?3-E^Lt7r$LUn9d#!*xV%q;k&#_^@){%fW9~AHtGTTdsA%E*Oo#6h8g=E6
zyI`dd_%VjapCw1{`R)Bt`m7uDc~m~pXFSxaZ?n?pSFg?LL!V>fAGc8w>lySF$c2j>
zz9Q5bmj8sAccx=qNo{84AZFfa8;=?Z8jQ~I{>iXhQZt)Cb!7C`R~A~#GD&4+FQ%CI
zDY>G|9;!AA?|@Jgx?D73dk#p-O8t8eVO_M{Cdr;GDc4HcQdn#wB<K*U#G#Qd3AiF9
za?-!uaZ*P|iD5I!DsA^<Il0iAMzDGYQw8+52V3kR@$_$#IRteu1a%JIbiyIQad_>y
zXw@K;=#;}aDz_S=Vp!5%xf+GF2id5Mp;2)+rG>JXdWR;jpC=k4QOK%I7$5KR$9#OA
zSD9?Ue(@5@6H0bJpY0szv;W@LpC*#(@r8)llJI>>kC@#pF7IaHGIgSBqtKvJK4y<i
z4D`T@Tcp57&a0sf>X;ZjP$({EZNr0Pq5PP{x5z^2F<JRsBqW9GFU8<Fn-{BqQkJuv
zS>j7Wr8KzTrnlW($b}N}T13$1SvEee8(<D(O5CO2@GK5+n^~4=a_q?7l#R33Dr%L+
z;F3v7Xy%%D@v+mi=%#jELg_eFPOJ)#kgNpZLslbYCeGpkJ=G^sw3-7)H{G~XX#AKY
z-}#xjlHxVt4T`c*fiRNVN+>h*L0X1sdU841HV=s`7ka<1NYu)lctSbVhyM)~)$hSm
zU^H)rd;IXzjXo8J7zjFK*B<{Tcz^{N$775lYJivlW|x%FnUaDEx)*-mnMwCx=^L->
ztp7tMg^!(TX5}bZvNDgXAQBG}^Mj5!Lvcr`u{y4X)p50x>tZ57@m&owIK85=mxSZo
zQkDti#7J%yj)O7S65NPewGC<2$N6j%*-Dws%&GsZxR5jKZEgBprA(Q-+0Lp^{(V;;
zd7I?7=`jcfm&QqnQG4w0d-@3<4}UA(9vdS+zJ^{G5Q>f?+Srp>*x#M~+hZ4G^|8ms
z?3deEH5%G4_u6rL_Sr9;Uw^-Nm2*<|mr~4D@geAloGC{4%QH8!{URCr#UZo(l8*ZY
zD<$h0KaTDf?S3bNOINyZ@7xvLIIw>85#PW;XcsjRRJ3zEp;h=(X_?ao3c*7Uh-jJE
zfL+ODdBS@hl#IYDc<5ujY@-ll9;F#5b{1@gi1om`DizN)b_2SdH}=L1)Yx;QdxPRZ
z2Hp>+%>8iIH;(NG3b~b(vC++Nx3L#GaNGDlVS8a%;Xr%gHtSwsR#0qQAS%i2o@Ce$
zS!_ReAA|ic`Ej-%(x(*~Mi2kc$bLxIUFX8#Pzsqi^<Peb#c!`>i+}bsw)k&LVvE1!
z<8U}8{<46A`_7QPW)P@|tREeoOpHtB;9oj{wj9DL$wKQ!uFzcSXu?9k>J(YM$Bqzp
zGg+!Ku#>#idgYM<u1ZTS5?yQjc6^2j{AkB4<m~mr<1%K2^6$yndqvk)Q7GL?zDbG<
zMhhjsQBpcWbSo=Hv?S9W$}#i<^DHR)b|T$cY7Wd)0jaz*GYj<bm~V+-hdl{G!)qLi
z1$I(&Fb1b{tk#63UiQ5`k}?8zi|<A1q>*$2|IN13XOXkXf0#Zhr@xOn3?EfHd%zDe
z;+DNUEO&=*IQ9>h3oLQ$X5%89Y^<-mjulHJA4)-Nq9QDYLrV#>>^=NPStBc5c`bU*
z_e(H%ax=U1SM$;-xHJ?lF?^DUy8+haBL&QxP?lI86Q2QJCN#8CPWKr}StDg{_9|PY
zV6P1{ax`f>#Oxj<EV8S6;lt8fCLKXFE4xDshHYLYC}p4Wx{eBu&%;Ps*GXBZIO)}j
zrg~i+UZJ8#;(NV9X%AVf-ZD`AfU=P7@dHVDPtUC`Bp?Z_i++OooahDVz|}1@K7)8Z
zEd=AxBV~8XN(=VIs~nZGgF@hEv`mhQ!96x~CuetxCqFFDYeD-%so=1|pP{xv=mV9M
z)m}d6KOplr*@1TYMquC3n!XK7QoSUjgY`6!XEfYA^*8Dx$ThnYVI?7E%4)R7!m2NY
zSx**~rFIsh+wKs<LDALe-%AA;I;B9bO?dnv>~aJAsn&)kNHD0bHNJv!O!lzy;~F)8
zRE@f1l)YLh8e6US#@cJN{86BNzyfJ=NUrt%Ph@o#P>($}FaM#eRM|1}HbYd7viKIk
z!MlZ_JQ6Dj{uhB@9hB87JA5WJ#!ye@(+Y}#J@6s7<A+4!TVypsRx9CqfY493d`|~H
zX)oTDeF}I9d=KJJcVX^6=v8c5eAmIhaq@-W099?MEfXa}ln$VoKNKT>B#7$6Ks1X$
zn(&|$0d4TDu(3WRkrJLe*803;<9Y4I^V<EP$YTD_Nw{Jr%E}xVq5UvIuwNgs)-_YQ
zaWZNTiQ&$?)nt!Si&A9OlLB9C1D?Dj4c7LO6bGJy4eLpB;5jFrOUH9rcrG2!W#PG8
zJXe6{a`9XN40{QD=~)<|-r5&KPtYjiV11wMXb>;eA{by#0=^HH%#vh$Ujn`_0pFL5
z?@Pw_CE)uK@O{bnzGQq~0=_Q+-<OQ<ONRHg!25#mzEkkNu3?NxEO-Q%#KlW`!!h||
z%%yrxgteWGt}HQl#)gz7s22&1PjN=&t&^hb7_jF}Vg0pAOw(P7Y)#Z`+X+(*4jg$q
z5OhW`=&z*ZjF!~lcT1}8Zab+<U3$|LkUllr-59ij^A04!zfIylMgi6l8fJ#%h`~=2
zCFL$hdERGU<va1Nb@+}I55sp<KEjyYM50ss5yvJARmX`HjH#&wjHv~BJ;c;PA6O;2
zWg-?4z~8Zj{FpIZ>gb3BSVruPhJC)9+2=*9ClGQ0k@63r7`xK2M{&nn=s&=y6Re*7
zB}P}iHKv%A%sU)<H@2=G&<iWj&miKoQEMz(t1l6Szpp>JN$hCH7l>O9V_h+>tzY>s
zi)DVYcph{FD<m;hI5YVss<nz!vd9ssV=oZ2^GA9I&zO}{Y+UV|<y9ZBH?;Wf5tUAH
zla46Rq>%(p@j_!BQishag1j%IzUWeJ@nvG(Mo~=#sZ(AR3psAvLJ~(kXf!~5ww=_k
zxQ^T{S(Z6PFGM8XBQzEF-*MsHu*jbjGd9%kt!o-yAZm+_iW%zzdoZ}9X?UKf+Co4W
z&cT2dg;<{vfnc5Q#|$dHD2rPRvRr;B4qs;_-!Hz7q$W#hwF5Un@W>#PIfI8&#k^j4
z<#AzwE!PsNb_%n(?}9mSzvbW}`4uwX-d|f}CP0Dqbdi+>#MHq4-n`8c8z8vo3=K2#
zjRUO-qHCMb@DhUA;E)cJK&j6Q%IfefHOkC&(0kjK`X!h0+~O^=R>{+)nOp3}HP04%
z=$-S~M_@55b;#PiV}Xw*%KUzziOLB9LkoP?BfiyRDh3%H`uo#iJ86r73>8ZJN+g)F
zItR$m{Xm8Gh{3Kz;JV_b10uf$kFz&{IE}fwQsC@R;pw34+Fc?%y{aUA9ZK^fOBxRO
zhDT&R{iR$`FyKj{5t2q~ZJ1IW^~L4A;j(tyxUdxX92(y5RP=as%3c26{`?=Oht`e)
zU6{AQxd2O;2NJebKiqXa7kU7$UsRicNEyN4VDYWUjPq?G|DibX&P#iM&V^<|Gh6L2
zb*k#Q^lWf%VtwmwWs|sNcW69<tWLwknN3|nb5WYm?70+(^_t+GL~+Z0Xi3e4<}~r5
zPVu6iJ`rTf7BR1l>{jIaSgv1haZ$(aSFh3<jcOq%n#R@sYtamqjR``DqBcD&z8wY2
z>cU=8K-x5M(<zY;iu_TECR#5mn`LFS{>qtfnChf_PLg^|VjMyF*fHtJ5z1o59E4x`
z)0{}0l&`J}U4?P^_2|FHf>r2*{hn7HN3m+p5`$Pp9GSU;_v<AAk)fU7BFINW1SxcA
zgVQ}u3fV$i6RLDVBVzCwm8z4?Fs&;{Q>#|;b&S`t<Fgz_5f`Dc7H$X)jfBvQZ}*IM
zA_7}1NkN^+4{Tzh&n)AOxHkH88(Cf0@Ai0N;{{^%XEqZoUQkxAM>+WZ$3?2&XOa@c
z!q*=Hm8w6qE_JXuAXyAI30;n60O5KGXp5BBPQt&kF|$r+ZW$nqaPwSY!H{!hD6q?!
z4vHttl`>9XDB<utIGl-9Z+xvlZS=-Nz6JE1O#j#4d`#r<?iFQN_MjI?JWLg%HyF?N
zxtIS!%J_mbnM$>2x9nP=`!l`pl=((5;Q{>%H*7q3#FEG(U{1YSd3bJyuB<ZR2}_Jv
z#+Jqw|78-t6~$5#)>P^-MjUoYVTQ7v&Xn}gv~E_u#)lFRc4~K=uDi^Le-(gNInXx<
zBZv7=!2_u{z8N1Or5$PwAcj|8ZBk_P_wfC;B6{57+XL*S1@*0r?PB2jJ)A$ezKHMj
zPZ9$aPUsID)C<qHirF{xl+^F56V+QCB~AIfs4WH_v@Ng~c+dtoF@*)&0DZ;59!1K9
z5y_(8$(g`hlA0F!4;GIV=owl&l7doD0}1TeEo#H-2|wAj>7gN_mXBF<Tvsj-<QWJ$
zosRC*y?SmIhPKA}OEJp6&H)252!+XD7mUj$F#}}quw&5}kWL;NiLq!WHv^@{@dF0#
zItD6dFmH1kj*8tfDo67+H=gk4#@he*O{go-EM}bQa|Z|{pTHQlquQF$(}w=dK4G=D
zV_l0rVYM4)wXyyuV5vMSWlD&TH|vu{(6ukSkh8?=lm8&s@E?418Tk+JP){qd`VSr~
zy|R!0AmTqSJ9;JapN~3v9X;o@pK;7t{eAW_6QAT@L3>3Ok5-Q?mLHh($tx_bB^UGl
zve5kDz-W{b)I%gz7g2vdk)q%W;^Vv7^Rn6Vj1<Y7nRg8Iyxlz34?F+!vXqT(P;P-r
zpvHi;|3=`0oTL_MmxM;n<o<y@_b98~N{c&uBN~{p+D!T5posS$qa<6Iz|*5$8}j3u
z?jZVO?Hc?lFrNJ*c(&0);}x6W75X;HeO)P{d<)-e9lPKDx$oG)FVQk~WchTH1wq#m
zjL){thjr|_Z|pmEmgiy5tj{Zsf1a7ope^b_@m|k4!Z2)XN3Nq?%|hY2o_pSm&yQ<=
z_AqPz{$Xmb&wrk?-gnKo!dQOO?|j{g&+4&G+V#%<Cv91DzTl4j=j@Xk2As1UBl?}Q
zD|vIyV(3lud%JZ9eruqu2fz2TLowsy|7oA`>DG52inf1)wb$jJ#*EL9Z}c4>&|*8f
zt!w7HfBIT$=5{VJ$0f1PGuF(zGrrcExybswxO^{!IA7%k)~<Yk0dlbdmm^T;<oy#R
zwT|jCT#YIhMkq_l2l{7!LBIvzv<MwYVZsau{?5u$ied+uZY#>pG8|*P^K5qj^!EnD
z;&ZDNPP9jsAtolF{b`fBUbsD4ki-f1xWgDH=}}JT%Wo)UY50>?MjLhL$0c~tx8UrE
zH!TGOKas4r)<tgh-#>#}ZZmFuOTv00!&#C9PU?S1X1g2jkCaR5(3in!EIN7;boBfi
zN-6klh7>5u9ONHOxZ7_p`c~}&6Ya|%__qh{oj4=$qBTOpPuTa^Kf66r!B7|JeV0n=
zLxisDk{DJ#;aJ4hfkY^YzS#KUJ?Fv3|Fwr<<BuyW?He(^ppOA!QvH3FVo<M%F}?b|
zc%EMQ?xY?GjhG~d-Ff?4@!c^IsJB)OoF08&#3TQmv|^58MD>I7&>mt$rym~4yj@Qm
z@)-Ow8o#^E2-goRb#VTS6;2Yw-qUxG9R;)&u7gVa@CYC(DaqxkP_9<k&|<0P3eC5q
zpjLFlvb>hih}e9^4m7E{Hu@$5w@wf@9r36$dsE9@YnFUgCwN?*UWZ%wMXMXJX19pS
zX=v%+8X6qouOM_S9nASJ6PjB^&DPEePekA7|54}@G`@D5?L9*Cj1-S+n_m!`7b8?u
z{o=u#uPZb}p0jPbdgn%X^M{XS;xJzat(9$m<wYe?dBomS<q)IA4^Vuo8#KMpv(d3+
zOWx|xj{frv)>EVsEOPY5!g?Cq(Bc~+G*_n-1byzV$rMe}8t*@Sqn*KQ!)@#qe=_`=
z68ao(L{YvVC^RB!ef_D+g&&}v#;q2bgGFQB9)l#Xv=csYPpMY)`3N`+?C(Yy^ZLm+
zNnu3xRk*n{QJ$vRgISG{=86;y9crYVQ<Exbx2DQkNm%@cVS^tlXS9of-a)mJ7medR
zQlKZjwpa|eOKAPveYR2?-dd@p2FuZYT?&+NLn{20H;gU=(zqcN{=#o55VUz+o&H_2
ztKD}wh^!rApgnc&GFjziB>_Z6v<=%u*HQl=cT+`5dqoPT=cZ$?A3>W!Xb1z)gtb{|
zAVk|yNf4Uh+aF9RDOfK&v6fBmdXKUudyPD&RasN16|JH{MVG)|==<_F;(OsjJF?$u
zSTYjm<sNM`YN(u7S>w(AND8#VN1k@p-YNwTBue2{FQ`R<PtR6sMW0|RIXmoyVc>)G
zQOYjq<gN(*TN!-+9v%M5dwSr@Q}^H??16Dwc@~{_yS=WDd}E1QGy4z1GlFu_BP#-)
zm0aEagZM?5y0}JCr;5swjj7r#eAA2+T&ey^Li6Tu(6wn{4trmT(7d&zw_Q}<-H6Ku
z4q=nN+fBcl7TLAhuxnH8M`F0l!Nv?D0W4`OhP`K|kut!b-!7HaE5yPPLIXw#2+gHv
z<@epBiD4LRulnwL_;4VPi&6r;moF+@fy*xYq*`T%!4E#Rrx%yqsWHOS!7WEh>cf0s
z8}{mm+ocPEI}pYEFx)0QQNtdxBoijDXW>kE?n;dAEyv~P4)k2U$o&s|uqV6S1CK68
z%-P_U!zJ~-d|)fyxEkJ8nS$Tz&OYjKtrng_pf)$(jW-KVjKBe?50CLnSh;}QV;FmK
zQXfqE<S_We(6uXi5O#26J}$F#M!q=I!IdWb#CErxBfo7jv<ID2Xui*0(u?WC_WFl`
zXcVo$R{BR1(XQPAPbg`cXNS!N{Jy<p@EB1oL?5EkDl13zO9rtDj)jT-e6KP!G=aVP
zSN-41#oYU0GRF~!-C&_vN^x~AO*y%V@5F=&rO-47vzo4mAFhPaqj*%GNOM<a&(@*k
z_qV}_)uiy9;g(Q4HWQU?3}HxL3tTevn|S&qG~b;91AMDpR>xMUo-L_BDt4tR-Lh7i
zsvMQI)K*;kF#7G`)xNp1HhdRsnpEi@y#~ps)<)+_f%UvMW2Y489a?*dtc~6!Wy3aV
zvrB<9=|bQ$LWhSwx7uUkAJxkwWfW`HYWKR<`VT=Ds4HIeq8dfsl1dZr1}fNqkeXg?
zcuS==dL0pWEq@i;pvOsW44e^bZ}!5fKDh&5S}Tb`*jHiDymuj>dW~l5snJHCW|oK1
zgvW^ccV9RBP2E=tJ9jUTvZ3-`AYUtOw0{xbKPi+06aki<ch2e>Ep?5x|6X;NS8=fZ
zx3K<GglXev99GOe!N8JXH8&t4FN)@Y-Mv6KE&Qn_#m%pFhl8^E>>7@3iPhE0vm5Al
zQzbChDUnuzU;;KH)O`5ePg4nq?w?-beHpm1xX#`dQGJpgD>S!=%99=Vv&jt$!c|gG
zn^Ien*Al~zv{c|et7GqJjodS|w?$}1hEtm2&hB=*Iv?Fo!YxWE$*N5;DU1ZtVDQsK
zuX2(N`S8;)<UJw}f<#*;1GBWg5BbMl;vaiQ;{<%#4S!QVjf}t7)hjd{K&0nZ_>;H#
zC0=N}0#;nt)G)=HNAs&p7cwrM+7uBME-cseC{RtS)>6A+-N59HPWEQN8az`j1YW~3
z+(7wb`{Pw_2l^cB@#3Ncw%`i-56YSpHaAC&I&({^tjz4}!7YPis-cA>qmR7VYv4WG
z;O11XHrg(Q*Roe#R{Nl=<*#uo+hN&uNZGJK+Tj(w>9w~>;WjL<fqpEkW}UrVR(6QM
zc+g+w)lxr{c;pqC7<g*-57%oqtydf<&oNrB$6&p-+pylkZppR7cP+5FZIYJSi5Nk1
z<G&C1FMK!h-xj;%TJ1lCAA%;#<{EqUad}Q#wd(1BPxN%A;!5^iT#^Md%&{3Z63<{m
zDzLPKhNp?@v|x#VD?FMlPc{|~EX<Z_W95{?(vg&*Vz?9CMRVZ2y`mB{_@PHD;XSbE
z%C#GKx=C$lH6F0JT4~tK9xwwQ;PAv=hK1k2-qj@HWvtxR0L!)0|1#~na##!6bRO?=
z*Y_k6sHj^g!v!pcR};Q6p08bksoJn9mF^SUp>Zc|h-)qT^VXDdZ8Trbf8-9gQn%D+
zw{hglf0p{<ZYqWMUra44w3(w4;v3;^^=P;8<xO{BLl}Sr$<^Y2Q4Hh22@O97Dyjra
zvW_Oyq_EAmfr*4qwqov0xRdR@u7%JJ*3g&OuX3#@ty;@GjT@y}%Q@{{f!s{W-sR=b
zNr6?cc|I3@fJL{V(J|I2|CpEW#f9Q^?Gt{$!!@9vL`S8QNVU_2#}8s@>u{S_f#ZEB
z|IoX<*{8kPr$l}WY+(f2i}lZ!bqkKcuxHo8a$MUDO?FFxj<f!KUe|G<@#pYBs;6wW
z5A=@lr8b`Mry_ak?F^-Wf{={AH|jU{vzMDnQyA^b3VNDwbShI|4c!PM{9&b*zYAqM
z-09WYa9};aqfQU09S*w?wBaps_F9oR&&w3%aa7b&*Uw!hsd=K38?*lD1){bn)!n-q
zUt;Wqawc=!2CQeT@C3$%!I|Ub$}xBL8fnf)Ze@+!*d{dmk;8}#+eX-^xbL?UE5Lt)
z`x2*XnTD8o(wn_sLU}I`cGk|2f=58i?C>gQrNCz}%sHR4VGhaJA&GCNIZ{5CPJWVi
z$PN4bunvFa!#!>o<-_pDa~Ots)mh1P2<hW~-&lC3DPPL!!XD&>US%Slm0fNAgY*@l
zL<t0BHGh4j;@g<&))w+5O%E~|^E#BOK*&70Fl!me4aeQRZL-?XZS1qPu+KWpedf`=
z8Fn45{m>Yr-XN}5<ypFp)WUx~&1(w=M^JyXd^^dg>Ki8+LxJXR(6()=hDCj8Z*WRw
z%0nMoE7gZvC7_71vc)8YAb#wW_%rZ5qmdNG&@-fm$B7;uKMy_pNN5;Ek>-eGX5t~w
zh`_j{f$T+eZk+z=Fib5=l2ZBrxmfkU`nnX(w?$Sb8~D#F%x|asj5=Tv<1F<OVVYq`
zJ0uWyBkeBJrw^kH1W#s)<my;h82T`3Kkn~&`lZ(PwJ%%i^(gzxQK|-MDKk?)d~qS?
zb$uZ;OoGi*J_UsBg*&@2cH}(q;P@JRNs7>bz-Sao^$rro;C>tM>R9Y0409NUHkpep
z@2^zlaZVF-X(S#wA`nb0ns>i{$Jc~ldYgfNu#Cl*&lOQ1u08a-z7R}y1CQ#7NF!B0
zFtiVX5PjDqs!%tfPyDiFynz#f*gee%G61@Sc)q~xU_1Po1SdD;=UfrPPhW{#@EwCW
zy30;bFxWZFB}pOg=fBgKer7Y5Z}k31&Il%Qj*R4t;88ld$6z*L{QgZ06n9PPCsg=-
zI(b#}WM)hp@Ly1i9<JYewulS;KIY2r@yaE-7q9#@W<4FzUvjY6XEGItt~TNE6TP&A
zFg^^1NLD9cc1)15$8L9UpDm&fTh>F5f3#&i^!UfI^{~&sqw5LUQ^l83@3SK70H$>v
z))Oi|myZ{&w_a!sO^TWS7bEizA9AVQa3-<>Vw$PeW+U{w%w}B+nEa@}BY;YV1qnOP
zk%PHB1%{xYO$c0!Qs%jH@#!gDKNPGc=;(F=f`YQ@4kE%+Wp%FItL*b;_o78C*po;}
zq*V?Kf5WO)uFi+tEOhEkj%A%aeiiD5t1vP+jWA&;bHB)gLCQvWnjoO&I^N5FDJ%Co
zLi6E)cJy{;pO%!361)V&iiNqN>y)oRQocYx{8gE~VXs=0=~cgtp{R)z=Bk_&v)g5m
z1+u^Jr-#0QZ_Hq?3k^r(9EQ~z*L{Q(v+K&<u$(xNKr@u>Q8`e5aAt2@erD9)wwq&i
z&-*y?x8b4wt4yoE&9Q0R0QoxNV+X~4<B8F7nRh}zhSC*GY5_*ziV^u@Nv1PFXrPy4
z6&DQD&B{9@GAtTd`L<0Im6^5~*7m$%3}g8y6p9=dt~<9aHeA<fhU+?5xUTRx+M)Y|
z?4}cnel%p)fi_VM1CTImcP#5`<7^C6xHuY*>?AujG>Q#L7Adsiv_1-JYF-j%l|>3-
zQ3)u}SL_q$YrBb}c|X0;66jmzMQ2CxGkF8%s=mU^$KU7yGVxmrK(9l;l19K-m=C40
zAmFLnV#6iSe_N5&CqZ`1z%MluWM4g5)CXTAYM<^EJJ3JFDU0kZ49+1cx2B8Q-SECz
zO1RlL7!Bvs(+Ms>Xh6Vlw_0rvoPq^{DXf80yzhIGnjCA7sD?G;lGSh7BRNf2)%@E*
zOBA}hV>-(8&^V37px0K%%)O-C;_xbSoo4iTGFqm`x&uq?y#H5tGtO`*&HN>*9JaB@
z7%*ouZlF1vaDycR`$ttJT*!p9czQW=53KpX(=R>x-;ck3HT{1#{yJ;y|HWVbYsFt*
zYyZFaYpwW*cLt|FUEOQixBj)_n|{b!<C~W3ASxA!Z!+<U(plUbOJp%Zj~$WFV+6L1
zgdS5);vjn7F?|VDT@V`646l%b(%_jBu*#ly!iX!9B2k>7%9!<hyj*y9hnL^t%~)H%
zx308lxYMiMbkv)%#vRxrNPKHq)9|5^YCBP>*gj;>54Xb_6&ikMNEG(^qU*TDU0yZy
zgrwPA(#hRo-bR`4q#vz7;$XJ|UD_fALxUs*RM`Wm-n@_C1sI5Db3`V=BW(My9Lp-A
zlh(b$Vem^Yf4cv+nBN2KeLK5cMueQb9%UDbl|Er3ohRKub+X_|e4Ti**}W{DY~Gps
zDV}UM-#4Bt2ES%_W+Y~~&WITf3r#`Jh#B4=7c=~uQ5Z9fa@Ca*-$9-}^${ax_*7iX
z@F{D|aG1pm_gG?vb1`Ok{M&ZUTx_B`9Q0pXJ}~8}?)s$;HZY$g7P3&{OC{}AOmk+D
z#Mh3bNaCUaB8i`qX#ZhUa7PP;ssS_qM>IrjA4amnDf-bi*GdnS<n!cPQqC~q(oymz
z#yFC5{W4b9?6Hw39Gh-+!vcX$B<9W9&Ju}L)VUr^q0~xSrqF<u9c3(kWI{vc?Fd~G
zgAXh!A=!1@w^-70#)z9tQCL!ofZ5-w1F!aGe=Z4S@1t;<Mgg7rrOw_k5R$8;$IhX0
z3?l%Ks+R>>hch^xC@<8>f>-w_dSlDt7ciUoFdAHb7IMVwH()MU^_!gb*MoZ19`)K2
z#z5X`Rur5vE_0Q6_9oF0AEJwS0UqTTMepk@oT6R%;IDkBGY%iFKvdS^io}p*44RE|
z!B6c<HC^!i`rjS>`rn=Cf8T=Ne=1G*0ajFylux|cQaf|Q3x5}IYn1AW-m=>!H1`BL
zh6VO_!wl=Mj-b>M0;Dv&@Fh+21{<WVECrVFw+Kb82f6FpNCL!;Ru&P|>NM+%<qMLM
zp9-4|cz{m;PU}mB)i6^4vY0Orb0;~W-TywS>!G1ke**=>$FT6i<#{c#5^@7gB_BKL
zgr^RL!yui4dio8@s9|Zcdb!a2Xo{p9bQc^Eo_GUwd!;8^7oT@42XVa!4Zoq0pU*OM
zvoJ0^7wtqI<#SY0SSS<5YroFJSD?WN=>^*7iaB(O7dvVcUonS&><v47gMpxRBlzAY
zp+Xdohq%@0J)j%8mFk|*V3J3>-9m7BPh(5n`y#W*FlFS0P!VUmA+%g(l@sp7<W=Yz
z8d(raPo!+fo%*_P5up)ODW0pGG2vEac2f2=k#{$FQ<z~VUufQ>d3o2Sg;z&tUh~G@
z7D;{M1H&CADQ^%^OVf0_R*Js%ol<x@Z9WI)g<{-SKlr8R@we~eqW<<<`ti4y)c2+>
zDppRG)SnbQ=-hP&dITVaC7X|w2+iS=`fviF=?Y~Vgyt^txMP*i67DFj)hBL=ak<Zm
zb-CB~q%9IXN_$ED2_fonFWGz;&9(4i^U3QCJNS($Li15~_OWu;CgCXz{_}7_dW+$C
z7y5YKd8_BW9^K!+9{%6*yw4uqulHPt@t#**6z_SbS7-KrZ>;BCxahy)d3SLa=6TPs
zk>`B?{QCm8aug>AP3xjM8Fn4;YY-XJU_W~XISgnxuQneeLFcET)R~4-=O8)+sZ&lf
ztZlo6#&ZcY)tfxZMznmOPORksvA|69Ro&&v7I%29(6E|1Uy(vhiV9#;X65ZLu-XaV
zOtp;x!G3IySIHS8sh%-FfNW#E%6#~trj9YO=!StTG)4pshZ56Vy1ye-i@5T`)$jFq
zwCR-dW;`{N@()AV|6Why307CYX&C6zSXww@TgVtg<pD~QufMdv$OOXoz)sJXF{(vY
z4FC)$RgLO;gjO4QB~Zvw{YcX7FmT_6ImRq}pB+Z&yLJlzsL<F=oBF;KPr(O5Bl_By
z?|vIHu7=gjcaK6^!>@S?d=2dBjq{h|Hs#yH?XuyR#N8t+4JVmn@Ie@@0@ftZo`7wb
z=e{MOpLU`v=zrBs=$p8NxL|KkG@eRslLqn%Hi_^p1)hS+l-h}TEz8_mD*u%Zdvu6<
zvbVa{Kf2Mw)uec`DpTSJRk^YaX*m({HnZYDD#$-os%<Ll%NiwTYL)7lYR7258fE@e
zdzG3x)tvo{St7@(Zpn4Tzpm>|tijT_!+(i&@<DgOM}|^alx(+02)cX9fw;Ft7C`*m
z@6iAA^CH$0x3a_NSih6M1SN?U96O=01)V(~Q)$}bzl}jdQ>LXKSc$0kS9H3}db-5A
zD1{%josB^$1Ch<EY|zI-cf25)qG9M**RP>X>|K8~O5O_QCrP;Z*F`>O*Jni>d<lJm
zq;$~-0CDL0{<#Q#d91wXR?r7@Pl~KP>>x)12DJf!X+yC=8|}ahS!8*Jqejxc>y$cz
zCU9gD;epw%s8l>x_Eai4S5&H=E9{`zTv@5ihaYO{6{fES_4aQ6=FpAa#?}5I)`5xL
zt=la~xKzkkMzjt+`7_+1?8Pd=cM#ezYD=MihYuHl(ll4tQH@nTL6auIg8O(Fg!~C{
zRE>Aw6%dkr6YO}1RE>{PwRaO3y^^&W2X4&wVL-CCi_eQ}L<SKJ;y(egQ(__l&WFwF
zud+?7Qf!l}m7Iw%91~G8m~5|B=1;`&m>8jFm6~lLTh%5#`!_F0Dg7*ITi+$!8m*OL
z4iT+uedk`bo^3|wXdTCoSOd9TQ~~IQ-Gkp2+-Jkj^Qtx;h<%;|NHOnKJ-i){oIs0t
zq{Vz>jQ(Oev_^Qc?oRP=ccjEg)Y15jWn46Vqg2Zu2_$Nbg^V4Gk|&1|zwxcu_zmqr
zzFe~<mV+E+_<4_+@fnqdqu0Ycy+U)h<!TFDZDm)d<JD;N#w+CwFs}#`=+?@BwsnIr
z!lE~XvUW@G2A;016P5L1U|+9C*-p_LEsQ+J#BbE3lxxGea(<IL9Hh7rBfdg52&J3F
zr%=lZO&*#M--yL;%;3wLZlFLGAm1o&N8&erLh&1(tPj5;e&Yc~l+s7_OO!66(^b~f
zVk~*F8RR87W_fwh|G66p)A8sc>e}9iI2|zV9%LbDyL6fEJY$fw_H*%gn}J@zjMu11
z>0KR4$y<%_8Z{{!yJAI`rpgptw^^M{6)6;fg*&tygX}+M)3Dp4?2c+XZi26AC*sAQ
zb^o0yKg`{%-Q~1w-XU@RQd<sCu&b+-(K*17a)6w9u7*u~XAW|t9HW+ze^`}f%VDTH
z3_qYFG!yr4nn%68r(7#z<D2S!$K1GZwsA+@YAY{tAj!|!#dhovqen>oO}^s@y}+Va
z;FD!_oCj$fC{jS*WPTk`={qw)uxJyWKygCZ?#XTupD$P1m@?H4=YpTw%9Wio5=`y$
zY7aZHB3ZQPPpVsR*hXW_$7twI(P*!-WVF4!;gD}I5ISJDJN-LDOF@0`U*c95^=Q?g
zKGpPy80><)cJSM#8dZaSmG?we#c-QUxuy&<OwP>3jG!#Nbf>{<jn^A}Lh6L3Oa!qZ
zJZ1Casql|iX>-G8U_Eglq`;7@Dpom2US60Rc{Co_SpWkmTyiETAWJea_5?PJJKW-S
zbuJu->kT$I>09qb^{thrzU2->v)WG#aaGbr^Ahle7#!4xP^qvSKYHFkm0~kcC6-=X
zV7yA4_ypUx^3r~H^+Y;dY&|_Cc3)N+Ng8Qnxj>OYfAixamK1uL@Bm`lUmcDJ8OA==
ze*o=`9h@4r?%=-l!X{(M8(Goi>~8Vxh;h!<DKzwwH|7iGFGq)Upob^>_a+RZ=h15%
zJW?dCFg!(qD3qVXjB=qAI{GPw;3987mnfoT%9rWzA;cWTkKrf1n2f65X+&a5EYAx|
zTFw!w&$?B=x*I>X2ZPdBtyK(LQhLz;6FB3nz1xW46_t;~z}~YG3vJv=mR`2hI-GMw
z;eig!hW0Fj{gQeD{>(h#z;LOP@Mq>p$8on%XFGv^Jtxp1ViR4*{O^mdExxNP78mAE
z!1yo`sXPl2LkPPAqBak+oaOAjLc?#VkF7w(PCFMS$;zJ4{bKL{bP>4zR^UZvMQ#3<
zAd01a0iPKKaF{Dm>NfN-X1!s5&tiYiI)tHej~%+(<D~AMrS6`E?sh<Td;K3EvdTEi
z1~cqKLq+9g)Sg*~v7kYhzbk@l{qf-`Ca#oARQ`?Ns2nheK;hhuJ{e2J*G!th=_9UZ
zkSW~pDHsyu7mQr-!+P3(gu@{!+|dBf)sOHDL!|;5qDykx+YCeHKbG|`&lVuL$&wk$
zTZ|<%H^vgW$TpxQl+2)sKyGJabPY3uK1*iMdCUwds`Jncnuhhq!yu}jkzJqq7JId#
z(bA?P2n$K}&m~D5Gk|WDvJZ<w*#{N_=p~7!0kk*P0NM>_tOn3-kJ8=PviN!5WUq1-
zUgLiuB*fZ3Ka1Eu3lQlSgw%HNu{JV*ULRusg;kg9Q5G8((1N}e(7j{<MOvJWv^Yx_
zm@U+eX-lDZ&r?rN$<IVF!LWr6#Y8DtTWBw6^|`w;2C#?bXU3RA_u-8s&eF|7BOyj$
zev(&N1xil+=``U7Xd>h`!xM`H_qzh|{Zi!nR?8^*h<=iAp8O=3N=i@i%^kon8XLbw
z_EEuV9~B0&k3!3RxK`&Jgrz(Zltv@_2xHB5ZAWJnB_M%%=2dhfB%}y>MX8I&2#<he
z*Vr<tv_R|@ilw(%WblK9x*)|}@QLumU&*Sfqf8GcKV^~t`eAWNyFqS<v!yP!+EOF&
zj<##joO-RJMk%_sMp<&LVNG4tExQi+cZF^?tf>{unp$JErdGsTQ_~E6+XG6Rduzn5
zN=2YZIRX6*dK$8+)I&6`+P=ZShmek_oL9{jRpjyCFwIk-NrH@#?rl6|R_H#W-!hG1
z?7GDm%+tHyFCwFyHk&{`{DY}3le@{5iA9tU00{v{Tw}3_5(^*s7SS(RnT^uKbS6wx
zgDkO>g`Tbsx4G6Xye7szL-NG4>m%~Sv$VdON>QG0t*zY|ryIGAFe6Es;BNO!aB`t1
zfi7m}0bLYwS?VMqBfh?yc&=XchBf?x;YGRmK80apsyYy0l+0>6E+GNevYu<4rV<({
zLxKl6mdX#;0Z&LrWT{PESeh7%Kjc}#rLM&@UhA1kJo8=anfqeG<erPF6kno`VAA_V
zM#&)MaF;(E56%7{${^M|PUwl&J7)B`qcZjmw9RkYV!4B)n)nJjee9!O%|8l|e@yP3
z^3UTRume^A^H_C$=CS?kxv#}Me(sxMFppn^E{==8_+RB8Y^V*8o4CBzG_rFS1bu~F
z(-{|``@QPB9ZYWqkpY@iAP2$ZY9PIz(k*66D?(n@pGp#bKoOI`RG2?4`R~c5KP|XB
zQM1)Y7>7Rl>=eQfGFe7@NlL__M(<*n_$+z|VTIss5Hvf`=IwqLceRPz7HD@G@=29e
zG!Asiap)l8YLt99@QfpOk-bLojkBZwYMcWJ?p5f&8t1_4>3BUI57YIkUxmZ4B*p<z
z%mUJvh1%zzs51m@#QbrT$m%xyaqgz_6gOizRCoUNUnAGKAK1%yj8?QGg@eVZGkwWZ
zpg#o6FcCinR-jD^bm*m8>LDT)T8<)Sud;j<%D*t$jvADHE3&)_h$V~c@IM~c6i8|X
zOlO4%C(==hd+L{1>7Zjfj8K+;Wwn<73O?4$ABJK1f_!M?m{oK2hR=$)st(T=S@hnR
z3RPdw9~_e}a{JZst`V9yxtU+>3e%tVen0vh^QXn<u4Y}hKkcjYSCbYMuE6!xCx110
z!2H#uugqUfTIBu*KKQ?sznT>Bq9qTUzls>H`t7Ht{CB))qfSlf&l8p$;|VM8lfO!@
z-r3Xdy|G@jiw6BO^H(oRjLBb(kFVI`#!$nas26PnZX8idRYYyc8ni91ae#=};xJ9-
zfmLXAW>?Va+(L&=*!FAE(eBcMm8;eu8r2#yl+fL|crI73`5Eq9UuL=+bbGiqT6|vA
z?gy5gS}$vvYcakJR^mdDWv;tZuq(2bAA~Qu4U}N=uW3aSDpgN0nop+gu2$w3V+oI9
zq(D=3JhWqmWHC{osoi+Of!ATT*{0%Ay1wQG*u$D_0wX{jStua<(Ztq=8L;EWBm4#k
z#hqw7&Xh=Sg(I{bBjt2pK*CT@XS$a_Ix%h<FX!SRA+^ngcVNVVjKEwlH5-uq+6y{`
zh9#U476os48Z_T^tQ<*Zy=MD>ktm?S*(+HJqX+Rmi>}4WBV488ndpEom_#K@(2O_H
ziHG#PlN^}LGcg@cIH-sTUeCqDbp6BUS$P&rjd+!TMv~WV6M5~zLIW172`tGR%`x`?
zslVj81AdN4dVDMB>gpS9j09~Kl{Y9=ujv*Tl&P!%qAWrS(_7c475eJlI03sf)>+qf
z9%tPnDYe(L_*J)-I*8eb*GBzyZ4rOnNW))uQ;H}1v}+Ce>*`WGS&zh9@bg;e<^DkE
zcjt@GGWG-UZ8H2})~>AGLsh4ILbFVBroeh!i#yCHaw2Q@>y|1I%YYF~sEVx5DqNpc
zk@bm(#39Y~i6@Xlvh`U->+|ZLG9Kf916PmTtySPw8D6T{&N2EmAG_v-t$H(ht?IYK
zlEKYNuyC!8DkU{PcCWGvz;xt%^bob;UTsas4&*!VI2|wN;$_^rt-1P3KM99n4GgE`
z4z1jQNxM&StafgCb|-FH+?PeGNJQX|c=_JELlJ!1q6v~}n;<E+9N0VX+cN=lOivCl
z)%g=>?@U16>dA572?t(J$LqM4CZy{*KZ)*6<g#dse%biua@tRJnekXJEQXuyp6nj%
z&+w<2@KOZ4G9Q+RZxilZIPhUbW8Ws+xh?ee7Tmd;@NGcT;Bq=%#+}=euK(q^aF`O4
zMtHIwP4RGjmXXk0WjKNwqmH2TQf;^kR{z@Q{@4;(`C|+>&~1hrNSndCwfsTaQXX5X
z&u%fiM<DD!dxoJ>JPfyu0={p#dIGK<XIE?SYSjDl7uvyI^8Qr7GdI?sHl07M7UvI~
ztzCeDuz|h39;N5RcA>f3*x&G>nl0JGcZ55rAL_g3m_g%Rw#~5E$XIMvsx29m5Z{FP
zdP;Z?YsY*&t^SuxU(f4?ujf>P*YNeMGkiU57GKZEF10rt?u-9Kc#FM(-elj9#uK2V
zV~APr>d@f4)uBOju(7MDDuq<rtWI~+^c0*RNxOyWdw^JDgd`x<pye^VonozN8yBtd
zYMJe^o)p+H@%d(2QI6q58DFL3M0_aYVMou;q0O8_#CN;{PvB<GLE<|;9S_s>JD(wO
zH-~W>T+coJm#M?O)M2lBEg^=&saxzuKbiee%M4P)6+w~?&n(#Z&;moOt=5W=bLm)3
zT1#EmzhrCHQ~g@<?SDRPm2XK=(rnFCuv?K=ImC`28>S#|{#3>nC1oZSzmZM8h<kfg
zI-X#R5wGXsVS2yuW2?jMuJsGY&yBY~tc%(oR$1&1>uYxsYAKCiWUNH3D5xL%G4x$c
z#${o;FMiR<at%=#EMkLhI549Ai{UWpo8g69Bdq9I+Q?0nxY2rpQ>s!P`slnBmzJF$
z-&9num(_=&7|F-<-@JsVrrrNkRMQ;@Dmv~+&4r<w-ep9=&eN^+&<*@jShiG>Axl(?
zf))(ZXifA3`Zb5n5sc~I4%cw3HhL7p^o{;7On0&%fwmY7(^=sd4AU%bKn&9uJiC9r
zc>ntntnvO&z8o9xe?GkN{(}Ckc;hVS-@qHcHNnizLkhT;M>7LrjtdPxprKtaZ8|K4
z+tIHSwLyl4lYAWp^}j7ka%~U-KQVF!?4|WZ1>EA#(94w9&34^jLL`@!D>01#f7>w$
z1;(+AoJXEjAX?0UNv=XtunLIFoOIOby-(pxL(f7#Aw?h-p?uNYWtCddam+brk@#*Y
zqm$(vfK>5d3`%(w^+7QDFioV2Fw}=S>_bJg4|P-=(&$57y8fPKbb!H{3k`qejE^K}
z^Df!Y=_USfrJ8>{4&{93i|4^5rtm6WRHX}mI`_c(Do1QV2P}I^WQf6s?f(Xm(ivKO
zyShH=?UT+h?)@q8(C<<E=!NGq)Kl^<NWt2qzpY^@4MR3fq$l@-hmR?RFgy<6kT1ge
zxd06Gja^gzX&C4)ZkgCG2D(o__f;6^JDk1Ie6W7-cDsHz5Z*3KcR!H3qKfPTJ>aEw
z!BGk_Cl+2Wg~eD2`=A>BFHP?%QDf=>eI@^x{k#7m{;^-bK>jg%ApU`rn*!Gu3*pbh
zLJsU>ETmTN%R>Ho!7SvqSQc{Cg|d);J^nE&hJVO^_$Tm>K{5PeS%iQ1?zYsdAZK2i
zJtnXqMCo5RHLjyVg9k0vnEiDCkr1(T*>0PxR`t{<auTesM|xy+F#fiS9azno3$^AQ
zii3Df58WGA51QZgl_e}NsaA!h?<r=b$s}bE2)d|+7Tcwc3d0O&;Q>F7<pGj%1hXlD
z{ujp6|6lb>|G#dPi^*ZL%Ehv;s&A3nH+jvqz7Msx`ok`q-fv{|-U;;n^OZpFfpFUO
z%hnRbcN+NB=dE{P8<^IA_US*5*1xr`e_G$P_bX}rk&FA(yXZsjPyOO+;;V~lDeR-^
zu#8J-ZN=iPPwUbX^0_E~Aw&Ebd~KkY_m9U>PhNo<d)^6sX*0%@&2Y}`C~?+QnL$}I
zNt+D~r+rFpLcMWjzF|gGYe5ez)Eg4=*%G#b2P8-8CVt#KpX2;vqX+_HjQXHr2Z!%&
zFB!#!o{vElXk(xPv)(K+Y9bmaxOQD{Wv<-%pLpW+b(KQ79aJ$Es41$2n2!E-v_@j5
z&@h+`03TrRlu;?sh?@eXoW}(8_)3YVMLsACrKfRMqMG`HJyRGKu-EEZfu$iSpRm}Q
z?9-x>I?N2IgMJLNV@REEBDPRY{TJ$S?(>aj`5h6x*OrOJLE$#Lk;!e=<NU&`$N8f*
zQ;eir#fdctW&Vt)+}2MR(LTovPTx4RHyn%S@!zTsC<Y$3bH1f<`4?EekoP@IOxeI~
zh-@sxZAh*As_KE?;lHAKAY(U;n|;rOMn%g7CeUe1SwUDz1#_2Se=PVTtWaPK{zw7h
zkCeppKZ-wco^pZHmkwMmP<Xt7yU?$Q!5?w-gFoWvAAh94z#n;-Gx0~xQ&#XNX@p$i
zPqUznd|)rZvVxDWOLwGMKrNQTrBHI;!h%<HP9aQ@15f||72jgxCsY1c@h!xU&;1|1
z#lIB3MfIvF|A%i;EDQ$j@Y>+M^##8|U(9{>e@I_^^P>yY7jGX(U+k}5l2uU*ZfA<3
z^if|$vEO=0{VIxg$0~{k(cd&cy`--*-Yrl64~=)lhyR26dF3`X?3=g$pMHKJ`uXx0
z{ru0*{S)-_dykn$Ow`Y>M_^{dzWX|j>jr7l5h>geMWpm<ey7;c&JrCxnaQEcqx2db
zHQ|*aaijNyzy}tiZ#o%$cguM_Y@rMmQF8}^09HV$zs!L2KyxREI}i~Fg7Jv&uVUkg
z^W&5~BP;Ft;FpV7AB_G`T1<Ifd~KKX&_Wjfz<+#U`aZA_rtr(C@S~7UF+r&EqZUF9
zqN)*t5i~x&1FhW@3}vx)>xecR{0yxCSIX)G(S3eE-~JTtbN#<-1;~h40jzkEUtte8
z$a3ORKb=2dC6g<Rq?cs<=YK5X7$b?bA{_sFKQ`l%uVp{TjoJ@Zy<yr9b}WyvAM~SN
zzo1=!e$5<>nw#m@=n`K_##FqH)9Bj3pz#v-4m1!EXuRiMGNAF|_aAVb$uda5nB{;e
zKD(`oszw6o2P_UZ*pn2K;xn4Z6r13IDG^mQQ54EQVktf!$;#&#Ns=yRe<=pfC5eqY
zd_%G7P;h^e-nkj0!rC#h=L9GWNf_fpX+)r$=vD6)!EP=`o$^{cT?uqJB+c)jm=rw+
zFSD~w7T<ALcfN}`iC+?Vm0kONH(K@*p8pDcSG@r!_4k~Z-~#91e?R`lr>BD~l8!p?
zYCJ&b<m&i*n*Q}+)$sm0B^CkZ#V6ANJr)E#c-mQiE0gl(y<@1!vXYBxvKag{N#>6m
zs&ZWQ$#-}VhW?Nci7a>Ox4%}zVL1?^6lLXW%sNrKVhR@;gXuN%R$yMv3I9+d-xFhw
z^U>Z&89xV>PvP{N*ONs-e`N*B%=tqj%gh;aS2*5Yg!UVCy3=ZB83!j~Y8#Cg)#O;D
zNz)K>(=J@ElcMW2A5KoClhdOo%i&};otzatc}L93eo_P?I)uWx+x6x@;5YB=@<D@G
zLa>ksfd`QysO6JJ%UOL|-frf}>GS?zntbLi>w5Vc1=e_d6OXI}B^Rn3WW+jy2=V4`
zaDf%Ri8Zr)SK>C-k`4|+-2{g#>3eqi33D32hUpmU`_A)t3lNSh{kmkld}n4sJID*X
z_!h@wFe!$kdoo92m~48Jhw1xR{W#M^n>?1c8dO33i;u2@HAD}Ff!{4E@6b=Rq#G@W
zDWcN59Bs_ujqqV5j9=sYUNb9fR(HzPA53BhtS<#TTwi||iw`?9K>cSc2pg;aY=E#;
z@C=0Q8wPK6QrtCyqRQ(1_Pj%(J0kiTs5lqE?~;zYg$0A~PYt;`<znXXEH)mGcI{O{
z!|zQVS6`GJv1=#QsF_o%RNqv)#ju^!bRNfMB7yK;C`+3fj+Sq}Fn(s*w=IRNZ+~+D
z`}Tl%YDoj*sm)k7<^MIFS~?elr}nEiC&uEbY0Xpm!&BS2_S{$Dsg<8S*Pp)kg|&XJ
zh_%t8`bWtV=hHuAiZ&+L1dHmiK?)uL)q^E(51@Jsj|fu;4UD=#`+H0Qv6~9WNm4*u
zF$&0b;CXiu6SU$9g8mW0nhP0U%4Fk9l3c@+{Ztcrp`?=j48%lI-q$y+VT#A?@1f$c
z7tg1Y_E84f$9AR7|9XGg#}NenBh((1`WF*m;-p%D`Z$u3SDD&}eqQZk?!SD!+#DrV
z|M)uc9d{-Y50Lb-Dc_xW)rbg)$aiBb%Mj(ew*v#ncY-59a8x>kq1Etza@(?->ZftO
z3ACsY@T7?m@b3cwe~S@tcRT@aPvmA1?f%});qbC}|HD`&tf>p^XhP239w*V2GKr44
z9+LWXJy_(qSl2@mx*k$jlk5f(8k#auy2}1gLQ|8L#M84qX~^pujo%KROcL03i~UT<
zwq?2nM>!`9<%BH!J+vHlnb#>eN*to;mr+C~UT`omtR)@8)LZdDc75)viPobM9Jb8J
z6Umfjd1kqj1?5SmuYg3b$a7H+lUxV=%TYX~oSRSn8Y_x<c_2>@_T#b0@2TPRF{jSO
zNJk!1UuQlpS-lQjV~Fmq<Y$tWE2)Cu92r?G?MSwi$NDE*n9mW`@5jM_6>tTHQM8w(
z!>A?30@G!+m*sM=;$CiPDl1@B2ptBp=d!@*1fMf-n)eMsG#Z$hSufqsg)S16$$2ep
zD5WWb;KzCD$BQynOU4=pbtcvHGKf+suN9axrUJ*&%k4n!ucum>D{1*oC$i~8R6$!N
zkVgWNz=6m(eY{Lqkc##Z*h+PBW-ie&kFc$$95~}l0zsO)4A}a+M`RvW>^U*xoTMBC
zoiwT1m4BuGa!`#Wa(1Cbh2jfWVIG~((2VOss|e5aWc0W(`{W2AC>it;-;<QoQNuBs
zNh+^@vBbmTYGv>rD)w{%^t9^+L`M)7ByDZ4;qqFnecl33*#u8m)41Aq1yHdr=p%Gc
z1P&V93mdCw80Q-Yg6rIjHOeOcPH2sEZ#AMNSzZ<Tb6!hmC=QLtZ;_ObF-utFb)@!z
zm7<j-_dh>Gm@8<AVVNy5CrMP+iNQlap;z@kNiCenk{g}njGvuYWi_a!%Nbt+#U7qb
z>@3&9&Z<S0=(||=!W=CG{*3(WQ;9$5W%f%uvtQQf{*lJCoYpT|$@tih;U%z;=SBEe
zTVy^={w2!%A(8xut1Q;D^sf8EW<80%@3ZX|1B-Re=ZHLaN9f;iSlM-L_-?kL`Q342
z+Bbg@$5SSEP+e3?SS<y+V7&*wVkqr-EuxZ|$p(;RJ7=6isUY<t%kpN!XqqKw>jcu(
zL>x;7QF^Q?AFLA<5E0IKmBUhSpRGzQnk>8S)nNlOtK?q&jaIhSm%_c~hl{w-;W7T@
z(S<&GrFEe@{30t$$#AMv>@N*)6(V$)<BRWym&+#bYw93i&M_nWVd$4I!U9N<p+u0_
zaoNhaY){88+hzTX@1lSD_?lt8v`qVs@26h=JsRJ$HCoP#Ft~?l#hQbATE8{O2Dh%i
z!To!5a96Zm(BM{wqxG!J_ruFEz8D6#J$`UMrokPG(fT1<l{Wk^8{YWkYv8?h3_@1j
zQDMh_+Nl1#T4w_h#FwP6&|IAQh@Bn01_w-VDDX!66HSjSz+8iqs8CRl!>|{sxIhn#
z-hSf7`}G9#L?XpQjl(>z{|r~4y2<NFzpKDRKV(#cDNS{seq#%I8&Md+8Ws31z2-k%
zoLfnTr}&C-eD~4Bg!OHIsNl$Uk%k>!l4;YE@P`L+{HELB>)qtLV>!yK-od0Bzo?<S
zc+g3AEib}k!_VP`qIStMaDh@Qk)N;IHIdWxzre!^bpBigmE}&y56nVUKV4sEX9YsC
z^obu%L|5~f;~;EnNn?$tJKnyOJ!$zQe8rRa3V3WXYrLK{z9`aogwgnVY<#!T_`~fJ
z>Fe@N=)d}D6@A}7P`=ccu_L=a;z|1KR6PxU6lLnkPa5NJPIYmCGrVtD;|~951F1Kx
zpIlnSv5L2JxE&4=(w2%?T-IB`tzea{ccRnx%nx1I)duM5@)zJVUDH2@vn!|*gYjk>
zfxPV#jbG#7S6@7q#}3{$l;Z+*Hdq5CNmSjLCDcnwm_BI55PaZ$tIFZst73Do&>rAp
z9X#-Q9vTB04)P2hxC8^CMQoGqhL!6E(KP_7U&EK=o}Q0zQ{T=ka2*k9j)Yg`?U1$k
znKNYVjm(W`!5XO#hBXx^unCPibjcm4v%{@_hFb{*1jUXcXOD|7M~+V7kz1{?2Tp~3
z8Jc@q<7z<)Dy@ONE!mq`ner`rgFVUO^WsG_SI&TzHf)(WaLZ>`VsEer&*6wgCgImr
z!0v>mJJ7zb-fMFQ&KkLfZq1W9t-SFww;-)#4^SKE0kZJ>-3z}<I+}_=#)}13J7vUk
zh<t$KH>ZsXx%2H}cB=<A;N^-7Ub6TSzKzA%s3p2MXDx{OzDq)xkyAju=%jxrj<Eg`
z+~n@4upz~O6GR`DXcg0dR!SX4hde81h{ErCguowr!{Oze1GmW=nKN)*UqtU*I#OxH
z-la#*-|)L4uIu4m_DsEuy@be8*SFDXuT5HY6c*uV+VuPN8(%2m@^*BEF+&A<g@G>x
zh%cRs>J$7c`iAJeP0^lWa8J%Mw>nK$PULOY+n#nIIr875U-V~M0lv@3kTuEGjl1z(
z>eKRf|3B*91iGneYXH9KKvSk0lp&%>fXJW-El_BoXagzSKuU`ORzXF<T9rvipvqKC
z16*SSeU3bR`l;`U!*dn|0b2?!pdy2UfFdB`jTaQ~S?1>7d!KWYdy};C{`Gz9U%zWf
z+k4MF!#?}$v*(Qy`*JN2hN&l`FV?3cs=m7)PUav*Il~A;k@gmGwMcnC1!TZilQ>=@
z{PUFHhJ2(;J>^>8FAF_0<TF(Vt$=reX)yegBtDi(U%z0VNXUIad9i)AfKr%T!8(>-
zuon|vzfJhdMwKVni(!7}_{8Z&&}}bTe<dOd#jh!?Cu9rieN~G2nlOqQ6{m#gK&+-&
zpZ{X0DRDz}jt=$4_-xwj?R=xoRv`9O@Wv6Pt|vqC4X)TS1!m*F03SvawV^WvgsfpO
z$eJF!lgZEGZnN|NdNY)4(&{qkpAN)Tp|=oH97AFX3^hiVKlyj%{ns*u4^0)7-Z!LL
zw&ts8hN-71{HKDJAN?YTy7Kvz1GtJXASuZ479m`Uqp<jhBfuCy0NX$#AWrxa0z&j(
z9nov*o>sJ=6eWZ2+Dsr44Im;Hz+juDzrjpvYZ1Mr+8Xj~47`KRoglly{DN6iju+B4
zvmO0$%>#(fP1YbjXWfAx13`Trotil2DpPi%dSdXg+Q#i;FVTVI2e<5TIJiM(So`oV
zJ}lCIcq4vzLw&3!y>&g)q!%eyV}n%I^R3jgJ=${@<5vf?WVq^P<BM17HO2hbLFn#p
z_2jVt04O}BJL!+(gbsg7C;j2$x|5E+g36{neSylr&3fTK?5tb$XWgn`S!kArm?^`p
zN-~fqb)Gs$O;TskLxv%W`W!r;tlp{K9)bCp?R^DxROHVP{E2MVj-lbOI)Ha*Q9gK%
z*=0sdaYnam9e#Rw<j;5TPx5TzpV^eT_!)KZAnzbu-@!ciB3@s&=vX-^JD9h|95d2R
zGWK*p*J1eiaaCVb;}isL#Dr~WuG-r7o4r81*#19<vs{Ap$UR(N;}94>_|sRoDm;_e
zHB&D{rfF6-((50UDGxY}^BISVYRbC-!!BT*qat12r)2Ez%N)>9^Lq!A$0T_GtIlPX
zYKIfoSZ(mXGU&h0qwgN+uyewmyNo%LaLH-t&lbso)C_HgSSV3dGcmnUvuHiZriSE3
zdq6ng)g*5ZAk2SPH%h=qGi%+Nmj((k%Ibvk1D3js;&<zSKZ>#L7bDP$l^<V1TW1sW
zPjLlqlmcntA{)G&NFFnz6?u$(GU|mz$#>4=?Mpt1nRV*C%t~lfS`fI`QZVRVtLT3g
z_c{n-D^RUsWWCc`0yeKCqQ6J-{Zh}r1XlIpuOP9+<hyO2>Byi&w{W`*?VGX`9=S73
z#%GeRCJ7TrZO3%uZSk873Na0~c?)`kMtxHrJ-yv9t&01&L9G~Rr{^Dt#;~@4WOm4u
zY(n4;a>FfF5GMda0|W00;wr&zLf=@cn^}a>n;IFw5|ASD1YxPuKBUHJA4&;>B=l;4
z-T`cMy)iF{qX-8NJ+^?v=E2k|8<69?0|;fsPO)Mlg?F^JyMq11%&_llE0|c*6OuTj
z2L3<i7KfhWiJxd}7{;A*MqE4?zH-#26^%?zaRm!g@bZvKYE$e@x!-w@&8SWlAHNne
zPJfbOFLB7jG5byv>H=GG{|a}HGpuF%Xv;KcnABjymY3QvsiB6QVj9+&5;O#+tJIx?
zbvzeiM-I6+yh_ntP3Eugu5aK~9e))8k5lexH$q1-T`F|GOEg7Spg;1zyrFy2DR<5Z
z@v*JU+g7=8ha`~376b|@&^OxhgfwZNl=GeV81s2Ot+aubWMZEHEy=wIIH<g~ed%tH
zFcoheqiYws^`&_g8!mhw8Z`HdPgMdTDAT9e*a`UMfB7OSwrIw54TL;Ps_AkggsxYV
ztC0BChThR00?w`>vFtzx_GU}$8@GH`sp2ocP4x0L{_;?wmrMA|<B4A0&tAr0z><3X
zjQjH$hx89S@rS?bA2#O?|BPE(5}!n~`UI2snSa)<KGN4&Wjj5r3H6LVJgIzk6>d^>
z$icXZ<j))DSH^MX!K^&#2j*co{Hb<|+*((6Wg>5}QekEagSRI;g~+v5tW4#PpPuZD
ztG}`6*iyP=!>D<6UpI$J0aw*0OP{^<Ci{<3bVR9Ax4hPl7iR)WXLD<WhWzjIkkUy+
z=|%vh8%dO|$VlmmnL8I|Y5`g|IYR3uM`+#9R1_!Q{R8P;ekwm(u3&31vyKR!+l&Nn
zEBt=~2;Lb|{-Ujt$Zk<dzP}Dn(G0QTDio{5Pik21g*+U+EI;!|)Ssq;)+GgsQ5V|<
z@3J9*DP1hX0-i3-hXkBm%y^?AQdz{suW2;Yl%x@fB3!PyDHj4XGO?Tp8N4vi2}9cm
zp(xk2jZg~KRETNnx%8%`m)>+j!%aKIG%ZTlltbrsBhl3!kH^9+@_^XKxAMmkI65&o
zlM##~8UbVMDh6Kqf_q(h)6SRPv~6Rs>B2CFY<Mw%=m4*vqlxS*_6ofgIr*mnIQdUY
zVi!f*FC>hlWG4&rkLFCamx=z~K(s>FB{7wt1<Bdqc8o3!=j4pkSY}4hGOg_0-SO{`
zdR@j}PfPsz58m^`iC=%iUoTGl`eXk3$;7XpX&0gC97;=G)mq}RO4_o|AJ;z|%^xn;
zKg@00;6O?SpTx?<lW4_Xf0X$3Dc*Bs;@7+Q>n{_({-|x-3V+bgyP^&Ie6#-HbpCK#
z^da1Tx}J2n(B(Yb6rD47aw6*g>|8jE_qmQX`j4E`b$)lVzNCen0aupuI$(Pd`HG|*
zbZK5Z3K)i3p=e}k6DcU^=pIv0z=7S0JihpNHZeWuxFJI`UnQA7qD_%V_o$M5XQ64=
zXj3z#9io=N(3p+w+Q+n$_g00-Vpy~k+Aek5(~a$$B<hzh1K&C240xQPe{3?b$(6zv
zjV|w3A<^>K_R2NN=gk=dR)h?g#H8N2SNCPAprt}g;28gC#pQj4(98Al==nrzc(FGA
z1%~-~@!i(M?{39+yA!_~jPHJpyo2Gd#NieFlXQG?Ji&wn{J1Gb&j}H&zzZFi+}v-1
zlh?maiz|QKan&XH_`W|cuKaa;KL0cxn(FRR8I#X{nu%)+a_yAPe|3b55#Oz1o+7o9
zZx0C8&C{gyW7&VHuAGx@aridLRO=RpY;(&ODd(ZP$0kbcFTNWp@NYreo7r>Kh+qoO
z)szct#4e@kU+8PP4?v+NW$u@PQ>H@SJykcQ`9}w+yydxq11Y%dR4tkdmTKlft|asi
z(+So*w6!EA-*+n)%Xc3bZE?tBLGHw&EMqZT)ryIn+&O2x`|yu~oO(~Tt~;K85VNeH
zS8tjlPzW6qz(g?FN&$6%Sz8J~Eavg9FD*mwk>((SUg74s^UcIG1yiaM=g&X>ZK0s-
z*?p1n=U4s>KKJkUw!{qL=-AvFO&sKxk`FyA@4dpDbj?pOCtcw-=A>Ji8MWudINlQe
z{P^J|;m?B)C%~WT*!Z_*#=n_<=e!h5?YtOMrld(SFv7mt?xe*TN**gpyL!^gO4MR#
zsU(k|p(%ZMaq>3Lb|<;)`dghs1O0FCNBfs=v1sa{n&CD~z0h6x;35t3lfS`1-g|}(
zvbor)i$|x<@8O;MYD*P)Y!~QgZg*w*MPmNPhvvYC+#bf;XX)DCs<ofU+A9(?r|*^p
z2MRIpGsq9!>B#LN710G2huW3}w1eEhDivQK!c$#<833i=_16;!$(%;wLY;DDFqh0^
zHjov%lU@*AiqT4DAs4t`mDOYV5JQuv6m~@J2|g4&srZeA33qLRCmj<JqwG=aC@-{_
zT*1%ZLq02T3n2P2Dw5Wo<mNi%tHr%oU#J77f#h>aS)L%so1m-iASpam!^Y~;QHab&
znLVzLfc;zIwB-ITQ3+-HlTpLpZbmQWWB^{c$Q*itCV?~*PS@oC6qo^w2cXIO81?=h
z7gfUY@As4z1o{^Q7AP*X;L{Oc1BZ*OD4>v&HCOm&;02RSj=gynbPmg)@Jr2`nodT3
zW@UJL<U`$Y8lQPwhCeoTj|pP-9j=!Gm$B4DzQNPqYg{HJ!vKe$a(*_5rRUj){Tuyo
z;UjoX^OP<41^TrkT5Av<^9YrIQI3seG~o#R#2AZC_)iaNi2x4X)JIV5{LegPK?mI?
z?cjJ~QEIOcqT7JIJ_EfmdWg<qdVG%k8_vdEk3<e?_43f5o4V-Zd+_`y-QXD=kZF(d
z1JWzrAHj-hQ#=#Cg@CU!m@3sBoNPyyA`g$e?_9dqhDycOZk7jQ8wH71x#Y?Md57};
zIiQ}Gp?Rw{23+BLWqvlI6na{gSuw?@lbJ}<m>Xd$l(8|w3{M}Y)#OI^e=@&T3Fi01
zfJ>a8wW0Zq!$c*!8I@XA-XKY?ID>n2b1AfXzg$N#gLBK^y$RJ}ca82M)c7#NiODU`
zvc?e8>T~2+tIWNb5Dgy{J;CT}>CG|p)mK}l+>Co3OueuW2TO)=N)=lXC!F2Ra6;P>
zdWgBd;ag4>LzdgR(BGk3ZtkMdWBNO7Y~=61y00SnN3g2I=a|qwvrb8yiOOloDy<oI
z-;{f7)24eQ86dpIV=I~Noi@1_{MAuQM$%l8n`u6l)zKs(*i%hjH$gpE5_=vN(UQ|*
z%o+xZz;Ii2qWU-JNjsE%jal4ug{nmVA);w_n%#kWffM>ktiTe?-04D!nm|O<Ftyb4
zLnF;v5yy7C_!a(sB?drZNr40E{gVH<_sXboq&@zf5&gTj!C3NHw8CS((rYF!(V)I&
zX!MG%45X4CX%rymQqA}FuEk_nF>pw}!JXe?G%>NQMqGBL-cWf{dFw&4l7$XZLRCg@
zUMIsI;8(pr5xqfBXB5aaF8OO7&x4mM4`A7iX0Wc0<wkS@=xMr}3p`f5QEV~B9aip)
z5|Z#pnOPQT&@8J5{%pw{kmPYZ92z5q<ym^;x91vl66Tdc1f`ULBib@WNq7B4loxAB
z_YRG<qI-wMUbbErfH#8&|M&)Pegh#pB6{1n(Edvg$3-8G#rmi8@b2ityWpWr52r;R
zPBq?gw{i1NOT{_^F07Gp0aqg<4Ngyo2Dxz!aw83PV}tAC8eAV~@G&;HIvlaz+LT$B
zb2W~VGnZ|iRp~vKSx{?7IfaO!w>^LO0X&S6m&&L%**tr;C#QU1Z*M<JR>%mwlDq;_
zGaxZWzqeZLurJ;}9?0QvxHZq?iBeND_hWFc?6FToj3@;zZAS076gDN|@0EX`XQP#D
zWIR-UJ92Ru7!KAOzs-~UJFz24tazMmUaGgq^1=L5U<lb=3iNOX9yF5>g}z8Av}R{#
zV|}q+@!4P`o(<-Q6pS?9=I(LIm<`4gmknka>I&Q_BLb37^qo!eNTDYQDyJf;U@(LD
zYWCX+L(>lG{aT~dOpz0P=`ECUwtGjo<R5Wn5=C|&;eHi)<@3zp-sB-9`oBR|H0Qin
zF(etOXfg+Ui+$q-s@wul54}h35@YOe75=DRt3U6C@kv0#vD2hMPJ5BZk3(27!LH5a
zyI}G*b(G)GORV^grg{bj^}y1*P|P=uQi&87=6l^$cIne-hNo(=VkJ(k>U@giJ8z=P
zVmnH`R%tbltVok`zLvz{XE97f9C8-;TST*BPfLvDR#rZX^4%toijPZGKVcG}4p^Y1
z18kS-&dIfVI>ImL6pH?=;&k|bVKTX#5(z(p`9lD%B$2jQgftZ%1HCQA6e2DYAVyDn
z#Gjnw&(HNNqMqdwk}#jpj3^Q*by<IfL8yekGz<zN1_98;iX~WiS*}OD8u@<pvm2!O
z6nlaErz_`xSdoKrQoxI0{1$rfDGZP0w&cC;9wCt84@$nXd9zTj5eneUszNDJxJusa
zJD9vC1s{m{+bN)JGi6mWoxlo!+g!n-3_N)y;_RIf|6FnUZ3p3>yHAveQ@$?|zxe|G
zXpavp{6Tezcz!GVzd`bCpkyW9FW_lai8y2PZ}7`z=z77nlIVSFmQ33yD<BpI{?7Xw
z&=k)DZuytYol4>ST%iE=3X5;~E6bXrq5Qh3>{)?)%oP}m%clBylRuIKSh^>tAUW5r
zzrSkIdSe8Cpsgz~n_3QpmIcW-P>LO__X!<gP75=3UcZ2@SiQ-TN++I2Y{F7GJ*s0c
z`Bxz^CR4!RARR)B`8sUoi2UPI`atiWQe3quSM%d~$8MyP&Z}Wse*m5p<XrUhaASz>
z8RPw&7{4*O26}d*a#-mBiwbQZmG0mX8`1M8s|Ws&w@Q>tN?v~>=922oUbWP}n#Nw;
z3(u6%o6vV?@Ob<^AAU#o82NX#tBSr~@EiQC{N~9O)YfV<HJx%#@gHv7E?6{y|L^lz
z8mdVWGQlzNvjy@-m;6=KD}*i}`79>x9&TQTq|B8w+#*&CFtL(EHYz^lARng8{Y*cI
zg^EDb9TjkAoEZ^lo`Ies1p(mV;8-g^P^2wL9pP$9`G^I<dQ?eOXHzICNzUFm>qGl+
z2mJeq%z37+!@kv4QGR=qMGAl68H?vlB9R)U5qI}9?m+YI(Xs4y<v|+D^OXyh4@~qU
z_oKgS+4^-RA>JF#^Kj@zlIBy;0ZdCq;oq{L3vWO?ljwil$QdIM01?U1<awgTR0-+E
zR2Cc63s0F`8y;;2iW$rFbf@@6eKhU5q(n3P4(q?a+^7KlF>^zc?gcD(1DY?U=AEO>
zJJsf$Va$D=f<J2nfohxSdy!Z{dH}w-td+*Vpg#0u2{I!4LKo0R9d!Y-DrGYnhhiBP
zpKox2y$Ffw1Sw~a_{d5ki(eO@ICjy6ad)RB3{(F`@h_){2LECNUe3>=e=K5Ha59V2
zX2tV}v&~(^OT!*jOyhy4LXE%V3nzJ-i=Q+Z+^ZL?H%}cpCk>9DcYx}EhgtYgTs11m
zcd~a$dX=ZE_=)p|i&?$tsr!bo?_@80EJ82Iq8|+$<u~;9re#)!HqiZ9?~?!H)*{AR
z(#~#k1JC_IIiE?rGUvA31WuyG<i?ZC!#rTdp21jsZBW^XIcb4BAgBvk^6v-CLgmO&
zQu;_rO^UfU<!q6lud}SLA)3*TPvVr)x15zXCZF}XS&1gF0oL-KDMn;*$qJ^7kwZhv
z=UpT8hOS@+-c(0;quP8(`Mgfy-lAVX$7^y2uR~|XNgGl4=usm+(hcpC!CaHeSD)ma
z2+&PqAipK_6^S{87cwhVt3kdDSEBZQ$rN~Bp4+6i_c!sAF-=U1PT_Y>an+b6$qwJC
z-X)Ioo!(s%#&7r^!D}}c{+aWj0Rxo0g^|5ay*1H-Z!$5x5XD=8!1d#L)KDwR>|6uz
z2$B9+po8Bkz~Inl=o&75a^s@YIJbOpRbi3?amJB;R;)nRlp*3L^Gp{Pokr9dCa!Xt
z07xf#!TU2}#a9=xGDCf`SRtY2E4bhSCK?G>0X&)$49<v4dLdZLbJKczk2}RrQcR9T
zCpZ+`CN@-ldX;wvgTg$t^<H3lxAiaJIkrX5aYuOg20e5{ALbc_kEDoOYW5^p-5<~&
zKmBgGOc_#>k}ZVZxELq&XkM;L5`L9SDP#r@exY%V;gZN$U)~L0mC>JrZ(m0@TJAcG
z53d3_6>hW_KDm)h2DQpzM?}c6C|T1O3Hi#w)PtKGiTqhsM#LND`v&4i6AAv&%2C37
zra4OyUWb$x^I2qqnSx2M`sQ_aj}#mr5ox(t-8sK_TVX`!AZ6k_=BWRfdLOLW_4h_;
z?U&3b@%>#uYb!q$P6$F55QGK`dGOJ-ERhKowG3vxQ&T9c!JuzNxGxu^qR{IkP(}1F
zJa<$Ro{M7qJf?jxXVw9@ez-G-^RdB)A~%M`U-{6D$_I1VY}cu8!EFD&qA@kZ!mnty
z@+PGx%vV;_b)Of*;BvL{ePAF{kJZWtSnAq`Me=%e)C_BFk``@5nCmqjay4=fW4+A8
z(;<)TSDU=ZW}21KDQq(Zcz83#yW=ak2h$@;Te#oFrz^)-FOS<_OnZRlwg0fv_0XZD
zq@Cm;7w+Ix*syyPZ@U8j5zm9<s!It)^B=|g!*hdc(M3iIjuP?39@s8?1Z>lqn{XE%
zhTD-PFpXOr2vtemHjc<mVqwM5R+-e6;*xre=K*FhG7OgT$*-vMKINvOoh<rv24-}#
z6y*FSR=gYWy!TbwnAmJo#$?CY15x|WiqW<#2#hjoEDZ|Y7EG)Hl#o&_C{LULa`K6(
zf=3j)QRYI$4jE|hUaq`=I`~Zp`HuJ`13BNOMD&yt;1ogdcgx3J@(=1m%H)R-n_9ph
z-YF>lOE$&_e_dV3Lo=ABml-L_Fnj^^fp{_IVIt8Wx-<sI*vphh)3XWk-SK9-{boj|
z^Yk3gWEdFZdRe{i7_E?%3MSoNPc_j9h<>zQtEGVCtDbH2NN%E8D6Tu;NUnzFOB!ts
zOBI*R3~Pkza`-AVDXit8U|2J417HoRPD8+Oha=pCgR>KGUI96Pdq82*22v`!B%GZY
zdoctEduPsHh!vaZhPVJX#Ao;$9Qg~Fo^qbu2K10_$vHN<98SRvnZ|EOag`@6*;faQ
z%Wm&JH4Tu5Vlm)`aEMRWgglHq|Kl09(0nYBEEm8+KjjO}2R1`o_QwUb$}+57eC_S9
z&_fsK!+ZYX!%i1<AD)~5ABq<Z%%4S>Tgndm<+&tJWNr!dxDeLYYd}R)jZL|n^q$|1
zH<X9T<NEGk>VNLj)W~L?8rj=SnVa25h-7E__~}Ne+)mm`u4o-HflX{+q=V>qF{8AN
z@oKm-GNAKmcJoFC#GAJ_J?s_5tLqK3_<(cFG>f(4X%^~>226d4;oM8(BZ-_em{iB)
zYcM1~K={V|9kmyvzF(RUgl!QBSp)hIFkYNKFbd6kpK27EwH%tY%4y(l)lYdo5#KQz
zi)<jX=k@Y-hkQ~B+{`ka%cOlHD%g&fVN9_*<t+}m(h<JNQZp2@+ikRsuWo3)|DWV5
z-&67bk9_4nPQAo@<^4Y@6cpRX7sJaVxyi|>Q#-t)V3c4bd3g8Q;TiN)9-b|>8lDG@
zi)d?%_1<_qOP)J0S85=hB{eRd#r$8!vjmHy@ho|4(Z5c?MGwu^A5a@SFxVUHF%d7Q
z|9>I@)9j&#*F+!M4d-$t%gLAqvru1%Ke1`b@mt`{-wgJ;Ku3zb$(e%&D}SA*E!k+u
zEc5On;!097D>1PBN2PF79}vjKC$QHRQ8$=<d4}TciQV+4kfhp3X9aRC=IEZV=pxG(
zbf`cE5)EQ2lSb{RfvHrR;xI}<A13#iBL>)LeGYlMgy%IaFvAikY8`T?V|q)2eU=sW
zqbi%kPDCeWOEfWMOF2ymCUYgm+Z<vsYi8vM4C<+5$ax1_zcw*zB%X@=XJ9r~-}xl(
zRe+IZ7K(+AY7-y8@S__PD}1IlqtUi1gP>Pv%VHbI;2Yz=5=n0(1#S%V_FYW&=A*!%
znKTe7DO1vVq#w%K$$d~E)e0{A>FX$7F>|M~2N({N4;)x}c#!g(8^%XjoloIYcn$rs
zDPSg>xcn!^dd@du4ip*=B~z1kXnFSa-W!O~{YDw&M%R<WZuu-Mbv^V@p7*gSGFxZh
zMu#t)?6DK8OQR1&Zm1Y5u^8KUzmF_UIXa0})gD&${92U0PQ$89D3xg+AzUj*_Cd#F
zvs`t0Z(hZ5(YaY}hCM|VHbDy?i-E5Wwtdi;592Dc*pQfPwCh?8km$ebs%^pu;~=GQ
zWCW0ew9_wYfFvNY`<XiT-I(mXg8IFZ`t>x&@5Pbq{NQ=g>L-#vK^>n`n(s`q$Lc$i
z;=PqV{tZ4p<q%sn2~`u>!zdn(0`g%kqILD%G{T%y<ipT9_4zfJHDf~R|Ip9wn@hwt
zn@@?wo3W#o>U>IQ1N)fly<YqzV^Q6G(@2ER0}1{_Nr@x<gl7sppLQ3rZ+S_+6VpoI
zVM!E!$}aGOLFkLg)S=7r><o{EC?=4>l1UM)+`C2trUQ94fI|9+=<$ZnKc#&UPAqiE
zP1M8MpJ(XLT}-~>w41gp)tia%LJ$O+1d7f`ftE<H{W}-*&^U%NgNCz-dSi6z>(J|X
zIB)3bTI=BIL<dtRngsQ-IR6M*QNKxj2nF0O`suqd)pG<U6FtV9YVQg(Zce|8Gwf-o
zo(9%r!cC|;3x{0c1ocU?DaloDS71J)&mCA&Ok@<0Q1fy%>GOz6qsDJ8auVD}A((IF
zc24xcf@`#gljRDrF}d9X@)Wwwpzz)u`QuJEp?}h>Y?h;9(y&}iYU&vb)U!zJPQnw~
z;^mP=qGe>B*lK8=*n@&v$WV?6I-$1=?9GA_Hdb6v-DKwL=_tQ(zPIb8bfmVI0<$E^
zSDnXYLGl6kQ5k!diNmDWwYqaodnUPRYw_O3#2})cf1&$Z%2BlY`!u`1!;ReE=pD#{
z{J$!~?f3=nZ|)bDs`R*raV;783%g64%RpDc>1^XAzEMtaiN7m1dWrv&Nw`B`D(drw
zH!rd`-SN#6IvHk96Xpz^q5OM%F3&OYDr4N0LA{+qL-Dg#BJT?=f#H^wCeiPLEnAr+
z`lk^;`US@{IA4@Nr@L>nNgi&&aOb?b8ffkz)phMeCHu}^0`WgbmFu0kluMp8nAf@j
z3oO1uOH%Y3H~XekNzuNkSI!Pa85^$XLCH)L0OEDNCSPM0@PVXM|CkA_`npZ^q+f$?
zTv!t2I(J}_856wsP|&N|MO&`S+3d<W=9wCC*QwDsJh+{IH`e=Nl9M~<cW*QNxFF{j
zz?a^Q<{96E1mV?Dxmw3+jU+!{j^kpp&U{SiYpknS`Wo}<&H~FafN`A4%MY>iHSM3I
zTsL2^#w{a_yYR-RvGFY4`1li;e&8tVTK`ZvDOcI=E9-fFsR;8x8S(HgeG^C?(Bihh
z+w|UxT^@yw<Z9)Ex^P(YvuXf8C?72*cB0DMn7NDcJ)xJm{H;T-D*&?7F5-o6b%eKL
z?QBa3LkY;i;4H0y%-CNmhgJ<IYf?647Z_ttgN@9rQ+^$pi^($G!8|Kbi>{>F6juq3
zr2^Med9p%SLe0g<x(mp<+Qp4JP?oF<XJ=Mkc}5c46otn=@;=~ZYA8u@p=)c{Dc8xr
zqUT|(%I0$N$cxDY?Hg=f+^Du@E90pD?uNs--cg%RjwS{2J;Kl$=QUPAT?BH>BP&6U
zDSiE7IC4~*7qese+I7x^_2Hwyo@1sof9nv~yW~F+)~(}V4fi<$Iz+7Tmk8#EKW1Rg
zLcbaG!ee0ejnIKPZ1Q$-h^tcUIvDp3Esue52R9vRkU$IMjmnUxC0O1;4Z0;d=r#d@
zFaO5eCS!ps#sl`<ibesujVTv~0A8pYqJW)`fE^5gT?~Nj@j3uj{Fe@}AC6;y9eJ&R
z-o?rbkHJBS^A~6Qg**UL{Yvs&a^{31`Q8CId4u+6qTh>!at5S30}rASF+<+!JDgls
zl@gedO$ndG{IXmze|PYHQ_eYbAHhQCXW+dzSN=^(KPAaU8NNfwPT8|GTkT7M9<>>n
zb<iMBe5ytc!B#1c93U?kSKyWm{MZqglP#BKOOtAxa=%B&4mS&f`U9n{U4da4m?tTD
zWr`y(DtkRnz#-<(h8gS#-e$@<<+&Q<8ti0cinouvS4!XNlE-EE4kkO~DT}k!9<Ja5
z7=0xhe6M0YfOK#iA9hr>L%svXt&)2_qT_8ef6%}<b103p9py%P5n*GSkW1_>z{)?2
zP`v*Kfa0Hf859cu!mgZJv0^>(AZ4f_K`?cee230RvRDwf*XpR-2oLh*pB=uRlk-9F
z?nszfn@5a`*1~fjKQP?}uRXJAGcakYuf_(QiTOpg^=wmS*oOprUYqlq_*enDxCDm-
z+p!I3CJc27TDnB%Zf{H2826-2?sTBy1JovtKud?*%N3Yo#dbK7G--<z%zac6ohMwA
zzLlyDCn^1(l!WM(I0I#tM)&0YxIGC)_atAQ2YYg@VNXJe=lj?_nTC7flym=YapA)L
z#&IDUiXX*Z3~5rT_akzkznMrWWFq)6?q;-j)g$-)HONZ^f!PQwYjo1K$fWHNV0DU4
zI!gnVl_ou5v5kZ+n7362FDIL~mCxG-@Ur2&uX-d_z8!Zn#*@1OqpaE?b_9mmKId~-
z0CU)mfIH{utUJbo;HFI9K$AEGlkhyQn?xnz+*6hEpE3gQvwc9Xe~V6K7)<33oAewU
zVm6c5cohvkaIlnjF8rSXsLQ@a0Te6$%U_^ElFiCWvnrtwvFNmbhu7xivE#&?!H02X
zw&={Vo$^_l+88^V+ms5M+RKGb7uw9Ag|c)nPHl{x&kZ_;Ghw$ew7WELBsyFXa1fH~
zVbN}H!?2iOtZ!W;p^Hzzk+Cwx(=_17_MJ&u&{S;)UBhn+MO3^8GRQ!18MH2D`5({M
zhvWIFA}1!2XQ-D^5G=_?Z#myVL@$^;kfLv#g9eHfkKm;hyd!eM<OhajJII?dU(6qs
z>p=9p-{j2M>S@dFmtUoHxZ;ulFZ1Qx$JG8BKGK={(M4z(QtaOeEbY*5<X~{{Og^Q3
z>}hvR+6+WxsWve_slYVd>6o1zIURJ#(dn?_=zZmVFuF?~mO;m2%Ht72rV)p|%A0!-
z*uyfgTkMNblx=d)r7;wR+tY?yu*glI2*oX66}P((MjKMxqO;Z^n**a-OM$$M$aVu&
z-Xo7l(bXd#Mi;acEXwAz9sw*mPqB@BD8n6eK(}XIaN*?D)ut4P&dq`T4mp!`TZ3Ov
zx2FQbQlx+@BT5BekG9K0QmSL)9c+XJ#S|%3LJ81u0=`O^z}J%R7e0YAr$kE{6T*Qv
zN7kIN;>zASLBO;>SFqTD)_FV@Wd{iBJ6QY!y#Ros^ekTP#0;p+2ocd2I^}BlE86l%
z-%7dGu?y|6i8^L4Qu5>}RTg<dRqJ?tAl5^~B*+h0Q5f!uL0#JFT=HfY!(Z5&N=Lw)
zAIM7yH4_X*k+E6;KzD71?%+Zjs%Ke<oh0v8J{`+lS<sg8*;$%acbs@vnsj$&hJjhv
zFs)7vsdueW@aR_%>z>w(@t+#++4tc_c~546Q)=>ZNvh+#<t^W^z{B4=I%DGvIeD-G
zc}NL3Y}G&*s^jAy<n!)e)_3d23F;Lw-}}y(JcE_G{-jkx{a+LBvGvT?<3~z$sr-7J
z<ToqVvoRIySLNArJ<ZCq=X<MJyn%xpL|~L2nPUXCRf)d;A5d}iHyR>2Am9)o;}A<|
z2+!rN@Ymj5>O02u=|=qoM)iK6NYIrlT&u1G{L|JK8UKw87{9Gy{9+vc@<zr_GmPKk
zug2e;#mDDK*c-@SMn&cpAEbe*KqB&{Nwrlk_kLIS(Byk4TM!>-#ieuY>zMneJ9y1U
z|0)Cts0JIUZ5TZYS4)#dXG^|KW+`Xa{D-8#Xh8m|3_wp1uC5Kk!QSBxT<h@7w+Rb6
zx`G8(S70n+HK1u4HWHm6eY7lp$R>C$=ks{WEuU2XrTGuQ$@2Yj0hK3}19LHfcXwA{
zNp#ktA8SFXUw&vJVclRP!Z7AQp%qp0;Q|x`57L=Vrxf^=RJOyUxIWeL-n&j8lrp#D
zBl-o-a2ox#!4+_r3j()VT=EWARVWP)c9qh+AagV2jNVxyPTOG28J(ZG1v8F!ysuCw
z==2@c<}ks7?@C0^z7lcIF8@x?wU~){XMt%$L8pC%!PYm8%IUe?YaZg8x80oPxz-uH
zDO}>{w9_f?^zNoq?@n>g&di<p{+(W1foU@pTlH00)R#fL^)w$5Oxex^IIO541zWWF
zXQ6<RAC=0;-^1b1p?WQUInqOi3|rF9AzIsWC`hIguFs-S_z4#ekLVXCkayE|`h5ed
z5rMh0cS%)hS^+R-Rcdor=KhA@khv4VU@Zl#>2w}**SBu31H*o}4|*dQ{wOdVaCNFL
z4ECEnBB$R8Z`!aN_X)G7XYhe=Nv9uV)w?fpUU=I3eg6I4&Mwm~EaHmgP1TnQ0Hzjz
z!-+tVMQ#<4TEAyfo7S3e>od1xR>IXtggZ7r-XCxwmU85;l={3YkUhG_X>VromEj>c
zjzo$apeY(A^Ef4kbJcFd#%gOU^)pGz2GPolrR;+wx3LQ#qpr#{BIwS<Gq70-v;yj#
zS*Hv-*A0UnvP}#7F{LS*va8Zon&9^QN(z|D%WMKBuP-CC2l?>XS3#8DG=Nb5>g9L^
zDA0uz7+Ol$KR1kVkOwIs7nQOS|E%A)#e(uUd?s&VUc4W`SN`MT)37u$<h@eERmP~-
z-SiWH>3E2|s%k4Un!X^A!#i5~Be6j?RF0D+IWW=&r|I$c$cJ~56+Zm8!0r34PG=}7
zdK1{^?GeNUwDnwrr4+WhO;u8-v(B8{rJjC{;0Uadu)`s5^&aN(5PZ@?xrfr4W3hq^
zJ+8kB^c1+?<^=O9DQDBXoKR1b(Y_hEG-riagoq8ew?#1F$VXxjZ5lH4QxIrvFMv6?
zf+@e!VfP)zUD(J(*6zH3z!_-~J0$x07^3xRIu8gH^o4TKQ2@$tf>DO=9P%zl`A-Y;
z#Z~)D9OATU<GCo1tMfCD<C#EMU9E@JseFH(rw77no7=QkgH^U8I0|8P(jjm29@ecF
z;q~d{2)x=9m{clk?Aruq0{tcZb>1N`TcAjxiRhy{&)!V%v~dSUTJz<t4qS0~3&y`#
z)INX|7dPsV;=MzJ6mP>Yc^{kTOKORGAXYq$(1xMl;JL*7z0d+FET*gnIJ<-Ws_9Jl
zs?F};;I^9tL2W_t1Nb2456^8<pf8ni^BueZ@FvGIpkxO#cdD(8{>2-loE@Ic;;LMW
zGdO&^qx?+MnZM?hhwt<p$t$n@9DZv*b07JSpHq6nJ*mDZ`7jfJrvuNk>$U^)ZIVv!
zm4dmbxjLhixd#g5l&_CN(VU+C>f=Ff<{6pXE;hbm(J>5T=fThN089+w4&DoBG`u^o
zQ}~0&99$i7XnsFAKHQ*1<Sj;VA+;%Dl;eFHhBwc(ka-Oihryfkq~OSGc(r&y9}V*l
zD6V77o6_nIOtoU@&2%1Ar7_(azYcV1`zb641Wb1Zx;|29RWpGb_|fKdyUJMP_AYdb
zAr={x&qf}(Ai{iS5c6F=x0B$x8+EHzVqxl(qsbJiv4AwTFC#@QA7x2#1=m+n2jk3?
z<Uzvq!ac7zG08*LWm5_%?eUgANc+4~0z)$#^5XCK*EV%LOQK*V-0_`F^Ynm!n|KGV
zp7qc)PhYe6NnT3UU1frhzS-L~G>!5V950YBWFA+uR^K!EK4`MWbKmr7eT$OQw~7@7
z(4c&7XF;rZ2<r>T7w`|yHSkUOT$=#0+9r&nWFd|u?e^f(ZVxpF8o^u~pO}2vu#69c
zNGv2a^zPxp@MRRz0-`XZ$4Mu{Ve*CSofM5DtQ|@)#RY=6xr#D913hT!&N=G6E_9LN
z&=#0ME`xEdNy7ZQUmzn?<B}Ismgt<LV#OZrlUj^6s~6~xQD(S{ME|S!2YOV!X=0SJ
zNa@+Rrx5xl{W+A9>w#oAlpItg^1N2t$MW;ZxX6ktDc1Ezia`BU>6%7iKZo&PT>BqH
zKejW(m41nAcrDtPgISNg2z<#-W!w*B>dve~D`o}-Tq+y-^$~!b31%Jodm(e1Uh@vF
zaLk>QQ~9kI_|x^>VH%2O0akij^&SzSqZgQCa^WmYr3Lq0n}0#;^~{`9t4Isbg4E_?
zeAW}81c=>_J==!Qy7FhX1$}w4;s4x08Ls!h+cixDmVLYPpj;tzggIokn0g6;H)zi{
zy3x0~pe3gE_l3@q$Vu~HJ<&h5MdTPO`3}LeblfTbIG)F;NO=X0zlMtJ$?^`}g}m~g
zP2}o~v?oDIkhf`!U(ib>gz7~#10k|1R3A+ORiq5>KnY`%-k0gTyieSIF|4NQ!hl-+
zrcI?CZy#<IC+|i4V-_8wv(0thL(JO6j2=b5C@ki(`(J3xnC_}yRChI!>#n%Itkzj!
zYc6mPY&Wn>XvTJi-X#^0PKk#4&ze{rngf&8z*SY7@<?nSo*6i?43}?XHnC@iU~FIv
zz64@v5_@pZXrPxFKrgeKa(bD8tl9NPBlNN`LN7C7=w%_Nm#ibEui#=FBV|oIU67!8
zGvnx#_iDIjm0!BSQJE7@=R6ZI&@q^mwL<eLIleb+AX-rs-PN2bwdFTmMwBv@!Uf`#
zPXJO?a-?D<5of@#%r7Z}#M5Bvs|#)wcs`q`7%KWPUbZ}Yu;|BjN)CMH4)k>dnow?O
z7^2h_oNZPPIWfJ~Fe_&CbfH=bewkr#UBoE8Hg7*)$c?ff3AgwGC1J7R4szs(Or*^V
z?~J2>>umI|uxiq?vW+*#T43k_Rk1_h-<jD0{_#Mewg4E6yx$+QFQ>1y>^t0|2z2o&
zdZWnu1_<b8fyNp|`NGtVN*FX})_M%_DBaZqZ@YGI2RD}=$dDB{<Ad=E6#YL7@h<UN
zFkI@ywZJ8LU^T<nXbvbyPrt*2Ky{%kq6BRM`gbkiojMkCn4mt(;zT`BR;TB1O}{8l
zTnF%7WdgCGKRjK;pU%CGB#AC~y?HypsJFqWu$mcgI6RVk2)k`}h=!DmHM_mH;mk`7
zH3nX0^zh=nNDm96^l%hY4BdbdJAl0-Iki`Jhv{I24B%JSnE4ick(Dc`PeUK8sgIt~
zKCUwo&n)h%o}oy+fOvL|3vIe1tTpI{4GL+@!FS)=cxY1v4{d6$oV*^s@}l=$tB7W6
zeh$noRn5c)0K92A%zb2{GI<@BHI#D--Gs`i<}6g^wj(;)YE}00*SnhQ_(hUFZB)OP
zTnK}0_P;ewAhZP}x9$&z9Uqwhg)C0_AgMC7Gw2F5(Xl)!ybcFY46$Mv`z=lMW6bpG
zsrSs91(ajfUH9I@Ih-t@t*d9<GjldPo_*gW{@A~kMB7Od10zedEXs7}DXo5?qA4q?
zdA*c%nN*j;tR>LjtMpFCgs~f$7ZMQ|vBHblP#xK!893TKWuAMGLKUSfIyG%FkSLhO
ze{gp9O`S2FldhQ_V$tB_&az6uztQ0f23{r-d%8eA<C6F4K@eKeN)Q%h-!siSRjjy-
zm9a<(1Mt$=7s`syh}Uc%sljRZdTl%UV*c~INE77?VqfG(mQN)c9{HJV+}6*8n050y
zC5|iE>KVsyG#n0%Vr6FRPZtXLnMasc<^$ir3p~4+&McCq`sYLJ2DDzv4JcL&Cyyh3
z3yS{RusliJO^5&pjbbvn6c||)Sq>J6QHK6Zb9=0c?PkSial3gkC3ZJGx5G}V<DtKd
zz{u=Kf0)rg`Qr#6Y3;CnHrlVOl#BIY?6+rpzqgv=`t6DRUdwJEaalVpU%BoUGAoCF
z#sEoRU$kZ?E+lI988-V?*KA9|W=~-=G#|z?2G^}`gfU2?#my>{<g4sJzcSoF=-J9Z
z<UH&6lprCS<JOmo>r2*VG$7%Ol5j>>;VU2-*Bq>;pB?zmHvDG`_^CEAl;kigOOG(j
zEH}r*V@s4l=zL&!KMeON?B_dUTG$rFmSEQBPiic|z8yf}ipWuzEiZM<=i>#QDJXJ_
zr+M4D<Zt4rh^HqUo|PYR2@xj|*nxLNI6SnUQ$7<@A`bJ^4C>g2;H%;OQ6+SM%coKx
zUqk&sf##CnWu{W%{5nTDzy3}_cu5|M_+IPu+wcsk*Gs|qI$LQ-nXncw*s-*m(5X|N
z%C}O>3Sg!fyFe*P#`nP#;9@Vx*4xW=7-V8wE#@`kJf0231lRWoWMbQ2$iyhonJ`5L
z^YgnFWz66^-*L&K?SNkByyv?BX+W00A<6roglZFvZ_3RjkJ@t`5P<nYjHYCOxXMz#
z;q&rySIlWo)xfyEJZFdJs`6aRol@{7llLU-)~_FNOG2F@evgpPM+_Ym$R|c{lzJCn
z$L{4CcC7t6(j*m{M3LA^8CsA@(&6w8hXIE%Q$J@W+r+iF>aZp!GADRtWGAY{UcnM0
z&qWWIqss~f<)_ZTt$boamF9aFS!%cCb}WE(G3v!f33D-C>3eoMeutkfxdw0#n?IP!
zGQrWflYzkU=eM%w{I8Lz4f}h-`PoJXBZVD|<RRm<gOLVsH>0Cxir2g-2X7z1&S0At
z-_xQYeA~FwxA6er4Noa;VY(St^$`rWz>oX?i(B9?<RFIMQ?Td*X?;KrdNY9>l)JhS
zau?f&=K&@M0o7~ZgkXM<_!H7?@BfPvQa;jRk^-~%0eOS^n>$fC-?ta{n;GB?^m6zv
zCVAUyN2DXNV}x<p%C7bldl1Y@euh*Ge|(8oE_4nvhR;3CF_Uk+>=V_<n3WknB8unQ
zaS+kpn~)6|2rT=M@&rTME9zMr(vJdz6l$vTGNp`SFt1zo)rTY0dfx#?t#>BH<@b^#
z`3pTEPFpuV4&TzeS5Un4={3Z<wOUWC+k?sJy9oiWdPhURq%RX7poV%MU(tv3Y#jCK
zl*xM$^)R$PN`xI66?Skk%<!&n6z_&}yc^5W&aX$idjMsQc=JO4BD9;Y$GVzTxZ`6v
z(iH&CO^ru6`W{g(A26<Ak~}XC;eJt8?PdsfrHjSVC&oCpJ&q`2w%LgD_1|dX3p11@
znL3>7>cFV+2+qCLKZ<jAS~<?yo+6xExD|0OUqiWO4o+kn#JKwJHH^Ce7>AY2m<Wk%
zQ)duAL)YuD>n@I6XZPr^Yu@(^yF5aizwDx8n@Ps<*vWkpfHtEE!?SshGO4$W$1dT8
z-^AO_C4U*=*nu%8hJ7>L_^aMxz@9<%-nNi*$TS3-jcTU?48Zu-DQ{ASwnM3ZkRy;r
zVm(Z@%oUttR@8nd^$)j#d`;y`&>e&ao5zICM@x3z@+d!iK$oe{;Wqe$NeV1^EOgyn
zS<br7hIcDj*BRLL%UtHSa$UiluNRZ9z!o*KpHyD^ifIZyOD0ulcl;2Qi|?6GCkiC8
zIpz<hGNE~i^r0^#Gxnk=P-@l=8s$em|7}CME;wKg5WMZoLDqRX-al+eBLA@LIRCKH
z4`XS1bbdNdF|_M|P>^+N4KS@0?`BfLTq;k9rDj+ix`J;RZ&qsL&0wkluWq7u$8cvk
zPWh0LJHw`GhLJlvq^$qIz@33S?3C}}lmNeo6muy6R(oo;!L{gHISF1@@YgY~hNSRC
ze8hA#{{-?@hw35k)r^}FD=;kwoX5~B$SWE0F%-K46N&cBB6d)x@%xHt{D|(XwPWa2
zZG|0`V#&m~{et7+QzdIBBS2T{2v7yR`YRfw*;M&7{kMjRn?l_YqK$+^IxnKAE7mbr
z#meX3VZxb0OA>MwWI|DCUSXEr0ApcZxDMk;exy2RWRX$!-9XZAf9%a64<7>^v`PX=
z!3!j9E#W-i$jys^B`dmu3@^<cHN%Tc*vy3SzZG_Yq|s>7>R;XRA&0D>aAZ}~JTe84
zY|!z0qxSJKu6?{r?HciaX;2G!cuzR2olrQn54ISCx{(W8*g35L!AZ^2wA|@oB1!5<
zXn6nYj8;)x)bWk%#T863Y6)t5?l<s4O-6lGe41_1|4afko%cF?Qf5$pojFH3rus1n
zqL@PTuy^!fFQejV?Kzf(oAA|pWv&o<^PEwowea!C`?2_b9@A(oAJe!-Ybe))S(T3X
zRX=o(=>P)c6<FzD2;Lx{>|p%!yYLfUw8j@#MQTp<*o~lx<|o~a-K}NwnEEDHi7J!2
zGF8|N<<>WuChz3gp+XFQQ-E=xo2XFpx2zf@In>R=^Hj4250UcLHyE{=V&_-WZ@U=F
zZPv-6O}wq+6-J)hV6U(KrxviIBv+%c8nG>}ab0(Y4$Cr>c|h>U7Odx*l*Ja72VSRY
z!*a7{n|S-Lp5eWF3ZKb+lSp;d8JJlCok}bEpsE8nTXIWSls)I3yB-iL(oJz!n-%6h
z`tiaDo&sX`tzn4$Iy=G2A8%x8uWOb5y>fYo9r}g%!<canlddE*=?0oQ14s|YunTC#
z9tL23`^|ioY04=nQAR{l{u&G~Z-Rq+8MNv4S_G_bS25j%v9#>ds3o<=C%Y3X=CX`d
z$3|1p**}x?MQ2Z9j?O@HJAn%Qc=4_>s|$RG0NZ|%<lokyEk${LCyQgYa+K)4gK;Z1
z14>xqH$tqK!1RG>uj)v^ua%4lSu_ph?*h|MqM9^1G@8AYt8r)mT(8ej0?e#arnY67
zxoh*RxS5gc*MpK+;FguKf^1XzYB_ZNdQ(z&vq@QXd7oGrV_G?vKTW-Fid%V#x4DK`
zpRygj;uYO$FMMuTEm^76ZkiCk|AJA7M|%J)IaICFpM4VF<`!)85<FL?wg5RIIMtjV
zxYvwI3Ax61lt~U|d8_E$tvN!^Z=Q2bthgKXlp7@GpzOUhILaiYZ+6M~f?BL}p`L*8
z&ksyDV?xGASAY|SzUJAfGl!wGv07&-c6Cf}w25l0Yy$Be<AEmo1w9Om+PDYf*EeSe
ztnXHM9^28B#yaXA-%&5@$P#DwEjf=&`cY+B8=%Lxp2tLOTHbct>6*N&1XhgEH~7O*
zjJP|_1dGD*XkEr02W9N}fm=a(D?_j|tR$r|Siun{5WWE^yDQ_~5Hy_;%3EgO^16ri
z*2lE{h1y>G2Fr`d+5+&Y@t<7P^4J&bs;J;U=kcGOFCs#SRk_8ME2z!XCaR<kV|q$}
z#o@2Dpxf`hW-`k5KZZu_B3*3k{>V^P^Vjdw>ssZCXxACa3;g9%@G>qQP-4YP;9990
zW=TSMIO~U{+6{kdEh>B06MMF*YcIi3USheZsb8$9ewn!Sf6ojZN$D9iL%)$g{j%=$
zM$|8{eR%F~%nYsf+0ley$^iRDZ2}u~tj|ti3>&IfLwx*mMD3;12VcH=#$A&h=xbi{
zKtvfl0jSU4U(_js7ks8&!vB@Q`Se$bE@4x8AEAJ4AP-aq%43c7FK0yuQFSW%U&03{
zr;})G>c$kPtId7Lp(ZJ+e*KJJvj6BrQPw=4i7i)ir*^DOrmoO^Wpa6TFYleotoUC3
z&U-0_Uh*@KtYLR)Ehcq%w^&fBI>D*v8Z%$V+6YUV_2L538o1VI<^e6xI^Taptmqu3
zR1ChsFONWy&@RgFwbe8NIWehS7uK+t+itC3<TYBWTUoZxWYK?@mLY`m0wv2BFJLiR
z&7WJ(cmdJhhuNIly`bCU6)<Ax3QiuT*6PT>i7(h$Req10bF(t&DlPl{4*q%zye>(g
ze`Wr2PPy78e?zAlRad8#6|Y{0b6q#TP*~rZL0GA|tcyV9i8@gQqgqt#&ct@|9!Fq$
z3aitjoY>WahQ^xI@~?80aw8mgd4fIHci!Z^jZ!^u7Gv6c#$t5mnjJmoIemubKF(%L
zpGKT#dzj8^E4caz)i=swAkv{LQ-RXBoAe=@;*nQqHf$!q-q~}nWy<N)6&nOfB}|?W
zHYS+Km{@PeCg#BlOy2N_>|Mxc5qc%(iTQJ)<Y=nS9=J&0_CUt|%A=VSzKBWTAhKiy
zXH)cia2|`EFJ65O+v_!#H9_fhAh}pQ4R6;E;z)4$ty*c?=Wk+#1@olfTs<v2iF`-k
zW+u#!v=K)tm&VXCN{To`BWRuoe=hl|5^4CNzBNSG()4s~$A<rcuIYSh@&nUsMCN%e
zPSP13R_@-&3MyJ%QE)pncsmTRP7pnJi<LrCr!28yMAt$+T=xDC)vn?sz7Qz<bQ^`H
z_I!jaqpZ4Gol-Rh%T}S53g~1rR9qz>lt!E3w$0%%`LSGUV*co6wVjc^kVj#2a{7y6
zG818dVznU0oL-_og)%H8Bd-3DADE3=`v_oM)d}r$u{t19R&~^cSu$l6*8w?YkKd;D
zG%A43D(hZ0D1b_qJLUNdI2gm7Yj?>9c-631Zx&b{SF%M}nI=_Sb`?^^wz~Kr&Wxpm
zjW$*^L%duIr&8sW1vIJf8qIAp^Z-H0gKx%V08i=342;Y6ol9DfsgBXQ9nO6zXXv)U
zrVPi9QN#n-zy}MjiEm=B)tJNR79hdll=uEyZxvXD7TT9D1nw|}DXA5667%Ne#36vh
z;iD?XtJn$<W$`Rc=K^74UcGsdlVsMPq$QvKR~$kfcTqEtMw9oZ^6cvYO>(`Xm2sv%
z8p3^OQis9<(LFp$A4@(2zF<F<=+vaJl4O#?5Xz6=4ZnwGC1a2gc8KK|F-OW7v$$k0
zCB|-X&4WO=CZ#NrOq;_8fu7x7Rw#s8@}$`|^8HX8fVUO<#fm3L2+ZpE5HwM-nCPl%
zDZE))FR=g0rSzJ}IaH>6Orcd7_+h<C>yJDpPHrHB%5|7BLmpQ2DZ<5(KFkuzkBm!x
zGFvw2@@~P>H+l>CZHbBLw<tLuGs*sb=>8Nzx?;a4O}r&FV@4rmuNqcN4$YzCk?~10
z@*wqV&>O&(w7GY-vHKMtu<kKX1y?biEq_P)IPT0Ur=l89thkrGSTKV-(ke6fi(>X-
z{hUIwdH_qZ>U}`)7ua$#mKQV6B!XA&b4(RaWiDv0<SetPikWOXtYGahz1zt#q-dNS
zY7?&j!G)ah7#EVswxT<6S?FZptIdx1hTmt>>|9&h_7Xy$^5M<O{>yWzidoj^==4v&
z$Ig64Lb+`gCN0BaACbd42QVizffwbqt!Mr%m7Ji!-b<gF`QEE;GUT(_WkhDTM>}0g
zPnezB0k%2y?rDXBYR2CtPBZK?n|GJXbA^WHh_2%L`R&<&dDKi^H28hsA4mR%#nC<K
zzM5gc3J^R$H0e*7e?>&FPozIyxPemKH0V4WAY~5wy#uCFJMeQRDtGVK3}E%_@7n<U
z*G<#Bwr@t3;=4@ppdRVfkZsqqz>0K(M@f-}!?EGJtl?OX*6`tHwXL;{pv*rzrV{V+
zlGbANK$z{C(fIK^`nb*K+N<@*)+ohAeFb$b>*IS@Um^5A5p4Mi|9mp?=X(6phfGqG
zVSN;tXRkU#oksHSS}y;>Pj!OYQ!U27X7i`h_|Fo2djsVwTT2c*oz#p-m&MASO2+wq
zeS}H41J>#+cx&LL&d=JWyiv&zu~>PDfA=hYM^9S7gd3{oN%^Y2)|lt>dPaZBW6b1b
zA*6B3hm?;v)%cM$xV-LWLF517C_cmAeoIQaVWmJN9>@ExAn?vXc!cf+X&{qf9H_%L
zAH(FjQf2dgb`a4r9Bc8o<Y$J}Hp{U#%%uEmkYUZ3*Ca>|xPg3OrD;UaX~WRCP3}O3
z!?(a@^6qj4hgmW41YKqu((0-(JaoGhNTQ&)k90wC4j}Hzdji=fUT_5#Wbo%V`~w89
z=h*WK6pa?D_rmhVEsF{;p?ipTy59EZ&4SuKY6JWg*8Pw7Y2AJ^aTCn4cdbeDpWz-X
ztDBI8V-xPoV4xi8XRDzP8`clvuv*rE^uUYJn1Z0&CNu`Rd{ZLOwdMJ}4Dg#jy&>4`
zX&iQ+>R^`&cc<bB4?-Bdtb<+BivYU`?D<j#yHwrEwACzIp+T(9n9?isay7XazC1-!
z!AyTEnjthoT&PP|aNI;zRVJ)<G{$??x+hhl5bs8G`Gl%7B{}LUO$9+`M%XPnHxvW_
za%J|gcb7w!?2dBDf*DFm)s4L8XVCbob>2BvUtsJXjU$Qszl!yL751ORSFctX?Hk3h
zv67UHS05=U1@E+?IOmc#!WO2jG{FErv6RP?rrXfP#^tK|IT@o$J$9?wbU6l6yK;_u
z`nUoqJyC3OQSkF=)K`^{4u_F#+b>leOqP;KxS|Yk&$a=QwTWpegHMoMJg|teRcXVL
zZ#;~B*gffu=NKA#3iTsfBK0gA9$#o^{C2wW0}d<61RHQv(YZ^S<gk&bzKpo0lnn@|
zJU5AAk(gr&HF5{9`Dg!IQP+dvmM+r|a0Zqm_bWkfW@*qEU_>iil=mNyx=8RSxGITf
zub+YWh%O*^E4R+&o_>^N?}`AbM#@^?t5He(ReAQE9{XxW48v#|Y@>dAi=ebj&yB7B
ziOMR`YGt|90<#sDufEmH9<D|8CSVgp-}iJFPNO_GdRvwddQ33JqeAoane8!2U{zH!
zw<$Ct;Ou|KovBEt52;hdj`%)hX8S<fA@KadkYMvaiAAkCDD65ZrEgdBq}mM#4a_v@
zaLXs99U*a5Zc8{m;UVHGXa8{3p=4>-FI9(=<sI;exT>X;zFA5?6U|S-gI6hj+if}}
z$=liQlKeYvUC+sIX8o0(0a0L}447)p6+&1hMyjo)IC=S$vg6AvbV62F8})D0&CjD4
zYP60;jSH9YLN0-FRt4E@FOnVZa+jqXbsgD2FV2Ffp#10YOyJDX1FQ&HD(^tXDN-Lx
zTl5kl3bKf$=`d56KQaKdW38jwvCBEfqOLP4;XmM-^EAa=KZyAiViZSrib)LO;!(09
z87m*7T=c0CDdV8p4EHO%sUYV!&(NXexxIz5lOqEu$7ohLzk7}}niR1HJ;oltI4F`7
z@#6+VOuuVIN!*L|(Wz$jO7#l0oi4E8m5=I)Ie7Scown^Ov!-qH@z>+wbwm6@cgkW3
z{K9D#gfMPyGzj5uZvt;v^`5C>i|C)5i~^x9@}TMh#T+bolFoFSw<e)<*8EY)v?F|o
z`{w&+C*d7fSmg56N}BI4a~=P572Ol2zcKac*~j8s#!JXNhHCP_hzv3pK8oVvi0qI*
zxq+|(3|)`c)rtP!O+t+S@qHisSHAbJrU-i9`&B6o`rf~ZEopMoX5BYkqKTNLtZB30
zF-~Q2+*A&{|6fhznPkIM-bhX~6_i~=FCv(xPrC<g=Bx5jd?!k90zV<;55BvcxVm?>
z@Fv<Aye{RC(&1y;nvy4(U-BIROiOo_9qU8$?QzTJ<WK={kV);B9y7W}t&-RtHBU+q
zf8xClkOBCZ+KkAU%>Mrojkxhkj2{Rq#~zJChAVc&BEv2d8)zG{W~*o3gPxK1OqO!Y
zV#P3Wte$RlP`zS45W-R!!Uh`uKWu5fM>AQhC_q>nP+5N^Qta9c)Cj<i*d22I7)N;l
z^N+dO6<mPs$^!t~m40=^CpC4{<fCs)K`Rr36N?XUW7V2-=oa%SEpm4UBdk14Vfwza
zsO{_QJCqE+Eo{%rUuH(MeR8#O0Oq{(yO<1-Milz{yO-+7DOS`72K?DAMDQo-(1|LI
z&{lzG!@>m0#^FQlEo3&w3YyFA4u`{u=G~R%9YRkOt?7UUnx6lVnp$;Dn>WyOJ8OCz
zgK3QZr6rFw<X?)*aRuj;5#kwkNVh$;G2{k>@ewGD^ZCrHPduMIHXo{G6JzK5HqeNj
zFO?477(S1B#PPAF7z8oS;M~Q;Gg$ut&0zn<_!->X*bI<damTSwP%6Qj>k3z3Aw`yZ
z?^3!xF0iQbB?onLjfOrAJBlh4xVdnuY1q4NvIPxHwiTOfuZxk0Wc3-8hI{;*3DKSS
z&nx)PR{Uo=|7n7s>Sd}$ZK*a_o3bKf$KTdT(lg#?;&SP?LxqI)rSAy;iD!&D#g?)F
z-qbsfj1^c2YSbyVsrM>rO_ZQp^aOpo=UNOrEoYKtDGt2wA87uhaP045G%E6Ac660h
zdLGMUexg!Pnus1G*@4nhY0@U*iVaG#3Ohyg2PXsYrr1*=`9-l16L&DRDKEaoPJc$s
z=_lV(y|#X4jJAG&6PU^9$(N`2ZR+(dgSP&pBFe^N1^iFG?A5uGBKtNlh!!M2cPFLP
zyfduGuTCdVZr`Tt1Rj;lxfY$dOVKZx@t&s%kV<G}L_0kyqMa^Hn3oOhJlGLeP&1Hm
zi<1Ylw*SJd8mE+5Z(fpBBR1~n#>8<){bS>fjw~@6HZ=S*1|Ycu*E!H@#)%=&UNiTf
zGo#ybJ{5eQAv-JpHVYP&p*$bSqF+g7UO~l7KC9)WCg4yOD?gZcAptTd2X7;T@|nMf
z!%kQ#<rVuZlqonCUBpksihm_*j;5Zr+&8_g+TD<EjVTLT8*M4SC}ZBCj1AhsNb)un
zKM@9drVE0nL=WcXZ(I_XXVQK2FXMewN$@%u??@c_2#?N5B~#E3^*<~Bi=jR=Mo?Cp
z8W>8q#$>Sqsa@zxQau|_#-D!UcK3?zw^#4aOg{Dn!19cZ$+jprfp_zmC$r)CuoS+=
zQsv;=kytEl|5{+BYT}o$U$4Qp`SNd$a815E-Ig!Uu_L{2!VFb9r`G%RI_SUf&$SsW
zTtnVAV1!BZf7k@ASUpAmcW7N4@=K=X5nme0KTpEiw>=tnU7b$Jtd1%rCqP0Y<{}2}
z^D7K+H$q##cit<+Pt1!>PK^}lC_@gIf~4tC*^}5=iX1H6p;}s>sXJ8Jx6q+_^*JUl
z(xECjiifJ69je2o$f0VfnJF=<Ty3sd9A?+Y8Yh2Il7Vs)>)=?A{V111m+GgeKD(n(
zP}8ua;T@VDt=n@EL};2Qq$Ji%{Q8@0ycq_k=7lD~U~y>4&2P(GXZ4dEbe4T=-0d;Y
zWyl7v%CpCd{w*m?Ga~VPmzeC-(;|>()50dyX5?A<822X!GM`zeoY>QiCXg)!Oe;;u
z?&L{9=k_$f`zlgoj<T2v0t?7}s(m!i&A(tUrS%eW^l-_;tlTs@2CW=e5AgZdm=Kk5
zX+qRHMxs+CBod+!BSIh3+_R+H`G$14UE7dno@pRTa&gQ~v;AlXL^1RL^Niiuwecfx
z8_!2zR_;0uhhSs^=CW*2Bdi@`62|Dg9h5n*UUIOPKIAq|Hb7?C$R)sRel2f^_a+}I
zJYPIp$naUkbU9BnB&{3<80B>+m;aQ>Do|)q1*fC{<C!pv;kWzAHrUJXWd;x%?{&)F
z!*Fu8054{l!+5b`<i-AY3VAUWjpeapB$nC<+C2HexQL-c`TZ$$bYgA1-#2`oZh1Wt
zONiXA(;l_dB_NDFUgu64KCVB^a|iovLcT?{EO)UmGE{5rXwgkzhakLxv4oSPQq<4M
z_$+7Z{ISu)G6I#;?3~yfKDQmi)=+x{BIv(eSiz1M_vXrRA088U1FSXYu~j;L%A{|*
z386dx42N^v_7o}bHshOusBh#E5NN45N-XEwEVgRWx1=@>Z&FD(Eeg0wVY(^d4e&H2
zXR8?el)hT<t7f&RQ$<&}Mw+ylnJc!<-;8^ReX&%Cox&{1VJnbwh-9=1jIiZ|JX=*U
za^D<Eh6k&qz+4NjGB9ER9RF`0=KLiK`{EW5=xq~#9`y!Cc6P&nFRKe9Uv&KD*8rvz
zgmSi=@&sRK=$0_Eu$3wW-*h7sE#-!?F{R8SZbl^XgmP0Yepd5{>-Zn?h)ebA*#4zY
z!trkMpJ<|`QRkU=T;a?0;ZRUuK5Ii>W@5}heE14ItX8|K52|hOshz*Q3g1?+w+#7K
zyvFU)%JSE=X+N{88zJz5&CH;9^d%6DI;%Fdi#ihj-u)8mZ5#htgYPp*d8iKHJ(ns)
zyqE0F5e=eEx$ZS4M0MG$Q!BQOj69``+x?X!-tb)QP$5D7C*QHWh<C0#(9MA!-cA;4
z*4;()?a+lmf`dpl94Hqndx#z_Xt(6)d6wN&80U#<_KF6bk7qFKN1ItX55+UfdHNb-
z1tQV^9&vpqB;UroXjY>Y2Qsz9yGdfj62!qXsoa;8#iz?13I%28kwN4vah${tT@ZKs
ze_W~`nOJdolHu;@k`%dnZsA0Bi4DckP`jka=*@8SO+T^Gm$ECVIq)RvRKqm>_Tr^a
z<ACuB{7pzOjdYyGVK!XxI810#$L_ur%K+P7j!kIN`o9?dGb1nlg{dJZV9sQ?GGFT0
z_?6isa%J{93Rh-(x-tzedBYw~=#mF_R666*fp;j(a0PEk#HIJccX3=gb0K1R6$T7I
zU$vTsGk`ppFvE%PKLE*b7vpC8+(Qk`w(0-IY~Sef7qhKSn6KofmtnRmFT~CE*Ruc9
z*`DwF7qe}XaJH|#1hYNI>2U1|Mg~8JpK43>di?#v6%_l{DMI7=yrj|DrL!1&V5=S~
z==?Gs<d4&<6Z<byJU^+FEKI|f`f7)p1s3iVRVk%<+qmR!){t)AqUq+hd%6J;E1JfL
z7{xsIeT?gpj9&2+VEw1;w)ZQ5MI6|h86id%)TU5T?xoMOvuOKk&(;L&Ui1u_IJ;-q
z?(?%7+HMmm6$_9x@p2FO=aN|}043|x^_bu!&<pc7wAEti?>s$-JoMYaGE^*v_{Pl|
zhutrL1cqE=E$AAH>*<bykEnKm`DuSL{>!4<dW-VLi|8$tB>LBJcXx~C?tUNhg0V)O
zKF%s{En}`OTQE2+h<k;aIQ%Vx62qxO;_ShZ;pE?y+!qZ|s$cB98I5P-pwqmMv2?qC
zV13k;<UulCM`8-iV#SN3(mC4%4d52hzZXx8c@3JeGItovSf6Xx4zsuZ^V!5(OnSdL
z5$y*jxZRBeH#-r*B|QtzrmSBtT(u8+@0&?iEzQz%wM2Hd>C^6-g4ZwI#xw4@%R^1P
zS1_qL>n4(#r^=)xP_p)9Qna6q=3mDwGViTm4)1wr|AC8F`F%#FP@6Xf!3k~q$&!1K
zWGN@0J!UT_AUC&DvC0}^>D=;3rondsV$Mv71|I+GC8mP5af)$;ChCrc-3Vn<`5mMG
zFg^=)jK4XWdm2LbB#!P$AU~jo0~L$(TCo@<G2=588`5z(-^R*F@@cb$a6NkcHYR|?
z<N3mC)E0k%=T$41oZ+7bS4e34`KVgm512UVe%Q}<&XdjS-l9TG+(-v&{}O2Y&-2l=
z5)*g|s#l(7L~;fE#5%*Z%JQdmnd~e|s}+plOJARm{uR09FPs?c%S&*&<cmnmQrz-Z
zr9>cC(0<5_JK$7}ag@95%&KMs`haZCq2a*h9N0IAN1TH=WTHkG)5eOd;cm+cO9!V*
z^B;OBNr;^fQR58CqLRm%#=b1op6hcBcilPJo@)%a>v0;e-IJAB89IhGTW0rr<nlrR
zEBfZZB;E31m}hHvx~)j7zq@ELDz6S}hH@Hpu%Sn9FU^F=yZUXfzN@s+T37v9SFw3h
z-~HQv6R>u7l(s(<ui;1`f^tKItM<&)Gu~~cYnf<*ZC2kKaUDOcyx<Rq*AcCtii0tl
zi32kl(M-gS=zScwz+v2i8+5a1v25CSin6sBpeXw9MTObnotZ-DLHKPQ9i?6Hr`mKK
zv**F@@^zZT-azJ`*dVl-KvJnhX+}ggz(WvtQWxRW@>zBSntV1?D2c6Szvvjs!v*q}
zP5|5lRDO|#9i>U;VF5^8771nZZL+%Mw<!k-{v>a$z-ZcTpljQd>L(amldV<Gna&k%
zjrsdeL>_?r{Yf9H2}I8>;}(@@1)W%be|-s^iCSU`@+H8OCuZHg#j93lkZRQrZ8MLT
z&x19Jeg`>!47a=?z%SnZuHYSr_IVb%-j&n4nKbh*6EBVqWseW?#|XB_$66|=tjC<%
z>9G1R_2BR^jNvG3l|)n!uhI~zzm(0}GX>o#G<kcLXXkpmA^1%QlQOilWHTeM(yTc-
zwEG=^Ng)is!1CO|tdHguaW7@UsA~>^U||bK$Nd!N=4dwD;*hn8R-jq|rh=tJJxoJM
zM<%@m5x@J~XcI*>oP;cqD^Q>-A?1aed$;3LUdAfl&dW>%Z!@{5xa_UYoDE{d|BxmH
zZg8}R@X}KGRB^4=8Dy6Gm7GU0_)7VuRHpis_<h))EBgDZBdFt9>Ad5`=?OX}kCKPe
zjmCg%-QmervQXQ$KZK?#eQm34Qz#DE%3_PXKn-pOVz8|?WoZ+(cbEizVfRS-lBZHM
zKl&p_uTQWJYr1hA4Mdk3=l1;Hkd?eTkW6`ggT!ylGAnl<8zcmVTABCYP|`g}M%RkG
z#}gWu^oa^t3Bf*5N}Eq51Y^vFxan|&ZpU-%y@4rz^h(sd%0C}4*fj`DQKMn>>%YiY
zI59pw7M=e<g7a_ti}N3o9Lr1m@tu@p;9l4qSD-(|-2OovEaT^wse`ES{P3?xrDDuj
z$Z8iiP~Ty&xT>EexL|u;dAR9JHLtw>PS4MI<uxzCZ|!I9$9T)hnn#M_3J^!F@7;Gc
zY36tqf7@eg-YOIEziNA|f06Tbp7>;qJD4)i6|R)RwJyLCPdlf$%9$N@lviRwiS#*p
z%jad+-|5|nOZ8v|jDJRl+xKWh*B?!qcn3y2<Y@$H$$|v-nf8g&{+pF%PtZwuJHmU$
zHu!ZpqU#M&HTQ$%*@L}Plv7`1#(0mt9JqAXpSz7Bz)VvD*B_*Gp%N2@VZrk5x=~x+
z%K7Xn%F`PTJ(@07|F8!>TpIh3LQL>(G?uyD+yd1)j;LBE5Az?;!-D8Tx5lR~Wd5E{
z#x*c1gC6GDZ?ct6-vG^iARL>FVOpetfDP`9YtSXEsgr)(1r1t<qd_nenHjTX3(9U%
znWE2bvNk0y?cLY+HfkDS*+|JAQVNIrIQN)He7IR2v&i{2MbG!|$|p-A=ewbNi&7-t
zBI}5bIG~yD#$+A}O|8%(8pPCSXxda39^!`3U{;@j8aAw$%c!CaPx|d!K(3RgOGqs8
zxUprlmiDeloeW?09;|&iajupg&(p+VFq^4dhcnTj!#Nm4xh5up$=GCF5I=m|enQYY
ztf4<f6BeiT1bptO8{R5KtT5w^?ORyfRP<jYQ|L#GLDSMADn(1-JYi5R6FHRak0TfU
zd%$C#pd5LWowXTojq&C?9wp(b>1*h@_`A~QZst%J=!=f%KJ;Y<wsBE4IUO;tX3_sn
z64N229=tvp;%O$zrL+n#AY`x$4huZa08H3JB@#CvD%8s&ymQAEc-$?INQrcot-SFV
zS7f>6-vH_lKd$MuilQ%$vJ~I{c=Uf~$o^W-$}t0R7FP)=|IGb)PJ1-e0_}1GQ{R6O
z;R9Or-hCuYPM@DlWF``ESAWzJIefquAP^0_0h+IsuMS*qVC_UdZee-$T+vVY&m&%S
zzabL*i1Gehy?1kfMTeH33y0Mn`rxREqsAG6qfTRd)Kl}x;AsEQ#5mfD^XC{<D8r26
z0FoI>r!*j!N9b{zKX22?NM&V!w^n+QH9K-{?k;06GAo+_>Y+1dF&j&iReE(&L#$FN
zQ=`I@;l;@Aro{WgD|JMdW}6#VlvmYhF7T;e17*Vs_r?a_{i!uLvJDz+`7=uThFy&Q
zPD%2c6CV>owi|=uxRUgk3~R$62yVoxRYv%kUSSCQRA*BCSNyG1?E>Th{<@aG@63O;
z$G2%{scNnE!XG0eD%#&cTxL9-UuM88Q{K9Rov2y=j@YZplxO(EJN~URVvXkCWGk=V
z&Wu=P%2eJk>)%6J{j#X~z#1500SdD80<42eBIn@OmB90yho7}W#vl=Ifp6p?79B#R
zzBgjDE{$suVCut&spx%OJ}_7G?<2^3;gWH^m?OL0Mj#!**(n9`e_X+FmI9<=VP%KF
zNEjyQ*LNQt#=8f+qO-sf#hO?ii1M7C-g&HR<@0Lvm^w`6Hp#caioMQds+ju$Y2O@G
zC}=pZ{NyEszX_nh!kSO{F`87xq&k}h6bh;ZemOjVyFzr%#`=PQ)sJ~8gp`MPVYx}@
zc*!jq8$Z>H+>ZJ~B7ITBJSeV8{r3Y?XssU;zkAIy@TWU)9i}A`tya`0yRg7yV4A|?
zQLyOHj`sjzOp2i{8wR;xEwJB|p$pNiwbC=hC4a*$X;r2|L7DsiaQ7zQQB+y~aCJ5s
z2vnmW4I(7cK*E}4O_LxAS*U_e2!ap?L=Z#-1cYvgf)MOPDce>?(ZLZNoY8StW>f@4
zNeCo>8;b}o!=^$t&5neyrT_Pwd#k#tx)XxVJkR%jJ~O22?(4bdo_o&kY()`Mn@rCl
zo23b!Z6^jRQs>WI<g@@mTc#8TV#~#w>|B7S8VT~wemHV1P)MM2^<5S?A@~OQr_bc%
zpUye(4h!ne8{tfq|5WV&J1oR2z8%K8(>junq+bu|SN-PT{7n$qwF1<FemdZQxR)R<
zgTx^o%Uf&}4|)uOlUeZ6w~TmuNlfAeS6E6NFCpN=IKK1@0;Mp~9J=JWU3oRAmB%in
zhg-rQ)DHo%O_+Yj_6c<{K`7->k?CTSMiz!a|B)`7<yaT|Fq+59z&-$k<%&M67NxJT
zs~0-X$@Q8)nR4&cN%o!IjOb4$xo5iUI~s3w_rjS3S)vTq`hh~QFEb0DOrJM<*4?uv
zJs{Y3@@wH_Ieo9tc&qCk5I|ZIL}Y!*nrRi%v=}RUCQ(g`3?|qG6wEVlsC7kaY*&H4
z7mspGHx7;|xijg7KT~m`g$?S{j5Mf9k>IW-yC`!sr=ak4o~u!2i3}@jln(!+gkdUa
zO$RiiEj`VE76Tnaq0Q!Ds1pq2?s7K)UqcHwk}UuN<$sS-oAZ|k36Y=4;E1O$(MgE|
z9x5XH`SmP=e>}7|+6}7Lq>24@<D1+!^5sH1dn1#^Ll?4`OTZ+j_Yv9P4M_AYhy!S`
zqkGc0ywV_F(w;Q?15=Lumq3=X9_a4hvL}sGT>4}$>uaX2Y{(i}dXY*JfT&9Q#NcMB
zBF}M@FZq^y=kjY^owzloOt^mjQe9zkCqh1_cbY5)w>Z<LonElon^99*w&aDt-&uW`
zzTCg1w^@*EOxOq$E^f-&(~q<#v$*mg8SMHK#@F9)cWZl@KQ{;na_Dc&DNU1|COKfy
zf7^cq2W0K=BGd1|p6L09x&i6FH;ukwf!QqKA(9wt3IIO|eCebZW(NmwbrbjW;HVV9
zw{agw-=B~b8;T}TN94gQL6qW=mu!-@iWvc4`V1)U{dgDb6O69R7-cFJk}RU9%8GXV
z%>HW(FwT`|{pTyP!g+??>P{dObE{V_-@#EpjD&AVbyc}k?&r<5klzCQmdclI%K+wH
z0>|jXEdq+n2*sagX_k%QxfY7pkfb6ufS_1jLJAC6yu)Ki&cbFHaWpAuT7TBG3D~sF
zVNIJrn>KBDAxE)7N_RukvTdwwaDtF8AxhUeG>;u_#pdxPU!ewSg_SiC&-0_Sjf9EC
zM%vKcYrnjAcMs*^F(X59R{KWE`<$m}BF8^984B2l2G1v$!Lvrb0{&?yig2+5|Fi?}
zHBBfaTdI&MWjWA4t<#$fKAKI`dywe63xx`*b6S$*3&CsBSdr(Yki)cRIZA9x*D^|M
zNDijweCZ1?B%Z~Ejon#@e<6Bvu@kLBDxMPX_V)3xQb-(W8ii52n}o<ej0OTx1)JlP
zuL}p~HYsYTfi|~MX){@#P}<Mq6#A?dXMy6pq2gAP;u_G?K6e*#a&{T*={xoH^l6Uy
zri{?VKf^M~A7||1A`&8B7^Su;9=cfPu`^DN5AT)(iuf>8#I`59gx<rn%Z4vKc@-gL
zVCnb|hwO0tlY^nh!&OQkRam9J-&MSSXyiK642O$%xEa>CvXQV}P30v5JW~$STqB;n
z9Qyq({zkut{zg|qzn{n7gH~OhL2fo3LpPgSm5k_IhyC6WhP-(vljZR8jho1YW>~17
z{(DG`U`C{MuS3oj?^kKaU3GjV{QMHACkBc)X?Ar0Afg@$@A&9+d^}E(MIckf_gO9=
zlq<tje6<xlZnaRZjrh`6N$h&yRQi~aO<_K{Kxa@kt+Q)!>tp-#cZL;Va^DNm!HM#>
zAKN({?!0FK<>`{H&C?AJ@pN~G@pRDsz!*6Hhf}5=CBV<!ulfKmcs$WFe_xHRi}`EB
z7N=D)7rOu2jvw%4D~8itwLf!3uoW^QS>>C<-9DH@lI_B1=JsLvH$C7WLUED10}65~
zv6hd&MLm_wwI+GyTEe;gN?*4MgIhf{E%?WeqJc=W^3EEJDsf|w{<kC$m$?yb3$(Ll
zD^Bg<?jW~c3*2nKzn;zKK2a`WPmrs*7_6e!Kkm_rNDj5^PJV>~xwa(FE1i{v*La#1
ze~R2%wti$sJ25k^=a~cGtcH@;kfrVKO~IZjx+>YX-v^krAl<L3f(HAkP`BTzZW^V(
z*C5eJimrV8Onyj(`lqSL?ZWf*w`VlH*!*=Grv=4&zpDcFga9+0rc<q(l`19{v~}=v
zcBQQ`(ALLbsp3HD2CqE~UK{z)hd6j0)t+$oVL}+TDY{|%_)B%zrgu_O@0w~Dwm*NU
z8Me_g)M0z*OP~lx<p;N=fj>puRElQgqGY8w4=K*Sjdr#@Z4%jrq^o~oU40kVBH`5M
z%2Xcl;K}|JSb%z}lUw{7DNo>er*F{wv4vbFNR&B5qr$>2$+Pc;qTGoj!5mU?<_6$B
zkO5%{@-czy5mgi_&)iJLF&C*|tCh)`W=$sT4UlPTC1^w6y`KW$w4{Lgk)^e9Oj@gd
zKkp4vuK-mz*_Ske^KaC6ZdwI!{b_{U4j|;VPrx4N#mH^Dt!WIf;NJ`A#o?_NvpB`b
z6YdvH=IQ(?dRa2hi{bRSP>Tm_LHc|tNtvL-Q-D4%PL<#Mx(9**pVEN=kDB}60|Rct
z(N{Zbp7#+3227pe=(Q!*jHpLj!dQmuzH9kn0t_J)#TS-tP=0wfC68@FKz}i|Ya#*1
z*c#IlXMX1qVK?%|WE-tlFU$xppkA0qgMZQ-^_n<mG6;VnsbNHX8?(x%6k(DU`a-_A
z#;z3;^fKQWNlb8nV-Sj9)h=&=Jm}km8q-<jd2?XVb|-hQM?&z4b%3?&9KZpMC{W-N
z1sGLfRs{G&;TprrTzXUNVE0VXQwbUfa=UHt5YTEKrRIWENj729R1{llfXCZ`#w)<i
z_Q+O8_lA4OetW4l1l;~C@@Q;4$<}(sMG`CyIS>kXVLN>~n{1~}Z1>&fq9ReN+}B07
zRri(DqF}{rjoM3V7Rj&7itO)Mx!<F|v&({SG2HJC6_AN&C*tJ}9!87^fV$}`#_3CP
zFO-|SuhVI*mDkUrYJv$7aB)Q`sMjt3m;RlzQhDceN>`1ltqe69)zSUuO`N{gtXU0K
zqFt=1@F^~WZl$)i$LYcGicO(Q!zQYluFVw?*cSd1Q6b&LLs163QxvppA_U7{iLdfH
zjm19=uTMc&fy#aeIbj7V`@1iwBJNY~+Vv{D?r~(HT4ABitL&j1;8pU}E#xSy%t=rb
zAnS#&)i=B8To5b!dA$A7b-5}}x?<?WbHl<(<Lm@7iN>C|2ZwrLVZGS;j@_t;e3q*5
zS><=OXu9z?ayVlDe1p1-E~K{hM!YbcV{Q|jV1&>GeJA-YV^!|EVX$&ZEeaesET*+v
z($taP#ZiR`koHd4PFs9aSTTuEOmK4#TEY?ew+eEO&klw*^GfB%cY^m0gs*Mly#wKE
zn*@>>E^T7?@IN^x#7r?vT17p21oI4Hg^s$d#i_~e8|6iB+i|8%IMW}P0(X*>uMgHJ
zsy}fTIodNp6Eaa*(hKgomc6RJQ5R-Ycv$_jmb-;ygg$}y{}VIndE;90C3Sn$>BBTG
zP^NGnQ4Fno<8=DO^fCMUKKuJR`HPpp*6L$X$wqn&Z1=3j2EZaWo2@+JO=bx$KNA68
z38|q4tpU_?OCG3-w+DxK*>1(D3*DXJ5$J}u;K(A}tI3^4M)SD@4g1}BJQ?FwK>u$G
z(f{$9E0{&qSww9}v1&7nU?6unQ)2n3ERDXK3UXzPIRSq91lj30<X)h;=R93bm*eAa
zDox=_9z^b2X>J0)mh;p+;%e-vS?InoxFx^`zjBFMyfbf{(_19N3HwiSi*cqEo#r1W
zEL#x8ocz-uHTKWd3NVZ0A(b(yoZkgXoy|zigva)G4uXnyw&8q9rH*UJuuABV{joCK
zV%fGNoxCF@+q({3-yt*4F2xr4!D-Zj8>BNKik?q(=I85m=CzRD>5QI_p^)E;9!m)H
z1zMsZS4VQ7=VKVP%GcllWJ<FrzI8eRW+cfs4`FHo(b?XKmTYfPOJu%J0%kJVK;-yO
zo<NNaT{ciF7+!^U7r1q2OGmOn4chPY#kw*G^*I16tv46;S?f%1F2i%^8UY_5!lrw4
zCTc6X^wzjM*wi+WOJ66~+%*RKi2=RF=<O#E<wd@qwbu<^jgF^jNW<(q$+C@NRxGJH
zIFu^6_kAjdVUa(YK{<?fpU$cW-!w^;zi8$@L63j#eSIq~LyfP?qN$PfqzoV_VH4j+
zD-6kzrj#ZGx*6mfC$jYNjpa<hkuBM9z7ynb8TOFnOQNDFckgDp({A~voeQ+n;pu_(
z#LFGfdZJgMsxZ?!Q^o73bAI&}P=B9}W-#svk>>Zc*U0?tFt~#l+e51eAyCJN-tn5*
zZ9Y(=Rs83%n%PY<%<kxWHNZT3@29i-jjulbap`eXUL_4E#4Y|I(<FP022(_T^vBp8
zv~(sK7|J4QJ<1f&vc0R<FcMG*BmlP3oGFw5%&DIMghSg8RQxb95-^330K1k10JQz#
zOal!-`jsOs4y}g`*ab4bkL7}V?=}@PXQJYP@Ilzla5vD}Fn_IJ<}Bx^23RVYv<xa~
zIZ739KAIHC0cvVp&If5x3^j)hT?X8Kr?E|Q0ujs(%Y!D<A+ug<$Z+p;)Od=`)>2Kv
z1wTg3$p-0%%`d;5VHh@pKLbiX!|-!b75tnGxlMVRil39A$Ir?3_R92JjdqJV4L23)
zBSC)Y6D`z7-i^5J){RyWFzAX(ljr}PY|~EQf2f+QKF|+u*AC=avFF;7KYaFSdQ2}F
zeO>fezhBQz1vf2MqxsTh8om>-c0}ofySW0l!<Rh4QSB8oo1+&dHE@pZ!5h*SobHAM
z9wVvuPVHQwg$I}kgAhnMVbuQQOBTYVX>SzhH@srkHK)m>22oq3InU`YZ2vTcniCR2
zha>a+73zPFarIgkqvLM7#(J8n$LA45Z+?pC8xzSo)d_JCtWz1VMyh<<z3PPDq)d3L
zKyriTJL+DhdzUFyW(F%WrJ>dwX+b*>PJ>@cvS7O_42^E+OD8cLmpM#05YLq0;{)xd
zF4y7#O;q7#PRT0>?aL{t=1XLgZYaU+v5BcBJOS@!-oKHPVeKV7#2yT6)FAy)m!tFC
z+5qewaKHev*(?Qj2REc<Gg>~@ZpJbmH)FSvjBA5^c=Bb^xTWeb`Ce;GVjig;lg;6n
zBnuYCqgf!4j0XLPGyzK|t1tojwf#4W)RJ@vZW?1lH;pk2s%P5EAfdSK`dUn86Yg(T
zYka5bu9~pVc%5AIZeb^LDm$4!>qJlH3@ztXD4!awIh*J9re||1oV4dhsAu!i&2WAi
zj^~f=qBoy+$=^Uipnae}-iP6<d%yy}pJge$__rc(D?806%8l=#r@84djdI;@lN9B;
zVf`t2nkXNfL=)~SHRAD+(;lty1aBknG-QJ1KBEZvlQt8!w<F{ky#d!kYr^VE{qRXa
zI!Tycz)A#%R@u@)^~R(3uQg^=0hDU>T#j<LBfNnbszEGK`Sd5$JmHO1gqk-+o4W1t
z7x{!ux*Wx?D5F|k6DlI`Ck?{0Xz|H4@hmp-4aBp^NzpJ`N%_}<XR-aoYvEa}{~@1~
z=e<$~p2e_n|6M!_v>wvnS)@Vj=U40SEYe$s;aODt>A#C-0naGPtIe_-HFxXn&PaF`
z+1F8hL+~tc6d0bxH$T-U!qDPbO!!A+Jd61Q>XPxraQ_9&g{s)!g=dj6Au^uD*8X+1
zHuk^KTG8~o@GKs^D>9x%+y8BAUyS-)coyG|*Wg)P7)xpMsj(qEi=W3D@GR~buju5j
zOQCPI1;si%i&t2%qqr_S3!}UxSD?Zc10F&OA>aiDVN1-|-zRJt94>4bU=X%E)Hj^N
zt6Sdkc1oS{mPafoZ&~lu%3FT?D5AV2rWfIjW{>&<@|GLM)gy0d^?U?*OVuqA<t-PT
znp1yKSB<<SIJ6#l%ceUt@|K)G(W80L;)cpw=-emdc<(FF30H2u<M#<y`iBcwdK!c)
z%X=H)XEV4k`N|hPBgt1{KcMoJ&sIc~ue{zI8OLvO|A2gD$es1bS8`TFkgr_0If8tp
z+i=ZnzL%sq_U*a#$X9+FrID{JD5SGFdr|%J6~!K1(8*VFQ*^?W1VG^n6Rw2zJC(0^
zr=_Y;#2`9uIf~gwUF+6ol&##R$W}B!#C=7B+rY<C^eaJopL;~bBUZ&L_Ysa!{(JXu
z@yd*PAc?bW1&E*nu3I#+l_dGjf=IHJq`G7)q#P8iIHe8LKGGYKO^s#(mOSY<aGyh_
zqCoy(WJD|DNWjD}GbvgX{LIMc#HmJf;@n=G*1Q<Yq4Fs`KCwvFq$*-b0uc+$?Yj4=
zfCZFeLAWAHx#nu{We7C1Dat`!Y>IM_9Zm^37jWmcD;pU4E$khrHQ8Qy(h=BUtpnY3
z`-=ug+F}RpfJ^HMzT~key+lNVK0HIAL@>Gq@{<MEC4G2D&pCe1)g^uK|BL)1&swg^
zI#_+}uCG2`&nhM~P}<QFq#a2ny@4rQ${*-qkU#5h<zBpr<PmNqBK~l?7zuw^m2V`;
z6UYUVbj}6<<k}lAyYBKG>Y<Ofjz$9n1^_8#TBZBj6^oYWjE_vp-QN!)T4R^~+Wim8
z8FnjV-en_wX(ctnQ$A}5)oj{?yVYn&k;M9u5Z;eJ5y}=?ul5tv?WXn`_AaLv$TVdF
znWlkT>X64=kYh$MkWjzAQvia%F?kI5Sd=gO$Vu|prC?A#Lw=Ew15c+*u3-wI@4?F3
z$t-5uY-A>56d2m!JL<oKbXSd_e|R1Q5<z;DF}ved-CNP4EJcr#IU!qfm>o)_hglLF
zO;ZMI1QJGfgMfdT$M7%7-@w2?`#?MRYMvJoNJOy|mz+j{MA1lk{LOJ|1QL@+Qua4V
z24BZC;Ru#+s2c<l#bNx8m3hwd#*uLm;El9MF5R}cn>y1wVf%(oMp266*T$ad3$|<S
zME_}sRg!Kp!K#e?wl6ho`_=@~>p`FO1;e(EqPG#+wUO}!s8najunk<_);v@jbVf34
zLu~Bn0vcMlQUEopvGU{|a~qr@>Pv3yTa5ql+PTb+O#V2O`t=dKxgiDAp6(9lU)zgn
zl%4w&hO{^1UPFBa0~26D{RL2fP;@RV@~Ss!MWeA47aAqXL&>$(>Fcz+H|SIhT5B4i
zm~3SzOFffWsJZ_H?YKj3MY1ckLnljLRTL)NNtCBMCEHn5{wM6{EI>Lb@Be!m7kG!%
zvC9lM`V-Vrj||88bb5)h=r-zdB=54pAsyKbgT9&p_MM>85i;lpIU{?e7OFC2_*;o{
z%JsoHEu})cL1%i;<m6vIrFMVTTE*_~p3fb~e~=~Hr7d)9P+4!Z`zwd^uWoQ~{s4tE
z*!U&v#qOcK*iF9|pJ1M=n#=jmlD)X_s!@8Fq-weMfCOz6bHbqPdmYUQ^P$Q!pHjO)
zajs%cH~@lwV8OlT>NFiZFH`-7o9EW;Kgz1JDAaJeSK8?PO<t6<Gf*@20ni@t=zL9f
zB{7+RmFIp$@b!3tL<Thcol0NOKV$7+RDc~#0rgy|s`(sn(jz$pfcpws{TkWn0Wd`!
ze~X5rJ}?jjX(vGKwcqJzWyO%?QaKPripGTj>s2HFOE7rLO0tB!W!*bC<SlEE$>1#u
zfc{YY20pV&K^hy$Q58ji(&BrR4ZSY!P{;MWOpuENYz~H0%w%i9G@-PbFKq(6#VN?E
z_oM{q)gb?%)>>LmN;Sh!$+x^KHIi~9hPiCYMF3+!oWF8&{r-+l4rl(35>$Dn)(w#w
z>c96`I4t@kTRrNu#(ukRQr+E5kUvg_k*gG?q0_>B-TY}uJ-%*6*5RtC6L!SkTVq%A
z0#JfMx#U2@8)~0i%>{1lFnTb(H!F*)^Zw>JJ`GGWsS%3Sh8OKUp3R{G%cN`TEB4Vm
z)7GJ@2<{lY4_LulX@>t*E=<Yr{H^sX8HVzMUB^(ufR3nBYk3N_>p(h7?K)1$zYbAV
zY(t19M!Sx@Fcn)0jP9~Atv}Ahl&<BEUPAoQY;Vs@9Rlfp{!Y)7=Smm?sfANc)PMI^
z^)fY@jjHCdpwnFLC*tERIUX+>-q#cZojxT71D(TJ4W6)}p$Quo5x6sOJ8AmdV17ud
z{ae3a&_BndDp~q}3zs6NB-V#*Nj3c8-s<#DYrsqvs55EO&g9LR*EN&$?o6obuFLsa
zgOQT{Oi0HAdkfZONjTjx*HAu9(b*_GHI&NW#wrKLS%&Y9M~5pzV{X+-Y(iPw1g*5@
z5eHmqE8%5|BnjTcsU}f=saB(pH_gD_<_xI~Dn6?mLo}+@8*=H+|8P36q!~tgX`?;=
zV#S`{t=RLUbdKRfS{P2`<C*^*d;W<29xk=7-`|6(@L1R)f<3?cVQ}~0mTgPzsBddA
z$g3EQ9tw!6?i*DaohCmE)LkOss3niCn9<z+(}$3;=%=e>21wx+$s3Ewu6|b`z#GVn
zooK1*Pwwh{-8S_ja_YCK?^h7XroKag(WbsjF|(<k5Nb|VZ;eg;O&L0y`oCn;Me_8t
z`t|SY<i}=OjQrS#{Z)Rf^}{-T?63W`{Me<3>f^^|^=}|Q)=FUf*q1kI_^}c85I^?Y
zrTh>-*5Cd+__397A%1L6zYssRiVN{$WOc;3tr6I-df1)DLy+Bh=2pt?46}x@JAe6|
z>`rh<7`vnA06!me9UP#`9@@)7{hVJaa6n@NgN-ay`<olcLZ#|isQcu;i3$sq8qPws
zp08n{EXYD3_Y@UG$3u*l`mGK(i{ED=FSRFRjvQDHo8(No!b=@Z*YHx)GwEiz=U%c|
zmK*t}-MB5H>3;pBCSQ4uSAlw>-5>?vKkmJ>dhQ&!?%f{cIXii3V<45jR_|Ka@|B<M
z$$XpZNj>ss6z^yeJWPzDlL_{HXVR``GV8Z6Q@AX%!lh;V-{Qh8%<|jRGoQvXKstUc
z3p1AiT@p@sha<uXpKwiHEgx95`HWM`Q0z0}R{+4*fG|d_?+c*2F<3tSFfeK;X6_fP
z&WBf=#yvvbc_JE_2|9emCk895+Mrs5AJbwh9qUSs%Pb<S2o+cf3<!!HNrbzD*KO$v
zwCEmiNrOlojIK~?qxJJ#bMIxeWzqxmYWE(}2hCDA;<%orpn(?^Bm4VxN{F6FIlT`f
zxQxnaZCnT>3tJ1@s$!mqHLitO4PFaPwQHfrfZwqepedEPsU|d$L&dN-dUC$on&Lkb
zJ}6ZHi#jqJaqc#s;1IXqKNe$_p20ER$(K-+;8yX?SZnZoyepnBb+~Ratc$sW*keOy
ze1O-?R%+_?%vMVH?MgFS$gST-&R6-?B0J}w6bzrM7h2V`X%)`gtmDkDwQ~#9*^1T9
z){=hLHCqMh&W#G~+(Br8wm3n)eR&T!A3@RT^<xy)zHX0MDLMi5g)}A%fBRC{j$D7w
zm`FQv&L!B9$$aU3mnh4$d%m4hvNFtt^JnwJvNqyN`;i=<%)Qs;?$hFP_uN_Y`aBrj
z_&dI|J?K12SD~!O=fe@->OY<DRPfPG$rVY|jN42B|88hCjzgR@U<tbLczw7-0goh$
zhT<#U=0F5V@OS{*L_V30nfJ8RWS-6n1`iKp8#r(quz`7bU<i>C3Pl(kf2vw2R`NnR
zd|!}Z!q^0K_QM3Q_ltpSaPu!><<lmOQF;}WPjsP`_oi{#afP9{k<GDJ4k-IIrR@E{
z=LqW&%UvpyeH_K8J6l6e@}9IpKk2mpPz@FsbM+3jK;V=fNul*^ssXTd|7SHJ6Y-A;
zX;tL@H}wNozwj%*pK{1Y_0t^kr4D+?KXO-n`U|N}*d&C2!~^r26yl2&4U5sST8|)r
z`?#tba<pI=pV(NVTJdUU>`!2pj#r*VQfID3KOgf!!0#J$<CQx|rXCd}UEmhJgMnYZ
zts8xWqVh576a=mbp)2MklFCZkusKhvRoOucu!HaSiF~h%{K&4+#&_r**$GLB&y<{{
z34vb5hxS`qguN%?`#NNi;vdC_9#jPaj}{~_iE()SW@3|(t4~f>wJH)b@!9tRDmI+~
z)X4UR`wPDR()gXVip*Yn=lXE~SxswE(%!H8DUF2VhEAk7(3GY(Zlk)(?%o=8moWqA
za>*ZOl&=X@WhqTo!4n6W=0^P3GQI`5L{<&8VkEh5lJ6w)oeJL-T7I$s6+xGzAP^b6
z**U$F6P(@|NdQ$y4xOq>d^@SCEdG2USsB^3MuFy2mkYry0R1mIPPv54;`HuZ5nMqz
zc&2bVF1QW?UtOnh<0dEB+rt*7(c)Oqfp-LNR)XLip6WSd5-xl%_|gfbtE!Rz{IrAg
zYoUb$T;OOxo-!nug9&s{hRZ|Ot0brNMILbU<a%{QBzF`lVIVd0@MJ8N%gdijLvs|X
zpeVa07+;J~I)eUa<LMhIDdi#6z;iIQao2=o!^>7v?=VZI)Z9C)WuS3pRUC|feH%as
zJy#|*Rc_x1HR&1T`2gNdY~BZJvVFPa&X`#fNF>2CF}S}rxX<ToC?BjTtzJ@!4=U(U
z^jrDDL+FNs@FD)`B#ky9|MYbBxS}N99!fldKD1Ct&h5?UGowWoO6k+d!NM%k=b;wp
zQ)~M!VNfyb&u2CPY|!J=IY0MQZ?3{9{~+T(3aL~*>(c4#msVNGffR93OZZ%97QH+I
zJ-{h0RK@J1r;BT+Sp|S5hj<k^zD+d0^<+Ln{gAieB|)D(wyx|^H2Z-QYW7PvhG(y{
z_86MIB9uMQHavTyy0XX7><dHL-?^UbjcE4dQ1)i+!n4QJmEBCUzkYSBlD+nZ>*#x9
zntjc2we}I#>lpbaH2cMS3zh7a>&YHZv!{k?&%B<-H>26PQ1-bIhR$49cAjS69#FIQ
zxt{D6n*F&@_Li-$qwlda`(2^zdv3ap?9nv)O`+^@Ev{qeTF~tKkEz+KEZ32p%n~;a
z$(<-w)=SS<OAdU!pEf#VZvkq5sD*}V4ZH<GnNpfi2Kn}5ltE7ATYz>-Rg8_gjfu71
zsEBTT?6jXK5ay^?0)Qd`nm-gdu7dD4^_G9uUq|`tZira^Hyy4~KDld8gbF4y(Q2Q&
zZpRDaG_5lT$;n)|L51UKh4WZTu)>K@VG2|@!BFAU<@MKBG5%WhJxlAG7`eWa?XOv%
z73=Fs>w6cAsjt4lw7w4_*SGkZ_2GO?Y+<Y}tR6OTK}%tzdTuh-(=+n=Q|e2g^^K^z
zzW%hn{K)<K=PeDbuNdL?p-wwnG7TNliE_lMyBVw2pWk)NXBS$zEMKeg3|jfo$d$j>
zu7T^vLF+rz(E1icuJ5)8^)X-zQkfKEBW%jVgd!ztzqhfNL!b2ER2O&N&-!8!fKgEa
zc+2D}USt*=3uN~#gxPi7O!(;2?A_|_zg`J~BfTj$vn$$OR<XuZfp0n*Ob`<=eNVkv
zF9yg@1r)<RVNM$Ix0>a#9H9RM@8bv$LD(`=1u|QT9J{%EJPyXvvlY9`#Le<vZD6P{
zc#i;hT!BFex*HQRZ1syvdMK~1`0XIyQ$y<m#?L##D)=%<r)nsuFLH^RUfxWHi*)rL
zZ$MWQyd!ITbA!@@HGvM$e+=vy>VJ<<SpP@Xl<r#cFJxCy$Gb|tc{W9rTcsPKzfpCe
z+F3Y479h16`#EZxM^2LbeYu?S%<+TFt?x~~PAhhD6fa+wzP&E}j&<Sb!R3=~yfXZ4
z7Hh{V!{2zZX1v1EC;9!4XwxV8zkfuZp3Lviln9gCROaDEFJ+~KX7;LC35lc+D2P%u
zNb^x!Pw+M;s~y4TO<Tncif*2G;TOR>-z?a7Krs1`_6qhY!8<{QA?R^CVASt}aQi0F
z+ab?8o3QFjEa2w7Ty7*t{}IYh#0&N<#fO*hYd1~hXO&ImCzhS%=ai8?&DjcwfqCAk
z<{Uc-pWW)~m1KV<UOmUpZr6=`mrvzg6;t`WWuSTX3{nAd|Cq`z!5xmTFflgrIi8xb
zThC?l8%~R+lVW1+a9_-P(J^`p=kDh8rEh_*=b28ygO1=GD~oBPZL+(CP`b<YClEYT
zJ`Wqym5+~Hz9GS>i95jhf>brzN%h*zPA^n7yHz*RMDmwZ>GqQIo3!u;(!vVBv2~iZ
z2%aq#k=$wg{mEi<n$88H>^~Cf06sPJIHDnYgGl@TwTA8gnc@2%S43&h#eY5r$LoOn
z@Z8>9pvgw~l;3+Ebm6K%%q3OGoB;mO_i4BMazDuNG~XI|K&G@;I!}s6FK*--AMMSG
z7rZyZ6Q$=DaHry)mx-<uJr|=MDaw{k3FSwl@=AYUQ|GDTh0kk9H}G*Pu@-L4vq;-S
zc<oNeDGe^ZRrD<;gOO#XK4xk%N=^uT&S@}<Ek7J3mwz~v1LcNEUJ$iPS!O?|v*&rI
z*lN^z7cCofIT#$wKV43~eK9!@?AXeW*qSMQrD;(qI!W?WndMc_IYKR<-jxD>g|~Lk
z(HcU=YJl++O1HU2lD)x^$SL@ame#_ZBTOD1@ATPxz|>C>qGLM2csadA7LosKv*0;h
zM((!hnf%(Z(*(zkc_T#ch&h6{Ww{`=7Nqp@K&-rTu>;V#%-Pb6c+vB9j8p1kkXB@V
z2D;GNc7veEp9Mno^5fBD`3llimsRvGm{Wc@THgBXl_05b=rqx>*&P$;Y%d$;Yxyg#
zGSe}E?E=AcN=Uv0@-KU}yq4q;rP*^t&y|dIa8!!?kj<IPhE7AoWT5|{^(3(M)O8N7
zC-{^ntkABf)3=AOr||W7Y<6fpw%6q^{%7ZU@@KI8Z_)hlDer$)n}7Mo_2pl~@=vGv
z;ZuHDm%n&hefbNO{?q)0*nfTf2kXn9r1XCl=1;=@>+4@tU;dR!|7re}*#Bp=`7_Sd
zmw%$tf0}<H_FtDjrE`7rr?kJTru`Fi`A;V_B>%AoH2v4*Up}$E_ABe>tp`HuXaAqI
z`42u?U;YH8|1^IB_FtEO$CQTT@2bf^L6?8|>iY5*DE*&_`3tcBy8NfP`o>RLe{anU
zt-t-tb?uL>FMo>Cf0{o9`>)Ht`rU@CpRO}Q>t}*4KNsJS_8*%OYJYou{WsK?U)}#R
zH2eQ)-TZ&jko`MdQ~%4l{5x8Q*Kfq%rS=oZFA;vQ`PaFq1FzUNpnX6!u=*`UuyLp{
z+BgW_rh<2d8GL~x3Ep`MpCn4(h~=l^MZ#EtMxM08M!2OiBezt>*>@4vquCoz(_4>~
zus-lCnt0*d5Po(`2l*Ur%OD)drm5Nd-qShc_OTe*7-r^tPM+{pE-)|6reX>B)@2r@
zEt>n?xg37Okv!8CG4VITLQQcxW&#TZZ?N-8QQ)Hp`*=)#)^{ZcMcu3^im*@xnZDfM
z)a=C5nNp?u-y}gcwy2zPaqgQ%(_Yb2Wf44^@O{OKDN^9c4>3@ap!@{6GaN<I=6{<A
z|Fp{~9W+4ZYUYQ^lfAs)z1sp8Eo3^k3+2b+VYCx}Agp9ei>dtlZBzLvTS+6zNh7*u
zt^)}a^6O4h#8kk;k=`6S$8RVTOgn@`a>0A3hI7Xir<-cs{RGcYD`^?|DCSpe5|T&O
zWE3A+LO4rH#<ITPO5==>xYu)-7fj!ffPsp5t5zgy<}DLP?-2U|(fass@U90c;G(yA
z;B}+FBV24ug=Z)}L0HKFZ?&10fgvloHwe-K3wyY5!ovkA^epOY!82TElcMH|rW<IY
zGsA2@5g4o9Cr0>UYDp&v6MsQS{DyGp%UY%iz6GTHUwaOb_E#=zX%~DkOGK|=5hdpq
z%ehQ`Hb?$hlD&nM9o!-~w(uo@0FCb*#p%ghk)Lqg4?qQ?>C_0Xt#-KARcluF$zl1o
z9M~TR!}mutdN?7MjPg^B;GR`}lFVc+X%5U$ie`>35`L|85V$O6vsnz)IZc(3(&Bsu
zU5EVfY@u0-7lDDNXYU1BbmKEoQp5#@!|thRF}Dp~YReDB2%bX+1z*cz^8aT9$Iki9
z1Yh4A5C!-%P=o6@U<2PWYdYB#hvgoG!38ZpmEYIBueG$1HR1FwwhZ^BFCp8a1L5<c
zou(katQ?8eIT5(fbu|oWUr4Nyk3ZqyoW6<V=F?F$RXL@F<YKbWLZ;Q~lr9S8{%Eo{
zg`LL)({}hy-YH1rK9*}1J;4_IGv!W4O$PtWmW+h2(83D1>2B-c$%QUR!k^mYf$rXb
zB9mFX*h0rA+2w$BV-4IS`o@A2m(O9O<%gv!!K})d^q}bZl`!)&tf<eZWnbk(>#qd0
z;)HCF4|v<-eNypr_Ji!t!aJm4DeM?mLG7uAkkycD0Y#4%aTV8~$BVbtMUP9e{&)1)
z`o!<0$6r@bdi<UAhv{+jGD?rV(*J-SKaaX24WY;N&(HqKy5{GX%>Ui|6fOI`^V74E
z&QJeke|UZ-KSt*#@c92=eyVH!JM(kfmb&IAJL7*hKl>j0z4P<bW;#F5KlX>`r=o<;
z&+y0o2lF%L!hdIeUaqKXeqO!pe>Xp=rN4K6PHv*}Q(f|h=cl8G&d=K=|AYBid%mIb
z6Mi3Rdw1wQl<(2qXBLLvM+C<Oz65@2=h?!PX~e23(0Bo-DZJ|ckq1e-({b9}6mbO|
z7u<n>1DtL&^Ny^^_6?!hA5C-;@;y|CR|I+8ez|5WXmo)4y}$+qOB;JuVbC8>6&&07
zlGEVmn?b>CcP3vFq&-6U)o7>pK9D?HoXH1;@|tMDAq!HvZQdN=bLI(%cY0grC4VcH
zUx^l^v(Dthg5wzfXeWGI_(F6X7x|&b^L*XAi;nY7e&|W3=~pK|<RqDDzT{(2vXrh2
z^Q8k^8z;v-3NO7!^Sr<zZO(I?<x5{CN&K<Vz^WW{CZ8s&NF<FCq?69%le`DKx(mK`
zm^)AURZRYmDD5JXUIVEmzp(TY_-E%IeHnS3olfaH5HOMpgEM&tVM9g7=6TJXrXw^p
zY2e%<a)pQ%f|~?Pc}4Wa{3iI~&r=rD4|-x34meHV&(4x#FB7ZEasE8z)~O;ts~k2@
zHu5_|c#E^@H2Jq>RTkeOelz)J^kxg$KTEQ!PQ#y=D#Dw_I31PlZw1F$S0|xr6V))<
zWTpI%U64`)sfFMvHv`-sV45GxGaW`hi&B9(FZnzS1R2J~-9=Eo+FT=C_)+EWMPJ``
zAZcAO47@IV1<|7Cs%gPdfsFf8FrI{e*X&1zr~cY>@ElNO2Kl5A{7Qf<zxcmHI6TnY
zm1Y9$0qW#-Zv-30@s%r$y1oQAfKKUW)nDZSFl66zKZvTycJ@@5g|wMAi~ES6=$0e+
zr7!+8aG!!S%nZs$$!A?NVEV|!fuii(-gF*nL|=M;x(zP!o<Y$1XfRLf2CwXd^9OVQ
zM>YRgM_eb>y0KLF`P&4^AxKp5o{Xu}am0O0h(>Qe@ixHKg%$Z!02KCvTNHfx=k5=U
z2M!~S2k66-$;TDyn(2f^zl*gR#B+1W5bXpQ9x@3{us+9W-m@B(stMfdnMJbQJj>D2
zZ8KSw0#m8;R9ZE7?=3_L#>I{q08GJg#_ebRk!RYh_A;mRs|KH5+9H7NY^{9HG}>es
zcF~t(5*-KJhv=Xe5#oH&nS91|KPi;7_9DFe&FwBoTfsZG=xZ5AdO=#dhxbe&tsCxZ
zc^odm<PJsX5dT;KwwP3M+Uf0U6X@C}C6PfU?IqX5*5uZK(3Ch+HSS}9Mv$H)&hvH_
z9amfrh*evt_TUz(J?OIW6t72wNkD=pyPHCHNph0EA6c&MrlD6tJ-OQp??MUaNupYA
zG73yy$#<X(Y9v<~La$N19ejXVT(NTDeIWC1pC>Ig5A((REP_u=gMy`Q^E-XE)1oi_
ztUV}F^*^#>ai5prKG*BF@s{{Y<e$-(EM&XaklkJbSLP)#m+;PfiPTgTBRFc^-w8m~
z8iPE)7u*}k)lCSNQ$IbV#`Hbx@=PetclPRt6(e34sjnL9t0wh1&vT^0^R&WhtgxC?
zSV<~8>)t~yt1uvZ=`g5tE>_CAxtF?vjK4@$D!Gt4ZAoJJq3C>H3?-<^<$1ms6WpP5
z?At`TsYJ4=pedW^7%2VEBJKH_{4@G%3n6vRt*6PqEw`S_A`SW){>}c{LZ~F6ci#ZL
zyTq3)y+Rr@>Ix!FJoZjLCnvvq1r^?Jn2u)v9AJ%l*9PSq9)h#ALY_{-0}~;|jz$zQ
zMZTY<JSqRjPEyK6_@*OgOsD!nTS+|fB~IxGUU3(oS~dybTum@S&bimY$!m&e4d&?-
zF@j5>zJjK)dM1*;|M%og59{PjiyV4+6YUQg8!DnEvm$D;sG=sTR@7t$QBxx(YMRMJ
zO|=}yeE5K<=`?-~H`}Wjt17Nj_|ibGZodHk_hX)EcV6Nb#fO&+S=Q2;=Nok<FL8UO
z=MXQNHf1eq*&@>$vv!CS^8zhDSSdIvfzc!kU~zhHuIL2B3#J<J!a*uQa(agoBD7m9
z2ePwCBy*Ez|A7<<Tx*O)9d^RAexFnNBVSqsLZpo_MN^mOnJz_630x#e?b`1b8SiK=
zUSzXU5lP%+6d@(hfe-Z#^g$XfKbk|fWP#x8$Bmzk7ML;eNy1we>dFh39|_)Ei_=$h
zvq-iuIUXM;1f~(c>@zAr(hHB?FZ!<wk7D$~qpSBAgh$6GMHC(lT5wI_(W|c$hJU#?
zPFPBn5)9&@3VL36qog<;e+~LKBMh2@{;8xDG`&z&wz9|jTm*R>=tIzrO*X)i&`oKZ
zSnek`rSixc3}qZ@3Xxr7FB7DA8(xtTs8vqlMOa7ijj6%{yOqe~YBK>XoR}XO3KHyu
z`xQAqL51Obp6P2*y2`W|oR0JgcUy7>RiK|-#36;9e8YUySt#=51g9p-(iSk8fg6r{
z1HI#r`eGL^0A&TZ3E|#xXNe|4YRWCBcI}1Ml9UPlJbdg$eod{PRxWtbD>#=$sl$CR
z@OOJzpeeKl8Bo({id-T@ye*ObDD;xIwsDeyq6#KXQ<=Cvq+kNm2|@S+WP_&DB1MGq
zjv%8nHZ&JskUdT2qN45#>yL0pe0+XBmzTI3Z>eoaz&_N{AiMY++)=xegK<Np)3nc-
zxPu(D86zAq7u}7r9IlIISF-jxxtHp9>?9+&3H=nCeiS_wWbi61fz|e1bh8s4L2ga@
z`frnQ^Hcqy|8wVs{(ZvPC&K&0A9<U&EK?JqZo0RLTTFEy7~{3)#Ry;g*RV#f=9v!U
zCGMqXMrxk#ZgOVq&LmwDO%>$KXgeI=EJlJTq8#5WOy>v-QqEp1;0WPMp2JgWG`v{!
z#utnD`6Ik7za|{lKs-yxqTE4$WO+w_O_t>j%@H%o0(a!{Q)E?Ez^cr%UuH`##;Tbq
zKe<el4pk2ra=t`P2FDAb3<v!;hd)rfF<yC~2;X17^L^s8JLvm_?@q(}giZ@g*chU@
zN2vxF{Q)kAmEZdI80A+NLh`HY(Jym)=gY8KzUl^IEkX`{0aPG+rQp30<XKK{mc>bT
zlPK*G%TExZuq9hMT?bVVy@SCWGGShUI@~`Oh$2X`@)EZojp&LpET(7n7Dq3+31D1j
zMU68c&S;RD1WWH=p6PgA;${$6364cuIQLM&7sGUGWV~E?$I3$57}?zu6wH>0a0Na`
zg=O;iIVi?Lx!LSy`yWJMmQ%V+HuD%*i%E+188m?UpoIniYyfp?Xwb*i(5JR}CUP+a
z{j+il6LZ00vhM<XLDb9dz_Dl5a1oc@KIi`uy*d`9rB|zZ*7Kg4N?kJ4MYHhe*U>B#
zuKpnJjiOJRgjQ|iOQuGF*4ZpG*m-`4Bl?ZF^AxzWCI>@~{TG4WZJj>1Rbw63JkW;9
zb4W2_a5G736&+vlo>;~C<&fg^1g_{85JA~%z&L^oV%BN)((07v)d=3E_yQ|<vuaRf
z&~eJOre1rxXTYBBQWmwRYt9<uhgD=hVX$ON0bxQ?;6e2MOfG(x8}cZue+wo&jwlIc
z^`%$@;f@xb@E1-QMtCy*iZ5x*&HzGylk`u<!@TjAHFW3`g<9lE=LsPYE*u`_bzN48
z#u0^ROqJnnd1V)TTPERo(n-`y%>g^_hQBIbs8wE-aX7U5?ON~4<rIGO%Z2sBkDjkp
zAP>h4N#p!SYQu>B2V;=vryB5Ku7}=pS5<m{Vg#l4FO91EJsRJlr@~wG6w$Mpy+t48
zm%Yugx9DFCZ_yKH!gZpEaHDCWX|q$BOz84tcAYq6xK13>UMH^5>%>9Lb)pSiCt8O5
zdiNdEo8B8*i(rfEl!El)5HkZW4qfWGILvqvNUY9ZiuUCBJaqCL(Vjd<^qS41Ix)@W
zBalFGowA(1Ln|^bUnbc+L(Iw}HN~ldo%sz_<lXX6gA{qkW+;lh%XN6>TVp|*T_s3Q
z+KQ3Tz-tiLN+y@s)*w`CiLK1Uv4gv};9V>Wz7-fHk6Mw)0Yvu>yj-|!87yCd9^w_C
z(Nj=(z5%`Qz_;=@gZ(|o(Z2%ut}L+?ps|qFezU|@2xzdR^oi^*AhS&+tt-aXkxYQb
zViG_I&zV?pkC7iFiHCK7Uz=rKR$_Y`G2IB4E$x>(j3%VZ`wn)<>HW|K78iMr^L$B4
zESQ|V%38jPw$#^S_{aHN;8xxF2$Il!qd*e6#e!MSlN)QE?-7bPa8h=r;oAsVfqNjt
z*Y74$hTK1mx^H<3d0_~?5rR9g;1V^s83dct&;)^$@n;&^974|yOv6!yQG-n26qH8C
zLiFx|w5%Mptl!p>;0-MJHZ}Mt1i!|D2dKe&AowX3oT3KrgWv@$_<l9`X9%9ig6~#?
zzlC6t1%F?wG;l8j_YP~xE(pGv1@~2he}do`7W||dd>DdHIB4)oQA%(Cg1=+I<D!+|
z(-6Fo2A4iy#WmxDHRB&rtHr0Tq-)CLCyZgRlCB<;zdiXNOR302SC_we=o`V!Yp<%`
zpndK?ssASBz?7Oq?*QCGa4G)+L1|amib;a?VDBf7+}9tmApS*Syd@YxR`DW$7k&9E
zHl`FC^Jn_86hBJn$1?m_0O&f1)gi;4-of_QKDw_Cl0O4s#X!k|??a521L+((B~TJ?
zC4apuY|CKeSSvi2qTDuT8jW+eRW^j*OzSSdx-VY=Y=tLn%b{@ZD%(o(H_(9$0+a-U
zgkWG$R1>8r*GJTM7(UXZIMecFcSas?Ku=>^4oE9(@8EP3`c8TQl49u_`Qdx71oNbe
zUKZ)4F)-UeBs`Z)t|y>BtFZ&Ag168NeSQO1LM@@ZPN`fz5;FkcH$-XYFkeiX;MnAD
z%34Z6o#?bUr5Yi52mk2IHo$uC7L&hsI<`9bAzPgi>!(EfDVlcVnYKbBAsZV#(pA2s
z1-R?IiE_y)%Gk^I<-!xflh|+}SPoN0c;GZLYiwwF&pVfc!SxF8hp*q0%fN1Mx7@5Z
zQ1Y6fyAjTFhAgm=0f!99-_L)ObPx)`DMm17dHX0zCkk;;_sb7IQ5&q@Wa3L6z?<Nc
zNK=(A3sTE+7(Im~Lzq817@B8w@|#}9Krc>yEuhJ4pw!r9C%+!YUtLJcSAUSteKG_`
zl^zyyo6I!D!Lt2?f9s8u3(6o|6j=u3jGHS1gDlAZ+LoZC<JYc0at{5#1BNiqf<P!X
zp4rn96S<6!5JhCljr7!#m2<#He=B{-^gNQzElvjz3^qzR_Mn!Yi(dCcrwJf3<U>8-
ziLOeVoRcmtt%L_R(NVQ%KPe)HTioAJgeHFx%Ri}?l0QcDR2D+!Lol}39#4%agI}?Q
zFC7>~yG1wU3hbVf931}$a2y#(*yS8wa!U;5WQ9n38#)X!KISCt!GGst6q+@Xkt|U5
zIusA-<VHXD=TvteWE~MEp&(d5xa!SNM}dy19?+5=f#~Z*I$*Ds8~5r0)%=h<9jhth
z=th7yK6@EyvWE`*lQf3U-b$892I-v*+AT!W_7*UzKnfZ(?oKSIkVQ?5rc{$eEo5Dp
z#-ir1T%^Q@APH}wMe~*?u|(do0<-g$RhX7<G2WKKw-^neOir7HZxLgIvEG4Wd_-Py
zpFK1}F!1s%ZRu>RG=)ech{_A(d8x2YUABpNrPX{%cM>iI0DiUr7H=UO|8VDF*Rc{C
zyif#g(BPGvq>dFbi_?3NtB8VG!iL$kuikssCveYtrhl4RvI1T5${Qwk6Tv$N97oB4
z)<XHg+l2C(!2oS@Gue9^p9OQb%Fyz9lFonYk!jdF3{<w|uC8f#5YUtwcaGIOtk*$z
z&PI&)g*Rw1-WS|J*JT0RyQUfJ=?jKAIO#vQxixFoNfMI_VIj;X^rab{>do)dsjlJZ
z46MVyE|{AYm`)yfus^3RFG9C~MuGi5n?J}Pe<h~j6|f)>OKb9ul*5j^qV^^(e4$To
z!KuZ&2I#g2Eu8ES1S{FV_Clq+aYPCyl>X>y3~I&Ffnb3d29UN~Q*w7&@=7eZ2OdsH
za+j^fln)&gq;>eyn|T`UDoq5b7NM$wJCxNbe|Yt3P^nt((!C1@?s%GrsHAa}R4lzi
zkAZ8^2#Q}8JLSD=(TJb-*Fhty!iR1nZ=?~wc10SocF1+m2u`69X13ccAsW$UETs`v
z7L^d95o1|bl2}wqh(<UR8o@CdVPP~PfzgPRYte{WdE8_pjkwsVE*deSua-tU52v?x
zN+b#agM}0#K13f}Lk)OF3T^nQUfS?Eoays{Enqa^-8%PUS+0Y-)^23T6T{xQ)^4o$
zDYP5eDQ(=08M(@4Yy!}F*1C7(+M6To$dYE)y(4=#8?+;HoBi<}dFv(3j(jc&c4W}i
zn6PDpV}p9xaslkS1?EKL?8lfIutO<!W9;s?uC+rmf2?DNR)!Ddq-Jy;>8h@l-FMqL
zb=;JNop57aRn51<QYHfiJUHB5g2;Nmim`BmM&}C=S9p5^UYLsC#g~8?30?Eodmh4?
zf3#O<&A-{uQGMjiYmI8)`-YEdmw5fCc9;-hRJXUNtEz+)!>EFj)rO6#HPU!~9{oqg
zvv*J3c+z2ma~3v&fs)K0;^4wI@y<s~True<=jsYWRd{{dX?OM2AR(KugW{ah1>Ct$
z+6u{eC3GXqT`aw&u7kgz%G9mIwg!L8(Y}^uaua}ia%uJACXTcG(;b@<?(8hNJ_3t?
z?)V6cPA-;Dfkq$5b;>aO9X1{Bun8MaC{-^bo>;I7>ZR={q3s}bW;&{P-;YrZKX8lQ
z2ray9a70usXRhtfIg?KV`9*wDl?Jne?O<M^N`t9-tsor}r0*3bP+q-Hw^Rv73j~pj
z1s<xt#mekM4H<mtR3<thWODvEvQR-T!q#YKo?RD76#-I<T-pPQd<T~%XmXZpU`vuN
z%@5hqtc3T7Kx^&&DY%&gTb+(yU8A##7j@#eqT?d<1Qj~ZJcHuztygfl9$JQdT-7a&
z3%sSZm#TMR{%5d*PI&k%)76>{;@@NPbN8{eDoFpip5+SEJo&e)C```~N`ts)_>%9?
zpKl|wX#HPMpG4iJ&<^Hf2ghhSn2!Sbc_<7!DQ`foo6L`Y63Xc7?OpJ;2-|M^M}K77
zjX#ImjxV_qjVSMQ>-kScYxbLFua%bZPpysuCJq-Bj4oYlbd&?#aKAWh8Nu>M*?|Md
zaFp}D@z=3+2E7)xb>cp#f9t$9OuKbJ5UUVfkQ@}KJ7~fl!wxzbc?a>O4`TaHL7_Vs
zuVF8=BQc@sHAmIW^nFu>;KN=z39k+PyBfCBM{FAzDLrf_>r~@@+M?{I^v)6aL(iZM
zlNz|6oJrTUpM2@+eo|(dEkDBMW&r$(^n+Y9@As@gvXc&+hMh$3pC}alJhYEKp!?|O
ziS_TJX|)tWl5C|1yMUN{pZ^XLl%2K#i9heNF%iB(4Co@535(!W91;V6(!fRe#^1vh
z<%4VLUz8Rhv?$TP;)jfJAVl4tCmob`?9#Iy(tcQtWY`Ed3lP4+k;u)`X$V2O+(`CZ
zwuAMzGz}0&dXtfR^X__=#CDZ{I69Lh@u@1DY)jUvSGi4YKxq}i|HR76|K3|+_31Ea
zd7-Opao`q+>p?SXA6A@TnX(?1v|@!qrDw+RA7Q5Y*#`mEiC2E#43-e22>1TL957C~
zIi#!I7QXw0zI*F*w?Cz(D!}0sbi%h7)`h?;x^#aFrAyMMD^+>|b~&-~!wv_BUKru^
zOz#G-{{$3~JjrQAB)H(Js9dEjT?uEdj>eU+3~6o-7jeC5_((-Ih|@LfoBpB8wz7Fh
zt8ZvSQB#|wq;UYBi;ef+Uu$%BHx{3UX`%8UTN>xjp>N7XcVX*4*R}o=DBUw?JdOK8
z7gt5&GHBdBUEH@c&PL<fnzV5@nJ~^w<GSeLI?}k~<1wzUE)HIy^nDq3mG%V(=E07n
zFQUP@AKrKQrzf1E36Ta0kkEN5V!|iSXcBgSgb$yInDDbR^o6}ZzIZE1_1+mA!@jiL
zXLVz7l8%Ly#$D3IRdf12vC^M7rfJ4XsG#Ur#AXaTp-DI!5~iMrm~i0<rM)7gnhBqi
zFA2U@53b7R<UN`298MM^yg~F^wklt}*L>0o#&%TR6?letNfRNLcM9Ep<PY!dZI~OM
zb|m*Cg5$+A#<jTdtR~IBAkDiNGHA#msHk5e`Qwx>+RNmU`L}WY7vMEw1wK<$$-Vbo
zMXmX+?C-7YZ(H&gtW-*Wq{pl(3Gly8z5-yu;(tl`h3B;Vv5kDTVFBz$zq=y|i&ew0
zlf8~HW(jnHLd?=nXkE4?@C*EN!2eHp9(e`+DFd6bPiZW+C#Y-B8MQq}IWE*1v3r^-
zbCJ`@M<ALt0^}8P6KL!WYU*y#&S-5bCBH^6aiuki3i*-&*knaq=ucv;Qqp~^q~l3M
z;5!mUzT98?L6nA@*?$gt)EYi-2<1g0vXb!VG+~X2C4`CiGvSK;pP4j0o83**vwON3
zdzR8s*Rzqg8hiG>tm)aU*kZyo+yzxAVi*4ilfGk@Z(_;%1An>~I~H_*<L{zv*mr~r
z_qT$^H-mpn@Xr;Fc4PY<x~?|u!FA;adoe%wp$^>7>Op;oj(e}d>$cpjb_f?30V}}{
z|8&r{Wl18*)l985<5tZE+I^H%<Dul7qdMCPbr0OZ3W1Yf?n>Gkm>Ic(_WBAABx)*{
zixrS-3+L)duP?}G1rh@}fwlo_;3hStJgGNbmw_7sx`__5@?@O9pRNY!L*2?`%}mns
zpOFR}na1DIk!f*t2*pzgnWX}3<z=C&5lVxlMK-hN;dE|s55fgI!4L#}kIbKlhLb^g
z<c(-DCr-{y7pV_q(Xj>I;}+BRI5m&{J#T&y%fD02A0v7;7eeMk3bLkZu?iiogk#k6
z<5lzuG49HcI{ddTJ-!S#!fyh2syBg#N$!2ivTZRXW$QrP^eHHKeFFc0XLrHZV{2(X
zxHuTUG9RC!`RwzEe2(TWvS&aV;;bgISG<zHP(;xb)sJ8*Git;80GQ?hW1a!51w5uR
zLHXax3Xp}^fwHwlw);5LGg}`=n^6vi7ku_t_}+%rmQUIyM$!9<1t{@WCZK{y`9NiV
zY*Pj+yzQksuuXyrSYH4Qu|OMEhT3p5Ys2bL8(8)G0RFy^BHjC9*Oicg;InJsWgrO^
zI5yZ)qA0fnl!VEmAAg>*+8k>qidI*$b|zuqlbBxqhPAhlaopnbbPOk|9$%(Gd(E&=
z=0L(ZOf1;)m9dzx2;}(D8v&!xUM;Tyj>;!kg-_<WrVJc7&ox(&3anKb9p>IY>pq4(
z%9qAAp~F~=7YxR<vCBdX<M*D^N*$pFGp!+CtzqE6`)9dQ?{+~AYSHD5Y0)cL(W_a}
zt3&sYO;6LJ-%yKgOp88e)fL^R_uWu*Wk!NaE&d@^{2EsLI#&F;Q1R1Q@ny#1SLloH
z-#5H?J1c%GD}Dznen+VIy(?((`;5i+(-iN<kqIl_Z>Gf`WW~#@c=*ev)%z4J{<K<r
z6I%Rtt@XwC=?%qCt;$HaJ5<5nSOqn#0*>7R;V-Me$|^9M3>CNy74+{Lp@KVD1r}B?
z04Py!P_e%}OADsjbX6InU*u%dqW}&Y5KxsHh%KoP+GVBZEvYqlQyQB3`leaIqS{S1
zW*KDV*K(Q5a>&^#R8_(^ibRgdJ0=a~#HCkgW7;)=4fqavsE1NhSff%x8*v<K6zK1f
z`^9oB>8O1F(p<y>9;P&kHfAn1hJ+N+#>8jxYh!GL-Y;u}4T0>4v3pD&iVe9+8}c?T
z8>(gEWcqE;5co@B@H_qI8K9uAqDG4S1iyB?EvERgN$~99S^cL-{byTY{Utw=mT!0l
zDb2w=-y>G)1|IuAQB&=KI7)yDnMimds}}w;a`NmmOdCNr+alIh(n^`|%ps$kcV`JX
z%7kYPS10_LI6C2TSl5bJ9q^Ztik_^FVzmxNj5_Ko$j%ZNF%oh#H4J4nEK{<>;SvYx
z*|DD^NV#_v9#wF{ok`}<g=is&MR1hKd6EP%uXm?@tvW(TD%j1S3o8pbo%j|p<$^E0
z9IoT?-Cff-ruy$<S#G7Tge*%YZ;8|8=%M5|A`j74GEI{s#-_`1DLIXbOI)@&ax<1G
z8E>%IA({_5I|r3#HCZ<*S*f5+{-ztv-5pO5U2ZBJG#0QpQ~=Oi`6+DyYYYXfj!?j$
zPyxvF=4lJqYA9e`gaWQ4sRf{xM!dFwgN6cjL@40XPyxucebH4@K#idQIYI#shYA47
zCqJPr07;jo07zjhz!53{NR=#V3rI2)V2w~fO&7HQphmJ;TR?`PfRqRYeB6btx|8yk
z$uw_g$Xlq%OBP-Zr^~gJRZDU`&vJEwTyr$J!ZJCPs%qs)+DyyzRW;IOYTbpZ-q2mE
z5vn~MMJ2Rzj1kYUh(cq;b1Wjm7_pK?BpD-KWDyo)#LFy#>HugWUSSajjS;W1h^@wm
z*IC3GW5io5Vx=+ST^3Pnj99~74yNfs*RoLk`|Ji5nyL%k#6tDPBU=?a8C~etEYzwC
z{T4!(ZU**WBLJ+*pngZH@DQ)e=*anhIUfv$g3TD5!1<G^wZV-sIFa+ui5$Exaxiy6
z8{7ngZ{_^MA_uP^!I@P#)F+|z0GC;r-NVZHn_P^TdaN#3?atpXqL6EZh=Qy(QCdM(
zt0)w5^`UX?b#ZNJTx%NFQ5V;N#$6ULE=d<>qj3jlTn}AbGL5UCalLhMJ!#zQG;V+{
zt`Cj#(ztY8Tq=#5P2)0kaf4{wC>ocmiyK1Y2GF?Sy11b<?q(WSpo??TxZqHXyF(W@
zlE(c^<Nl<J8$;u&Xx!bpxN$V@Z5lU47dMf{Jx$~8*TvmS<L1%02X%1|kgrT|`$tz#
zcN<wf-O1|t@_fWabz8Mj&X;<b3Lm58FPo)t{^ZNX1Sx8Qw;@4dSb`)q!4r_6O;~~i
zHNpLmphZ{$tC~Q71dYQISkwevAb}|?fmuxu2MI1-GA7{E1i!|U1ZTn$)Lc>$Y=#8>
zumq>o1pj~phr$xbYJx{0!S`Va4yp+zL4uuO3HGQ7G9W=^Sc2_pf)0@2)35{^)daOo
zNrE+D2|iR4{09=e7M9@6OH}TQV!!o}<}YDsUSw%NA|XEqX(V)2x+Tz!{A2&o?+5CH
zzd*nqV81uhP+(&%%{i1p6`=&1$*zE(mvh;NfbU=I19^+?>;pNK4(tQ@o*T5nuUJL0
z1|KyETu7`LU?0dY?q?s!eeT4MMTCp3V!sOI&)BaF`2+SVNq&?3`oKi}bPl?Sx(H05
zp7DCZC&jY@mw6rF6Y}IaF7PYLN`7=FmXx_~(aFC&l`@F2Mkj!2Q?2_Hyt_W`AEMyd
zGJl242MLPOy5-n|Ird)|o`rW_s?$^pMf{n==V)PaR*dMWDij@?7aj6^ilu<a4)ZK0
z=>?Yl6>uW}={=A}Tv|m%cAFRd==t<X%+;6W(!Kx9o5=DfD)o7u#E#G^_bcXj6kkp&
zj$6YiHf(}-afZ`7RS>JTEbI0@mx+#wt1P1T4zql0WDmeNgc|<V=T;8k0gk~)kVN20
zn5NoHQWY1q<M@)VA<nbNmJ&r+2PR`E4#^m1Ub>yW<w51%Tr;(1(W_Qw+Y)-w)C)?e
zL@J3%{@5i3v`68lmLSJ}*dH+itco3kMc(#iZ+tWWV-|4t=(y-=2LM<=kOy$=b+(m!
zwxl;jA!4t!hw<CUx}1x{W+uRey*X)XLUGY3jyhD$tR71E=8`n{$*;|g5~|9VPkoW|
zq%Sq|C7noUdQ<n^Fl;Mtx)mJTj)LD`a<_7xBC=|7GJ)ITsQ6Wf_a?tV(vYfB!2-EC
zU-ARa>lTQ43SuT_sPfpIhQZ}8HfV4&XzF2}YYguD{|+16nQt^`aG&$&2e;G{X>fPP
z(or<=CBSYQMzJwp3WDxT?@+6!Cd%D3vpUyg=1bqf=ZpN*>dd4Vz66eFuLSM()I_^t
zO1HUg0OzhHLKOHPG4Z8?ql`mAMUTobLCXuM`?J_sHXwzncvl?|Ir?98EL4M=1bO1?
z+ObH`jzxlIETl*2SR}Bqc<9mI;hZxncM^W0<6z_`UW(Q76EDPuZKF;X8Z^`CH1#V>
zuQAhG)`ZRUqyG$>=>+3U^QGH?Qop`bGuz~H0b$RQF#kK6{m+DAqn743q~Swo>Xd6W
zJU+bP+g@wf{x3G{|KdnXbQ@hhsnr><+Sby&o=;ZkCb~+WXv~*XhEuu6&Npa!nAf=t
z#n<R%=l8>U`SYs{>Ses4msgfV>Sc|I_R_NsDkf9-6%cXUZzY?;=kVzz4VuF=n!44s
zdMCUW*1On-^{(d<eec>w?A^!V6q?YM{fydv@+_gqgk)T!&o3^%o<1ioxkjHyzZ=%)
z7XN5ap9e11_qprhNPT{f!z(u&@u9~$xc?0VEvNL5mQxxDd=CTf3I&cQfiDb1O7t|R
zr9@uNs8Vv^3gumSInhLT&K+0q$~zuQTo5X8zCPE}SCw1=j^rw)%4?l5*FB+JlSp6-
z44f4Td_Z5+gc_x&)lk%k8Y5%;*NaMmC6K^-(U{=dS|z~*NU$YL1!$w%+Ch+D%~fN9
zAJ|34>aPZ;<0F}q<^=hH&*`JDMgB)qs&15aU<f{w|6?tECV!Fq4J0Uz=zT1-6hfQ8
zuZ8f7Q$35fV+C5}+gX9f_7C9#1Jnd*EO_^RT2C4)u@C#(4azeI;sP;&D79Rx9K*7$
zBH6U~b|L@J;LMn-8VW)gj{1kT2-1QCvac-5h9)_^{hi*$X0YjS3ciI&PN|wYmw$U}
ze{Q%het_WE?rv0-WyYs#Z&N^WN&b3nAJOy;KpH!~6Zj$D3DPKwQ(9;Rh!N8cQK}3;
zjwsxyeE_+cu43PyQFo%cOK<oC*3M__W%4tlZsUyj$&|Zw`lz!eJk+J{<gG1X3$I-b
zJ2`DFyac*h3k=ml?$#7|=f@y2A<#?>?%S9eCnccL$GgZtjJKtLvJl}2W|G~9+NeRH
zs>0xgoj2%vSCN#~JjWH6m{q)J5a@dgih`=+fa^fLh6m+f*tq`cKw7Y3eegE(V(+vi
z8Prj0TL97~v{RaAu8cO(=X<^DdbVynjp!@Ki$4vC>~9W`OPt;X7F6hY5$41@7%->_
zFG@Oof}!k)Rb?t<Hu#^X5XhvzCtU?uXv=v*fs_>-vg=@8X<6MkvYQa?iD?;bx-w8L
z9mrqc)ri=Fa+4Ma)MBjzFT8j#=jw%5o}uOjDc)8_gJ({%bI$zxYH+#U|K!W}YW+_Z
z<c9m7)Zs&3c6vXC2YaXYbr7B9Igaq9-*8~eQtdLsS(I-9h4oLZpiD5N6(szC!}R|!
zM@-)y(tAIZfp<h@%VriZS^EI>WWE0Yy-3WoU7N|zLz+(ks00;#meRyj_w;R0J*74@
z3<O=XlpFbB;p^@zVpSae@l=|jrV>zn%Jbd^bl?}*H&1p)lYH4lDh=!+>%owIy(Ycr
zTVj?kn`nkC$gndk{mX{((_7KxEm`?m`<}<SF#8^-<HEJ<17VAexkR^EBV~)dK?W6O
z4i<mu?SR({TGMQLFz^8goI?Y5m{_0>0+*wqf(JEXy<QN{7*=dyb5I)p0AB$-pMn+$
z=Sn0wmeU+>gy-no9M=i8mtuU(SwLOzEi9DR<KCQ?>hvzm$aB=Xba+V{O_-bz=d+o?
zF%~ke2_WW>A%nU?s+z$HnU_FHNP-eNHz<FCn*Z@;um$V!96l8j=wO1v{GrnQvP8f&
z`e*FZWYVV@8Ie|IG@&(A{zB&8amppqc|Rk1vrniK|8u<)zXc}#t{OV=(aOZXFL<-y
zMYq7vgID8W=Vc{n70ZW^fCOzoE(y@GW$s}lK<9Wj-!KY<-$}FszcVb<OcCsVFmOyL
z@D37qAteI4bU3AccBwE(S(O<1!3zU91kcqc5Lkj(xd0M4!V;vi1aWdNNRS+sAc-Yt
zBsYfyZOEs=A2A`nzSuUgVC)Pe+@f_(d=s2PcXUX^(`Zmr2dDZbZj?eb^y@e+s*ptk
zO8uAWfm~o6u7`C%#5D)N8j}GJ73uk9Ip)Vi)MTrwI@tYvPTo`1nJlkz5QceMPzo<+
z{)$PE_aW;e3&r@TnIs=c0EFsj!6%pnX*gjRQpg`OJ#8sal~U!pBhk9{tdsTM|KB-p
zZ$IC#^Y*We>pO4t{lRmW^kSYF&dKB&Vg11%{<lPMY~@RaqmJnXp}Zy*06zeu#j}(2
zt-A><lFCmGRDD}S3w+K=K<x*Q71C8~x0rlYEWa8nl%62$9QtUD6{T<GVI2T<{IDo(
z4n*hJe-X=njm<Ot%AU6enb1E41$A@;UHR}K)o7N8h2xWBZ0xn0<CEZb3&gLp@|FyX
zpgj9Yf)yeNMck4gc*+u-jvDtS_y7VrEQEgsZ`n$LBts)ji8-VM%TSA0HI%&&4Gk43
zda6iC7u*}^Ip4_)o$Bb6W|#%iAt!WbhQ%-qgi(GZKcAED8$l7=3kb~uEoCdI3hiWC
z14glQk})~~GiWD$(a6Ec{clFUDRS+baA~NJAB(35?2C8NOT`fqKGneAPz>60RO66v
z+4q26lCnz@V3(BLf;jN7O~E`z&S*>-dtdB#ID$YcV`reYO_l}3_Euc`&*9o%1OUxb
z$SmuYziQ_@-qt9<ll`n&|5@t#2ZREO&v>xjBVZG(`#+r>sM_`Zi@tk<bk9it<HDTO
zF;?0vr@|eWj8?(UA)ErwYr)fu+>r*73qKj?bQ^f*FpJ(efMQkr2VIh9g7R+!zd_Ow
zI9M0MIFX6#iU@aJL9Wb7Afwfk447F5BA1m^nUz9_T_DO{wu~HLirTIb5gGBHT9oc0
zRM!_P2k!@hY%i-o3~l&PAis!m$<1c+0eFXcd~PRD1RXwi9tC(8?VBRwbMGTl*&nBM
zBeL7MsAh^@GqkS5&0^xEb6NcCctB3A2m|aM>6FO54BEr6hxZ~rcMwp9osPa0?)Ex-
zZYx07&TR|$+<eLVq+T6HHz~=zE`-tj!_8WZZnJy7Xd?S~6Jm5Tr{koN{xNu}&5nJW
zB)6Aoo4cD~z-}+y=1PF}U4-^Q<615eJn6eRR~NGSrT|+&q`xL^mv*`jlC%I=xvg}Y
zyP2k<z<c(x01snAI<lKWd)GvO_SWLhdoD%uk2fLHMP|a+Y~y|8Zag_=DY;7r50c4k
zT8op5uYlzCf;$r6TD!GHCkp_zM((<eU|-f?RC{#iEqFViCC0yT6E3tMH}(>KbOh&>
zbzK$W0xeX2jPm2I0s~$Luw>WRkHC^`KS^1#IAv45Lsw_u*2uhNlW0n-qR3x+nSsAz
z%IZg=s3(f|zS3TH!`8P|ly*=Nf*lxMr*uX>4hM#Ju~qa0qxeS=08zRk?mW)gBJA`F
z(L#;WacJHk!0-qPpFC?5pMn2@H<t^C0d|w5G3^w}{ZUTSA%XvF+Xe761N|0upM=(J
zMQLoD=$&Qe*P4qj);cNZ@f4eRNru7R{v1D>(*U1t3znbbH*9nIx|;=GOHuI6+{5u}
z;|al$i!TNj?L@N!@{7GHRaGLkw+j9oXb$d{q_5J0^k(MtK0;Q2+l)A%m*j7DB5^|W
z=e_8x3>CMEYVG8nb#w_jHydTiUY2eWd~?nSiQgea@Yf`ux1!5M+MB~s=x?UYCHUMH
zImd+lh{$=jHpfJ0czP}W^n+wXmII`1j<$#8!7>0X9_EWDym!kC>><gO9m`?67k%wd
zhmpjW8qeWc%^GRElQ3mgAm(NvS*S4_mLLsdtHXRMh^7q7zZjy&)oeuNUWC*Rwc?>q
zE<CNs41TShK|g35MfPWq6v8`><kUlpcTAmnFudcVZ$ghiCJbnQt4#{tv1<w}s-3bB
zECYy6`!0>gqChLQ|26@%F*p+QjK=#UILb(G%@zF$&XDY68sfzevhi0WL7FHn`iiuz
z4^|oYEDW1CAuv(pXMPVfv5H6x1U5mGGAy)n422klYe0I#P>A!rw#yV~IOMoC?VGES
z9M|Ih$!|EsaNnQ;F|6NT*TNURQXA%cM5;}_hW}d41rT9rdv<IPENz*8AcLh1@z<a*
zY{|FqEk=<4H`1-vI9#pdfUU~K)f#?&7osr^!-FU1vc?fCoR|l{f}uSf!G|Gm@F4%R
z*6G90Qm0D@5uC^=_9aR76X^fCCG}`%uG^y_zjt5hkFH7R(@abM$oU$`Gm*pp{4ih4
z19Zw{(b2Nf-3`#*=Mg5L5}AM`xC}gS1NB;X{zlM<Ka9T42tSqQ%OVHzKB>a}ek7NL
zr>M)qEx1n249k6Nkj}gnT_VaI@zC6&xGa?ae}m`Vmeb<7f4SqT4$u91@UKx>i{fAV
z&I31cSbnL-uE)QQ;E(vuFRs?@kC@><D}c{hLN&x<^ruLssslK}a5~QMC5V0wHgxE=
zGmx$LI|ENK5k%=9TuMb%BJi0b|C4+ORnfSiJr%UPCn-||ICH<`!E-;zD0k&SmOOYM
zP=SfiNd88}A76++Dk1z)Pc2>r@<*OQmJUE2c$GR3im)xv+=y2J1mbVM;?)H!_$Rx%
zSOMP4jP?r`Q^PLm%Z>83jfIL>_;u{hKLjckE~rl|9B38tj~D8X@ca0^AAT{&UJ1YF
z5vVA1Vz?;u=8G^dAEZ)|tIGlh_faMi4c5Rkc_5C`-cM7Qq&$uqbCSrEP^3i_qgO&k
z@29BAjR7CgfPHGft2AJp8t^O)Sgi&;T7wOvh$WwbDH})vx)}I3Xy!f~+sXpeH)B~;
zS!x=Ti}>3I<O5*ku4icV^G7aXg|zk<Y|g?A`c-`)6*bd<VQDP*7N*Lm_E(ja%2B>P
z38x&rae60{qhLlt-IHyNj8FD^=lj^<@cGUnJ9T)9VW#aDQjJ36smlepN_thoDxDL&
zi|5czn=Zfv%qt|_n+QXjr;h2-Y8;$Yn(ll0l|a9~pkHSC^%;Cg2aq88*N_h;@OBXz
zu^7{wlwTmhfum3pslffWz-!v`S$RJtWGB_>U4jDn1jGEJo}Z_34x4|CApW-MRGlFH
zCh&hLPcx(s3ErF2^yo$`ls?sv-mIqIe;zuUrrQxn)#wQjl8+WInZ~&~R%T5Dp?9H{
zfmsw<Wy_&7AK?tVSt;5iz4)~tC~vmz)cyDf8y9R@UYV5?1m0Ye>=s2>N@!lYwm|dx
zg%(a<kpE&}ZYVH^1fFdJfg?kK1-d0x0v5Efc!{f&mmC}jZx{ZV29foWQc6GXJ~)t5
z8le|yw^pU*X(Wx`44>qty#M*DLH+$v&|!B`_HIO*2C;XC4ur9HQ<oQjJ300ud4UP)
z3h_De9;jQR&xva+!|A<G$a5TV->uH^rE}Wlef%7*5Q{2;aeC9pmPb#fIrbBQ$zk*<
zD6b=V^zU%4QS1#)7QIWXwB%<Xm3J_FY?n*PM*!B3SQTT#j3}40fLtzFmCL2uAoWl3
zSV+BxG%EvN&2q`$Ft2_QF8J#9_a~5S8sEuye*2q}K%@V;3~P>kTkv2Q|C<Vqgi`WA
z`x)UjM}s*ZXbXFnnCaED-<7wn2IZ<*DR4Iwy?1b;;|?=l!t8Ra<cdLx4pLRlK%u?5
zx;!R>Ur{Mhhp@<A$d0+}iXc$lVvLnsOlvZ|^Zy@rUmn<0wKRUyjj$%jR@MeAP!^#T
z3TatPOA9xWVpY`oL@2Td$WkG}BFJJ|ZC;2E6@9ql3O>+>g2>*MrDahz6%iB=1#XD!
z2xZOh%*?qr_a-US?f3b8f3&&x%$#%2I%j6ioEa0WFV}dJIBdJC**~EyaDNRSVIsHK
zZjV@cJ;Ii9eR5{HyV)w&R_EbJRy^j*+>`0<8=q;&*ytIf%Sc&oFQh=F6%4_#*mY8@
ze%9)`pLJYhnrqN=CMN0m-b<S~0Ac`^B(fUlFRa%&?gvFbXvd^uzK$qynbKT+&1o><
zfB{N#4e04Ab#94a4@MBE6G37u^_mK{*lVV_?zcEM*GUT#s}-g0TYPU*yfr#6SM}(B
zK4d-W7>7Ly>H;)?V)J?Tna+Yc5^CV?qh~)o)0_j0F@eK$8qnZ)ZW{jr67t~N(KAtZ
z(bG>)qo9>uSz<q`i;G-Iirn!bD6MZx0fi1(Ygs+qLev!%FP3j0!D<7OT*;RZldjSX
zb?K72m0vQ)neL8?zhKds>`ho>$9BI@ScM)6Fs$i-pHdNSSZ;}6TPql&rMaV?aaPnY
z6r2a%rlPu`U>`o{4Tbygu72|E4-epO5wMJXJ}9GSyi_-)6&m8SW6}uxv%tS>i1q=s
zhnGC~XCjRU%yjr?MxS!<PXq}r2T*cHa$7eF4Z?nO5D0`fh&?{T9~tzY0(!Myquii3
z0cDNuZxYDjsmEcuhOkhn@P{C_y5%ePDjPL>4Q!vG$2}D6fY2`==j}_1{`<7A^__D2
z9{Mr3eOshT+V^2~L0DBCQ<JAZG(hl<*U1hpJjqW$!ozrnFnJn#UR6&iu)@oG;H}*)
z|291^sh`{f4;~8cf%0Qvd%*5so8LXRpc&zIz1oa$s~+3^+CNyk8z{vH-oWZebJu?c
zKL_3gVU<ejdzkRXwTY1L#c!fx3{{uc((}L>tn^e?I^iyms9@2Z&vJK-m)aznctW0u
ze`PLxWp-Z^<3^JkvAi~S$9Oy-yC5BX3WC(Ep|$Qdz%A9LsC_Jt+NH-`(!Pr#fwKK$
zmyzz)%IZy4W$FDd!qxUX_^<UOFMSY{5%{6zGeSR5^Clla^+UlgauY4;s1PP;bsua{
zOtz*$_stCbPE=JI^8L1O4e1vJ#dVFRPwGeDCl7sbx7@5}W`%yPc2zz%F6`&dM+$tR
z<VDaYk2t%*C!c+3p!~_DPltZ8MpZs}d26^&zM*_FN5?+2wx2R&Tc=iOP9*KVu)ze%
z7yRI~QlrgtThnwfW4!Is1n{PE(h3f4oLi%$gdh0&j~m&FF$iU%r}^s-z+8qy!voS3
zXXppf?A$e|vX*5QTwtZ2NHZ+oBRbDU!xilf-?L_VnlH=>6kJjeT5z2k7YwTt_fBUS
zTffIs`9)#wyM=FsjA42b?*->2FmVlLp`qX{L3Qox(K}2?KjtGTAe(9vnNOD!RpFj;
z&g7G)oFzOr`9Z<^U2_pn8Z@IDLdbQ@GQ^PDZXx=#H<&^{%5P224+f0Et+)B$7ym)d
zKMqKJ3PU?5`X-&@A-})UF{D58^0?F&2wC%;_YIKCZX0F_)x25RFjog`4mVeO>8R`7
zc~SJm@|n;n%_qEepZvw-Fbnb~bBM41@^D`~CQv`l3GPR@C??L@2#lH5%Be>!y7#Qp
z+<T@wFmVKHqk**|SR}zZX<+RMcC04Cx@lmy(-ylX7ko)Yn}!acU2G+gpH&}#6Bjlg
zrFXAg@l#(lZ3q$hdc8(v)zOqygT6C^U=1~}TL?C+X65bbN3dHpusDKsAXtJ12EJIe
za_II;fxTB+vWtnLYeLM~CtX(I%m$pHA(uthsc}XD&f*Z9+E-LK8Gv&o1m~q|DjXBw
zI75u%e^TRI-N|rvh2ZSv7WO7-KOk%gLAak^Gl-K`0Ybm4!3YDcs=o3v;Pj-c2)n9>
zQ6;RY9_Gfw0!$noNF1g8#Jd**pYS!(!k)b-H=qf8JO5&E{p$THBV5|S5Tbq!M%b+&
z>;;4k?A2G@*U`IFAg_lTWtPmR#}}Ba1NNul{8d~v^7Q3<zz&tA!|e^9-8a#f#|uDu
z+lXcJjq#08@M9n$5?mp%OulR-{p3EDp62W6gIGttOkZ{Q>FtZ~wUkkO9efQi4ifNL
z#rsmx!_fmDrwejnM*d+Wgl{6kDd~e<espAvELZhCJlLi*gXeGbv2x#*$?vd(*sF`q
z`~<=9QppCgrtu^nAA~D<z{7BK^b@XU(RC1)wDk3*D`<f;;FjBi&htX_-AXV4uJ0y&
z?V>;^fpE4Bf2O|s_?Myf4Nh`r=!Ve>(t>t43`(}CMrrrg&~1IxUO60wP;=7VF*j5`
zZ71E+2v!N-dL>>oO4H~|i%i`;|0dVE)8ccb%k7b%ewH}^eKMglG;k4hR!ZzhyYfsf
zH{`(?wh^x?tOG5(bXPh6$YC1TG$f*%J~<1R5;X5eK43aQE(Ymp5lfFoiIK~=Z{G&_
z?FXp7!6Y7Os}-2&)#Q|II4hH1wt|WDW?x>pqmna)8jvWZ+(wr-63Q|lxGOJAYIPg!
zVLOBOuyM#FaCdL0>RNEf9Ns<4;0S8DLH5h`##R{I+*ont<Bp+YM~@sm0t^MqET)Ny
z3#z{8$!~aktkoSu%u)`T{O5yC-hKxZSEo3JiW>mDsYe7qS<OZdE4Rc>vJaL0quECW
zJdgl-nWcr`y9e(s14{*#1OLDgwaNX?MZ#*tTiu@(xZuX`zuKWU=Ti4XPKFC>Y&?@r
zfGaU<x>m6g%XMC}v8T$2-4f)0rDf!44t`_NhTIeVi*0})JBC^XX)9}SS6gia3Jd}e
zX^Iynda$P%2%2drIKlcT^zs{=VL{|x?qEGZbQe)b8@%U%kD>QGScY7lVN}&Tvd`KG
zON8I82Xjl+NWHf?Fj5o8vymE+Zy#a#OeYU}!ROc2E@R{Y^Uf#V(#;}~9e7VrvjbQU
zXD@+ZA8KIlv$s&EH=21>xDYql<WC+z!r35)SfRWCD<r*sp4gx~seWx_gXTtrF)^PJ
zabpwn9el4&l<F|X+glQ{SAVA<oM7GL-5P>$E5DJKCw&13^+RstwYV;qum}(gaL)qb
zM|q#eDOWCK%%JOTJ=w2s29J7#)2aP2KfjV^{5q9SAzv=T@QvUWoQYDyc5K^h4r#4<
zTCSAdp62G03(^H%9xjaI2|{45_DYb+WIc}FUq**pc5i-_%9SX~+R2E=+Yw?bh8PrY
z*c_oaXn=^pHcxR87ko;Pz+IM3w37)AcYD{djOLwn?eGyJhdRdEhuB=B!0p`-aK|ar
z97{DK1dKHFFf8w<z8LFBw0T;0wGNQ!rh7c@M8w%gSs)T7PD{}}u+-@N92#9w+>+cv
zq{H$p&p<aJKvJ&N&%s-;+3YjYZou-~Yor^ouCk;pk{=`?T)kZA%STs!Y62ue>++?-
z$Ge4IaxM6Y7Q`w47+4Uc8Wq!8P%)K9m6G;kc&T12Ur*F(J!tw%Nksyc<+9~VW3qW=
z!6PbfLFViC3*-@%RVW|BXr`^ez3kp+L8eOX(d0g?Y(8pvrCxhLJVITZQ3*<YH~S#k
zI_2|V)b`t0ty8Gh$E&GpeG~@9Gl^l>qdEHh112HM^^46V>)Sx|l7ni<f$hhke_In0
zNpdjDeT0^gH!^fo2~Jtc$n_@tnu!Rn;hxV1#@Cjokaq*@S$V9?T%0(QhmKVyPK#(%
zY{Z*wo?&t&MVKaCSv{eW=!KG1!Hf|P;7L@4svf1|mC2*`d|sJ_I?giGDXvA87><?5
zXB+3Z5tAkjeRRYS*f`5ACi|4U5lVGFh>{rzHo+cW3k1&#RJwua?t-HN7GmCeO}KOA
zgS*Nlync!BFCRB6s>)uuYKQ1u;#G@{;7iVgdpkJ|T!|ho-83edNhQ*KA}0cHBWv?v
z#(jI<<9%^VT7fEY?)+xaVcN~|Lo`~Dny5*=%u}_IBLp7XRO_WJhNo(G$y!lD7;*iU
zC>}!=7gupT>hd$CL^=${=={C|1Vdd5>+iN2y74RelAlepkFmWX>%@d&ur8B+Isqr;
z<YU?9%F~yz%_!iiHu~r0#0p6C>fo=Z1Cvyz_>2vjte`BvdjP3*;W)B7V}j%f3=I&A
z>rw*}0}a@gNew8oBm`<dfY;u_KLU&ZRlW_cysF;h;4`{o3#uqN4vhBjdglh_GuAtg
z7pb1t5KuH*RqwmEq-y4RtlaVWB}%<pXDS^(e#q$IO4a|veNQjp-yv@IJqi@!S|(58
z5>B?d@miC2>gaEIt#<~dI@bCSFHJq=S*@$9YyH~hRAm`3u3=sV@oX>ykPlk<h(JO6
zCSFJkEP+i2Y05)aODhhl=l?;P{|TBI`J)a448j@{?1RATDmtomJBba;XKWam*0?Pp
zd>c8z7VNDV`icPhib~O8^W<R+$)#x3m_74N-4}jX5!Mahw#(||T9_O!c>7#IRxjxi
z?gLje?A%4#*%}Z`&}fCO66{h1!lE@W9chz(AXp6zEQVmE1T$!0H3{}U!Rl*ZU=|gq
zem$&y2f@o&MOCZnVsbmd``T4?vVwgFd3ea64}7g@EK*brdv}IAM2nTaSjX7A!y$U7
zqZ}b$S_BB+h9K-$5dH}WUxXm+<OrfP8W2iD5H=|YA|NaeL0F|Av;~AkAqX9=$p|rk
z&@4o$b!&y(%p+@o%?)u~5y25^OB(^<+(j}wdDM>AvXGPV#X`z`c4Bw40+4(u5x8$1
zQjQJE%IxsHYGt<gUbQmovKJ<y_*yY^Sovo*lQ!nT9;&_VdzP4VLg9D6WUml9cmtCP
z894$JUt6C46BL2C)42LQAUFj=j!FMk3PBfeMVpB$PLQT=MvmNW@D1awNRY-rH8{l?
zImhbUI0uRtzTfZ9N;&U1<xAn8OXr_MjsN?p{Bug{ZdE?g80sv;fZ|9O;{sf@G{!{y
z_zSP4YdY@iK2^sZ*{ABbz57U_$d}fYr$S_P-|g5VzGV8b&`%#;8h#~;f2AXR1$qMn
zkEhC0NvonG9$1tfE2ny!rJ?-EC_PXvixFAn*kO(YxreOI@;T5O8T+7rF0%fqtvDkw
zm8S-p>5QWaEP7QFui;*>)c}(j#z#D1#P~4JnFQw*ondaNe)B^cH1bIW>pa(2qU%?F
zufd&f%<@b(f+FW<k4bP1iZ`;Hc0I&${jeHdY5^R8Z)EVIjQAQ>&&#q*vlD0PNvUyj
z+8@oub!dOgSxNh&xN5|RA@-q<jAepab_;Peh}7eUk6>>(ffxXfbI~RdKW1S}ah?%M
zuh0>zXaTY5{+=ezZn^m352-RhRRc0}BKq;g9Pi<;95SGcwhT<)DFn0}GOq%z!Ht}u
zPLS(AZ-vauvigr^HD-LL*g{k5-Q1fxngU`knIv63N;C3$kPnmB<I(FX-O+tBg9#z+
z_F_0^OnsdKLV#ciQ6A8VvFm{7S})!EH67gKVpwRMN(OKdr&>llkHWq{Q)I8|v9fIN
z<>&HH<V_qgam1seCvmUplk6h`j8;?Dnk2uIO;y2Sm|Ko6*LWi~Q;j5hdX;Pb%2%qI
z7wG~51L~pZeFd*MXJHs?!@2eO3b*b$35@#Uo&<;bNO9i+qrRB;@F~ggEiB~MX-2TM
z;on0cCUFL+*_FGa!?EiS?9}S+trDo+QL~&CdV7B`@G11dC%;(IlHt5OQ=l<~sDRSu
z2Td66cy%Pd_eEedRsi@y24^y8E$=&#sMo5&L|=6I!P*B^la-B$%VBVGV4jV4j2kk3
z=s2!y3<yjwL##zG3Ssq>cK*oCOGuLmza{*4C;vtN<n4%0hhOL!t`NttrLJXM0lbVW
zb(e9~1ozfnUP@+DrKlI&%S$-~q?|{Fz+sEfkwHo%CZIt|41Z)$U}JQAX3XV-QzpI8
z#uPX~-n15WMma1B#1e!F15Y?>U}~{~vLkria_AkL2g2_h&fLC|O3W>kLJCRr#LQ;K
zOFm+50U}9X6APQG8U1@|(45HeuF(quOn#l=r4qyPf$=q5yDsc1C^Zx=L$jCY$!Vy7
z%j+{hDA;W?WR|Re^X-+$uo^NqV>pJS-BL^TP46tFtis9q&>`=&?50ERs6j)X4MYCJ
z!T-%e{#Lwd$ak;S4te(P8uHSRA^%aJA%DlK8uDLvhZ}N?*aBYEy;~T?D`!hoK>FPc
z84WO*v`CM^4Q)n3Ys#A8e|}240ceItPARv<P98CFv@%+w`8Fl8bzY0D^Qov(BO=L#
zy9GLmi;47-)Z3&z%f*O2ax@^aGmGAms*MH|E4LOZm8*mT+Blfh`?1~>q%6s|bjL}W
z(tUs+lf;#+h%T-IyJ0Es0G+WNzmTL74`9nHv$PSs`5IYBNp2M0Q~GxDl-~LmCLTCU
z0nKt8+<(Eu&Vj^E;m^BqpkDtp?0NSHHBLU@+<Q5k{$17eg@veN9vI)KxEhVz&Ly<@
zm0OyQ&9hHrLpR<rHlQ0D$M^900v+gxsC|b;P!-MrzSL0GevMorZ?ggIS9XZ@t6elH
z1!M-Hgb%S91CvN+Hl=bsQ5AQ5s6vC{D5}Cw|4n7X8asCAlT(xr?f`9)vn1B)t|Pjw
z;DObI$_VydM|IKDe5!eX;A=c{r3-u2Q+v1>CQtJR;Kz{hogAkHzP}=Zw%9>Uz=PHi
zkhasU6c5Kt@o*kt6|k}`(laX73h{9ChUJkEl&21c6+Qq_sqeVlSFp;9@%<=LW>l3!
zm>0|;KqUDkNKB3br|@)F6{qm)cH;M;t0jrQAQ{@f-5+`awR})K+wec9?YdSN9Ui!)
zDcEl)s1_kJSO)6$u^-DLKViJW>&9_jchcwy8m{qyDB^WZK-woRY$>RjT_QhYlS~1n
z@qD7sqy{gI<tG4~zj4hD%jsHOU&<Q4a8tIXT=AtJ$xJS*xXk3nX{uWsNehHb!+J|4
z3tHk?O{|_6Tbjo*!%IP)85~3#Gmgsz>7x`LGq`}${bg#l(H3vU8`JBh5nC$db{AK|
z?M6$<v=u-vq55m3H-Z$n|Ne=#0v!G0U#Ld^hc7DO5RY@>tX90*!PjQ`G1P!`j#O(v
zIz;ka-Vw_xVrA<Ek3!kEkrQadzCV*@EZ2_B{|(x)g}*^N7OI&8cNsH@pXT3|e#5s<
z|2ECsPDDq|+}?<)Yvw8<g3ZgmKLUHk<AFURFN^}NM6(4%VRAFU+l2ITuN=XF0!ONW
zf%=btda|bowp0Uyp3?3*8+qtpoGKBE*{<{Hb%+2#{(Z7so%@t!bdD9gnODL_EV=hQ
zR>Vjj`%d$*Zv?ect{P^E6TH(xtih&o*Q91?)*@Dcu^~|!99L9Z<HLY6Oj8{LmfcqH
zz7RgSJ(*dJ`5AhAMxe*1hiQ@hSH$g&xRrZ{{p`G|-?sjTRq5UH!PWlds;b%_0M5RU
zW8|r7oTmY2bO=t*3#xAo2AuX6NXw=hdd=^fiVll77kFwjDSC3HZ$3*E!0@R|p#*(C
z@%zDqs*FO3E@KGZhAfk}4vFj1r@0UhwM?NS?`&4lk(b!ZQl0l>B)DZs`@NsgllKt)
zT0YZRT|an->I8v*LX_@?PrM+f@G9DrD&8Ja#raEARm_p<LjFlCzZZNic}E6H!Y%LY
zGSp>xUneRoogG5;XPfr7%g9`eRa7zU+OUk2OUO+wUnVQ47PF^<{f=fzB^H&lO4R0+
zFiEp{HlS_Ngjx^;SkTtv$#T`!JFZ;SX}Ro$s}Ui08q_L=I!jhw`0B8C5bfisHK_gq
z<oYUPI-8GRDYRQ-@19$lsxZE`6dx1iKrz{-pv2xv8!uwh94P<mGQZ!N@`K})(!mMR
zlBF;LKGdQu8%zq?#e<bu03=nKRx_adl1|m63!#mkP1kh66J@F{7*nR|f``js-uUiA
z-zC0LI3!@}S4Qf@PD@h*r9aP0U-^tuI;KzI>2FgywB`cikZEi|Un3o3uQ+A^+o!<L
zdT-mOs&QZUDUExgwCqzH_m*-O2KU!{n|OaI)i_&&s?p>bwND<|f0hYVj5CZVyuy7f
z9$iOt9hIcPz~eNF=eFl%V!H#P>#SIMIa(~-J^caEd6aD*XGGn1qJO>3Gu5abzpRue
zPTTX?{|dV!E2X=k;9r!ew@(%QTfys^=)A0(u@{ToE|y-86rI;~4g&;L`A&Ydw_yJx
z><0Ef(vf0INwSY){FNRaEc^jt$pSZ9xZjcN>%q!B4Ug@8iR`fg9^-tiIlO_dDNEGD
zV+}B$+@ajy@4U(^Slb=6mii-YE^uIDl07v5j^lgZVbJyRYn9QGunI3POPdSQmHvnO
zcs6(UG{f@2Mm9dZ(#rZ8b*OO^;M$Ga5TqHoIX5$oB$=^BE3=T%W9&%LzC;1?0S7y`
zMCIa;-}iG~j(p-?bVAi6Uh9Oa+h?N%U$W?K0UoIE<aO~5vtTer8tSqU?9WyTc!r7b
zH4y0{X>F<JN;6xhvOhBATb)$xAxDWylTuVoLetS?G#$08nzO7cYtA!rb5?#A)SOtn
zgzQN!x*bK}Uv3A!a8SHnYh#+XgUi3ik_1hCRPAqntG4}pmxZ){`%T)v;->A-HY^{a
zXAN&()=#fPH9XY%0chhtkfvWpfr_<s$6joyK4{?7>%n<B!rn}F3fGub`Q4?8Q#e<5
zZ~_MrD&aNQ|6jJ%b>8ao6I}ERF~Xe?=%CS`rwUn~Ct|H0^u%^i%E5#QCP**=G3dt<
ztey!8Rtl(jO6tZEz^PMwVp>tZM5||p*@}@h!9$r;y&Adc7-@C&8<_@CHgnPpb^GOn
zxcVxGqB?v`dsR7ns72uAqEr_|EmptkAE)9;_uI45QQ%}r7e1n-=Vsl|KUg^b;^>$g
z;&iWP^q<kV%KVI<s}a`E_*K2y&-nWS>F%oLXPo>W{$c;(558Sx|Ke|cX0ED#@q4*{
z@g6fP@h{Hi&mODmS2T9JC}q^3Ah}&o1wfAJn3S3I7L3^@IH$2X{W?cWa2O_}6|o(G
z0@K>t_$FD)H<Gq;W2~<clc8*`lW^!$_c$w(upD=R^GwfFeU`f$dPxHJiG9#ZlFc)W
ziPLZeIuHF}E&>LnyiWqc(D9A5uzRauM-)7$o6Yr<kY1M2D^~EmiQ6U1zlifn{BC@-
zG<q44<>wcr;)d652J4X!|G4gcYSGaVAMi=h4)SYVCp1-j<o>ibj0SBxCbkYF#%o6X
zJ&+ITNJClQ`sQgM3n}VBzqeAk7hd&v+1!sBahC4JS$f6h?ku_|=rfZpSj)@N2TdHr
zw~~$F{f=a-zl=@J#H^I_h61>I$|h(so1hXyGRa6xR(uK@x=FGuWwdV{tACwvjk@&h
z4IA|$8Me=UlQrsD4dhL7UOW*XFNF6YSoUd%s}X)5A=rQX&FzX6|M8y;yypKS{^uWu
z{J(|%B>wjX^k-O$u=Hnav;T4W^WE!Jravt{sWSc9(1hsE>Zuy~1N$co$v?<{hTiIa
zhK3~nkkz%0h9p!|0j|wkGt?CU)Jl{ZZ1fbjCTt8px`)Jo_t`J*pMPLJ4813KK7{jE
zIqjN1;IHy+-CyFbl6`~mTUqYOq5dj+RLNhZ=;^4>@^sw}t|~=xRk;UDG{{vY=pn7-
z56rq&aaCE5{2PL+4fI#}j(|rmHup#gO_vW#rWxoO(0cKR)%CSCX(JD$y=4)&tNc0O
zt};H@U1j|3V(FnsF|rT1DF(IU2aH7k*C*heQUvdmGoI!2;9Pk3l%l6r0&7qiI;O-5
zPW#4t?;mwc8Fx22Uz0B8EBB-RKK{a6y;3!Q;bT4ubwl=d@)zD@gZclSzwlodnXBY4
zJnL+hAay@?1&NetiTURK!e3)0OEJY})DdmZB7focFCi9Zz-00lzC7#Z{=#qnh^-Ed
zzwkMwW{tma<453^_3!2{y#32n@fU9YPl!{{5P#t&$8Yx+-t);D`3oQL9xM4T^B11~
zUKoGj+hAw{{=((97?uM+Tf6mp<N}PbC<o9Bn90vsS2n(L`d{-0`}etl|EvDs{|bDU
zg2X9okmIjblb0Bzx66o^U`f`EF(kkvh}q!GD4W&keiXOaJ0rc>tPk#wg+;lcGI=k^
zzxJtHw4(iE?}qoUy=@&V1&x30dG9m6>~G^=d(4Z!&A;}47SP&$hy7OOU;CK_W)y7(
zObnKv<?E%m_|I~t%huxwqkX7C38Y%E-}hBff@jv6F$S$?csy;%N2Lw5fD-p+JwF9+
zN%aL{@Ekp&kIs9}@%yoixWat*8IXowklJClBjAv{Br&d-ydGoE(R!ToczTGue^GRI
z$11~qbUJ81dKdSjZ@~Xl@Rrn*Jzf?|kEe>OR9n(z+LA8YU`qnsN4sA|+>-pTLz(P#
zU{jKc*5DLkYjZytCo&2yqF5`f1@&=xMh8`2{bLRE6%&!;J1{DM^Q|UyRYykD*iHu2
zGNS`@79A$wmCa*P{8^ZjKfuP8z&17@or(5rNMXC%$iMym*5G|;bhG#@*I4qiW?~#%
zw5Z!l4GfYAJiSKv*gkjHFIVV9<CxU?47vQi?L(T}o8Du)TH*@qcd3Xc&YVEInba4U
zcUfKs7Nwi$ju72<>Otyy6<fdeA&UQ{&~s1<4nxYZsg9O%q`fs-@MWrL#=lpoX$FS0
ziHby@{5}&A40|k8Xu@flsEytWQW6?vy)drEig#%>mW)qVuRqkcTtt0K{dn}gEUI@G
z(Y0MVFe$tTXxLr+65ax0q&bO|B)Xquq%>X6=DxMvMr-NS2(ewcy}8YGNGz3l8472?
z)GS_!%h*@FtWSdAdxVLRu(5%(pzrUAT7dV5txSr@a*t%(*?D_S&dASLamAmdJBEmO
zSOcg0&N7o!=Us5D(l-GnjiGKN(0HSvZXY(I`<U1_xICz=aOseA#jjD3|L_hC?fc`>
zL;T4(e-YVk0xYx*LKLCzyJ}WBzQtCIZ?ScxVSH(De2d;l#7mLP48Xg9u}ND*ReTH9
z)mbgKf{W{r_!b$4Z%=0yUf>ZfMuPwQH3w|EuWYU_Z7sLiJRKim3~5w<ch8Qtlo^tv
z0S|9+S$gsFD;VAag72nz`uay^v^<^WDzm!06yaidAi_n(iYz6<1*?kVDXVTP1)hLg
zkxGP%fqsf`v4x>0`PCIxN4RLq#GUV;f-Sd+p85}orH7-e?ymJk=X6OO=;AwVpo`1&
zy>g>(0R+0R>b~|>%hLS<UuTOpOrVSK@sa*V<1>VnchjmY??QYA=q%kHmDIa4AoYG1
zR_bjLR6ffmXIK~_0LSHp6@WLtUIhWz)6>E>pC~bMsvb5?dlWkVOf)Rd0tuKkdPV`p
zUkNM!ZWcXJ?bHpl)fT9l)3$qUe^d<4_Ytu^J^Ig%&p^)b$&Ue#&k(D`XE4FOFUMyv
zg0+zW?a<Cj7`q#cC(+9S-UVc=TR{nIpgXL)PFelsOp*kR1(P>6LN{7dzA!ku>c~dO
z2!Y;({GS=Iv?Wz2PA_yPalFn-u@Ss@UnwJ*zWX)jm%8&e55LfLhPuGRQn_4T@Hd*W
z!%%=`ExaaXAz!-76F<XR`ZJ?5UEA2)<0VDlI4*4)2Xjga4GIuR2Ut~%w~*ogeeo7*
z`MI+g@b5tJ78<{CgLn&?^M&hdZ5aD|dJbnIUmVPCo9>vQXb~=>b5`fi72=8tnV)OP
z<jtjKFll4+zlT+~(dHV)HiBVH(0q&$+#eZzh-CdC?m8~&w!%9j94<YaF<PBh>l$7t
zwWS=g7+%<9F?|VpWMi-%s80t7Fa$rdH3%j78d<sObsgw)q-CF6@%Jf<YU{T;k1)i?
zVlk3{n#Goy9=;NYr$_!(zp{BI>bWa?`PO+FV-X?@#&otJ_QhlKy6J3Tq|?H1-@~?{
z`++YuVH87G-vlLiVag6iYpc6AZIEkT3ps31`)Rh9gwf0oDY>C${$0|)pM54(@cml@
z`G9oxd!GroVOEBZ=)BbIHQ4c|8?mDmUL)uX2Uw4Kob_-Fk;G4k?TAE%1L)aQBk>!3
zV#Bc;#wAz$HqT>vWI3j?l|I#E^-MNN^Is)y1H|Qk-(ksp2-!$0#L8iP7AqCKN=(I)
z=jnh)9FZ=Qt~Yp6@(9jv{L%Ow7nS%OB9Q*ck}7_OX-sADJ5c;V|9UQ9NYp_*wp-c4
zwI-E;H{{qG1o5CKHc9&-n#O`9S!jo9l*4yi!0;VOn(!SEw`(ZsM{Mp<k~)6J5k|zU
zEzh$d8P2%&C{*+_7ENbMnIJjhvsk{dD0tZ+R>N`W!;i0E438xCRkoTid<T!`<yaCf
ze8&MRoJ4~UeK*!o6TZVlE|BAq_1-9l?>H0`zGI};9_4>;{Ek}Vet-OqofR0rgKaR$
zZ@e%X&42aM{<#>z!_4(B_o6T~SW?CBc;(R>#P9I-xZ?K*`OD}2%+HDLq%5}y{Q><O
zR^Bwwe?`SxU4Co3a%-u-l4W0k%l;AR?vGG?2+RHgoDZ=-SoZ5^*>{c4!UEe}gmsVM
ztzs9;>;5|6(z=JqvEb!Yv^X#Yt^DV|4_f)py-X{AxrdhdfT7CDf0rlq7^*pc3eu0g
zH0K8Tu{`rN|KCU7fBUSe>HD92>F=%YZ@=jOpuRtPZq@Yt5AVwoq<;HJ-=8?I3i|#<
zFPa6Z;R4e4A4n#B|HyeX?*|Vi4M|z@&Gr51F9qxS=YOcx_nTh&JL>yWr&mSaU+}`s
z_5Fzt|8{-9?U5Vl`v=edEA{=GXNS@Eqo3Mv@j-+1<p-~1X|!HbXNT99zqTMmUq0%&
zzmvW^b=q&!mp?g&*2cs+mFvszpF<kD77yLP-fY${U}KQM*sejMYa1h7BHns*!POVy
z8*QFEBV36AgKXRz3+U1~ccP4RC`Hsy>MDBr_{Ej2N%3J7FM5gnyF=V{S!4`~Zl9q5
zyxTI-d8_C=bBDK%j_z3I8R~-PqH^*QNFw%rLtzI1v-Oy5^}MOFMB(0#UClr*p)o^g
ziS{PY@~cK#yt#OfQgqG)G?VWZ1>s5^83D~WYBh!Fwg$f+VKKb8X<`@3>6u49aqQ$b
zEDyT#t@F6hK!33@hF42U-A@;`m^|1|pH?)%m{wLzM^5kJ_LFHfR{NbM(B=wp)<)=d
z)tIfcV4s$dK0y)-ccXVpw&R>uGDlaFI}C;)sLyO3u%luBEQ}Oc#K-pMVYPj2*?J3g
z;ROC68D1V^VCOJmcir!2qVFKVQ7eu8N;*TqSAf6@C_ygI9zROD=t;$t&1gd@6=lG^
zsIjCwW&dj5;TkP4?gCIwgN<alhnrhg6yZfRYD5-rMHi&@H3XrEtwiwrR!}66alY$y
zehK&p+aKUk5IQa>JsN}czta`fCCH<K@lH=h7kzqJMwbM?VYw~doL*$>l0fk|s8-Qa
zilA1TZMt(%h=mcUM967@iiwO!SzW(ir@`lzaD|0M)m2%p>xROUF!h(Cb1V$)c9J#M
z@+>yDjHQNgB)Ln#TYA+5L%}vSj?k+K?Adi4l}sQVi~^zX-AI~1dC(`5&-(q~ru0Gd
zD~4XOnc%|J&rv$9t2vg&046pKbVdpq!ZvemFbKsbvO&|C05K8NVvHCM)FlLa7jQg4
zu?B(MfwN@k*4bvkyPdr1oLm9|_niT<Wo3!qVdDLP#QRv{MobLy=lEYttlXdDV(x5F
zFZF&RRq(zM;*D{wg3ufgJ`O?Xc}+&RI+-Ed7UBsf&MzbE2LvO&COf0i0NWc)o+^zi
zlUbLo8W#n(1>Ocvl?|d|IA|S!r0pe1e3cJe1y9LoR6;!&jeK3^K?zH!gczlSBq(9F
zTmlZfH10EaZO~)L-2yFgwjGUTD85$|!?NRh{C@9?2;1O&iQ{bQNOoRpJ1YKoj8b+(
zLGX=*<PSLbO*L4@3i4(7L;w^rfUmbtK;Jf}q&??kpOu3c*X>JC@_<dguQ5FjT`4#I
z0run*I8vS@?opAoZ4Jl{Zs|Z`)tYv^<`1%m11{Y21VpF}8^-I5v&vz-?)x~5ddPx_
zodSusX*Stc)DgSBv}43BUx5bY4bl@Wv8QT`>#{ps^Q-hldq7|GOA+defRU=2x@fS}
z_^lhMi@IgGN9xtuqQh^5(-y@_6Y<M^gJs5tw+G3L|0p8<;OQA8AU3&Ikr^lOq-ysn
z_Fh#vKVNu)@k^TX^S*C}oS!=x5}lu?G*Zsb2Q&(tpWpIzCFkef`Zqa0-}@Eux7qik
z|2g{gCp7x??0|mVR*8Pyg8KFPA^P>BwxsJK>{5zu{i<BFZxa;JH%oW%oMFucQ3sl9
z)TgsGF#U|!atG?u%Zuu#s0+9(tq$nYH^Nsjh@$GNQkLtOwe(m_e|Oj3L8|nb_up8R
zzK4mlzyOP-r)r5wpx_6+ky)iTIs@U-tcog~wcn;I4~K{Pr3>~Sz0E@P=ie1pS${6N
zryFgaM?rTUb7S54*RTC`y7PsF;dSTvuijL5esJp*O~5|YdSYAkSEy!;5M42<D+D%I
zE78+e4;uEezQDZPnNTz!f#$F$dgBZthO8DB81n+54;f#{7?)v*j9i-2iu##3*<3Z9
zFzX;@ILcW|md|lDIeRtwaLkQdx9=k3{Qpc~JHjTUe{E=25!(dp6Hq5phxM*T{EOM3
zhW|D8Qa9I6&%F2llYY9|t5wub=iW#^jXT7ln477mYs@3{^b4<qs;57xvU)m4tDbHx
z+*m!`>Hms;dhGqbUq3wuoyh#c1eoMr(`5a0kLjqN7Ax0JU&_9betN%FKP|fN@Xni=
zs<}@IIti}GlC2dRBL8v_-AMR%rWuTV$u5O+D;WB)4`SA4XsqpA#|FE7<Nm~%&1w~5
z-~T_MAFc87|3Urek?B>_kM`P>B}i?{NIz<HRzW}NW+h7(o+th2Iuq$f`#Ooo>usf>
z{lFyaN0s}{pc-`@1NQAfwCPhTMxULFicu@T%i#uEH@vb9no*meXhw$$Tr=wOOGm1s
zR*v5fhEH~(s(`WE=ISH@ED@<Tv8Ef@v!x1Zdp5N`P@ED*AJ`#AqYsqZm#eZi8wgq}
z8~A7oGB=x$6@Eit`&>4(>L4ndN(=?h!Gm+Xo(D%XGSNN}bw6f)^^6U7ELi238N|W`
zI@YzlBS<@tSk%V^TMH;d-g$!dWj%bx$aZG#GpSDk769m$qCSabeat${%CZaz&f<$=
zV1cx#xq&_}Zb2LJ=lHt;7WeCuWG9}7cN3S~zMop>_vhK4l?Z>t{w!OzKg%?%Ihm#V
z#^(AmtL2wAmrpGHDaPvV*(}KXtp4*iHb473V172`g({h!-N(((?tJ0K=4Wh!_Oc3M
z?T(A3hhu)H`I%MsJ$#)p<YCOuH2bR@Y(3?oeF&rThUI-tjN00}u&s13#6@;LDlwkV
zg!=%SElCcVE!C7WJt93*^}d>1q#6n2$}^d<iBl7#l~1BJt}mOUi8Q73GE-O#L_sn?
z1tEZHe*)#YU<%uR1^z~4kI8mOEMGrgcnX(xa}N=s<YxT78Lh?~vZk0h!=!U0fG-6T
z5=_2%Jt;G^>g~(-Xb4{8aCo5YG{Jh*!2+`YibW)?>_En?f?Feb8O7SEV=T%tN{0oV
zz_=hoJ6pWPV610o2kNuBHF39eVW`vo=(j2Xw^LRL17F;VJ0R?_99bvOvni21JiTS;
z$wBD8c))5HgcVvSlh6AQwLIR07WHBNyRV5_fdceXYCD~x#(Ssdn}hWEaLsRnR^LLl
zxEB}~fwP89C5O$*xNe9PEsOEsB7k<i7(?Aixi{E9CMWV9VgK%pg~~sQ`-sxO9M;nx
zPlTy*OqqZ>d4ItIS;4IQG-UeGj+X8}_cvN0@H5*{*n2E|hP}htQS8jAY~JWeW*p2X
z<-1Sfq--`xo|FgADwFcyM9riu`X^1w`He|m6Ko&-qxPie$BDuA(NB0n?4t(?VeF$1
zawl^aCx^F>M*UY~#jVZG$#e=cFD>9N<7W1zJtNfiricF$d(#ys{h{|O8M6@|KciDv
z`_f%DPfw#^c`YMQL){*ms{$-9zedjoXetUG(Lfnw^feEO_kPLh+5z_|&kNj~RHL)_
zA~TH6!u5@qv<dmxlhR`oli>P+W#*9?T#=Dp)G@*8xsQneTTzFy-cr=DE@LBOY>|)Y
zc@Wi12b@@p(=#HdPb<qz@B;x%NGr-rfDjX)k75&}D32doJeA1s5+$R92qlxUGtHp&
zVK4o3R)2ZV>xO@IVg1MC`*UfA3DrXEQ+HZDwHh((s7BO7*yL$nd3D@0RbPo|YOVNi
zmZ^=oW$G!Z(*Za%I3+EA4BVnC2CEN{h$G!`2a%8k4S^b?KJRzfuYUN8-yhz7HP+^y
zU}OTRq2O2C{5vCGZ*$MkGkz$MG4K4=HgHOHeD#4Ip}wr#l9h7AQ1CX(ls<D>Yq*jR
z0yJIOcCd;2#9rvy3J}vgwa<*hVMr_MSHY%bzn${c?q#C0*YJ6uvPcc6EK*qFUGr|J
z$CytZ?hg-UeKuEnEHIcK3mBx04C=iLhX+FIxOJl28hp}foD^bd0==Em;99_5@(<bD
z{ZHNhDXRSb4|uE&y8lxYa{uRBQ1#yA{?EGq-S>YU|Bd&5K8O21D+2d_*7Ey54u1b9
z5AOdI@cTbJab^#G|L2xJbpPkqecJu4?%0s~KhK2T|Ji{y5JC5U*6{m3c{jfQGlAd#
zNmbwfiPcDCJY-d{ME1iSl}coKkjTFLf(%Z2guMcU3o264jkGHViJ6XB9+N&Tq+=FV
zV_$zfYUu$yF+XVudk^S|0)7u@D&s1qDz||26BN5#(-K_~m^1HHt5PNJG8$-i51K8<
z##4v<H$`i15p1u-*<`N2WEno*kclpW<o(c&>@SS^vfknCazK~)m>$DTYSfrJtfi-z
z6ju&?Z>m&{nY0@;iDDtCFJoo(<waCqrl{1Hve-5qH8FfZ&q>$U!{v+#wPUb^1Gu#@
z+MvFl!sNT7S-Pv-{??W<c9Y=f07}ittf);G3)%=9e-|gIHCGn|iedwwtrGSepN3O!
zertu`(I9WRu?eW&G;{T40+er(j^@Gau7Y}V&W*>X&icy6r+%-$ZhRIxfA9DVE~W7q
z>HNdv^WrQTpQg^gV0`*c_;bc*d`V^FWAE|TjgS86-#b3*ifMexX8qyuIX8pGXX>oK
zV0=Cp_vehy_H~tw&(|q`-S~`}`FqEw#X1_FHZ%Y5_}n|4#%KSGzhHb~#{N0u(`jvG
z<I~mr*NxBS>A!b;rmvy#d1m?_9-pPtXncB1{|m-v<d{Eae4blf+4#)u_ScP1!c)I@
zd=9Ll@i{u}506j1sWd*XP5TSRr)<=pGd?F*RyIE8yZ&|KQ#AGWj!*BEG(LT&{^9YN
zG=;|J%9DS=__TTS&l#TqD=HhGfnEN(@sXzd-tl?!a~huyru^aY`RWN8pNFRW1>^I~
zh^mec+5eqm(&)@$2=gL1>e1o6ls--;xJsAk3br`n(`K&Q1VAQ+f~AH#QFKq2q$Tf~
zWQ+)vuUd_MQDe`Jj@?|}lGjgbc^T+pz!<{j>ORtNs^pwuMn66Li-ms)@Xsuk_Y+CK
z@I<!gEYA^nJPA16%li<tMNW)D<ihB~OW~Op<<w&+9cL_$G6YFG`R^hA3o(z%odU-Y
zJ*!P<_<mh#@FD02md?=yiknBpEmV-5OL+K<B2@P+r5JwBovNT3>=oniC{eDRvHW#D
zy<#v6R`-1P0(dWg-_87YFaMSJZw3F=N6>F9|4rb(5Htg)bS@m-<WVi{5F_c7v@DY1
zHIupi8g9*f5~iIfU5o^W+Osjflh|Q40o}vNNPiStj<$A(#gtu!!sE5UIr<?yO2rV=
zpqb7w6nLT`Eb;|IoKOrQa-}lVpls^z?s^`hp3UWb#O8j6>r9rb!p7#VDD9{jAz(;h
zn|moV*4ASwgr>DOvAQ~0J$>1d!#=RNe)U2;UOG>qp0&Bzx6j$y{iHHOOW9y3_-AdH
zVn0|*uSG%>85@{{?G*0x)K3ssaz&g$OxY?L`t1U>wjq6&ShyQ)i|n_Eo}Lh9L6E9B
z0v4hDT^&!^T-UNv&Vx@(6J0+Nof|4xBCf0}u@lFLrM^hfzX4o?ueeHIxkGGOYV~y7
zVf93P0c7XYZqzq`emd%F_;35#$bM!-eGC6>-{MPsfXo>9HLUL_*5i(yV#+pq8@2xj
z2sWMtK^E}MS)v!6oAkDn(~cuqg+JTTB%$JAIGV}SgQrZEu$pEhb|prxVO3&u(s@Wn
zH!X7DDhHz`Pho^>oTqMx!Txr`2*K(v;}gLK6JfKh-665GBGQ^tW_Y^pb&7>DkFUQ3
zzEa?@uN;oyVVF{WG!*<R5@v^AEZ>Aw-opmmJ5QkTl+Sq^F+#SJpY!f3+>dTXHrRAK
zZ7ny0B}D1br~xTa-Ru@mAOFafdtDnG2g#m-WvLx&#{=fl!V*K_VgY<4?1S@Ot8;_V
z_g1j~4CoUu-p_DNi_wGkQdOhM4bBCK!w9J%HtsHW)K%733F5lICUjIx+G*33;KO>f
z=7*_lR`#LGbXvc@(k&=6X}`A`o>k1m4uarDd$3m0%ndsEf<P%)KJ|Ckzbd-w*D24a
zqZa~8l8uBnm6gEymQTq}Y~d%JP^|=KNfg@J`V!I@y-ssgV|zvvn+d0Ncq1y%W-(=x
z!FdWNMghNMVTZQ25Zyf`vAhKJg1QRp3b_ZY7Z0%>fFyWWZv$tnXh30g?Xsf1!f9)%
zR4XfKGukV#i9ddQ@E&Y!S%PC8ql`J*ZntI@Zm}o9_PHxdx8B-vJ@^vopVG6Qy=NvI
z>u0vyn(5l*I1n_RIQ|pa__HFmup%6Ft-76Hy#_m^@1;3ey02_*Y`3k)Y9OG7LNDC(
zaK8&wHLKk*TaRh+v4(=DtHVj&b!+MM2&?nD4%GcfH<~3XbR&+fMMgKi1O2EW{X4vt
zHVcPv5S(`Rd;@96wmeeDvyL%B=l5}Cd?sWS`lr{yqpzc2Jn`0qD}H6Q-uVx+z*vRO
zIA~xXVRL<m(H>p1pxRbX#vAN;8+*k7rOF(@vG;ajjmb<pq5jg0mwoTtY+a@~pRx#s
z=YG(^#PKDl{EN7HgX2@Soxv^xx95gsT40uVK0!}ABSsbDwSu1~Ac+(o+mwU$zHGNV
z3S=WkdU9wr46BySh&q(Ph`JFsrc=8eZ{z76Q~*^#s=sdL4QTjobRGVK$Y{98Xt+o;
zTntCU#UL8qP@&;{u!5W5vp~mBWVxoDV68jF2s!vQHqsqxAmmvvE=0&5uY{1>JUzd}
z-qD?s>AB4B1=I74Zv-Uh--IXVJAk0aYv{SvWl)iG2n7M;{HQWP+U1x93=l!&e35`r
zs#fcH#Hm=(6NStf>}M_~^fgV5J0SLu^QjCr&PQmRO(W+7#@D2bZw8KUDUEMlu^GBA
zYCMfE>-*9}F{&Y^tsG`xj`Y@goifxW8tMdjs9#owdj1WD`dsv%Fw{BYZZ_2OLx*~D
zm4{mE-|4R(@09zs;~h)mZ3;i$3CehPM!GgNJIy%*#{3MDCO_=yuws*TOFO%p1ZPF0
zp#ZK|TiwsX8l1V}T`0>?upTQ%{Hgmz{8+p7h5|JBFTETIQBh!{a_$jaXPiG)WAFM&
zQAxXfQ$**{ilp6v_VwK9dVp;S({}1JJn6a&S3i6)vX=<?C6>KJ$}cAN5+%PRu$O50
zC6T?v$S-F0QVn06>-A#FS;tEv+b|5GyX#KZ{fVM~z3AWKIK$?96l?o8VdlG8neS0*
zdX`@d?4(rxu}bKfh@5KSFpvjmrkiP|TjZJkI-lu`i?3{&$434M)BN!<H=E|KgiiAb
zRh{Otf9t<~em{7xc77+){5FT5-<Du{W@h7C1Eqpf5Yd6|{sW)lg%ATG6XqFfkrKjM
zv_aMaOaWV-9gq^g)80?bRvcFI6Prh?_=!4j!-h%Rz*G3%o`Y5|dn8AHaDi^Hx#CN$
zjGsco{bBvg)|5?8JubTY<)pj2E|i4(TY?e4=&osqZ4BcY!bcvG`A86|CmF%q2o3mm
zz!e}{QhAzdXWGm|GctjbObf$GmXLoe=d^gUU~kTY!`k94L532??gpn$B=pgV=r@=G
zx2*BC3|?n#1nF6GZl3(n=`6TUxr6;+jH{K23}uxArep3Xyia*V2CajumQv4W=~7~X
zw0<T$_455YOOU>q2e`cs!t)k-{tBMg(sMaHe?rfz;rV^`>;=!lc#2EaG!z0w^PUM#
z-4Chz1F534caY!jZAIbDylo*W7{S<d^FkCLpWUbTHSu-y_4bWX0=RuOSVzKvZ={k|
z{IHyMkCHZ3N$afy{^~BLsXMu+cPxBb?~CzO_eJ=k!8J`y3=-m(?#~9x6&N)`;YM6F
zN<KqjvQAKsP5W#bs(dLItH>jP)w>U*uQkX>No5FGjcg<N|GtYx9BEs^5XuJ|x74&Z
zX^KSYd7g~?oIM>vqfa%7o~dT3e25Oi;S>Xg6M`Q!3GeIRxx46K{r)EDLZ!2B^j(_S
zXDEQnztp4Z)asDhGdT4eTlBs*WNzhKM%_JXdXf-~w~gUR{sDnmZ75vNlDzP*Qhk&e
z+3YXV;Ogi(E9{j|WZOKC=75NrgY5cYsYf*30~dJ=T6YiFWyi*kLc6Q=0>%DK$Z*-?
z<6$F61m%bsMCu%%%DE6fBWXXsU#4<UVe}bMpTS5o`ltB8E~d@w*+R%a5eT7jtSbH~
zUQHqY6h@VQiVWJf@`6U<U>1eXFhk7}GguwtL7qskvUa1N)eJCl{84JlrjtfJ#~Q;O
z8>m%FwJ-jXg&L-uRd#_aFW0_!4aw0cPL9G>BZpNZjjJ2&tr!i7KLO>`9&iGQ%^>!(
zE|C{_b+AsT^!w4f2J-LgIC`(De1EUajF*L~6@wjf(go>QHwwZ#vfL6o>=7k?Z4pin
z#^`Ep2M%YO76e>G9^tykri6Kw4kHi4`hrm7P`jD5GIfq-5Y84^W>50`vMh=;3v1@~
zJ5m9=gxWGNKBhRDYV#nkO_`<Ha8{v59YZH7Rl+E-9v*q!H5-4?X#&4P3wOu7{ZqMH
z30Hv}$M-aDsH~0^^o}Y|_L~U5tj~Y-$s>t@a6jVR`P^6vgbSaMe!Pz^rRPZB-bXGq
z^cu$s&kD*0u1W=hJCiLR0i4u;<BlrEc!jm84!EQQ7sY_?mL`IC=yi2`(r8R>E_i>q
zjy@8$P6%@q{WDDL7)b1(wLk2|?GKGo1{(x#Cx5Wtg4;Plj&v&^-0G*$p=G~Zl`niO
zN~2I>^_DTh^%(dFKt(XzmFE5U%0Rgv|HYmxpXq$HdEN;uF9f)p7H^S;rP0L^z4Rb^
zf*Y|0-%#bsbtZ@ANc~wE;6q>oy>?WxwPH`c&R|E_o_qt`Y+00A%>sqSJZ4GdQ8Cw=
z$>PjWKV9}OAW92)Vs0QYN7~Sx68p2n%IIwZ?#W-vr$CeS)Ks$-JS=6zkJ97Bh;CYU
z04gr>xL**)SX;SwGe#;w@64wAVq9Ms{@mue0F-*x$8qTT2GVO#N&Acg6b-!+8hs8f
zg|Xl=B%mb8h1<wBHxr9QiBY8GM)DGoxDNasWigt#VHcGS8LCt1&+^je^U@P#wZ9Gb
z0T0)xxuCyc<Kp$)@)?!1Bv8-VkyO$OUQz<Ql<<-gpd|T_Bio91E6ORQ4rTvpQI;St
zc9>=mwOcye4+gOy{t(Y8s#<9C^g3jq7Mj-8!|z;%MjqHnRf9Z~ye3}abuz&hPV+jM
zw1q9;g~hIG8Yt{}UKo&^ro1pg)<HvIdL0!OYvZv_HH9XRH^`nkT43(8P-stHD4<jF
zGK}}F5Ihqv6z`wZMy~>}JJwlOozt`?eQ61gf|nmeV0)HfgKZunj}S{1Iu{(i+zOca
zjPuch(-(+6ILc5rs+6snQV<HHr}|<{K`?}WK_nkBtz}0@fm~oZtI8zuOddLpk#cy>
zj*zlYl@r3%qoN!<y{ZbR7AOEFk<>_CKuJ&mOTrXTmWc&`Me+WAl(!A!-K)x*7E<py
za;^)~`~6gnJ*~|ZqsjD;oav~Pr~VY4&IK~TJrq^0)^e`vQmXn>CT*^2noOrNQc;hM
zNa{T(hby@C!GMQ209&924Ca8n!GNJ0P!bFn&H)R90grOPoM6BhK5g?gsd>s|R;Nx@
z){Q!KnoeGt>eQ!oG7(Xy7U^UnrA~cLClf|>>Rg^`(WJf#sk1gF=z@c<4;h64%U{;1
z1C~ReY6j~=u-7!Oe-o@N!RBjVuM?~$!QR)v-X_?oM-lcP4eSGgeMPYUYG8{9_Bp|p
zX<$nT_8P%fYG9ucYzD#BX<(}eHjH2!G_YcV^&{A34QwO9IuPtj4Qva+3<TS)fo&()
zxseF_Rs;KrVBZq#dkqXu{j@yH*{ehVYfD3JV?4}HAtBO_D+s*-VSfn1VFjT%Abb^q
zuunm_+L0k_3qjbeAnXT(4Iv0y6@*oQusQ@`y@K!xAS?|*_*_BA2ZV(o2#Xbj2LR!X
z5QMj{%G_W#KzJbp;bo2xD>VRwXG0L&9Kj@=@4yhIg&@r22no_xfbe(-f`cO@N}mG4
z$Pk1v9KkF-4+sxkMavK0gX~|@ejZ$%J;4?Wo11rqoZ?*@=BZqH+NC`0p(ofb58S2-
zOx`k$UZ7a1K7WCYRI0{bklnp(p%>h#PVg7p_YUzFVA!OuEW{O$lD1f6=T}1*kG+(K
zYrnUf9Ae(uEfr54L?BTjGDV~pNbE*}PqxBxB}&bBS`IRK$Sz8HOdCtD7U@!QD&CM9
zWlcG0m|Ie?-_f+7#L<YymvU~B;HFns3mmxq>No`&%txz-i^n(X7i5*tm_~H>W0Foj
zT!s`6W(m@WHmL#=aUdqOoc<7`XJNXb@M0u+aBK&)XRL58lx=lS&&Ip((g!t6+M8qG
zUycM~yv}Pz@s5e|*`S)p$x8Xfeh)Os<ckeDFJ&^U9>86|3#!cx4tp@h?Z%IE$nYE_
zcPFKXqO9&lqI)81d{-TKsMGs4GEVc016jySj$+Sc{5dZ($<HO^Ebw&bYpnTRx!&sZ
z8w~}AnBX?RZSOe>B%S+S$OHos$Zi4g9>>z8c71vQB<lgS!Bt17$0V2s&@&ck&?h>K
zN%QaGD3qS*)^WqO7&e$m&*O)V8(~X1WGL)`G;&ic=xAa=vu}Z;Zc*_)RYz*sCl#$x
z@@<5Y0ft&*iL0DR;_`eFqZi{YUq&oE{KBjkPzkXzlh{n;8<}9e;0JKH`*0#C1Q5&K
zS;hyZU?*n^Y$?YKh1Ueq1fmpxYP?Q8%^Icx(OkgLEtgG*rU8@7%{Dx>GrN)NLxTDh
z_JU<}j8@nRczZ%&C!o-Rfh0B0&BZMQ+7;MBz@|d>Us#?gKu4ElHWR!bQJ!4L;}{YU
zst2>g{!~zrrXZLS4Az-o9u3SzuzCc0K?4K#4_c~s^}0;EUt=rCdm_XGVZk+-c0UOS
zjt~!or<4*N1cXB&C48?Sm;vF-5QMuGghqgnew{S&iCo4u!Add*$=DC4l7=#y#&<v}
z>fM2E1UU|tar*o6LBTNM`>TFmdl2Ruafv%$x;sOrliib2x#WIZ5?w^)@_wS=xJ53?
z(HSWC;;3|?(%KcLsA{)MT9QKd;PRuw-jAO3%P0sE<N6ger{Mb()?Qq(9@nAt;;p2`
z5?AF-m}nm|e8fo6l^v@nvMhSit>w#(oB7gAD2BV3QX%M!J+I@mwz<qU^6;9cFS8g`
z)^yS9jthb;(zDkg{B>Snwdz2sBMppp)iMfPcd4R|J0`u`Ayrw)@MWastU)b`YfyvM
zx6(AoF@88SXk@v?#F{2IYi2c)K1YFaj<y4~&rq8_8DK^k^E7XhsyQToME{r9AEjhZ
zbT)qlv89YeUL6RhDDS%Hw~WLcXioa4N^?$0U$@8RWb1fyPy}MlX<lrg=A3Jpiq2Za
zm8>!2h7OxJL3D|6;>zJ;$BxKnErbi5O0!C0NX=*hO|jMUKn|&x4!$3UN<}Ojv;w3Q
z#5<X+-nmr2nL6J6Mf5(0>mEzwx^3olYgQaXb$g(tqK|DhauTEBtg}ZbmANy9>puBc
zbEtdo$)fJvsSD}eoz$NK@6SW@`iYlbC92kGxqB;k_f}9kDjZq&{<K8Zy^eO+y@?UL
z33zzPn$WcP7HYy=6E(qLjIOmei^<UzXidV{NlG(bjizQ`R@RJcYKGfJ&A@X{Z8I$R
zk?3~38QJvuDsM(k1XedUf;VGS1T|w6rRVWxG*dU@;{<HRe7PA5c{7?6*P>>887EKr
zq2s3v88^Z{6ec~J^TUU-N4Y6Sqo^qhc~eAcN=bie%97BgETOvh_EFtS=(U(PWiwTI
zr`(jiyeWGr{Sa@;-TzfJ<)^mT6k{ZB3Ld$$rZg_DPECnWnlkc<;fx*)8w*V-vzP)y
zlFZvd$Ms|5E!2*RJE<L}$dGoJ@GH@6csmm5^;<qd=18osC6c#8jHGsml%7p>O?G{(
zYDZIQ$4t2$MZ6uc^1@ARA-7}vq#+~5JH}07?TBMkY2pO?gxiOV*O1vKBdJA2yhUbe
zQ5)W(IiW3@LrsX{Et*fSpYawgq?#|0TeO0=Xa%L0@D_dkk*Y=3HrS%ma*HZ>iyFz4
zbyRb?MdOB!9uGq!Q&wfU;E9`|aD4<dr-C;pk(%>>m6`*rNl<ejiPb;z9M#`QuP^iF
z#6}SXjl$-viBE{4<|I&hViYw;TC6n3FFn~Bo0AJL#^6o*nodsgSHV16`7l`~NCWSs
zlM|?^w4f&mIxq^-tNaBfndIRwuyUlC`~@h2G>N|em6JyD7a+9KgZu@y7s=L>n1FmK
zy(b;YXcasQ!YX(^3aj8*%2P#6>PnuPtw}BBsX3a|O*~b5FtjbKnratM&DErS8&-Ms
z1F4>X-w1mq1Uv^@$%6O8i|R9>8kpQl@Q$ufCmS%it>A5UNu3;n$t?u$TbkrsFuA?p
zz3Z|%xfUkJ3*N{p>g4K}+){um=;1y&;cD0lwk5~j4emqkw}wW86GPgaO9K&R(7<XE
z><5C?*T9SfD<xQC4Xgpd-X~ZK4Xg>lTm-vS1B)ZrID#c;VDSXIn_#zTVC@K&Ot9NE
zuucSPOt9`6SeFp(RcFrFSCigu!nkfz2xA|wAj|}W1|bNI6@(#xP$LAPj)Kq|5d0xJ
zmq-PnIUt-5L8!PYBV29F5WFD>ClrMJfN-Ev6`NjK)i|t*?OO%m6+qY=g7AfckPirJ
zQ884e(4=~16-|mUt7y`t?kbw}OLrAbI@n!BlXiDk(WFh?RWxZucbO)A+?@_MTXDOW
z=i*b5*}m|y-w)o2&|Srpc=^;bQ5wgdeQm*1#)Mf;Ne}TX8`N3)Dp|}@YDks@o@I_Y
zOTGBO*=n_T`F!)*t@M;Fox4>&QT5&`AE6$+Rn|Fu!=G}cZTu-gD!mmrXx2<?%0a{2
z5=+4eN2`JoM+@zJ1Lp>?8I#`Y2Ku8bpg+1OwY``I1}sS@yp#PnDp2c*w^FV5y`-x3
z!?!}M(Gd=1xGRt$jc52!ouMOTNKi5)1Tq+ThJ1B~E3GhtPRVeCCn#iFD=MUmx{&2m
z$iC}x2L1$yueQRY94SJ{fK$WSO76!gt;p+n-3w{5e>8}R0EeJ943-dYnpwOObtjLJ
zc8zxZp=n@zlnBZj6FD9O%@w#Tc0quj=v}7;)K7u$o5BiuX0RXWej93Qq!T<ii0qnG
z<w%X3$dFgLqhDN={l$gDWUU+cYnlL<YZ#__{FU~gR#4k2YR0P;5OuK)df;4wn~{1w
z(2SFjx}atx?UveAtqrYi+J-sjsSOp|uKL5u`}sP4fA75Lyxzd@^u-u57_A2X?urK6
z$?yLIcX8~|KjZIyytmlP?+41h1%=2Bt}me{z>#-xZO;GIgBb!hI*|#q51Hf`IdXJ9
zV*;Ctt56taNgB3xbqr|_a%H;!&%?10ql5&}@4#B37knbIxFLNax*oBZ=L{2~$9$0m
z*X1niQ>i8@o)z9kDf|Oo_^2`-!Uam6LozF97T|X?sR`Dgj0<1NU5V1H8(QHykeO5>
z-9C?~V6L?AcE3Mu<~p=@G8D`J9(Kh<`;^YWv5PD1qef30J|u6bxC$8fM;s$Ni|g1c
zB8(Kl-6#9Ed8A=%DfF@d99zOezi3F`1ON6hAo$4K$vPbUWLiBL@xED?pxdp6%#Bvh
zT@Bdp4$)arePSzd)#&l|5fjG`9V>RJYgqocUUXjQELPv+s3ST{tBcN(iwrMjVi(c1
zUUY3=36<<p$ME^|s96^$bOwS}a=H2r(U7@b^bCk$zuOslHG{Je=z=`=Q2-Q{5wd$Q
zjE^loR@!tMcY}%-5~XLVrH0}C>PDjpK%VH#msm%=9wAFUq}r7%byL9}Ee{5=+!Fi9
z&`ANMK)YypMsO1m6K*JQR{dR@RM|WuBQU6-#SK5G1LF<y7q=T}+OV(X4YiL_zP3Ax
z%&<^>%jA)ryg(6W!!+Q*LG?H!@MStmE+cCQ#1%-rpy%2Uuy+D^qVHCcCvwRWOT;f6
zl%o2PJh2nyokV$RWhK(u*Ra+F*NCGkzY{qsca)l=dNxWB6s31A_psllW2(Sr=sKFA
zpqRyF4Nl;UBXRcGqgyS&m0i0%{_aQTdbqM3tk28qTAdqD;mJjP(q(<Og`X6l3o~@B
ziz-TN8?H@h{_5nwq==Osk4_D9#(gp}XcnXz!jH*)k(wE>INqWijNS3SWg4)N=(t55
z2~_NN;v?~7W}@JIUI?nydv(Is>S9Dtt+KVX>iJu1^;5Z~R_VM}KW8Lz1|_wVKTOmk
zIAotm<Vvs)f{;q1P||YF$Cl(D5?!nD(QOGf#$(y?Fk5Sez9N9WB0M^i)AF?@0>ycb
zN5*zZNn0^?^svquUD6^&Pxd9z^LVwi>J^ND>|}pute(tR+S#0!YZ#s`Wzv(lV)TU0
zkae`!CC2di0KGWt%rKxp)k|4>0Kr*SLv*gcfYXk&3(+NI@&OgbS7O_2$h2#>QZwx?
zM}(Pn1$HdIS3y5qLhosWlKD7<$<LRfx$4nPFd&224$y|iV%00a5vQeGp;%;i<1aZY
zi4V`ByOV@~09YFZz}AAd6Z*36RUf|R=p8sq>BSQLeQ6yFnsv<H0_8Nsaykj#K9_>!
zfEa#Ekt^lZW^%yAYia=$&vGoy1aHaZu*r?CgiW3sB5h<`md~kcz*myP7k4%!-#ypl
ze7kG0e0@j`uHE-W9wc#>HT>)771>$jzai_lSF~kwtVNeNmiG|`LxGYcPC7=(m1=Zg
zd}(dv)z>H$2`#Ks=>U82MnaY=IJV`|_v^3v72F-|HCdPNtU!3AcOfe*T0Dd2_Mfo)
zq$v}~QnIBlO-@IuKC8V<)t_ijVp9Y7;+XY{ZRuT&NQPO18;xXXB#S5A8p$T25AxcW
zq*je&ktG4DX;G?KUCHKe2%?j(l>$21kXnE;-H#24ai4NLP3|qD^aaPjmi%`-wd8>S
zMy|A~ok}izgO`zfoLI}-;1|)}9gw7s$09q2*v|M%@KjCQl6@-UHEk^4OH1Q~f)e{!
zh{~G>fiB_l*I+anrBj3kMdz{wSo3*6ZO!~(8Qtb`dr2UqbP_R_ADw~?pa%l5dEnNq
zVhnmvdUScR;LA{z9^D>G&wxWHG&r@#TL7%50yBt~s7ixUhJMEAjBBszUJXXuyn%lV
zB+0I>@rnU~MK8LIcnXiFd&RHBF&?Wg+A<hrj?#gr*|CHLZlS?riFE#C9Qew82IMA2
zphZvZ=fP2&r@<unF=Xr#JsFm0C@2wnEkGm_rIZp@@A3^~Y_P!yoOvQQHZVh@$sdQO
z_N6tn6D5-Mzq@C=v~C!g-&^<@Xd>R83p!<dusN9j^8vn<RjKt_H2=SAEz;A6*UIMq
zP~z22I-$}UM87?d*FY!Z_pC|{zHMgad>%g=I2r@9Iww|KIcmu0@x#VChQsk!nZ*=f
zFxQ||FbI5Au$}^+?*Wz`?%jd0hIDcXOj8~<5ja^sQ>V%yIr(JWe>xlI;S$b2qM4zK
zP9NbwjVxoy&IYmqb12VUnXNG?)}o%d+)i;eW%N)6Y5r0+jfZMK9i5AxF5nJ8-ou>m
zsY3#NO0Rs1P8@IeDe0+ClWBM~f*3mIL5pDwKahc88FCOYmpzSA_!>6c{^Bgv7_J;D
z4`jWb#Ly&4qg#jJaSQuIhf@@%<87S=wMy6=YJ)Ain6$;_j*6GMoB^`bpfNy_HIT*x
zNd`!~2I4=B5DP$V(?E_8WFSD=Y9QNAgY)j`*;dcXXtNEzHKd~pkbE^^S*(zyohHjX
zo&|B4K%a0m4({nX+FRYvz|p0($1`BXhuOPA_O6=j4+drTUcu~)3H3Bc1@x90^!8Ns
zbbxfxK#T+#1d!Gm$c0k~83mA58p!vjP_{+&3{=8U(13Ab&KZe<;klaV_v2@<)rUy~
z4yc7R|3*N|=<#Tx!E-zU;@ci&>k%$WmMav^z>SiM<8`dt9NQH4L-nohev12{q=!rZ
z{fN?tOu9}<ug;BAWEp#7xUf!E%?wJuoV?Pv-Z(+A7n(~m`6tE(D)vH>p|Cm1P$jXP
zM83}Vj5XYt;H30)Y-+$Z=LU0}=5;$huW_ogX>VcEUh15Jc0q_{?<i-0Lg~T~*yfxv
z6kfo@X>4mlqmjn3=78{w2!IVi7IKvOd64g|-R%}R5^7H1Y=~uXjF&Iw%L!A|*3M99
z!98T%^K?&SK0nnkpC4<OPldhvg0kGzGmJq{YR^iTSO#lBuopG3e-SK#V6SOl{}zIe
z1+F2NOH@jFmW`#?7h<q8Q{gp70>a}VivMHkLec@}n~*}jR^zk)ob@3%cd2nM>ljWi
z^pyjo;GqwY6f|aYU?kh=R`%u-Bk2NLx-GgxSexkC0I;b6(cOU>HYiyevYa3Kg{Y%i
zd~w_hhh@4-4$G7ys@q8Bn4b#6l^htZt}M}wi5Y>!J}hxECf*xJyhq#av6oftj(~Rm
z<8pA{3|8YD5Ezav1gE!O9;mf|&>3%8ZJ^!Yp*Z4_O;Q@;`h9nL!DEkN@MPh;aiv@T
z_x0sVP7$?;HGTD9n&2D3%TMr`eI1l<9jwW|P+NID)Pgu$SU1uJfJJit9WUH`Qd73V
zT2PaUz5|M`0etWK%dh&C2(7WwGaR7>LkRLu#3-L9`toWv0X{?mm9*QdPfiSPe+8%R
z829uVFa}67hLwr#f1$mLyICpj%-{vv<H!L~I9AGvFd>6-u?b-GpkQ<PZxh#YiK|*V
z%Sw$M*HUDqhJ8w&%nKpAX($}tlz5jzf$mO3838q+QoU($NXZUyUIKYr3P-@WO4QcM
zIg!OgGs`@cg%DuOqxbn-N4Ar6WURlr*0qyd)7Gq}V9mrSxWcvVX+m61u1;G?Gd6;1
z`r$OPV!}e%M`c_y-sF`Hh7?O6hM^}r6k`Nc%M!t>C31~rzv60Ct>>=F9oTfJW2~Lk
zZup3i0lS&Inot*FKG<T|0C4-a1hQx#8y`F{&;!$jW9$+Y^9F7MwEQe}axT3-%3oEc
zKWMFy&%cvT=`*<<P4(F-YmL{U(7a&@!3M@ZAYV&ee+9ZYAFic>N!GBjLj#60%Ni3C
znG@8_qBQN%IBrt_tT09aLqqIxGTP%8*p{u#QVjPL<K7(DoAGk`6AO~D_!YeV@@HfQ
zlMILy%OHj!(fesWLSUu?g!Li#4kJD=8CSv7St;u1Htu^#q+f+kNEe&XLWgmYj`J6o
z9?}o|1-;zuY!Z$!JrOH}v7$H^OB*}c;i&)@IDiaoRDesd@-$SZ`Z;=Ta5)i;<;A2<
z)i)Lbt56N7iGV@izKmZ_ri)#JmPNAkr?LSS3vM9$Uj^cT){|hPUa%4UamZJi2gaM^
zCHT&zaKyq;IIEFL#!<};HWBtEZIOIW#073zg{Kp8&Kwx-oZmwyM7fgJD#Fu=8jXlf
zWNRiccQpy5g4J|ZzLri9E;l~qM?_Vn79@T0l{KoO@|9K8kXDu$w6cs+tKo43;fq4X
z2vE~(wdG&XvX_@QTNMBLT(u}*p{#s3f)>TUI?<xQb#S<mY8`yjNVN_&Hwx7_<NPrc
zmNcY35`(AfhK8!nQv=F4AUin6mWJ{yP^a$T=)o8D3QX0IecX_Q>?16j0Q-0a7ZID}
zY<_px7N^W-*aXEWdCKt7*?NKIH5;9LHaer#rl|EA@lk;*9c+$6cW9giyvN1$L7<R6
zAdR2J#N~E->3#}G3d$VwKr{~50dRf$$}Op?d8M7~P~y!dyK;JE#G2=XtjKp7(tI!n
z&8ZxDraxehLj-cZ`JRH917|ro!E+oH7B|@u6_#S!uS%UX3$R}!s#D?(7NFpuYKal_
z(L~h(gm<~a)bk$F!_RxZogf#%hx*`os$95*STmL?m=LlMU&*Cvt>D#?F^te##^Buv
zFv9Il8ouHF^KvgWwU3@Kp4Da2h+%f6E-&-WG6m|Q&j4kir$NDO58w`JUWZ#AxCoZa
z+o*yGk@R^vn;9x-mhDz$gH$x=rguD4DI=RupcLCaQ&9@&vz2#qN-?56Q408kw4xpn
z2i!{+)l==IZ`M=Mkmu{EXh=alq9Nu`8ghg$@sMl1Qp0dt-bs$05R87NGLmzi0}_LC
zTntNcu5om8FuKr)0I=k}|B49OAD=!Oet$fAi=dn#huI&u<;4YV3WeVv<(z-Q{`kY0
z@cU!VEi^G=Z?HUvKCay#WB;uEQ9M)m{&=FUN>i#?mJttY_eUAyH}8*aKMUR;Cvc{5
zLR;1TxZbFm+n*U#b9<q&(*1GzE!0QG;JGyGmP#gT0SCke=Xmy(aFf-;(RT)y^Ql4U
zFu|D*PV>&yARh=cDP*Z+cKp0ZaHeN1FCzsngoLEKEtyGvUx(oPh5mB6RB@OXB|10d
zSW|WwJTF7x?ono|?gYBLJs`dF0xCkb!x$|=LH3mBUX1%NA9$RZ(w(PL1l7pfQcfER
zdxM%6m2=!PhI-vd`iE%AY*sHBw|pOGwvr=<%Ok<-Wp>#0qN<cZ`s`#1Nb}r9&&bgu
z#$vtJ0`tIEB{>^d!*{2XQme^<O;ueRy=Ixru4I|a4!cbFet|oz)RO9?l{K+iy;Ri_
zf)|RseBT)t*j?5269VhT7H-|l4!dsnRUX`4rDsoI&EPuEh>5IX<3@~o1S_^WGElJ!
z5<p2M@#~y8!LWQMckgmi`o<C1W7U<b;6rKVr+&eb;Oww_Es1`c5aX1*wAo5u_Gy+N
zy?QGuWoc7}RSJ&2J-vKaN73C)4xp<hq%FN@C|nF(>|PUJ0To0w?ZgPWyD3Ge(0+`d
zyPJnFk)NzUmDBw7%XziYsrCwWuJQ;p-oTE<I*@ekrkgtoS_ZE}ky3|~I;umy8to-s
zhdgy1vIBL<lj|U=b4{f>Sd=<g<T@m((Y}wQI>ah<7{lwJSEE^Z9Rzh9V8-)02yz|v
z>QuQpQyp+QVjb`a-EpYV?7R-(s-Nm`RG>P{Q=@^E6x3mk`jjg#PzOlII*bbBvbl*^
z84C9+S|Yi;BYYuO2&#|#qO2Y{<pM_&g6pCt_m~(JL5X@bX3Yo{na7j{9Bs2IZ-M<X
z>UKBAqxdr-QZ4=rjZ|yz6~|eNz-EJo?kkVP<UTC9;}vysHB62Zyo)u-cz2>t3&Gpz
zDt^~S-;Ie-e>Vau>g<(Bu$mfJHG<VAm{9|(MX-un5!OHht4px&3D!gdYe=vXg2icI
zO$qiM!QwSA6TylIcBcl`mtbQFc9#a$pJ3Sp8>oS06Ra!29@N0@BUmiK25VsdAlTJb
z2pgt>4I$Vef{oI^h7)Wf!SXb)u>@O4uzU^7PO#YodrAYFLa;o7J*|OFC)hxOJ*$B^
zBZ5zBE?t)WVtg;92;So%CjfP>$Ox+e!5@OqLqT{I5ISB7M#xqWrT{`(2*OheLJlB|
z4?%cALFf($&JcuR1)(7zED1q4b-~ZQ#r=AWAso68jIdfM;cGxx98$t!1z{;5yb*#h
z|BCGX;{`x?J_O-;1>tc(csc~3@QQp>J{u4whagN*5IO_Gm=J_<SLjFwb+t7C=b;ds
zhtxR7jxro;2+o=cxv^z{@KHrDLfj=8;e9|bhS<72tsoQt!lV#{BMQPWK-dGXZo1Yu
zbHy4UW`+Ww>}n0Cxj2&KkdmKeO;D4G;3_iDu00W1rX!Z4B$y**+*QU1;z>&?7vtn?
zzfFwO$e1mDCP^t+d`r@ilyq8CGp+dc&M=afWby5^@cYF##!Gejk4kESw3U4XlA2PQ
zkko{N((Fi;pfn?rh9gAiDdKer@zdp2`b?eryv!8@qtAteSsUTpEbP%J>N_k=1#j~8
zu=a~9=zx2Cb2`h`P`PJ`0^UQgIU3k(f^{R<JPm9v!I}_kz6J&+@L{S^_;c9W)jOh2
z#+};2cIsD;gvI`UtUU=_ROR+}Sd?74SZbIGRHNb!roto|DCiv>l+udIQlE<WL`58w
z$`pe!r*YEWv$Vyuva+6)m6@6;D2rBZS!%iG!X3vw6LMkx-#O>IckZ1TP~ZFa>nC&X
zIrsa{x1V#qvt-Eu!)Nw56%hMKVC+#Y?2u<#A@S37#80J$B@=9h4wg@_HUulu!3qd=
z2f^$*n2lg(TO#aL9qbi??Izg2b+Gva`=({>1Mnunmgrz_66{5S4cD<z87RE;9!0QG
zI@mJ=OC?yQ4)za%wI|pF9c&!I8WU`)4mO!!7w<*bCpy@N!M;cAb~Sj_bH~_Dx6#k?
zw(PoQM}7=&YKx)8apC~y!&<{=Wys-xu;hBciLzG?IIV)u27LWm;MW6O0n5IA)|aLk
zClu4*8AlmS6HoXeOgW)xSO(yX@WaVGp)@QW5T5WucveMd4hTd15QeG<e;r{6DSilp
zRD@puA<+*ZNk#Y?5aRq05>$kL0Ydx0JHz|3?{|iC9*+y-2Nw2T8i6zF8Qsi(l4gD(
z!N%!eqX{;SU{iFki3A%&uorZ&=>+Rau(>)|ksp&-dQ#zBzCFyE_RUE@e&M7t#oqvg
z&-@Tps|b03@Sz{V%9EOD@Ce|%<%jdG7N;}d%sUxy8Xm3;xcv_G>3h=r%`Z5k4BT&r
zSeaAKkp2HXwTDuyZeDx1#DmRi4~baZy!Nn%%bV98+Hh|3+QS!S6YN(VY&XHu3HFB$
zcG#dFUfv6WTN&d$2U#y%JRPvF{yeRW<7a?%A~4n|73*cd+7}q>x6_*8d=?NZ0wb1d
z5qkjQ>cEI2D;1tn1gu9Y17Z!WR9fmf0DD1TtbQui7QpHr7^`Qc($Xb>)h;krdlhRs
zVBH%St5v0@nS%kbL14r?w1{m0vFcPn#J^7|Gu!h!2zRHr^%lP!dh72R@9mJ2KcEJ^
zfIlE(IF&yjW0;8#;O%W;Y&*C{gt8*Z6#}k><R0ube`nzp(JeqLF90b3<S_j^Y|!PC
zCS*$C4oI%V2T&y+;;+%3dKZ5{|BfvuP3Qs$^re|<$N^lmO$^0rWZT$K%5P^btXKe^
z@5`%eJZYw?yz{O>=&86xZS^bFnpVG9t!Z^mbqx>j_4r9@wTMK!hLS-Xk&m$$doTnA
z+E;;kFJO5iMGaP4Z5eQxAYVM;g*Nj-p&Ry|pq8Vb$~N|ZZJo`%Ac0s-ygzL3>MEtZ
zPlu@O#m`@Xvg}9X``407$i4jUU2Btd{gPXy>6fupntsWsQu?LO3E$a(jxp_^C4+cj
zIM3QtY35mkw&aG|l54KiaO1)g$EoD|0{3JY1G}56JtWDi;YACT4D=parhkVHG4tTv
z^O~-G;W%|Inh;Jp&bzj4u(xY{;x|(N4!ffC@3kPcf3Xc6j%#LV>*Lhf->kvTrItXC
zxch2N7q9$5Xs;3)##3Uiz<qzvV;+yYAq>zI1?Z8>8IT$UW=rz7f6#hKkU#r_Do6LA
zW&AZepZV*fP?`OYfGg+0AX+&c*<b(mj`>SzZ$oNt+*$WL`ZJ&Yyv`ehb+q9P`u-c5
zT;F`7PA(kvW`Ai$J&Zr#$hwdDPAL#N<zJ3z_6&@7e~g+0GN!!d7$3Ju{L%-@U3Iwz
z-J=q`l_U1tV?<muCoY2j4gZD@lIyU*+vxgA{WV)q#~I_Q_T{DgzFPU}Z3WkztDXDp
zFKgz0tIL|XFJ9L4LeOPpkCl)5b^(TX-F;LU&I<g+FDbxmFPK^lDsB1GqbBb<S;8JH
zj^!!_n%d7js%)<_IW9J63NIBeV@yYRNR6nX;=GpXQdnRvEL{N8a@e0RA1>#ehc4Ln
zHFe;_4h+7ai@)#$MPP`Q?0d}iDh$F<CHLGOEns*BTd{S3**PtPduzZ<Yp@dTCG%RF
z9Rm`?H3jnon3mQCs&m49?CEZd4<gx*p~=n<@-)c5Q&<}PG`e_6&K_r0p)b?KFUdDF
zY+Xwnn<MM{LI<?*T*Zm8^qx4Oc7L$KGcic?6^yUQ(@;kg&P)_$_DY47JjNIvch>j*
z)iHCV#Q=#W<tEz%N_f^k(LB2hO)E`hGY%&g&I}P|woi>a!3tSmc1+8+7*0W=IQ#GN
z4hY+UpM<cE&M*VM**QG}%*}t67i^27{Bd7G#}>{6ACHev#nKPmB*LV^EwOQD&GwV-
zHmW@{T`^k05%09c?vmZv2EkL7+-p+oixXL~_H*)Yr)e<g=|}ctwwEgTVZavza<R!@
zUxIPSi(&xs1^Lj7fu^`Kh_O8wHd_}+j_yVn#UezvzE1Vq54#K4_{3<GK7r!*=A-Is
z2D!u~!9Q8t?JOS*R?#&Z+T^Gw+3BiCatvl9#E5H>8_*4;X}f4UEYME27u(-#XrCvs
z8?xfA$gR;TdIqEvpx~C0>4-H;xm&L&rR+eocqsm`LzJA!GGtI|C_&OR(~&&4J1)(3
zBCnz2k!okI$3CUn-C#Xu!yc)&{XA=*84SWJz=P(+-LQ+Fcb8J7cp3KF$#}d&CHj+D
z|Ctjkj##A)(Pq;Q(RLw>+8~Fa#>~f~TU=Aj#(NB@5(|sbrZ*Z~eMqBeaZZik{hKVV
zDYZCel!be*!fQa|7%e|)fv#A{b&%xZm?d9-K1y%*U^*h&Y$052sp@FQGJ3dL7Bl(C
z#+@cej;B%0n)ZvfA_z*s142;DN~QX^ZSt2xqEttFOfiI!%ivd-CWt6_xnq`zV!`W&
zuf%a6-yZZ-Vf~w=u*VP<?)5Z59ukUI$%u;gmDMzTig<KU-n>`&y)D{k;1KmZ5wBNZ
z0^06iy02WTE-R;!&%1Hj;Vd5a7oZ-$9{e(xdN53V^Ifo3bIRTn{fq79uAafjaH#u<
zCaiLlylJ~hP|TO0doQ9!ihQJEe7pB93t4{0cyq2;$uIEs`dC9jq}+Qu4zr@)1|kZB
zy<?1lz{52}Y_~+I!8V}QbZ(euB})b#SvAJM>yI^fV{w$zNyL@cLjsI()Iv7K6M}J!
zv(!83EagsGHT8z>j^tyUq~1wC`bWIp>I~3!@q6(YekWaDO_kwnJpQ0E#xcsxw4nWV
z72S^CY__cm_ML58j|G@*GlTTAt-fZq9XU|<Y<rg9QHQH<viO^H^-XS&?~I(m-^8eI
zzyqe>#fE~_l<X-L*Q7Q`HkIa$l<Y2TzDYwtenTN|pt$A{Hl<1)N^f9wOZKv4`!DXE
z<ZlRD5ayJG&N9fp`M_CqHUMEo7hn_Xm2FHAZGEqKJSn}#7{`dVc=prPjc(L)LrH}!
z=v2r8YCaw(*b*HK+>w%b_-u1UD&8?9m#4NAT>qdL6Vde5n>u~T>!eEwA=tY**jogX
zLlE|X4z|?bt47<x?^?s;oF74n;dhn#R*ix%1P~l_$MH%?Ej0&FFIKaLXqy;9O=OVK
zWDd}q3d_|MHi?>XAHk;UU{eVeO0XF^SU$mA!3dkJgS|+w?F5^ngS|wsFA3(*!CofV
z>jYb%gU$2n(rH%}%}VPZSdWeK>(bX$gzMYj($x>)B^BWSAWWsX)jYWN@Q7D~ZYezC
z>c5qOUxI=^^t%Clm*3{rmq!7@e7{@Rbt*y<AbjeFa7smp0tDZ<8{&L}8r-mED?_;C
zhj2+P;SeAk_d__YUO8_7gkSs+eo+zL281#{gaucXDxL>~*?uGNw~FxOR&IhoTup*h
z$T*D*HD_ZQc<ib9zQr|L(j3|4;TmheaQWkM5XBht(P}IlkE8yPjVT9~;K)&2b4)al
zWwD=wlPOj%GlM;w!h7&s7FqBs%l};5PzUc3=v><8WarYJ>s@bh8elSk=?34^VEqC8
zX@F>_1^sCdra29E|61#5fZuKrXkX7#-~7PeNa~wkV8<w!$#&o_o-J&{?%%+)C9l85
zeo@)qAJXpcW_!7PkGmb{*F20D-C}lzluMzoi7#M`tl2pSeo}Gg;|^GQS&h+bKWF<|
zui>z>CqQD*c7J(1nxqD(#ZPT5xCYVo=kSbY!biT>)pa`fzrst=R-oPA-Lv5SlK=s;
z9V8PhV77xc1iM+bgO}7D`m-|FE&Lpgm#7Hy0O3_XgjZFB34k!m4`CKZ$dU&FLXIE8
zz8gvj?EzscJTj5{rx(<CI594e3%TY2RRLcd*C<xrKdxx)=I$c>LIc+Yfom)%2Iu5m
zIweb({Om5$6vW8Gc5w~MAA&{=H<*{1C9gh%^0oZa2db_GF*<RKF!?ShyfNxq7|oDY
zfoCrKdnZ+rB~Rvsy!-*_6V5+>9UD3Q12w*lB>%9J^e+GKscG{c3N0&mfs*_#$L+}r
zeD`^^x3XjdudRhoLE}|=j<^Y<>iy(^`DVZ#gyQ9Zb1y~S!&I)5Gr*90E$$wbkVqx(
zRWh@n?1UKeZF6aj2UIh#sW5R;EczM;BO4-|tmK&pSJEy}SQd^sUdnxP*p75J0()<^
z#ig09Th09nX7m<>{4?GJwpG?6btbSafdsa{Z8lM9N&?&epaCorKyDE}KHL%e;sp!F
za&SO)L`oC)^;!?+H4bMR;CC}M?$h$Ns;;c07t-bM2|Nl1M{_S_Xs;@0?*p1M^y{Cq
z1aeWuC}Q4hv!S1GNWPkYLaP%{vQQ{qtQ9<44E!Dq?)eS}xn+lxSRB#Gg&T~ZSrTUU
zNR7LK`D9b$&N6=0?64X~S`1gPRafQSXSqVA2+_@j<*1bTExB-pF+~3{<tu{k6TIKw
zIK#hBF@`7~AA}=_0x`nmx_S;eZfZK}3$X>K<(|DrHm5;=$Qfw=ouY=}!RSZn0zVC6
z<<tozwy#yh0L9`a4(<pb@PRHl$h1vlNhPfZ8}+<wt3JGElMqE(w9msL)#x%4@i2|v
z6b%byq??^o_6X<zCjI4yL6#6E+vS9pCq)QK22D0_5#Q3dkPk%Ywl(y~12P^Jc$N^d
zDPM_y%X!LN$=Sm_Sd%5>#R`)q<p%hu@EE4cH!3ZHED2eY$4sU0rQotKmA%rnPvTMe
zQOd&%7TBHzr>Q;A6iq8gKn%T$w}KoBL%-&&kVs^O3kPfkg+N`2f6K{F7+TRr+lp_?
zO<s>eXK3ggGSz~fCTVvn=PF|4d6&Bi>c!cSL;UIvsQnop{Jfuw@Rp?6h>oQ5ie+8X
zemv>Cl3>kB7L&(1PStc#r8;?x>$_yqcQN#v>$@bb@46y8VHgyBR}wKauAk$Dg6~k9
zxEAb`H^QMWi76LYFFw`|gJQW%7!+%lnne_-!l};9sw-%^2>kHD4tOLh%4caOmQak3
zk6#UjQlIMZq>9b@;Xc53kh0stSuW^};c9PK!7%TCYybCZ`>7&s|Gqn(w!p@j`Ymw!
z+iVMbT-gGbUg|0+kTFFJ5~o0Hm%4gS-Np3{0tIn?mH!$k7lj#s-CTj}W@p$6Ft*h#
zCVO6N@XaaN@Cxu>gS`hwT7YQ(`*qO?)mVz}k<hvIukm#zdmgLC4}4++<7giDlOej_
zP!M_oLL1KV{FX~x!EXL{8~<Cv|E|kbV}0<Ma?c4taJ9pQSs}lbdtJQ`heh?u@0vyR
zB6|SVs1shaRm#s)Xs)G;O%Op_`)!{Jlb~Ekb*mt@AzF^9F!5-BkEziBoAQE)9#)In
z#H+YkuDQs1Mq35q9w=9e-OYY+7;O1{j|+lYL9G1Xam~{B2vAM#?%IOh|DJBcI=q!E
zxbNi<i~^Ifks#p!Q5da}@@u?A#Ocm)&b*l{)EYmJ_C70wgn-z;&T-Lk#TYB^yJ$Q_
zD(DayKnhEDq(~Y{hG~ode{HnHExeX47Tw?)=Wq`d0NL`)y;6)})*U?X1QQhbX@<$$
z<qy`fep;84JAQKRc<XZzJ}!;%S*B{y_MafHmQ>;_3uH*5g|-s4jo{<-NWUH!Pd>@g
zUWPp=#z28!WAU#CWJidpY+)knv|mgD<?n#(hvmSdVCK4VVocN|S6p`roIvne)ZLEF
z&&f@*SE2V+dzCPLa6{fZia!#1g0WckXf?LF5^sc`sE>cCJ5eiF`Jbr1Cn+8*Fq|ZQ
z_E<Q838`I*y~in?JjMLvNq~hXv3=;y0)|)bTvt3Spi2tK<byk7DauyGfs*Z)qD>4U
zp|)Dx08joD?<4y%G&o7o84HiaDm8hsvvEziBGLlPqvdSy%lnBA>|=7s5;z^pv}hl2
z;d-u0$1_NWnv{>>{3%fEt{kKQG}O+<vv~FFtw$p#Gwfpm&C3Y&ja$&@QSr@R>`j`Z
zlhMqk8aqGEibeOZoh!|L4&>!cr0Ql<;!?8b@o>fyMw?CN^5is_lCE<)<4tv+?Ndw4
zSPIrU@&XF6KMT5awE_ybDFpjf2ir}s7=rEB!G0lFBZ3{!!S)gC!g+)p*1>)!*e?V-
zrh^?K*jj>}(7}!p>>Ywt>R`tOUqO5aYcU+NZP&2#pu{hJn2Uq!1NfjHxLFN><!=}`
z%um8La_}|)-{S|qhl4)_a05SZ0}gfo_=aEIkZ=UR*#JK3XT<wBr#ub7W*FDmr5Og_
ztc32?eA~t}A0@?_gTwfs$9sx>TnxvOijD6+*hAv6B)_=_&p3*NHKUl0moPcESUI(n
z6o*XyFIFV!F?;y_|8J6{hfPo=X-SS(3+Y@;0(aTJlj;6ccc0EAw>^-qum+@Li*r^6
z+@Z&^Ll8E|M`uxBF$mNF^6~rMfP9>7OiHtzr7Lex&t<T6(g{O%K)Tgf*v=EUe5|;0
zkQ8gSA9dfExj>bVZ&>^HD@aTf^3N*bF<ku~ty4VS4C3+nui?t;s3IJHUTbJG!`66o
zSRKh|>IA%Y2BnCQ7k>gt?n6JE%%x)1LCDmtlDjf_aay`W9gy4^j>D!#3Zyu^R$1@K
zX8;d!Q)u{p@TaqkzF~IE0e8@Wj>KxHInrI@(Y#_z@Vu%T4`V=QSnS=6u;s9#8&T1r
zQ~o0eN}`L<XL+IvMqiA%*R)t`Cov|(D7LRB#;~_y`~FOz4Bh#Rk`99v1LqbKko(6(
zyPKGuGug5Aha5TFp!hETfjggM-|N|>p$H6L1-a^qKT#w%g&zFWOH|G?UZRp1QBpvn
z9tuQM5)qXEMA@GXL=+#ZPE{}qn?*%><tNwEs{8~;qNxhxrwWb1fMh?O=_fx`EAm6t
zt=bDf^=V&f>;<^|^hp_$pV+z(tQ{l@zkDl9ePL<7o})LN9$!aHZ*l%c&TV&;x2|HF
z&=)tzY*f=n!;InXp|JR$7)PA;ka5?&fdRkT4_K9QhYgDQOju2O#@hLeuk5KJw)mP}
zzc*jQZpO;F`vv~pR*q0GUsd~M$zSuA6Xquiwb|=rD9N9_yGsP$T`oUQyNkqkmy|DQ
zcZtE>Wi{Vjl3+iHfSo0p@uRe<aMO@t5)mz|5AM;&TL8`#_Lua&T>oZP7ANT6(rm?b
z>fd(APkv#df_WvpO80VNG}ulP>$B4=+CmDrBtB{5Kg10tWrEKJGvq{93<_(p*RZEY
zKBTy`4f$8eK>}?*bZ386E{=&3NH@iIpa{Pl*K}y?%ZSq4FDqLRFo$eugJYW6GzZ+$
zti4$e>hF7D(WihB*za<adiAmU_$Q86(L=p`iB$4;u-UXT_ZPMf7u`$iFoLbaQ5m!j
zV_+S|!aAJnvkslZjp3QT_sjp&di?$~&3cUC@n1LNdX)HjOuyCjn4w>fpPZ_DJ$_lE
zNWTe;2-o{HB>f&3O>1w@Xm#yH$UT1*xM|?ZwaSV8(kfao56xrCteJ}X_80W}fq5F8
z`r{n;PVdVI`PeT4FDjmc&pVRqu$P;CW-Xdl|B2lP0dO5JV|;;LFT==+MOU$xC{U*2
z(|P7o)u(e37!GB7ohH*d!mRinzBPCJ9!o0m1Y^icgIAg?tcZXcx~<$6`Y5U{ugEDq
znK0M>0t!hXWL&a8gajZ8LNJd<-o64Mzd&AA;}dvO(uR@3ZUZ`3vgZiyV<~YT%X3yz
z+yOmw9rzfnKKa+9q^|*p9P<Mc_ahj7(>%67Cu$bx=SN|IK9g>CrlJj3R^baNg7_-s
zM>qn?tSpAL_&sj-*Bs@U!U6%jWj}!K7mI>$)upBv=EIklarQyjOrL%(`lQx=j_5)q
zIPz0!>D*$U&TZHIb~@Kw_Fr}GV}6}GmUnLc5l!d*xRrG->eCX~M|0Rms6D0q?+A3S
z4P$sazDLJeQ#IHrNn+8~VA3$Qr#66w5t@g4M*9kOikM4kf-Uw7Qi<G4v{^c{*9MO~
z@t1g9AfP@BA&C=PZmO`xNcP_(`&FOyA%+KuO$<`u=5VR7BwR9W&O1xH$e!=x(R~+-
zfv_}SDpztU#A5gpW3z^61`;|`2~GCh$7)E^sbj4Wm1lBhrZ*l_*BDZ5(<u5y!XriZ
z$9v*&JZ02u#DEfn#xaXYvA|H<vsCT3OzQ3vpV8n|(_@>J^e6<WV~Gh|VJx98?U+i=
z9_`{a30&8GVN%B#S_kt&Y2Bd!TtK70kJQ$Uoj3|wH+6KDcdBN!qlt*o99S#Ud39?;
zl&1akb37VwW}phf0_S}gYfhL&(<FpBL+|^X+K@$$xx9rrM0$P@587J5>nNc2b9s}7
z_0$AyJ@q*@X)T|+GjcUk7u6~wX+_K5AMA=g*v-mG>4;M}3?3ZH&4PNO0(&BfHb+~S
zy)R;T`7HVRa~LZal?>|qz#imRJ8yqj=he<y&HR8?tqM^>-u`R1Zc;#}DOx8!2bO)U
zn*)!0c3X4cfgYMU@Xco??OI=%>$}$f#n<}01Ddsdq!c=eFFm%3?vtJC;|1^PuV%%p
z+petsM-IU1&r64#$F$0hu(vIPqS<0ECdYrpbka^XhtT{48Y$T3mX&qEjS=#ISRCx9
zBr}#|)YLRpCA_hPKtcYp<Olji`7BtT+oHj8?|@7lJz~<Ri9GMMcUo75Xa)s29Qy`t
zf~f4MWE&|v*WLbJs?HFe8vVHsh#)aMbX~4DHM(`OO3x(R?^o)U8CRUHG_FwB+Q^;$
zYYlkr1dDy7?gou7IAOhR!IgX&Xu++<g$5P*EV$#{)cI2-=lw^w;6nTs+#7uUSbpn@
zD|Gp0&4OFBnHF4(?}D=$V?^7_lybYn>MXiV=3R|hry!Syfu9o2(0e$_Dvq+2qZBJB
z5FU-gc5&E#1?E7jqv<$3sgB>}nLFVwcqIk?L@jLaN-Rw*!o<v&@r<A7U%glBiEh1L
zyU16gmKK*b(sUl?wz0E%gws*In#U;S+ER9eXBgBYe9reKA<ceD&5YnP^HekA+NK|_
z2OcBi>M|(nIuFG-W^9i4@Y-{qW?NU*!7_EeUHFOL&*p^j=_dJ3vF)35Q>^A&|0xFj
zO?&zV-zioQ%cmI3oVz~JO|gU=-zoN*K)1QBy|hIE)pBC7W}bB|rg;_}aGqU{RtA|3
zYda;_;(?`VxLXL-Hg?oF@3`J!(2py{=;htZzkl2NJs87fj>`7-FOD$8WYg^$t7{py
zVaB$b?xaHdL!s*+Kjw(+v6EQ8M@s85$7hcnk&`<au3FR@UWYGXTZQo{zz}b2?m~)y
zIFF0*3>xcIH4Q@0wSeiqUm)w;mwrRduscet8Lo^97(wf3O+d%+J3QLgcjD`|{$$#o
z1gA^KJRWZMIa!Id2VJzlK*1Sh?6OnxiT1F5j(XS6@><r<DOf-K*VDGGES?PSe8keV
z^H7;{Fi(qvXn-qVfE&<QtY4y>CpkDElSaXL!ghdYO~9Fke5Mq0^5^oygu*oQ!zAfz
zqDl$<y_Kkt6{;@Kb2X<bhN94}#%Q%bRk`40JB&*xVy?6fR`iG*Yp!ly&~eU#WP`?K
zIo|@=<Zm{AVw$kAfj~AV;qtm&U6CB>EbgFELH7KiwDD$5q<Hldg&jO=oJzc)h2-a1
zD)nHyObrZhzB?yC#`nWDfv#G#G}?y4d|(B_^iUYo#CKE%HJddO93k?uv!N!XsV$?Z
zsj<PDjS<Tv+a)%?D7tS(Fz@$~^qj?`{Vt|{-oQiBFEo~F`gz0K%IHtZn>Ye@Pc3_Q
zH%|(&Ok4Tl5Wel7k~_DnW!hr)F$>&+;e>ttTNA(MvQu;>uzn5JZuPt9<$g|dSO}l8
z;UPry77fw$bwp2`I!;e?-n{}hM|G@4A+6(DJT1AjA0DEqc0mZOzcFoZtsy_H(KI9?
zgxpI)v<*q3mr@8dBtL}q`-T%V`#qSgtZN%YyvN@-Kaa?dtgrC^FKb>;TRsf9oX8(w
z;mKVQ<GkE%z2;E3cRktd<olcmjMXn}fio{)!1h9(NnoxoU=9Z?@CDd8z%P>fycU=p
zjpw%`|GlEk_oG}f^=`@|MbgHr6Dc#v!Mor}lf89@KKP$3&FU;tSLb44YlLLSfD~J?
z`0AGWbn`vKnC|Z2m51TLO9vduLAFPdr(7DnRWj`moeSzi-9vID`z5L5k9vhOnj{D_
zkASNmT2eYgnwSfV6H?>0S-=vG?CmU&+jWq$m0c=19%2s8sD_b=-xe+K81F~q4(!3=
zU@Su+&-9dM+!O=s#CxT{POx(XW~o7IKuB#HZcJjm6vopF(p%iDarOu);+p&hX*Lgf
zUW!HkMiR5a$-&7nQjR;|ZVdNN<re#&7SlCrewwp;lzI2LLC%nAX2-BHR>QBB_9x9^
zzh5NV&(_xHA_IjOWC_CAqa{=8Emu9Z;yj}?8zNK|Fu_HDKca<=<_)$z%~}ipNMf37
zmu<!QuUQ{P<AQ5>|8j?6|D?uwK%E_yTrk7fkd1wb0eu21%+8QfGTC;;vLZ6I<C6pu
zO$Kb8VGOmL5thWdxg;7Ud#A0uYvCaZ9vm6|UE6=lO}kcd^wW1O>r!z|Mgz%qfcNN^
zzCD^6cf}p)tKapMneFGyro&=UA$uI??DU|t`z#}QB0>!^cD32QFRguL-Cg}v33hcG
z^K6f%t1Y6Xn!QoG+9IY^r`W4mU)!wxB)gl{ocD^mq1u0O2VgCSq47Hzo$Ku5UCp7h
zGqvjh>|a<{j|9zoSdzG=4EkHb5wKe}N1Ht*=Fx)LR3gp`XCv<V4lk0I<6e@&SXh|`
zG{xAks2HN=!R)m5VQ(zP1~`}rC1MdoN^=bh=6pW;0#dZlhyB@i)`!@S!3`2htX6b)
zfeDi4SY9e{CBacm9b!>67fzB~QRt(#McbY<$Leyy;H`+)kXIj_3fxDrBF=&`%4}d3
zSn&59;>+*B*W1K3zZG0-uog~fvEP1HHtP##Vj0_%gxQrBV1soR$3w0<HoG!$dd<yf
zs6@rXDnRev!|WUkHyWUJb9Tp}mYm(E#d$Ipu>LkNP|8E$Vt9y2Y!dR2R9F!qnQHP*
zCeIzvAi2DM1Ki}he;SVx0y&5fQ|E5xW$&nU@{QxP$HIeyS|zSwtw?W>@WZrJam^*k
znI2wpDj2GFCT=H65@*4HC(-`pNa<G1=;_AjN$Dmtg1SkC<#2VBcLIuWhaxWf-fVU}
z7iMt`kQw%caLGR7LWES2av>VZbmkh8=H@g2PYv&c%Im>q(-lvN>EhIm8vmI~HJc^J
zh6@6c`m<!;unT_9eIm^HxW{xc_ps#Q7SxV~*er3)N^F;FB-kjxxa<7;VOlh(ZL(O8
z(nQn@_zq>jSKZ=(U)>0MNm(re&MJoy?`Nh29;f|>T)$t`G5&K?+3>USP^jy^B3@7&
zgy3&&<A3bG9{-Hn82=0!|CzTi{&`*1QEwwg-PU-MV9CxkQUba>e?wx+5v-buj2>SI
z@-Bx_Af6#TjIIce$k_!DE})!^0pk+tYlIB@VOiMJR(%GY!>;1CU^~JX!ZnM!fE%&G
z6R|f7#~amNMPs{c$p5xHTH)xF{$AZhP}A)KYt`uEF36$CO$D!EmdfdbG!wkqL&GE^
zaisFc8{&~@wvE7*ASgT8w01WU>4GuLY^o89&SJt@aJ6zwuI4udN4XN`f~w#-FaK_A
z&;IU_zz^gcaK2cXb!0n%;)oWq!>k&#miV!QYg566fi4bE)dgo~AIatsZP~0^*EDuY
znC<n=NFBI!voj@~$0J}f5W~q=gh{<NU?E~rTcnjk9QE;By^>@=NAGm8XqtgY?aD}n
zy%Ue@En#XZFW=+)<?re|z8%5jprP_a+|*fffO8A(q9u5S=i?bZl5t_|3_t5`uDd@k
zO|zdgn+{p04|W<mns=XJ{LvV*qiF@QM}M(1doP^X&Dj}Rp&ZsD<<RxF#TUJ49bmB^
zXSL+L<ra1OLEHg_5v3FR8anxJk-R5%8#u8w`$slxujt9XlCy$JMgwXz+mwEhoJ}8P
zr}wUCG%}S3%#Fr=hegt>h9{#C*CZKMFg9n30l3}~b&tqj>;B6TVXJv0<5Ev}hvcn5
zLvpv5pW0%!A4)TwwB|Fex|6iq&AQ_0n~q1`+S?ruv;82eg^fqJZal#MTQ?vzK@`No
zXGCs&Jj6A7G{d2Ee6(nLPaqXUhD2VW;c?sKvtP7B-X_e_i|q)aZ8~sU9ht}?t*iFn
zf3qN+Mv)QIp8SoA)6C>lbD_t;o~6Rw!eD22leC_YJ)+sP*CGzMWHJ105&K?Bvt1F3
z4jF(?P5cX|zr9p$u@>(XE%u`r-7nLpKRoWvy8M)E^tWQG%|JG9b73(u(_zVw{zKCw
z`KR=DLb9nsbZ!B4n*E%`{udztG{ye6Jm}kYsJstDTRV%%mG_Rh{aI~uw~IxeH)Nch
z{fxQfI&0~5*3x6p(t*zI_eq<SmP(A@V*BRHuOO9|%o`Pe#c)h4giN#8dH^e}N0Q|h
z-|{<E_At;May-p;)@(mB^G>{lIc2e*md}54)dO>wx7Hd4C-lFT0f#0_hW!JbjsAql
zDM@DgVeA>#nHm&nz#mIT#!JuP#<~|MvB4%AcfecYtXJJ{DF?j$cgfj!hRcG<yit({
zsolMkO>PR-N<K3#+5U^G<{B^b8uIgOsi4F=vmtkrGh$Ob&;*aXb7?%c9X9M&hj5@X
z<WKkkt#LKJN@krvQ;Pi$MpUI-J5jUt`4eT|<GOm?yI$0Th@CY>B0J#afs6=OD7dZT
zy>u`3Xm+H+rHO|f^GbxWG2gcJYA_u<O9}<vVPYAjCNXW#yPL84BHK{N?mrAeV3J#R
z1_eCgfJ_bl$OOz*OyEg5#Fl4HILyv0`Q$Sg1ga$i9RdzVGPq$+dW`LKW_v2c8wrDW
z5n|DGD8o}u!70i`TNEC3E{#1N`Y(&NdPs@t!(53mD)ze0<92yW>d01rv{sq)5)-$I
zERCTk#z>p(+s!36*v!9SfC*Q)i>+~EjI_?X#(!dK{1}ra*&08_CaU!=Hp5Rs^>X5B
z6j$8AU`yr*9%K(W4+Azb4b(itjbStI#L!QNVVZ}1eU%Nu0c#jAR$niP7t#zjpru2c
z#!B32u*tT@T6vwdoy+LA8eiiI#McNHZQ#_L(#y*DP}}qx?<|v_KLT!1*&u<Vp*Sk$
z3X2nvsjxVE{QeP4yf()lG@z0aCzG>t>4OHm{tR<JuD5@PA+8CHG>LISJ59#)T;R-9
zwZcplCMQKpcA1;V*DwJN?54JaSxj!L8O}Jm^dUA?xq|{hvzm(@SfXP}lGJO8lxHIc
z5BpVlahw6?E`Z(dA&1B2I_limgdg}$JgAhv{#ejnZihg7?DUOlZrVlH1ZU{ZZeAp9
zOUU4~1sa?x4B_1xB9xa}lUPON_Vip*x$Wj!PfV%<i=Df}W%0W5d0k3eG<2<7$6f2T
zGUBeDx3G$uy&A+_>(qW*NE|44sRPN2VQ)5&M*XND2)<H|a>XQ1j_ZM9A#DN>GKxo4
zERT)y?haZ8yit9%6)EI{s$O(mDpD`1o`Z|PyonQ4jqt^Kq{asS7DZF(y@6l!L>g)R
zH{K;E*YC?8(5Go5X4^t8tV)8md|1x;ez%vPW3KfEtPxS0QlzM`$4?q>9X~32JgBfM
zlA@m<o9n$`OXqY);H-HUwAg8mHI#7*)y?2%V)|1oqBw;;)?UoOmgL0!Ea$#%LPm~q
z7DT}Dk;OO?M{pDuY%qcEJoUB)M~ZtuhtVKz;MXD){s9u!vk{~#9~v~db7GGGV$xwC
z8y6ZQZ4dH?>|-*Yb*|(kkPN(@7AM;-dem<{OprG$RHz0|cTV%Zpj)RoOhdEcWp!G%
z_421PPgH2cqubqCD(pSx`?`!MXYF7dkNkI`NpP2{W<yHuHh#IMP7)=xUJgu>9N$|y
zzzB3pXK{wcJmz~de9%CgWw^Y3E!q3Dd0%q_5b-|U0OaTfVQPqmI4xjWh%$S%Z)b3H
zzr=F0@B*gUGv_k|Wqrc^TxW8A#o&$(3Z4fhw4==x6=Xa64qr29FUx1N*Jid7Y-T-m
z+RR?(HnaAZFmfsRz-AGz!S>ld-iSwnz#u~Y^(We9z;Z&~${)ZALjG<$waYIV<R#A2
z`=x#Si*H$A<0H3v)`%G<LTkw|q54$qJrU5=%6bxSof~~OzSfvf7uF-}Jspf<&Gi0-
zV4vt<9};XW!M@bNJ|oyW1Y4(reM7JUf(6XiG=^Yz>tNu12f~4~_qhWWl91#*2d`?H
ztLE8w=a+yn)7S3{_<Ht!?40xKuu`+G($paBmAqO(-l2f5Yt0X1Ngq;459vzk8RYBs
zHR&LQzQzgCp}-`#h9C6xpep4V1@NG%2RL8(1?%6S#rb0vL|5{|`BICs5pb6J;e4dU
zc?)nB`r*8-#hC^;_7m9VFV~I_92+Zu<wA9}w)Yz0Yop+L(=V#jah@oG><OW^-F`l1
z`?WYHW-^>|a@39@ikj&tYC@AQm|(4SuoeWX{1#ztbg=sf_9MYM>tOA5tyHJgj-$S$
zHrl5da1)Svb#K7s8n@5)(@zg-`n~2w_UYn-*h&*oR8L0{SWoM}A6!Ld_YraleEe{g
zZv`1wH5DuYoc?~nt<tnO&jC&^Kb(iPIFA8NXFr_oTAVn*xgX#3cs&;5+s=PFP2J?z
zCBgCB1vbId6<0kfZ??WT76#;@HE>e)_nwrg`l_y1QB}w$l+S>WTveVxTgL9)dMa^$
z5$C_o!}VjGbKv_zeAD}%`z(SyY(G%c`&sxc(eDrUv)_sAx7l8*9*sBN;@9WUjH548
z2<-f)$>%WVY4Buly<HFWCaz`t?_&B3jy$$~pglcEFZ{Udg~)un_9<Xq=W{P}KT4=G
zo7Wk_>&)(U-Q)TolxiyU`Em%O*4>7^0b#xyep!X__1(c*v<O}S*xJes*@LSG`{nA)
zqpXBOxabNwh}DEeRmoLvYPf~d?BQ#JYar1Ocfj>Ts7eI}bYC|IvVw6E|KSDVNWKHW
zG!9H<e_hvEwQhK1qM+-Z5EUKG*Iv}toP#yHI{^aNJItYG09z!luGX{?KkdfAaR=ZL
zEcWCFI5wsSXwDvr4p^JHp7xT5fEzZGS3xhZ`dlWUu@R94ec@iLq3G~pr09NxotHP+
zOlVEqP9X+9_|&G*0aoGi+cr%&_E&A3j@3ab9SF$N(vi<<as4ZZli-mvY&5dPRlXzJ
zM_YKD4KlC6P3zDg{XA*M+W<}~aswO9u=g`)hP}o9y8dL#%N2=XX)5IEuH@o#f&Z1e
z;>>_CIJAgtPJUgau{qhgNMm#I-6FC%`FfG2-#%gw$!iQQmqAcQ-tGM<1o4T;pNW4c
zHQNtCl}|Cr2j14;2ZuP$4e#e3gTA%xi>OmD27fE|;DYp*t_0|r2bEquFW;plFm#b-
zV5{U)g*32(uc!liUfx}(3@n%+%bN?S8VtnoO(7rH`oStO2zaMZGq6kFU;}&7XK<d^
zmNSt(xV8|6>pT9pnEzet^JP+@W{N)uU(WEsh~yYJ@J$M7;6HghxsL5gDx6^q6U3sp
zAd(@%<WC&&Y~SZ4d#&HaqP{TR4o5teI+T~nMr_4PIARzt1}a|s5_m8lao@@3^IR_+
zOvB{-m&j)<U!H`lJ4E)fd9yh@2`||uk0GSN{74?~5)UyC4-dVh8Sc(6Q4D#!#xu#{
z!s67TE23?TfudOtN8X(z4X&RpEL#AB8}fRM2kvLiyAllQ6ge^*33dM)dOw;^Gu}TT
z2Bm-Oudx0BApkoSJl8&E-?{H~eL(NL3R2g50^dYYI+kb6CekteM(%8-7qVt+vTZy)
z8)jBsV|7fQT3F*fT)$t!CiNVp9#(}rS*7B>*_x?W^oWr-adu4Qb$2Ja?{L?5hcaAu
zANZ%CLMJNqRTXXCKhtbi@+PxytPKJvWp}>UR#n!>n}5_uQNJz`R3`;_ae*d@ii1C(
zv~(`rh?A%Juw+3_w#S2t-ufEaKj6dJJiGff*n-A(yzcS!=bwFME)GeRWWOfayBocs
z@5UG<9{29Whe@+YF;p<_-4A&+Xp)qHw^G166n!JmMGi)1Nv|c`9r?$&@Ac1j&g0)%
z{@eI>Q%!2|ikJTiZjWd&j`Z=pZ8;ZwZxf9`YAjdke>)!T^b(DXBP;Hz4Sly`1;(^H
zQb;y)NnGzBas695*WodgpEybeM;XacvJ@1ajuQUnb69}_!{~7fdGSZ&grz`EQzNir
z%DaWj;N1)9pb%M`N-D-ZxP%JP*0NV2XsN`aO{gDWgQ*R!Hed=@etqxtDavXst)D)2
z)Pxc2mCl;;tA?aDmvruDV~k1UX4G*B8u6RKEjyok7-3xM&?!^sMrb6&ADBSDvmgeG
z!Q#v|=0h23fE~sH?-4W(SYw|vsX=!zCahw5IxmNlZqM?P*tQ}0x2)xg9SYRA9FG8^
z()NxT3eG3=&f8WR1Ri>)(-eBth2C+l<aXlAeS_IW3aW>}d3ja7H~J2QtcM_I5Os%?
zNb?0UH+|(J@?iO6z7oJ=|9sLPC27<kI2}dX=ms#PFQm)MTVSBE7JOP34AzEPjQ^-B
zpEQ`9;j~<SI#T2L4esj@D~Wr5XMp#2mcVt2lKk7ffxN$m+<}v6KTRf>Q`YWq$T$i?
z*V@<7eHBhgHWk<9KupAP1-T<lz>?}<v#C6Hr{rw*{z1};N^JbH?<Jdz3=0NkB&Tnh
zR~2QnF|alS@b^Bd_4n=xTiMOyx7EnoCu96J>`nJ3x+z8Nm9dB-xUu!aI<Q_Qxzaa+
zbQjR3zcwpD9C?pgUANJrFSiKPqj!a2kD}wVsSy3?`vml-hmK8Q#21&>!~Kwd<8b&m
z)bH^bpT{wJWp77(nxMHaOEj))%_mBly;^R#ysNTFu(~clgXQV>1PQf{;P)2RP059`
zz#VxuDRrsSc8{S>n{0Nx42zh%Fk45kaxmq0uR_qjTZe$ns<X#kK-L1J=RTF53-Sve
zAU%LdZ3lX)LV3fnoQ?=3dMa|immK|crp|A^e!q}x2kK*~Yk@Nri!L+H5wf~;ZqWj6
zwtC;sR(8r<tMN|v2n;WhEVd6Z!mnud3&$#SX9R^BiH7lv!R{;UmlRDL9qdAQw<CGV
zl)4;_1n-bQu9Cu;XsDkkV>>2)SmR;*Qr>nIKT&3DVE>m89z`tLpl(m67UA{;KAMVz
zu0}kGz&_75Mgt=kV{wd*vGf`pYwccJBN_y1L`<~nVLTlMMW@*-&FyzeYmcf10Tqlp
ztw)=DthvM!O2!Y>bTQgJLA@Ad-M_;k4!CGBR9nQp7lF5E4zVXnD%pBk6pt2Q5X{Y8
z&teBF6f*-1ayIQ6N1??%yO7X+jL_ad=%{;q358}R!2Nn`nyJz{1Xzd!AA3JGm4NLy
zo$PsnH9lql^gt?<b~h`{Y#$JAt{A|B#8gBxW;B|Wl=lObsa(^?6vP9c8qF`V`mvs!
z5MwSm6>2t=TkKO~u@Nca8a7wh^!dFxPM_nG6xQB55xk>Hac?|d(7^tF!{ecWZTyCI
zU=4K-Y!Vw-Nwhr+ky;#s64LCa%<Xq*2dZ2wLW?jOs2Vm<H3o2L$AL<W)eh87Hc)?C
z3>Vly{S6Io4$Bq>>V?+>4b&+Zs4o5k)dRYAZL?Yi$_fK@%G#d>3i(MGpDQ>%kHh%%
zSI1{+GZ>%#Y<&9j@hRuya|*@>iemFA3{J?oGxg(>z{V#DCX?B~HuV=I{rEi849BP6
zM8>&4dR=AQ%DS-=GC?^Zn=J*#ty#og?@9E>-Rem+15P53b)@e}1Yvgl&L18>^j6NF
zD{|U+P5e}T^nCJS?eSBa{fw8qpPaDp_^EXtG?CZ_+OAEwd0P|MA)r4`XpbLl3g&w}
z#a4CTR<9f;J9783YXAPl+dW(E^6j2c0lH_w|JXmBv;6zVJ|kY>gV?pJHfU=45*~PZ
zQMis73hJ*7y4nG;=os(v8JIXj^qywtV$+0;58whk61PpZK1zZN@Zj=2UkR$(Rc^o^
zPzQA5D-28s;tmhPO3sA07KRn%DSeQbqGh19jrPhfQS9a9WpxKu&AXyRj;YBs39ig5
ze)ktu3c?{kSX31-jBEVmfGYPbmr<R5dTHI^Yo`6B=D&tI#^Gb{XG$!BJYX}VU&Abi
zjcp238*HP<tL-r8)Oq>%6isxy{wHcEEGm4nZHkio5LGtor;yy9B(Iu65$x`AwL+<9
z3%!1GiV_lMX;F>GB@hfsn#CdM^2y^h9yPYABxkB+4rjkyV7HCls~`$L)#|#(^*Mh?
zYeg!$RQ|U&|JwtQ>>MeEJ-8dVC&BMltu%4-W;tnLhRc63F~vQe=gb7q<#7~pXGTi0
z;O@r*`JpubX%<2Lk)npr0(nQ#A`N5PbaQtTOeE^Q#~tRb=MHfPsd2U>xq(wNUq5qd
z^aSa=<gk=vHJ_+X-lurkRtS4~EmJ&SoGH%Yhf_51j<eEf$je(ru`O#IF($)}F=7#<
zQs<xW(8LuaQqhMmq=VrnlUD&G$ET7p2Zb=6r^;!VuE4ZaEb5HB8km!9L%SCC-ra%p
zNnjmjKcmDN1@kGitm{QGm{?Se(FHmg(Fz31PmmlVqG8vH0He=nJgcntnC($ux*ZYb
zS}zD%{y5thZf<|xYb%EQP*=1S+h7E~HqCzH_RPh^BFMR^nvC7?Dq5!xvbQ?NPGT?+
zt3t!gt8(Q$Fc3Qn24d&se@%}U2026eK=XJ)Ek-VTbBfMh2T{ZJPPyV~G}8CB(HfCv
zkEiD0S?nqi)O>ftpndy%+Sjj9pmq&(w$ijqGW{rt1AYUiDzWcxlI?(4gt!0pg+z!m
z@esDJy)&Lvne={$z55wxXHyGfH0^uY9EPS|cU)zh!6mexgz;ca-X|}ehD}bSCXeAw
zHakNOQj<Y&>tvL(=0yvZUMq20h_=&=J@U6`eFZIA&q0tM;)*VEi`F<_i`MDc;E(v7
z*NpVy)bU`Ym#s9&%$D_I^WsTqSv|-ea+#fGFl?1LY^UW|hi2Fg<bhq^Ng`T_eS6Y1
z=mywmCJDNVau<PPf$c!vLbf`1!LvSgf6b0;K0CzuhrubVlKsO_cvn*FFjsL6ykx87
zgu5gCB_kw9K3}D)`jJftE;Bqz`{c!QUd?VaN)^Si4c-CUV(e!LmhYdi;?rTpkEGQw
z9145^3zXy$s8<=C!5EXoDU_@s3vHg@gM4HJ!PO2%G$PG(PAobG^W*#RofF()r;jXg
zK|}@Le46)F|JhfZ+{lnAPTrL%T6brri2Hs>wQaMu`7>4AushAL*?iyCfu`=etSPDN
zB+5*^?}t?T?z}&Ez7F<D<9vrjfX}wE&qN#8zncxa%+RdD&Ef7PdV5J$@(YaD3`6>o
z4Pe042N+_v*)csFEfB?s7OZQ+zWQ8{3>T!TlTzF+<;P|o5RUOCX8Ue)iL1WZzSUeJ
zH%g1!TJXm#am~+};-t-);>hAlVoot5j{Ot&v+EuhZ=#oH+idd>Qqkpl;MjbJyG<V9
zD%3^4N1}^4##eUo0fgi+651`7ZXgq30E3Beten}vpl+z*8or@A8`(>ag>c1Y1ZY2w
zyetGX<12DgQl2Y|>OS*JYv>LbH}RLA1se?R?T{dunA};k7Zk=7<<NI#b=WP6xuK(#
z(X~L(=Rf>^8Grk2jz79$V6LJfBeHKDVfnfwN1i$Z20BA}nw7CP{|{r|60CVO{v~#@
z(*Hy5#s(Q2Is67092=dDkF56{<k?|29c0k{HmGfo>v?dHo4ir?ARo~V@{-}e9`QkD
zGU+N37FK|;V1^ZR1b%o|_<X@PpZ5R5_%43=zgXX9Wqq3+^(>AASmJWvCI0_1%uPMC
zzw`BNyAfH(`u=uro$LF=THm3cQ}346chsD^*LU-Ux3Rw8e@e5ylN47Zen@ze@T^dI
zJU9&4d69#;Zu>O=&*?DegPlmUO!;?`#WiIXXJSEeNoB|&$FM%(ik&guaXlLn#TbA@
z#`9E!qX!&2PLiO<9-E^i9P5+pDMLr#WK&t*Saz=a+QU;mvq3)j%#!WDy5lilC45~*
z9@}s~<L5sL`ON^p^P7P>#B^A+^<y2CY&t929`f+jP_Q<z%sy%}$n35E`i1>r;|XHB
z(!QD8*f$GUHP%rvjFtfn(o8p~r@m2o>WYv5L`Xr&(GbQ!#^54XIz@OJsO0%O!A$^t
zB=SaD{QV>J{gG_nYqpp1{!sl3pwSjz{{lv%*=eKxc#-<!3ZqxFjmG{sC)%D;`U4mb
znETH?NoU(CJ}Yz`rL|yBC_$~peqiwtnJtO6d|JWW=ceoR_gL@>1_e6^C9F(QxDx|B
z`P-l#$k@i}CQ}n`r5vl%x<6pR%b3`XX~Mc-e#e}IiUNZZbwVMf8S15L+!gsp12IwL
zLi>(!8T>UJv1aOH(^?doeB#mGRzB$~a_1-1c(lAqn+MKK#=E^VAs&qf@&&61n?(+J
z()0p*TJ}0au(q!CQnNpNt9YK6;K6}L0KgM=fXCUTF@CxUd4Aoy#Tqq$?exdlR`D@D
z_I~<Hiy)_dg(hG_;J1l>_k-V^zXEfxata82Y!sx@6Zi!?2+v0vk#xPU5g5djyXGSI
zU9J!-7JUKOCG-|pSa%<Hnme97xF3gq9&vYcw|BRLpZ(#VWOse|^N<@$QRc;XR<FA)
zz4LO%d3_kV4zJ`znr~V16H9NQkN+4?YAPt}E`{X0dq9D?sC%*?ZyvAdc9;D1_;|ej
zd!f57-gV)u?t=I#D3!dDc{+u?W(>Z$q6`l$?}7V<4?iW{SM?`5ZcTp2ZCgBU&4#Py
z`z{SOCGN5g^*L_odpK`n3cTlS-klZ$cu|MLdFy^}0feo!@0EWYbscolOiD{EAqOY9
zuLrLEO3kDDcQ>0#U;HQdb@X*~Uj~hQJewS39SzyZ3j!n_xfVmU!d3TUTm95<vwask
zY3ob&ol?p9MwYmWWc#k<f}^ui#Wls5$>OA9{jr-GSL|wpOigK+X6n`+znEe_QV8)`
z>1obM8ITv|$&Orm=xi1llO}BJglt+>+%~g)zdXDT_{c+u?Q?Qc8$@iUxa5eohUgLB
zEDk<vqy4N6|18b<5vHRemM`kBNS^|#>R|!Rp@93e1)S)u)(c;T(w9JER%3?SUW>c7
zH^#L8vmFDp)dH3>fKrz=3ROt*3n?vy@lteBUr`vJWt4*j!LU6zE5_X*&LfXtFh>^J
z2GmmmVs(5(35XRjZEWsT2unMD@+9@DeN`ykKg8%l3WI~Kb2-}GP+Y2C4|G?;IfWT`
z_)xx`V>qY!Je<>wY&Dz{+qlaiF9K$TC<lSGoV-W`3X{mgZ#vRVDAI<L_s-bd+!5Jh
zr;X(?II~qkBN?G=9(}%1AYId9?5G*W=>AS4#*#4?{uBx)3ei`|ijGakw6m#2XW1z<
z_cR;}J)&QG9M5@+b0TZ!c^I2J-cDs3=nbl72O52@#ABkIYrqtD?Q*gzfWHE_3CL+n
zHUTkY6CiSHj%jl!<RB0!Z<|ay)EIfwWHJm0(}k8A1Kxhw<P|ctf$to6yBAK5dth?3
z(gI#0KuZAJuLX?n1rcZ}<t7)^IoAS^I%<(p7*ZO}&oRcB<ic5r!pz4~;d+%l#+}vh
z|BhKBEe4ze$9@1KvAkvw(r5I5MDy%2Jm5@aGk$kNB}Z9bZ0w?~<j6yO5s;@J1i8=d
z50}hANY!EZpojK@&mY1zoxg(tI%@&16W|Z{!l(tzP^!Sv@9a-k*iiax=*kDRxao*H
z2g6PGnuE71sormYPW67f6zYl8e%q7?_^>U%bx;A<Oqw;?jiG$h*1MU2zlZ=>znbv#
zi(y{+5$2u>1jy4a<50C?C_8*n;PW?3)JnPcMHR76pn4{n)b5a*TvEqB0dV7V<F7%K
z5i##Utl>K(C2tTuY{YF#w1J8>&5@Z7X*E*>aXzSOF<~1dpkigO>m<-c4Deyk6;f6M
zIfq*H4Q!A=z`Z`i7AI)O?$H$N|GYaHx}>zt-G)6~Zo{6Uwbai^!0x=>#&<eQ<VDIM
zM0rtvkG76;{k(Pbf;u`t9gUQtVzouxp8zXFY4glPOjH4dd_sj-JD440?W7n=Ku?GJ
z&79xkwG?FYkK6l9MELekpdm*4?Yr@qX(+)^i?@{OqG7tKy$e!9cm8-)P2y~^j}`is
zr?iO>T&*Z_=T;l=hhx3`;TX0*9`u0h8X9yT>}$h~G3#2<$gc0iPC9ws^s9ISQEx#k
zY^Glj@~_dp$gzMtf+PPnKi0>G<L+xDr@~e(Ume8QNW(RclJpPv%-8>^?3s>#(!JAN
zT5#qQN?yNc`Kc$A<VNXF_-9B;d_u{P-1nb!d-6jEHHSis+*<wk?k6ZS(tkSCmcL~7
z88qy({Y;j<X2v!-2INbH`7)Ex!Ek`v&G0voc#*N)Z2y(9ENRYf3;4-*r{ZAynpr)W
z$K{R6El+ASMm_ERG^oe2&PXpDa}iyU+l+v7mM)W(V|I+sF>6s%kPkC9-c*k&ZN(~O
zXM8?XoLQ07YT_tXeNOJEacb4`4cY^C45;m4;>%w>t5jL!b2=^$csfG0jg(XVLkVm+
zb0Va5<0oZK9+5N33gJiD0iVU|wb)Nf_H&e^#6sDcD}k|SD1SP}gihpiu8#qy)es}<
zzwMOPuAH0^k&py>hPyNPo5PRkpYB(VX}HT>H<G5QymKZU(>M?B&my~FoM6qel=;^X
ze)(o|dQ%VrxaltDZ=-c@7xA}x<1vhXJ-al&ww0~Am|fB3maB)aBL&w}H31iV2`P%s
z&W5Eu(7UwF?B#xZ`MCGxW9;P?d^ytlas+$%Illa-_vLu~`ZahI$+0&ZSJx%KWNTM2
z8OkX+62LA$@L3M_3@}kpU_JN*2OkCSz8ZCBz+rkJQ!`AHGL>N(1HTy4V;M@h)4f^J
zBjkjkYT9%Q-*q6-`4*6DS`GE?B;i9%{JOW^P-Q2H<y%F#eCbgW8Z*Y|^`nL53!t16
zV{1HVrkcF-Ft5h7)od~AA5}_S^(bvIQrlYYZ};>2+Z-<86wZoe!sHO}$#M3_1SBKj
zmPj8RKg-=p8}E%taO|*2=`}7^bT$ixs3fQ4MbD!6rm!h_BBL0V^sG$e=ze4XjL2qf
zYIY1z?eH$XgE2lnqjy}<Hyl>x5&5ybkr3HnBYxFfjraxf@kq)3oBTSH$#_6<v{aUt
zryws5@pwmR;vla=H`y}GS{<WvNzdoT)CJs_8f>z8bm7WPq)<xd5=b<hC5X@1e{_k+
zywDx*zM?IT39>4!6_LrVM;>>Mn1fl!;P%hKI+=`}3-@5Lw0SjqqD#5}DdQ7V=W{#R
z0$X_IPEdE@jW-WEPdEGvDcU^RnPS3XMiaS=&m*H_Ct=I?U+gZpGc+}Zp6r~CcXA0(
z1J(Er#U`(yyKt(3Zpv$~K@Nk~L%LH?b7bK$!t<$FD0_1O?T*WE_h7ACA$U`wawBP;
z<^c_C92lv<YRqRl>G9TSg1qRtu3$xjc-9A%F9LeIPem0S&zz3>s^>E()#wUe)C~fq
z8(k)7^n`S3Hg-O$Bpd~(CO$9EDQG(4-G0M)@<7q{zHUQ?H!Jy@81>B>-B!-t6s;q#
z+fQboKPm*E@%p1eHc`${NfoK&FP+*-a3xTx&pi6(E!{V`)fe`Dl3>L;*am|2CfH9p
z*j9qwH>376prJErPub~u0bv((urq?MKkX}A3m7X;>C3j;7yNePPk9>Xd^sHu-u6iY
z%|}3-KU*y*2JmugYQdYJ;t7B^yf(bYRJ{Gk;KW-S-oq;1D!_~NYru;)6omPJFp08v
z?$@8Z?zW(~jI6!}hmE@z-@WtYMkDEjVf(*@ogxux_O0U<+RR^wR`>d7d51;eHcR=h
z2zfn6e3T((E=Yb{Q3tZcwEkWuI^lF@3_plYeWsD<#7>nA#^$j%iSZ<{gprc$*)8ld
zV@vkgctMr8ILIYT153G=$%Oo6G$Egk$BR}4X>s-*%)VF7i**s+a=@H?Lmp5-qKV^G
za19tZy3u=*BXKL}2sgfJfQWz$0WT0c&hZ+Sm*%ck^mwd8w|MU_D94!TWipTldWI^*
zcrq6#nJ`mE)T=Yu+`gx=*ab>^EbMsXM(p1Us#efB9pWCdZVT<nQ*td6RK8qI$u$q(
z%>i3<CVrt!`;*i&-PwTX?@xUD=N&8d4>xZ=3Z!rQE|hl)me_HQ*SftlcM}`0supa#
zn)!|w_LIxP%G356_K(H!Z7inP*aYV2jIFSCU=4IP5~Bn%eW<avFgyCl=O=@Ga-N(0
z213%O)Og&7pVsxie*D4Hqy_ghQRdtaQ?W(+Nf^ahGl+VlEui|gf2uk^l=i>5r;bSh
z?SBW#8CFaCS$Vp6wVHI1v0h!T-2EgS+5PaK>(O!VP&%Q|pX$x7`Y=n{+q{2&gci8%
z)^Q75`*33zx4w<=TGXQmxU4b~%HH{_rtE`@y9#NJjW8+G9BaaGII66zGrjt;hoKMh
zUaSXV6&sqWyfdr}hqjExi}7M=!Y5>n8^+|J9#9pUdpWF(OW}cDd~zk$$9SjzQ+~uH
ziJJU~5p)3moemdKrLpSnw*|Jo2mZX~(byq|$uEr|>fdU~_N~DAJR_v_iqRH!X?@9_
zXp|}j(D_KSL~^`}(}GFD?aR!jU&WU{M$YCh$y8$P0al*tGAUv-C4!S2PKw9WlnHqc
zS?te;r5SEm?EegB_<2oTgA5RJ@hn7ZgBWm$fU1TNj5`3f7m%SA?nYtF3u*RtX1s_7
znK3_1@@(;`NAdOeQ7k-<R68;H*62oWvTwFp9MNf}^Lgul5e#5<w+m~i@mi@}AhWxs
zZ0cT=OqZrTXSV-kF<h8B16)LB4Rj`+1)}8gu^2OXuzk#5LK=lS3x|M;=h4{ys{HO4
zh(gHC=gmV{{}|3I&5-Od(2~K<?6U%7O@pAykjdQJ4H(2+vhSw4bBkEtgZ=jGxU;$n
zXU%uNjRh8#MrdyioxPuU-6F`zZ{WS(yKk`HJ=kxU9C+o%zHlVaRQh}{U4l((k<9&t
z;e4|=;*-TS&xRKr$ZMBe-ap*H_9uwcZ*jmfXm!OxcO`M#<c&s;2QY-91LDGB<%rYm
z2duoptHINU+IKNF@Z3(eibsdcmJC}xN7>@uJ1|Rd_mCWsY?~kljqEY;f*2kwHUZz5
zaL7Ppw%2nvlh`t46gQTyr^O5IdXl4_WUn9Rtx;EB-Sp=LaTPG5zvhA4qrZ<2{cZi|
zUpcyN`V()D{uWyLnP4Yp-x-kNTIhXuho0U!W?y=*|D$et=UM8e7xxn&`C&%#<Zvc*
z=RKWVJ|NtX=7=Z36B2X2)<k8LNXOi4qA#O#cNbEu0($UWdIm{8mCa5FRw@Yf-e$vW
z*SB}$c71z4l6>3S=qBxbXV5LQSJ^)kXrv}Vvqc+3^x?x*uQuD1vZZ*MJ^2-#W;Ckg
zgTxOtbn1y!4z+Ok$D@$~p+N?|HzHWid@FF*ik%biVEXxeI+()Q!Sv2iI+&s<zn95l
zouqdY!GozTe@^fh>2WiE5eV@}C)BkbCW;f_F2;IkV|i>~Jobfmz!J1u6g#h`o?+*e
zplWA+d4^7_Gfk6)I`)qrefE$3zT?|zWZmPt!Ti6iKg+J$S$~6l=<Vr8?~D<3)7$8O
zq&NG@?a=%A4|;mvNcE-nr)TS?cer%R>u2_v73i%OC9au3D`-|I6UY078!+HuPC7=i
zm7M7rB+AYHj9h;6NmJENSvl!^<&1=tlcTJhbosSIkpbfRJqQ=(>|+ZAZXIT<uW0kP
z#F>Pox!J}b9y1eiqmG@F=Z%@!JQO(k(P0?lQepO-lTq~*PM!0`GnC@902dZSytRix
zu13Yh9p5`c=Z29Qh{8yQ{#~CQLI1%OBnG&>M+FNcgcJmg?|qM6B^Jdmzf#_AGN~FL
zH3K1QR<Poqe<qf$=VR!4e&X1vQ%8*(tIrQL6z<F&6T&cc9afrcl&D3AhR0)CwhOuz
zc{7)iCM)z5ZxNY@h2Fy-!$_MCN`6fBN;)z6t2pMf7L6~qcq0v5OTZST6HE!%fI1+s
zir~#^7OR8{ojNvm+W65vErJwZG*<I?0oh7?gofCnl@tIXz!*`=v(QrBgdBRz<B$17
zd4YkC(Oll5x%7SkZ_%PnnlWlmEh<)8w3W9g0$LQRq@C;6RcX=KeCyarQ^!wM(#}ot
z#y{N`<Zahh-mU~{*Mm<}yLQ#mu3glSgS;UWcQ!PQKk|637nF8Y^LAC!dx0l#+_X{C
zu1DgrU9n0m*AS&C`CYuRT(ied8apC0KvN#jGzFcuAyf%9CF?0_N>WhZrr>*L=%_o0
z_H=s8<xSyHMMnnlreLZ{)|4!IpTnDS`Fl-M=Jdp-EaMSJ|7=3nP5J9#b67XbKuXjY
z`Pnga;RFQBU#9V>Q=koAo~DUfvnUN>L{-W2(@6Q0FWb_{azuZL)Ds7x*<Ekb`JK-C
z?%;kpzej>yNtVS_X?;rL-<iL_U!JVIE&tap8vo9bVAHpTZF%g#UfwqzwqE7Do?Qxi
zv)&#tV;m|ZK^^K<NJ8Sl0JmOyt_JjNeB)Zc*N<G+zE)ER-gP73>vGc7Zp*COOY@$q
zii2cEXOrLx^9%m>5?4G1%kh9P6)&nP<lm29^ME+34D%0zG{gM;Ak8qZ8brgqVvsV-
z?+(H+TkXuy+m-UH1eD(8%1<fGmbcKc2^4D!>@c59fa@&=g%?G9F|h4HEhd2%vrJnI
zk`t*GlOW%fpfTNwc6Y%7-Di0jm*c67;o35=6~D(TWhBWv01Gr4<jS}yUb*`E27j@$
z)MC28<_BXYP+bqUC3K1nH|FzrQ*@uUa3I8+I-GajJ(UPqfrOlwC&W{fu05Y{LeM@D
zX>i*KbsncVDW2lOt@uQx89KSWN>x<6;$QmuP`VlVtU<EC5!2-Y{&KPQ<%FTcALPr&
zdQuRy=Ncq?{SSTkp%OhmbSlx8AKLI(-TaW{;alN{h7Hw75_wM|6PE@|94cSUT=|-4
zb_`}rPm9#J6Dqxm60g);kCb@yg=4->|N2wzJ`Fd{b$8Ef0sC`Zdv_H3$WOie_`hK{
z;s5&FD*vaI8ATiT@^ZPc9oXfNI+Knq>p!_9i3V;xhJ<M1sp$2a7vv4kf?!GCnR&*j
zfukFJqG-T3Ob2CWnOa3helnuEvn+R&pOon}YgP3ln)$KGN4|c@x4+&QT6ceS>ixg*
z_bcVw;qUMCq4$)@m)<jv)=lq>#M__Gk1A5J#j%$3;>$=cUTN({?TB!PbA2BvVJksD
z{;<3=L(z|;k~a1!(2ob2$hEb%%SL^B>-n|!`Xe{dfAsqA=JSWT`K;(cwis09Jt;OC
z52xv>o9;tso{wY53w-DI!Kc0RdmzNMVg0iIyE^Ce23GNJ2E7VjUifqXjf!`!*Cu~&
z(D!F~yr2Fn{U-Xahi*eYj6nvltHm*qNm|cjBo};7_7ANjM=Do{EV+X<EKA@Dk&RD5
z@8qR}CL!o=x^Xy;q6^?7!yT*SN&oo)GHLQPX*j{d#zvbRsXVR`x1E3^r`0!+2u=5~
z;)n)DHJpOUFaZ%Px$*_gT|Ia-U{HIK)ItZ}K`drE-P0%2(8xEQ?8;BHq5T4JjL(K>
zZ^V_i&xBADEe@2DqBez76VKmIjJOyc8qMkxn<RNfq<JVJy@=v$I*$d&4(|wbb*HgB
zIyfFr_6!TDtd(GL;D20NPvHK?&d_}RI|mwV0C&>@ff9#k8xQ&4zfyT_k9=20liDGe
zi<^rPqLLIn?tT**j3p_u#OUn2F(~LoD!IAGPtu8fJ8^Rvi!w#AK*Pwzqo$zgc9I=9
zHpeSYY$X}?XD&`qHipol^|+u!O+fPvMH0s3-SobiH|@hOHR42k2W(o5BJss?i4Qdn
zk()$n-y`>#gf#nkYTc+2V8k~Oa*aoUm~I_4W|Vc5u61E(w0KqwPYr`ydEv+>&f}pU
zt!!dPLqj{Jk;I;WuM;4n3ShFaXAO?PCQ*d{(D!(QDHU>PUqzfEkq>x7jI=k>Kn)&A
z@3XjwyLy$y8)>h9du;Gx10TcIn;KFZCq^rxVAj}CW5(u=m`G_oq9%?S?{#8GHNfp0
zjoUKb9Ik*EZXsE41vN)IZYzlHS2*2k>9H4oEGBZdD$Ur%o3V@D@8``p`-P?%vtmqY
z))GiOQBPT;uw|_KR3I@hNq*vS5(9x&`O}AM)DWEVl84Di_4S8IBuJMX5Bsm<yh-5j
z6;zAqU^ogoF@ozEomg}yzHTeH?$wD!BED`XxQ^*wH^kQu2(IO1QTX<gAT3$E($b&+
zSp!1Juy``!CVO#{*vqHzWt#V;MK4WtP;ClbQB0Zww`)B@Dz`&PkhcOt&uhL24_#9P
zwvPd!<28@stClXO_EF3@I(8(UKU%)8BZ&v=YLWzw7%eyAFPF2IAkDp_0QqQL@2wfF
z^Sx=bDtjxVb*MLwl7s0h&&%I;AhD^<5)whY1%1##F+7yyMIA_jD~A_F2*>5F7Bj5_
z2|b73(G-Iu3|EVZmD4+zDB^>=J(lIZgl=}UpTL&6RQ;S0eZTr;g511=A`&&~Kvs_F
zX44UNt^@nknz2wVRDFNp7VsgHFDEkD)pRZIJapFd8`w###`RdEM=onmMlYSc1Vi_H
z-d?F^d3);T#2eJl-PvF8zxI(QR_pnND_#Bc-_lL=-`)N<{&>c=+u@J9_|RL=kKUgK
z+(iC~yAA$^EZ(BTHT}Xtl0MINgt;lkdWs61*oypg@=4qp1TlG(%N!>c^do%pbvp*6
zJG!rs$8<-NQHU{)n(_#ZHD`T!@4Ya3$Jn@X?#E&}D%#o_1TPDqvl<0^g8Nqz=Mw{*
zP6XK^qA!#kHFSy{yTbi=?bwOKNg@sht+?6VI-N13viJzvA(FMb-EHlpdYCyBWjRC{
zt`uzzxC$<du9vQKrNn+2Dgq=Yhit_dAvBcRRW@$kfy@rsdyi^12r9E|)r||DrmGt?
zmNgq{_E1PZjOH?WKzGShCeB+5VPC*DJ-MPkZl30fdLhW@_iv@zZpRISjWXZ6QBG$s
zTMa|q8MMg@m<9Pi2ryR*a24S~?Oiz(VNM;)POu*d_Aea_Bn$nX>f$=CP<bdDa@X&E
z#&wrfgl>Rv(huR7iqHfQe)dE7nInYB7g|7YcRz#_wS=93(1SgKrV&P~9-H>4ZG@Ge
zyCCG(g1y_&KJ;sKlGh?TA%V8*Fgdb~vL7|&h%2jUKWe(`n#X@XdUlo1eOyOB`M2Lq
z<loM>ydOod{m96sMucWRVt>MMRY_s;sO`8lMfe#X)PDc@`4>L=h7KC~k^Sq$=?@<i
z&e|Y0@w@-*^uO(=2QSs!j=sT%-c#-U_W!;&+5c}suWmoZJcVF)P!Ba_cFelUulcx0
zbg-E!5;eYV(ThYgf-xEqe3u|ql#zH>roG_XkxUX%lJ{D|D;6<1CG^Gmbo4{K?bkx-
zH|~Z8IFz%XC=9s`tY_|r8fhpb(&RPiX423KLAg}n($E9Vyq79B6@<2-xm#PsHe7SJ
z(kPkaAc~dXf44$$9YV+QJ4q7CLYwnPjh_$-LzH)Jr8YV@v~2NmjWE=qwMn@IL}4gG
zd;L{U5r$Hlf-rREmW81j6dAgtIcA1??fbKhF|-QWCdKQnE7>rGE7DIi$qD^<lPC{b
z=m{?FX&jL7%2MJNVG_OP*OEQfe4x3qlv<gTOF`^gycEQ{JuU@}yZct8puX6op3t1R
zygAV{Xiq#$LeK);-CmA5XbY$fNBIrdGJ4$2o3w&RUqww?O@b0@(pq}Y?<IR2e_w4<
zm7Leoq}&IBBoz6#1tp;b0A)a$zpo?&Lp#LW6({e<-H55iJP&VmBc}Ra-DsCikmq)*
zMFfKNTDJ%^F|Y^}9asc%2Nr=orh|F0rS5nd6SxEuBDcF64BOENuMFB(5vOV2`Z#Le
zS8+=FR>WcU7xx2*UM0_sB%$HL0t$MGWlW9aNkKqL$z%^~SF@KvgmC)|V}!diqMes5
zk(!(*Unm8rm3Q`*5+g@PlDrV%?np(sFJdW`a=l0r7$&I&FoG|(R=<svPqbD}&fi;;
z#E?J|1H{K}$s~q*NZ+l<3#GAKUI1}sz(qJ@vBvLs^A@(I^Y{9Em1O9e7u9N}BEosO
zA^Wy=`<@m0^P;)Y_q?zq)_q<aY;!C2YMl4hnQyiCnr}t&*qUMy8Z@Z!%{6+!rtd{6
zL4)(|Wu27a4My)oMc@(nkt>SjRs`v_xZ?3iQS}?uDIU?6BtR&K2<{^VlJQxiiR=IB
zh|j<l?2}h$!Nw5tJ%pHV`Q6m6+`r*+7ymVBHL_KbYxZ?L<VQco@7=(qDfOC|7&o8g
zt11*a`)C1XZAPNxa@GazHSPqJr5nr0L7zT)?B7!HzDR7TOrUNpX@>o9PGtqd<<|V=
zH|LUsK=(5r`S45k`RV^nH_`t;a9jM+{R+QSunBzb1#2UPaoST6NDy7%!!P;Jdn(#*
z{@;Y&gZKZx@uwx5Z<{}T_Cp{3I@*^%otIEIf7<FM^y};|CEWrZ>|Mak3)b@m+y)nL
zZn{*sIfJImLoaJGM`#Q%qq!MbESQlc5hnwC^}uf<1Ni@55d@7{=9UW<Vck%H-$Eqx
zMYGIa&yiV2G+Xnb-;!BJESO~`fLZ1^f3wVRt-rwS+G9p=d&~)q$R0C->@j0WU@nV}
z*O2SD#K^TM<l2+F3T{zd<@@C7Q#BsF@usA=1R0!K_epwOjZAf@Av;Nb;g%Hzo3D9P
zSF7U>(w21Xw7Q(5<sA<Se6^?CLks)h>7+XBL2KUku?KDKyIxxLtb4tzjJmD$-AcL2
zq^tM@$q^@;zYG%mS2n-T^jRN1^!E3oH@nA8?B64ALa)wWsBjY!F|$i*9K^2$|0Bmt
z$zs5OQM;9ZQF8#vJi7w+a<i#)#)0I*jq~ukc=}H3FYTB%(qgEQ9K9sR&@lPM9!eSL
zlvP-f0R{Y?TsSjCnAubLTK|25=KJ2t_x(eZj}K|xsTTO`S5eyiO5LvH@;d@;RsQn-
zxn(}{rKRuwbmqaj_oo@HZ)<<;$myl|GWrh5Q9uTIiCc;GSoxJN4MHH=1NtBM(BIaN
z{!TZce?zNVwCDF;-^VL+9`3Lm`D{zNW{vcYr@|a~hDI<xC>of=)B4>*vDNn<kC{vL
z?a92?cRdX6R`+^1)3WaNNRIl_=pl^60!j@MveofKBeog2f-N;3wjTWBuRBC>O)~0Z
z{~e0@*pTvM(8sd>SL{+R@*D;G`R^o94Hi8M!hRuxWGHv3&i)ic%i`=jzgd<5k(uhF
zYQaZen;d3wBycNa6p7`8P?Nxz!_nEJrh*}|#r`K)UD>Q4)Z0%fH_j25hK;h>hs&3z
zMS88jFg{)^R2HFi9B14j=^ns>S;_RJSQhhmV<@-EYeFESVQEEDOY8W_lNc>i$Bwp2
zrv0L=9$Z55U?$N-L0Af7jyDGL12c@Bd`Ege&UkCa$;wL(L}FYIbRSoUiq`6lNynfn
z54Z`klG01D5~lE65T_8L-9a#Hc8oPSV-e&ZA3_~6Vx`$Ho9&0KT~*s+M-dNmhRNzg
zTMEtr9`hFu#+5C|o1F}&Ia+T6d9okH`YOSX9f(Z!3@cM8^}t7KwI4ww;{sBw2uK1M
zY&#T(c#d|+KqSmnNoe09-fO3hIFM`+)T23Axz(6XHM18U3V)~|Qh<F`lU=1`apwjC
z_~tr)6Ry6gXArzD^Y{ik2}1ez$|l`bf@u2(1U`Q`D4=;~9)l$_Hi;|2LyRzak{N+f
zg6lAuXLjg~3TjZ?dll4Jb7Aj03D#H#yMtht5)l@zgEb=9UV`1NgNX!NPq5}X*j)sB
zmtZY)ux12%iC~dB*u4bHB-jHwSQNnq5-dgsGZL%|!8+<-5N=D)CcSyXgTac|1~DdS
z-VI;9`4=4gCV=1f10Uev=K;LK4}6k?p9b)LKk$AIP6Y6ee&8Q(C`$d7fUv<2VS|cr
z)xZ!w^F#RThH{(x8z8*vhhV)<6s!mExPaNz0sJ<Ae`F7A7sf>qqTCtyMod*a`|oH>
ztmAt}k+Y0Di*hFW(~ifXfn_WI8Kq=KaYZTD2|F8M@EPJoH#brw&$W#dY4r0(7*{5*
z0e$&J6sdyZkJ6>X(r>SM>XeV(UF;)|-tEW#b-W4x*YvjU7rTmUQt>?7uiP)D!g-b|
zDB;BEFi{V*XiRMNeh?jK5gDql%ZLcb7l&p>n$x1bJhvtRQdse0f*%?dQ?+Pog*S?2
z5f~s6ISBv5;;a8-?_1!TsIrHXHib|M6BIRKf#3#BMQN)DiGU_Fg_(8&bwR0$f(sT@
zRD=YoA{5hVXU9=i(Z9OBcGq=v)zw|Kf-jnuJ^<w@f}lJEVQP33aG|`K@0@dI@@QH_
zclZ1K_xtoGO)}@)JNI>7_nv#s5GE|F>WmG2w7V+Ogy`Yogv7(e3GE&(3Ob`^hl}%f
zgJAf_pxEJJM<<IBuHu*>;bigovlC7hBZ1k;r;63x+C5c_1SZDu;z;0*IIbHBl;X{Q
zai|~c%!&{29MMDPi1``|%{MR>nhzXw1>3JwhqQB$xPC|n2Z<jJ>G&Y=#UULZBtA6c
zj1CfyL=W-OVYZw0B%Si<F{RSfrc=)LVoL3g*3gIu+maBrL=O`Gf(V}_AzT-&;bBC;
zh$66*&+H)a2Qy;|kA59@ka*w%o$@!Bbz)zsAx{39(e%o9PeeMT=dFv{_(O6@{=XOh
zi2rYoAJ<=HP+yDSpQL5CTPqh?n({nt_1EBD2UFWeT9MlCF%q?R)+~@diFwJma&)@N
z-KS-?0V)e$f%>^1ne2iz&TbZh`DP1Ct(cskj8ZF_=)B@?Gnh6OmSQni9sWQHd2;!N
z-ew8BE65K5S?=VsPVh^bwR`t?Q@?x<_AGS5#0O6pdFd-m4I?VU&W~P!?<}~EirlDH
z-uRWsjcCQ>0Rw20gJsP#Q63xMRO;}HhG=mZq(gMM9j`v5;x2b+Ct#UiBF6PGlLo!V
ze-V80QcD7V=3xEwNTnPs!CDJ$yX<3(;7JanEYw<jQUC_!X0rgV^%;-)qz5f@`yMym
z%}uyw$#}y>*qJTD;4(+zb^ONbkR4rrJd)&Z|F<XF+_&u3)}EWt|Md3U-tIraKbdSg
zD+;g~v?}O|!Q<pA?|PiVSdL{@sR7J(%>J|m<GVDmy^h=wvS>3)o7LN2Fd8(p5viFr
z@;qjh$p6FE$O=AmJQb`2i{RQY^Aj4McHNAV$K!Wx#v`Ncc!>7XkH^>Deu{r_qP;ge
z(cTj~u=fPC_dHR1Pd_PE@^yQ!|4W^x(UD4r_Fm4?lsJ2jKk77;;Ay}tUJCOrm8+PD
zj;zwDsHrE!nR>W)=}>=|^{?7{F^e-ztv`Yiyg|G6iiRf{dk08-vr`CLTpP@4#cx>h
zlz)$1H;KgeQQfXf-v;z@_|lkNCrAf)>6`ZLI^K1FtGFh~uKS{EqFqO5&IG$I60_@i
zE^E)MqcXN1HR}lNt0c4T*InbxI>I>^GwULnSqCppu<8i!yLhXPo*am`>gdU_c&m<{
zq{dry^rRcpzCi1US#@*Ksw+>h>Qcz6>t$&AEm?J=G>xQl8Yv{Bz}#zLCf)e#j!n9u
z*&Um7eX~0@=~A;hHtF^Z?AWARIk01s?(Kmcn{-bO?AWB6Gq7Wm?xulfWYWDzW>u^D
z-4CFk{4UAnc~=A1Bly)M@HP$n7X+_M0;?Lh62V(KFbG@K+Yy{>5Uz?^Y&;??O+r{2
zMYtFd-bq4uCu-7lLWDmgA>4P8wP4R-08dXc>Au#$jR;=-Q%t(S5hp2StJa;)q_dr+
zn{?-%r7LzPL0gTQbO+!E)AGL4zFE~Rh!8XBzV5+Hx+&|J`uExEWYTry-z2y3Z%s?m
z|9bz3{@3{@$SZ49UV(-e$OBo`z20L*Syi^Uj<H$M?(ln1$gq<h+h)<QgvpxRb?QqO
zXA_HXpf3y#e0P1|t!)Ng_E_{|F<y47{BR6j$pyWbO}nDn|DnKyo}k=iZR39$Y;kxf
z2sQ?2<wi7XscGD_%Ng@Q%~5~d>|}e4R{w3Kei6l9u~FY#d_`m2q}d%ok!MpETsX)O
zi&Uyl`j$ug&@B-suZQ*2IXJqw7&MtpHe<~DO82y4)}zA^-B!dgJFp4FkN+YPKQBkE
z$Cq`szc6Y&9$;sVsDG9+o_|Xk<N4E~2!GIc{-kKUPdDy+N2Y2P<RmS9n~tx<_dtKR
z$dIsM2Txwq(A0ReKT~fviCN8}5%2I;fKD?VO-*xao9#O0wCc5I8k!zu#^wWA9Y?;L
z$Y3uez<$qQc?|YS0_<f5yO_aVPk{ZI!MZZo-x6SdWv~Mdf>kBJ{$Xg#YyaG;v!gi&
zfT28{WG}uKMYtXj{+xvHS`^_*M0hp{;n^rcPek}_5`v;-?4qUEyx-Yg0M4(YY;!dt
ze2)1tbuaGeu)d>VJD!iOTXfoE{x>4U)Csnn@A>3>T&COzRm@U#PrX9Ll&z)agqm{q
zl`I4e-;@oEfx}a5Cv)ve8xt7I$lz0>MpYIT)puauL7En!MeSwbKgy$Vaj`*cvnFls
zBV*%S0?91}=|wt(@q+9AJjf8Y-LWUo9kWbex-Rsp3cFxd&%gL|hsN_)<B{aw_BjpV
zx<q|BnSFo_a?V~S9+6;l39#9CnGG3Naf((D)0&;+_NeKVR`nl7SBzwSlqX!6$P-K(
zfG144@W*+=9(@Zw$`cBV2|Qs>U>5NMtzF0sW}Il38|(?(5>20lzix|T0Z>acfiIHz
z22|_%B?MiFI^pbP6#i^~9Djdo{AXeQYkD{@_V7Wx|I?r7uRMYN${1~qWw1vQU_k~O
z!eEakz$%mI_EamX0Y}tO7^tB+iCoMP2L2<0Pb7hlYNdk+{yqu3yH&qs^czIjn1t{f
zt$ZGWuhTpeX0On8g+68xn9&|WE#MaRJlspuM4al!U6?B%5&TO>bS>g3`lgkx)Joe{
zFdd@u4<{n%qNi1HJAk9UPEPfXE=*U+3HL|joBj}WlCY{*Yc+kjJi2RTQM00N?W=)5
zSdQLLWy$)<yocJHub!IP#-7Ig<kQ*HkG2jzbNz&FQp!X09jL{rYzGRr8n6c3Cjtcp
zOc5Src#%z%bGfR5bPCcfxW2^5>9&Bmd^uNMoQhI21XMbXWj_p7Q~2~83ZKqGMk{$l
z<&HM{?OfF|L7rX@91R2hIpS1~PU^NjWajFQcWC0i5ohA^j5A96DVLpUyt5B;u0zww
zfi33~t?Nm;O-(Ml219gHT2HOOSP9EYasXFlF|d-a*8nRyrw_3b!Xm4(T4yEi7<8+0
z8<3J_Rce{&fSa5=IoObpViM6J24>fm8KT?je$+U+oqKeu7Iqs!k?6)YmD*}ZFd?_a
z3{O7#1PxD?h;gtdvP{eSxC}EO+5*L*bZ}wE`5wQ}@*6IrDWQCi%$pL*w$1m5fM~wQ
zUARjQrfMz_r+4TS`#7%RqS(cosCmkCm{GvshA{@W*w)T|`JZeZ?3e%6*71J%-L{VR
z%YSV<qy6%`qMO;9cLSrjC5aC`6h&Bq2(yw9W<?R6L4+wu2vcJE&u)#EB_h;B4Z7<Q
z0gX>0Lp}$n&q>rbB1(M$JD3!<Hd~nsmLW;U@7PsU({@-8h_V=OqiIJ&quAb8$wD_*
zRp*nZF#1cpcGg#&xJy4MVt3A3Ksk&*A)>X5naF_t-0Fg<>^P`6y1~@u!r4!tKkeoj
z(%*#7f&QNA^<(r$heL7_{mng=NPmRZ+J^o*>Gb#X;r8i|N_}I9+vcGsyW%O5p6rj&
zpO$vjRmZ6B2B1Fj7i9ET(1!k4x>dI!Qs<7QTaA(5Y3MI^pGJO{!+IJz-R|Hj97uiN
z(&kX?xQdY<#?Bwk$j{Zg9rCmH?tuKd_U@Sc4rF#re(N*Oi2Ux>Xrq&Q(@t3W6O(8o
z7)7`W5&TIA{wTuvh;UmH!fjFdZ21-tu1`X!J*C&M5fR=y#dMAI8m3d|IgX0eX-0jw
zV)TA}gTlL?iT1BUOo#A3dxA=T7K&;DyxLbo`XKhOSnXxhuSy%V+IaQIK8E<1R@;$h
zPDI*^XLHN_ZTu7e*;ZfpEaUY0!h|EI*B3PZL{Ju3O6J3Y6cObi>@H9$@e0+s-Dwb&
zNf<HCI^*_wcdxi~hX$5J$Rfyd%osdYV;P6kci-=$r58#J%wf?k%xH|mR*%lTv}sN!
z$~p@H#!$MP`OI4x+Zf2$hI+@j*_ygl9XXYh{x9H6y4f-m*k+~1HqnPMrjld->fIL@
znp_bgnNGcsWNb0Y=nD@Io{tav#~#`f?4*U*#Lj9tj8V8e0aD3U;~fBLx-SxmX_01Z
zH?6PzVSRn=3bPe4cWInvxmtTTb!k+e<fWr9G><llh9!dyY#XVm_?+x${sBC8wBVjp
zLPqb!dVW;l=ypA~_jXD&ItrAsQLtv#38C*h3(|5S)Rf`NUE6VH?-K5wZs&Cs4ZeOM
zOl01(3q06V!udC2hSc@>73=($VrJFNKI2MXzuE%VpiTb4`O1x$S#^EBv^nr?qJF67
zWL*a(1HTfCYlUEl<uQK|GsyIK$5^(M-RkHLi`Q~fEiGdB<drL%C?$N_tM6j^nw`;P
zX}G_kUY^d9rM-D!PF%EgJzvBLSmGED+=ADGZa8*|!p7wu22s+GN~5gPNgMngf-=vn
zF8+=cFeDdP*e0I4UXm+Ef##D-Y`%(JT=^T+)CqQrPre&S=WZ(>tg~PYc1@RVsAmxd
zy>>2qexko_qyg_h`dladLSEV2;RZwLUUK_m8lrz2UvZ>kqdp``_3BsOI9b)&Yr=2f
z>7gKxcC^XhYdbWU?laLSoqZ_2v(|Ql6KUs%ZN|5$I}6LV_F#MCtNTaGeMNbyS#<66
zyMVcc&(qhtUZ9p>y+nB^rLM<2P7A5xh*}C2hrh%l^@=V2vr)B(ONek2zBSH+Ili^t
zIREU}`>#69`!CSnFDUcP>f1X{Q3H-PLjyK+(16X&9XG(;-uutE|1Te5uP<#rUH?z>
zdN1+|=>#8Kx``C8e!LuHHlw^9KH4mY9$1s|K(V?QbPssTO-<WQoQkwFo@1#q^T{ze
z3px|OektiLFKy+e&5^Md-9foYYkW7XmYV&_fx+w^Q`_;n9to>dkd9!(6Ge*|1m~>&
zBshmZhJtet2+mdT>l*we_Y5(nn+4Kezh^?*Y@%Hc8HKV$d&FzkhP7Q{x-!PAH&+ab
zT~<N<GHiD8ZInRoB&lTMrA;skrMT!pro3==JA$V2?9&RGH<+NgU^57sml7a<VjF5k
zg!~UwrHhY+-!bW8Rv-S336efbqSD2z-m5+A0uM_P^Z|{175SuPg7i5rt%u>p^o-JK
zH6zc<jv>e~4DU7`AHkmFuwDPyWu3GY`Nd4K!#w4rKaZE}z)sJwYZrUWh-+o5yVPt5
zz~t|t4N-ODAk2GC?qfE!V93eHks71FFJ9!!!NE84q3vm$1Fs16Fr{!7Bh;1xHSY#u
z(Dpz7d<E1Hgh4R)Gg*cOnB+F=*|U!*qbQcQgT+7pkz(ms42Esp2X2GLzi7OW$;-&0
zrHz901FlZsdEa=vbU>3sL1G$mDI10QC7E5KQfkF47Xce?65BnModuRP*?&<uH}1}1
z_&n;@Zq%yY>X&cOumasgX=tqNx-EeIF?sdgE3Jkwm{`M`uK?@n%gfQ%h4@KA7WEUn
za!!A5G3t0fEWmaAfJKxau;O*7$%)sYFxYKpq`&s>L!EKF+nYDynxlBP4_KH5_hC53
zpyJ}u?^G~ggvOs5a?~gL;hK8Ds{Xbg(*qy65L7xsU92!&{2lG{H7XiCAH<7kdOjmu
z_cwU@pzrqiMkHz7M}h+VCvp=M&<;veLfe6Kj}-eLfF@ct*M7die^%SjZ-MM2$~Uv?
zT157*a_x})@95!x*uzT_h`X8*w;k4uUQ+`6F}CGk0(khLsEV1Et?fLi@(xDjzk1)T
z$!BdmL}iYZp_udjwE@{Q^yd!9Q{CGckh1P)G9YJfIQ@Ve{vu&O77fz}<o@k!K+by4
z&Gf<8cxcWv&TIa)@o-%FbH}5iTRY=1quZH`N9q@+ACH~u6UJlLrTTc>v5k#K%DXro
ziT=tI(r%pHja$Jy7z<W(`kTSaV_;MqT$LxCxf!`W58Pf}jRztkLXEsEpi`BOkR!NO
zaTR70i%)Ez;E06i0d_7plQ7@PV3>b~Pjn$oX=lqT2kZc}CN)0k!@&Q_^JF_F=*w~Y
zT~_s;wRB2_X#{AqD<1>#Rl%%<c9=wEP!<@l7B;)(b_d<=*(*}sN0ubmu*Yf8Gxp}N
z=;cK$K*KBXQO;@GD}~hk*_0Y9iv?`Q^E(XvM`}Fz>&-AzAOQ?O{mO19A=oqo%qXh7
zN9FL<|Gd}6_RQX+hM_1(8KrNi6&Tn77p&r~U=O|V4zPT0XWCFxNw3S+0w&T<8H=Z=
z?Pq<gZK$Dj!r1YE-Gh_&-LB9awOH^Hx`4wr+`4(U>pN-)izK;ocQ>-PQVzGohaa<1
zp|`&O-C#Pe!Op4bfm5-Jlu@VfvIn~w{Ny%eiG;YSd|EITS12%<mzqjq=aX#zZFKzp
z8!y#KYr=z>{DMUjsfI<wE2cWyfitQJ=bH{*sley-zGiKi;YA!9SMfL6vW4G6VFhv(
zFX1U)=Tq&T^1Z@*wBGH~&MDuEUD`S2le%<#%6C_nj!*fnWw75S!0={P;_laQEeY_J
z)z0>kIu>i-j}cs$1Rkw{UqG-Y2|P&y&qMIoB=B>m7<eLr75JfTTVo8BW}?qF8`l<5
z>HqyVQ-L3$yE2|bdAX|Hp3p8+p*;N}Yn-oSclEi?orX9^Nh0h&neZ%r&_#S3g2o{J
z7SvOxVQ%A`oj;A9HCiSo)CQKafi0Q*C@o`nYjxANjFy{q1nB?<=V1{qcdK1~W23ds
z=tL*zZ`Is9U{@K@o@J}mpOHrnzj(@RCAS8q`zH$Mdy0-DHvfGyZu7ZLausV*WB30i
zA!)MHGI#EB)mX^x`suks=%8#8>u?5jx`lPl%51Vn$(d7+ld6Rrjc?IFbzsLW!V?5)
z(T#B}DrSxeu{OP>wMozR!GiN@j<aNkv52M^q*ia$LiYO^tyPWWr%HLpAB{3TEy)XT
zzq8&1?l&@pxL+f4R{a_;^K--n8+CWp#l|>(bhe4{BMQ_*{HXs9#swF~qdlL(xFCxL
zM9di5s=2G;Q{sP<;>)0GXBms^&-ie$-U2=z?X6VSf}Cgz{<NL7z!s18Ypn&=SPO6t
zwH8?Q7Bt6m;Hy{*eoPXKN^L6%`fYDV5|~rsCBZgb5@;=GUj{VCd&1I_<Jyzh;fsmg
z2DV2Za48IBQuN9BDXiIQ{D{~zPvbSwfxBZ{oG5vriHVYF(E?pl^rMwQboLUdXU918
zf${O@r%C5GU$XNXQs_v2#LjR^PJ4cH1kZ0kSX_Q05`k}cegof{jva{?8_}DbBTuw(
z4MXxn*D$-GsprX#VZUWbmc6MgCrE-@>=Vpo*1=%UCcvIzunY!!J^}U&gEglxce4c8
z?-}e12K!?I>_rA!%wT^`fc=5No@cPv5@4?|SQ&%8kpTM(gH2(ucM@Q4G8oTb?<c_i
z&R~}^*y04(dkkh_u#Xa8A28StMuL5s0Q-=^HZfQz0rm-leav9X5@6Ly?#X|{5WCV=
zbz~#@?<Pgyt<}I6Be*IFd`JVE5&T^exbsN{ZfXGV@g(qI4ZH%uSxL^pg&Oz`1Yey5
zzFGr6is0NNFg{^+$(@LBVG=^WC_(`uoRx%d)=8!_3_x&N64<PPGZ1_tsdK$F@V<Hg
zcS|bG9cQgyh2WH=Of)k!@Y@K!EeX6q1205y<MF6E)1Df0*{?QC1$H#uZq?#<p)%v<
zs_H}AO+I-_Cu^L1<<wQnKyz543s+vkpj0I5Nvr9WN?}=J{&X6b(@*G^(B@fs9@~+0
zMl+o0a@L95)1ieaXP@QzIsIz}P1?R=h{eU%g+*K&yQ`Nhqur}`9Uvc6fP75@IK@@W
zO^Nvs6p`%|-@d=*p$hP3qFPe)Q`Hi7QDsg$3c!o6fC7+zd|*`U3ffhb_9gG~l(v#L
z>#KGoZ;dft@*apuUKWC&ebI}~6lWlMf0NQy^uD^O9nm`{!3aAL6TPen?aSU<jBVuV
z?V9K<iawd8nP`r96YYKt%^A~VqB3o08^L)CxjrP?U;lpjS#wgCpNrvJ)6N6&@-u_v
zC&<CCPbRuWFcFy#kUN+`cHzls9bTI0#9-}Sn)&|3v<@%LtYWZsFU|ae!P>nv^E89C
zduir=2Fpx<SsCmW2J4#uyMVz)FxbTjuwOCQMGSUH0_>tBsnnCqwf*WlA>ePFlWvt<
zqJe*h;ND5#8#M4t1dB=Fdo=J^1pg)pe5(c?gy3;W;BlHIc@Ba{C4mbx@R4c&4^ILQ
zKgGPmNi|%DI0KS!noqC>yo=zSNrGkENd{ho;87=;3rWLE(PI^-+Uqm6pY{*-Fn3?r
z#XcOGM=P=j)wJzYL^lG}qg(MnZI8NbW%P1Pk-BcBGp5JZtz<_zPW7XebU%ix7)$I)
ztKogBVVgRfUfQ5uskcZgU!j$srarKeHScVO5w_@lwrIKDg1`iAI`fOccq<tUb$n0L
zlf-*!_21B|IjnOt*vCZn!LyGcTHR<7sb_6vJ*MubZH?=G%Qws)!m4gv5gmYHb?pjl
z=^l0Y3TG@sBtRyqAFN<QgUwXayBK2Q^p;lDH1$csVcZZev#{9v{mQEYz4er!biX=S
zw-Doe`k|oD^-qkaxlKL#0vp8xFC>oQH7nRCma12-V59i?3yGshdwJFs&V=o)EcMHE
zgAL&e;}NOjk+0b(Afh_L9M_NUzCNX;uv@vDy=k)6rj>qn$Wg0(egvN}_L;bU%Yx+s
zuP(cPsv&TJAZ_5~&U7*><C)W_bTHTh=faSj#V=Tf$VuC*gFxyh-luh9#;?z&k|!=-
zvJk6xgFdqr?{~{{GePL@SI1YgR6k=<6YjNkR`-9DuvbHOYd=7(#<-IY)>`92DP2KF
zm_E$l{=GVWK-}fpX>@b4oy)Z|qA?{vXNXJQsz*qUS7SP<lRr9*8bdcFu1t-oF%GRo
zW>GqxyIg&B7}H@kX*vuw$B}s5b~}5sLDyp9lCSC!joDQ&B6pr;`5R}SmY-X#mbhCZ
zpg0hYPdbH{PIyuv+`0~vqbVnJv9v<7-K|lwy=@IsAk6V-^EBJtpb=6U^1|)Rdau`-
z8j06VsMHj;f3PO1#H`VknCf`6-dY=8iz+cYR<kxd6OVSe)`o?KXdC?Y8CnAt8Z@WO
zX;J(>+BQJ!?yW<6;z+17@$T)gl(-!SdNLB8P((;dij8hlpelx+168qC^FRY7ICk60
zO2--ky_Wo;4Vv}$c>nppK!bogeZf){k@mDfdJ2(N0a6*vrolfR9cPMpIruW`{dQjZ
zh`!41W;_s1=cQKK#EPte0+S5>ivV|V40mxHZr2#@LJwerTI9s_;wBZ$YeyYyf++1^
z`W4f^#6<mT8R%awUH@|H`q#4d^e>yBu%)2AYG3XV+Sfaa>0g7m3behNR-9;e|Kjov
z^{>CP9g065>RA7Jn8CONSXTzSgTZ<xz*wBD;iC_AtVdnWVC`N$K9|ATy?lK9;Is}e
zA8%!_%MxH&3|7NnmnXmmGT5sOHY5RdMUwtid{U3AGH@|y8A6izdRG*o8zS72gz#Jx
zVebckASWTb9z|G*2+y6ShQGF7gM3nVx0MiKZW6-WD8e*ExU0inSkzG;wA+iU6M7pi
zLWEvP%Gje(gfv8W@B~xGUb~Bl#+S8E$J4qd=F_AvGB|a?23=Q}vq5*ryt#%Hkmv;?
zt6EsY<nPX>v`Sd0nn5+X=jJ6f`t=`M4ZFJBm(|*D1JlV~e=4dS7O8vBXZM*GJ;lWN
z$?5UpyJR8rcbIQ6_%kpjr!vc|-cCogX`Ab(LWw*e>QufVj|hypKP;I}&cg}*pJS}(
zrJ=d$2F}*pfzwpq3UanU|H<I+^A1d-8-N|SZLFY>vE<0opuX}x4MX_-j{N8JW_O2X
zm(2&hak096Iqt-!?Wjv?c)UYe+5B{af4wLVVf!QUQaXIY8V-B8D%4dj4ri3a`9A{B
zYY^m*mqqa|P-nxN7%LQ94YP)Zzlu8#Y^OeTWIX=NH{$u9v?rgdf~DY-?RK>f;Q3rX
zaOGFRxa40o*PcFWEBW%4wDF&AzyFQY|Fz5h^Zjr9iT!Up!~Qp(VgJ$D)rT%lCr}|Y
zqfZ1^HL`1YwZ9uzH9FlH@_U+CxQ&{&`H|kMH)v|AnH33i!hMDCcUTa0J7<Wicpp&9
zj&<Q4!AsAE<y=*0So#voK+TP4gkJ5)Q%qBoVRdK2lLdR4QE`)ws_%R=81IZ?s$mHO
zx`2Z1t(?@Ad^b@0McF!xSH@UCsY91zsXnwjl~)GM1{F+i-)LDhT1HD^ie&_6F&Rgo
z$C&_Xst7W7r>AmMdi|($gL<SM-}C@zheN~Ni0L7XuQ6!43+{4pRnY39bmxlM!?>zL
zyi#P*UZxEDoCZP}HlOPY^4EKLizs<7w{RBk<tn`Haz0oOI?U0)E-Viv1VO$U2wId!
zsesrFy6@a(E8pO4wqZTWOryJUMmi}0gFrDq5(&8u&blN@v{i>%Yd}wHHqdU;I$rvC
z4Sua0Z&t34xDL+T%183py&iIN)LeaWq0;)iE;iv7&8bR0SClX0hn~lke@!nKVa9<S
ztMC!%vrqo`Gg2nFsyXSw)-H2~Qdat`qjI4cCN8vK2VT|*9!uw*2(3ThE{hn08x7Fx
z10Jvqf;U1*<9;Z{Jv@e00!z^CY?(C<>RpD)Z9Yz<C)m<uj^|UX*qc@Fg{t#GJiHWI
zzu#TfY7Bmf1($pAZX*teC+ncswVZnlg}KMrjD@*}&x0TE_Vj=tN_IQ*?%9oA%U#iP
zUp^bU7#_Hk5_I3N1t;4^>j@_q7E~p6vEE~bWo#6rPJj<87gu$M+1*-)apubI2l5+6
zl&JQC;*?O^=B}J(hGp3WRj01$z&GSs@YWhpI;dWmhCU*l_@SwRK|bl~a5j7O*3Ipf
zH6)ZhW&-sBbBuN6s)Te`<Gl2vYmJS-fM9hJ@7J^RQUp9HBJIagSJ2$$nX^>Dyl*3n
z*qC%<W28D<k7&HK5r_ow@cb<Na(sSnoB<fziNIOT<CRQzp<=p8ki{Asm_pmY&a`-I
zEL;!oHj6SkB2GRiDkCg_GFwzKYS7sqH^cKQj`#~irRO#wSmO|(j?qfyH!6&L?v^(3
z8-23h3TC0dmjx;|Sv^1?nC`(UxV8j#LIbEFW0Xv2!3~x|X~Je~fH4o=zu5w?U#EMV
zHGY>@$)NZgW0VZR6Z$rFjMDShY=3@?Ji!e07hCe6dNWjSKx&6(sXo`*zz*c2EX=FB
z{0LY6EPR2LMmcRgQne?zy)}1vLVLY9jvnK3Pb4JDi&hxel3hMpTC|$JR~DEB>8dDJ
zFqDF5WVXTgc2EUZW8kl^8U6im*bR-X)x7-Z3P#M;U}iQDF?(RbTyE#g^qKD5>V)<v
z8NgkaCzh#+mg&(7mH{%<5$T?+W{<1!!PRcVoOHKiW;*(n<t~5C7<eT7YTSMUQ56qU
z3e&jCSFzmh6cv*&S~0=gR=0RUJ5q6sMdjBm(eX{UjFDiFae&idVoYXO1!`dTST8Uj
z-{cw`3s_2h$0#N@mMxSgth5zK6RNR<ccleca5W8>sEo4Ug%e+X)>_}><%m35$yiM{
zNZ>pC`yAI$e(t(hgW>%>fS*sW(EEE}WfquS;OA=tJE>M)?u;z}E&+97Jy`D;d0Zoi
ziE)iKEY=9isnJ3*6~+d}#{lC~iz6YygmC4L5-n992^j+ydKFWys0}wvXZ2`pyz^ne
z1*r!gX~cUjH}k>jRxsBVdKI@3R%fSt<ys@5%jGp%(RHJx@^!3e5fsJc91n(tQqJB|
z$s-unPir|$Z)4yMTB~DWD3p;#EafR{NnMOv4<0TLC!CKg$CFV5KA$;PkQxP8$Wrr>
zO@Q1;3n+d)k5A86GL8Ah&7MdNHA`N!5#K9Hi>NK0$`SDXvj}sPGOkxjTO?fFUZvQW
zUwI=ULf2CSS9RbOK7vEWmA~E^iAW*0<6z2|bhcPmGZo>{8a#7}G_tiC8~M2P7;H`V
zXH*;sWFUF8Hipx4tHYh}`x>=!1hOfR7LICfC9y1AxpOSIY70EfBg_r|8YudpQea`L
z*CgZvO~>?sab{RQ<GPSOV8->+1s0su2V}XERo~i()oaTL=MYyiP((dfH3Nj#s@Xok
zTg59gEIN63m7bq7b_8rFk>8D$Cv<Ot_1YcZ=k2cI3%eu1_*^Rj-(roxM+Ki;gpF!M
zW@i{dtJ8~fUFl|ufCrlq33*+iS%XX3@~3)tYyD{X(P|uHl#inHXfvC~d(9qYMg&UD
z+@y7<HG~r)Eo#)2%D|O0(A6|VK;OzBGu8oW-BHG10Q)^!mX(+R?%dYURR!s@zp6bG
z{rTljNPqtOlK;5=JouBJrayQ3<jnNvtsnoG{+t*uly)^KnC4;hw6*cUc@{(90(RAN
z$2z=tU|@QOQ5z9d5}3BKNsH2pQ#vEvS8;@wOm?mu;{u6FDO2f0d6JsDC45et{vD~~
zrLgEa>@O9ROZ)I^_wka-hqjvpd01y&9<K`024B{90+;s%53II3?mL;)*=vtQDyjqh
zg$1W@aQKF5)XzmuRN)D9Z~kKZBXT~~E2$OLrO*0@2%u)T4hNnKTN2hEh6a@f+3~C|
zFc^lko{t_2HszoKupGf!ilrQBnz@p<w2kN~gBk9X4$)-|^#SY@-nag{G2B?Pux!2&
zCKwE2bG$*^l^&bwM;Q%h2zTFpT0?jp({|&m;iq3EYnZgD@VoK$d%S)uNUI2ckR1cK
zwy}rYO?ysn4-K*>m_xfYbI6S5(3@lqb>|+LOSAicnVCe~CmfkXs-#wLH*r-h!G^Pg
zdzuC52lbUTsI=}u=RMsP0u{0=tr5)>a>J~{a5vO2C-)jF?iT{n;Xu{u;mrVbe;kKW
z#li!x+k>UTFdn<n(%B8K4fo2e_EZ8%phbjX<qnc-!eme}e}yN|c<q;rpc(1Bv;z5{
zOFERbf}ea`T7fZS{g;Gxo1~2xO_urDqvEv?m~4(HnR1{7Iq>rOX0(L94}A;kb1-M=
z1dlD2xF!RKK`SZV2+EEcLH)tLI#c@x+KU&B;??CJw|{oW*+18}WB-6P(tXZw>8QKx
zDCb3G8*C2_3?KKp1JK9_*dHn6Bf;gZ=Bk>=0{RUyWy3+7?1!&UFoAALG=a)my3gUg
zQoXzE2p6+}-0SvZ_u<8Q&8za6E%a*;tp`0>hw@!(xyNt^)N2UQTQp0EOR|KF@s<!K
zS5(KW`j;#r%c^#*87{$^xv6toONd_m#ph>W3H9y#b1We#<;*N0kBKay#Qm_u`@bkQ
zyg2h*`2sXvz|5KEfn}bb8%a(#)eY&bKo+mDL~mFL!3K-Z)f#9zvl~|Elyu?`+6^o9
z)~dm6uj<lGWChhQ`Qnmx<>ee0t!uPsg5k81g#w*1)Qj@R4eU$+Wxg%m9$OlH?mv`|
z6$tV*D7=7cRNVuNWuO11(03*<<mi2Z?Cq<C(>Q=P$ZCO`d;|R(0&Mt^&C^a7k!&4u
z;O=TK=wP@$CT}BZ>HCA}D8_<>fWh(~8p%Ygm-L%CAoi{S&g<u@HidSYa`z?jTQOT3
zZx!292ki+%dqzQfj(&yh;i7{M1HCoeJz?NiQBQH`DZSRbmz}I7;rF%scIuY*PzBh-
zmEVg&|FDJ7WRJ6+3*HL#G(AtjI^rj(>2)a4j(v?c^*LbC9{7irkP(gQ&cOUajQNGE
zg_3BrNX-BjL3;&r8Z8_A*X)s+(aiQl8vR$Ig`Doe<67ehAy{jZYT-LfL^Fuul7(pA
z<f2t}MWK|Dix*;0YB!0P6@8)^FhRpiL3wZih`02pMSZzPs>M3Nm^LNIGpz4?z&Ap5
z=c8qY&GEU`2X-@4`WxMp#+V`b6<|DVjJKs1{(oRUkBGCMt8pZkgIxf#vleGsV6sgh
zaSZDjt&S9&ALD4LC+<Wx2lk@j3^R=Ay77!P;3DZtvfI!cCsM~q@RSyTsEi@|c}RZN
zdf(*r0!mfmaa=P{8io&6#1@>tUTAbcIa4ozVzPe~Xrl5_OZhOA#wJ4rWL3i}&0yr4
zdJtFWq8n;)7V>jH*+RZkvyj`^NB=o{dE|eMz5M)7vzKe*_0?c2cZT*dGnYqMa56>$
zBWngZ#v5DliVe(ter~nEI1yUIu{Yp)?KFZeXpfdMI>7>j1r!RXtmf;-7Ddfv4mmYW
zAuW3&Zt+|TyyejBk@?bE+Ku_jBOMfg$@qsLo5`0}BFE7~W&~?VU&Z(JD3CI7XUE$k
z%5BtesvsRis?aUuE|$3V`Xt<p_P|8(U^ENqW%q%U8-|M{Qtx%Gnw1;n$MCGt(+cZo
z(el`OT@+&LXoNXm@qoR&YUU<nNJvF;MuOonu|qq0c+`$g<Tqz#PwN3SKx%o`qtxmq
z-`nC<Mn=4n2ju9dn#=+jc7%JpG{TNeJ2Ptr>`k@qSu$uu=}^;+C_CHF?|FLr)U)h=
zjeYuM&Hq#O>D_C8qJ4VgfBxI-Q&Y_^_USM7>A%@NeS7J@WS`Dh`t$A6LG73Q#Xi01
zN!>mT{pG*RKHanOOzhM9pJ;2JZhG}UW1o&+`BUxFt-njMPlvwxQ|;3(ul{16{$ij0
zVxRtEpZ;Q>{$ij0Wc&0F%YKG^+F$O#K4tL+$(Y&5f&!M!n`ZFm3-UZS3}t6vFC*Oo
zg*Y8q#Eq|p-<<_5XgPC<z3L^<)RcL}f-=Xd-aH>;1CFu*_N1`)$0~rwU=5EfjtdMW
zNbpFjz*9eR8s%vRGq@od&JC1AUdb~H%4{>N($S8}LI<;um9&k|PGv!vB0Vu3eGb^r
zIX-D#4qmi$R^~bD^QPgoNa){CK^ckt8|mhH<U#XB7x7YI5e3#W@S0mb)KCmH6hjTg
z@O=_|p9D1+Stvpai>`>)VyQb8FRiV;e}cpyOuat~t%f^AWtN2m_^>jT4+Ru&2VIn@
zFM{5^6W9-`2_TNZD-{?ttE8>{`1>MUQV*a$$5j=AFc=^zSAIi1@4Xv8H09304A?kJ
zy6N#31{>Pehp~V{KKYfpBBOp~Az+W!|6Z}jApT|##(OgR<V)==!Z~heu#<eu+fj~g
z7(QjX-Kq6)p%8q~X7G0t<OeN+60oY7yCV^w6o6R_0D<P)XrO}+nhpL8z-htTPtX1k
zi3rlon5D7>P|O-iGplAhRHLdJzN2bX__rN!n%R8iZ_@6oK;6MQ8c(j`epv5eClJoG
z&}r4r&zbsp;t^0kLnSf&bB|j5JeWc9bkcb9(`g%mcZIlzs+q>;qdQA1;=512i*9ax
z$K)T~&lZ(i_2B@0J2=-41HuWYMGAC*zYFyRzTqDj6qt0@Wmw46=ehP4jC-@-Fpf*6
zU63Z&TM*5xqcv+4ZpR8$b@47%p^AUDBc?V!UVHoiEz<_*b{rto&qq}=eOMnL7?iKV
z-4h0BIn#r`d>97l6Lud4efS6e9!3a5Jo(Ryjgd3N1;4>i>(9{5;lw>1AREtccD=x*
zedcPPS=whm?eqNMasK&Qd|W;_pNFyG<p-R+GRv*j?Tkc#48D9CFV@X+!#^kAkjK*s
z4?d8?P;G$fP_H_K+%fH=r^zb@s3gw@s5u&{m7xMRnPpM$!CIwR7Wiid92RR6=(0`p
zIh`|iUV7REwt)p8eXhb8jo*viyJ{Hg=H=SwCBsg%;m?|}$=GvnDcK$Kvcbm0>>=_4
zylA8hFl*sm<<)@)gvc^}auBhE1r2z4OmHomyU`~PrudW+CQh6EKp#V}B^57C(Ia)k
zc)W2KI5+qaUWo_s0&FtJ5a<+qz+~_bNeV%Z10WYi2Vn$Xv4wl8I-K&3G2Y>sSFZd^
zi5Sbz)LrfVrWXIJO%47}VfY$9IqmTMo-Mtb%3<j}UXm!kWR9070yApnLn=tU6@2LX
z3=GfRZ}Va99#fAJZuasLZc1Ybw=q;v9k|4^*rMC>qOn~p)MJ1P?>NkTT+JKT@cn@0
z-`4^IQZ~%k8n}`Vj<TlYu7e+C+@cyj>)IA~+3xwgJl^829At#f9pw9M41UY;#?|oP
zDkdrfsTIBIpEI)Lpwd>1Wtw@{2@LKm0!;26{tMe*)MW=IOJ*V8N6`&UD+m&+-B^j?
zV`Z@9r8yRDa7Em@+=^lCFvSA~|D)^dbcGN3ayR-_XvXWP4H(rt7ScRCHo-sGc<`{7
z`}ma4xXssZW7)U!M^yH7`jm+Wef`#ZphtqSHm|a0FU%f%*u&jpJUoJ%Z*s90Me2FX
zwEh@T$vC^EY}n<7(k20wx*eu5a?kF9V!Db&P#2AB^a$#yqCA$gkI;e6f>bMn!Wq8Y
z6Yx3=k8ZNY%}P_nKCa>>SQ4J4(fRWk+egKnm5P1-?M(w{R|^IS1egt$=f<OI<<qor
z;<%}u_}etp!ImB~&!<a3WGL;}&MQ63;NKIxYwhfAyfO%LO&gku$hO~Wg>|kxf%12p
z-K^gEWH#-})Rwf_F9NpJ(@y(|^FSob?~8k)K)GCH2**o0EClzo@QYg_^xu5GUxS+S
z=3vYlfE%oWv4QSKP=wh#LDn4OLrtlo^gX}!d)~MLe`l@bB{Rll7J`u;+!G<u)#B!!
zsB_ysrvSR{@_qgRODqO`@$qs`yE^abY!C}q1F>7!(A@PDin=?k;d2FLJaC3RpCTVo
zKmF^mNM5~ZSVRbZ*D6YPS|znj$XT`jmSYhbzwXhv`HlRi`Xb|x?xwi;jqFQplzur&
z3fH4kZPI-p94KiBFX6sEP`2VlZFU=vM<+Gv(chhlfL<udrDjp-|BuYEOt;;weoA6)
zv=!qW_k#&@^9`o8U8v7f)&dK!XKbt<*qDE<h54%v3-Pd4a6^0hB2-@WYX7vtr&l|b
z<ZOfa=T}{^$eG}DN#TsQsaHS5BH`EH;x@EhFR-$TwJ_aaQ&_DS4tbTDhr6O04O6aj
zOeYCL^2KD}BgPhfNo>S-5P5aw<vX=VtMV-1B5ROE3esvIw+tb-0mGBpq&4>Wpskc}
zcUQNUu3*|<3k{^=lyLLC_8g(#QOaE4f}i8;?h?*lgBb{#@e;y3A~mcO-g#K<1MS5c
zE}|N?Qt)X(s*B?{nCoD-&v;Vk_d}s#nj*TU*BJr>d_cOhp{hDFo<~{m4*S^GjzzGl
zEw9I_f^}Ww0VAly+ppOp)d&6o2wrLtC~zCAfz@9i7&js-!0Sn*ln_QvlT+gg4!Sq4
zc6u5Xl(g(0#xQVoQQ8huRorfb{)IYwc2oFtJ^r>l!h%G05gzSPzAEWU3a}Gd<CEvH
zbkjb0wgo55O6lC|y>^FTDJJSv3tk(Hr!aOimxVzwd%(2L0L)Trz1wC$pIs&G1L6>Q
zu&UCgv#-|rJey{SxOGFMR%iGAT&)rMt>>@}6^pf3P$o9YE0BQTiF}ER(KCTvseJv4
zIDP9n3a!so-D$&{ndi`JgAZ5?{_~(nWGuELJ{LMLf|oWQi_>3%$Bq6T73%`$Lfb19
zRJl6mR@dtJRBDUVt_J3g3_tXE{$qp3Q@KZ;qMn|haP+g!O3dSOHPjUL)A*rC?fe%!
zEU5R%*TihMQ8XjxG1;n31{i#!aKmgQYVxCOp30FnQMw{Lke4sO==q=x<x#0_#A>!`
zqlaU2-NI-ZnAF_rnCbW6<us-gjus2j>yBszk+L%vvS{bKZe)WiUY>YgwJp6LjnTV2
zSd?e0QCdHwHcvzvZ*GUiMLH9ifWemIX#8^_v=3;!4$0BlA&m=6$uQ^cL-LyYDx-Ca
zPV4_9TF;83b#CJ(7_3R!fiviF5=Ir$=^2!Voj&7Upl75bjMC*A)+yk?qzf~^M(IQp
zjbR|v1+OrQ?t-s`hYlD(pOP0T>9<L$4OF#9%lib}z{h_wHIZn!SfgbdR$^5zp+#{9
zv>cyr;lEaY{Q5WT=#TOH4?jnT9CZ{e2^MrIrbC+PT<K0T-UBa*>5E69j}hK@l<&71
z)J4!1d1VeXe^qb?G{3&GXD+Ylik;!leD83r#z-CSs^iLEHn0dFpe$yQvUmVh%Q3S3
z>O$FnwK=-_zf})Sz}3G!dG)8VOw=2BP#}4btD*fccdgI@oRyroSvgh_;VKGIe~h2M
z`t~qs{v!SzO_|B+qwuJ%KDM){ey0BTV5P1<4v-S`M_8MEczL!y5SS~r=_cSg#!YPo
zV$Ds&KNIGk7h&?{i9mAmb*|u(Y6Mu^LT(MED5`184>rLR52j<pWz?II6uRA-TP;c^
zJ1_y{F~}{1e#Z~zara~(5kgbvi}oBMRZs+4@?qr0iFk*(WFgG?#|K2?20=Q-_d6v>
zdxg+0(`eVAUj=###;<YHf*67om)(q)(d&dO$3)2<WfY3_77v~Q9}v-;2)xS(9^R9-
z;SYrd#ukVT1xf{D4IXUZ)gw{Hmfiy`ZMv4u3GYdJ70`35<J-KR5+`vRS5z$bUkEF>
z3EBt^<UykjeG79o>}-SoVz5I?`mK=G2DSn=u8ZXr%LCowUKM^bw>sPdhlV$<$3VFl
zDbA?Ea%G|9V+-V``2$g^_1u>`@(03De-rE$oNrN1&F8A7rGv&K(!FdtdSSUY+%UA$
zfJFz?{M<;m8#|wszVW#Z_#Y@#GPC)$VL|q8vM@|gdgZCm^g}+^?wP6Bg^G3l9vG{u
z@x@~i5r-LFf_zy&2n$Z)7UYASg$7(CW$+tKmbslgALFN2+Fnt8-_v{qIMz0JS>VaI
z`$PG;`#j{f(bGeD{4%Tg1-0Z2bU9w}!4vv~e95?*<Z;ypdU(020JQQh7FS#i&lD!t
z^KynAW97pdsMC6JAN-rBVmN70o~H^fkmH*LZp23H%(-go3(=nV;a}-xxy!>N#jF$j
zf)mWo32m`5p7X8b7aWWFIq{qbZ2!LX#0NyF-V2L_e37zAMXB>hU;f>wxiC4r(u{U|
znA*GVue%R*bl-o7@#o+7KY{%?)|-0-HzJwyP@g4z4AJ}kBa~s^;bnjF9s>L0h11{k
zN2;vAw<}{TWEd*$2>&TFRU>`He)W8?wew8DC$$J!EkdxxHgh;1sTZVXA-Mfyfzq?4
zK*<Q<HNb^<3vV^v#S>TC@K*6^3;c!eLNH{)JAm6nSG~VCu*e2Hcq&;a%0^L2;e#PF
zsPJaqbuh3m8a1H$;r5~i6d2n^4WL_t+`}skbX>Q}E3L>{Ax^H5Rum}1=o&K*f}#9v
z>ffL>_+9|iV|Et2btr^(q<WRi4J7TP6~3&^K>g6k<JOtuft98Tks6=0UI^|yIa(Qp
z$K3`oE8>G;Fot~6HsR>D{M=m$=j8x`Kz+a79nJ7JV+VG8hZzT92UNH0q|db{u-)g{
z?C*<tay0(}pUk)5O<+;t@TuTx4(!Dqg;POI!9WJm+%*>EdShh~^M<;Tt6CQcxz^6Q
zl*tb_SM{a46)1(dLD5;0#Jr>2m2=F>%!q64%*`FfELiw2#w+MOXXsK~c1iIH`kXdi
zLGK@pSI~Qo=TofsXT>Y%9rc3hbNYA%E$E8$`g8x17t|fkwd={$C&7~`Ey)XtUOlk=
zvWZ?$%RBui;}xuI6R&_R2Xqg>18ww0D3rbHQMKG=k(x0$fpky{O@Jqx^^xWN5-l=;
zMfkK;V;Q5B%p4)O%INF2RS35Bn0bz<WNs6(fQ)L*Lhyu*3+^%^xj~z2%nAAX<O>9;
z7elKt`&=sn`=ANb6rbE>j3lnN(8POy3zq*82}tQ#U7%#r{a~*$sE!fnVLn*f!Us?A
zGq3Z(sy?~}UpiCZLqJy~w}jxHlVcQ9%NQl|xM2Je#>9qnjQ%s;-9*2;@s#;nyiPBE
z3+!u|iRc%zv89DC1&+Wjz>iTfRwTw>INK*#So^D4`<bK6E`#PMgLW^*M8HsWv6u+|
z55_~#cETc{vF}XvNk`d`_dE_m-ohJCzzjKX$P?us%8zeJetc`g3E0^Te=~MQ$KU5_
z<;uUuydsz_8Xa=DiVM*Z>uUIe`I~h0OIWOnFKFJ(I2WBG{%b}n8O^Y6VDd6M`TD^c
zJdw`@|3OiiYg*dI)3^cnbEw6KixR|wD-_r(DndjjjxqAM^%VG^1xW_k6lJm$q|Lsp
z74V*o=riS0GR;C{C41EcGiQj(pcNiz6D->XAqxnk9$wLEn^`PGYI$iT4wn$xo+@N*
z5~VFX2p(QBZSpA@UkOH(6%KUtikCOdv|e$byoYGL9)k5+Z$ihf?SgBIe;|mtje?TV
zh+;M=UI@rv^q~OxTWuCx%LDu3T!XR>i<4_d%U;~%)FV2a6^$zp&8-&m3wpxvQ~iP_
zYkonRJp9l31LgnM_yhg^%>02U2Rp2xf0Ev<4C_8xu^%6;TzXsx)|ov^QJM)^+rSXG
zm}SQdbB|=6q7sKjD}xT97!ZuxaNpbKI?6p_02nY(Vx+=RWZO3Gp)hFvuqu5L{N9ZU
z5WUQob=;SA3`n|UA!o^J<}6)-Mpwe}TiFb++74Bo4D9x~4s#W6U?{}TPDY~s6T#L#
z9r-I=*ADG6A12^+j*z!<4EZp@n)x-1=vM{Gply`D1}J;9(i21t$fV=lX7&WC1FK-Y
zn6;88NrQ<J1nD5JWUMM#D9E|Il#{UDSyU5cj>Xfu9A6TPOo2K^F^HO#+{2h-7oHr>
zmkxQdRtS?fd!!X&MJ-p3*>r)v*5Hl;(D^1}{rDN$ojOvnYii|DU)CN0^}AriI<rU!
z9RRhm!6%&*g1cZ;Fa3^<YFNw)3&wh%^qp|@o7{c0UkdcSzZw2!?Dqg=@5hik-u)oj
z>P`x-eaH{@`1`^;b$wElXSJa0^GR3WQ_)o$*h{@Y2dWhX@}N}(l7EfGqs)qV*k2y?
zuy-s3J>jsYwN{kNn>D&x33Sz{)0J1b1)c1_>d*~pu<iz>wdV}|pW;j@(6<HPfTFZs
zXMLb<Y}K4yk@dCpPxT%q{&%<o{<oPc?}c6pCt-b;B<-J_#y<bu!heH(?$FKi?j=8B
zpF2A;&$Ax?8Rq%_#LV+W;coHwb^cBE`Hc4Ma~CtubK0}cCq4FWwa#<T+&WJ@-}&EX
zpI`LYf1`bFoAZl({)>J7AGgoD$p4akzT&q(-#&k={j$H<=fBwJzu4!$*yq34=fBwJ
zzu4!$*yq34=l>b|+=~8E@({YCi_R>f)XZl!^GmktPPDE@u6#6+-UdF@lEw#Hz)lbG
z!L?vXWWv|YeCYeD_z$(!n#yzen|Wi1=SFOXxy29-0+`dGlWFK3)&rfwLVMEGXUkCO
zt3yA&eL`qgTA|YO(p*ex6}isBIr70^%JTNd49wecKBe0%d_z9D3E~YAPy>hAMHi^B
z)9n`jD7;nz!+0tx52zwh`d+Kc!)4`L;_HBg1A|j%6J4hQ>!}i~5TAf#^$%K@8xf^e
zDDR1khr*6gtOlPn)gm;Eq8eZs+Zg`Qz*;QKu5rz}eXy1&M#_hl-em?cmc|=Fpxta~
zbIY7phS$AaXi(pN=UAkzKNaWb#AT(#&by&*=<?M~J)wFX7VmGJFrTF&*vD?%C&^(6
zfneI$&I_;ayi9^(>Us0q*?HmRd;?2<Bu&6njj2F3rRlzk2+Jf1l@xL1FOU&gOvaQ|
zl&7h%Aj9Xz>#vbzK4~|OW$75jK15i%w@@*?f_`i;RH+y+1sWx0?Gw1X4bgxpR`t&h
zQos~DpAayG=R}o{3z))lK2?jCGSnyS!JGfd@lql@GmJgBb>PBatFTr>{DNA%hSg-(
zVy2)S2z}srkfYKhZBL^#;f76y-7ArM4GxD=NVk-1=;mc(Nu#A5ETJ_F*ED=wj6Y}K
z+l!o`z`(L&sdM_UtqIc-6Wf~Lst&RYV)^hp+*OMX(nuElFgsU;CO$OHhLt#QD<?;U
zZ*H|7lN*r@+tcoqr`XMZH#QBAB-678v`ip8OtN(k)MU+5hAj>4F|jZws_j8?^NenR
z)VtFS-pbOhf^4#jAQafR<*}P+M{uTL3>eWVrZSvD<0gttj0@rubODRIRwyc$J@cEX
z1|Zu%z(*{8tukx?FPjDkl4+nQ;dk!<;4{+)faLcMGz0e<0JP~HK%|AdeV_%QI5`7s
zqBLcI4e@M<=RmxiD4qkMnDc6Y6H7P|&xv?$#N(rQZiKqk)RlN`$us~uPy|e%h#v}_
z;3_7d+6;YWj6}|`hf^?2%gFTlymU-v#LGE2MYlE3eK|AyYa25no*dn$kAJc!Za<+o
zwx3X>?<atDpE~Cn_Xj4oL*GyE9H~CZEjnEUlv|Bj1e8?n;p-AM6>h{$h2rR@0w{NL
zM!Bm@UPt}U4}g*y-C8guZ7mq$w-!p#zW>|($y*CWXSB6|Sn56Zx4S)HO4uGK$Y{H@
zK(D@{{j!N$3*9q*&enqU3<IE)b!r;`rHy}~6<M_f)(FlIXlNL|Nb=iFZf7(1@Kz{+
zGzX;TQ|z6<0;KDZW^{>EE|vJKx<u;hHIc5c{t7<g_#tK~u)`nGPLU4mMLubm-G?+S
z=-&6JSJ@}wGYejEwBh|oq&oWyRKDyEM2wQ1y%fO?M08>iAUl@BmvG&PtCJqfr-n#w
zyaoCYkPvj@9V9-kVoHSFWQ(#E%ET*o;pHBJG_F%(%%UE=(rxH1Q(->EPFDP5gZFfD
zF#d8*E<wh1%E3QQgt$o(0UnQkitte}YgE<9bcHv1Do3YNdRLG=roceD#_n3B#XkZ&
zPLLO^Dq`loAT6rLuVB+Co``GJ%&n&(|F-u}Kmf1zNJj*z1(yg~%;-(5WJolJJ)b~N
zNoAM?FS&piw7^R6n=Oe~Vem2tKoD%@mCLTY8Lt3Lw^$L?3PWzO0k^X_^yx9%5Q?7M
zmK;&(cJ9r1pHsBtAbJj>I}zO-MRy_;let-VEXX4sk9b9hSIo37m?c6kLX;wPNgdwm
z^xJKCbp(K!{4=8R0H!=BLw{XSv3G@ewxAGMZD8KXW(*#n%`_PQW?@17%OtG#6)MBB
z3uRMwA#iW<MYR-4@Jse)n+v7s_{Tf25tZC*OJRdI+sbraVC!oTY(Yej$=xoSFx5~f
ziP<*9-%j`r#LtQ1s|a==z7tD25wV33-H6C*h^B!Eb*o=2i$p+k$wqO3ccDescCKO!
zEn3X4C>w!cn6;@CKq~XnIG8$AD+Iiz#xClRZaU6vCEBn=36ADTVDyH<Ub*t_n{WwZ
z21Y>7X+w52PY87&x)TdJ5sz;}ax_JPPHtx}iwQPNw)r^<b0_HYU(lRDi<OKgD2~c%
zniPAPv_@k$Le?_2#RBUY=4S}Z&yWJidxb@xA9&&&g7Y)PjL)q&j6-mKhEV^|5V^vJ
zV4R;JI6umbG(SUZh@V6FI6p&jqWDe(<NOT4`5EFwM4k|FeunT-#3BT{)hlX|ozxd$
zc>9X$H7|2B+iS!SIr-)Lxbokj#XZ-aY2eB?Q@1nh!5yu+)$!+V<I{~bks2`2Y8lC|
z0|RX%k^J>Adsj1rU`+~Q6w^LqbxINz?+OLpJ7TiaKI52lL#Q>x%jH^)VDgo(CR`qH
zonGgi=`)95iYJU$qhvVP9>>a}=msN|qfL(UX@ilg8k_FT`rftT!8KmPJ?UP@o#|~(
z;Bu?+<$+-MkEi2DPC8XXd%#Lzb)>a)eN9yEu#nETlLkbWF_{vQGzIA(Bzq5(L5zaS
zaEBx&et<LmzIZCyBdAM)u9t~o289Hp0+1$|<~CG-EG5$-M8yuQlBvbS<4O8t+S-vm
znGOUq=_4@d<IQv?iym*LJ4y)YAtrZlu`qoP)0vt*%EX9QI!4`_j^lBi87&}DF-bzO
z`W=lrfIXWTdj|3@l*XkQ5(LvYx~oToZw49M|LO6_Z>N~8h>FUs8QHVhp>v@$3qoy(
zo&#h*XFPIq;LM1QI<6Vnv)LU*chCh!KRkvKJeK7V71dlba%gjuLpuoHjVMLxdDTe!
zzI0K^w^VH5%6Dl<Iay!vlS4@2JPWAcz`K2-ajxBwyASOg%R&M8G0b5$4D4kv7n$$_
zSg}u<l8uvi8BJm~PGWX+5-+nL7$-5?=9B!{ID41T>}BKZWk+Z4G6#Zj_OhK=1ZVFu
zn!RkCz3k}hUFJrxTOG3$rcPtRy3X$4D%gc3nl$JmP9~X3;WX+3&LYmHH|rQb`CxP&
zdsgAa1n3?#bPx(vGps#We<1p>dloZ3B2I0=?pb1-8li-Ty#v{b6GnL0J4=j3Bh-O-
z*f|T*8e`EG?3^XWq7mv=XMGxp;88yscsBoeUdMy!`G)(DuAOmo?LobiZ7n}(h;A+0
zMkqa9g8bfcjbjPYduugbBud@2jpdT~fKajXj3T2)8Pr*sXT);yA}WWb1t>bl=zHb;
zPzfk2YvQ1w!Yn$-pfeE~+gpA+zdXW~<Kcrx83lE&DLc-#mbtu|xSeHqI`ba97#94t
z)ho3e*~C>fBL{@mKbY=SOr5;OhDZapgO@)(RYW_MABU(<qu_-cqK#1Ic1~%FQf$=r
z%o!dsXWms4cun6+eueguy^dokK5Z}gb5``x5GI_ay<}19(loaf_h{Sb=Rkgqpu&NI
z9&9!FyHy+sbi<H2>8;DdU2~U*JJXLfO_hb|q**!|(QxFd3e$bcJd6Xym7h;r-oxz7
zccrRYR4y&^N-9#Hv6<!hVcMWE#6rP@zBAFaWS{Y$?3TVB2NASRQMvNUv8d!<cJ<h)
zhNyf-ZE3inKr#&-BTX4@z+dJul7BeL=AmX3p~F!&50A>`p%w(AY#xqMdN>N@p*BK9
zp*%b)l!rPHj6!+16N{iw9_l1S6w1S+LV2hg!EW`%kK(na1|nE1S23QLuAc(Hj7%5V
z#m8axRvIt7KhIUoHnRjsq#+txD0C0)wTM!U`iQQ(13NBb*Z$Qj;8kGu;S}iGu+KNL
zNIMuScR1m<6ECW#nJxS;qq2DsN#4o=-~hc^Lsu21&)(dze@mkMMmIhGP4?T3*OL7<
z`P%=b_FK)8f5Co}uQj8*D?)j9uNg7Gc<}(1Cn`od0cX7zs<;;BefZ6Ud7q8!I>2-Q
zX0#8TfVbY~08IG2*NG@#vUuEp5|tpGz*f1}{eRcqTd?;v8n4etXrJPxAsBrDl?PC`
z9HLaOzWsa5^IK7dswm9QBvE>wzAF_kYmeOUeX;i43Ewwq-$7fba2nb7VhXcWQAzTo
z;u-ew8v9txK9;eMP3&VA`)FYwc=`q(R`!AUrTGS`o2e3i#&da5d5b4Nbx!*82Dax{
z!Lt%Yti&X(1f8>~b<+j|r>dTo`ZoiGu#=#r6_g`h4jANlCcYwq8;LgLZPU2&-AJb&
zJCVKVM_pWgZX|aLDyT)YVI97J#y3)NDb^CHg{4=_yS8!V3#rzT&H_2Z##Kp}>#lsc
zKfUb1IiUGJWWry8<s-`G+EyA$8%8TVZ9=f7Q5^coJAmjv&nKNH%Aeq9;lZCM(bw=x
zl$KnS&AzPFu^1wPtAQ(j#)Na)Duh~7g<z`@k4S=R3<XNh98n61t{U#)<v4D}W-j;{
zPJczU2o#0W%FJK9$2kM{<x6#MEcKbGbO3@o-$iJ(@Tdcn;vLNyW2ABaggPSg`rxfi
zX_Y7)_erbNTS|^ae86B3nTq);mLo%*=08i6R;x#gSb$dzW<0?9_SVbve(EAvBh)BC
z@z&wo;AoI(7@L5mr|~|mv=;mF(4Ytg%W918PDL(yFy`*l+sHkRidfUV#0g%Y6)e-7
zi!xh8vLT$7y9IaTr3T6ukA?&g!VXWQ$RcEI6GD+xz@=8oZ@os1-7jYC=5efDN4bjK
zph);!dr_?ewQnE2;VC!Gzp|K0Ra9f2vKoa@3m9mOT;%t+<40CK)RO|Hm;D(cqWA3h
zBF@5ogQaiBA)ACTfg2v^Wbg#%nb?SMkG)4y`yjUcNcf@z`GM{nFk933$sP;}Ta4j!
zm2zs*eNNuEO)b2wuc5r!zcE6j6<*!O-$0PZ*g$)7iUVAD3hKFi^`GQ{AM%qyGdW8#
z{T5ca8G6i>pADnx!=o-KqE_D0kAkAHz(DU4e;E2c_B_ysPHiR^nV2^#bO^XcxAB*X
z2K9-(sRp?Ma{vPelob5pIWo#<4rJ(U2w#Zj!DAe#Ep~zjlfpgVCpr$4#>H<t&JXCp
zhrUm}eMPjT<M4b4n+vU@@!Qgy8hAA=h4(kH2I4IE&2j|>PYYj~)KFk)-TpQJ8rl@b
zh9Xv^TB1*CaI@ZEd|wV%Uek&KpS89Nwzg?8dqNFvdINqeEk*KjO`)A%;yh2W9LN>8
zXk?!m#Wg$7knqTZHglZOa~6ks_ZSl$;uZ6<Rg|1~Y}pUD|7TxEsnq!e%W##(MFf1%
z2b9<LDF*J^a*haGG;PAU7{BXdlCVoIfIlCOz|HBNQ;tRS$Eq|p8@Dkpe@Uch&6{t?
zM$!>vUWIzRFU2bOaBzx7wCeiF$0FfRKv2$ove2NGEIJ0nT92joih~W|3&Q7ydxp*7
zPT}t1lyEwNuoNDF1JVJt^UzbYT~e&RwLTR({0VXDiU_O%xpSllMD+_OEP%`BXj~p}
zEJi(IWu=JhW+?J>TyXGYw#W`Yb9fmBEkXnv7$i{E_W(t=ax)0v7Kn^lO;RV}%VBiY
zt63Bu!+CClIsm||pua)wqt&aG4%CF}+R&5y2wUNOgVk4q!YzdGnEIL6`KkO!^J(FF
zJeo<o{4gV|hpUNqzm-DaQ;v)Pib?0?0!A_C!M8Yifwfsc%dahsc;!Kr#8{C(l;4_y
z7xHKK&96A(;e;ch)-(zkp>n&fFkldz9FDYrv=?6xHOWsg-Xv1UqB^3dY<FKWro12t
z)^8VCWNp-w8>-i2mQqOvESY;>U@_yYq(6Vy8GA|P)G@(adLM6Q@4H%iUl9u_fw~3O
zYQ;zjq<wRu;<b1GG=&)GHg&adiUOn3k=PUBsR#yh`V~HLV{kMK+JstU4lvh{9=%B|
zC~yKL`0=Q98-~ieQ7d;LmMhlFc_>*yT(PqYoEj;{MGMShiy`jGNY?bYCqgVhp7um!
zfqo`wVP}HFU%VS5<rTyt<q7amqKDVV9$p6z{q*oRv4^+9!-@3p?%2b-;sfn*kB`^l
z$J*5WgPevY9)2bw@KJ=%5y6#&;EE!=i3pb@AzTtgkP+bm`gu;??_oY08W59jsK*aA
zV_ZBpIr5xHq4aSAKfDd5RsHS6W60T5Q)xDy4Tmqm17cd7>#lLqGRjdM1&lr?o$WSg
zfw$@g<4ORHL+x6?zU8P!?VDBoAFZfGRp1*I?GHt@c>0epGJ6Ec%x^g|66g!G{?UxS
zdK1yq!tX>X8?8}UE+5*TdiyGk%4AbzZBl&Kg!&7q{`6@5=bdTI8I_8sGck<dv54Ok
zYDukSP5TeNuW$VO(%OGt+x^^eb}dLva4{jE?ri2BTZYb@V1_7#EW~W?J~~SZUx?--
z9}J=ck{M&j$f^9~N-W8{KIaq#1<alMipA7vMN858Q}<3lVY-aRlhpkviLI(MIt@2D
zF(lVKvv24;i~kazbg`g}0=sUc*(aSOy+!^Lx%&<M6WSYr%BB({`K$QkfuK$Mvi8TT
z+4bD`bzFJxG;BTw#y!l3PNed|6D&g48dys`t^5*QPvu=Jcy82MbVlGttOb1nM<K_5
z4zLdLHdCDw(7mM&Dh;RP?t`X&16|nbbDcuDWM(^Q<a8?S6(tq4dh5(-0?Y>JcA)j~
zi%+r_UBmYaiHe;$1RD1Om!hwtQN^%sG5g%R0so2{FyFuiP%Pman4shEDg4FIX(rya
zHn2f(t-?$@FiIJAzJaYC^uYs_Pjs~ezQdqxW)#nke2fT9n<N;}RvL)o%ET*b@9+x<
z=2Cm|Fmn~XTXCo54V2!#tiADLyo@V<CsiNdooxnKR0hQjFf>%;MjeC!7P%1z(PQ|I
z0?qSL{rW~4TM!f9fDN!~UUwetl>HcBXvqy=q*Ty8vYB;cq8B@2x)i&~OVlb}qP16`
zc>jstSxh86<%AA3-H9&E`}Df!zY=~YxESp_1NYc>D30~jjQ719Z2!wA4Z`(|)~s2G
zG_duIWdzr1PI(&*h&%VddY&|CDJp4dCTl-0%VbC3vfj;>^%K8F9dEkke8bB(nE9bM
zSo~M>(g2K?%}aP5^9}V*1l1Bo-pWSaMk7B9ZJ_{sO{7;*?k7lFePGlit#?-n+Z#mJ
zaIl1gU<9no7R|bJCarhe6^pHRi@$$#z4JGaJqeW-O4Cn4o%;mW*Mak!FtrsPvBn;9
z<&S7<AAXC{c3S%rI#~O>a;di9_rWB7mb*^#$25I`%l!-5kD^7+7JSbyaJ_$#yxw`q
zXNX(xe6Y^UyEfr^--XL$kLnzOdA9S-%<D<YqM=41t{JNyi#F=G-jhfE*eN`ZM%Wvu
zqb9F=WY9ioPtqV~CJgdQ804?mAb*95|1@5^?xd>YY0Zq5{HNNk`MT?A&9mh`!xOjM
z>6lo0owR0Y0X7(j_ZtKHw@V9bwCso3n*>_%dd>4+4gaIf0RX7@&prYwey|cPhT#f+
zpToW{!0&g$chK?A!SID3ac$~}(Ge2p?{>w2dD_D&AA9(s_7ECd>t=!VWcCQ>;T`Q!
zX;&21N%CgF-WKA}hf$PRQP9lb<sqW-o}Eu&f!H7S_a<Y-NxCzILK80o-9diOUYtVd
zeL$}!qWGAV!Qkk0?O>S&7OEC`9aI;V^5=Owj#Jp0Xn)t?R=Cf#-=CLPHZ0pvx(|;W
zwXod&?R>?Njzb{Vps{-60H^+n@ZWJ;1Y5$(kJ=}}XK;s+Kl+t+>er&ac+Fq~?zUy2
zjtq+PBqs7FV9!&<$)zUT2B|#XhN)R1{&B!1Ptl60x{i6;0cH_$mtsC^GZ5~)t}O7J
z`q(&_L0DsSq0e>AU<yTAgnx<)6;ms14$^BV*d;GN`7*s%rkxy^(IQl&`)x<t?QD4_
z*wiqv!(psGax#+VrA78K1G`088n(xepL8`J1g#pFWgYHch_3xyc?#`cjBu9CwXQUj
zcH`v?YuOTFy#7rv7FHOGM&#1P;!wYRQs5&b&LS4ZEUP||v6UP8lD~Hnv0a)#Y@Y+M
zH8Emq!W2j|a5;f^8@7+eZ}vE*b>KEZp)~9ytQ<P$o7WxIDLLpKQVYf+=|zzABI-Yf
z4>rKa4MNgG-Go|K48*us8%u3GpcAD{M%u^P6<_iEzl7gqy&8%etmVZ$adl2X%VH6&
z!lh_N<sMPrycktm-rC^4;I`>gW;M92caFUMHZ6SxO&M3QyEk1{U<-?_X;BGSMd>|z
z4m@Jn3ZEQ{!HGYn^^c|&wAhTFKv?J{P;9ApTMf8-#SqfQ-k3r^C$XR7#<HK&;Aefg
zeMSm8@&d(_5-Gk%pYXhlOgH7qb3Z6Fe5jjouVp)F!I=T!9egM%Y2xE(88A}*5RJtp
z;|wf%|NS=)B%(%$`uWIHv}sbrOfzVJ1KZ;YapnEbX7^HO=q{o;*uBNn+;V%V$w2Mh
zZeYJv?e`{nJ$o;&^bQP07t&W~$eFzW<H%+%m*QmN>UXO3Z}p~)5G%#KM54kyBK4)7
zoeVhDIz`jaWv%5y$4va<5ANDhh5z&1+l|<t#x&Y*%+IY>=e&VT>P?L&y+`GIu77gn
z7bVGaPuYXh41SxZK7Se}Oeog#0n8QT2i<Ig<MyGrgOQ)3gR%uBfT=d}p`m*sJ!_$?
zBO>5-n1*n%5UiU4?+g5~=`9kH!%s~_3o}1HlfZ{z9ss)tP#6!W36BQAN&;LP2jCv3
z!~{i&hT{x8ij#J$<1PZTadMJfIa32)iQwCkz~^b;a}k^lKNjl4hWGQeX=K81@>PS|
zo1&AJv@@TgYD092zIeTZDf$&n(NCG5<*t8uer~>{gZc5^(!u-;xaFtK&wKXM&d*c!
z)6UOq`;X2~ty7zyrQL|L;hxWV>gN{%ds{Mb@;!Imb=%#3U`4(8B_+25r-MiE%gVb{
zuHuHS1}&EXJ0heR);B5HH21Ggr6UIdOS+6DmFQ8e3_Etj-<29tQH+<-^LQSnv#O=(
z(bkSp`%-Hs-*fjY|HRwx!uFLkxNS40Q!7`b$69GK8uZH<<#yD?mUhyrS!BoaBy~eS
zCpyJv`iBBX#|o*67vrkH-F#>S9)iWHDq;`O2?0MV@pGv$+QQN5gZ-RzZKV{r`B19!
z*0?%p=Ky5@X@~F8Z}rCWoHRPrW<=69ePPz#WPGuTHKP)^DRIq5?bRu4#OQ1cDqN^l
zNT+*Bw@B_(L!>8qq_I~)tt!chH|<4Qg~hDGW;WzD48UCWG3$_jJRX`%qSL=}drJzN
zyct?W=2XVe@l|v%>2~rBZszR*#Y(kemQ?n>Qe*T5#-*m{Ncq&UHm3o`{`R|Q`e+A|
zt0?Rex6<P05Y=jJpw;uCWOR6Q;z~Tj-nBSk%BtDJMs3Pk+Dw_KuIL+AU5hzZ-8<TB
zRcnKbztuO-VY9VR8xG7x6rHVw+Tbo`gIko!W-Ev6aJo!_F;SqZXV^TA&xy`cwN_uT
zHg45gRgJ8wNvYKOh1xu|#O7&@HsI4z**tC6Dk|0H>6!NDN!5y#Y41~w(H9t(rbUOR
zP<^8h4o~Jxn5$X0-+vp8Qd8%+L608*H1C<Z^Gd;BQga*$Y7TsH!k4J7^D;FuZB8*$
zZr))(8?R+Q7qd=RW1Fz{M)rFR4gyndP^?p#EBpTqjH9I>rU1c!>nuv~<Lm|M?%s^t
zZ^Ld(yY>G2sT;1iZkSDR-7rME@r`gM-LROb-IH!&?Y6O>J+xjqOw{ZglhzF<`|UQx
zcf(0#uDs<f=tfI_>c$M}1{dvyp!V&J{BQb1?7?j_p#^>UCAZ)0zisB-w@#08>-#&!
zdQ}?VE8LD@z3O~My((kfxbYU&jfL!ISkp_NVZC_y|M2!D;87Jzqi3>^uuedh$Yzuv
zL0Q5Q5(H$B023HAC~8oyBtjs_79oKkTaciPLlhMi75%-65*4qgsDKMWAi*6G6~(K#
zAUy^M$|~EuuBChW%nV-c```EYKFxGj^*L3&ovP}pYQ<FrmDk$1svxeGtdU$@MqKSh
zuHrOTZjsd*c7j%U({XghPR`FmK0b^M@*zw<4r@O8yNQoP<|9M#kz(?3m<Ycnj|jJ7
zv3TSkRE&>Bx}}&xd?ZpiDc0m85!<9yzAX8;B^mk1282y@H6KI7!d5Ukd1J@s&zLa{
zMh9*rpbtw^gO{9GgBPKBnK7gnelZJ~mlVZIqRC4x5ntzaBEFD{-{exUglI2Syey&e
zG8->Th?k=;NnY-6hrCoG0vr-;cpdl7xydC`<CJQ``b8c~6pZL1g>-N$e;>9Bd;Wsb
zcYC_v(M74(RF%=sp}w-7sraQrdCG}CD?@$n_JlwhlF8Cidm&nU5UqIN(DI%=-3zN=
z2fIe@eLXGwX4Og&4IT}p0JPcd2)0SdT2!^nxp*cR<6a|K?X{6%vf2wMtF0IrCaY~m
zS#80{a9M451X&GziM@wJyc}r%bz#EToecK3l;Ck;;M3;_{1Jc;q5EMbZP~&y`pV*c
z{IFRW$CW3|%0^siIgH9?Tp4dxw&u#UX7hH@LD@m<%K$x(zOx#m4L4hFHcO5sHSrB@
zk?070rjqnj<rQ4H%&hDdjUTc~G&+n134c3SD}47nLs)yWyzk>rpX)G$&(#aw&LNxa
zz-H~U_zaiO*Pj<1R6l;pj@S!-%kJ0<e+$SP8O)s$yq$|Du-1bbEyUpWS&9m@+!6ke
zGxlfMmM`FNS6d*LSGn3-{$)o4fnaq#tiH_hUvkW>u7lNWE&niEHHtZ|i!J{WTXhUp
zx3>IGACHK=A#(K}w(3}{Ze#halMyLdYpZr*bqC8o?Ju)B4y!M*{7I+G>bh8cspbFb
z6eRiYSCd@;-2~nfdR_XjcHj#CoM3}&umJ>ngJ5nOER$f55p0+ZHiTev2zIRvHk4pv
z2sXk78&0r+1RH6CWfQCe!EUy}ZXj5Ff{n4kZY5albqJeagN-HFmjt`R1{+VXw+S}I
z2Ae2L_KoQ2)3gx{Xf8LR2TzCYQ_C5A8G!E%1K-EsXaLU(1D7)RS1Bj^XM}-gGI$$+
zCx(G1Gx!Anj|l@$WAMEIzC8?_e;Q83*U^qP7I1C|!@14G=?^%bFr4d7lUAJs;A_Ib
zgBa`pa7Gxo!I=PFFZgp)2@b&P$bMXZ(FVLLa6b9~Cd!X%qj?@{L!XWyL3G<GqK0<C
zh*{r&q|%aXtEgk?oLN?JyV5yDR&g8Eq{R!e$q<X1e4d3(d;{iUI8U9rWLrZU+@#73
zFv^v5+oN1c%7-NK#jj){P^LD!zZzW1Fv>-if}rl5A)aeOnr*6k!?daS)5edPnx_=-
zDfyn>C!LGmiGk(^LCzWKD{2?7>;M$8;g!-LOCX@sigqb>wbwKT0CGfQK!T;Tc=V)l
zHp#$)--Os9&wHdg<4R=1tlS(x=v%Z+a=a!Pclc`3+3Fw-u_@1cETu9I_wFC+%aru`
zBtdQg-LgHFh}sd$DxgIwAnDo55iT~r*TZtNj;?JT^ff7?7P3r#L(B=XK9VH?Pafp=
zJc`Ioh{6$(a#Cg=$Of4Jw=|$M3YOVlq^>ixyl)>js=E$;O%n9CL?O}XoOtEcOYrg=
zNjsiFc~6O}?&XLmLwIc=wkBX#y4PPfHUGNt*XB)edj};}4NA&)FFZ><T0c72qa@JD
zK7*rWpCoL$K;0HY%0<EKHrO$!8_S_Ye@yUH$BVsy%v93kKtV=~94dpBtJPfmux^;f
z@@Og^U>=f7VE%JbB>ie|7Z4v1k>|IkynTnH2`H$h6m?ZkK|k1N5<EP;1J1>3P#Src
z^ktMqUu@qC(Q-_*v?$WQvyq2d=s+NPK%nVXCLE=o6thj6D3oc?n1U1}DGCxyw82cl
zNi7X`U<yQ(fmXv7fW1+g0x<h91yG9=tT)?y=|Bo_u^<Kb3(%f1(a?+}DOjQ@cs`jZ
zC^6Cg$rKa@DaZ~|P^c(yn{B*owMo)74?Bp06_$ba1Xm`8z7NQ<G+B*+EVW|{=t2@_
zr4{zRvgBvX%4J+xVOBndAIU8l?%t!5OO#M1r}b&b*klvLw8Yg#!m0;x^&ks=R1He8
z{Lk6zQFa+5WtV@SLD{9N8^6Pk+P=dN(Kq@cf<117JwmV(LlCyo23tX}Jp}t78|+Df
zZ6esSHrUeydyZhw+hG4B*u4a+u)$UlY!bm<w!u~t>^g$2wZYa9tOvo~w835@SPOz}
zw87pY*y+It`@jZ!pI|={>?0ejieOs^_Nfi_A;DG?Y=;f@Ntis;><md2-5SadcKn$z
z*E<F`0dSiz@F)f!X#lcB7<ej!cL6vr4Ez*>-vscoF!1XPeiXpZhk>7G@GJnY2m?QP
zMmY`M1PDvR5FXG7X@F1~hVZOLXbK1qhao(A#t^3t*OxeDVL10P4ld$P0H-(%=Z;gv
z$twW<$Ei^8rwqOyz?EU(RF(^;0l3|1iVe@EE#%`%dcl^Mfm>o{*cDv3`z@gzWA<LR
zcRhWy2ZZT#3%7y?gyEeLL5+$28My2BYyL1xd^R2(HLjc>e}4eKz170E`4n80sZUhr
zbUYiVX^$>;KZ@I$XP^&w)e>15ZK7p1&%m7z>?r=#(Rf9le--~-Nq;qRhlb#=xnI2M
z?~m}gXmG9;PWf*58%H$w$8r6MN~*7|q<RlMuiGB~_9(*miXh$gfG`0cIsZSS^gD5|
zpOezB0WOZ>N9dZH_)+(nj{<A4zboO^wBhH030K_Ej2H%!uz2fU$q=JM|McRQkzVcp
z$zi+<EVus89rj0pIaOHvNHEWevHVCh^vXy6($x0Ih3b+1X(5jS8>V=(DLo2oq9XC$
zv*^ta)>ZK&KF6P|+t&+e54J;5%<aJzDR$pO?ZK)kZl(6smTLcsWp5AmI+4ch!Tu*!
zaC@*MidNXZW(s3tU5gIJ3+i<+s6Bf*6`&WyVJ<)~OL>wCFm~c=E`V?$KI8&UwRdIV
z4F^6PM7^gj%D_{G92S^&vxpDYD^Yq8iTJx&INi%Yuwsd^7iDNi0Pqh|K+G{b_#$E#
ztXQHq7x4V06Blp}c4f-IY9*R51P|3>xqy34JfnfBO4KyT&;b_W2QHxN>ld;B=~kCl
zmhCA{EUPST3i%BdRWF0-vbFu$0AzrxRqB9v=ni@+>H>@JAYbSV;e$s8w;xZdUfM-U
zTvw0QY20tPPHQU7Mf}jS(N@jBpn9cRXYiUn@_9A)(bUKc1k_%Fj9t<M=S~t;*DQgx
zJTr)ckL@EL>(8S~JYY6~KQt!(K~VA!AfSBUr+PBJ#gj2XO=f6S0j+{^T5*h=e>27H
zEqkenDF2M2KSSwHFK&*LYj(0Rxh5wYlWR;e^<t73Bws<(48%s!t1(TM6t-Eyo5jNG
z0s-9>$^0A~nmA?)_H}V8A;_aRn2>>P1Te<V#Uszry`3Jk#+IV~yQpdzxVG(T2jhLH
zxYpklqvWc^2k+3Pxsm_A&VOH$e<S*9FFcTeTfsM+6`!to_LRc~qC^|GHSMX5K?ez?
zIHJtjaff^J$r$&BPzMRp;m(1B#2ZV%L4u#-TZQc)IcA3te^fbl<0UV09v4DF;ab&3
zyHdTBNbxyv<7q}I``=<>Td8a<eAHuY*vvXuJQ^Kt>5ZxvkYW{$cKcS+sk3hpi{SEu
z`VKJ@$)<_{Mn&x<`uZUH`E05Sw?Yq^x28|&K%sG;TI5F@PnrF=Kf%?m)h7YHCxEI>
z{d`=!5kvj8mUwrTL0U8DIO@PP$rK~HEuq`NEY8S8PJ<8<lUmb)=Z72o5w|5~^{#c6
z!CA?G(!QPG9#(cA@$^1X^!?xZB)$)U!BtTi^jzhbSb-zpd}~OQyL$7o@lRTd`Yx>J
zT)Z6Sp6_9du9Q6dIJ6B7L|Nr}2z}dt=^34a<lKmT`B4l&Yx9`=;~Z3pL-lGp9NfgN
zmUSC|dVeo`9&1Zd1%i$bae;iYc`xqS@{!4Le2OZbx5y0+4pD~>s&*v~xZ#EywXp?#
z!n~g3)GYFTgB}7~Q3@Sxt>^@<Zy2fwLE~O<cf+Ht_~6kNTF+zKx})&7TmF7%2>s5k
z%1q92c*@5?{Pg7HTv;rD1FRm)*u@QY)NS#2khKDbND^L0ISU*Jq$A;Y!msFkz(MpT
zf^3@z?Y}yf&H-)SGM+ME>ME!82sv_cmMq013eHpz`((ldbj?hX>oL%DJ2cKklMy%0
zb-pDDT|!^KDmsvXb%P`pjexkRLO6im%j>?BKa%j}#PfRatgEJaT#^ZNtb#rn79H9z
z2|ikOQ0!9=lTRPePd<J19OS6`LRy#LhWJ<8vw_ekD(B*du;(DI=UaxS*x>gP`3Y#K
zDm#5T5Ip@kpDgVx+XZNPJ^Qzvj(Bdc`E10)hg<Nv-+n)3!0B94a6MfjD?h=?PQl76
z?HU1GzCw!2t#ShR+l8IRb<+q}0Rp5{ht2%oZ^EX&MfcUGZB&fY8}%|UgJ-qapm3nG
z)<}e!%h;j%fqEp)pO_2cyv8Z1N8wQ^Vk$f&nqPoYOW&xo!H-z~+cE4^?EiOv%cNq6
z!$4}uNFPX~niL=?<xTn$C4~_0dV=CDR|Fr2PuQJDPbii3w(k|5ta>rJ4==%%doo#;
zUjk2w@}+eCh?!>DyqwXkl5EP=TgV1CHWAFrr8q&yB_}QegD~V>_4rC$o9bK2;8;i8
za7L~;HYHD-3Z~?0*CkWO<(Ig7?{+Reg2u*5bS8|?@_Et|hJzRIDfg8lTyDpo7<+jN
zzK(8AXE7Z7gvY_BU^1-3L*kcvdRVY&#JM{Pig}caG6&39-b0uT@+Xmy2*Y*ITz$)E
zMXjYzCkc~PWO9PPusD@V8iWJfe>%v7X%9yp25TNXz(Y|Zw20%{MQc8JKubwcv}jDR
zkJ;#-K$c<rz5)qsIZkCuG3H^|)JXSatf(uAfcWS2M8%Z+EboxE?)78y3daCtvLruO
zKROqGik|n?iDZSvTwT6QxL-ci?Yl{U-837!$1hHxT3YKVr!7X@YxO`<3fR(}NZw3D
zv4_YmBr=yN12;QkJ;P*!5r$2=?HwdexX7OS{DU4TuXjVC0<mD!vOVRUN7b7^Mog^L
zPEvTrD%t7EW>hd=k*vMfNk+^SCfZ>(Vv@ra8Zm*?0fCX*6ur2U6_|~_Av-GeHIk64
zNXRzPwzC~ILzD0iCLzT{d!9*13X)(MBqS*kf~Whk(NZD-XB?7%ztF?WM9X6m@Y94O
zeAlQ~$f><VyM;+W4*((orn({lssr|ed)Ww&RB@11%`k^y-Nl+4xh7TDjNzIDT{DrV
zO+181x*^39{O*mR_~Rg7&^KU%9c;6~*2k|vJIjCkbi~8(=gtHI1FDB$eO7fGtcL+r
zLoT=cEzjat<K^yX`@79%`@4ngf)5ZZ&j$Mk!DbL_oDG&su$#M||6I0D_w%32Uef(M
z=duzOO|U{6Y%;<2cSG0=8*CcEJ|@^q8*DnkUM1LU8?2aM4-;&z4OT+1Sp-{PgUun>
ztpvN<2AdydOMM7zeRB8RcS3$t7l)boDi~Y^;3vbt-!OPJfIkWYA7t<n0PhV0!(|Tu
zo(N#)*-&tI1`h>r`!H~O244x_#4vE;SvvG>0O0yz;Q9<ccwB<dg^_md41qrb@E>8|
zwA1wNR{@+7cB1?^gO>q#X&Cq{gYN|JVJIxzy4$Wd!RG<vvkyAJQVeSbYS<LB+kqye
z$+AxV$)P_(xJ|a$K;T~71U5?XW>b<#uzdv=@LTa@Q<9jn#X<+^@Sx8ZJ4k^qK!KFw
zI#R`L4iz{)QvNF2Q+z4Jv@Eemxl2L&3+dyT^08UHe~|jCl&`9H^;ZnwJ6q_-G<1*z
z_WZ8?XnbtAMk?pFcn+PeI|DPl9nXT4CMU$!#h0LBdDOy>WCA=c9(>@ur$oly7<6-|
zAjR`2=XkRD18C+K&psRAEQL}a0i8U_u8)^oWYfnbrdGz=)CE;3_HCck*dE2b`bX5{
z_H~rsNBIh?=q6~8lI6RXWNz?D+C(yUxVkO782y*-4f-!_I*+ameVmX8%60J-kVebY
zLyN)l;2j{T&>-phj;LHVT`KE~jryx(y$Wi?{0njz?s<tM)cG%I(K$(sxS7PzzjpRl
zk&E$S=>sIQ{wga&^7Ab`kb?G<&)}AW(-a*<O5Du}l$+pzA84T5^wm1wK&8rYg@G!Z
zbr#dqxuHw5;SPfqIM;SJhViK?g!=|+5dmVN;{h};j<jP;nc-C0@x6bfYwdVyK6tfH
zojg%%n+I6ibhCCmynG(YU<n@YU#_x)MP1=pjnuRH{Oz-T;b(zTTxh{lN~%~#RAMVV
zja==;!Nc@4`JCIQjhn5XgI^IZ832^Fo<!RE@2x3NtrDLV>LhFgsu4nL%YNj1x`T=z
zXGCdBa1{wF4v6p)tg{M3l9pQhlu|>B51dR7ioWHsz3u~jR(3xkZ1~0^W%k?4y95or
zof1@Hipvs6ZB4MLtzaRcb#N11>~KMLDk+@)7e=ZS$9WEkw1#{3Y(!_gyGX+gbOdGg
zvY;}1X@p1AIT!ZDVimTLm?cNq-<(z0maA#4HCe6Knp+$LMFn@r8vd0kzPN$b-|Ww|
zdWc>6Z6npCpUYpaHyt${SigN$wuN1)#Z;}|a+^maq}xGS*Ixau1@afnaA!>?rX)d3
zVyIi(*+^v)8N!s*ex`SVRMDL)zYA8n#S|ZH58FQLA0Z!KiG#9W=-pwYoYZ*tY_paS
z>YQkEtWE;!6D8q;965<Jf9E_A2#~&59^1b!nV@oD+WpytOpj44-=?^I?hFo_b(Z1L
zxSU`~u>4ZlwMI-mNXyT?F@MU$qA_v_y1m)p79L!Qe{yh0p}V@0GALG}n^pnj&?x~r
zT>#e0++E&qJCen5ROJo5Tx8vK1+6$`5hZh06&bQ%#hsq3S6o1pAHx;5+oBcs%DuGW
z3dwvlnznT@p<NdovqJG+gR=qu*HH$q32NiI`#^Bx8q-B?I7I~$XJ|IRV-sPahl0n7
zr25B^P;dp$sldqOY-ft>cJP2gdAmGz#|kwRa(r@#{339W|Iy?9Q*NH3e+=1p;VGL)
z@%%cloSI`~s<9K4foqiiYWct8E=t+r)+t-u_LMDdPTAscZx+!LD=}ru3b)S(Gd<JS
zbD`$lskYgBYJm4_*k-5X&6uRQ?gZ{K_B2i~DHAEhV=#?Vh8&ldZlE+y2{7iVW*Vm@
zy}MaDV^d*>jWrSXJotrkxkOn(J?!|VMqZ7wZGL|C`+uCDr4Di`+-uPnW3R>bO%I;|
zy31h&dCNj}_Sn0xq7MOSwXp-a$mR{US*}7W7|@zP^@$Fer8nMXd>8irnXaAZ<SZSx
zSj|%WF68no-JC?<1)xwgtw)<np{Q3c(suzrUZJU^+Ck^I^h}adQts|0_T3%)Uy?6i
zzYbME7CeWUw8Y1<%WEEs;P`yvbi{AOduJoMNl&Ct$JTa0%J~i(oDW>g--uLkgM2TB
zi1N0Ly>uvE_0q5LwAHuat$yn<+Uh$MP%fx-$J7R&D=OsgnplZQ6$#?8W3;Cy;(j7`
ze5oi}7H=8%$tTy$<Q+UwOoGM}YHsI>LU9Mc>9qkd9AA4vyg5M;)`y>6Ai6=z&S3J~
za=t~6E$Sk9HT2O49Zxw=yxaQ+?<=x>KN3m4%<}Gni_+jL0wy}jx%7?rqXB*Z7QYRP
z`gmrtBh^{<Ev!;0E<{_-C7){Hi&t0S{{OhT_VBit5wiOy!g+}cG$mIRWayRK{LiNy
zB>KtUFYxai3CwlCm!bf_87LLX)ze~@UOgwoi?z6Vp5Z;d)md6S8MMbw;nlOK4ejw6
z;@diMk0(<bY;nxYbH6EO#!j0$Zer2IY0S)2&CJIvoMwb<Q3)hiKG>ue+V)(y!AYso
z<1Gn|*1~LWu_yj=Sn3;m<uUrLSd}vYo~c>wG}HK;y?-dks%<Ft?fZ{Ik?bJX*$Uq1
zDtMzyf?W#Jr+O&{w2EwNu&EtFLbWLTDi^mC)(-j-ucM>~a*s1)Vj%s_Vq=t|iSz{C
z<2s&JqlA0hFdn6Ux9So+%ubC}P6wCAhVOC3Q{?8A=m<?z`HKh7312xync*@vG^R&y
z{0$yCsWGL8+t;zH6=BzDdoJQ;w2d~S^h?gaFKXOIVYZVSwH*7Z93}r?wMPMC!(-I>
zOApYCBxN6OMR5?iEa?y0qn3<S{m|$SwGqWI`bvrJe+gOKqC4(Hv}$lL+T8X|h))lv
z;}<7wENpuL@!sK}T>IK#CD*P#tmN98v|RfzLo>wV(ImKDswfSJnf%xvZZ{5wGQ=4D
z#2XJ2xd*q9uq%K5EPvYWds}#53GPpyWO=_vs|DR3qjXVDSaSMjt?@xrf3>R>M)s>&
z{(5l3q2xR0(XH3$K`<W6Y2h-%DnU?&#cErl&-IMbYqYw1lx>YphV95$qf4giiC!yO
z)|hK_B|GVkOm4WTIdRaNIdCS#?wQAK{TmDNW{kOgV$lq_Y%kZ$oN)w~D!edtQwlJV
z(g-%1H5~4S^y6OR@#ZEdO%~R^6^!zZ?b$2JT*+xYqav*2RqV<Xwvt!hX-F%*e-Ex?
zU@+04Hlt)>Fy|-D;HAW1iu_rJd98M3KmrEMWEW-<9}_%OAK0*$&YS|NYt=Y~g^VVV
zFdfYdrc!ZT8Wl50>~c9+X}~n#l0i4sXR|m~RcP$8IeuiYl((wsbJbRb$2*gGL+jpx
zwkq_xT5OSt5SL$xrIz1RE5g2Yv)s3qoKL0JewXPsxu`i-cd`5jZPm$G-PiKJLp#(X
zE&onjT5u1r(NLtw@$t_>Z>TEG!Ir?8AO~+@0XSGAf58TF8Rz3&dVp5?(c8$Q6SHT|
zI-quu6fsHuuIT`&H<Pf*elZH0)QZh!lT6(tRb(7c+eDWGYU4@Kc{^J|bD)LdNf&Kd
z2JM?ly5R2iS{RDQHi5kqQvn~Sp^avwei^dyRgHSZ$2BB@jos8g<i62`2k7|sn3Rm<
zu#3Aq)`kSEIe~`10nOxqd+|n=XyxwbbH!-4KsZS51o;)pF-tYwJ&J?R351fm?XhK`
zXJ-ls=wO!|PkH-+hsIkfsHbM|G7|25s8f9%cw{dv-$(C*Z^&XSRWBA6{R3Ym)K~&r
z+<jIeQO>d_;Aopq)jYnE4ELlhnCA#T|BjR6rRwP-V&m~hoa_nP>Qc0JHmo$fNx|9J
z+)lpgVcSlQcMonS?nUn*LC(cj$I%HdhWdJmHs)tE@biP)`yH|5Det$%3r7g=g|O5u
zpfXbc?s9yeGlkyk?1&uzZ$L7t>HV~2!4@y4!SHz6R9w&nYE;~y(q*F)ifl!T2~LKU
zzg3dxbr+gp<i>Eo8ZKeKi_8VlmUbHPKr;9EI&{#TgWgupSrql|rW|RDwj^{rSkq|y
zGB>6r1AnTbky4QEY*{4-VE(W#)n2)1_cn(`>onuGKdfnFTeurw;iiab|CVd(m5_X`
zz>gfM+z>yfH~vVIKn@Or?!b8lOa<BO|4}T?Ef+k%9WiYYITV03`LaAR`(x~!dpJ0V
zLEP#1(0o!03ap~!0aZgFU(t{p-CYYU2uxnUIg6S}>LfUo!NonZ%4b2&q9Ho(4n*O|
zr$FYSIEB@LP8Dj4ANOy?nbvPrv#?<JH!&FAhk$H*;-VWQU^)VBwFSdNFni4{cBySr
zfV}$g0Ot4}xnqtBbF!IY;_L*RTf=bTO`LxL&T+X{2lLTGkLu%*bG2!feTY_8#r&rs
z(wT~AobDPEHcoKm1pD{V_#}mnPx1WV*vziAk4-mYZ007%{q4X!<9~++rhe0~fmx3O
z^XEkX7;YaJxnTNzi+~$#12X{zW@Jdj35(NlBKJGln`6Ryyig<b2ZX#ZgvJ`7Eg(b%
zB8&%x+2No}Jd}nW+_;Ug2dmVN;~YuFm&zp_7j2dFU<XsYjqZ2x%`QoH8h)=fP+Hbn
z_=3of%BmudB~CW#V%0RaH_7~!?rTE#M{yHe`%zikB8an*lzhMVcprGCkxZE7o9j%X
zPmFIZ3;?k}PQR}kR@xDeqRV5PaAlMgU))e`2N^XTl>e`6l0vER7gguhBtRK1>?~3K
zpO{zZ$~e<B=qc}8nzea<3|Zo$*VAPC(c?V_l>a_A8WY@uOVy!3b_Q&_kIsv>HW0;%
z^Na7i-V)~;q8kjx36pOv<<7b=-&%4lys%@7QYnkbuitwoDLy&%LeE7qWTPe6=sYiR
zmQ6fqbNajGB#K@w8~?qf>WjaOec**}<h<MT7X|Vpz~T1DZ}D6kBoMnk+jaaf5JLYt
zNY>Mo4VOxkjTPV^{&dt|0TQ~Jx56tIZaySu*GqNH4C#{(Q9IYhIA}77o4CX;ExY0g
z^2g<LoU(=gzQcdtD2K3?YC^7>6K!$e2G?wzE^8{xn%AM`8LIK$Pk(C~GB`!t@H0tZ
zF7a(qwEi;HOb4tf`XNtQB!X{yv%gi-7wEW>>1n6vS&rg>VHqPC1X_>b*7v??KR>VT
zeU>}wJ^3rLNHuU_B#{c9*85Gvo(3oDQV%&@+TSW}P&&t96%TVS+M0AL3{^p2G(8j^
zU_&=bj~iD*D9RB__B-Cp3?a_2#M}8D${a42w^-M-t5q{lKBOHzq_2Jm-m-x~I{ylL
z$PdEykZDc3S_Ig)SIN7l6KR}(@tu+zj5Xk<8?u4?1yS{jN5E2j`IokEzsn%_{o|)?
z0T=H_5D)EYYdPO?N4cv%po8-J>J?uip;D$6Zvmpuov_xC)#uuTA}MifjlXrkZCjjg
z4YVDsw?ca)BD)gYeFi2tAE{Kh-SjV0ehAGE|2O&K7apLzym%GEIt(Y5N<WF$+Y&&A
z#*3{%%%i|@kPuTj=o~X+gA+2`!k(N#Rp7PgOV9ERPAV<AL2d-?>XE8<@3(CsN(6qc
z#Gln@TKAL}!VPel$&%+Sz_YLEA{EF3?(CJl+Q^~oe0L2EWfFw&eLp)I1?v>JGU8Hq
zc~h6WI_8TwY%%$Zc>86^UnIa)66y*Goue&&d%8W{jXn&ni}%V6iIRjYIu-9M1I=#H
zsd~=EH!%Cqgc2pi-Z*QxrIYpnJEbMFto2~uC#}bs32ygC`wWAfWy!U}pk@cVLqY~%
z_T8>aPka7%N;t5D7o(;YECbo#TMNjd;e7B~?Y!`Jqf0(4`CoKNk(}ZutJ1Bo6Ogi>
z$g%70`sDOg&*t=1kCyiQGi_B?0@y|1?+*UEm;Zv91G5(JU*w6rfkChby#_ZR`FA`2
z-NApAF-7pBK!6xu&6X3eFf;+Hgsiy8L6cJcY|cL=w50=c;6kVsZ+dRI^o9+foYXiI
z=I@qTaCztMexp0@nq_on^YHHUjt=j`Y_V=zy5S3{`ViwU7WKQj9y$2cwK@1fW<q1O
z@9crI{RLsra%krNezv#VcAnY(SbT6!L+T#+@@~R|hG>}6av{u3juP+Ww&4pO#527I
z22UWJkSO2#fvEXi?UW05b?0e>Su#AFbQ!}U@!iIR7OU=piQK+wzvlKgk$o2>6Si~P
z5V;-qpSi^a(rIgYFkHgq_TRBq_#|KaOKeCV1esqDB{q#|gPWD)eN~2?_jAB|tzYrJ
z_{;x-_lnub`|jTi-bc><-}9cj<vhG!9Fg}+xHb_Jo0KHTN!V?tczJ6ZYthMQXIX0m
z!^eS^5NK2Pe=gUHZyeOY$v&l95fz_kd*$pqLh`J{$C7mtxYvnh#w3Cr$mQV_r?95i
z(^sWDc384u3Mr3mogDNY;v;GY*lzdo9<i6|1+`AQdbD9l-mxoP9~pZ%z#O&$=pW8<
zD-L|D4u0~cPMubiSCsGeX18%~9G5?K@)%hK$3U8y>tl!+a@1a#4B6?(-t*OoH0Ajo
z52}yb<1L7<awS+Qw~J(DbGx8P72=n;=yK@HFAj)}$mWNe8DJ!5<8IX%yKBYqFVl5a
z7>~|716F<tp%Be9TZMVkXXK9=2W&wEg=8z}bn$pJ@w1FyX=#39O@0hk$aOyU1*W}%
ziZ^p{twSeRMOG^Lxn_=4$;#um7_3}Ltej+H@z?^7UM*xV{vejj=1~r^7h`1ajlZ7>
zM!dMWfZJUkD1_V!<y>49g>GKiR?!uFpW6k*_k$}+Dqd26(T;N7CxJ~Mg`xnBYYE`R
zHI2!>s^b3+6%C}=zk|WpzrcmuNAS@{>E?X|nREe3Mu>T;>5plc_ZmX$ki_RL3Rg^w
zqHx8eC>5?4N~rDrg#SIgE$#Gj&K9X*gQyrn^=&_-!S#3`ciOeIDXA#6&;H4yzlj^#
zz!ZQ_yf}9Bq)y-XXB2)*8`~Vs8<MQ@HNl$OU`+_NkzlQCuoeV+nqWybSZkJl2-e;P
zyA<br+S^@`>g;@j>K;J#wGi{&UsA27<+=vufhlH+aiv)PpKM9)bcVmjY`z{k)*+kn
z$J9EIq&F;+q*tv_U;FOI$V`(hW^IQUw_{=c@+S$wDQ*IUA5MlM{Hzhu0O89pgw=m3
zgr<P7;;&GIl^WqlwL~ZnLzuwHKkx(gIpEw#Ox6P?i<5&>ubsW&H7EGVH9hQrjtt1I
zX=w)}oCs)ZxEKeoI(J+jC1;C2cgmW1a$x;=xNU9GW0&*UnE=Ld`02{sYVq|v9Z84V
zQPn<UJKC_%*pAlhJEL7BVY^$pGacs&Y^0(#laG5rGn&4WPINeWeXJ~^TVzdpZaRXS
z!skS+Gn=OCrtn1)DLa*^pzTg|9yE&ibcuR9)6tIs$Q!>*`On8lI?<oGrYk<QR{Z=0
z9rO&%JR4-^(=XJcx5!`ms5)CL|L{zp=9-#*H8F74B=-#t>JwiW?lvGRd7+|(*}=2y
zC`n@GcIraVNritb`E>rVs=sAF?}n@rSs;oP!F9R)-Q{BvvV04q>iUBeWPW}J1(~8w
zTqOpqfLlq6TMt;Y2@Pn)O$L<CcUi^t2P|3;BZc+7kcr)NvoXS*d^y2y$sxd7yvMmb
zGr7S4-#wA;o5a&9_*Rr)_B17IEZCyGOiGIKr_LZB8TUr{W9pb0`9&ytsE_k=^{k*5
zr~NQKkv`J7VC^m^8=%LV3Wt0paE`4$)|5~+_QTdu+Rqd6HFL4T(mvsMbWPVxud#(R
z!U4|p#?kfskJAkozLo5|H!``o@-BGl1La-NYV0J;*IYC`Z>;9&x4I-^qlD^J@uHKH
z3yGlzz)~zp!7I!pLk2ID#5VTdOgu&J$KJ-pM2C)vMCmYvPpQq=NXbjm^@eo#`bX(H
zUJ`gIU>T~J@-z5ivleSt<SRdeG2^C9l|te;o1ekub%~t<K7ubGb}A1NJB8uw6cYVy
z+Y<eyRGh}_EOF>qNn~dQvt!0gN_Iw!FxdI!!*m@-3GD1<cADaa+>)KB&1&))z7j#%
zc6L1Ru$y_vC0~g%2Z)EgK^}s>(eg(F(^q0Iu~Bjfv2mD+FScPvPof@nH{=R)JA3JG
z6{j<lT+PWgxN1mTxuTdW$|W~4`69KXI#m)^S?`XSl0W74{OL11-dria(<K#C@@+h>
zi6b5<yXEBM92%!Y;L$!le96w#OKq3zI4=pmWCu7YVNOCW*?H|cgOh>V({-Lo;AA~>
z(uBi>#qFEa_@M4Fqi{0N4)MYhgYG#F=3qT@kWC!iR1?NQC6WBeWvo9@u^}_Gn<(9@
zI1tQ%p!&niLG85$2Mepy^<5Ca0VP`*ncP^7#WU{{2Q&f{^&Bz+IdzDBY%A&K<MKy;
zr&*R79kx<ZDd&GtSJsxOSj=jnJD4aE`M?~F-Zi#_k&=%NCLbHB(sdF^;9~{zk+A7v
z;$!!Fdg1?;hYSBw`EzGph-&*BtF|kc7Z>sJk)L>>y9;oI#G4H9od#pO+3qxm=@#Km
zgL1ml02ngwHjoV6G~8fFY)jYI8URD_F-jZcsTKF0np!j{WAoJ1nvt*BsbS?7TT6B_
zh@I1d*hz>98yddWz}ww+t--0(2-g~v)3pY`iFv(&<YcMG;G`{aQm8m7VNM!xK)dMo
zuHuB&cV407q^*17to*!5W8|8*O}13#sDwF6C5}2WN2TE$@s$R%y4$WaNbDZrN`rE`
z(!d>ZwSnYl<1m9G&(?H(s{wE%n4^YjY$m;<I4YhBVgTG*ldbNpQJl<UMO`o_Da6T`
z{lv-Pa8CGAgW)}Fml`zc9^q1ha=O&O9dfyW<mB*BgOj_rr0aVPq|y^Lh7@%WPd0*v
zvSAFo(#KNY$Uiz;I>p%P@6H5Mj6J~xOfgo@1xztk$_2~<HG>P71!_DOFbmWuF2I*c
zc({O3r~SErQK#LxfG1e(zdI8lXGuTQR8?@gsvXF+8MfLiuC?10uH#y_t@cK)wHbpK
z-^#T)w%R<d&9&7|;MxLP?G&!H1+FZf!L{~$EwiC^;ntkkP*r=}%3+pvc|fb)_Mgt#
zgZm9>x2(xARLABVnE*Ox|0q-E>=P9+KmFii5fi#cACKsfx5ZW+kJU+*zwksv&A8vm
zh~fU?WJK%-ZK>ri#_Dd8z*7+)a?V!W2&*r*{2L-?7?@0Y>g|7G#|*LA2L_VuU@*Zv
zHkg}WR}d^>()dOMyU7N-o?w6efv{U`u$$TbL9kpKY&6?H2$pYy<+1&PU=foO+)c1)
zHrOPBjVD-<4OU37p#%$0GGJHA-}qDI+1dHF)W28#8EPOH%_&Cfi`M{Qcvx`!2#v4|
z5UvSB7_1Sd0YZ8hLLZHAEg*CXLrB#KodMy}FogCRp#dN?4?}3F5o+Fo1OZ_PPL1#p
zAXs4tF&g1TKsXi_=Kt4eg|Gw=eh))9q!A_n!jGr511oOQQC}IG^s!yWCM|XuoAjPt
z#wPvQE@PA4yvx|6*X=Sk>D9Z8P5Oyl#wK09%h;q#cbUGjwIX*j`O0qZVK}}H+Z^<j
z?Z4UXD_bi%bCXBRCW)JazOoI%nw+YnCbyeS_EoAT8RFYYW%KyFQpKij<6qh09sZRg
zUgKZ6Vs)j8NqUNZ6^e%|Rp^1Yk_<4wGbG+wUg;`3SlptlviPF$%ang^(U*pQ?um!d
zKeyXKe-U{d1Krm!-7j@F=<bYk`-c-+@E0^_%nfFn4bE)B2AAswmj@f{-9!c_P$k4b
zvsD$fI(1I9;$P6}C2j>OlxS$ST1Krt)2%)Wwkq00#C_k*XfTEvtkw-y2OA9J1}~cp
zx=@2s-Jmqspb0m)%WQD=eQYpFHyEWF>=!@1Pp;5ex`FnGd0&m?d+(Ex?8b*U-dN?2
zSa^WEypFJaDuL4F@$t;e*Mg@`v!#wyRKUkG1=Gd_k7vjt<4I1;s@_WRQd<)tiB&vF
ze|i5-L&xqUDf)5dJU7dKl!7kx3JSYO1%LjI^gE+UiZB=v=7vYPWicB>z1RUptkGi|
z$bsJ?QE%2La^O#-h%ij4F8k%q{hhfNs&||L=PTe?Wp#*Pz3vta+({J6caVpCytwN<
z>gFa7>cE`|?@{2+=Ut6(m_(8N9(8-X7|d;cSk~YA8~>Ii4S5LUdwV9kef@`*Pe_2%
z*1_xAV666wZ7gdz+*vI}--amW0yMD^Cm=<e$8m69-qzK^ESyjUXB&93Mb4yI?<;50
zEa$7AVRAL>Ak6jAISr0=SJI<=bRy>IT~l<aK7Wy1Ecsma#iA{R5>Q;Lu=RD&S8Pke
z^#lZpPu~VPwsmrrFFi=%&tmYbnDdgyL@fytwW6m<)H){WNKtF&B}mW7&lEjJBGB{1
zRycX;nGE4>7*uI@$%j3jeTGmHsOCTr*zA09Zl4Q%gNo!Z;4LVV_XGm|n_8i|(c5!9
znMP=WL28xvu8pRh6m=##doRySZUmX%Em4a}UDf4?qrp8plX9jNfWf!2<JkZlr>9UV
z&GMcu_vYVX+|dvtUf!&2!(r;t9{DYq(dlepc=^BRlzuXWpcjDIeP~Ar^#U($(Y3Ym
zgWKnX%600H)~#Gk3dF}wx`jaBLZ(%PR-_&wvFIqAy(Nt@afPC~TEW0{O11@9Uh|60
zJ~XaK1z1iGhA6gT>kthKnvBbH@UT6X_KeQors07x4!JkO?fogZX{h{Zu`4>T&4`Ml
zE@zt&@w!)??g~EL<*OkNvsLn)zQ*b9@Hfe3ggZ+)9aoY<&o-mUYyOM#_gh<%`8dbH
zR-`DR0FKa!zu~)Kv8=(f$8i4W(z#eS^XH=C#awig?JHZ^#B%uQIaHs^HnBZ@45fI=
zI<h4x{#G!59h7gx(wDU@=^t642BeGGfW$A#&}`iE4YBb|L^kNIj@ZUb_gX6c%)_*v
z$gNatZ0DzMr}`btMpKiG7v3NXQZ%y>&nB_UH(f+*Y<o$wadxDNL+gO|80s`OiEKZL
zruU_4Zq|QI+|Zq`q1@2jC$a6An<Of(Vs28%?v<+SVHy1N461jrJ#6q*1~<E3Co7WT
zri8g^udGNXUR0BA#@Oi-3ya`3MzA7H$S)c*E`P>Y+oZda`6}Tzr)a+RenothM&yfb
zm5FV|d@ZBm8s=*S(f^F%tAd|iLG^2yuc^HazAWNvui{HEU&+drbjgdhEn?c#d}T|T
zHeT~Hy#?En_>D=Lp9JRTa72C%Ge2zJvtn%g#FGsyLD|L<W9aFLRG-AQv8OW(eo|i}
zi&6~plf$;LcIpJ?x(Yq(-n?F&z)Z=XF(Yq6zCF@&U2|e8N4-`uHNdw3eQ`3tlkRBu
z9+rnPeWq~kUf%i}dNARqxNK`Wn_R%)Ph^)O+46ZysJsl*F382DNZzi^dA#0NuGS=9
ze0|7zznqEO&O|2Yo`3X9>iHcpk$Qdyb@d+{lDU_P4{=ctX@^zMpX8^Xq<V{OdCBQU
z&%gC5_IzqAvyl-?Y+SafF|qO03!06wBZ!SES4vPco!*RC!G_=orCIrSC$Zv+jl_zJ
z?2v;w2~;)}?`2kU$o!bA%#sEC^a83cWL8G?GFYkk7ljKeRw|g4OE)zmR_X;=c_~{>
zqH$xU7Q<<goJ8$|lc*^%Rl%>dG*idFAg0zvWNIyOk=L7J`lz@wogLYT_#KL=-Td_3
zRKJ&*DoZn%YEDcg)M2I)>#(hEQ&VCp?Rm{q&2?%&PPskLu;-t>h`7PFUOKBKZc><=
zq&ktfNy2x<_TYRhsZ>15BbHHz_T4(njhmnDruuBUKP~O8o(4DWS4f>u+$>>kE>Zi|
zgjHGyn4Uj1Ps%oW-wJ+TGMS$x{KmtYpPU`U&$5X8EF%U~ewk;exRnR1g6LkW_*u_S
zUr+Uw%+GH<41P-1&?&g$=Opvfc2fi5=dtG$Kk!A7>RleGcS+;&<WI%WeNBj=ll)4d
z8M^m#V#tb%#E^x_mSeABh7zdwB{P&5M;mUOItq{D&lc6E#t}o!Oomp!Oh@5y%uqob
zG1O*L6Jn_9Sv}nz98S|sj!uf9tL|z{%oOnJ_G)G}en!j`Mr5XtsNdIz55lSVH8Zn>
zh+d|cS;0?VLG{ltGw$vNGvB>L2jPmD-ONmDH9CL&Q;p8l{24|0<Hi*6=*%w64>Ht}
z8QRUS+^re%e@YDPjmXem;$UPZpMg`cnE5+NgoBxz&cNe&|BR>4XFM@9tDC`4U1G=;
z&kVWaiJ?}Cp_EXD*x55l?r}keaubLlH@|X+W+;&v%8rl3P&U3Ub}TcLOT}LY@=-Vu
zUZ@x<;is2SeJL~aLaM<~#*1_mt{7U+47F6d+s)7D>2}>Py}L<aGsw-0PF8jJecLrR
zLq8#IDkE}JN#qY=Zgx=dICHa`sNSo%5&U#P^@o|8-CYfC?x-LYr>;_Q>Jm2>tHtB}
zAI;69LnAJpBaK*}sY|b`)XdELnDv>u5%n2-RcsD3<D%lX%#6D(ZOL_&KEqGXq552k
zJV~o>GV|1G(q|MiE0~!?r3k$Hv}We}te_&0Ulin~FLSek-$!wPQkkhsuHNt$2~B0X
z*Am?hF0Lo~Diz(^`8nIEeh1TiLl=YYeJ_v#Q%@-{^@#2kYK_D^ZTGIoSBrj3L0*vb
z6%AR3sYkC|s|VufhpfZYi>Slk>tdZlScjovDGx+SJ=%KfDIJENo<a4ldc@G(oehSX
z5<`WGp%P}Oxzb^JJQZB@)5aqgsKc0&zvk<k2CT#In=3S5t(mXVh<ue2BadaV4nxHi
zgIR|m`kzsJRj8*^{aWVhrA`K4eV->CM)4(>uV%{3aqCLEnIo@=%^blGXA*NG_<hf4
zZm!+V8calP4iovanH#W7%HkDVjIU2yaDAo0)Mr(K>XYgdH{V}ra5HrkX)yJb22-E7
zX{zMt@+b9j**{pz(LteRa(&iY_+=|JD~qa$mE8J~Sji>Y=QHhvRCIE&gh(z`tSsTD
zFQNKn%t~XEmFJ#ARw@-M+nJS%)WCf3gl%9ZPATMp3A!n~$u5iA`F+bYH*Z$4f)kOO
z9YlUElfRdWjkzd@>cfhgll=6PRBtsPZU$aqaP!r(q~J7A3Qhy!riofUM<3TBXHnjm
zBKhg3<ui72-i#SM=`>$QaR>4w=b!}>B4vK-wo@#8u#M&2w&-MZ@i4M%#`Ax|9jHV_
z(_LLz*oHDVN_{h}?H~&HA&cWim?E6Pv1)%RhFcWWTy68Hx>i$}DajmMJb5x%#|8qG
znITlZ4m_fN0m$jNMn*$nG^n&olU)sH+i$=sZ2^@F8<0x-jOwZi?y3Z}b$+-)TT2Qj
zPb?ZUemZZR6Z5AA(-7@v|3Pf-r6k=n_8Yd6m&)1(5tXL~Bv0^QS5k2s@1)y_$Q=!o
z^2ATyP4#<u?1!WnWB=_lq&#8pRC#RmKyp-pp5E9})@{fGi;nMIG$V?aKO;vKpj(`K
zn~o!)_rxDufY~g5<pL~J@eLPX0}>x`0rpn$9v9#PBGz&NK7`^qF2FZlJjw--UWAtm
zAef1{TmZ3COydFw)#7$8fVv=V<N_!|!p#NH^h6&nfD$XZD1M-Dsp1FDbek%Epb)3{
zfivAxZ!temILHMs>WRHv0DGnQk_%vi6;)hVkN)paFx^R%S$j_%D}qzYPqKE=+30Z3
zm|qcHxiK4n{R~(U3izD?&x8UFGN2+9aF_vM!I4K8us#%UoB@@gfWH{9Jrr<;0Xsqg
z0S4?21w<J+hirgY28d8VJOd7g0_rp1WGJ8!1FX=)hsF$u4+S)3Ktd>>1p^X80WBGj
z6bfj=fRs=`5(8300qq!&5em4R0j^L$$2cp3V^!BUyfy_>#nN@J7;ooWLIaKAU=-0E
zAskGKVGa(rqI^Z<(g0ysaMqQzXlueCh_~9N;;mpk*yF9TAl_<g;_%*wid+Lr`*y{6
ztC(biMz|mD;NRR22Pa!EEKj#;*6C|$;Ie8*Sg_R}6=|3(1X-nIA&7i|$wIK%1ttrj
zGf#d?#eeaZwg1Ii;DothXs+E~J|P#RSepwHnAjHet0vfN8>~3iij=u>+piHF$nM`~
zR_m~>!M~Z+7h(04mjCQ;5go|h-yhL|Y?g@V50~bT_{uG|>c&{zQ9k5%v$`2pca{&S
zF{_(mbtlVzpe7<E&mS<WQ6O+7TmCTz&FUsteTC(3b|@nD=aH+uwGk<C9gg_y<A)=5
z>??mneD;VxBldTbBN4NZet0Be56(Lp5xeKHh|fNDEFvXQC(s%2#*fHLGTP=PiT8Z<
z>rJps8_Y$pHU!JE!3Gh`L9lCWu%QIo_aVY=u)(e)*oOqmvB5?X>=lCj!v-5gum=ft
zyA5_5!HNks!3G;kuu%k?Y=adLtRKPdw85qj>{5cww85qmES6w%Y_M4b^KVC3sSP%l
zV4o6fu?@D6V6PGEJ{#;Ff;~d82W&7O!DbU|xed0AVE-W4<2KkM1RFrGr){t&2-cop
z&)H!AL$JC8tFXaV5$s?!!d|h#UL@ET1bf{E`xn99B-q<F*c$|UoM7+TVCxAsk6@c^
zu=k=vojKe5NFIhMBKH1t%irk7P#44w8sXP+xJK#6h?{Quk<fNk$5gvD(C+Q9P}X-e
zf)5bZgdx145$*tlRbdD(YlJL7SQ&=!oJL3igymrfPillXKv)`v@UTYsZK*^k3q$Z}
zgl&K@Hw<BsMpy+1MPUeYG{Pc4m>h;MLnGV{2;;&KCTWBLfG|1?VXQ_-0)&xa2)Am4
zfKMWL!VqrI2tNQqW*EXSjqn~I^bJE8s1a5ILeDUSJ{n;TAan{t=%EpA0fgi*gex^d
zZ$M}rhR{wUBmzRyFoaeb;lzCsp+OkJMH=C2K!^!LsIL*;1cWn3LlL4i!g4@38isKC
zs6v<l2nWIt4r_$#0pX{kbV<xH*QtR24Jn-Y|AoFb)#4Wy<q_NC;yhxkGJjlQsLbzI
z7%KB?6^6>Zs=`p2AFD7_=KCrPm3dx;p)wa%7%KDF3PWYSslrg1vnmXgxo?G`GIy;o
zROZVn43)WAg`qOXR~Rbu>D7kHd}y_yGXJ#NP?>kFHdN;7)rQKvakZf`zp~m;nV(s0
zsLT(qHdN+&WTD$0aD1)?3&w=y<f{649r8S_2B*mDWhGsCjy|XZK?R7Fus7K8th=m`
zdbClOBib$}Z|7?8cE(3HSPq_(wW7#;^ofVnqe0ge;$e<ahr%8%fDA7_;{ql*-pmEc
zZ@>k-?PoO?Kt~o&Z~^pUQO*U>g+(bBK>rmpxBxn@7%vN@N01^=b;V5#1oc*AaRD93
z`*H!)SkaXWpt_37xPaH_Hsb=OYL4duM(dw`$cU;x#05}4#ZO!Sl~e5E0;rjy`XS}%
z{T}`z7d}t#!+39eai_A%;uNL+h2&pT@%GD~KSTG`;WUPaJ|t*DfKR13mK<#<uT7ob
z1avISZvwutzvN?%zBe5H5$Ljvqub>n8r?@@jM2ULAsAi%6@(^#bq+Q-`ye&QHyelt
zu|XZ(pl-0iC)}W?+2Czz@bg*KVBcBY;7M)}Z8o@v8oaL?Yz{WKgB$FOrkh1>A>9Ab
zxX%W0uV&mAqK$`lqy}?zgZaS*4Y@(F+2G_dY;dz~a7(bk_sgh3rrDsH8uZW&dIcN2
z%ndFw8$3!4oVr1iV1v83!Ou}fgM4aGa|Y46?ZHbSxj_~;c+G6kQ&vi}k931igAEe7
zL8;jwni{;I8@w27u>S#SaGlv;=L6W_ZrxyUu)$m0psm^9pVZ(s-5@X6U@<p1=r9@-
zQiH2>gMPsVBe}u5W`q9Jpt){vvHsOM*z{s<y3lMILrssJRt-*`)(yn{)F9hz@a6s3
z;0xVgSFpj`+~5+k!L!uh72RNMu)#gt;E-iBxRV-qb%UkB1~+np_sj+^YLKrR6wog~
zOunB26PBt5`dd@)ezkd7Af(TwHvS@Ri|);JemN7sPex69faRYiso=*9k^#QS(78<u
z#CJa%AF|G};P1tc?4syDAs#75QfHqE1Wa1qZ$sN0?reGcXlJXNr?Zb@eHPdMk*n*m
z@j`Blj`8c35Yi_>B&=V__3LsY+!wh5^M`!n_8!afo~7erFg1by+X6cCsB*QOFuvNA
zSQxysYdxM3<Gqq|@hWlfQ(t_hwYq|fvtrrZuM^1<369uCqAW_*;9Y6DR_jy<aAcCm
z?!?U%UHuk7>`<YmYk2VNIvoQT*0B|KE}Z-v5@&yJO_l5fj6gag8chd9N#qtx85X=N
zO)qGj%K%7O!lX1)`6OPSPo%gv6i%9O)m6i1On_7nnw(7yh@1o_C!2e!)ghv22~(87
z6lDWNcvJW?qF}9}$Z%-Zxe0)xlT1-lm3$;=zD_>UMUsQVHla(<feg>bisRjjs^Zb_
z%5b};sr>50h6|`gp173mz`N4)MAoSVfQ$n6!qo?*kIz#bgNKPz^QLf)jG%8G9fPi8
z8~a>Hz<NlG@Keteuw!mK_lz5Q#*N3kM8YyflHo+GlLO!_Bur8hMN%C*Nky{@!$=y*
zBw0+7i^pry0itR*Q)Mw#E==Kv$F)R-rF>-#S706J4^+9?SGKXf|7xx}SR7wGdGZ+S
zsBAk`U)8gZnVX$kQ}vjge$W`RY<hK}BBjJ|<5dy*nCpf~Nl+e$`{t+)no(SsKV9|`
zbP#4p2(GX(^{9*JEM;zT26xeVs}0t#SDv?)#R24AxKY$g{=zy7fOn<ovuniLL$C)s
zt=`D=9C1#I-L>3f9dRyjN#ds8kUx2R_Qa`@xS-qWk9CPGx+a3|o^ku;C3w8&#PI9j
zjN0wp4OyV3DtX%NQ+H0C5>IBg2_7k7^2()r$qOHiRF~nY2Ss<pK749~70g%z*Pnq$
z8Wxr#p7`kU9u!m$x04kpPfh5GRJ@<Cica*jyF(S<^;1PBWEO>oIH(_n-v#}E0Xy&V
zc^}N%#6Ft)lYH*H7lCvSp}4%zm=r0odOP-%=VAn10m$s&{p@^;?!{cPlzfrB`aYaJ
z_l?&|g2#J2&~&>#a%4|sk9QT8oo^8bOUQE>_=E8*B`wD)8s$u&lShb&LYHQBt_ZFg
zu{vA|4<~ghOiPaWG&*LKgD*Rr-&kqsS2)HyYb%coa4r~RWmOMCGukHb(icOXPs6^T
z@7o~xqRsAwn*o&N9iD&+9FFh@qVr|ZfDw-x5NNz-R`Ayxl-yb_z^W5Ja{)F2@f8<f
zuM*q202``!hYPU3i+^zeK0o50T!43r<tylrn1;<bpz9x}R`#7MC})E`J3}7{my=md
z;i8Kpo`-%FZ$&;2O^j1()2wZKzEjdm&vzb~9H+KHv-XPf9jbPYQ+v5t+v9vkt-a27
z+Sxl!eJ#WKEYivBHF4^5Z`QiccV0Uz;*seHuC?cvxS21fap|4-pOvj~hNkcrq5$rK
zD0IFRU;5WMkGE6uf*#IGU{YJ-oijfi?;N*%yz`q61DlUH-~G^2o-C(e)2!j;eZO(O
z)ga#E-CO!sVD3(kT(`<!&a!^648gw?Uq|;(p|=XYjG}UC62?p2`ll@KCw*m$`fwua
zYmw!fg~{GiJYK)JTB^cX<+Bnf6^IhmC~~k?to2d;T($jOh?M5`^-YF2#-mbB073WN
zN5T`06knIMs5%idojbAuTl=1)JMA!DST5gbG08@cYz|b)9;wVKZx91nfT2fZ%a|DC
zYVHny+W?+4)x0_(^wOIrLN2|z4}^-jGa;*?tcAfS!K-#2ft}ws4#sD4a-qr*x&_Xx
zRgcy*4a*N&TjUDK4{DrO@A;eaYUrKg#dKZ`JF<^bnTH%!XWo~_zEQleA)FPBEmwWs
zn)h-bm!{K#-ip5S&8MC?pWNk>zp`jT9fk?@1;%mXgzAkG=v|ypD4p;GvrQ<coKJsb
zc|U{sMB><uB#uzn^<Uy3=$7Th36!VRm{3VzzZ>KIznxHr#B*(<(VJ<~!!)6i%n5ZZ
zWCE1aVz8V~Rblg~PQ>X{2a`%ehroQQgIopY)03}+&8H_r=93R%qdOJJkz5FwaZAt-
zVg*hnxO7v_sKRg$2%JsL|DXFm%=l09>FB+fX?8{IdG3irk=fPC@^`bHA?xbbZPhv}
z%@wvYWS!dP`N${E7e_u?ek5{r(_;}2=kGff@r1vgEo~0YAlJo~|BvH1oS(dm2X?<Z
z%mcgM9C(<wmSBI{V222{oM5MHu;T<PAy~XE1yD>B!bTJ9A{)#}Fc-nv+F&gSmQ1jY
zHduRt#S^Tj4VFr<123H?9g&3XAlOhFY%syr5$r}AYy`np5G>aQ8%?me1e;`oO(0k<
z!DiZE(+QSIu!T0*Jc6YVY^e>lgkTK__LvR!Fu@MLh_GjEu&1L!4`bgxPU&vZ%3Ul4
zV*m5U!%js_oDqQY&oG?NFiGwaCFhGPK(_Y&;D0L&bECqPa=(aXwD6a%G10!CMre<P
zp*?M)y~$|aFtl<L?S4ip2}4_8qD^45JHpVWnrJRY8x@9@YocAuXv4zLt~b&CoJwf@
z!q5hoXdg3Lr!cf0CfX`SYa51knTa-!(He%KH8s(0VzfZm5oEN9)|Jr?g`xd<%s`80
zw10=8O+2dS66%USOd-q>M=|Tl8xH@=AhqGIf6*_<gW!)w)uqaR8cjCU;-=(NjDI^}
zb=%`#sDG8|UrY6`2l#37t6X<B+9Ky^SZRb`iz58GC-{tQCHRaY4Vx9=*If~Q@mndO
z$$}Cx(zfvQN4A_E%=44wo5vX<x-6vJAE=t;`3%);q|Z>zhWHHC>?)t3nsxRWs#%iH
zP|Ys#8LC+wpP`!lbsrT_lm31dFiHac-uozLORA`vMR}zg>Jz$kv-F7_9@4Fvm5yQ+
zD&Lq!>7iN1vEAZX#z9-jER|qs>MY|lFK?F0wsi9><6Lj(EaO<N-z=4fsmCnixbN~=
zDk)RzS;oPibCxoF$Ien2d`{1#Y)ruV@ZS6J1kbtn3CqH}+#&IQ$obvYWiSDDc_Cl+
znc`ZwfvZaQ-FvdSCc&(EawfegsitF17ZdPM7-}J-rik$~A-Oise(L<OQ^1g2D|~fG
z(fB1R{Qgz4(c%58z7C%91qm2L9nFbt&WZljJcH2o^BW|#IUwK?wdH(^(Nc12K5t?h
zlw0wZ#F2;KCJ@RRjfrh6=)MC*DIw>b&{q{p&IDw?6-sz<t!gxU@vm?_;C?Z5KFx8Q
zuLlc3+U*e}@|3tEm2=xfpit$u3DWiML7<CULv9<S>qJo!-_HkU0f|TtT)21w=y{jv
z;X5QZ&V#Hh(JE7ov+M^l=KTM-bdS1N`O*FtZ&~|ayhVz|Fi}iDTJMjbE2b`ixeyIj
zx)PsjE?(9b4XPs_kGm&TW&p5YP`6*RC?k1R`JhCoO291MkUvPu<Rxxjfr~AxV9l!|
z?inv<_6ABmJ5`%jr{sHj3+LiC=&f6c&xs%E%WNNy7t)X^lJb3U-rwpn^r|3hX>4vi
zx-yFrh|C2IX&vF0FDLJd{!Mzw0k5Gu86hYJGi73?EDu}|iaMKz6gQWd<plznsa(jX
z4v=$&uDSx7Pc>xClK+6(1iYJ#uawIXljfvb!@a*{mG|ugXt_A)$|ongK&iVr<`V5C
zfz)Dtm)}Lzo^t`VibIFRiW~FO<(FWad;N9LXV>OU$?^_L98fhVDL<?CznzO6F?hL0
zB4)CXM5IY(Bn{IAU2zE7fQb5x^yU=RmAj*;D<SDKbS2z@NNG7@`@eCm6-*^F7fe0t
z2w!$3-j#SXp$DekA>$5rVJaVadFb3LmDE|f6C8rtsGQ5{EqI?>oB<8Ej1kku1*ZiX
zwIK!C)N%PG?%undi+e@Wycp{9q$Rkooapj6j=47<jGlNF_9YBJWJ?p?4xNEPd)T3e
zL~Lz$O7~HQ>BWI^yx*>z($iAP4+z7G6IYa`2X9UCQg-z!%7vsJPFL3`&Ap0pnDg~C
zuOQl7uu#)&MxOH6$_^e&T>nI8*ftO~%lq%)-lOjFHqXx(Pw}a;wy3Lm5?U(R80YC-
z>s<Uku<oPmi6jXm&!${a+fB49qsaP9*_=)Q1wehE=@w=HO{^=-CQYMoGsCe!0+u<L
zfKn4}6cbRO33#rA2*@$fes&N6*+BwQH38X*fE2UI#||VQNfVHy2uLu|jz$pyXpuz%
zE@J|etryWAX9D(GngH1Gi2$e!m_a<)<Zg#y0mho84#U8SHIH&limrKvYf^R1OAf=f
ziZ$yTG!^(B;5%p0hYc3FShdhF;~@64+&*5{tZ|@xk>Tk*F1f(D__b4kfPc|n5sd<$
zNZ0_j`DaxRLL-9Q9xk=~`yyW*^9E(BUH2q82ix@ff02H_f?#jjV6PEuF2UB@VCx8$
zOR#rru(t`8NwD{Au#E&uA=qXc>^*`tAlOzLtdd}dpFmi(4Yq|~y9oA?4OT_4^#uFW
z2K$g;D+#v42K$6yr3CxZ2K$^~;|TV(4YreDZi0PlgMCG?P6Yej2HQ=r1cLo&gY9vI
z>i5xS0+>PXiCnl7J1pC43kJ^taJ`60aREFUz`eu3w=lS0Zp56sUIw=X@Z2!)Qw$D_
zk>F)v;AITn3*bdz;6)7H4B(kz;F%157Qhq3z!Mp~2*9Jmz@r&F4#3xifhRF|5P)wB
z1K-Br%K<zh44id}z;OWXdn(MuoWbHY34S^Z-0(DkKLoJFE;o~#k;~0E`PYA+Me6U(
zTzOqHeGL)%T~0d{74+3?@`2oOyg!PK{V=blu0OSz>YokPW8?1J80GN%d_tNRM8f*v
zT%S+%{%g^)y@j%JuAK;MQ%y}nuFesUPfRzr#apJQS=|nL__h8u$kP^8?sm|>jB4bs
zd(^L*V)`?V{tRQ1@Din=bJ?pF^})G84M(KTrF_CoO!WE_gPDB;1xgD%RzO-HeJeo)
z`-Net;@bkHo_1Y*E}(bxopVSVP7>=2R9@156|g%fe2#jb<kY_C52`Oa4D|=CUIto6
z*&NU(Pmn(-I{02+$zGpO7*t99ey|T&3U0jU6xsX3?(-es{bYdmn=J2fDe!xIUERJ1
zNDa6b^`_pNiyLM6ZcHk@3pAU%<d6<>oN@ae#S@o~+ufT*RHkFEyU(NW?R*cWr*n{S
zFRDraTRzGjkRNnCabALA)OVudJJ1_Og51wyRL33e%_n2r8<Ya+cD}kDJ5$bY(9)Xk
z1uYG(N0NFDw2)G5QA_a8!u(2ifqu5FP*#F|HW`i@4uW!4E7}y&Hx)<`mA3;O;5AXl
zqWpKakVA=7E?VaoRl5?WjUOL$-*^n=UyppLdHw8YxQBRha!w}XBRwQO`L(;s6Xyo$
zI$K}**?{xJohnWb%7vv?(1AfE)~KRzVv8jZoL3~YfMWwYoD_{xzAtba57NmgukwSp
zy_|87AdRizlrq!1ABgPmABnutB=Rs3li*+?joXs6ybeT?Xa~vcI7!0iIf_W6Fu#a%
zjLaySK5^=VG1F}62gW;sQa_%6fz9ENnDfhjqV>fhgVtQ4tyIx!T!o~iaw%b7-iA^V
zmyi&iP2!*U;eHC{$H@L}CG4UP3n;mS=d5U1LXw#MID3<Y7euC7MK{5H_Zb&@-@WU<
z(7HpeJsj{ZtS|rkGp4{+2L-mamjC**5e2`4XCsCsE;@(e-B%C7Dc<?c&YTal3{bR(
zTa3$rH1q-b$izA6dlG1LN~MIy9;}^d^x)4kRS)i#zus`v%mj<<V#}~+zB(4}_zTvg
zit=~Ppc8jmdVf_}BDNoi3NGT)w-Lrg3WMu^;ri3P`jgQ$AhO3QTV#^Rl)q~lG9X<8
zQpA;G)t-K-{8hH6INe=7I=Litzim1b{O^A(uB~aI={kJ7YWmylYV-eOBau<mD}w*%
zZZu0D2j@|hUpgQ2OaC^C@=FhF4n7F~z|}=|xB!6PeuJYzaFYK3R<3bhksS`Jd`rpH
zMpiEOdiyr|E?#%UJLxCi!A`o4+fgo@tlmEu_O25mr5N_pszQu6P{_j<ABQdVg!t$V
z!~QnqAMm)o$yvT)OHl|3ruVfbBisd%mx1J+!~ECZkvYyz-jBij*Dw}KipU;^<Dsy%
zJ?;ugA6mqHL)akq8R~|V9ywcO*=jdZXWF^t;$W67BW0L_b5<fP_D=xcKj$n>!=VBy
zhkFlryeU~=B`pkQ-o<4e8&{VTS5a|AEGMqwJ<3vvt9TFFZkgU~X;1tzG?=WU(`ZUu
zrS{->-h)%rH*MGr!Ef65+47q<Gk^NTpigU4n1Kf|XO)BA1`evkj%xwj3YKIt!1v~T
z9Uo=-x~=A-aa|r}c+TKQW>CG$K@5ER^Uz?1=SjCxqAJBeiT;T2m+rpn)kg$<PsfbY
zmrohF5Fh5`jwSrY6wSn(`C&}(ZF!rSYP$S5b~+c0OY)G33Vvh-)vskHnwm_!a7(&&
z#E@T?^cIvd24)I<U^++9aLrpn9~eBn+HogGdO=~!oxwFN-nx^%G4_jkwl#s>fKD#l
zzMjcq!QIi8|Axl0LHncNJ2g2u0Sx|SmEcAN%a^@Qa6WKuygnoJJbyn?=f=Yv#yYX&
zMdz95E76;o`nBD>;9O^eUVLbtX`0?0<88BjV_c-!zUq9lea&7y+xLsBN13xdwn?JV
z&rrAF3J3LbvwJ)1{YMlO!X~2DJ3D*#$kxu@aG9Z87$8XLJ}7Q%_5t0VS^f`P?0h@p
zWpgjI15U=-I>7t49e_^JVZHFek47(K<eYEK#}aQhU#FrET7#267)Ui^Z*Uq%XasIJ
zE_CnL!|IvC*R?s$%N6edKgZejfJJeU_5fP@@QRQ<;Hw|>^7&CrxcPj00LKd4bFJC~
zrsv;TJaIbSpBWS#k2`~_U-Oipc`CV!FKjzMPrM}@O0aDS)8Zm+3A7c!D?+vehso2!
zH`%s?Cz^+D2}^hfzoRU;CAhsHJ*=M++!vsxM7%J?*c=|8LYsq`1_@-&1n1%y=m>BC
zldEq32n!AQ-HvzLDPrLza5O^++<mSXv`WK=5Kd`2%Zbx%4_pS4?J4i<`p0;5nr>Lr
zav6Md(U2e5;_gF9;GJdXV#wl(mqPkn8SY6RV=M^W0=bk<2+DiLdwj{sK{-W=jUWQR
zz9a_qi6sv<e8L6E1?YnL8wdr7JL&AuE);z4EbHJ1(~k#88N0wLYB!)tc9`5fl`m`W
z+TuA`L8C(K?P&;1RluHEvIFAL=Tg2lFd#5;n+4BE321jSiPa8{CFQG&SNNZ^(D?T7
zJs?4+1tsX7vT{CF_77HGEh{Ht<)C0?W=JSLoSb>jiBlda6i*G<tvw6w0nm>CnjHu=
z1SNCJN&vTz1@k<W`%NF8*3X0MIE-=fnd9_S`UT2uB$>kK+_mF8qjRwwon;p|9>uwT
zJ02%4cs!yPM;MPoWf8{X+p-H8kK^KwVdoi-<Kntue={D(Me4A>9S`U%SV1%{GsdK0
zkK<bM&8?qADz0xWjElSX3Fl%+|9L#Kz9YW4o_kSsMolv47l4`qeOO1<<<=xXIYIs`
zVR@dM$ghlZZx+!LE1&aq+2~&3DNioV+Wcz_zQGgy3?7I3S|<ku_}{=xv+z)q9Fx9M
zPl=OCM<Cm!ccc!rQD~uai#El9Kv`u`Gq<lnGSnpCbdnp;@|ywyIrQ1AALm@Cew=&3
zXWw#vkXw@n?4CY|6}i9{WXMJ>u+e#5;w(FP3e;TH#_xwBTwvn^c?<FpH=%LFk)hr9
z<)6&m_ul!PE%16?R5I6^-yYjSJZW={KG%kxGrzN?kUW=z%=exa`IeSM<D-IUB(LfZ
z_moGGpMh$&ufKkFlI_`N<^`X9c)UhBz1Kwg#z1N{MI(J}Lwemn8b3!Py=FryH;{gM
zMI$Y>Ar%-%Yu0L{2{xpG^E#s%2l{W^@2yci{t&<SJ^7v+&Utyu;B@pTcCqDYT>kjH
z;>mP3I%l997n0pJo(y|Qq_yIQ=4Uzt|8yH2g5wcCtp#ut@Zl~rmtp{(3CeL8(O`;h
zN=zf$9gCjp2Z1z`1EMETCM7hWF&HMsNu$AzttiTt6m|PhTn*%KXdk?48L#MUASPQ0
zXDogphADOhMXcCo8yVsVh%6ia<sfB$&z#OdU#TwnhTL&!KFJ;S*pclV3=)=QaXW{7
z*so0ejBAr@wY%biQ}@0%^$f`W!JGjDBxP!}vp2P-zMPz?)ful7)tO}ZbGp-Zbq09;
zyPS)o>KHP;ca4!^^rpg~EHAb8$YT6I>)FKk?td%BuL+glfBn*s;AeW$ZBrvf<w|{O
z;Du!V&yEes@OT5d7In*~5hDqXNQ|)LUQy2`x%aLYF1Z6E8T|AR$-R}y$ScEwk~>N4
zoVa+`HF{jS92yp$xOkPiTbW;CX%;@3N-UH{WPt_sef4dE`rvxuf;zBJ!A}nn)N^(k
zEc`w+D5&EN%dC7j)h#l0gRG=CR2P7ZpEz}5(Zp#}ZMVq$7EMeEel2)S0xRH~0h!D3
ziYuVEP6JLMje>IQH_VN3lf6TSZ+porrHXIClH@=Bg+cz6M1FP@lb;i%b{n2jLkFlS
zRWv<s?4<nZW7L$&9~(@)d<~PH!>@!WX&R5KrqFogMnxJAzS;gO=Ae*@H*wLp(B7eg
zz+vT4{W4}~`woMlTe8x1xVGE_M15nY0{wQw(-!Si-Da_|9!}HBa@o`j+tw^Dpq1s0
zT*J!pk6dFz%g#MdqFE0)xquy#ed*AB>;ir1+}P}bJ@&GLZ^`*D-je%Yyd{FiUU{>Z
zZuVH>?DQ^jPnDk;w~*to>1L0%nt++c67Nhp8SJmrvMxsIOPzC3{2uWD;`zwAB5yi?
zCk>Nkqm#lp%XCsWWtq7(b#zRTEi+^+R=2VIy=o(d*c_?F7u2H{d}VvV7q%C)#wI;2
z|Ng%sCS`p5RK$djgKQo$I`3xmnTQWrO^!2jN|2m5he=MfBP;{n0hLZGx<6#VvnAHl
z$uGwou&WrP{XY<OST(M?I-NQqLUz0+CnAO*-A5THznn!`5zTI^SpfGx6QJDIpI!@<
ztfvX~m<{$Y!R{v5KW(t5tWd_w&nVjK0qyfcd?QfSc0Ta%3Bqb9e(eVt@J>X;x`(l{
z#ruFYD>BwhjkN->CPc;>e?rkU9k6abp)Wng{iNY&V?VJ*(+O9$_{|OJcOaEk6`U(^
zUaTE%O1V{~&YCv4*|%G~>4vi==i+K~cjxD=z4c7M|7NT{4oedEOEmv;RO5eAK^T3Z
zM2CDU7+^5YO;@18`IEkU7SV>fIeQhH*Ytx2Ue6C4ieg2z$T;#B9_OXv-_gm5;7O`B
z+E%w38*QUojg8iEtFh4@y~XI5{kPzOUpMtIAaKhNBJfHeFh1-xtA@~#+`ITC5|7AY
zO(%r~sb%mX^Z6maZ8$@eg5_<ZZi-P0w?I?<YUm(rI*^;byn#Aso93gVZVy6<XgMUE
zz5Bqg85xA?=podN=xcF&F!^nuWZ6feaTvh!7KH&k#UE#ib}ULR86TR@YwIY^=T%cA
zY3a77W+~J8<Y1yR+N2Y^c;R4-A-N*}Q&KkZPoZDXDxX_@y54AoV=-*7LHE^zDNbP9
zaPJ}iuxLG>uphdOGR8A`lrf$yM&Wo~#+M+U97O5na`|O=ruxeu)r(+=6}twR_hv(@
z54hD8W~*0pD=<lmrw7pjDG<vC!2&62;(tC$uZIFLAK}!m<I$f*ozE8K@cFF2C`w1&
zTsMe%<?Xja7e$(W(UtO--$iZw85}Qk`C(cSZRKCHiyGw^UF66yy6EW5*hL+X*;?^c
zCiOaquOj1ZgX4EH6~}lZ`kG9b=+IB?x#<&`MqtX>w~VHxx+$F5i90iihe9zSlRFED
z<jyJ-BQkBBWk1i(yjk^Eri1&dR$P)v{dMnKq5T!B-*sAQEdB&)<BxaPx1_ea=%gNG
z9I^RHItriILZ8%Q{fk^bB3O@&fBMpJC~MlEkU9mCu>Q=|RNu4(IX2BbL?czie<$<b
zaffi^Y9^X*nD%{?RWlH(-DY)xd~r=LsP1D{kAUiqH3{&zX8hQOhj>E3uD|yQ+W%9;
z*H3T~NFeb;E+Dh-K0)-3YaYQLAQ8Logxh->tmTPx5iB2rE=p5kd@#dIc4&r~57<R1
z#qI0iDW8#mzA_%~pW?=i%9$TL-PL{I<&$AogUgD29D;$K@UAL|JAh(={8boqP%^I*
zKGIVk%N9+WKIZmm<2d=wY)#EDJ`TV@6o@q7`_FRIWHAw3coJ<ld5~^&pSsC|il^00
z9+p<8=_U`0REgbI&{Il^u=BPWhvUwE>DqA#&S095(@zFjJf=CweZYSQ-{1kn^&LrL
zm?654By&fCO*OdR5y`4ij<wNblshi=HvspIqKm)+nkZlV;6)y5!&dqDnk3lyQcjSW
zJyGJcl;G(K?Dn2OOUKQUq8hv```}qdg+lf>@b&1E<y!!6k$C;D1k+!1Q36+qr{nO&
zC0Tsadxpom&s{!Gczne{Vvkwqy;0m!k@q&df2GA{mhUD2Z9tO0b`HMs(;qB6%}V>t
zvKCj)Z>RxB_gfGj4>Q(uNm{gt!kpq@yfbPRmCkX=H^PT$z@h~)kQN+0h|(@;PM2qA
zU=}5D&#mVIV5G_LUmJ+1HFP)|G35Q}vnaH-of5&wUl%I}1S?&#^5|r!9PS%*vfLf;
z4nJArv5TRXo+EM3DHipR`&yH8p|<?yjF2F12ZT6TT+axDPA;x=KJctY7yt+lp9?4#
zTby6tk5Kb#=LqsH?Sz-s*NWG#rhOjMp*DN%jJmm=8$Nus@;glx_g)QxB>J-A3Kui4
zR*`>`ug1vA;(GLwDI>`5^H}5l%Fi}MxB**M?v<6c{Rf=3sxy;EV>f#_cmk~bl<Ngz
zx|9_O?Bb0Z!FF{_euC^*xT9H$&dfdK#fgx|sSq}_lA6BDC<emkNp^=MTv#+X4Mn3u
zP=wJkMJJB%HfPxj4av$#`R80N*rswlv~}?d>5?S*KTL<@ig#DLV7sx5xTqGQU#gB6
zGV`iI7}@)9Efj>2P5Lqe2+VbRM?!jtqQ>#cQ`5|EmMAt4(t;t`5UMB#6QZr9GUj5c
zqM#EpWx{~E927!SPN!^eYL@xtnLsId%28Mg{<7Wf0wEsn0+Bw-j7ukF!v;}U%UTny
zZhZ=Cq5En$9*fKz4R7y1-U>9`%)|z?&#h|fuSf6IIf$V0Fkh9110%PMlmY9<@rD8W
zc&ewo;g@n35ySm-5+sLZNRHbvq+r1MRv~zQCP=*Y3U9#rwjuDt@SIqLQ}CI5j=O-;
z3c(duzRdU-6)lF-uwy)J$pm&gw#!jWRR+yL-F~fUXS+XTtEbN@YD`nqStg9zWIVo%
z;s1xXH-T@eS{}!5(iX~k1F{q;G+==u1zISjWo@yAn>NKNs1;FA77MZzNTeV_u?-Sq
zl;=Z5MFm&f5PirdLd#ZgMV?PtMCt<E7?vtqq0s!!%$&O=0r7p`|L^A`%{}X!ZD!7#
zSspr3kn73nske!Xq33{8&&A><O&~nzxl;y)3a8I~1P0JrZkyAWbWt)lU;rr~=RYZ9
z>kVV;Dw~CnS^u5KHi}VG&ebD_T_AqF)tl1OFde``H2VQwK^y~fJ@a~6Rqs=}2f|Xe
zXt$it>S>C07QhRkq#ES<`oKFr@XLU8S*tIvz?;j<uq7OJJVuf`f{|bQ??8TUVPHl5
zOg}ABsS8S5eTfV*=p5b~wYJ4Fu%3a}M>2BpxPW`Ifr)5Ve7>z~rL>_cfd4J9rB{k&
ztr~)|+!b5Jl_*>36_ed9OQm~-;og)4X(N>jMA*{5wu{65u$yGNIOGpo#jz-ufE5LO
zSi3tA+FW<!09(b;C<f;XZ13c{vl0R3?!V*j0hT;Q2tDvdl77T-8+^EHaQvc05WCV^
zWQvw-L2M?73Cee~Y{BNqixDju7D=H#3}rxu#a6o0$~Kx+O5g9?L`ShavkzERTJ7#P
z>8a=gn5R6`S(c#iKvu?4#h4_(3nr6EFu^`uD9~wz1G*Rtx>Rez$oMTS@W*M%+cL75
zT}a*o$fC<QAknxAB>4Lbe})nKg|4nx)*cVGy26uXb%g_R&<bDXE6iVz*?if%^|e);
zipZR_i{6gmiJJD^3#icIO(|i^6Pe=~**iMNWAANIv<0}SHI55zz%Y(m*IW)jNh_30
zP>ixS>&(W#RNtUIXfJ?Dp)tH#8dS^BY`MQw$R{sX{UPJEO=l!ee@4VuS|DFiK#(1K
z&EfXG==uc+w#Uo&tgY)eLEH7g`ov=A=eaN2DlW4<dztOoD!yl}VfJj5e$Sq`qYoP9
z(w@y4DA+1~gH8L}G2Ez~U>S;!<L`lN)1FW_?Qr;Do7S*jBjb(xH8S4DaA3F%%lKHv
z6skLR1MS$RgJH++U_15$+Ocoajy=Z`{_7oEU){0aCJ*O3);adNcP#o39@9N6W=huW
z+mDZ``*zr|pncoIq{suVwUo=F{!dHUVPyEFY;#mw$`6i)S;`T7DMRtk|8+eF4ZQYx
z5`*>MEUH;uRL9<1`J%44uRH2JkaEIR7FR5D*BI0%=GGw3KKXv&#FKOm!^Ed+S(d*i
z%gn>f6hme;WcD_4<Db_Mv)x+$t_x$fKdlLg>w<m%B!2?gtKmaq6uhyF^V}Yd_qHUU
z<#w-P-5tQoseJ1Yl7AfU)=MCBBjBIe_2sEXcJwW=dUqI7UZwCz^5D^=bw|wyu?jJA
zbtduQi&^tZ%Oml*Yh?Ur$$dZ;_k?NwWwrULd%7!36uEcSn5Zq4!v(qgh*=0QcD{r-
zPX5S*&g8E1kqJ$EuJ@721FEa8Lt<IKv*0e!!2n^vrP)d=Ex?6!0v;4`Z$jt3f{q^p
z=Z5z5U&XSjGl9S@B?CGO#Xbm#N&|KrhWJloLcGiE@_%Shz*^^jHOvLE+gaRfSMI|{
z2=L0HJwiMu-~+|al=rG3?<LCHNqKJ=@>WpZJCyg1A@5Df^HSbwL*BcTH-qy2Wyt$b
z2!0S5$OEgy$QR?;-t7?*d8I%tupbK8LJHW`0_&l`z>oqEuz(6Y2L+@n!3CaG3pk;`
zqL2bJ&L{;&LV*Y1bK#BxQ}A2kp#F^S{l}g9x5g3u>8%lV1idxhdMmv(;vU)YU=Nl(
z@Z|g)LH=Pu4GP;<93-LJGWORO$vW{j@Yna%vf_S$UzMS*uL=*D`Yjg@0Z%#ll%YL!
zeuC0_DwpT26=pn;m1Ytq_QVePt@$;c`7X=kmZg<)6Dr~FsBb-nVFmwW#b^{#b}hQB
z4Q(U)@aKY6X{G$t0UFXy_Sdi6&|~C!hgk~={+slzKGOqa^=gq)_>58qj;=1pEK&rJ
z=gJA#E2hCl|3ilRehohQpF#U0wus;#J|GD0opx{3^Nm!Q)DaX5ZNIC#aA7C-aVEEb
z>^I!ZUA4$fE=6DBifr%)t126uUNmP6x(g3-%>7(*k_`g8W~<zV;>glnC@V-H1s|^Z
z?SZy7jhZlXx^3Ddhva?2*PyOJ#`&ElNzDEhJJG9hP36sUr5w0B<8{1B(5~UTNQ@v*
zH(YBhUIkfas@P82bpOl=)9z<UhF<#cUdXreTJ)<<vdt!TQkF>I$}7P#PI6@tRWFT%
zn&h81YJFe&%pf%tNl{<P=k4cHdI48odErC7{zn4JI2UsnXDV0hf_Wt|=Ve+%*?cF7
zInh_&9fN5@qOeIC9O`pcEQ5vhZEuRL4sXbI!w<UM@W~zB1>b=%OaEj0zg+r{EmvLo
zB*W4#Y5#YY-fj6Wm%eNJzp?bUS&U0xtS)`?oa<Wpd-@obzHy(wwe+uipj-N+&W5Fb
zp+WG{uQb!r*B_}{`cVUQOP@C|oR93UFw((jdVy%V)k5=RYDYfhMN8Dwr$*@Y>qJ+3
zjMe~}<KWtefQ{-gWh9E_3P6i7&-<u_yS=@XyhnB{R}?F`ccEq6QPT?UsA)I*+mPBB
z)0iAJ?d6V|Eck4%>^#Z)Bo>yF_w-UlZ$bM?BGqR0%c4`+`-?5Y@Gf@-1uc^B&ixZG
zzR$1JO<}_U;ob@28wp|b9B<;OMmOG_8wom{-a2-?Cf?8v?>{l6H4*U00R%vFO;V!{
z@WVE}t*Y8Jr)a{MS(E059JVsGZ6&-s>o`!UoIjY7G`n{^2vd*A-@FC3)>SB|f#-t)
zBw)HZMosW-a^Jq>@<>^;>zPm3)K-&n^xDw?R^O<q);-e@RqHyjpK}}9jl1h422Swn
z&t0K<?p_4Jv6p+6a>sxX3tRKz;Bz;wx8dBK?G<|Nz}oLB=dSa+I%~fT9rfq#4X%X9
z@gO&S|E`U?G?VV1GHEVaEVY+5O`0_ZH3tnyrGG<0Doc3hW7WZZmQ90O#s{Yx*D{Vz
z__$Wl=LtS8?kakNGOlvobUCH(=HnXvj&5949dKMV%D4pXzzbGh2`q6rMqRNM4HRWa
zP*g3PJ|6I<7FJ?u0~(ZIrk)GbLCIM(sAzM@prT2CaAG=*B8KZna&pOI%|QG+98?l-
zI*HQLxH{pSRk}enqCpj!`Jjrpexy~=kGwfXS*eG6jhQ;@!7&c5A9?=+Q?zq*mWPQb
z;$5N%HTaV^lWHgYMOYu{N3c@7n<zW~<UwhcDWI?5?W~~mRUGs!Z|gwMw<75KxhCX8
zjdl1PH6h*H%NFv79fuQ=2MA?nU&2r@`EnuufbAvU!#|J~4DYK$WSM;lk)`=a3yE)N
zepDk`s|$a;o_bWjsTXuqyVci-J0O<~TJm#4$OI1^o4EaqK8BoAx?x6r+EaV)h56&3
zdo>h;&%ae+Pz{^E`ETi-e=Tu+!=N9&pZPgWZ1p$J>AZSI;twJf8ehvHMkEx9fBx0e
zfPb=j{w@6T)|<M0k=8yO{sFph0}bk~mg-vF6Q$Vrb}`ua9*HudoE7R&ax(u4<?K%}
zpd4GzzlCxRy`dY*)OO)e4xCPoZ=P(S4&{x=YvP;!QAT{TOdU~i#$Vx^^C<>=^I*!~
z!Z!`{BYG(|JiZYXe6#6>>%liKMH=zV65%TN=8F^qzFD5~xA4vI*Y)_ntsdXJ!Ob{<
z18hy82b!yk(Jw+-3@}na>jZax7Zv<7T%Ej%cdMCN_y^Hq$f1iN(-7X_L!kIvQ8)5W
z9#0FD?{Gwx2x{6w>7XwLBbxV`ZbVIKM5vL?FzCx>9R>wO<&6s?br`ftA`A*Z%e{LM
zYD9F}xt9)|w&|rqr;U5*&}kr9hfe=YzKV9ah*&#}#Y}Uau`D>FCC^w9oDst_Rt0CY
zjUYxd!;pGFK)v=7P2+s=-_ST;^7k~(Ya*@^IsyLf%197=Uz|bV+}K<Y?iFi_8nanq
zZthj|kb6;vN1x$)TtLxUE6M|H9G#9bzD5qbltbar&4zI3=3ud#bXHLSd8`?DwhIxO
zkz8&qT{-T9GTlPT^gOGm77v61*6{HfCK!_2VR9eAx1}a*^5wH(9rsMV7&dveA?U*m
znA}b9HM|ry7Q`Lr!zQo36jr1C-1)G{!wqWjtueW0IM0G}uPCz<XJNDR5b5xYvQZ=l
z!`gMCwHrivJq&p_Q(i~P>ut#ENqO}sFU^pbLV3SSm^aXn2SHuJtkj5;VHdD(cmsra
zC&MO>4X=*B_GH-PWv4@23sx)BCN~Awgw??XR@Ev6Dxts&ArrqsE$|i;_(w>AWoiKz
z6mW+WSfUmf4+R#66j-blxCIK#;a&)j?NIe*5mA1hs6&){5>Zw5UVVX2^aWN?fd{x2
zue%Ms%KYKE9Pr2RL<dj&5fZ!Vn;O+d(UQgR+PQ7GYbJlZzEp}@3WRxbr#6aAxNRHM
zrA_g5iPZU}ifW@%){0Ifoz5jE1}P;H<X>ZSC60BY64R6tJbg=y;wNft47u{R2bEYJ
zqX6;@FL5&~0dv}s|Gkm_eQdir$4J0tcGD5C3EgxAte~5YfaP}65wJnsbkm;PjTF>6
zaz*532*7E1&J(H*@^SfcYf?+&3gsu+r~e^PogL3%!S0XUtn2>3&ARTtyjj=%)|++R
ze|$4_Z{yuR)0(=!<c7ICE<dLBjK&qSpy#Q)>_lGnYhLzFwJa*(4ui6=-~9dHpWAq?
zBwlNon{O;gY|9f%Au*1Rx}Mq|iuW(DON4(M&-=ZVk_R_l`4Ic`Z4_|t_y>ZL^t<!{
zjc;j1jd#}f_zq8O28qSI)un2yK%iw;tG=4fYH=$y{y{6UL%`ctdKLMP6kTIXWQK4T
zGVIGSoBIP$;t^zZ1^w?Iou_@hOsc+ooZ2Z!BxDN=vjFT@PWl$0t-&t;Fb?$DmIU<Z
z#k!Fk;fcc_u_bTx^On%4ZxA&ADH~cU-JnYMJ1uEAY4WQr!wv`58-_!il`<S-d<91W
zACG?m0elE!kh5R@*SU6kW=k?ac;|7Qb~|ppE-jS_ZO4B3Z}PYI$LjOzs}Npk!2>NQ
z;zIe*6gujqvhg7Q+J)X`Eb<<$4%qZ;YN3RwSkr<|xFoB1M3P_PiM?ey=H1xetG(xJ
zz@<BDb2G*>&W>^F9^tCOEdsHiDhyZh0>{lfU7mIbRLGn+mVSzAyUu2rB?~eHXT#D*
zA_cK*VFy8tLyZ3QbsVUtKw~SPfpV@xqU$Fsu;k;xZPjRSld01R%>tX3)8!P3QXmoU
z5`q4+dz;LVbA`+e4+$vP#)oY80a>UZCBY&^nUED+iv?AkLRRWvIWNU>KgQhIy4=m>
z;IyKC=>{C&{Ps#o!3QN<=}JC>C0~UR=6TkmwnX|Fu&a*|%Z@QNi~$U4CGelWjcPw(
zqEt{MV8tD+Bu{@iW(F$e`Qi8Sf5r;_gRDVl*XDT~+J%Xj2onL$Dq$juc)J)0!Ir*D
zEPIM|sA;Pt?*TQHvC1OA#Xmba05hHBPcr(u!FL>+J2Ku@I;=X{R=O+N-XEmi;1WYD
zLlYlQJ?JOFp1v6Ya15|{hE>}=V{5<%YmDT10(g3gHYoLfqMUs=x~__L_O`KXt5muz
z&7WiJZ)~P}r|%Yc4TSg&_V@&G-3*g&9}akAe1hcK2i{1wjrBK&ZwvdW**}3qxmz!(
z;#9<>?@^;{+&)jrKT7KYj!xb?>$}d2w(l!0Mc83f45T7c#`#^*&N!Q=*or<+k~YBv
z8M7TfvuvFYl*a6nE3jn<_HOlU6>>!8q#Eii;2E&7G!SsK@ZMVA6%cLTR9uY6PCl9b
zxud0j7V<Xu<$RFi%Z#LImaxj|ypwHIP-H8R-+40@V&sz6D<mvq2^ncSoxRl}6W<Oh
za>v_PL@a|9FvL6Yp!<n{{A+?0BEqf^NFN1#rnrBS6It7fN%<9$SxQ6J)M9*6p!GyA
z{sKw5DD0@6p^-OY%z~Xe<j-=WJJqpyo(HS*`af7Bx^`Uw4>jDeqi4FD*YyNw$-+hx
z%Lc?jU%yHfwGmQjtx0n42MsB^Hzh{ZkP^9ulw{fu8dBgJa(0e)09YCb^2Hut@3B)c
zKRFD(Zss?Y(7h}8hWxgBO+a<fJ1?e>VDm;Mvb`Q{b5ECT?qStA-bidoGQnq!;(;<~
zbGvS0gYZvbghb!bg6I9O1ClSBs;+=sJT(^g=~(aGCbkHUWGFC>C6;c+!yF~PTu}<H
zXT+u3qCa;Zz{6LzS1cRDXoznY`^UZCx2cXCZsL@)D>z0vP#hGbZ-aGYh+|h92B-IN
zyd^8{3M$L<A6YK^DHZ`HSU}zi$d_vnvIW7VKQ1^P&Y$-FYq1xxtgsC%Z;sXG{$6tL
zC4IO4PhzH{zvTWJw8Pl3Xxgu-vkR-pehxSF8*XymD6YHREP01p``u}FeC3bP;}1sD
zqalW72_IJs9~W*ZcWgW=G_U2MGe&|V9}*&FyQ}P8au6k7_z!B3bq*`DxIYH)!qDiC
zP41=fph9fxKh)xQ(C+>tvt+(maNLV1I&*_n&{Ud=8OEOQYcAt2H<4a=k)jB_#>95=
z0ER;oIS$2yESMtz(K*`R#V~)BtTg|dh4ZNt>|L^%+F;AfF0a0_)`-t^o6V{O!$1su
zQ)@($L(OTdCDHZsjc~5UGxY7bFIqcF^DXxDTE|?5GP0A;gBDcVVE<%mO+-6t9bJK5
z{5TnDhn#tShe>q3+6GK@PTD=a^Te!EyrA<3RY>G1h{lb^2n%d6TmQ!aT|2w_jtX4A
z8@oLjrjS@xfh{yTpJ|GAGPHji;r1TE^yD@j0&m7Xjrd#Y)=;YOMNHa5=yXr%fW-mF
zWDUR!3j~kudO#|@*kI=ElBc+a5TIiPavt%peW+xn#ooV&;i6fLMyUtUJ0SwsDnr4I
zF>E@VZGE;#K0YOnC5vUfBOzGRIkD_}JSnHCE8ogkffmWxh7|HKd7qm6d>c@FoDx4k
zxri{t<o;b=xhNJHvqHuxvCn4~#VQ6WYq=f7ooE{%0S`*Y<A59sFPa_*T+VazA+;V$
zwRv7a9-#j#sLDDO^hS$GmG$^0Rh4z#r=-eiD_sPot-jGnAT;|0&wQ)RvmRNf^b0oC
z2b<_>$VQQQeyAy0bj5<?6cqkJ3D0*o7_)j7ks9n_r2V$8JN3G-j1EnQo#sAms|ZBd
zN&_alyN1+Y<J0tNuwODH|Fhjx!;t*XpzR8X^Tw`(-eEX7?yT;Dt>QSS!8T`uV&4N{
zRBzGm?iL#?3Q)oHBaTt<;jS_6H?9x60$C7CeXb5mpUvvqJhwtfd!sfiL@*!5Caf}8
zA3v!%Xv0=A^tc*Nqk9WdQ`1qFuu9oaI^UG!v(lgwyHd~$X%wAUTI$I7EwBig8|by^
zg5+(v_ed_Mwu^d$v#LcL_f^@b=denXia#apXEptZozrj8b<rZ|v<1?Sh_1^#rBF=?
zSO`ti+ZH93bt4g1{Ztfj{bA9IxK3Jd6QRupY!62-WRm(y9$U1OULlsXZVfFqJ3j<=
z(l@9HGLy~ht~8u3-+{(hpEFb;_5h57zNQ_3jr(|p5rQg(z2v$~05<UDO5&>hElaLp
z0<c$5O#n_V2sQ!8SMSg>R+woE=+P-*EMOqgw`Y0AgHz4N1a$45!BFO@i-7=Qd8ASD
zn56E65{zeCEUSaJZ|!{7U$36;<?Dma_wj~?^UVPo4cz|rXsQ2b#!Z*a2i|}Yhppog
zX&#k45jKj;VC(-hA@etIqvo5=Zv%ILo+4Z^e+Tx9t@L?7-@6$9%|6+}?JCyO`%0<X
zAgSVX#H0&^!q1lu_$c7Gi*eItsj_m(#Fqq5%KFk>7fS0)voj_4VLtw%w301P5`~xt
zR|^~4&>Q18&9-}^2DP>e@>4y#3qDUhoxM4*XT>@UCc1uUE(qr{Oy~k)Y_|KTGgd`i
z8hZ2hRs9zht6Nvg=A3?WiF5k8@flqmvWpmP&jD<E9*@lRj2sl5>#+~I+V=e5(aQlS
zWQ9W4-k#)jkQ9U-=GD@mTDa}W%MEAc@=SF$&mhIAVt%&!gt|k&dD#rcob3L2#jx*=
zcjx;q&x431um2XLDcx|-+1&NnM*HVlcAa$(gFTn<3I5dfTyv935$s@VPFG5)>voMO
zu<b9FrJ^I~!&1eSD5>-cLx?hQ{_zPRL_tE+ER`rk-K5$^FnF@s2@=_6UHKP)lGPo+
z`UgUo)y`sfpM*C!fWe*~aNGvpj4tTyBM>2K=2`gJ478f^!q5Y8K{ne3WS(VDuW^1#
z<e)=iMyObF9+3k^1aR(5NAvzS<Uk_?x4o*ENIc3`3em__sexG5^s>P|B2XI$uu}|7
z1t<qN8PAoEteLH{5=ex<Jxc(djDK_1jKPwRteMo!tl#ljo|J{z-f3~!uJhTV?NlaP
z%dB*8ZBuq1Yn^+HMo$B>^<1j3D<ihJG9zZvwDA)l0F7%6JP_)IKe{V{74MR#;S&0v
z1-;n**{|AVa;NXa9=U(w!SV{_E0(^Tq`AwKU?;nUpmue-9{A!5TsgV-9;)CQ<&w(~
z&F#&>p0pbV%fq5*K8wFpqezU977$$(Tw$gP5^+;BZb;^{d-cWknQ56x2W2zAMz7`1
ztWB(uiUlnc2<UG)Sp7pY%nO_2t&zIf-F7CGaD>ghgU#^N`)56bGyE1@|4NR<f$)x1
z`$PJ7m14dxsq<M`zBjg5)gReZA2|<FsF(-bK%Xz~$we(a42ZivGYL&cX~CZ46Kf|m
z$U^v47&8CvC$BN@{jtOm-K^i#jLrIoU9W4_^G(6C{#<mJS>GsJbJpKAUwhWkoI~M_
zFlB|H<DW3)U7n&|A0>$HnJr{|V#3ppM>U8*m5pIU-#37<J(=vX!6W8H#>3Kr1L9c0
zH;96#EK8*LaDpK|oPey@yu_<`BZK#E$~$bxJ3x6^ly}sS_cP@sP@dWFf(Z`Q!uU!{
zCog2@x?z<whUQLFa|bA|){u8W2!0?RRY&jNxY6$WGga_OAx;vU`ZE2X%(##;<Md@(
zL7Ce^%G{<e^XDI|%wU@8?f|QEwx${Iu(9G(S9BFOLdAI@wkvHf>&iR}Wg3J8WJ}eT
znE_?uL(05gt1FWSWnN?{e|h2hv(bNh;d-ZS_zTy{_q7XGpAW)ZxbD_2T>qckx5^{0
zec!^<^*<r7)z2#gHn#IMZdzj5z*7d=+5<j4Gl3<>^UnEV*3C@hi=}R@q>A4oChg;*
zXt?U5%+8bQY4MzQZk%hMXuHIgEP0<2AID?L1n$+@D$gTXZKV}y{zU!!vebk;*B(bb
zmNnMjjD511tI*^pdEHDPkIp7?oj0z0s3&q!wpU{Gx}4GL-I)~^8NL2SblIYTOjO0W
z_u0kwwn?QGa9eYhXmpd|xryR*5+_a+zo%C-_udLQMyjj;iKDnaGIJtVw1jlAQyoYV
z*GHNlbra6~E~U_B{M@E|Zb2OJxk(Z~+g4gV*j-WKGjD+%(e>-nn)sQWSkF=a_#uZ2
zG;uMwONy@5j2{!WL<=O5F2}S#>1}KJ^j-q@HxI%R1?6)o;<wR#g-~VrwJ6QdOR^jt
zH6aqa!+IKs>u$q)5KEsy_n@Ao^WrT5K;I~>E{kIQ_}<1EGj#VOR(S^P1NS$<w<1r<
z8hDjx<((e~uM%}^6Qr|7osE3}3byZP&u?E`loqcD&u%~tt)<dGS&wl^TCf1k6S>%1
z6vy_it-7>^ovMnuD1X!zdgZ{EHAU8R1gsh4*cW>#?j~-+<8hq3n*fpNlCN_GdDENb
z@XBLtKsOKD^bqz^j8s=B)E-0`x%E|l7S@msMnDI52X~-~GDKHfQ!v5xaE?Y1U^F#x
znQaD$@LU5=u=zn%m(qd5Isuj+sbTpMp#O!56STzfEU_IXKCC4=gW{G|lL!9Qeukc#
z1ZmE2c*UoeoT5^Tp;YOqtCX6@OFaOkreCd8AulxmO5Jk`$1^)VjGLkdFfmI@yanu^
zG4U=f@lNA-YB^oPb8_H!)`jo#RREb^r-W?#2+B<lA+ihVbZvQ|%v2(>yKlNyFgSYP
zc>2>TO7piv)%UMJbOXJ-(!EO+X(TBkcIVA>kBy5X1Lh)<qUojmO`o|{kOQxoLGsdB
z5X&Nu2hfqxiT2(3W68#5v`x9Z;q6Vg3v&B7FiSgz;5WD?_~O&W$My8z$AF*6Qm*<o
zYxBf;Zh@Hgj&%D&RcRnp_x2g{Wv&2<>_wV9+;dAtj%Q>-GzP>tFF*N&8GM4I<)xo+
z{)#qLrJp7em&~d;`mmuUd<jp{?F2=1;s8e%f5_(7)YorPxa?mF*v{G7-y6#qlO63@
zOP9ZZmRcw+u|_^ysXdOL!Q2#G?yE|!{A|1KYPo+dxmC~>1j^0Ea?5c};6bDiZ|Y|p
z-E8h7{#L>9NUeG47tkeHG_VDy<aaKo2>#=e>yQIon!U(Ap%IY7<S|rQrrf=Yl^6=_
z`eR}9tAt&u+*PvW5kWyr{x-(`0z2Whl$U<Wamy_w19}R@Cv^cq990atUv&>G*albE
z7mueZefU2DTvd!uT7cAz9;$w>O#zo@aP2Z!H}|Q|gIy3M?#UGt(alEij=X786VT3S
zUK8*qGNvWHjv>n@+vts;hu3LU$Ot;8d5speb?ePw1l{M)-8pJ0<yBW6(X`HR2hwX~
zlui2yk3c;uvh*DcH-vVuvBw2$<NjbUoi(#-Tv|OnOda!dF#Qv{TGy;5;Cm1V=el|E
z1H^UJtYS?i8_a@8eMO&LSMg&Q`lC>>hp}SjZdP%qq2d~S#iLL$3o4$gGgKS|6`L3;
z&em5v1{E7Y#m$J(TJE{bD#XU<EBtghc)kx>SOrfAQtW<Mha8HJGUU(}Q~E^Oaji!k
z)vdJ%t%1_9{3NtC5W64PD<g+>p9#x3urvI&(C-`JcO?C83cqVI*ajg-Mtt4hu1-~N
zz`ju+tkW`mIodbo_fx)sqni5u#enY^B>!Xrvv`)_TMD(lp;Dj%KnIU;K}VrnS2hd2
zx$tWo74bca>|~{!{1R)cTA+{km&i~(77`ybf+W|E(3JSNdfN{FAYK9!pA`&1%bi{^
z3*<EO)6=PfKN>Z5)ls~CI+X+){sF#LP`#OnM|$>;^WX0uqwm{eCcUacc?Ps}vp#Rk
zX_`j>!QT?VzxPE3{&qpvSASN<w^rcoBU8wm0Bk3Jxm6GhlLkz!@2n6yo8bN0cZg5d
zxfehgQyXuem(2p`8SVgWN)5nMkF(@{JO!}1ynLuGYBNMx_qX-8^0)9e_gnl;{f+$%
z{n7q<{z$*sPXMgt3JA*)DT4>$8^O0@rVccx4Q`ERDh9C|*#&>=koeJ72&nnFhOaN4
z2Yd}WXQ$7n=m+muk19vNGcsKLKF8HNEr6<#+puvo+8K@xPT#;^QjPuxB*51@V{8mJ
zr)8E5NJM;{t+0cRDgfT#=i_Vt#|E6e#sAv1kn{iq8K7ii4wMfHjt6G+e}J2=4xArY
z?4H4rcMN*cWK<z}pZv=Ys4?eA<VkYoT6}$pRh(Qpn`f5H&tNPDxwb6(5G|K=8XQ^R
z-ZDs64sN2TD>t31VtF#GCB^wjd@bk=bmcF(!bV2~_r_^&#W<Q<(3)l**<;sNJi^X6
zlFAK<#!q;_`QVsw(-n`f)5fcYIB3G`wlhdLHD!|z4uGPesmQG+YN|7DYF9=~vRZXC
zuX=TNu*<n@4qD>jMt}T?T7qz+&Ic<qVx}?R)F!RmEGWn$><<meI*^P8lkDWRwm8@`
z?B13J&#((y{w>e2<EH6M1J4~x)k0c(DWo-wqn;8%vBgiyjKn^O0eT*As-u{}{o2yK
zdrEu)jiMPJ1!)i@=?B0gt!(8G(*-E1sHJ8S$OEk40MJ8^oBk^Cwb=k(o2nZ?3Jst{
z8NgybfGA}EBMz$rfEbXICXUyP%PLJYfW>?ORvJKlgFdP~VbB10oRuvc;uZ8crln>G
z$iu7P05<ReY%pm-x7h%Go}wGTtfM#p42i;aecG=;P{B7Z2v#>Xj35p<M$Wx~jIsb$
z`IXDHh#g_(<$v%G)PXL;4^YXS3%@)dJJMfv{Q$zk9W^1$+p}A91l1F5q<lHDj*MVK
zc&ec!LjAbawXYR%Jdi=8oXJ+eXSp2KpY0?=vI&#h2tIH4Sl)XshYf&Hd?jphN4mZ>
z_zOT!)hU23`;h^9q)v@&fK%PORyWn1YjsoIrdFA1k^NFE1Yk{1Ggcb#?p>o4jcUg4
zA7qK-r`9Te&3<cM;GxQ9UL{^%<!!Y}g8WiQ6*sT)$KARr4z)^>TzH(=hiLgeC<>r5
z5=YwO&Nzm`+v@01>Gma1KkHI$0CcNP1Kq3KgbLWnC;c0^9(J01gW6~V?Eiwil9gIw
zpeJb&Dm^KXJaLkDI%;4`?o$ktKl3folbd;x{Kp3&%GdKX<?AI4gka@s)h<v^P+n=k
z2})iA13_`b!TBj*M=SRjBPi1qf>J9og3<xYqRs+3#jtr6q2j__<ziQG2BK(H;n9b`
z@EQ!x#j}&oBf{`^<nqrvcVfJ)bZ9lXQtMAq%fzzhP`1>~p6&qMfMF(7`Kt!?FLB*n
zrc7~Np2@vCY43o+;^Sz?<v}&hMRcKERE}+Y#Qx<1wYx~5)|&m&X`@B6Pm-arIS)}H
zUIOB}8+A&==PRO}Eo`1V)>cKDzXNIxvoyyEmd0A$1FcrDR@o<OwW1h2^ma?eR=-w+
zbB!05UJN*zc{A&?BV?<nsEJ75=4j-fgg&6tw>igx7DEEa_1%|YjlFX~?GzPw9c=&4
zpMz?@;M&8Q=e`2+fCOhE%G6HDnU5IC_If0=tYbJFfZdnlKnIwf?@vS3R&!7XxGDd<
zFc&{XJPu0mB(&rO@ro!vf5L?N18I4liPd@iC)S9r6!cR)8g!5SiotH4XBub%OB-s`
zhl?Fz**y(l)sNXK>LP5Vbtb#JnjS6&B<a<Gzp;zMF4|4ic5%o>U>)b?cn4g84I}?<
z#^;M1_vmxMn!uGN)C5+f12kk*3!ZQyMW+@#O}4p*f?6=Ph-$$@YjC0ryU+!ehW@6>
zCzZYyEcLGdKYj&dkj*1vcl|z9v1(p&ELVw$J!aMfhZ;T(gX>P#hmSLIQ~5mpyBP>5
zSHC7#Bn5gZx`G&&4LuBj<ZM0uRv@{TCg@xMb^j?<7Ycf<8VWj2@u6h@kHRDt&73fC
zf@55v!K1+kQL1MZC72u>YaajI6dDU!KO7!T?m!PiIJul2;ljzif3<LOUyj!?1@|3J
z)kP^>s|JE@ulQ<u^gCrZ6UI!OG-1kk?yITr{%PZ<uq4CajvHdkO^GkwYK37<5_I99
z!CxYTgQnq0Fg^?8f;ClcZ<J4Q;X$9HdW4HL_x{yl&7Byh8{hmNQ*}Y1*Q&AR+9{qJ
zUjDbb7rXqX?8PoPPGwXHd{i<YRS_-LKLaT^s_LsORy9E%n`4MP_f<x?$aC*sE%IEP
zelQ;$N>wAz!C;igbFo{S(_r@QQwKBtM;Z)cMH6&mnPrGNH$@4pURg(D!QgUX#=?Wn
z<&QK3o%>@%xS(_IUoGg|hzE3IIeIWv7j$kdMaE`hX{-35h}6ci<xnnneK1YigPI?T
zb^La)n~!NMjp@u48q?mZjA<_oVl*EU`Cf=R%*P}X?A6McYWSFHC|%&r4;I|78&fkH
zQxbQ6;Qu*SPy^|q^MgX1{UfqmpIB^wSnmG^v3eMVsR#eSU{4+R2S&bW!9OtaO@01>
z#*mk)Yq^(IJ^#JlB<M6(mDJBn%JYyubvsWjHl*&sRGl+aCF4t8+!&X1pNR-a5)wLl
z`Wa^vzjfjgMj)&px(3FK%R3qzL-{nS?<qp+b4O9un-&~3ug}DPkt|lBs7dnYHCF-#
zuMPT3!vp7$7k{+jwR!RW=ZP0jk{f@^c=5#ZVZ**HxER*3e88o!7UbsIur2^949RK`
zzlSe}bpg<ujPpNhaCQHwD;r$hf2ym&)%~YVYH)S`sd){q?msoT!FBmheVRW^HI+Ah
z!=|((ME|2qEwBs<I714|Q47q50+T}uOj8To2?fT46qu+M=mQ1r3Mp`pTA&3Ku;b^z
znyxv5{L9TXO5hMYm#?4Hoy+G=>dvM6r0!hKJE=RD(@*No<pU@AWsS!h8FG-WQSaJ$
zs1dl+bU&zEqsGb|4#Ld~yqj8i6_Hn&t*>(FfKsJUK6N0t%8v)AN|wG#rCOy({`3Id
ztBU214v@4K4!HaVPtKQLgckT9^3pFTM!;1983BWo#~{z7cxsLlwSm0!I_GKMdSs)v
zv&-Bv4wJ-TT9d1TsW-ypn-RcxE!r=r(3)3Rps!%23OQ<pJf*^M`PhECA`Z{hg>k`E
z_;SB8u5J7myRW`OcsT$4L4qdU<(^)XWE;;;en0rWS*YDNt!VMPfLr{655bPxxy3J=
zTgBqHPM-JbwJx1<w~$LGnG^<HIxlv^OQ)kb!;ytSIMM?FvfXGFV`n(oXat<kjexTl
z56&)`g#yy1CO2+}r^yQfzoXW7nYreN7Vd)4;1#Q3$sHKC$jT_%kE|A|CSs+ICVIk@
zSbKHY-o1kMrkpQ-TxM4D2ke0SHirCXbor^6-`9{ovkdHm2Vw96*)<i-w5&>nfmq=|
zLxoJNK!yQyzg8cYkyWnbVY+dD!mT@fJBG>;%gz|Af8i;VF9zHVAe@O#zsTL$R+_C`
zztPBdCEmSnvZud~{fK1}Uca-e?Vh3<U_FW?&qBIsFN6lgGVtt*rbEt#HqUUnA9rTI
zbhqNx>=SRrLGpCF`%kG`GgO-TT)8B-SX_E3;Arp7sSoN>pI2Or$UL7F4_0QH32_%h
zgp}@(gY1MGs&>Ll!r2G6SOV=g^A5rGx4|X6!qLh<o-W}P&U*~-9px5Z#j-FtR>*W$
zN@N&TELTrr-)WUL_X%f$TIkb<pwKS0(0lNmwu=>V6oS1AJKfSryno|sxcfN9bA+e<
ze@sHt+$D51gOuqHVG3!vZsr#x{$k@@${j$F-mM&Q81CfcK`zhZWY=;hyOy`B12vK<
za8rMj-Noy`T#?r7_O1fz_*Ua4IA^Q45}^y9lH*O(bo50j{VPcv=Chk*NgU#nTqhlq
zCGUWfFhBA=XHxLNi*Yc}RIWSnM4s#X{H8dBI*1*Y{O1LBD-XcMISp>(0r`g?Q-oY^
zWD4BI^V}2I^*g(o-Of+2zct!Mbj^nAcdP8=-+~%n@Vfs)FrBq>j*gt>(UlNQXYml6
zx)Drg7b&K*C=@5t*@@ybFrO_aZL@r`5R63?DgJEdZ=>0_90Ykl1|Ec$ZWPd7R&xJa
zZ!Zg(j-lLMR$SMpUsGoSt0%6@MQhnuy|wH&{!YgCEcY(|4F-G3wKNX*T2z8o73`PN
zGH>3AI`%y(*<EPn^r`BtVGWq_>QOHGj&(=IgCdq^EswD>lHR>wF0xpG*gW?|`H2@%
zRkA0{q>8K+L|p{UvhhQ8XZMnM@jU^{gBf$vHr!sH2PI&9u~JYh`#wfM9e&8MGe+4)
zqB)!AIoNzs`d&vDn@0r8QFwcx{rx`n?(Cr|-DQEjy<%q@T+W}b#OKf};5Abe@HBmz
zu$p*EtKRuyX&_oG-QQeyH$V$6+Her&16_r&k!P`SHAO=zc=mncQX(pyNZjRvt^ccJ
zx@Br6py^gVkAJjKi+{9GG2MC`YFK?gHWLh5?0nYIPEB-mV$Af!CAQMaXnX(72#r|g
zggwe=V^W@Hu+6i;YV)i^kiibBcRU&t4>PTbb~Zrg1~;+wVWo7g44UCvBp5hp`0b+9
zO*Ci_vPQ`>$^f@iaXeD;HXej8fUB&c>m*L;W-ja@ToPYCAj4^ab3I*-1D>jEGZKtp
zX(b!b!b>b$0H_Y-YwjZqu|epI8@zP^xG595gCJM(ii3>j@?h|fy#AljbPmOf>S@4+
z3t6_Uav0t*ND_186uV{dr(=eK05zYIM?ov@E^NZ9zhxE3gvqrJe_B8^2+|=`9LkEO
zw|P=adV^lTOLtfpFIG{X+Xvf`9RV{hoBJ#T*3=n$Nvi#r1ZH0VB^nKG7<M@TDAj$6
z(V<wjNcLF8^h^3oSLG{(>*n=JSUsqb1~oFYz(-#x-i~;=f??dzs^m#i%n}Qf17dfd
z1J3cg2gx`w2_o~Zzk&+or1QFn@c(!d(ClGgq}dFY>sF-OzP2XP>a;4D$9+&9RuK;A
zpt(o{+@;c+gd(3be5j0|!(hc{O8kiW{8tkpWcqw*YFz-4cLY}sJ;ip1&HWAIkLv>X
zzKmq#QeY_-34^8Ryp-*u_qE$=Cjv;98|$xkHDGk={cM@i+Mn`wU$UzWZ5`MXxaZiO
zaM|h!g3n(MC&Vb!zm*I1FNN?cjTd_}<4~Rt!u_TdHBspdw>nz*8eHMg9pPJaUAhdX
zHy}$#>6k=!;7b5((=gD6PXj(_SORDXvVP04-(jrZ@?t!v(RfZPw8&W$i=~0MuJOW>
zpUDD9`gfI7xs5pRZEQt|O+d|VpmeC&4JW|8O<Z?YTvt;e$JmH0W{T@0GeB7zwq(Wc
z;=*4*zZ+65kUE!t6v4+l{!t7c^VtXWExxx~5<e@ynuhm>?{E!oT0sKDsNubtb2Upz
zdfN3*`H9S4NEI<1G>jn<oKHS;Fg3gv%<T<n14~e8uUhFeY*+O3wGnQij8j5V#Qp*<
z3(`>blCC1xRL*A%`a3Ig1^L5bbGQv?(_+`TMl}?SR}W4(b_%rC38D)$<pEKfrOFC4
zkBwXy*j-vvUqrHi2!~;T?riDp-F0@QUnA~B1aQ|ah$y-PYU!?`mQQu4<%=NH(uvmq
z)Y4stTD}NEEmwwwqL#6WG80N=t_QyLL;fy&t|8Y4-@RerD^QiKjy%AxU~<%%u;iI6
zTsdj}XpTynht3Tm&4dyk*O}m?g___*v<KGtl&zvJO81h*SZD1eD?(+RtC4jED^~E=
zCZ{No2lE+In+PGn7#MMLFxpoNfb=i=ooLBpHy97-7o;C?+yx(CffH<hGZxRIr5?Ax
zq0eUZ*rhAH{moDdIwUdL-(-B7f__T!+;5Zp4LO}MonQ&8bUc{dO~Qy>bozo!aPBve
z2@X(G#RP{AlWKwk+LcqsD<(KE{F$g&!Q<?c9nRJj#EXF)j>7bbWnY~)*yC(D&z-5l
zxo);ORahdCKCdnPlw)9Kus-h*M-`(GN#`a82ZP$<-)K-0+vtBs1=~XpKtXz9E%v6U
zyr_+bjnfm7vbP0dE|9-r%mq1t0p`NrMOAOR?^9B53({}9HvC0r!@&Q35d6zk+~^^7
zsUY}Aext!}hld(^b+X`Vl!yGH<2at@<Jil`v0qRXto`kQ-+FNq8$&pK>VYBp)CB*U
zGhyKWBnbXDRmPaXFNeav^y?Hl;M_G@UjOyF18#HI1AQ+i7>Eyr(=_2>{HY!ASnYt@
z-DmJc3+YX;3HuFji*)}O6yA@Wach_}UZp?dLw-w9OxW|$gq?@?>*v(M`+e=?ChQpA
zkK#$$(=TWd{({c88sCo}a30?;>=D;R__L>1JJ-<}AN^GdM)=Efe@JKiZ93y8S;8va
z{p$a4#s{fqyzZl1e#SpJl_+Qg;Hn2b*tLl!z(bLphb|nj4S{IqdPa5z?+cwRdV-;{
z;mHHgi9%=az0mo(s8FCk)d05(ov%TKe&~NKDs=Z~g$gY=@z+$S+bop|mCp*ILXED6
z3e9N!-%_C!KZm74FU-`aQ1@A3sL*Xhh4lUv{wMUO{PX`G>Cee~75dZW#P!mjAcy9t
z{mE}1Bf;cM4KTi#+L==&xi?TdnPgAez1l#(+E<6wz+3YtUS%FX1&H!C?bR=zCC<de
zd$hz+Eb(4UoUA2IGQJb7J56*FrpsSo%-ajj#u*;pw>DMqZ4dQDeom_@uZA-1&V>X5
zJWWkJ4cR%T;j*dUv`L|xwyMQ{yJ`JDh26BjP1iPUaglM;Cc&n)^G*9d+^?41*WR!H
zlYN?fkFrl^_!5PyZc#4uoO;5rzwTq7rF8+ZEbb(1Pl}%@c^<Y%?hE#=Y>x#R%p5Cu
z=GTy{I&K6CxHC&Gm~_&xXq&r2@<j6^Vi4phLb>$4&iK-K@v#9kG*ypFk?(h$my6lS
z0TBBA$SrGCVP8X4*w^}RTheydS<*7lV$<uK9o+11c3D7l`2@{HpAY222wkv&?ahjT
zZ5w<xXp7MEHXP-?H*oy_jhU^)b}F<Ze|Dd0UYj8ByXE_QnNKNq%hm6)yXA<<VegiT
zd{uP)iqA5+(EwW(Ig(SRUnjY=feWsbX0SvJ&@-Pl+7xB9H{obIsV)rlZRNSY@%{Nb
zY?koj2Dv*)9h!R@KjEE$a*sdQ=#%##J+OJwQKHe>?ipsafkdOb@x8}0EFllX8#WMc
zG-IFaWR+|3NL#lwT<n1AUUgHJcUYV&kR{qGGb?JMveI{nt{PDgGD?oex%Wuodlzk`
z713<m&eEW#M;K2S!N+biY2U_8+J`6-4@g%{+Rci@LtM90DKrm1E0j-=dPt>vz@)w6
zY66cf%l=Z}p$a<SiT0Hwl69zJ3q>B{_Q~eYQ^QG%Nj{BShEYm#8XO0HwI|gm+X(3P
z-G7#_eRt?V<G$lwf$Zr4XO4jd(+gW5H&fYmc299MdCl}~kdbhGeH_S9jz*4bEO8?y
z23cdjfr&xZ*iU2PbS-h3k=%#@A~)96jNF(5Mry?27oQ#+pwP{iK47JK1%heTAl}F!
z$W9K)e&(`{?5&3~B`js)5;%|W#-Y3v@h6f09HoZ=tL*tDQGHIr6tpwuM#e+t-!8}-
zSqa}8N5fM7bh1769-DYgeV<9kbkMZ{=<Z@EnVv<kIlNM!^rCfEQ`X<+w{nGzV6p3u
z^Gb20<%77^aa3uIc_tVO?S%rpaL+JM@g4leUlPg3Gd&l3GUg%YlF^U`z1KvKju~7{
z4X-Q^AP5?Hs2s(<z?>)VQDP{1hsMzRG%JO&NaOqSS=dMAguXJMMKl>S?N&8JJ)`5T
zswbqS@lU~+KY5oO2KVUrG_Vl5f9eGA?(Q1Fl~LjNvs)uoo)N7`rQrc03GTWDh<;DY
z8Ra?=qMInO8W)R|TSDKUsHp~^(gETHKoS`s?3TyC7@nDz&A_m8afIkP6p7|-G0;>#
zf2t&yAdDhK42OpgpWI~^se5ewFc~|>IrgAt>62<zQs;e=|1FE(PtalLD<y8#F4DwQ
zgG=dN58)+7p8rmehc3oN92Q-<kz9VS&Kg7h-EuMz^IwDu6H4gKg5soZd3*wj>rctC
zDZNnP5&812vZC-0qoBL>1yF+r_gzoMKMf%C->E}m@C-m;7gETj<*1Cgi^r!@0!{H@
zfZTrbDjdNqHiB{Y&!TmIUFTzLjhUJOOEG#R+VoutZde?cI~tIm6*P58lff;i>be_9
zW%BoL>3xD!IHMl=!ldd~^59k`=%9+eL9vp@i}G&fT9<v&(sBfO-<ni4t`r$1dChdr
z(iHg*JAjY9&T#PCKP7@6EG){{RJ*s+mGu+IBNm0F@=)9=LcJG6R|*e11^S%Ci<W(s
zg2e~|UTh`zL$;qD(V$xxWM-hn4n7pTv#inAahoy56V5wAK%u@o6bno(_O%i^P=&zE
zAt=%pyNg3ms6ilU5ELp9Wa#S*CJ5402+|Y?67<CiIRq9Jf|AVyfuJweghNncQXzno
z!y$lFgkY~pSLd7wA;1HV5K!zn4+W=Fi<vnDXw8NY)O|`2EYTO+&Kdp18U%$J1dA02
z#_H?5#}B<#zv>_J!~}ifMm>5^63cmFzP`;$o>-ty{F;k65$Tpzu=_n}@{6tqE(HR<
zoJhSput+3Rv4Zb8mX}$X&7GNL3*^i!o8>gB4NKQv37^bu;$As|Z*~BS_Gb4v@>c^N
zqr7hod0$c9M9TZlkhhoeawzWyL*BnBuLtEFG~|6xdCe*Bup#dN<(>Zt^QsJaKT_U7
z%KO!jcZBk`P~I^^-Y=B*8s+&6c}FR45#^mQ<jIsbnet8>^8A!HobvuO<ej3tUX*vv
zkoO1WwW7QlL*7}+yL5P>60Tk6-i`8pqP#jo-X&A8O6`nVVz~<6U<}Lnkl0U)c(x6)
z=Y(W`!n1FN>{TJzpY!ZSko{Rm_C=n3;&qmNA|#u9Xr7Y4f^1WWkG6q4do^Syg=F8(
zv!90S?2v4UXBR<s|B&oKJo`4tP7cXV;n}?)yGuy+%{==C$Zi*sZROc#Ut`%fgk-P3
zNZJ2^>~}8)XWw{<ve!X&lS{$bkMiv2A-gCfyNYKQL-xPngK-Z<I{!72!^*B9O<o1v
z$9{rd_c8k(E<=?(5lZY8C>x7qZ#9%{bC0HYX~+D#4EYyFDe~CU-zTaiPulceYN+Hl
zqsUJUT41xw6oz6?KjXLw{M0n1`)#Oyng;6({%J0Kl7d(2vG{z__CFvIn8)s0p7HSo
zSM^MTDorBj>-?Yn(KK8c<c}sFIGw`a_a6qOZ~k}a=%i{r<3W1=ySvWO$+`99p9J6{
zM<;)LaUr0JxF`Mw79V|Hcq~UPr6?rImnyFq=$XNuq5gM>@IN>J_nRr&I35E3FZIwh
z%G$MB*BgOiY<kiH-V<5>zDM9vHLlJ!4jj4^Z)RX`-l_-tt$I4J(f3S0sFoFSy<6~a
z-34m@tKhT>Q~Hc2AU3_K148r9a^iE=+IjNN^2{ZhAkV9XSsAzpeiza2x$t{D{hkKD
z3)pXerrs$?{r6Hag3}J=elMS6*9hM^M%R5OBUA?>sPK1a;>CdP5GDFngR_+{px7?>
zCmuc<nklafe0&(e9gEC^{TC3+c0xHbqtCug$bMAHFW#ZL76Haje&RDy@&_JFegIfN
zr@xec01=go_y@u~?lV&VPv&(oM%<uxN#!2Sk-RdN?5VY;<K9i>fw`<0|BHS4qgVk*
zQ&@F+c=Lhz2j=)*6VwU7XWfJEpq~5+wZL=guNSnU2;+zE5IDf$$gi;v-)k@_FPhb2
zIN37eN_}9><pYkxx00p#mcu{fn4wahJyM+_oRz!YQN{tRmn`va5WN2Hq~iN1J|D6~
zV7cVZdO+IX2fu@+*C+-EaH_xnAz%_z6oC4EOF&2H?5DK>Tlx{_Y2+bP_dXcru6Pa!
zd}xJ%<M3H&i2hFc>DZge#(7GcBQ)@MM7XRi>NNJ@`%*AY&z?J3we>+$J8~7wra<#^
z*9e>+|1|i>8NnxODXM#IrTggjioTZ8zzxvA4FD^?YU%pBIF9Y`i@fQ}x09csv$v~D
zK>fc(dl734;~#iHK4-k8Z<Dfy`lGYrZPq318{e{^(X3<3>Yt^bmhpkwfIrILTwf|5
z((?46uD*lS>#whu2xVI8YmI`oyX#Y;p-fwUE1m`yQTaCpwZFd34G$?ZFGrdKZg^UQ
zC!2oCGCPNW;`sEr<b&siQ2#sMYV>H%hl>B5=^v)38^y6jb-t62Hq2o?@5BO9#7(yS
z#Z=Vq{rmoQHV66JdH<?J=$q9#XFJc#8N~L#&OW8|M4HWg!RD^Bd%BQooq6%xx6Yy^
z<O`vvk|zH)1?^JWXO@z?A;EbAS*A43ES(n*wkdEC405ky!E2CbtS%t38Ppzr6J3A+
zLDSX}WPlO_J`S3JMq_1Gd=jnz_)I9~fSr6gmXVL~@iC0Uh<P4(k@+NcC0BSq%TsPA
zX2hb4NjL3zeM~wiHI$XId%GWjjI9tamW^e$;LNmn2Fd-NL(`EyhJKw-<AiJg<LJz-
z5WvnZX4OFCl;?q-b?*Xy#4H)R=Dp;(Yx3Ma`QU9FA_mDv%K(yQI!HDvx$?(fC937t
zWEfri{VXrN&5T@60&+di2#Py=&?LPI*E2d^^f&&$^E)>#3*vWTP;?fw)yBWiZsw&s
z(u~%a`{$7J77H5m%Y(OG!FT<TeNiTp9pkyZ*OtpxTv4Jwmp#vL&&O8+0d9t6kzea$
zMl-B;A08xJ#h+9$V)643e-WLt9$ASbqHIbeZN?1pJ0Rk`%O5?f*s?n&%yNvGP>g}#
z;cMEgNz<o+RdJja-5#yJ!G*ig^FRz)7e8B(f-915cc%d_jJE7#T8xIVQQyUw@%LEv
zyO94zcTOhQ?!{;xzl+`jfHO?(q;oQ``(>1bt)aZ-6zzhIq><u5;rLS3IJ$0?>OsL^
zwf+pZ^d@tTDe-9p_u+D~iY~{lf<aeZJ$)ZTX3+F@5;dED>O4H5RkVza)8AcW0RV%U
z6tA<2u3e6Uv6}c`(D(#{-1EWQs10W5RR;4Tmz|U0it5J7!Usda`9cT7-9Ek0)~uPk
zc%vrs!RWj_;b2J0O@DV0_W^@hev@u6J!mjXl))_HgK4tWLW9Zsr#hIY-sWcO$|$<?
zQ7q%5;BKsPw$dn8TxAs8_fteHcVa=GZ}36sTt49_cJoo}ru4mh6yJB$jiT@+a$;fT
zqlo6l_l>s_CX*k3Mjge0w`df*G7_})m}{buM01mSD@l$^w$MmG!pKLGfs$iBBvo>3
zAyKilGk0V`pa0-PN+3yb64~C9U=tl#P<jS|-6ujDQb2z8MRH_;-`=P`Z;^K^X%mRf
zHcrB+W%PY_A~IM2x4i8mZmbK``xE{FJ4{~1KhQzoOCOQ<B}x9rM`UOpV|Yz;0W=GD
z04mbqN=<erqU^4V;9FfA*2w&>%VCq77<^4xFgZc+Z8jt~!{n~yWf<gNUtAmAjtmgG
zZ6vpR1|%;5)ddyK$eJ~}8F_t;ZbqJ4qni=;8f8WntkL_U3dmz#CcE8AQRgWt=Vi?w
z)u5Myol7P1DogcMTEDFMqiPgV<>GRxa=*UHZ_71*RQs2crEi-2HUAYO?^sTrsU*!a
zRZGVIG*kRht^H8vkE(Bx-X9h8>EeB!Y^v+C2>bLerJ~RC=*pv@PnNq)EsAq>iwa8m
za(cb`cKRS;$@XjcOC(I;U_``SYxnd8dt(R%M)t-ZFCw0<8&8s(jYF2MZD#2fZfjif
z2)Rp~5B%J*#zL^IF-G|Udu4nYBqCm<ZS5PHa3hc2jY$49RzePs9p@MWn^(pi46?JK
z+8b*OALD<TJAh9b#`z!lc`1~s>+8_7QrL$)UD8;su9)B2kbkRW=C(5)0eL&n%7OM>
zFg0dpC#7<e*}2?dyH>e5tL$@wH!o<x?nzVpOwLbGs(m#JswEq$9U5lVYIuf4;$!bT
z80JG&1;n+1k%C{G$mL%<3-Z!WIPSH1#-t4q*JX7xm(Ftu4V=e@dsDi>HaHm99)NZH
zXUO@iZYHbqt05)xx<v@ZJ5>|eWl6ZOYZ+pj${^Z!kHD7$C-cSa8lU+t0zB9N@XZJ?
ztgq35b#qTCkoVH^L8Uc=#nSs5&_f_G8&QteO?nRCP5!wX8P$KSz(23!s(Tdok__9c
zt1rRo7r<=hr5_W^rkgN=GQ4QR6#HXU{S`K25LY(OeHsg<o4^{k2Rw(OO<gHT4cPYG
z+>kEE#L%1ykbNg(>_20dwLCHVG;pyQVoV#hGowFVEr9XumPy^y{L#N3d0Dz}OiJDh
zN$_JEkAZ-}BKJxaa($b7x2-~MY)dY8?~Pv|t}CA?PGkR%E$3#h?4Ru9J+=-tXNHK=
z8=EGI)Avpk9p6sO5`Wm2?b_$)dL~ocyv=SZmpatg+}mvxzeWyEPi*fPndu!8n3&aJ
zZ>D>j^AOl)vT99YHrUwTA1Yks&L(-L-8OcHY^4<z|Em}SU2=afuLBoI2&B70s`xq5
z?oMpVX0&NEBL0f1NGXt2FIqQouF5*nr^IJ1SGl9PHdmU0a4D>tlwL|6z!@7VmYs}*
z7;$!9*q>}Sos$Az8T9LwdL9q1b5{n@MNl>rOV<FO?MamFphJ92uI`Te^vl1s5~wlb
z0G02(YzgXv{#wQ9#`fgOl3&<D>|+bD&A1S3Uw620hAl(7ei^o9vq5(}lPzxEZ8Kf8
zb@;=^rj4yZv}0hlR|-tb?og5K-tGJe=6~5bHvg<n1*;>vo&fg3^aH!~fC87rztU)5
z!02Y#gTT<3b~EJ2=Df}<K6a;BP+e!((c9o}%^-MbB-(gO5jbHv9!GVJF1`aRwS|@9
z3OBk)V4~d0jj!|$Fc_RPa~8&_dKUW7A!=J`WegzeLiFPSatG*Le(#l3?$U>|?}`gn
z(5BQg<_Z(83zF4TetB`Kz&f3B|15{f-SyUWj1qm;5V=l+e%TE&P2Xjb#ztdFJ^QS%
z${UsUe)2NM2%56t?CwjTs=2PoWsTYBx~dk<{yMB8e#_{>=zS9*KTGC@GkQG7uwTdN
zxq{q(h#B6Z5tBPcgM^4wyl4-5i>oB}r?j0zH0Vo6{Zw#tQcxuo-w?jI-W$A)Zi)8v
z(}-$C*NrB@;5~`uh-I(R^X-ueeE#chc>e2ZLi=!==TWQV`4?7$_vSmJzz#0k6zyz@
zHp)GN_ytzpXs`TekiBxZp0<jU5t);Ak`<&9DAXSDFAU6xQ4>(+1xChA6S>a~($O!}
zmMI{A%<_CE!@o<9G_a-Wv-diZ0-P=fw$!SzrE&27i;1~fVvdnljp6Q6i{wd<L#(I}
zm+`mPf^}$}oCDd}wZU3#J4vgpxQ<H2L#c-lN%jX^mC{vnC<2u8;8dWTN<2-XoYjLt
zMsrgp+k>Rj<wr6vr(rCL-BT$Rg(YY`vKR{21*E9$Vg}(snl1gL^A~uXE1oBaPk{^_
zT3Jie>mB$SYt2@<1Aq?F|C|E8nJ>6c$t!!Sy0N`+O~A?<AqBStw+tq|#0~0(JML@@
z$UCBc;k<bp{Jr4)f9tjG2MfLhqyoD_KJQ{o_cs3Ws7+EbPSOCwBz-Xm`Yqj0oJAGq
zEUI;!1wN#dGGZ$@+DSA$_V|JzdDGb!Qn=h~?k0_&DefNp=oll98l;z;q0-b}NzRC?
z`5(O(9xS^a`C0r6=+F!}c-^%SU;}^6xaNHZOwLuPfp%UoA|86^l&g}}1@9>+*4})<
z|B!DV7`)&C=S^&Q#MT+r7o}yk^qn(b_q8SWX!m_~&3&*5&RvH5M=9F`s~Ot{cX|%;
zl!pN1og8HJCxQDDe3!^c8oYNQ$pfxHh4-}q!SJ32cq?hMgu+|N;N3|GWcB91f|u{x
zK>+f5lDALK2{{_K$S9pf{^z^&%nB*K`e*PVxAlvRU`+l*|00_BVy;?|9&!^_U(oKp
zFYoFO3LNdO36S{ou0IKRS>*R0V|Zsh`;;HAx_~b=IqCFbGlc)`hkv&#<WX*TtTy2D
z;{0t_X=2Njx(j&pO1gG8*O&O!tGu}Zt(L#@@{kVl=j<1|?m9$&e=b`sl-GGv)lteD
zSJVa=N~X3j<$1NT*9$MNJP(MS{D@cQHEbIDpwNl#?S3D=jQJ`x(6O<(of+Nu1adxr
ze}ISdC-~F!MY{0*Eb<3&B=r4c>>$D4!arYM$^@`XSLMTx@uE*a(L4Mj$b;8k;h86&
zO%e2ba#kpx>`#JadA%<!%U?Cv9~wk}{%B7CT^ut=JI_Y{Vfd1F7D6AmQLS;d1)WO@
z+_7*<ylg*A!j%H_yYRbwxeolJj|BhLc6R^1no%Bk@;?T=)a1y^s6kNxq+@IzLuwri
z{+R;u?pJC9jGHWCdCt>V)aY)gaA^uIF~B7^dYl#ZIB|>&h!*j(duW6Z3K9oonFh$u
z5gZT<uMLlGF%$8vR^t8Rd#%zxb$#-mDS{mXFMCG^2^qq_CAr8+hpSwG01^1qh7P$$
zuq)$R(I|ZQ#0FF=i7+VA5%&SPMVcmBIE)3-6)MAW&-VpBC|lsFG@RcAz3<G;;KeLY
z9KM6yihr^J3(%xt4m=j!x?8EeL8;A1JyzY&2RavTtzva9P@T@kI(hCYc_FKoS^Al(
z?PJ-Hinz2LRW4_hu_tenenA}$!w%6kADfCQwSFh8pM~|ap#FHOAA|L?)cW<Y{-dlG
z+krP)W2t&s`G$OKpa(XP4Gq|+fq!BH*=hs3QlWvVf+suDlQ$1zBZ3*A`$_Je{29<;
z-I@k7d??6%+moFJK{y#v-ksxVoK~`tyTJKXoA>sDk<ZV{0s9};B~U~Fd3KzRnakX8
zb5QyFp!`h;;<FhhL9JG@vn?B42c&FGU~1UqwVjgrulBJl^9IVCgqe;T)aO8AMZW1{
zR$w#-^;tD8Pmn)^{J?g$*9)Zd(eaY#YQm_5Z#J^}H2xta^U}T$#Kq0P5(=D~rNjf*
z_-1<;5u5N`@*V8xHMu37(K9i-0;V>DdplbQ5W06Vxb9Vm2XMBN&9R8#=&r?xnwudl
zdWxzfyhm>WQ4MatT@~>_gtL5%^$D)@y-P_~<HOFq1b=fSk2Mbd?4fyj0_<~8%0=p$
z0YS_5wI#ur-Yu+iKz7+l#4KXjtz1H}nA3mttuU2@*L&6iP3@=A)O41(cI`DO|4Mp1
z9QFvK49^BB(_PWII_S&__`XK3K5UcTJI{5<8STH*{e|n0Bj3FrEC}rn)ud%7pSOEE
z{X>E+4iUSFzsZL9a!Ju##*r8c@#S`<<)vS6{)!`mCZ%!CdFf|F*U(5o@n%9>-?Y25
zJX#vJpEZL>2?VW@qpN~>ToPcOdItV>Zf^+HG{THGLIuHjyyZxv4oc~}#WK;P$YIQq
z>44;J9G`qhv7_L;FS}Co#(_WxST>ph9zVd7vdne9xDCj(Z|lNVH#O)!xivyiOa~Sg
zgHYl|CxkPZpCqNr&bf*rK!M_|?svH@U-kmdLOT=Kjt9z+rg%N{xDj>^Z~7PFW3$;p
z`Lo#a{^#RsF7GF>%_q+Ro=&@60)V?R+6unuXgoLtI%*N0=lKlKU!LbpK!17Z$HlTX
zc+{)xU2CL@8a7dkdv6gBbfu7UuoA2??CuP0{F$D?u0XL382uS$9%CH_$JR|fKR43(
zIWRO=J3qlk$8i&z+=Pisbkdf5x#w(@w#-j*CfeC_KB!D*2CBLDne|dG_;-|dx1lM`
zP}pRVVUS1|lj~lXxnXSPUi#>oGxs$@BljqVdtB(v-0y<9_}lsi1^)~EgBNFC&;98)
zPl}+(V*n|VC})Lm{h}OTG_O~bQ$idR7Z`2$8@-hOjb6ZNoAFH&IB_-J3mGcN$W-1p
ze0N;H+eyDHw!b_B;^pY)^f#10e<U4@f=w+O!fV{h3&b$WrcK>ZCCryd7mJ_y-vj*b
zx9qQv%!syAjnmD{f_h_k=0Gh*{OotfAccR&^tn8}qmm9aKjAfzMU>}J2|=rg>3ey)
zJd$zfqx=Q_J9+(lxz9p=uVD1SF+{!lw1?#0{vQ5B|IKP&4Ir_-zm2~&#FWFt4Ebyc
zOKf29+-s4i-#}2I=ihDn>B@wI_+&qUa_`7NM)`_feJTUBNPxK{IlC9E%z^I&Zruu>
z$c83J<ekFqK@TAIbiY{kwSb<1;e`&>nf!4|ylRZ!D@UOWWP3Cgeg(Hjf4DM#)+!d2
z8lS?X2+31y@KFfo5~E#5qwudI*i#nk<$d_-rI+`?gF%RY!sm$QHg>~Xg5+u3uw>3H
zjPQ<y=U{ffi55iH7&Px>1NPm4oQNOaDgpEys9U-tL*1@yvRfX0g0WOdZyEOG6S;^a
z*zM^E-JDOoasem3aD8_n?0pFJ2R!xR^$x^q15oFt*6x{D19oa<zhL$)7P}{nVr=kG
zTk;Gw)RrPKSB2M|x!#TyXETW+2;FtDt-u|8GTO|sKbabWk3|SxWyct8puB@I*X(-z
z97PvL5!X?K3_|SkJqS!;Ot2JvZ3Nd<ktn*_G5On?wy4KI0#(QX)hYO836<TyA69k`
z5GV>X?Gy+O6w!1r2y9b}rl=6uxC#)-@TZVARDER<UoTQ8aZGT{&b+2kw*P)u**<`z
zsKLZ4APv<(nxt>|H=PO$y4fX=cq}_hkrvBt3IH{RRaWb6<#ktR8ZQWxUeiU<YO#Bx
zCc70C5VR${!$f!ADQ}Sq2<kX&eOjmE@bS|+5zCuTD>@D@JzcBmxT&uYHZw7LNrqI3
zry4_{4dba+1J|1ks=cG}l^{17&b{RMNImx-nEAP{hv&Yv@zh5vr(Wt-U#gHJD3(2V
zICRrNk1WAALQkZrq!^s(t%r99JV;4~J@D!@P>LvqJun^*(gba(?lY5aK!WZdG4}uR
z`L>uW1*wK601?Ln6b;9ZP7!>DIYm+N>e}GzP%<%4^4>QR1)B8EPlbyqhZbNS=u3CQ
zhz0m63HL4B5p7h%0sk+n$gWK=*tH3IGd=YgV|#7bXN*3V!zQl?A0=*k_|j2V!iJi=
znIxQFz76c$of_kG2TNR!i4SOr_k;Z#CQj25ryB1)C;7Wcw4BUV*Y{J%yGb_JxvVc+
zpg?L!kc56$6yfFRsjNV^kODo`0$)P`D}J{8yo`~Ab}RHG;Yb;g1W6?chn5jZxZ|Vl
z;TFI{v$5r^Yl~Mer~u>v0J5ewD#?Bio!n^o+hUR`Cdie=q>?knuCg!*^2a<ehb8*_
z3R}c6!<!x*W?1IYVFr&!!3+yMB!+Fm0~Fj}tf(NR$#($b4f0ukBc6MUnwuf_h1@8N
zVnB>b=VB!`L2R)S_O3bqWtF3gx$cr0j=`B(R_+`K`UFb+g|koa_zV8d6ntR~{rMLk
zuT|bQo5njTmnMPzyfydQ@mk>~<NlA$eGV8S#-<M~P{U}Mh8B`Ckf%Nul8LXByY`7o
zw?}VxL?)N}rQ~wFS9_xpGe*!0FuQc3#)`ZGJSJop*i6}lYfR{L8}A<8sDZ9rVWaX0
zCzrEwET0sGo~9S3r-43-Wg}2CDl%Sf+)fZmYfR!&hF{ALITF-f*9{Kpb*8RYe|zee
zmFs(Zp0Qlc3UY51!$Ct8Vosr^P0}dT1hA=p`2HzcoYGc}xEc(9$b*X#2s0B%J@S4O
zJ=;mPDRI;K7)3$Sswqf<{J<NvZvm-Pu{&kdbMxu<ScX;$O|Tb=py49+Sq!?67iw&p
zE~I+~>O!vK$hJWlA=?Z>wjDXL9rr3B+YEW*;@W^V&7>mqbU98lgjX)TVs^%tl{@U}
zlttbaG-a(>TmIYGmYk+ef8Rkt(|_g_-Sm%F%Zb6|zIf$oo8!GwwmB57fBE%SaC1;A
zGxLKWa;dpWZ8y}mD77bGK5`(iB6iQp707|V1G8pJKOvUo0{!#Ou|OMstHxjBl)cpi
zq(D2Ov1BK(fk3(41z_oaZ-`njRW{FjD=`k9H7a2*k5(c-5M^iF{(R&6{ruqf`@Xh{
zQxTbyb{XIAiFb@x14j?E(LjT&kR1d^Pta)r&c0+oJX=9fPu0&1n~CgO^8|VP%ZUO;
zDz|y+l@znvfGbh0^Hyk`W>6;y>U^Tq83LBibxNJe&^m{QvpScTvpV0ywBw2gH#=a2
zARkyBy5b=Ghna>KZudd?;YNyH0=tm}mcXEWGg;qZ8{OQWHCp!9jdn0L3gS9nyQ?+&
zAT-+ZuN(ccp`lT@iTZXUeS*Tc8`A9FA`3{i)<l!o8fMS|+xWe_pl!V6C3dh<F&?6?
ziAkA6R&sy8pkuT2rC`udo&(rxu)>wE84uX2Acp&ZQSp`&11*jQ9u5ISX3uJO{|UYl
z1Udb;wwRp}j^)EEl@%=|05>6)BDADKLG4QnD5wWVR8=o3C@8gz_&q&~%%eb_jtXV^
zMAxY(^$ryg?0E+~awwj40GnkepI5GY-l-TQGC}|TK$Y#Du^G4y?MYdQO<odT`j&RK
zk5d?|{yr0z=r)JGjFir{hXuxiZfHE21(GRKzejX(KvC{84&{L4h({J(<V>PGCfDOg
ziRJ>qDX;<o`OD%|K71exe2S+8O)*Vt1LR?j;6%d~na}vKM_)isDI^Q)sg&1;PXomy
z*G^2NM_uyFF}^rOP$R{G4058lj&+Vc_CPPu+vJIv6NEsE3IHi!kXGKNt|WXFfVAA6
zPB&-K^(4f?I4*?sl5vq90?L<%@rL!@@-W`8p2NiZw8VQ^;zCR;)Dj;I@(&OojiBb^
zz&}8UrSo8(edd9%Zm@dr?C&7ELrC^|u5R=RWWS3q9zgI7@qZkR(6bUquKm+t&#9jn
zkNz!N5E9t<JllGS>d`-(8g%quc>Zb>^VxZNnm6P5M1h}hI4f{&;kbZ{HNxR7On6#5
z1p|=wJm-iQD<HZQ`Gct3BJUonN)i+|Ln>;y$9y%G2yI`6KbgWW2*d$tERkYM1)NaY
zqZ%iaIQ!b1(8<#}PG~`)ffL&Mhye|?<ebpm&nal=!v*}VU%CNbVV%=`K0$|dALtV_
z_3fVv#kzc+%J#!n@J7vGoo;MOU16QypG_28CmlWX9dR1ak(GaYSkUZmV&(lQknbGh
zpP<6>eM%54&paCp3j+gp0{V*B2-@$Gn6;ZtVv9%6XkU5+pMlG<`UqAX?X{LBB7Oia
z-_|v|kX@?b8ep&kZ28l}47VgdqrdB&c{rD5kuG|FK0#vX40-bF`m3IL@%{JNu-9bA
zMZ^J{m%$<Ks~zH0miRU%-l8QA33G*fD&)Gl<)UI_7&nHU$`3=lcKnMMu*!A!u>x;g
z<YqAd{qjfYx|e`V47YQcJ(;djM}Dl;Ogu8=v6K0Q6GJDe$#?T6tn%Q=<i}ta-9VEj
za~pBBXb)CYwWevtdzoYG<<cbOT3gM2(MtQrfPlZc#l-+wNb{lrvsv(Gsh{PnyuXS1
zSusz6>+MOYgoOO9p`BIGPD6kK)1Yf{-GF#dNo&Wchq621{4^M-(|5_wC<}mJj|=k0
z&m;;3+o8Pz)?Rq|FW%y6@pftV47Ph`gPRcGjo60VH$t^<!6Z33NwII)8f4$H0PI_$
zLhY3kLQGmLW^U556L1}zRYGMA2$el`k76P^Y1$+QiXYwi46#`?xmYB}XbC}LWD8-m
zd5@>yT|G&1$H4m{gQHMIW{k0l`l7Q*AQJD5TEKq;UC&3u&;n?xfPIbyWM=i-G^@~$
z$E7Nsak&8{2l~J$1?agGW=<c&Am>19!sv<IV2`wOz+ex7{bo@L`Y6P^k6Q<-8an%{
z&SdvN`rlFW`DeJ$+4j)T*<*j#!T;w2`q0@?<y{FGCt!h%&vO&KFP9{0PdIUN`QejW
z&J8Dpg^LOZ{Y=48W0MBb8(9Krxj+9H*(rzYhq7uCIOQ$9w!mqR8aMPuHrc*S23cMM
zL_Hk@-_h{NrNq|w{(0>_dIyv~ilLAAKtNFo#JRX(jxrYw=8)W}3lDzjn~;js?za84
zLBTJ-nV^~8ZJ(g%*lnDkC<L}vU(Vi~pdgj^is_}ScRGrRpo7J{gX$mD4xr==wZ#V~
z5T**GU0a@nLDkq{kA@(cp22xuGF)3#+ZN5Xx8p^+vz=QBp~gj>+;1HX9Nths;o$cl
zNF&YytX0faG~&Qgft~JX&_lcXa4k9+wg5Vd0b?wyULWqbykR!zqwOeSS)h-`O6IwK
z1AVmP^1V}2RKo>X7z?U!sT`O~a!DL1!Wkjq{THbHANY~?j~4-3`j5f=r}6$-R&f7^
zr@#q~`m#D-*r@1*MU(u)3*>$^oKu_U6|~GrKP;AQ!_&o@@ZU)BxL6}KmrbC89*qT7
z;$>&5GP?sV!Q4Bl!0tf*@@O+Db_Y#RP|=0IXa0SAgTxYB#nH&Th}E>F$HBiPo3v<o
zWvz*8oz=&=3M>IEg8^Pk*!&5OJ5h1)`d;Gav5V35KK8TCAvo@a#*44_nIFe~y>=lB
zchrP%Oz%%+98+Mio@1(*N*t4gIHvN2#4%aqv=`|i-`a#8?qm303;!F<{`wcFXSeI0
zCbG?uzu8D<cXl6D&RryL;)xGvi5B_XA0};IC)`UVGWw|R_n2<s=?VIp?_Dwp{wVd)
zy+9tdk<Mq4oX>lzNf{LWy?3!$jh_qjo}82{;4V3S$t8N9$dlyE1f=(|D!p$`9!eB~
z?}-c{_yr-6bDx7ku0!Or)sBICi7HPaafjk+7np!XL{Hr#6ncu$=EsajKM|D~agOP_
zhvr%Qp}Bx-@GIt7DBT?kDpyvZv}5VY?v3hgC0fre)KSOdOoq2Hq@i>?XzDdO-zWB0
z9SvQ5PpU$9(X3%N=LH%mmiu4bu3GM2xG9X~{&)Okmk9Q}_<Ryg@0w4R`=rX01dM>)
zU8vgYb0g65jzs;d=(AY|`qVvCn>2N1(g9HjJ{!o0Uu>ESf}^8wAW4cNg*4SG1RqGG
zHjs>P1L?>IlE(ecNW{@xd6Wi1YMx1Yj)uE`__Py2O|CwpzT{)lJ#FJ43c2AM_i<dr
z2l3R;x<OcJ5G#~HtP1u9G59uh5Z;bK-XMzkbM`7efD9VI06u^<p#$KaA2#s;l+))u
z{8RS~jsw`w2f*DPSMdRSRizuin7eTR7R3=njOqx2vzGJoRepGC(G+$PrgPSEraF#F
z&RWLs_u@2w-pXAzSjlBW0(B6zmBX4u4j;zyPn}~21YI%{=-kzDK6m)gTo3vi1qgZx
zf9<z*Aa1gN96o%)jRceAd5egj1n}f<rqe?n%(=Xcf25)R2mXP&d#k2%9enwf>EYN;
zKe3&Q&B1Kv#$H@C3ntMjTZ@V948clelWUPB{N8<SmhhHZ<zhO4Erc({@I2iJ`OBLG
z-@~<GeL}Rn95%V~a#+U_Gs5$(9f^1C{uh9rs#6?G{6Fg61U{y7eE^=x!XTWX=um3f
zhK7VDB_tIjB%Fx}u~bv4qLxM}N>Z_uXc9F&Ms>MewX|1T?bT`(rPWFVp{T73RZDB>
zNyl1kL_+3!pXYhcHZv0L|9-#k_ub#`*5rNObI!Xy`?6^u8|d+BHL(P)`$Lm;>z+DU
zx9&YA>()Jbva;^&CKHR>nx|i=GlJ4DOx{BjrhK?&YW;J#Z-R(J!>M=To+>R_L&<Q>
z{`#fgBk%J^8tNZeqCO(Z1%8iA<B$BZTldIF^^tUW&~Sx6?l+taxEWgV2^*tqO(9<x
z&p*-SNnQSlFFPvvCpPn>5~0J1!+vtNvP733R^DFrFy)h&-%+hskM3-C^riBVs^=v8
zNYzK|HA>Y#nEZ&W)laHE4%p%xldH1@D2Kh(4%dPl8>P-kQeQ}tkbT-Yu_7ZS<`kP%
zs!spTm`gFTF4O`uc(O=FPnHBT;}X3~fYiiq69&kPUCv00|08>eL+TrsD$TL$f@X8F
zdY32L&6ezc13<^Ez6O6IyXslQZfk@449TpfWgC)N>4e0)&`+*M!~(bky|hcvlks&w
zjA4A;z4P>ZUD+7&da$Zq52t64*TbkK9eq;#Zm(8!Q~6E^6k~tZAU`cMtNfEyZo>K&
z772@22NPoxp*ko=GoB-aNm3sGKbt0f3c^7eSSm5CpZig(r|)?E`a2_gIf^eZp1qV-
z-yto&;p!I_%}WQ%Cx}tbGzqjqST*ABb0|lg@~yIbG>F%1&Hk6MwDR*xX=P6y4A<<G
z_)gSS_%L(o&G2DIxjrV&CsCILwjdGsun2U1V;>QL==_KCUXY|~6#tD17u3IG!J}E^
zyyT8uepttQ-9MP9y~2B~<h)m?!m<o<sMLOT%K$7(szUMMK~%y(i5odJhf{pcd%2zA
zA%?6;j1vQrtJlNy<y=b<{rQ|-%g({oFT?|whz#rUcEPlE9?}ug5reuag$#)Y;7m*%
zWm>aDbz19N1en(I3IkxKY4Hqc)3a$>cC$JyLs~04u`g%CIZHr)rtyiz5!aHaa5Gp!
z$F)kIv<qh9{aH7Y7t@I);0mTY?jV*R4#l#KCrxA%m^ha+1VDbieVh{}81d(i6K;)@
zKYTop``HFg_I<TY&GwCg_@dc*9B_IR;ea?52mCgjaKMN~m<l**bt(+9UrXK(jiS)`
z33mGBwY+nuMS9)2O7X)2XMtK4xOo)O@Coy4rr~#S{Zpu1(T|~`CR%bRT&kDH>y~Q4
zcx9>PjMt}tx*$I?gs9@yZ91yhZ-_z_ZF2V^zJ#<rf8<5|BTa{Bsw>M7#V4wIu%fz(
z;A(7({O4dIu5lEv!|Ca%aXNbXc)Ok^PDnQmCPEs%O_{;RgO#^0A54TauH6mf*IdNE
zSGdaBA_8%pj#Tu02l{arGzPo0bPpU^i&=@$muLLjsKUB;TL2Z7W0P9$QCPhjmii(d
zS*)P=ukWfbmQvASUC3@Vp6hqKa>ZDmcuuPtPx<z6(qF+~<is?32^)B4KAgYgufqZ;
zv6K-U(nfHbHiEG*f<Llbg8vzOBv<|ZAHLsjJ)APCS_rdqvEtrj1+$NtGI@ITxZJ6J
zVud4=(7IJ;x>ua1u?Q6VcXJbZ-Jw1zhH7df3^l$qF(Q4i`nD$gZ8nD4;}A;`J>XWu
zO&pQ3RoH0OrflEIw@rR^3|~1AOY(>%(x<-ya*4sIyf{uNrxPYT4UiK8qrY+<#Qdwo
ziT(8eabnGsHaY!vIz(PbO6^X$0kf4ILa{m)jNDnnMYg(%lgF;!s_XS*dP}V07;lAD
z1TsQsdiUfm82o2Ldj-1iYQ|S64j9Sx7L2_JUCrqwFc@)2FB3%_ZH=9JKu0fw`gf)E
zWoT|mbHc?|vb=8R&e+Fuqc{&6`xq?nT2x!(yk5nn<57*$3S3qy2ds-nvU<XF^?&>L
z)c<wfWd8R)hIk|;aB>mupiflNfQK+D2~G=-6+#WnO)3%5EOPS^Nr$wroVbOr$hY>D
zi`rKzZs9Aa)wy|vXs&O(Q|Q&hT&2yE{mKWPCNBev;W%IGr9~1<o}gK@R+tt1z!Aer
z^+;cxNG7-&9%;*++L7MWy5=MO_FmnQzE9MSbU`!2k;d}XjCO=QtsLpcMpa=!GYjh+
zrc9RnUvntK2|!M>*K8bX=8*3hr0j1dp{r?`vm1&OAR?Fj#pHaD&6vDZ1wAlLbKybM
z5ybYqTPMuamEV7y3o~V#ssal3%PaNGO|ZFxsqE*<fL8eu(pR*bSu+bUu1aw&U&pqs
zY*=7-`jl#2mfwU&!Q#ygO>O#<q3OAAbcQCYZ0S!aCopxyM9(zPfrpe=pf3E{KlJb4
z{NJ<u-&6eGU-4i5qP-(^A6t`3)V`(hV{fI>$1rScacWmh+0Aoa)IVxgNrpV~J@#-X
z_2J3zfrjdz15<TrHhQP(Qfa{5mhJBmO9fX@zU@6yZG7EYr)(ea3w;ZFTzZ#!ywO@!
z(_{N#-acRdWK;em68?TE)MJ$PB(~qj+xxW!h6iSc@o=C#umY2#@i(C-K)lPD;gq^-
zx`gO1KDvY#tTpNqUNZUV5-fh??QNm}IbovIAb%qzWDJWb5*h9vfzf9%Mfo%5nC6}5
z*@@<z7A1-B)XQ){J~NB)`?L2kj1FlSmxx$jGa~03Vg0-yDdAi1-h8iR`f4%1*uwhd
zobY_WE|0klT^>X|b>ytE*EROvpa~d5nt(f>uK6A$c$ItbNdmhE9oe5X$n)ij3xvpv
z)w(dF<#S3-&1i^7j6hz3p{EFNcS=`{7#R!(red~_o48J!H7FWwK#Wv8brb2oxd;X2
z6|gg};s@<hd3z#n&*jfyxlPr}e{O5=D{I1#R;o$!X=?sdl-`?y3-E~#Xl&lpnWLB#
z&jolxa_2K#fY0=Es7Qp<9XXz`c^07ZIPM}AjRLYOgPqbW#PR8@!46gHXf`5SrOfE<
ziE+4q?9tGWd$`F3>K)ri$b<vGo#;JUV3b09OQ;=VkJ;&XbEl33MD<1?a|gk628$u_
zDigY=aR4#7IhX#)#4<@SSUAU#3kHem1{Vx$a)-9;rkPpTpH&^{&x<t33T5zESCS3h
zL=v)vOUOre=mtL}2?rm?CFE|6iG*d63r0Uq!W>gbLdKd9OEZWE&Xixu@YjXoffNb{
z;SuRBGGrkiIYP$#>n5Fpjk-!5<J46$2U?{boUCV}&IU7v$nD48^a)_Q9<e<!THW>P
z6m8cZOS+|9Us0-CxUPxXuCs;9uqq3Ow0{#{IO}Ah{h9LkhuB*AsR{x}^1*>c_Jib>
zvi_->@yx<%#bqQV4r+i^2YlHojoxO;yN6YAzq~blc>L4ts-wrUK16@(uGf*oOnG4+
zl8_VSx%`>t?3uE)cw|e|qw>@+<)}P9%;=%gkH2^II-Q3KKGU&}reeRVkD}4Oy^kX1
z4^s(RFo$N!^@b7Eda=1W@H4&X0|V9>2EMnq^2TkwY2YK9tHDo$oBPzyn18lH^GCDz
zY0i6h^r3d|)~k`)x%|!3{wbDUL1AtZ33G*)I8q5wxZmn7fw|wdT%L{dF+TIe_*XJX
zs7nmQ0VhJ0i$0nXba)>>B`BsDRg|D_ZPi_bjy*IbDDbt76dfC0gb-4B$aN>uMTnC}
z4%L|8y5H-W;FC{8(aee6zl|o`u#1Wx)-_U!0o-edA$~eIu)>!+;8l&%<_=hciR`(C
zxu+&;b8qB7cY^|WS&44$F$wy)uT>SmA&R*-y|X&_utq-S-k-s@$#qt*|5ft;vjM|c
z)nTey-t=UHme-toOIqHOTXee7obH;I7sjq>dHL91xnCXo=!QOHzdy*R;pN_gFFxuw
zaIVySJlUYst>|-0O5G0nfp2<1uhd;jML|*P-hu{xBt{+hmM|RnUF_$lVLo#x<XY;5
zMlJQ8k$!WaTBM=*d=9+)LJ0qJC5`nnWeywo9CURUU=HJpb#thQ$2nZ&WH%~IxilD=
zo)k>S>%ikgc435a+d(86pz75&NT+&jFi25cng<0kPJdxSEp>&TPh_j6#N=YkeTba@
zFfqA)IH_O~348Gqf%wePh|g?|w%mraCDK$jJ+L*oN#N=QUmBWQU~`PAY%D3LcRT?f
zjM6?BX{2^PR1&odkso4vUbfAzeqyLs>ChEAlvf87Ketw@<S<VDW+1I*wEXV`q7dD!
zDpgsMKoVlbr#h+<C(le!f_10xXX@fJrLtGh9H?O9Mh(>M;^2Y0T}&CM>|*zUdRlow
zz9WHTMmUD@T;<C!40D2}MgNE0XHOKw7q{ilo$OA}VKJ({`sa3b*Hr1>_&xWZ?mBt5
zk^Z?CyK7Y#3cD+mbar>HZr6g5TQMqVQ~U#YJo4B9JRTX==Z{9XE-~jkU-PAn?M_Sk
z_9up=y;J>6)9$pis~XYLu4n`zYNCI9vgo=@C9f#=$|P{1M$g8eMZhNf!By^SKLM3{
z({M^tz_r}p=rrzoki!vO$3XMj?h8;yGC2welq3FZc5A)A=E5|^UlaXB!^2f~%}#wN
z8Dxh1LoE4<!T>7eVgEozC!eqLZ$|KMu31ChBzAy(vjyqb|B!8I2LDvu_rC27=&Mz@
zPohK%Pn3wcZ0s;>s)yxtNIhX`uAnD<b`OS(b}(eWQN(pTj&!;I7%FGavnb|39MM_m
zG)&j29qW|GhR%I7qi@znGwv3AG!yyD#hZP3`Yq@qeM4H<30rfLG)5ouf8XQ(zIl=~
zNNl-<UF2yQA&*<4u+bxy5H}he#yQJB<kxqYIltVK1J5*2RWpfld)~Oef%?RF{zQhn
zv@-$MHqd2TdX6_PYfyW<J}ApU225t>AS$mH!{?WfS=>d1vYc4c%Js9{dG{SAS8+^H
z!A_xIKSonta<;!J=3h+|78OI%@w|Cv_VC(JvTU^1pC-8a1@l5EGU^d1M|V|}ZgWU8
zETYsED(rc(l<}oWgY1s{EpZOl<+Mnfqu3LiGNA<A4ARCF^_4=NO>t+mNhvH!5gdn-
zimO7?BI`Sf%UGXcLm!d%*^yLyH55LO62FVw|8Xb_Oi(d=t~s&1)RNQMDfMNaEQ(8$
z23pdjdP(I;W{XfT9WtjSEn&cjG<F<ptVgD?#~|p@hIOzqSgsKkiz=LCoDX~cKz2Pg
zsm!u=teLg22e#yvwSYcs6ltz2IFP2wKs+7TkWWBc_F3iob>RD+#>&@Je+-A~Qd*?N
ze+`moos!r(IpePi1>dsO$FI~EA<i6Jv>A5M$C5V_l~{89d0}fTMs^d6&j(K^r~FXm
zQo<Vdj5dW{!EvRyIyA=XlYcykErT^hSU=pHR9<4qX_O|VvRM_g?*V>df3f-Og!vS+
z`LI8smW4K-G}jMlk#{+Y&$9XKruppbD}_Iw!o(6bp;K&Acf+P8$A8bHAz+0hhcyk7
z9Bv2(&k^>;urz5n`(g>^zhb}H_m05#O7MHb+4o9x-;2D>QT!+S*a7<3fxc3!mr~qA
z*td?bZyii3t_)3yIj8lPY)R#P%$A(yY0?<Td>7}5($Al@MgY2H-`k4c8^gZ0RsX$K
z;dH8x&<BsO55Ae?o(LagyX7gq9-0*Yr%*T#9AWZKwn=fFOB4Qclx?~NrdbFjdR<;e
zz3XCru|1iQF1EXc3xFf)&Td<FM@R8#yX&yCUKuDp&|w)eN}?qLFfW|{!a3J?P%RpA
z9j>j8_CJUlE4=u>d5-wqLcwnIsXQ$fUk?`J_lYi<!U=@rV$t1&k)TUraan@6ksk31
zqL6Y)G|QsU`;u5#4gzsvb}P{}6xhXte_-PBOM|=M_u@oXu_q{ICl2(Gvz{!vLdw{Z
zIb3_@HpR5Y2SwLUPS@{p#vt%&_(d!{fJ28cv7hCt?p;j%-62shEuIUDrvzleTG$>u
zgXS_!>4kG$0%`v_jw5X&mz58+Rb}NdQznm9IsdP@N-2Yv?iBM&Y=E`W$^B;6Ad(j|
zxrd4cw1_6sBBG`#3Vd*2JPd7$+!2TB`kio+f)-r5L;BEfol7?_ci~#<>(cF5r;AZN
z(ou8ihN$f%#gP>y>R8TltQ!%<2}A?X*-PYBElOgBXcn_5cL&C8uX>=1=`%Cik0O66
z=NMBdj`>G)H=EqMze!$`qIXzXx=6_?h-IKV4^pxU{%1l*6PA#^#2%c*MkmiSJUB*u
z5KMA%W%?DbXB%tpzX%;%-fc@k4jH<t&_6++cUhl%sZYx!r4N{=zIq4xtYLl1W_bg0
z@SUijbW)zfBuCC?@9L#e%5!~G3y)Xc7tQ@S{;gv&GvtlY#AK$+tD`mZj<$po;=3U0
z857dew1jLSKxFEW9vsthF{CRpq+5)sxkQF^cLLHa#?)NwurLHDMw*QdjrFCF`R?>K
zg++p6AHzX0McjWws+)wbWcWuUyy}C0L?eC`eei3f*}=Y(LLVYxG2e$^CdYr5b6c|T
zpCU#LEZ`vdJX%vq#4(k$t&b+MZGEqgep?qk&$iWd5<HUdK-@i$Jd&0^j_ylOK94(B
zau1|HJ&Ah@U2%J_44|%0v93$Vo+L4{I?v*augZ>O%(}iFFT0I)XlFNUHm}E9)(z_M
zI;1<HM0`W`CbavM9bnC50lESIlYcftbIyrVnHA9DVTchV-MAuuU5<{54L>)h#CRDc
zC>xI2jpOo`9~dIu2K7D^+w0s;_!78?N$bqu(_#mUZGFZJ7n?N0b&CwpWZlDPK+HLa
z{C=f~o2G<+6<dm-dI%K>JC8`^k#K7=LvvvZo#73{i87W915ZUZ8c&n)OOn1cL&-2_
z{5hfE127Ls;8JhC0LhkYVB4{CJr+pr6d%unSkgf!`Q%o#({04K@4R`zrrgi-<^?s#
z86bZV-5Tbdh%7wY^CuTSXp*b(OjAk#NGeB~&J0^C6B`F8JBNN7Ok2yI_>@iD(-Yq;
ztRHADFSh3}mZP7Ydk?Jvv?s=26bfPT<;9kqyG3ArIxAnSa<eZkGJ}bZ4L7W;DTwP*
zzX;&Y+3hL9+tZKTo}yflF_e)O%wk!rTp-M&5Fo)F<gVFS4XjtcAhEO<tbTCSL~s68
zi|{Nczw;~VWjD&Ns4o=03)v^O0@@$DrZrSu6aK|+$$Bpm!(<`lYW?K!214O1L@==n
zpTk4`RXy_2i@@YVaLgkGh>mj7F@Jt+M=Wn*PZVA*64tYAwG<~a87>SC1RGUx@d;~^
zuzpYRZ<cz+>_=(69qjsL7+nb6-TI@Ldvvh=5-#h;zpQ!@zSW;T+H5Rd!!rv~wGOc`
zs;SVy9eX#78T`dd6p7{Jn2!9{VfHI<eF6)iIMK`g+mCIA4I-xsCZm<|Cx`1ATrX4_
z^2`sT?o>%GxadL}LCxEhlU<8LmsG|I`3yd|gC|J@7YrYxpGBV&le{w0O<GK}KK?mW
zNy>G&wU(4?LM|K2^qleI)o~m~6tIHwo#;cLQIP@!zAjWiVnX`<cuKWmQ{tahvg{Mt
ztczlnyBngI|DppT*BPpdVt%-X61h9Dhrh-yXRxoQY0iWGG0g!I9W1L3m{8D4ChFM_
z1*o|+{-K&RY}2>`%_jfD*0gMlUwV@<YKI@7!%&|X<tYiuOvfeYbL0IXr?l5}Q1R`3
zvfo9tS3EH9Y>$Q?MqlwQZ4yZC{qR~3MHsfol@X*FdWkiTU!q6<R;ScUEy)PNA*qHY
zp2%P<`$~prvA$M6h!==3IH^C+e)KL+j$mY1KvAl_dOx7APN=fN-zZgaeHX?q$a+#A
z*n8e}%$sh7m=A|L4GKas?pP><4CctHp>u;Sz3$x3j3DnHpvMI-ckZtcWW)q7_9INt
zAd}tZ8|VWlzXHTON<pHOYQg03JLoz?K6Z)C<f<j-4%}qFLszyB!!@souFK`U&DNyN
z@c!%&r!*_V;G*?#OBD+k(n>8t@-@Q}C|iPscK-Z*T{-=!<+589lykPljg!sXZ#G_W
z8wEF(rD$0WxF@<Dn0u!yQ;l$3j^7D=w7((Ufshg?-ND)$r8{`)BbBeeA_w1XNO$m2
zO9P^CaYS)+pbk+)$1B&TUA(^odd`ypQyrYlLn0O5QXx_bFP7Apy>em-os!cdI|j<Q
zG_pEi3ezu1A>VCC&F1GxUL_6ZcD5^JBYm*J=s0CM55?(q+*jmoZOL4_>^0wv1+Cj^
zI_}186|_*dt#8Hxi+nj;$yji;8~1;zP_aaW{6o0%@OR;aFCMGt;cM?T`g7YszO}K#
z+67rg?(c=N>tAw6oe*|X$?sTo5^cXvEUpL<H|lZ^?11Mo&8iRauS-Fz%PU1n6y*!f
z({?pKxL1zrX7Hb;&Z-ObFHv2PZHxouwv8up2Kog~B%(x#Ipgv+VBM5#ffVW67(FPv
z7;I9~Uh_hPH|@2ox`($~3k*c;j}K5;tUTpD%J(py$=~`Ugpk`V`SE&%f>pYCgM%;m
z@ox98FW`jeC0<`(J9@bH>ywudh5o#Cl=1?<)#%R4&enFh`|VxnU5ZcdC$;$W&Wh}U
z^*(I0s=(gLKRwU}omhT0lM{>GplQfzrny*889P(OKO=ceGAxphVV<V|eKd(ufPyN)
zDp(m0FElnOIEbi5XnhAE9ZJv^x=S>hbPUN#6L(voa3QkWY$p^28+C4l&SE{UHR2#y
z!=ii!A2bcDD_O%Wy%c#cCp?#QBp)VnD`^%(=2=((x{Ia^AtxlzhosU_Eo3tNoR8c}
zrcs-jkDMZc$WpbPN{qtDJL^Zjtrd<ugJaKs(AkzMo)Q90;%IhhYLw<7d7(3z*r1#I
zd*>=G>5FRI{FQ;q=5n!z$uWuM@S=o7p>P|f$bLlGY0g^Cy-i~+M|EPWm7O&~b5`19
z*7h4+oyev<vsZvkCXWLsifp6BI=T6}S5YM0o@!QHme%qsh7L`~;RbeytoCC0kj-X7
zN8X{36hkX5s$RYi@sLC6MtA6&tMtwmPdhLTASP}nUvKo2yGdW~ssATmZ$?PYI|DGI
zhp}<E*7&fIx~!{GLL;--E|h%`*qL}y;B4F7{IY<ZtX7Cs3wYfRfw||7im#N<daG0l
z7QJjQ{HM2Bb$`OcH!VhY_{PN$#fwt--#f|5ightoF42)ae74=43faq*Ti&S<HtU^4
z_L?Xq_Bg$3t*gLyEt<XxTPyF);rTx<^-yfsyLo3!=y9L^!}$0ot(A}cn|H()E#NQe
z#9rii1O(GpcIf=5XSCM2GUI#xS#8#y7WvZ`FZMv8HbZ%qch3F9j1+m_#U9EE;&WF1
z+y>UJug?LzeYz+KB$P5)vbUBj|6<NFj5)=0x<#ms>uuC0^d@~mq*W~bGkC%lo|H!V
z9O;oeA<t3#M@WBnm!7D3kZj}y?D|CxS!Xu&mlD)Ou0@<ETI7${K{lPO=_3?oegC~A
zyWeF{pq;#z7&42>u^;bFyx7A-J8II*BkO1_wqEF=vu`7J0)8^CJxQ*g83Qi5Un9R=
z5TIV4R^>J1@&CDzp&-We?9o~v)ys-UrB4P%3pz<9Q<2&QZ^W3K?Jpu1?nLbwg%UW!
zLou)I7I|$49jBhf{U;d)USaT?)O*I(;iaVHcy)9w$3iWsag)`-K~7sI_XX6PW5+Ts
z4CCf5yk6U|T5H29P#mBtl#%IOVRde=e+mY-SIm71{(#9kx7YVOD!z<wbqv6YPswBZ
zV9M@5^hH`oXmlpSiyH`yCI!HYi5xH9NT45PKuKzut6zy3|F~bx%=i<W8IQ*GE*pW&
zc&YsBR`u@T#CAt16WbC+C@Mxhi^~}ouNDcl%jRix9owJd*u*Q(ZK1K}(^@DTc2*0L
z+B?&WCqyZE1vfuMZ}{V^%9&@%52(*Yw@@<Nzsfs)%R1I%-$s7@I_Y<%Hl*2|&9#>A
z1(Sbf2i_!`DQ2N%{@2_+Gb!(xL{m=v{Mq21nH*~Jb<fQ8%N{fkIza$iK%~F+ppa0I
zWpl_<1bjzw-2irREI&Esb!6n&Qw#U7rwWf?o?@YZ^0g!!g^u!r-MX-ul=8G-Ozd#B
z|6MFRFt-6#jXooH?0UtkdU+hOcR_B<3jeV=+#$y?>9VdsrLcGcy!~6ne3!zg{t?f8
zpzm<qhl!vWBWl6Np&lU)b0Iv*c<l%%$>wg3{6JQQ)BKOKJKK_+?dok89qmiS4VpEv
zR49-`z_NSIQG6}fk$=tXbe$0M_nA`NP3>SwjQ>k`?iIXM`<><!LjH@m9%Mxn3J{_g
z5!1TDI&ACjnsnNPMM%eni*p-Mtv%4mwT;!S!@f3MOljr|G?htwIWYCG!=1bhIVd}(
ztkf2w3<@q9?AdHU&rZS1@x3~xLXc#cL}D0*@Inr#XXf)-eQe)7^;2TJF^q!ZCRNMn
z787Qvjw7CtN28|JQymhIHPNC`brBEuaSzs99}iaU5E>s#`U+$#T@m1w8s~Inst$_8
z_l3UKm)Pqi^k<*Gn%Ka-RMA0^yiMs}r34EjPupJCIVe8VxT{ur$i0b&8bBf=KBuQG
z>YQ2!p3^igIpCw9!Xe4w$u2OLRmkN~YHSziUD*GpT9uRlsu*#RW^$N|5oF;F?a)_~
zD!2=)S#@D$6SJAM`bcbIXJ6APVdh%9vg373tzpFGmci}DjW#!<xxHCeo!d|zk|2IH
zc@*ZHm@c}~+wwW0%~~j2&YAuU?ns(Wn^w@7i%8l&WzzVcA3)=$_?plL{Lfq(cAnx$
zx{yz2p;@b~#HQ2wHQhd~7P@MskKCbO^Du;5%5ZR%PukUk2pNn}{<R(Php;d5-gbnU
zbLDOA0tiQiM@%F@a6@QjE2_z!Nq-J%g(b~*_^F__lsOQO=fb*X%I)tX&r&~hTJU)#
zlCtB8HIuUExua*MJeloH+3difieFs|*gV7FW7-UxJDSQIL`BEe^66?WB{Y;T*I}Q&
zK$hm8M>|Y%@nc|F>2c>6_In-tCaQ|7{B&F0Do<#utn#R~M&Hg}O>{i=dj+bmrB`m-
zM9Ul0q6uV303S^|*O%38(iQiAivE$m8Y_=v$Y&ZWZ2Yf{6;;_NRbbfBxGNH_T%ZT}
zrC5V`YdH94Udg%O>Ba~5USm?q)i2Ol%X4K(ef9jt#*%ydpyV`B&PdMfK*K9f^)Sh8
zTk4KZncTc3nbeP+x-orEcaC{F1i~N|mZ9GHio<nnyl|oDvM{f%SlSPFG^MaS+cCf$
z^^b|)h=$Sd;u41|Bs|p}b<u%_BVG;4RSNd*r2J}gPNe9%4loOt2MUYkJy7;HT>c|5
z=k%@NWyg>tZmWO-sDH{kI$iPV;KJg~NaF{_<yVAEuN!lq3<4TmTju}HPU1Y*_TuwF
z^Utuu)J7~m6FOd)5^6f{FvWP;uZDHlukoTVdH;A}>Vag|(mDiMgeh&q;9uQ(ur_(T
z@ORmG;fFuj?~CJw=|9<7!zK2koc;LWAGRJ{y0agb*^lh*R`zQvo2Oljug=*b#&5}P
zEl&I^Lo{C^{{qn!c2M+g5%Y^P#Q1$V7ey#QI1~A(^N#k%pd@8+MX)G*voHUzUgiU0
z{$F#!+Uq(mPwT)s&99!%1~q54=!yz=x@TLGHbH5`G~mIGdZO5QqVzxD-7~8r+=;_Z
zR}5B0$=_yi%)bV-N+{Tf+fl}L=$-*mmwQC%Hb@H9y?4l*B2jA0Ao0CJ=5BYo%Em7d
zU5!O)&_y=h3f4I9qGz?}?qd<-Wuc%1R^N5p)5So~U6o?{U&Qu5vo*l1k(Z<RFz#}=
z`_Y5XV?QtQTaPoDumRfSyC;RrDHf&Movy3!`S01kkdMpv`|HJgPac%v^fUnZOmx+O
zI*wv|Rd!cV>R%yB!BTn%`*8fAkh#CJe|`KjMOPzH8o=JSy@K^%@B5a?jur#{?D6wR
zhEg7T^oke0kN%8i!^I#MXSfmV8Q)Riw_$SK2h41%ys%ZmqS>%P?#X<soUn1Oe>^dY
zy$Vw{mBWVZjJ)CnuTNLJ--dlj8`j?))o!4a(9R(>Pm=0(4}$f=?FyQ^lkFC*hqhip
z^DcQlcewkq)j1>-e1Qk$iYI2g&we@E|HbzUxb!~CDENLI%6>-MD~Hr5NeT(?Zk|)h
zcPeP^kL(})`WnCgr6d1*p2w=Ihgpa5xE4qJvFx@EX+VWTsw2U7;~URC#r|2M-=D_p
z`Mo~dV~h_AQss|CQR+tM`hhCOX9ki4oMW&$52CcobrE^#M1fR=1x}3w7I-U`J3&zZ
z&NGPuSUU9X4(vb|9szH;<MN)ST~I)_qLkd<9rAZ=qCm_!CJcCDHGfRD|B%52_8ed0
z@NU-$1dJDraKwKvxSOHsJ2%5&zToUWmI(ygRDocsqy1LBK(JLPs9P7d_M})`6)fgg
znMKzj5C}wfQ=1|Xyi5XtXg(z5FVO^oETQ0Ky+DxA0R@6I*PNql<xat>Ohti!W0|Jy
zb*r)YHV_ET(o`n#MS)>v)g};V=ZB5w*{KG3AWJBGlH>uyD1;ZD26^CF+$azQPB9TH
z*oh`t5ZQX81{tzFMuMuhSPpiy{}mix9p<e`^RM;kEtmxNu@F)fCz8lepIFe_ug97w
zP#Q{zDuL3B!?sV-bn_ML(Ij@_yo!m_N1+o3*}D!Q8-7e)_goCst}Y1QflW)p_XUyu
z2y1OLWSu~Na@5w97cBSlc~}w9=K(%K`u$h%&6~q$3PZ0cQ=nvRGp13jw|zqPI87PV
zKZKZP%8f+2BjTTvBS`46nz_(32}&wy!O&LXp0D#zG9GC54*xTPm}ZDKGmDIwj^ppw
zMVtXMy-(uIw8&V8$3nX5GP^FNcz3od;^u}lrTJCLl*Wx61%_sj23m_>O_?@!+%(n%
z6I5rmklTK8`Iq4?k<I6cd$~AgR`vQ8w4{(YB&s%O>Ja)TxBu`swAp-$uhUePD^py_
zKcovtL;KJ3x+%^J?yAfEx-?uiD{`GcQ+%gVnc|em>J;0s3Fl^yn>>BO6vGrZDIy;K
zGLQ<A@}6r4VK1vN!cCc?n(z%02`h8eL_M0^r|DeOqlB<+6ax|^ezgX1KU&Hyy8{0O
zQI98tH9xQOqkTE3t1emW((sHRA31N$)mTN&n-pAwoF^3isfc(%q>ap_Bl>Pz+Q`fx
zy)3I8(M+1etU+Afqd%+o6mx0pc}kMog?vs6seK8bQ%9Fh-rH;@d5<T#%?cqa7+ikJ
zbL%pb$oJ}fT;u~ibD50`BPjpzKXTDN!2iJHA6xhzXm?*{tJ0zYRe7+&C=aGLBBnl_
z{!D6w@?eEA4Q?`{TJB~o*$RIPC{OO+La!B%%}iDO9lk1ILYurZ939qzg8OTZ5PvK+
zYkzd;p?6)Vj{@D@rm{;0sW1$i!%b!H7|cWsvAM0OY_vgG6tMYTQ(4Er!lIYL@4MY!
zv#|IZN{4F^56UGKv8J-UBrkqAgfVn44n=wK{80A0aOf2!nI3LY-`jOt6o0#Ji=uAV
zZBd)sbz9Wrc4MZ!zk*3#8~(H|ZQjvf&5*P|*qCY0D{l_&ig@8({UaaqN4Rn3EyGjL
z+r>Y0DM$BIw)zxWmc|A1s73fABbY?SIC%g($|s=az7-1p#r}k<=WY;qeE4Oazc0Kw
z&)?^nNSSco<)f(zqS1`ekLFAej0XM1sdt_y#&aKEaa_HvLCToEV!u4iJ&iqr3M_q~
zqlwDq7-ZUXlxg99wfl+5w1XPxj(?flyFnMcd-WMCpgb$R3Y62`yNx@wCzBq<;{3{D
zVR1c_y~-IIiLMu_Xq$hv*YvueUp(Tuzqle)9COI&4u6|S@gH*AyHH>3a4|;B-RgCR
zYb3+1r7_6I-(?35Ix3tsTGFI;n!~XK4^Nac*m?}q>fI$r+QC*PM%qNPM=bUPQ#=+r
zu7Ock3Y!nX%%+1U+=JS%WA4~rT*-#>T~fV}7Z`V#;fOz%-Niv_&xA<%4m<i4pDs_1
zG+VNl!~1m>xHsT$G{Jcmi;$PiPx$#Io!yUd7#UKc`n;T}NBV+Kf2hG8kbgEJP=@0-
zJ$D%MG+ZscqozC!f0_LZ0scw%uA7mO&#oI&REEYXCidmQ+ZyBp?;#X|i0hQTSdRaE
zO&NEqg@QNu30KFDp_RG1Y{f$1dNVKfeH;27b~N4xL*?(rO66}&zVR&q9yoFGA-r)p
z%|RA|ffZ)6tHRyXvm1YAX8RJM&(DTwo99q%M>tBM$Pk|b|D3HcMJNzt?{Y|e6CD$O
zh?AVw5D0-d>2ya~nH(7{PAtm+-)E>#%tVV+X-=GB#^8b7yF58Au)k%TkH2M{pTA|r
z%}-e<Yy(Ikzcj-cf1McnvN$xA#Wwhn)Rs#A=ax6h{~S!Z!-%Lr`Jd}S{^z!a{Ll6L
z@;|rc`JcP`=6_y!UCsae7o#6<T(2?zvkhgkdy|CqlfrF?NvA_p+4kgcn;EhmrcrWF
z8@gOOrD#A;4Vt4XQ{ianDXi~nUTGH!=d(XnTC*D@<;@K?39c!@ipiGyy)3vGYcjZ0
zPn|YSbE%%Hq+IrK>a=mMv1++_9niZUS0%<obm(-dsWr4b%HYS%ost^kNBzr_VpRf&
zn-D3TN4fmmj5|=IS!p6iPb(T|$*+`qZz^(&(<d>8mg;y8`TE51B6{ep*C|IAqyMg;
z#OS{!1j+~e8uubHdceJ^_!b#j|7E7Szt)^CunD?Ah5Vwb{E9l$?{^i6?uH)>W9*R>
zR?H68F80$oCgfR%d7tMl+^3oC7!SCoPJh!zNWb6-V}C8H!|P=$u_*4g7?^G6vC|PZ
z8#^6+v;IAJ*g(U~XgOp4Y<|XoA;ZugwRMP+*ckE<!A<xU*7QhAUjMx_#xJy^&fC?_
z&3I?fw923I&JmphRuG(dJ)rB)eq!EcMZj&1)oyDS);JCuleES})|ifsX<DPxct>s3
zN;bFS=h+>tSMBRs)R1?u$lpSTYCqqjAhpBW(BU#(`q=gl;^dD9E0a&)lP`kFf8K&7
zA9+6&1G?>f3P*47zUqi$myZo1yZM4WswWK|-7{gz(fyVGvdCMQ`~&=>-t+!bl!?Ha
zzXG5I=dzo@>$>ex?e#YKdEO^ZUJ^!MvuWTsd7}D?(eR6bukI$dpG)lDB}v1Eq~})#
z&luv`$IkbFpBc&>6Ea^k@9>^r!qIlqIFlz<l<su6s!3W-uyrvB)?mTf-zqd_LYioG
zxavSGb1xtY4dvbDE+!8np>;%8U38ph?8Kub8oq?@3F}8$3XbG7+uqLtqyRJKmwMA}
zN!$BcOa({a<SNfC$*&B`Zk1nY&Td?IAg2Y`QQ462-6f){8~d+dt;4u9_Jj24|L6B#
z_KvOT{fw*06&aBRO`;7e`np5M!wErB%o;6J<`)qwB>gWf%CzU2coica3Kj>BzIRb;
zB0MD0B`IFsDi<+#I$%Bv_&aBi4`L})DKZgSp9(4BgZiT+AMsUtSkw(5ZOZ%N?gP)K
z+>#sEZ=`Mvw@oI(1d%XoJ#6MQsb`Y(9GG_Vi+bi)^b(#ufNW4-i$fX!)v)v8VUGU}
z#ge4+La8Ka(xwiq*Tz=RRY=~Axb1U$l!?E}Ew*8A1Lm}t@yZa#_3Rw@;5UTYTR+l2
z%|z=7A7URtBoA+KxDLr#c1Us2*P0iHVD?!{C``BEo%Ho$c);-KuJD9+Tfna~#yNi5
zwAWy=3SKlaxdwXfb02;%-iI^S$NJodsAe_ahfUR;YrGEz{sC>)k|3;4vI0vG!FF|F
za(Kh-Nmh1_&G~UAVQ~XU1p&%8NbLZcW$wr9?x%3Zlh^?Pe=>evr6dak4}w=1cSoa|
zi+$u+6Q(U2JC32{+%(rUXMBZFI2VYy>Tjd)2R86gv7<AZ2g;0=Pm2Kq6>2cyV7oAr
z{smH6!nqXWdqTSM0@YehzvW!QA$Ksn$Ad!t`4GXc_Psx1fnbbAALu8abjF_$3a^-z
z(eZqX7<CBoD=BQX!#4-16O5K0`$OfCY*BW6e1^__T4gkp;pqJo6o&-zK)cICYL+ZC
z=Ck8Cm|b{zOKbGm#eQk7Kb-Eiwku<)h&N@*l9ZZOkm}k?wM|876DmVVL$mB!XY6Lv
zck2N1%6dhk3YALTYjMO$-lkjms4>Evyg-zfvsN}5Ttpnh2@@Z~K7BVVfhAGKTN=Y1
zd<-k~-N4QYV_0s|jUi7P1GH;C1o%iPU&{!!Wxq+sX<-ZbFANR0d$+*OWwJvJIL_YP
zDl8hph;CWOAbsI+)$?xR^?+e8e-S4UZ66O39#n!>d4#gl&^NzFQ-Ym0!2TpyMH_@&
zHoz_r>{o(S7+`-BtcYOO4X~>OTS2fOvmRD$($6Xghu_jvHjRe=6g_g$@Vc|~x(5mN
zj{yc*2#x&9p6iNl;nCBKfBDvr!TDY7un9UG^y?s0D;?f~4kkYy>MpgzEa=e0uR{~H
z!^6-a*snvd+93`){Ovb}6W5duw?l{h*L*wlQD;$pigoD1{$!}p1cmP#GJJ^)Z-x)U
zOH3E~eT-)EOUyY>Ykk|uV8s_?NHD7J$d#h&MTKdKx)|#d+GLY$9GWZN8B8442PG=U
zl`CJppgerx0&!f=l@P~u;mr!Kk3P*vZ_e*A(whZWbo2(5+?yH^y=lxYQhzKzW286E
zid&#JXbh2hF|MGW9SF{279==fN!$C`nZR0Clo;(uv``L>_+p`;8|xrJbof{<TBf;k
zY@Rj-eF*r?LH6eEj8hQ`LM?zD|4wtAhr7;T(!(L_`BvT8JF;6j&|^Gq<K3M4Gu-N}
zPBqEnZBgLFK;Q^2fTCqYmVS!`O&de%PmZ2G(FyVFV6{>Mc`)G-<FEF$BK|7wtGdV`
zDMBTqkg=;BsmMJ=%WvOzpGm11fpzbBeDm0FH3Ca5Q14n{2<A}&cPLQ{_ZkuzQRLMx
zKwh0YzRIhl{7-XTNOS#@<~qYD#rcbzQpgIHKBS`G3qs-5V8YTxDwfVE@2uAKR=Z6K
zCM>;DkEIuCSbC+2Q;IzOQ~iT=VllQ14mO}}*768cxL}L#kOndqFhYV2Gw0lcqO3^u
z?Acb$xX!lf>*i6WvcW+n&d=%gN|28qM;>GRv?+{y%a}$%DBKiGG~6N0uqnI&FZ>BP
z`)2<Wi-U>wU;niM*I)O=M)H&N#Tiqkjb&dH3daX)48ukKp)5wqTY(Wa`U!4?RaqE3
zA1V{mP=2&3R$~x&y-b^#4@Ms!rNlxJ!*CxhlR`AvQcb$XmTE~e<QT9c?tX^CCx~X<
z2ED|0KU(DzX8cXNZ`XHwFNk*ErsoqXwB5HUe8NTj?t?i?EkbeQ6WGD;1YW)z-~<i}
z`fpBPLJ*y|EVZRCZ?UT_=`>D^h!P4Qxahx%iV_MY;-fdvoCpO@0IQFc^?=F^T;uO3
ztqVtsA;VUtvZa)CbL;J(i^$b<5i?lh>f4b@=jo}mXC4E*N`Qq1@?AireHOvo2AGRr
zj}k1)z(qh23L`x<sRZ-PQAQ6hRrwOkW@?9R(4meWMXjTDSOFcb_`TsumC_*}I>>>8
zygCLB^2)!4Yqq5MjrpwX<~QcEGMe9*&q`>113rtv>;$W8fCZ!E&?AIkVFsARZ)N9I
zD$`!{E1ULI@{28Pc4JQMKh186Q|qrTcxQNVg5Qp0svVj@he3WF+-iqQM_7lsejVOZ
zJM4oFFZ*?PS?#bIIu!VIC{Q~rh7LJ?9UfIr#gouspx?16Ry#PM!y33%jHf_WElgq6
zeB%%qgY^B2q(s}!{`E9b)o34{VJ|_BUKfq_Y)|67I(((-*5C%pv(CiwsFkVsi+3Nw
zyH{;gyJKkIh^v)aSl|Hm2k79&z##T-)WxfZpCMLm(?;XhTH)iMs|(`ajgTu&Q{N>U
ziS4UcqQ>~(Cl8&D<woEvdG~2$v|COir<v1GeRoksr4~E*at|7RcmC3UvzH2ORQ_=U
z@{iw^82QIx=NSLkgY%E*3Nk0eS6{*SNIT@_H}a7o=L7PQy7>HbhwE=g`)d$e0uGP)
z6^(^OA;FZp!c`>}9uNu!AZhB)7|5`2v2+`Fq>1g18trHMWi|lD<t3CPOOB9a>7fu&
z8di}k^$tmi-~Ws?C4S2@cZgC0&v@c5QsRrB=`Kpao_30UBN&<(fxk_3^{w#q_4Ds+
zAiDZkJe^ek$_DUC>OY{u)7-CrcQ)D*hxdD@6csMIF8acy25guP*V#1lS+bu!XhPRa
zwnFi#A#*OIxu2;p+6OBb15(j_V91=yj`-5)jU29CqRZ-8uhxeHWykwWIMP<qDlGmA
zJx8iB?ffAq*PFks!s$AXedJ)#on8&jdi%>n?+&(vN#$EDLg8<SioRof_Fj*Y?>Ei0
zYk(`{h?sxDEId03`TdY8hwG{sUom%x!&S-F(J;RO?yv`ehZ!KXVh^@DnCAM<!PYlo
zpgXL|0O^rkmI0D;mo<g0K}z@jA<yiC{y=Cw-*bIl{LY*PPATl5(-pSM;o9$rzbY)A
z0oF+=J%pXtH21?^N3o|@nt7MQyUVe^YJk+`NJ{*$5Wx-kJqNhD>`HSTcEnfB`?0JK
zx(igKx|)`V`DJYU%Wy%PviI%~<9EzG!~XRhf2unn1r0`0Sk(a7NLPgzU;0c$e|G|F
zb5^mFHmAxe%?nBDJ~QN*{m>nUzn8C9vXmNP@P~ExW8;;3Im{If?+(ZQiUCs7k`%Vn
zf_t<V_N-}@(^cw--@(Q^1TC4@>OIrWPs6CbFXn*g3ONXAUFQBGN_{KXd4h8Y{;lAN
z+5RxwJh9lzPJuUg&SRqcA+K2cXD_Ea<aYXeO3Y5rJ%;%<O{4iXJvhJxOS9j}&Uc6Y
z?xyve($Ir!zC#aMrNL~zgK@r1(+u;CIRKf!?h^A$tHu3ZF}^aVndnXc_X@UDu7rc4
zyD9E3+~>tfY=Tm*&-(QCrn!n8`^(tE>`IEC#TKR|EetyX-#PLt%rlOZ)d8nYJRb)6
zGfUNX+Ccm~P5RC{+mmdd@5E4Il0GxV_$@-grcl&pT9q`)8A=XEN9lG_g7)Q^)|4vu
z?zROd$D-2Q=DCyOi=m9~%-_P~Qw-B*5TRfUX5a;Y)PWSHHuRf654|(wmBqoBTSQ4x
zf$p)CBwE~H%q=np^qrV4Iv>liEaizc$n(Y-UnLaW%_gm_U*7C2Q+Au}eX`h_`(zON
zdnIR<D9uhJzI(O|e0QH{1=LY=Pqzr``$RZh7m&;D6T!X{tbp$o^Gl|JW6lR<pA%=&
zxFN8tJyfowaOb>DXjiKU13(`=V2h_O#Qz|`q4Bb!k-E>q{XH*FJ;=y1SnLCX2L%S-
z#liOjxG9DI>G35knd(D4`;X3CiwI{yvT+kQl~J3!AC&=M2A?#R$$b<1P8f$Of%-w3
zO2Ep4#?Q;EGw(oYpZw;~57Nnv)0hfPiE2~B)m)48uB-4b2_)oBj`p5t8g&YL%~T7S
z+%^Cwz(9#aP%iLvFzoviTAP$Ji-`Zc==xJ`(eJvKvWcc+|KkkrGm)|9MJ6(itcxNe
z6#)cs?IL}S^t*i1g~B4P*2RSDcx;l-khr!%->o56Et3p4Cp;9yH8_}DT!VJ6nvO+z
z>avN1vpBWox``CxcKX(#)1A>B(t5E{SC<PqUNjkW4XmXS&OEy%Ofq|lr}W6ZS&0r2
zmQWCXtwxEi<u!vu*Wj8#qJz`JSkXI8Wk*T<`d2+<+}||m8TVJ|>ik5oWd_(=1pA6$
zD-5vZ1bc^I9~ofp6YN=neQJPxOtA3;`@#TQZSoZ&;;WTPz~}d}JJi8X)jB}!um?Ky
z^6St`?XU_uMEiB<r*@E_L!4iSIMrnS1axTc*Wt<Q${QTe;Zao9+E4<hqeuW*{u03M
zLXrTs7OH0Ssq$<06YtyWQ)Iq955s>NswVD*zr<?Cv7PKV$ynDm(8a10djQUN+PO*|
z_P)V(-K!@17{Qw@a?&rvid*Gw{MS^uHUILqPl)U8Sg5k{_|mi|C_Tjc9Nw_7!druW
zx6=k6`}%Lb_QYQ+I@f4Vob>xG=yzp5f257UdVeHQ0>?JHP_PvBeaYyYM2U!aCE(V(
zV;RPpY7;kt%g?Ck6J~KQan1c_F0XHIbEt_*MOmw(!?8^%DY-)N(uRJ~&xxRPuDi+=
z)p|XzU_beX88N72JA~KP$BhXLPw*=j-f_aD%lPP8rH?~aV+&xiPAQJ#ZOrqNN!&|z
zc$NcGi%hkEH`etNgu169nq|;*aCf{irnO1&0EUs0s%&U@x;!%Jx|iYVlYgcn06GvV
zA4jNMUTTg~AC)isNeD8_;CnPQ$fS4Me*Q#flUjoE8~#MD;fbC>I?I~cnjB=@M73yB
z#&@)df;DtG8z?W@#P(9##PA^6L@R6*Y(#z9r~;T6-$UR1rSd?06WN;O^3DAz#i@&f
z$EuCS%>~_RuKd!|+71VB61(+n)yOeyYn*;t+a1?aWCpdvw%Q*HysdV5K`-3a7t4IN
zbt&K0ZQe+2TWw{P0i5$?Ba!^#m~LCo$dv&c)(+^YrP_MP#ILO8)g_y6kbG1vA3Kp$
zZ_R>{pnPs1D4!6qxf+D9^#<4)f*mE;*9I5_9R?^dw2kQK$Mnc5!y_x{b&G>;Jd9~K
z8itXa9N{`CyIi@0k(1qiI;pd2hr`g}s9%TQu2D1qI$*7XK70N8I5}0TBfkP2diYVb
zk!pwO&|!dIhr!jluMC7fiAu^Uep>!KQ>n#o+vUh6*S$!s;GBNTcw&NS2WQr=x`Xq{
z8HHNCtae3`RdA4WPOUy9Le%s_RZoRq&DMW4U0&B%_f=8<RgQ&1^k419znUwzKB(9>
zZ{r{Q&j&hRwCV%Y`058Vip3xJ`iJ|_!_R%_;V-`QaQCH}>ER<sZiXHrHC*CH4R@Q3
z)G$u&_)u$1EV#;S#HGS!3*pkRZ3;om8a;g!`oS`SsNzxl2G)vY*d{%M5aJVOQqdHd
z;fp~patc{tQf-sj;QRFo=?V8uB@Bs()aU_k<DM^Qnp$MAlj%Hc4R*4dMwV9(2SS#Y
zA0cFE=g2ZoMV1dgfXLE(nvkX4j|RS88L2)hdrtZz%be-D^Zxu{I(d0W|9EdhM&{wZ
zv@d6*4}x4`4w%Zxf;h`=Dtnkb#>=md^Y=mh4I6!YP<LbFjeSs+io%WL5nE%aqOh@p
zL+$VYba=q8!vnlSy4(UfM0!=Mfy=h`cLUb=r=jltF5K&nHIfhMR&mDfijsQdUgiD{
z*-KZ|^PcYh_T-H}u}00GQoFB<KQZ3dc0c>x*H-6izOSo({y*H;OFsA2R^EqkuZ2ID
z>6{gvxf5OKx1yNaM{(lLPncg{C|vD#qj~O}2Z~khXvOcTYVI7JgS+ukH=;`|{r=xw
z>Z(cqpIqwjp8{R#J0HH$r7q}-mwN4QzL#3zfJ(}Bm%90hS}ygvA9cr3KK{SF)M{oK
zeyQ)O3~;H#Dg#{VD_3v!QZFc~<x-C;s^wBA7X`S~$B!8<wY|RXQh%|_|58u+LAQ$U
z9aAp#!d=Rxp1X_gZ}VlkOFe-%nwR<cdw>6t@jj0~=zE`?f7X1Te?9nrxX)XC@3SH5
z{@rgBQafhSxY5%Xu?12KQTMvL`I_Nw)}g!kRl4qOT5kSsj+*ely_*>2a}$^IIbfU6
zLy5GGSU`kd(b*5)=!*V!KVH#|$9%8oXnsZQmvvWk`meQI(Iy9Uhb!gR|K$}`gMtUs
z6`fli;EGNt4{$|?mf!3ZJ-MltE4pP<Em!p2O#!ZG!V$w2eWs4?iduL0U(wzBbgSt7
zMY*D<OO-2nq?B&s^tW_ZbUSZ+^sQR><qv%L<-NZ5b?KR!?`zb)o4l|2XN>^^5GjcP
z0}iQ<LmI$tRXtIfX&0r>@I-=c7ra-X93LcmEyZN7Gj*YY?1`BeDJVt?SUF}V)wkQ}
zlr~Vd*Kn7k_!MM&y%)Uy_1RvVkHT!P_wsD7>Cq$uZD!3zzy5Uf^oj0fhxVtM<j8YT
zy4b&S`>7y{mi4vlbUAAH##Bcs`(csCk0Q0+_ixm^AD^x;?nmG6efJ~mbj|y*^!u9k
z1HMQ5@TjfeNX~=G7BFE&S5OC7oSZHW>1npeucFg={&uTu55mCOR<xRN3|CzECDpXC
zlZj`YHeHCM<uk^_)G*)g|LsFB_W1FCr)uH<_S}O065|J@``F~4q(j&o)t4!-0x4`u
zM`C;mR8e|JbWgX+!U(J##U`9$p$VUZ3C~m}ES!&|9H3ZD$q@4TLl6b|lHU-V-?C=N
zF{W6YP#Xv663;tQ@5@+I5?FO0FUN$*kB=HNW$ZXgJ%WUaH5u}9e1egk))W&_fq<pa
zaqUk0&TxmzCPc7qj19F=;t{HfzBYsi15`z)TqZZJitg&G%hZ0y=2(42_zs6tO}dKk
zpPMK_#Xn~wP06n7q)!)rs`Qq9fF`9};|0#;7uXQf?3BLd_cu?wzkJ!CIF{=#dDsZ`
z{yJUd-gJ>Z<YmpYA8~T<5oF#AI%%s;Aghz!0(s2jPv%|s@+elU36!>>(hK=|L~xWS
z0252%!by-+2p*Bfh9^4mw_0P4_?I#eJdMd7>@9%=J&=D&Ov+1WgY^s;FTx8NoT#y&
z!4@cJ@WlF9dZSX%U=@*BurK<QGFbf`yBv)Bv1<o(`yqBfA5;$LWKSem$E-YcvF)Z(
z7sG|nNHE+PW9_Q_yBQh`m-T4y%x*%1aVi@8{RE-GN3KSh0_5jNxK8PcJ5JK28NbLD
zAD&tHiZ0%;0dIU+-&lT7A%wpc5v9w1MNNUevxsP8qI_RxL$&G8iWGy)2mGm?uaI7;
ztN!I1A0}jd*DHSfZKq{MeD%`~Uwk#`c+L3g+K&G}(#tas8R?}+WbK8F8tLWA@7O`9
zI;}q_-+bpwFE<{egVOnmj$U@npe=akrCR9a+s6IqTIy&2I$DeUtF#t+spX@m@P%~t
z|0bd|OG`<AC1<XZlAcz5mT}c*@m0SaQ_>%xRX?ERq<=}vNuOv~^{K;*Iq7$BDZ?T+
zf5;~%eUF{s4}MC&)Pr~WF7<$;wA4HP(Jl3^VYJkpUxbA8|Mz&;gWGD1cl|%VKfmVp
z8}fz3X`GHw*wL(BpkY?zcz9T?v6i}x*HYKSD+(!%7W21|=Z9S3#2PuDA52w*zM-r&
zXfPGXG1_2uA<Ho*JOZoZfOUW2BjI&0BOhd{vpe#)1*9hyJw4gR=*e-UC#{g4q?m4j
zp0xao=!wNZPf-4h_Ms=EwgNq2<1=t^amL~vjmyT>m?f!^R|%hAzM2U@Ud3DiE7$33
z1p}{5qhq&ev5I-E@-p7|;bJ(8c>(yvH+<rmN__A8*~2y8_c<jutzRfIDbY+*?1+L#
z;|ZcrCWkZ%D6YKp0I?Z~$Y#_f-9TL4My$>x6t*|>TrdAc1zCw_=W!=tTApGEo++*f
zjW-JgVA*rAVf3?cB}XHrG{mM=6s4*Q#Z?){FYz$<!vI&iPc}g-a1U#dt%Hmk<GS%m
z43uvilo+pb?1MEF1zwNAy(5-ej-j~Yc8ENOx23aR878%Aggex|kJv;zv57;uM&bM4
zBe}P7`0h$_=~fw!B2&%f6Ylq_2g@#>-lZ@EyEYJMAG1h3Sax~+2IbtX;^5>(RDZ+h
z?>zT4A9_;k>+ihiXW#P`*x$KnabSOEANkA9F;Y*CWQg!G`F_)NufHgz^UtRHaO_p%
zcwa5@qkliuLjQ_tz7J5#SCkrwFueS$VcAeYFeInj{5UXG<xKNT6E{v9$E1|$<3@>{
zEkGUT|Akhpdf#Oa6E}{YJb6m?=<IP~yd@{aGZy?*r}YrO(weQ=16gCUoQTW96chWu
z7&>0aZdm>bWJ}Htt;T<k6pt5vF6!a+noQYIBT6t|@i9C|@<=?C)6GERpkah(0D)r;
zjPUf~5cu7V;}bTYJK4mWgFj$Xtf%-R)MYw8qU^EFAT6~VVT|8LMI-w+u6cHYh0Q@F
z1z#x<*8jz*Zj0|hFIdIooga7TNpG*loHBg1orziUPd_rcEA^q+N2ulwl!bCVG@MnO
zYT_asqdAo8!3j}^n8`uS^?+r6qj^y&HP=Ii>Ug5d^^k?yJa9jqN<sIf<T`=fxT=wj
z@#msc#hbzzo~TdzaJamarp&a+m2wp4I;O5uZqb5sO4}o9+ce&0m9y9{W&MQp{me{+
zCKs)e?fuLq`lZ1A==;fUeCYd^b;i4N`7)Gr2I?!5tm-TM>`ULj>~lZ9@r!>w*tzET
z*KclGpJL_r*{ZSV8{$yvjgi;wL{8aS%YE+TGv4w|zT*w6WxPu_-O_ktmGLsd#S;pH
zx}z_bCj0GT(qyV4P1=t}2AD)m{Q2aUeDJB?d=d`SJfGcP-_m^2mHFi5CYrK)5IKfA
z(r^RvH-a!5oZXIHM0;ND5L1qBsvk1RWaDefRAYY)G*!R-dgnzS{ngjL^Lu1}&GS3^
z)qlf}SdkxTNc@P^oF;X1NDI)lt^0x#aO(=r60NtW`~lC~yL5$;0e0+^$qWNiTHDe@
zyTN^HC#<Zr0F$4jWAc*&f@2G&DXa*{J?MFdviok1cNkQ3bG*Zvod(`PDW&?-FADD<
zmmu$8t(A9BvxeIByu(K&3h(g3XT%)bTcG0|W__k$xTzd$DbUp`GoFVRe9ps0-}B(y
zTl0DNb;EzppWdhAPeo}VdNFrjScK=Hk=f@w@QlEV-c!y49Dpg~M`fX|@hk8~d2B*9
z<p)-d#i^PYNYThap6qyYr=b70H+Ks9?l7E!Vf+*<I;5O}--|1~z!B%gnX>QUi2&Gh
z<JfZ>)0BHX@(^fj``NbBO4WK|)XcG=`V%vwSoMGSl#awd^K~ai{8TwHJvsQN`M&-S
zoZoc&==;C)<u_aHxjBAw#roRf>oC)lmJDc@8G~a4NCxDT+NVi{%W-!L$;}p00mU=9
z<}Elk?i3P@L7fndF%F)#N<CYM^LH?&#@QWYW;AL-FQEXWr8FtdA<eTpq;=34l~j+z
zAuaD`wm4zG{qjMw?)v<fkkiwU{}SpU_^69r=hCEgq)Um)a}=KjT}meiyKzc(jDGlC
zZkK|ZluoEGKI2V~fKA!Y8bJ*Vl|1F}KA`G%xY#vn4`Ek^QRB487ZHcf7!@{ZoTsOg
zk^b@VBaBZXOqm488_vjHj^Yc!NfSzG^y<)6Wp_IodK?bDQl6NMLvM#eulA<f(H_r+
zUN*m4%U2?h3w-|8T%)eG?U$)0Iro5`Iep+u(hEhadZDhnNH6r+$taUYImXfQ=gB0E
zx0r{AH=zCIc_032tsnjSt`_?D#Vy!xDE5gg{zL-na*IFEz=Uvz)XU+XVU_zO-GM^+
zNt3USP6NVvufDBfy{VHXKn8xIf^8r<xQgz!nBW9wQ!tOs$7|e5^P961VpZatuBkjP
zI3^tk4do`4X!iSIGyRTZ<4iPz^+ALeh*<udZAgcXy0qq--beFF9>;p-t%UV#g!R7U
zo=LABjO6CuvzvhSu?5gj*+SC|ym=cSGP}oAcCUuaZ1TsO6lAvKBf?e@&!`0epZQ1$
zCq8+HPM2<z$9|;XxZ(V%zve)_ZR7d)cA?MtSmVe4?Wl$S`~0TQNB-F?9e!&=_^mD`
zJA+^>hU6U5C(Ch9*P$ga{vV+LayL2LkX`u^D7Kx=P+JRQe(G%&>{yIv?-^bINB+Af
zng&n!qPI;dj%bEBf?*Der-MI!fcBfi5ATz})+$ddJ{jV0cWK4(gOfZut^ktgn+S%l
zgjOn&02|z;L^BpKvw=a&O8OGG3~){XXVg`2MwSt0Tw23$M)LQ1oKfcs!WniIX9SfJ
z&X{vNN+W#p5(#7cG3y5UyKfg5&%@K7`JRWU?KPi=O{;GKU+h2+ArKDw;+eRko|2EK
zFCdIgs7VExT1uQlQZ@v9d7#Xno99CVA_e+cbl!2gGi`8xbAdz2gwqo38!rqCo*{Zm
z#O{x<Yt9y)QNlOjg%eB2geL|kCGr|BeK8r4)ubi3seV0{%|5iGnEVD+Ow<$tO4Vf5
znAilP7uoM=GG0i`8YF*ezC+0`lT4$;-Zm<f;*&TJt4Wvw<jkvY(h}fIVj~haPMHj>
zVL*qeB_VuhY;tT=Pg#^)dhks)(?8^^p8$s!60YRTQKBxe!h<e4Qb}~jMHNcVboMpC
zF0iJ25P+&dy=liX4$3I*;-hd#kKzC_%rt;F(t`a|(ix*f>`E;TSB6@KgO~05qCR<E
z@v?nQ>(QTvvVBm#!K{_*qq-Xqx`ofgj=tAnlB<@*sx|wlPT$>#v@cK;=GD#Ya{auA
zq3_ZX7<%3&>Waab_zRQb;0r;;e_SZchPg?bup$UK1%0`Sf-x8ByT$VCO;}b0iZZO_
zQ){^IgRv%W(_%gi49LvTKY4qwNzFVMINu<4v+!|f`3CP>Wz08--A)JT@(t2BC}U7V
zQ5}b0&Ov;#G^n<mgV=2;&n2Yg9Q^P<#+-xL?O#E<oP#uuJQ_#Q`^q=~ri+Jy$7b<Z
zs5rHyfVU*7EsG8DQqb~xkUrD~THaGr5J9#xDUnk2AB99F6N@klYgS53`4UQLDJ4dy
zN^_zOl%y~Olcq<TE#lWoP<W0N*<~F)fyaFEr$_tcPrs<=m(yHl)1*)I^{^>D79y00
z{?gDMmj05nhgFG47gq10kUH0Sh(oVxQRRhBcIXsg=tM#3yx&3IFAn-8`t)0=_4^O&
zmu9~1V5Al8oaY&L&T*_)?gWL-^0#L=<FmuF(p;y(ZkEXo3gdjsUNRH}u_A91VJiF4
z(5!k2K3o;Be8>(;!_?#ZabT@^)T|F08jg-TJ?<jdXaj5{!9oc()&R>SSlJ$gJ#K)F
zA=n;*Jz;>2C)no%d(r@#K(K!iY^nh^iC{AcHr)W5La>npd)fe-MzAD;%{0Jr2-cQh
za}2Otg4H9~JOgYt!OrbQ*s})MT(fTwRvISDIwQ|`8RDA!vi@Xoa0Y-!_<>*J;CKK(
z?+0GP!7Ty&z90BE4z7BMfq(D=U*+Im0esdEe3pa10q}7@@No`)2fzpXzy~;Z9)P#`
zfwysRCV)5ifiGSqa1ww|UiAe(TuI=&0qm^w1#jWtU;wYHghWbxt;R%3eidJv9b3t$
zR?JpCOL%!Dv4puQOL$=uv4j(TjKTtUO0iVOXO&v9)P&EJ(69U1uP@A=LD&@piN;JQ
z1OJ_mruI;t2LdNwU8+mF^oYR3kVXs)J?CjX@k@JIPsXgF7f%WM?FnU2Xy617m^n`q
z{sa!^ZS{#n`NgG*PwjI{72)O?_N(AXP6wPRuyYYU`Fj|4S^~`W*wvL@NBpsz3ox!f
zrr@|@j(Apscahky!pmowE02gZ<19<2sAI<>I>CP{3v=~yr5Ad<tMq`zQ@nA}lpdxU
z^zE~K^hxjg^4Gh+s+qrjWW}w^TbOLcqRLx5*$OVVO(A?IkdhCwD8$d25_1Y{R2IK{
zNR*lb=%JnQlWSCZ2*IO_9@^2E4pcB4<R$3lL;vi4^zVexu>P@Lq7vO*A|0+hkOu}T
zXn-8Ub0}T9ALOSwtxbxTA^Ok1)fq_ARz{MrDq|U>bg>A9$zClV!Hoo~*WYKi$Wx@h
zMW4LyD_DKBk#5mF2Xul}yUrw7Eq=0Qf2g@Lee5m&_KSbqP)q#dd$(k7iBat>ai;7x
zVD#D!dl=6+-TT+4nl?I2T=9BpOF-L^Z~REEkG|kNKl|5)TI^r%{`dA2&;@Arlsfsj
zb4)_PK9i5)oI6?!kyJ;EF;j9TZ%=HM?c-=sN6MX3tFh!-vzt?shktl;YVtbk3~KUz
zCQ=xUD^}FxUw?d)#*)B}7IQvUv_+4-MtYyhCv>XswAU2O*@uIVJOM}cM)`@KHtzTO
z<-YsfYJJW7y=vJlo!9%7^P0bbY9Z+?fVZt>2X=sRU^^EDI<P+HwWrVc>-dfTk#)7`
zKi|1&e^4v;2c^UM3LaL}W3)rvCsZIpO%gai$OU;+6{|gOl21N@&igIYs#ro&9;14u
zoVr*SD|@(4fRe?hntRSTvG9oAVA}Z$wp=!4xk5Jc<x*WitvXlG*cT=`6mNr};dSKl
z&#vk66=)yHev2`WpKYnx!7N*KFze-FJj^&q`E(=y&}<)l(>s3l|1WB>|G#}p=W75z
zUtLA4`(=f=3AQ@rbMG*bM?gH=l$=Iv`O-GA<&%PWVIS}3?5|$+`C@+gO<?P@pMS%#
z>Bjke@V4*#eqB@Z{3b2^f9L##%=I~cV}}2a&)@6cvL)-PoWFuiHJ(3Vg5mr<{b>#7
zFS_Vv&)?<+wVb~J(~SGme5s%Q`}11#-*48uKey-)^OO&Leam+|t3IoFJPH5P@eJ@8
zPjkQVw5nx1tKPT?|83m`P2*>_C)&t!tza)=$LGP>>T#`0-XVhw-XV{{ZJn<iw%fnb
z-%oPF4yf;*JJp9Df75UOSJ$%tuip~>NeqmCo}NY1)6J*}%!tV%G^3P_H|6j0?GzvX
z+c$jYGwIWs=X33~ThQNcFst<hNPkcD1O#N#xVNpMz6T-W5>zEu67NhbibI`#%ua>>
za!(=?b{ijgBc1JdB5-OMY+h)oBZd!Oo~cvN-zkrrj|%z*n@B;ARbc*7bHXQ6zW+EM
z<-DDg^Ns&($<yM4@(&`cBDjKZ64w%LCnk_dedk2iDr5u|WxZ10j$1HcG_B>md75%w
z(Tk%A6UX%wA6J^|TADNu)#8*J=^U6J6FL1`MVj$A)Qsn<#f?#3bBB&>L~3x-;D&ax
zm`u9V^$=cc7JZT_sakO=8y?%=>M+Tt7sjetmUIi+N)F4zjEihdfB4E^^nfIXR-v#&
zmv}K+x47*0Fd0h(9hNO1uDdSC%L}719iwQb3{cU$_`)R0x1UafoJzKbReIIFT2Y%c
z_LxdYniHN0Xg-Tw76%)feAoI&P)}pOG}j;eRKaq(J3jdWFTn7bqB>vBb>hzWKZL?m
zuCiXJs?Ps@g;dtL`feA@q_Un$W?oQP!=RJAL$@g-_Zrjtvxj~%qt-l8)!rv6Lx|RQ
zJISjB+0-FC#fM<gcU!@SVA6&FM?o2aNg0Bc-Jd-q(Gc)};t=+k_z;Tp-RAHip!OGs
zaQ<Z)!t45O5Az|AGWj^{!Bpk@(59t4!|r{}I@LS2r1O?&wPm<jr^3gUv1Ua*ue40&
zEfH!9?u`U!A-_0IjCY2MLgDTzueZz<tj}Dfs-CYHbj+%?J=d5q(u#~zKh{5-GF=sY
ziOSMh24(5fq)1&suxAXgnFL!%usj274#6f7EZ+c|N3e8)Eik~IC0G}NxeTyEg4qbR
z$N*bNuxslP_JRQ>5$puPUNOLy5Ns>K-Y~%aMX;3wd&dBKlVFPo_HP4h8NsF!>;nVr
zJ%SA-*hdD~`+kb)8JP3)n0#ywWAL5`oHL(+Hv>4&54?$kmjigUANT+V&j;`}Kd|{a
zfgc0#-+ti69NY)MA$~=VLO3`az*qd9zQVJbS><5pAp3QY)egVUW*rXubvUecD25K-
z`E~eCO`NtII(+Td;c_LPKY-8pDX1T+;`0Y^s-O1zYYy%M;7_R#fWZf9{?-jf{WT*m
zlt=%w1+nO3BMt|}YH7@ove%H<mU>!aA6|vswSe@^fcNCH6`*&$B4;lEMX_fTKIciN
ze|qs(Tjd7{+=;&jQ%(+ggC2FfK`N6hxz`(t@}w>6|Am?StXjaZ7@j4p4w~q?3ly)L
z>xD`YfXjubiM9g+ljW~}KJ~h)fA-3cKTKh*d!uWq4^=(RC!X~MUw&@sikkVksKx(%
zJ;ITcpF4!tBjgNMoT4(0#nOZ;!qJDGtBoUK&T+%J=<dT4sW8SZTJ=w3gc-R6r<55@
zjxy1k8>#$89eL>tjb$1$1#_)!95ZF|^z6}-v)Ny4;zz~!LsZ(&;qDTp6Gvg+ItJar
zgZ$841k!y|re|`x;3-|wDRLglQz^b&ij#%Txgk^*a4_S6V;eO&hx;`=`PjH=SZk;O
zFP)eq&4~&D24;gv(T{`w2vk^fRm)$SL4kMz;1OnWs)$w&lGAmDmmaDspL{8nlRy`d
zWzD{x9Ih5XR5C&<J{eShXgG3ASKwBQj2o)>oN+_9eS+K&_Hw#oCoLF@si<iT9^?Y-
z3L|3G`v(Y|3#d@J09hg~z~BrJ&bfdS_-)LAScHs7)9rlZUVT1ld?t+ekk3>;<THg2
zS+4K)k(qO2>IlY5loVWZ12}3jAyS!&-_8zC#}Bi=k^2zUeo9e7yV`QZ<m(D>nzvZg
z7OGaWEkle)A%GoVp|Cd;EKD*KENp}<L^~?&7r=Ubj2MV{tH<52DB&1_T{6JV5v(7<
z{x-la5-gHnR}8Sr1QQ5WX@Hdz?DD7MZdhdJXM&jw#P=G(z9v|(0p=yxGJ@4Hz=HgU
z_V?Ez5q!1WK8I0;Vn51wl7s65_@{ss3jyrOX5b*dJe)QT-VNXee&7Zi{7H7eg3#6c
z+lv8w$q#&qgQo!alppx}YXnXQaIqgfjp0wn061J%#4x0$B8CvWwQL^g=(`O;6@JV)
zPj{ZH2(Fd9<Rv0kqP*ZGs$<hc4<0>FDLZ4AADpM?{rmG@7CC7i6`-k4@96y!C35&~
zFcGKwJ22wpqfehZ%Ex}?^0WWEQ;YrQx!UNFq7FhmW=;fGnA|B!-Q`|Q(Wz5VBEH#Z
zcW=J#)#(-4%do)jjq=$%>Z4y<=okO-b}jKA3vNXpt218x$IOja4hYx`2IY^_Jst9z
zfc_^7^glsD0Xm0qC_)}VNN|o#i<mgJI@PohQmL1rMM}EIAyI-9*1aQj&+eqO$x<@v
zbz3Lp6GAoRG|8KtXvzso%AXS+ViF3_ttEhNmr-afO#UgeVr7d<D?F7A3i7R=uwlGp
z<_hxT|6zaqq^PT2{U8z#?y=e6sy`6)>TKWOspmgq{hBLJy$ovg#U}n#CVR>_okt(1
z>2y%1v#F1wrdFoY2&ZGA>D;`UT3O9yFocW2d<aM1k2LA6Z$4`3tid`pbzOPyYc;5;
zT_1s(I$cv!4`eU6*Z6|P`WNUIyx;}OoR*9)iPByYX~Zq}sk-iiQ(`G@DsW=|y7HPS
zJh6Wb{N}eKeDsHfe*V92*5d!0|KHnpsYW^3ca!qwCbDJt#pGk%<pBaYPbvWd#GL`F
zhyemqawZ3`^M=%F=WSXMeN%Sc1lP^kc~ibH*m;MT$j<xBzZE<0!9_P|=T-F-20QO7
zixg31)=VN2P11CB-f=S(d_RJNFFV!zAv*ii!#?(@d_Vp7>$T{==l{QBpBg*H$39ik
z>wj#Yx&jyfZUtkVdbdXV)RX}R`_xY_*KqNdynnOysWy{pvrlFC*k7LYlmA|=MgGgX
zCHq7gC$~N2KCQi8Mv}5y=2w_=VzgyD3Cjj-u;(_d(F&&dkqRDveR)7%k^uIlxexi+
zU*`MSfB#jB{deB~!v0d8>1Tg=3(V(zlqqdnc60WZVLtdX&v!m&U#WRMbLQT1yp;}v
z)-kIX^j-(MRB50H0`&G{1B$phVZ^6(l(6HrS)k*{V#4;=apOnlOv)a`rCrPwq2SZa
zCSJP1A$1AI>)>?#MaGjAf3!4Fu@2)kv|=O;T}Z&e5MxCd6EM6=7fLmGjUkjOjTGE+
z|96y7s&}9BFQSms*Dq_S!-!RH7;U9WX&t;sY7f5)*Ve9G+cp4IK&ro>|HQ@!t?^z%
z0-tB;9zVoZuWY&>?VavbYUXr>4rBFET|X>P68nEOT|w2KO(#?>_S5Cud5br8?iT=m
zKRVPWKlfbU^ET(Dn$KI<oLe|=S*RMgU0B~6^+SW}qJAiJdvDMW1p)0unhB{2a94%J
z?YPActQs*#9HpgX=o^SynF#bTd<6-vr?ZkjLVXF8U;~iDyHy;s5MC(GF9Db%ez)M>
zT?fv7mgtb2t?hX;hnRAH7Ny=~6(oIv&W=@AP9BGb!G}Iq41*Oy;j&<;rxz8eomHgv
zuJdx8{VkO^9UjFYVbTv?Jq$;WI+-PA%{B$eJ2ueYMcig}5&q@*fHT!PGY%=awOT$b
zSDra5)?`cqask{NGf`f>+RCIl<U_4xRNqv}KmKyft1~s$k;jfjJDs>;^0?`cHDI#C
z)z6kx+OG{<V28rSZ`E1r>@W<y8Pp<g-rthyrRisE_o<f_MB1kyKH~`bJ35GFoEfCe
zI9g3WZkVwsKR1(-lc(#Z8x7O_wxSg%vap^X&h$J?Rz7^q%a4xe?)cvHv0Uvn$V7Ug
z<$Q5g5+Yf`<RiK1o2dTEQ>|`!in42}YEJVCg*&*iD?_!qRppYhOVoFJpDVi(x#liJ
zNx;m_UWtm?&8B~fo87GH7_7<|O!{t_d<>{wqx#=`44M(otC`*QnRH{o3T`w8X!q))
zZ1AaG+-fGOEe<moPowEu4RWcNTc2kQ#oSoO1fvPgtC{k0)s}R#Vu{6<eLJJG8gM0F
znon=Esl9s|O@Usapdr<*8MzcSNIx1hNc+tJt$3+Mb6o=x8W?|k4{6&P)4SRk-gP&b
zm;QMRVUY&dy#zZ<uxJA;ieTRmY^VX2POx_g_OJo=Ai)aXx^djf1cHq*z(x@)jbQ!-
z!5J)uU=t0n#|hSqV3Q57CkS@+%^Sp@_|y>Rb=*Sa`J<tRxSzJGgW4ezI^5yc;UTp{
zFX$lpb+A=ZMMyh<8~7QR($wd@nXE%kzvp|Z9gabV`}{ieRXcnG9lH5-=yqM9%uAs|
zgkOh<>omk?G6PPr8wWoM;0}J^kE@jL_ka#>`5DO?UQ;@>f)3TJ10$lS6bx01<pudF
z1<MvAx-22G@$AG{lcxhuO<p*cVmPo2QSMyQ26jZ9VObu3O1q}FXLmNmoO5!N>3JIa
zk+EyhN7uZb2T0jCRAoY%Pb4Pf)1E44BFg58v3f+ZWqM~+Hxl`fFF&I&IESB5tYv%o
zuS~fu`;3YxcJQt?`O_y9UT6jWB4h>?K3^#UZQ$KZ0=(17=SlU4xqYpGy(2BYI_Clm
zvn~x&nIM~r3pARU%__V;`JDRu<a5gQlYd>c$iLHS_iuyZ**X~{Rp;XN|4{cO@J&=*
z-;*v7pk=}$MAo21%ObQ;q_IU(Xkk)QEQ(kkQHo_Lf>@!!vRBd~F+^~A5ET`7LEM#1
z#FnK6L}XEc2NXn>sX;&yC|mR0bI+a0ENRmE_<ryA`SVAUIcFy4-nsXl|2^m2b6jgE
z+w4RFg|I!IC&BTO=}A4pteoP3*CGG|K|EDnaS6pgn`iFR?ndZdRU7~OV5SBi>e@GA
zewg^@$Lh7ex?b8pO2Wq^GW)E0FIb!X$*$QyP0__aJ{czdF`T^N-p2yn`v9%2d>@S#
zUiQoHV?n*%$7w+mPd{0A{%2m8^FIZl+gI;=ZUZNW%;%=d&#v$fM?_Nm-&FPw$9po+
zHGCM#3r;walc945Bcy}|kw0WVV|Q)I$+Di}OIE@y9%u5v3+X)!7U#)3Jn21>i}7_h
z4-71x*&~vhwi~N8W9kmYIe1<ieILWW%v(DO@b6fH6D$P&f=jP6d5c+w(-QinS$yf%
zc>56my)!X`cRV6{mABXiY1c7zAN3ncA%D0}P30sw1zFY!{LF(>ME_n$;pZ|0FSG{=
zyGu6$NL$1y9G+*`Gm3B}Et-Vh&U~5S2@buTxgd2c{F04~rX~4!PMTa-l=`q9c0R21
zZ#s)qN1;pRqGkEFXU7Du(Wk&xjS*Yjz*TL;o4$aXoFfC<;RngZW%#7|swcr{BeW8v
zc~vww((;k^tcnIIP7^W1cG0oo*&L!P&+B}9pInn7UcLi{H+1UwbdB_c4}syZ?g<BF
z1}`w|&@qgZ872Zlwj#4nQ%PTI6R{J8bEc`BJv~`GI#sgRZq1VpGH%F2y*j+FqBzKM
zb}_B5F2DJPbdCRNl6L)AFgNu2(QaZr>oF+i`y&yW`Hm+xrRd&_2u_abwUC)FhxI~=
z695-<ZUs3{81L{D*l=dYt0wirdx9sopy9LVqc1bx;VJAv4NS?9hr$H$H8)S_!vYKy
z(|1JB>FdNDs5E(heVt6+{hq+&4L)mW_~B;ttljvqV%8D{XFi>=EIt9|E7_#$=PPjD
zt&ER!{)?=M$qws8OxI=ROZUTZ`jeb;Hzc2%zl;;J-9ng{nSqIECl?#ii^BpJ?}qx<
zPs7Cr0~a5F`k(Y-e&FIb_4o(Z1MJTykrz_cS!d|#$H;dAIYCG6&d3Qs?x-WLVZQlh
zKz_eYQ;SWhIk^&CbmromiA_=z3MiN&&A8!=e7ZOKwud*V_6M^^PfF9+qbKP6Uvt9v
zzw-Z)e59S7b;?J&)28v?Jgl?-%?@M#tDn5qfc^Y-T65;=aH#}~WH@j28hC;^W;kCk
zKd3LD7W~&#)1DLKb@*>q82mTxzr(AC7Sso?PU^22FFJXz&I~Q@g0cUNy<d@GRBi7+
zey$C*_rt28viGx^Hhr=sdp{;v8;xa6*N$Z7fAXz;UCjQE?EG)d{u^FVnf(WGX!ajA
zPcr+jc=R7N`^zOxnA!iRJBZo;TX$W|{<+y<%>MnewPydHCP};EP4`P{*V_AWaT?lF
zVfKHET}<s6DxW}2swO^ktZx2K4>SKq|9w30lNt{c7Zq`Q$=4BRya$9XMT)*35r`1A
zfYBdQ^*OwcpdUbk2NDP#NX{~xKuBO_C%O?5%*>)VztUy~pkHBYH(G#L%tnTQVLJfr
z&wS6Iy<A3KI&C7s0*72jNev4o;4qY6LGH^07L>cf!2-d021Dx<u;BfNRABy$bGjbL
ze>Wm1kU!(hQvmrh&PfU&f5tge%5p$qLOfqu4ln^M(Fz0~jR?LySM@Ujg>&;@WETZS
z_T%K@&-3u4f)a`Q<`BY`d9_3P<@0KX_TG7Qg7$yPu==_z$d#hQ-PdG>zZ`_&w2t97
znPD$59Mm!FtC2Pbp8~^H9m7!h3C{q-fV$%kv*^DUC+Q2_6sY6!!xHK^a<7E*e`Ji4
zx*`7fF(NqrxZSGp_vh*K-_$VrFZZ83|G6Pqv)_0~cm6YsJS#{3cly{7UsDf#+(9Gn
zg;BcmkIpdXA0PZD;tAfd>Ea38FA!Mti4<<)oKvTGf(QF*;w^RUSy~t-{-b{Fk?>su
zb$)7PLnbdF4dJAQtejmReD~_Dn)Cj-I{Vj@F!rwp{$4%_a7q`=R5fG;G~_u6sQx;u
z4*4Wb_tDhj9I1<c4I}^35%tiwqCtJWwogMjhP1D1Lp*gZm$XGMd{bCya>SUS5OFD=
zjxE5nx_H7u>_13~ntO;~zDGt)nIO2cI|%FY^2g*&82Qk6RT;y>;9z&pL_?TuEPtkK
zEI&tCcL}sn4(Og-!CKCj?53{%mGp!`Mj}}PZ@D=5E>1QA3<HPxu()iy`-I?a@9L7x
z`9_iP4v8m858*LiH~H+UFhb(ac*@6i+9M-5PIs=dFj6Uk-CrrVw+mf13gwq0?ACp}
zYY(9haHX!{3V#LfI_NO;S+At}dVnWs4MZ4#(i5II%5g*uJh9!Fz;UuHaHPVG9Ae2u
zj>;-k7N(9~cL^)gyPk>mIji3BJf(~Nvk7>UBr^aZn!V_>n70c84n=r|*?<RL>9drg
zdSeH^kV(Dl6k$|iXoL|-w;Zuk(lSN@C1pU;>>WcX>0=IsT*KiHlrdH)R2D^9qmM7n
zq%6BQMHjO+?q|0jVYi9$ZLyy%M!D!|1jb&?*g4h=IIM+n5lgA(dtD=r9aF(>5_2z+
zE`Xd}jugnlT6z`?d7crF;OV^3<tJfHwV(bsN3d?;OU6XQS+G;~@~e?{*HweVeME5W
z;xfH0Ey7yl^YemryTA|L4H>2Q0lS6LJuu{o3Y!bw)E_vyUwO1QdB_%DBv_`&o4LcC
zeq0^>92J-4KIO2U<4fqPbZx07-v##p!FA0%d6ZE8d!*psBDjAOTt}}uym9ogS%y=B
zH)e0*g|UlxQ`9-$<Tz(a<C~?Q=g7Z~^QN%^KZ(qqg0l2;{G6zB<e&6&pemvS>z~eV
z1?vxm9RvEgncdwoPH-CpSGkcuJfp+<hqDUG;TUPX#+=?9y$XlYA@VeyIpm|Z&<&MA
z#I)8ht#Im**>>Gc+49sR^KxW5nU{g-Rq{GI;rGu3XgEB80Pi6eH_Z&PJ^FB_Hndrd
zsjg=hSwZYKkYK9DI*V*i>i=ZJ;CkR`uRAtjQSzK0KzN$M6*68dcnsKD!IzAHMWD-B
z!BuU9DsCocEM&C3nZT{87rDS}!g&$Bvg$5Qitr_aIO2IMu_IuhZezM%x-7*@1e@rU
zI6<UQO(Os>b*XaR3*H5I!tk}<69T~(axDEJ7DQr(G=DRP!;;)*?1LzZc^xhBbJJaY
z<b^}NZw!mIu;84rUMw6hc$d;&R^dCrn?~O25oZ&@RY^wAMW@e~0{;K$7?wJ;+B@0r
zeyrNpcpdBSq1B~(=IpUU;_ONYwVj_v&tcLI^{rDByFPqR@4y+gBD&?mP->edi!nw)
z!4Z4RVyuXgg2Q3-x;J{qGg!$So`l=37unvaKpZv|YncO0e0QWGl0@3@PYUFGWmg`9
zTXRs<q<eZJhNor$3CM#&4QdsTPjWTBMCZbeY0z0i10y_}TwF~rjtN{GO)kDcFHQ?w
zEQ0;dG(4uQ+W(Yl_CK_L`Gs9-6yrSBMn-OH%_fC0#`qPC$NKj{<8Khg^U5cF*+0n6
ziZM>ThKzKuJ`0Sa>6Ly{UlPdj{PG3zxli+V?C`QG7G+{+53~ZhYaNvM5MO%uf?v8U
z@-8_ip5V(PpL_-I&jk2qEIXP+U+9kyNFM+7nSD4p(7-HykSUc|cc1iig8K$w#RD>{
zp8;AlD}cbx@Xms3O&CK#gK9qp8q7O?(T_)UM`U7<0vi_X@9s@EV#nL}<AUsWI&|0U
zAMVlFf5(Th|K9cgmp!F>YCY^JuWkCf_LPyF%AWGv)0v$3*yO)sPq}|+czep6JN~cP
zQ{Hq2v8O!kti_(<bk=T9xzAa<J*A(sp7xY2DPim>Z>5B>r?^tW*i#-#31d%5OR29t
z<)cApCK=pDVNY3cpIrZ9kYrDp#~3@bL3_%)KQ0Efr#u+1*+1W<i+>ptCjMo}KVc78
zoS?G@ob{01=ljy`bIhZ4t7mqzX8$}?=l>lY#{V0pJ&N;LFnrb3TrdGARCA%80OkU^
zl!|8yDmZmDmxf;(aof4Iue9x)JmxXy_{n2Nt2UY|=-S|*m3~zxc%XuYc`Vs(nkig+
z!hn47<nul3a{`ejnbvHvNsEvGcxq~;5UAN=BubSKia?EZ_Mp4LgzM7t26Q(Zf213;
z#;4q?E7(%Z1wEK$q?p0NRrL>8_)X%K;gW^_mw`A)r?r;Lwd@=S$m*ha>ndqXuOBEK
z$NiMCXA<^W^CfoH*yHZhz5j>8ynn|(96uC!XUO=WdOvUPkdV*&$La}w@)VhWGo|@=
zd_tY(-|cal^<;?7{xd3!{U@_t>q!TVJrt{|p4=A9C>mt_d-X=mc*)YOf4O1SKl^`Y
zzwKUDANy_14I2FA(AmF7hOvLwL0(qh{CZV=bFxll)8$Q9<6IT5q8qPyj=I-7&lf11
z^7M3g-d;vmS6b*O%la2za-Mu}pL2L;ncRhOQPl7Tb}*x_jV7P@W+UZ??S7W0dz^z-
zE)k=CY{Mn*cOJ2OW)b`ns8T^Ax-Mi$^^Ry!B6Yo^S&*KaUJukenx&|B)YD%6dt}=9
zEmC&wSCpkGGQCMDQc7^L1COWmj(!t|@1r4;DKs<pX@7PREP96h1ig$PZKG$op>9`I
z59))}=HWJF5_Fh1Mwy4ZbEY;Acc%w25BJMc6?wQ{-G|G0gXU5_zgqN}nd-A^OrM!m
z`fU04=sQ24(`T(vpH(MF`s~rkQ$~(|q+lY^XE*Vt=>N>q)CKyKJ%R-jR+giFE61cX
zRKL+2IYb5v7${z)>WJnzi@u9}R;f5gK*c>*rciO6tpOD`VV+9GwPGqRVw|Mna<Wmy
znZv5MR#e6H;Hvs6Rh&6nQgJn@sIwNEWEJO2MHP4VN0N#=kSeLT?-=_yQ!VwUns(I0
zE8DgC(O2FdIzM`9MxEz>JJtN(Kv&kRtF+*PZV9M;{!bC=I{$V1z1-08bjklnJY5tQ
z*zEQ1(T5{DJvb5;E`;vbz&eM}y}+qL=psuY{&n=<389-aFkA@T+x`At2;Fgg2wfB%
z+wJ5Kx&z~agwSms7bJx4qj5n(=w2FEw-CB+Jwk@i#q<anLihVEAw%eP-csKXx>Tza
zhSJN5lXH8FV)J#2Lz=}c82SAe+;X)zcG0i*SGLvcPcn4ppYIKG{yFU*%NO6=MG&4%
zLU@r6)xp2_VH=HqFI{K<2_ye{Tb<XRu5A4w^PWii_FN)uYtR=Aju4se9M!EBKvMg9
zbYptR_2?hRKbr>rGx(>vp7>|02LF5;9RGa$zk`2vs_@Su3O$HYtl6o9K;42upx89B
zh~|z^LZBPcv=FGnJqUr8JfeU=FYiQkAK8eW7q12XU_t682E;!WHU9ZV89PYuPjNCA
zKtm=i8v5<#TF}srS+$@ca~;vpG6fnM76uKKu2!I-)(HVLG-i$p4N;9ly63M4Bs7#c
z7}1dBZ=#{bgC#U{wl^-3^Bc-&=%?O@hBDrf*3oZzOK7N^vESD)Nc~={Ki#91W<9lO
z>rXGet8VqD<5GjypALhE`qdi`ZR%flJcRMA4atbKQ9uMIexXKDT7?ZlT1|FHDnN!D
zEB|Svun026CT<JV+=E2aHd?IO;T}dNw?%`8;5?7NTu329j4v4@pFn0Q#m&Nm-N_z@
zDM~2aR=7tn>>_w50in=@a%x~t$Vl|7@l`Teu`@k0lPz{d`6Ez211_W|la;0kEq~OR
zwioy`^^cNu^^dAm_5VDdDvM>?>B3^U!!xW0)cxzBs{03P--!(JKHWcw5i2f3LBAeQ
z_^(I2raE8_@`*n!M<%HH*F&!Q=k^i4Z-K9X@qIz~;ItH360jsUUBYNrLniNAw^R2(
zj>8HE_YrcEzUNDS0-QC!1_q6~imfgpmn?GesbrCxaj$Zb>z9g)oK0Tjtl7B8eU=YZ
z%PP>TvuYczryZjDNf&d(QS&b|r_a6fF|(^bvR~ky0qo*$k+s{`b~e|<-}Te!|2xCz
z|Kxh%mvnXfKPOqL1do-bOPe@@pn~f-mM*OjzQst0Ch@+Yp;saE$u`r(tEcMn-wg?q
z|E_Pn+SgWN4<cfBT^-zb6-?d-HS)fbqKkja3KRbpMqbr=v?LI3l?>~V8|xWFr&SD2
zhI$5&%8txMhqV)5a*q*|*_~v|k!Hez0g@ALWn4b>@VBo{7){+}^iW~0uMOY{z%LM=
z<w&7hlU%+ehCT???`(4E30zPr`O+K7^$UXxM(R~}Hl%Axr$vNIv79s`U+HQh>kq+w
zmMkgC^+YON?}&VTK2^Yj%??ijo$OE>Eni&QG?If)1t3t7v?i>P*H`|dt>ACXrcp{4
zV0C!m?aMSepa39DQ5ISLO0GA+fovO>Ry-%4E3}Xv%ZH!Jk-Td&?4CI`+~vL4r#Fxi
zBvKE%_i-ciIa$EZ_*-s*<m-MoUCZb<la;1`{D||-st@UgwO@~a!CtGMyw@t-Hs?#9
z4e}pQ!ayZqqi+!8KfezM_Q38;P;a27`SC!%*FrW>6LtHm>5M!H$dBmA7Dm1k$SwTJ
zd|tGhvPip)00&-8f~H5s6&DTQ3LAsXnlE{YX_a`vQ)Geg7Bl#RjDeEB@Q8S*tZL><
zzJkO9p3iB%61!*KGTclbvAZ|Wj~?4uq9Y3%3+@_PDZ#(180#{U-<f+2A_M2G3EZ+K
za0_3OM-!7vw^a=zU*UZg7iCD&5y=XNfsl|7tD$UaD2itQ81Wgc&4&4Xa_pW~g6AoW
zBYmojO3{g|=@)E7Ns_y=ErM%fGR$XNg5V+`v$PQaE2^<QjRd!`>Jn_tJ=tW$?|~7&
zG1o^Hk!&*JHx>!qB9x=t6ZJ&8H@9PHSvqg0C$-bcuSTa^EquvGw5tZ0q+%prH{=3o
zb8cx57Lm3SM@=46X)})=lQ)sNzx}K<2kbxuSeji{GO?W$o)*w;iNpQJv_zJH2N3_U
zb`lD{?KbE5Nrk<8v4n)ZMiyG=Gh?GTIpy>cIyBsvey{>#_uwx?+;Iy3d~0z*yFPRc
zu~pdG6%i4~PZ~XjJWdLm;Y%mT)lFC~W+Em?n4IoDX(#F~<z0v~tOjyEox$r_1{_*Q
zu}026otNB)WqS#vnl>7km?jM1F|z<32)$rAc=~c^!N~^rPP*m-QB(hUoapuE?!o{b
zkV!m|g1YzT6y;eS>lql@HdsUizI1H_eNV=8w}mc{o&?34YACwe(l<5oktyRyH{_3+
zGLrTx)*>h~XL-h%@a=eKnW2%;SX2?y21AA$3pA4;JAsu@p+R%e-|`sUh2dM#vtv0q
zK#aX613XOmn&kQ^IQjZCd0*hfw{Pqdcz+EP18hedh_Bc@w$j#)3O>d8&?8iE$ki-`
zPtj?g0Bdj#8QLb?9z67Z8yY-CUn=Blq8$gHjQUr!KEx~9Mma7jUQnKsyr4g`6)z~`
zHhe+-Zd1P?=LALa>@&{EV8P2b1fnxa?!^MlONVK#Ux95?L%MD1$W;vkTv!RNRcL!<
zR2*~^Y`r>gRezunZWw(|THrabs`sZCvjP_#>g9LuW$D1xPSV>|n{^pwlG%x@Wbp%F
z=%QP|JIhD5763ylzcQV-EdOt+`XO@t#n~7>`QqK7(>_{Q&X}(73oWh%Ek$zZ3ars{
z$izGW`EVm>ut~ByFU%5y7DpdRfMDDTF~OmP(tjo(lrE5=^yzej()ka__JRU2r8C=)
zR=rE%!zOu5Bqk%CE)Z`{#)L9)a%Spia#z(4nj6l>NeQQu#ba^OW8X%u#NRQP1^HnN
ziDiVRYEj@KOepbvc4Lv)?1jsIj0K}YJR65)ALy;6><cJJF@Gjzt~OPta=yt*i6-@x
znlQSrv`fz<x01%7wWOc&p$T!A5W5%NlGqn>>d@baV!yHSVk$L%w*2lQgiDGs^zSB_
z@6Zh7E1`T$^wyuF(cw{c^S+&6J1th?-8{^P*+6rik03~22E)5HXwk|6f&ISeZVPX^
zKY{K0`DWP`zFAI!2LE=i&-qdsYevg<0VKFWG?x1Z!F|Qy8Cxw->}v(TK}ikh9J0K1
zl!~pMxDK@+R9U5=WRs`JR-a#)-m}oW)(Q9$?s-K{x{;2>wQ{87fKqxo<#LxEmn$C`
zbz`uhREw(ut0mAZgIhV2s{`|Th(oT!W3EJ|iKC_j5(AHok}6PPXxj;K^U^jnM1Ct<
zZKc{&GcgC?E-p}efo90#<N{kX`<;PFK+kVO?Jr4!9WCWDw01C!NfKOvE_5%TH^8rC
zlYzGewsvXjp-&xr#u2Lb9PX3kDf3!_7TH2Z#Ew1G+|{Z_CJa@9&p4Y!75+ts`=~f_
zWEy9G;u`+K$C0SJZKxP>B}I{M2$b29gLENN5)-|hBzm)e=mnz{oi~Yz{vH!u0MVOL
z(HrVT|E7f``mTwvAoW>4F_`FYJ*W`<Mke~lDC#ar^!<iF{4k``i(sOgBT)3VlIX)*
z1Vo=QIZqb-mk1Qy9D$<SK=c+=^ccP9CRub7irzjTx}C;ao&nLT9#DwBnEt{_njaAo
z14b~>1^k}P(j*q6=+XNppmj2b#(l5-f`xb|i^J@wok3FZ-Ciua7pyQZu`e)kL@)aS
z!&WTrg=<`nIJFn5ag!>5yjcW`2UT5d&8`|%SKG6z7Uk8F!{leMk_5E?v)L~;gIQJp
zvwt)TB$a!-Iqm5}*gwGRxACifz!hNNOKm72M-%lGuRb|0&wB}_>F0g4eWKKf)Wn;@
zp%u89fF|A?aa^MQ2svN+v_aZ<DPqXmft;0eX#|^<CI_3V-)DEwNX#|{Wh5rJ*n<Fr
z1}eND`x{-sFQ0~5NtGG&dX{?(H?ShTvze>1UJc4U<7!auis0PFYeBj1#*B%FGijUP
zC|saT3pu*g-h{LzD%$f%dlzZ1sAv$vugQj2BY~@)%^(|IO;8lI4`sO<p6Q$vKv9pV
zAC`JeN}hexL>_jF?r2G(oDHZP7;exp+$1wB1BTW*22p010}KbQ$;SR1v3*YoMntxg
zDnDIni+22H&d4f1UOdJw&LkJBS{h`GL+A6p9*X(Ay@z5xf7L@VpFi#)&F6P|AOMSH
z>Hg-mm5`QAoK8N|!XGpa9;o>;RS-w$sF^Y~TfDuk<o!)zpAy8bZ6ybVrLB~>uT@)^
z;Y1R!^<XN#K_z9*0b>_Q`S+rFu>5;0>!9yF{PRBk`B3&xebWXzChs)%7WtS%KC18t
zwZ*|KRwj&p)W8zP(_$b^1kV#_Sa<@Kfx^~kKy7p(&0utP6FfuFwm|U3K;{mfIi5LK
zsqyr$f!)Zvrz^lvwRvGEGcPn2%Bv#BZ=>dgylwodnEA!ObX-G^{_H)1D^+FLu69Le
z_8{89?!+ANCfI4luLE6}M)}2?@9)8(AZ9#|$<)+GF|wMXhcTr^lO{lhNLLLeqLKI(
z9Ge4gkoW8870ad?Er*6`NQ)$C_AB|gIL71RXy%yzYd|+Pd^5Z2b%irQnG2unIXGAc
zHSREZbs378G?okswE>#*0hL1R7E1=?>+(F=(T#xoSo!M*W+}w`O|vvKUo_*0NjxRb
zFOyipF18~VYqxjbenn9G&pPYkANz)hf3(yCKX0YuNzRYG8BgXml=EZL!>V+=<Vrz4
zFVIu7Ecvf@0VX1*XqiR+WG8OZrqFYEC&smgla02qi{Q=WO3ti&sXnfp2|GQmKoJ4d
zO6=EIjsOx^CAF=R0m%bZW<8G?(Kg~40e0&VIOdGv_Z|B%l;B2%EXVY?mr}ckRLx5&
zTc-Hg>%@vi)Cxj=c}QAT2Kbw-BG@C0d}(fEzz(7-AWOkvl~~ysy{IGk1ZonYoh4=K
zOHk*hKFbA4-Ad>8q*`YcSY%ddVQVRNC9;uWJcS6CH)_fl(kJj}8((^q)pv7vM$so@
zbv)KB0*0ft@1rcwn`^{!q+}FT*vu5N<Wf`}?KB~RLDO6GpoaKWQR3DB9XTJrFOrQn
zQjS!zyu7(Y;KY8-`pEgku@>$#974tdm|jI>!fzR!$%)tXhXOpl;`PYt@OGYHW)*Ph
z1+e3MEZcFQoExiv3)TfR)Bo8XlTgoBvK=>I66#`#{m+0I5?Yw%Z@HPZgQlR)QQq^d
zAz;g<5@bsf*pzG=SQ_kjS%Ly4fmzA+GLyg*kN{pelfWcNpsH2pLJ8=&q!Q3iz_v@t
zmct~VdIjs>wnGWtQ?d<Z5-j6n35o*}z*WDxR-KecJ5ZHQN~9gAIH#(KORq>Zapla7
ztR^l@b5`#*8%%~|q(Wias;tPM(QTcsYK(3`0izqCm0S%9#Tp_M+iI&ldG$)9jZ)Db
zK-watjaJcekyePbaVlCK(sGdYu!=SoX{ktiL`55qGz-!SRJ4gmi?Y>{^qSDb{**RV
zMVpMY9Y~v@qCJkZkC7I%uJ7|m3tHE=2x<DdzH0dS%2l)zMl=BHnC@8gr;Pk-G$FsO
zBmct4n}Phjj(mZU-v)A(j@+5qDCYs$Tx;6vanV83UUy|=0m$uj<o1l*1;{2H*(B%W
zHUfh|$6$~dPDT-iKXuZlUcn#O3gn);q}#7C@^T<Qt0PCSu6YW`=M@>b<p_qY22I`C
z3N%z!^Acz|&7-24_iL&YcwiO}kc(At$cbF>#j?vraU%~UX{o8pH<?^bJm?z*9PKFw
zOO5>skM>EJJ|Z_4HwUn~iY|J)FOG53YjbV@E52WR{07`O6p4?JPguuR5Qp*-upi7z
zV85R%dT$UNj(UUF9uP(m%dcIz2p$=C1K|5JP`~z~`0i1(WAf`RhOS?`^A9!ty0x7a
ze;v9dH2#{{x*qsz4P781zS<1<>lEUzCKYLBMSOLRbc%K}^<fgY4{1pNgVB5!>{zXk
zxJQOv6U@*bJV1<OmT|<E0C(j=ybz{afJ(L&1?Fig?%^oZ8Upn<+&@#OwVm3ve3Gfd
zf(t%{J8~5cGbYw68Q&%V@AC!sMC3LL^yDqzItk;0wP}e0kV)m;6(A>8%;2agOJSjb
zr0S*F6nt$lgDo^3olt<T$^PiA`DhQt93T@h&4fw7)4r%cCHp4`U^E0!msH|j(Hk-1
zW`7d&#zT*eo<@F|Voko(CnK!!6k*ZiBjhJ+2(HSy^``nRn}93Xd*^WH%it;-(bRiJ
zPKmXqF>s|YbQ(ZL1=tFJt0DwfgBB8Sb);b*IZXkAt0Jo6Pr|B`PoUM+`w6sK*QXol
z%AcT)ErV7j9^yRCVMSXB+bmOpmMn&@=F8aT`Id+*ij-`BGGtK@z&6<dbX6c>8$o%`
ze-PW)WOQYdBuG%Qon+X?EKAUwNnlj6y~iZr0umevU>i=7Kq^c^?^%Qr?2^&dE(u+g
zDcPQ261*p)t3@qPf+b3}2blzmBy?36SHOOLkp!&*iLo6FB-!LE!`YQUdEZ=>oe!=&
ztb<mC2Bo<ZuFR%aV2-;s<_OkdSWTJ?+RFg8<_8B`9TiqNdu0ZP$Hg-Urdk}_FjvFs
zpY)~BV7dw#Ohwp`hO}8K+BBqf?pr$)Y1FrNDDwNQwLlR<+l@50idKrWFOarCMVpVb
z7m>D5Me`tS7Sf(o(Vj-yD5SlhqCJPS45Tep(Uu^s3({U!(OyAXEYjXm(Uu|Yk3N+4
zu8Q`i4u%ynI56XC5?3`&hc(=cJOaowb>uaS+z-g_>&V|Sat9!n>Bv_Z*?)zQ&*;ca
z7?3&w<Qg5hhTUBb<Ue%eKN$H9ARp6_k6o3lpHBe84?2b)WQJT|sL(M~Fb1>O9~f5a
z82*&%zX18T&Rc&E!)XQ}3p$*(hLMk6hOPyimS(0nt%-!w)&#|A7BRa4qBHRTMQ4cz
zt2~Ix2#%T_1cA|1C2bohJk7I<5P{L$BZdYl1V*o2Ga~{!Z$<=`FZ#?90<($VMN2lV
zEzy0b*$0<$uzY<MEg`Yx(URHqHS!4pv%!s@KURguo+ppBTMr{1YkdIm*qo2U;ISd1
z8jme*u03Dphzotb?oe!<>wU5~&`EgKaw%O32blxGu8joGGy-ZqhRrh#p@v!y)PCE5
z20OMUbVaNqxnmlQbribsD$}gPvjzjE<J=JEc!xLXW{mej)0N=<k61x|{SHs+&EVX2
z|LkA1jN=#-p7;ui6{!1}t*HBXT`3Rw;JYg0Dqi9-uEHqCRV=;{<0?$4a$JQ`Z1D;j
zT4(G717&Ua_=Ng>Trg?h$NC#WzYj-DJ@ZEko{s#gfeC<*%dmb&gNlI(2I`)>Lym6s
zP{1;fhE$meM57-p_R0zjaqZW>0f9UO6gQ*?27MjJD$nPDk<0}4ZbyoRFR?``<6CK@
zU@^Y(O1^YhWFW}Z=xk2kdv|sGetqLz1#kCaq5OCh{#N9B*yw=-WLoGf1f^~fH~$(z
z)w>O}x=>5dE5u!5Jp9|!A>x%Lx*8ED*sX{75-1xsb`cbz&F2bl28&8QJ>8OnhY-nl
zo(uf}5pD=~UT@r+G9)ktXKy>~X47Epg3wojaw_355d13T47>=@ubT_V4?6!{Mbr7Y
z`X%(#MZd11aZ;^&))M_%(<5~BYaxqYU3eaJU9Hit1whtEzh2MCLxBuQs+8}Kc3M{H
zF*+t72==7-Vk3Zk85~X7(7(7Sjl<LI<R!&J7^w4hbOF;4P}05e^dUxP->TQH`L*kt
z;F&?A=Zu&c;g+BL{=hAK$s;VKAlYTPaMBkY5!_$Wk3oWEXU4%%r(}AQYfXS(6)AhY
zI#L$0+tn)1D~I4wiopjJ4UdYqE&<M296MZ*os0V6FuAOdzH|WT%&HYM>)i~93BzaF
z$ur56r8=)c?WZfYH^!*2Ha96(uS1Qs2Q2n?z}4%nzVhm26Yp6f>7^$3VnEYpdr-%;
zU4em5EmmCg%Wj(!!;$IfJ*k0bbXtfj;52sUFUv3b7pdc&e*Q(h{@oO#h<8e+>tB0y
zyi*|7i7Z#JA=Jb>r8fNU@@v4pP<(P;9rJ7S(8xcvi7x+tyD<6x8~o4I&yEw@sOx9D
zHn;g_>u2X@WpZop;g~=5t(!vD&+fTbK!uA@v5U<i>St$n4IM}ssGoiKY*Og@*{>c}
zzn>G0bpF4#Vf=ql|6Tr*rJvO+|H;p4c?ap_UD+l~{*(I2tE=a+<C!*^dLBRCLEiIJ
z={>KHt53e?+coW(XVlsMt`B4Xi~O7Q%U#QA{H|&P)Gv=v)-Rt8&6&-q>z9jgalX{X
z{WsRNe)*)I)a_f<P&fb0Vdj5CedfQS^v7XN&IR4k;knV_ono?kFi#(8Lg!;R{d-8)
zL{}M||LxOU7(dB5n-|X@(?2H7H8U=XXua2|X+pmSI6MV`n5mV7DXa8?b0p@NhQ8|q
zeb-#-yQMdDql<pjYwGToxZ42t8?5`Ki|@h3H>F41cSAQ$S<FMTlpNcsT1xI{saQ&s
zvX%_Pumr<Rp_h|e<mF`1DYBe&pa7<p@%;2b_51!YT9^N+b(s85T%GZ{>y(+s-i{+U
zdYq}SH@~U@zp6REs!`hfsJOKG!{Q8S^Br*!{Jmw6YdFqm$4qH}5eFJARqeop=jrWm
zA9r*)FRVG@r~hFtWgfPj<=3LKtbbud3!kyY;q4A6R46}loA5O<`y(BE#u>pNI`{!+
zvPyq1>_!<*MpJLQ-Mvq6gB`%!3IH9gJad^sH@mwMGA#QE43Aby-IGY&6Qu4bN!=5q
z?n$L~xUUg$3Ny%Ghx=?GADIv_KP!S?Z5->)B0Vb@`DR&U*a)O=vdnxln^CB=u~u)f
zkb!G~)VJH<3mK;XI4_Fv{$AwiDS~@~(M}}FGLRpbK(-N^%__vyuQ)^C#D@o6P`!T$
zM<NrCyyGnI<K%@NhRL*e0bM1HiDfh@W|Q6X0`+B6D!o+o+^{xq{vOUpo8f$PZ0R27
zb!5nV7D<LoBRm@|4TJjVlZyK2lhgY(`Xo}P|5}F8f7g2bSNiYNmiov$L?iDz5jy?X
zB8>j4pS)?ZzPS6P8b8`4tYqDC!r|L524~^{CwlnyFnqgJTBJU2A5=$Z@`*gXPlG=U
zI{nu?jQ+b?ulCsF_T>F3w}*^WXwE&*fSyuw9*1vTrRE%OSEu}UJAc&RbzOU6!n9}U
zmC)@``|~(;{e$*VQhorc_ju~mD>AX9kdK*QIZ6;;T#NZDjz_YCQ+S*#84F-V(k6>Z
z$CFsha+^tGAxwO{9DTPl5<`}g*||qNvH-?{1o4A)7_}_O&cQp(vR_aNLQ0RzrfHIB
zf(q%#Uoo^!3X&rIf5RY*%M&mz?<Nj|mPfS3xI97pG)f<|OdYg*=|EQcAXyd9JRnl?
zbHF)r(k<Z6Bk%V5Lx2S$_|oqq0t~JqqVu2L7y-2!E+qc$yHUzVAU(jpMaUDP?5>I&
z!TK%lT|&#V<|hv<p4lg&3FKL!eagBM&nh1IH3_1;6kQ5V&m;pR$UiT|cp0JC{Dq&|
zax4XU1$OMPwa~Gn(aU1Pj+9b`nAKgX>rL#z8?XmypOXHqO3&oPrfp~%D(rLUJM__E
zL(yL<JABS_%tyyb{;9Loy*PCwPYH*0SPMY-2JlnaWLB8Y<*}qx1%73mkMj|wlgT+l
z74cK@ES`9Ks6BN@e9kG|5j1O!GH54~!=RnET-C>TU)T0QO0izozV`gWm)g~yU-+kX
zb;>VnU{I-nIEK9Hsy}tfe>Yr{O#kV?@R2Tt!&f6c;YMIMq<g}CnIQrgw&@t|lNo+F
zN*FR}u8F~#NDWvxg64ULeyp&OUTlkww_|OClsEW}UQ7&JOwi^|x9|&R%3hB9K#oT=
zUJk}J@v0QF(i^xQxGKkz3*v50iX~tDdlHAo=01Q=1U_e!%Z8L>aS6MaP>zO__yAE5
zJ)D$E{W10wqd1P;;4i})F0#KPm&i67qd0&u{f7{1#SgnQ_~A;Pw*FI0nEFrW!{{%>
zSDFnR7UPCR%uYZTS;OwxN7t~zSb7<AWE6G}Y~bEZBid}Mq|I8lQfe~^qDj1e+6XWF
zx^ItGUpLjXckE?td%HIYlmFwd(Cw{vKHPJc^8Q9X+@{dn;%PRnuoHE(3?<s&Sy(h(
z>o6y7W5Hv$6i*|)*cE$a67=A0QV;&nG8i5}P7XK+LjQfQ?Z2OQYR1bYZU3EW6ej=M
zxqrC-_Ev}MKeEvxTBoCcht8p%hx=!T`%m$ixu6g*ht~yvb`F#n=;wm<a<f2t1FH^n
zb)lK_*{{evTBO1+Sj`pU!D&3w6VVjD#8eD0(|B-<M-rrXr2C?QI}__INpVQYiQCvA
zfGqE$X0Y7y5P4)#<|7g?9ti?vF#bCM<G<q-AwW&V0f%S=j$_nAV=8RzCOWLueCeAk
z00-SXL86gN7>#rxy$uVPfB>o>+5hEZT2MU4y)x)YEk!&~toZpsMLbY7R)a6?CdUIk
zM&p5KjyJM@g)%qj4*Q@Xh6LHvAwdOlNDv0}Mmrl|4A2q$Iw%^yvP1I_Fl+!ZmB%>c
zkRV#e$lIs)1hO0amM9_Vd?%i!htp0h+hq<^L%W^8jCY%LBap6-(U%8kgEAAbDb`4k
zqH!!N%*J8$OQ-ABW9$vZ8YO3YQMPJM!Pbk#!q6&9P(9&u+P*Y@%L>*C8jZ76c~2XR
z#-Tlq@!k^J`B=%e+JF))k<m^BlVHA*P2^a-w<JMfTrT_hVva@Q<jCAV$^cTja)eVv
z<IpR=af;X*dgU*A1xBx{JO{#>lLbsB1t;dK21W!uTQ}%h(0G~+7`hzWlH!@uDm?QW
zVx2!)P}(0V+V4pF0cn4!XlIeO7HJn%v~x&%1!<R6v<pak0%_M&v`a`EgEUSRi*gld
zcBDnCXa<a7xdmxP6)j2^!%{{)RX>ZX4-o9}nGTHoz{pF0yj4ezszLHJAYasxTQKs!
zfZRZb(;6^x3Xm`9?!Lr+yB&~E>By(#Gk90_6NaC33>&WE{fB`3i7v#X6MOtuKyG;r
zf_X7WBu0XW$%f!HD7qa(ShQ(%DyA*){R>XdwP)w|V19}Xfyav>Z{owl6-V}dC+h{d
zMdGH{sxDk&$M_DDPb~F7ytwh#Bo+*^hJ7-NACgaSxUMnse*||DS^BO<{Px<@Vd6U`
zRchi1{>anB6HJT<9Zzu8SC{>HkoXQb_ZcR>12!A~Gw~fKrmNyRh_0p(cj1hX!5#1Y
zZs)`+Mx}f7tKaRK;EuHhbdUCKqX_P}bq4DESHGaA&uV=ir?;rz$MCb-_i=~|{XQoC
zRu6kgygL5*9>g0_a{RN2YIk}-%({^;=}rL$rY}oiu^n07Nfc!?#N^V8=rJ>Pcr9L^
zQ@VlZ+nXeXIn$8h=M|8`#H<M_NMS@s@n&iprWpVOA&|g~4-=I(6pAM%>i7H#8KT8;
zd$qyEX1??W8B9zwN<|PEn6O~q=lXk5#go9mL_C6tA{k7SA$rJXV1i)_D+3ezIr+33
z1rrKz5daf-4yn(HhX|M`KA0pQMME(0P5?}R&0^E71Wf#^5rBz)Umm4k!lDEd770w4
zWH3RdRZ9jYs%2H)S434V9fG24T^N`+5&#or2qr37D=3&)qr9gXf{Bl1FrhP@P__>Z
zTGPoFCl#g>%5#*HOeY8<vgr@2OeU01!Vnhuii9DI@)Zd~nB*&nAz-MwHX4PLVSpj%
zC`i>~2pKHg6C6WSB8J%3q;?GPL6h1s#4}B5#}LjYwPT3;n$(UV`ZcK?Lv(6VJBEmE
zQagsIYFsA_v5jfcDZ7a#U9Z!_KQr<$An(?Z8#5Hp2guiI#SpD_hr|#UcZI|d`*(%J
z5JqwJuAmsAl3|D?KwhWA5M9~hrvVubFG+!>Q4)rT4~ij7;>m-EA?AD(6hpwY6gM42
z3;}acylDtx2$+20@`EZ2L9e}i8Zm?*zI<B75EgOvLCNG(cu+zU4<A%u2tk~18ZpGV
z4-rG$Kks7g{>>p@Yy6v4T7A|1a<7p3YW=T&6F>Z~#)rN$SsfpW3qSO$V@gN}G3Gdd
z5NkLkgqVI@3n8XnI!|B0*=7m|ac(j~i2FYX6(9PQ=KPeXeIHA!L%)yiN5j02yR&IT
z=mdBRPE*A|0u_i<*R8Mdlh1)x8}EN$6V30bj_=UOx9X%;zN;5Q%eUZ{I^!GHsbm%b
zf!WIeN2FB@hUDdaF_wV5Q_OFfG7sKhq3OZ^GFo`SlWBn?v%Yp2iN|~?<ZC=+dnUuC
zoDQ2zGHl9=1ou9nn^h=36FL4nHgY^s^8-mGA)zGs85lP-RXKQ;oBsQ%pA8~vGWzh_
zOMY6NHLLUjUjo(L(h1y%vdy0u7vb<ws|h4<cWp8Ssx}Ih6~!B7kl~pg7wL<!`!^G^
zIm>#YP#9P|vopsPor2h0%(qu~L@2#bdy0jP4tIsP{hK6w7<;g9C5yTxK*#lqLAZE8
z@TMBcM5z|}Bjn|*BC@4>h?LMcNZpxk?Id`T*R<oL^p1S`R!EiDBNO~qzrr6ry^NX(
zKjgYWz@m{_5h>oAkHBEs5y8ENe)Obiqb%W_1qN2KY5}bjzkEVrqn^DJ7q44a$QEz2
z_~N&Cu@ku{+aEDs`i6Cy`Eoo@lP`VZdF^-%o-h5cpM#FeMTDWMdQFYLuKw>G>+9qH
zZmN-g-Z8EHbmd>YLi@ji%U$>Qg01zDchXvofBRRhyjRbKmUqEV^^*4{Ca+}6_jb?Z
z)?%4KG8{YBbgd;Lb}jO6Sfd#)I{8z>$iL%IUDvN{yZbMDm#a{>yu3P6a8)<s7eqpA
zy!%JNeMKnU!<P)9u>KCRn#9DB)d9+%3tfIv$2;#9Ax>ZLq;5+0G)ngnB{;k~-4l^v
z-94*ChIQjC$c^J0FUQAcSj%UT6))0v6WY7UN4P|`XDtNxplaVBZ9KKRiQpb+^!1Sa
z!A;<)$Umgo*Gk8qLZsbf_wRIgy2lCbv%2`~CZ0xi_o*zyDLlX8xd%?1(#q!6#xu`m
zd1qCt`HQN_uB|$SpZS;FS~-QcyZZ}nlW#SX2kKIjh4yV)@J8xM6aVyDdSI~z*4<L@
zA(G#yc0jQ85jYzlc(ZE+_ikZ#mEhk>x-jj+W+Pwv3kAvBiNgENXJ*gOa(^?#9d%G}
zoiXrpAEY5vQCIBlOM<m}_T6^(WzvtT_6_mI+yh&=A)a>R#&&zN+}rJ>f8+1;#xx(|
z8S#yAh{y4bDZ|q!Bc;i#J-`inINvV$yo7a|vx&nKv)AE{`Nr<vZMR<HpMIRY_zaH;
z^lg^+KEJ)(*FVefjotr^efO0io}_~r)>gdtF2Xd#o%BtX`+(hgWzLUP>Eyy9ySqBm
z-Ex!Qsv`2gN;|YAdG1!hx^?ym@>eT=rZ+W%=A!e&Tp0o{(p@cBD`&;u;Y}si99PIl
zn|Z}V)NYD()?Q$y;_sHnSGuRM>Uj?DU?Q*B-)^Y3`?uP6R}b;D+>~K$%zGcA#{^nl
zakwk()~!Tdh|jaTt~Q!=Gfo>>4Je<NxJPhD?G;>?jI$32o<Y@+`H74}!BtT$xc?Bk
z93U@GDEE_5;E$a7kl?-7FO>h*-{FmFjX$4}xXpK?s=Y0<u)Qt!4sk=*>~@gx-SrM{
z%SH~*u)PrHvDf5jo|e)a+S@Wq)852A7s`#!PDFjy2)q4)^)du?r8b9NBGWc?ui$M-
z-!RPQr_)FaJ;|E>8Q{-ym)mz&k&gK$&3YT}ZHpa4M!<HvtJ?7Rp{j;{zcN2)9qS!E
zbu(EDr%7vJi%Y@QLXE#}=Vuy!-Osx9?{t{;Z(lv^Q}1z7POk?oM6A;5qA0kwpuZQ|
z!7?4wOi5sI;_oek*v15*GCj@)&m(^YfIN23R039pn`xch#)9WAqhK9mbT$&K+xe1N
zaIk4aToXHu*eisj_S=Q>%aMr}gv!c<#!JbpuQWj|qJoUX-w6_vA}z?@82XYALX1y7
z$dapD?=Hd<&4TquzVuE56!_>amK-d+4nj`|^2_lIi;E#p%Or06q{eUeZxK8h$;E3H
z(0j?QAe%2~6ag``#|j&#5y%vkk`Xm4k}Qy{{Ze`*fKvrh&O_1*f)~AM@FFCeh5NAJ
zJ`GlnA~E_wG&j*(y?s_4BYP0CuW6cxPs&yW3RP2c%~Iz3Imnlcq!-X@=kTnjKV&Ce
zl#zJB*FoKWyT5{FBeS04OTgqXpm=5<f>A{&Uq6fE-!HiO&A&W4R6ejTs1-<TTb{)E
zmIuy{5sj92SCrlQ!xS@gttTT2T1eh=%<dEezu+0NwnOK|vIOQQ#1(Q@%aruE<igI7
z42d4Wi3j6gf;j!H8b8vlK#!*OPtw~oV?E}YkJ<_qV!+_(F_Ljv@)QvS-lKIl@7V2z
z7ix=wcWN!?hirw~MZThdzG5CT&jM-_(;(~*zVAf?k8;V7A|mDc2582Ux-CDm<Dg^)
zoED)PPU1mdEctP;rG920zZ^qGE7={hp>Lq+y1G;d<u#GgEWnX&x1Og7`}w(dfE9xb
z*0}@72j8vay_~HM^<Maezc9N=YjMukNnF()@|ASTDl(sfjPgSt)@a^G8#<UEgKo;q
zVDIC%H{g8$-8vKB2c!YU`hR<S(e;3>S-PrqWba0H2roM29YVG^b2}M6k<3&AqhGu{
zg7u+zBoepS)vu&-K57485x23+zr3Q`KkWQavmPGM?jO2W)ouUq`JUkW2VH!l-F*Sz
zAK6U4KBOIuTU<bA;S7_*lSlS}C;5`)bY4K2q#*{-KPLY9jb&A2zcw{qNGXW7@y}P-
zEITjQ3?>`Ds)EnhRkFuvBzI=HPde{PE1n(66-|NN>Y`uT(;u)!VD+2?_Jav@21Ta9
zK}^21hW^?Rx?`>~8&tB8Cl-Dvc<(mRxQHo6vHj~ceoD8_Fc(HS+%wEs?yK}Cr+FPI
zd6vSaS?;7b!8OoqtU3sRfL*Q%YpPi&y4|{&FF9?X_HBFlwMe_`n!(`~1=lX3rn|=r
z?kb_YDizNvf<_ehj4Fpg6!-yELh0{?<H#%nn=2>2aIzOippZxgqTRh^c2leg2M6t(
zC(irt^d@z;yDE%w6%O-mhzFlwa=53M1#c9620Yh2&{B1)fwrC+2wG7CfjO}(@a#En
z`96mE2L=OzLxpb52;7JqznvKj1Wz%%Q%}@<Z+^$pGTtthUyHU*i04ao;7i3r3sU0T
zkJcqg`5&RK1C)4>qfo!5D?C|}>}V#C(zF;I-nZz=O=~}iBQl`8!x2eSKz2N=u*vdJ
z!udkMy-_UrF)83~u~dLIg{KKLaipAE+Z+9L0DC}$zefy9HDgfaD1_YNma|=%i?Z#1
zF8SRP;@JT3+z}6O{8pILA;Rutw|!R{LD;WVD}fWa)))NprhfB*ODq^}MFkp92fU=%
z^Z&a-GIV+v`No$ZX()F$OddGmmO=(#2j$S5`zow6GfV;<ngSV`)K++Z)%D-?;_j!m
zhC3e%>Q7bRts#N)Q4MHJt*ZjU(JDS}!^y$oku+HRZPIaT;ib{&>i={g-_}c5?8!61
zuvn1uL=Ude*k8Zb?f;L3+5hjX*M2$_p1iHS5>IYAT?ah*;c`uUxK934zlN57=C}30
zleC}-#)ngfXMVI?uL<nP4Z+0AJf1m%brWCGFPauWqLU!o;T;Xd-7ZKI%$vcSmfn?g
zI!OCvnhz5Vj4Y#OAgro^=vzg7kJ9{gKy8mQ*#|0t12*xDG@<1QaqIv#Ytunzjt0-;
z8JwtCjOE8YFvx!c6q*YNgTlH%T@vPnBM*h#6U?_Mh5AS?NGZu|<|=sBh`4;&LrNs<
z!z3iDb(Uui^^aC_81`;P!|lMMz2xLe4tEiCkQOO3TXGbuM0=Pw6kU?h-Pu<~+D!wb
za*sD~>Od;c*VJF_?XwNe-Q;aZlGD_qbCe!P!_1bS<KpIx_P5LA#N<<CG4hZW5p^Wh
zH=-{SAXYB*Q|3yZ(rnpNdWNVr=BG@S!>(e#K~HJClC3B6lv-poMg+j-#>Q>ISZ}2I
z)gfEtULHNB^bJr+&Ppiph>~p)lZ1wDQAu3eQIa)Ewx2kZ<YP`D39j$4FKw120jgge
zx<&5&ic<wzkt>y)%8^R0?1n3@O-6$1g_IF-Iecjh_)A*_kGbj+++X@R`b%FtJsSLp
zdpM;(aVPzOezTCaPet2{v{6Vqq@wLdS_aa7QPF-vS{J09P|=PeEf#4$740O_{`j5J
z&Z=mqkoE)8&Z}tP<y9l(!wex?#0Nen2zi&zvv^r%NCgI;j^XASiJ>hpn02nt0W!no
z&j>?r9Yb%K;Q%ni=@{Z<hBd%&osQwps}jQt!0@Zi0eZjOimAZhxJE<m&FXSA`9Xc4
zM)6lNpM4XRZcmtF;*JgI_Jrvq_Dn>#Ck?9lbOUvJT9koSAMU<H8DL<GukV&UpJuUS
zg9HesZ$N)%tjt)n8yy7Pv#C<rb$UHpzGu(|1Q9<!gHF*w;|UN5qK{9%p*i3Gt=7NQ
z?x)cHt(6sZ*2iX|k2^CLsAP{vN2Q6r7jf4TYMVEQs?V(P&uQd;XNOk)5r;y{e`-s;
z_3_O#qlpC+@@!Pdu~Ly?SbG9GIiKp}JEP^Q!0B<hkov^o$u~N>#lw~W3;i-j8B@^I
z{T46Vrz0hk39C*_b###`^m*_{DjiMhZ*2^sqf!5}iqaczV};YwiDH30D%IUm!8Bg%
z^-U5BcGW0m*cZUV>Y$rH{4j~a@B+L0FjLP|xKvp^AJ6iP#*~YaerCZ-Z~h1MbFP$m
z+Pi?k1f7arqE^w?zoDXUx}B)#vQ@RI=pu!R9&sH}(f>Zy6+^eK1Qawa^)?YIw2{{r
zTuTeVwe+}6YAr1U)6xkFEj|0ITD7!LH!Up$*U~?2RBLG=n3hgZXz9P!*Q%ujrIxnH
zS0pWMlCK1`^cK+4`Fv@E5L)`?;9B|v)Y9ip)UKuXov2+)e|e&IE&bYw+O@RnMD1F7
z+=<$?^c^Q^*U~*t)Jsbzh^tqI)Y1v!;*}w_bb{zy8B$9ph{INf)Y1uJ@0B67bb{D?
zWk@ZZApY@wNG+Wp?s{L=(ooJER^iytYT6{Gt`4fEJFix#>G@q0YP!j4y_#;gU7@Bg
zZ&L&){j^F7OWM0itEP8vLp6QhQ))H6T)yYERj8)>KE>jnN7WktjP|<+U)K1ex9I%;
zKh)9xzahB&u1@-z^O!tBlvws+ef9N+FRA5kwMDD1SAHK_U#A9_yPo!q6R+v)8(W$x
z?HiY4mG+Hyf3Bl_<L4JO@z9&K_JJLHL)!;Nd{wXZ^^xowaO9bWfvHR!ck!ed=~6R}
z{8U@`KyB}<gQh);H|gRZ_JoOlSYNO9j10UlEdJ|xn&#8(QZAHViY!bKT$c>aMx?P9
zYz9kVcPXn+gG_B!pI6{@rb#V7aVYo;)Wv%((ZqXg)V4P!OnaApS)cR&RR8wmS7lK1
z&R2~onrvN>0rBimmpF?axwkkxG{_wCpTN?H@$8W2WNu?wy9(@FT{KnQ^cWk_(o}=t
zQGT!><onua))z<0#JB{$#7Z7y_hwlfZc*b8OmV~|6xs#%PRKn%UQ-r#TT^Ej_+Yqg
zh{4&Be7Yw>@D8!uHawzmw=YiTPpt5nRPhgxgqzmyCAiA0s3qG<EPgAAgF><+dl0Nx
zm_L3BJzqbtkpyG`QF}5F0uvPNJ_8R+ma`n@WVoxd+`owTO{<|!oP5DM8;+ube=3<T
zZBCw(Wxd9ilw;NN>mW>H5slZN{k&D^vP*DPH=3LZH(NBJb~g*2<`8Yim#&C{R!p{#
zftOtM75SoSZ(<pFbSn@OvIn%0Th~#1<IN=M{mspCpW#i>LQE!E-fTCJkG=7u8A`Lb
z5Adb$Mq!KX?%y4rF|7K!`y0VKo~B2S$CZBWcVOkGao`pV?9ZhZal!+IDlKTsBZIiA
zF&A*VdZQm^Ulm6f4cZ**GCaoA)qNWFCh++6_mcw2*DZ3(I*41}NFsA0`h_O68S&)f
z%qDV+_|h}108bWeONpFvJ^SkfXveyp1acC&Td`9LAiq&+71^v5nMunm6}EWgfyeVP
z*od?Ebt-F<;=H3lo3>qU6D9=j)4La(e_W9i$miZlZc}^luh(gtzHiJLvUX&_<S|pm
zOe!Qo-9($!Q`0Odxx0X`=htro&7$_jK#OwO>yZ<@uWrgI6THu7jjK<B_c4j2HU8yE
zngs7OW*_{sboM*kC&<#+nzTv$eqUEkPVr90nfI2ipX6~NQoO&cOY#26D%>lmQoMt&
zO-k_&Ag5&@$@{P^Qfu^C-r>M#9kRUlVnPJ6ymx0psIt7DGX%1{%R<1&k%S1I=>3SH
zPKn;P=@Pxa`vnT2O7y<U5J>dSgrKS3QGy`3-j^FVPF+UlOLiq&RclC{>-{kJ7rl>K
zAZmeTaJO5(<4Ze368BxSw<gC6r57L=xPs=FoeUUAkzcl3E9&9fgC4#;o|cOe%UqZJ
zd`S{{gll7e*JTSoHy)~Bd!|*x%4idp*xGPOhN>2-I*+i_RoHrQRRdI)E%b6SS9Mu+
zxfQ+K1CJ#@{hI@H%kz}-um*ttPhcZB4-a&hk>^P*&t~9pA<tj?DNl)(=QQvXBhN16
zc|yx$AbXRlS;(^zd1h;Qx&hC0<e85=GqgO(z{6_kj7FX!EzeEBQ;0k^<Z)_wS_02w
z$kPsaCTn>jfM*i&RPUoak1BbpCLrw)(h60y0;H88ZJLS((rD^RvW;3xQFxW?!&>Xh
z)5r`r1H&ykhVe2(17P@<j$w|>aQqd*P@rR2DKl&ahF5e9>t%*Ff#Cxk!v`|MTwr)r
z$MCAmFbWtJ>KGQv3^rgW)-n8eSz_o243)YB@V8x&7;2UhhHknP@UO}YKLNwSD}Fg1
z+wT4r_Py89IEM=`D*+HCukFO3E?M8Zf0xaPf9>wdNqDiU^#$eJYe45-2d?TJav6XS
z83XHoz?hjK^!*Q4#LNr<iQpIcg&QtNVhti<(Ti0p$Tfmj>9^LkCaA9jAN$Z5ke0p@
z)5gE`ZW498r%D$QYlsWp#m#Yn_~-SP{k|ED2Ftrx@GfrJVI>#$5^~i7+9Q=!pW<IU
zcx;D9gSx9ajF%nWl~mh6W~S72m;4YLlC<s;OJLuXeEQ5#HIMNUnckbO5cJABC{Vok
z$2%yp8_9_WQKzzp`|hH5Ulg|!Hb(QMG4W}p{ZHOO@oA?0mPCBj{UF>zdMlo5a*@wj
z?$a0rG*uR2BKZVy?SXvcSf6zC+DrZ{>j}u0?-x%_LwmxVL&Kb>e$b=d?=)DYv;S`i
zWB>oKZs(!cStvN!;_OdjBFUzeKxBs}7eaXoZ?bzHH1Zuede&u-iEPfzaNfmzSiJ3v
ztA3)~fXn#{jh@1@74k8q5cZO%pVFKc|6FS?N!?sGd&%YxLd84L-5h`fc7P|I9^m=W
zKo9W5gR8z65^qCkLU6R(J@=ZR0OV7+!+47BFglQ{q|MFA|NN@y2HS;7qtop03?Q1l
zEZNuDRpaMN0di3FL$1eXm6jDYAjDjsk$g3gPepe3?yPP`dwEr4#`tp3=vjGXgFI1B
zq`9j7h1X|zg^n4eWf{DEYg+lG=ydB&XVWSOi-2dB+(<sqA8jn{Zr}u(5<M6t^q>a~
z&v-LCmhR#0+X-|ij3y8FMbibuP1-ux!s@~{mEwY4SX_Ht&}t6*h;DrCm76g(2y?5M
zU~B(5-J(F2N?RxJV4Riw6JX<C!oZf9`Y;?2d$v)`|1>G!{)n$22#cm-g9F$(fW@fU
zge;t={B{}}WWm^=iFBWGSX{oND+{>ue{l&sgz<sGvGC^Pff&SC-ODd0#IlHGU*MW!
z65n|P4S%;!m1BS`;xlhZcEKkZx#LuJ{JysFz2QksJj$nv@lAJEBgzBgTb*BAJ-&~v
z2s^%);rPzrS3PdYD7nCwb~4BZ)Np(^VdHxp4g8C|7c`ULDKLsRJyzp)Zy_YJwnXrP
z=V7tV)s+Z7NMGpaII~;CQeuHx#PN{F;HnUa0kbG;5x;!&77lBzs&oBPaBRW=7)WSH
zUp}VxfyxFIh~8ls+*O0aAOVL#do~Q-*p9;>L9G7llD?vFdLS1byE2#_1cRQULuFa;
zp&~mln))dc?zMBYK4V*ZdNDq5@n%)1aS3{{KPG)y<@9UOgwrp%xfcS%*uaoX5O4WR
z8j>xRNl7{yEyL0G`V>Wg+F!5X#RXG>*CWR9czdbFAN!GZz1^{)ZtLx^_v#Q|s;NhO
zsSfpscl^)SBW}zEOj;j2L%MD4qm#xwI(FowQDB)FTWPZdiW8r$Q*q+H?<R5eD^ASI
zGF&Hid4{H~6xNKIGG^o?TCOiWuA{I9rOF#+r?bQDvs+KGn#GURp=NQ550Yq*?fZ*+
z{xda;o5~`$6sInNZW}XsBvkSnO}edvuoj9Jk1QB789K3kMT~RSqbVj_5#vQX+Fe)?
z<Fvm~#Q5iq0w)$NNzxQC_HmpP>V-v&yIr<(Vs-^tQB*~Y-+3*senpILd7CA*QnLMD
zEn@usTPVT*UJ>IiOoIQ%ix_Xz7cp*3*Zv#0s!LZiMT}wof|v7Vu4;;^vR+eq%T00-
z<H)U}Yb|1YvT}5-MU1~eTF@fKA0aJh5##5O7PN@*<46ly#Q1)s1ubISA8A307~hDr
zphb)uR_YBflHtWyF}l{uf!`r5Xyw4qkXF|s#{IlWp^6xH0CMd`jQtCeLKQJS0_56@
z7?%UN_9Dh_0J-)e#;yfPp^6xf26Ct(#sh&NR1xDFfT8vx#*sj-y@>HKPg1BN##?|~
zuOi01Uy$%kmlsfTl|QT~V%(Bk3{u4S+Tx_}MU3|^#*IBKVw}=QQN(xyy<J_zc-`_#
zw1nQL%P+Aa#_uh^Bo{GWuvm)Wo69~Wh((Jf(I=5lQW4`;w1}}(FK_hnOM&{uC&#n>
ze_ELR|En`J=fmI8<-h$Rw7+xZtM%}AQacBWpQ9en77e9@=j4KcmIYH3F$Oe7LEA44
zr06#awph6~AtUj30`l>^BVMuzUdXNm<pkw?U$f2h^|5$5`-Jm3nA9<{fcha5SkxZJ
z{EP4qbes|GK#ylC4kVs|wOkM%@62I}sXn)?goB8`iKSf?x`JkGdX4JprBv(CLx^ut
zO*9ewf5!zHCkBCKcntBFuZ1L^e>0vx{IxKB0LzcT&K{D-79Jr>lxbtgbBABy^m}uD
z66gD55uUU3ETEfQ&EdVXOMB5EHX=+e?KnELq$oxOj%_U-p9g@9qA?YYr76*Nh0L<*
zK7$F-o;`DYU>8o$o|;)gw3(O?O|JOtaIX(u@i~BMTZwm5iKZ2f898PAbb_aaj*@&2
zO#}I;WLZoyyJsRI(fu4tln%eja;{oG#Yn?sWzJPWQHJ>l1s2hUhAN-qo@l+#5hM@g
zbNu=`0uS$dI^c7}FvD_=ji(Xd=>3`C!-jtle3-BvcAP}=(4H|m+-}#`KYm&58KZ1>
z8`Pe$29jrtECyZvErs&w+++0K-iC1QG0L{fpmmSUe@X2gqihC)+C4_I&68Od`^NK<
z7-}CGy^BWA1v0Q+#2jVnnRkU#U^03I@`Ks^TOigUn`{#Sh&@e5M!(G)sJc&9se8!i
z9|WXbuL?Zm>1Be?mLd?Fj!)uMPilgo;z6XfRMAXG8-TRyRkZ7nb`#P%sAz4F));9w
zs%RaNcKRzyi&xR&khTYDx2R}ckhThG2`XB5q`ic+J}O$G4j47MBBigtp@eAE%R1-B
z>}wK(0T>?DA&3`ch9fS*@RW|BLT30H7*^{T4$2I#0>cg+!w#8Y7BGCJWB5vD7y%3)
z>KHzxxzh;#1M=%S^5m=1{q2AuPltjI$_!WLf{0f!sL`y(GJ+vkP-DJ$(Sjx^|0vl)
zV-)Xt8c{;NxSx@aj6xW&f0V+I)9q=N|8-Q*+-=m+((q}8qvc@^0S&AL;_qHn?lyX@
zYMJCpIlN4n|J5rYnKfQH|EpJ#yDeY*Xc^1@$^?BaISgK@nXEal@QN<~>&npnimU(r
z|1p2ti8yuswykW@G>Qv4hs@vh_6tOhRDaq{k-u%-3)=i`tKP@_Z3&yZ1%^{^#5m&1
zBSYkGoBf#PJm<^0{I4rQzmJK}|6}Jl|NWbtTkGIh$ltlo>yjU&Kyx1cWgY%q5eEN0
z_fN#54tMI}QCCB2Vht=FwE=v4Luy;=plu5hk6QDnX1=_n%YU*wO#YK+|H*jNv(Sw9
zrDkM*R^NEk+coW3^`f>t6W<Hno~zIN-SHN$9dF-3W1f^6<NCA?<L&858h@)!{*~{B
zIsY6+e${?!2^ZLJQ42YwW+D5nNYFLVtafn@&-=?LUUE^q274$PS^7O`E%_2fOB#VK
zHQCn|;$<tzHM&o6Z7~9#vhgL$sn;ii-Yk$oP1eNE<TVje=U%YMYa*c)sq0-AY3g08
zi(NZBU*d6+cEv*ZuTgeSYDcmL`WJ!Xac_Ypz0Kj?kk+>Ff&_TRIeKmcC%KEFf4u3c
zA1i#jHh|HQ02#Xh;-=mK4Er^;zPe91+(*;=iy7K~j@)8*&x3FF%6arAc-5G-op90;
z#(v1-A5Wf}#&?;=Zv2<@TaeQSd>-7#2Ixt<;V_faLY?|7gF};!Ab)>WDS6Q@wz6l7
zpArID)amblMLU@<eX@pDe}-z7g^&ZxyI2-qaQ_&PeP8EbvRBz^5M`jnBvL{dFiO;=
zl^=bEXpN04m0F|Z8Ppotveqbm8@0yeub`q=pOZ!boM)dbvZMSoB4yosz&RW^X`6O_
zMKz2sR?cs-qXR7oO`7z4na#Mx*|XM0MFedW&3}@^@XfF|lXM@v8K51?3GT0A`3NUy
z@)7=9xBkBsX8reuT~An{OVUU09)><Dq{rmf<+UV_Pkaly=DL`Zc5XuohiOZ$-_(sB
z`-Aj71!SjQVMLAm$LelO=|8z%`ZSAt3YFg>l)l`1f~;TTrS)sm2X$D#PLJ2r4|-mg
z|KN=<`41M<WBo$^o}BN!TO+!9HKF<5X-zzj0gXfoCm(hCfzjxU5rz$OGN5gU`8;59
zLfM(ki^jgp`7D}zeqg%ymqXlp4qvjuh<ize%WuNAWWn3g2>w8bVK+uW-j%Ij7>cI}
ziagE9YDHe#rUYOiJKBdK&r}tde;~f4Q}ww4{G&03vHYXE#`1-`$ENf9wr7-XE9`tO
zgI~Wp%dpYj>9W22XjG;($yC@ggY2}%W^~$~;oj~1ncPoqi51=$%)xEj$ZgIJcEc_^
zn7>>bO}^J5txJr<u#5TYd`+MreR6MTbOn5De`gzRIma0cto3~92OLd$m1V8rOZ<>^
z(9_L6p(2M2AV+jWnk#idW9JdOVGH<B$bRR84c9}J-JR5|<nS!Bp@T<^ezYz8gxwPp
z$D6MgD$9(Ye#i-iv%=ToZ%OtUe>?n&aPg#&xC<`9hmCY8q{Vw7DPVb3L%Vycy<CjR
zO59p}bPm62&scua#<6^E*`Itt8EG~7Cvi{J1}b1-Ts#6~Wu|^!Oe>_PV5x_*l9m*r
zHGtLyb+OvLBhA#q3RYA&5-aX;%Nb<q=wuE2cvErn6zXJ!N&#tE8T5y9LVHoqfUPM;
z{AOVi?ZLch3O_0lEP=@~0tHgLP?rXGp$5(b$BMm)Koz!jQ;0<1IVBRwul%5N`qnem
zB>PMQ?$R!=Dcz+7MwTT*=PrFcR^=}3^*7w5A4Le9XrG~Vmqr-S*vg!x&mSe~=*HzV
zU>zN!L=h2G+~@JRwYf`a;hhFLcWKR&YIiAR`_&L|m$JeE%w1X$%w0<F`Nj~=T}s)O
z>D;9=pH#a`Dcg&NfV-4Qz}%%3!Q7?vo+k|9+@+N5Hl4fl@;tS>l(OAv2)Ij`1jPXf
z;A+5KiqADD+@<tNI=d1mg*3#VaF^06IR=$!&d--DxQy}N?^Ej%6fy`{m-+`UYtZwm
z##ss!z%_)nK;<lz!?2p7jqb-4^j8L`Y*@FWeQO=kGE}rQq`itXK}AbP+FYdFp`r~&
z+E}CwQPDDymbs#KhiH!#wL3(cuc+N2dSQ7jk=%s#AEeDx(Tb3^0cmqov>8Zy18H+r
zwAnhl-<Pb`K=%T$m+9<XyBIkZ$eVOzKO>)hG^o$8C972M9grL9tZf4s`C}m8sv~!)
zMxWs`KyFv9CEv>Ko($wJ`nwtVZhE(l+>VixfXwU2JaeaB2jmDH`N1oA_k~G>JXGiH
zENA3>K>l1uj$^&HW)h3Xr<QS8r2*eJ3FQ%GzQ`V4JlIStHgxhz4$0PDa7g+Rl}^rc
z(-cn5;ioS7eUZv1eLpP_y1bQq_C-@~DaMwqh6|mTQ`IEC2VWx@Jpj-w=<R%Jnq)03
zo|eQ;Hv)VsIatUuk${*-*+virK|q8pkYAJeLx(N6<hNT7qd#<?L-zC*iCyLATc)8S
zc#Q+ikCwQLe$D=1q$Zxtt;_%aLYVyjPt*hNYU(M@3SCd}o`1fcq7u>k`LLq!Q9WuY
zuGp*a^Zg^W6!RbcTeTENEk?hdEle%N@#<QNxBZP;iYG4(=ENr^YilV|Z&jd{;(Z4R
zj=6tXSE!}9e%jx!rI<YDf4i3As@eaq)l!TLQ3ok>EyeOTM%P*g>20J1t%Kx7TF^R3
zk032*9i*X13t9)M57L6xLAoAkLF*u0dwq1Rb&!5RT3u@?PRI{gOVN=ZvX<g4`5|j5
zHq8%N2kFeXkaduDjSEvt@uP7eYbh=o7qXV(W8>;uOY!hz^rbyMsP<ZlUrtukQtWX2
zQlOUN>y!1h6kjQoYAHTfs_>;voh%&<m^fL|UJp%H)l$qWMPHgP1C`m`?JxTIj@tT1
zIcj}YF;`dr=$SC}kEZ|s=s$a>k=lPISy_#uqjBi^M>C=R(F;mT==7Po`bUdc{iF93
z{<Cw9&^UR2dZ_wG!!_qOp3v1lS{SDO(X{aX48eVcyo#*S3xy_tI|qvK2;3h<WD&27
zq|0I;{|nSB7d#`44$mBu!+NFgMk0zTpTl7>c`g}hu1(p5>^uYKwuI7yg|UP}E0I^d
zNS=!|$zlBA^E#5p83T_~Kkq$!UIBYv2leAJ6_2yA=aIoh8dW^~5w5VA;F$`qLTp|{
zrtb}8rj8|h!&uHhHiW!^C6xpeG5Kg)4s1sjNHS&uXM1C?&_geClBHfw$M0pqW;Tjw
z;mA<qEYEC_+U);K+$J9Hp1|GVjk#U0Zg)anj(7u8OcqF?)@3I@7Y@hR4LcoO{uHb~
z3jBZ{0fr^OZzlulGVG#|*F|P`gfk1zrlh2a&H;jVntXy}G)Qjwx)H@f;;2!0YD!p_
z>YOxT(xZ=065QF4O5k>OYQ||7+)aEpP`eW85jZ0C$gHG*PL&>etKi;`108x5_J1!!
zL|Kw2t=gOIcMq-h^$w`ZMpRvP;(Tus#(z`B?t##=Zfn?5npRC9=|YEm)Fkd9@;3Tu
z&Z5kjhs1_Je4O(3Te5yIAgIUTk9)hreJQa_+_$Q4AfdTQEV>@Yi772rT`!A(zsJqA
z6cwy4bclJzne493CK?)uX>Tjbph^@)!oJu=cK;Tz$z@qj7iJGEPVLDR{SHP;!J8%u
zR<ZC%R%w~DiDziFce3C8ShcV5Iwt<m>e4-PHbO3UGA=4XT?`<vLwY#aF@0|dG>7h;
z7EPF)+t~{ym|0l?BzXOtAMNh*ELr-n?fp5ZE7hBxARPwvN-N12cwi)GoGox-%I@+T
zoSn!5o57{ckBSqXxJD}z+~k|0I5p>M?Qox@bz&}yomSX5#^t=z;l9z~ong%K+)Bs%
zK%-DO5DfTa8O^ic@>yU6i}9C*<QFRk(&>R20>$ccZ8=RzlgbPeGR)!zRHXMabG}#Y
zXmS2>0^97_amk7nrxo_X^F<SI`(^D<R!DihQoLS^-MvF_pCc=V!_(j4=}OP<ZtEX7
z_{Ec!!2!P~r!%E!_aw!Ebrmxh7Ld!37#)5rirz;iK1JrV%FZ8lcbVONK%8b)piF6w
zSah@IM$%-9++>(GPc8{^RBJN5*g0@9PBjDG10i@Zn!HEfQWa$xQhW~*%JVYBnE9}z
z`6oY&V59Nvse!5S0K0g;Un=Hv4ya$V+;xJd7d1J1M`O1&h4*szv_R*atnAONGf4e%
zBG5Gtw&wK9M~pO>SvM5F5HcQhH@2$<v}=nj_*>&q@KhprU^bxsVe%{AK4}5fs<BNH
zusf7*x}i9)DA1TTmH4KO`Zv9>RgmU%2%Pa?S2}4L_}bzi@A;|4A>Z=~5TT*i{sGeJ
zS5=fZkP-=$#d3c<pD#sAJ(Z6=b3>{kxXZ~d#-=K}i{U%$C0I2&RP=`_B|v7*|A@QZ
zA-KhTRu>-<;6J@Z$-gWJKfDPO%|SmnUNt}XRRb-M|MB5GDmM?fs%3e_Knqdjn@#sa
zzm5BM_(0{R;^q4xP#GZWvgQ~4^8BZ(;a~KZhm%!xh)L+OTPVL2W&djRBL`Q(|91YP
zZ;6h}APVEeVFGEqGsyfO1_8|A8f4s*$IsZlJ`Cu3Mgp)U+o@?l$wqlz1|IkRz(l9(
zm|y&L1LEt08xTFYZbO?AxwMsCDj=5_-YTAxz!l~=JX6TeU?MYb(Gk0Q1O4c+X-ftc
z&#-ZYo$V~;6tb=f&RQ`rfh(S2#;05A`1JU?Ki$j~r*MV$l7}1X_;6F5A08<KO?cg(
zn4r!{rMR5^eVzS%k^Oy!{dJpY@?xF6%ylY<6&LX|<jrO}{x|ifnHwrA!T(5s9y<db
zcl$-Z!%!`(4frE}5fV2-xh>BG8sHKyc&3n%zDp<<8`|C9*~`zw*b^(M@yxv|ZVtby
zY%D*iOzV;y%Rd^srerXO<;3|pkeRL1MR4)9w34rIW|S}72;SPW83cgOrcePMN`CX4
zIB8>l4xTWTKH+DuWf<-5Eed=LPT><-hO72Yf8F7Y8tt%7+`>7#WtIM3IF&qVixD#N
zkT(7%zB%{2A0E|B@hH;$*=gQE{;}zu&ZfC5oSzbgbShE#Sbkp_fjVvNhJA1Z0ldew
zSP<n%s7eNKMnsLLxzNPn1(*DG_vTLxzKFy<P;<_;IVUKbS)|5if_pEVu`t5+jvj!p
zyRT*>D(mwO@g}9*>Fu6Mp~Y!2Yhn`AMoAG|TZ{xqq{RCH;KUD@Pd-9&Efd5Y(G?R^
zzc;pY91RxF^rn(qDia7b9v;(xJO*ww!i~v{Y9m*i$%KXW*K-^-78j832@uF+<Vy=k
zqaB7Th>p!Fllf-f4L*8^mOzmEez@fKHDO;4UG~$t|NTP%W=@J%AMM3KK*04<{$^Mo
zoVdRM+qCnvSOvy2_a-r|0CAA@R@||_9(&O*>A!5qGEh7{p5sd}F$t}q=$TI5cLeD}
zdza1j@~aUPx<wLnhG4x*Wnl{}2-wd#Qhex%UN9GYk)*>N?i7c6hLMb*cLn!AqC9WS
z@{BdwyZlwygszT9#qP!D{aJ>Sz$L&!>YZv9%Luq2P|yN}V=4y58zjsJtD^Y!$LIa9
z{&`Xm)xG&}FN)?S^igUkxji^jDMU}1W8zCNY^#CY-B5v6v)nh?y@QS9$BmF?0p9(P
z__X<V#zVe8vOOL*hA12NNq@_&M63k6dvHRQdu#&X8kC$ie{eFnC!b3zo}JGXrlj$v
zLF9!u8*C%2<ktshlg=XF2ifeEgR(jL>x0PpF*t`jB8Pm=C7*NQ2?oJK(6FnlfYym@
zPB&7p>k~WCRgKaXDZ2vR-SH-1ZAsVG^A$Wj>860%*t>|r+A=@=Z;oKy%9mVEt7HCP
zCknW{I!ah8DK>%ss9bPW8z2?8YY#!>Q4zw1IQz5kzrk)j>);1h2!@RgegM%-SA;G;
zq5Mh|x#<Aeyuc2HOaZdBENp6@P+cJ2KL>`vW*7#?9RG*9cY$xJ$`-~?+7yBmPRc`q
zB9x&*0|*Tdr-32~H1r%e0TfhJ)GAW(%|HUEJWZ;c2|;E?XPnU)nHiny%s8Xh2O=so
z6xyQlR1rm>puh>CP|Bm_(dNI_+WRCYZ5f<<@Be<^$L~jT&ffd%=h|zpwf1^Ea(cEL
z@(L5w%wf8bd!QT$t-FDl?J^8w%gbTE1)V$Qj$N({%Vmfv-1Wo^cFJ4gT|SjVp1cWa
z;V_v0yK(M4`D2$C4$B`~Q8)}|e-X^S2LKIfE1LzY;Bk!wmU<X0gLm=-RT;+D!2|2y
z;p^a?h8eIJcf&$>i}9tn0)_5CuX-_R$fG$n1wA)@EpSR5_@82hSu6qii{%>R3E@Qz
z+U;`yT?Hy&!)=-km}C}x{5ydu3a*w_0K4h%8y<&4RdTA_%O~bi_!1fFe1oaF0Jt^W
zkI1D;3VCv6bzGjL-kl4>&2ujYaH|+MOIW(7Sn#ccF&5@jGth$SYoRC~BP7d}h0OOh
zW;H<8G;F#7E#2Uy7^^WwG2kC|7ghc8yv|Evu$&<$HpZB}q}ll9|4biWB_H2mG59>S
zQpARLuRgj-#=$+299xecGqzvC*oyR_6&XfW1OqGL<0|6Ax)(;(HaVy%`~<Nv^bjl=
z!rcSF!2}0jmZJX5B0U0dI-6u6Zfo;c$>C8u-YgQdb^ka^R6xMOsDY>X?_3L$Z!-Ck
zD248YT5Iv}mefzB$gxa3-Fts~T71HsRU*#YQX)Q31&3Y)4!!>FwN`=0zfnxBmO_mx
zI6V)Z7C$b-{`H0<;mHQU-)3onsmVWF3KZGkB!rix;tLxk`^^omrAL-Xq1&yl<-<%s
z1)Y+5e;qg^N~Z0QFybywNH)P%*M3JTQ}q;4`+~M&M17pG)pDp~>_6D~iMS(|5jISl
zm521PVIZI!({hZe6PgcbWxh4Z3-b`&7q?xE<K^MC2~`WcE9^jT6D$-V5@{oOtxgEV
zrliE{Go3nJD1O}NH68Hw{(9-5C1aL%$@hluJ>~8Fg&RgBo65&7?{bYCIch%b7N0Ny
zrL)BBWDUhDBxi*fTuHkWR(WZ`5Me=72KFm*&^#&BrK21+kC5xDCC3iMw1Xai083Xw
zQ>?Q3H4t0?KIL*Gmg#j|gyxWlGTRKR5-qI}OYZ`>a&JhipV!oSQ6y@BNUDww;BaVN
zx-cgjj<B!mwT2lakjcHPIrReYL{lAT$ePn#3Qe*}&~Yhnuv!XtSqlGuDLHq}>mY@P
zQIy!|WW2UODknVr_m3cg1Z1i0EgnG9o^m}NamR!<T$QvwNqrt6ZMZ7-P@bS~N$!DE
zsCtTof3jLDN3?vYvSRYnuL$GB56t6A3RQ}Xg!*!W-OH*mo&aXFp^Q!}qhE`RE-a&0
zi;Sz?YLz>p*^-spSc=%9=r!V+eTDFL554s$6xT$?h#w3aR{}&{Pbsj)B#ED#3Y;s5
zoJji+m&krfTvIDKx6SJp(JU>=XCRQ_T!+Eht4@ncT(ubJaGPYW({9{8SRiprxj{Zg
zA*2tc;hFh05YLj@sDvK0;DTYOsYpYb<lHg$acLbpV&lEgg)%3UBz3o9KcYCB#An*2
zqZ{B$xZ%X2GeCa!m7TlcM6FXyN8m)Qlhu8)eX|^COe4W!*hDde-zQwBey(LMKr-hb
zoT#K&Qy6k!a6kJ#1%vsWPgB$e7>pQLL!{rp9H3=Cp>2hQYM3kz?S(&?2UrcwolUcV
z4BO|+^4gC>F74rC+N+QYgit&Y8gR7KJ3?gX`L=ULP%O_+rNE&EDQx~#iCcWUf-xiK
z0DfT}&F{jW!gsBtIqa<S9|x!vgKyA4GCyi&Usb5)!9i^Xdc=Pw8YI+o)K?;h3xcr4
z)4cYRu#qsPw;YJ~m@@|UXqp_aRMhjZD;i)suP`*f3+3~G6qcA@z`unrAXfoB*y%qe
zJGc9?Xg?&{Yw!bezsTZMkIMD~VvzLV*y#W0KMQ2|V-{=~n-v3Q%G?tj4ZlFf0Il+7
z$Rvj+#ijMh3EGAMumeqP=M*6#0t6d43KNvMj)5I?a8lU(CgOFEV~c^m8VfyLUW-5G
z<#HfmQJmZT$0TQy&pJNbW!)+jP)5XzgE))pse~Sbp6pZXHNK9?)ja9L9v_|<E}+Gh
zO($t>L$fRrtZhdODheDK6s&-Pkc;e_1*Msf-;1YWW{#rvR@5hvK7WrNg+}430`<XE
z#kADvht&_IPCv{quK%xa{eP91{o^?MZ*qQw&%ffV_MeIU1`b(umMmzu{^cx>57dl*
z!)U{3(2MvPkFU>V`<FZ}xe|K9f+wD0KZX%mCFe$B_2%B23}}gQ1MH0$=LSXlP|mqg
zd<GRkW#?wteVZu?rgN(#78&ARioqj9=kVB<FQc>=s5}c)Mu9vOwMMeTVz5@#a>@S1
z+(Ic*ovx@c$zDzr&VFQR?wEU){D51$rV?0))4tBMPfwz#Ym}ZR(b)^dW5tqMCx?d(
z#t5CxZN6@j{S+1cRI^fHWX(}`K3uRzRu{vEyJhEBzARe*IlMMG1R182m@hleioq8N
z4Y05}$5NTf=sNhwQHF@jei8U%S#6}V-q%?|KawY~m%pKUkpM82>wL%|ZP^@zw(q^z
z7By<G_qC_&3))P|yO;p54tEa`cpyEX3h#m5n>C=(tj!o)fP=sN8Hg?KYXAp^<Ip8Y
zDRGbeCY0+vzwBSi^}d_TB%HmaVI=P<H_CU7_&n582|aE}@zYiS$3a`g854u=6T;nw
zxE^gGW@}RT5!jqHJ~$mUga3L{lN7Q@=|9t;0?60=HR!PLDJ7HxyXvT8mv-z9;>^8}
zfB~r+O3M~x0t>Bel!pnJD20YHh3unRe3eVUCJK-$NiWs_pVB5jhf{k9GQFltQphjp
z<+rcG3GxV779|$&Evm-D)=%BQF_IL93Uai6+`{fWJbjJwdcNIUUUi#S-9&qh-2)N5
z`~gYcMt*<_yS_e>+7Zb27s<G39FQIv{VCipE@=P@X2-Im@JGzlerisxwwFL~Iyt<{
zGf60#Gnq^R8BTPkKvv7i-vcRZ;c0w;ZUE}wK=Y~%+A9k&7GXe_14`;gmyrX)kX?q`
z5ung_UP{D2&C|MYS%`9ds=R;7($Ru%FcUCCFP5{0o`i<hvWDEPND*0d)1N{8&E-v@
zUhIkvaTDxg`yT1TY9q@%#>83fGl0S}7?TaW_D*233xMIg0F1+k1O<_<h@K0QDFS4{
z1vm{ePz;<o8`<d!w08qCzzgeS|3+5LxF#m5yRaiJ%8UHj>Qk_cx+k%xtb%Aa=OAN@
zvChR@e9rP97i<%)E^E@)h-AYI6nJH0=mo^s8}S90J>R6{eVJ%A=Ok)`FW@a%r^iOz
zsZ~y>OA~dc*9-h{w(LCaUxzpDba}FG8pjukny09<0ChH@##~EuG3-@97d=;}q6-es
z`kjG-_fBJgN54tIAj!mohD5RtAs&QmQtC7{7e%wREkv^jhH>rXTh7N30{TN$u&$C;
zF*X~%Y>(2J6x1;`7e(W5qlmI>`Ph6W#j`TjE7{4wg*2ZnaKYs3P`b<C6;>*}c!m&b
zC#gSml$Gmh6s_xL298f-WG8VSTH50zUqcz3T}aUQds1oqkXIl&e-FIiz#SWvkl#X1
zn*p%_$AbiK<ODFQP3qUKrAL>z#5HgdKVI2P&K#F|R{)cm=`flNZS=sr3_=NUm25gC
z_l_W+HNn}Vqc7hRme6b{;!&&o`;GJ-+7DSCXZAx8_}+hw1Q;|>ftoee*l)e2Z8+(>
zZyO?D2qZZEc5A=I=mZ!dBT{Wv!oc3DJz%RWG+9uF81m$YC6nsScf;~#x+w;1Xi=^*
za#0>)9SaF@d>v%9mlW{iTB3-5l+es<ul=YoP<Evld_4ot_KQ;FV!9N#XrlGo0sC^8
zO#xmgB~Ui(%Tq9?urE&$k=`eRi1f2WFg*MyuFGb+)dO(fhvHZsGW!VP@iC8_jZX;o
z7>p6eFtR({av#1G$@<5#Q4TUbY(C457EMw;d1!lSQ7B3si+$!p8`E#KAsNh-3`J$l
z_o9Rw9f!c4%9JZNBQ%g(>SpxzziI!K*Q)*3qXzr0K`HiMtIz=KTHOFFkT3Xi@mzF=
zy5yjXAs4EnYPqQJ7CDv;gj`5)?hut7ZnaAe^RZm-n<a;SD&eeZWIp2+0B&JQ23^*a
z3!oVwdeOgS$aR(sxoGlG$frjxzh~+Y0S{@5dn7;;kM{sQUXwx2x%s@JK#+98ZPC|-
zX7N{Ao!?!a(p@mWZt>%dim6QM-9U1N@68jP!+PQk$r!vLfl1it-;49BJq+{9L`7Dw
zsS0NoI0I|!&nO>Yd!n>G&JFBjI6Yv~0e%BEzp$f)P&e!ofW9^`qI}u8Ukpwm;fp6%
z3C(Ws0?X<h`JmNzH3p8C14R}~^dmx^T>cUo46I<Y81g?)Lk{w&9Eqo+)(0|~6hpp8
zz9D$L^E05Mzri~$am+X5ajJsR(fepyOnC@z8#Yf=eT}dqepuX*LNcE~f--N`**H*)
zxE?k}HtxO!_E6Y75Mf7F2g@p)&0*L|@L)yXRoS#D^yPq!-M|550s=}iDF@<qeAq}6
z27r>dWFtV49c7ojUjtSx+8;p0QKR=;e7-P_eiY#kPE}|=z$_5jXNfU5t=MCTH-I~l
z#7}kv>PDM(NrAe>wE53z*=Vq~?BX(<?iGlLyy4fE(uWjkerIQt44eU08PYz%$;S)C
z+*qF!`53GknPkI0C+Tx8eByi38-ipsmG{CVHXxrMhbF;bG49K~8d@C!sjJD(eSkS+
zam-f|0AxGuK*`xS0NGEl+siJZGB%te0{)1~9!MdwMfC1d_mq}BS?UGq7+P(Jy{wO?
zvp}jx*~kXiw42R{kRCwY2y+fzaa)>Q)1gw75i5$%AGrW?d6ME440pUKqXG9{-ed;c
z(uYWHt-Bpz=fww^0k@=eSc;a%qi*~Soc`G_p=1^qu6Rsj+FH1wnYj1G$?R_H?rWRr
zE2NyKxpaZmRw55zl|@9M1fDVr;>yKDKkatZcpP!ZUf}uhCc+xKb`?5Li<iqY#+iZO
zp5|4LV~o`>ny&%xl@Gj^_SCRzNptEeJ>elt2q}QXM?Puw^~5VDKy}D(qrCuKAiSBN
zr|?|*FuD1*i@~-gT=gb7(gd5Y$%Kay(2L{4!yM9v#O4Fa(b*(E`wQH0>l4S6>693F
z0h3D4A#a>527kl0<XJ}I0S41PnwdDRY!lSNv(1mIUp;`E^9SlDJFA?Nh5#dif*A`N
zmTJer@Hk-R&55(iZH?|A&FZ?;K0Wg&%0$)OiEfoX1PK5gdizV3##S(`7?P42>Ar#&
zVdeY&`fNOw#<?2e9`f0;|6wA#1T5)JDqSt*3F<}WmVEOALzuE9Mpv@J|7;~RLsCZ0
znC$B+V{os~(-K|<0$C?Tadnl@T$cjN1)P6kc_imnF<3~Dax#e<&-3MR;<zKn3KHbJ
zD2bjr#dIF<V;vv5)i=<%8W!z_2a?1C%m$zw^(2N>=pOyOfU>6=L!uZ|@w>q01~0Bw
ztrTdq&AC^K)TB%C&5|0G0tYVvTd|eE3f3!Z-sac^gHE;A7p<AQ;m_3FRv^ojuaJbF
z`V~H#cjFb(ZammY{`3_L*LMvtyRs@umGm*8XM|<o4UTxjaIygFi_QhKu3lV-M_|fk
zNL=H|02pH@qf5aSG=1@}U~R|0V5I3&`KtwVyO`p0(VSBvo-9Lw6K-MjU`1S88wpjs
z$rCiPU9Zzk=Q*jeobDbzNgNOeez9ID_V>)gqeTJ=AWsYyrL(2UM?)j@7=iTHEbV;?
zNc1S0{-aR|c^+|YX1-@phE$pc-^Jc3Sta$ZN4nYBg52s$<d$r@Aos4D=q%VF2D9Ll
zZANanh~C<Bzk%NBsF*5|Rz|7-=`9r6?$)}B0>?3GK?LaHZ12dDTwh0qvd3jxqVExg
z8fRl3R_vRao$wpzgg=r*GPQWZPYe&tGf2~%TNRR&)dJxgMG?=V<8>*S|31<wn5Y(<
zCS<WN$Au@nE;5=}j7Wq`=d&55b!Pk!*d*pY?1aC^CadGJ;XMYwxh<B7%u^hDjkPcN
zQ|zBiKI9jOTHI-3hf%J?SiG>gr(A!S(TVi1k#YD-{vA5;^3-y_)~Mwn&6cl_@jJHr
z4C^=1NH4!i^zukfFDoG=<NZ@p^wUw_WaOhcl31FBgvTq4;55K1+Gp%O6^~>17YZEM
zeD;v2UMn%r2!I57v1tK9O`jIRpgxq*?U3pIayxK_nTn&*t?qCytzP0m+Q{7saa2YQ
ze4F{Nz)gWt)OX10<)n6%JcRimmI4cNtb(rxlT9l*wq|<D2PL`|TabbjhF|j<kp;hc
zjgbYjK17A^b<ZHsExz|Gcl>s4K9L2zo(BZdj;tZdd283j@?vH@D>!`seT)08EED)|
zjPKI9K+tAV+w?{3a{Y5ljHYPUxtYH3|6BLJ7gFzkd$e-@o1l+SP4n`1z-XqCdIwC(
zZr^G}Pu9n21_8Ro;A4b(=2_?#G+5@l6=PlQ)TDSBvcQgAv1^U+6W<7_R=P6kixg==
zH(|jsgiJ@7i~@krgocS~W*a5cexj<hv2X*DSfw{K&gxMk?!ZCO19jf4`?EEDhdXtz
zY>Ih%m$Un1n>YOQDR1ve*;F}pc^4;fV(P%2<Pv1OTG-Qq;woaL<oHGzuOM*OjiIj8
zc-1e_%4cF|U>`1Yfg?@+NZ)L7{r9xFG<w)bDn?((kr+(kW;mK*SM5`JZ^re`O{_Pd
zhHpH;FqKY9+%1<R<;#t&mM6cxrF(q`qSwU9DHFe2e#N8TEw`c__ix@W*ES~Zmml-$
z_sdU@`ET7XQ(TNTWbdnvgVh^D^IYD#ex)R#e6ul0US)|Z#*yUt3pma3#saToHz9n5
zJr+Gq3m$BWox--{qtUM=)!t`%PM#b%+B81g<r6l+$K>$D1|)cacgaRZtSVg~-OXHz
z2ZeEP(azXK4cL^>ERBeS@!^5lF|kl>Ku!$NH1J6Gp-VH;(E`p(2`$kS^_bV$I42!N
zyTEdFWSr82cM#uIf!CYM;t1u7+RBwkQ!RyeJd_vyhZ~9eC9zjq#Iv0a=Xba;r-625
ztXp&WPN1RzIx@{0THHWkjL?Ns=pLAjZxv?@J93P71hxD3Pos`}sxVpgDApC72^>W|
z`Nvx7$Y1pJM%_ne{oJb+bu@Xamen@s!Pyes3AFwyWX$uV_-8oKT*L(fxXT=Cauuyq
ze(@3%5|loIj>M3wO!um1yy5vx^3D^6@k|IQXBmS`mmqhuA;#w%1!}k5!U9G89++4B
zUf=I<&f%IN5f6w2X6akJr-K?C=d@n*^`-_XaM7~lD}Z9jxJ_E+7bs@W7l;SLW8#3_
zM@!*>X;OTvw6hWQ=9qHnS&^bd)39RKr>w`saKU3~G!Apq1l4@Pt2WBclZzGtt@9Y`
zuTlZLdSQi?L7AKY9mcemXrwG~0hsnL8PneXc3QLRfm6I3@U&sT1F%_ICaO=uGj@aa
zv=3g+m7CDUpu9=ic@cdSbe#}3kH$U#%VBPUqKn8DV<d3J;>zC;!I6Y7R11J<ki!Gp
zvT5*!a!zoc-8fl^5j;U7K-dGoL$DLae8EOA>oyueu58~YFKaZ29TZW~AO-tQK&Oaa
ztx(kfp1Vv^bKvwkDUqh^^Yb7#28-Ir?-tD`nj1K^icj(}iZR{sQGn$(WD+NZuHr5Q
zTo!)gB}4aTS-hb|8d~>zTP%Xe1t729N(1Sqs12wBGKvi)!Xzl(DrwpI#84zri7;nM
zq4q2;4NcTT@c(WYpt$^xIOWcZh$#3(dAZLkC$-|cskCgt48{39(9^tx7(@eaI?GRJ
zovD-<{DF{c7r;VS;o_r7b`+gL%k~2tTzC&<(Yw8Q4`HT%kCY-hHVaL~8@VhVH`o;Y
zmO7Zy{O)A)FHB|4qvjwEM{6-0kq_tLsSJL9REH8HSul}b5vGxxA*RUo@8o5dQa}Iv
z@}G;$)}MWz7wf<S1f_8=SC(ele?O{roL?KMcO_;lm(N%p%vkL2&E-uthA$8TQC#mO
zmId(?V>c~g5ZxLv(O;+_CuS>Ih4MZrJQjGQ1H4E#5;$x^(IcZ&x#w2I9#3*{-|SYz
zeb+1MVZ3)fcFS3y_>RizacT%4t36$kz}lC@`b+8_JUdfC876WRmj!Ot%Z@-yZ^dH;
zZ@TS=WIHMHGYc;5ZfGRxLLn&^8Zx(kOdQE&l<aV7O)gn<%a4~!F8DolB>Dv@!=)gB
zq`mI{OZ55AQ|R;K)>Qgjzu(MGs%Khs(%hOL&22{YOmaTbmaAtTzp<XwGdm`{W#O(B
z{)Kwx_>}XEh-t6s3vchw62$ZrAf`V>!do_N1cEwC4w=u5SIytB`ngu-&jqHHX<=HK
z-caT_U`Cy~I%btY9dm+})6BBEQHGWBI=+PlNXOFJl4yQ7o>a(04T%e_m(>a8{ZVI}
zX=GY}YPK<|xn#r;rtjD6wie^9{dju07(j3`5X;45&`jWvHu<LmglXl?^;!NsdO5{E
z54k&0Kcg#O)aVB`#YGj{(FrBI6%$1p>Wg@0wuD=b`w}D}&o^m|ew^iT)S%`Mx}l^W
zEBnc1KQ{J*8b-09{7^^S>8$eI;YBSW8zC%;Ob1jr-b0Lhjam_dV@Qs4lE`5701)Zg
zXBFtN(f5Iu9oE_C%ZKYFCF;qJt&s*GyO<D4;T|R0%NY@a+tV0rWkpRcInZcAa+NNi
zy5uG$%c!yHtP`Jmm+Ib`6uSa5CI-l%OzAE>@fV0eDibdF3a3l^a3bAIMOWk84ZuJh
z2HDtVF*rGm1y0HSQO$2;&C457n%@Aac;gYo?D64(MrwI9Z}~0!CZ)g6OePWer-?3?
z;*FD|X1qGRhAB5=4j?|;;`VeUxL-S_oQ(rT4NC%3?L*-kT6nGa=@4d)MOs{1V&%9u
zJtmaJ3>KL3(Ht9Hc%^p#8Fw7zOWSb-r8gxzf{T*vEv=#3IJ(i}DwOvm`jY5KI_n6~
zy*F5rO=eFF4{T(7dJVR2iN4v${fKd?Yr+wN?ud(AIu&D+vm~ADw8h#w${btpPJv{;
z<dhX}0C_-$zsqGNkht2!?#gF#&&QNV`ZA%P%Fg)~pIKJtTNv+xZaPV0@>}hRuVL7L
zNs)h<Oi}yjc&pQHgN%f%+kWE^jIiVDjw4;R2{)-h&8|J>Hcu^2IH=Mi6;g*s-LtSr
z(4<9Y;|7@(=HPZ@PK%S@1ptEy{!aR(m%j(frXCXth()t#zZyP7NL+~hpaq9B;guq!
z`Xf%kFE&CDWE+Uq&26QTML=+fS(v&IZS!s~D-rF%oLcm9fe+RC!w&tSOn-P=e^{+Q
zpyH)e8O#yV1cqEOakidYtUpZFA6)uFp8k-nKUjHH=o~XqRjvL|tv~G0AIkKHxAlkB
z`UAy(spNjO1Qat%m7CE|DVnQi#|Aa$zvJahvW4^>Q1JGM6gi(RIlmE~T}D7QaF6?(
z$CT~wi>66wp~6xj(9q6zU7+DAf3_RL7YebFhWb2?bFl&L_1Ji<4^qfvSB`>~cb0b-
z#5HB^_2@84wpTFz)Dv1{#vAh2{@xubHi<#>W*=xU`)&&~Sj5ubisVG3&Mo$@tV0W+
z><zfvw6EkL+!;Bln?;Dx0Vrp|GJ*Y@2iS0vw5*cFF+QTr><Z@@D)F^e+43J*8H>Jn
zM6*F<v5Bnzt<{(RV>`#|tLmbQ`Vpf(4CqRGeaH}Y{yO%?hL$wD&zUBLKHfy@9D0wu
zjcd=^*h&U2W{AO0$Z_l|+?km9E(J;vtg`s6D>kA3R>giw3@%C6D-4@ANf}mNXf}XA
zh8(D{dK_``(H!ez@CSHeDdAc)3nt&raH2hXBUTiK5wk6o4Dki*wOMhVCl|ruvv?~5
z<$;5W5Qc!#H7J-W#(U`>JdUzhA1NJB?}YHc<FdM^PP7ipk>i!nm2BkRCyRkFp2wky
zKy6<wJ9qjHDQdZ5|6WqRL8vW}#K$8g;uF_B7eIxR`+@4ny*@<G(>K90P`X{K>cnYP
zlDb2&S23a>(m>ypvGP=I2b9|Z<#xcz-f>%Pop?tS-i`rXWWu5qhN6io>%@Dazzr()
z3MtYA`=<f`Vj!t7SjE5xDd(YN|CAKBf1Al?qbOoHEW-mWvhyoNEIJ0%lOm2ehMFYk
zkx&fIBzW1JxTM-Kj!Y3{71(;Ty(f~wsiD#8QHg0hzwQC%2s0Ja_jG-=jcvxT2M@Fw
zF}R|M-D(WW1Atr76mK3ch9<b2PcSxS|9tLruey~fh?kRsc%^P1?Nv8vL$O8m2&@X~
za@R}t1K5x2SSsrKks^iZ3yB#hn>}dux`*^EqV35E|FG`p;Rg;y$=6%5*FpVW71*?`
z+MYrz8}$OY0z;JuJSK&6s=dxKUk)i2quT{u`0uS0mQCMbS(u+noC)YxDU_ltuUgIe
zu%Z#K?tjoHQ!IT8Iu-o{{_y*++YweVc*9aQKZWRp=z$zEr_RTdwHTJ3RC;)P+H9?;
zlR&yQ!Sxhw@u*fYXbAJ1M)BmP;SMF_0{hx#O8A9&y9?@1)MM1U<wT9fFUI4B{YoeR
z_p2O<XOJKZBf+taTSKAKV7J76(p;YE;`?_qstG>(cM34o>elt7d7UTu*4>15LQYue
za$su@BsQ)Wd-`UMH4Q^K;4UsB$Jeo+z?vfYA>k}=$V5*;mD#`>i-BL$Hl76AxEpTc
zAG~UXY(GJIiH2=lwj{ZYH!b<^ZR6Yjoo(FIY#WoMycob!*GM4O={tF^C9#v0a1QL>
zGq8V;u>E@kZ+Ou+s2F^ZmbM)B?_t`%*0Dq`6ZlhH+vx~$d(dLxBxi3AyV?GoESpXc
zRPg<~)lCE`Q!-vKaEPF!`*JLL&64S)SFI(urbUP@#f{D6-9Y%bV7k5b3O?QXrdHUd
zrlqK$9da(Qsqb;q_VwD2(56=G_1HOyrOLdZY}zd`;n`rw&^r*l02^uoYWFyI`+Bhb
zj7SBxsKrfNRLAra!aZm!_aa1vs?5+dmaBI0tz1pz6w_%aCI){?zJPHjV`n~c@tqt+
zfvclNpG~p!pSXcPrVZ?({p+Y<J5+H#nlsBcF7|K=zC&6R);kwxDqr7ww6B#A+fqu1
zLA;?Be_uFz&HgO12Y`RI8)71xZ%hDi+2Cf^IZ322q$5+U2tLFwmjAOqAcg7Vc9;`n
zPB&2UlIpg=$!OE>E0A}<tHuU6>X-4DEG|F@E+s(~1c@q8>~yDM@qH#mfP&6op)qS>
z!&B%9(>@X^s<5sPS#;Hwji~IzH!P0NGVeJr8Ybg*-QhdJe8hf12Lsa%M7Wf#KvXd5
zF(L*6jB^JdQ|t#RwY8n|kBsCQNI@X#f$5x|j>_DoDrs#}(`ZZs5JzN-AO=s;I&GG8
zwzFz9?xP5^WDjM-c}Rv$%$`*}<F%hrRMrLf$i8*12R|lIKO@^W(Y88*hrxoIn0b&*
zGEK9<SH3LFvonL0L)slTA-LDGlQnh^05O1dHh{GlB%=@n?Rsq}RYD8sM&l-63!k)j
zo#%XAcr~4p1)j9vHa8vRMZ}=m6lc=0Lt1PUFBZknG>$EbdRDO?_Bzi<YG#h_I<$VF
zZXZL4oveLK#WQmh;;&3wNgI{C5d8^raFwaaJ1h!XZc#RIjRCzKI-qJA*#UKZE;BE;
zMfXxlE&Dt<9I^BURNp8d+0!e;tH3EnE;<$GX<u(yJrK*p`$m8uRM@b}p(Pe%-A-s*
z`VA3cM-$j<T|aE<6&^~IMbE@4dSVsrTKQg0{r)NbeHs70>Pp|sso#&_-@n1XfBQ<`
zw@dy0LSOd%D*pXTSNeWS-_-H*?`NCX_vl0ZUynca`=|K#)A;wrSNdK~{eA@h-o?L{
zuJnDo)bB4`&%V#)-{)QF`z_a}j-P*T<=@+`IR4b{pW@%w^6wk2IR4b{NAU0W@b9ay
zIR4b{FXV9e<KI_Zar`-{<LBSM!M}g|isMiH{we<bD*pXTR~&!p_akyhpo6lKRP{wv
z+t)&mpia`L@9=pEd)|T1bLn~b*=0<PDSO>)#KiB6pzupwpW&(NyJ6}}cMPDAEM+fu
z7t~-*koZ#aBl;e_Xt&?W9ldrv4fU<hB)YazD~9i6)N$vY=v)&iGM4g>$&{USJ+DWr
zyk!7?`UIY0&e%^$=ag~O{(EEh$NCx*CdO_yzK)KKiM3$@DoBnEk6n$v^*0mIilNIl
z6JrpwVp?g9uPfkAbXT-FVeHcIlOZ(o3<)wn#Tfsm)Q)7XE>_#cOYPyMs`XO+jHTY>
zrOJ4zD!r7$Sn63`>J47%ZN1b;W2s_ZY85Z_l3vPVEH#3cV)*A{!ar1MlCe}5UTPXI
zRjik~!&vG>Z&u31OG$dE8OBmoyi_hPm8X|_%vkDAycB1Q2rp2n`NmQUd8t}nszEQc
z%vkC+UTP07Rjro_8B68yQf0hUm0s#aW2vinsW*73xAju58cY3<&F7w%dPy(!S7WL5
zSPFK=v$2s#sl+<2LK8xAS+l7TWwm(Q1)Daiy#OU+hp@~w&G<Q9eqCz$2d-59?bPza
zu2lXnspZXAD*sAq`7e82q5LmX%fEJ|^2<}p`>s@eaccR(E0y=9mhW<<@(-t$|Dop<
z$`_}WfA31=Z%Zv7yi$23wfxj8l^>H@KIcm1^Ha;8xem*x*rTIE17+kBR^Kq-%i7eD
z39V>FFG^Wx;5N=Cs~#H}EuiAuIHu_yD6(WTFZ`%g5b8zV3HC{AlUB!@#b69Og3c^8
zv^tiZ`zTU|BzmgQo>Cz@g;cZSI%alUCr6HC;KqA#C>fj9k-0DMapqhy?6rtlg}JD{
zlmneB9BkA5PLT#BbLWftPWyZ#P*+FYQ?d$%W`Xa$Ffs|g_QJp<o1}VeVwMX=<>I5#
zZH_hnHhR$y-%olBA(aV5&6mhL7-;_m&HYutncH;+oVoECXXB~*7c>bM$T}M*`sT!V
z&{&zgy3%FLMF}{y$i;M;Y?%8>59^k_QVa%Yu7Qiw3dGVA%$!@BH-xORV^5GWQB1Ob
zW?X@CG59HpiX#^@nCg#n>sr15<w^U}5eZHE^i=y&GClH5LRKnrG()=z+KP>ZRy_{j
zkNkia{Z=__-Y)@k$mDK<MuJWmh&8&P?Z`vldQDU?-~o8SgTzrLMZV8SE+~C#MW>_|
zS*@4t+fi8$_)F%J+-4!;{K`TbpNZ`#L2O{NfB_=3xel^i;XQZ&Ex4;=?SOx#Ij@!N
zXNYeO7hEHe_0wQQee@dZ_;4oiq>3pDQ*(_?a@L~6<RU3p9n!AOBhU6;(_ux0%|SjD
zzNh;w$=Qe(dRE_P=pZJl4aC24_-fC<YXS$a3C+N(oWM&0@Y+r<WIS}=HACP~=_jlA
zS`h5LrXya|ph(pz(QYUvqVBz70I)yYcQ&r|C}s}Ap6Q98S&*Z3hkCT&4a~{ncRks?
z+m}C#BqFTf<8$%W@82eqN^4wJ&oZAS8Q#*G#WzZoo5z0mN>U%#s~(plKV&e8wKgaZ
zuO7?%L-0y^rzQs)(_jtee#>0WYQ0Q!pQRp1-5}BV-Kle4l%{+Gl_C_hg;`4{r5trE
z8V_1w)&LxChuNC~|M%m?w@;CQYOIDChlCP+zB|H~6SJAN!MI#<m8(v~AcOGPZTYF#
zssbjyvf95z$8c@Yv{P0m0kL>{bKJ%Tff`0CoQDFtE9=ox-!+?zCa;E#Gd{F%sDA$2
z5Wgm>aBR_jDWFPoQ!{%7-9IGvgMwQ$aIxbOtHHrylp^2kjL9$w02i{UiI(XM&M>M_
zF@cEo4rx18d+oI{AX(NjD$A+g80$KoCS2zJ71n>duGoADRh8@w<Rc<1nE*SCri+gF
zW_f2LqWH++49Nr-^@P{ixcFK{J+Hk>3Iiwg89T5233VhpYkMiWkS@L0+6F-gcB95R
zi9!*CB<64feN@NLvN#o=rpUigajjcgGsVhWL>Z_fI|(+`DKV&#O7`RVUiGY^0-q5p
z(!a+=?}%<{$Qul^1|4VRYMkTHSs!leY}k&wu0|VRZ?;4}C(et(Uy(Rilhv&NJyJFT
zZJQEtP(%t%1E`boxLT!@PnsiKJnzbdU7t@ai&;vJO?>v}Y!`X$XXMDG43y%md=S+e
z;+te(RI;1HSNwBe39IG6C6l;vG?c?;i>h!KMH=vkwI%qzqXge;Vf$3eYFla=6L!dz
zMb$KG0F&=)0*nZ{j_L|;B<4f33OEQ^JwAV!q~b_$6snZRG;dTXKYEU2v5EPEbN3A(
zE2{Ccd6Vksz}4{hs-?Uglu(ODSv6`w>u2%~Jd+c>`9Pb~HPM^D8ODqCV4VuosZP(S
z)h%{&8gyOT9K3cdosLrC=}hS^Hx*beqhCP!k8lK_O~@f6?@{yY8#+NRCGShaX5e2N
z(!}5+#Fs}DrkDbgvUo1~<B6OYEt|H<JK;DxOWOdIFG-G?fi<t(!6(T)ket|5#kx1s
zpO2u%+e$Kv-Kn9A)5xI=Sgk>YU4?lErFvAtl1*Qsdy?3$l2v$T7m1BlOy#I7t?rYt
zNnJ*ZEiU%eje*t%De7Ttt+_rvYj1IWvMrqRuDIq^^AEA+B-2+2<gqWv-%l)dwGsZ*
z6EWsV|Eyv<EZI*Zii)9IQdH+Oo%Pz$XfK0y_%ZDd^hKq9pSh7-&+pOZH!&f(MX{ek
zfv43sQvuY0eth?cr6@#=O=Xk-bgRugi3mCbZ1_aHeHWU98b~@Az|{yLU2;V0Z5EaZ
zSRaThfF;;vuqm_9_!4$=OMOhVy+;)CYwBs4Y_AoA&k;qzupN*>_Vc8ndBH3>clhTx
z%5XOgGVGVkwlJ2qHqkn@Ez+ND(eAUY-m@NUpa(tLiq`3EAagoohNiZG37py%yO!Ao
zdfNsS3?MBG6$K)k5;*059dK?rkP+om=sMrjK*wB#WZ#A;EsRbQVmYg%-%9mOs9pvL
z8Ugts(g8@6BE`1SbBm|Y5DsM^y(=oANzmKdp+7}vW}fJ3H|S9>=xH~|!GJeYy8$V9
zJN2_0^s^gKNlG`E#L8?bzRmwW!cRL?UCs81*p2g2=`Me#C<b|R?5aOS8rk0x$W@_R
z`9!ByJVHkU0UvD<^ysXFCjoZ&R7T)8!fV}FnBc5Qq3KyRc$%7JLGQU)mI;-GSvDR2
z^vHrzSv|7gaXJ-%zcPL?L4`jE8kt!L7FiZACdh$EwG`jte+~CSJ0x|p#nSf>=&qAY
zU*n2L4rTyFY0Q2RW%#@5&m|_h^fx5xFT1P!U*H#sNM-U|h1Mr_)ThO}US{AAX*OwD
z6Y4ZC9Dx^9Hlie(?bq<D)ij6uwXE}SDlDtWrrA3nFKa4;j3xV#oI>Lk?NkF=uEZ_k
ziociz?&~z2tE<`Es8u51;g=U1WxOv#_sL2vCopyIUUhU`Agh}8ipagXz`-tty=L-I
zPL?7lUn3PYpsX)=o%IyTM+~C`OK~2PMekR%z@}r&MF=^&#m)b_4zSZAhtrq~8CD7D
z$W<xMC<6|>uZUD<(2W~XlKk0~Y%-Rk`xB>2Bl35dfyOsZjoi<OEBeIQU3<0?E=Z?a
zHzk~t?scB<XL{A9=*I%r&!zB726)3$95zFHM2PclCRR)eEwZ5hYzs19%xKxeS<7*N
zhBz%rH2Xg~4j~ed5eXOllVZ1}t|#%DSfOYgYhjG^SiL@D*cn#cJspQ|?trTEwL>%e
z(rHK@*bg8ip>u@ka=bET)8_--SjCBpK=c2_qhT!RiBbHBM%Qc64nV4YkkF6#USUWc
zt)o_k5p&1OW7iq%fdLzQ#>RXRXcDxa;*<FAOdXv6*zDU(iyzmSR9w;5b2EEhG-@Ch
ziy5@iinC5!5kg^xdXh6EvgtTKj1^NOoJ=j(7ygK}z>|^7kU~%EogB+MIrcK^yERi^
z-*O=HkNPLaZf~)^?RkAgyuKnseZX9Bgv;t%MD<nb_4(S#&J$wk?MS-YFL8Ph=#2O#
zy!f@^eH_w%=&9_IY4H?9j^@E|-e;Ky0Ix9saG$ksum#==2UsSA3J2T9tAzuwX~dd?
z5o-=kG!FD1G#>kBGkqabjI?NRHtqEs#Ke`QsM!Nx)|CJ&z8&WP;VX5$fBa0Y)dKB@
zV3?C;HgBo+z7i@b!RdiqNIh~Pp^tNx64Hu@uSO(igTn0Lrsmj|v{RfwMzzi0BAy1)
z=@D0s0S4n-#N?Zg=MT_olBq)4*@R3DU_3O&W1xhG)yh3Y1Dv8+9frnT>Q1x;Zbm<S
zN@o_M*P`UE><H0o=AX_3`e~<R+9{jraZNe>6d`WO6p?nGr!X2vGw{;aeuy`_c)qM|
zL6WU-lt9kicg8xmXb<T%y)B&V%o}xjjkR|U*MqlrUQxHju1@Mh06O1-BwG}h)O19$
zqhnqm*-#%uJtCV<D)u81k!%|!49<3*yydeXx)hxajnc&DF+K#kKV8ZAl`}+bOhD(s
zNVXkESOr><*cZH~0FY%G9BK{n$Oiub2tP>}exi;X_36NaM4rb|!obHv;G=UdfIoD(
z7vYOB?Fe5uFNiDq=_V=^*UNqmF+YP8^h^AgG=u%JY~-{S{|vdT%FU==AL~T&1J<`{
zzQ1r;ZqVvz_h=JB3kTPhP*QCPCDo1(72Y6BP|bs>leq70s2yJkX?i!`)?T(iH~*Tn
zpT=7$g+dfCjEbBGU{use>w@;sh)XwdT)LeTK!w-iPnNkabfK@Mgi<Wjg}%7WuSZ8Y
zec41|;`O-EuTM<Xn_4&Q!|Pn1;*#V98uu3_<6N+nTl}!TYQQHW2o<(mucH6*di}C3
zu9w$zhU6DXsKJJdIfm=F%GlO;HveqwgJA4~ENuGO*aul~`f==oY{~hz;QZT?^M5Ti
z`&aZ)%x1nuiZsH^*DRigUTFg5)j0E4C+)%GTalNQ0*$7{lZcb*L(AW<8rtutQTu&Z
z`~5U%zYn(GuOZQXA8fymq5YTJVEZVD@8UIGiit4r)bngQ(tQkCnarF5R*<NMRR7_S
zb9vQTuNu`3Tu4GT@=e)ZJMqJLi2Dd3iYw2e3#;=Kg{4ukALgSKS6Y!KjBoa;C*=D5
zxZdhvU=CLib%A59sAiru8<A%CudVUB+CMX3uy4{#bNJESYLXAz73s{3*CqyY(%4z-
z5%j}2GH(iz>N#{PL1GO2OVWEdL&;NTLXy$!7`-ur9izM@|L>x`(;0nNM=n4UReF+D
zdQz)Q8HyN0uWH%>^AI6A0trdBVPW!M&n})0`xWO=JsHa)VgUDSCGFY8E+)H#3frJm
zDLIUBd=%p@Gl(_X&!Dx~Te9=G7+glTjVHw5ooOUetY%~`vfY);+aKU40Nj#QK#lj|
zU@BU@jE%qfzXP!uS~PtKYkZ%H?u)8pzrzX@ULhIamWWoj#_N<q?uKNQVwPKzD%}mq
z`hE-bO$eL&0b^T@_R_gx=@8;!(6STypH0LBoIvQia^);+G+qJNAle>h!G!Rd$Q{pe
z9eV+GIlkV;Xx%2jmjg{)AaxyE_a3nBJ!lOIuVV|}122cJ!<FxmSO>_HD<Lt7FOQ}n
zzU2P%bVR+KutT|ASxLtQZ=bDwHN)3$>iGI5nk5@jW`$0e^o7n^!rC|0(v&-ECxpy5
zjaSXi1kS#xc0#53CcO)P)gHhu{0T<KPNOE%;#<at%>yQcGY6Ao#7uIw%rY2ZW)+Rl
z%tn}5C5NV(VT4mN_asJW#u1tmBYZ>4!0P|ljQY~;Q;Gai)N<x-T2{}XXA2BSybzE6
z1lAT;wx`wD6zg@_^IcqdR7h;}B!TF$7_kYDfYa=}xZi~51w%?m93S=t$*JhmT<D3L
zj6?i9*--b7A-mg{jAZv=|6iil$C-YqfquVYC&l1Bh$TK00830IlD&xo>f$>Ignx*2
zpcULi@VVGSlx07n*ZTla^dWk^pM~v0ILP}Uz1~Ns*Zbiy-p@d<PZp3~Pdb(UziYkT
zi97y(Td&)o?*Fm%Y6q45udLVVCP$0)N-@6${1JT`3K`>rrNpDWXNoZ%rFB@#c$6*d
zaZy05t{@V@t$rz?z!hi)rdBD1nCTf3_p>Ecl++?%vnN@V@Dn!lrX!&)%QY7p;&S+j
zd{}{eMxi`S@c<V{p>#9}w^zWVrSWxgK`Dw_g~8Ukk=#ZbC6-F<1VKC1nQrxBX^y>x
zz>E!))q7p=UjjV#F5SXl6f$P_8Ol>a3sM~SzuAc#_tWJIek6yw@g}E1le4hN&=|8+
zT83f*Quqd<Vn3==f0R%<exz!eqsDOYO>VJKjHFgMws^>937MN>GOUXA<n%Fmq1|Nh
zst*>UM@`A8i9s_d0nN#mO((q0<Nm#}eJh5@bI~<`7#wWj_n?>3aSu^EKr+Y8#>+P6
zx6BWwVyf1?U+zsfzGS{=D?5=k!z6XsQSv+ML+e%j#_pK5I_qrGx^u!MhcGFeGnl;m
zkbFyBFila5i@o82FmtnJ0S8F7T{y7hT#(fXA5Uo>9$-U&)x<t=@0XvE_Z#N;GH&dN
z`1~By6vl0=I1eIimxuBhnC>TthuDU<-S*E~^D`@{+wmrHtyf6;nGF++)?;*9_a_#C
zc{Tz7Ym5zM_UH>y^wWgne#43i+i_X#g;5Ui3wc>10=5|3Lr@$YA09Xu;Cp<i$6zVc
zEi~3Va*TQ5$7n4Z$^!DtImWy=;#KQY?k~E@q1$T#nKVG|lG@lGF)*0otQLc-8M_>F
zrrJ-{VW1BC*Ah9CIH7f>PMyFQar{eQacM$)_bX}*4o$7Vs~&Vl7V3z7a+?>f#RwLm
zZopSzpEkm;?jK0KRggosLWed}hfc;`mjWl3D$b+HnWjx3mYxEVHpGlbfw&mxRwvDN
zt3^J*oYUmcq+)cFXRnmF$8dBrbZmrJ`gf+FF9r{ziC^Ss8aJlbrdXNrS?Km@vh((0
zG58r3_&x){*R+Q=isPJDJrYHRKgqw2^r0!+SJd@E2vu%%oaHoL^bI_XWNxPTL1E6-
zC6H>xXbNrJ%g1%{EHCNot{B(F<X(PHSGT&@MjnF|G}%fSBN5YRsUgKHsAD)Rib$I-
zIk$;{L1gbZuufd#F}-2&50yfmY;-I-K+2~wYyTV?v`+g|XpkhnRaLr0R1ZQoqdm-q
z{!5`-bLnQ{*L3)8ERNz8iDA75AT%a$hK#Nv?lR;4K8rdKmov9d=jQg$-fuFP3Z|2-
zJ(~S-yLp&7q;CQFJxc!Wk7m%gwTg~I1bBEfs*vN0ThSZi0vg#>G_ZAsfqe=CTQ0#&
zykQYb_tB6%cxjZ6(wbs&x=deMq)0UVp$LAd%m8|noe3#+!fDh|#TlJv9uw;F26Pan
ze7+TpS-uQ(7fvImG!PcTqNna3&|N6O5LtRchtlrCa#&?!q4Vpy!_l)zf4vimsAQzP
zAhq!gym9f_|7eWI$Ak*ri2i}QZ#449o?LPXvYXbctT@`0(ACb=Nq*+#CZm4>mst7|
z-q@7k_2_tYU@qFqk5QFe9a8ZK&jnCb08}yEig6Fyj#;kcb{e<*f!xkxDhhMEn8qxh
zp4)Ydx-i#<YER@;pbLw34`>09tkxzIkwF8x7D$C;?q;A|d*z%1)w5(%g+w-<c(r7T
zkaP`YQ&*990S~Nq*@Eau8bce>M{*t&gCf}yO=^%rZ9|jIlG^0F*}Qnagf|uj`CvyW
zG!bZmiU!C9e74@>IOiyfwV@l?YVMB(ZGuA!thgkOU0TD}XsewrzEGGWRTSpPCO{!D
z0j`H(CC6_-ZDVbCCY{~r`kpkf?Az#87ik0u?Kx|;clZ5-IXeYJh!JKixYjG1fOZIt
zMm+g_es@4@qp?ZE<(tNJXKu7{f6vxloPe*_&0jQ8U;&D>z<n3t(@ELqHky3BrEnLQ
zRB7JXjz&0rr$wr)V392<&}Y$3v~hC5@fks^Oc4mQ8D9;h%OJ@Ro`=E#`KR;l)obEe
zM{B+hW}KJ8UDc_w;5euC5P-%)7e<mMg@-Sn%AJ3&lLU6-Wz$}2uRH&?=Ai4rQLDN?
z@UO!EEW`ed*7{TrW&Mdhh5#HMl{T_S(2kEJ?X7bo;JJDv3xGt?*GJu007+XRNt-Z&
zMV6&D7siGPv2={VO(+zhjsPyYlrS>I-_AYbAjjvH*yE5w2#$PHv$Q+uDFs?thMPOE
zW;&tGiuem+qnmw*-*iANLkoQdX>$19X$h_RKb?lj)}!IRc$x@!7eEA$e@VIiB<M`J
z)DV{{J^au;sr~t20|gQuuzsY_`u*y%<I|WMWztV#YVuO}cA#XLgiNb-od-(Rhvv3S
zd0yLpl|XJIdu_nmP+0Ek_Q9%zC0nKI+NtuSiIpzf6wlbH(y|5wAF=cpDJ!kWK_fu9
zax;s|yV*upQyY-d*D~9|MhSE4B{f?LuVDR9B};|NDxkj`qPW8u&rA^Lbq9O>USh9E
z$y6{O5hextNsh|YH|e*6Igvo4i5DL&64s?rUR>*Ucqry&lhS6GneO1QdTtQeu*QAI
zh9#|g=&70aKKjIiK<rKKC9U(_cmJa^@16S)yx9_i?9qmWW6j5rl1@L`Zim(qHvvFb
zjJC`_lnmAl5+@_^KF#Q4wFx7NcWM~QJvgb%MMeelok63S#@^BD0Do8MJ%5S!{JITU
ztmiBCvYww7pU9YWvyAcET($~V?%YIogBeUKs8}9=-5{;d70hY|`t8Eb)?cx+GwThV
zUClaIrgyfAz3<?iCI2AUS+pI+&i2^Qfpzx4w~1+<`RD`p-sguid-8SCy2t&G-CF`l
zDbxJDS)b<60+%#k0gx<lGj`p={rTi$*9)%L^}n4nbRErDp^JHGyzBYw-Id0=K3nhl
z0^ap&bqL8xbe%!OQ!^QaJbvF}Gw%g3N$L9NWY;IdLE>7VR@isPD;#mO0rfQDAQtdJ
z<l!Jbc;HHdIDFPHh^4I4tMx&=!QS8IgQ(UAq47anqXWym-wYKHP;Q%)1eBSHUaw9U
zSSTdmepeIvUO@&o7|kvly=~ip>MpBBrxt>|tN~HR+)k2O7sahdsnH9V711)}cv+#k
zF>ok-13EvEM9&4;-k@+57E>J@OS94KJI0%D@0Brxeb>(H_quEG*Wj;ATwGEHe;!|5
zB0hQ?9{R%ndDZZ82D8?}pT#f1+oclm;z>+tz?3~arM^U*`;`g)?1n$H4{Pw}1pL{1
z2>u@{5t}}P|DVJEa`?Yl3Y=I91H9x9!CM51R^18@RVCu$?MC`)j#U~k$0F@K5jfIh
zst;7A1MQhDIY0IPfNP`ib<M?fJ#hb(*0sYK!@Ab8b+o4Qb+x6_dv-co*U6L~&iI=b
z583w!$*u!jBz)MN-REheJN6e4cVj2CU)I9`0WSz?S}A|Qy`wGQFNg!QNB9dOGVLDz
zf>mob;|qCmN>T`7=`XnBxxAFr-|*D@l+@qzR98yspLwd3lKNMknw^sR7Nx#I@R%?F
zbDs9!m#`>!<hVmv$__BWcLPdn$Pdhqi3A6v4W5W8_vt7xLu*1SiE)_yBeW1Zs`rA}
z{s0ODR6W#MrGTeng{zkkjW@*O$z+j|`w7vl=Z(o(lx!EGGcOpEJ5ciVLbT1rRxA12
z#a1hk$u;|^5mun8#8Qk>o}jFvjA<LyljXgdlJ_#pOJjMjrR1$<c}GOb`)f+x>n!h6
zmiNz;yuY!$f3m!HQ}WPBnvu{GpMM{Td7w8YYd7v5Dn!xZDz(7h5(T<qftOnpcr{Vr
z43M+YRV@m<kSOp47AS2|Kur{Q2MavaqQK%rfnQ*OC-4<GnPDr=F(Q-iwwyDD-PY}l
zVYgj%#<1HOPaAey?P<eq`yO6g@0+5}GrBbT2mbpO`*qYr|MT)sNaXwy31+m<z2$tI
zDBeWX3owVwMIVQ!=sI5WJDdX6$-hYcd7>br?~c?d<C~zoqXxgt)rP<`(XW_seIg@I
z>u$`*Ol0J10&mx)ojbsuB<=VCy)TF0N#R|Tod?7h%3Q%3e|E6U-%S5u71q0{4#->Q
zMgPeJZMw@X2#LOD@V?)W?E5nZuqPyk<0-RQ%G@|P2WdtBa2DxzC6zoY+r~*Nt_|rU
zDxrB6lIEUBFYy2weiO=$!js6|m5sP-k0U-ll-UrH&4Kg17ulM&khtTEBc?jFvmCE1
z@i?3O`(thBSCj&qW~ByKa;-5je=-(@;+hnQy#%jXk9y>RgCaSH_@cVRZ8HCc5U{-p
zIgNaGoW+fRTI-4DhL<kBKa&2S6l&)dKloY-W$r8t-DfUT585N*vlRe*f%Esd#5EP_
zMlvN6$L@T?BzkrrGdTl=&l0-Gnam>WBtlAt=31qZb8Wuvg=*gxW+CcaYpf@EB`2;|
z3!o5_2W$ZTWz!Mlu^z#&k=2e}>eQSrD0#^%RIA+sJOb*7s~aQ7%-)b6ZzSM2+^pEo
z$|NLClbv7U>6tG+cLF&6LiK#)pmo`ncw7)*=FKF(h~3ELgD`5dimsnoHGwj-tn%s_
zd36|!$@!)D+-s<#HPU1Ae<rQHWHh(ij}U1TOlM{rqJpbmNY0(;vg0$wRGo0y(MuA?
z?7>6nPGGY!){mg|zT`kDH7u2RtZM!b)S>988?+qLE?zj36jJ}?umd&c2V;M|D)b%t
zEQd2+l~u0|CDSgtRR{1gRJP>Z*aqCaU2g_z4jIT_)b=;9;*EtmD~=45*6Gq2&V~QH
z3&q-acL4CqzaPk0WqqB7X*~`*2#fe`VkE_PZ;cc<pF2H=4%|C=&c;LzBzkz_Ki(Rd
z8c#3UUJx$Jk5Ys{wN_FarSN<kl0el6PUMmXF^Cj?flRBlH3tz>`iU_`yJ*crq8`+j
z^jlF<qnUT2fTY8^KS}V@wZ<b0!7`vbcS<U&0ty2)?k$!Ec&9PfC<;2EoD7`BWN2qO
z5e=xbj>>VZlkMuq#C#%ooNZ#4L&QirD}23C%4M%d+bH*1BEOf#i9YVE)5k11dXbtr
znIXk1)eAr$yVoLttcaeC3d*7{v_c>sb29?Dj{RPD0e}Bb(Z?{t7WA=OTwGPsI(_Um
z)w%;^oI>8{KU7Fw0>j)ps6`4hex7U-!^2}^5oFPaCtr63N){_&^uz)%<}MJ(&mUU^
z^o$uQnkJcwW+~wgvmThpr`U1Mu?s2eeC^<~cvMekYT}8)fkm^0C7l@TxU!cnm?DV5
zpPR9*4t3DJd+kqCDtYBu2513d?^(NRucieZLMvBTCWSMcg&5?fLmVoAlq$#GWCeGz
z3W_DCXPU1qwAm1vW>#NG0HwHwV2@+>`W=z#beNiAn2w8M*$z%j2Ub|DJ#`b)g39B*
zLvT;fCUHMC7&~!#EMpHaZJmjFI)>)>0PE1FrP!e$uhBqj|C(+KJkz9+&|4bkX!?3!
za-83erEzvH<l{_?(qGC)IRL&V2T4K0wv$}^%E8RGU3hp?>tkDgQ{t0+X(W6`-55pP
z=%4JyS=Nn#ExK_c$Xr9`K`yR|du`X0)!at;iwJFK_iZPX(T~<HV@e^S4A_a04~Nh~
zGmjPct#(xC&(|tn3dH^5bI&1XUCD;niTI3+O%r93PoWEl$Wb$-{6f1QH>|lWMK>!Z
zDoS4%JR^&>xPLIps@fMOCIcgGKly096~5~h(#k}XK$TS%=FDaQ>B(0@#V}*DT{1dL
zdXwa7V(?~cWrKd7>Db%+UYEI0ML8f6V6py*_#0$FozDF82FmFwdzKv7WR=lM6Y-Zj
zP>_@1KQ4`&o-^COop}ngpO!{4{zwe&x(4aWeXV(0R?nmU>2u^u98E(S>B5KXhtQUl
z(sgf-htAOPDYH;|=98#NmN-AZ)jm3HI6q7F19f4#i2X%Mp_p|#Y(B}{dxqGgAm+xw
zCZ{DzRu8Nj&pb)bTPgh8Ja*g~8($KLJx|9Ciukl29_h|pxJ=FIri)jEDx_#<lPqrh
znASur$Vn+M<(j~+wLfAzQ_I+R4VoblwGXhndbAF^(Vtx;_U^7UVyUWZMwV(5x<L(h
zy;_ll_49DfR%%8P;6j0%zz*v$)P$CK=1e?+FP3GJINro+em<q<5WKbIHH}>_^$=<7
zXV-7UA*{Z!I~Bp&<;qHu{)Q*nP~1gdF|W`_mhyd45zLuIl1)gQhQ(&H#06ZE_y$QB
z!x^Hx8A|)`6~h+Qq(*xZ3%-1$HK|2OH+EoCKa3gocVkGsn31X1edpkoK%snX^(DKY
zW0U@FT#+^@*ktKa#v0~He9%lT5|ZGck!I2T-?jY6(54#d+ULT$+NRVsY$<a~na90*
z8;>^t-xPuaW-lM77-`ip?a;3J2L-xei*+ekMG@XdzDWhd-~|h8S2(@I52_IHMl>s`
za3W<a5AdK9$+QHbX832g?2;LBLPvICmZv>90ujUAoH7rxP2?;`85Mfs@eheD*Oy0o
zq++O%-gAF!VqBaV5yV<T5YuR*F?12SR{Y>}Bxd!L{@|Ni$efbqK@-U01scra^B)O}
zvYaw^Fk>9m{aO(`d%2X-JCaF-xHbz+VZN-k0rdOMGGzS50XvdW^b9=$^TDuQcJy$%
z9v=eR!}?FpN!EXKPHXiOno8DxOS1l>%bM3;YSQb6s$Vixy`t5sMRQ8k^-B{~uV_*A
zH6+hxGvq}RS@tN~Hyf|v0W|t{#pap*HsE22;bA3Qkel>WAv?D#V$pfYq$%Q<^Jr{=
zqJ#%eIv8@pFj=a30NLq=Gl~&L(Le^C&%iSp%UA)^OWfCzf($4_wZ2K1t~RU^t%B|g
zoRs7+Vr#DcPHsEAh%a5%1ed8ww$pBLiN`7@yol8L*Rt)oc#nf=NCWh+@xRGLgQkm^
zgp<h;4{jRrY=;{IS<P7$aBP~$J*CNH5==O6Zd|1`3>Ph@i(kGOfF51nE<v@UIc~VC
zYZS6sr?gMc+iCt+GgMM717ASTAy*3lqb|=>oN--#D3-QKSR1k&G59qT;myA^1M{CU
z8!$17ppZL_zI+M&&!jB-j#ihwsPlhy*=N_Zy6g`vPA+@n;?!l|(QMhLv1K<X?fuWL
z|L*_2^}njw`i~yT*T4S1wf=>n*Qo1a=}*#{!9nRjNO8wEMYmo^uC<cf;*xQ#Nm4N>
z3rVe-W|}q=TU%=-b*+Q3<XXdU2gq!#7cFG#i))>=h^_nOw)k|u)+zk{|Ll6N{PKTq
zz1ufi?>n7ry}v#C-&$|~ywo*bD$s!)jW*Dp4>Zu8M~P9&p5F^(U-Y+hbdI{Wl`?wX
zSeEyCO5Pt?UO$%ikCeQ>vb^>z@BNfKlqRQ2zehnYquCA3h2o>gi8ep+pIkpwhz_{e
zyiD&#Lz!E#jMzfBE*i@?uuS8n=4H?od7?}QEc5rK=4JkFEED|%%KWy8bAm`%WFtFx
z8%hXFDMZ(Xc}aG0{!fu8>yVQF>O7qj18VS>b@l{%>^BGyCd2uCXL}(*-NkQgN!{Hx
z?@E;71Ko8>u|I2v@xVj}0wXL2HB!a6?vE{NN3Snu{g)*llN_SUrL%n$PDs5<AOZZ_
zME(VHveOuCNuhS&eHDLS#ovW=A)$~#QG>$6e|;nJ&TrC?Vk6vZZ=@aA;d4l)J|t&g
zsvlk5qXQBiZ-}~~LN`vgLmCzRlLQ(v=kEoMJa;gBKEu3BGF378m{&a&uXe93Vzu{$
z+GDFp1mX@2%R%LraSsjFWgT4zryM~2QEV8>&xDoLzVrbgKaW&1x_J8ad)E-(Lb_BH
zjxE~ek=+v{@B$o^dQ3Yt9X+JbCm0m;X)AJnj$K;xKfA-^2O82{;tM4FeCa?B0d>Ei
z;!#+!TB)5ayGGC{Wy;9m8J8eKRx6e+Nb4w;KE&^BkM8RsxYf<>rDsi1)cla4=V^L(
zN~k-Bv|r`{H~1ldHJ3bvJG?Sn7NRep6dPOE_^xqGT4#H5MD@ejh<f3Oey(@v7pWf{
z%1wT-ntyQOu6R5)ol4Jmx7m~pF-)0<mtT+N2U7X+A5v-`)<0SLkG%A%yIPk-1;3!c
zwWA(9O*rcLj1<lk6?94Ji(;HxE!wwtVSp+IC~G?lBuy;?h=CKV8#W|*s_53v<EYt?
zLHh<}PRM9$lhzI;h82&N3RjN@DqS{GL($pw8#A~@1gs=ECZ*smek-ooyLVxDmmSD=
zmeHAUPFv;bPD~n^4kQF%oV880Cs@IMoAbe~v%nkLB>Ii_t=exs03NH-)nkSadOX)R
z=b=Q8UpBKIJL18;0G^e!pE<snMhY+{c1F&|4v!v#`U$m&Gm7!bX%?=KjRY(karbo7
z9{XY_r%@1?S=aVZSM>_3S)#`Ki*9v|{l&vaJGzGTx8zCa@4T6b{sIP>Iz)zUUrg7#
zz4W3<?{{{Zp&9bw6`qb}82h#7+`v%TN#~l0dZ^zRl|%3M`@0PN&SiQPQkt>flUd?4
zt~9fp`fW+{8%@)+!O(B%!+G~T`p^US`DP-el9=e?^dxAkGImrTN@q=DqO;$+uGCqJ
zv9m9+eyvUEY#B?e;+<`1)>(`pq&@Tg&;%})K73^6llRVlXijRUH>UAUhnR|<xaLU`
z00`-Zwi*P(Oka1!&QI8B=)8q#tmLK}JD<lA^SK(!Ed1SYRig8#GoWpLkI%G!CUhG+
z4e*jZCn-7WY3TY(hOW;xcD>fv_4`L(sq3qD7`ncI_41{ZuCHc^Z}6_~!C$6wb6!Xa
zpx~@g!WlgsaLjyijESPKTblJtcE69)tEKZ71QzYw7wiQ=T#J5znwxR$ApM@yzQN3p
zJ{mxamF1+I>pUQq4&rj420afGhx0_iWJoOFi56qxSe|G#CXP25Fq58mGf%8CBnC$!
zH8|r!bLuOnfl)Wb+T*Z{(XJ^vFd2kfuM?v0rYO6#q2!)IbmGNUlTV~1TPQhOh^m)b
zP43rdOumYee<DObW9LY(ni-c>jY(&De@V&v6U#e#obujD$@?eE`;6tSPsv-y^4?;3
zpQhwhu)JTfyxl2zyPDD6e8t7*vzqjo?eZ?nY+5tIH&L#sQ7?D=9VmCQ@iOINiE^8;
z+;^8Nw<l5V6)d;qa^*HB%K5O|n#+}YCs9tpa(`}2($zrIZXEzSXXsHoCv0OqAnhju
zk<RUoubtra=m2~jAPCLqN~C?yKYS(P`h(6oalQ3OQVe_d4Opi+g;4*;!;B<hcZ~Vk
z?+xXphbOcszvy8W4+7=02^Zha)Bc+i`e~nSc2G1G3GK0ip9{=AR6fcbU3jemWQkO{
zdFlG6NoA7=>7O?9|AG2wGm`pfPi{tiH2uB?gO+Tvd7USGw~bv|Fj!bnBV$zIBst~#
zPAaXryt@5*#FcB_9xBA%(+5K0eGL8^9UEs0m5*f1<iJ6bRR4_>F0e>}$_DM!CbACD
zQdQ^>{-Xfn{+Y=ZAArQ)QKB!II5!oEJoCK{B6jFZbnf@fu}u621CN)1WomwCUZ%Uo
z${;G!4!#9t+G@?qbktZwxmp<(h#w{Eg4eDp610_Msxay$e13*KufXSd?0G3ZKMc>&
z4a5pnYJ*D7#bXxTn?A`?_%($2BUD(UV&#bgA->gcAk=L&90-TE8V-a#`~?X&?KA#D
zwXWaFl*Iaz(4yQ?6TKnvG&S+`bmD1c;_0{W6t(bf&z}k1?iVFS4_;@%E5#qcWGg=1
z##1KJZ(>x@?P=_b8&lJ@zSK#)1Ik<n<35LF)1Yj$(Zpu}^J+h2x?i>^-Jh~#TlA?k
zA!X{eB#IRqi%r4cUicclE18_94N%Cvn>I8&63&6N)CphwA=5_tm=06z396YB4V;q&
z^uj)%Me!y+z!O%x2|wUAggPsn_<$C!N8$s4<P-dZRf3V1{+Lc-trpo09=!k)@f6nf
zt{p1qOoX<Lzu>8>Mb@(3k|u<+fhov|rQ_fgBS7ColswxHMt{1MtB{y@;j@Og*IDmB
z8NJ$+m=l7ohu4x8TnSymlw;XxEaf4Vl4#!z$x%dvQ5=5sGyH?6STurv&>>tD1O1U6
zVe}tDq7}Sj)6DR3EQ5zYO<b?7FLUsvEybC98dr0vkX+>0&teaz?59{hf?MVN3>-J`
z-w)`wJa&C76MuTfGVrGxuccT!Ix`+;N`{L*;IO34{Q$KT6Af7sQ2B5#wi-B6?QZ@;
zN=CE0^LsI^LS{g=?dMFr>2mQ`X{u4hJ5&THbCyL3EwC!iMlq<iVIJJWETl8V#2|4E
zJ0X?u4Z%Tp@isQWYhpY*#v{JR;MB?dcK~ngUfV}Mgn$}mb#+j3;SfDBBOYh<k^?+w
z*xCkZWsi;S*HO2$AWbZNjtFSrp9ArEVjzxOZY6xwN#KSROn+f#<^6(~Yi=uMv3pZw
z8!hB4xdQ2STINx=;?<TnO$mF<BsLwM)eo8bIxW37JBTfudZccN!5Mh0?4{c`I=`r2
z{UEWxB$oDKSIRsrS7@@8#X{7I#!-|e)N1=&BGJLE6WGDTw9wIN92&U6bptY!|4A&t
zBE6Q`R;{hlowm%x4CA=lUS{0iRHTlZ$6)s{WfdCsxT%9tMrT3QvqUqFUD~!+SyWew
zpuwXXOPUloZx)|<29lO7v|PF^e~QCbKxx6pAuTl3a&i4_Lx)Up)QM|+mU!Ttqup-b
zwJiC@VJXQ#)*EV3!lQcjEE0S_g@@dnA_434^-rm<5I(GRwA&%RSO$gCq0k#9e_MF0
z=~G0eQ3E@T2AuR7qw`D4d@hXoqE;enHWdK>hW{8!`o-a58(uK@uL9P#t$VpSC)SaC
zUy|LqrEat!JNJvF?a*Hl`jPVj!K1MWnw`yd;uoE|6Xlcb4LzaJBI7=UIlFUkceV`u
zXs$Cdua`*$FdronE`^j)A$xLrmfe+SvoO-A?J<j#VVKcNMkmVz%3i>4@nQD4cL&^9
zq~%x1&~rNb;LYoq-VS3b7j;6EN>RPg|GHx^Nl1ywLpcfG2r7$xqf1lq{S998+sT@5
zvQ19N0N1sna*R&Zp1X@(2&3V?_U+5;$f)L=maKk<&>Z4&rSJ_8_eZF{#guYebW|+8
zm8WDUQl{~g+(gP<CP8RsAMCeaWaK<pKA8M{H^8cdy`5qI0-5cF4VROH;6V3!wB!D>
z4^s%RXs3GWq_ts3`|mPtaxoZS>MCy@nDH-cJjLgyU&I|<p^f?roH66sHw);S?BqAS
zAaMpI4o)TxO0B5#B}VblwmkVd)MjdNgK%fuQ0BAOhceX5h}*y@6SeSQvV{^zJiZ?j
z=Oz>9K;qYwxFngl7!o(`Cx-616ow9iOt>q@5ku-#2aT;L9Ap!s2V3-P0O#-Wv|-rw
z9xX05dL#;T#sVE$6zGsBQ1==XXlilA(mqjOCl<Jbtk*J%x|$MkqwCIox)PDR$*4s1
zzD-xkR1YvEqRQ=O=rD9^Xl*q71smzl-O!tt`;hiA6wW|u<9EDp7bqN?X*{NLV}140
zSlj)UZWZu3f67gq(0STgo@UYh`4+Qr7#A2R#Ja`0CW^esGj0fs)QJg;wv;E@AhFf+
znl4r0s8&L=vZauVlv0c761^VfsN_~g2`{$Dm77Qcqb_82Tvm*)9-GAcZ{Xd)$fTkn
zI+P4|IFt>iaq)CKq#!RnC2!U)ub>r9N9V(vZRi)JSPVW#7K4w$|J$qz6T-$ZK!kTR
z5gstj=@oeLUC{0-jK__5fTC#N#7`4T+tbMh++Qd^dDX=l?caa0pl!bk?+WHwnJ(kf
z6#`O{zN?lleh?t|YBQrN`vdeWU6d|}%khfQ11AA+(3=bC1P%U<pNA55?rpp=AVV%f
zvkHrBpN;64iL=8Qw=S3@FdaM`gpU~q%+lI;@%$`6rQdD65dVIw1;!#qILyQSa`g2z
zKSr6UnDe9*8kpm|D|!b7CH3cG&jzrbl_EWBm^r|0CcFU&VKm#5(9R!v$uxi0jy2Ao
zdQhK2u{51Ws(Mfkjk78PX1mbR!~M{?@76rFSAw<SSIhNU)x^YYQy+r$ljL{?r}=(p
zMVobJD^2(?;O)R1G59Kx&?GN_G<RU}Y+*^39BPwPNB#+lkckX>Owfl^dTxPTo0M$0
zx886Q#TkI6+hfx;cf^6S)A}Y0X0#~yT~8>u>5dkCr0$jWqch|&!7YB^Pk^HKl{Zmg
zn-&$mixtkjBNZ-jV~C}j@Dr%1Q=+D)@9xKRk%tF*vK3L?tw6LG+{lz-?*E4HYr4sZ
zU*oiK7YWU`)+=9*7qsX!ATgZ`x#xWIug{@vml$@OrM>$qV8;!t%@cd@tAgZLBO&n{
zO1wLnI2{r<?V;X1n}YqH5t?74zuu@fqhK??W^&2rsK&>WH9nU5Re6*C)z$dbdo7Uv
zs~7bGXa9iaZ!PZNhbC(H5)0(CtbvbT)ZV2UF45_LcroR47{2i7B1H0y@PoL<_TjZ0
z$&W!s>HRGX$qzmRNPbXkAjiPdw5GqJ_XYkcX(#{65b|@20DT*UCU^$y;+YRa=4JfD
z=b{}JXRfBrmPSrnAO^1?Z7L~O8X#q(2baQ!4*vabfBTy|@I!+eubNp{sL|f=e4u+e
zY<zaSU__0lw2y9!$35umts0#p%-F<z`D7!&TF?}#hpg^1=raN{C8&`|w9O-19zc_&
z^uVFE;V!=nRJS!%g@;Y%+(0gZ`s(qCO=C`M8q%xm@QZ6<%eZc1fNwEK>-<;A@y+h|
z=l);E1_OvZu=`)Z?~*TY?b>MdufQ}{@}}|1d(^E)a|j&fm$$~_frU9e1aT#qD8qNi
z26Vg@4{!8L(S!MCbd*W)a&b+WY}$+p-q~W{!!#s}2Vf}3Llkl7APHGcV)UvyE%Rk=
z7q5P*s3%=Z8!h59M1}&>U_Zh9k6?}zXv!9!L74!JKytqYl*yjk)^RS1YToLJz>#WF
z6hdcrRx!(E6SH73v2^egfhiGXV_qKQ<wG81xy0a~c$N#ZCPUUV$eI;sDrRb$m{p8f
zvmtANm_;TQ%bJi4@I4Iaq=f^&VbYb)T1v!!*8j)em&Zj_wU6InQB-h7(;Tf7iwtuE
zwE~xf1ih1kqFG_(u7q!<q(fn8qJTLKlYZZ<Y`5LstZdQLEWribD$G*U+{*IOxKJ+O
z#{AB++&lNq3~2A$_x=9!>+?zGp65B|JZFE-bDm}XQp5t5-jM=WOBic8VXY#p&4>le
zxuY#$6*E>jVO0<o-W<Uzs0rG9c9Yc+m+VxM^AFYB>26^f<n9wo{?lCcTf{CH84p1}
zZHZMmCv1sIPHU95-0AMqRW^MqJOA{}zf^Zh7bzKR%4<bg4IS<M{B5V0S2j(V-&ppR
z%HH)h@8+BnX->svQsnC0c2k+S_%@t2J>F};kGwr)eq=B4!+yIdWxl<a34eyb&k+0>
z3O_^fXBhkp!=K^sGaP?5fS(QUXG8cYW>)0ww)_&16Gx;amgKz1?|3=gILOaTh=NcH
zY7MU5K^8%4^UBc5>AFW9XKZOotX1+9i#3tHv)(nak=Dd7FN!s>$}hML_}XztwHxNQ
zI*eGAONXII_?<HYB*g_9^UgBmhg^#PwLQ1D<nghX*S$lV){5NTlAnLUbZ{)$@gf)z
zf<a7vO*3;*7&>6t1%{*GQ)@6j!wrgn5Z5xf)s{Q%H{REFh|4mBLF=<2#bpaiaormx
zyY8t;aorJ?nz&<@B{gyVtZQUf6Hg|s-_*pCS-oXfsHcM(KRpzZ#45Z>b`GfV3<&Vg
z-UI@MdAe%xA(}vugg>|jV%hlN_ZHM{uzA0=BWqO^5O1J~AQL=gn~nj0Y;)Z$kvF=H
z5s7z(%{-aro>gPO&#jU3i)(rh37dJ!mRL5usm<9>c3M0uGg*Jy3){>)7(GPoNsIZJ
zHK;mM3y&&=6}8Aq*T6e0;3%Q8I~{|(?5LEzn?)BUpWPT?E<6nN<!?2~&hNDN4{6SA
zgPmdf<ouH+^W4$Mm4#ifft^atlXuyi=S4pn+Beu8c{j|Q!LDmX#%p(`Ik(zG|Hck+
zM>ZeqdSF|`V3&QHB~|o6YVSc|v&sP<jsVZM?0+|LOHLEJD{`k;^V@9B9k#@C=4T!Q
zYZF&`7})!|M|f=|o_=YjZ8q;V+l~u^T|M`uCf*Zf7L(oU9qjD6EzP;dmUv<Ik9dK#
zIcx58w%8!&R|@)H#|~{F%H1p{ZhrDN@z<Yzv8SY>j-xB`!eAIkXN{a#HY-+aNFvRC
z0oLXPi)(gRa_<>ovvvSFlK&m|SBmS-FoVB8_dr3f($8k95xb3TN6lbYiw&t_q|NTJ
zz>zy!T(CRKY>Ar%y>|h<`4=0_>JSj1Oe-(`d)XPbQ_epZ@#J3FHK0b!CzyxeuM1-f
z?E$xa;KL^08#;5G?7r74m;5dkbyzE^J~e)e=LSQ2TclBYTkIU{gs$0P7xVk(LGBif
z?5^QEA->Q~i))x@?=Wm{i!?)f<G(*!5|PthY-F|a4zHYeKBuMZ?$aE4Ni5qw;s9=e
z<BI_i1S9Kp<@)u{9o{r&iET%v=$LKEiI0npX+s?&rodKPevRp|eU%NoXp*k(AL`xI
z?z&Cz8&fPO_kR;^1*HQlCY!4*Xrn3ZZ=pL`fyrlXlV4_~3#uy=&9%Wa_WcI|&+!;I
zmlA18>)X)o?Yeg9U_8{$s+!8CxcWOpciUZq$e!nG;H{PW|3Qjd7J4)5?CjwaF{v+%
zf;a2C<{RXM?=kS{B($Px-@Fy8{j3$p32s^6imUyjr%A9Iq8sz%{PiudCgm}~RM;RM
zp$qSe=5>*{S1YgoQ+2{Ked2h>q^VOzgWH|5q-gNMqp6CxahtM(3l<EzjV9@WZ&c!z
zYWf~2F>$3SG3glKCj&Hv(aRDISomNhQM8t9jk*!5s~q0kkwg>9ZJ&~jkwt%I#lhf6
zFjR|*H69wLw@)(x+EJPmBUL^?*OS8S^&Vv(QlDF&6-U_{M#g<VbM{u{yy%q5Z)^GO
z2FP3dNsU)~>WEclyrv3Qrt&X~GVwJ!w=O**jx!$@Zc*$EIPyqu^al_Ab@R`MK6aP0
zTnyg&a7{DQdq`aGn|?7)^4uc3+S;78<ln3FSMieB5(;huU>-STi_O`<(^4isW>L!8
zcjE=?k1iD&3SN_4^BUth-UYru?XKAt2;tL76zyrAX?zdAp!d%*35q;wbB&6CM|aWg
zgV^ttLq$6N(iQI)FU9WsCJp=(Zi9<O5;zfdH6+=y>t;~JX?o#yVvpgqzadJzAuOA6
z&oU4qPL8p-dH~uNw|B!&tIc&AeDCJ(Xt0ligwor)p^P^VC)nheSXUe*&*tR$oE%5V
zSt1#{w}Ogm65f~2-;NV90(FmM)E@vx#l@ihaNeeW3gO8(E6@ZE1K$QX*l|iav9gxB
zfKx4o)aNAqla887eq;=e(Z$UEU`yRPHwy?B)E&)qf(3O)b1%Vyx})h$u%PZ}+7aw>
z?r65~l4_{Dw*cIv1YDNC))3|a!p8v!pJ@ma0paZcgryon$^uqWHzK^MA>056&jcX+
zQ$q*=gnZw+k5d-D#IjRm-b?C|pZSvd06Og@b@6Atq{>rAy+o`1?87KFg?LHGN1aqs
z1Oz;Xp9JvkhkL8<bsTS%f-!Gr5vi-6t2-6=VQ+fbuz+T^@_KKc$fAr5)#@B(uYA54
zoG{QExSh5QxD>Qk!x6%g7Q-r+1$i&%fr&Tz5@QTI>c6P(O5I{dea!%QlOW3g^1QYk
z_I*+9sva*=S8bcDlQ6gC#FZkE&hI+<M^-y%Z7=R18+6b|y?h<?=Gi(ssMUaftAlPT
z4bnl)ORuDZ-YKf9gIq<14!U-++Cj}1Q(ye+AzcSudVvz3dx-Bx>9E7P5|osZj#9=3
zxKaIn$60S(@*cZ$6GqiN<=dL0UEOg<29GC05^0|mvkmv%e*A4!_uavXzW%-AjM~4U
zyopBpdU%Cis;>5DkAObEHK5NE{cf0|hnH`J9=^rb!#zdf%b3{Lm)J)n&cj5TFHtu1
zcpmk5YnNE)k9href=9gSPEhl-Ko}Q*Fiu0*4G4F6wXMRcOnhG54DNqk9l)W_(^yqb
z!U4=w<I&)L(DQlSeo!{)a{GaK9nbeyZc{e|^A}>myKnOi$S0@jobVm`|63FO)(t@>
zeESVoGT}dW)-~Z@avCOlr{~oEYX2Pd*Xk_YgpcIJx3h?Uy8L{Gt-*DVVqi0rGjB12
zA-WBx_V8PIYMZ~HsonopUr#>xXFXGUZ}Q(awSO!LGPR3Kf=ulXO0HyT-#-5`Q~SF4
zmzmlZpYosDPd}?p?Yw8zp?dUL8kMFG($v=LOVRuu{;Y0(AI;R}_Z9Msx<OR^J04Zy
z-t3`{8M28Bdoo)nE_FDlvpFHwypjfWN>3x77$>_R5WB)fo>ca~(Zk3ZPOhS%x2y>d
zWDO7Y3&I-S>(3hI+~?00=8O%PFb@Sxn4CbSZ{<1|^jzPdKPD32SclwKo}T;i%oc$8
z1ekAN%L<5Pn@ljb0p=uFI>G*FfISny&b9QaPa745VvaNjm_!XUgf9T0I)K-zu2m79
z2LvSmLD3L$0AWu6!X6D_I3R4*b89~@RJpZ^g(|o9?Lw7X+qh7j#cLMQ+#NQ7=dLln
zInUok3w87NrU}94uQ(UYsGnwcJr)7MM^G5sakISIXH~q}T+kWi_dkNZ8iaJtuQ5Sr
z-~1h5L~gQ!ld9i)>D<YiQ_st$61(}1^Qv+2O&_Ciu`5+f>ceO~3>s7&&pE@IP}rH2
zCSnFd+?kXn6jL=dLgu(Lj=p48ton0{NOq=)8>I|^s?$K7$_h@=%*~QSjwCC00ox59
z$|;ABw8Y;W{h(O5zq-O=lAZXxAliy$V03JoGu6tG&D6NqYUs7J#M3#ONnf$);&{FX
zIjweQRs{H%ab{Tj;$qA0z7r1&kdz?@PkRIO0WlJ1Ed?)j547-Zu@bH{w%%XBi-V(s
zj9wp1_|}hJAD*Y57F+&PfGBqJ3!bZO?scfJ;2s_$_@}<Gv>%8;aZhZiSidF`m5_;>
z;+R9ClG3DWr-RYeq-hRKK(f(90+Iwj7u^=R!cY1z9-p0)>`t+905>ICPR_Z}m1}rx
zUkQJwi{C%>q2DM(F~R<q1x11NbvDR(qMB)bxQ{BYJJApK5{aA9RHe2w&p_>@hqHY~
zc%<P>u87fNGEuo<Sv*;<Vsf01MpfxHJiaffXcg1v&wc0<o^MJ?rPl<?UZ_9mT&8y{
z4ulW4XoOcQzs*O&L17mJMB5`tK$L(8tM@e|0a5WvGX4Qdm8+JJN_2wKXh{%h(Ia_c
zy-SXp*$m>!yw&<??F2Ehxv@5=?akU+6gOSHrvBIPEZz~DD({E^sT|=YU#IeInzlDK
zE#Y;wX<c7OeRR)Fs7YL{G%f0ZT7{3+)_D2dm-C!<`5cBSE_H7^Abuqk9Cw&K|Iiq$
ztqe_2%3rHtHQuXxk^b%A(YOb~TzbnzRW<Qd1$m0Jvgf+gU9}>Sa$81gj9Rp^ffFx`
zs@q@wQhezg9+L%|rWmD$`MC*_`I-C0cstM7S)&YG*l*?)l^(y3C9!Glsa9AGt;E8&
zqyKw;&v0eMts@%}SOHfn+h+BU#FPgKCMbCqu0+ivuwipw`?6f}OBh(a*<6n6B3P{v
z#7f|}oj98Zp6$Uh87Hv~+WG>=;PegaL7Uo|4eaokmdfB+aJFm`%ML6_Cr!!DK^knJ
zjbz#{i+w>RN9!k*4Ij3V*r({w2vUi4mMR|}vtmu;-^osKa1)pyJ5g0dwOdpRS1VbJ
zMzh6ey1~MAcuWgr)l8%cEJkyHuBkbWY@}-o8eI}mC@Fi=pC~I3Wo4o=OcXyhnqpp2
zNXW@#?l*>r$TRWkpKtOx+E;zsbI=1I>MG@inJ`Y*IC92L=KWNV1iBEpq6WLUFjZ#|
zy4gfq)fl_8vhaA$&0G*XcmDK*7C^yRl)3PD81+v%ky53SR%7zH)mMGjYsR0$W11`T
zq0H4&ADuXD+N23+@rmVa4e?Qwz;4MikRr#;oF6E<^9fa`?kgdkN*EtX6eW@Q=@`}F
zd{&6hTfXXu9{JDJQ6^$SvmoY+JNzlLO;X<fq@$GlRUE2viFs}0U+&18**RNs+;m52
ziuik{E2Z-o%~b~Qdw05Kc9!Wdp0h9>5fT_7r`MhCo}K0VQp+9Yl_{O$P+v9bt*6IH
z-WDZLUYr-uBUJPlan3Ewd8TqTv5}2dz-E}L^SUwnV~;EVRi6W3kRGtfGZ^$g5ir!?
zrvn7}o^<0jIuYM@epAMXo&{wjKc+B;!N~y53II1|@bv(`R7(MVbnm5_ew^r`T2Arx
zS%gtdSfn)9EaKFZYfU;iE~a$glmsm$j#HAflwOeH-M|NyB#)O9<iu^}qMN}}3D{Qq
z&YdtkcdnHxdw>;ZDkrDXd6X*7qt}h;X!V)eR;p}gFz?j7s=poF>a!iGQ6+tb_knK=
z_kk@m$T0*fH^8<NEP`M=4Y2PBcI?wS%rph8oM8J5u-ydvoM49xu%8IFm|(veVDKg#
zq-pa4RE1mC(zIwYLrjZ^fSX1HgOBA3@Pz;^U`PS*Hvm2n06uX^eN9>h2nPcY4r&N4
zKqwDDC})HS<sX1h5`a*mA=m)n(@Q}|`r>(1K!bx<ueKrX++dXix@I5b3r1pJB`6kh
zGVE>2B1&GMCeMt?Rr2yx|KpG56SL6tUT_ay7QYXU=G@9%gw3CDpu>?-`GK13c}QPH
z^7CYghh+5R56Gb0#2=_&-sXAYT5=VO`1P5IG~rIq1$!tg6>Pc^LNpc{43>7yRquV<
z=k_4QP)}<gWu6ZFn+PN>>P^4|C@})h&Q;ka=Ulbfv**I4@U(eRalyWvs|$*AnlH5F
zmo5ZO&G8)Ahy9jw61t`OZc=U;-Q}#;?|y0EhZ0bI#f!oZ**(O9fn;zCnuknl?|JHd
zMr<un@!f&L5(kSrs+4|;ixVP7+ni@T*URp&={~cF3UQu-!~3B)Ks|tAyrCkvSfm^8
zHj5qFZ6O!gmI=PcU(k2e$fE0w$}w1yU9;ox#0Hbs{@$*tdw?wFw?M7gZI5X}J_3|S
z7OD}l*v_Mr?h?pb=xz~sIFr8fD{O8*JVsUn$9Sfz$Lr{aCpxmGPMFStW2TOVYtCpx
z;FxCN6yI?S#<@YJQm|ii;rae`xbVD99z2{0pus0@XxZAWhiv-8J#lo+iKfq2_%oK6
z2-wz5;3Xo#MD0kR^dzGHmQkVFt>>gt^#tB}vemZba@(4$YeH=^Yi%1pcJgFsAHB!7
zgLZ0-x{LXmTy76v;6k`PdE6ddQ}T%Ra;AMDea_*}#YFNFwJA%vDN8ARIXC6m5M5Jl
zq^2BFo1&Q18z?s=Wt!TQ2PZm4Pn-Bi4mTxd;&k85`E_Q96mCi^HRZO~s3}!}O{pT<
zS1|1o`lt-g<j)9>_!7cRv4&7ntdt&2MoqVDHtCvj-{aVnbT!IP21ogcQne&zJYsCh
z^la9Wm^x*;Z=rZXs41A;7oThLtJIV+ApuPpL$trdv}e=jApXoHlJnH2%;%=er}Tx~
zluMGXDGO#`Q;OB5Z04p!s!jPQTT}RO<c#x8uxMOIYEy3GrflY>Sg9#*yh2SW4{S;~
z(LS4LKSZB#{HYMhRUsT=tcIIXL+NbabxU_i7h-H<E;a>xoq&YkKsb4<g>8r&hWrsq
zobedt#dk?e0OTsi7VtR&9|!pZrkC<Pf55U)Ht`4A5wGG841@8(f|>yFzPYfs-Zo52
zP1f6oX{iJC45F5rre_JY)Vny<s2DIpq~^_xNoRRR#+Ax55<)L0&xk)CG!#ySA-M@A
z-yl^!e<5h{od)(%)4{0?p8P3smA@~oTY=%*rFAPXe7dx51%~IB)~&$s_|m!+7)C9<
zA_ayfnzsLMQ`pqYh#+YQn*iaD0E9D|ox<CI@LK@F?;1irAndD?QOr`tO$o{<{-7Zw
z1HvYbr*kAmi>HI@;)f#Lx+p8st&259x^?kkk#1cqDblTrXNyQQbv=j2nLeWj${_c7
zYB)TO^Pn<nhANe^D#OHY&rJ}YF&eX+RFXK$Qhk<AT9#;~T|ky7&XS|gQj_b8q67Rn
z%l~s#hOHu3m05k8OEGcKp|2Vf$6UBcBGW8Ti1*jG<@h*nyEr~hCFX_TK%N(vsN7s4
z>d@~xqQ)apmD#96TI%}+83uBOkM$Y4QwE!sfqwzz>58L+7X$Dt8`N73Dulyu@iDb+
zfAX(%MP}SQfoqhv;js#qQciSW$nv&=hUDo0c&_*@<Uw4un;&nryZe6p_&6yw{y50{
zF&1NhkS+5cnvhL)?w1oQ=qR^4FOW|uQKHS|h>Bpt;t8ZS7@^e8)}(9Vl3hv?Hj(XZ
zRM}Eh235Y$AX+;$2`s0}bfPs3CEgFJ4HcY&s;Zd;9iI6T$+6-L!nO20R&)bE?f@nT
zei%sMh{eQvsu3@Nq#7M7%B-GIt~Q29GRW1Cs0|^KraFqkz7GEMpj@rEg6K&w5j_bk
zQky^`wIq`-W+l**Mc>&>5AbUe?)|G{SW1)*8$pIRF5d{TNy?npJ3=Hk#Ir#(U=KWj
zwsLe+Goxb-<fqt4RR*4^v=xwyXylXeh?b>C11BWl_H_)>eNuHIlk9C##`L1kp9FoL
zU*SkwOPz=m#HkcS>(TxUAqpZi3ii#45A@LW8B<UtX%xWdF$Iw7^>?;a_%cy|GYcu8
zyN64C-(a*NrT{NINWloEV7?x05>t?;QXnoFTzwu@&vGTizE>|r!j!QFb^uZy(o2yr
zB}Xqa!j#ztHUzBN#p*N{qQ<g!6Z>f*QBuBOOVVwL-<XRM!QJ)3(4Yb(ILedD24cFc
z3_LhU$)y7Yqp;KnXh49rQe_Ms=hwV}N9f}Q_2frQc)WU-AZ(TaHiKZl5G>CCn@O-T
zg5?`vvkCSA!R8rYa|yP9U`_+9kYLjZR%C$9C)m9NTVQ~>2-cfmiwv-Z1ZzjI7Y(rI
z2o_4P*9@?i2zK;!ge^6|-X_>Kf_-3sy+^Q*3HFfz_Aiq^yE5q_90Mnm#7w~lJP;u8
zdXm9y0Q^V*_(KL?m?*$Y0>JAT{1bpz1c3iw@K*pn5&)Ji5%@I#p9%n<;@q<V{96F{
zw~MN<Y!o2u4nWwgA@l`=%>f9TFRH?_YXM=k9|A3-1*<izvl9f?zXFOmbe`zk4d9&t
ze*5}gAn+;x-x^>%`YwZC1n`R&NHAv#6wHBmt7W$O*w!SQL~U>N@2yJWqLs5#1*0^R
zWNL#{nHsQc$LF$44S0n^b4hZRq3q&cR%NZo`I*TRNqO6|01ddNH>axFJ&ULIK>i?s
zWn)Roys4W0tN2y0FQ+wG$b)_>%fCbow!{N0|GI<aUv27;e<62*0v1x;f^dKakyQ9N
z^;rkSQ6QPpuBVS<K6{Kc+4X1~@j~+~-E@`+>|Ox;xY1z>7cBTi+5)9wXU6k(jQEv>
zPAYL*)IXpXjx{`>j~}bM={Gac^>_)h5q#61>!t^EdRLDF$ycmC3^#f-afdg#Uedgn
zh|jg{CGAnYluj&sMK9+=pP7;hqVSfce+=-wqA!_*cjO3U5ZvKAF39+b9!Ia}{qdH4
zP<i|Xx*h|$$~Sp55#p2$c|l&$(*yLB#6WGd@FcD4QaLsFBY6cqlK=5i5GBH&FtM{Q
zv6FGFIJB4Zhr~!!P7HX}naBth<xW7jN7Y#4cK$kBZRft(#wYbJC)0Ym;h^qG9rL^~
z*>@9pZZe3M(bXHxu!6~|MEUW__{N^on96?wY7*TXnxs93Ta|kzlaA4ee)amdf^*2`
z+y!gEE0#bcyp6|^M3Cp<rBT{Ccr0tucrhKbw0Ve}3O*0}$z}5|n3C7R(}ykpC!E%e
zz&XuXW%(%JS2q=k1s{F_C(A7-;g30`%H|$vMK9k!D^I`QPqNLq#F4i{NPubuk!}(i
z_Q;w#icj_A6`tM0V;Zw3TBX0JEKMwJlr{nFS)&~@K-vV3XtRB*>9h%q;ATSOIXpJV
z0h9B+q74lK+i+|owjs4p3~#tJ@lI&Ou;&K&H)7LLT_flk^a}EMs*G9o(@@bK)J0pY
zEX-`Aj>2Oj>)s8<@or!>sdB$)m`n~Q3CqxtCG7^0up7XSI1t^JCRz1z<&81455&>u
z-EHYpCr(Dunar|T_Hv!hvf1im1AL-0=fobqr+9aG^m&<;Yw)gM38A}!RT=v%Z4Bs}
z?em#*aG-L@doxvqlvig4?h@uga5g9Qh54q-iJL}V0xmL@{q{_h`j@8MXcZ@GaQCuj
zf@3EK-(H@g?d6}(*RO*!oHvR_N_#Pim8t3_o7=ti30=ECenM^cJ5Ly;9fetRgFn7k
zcZ1K)@@*Is#BWb?5M4B3=&&rGlwv@ZdTZ~KrE2JO;Jdy>iG{+UT5+DL@`sowSpEQe
z)_c8K2mqv=e^4!}>cJj(4$SXehd-X!5W4@5G2Z{H8qxh9owB-%cv9J8GFTX(o}b{D
z0<Mf%lpc-p09USF6wp+;|300*%^`DPX&8me(a8bK5!$Ozx-2@e2Dk}us{@W~)Jwn2
zAxYFtMO~;mAwZOJVg#;!gMN*ua}v}UIunEdq<JU9n2mi}f9ZA}g)4X37OSS52K2~8
z$F(tPuvG2s$w_Zd>b{`9>F5Lik;-Ty$4{|F5cFrLq-g;r0WCK^9ZUeQZZlCs1MmO|
zB&-x;(@CpadoOa*dy%@Z)rT2f_cT$y%TQ$`>N}pG#^yY3E_@<XCy^lYQ;2b_q&4h@
zB8XK?K>}-MJ`jU}$%?7QLn;M|$)`%AzNf5#*|6HoB8V~MynAi6EGg0g6hI)B-Q9OY
z);J0DAI*6CrneXuJ=SOriWY{^?YqWz|9_Zn--=0xwkd>e--nQFy#E*bBoK#G3B)RW
zo)1It{=Zz4KrB}!5KHuEH!}tEH3~*B1-W{(Czyh49|h??3bIuSWPP6TL_v~9L6S;A
zoE~i>OJS@U1-mE58+?x=T0B!A`6z%1%oIo}1+>UHPivw87Zy@LXQ9qnIiihX3h+2a
z3hrhK7VFWDvJ8Zrv!V<no2!Q;JUFs6>>o|Krw&XxsF#6YN~K;-f+?r;G7wBb7r5+_
z851J(POUJdIj5v+Dc53(nDOAqBS1_dJO6}jGFndj)?CyE^l!ci3o0(T;ezjkvateA
zGHT$=@`I4T1axptU#LUGGMSts?O1@f`vxKU+kFV?n)O{luto-0IKf^dSfl|KL9kf_
zGaFz{2sV~r%?+@o1WP4YO9QMK!8#JmYJjyMSQNpoF~C|8?2l&<*46-PL$DtS*4_ZS
zj$o?^*1-U~o?x#MtdjwD6T#*XEY1MyOt6UryTt&DCzy?32?khCf^{KSZv*T$f;A)9
z?FLvcf}L?AEZG3-ORzlzOEJJeGtf^@2?Pbs6UzAEpr;fdRJfVJDFD7M06c=hHv-rm
z0G`6&1^^x#0DhIhNAC*i4eL_|ZwBx?0pP<7ejmU;1c0j;{4{`n2>}1X;D-RbD*(Lf
zf_DD{gt7pHG7X_4Agl^NSam@a8btuY`vC|`HH4$XSYl&DKpBqnH)S(`ivqw!41OQL
zvje~_&vE+!9C6McoXg;c0Q^t@cpro90RA=reEWF<cL8ubDS^cXQ39J8lcl^rQhi8z
zeI(tDZ;NNOu1bsuhrgaue|d(|pCpz$!6B>UWD^?==be(pALs%4{%qo@vy`Fy%c9&i
z5`<91&UPB9UaZ@XB>&vRi=@P4s8XtHH7Qk+a`6GUSsztSKR|k28RQA=*9X)#>;pjJ
z8Pd_ZzMwd#t)G1l$*VR_1$os8l2;9kBYD-w4eQs}`fu>lO@{nsetPMIf0v(rZSY^<
zr<=_V<fkuv^>^~q=D}CWPyhI2Fn)UKSAQ=*Jv;5M^3#_tbp3ny>1T}m^vvUepI)AC
z;HMjn{CD_i*SP;{e!9`P|7(8wsj>gp{B-!(|IbhVFY(iJ3hL&kCl=JrPumLW=BK+9
z)Xh&fE2x{FK9gTJKfNcvZhrc!{JQz+H}dP|rwjAz=BFp+*Ue9-<=4$m$LH70Pq)mk
zo1Z>6w{CuV|J=Iy>5{p1^V9Flt(%{A&izaL^i{Tc`RUVgz5Mi#a=rZYO1WNs`USaO
zemYmKm!BRX*UL}$lI!KCuaPgqPoE!n8Gd@tz{~K{s|H?%pMGIrz5I0Uz<T-V5d-Vx
zr+W>om!H07V7>hG#R2v5)B6Wpo}V5uOyxy~3?qK}=#77spT2RTj-R$p)bZ0zCaV0j
zX`;$cA06uBr}qt2`RN@)uYjLkHkA13w}%?|>F0*3ZEy{}B7WL2LB~&5$ME~_#WVi=
zH26OwH+-WkqQGm|1K;iBp3V|~R@u5q?C;?EtzaK`eq)bj`uslsX&tu62LEXXCi(kM
zJ2tg`|7kNvT*iNzk>0j`^nMK-htjGJl2iQYowwOY@9hEf_PGqb+cW+Wy{(P(#wkDT
z4o0dmzmMME%8c~BmgP@x(Ukh>z4kw(cl*J=Lhk@SdTSr_r}w9a>!)|}y?=?`AoI7)
z&sRQw-z_!LJ1T(Q&X=Kg?LB|P{C)8770%xVe)N8w=}+&>$@SA4`Pb+Tm=BYy{>psF
z++?J;Z2-O7AF7|;2k!n4={@pS=q=r7r1!~*{`6jZ8G4ruub*C{Jj0~=L>*uSedtAk
znVz2#6DbI`njnM%IoFU#%rRL&HG6!Udx#Z;7;&lb$Bp*1xpA`TAT&QefiB^WCQ65?
zZ6r@4kasBCra<8C4G<GTcE#$h+f5bA?I`+C6@Jp37tv}O3}e!q)ns~|!X8Ld#9_Sf
zSXb7DbYjp9d|3yZdAjv;{ET#RogqGRRfS{KhF>RmiBkUA7eg}%0vt24N%j(jdc37p
zJL)G<+{W|>y6!s<DAI>kj8%lHJZkN+eB-zCjbGAv!2nAq$){wj8ts$5&Lh5CpDb?t
ztq+PD|JT#$#t&F&&e}BRQFK&fci$M9X1M&T7hj8ZqxG5#2eK+_jdtyPW*A@oB^_E4
zUpo(}1W>$3ar4~Bl+)#3p9f}69ytr)%fEW@U7|-jY~stmMnU8-@&J>o;XveH^GXb9
zf{jndip95AcL^1E$0fskSEN*PO01S*GTwJZN)t|r)>2xUG-cTY?bf=1RAq0!B<`vO
zA^N+jrf)C<wG#&Ly|Y0W-a7|~OYC0Kh;8&J-ai_f^!JYjCcK**&p}v}0oI6MI|ybm
zz#<8@f?!t}U}l27NU*C7u;v7tMX=TeSWAM9C0JVntPR0Z33h`4){bBu2^MRB#Skot
zV4Vywh<sw?qA^Yf+<$rtF4`Gj%JKn&a{>HX0C+cpM*w(h0QeAtdjWW70C*>ZuK{pr
z0J!v$cK_)m5WWaN_(DV20|-k45SD5t-KzlM#Q+4*xdjSd1n`6a<<cJ*{5XKiF5<Ca
z#g!2$_Ga{f41KTnlcf4yIhso9X0uzP4qE(i2=fSkZesm5Si8!O47xAKN?C?_bNEo?
zOj=<gEtMsy>eb=-R8`-zC{?HJCM)g?(spavnmGJfRcE{b{JoA}_}Y(O7^OSUqJb#;
z1Uk<wgDm1qGdJ@;&wfh#3+I{A817WNZO*e05x_M7<Nt_i`|Sl4s3`nnPT9QbD%f<v
zKuvs=gVJ3D@7Ke{mLPs5$<9R-g&r)Q@$Ya@=Cq@i>u3y22e-dQxYvazCk`gvEx;@z
zV|0$Lw`Y%xAoloS50NyhPDBN(Q}jXXj#`7LWI)Q!K}@ir(xZbKRGw?$*zjm(!QU4C
zPU3H?_y&oo_yjexP}<~yg82n8G4T0CK@9kE&lKPr89ao*H*s0%ToweNH(LsjHgiWZ
z%QWA+#oVzdCMlF#5{ly?hOh|znLrxYu<}8d5y~wFnJahBcNMbF(prE(KpRD%Vg^N%
zfV?vc$k7%CP(i>OPN<{y+5%MNWY;3L$QI*>O<RP3`HL_hy?}!0rU1T({jewoobqRi
z?^hXlAR)g_$gzZ+$H2}6Ea1FdIBy|?yAk*)?88MQix%Md+=tLg=)-LOj^OVx@GUxY
z33upnU5CotL*T7|J9L%Wp&(Ldj9t-k@opKbTFxL?_SB&*=QD`;k?j(rfWR7#GP}Er
zt=y(}+@;z*5$hrvLT@~aVyd{E01)l0p*}h+VIQ62P64kR&?%P~`6wZK33)RiA7bEk
z0v_SK-*Dbv8T=iAk8+2WGaU+dAcm0<9azraOZmH)I~3XnO|^viI#l82*GO82S}~?j
znP530sLRIhl5yduLt+MZ@x7b~y5p058n6&ClLC49*h~}fgt@S!)5D-46gG3dSmEN+
zRTMJ^I-w|L1OUG%iYdfa7sZTZ<fjOEG$7k!vcPQ+LhLb<MRE$}vd26OSyCA=RR9Kt
z5i^<%70Upy2<mas@`nr`(P7j%W4Lp&b)BO|^<3=hoLrhCZ^z^@J~-{5?JsJ`kFw@x
z2|yLv3Xi&-L5FB<9@D>b0cw@HjK%uZxn;tAk9>fUHzbT1&EHG;yMn)$^Y<bChCnp@
zzU3rac-YvWYO%3x455ARxQX^X_2KIzfy=n8DlQ95XJJa!@ER=-p<X-08(dY0uh$|t
z&Fb6qYC@<R`u`xK^*S^K{W^gv>7UIB|B&d>rnHqM{y@8)!kt_NgG8VP45|sklEcE)
z?KGU%uUNR2aGJ>Cj|tp0!Z1UG-ev_c9m5GdN&LN<O5C`UN|YIt?gJGwD1!=|pjMWp
zt1O#fxmcN~!5L0nlow7DWl1<Ty+{;gcSk+Dla!Dn*1&$0ys9a8g1ZG_!yzcJ_Y$_F
z4(!p4J%+G15cb^~b~D6o&e-vcT};@^3A<MvWrs3$bVJ0xp0K;rQTC5l@p2&S)`Y$G
zdsWr?YD3viwIu9AgdIZIuWHzB3}ugC?4$_9KKVUj&#j~EPK>>Tuqy~#`JQGRFfo1^
z_Fm0h-Uu^%Lm7V6XK0HVT5^W>Il~yru!A!E%=E;rX@%Hk#=hUmy-wKM2>Yixu)8pJ
zbYsNcMA!#3>~@HKHDh~Qaj!S#`DoJC$NKMS%4YK>1dq!W0)4@tJlbH2R2~AX`PA90
z_kqIh>P(v5E97lV8$&jK&*$%4{$9x6dHlV&F>XThX%kw~n0A>W+GXBuOq-CKH=%bJ
zynw*(aajx14X-h6LW_A5S`Oc|yo<Rb${VZuPyxAbDI>8z??V-hp*e0lsGlrDMlyMI
zOWbx3V$`rd)0~Pj4wuQYm_v=V@HZIM&ePgxAHQjdJ&|Ld%dT06?5>IMB%E`P;Ma4e
zdk%vAXC|oRn_WX|+|#_yM`{YcpPk}qx`uB%L*ct8Xg`oklMCV=0l}f?cEL-G>>_}t
z8OPf)%kE@RLru;*5d93Q@<6?!I&;AkQKYguIbPhSK+PYX*iodl43!b=i6<Qsunl_o
zlvZ97D(_^D$8#&Z|7MaQfl9Tfv4P_6ZO)5KX+>u=2Joy?D<siId~!SrJK%5t5-={H
zAYm-%2H{l2__lS`zh&Z;)}NuTACDre|C1!DKZ5JG{I&XRS6qKZCtdv!TK(}{KSo~>
z^@GlWRzDnlmudfmD{jBOexGRRlYUgc!u41A>URjHM~%l;XZx?X{)(G*^($Ka@m#;m
zQ!w46Yd<oj^|ycg6}MkszpTx_Pj09Bvv~Zo_2VCL`SHKv`YSr>>d*3xzo?(Q@V25`
zvcD~1OW9c=&)EpKbfcg1Z^zYV!!vs`989olDWgQqp4BYWfIV5+ewBnqOmKiG>-YoC
z9_3U1fMZK}hd<!ZQx@|F9GQxXKj5@gp5zZWsFg?f1I~D5f?5xJ+^g0jwoK(twI2BB
ztJVV_acVt+6;f_c>w%A})q2GFqcl?Mfsc#LxgPj9$scf&QGVtRxF;$<@(1?HX8wRR
zu6!vzz;a17UR;YyPkEbh(AnM#_<`~qPDb;mJpMrEFVp!0#1Bd)6k2dR=XyJjM5gck
zcjFQ`no|S@IQl+G0;Dtj@N`j*Hy{JZ;PM(c(bB+L${r)zoR>gnC@$~GILXmMcHLo-
zU3su%^H%|Jp*fAk9jgTt;V}y+g?3(4>=cROFibW#O9ee4vK=ejVlLPZ#~ErS<rgQQ
zr|m)RFq>R*DBNzU@>$xwLf6T%Vmj}}Sm6jPmdLwnbml_z4kBiC3&}A&Iq%5~DJPB8
zr(BZRYE6TOo<}3(va*OzKf>V4_9kb&c2kYKdQz7JPsHyBUzMv5%kk?$l`jd_PG{(t
z!eVp5Ah?~jBNFp+vm{3w6nE$4Mo11bxh!#sZA%%{n_Z^ZUAamc9C{?cF0=Q}t$M7X
zE2*Zi_{k{DAkK2-ryi<@6_>1(hD9`HmlCpAh3Ck6FESjxOSO>91zVXFf(DZqD*WcH
z#4Vxk3?lA9X%+PAYQ!+7ln6#G>x}_$8!mkYEibo{>qSs`MfsN?umhF$%NCY@u^2vr
zLYo(9j1@3cx-jGL6q61*wCEGXO$?aw)Q+x_*243xdjxDP=E7BcWlGTQrQrvA`|3_M
zTN(g!M1D-b`Lt%=zKH7B@LgAaOn|n)u*Z^KDLMp5P3)mEMVg&Ccv8$oBkeq5v*t6q
z1p*0a9k5@jv*TND=pmIRS$pGq)~z7N;K!^4T=+<@VC|K*+_rS}=?LgZ2N`hg`~shM
zY>5O7R*k?6xI6VgN4;ve3)NG!N*^$oK;ZlW)v*mowcrs4$#o0|7IPu<kf;NxKIX85
zPOLK74Wfi*NeOaUl8pSODsE{;axJKAsjqYsct&xaP@ejx)(f%ahulHdq&~N}$srQ!
zne<?o?=h!Wh&pG~l)m&HH^$!kb6mdW!ja(H1f0f*0Ulscr!q7C?lRw0#@oC2`!(td
zuA+-MEHZb?E{ImCB%kOii6tH*Inr#-gUPNZqv4V7p=DhqJH!W82V^bxKhBbwF&SUu
zOAvC~YKe#8nOv~j>B{lrU9|;97~wB$N%t)<$Y7&Rnzje4Pmml5(3n{0(_$3|CjL-?
zz=TIVG51a>&Glqbnrn)jCXVoSm9Iz`Y}y^Q=$T=9khx$k4<Z)kr0HXWs8O&I?J(C;
zNbM&=U4Y81qAE3B5kwq5=}1yrK?H=KpL3_yipvyMS<zMUeBqb>dg~x#FF+Se6`1H?
z+_2#lnn8oq=*k!cNlC4x%FjsYv*<qHAnx{Y5W_{{W0*MBmpDcwj>E)<eTkFHl28h0
zcjhX0l!hhn-dK3#yr?x$i*2y>%(El9hg8`w;F-s!AuI=kUI7Tb_$BIp0NjNh54Vq~
z--@|C>&{)J+z+{$llPFt0q;ScY1%(o+CSsrpHcA72>53R{BtKi9;GY)65O;W9@4Id
z7o87wol!k0z;G!q->%w3&*`M<ggwP+vC6~1isOi(=a5mznV(di|FRaJiB8n^f(I$j
z;mjcCfBvxqoAWIAzh(agXukhIjOws!m+agcza=%kSb6XFu2Pyilcsd<Dd~>RI6-XA
zRMaqtfPlzp&MC6&enLAD3c#OIWf^WtGr_yP*wE8lePTeLzGJPt3W7s>F+xkJxnLI@
zsm{~3l8d3X{EH@tdYoSlv2LRw>TyYBABwgl{xd^lSG(zuY`$ZMT=+eRf}<VRayXJc
zKSC3gTpNaKf%Dty35nl_#NO!)`$hH8ASnL{mnIt0=a<%qZ@aTb&absj8zq;V2nDTb
z2%~-YqTL;{&E^jKF8=#W**s-ara8Mf#qi!{wnXk0{|w)4F*l3cX>K-rr{z?#d3M-t
z_%~&@Mb2LzCMWL5*(E1_>##1AU83^H7}*&sjv$O8ZBJBkD&dD%YmNv|-^=PAFM4BC
zQkpYU=C|{(4L0Y1bWlDJ%M!ZNh3DfFz6eKf!ixU~Tf{&2K!o{Gae^ru4gcILKAQ~@
zfMyM0XG;=41}52D1JZ5If$7A&g~dSF7z?#%<$#Rj`2#cL{EZ35d&0Z-&?@O)<CeY7
zL1LAx;#JaLa6#q;xn5c&t(04?6RTtre)eshJ3vxGXPoxx;*76|r5Dq*i@l8esh&NB
z^Mc<J#W15zhhS4uApU_JW5o1C!GA&+ZE20Zu;H-)ZZc#Pz%~<S1pG5XY|G6`WL!Pj
z6kQ4g<jP60d8N4;q`3xzf9DIuB=yQ((?cTe`DDC=H#&^T;vz*8dt$ZYAF2{g*~YxD
zpOC;8kGanKZMC@H#itb>srzcT8+q?CIPET7gA3TRQLUD)cK5`^qcuu8s)zy!6M~Wu
z?0)%|>YwGSAKckt<$JotgSQD74Q)E8Z{OL<ws1N?EJ{f@_1cW{y(BIA$udryAQCZt
z(Z4^w9aq#hzVYh<#}^JR-}sJQr;hLSJig|*|MvJ^*Cy!rKHBxaG`_F44jkWeUFsWO
zPpCS+heN5?UaZlL?{-cssQHh_*Y;U`<2&@L!13*NPCveHf2EG^?L5BSy8gGvx34wm
z_&(qHzcjvIwF(^H)}8Ac-zFjI_?kkf*H)j^jqfoNCBA+3KOWynpVT+Lk9-+8zC)_@
z;~TnG9p4*xe1~-YZ;$WDtAmd3%A5a7<Ga6Q;P@uqT;KS1lGO2S&%L(iv~GMOIdS9Z
zUViaC(@}?Kc9Pxoge-1<j<Kp4ZP_Mh5y|xzYVA3sw#Q5DIbKhDWNZ(JW1?CDAAs$7
zB8i&wkB;#Y=^1IPN1gI3cyj~QAe*yVc9L)n1Pbt&&M}IV-dAZJyr$$#7MG1{CTBaQ
zY3`#wjHJ7KgnzzJEgxp!>^|pTkrH+RYnu9HE^S_K=FCWm<NBf-J@d+erlry5!WtBm
ztQ-;|mu*;>`Lg6{;mSYX*j#YCI79Q#H!>H(+ir5+>`=)(|LKP4YzlbXSfzReD5{mK
z@jKwM`ol|BG<~`Fb{omL$)COs_0#ui6x~$O5YjKJr&+yOXGGBx;bOk*E)G(}()x=?
z<Jv*^k$)-FTsS%k?zjWfL0dFGR}ps$K(RZIr#a8Sa}~wKnyx_mYb0v_k<KJRLET%p
z9G9&pA8qTc=;aOchO;q{!z-v<0TrTd1w1aoUw6yYRkS0;fy@VRzwWNdE|f+4yP|lO
zy2t_kuN(A`{N2u{IZv1i-O)Ny^fI%B(Xf9WudIm-?4trpy?xZXF_D}RWX9X-&)N!~
zdY7Rt7ZfojND&R{FT&G^204q1$fAimFr-hDoR%=_O53$T2jAC)Fu=UBSS~ApNuA$k
zj+oM6tgHc*l4ei%xo#va!qE^tTh24N%?nna{t1gY;z)K^MiMg?X*}D33ZN;+YS(Ta
zX7_L!N5EIAzwGKOQa>Wr#{RQr1I?NZcr%WJ#%A*@Av#<B&kFxp(o~a2DO2{*ETLh7
zS+X`PaF&=0*EaI2w~oqs1XOmluQC%>=75YRmEl3_$!_H9b{2=t7@6*?!9ar6&Du2A
z^`&yvny#d<AdzmsFQGl?)!cuUTlH<z1FmVLN$e;Nkn(ycI#dJU%p&}G5@I|#x#TSW
z(R!jGl|05D@E8Ly`cW4#rg`UhVs^QXCT7RRG%<1Cy_P>h^84gBHWx-U#_c8{ZxsY=
zlX9Z+Ry_?r%mt?!={DWD%L6vu(a%`}meQAz^)9834eQ=&^XktU-th8UZQn@n0(qvM
zQg$`)?Y8=<VRzp$>i%@JuTZB(M&Jqzw#<~8FZ6rk=ZK+fF!cyN4JNbR!xBk13XX>j
zwEP=HO#h;*Ryiz){&m&=h*ejx9&j>TH$QRT@JiaGJT0-VcBQK!OqbEI+QgXjkv1_F
z@@X{SSvrlUyh^9Bx+8G84@UQ(ldeFLe2d8c)LO)C3D^}@e<JHPJl+^u`Zfk-mwp%G
z@#rDd(H~d0k#Nem`bXGZacQnhMJxueRg+!Q6m?@>jRk)<&2MYgZ<nv|S^PHAqYYu;
zIh(UQ2>BM@QQL7>(A^r()+McshsE(2<Qa0})ak>oYRik$0uC2-z9_jRT>}<QSfhH^
zUP>!s8{_=*ZI7ro-wjCbWKwfa@Xx%U{>+!Irb?5H%uu1^w{yD|@hTDH<>J0^4OC!A
z;zEMVATcyFB#UrJ?4VDD-)mzQ(-58ch=vHWt3yQkd!Pob%=@9M<aw}8BCfDvQPJbU
zDr)AN3)lV7RXqSdM<nH;OWl2H`TBYM8!F~OlnFQ!;fTt+u1D}=e|O6|j;OsY>)0Fi
zx0HgPc86MOn+6>B-(2jjo@ndEPnlj?e^XY#hZb5u&Abjv^^Z}siBsb$$A#)GqqHD{
zeNF|9JvcIWa(?jSkIn>5{yune?HPPFc`j*upl|6sOzh@M?CSSGQv+gQUVD)Zdq|bH
z)dbl4>v0spSyy(h2}($D@Z=-Gldn35WFP2<=2G37>&>M)fx<<8-}MB$%>e5`uy+Y|
zzX5hH!Ja1Acmr%S!KM)GAp`6|f(;|sbOUTE!EPnk69(90&4W$?`=3EuoE<b-f4wSr
zL!kIEg%j>FGKE)q=+=H5<mBISu6yv+Ro2XR@~dYd9Mu)Adjwx~<1GFs^26tFeZi6%
zhd=Qt_g=1XiGPhBo2fmE{Q)1C>sZe=!ObV19cYTkX)Jc#Xi#SHv=YB!A^KMX@j1p5
zAwDhQS8kfK*4{~+m{X&n532a=zwc=}B&&>f3cLFW^j;Mm<UoJ^J!12twJorX?=)}o
zU02CgQX49-ddt;yjq;|etIhmzDF>@ALbX#YS5>2R7RwN4iH5e(CXmQsR5vlqy_XD<
z_$HNticyf*6Dmi8Ugu=Cy&&U*Tb90RLucgZw_g?DWy3!+pnAb03{}8MHq8gzbiIn}
z7q1ti*0F*J^e|ViJUYyGVJoBIVj@<&OLsYPNWRQqQ4_`-VX@?M*^k7Kh5`KDgMG~;
z>2E2QekN+-Sm_?77*jK8*+5B+q^&A9Gc{e_)hRa%YH}F`w2f72bOE<jYEWTV{C&gZ
zM-AN<jw(}`nuSaatdNFO<u`9rl@eDK;nS;m=N+Bd76eyhlxQ6_`tX=cO#)Ms>`zS%
z_s!wML`@Y_1IHv&Q*k@(2Nhh^As;pEnHq(usbZ8G9W@e})Pbt1N)0H-!r#^*e$<q6
z-`vI2q&J}Q;C$!d7;PFVsX@Tes3Jro^i}RQIfST5XB04;Q>ht4)MV+X$!2P1Ff~?{
z8mJYh*>s4gS<cjeEfb5iN8}PUR-WL|KCZJBQxh9T)WoSuQei%7lE|P0EQM5R&|FFU
z9TDb7jU|kzxs9o@G?X+`HKu0HV?@m=wqgU-MW$xqTda-~O4O7yN=2xT8n6fx)PQN1
zN)4KuiNEJU{iuOj(LUiIQIpNofF)uiRT;xoW^h%YJINM?S2HM!smW%PTpcxeM9q91
zH4B-V7yYS8XKJotYRZ`!FcIPvKKf<Sd8y$^0qH!Yo_~|5iC}6hOpR4XO*ByxtD`24
zsYzsNEGjisJa60wc)y9@-Op#5dUOektC$*46XkAe%G507S-hN4R_SJOG0o!5x>;P#
zvv^O4A2kb^8t;DKs*2c;;4<8(lUE}>E|#9d4c6}b-R4x39Y6B!6oCc_n$RB%5;S?d
z@@2DlR6?~S9&=2$xn{;3N^?z)Q9!S`KbRyO@ElGPe+<?LxB6Klbig3Y_#ki*8D=ln
z=ZWO^1v#-IXO*TejnzQmb36rj!$FPfw__?$<NB!MKBQA`zX180X!Z;6KH<IWdkc{B
zFp|UXJ>{CJb*Y6^y<z;JVhH>R6{D&*^meA7y~Dp-|M3gD`k^+ee*o9Nkn3NpufOVV
ztp8zs{R_4FOU+b&71v**uRlHXZ*2d0UHw(Q_H+HPQ$qc~p=k9l{~POnSYJQX#_exP
z^=I?M%MH=h54-f=*8X$4`m?q9H-PK6aQ#+&{c(Ti`0MMp_~w5U)sI@jqJB{E)#`^6
z{BLW2jjn#w7pC@e{foK&CHne-pZVL`udjcxR)1+E)sIo4VB?W=^=JH@?XTAFKa$q|
zNP2J120gG`sCj~&xm^Evs{dj8ef7iBJXXG?NjwH}gbRhEJzp~<y?<Km_H+{-DaNqP
zIS*^MAzh*)z*^<Wz_>Rg9#um$s;N(N?Rb98*$9uqMzyt*-S8T{Qqo_eKZRWReRmS<
zYXfWz!M-3^sR6d0U@sHwTLWw>!DbU|mjU)Y!NwEpfC09bU;_#En*sK-<nP7ht6H6G
zWc!)!QsoD={_>NL^f*fa=am4QSM)dqfb(<!&NF(PF@Q5O04Gn6(+6;-1mLW$(&1PE
z=e??+9%59S)29Va2`T4x>l#GL)TV3wQl^&r8sCM|LIY}StjC!PI5j7+#;>~INIV##
z9|>@GY|Ni}l=8!lr`!SgdmQzzW6e=r9c=+;=~1j>1l4hqp^h5@>Uj7U%8%lX1E)m(
z`+xDTqvRJ|9cuvR;{crSBRZVt0q0Zz&fQ0J?U@ER{g3$L+^H{TFyJH{!S*;ild#HU
z5LTIRW<N}@-3HiBQ&2(HJ4#SNR%!6$V+vLtNfo?msNhAays8tzf`<M4fnc8*U>_4~
z6~VqXz}67#6@qOsz%~&qk6=F-VC4jxK(L<-Ft}A4JGs?yT_;!mAv!tyxc@-Nzv>2S
z6X4wXt3S?b$8<Pv08Y^{?6040Mmlm0bU28{VuA$?1N%0?o-x3l_M;zOW)@`rrfWh6
zsCxKsM)DBtK1GM-trBRm5(I6O9<2h<08&7$zwE)#()DPc0NU-r(C*NqJq>7a!O(i@
z(Z&PX^@@KFr|EI}0Z#7#oPK(oYXGN9u<9!I>-WEt0<Cm^5VWm&v~K`y)qejP`{)<x
z`+#$^Nbz*?WP&xoBdq-ur*ys0U3+>{+KZ3M7Vu<_-p|Me0pC~}3JAw)gj^sU5PPur
zbe>c^=MAu*e4q64q-;H}tK%#Fz~}zu`~h2A<xafoZt(oTc@g~?#(;u6>jAu;!I<au
z5RFd!UI2FM!_XedGst7}Owa>CPFT5{YcXrO=y6I%9f6)EdeY6%m`R3W6c4^LQ41>D
zQgNvNaL(5l&uCo^&oKVL9LIcJi{G#lR3?WQ5|yV|Co@8s#X6Zce$z`LC*#!XIp=)+
zSh?7*Ob|s@9@mW_nAYA<;YBCLAQw@t<_{3rD2@07q)E!f-Sh#1F6AVDfDBIgnLj{0
zsQkzuAh}dF^9Kl3l`r`N<h{yA{DJfE4e?>LjD?%B^0Y|SrNQl0dDNH&H%eukF%52c
z%3v-Zu3Sp8N(PkBQzZlX^CtelIn{<gu&1Ncb^t`e510~XcX_>OiAT+gioxpk+JfR7
zE9;M{_O?GD#znBVWtY)&!)VZ=m5OQ_9N=-4ZPnd*EI*NGEJtiZ{mb~{mC0U=nks&!
zXuk$(zwXq2rD?y?=@(I%E@-HnNhzKJ&9=hE_5885m&8F=2WUj}fnNgn!&XfRG(x$F
z6W49+<$r$wGa-xY8e+j)1ieJ(+$0hr^a-70S3^DT9w+B-wA>H8_w*QG({AxyHF}D~
zQJ6TumzWCn@0fVMkD<HIa49K*7lkNtSE20s9SN?4FtvIt^MdJYg3^>Rmoeu3-T+tf
zjA>Tp0}c|LxzJ!Al~IR%6g;6cBT?P?XXv#g0TiE;K=E1T7b=0nc8+LCB|A%$(JTH9
zJF4-pn%D8GPAmpIuG5a{Tho7FM`a~DDvM@E71u(uqq5X*M>PvCFa|rSdoFKBh5F?G
z3-(j7m*NceQ`P|csaUu-NB{5JPh}V{qM7Zl%zi3PIdinTW<Ry(jscRgp})a?D(4if
z*r+nGVztF;ZYSl<j*uKJN(V+reoN8>1pFFZucL>b(xLW-%40`yK}7hk2iXpmrUNnj
zk;U$sYLT7ga*5K=?%X7o9FLUaH|702+q`mprg=(nrg=>9pJJ3HG1TRf-F0hP;aPLR
zM<_6PG9tbh)=NaDdG>H}A8fU^KQ2amYGiDtd8#O2wml{;)9fh8H1Dn`+~?@0Ht|%7
zdF?MY)3LPn$51|Sr>oB)d*WkC&Q;_|NBO{V+6(smUkGG(e{W{{3g?ELEuzpAEHM0<
z<^u#tyNe5pacZ#mz_dxsX?VmH%|g1S3c4!Ci@p&*!;dx_API_f6z&y8?GVLmE!^Vh
zhD`y&4y%L>2f|wXEayM2NRBws*O~3NI(J~vIU<{5v&g!oa7#`zUB#l*ot~HDi#^S#
zVeS@($P8C3()^9GUL9T=@XUpv22T-lE~rna{1i6CrF%k!_ua0P-p{4J@8V4Q@*%6y
zGXS~w<3KwwsaYrBzAp!3J}ZQt64N9Jw3iUsZI7`iZ!PQ^Ae+fa!N4}GIFJpwbI}hQ
z<{Azu2bHZ0AS1=UQS-GYPbJVWJVm;+4I%-sVq&Z>@g~D$E+B8Q9~==YDaUX3pZz+v
zKzZf}EF)c2z+D|xT2;~N`gnuxkPP9(mp15^oHz*+Tm!@MYeHuBxl49ui_29_NKOKJ
zAHZFIbJE#TlcTNd?m1g7`7KOruJJB=d{}QeOg7ugdfzGj4A~7eZx-kq?C#_VHs>F<
z{KK`j>OHzrJlCrB;KgIo+$|Dq`RhaE{IU>R{&|z*l{9zy_GDK^d75))?~JgSp*H7+
z-uH#g7Jt7_c3Exi^owGpCilKyfb7nSWPq)-JHPjQLhJjkbTpt42j*>d_hS*Lu(V4_
zPO9<Rpm~pkC5tACMfJ>JK~R28#Po*o-&ex3vvd8NpTz+*TP*le*wQ6uso3@B{Duci
z$!}r<>iK9qETPTXj5SYLl(>j~Jdijc(>zWrr76P`dy0Q2B!-FapEJ#qe?he2C`g_1
zN@5KDK+Hvnrz!KY#Etl4-0uS4BdYiz)0|nJY2GLDA1tR$#IsTS{ZXWgHMdXT9Tb13
zZWZa@$aBijRaj!Jxo{G#@^Z#oPk0{joxT19Wyll@cArQ*DE@lHcXr9$0<eQ?+)6ci
z#P^fpm|E|+S?*XayITyCOMVWMO*`cLk}$RXu4ajUnuq);lHz3V=A5cIwQzWwpX;A1
zyFz7GuEp*=8~?p>cZF4Sbf`#wTy`~)T|;3M@@qq8=E&|R#T=^*F&6^Qn!K8($S#|+
zJn3wi$<c0*yN^vSIT~hnNA_|J?-iEZJ3TDTY%l43PngX-<PW<uKM!+!2F@r%6^=gg
z_~bC#crhQx-xDTx+$!gvx0wG~BAbduQ_TM?j@azEMwBk<2*{hWF}`?y{~7ER7`7(6
zdst7K^MWn^7cqbL>8bOy<N3RO%n*0aCbs-iF?UPE|FtG_0WiX8?r9g3T{ovWtCM?Y
ziHVx#EbBc5=kVEN*FWNH?rEKE&Z^|zQxR5^48TuBZ+Vt6lY97RH5$F2Th~hpX74`d
z7-%yBd*rN@ojt{dbFbL+Zj)UL^6*r83SC*bU!nMEqM+!Obk$pk%-3(SbFcE%VNr+c
z6?AVV7w!XX7^}J9Q%Uy>;aY}1$pkNFi9c>DD@E3^tdyQlXU3#^tOohKcM}BGlM_9T
z{>gcLI!n37ZLU;_Ty9i54#|aQ>prj7gMQK0gWc8gJ)dad-(2*{n}66OSML#<PK4Mj
zYLup@;{<^*F<_=<g&o+u4*1ykvr3Bt-BI<_YzfaRk|lGqBx`9>>|jmz^j5Z$5_f?<
zqUT!Hz9~yzg9?bUrddZiFYxJ{oXSG%0#{N5=&16kvNV)VmF0fV{NiA_u892uvZX2d
zhQZRr0fYJ6MToETdz#J|3;DY-8fRG8d&~pmLWaD<fa)oXuD^GfG*?%4;g`<(D(Ko6
z#*rO4iBS+GW+Ovc_Gfp}jb|J+Iv%)MxaP?=n1_PyIlz0)A_jVuws)QP0+3<?4v%T7
zcK16!br-p^pu2ByY2BTnb@zeB<N-<M?q2YQ+TDXJ)ZG!RI15+b!0t|9g|Z~pILY$q
ztMt2vG(@u1`zo{sOA~}+KGEHPuawX4iq08HDFTB_Vz7q?;2&~$U0T4(WTKxF=o=hT
zW0*(yYt#BUn)^9U>*r<kpr`foNoDjO)Xzz}e#U$P_Swuf_#MF$BbvMT%c1ARiUeCa
z79Ic)24gkcy~MHw2Nt`=)Ohh}78N1HefUDPR~<Ac<kkz-7-J#9{{idaMx+}Ntv&s1
ztBS)-0q9U_&sTf>-?z+#!yC~vm2618kL_Rr%veTp9qC#f4`LnQ>El(dAl8s$AXi{~
z9ZLi26tTF~Wy7I8mBhWYv>~kL#OY;8)<?%q&e3LC4=4-NK}|HsNfhU#XM=bgB6P1P
zE?dsSvQv&IO|lSAiERk)HkxJ`z59h1-$kDsWfR`xOrT~$o`YY(zon!^CeUwLKWPAk
z-avb$pS!CnVmN}Z-q$s!2ITJ17E8o@S}dY1u@fh7BXIc5g?SOQW)gVKEO}L|8So{o
zw2JD8kaP+O%A*JKoHi|SKVPp5J3~sNG}|w?fyl0hRVSeMlv&0OyLo0u_|5FX6Ew3e
zx|v<YP2V%4jc?~5t<h@b$Y7q<Fm3aAS_5g|V-GrIe1*1QH+YIVr7Y>DDHA78*M@c;
z+ZJJV@b@Vyr_sG9j7FC{fclRvrn<x1kCA)|O78GaN7CmKQal3PBplu4T>5fKXAeoY
z9C=VTx{n^h(N%Csy2B^UV}Hzopf#{ftbU8N{?eLu#MK2PD@&@YNxBCg&+-T4QRY?C
zdW|ryB|A-ocN)-w!Vbm-b@g#|LD{RTy@4wB3)oqmQ62xe24HSGD_1fXgrcHF&lq)&
zT-S<5VgD|enz=9v2|Nn&>S4o@N8Dw*FIDvEP1;~gXuzIucy@mEvbv+sXxve!d$tJo
zRpbGTTY3ebpojPbg(c3WlUwJ>zQa}YQEsSY*efe|wnG->{M@ccNIDrAy67xMJJ>6l
z`Dw0+n)_Rx`Q?)D?5x0DAND3bJfHT^)ITKorhc(R!+qe<Hj?arcmhy4G6+u2@C${y
znF4EP^-x|QH$-;SvMP_BsWt?M)rK%UoTfstHWiw9)TxlnnW(pPnT~}?L2M`g48z&*
zxC8^Zst?dI8cH>%Y!*WhHV-@}hrcT5wVP9l<AI6KYtj*N%)psL!EvwvbHQ1O_<{6w
zQ8bU9`+-)oyk`99vD2qdoaT_7>DS3?raQ(uCW$2RW%Zfth3mI$ilYo&PkZ$tb%WMI
z0=vVn9%<O9zjz>Uqeh*{;2U-83A~hH$UgYVw^54*cYn%%fHv{~&26k3pdU|Fdn=on
z{966`&cD#=En&u1=Uukd(GM6}U2^|lYV{4{b*)~p&(P|z1^%u6gj-$INZ0Cve^z^O
z0ytX3q!AhSij1p4IU6U)=tdoNQz{M0+3A~7*-zn=dTyR>N_A<30jbdMz2gD6iJ&s8
zD}M>ie9;YG;!jsn6<8=VmYub@!+Oi}$Xlu8xKW_5@}aM)6CLh7lA{Y6OyGGopK6&Q
zvaO<8lKr!R0#2Ag0mt`f54>+_Qb(!sGlL0|mfVDlijpGnjrldh8}m!_{v1QFw+yh?
z2^JAq_dEZwCJ0+@fGs0fIl)#LV4oB0bAlBcU~5f!#f1h)ep{(><yn2Jnq%_KQsty-
zeezY9+)1h&UxSUkt4ZCD?Y9xkWq>_JuxkkRtO2&bKv*lRs+&|<NLEiuW6bigA<G9;
z+;)O}VSs%`u;m0>XMlZa^4D4T@iYmqqm+al@OFLL|G}kFLudsEdjk*-oTgW6xQr;L
z$_38$0GypF4jg6Q0ZvH(&S5>y2Y~Zk{pCCryqs0lI-K!<^KNxO+$udzKfw7s0EfyE
zr<>9i5Z*UTh$tMT8>PzV3qg~wI`3ax=X1Jl+Wws=u}wg{+`f98rGV2Z0H@nI9q9#t
za~%fZEmLlqcLx8q<G-!uX+8;YUu$@x+N-^aW6GK1A|;xi!YlTo4!4q&R^wyYHteNG
zQ8=uWmExoFWn?!n$Ge=PsXoX5a1Pk$l>*2yN#v*;3;#Soc{SV|s9#k(KnCJ7>v=DD
zRNMgN4%n+|B^Y=C@6RePaLaMxE>X;21?+I0hCoB8{FvBiE04fG2Yt`=$fwpE)A6aE
zV>&+dfcStX@9X*5{_8!cPN{UT*ATgIWV|mD=}j9Lbmb-S>1pVZd@th254Ae)B~qWp
z3cw*`_8xlGO;R$&ue8K!daow0uHfY$F(g1ARE-y$B1%b1tj#$|A<u!5lS;cix^80b
zIVUXsxTjG0;c%QFvT}y+{W)E!ssO?(r)sa$6a9Zdo3~a_o4XIH@eL97&hiSC{&&T%
zO4#Qr^G#acVt2mc(RJqnPqm*00o==#%~y+|j^Q@kU!iM*@7mr1>DMmqsUGUYXr)ty
zp}WB;x3$7=1mI?_jDuP_^MpFHTUU$k;{MSgsKqA^f?nGDdo?@jEZ$A+wJ0m`R{`rS
z*Qn$6yhP*n400L7UIdI^*+L+o;CC3m>YS6F3ED)pD5G|F*Cduo{C6Y|t^8LnO-lyS
zTXXsjUpn?~{I`_8+Lw;X80WguqQuNUG18)c`TL8K=Ny}FBI|LI+1O*EeZk<cV@D@g
zCG^*ggZ>B#E>kcB67Xl6KT5;vM;6`0#IJ02Ih6*!lHdZL1h(_J96Oi%5x_#IzSW8)
z<+3%;#AjHdC`oKj?W9W#i3i+l=ZUUz*(8x-PK8f)8-2(S!vlW6HyofLTgo}paci(U
z&w|(S4!x{?vB1KkxuoTidYN$21qx`0v-37(%YPC)Lnw~BNMOWwy;u{ms&Ond16>tn
zYInX)!S2TJ1Vd>l;=9S>UYX%gJ!!McUyc(s$W6hZ$bB;1+JKl?kOWjPnbEH7FmfUP
z>7(R286Z4D_p+q+5F=aB@DH1@(F&RgR^Sz3^tlv^GMP)M@|AKmmr}!}SX4VlD8T}K
zjMsW_BxiFy87G$&&+qiH<cgE?%PbK8Rmp93qm*J^Ip#XQcy{YuKEuf5yo;vfudhPd
z4&bdLN^E=L&e5r?JH&lYEjR*hAs~nQmgig;n6N6%{h(;ZQFulUYu-<?saL;gq2$QI
z$`_a@c=9yc-6=6m@d^(M;?%xsJmkkfP!~5l@&D*RHOd`f6wa<UIc`Azb+T)aSOQ^5
z5DaXLxmj3=?Cw(nty4z*gl~*s!#rJNg)BG1_~OfimMc{<Wa`M7R3+g=&e>UeYUP|T
zL(s#xCB#sGvQH}j;}F#B*A=kJuYjdN3V4qS0E2<G`*mcO>++HZcwMGxYNiv)Q=F*-
zWKxWo{2JTGM=PF-c0H}+Hr+>SRS;S)?B!}}6^ou$tI1GpLqn$0y(Am7`pa&oU@kV(
zHF%X_fEwvn12`B^?hkm30jvB0k27G2KVTLE=KBNiY10KEef6pHOzL{mrxuyiwX9G5
zC#M?a&WlaK1S7AR)LmAe`ZlK;MQZ=zRHJAdU(@DngyTbZaZD~7NZ}-$xAiYgxy>q7
z=907VcD3W+Lh`)fLh?_#tb`KmWdrO5f*rktuq6iAD+Jp{uy+iwHwgAI!Tx1{y-ToX
z2^REH^%%iEH^7z??0$l+Ho#U8tRKOGDxTj!unh*-I)XJM*k%K4Bf&fu5%!G%wuNBd
z5$s0;YzM(UBiMceY!AU+AlR=4*x`VS;ZGOUdtbW^g3bFTc;sC~s9i4*HU%JT*AVst
z!dC$Z8#RQrfUqI}VXcPnG9Y{yfbhA7@Him66M(QxLl^-FuLdBzp&=vy!aoBLp4Sjs
z0m4%O2(F82h~u**U}+P8katmaZT}-6JQ9GAbCIrezz-;&0M7UToCozdZos)a0B3|A
zXA<BH48R%0#Eem7K<ER$w4Il1&W-W=D*uFY*SXP?iJx$!S25cZUHKKk1lD@(*Nz~+
zcF`~591FL1M>*VeOL`I5GZkRs+<jsLT@diR{dyOD;L-32e*gocyv-kYH++FV@U(lH
zKk)3FwTqbbTxB}{8ly}Szdkb&J9B9pJMmFYiC>!M{aED)1LBmu0Kms43M9hu7!s5c
zKoL1Ii2eN(@Sy)}i6_JbpkQB4OhIu@w7>mc{w4)(QAd6hoJ8Uoiti&UIoqf|qF(P+
zXMCUhW3uc#1<DS=6dgbp0eqGzy-t(XvtZ^9057|@Sk&a25R;Hrc*I=r7LMBkpzbF)
zMIb*86xLGXz3TJ3s@jkeWA;QXw0X-wJ2WlvqQlldZ)RUf$~`8tLW7)m&~dO{g@zKl
zvs5|vb$2RG)oS>FP9m2*Cdp5q;r5;40`CIq+~EtR$<pc}#Eqe>)O0!)0(v|yIjjO)
z4B&Y>@Xx1WA=HFba@<T$xK||JG-~33aOAw>jCv)GRgM?a^(g06O>@kuEG?nLF(T1$
zUxIfToAV5~!>vmfg>?JGed|wBRNss**e5_2C4L<Y)aS_VrWKwAh1_U!!B@!Dd+g#~
ziafRJZCo0HLl=W~TvcUO2aPU2o|e9NQlO8rQH<XS$DsaseY&AO3M=O&p1iz1N~zN8
ztL|FC>IlBC@kp*BWTO1W@zEWivAbWU^|UBPhKEkL%n645@h@RzWmrp-t{q*LWKErt
z^RV_N@I#cunhEZf*?BTWmjNljjVEJKrcXqakoxurE90(3PXQPqh97_L-c1Z1rt|$z
zd+J4<Z&6sWq&b|y=&}fOjZ|O5mavxwcnFmwdYo8=()s?{W7w>6dJHRO95pH}-pB8!
z$1vh0Ki6DBV*Icl;_y9ePBuL}01iDo+`uiq>W^40x01P+p0==hJ*Ndx*Fj{lL^I{S
z@Ez$h;P%&bFTIW$*|RsmU9oc+U#C;0{M<0f{0#VQgqtHM#l-JJzdxeT_~XX?3w$EE
zauawk)v;CHS>0U{1DYxZ^qyq<-P(XY401h=&1B_eDeBBlkWB~FaZ@q|Sbf(|a+PSO
z5b{>v7#7trmPJ8_k%uswhcJ(a$L30DC&n%b#}6fRQ2(lL#TC-sr=9B1gW7o-u0LOm
z3mikc^Jk@HxAWe0jkP{NG2<Jn#9UaNlA1m&wSV$(*@+q&(Wxm~XFL`{ondp?+gbBw
zWJsD1B5E&1icWJ@vzD2o*Se;X8uTh%NnWMCu1y?2)-iFy$dR%$y{)|F{`)6P%$_!J
zJiM;i6RXUH4MM47Kr~xQZ#}Ha>m(6XDLt)euVeTuw)$R)=29NdW87}s;nz-)C8h90
zEWA@8wxgT&s-{|LlXjcA@U0LkV!0+koBU0jq$#nfXoV(<pS4&OszG(=gvlM1Up5xP
zZZX|nEl8}IccKY{Y-MSbWT}*7=+SOrN|H26e%?-$#Ocv`FeR~iN=OSK>RhQxNvukV
zq|bYm-*pWW+o*{ly2SP-Npmkj#N54Iw@T;l;@56{o<{n6oUcCbCT$ggif8_YI63hf
zbJ0YI+x4#y{c{nl(9)#qi0||zH^$`arOIh!jQwU6GX3ohO#gLsA(%(74hGou1p5cU
zIvHR$5o|EQ;ta6P1nW+)TMV#xf?Z9pUIy5$1Ur8cVf_rS-UK^9uoMFfM&8%#rr7Kb
zQspmn=ltMg-DE5{SqB+G;!fc+P^*>jAQKRn>TV6;><WP}AOK;mhVUaGOb<YKRYUk3
z5S|G@_#X}7SwNT@fKaF*Oap{R0}vK#2txtE8GztqGk)Bvy8zB(0XPvC)j}cx;aotJ
zuSYZl&*uVR9DWXuX}B(en1YF)se2pn1EbSygLS$B#72OvkGar<?u}7z)lZ{F3zjB!
zaoMMhx?n5`5z|>4HBQq@!Gr7C(V7aXDn(}1(>Qk8?SJ50mTySnLnmFwH)Qzn4XK-n
zZy2NF8<LoBc=0aMK=tPvl0rzi@x@qDLd|CBWdpSnqdz6iN?uK!n4AHJkaqm+52My4
z1$12zs|vBsE-NE(2OjJ+RHux@0_t3yI<HbOvMcrr?qBNBoy6+9cKD|N!z!1Oi!MBy
zB1pN^!pfznWUA{!3-@8P)`!b5a;mQnPb#Le?wTh#wGS=ahj$Mn?a~U?w6k#Ejl2oj
zt|brZ*e*Q$Y9$Ieg6z7pT3K|I*e~d0<!CuwDUlc3TTZ)mtUoWdC{)s%_|PstwUl;w
zTsm)-2UGogA~cv-ZB8g3Y5sK-a2-in9ZgDgC&}$xhf$#S5Z7T86h0zSNg3{-$v2qH
zaVS50tj;B!_FG$?S;@nO8D`cUtWcZ~WM-*c8^+Zx6E|pnPx)=M%r7>Ac$pR4Dp;>N
zT`9P~tB>JV=TrjpiOk%M9D3#Kpl)V?t3!OiF!@$zjmfw=-`hwtOVZ7(Lws?&FeErv
z4{)V62B%k2raxDo!PBbmuR5-N;kPuCYD|8k+=!W%LmKmP<3`;mXK+5*U(xM&P|58n
z;FxCdwYhepxHjh#HF$0Q;7BZRdH)b3ulDNFpFM&c-)7WILY*OWmv)6ZLvRxgsxzc<
zB`yENbNB`Y&)SC!XYGS5|0LLS18l0{SdYNsqNPgZoSw<ik|QsW|Cgg!QktP88`bg#
z!G;-Ng9%nhuzL-#y9hRkV51GN`w5mtum=sW@dS$}*i-}Tq2SEQd&I2N{)Sn`7_vM-
z#r;gMECXx;!Ac31ZGcS<U}V1hLwCXt`VdrF{s<7+>TzxYoHYSB-t%<Ghbs*Lp(;Sr
z<*ExR!mrB&LRbKs5OINO!TVGR;G7L8<kEQ^C9eXGCjh7E1s%=|z_}QJBk6JO2AmTC
zIFDV_(Gw3i6YG%jGENlW%m~1lbx~JW<p%=ip^K!NQ#4Lf#lbyc=2o5J3+^dv&Ybfp
zzNCGj(^K$m4-JZS+e6}3I<1Jm`9kN;BcU=3^<8i)+n^n95nFY~+l4LuIvJ?9(G#dp
zbu!9U>ZtG?cX{hnoeXT}CtFlSi5CDrT+_%%Qs%An)5w7HOesHo&Zm(vUSEgrxVv_p
zs*yn(Ft<6C>xxr4tyGmV+OMP+e!R!}lrk=uNGao#iIg$`9H@_RdNb=|RBlsyOO#m&
z%CMEMOIrV7mu=px8#9#dG&rprvlmzBTH+Jb4EtI)W`$5hOTAx`@hfx#Cwm5C$7ogF
zy^KVV`{(zPJk5Dn;#Q#k&Rah6Hlw}=<9;$<C&LU|L7F9qv70d#5QfLX*-<*O_w(+4
zm)FH#(HJa4T0H4cJ%7X>_w>X;^>oqCuy@OJGwj7OoMBi2v~<SjL<&@(Z2$9|PkKL<
zv*C0a_PHvmmp|7JtioPBIusP=T(1qNZ#*|GguaO>gYi5={ynhKKYu`te(5P_beR$|
z`i$3LAFs-DcY#C~;^7%&y0Q~o|Ese1wJ26V`=y^)u!}kds7;dbJ{cL3EMlLz0F{ef
zoCn;E`UJZE28P7Qcv|?$bM1+q0D0~e*%y{7|9G#vR<1#w8^`ioIZ&Sa?w4^SjL6Fc
zb@wAkzk}kWfkMo>P~sY2dxx%ZrAcjaGs}{!lO||9VkaxHXQTpSh${j<ja5?vh{jT@
z42aW$gl|Tkgq<ad;m-guZ?qjuKG!Q#N+|3?2D*<X$ySDmuW4iGJBuY<C<YUpPQfT*
z&f+xYY%?=wOZE|S1`y@c#%gb-`DAgXc{a#fz(ojgk|@ZO<nb9{FqZSPTT2p*sT*0>
zKL3xmcY$xJ$R5X&kd{yiHwa327cJNdV#}g779^o5y%!RwiinB|3W%;^g;c6SDYn&K
zL$Is(SeI44yMC2b*LBrz6<4Jx&=y>Q;tRz`MS&Z_qkuv|XnyC+nR|0@5+3gN`~UA}
zrMYv?%$%7yGjrz5IcNTiNJ`^Y)PFZ&A7x<lfGltJVX=B!c~{^NR4cx)<w(?5eH6o6
z98;wCb11?)3kV_whrfub{~Wa@($0>+;@7lNu#Y9~582`DBl?UE%H1JWhWcaoqB1^m
ziSGSfc`PhxR#vnaU582|m=Zan^J5{{l?}L<H!d(bTXG&O{S-rKWO%briTM<TT&Q};
zfivKM6zX7}y<WME2O!D8I3Ui$!ef78z1`w9w+WTZ$_j5T=o}?f{mDd5GG%TVCdKIg
zVV(20E!a8hJ<t_UUs-`X`W>-)e|dLisRP5hS6Q+dyN5^rxMWR^$rl_woSHF<cM~!!
z)&bpBW$3P0r-aktU!?1ixy*WTv!1kSv}i2M{fXDU<dMj7Hd;Pshfoz_WVd^>+r&`2
zMHD{VT6uV^d7D^yxSTys(4h<|Gnx3$n;ybmoC0*QSj*5SRZFoSDjTfAAXuLc`%44k
zPKv<^)_jX7Zz_d_^TGB=SM~kM%8=FTJmf!5ZU~s24gP~}xyXu5jqJjIVGHtK;gt^q
z|A6>T%ro<oBXp4T%7-MmF_H?S0zbv<X35+H^!rmNvWz-Gk-gOyX-@qYP0%J+zx!s*
zo&{5M_Pjgp(<bSCz4Vi`o~~J@u}O*n$jR9({7DX*uH;<Fo++@gm=SuPGXkdUzmyJX
zB7H8ugg%R7Q<b@F(A#y!DJupqFUi%pY*=0$sh`G=-W)%TOZhbZ>Py`;9v)IXIs>SQ
zxWkTokliQ(LjyyO6r)?jJMKRzqJEXVv_PFUCDWxYX&<lBmb7`eq}_X$)?52}(t41g
zbs01PmB)cRY!nM3EALhw9EOWoYiu!lNxzsaqt{N+9lb$$;e+3}o~b5aDzyVv85iJt
zXKK`5-;>lRtN0-?OYeMx%AG*jNhEjECFe};!GGz<<<2_ID!F?18=b3-c$042nCeC5
z<2LvU8aHOV>R(G+KO4k5*Curj6spccaTcRcR&Nt(BDimLj1`{P2|w^|)Y<H}3w3r$
zc<pnsvfc{crER(a=I*q6Ux>NW&MbjGyZtVI>_+n9p1K(!ujH2^>fo}c!)`qH4*Tf+
z|K<3OdEvC<yW+evjPL5$`0mX*XL5!2fBX0zpB6v9tNHl4KhurxiVt<;``CxaqDido
z{8zvk*0P<QVc)Rp&#<rJ!!fXVpq)VOjiPDI6DID0_06YQF-Zls1HWCYEOS5sSEd82
z9PduF)6+GVKe2A633mi$(<^h^NN!|HNAXZj+Dcrb*|V_IP#!pf^1uv~2TBkHcW2lN
zh2>}`g{Cq0WV*tC!ySgN?}LvW5$;QOQa}=a%N&pJ<)*^wjsBrW3WX0^B=ZSr@L?&m
z(>mTc-0r`*5Mv7!4&GEKx0HT|_Slf8Ti(V(6Xx3p`AWNc%}r>-C{@<mBmY%P!zO>B
zEO?9*Wi!N3tJNb92l;xmnMH_(E#r%S!a&0AuL&=rl}P~o*^*ZR%hm9krO+<x#DIT<
zttc>SgcU{<Z$r$i$!=juXWWXPfMPr{4-XD|jEf1nCQ^hE-<%NTu(Ibtc1MQ=nEdA_
zal|j3KQU+>ff2tvfw?EWfgGfKn&9Z;l>w#R_SPFF@%_6l&5PLfe*b6j*iJFG0coFs
zq08n<@>VINbQa|;V(4JHH@C?xZ*^C+E-4i1>gTxQLRHnnN>Cqupo8gA>OQ~y4B@hb
zC+=i&!U3gdC7jT2!jHf*ZtzXap$UX8rphFNu#ZqTJ`I<fBc<tZ2C)_9ZVcn~Baj2r
zW;k1nHs*q`QI9-^PiE-u(>+4nDR*d(b$noYzGFhblW+G1iWP6ZH?!D(QK8(&C%bKu
z{Gi<@UjwHNZ>A_!hB8=Kx-dTcQj3y@%O`J^vcC}DQ^i9GW5<2Wc%1|}AB!QEA~{>U
zaw`RK5j>$u!QmNN0J%<*^AoR76!w~1y~4P#uX;be7gxas)stD~pX7mglf?#p1%KpY
z1&axRZ#0GWq$t}qz!^c_pxz*3aI7+XHICr~D32#VWkf7+(h2>PGG3lO#576v46#j+
z7Y(sblBW!DfLvTYSd<S+@@FhY&0(cv{Sgp+cJdPW1$Ff{;4Jw|rRzU(Oa_QAm_7nK
z38g{`;0K(YBANGdBQE~HPJo7DLeQFz(YkO}bShIS9`0)L=SMdPbp>h84W-wK@>lWk
z*Uc4WT}`D<q3#-+D2J{pPV-0Ls4IUS8H)2Yy1^yXZNLC^VhS0^IK*Hj{$fS9LA#^%
zz$!wu1$YwVY~&B2`WL)p3*5to(kK60%HD_L<*WXQxr9Q!<xZ(-L&2Jr@%|$q8Da0E
z)%8-;5m(oj4#Y5lEeZw<1TlNzw<2y+N0n`vus}sI&MSVx^6teb0qc~$Lz!Y*tw?$Q
z?>Wp6PUOt4TK<s1GOKeK5GqtXkI6co+aNr4Upg7DG_FGtzY&f=IAdLCekS50CuBbH
z4%697<_&0sf`v-iKl|xuv{R{U0NLNXTf?GmC@<p8*R}T#>sWh*>WA4guKG5A73r-}
zu2xc*d$ce&%4O(XS7B!;n_tgiw>}IHUj#t@0SS7VRN0up;v2E^0P4%#fk~}WaD0Y4
zzdN+7bdNV!QXfgF1>VW<I@|phx&z(wZT>b`>`m~W$bueD%E5ofXJBcO&+%U@JP%e$
zZ}thHYL87jL<B=eqUu9tUimn79E$UeDF55kzQAr|vddU*dZLVYM!h!0Ynjq{cioTI
zrf7CjI$IMAp6x=LWr^5wP%p}4a0M8NGDnp^3`W7AEhZRngMU;3a#3F(&QXs3lgz8=
z$*OZbdaGVkQ!=k!n@$b5_i23tX3f6i9&7;6KXd-<nC@VoEq3q@lv(wH%_>r}D7`Yy
znRsU$@#iMks6l`Dd5Rme{e6WhkM+k$Ec0gG8|!zUjYLPflU&Ijb)gf~EA=_7=N+s>
zzQrUtL=ilteG(B$H;yR}PNdHqx>Chgv&<;?xp+M;O2;R&P{<jUsU4yYDj%+7ho~~O
zO==_(><jgb_|;R|8FBtyEWpg{dH(rYvx0F^NNTlaZCy*vs^P|Xu4HZE!AL%vN{!&b
zNUC`g^}$HIrw>MQ!$rC_h5w`vMxq7{(#68E@dm-XO!?<z5$5L-7M>~Armg(Z<ThR%
zzEHI`1KV`+BWhDSAFA58p~4?{&2DdWIZWDPRKb*&cqknT*^zQRZ!V9qgwIg1_GR!;
z9lE!uuzd?J)U~e*wGZFiLIK-6Stnp48?M=sLMP<bW)iTOm*4N+A_1Fuv<`hs=h52d
zEu9Ny`dd0VJo-<P!!zQ}S=CKE>;`K+(*dt|C5J64F8Zu~g$#G+GW{kkry!W(iZugc
zxss_WsWgf7NDqo1$Ml(Y)MvWl?Nj+F;2W`e|LJv_AK~nO=E;$!$UAgY0U@a*PJOxO
zWuUH-jKxtP)!d*yU{g=&JWHq8<NF{T8>*Tt@v2TMG1c3(>MU{i7TkH8#!5Hw>uGZF
zQp+rHsG_oR_sQNdvoX~t5P6Pe;Cfm3R^9r3>)JX^W&0krF}7cMZH(<>E7S%H(W-^u
z(57<A2RZDR%Yt#RXW5cWWgaz3o<W52upE7PY!YKwj?+esS~f_>>I0t}nPkbu!#dya
z#yp|!7c=M2pZVZz3+_@kyoX}VO0gIh-ZHIOBmPCra#+sLEWYZ_pJ7;ad(QYxtM2~{
z)HSQ<S^cV;GW;6d3})eyR-5UFJa7ZeU^Y+he?vD<XT71Dr#HMo^OTNWx_QcM^OAXx
z4Kb4pkU`V+i@)Zu%Y7C<gf91)jmUp=xlbZhOrQ*pGzgU8XO2drs7;lRYch>copmf4
z4G%k(^bL@QBKl-zA>`_33V*ampKN8x{Y~K~P9_aLl6fkr)#FcO_4s-d(<)fadaVMJ
z*DJ@=60C~>mSWal&}%fEN>1vEeepNIa}UxDFk1rl1mS!+^<Yv0uQfy+NoUEKP>~^7
zv!Ym;ya%VZC+(9y6gcD`jd%<$kFBVS<DR(TCV|tGtC7&x63qSHI;Cq&U&L8u=xr^8
zO2fXS-E)1y<0mg3*Ol133`z{LlrgXGDKsh1C`a)3D*XL8{obR%?{fI9oZNkc-K38z
zFb1_4`I>IV40(;+IfmI9rMpKx1v4}J3`U^vTQvyVKaaes+dp@|s@p%mdQ~?s|NW}2
zmbI_O!b9M^fALxNnz7P3O$!eZRUUs<3lD)8^bf;l<YK&a&EUE2;<;M7=yFZba@DeU
z2MM`;$8-HjpKG9&3x!Wbc$RKjQD{~y{DXyD_~jY8Qe`)ivAgnI3*D7xTTI%<ojiWQ
z`oF37<)^5NbN5G9(4XhwPk0YYZBkace~E@k%!&=wV}H|i;zNI<q577}!M5G-jM@xl
zZzw)9QZu58UC(ouv0(rtCrSQT1}0vh%b|2ZjDMl#xFSXe8`<b;-N+tZts`pJYU9Xm
zc$)mRF16`;`^~3SGRYs{>G&~vg6BHcS(ob}Ef;RT%I}}%7xOq1Zsi~Bp8Oj4V51T>
z$3{c#f6r>Q|9{Z>|2_2@A9MG78eK85#~zRCoGy?x?2IMiuAr=6Mz`aO=JH1;qDspO
zW?t~GQ_-kC`}-?&e8kQ}F+owNVq<dWpL0y%4wE*XkF8Lf%wGK{<0UZM->=}U>|-{?
zu5o6+0yK7xBiyCW_dECq?=l%NMnJa65FV7K#|jEc^I)nja0x>@_7oL_cU;Qer|@+(
zC`gNl!*G6loI2$9cV1<v;$J*3UScb6@DJ97O9Pa{2{|aHhbk{$qFlc+#}v6JVqxi#
zT>R&Jz2yZf+BC;RYI$YqH0lc`t@gRmu$QN;%!$?6jn}zh4u<pa#KlV{@1;RPU4b2E
z^}o89Of{ZNp|QYj#%R?%sD^gu{A3s6Gwk2ojbzHJKAqunu(#vA!Fw`i6k<qlO&_%=
zv)Cu^^9JVTiGc!U3Cb<2b<QjU6@N84%b?`U9Kg_;bWQ2Kx1sY8vow|DgQ8Ors@rf`
z<_<(KjlQKa^C(P1@cg0)qDir>$zsx6)`VdH?AY7YE9mWNG@lXW@07zm9413hjv8*6
zT5BP!JQl6MOb23S`V!3<p<eJ+X)<FDi-f|%ka#H;Nd^gjE++h;Z7O{;3-Ctne#Gog
z^;ZY%l12)6Qgj|k=&73hJXxPsnCO2jy1|clb#vJWvOT3}CR~3Yf2}-r;&_yw-m!NF
zC>K;=P=s}Gg1`6n+4JFu^7~1p_u{%<{VsFJq6o`mqU{d&Q+RNX%Pw$ecbHmJUEDn0
zOE&U$v-T1>YbrmUxcG5|g;dr&qo!o`S01lS?iK~)h;l@z9<92F;Rs3rZ#T^~s!UJD
zG@rc7E1&WP$IN_cCa~qK%t8J<&Qhp1yr}Z*-cgLBCiA$16-4+dGarha_=tmzWGu`@
z^eHCY5je;da>10jMZkb}u3@&a44e5RwVL^1ZmW8db{-U}_i^KGCWNrLJLx&{Nm{K(
z8)qS(BnoD{2P;Eb-O*l6oL&lZsn2tXh26N6XcUyF6wJ`0J<2H%H46UyEK!iBM?-^T
zq#!3ofjve+j!J<|p9h;<K|3r_U{Wd2o(4s<3{JszlS;t^PC>IC?F~*ry-A}0&m)`y
zOx4t-TApXjCVpF~rl?n;b}dDXSK-o9-r*@_TFOWKtTcn@d-WMwUvaW2->%Y!n?>x`
zd45q#spBabJOwo&#jx7qZXIpXj%TU|7fit%$+<;X7CHe(qJh?=hQP-G)>OcgJ25%G
z0Ob6U$z8ktPG-YR@85pfM-5*i*uM?1W`aFIuq_7I#{^qIux$p|W`f;7u%vM(@(H%x
z0Q-z!g9x_60Q-_)oe1`w0roY)_N-yB9}KW>3HC9;b{k+j3HA?yMGUY#1bd2LZ3fsr
zf-NN2F9z5lbJ78Oo(#`DXQ(QRU<VAay#z}q*dYT9&HLkGH2#W5>)pyTOF(96PB5q5
z%fSl~{A~ib&q)GLLvVV6(eelmb|QFi0{9jV?u+2!1n_(g{<S=*)%0u*{szI*62Q|q
z_(KFwJZ-EByRx#J$Et{XFi}Hz7!fW_K#(+qn-Jlu1ca+J1ScX4i$kDE{lqYC*o|U?
zVn@V22_<zoL2Ws-812v#!ZzN+!P^jgTY?Gt77l(J!42>M(i$v{Ahv-Bx1wHLx*nxE
zojL~Zj)FWc<3Je%?H!Se^=W-q9*g2Z@w}CEzQHwANm;4J#F(apYvA0nC}Lun*!y=i
zBsiB$$6y^z=p0V_Ul=z-NQrdgxMj-gH6v;9RB<Te;Eu>O%FI9HATc5uMsgs0UdBp{
zWYM4A><>vJGqGCDF&NFpC)bb(@C@a@8_7(VEz07b)Ch_rID)8T@?RNB-x@mFvJKnW
zMxi;ftLjUKU_1s)O%_k_=jV?_CFggg2eIJ`ZzdDr???U;jk|xv$95`DbXs_wyj2W#
zyWm0*R(0!A(cBzu6@w{P|JO`Y<Z>|p;%o<LAYXqu$0XQ02|b{fCZgKWF3G7N`v=D2
zZqrQ}T?+?;R56e$%AIrT`AaP8;^KjzERUDi-oTY^p>Cd?otN&$9lCM6-OOH($Wt1+
z_GM>xbb6r(dk*pz<Wcw!Kd6N|Z@)Sgh5z1|Dtow@<as+~hduB7{#UCp_@DYaMr2@4
z`}pKn6NScNdwwvbqnLu);np9^{QT8wi1eu}GmniWQ;2Z>%pQBlWCf42wTxjXy@yhW
zb5XTP<Oc#f_YCupdsuNJO4jUEszxq8H&Vbpl+=b^japZKrbyO;BiI??d*!u%WO0@;
z|B?1~!;4qr;vMHo3$c^g5tYq89EY3Zy_~dQ!5@<0$(XlqPkiqxizS}+y{kv*?Y4hC
zh#t4m1kaSH8an8CL?8=S@)c0>o}>9-QwCP6&Jew->9woZr>Tcgihol@$xlz?=S3qw
zPaS0B=kgcg`T3i_o|&KT37(msu|A>hHXF>zOB#!8W_;x?fW!6j7}2!mZMMF2z}#cT
zT~S~g=zW{1Y6o_{T9|%5R-Ul<`{Ns0J*u~r_5qT2{26V$pzd{|d?ozL!q(yEoW%1n
zGM!;gHCXg>DhHz#irI(7&<P7Un+#k!gk5{(@Z%r~ea>}46>9qNEg`$B=AO)M7!_!m
zL?>roaJJ#SAWtBlIE;BsX0aE-=;YL0DSiNhYB=Vhk3%)N))U{CvDl0rGG%z&#BaVm
zXk+20K$cmgk!RQ5iumM6)gq9lMI*Q6K-<67x>?f5qx#bfNoAAsAaYq549LdOaMD@)
zI-PV(+DXTxo^-e<?nM!JD?co~r%Cy<0{o;CLo1!fPB|v^j2<M@Y+$=3)oSF0RV3+i
z@f<Tv(gj60Sb9C2WvycV^vn#Q`kye@!Us)yaf}_~Tzz2Uq<Q#1|G+6XAvWbCNL<Ad
zr^XVY&@lm)czY~yCL}(<66eJd?~RM(%qOL&q&$G(mlI~KOGEgn6cBO~5H8ga)*-^c
z1caA6RD{1E!n62^3@Fqgqp^$1>K%R?doNbbF&Wn?<ZnZ?qjixHd?_eXEGx(bsYz)c
zrbR$1Q+8CSZZ|Czw6*8Zh(0Oju%+XsDf;*GjO)kHe#Z6V*5~8bkCiW;dHonJpJn~P
z>C1v+Wl?Y}Nj@fJN2O3SMXHQ;7oPYAmk{T7LKWINq5+TS+%8lJY->9f86;#`Gld=&
zQ62}CPjE=Vq72ya8BT<R8!=FnBjt~`FPMU1B;miwb|KrF3IA9#nI+F*G5brgvdM*$
zal@aFL|KtpfZ-N;q{4rb?6Fcy-w3nE@?!L3Xv%DSRB<xe1&PigyYML5A$sKwv?mjT
zQ(Fc5_%@-(csu-Ug(5}gcznHW;ZNbQfG4#a^vNgDn9gVZnOPI<R`zsY{ynJm`UZYV
z@^)W#s}yQaA-E`ijhAti>$8v<fEB`xI9+1j@$v>+AB!b<izt7}p3prh%57qHy9h;!
zLD4LR!ehO`;WoU?Z#m_a_lu!jDWdt5C?D`SPnGwB+LX814n?MCSiSNWNQm@Qx-!!X
zp01oqL1V=>DO(|O@m*YK#{qPKki(MvmGUP$Bh{vVKl2Rn(x$+64)dl8Pv1U#NAxXZ
z139Y6dqJxWpLi6i&~?}A40%bWf#EA(AjzAh(1Ed%d9&2g!E7jhN<o85z6qp=)!T&S
zYoU~h0nf#D7Wu0s(#L2oC~w00m*c35En#M~x+g_)ddAon{3sr45zQ@<`IJ<-AtUk`
zjyFBMI@W96Ahw*6<o#&7D9VSt*~i7uaj0-(`K$>6&j>q=IorRy@=h$X<)9?DOQF^j
zNj@$egCaLhbb74z$-!CH46jhM6aL%cl{fl8uK2_!?~V+K>1+4H^pbx8;(g|mV)id$
z=u}Dsitj+KGXLVs?vO$qDa<!#ud>|4b@)-T5N94Jit-p+g`ms4*@w^;)8U`&l@Cbr
z_b`q^^&bHmxmpa2w@dj&_64I1(<ldZq8Yd;v!{Cbv%EqUCT1ZRrVsM`>0V4lVVKSR
zt)laoe=#mw*+={jsmv+E<UGONN<Pl)|L@DKH_GpV-P&2OdppPGG^7AA-c+a-lY0PM
zozRei$<|acnBG}L8`H{qSWga>u7R~DV#D>c6MJ@ZJ58or*D)?x)4^>dMf0zbesT7s
zf0T~3d*ynxXKi9HE7nWdTfNQ(A!uehK0c@TXA3d!@{d{n1Mlrj@dhWEz0PK#YLN-2
zOh_8M5%~v~6a5MWt?3P|>21fZWjz~f3nn782>O3=jxLL*cLwHx&WGe40M=)M6oBJ`
zCsl?zN|%e~6Yit+X8*{<sx5+jLXwIx4IewrKnbM_v}SLHf0Fn|@mL2AV|9ILaTvRd
zzc1Mi9pGicdIPo_s`JSW68w_n7GHLYSbem71a?ztjwFBTlQ)Ogpa`|?*ilxNP&E&k
z6ZxP47On6f+0wWr{25!^4@-kL#hvE_ySo+sk=k_a7za!6gf?JI3IB1o>e~V<^SD-D
z@cw#l@TPjqjsHkn^||XI_g2h}|G4Y*xwk^@dawMo58sGw=qRmVughMA&r%~5lVViB
zR{<tXL=q<9KjT~VI}J-OXvIm{r2)HCsK!hA+->e-ZNy(f^-4$x--`Eluu_P@Uckc*
z&@@lyR-6K{x?s-udyD3FF?%aX-?+8yeFm+tkLjpq;~MS`<;4#@A1iNgRBu>Z&Hip;
zaA5{kro8lwaf9S72{)g_0gsPA&)9uRW)5vSw6%+JJNn*cNK2z3oWRSrTFEpvBXZ50
zTET9H?vGI-p$_2vdK0-~4UMZEyR`@Wl$Ne<Whiav88Zgah2>@JCB`WLbpi<s3f&mr
z8($J<t5$4S*gsSrgZDsqvPxK4XcsB5NTSZILgk;?5@aOVP^5hds}dwUeev+`luUfL
ze0pYa(yE}A8CXk+ln;js;SpwK4)tJ<02yVl0c93HFn><17`z__-wj;swj=8cJ<Ouh
z4f4gIg+E2Er~c%breUTW;ZdAl+I`=d@`s-^CA@ba%9}~#f=y>Uh+I=a<XXn$eknlL
zgq&iNp5hf`3l8;{2#;d4;&ZDX_xf|F-`H1`pW)i`pNt8xhf5t9z$~WmVK_4wPD%2y
zO4j~LQ}q9s3c#PC(gHXoL=pVEf>jScsQ%N@xQf&Grb^@dMY{2MkBtv6;n6x`5zqe>
ze<akspep%9U&SZ-m?uv&(SsBqNa80}&TNgpf{2pK<n5&OC&}{EuQWcq{o8r_k-`Ub
z{?})mUnwyE66y=z$F%mRP!RJue-^5~W@0LgFlsNW{>@srCo+WkH}3o*1`9Iqz8Eq8
zLc$uIU$D=v!-JN6qJEkF+MB&oJHG5zQvZ;=+hWC*{ypL|%1@ot;|r8V#}`sYeaFZD
zEaw-o@{~<jwpx9nPck>5B$*+anZZFBK3k11hrHj}L@JeO{H?=#GUrBmV*i~$znQss
z^A^0Fy>>h5JQl|pw}c!~RzxR=<@mfkY$SQYGWNI&3WPtTkX`{@Ew(V9vewRCrbG#j
zzE(mZ-P}Y0q0#VRQgBo@Y-y>etz=pXyqAt#RV$jmWrmGmulWad`RL77nB>VW5Mk96
zMe~=E`AcsnuHAr<S@td)8B~(X5vG`#5bTu&5;!?3eJjcT7Uj?R{J}>@^9$??hO(y<
z>^?h<2pb#`jtx@fdJsWBEgcfcBKeOEu>onFisVo6I`@~pE@pr2xAXI1uP4y)1buYm
zy<+xWp=uaAdma<BzxSH)<fR;5&N0GvJZ@(1lguYk(J+l&fnXE!U@H>^Ujur7K?}U*
z{UWrhy54`6*ZGToR-FG-0UQGgS$j@LsRTr3M~0I=5}WOgYq!MP4T#vJBc*@yX7Bg+
zWQUXk7(n1^Ml(<bKz|=EN`GHV=6$@)87fo^j((bmf>o4>5I7ohML8ro+gY1&l(K|n
zQ`w>M3n{camA%6NQo0XSZpcPV^{g^YD&ybj$j9FSyL9H(BT!f5YC5l>9~uZ&ir3tV
zJX9=Ze}yMIFS$1Yzewh-z%PtG$^3=rJT5G2GLaYF42-Ev;=gGA8c!ObAECP=z%7!z
zUgH<Fe^1LVlJoP@tjI9rm$UTm=l&GY`7QSEUjO;jzse8Gu=`jH2G&DgGrqZq_{N)k
zkn_#^2DES|+|LG?fPZ}E^*a7>9ufubAvl4O&H$KyKZx}Ho4w9c{;6|nC5`{jNU7+I
zlwK4Wit@_o`9I=^1@#p2|F?`;fESQidZ>f~P^fy1t-dFq!Nf4w;)4N>5f0+D?$Y%r
zm>Lui$@LF;KAgz_w?Ih0pGY`7$8flicf8J!@M4IrPMjOOWLGmKGiyl~uXBU2{O=ZI
zwXZSGGA!B-VfjVOp+GqrGW%~w&J2aeisq2mavYWkruNB(bpy7F>ixoU)R#{VcrS$W
z`!Sf%7{6WqoM|aY|FBn-zeN3m&*>e@^bgy-W@u+rg2Nc;AAIr#DYSpA&y1QJpL|ea
z&US~r+1t3nqkPuHfcI*s;4`j&*o|eP{^3^%xKY(Vv`ln*`=kD$Kk6TLlm1~7(?59S
zA7c6kpL{Bk>XUx~f_>)Ccv~W{I<-IzJ~QxB3sZc+(vtm&H=n&5g;MAfEQXyE+WZik
z96w_Ft1e|~J&eU6|LV;?f-}>G4#?;!P70>X$B!^og$=e=wlcs5h^o2lFWLSVgC6r=
zfGol^s`A&8yjcm$cmO)&HUAi{kI6SkQh7FG6b$y`MGe_zW%fbjqC+r{X#9%rfN_6t
zAWXzlJB8q5l(I7iqqHBV6jdu|Nxx7=)8_4rB2qOnqF7VbDL3k%xX*`vO%adnz;+El
z^LrdPbCfrr0g1|@2GFAMt5=O#0zEn^(<^^Tnn9neFh4_|{DX2C9PMyn%JIQ^1<d(k
z2o`kqaDcFUGM*)`JB5!#bV%9X2~|bhSO{MoIIMh7!`wI{BjfK&V<Ie^S>eA<Y;M9F
zWwMS1)pW3xGrLhKP-G{`Wn)Zdq-JVTGnH-$lS~wW5f`fHs7HPDHFA~wg>o4ZgN~f_
zjN=abfLDW~`-9X29e>;_D^l<}IKvmV;?2wGTwh>fn>XK^YhQS2tuL6K!%w$(g2#W%
zUgsYFbg{Cr)qwoKXWroO99WQAHN}TF2jm`4POBt;>UC}_eF~1;xo`>wL2jqNpEvsl
z^&8IFP!v9h)e3_U$rdZu=joOgU-oWh1GpPHHj*x7e@lTUaOE{1hKn9Ml5jtLHvRYx
z6W5RT)9c5(bN%>5vY8}Iw-pZ!=_tnPb>zF58l@>vl;O@#U3~31XvqKi=vg%6Z-)QC
zri&_H7G*N+6s+gzRN!%EXJPp)w%we7^XmlY?{TPwu`@+Y4~uggh>V+-><YV1qaIgc
z>hW*SNj;AHuR%Tj|D%39-=f!#Uurp<ems)?AL++GRQ2QUFj42^Z`Y4|`4*l`Kkg1#
zhjaCK-}v($>Bp-~di}WD=^0~MoLoN+3teQa*St<_`4z+=(vRaRuI*3b0@e{;c^6jJ
zrIyMs&x@6fMK4jPXdDA9`YWCNawKwr-X26g5OJ`X^NZKKON2cImRZz~!(`mW^y9lx
zKh8#IuQD%;?9@bKqUy)DC((~z17Zd8W%hQiA9n>(-TBtc#d-P#GKqd%m1@qWAx|>i
zF@0Jd<4`}GO|m<<IxUONNJ~3Nr>1b7T9z*e$v(8X@dee0TPx{29(<jhi^CNrojyje
z!~ezD{O77S7AR-+Bgs#f*d-ZU1;<P&VMCObHsYtWw2A)IGvLy7^k)P6!}WBdttR%O
zWQIG?E7R?SU2U-|CM=#tQ^%ypLW8nHBMOSa^R~;4FVr|&gy5Ct#D<+-7jp~#bA85{
zE5Qn8U<EVW`RSR$G7K-z^fI$pnI+nK=XL@S<rl$P$IsK_64tv3u--K+*(KX(sdlML
zwF{P28Z&o*bWBv2M0HhVR?&t`Ud@IYXOs{2$_*f||F-(VcX5rIe!ur*dPoyxs3D_#
z5G-1?zqLJvUJGtws=9L=82c=y61#_~#O}p^X1mUPxRP{a@ZJBkdb^)#;TAFd+hY8u
zbjE*1)GAKYDozwG&l!tvOqhnNV$*Q&lGEwN$g&!XtJjzXEgZw;n!L;S<|UPH-Zb(J
z^-cLu*r{UruiwhAi6pFsLl>)ey;|?q_<FH<<pbd~_Z#_jDW3MwEr%=IP#zYUB>JgI
zuXWo%Qe{$kNUwAIGh1QTF?k49^J~tkaa*zYtQxm}L?-C<ZE^CDD1W8OLs0lx<snkH
z{f(>J^0>M!>on>%^jBh<wmz}_`ZW5sEcV7&Oy9<|9>wRNZ<`jUZ)0x;<RsI#<t5R#
ziShcjY3HDC%Q?NiEl_C6@3c7kEXp>fJgK1Z_-*>OmmVf<TE=PhZI7rJar!oq@hLX3
z_&4a=0-fCXg{H+>XV$h2i;Upy`Ooxin;#;LT5(c++nXv>uW!p^;zgXkEdxg>=N$BH
z)8h1Pc{+Vt7UR6r=-XWJ`nG8?eOvK=pl<_yVI6$&S=4RksLxEMZ@d3N(mv(z9y*P_
zZGr(UQQyY-=Pdd*H%)-7vufMULEn5DecOMPaY9e4Z(E{b{4e!wsN&%IHm~#Zn5qpG
zFAlD6dy(nezVgYx`kY&Z<vnBCwpkd#iXCqnW9C1;>~A$~8-}wj2&518;o*F5#E$);
z>f7i%qw3q-&h)X1e=@4uKBxFnN%d{td9yc*c&w;CT0RS^$Y%{Z%+51k;2|f^Q1)m%
z&ukOThheF}uGgJsP``G8;r+JV5r<Fy7HIaF|IJ&2=NSw;<}-iq%ic`qnGN3TUwqhU
zuv{*A5Z1ABzp7;$%9I0Mu4UWd#rO0yE!%f^O#SGABe1PbM?Km%xE_3M(6X(HLBFSk
zk!#tMM-gKFG5o$JZ@{>f4`Xcc9n-FTtfYN|TQ&?Jj2bG}m<7Ks9@?*LBYwoB(YPIs
z6GUUYey#TdOoPT~VLbRX*ROqt(Bq{ss9wMJjlXxIeogrpu~p3)){7*1<z66>ZBdm9
zhxE#|ai@4Y;x%laa}C=qs9~F_)3A**XxMHlB@J87Z_%&e3m;6shVd-ifzC`y`S?uQ
zwU+S5CazuEAyln3aqZf7OuGh5^S#pI=i0TkjK5BxElaRhe>C^Nz|gWH!7nMem}%E~
z<rW4ko_uTWlFMj(gVrm#z6@3m5&tovdhABhuW9JzU#QwOAk^YE>eqbEO{FXTzgDj8
zU2r5mK0NbpQT?e)b80-9sj4q^z=p=+-oRj?Zd@93k&v99(TlLE15c{z!1J7Ob;G!k
zp3Gi_xkojd@x>0^{TZ_przk}14J{>09BJag$C#<O%+7apn?pZXrQoP^=t;Y3Ii7_w
zor9bMLbs4vICG%LX~cMz2%QGMW}qoJ9tycB_z06`3ZCT+rfldgnw0tF%oLnq`G>3c
zYFuv36#QE5O*xmWhNs_>6LZpJ2>7-zc1N-10FomHyDhqbOu!*M_G%Kt|I%bK>21J;
zYP=wKS1iixYVy0>(MC6xmgaUgmd^FcKg8P?@c4~Bef&n)%-!-A5hv`Il)q65TGvwm
z$M|@QfeeX1J;1Bn4+G`RpM@6ax50VPlkd;$B~(vAWAyVnl18kVLB{A=OOqI*_gtF9
z7`>w+i7|S(;>^bAtGT7PO(`oHX<~+NMuc}Ygc}fHbpk@Hge#Jlkf|Y@j|k^?Xig|u
z%3rTl?Z*FjE%}(_4%ObD$Wm6!CLa}t@(>4~H<X;L9y;}N^mO**yZ03t?8yh-6K_xM
zz5mSi<lo$M4*peIyadL(f>7sX@e=xXX7LiNjc%OdW^W*md2QhAk(^CJ)sfU#Kt(=v
zrQj`0S(+8&KR27dsk-?)*F*ES^xoSs2=(mwY!<K7J)JsNlD}aO)48D?!RZvxVDOep
zO=9+Tgy)evKbt_fG&9GKPRisNx*1-gPEi(2;3f6lEIc{mUp!KqbY!I}Ed?V@j2=G_
zci)^j3xF)<dLUHy)@Z9DPj09_LkcW`4nLwuXQk`i+cdh!gG6-~=cM7~Pa}mI&|(Yl
z2-rwkigHB(dd5&d_IqZ>=z7Kyql@{tL-h`z3pKdPKR2I^u0eXbc#QfI9bNoE)e24*
zixNQ50q%?~kaJ;y{Im-!kk>rO7D$HW4Gwwr+L<N{51q&SX5Li2<6{q_!b%plkl##=
zS@oM4K8^fl%JgWB+&iAV0Eo4|!>Dyfd#&db)B9lhJm^thLGPiG=Z;IIAV-f@$tiGX
z6uf!^QDD=fE#efIVie#watcf;1>5yI!7QSHF&d*_tGZ#->(K^q3Ye!5qace@@SGlP
zB&VP@*7GI2dQ6Ja$x_8;5e*HS#w9!@LrWROQ|wyG)n*o8C&Qc1j#W5~tMgGG)}@o)
z%Sa1%<vW=)3f8uhNuyw0N1@0DKg?Xc#~EC`uO>I}6oM5RU~YniA7U`k0P_&+6M{`N
zz={a=Pl8P{z$OsvX@Xs2fcXgaAi<^>V8sNxg<whFNplnICIf6L!G;j*76a@?f^{KS
z(nrtsKgeKr7+|+0xW{ilN%6cFx?p$uIKeS{KL<}kaBBj%|0x1H5iBGGLCfXfz6j1t
z0MFpyU&oH5p*Di=<KS-)e0u`;b`Jg!!Ph5$Sr))AAXrQQiyXWJ!TAYb7MlRTGY}k1
z2n%qEgWU*jO90Q{y>=mM7<|BX$OJg6=8$eqbVx^M)7lB>v1T%n6M3YBd!-`>D^<6U
zSNft`NG_PG%)bR)(jzXOeXerN1l5_fXaYH;e?NdZq+`BO6PTxaroPM!mPS%WuL<N#
zE^=q`48@`q*Dj4TRqa53@adUz<K#WnAN;53I)Csx2au?;<>#Nz><>QvC!@Slen*1;
z+uXDGzg_zq<dtUT6FwFM*dhlLSZpM)xEqTcW(hrO9je5V$NW?eVJu(Rlcr(UC^4}G
zy;RvFGPP2mh+;T-v==i-Xn8w7nb7i#E?g7yQndy0ky%O`aqm@_ld8z#u;UoeB`NN`
zDav1O7#WMTRAD;1ldARvJ<2LW^4a_IW%%aQyjgS%8m!SmzUfF#4u9VFVH;BQB2eXJ
zgy=~_MTL&AG(BN$rkG^Hg#rf&1sPl@C}zS69nbLbufSC(-foDU&rl5q`^fW5gxcW1
zDjmMSeRe5OY7!g+*$xDfrQEJQgs>*|5W){)Zi5u?*?edf2OJhsI!kcc4u#XD+>pFA
za|u3ykmLn~ZN9;wBjbeo(!1;5q4>J6dWU}mzC-b=&%DJqxCu3-p;oJNwAnx19W02>
z@eJPXme-Yj6XQ30k7D(lLiqb-sJgz??lZSYl_5JE@$Hf4@x3G1isdhqU72i_Bdu5>
zYFF)n^W<J;=zp_K3hl8@2##{X$<&5V6iib^H6E<%lrm)UNR<~UxQ<+<2EJv|mn47B
zV&+m(E${pKm_T;D$;9ImbNA)dCJ@O!x(}WGS(IR40}w`74!np*vNtfPq+XSa-qZ^`
zQ7)A{r^!W6P9mwKMvwLlmr5#_s)mIIp#V(XUK3TH<_c9hnx@bB5lKhIntWEQ(&5sh
zJ;mwB(&$LzbU5^A%QzkO7#$RbsoO;w9d?xtMK4#)BRX0&DXmqN(hMHn7jrsd9^Q}m
z5<I+x>d~BzRVIy&3ZmmrMW^-grq}3=;@U8tlB1<u&Qok!%2*~Gtjj=u@H{@vM#KIU
zPD?JXUH5C!n5q~@r>T%97t*o45RUDWD5}!^_n%%~yZ-*u%WKa2PcN?xxc~I>n)&|I
z%WJzzPA{)*EIGZr_V<$0%WHoqIla7AT5@`M?Z%SR%WGpw&PiTtU{QZMl%^{{Q23t&
zf$UojUX9?b3E=co1eOsTO#ola!FMCLZ-P)Xm4hcDSV{oT<KW>4o|yoi$-&(aJS71<
zg@X@V4&b5$a1jS@LGV=x;HqB<{3e1ICJ1EvIrt9<ZcPAB<-Il^!5H=kr2(VB)|?=)
zVZa_Pc-fTgE`!`Qj>}lMd?_Ee400Dsd+$1u<=(uGWVtfs<?Gb&LJs9|7fE7>8X2wy
z4qD(Mam=RN<s#|M+)I=0rn*!~E=QT5A-Y^lZX1AdTN%H<ROPi%*XiW7cYBh&HYjoy
zdF|z|jq=)eH|pfI43yXQ-I}A`d4bG^8f&Axwn+R9@*3%nHT}{~3lrB;xqgXE#MNM&
zA6V#7Gujlr!Nrck+@Dw|$~gTd>X#fk;i$7>8#xkRV*wEa!)t<=RLBA$UcyedjSd#5
zL>H<)&uczF9lZ9V-puEQX^k0*4S$`3!uV!(D*s+p7%x3uWK!I7&!#YD;q%Tj8x+RF
zigXHNh7d666vip4!g!)PiNYB0OZ~B!KJc}~7!MHNo|B^MV-I7w*z=f@b3OAy5|+J=
zdR*Lr-A&`!mLN5yV&A$O#}ClL``r3_RK=FXRIv*oQTjbw^RR6(z!CuD5THg62($ab
z$}znN7Bs+Qg0<hxU{4xg=#g)n?>}^?k8D@u!o1y<ptaqnA>4)t-zFe@r6F962%8cR
zHfeg_0f_Lg1ccFA2`6(f{8~rslz6&Z4=p6o-J?k#Y_aRq#j_`?A&n-ER*!9Nj`)>8
zv)jGr=V)!5zW9qceeu-z^H=|y&wT!R-E;Q%MHDjVRy(Xkm#NW$D$2@C{{B4n70iGg
zM~h5rd?x-%-4(O5C^U;9kP-98G0=ZS9R2gIkEeh7O=qTmU%@%AN0s{=-oQe;ulgu|
zxHT}=8@SUJd%lAyw43Vj6%Sl;g-G`~wfy}KpYwpfSbM)CJyQ(2VS*|CRv#P^x(2Rk
z56+Lu_qRvV-sgOBO?&mWB@H55S6~Z}zf-o27^#(x*R+wBSS+Z?j=0A>`WE109_t-R
z!$H(uhgKSuOYA0px(G+l-~yYH%~qF`zg&lbpbB8|>Ll_|nm4aQzUi{-=UDt=V}DdE
z>54D3Eli^~UGd4@x$e+zYhi9wYFbbIu|e&RZa97u0^YH9Y`xdnTG~~rY=W-oC=Ew)
zee4mF({#j_aOUCN@bRU{)dwT%mE3U&4P|2!WT*U#RsX=X>~S$5)PDp?1%4aLPfqAx
zD$#wGH}F9d-B|%*X@<@ofbz3+|KUO`Kmy*uae;jIrHR%1{WphpS#x(#eNw<PNL7%Q
zb_HqMj`k|y$dwrXbI$E&cwTSGHe3<9D|?5JG({R?_w`XlbkkchcA>5)4d1SNWISY}
z`dE{I6RYa|exYuA=tpbre&c@Uy^Qy_g7j>#qj5?&QiSnOXCpm=*6GmE-$l9`I)1ap
zfk2y}Od39tGvEJkc|v*3m1FWb_Xt(@cc2v_PzWTu^BRT9nNUu6CEEe?gA{%cawOrW
zVzjx*Mk_;$Sb3_4uq=&Po_v9JD#1IgFlHy2z1OM8#fJCYqIlW=KWMrKIq`wy%2Re>
z`6q1iK42CeVa^FH`vViLfnKi##-DVyEbi-USUfb)N$x3IUt{jNvGSau#r*-&RW7hb
zeh26EKu<{NEq9Wqo{U_C-(4YZcle%kGSU;!uCqqcp`7&BH2<YmQ9h)zFY7rWI6O=D
zoyVS9t=wRBe!1wdH&}MkC~tWJ?vr9==%mNlu;>Vey{+sEO)Hc;%g)H#Ok9B_U6PL~
zo#2=jvDfBqldVsQmB+2Za(2xN4Gi>j1GONzoMf*ae}yml;&Z;09i0}<5Q9^pqxO!4
z<>CT-+_weaU5pIY#$!UTSD}T`k^a<pIlWTCz%eHlUotV+3(~w#**y8)r>u*&BOXdJ
zkuQw&=WaV1vX%}KD;qn+mJZQ*xU?r)KnDD8Tjf#c;B!4YwxbD90W_>u1lAMfV`9re
zPr&*wx3gXdqQ##FTP2^sxFrj}3HN4(nFgN?W4y;=^4;NHC6(>&MWdzQc&j@w$tubX
z?)>hH)7*gzpj)iKEOMF@oN5D@4FE!ri8z5PB>4dV9t~3<h3|l$t<2xY%KUg{p$)x!
zEON2lUxz&%dgNMk8f%lYq+k)@=2;nAqTA1XR(Jl0MIQ$QuiWnZWbxPVCr-YWZLk~w
zOPq9mvgk-;4Jx+2a2{WLKKx<xTfRC_4)Dg4&f|-Y$layjq;z-SfpmBN6^qZ4ph<yp
zn_LEKwjIqg1_iDX<xS3x#TURIS|8-A0uMp{hLg??$UhQVZioDK%%ARNvHpP8Ly;i?
zrzp2T&i?SnK%X=4U^_A-%byGN_k#SrFn>?X?+#40%f)t9%;CsDl>nfB(`o8=Kz;}2
z?}hoLz$CUSb2<j7bo7EhxL+jJ-yib#$Nc>$KQ^e`A(uJC7#%}ZItE}z7}}FSPX?5i
zf#sdg+Jk;1cx>SW^;Ze%$p}h9PbTEg#QgoW{Lm>Ga&d-M%wgzXPEda$=nV8^L3vqN
z-T<vU=%ftjqzoNhnJQiV*npj3yoN)0!?C<fU3u8*@+`S5OEl6sK&7)68$eeQ`f{MW
z94v2Oti6JLDwI;JC-5Sbz`jV}8R#1Y<&DDfh8W9(PRx;ua}32EhVkG8_GAPmp)U{0
z%fs@98q0%D%z;kKiKDZhO6Pe<XKfsPuu6=^<zs$)S*#oK<Pw;#aWuBcAQCpZ@CAG1
ze+ztAVL|Z&pG-RG4x~aWoXv~(z#rDXX@Lnue>2Sg7A}A?Ekkhp=)iffTm8epFZMt&
ztrsnTzoM3TD7A^9b_;r;EjGh>ptu7Kfm_02v{`IXTt^$NLiHEyh_ngL%$r#NHl4lW
zrtz}%SrN9%`RiZ_epiA$!`W6|Btd8Qol`q0n0`I(2jc_%pBOLqe-`j1*b%cP2h-0R
zADI4xZG8UpCtyE7ykz@<<lI==6*iM+J#zXJlH4LW50wY>^@AuR!G7d3Z<3;$q?Qv<
z(X)llbwcoVSoERBCw!Rc@RBdWQ*ghK<hF5gugAp7Fl_Atqy&0FvCX2hxqJ`&McKem
z|AgQubw7I-_Or(zzvygSoHa2x3iq>jaX)*P?PsHs?q{NNvw>c3a6HhfjFrr7QnXoW
zX&)a*f6R?eP`9&fEB#%s+$cGlReBBbGBe$GFq!5Ei_s)jmfKCG{YZ84PgD@grY0B0
z4>ogA90RLT{NC;SY6eBVk~ENXMcJCkPa?rGu6+p1P;z%f&ezc&-5|;lG&?Vog2M-b
zAcQUmp;oID7!9X~8x%?Y+?Tye5(+-U5NqAhUel(G_a2GD!DNWE6kjW<5S!|us0y#(
zRUic;wY`V`cm<#0k(KKDvOoH-l;i_w`Tl&wZs@<l+@oS(RAxmvh}Bo1q%8)mjbu3%
z&VfR5HzJtdALYn%Z8f4@btP3#z9?{d<iqSiI^|((l-wwP{!eqHc}{J`60-^IRwvuo
zk%~eymv&{z*2W^UX&nf<-`zxl_i0WS+i+~`Ou}W+>6(-|gW1s;2(jNBd0Th8!^e}2
zCY&TUGyGAR=q4)EjqeIlcsHSLQd(Zf?+RO)ZoeVkzV4kyG71@$NjXYW@qO&bZp?>X
z?s*}hdLwrC@$SN7e`KTku+6kls0)o2J`~_v7^lceeXCWdYp-nTS-Gc8l7CkG6LZk;
zRFc;N3(a9X<f@t5mGKD3<kj{5Tk)RBjBAH|4W91ArUr@?-QY0LH%gG?QR$-GO9=P{
zn_Kp$L)VTH$VxH<$A`w!ud&DobQYS1D#vl!^v$hz*LX718jI3Qs7?Ls5NcKL01@dT
zF<{L^AAF&1BXTaR+pfIL4~&-&XKxbkI3aHmLwl_LE8)~Ae+j=N3Sli();pL#Yal(x
zD|>T5zOm-Ogw3&e;L8Ejz&t)y+8WvkoP32CxEkh@-7YpYQJb1T8n`;}fKB$>9YS4k
zT5!JERa272OdChIgu0{Akn_-j%sI6}-QkV~G4Mefi>Fn$O_V>_ia%>^uz{rPJT(71
zF<M|}O+de0WC(I{MiJDbo?nO`xDXn+z#F(w%<oO!-$LCu8~UD14T@3d0bk&Qf3pK6
zo|;`19o-j>k&n45jtMZU3vBMnc0qVD<l1%+XpFilq89cTxlpi0s0+KDiconwe7j7C
zkU1WmO64rdOmpS6FSr?sUXMmdg*ZCyiuUdcMUUL*syHfm0uyb8)f<Huq2vSDdZ<_}
zc{8AIgvzf?6Y37Rvkw=-TDJTmfO$+IR!eWJu_7vzN?tiLlh&f$s6sZQR37LFjg5?0
zi<frFK@piSgH|wLC1AfAY;2?31`KbO<W#^%&yc#iZLW?Durt~!9)ffAXm-X{-V}34
zp`8J&YXc_kf;UcG1u>8xSYRV}Vddr&6xUP5{7$8#eDc+i%cyF9^1LQP-a(L;*#~zO
z>ZCN-GSZH<n44jt^~(8%p+(9-gh#*eLyD7)Vu3AN0n7)#gdU%qW^RtwM;aw|Kl>#!
zyg#J$fPE&iO6Q7({Ba!)26S%`tjz+<KsWq1G2k`hgF&5vUqi&NA;&}+5{m*Jv%@2M
zIy>YxK=cMD*hTYJ_WpWheVbcub4Q!~1yI}#X>R0v^9iZ4A*+xnAE?raf&P6a%G3L{
zPn6U96a=RCu@%Vu`%Vn@?}NGsiRmNOm44+7^!8v_ad+rPs~B)#4xq>uZ~?lfuY>Ue
zFiN94ufcz*TV98FSYs`gFUfth(%tfnHh#g~=5u~p`aLR2glgn`SJhFW3a>>9(Qp1c
zJe|t*?#kAV+>N^PF7~F|ywM#Ec>^mpnTUTkPLfw_VZUo8*d+NX4XZL_K{RG-2fve`
z!roi@>T0upFm}ADxuaeTEZanryIz!+F)dGx8-~s4%A21y-$emWHF|>SupDnR=4sIK
z^ysJ;>Y6=hv+mArbAueW#bttdoHak~=5@InSDQ=a$Z9<YKnWAl#Nar)SiR9d)`LBY
zd#`ybtZz27KPLu&9&~VjjzF(8pFG9Z?v>NiJb@``wnDiVtUIB$(x0yLz>?&a54j;D
zXQ@G)pE}tm$X;8Uk)JvtKXr19mp!(29PKo3u*hBryZqF`>`#4nd@5-y#LX1ikduu2
z6^wV^337iZF1;@dcwgH%dAh>}{M1+FC$ID4(yv(YVxTh)l+B%e1WHFLv4+Wk{`N`o
zbekQDuoncpb|}JYW2!?x^c?h_340GaN`~PQs+P0)R(~{PF1^qbwB~yGV8CG4PvWCd
z2*V-CJy67jj=c?L2ME0(=x<NZW%j@z76z{|vkZZ%2A+A_B)MuEWiE!yc8?JZj8sMS
z)QAX%PVA_H;cqT|jdAidu-pa5n=uzGuASIZ+isx%8A6P1M4K)Xrq5plVyFaMF1H=s
z4#>@n!SwuoLt0_5zq!!-wL99t$O^3Z(!}f#Rxn!JHRGWE^B87Pa7tfGJQ8xhCpgVq
zSaTC1LgOuxv%d5tF^ZigRK3y>jmjZc)*;K}G-Bp0Byuckzz1ie&BV*GzSrr8D?0>#
zdiBxLbeujN&5^X+`baAN-m27$V+&cDJFDJPQ<O%WU1W#;p95<mTb&qhw*zn6Veq}?
z5NztAxx@V)${TuCk5xD+&?|M4+{-daPEQ>ln38H6FHf=9CIx$?B3oifl5-Q|ucEZ;
zDVVX{-O-E$u$#e!HXLQDxE`>sNpt5Neqdsu+~UqY<h$c5H=6(aX!VcA)vHkcm@Rls
z>u8p&bJR`>jOsB-_V<AK)4#{Kz&$;HJMZb?P?xjTNGFLVoG$=eJf(|WBC!b&96s4z
z2rDMcuP(S^x?x;Jv!_N%t9TH^j4{Yl(MFGR^Ma8&c^Ejt-2r^JVq=V_SA>Y~#@Pyk
z?kMD#za1Ams8tN48wA@KFvoC;b%bzW<rU4Ua=Ua48?bs<TaD}4C>w70Aa)+31r2h&
z!`QrL5-`C99igixq&@Hz?S8l3g3|JvlTljk7P!CN1BV@t>;`%HBQ7uB-(Gz*_P7QY
zm*GI8jJjYXJ;Zl7d?P8RWASyagOL&gx7pc2Rq2c&M?!nk#oPvQ@YhF#`>Z|Y2oG$W
zBg|^%MpKs%!*Ku9q*%xpAXNQuMEIZ{cgVrp#mWcUO{J+7qs<+qmy4A}4omJf_^1$8
zG>F;Pw7V*HFM;EZ-BmNnEC$OCiG#na+$o6WEs$^(J8`e0;6KU<Hp`ANFR~NLzK)-n
z8!5m7-6OBWo#&Xi*O?Azfg(G5a|MkHGtD*Z!t^%i;)QnZxZ}<2%%jx2a`P_~?}UYx
zL5m^@WK}pkOoinJ&g?Le@z4Xy{yJOkHl0Kqv5V0Lx>RTps_@B+iqXAIWqa{pog0#H
zUkF^+K3?wC-5cl$?Ajfqm`;(8Sz*3FsxL6fj<JqIN;-Rs1Ls5KkAly<F6K-nRc>%Z
zCdA^$n!iN@xX&bWgKzMrik(XeYI@nF;J8EH!OiZPUY&4-A1{x-KnxVxCdi%(pu&4?
zQWTEBn}w=Jp@4A}qpviT?WgEBK;GzKaGFHBJujR^-jA8??L>YclRfcw7*=3#^AR@;
zyGa{%kMQLWh1EX^)fhk1{l1-@$GqmP$uV*H0BrwvVJDzhEXs74#mX;_DZgHvV~RUq
z>d$v<7%SU*%<qF&Ya&j;${*0tt^)ph61x3?ZX#C|gxi>b`aXvkygbD@lRd<4Q+8x#
zvs)?tehNscNzD|us&ESm#c)KB$J-3A_l&cxONjUUTsK_B;gE3(RpuD@8Epx}@AL-A
zsu8Qdj2l)em-nF89=Tbi_GHm5Y#+c^Ir(d;s8m2759P1V^)~TWTB<TdG`=Ki@ChWe
zV#pJDd|9uo=B&yr?nFKyop^c~eOE9W{wnr*EqhNMAC5)(My%~d^gV4y`ldOcSLXR=
z&!0E*9#Iwth-;A8+aQTOc&ZY;mesbBKUc~<ADEuvz_Yy>1k1<z83wnp!|&Cc&U&J&
zRi#s*?>0_nhLzKqWhFW<<@O=Ue!*Zjt1iPu^dKjU_t9}?Tj`BrU_u7S3we<_N!;0%
z8NA%OvE(79@Fme?)^&!0{jWg5St#M8Lg_Oiu*gh6xui@S)&rK%PIsO7Yhc9t*uX3+
zHLRJv)w+@%i-b`f@I3eFQQwkU$(>0)$h0xkWn?MIoP3nA!$y)T3xD}F$4Vx<R^DyX
z=zE5hx~*32w&!@a4d)inN?mtiKeBx0X3*MrPVC1m69Z*dd};JKPJF$Eh@Sh$-$L}`
zml%m&MMT!CL^sp-R!%hQX(ZZ~LPQT!dD7fneIa$hog?PlHT#}fqFg*ce81%PcaHEu
z5_=(4ZNm$FRqIN8mzJFam$4$TO7@O$kc>Z-hb|)e-s8MzPoW25Q#gHj^zBL^`bt##
z$~b+OsGT~q8_gN))LFMdry`9SL79E2rxa2O9ANKss}n`utGxYmZ<D9SpV=Fc$~d74
zpD(L8Evq<<6-3i2mB!Wd{U)ceRi#nkG-j_&CmKIYN8_~;nAe`!cib~`{_I&elbc)_
zQywgdtwK-q!D8QG&%m-y6za+>%Kb0kWL_t~o@r&zL%p6!&qTe$szEXsJ{~58q0D?r
z8L@B-dhnxuWjsdv2(IAW+yu1brZclHZ*Z<dtUP5d?IP55a@Q1^BHfu0HjA~;?S`vO
z($Wqh>+XS6Z5y@Lp2}PANTpRGm0Dk%%3D7zm0F**whOg>ZC4y2;F2}JpEC2#aS!@u
zW9u7T84GyRCDKm`)h{{N)jUiAw>4<pz*I3G)(1z|S2jtZgQ*n{TGE6SA@S2a7~ci!
zk%G55aOB>!kPl@uqwT12@|jENbt_^p?5$*Tg`T@oZoSwzS7uPlDpL70tD)~&-qL!t
zrOmvh7q9I{E&V)==89lX`TM6u_&DB0@bg*vsm+qQDVe>6>Mgz5*+ZMlt6Ak=Rc-U<
z<A5P8YX?%X<*{N*sjQ*!b9!8{)qMw0iS?$Ky948W`bJA`&E){e9?G8$QwFl~W6KFy
zcH<B^^0m^h;Ph^1+s!-dukv#=*D#B*M|{DB4(xE27K9}x6$R{NjGmfhnQf_rYGXro
z>8pKb#)d`y&K;fdiAl3A2ekH7&g>>K3CC8{z<Sl0mJ19xR6(!EoBTImv?n~vVNiNo
zXH(1p5g+32Opj^zAQXIh5JC7q%!X#|2+Qb9^{Ee5!>1X?I<GTz+7SLqwGy_edv)R?
z)mo=HE}$XUs#%=}TzM7mp)Dd_v-#aP)X0fz1uFF^o4VTa=cqGaeH|3{9<^HfZoatL
z_=2$2On+BdXsGNKYJ-JOfjmp>y>VPqEu0ZDRYo}9MvP$RD|MblV}uN?)|=0#(wjLW
z;9n(jD%UWDu)CznCI>DQG~=M&&cp~v4=}=v&V-u9<rltrX&jKpi<;Y+?+6y+03;tc
zpoBPJ73Tof7~%kYMjeN;jB~&=UQkVp0}ur{06{7T%;4E-d3`f1S_O;)R&x%xNbRjX
zsUy|id06Y6DZQw7R`XJxvvApv$lcnRub$iKyR|coh26&26o-v!xlpZTX{?sTS}iHO
z7R1KVYI!XgHX30YuSKNqVjI;`q1IBvYZ<(@Kh@HY)iM{Cn9H`XbtMyiI<~|uF)#JR
zdS7SWF4%t#5EU7B1utLpS`lM1daB!#nNv}Ar|CUhD(PND@HE48?^jX?^$hsOBk)Jw
zE(x9uth3T-gx*Z2V&{VFF_1B5%3GU@7^tKhaf$YbJ(HbRP*zyZF^e+ftxFksHN0Eu
z`9}U6?~dpAqEbuU@}}BN@6mTX@1{1jo7#CdWiYEr=%$~oS~ulw=6$nf{_J`FYiG~I
zJv~e7sXv@YJ@p>%sl0Byr=W{m-A>y@&?Db6nW-C1ZF@J$z8#u5fO=&6C)6XY>C_|Y
z)AD)Us7F{<=n>4K^!z9FNIUP5_jr%g@|M@~9x-*Hy`c+F&!X>~F4QA4y6_&E+l6{$
zka`r@*-2&3{<Dn2S6~H`ScK|7_aJ7i;oD1vDt{@LFY9g6UN*<6-i2zXm(Iz;8^0?!
zyo9K#RjGWAzE^Q7x2jZb=Tr_<h1k)Z)MXW9uiN}6bul4!mL`trmQ`yHIt`Y^gs^=p
zdZW<9L(x^S3h?+>#!M^!+Mnr0l)8I0xvPlTAg|zy8p>U3EX<>i<gQ=MrD-6JrfPy0
zSAneXU2PJVo+3I1o=<{TE47k6)Xvt^G+Hv!sMW4C-fA(8T0KA&yvAF!&E%e$3l_jB
z659!amnw6510+pq0$7HfnqDH()uh{8*$R7>-<(0tv_IWT$Keuo98Oa=dp~CIWX{E3
zbJ+=)NGwU?9A8G?6`bTZRg&N1B==uy;rpLiJ0dyeEzpMKMS<v=!QPr?%!9|l9Hr9|
zB4`E^_0mkt@n8l$se#XauwyP&-l`I#(03arCZj7SCaWtE({HVfh)Ff8f~$Y#owqHx
z>!I0(1NdO!H%O~kI96W6kD__B+bP#B(@u57D=T?q1rWoyq*|7)o$B7{Pm-#l9!0y-
z`ref{Z5n;g=t@niRh#x4Z(3hf&KPD=Sp%eu+h+Rx^GVJiDPyMJFd-&)r`|6<ClO{V
z%7o`C!c0Domcn9e&2wF8{ED$D6<ml}MNO(#o7ha>TX_>r>0F5Ev-W(dznIq#YxGtJ
zU!&ijf8FeR<`myG4=Nv`F+XsTP%U?(#)(p(+>V@;qfGj=w@KbWXN&Ews{Q_Zq`(6i
zOgF@qPh`C3KkFTH_Y8;%lB$kM8<#F{;7Hg`d9vI~M@Y74GY8Xm_yDh9c*@3CFJ(R9
zLY5M-IN}EuwgtnE$P{x!^YH{unMU8}Jf}IdVqZ8^;lb09%eYNtDe@hSlk8te=OPOi
z=<u)7_h%C5vbgwcOOFY3B(cE?luiO2(gOlr4&TMwd1dWf8-bCZ(95P-^Ik;(F`X+<
z%p}!e8$haarPIQZPEuWMOs=2H1#~gp6bo$v1x-uWq`J9$uPxKb^%XqZ3|?P_S*ySd
z*;tfZiTiD?#qCaUW#_PNz)_K8lv6_D(h!0q*=J{A0$8-a24(2Wr=oyiW9Jtf!(aLz
zWADo&BP$C3z?rY?;2*d|DVzBRE}%+?f8dq^^P4_!BUE1DAGmib&+`uyZImGYK=Dth
z;2$V)Dhv1r%HPTy{(+}5<wpL2$7aRLKTw6BjO8Dw{!m8p4^-MHL)7+I;lrV}2S2*1
z?SZaPI{NYU;Kw2SKxHH20__2Gp?XqUOwLz6?nkety9_8rX?Q=r-`_{?NUcGy>2Bg~
z-TKta(zvW(i9;WmrY<e|)I5$}6OW$H(We<w-8^+h0-ai<7%kPuQ%ek~*YVUcL+Xtx
z)uuQyrmOVD18z%;Np1$f?Hur4e1FYOi%Gu*z+4WfkI(UYwT}4CnWq*N54fKLn&XS|
z^U=n`pYm-V;)zx9+3)7rx5j6`mjkxP14?+gOo>>{%UvB`?i`-|&3M3F9MBqH?mZl^
zD!#Ms;{YW-$9%Ql<Lf9@yEh(Crgm05;9(9}9bb7l2eidkzEo{se2yy4Zh3~($05~y
zbiCOvRBb^6{=ltS<YWdr-h4%!mCW`@G0p64(lk(9*>Uoix~JbaZ}xq2Zksm~cX3p9
z=x$NgFnMSJ)A@@0>Y-Jy^L@0NQRjOu_awLyQ(*^{#=o43tuu0OTy%_NUayhK6xGSe
z%ob?7Q%T&eBN26oTrsF@PygRh>(EoX;{u`<kE?6D61A@!HFheKP8?0HLGxzKE{h!`
z*{WB7flkF?#V)$wc=z5Nb^11JwQ!9jqiwe`dMWBZTVwjqmlE`!4wiK{(|?|4)PMfg
zmX7!@T}uz0Pc6mr)q}`~zvKeqDQ|EF$kKCXF1U>y6G;g?OKa&z-H1{a+YAlTIQ4Kk
znUPUO2YOWq<djixiObDviwteUT<j*)&FoQ>KNk#RCDX?JI<G-(@ast%j_GG>_~ol~
z4R7y7i;*pUcAw%B%c}TEY~m+&)>ZtZ`XtC*)K9#dX7MY)`~0_I&lyf2JJPAgo{Q_T
zGj!E2AD+3Z=8rRW)pP$xU6uBtuB$%jd77>o%)9Ej_^!(2fUJ1H#jFby^bGE1@C;58
zx#NYOl3qDZ+?6!`+6F^%I!n$pg>TxePiC42*I-k)aF0H@A4~q7Dco1lCo?(S)yEWm
z+mOr-qOJ=~;g)bx?B#otCO;iXn*5U?xj#!D1qANXCp%bjjww8Cf6{0s-UCUyYS)3J
zjo)}spUl+DuD+)5gf@LLQ?9u(OyOojvcQrrHie%*q)$GdC0}X^&p4d4l@pIJANsz-
znRolOR=s!oBo@MHOvf+^Nn(IaCD=}a-EM&0O0Y(P-EDx)A=s+~n{R;4BiM3+J!F7A
zK(P4)d&B@MC)iYiJ#K(KO0cU4_M`!}oL~b9_PhZ`p|r+W2=*5P>;;1DzJ$SEHNajb
z*d~I#Wq`dwur~<yz5!N8uqO%DV1Ru@um=dX$pC94*i8i6W`J!b*wqC4+5r24U>6c>
zrvdgI!BPpf*8tm1u)Wy~cGv(rK(NgOJ7ItwCD>a8v!v)@9Rz!ZU}**zhI;_mLj*g|
z0P9Y$TM5?J0K0%-;|O-40XC3eLkV_?0XCFiX#^W-fQ=y7fh-2Q$^g59VA}{b&H%fb
zV08qWV1SJ$*z*Lt)&QGCuyTUkWPnX2*zE+n-2l5aMHetb9^r2EjBuF36+a|hE;{Xs
z#aohZF*SMy0PZJylP@iXMQ$KVzQPpVvXiYLUtG*+Ic}ikmz4Mj8LmT77KsYg8p_QF
za!uh8hvFkxjMd{@i8z-g;7sN?sQpoTBF>lu91q7~XXS(Y0cT_a&J}u`j}a#`0cV&V
z=M}{1lYlcok5h>_T@!EwJ<e^2bE+*K$E?T6N1THRI7ixaIK2_)hXkBmdYmKs0O!*L
zoUipbTM(x?0cVRI=QYInFac-19_KN{c`E^DjUML?#CatF=M6p1Sj1VGfb&;9PCvx?
zLjulodYoesz<D$QC#c8y6mcF-z<ETE^AE%+Nx-Sn;{*_Aege*edYn5E=gtJ2c^rqG
z^a~JYdIC;~9%m5Z+?s$ho8z#f;;(xF=eh)(oAfweB954VGg*)GHsXv)!13sDo<N+D
z2{=wY&hHWD;sl%#dYmG}>7RgeksjwF#OaZM<Iv+o!+?{TfYVKnvjcH{Js6K;(c`>}
zIBf|yKOfZLJcT$r4<?mHbJ~(7*Bg?V8s2pg2$F}AiiX1uvo&`9g=~#oW74m&_!0`r
zKLiUIU>}<F!S^%)v^$A?7g3hC3|Zcw;yM%TeFLnHV3ENjrWjx!nc|oFXCl-^Ofg@g
zKo?a-;=A#Z!@6$tB97y5JkB6JP8Q;HOTg)NM2BNVoL>`gEP9;QJvgihILCNh?11$F
z;_PB6W8Nt!G%3%IJA%Jg<L~A08!t1})7aQluJXmndEt><6I%B(FdoCgUNpp(8^aR)
z)w0?2*&>H?*|8GOxZ%DrO!l3|OXwU|LSxFYXn2>2fO}0w;NMcXUL1-KH^%`N@#+}x
zHD1E%IHWsy38;e#KN<(TikE=E$UOjI|6puNybx7xe&iGjM)&pxCuV!w9G(ujB8zwt
zY#@#u$~EQg2v=B59A$PV_6yPqt;X8^eTZs9J&m%Kf3QXME&Nbx-L;fz9RszZ!|i{s
z{5eWRH(1n4eu)1SPU)nkq@DFwg#Wf_sWy%1?%J;&+OJ;Puio0PzS^$=+OG`l7d<@Q
zq=f&(Xor-68Z4i~KG9%TXt41rb@01LOP!$o@@c<{>6cgDqxjp{5L~Un+}baX_UjC#
z;Z<CoGNLV)-QPE^qi+9bol~u#CxD=nzA|f7nyJc{sPm=3VjjqJP5Wgg?ILKOMRyVO
zy+wBsw9TTs2-;xLT?D;n(Om?+X3<>)y<pK@1pUFHy9lbX=q`d5T67mdcUyE9LAO|R
z7eU1q-9=D=MRyT&g++G}lx@*n1oc<jgLglI+8+F{sO>>E|HZ7k2vYb5yH5Q0KrRc#
z$hrRCW(v&aQr-dpUioxWuUC~-2XfgJsi-`2AeU^CxupwU@hD3<xL8>TzariEu-ttB
z2a0u!h0Ev6RzSIi|C*r`@n3V5G5lAF@;m;kOvyfwt68Tg{o$kH2o;Cl=^R+g_UHZd
zffp{yVg7-aEXpqaffp;vcK(5vDNH_RX!!9F|6rDL|KuNR8GXk@eTEk$%Cj7Tmm|vK
z{DYZYE><bPN-KCCyaZA1;1Im{P^R(^yzEdU{;>-4jOHJBsi9n^md4h9wF&rfzDg*5
z*!ah4CZFx254@OA4)71Wj8J~qM?IRSe7O&YkGKJ2VXdgI+EIEzRekAswNmB!S{$|Y
z(W6nH^CZUGJf;-YYtwG!J~qilVrVN$d7M&a#!|{CWx6q*1iq&&$)B-jqkl#Fu~dxT
z)>)Jn+C=#VyBI9WK<|ICsXixdrHT0v%S9RN0=Xy){>u}aii%L`5bEZcnLo)F$_tP5
zHn}QxWw_-7?)n2MH3crWP*>QgUg=y@;KQF5u_;tL=TD|U`cjZ7Do@xJ6nNyeQRbS0
zaWw^QPtAf!^gI;0PTeo{Hq{gq2z3)DRva=5bsKZHRn-fHEj8D9;(|F<9`EA6yYhHi
zX+vW{p?P$gu%ci*s#5>4-2q#M%P!>?+J&bJCdA6FeizI3#uBVqy`dq^azn*oGt4rV
zu%fZ1V4@qNMw>i>=a4Jo3s=p8am+cbv7pGz-+CRh6w8s^6^kwDP^-wCh0vlYFgjDQ
z?>rhsEA!_*a+-|(Y)kjC%gI2IO{jC3SKEZ@^Vuc+k<}UG`;3lZ!6}*D*P_*9?os8x
zzs+TyG)*qYtl4vBHo5xEEWO7cGsH5Jm6byZOtndY2kaEV@nA`BmYiYm3}T*T?5RGC
z)QOMhG<q^c6Mh!MuW6{2#<>g?rWCw_N^pN>28A6xkLeJ;SH9?(Wuhqm!%rQJ#zKCo
zy5@k%6pJq%yIaH5rR%Zj<S_>o>}(%zTGNG!#n6p<c=$e6&E<<;E<##fd>Lt(o|&<x
zH{rkkJWiv$E=O1|zcn~pCkHcYQP&`l?I?t3zuq9vmS)6a=M6&r7fT!-OB@z=uu=UK
zm8YTqna54ssfHui6+a>jifRuuWhm#JJR0TiA1E}@9m)ax1++f;0q&pcDDf+vct0f8
z>iL6t2QC2?DPk-_5AGbPSYqi~dcN{h#9_jqw%u{V4U`iWaL<p}em(2lz2l6mGblOh
zyfg2A%R09IPRcre>Y=jEp%cki=jEiV^WX8TgOn<lmG_1|@OOvWo<GX@D3Xq>@=}p$
zP2baSRUbyd<wIX$TqV5}&s8rWSM5wCu9`k5DOYVGuG-Km30J+@>&#p=P~)nxFf?Hy
zfvb9ITs068ta`5c;JC_Ff7z{a)pNUvfpXs0aaAQx><5X4_$=z0Q#xvOMyUgOpzg2G
zS?9CHAH&WHw+mU=Go_fGrAu#xbRO#Fa^)|q_qzTSO>BSE`tBX<yO&d_?=l8vb9{}9
zORt1V?@_t9oAQZ5T>J#_Oc_?`(2X0q6^G{vY`{vX%IE%KtP;<^%I~ns;Q40AkC&sY
z<vlX9O_37FIGQpZ<{2;G8Syl$oUpQt&41Bl+<p;cyb>~YqKsR4#vVK)`V%T4%J_sn
z<BO0{gbnxN0rYne|J$4Y{eRrO349aP_BcN28rB5a!XB_lfnrkyOj%RtGJzDTAeKca
zNTEo93MmvpDYn(dP((!^Dk40Whl+}dNCBm6EiTBS0wN;f!ql?KQVK%zzvrAglbIxi
z@_oMF^Zot2M>_YMxpUWZ&poSw{rbd57zUx7FbBvS2$Ly|nWrr2d{%Ywo$``?3!XZ9
zhh}v7-3=p!C2VdO@IwH$7byB|xs?ID`J@5<(LecABHW~cYxBG2F0cuP{9jN6P-Ye}
zaCH&pjTjEj+SSm>F27e|@>rvzsKKsPNkZHP6R%iweJ5o;%`RqcXGA30`vQT6L;)tq
z$_ZI(jowJNVp*v-(rptZ-WSHZH9@@Ffl9nv#)VKoY3DJqpt9x&sN29!^!I}?a@`g0
z^T5-N2#ZgY+wLc$1)ofnN`&M?+1GIW9$O!)^`Ff_TDd#fwF8nTV+!2dN7*_a>Tr3I
zT^H?OdisTQ`BxM8Cplc_lU=9TT*lblN!HvAF65O8-eRjLcf*tPKnCAGI$YHdgw)24
z&2mV05m%X{V|z0$cR?`t;w3SzX&Z1&IYZqck5!~oeY}cZw+I>>hLKmLH{?SY>%6Ku
z&hbk9c~x}{1rQuVn)4p}5D<PuuAAN1+lH$E0(Jr`S-~qw*H!{SS)^y)Wtb2%6np*^
z1e)D4xrNf5-!UEQ>AWgk_DrdChE5=<lk%Zili2GJd`y~qk^S|wToDW*)HRFMl~)zy
z?89ncqnSO9jVC$MCqr1B-=!c{XT|;A3O`6^J0)4#bb<XON=w@?Xn!_>LG|J7_BfV4
zRTv82ZV2*|UhIt~zSaNSTF3VOR6R0!_<{GgK}f1|j-pv+#N3R=q7X6GwG@-WNl%qj
zd*pm8j-q*1(S4@~0sB0j6q5*75CQVT+6#6#T$zw3cO4pHq6-ZeU*@lYC-*vD?<L7o
z)e@*<enZww3=k6U`swRqlwPQ;WN+&nJb7)5Ql09ZC_thi3=?3*?DBCN$oTb)w5xqr
zG=jw(c3V$|+TDp}#ul4%bB2M%?etgR1Z;pmhWK3@fXr<KAtrm;3tr-wVbSbhClXq)
zTkU0Kmi9Tw9@rr1k0_RHUx|$w1Lnz@5vlgFon(lT3HE?J+Ts@=#~Ze;9<~nb9;9yV
zyP_epRaKc%i~M@U3VJ<~UT@%i{j|9juWwwDq)3sdhKAl6*035xH;s+xo@Eq!&oV)N
zV51>_FFMXNeG*@16a;P*kC=fp4m4(!mvWbMi)>OAv|lz-nw5?gC=+CpswrM>s~8Q$
z7m+m@r-PWJC@KPdU<9-YIYg9ujhwp?T>9YGB%3Wq%4W+&`{?3NE`*d;#?NedG`C9E
zQ%w0OWieihI7-&IhCK5@&HyIH@cqL0h&1F29YsB&kEao<!LB@Uo+hPe7s%hvklP6_
zO7vouoLefF5*-T8;b3759*KrVVBqPNGaC}S$gPqwgH9PwRVk2FvYuNdFX1D?Q&&Rm
zI_QoSX64|#YaY5uzkHT>O1;+hlDkCVwfkX2;YW&M&&dsp&^({}BFF4i%=0tT$IoO_
zN>*p)Srb$<n%qD&qin@lYCn%lF<Y8EmD~2zVk#@^(^N)c<_BrT&KjoDZx;UmTR^10
zt?83#(tmgwjStJyc;IxUD#?UANyhrBY5b6*Skx%_-1wwh9n@av8mhGy*Km%TZhTR-
zpNm@1M1YftypdzSs>MeBm%fILyoM)6JwY?H`Dd6Rw%WMCS#4H@S+y$G?5@SCh~bT)
zOjhggS9)xF?YDWK2)4`ZN7JC)f73mFevZ62iceO0)OowSCg|a+_3<pn5`D4m3a3$K
zjE=I^6Ths@R&Nom-s)?(XVM8p?YsA<o1bf7isZR2`Jxtc{dO2N!p!Fyex>KP)`|}F
ziTF3>_x}+Qs5e`l=Y7A^44Qpsa7(Cap5NwJR$r`-04tCo<c3g^FldR(r@T}{PYQPM
zQtf&2c_@W=Vk3fl-(Az1BcHYkI_6%4{2xSSs$h7oU0bD46oGtwoPu8t_v7B8??|Nc
z)t7sd8ko8&Y>6R17Z*g+W-lZn1q0qx>e`w!E_tO{qKhz{ISi}s^F-%NfR$k8d`rbc
zUPe?bATJ|B{?o|J^l1Dn-gjSpj`%GrI@@l9{A$wvi|0J$tBE6eewpg~Zj+aB$}VKk
zozJPh`%Y_+PHEW9VuUxqA7D4z!8h>EkL>1BzK9noX66($$O)si6ZlRzWo>fSZILmf
zz<a_WmjbB=QA*{@fTqL8V5h?HHWn1_@7-pMe{?@!bo73J4R3)!+?91pGun{RyA%hx
z%BhLmL2lf{8PmaCk5P!*lwG+9LTtF|M~IM{MJ+K4iLe9b6<5mE8^d7h3;whU@NWi9
ziE3#%W6H147(dRwC%S&3i?-`G$=Oa2{J55{g5{CX3<)2L9?O=hdL1SxmdhKOdVB4B
zlzQBRdfc~6>2bnRatSQ6Mb4Qq(`$SV+vl(8YFFy&k!O=MT^-pWKvyw8q&&S=m{-_1
zd!AMGFxb0o4m5!t&SO2CXTo}&+0@NO)Xfp4N;e;VmbzJLi}ZRvRG?Pc5U`6wSr3z-
zgGsD^NzlEd0KJPUpMouJ+LC$)F^y9?2I$y;pg{6Y47;#!2M8Qg5(;T-6uT-<Li4d6
zlb*uOy5wnjv*JdIg3a3T+&P&auB#SbDwZh&E(J6d-f#(}nrA%YfqVKSNX<PJ2O($m
zHNi?WFvy)2zyN%2Rlu+GyNq9PQBBWjYI>T!GL2x%G_a)vyPIGyX<+{#SPz1&)WDV#
ztOdbd*T7a0>{>O#-qOI{zzOV8U4-NO_ERJ$wieq25(A!smA3KhIg}N3uhUs@?P2ph
zXGs#Qu#jIP*$QN|Pn6&aTEr)5V<OB?0lZYyW5g0(Dm7y?seBO0lpmtDEYP%N9<}pc
zg5_&qxde+Pm`ejIAXpoME!M!Er2e&~{?%9dcPsDTAJD(UXQ+R}^#K=><&VI2_<vwm
z-nfRJwQ4@wotpF{!TM@ov4I!T^1znu=gDHqMm6=&)D#osYpQhoB8bs{lRjsBarw6w
zeTDAj9Q-zbkNANXT_W%z057=Y3x1Y^rvdnJKXB0{lIU9{2OvD^hwzw!&=nA7`60|v
z5b6R#h95$vj8NV|ryj&+I9j(0<@aA!4`LH6juOgauBeL}VR2`ny!wh?7ca{#DBK2i
zUYC6l?!O`<Oa_D@el;}xQ$|PxgfPEUnspU~j)3r|Uk!JiB?OZc0tk_Qrhiri;b+DY
zmv{C<NT`$%wgE!VN?(MR{*Vz?0m7m`K#g8T+qC~NQock=9oe<4q8<qByXIW*@Z_Ax
zkGA4CmhvfJ(d9yW82-NJM}q04U%!;!ub88K|9il3ohXNdyycLvwxWJHgix;tEjRMI
zTqmU0+56?efbyrH`oIeO07ZF{7AoI(!si=v7+Qr<U2^Z2WS9V4bj2_R!GEYyJFgUP
zl~GEiclcD=!LL$*SBlBv&wrt^<@)Ul(p^PLNBCbBX+Qr<FYSWAxJ(XZaTRuG(N_3p
zGyJmy{`n04`HHvFBs~k4Cq!-y07!gV5e@&`LA`i3xHFEEn}n^>tD`|tAxmH{NzcMF
z@U!d}GTRk+oMECn+>@dg%Yd^GKq&pyidaFbztQLiC~PEmjm6*~jGd)WI_n}xqk9eV
zKH1#~g7`pI2;}g{kXium2qpXm<+g>$IodH;U2!N~72$#gmO-qKJPe7WsN=fbX#z-Q
z!+|Brspuejwu`-&)64uFe1kDT^$q#c`JITu#$;K=soPU4<HL0N?B=4|5k@g6qkQte
zg{dM)8sQm3Nb-DTqOKIe@^;mUTczMBB^Xa~nV3h`GlDY>bT3))?vRBE1toC?dsW;*
zXi{#nu0#YAS0v{4m|bGt!+OElM|9V9*I($`1$wSrk>PBVam1Lt1)o7&OM`u1MN4&l
zkP>`1dq+$OfZ2%FcU`vE*##*z;#~Xeb+(GGGopJb-8$Lj4DF9P{>HYoJKJdQoo#Z?
zGekn%-9}+z8T-ZCDl0G>8YLR>B4fDkGee^~Vp*I5voM&Myz*U%7DH#di9sXjp34|;
z2DOrhyepAC*ewid!_mqsO|iSOjhK6y=NE)btghdsXWP+Y7e)3@iaqv}As=i);&LC!
z5S-??(u53HB&n1d(3Aa$-TjD-?CGZLiw2NI23hPy*?KUxiDc`VUG;acmm@v6!Z=1J
zd*040_KECO<!i82eXm|*XJ~d`<@_x8Y(a5_jRAf}z(6%%TSX%HKOw;GRmF)u2bKr4
zC6&_X&5Tk#=%?d;n1lNOc$y!$EeE#&a3l8MU5_wC1*e>P&}>ZK8;vCv7&)s01`SA`
zYW?EywS&<URiiggR7S5WR^c7J+eJ2ds=<S?6V+oUvaw@d%6`3kEsb5t1sI70^$=~U
z5E<ZK2pFs#yCLBJhJd?O0K-!-L=`F8QFw@tLi0^*6eju&(o7Dn+Q`7^eqa*^e+S@t
zIEFSFEoJ;}-$UbvDi8DjY5Xd_`gg}K_k0cGH~D-G<2U5|&5hr|;_HszhT`jv-wVY)
z<7Z;y2LqNvgIK;h8n>~L4TvFs9&kZ;Zj@)ip9^=usSrrb9CMJ&!{#m{W7?l)T=2l}
zcl>uB`_;w^H;Efwd;$N{iLs@IygtYfRD%7UI~pTTcb3GhRUu;W?l0*-(eU0bG4>Bb
zUJ&ZH2BLs~-LlU@3Ma9sPp&lY=V(lP;=a}4o~lodJ!#0NsK=QR`j}Ho>_vT|;ta-+
zD0^8*6fB51L!*#rRuUg&WPip-8yR(Ee>kG__OkdW6QMAu8KGvoJ3h){cg06r5XlTk
z76r+QNLD}+0ZBw8D<Fx0BsDlt>9H4uM6v643R^fS4oIvG@w-`jVJh@^<l8%+N-p@t
zsRv`n(O*WhGq`uM?wZ3jRX?~WWIc2hf`z*V8hz5eibZ`rjS~dv`Nrox{5*>(*{;dI
zA-bwiq8TohB_a9OfNk2xc){-(bL`qg&oN%VFPu^mm~aZiJxf6NT2PX$r-qJYE$lJq
zt3<e;NslGrL9Z{4MlR#hMl`YQb)4PL*t{Cn+Z5Z%kcI58l84^~VZ&Cm;iQB+D?wC;
z9M<DkBKcqQ*<b4T<=kF}H3h`RkX;IGaG)VucVk1IdW@`L$YSWnjc`OuAO1ww#BQ4E
z*!cO5=Z&7V_9%AOC5QViw2y&!^AM=^(-IH<w?K?NYsfD`C;Mx-=s$&65AZ*>=u1U3
z8z>X=4zf1a54UfKus;L;(<R4lO*SO$5_M(Ch5@@Au0I`}&x>3C3}G)FO)mJ%0m?O}
z**^7h7TGn}UEfIe9fLJ>oGcpbt{oM@2{FGordDJn>we`rzcUWkX=xk;mvBvl4fZq0
z<xI)3)rR~d0+;YOiqg{TWu+7)zmz?KzTQ2Cv8<iE@$!ovsge$U%_u|O_AGnejx4t7
zGaRwk4EfIqm>oD`rRWMyW|glLiw43m?}*q{I5-k>2-sPTt1&q7X|X7D?v6ByC6&OS
z11%0$b|j<AmcoJ7(t#O_u%`*mr(qXH95XZ;XoITHGQ1Ru^~6fqE~HSn0D|q43ZJb)
za~#*eG**eOJQ-}$SW6wT^BKdG5AH(tyfSSsJD%MRJSyvKMf)Y#zf1e&{*__>#NL_k
zc0PV9i8?q(?%z;V_h#_kv4iEy>-Fme)~_Vqtt3^il31sbc%PDZm*%h@g)1EbBWWP!
zCOX|3?25+7bry(aW)xkGMAt~YI5j>ZG7Hj1xZ;eyMnpw@M>b?6WuW0a67eWTju>sq
zt_yby&pviVLMru9S+pRTzmEocJt^nQXfz+odWH^yLsRGg*vo%+vEP99T9^-zUAex&
ze1Hd~ajp9b^3WGeH`!gMAi`oi-jUFN3&JaodLOh*876z4N0(iX4RHO4xWZ(#fZ@i_
zY=ukRul5xn7cmc5KhWXo3M(D;$Yu!sW|V#cAu1)_8>lZG7)jIZnq?^+Xcb^8e9|Ov
zDTBjh9Z(u?H3=1OgI@{Q+kGNiGJf?5`Ik(3I#!q@(?=ya?<MKcR(&bAMk&OAv|No8
z;3!klyT|+5v;9rzNAn~9Z|TQB_WTv}BevvkLO<4S@u43dfAzmYKXz}wdHT_!E~6j8
z^@x6)EK|{sExTp<k<IFrjvXNSVckXa!?Kv@$Fg*y8%y|aVR{YpBh`m~v@`XUjTsz8
z*(SDt)%2qw(T|qz)P{asxTK*U4>J0JD;f>H-Bt&wdn={Qck%f1Y)AmXLIj3gyA3?%
z{O`Mb$PC$8OjVPa)a#L%d`@N_DwfI2<YFQ-o<*^O4?p&|q#p+l{=cOk_kHnK(2vWT
z{wDMzYm*QCnDhDn3jHYBa`W`#yHG|ywuce@ShHP4KNfr@(~lmkUTNiiq90Y;iGG}Q
z5&cLVPjn-N|BB;l$$$LVxEB1!;nlUFAM4KFkpCF}>0iWuq<$n5h9MsjVfd|3=07z3
zWp~sA4!F<}J&1I4E)h3+>A_w@{+;M8dr8EEM~o=gi)Er<H@vr%h{858Z$JB9pCIv5
znJ9>{mqbHSwW!-B8U|D&QP>VdfxYw{TL=zxym5g6EgNu~vz|EBlO=8aI$Ed*iYakS
z{W%M6c@Et%qEc*^=%E)Wx4?8zR<5FHtbz)dj(hBs>&ZydG5BBLC$be1G}!a1b=mcK
zEN`JOxS}QGFm_{Y=g@#uYICkHMRFDwUM5X-6xUy~SwKU3o9JeJ><p^&L9Y1rdN$VW
zBZWb(%=Q-e(<;Ef8ElZgggt9A<bNZRC$T6a&0ciB$>ENOsOZS=%l4v2tE95hN)M++
zY|oZvAX!_E?<K6X;|2HrmG&ZRck-^dLa>iSIY&|UYLvCWQBo9|@i7u4yE`!w%@gdd
zv5{>3C0Zc!u$9ad;&LBl``2YKCLBX5#JZDk7O+!L43Kb4EK4{`g2;p_C}(Hr{Z$~~
zf`>G$L|2{&&X=sg(8WkY{%)Bp!O2zB?b!M>RJ9rzJ;MH-*h&2ZdIbG*^mf8)&vSYN
zJxq4ZpdKPc@^&$~XwGW1fv<#Y5K7mQUDIpm+F~S4)Hfhba^L)@6LyY$7RZyjZ-cZH
zs$wHiD68mh!selo!!;fWlto3LMD;F=<GV11Erb}8P`>3F24A>U$Ea3=Afj58pMrNr
zp9le#Be*^7+`%YU9rUVvn0-+CbvKc&zFUZN^(Y|H_3{`ZS<ms`BKBLeeBtl4pa0l%
zgZ-S_uonAy-m5pWpOa7jH}><TZGXvrUiRVNV?P@|^x4nNxBc(#=T;y8HT!wkwRl15
zTYV0<;cc6I_VdLOWk0{Qp6%zRpVNMxwu$z0`a;^zyHjZ&@8rLqr2g;h=k{OTU_Y;|
zTZ{et_A58DpC9@Czp<Y?ZTU;~^RD;)9{bt$p3i<x`t*NyKM(%!ui4Lem)U-vc7^uy
zh>v~tbH`7V{e1WXwx1J9X+OXGG41E)9-;kwZ8+`Yi~RT0aG(7w`@h5DA`eT^Jx7m<
z57;s<AB{u?y~o#JfmxdD?w?%X$qu)dmAzkYIhtsU4o49oy5((?-Z|KlD>@$dF_N|5
zkhpLMR83Cg6|%duUW!NXkJ8Ecu^N4dkN(YVfNgGcK$~1=$*HRIF0pv8LS%Ls@*NoQ
z=38jKzcMcGvJR5;=Iv$eiqeZ4Ur-c!-!c;OyQtg6NX+k|OHwp+-<9E5+TF>lV{F=w
zz>u@gvioEGV0&2twv?@!1U*|c!Fq-V4tv2SQp_dm8H%iyOE3e9nV|rs3I?5AvYEkU
zja-5i;8q3~0S@Z8WGjQCGS2S0X2^d5|2X2!&&*yDyp3oS5&<Qs8jLXde;&)tV68v~
z!hYXJ1lE8A&<93n8vs|>tHqTb)-kplQ`l}zNshf{D9Ay5AiLi~Dbk)rFn1(BHW=CJ
z2v@f*iMNi%XDDl6lH9-~rGZIG1BbE(Cdmy<QW}_~G;k<uU=nX2TYtq!D_HBwSX(X`
z3c%7K85Hi&{7>Ga-N=Z03*3oCA@3ly($ReDwzCU<05xT3CEI;xD$jY8<*1I{vL!`;
z_&7VGF;bJO%mFT}#~rTAQW3W5PPXus`al5<Tj-AWXlq`Xt6uTfssHW(^>;&&QRs?o
zX$%xr!<TlwOJ7<t*T<h)ME&(Qw9lpS#Xx96du;_bq+qbciA2AXq8|10M6`3auwhS8
zLh(b)qEnwo@mv&gW*LE8QDpxUa3a83REaGqV}uhNK$h|pj^u41HB9Ixpnq>sw+~MZ
zCOUFj+SMOS!UjiHZqqs2i$zUrVp+&ON>7)$PcM?dL(D5>+s?Vq$fnfB_AO&3%8cNk
zgJF>_7R3ZkR?#^`2#`!88dDEIU%^aEB2&4AiO{%i$J3MKhK&<1`8TX#?HUHoY2%7w
z0(ioJS3$CS23womhW?yL`j*pD;})0My56bx`yK^vxxx3KwK4C2V?O)Z?X+lq>zjlg
zFcx`Ez(#&dTUDa78_X%I<Knbr1kuz&#;bty+H+vHz{6i1gt;|eo~VrJXmqsj>0{H{
zj%lh?Z&6Hu3H>05+7}6Z%z3}s!#>*2`_aeE0Y2KS_7nNMJJ3Xq3{qB+!<`{9B4o&S
zA@?xHjB+%#iKU8==A1v|qb;YHLwh+kU6}b1QWN!}=}P0Sq}9^ewbdRTV1ZsWaX&Ef
z*aC|fzW#xqO~qUaV0yVauA5L^z^jks)lcHpTjFx(NBAcDWAJ*OcyOn9rBMQR6q47)
zQq8*PM73R>kfd1`#=z^MZ5(W=zUL?KnW&bQ2bu{Z&cys1&xBE`|0K<XHmFSns{qb`
zD1T3nlY-2jt4q%b=>H*V{XfLKzQevkWB1d7+SnZ;LNeH01gq4*&JnB?!KyW|D+KfG
zMp&3m4MT&WyuLpZtf2;0mtbWCYpj782=+F?T4`X-3HB7h%o<p0g3TgWM-8mK&exd#
zvnv$C6W3GKvoS*X$9~4*o35y0fqnxxZ~Eah`ICp32As8k6Xa)=e&kP8J&OS6b3YvO
zRk9k7l%@hgqpQ9M&a0{qB>~O^Kb*tY<iJ3;0m2v8d=b7;5JCZArys&+93fTu<r#*s
z@fyZ}t7s1YwB}J9jZ(&n7+j5GN$5Rt1&P1S6+J2p6`grBPS~~;5&WIVik7NksnZH2
z^eG&|rWF)wD5X7_Qm=j}R^X!bzP#wUhhhWh*GytrNpAgjd2qRK##LJ|Yz)MJa<~_m
z9q!4I+MqFZ_JR^L#=!0is(3LeO1zl*5n@rCB*se4W61?2+4bCaR~60lxE`visJoGm
z*WFbG`ypP;e7t8v+?WrZj!~)yYrcxtM0XOSibJhDbPVIn^Gd4VM#3&G7hWfx=H%-b
zM@G%A)np%z`owCAtLGC~=SR_1D((BHH?Ypku@G2?+z=_SPUAt>Jd}yZhHODzjwCqS
z%J?G@f2j)pXS+HO&nlsofp}W^#3%aq<ME7IQk!@@uf0}tJRb3OipP^OBi3g;F>)av
zPmE6j<EbYL5ozHn)bi=UPw@UEehjz{OC!-^_D%<yY{KOay>q2=kejrq!B6*7*fJ`O
z+dzzo$Km=zS|VNx5L{v>9w<HT7_0h3Wh+7O4*t^G4Zgmj;iM&hLHwh|wTgfAs{eTB
z^}SdIhP5@-&&Z{R=u5bi&%RO~>QN$->7`p<Br;-@mPOHgt(+DsC|7Kww2&9OrlE38
zj(-LAhOYBs(S2rcY&ls`$#|pC7uYNm&%pB?qg_c8w|4^L!#|)rMCUDcQ29|d`o+(w
z@Vis_m~pJUfeODhmEV)b%3G+)L#TZCcvhaPs^{dkPC{;<2*KHfr}QjbiSs@8nCRMo
zf4bw&g4nLE=&D8+RL@>+G0CVz!}tq0K&)fK&XBdQJ5v*ntrqLqz}NHpD=N{{Q%wPI
z|6|0SxD9<^nHl0s82i(3JQ#~MXaPTreS)6A0^XCLrU@_CmL@d+OX<O&MYUO<OIOxR
z53F5iA=#$-(SsU^tMg?qaqXW5#ImP~Sgwy(4@@ohtKqNNuf5#08ISx|Y95cs&NLpD
z2Wvkb6PJ6(W70SnkG87ucw^vyZ#=p@S)1{2uBdrDOp!Dm<|)48f${AMf^|H=YE6Ta
z^it(@&f4wwC-L1T57(Rl>fw5>w!`Jazx*G^>q=p5#w-41|M4p7;l3Yze|OwZzQ0CD
zOo&F^7vMxZ`XL#0r+yjfrQ(}zqru%iIo97^yXGOi@Pc=}rQ-lbss^xU+<$MqZG56O
z;}^2L=JmF^BMr&gNwFIFwG!IVyNbvfi%0hjlT*W&6(}KEhh=3>DYdos2A$bUch3kt
z1bM}%r?H(WG^<f<<wQEAKk`eQ7N|O0j{cfiK#>m0Y^|m^d-dX9P-=Gx<f&-FNDWYn
z4I{d;e{x`DRE#EW$Vfq4r_l0{4s7bg&-$p>D?J*SI(w<%D!-V%3cUO!_G*AMYArl!
zH)JKwYMPhBFiLBmmOVt@c$#h;{nBH-D|6LrvUlwh9Nf+e)=M*aVcm3%yi@kSKoetN
zLJ&FqXMYN?0lHKi>lI1dwh|p8Vn!#?xyxCG;*E@DV3ly5!B|_KfgC=-{=4@DFI&~>
z1n~{SCgOhc<(D=eM}FyCvJ%6U^FJH^9lm8mZ-sAp={NfR*AE2zejob&<WcPV!&Tp3
zSN!jM|3EM0`>pu*htc<ef;%B<?I8FfN)mZ=+5yGL!HtJ<v#PucE7!`mue(2Y2iTvT
z9+Nkb|Nh)6VBSsIh-Id@+(&J=ql~y|9j?nh8}j>wH?<+>`)tV1Mrt<Xa=sxGHpm<D
zrB(hLa{5SZ>{!i)th*uLhK#JmhHST3-jGcf)8=|-ylO)lSIHZ)vWUQo$6v>P8uj-V
z>@N1s95a})nt{qka$We3()-U=dXn99^lXTO>KF>({bct7cGNVTdnI0g6nX-fHjY}y
zhN5gM$?3M5NJmHUsv(qRQPW#T(oGFxWg0(iCMaQJ&N#ZUg9j`<-J;|uf}ocu6@>j1
z+dM!ZsP6>w;5D;T?dMcD)rP4~wX|Mzs#)<=TftAYNI2CjHJ)n53e#VE|2~}SbG}8Q
z8Gz6E7V#XOZ=&`-_-pa??}LIziGR+%QvOG^$D`7z3X8a4NqW33osf&iscwX3X$CKz
zGY<B4Zh-qxjr_!GPkZ@^Pws<}pQ{@A->m;Ve&WFewc#h$JzFzBk=llaC2ef1fDxOv
z*RWsyR`Ro%kKT;@Y~3>?KU?$6_2p-*J4;Jy>i>1tNB&dZ_0fC;tdHiZ^-<dMzqdXH
zJyNUt@6*@0|F+`y-!Z=To9o_c9$I|8TTR`2VUS8ygS4uLdXQeJ?I5-Ii{*zc=htSu
zCN8OYy!0(;yo{q`{rH#p-y#3<^>B7Vu2b<Z7uF&-v2d`Dyy*y)r?Sy1KBOw&LFFwN
zDJuR|RlbJGPo#o8OI5yf?Z3kxt&dUoqd$)je{|=l0Qa%$u7~l9uD2du9|`MWqiQ`o
zedpg|J=A@;HtS*d;+oe(RdZSo!pPdoOS-$g^dtd?CPp<hv+wxt(UU7VwYvWo)jS?j
zGa8Sx_W|<;`2wDU<@z-5V7c^8CnaCNb|3w~jh?UT-<>K4F9<i7OyJ+S;-@|sq^GP*
z|G~R>9W`<<u-C?1@PHG4@sw`X3jOatzARq)NsQShy6cJVsd@<d9f?sWU3<l?QaBi|
zY&}!o9#aNPpV_rHVu4|O$t1&c_W!h!bB3%EVG{fkvwxCdMg!}s@x*gaGAsbI!}gcX
z4=~JV63ZTkN7yDAoZBYF8xEdLD5!KkN`W3AxC|pA(&=M;1gN3%pHRb5aMID+T{~6%
zKc8UO{9Cf_s=fV%!9^hx9kH1^h3u}NeVfgy0&@!N<L}a~tIm0#s<%~DvF)D{SCr_P
z6yN@AoU1hZ1BMWfE!sNCaIl0O&8_UZgLY6p=WT<~JkSM(VJWwABfv<g-z*&f((l^w
zfvzG5B*DjgT;{yZU2^^Tss6F1`3V{QpPQd$tNyR^Gvr5_pAoD6?fJ=jh32Q;s{g?J
z^ep;o=4b5Dn&xNX$p75@RK4<lou7Aqp!r$<%D+87Kfg@#Gxe4K!2CS#uI>Eb^bA+Y
zlpOB<qWca<5qf2wU?)H1?Xc&S>Ve|Ed!&!Bk<8OP===7E-Bn^|2TI4NYks+rvg^x?
zGTPSV^-WrHz1!J>ePk+dcxH@Hu~Q-TQy-<Pc<?>`{6Y>Gt-^`|Tk6j6^|JT~Gl~F;
zaF{PiSL?J8T$vFeuwwKWxGknqx+|>>#a_cx4{S2?iJO@Z;jH2#L<l7+RJ3N_i)Z)x
z6!C#lSL=lcvFGg!VJ|pm#kubnT-)-F2d@rcL!M$tIKZZ3xFLRbe9;75?B~v|U<9A{
zQ`PE_>`n2m<6@nCu;j$NW5KR5`6;4n7q2OMeMP63%GDu|!7bkPlT<GZ4sM1CFGJ1P
zs&Xe-fV&gfq-W{#*mYQknGa#rSSz>bvWJ3Ste$l#L~5CPEA%)kmtkQB1q;T*TzVUi
zTlYKbyd3_=87h5W5RG=mc{_46cj@ERqWhML)fJ4N+g@=C{L_HXiADOCwu)s1bT>*%
ziLKpzZ^eJ(zV}$x4eom~>+xB>{}nHgz3G>jR0r)%Q$ZT@(~Hp*?vU(F&pFs^_I(O%
zL=#^Cd(-e_*PIlGtGB<+sYe=~Ph;46C`z1a_})P~_*hqONrUe_^dj0>%ip^K-`l+y
zzt{Ffv`KZi<}prro?bfOfwWc5=A@3zF_MgEZ+de`S(6<SQ&JITSU=DPc?}tjZtHNJ
z^)`@O#(bC;jg~R<hA74|MhE~4`2sm8ZAdNW|G#qIe{A~A-1m1pM)R@xvFqRWhv9h!
zmy!`Fz;`bP`&c%=+vRwJ$e(_HH_sD>{HgeAC&6!i*>GiXslI!T-e3&vwJc2lqL#w`
zZp;6+vA=`(-xdrcJv_ov47aU>m=Z~t3NpVY5#&(Qd7rrTa)^Di%3<hB3fk^E3fTYr
zgWV+EeIn2jJ(=<DEg(J=tVKOswDQWbSYh@VKuKoXTn~_U7eeU1*?OR}X(325Lp$6}
zhL9P&J!y6nPNKLMrIb@14A3mz7z=MqQ*2E42q4I;G1bo2eEeWt<-lo{SIXK`4eja9
z+EeL7_lmZxJ#2ViOJT#iOLZImZ566CEP`_c5Js!$&LaY!!>+5F=(=k2y{@tsY=W~R
z!`<M;-B2U0iC1o}ZRL@*t(>j5EH!~BlV*1y_mk=TcM|^{+d<L1SfrReB)&FDo%YZj
zd(R+}ZnJCm#PDkzSeFAo7^KR+ckwGKeA)ZP9pQA#dUBAD{)xx8VdH*rC>!@Zf}*>S
zrmyS-Zb8WcCWLzfrUjf!Fd^Kp_pql)L0+Lgg~2KBwNkC`p#5S7aYYAtznE5b^2rZ(
zE5M^<c-1Su@L&!6kP4o=fHh7BN`~|MIF77%d7q&zK{)7ZPJx6aP6d93fwwPF^f?Cj
zL?0D=<|`;U=?>-5s`62<`1h~>y<8bY`S1MNKjdC@ems*OJO$vZl>V>qh3^OW9Hsv%
zxW=Dh19}&-L#5L0x(fXG?ek2mU?;aN&aKy6AdiSjcS`|_rRC3>1io=gArEc+@0tmu
zFABlWNpDY%5p0E-5kZAxB6M5{l`uVfnxZk<$rFM=;y78zP;|cu7_?M5^)a$7lI0PI
zZtxl<Sa6fQG+KJ=Fb~ICw5fM3$8^o?xda1k=VRt#Oix^;BTMeEEqZF3VKV5g(@bLV
z)cEvCm{!y!nv|9e2%~T$DRJ)X5b|N@cDWfg0jt7HU8s=2>j!Iz5QJYe2l19f(z7Lq
zT9OvTTapn(EeVwqxD-sHpb}#7_*t{kXFA8thL)7s%;PhscvBbb!n_?2K-6`J5s)Au
zdjO^Uz$oqan)toM!5Bd#z(q~F4_4`l(msWhqFh(B{f=&=5OVN*PtXaG*kW#YUP>8O
zuqP59OM!mP<i9XHB1BI9vOS%0K$i&Qq(XM;zKMQ9NjqqR3AIVDjE>PvBn}JDLPXP^
zACVOVX<Zg!O9~fZj%{wmADTKl4Lg^{7AFR3$yZ!0mLb|2e1@bj(C)%~%(l&1zZd2q
zm%>a7&if#@OO-&mT~-It+R}4Z0MK9XlrVq-X8Hhv|KK$UX$`Ov{yn2k`G5{a;}D<d
z;4MZPrsWfr%ncvfDRYA|I$c6&bj*01(g?Ttx_2^8O$LU6hLA&-E1KcVS!K6{RNmG!
z9W@Z#j&8w~)^T@f60TPZ_h>M|z^8#90lrkUh~ilvFm~frs<ngf2g|1Yta9uLTYF{_
z(P1nTR(y;`R0tMm0QAB5Yz(G#VhiT$#44}!mmW}36^(x&BYonySv*zIl!w#DDMN8j
zFb#zf^VegD>q<#r9XG6x2QpH>ge`8j2#dQ%<9#WNnH3EQ=V0QnU+xqM$1ohf-ggur
zx-d{N2DNrZ<iI%Pa<&B4H+hZlD9f;b_+-QJjbq6MaW!Asl#z#x<3`XnOLI-+oI@k3
zj2}b*#}q~d%ef1)5h@mgX&jA8ZXY&kk$eVIX!Nq=(afReTt1p>;TKn9uvj(_b=zBj
zwn(!VlWQAT`D6XTVyFctY#@$cA&%fVX>2_>!x_)dleJ6T9;4XkFuRhOKfpGW8uJIB
zbW#|9fO@3M3n^ofUt*%YI=P?f(gVCy>o#&kC$BAa>2Y3a)09d&8h3PHn71%chP<En
zi=w9V1TWRP6`kUxDVoyryj1J=beWfGvnqL@bm0ydYXA5=VwnI(U#YFNP#&SlS)j*a
zvrzsoO|hINLPOaN`5mr!JmurA1Wt6KDK=tpq)@))Ps)GtBKn|YYkW{1(gjRS@sF$c
z%4T|HlIE2O<kGT|U{f`)$pp(MSe6EsNwAEXn!#WWf<3H(%_f+IU<)*`c?4@huzU?H
zmta*dAk3wK6%gzQ!4_*^PZF$zV9#q{&k*c2g00ZNUL;r{!QRlo{^{rHvyr>;AfauL
z79*6e_H*Mo$`ePVNhilKggt)#Ij>)p5xxL~=ly(dUQ`g?0tB}o!cz)@3lMVs5b_m-
z3_!^CLzt@|Bmu&MehBjvgxdfi(+?p_K?nte@qP&DS5>Y`KaFKL!~AgWQ{#LBI0=3@
zb~VlmfOD50PH&EbG%Xu&I$uTGpqNwTpCbK5R`-jU(LzNqUW_=+ygXk;Gf&P}(aay`
zt7zu_`6`;ZlRw}hSUrWY#2@J@n)6!W;E<l35<}mKIYolb$Dkk-3mp8@bT^waMK((r
z$N#cP_fCoNlE~EgvfWZYjvz|ir^p#Ay70eJBs2djRcbaR22+(mTfqT+X^AcWRCYvu
zNw(S7pC+$t3EccI%&YVy$6m@lLwC(@Ge{~st&ehvv`QtckPT*vM;_KhpTEkacN$;d
zCH)lGy*2-(jAwd=-1N~IasrOKc^k@mD{ZhyeR$zFy<;)n_1{+>b#C;{$fLSvkvu9Y
z>*nN9^&#hwN*?9CzvE37uIX(Uw}eTe@S2_iPced5mh$2fywj%&&UOs^0DyaV!SXHM
z$*|<WwgKgr?7B(3mP*9+%Hv)USKi}Z5!d9$Wf2##uxcS!t5lFC4JWO!xkf2h1{W-C
zJ_>@R`8;C)h`Danj2EnJ(_D?b3seHK!0VIgB=BO5x<%E%$^su5oJ!_}DeJQDt6AnH
z3*g!x^%20C*!qHx7Ut9>f4hCUEPo?zR*xKNXu~A(9ww&t1hD%6wWBeXR}gn>#Ek`U
zi+=DC#N9f{XS^;+(wv&)af_#+JZ@1UTO^xR)*~Yp|1Znq7;XlyJgc^q=hRx*w{QpS
z3$48G@rESddzAmq=D*YV?<D>^wxL@7w+Rv&ap|4&{8bM>#^4NTx`~d645{8GlJtGp
zQ<3zE43~hXHxlsqo(f6LkiO%E3wx>rhE3odR+!n-M_-|q55~bdz-u&@4-Q#`GO`YA
zy%yI~t&g5m-VBIKJ5_mGDsRhf&c#Mmc^H*9AH>QBsmf2gkydfSHV}-VF6cO6>jEa{
zi8?>Zwb8AX&nfb~0YeyiTW{OTpK;?i?NEM;s{CPhAbV|2>)`HbLNA{DJ^W^DkR@dc
zhbvav6J|`DtK5Y@7ZkC8DwShAdDvl2c{CD^EM@eERnXwgaKdMo`3A}SZ#2TzLFVKX
zcr}GRro!F%_Fv+KjX|95m5hmjTV^5d>!Q%dlF3xtOs3k&MC7FxpX|ihkF&GTRGXG7
zH`RU#Ms<YhJW#>Q$33Yw)mCmv?YuVGX6dC_v@(s-!ZbR%TXc^VxK?a>8pSs~u%D33
z(wH>aYx5qC{`;M=f#z={G|a7<r~NKjewz*OP?*Q=D)<KsPS$osJys{9pV64klsZE8
zGJ*t0QqBVMGCKE<NMX_vU;82D`-hW#>c0oSuh}2ZO;;RGXn)-9QlGV7CM!!&vtsow
z?^&y<FSRv$p{1(6qlN1F=GRc)hQb=^yA|q-RModwQ(sgK^<}8)lSg!f1BVhu@qQS^
z$VV}yq|iDECy|80C#093kHp{S*so7KeHc?#N%3u}_EbNiZqIRtmUWTabLfd0`uDSM
zeeY`Od!~l^3TvuwBfMZ$)i+jC-+&tGv#RUk_81FK7J9iQwD5B;&`S-En=o<nNlr_`
zx6~n8(j!HdvQ3!lOdmIE%EKUKE47)uIbx4;vSPBA?I7=u9VU==>$iYnQo411G-g^i
zJ6slYG!R{)zLafVi~-1)jQznRiM2rR6aKfA(G{Bx=#mIkiR>{2$V}Of3YobijZ8%{
zlgr7>SA&Vnn25~$%*o81k9Xqt9oGybGll$A<b-CPLwg2jG0HC#s7Xy7BsJ|R4U%$Z
zS!T%hq-JA?cDx%ME8qKq$HX8}ocdLz`rte{T6P&ZKAPTnINC4%lzP5!vT_%&DZdM+
zZ1gdjvPL@W{X0N*mI^g>qZ{i6dX&K2a;?S4A@bZh$4`c-O^3Nv=JnU>&+FiaqcIN;
zn^$YVc|9EDo!7BJ+IgMtGp}cUP#qr&M`-3XV~A#6OZmKx&X?!){b_#l%Bt)uBB@=N
zOfH?K;>MiV)`c5(y@!d|7CaLv1Q4u+sHgYtY4Y^mHHxNcPdDWxi5NvE$)Ybc)7xN_
zJiWpEotL_4{M})H8`h80=YOBwr8G&e!~96l;D09agAX@o8E*F(d2G9vChCR!@7a}F
zbsh57mv<$|**fov&e^D7e|8Ht<X_B9W8V#rDPgSGUF=_jG0e~i9=-WQ9PYc~4C}`l
zSsVJY>Ww<PJIwALqR-7?XSzEUd7Wv%3f(JkUgsltdPGP1Kk3k8*es(@vy}Stt_05+
z=Gx2HhvVJYEIbghklj5!$5`X~vBp*O5Z!IT=meM3)j83E!5D041W|`zEg9{uu!^Rl
zyFb_hHINpKj}|JzM0XhWN%@v$JXQUPm-{2SbM#X54<-RR#yXW>g55%je?;!qn{eP1
z2)tXmz}?cG$J+kg;?uwBIlldCeS`k3NxO0XRQX>%>Z8v8^1Ofk7nOa_ZdAoyfTm<Y
zQ=XpfweR^2?R(0lQxBqj&w)9xXoA6gY+k%cfUCfrcf;?%6eyd_%lcDUs>3xe4a$eI
za!d$ND&=<&gu;Otc1mIn)<E0hz#1snuyo**8ccxJjw3stoGyw9P=mu{0`wdQ-QR^A
z=KdG_e+J!@|Ib+N|1-AM@pBfQ+=b+nT?QTQ>3WBIcA8;*;*`Sph%gAPxNQJU(!)bd
zn9z<Dy~m55z@i;&lOzSPfxskb!wX2V2a2(e*EC~fa64TNwxjCY7zdiNAVABzqIb5>
zyHeLs(1t5gmLSFc4KzYW4mA_Xo9f8*aL+6gs+T&G-V1)$^4}8vdzSwm<G*yTS&sPd
zyPE&5<-d5#E!%3TyBxe3ji9dF#a{)_@JVG{rwk_tg!<C4g7X6X$NsG3e=;Zp`$8+n
z6p&}ocT1(^8=5IylJ*SccLz9kQY2g77(Ydi^FA@J?^g>^az7<pExAt*R}W65G~w-L
zf)WG{t3TU^)YbTHwLa*FP-4H@Z3(6$dVOLHMr_PQOi+Ti%$mgRb;;wEW7@{9KgmE9
zFgXTju0WfMSu!9xB<bNDbX`jYCL#^A`=Hamrq=1FeA*7E3`%ySGq-eO>*Ne6tmF`Q
ztR@R7%w*mEG8)hg0-vK2dfvqcx{40)*CGUNFVR-^BmOY~PR9(^oz`>FjKeuo>CY2f
zuW5sYTiKtiLLy;`UU<J5Dl-LcGhx%(Oz25v9w}>LE%a>V)*Bh52hWel(h)C`1x;!r
zkF+C!3@6wK&xH{l>}7E42a~mg6#^9p#kre2!IN*$yhsb*1Y3?Zyke9>p{{!jDZF#2
z9n0i)t)%DGyj_RLs$^ZnF+NJI<t7!!$H<eO2~8RyPkOvzeP%?Mp#T%tvyFgn%DQJ-
z*x-t4A0;na)(VNfs+TQFjHGWjaf=d>q7M#_XeD!pz2jx>FnN4d;*|8vi5l*(BmZ_v
z5Oq3*4bD!nD5^luD+(7~XIM2C2F3stO2|LOj+dAA4F+y+wLJ+!2b@hVnqk6Y<9BKI
z;=Y1i-Ui2zjI6<ki>z%qa+`DMxsbOR*D513AV16TQ)RzB0|@I**mPu6;iJl?HT}Ev
z?8&Q&DjPZ@O?aTv14quN2T0Wd(<&un;Rz{$7ves)K0qpDt?t>%RlQmph<*W8$ngR7
z)Ps1bRyCaxP=!1qpssvOKs7e%VKMYG93TNT&S)TDYbBJw`KMYlta!siu)YA;KLjow
zcP*gWdIu|x<7q_guIRYZ_-K<*Ubh-G$PdpSUt?g$u>?D>ft?}P0D@I%U>68>8^Nw=
zV3!G2mta8}?Q1o`PR~PFxCRzXTHE~utFM9S3AUbKO*Akg!CoX-YYoigukF1iM;Plc
zAVw&E+b_i7dmO<m=>TD+AHr)2!m&7p@SGpQ3)kdWjavZWNk4?e3c?CNSm1|{#}V|>
zBY@!aL&&*Cx>4LNBLQcUAI^hnoF0Ia>W6cpiawN5(NYWes!H{8m5sf;xk}OSVPUXX
z=_wzFD}Q_Wef)PQ|4pJ_$X?v_UX^|p3Bky5L<sI4ry>OL<A@OS8K)uy(d+>fvA3vS
zuj>G<C22^j2di|j>ky7^4^aK_!Gy<SN`5_9*2;c1I0jvpvPcWMaj>j;T?+vB#E7hl
z{#a$j9{M>*KZoh3n-YH@cd)G5oDJ=`7o09q6b-RWN*gR+R!1n9j=`kKh5jYS{>C-A
zE%QsVo8kR}G0RI}9J-GM{p|(P-x{T+gJnf=y}@+veYLHxf6c;^6d(6|?t&?TvoqLP
z4`lbReu7$f0VrMyRX)uL@{4Nw=BXpbXAYm6l@3QtC;6;;sxO^YcE->N7lRvUPO3FJ
zl4C^L-HGhVof9Ob>}kdwDx@B(`^ffe7^(z=<>!u+^I$a_7{#eJ2rpFOO&}miBqft`
zq2?_fMdN80sU(B_l?5l%N`W7Sx5+L2wGXiw4p*ADh3$33U|3iSQ?Z5be$|YJ7?+;?
zS09;u^yUIQnkq}HodcrqtXwTncqC-eFy;zciLIrhaxb!CuFVmL1g|+}DVZID&|$&=
zlCfA(2vdB9rb4<jvlFtiP`NZ{3^B!4$u_3a-zjUh@7a_+*VkGrd%o`pn7zPns<#I?
zF#1*pJV$oXi6PEr6g7L0*Zs@R3h%_i5#GXkSz%i&oZu}S&kE~c;dF1|G%bmV@W{bt
zm$At!Z|d<SPED2IA9Da9%nu<<K^OrDm#Tdcpaex+QV&3osudE3Bfoc)Jo2TZWTnQM
zB(nYJqByj@$Vw_&(B5yW2%_?#w6C(+Ez+zcd2vrkk_pN<sElpzcJ!6BQKXoYS}KaU
zNU3)c?dPvs#>)9A0{fS2%<wATS7dl~+mB_`<X^JVdNckd1Gd!UU$S~+P5SL2LskAI
zT)7<+>E~afRcqG?)GQyh_D7#y$G^lhvL=1@r$bPm{e6EQ|B}aN{4eXX{ryXtouxcx
z4f$^v|E)fA-m72Uw_NrwDO*kpZ-z<HA%}c>l>^`6z<W$8b@6k&u&?)x{ojxVxr<3H
zPanqCC>!xRV8j;-UQJ4q>8O2u6Uxu4X5#8JEHALJ@{d*JzfgI{I949))f$X0|AGM~
z`TAo7F}hmZM&SMutEc(;QwRgN)eFK4RdAKO&mHbb$wE=4Efs}+N4ccWbIkX9g)v+?
zNd6zwYK~W+=o3GLp7ipLNO{mSjX%m)0H3ddAJ4=QxD%T0P?dk4>F<v+dH`4SQU5c2
z``=pwFU+jLp9HSZ=uF}P0R~&RNh$0OoDme4d##RPX?#Q|D@o1G3BrdEQgVdRf$Qwy
z4Oup0rjy;HTc>-44GY<hkNKXe*^W$t>^Xwo1CSRs?|cI^yvK=_I`)V`2^xEYk&rcU
zXgK~soP3|njGzncVd?4uxX@nZ?g~NtfG2$i`zsZhg;El&usW8Lp*ULjbJg3%?(zkE
zU`F}_Q}1<7;;J{R()>SkbP30I!IFLpjHR?Tja_{ix4;-qJvdyO8Mnd6P7bmVA>a@K
z$0x7{wEshgqB{j~3+!=i2t95fCZR+?CxkT-M5*XkW-1`!^A1IMb4J?H2bDKGFU4~5
ze^AGe`}s~;s?mBDo0P=t=?^IVvGV?q(?n*3k!0t`KnPq!P7w~56?#L8CSqVfzr;I0
z2^T`o@D4<h&;ukv=tV*Gufbn%DxgO8cxbyy`xHza$l{#Qh5p1DMIwzW{v(J;`wvry
zGlG^%mSJ=kfN79!9Y)kFQfe{G-@-h524i?~YGQc8kh5tklxN@#nQ>SEu)A7Eusd>V
zc1QkLbD>tWkyY0MUe@0y{wQ+V`0EBQdyumy!P3WUZpue{Fj&6QyL;|Y^)BHaxp%$q
zp*v3pJ2-54q*nc7Z~^4K4~j4@#t-W+-+_$Mm41v9iGm3H9r2YjlGKlkO<@&EgVpbS
z)lYuUByH;_-%d94LpH@}sJMg2+}BI5^@~CEa-<J^6Z5t&ftr@y%?{|;KiT=qX07=x
zq+q}fJgC&0){k^}RgGeW8uhP=z8t9wU(C&76zT#C8P>G2n8_KbM*V5M`){BZ|6K3Y
zpFXPB>Q8<3;_sEH^x|=`8vW^zIF0`FPddz`R+DA@=|d@g`qKc5DMqal?Uy2}L?ikV
zTe#V%XuKQsC5`vo_cSWeD}ChgM)@~;r_ksf?_n5(GTgHSZYcRB&K9iYOW^1k<vn~y
zmrt71NdS{mn_yU<l(F5%9&{L20Gji^&rXjkO*Df7Fxma6G1n?MZ>11VR=aynirsx*
z8ie}luLLmuOnOOb25IR`KDenIw-w^{BitDb7wRVsA=xa|pdTEK`oXVawEDp}?oR`*
zob-c8v#*XK{h)EM(a=aRG!l)Xd$5_U3A0vDm>(ZdPq@TK{~4>+=YkGYbjL_=nczKx
zaINnSCPo+en)>Mhm7X=|I~)4+=eIGw`p&3P*VlJ$9(a9yr{?^p0AsKPrC&OcDr<Rn
zuHCvM?c+snVo@n=&<3<Yv%ATM=+yMN<K|46i8c=Q&FqhH&be9X>?~=c?AU@JzGJ}*
z7E;cH;tuMTmzaomY>>dR0bUR!HQb^|5YGQYbw9Uq2|_=+d_Vu@jwmjl<xY01b^NT=
z30$>Nv<^Q8+9&`@e;kV9j!tkp@ew+h@Cr@h2T)?jECgKcxjqKSsp@=&vzL#?<S5d+
zV6Tg3kI&>IqViQ;#*bbLT$QXi0HBOv-F`GkYW}Grmbm(SAFuK#l#3;jM0tz<5EI2k
z*u2|0yxY0F+h!CuK%W63T{{?sC-WgeCB`trU#LSlMm^#g%r?uq9wXPG*!W@nQEwu3
z86?Jdhm$(X1Ujstaw%`HY_U3ba3JyhyFwu0`#K?z@O`5YNT^>T1QN-Y@=~q)+Lute
zaL1vVID!U9eme@~6E#P?QhYZZ@d@cDRDMxV3zeV8W3X>$g1w@Fy+p7E1ba;bTS>4#
zCL-)j4eWJ-eM_)+HL$k`R!p!DHL&*tUjg?rF7pVL;<_@f!{sLwDN+#3fbggv!ebo4
zDtWpvgjs$Fa}<Q5fRN#bkf|Vi0tol}A&jpk@iOdB=>@<U>Xpsla_VlEms1zJY)fkF
zNwS$xMeL%NuCj|mMWP~-Jq3?FNLbSg&P`ag>~EVQ&iSH;ET`GpgO1CQb?}Il1vzi^
zAPMauffEvGSr3`&ELL95??L=g2IOEQA#T(BlI%wIywW8=Je?xQZ>zJ<puA77x>^t7
zpFPeB{mz#*fzB843gcR9We;?;i}w6jKf?F?I63V4=g0iM*FQgoiEe|z)IuyPfe2ut
z?yP--9P!J3>6jR^7mDDIZ4mm};Z9=p@3(LLJ>2g4%)Yg}esavd+~W%j>-SGGOy3qL
z*jK&b@j`O@tr+2}4l6h`$>2N;@x8uIDA@0`K)kNQ$+|C++i$mT{W)Y%Y<H8hXF|~^
z&!mL*UnjT@XCKw_3+(NE@b-T8c6M94Zl4{j9P+jqD_#@}K6BQ0=nk>_KO1ICMMFpu
zx#ky?a)4g^X`#8mcBxKhc&^0jkE4n2136fg_&!hH<F)^(cDR0r_&%o+(f()1y=i3s
zGc^S`xH)F9>p1}*S;N+SAz1u)q=yE#6bc89tihP)=iX$o^LChG%wt<m#yq<?Xh~SC
zPkzmBxqTA0?~l7R_DR1(e$8ZRU$YUa_MMOpwuAP0&>xA~S3{$Q@Gm#>HtOw<s8M%v
z(4V1N`@EXR@9w+($M2m4Y+u9Sn(@1<oicuz*Oc*#8HD4<(DzVxYH0Key{Kj5LzPBX
zuA@dj%0Y>tu{^))-`5^$LdTo2hk7lR?4g#&-Z&oeR&;<^T4LU{eTmvX&9Hum1IAq6
z0QKFlC%C++sE;Q8%cxEP?t2*uv&jY84-HH6nlKqd@8ORt>G4kfxP%^?@W)(1VeiOk
zsu<i9KxF(u`{vxnnnyC&*MYKLh{ZG0Gt<Y<N*~8#c1#~X&1;3yH<&mhv)w&{^>U_}
zb*FA0ZoyLwGHoe!TQlU2D8Piq$HPoQY!{mEEJ8*~iN2u~lwf=j_)T_C()0LtDJVCm
z`y@L`?8MJzp=kZ*yC|D!7IB--2;7-JY&0RuMZ>U;n#4MtA`M(t<x%)v088z6U-ihi
z(l2qulx1kxr28=P0a&(RV7LW$MPuzytMox!AV>aQO1gJ-X)Klwr_k>fS*E{5rE1ut
zw3-C`-@F0Afk|^<<C=p@2GSgeoB<vlVe{1;>~2TignCMHtSArm$j#=}XTMR20dw`3
zg$)%5w4Y&jAF^rm2MkM5AUx6&6$rQVV(a-^uNYcNxUUlgBtg?F=NJe8i9mM09f8(T
zwUYD`TU~2S0u2-Y3Z<#7-B<9wQd^aRdkiEBa7I`hvFDv;wS4(UX+wWZY?sAAjDG=4
zvEX|r29&(NM>O!&8M;6+4JBy78VXtvJ_-b6J-h<4?yT_KNGOc+7TQ?h4_KJ&Ep%x4
z#Z+z(VUse=j9Ik%88S>!5C#LnC_jX;ib+KmKp1+B{F`?lAjQc}{`(34{pi4XnH|N=
zP>@&Y;bsWHW|nSJy!H70nwTdG@ZQ=)dXgZIRj9~O<D~Ud32suPRa2@w745jad-tx~
zy<D{&&)%upj<@!cMMHHIROE`UbdlAK7XIbJYO7bj*oqg<Vuc$0;=+?aczJ|Z7taM3
zCKJ!4ZE8b2ujz<*GO9I9CZ4-{YKUj6PnuDh5j#H-^LCmX6ki2{8)Xvt1d&??-ifm?
z6$x1K30_*yNI@}OQY&G5KmSh}44YKHZy+i)KcMv%#HfHZPgxx0%llicWl=`@xQy|$
zCQNaPu9P<7#_X(#<DINXWAu>BjUH^!QZupCFNh>@6h)Vbd;57Mj*OOt7Iq*hV=DVQ
zivOJk{nddMA<NroaIaXSNE}Z{dm>_#fnXz>b{Ad4Z6t9lY((Vj&3j1VXp=m>D?OxG
zL`|fnwwg%mO*p^8qVcj+0XF~1Yq<IAj({zFmv>9|g#3^9Lg7Gf;eY^l@8y2i#h7Z@
zXlojqtnv<i2)9+syW0T>&8um5pV?2l`NV!jEozev_hP%S18%z$(kGorrrPmE)z-90
zZ*-E4g_d`cch_SJNG00kPu1?4#tWNz3vE(PFL|qu?IhnEhj*e|-^nWqqEYJ43lCyp
znY4%f-XPw2?t+n|KimvHxxEFip75V3UVq3jN$8}rdp7w))+55cu@_voGZM)~=lEFg
zhg9lY4fQ3d>bpl(Uwx|Y5uf@7Kz$}&-!r^E2i3O{>f5ZUFNoErXg~Xd=kP2Q^p~Ni
z{d`GO@*z<9mqR-V0sB82e2k0K{U568e<JliTif1z?0*99|NYQj;$J_utK;{j4y}cL
z_YJ#G+`tahgHP?86_(5E4)xdHZbk=b`Fqk3U;XWJ4Sbg$ya?d&GJLfk`~!gBBf|@a
zsN*T}_8+$^fgz}!6NX^>g+W>$((*w={M#P_NS);RBmKT#AK(!(T(9|lB7MIYP~KL3
z=Xf%HzY^N@ma6>oWdH9+f~WXHO8=8<((lV!k5-V}PBQjs2@lP{+ZZYU*1DpJEaPCM
z>jo>UQseNMgdae*%&<Nwb$d<zBg@!{#}0@3qU&qCcwZC2tl)rjqPUq5=PD(a53y`3
zIEdu+Sy(r_CD5QLMibClqrEpfunf<Yfa`dLUe;2wmkyvHj9uEL#Vg3?!O9*$8~*7V
z&G4YO%}Cb*(v5-hQp{)4-Txq99U~e0rzwzw|DYg{cgfoPH<|(=T8{A%;VcAo{;bKM
z+s~fhjRd(yAT=@=ip%2jq8S(skTl$zG1MbT{%-BcoiVt8dI=esuO*}NHE3mCN`d(>
za3O_WWH%Zfk+0{Ly41G1(6-{_^l1~)XAYkWTnKBOIZI|jvMq2IV~1FM!8w3!{fKT!
z!bb49sOTF&0o>Q47WdZ0;tqmRL-wZ-kKM{HyArgyiboAZyGo^Zi_pkl`oN;?pg^(U
z%yMkFNP4#L*l=kSX>WN%Mlf}-hs<hqZUP+~IAdB?X1X(-vsq}1$$Qv>x6ddzyRse*
zh?0AFoB#2vpk{xo=?Z?82SD`e%86)gSF)(-OXRLBqvw^pD|@Lc`4NYL37=v~4v*+A
zn`4e>%z3I!-oTxyUM|YW?GX;~M(H(;;$fkVN5-IbNY5ia%8ffljlu8)_;Lv8EJCPp
zwh-PpksB)<<Bhv>OFe2_@hv=-Cu>rft(`MP<s}0Lifs0YD}oZy056#aDi?dveHg{l
z45}<>Q9G=?>AN6!buEop#(TDsHx{*0MNJQPNs_fQi|{qISI~DyqlAjV0qiip)0k)0
z!{S?gnpZF$tqi#0Crw(@iAIfjPng_qCX;kNDKuVL^7!S@b1omhwIO_+ZU~`qyF)gd
zS=dO9fjR;10}qU!#Z6wk$qF9}rr}%3-T?O7wY4siLn-&NE<4#?l!QW)6z$-JKGd1Q
z;Vh%UI@p;8D@7Tsrh*a{b<Gc?087EJsJxRau`8M6kyAqbIVSf{qUW=`f96o$zew&B
z7Q_1o^bb`JFBs*1&Pg9XHDEvA52Aj8X3$<V&O}iG83j`MC_*1$bMZbFMN%J4NZy*B
zkEA||@*Y(8ao3S3?q%ZQ_Dc}@6+Cme9I1-`?m`0`pfzZxvs{j}n}U60U$gLXT9(Tr
zQu%WU;ia)h9c*-YOqTI6v2fZ1xS;No3Jmg?Oqww>eahtN@^z4nj%rwRG%QOr!(vno
ziw%aw?4A1Aostwm85@=(ooHBWFf3-Dsek|bDDKn)J>|n<16MSDhUBQ6u5ehE@$Pb`
ztP*)xR`PP34EDQ=KihctSw1XyY@o4K7!6CbOhRTil!pWQKW@?#PPW^nXHN76NiF8Y
zq|i%DzTn%@Dti-VfH$GNXn{#2dw1%#G9<2b6dIP17Ap<Wx!Y)nOv(_o@RE|nhZ!lE
z8^Drj^3{L_PS$II0$r9{Ya~40t`zj(ga<>`W=MD5%E>hwD{??v!=+bf%+JHo8pG&N
z4C6y%rDt0h&0Ll|;yHZ8Z<mAbgfvhrg6?CxQW@iE;Y4tA!l*(4mtZ;V#wZXH!x+i6
zd|E$nExqbeExFX3m2&e|)AL&1yklYfY>~p~7LQg--DIn!wEBt(-c<I5+Zp*#zHo#`
z(S|o^Yb@vT%I~PH7NxDcwp*@K+p0QL+gWO#5##8>f(|Dd7f$U>3Fqxi4W~7=i=Ty2
z@<-mOr}@Y@^+#;H$?&q=<g?dp^0@2N7RsBPMor9>n_NiGOL&t@!g&+B%EwOKdSqN7
z77ugIoH2d!J?WerPg3fBCzMEit{|^HiCUP2{BJ1nzd6AFx|br8D@{B`L7H=9Ly8PN
z=Y8Op5h<&l2Olm99rxs51c96yDoO<&1@T$`0Z)2<eH0H)%UWUPR4`W{Bac*-CP38j
zm6bxzshpA*>Ug)i$nm-x*Ns6Z-$>3Ip_`&MUN;Dcfjcr3Z0C`wvtTb~NhdrOWSL}A
zvMXHRhAx}ADJLUx;S{$UT2#nZ5?>)D)a933rr}phu(`kS=-ny2zN&CC7lCJp-VMDd
zWb{%`n;RIITnYrqqj!Vi1Hy3Y^~B3%@rq1(C3?3U92*Tp1&ZFC!(TJ&>3iJe7e1i#
z3A4PGEdj~U1Hvrtfa$T~bOwu|YjJJxFw1ysAD1q@@AXZEv5`t6$rclqx>U>`V5>@N
z_yf=v=@tF}G){VkKfoa)74Qc*h@~9<0PKl0l|KMOCXM9}!1zjc^9NwfrT9p4itED*
zp{Y`IBndaOwDFOHXhpzGO7%I4HZ1aQL7YrGo6#ay1D^?{Nyx>iRvXQ5PW!AcU=IgW
z`2zNH0C}RT0N-*ok=82bdyZb{ThCG6CA^KqcA_rXG$;q<Yk=>&hl9MA2kF{v^sd%H
z_iO&{GT(O(@Mda5O&{UtD}B*_45<A2m7}lrMVHjE>eYY>4lw!xPIG|C7w`uMto8lI
zg&_HMqAtC{(Kq;_Ukj4?4|QoU4<xTu4%UIvg*!l~as4RT^Q!`yNjJD0u=vf(0a=kg
zfg@?(Mj^8|_ebNW^FbO9WlTrVcO}98)W9wgET3S|K`+chundCL)4;-m5#}IRV-3te
zFblz2X<*F>)`VcUYGCaMR@Dz-T{W;y1Uo{oJ2kLqf|U@gw+40>!CoWSKn<)v!3qgB
zSOZHUSSG=SX<$PMmO`-68rXdV>rSu-G_Y|5GZAd61~!>sSNkGtmIgM1V8;kHPXn7n
zupI=;)4&!GY&F5$8rTyATSTyDHL#}$mPN3aG_ZdVY&gMQ)xcgMn3Z5}YheEh76OG#
zeD7kwwJ%l%EdHeu7x}?H_<`w~4?Gy`YvCvGfaP#DOJjm#g!0pueH9{}%PJfz;GFWq
zX~gRRPDW}1I37QoFph&~&DkJ^bHNYi&&w*DF9E0A59h2JXEop)^}{)?#>oeqy?!_c
z)i`N@v(pdffEuR{;Oy|j`9h6j0-Rz$oX<H99!eK<3}=HM&K5P!Uch<B59fW3g9p?a
zz<I?F=M6PZA>b_a!&#=rnFu(K`{5L+acqDy&kyG@HBM{5$@0UQqsFNc7*4t$PNo{?
z8^9UmhcjM{vleiM`r!=YILPuW0-QKM98ryv0XRMVaC)h6;sGbp4<|~EV+Nd-emKV}
z2?sg*tBjQ{|EdyPcgk!Z>B`+Y0WH*JW^sN!jG_K7Z!xls=~Vm{7291$LF1I7!DWAa
zEWZVIp?47URRy|9`RiBZuPe%5ErOJH%~EAud^eQJ;L@|MF@#;<O+p^`cpDXu`)wN)
zkGrdlipSm5M#ba4+eXFXu4<#=ahJAH@wiX4QSrDBw^8x9)7q$b+_W~t<EFMz@wkKA
zkg_yOios5R8D^Q(<D>I@#1&4r14m4i^bC=>+gtEnCta!&BUFTW@qx3Ij<Z5r?nND3
zc6Mp*znhW6mA2L)sW-Xb#ZxXDw6*wGoftF}z!Km^r043$hQDrrL4J20S7KhB7%%Jk
zXlqahlgx~C!DBcW<5>)qAE3&6T2q>qy<8|I+Z&5gBu7KfuvXa0<q9}Os#8bh-gQ+k
zYpT!bNr!Wc_Yqy(f6!AOkMWO49EcuhC3@)QI;9ZUQR!_x)ebDEw1PhX+bKPb56kHm
z6?>jrJ-5p*$!?|2KfvvuTUC1Ou}3L>MVfT4UX}kq<ZZS}{rF!QQg=Nm;=laf$`^Qi
zHEufg*L})glku;k^pL3(&sY9hq5QQ=`RfPeuXFU5vO2ef<F=_#5Khxye7~+F@K5TG
z(gXU(EF|zA<?a36>TzkOg{wwy7<(u`Lm1^JWK8IKY&dm&-(l=}`8OO1#Q(nb;nA{v
zcy7)}!P(mDb+r4oB%ye@z`c&1w*>M!0{<?b_>uLr_Tr~I``U|d?s$EBafhMS{ziW@
z``HdxEH`04JFy|z&yHzW`+N?vz3ic%l$;J;{rl!_5DOi*CD(u7j{5I2P=1H1{PWv=
z<CWK#pJ7gC3I&nH{vOT$PGf)f=YOXthLtHwkcfGe%>r0d`bCMba>L5jk5GOFJ?3K$
zoSz}5xleuuy%I2@O#^Sh2s2MeTIaV!q`#3$>&(6>Ne^5M)JWd66yCIj^L?9UnuNJf
zq-Hg?r>K6w1P#-EO%#*_4WwKPoT8yGZy4GENBT5O&l|?Z7#n7W;6jnfu_v7ECaK3u
zRN8lf+GkeUcd8!Rqc(_Qi=qh%&Bz}0qbLki&24RhVa>cMc)`y{;aYkM$~URXAC1B|
z7<z6XW~{A&nCT|sV5IQMQ)^p!+D%k$<(1oNTe<je<#l*>4H=NV!GBlq-{<-7V*dO1
z8pXiOEWP>kRZqoe2nIDmF&KUB>8m`{Oz)9oG4}H}iXoU)x{Vip<t@}p<DVwW&0=-o
z)l}kwQlxXKa`YN0mEK;$5H<EFdY#(9)5umtEG(p+I)%DOnO$(Dq{2!`N5M6f4`=0Z
zo8|0)203=(Bj+u$fru$7z0}sytNgnIMN0!Qf<&4s+yjIt#0U_e1B%-MsTh(C@mHbR
zhHQzmN+VgNcGnJyWjOG5jQ!B<c5Unj$XzP*Q^kHbth-U{2UfqVuPZ%A%@#K%r8^UH
zoHNH$Qp0xR<7Q4)dhiO4i#O~8x9==&8;zMWX}zIGIosK(N~{Db4}FX)5O}bM#{5wm
z?BTVVf;}WWrn37y$c`q(Ewd=p)=iF;fbN%+Zt;@zeq<*vn;3G7Y=3;E5s5&xqSwQ?
z>gVGku(Po(2Dv}Z^n*|hhvY;vNLLw>!XUZxYy`#d&iNJwzdMMBciwdedzvX@cR*}L
zky^^Nwd&5`!(@06d}rYfSd-Tek@&GXNJFx#PsG5|_&z3~ykS7CWceU+)qJt*`0GYv
z@Ng5+hEiv?7|PFj{S9&ab{OUH+i0W!44t@%=!@4ZNTq|aD!n$}_)ac^kk_DDa$d9W
z3&Ml!FN&tnT=DrE!J(1T7$fb~U-qi3Nbgc!?goEBeuceO%BP_43lqu{wfRjxxD9vi
z6ew5cH+k{4|6_iWRc9>1Uy<J=HjMBgzsV1BLfIPfn+#c?3K4Sbl0}{0B<)U3ev<?`
z$E1xN<@_c_gMWULhuBNSQ@ux?CcnvojyKM4vZ<jQ3T)M%G#9aZaH^n%i~qFX)~lQ*
z`=rkQlcvrn&E)8H8F~PF(RgUsGSxhti_qjZ`2^q=6?}h$*PeAzE3{{wzXRA3Z+?@<
z;S#f~CE2sya_4pPn=JONe<pt4>z}pE%S}>B1P5Cr$CX85phYtOluSt<P6xXO3}4$$
z+&C+J=9KZ7l*U3?IhcqMLj-C=b#TI()`AS@ErCLHKzNP?A#^jh0X^k^V{8r#)sYHS
z5z%Ku6!M5FRLAodEy_W_`u_DDG6BVvbd;~8tXn$?<v;lL@Wqoi(ZfAL;2xT&hmV?W
z(8Fn}9_nt;!w&ORJzRG|)5E>m9{$FAxVS?nPIrE(hkIq25Xf=IfIFcRd0_`AZt2}1
zk<yFx<gjA7RkY$wU-AudNt#wg#PZt*Rrd6e(ugXVz&ZFkzkER^??=8+(ZT-p<ZacF
zqkZy)QuQso>W8&e|9Q#6$-y6&=p7fYdLjGe_T6!JvBiH(;P%2f?Qdi++?050uoON4
zuciw=mcn;gS?MGdnc<egZQ6Iz#?$w;7xuZ&577F1+f!op=R$%BMmg_Gfr;(P&T5At
zek;4>leM`a{&PG|KQsrr;xF;ZpKvu%bHAU|%J+VMr0MnV_nDsCZ<s$JV7?8h8z;o7
zd>fv2H=l1~J6IyrI^RZ|c06tR+?=3#qB}MlxR+;udx3z&$h|xPG2QescQUbEz&I^F
z<GKHec07Bw^c~MdO|Czlt*dW5p0(`{M88395c|^t2>d{~KTF%zra!m%^k;SpKlxAN
z8_0jIUB5qnWBHGCQ}Umyx0Cz_esADEU9#Pu|61uiUDa-O-F~yw!p*Kk$KC8yKFX6k
ziGs?_Ze2k$9^l1?NmDy0J222ys-QTaVE}!)fhdVP(GrOS7tvFR9$Tc>Lj$?l_16gj
z-0UDEJ0yUD_4unwW}$0M3Hf^Xgnle<h2`Z?Ua2bIN9DVEvho$GdWxxhD3IW~LEiFJ
zR6YQFcL%8OT~t1;w@<RdhgzX9<Ubg<bK#Da3U3;~%(64xT#mJcn~T|db7{v4zreyM
zZ(&#Mb*4aZi5vARyUxt^bBTLcafyosgsI#m?#N3dvH0dCRix0eVA)~qowG7K`|4Rb
zO?&T9Ijk+_g}3dXBety<Xp+W@bhW9&3MXm(bsE9gHw)tDZ&iyx@c{zHgX26|*v~Rg
zmNjF_tQphC%|I?}<BXZ(9$?#MCUR)C3=sEw!y5#Mn-U}_{2At=zfOR-#WPhrnYqHE
z4iGo6k0wCeXPhUyVv+;Ir376kK%BySX#&Kx36f_j_zX?OOWPC<>FjCZkW$BM0>piH
zn&wn5?Kw^FOx|Xd{h9E*wuzo&{8{neYuXpKo$9_Yz=YdqIh22|D(_;_=Hnbm_nG_q
zF}x)zydabJKC`(Y-e;ovk$+x&exG>^v?jY6(0yjWZGrAHH+l{f@9u$q+MJi8%V#%N
z#k;#6e>T*c?@DBpH;a+exkiWwaHyG_`6{m}7*FE|VU5of_-Sl}r@@@#l){?VP9O8k
zIqiAeu(4nKxB54T|90^P{Dmg|$^pCUB0J!=q(asE>P7S5YYx|GhwB`~U+E@b{FOIu
zNn@b!WY?S&hpRW}GE`zxycx$|r1P<UiB+3lw&w4R5AeNDJk{{MM;qVhd*583?=9b=
z{odb~-}vCio8dPuoTvVsJb!(D!#97p1BEZ%{NY4@=R&yUR?7XSi4Xk^7;pS=BX7L%
zPaApTjsLSzP4UJpN1EM4yz%`LYKk{*y>_vNc;iRU-R_My&eccvY$NrND&DwOdGx~f
z0h;9#Z#-ebb>fY$zIw5Sc;iD@d)V;y^o=*(tnvT9;*G!YEZ2YV-{<-7;%8M{#CV%5
z7`V?yoPcK&u?Mab($X9`-gqw#JibZAJ9OlQyS;Br$RYK|#!YH@nkIki6F}Jac+VJV
zMI%&;B~w0WYk$rmB1P^2QBPyN{Gxnif3T6ie{o7_qAH$|*vQwvc^JT>WO$?>{7wyA
z-$?EM%o?Wy5yFoHxC^p;K>lRxBrHKVoS!j}yJLU~yv+#mI;#IZ0Ctt@Uv2dL{!{S%
z+hus6AAAMC+sp6_HQb$~&&vrhEa+-jZwtz+YB;AuaimQU46kmT1<k4hUtX(fR#zjk
z1^*oA<Idd}D^>A##Fm|h54cl8ARR}Zr><e?)}jyyv?CZkDTy!YUJ{pAYLDA`I?Vp{
zZxZ+<<nK4+L&j9JmVk>B*XUe0By)sQ6Q|^)PaH6pYjoy1)4j2R;mu@SbwF;=!NvG&
zA3I#t(y)n9f}?Yltn~$V12Q$|AxOh{2+~a#Ed0&`>>{v*f|nyyaewxK8t#ug>VK53
zHk7%)d#Wx1_XoowbANGp)jH%QdJN?L?YMGZ7^no-mu1?jx60pasFrFgdJ#>o)n6}N
z<b2~7zYq`jzy{U!TmOs9BCg@!_zl1!+O+ya3H6EJ$SOtjZLc@4nE>g)REmVugNh<S
z<;F}_$}km1O!&tA;N49YiX<WZO?s+#Gr?Av8Bw1PFkMaq1&*<x>QC0bas3)P)~NMr
zULD$IC183(*+=<<0~YRA<n>Wj1#EpMh?Ia<6f^Q{jMY;pRi2(JAFVuUY$m13GwQtI
zz8pUB(B;_Y(1r%c%ds}xet<@b9jl+P>#U)X4YCGfK4_2xq(sWiS<eQ=P+$p?H8EgY
z21yW$?q?&08R8nW*#rWCrmqi7VSKM>NZ2P9g_OXVXA|8INpNC{<XhFZVk4ZG^Of9%
z?92o(&*T@Xd&ePAB0qKy%R#p|Tw1g-ZXu*5R&v~w_Xv6ciW|YCS<<^@M@_X@;7Kkl
zFw4pNFocfQJusIBY^6MatLb?yAHZWsD7210;DaPJ(?wH=;&qsi4;_EVS&1BfXrHtB
zd&KMbgYj{9U%2S;+Qab&RPKEU4}NOYp9HxR>e3UuR2#4M6ff2KTAb&l+K9K8g+P)N
z50oz4A=RWZRWw*{Tn(7Wr;o<H(}cwqp}d$P^kg(dbMy6r+T8pDz|HIHAlN1i>|=si
z2v(wjZ6;U~g6-76wi2wW0m44lz)A^rgkXC#urCN!La=W%FxcN(fyYW7;Y*anZ&)Xv
z_6q?PUo9ha0)!rZB9mAJAq)_@_#xb`ApH9E|Hs~&Ku1w*f51IiAgmJ*aM%Ne5VkNu
zmV`wTvh~1310qIH5|+d$h!GMAh!{+Q3?Yb!xFG_vh(2&b9w0)(l7Q@>fE%*Y!>|M}
z5Z3wX)~)WYo-G6V|IYW$`8@BD>8jh+wcfgQ>)zib1TCEi9#IIk0YL*N0)s;E84%QP
zBB-Mfya@#NC{7v1GdmZi22!JwH}EPqd3~>PllS_S3MOs+am+|Da~mk=L_d)fT8?~m
zy&e+eAZl1NUac%TW@L7n^Vu(>H0zkGAbRr{z30wu0jM4DRTjUjjM`jfks2gM-eCB*
z-_X4#{G#n^{PUfnQR;mR_nV);!TpA62<-dv?DZ$Ku-qh!#usjZ3;lKw);5Fu)URz&
zk4SET!yp#9z7N$Ofa(B_+EU)#D|W!pqRD?rNsWO6oRcaWhSI;~<nRA?&xdml+|T*&
z=QDUd+<oT$&W9Z<6<fqyCQp-%9evF~s;2kFAc6z{q-S4Q1nJpZxjn`cPS<K}1q!Ou
zVT1wnEcL(?mBv`>NoH{V!K_+@afMRGHGC`Nkz-quSeOIKlYp{DLSCg$)}KUFj}o#E
zqwv7s*qZK>1-q0{BSvMUjZQ&TANe8giYl^vKb@@VV~4^}wukjuZkBa;FvZh{G-7O<
zdHbU4HFI1f?<KQstxq^YP^L1uFAIT2(ecq7oGh7N>*!(wIKbGqK`|QCYT*rNw@CHz
z<m+>AJNsH-wcu=oC{zU#A^j-q`WjjwN|7v<pS0EwO@F8bdW}mJ&SB%8cG|o0$Dq3T
zl>pEzzocrG$GX5^Tfy+p16-)4jWqE|HF1!Zg<WGTELqyTm$0zYPCV|U8vl|IaP!2$
zpTjPbO@wkf*cFQ%+U)ulk;etv0u<woOTWtZ%%^`vzA|MMC+6;BiO;W6^q(H>X<PcJ
zDiB{ERRwZRC#yizYZF-s(qR``gwi1oa;pW&V2X#`1JO3r0BVpR*Y>ob7b>*&s|H0O
zvgZUUL`bFP>eLFps&mlMa5@nR6jAV#d!2}^pa~!7prA1jeg_}@z~)Xr^Vo?nSLU=W
zHgM*&P$SpIwB<XiR@5v=a!}MflJ3x7H>Aq*?({Vak5hfkdAQTx$Xx}c>;9MZHH0>U
z6`tvB;W_`vE_VJjrvG7or?bCP+22>$-*MA8{ZMq+b-OK)X?OC|@9=jNZNg-@|E6K6
z3EH|+(F7%@-(i{eI$`GWmCCBlkgP26ot4~D4^Btz(Ug@A`e<H%^eN1PQ-Z2L8g37P
z`7tKK;VLp7)B8t)LW!F<VVK?rt{flY(i>rVBwPX{a_RT(g$Q)hqg!kSY^pcq`}@I<
zF{?}m{nSt79T)aogGwCi0hipP-+ZRT!5(m?=KcGy2YjdO-?0a@)Ixf&2kgXtyR!#;
z>}k#(aQ{AyJ>cBpc-|f`k?n<F+znv{K*G5SCwssz$xHm*kH#MGW%6oO_JCiWW!sGO
z&LP}A+O1IR0jC~9d%&}Cvf<L$L$Z84l9At9?$RFc1*ljdH%=$-gz)x&4PhL+a`{_G
zzI=bys0+P68@oVj4;T*zff-k?ApUSIkM@A)iyg`zNx!dIAIna}3F~Wc>*Fy(L#4iM
zPdi9`v42ykFF?L=auE3%{)i&qaTNJ}1s!CuGJ!So{kPj8?)1H(Z<AM=aP?Vzo7HF8
z5QqA#x#qDx1sk2}Q`b#>`n#{sceCR)Sea4_xjqdY>l5s`J{3PW)o1Ev*Y(+OD?}52
z6K8~<Q8@|~!7Rurr$?cr+3|D|Hk<@g`kZtz0FOdv$Y0rh3JyY)1r)rg2teff&EfkY
zT;rl|vBpI_<<Pi<t4iYxE*fWWZrs<vF(1`54&Jo>c@q|Mx9*+k{GRn;JUwa!C^H;%
zRMPUxIKzWTBQ)c&b(2GtXWwL1E*R`k<#|^;jz`)Crz+o#bgD8PkM=hm=7*d9yaMls
zah1DL$tov3=}@^F<sSQU$9kvAr8-xR_GeKg?a#BFXn*$pz_CAR?DZj+us`=#3-w@+
zQTRrH^cdE(rBc&GtZ7$LxCle~uE2J)E>NNBI-c)xb`I8x8zBN(crcWw;1c=RH*yjx
zKv`7IG;i%X>R$}=Y}avs+M=UfM;rFron6P;B+jlw+^MnaxE86=>|bR2Q0p5Z?Cg<q
zyu!U*hXQz_vFnICF6-wz?7?kg>mtRj!>|YKI&%AJ>^gLNWTpL$-T2Pii=6PIo&15+
zAq}EKI%Xgp(uT^APQC;~s?Xo6ljQ*!|8cWCM59M!jc_?cw^f60t<D~Y=w(|NXAVvA
zC^IzX(2p}*H86*s>tGH&8qA@`s^-uSJ;8a*EGsiQc>XXg|L#q4rL#snPc;Y{`|S~&
z%MaB;V?|5Phbb;UP*<gzinmXGH9WdAZy*0^PA7RC=*4yj&bJbz?oU6?O)qPy#@nY(
zPmQ-vA)8)X{|-^TeHtCBVBRXVk2xRy^#zLs!G*7l0~?w4J!K>M{6^%2PFab*pceQZ
z15X<K1WXHkei2scU66=>(}+>p!mW?|&C62CEWdQurDl2t>KD%3NcHHn6JeK~cCyGg
zTHDdbZiaT0o88-p+$?ncLyVgZ0{fvERwn=WgbKX3&dERIK08W&sUAKzq;)%SeFgP)
z^zd1@)2PHtox4+(>}KqA^zaFkvUbWIK9k`)@cmEN0zM}_%|5WXm&SBGN-44XPF%oy
z7qA6fwSD!$@0noB*;jvhHRQhStH)eP5j@#fbMZgHAS#_2L?sqJW&-9BmPnb0(Nvg#
z%%jhFU>?~mAps(SvZ>bSJKV9VM^pK;qw2T55v)F67nq&Yu`3~*ofHc3Ds4tLhB|IL
zn9lc)YCm<@p!H{8Sf1h-|Lkm-=lEy)y|!n@D{XUO+i19+3nVi_Ur?VcifF>2z-G)Z
z7!0;)w}e<}>|YZ`ZZrUU{fTj^YBC0Q>kZ0r3$C<jMD5WEqdK5&ej3i|c#S<P&bw>u
zzkhLYjXl=+8oPdX&1Ux|<3`=e<;||}*9yB04ir}(Wg{sccI%agU|+yuf%&LjTf2|Y
zY~Xjr&cDjLV#88gAgey)&iF#9ya8U{j@h$6bhUoe`BB<PJ3nS$a-1K#PkWvp&+ff1
z`~6teelRCMvYQOD)gW0lpaS?}Jz2$n$U@Vk4dkgnUJM5=g}5@|_td`Y4YlptbkS-4
zpQ>X1@2R?dvIucQdc1XSn0N>*FA2V(<f&XWZ;bV9|3|9gWdC=B+W&=+dRJlpx0~7j
zz3;WX;gyrl-%G^r!94K%z0vG@9pC?7u{Z4Z-}|{w%HM_Uo3g8F|ArDUQqsTY6dw-m
zm!<>(132m&FOjgzT=hgj86Wd0Z}+|GQ~qRDX;c#xjva!X#_89lo2c1{BkOy-sOz%2
zjEz>Oj_cB&YrvJfEH3{vY;82ge7AvpWmod&$$RI(4q&alw_sv7B`;8aJ;J9VFeEQ%
zrUV*}2mHKPnEF6uf8mV%b+?7EoqN{LRMyWGTt~%GoSM7a!Kpcc`84;4DUI!65N!F1
z{1E%I%<9^gATQf8k2Ab)SR%8!S}gmsc^J=$^IuB<4<WMUk^#(-P|LFtl!`GNQ=W33
zY9LKQR!i_8g6tlgSjWz^LkN|I;ke%aW@zvQ0^mGBY7tTRIdq3qFWw-8?*s{RUP<I0
zTAlguz21TfGjP#LK2$gX?l1bEPf@^2!q{(m4JT5oPI_+vHvm6<1HmiiQCV7cqdEI6
zxY1-*;YQQYA3mI=iB{EeH@eXn(2eG$LEuKShN2(2vO7{uRf0I%9tyaR&q>TwC6}fb
zzJ{Ux7ywflyW103s0)zZ3KLk!zZ+6HC|t|fNr2AlHS|5;Kd1Z4K|G4qFnG{;G*jvy
zih=(`3;@vKIaHRXN>>h4*j=Kw2E)m!a3j`<MjD%57A7d5PwNl3vV8ILb7i68OH=9C
z4<<DzGzTZSjs6FP!vOx;oyF#ZfrraiBeUe4F&`~?BUnSV_g3_ZXwO%8yOs){%Fx9B
zgF7^g4wl0{kP3J!8Htf+HFzsGq@(-g`=PTK|1VXI|5q9&aCO5I8@t6y{uFPqWF)Rs
zc@{d}V}*LEq>)wfP&cKLG>Y)OtR`sxd_#)ZU!jdpsMhb#?Q;F(6;K^l!0E4K>9OgE
zthCXDm5zRSoQl4k$t=fG%`658N(0A!#{+o=3tbk#>r668n^zg}5S~MR4>aN#Hy39(
zh?f-6VveAq{;U3E-6r(q&gcH?=oxnhlPY(yGj1x2Waf(l^Vb<<tEp1AeHHfq;R`vO
z>@0>OMcno>h9k9KxQ`f)B20!Ph~dcMTf){*xu-%Kzfn};H-54;3={)1+*y<<zG*+-
zq6hR?DU}@1&FTSt07>jj6O+}%r%7THnmAfb9Ho{@vE8Fu3f4(ZMp;?6@q}-b=B_3u
z{IuJS1Tz$ZSAbxW6T$0@z#t_7!MNM#=yq*1UP0Q}-&5@G@9gg(_IKB4<%%*@+O)eu
zjSaVWJ)YWYbmUI$snX2#MnOT#dwso8jm2n`hS%f5M5aognlzW3QS}h_kaF2a>*1A=
zC`~fqRpo(M%7&jRjfPhb0*KHa+iOZ{3#gy0p`hIV*&8?H8sCsEuaj$|;qIT8aNPa(
zU9xFd$vUp?fzr3@P{a@=NyG|8sTC5XLoBhwtO&uKJdooH@<0XCFD3&AZz*rlF<;7x
zxEIn>OcP?$($Qc$h+5vteCl<E9g@KT2!R!DDDtbYBVkll&NN$$z_*gkmK=p&WfC5>
zr=!ZF$m4MKI0ISJ9GPVy)&<6IDMg(gu&m;q9LpN?osm=7$pDOlgIma!O0Rq&x5$gY
zkw5sOf-#lGJ))l<8=Qo#N<JJ$q5g5Nk1$&@6>Z~jY)2_;2O_ikKg}L11;xghG>gSi
zV&=)EXpRicvPLS+x-7l+tx=I%pjjeQ^EQ_?rXQ`8n>8UVD`mv^=O<_yQo|oLrg&35
zHdw?q%=-n~kfd{J14b_JKgcSbijSk%V}?$#jiznLVQpYo|GBIUZTL3)_Zy>P7ED7G
zu{Jc5C)?rA<u;7UNE<bV3=f-Zbd=<#JmrT?S;v|Zg-zM{Gd2aiu8ryx%cn`C?q#g*
z`|&Y@Js#C5R?4&~5^IWt>E)~`LnFART=<$cCCG<0C6t9fYbrOT*5^hVYR0rt7H!Rz
zR437Pu`jcy<~+n>OHi~8MA3F`LL<6Ohcd(VAg2Bqi<b6AjD3?N$7f5%=TsI`XO3LK
z4_F18$Q68X1@<+o)(bCXj#aAF%9p9vWn+5m;pY!w4=?g@>fuGSc>iUrOTWg)(hf|$
zt_F>xJ-mYjXxqU8_h2QvRd(lkc;;8AUYFyq1+e&QjVTlvX~4?miV=QPcQnE$N6}EO
z8L#+YGw7?}c!14VbP$^n=<C#sK>88?7M-x(LHO90wTcT3N1GAB;-E!fdK6Z*TR7j0
zt*dD>AT%3DP%FEk1eLJ?HrMqvAb?FFY!M&-f%gPZSLxDrW)uvH@e}L;CV=!adw{tw
zm9Ym{)6xd^Kx1L8+Frp-Z$8_Orvk0r`Z#9PueEW{(z!Y-OjaBK_|#mM8l_2{&Qi5;
z9A>dpZMcTHELCfL4<WDcpiA+{l1ZPv0jJN`1g2ga|9c3CLa=9f7KO%Y0v0GHl3}-8
z-fSGd<uatwyxT65#XByOcW9F9)8zJoH3tp%zdDu*2Jr_4-XMN2(B}1d7xRv2@(y9%
zM9lj`lXn#JhGE_bP2QiF*BA57YVuBE-XoZ2)8w7Qyy}=&uF1QAdA2`kUWF#_ir~(u
zUoTBq>e8tHJ%wNp5KMO>n5hti1Ho%f1aB~cKq(LiGMz<Kh2ZjMAfmbrJ{~CT1p@cM
z#{;ERK=6bU!IKKXEFg%zORo!*W!!cPw~U)?;g)foE!;8|ws6b%S_!v|&z8u`_>U62
z`)W<f2ez_twUJ6Y!L2~Zg^v;$Z^df)+RG??On%$ik_=lAd&R<Dxe~;^lBK*7A!V$V
z@3n@nmcf|@LowY5ari~sDg1MmFSIKwbOB#zOQp~#>7muKcv^$~N|NlW<V&}TRYp9>
znj-&Vz|@WMi?i#`A?Khu6mP1y!fuYdP0rIqPJVtGAT2{3R<X~2zY0I!od5iyRq%Q1
zbUPgl^%uO5&tACDl6&E0d?7`7Aw_=Sob==>)Z6`_yg<jJx6*_ztI(G0r(E7%%%xUu
zEVy&OPd93`-CBM)MA*vk0-68laiD3*(Y$#$#C2)6fii-lOg>C42{%QtAii>X6iL_W
z|7hkl`pvp>y=Y`oGj$~(%(o4_O`gB4G29cv*Ghq=y`X9&&;J5uF!9=YwIh^eQA}Cr
zY(m2BoWJ@dgx&VD0A$A&BAiZHlp%%)OQliGR9*5eK>^VrHS!}hvTTQE#~Zc4{Ni<u
z2yOHxV8>>CTsgIZK>hOT3ytWC>YpA(mCLV^KV-IvgpAWK53#EH<(DYpo%<WM=qSw%
zTL)~gbm(XKhOONujX8<aMx}%iY2i}GoU5EakN+r}GM0XUlX3V|?mF$8FXUyrf@Sxe
z%Bi5|vc&dNwf2l`zAf+TFemH(OlMIDjA9&@e(Ml#FXh=jrMf*S6E|`AL@Ow&4>xtb
zIuyc8RM;Kru?5N<YQ~7klj$9*Is@i=woW;)qYCR3W3ZrDr>uEI@MxWq-H|&=R$u1E
zIwfp@$FtTQL2zZA61t-*>y#nE0&ksi?h)aBtW(x^;H*;yEY(=2{Qj86I^`ucTiYDu
ztW$D+kS#67{oukiCCU>Dta1_j<UN<-)kQQM`Ohz@9t=m`_ymnc`jYOoy~7)H{JBA{
z+Mx|vBarV_pth%J6GtPE4_By0AVn+WHIlc&*$Cw26*4o=-hf6RcPA@GAcNQkHZ;~4
zf%H;J3}1l@Z0BSSKZ)T5P+kga;17^thwIek^yPlK%*H|bQ`|Cpm!xa%hiDP?oj7e0
z#Y@OG0U|+PWy`?z^~8R(P}HwY;KG*I$ZjTe>u8_`9nR$`7L}yH)qNenSlRW`jeQ}4
zf;VKs_A#^MbA27)?|1E^?el@P--=8Bj+P-P9peiGV>yDk`_P`6<tIV@!(9G&ESRQ0
z$)yk7r?t0d?|-;PYYT1dvd_(aIs!`Mtb(lp_@$nZUYAQR-y5QqKNxbGak&Tgx+woJ
zp-ceEZXD(3dqV`L`aT_{T<x*_-(7iWKsk`#|25@Nj3iT5Ga^oz!Lak?c#RpWwLPI`
zd;9shTKijT-MzHso%7?hgLi$8YReuGMXk9eL?ISb9h@#3c7k}jaVy$#b^oKSkj~^A
z*1myIYu<i+$sSw?kY2#0&)gH@gzvF1PlJE4C&XJkG8U8m)%h~t&dy4YNEwwutqLJ7
z{ireC+N+M-!t7OLOmS6bhW4rhTMEk7Q_%u{yR%oV7Q(UY4;E_dRWJ6{2p9}{Pa3~l
z7BF^v@4;TRCgr@X9qd)#`(D1Ter*YIt%qJ!>{T<CAg9~kKx3~uaEW|}oxtAtE8EFl
z700Jp6tg9!<FjLzIzBKLw`%cKHP0G(0-_63BapvE%U!t5gJTlvh?)=S3AcF|3Ojf5
z^TImVdDcU#MSbiJ(&e}A#SprNv+Kn|%6=6Xeje_!ERc0O++r;)_(0a|o^~C(r^UFF
z7_M2W8QqaERS<6=7?Tcx3AXz-qH%hXsV)P3R8cL-l#XS1v4+~Y1#F+k7^{GsQSjAW
zde=LHdtVbs8Yh~YDou>)C@639N|bUM7?M>>gJJ-heyWKn6wHMgQnY?;Y_QLa*kC`D
z$C!Nc_`A4HOq*ql4YMUjm2Y-3y;l+w%nTyx^shsZ*0~{#RG(T}?Xs=(N}y;Ay%I36
zfV(WfZn3I-byB*@3RaMLWCg1d8{mt%Mk-uopb`@f4=uCIY2(!3&|F)^!W`PSp-k}z
zS1O>v`<yPlOH!Q{V16gb&?RO$IDL^Ecy|^X@=IWZ_ws6OoL+Bqu+-b0wV}@DhS-L)
z?<gwFE~)VhM`YyKv=pi&wj{Mt8k5g1f|KMK6^8S7eMCGbK&lg~W8+4G$B9*jvjcV8
z{@XLmoRXg!C9Gj{ZJwqFB;Uu}%(<J2k`FqODUOp+83^YmSxe0Hz)t#KS=S34CF^=?
zZ*GJg_2V4Wrh{{D3hSu#V-=ilF+}O8**f)Bo58J|m0JAguAK%sXA_rZVo3V2@DD0}
znQGTbrK_rM*97OVn$?o0;UlzWsmcs|GD|+Vfd6fVzMuiE&{BGrl~{05pC6*=Q$36e
zMlAP_N*JISmq0oAA&d(hk3+pW3bIn~@t;y@^vs%?=$SQXUKh;!Sd;gDO+E^yBCH49
zaT&4UD@}4kn%oH$Yvcn5cG3?F*L+~8<^zrBD`A3ln43WLYA+T1b`QhU2cmh*tffYp
zpTkB_4pFaOgyiCgEs{s@bA0}qjo@*41SK|tHRb!j5wmdw#r1^G4H+>u8v>O#=NMl0
zK=^Vl)+}ojyj(-J-w2+q*l&!@%o<M)u;a4FDmM`M(*?f$@_o8(yt7`K`$YC96tqWO
zoz4GDq_bcSn>nfS%sJ|hGv~NJPLBu*JHVy~WJ+ryVY!-vBcObVbzZK3t22VeqQ`y;
z^ke;I@I%Jyhy9l1$NDYV5Bn`Z-Xz);$->mw5tApSyh`C*)lK3ZcHv0hW7aG3*^Ih_
zO6!&&8^!H8pCSW-{3F+720qVWH7S;BvV+w`aYFiZmW;+sYeLTBEY!S;DAvRuwMaRl
zMS@X$QnLa-XZ=Wnj+4HJAd0N-U#N}@Hn19Yu@SnM(vvQx!4?NbAhd)LjJD+%G&!Ox
zpex4!GV%c(?J9NHngfMK+Dw_HWAH;7LB1o0E9Ivzcu5;R{_|<t{-phsx77fG2lhJo
ztRIGthw4E1c;>7VN?JN%L5jdYv#zti@jF;am3}C`><}<;JX9V6$NMAG1Wi^hMqFfp
z<3W2(1IM$N<q|8%;I9OZKgxtLNx=W$wQ}}akUxH}Tu?qh6(14)*jN6t4eGL)M%Fh?
zvZx)ZdbJ7>jKhnga_`m#D{L~z5v))O0#-CS*B446jXg)od2S}?2e$(?>507!sE%;`
zZ8J4MH5I)?`tULcH{E^#1>s%%LNm6UqOcoM{h5%LfzO%#So=lrmo(a3xRFXs(fWGT
zO-$Xl8CIX9Uket_+vJ&LvQ!uS%c)I9LZEz0K)wzpK^fB3E_duCgJNMplcbWBcw+#=
zEv;b>u<E20>;cxj^bvai4k{I~2YOAByOO)6n6Q$&rbu7OT~j=>673S5!lHLz!O6AZ
z?!$f5^)5AE>FO4;J$q3b=icZp%KD=&gP>Dr$b#SD4a(P?@|-R-`?3!>g|qMHBZ~!m
zs>sNlBG?aL<l4*5fj+Vv#HT*Z3UP`MKa`OtYf@8Ls@9e>-A9%j_|&mJ@~*(Aj)&A~
z+u$hWQemfT_Q|(g#dYU+rM_T4A+ff&?K05&6iu>XH~r=v&}qjpopzcKQySaGAXxX@
zp|ZlV5-KYU@!@3!@B$-w7R(!_$$J{}Uc$UoP2RJZHxTpEG<hR1uN&sQq{({$^BQAb
zwkGct%)47m^Iq5FO~Skrm{*|5n}&JYF|SCIXTiLcnD?G0?;Xr5!n{v3c^_ilE10)T
zleZZ2p2ECUn!J^m7m0b_Yx2Iqyylqqqb6@X=IJnRyC$y$^UiFhd3!W@J27u3=KZ3{
zJK*DZL;TzojMhx0l*gwV1?zw-j@PS$7!741?SUrBiN<mbX{az<4QM7_bEHYREh7@0
zDIf$%PPT}H6@qO*5a&cNL?QSL2ojtK2HeJK0RNWW0GdcAnyA}cbA|y;m=jGGo~8%T
z1Ub>P=V=}S8iNx}GoI#hKB1}UL{pEa*#$KATaGloJk1KAx#C1qd5fdT1Ddl=H0ODm
z6refkMDqtv(+g;Ra-uoF(>x3`o1JL3@-)}-2+cQ6G~e?y`+(*%Cz=(EhVFh}0?m6)
zG#~ObZvo9)B*j(}A`Aa+JuP6^@87LDof6{v!24lph;O=s+ZS^?_|?VS4t{1aw}T&D
z%<bU27IQoJrp4S2{>@@;2Vc6F+ri%_58vr*byy(e9CCIE|6M^Md|@`=3DW9<7?>#~
zLqZ)ewjCZx!+Ikz?K1P?3Kn9d%WPB+=18HlISbpSvt<y%dhja`u#S`%-}j2-%agy0
z@Er;bc8(=SNq@3r8h(3!k!(UxS|pngY-9w~Hufu)oGdLXl7YlNroT`FWsWQ-G9b9(
z<`-v&$d-p1{iPEBdQpWM|2jx|ij|it4Jbn8=&95QHl+3JN=WIjBIrr0orRSC-RfhP
ze>HUR%i!WyQ@a|38rt;xELvn;g}~3nuj+Os9<@PQISW`9rdazp6gO)Y_7|{8Ya2C_
zJ~vd0NtH&<!iL^Ti4a)xp1``yBF%H-FUiHXHfiEpx2~HYtbbNuwp(kzcjX%C98cl5
z+uC>v*S~l4hy3FU&;F2O=RH`wCX5$hN)iieh<TGFA**$6PNI;_wdf^70{YX^7M)(>
z(%I7?UQ-i?_H=h@Pwgt&v*6wPYEK_+{HciCNzBy447G<fNF7&$;i<9Q7K7`yDDk?~
z_6&85KefiOJ-t_YZqM$y|FAtKY|q_?Nef2F?O7TGKwolu#P7Uq&qp`4?OFSsV|&Ja
z?zug8-np;#aO)*evtHhLm|cg`7EJ%vyY+IuQd|FOPWAuK3eWZLT}A!r{fyj%ap*J;
z7!xY20JOjmt=JTGgNEe6z$8=1fdPxCDN)~OdJ_l~?*qjupy&=Bn=lmz(GxUYV$b{r
zF0mc%J;NY80K6B%QKo*wdWrd~W98wv1NWX#?qc}Le)s;@8*XU(@9;NH<G;L$@qhb%
z`!D+?w|y4`buNQCN6^00f2x>a?J;Nr7)qnQ2FFn7Q|Oz9jT02KQJNk5wTHe50qSs$
zy3yCpeV$!RD8m}dqq*GG`k8rM+keZycI>~7%RKkr#@YYCKmYP4jUD{+hc+YiHOOos
z4W5GJMHT+lef#HcsBoAcUpcnVywr31{wR8Ieg}IhX&P<Vo~A7N1Z~(Vc&aBiEP1uJ
z{O;D@+V(VZYR{C<Jh!Lz{k6yFz`w=9SID1%f##w*n_49Z(d*zkHhibl#@NUu!*i&A
ze~0>~uXe2e#wDKXZ=Ur(8~<?PeZ@a4WbqFR?+<T!>~SsLv|{M9Cx`{eQt%JIr1l%S
zR*KaprvLP%8+*aL3pujqyT<SQ!|G0c=Pd-SDXEnGWr&QM`^Bmh1vhs#`^^LU%6{jA
zCU^zxo5X->uidP00QPMn$2Urz=N8ZRu0_G~?ZVZoky0-=c)s6{uNu#H1g((^Jl`Gf
zy2JAwXHnxVWiU7Bfg{mNJCoHV!_ob@ork)}FuuQ3R=AJ16!ES*{N7_TD1L8~mSi|9
zeAMAwzB1&08^1S+6`t&E;i>l#%qfRktgx1kwnNv~{p{}!_P3b*UB~`@-Ht==%{yG7
zqW6~8)i}03e;5z(Nz!wN(eBZIkb>U(QQbQ%Gm2$O0~NF4B&h>SJT#CqMNY4a&Ze6N
zI^y|g{Y|Md<c11Sm;mu{YwPF52Kz^EL@z41-eZ?M#hEJ5NJ1K1^(dD-;Acj}r=(c@
z+Kg1r_cSj5BDENXTeyH9z!Ar!kNpEm^`mo78k-3hKHGq<$p5V`!Q-ymEAWQ`j*JCN
zg3Ex76Z->P_}sy-J>!G+yhb$NQtXCR8)5mPjeJKo5b(*AuSpZqvf^^G#xtMBmLsCa
zKd&^T5pz|O?+;n1^@@*S;fxLrG+Tmr-%Olq{>!TiyuEM__NcWN{tvsxbFvq<*ke>b
zwWc{n?mBXT5_hMXe97ALWgh8qLQ2*M1|z68B14CbKzne-?%DV;c>kJ%{i(5Bs_JY<
zKjFWa)f&wj{QI%TP@NK#2c7M7*a$v24{5}<dt4)iOf)J1djO@Wxoq?dGiiN7O~m9d
zE@Q5Cpcu)U&Bfn%b+&9~Ja%@4i@>=MSCb;{(VdqHWV74CX~c&KWGmW{CvdK#?5%7m
zx~jP|npSR0BJaX&2|#YaOtmx%jxLRDW)Q4z-*st-ap<nAD;w)Hw6PXHPxT1S*NcJk
z`AJ8{83k)cyXv$A9WuU%>yWe}xkH8(F}rK#NYiUFr|esJp+fbhX*F53yKYE++d6{7
zP#gB1FMAJWu$0cfXPqR!7bN{TNwzsWG)cDC?!=sL0;J88&}%4^vp;11LThGm{z5$x
zBLwzRs5Db4GItVs>=+UwH1@Jo<oGtt0iWCFGb-P#PjkTMKELDv@wu;z`FHTS+xa6s
z;B)U`mH_VXxfkA!QSrHrSsHxqtD{}wbJtuV<8!ALIslD8a=+tq*Glt%&%JMP)%e`C
z3T3C3D-+SG)G|Q9=RP(OM=1V$1;gjwJyF&eZ(-y^2e`!N-Z|O<pS#~;4L)~vngf1z
z>&2=~^XP}DP4n(3Ek1V*(6LMN(WZIiS8YAvbN6>Ff6F3@&+V0c^5GZ$xqb4M_o}c@
ze#KW%?2{X^-|p;_({IM8_Q{p6XzY{ILNxZt3}0V5_^E849BR35`{arlvVAf+Gt%NF
zm=ycu9oeXvHcAz|6!T5Cys%fWclw&#*e9O}0cNd}<3E1N*^g__tNpa+RZ~*<!Q4ry
zu<Gvq@&q)#QyVf<^sy!6EQ`7*ee6$^=O0?=>JaXr5B}(kL%iU{j_21q?|MGJ&U*d6
z&fj5*zA-|hZY&Ch2nYh(uO4<;cNhAD^QX1-AHK**|64`<cTcIh{x0!T=cYR2r>1;z
z|M;mteCioL)ocC53&Ehj0C>~zol;s$uk;riPHFq^u}_`G|D7tv|Fs8>7rpo$XFSEb
z1r$&5@WQI_6dSyT`h-8?yvA<~ck#U<{NBA!tNPy3$@smoasMm$jc=yikA7y`By8Wt
zN&gJLaaJSXarcGa_`;}v55KYbC=S2z%Zv0l_0Gk3NBqX?tGvW-oOlss5(oUoS3i{T
z8+X6?@8CD)zbS7xFTRYMhffUWJp0tk^4>ClWuNNj4Su8bLcA8gapMO(eq&wIJXiRQ
z^FMHh-^h<=v7o{?b`6G@SD@z!piM9Ge|Fy!0!AzYv6ouxQvD97Z{kx?7ZwUS9-~{t
zKlF;AaCfKAR#3RRP{8Cf0w!Nm${#7d{xk<XzEDNsbMaNcyMxLh93LDe7+T=ac-~`S
z3I=L}e5d%|DXuEZ;P?Vq{bJSnO@aE|<LdW$t^*#QTE9fOe(c+_Irmek9^v?2V-7El
zp2+O9o-m7fA_FX+<pdAP2f|izdla^!$nQJt@V7fZ<cpVMR6pc5GE_fgGJAe&Cm(BR
zXHC#ybDx=yiz8I}>J5s*7r>NLf!->o4EF()2Xll0<x%Z}mq2;z=xbhwuqt-5z7=G;
zarY25Zet_VeXU`C|HJ++ZKUYJLZ$boaxig|$DlNM^3Mw1uXofK8T#UxF&xfXfYfs<
zo{OR3Qm3t`{rcrGg;|738Mkk%6tx(|cQOS_zqSR_Kjz;IgEvXy^v5EYzobTAR;lCh
z*$jA^WH3&jJ?9NRTbi$YR@CCNF&FyT7Q|<ZV)$$Z9-j@S>r0_HU6UZrF#ApCDxJC+
zP*eta%!H}i<svtAx1||5q_zdL574uRd0(7*_CC<qz=$!?a)Fxc3#emam`=Mv!>q+G
zV@k0%Ls6epjE@hoM@|<;)k}!&hJQ;DzzrIcc7anb-571;@YxnHV_psyppnuTm$(3R
zn3B)H^kWPiFVMN}OcyqvRn~})ZP_EI0;6>onQDy3vL$t2Y2)hN3+tXM*L?=7dmVWq
z4ISnU_L>}cV}?$nr%Ze+%n?d!4%YcyR_8_d*p)qU5u#}m*0Cn6!}Ma-gtO<lCghAV
zDz1UxPtDGs5gTA<S%2P-;s3pZ+C6Iav}|&P3f=g@WNrl)PR5NtLYg+&RVa?P1q}`r
zZ0a|z#dA1R=jTx6UZp$bo&pM$f5#;bRae&$HvYKl5?P7`-WWSC)uV2&Khy2imTnI<
z3f5k#ZjW}y{7GDQSSE4ZF=dk69pfiy6@7!!nJFH;^ZijyVHc6ED(pI@J1Y8`u=l8^
z>g)V_g7RLd^mm%$dneQIJy^a{9RJ>qG!@=xW16fF`Zf)ffe|W%&?EW9*)1K;|4ctP
zFNf0)J{&3I39VshKWS+w<?T6Ap`!gnNRKODi%mn#)E^Pr^N33+a7tyo7F%WQY$v>*
za-iYye&)`0gHKTFX1o^fCu26%Ozwpec)Xva*;U~EOp(9oi1)L6iehMT7-)FBpIb$4
z@P3W}rANG<%|#A)KbMAhi}%xD$^+s36b+H_eqODlhmq;zk2Bs+`eN_#eg;;?3oh_}
zPR)|lU6HT;OL#x!*|KW%@JO7F<GOQ~Y$YS*$@pKE{X}=}$g+eb_U!Hw?`Q1|hdJ4L
z7M(@iVHA11pPI8C6z?Y-isJEpHWxbJ{ahOS5Ac3Y<W_<ABRrzY+4-$K%h?5|Ibr4D
z=iK1^JT~}2@O~n4tHS#Uc|>!6_utm8?(f{<{p>u&DQAa0tHJxRU5^)B;Qe%)$>IIX
zm>^&7Or7w5g!i+t$kTo$<NZ7_*b(pN;&{1gr^ajXezvBd*xun_g#+Ht$`tk9>5~+B
zjl7%UjQ8_Kij4PDFdn7xI*%%NKO@-(embBz7YtBJj84G?_G=dpct00N|7-Amewaa*
z*;Gj9@qRv=;T_&jIO6@ZCuLl|5wFGjNtxk-HS>Tzf5ICs0DVHpiyS@+hv)M!tYIF{
z=k{B){#_~^AYo3urN#4k6bN`cpDk}`@O*M1pU3lAf(6rb9?xgyTQ2c@c8+zx^BMV;
zoBi^gN^O)+YXpAjMM&rIe1hKM@O<(im&fz*aaBIx?@R<r9?$3KbQgF&Z&k)?@qE6W
z?xwu=fRe}anK9i1p3lg(4tPF8rz?0qO$IpN`8+nAwmhY`!{CKXSMR<~wWN1npH<@B
zmyG9AAG}B|yoPsQ>GPcMe5O@8+;<%;px;_p8L!3j*-+q&=d-sLkLUA2!TsX-EPwo;
z-<QpuT*ZA^bPM&q>`Zgd_hsFWaV&Yq5Y2sAbFBa&<M}Mfmj#H*m+t$%Z2L>H`tr-6
z$dzKkl>4#|h9V~u_Gs?QrVW*KniJVO`Y<>5Wo8&e1<$84?*Z|A);Z$&?9eHAKGUzp
z3E(shnA|S$eA@q);`waa8KdC&(B0EA4|M=#csyo!KI;$1D@SCC)Cta6I~XDY?z*!m
zz0~t&2NlmJLx*@i6+bkjZo1Txg@FUmw`J7uGTggmJRekNkPS$Ouq)p`k9a;GaPJ#+
zf~HDFw^dqE*+Ed=c7^AY;h5nT&!;+q_%r!s>Hx3sd{Sk>i+TbvJfAJc8Zww>3l5wE
zo=+(H9wSCR_L2gcPRgvrXMsVy7-cM+2!@5zLbj9otv}-VWZn;+PXxpB0b?OhBYZ6&
zo==~{9b`P8MND{-hYEEmv)GVRJfBa~5ja5}sVEM=2TISt=S<dyMRFTHXKiRM<M}k|
zui*KNG<b#QlPu3DhUa4~k3;>4!^C>_KtsXf#45wtfqE1FiXg=E$z*dbNmKwO=4pCB
zdi1)RIVa=!P?V<68J<rvL--ksFh5^&_&rp4hR?@YM+M55D+Y$S(oDwlxhN`lK2JRC
z6`l{;)lC6@dscdUG~)Rf*u<ro8l<5h9+DkYWB8oJ&|q@qn$2J}YbsB}Cq++qKA9?>
z51bM-cs@o?<HGQKGVT2};}QhpVr0C4j)(8x9TYsDsc)u&EA{GHyest=wP@Z*%v-C;
z`?l7<hv%ci4@}a0AiLIm;`zwEq~Q4kQS^Ih<Fkn8Gs6LqDF{Oxfc}uf@1dGOd@g1q
zST2uXB^$vevPSuxc(3q$7}5~p`81X<fCk6^i+Dcl6Nu;Yfx0>q-%C_=qJ<E#iOrm3
z7LGWTfz3ow7iBg*AX7Shr31zDiGuPgc`zhIvYHhvaQHoxHR7|8q3EQ_C^{JoMaLj-
z63@hW#Pdn1hKJk?hUbGS>Wz%6K%gIKD6&!9p2;NV@O$Vg#pgw=Ci~@@9A!0mST;4?
z7h5HskK~U*Qgdn9Dx{CH2t!#{8mr+VoS{Pc%-@VWb`I-hikd{}NiPGPG_||~B8|W&
z7P0E*vR;mm`Li4t3o`fPGu$4)-vIp7;NV6ws?Y5hMD>vw`+oY@3Du{%z953x_2odX
z=12!4wY_?jL-oPFCk&UN`apGN%%ZqFAf*P7#ug4nRG$D9)n`8|DS!du>=zK#2P!{<
zaBYOIiDIZev?++{b6h}p9s@)5DQ5+Rs;EB4nMfwb%Y)Y{*=t7jJr@2ZN=Ee&8LCf1
z*+Oz(Kh;8VQkDwo(~Sjw5m`a<{Y!xS;(YQVVEC+m_2m~vZy1#^V!S@~0F=Z}<Z7&x
zBo3wrO3T6LTn5_%SWtAt*0Jg}kPRn{{oH~Ml{kV9tz%UU)N!Cg0SG!IMf0FT&(Mg5
z-D1CU0v#%z#eojJ%GP`_*7mqudkLS*S?z;h!(pI9Al7L>hkyr2AHAf24uw`@phJ)$
zgAVP`DWF4{((C7ME1*NrB*{F2#Vmk_zU%>}rqqQ!0H2WBum|8&l7T${&zEYk2iU@;
zd#UUy0uGy3*aOIR(rNYpwULgbA_9>UGEj~?be-2+A`DIQQCXMtW-98ww5URpS&4Mf
z^BJ$Rj3CEP<+=n9ny#V~Il&E0cM0b+%N^X%+b-dT-ecq+IFf(h5{GD^OSqw>tdLO0
zMy+s(EwqZIY9qIN=OfEOeCm21d5_~$HzPXHx+>9$X5Ms-PQ-J5eSr@E6eZnq2~hNn
zCRs5?UUS=J@+sGFMxn0Zj3ywQ(cv5_Dvj4b-i$*yoDG;aQIj_T^A=*>6ir?Z=Dmq|
z(=>UnV_rJuP1oeTiFy4oZ?-0HCgz1<-h55oT+FMFc?&gpA7S40i8ODyCT|Jm{f2p~
zHF;lP-X_djtI7Ko^Oj)VCQaT3%$tsRrJB4gnD-*)?bYP{gn5r+-eFDNLCouddB-$)
zzhPb@%sZ>eJBfL>UZr`LG<oMS?-=G?*W_Jwf;#F~&LE0Fv>4ULC|Hf<jyN(s7!74f
zeSxNp6V14*NJGyFO@ZdwtBy3+Z{Y=SfOM-jAvos*SaV4s_!S8Law0gT5Uc}&pPdNK
zC<N~V!C@zYKN%(tY%9_PpxNa_bMO||-Y0;j*okHvPtyTtzICG6$kS8@nlGGaR`WEc
zdJ&ohPBfqKG@F6u9VeRic$$xaCeMjxCQmaFXmXrrrtmaR0?ms~G~;-h&Or056U``|
zrWVi)bfS5Rr#aV?(8M^=B=9s_fu@@iO(dhC`|zhg)7FWm15fiB&@|?-kl>OGe>Kx7
zSV-F+=dh5dU~w&(6D-aqbArXM$(&%ZJDC$KHYam}#ka|vV6iNj6D&SR<^+qvWKOV{
znydjvN{N$!k*If55_z=MCwaD7jNmbafLc;?j*}sf+Qf0*O`*xMO+{Un411QOi{lI<
z{*IL)kIu&;Oj4$x;2|A}m2J`X#Bz8@#j!FT(pr{`_g}FxIMS!FG9J=<i~u%vX-2FJ
zW;8Wcz5vULMVKTi?a44n)P4etgdi35{W3n%;HNo!B%{=g6_g=$h(%@d)`w+$r1Q))
zuhr$N46f*;f{%3Po`RipHHLx<omcWMD!&A~^Dkc)zpANtMjz1miACO23cBp#*VTIp
z=uxQj5_!Ygj$tRYawsk-20Ib>uC<1mNuO`3#bih!G1v*48Y$RG4`E#<5;8}832*R|
zPHv0m@RMF0>m43Uhyz|lwM<9<f(0Wy`xkT^@PCD$)M;Nlho7``j5qj6=?-`g@h>~J
zXLqXS_B`AF-@#9+4Yh}5Ox-<C?~Uj1la9XVE&j&xYuffqALr!%ky3^Khw0zJPx=vB
zpx`HsJ`&I2Ck1%jp0iiA?J0f93IC;v_G}dY9sHz$d*eC$r1%%STQA)m>fgwz{$qz%
zf&Y{65AbU`KkbNL^U*Ky9DdC*cnXpm^-9Kl<JY8LaaccN9oskSInV8Dc7N@2i(gX*
znxf#>T>Lqn!>{?^d9T+`xx@My<Ane6Y!&z~@&6Wn&As2^Rs5PXYeR4Rzph_)z!Q4W
zY5fnYV*SVcuj1E?G~SPY)Y4e=k6I9WfA}?1PPoCZsY8ZKgJ07+joK?j{}!*suc?`K
zpZGPu7C-EWUo(8Y)-+Q3ezbyL)8s`JC+6M@?(u8pcDyhAnn%BLi(m6WqFel$J~0Y@
z&5{??dQE?!3jCUi4prmVEdJIFeoa84JN%l}{haY@-f3C|e$5LW>LTOUH2l^Beoc<q
z9ez!VeiXl^`du=d<9yZOJUjCL$FK1ozs7LtDm@ScvcCcBufYCRp2WZ9^e@A&+4?qz
zUsG+zZQhb)#oID|%_nc89ba561;6IEvfC^(mt}_5;_z$6u*8RIai+D)%g_(!UQLhq
zH32%+0WT}qphDK@<tu_Z?cGAw9HW<hF&-gn0;6e=^F)2@9cqV4)&wbZT{{l5<`6|~
z==S4iEoP0`a!Z<%#bMS=*HwjC!^Kn@(#{*KngKdNaDi20dP+5SWoQ)vq9xhU=5-{y
zm}54t*I4Kct<CFFcbGN5tmEu;pAXmAydJruv3Y$(kIOnbg|m5`C(4GUGeuW!A8^5&
z`&ty;nhaE8S#=_w19&Mt70&^@oE=VmK-^l%D*EGE_c(x;L`(1Bn9|tZ2EjVg<;A&m
zAzIH)9hvIU+v7>*?NL{%(+<K<%a&oRt)C~zZC#ka8_}MVrgp`1>e=OvMzo{5sy-db
zU1gKk$GbWk(e~^r>ky(6a4GGm&bhQTRbH;w6|KxxR@d0evi-PUkOSVz+~??iYzlI~
zTbcaa1LCbr3;B2OR$gEjD}c9BrwY84u(cfCN^zJ5Z{^LFF7Z}AdRE3;DUWl;Tlu)9
z2fUS(XRF3r`8ZB?Dwx&<$D?sI1#e|s7xZd5yi~?pdA5r@e1jPId4HF9E6=oaz*{*u
zOoO-LALL*k`t2~)=Je%?c<7O5Z^sEd-U>v5ka7m1&FR$_JmRhV*3zN;LBqVqTS*W8
z=k}w6lB%#DrLh*6{peHdw>$gM>)&zqqcb{c>_;n(YwSm5yp@qdW&6=}G52jhS`Z`K
zkB%|oF#Gx`_M^#0<Pyb8H1?y>M%jL}2YY9quN(W(Y|1+sx3sQ%<^k|lisn$fl^_3#
zca66)>KQNaR_347p11Z6cRK$*Ud8!0;sNnWPBwMMEBPw<{_#pW4F8w#O4k1sui}+_
z|C?9m)$|kE{#*T=6aH;t75KN^J@+3ebkcLQh3Fq={h@y&!Qp%-tsrS+z74a^CZ%cT
z8(4=4+VLPfCW3Aa_h6k-Ilg;!y0YLHS_{JB(OG;T050>kML>lVZ|{u(xVrup0PZ15
zEB`@^%0x>kg*v$bhA-`4rI*1zL51NiV&PN?7)_A0ExQplD*|ap77oi>D)u82KtK!|
zrSO^ys-HG9vVD?lLW6^&$^adM77m;ylI*bh{63Te3<i&;(O|Bd6`TZ)av5>q*Ud$p
zdijDqf1eoor_BKJC;XzVm)t-7i@Np@^GXBoeqwbuQX~6zESz5Kx2qIOD*ec5C{T>t
zuFnIQZnN$NnAX;BZp2y;d4D}kyC>airlvhb)6PogNg8<^Nz+Lh;ckb05(McWrVr-Q
zZ6C%6(gvEYFBk(hq_M#Rbk-N`YP<oyzERRWB2v(u*BVb~$S;%5+8clM*IBy&hl7}R
z)Eq;<7MLvgSO!2qBms^^Dx9a2ZT{gzgx?Q67)aKJM9zm%`PZZM?-h%MnG$RknZT-Z
z^nv8isjuf3Oxd3qxIDCZXr7LRXaWz8DE)ievtBn90#z1B;^*v1fz0)mO1hTP4Z*nP
zzDWvEE`wl_L_lc^`~)s>4SK&mUtLX<+E>E|n$t(RYKPOQfh=({q3uZlwmK9q1!np2
zM~yCmM;&CwhFW>|fX<cG$`qEWwTYqV7j)DLAxd1NU7x=Q7+cvkQ0ACft&tyzg--;a
za_DIG!(yRc{@ql}D+?sAW*@VSOe{E^-Bi^XHG$`j>T?H;4(SJz<t~K~x-JE^fPLw*
z?Q;#ma+Sc|90}gV2~8M~zcj2%m|!7o*(Pa)bud<gYBxb9bm_WDIgU`<oc@J=icKLM
z9E)tp!=iEGIc6RXQrwOXbdL^%FDFTj>Kk43xesiJ7p(>NT$-BPy-j8RH-~`i-(Qve
zO%VTzCO)GkCX>WunwX&`K2H*3XyQaQ@m1~7p~XGCtEIDPA6a_V+V>pqa|3yrFM;OX
zT}PTP?s7D50nG<aGz)l|Q9v^jO^g>lmFn?)bL1YLZwyi=cxwlFw2ia%VCNOu;SET?
zDJK~Ef!1fPqO=0*qprF>Q~@TpEeGroD7^xYO>BZ9DwiL+N+r+ATRr5&2&pL>^C0N}
z%l?&Qr>pxDNVM{#XLiPoKnmbID#_&E7C3AxY5CH@(DER4vbQ9OZ_~suwL3a#Ciu7X
zsK@l8&6-lt%l3)JpYl^6(M$FwaFq<7N>}BvN@}55U1Uap++GR$+q$#9nzVJ2_L*0I
z1|qtbXgMsk=|xvf*bvydea)6JM8cS0&>W~@2+Mpei2MyQ7mW%fe?yr$>Luy<@jAL%
z=-zz3F0K_GaWy+#q3tk9p|wk!T+u$E(56gLXwOM=UC~C+?oq+U^7_<&5<0(|+WB1}
z{@Wl(j8+q)NTNg&6V*hscGjBMsl2*0u`!voJ?&1>#uS1fjakSZhj?WQK{p^sB9As7
z8`z3MgGz!?EMFgthqiBm+4(vWVKSmCdkAyb3Cn-pU@BCRnHkE@%uXaBh))P72?jo)
zoAgYiASe^|+Cc0cWx_)D9HWWxYGNG3f1`=R)Wo5hSv(yYR)@{vAqHA?>o`KdQ|aG+
zNmgwz%8rckDJM#~H}#Ct2PvhGBIN4B{HF5bIckwW<j2Q5I?9h4{l19jMd|5kinv&t
z$%9MHA!NhbZmhWg+|tQ*+cB7~E0|wIMl+x+Tj#CKA|XG!0UcxhlA4ddW(VVrKq0G{
z2too8PYmq7qo{WP*%T|K^&LRz9UqvN<0t56ccD7Qb7Y`lN4rQGV=9UdO)MM|NGcd$
zE^0m&V(=6-EQZiEMRf+=f|GQe>7)7!o6x)euS82_w0(R)^pi=_>W;K8g6OCDt>`m9
zs*Fq)buk(8x2Fz|3qKuxQQJS}!knB$-8q<VS0bodW0Rd8B)3SdhEa1KIPO?T!ZCYN
zsHw0z`AxVk5h|frag<18$!*DE<en+tLw`IsAVhH2cRl}`K>N;@_1%fgs{8Ks_Hy4L
zdP9_c_S01H>E;vAY2*`i*(auY@rfqfC#DV#zeolrF8rd}KdBie-392M13hT}5E&SH
z=MX-@916vblgdewN$D8EQnn|XNXKl13z8^zRi0moRj$RVyzAwvtNeVsFt=S0y{bPg
zPshr8&5QCLZYOs^Z!$xl^3cJ5-@w||ljpw|rLPZFOP@MK?ciM2zp1Q$U+K>G?}X=-
z{$2MH_V1!GeE;?qr){V3a-@sbd+g#zZ)m$XV_emh_6v32#mBzXcCo>W^47Gaoq&gm
ztYmmCTy(!yTK=HrGvB{d^(O|lbzkKU4pmO`qCB04^6ph&mp;PEYv@IJ--OVsUXd5l
z^ZJY*;8|Ae&LVX7m2~yNI*~lu+SnekwX(IeHMcdjHAdAn**~W>XZp`8Jp|ZRA-Rew
zwFtpm=(FWL<m;tgFJOxfsY!;em{g2ODib7W{~>8kc#d?l2~}Vu1I>j|L`rFR@o&n~
z3(22N7N+HE_Ul!<GB3~%EwP9^7Bw_cq>nnoet1IIWMJKV=_nCV8Cxg980=Pf_fLk0
z4O1WtQxF@bt}FYaz@!ZP*fBUz1|h3CN>6b6?9eUM+u({Nn?nFVs{~M3o$FHHF4SN!
z2zDwWgP5q}d&Bh=w4!US(Vc1$`LpR=b*CDV6g^n#9xCrs4)R(9r8RlmLS^M9nHA5P
zJk5$XcA^w@Sx+SVAK5s2Y*Dvh9O%236wyCGN<vv%l1QRkdjMtpEK|U_B7sP}u-7(x
z8e6^TDsA;+gvD&Ku|Cder*6IuqeO2L0@L-Ei?8Y5fRj8KtWY*sS1M#|)M#1|+&h!f
zHoSl%7R1^Y2<;1XXx~$hgwZ2>1gS3hZn3CK$Y3tLZojux`5x%!r9s|&=VI$HfvI4k
z$#<eN@RAwu5RHP6oAVGXHtn@bDopJ@6CSZfQZ>VbKr~f7HBew4D3Gmxvnh3?ngX{p
zp!6#0)Rk7RQ&0GVN;6YgDJUc~@(Z=Xz+EH!ptLE(C{Wla+81WadC_7elTe!9j@OYy
z{+0a{ej3jIc{h9Mr?(<|!v?h|v8)89n=~#2MDcT=$a%!as4b$kQv2Tex3WQ$A4X25
z*-h0s+XS9Fs?Qy?oNW>laHFKQb--5K;kbZ@z9^|C$+W#oW?T<sAMO5z8Am?7iAp(z
zY?^!*ij(j6=n&*z?C&o4Tg6Pca7~^G4BA$Td)|x5a6Bli%A$W!iVl*8MUv9JC_FC+
zXLK?wz`PtI5lpNC=vUYzX|sUxn@*drInEDTOKyIk@{<<QE5oQSS_V_SdKjCl!RRto
zm=j1&mx~{H7z`c=|1g4{S86q~k&s`U{UcBFI-#LbNvU*jj853pPMvEf%{bSFhHB@U
zK0k*HDoh3Uo7@m(Dm1GFVW_F1({sn3yefBW8>M64PV=H;+qVp3o??YjROr>uPGV|7
zPv84M`CfJ9do8{B-i8)V-vj%!@ZaTujHfKL)8sx0FoH0U<dCA`?`39)x?>>zoyZ^^
z-q5+je?4$jz3?|j-pFoBRo?82D2Z>SN0e`Eoyp!J#CY6Ww%|a#TZ1gSwN>@XFr`;~
zm0qba`kLJqQPrE&bd$bWO?h+QC@=c+#pas+gfnF=Ur^6pE>4H9r~&|HHuV8}GdqQW
zC47w{9u!3z%%o}=wiv1-Hd(5{V-(rj1K_%WWEN|VlZ)ZdYA@qE)z1{UPhYeNGRE9U
z7JV~w=y@OtM0zNpR~G1#$v3hWfN&m|X!$#_-34)7rJerwhADEJK7Ska_C6z)-1Qan
z?&?GfVaNMPw=@V9*CU->FGl_(>Jtu#I!V;`J0KPu1jT-4RtwT0zd$Rcm0iN<o?cdl
zXb#Y>8sWdQXH<e){A{#^qUF!T$O?V_EI2siZL1{DW{YIXyJHxiW-7VhYqD=MTTY01
zC+>(v9e0UEetYO4MJI(HWcP9Uz}R2lU-K`4`g(qc^!3b#$i$myNEh|vO4Ie3#j)3-
z$uRsP;2(0T-{L1m9>^{=Mefcr%n=KTB#}rO4f`V*(Cq={$ntC}__+swl4n*^5R$hC
z!1f<VV=X}gGD%Ig;=MEK^q<u#_VZKFu%u0tXJI;mDPEtD)>H$>2>MuOZ+e2jPzhi@
zQUk#JO<-l!u<R1ubFTeuqI*u%rVwSaE(vyZ!$5H#!2A<7CIexASue6htz0LN5Apb#
z^a=qwp%$6m0kE^$Y~gTa;MVN)h<qb(PrB%jHv-%6n+5jlp|<C$T6(sN&P#7_suxS|
za%0WXgTr!^7p!xo^1ar|_fDsH@x3=1^U_w4Uld4Oa7mMFDtscaFuHd^@zj{`-{Zos
zbNup^RKhRqJHmIGB1`r2N?^At91Qrc0JCE+g*U}f(d6{J6;IElQ+6pr#KOp`g@t<;
zG`$DsUvJv-ogqvWR=P)`a1uuT+D2CO#dno21}OcvbhsDa?8|?1OGMRe`}|8$P!|Eb
z)!Uoz9C^5ELFi|@+z3TJmHv9pi^3<f!c+Nklitw`Gp|p(-l_EJL0S87_0WJOwowy<
zHGAE9S|e!%k!@|O92{5g$gILba;c-VSk$NgZ~*P<wv_y#;&OPgH1z35Nm8FDpNkQs
zKEtorZ6UT`0Anwc=A0l0af21W;;e8YwAHrNv<29z+5EWUc@W`V+XY!<a@GDuVFDf*
z7S+M?S_G7<zVD&$9&3chzG})F^qTo;5UH!%9=Dm5%c9ZiuG;Y{J=s?d9w+Z~pmlAd
zkTtI(yV^a($i4(Jr9m{SvNmSTAz6;+$zR06_@LaJCxxtNhohmJdGnZ6yWB2ID~DaP
zTZ<o}(D9<>w#6JgmW2{LCpCW#Zb%xwNMEYcwrhg0DFI(gv>cbd+Huu|Y2?a>@U)p3
zUHF_|!SB?R6m+dg`q|a}TnZMXfB&RgZ&(M!nm~pRHIFRQ=dY$;EEU_`6Z1+dVL!Fp
z67%jE#!nDSF8PXt2U*I+^>=W8?`vwcV?a^uZT*WHl*JLIRkj6fv9=h}P5N<L=#I+C
z^ZoRJwfB*K2JZ`u(bucJoBT6)ci^>t`ZxUc!N0Nl0!?`(eu<GgvVS&5mS(jParYrL
zF;IK?LLak*2pV0;zD(vw3E6PAWS_^Y<iG}?@S;6AI@n+;^815sxzTyAgB;b#M;2O*
z?1XDBilSnaXp7<aZ)~uU$x}wR^3<2GYuLA%M#T}?V5`1}-qw$~mTdCPj-d9N5sqS%
zn7vFyG3th?-DO^kA|2lPA+TGyYa(KliHK2V6r=jP5~Iu-F)Ec4qeiyFu~fw<(N;4q
z{4^&=83$PWF3^@GTF#h3j+#g1sIp4(EP@<mH;jMDRC1ZfQDl3*DXx<TS!`93Sk!U1
zEKrFcP*Hh`ic?gYiYDUJ&*UHT&yMmGic=bCY6p=%!2yC)E5M}6QzluS5<#AV#nQWe
zm_So;T$wzTN(OhEB2O8iXOlrnO~T>jC99`Uvf9<%vt$*<BrCl%^loRt+7czJsI&0`
zg9d~Z3>KVH`|qh_rKeeSc390+vNGbyhSd1HL2v=L(Kygiu6kaPtIANW8Xas*pW|Ad
z>Yhj>qpIbpv(hJbI)gk#`@*(a5vqpUMtH}q=A3rqR=0<EvB%913=;_V$tn0<Kl>2R
zbBs`Ul!oVQ2vK;B5p7vu34Gy>=e+!YJcr#+{9p2$MSA2nM))T}<~LD<-{cT}b4KAe
zfy_WP5iO9ifZ_1`22Ao8N*+8grV~M}l;A{sPG4|QVK_OI;XLGn(<xKB-Hho%>X6JS
zH1j$f>I&nc#4)?z7#k2E7LrjLFA>h9L>&5gkdAVw2;fjr`hqN~vKR}T;ct`EIq$=|
zz@W}N2!pDxFsPDX8gI<z3#VCVHsMB>LADjCsTW~@lqG$`j&_MKsp-*9|0bx_x#OJ!
zTiT~#ON`&K@z?UFBfy`Ic*mc1)2d~)aj>67ekEE0UGuA1b!2`;fzZdIu^aHKGK4<I
zCB*Y9d3wl$o&ONBEJGL1EbGEunPsi0BrNOCyQp+BioM99%6fsU=4mJ5WqYWsU?Z}x
zF<(>mHHK!@F;7SK6{xVU4h@{m(Xw7A)v<)90;o#g+B~RAui9WF<qc=)e%z6>EFR<q
zXX#xV)rdws2N1sbvNPWdtm-`KHUE6>h9mzp-WUH&`pdDEKMeGul|yO)|NI1+04!9f
zLTsDZ%9Yr*!W|18`@k$T>i?8~rq*;Lul-2JQa`(W6(U>geamYFP%>qbdsUGw2}HJ-
z!8#|AZHar4?X?>Jg2?t&%LfqI-f<S$Ui4OEOP}+9Ew9ZA_;=*Brk%W%*S@%>%4?;6
zXyi5Ut&k>vNg3W8npLO9C$UUkYr+=jPxW2NYg4QJzap<)y!y}Nwd21z@|yvPUhtc<
z)d;`I`*9X7vryOSXQp&EI@||}wgH;`5Z50}ZFT*Lmi?@^m`-0`@B^x#$r7ZxTe60V
zjxpskS%Rr>-d@y>KQ+<qH~Uk%1kILfVmq6<1Yrf|1H_`q@~6`h?5bIUd&v^Kf=lp<
zSa2Q8$5XQ&COuI>mte<cjFpm)fn;)8S#-2T@}m0>G&OH4TXbUHZ6cIRgR~MG;jCLl
z%degn9$V25zW&6>T@NIW-0{1w^{9;6v$!5$=<?%mNzQ2Jc}ccVmgK|bWJ&6ANropS
z@Jo^^r_ZgROS1h@x+I4jGqEKZ!sc-Gx~`U_;G~)!gNsnxAFkG8AFzK6#p=6Rln2od
z2o`1XWmuFqSYO!I-T$&Q9dTTiYfN4&%O`y4vP8jk_E~tfY%6|lYaqQ*aQ(U8j%XCr
z<a2S}eD1gpNF4?6xq@QwzsQ{0FE0E#S@&vxnhLW;v+g?Tqsyp1`kZJvFP*+%x8rh#
z*G<z(Q5jt}Wv_>NHvcO@P@~5}JwFkz*=@bO>(n!fy@MZnJ4N)OmA7=DfAl}GuRp!;
zTOTWsbu>2rps0`Ak$Y9AU%N#tY7j>&<V`iehk$(gbb>efe;u`$a!~X}g}_7{sIH?V
zlGuSJKBp!=3;2gLae|sS9`L_Is2mPjSyc`PUZh=(=WVzejgsX8S&hHjwAKmglGndI
z`m(%mhXd(Tm)(<ED`nD0f%LaZccg6b=-=*tM}9*GZ}ht3zVHTr%cO^Ggw&rt_Sq00
zBS=dVuE6ir@cRS&y##*G!r$}ZcP{yDJxn^n3brWLkKosP@DDiTTEP|8I-O1&MQ?pw
zK7hL#ye;-l$hf3{CFod?`%@3Wx)91aME<e$w)MoKLH%tlhJRoftZU&PSPoX$HEazP
z<@2KJol*b&QxC7S-%(HlLLcxGr~M9;o`GU$#a>>F6+5?+5NH(hG~37s1EqLIxM?R>
zl2Pi+l2`0hE$%3NBbG6nWN7^nwDCg(5Q29nTDFUpJ+NO!!1ihcQ>##O;Tj460D))$
zSQ-G25tn+O^!$^(1UwBxSO8ODoPeG@X1sw(22FSjqe+FGE5ihCn@EDrUr@UsO2V*!
zEeojo4?>+$uOM_mX9&D3nggz3|NT!rAt=!t*s3oQ1EF{qc6fO?0X`G;)aGmxm<dQn
zVy~fhE}9yMgcne&r|VmESuMfcI0^RZK(XYwzdjUP-Rk-I=mT}6Sf4=V3~^SfPv1iL
za^=NL<;7@ypkJ_y7cWV_#$U6;3#}nm1mg3n@5Bk(ce22q4uUxo8Y8`nl-k93VM4g=
zPA3WkENGmvlv^8*@6Nb`^ERoh$G<aQdJL?3zC1Lr%K1{B^q}))(UbpZzO3k{nJ<R8
z2bnJ?V;^w7tc?9<^W|og7xQJ_tp}ek$+vL61a0r(93N9NUqVfm>n6AmUw~nQ$=qoA
z1dh9rh5+E_Mif1*z}&d;IMO7++(;G+ePxnVNX>we%VZ<Hb|6M+&+%%Qb(&!=j^c*d
zD22!1FefRa6{Q(wqsw8w-492LzL4r^c+uy|Y`IGJ4rx$dFNW!2B^{<24>C;ORN^pA
z+RFLY@z<kCiI#097^p*Rn8@%<NyM%Xg0n{`^}}U-Z=`q&-2H%m&m`=7QPcOeT^O*F
zt{1ZFh?aAkD8f_%G#${V$gxq{5Y2U<5jrqH?(rZ^2U^au?z8+VHGIqq`}Z52K$=TZ
z-P63XQJ;JRyRF|A(rt69>Myg|`~Ir=!~^!%!;f+OH8bh~`s+;Zs{3o&^#|&&{@1a;
z>X&%aU(E)1-(SBaK45>H>&^Ao(7q4QU*Grg!vCY<f%>aS1@_m;&EE9a1(Wyv^@aHX
z`|H2Gxc+MY*aP%eLC>oDtJU8R)L-YXVSjzQ3Hl4-2sTAmOv}W8txkA0)*lFYx+8uC
z^$jU2MQ_8>K+t))^xs&#BcAzh^c2t@=|7QPaOni{O}AyvP|A#AWhQ%5=C!M|w?Y9;
z!#jRoauqwu@}nDmAIPvB^=qT*6%>=IU78;QmcagL{Q(okYA)&;hw-)4_|JcI26Y<*
z5u$^A34;6Ov{i7?vKyE!y+q4Vts5|h(A5<Xy1E(!+Ywp+pAf*gL(fs;wSpTos-*ni
zZk$5CTFqn`9;ia8u<@-$0id;bCO7Uff7DG^I(fpItE2-!T~gux)C5kTmcPKb{Jj$b
z^}rDeqk?jC1`1h@ilYEUxu6-`;4*n|WzVeFdU!FojYvJsC_zxS)FA+V4WFluJ`Jyy
zQbpVL&D7WB_TU&{Q*$gn(Nby843N?RbcJ-eqkoUS;4Jvpy7q+;l_n%X6H;jtP)a94
z70t*5IXaig(W(!vt~zL!FM@CsAxCR8Th>s4++qEJW1)ez=JCM(MIB$FX}XJI$r(Sf
zaA1U}JI{JN<`jJ4angk72*PAS4Y`w(g{)D`e3*5(2v?n?W<-cbfCsso&1Ak5)mgqh
zUXW^b_oBm>UGAj$8X>9=SL`Bb1;X#K5R!!^l2wmp6~=}Jm<!2kq69+epn5>|A1cV2
zHowp*!WMA;uTLO)o{VuJ>J0`F?&!tBagvyKx8C?x;<URuh$)q4rGQm8L?YjtR<;wY
zV8{dKb3#^Qe0#C5u2@o1iws!6x2s8iRf@V2@zL0@O7X@C+p8LVY2IDG@rJ@ig|T6G
zifUhkq}-C@;-TYWjs3QMV%Zib0JO<5qQxp6u<F<Lt}7NjW!JBb4YQY=@D&f8D>><F
zIY8dfudOTA*df-a)RaGsR>5@RoEW}^j@EwmoAj#4j4oMF9dt$7FP2EvO_sf;l1sHs
z;ib@%fHi2@AN+=XZE?DO9Ql80@l}0hu>k6F8vZW=?kdO;4slN2Kv+Ukt7F&t>0hoL
zPEuyk09fhztdey75s5S>DX}n3N-Q|7&z}hyN`0^CH*PoU%EeYk#X|YC)VstS`Mi|<
z5M@^<rFOno>;=X8d{Fij#o5zaNtW%|W$F5t^W~5D&-aTVe~%OcZq85uCDPr4eZrJi
z76`>+HDAVRTES61-P8B|O3>@{A?0ho+UCgqw`|pmMcvwOjYp$S=^au-dZAA<8pe_g
z>ATi#1vq2Rkdw*0l4d{L7TED73@ThkXv2W^EkY|6vYA|nGa07r8;smvA+H1E$%Gu4
zT_#0#h#+K}S}Qb{w-B1H@Og_}s!6H_+=2yS^FO_60A(8V07MaYewy8ZTMyQ2pg$}t
zqtnoGUfQ^<9r?S(`psRyAc~^;EfMMpb403JeASLzMLr>x9QPG{=_I47{XcD;m0n={
zIihf^!4GC*hThN^E_ZOoiW}rAh&N8s`3mfeti~J@nZjg>5@|{-xm?>EUKVZHADw&r
zjX0Q|(N6O-F1#3O^SLrug=~elx^a!n&PXy5_LDhtAU#%p<fpiTomm~P#pyR5FzIfY
zT3ziI*>O(RfViT8_Vl<`KgC%NWS`XXNAhN!P#-ee$lE)~+xmi!D2FTqJRcL`)VB8>
z_^F++jJ0_k1lSuk4MO%uMrmvb-6PhOz#hS(vli9a_jnB1^2s<oy0E_ho}d@}1(%+n
zcrOj{FZHRQo(4{$s;8}jf<HuK|B|garr>W129;^)I1MY+O0HB-rBV@CsYkSx>M2)h
z;U`$Br`=Qv-2{2Cr0hnD1A3I7DRR4h*2g#PcH0C}@s)K`J-HQ8cZJ7(=?o65d3~l(
zV%}F!Lp;M)U#pGJvdhRJw}0*|SkvrOz>qH02obb9l(R_i^AwSZ1hP$gMrSW}C|_%*
zDvSPQtfPBz9dC;MT<Sz4qT~o!w97MqRRK40pvxt6aG#q@LCt~Bg71R}H%&<@q`8P*
ze{kg(U<)9_16bxUh-H3dK%w6S^uxQHbz1b`gZD-$APp=$)LAai_C1=^k@}}P)Jr-?
zl^`I!X>Vqh*Y-38^lx9gj-x0_-N=Wmr>`SoV^#f?a}EXRsBe1+U|VmcMkulu^UPy-
zE6^HpC);vtgKSw!so5>Cqw&56gUd9YiOTsa-}DgNe$(%qGDbTUGx-3iIr*5at?eOO
zJ)4iM4*LwDS!N?gnyr{Z2}j;7XEAcl|Jj+9q|bkiIX1c*@!4lPu}WrHu#)C)_#1@u
zIrpvK>(#4j{ocd9yw>j>?(^XKz2hA<`n`djA4I>`wDSY%_r`bdVrkYn^Wgfu1E+DC
ze)tu4-uqYd_Y)&|{XJ@(+tJ}VCk>0NQg0s-`Jj4xsn<W!+h1<4(c7nXdJw&R`%Vw2
zx4+WypXu$R+j%iz{y6#IdizBual&M*Qt=n4UckOD&t88*eM=?TWAs173x$5u7+_UV
zw}a~edE^wp2@iulZg~?JO}Aeo;%QkI8URl{C(WxzL{Rc~7WwP?{G9~a2i`QPx(M6M
zD-@sUM)db7u)~xZ`;Z~GGzhjOF!=+{dS|7EzZ0g0d?I#6*8uogL}t^pn`n2}Aeg<X
zFQ`RL2e+FdFYEIglHaiwYpi~4$M(_swcD@zRrAX_sb72Gx?dx|?5<*2iLvhjfn;~p
zkrK^?sS+40_ew3FIHNGCvY_~lX||aT=i8!z`*UyAnApR^yS3=M`q^d_8ld_^ek0ot
z0Bh!!e42Z+@x(3;uT-b6Os&Pp+y2J2wqt;`4wOVb_?YJp{(evS;F({^2X|3m#7Yz+
zQzf(Rcquu){6(pbqGCmvL14U2hI7>sYDy!;eF;+})&ZX*6bu^;<g5oA#1Za0fDR{J
z>z1EQmWuF;w(g*>gXKuJ`X_(wEbo5MDl#Qe_)|tPyC)qsa&jd@<=0Wnt4ztdsJ6Pd
zj=h~MfdN;q<noE1;UF!rtzfMbEy+@;pMl8|0eA`<MGZ8!LNVr|vB3ePUP0=3#`f$T
zsxR0n;H0r{6MJPy6CO>BJexI{DkJ;p*Vb+&=G{!mIti5kS)*WQ&Q5S0ZncNC$hLue
zA~Evs36D_YUd?>zm)koiCA%gmnUtA*#YQ;ARdc(O*%8218elvMB05tmI?Gk*xie(H
zPlmjPPI=Lg*IWOlg|Ze%)SU&&hh$2rB~Ubhv_?*E`<{{epOdcZ<3tG6id9eedX%hp
z0rz@XI=Pd4Y_nL@=ha~9qxcm0LqP(rgcnQSw|G==bUvhViuo6mo=$(>LqI&aybGDY
z8EEcoY7-9{XR4byC;bR$M1_9A*zL6;>5E;^5W<7k2IQ9P&%Ie=VlUVd0`Y)aC+1T)
zpaSN+M(jXCprXO>_?L8cLI+xgjdXyoW*%#B-LjiH^;iq+u}li)7vhuZ>;hVkCc1S2
zU4<^7OLvgoTdc`hhB-5LKo7BxV9$|OH~1NCLjt6lKVuIrS;0Z;R2;&@q7^-~crA$T
z5Bur$cwK-#zoi;-qwv*GvShQyp$W;8!8+Nt2K!A!{2aJ5sExbx-S04ROpqK0U0Th&
zu><6na+G}^#BS(s158IM7Sto1Zp$<kz8Z*M)U|j2MW$`|Ce7^d#oqVx#ZSj~aGvvt
zj@}a4NzmQXwtY_b)Zwt{J@ynR#{HK(6+_QC;(AoL{Iy|uO|k`sTrH=v@}in;;RGEd
zxR?dCXrg;Cnu*E*^P^J2sx$14*p(S}8MAc~5Ike2*p)4n5%)bP8w=e$fMfs8GG#&p
zN~c-klx6PlvNCWQ=-2w^rlkt`#rphE9mC7F83Y<Xjr`udsS&jtxA~ch;we-MEk2I!
zP!#YP7V2Np(lB{2d2RF}D*43+0nCfJuvcQ?M2Qq(?)9pa-2h-^2cf_$O}|`jFDTB6
zF&DP6jZPKdnhSKPs74|Od7$z6;;J1qZR=G%&j~Sn3$<@NCT-J`0U|}T=6HdBkB?DV
zWngB2e@V@!bYP1sgG0X>elNx2IWm%sMIGtlHZm6N>0=)gsi{=^Vkbb`&fi9M)y*K5
zN;5&#3^0!VQMwcqmGy!C!8(ipl|+6A=+wwi7X%g=iu~Tseg~1?YuN8VP=VJ)z67w;
z<f#roXX`1t9>lZRDeb5QzxsSLDis{Vza@X9G*T_Ak%rVP1vTEXqj1pcGavG5T<k=L
zdBkTu1nRTa=M6}{dI6LBlVn>%ngJvI@jjFY9%a;|6KAlbAd&?4H*yG{8`9%eI&*44
z?%a)y;03TTHx+h=_X3Z~oQ+-S#0n1le>n4r3UFZFFs8L|Obfn>SI0C8);k^82IE{T
z^%^|0o^;34Aiwc5a^KopIqs`0w)uN;HH9td;c&l%_lsoXxNVkU!#|`Jl-(9?HPK#b
zzqvEuw6{{`V2vZ4ojtaqY$l8#1iISr>r#UfSl)nb-z=pp%JBHh<I-eA*(XFxEhipU
z3oC7)3@oqDtlJ(Ndl1bwTW%qnP^pTY4c{(}YA)D5;cN>(+JkNHvKa1Poz4qwztWx;
zmaJ0F3mqZo>*Wjdys)w(o)<O-;CW%RKb{w!^>=$-Fj)?p;Kt;(iN(?@ile87ynDX-
zH+R84MiPjuShvLLBNjERzdBwZf_^;@a`nEwid-E<<Z5<`Fh^ST1$A|RHABie;g@&9
zNPZ2`m7Mph@e^s``c<^xnjQ*%)qTO>Q$UJ)T$gu355@YFoUc|?dnT#yh*ecqxP|+2
zi&(inc_;dk!WvXv*nvH63d?@hlvj3_EL2}pp4~_P*5`l^{t|a`=vV3&1g~0u)1D}l
z^rm*#>BC&7Yd;qWY%0&L)91H=L4~w}a33}tRv&Xwn;!p(7l<I<v6Z<nM*_d8UO5h}
zyC+@S?W%R`Y@sjk_i;VGP;6@t#V+t%>@l5YbUV&67iN;8O3l489g4ax4fI^p&#?P)
zZ_B5;S~_+LzAouW3D(;J-!;v?th#HC?(+CyAI;Qfg}H4-q36QR2-;RSyq&1NUFsLm
z$MNl(p5NAcdRsos1ZX0NvALH?PQT^k^lSTFNy>rg7(u7$sk_`X<<igIbDdt3PtSyO
zz$*0RYObH|N2Wdvs9hCdLsFQvsTU=d10h7)w#gf@y$m<v_do6-`%i<kk7~TzPUmxA
z=ivvXXAF&0FXI5|*6+arcjo#_nnc6T1MAm+(8PIDt&P$$e1z_+ttvcjH3x8CUGoF(
ztICV=*4nEKx0gd7ankGj_nWZOPBWIh=A#~}Jv-eSEEOh;UB5QLN56JQ(ZK6@w|pj~
zMqf|R1?dasl27!ml^qO{Ppvf&%`z$w0tAzNsCY%ZAie+J&QxeihMAxHhOeNX(SiKj
z90l^*PoR>8Ll@j2S<aL5tn~D2;2c0G@^046evy6TdqH`*JG=~GWuzkKmuns*FTbp#
zH5v&uirfh}hgn1LbHkk9NUlcSfS@$=OWCimuUr=7ue5c3XWMj$sjf7_-<jg-Cxqgh
zAXA(=?L?9KF>{VUiV|mvy`K?^&lHMJohkm9#@s4srE{Lc3cu=1cx@S3jl(eeY3J;D
z2f<?lvm>0dx4%oWn`3rk=j`RH1WwYV8qx-~`nEt@T`eXOTSss0LDBb#4|+J-vru{G
zYaJa31I)I2J9^ij&_KVoc)dW59Qw~n^mB_9;b+-WMfmv^grBRYsPNNc845po%F544
z&)*55e^c&+Xxue4`nIG*%N9ihGSi#Ef}PpH<QQfb*S9gv4Tk@TH>{%N02*QR6%X7L
zbtPuq6>4I$*K9dxw(OK3JRh932AWFF`q~;hw2y4X0c0z#%<956i{AxQd!IEIjse3z
zzr@0}^o+G#N^RAP^jK^sA<;6rQ-E!o3l(DCYk@*m6Uw6pINAU0#$LA0=k3!t`>z|)
zy`WwgD1Z#hZ_?K~ut6x-oEJ1UP1Wh0Kth06mVkDRq?rvx{f~QZ91zP&feVR;E?IB(
zxnci*n0peiCXc4yK#+J~;*DA>R&2o&6cM}%2>1pQrD|L1iS@#IYfx$x(LigAscp6Q
zWn1li*lMlyDu{?jJ!{ooR&CWc#`{3L$iFkY@0A2d?bqk|zvuZXd3W}jo!On8nVl*2
zVIQ%c%b>{R?ZM=>X|l({=$;Ad!QOb&yJr~$M}PKBxO*P=ynFI?B8X4K*ntrkY1i8s
zW^i~|rJgWgJONh<h;=wMr2feys<@(oSd6X8z#FC^c*6`1PZ+1SY#paRa<t$#P)uSL
zXtH@5ZAXM%Eqj1-O31+zNo2UUK;cKem$38TYO;RQUuMlUW2<W>+i_S=Q~abLF1sB>
zK%7Zh3erIha&b8;aK|sXp`}HNmdMS;?C9ej*XpRPIQtt?nv7#9qTVvu&5fGFnB2;`
z6`w?fB1Dw4HyR$%z5za^ANIIGZlc@1(YOMl55hRC+cK0HsAYdZkNgpKJ#QaLMmS%_
z?M`Enli;=}?<B$MR&T6gZZvXcMHhnaD<U(D25M<_6a9;7l5eK)D1~!TCLVGiL75BO
zREKSXmC(0D{9QL|_8M(>jjbvm*h<mg+WzqXSwN=0JzHltHEMo0Li%IG6Xc66Jce3~
zXGFIjd?-$u$=*P*0-i?gk0&utBfP?8CmS_IMr)A)3EB?hC6Hmxe()F?=w0f+RRypD
zSwG&|Gmx_wB;TSxT<=8}x<YsjVZh%(sYxUqlkKEO<ad?7<m}scm0o{o1fjUVp~Xu7
z+23w+UisomZ=(o0)Hz~D75<fq5bW~}!m`gH$6Tq<?|V=KY%|((4Z?i(?Q#58A}aO3
zN$c;s5QsfDjCXWs@m?y8`FlaA7=9f*2_s-bA{Xd}34E#c0M*4!I-pa8t{~iSz<?1O
z9X*S{m4?bT$3F5_dg}|m)=<+t?fa~dbr*hjShGUvcbyiU6V?6d{qJ|2&wl$e{aX1U
zx7);guVHtIxB+^aZBX<F7G2yDz=}e!h+rzD4H?~rm7M7PD71#~lCavS|8l2?`4gXh
zaQ(g>z9~P}@x$miemi(ira<Ha)|VrsJB;TAc|6Mk=;WFoQaRS%w?<0+asa6=<Rz#$
zRjxQBfD;>cr|a01Alko|UE;g5BfS-^@8ieH6|D^_L`7@#*W~u3^~%omlmuV^fT0x%
zCz0&>WSh($0?|>&p#JBDDqJ`cOUTJcc9R3HNQJ>;=q4(_UR{dvEosW~Ev8Ta&=2K_
zL%~~$*+c#Vta6EW%m#$-dY9mhdFeUfrp)}QgNby@qeGDU__!A&_+FdeMPID*<evg~
zJiX6$kWli=ommTip~S)JXZWaphSsmQLS4T-tN#J3FO9DetgG01fhf<&<!^5y<qxs)
zvEJo6sGr2jQ^ayl|9%<1Il#AK@Qq}6wLC@h8(YsMz@cnA0@Z1@adI+!w*qSS_zo2R
zme#zj2H6vTe+n{}Lqdq4=@ao!vNdB$_b^vI-mwv#794}aBZLPgK=Ck4K^vvv*K-<z
zLk*_^=4+~7N0@FA5(=m)L4AwVZn9m8-U;!%{{FiS=U1+H!UhR6dok>sEygNRx@Tt5
zEbFg1D#@piAzFGsz5)5_ohCg{H!TV`c<`fyv+^a7aLWCbaP}FCE|OEYv}y^5N;Yx7
zct|!kP_l_vNH)p(BbQQ$^p?wH8@P_zt_l|#Q`x5MD70`4uc>4^RL}$XUY<5<?hyH=
zpF=x_2sb56xS2(oDv^bo)<>vt^O>S4g6Z@`B2SM?ZgnZqw%xaUa|FGBJ>;7>wS04U
z+ciJs8+%`Ek5sMxEivD$`ursFD0>Ofa1XwO*z6nuFComfTm#w96ZQ2{L*YN+iPj%5
z4R)gb-P9N(BrpM$c%pT_maeM)`C@Q5-y+6Ui9Sz=E(J~U9`e5})ND@;Gg=FEW*hm}
zU1BCDwQ+P`ElsCXqIVcDJl)7RUgI+NNR7z;5oy|Fk26P>E2Aut3w75(n$WeVBG729
z(4g>+QI?{3+hsofivHQ9AX{lJ>8&qOdEJDX2{Pm`eg4bH3@p$~pTiyS<q7Pz{cQJL
zGZz%*HlVp7OoU$V`}vX^%gm4#7p~P?f9Sx`FPh^p9q?o{m~G=iVO}ugFbJYzw53MK
zXmQp-AB_VrqJ>lN@4f0l6-*>wQ=<Q7L!enCT#F?XKy0ZDJlBg&k+<Q_SyUcKt|0rZ
zS02_J<gHh7$yOCy0jIhfn>CR`vGhrBw7(74Wc?BduVZ$M*ClS&q1<`O1RP6_4p%hU
zU&R@p71|!Ugd|5=xM{LQLy#B<Ty9)&7X*EM{x;kSf9dDAuhRf~OedqgNuoVf+apOk
zcO$%Lu>C^*oJVdXPLKVx9&dkyEK^ZAfL?N~G&=fHk(Q6Yq|cv=W4evVbhU%?;a5}S
zEk5!H<{yP~|0fuhg$;`cOMRfCr7xcU#U}fBa-{1M3A(gB618)Q)Z2s&<skVN+Vkjt
zqtSXX&lvB<9<$rak5J$qn-cBDoNBJ=^7w1u6*k^&Ib^gCC?|I+d%Bhktj8nTc_+!g
zUgt+$-roNbL|h{fq`xihLSSrzEinr8OW*=RZPG02zO|Ha!H@F>@b-+jq`bL30%}`+
z>+gu^0kY22_$Hvq*$sdHbkXh3FU<ZSsVupNMwk5^zy@+TU(wVE275vj*=?5DoYoU9
zv)>>D<RRTSdMym>!wHkLm)){z0?!V69F4wqa#IHyPDjw~1ai6|taz>)i1DwV0x_N(
z<9$PU&}un%xZQ(T62C7tb)b^_p&iu!9t#{nW5qi2Luu>z6j1nl2YX62lYAibH;BF&
z!?yy$0F-5p4lP#S4|w}5gU~>$VP$H3JNkwed+1ZbAUg<sX*H0uj8F-#TA%5!Hopi8
zl;iC659kMk1_9N-IQ(iOzM%`F>c(n-7jC2&NPAZ40ZYeAj-oyU>3KQzIm=K##(U&d
zny%|1CS{M)R6p2&e=^vgH_*YpUEtyGq4NKH4fRbHaM^N8?vx35J;*?BP3C6K94JcZ
zyB?eauFy0c&D8q%hEANx(RKP2Bi@^GKo=i4@VZ;{Dpp;SYT=Gyss5T2COrHGy(WdJ
zu1ViFrPs4C*j{>;5?Xh3-LNQC?s^eypT4@T<A2xNUia1Ypr$nQ-D9Qncn>w&A2$HC
zb^QR&Kn2wfr+Ep$H%0Q*j{p*gV<b>(DSa6jMu`?06GpnPAQ?ol%T^dVetO0~THgW3
zaBw>#xN5ta@Uqy|LsD1QD*Whb>3aI+psL1Wq{fX><FESDcxPzb5z?F0&)Lw0qi@DS
zfpEuMbGsAs=ErdBAt5l$siRNcPqwD<SRtf4{G(6afpyXTe2w}BR5jSX(qKC?&O3M4
zkD)&IUG;cqDK*_x!oyO38gJ`I<I~?yW{n3+jd%8^@jdIRZ~XJPG}d^4)cDVL{Ahd{
zHVz9WJ}7mBbY3nl=K_Y|H?CB_F1gD^<h5tD2KzIBi{EzOkVy3T3ptSiGsyp+0aH%Y
zog_~9@on_3=)}G?`XrST){}412gy;md@G@+PS|(Ih~<o)th-`db;yS%<im!p9CaMa
zkqC45WekHiMw;g!HsWtC!>KzrJc~%#kR9u7j%LS#=%bD{i<V<jrA`-2a(1jzF?*W&
zeXQ+*aN69C+al4Cm|E$Qu!SXQ3lo!`)urM?R*$Txx!YVFXqd{%Jy_PFGriDvMJLWx
z0*`mHFdYd_?U-<>5T|xynK(7}noJ;9BR56vv{3Zo{TtD;30?Gs_&YEt=C9BEa!{ih
zA$sp)x<p4%ZNM4x-lxs+<p1g9E<J-M0$wJMdW5}vI}N!*22Ln%zH4FxWV;VT`MFFm
zM7HBhk(ZzegND8^21h{XB?0f&*vqA{Y1j+Tw0P5yupo0hy-Y8ml^wK_FtlGgIJ<)R
zWcdI&Go0g40YWBhkmfnvUEMsJ(h<~L_V4By5#i4~b^mOhGt+RME&D3w=^j?eLD|6H
zgL0bi=1cUToTfS`AFi*!m9n5mefnHgq`A3UkmhQ>B+}e)MsuSt;GGCyGAK+R3FZ+7
z^RNsPLt&;%FasD&a~WoJLs*Xi2J6#sUpS|MV8l%9F*z~~DbZ!F2Naq{DL0Q6@|8jM
z9>;q0!FW2(>}cQ8XrI(l$K;R;!r))Xd1be>)S3vntl+4a&=PQNLrZ$l_G#4DPzMfs
zVIUZ8v4{-LI~wV5;2}CqUn1EHCP&C5@<FKRPv6*O0WMdFxMc6_;xFn8FtvxgA&@U$
zb1Z4%1)<QyabRU|3m<MlwXy92sB(TePIbn18mSgHm<o3~M!gS%(M7OLT7Ffp;iN~#
zpjw+8lg0_(l!-euj!>UpR6#d-pIdeE>JFUqT^e{)|FaK0?X5%bF;@QARTWl{&RM@y
zkG_>_k+y~TZ+7CGcfB;WcPl6i?sY=}#znqZpPoxr{Xk7%B>Mb#i=@kPXuI(nM$H^M
za>}U5WBKU){07U%pEb^J@!NV{a|_=K?<eBCp1*P0Xxq=1ZbeDiK2Qgb+2Q50F}e^!
zRO2h+e0(-#BL9LXL$a+<rTgO7Pna@hYz{1&rku2gx-i;&5cxTds>VR#2DXmg$`oqQ
zER9aFJY3+acs-AGr)l6STt?${k4i94yb#yVp4?u{8-PSh)r@anp_@kzIUCp1Cl|~*
zebi!mgt#SOj7~?_=LryB{my`o3yul7&-;?14+qmt?Ko+2fFq_obpfp*j?VU{l+~c(
zvOK)Sdk8~>Bv&%L5IVfEds6)w9!U5n9lpjkfQ-#-j}<$8I-hj<T4gw4oes|Tqf^*#
zzxtvR6__?WPj@FOS~x<MJx{us?sUt^ge8H=H$&Ev>jOicg!-+n`XMrH`n&_z$2zw?
z?0}g;5Xs<_(ORNSiT)cRRY3d#5B;Bgczg52YZ+;dm@aS<;#u<0&u({;-O@#i=Z+AU
z0^8im@T0gHeU30D`#b?uG}FxXaRLk^gC3W@X0slrgrcBz6Y`U0_JjChk6th1U}9iU
zfmzWPaq#FK28&Pp_wq#->cF+X%O>PKc%k3w$W{GREj-3wf~+)7Z`mQfske+!>xb#v
z{Da1#lR;_Lo(6q(v{AFwOxW9OZ^mz&I%VwCaU(~MGDiPKz6J9e#eKpU{j0g=uhbl@
ze9`|o*m1{fO~N<)J4k=o%@ptVoueQ;ghKxTFQx2jakCKmm(iI<z^gz)VH&h4IvTz0
zCa1P-um;jlXdn%tCe#BVA{M%=#eIU{C50Sr*m$eMfQo2D#WV#fic*MRJkUe_1bpl;
zYAzdF9WWN10DS0zvcrs;BD3A7OR?A62-{a;^sg!Ubw+KX^>R*1%>$MxDGnZ{UzB3o
zk-ZtFKemWYzc2-q<R;BA9>Zl68=RBfs`xxGb=c5^LDxN|9z>`9{Dgku)W>KbGLt40
zV~U&YTVQ`T_t=8wnQnNj8g0SksEsSXLJqjTV58Yg|0G>M3(#SBR5|ZM>lm;z;q`SO
zqnK@X&5_sn^~WV`b%{Pdx)v0iGZx(mGFtCwP;U>~>h@t$K=MF7eh;tj>jdWyeUg(e
zIu!)bgg^X&x*Wln(rnsx#-hK2$Y|cZamAfxOKuG#Yh8|iw=)=RznkMLEa~K5lkJk;
z!099DS<haQa{37IcRg*m5tKb-JrfKf_wY786mwfbs+nzJ<RA$%#g}KV1D_rpr~!9=
z+yN4>gdy6Dws+`!KSXgt<02n0lm%V}7+0C>l$k}zb2}A8RYt7*@b`eu)=@E+nzERT
z0<ujDdY2&!_{ic^jvh9KU2VvI@+^~MjvH;bf<A3p)$C$rA9YX&o%B8h*P+%h2226T
z?nmv6?rp}=DI8?ISrP@g>ZcG{<M|&!)`*Z~4G1^jdWaNcV?m^{V2dk4b&GnNo*vp|
z<O=nos$@AWIZFg$*CLs|*}d_n(l%UmyLy0nSO2s-&k6m``?0H^{;&hLp}(R#@nE^K
zh#U-|e@P;6$QrkM!{h41r-hBcTstYjIKLq<6Vxz|0L*@XvD0%~mX7CwWV~eg4T9U*
z1cjY<`w;G0;KvyGV;7Zh2jYT$sq=<HY+Lyv5!;U3@D%Mvl`CNK0A@fr9k_U*u!mAn
zmHf$tNq-hR$Wcv!r776F7m2robS=FlTt7i?xYqS7RY{{DR7^B<h>$asi@E)TgsqKV
zSFhekbcpJWaCR%ncKNZYhE+i2_*9W5cUO!scN8R2Ax+}REyo)&*>lo`@5l-oHGdNR
zgE&}3<X`s<S_JU1r%-bZH4hvBC^u%E$wGbZ=tUUF0xvs1&i&T9K9Ax8EKsaBlcP=A
zo)Hl2%k>c2C!wL&R#W5|-6f<As3avb-7{|>84*u*t(IYVPY>d<f5YyCMxG;V_?KdY
zk2~Q9+(sZRCtu*k-N~{{sQ91*=UO5y!~AV+#OqPj3vkLVE<jzj0N0%U=s!Q`z)_sD
z%o-NlT0&OYRZ1>#III7ZsAAPu)l<a@X;6`DP$T^r)UEe@QU#7McM81t`Yk2eEz`ra
zOe5s$E)%})4c9@6|Cd)Iy6J^*$3c7th8IG*0`Bw(B9N0`cn>aBlE@N?ME1>nUz+;$
zt;*fa_k1%KdoIFM!H@aYdcT8=Vuv67%<Rf5^_iqrus{90|6cW~QcD|ARf<X&RF!^u
z#*fBR-s>R6slw<vAFwkw2hLhx8FE4!d<M}8b2U-Q<L(jy8LEh>a~^|!vY0x@tBk3$
z6-YB}i5yesYZ!2j7@5pt%rCCMP!eDyQdlDGFTiLE4(gvj4e!|OJkL)!2+U6Jn*=A(
zVR`char*qt@J@gxlHlX7WS??=dk3%oh7vdo(&RxJ$;aE<;NuhW#|-lEG=9vIKaM9K
z58y|O{BfrGh&XXdaYPKalOtl^DbHgh?z93X9$+3k?FrNCJoWn;FN6X>$Mc>5UC%2T
zxwe?Vw8k&Jj-E>5gsrD9xm^uh54ggdrI5bh7XsxxgalbkuT7&~A%a2>a|NS1M(0of
zeHH%m3H$_qKIgk!71<Bam)<qsHP7{ovoX|z@N~{P@Sk*z)LEEt?F4<akt5t%at*zL
z7Eb8KIoneh%Iui)K&tW0=VFZ=tVTMi;cDoF`-KzoJ324Ge^#(c$O8KOE*eoI<%11+
zzeD2*<p>tm=AA4uiVtB9Lm3_rohdI9+?b?hEe}-Mr0Z>RBn09dM9m%Tp+4*3jjV3+
zq|Ptz#0GHHPK%!*#jXgNB-s__igVoucJZGdzT$SZXCp#gQ-ibQOAFRej<A+h?@3#C
zb(Y6k`7ZGA+jRQVgt0gdcAd_U1~r1UdU|{}&ddL2!8yEO+pc<ea^|4DR@$&K<?u+5
zvruUEiI_(aU%615twH$UEwI`4+I)!GY%{=^Iw0mc-oY|`7;NWOuTwDy&(HOKx~eZ|
z9D<u?^8&j6XHZKYoZm;)8jmPz4p>gW^@m0iHJBV7?i@04>Qr57d&wE_$Bk*nZD}Qn
ztc_0PgQu<&QY<ft<Kz*U;%|r+lPIv5Y<0D*&SHY`{huSmxP#%4NA+>;d`ztKx2vV6
zzZ4OuMki{G*6rkk+%_)*w8ee$=5`C@a{e}JZeRvNKy`RG@i2}Obf2KyKo8>{yWub{
z#lzT*-n0gzJ(&Crge?xi^%~V?ev8`7tzO#9&ioIuHnW`nLDps-;UQY5sLfO>7{x%R
zu)|cXV1$hV4lCPRcy_rS7^gU&q*2n#L5bc`w<a8R(-X`S?}8$-w^9*lpm)QD$EYqO
z0|H-Gkp0uzQ9+BIT1Z_*k{=p3nuPnbQ2w+ps?_N?uAf8O8=@BwY)d&+&q&(Gyg%eI
z)%l)WfR=W;?lx|cFzYosrVl*6-cKc@K^X3HXbVw6`Z-Dq)bvenVq_p8?G}=Or2Z^3
zP9N*s-k{CfS_9@&hs>u)8+{N0X{|sRV|sg7Q@rC(yp=J)(Z2U)pm9Q!y#s3N^LHZ?
zT@;ENHo+hd8`<yHyTM;cU+@|E-KQ+Mw??NgfRhO7!E3W+C;(vu@WfC)J~2$6pNDw+
z8|*0IN`8=_?8Y!YvWPFb8EA?>F)OjZz2|W=5n8&En^{0@%OS8-^u%FUcEH~&cA?AE
zCV1wi%l<aHkUn&Ky)aR;-SuIz?Yg`cihSR|QR`MI>>bWh%27aUU>2EBNQ1~^=tG;~
z8iL51#oLZR_)pLwzQ!>fA_Vl*c1Oh-P`pZq_z2yfuO{j@6@e<h)g=?5f;4N-1N!WU
z{*HzRm;%wbMN}Y~qpyMj(Hwme)rMfPPIM%KbLoymTT%A6pf~IArTF|KyOC09I8A)-
zLFti5lE9=w?i)1dW~S;5f}`tXS2CqQapQE%q7>+A?73fw3F15{vv^h~)yAnWXb5*@
z`)7FG_xOy)cqZ2~OM6ge5UDu@tdg60fzNRYXt*Bfjeko1(asvE7ygWHGcFS(02K9Y
zm;f+582nBDG#0so;JvrWRu1~M{tj{ll=N-nW@^&+Jz>(6oAgO1K(7Wt=VCwaKtolK
zff#Mt`;A3sK;PDh45ptgxi^fanEY+DCEt(fKjY6^Qq6Gp6j0wrW|^or1f#AE|E?Eo
zv=8vDW&>SfDQemHcp<ycTyP#D<N@h}w(X)Y^kvYtm4=yYYhFVXq2sn$bDDe*6>V|g
zFU@aHCda?pFT5W3g@=lM;pjfLC0aVx9?KOqY1`NN>mANE33`Ok<AlomHWoW1)Kd#3
zPDj1emRO9n%~tvF$t&V25B=+kdX*b!l<}9@dK+yQ%#jzA`ql0F{DdID&sDzYb`Wp9
zt-%MG`-xCOu6my9&1;S-*E{u78bifFvrc#8i~fT3e)uG4dy`w@dXvA&+IJ)CT|w4c
zTBQDFaF-RNM*wvF6Uh44VCzr*u2;io@9%s4Qz4<ZYW?ZDk6s4rzMZW5M!N26=(?XF
zA23`YIV-`?u{|HdMSCoKA}l;FE_?zme6Y0ek<W??zh|xA&jPARMz-c9>LJ);O&gA?
zS?s|mV$idKcW;GjA+|nR!^dwG5h(Au`X%o|tX(s?llA%z?qm%VdQ<(<1E6j72%C%H
zx=^OtHjmtwzPt^#01yA$KZTFKp_lwBh!khZPDKI{GUfihoDg>OiW^keaBPYx;U?Xn
z(yvb(eDz`n&Y5-tZ>4kA`OsUA#gEbQ$0+4|P{7bH{qBZ1sf$GXb$;xnw2Uqn0rmpG
z1Lbr`IaTCFe0z?V8!?F?rO%No)h8%C_5#&mMCIkgfG27-z08q%iD$k1aoCSua$caM
z!+ot>C*NKCe4m&ilC799$Db}5y+ECrqtO53E%fcEF-N>Vh&XxpM>qO`XQ4{vZMM5+
zKtSTmO7$s*|FJ&h)*KIgN(P3(_Vj;PipmtY!Koju1+1+)wp8&Ik$7Gt9XZ$H&tBO-
z6A^jjVR${>YXbZ|i2Usebv1T1bdAPaz4IY@wRdVY()}D5qJc)d5cxp+JI~V#YKCxV
zF1?8kdxG50e+L=AjuVnxyMmm1IY~=k5Z)^2#A>|HYP5wKs2*6wG4%lII9$=Lr{HQm
zCkhUXQej4v^i;_pJX(Np4e5Ow_DA7^U$407SxIT7N2P;yIy!K0YsaP%gr~aPc4OdU
zmku8okS5>_$o=vy3Wt038Fv5AkkkVi!ZG%7T!wi6_IzLVC_ERVDMCg?Qumr0Lf<#h
zDIUemp@}1gJ7;ai6ab#@cQR;AW9c@UX=WQ{N{?b5;+U(4r$=yK#ZCR@61=H5D4{oX
zygsf9r?;cHd%dauJ;~R_!x<#K#{BCwWV%DMDAPrWRwH584yvgqFh5Wj-E0wN1%vr;
zhkQQ~UueKo({sn*1>wBXUJ-|fBp3pOx)CBuuf49g6F;=c^G-ZXT1_ebJG{l%MlRiZ
z=6+_)fy*&?LgAYkFp&TzS)3@3{K5$dyj>e1UH{zD^>4vGj@yzf9m2(kiIBk0QaQ7&
zTv*mlrC7KKk?6Ovk<8_-C2?RwdC%2}uz1VWRYpK5rNOqoAp*B+V`5%z4DMp-mci&c
z#)w0;sm_}v?%RnB;cX81v8fg=ru#PkSsSj>wns~Ciz$wF?)RhZF^fBhl=I0e)DhNa
z^AAhS$FSy~@~8PA7`g{R<z_KjQt5+K^t7doNKY$YRnXIs?>*@$%MW_`^4{o)3T`ob
z2r)I6h-q>*5>vwYBqXL;ZT%pol}Jnnzwn2c##;O)rV5LvsBv_!A1g9*QHRQj=)BbC
zqpZz*f7)!hh!W^WA6G%3)`p%EMT9?X7e6NvsBU=`1iDBX`Y@6H_xMBq&(Yin2`GxZ
z#6*!O5Jlpu5Jl?zd--F|3=jDO!-eyn`Cp&K*Fza<;iKTQs)dhBH^mIj4M{J~6Cm$<
zMD3-BnO`Yl`aLVAU0z_JhilD8x)Eu@Wpwp*rI2=7xgM6pfd2EuRLFxF@bBr}sDVOp
zct;7btaMAdD*tgy_W7f9Dc+T@_!C0#ON9SROX(pDu6aFuzS8=227RR^?o@@luT=X=
zYghr0neX;?K1tgX-=0kKqrEx>^2S$LyW`n7?`Q3X`qA#%e9CG)SGB2hyd7D)HN^Sv
z@?-w_%JBlbMIRJOLumv1R#x8G^HY<tGj{702Kmw1MQi2A9%kr^?TMR2pdanMTSa?y
zMyVHX&CcrE8(@|8oaIYl&+*;#o@un{zO3mCKbpR_&=b#Sk`{(Fp>2%$pmJ0XY|LYS
zqIq1{QGI{;3oA#>qip;-*4}G=v=_5bLe109SB{!M)-+3RC-m~8>0cI9&oVow(so5p
zgj1zg@JI-&uJO4GI!KA{a>u8@yZOJp<&TR@{^;F8lt03kD&&vHzxI?rG8OX2Hd+2C
zK~J2|*g0+q53{73Y%xA(RD;ck39Lec(&{nwRURyY@Ahs_q3xxy_KLSx-`>b7+N<>|
zZI4CD7H0a<o<5ImQm?LPQ)#=FI%+;|?nk@d%@=cL${8~5b2Vf4XCHCk{CIIYdOjU%
zyEKmji+pR6=IcCKa1I<_jkaqZ_FPQdnkA`IR5=&Hq#LKc9{!q(k8iK7qu0YMaP@h%
zF})s6ySJCO2BBnxuj?UKj~ZCwz^b-&F<$;2oI>TLEPT2L%GpmgfIApy;x)<CH7lwL
z1yO@3qP*3L)qi4}AM)0<c~sLCCs}0Yq2H4$%F}<HxiLw=;Ljwz=_#F;YO+s{OU#>l
zKUipunqzE!Wx~RyqJ=h27-v_wOTGSu!d;4B!kr!`+GFolYLDG4+hYZP?XgsCyd3RO
zRoi31X%_;EtVG?XtDW*bLhZSz&t(_@yDT5SRqyBz!?iz=AR2v56R*Uj*^|5Yu+Lfw
zsqHBXUSb?i;)K5p3KH|Q&t@I>%RY++xe6g;m@i^WAje6XL)*pEJ}Y0)kN+T#Y0{gi
zoN%$8uQ4&JY}%WCTV+d!`Wn!-U}lXq(NxIr-1Y4-@SgNLCBY|I=XL>mZ2e#uf1NI}
zJ$5y&#}jCeU61HKo6+A9(~emt%Y=O&xG`i<CYUF)n0b;WDO8vzKjys6llX8$X`UP?
z#`mkvKI!$q!5DqEa{Hv?Mc?+xsY?4~mY8c&I5v+Z1@y2_?%A6xt_AhocFe5AJ}Cis
zu2JhD$~B7r6I=u{^#zXv0ndMqh6`hl&k<Rc?qEa6Vz#Shtt1QOSM*OZ1?ssTCbOxt
z2fh(NGdvWTNt@J=b<P}lPHD*6rq92>4sNXB8D`sQV^KwrBDPI`N6#pwHEW+q-}fd&
z;L|7F1S=)jxpS6EuLZKwY}(ewqSIi_njUr=UI=u7kp{KGzgruOwqwTl^WZcHoDQ!B
zj+tzNBB+&Y&#a-aXZ~}0*0LOG&obKH3a2jysHdArbKA&L{L0wEtbn)zCWd>^_WctJ
zC-PJy%P7&%_4n)WRzQ06c-&~Co?$*rT{7ztOeCUnL*Cp#@NL+K3sws9*WXtgqkF?9
zj`}Poe@fjOJ}19vNEVunf`(<$FIvt~_l7vxy<q{zRyq2&==13E0`%@KmceBI20s3m
zSxF{)%u!PhQo#~KB)EXumV?mq5FCkRJN&)n6ZCM{kO;|Fve$rzLoRwaXi8kG5^d)_
zFpTlo;5<5<kLOV`J&<%Cc^yddsq52xX0*S>IE1dGC5~Bl0|~9&g!9+d2gokB1pky7
z#2KmKRQ^{YU+}g+Op)i62K^F!e*KyhW0^*;S2Tn#!hG<>aV1}5E|IMIgzmK+*((~5
z5Bk}XAA|w^u?;Q09Ssn9GyV@5UzRlTMYiuJ$d75Lf!EKMG<^Kg>`f9+%+IDTY2cL!
z4FbBF+Im+YGHu(;nhNrbn)xk|0&gYevE5ERru?+|Qda1iC9=XVulUUh)rw7<EgewC
zN_n}BQZ%CH5wrQ?F@-i?{Sq^1eERX$UPE8^w(u^$<!#~3yCs^dPLAxvIj7&E7G9;l
zp0Hy%wHsDJpg13P&VqgSd9E)fBy11`Lw$aDRd(GYGdpn30BYBL|1}?WUB_!x+jT)V
zxOBc`*KGn*ndW8Jy(j^c5pmghoDC^XHojIR`1Twv3cd*pFPY!_A^6^&(SfV3=?A2y
zA7f1i`P1}@8I(98mbIz2i@OzK7i^`3_t*Q;MXwnh<Qqg@uIQOsc|Tu1sk9eBKi&Q5
z=jZ9wW2yT9vFXmN=|8{oqv<)*K?C6L^`^Bn{`*)bbNuO~(R8{LZ@*amQam?8?4kzi
zqKQ9Ud^1fw54tGP2L)#h+Da=w`aU`|nf1+fF5%5}e)JtXt@`D8^NuHlCHT|yZ&Ryp
zI>GF@@~6J_qv^b<3gRt(rh4M-lPUJYvwr6J(@*GBUn@iPd!``TQ2x^D7w4$}o^>C<
zy02L4NB6H!sUCw*4ijglV@-eHPt(1pP%B9eT1npJq<5!d!lzYXC29OWegE==hrOh-
z<i{^gMwbmx(s<-Qe5q=y$uAegbKzJ9ITv=}&t6;CkX!TTYtdz69sIq5{O#)KYVT^R
zcz<xetcY@gi><RY_;TD2|GCYn963U&a^(1V61BQy3AKk(o5-?m-8koA(uC__C&<OF
zI46iE&SLn_7TUCHkaI2k{EGfW83wE~r9w$v>a?-BuEJ?!#pq6~lMjc`PC9n$CO&5Y
zfk!wd@6~-O9cv^Rt1Ddc-}toNZ8vQ-owa&2wj1ZVUwWp(tUy^p6f0jJE4grF3C-EZ
z4`RE~_{EPKR%@&q=%YzZv3)VDbivNt&b)mf&s(>KMVG1Vx833OlI1Y(-p()BN*^y>
z&KC5q78XYr7Qf)bp5%teiplzQSNQn8VV3b|k(S!)Zx0tR9Ls4TI#>+H(&T9j@J*%n
zv^O!jH%jjisyo?s#hsoZM|wtsbl*^;eSqvd?VSA)ea%WP)<JJQfwtts<e!xMGG3pu
zBhAt9+nzA;>O+1*98b`Huf9@!nD4x&fT)5#rTv{%_m}jK`pfpGKf_brYFd#4NX5>T
zRy;C+>SEuGVY*ml)a=DE%J_|H{~X)TEJD3{A`z&T^>WiOIohlpk}5jooEBDm==R~1
zqsI+$Om%vvppn>A*J0$Jg#7aat(Ow?>q=<KOGm?kAmpc^pz96lPhh@(51I7O=rVF-
zZ@0B!CXYg}dZ4{v{Ung1fxTJayxgI<Zfl0ff%BpOAvafo`YJWl7@taRxhVk{MiqP;
zb*=|rP{u<lMJRiJnGSF2pKTNXMBcuf+-6b&67AXAqSJwVX;J3IH#vLz1vRfHmZfOI
zEPbtoSFPo@XFqJ+8vv(8BTYMQO9M`Hhe)SG8$J|#YmN&?ri*F*l=`>98u7W$5suWZ
zE7gvswI5`)pQuGQMs;lsZkLk53?2fk2o$X|&t@y$3w-~oB0dre1)c6r=V`DFF@zI!
z9*{3A%x+2OfD9#v;8=L^3qNSQ{dh{MYoDX%dF34hC_7ksi`<8zqz?4?gDa%Wh~Ax)
zjwAP>&NTSaOLiakp?UVIgX9-WG4SgQ1SdqVkV|7E0M{b~;8B`sS~&Ksa#p@F4s5^a
znQ>sq=YF8=`dEs#dDV6>)~kb?pZU?j^0D{e&!PKY_;Y-k?vFpmwJ~1)9E!bBpO2X!
zDx2JQV?>{f^8@K=ncayTvC~{rTmj&u$x;&(4i&vIwllE)okV{NioXXc?PBm4pU*O*
zglAY&ft{p7J4zVGK3?ePnLksJ?`R`x_Hse72a==FRt9G;;a=Tws@t=1RJWJ)3f1jB
z%|VJR(5%fsy;{yhJV@b`9!1tK`n)Uj1)rzutRy(L&GFYP-4gTWh6mKP9EDA5#h<9T
z`w{-uVjtOsiDk**q=WUKx|<s=>h3<Vxx8}Cjg#^Xh{sL3*|yDS+r!&_66dl{xNm)T
z4j-VKY?HzxkaSq6K@`XF@JXPg9rWvl{v6AH%3}BO2FPjSZ6>wm=(y|<p5+t~&U^w=
z+!-3L1o#aOtd@`#If`a_D>@zoin1_$J#B#ApdqaVkd{x=Y`nbf7vbBFtGBW~@+6XI
zx`cybzYM9(o}{dOvOVMzRoP2HNoBVEXeOI8plvWbq`^aMZg>Q|uIF%%e+wfZne3aw
zX`;J*Lg_k+)C8U&l?RFxk(!QgXYu~RU@}2-4eo#<$TarG_D>-XL0B+k+gqpt#JFVu
zNT1M4&nQ_$NVZZ@-}mPvi=J|^OujZPvRVPN^~i%51xx4#*oL3<R`D@pIwt3HrnGG7
zG}kg)wglC((L^?<g&A1ua~!=?ahg<-DM-C4UJ&9xr3CT-#FWHID(a+g>N+6b(YyzP
z>Bbc&*go`QzYWjC%hr1JWlOo&R9;sYNhxM^+iunJ*QT}p^Vgj3?vcNq`%uAOw?4iH
z{(5v(_55{t#69uXh7lB73nPKQs>9ckHU8r(ZQVWM>+w|zeC_(^9`My>W%c+f8h%gs
zT0ETMYhZ*w_!{<&|M+V5?LFe_p_K}Jz475a;OqMP)#K~MVfTcuA;T!X9(c%O|7Q71
zBHhL!H>CEhr(d!fl91ST8*PV-kgl_Whuji2)HM}C;t)Qv90fa92ibmbk)~|1hlfKJ
zGcuRg2_S3IpnrZiq>Hki)94q1(!_Y+qS2nK>t~OtaQ|eqXP4&}nrz|WmWY1#p5zNT
z&3ls_yq~>Jh0#{GpG{lg%Jr~6+i8vkgzbDaQ9rc?xLx!IJ5deSBQHSf&@QxImk0!5
z<c_2>+G-eW{dKO+<6eM%6y=r>a{82Gxw+g`zn@)8I<C>rR;Pm5>w#<xX4^U5J_+;7
z;ihMD^o-!GC8Qn^Cg<rOwTICjOPaKn>PVk1qhqp;)i>J7ge>9ZL<lX1F=t;e$Dh($
zOCX0bIrohAI^m>iB0OosT_1q2K^SB!3S&2--UMZ?aOM0lwMqNau;@CSi42OM_!jnK
zE(cmAvx2D@9VzA1nnNyBk=J>f07oq$#JhpK^={zY4BnCAh8&bI6{CBf@qim*NHu+-
zzaxAy2<8M6rwRTqm~E%b@ptC6OLJ%^)A?8+IOyE%23&#t01rIi+DqjrGCm@K>2%qx
z2!bm319y$_=dv61bAWv>dAp7@d74xiOT+cF4>uS5t$)59Ix8^yB{}8XX4_rkf%9ak
z$o=mE^rO!YCNN}77oY)%0cdq=X8+{8fOjaBMxxUEoK!yqCuJmA<7>vEJA^{-1kBTW
zGyo5R$aSxRw-xaRoJRML#slXP%C_s+mDRcfjfG)G+ddQ*Xv7IcexCD4qJTT2^`d6R
zdq7i^hp56W)MUF$P@0=UX6Xt|bF@c%8|mCGkou<hQ}ZG!!#BVy@eLfW<Ky>`-G~rF
z7&Jp@X|E~%uKxLH7@JpI=k{cs_ZSb{MYLj2DMV~PhFDVTg2{H?9DjHIZfCq(d@lu`
zY@~wKNjUf*LATl7b1#whjPXC_o)%|>h#(&c{g~K%R85lk@RiKR<ZC|0_&vGL(%(il
zelqU}-n|D1ii{ruBt!LP3bcusnE#_Q%?;`U`o-Bx72mV!d|Mqq?_Np1t(b@YyL?+a
zCf{qmt=!MLW4^6tC;#hwTWcoLd|N#x{|EWD#y#P0zOAa)=lM@7Tc71^{=4;wm~^k}
zbL<nkKBp)C>-A~y6kVS;C;kWPv;A>@*N5ikTX2rvxo!);KZ~N%-MN^Wl(#=)z}O)n
zLg0Q>0u(G};qVQhOBwOBWFt}D_wcG!lL}!&`lfPJ$LqjI>=sbB4u<&9&bFM%F*D5M
z=oK?4m17>=zoW}!KXvBM`kbHdE<=S$T{<zDLaCfQ$%*4sem%h{rm`%j+Nr#rTFF$J
z;8c43G+mm;%cXbSUejpo|1?&0_MS$z(Q^vfCUT|A!z&#oD75x!INL|;H}@>~_?Z0h
zQS$LDetc5?IEsAy89z>uKTcMwA=g)k@0G^%>clxe@zPU%!2rU9J^=8J7eKsQY~cX_
zXzTU_XzLbR&;USl^3&DXrFGSFwMSni2nqNc--&YtvY!Saho>n%SL9Rul<vN6VrFp%
z`*gi|H!43kpUL;muRA^;HJ3x373rS&bt!+K8OlWSUalOK%CYwnH^8a1nFC)Q2=9*o
z5%6&_@#+V?q~NF-$WtL>l1as<IHqMT6HY9F3iFY{XmB6logYyHHk&}d2he?G=rv2E
z;FmhuUMWDBWr!D-pu>2DN5wgE#eD@>F+7DpBuWrSJkCJ`jFM3$`97nd)<^iM)Y)bU
z^G8Meu<My)B*3i(I3vXmzTdag=%sl%0kyO15`bR-00OmQ8kkEdEUhYitwIO0-7d;2
zm@u@0hfuiI?O}OOlQtTXT7N*T32ZR0*>U1s2z#=?@1@RsJI%LNN&Qy<b{d1tp!Ki9
zw<+vfvZ6knf1kb**2w(rqCc)wJ{HQ;Sb30LfggJKg^I?^*#=6siL;3GMe3RyZKl7&
zc8=3RyVGRrwhxH#@v@*=8yEQPPVDIITb<pSjL*<lwd%r?i&54Ng>!-J9*1XC`Sx`K
zW!wqzg!{gftkk!XDfhh;iud=&ln())AF4`5ytKRY{5^Rg$bz!~ao+>pU#9~TezZZ2
z8WhUUtjZPVcxHkSAF0e*=7&nGo>?@1jwtp=4R*prFW#Rt!Qcg+{ILY4ks_|Yjjg}0
z{JB2p@nxtS!z%Asg!H%$zV%|?)-Iy-Nbs8uTUIj0JPA6LP0wj^j>6F1nGH7@P>YW!
zW;>vLKHUMYHtr_o6BK68XZu}UQ|0?zg|Pn#)#@FHlUDE91!A`Fkp3{r2Q-YVDumjL
zpi-`KSKCo4?P|zGMoxnM<2fnVLFWaym=giQDno314v}#bK97+<uaqm^%)^S!c>*z0
zf}k78yywJSjoshn^%@EAa~OIbeNMTbv7CeQp8uuXHtzWkKBw5z;{8ZSc!H;|vsy9&
z{rQC}ZdW%yD(>Lb5A@!8p?bwqTpDJ6`wRwszs&H{pGAfb8|uHV>4K4x{JMr>ybc+E
z6QTM341bND_1X{LfbwWoe!YN|SA8GIeW$YfKz`Hz?miHjd9U|@y>HX|z~Pbq`aTdi
zg5C%0BmaZ@z`B0_<UT-+L6}_&*GDLwgYs|O4BTuI_3Kgtde+RYvAs_MIm3I_(ZAd$
zL0|AY8i%C&!cWEYzEFZmvQW&A7%$1ktNys=Egy$eEg#1eL6Qr4=%n=Rq?Xos>c~Mj
zCkL}oI@*+^refBVJSOF%z|Mofo+FI=0|oX?snUSP+;w{o=pWoWu081M-f;x_26vVk
z^ajzJ-5}CcW6zO{UcmS?i6*9sViqYnXiz_g3MM-8J1Nr0&+2{Lm_q#>xlZWLMy_<{
z$d2_AA>zqZ<719mkC?dd(NiEUbd|-081R3<kBRcf1n_^rk7oI!NiFmrW!DCsP$!xQ
z{X4y`4U^rH|3ef37~yqo7{LH|VHW@lfNMh>yCLXYwOo4X@{rb3b$RH~lZr2+bLcs_
zTQ6N6(%Gl=dO5$lvqz5i{o$b;cAjoY_H~}p%`S(zJ`ssuSXbB>&reX;JxpWX_W`ke
zuzbK3=RxAtHrGbOLZg4%^j|?T?C*<bDwPano=FhuCDVmY5a~`wHOfGrbtrv4yFP`{
zrvu)>qP3CG9xrtL709m5)jrZ_8t6g!=P{aw{>rIwLUHR(?18D0VQ36Y7^C8AKDbp9
zD(aR+s7POMKY@`b$=OVc++GykR~(t~mw$sNo#0FYC$Kib@?0OP`)}r|6OKIK&0_k3
z27!_gwK|C`euTXE+jD6OiT>#-32Z<oNdnX6Al0mZiXG&Nj$B##vP1~|x1i+J5<UrE
zThMJI-$4m(SrQXD@fsFNX1k%8+)y$!q>iKIQ}$k9Ol7jS7@gqObAHI)FDG{360NzR
zZc7u8bYUos<jzayL2}yM1kM8Y#V^HD94Nx}kzwDQM{`;D9Nn%b#L<Z{Hir2#x*G}L
zATG+V1t7y}HzOwJl1AtERLihU=SiaIlv&vAV=%@z8REuVx++4)nXm+4N(@QtD$c3}
z`PCzl{DRbs&bhc1hM1s<CUO&N=PJeOA7Mz-H&M5oALv{=C#i?EaIQ40BiRTs#DiEe
z#bLcV1BV639s@A-MPyI#SeTA;t3dY9pFBOmE*AKK?8Oh`H7rMQu=F3}!-p;&Kc>hZ
zlhr4{*LT<n;A)~Sc<qjOxO~-?91XTRo@a;sws^Qa4*+v-<C`pczl{@`#ZoV=1i=tX
zkBX0LO0HEp;dWR0ahd!vK{(Am=GIjCb7iB0>;!<U3>$NMQ;9pdCY(7+{lnD+vK9lF
zJiTg;m%QB?NT?etFYqo$5__7JkDcSCpNOO9lgTk3pq~Ti`@|bhg%C4G9dS;-E+;^k
zI^ONJmb>-&Ux+dm*`yX9rbk7hw0$1k>tjRKRlR*`i^N+I?`V{hhz_VPLz9k>*YO`B
zDQ#)Z=&V~1=Ouhux)7QPdJ<0z@EDR$jOCPEw*o#hW!fJ2H1(-mJiLvkqje}F_b?#$
zC`Rs+_ET~XmB^j5QgV-A<c>MyqC6J(&7Mf^aU!{^N%0vb#xxNEBM2!@f}fOnBA7$A
z&qh;wQmUyNED>R-FschB!kaY|`U>%W4>2zE>k<NbYRFXfCIEgLjfz3f<pVtfOpdNS
z$v2Ze<qFUP97TV<(4Aq5T*pkd%k+NTBFE$Xq0ja|#r11+DnZeHqeON4R-f%}p6$`T
zOwWgbLem*NzdYNE-h*N9YRby9y~{O83Vq(AV!2v>wU<|&zxy7N&fom0lK$#u7lr<+
z&g_4#zv}&~r~YbPo*x_MBi;X*{;E}XN+eFLk{*~oNqdFrlg6m@N&Uxq>63a)rb6)t
zT3Mg;&}32mjju|dl-E~<%>@ri*o>Vji9(+PTP{)Pf3lUbKyz61=Hl@bnW#SUmS*GG
zIZUPu{G5~RrIPCUt)!A#9iwg}En7M_-<^W%b2LV+l8T_+q;yrQr0U5P$I*(5y82K_
zowdj+Ddqlt1128H=&{7&MX$GG75bJ{-sP=(DEEKw@>iAZkF|K~V-}pl>`6-h&j_a3
zx4(t&jlcoxw<Xj8D+(M?;*`Fg3FvDDzMkJPm~@a8GI)ES2$G4RcjN>rj-XjfsgG8U
zUv8TkmD^@suEK3IO1PXy-8R!DZ><EC+h&wcx6O@t3iqzes@yd#Pyrph;E|P3f1V#a
z`b8|dT`uD8!R>N-EalgDje=jR)}QsZSEfHpuJPaL&yJezRe$#UVyZuT#q_WBXT@n$
zf7Z|RAL!3!#r<#m9p153wmvJh|K0k;^}E;gxv+??Pg&Z(UZ2)Rx;~$!{RiuFIM(0w
z!Sm|ISloNokHEujXt82G&Y|PH^*epXvGeU%=j!dlhhZOHE=ta2!mTNIS`3C;<CEf9
zP$v8}g_?~gCaBEDlUhn<<5pRCh~)NUS3{+>cGVQG{e5juNn$7azf=y6_6a;bZgw9Z
z_ksl9>%E@zStI$U;2^J0*=IXQWb>EB6QmEe!0KoCsQ)vqukEF-FKYY)S$%1IA-xpm
z)2Yc`<8K4yEyeS%l5(;2Ro>;@puDp<fA8{%A*8&Oc>Yb6<-K$!o}B2d5>HOHki?T$
z$8s2}hfR0Gd1*D6aO7+>S+e)3{S}dZo*Rwyc4?RodUK8Trne)b8NE%3@}xIk?_(L^
zy#hmfL?*lilfb)gsv$9NUO?^a2neu}+psZ5)0E|qL$hlaT`DKk3hl%d6zcN>G!SiO
zs^NzOI9robAvVmmMElfGpwg0F_@dTiyI?!Z+lqve-vC$m?32p5iZ`HsNW6nDd#Vby
zW&3fOj_ibnt(x&_R(fqBWu>rQDpqQBpTtUs$6&Wz;#I69jGXA@Zu$efJQY$?aQ28j
zhJoUqY7DHYfli(>2Anr5+-_HZtGm~W*qocOiUYq*Wz%!jfH&bpe9Gxa5B>zKC(`es
zI0b*Nda7FfE{a3`EQ|Ba-=m+ZhQF`V`r+}u`MdQ~9{k-QUcui%PkHfQO1y%<PfhS$
zF1B7Wp?d!b&7+e4MD#q#f5Nrx-}z6p3#r6^!q#1>Ju4F)nBe6<@ya9q_)kQJs{AK5
zw5Heefj43~1^z=e>J<Ccw^^0=6Ug{sn}N`*yNU~%H<h?xe<s{nvGKEj>`xf)Wn{rd
zG2TGm;=xXFMi^{R?G!b&WT!aZfbJ9!(+l9~PSGq0qeuadyc>@<APA=6M$JW$@YWIa
zeOL}L;Kw%6X1C|X`0eR_Y!h+q<ah0`GL)xhB;q(>;4s#!ab9CR9w5fEWE_oFqySgE
zDl`JbzrOxY82X0rQCrH;Q%OBv=fn8ncs}Gj?&EyeJ>2_z_-;5mANsegULJA9Nw-%#
z7M>c1^2oL>>P>XeIJ$}c)=fn|zc-f1=f#n@C>Of;kVhJg^Wx|57{z{deQdS+RlOM8
zZ&G7??^kQaR<mEF(E64b-}}|fu^#)?ycorP_2^iy@xL6S*sr=)QZBaM$h-Wb7==7?
zeT-N6Z(0R^|2(EL{+8vF#8{PllGI3&Pi_p8<dX&6NUOhl$tT%ky!O)^X52qJ1c~p1
zN15ga?$e}AtC<tE)b#Eiiq9m_TFCri=QkIv+2}+Ix=?B@4Bi4N;AdcGe&QiX4Xim<
zsfpdMo%zLJUr|HzG@K9H+I;4vj8j=}s&*<{npHBDo|{pdU7jLMW5b)3y7u}tja@Z-
zP2(@l*ECLYRN1z@7VO69ar$*hvggG->Um+wrrr%?qAiDkEwt-9v23tq!sOR|47L&H
zXPn|tp+yZ}ZVi8<I!0x(c{9z2<MFd;J{*syr}=O^9+p<M<8d=N{(+$r=dA7JAfT_1
z?Ee73c>%mDweSf5yx;|}Txwwv02I)04#mc*V-a1KY7K;1rz>cvNLUe9D_4w%>#{-k
zvAM$gKqqW&P7nW6kJE)VUyK#K4-T?V-7hK+4d=$kz0ZS>9%tu4@9^r+gI8c*>L;HE
zLo#7ok<u3e$Pe<?hi5~#OnNr_5Un~J3JucPko^Rn4Ie_qiE_n?kzOv&8{d^QuUnd^
zJ(c&5lsuK&(Dt^*NIFl1_;MtkUCl$)6<?Jrp3A_BiJ?ARoTrVHT%3K_6IMZAAF%y6
zWn{JIRnx9`-h9|qecmh;@4q9fIj`>0`a@&Y^)p%h;t?L_)v{Pg-Av^F5h{O0*|X%W
z8Ys8L<>dqfWY;v2YXGU{YK>;zJh@Cm_Ph?=z>d~yVlyzrB$w0Vif-Z7tnT9B0fv~H
z6n8NrnE$Cqf9*Z{8{SRo&!Fz_N7~<?532iH?6bdZ!)brM{AVdXN+T8e?3ahD&)2;9
z37iESYmdWu_%MT-IvmNTPMqRo9y%N>Ov>|CY5(b{w*Q34_Mb;(`%hD){b%?+*nbMW
z>_6lDvHyhqL;Ft{v;Ulp^|t@~jj=X^I`miDfBJdbe+Du84{1fR{|plCKP`RlKc4=y
zn`0$kdEA2z5B1oCs&|a7cY@|65ETg4vDG`qwrmMeAKk)@_NslXytcHDeK8mt&w}wq
zX`~G%cBs6MS)LJYyn%bz3<5c$nbLYxCe#@!ZAGJKTW>T|T93+zyoE#<++1lrDieMh
zB2|o_71Nq4tw&|T*F%*4yMB1@M%_;ryj+Ooy!q$32NnGD=#XmnyMkEUuhx0&S6x^O
z4Te;+-+fK%H|wUZKath{=?Rbh4mOevqs9C06Ta+KG=M(_s81y~)&2&QWUNmM9EA6R
z6E;j}-l7u*)Cj|X`w(nM58eV0Yf(dGzvmt^F^d-Y7#Bo8Zt6w_!UU8O8RYDOWKQxk
z&Ct@1uQA9>W{NU}M<lKXsuVJJwnZT{jC!9OxYN;xi1#gN2IxD|BNGLtBQe`^1>VtU
z_zIePLPx_Bytc0`ICq9em@qnv<N#JcslTcxbh^)%pIMexl!Zb30kJkhXww*$8iR=p
zrjf8B^J(l6RbZ7(G!1s&GnY}@uHy^bmLTD1a~h{}8iZ`h(MQmlbOvG^W#-XZNz0~q
zw`Gd4bQ|W*E-isrOePw-?yl#4Z#R>1BnqbZ<Jq-&Yl+Sje>eNAE81Leo=9bnlsjg)
zZPSTVwt-1ykCYc2oPPw2E)bWzOxRQd1uWM#I`kGebUH1FVDlOqOqP$qFn-W0x-TW&
zyR%*Xci&6uo^?ux@k%o>yM}V14neer(h|D!l^DRl8o{={C`DY0kak_ES6c*4uLBW2
zh5Ssq{l&2pAObdo1ke4i84bEM4Wg#!=<{PW@WB5(#ADVm1SH#B?CNl`sYp!L9Dz&J
zFE63d-OGwKmf<)yh@uwd5k*ZajtB=x2J0YVm2i5bAER5)lp;lE2hlnw1a|6P?9Qjl
zi|dqqAMPrN>uDHXcXS!3bfNjumYujQwd9@~g;QNX`rCal{om{jig<UX_%qq{i14AK
zNGPZUN*>7kceGcP+PfcdM#4lb5#S3eU7K&ah-;&l)<ziN$Ly`49WVsiG;{n7%WyS0
zLhQ2$_I{r1uWS;vAv^_vCiECV>9LZLAAv(<O&}Tf9$bBMK^eqbzai*DJFvacF-OvM
z)>k-s%Q0Cu_N4c_q;d!Ewx!Yg-G}&bfZT6?^6^FdI8^>PgnXQfAIHld$E{~0Oe!xZ
zoWF$PRu5y$Q(v%-vw-K*gv$Zsf_31Q=e@0!<h{2a0P5fN1o%Yu{{w(G$WO@tAIDLm
zu5?+>HSR#F;Eq<T=HY{l=`M(yVlAP#F$>5BTWy3u4rb0ZR`L=Y3qK!&5U`K1Z(%}F
z2)+9~aUxb8j^&|BhcXI!fSkLSeV4X7FN8WLP7{``zwD;%PGIe7NV_j6k4xB)^Ku)I
zou&vyo7*ClfioQqX#si>M%EE{98$8zt@()X)pF`_dX{|*)f+&hh4}xlW2OU5eb%TG
zmW9Etk^wyYI{SjprZa^%n$XG#Fvbq$)Q+2pX{Jqt^oJTtOGTOwCh~*V{(FP&zwRpb
zU!(0V*?)oRH*=jJqz&x9q!YSuO&igDCPTIPwqSasbk*1UG?a-WV0=;k`|-6<jxU0a
z@9Bngd|_$}gy(DU2c@^)V)!6<{~hncbJiUPAKS<u!&TeED#|@CxjS;M*HtBN(~=x0
zd66`<F3v~m@5NOe+wvnx@e)PaalYoIczH_#&;x*@!tItEY0V9p>>~7ONag%?$B<iq
zu<~kkqAUk=H?vkJ2HBKBYA7WAsAV6|{SnJ~*-!pg{4wC=>iNT7-;+O{uCL;cISm#3
z5pw;%<&U@TcJ$(poAv(x@W<Ud9liMDiF)_WAJ@A2px{5d`okYH?o`Gf8Fv_eyyC0%
z1zr8+55t{m_~YVjPyXmoPvno*^(cYY{!QYK%wPq73<?(c<EDW^p7>S4AAhrtKmPh3
z^2gFQs^^c1dQbj%La*YFA@vmeasKju%OCS@dGp6Fb^rhH#~(Mn`6IsWz4OPR&ORvk
zhtB@+$H1GF@kiWE#vikMwLYq|zx;8jyc+)4SMJFlA$3Lm2&_v9+;v3aj|8oPKe}i|
z{`e(?LKYoS@W(dx@$)19A%C=7Q9Xb3tK-QZ@pV-E(Y>yMKlWVsZ~0^R4R8MVzV`ng
z{@7gR%^yu`-#dS-?c{@k-|gfNe{?RZj6Xul7=JwGtM$ZA{_@BE>(%hbSJyrH<9scV
zKmMvk34He<i9f<L3jS!I5&7eL2KnA01%Iq$AD0~Z5BWp?TJ`+VuBIn{G_9%Pk7l(M
z{PBhBzvYi!*Sz`Tb>06T{&@SUH-Fp=zIXmu-rffV&u{M!f7HKP8Gn>tVf+#6tMyjx
z{pF9<SE}KUrB^)pV^6TiAH~6xz&|@6@dsDYQRa`UM3SbEuQSL62Ne8~&pu8%ptR<~
z`t?<LnrZO;W4kIfQNO3t;U2%-5v?;y|7M=*hg8kE+xpeqi{8z7#0Tdo+aiMo^QC=h
zRzFN)TPB>uKo6GiI7ksJwEz|yG||{+>iD8lTHaBoJ#Q`I!SsR-7H^VLAT4WofIfd6
zLPES$`<U>E&7kfBHcnUML$r-AH`<z5%Qcpjpd>M11b>sAFi573Mp-r4P6{utZ_D+A
zuHtuP>tGBtK&c6Q(J%0kd-V&SBOi>KA5D=b`S`=UKIt%e(!+z52wt;;*X(D>^UNCF
zde>lS2xCM~blV;nYQao!8guU?Kb>K2mY7b7`9{3$DB%!5nOc)JJrY*qL3uUW@Qz;J
zfLFYu>x<|dzsqEEMi&Z~lRI;&h5CZ}4>~UrvU?BGW=mcLjd6B8nEa>3)bE03Uo6l=
z-v}>)xDeqNLF8TZrZ46{1U5sy6moKKw%OFEN$A-2IN5b)lm2EHU;rxuL3!JUEM|_5
zY)F<y_I^6+O^v0g$sT6C8Iaw~WNYmjS=vWO350W{v%g(wyuCJc&NJC=2|L!|Vm<_m
z8B9RvTGob49g%xyv^8q>nIdmVt2l`C{Y<F1hJj+10NkJ)y^KagbcB&1`UFArqCTBD
z#>JcO&_|#pdty0{d;;;i^!Zx@=(%OvWsE#%wjDMWRcLwpd>xsk0b(f^m1|A$muAi}
zqIQ$~FBl#_MV9hKZmro?WQ@FNj=!v5m=y?ChZ`n+-y3E}&)(+vQnS8qxlvPL)+dz{
zOzHF2Yp6-G=!_PhVEt^g{V1#k6|wDv$#&KR-?o#s&9-ZN{3U(CGDu)m2mzUG<;KWM
zCR-tl#caE5j4aYy-#~@=WxnWymbaDjkvsSszobMLf_*(nZ_twe)YAq-o?)YHr&&{!
zeb%HIq~jwmS(?Du!Ek#7-l#-0x#TA6LCy_G+VT9iIL1r7^?0B@{~PindME5>-A(o+
z!ihC_TdoeDZ9rfJcM%`IBl{$PNA56ME42EBvtY>i<Ujo#4Fik>sqwokaVgQisqH@l
z>@m#-*ylFW^|$qG+23YqsT<&kX=WsC8m+|!WBlIiKTP(aIwP5yS@Vm@)=$TiL$Vcb
zyG-@vdV?lWUytx`5vfpQ;Nx#*pED6UB-2FTf<pcC=TN;{#9L30i97)laZC1blRdy>
zPb2fGYqF&(=2HqSorGGEH+gG0na_s=+8Kcsl`^_4md@l~4||s0z+rY&Fl|F%1p=1s
zQrWu#c>5fk(bhBE2>t>H1HBU3|BH~B4%%(0Y_A4uZ#!#md$vp33OaH?F<nfy(F8+h
z2!;qtJ!6nhY_cA(7&FfE?j6xP@jarwXDyRGxfYqRwk~g*TNly|)H1-QP?IgWt^vM<
z!nZK^76ISF;9CTIi-K=)@C}ki)Qux(PareBLoie^W2Ng^#4;f3X}Wtx7n1%6f|CQF
zKSDBdYe0Vi&|d)bR|ER10sRF)e*w^64d|~1^cMjA1wel_puZZVze3Vq5$W$H>Cf2!
zUsLzGn3BW^FQr}r`?4b63BJslPnvxu0!)CTyiI^XzT_*v?0<Jf``=lzg;M$InJ~I0
zZ&b90T~Q@Vh2aLG_z>=q+yvquwDuwVgtx9zwE7q}@*2W-PI6+rr7C%sZt-tJ$uiIV
z9nfP04;F$T!o>C(M%x`@<TePgjaz*nU)qPB{gI`X2JqghNa&e8QqVU<7i(7_VF4t&
znYw-s?P<txY_>mSwolcW<Ih<hG}~^-{6(EAvx)RX$X7>ATIaF_7uni?SY;#>3j_OH
z!X$a?H66s@M_=r`>=xD=uv@_p&_O;0yWDM$r{L{UkitrZ(eGY%i~cH2zC~vjuDuU`
z>*niK{y+#HydF=5q0VD>+H;lpBkgXY@G1(5_wx5W2IZ4j`KdUs@^+z;yGN<B#JhYx
zln-R(tHg4(zta7+RQ^gWozjcsLs62ylJR<q?5{K|?w|WBJ^!Yszfz4PKm3*6yWRdD
z`72EaczFN1UE!}p-{TeG`t5J)>;2w3@Ad1uj;-JQw<}-2*?|gwn3Qf__#X)Cm&MB4
zc$Zf+Qmk)~cX_|YiuFAe>&u@d4iE4<ynUo0**;UNU)Luf$x-Jz$UFMYI~@&oTDKaD
z&erHzOTWA*(e`uVPp1f%Cfm**I8Q#MoK1w(a0FqYvl?^XgB+D#m|Yhd5%a~>S&&@w
z@&bsLNLXW2co-hwE5pIjDcSaUczg1%Z3)WCVA`*(x26)oa*<BI&Jtc5oIwnvMELZj
zwj2S5o2m6~fPUc;6w+6sZ-<?JPyB&O?w?}~lVdG?J??l5&8KSom(twbC;~cyx}>C{
z?+B#MOwzBL+Y_WbVfK`^oGJ1+6rke<88gibei6L}e-#?P)s{25OTjnfOEEd7eJ##J
zsPz(f;k3v)mqHHnm2A@RW=k;i0DHPAT&MDmrZhdQI`3#YC*jUfaO%lt6O=Y^6Tt+a
zRbLR^h&s}+Apwqs@h{?#_TNbnhw`lrUM+bJMfZ<}GTrx3^aY#IqSWG4<5aP`2gj88
z=&q)}-60($m6I*oo&qs2Yv~J)lTY>pt)or}cz{qEQ`6EPja0ORLmu%$TTUb_X&#>(
z@i`CsTS!~_g1e+4>uo}L3y{cYvi3yVAMCog(kIbXLT|-MGQAOUYhN1<72PBtw{n@>
zn4b{5{zG#6=yft|cZo6neD+tK<o4#$w$kdG9rFn1x5#XiD*6`=Uv$eYQlZgqR{P}#
z|D)wzc({_~-is91;z~oQ*KSLIy3F1Y(fnWS!DXP{Xz|T9iDVbP<Mu&Ab^L3!>($qj
zI1I`qJS6}fWg8@-_@x=_?k#RLl*o0q-4}QGJppWW(9e~iYhyiFibtjXAy3QUwur(b
z4WuDl%luaygG1PVsFEQJ#v!B_c>A<42@Od-aSZYD7^W@$_h>LxHimNsPQ488HwUf8
zataB)lgt}1dMCL$3fsDIzT1IE0c6<QA5Rj8-E@(!VQc*zHhLhw{1YAa3!dFgHi)Rp
z(3u=vyL@0|d@9U{@<pFCTWoc2U&yFOU+t(O3t?d=oLI&oX+4hnoY+5Gk4*<FS&!9v
z`P=}KToa1j$JLX%e{t+xAKf?lN8R_Ttb4Pb;?+J)D`8;uVm!7oRvE=1-0zbyYy6`j
zY&cNK5Kh;{BVMR^A4oEm21ffl>VO?3%$kf2*bkA>41ZK2wABUjXtLw6GkbE8!8L$@
z#mZnd1sFM>@#tZo&Tjb2i$V+OGz!5$aljxZB*YQ3!voG0AWr5f-0Pb(PRdmXW(Qt6
zkCs!4{_EMc=!G0*pf$4f)Qva}<l#)_dR$EVEe?eMAek8E1|H{*zj75~)?^3s_F>@(
zu2wi3m;~5EAk0k>C{Yu5+u$Mt)FeoMM#gJgU218_RK?hwj>(XE{nQX6rtLE*Bc|;(
z{7bAbSLyUOcm-BkgdC7)`DNwO)s~me7gzb}R!aXypYN%0jfvZY`V8Tj4B^_k6yaI)
zF`f<muT==gH*lGN@Ulw^girH8c&3Q(X%fPxsSsYm5Uzglw;O|sGLjxBeDD;Kv{4jL
z0vTC^$N~z;a3K=Pp3GO0@k4=1GVYGQT6`x%$K?Mz1XsSUCP%Nd-Kmn4M7r&|PwIBF
zm37NIViFhzlP?=wEl8J_S(leRy1eZFn)c3TYg(UT%XKcrb4`tO4>CGNc&zCI7yr$g
zE~w>eO`oeJOPDO=b3YuCw1DAtB;35W&^K-xt8im<q$-i(nFf{cJ1&9^9|5%3ut#b>
zX`$~GZ|1e)tP7c!GARzhk<};OA^Kvbu)s=@ZwRF`&2mxXhe`>f!;EC-herw#`1BR9
z{`q-^b$s98fpvq3^)SRb)C@B^a%KGXsmU={T_x80)ugfry+tTx5psdz7i^33u)+9C
z@hVLF+{Eu+z&3G4e-qE9cy8jx(o#x)BRw|p_s{*CO?*vlADei=_qApEV=tRK)>LgE
zD{D#w(kjn?0_potF{906m|?`x&*_aBFO)2G{Tq}Vt>p_P#}q6{FNj^wzu2GPV6BLf
zb%J!K8S$>Wa+a(wvt-{YSkfmtuIDmzG^XhIIN0m7_eMwF*?)r$jZbt0d!j?e!^dYN
zJiPL?yK2%1{THO+oX2o+AH~HhHT=MZ#rbb=(V?a<Ty!B{6Yb_u>rJ;lf8%YpJJ~V4
zWx>v5z43BlQAH5y6Mi}+Y8aBK#@RL0r*Z(?F%oPS0eL$K1Rr^n1xXwRIcb#~8B!bs
z^Ibx94hHsks$PEhes-`Pmrnl>zI8H!3Jj?<;Wkac4WO`u?3`(Rp$~%SG#+^00595v
zYXvB~KN2Ld|G?Ij-H-f`-N_j$XtsCsfz+NlnZR^(Xg_J?Er?-p)ezrU6wfnKYn_&n
z1;lim2CBZ(!jvIQ5h&&nuUs~uXVf2aaoST!TcDJo%0FDC*3Y0$<eu(s5XK>}q@xc3
zU`Vjn?0*jQn*B#lR6cw5{&067n?0R)_7neb;(tGb6JHz%6JN_Fj+THSt;oHe2}Sn)
zIR9qet6%xVYi;u}@%*{v7%pMC4zCZJf|b{Y_2idrm+f#u-rl@~MNvi0VBTH0;FkMg
z_^f~SO{d%KIzcKwPAmVcQC2=c?<GBG*&nL1UuaoNTBZq5mffXgfwZiqsw^k~%gzL2
zSv^%*2rb)9%bKdn8qu<^XxaU$vSzew87+HIRrUZan@!8oRAs5OY$z=os4DAE%O0j>
zLsVst(X!UG><uXEgKx9?l{;UdWx=%UT~)m|X_>1AmaPncEie@-CffR!JKv?HduZv$
zs+ucl+1Iper>e)2fGU?*dlr^h?RIrW05u=e?=;%ek#qhmc)Dh#Iu$UNe<Uz5PNcK;
zbP!`z0~|$usq2TIQ`G+&>eoN#*@smL;{cfHUNC<tVI}~~0WX-~^VE$jO5g#Y+za5*
z^RyA*SRou>`keQKsdYio5r^%Z#|ifcqLIv1^uJu=Ibox+e&KFXzuN`RK0a2$yah0?
zc)@JHrWk7uz^uK7<5;7`aWqt|zJXH4tJ+F<Mttknr@Ww0zqI5EMO1{)5*l82#k2Db
z5<tZ+0`M96Nn1$N7o}no<yR?0E#Y^7AhLl+6Xzv>jR0`W3t-_T3Se+9(0C5;&kL+f
z$c4)Ly|9yeMuEX005j=~C(IlrdB*}wmVg+X9*9^nX_Oe`>2CEXEqg?@%4S*?Ps<)t
z)f-65TF|ngs(O#pG7T-uRMi_s%T5JQHd56aMay>5vZqw_#?i7bXxUU%y@_6k48ABX
zWY?WQ%3g@Pb3p`X2mt3VAch9e);p_O??`*@Ld&|V%3{5GK5<1{!i_sf!w0=+?63sz
z1^|>wG$yw2%~cWLX#n`Zi-JCq05SmJwX2>j%)cfAbOV5C*F0OWNC1riVC*%|7L3<L
zfa|3Mp!;>t7J5qnhXA0H7r=}%1s|^ln9MRy7}E`L5taf#uN$5KD;TdtIKPCqvq8=v
z^aCw+zCv1cqAY4Fc4as(z)vUq2LeR7y1U|Bv91^=B*AhXgfGLKyW#Kc@Sh_14?Mkf
zeh2@702xk5BjKb$9nftyO1S&`ReaT&>6+$*$U4r&a;ZW1la)re2D&WlYo@T1eKojx
zx<<H$x!SohTo1VhyIQ-_5r&#ETrFMoT@SnJx_Y>3xw^S(xVpFkT%8yIqN^3?#zm`l
zL-+yjKUT$ZE*$~af&(T4M~Ev2D8%AbN)O*b=tMJ%$cr5KARHZ9toA>k<&PPJ(f9z%
zN4fQ!fwe(BiE9ObT?PU)gHguzC$-1K+|PMu@u~?vsMc+Uq2NDsvtmS5PM?RUL(mcs
zYo%JE_i|%4w=Y-5a+Qt0aTVjogdqt5?j6?hdiv*zK|4vRIYNFdOX2v@+6BC3hnonu
zCx3v;Omvy>N-?0G4=qgyO`e+l<has=`zDR$7nD<3b2h2({2UvRYK)O<3^Go!K#eY)
zr5Y(vV-BmKqcu9S8vKSqsS|R>jv?T-^iZiveW((qp;dxt757%Dlcc9DW49;VH&cQ?
zNzOUv3u^d%GCUbm7XmL2=^KF0)Tk!$t_=UE_ayS5#<u~g9wy5*`p%e|O?sFn!KVX!
z1*d}Vr5aHzfsc{k!vKCSr$SQ5RyC4hV^l~wPsYz8Kk%h^;n|)L#yJnGr?sQVYg(~#
zx1WF?=rLA9%hq46ku-JcBnft&MlnP-rKe=r)JaoEkttauc(ZDJK{&n^9G(}7@kJDQ
z(T-w#HKEVmtVS@cQC2ATNzhW7&>T@CR)KtFG|h}WrDC~C%9QNM66~j(a)??S;(eTR
z8K>&7z(<D?X;>z>+A3h5kYUYZXU-(BGe?aVxyRB=?kpHPYstAH7075V*B)e<F#(V<
zWjw2#-JQ49mUjn7*Qc+8R_`yeHEe)9kHW%p7s=M!we*V=+%Dd&347id;fD4>#T;v3
zxA$|dZ=mcqQs%Xvq=Ma1NSM-A+)_OE6G$$@2e@}yZ`PYVg?BXi<qB*hbr$oQ1MU;6
zHR7h1lg{a1E~LLyKk}46#_1m~yrSQlkggra>vIdO$60;y`6~Ua{7UAx@R~I34lr%I
z3#YyRb2{yhb#&SsnHv0C9{8Z-f1>jD!b?Akr8dA2U09Z=F<7*`Ju!l}Cy@Q!K<(~x
z!$avNKOmHvTh4&02Xl_xorrlf)mjW1?bxrhmA%$>^bz0j%|I|s%`)WWLfAg4bh;sE
z(i`Jfc!BjhQ&)sCGu7TJRJ|Jp^9{XO;ifUEs5v2v8rQ@SL>O5!OE@_JGg-#{lp;>%
zxXtZ78NYLI>V#=)d<9sV4&jerG)i^F3MT*F7y;7cXsuG397%qarD_c8VZC5EQazVL
zN0*}zV&g&t5Tm`n0oG2ckr-jNj~A4+Y-hd)bs|)=VYT+*M*C#J$c}Y`(B*c8TgnOw
zDxOfV>0pr32&y=2wC6IQYA{Q^Vj};c(Wz?D;`OXJ9dMo@g`~=&Nvco_cwsu?eA@vD
z=aUxw8=PkecfO`L&r;$1OZJ#etsGmc@m`67jT&#kg+34zaT6*uxmDpN!@kibSseDu
zb$tw5??2tAeC><wA(I}gWmTLgE#uaPXiP9)Vz?|54A1x&R0GcMV5_TFdk-o*jbE@0
z_6fB!c>C)}xbR*|Cfsj0Bx(aK+o&r0j+R}!hGm7SvQ4z?C@m{dl@-ylO|)#6s%$$g
zTS3eAsmgZKvV2;0NL2=kZuJdgDU0EgCDhqSt{{0{F?_~Vhybn)1mJP6M|_7RfL#Dk
z>YYLME(Hh`J^_FccRc}~lmHe1z#uPx$0UI90MOS9pq~ifYEPzayE>xEcZn_Tig&kA
zXs)hTbA4}%05`rT0CBgacZoWo0LAn(!n_hHm^XTzzBMGDo?@Q@UYDL9W(kj$bd;kL
z8H7~nC#eu$BEDSg#HyCQrg*v7jD7rue3b4yz?B+S@cL^W{@HvLEF|7n^6M$D3!dkH
zRrMtXOjI=Cec$@)dWEn17M{O@(&0fBrslEj6(WDB0B`c7yTeIyfhOBbgKc6cq^wr?
z!uO%?lKVvPrG4nDWXkkC4q{YB-B8M#MtJveL%6=-D!wE8<7fp&&dq+6y(d%U?+67&
z{~hQy*kqp_1+S`59yH;zl<^VppeH5zJYQNuAEp$F4}bNp1}vYw(Op8ILe23PEa`pn
zdUoP+&KvD@!r{#dA1_#rn+pmnf2gt*f+rf-Q{b1r>nL>rNq}4{iI^2e1d}-Cm#^7D
zFi}op+X;tuQ|J6UM=GQ&2x7J!)qAJfYW#bycXhvMJjn$2aW-H2J6-xsV~g77gG?Bg
zx89B?aHb#eL(i^&ef#(ZnnUsiJeNqQCxsB5T3JlZ-*>g=T#tayPIf=YkktOGMiApR
zEH7suXNiY*7u9z?6}vu-T?@MnSKKZe#`To*f>jmObI2}=`3GKxd=ZNH@RuvZ*B)Zj
z_xWU3^pP(Da5fD>iL?872l+mJMtL76Vwyp`zG&A<*Mdn?r3-;RzZ+Z{TcOPnpaUuN
z;Wht9-J5_%QDqIo)k%O(SgKK$fQ$qT8Zg8}0n;qnO%kYv4n{#m1x3+_ikN|JU}Os>
zk(5mfDk|=bI`6o>BQrWt5g}nozy$#})R9FIs%;?wl!Pt)pXF9{Rd+y!@B5$U|K}M)
z*S+V~J$09J&pG!j3=Psl>OIqHUEQN1S?dI|ypu?>zy(sM-gt%R@QHVf4*mB`i?**t
zacrfeLkl7BE)z812O?AyMbwgqjv6gGaEmM6(IwlGI|dI%ah@dGRld7W?13*-i!L-?
zajiv;>_A9gEQJQgBE9op1{!ym<<^e27KOay22w)!dNJDm&Un2CDbN08i~00>qiu>~
z<zMvjX+i#dh}Qf!TI7e$l5iFB0nZmMfkJXO{YD%2R%c884_LC=?zb^m!10P|-#BcY
z^On*2DPX<Ams>vNi+>tu&4`sF<qCGW6tZNA9?|w2?T0rz1NEDoE7J2FMfYD1oQ!U{
zYGguLQ#)U)vZiEzcV-yXM62aax;=cgCC)!5Z>8{z!Y=dHe<~!WD0HwQ!Y<rPH%#mo
z&xDp!PWiH7)nPoy$3+kFu`nPD_7xB%Mpvs<i6{g<`~wMrpS;LI;48<QSqrHh`@K&K
z(r@Tg9E)<WSwHYw!<>e8HJc9nWgqcjoB7xviC_CNyta5LI=i)#t6C>59QxN8t#hi^
zue7bF6H=#_>L$hcxevtUPOVGVErc1dl^$O)3l4`S`HAZFx<9u_{^(J^rt@=nk$&Fd
zkyK6Z*{|)chr=u|G#zCdPhbSVz@W|6&{J{>9)(MX;3ahfj_-K1-I|0WZ@-?2-lCsz
zT*v|6BHOg#>NTR8P5!X8CGzgrCp?nK&wzest@!-aF1)K>tVH1(3RBkp7o4*3(J8wT
zr`o<Yf!F4hZ%4^f@7}s{qqA6$(R7WtDx))(Kr`1}3V#zH7u2qe1?D|m9oD(9y&v*?
z&0S)Rhk_%$LSlMr8D`&HTBjHA_kOy!Kwqag`^5*FBbJq2B64Peh$TE(vLE*d>pO~V
z5=7I*AZ>wNTGw0Rmp2|?_^pTxDm7pytnI|Zlll)H9@)|AGQdOb=z?9Gaes;LFZxiW
z8$%_UmkoPX!y)e(9r6pKBiD&W4i3&uF?VDUeZhBro7K+73-xvX{3;&D0gn!n^!W3<
zUf(y?t2fx^o;?L9*xvD6fdr&t1fOiP+@8rv<zCzF$Zq7x7XCd-(kNf+n^~C7sA8YQ
z5zTM^JJOz#+~^Btu7wT#<d3GE{v_`7=f9<$zUNuq=^q@`ce;GI59W<8@>2X6*b!My
zV@HrRqlFe#Z1YOttKET_MfjGnFh`;DN%3NO!LZzxULdA?&`$*|5i@l>ylFFC?DMPb
z_-YJEZ8@thf6E}y)BIDTXVqdn(GwB`gL_yT1>`sMU;>ZPu(ddbB_x;6)~;^Hvit1Q
z6Wj+zkCsGU*hVd~MxOzf-5bb7I)cR-7ef(zyh37ji3t5L@h4vRCAxW8CG8#E5ybfH
zpkA{}>o=Ykdx=G~N812K)lA`EVKvaspKop1_~M9Lc8n;Jvs$UUU>`ix-Z*=^@E9I^
zLuVp9(~9qzb`R_jwdi8lH<S19zA;91kc9*2LK^~Td`~DoOq~=%FPBj-)dpA4m3ygd
zsh3Njmvy^idf93@@4Hejmr0=yknt;>Ujz^frI=-K=^Mr}@J;tenT-mmC6*=pXR#_a
z9E(K4cOQ`*?WgYqB(gS5p9))|3=kqU#9^qgoi`lh!mLdkYXxdA#oA@DtlJx}NBNiA
zr_O+03?wQNYzCXKaKrm1sw`(!%a5FpIO0s&5&7n7Tu42y>L<0l*G}yoErqt8j6@Ej
zr5&D(+T*pC!uI!d0mR<eRlqpm`Z>Ps_eeNM?>&s>d8L9ptQ&T^myi4kUOwX_F$+)p
zbY`hPN02<1)*A*s)H@Q(1l%ap0<va900kaf;NbQXt1z%1ARZbXG5CZMZR)>Sn4hiP
z@o%P_$14qCezsO93V*KD*@#;X^f6sm{z3lQo#&k{f9>Ajq5s$N*UtXZEuCBb+N|?9
zf9)W8!~aqK+R5ANDSvJFi|DKVujQ}pQhnsV$X}}j9>zs^)Rp1DxLla}z@i*+WAqqF
z>m>>O2oUTkO4+`Xl%HgE78eTs(5jEfhxOfwMo)x)F!R@Kh#71KvY2xqd?nF=ecDO7
zK%fNQ`IVV={22sFz3`a0fWyP&ahu8i7TJ(|xhgZmU1f8Zp1OVR{qXledC^4xS-x2=
zpF{fKL~me{=80_Z4w=+2t4+YwR8c*@t>{vPF5RUYcb~r7iv2bU!=gks=BtN1&U$}k
zsF9F>hNs+fAB4X*%ZpapsLKj6hN(CpSB(9`zT0!(X=mvBzL>t{3Oh`8XqM4`_S`J^
z>y#H|$8{$!`WtL)>QY|vEc^_ufIk48#k8<=Zh9ve)kf)$@FaPdajZ?UXT?rS6%lu|
z+<;9yNdp!MW+Sxj4`18ioiog~-)H^oj);HhAHH+dzs~f|G<c^)9~6E6KY=ucFS33H
zK-XG;76TB*o*G39Z+Pk4+{i`#VQ0oD<6q{%yDbKznfQz;5qvjuq5^EDE&Cs8BUjl=
zk7dtw(F<pHz?uh*8pPw`(qqmAy+lfb+x%T=!=hI7XwG)``?uk~?e@BEf??LGnZ9#)
zZBm+~V<A_}gyj|964vvE-Aht>qn1#H`XO<jYNzZdfg&;*(c0*gq1X~1ek*a*p8`{@
z2Y*>;(3u<$-%UmDz|5qk>V!zJ;0;XCFg8x_@Fauku>AU-xSJCYK9?u5(K}>{G5GC;
z$bV3KeWiYlXRKZlT}*o{ovw!nApk7``DwealM-16Y`xO=Yx$ufthap~PQ(H{sf8_e
z>JFV_jtWzY(^m+dk}Quf&WSkJ-*GYTN|7kDSx{}&dx!4GLRt4f#7g5qK(1)o<bL7?
z$110>NVbf73R3YdZDFAf92;lRBBx=T#jR3IoW;!Vk<AzwWitjqVOJ^~94&Mji)IQg
znvD2+kp)W;x31cge+B8a+)`7?Y|0#{3H^lwDYZN4Mm{cl!VRxHmQ$^bIhrGddxd)%
zcLE3A((e*}dW$)YIi;q%ge{`5xRkC8@{Rj`>-xO=lx{1vlysE_Og4bQWN-F$SJaOc
zbyM+DrA)I;ca+ZU61fc65Pw6sZBBK#6P#NVeyv(rt~hJthj!AqcWSMupJT|P3l!TS
zirv@5?K_n^vy`AG;y)C2D0Q{iGMpmbp-gU2oQ;Y+yfM1!@%CYTQ^YEgyLe%tNX{3s
ztzP=7AVwr71~W9O1!+84SA|jh$8Z1GRLi05c}b@e*eW<|+HsnlLi|Tv2Pm%mEhjqk
zW8dVV56>SY#p#0={<@O({?QojBHLr)E@C%*O{1~tfw8QJ#BchS-Z3^kLExsZ^A4FE
zx9OX;ci;NMO<$vLPu|S!M}NsGqYQl?mx_H%k{~Wel%PL6#aJ3!vWWCk6e1S4WU1Ja
zBq<;Cw6G<6$4yor7D!got`s}+*>7Su9~4$l;nmT?tBf5v8+T+be{-l$j2OTPQMzi)
zFJ#3eL|ITym}`5XCgjJ38r^&)uj`wy_;sG_=DDWLcdaN4&9&Uu{eN_SP5%84_t)6%
zE$%OM<R9&?gI}G^{#y9Fb$@ker2Tc^sJ_374w?4Xk-zik2Ig4ym&M)(-M9+XE&1w3
zI%dDpk6Fvm_vE41^|xm={ud|xUm5?^v~`Rr*o_v>0kNONEQ}W}NK-NU*qxkxjK+UF
zCl+frqMu~6F)LvFz~8&d5BM(g1Qr?e<!TRxzm3wDG&6m<{RkyyqU{)`>Q4=QN8EFi
z+@xvQq}DBGXQ#kaOrJJS^9IriEB4Ce>**t=*bANer*|PAFbWjActd>zbDERI3TAZ^
zYb#+ZudPWU(b`l@^TeOkpCQ7Z7f6aJBGvmueclodSt5%tkBY9I@&a-Qrj5W+VwdPf
z?Sn^K@+7MzgiPO@82XHQ`UUa8w+Jq!eeP(&gZiywKQrOzI_~Z~a`4<5MQJfL)j5`C
zZS~FlB*W||I>9;B7>4x8Y9O;;wi+XO<bo~C36Y9EN>1Yya@H><`+)p@Eqq@OVfT|}
zwFVL*qJ;oo$K+O%ELJe1gPk&AGX3^~oJdFmzNU0ANJ+V<7>TU&G=5oV+aKD-Nqn2P
z-5MV{F|_T>nwo1)>1Oe>mjkVJ#o1>R3suf|?M4K+k#CD0Z>g_&ROpTtx~#8CHeS^Z
zUv-?(9{C3t{$QwzzJ3~7ZHdEBk8GWx{rhP>vUPCSh{Ht3`W)8jSmmz<9dl@xz5+*1
zE5pnqP3!&&pDL-E;}s@xugx@0l~nD-%Ut+`UdTj5`$?3~nK>xdzSAHu3+i<~FDl;!
zTiyO2vWQqu{9$O$+D>u#j_-ytisv`x&DeN;@8gZ~`qR)~in~i;omKQ6Mm?TLP`E;D
zo|Td$)D)L1lzWkRc5UM?oiLPj2G$kBk4&2s8@!%xu8JuaoJ|S5#qSI}&tir12e}*_
zT3}adpU_=}dihBBr~hxc`BJ!NarFEBc5OfEWHAFEwmM1M2qWETw>{2Nky}yi`<lv{
zwb75$Ek^k(I@m!iR}@X4nB(;@*DIk*t(Pd~T%=g+?JykU<6*JyK`sg+WaDF0^k*)r
z#G<{Aao5@S23qP=cMRXKiNU>GG!4Q3{TSb^Tm&f8=BK-*P-cYkd)8v!%}`HxfM5M=
zq0ap4Qd_7k|LSiG+4z^s7HVv!Ul}$67IRf9=4z>!D~$h7SB)k3w01nsSH;>)j*gAA
zNUcLHTdGz>0fk_fVfH^<s2tVpsMh!ze_Ro|%3z`P`^02A#+Jt(W4l{RB22%af0B*q
zANgHFH{&tvVYS4ei!MYHB|Wy0Xpo)24RRCsGmtooSPfTw%ty)&L9f#gAL;<sA+-at
zitt*&)%{uynlz!c6g_{3@F4k8ncG$CwD$O=Wn66!cg8_r2AE=Q)M|fv?@)xPa!a2F
z*di7}m>#pQAo?MItrCl^78%wLRaX5a-xX{lIs_)k*BP-<5Ss<aGnGMwJ$#<<Ss#Zr
zwc3+add5+VXAj6nip1Sg@OeJYP-UX+RJ$W4Z~t{-^axa+rz0?@ntJxi`4qWK64R5q
zDxKygq#a(LE@3c%@dnzMkIuoTSP_nNDV?GelVBI=d$pY%CGkNyX6zKej#k@hfm^MX
z^uHHLm}fDWgR4eRvPGo<scgz$ru7hgK`wqCwC1%z1ge%0&DpGtB0QgGYy$5xBjG&a
z%Lf|rp2veUq~A0QYW@~AkFobz(^jVo$Kj(r>JE)u)XUb};T`@xdZ*gEH}ily(4e3-
zpd~QQ78oy$!8khxW4j6C<?DE4^`sg{e7S&YTgG+%{ZU+j9>n8^Q32!e>vXdz1+9*s
zm{+awCd_@vgRk9N*_|*=jrkJAvQLT<TVg+MNYr<?WlvElu9S-JeI#Q1kDZsxmRB<+
zYx<B0MtY9t#hUv+%YU{cK7Ytf)amM&1<~lcGp6g)<gfkj@?S;!7nFif`1+Mh=^a~q
z2HRA@)MZ;r$tx<rQ8X~=?rVf_L@s{;ei-4l#U>0~W7iSxYC`@3G?T{Q+dIQ|pn~y&
zDDvI$IWzivspVrnj0WRg`6vhDe$4{#KT&`s0^kW9TmD+@<xGh<P~;yhfrJM3-%uce
z2IJn*UVJi3%K1KST*@_O=w{Z@J#&V|c{N>7R{Z+zOj&d8R!nC~LCZ&nPHbX{?jyPV
zB!f!wZP-rj`iGbsD|`m{z?+#<)oKZwHIf;dRTABZf68^Wmb!IZx036&Sn59Jx@BDV
zwWV%5*Ujd-otC=qxNZX1?X%SVD8<@|uQ<i-thDR*EQW7+G>++g+zj&(!j#6r3~n;P
zJcBS9O|dXl0)~i+A7NgNgIRUL^qy-G=CwG}^|#D0{SoHbIG7jBFv$qB7)r=co-OIs
z^`Y<a;REq-03Y7s2QnM3$E`$1O=u6+Efs)C!d3S_;(3qw_gC@nLGkZC{#SQ?rQWc7
zN3<MyA(BC{{A2zX<=4$GWlEt9qI`7}o*3t;d56dl+IKIB2jNi&^p7YIE!iu_9U{Y9
zyX5OfL_Yi{b9Jhyc1XUqyrQk-ziF(A{NMKwkbe#>-j<I60SpX^Hs&d2^wP9^@vBH1
zEPjpGN^H!?OwvZU`He{NG^d+0>t<*RY`pL2%N`%jU-s-hW`AGvb!t(ey1}D<rl?<#
zQ6)fsu04OmN#|u6sZcy7FDVi1E}Bca)y+o>#chSKDGn;IncKBsQ(QLNF8SLl>V8fT
zfA`Ob+J4p)ez*S+Mo#ker06j0Ib5^5m7Ia8wmK#y$POF4Edk!VkAm?ZR@85`fqRW1
zKdmA1wihU#dr|aa;;ihKpM8Ptm+zPowO>Br4P1%b66r%cHa58UGXmBn@&}SZv$zj%
zptl@ZxC?VMI4DM1w0##CUeAf^SR6M_2NcH-)?i^)RIu)EIT8Me1J^+qy3eU3%Gpx-
z1X;Vak}~9=ub@8v{5{&<shvpxsjJ(a`8LQyH^Hi`tI6&CwiM{-Wpndhvk1hRQGpz9
zwc3B-7~!=e@KvK>RA6z8wzD#l2f~nd_a$27-S;)?vu^LrKI9{<Oc3R@4&=Gw3cZ0D
z8PWNe%JZ@3Ih>C?l7Ruh;SJ15Ep#^fhZ_0B*FHz7Ei6+pnZ}2Wc6z$txJLt62_-OS
z>vMPlSK%S6@h%PT#uvl;{42v%Fi{27EnIVDSH~(-pzs1JEQ}U<trWJi(6F@E-gp?u
zYwI|>8(js{K~o<VDi|xkfQYVbnSua)Se~`mPbePsOGQ0G48@i5d&858VfUs75@^43
zG{xz5iph-@qYIxEB6VSKD&?ip9)J>W&~JCk@4?P4=37R}N=1>Iir!0ZfxCKI@LblI
zh)>yA)^&L&&%g<iE5Em)@);!b0tYQQm`k=RDyTS$4uzz|aQKFe3TFN;F;lKxwGzeX
zjikNvsu^Q~1E{Ldb`Y4t9BB57cE#KE5s&SF5`Z^^li{@mIY$d}4tP~RpnZSpTFjWB
z9etbMLrf*AU0Y2-3O6yst6qw7^2PUIe+AiYpc!gGE`2`?Ucpdr@O~F6YXdl7MbF@X
z%~MeAkq^K1VJav>CaG-pP-*^rC0LkC+MR-&2w)PvI7S}wL~4oXPF99`7S`dB=5cPB
zH_{uJG)W0ux|RsO!q^ttP7+_Z4?pux5pNN1oJR$QHjGg-8(`sLp0ZTm8)Ego3~ODn
zI_i~u)Pg#2+DB(r?DaP?(w!=UrFLQ5TI_8A{09NfXT@I6U2aKxV;9VaT8pDP37Gfr
zH1TlJ@=Pgw4`ye%Q=|<`)80N#9wXW}cMOsUETUyDVe5enT!bg6OY15M-{!(_cl^^<
zy!hj%Sq8Fela6!ptl4&h9~Qq{+Lw>=E2iENYY(m8KXp+8Gqd?F<;sQ0(&_Gggzf9K
zAGCP)1G4ZR-2EK>@NDjWDjqW5{pfc*@}tZ}|NZtsx_!M)U$b>T?lxZZRtt81=Y6y(
zY`^5z;nEtP#Ny&EyfHnC1S`K%TQqbZCtCjPKZpJ}!HVlCShskYMAj*HA&n)fL&y42
zt)pOc=)Sd+8-_U8`5VS^@;DD^I_zsYi4ODINbv*NBbLtiVKr~aHts;5TGhg0Ur2?g
zO;Pj~uj5V&VXdyP)V#_y$4jARxiJTU#rzc++QP*=8{H-u>gWt@swhkng?}_=?Ve<A
z<jdRGzTBcOwkNQ@I8At6zbmf7+90iwAAJ#T-PBJoV@nXER=kRKui^EH<g~7aCmI7%
zvN8#15?VseHm!eeV9F%2WEmAmY7$W}^&2-s?qj7A>jg&#@_%nK)vXY9y77u40tlY>
z9&eB$(#q<0Kv5GEMYCOsdu4`Q88XA+>q<Uw2en_HK#nHQZVx*|{+eA#{#w0qC}O$x
zF{6aiE526f1qW>}h+?FNDdg^jQXF2mw=Y`L!Wp7<pGi8raByPu9!Y(RHLpNAvW3Da
zl{A3s-KBHWhmjr>0m<QBk@Gj<s~IH>?nsI#t>emc8Z8NTq}YQn6rH>Mo7VjAHxHMz
z!r%Ccvs97<s|~xL$a+4CO<2!r%V7I4&|d5GEpN#2VsR<BxF*FcuD2i06i0JF;!RoN
zg{7gNXc^jkQs_@bohNDT=MPJkcnccRedhs;Zgr6dXs@QdDO6O<$+2gsf|hP01s}lN
z9F~l-@et-lN9Uk+U#4CN504H+!*Co?^mvR8wu1(Hqb}<pw|d3$i>O_i5|{-`W|jj6
z1C|U?%l97363VnP7p$DlW_vxP%v$XV7_Eu}z7*1CsP#g6BY|!32(0_wmy8x|>Ml`5
zBGya3?xveV<6BV|H`|{by(e_m`>*sw>WqWEtoD45^K;sT^5SPtf+T%}got6k{~Kx1
zwNYAB1cke)@a||~F~)zS!kN)RKNME|o3s>Y8XwhCphdlzZV5c)B@-eh1;T*2a88ek
z<2px}VH^lEAO^;GU0Sowe`<38u45ci(9r;>Lx2Q)T(|*gn299`p)Ec+0OA?mUa$g+
zHeeBxRhQNeeueKgl8dHl-4^lD{m+~E^q+x$ZpS}k5QaCwpwn)GH<ke7(G?+K0m#t>
z5Kc6y%(Vger(FflOz$pi)t5Z1Uqx0t%sBn&X0z~(_O<cyq<S06FTIwuAW!o79q8!|
zEU<f>Cw!N~As+5-&QB#8tfy*+$S-HeE1tlGh<1Ctj>HiTefVgmq>DTGf2<E!{L|U%
z14ivTM}5GJUzzj)AAfTW`hY%P{;@uwCU{QzfJcIS0$(?NkTu^h$y2&1YOvL+HFPbk
zs5eqBaEz{i)}3k|=X(vd`hWoP;IJkq{cK{-<f;*)EAw*8t9>c%()qVz(4TO^N}CcK
zokj<CWu8+}XSlq<$qM`T!{FwPr;~Z|%p?+=-bo-C$>$vv97^JkcF8L!Ak=vSlVQb=
zEy5ha72D^x6}b#;FV{y3EB2yDykC23F{UA$12W5;qS3)5_?Eo!aOi@tHDeNVI)yu(
z0-esbbUKPVmCG-J88kZn$IE)hQ=sFLn2sy|YU=n3?sy9PS0Xx|jUAWGPXg8j)p$7v
zJnDW7uAGjCQZ`CU-IjuUMCeT(k))Ju9Pe?~%0W5;0`qefTfO$_#AHlUv4b*L23)yE
z^D}G?+_m``8R4Yjr8(7n7aoA6d8yl_)M$zKRKIus_f;qfqv(t09!P+A1DEZR$a_<+
z0(lK{(+2YGsdz`2EtmU<Fb;fnCEk^{TDP)*FTOt*h6gfcS=7>At|zrzuC{ztAE|Us
zuH;()gJMVT%b69e;LURsIRoC_G0%mI+W|j{;<pNB+eO8;mJomeLpc+V7l+5W)1MZ4
zUXo($3y`UXI=Or<KCtp4EQrBRdiNu5NWku=i0&up-Iuh~y>Fzp=#kj2JBHKQK34Q+
zC`#%@U;7c%j-<zqo2TFr+Itq^GdL_^I|zi&Y{PLHc61y34#MwnX1E`$Ax~gvI=--<
zmJDsf7nzDK(vGT7)Pqw@*D1j{le8ok5kVJrw)|>lAu_Zrg_OZldukjf*=)Y_P^5);
z8~T0*-gaba*=$^ZQ%Nt4A`>pYG$lAv5ec_PQn)CT-#v93kj!BejGO~uh56C4x?Ilt
zeQ6u?H=_0RN+4^MvRnzkG8|fiEDWZyOvMasff2BjT}hs@y77v0qa4I-L=MO>6K=U<
zf#j(xU?xx4;fnxO?SE<Kk+jP`XR4PWn7mZ%IXi}aeO#G|&ULvGbp~5vRA6pyns1ON
zFw><t8|4aQREHnU&$Zd*@?o&7u|7i~pM<iyNuew#GOe$`%t_G7e=E1}chEoB9!fE{
z?SXB%{BSduJD_Mbd5s%S48T@U8*(j+qw^b&<Vo78zx9y}x66T>*0QT>D!RHlaZ`Nw
zVm*oU1K;bT)ABP8#z%{om{(jEAMa%0ubUFd$QZN9*46RU);TcxIcDgfy-`k1btq7v
z3BM4B6EK_{Fi8ltYL3LG`4gYv+^l8~ao<JA#OD&fyO^5B;ME85VonPAU8m$z*yXvK
zL{5l({%p8Bzqpc}D&gnz{Ii!HJ1;friHGfKT{%)XNeLFFqC`Z=JJDOr14nAA9%htm
zowOU~CDXvV^oYPXMvvt{q1q!I=HmIch{xagzew%c-)SF1rh@p!HHy%N|1{Lh-s@_<
z%gF<`g}i84?KrOdZixYCY|H??+abCm#(QidrclN-U;1p+5{y2HX#t2Kfo*~b0y4aT
zT)E1fq9-B%)>^JWC(rU~x#A5Wrlr!>e!r522l?~)c2rrmm-$-<{!cogv0I3ZXP)qm
z-9|<yJV6ZC%b)x=6F#6K6H~uzvfkLrRn^crQgzG|`5KK$d3tJsNrZ;yO7Xmc)`k+C
znCcA<ymSF_7ZcJ;V)MtoOGaZZxvCazPGQ960qc5=f}=&@LtzAG;{)FM0y|QeTe+B$
zL)Pq0@&qQdNyT9rbT5m_xhQGfQ;wPE=F#~52`kE~>G~=gE4}3+Mp)_WT)O5(0bDNs
zca(bNY8eQFE{YR4>Ry_5!#2BQG3&_{W<4%p_UaNz7iO+D#U04d=YY0~meakT$z%cr
z%u{W6aqZAo9~73aU{ULl*GN{nCfO`2VWys#@vGyk79x(|2W>|ZUKCU~z>EYTygX6N
zNg}twt9X(5qUsISH<TpuAQIXXv@p1g+XWXBye88Zz^I7uraFLj@%=DjAKW|h{@bSA
ze*ayHs-!ATO|E#nl_ZRB#adIJ7lzGjWUP;1ZMhMsqTN6)E}~&;b^ic<9M4b~@70EH
znZnO_<0w`*(2FV5X5gxma8i%+XCVN_DU{Zx7}(Nh%$|zaJ}~XB2Z{k-#J0H3l?Het
z&c7!`aehtUtlR&(czxI($`YgmU{*3FTlxHh^~BGZ&lUeAeXDSHr@IL4_<dOt(8iIk
z3*Yk(9=z*Leb_E06jT!mytkegIc5Y3*;>Uy6ABo37P{iF1^}z@b5R1LP)aCtG*IZO
z&0-Y3e~nS7b!AMajxRBFTq!!PHg}w%wKI3Tlsj6fcl<s-SBs7tsN*(9$6d7MdvRy2
z7a>*aT&efpHDd;JjW&O%i;^ooOq4|aIJVdlCuIpbH>G;jdOi<E%t~gYQ0b#ynoPYn
zB`~!pF??AVPcI{jTLh3w<NU-xPxv`Ik&&H*|59L-4|L0q+4}wk4!Y*=1(Ft7kuH5m
zMq<YPD_z|qn+WP<wdMQ^Hgu0P{j|Vc{yY_~?m^ZlWDxVsf=mKyitc;=NF_L+hqAC1
zJD01<do+kejsLnMooZ{j2(@iJHksOGz-TR%E0Et0t!2`2&8w(;DKN-J#pVSshZU$8
zL={Emikk3PjDJrRx0ovAB_8y0xY?>A886f=h>7-Bn9R_KIF-y)Gt9hug}qEndVyvW
z%uNXMeKTGMx?(hN8*EG<-!~D+icdsgskv~wD6BRYek%$$nG1J|!mZ}Q{i3kaTzJrO
zGl(Tk7W*tLNf2={a*dL97&)YLL0id}rv&(Li_~KLr4(naf3jCS789S%Ryw<_<R2wh
zT?;2x&ETRGUl@c2_3QAJJRWRR9jS)1*Aq;tQ(B?TMsZaCo$CoM!XoaoKIf=+$ZFy<
z<cgP?B9S5Q(s>QU7#>28HJZaA7y+kmJZ>&dq2k_B=r>ET5p-kH33G8rD()+V)?sm;
zC{Co{$ay`bP!<Pv09in$zgYEGI?pb)*lzW<(Sm)E>#{6${kZNSt{Y^jyPWHaxo(K1
z?n<s3#dR)A-B7N};<^G$otx{<<GN9nx)EG=bOoQumb%eg_Z`>WXsH{^b!)ipHcQ<t
zT=z29Ra)xGZLyYHM^Bn|%q4fjEbKiQyQ}t_VG<GMt2me)C-wLlKNbVP<~V>)4S*U1
z_$Usb+5lLA0RM~wc-H_}fB=7s19;5<xD^4Oi34~>d<fEBZ7{+tii25XhUtPZ{x}%F
z8Rqa^05drbCZ|zHW*Y+Zj?3O~%TXO*B?5Sl(sB;J*n(xn*HoAvEzE<$8Y&zcExgY9
z{&`1CvsQ>*+!vQCW4alpFTzZUgL&YHj;CD*2z$l7o=aO+VgxW{!Ag6mgwr$7;P^}U
z+OK`S;e|rw6Gi#&dEz?oY~_dFX0sr>nj3~9!j7(y|HTfF>ka*=KO>u6{{W*zHJe0>
z52G!R!P7n#KrXTe{P9S{Kz605A^(|I;32et+vXfV1_NP2S8xex_!a_$sivI{8#*i*
zJtF(1jVC}6Hy;7sjRI7X{T%}=)d9kP;eYPpf36j<$e?H!Jj57N!w%wsy0M7|<T|zA
z7Meb6|3c2l;nF^vmL<9VZNnOJg!^b3e=?qh+RAC{zt?1vzl>}gPhe%B+<M;$m3TI4
zGpC{93=f1i@TyTsR|_{yGYzX39txd5%gd@=<p=z|%d7nt#_0DpEXBbc04NtafA!b%
zwQ}ca!d6FXD}Lo_wrL{%t=qVN&eeXsp9{;~tP%S)l{8{4`y;)tE5RaUz*bhR&}Z9N
zti*AIV>h>wnRF#E3z*0oQ_)g-IV%O2nLIW%Swb~#sz`k9>?M3xVnzPS6f(DFCCCC@
z2jb9mAiX9TI*?ahV#NpiT=J47##GBX5D)1<yqK%chj<J?rN)ncC8b943#8Oo(pX3)
z2Dxjlx3NIqG1JU?=txGACB{xJ|GNlTc8Q*iV!>^CAgrjU7R^Rc@haxFL@Ww}ccr5G
zB7<&QaY^x*0&7+avMmZ`<$Wb_JsxbOW$^FuP&vtl*M?Il$6hVE6oEk2x8AL*A?mdc
z?`FY_m={=bywt{}U%a+GBl+E}h~yLyjQ%psH{~whJ(EE&`V&i+GoXm1OC4o9p*%G`
zn?BjA?(yYX<|KHlF(>ki#+;mZ!5a6gqBW|4R7Qr}a?v4`laVYY_N$ipMRHW#!Oy!T
z{uh(i(3hkNNxzStNWyWe9+}G`?&zJ)Oy>7fJN8ud1}CLr7nL?izxpS`vV+>P8M>3J
z%Cd7Ui_V0R!p}uQ<}785S~ad<Gnm{}DBFCnNUR&@vUJ+d*sr#Do*+876Bf)nBCZ7d
z_$$U(MJ#=};!C?&Vm_~Bu+t`H(HFo7zx=#0*pEJc78^icah46RmN$U?S=s=P{-$pL
zCSkiYN8gq<K=(FMi`(;|3C2=LielIB+_`Sgb&TD;&k%MEM|A8S7T8VCXbHRJty{)!
z?=1#)#m^boU3bpdy~)^px}31P&cN<}1$JLv(h_!EPJ`WuD0Z8kHL!d4*>lD2L&h$P
zv3vKhj@=gmyFo2tx2#pm*u8eMfnC2Sc3sXHyF-lK(x(Z#E(UhT1a`|WZV9{dPJ>-a
z6uZUG7}(8z=3KEWe3`I2{1jm~`;d;^&jP#SeOkh9X_9d)Jd?<D%D`~SO$LU)EH^Ox
zdU*_yJeDMm2QxN*V{GnZY<_9bv3XTsGqpu*HYT+^Ry)TVm`sXd;$42OWAzqeSNkMk
z=QXf<UtqT-y(R4OPJ^8*iru=W4eb8$^tobJ$Jk{scK@i?v0Evy%We_7n#7i|d-+BK
zyYwh_j&sKDJI3yjWrUr>z^+bU_xMFEVR!XuuuF<!_wZ8&cGI6aSL~8rA?$vAg0P!@
zP{*!XVE0?^mazLMp=IofZ@`ml3Sy@{X<+x|lV^in*~V0~J;_zrksX66cfN$N8^hRr
zc|gbRX@T7hEn+t$LDzShOGz48xB+=xt7-I<rKCCNWr@1_Cr%~m<+>Kr=w@@>rIxx&
zxULh|Wn1bpxvpsm)eW@N<#649xNfkeZV=a1bKTXJx*=TmD%a&(>Ren`$#ot}T|q*N
z8Pf`WH>;%DQ*j?FXDC<v2tc9EN6nCW3a`)%7VA54pY1JuCR_T{r#{qhoSN);l$xBd
zC~z8CxwDb$B+Khga^34(*UD07<4+HAU5cfyHP`)_>tst^TdupF>pEHL@Cw4JD!5Xp
z3Uaj{#-Z<CoG#%*BRA)21b8bB;JKqZz;g(&I4&t>YNHPDAOa-Esa2jd0B%BnhvNXw
zYtjL75g;+nd2opV&=mnn;{e(n(*cf-1%Oj=0Dn8FkHc38@YG53(lF-vr?{_=7>P$;
zz;+FBnMu=(p64P!$78VoFBkx~Ai$$>0Ns!40D}>r?eSQErwxE^2v8XZ(8)-D({vpG
zw2E_@e9Qp&1_2&Ik4ZmjLhx3Nve8nyTFz&yuJ>TTpGIx;tt_Dblru<ZLnw<W24W6%
z$3LC%4+=%0w)m$t{<#qUbi+TL@Q;jtQlfetl0*{zY?4HNFVQ8DF#K};+ZH}A^sOXR
zH}zWWL{zwtQUaU4HxXm55H_UV!m?K;>Kcb<Ch8XNOW+sAP&zL(Pcqa_8QN@;Tc9(!
zrv&7DDfZwiLH)%ke|`9Rib!9tT{n?jxwTcF>!`W(7l$*$SEC~-TKqL?eJAn=)npHn
z!YMJyPO+VRA{$>y0&scuAW8Uw9+<#I71=G>f1uy8M{Ptu35>l$2iZ7G^W_QLK#?7E
zzNV^}yc2#1(lM0sXo0lm3X&Bg7$KnYPm=Xk#Sl(faYDA#=sSg;=`MI-v=9gFoqLkW
z2!ORDWR$jFYnH8G9FIzS`j%vpkok6nLbKOv+W}T7`_+ztBGE82*!j<l?kzz&HQPU0
zKvo=hqOW<Kv3Flz<Q}IrA^v3>(prp@^=ONM36>>FE$eii7T{LzuNM+eGeUTME=K59
zdtsnBHIPU4dh&aDUi3E`fEp7x)n^ppC+?b@rQe;-7_V)ECxDw&%=Q7}P|JXJhdf5-
ze`s&PKE<2Z5~FY(VR0vC0&JtJ8~$2os2lFO?LHsIrAG~q&b~VnnSHklJ1e`%3BnSD
zs;)d8jh=<0P(}q?2RIT8m4tBP2reTy?WSXWg{zAy2DolLhuy+!T(q)dy~PApUaVkc
zMYVomzR7ff4*ycWg@I`tSqK$Ob@}O&SX(qVeTpYg;7|f3=mn^i-jO94acd~*2<^{3
zodI;Un7enyl#j#8i1x#}-y>L=AqrdTVchTZnljJa`4?l<x+k!bCPSD4lmhr#G(FVr
zn4L+BI-7Kf*=P+6pR3qw;RM0&r0B%KR=0GPqLw1TRuek$qe*3BL-&I5;{7H=2UMLM
z{NAKGD;-Cwv!z146M2Nqy6{5@=7WK>OZICwKExUxL|S{}KBlX*k6*Zt^*YvcgI-dP
zV*DPup3c2JlbYkmY4?d1*63q{#6_qz>mXgPE!>cs5X-85R6%^nI17(d#C*_Sxo(1`
zZamjjaNV7jx=CDj57$k#)J@^KLay^!>PomShwJ8A>Sl9YXRa%^)S)`91&(p0g<CLk
z5`BJ(xWZ4$=}os<-gGnf@;28^w$$Cmbx&~J6ieNmTsMpBN-T9#<E{#ukMm^_ZO)UU
z;AsCfjyY&B!|XtqopCTf3mDS-zl$(m#KC-HhFOX*8{=R;6)?1%rXtL$IG9usz=0O2
zf-tS)_>~khOgh3e#l2^c2<g^ZOGJQ6;*$az06%&#DPSDH&{L)_T7xkC;$U_(nZD>*
zgsH{L^}B77Bz!Vx=VebZ?YxWN;T>DJH$|DQ*OIPhZenWPkqCKmAa$xAN8wNO`<&hI
z7;ZzJBv^{U7WzN&dnDXffLCLEqVO^mdw1@{On60<{)t`ux4T77cP%hZ4|2M29A6h9
zpx4<XFRL#9KE^OnuoRa2ow}vi_c(Z=$GOX2PyRc?*To*5j(0YjE*YekWNU%7>?8Zm
zCBjFxK3pgUiH7*ZSp6gD3h>wHqd@&TGeCy+i5Y-K_Jgs^PF)K<SmJT7Ai9Y*(xnS>
zCI4+PuA^zfnw-K@b4tQs``s0+Gf!L9P4H6pzRX6<*}`r&4Q-5aW3D?}O~^DDA1{Z_
zjqtht+;wcKl!jiTJ6k7Pz#KS~&O3lRQir16U@rCE{*@n4VbH#9MFHsz($>5zaLMW_
zN%6$^pHfRK&q}E!ZNl3UnXRUly^l*wnm?f+XD?!sR*-WboLaop6WORtuEaVI=S}rE
zKbv<YoVd!UfcN6G(!Y$A{NH<R```=c3|{;hPHzNlEf-S$Jouhe?jrn-@Vi&|SitG9
z1mXVsf)?)3A79Wybb@&c&K#Yf*>K%zHv)EJeVlLC5hFENxBzV@;s7)Q;9~^%R^$%*
zqj_(CGhcImm2TW&I<$;yP02#jv~JhxURUz9!v8tl6aeyg5f?rlElksX@4^#4FP+@I
zPjmmt`LBIw<*EAxyqS!SDL^hT>}ohm<Uh^NGV+;4){DFuBU6>h3OT7L&QIjv^kj*$
zHx&klX5lQ3{i-uMs(g;W7deupvL?HK9a=f(dII@bda6kDy2$WldIIywD|*^6;MIpn
zlJGnYb{<nk3%Y5w8#aHnmUX;2;x3(!TIk_6$+Q(-<tSVt%d=K|4R4xMbjx`?5jPEY
z(0-Uip#=iPv~>;+?M#ucN~v)p#Tr=0ueeCO0u!ug#fizfBPr*u+KATRXcr6u$eOtV
z;ap6F{tzL2O_|twunj*cEs*e<^9uNgBGmF_;M2HA^Q0p8^;+95B#dMm+tO24M^|~y
z2<5<$E1HBbQ7VK94Bb@`Ni^+FDoIX~EGB3a;j54XU(K6KC;zlo=9B;4R^}1B6V1=X
z@Le*-G<^3aM2Bz7kSL$8kKr3bI#U*)l9&PfvCuStec&ZD*ZP~vhu}nP&>#InIF-;O
z98?jXWe+J;=`xt2Z+3juE{VikjcB*I&6bSj0z3x`OmnbjA<e-j3!`%|azTOQz5#~)
zAFE&z+~d$vczyv-M=nms#>Frlk$2gg;gYU2CoY31dN_Bq7u`ud5?a<NJjhT|CrTz6
zCEF5Abe2lK7bPV|$<GOv8HAF0Q8HVU;DF`I6~84=vW3&_nZbi&_DuIu`uq(a@SZt-
zv^ip)=JCcfyS%1pE|a3uyx%F&g?z3)$F)wL<D!^3ZXRu#W49DD$19wcIeyH^bL=wB
z@u_h<$BLNa{x6F;)^`C<^}dKbI@OCzQ$3Tvb@zhkR8N>Erh5JR`c(ItYo6-w9>J-G
z1*=`%IcA<|Bdrj!iDHzzAxd0E$-6eo1VhOhQBq`-Y_i2}(e0vSys<z3mvz8D%%=T$
zeWH1PUQ4FT!)my0vxRHl$Q=FOxb9O+-6pP6x$bjI-6vdkKi7R}soTnR*K*x%OWl9C
zZXnnFYN^w>t{c}iS?Ye{x>K{LF3F--mRRS!hwB`cx^`T*k?VR`>QcGxb*{^`)C~~&
zZ>}3=sdEbbH`fif)LkX?-&{A+QkTbdPOckesT;v{f8x4AOPwc9Z@w0}{MX~u$UP|x
z%u#LWFyI`{i<3z@i|RjPwLPxdZYXk#5a3vhDp-&%d5LmD=W#L+&UxZAaF-i!62e_{
zI=CJN+>W6D*Zy>Htp!|~wi4kQkDmsv;kXW0iEw*P2lt)vy^|2`lehudY5-h~05x#{
zxs5Ol@rIiAlllj>!FI>u1ju8?7w;Pa0Kdcm{9*uXM1b$(0I&q7@_(>;OI-C9QN0MO
zYvQVF4263!0{rU)1sGT^S+ylP3;5#*6BnsyUzi_V+6LrvzmiN51u;sbt|RAod@DvU
zXPMjG#90Q+@0p^_H9t<$?#D+@I3Gg|dc!vudGD?luR73;%{gBdo&H_#Pe^n91>DAN
zCVn_|1T(-TS_gA)sam8!Pqz1a0k;d9+wCsUV+?*>U};xZpobj%NVL12+l9LujbAA+
zSw=opptInM3rxn03q<R#-K_D5<f_~3<=^`ss2ypyc>`Ah$Lf$M5^?G5ZlrM^VfO}G
zEqS;=`k*sOzaT5rVFoJghiU123I|&iVRcW^E<(kIXvM6VP?4xtya^R>L_=2+h~LYq
zIrf2J-(Pk-!PlegxXstGV!OW^oPHOPA6=WAYFH^(!e80ZTJDIC#qswA#8U^ZcFR={
zI9%li<O)n4>8>5=uz3PKJ!mo+$j0w~dLu@0$uoq)`$#DCp%d|e@I^84zgmzFhs4W=
z=*ms;s@9@AB=v-k{r9srpflR-L670L5gojgfloJO4z_LvyY_Q3%R~2fjgf~iUPamQ
z#93q2t-wbVKVZqf-m3NdiBfo=61dQ#HnZ0DtvfO$*^!9hX#%4iimEs~YU^-kC2%$B
zPugoky_r(DwGwDeV{F8^u*L&CyY=xvdHnkLXsWRciuG!$cr{vaqtCoP0#pCX^)c^^
z>w}|hWpJvZ+Whp6Hnv;P9qI#vRdPm6#;bxfj!az!pXcwnHVwybD(Z$+sg5#&**xk9
zJB(j|c+duzW4UTXic(SS%Z<jb8RN*=9vwfYbKZqYWF19ya&GlE04o}9Z<^1X?WObE
zO8yJvs&z^*sg}K6qA&Kp9sWVxrl<`%e7;=eO38QD_+`0D!7B~)rtyWs9lVokJT<$M
zh7Xx5Ip&>@+Id=!6J$wJw{fCKMNL#k+bhR9I8s>#&a{YUa+}>7Sm3~jC6{7Alk=ka
z1!4l381V$~LdY7)<d8>?WMaxc`G4{KkG1svxcy(Kep-l;13$wUTp1#8N<jGash?}3
zU*rHP*=Q^Qvb`QHSq~bA_X(E>m?AXM94}J)A;=^wonpF!X|-<!$5@$diLv5sDNbA2
zY`bliO#6EcE_bbA2?vU`vybELj~|Mlz*A&ITXA8u6^9;eCEF5hg#)wg(=L776rN?0
z(ZDS`FqVY5fe#x{fEIMp)*gEFEJDQnNg=oB7&2wVX*pxtJtJ9H^!j<G{84`t-{!67
z&py7*y)T_(e4AO1n&R91vh*C{+Y|)<IKIuE5$6=&=8X|NY|}f&#JAxT=9cxH%i1tX
zITX+XqCZdG&=@$qL9F>3pW{Jw;hI;>Yo3#vQT!JHGl@*uJ%KhcDGAa3m_YR4XYASx
zhk$;m%I+W{2ZjjoCT6Pog~F&4#@TF?1j|OLTWs1WE-iNnZ<I;Kv=v!4imSzql0dEA
zBJ7QZC1=_&BERJ3M|pwt)}zRo+n~i<%qA21MvMT68dR-Y;4C)UyZN-y^qkfI)kd40
z&nw0y4~pl9{)iq9dFGGlVb^EQnjU`r+_}@k-H%x4;kChYp@$a)&ygNZSI=Ua+UK1+
zJ=`{&r|FsYG4yaO2dql=5hvpf%$fp+WeJ8#9%Y0|UN#&<{>)IkfjLE3Q)JXUh_5YM
zpN6lV)><-xiACcNVc_KK*myvK|JUm;h^>dtreI*@hr*TEFaCTi{4`#7dG<C$id)pr
z@1XVenHSgFCvo)YRk|faI+bc;`sA?j8hr05gFa2bpm6c@sa|{HDT6*uZGk@FNR&Jk
zrB7ZX_@)TG5H<cV(<xltPSI?I#NH*ZiDuc>W-CRr_XT;Yj*_=M%bC1wI$QFVsIPmx
zUDvcl7V>t}Bj-ZiE_&n~$=fd~Hhh&n|E$TJ==2||i8QW^Y16`fizSWC6=$*Mp1GR#
z+>UeEa}%%TJ=Z6tCHpcuCvm;5_o!Rq*6Ukjw1VqYcN5GO>$S}?v0m|hNHNhvkt-CI
z>)t2Ca#eV_M)??hy+*X^C(P@0wXt4ZXIiiIn)-x!y}o6v*P=75*TD0_;%1jNN;Iz)
zr}!q(e3G?!Y{1st(dB;lNnY;S*)I1a%W^+fZdva4E;^UxK48%~F831;pZjuO`!IJ}
zZEpKV%U<+b_ONNIZ2j-Kh%X*Gi>)$kC~cLdbJ;4F59O_LytO$*Cgsn&@fZc_z9rNF
zV9en&UChsqqZpb>*#h8eJAfcZkr^)0b`L?js#e$DPjMFQl$2A%OCUYN1Ujio7o<qO
zFT8;(MgF0+$i>ndj)1Vc00hTN!tIKq`j|SmTvg`@tlnV2U7*c`o}f5CJ;md!n=vH(
zZB)K&>3!M=GyL>7&GD7h{RMIr%voU|JzcvH;0m3;$>jqhkx0Sdx#=l0c2aU{>-mSm
zOe&F(6BMc+D2W3E__pQMzV>p}n3UWa-*C!|0#bfVe0e4CZY?JhgLd4;-x`Jg@Xy#1
zwv;2cMy_}cKueExkQZSrS!uIeRWnrnNX9n~*Ho=~camJyR91I>+5QF(9E9%`WwPyS
zouW#`q`PocPHD^W!>dM;#-gthyvE^Gk1J*C9BOUNzNCVjYPqL092T%`IIc!dSv3gk
zwf+O{%8@CxBU2>JF_=O`!g3xGZqJJp)(d3-!bOEq_T(zSttch;<C#~<RmaulzFWML
zYt=2Nnebhv1dALs`;**igBzY%KO;Nx2RA@>gJBIec$`iCgV-K*pIZPYU`k|18`u=t
zj^K2gtFk18f`??f<f@~Q8t0)Iz2&OI&FhrF>ITYSRkdAFS8v6il{eahH$<F=rtefD
zc@D-8_gmS9)LVF0nDvL_M9K>e$=<~q=&cOtDwpr0DI0Fb@wy?XMBwWR1FJu!=p%B~
ztQ1#ibB9^O)J9inqYP^+&+aa3lI6#1T-)mb!-%Uil0f&4a^B~1Rmkns<gz>9*(Dvq
zxqSEreh;iFS8mgcTj13jFlJ5xPLaE`slzNKU#)eO9+mS0qwNJ1o8_0_%?I(@p=15c
zTL64BbbeimTy@CZ_i%x8oBSvS0nL|csF$wTV`)V8d%S9TI;UPEyKPLHs07Z3j}2$7
zMWa7$!5Ez2G*))Oq{51+#E-3Y+hKv)JSxa~=X=x*a@D<dSMx^X9ZMgCjWv|^nC2S8
z(MHuYSZ#J#cgbiY*j5ILfMLVcbzb$5_F)nWjYAUs0}9ov!k2N^NiDaPENvG+TTB-c
zXe(EFQk<LSr!;P}Z35B)E0WWOOyIetQ1)sBE%*;<PMXC$dtVJ8|MCrt_%$iEO_Azw
zE#-AozoA@mhqP^gM|g#qykWk1x$3qQ7~UI!ZuC@lz`D&>x7F-P0-~MY)&VQCjYDmK
zQg3j$!y9bp@RZfye+}v(jPMrO>~q%q1eKkJc*@qLxz+V<c=VL5Z^-#x=qF*nrMh7Q
zbO#>Z;c<TNKL8z3hwhpmu^U?+^m4ufibkclfs$P0R@YG#U{Sm@586ARy@cBpJ1%s7
z?EeMHom{a;!W7C!<?_ej2P~g*OrGUdtKDV0n{zgE|M@r?Zrf&eq{bUq_OZn4Z}S*+
z+2{1Ta+KYp4mP05Y7!8PLOa3l7C=4DP5w7tv-x`ADwZ}iS1W<VAM@s{2EL+>Hm4hg
z-Ra7mo-*B)Q*EJ#!FE9XHe1`QGum`)u9mAd0XD-^+<hC|&Q0?^cS*1hGp489vOZ_?
zYc{_ce$5i!nP3%|9GH$Rg|Lq=bgP?j=sdP<NQIEzCBO(L*<b)0{0;d)H3WgekH%R?
z=scQk80UPcfd<1H9O)>i*zUWspzpTA$(ud&#$!197?>93p&(~Fo{u;`9g&{G<g5dF
zy3K!p+Jl&duXp!71g)_#camg>F6<6Eu996D@M+TYl=V3EDhwshBn-;Y8k@g&elRJ=
zD+UTCqI!%NsR9@(kJ?d*Y{K;5la;dSW<{+L@?L(>Wy^;_E(l(0qeg-9b>aov$EfAo
z`2|Jr0$g$CYMAJ9?yFM4YWT?Ja+sb?{x@lnjRA5J9AU#&K)ez$HX5w%Je)8kvY8S{
zWBK&C9(9ukR-oE&bO!)$q6Ls;(r@3GQV{H6E3kd%j;tfJ0?WR^e!c24!o^)V9Qr?x
zAV&trbx()|!qu4{9B(VAycq#u01`aTYX7TB1P4wof3-OhQEOZohZ3$y;l=hjAHj>)
zA?Fm?#B0qM{wQ|EOUs&NUptV6+u`zV-V{#BsSdZs-&?iH;YcWebZ1oO!;#4gZ<YfO
zj~pO6n{Z*+j^RxJ5(`*h1v#6S;`&R*^=HSm<Au$0fM3$Q311?X3C<KQNw2MzE&$xQ
zn`XM8aBG3O&E0o%;pA^&ReON6`1*T;E(el_0`(K5HMnpc4S8Y#0(JPp|0}%$ZAxh)
z$d1;-Y0<fZCD9}HD&vS9V7-5ms~X(R)v)dwOzW;%Uw8Sz5qRi+EAVcv!SPj>ZPIx#
z{~#K->YUADJq8EZu_s`I8hOJ5_`9^sD#ySibZM>`JSt`8x9j8e4MiUH8@|?A>q4<&
z-AFt^Hn;<A+-g#~TYhh3Qn4G3yCe^?;Dx~l;B`aODc^Ap8qn^?43VDT0}c!~(I<z}
z1C30jCaEUNS&y)sb(86=M>n1Isuv+oD|ZCuqArgm9W^flp0nZE#Y2TCsCiyMNzGHd
z!O2Awapj=)UN&CJ&KZwAznQJ~tmaK}m(3q4&4)RhqZH)qEyy{r6yy8i^&&7@?gYAy
z^h_Qx)VPb>ICrPcOABV7Y>xM9%Pz^1!dGL^{lR1~Jv3cgcnN*B=E=?^`{9l!21){Y
zkSJ<CK2T5Wv;Of2$U1XCNSl+PUEG!9Hs6}cGUV5(9AtJ2z+3rQ`hby9sQ@`DO0BfF
zSn&5V;Cq@WUmIFPMm8vu^P;JhHblRNE_#-l?+Zjuvhh|ACE`@_isB0q@%y`=<US|0
zup;8~dIOW~m@f>EeZ1+F(f=)iY>cbWS?}wZR|?|I>;s6~M)*LC&yCE+=vYa~ei`cG
zt}qe?DBXE98nVm@0~{9H-#5p$km}~Cv1iWflpfJ@jP>cBB~k9{7&n55ZorX*0GN|3
zPQGZf{<QJ6rzq<09yL<7hPLAT+??+Va*oEf_bZBRCr*A1ydA^6Pp&|4W#M|Bvf8=8
z%G6gE%L~vb4fY2G(pM%=Oj0Vomn$*!LB;o|1sU(ft5&%jJuP7@e?TzkPfO0HjT<OT
zLIEX12`24;Z+n!ok*taE|71?j1#2~&VZEPMd!(bK9U-<2<92(TU&}$h37MGdwVi-P
z<^Q%&{n^v^l=6NPzit8S9MtkS<nojxoV)`{&8bAC?37JWHKlAT;MXZbQ4cB3!}7yq
zzh?v9{So|u$<KW0MRIwN)|d#iUy#R1tsEGy9+rI%t+3(%NZs?hQ!Z#9S{(kObsb(G
zVE~ai8MB~`_oZl6nb;gEJhmU;`;Wj_6so^sQ)2)^U2v||ZHUQ3GwJsh1DT2$P=KNI
z^?nyrhF4HTqi}K#RD?0aKl$;Is-GMxDP1^Or$)4gVbPY&n~kejesq^%=vh{sK|$7G
z_v$`wYDfv*mx?BklW0GC1AlQ9-uGKBPB33DjSl2r3A+YHV!DP|-!^N@KetOp^wJY;
zv!ceQigOpIo*NxZx{~aZQ30hlWt+{LMQa6He-zjHejDbOYouJ=N?=TeoZ1bjxBXxL
zkTBf)+I#xvhV8%XdO>O2ujFjSBK)z=i@C!BGXd?bN{!Y=Q9oB|>f0$fb?Vmi1#qSn
z%hTY$N!5qtl4_|K|A2U`^lCgJKhVxuEI+WdSoUoz&X>RW800cvzawsWb&Ucq@6`aj
zzUvz2(64<H-9dMxIKS5>w_4-hX>bs-ul)|U8~**KrlQ*K@Y?F=9D<W3{1VV3k%9MX
z?Fw>z@TRAF1Aop|g6&*|>d-A7b?O#7{&6V59xhLC=uXVhEaDsX%aTM1X^<3cYrm|h
zVW>WV&RzcNOhHF?`ENoR3>}SECc9_DW|0?X0DlzvlBn3QBV&+6jf#>e4;1dC!W*K6
z*F)iED!e0FcsmrnONCRTh4)zrSd!t$kk=Uq*za+!N4*Sy-Ux7BoFhYa1TAb1YKd5V
zQ5=QrDXRB&!qz15;=(82Ay;3zpq*kmJvj;(M#K^uWY}{LxFxNkq#nr+Jnkxi$C)J<
z<sKcF!%q6wXvDJzEyHQ3bHm4Q7n3uzOZ%iFTLTLmR%fu*t^CNq_<Uj%B3}JnQN>jW
z=4ylYTzaAJa;4@3(5v-VD>dQPO3hE014paAiU=v$-YDvK+NNRk5xmgz1Pblp*0_n)
z8qb=Of}r3PO<!Oac6n+diJssMi5}-S@}g$UTj;F8ud(|sB7dN(GR5VLZ9U%46nV-b
zNi*Q{0O)vlib4BbNc)R$jfYa;C5643M~U>0qk`=k^3~&IKPF<11`7NI>pivDLz}Fm
zI^RUkkH`y>a^X)tB_v2woX!4U3!ROC3OB@X&DMD8HsGl3O5|hzZ~U#-Q)V?qajuig
z7p91a`g+_kI7ZNs*p7O0ycSwIDlnjlEai}pW@w*{NR|qNvuygXDSc~{nq!Gx=OOvw
zoYs7;#162>l$ua$G8&>(5O}ub=0oWhKLWoiGI8@wS4{kOA085!4I)DOLG9)d$?V)*
z2qa8HBAx9C+@@hxkDipO`59JAdR5?>4r^_P)<-Hp5-g*`8DA#OASDqUukk8Vu5#P-
z{tDII(8{BJ_F9@;Rbcb?1Pbm^cNVHA@z7JhC{*iSOY?sl%D1sT7r-hg%w^e$R&v=?
z{*@$GVAk=_YVkD|{(#(^chDfH-{R-jXss!agp%B;MmQ3Q0TBfmW^ZhqufTao@yYS|
z0y<TPmEVe9*mKjTm@E+L_@*S4AX?48mHo8Ym0Qn}u*_n8U}Ml9j^!KH2NdzzE8<M!
z^)KE$pl&~LV_)(H0IJ$!C#-w)0Jx?V6VP0stF`FaHNOuBmE>U62E$47pgY}L^R41F
z5-v2k;tH(AY@(KxrNGKsv>(V`=rBeS3gq`Z@j>1L{%JXzK+^K|jFcVnCD-^zD8alF
zXg@Ygsn{-;KS<IldtG`_Y1T}ZG+%26o%ML34U>);>B)y1QN#6uA${Eo=k`45y=R6`
zt{8`;ux$NF#rcI?F%lmtw)^^FCM@y3S`e?a7wLV+3)Kdlje%EHAlC_>5uHLmu+<$r
zfj{#UcBYv)0kinh#M92A%v1BkMAIzRv7=5Kt_mL?6*VV;30^@HwpiGZaFpn-3_4M~
z#e6j@5(F%Nb42uN7M90WdW-d1OLUkk-h$U!tCFcqn9!i3kM`rbzEbEYvYco0>90=s
zqfcKx;k2LLaO|u<{f-Hz{qz^!_~TC(DHsP#IOC`9ujwmMwg?fC_sWD8w}D*oi6BaL
z_IGKSHY9hd6=Y$tAPenk1xGSq2T-#nt!r;eND+FQLuo%S0-1>OEz#Ql1y$kmtY`g;
z!XSQ<cC=j<ul&#>{EEyGXUgI#FDW<~p_Eu384a)ChDQp{+^|DL@ADyO8j3Wt1ZKKV
z!kj~`X$bgu@Kki#;OifrS}gcyJdFb4RN+xGkxT^kyW`zjx9~b-N}_(O^j)Xa98Xjt
z<#gf{s*PTdTo&~_26Tl?<bxCNCK_gN;B7Y*NUP8<OZ#L{eS~ggsiO0o#!-@X;QBtg
z<6sF0yR~*Uldl~`>3r67B<MPTE`Zl)YXMr%01IV#SoS8Ad2042dg(Y~I=Tp((~IsK
zR3C}^n)1tu7!6yLf9A1nYm9Xl5CcLdku`MI$mP!^h+rAGqKHun-UK}FwMBTP59i~x
z<H`1k_yjz#k&~;dA;KNJhnz7Rh%?9e0Dho>g3X{T!<YB?rv!F4C0r|pA9HOI22U-e
z59cT^#bN_XHdLovxs62@I#^O7{afBFvjus^IK0}ptCA&=mhIc-(=?bs<h~(#zy^|P
zyz(mzGn_P}fs!O1<S8F;fD$Z0>25qc>%5qfNa>H!IpLodQhXNFl8x*XNQA!*-GP9%
zfVT9)sPBNtKYAf=d>mx?J=dgS;aiE?Gyq7$5F@EtQwNF8JyfQ8g7fS=XTvW<`DC60
z7sMd`P05%`w2TW`1=a~LDM)t*Mmpf%G^nS{EQpWRiW_7bkqUnM6C%&OW3ycT^!9Bi
zWj8Jaw)(Lt0gsuBTXX@en($Qg{~F$cMkZ<anKd$AA&z8gPuO7z4vP~<CKv$I5rF(z
zF`+fG77BVzmLtZ(ThLRtp>)k0u{#4()9uAem4K`S-I~|g<Zp|z9W?QW!#RZ&dtqZ-
z+Z3E0QU44ZW0mOi+NO%_3%>DS0(nf8uAOQ_VHUz0s8bd(Zt4LHe8mAw{8q1ddys_y
zvUp~{1MD22{oBJ|!Qs_<G6*@3O(r2HToS%2JQRP7#XsZ2y$t7>7cZ}mgog=t7&;g(
zJm2KElC8=3*wuh9X(i}g_&k)F@E1F&>_1OWCVJ|lhG<H{6&J8<G-V&kMuz_bUbZWN
zYwS@;U$HfK-q$64PvdTo^sxwktW#h)DS-v49(9|iCe#KmA8NFAg*lr_e*{5)I|%yg
ztb%?Hls(XXz~yeq)2r#oaQT5wHYnHug8O$U@PC2=f8Qeo^6G7cwsoFf$2~PawjSji
z;P72m0BfeWpx4I*>NXVkONm~X^aTE19@|!w^zqI;{8zl4k-fI9?3YdV((6&79US=K
zSk9}4_v@?vh68(34kqR6d=x6yT*?Gja~JhNe`teD+qIqreMGE_e|z*_Z^AFD|A-jB
zjI$m;5Nj9Y{+HwTTlU$G-!;Kb*TML0J&W<{9XEcCQNg4Z2Jpe_Oaq7^AhgtM8o)i*
znFdh0MhqYg)Q@@kkj+-~U(=L6G5YP5w$cToB_D{wff2B-N)gGj_mMG6ke{qxZ_P)V
zicSxOm@zV$PWMZ^fd}lKvW<?M1411G;xJPHUwQ}hK$623#>iKwpWc}2!Aw~gqQp%)
z>JXg!64D99xx?QR9-731@AJZnYJX3l6#2nXk$lzD6z+i~SD8zOSg6MfqzFaB&g#T0
z#ze;o)fb@$0oKxBsonrx{}#8{=3Y{?w1HI?Yu)~7SJJtpnuw1zAFn=qV(5IgQg&V#
zxmk8yZ{OAGpVgB7zLkyj_lZhibPNhc&mmXWOjCdk!(S*iAMia1tlsa~wS|1Zd@lji
zh$eueX!*NPTI^`n`wQqg0IvaF9m0o>LCNvZSwe+b(L<-dWxW4I<4d+hby|-Ea^VZV
zU_N#hyu>Q9h%Jk69-{tII(`{u{5(*QW-cg%0*AR^eC#Jpj`^eqj8ED&7_pxd{iFw>
zaP?qvFkTE87!@JnBg%%Y;JRlmbx(0!IoG{rse6^{rf^-AWOiD{@IB_yl9!|jF0ri`
zv0o$_v5-Ax9m`AF2*`E<vRXi5I29}8L2;_L7m!a0$gkrdzY>u8d`%UQAH{JB9~zoX
zMKY$%L_c^LF32YOfsTycz~nS<;Jyr?2lku;!oOIltHo`H!30``I{^Pc^uhu3!ly8;
zI6yZ29HGItTd6pDS`K@`I<H!*tpa|PUMF51eoG1Dfj}}kHWrMn6JA>6nPc<#)9A{~
zRFEEXJ&E(5+XCYipu#@U!gLE}uW<~k3jw$A^YKf+jh2KpPZ;^RWhHPMkf;V$?tiS*
z{L&83vR>aEksnCvSS-)nTrA(YNhsm_x!-q4!rsSgYY_@hor-GTo+I+=Y6Xt$UOSYs
zzcfky)}=#j&HjN(*~rv{obB*XDlc27^u4ypRl0A161dUfsvKa0@i?UP`ljqhS+RW%
z1%uf{-=j98vEFw~UVwY^s>iiY_cuf+h(xm|&>{SH>v@tv=4ov>@h$Q-cvme~jZ96q
zRg%zn8ytAE93pI?H(mCsqzG=a`f!Bq5)`xo8k0c5Q0(Q^ayf1$kNUZ1TfHYzhZaZ$
zcr<O~+zkFy)9UIF?#B7K;5FzJTecn!rO)KD12$HAIfj=G&5&mA^{SdT2acm87Yt%v
z!x6W<AZdeFozbKO+Im#)1|X?dz#?f9`NMqwIOB?3iYqeX6tBn*0-ew-w8q3OupYS=
zk8#Q4sar>fYVh9F@Snwfb8x^BWHvSz+G;$#jsep$yt0$MFz7x6+)3Gf*<-7Qf;OXr
zNgj{d4%p@~cEl3KaT>^1V;qDsJUB@CPP^zExq=enh>^fiDBmwxMnMB{>wXgdZ3mS=
zyCcA*bo0;+lw#XNKh}8ytv!MH4uh?#7HpMZnvx`A`2qK{8Lj^+@T$YT3YTj1{3`^G
zsKpj&ZiKAXPBAEy_7^r<?}29)vilf!&i_2oU(!dEN1A9To$#e|LB3MTzG>7>$aJ7*
zw0NMSJOj(Ltf}MlZpaKMWE{0;w-W4B3jaN>IJeDg4^xDh$)u2jLJ0zM8XP#$jW)wS
zYCp8=L+rx(sJ^*_!L)8t)<m!O_VM8IkLdX)I}+rMtqpPC4RZZ(nAitlPUpja!(m>B
zGr@9x?zbU%vJE)X04?}W5fhvzj`t@vVEyUrp}+73TD#>`-~m&N3&~B&2T_do(1qkC
z{Grw;YLk-lv4S4afg2on&kL)fP+jk-3Agj)e4=hE-2?14Oz*Us*n7#N$ZwbTaZ820
zzBrNx{C29D-#$?QOjKXIp#0ox`_|iQn@9cBQ?s}A7-zdneEr<PYw(Wpm|Oka|2^VQ
z{5G)Lz-@Odv>oxFQDRxGBm7Fv_Hc=Uv3P+}eeHo=`4Dl@HD0yB6S&cix6w8GTB8@Q
zI`ne96v9iK%hTv@w!-o*92+qHb1%2!AG{~KJhe9e@^l;i%D_L_@aVJ^2HJQ63+(^0
zd0=#E_Ow=P$Gob9u|_M49A@(n!7u**i{5{1q4)pU^Zx?9|NFy7O!PjF=>2@6_wN$D
z-{RSJ5Va&_>vIco_KG|=C}xBmco|%_-sN$ADwj2yNP8NQ_TAnb7~<WnmEfGMNZvOQ
zd2i!Y@7oFt!VVyoZGgVtw*ww_<3lPu?3Ujf{cEusp3(!OHT)Nui3Y6Bfa(T#Xu^kV
zcxaN}YfGTHTHfyw{)W&!MD6z~A4SQ$fp7?80b1lG+qY*y?me)oMyms4CHNO025$Rk
zHD9)S)qC*4fe-K%_rQ?5Q}F@5;+|CbJ$HI>9z3N7+-dkPe1$s$tKlo|$$*D!e1NaG
zCmUdM2{u=o`<wU-7+4(C@|PvcplV)q53TXQfVNR-TxtB7WpMg&E@#DW&Bj?_kthH7
zya;{J97p84q{I<<J-*(5LEqDuzAHfAUl=lx;t|`m6RnBDE9-Upu>X#}E5QftI*m6j
zh?&NZg8ec^(D+eMHU`UK9!I4Yt7FmwqtetdFo&an@Qi`~hQkz&%7)+Y-*A}0;km`?
zh};lxP7%v_7HrjV2>EGZFpTv}Lv8=m$*f-?f0@P}oh0&?*=f&=8UOcDeq7(8J=Vfs
zr{GRS=SlK*{~dNe1%>7dAB)dn;Bq)BGz>|NRoV?oC#fz!oy_)Y^V8c)mcgKC)Id3k
z$tTO^ma9hCfqt|@*EaTE;;^S4=PvTPm&-Yi;MDZl-e8}5`l9&IKV|6%V8RCapUQ)O
z`Y(Y(WC(%Rnq}ASwr63WRFFD$$>qOFlCH_#Ro|b(&;Tj@nxbYN)INbSypMcB2Ro|0
zFNz+~iw<gk6GaQT2v*G2``nWDC>8r=b5Tb?LYu=y4{%XCESe&^rF+j?A{?+YIB?!n
zc!QT;Tya%f8mTl}C@*53VJNfPLYF}q{7SZk`tYw5Tj&D*)z%j3$iLd#LMTC^8&NXQ
z)@3!YU)oBT)IGy@OL?`YZUf&9!!Y`;fc|&83Zzw6N$kY;>aqS9(Le4gWJNM;luSVG
zpEi6k5N-dZ<(qw%z`Ii<U#Fbva1VN;sPz35Zbv8+jw@{<i1;MKB^#fjmKnH~^qA)>
z#9G2*0duabCB6FG9+@1=7Q-N*PWd2PVg1%VYWzUy^|b4H2#<|y@-AC%Hv+1w&x@PO
z=cyAwJsH02MWc_@9&D!)?IUNi_C$O3zRf0^mz{-uo6XjGwQ{+d!nx{T@_&!9*7F84
zfe43yWg4n{pc~A2<${o6)4cNVP+`RZ-xZ^RLl5BhYR_Ci-G|c)aw0k3Gj<hsK$AlC
zq{sOmx#AQOt4ms;wa8wIZ|G5ze#If9eAhIAyJ4yO<^gBagomPf%v08!I(@9C=3pY6
ztLRc*_Tx!UFzHKAu-!K~M{!mR`)NnJM))(X5xoi8{RV%={f0l28qvbI5r}DRlHxq<
z|JvjH+IIo)&m9%jq14$}?NnnYWvBC7|2{G5s3W7uw9}I^X#mYr0AkIrhO4N!WHj_z
zw|8W{mJ=J|s>P2lzbpx9&^|-I7Pt!c<MrqBLU|{VUB=NmWiP=~U{7@d=1zQ9BsUb9
z%=K9DBCjUXcTZqIx<cMLjoQk@==~DXftByu>2`_VV!HUcjVuzyRk`p_WnWy*$;$4v
zF30J7SJ4op6}`08v%~nN+s@vw3c3g#N0&_UV7l<xzI4+yMH%8tFY)zOIG}GEM6@hF
zeTqHYBi8-}Z#IzUI{&;w5hLnp3pgSkh?lr=ce@LsC}Nfj#zZ^0yf1E;_L6S^BBCH7
zMZRu`2qkWro4}|j_VD>6k8`?(aZvSG$3qd0sfjG(&Is_zXqy(vIjZg3+YLK?@8ksP
zl&tZwlS1_rIv&$th%tDdzDmyD<WcJt{Qu5X>9}i-T!;ai(15;Kd-{BdejBL~$W0aF
zEufh0(%NK-_xmypgb;f`i9=#zD9!Wi7tvb8I8v}0B1LpRHK7Xm;d<>$#JJ*nUoz@&
z)m>Ptr-g_HH}&6YjWgTmzrz|)wlQ{57OM6Bv1l*s9daiebQSlb<qc($D;s9NxCK+k
zBYm)NT(l6=$M2-VyP}16qWvQk&WslNt%CIs<bKfJ>(~BLDC^W|q6J<WVW<HJbz$T*
zP+bI62ZTzFGkUy0RM&^08Z8uZ4urn6@j*}5wQ%sW@%Ap?aF6<*aQCQxZCz42{R?AM
z=sfAWpb$1JP7}EdX0>OM(OSxs!e1JMo{fcPYZBj4nCCo|=Nz{=?}l1hPC)Qq?vW0N
zU_b{a>@43+7{z^9msb=Z7=6?_w~=ci=YYlD+qPp(TRua{ZEugZY7%^GWFx(b;@o=s
zRx344iF716wOOC(eQVOYc)4g<ama{ceqly_WeoC;(<1-#1&q84kym^ZP;D0c)A*MW
z`(dBdx+ztRfxU(Q)&&0hfoj0Xp&h@?z@GxUDgu90^IGwDy%UQ+q8>A+7))yr&S@8>
zw`ZKsTifz{4r;y>=M(lDx%6HFkCt0&!OQsW^3>Jwebw`XlIgyBxB0$07fz)!-dCR#
z_tk}={x}rk{o#*H*VZqeVk9OZ5>rrleRoXntdIOZ>i;t>zW+(we{bqP*6`*rT_(0>
zo1{|artzHR6a$TN`3JP6tYa2qKgstj_yJu_A9DekapTAA442@?ToC=3?)ZE~^!akj
z$9)+6xQ6|fkNc|y?xiT)CM#Tp{v|vP-A`UB0h_gO!<3jbCxRjB&Ij86R*y8D$8B0X
zieVv>V@B{@ku8Re(zG^@_od-suMLcQ09bARzCYd4etZ}?WrLfJWtbmewdUxw7A_SA
zQQ>9L!YnJDyrP-&TF~xVw-1PAuefWPK4zE~5$1d<8TODH#EGfH>m#9)ILT^VXqWic
zW#fN87th!<^bJ3t2a6+|hQ-}%qNGu)I({k8ana1i{~FugiOqkNj6#z5@?UJA<OAM~
z1Eo-@=;#&x7q|BegGPj>U{xhoh5h(vGL}3WeIuTbp$Y*p8~+sJpWDM0JZk>I<mb-l
zt8YTEarmdi4EZ!b8tK$ieuz8CDJ$6FhW^ojr9X=Yk`H!>2PA9SeS$%9X?vdgf4F-S
z@FuGDad<)tghHJlMJuutDAE!NEl_9$w52JXfdq>zRxc<DR8Z6k37{ZU(<(6pQMvA3
zy^3D9tM@8aL@X_(EsL_MAjl#pObC<$UO<-Sd*An*NoJC?^mqTi?|YvA=krK9bIzRe
zp6%VvyVU!cA<1t3mr?05$?p%$N$Q(yPBJ#=>_x)vb6YW_m;I+X{606Jzjb%By6*>c
za>SmA5eu(Z^&RR5RaDl=>K=+5xPtwfS}`v<<pN;SpJaDe9CiofGJ`rx?-nT3xwz^5
z%{jcv4;$l14y&y_)b}$%dGAY@#M;V?9-j&B_B<AO`(0FpBCZ4?YcScY>>9M3iIO}L
z;PcTYlF>#RS=dK5(11STXp~MLv0900Oh4f~F(cdco$T7pR1=bGi1^irXvzZSZb1>m
zJd=<^n{6b<8g0I|o@bJHmd*2siTroqh3vW8$UPo`+GUGnKd{Jq#EmQNYgy`oEFFSX
zL(S{+g4MM^qsnQCak6Kmi8+r2^&YZoq{%vU`Y>DRZz!K6h)YT^jTkzjL3K*E)gI=Q
zWi-mgN`PAIX=6Nnksl->{gK$d<hVgd#}z-ulXwK6L^rhK%7g7r`K<<@&j_u6oS3%H
z<|<5*U3VuypV82#xTHIDXY)Lq%A7}Yfez%Vec6Ygb|rrl?+Y2<DAt$k$`zoWL)?ku
zxDo~ZNCqDY{rSEaYDn!a3%bi#Hv<>Ex*da*q-m5Re%Rpm1K4p;MMA-C4<VHkvghIa
z;sv7x46BK}z0$cbTJW{y5B(oR+`ULrYHIy{n7;yYrX4v&b*3FT4c2Z3HwB-f)c*$;
zb5RjK6)1<{Np+zeIUoDZUh*_yCimO|3H=uiGgZQ4hcTMOQ9|^}i67C}5tGPj)|C<q
zxm!8s4-*y@fs`(}j=-3izRAA<qeo1Yf<B|)Jz<sH4rnERiq&wDLfIZf;fGcY?X=q^
zN}LNC<sNoul&jq#q-?ENq%(Al#mDz~;IqGBUXev}g1sh$!~^F2M>Ai;@1Br&=kqn4
zC$Knr&Fc7{yyN#mT#<l&&AkEX*P}uDRRk~Zy@A<V1YSNadD5@+$Akhc2WOyEdF*RU
z2)pJ}oa{br$?nO_3d#rJJ7XWT<~^n??}@6{;U;QO4mK$1DPRd&Lc5MCe?JJsZ{Fol
z0=a+}KZV5)hZPUvW)2;cd$9r|r^8p?48*hlP=syxEBJR$_}f=N5o-=AyN{;`zB~BC
zYi9wQKCaR(W>|RBM3#DIOnJJ%tG#<Xg^=%1_R5!!|4hJtt|2l88+D3OHvv`KPYBv&
zsLiE?#Y1pRd7?)zs_d+hkVG7q>L+QmY$Rh$;+1xJ0{Ofou<e_2oG~fAc<<kSn;sIc
znTH4BzRN|recqG!otzmFUM|Sj!I(qpJ06ISk+H+;S!n6U&mbAgk$8nvt9wBPMhJ8S
zA_Nvd4Je6+k_0SS5Gc6?ztx*?h^1c<Tbg4Ge@RZwdZH!QwqoLiKFpxPH}#>A@*bh(
z2r+s&m5zf=<DH1gT7Z<^pyt+lH!}^NbzKD6{Eq7)xFL?XE`l3k3cY+d`0^qBCY{GO
zX**@@FR)2xgmHlnss=#H>sVn@ScNUB-H-A(R#+QWVO_x7=T5BfFL>147qb9Tf6#s3
z;sTpzkx6zBmfd3ji;Y#XDR_pG_KQ()Rh3lOEfjRMh-_p}5U-T}XP;bQjfKgTO8kiw
z?l7i!j#F_rGZdHe;y-<Gx`qLsFVOXY@j8_6_Zfwf3P*qHL1Ww)<!GB-yl5)$+vp-v
zeAYm$M7+wxKo<+lh=Itp?${cIIJZ{lei(rCsZPC^*0<y1P_;aP=w7X|pjR&y*eO&4
zy$c@08d<!?oxRW;v*Y{fJ3ME(?A<PWm&)Izv3K?O?pFS;3wzhOFT6|S@7nZI%{%wE
z<Pd5{Dwd#|sF%6cr?2djO9@`^xUBgDhqa<5VbnV8CR<>vWLaXM8y4se;Z)vcZ}S3g
z5h~?b_Vxf-K&HRZz+1w}cJ_98;4Lnua(AK%>Hz4~TY|RhLLf+dSA+zRkMwnr-wlfw
ztOm7eZAGU$PscAj+0bNc@3L&6+%7Of*m<}4F-_Gp0i)A(97{07KGBy*%2J%V0lebF
zBaj2GX0b7<O~}MV%qsWGqmsa~${F~Vaf6zXRqnHsX3V5!Bz26vo6UnJHyx*%2%b|P
zO95vS<ww8^z*|iLsHY3|(J~q1viOP#oDpPtz*qvP<@aW$Ze7l$i2{NS1yGVWo^~da
z^G$)zq?+bCYva+Uv%u!QUjeozml)k?*+ADR2r1@yl09=V*OQ{0U|enyyeLxko*+JG
z<orU4^XQ=%kO%qhJB%71X$ebxt0x9mS~C_`PYo{fxB8$Lms+DGFf5p3e4}fi^iebW
z_2ZMad_XhSz<k0i1kXhA>i1c5EwALD#c^yaoJi5Kk!D(DyMcbh&KwC#ju9Xw7jknQ
zU!m?}zt~90jknH`cxpcj2WDJ04<6lkVqWJ0fOI0i(h7!_5KU}p#rDt<ykrptJslsQ
zJ^-w8^kDnC4eLmDZC8e*C2D=HB_C0}0?Cjw19py7JbyIIDa$L;$Yeg>SDj4Wtdf(~
zjLAH3JlGQmI&-I~=oVXO|E!T(lG`RW-tpi?BYDRyc*mPlo6+%f?6|Qu?@U$)GmW=7
zw>fRLKdzm&R>UW#0-vnskKH3vf!V#F-a#bD{#un`&fK=}5b^YV;43x$uzO^@wtlKw
zKWmtrS-bEMLYEZN!~}JGB6Na2?B9&RSiFR4XziOgL@y?(Q}s1(eROkLKdSIUM43a1
zzkZwcZAnJ}k)|yfr;Xo->F3K7GG82x;eRxB11MDqQ<Nb8z~}D}`yM1eYGOlR3O6j=
z-}v5|6^f-F?$?aLwNZjoCziZ#XyVx1l^l9(+F=i>^W4>Xdh1wl$3d$F*ed*vXB&sf
zhj*b%zo%Di?_5gE26%E-;&|PD)a|c$0|n?kXm!<rbPXUr2p`&9hm@Wo1sB!qy$uNO
zC#?~6sLp<kVTZ><_h7FSbt0MnexpNNdlaP`=lm=|TsD9L6a>?gcH;4gXgg%d&J6`<
zYwBrB((&AUkU3{q4TmMv#`$4n48sNP{#1PTEoZgA%r0hee(Y^|o>C#Ii7|b8le%=N
zd`x5eHe+*~_}xsE?X8+Pv-dt0I$!@WH>2(4*mhWqeA)$>gi$Qv>zx$(B8ZTN;Q`wQ
z7+ETQ3<<z}AiFx}TVNpyP^4AQ?n-ucEtkm(EwDIU`1w`W#{%n<MeEb)GP=jp`V?u_
zC+TYIgZaPPM92_Z)FwiP*uS)CIz#N|=b5-MUOB!E#Eo~uvWNX6P+=2RcqOdD8-WTR
zU<D66`WE;e^Ud=)d~<w{^6(}&1hEu@QIJB}cc<?T-vr+{-`IfH-{T|wewMsS;2Ql`
zK1~<sYWkFNaxY_@3X~&zS>Xa!$X;&cFAMogwnGLrx<ej5!gk+asLvQ>4x)qZwYp(5
zOrl2m3s3s|8Z$^qh8Yry7f-{Dx-t<DK}*9>8!|nW0e5{*$BLeaZ`fn`CN2i7yO}m%
zfovE#BO9AQ4swcpknFi*itHYu;%yW{ei#}sfAY#gQ1^Xe7;^)k!WBnwYN8n)Yt7Id
zUX%733UJA;-x1eE7lzQ^JU|4)_8`OWI*0f!I*}!%Waw^BPloOWVL~c@72edqNsuzP
zEUYHV#M<B2vx)Xon`(bPZ~uoj!S=JFrOc{@)w*=lY8DaB${~^nH%)@}p6i(_sAdLh
z`tW(K?Ty%i-FFK1o<Y-)rSxgYrnvK0GpTH*NbZ4}B}m(;_><y7E#+q5mY;zu^umcA
zcopsJFqzDbjQEc!m{P_aWp&Sw54cC8h^Rc*ndK5+N8_k1NdHVw+|}^{V{%dDH=8aB
zdasEiK^N`QQd%*IBtd!dLMI`RIeW#$P6FwGmB)AV2vnZciWytXP+Piks0Z2Q%xlHS
zX}n;M!98zOdiG-GQYHdE2sclAp&Yr9S@b;HiZ&OaC?f-81_FZD>BaNs3-$!=YYvRI
z)txM7R*R+6fN&Jgj{%%{7Y}&?bDQB@oC-aj#Vd(r7;_@+Bq2+yCnc^&u7Kt$fG-hU
z-ZJ!&RMCTet*$y{^pQ9eWuT)tHchE$*{E#j9*2sE?NHn1E-ZkGJ)k19D-5J_6?Yhg
z@~(`8z?odu9nPf7Yja&tdU>z-LsNv?oq#ucMmO#LFp0ZA6e*u?2CQcz^%KskSW;zR
zR!D5)Hj+<$P<NGVKEO#^r(Vq<ZC@T>m(51>iiUYkV$sQMnZG;8Zrg{4q)g%5wmu#w
zkhAgCCPr~u(Fy{U(-E5lIHYvFauh9vqA@{r0txp$09qxvl@OGUxW+NN_=&cHeLyxv
zThEQj&a8FZ2~&&r{RWB;I$A6n3s|)B=KL7DPj*#jyLS7Apglf|&n|hQt0^3-LD9nt
zLz6wF6vmahI0Zw3QHrGl(YYn_lvvt_d`zw~&3hBnX`aES`HP;-nC3D28GZQaO3$k=
z<u^s4T*__D>Erk>=8&WKO7}>TJ*9<J(f)*$@yOcD(7Wa12^#)U_iUzEqw|v`mhG3_
zmi@p#WF=sBZ!&rSgfV9WsvXK~ZA&ZcH~XtgHi;!~v;C19gJ<?`3LfF*>nE0uK?925
z8XogzkUa-}hiKSiGq6u9MNc$+dc->QS6_ROE$BT4it{L}1CTZ>)nNb~t|G(St<uzL
zfAwg$^>_58sy6w))$IouPqk*VEDzfsX(!pWwtLlnGF!uJd7U+vrkE#>$I!<zd!1M|
zF$VgCrTNK7JvNMqk^Gw_zm-MWSd%QUq<Ihf*NbIROy*`sRxmy?pg8K-(N`>+3FGi)
z-~3RF-RtWiyM9Slq*tV5K&07A9*SY1TwTYN2a+j8yX!|nk%S-bK;>>(7R~!;45s(<
zMcCBP+h!Q*Mwa6*&|k=Sy=|Gs`*Htd^mg4WXuVx)XlJI2*U{;HsVh?!CVY({h1Sf)
zjdb(rI@C_O)uM8Yey&_+!muu@m?5I`=w*iI>!V5M_$t&bC%Y|It#U%_#mUj^HuzWi
zyB(>oZrxaeMPK*CzA$~cvbDa>@9P0|7KheBjnf(&pYl<Cou7pp=>hHOac#q8HG}TR
zYQVLp=rMf&Ys?U643&>-p2o%|Q)3-J?ZS)L;4;PV!4)YT*x*iT2PZ;J@52CsubZ!n
zHjV4tf$V@cyqhj~zoFVys`&O@Q{vl|J!Zj+&3j*DUwJ=Mzvk=-^SQYSi&D0S;iW~;
zzwa-B+_l?)@%G)OVPowhxUg`uFWong4RmvBb;T;+FXDOw^gIxYBSCqwz7r44p~Fp=
zJ2UoUhH~FFjR{8eTk!<Y$#+8Tvvl?V8Bg9~fK?WkCKBU}QOGEap1Y5~8bj`+y81}2
zZL;fo<;T96#PYLjD1IR4FBYNAPi*atxdCse<4Cz5{FPB|{q@sM&iQq@&{NRyk(Nj)
zXFRd~2N>=)67I$?U+mJ1{3-o*o9T+=CI&7Ab91MvP%8%?A(%U8U_Oj6e|0DvX2%d!
z5}<fWwTz*4ZphGI@xFLza=6{nB6`_)6q+;qE~&K=yB-eCk&w%##igvUz7h&CRID$x
zISF9Weqx*O&$j~-m{GBQ&m^$l-e&PBix&f@)+L|3VL7XILp-u-5|Su;R9Z#VzYLA}
zw@66xSZ1&!G7zB{5qce2BF2uyXm(dnDPrZu>uAA|fpI4a#APpH1__VN$Pz9wUogpI
zi>I)U$ly~5sM<=lNh(dKSH`25=1)84>l<pn%_8!lf`wUrI%^B0%&np)B^rCRC&tTe
z2dP>ly52{tImTke({~{BxM!elH+T9H^3q$FC?T9=I+>6wmOV6$^Tz=lw~1SYQx-Ig
z8am2t>7`YIf50UpvL-~Q!QGO(1rtu7<svn98@FiRcug>No8&qsyZ*py4QBLg1yRPs
zYAY>fp>6vdqcn7m$sSLZ?MIcAAJB_6$7uAm=l)m7CLUIDkJS66K+-Bb%-BCR&n?;K
zU7H(#R?U=z#(ZoPdzC&9Q1CdAWTupn6?)oMW`%x;D!jn}XW5Q`T|LU|){8MoCfcN9
zt$<BBS<P~T^!w_23M|^9+tSj6w_9|dg;hKqzn@LFT-mQ@3(Bj5@S^;R&2=od<fOd^
zU1pI-P{;e*(;dZ&?TO;N13${r-V9m4!a2hkm@c?TZ!E+Ee$o+y^4PkGlAsK{f#DY>
zF<DqJvf^-5zhx)m^z(7S>7FZrZnYRh^ZsK&h@zgC$h<gTIgx|Pq*lyD6sCse1#^+T
zP0Ry^kG?-Jd5G|WCd+IAYLpN6fB=a>`Q)MYL=zwY=1X8yQg@~ZvJ<d@(brLv|A_hJ
z<@_3IY)tkIPs6?lG3H}EDLv3cEr0|wPoc=2LGjHTnE?x*%u_6yU6%SJ1(Zl7kCN7n
zna03Z-g{XDzDLhZ4%dlIqL-H7%N%%_M=!?(U*4`qn{&w(tU=kcHbr1vObauezlYaZ
z6{uqit0VI|%L8?W_)&E@Oc0l?G6a#635|%D=egDMXnfi}l#hzPCB6?a!*sFaTUx~_
zQ*4II>rh3GF@{0BSE|<_+O3vW-!^-MW9F=B(<N7Kd`)h`Z0X4>j3S<=<CYtbC&@&L
z<4v%=v&Fww(yp+%C&WV^lcyo32keu{gODGl2(h@gG9C~fNX{OY?H{x^A2$?=?AhZL
zcWWY3sez8(7g(r4tLr2I4VXe_zl=I}W_pGGVR}#`cW%5zESsQ*LI*<k?A!f=_Mj1j
zV&YxPu9K3#N@8ePweylPw}?y2@dA82x1&SL9h|e8-0p(+G&2LX{4trt`&^Sp^1Ey%
zU(9O0bh+pa_}oD9j5sB6w-Dv~HQdcYcH2k|OuJSr{aZBNx1cU~1=4{KU2w660!caw
z#3+qQgwP3q#q87(qdi27a)BCkT`mXck42?FSu)a}&J>p(L&7uqQ^e?x&2=<Lf|7zH
zs7OPC)^hB%kU134g?Rk`7o=#oF_aXcE1ZrBEu5~QLf3LC^pEdVD%6(KpXy(lO@Gd}
zZJPdkG*zWPhdv|v^Y7aK75a17+XVfw%_90!xdQ0V4gDIUKgVK-{&Z-|lriw5wCm33
z&z}DQ{dqVa=+76|Hjn;{{*KWfDI)zjUq|%E`7EP9k}_*Ja|Vwmg>NGiX!=zsQ16{O
z3Up(D0)4tAK!G~&c&IA<soEQf{tPb;r9bK!L$>{`Pa}{ZWW@3vgR~@Qn2rSH1WC}t
z0TSe$%HzMDia>o1(92tcFK<ErFM8Ry8RY^_HSQ`)VM3_BcqT6%ip7({iVJvgXDl9#
zSnSCSlHMW1+nGBMEa$)3{5O;T_U6CW@?Y+^z;=yTLg%50ozs4^nF+_t#Xv0ij3@(N
z9q-@aiIN<WPlI3id<Dp|_hLT+@2{Q}dKLcr6aTH`zaQ)2dG0FkJh{m%_#WbZ2Z$h)
zw<?$w=8zTXsvm?c=&Ue8TlJ488f9ee{Nx61bah)r3K`1g!LM()_VX_r|GZP+a})pE
zSi!B}m4<aGLhwooL0$TydL@NVi(U-Pr=!oWY(RT=p08GR{eZz(09TME(R~{sN+vAv
zqvsw4xV#OsHyMx7c#&LjGbt7lfc(Tc_Fmi~SKztck0F7irabr^U~m&&t{2%{in8XO
zWM&>ZG>0(wQPiybUaMm8YXE%{60cE&-FhVcHYX;GB*F>g7(Bfd>saDhVKrSVCnlrF
zJ&8gI0}Ai*5uxz9%1QJ^5z2-0@dB1o8Zy+KwkfORq%7u=;~eXg`RytFf9nYwmM${L
z7VaN~gr#qME?ZFR5)M}ill=bTwTVfnJh1nMn!{TXrk>f7F!g+T;vXP7S0>yjgz6<s
zTrWX$oJ17F6I(S(3VcZ(hJ?$NbL|-NPT=x6W06Ak`|~ws@~k4H-4lQs<t1eOQ%SH*
zLglEESTzJO+1kVm?mC@{zfo%w6X5p)gWX6Wb1VkGI@|v3FlqMta4NaABcbtH=3fkp
zIrY09<l1IxL3f;h%14^)aXbrXt@2wnV)Bu&0ZfFyxsS?~9}tWC5sL?|m>8tW?8n28
z5T22}A83&{SElp~@ey$J#*EN<Z8_lJ+~X0nDXH`_DfqItPFeDvIt5C_zu=g^q$_+i
zQ1~tuK8pyg1_v}LsAC(8)Q&CQ$VM0MhYf(NdSgDW{`gM@{xjT1E<S)Ej((FuN~%TA
zr3;*PQm11ci#$hV|4?zvC*Lp}vy!(k?74KIQGHzj%a^8HpVI|C+KouTh=w397u*O_
zZah~REtc3@p~BgSGzb3-v%bUCrQ0R?@`*(^a^)y&l}ro94w=>pJ!Fw}&7gGdz7)N@
z&@NH(SMuvAym3jsK;F8U8^xyw;7ybZDli2~^tSACSq7t6Vs42R<cmy#Jyv%2!+55W
z7xNjc!z)c?)6Zs-m0SW#TxyVAustzXDWV=LwNz=t>(gruVfiaSI&s7hHN!}f=*EkV
zIlj1HeyIa;=6<mR<5Q0IbnYkZ@JV$2Qd(g@f)|!R@QrxwVRbK7B=@86Td1H~F!S>4
zC=4x7y3-zKbyX`ld+PkMOCdiV7(g#u@-g{IKi*nA(ORxW^<XhPW3-Eft+LnQuf=r%
zfOcX0RlG@e?YFwldT045z<dDyw0(42F<&eLf$0;vMhOh5GzE2k`wJt~w`uBwlo*4X
z?6<TE;J;yQTpKZx>~6`^E=t<rg{}R)Nx*m$TQJ(J*H^B;&x3V#{Vcf@p3k=|KPGdB
zBSS31X<-*FKAck%?1gxcQQG2lCeEf<W{b(F6ibdE-*C#n{oiPvhT^UA)J-ta8)>4~
zu}Q|;;m2Tt=P6`U?p~zWGS6dn6LG|DoaZ*mfuHL9Fu6&#<Occ42Ao_#$~d)F(OM60
za9U9yTx=C>^%hrsX$8SAx;6n;^G={>E`fO=s2Rlec!U<HW;`Zi9sz~E{_1#hV}cV&
zbx-gQgCDd<NdD|1K644DY?D~_bMd9FtMTGm%-I7ydWKbZK>p@fy>j^{Gt1$_^ENLj
zXv>HR^n+9L79ByGN%ml9`*l3nNjJ$eC`0PrAUPXa&%Pab=;Tw9)1NSVq~xzbZrgbb
zWX8CQu%v(HV#3Y9`i&4xmTD9HYpqVeM6(-A@UL}4g6yn_wr18k4oaB~_7rHo8buGu
zP#2c}B~x<U%mS0FH%ghOF<-PLF{UOrMnJc=Hz=G)q0#2L$ro#7e7{L~n!EFvFftb9
zj4q1F%Gf%09PHh#7T4zF&DN>wU7LgBlS?nyGXaY2lC#D%3bU~|YmH+((KT}AuTd6H
z=N|>4dz)>^du8YP3$pWK{G4m8?zlwXEXlPQ|L|gTA-VE+l<Z$`bM2CyM=p=@bfzS9
zQu0ALd5>(Uw7T|5=P3tXV0@TA^K?D@+wL?@%xNP|(rM_R=CU>OtmBX^b1!Wn?81H%
zqWTbje;_+Bmlv!q5ewzaddCSIEjhZ6at{L}yl}h8GtsalpC{fF%Xa!JGk45MSMPg&
z%4(<qQch{DDOaY8WxLK=GSBFl?a$mXd#~0%ZKR3cRskM$58J4$aTo>X1tZErl32R%
zqTjD6kK1@|gdxF^tRnQZP0HRaHwrws^SVF%eza%FgO7X<@%UUE^G|)~M!{7LTXI?Q
zMZY$`qo!@Ovc>hQvTIkM*%{QVy>qsIgC+BK$9LXi@WT0P6lVQf3V){U^R-Xgr!m-m
z`CGF<4krZ~a{q+^ndl?Fqwt5yQvc}N<1_kN`J&a7TfsKQeamh)Zd{TsgwaP${%^k~
z|91~VF#q>BHUIZ2HUIbA7-vJ5c|+IXIZi(B9&LopTlwU#4S16O>?*!cx$9I`vESg_
zjjMKwvVTv8FAa6@nfUbW25s{1@zAcC{Ci|fw(~-ldD&#yVo9zEX8+z*msQ+gaQ=iJ
zZlZ+HxF52UPg^o!>M-F!wxJ$B7N725pse3r9XIH*e)|==UZ$+yJc~DF@Se*ucrV&%
zX8Aw$S-86fvT!Ttk087AjF`XsA)9NS(Rcs43;1cyPIJ?_!&~cehhwjfXW6I5$h``|
zUY~B=XyWgIy2RgrVO({}c|n`;`vA<=7?$z-d&>5GMtKPcjPFx+pM}N{gTFDuUojwb
z_JzNAOv!F6zQj5;cdh*_O!+*ZJGc7U1>>doYoPfW*}b+lQ13?N=o&MwQC^IkSu<yt
zZ?6_#Mrcnd)6}2+i9UafKNoA+pw@Dzg&|vvxi`;?ne)5P$(`{+{S9F|YqOS*c3XC#
zL~_vNs>jU3uG3aeyY(`lY@VXL(CUdhi1Ghq)UOi09pmYoDm%9tY~2sY&W850J6b)R
z0Z9VdtTM{ZO9`U$Hv=NvD)`K(w-3Bgc6DOa)*Ee^TY~w_ZSFR=xvaYanao)%M4KnB
z0ub@{#Eb!%p+P5~m7G-<B<Ce*_5>T8%JciM)7i3A>5C#>2*5pd`8H4Vh1)!xFUp3W
z03RnH4#IrsmZOBPk78Ei!$8{FTMq*{+YoKbJmxrL&AjAj>FWy=fTiBP&C_nP9$$B`
zxl9cH3I;#hBEJbdnfhM^mP{R^JZO`t2l&bVpX5{Lu6-CMwDL%l&2^qldE7;q@(YsT
z60A@XPPv}mAwO}L_=&>_xBy4$;oo*g0`qUnY!FM1W7MVf@DHYJ7fXAfzuhg!d}-qU
z%d1t|58%z#q;NlHzjchKT|Mj@SiH`yY~5iGUdk1npQB(3v_F*o-U;-#@`4RFB`^k=
zm5viukL*_u$8GNMyG&Ns_>C9v$RL_6sUWt0uPu2q^s^h&a@#zejk13W>*~hYMOM$C
z&DpL!ux)GQ<O3K54h~7e>;l<eg<LXBmt1)$3U~@+D1gzxl(sfcyPstP@&ZW|vRA`j
z)YE>&iL#ub{dxxWYfUuq7jou4dp}@wcFUf28<EW_3>}}r>Jnrg7*5XI<T!}~;rX|d
z&swKejd5FQVTiy>6V|y_&1)V^eei!pe)(Mg|1J6DUvFN1dG8#k2YZO}GUa-PT{Fg$
zcyWxU??sIKludy=<m7`OboOS^MttHkov+XrXU2F2ouM#%20(<hfTqri&j?Tk2$T@1
zd>+wug7}mVeG&XsHjrYSM=y`zsUmI37j4OZ!jUdqE}C-cMN?Ziqg!D6ZK;Q@4ndQb
z9Y<}MXT{Qw;d}3Qm+@$_`ExdOwYMuh=V(WH+&B7SKxk}*e{WYNL^!)kM#L~&msDw4
zg0nFy2KLPDFrz<@@(enN+&rG_F`hUeH9(Ut#?Fp|Q+E)<XD4rwh|+va>f_TOyKF67
zF1yntSE_EmQwNe~o+-Ow6L!M)elFvY3V_sX5uZkrY<P1v*L5a4d9yrqZ#IYprB!0d
zhfo0Li}K3AIp0I5AAc*4Mve3&a>3#}itEU~JN@yq^X1A@AV$<;yh!J7m(_?Nwq&0*
z*(V!nFxm9^{b?u3zZ=eXT|Gv9tjmUzU1!87k99!WsxQl#ClMbWvv-3&F9hrX=UhPA
zXLAk2x7N%m#|avRFG_Z89_1dib(G7#-IVQ_W5`-k#6*Sx$OVGTaC%PCa^ND)W;aw>
z-6i$>Ty24KwNX7+7SG-O%+s@f=5y3giTl&FVx!8FI0n<YR-|p>@OTCpN#<~`I?o6Q
zR9{8MbjcXl#Md=c-aIO1?$6o;^#1iSU_h&Dmx}s;-8di{F2Q&b!t#qF{yR(f?`$LZ
zZ?9O=32i7Z!~WLg#{eOYdCX@H5laprdH&Ln?fTi~I_9$l@GHm|xrXnUhXTe$nM5ID
z4q4raiCO2W4Px#do0$7M4Dlpg@`<?$OqmUMl_vz-&|Ab37hxHg6X%6%#AiIjktHU|
zZZR9VG6|?r56?sp40c-GpX}f>K0PMe6Bq4Y@4VPmd>XHPvTlAf2745plr-GE;<S<G
z^6?nJu^HKZU?MJboi~*kd1SlxTU=X|FQA5NkHzJ)xvqG}`Y}4`v25f~?OjO~CYEex
zpn<TR3HumtM!o4|M~eJP37YY__Di0Y>km&7P$NbmpiqT?hWEMT;e)`S>I=<Evl_Od
ztO<hV4z|#@#T5T(5}*2rzOuK;MoZu~vC+**>$e|o0GWL~>;_=tMpVKERV*~W*(mI7
zQ3hY|`(Y_8uCuuYukQiZe%bvD3+_c15-wEF(S64sfGK@!Je1x5HOr_%qI@u}Ka(rP
zuPQ4Q(Xdhcs$z%Yxy`S3DVEhk1H8M||53ZcHO&@te}+Xprp}F{M>a*~wRgu@+uVNr
z8m;}h&un!aa_#jc0+HPyJz1%-&&3RK9uj0ol~td%GbEu&2tC&9Pl}X;&iBkl8G4+E
zc6U2~7q`}!aR0>M<YNSLz-?7%9Uyz|Fj+k#{XxZtwR^4P^tYcq$?A!&vLz$`0G#QC
zgxRAdf2|b_r}1+a;EY3X*4kA{p1Ae0VGm<7HZgv9n+g84ZX^B9MmTHj+W~>Bg!8r0
zaY)LnwfB=f(dX&fBAma#NYkz~((NG5&0LTCMNUld0+@`}*+?RNH#2m>`OP?3zfH1x
z)i$<^b^^NCMd$(s@9Nr6N#A7bnEMkpBdl*&zhqoYb`7w$R(DUa>_J4^vl3%Gxdx>3
z8P&{0hH1M%YJuS$2f{&td?n8?Hu~fSpd&B?4KrrjWtSo+SIA!n6i3d=E4I>&_P<D#
zbx~;S=c)(h;PNP#rcp3mR>Lt&GY!ny38)F^X=em}b~mtQrgpn=`gYLt?EqF1*xBul
zU#*!n_HLs+gH9kNWAb9SK8$vs!wNFu29mOuoCcIoT;0NwadO_^kp9pfKC9t-*}ZfF
z*Z2G=yO#byGdR}RP~ob!WGHig&TjZVcgZYt5Lsk&M9Z$bjUn4oAAbgenJqSAXvhH=
z%&e1UeYNq-F4;|(z(E(kg+(!o#c<{nzpU*iX5lY9`-0{Fh4w%GIIMm3`XZm~LP3V#
z#hmmc*EVILkjXqaC~`R(0X)Fpq@qDf2Hi8V-O}>rC>y_L<TrI5$%NMp{Gv|dB;}lM
z6dbV_Fo~|`^3K%z=~5JJ)z|z{??1QRVDHAFmbvi`rSecqF$vvB+DEq#O$KPKg^B4~
z&;Z8uv(oW&Jzemb1bb)oULrI#+P^=d$Z+{VzTBtUp*Qu};~z1_)(A(sP`ErS{)Y|k
zi>tZSZ3bGjQfm7oyvrko*1eJvbz=Nb$~X#>+S{KYu$1q3fg`ymQwQz&+kAXmfZm(_
z2KHtOPX3HQ)JHYpF|NihRE2rkV03DVLx`U7>`Isgt1i)H?dGes)L_%x7HbyF8p-4v
zR;<N5k%dmd9jCll&tnAQs%0tBXX{z6@4(XK<I<VbrOVPS9XBIVww}SSnD=+!!=k{4
zz}7`4M)<H!`Rf_BNqV3O5e-uFO|GE-hUZI8Vquig%Ru?PuKw!Q>ct;K@`ny=nkK)s
ze86^1yE*BaY(hN#VH4-A-IWZ@d9wjigR6Y*az-O(uEuZu@6Oz=I?b6IdHTONbALa1
z^)om8AOF>vYxNH{ds`pX&K}}_9sU1Fat%t9T$k42Y$)BoMKxz_w!2lft2IW5q0GC{
zHqZS=o9AI8b0|_?f1hkvF#N0RdDw&@5tqErBFbQ7y}WphnSt!eOJLCj^OEG+JaSyK
zx`q<et{fxl!<7>UUAl6Bu~-n#(<=;qA1zWABw*`(0<F7pl0v8mX=VLN-kZz`;NUVA
za%^`IyQYR$-|<%)*el!&H@wNLaDIKyOjpt$szrWfD}VJ8ywc@cl-zk*S4~HT<j&E?
zd36l4x(5bApY2}GI$iu;SOibWIXr7~1S0@5y=*kU+;Wy*u6%il;49IUJi~k`Rzit)
zKD&Hv)INv#kK=)%5Sf=TX(i<~1~i7oS?)ZOYHaCQ%MuiO=EYNDj8%#G$Qr!4k~!fd
zkr^?DD1s6ROPnidnJkG(*cuC;iz%-GzcA~~bIg=v^g0$qKZ$B+bF;T%mLLhC1+}e$
zj)-JZs9e7?7=Sg9arxRije<71df@waTcOagFtG#tozjYh_?PL3k`MoDE7*4o3o^97
zk)wTz4ouOF!h$y;Mc{@>NB3I<HH!hZnU6406J(3vVMe#gy*FzNlgKh9A1zZxy{nog
zk!4CgH%^-RIT|N1FH(4SO0`;ig9CRE!*2o+Q$8vslcNQ1GON)71G5^Pg7ya#?N<I8
zkwH~j1x`XoG8&~y6eZ~(E({qTeZH<Ixv>;AF<>68s@t#H0rQmHYQQQQ>yH^|)cOhe
zyjkHl%OI#;1(Dk2hF0Gl(of_ReWS(DsLY&@$vkRFHkn6Vo~a2HW{tv7VG9%ESgf#K
zhsXqJEc{qKEvLXwAXeCjbAEqwVuk&yS7;O(<yigI-E5tIH*@PiX2c4>+`NH+skw*6
znwk-a7WR*88PFXC`we6|9mp%5^7j-nVMxHhUo|Z7S4}(`uO!IOgvsV!q=;WhfJK)k
zqPe77faxQ43Ah5L4?Kmwhje%kz0HmdY4hFu+-`YWdv2LkIBOyp73`wbby^uPjGYr>
z==mHS%?_>*S}-PBy>HdN9Uslia*JR_UOP%NlApw8q@etiz#`jLkE{2~j5pB5-+F}~
zOxz)|^NB{|Z(+UA_*=(&hsEE5t}y=ASHJhv#^2ibRujRgb`!|B9e9|3<>%j<u^sGh
zp>bSpfn=zV4Y@NoF<sV*R3!GqIQ*snEg`YRmv1pr%iG{c;%_Y-%|-w!`$`3<6$eNP
z0EAm-K61|N{JlZvu?Z-*{>?1#jW`)ix;%CY4#(^kaqBSLQ=|N6We>V$m51hWTs8%9
z*`mLpm0g~S%cc<Ns8L@2XPB9on*RskHI8FBHS(eN@cai;bh~E&w-+o9#q#M?fanW4
zGU2KE_wDr*e(=vX&4LQM()r07I3m)19M?j{^V+wacwfu)eK{Ttb(VK52=|T0_@C=1
zhepD64j-|e{HD=gIOsP`xeA@bZ(?Q3bY;)7vKUtOlCJCpR#sO@Wq;F^VYnN;jrQLz
zuu$<d5p$LR!?5&1s2%r<+B&ykohQTUe5S2q#yW3?)%m$WQ>Qi7sSOJ`TC1&d<Qb^*
zCG(Q$%El9(Ng2vou(EPp*&0@Mw1UcNbY<&V*=AO@Radr|m3_*}cInEtv9cFf*&bcl
z53Fo1D?6ks`z37N4_;*BBqDa{X&C4C7enXb2W_3*SZ94$of>VOFR;$4usVkVKI<=F
zg&kq>j`svAJc<=Ig;n_DvSw9mSm$t9ouk@1$ynzHyoh0j{53&;1v65Z$6hlF-tMUW
z#f$>Jfxa|uLVAJb<8p)F$J6d8i=GGmHj0YTC;Sn3^kV8-Zo!J~?t6rQ5l=Y&x(2&q
zIfHAwtNHJ@ya7N3b+1DCSN#2F{C5@qUB`db@~`>tH~f3RD|ZJFm~R{(1hSjnw|NzE
zRR4N8Gj$z1EnqB*9I(<JMoRgtrUm4UWxVQ5YE=wK_1JPv;(=MqdF)Q5#Wg|@jZIj1
zgTTFM+TwK2=Z=ZUeJUBt)u2`VmTNK<bmy;uf9BnOHZ?ue-c%<qkl{Yl$bbYik8Gon
zf~4(KrXA`)Y$mo`ydVh!w(~;8RT!_2S`>_9lA%^&$)dKs+k<d+YKUpNgfTk9C2&t{
z;Xz~&kFL3iGfsCOxVi{^@#SEUJ{F>%CDR$t<D0y~nb(Z3(Fh)fmiY!cL9F1ZgJvse
zzMQ@)NnrkOo{q+Y#I%eXXoEF7R89#Ee$Qy|hlPp1F-8db>S_zFk70Y5KuH##+C(!l
zE7AB(60vUSEgrBy+rL>oDJKWmboSD&J<`mIUAFs7Ql-*oW<_zO-*4Ds&tx7`>a69W
z?;&%=iV~PjTq=2;#lBiFQc#li*ZX|~gZ6L{KWw4-5ZS-8zg&H)pL@y7$A#=#=Fj3&
z?*NxY^QxO^bbH(Nntqm1GT-)jl0fsRPW780Sy9BKLyB`qaE5sdTx+J^ag%m}@kJlB
z`(Qw17AWE~82H-vAo@S8i6C~bqL+<jVB!5NejRZg^1aINCjmh%)d}Fw1qu_eu$XOV
z)JK+KEQo3~Eli`EdjFUl+SJi}Q@i%5Gp*)MYJA4K{MD?Qzz1_GO6~<l40a_h>(df@
z$f0;<q&)TH(0RPT{!UPxAt^>B)3=7&pSv0q>6JJE`EaW{!3K=Gg6-q`RDAEMM)xOd
zT>L6K8f6F!Na8lY9~=3)Gbwr%!}ot#!BEm3{*pp*kA#=vS2-kt91=9*zN?N&T^=Tr
zE3uy$gYJiTr1<<|V5W4=u5DM#@Z~UiX;wjg;^jDo8YK(}w_bU(#Hb6jl&?$Uht@V9
zQwiGq)3UM6#$alBUzbrqc{M0CFXh?$xH#oHOU@=oRXG+1L;EGaPjX;`klMg?Kv_5^
zMK4UDmmuE-nXqA_RujvS8l`19`bGus1DXB-6J9*}VoI=io_q_>@^L)QmRD0WaRhL4
z1tZ?Q!rLL$biVT83(Sq2CmkHl)OW2^uQ!?;64hKIjV!`4T1~j{1J_1A2K!B3<h(FH
zE#)ITtb9>ZuZc;5OZ88h#ef&2SW4l+wfGZXt`k&Eg8F7tVD{BFyZDDov>)yj@V32{
zcEZrbsp8V^Xys*WL7dztWi+ijb)4K*#^o(%Wk2f5cCa#gS>xPcL0Kc*A(RbcWs0us
zH&&Lw%IbAxCs<iDD?6(zJH^VBFRARDt_(A$hH&OQAI9v3z+8P7#@cP;#pAGeeOU2d
zIL}TSxIfmB!}xkhTc<7785~w8Q(NcQ0;tnFtPZ|GP&Q(5r?BEqy!b;bjtwg|@#1H(
zI4Z2z%lY6uWhPeGdzsmtH;Sci+|5{zhgI^V{QBe7DdH2)nSniu19oGz5K3%AI!NXn
z3=MQp+>8!7KWElvDV)IUvM@2Mr%Q+3sP#%8yu%^{>`iQj3#8Ox6c#i5omO6X<%(bS
zZwSp$h#6!|*33imwloR%&Yu|E0lKYh{Nd_wPg@p}Jx?q_a}PBao$E-zzJcYRlQNY+
z{yF?xlYj2MNcrdb2A|E1<)15hjPg+UKG0QoKUm>5Ug1Se+P#lGDvzU)|GNd4-@X$l
zP+okCP-VcV&m%Z$r_;-f;L9O+{^@02@a0Gyzp(;0^_TO}+fTovpZ|~MNUeYh-o^h3
z-Stmv>l9%fJG~j6_CppdX1W`HTzk_hl$`HV1z&$AS-Yx8h{E67h_Y1$#yf003&b_;
z4mF}JExcIL*}$=RgvGyqDTra{YvgO^i@{d^#J{y)D?;O6C*#+(9G+*{FY@T^Gl8uw
z!j~+bS`|iXppxFslmH1-I>Cc?3IDv9*Bpue%))=}=c7X|!Z$&q_EN^yfut&7op|2v
zwx=}hu78S&SNY27r&RgtQ~1kg#7|TO8eLVq%qvV$y7Xtaz!{2@w?(sh^maC@*Gvq(
zzl)GBZqu#xBv-a~N6HsR_0h^_9rE?cFjPx>VjubzZwmmj0%qz|uYM7l@6G$ovt|tl
zf&6o_Yd1!6a$Q=7QO}j%-zFCccCCV5G!4qm7RYZ53?y~qnOHEc@_A+Yv+RO0WrBWy
zLL=>$s_k3V_StRHw>=GwcOvjkHjdZi+Y4(Sr4yxBIQ%cfG|}{XF4puz<F5*Tf<W==
z!rNcoy7BgNdHb=U?d#*)0T0@CEv{s1$%W#1%hEOYln1*FFJkksZ^5}J8bkqPJkS`?
zbB_tbc1}x-Mvr+TaQ?oYy8L0avU{#knmRICa#k0}nYE(l?{pX!Wk`lo${TlK0v`Jw
zN`vCg$~b39GMG@YYe`D-MHenlt6+?>TQW)J>@1K{qh?lo_0YaDcpJ^`HYh9|NOg)Z
zocnr-W!A)`%3q`5!5A+M#h7^|bNm!-@x*qzxq1Gd7CJGeuZIILYewRnp86XL-Dpzo
z|0*#wbR9Zaai!0nquFh2<?R?Zu2xCzQ|}MZ!+eZTwuVh1P!#1ms9b<~>Xa5(ZMoPs
zB%ZA{9}-_;<$hvjcso&6*McNe?sUHs8IYV*t7i@f#N(34eDbJr@pc2+K#mq1?Ltx%
z32dz24jswZ@2|6Pte8zeiK4M~G;L?oU@WIoad2%Sce9>emZ&Bg>*Hs+$99fQ=Y<k0
z#5st?DThied8L1jjhGM2bqR*^=hrkXR`<Ltt9!A8nYnHbWae7=G~$t#9;$=6j7jCb
zY?R-x8b|T{#1m_ocw((n+_37H)jcN*T628vTaB~5BB?%*Z;JQ-SX2Ecvi@Uv|DFXV
zrTr)x8#B|2hH}b3(aiqic>g;67ZZ+xW=WT>9zub%Wat9FYp@Z+b8q`uW*ZlmzFU{G
zexhh-E7D!^#AQjf(K})U3U0ImxT+eaG^+suW8YztJkeP|^(t{=GAp6Gr>6+v$tTaz
zJzEYtbng6k$unD$oRz?^?3BdZt&-V5$FTm!%?~DV|NJh=2;6-Z4RH5$j|5!H<^xwb
zEfR1K6L8}IxH+lRISY*)w}7T+Vmm1a!Ib(xB0$il`4HS15duSCdWz!FAo?*j2LsXx
zg6qDw1R>}eae-PjAA)bEMuK2PlnOzXDUi76ZQL*Ri2%ZD-)TT-+wso`Ahd2C2<hkd
zT7|TozB`~*i?-D-<NoVb8DsBBzr4jFC>{qJU&fOe0t{pEozPLY4VsQRcl)n*5#3)x
zM{ht!zVXm-O_iqMs;>VB+cW*(&p0p2Ry#6TvDsVLm8oe>VL)i<S&lJM;jBAbbmbXD
zQ<b_FY~h@%Nf;5AeMiF8IV7D~R?qNdt0slS!;xp6BdifsBr%+SO4;-$C26D<sR!ld
zOGGbTSv859G4cd1XzNJP|1*Dg+$xox#BArMl*}j1l&B$#ahH8^(PgHF_R~~~`zB{@
zUHFV|5Yy*6tBvrv{dzTxWF1F%M^$|<&lOX8((#V(1F|ik@DgtcEU|+LBfQ7U&J89E
zHo?_LwKXh5_@u-v-wh%8MysK2ye+fNo|98NtiLe-q#V@Y*bl*hYc!hu;`JzG9e*%I
z?ZEf%M&pwVDkfV(oLjwIb!O${@XU+*>19af#f|hbB=h1I^s@2Hiz_dxX%R;NoZi2N
zUAQG&QY&=F3hgh2R(LW{LBI;L!zvsOR5<tmRM-WNz8Ig`*UHx$xR{<i)NPh>?_4G|
z0KfCl8KUB+WDvSq1TyZKlrg;ECpi!zH%m#r;OBf&e_s5R%s8QL-RqmM7eoFMO)JkM
z+o&ge@tp8!!me<_XHxd|C%pR8PDWee@$lYs9Xq@U{~h5oDbw#}ct@WJ^Z_30rxCn5
zqSg`w;S2H42p}{UufFwT0I!~?(X=}Gzi(B=t1F>BCA}y`cyed}rG8hg>0{FkktXkd
zgi_@ij#B4n8!r0q8-_NQ{y->o!6SrHV`~{oji<2c#DA{7LhdqdX}-HdloaiWmOarU
zoE0&^Ap_P)BCPW&$2#$dbrKrIIws7{QT)GyZyvut1mDEt9HfTen+*%h5u#z2zCF3g
z>>Q6=QIB#Q^x~a@kLuZcXEr;&@yZ7?*)dEVsp?GV_4EAo4I|To`Z^syO2+BT)cLA0
z#`$?nQbzSPLcd)`Zj-rEALihtYuU=1!p@`QnsoK^n56u87dwwhy7RayiU(h4CL@}p
zq;$aWX<dHK)ByMMb&-H;*?izKA_CW!fV;yeyXO%jn#34UcM(m`_Xa5l!S3JxhyX#G
z=0i|+XCw&LwNR&r7*Uo0gU!QxeFzHIdP@+B=OZpstL8(I8WD;yDiqH7@xtl}C}Q4=
zZHkudD9{lEvA^JtXxZp%2M>?I!<q>KySydo>)fg<ex4nwEljJc+F9Kd+YInYzY`L;
zNcW1<FqrxZ;yMbK%QMdh`J>y(A?Cw+<d2ToFd8egcLjars!{&?n6XDmc%wQ4aYhlk
zTo$4s1|`T!m`^fbn?OBMq{R&L`z?l(GG6ttUM2U4Agi>^<~m9+iA#$x{M0QW{$%6`
zbQbxip*ndnppOPv00OZT<6ilS5iCjvUGgqRWh_Nb0F_l~P#M}dCi&tU;h&^1e0K0^
z_{{36Q9imag*B`qwNDy#syH>*EVy7NY*-S;Mt%Hx1UBlW*CVh|Pre?3jhgj((`?ky
zOKL`dOZNg|+#SXQ-FI27uoo+g3%hu#3RL(SE368ukaR_@@CsJA;Yvg{DoN?|Pzu+J
zBurxn_k%1Q8)Z~l^MdEH0&G;0a=4DMQAS0X%8HA!7#p?c`g(sv{wYaKZamKz$kFi4
zO?c8f-d#cG>|dK?p`0#0T?a8NV(j8b*(GEH<8vqj+Wp_gkPvbb$a$M;i$FP-H2#o9
z8CFA`>|T_l6y53fJF8n+Jz2(b6YB$dexU+wDt=YoS%kMfwZuPRHc!&_ZChCGoWD?5
z9P67w-QdHb$*i+?pBW*j37)k5WvTsT-4&_7fxN!~y8aeIe;L$YbJAtZUdy-(W57sa
z+L~rKAo=Iees^w2(r@<iSDGf{%LDl<Z1<oAWCJ7Pth)h?cDH;EQ`#2XqDfHk@dL~^
zCFhp(F#T--+aFf<{eUzcNkWrZk%w7VrcTCfD#c4{f+5!P<7=`o#QFucExttS4j08f
z#h9TWVv=f=(X}rg6e4iUuePL}lvF(5Dmd<GPDIe`f2*>xnx@&iy8i0HKucz$z4Kh7
zvwR7o2w&1>8JSQ#|8_uE!^dp4BJREeT9-vjEp?A*IRh!eS4l>mXZr*koQ_AwU{upC
z*Z(fVPfE{=d3b<MeoF`FES1HsD7O$2j4xlspoD3@9sVEZFEZk6D}T(QTam2Lt2?oT
z0CNui=q0*6uZq^*p0A760sZPG0{WeQMFP5o9_Ta%^nJe(&=3DfKsPX;Z(%?m{8k0p
z85!tX8w0wuHHNKo7aA!CwOE3;VB8Eydu}MA{xKz^K8}Tz)fv-UQLTx}2j__d(PT+1
z2(_30#}Nd*<qTUcna!t?-`m%!6ND43o17ac)TW7DjV>=TGoaLr(y&SJ>Vb^<k;P3r
zDc5em9mlDoFKan$mJG?<S~4i?s^DFBzctb;vU>~+8h9C=ATEp2m?GlH;@1+@qK6r@
zOrvd^Ew*nh*X9Moj}z{(Q|9keXY&MQP+2oJ?Y2i)es|co8F;w?V@pbqGS7>p*8$Un
zR~<&NWE2G`TbPuDgKh)gP4N!puT1bX--}T#(UB$}v%bT8#Ou=KEiS2WEI=+IpYj(y
z7nUz5;wjwLVkAF>YOc4bUp8Yv4G)tPqYX<ZmQ_F}*0hs_YW%)xMBbH$qGh+eWxTRr
zJaA*4`9{L%cV}V9gNa6x!I)zb!!8r10~LdfUTzbZ0<8cx%*t<QcVGFd1w;J82A_W}
zPZ+0s$ab+Q92?=bWogAS{M9@YoMQ^+@zc;377t-mNIpN;kC@IcOYm2RWM~V~XGF-?
zM(O;bVUdQ;O0<fl7cqFpgUs;!y%(A$47d3iVaQMh0dMWiqQ{P@MI!{o=}v^sVEe$?
z@}!S>&myRkwuZ8RWtY?u)9}q3i2{$4FV(XA5Lw*?@1TnWK;l&Z$hxQk@I?UtkjB2M
zdmg{)7W}HK{;Qp+Qo2_Et~{W1nu#rahE-blayi|~P|i+ebjv*in4^Ba>ygn}JcJQ8
z^~m4q%Ls_KRlNRRh6GaKHn}yY&SJ#UJS0NAL)AZ=j19=kklc^C&|;5H+vn>TuJjTA
zS{0JRwL)MPZD^lWD4wb~D=y{+hPBKflD3E^{jPa=0i#3|Lau9xq8Cf95aBAo-k9{&
zabA@bc%+JweXs|{_kc4i=AME1sWh!YoscZ%ZdXR#tx9ENQdtDVV)$)mwf#3J6L<d+
zxqo&Uvao6C4@Y2sFwjd8DFRZJClgRHmp+sHg@R+f>(@(>`!Y2>)}W-Bs?>~Py`}1o
z_mv((aHN=iQ7kLC9U!<hFINXa(v>rjA!yqe1bm7SjP$q<aXcNbR9aDD<+FVq&9-H`
z^2;PX4>;43yC6yYD#wauri0MmHAmvUs@8yA`kZ{^(!ZR^tTD3Ky8>n9OtMg&f}cwC
zas_j8byGszb7`BDUn^RZ)nQhsA6)w$%p5Tzv>+}xLFnr=KPkj)o_SlL+q#GHc)&?u
z==Z04g$VQgYj=EW#pbdZhc_dHwxseyU|~-15~nVc|G{{?RL0}skd&y;7=6j&hnO7y
zrI17Xw;5)&$C41I*=(b8HD~=^p>fCV`VxCtMa#Zs7?-6J$p3LANIi^`d0r5L>xIx3
zBDAR*mwh{$q@P!&9z&*Pq$$Kf@NEtRMrAlFKEiBsVZ?gY=HRJ3&eH^30cq6e4EWJM
zdvfbIVrss*pA2TkX@OrFn5C2NGI@=!U{R{-ZNb*5-`yd;#kK3%`mT>hl?VeCBL*<v
zh>nkc$<8Jf5PWFvkWInk6hqf!Az)6ehJCl@F*{!Ng=RA>Ob{YDuZg9L6Zp(~S&F9E
zp{p8O7xCTy`MPZR{r_NH^6DC2muo-KtxL~BT9>D_z!z$Pzx|ynXh8DaDobG2*7V0I
z+f=}&tU^6qkq<@HD)msLah9w8<7ONQ_jEJ&C3WWk7o0bv8C~sqU+oG<tSo6xKRu_L
z`B($KE$rmOtjkGa*`rpr0!Efz<DfDk+DM~#ytHR?hClg2E{93wI8T4n46v3?Gi#|E
z`e}2FfJWw?j&FTIJmTFaaG_%jFvsPOXjiT8G$Hi+j>p(Hec+q&cn-|U>(P8%9XWCb
zt^<nLlNG*P(ySrQtXHQ!inn@AbB6fgRJOuNgpifjdTJnct}bCX4_RAGRS&JpwY6FO
zKNZlL7VUD~;}es7i9!9}271GFl=xC|R)K)?-4mk#pX5u11Co0b+72;;x9=`fx=_~j
zK|gT=2qtpibS~O*=(6zf@5<%-%!2Q=fL_+e!9u?tPp|7=ngkP&vhlBz1YZu%Z-k!N
zHoSVqtLyUnm?t!|+)zHd$?p#mbbl3Bs$%Lh4?_?|k~DJ*bLkm>O+xYG;{?ZU$*@&L
zkz^P3^<J_)qN`^l|K2*ks!VS95B@m~fI~3Id)b!xA4hKhNGyF2*jGwSq|=`|tBp`a
zEXkqhZ0yeaI9J*pMunNU4D$@-rk%@8^TW{H(-M<(`m3yrQSODQ37G#WgJeDB20<8c
z&XQ^{I@+Un>N9KVW8EZ{h#Vw8p9!By>{Io_=GIn2y;hc`9?@`7m1zC>sfH@jgrOdZ
zRBtt?dJ~sE0%IuMCoV&r?X2on>1&CKH$<$S;g|k}%7T;*s4%JBfQnw8j|u}y*W9Eg
znrH0DMRJ;|SNh$+7EH@0IE?=4OrN91mtrgZt#RG*-T;Y_tto<UOYl4~+#O)2S^T4t
zM2b%+1UV3(05XWaf>@RvgA@Qm5XhMu#nKp~AYjz?7DjgNlbC4?%ghZJd*4xupjaf#
z&h3a{8@-IOUd}NxQ^rGpkpdIL$SuswquHnn{ms`W#6Dp|kPQwPHEs|+uajv9$oYmk
zBwMSlGwOKN47WWg8h5MvLJ~~!u*C8~>huCe8oi49rPTuxi|-%_%F3xB<d!S`GY^WT
zYYkd%4d1LY=s4qo4Cc}5oR6gTLuz7}IRcf%Gt%cUdShA4p%hjds){J=@-PZpj`2Ib
zjt%aU<2ILKbDdVoR_bVL?cD*kE}Mh5&<up;Q9K~_p5D{fY2pu3wP3MWy6ZaBm6+l9
zTuaBNuU=og(5yW__^dxa-6Vq#<7m&UV&{kVAO{pej8q)(=Sw;qkBR6q_^#BaqGM4`
z09Qb$zX0L?{%f9~^jWFmc(LTb74>{X!1I-p&4PFB6_T)*J{7@va2~xJ9DJFsJwbd2
zh|d|ct}d4)%p`s#^zs7Vpy0P3iw_f2bTAeqDSa%Iji5I-N=i`v?8Veu^ze&W^U!~Q
z=HZ=u&4XjCK!!|6Q87d#?BTVf*p2P{;s~L9u(~A_s|o39&|EK-F|yOg(XGWg_RZVB
z<&oktwR~XU!w#nUFjOO!KG0Do;S_1xY|q+!i?wMDv>7;P$~rMpn**9?^V{30&0^N(
zg(KJ|po#L^)HV?-&WPCT`8XXqLgm7IL`Me(0y_FK2hkA=+Yp={Evuh{Ju^g>p&Y%|
zD7b2sTRRx}-b5o(D+b&0bR5KBn?$h1{@5~)0<K^~<<kQrZ+UMc+<W|W8Ynq`)PYPG
zV`HGj@)x4jCZ4(`;!3_gmS!l9LGjaJb=Ic_`j)SWG(CTGAfnDV73XRcfrLd9IEw?M
zHGmI_rV!79cf02m+dd7uvi&$qbzblb*_mtko}~f4XWPQH42+$RH;ai|c~r;5(WiND
zH-n8ke5aWbhGAY#n|d3Mu~OJC%i0*UNKs8uQX9R$%?iE0Wm9MW1#RsbrL*P8xE{3t
ziCq<t<J?P$nug{-ztb$}{9Dzfaa=3VNECG>FY%G=;UhWJ$Vjd!T>ifU|4jk-_i*^@
z!{L9lfQ19p$4NnbG>bl_>MC$k!>c9qs>b;Fr-JnL%#;kD@%X_vp|NYE)zj{I*zwSP
z(`QR*7o;_D_d2he6}!(Q8O})O4@+s=C1*uD>HM!!+Iq>g9XPSp6oG(Li7OI|;McW1
zaWQmTC_W7TPpObrPoD)X-uuvWYR^7J+uj+ms6t?k#z3Qm_*jT+&)e9bu8aA+iy7fv
zoME4--(mtx%%uDY=UrA3ZQ%LMS5b5>Onp&#C>rz2V<az|dzKK-k>30y3>~y<81TEn
zRBV8#q8=C_C~NDOE)6#?>e71YjC%l^%^ZO$)g4Cky=EGl2-?HJcLcPDthec5y<NWu
z(Bh&kmm>Fe9jkQa3CmS_L;HN}al^zEjE@ApdnL1!B~^N(W}ZgB5vIFrc`8Yx7)gJ6
zcebFMRvH;<TUO~_sMK`lOnKR6a3tmB$XG$!<7*pbL3wTt+uUJ2GJo)N2UNORkLlz8
zNp^ENQi`_y76WnxrT<mh-=CIy_4fbxgxWunmm;jWKghGHNh@Oytwejn=dbwJyceOg
z&wEgM{qtA+T8{L2&hLkDqo)XuAO^7SkE8Wtg!6yQm<F#FIfvb+mM$NCskwrT@o8Vv
zF{n3<XACMZo!JGFA$vx)^NDB*G>2gY#br0OP$fPl4(R-wtZr6Ko|?-=uUgUb2OYA9
zQb)Tj=^4eV-Hf`l{OSe9@O(_l<w~MMSOvxhL}en3?-bfLoI^`1ke8R`BndfgdwMip
zyN*4P#O^1d9a+g1m}8WyZ(_MwGthfhQV-_TTt<k2Cm8rHtU-qfi~|USThj;>Ukf4J
z0luXDpjotQ0ZEVc4C@zBS;trHz>jeP4(GpFGDIj}$7n{f@Er_VvK^PJ@Ri_li6u*b
z0aoVR4&3x2cFlInJY<}Q1W1a8S?+~aRfC~UC#rLcrjGbr7c3kek;y*EnQRJR{qk_&
zqW6Wld>?2)Ci|!|AB%T1P(ByU5v-a9_;aB*h*a=k!7+5S1@@)V<m*N8vumR(87l4g
z;xt61<14kNvC>4l!b8s0UgZGdQ4fy?@@RIFP~Jr|Vawm4rLW$Z4fD1~d9qEouny7`
zNXcua3gIWU2)<Sx@&xqHS)}r}r>yB@2(SDPteh2E*)cuR{QwD4Iw5LEuzU1j@Wjr+
z9s27_&ET>Y=9{_gU<gDru!&EXUh&h>6_-tINnuE2_vBRDgXarIxa|X@adButTX~a&
zQEtn?z_IhZp@t|VHM!!L$Zj8Fv+&HZ*rj;R1v=K#6)O)vg7Fe@c^Ok_ZDhct%2-1u
z#krOk5yQNjC~PyMM!Rw3Zi@6v!EPuAF(c+;{0)+8t5jLn4$~SATuY2cZd!%ZeK#DW
z=*&X#k)^~t6pHqZg%)x5rrgp^_B#UhzGrjAwL4_PMY;P<x$<z!QO;qeb`G;_SZ{OR
zZnU{ON#7LCBzDCir|rvyck+{GkQK7E*(;VT5-?HASbt$|_szMk9gfeTla?`sSps&n
z5jt|1tcF@fb}LNY8GdHbmWmq~86&0PRW`5;j9v^|-O!G0^=FSD`WkNlQa#N8G<udH
zK6Lzi&;wTy9|Y5o=9jwvgkw&lF)!DQxiYu3!k$n34vu%DY&b1<-yv82isLoLIFe*T
zrOhqFc-zbBc<;5P?adXxl3~E79|A$i)@FzO!Ca4ogRRVUZFGEzgY7b%4YmS$aCDFi
z4HSz62JA)M8l87OUgXl0YeL7%kM_Ucw5a1<h~u>z;!z`+U~|8R+t)VqJ;V?80l0Hg
zWzuZ7Jo9=zut;dP;b}Sd4fZ$8b18n1;58YT|F+HjPiD9ByEXZwwEB>r{#z_%R*NMs
z8qvJ_lw9d=DLefJD`rjDE{ws{nQFd(C^>VhRm?kWHC(WYBTmbeM_ZyqRXEkmEY3*Q
zj5f=a$65jy_W($vT$Z5-(vjCO8luH)l3fRFnZMhuGHOK>(Ikk;48LcKrq*J6K}=E~
z+qah8x5dK}0!dd*7F<&N*=%uf9*nFOC{0CzHS>^TO+aDnv6@lQoj|iCyWYgH+Faj~
zNM$$+FBo3cGrlOQ(18W|jq_B)sGdPuEg0|@{sLNrOo&*<Xwnk0z~clEroX(O%8qm_
ze9I!FZGsc0?05*XX_qp5GyjmxzyRD=kNFZ~Bv%88jQ;IcMPgr#W|G$hA(R%YyabCw
z6%5*Q(2<TBUgR)<yI6YDCBNVMB;k|c*+u%0Qvo8jc&)D=ly|4{R89HfRlfcah~DC*
zjDP)bFovDd31v=J^4wqy@PHcgp#CjL?{-ZFdbjkjj)_(;D1q`h;uzV}>r;dDFa5>I
zBuW7N^URJ9r+tU>HMGxhGtj;#G_<eoO`?69wlLaP+9DF|JE2lCrTT#g%7Ab}6&*^b
zEOkI-GL|=kQ0<a|P`wd>P^||@m6lKck2&J|cK+{j#PMs1BmTJ;<A|f4({aRcGHNrJ
zu$YY&Q;6eGkhBk{43JqdnKh0HR##<M{uE|kb+g{Ss>1b?uQ%CO)u1FQd!j3(mMk5E
zAbW}hwHN!Tv~$*>C8XRJOK&~x_YYk~!n{~I03N)Z6=L{o4@C%ml0h$T4ZgeuUiPGy
za`2_3=iz3aLF2kQWz|5~+LO+NvUoesvEsjCarL>d$fZ|U@mwr^hYZF$&K?EFpnAI2
zdTaS&=7y2VOt+rCyUy=R#_MUU`kJolbbZyo+|6PVq$<1SVoZYJ<7Sar=}iW$St;gi
zg|Z>6te>u|4=cNol?~LD^=D=N2dOMWS2l>19bsizy0T%ctd^BYx-ttZ`<RvG>&mRG
z>^W9epeq~C%I2`LDY~*rtn3a}_PDNWE-M?#$`<R&78pW<ReigUvGsTsm5MZ2wU76O
zF6!TZVU}#E%3E0Bg<nD|yc(#m2rE1rR-yJ6O)qz0oiD@c4EC}*6iRb2)=Bh+)+yB1
zxfbh;53BR4woY9t)OjYX&WhujI-9Z1Q^!N=v^}8?>O-t>*+&QMx0!f+?hGEE0{vIV
z_p4vc!LRo14|7HhRJa{0?4rlvgWXwzlCZQcr1BiETDccio(7NJvFPj0?EmnFWm=RV
zG>UWYv9QR@s5Dew7{I(LI*9=zL&R;4;oc6sNlv<yf}xtIrlaA(dm7WDds_(F55<yw
zEik@p4#=H5u-r`gxhn4*`1O9oDtim@;Z6Q<Cq69a54icgPIw4rYvyBewrFBZZtU+~
z{4ABjOhNeL-f!>+hWd{*Hq`#t&`_-|zjp`+9&v}a4}RX#`-UMfZu+c<e|8}@UGQF_
z!dm4ozn}7Ze?eHi@Q+Vc8&L+_3=^{l3$`1AZ7Vmfg+;1lZ+s8pKZU+H{J97Jxy$=J
zFUr>pxY*FdfL|K{1HK#knTY?4<=?9Tk7$wJ&rIQ>(;M)YH&qMJs15K{SN!xkgMI-^
zQ3Ufwg}g1nkak{lS7!!HYCG@bz#CM7dk+b^FC23zv@gZ=r6|%E=&4re@f%DWI&JwT
zb5QAm?k~&g{k}13Tq)m7{O3_$oNuAF(oY!}r&v3}4fy6SnqKW=l;Ui&;L8ilV-w8B
z#B6pDC_?6A8Eku#<U32-6Yc&7`k(O!-r!w;B4q?aYAU1qvrV$AZMr5N5yq=Q`&niX
z@j49-T~9#b#yfLMVbK4L?D0XqXv!YHK=yA4Iu6y6xr&T8Usi)(dF)yY5#;zqYe_%K
zy)XkU=^gz?oU>#YjP{rDjpicQjn8xu>?_uX#p$?X1W?_?yR}sJ)I4ThZ48)KAD+m}
zt0z5@C^YKNKA+N_G)V3{fEyc;P&|JuZ0<t9F3!hsTD(zYZi>M{XC)S;oy<);$-)_B
z@oDNWySiaMQ~mu9kNlYrvoRv*ozRBP%v~9Hn+<UNaIQ6Gxp!>ChuWSLP!#|eC)mHm
zyu<HX&1kZ-`T~~+QEDg|*%F1P%W~!ADA{=#<iSHI503K0B}nC59uy_lX({u}yhkM0
z4rz`0(rP#~XBIl$y2dBYus;IZjM9WEw@#oaRHI#;kJ?J<iaBf1H58om0Op>IA7AGW
zI9FEPVis(M^Eh0J325^q*5Kr1dE21cK-<^s6_RVS+MVP1+_ZDr9v1)2_YvB_WZ5z=
zizUyZ_i1ena{{R`Q6`H>Sq*M|U(ISjao;JhKgQcC!B}S)TJ&lO7ou)a!#-D_jTq)f
ztpxEI<Z9Wun{1#!LM>cwa}WB3FCgA@oKuGOKo+q&+dVfL1=^)QB~eTb(%WVdD44o}
zM9nb-V{H8CJXj{h>WOVL9YlrAHdPO+vAK!Ctl%IOF8B3E{pWp6S@|#Cg#(wA9Z7KX
zYnj8TYf|KCY8jX&(y;-+qn+C14+Txk(67VH^u^4{J?Zz}$t(d(#E$YOXtPXU^}|m!
zBkjc#!_cE<qR~si9o=&Q``u1i$haZ%$rK~GiQ!?EaDm@A*&15!j2GqayvsD>E79;N
z_UYv^DaaGbpW^`hdlZ{!NhdSDX9%Buv2-Qs`vDF*=+9k$*-z&=MpDhp3JA6!T#f-o
z)e{In&Nr#>vC<(NYP|cNg8G-ECt4HcKvn<#=VVpYPs3Qv6#TQQ=)QmQyB0o-t_C)Y
zQGCBl(e9V5(1AH}!uHfiTj_78bvdS7Ka|{j=Igy2_uLaf=&GWZ*}<1tnE!xY+JY~w
zAz=-;+shrw@S8BKfj^XMoWd(iQ95IVv0)X)@(Pl2sTWij;U{i&@I4W%YP!?QzQLDf
zeN){U)V}_OO_{>f{BaFxU(aEMmh?D$PBE~slb@{f^EmsG(mstbB?(IFG!_s4t>{1)
z{siSrDtq~CH1iG)<REZd$Iw~nZ(?bKz)TvZL#0L!!Td~=&DkgR9h7te<NvE~)={Pc
zyeY~G<N$D_V&F*aJ4v}W>|KIlLm*XXN@nBz$ir%l;QPDq{Y2fXJbaboQ*)yIn86aC
zy&0vMf%^Uw{#04b3yWD{u#pyi^4wQm<`wRV3d<*e(cHKrv>xk6^z)7ST=nzywkGYq
zvT#u|{Cuyc{u^oY)vwhy&$nQ0CN-zcsv%9ZIXvKxe9^$#{NagawE4&oI;Tk(Xj3Co
zH2KZYA<R!Isztc}Fkqy53eHo-E^#mj-=xS6gk%4%y74BfDl}w*yFAehFT&M>%|fFM
z_Xso`3|w5huo<o1H`vS-SgN6XV_jT&TkT>#V&9p~X+4_5oTd8Bi^~qQV7AY_F20(D
zS53a_VLmk;@ZA3B35(>O0c_iT^ngTVQF14=eW<4U-O+Iv{c<x}9hc{*<3%3zZE|u4
zHbB|?(-pt(13*N}9->?5-_rK^vXPA{FVcLFLDLrd2!Miq|L?&^%>D!TgaBi`p@2-Q
zdtoG1fN8X+Z(kLt6*nMIwFuN>Cm3tF0Uu`F5JzI+v{n?S^Ith)nWdMZQfcM9U=T|j
zaA2JmqU@8M7g{)0*xV1N;x`%i4X{Hdy3NM8_>9aInT@E-H<J15I1TW<X+dIBR#^cb
zAmj7FD}Y@8ErER1j#IVY;)5(Mi;aPAx5lGR^kLe1@AQfj#Im9mlCz<$So&ZKCeD5W
zHIOySAb0j4EWh>9z*3@tWeS7k?_XFs6V@4F=_N6us(1B%i(NmjD<ItyhFu8ip3v%6
zosiz~ktgIHEfDT-AUc1cPRPqI0}yZLF(7nKuaqnvfVjD!X;06yS5!~WO<jSC{T602
zx|3HhDIZ{kDtP1`SIE$0Et*ISNu=|1OW-`+9yqdbk2T{^eKvskoRCU?z_^}5qh0h1
zbU_#1Q2mSf&FEmv0CVGQUU*Aw^V$H|lbh4(g)~CDl9oO4bX>C9BCJDGA;macD_cJP
zxW;w&X43ykOtuv6O%%`(mV3w|e~zzbULGX)x&$0y*YMZ3<Lg#B<x!JR-k!z~eJA*?
z5&1QV2Y+%eHY#)c$S7B79O|vE#E1dfJ<qTJ?ay#tC3#*wIawrJEk=7qD!IcK$cB+K
zZ0`Gwsy{zoWRY}?_!E|a0t3(a1W}`-0~!=g#aO>g5MFq|H-Rxmjf9Us?_$t(<j}e2
zUOjkxZvrgO7})Qa8gCg(+kq%2U$FPHg1{E3zt(&<mhk>=g#LVe8>@XEuf2%ZKIynR
zbgup&IeYHUkTA#JQDxN4EbbKL{ymS0e>V<BK!+u=o144(n|V~ItAReA1Cz>unc`>)
z^gDR%L|%J9GeF<kk1=u+Z^N@4x!pwG?i}9kUi;PCo!c+ClNxLHfzGVm7~bwv&1ko4
zKfV!&z`soUGW32c+6SV20w#SW?}R%rl0%lk=;%n!3H`(F!{%$WQtjc9lu|+cn7OrH
zF?O4(7_++0`Ii@C6^vDp$5@KY@5QB$`2(1_xtny*)B2U3JEy6Y9`dw)rKLGnpSj=q
zHh0%Gl(N=`@z#&eZVHyz5XjfgzB()gea(&TwmRN>58mFaX0&JQ%XaZ{Yva54q1CM2
zDBf;dGur)^88CD}KW0{Wc`Z@t)o+BL%$K$FBxfr2bd0GfhmJr}a!mR1E+8c-KC>^`
z*W1_2*VEVC*Ui_(ccbqH-}SzZltYi<hat+%(2+0IXXf%J0NArJ07b0Y(#NyaIa>Q-
z13}Q^%xq59{%25Q`q3v(Fq5jY7;PaVkPkh}#KOd&X-mKaUlaJ#6Fd7AHTGj4PV8%n
z*lZ?of)_Ew;=O$W*}}Lv+P$G+MkDu^66o(1-rvOL^mjU$_1Dx;+6S8M%A3CQNHdy#
zDLFL99CuAY4N*MIJL4a_C6MpMmY0cJyzAe2LisY*4Z5Z5_~n$J^`O;U*>4m`kdf4>
z;>Zp)T50>F+DbNIl_oT2o04`i)Lw(>r|Cmg$U&^+nMRlSQ!;FxzMWCgS#_~B((i4&
zHZ%L~7fVtGmhW0gqECO4Wb!zdDIrDkbab%+y|a`FGkZ2s<WIu(z#nu@;B6K$|FDNU
z2}1TcOXrCGl~`ZvABN9b|1hh$w`}-Dt~?QyJ#$0QK`cY(AO?W>moqb~Q%WZSTr4?*
z)}I_^#Ub_NN;hV)1=}FZb*u$L4YVE5LFt=ZK{@%5x*Nojzc={(jqZq&-e$qOm}(Go
z%pFp4XQ=LwWCN194S5&IVMGA?wLt?X^oF2Z4dtq#AFMGsL6irbAmY-rP7vF*P7s^5
zP7p`c{o#Jph@J(Mgh=PKK=xQJmYA$*r-efTb6Uuz$SUYHL-w#PmZ_TiD@ZPu;>7A+
z*g76Xg$(pzL(jIJ?J%xTma)80P))U7`zvjm?`;-ANgRfBkyX9W*6$}nSypW?tCpBK
z0+3mSa=bt8uG|7lqnzzrOoYD`fVK(kJ}U&wFshCJ13O^J$ev_YPd2*#N;Egadh*mf
zAkdYfr+|{e-;)~1{QjV~z->22vt*gimM2kMM`VG?cJyB~W!6Tvjox;Yo*XIV%zz)G
zyuLn*nH<J*b>VmnsQ`OGv)-OTW}H^M+tZkn4qQcx6=GJ2tD-Zj9HZxFBG^~9b94#X
zSK89f<hq$rC0UW~u+P;RRaT%;<;I~Jqsp%T4{z@R7e%=~j?W^<is-DjqOwFI1H^<v
zWkZvdMP_stvD7HdG|j9$MYx-mH)^4rGp?Cgr~CbO>YR?<Os!+AD0s_jnPsJ(Oovtl
zH3e_%|9PHwX7<7Y8-4%3^Et`RJMX-==Xsy^d7k&V1R7O7#JsTs=?zX2ZI37?&PNZj
z$tH%_lis*G*q(HrAp!5)CX4dFUq{Gf|J!e032!hGLCi8dp`|>uWxRA2{q$Q`_9f#|
z=0Ec?U6ZPImV)H9rFaAFEGzl4TQ5Nc?EWTpmPtW&mRoIn{y}DEc~JBmia|wZqq!eb
zkHWA-Df%ka&a(cYI^QVCdJ~RqZV8!wUS+aN^`iNhqri@7KNLNM3))*+lL~cXOZpv=
zr6s1ls?aShufE!EX(`yH&jTzi?S{ip@P056k=eS~DCZWe^_(heQgM)pr8Q{`Mky;|
z#+8_14=pQu==-pEnPyoz+xjOgD_cA`@94wM<QYL{-V+p}mTmEo^1SSj1Eha<a?sC)
z1H?oJNNSLOes+j|es++5vF1P*%*ThGA#nJy6C{))3A^V-`4xt?WZvrNr=o2;K!=}j
z2S~Yy8B>bsrypyL1|3gD=@)y-aX+4l<|@AI%Wk;zrv=Z&7{PTBAfzCk+T2OWP4HAO
zD1mr7esDiZ2ZQ4nB}ESwJij5Hj((7Ea{!KJ_k)D9g8@$)Mf1;&5%5>D2WI%$J^(-4
zi*iAD{2YNUTq=I<4Zu%VBI0M2hM)gs`1v`*&m&L}jGuo7C1Z7z%;~0~<RQzSLP@^t
z*Rw60-c`Ne^!A)3Mcva@RMd3~azwfFV$*<Xqf~udf|Ag&KUXv4BC|Kw*ytkC%{Rkp
zbkSzSSdE@f!HM|z-4QUJSN7^hN8CHZ*xhZ5tc>3NW1j#k(<hSl|9chgPj;r4F6_uT
zh9Paoo#d<HSLUNp>79afwy8a-7-&x_NY&CF?;zqA)I6iU3g9#ZcXTx~EA`9Qa+ctJ
z5{sz2I^a06nTZWwzO<gqOMjvVS3QGYOWgcnx5mv2Dl5=`S_G5cc%@%3(R54;B9u+O
z(z`5ByIeChf-c8h*}819LT|d0+Vq`~G<~ioLy^aaUfpUJxBgS>qMh2sg}Wl?;vYR*
zA3dj!K22@<jYygv(zBm_6tvdG=EYhUD)Xq^6iF99ToHK}<$4#Fsa@=w5<wRaU%_C|
znB6)IhUi_WR6&^&Nf+I&2tZn<)fvM%vRdoyfUNbFrS=vFy?KX3hVA?GuQSxIw@!{=
ztoK|VxWP!AeWy8bw%_!&$+M@tVdU9Kjg6W-+wQpldA1uDB+njOL=wlY`AnWQe%Yct
z`)bGkC-Us;>I#p1HjF&`j`>f^v-AE1hrpG0MkvpImY~bCm=8@J3G(dCP}9t>92uvD
z_ZQ6HGkNxsvQ5sen$Gj7dLzfx*h#weNX*&cFG;tWOe-2uVq-F`F7O6Pw@g%Hf%YPi
zZl^Cr!3&2SAkVUJRuf|rbW}q3j$1A^1`4SIpCpu7n979Iyxx8x)ioCp+(j}fiYFED
zk#~Rwe}JemI7mK4RvqgIQ*)VoDzwJ|OlU?v{rx{d@+rodYO`?Kct_iXQ(WuTgj37X
z{|k9EtABIy=z`|uQA7ddswv^+(GNcO^YUoaG+iEja$1Y>D1O_LJi0%&t@7vt{ldzl
z_e}N6qu#0iZ{*Quy8mf;^nLCx$)g8c8uNc-;Qy68`c1bs$fK{s{J)V$X;Obt9<@!;
z<<Xr}{-ivb8`D;Kv?@8QJo@!yzdV{d<^NxK^i-Gs2lD8OXbmOD-tZ^o(NitSql3Dj
z6AP0^4TJuyJi6#Y+Fz4L7ng!OdUAXOoSoam7~LKje?}fX@fNTm%OYvNzlq7C2tB_%
ziU;;zkVonBKP8Xi*5%80FnN>-r<JNa8YDDMXpQ~eTB<S715{=}9v8tf^yOO@xZcp4
z&QzODkEH1>om+2uuHJNCwdwE1M$mL|XNDXN*R?JMee+_dBw7+l7o9p&j48ax48E9M
zY#Pof`}+l6%zlu^41E%GCz4l^n4!<5L&<mZAJ?~RqILHnw!;dQzGq>Fji<+<abt5h
z<qveFa1U*~1%4~+_euQy6Z?G_fA4_bUeTNH&GY7ZE#6_?q26q-**n-f(0hY7!#lv+
zUr!A;J(}4RHGZGTc`xyH_jdJ~yq&%A-Z-z3Y>Wnwjgj{zZ(lT`%l}WU5C0B>zv$dm
ztqfF4`eO+*Nb-(?A2+I96f0A2i(q*_if1-T55qY0FH<7<(t%$RzxrZ3Hka$6jp<8S
zzGv6bL@iYky5`JIx3L_BK6Y<<B+95~t%0NBbTRST9j8%Ho{f|O2kDGSphyfoe!iRD
zpL>QZ?%#*nYxl;f*Q^c7<^*Pymk{iq;aZ=_GFJoOUrle_Kf|PC)Tg0;h6bZ`QEXnf
z?+LWu^7~)SU^5Id*qRpJ(rr|+X6aVQv0G^8m<a6LOdXlC1v)L*Sl(Q90pB&y#j}+y
z+`(n}+}c|V`ic~-Wf#v)lXEmX!h(mi5q_bLaCcz@BYYr^Wd(v!CfitgntJ7j6egE~
zP_-nDaqK2#ImWegt)HR$fw_hn2Sk>fgIE4>I!#T^p&8}nu`rp+f4_wd)I%@sY+x{Z
z_uI^fZ1g_rpyEH&*ZBK7K^|?iVW3oZ4{0tfaOu-pBu1&a=G<4czGm$CiZrCp*CQ(0
z@-hyI(vdtZKMTfFv>6W5f=NE*qD09xajiaimF3xtlUWo(vKpp9ifA}2n!lM>sfT?=
zAF7OFqI77faPMg?{~l}eh?4RcS@C0=lV}NJeA$>$FFFZ%r5xnY1-tp8)2{PU?-?oa
z-cq$1Tgzoz8-0R44(wQfF+Alp2gl!{c+D3bmx|%@6H}Mak@FwkS3)w^Ab?=Fw?D>G
z*q_{$NfyJme^BdFU-={k<?rE@%3m|;l7Ln%I%!ey&eDZ8#f$|6v$>A}nYgT-ZjDiS
zRa4_#r;)iPPC|5iB&|gv@f}0O_)}?|{*i`u|7c93aSqrONGfRlf#x_BxQ4Dr6JRqY
zlULL5(1a&tCfdd4Md^&q{h&~~(9SugiE5w;`DU1JS3xdO)b#a~$UZpw1n%j{6cE@Q
zBjR}|k?eyRC|LxJ<!X>IThe6Z^;ejt!RR%K)z!ElAn+w%0CFSh9xVJ9dC}9Mf$kPL
zk7K#9W+Iuzlp3|lUF}tO8_K6Kw!M~519J+n{AKlPnFZVbY|>e!@{QQ0Zgc~i5biAI
zI1x~i4d;JF;Q5ch+L{{17wU`DFuqW4rnc-0^{7wtdCxcjRObFBu1@#s6--!RVv`CJ
z^$N9hP{AHZr;gpzs3sYlb%EhX#~qo>N4!><j79Wvy!!I^cKsYSDi*cyhwYio<d3BY
zSkgATv|g0HQSpH=gM!(=Oo>g<I)W0F$p2yqPNeP17q?{*X5^q$B-rJoB%~W}sHKH?
zN)+LadP*&s%v>}93$#>Y#aKKC$<_T-hg|~MRBI7EYfAVKDLAQ2^)r&9RGkVAxlr}L
z>8`$Cp}t?GzAsYW|53!=SE%nds_!Rj{yXaX9qN0EV_MDhg6zzTd1-=;swkXa40j8p
zs1D;K<eFoQp3M_vNI+EH99iencUF$l&5n-~lO|)J$6mO>3Q^x?Ld_IPxjB57=qTP~
zfM%midQRA%ZFN2jn}n-}A6|(c7W+RmwQKSj+91Dc!_Jrm0Djg-aH~tKeF^e)bW+$Z
z?^C<1P`^#YZ&w6<+gz{d@TK0{j#heephQi0IF|XyXDOvZ1U^+)M1|w{BlE4=Z(zsy
zdt3GMqDj7GyR_Ag&OfwYbOU@<LkoN3rSVysJJrmjEHMD*NxTtor_3H7xKjkVomOQs
zqql%G#VV2wy3Iya=R|~I1`WedNK$fy01Qi4J|0;|*>?+d49f|^u=KD%n>&&LjXs#%
z3dAUF!%5<llwBhtfY#qQg4Uw8Kr4e|&^o)hIr<g}yu4#uhgbF3h~f3bt!;<b(h))M
zGKg(~*A}6T@amHn0lfa(nA&D|J%--`yu?ib@VW)K6<8`vh{AN3v4XrXnR!AK;s^3v
zN-fuZLX8C;Csc;;N5T2w2;Se=5Z+rt&NGbo$O2ZqO<^_gT&q)Y;K<GDd8QiH-a+Hs
zsg@REX%QZ{U*D{sXET##h<Ftje4HIoUcNc-ID4CpGf{3I_86;X$CrvZwsGt@c|X$Q
zBq|7bZm|X(C+kNr<ca(^LF8FNU;RrzPI?6&C*cnTyht54B7n4q9wd2OtEBy%;SnHT
z&ILlgRc%4O=nD+_wpInQ*wdH(X?pQxVe9nbAB7Rqi}AO#onA~H9z-v8TH8V|Ub424
zUYyK{0A%iSZKoGw&M}Z(w&AbP_l~1mhu4vUKzJehl7d&~0bu&in6`sybxshNQghn^
zray+a5lo|oMF6J54Q&V02Mr8NC6$@M`^j}QOHF3yz;s-A?+PF?*`|I%a4SE<FFJ`H
z(UhS8DDz17kkhz=c^Su)cRI5GrYLaBrC7hbf?qNlnR7kV%}96JDGKU+NR)o|UZd&@
zq<*L}fT2|yG1t%3jiRe6Su}6u-7Gf4Og0OXO}@9tZa6KNz0NH{KP=UQ?NIR5QRIN^
z6+GwL39j=7LE4L#TY|fL0t>OjKS}XBrJaIdFYiKsK%x8$B`4*}=#4rX<;PBR*JYQ|
z_6z05&<5U!L3U7QBS^n1pT-9S*_l+I%GnGTv0oH*MR!_tz!KP{i~iZyT#k3!OR@LI
zA19G<n?8W@g+2^u;tT9^;bQOec#md=nb=Yk!PC%A;QzbBb#j<tm*6_NfTasp;(2xx
z13w?@!g1a>40^QB+YXjkkbbbG)Ciul?PyHQPUjFVs{0`y`hOmx9TDn3hcV3MAqs$C
z)=-O_A3aL8{l=Ls(F>w8&Y<dTo85fa(H%<>VEDod6LH3Rc?>K;Cq;r%es??0awgwk
zbaocye7w%f!klS2=(CoLH)!plXtK8pJeuH_-#^dRFH7{)wzJ$@9h5z&Lx3$!g0Ik|
znh}{Op|p7e)-v*ohru$!xJ%-^mmrqG3_1()tOhoulhfL9r~$hKm&>(2%fE4I{&6~$
z3oZhYe5hea4ySmB9QR?`4foKzp{W0dM^fE)f$0)%VyHCj7w$bH=ZM1&L7qR&Hd=>@
z@bu7iG(nW={b)?2DOQk%BnfIJY(ahi*7ISLDE%R(9L2O(Pf{*U^Kr)jq=N%GlKFrr
zKWG%?*(P)=vq|YTsn}>Y{9%(On*{S|XZM;s1I00by(eI%wL#d#*BV~hrPGLnMsIK0
zkD_!HrgUIU6&opZ5`JVL@%|1DfbZOg^EJ`^vOnHc6<=0IIA5>DX;SSVM!LHLT{$b5
z&+$(XcO_l085($(Ohn}nUxqGJKudn3-8T_6%+iKY(!`5Ma&Rk{aQoF#jH{DMW`}_7
zxBpZsXEz-84>%deJlZ|&H;!g6Bj=*eRGUkACdN*=0Z4&5l*ciwf(YjlMuaJ$t#~YG
z0Q^&P@slUXZ%++w=EsvC%zzk`H`2vWVmAE#0)A@|XUNkpi}A<lFkDo#H2fFE)waq%
z`4PxJ`9Yc;`D!fuBwuHSrv>vgkB@BoVY%2GbXZ=@Zp&d=o!!R6@~W%|4$IXi+J0Eh
zKf(5J-dCAn<d;a`l|7<$cwIUoV*YcF&~{iI7#swvF*mjaR#)8EMp%^$iU3xf>e>#g
zowW>BFRb}1{HJVf9bWfXBZgPs{I<g@eNYg*-pFbTyzb9xBfQpSMgXrnj<+3Ny^k|^
z)vRg`UaLak6-GaRunW}>R1eqn18Dph0K-BoE<zZ-H9U|UHqi~>z)FYvbpxnVj$Aj8
zp7)n@1A{YzbOY}XYKv~5WKbJ*1Li@0O*bH29|7Vd9c{aAK=CrfS+O$n&+qRKb6Vfu
zPv%6tzenV@eSa5TAGE(cnQhtMa%LO%_y5u(0Mq>6+rGaozpMQ3=K=dWko_&xF0yv3
zU;^;O4`WN8h&*O8rLt4kUQM#@&w&)P*}~Rd2wMC2F!3T_={aX7K{`UV(#rQZb?FGj
z!&FAz5U_yhxPV4&#S?=T5aYkl@<~4^?+j=?+=Qiuq>4iSMW()PEqxYO!<KE=r<#3D
zOY8O1(8$;8#hf;-*Lwp3*6Z@?+pu2F>snv0E=rr$>&GK(z25vJSf2r;{<M&CQSe-B
zC%7(l;TMlYD`07lAf30l?=gzi8&G%=Q!aY14e~d~AuFGwgbrWYq(=DI#4qWDAG?kl
z_{S;8#?E6bS7>*yRpzWRNPGnivN_MZaeilu`Rx1@pc&q2DDPU#4fC@Fxg%QdN~4V4
zJDbF->4sG-f&^8@H+Y9NdEX8jOrZB88oa$i-%H&DDcb9er4DW}Vvu3!L{R&3*OBhD
zWZhmlOThfGAPbo<op-|Kp3@N2o=vuZ)aGfhWSi!l!lc%&-y3~Cy9Di<y`Ko~u}Sc2
zKj5G8I0iX4W$c3PcMGnwMt(^RosT0x-tH#CTtF;qut_I`lpn~;pb@~(*lyk=!95<9
z_V-}`z)J+*c3~%oTNU13>i9rf%p>bkIevG66kjPyJ3w-rpE}Cj9m;IGVa><xHpyKr
z*<I%E#>$AG-kmyq$=G$qV|4ZwTvd(2&PKs}(%D0BXLbcq@DzxQnY#sd_i^MeQND{`
zVgV@2=^_3GkAf)JAnsHO<oHU9IfHj!K~XZ}ciW_O0*JM<f2xV4@TcpIfoU+C@Gpg`
zagbCeq%;UaQOCqDCcTr?Gs*5=V6=Q?r1R>cO*-vO*ZoN_k-AO#pEB~?F&{3UbeRZU
zq1}!6*afV^m(k_8R5Qw*)_0WLv#%&$BDc$qnpY{vU7$ESYW`-MRHNB9brIw-bqG?Z
zal*SoH2=bvq0yJ<9s%O;UcT%D8b!S~8Sxc!kEfgzQoh$xNmibvVc4YJqB|cyaLk7>
zq7#-3n@H|#fo+*>m{%>xm)fMW(D!$?Ap6~r{=a}tREoiIyz%Pz+N1a`nj0P0h_H!(
zzml<E0Pi9Avs92e!`_1Ls~WPq!1voj)?G-U6-Mott09VCj4}6b5!{81sOj5TBltE7
zJC&R>RYt!2e?-|f8vq-<mucg(OIr%0==}n1?MZas6kRW(#;|U|EuwVN+c$W>6}aQa
zA$}IfJ+~J~J-@e0n?<u{e)4E{eAfbb;&x+!Y};<ilRM;PcbvZqYZHR*(Cw$po17g1
zxxWXD+Ac~vMe_-M$!yd)$R^4!<-W})dc4EzhApCRi@5XrNV(^JtGOHRz8NZwlzMKr
zOFxL_Qw#UhSfOC4DAkRWx>pOX8W{hpw86VWyBh`b#s!DrZ|L|(x-+%?RS)~C8on3I
zRr8ZaxifKp)x-XB)SKi%mh24NUzwr%OE7O+AOpeE>4kd)j8_>Z8tO#fMsa6Df!w`1
z&m70Q@1kwfz1}8OiRO(k-my^7(tV)oXc5pAykC@K`2?VN^-ANQEb=?3u0|g-iY$nk
zz@>Fc^e44G407+!EXy*+0;QGjH{uN-u%xq0sxO%+Z5KVY@nS|ba)pV_x{_t=n$ADi
z>G_6X9Qk0e>_B4g`cuRC2fLf$acok~bl$NJy_f3p%Fj3!AoFX&MxoDBN&$=)TNqC*
z{6dGLC~XLd=W*C>xFGiaW0X63n$0|O1Ly3AddY{OsSUXNILF@=*O_BJY^q~GQ<!zl
z0t-If+PlsoRbhU(2dy+B&vgF#it-BQ6{6vL5%Y+;){y~Z0@X;b$wG?7_;ftO2OT;A
zTX_8^25(fxE{aPZWU1#LZt(qpAWGk=tcN=$t~*)}!f7xYrhY4|!S_n-$LOA!pCGyy
zCW<na%}Yv0B2x7s>@@f69Qf?5E)xNy`8n{PAXeuW5>r?@FKHCVmmi@6L<<Lpah6$}
z_jn5Ci4ngOC~-l4K)lzjy!#D8`#D*HVZZX#$LKcd*sI1y%Q|CCFqj-2fJseA_C`-%
z$`S&=+5qd*&yvG@b}&yZl*S9pY8lAy@0bBAad{(i>EKrack4MA4G+cyAsfEu%Vv=k
z*uZzEV?6MfkE2-{p{&(IVK8fMN3Mwn2(n0%Pj*gf8o+Yk{p`~v&*U*Lx7Em}tr?4-
zetQ}}?Q!s0)@s7qA}n3eJxTTR8w3ra{WyC{#wU*aV(XPHZ#Mc^Y|Vo(e6-k-{>cn2
zPn6dBRC{gMW9}HSD+8dbI!AdHzOu=)K&qabZZ|hNd)ooI2SR&fQ(g1$FR7}%ED~#|
z;4q2uO{mqZRn0$-;MeexbBk()4IP$3hXMWl(8b^1H6i_FV1Gs&f5%^lon!qr{+!B%
z<bQ3g|1Z5B>^mCzMtT|~A2QD<Od(;D7Xo_RY2v@gwV?^4L(WCKC`S2f4zqYXq7?s(
z_Ik`)gp3~VgaT&t$ed1)9V)hAjM>JFP0AaYv3hufAWQ7^vFu)DPEcuOtQyjO4f8b_
zBgzjakQE`b`Tk^gtQw?#9!AskDJPa;koqBLA%EXAvU%M*jV$DEO<^(VO>4jAn6Jh3
zJRsVmLmHeC+TiQ{27h1;KFJzvuQ&LH+F*}7u4z2p@*c5GZEX4S?y-JvI~zJH9#@_)
zl8HF}?AMi3O~@CRl+KlnKG?07sPFct>ebc{V3&XCAr5mhNUBjKmK>B=h=KsynFH*D
zAjrwV0lL27%kyFOWfgq+Fv=mIMU!6Kj`EdKeCHs3TTONXV@xFP!1tMVV3xt?>`LB&
zX+h^{a2gboo(4tZx5MRPNmg&Oe1%zt%BHDU_{9$caVg)&FF687wX3q1#~YJzjClmO
z`|nJ(a$@y*TI*iOFXH;X9?Pwzh<9p0V|OaXv#vq!fZvxj`n>~e<|EFIz71xtv#JKY
zA_dpbhkO%TvV-2m?4YBo(l~DwhBvb&O+%_YjY14kvO!lx0;$z-zws+8G3~iLGbRBc
zjG(OfT6Nk70dn9~$1EU!KXj7Zcym-WQ&5KU3rF>|-;~OwNqX}}<<=k5IIVR#u=U{v
zE2sRk;Cz_Y)r{te25U>Lv*^%`%IP1{SUU55Gjc@Fv38bwPix7{O-fb?CaJ~#*4_@Y
zNtqdLHfj>{mv3)zHp~+xe|1`zeS|ieYes26wMmCzgYKS!`4D?t^sTwl5cHz`UGSn8
zyeOUDk#m@RmHf)QICG_Q3>;+P@&%fM{pmJHyS;rWUm$!4hg0+h(yba4*ieGIoc!nJ
zlmFa4AzRIqTaKw4vL_}@<ICH_ubS5{kbh(Ei!I?3|5S?Z=CPtOjiYOE|E@eot2Qwy
zArBFL=pPf19!*O!VXR_RepP7zb8BfQROd36L_@$rq5XNgt0M4cdG-5LElo(Gy7QCS
zuK(FUyFM9qeLU^@zU=(N8X@~VxygQ4n%VD&1L?lPLfy>*xBLc*f3f&#WS8X}5cDe0
z6J_iaBFHy&8qTfFqN%B2yYK&dExAw3s_zrJ7$H7B6Yk4XeSD%gW+YwPGlDhw`<_%5
zO9L%F$|wpW#)zh@5$N@Vx8c<rXyaE`m9Cvj@G^P3s{8>=&9y$kZa(hF%`F`=fSYrS
zlv0#cwbpR}O$C~zHS5rf;YClH*0T3w)g#lER2Uln_B&Ec;_!kU1*h(XExGd4)d7xz
zk9A^fl!<u>&OUmKrGw1Es&Y`(@xfJXM;QxeQr1V4OQH1~BKJuD1VkttK!xM|h2t>)
zIThaJFPs8}F;w_~zwmFtdt*<%788DX1?-LL`cU74EqaAnSmCQC75>(s?XH`#!lZ`K
z3U@VVap^O#!Y%OVjq>)=qoRMgB~5kV`gjZTM-X4rofJ&U%W7dJ6ne+#K7^+SH4;`{
z`I_qOa6~ClYsO*Cd%Sl;FH`hp#;LtzDHGP6pf7)Y6{_X<ow%}^MbMhvsp_}A)NkLz
zZ}mX!^eS3?wfNO$<K?=J&OyV9(0pR97%iVz`}QoK7+nz+1>_UUBF5oN3;Dz*H_0c~
zopcL$YWkCkE&Myn{IHqqvA*cW=}E;_+0FINH$XD8ryL2%Dt1>ajtUk%oSj8zUa^vp
zykZTr9#j*3362syuh<bKRn05bh<m-*Uhbp3Vnj;MDHTVK`Se^x_wPy#%qu2{?r6#@
zmIV#eG&TmO7HcSZ+MilXa4un~#q>@VzT|z+W(IKaWv@kZp|KGJaxYdXTaa^c@kGtJ
z_*IoO7U2q-5+ZP9{cvY07noN}x<KU3o)VC!Z5k}D>sw$C&yWXHApVS!d)BJ}o?}9C
zwdHff{0;IfN;h`peNEDhvB3ek*>5J2{?9Tk-Pnr_xtucLpsz{PU}v1@tFoK_a6V1x
z#<rhskwe?fZVB)DiriV{mKN?gv$k;K)Fa`iOCnga**lnu-B;I#{?^yAv#0rv4l227
zNA1;)W<}CbXY8oOhPzMDX7G;M@a2&-{Q34Es1pKex#Z9gj@-!I{f+gxT&VsXwtIn`
zc0dO@GM#%qMW(aLB0HmT2-nU?Cc)GuWhSl7Q5lgU0C_x(w$sYT^D#@dDAg!4_lF1f
zddwoYjKF>1R3zY@wWf7&zc)A#+(>=s>Raiqtr(v3lL`M@Si48IrBWIxLv0`Wd-iy1
z(Es&tAoTGYXZHwzWZIU>lFhwA5*-MyYO=WmCcu_{9jhms%OU^Eg?h5Nfdgr!*AAp)
zbC>mD$>tI$*&GhQ`jZxJFp$OmKutCm9J2eLLCNOMoh92$X5LujUolO(RtMK^eXPbx
zCTJPwa`cRI8`f&Fw<8IKV#Tq*pK<Q~-oY8?Mhs&9?_)_A_hwqvxnRaQoXg%{*j#2b
z$vBtOB;#B{NX9uIQgNU1&eqg08Rw>-nAp_IatsxQcv%ji!bmdCZTTXtrHpekln<~%
z^BL!I6bUP+8Ryp5O>CNR?mtx6e8#!U8@0Y}!lpVl$vDS1YJFXa6*!i0&d?R@KfCG~
z=W>+S)}^TmxM$%Pg0cT|nOeTJ1f^6hOn^c-SG<>adHh5F#Nj_N!~m#?0FpUpce`|i
zj1Hp>EQ`S}&t`JXZjTe2;pC+c9J_0FaV)ne>w5<9J3tQF`%7|^lb+y`1mysfs0}Qu
zc^dWlY7^=($}rP~cWywz3@o^hEE&C>^md+yc9={6m^5KCGitmVhOVZg^C=_L!p_eI
zEYB4D3|^+FFHbC|ms(#JFdiQI!>g}%Ezb<~_h=yf9k6T{k!7>F2X5?bBVKL6w2XbY
zM|&)#d|=~L)(iE+)$;{Gew1{>rjLNbDz9+t1IgZ~DU9WpD9&JYU|Id%9;ihA6kCE`
zo*ZZ8K1EgeKAZFzd6tT@GePr1XB#}a0`{|-!&lX*IVt64ryIu5Hm-mtQscr7M*s9#
zH-yujt?rJEk25yy;H|H9W!)my@Q;Pm@IBb@qyC0358LoOXt->jnhH83-<%%7B}jaH
zWt<iw;xUzmuIL<r_&91K5^+q(YN!wmRy3{3Q-ynE*2n?C=N-``UvXWq%xq8ABWE4<
zEhWn<AA=DI%~h1?t&pWGu2-sFh*eV-=i$<6vV1y|<<q;7ET3*LI+kK-fc##D&m_Os
zJnUo15HDBQG1pZ=W~bTZ@$Ju5mq$C}p6(RE@}yO#hVr>ZB*BO8<;AfY5N=X?=@&^a
zRaGhwbO^{r(dGM)vlURQTF5WK5O*P}#cOJB$D^kIgO{L&u?i7qDbp|ZT^!4;y+mbf
z1oH4F-Qto3LAu3yr;&7vn~9G}@V3aue8;SwKKvNS)F$)+Dbz59B3AHA5J7NTpYi4e
z@M8>L1jF8D@uksMI2rh74Oti&*fyW?Si|@e5(z^PF)r=Gad<&wbi9u*0`THxd}isa
zpN58VMEMTECa3c&bK^wwFD&1~_oxJ0sW44d`YpJ0*9_Zh;ezvL@+-+Z0Z{c3ljlIR
zC_CCGD0@C=^sVjhU(a(k=^%!k+_vq4&r-UeBj*@w@oj)_N5omo8=RAD(g|Jv#q@Wh
z0`+&uib~&k2V=f)`fLMAWojg>=^^$V>7x4ye8Kvuh2f(~K=~~I8jJZDUp|tq3TGmF
zSF3dTjq!Rd;pph+G(8jLb%U>-jMH$G;MxMBUb!9-l{T%)HR;zC%RWbz$w@3zI>q~N
zA_dGu3RpLWDBzBM#O?J<5Y_97SJVNF-^Dnj^dK6zoDWACU*wx3x#??SF~CUgo2j$=
zN9A*CXR!{D&i?P=a8Y+=G~3$$R#R*FthFn#wGIB(mWOR^kmlWUT>14<I(DGp`6gx0
zKk?p#FFO&{TyGB6+iR@1|BQs*4*GlR8@9I(g2o;gf2c2O?S@;ZwJF%zOs%yBWv??_
zYY)+C=fOFU7jOnVr*G;UX8+OJeulaG3TK4b&!e@|debvai9hXg+T%BL()RfBkUhRg
z-{Uopk`fxXxm^gz@j~Xi=Iwm>OX?NUGir9sGY9(++6KjmYiW=Ce6vQ!lT;L)8XEx}
zZ>&gdb^E=iH$6~o+89aGZ$;4b<9gG)+VsEMN6@qoLDQEn3ndyiN7D4MuT#TBi(pxI
zFmzHg(TFJ~<dnbNP0@%Qlbhz+i3`lN!{QQCgpr_V#1%Bs<rJGFl4!(QejU6m35Z9`
zVsA{0O~9>;Dx{5XH?q_^H?XCEoi?bDc3KGt(#oc9k(jZK#9|Rw8;OxZn{-rwdoK^v
zKUQJfVf4pxziz~ia??qNDc--WNWDN^%%ZT!RwHn{>4H37L1DERgjKva`F%ap+dlr$
zwWJ>?w#(BgE^(0_s4b!8xWpT2AYZDXIHx!Vk`*cP_LE{*{9cnP<c!52#c<TnF+n89
z{~2DE%)nTYG+0Ap_^8DQlh&dZ+gi@26X(1tFn;lmdHfeFfbrcRVs+T*m=zen_-hPc
zJp0>W{s6{T1_m%jtB~OH7Ol@&;wELXQH##3MlWVJo;}*(r9(jUVut~ih9bZUY6RF6
zo0N_DKRW8cU%zEPq1SS(m{^0#0lW{E-(gk``$==`kN;ZDmko+TnXysyG{%UoMuSbN
zV{wYp(gWkaeq-bFYk(iO@xyCG&u=lP)~wov3cw8%q;I5T9m<KG!x#W|EgbalJP=1T
zyd(V{Y7(X6qWLGsIQVOm4utR@YCPEVfOxR!e=Z)Zs)zpd%T$U7t7@X&XX(OL;9}Se
z$Dn{^#@gUVEmGYG67z_tvL?+52@RWpp<%PM(6H%xv|_d+_u913u;!nUC!%G?(6B;_
zp<!F3X1%^-gt9p3;QTb&e{eE2kF4$3c}73;dV703*o+3Fvm;$lUZcjFn`aEXpTy?~
z;uSYJa6{tEhTrx!nWk>brr^7d8wfu{DHgEdZDSpog2B&}4)oKHs(lDmHT%$sNi$TW
zwMpk~DZhpU*LG7P`JbBvElx{rg0w7Xv5vG|cBE>-wM`gYTMb$qM<cUdheKOpRD)~V
zq|<iu1yt70aEyWnL|j@=4PTk(3#a;Fpwoyw48HOU^I)1A2wiRF2B$|y*UZ(ZaNEGp
z74VeB#d`mBhNN}_Y?T!(o;IRu8!$Ci$5ii!xhkeU^<xW|N_*l@p=<G~0B}H$zf?M@
z8}_P_aag1XAzjxo(zU$3PP#6O4JKXaorB9!lSo%&&C{<X6u<gn8&IMBHa{wilA>=?
zQNb7EM+H}V7IU4&S^tTSCC3;FwtgTy{fZ5sUy;RI52RmLf04@Kt+P<;HZ9aTAj0Q<
zL_ip6>(dsjh|;mbJ~B_mibwYTDf-2iy|0Ew4vQ2MR;F?_Pt=okw(q`{O+WgcM-@w>
z^2HlzT+L<YF&=`(1Fe4vH3`Iw;E{>0CCcQln8L8(ool(ZY5Gj2<r8mIFxW!bJ>ni{
z3?qHCS2=ato<5=amhfn+8cConA2i-e%;S`b^R=yWq!T_z8qT;n3Nbwt&wFI~^oZ7X
z2-4X<6VIAH{!{U+5n=f9rKc&L^<sK(!9z{qDT2$AA6kaX?nW)5;gzogWY*JTkITNW
zaLUYGf#wl|kLGfEZgsMdNZoRb?%Ch|^=h<_NWz{#riNE~Z#B;mUpUmr-n|y|?j`o_
z=w5pFcF?=m*}EO=-9Llgy~Eyp#@>At^zH-p?s@j^)1Y_%fv4cfyMNavpZFR~e!=gd
zw*wpW3cgpN!pbHU-mhg9<|w~lg%@f=E4)&xweVl8u%t<a&3c8GvBH;4D%9&0=3)h<
zmf*Vb`!Kg5Z+zd%ZAhKgR5~^VTw6$A`FaH&D`e5*&{GY=IOXTFXb&^=2>#y5e(%HI
z8{oHhqW5-hk#{_Wz%KL_U<hp093x%1`=6Rs$%KD0@#56HOf+G}?8z(yc9i!D-8^KF
zT4~$70K*P%y7zK4?M)fWVqy1I|6T@vS%pcu0mvNXmc|G+@2elPi|y(20^(t>exG$d
z#$Px`iH@YX(H}F*lw!rHw$W)`X0Sdm*q&aH>d^iqL?0i{m}~A8nkb%4bczUkwQ^;B
z1jAajB9+eT9J*B!WDBsCmKlDdyWgUiq5U;)bk9MXSnpMV@?^DUs>T#A+vi&ac}A9C
z_!%uQQ8Tq^IbMcuKx%tkRX4mi*^J&wYx{D3d(=Du?NJZfB}I93%tfE~eL%D&e~Y5H
zBpLg>7Rur@Cg6h-frvccouzQfgO3=0>#Ove&aE#J%v*T(HBopt&d3_&PD|4Ul}UrD
z#z9?n53{maj}P(7yOA+`^kd{Fup$=@&1(!ErM;`cz?Wel5LZJx#~rSQDCcs!{6GSJ
zv-cVJ20akycsMRd>zG!|^lmK23`U0}tsN9F_yz2Q`sO+ta2;srA#}^(lrfb+k>k~K
zsq7iQwGUtR7CU>C2cT4>UaOViuXp44mBmqltFa?r-h;v$RVy~Afkr7=Of9I7rR<%6
zvD_Unmbq*!78nb&I{6B(H8-r&vK<5*nq{vw5?Q%(HxbT%2N6yrzuJOSFAKjQzPAGg
zF*9Hg6WJiX>aQ)xU>rowI$zV1yX<l{h#z;gd}f`xsM)dI`vOp@Ll;BI*shD3shofn
zD&bL8*C8X7vtT@3zlYmvSL6q2)X16Qvs01m|9_|Y4K;Ut(}!!ei=&rYgVbO9m0Kd|
z;P}5%n>v#8Sa5@t`x@<ymBuduPwTi$tN*k{{8Z*uveWv^zN<O!rMj_P^;?Wu-8nnc
zUu;rVsKo*nbAHpj=Eqm?FGf!<nXScF56KT8R#&s=`Dn;JB#h^=yVEB*s0}&1=1VoQ
z?~NyGTXh}Y^Py_q<2evT_B|{d{eBZ`B7ZBhTN<YR9jyKxu(c1@+%S$<*f5?}hw<r&
z)`v0rLjsSQh#(^G<(?n16+7h2<U;&a$RF;sKdC~9PJY=Nq?12BgwdMo^EoXwHxf+i
zq;NX<(g4>CQ7$lA<tfp5<%jqss1nH7_g~INP7&VT(}U=L0nl5EcAw6>H`5-Pl0`}L
z5*<HTfQI&r8q(3(O>__GsoeWE9s<q{YH{b;Uji%3zqMi3r=g5^xSdfxBv4b1!kf7+
zf}Qd0Kba-BoD==A0fRYs2Uvj3?`3hVzp1>!%8Lgqo(nM<`!bG+t_6j#6c{VJ=1urV
zbC7ony{zuZH<fRK$_J_PvGNN3wF-U-25E=kX41{6#dRUd@?WOVoR%cy@%E#%$JB`G
z082Q1&O8uHcI!Z;kHBN>aC8_*N?JQar6+{|I8QbKF6wM9(8QlaX)ln)-=R$D(1Y{)
z+StrK=j8!ctUhON-v*2Mm`(cC`HXiG5Xz6g3Bv@wOoi9@3zLHGUO&PW&Q}I3Pvg9A
z2EBQc(bOLJ<~dav0n-GcmWh%5Y4M!AcV@;u{n2q}ByjDKt--aY3fC#eBY^9L_fn~H
z*~UIvZj6w9@b_0~AMCo3mUF`Z*ayA+`(Vg~aQna=&2c$p$M~{0R8y~}&ECM8eT6mq
z05*G*zuDhz57+FQ&@Av-nS>eseWvkQ>p9w8>MlFv&DM<{nsX4sv|)wCO+AF>&lBXL
zEXrAy=r}MOHd;3Azme`C*-FjpwEs4##hqt=t?s`sLR=lPm?Cj-JI%p~FS`#=L3e5D
zfGWhA32G6$DYKK6M6L2iRa3b-9N0HpuYq0519acfTK#fZ#jKX#|4u4bw$ITYw;i4c
zoQ1dlgm&1vzdX8&Nxw@T<plIV<_BK3#mh!VH3!`BFB5QmSp?jt`vY(X`GIS^EgWzk
zP?N~nrK2iX$>YqXT^HH_<mT<nG~fZ$aFVZ7X2zM2cnyxELiIApF3*hBy`(Dt-soF<
z8x7(J4DBU0v|5nC(J<iik1qHuuK9>XnAe43JZ6)=K)XL}&gTT}X9|mvZJwG(*64z{
za=s|a^V0=Gt#WY@Gl|*{GXu$BUb5fs4YhIP0ONQ`2zGjTO3<8Myk!<rLzwZhrqEYq
zQ8gYDF$RFDk7oLgk-_!~sP7oe^c`0C5S1OGU)d34uaG4&eFy8QHsg#f8_h$?KSA#!
zM^YwV{(d8~+?l*SGMvmv55~zO%AT4CNYO)Y(dk|k%zT}C$HFNiJb`>ymwlmHlIS&z
z?^>{nv?PtyVeBkxs>9e>ep?;tMH0;94$!?hrY->{H?fJk$0g^r3d6BN?0I6Y=U2C^
zBj~O(*YWsOOcUnX->lcIHcMiB7Rc(Ek#LGhZ!*5;=uF@({f-+ZCHn=&bnc$1OW#>a
z-xoCXK~MGdXEVd`OVT$M4DfP_Vm>jZ2|r6_yMFTXv8)xVbViwVV=@U+m=Fh_b3sak
zCX9kR=D`yPzaAybq<B^enc0n2&2ZD#-orR{%eX>RBqkRsMznMQwoeF2Wx|&mV!~OR
zaB69CP^piueSn9hnC8I5!brA#JAq>=OG(AyMA{TnPviM9m?nd|Qlk>xo#R-1)jYBo
zp`62o#nyJylE#X#F<loDMX8o|mqsxcdpb<a+j#ebQKb9L67T<|NVSfd%?Lo3Xw`B8
zvujnW@moV|C``Hyg?7JW*c)=SWRot6^5|rnoaRvn=PS&D>5LTuEG}b8V#&b5M#e{Z
zMjMm^d)dp7$d_M6XSDVu@ML9unYjilNykXTF@YtCz{)|PxY2Vq219YF%jAG%awDkV
zUHP{_GblW$8zV&kLgn5a%TYdHGRXq)@4JD(e^)K?XM2^mZe?obV4$5RRU_iM^Qx~=
zkF30e`e2Ex&cWa=1_n2TAj1t?k}1@`AcJ375SOt_DBtAhHhrnt`ds|{j)HHUVBYCG
zDM*{qO3Qf%zjCwSj^8Fc=0Q^E-84PGzRcPS&;Fjkd-qa~J>QMiaVty@2r96G6;b?3
zZb)bT$<<H<WOg-jAN*S${_z8_t83nZQt5j^w=c8eVP-W~JG=5L9|7=mD18K|ZcWY8
zND-#`vaPG*`Nd`U<+6)JO0KVLSx)~&)h)*=9tkML_D20K0dot<3FxOPn7w>CYQ1sj
zETIhU0f35oZ4;87tdjKffY4T*CZ#fxo=hYizifAik@PH;3MG?^Zm9n6l~k3keAXG}
zju+xV^c_~?KpwM?OjhMte&q();flw53DZ<Sne+gZsmdUf8E`C@lvc&#!l4Ypt#mFd
zYNo}v0SyY#!f%2g{m}e*33L$c`v&>#`viA%Wmx+@SW&_4qWb~tqYk|_adk0ROrH5S
zzC0U#)V$1eEDw8HhTS;T2H&W}ECSe#pvNAD*Wkn(yC(3&>-B9etz$Af?s|O6+$NJ1
z_ZB+vI(fnzcnuX{4!mD0T6Qe>=$wX5B~QYTUON|hGQD+98}k^fu)Ily=g(<+p>(Vu
z!DCH1jG8RsYsiR5s#ewyWm(A>2F+_0gC@R|%6aeb7U@}><}L%tshxhD&0NM#u4Lt|
zW$ffScej49B`bEd@HZ&*cJp@8Uu0r4F#+ddw|IuvU*654d0agd16=sy>1mM;7aEm>
zd(kbXQj4Ur;1)mv?<Ic!Tq6HDK>jz(A6g(MdHpe`CLu*RV@(37Vh>W5q$pR#DObb!
z*&F?J&}YWG3S%&Lp*S7tW~nK8F*P7(7v8qQXzzHD8S}^7of(iHO$&bgJyQzFCDHuK
z;ZZ`hXL9XJoab=6j+u{%(jjEbzPUabkK$o&#IH`7@Mmpjw!!Vv0p-pi7k$jDD;N0j
zg?`?35zPa`kGH3z>rzooQo>FxkO&sip=IkgEGXJ|ps%*{i?5KvfOc5Z2gfjjZSEC|
z@jN)N_A-^u?90Y6s2<L$pUp5WNHj%4arfB%66}~hLAtqPJJ^mfvK{m5e~zhn!zOH`
z9kcJhEgDb1%251)GQg5$YW6(CQie+}Obv~<7`ooWqurSs@V--B<$E${m4A?FmAA>k
zt9<sxW>#7Lzggv_OVy=(eHAUVZvZWHz8t*JB{#Od(9>Upg<k!6;6j&e4_fF)KhhTZ
zWECxR$ybpqbc`!tp`TyE7CQZ|HpCz8cXY6Jeba3G(O9)k1o20!j*sHn8h>=h&$WT^
zM=b|x+Yo=WBYf4S_@j6IRNH#|(TmTvJ^rZYStepglmALQ=()eQ4zF8(4}_N*Z+*C0
z*fidH*JEvmS<jz>VCMd%Eik+Fmo~!eqaP!HnYg^|Fzd9O!R)(9ZH>3SMQI&g?<o=Q
zuj$^l!>ahlAXpvzsV%Vj@TWGyD(Z&_VD-wfw!>=5G6t)ZJN~cZcgG%K@X2W*e)q43
z1GiV$_}vv$r7iKhi)%)4e<6PN?7abi&ry^gYugaN`xE-A4e`4l`LXsd#qZv<Cj!Ko
zwzTc>yOWnP#HqVI6ICwB01`BiDvewo?%S+9%&!~|eGZ~pms_zZt9i4d26H@<Xe*ev
zIWG5JsXmKwdHhO`AZ@cs(7`rmjMco(u~3+L4g_M0v?JTPHhx|)`AKEDhZ}$+-elhB
zyhf1f1MIPQl#rb!XbsqEX}k4COPr$y6SG4L72fONJ7&oh-XBYl0ZASsdF>G<uT@Yw
z7R<avZnG4K(uxtD6-pNDTAv&kpHb!S3Ngf<YoUpAbQa`n(v)7SR4hU1Hbz>9N~ByP
zMhI4;C22uak!>nn7{@tw+vLHj{Q0$RTy_fPw9sgiul2?U-Uq@mREzRg>-Bn9DC40g
zk{9AcbM>rj?+*d%6Q(_-Z(#kB4}<LGj{rz0BXLra(&$d*?B+lCvVkbR-Z(EQZq_d~
z=%pOE{(|`gUxpd7L9Rhq@nz_VQ2(Pabr-*K0b+yjJoH>$AeU7!MKTK5J()aYmrM0B
z$4MB|9AI11Me|0-oiL7^IKm3ST<x$EGTF@AXI*bItV4wKRX1(5%KK3;d~<GG5LdEI
z8wWIY92#@h*rW=<u%i-(3!`?#r0fu$uQcy)w#%rf^sVDp?h@qB_F%IV*NSFUJ^<#u
zRFGHFdLmAqs_BVK5fD%{Cz#*ghFGCt6Tfmq$Fd4XC!9u>$6=`%OqUevLh<o4nht%&
zK5@23KSb|u_#t|LWO<n0tMu#;{z=N(vk5lQkf9X%k{`YiR^{Mu_mFqG!K3R)g9zf^
z6K|pz$P9A0>7*O8E}Gntf*#<N0V?&%iS&++7u~nU+uS)mJ(kTdTkk5t)fihM+NB0D
zr9pHxB$f;nd{v@UC%O(ajC6N@e55=6vAm2;)0YnCP1dL4;a}TRJ#&G^JrxiC!f(;#
zG1_7C?zfq%FzasSlY*-%e)>|YY_LjEg3A*vxYk7jDmjl?7UjoP<;QVKsf?qZ3q&>B
z+li4%pjso<m=Q+wV*!f5uPlzs$=b$0v4tb`8PJl=DVuFm*GZd4x`&k0qL%ykvj5Qh
zGM8e%@Zt#|h0z7>=qE(a!6>V{=d&CgmYeM<KZ>q(7ev>&o+Y=6p5LQH-#WXrTXg-}
zP~aZ&3hj{;pB<LL;IT{l#rpku8HfDv%Z2&BaTNZwy>S6%9{&a|!W*zo>l-k_$N{_g
zM>t7b)fZHHn<op<SH%UZ#AB&wu5%v68KDYevqip1nzuCGJ>IaWFplth5TK^dW8OKd
zzxsU+zj9AbW0fF(wFA)x9?uBUS9SDz(QKo;#An`F@}uC(HL*2AvKAn-ss8<huqHKN
zwtR_A?jvMh%9njd1bw&>Z>Vf;!3V2tm%rLd+l^m2JI>WOWOnA)h;}LUu=2S^i>qNM
zzs$3{HmB5QaD9)%skN9D-gP^gNgs#${1c<u*FZ~hvKnTMg$CCfF+mpMA$&h%wq-50
zXicfI%A<^V<(v4|JiCwQlr|b%d+@_e(9_5`oTw$`gw?!>Uy_6^8tU+4{)tO*=B2)&
zP7!bXSyYe1r~>Iqs_kwtH}7>{*F_<J_!{C@B2yJ}6eNBT&aKK~g#Bj_rS=p_eLcVO
zK4VVf28=LM`Y7!CAw*J@jMq|G(AUJAMKg@Bt2)4^IUR?>0U*zUUf0>A6H0t6<9V{%
zIWz6jP2K^l>(j4>{gw;*c1L@lsTk$HBc7DzjSJ%HcN#XrNrEQ*uJtArh<8-7*f&1(
z_c@`Y63}vuDGJnl<a=1L(Q$^2z6x&@<>`{XCwJ!)$~uf6|GEl(e&wBUu&%el>Ch`z
zwmuUtSzn8n>TK@e@zM#KJN|Lpzj$rx+vK>%=I;I)?2&kJZKFyd3fw)@Mb|ciz4tGo
ztFc>251YH^YhnuQn#yR=bv}`I{bs=31tVP-9qgYiUty6hXZ6-a+s#{?$6yFFlsvgZ
zzGQnQp5Sc(s#o?VZc%sl(vj|-Zv5El&Mape@|57Jydb#Fr<IJe0~Xis!(K~7!Q+j>
zt5?{kKnX{?qgRb~_go_y_P|o~#C^LI_v^cL@NfLP!(pes38brw?aiJT@}2gp&3xV&
z<4pq!0N7@qx@ojK{_la~&y&05NhUV_3O0T`Yx#0a^p{h1hA%_H0!Unj3EF`pvA7O2
zX88FfD}u*j*kti}Z1VEW9NP(-3Z&)R>Gz_MMp3#^ujTSYVKpOhBA%!)RpID#e(=7*
z(Hr*@x3RH8kQY<4$OTD@tMTU|3*dn{C#xi`BqyUH2p;ZuIBhlsf3r^irb}Z5zY-6a
z;c=FfI*WPZ{Ovj1?6{odk~oc`paZ1m*C_Pjpe66V29|u4U;y^0G7*<N_`JjO;!Qd)
z-t370c&iTnjekpDf4jMnFZ&(uJ3R1D#-{fTe0d*Kq2C1m1nFN_X~z`|uOv<Y%msYi
zhH;GnJ>ypZ-bgT#_V(U@gy-{l*C&)wV%>${@#M+30X_Cy$U~%rW5Dcj9<{kepSC&j
z<*|T~(%3~8aLXWdDyu-YO#0EDvKjjM2YeiFclR`kzAdb)D@uxO?##biq`iQ)Pl_q9
zL#m*Q#>A2$(N~Fymtna?&w(g0Wv@-zC%{1i-0Jgocl-;Y0S?;=ShX|L1J9Qggs&@b
zxjrF${iG*R0P`v50nxnAaUC3M{}A2rivUH8(?jP6=Pk?|&)bS<jD~*<CxRj0SB^HO
zoU%==93fkugeh7V#S_=qH76M$%rOWv<uYza2~dkKTSmmD;*7`O>|=FDXV_H40mQ5*
zP%$SDP)C%yU@8ERDW*cdje_LS?z`MM1}h+4o_maeK9bAUsSWHZkji$k1`448<nRMu
z1LBvlz7`4i8YbIV2I#uc`62DQJirC_2m^j)DQ#%C3iYiPJ{J*K@NHT}wk%LyGEbB?
z0vppP)t%W3l{eCcxGrFS-Wr$Z?rF#~{Als5qhZO*zo*RD(sCM$Wzlfxzbn<ucaOb1
zDzp;rR;#<nkhkb|tcZ7lqPfEPw&25s<I7&cJ3voP@`<R?acuK#XDs02btswpHnP1}
zGYjeg4t-8=bPwrV;7(do;7(hE*4~z{qY({L_G4^&+B`@3C$EGp1C>50aA$r(fx8Vy
z&^*{~uIHaLz&oIyL`TJXB-@Gn<3}&}e1Md837!ulze9c5Q_k5_&I*RzNMvDS2m6!e
z*72r}uxDjJN4XBF9DqI=oQLh^Q+)YL&|uA17jUbx`mV;Ij`;F3&UhqGjT^mj85Q34
z_<M&kF3etDG(3*czGRPe5w6b2IKZJXu);r#bZ5SXyd3WI0(W;fd)5Kd#+P)5UHF<H
z?Y5<C5$Ndo5bv+06CkfHnZDE_XGrOR=zpBr7u>VsEsdM74|OZ#F;1fhPM$6N6ByVV
zN>1fTCoL(P#i>79q|LVSO1=!uvSGU|g?)<K{&_kH@UQ1^)ChNy%2n3eQ*h-0GQOTA
zV?<9aaFx{<`^j|(Rypk*w#r^xidQsL*`?pa`kyi4F5P#UtREePe{COKu)r#R1pin+
zf@R*&AexUMeLUj03Od#JN%{T@2qlZu4-0MPO6M_}1!kn(JY3FPGF);jjkmaG8FCgC
zGoJDW<fVYAJTWT;)(0kOX{@x#Wp(O4+XDM+qqfhi?nyrLiIN}GMQZdQzDmnCYBDA=
zr~ucBj7{oz+?ht=N#)P#*?|JpKcj8Cr~r`ql19&sBjX<aAwY)#{I&=b(I)NINFnea
zuZo8AFrl7#%$zHj-~N>7;it{e!yoyw%P>6hg^TF#rrSe{(jGOB!lx*nt9cZ@S3WGH
z9114UeP@DD?O_47Js`}DPOwX}6GeHn@r=b_bW9ZFG08&tE=PA}-XK*mBbT|(Sk8M1
zyfg)u=N88@qbHPM_DpITaN0S@Z@MhF2aakOhS>@JgXt$IC`%`3WzD;B(A1!3wWzos
z{hRJku6wJ+JCyfWKw8heX`J^ZEio#LqR`3Wr740xA1W-!*^k+R$oWCR>kJs7ZvC4r
z_ViOByBi)4U7?Pnaw!um+%a!!jgE#!EzoEKHQG^mX+BwXnI>TKcdN~hX#l}RdI*|d
zqc%ULp?sGb3!Q}OYUSh%b_;a7-awOl1AA%nePaW@Q`!zP_*gaGth@h)Yi%&~YV=h3
z;4%y!KFWwHyWU##@EBYQY35F&z~V3gp-Bi63jMHRo3C0%VVaGnUPrUzYkoX{DMR+-
z>;7HBG#*WQmT4_F&aTM+JuzHl@;8iRSeb}<F~+LBH=>4Jxmbc&*8llS(0G17PH*n&
z3r$DBM>0J&f_`B~kZnZP{o!bahVOO9`^)~L2jpwL_UI92-t8mr_45hgdOe7~=-Ofr
zzn-SLW@4_^>Ev*W-6`@;bHaAIC>C#7N1z#&D34&Nv@eBU0co_2@JMO2F<(?aqu{A&
zckc<hYo+B`)Qy%W^F~1%>7Yy7igRqF&)ptwr03dGOhTa93k;Ss)rrm-7XFJo+jKQH
zi$%^8^u!q~hP>!@7NSE@`$t)(jptcek#hQxG!8$eR2#2z+OoUZ=dk?p*rXhrbWmA5
z2*{l&BohIqNtn8N1lt71l{p<7n$9+s+KFhk@81?~w#n@gE-=gM(Px(~5dvRd70c<)
zyg@H|$Ff+DCF!vokdb}^Rii}I*0Y!udoaP#)P-pni)~Ujt2PY--wb+1IE{lv;ifS^
zh7D)dAKf^N@DbCmQNWIe?HGn8@-{wCvAKu-^qWdj8kIHSu$;xfo7eI%;2{1^aGi|7
z$wc3e(;MpUYSr2u-XTo8#z@+Q(@MHOms^8$P5JOXYIvx>;Z47uYT9sz2pdk<8@~BI
zc3N$|E|wEn0DNG46Daq)TR87J+YXr8C_2GLb%D;Og8XCf_ztcy5e5wW9~9Pns|Nb)
z;qInUlEVOPG%QjK4>C+JGH_jgYdCOiP;Ezz+I5%TG_;7NxQMw6d&iqG+);#4bnLsw
zCKV|c<I(DM=p|kB)!7oOFFOyi4c7KAea(9u8}E0wHyv-6zXgr=@$uoto7%#7d$94o
zY-)bIb~fGzP5OAxAM``>k|xl^tq=mj&!|o1*KujIAKwqzk7a1~1xNpVFES7G=pYaD
zXc}P_cJCfo2!BfFC5`0-KCf;Srdwgrt@*qi%%o%humoN!Z0hIwhu_po=B5QM+30cM
zmMlJ+5&T4F7pyBV3zT0S(Dt3UZYG|s+eV(PTSCzK7O|zQW-~Rgs&xm4(S7C$m68hn
zCDul$Jl+wPdSJpIqu5fPQR<8*n=UnD9voqp+L0tEbH}Es(V+w9bOYkOd*C&^Rcri)
zxG;@(YO!&nGRcv~HMO!niL-iaJ#t&Y@r<8)o?v>M3xw(K4Bn5jcc+5h)v|Y!*t>?H
zcYm;V!`ZuwLGRA8cYWErC_~`8M)od_y&D$vE}QgdLy!N1-dTg*<*;|V*gG-kT^@V4
zlD#VkdWZKDA)%DdFpI|`<)%p(O8HEvN#rMbg)6bbTTLp&)@v0m+yNCDnpBveSJ;OY
zY)$e~9MUVS!3y88fFY-!Yd(C#56?vuzTuGut>G!y@O@1@AbOqED&$}V)7j7p(^O}N
ze5Dsw7}vzv;dR}UxDl99GKCItm(a)XGggRcGKP4)!dF<~BAb2vvtjav{O{Q?c|*Q=
zw&lDb->B{wf-(`?Uwb}u0Gsqh$i@n5nk+)mIjzFwSV3%JHhbTBt-@JgQ)?!m#|N`c
zWklO6)F7)<gGPZhPvAcoHrTt+J72AYjGOY!u8ZUdbNWVR1S{2g??z$jw;Oe%SV76U
z2S}ahwR*Gg)#e)m(vMsTuZZc&)SG-%ZSqa1rv{SH>wAs5UGA^bnYcFhMvTZ1E*=B3
zFH$d|f^E*5CL9yovlGzRR+I}&cDW!CT|=_yvQ{~J0#~ZjkxCXIIBQKN$1E62KfK_x
z%L|Nl`GG{0Gqxs8B(@lhTF^oS8Dg|<IsE`TC}t2heB=S08>V1kV=1Ks%R2Yc*7jUz
zFnBdkC1orKEL~<`8PLw;ps(KxL`3E!bF1(+cTEO9@>V#?VitEG3(UvjtXQ&<W`Ps<
z`U8;VTyxXm)I{ZqU4EFXVN!y_|2r@lb-gnD1jaG|xkS!^!%4T`nWI_c@Fr{09KK6*
z5}j%6(;mHcq1M5cl(-hpnbpy3<wR+Rvis9MWM`j<2BtB}p}z%YDMB@H1X+p_z43oN
zKhe3ONb(a|{}#@$3bu08GTh2Ge;1>m@YvH>SmZCf71)hUhe-p|{|M8-BnD_;K65b*
zOrnzZ^3@>(F-CQ`NK^`8q%~)nP^)tnwF(2Uf)^jzE-6y_Z@;MKtgO79CD0i)SkLJ5
z`cy4x&%5f&>)1;jE|)8|nObt5$JIJ<g99A7{-ze59;DfWlQt|FcAX&4HlmozxX_FW
z!L=Zna~RR!WrAf=B?WDwe9G0zdr!scc<hV=%mS&{15z>kN=6+&NW~tIiYdvb%QHvl
zXCQ~9IuwbuFu6)ebg~vsc(al4{mt#T;GN?832MTHo79c_g`ue%m($iHy~5~K#L?;l
z9vJ%@LGXSQo-o76YNia>&wyC_7;_4|_eD~o)jSo(kNexFT6WZ%<I~bTO$GM5=3ZYY
zu<!M0XV-A7aJx?jwn^DBMN4N;HH8t!Ndt9QB`6=Oh2p>vdvYzF147K^W^oA;&>@Cj
zqQ|IT8B0t0b9WmqsjzLBnx7C&%IlO%qPQk`H=O*cShjqc64EvFyCp5E`?lfCE>&g#
z8|_`EkNfOoHtwf0Gr6UI+J01C+q(VeJ!>PjAMNXDyZvbTiXi*ZH$G{L{pkIlw9$Ta
z-A56a0p2mA?e?R+XD~Csn(P0HefGYuT8GycUquYBhrez+yh=X`g4c-^ZGqR9E7}OJ
zuK$hzUjLrnc6dEBox#hT5guMd#xc?F^Dp{uG~D?nf103t6a1G5|D`Xw6`(U(005%9
zt5NxUFlN!pEfnOrM%O}gb1y&=v8s;U!!5+)91|m=9c0Ea?*P4jyL6K%jWCKXSWgq>
zRmAn5nvaPU(*;bt7DLgY7G~wjjselikXyTPc0(=2lU&NNq)5P!0le(lz~wmqBjRF`
zqC!mBCal&5fWES2o5+ad57BcWnk5Q5D7bcVBi%iF>q*aI1@mr!&;QY8I4JPLe-z61
z@nt?jRbVot{etI6v@&NdE~E#YS!&RJF4*5)9Zv#|C(+RvCkT^EFxFh<(^5ytgrYFO
zDjQbf%Z89z>6G9(-%fCyHwe;RjEo6Vb%GullNZdJVPHGaL6;xClX9|kPvXnA65gwc
z;C^`&&4Sk3r6E57Uxi+nCQJl(1o$4nGv$j%;KVB5=O8<{yQZabqukM%1Q%E|K*lKm
zYfA#oOLRxC7p1N6m{>Et5e+9q&!Ol7X-MyplC`%H8b@}`w4ggx+77HNwtp+Mk5R(P
zeY6Y?Xf8ep50*1iF}_cH(nxo72J+-0zz1jn?t0I!(Sl)%2w0RwS8RD1hXRMsKQ$Ds
zHOO_54(0&g{h_@+7{)0bKBPEy-SGFt503dX83He<*jAW>PEF1p>e^@F!{x|9q+gfG
zDHEoqash7~hZS)u^LguXUFi8E&`mH<u#0N`X@TXRE=xiaGE6~TmPA2N-ESu)BhR5G
zqCRpLQ;(;!vLa>AUH(MWSyZ^3eTdO8P%0?j-=4Hx?2AAVpchk1Cx^aR(n|~eKVPu$
zEA2TN`|Qq3&=W5w;!zLW{TXy`?UKX}@x-8ZCQv(hLg^eE=M0Sulc-YBWTc{5jO2ED
z?R6$7C9b(n)i&n8&q!IiN{$lAFg=7E{cj3O9bqH+B8Rd!LTjI|9))y#EjG$qJ#5sB
zCwbUM{%vp8j6j~`k(;dC+DU4U&t8MZI18Y|`J#MBGg1v={nn!xw=FkRs$otCDAE*%
ziZnM+cPP@JmU1;yRo0_O!@U<I(sZE-jVKZgBW9qCm-sc-%{ZeZj6(1W3BsBOOQzlX
zz?7Llp9&MIauQS2YfQfU+?8anK?*+1TP(`<1kAjcvd(e6;5i3W;hX_=kgh!#LDVMa
zo5X%|vII|U^u4|hKltDS7(izjGbW$syg8p3ytBVXS$6tT!QAM$+a^ah*nye0_p@Y)
z9wj>O-i`Q?&7E(snPKx*JNAmcjW+W-{<#YB>~{~W?j;b)QW9glSyH;*lI9<p*`p@b
zoS9VQ>{FAAT4M7#{<(E{OB(c+FY600;TRk%?JPZEzzckL{3c-QyW)ITF%;_Ah>#ta
z41daY34GoO3>J?HG|cU%hV^%O=pYxoV?y)$6=Q&HJQ71Ntn|)QEkhm*gre}M!%y)D
zp0n+2=7anbizsY^4c*ld4FJ${2+0jXwS`b%q#S*~CeNWL1n_>~kV+sl&z?F#q2T8P
z<%}kA*FEs^O4Qb>IiqKU&44}bPPUlXIEgs`8IW<J@2x|?kgSW?x}^SEPV0BzRRX6B
zJs+;$7}jsMtAv*NMdA0Ao6-XIyt$Syf1icLp^?bNlnyZ=pw}<E<a5fC_2GJL&w72K
zOMYv;UfZPC{3s32?+^;)AqO-%8m-e&PNkoSglGVzym?0&5l<{YPYUJfJN!g6K_{L_
zO3A!-xJp7z8l^PX5*6Uf_Zt`uHTvJMLO(=u5=!S3agOnNp2S3o6+)Qd4>^1ZqXmG#
z*7LcXQutN`WY0S>m3`wtyk*HK5PuQdm8)L3;3G1|mp#R4<LP;zDLIq&tCYM^`Jhgx
zXu(u%F}u`MFJO5SyW|WaZ+<Ne4XMZEieYfT?XXK{m8;(jB5s)zQ_0l}H9y1@{rdvu
zy9Ok|%{2$OH4`R<No0zN=kn7y&0oEWZrRMI__9LyB)4?PU~Wzg@%gIG<|hyo|5b{D
zBCiXIARKP+ei|e!e(rq>D!NL;ByfI!3UBil7D3@{R5-(5cn{`(rb4H`&=D+dpTr#K
z?$2nYlpP~L;y!R8R3x`v45;%jtaE)69nCAGlsToiN1!bGOO3lpjiqXh`_&qy7cm0L
ze53N>9u@-RTU4CefNXBeWFAPF<q1s2x$-Q<w;2F`$~NKcmCYTq;FD1RLsW!ydhi?6
ze{@P8Y^9?yHBmhp`Lf3dr&>B5|NYyaJsu6zTg<vaR`ry`b7!?dJ(queEeMN_-_|61
zn$Rp?A#V{>zM`GlTJ38QY_PxI7LbEBY{Q3M)EE}^Fjt<7q~VO){O3E%Rb&_Vl@Hn2
zTEYLvDA?BR4ehDTWsme}WgL$lwW{NYQpeFbl5zaAh#04IF*`4rFRN(BLO$kc@w%G%
zYF1J3VOUK~^vg>YJPpw{a|8dx!|gb(MS91$waIi6!ux@j9T>qW{nnqNvmrU?Z0Nww
zhWh;@T0RL6E2E0&Buut}=!vp`9Gwu@$F?uww7vG|i7<Vrr|rMKY~{2)tQ@(O^#QX>
z2%15MGeEY*li^zL%vwKkI=8jfCAD?C>=bNrQi6s5Vgwy#Xu@xiM<4}0fXnB8m`*bV
z>BhI?)3AU}Gjy9(D#z0u!3a9em_seGP?*FU&opd7d0;O))5y`5kx$f66!Ya{)H6-t
z0?srnq<GWnfdf<SbPY^MS-I?jkJ=}~z?vv?GZ4cn^-NGHL^0k&mvZcXs!7_7zyIHz
zH+8Gk^X8!P=}U}K6f;V(ew-GH7Y`fzMIVWjiHN+(+F^4w9imE#C5;R4Z}guxb?m&!
z40GNLc{I#<vm)fYc^xWtdo+wzxA74yO!XJ01k?6e6wvOl@>C8S4%3^YtG!o!U5u|M
zHd5p(HN<2`wB~US%`@h68M|OlFKu=|zcn^+KkJ-?Z=IfJ&Agd+e;LT#CL(v69L(KP
zvNbg)md%}XGl}`~%tU>Q*jK>@d{=2<1NK|h$_6~HOjnHxiWtJ=WDS=ciP2itD&@VS
zjNv4H=JI0!eO=MiK&e?S({n=_=g-E2_}{Y~Gnc@5+*SqbbHPKtF!NwW76S)Ywah*P
z!TWF&fJHHmNYk6$Jiy8+^~EhT`#y$4X|dULA5gO&=Y=fNNZFd0z^^PS(mHzrJA3rE
zaIomeI-AzCv$B1xyMgyVO>Dzh=nW+6lhCNgL@X?2|H7+7<vJPy8llJ*XyP^j!?N2A
zziI3_MnGlkc?IWZ&oN(^((YzIdydhFm6K!q>^aM-i;+H&l;O9^Te}%4+u<izgb#fA
zT$Pk<3?yY(xW*bx%ATtOQs#B5EHmu`zU)IJ0vOi(G|LEFlr_>l<mzzr3~!Q((UfHd
zFg>u=SGSF%>HH4MZgQfM_@PhwTRFRQLiy>rAhLF>5EXRCZPG>9<#$HslfE#W@+X^#
zp`MAm9Yfl=Dv8GRVl*yqNE)Z{)9@;RoT?9;NBTBzAjiQX$?XE^+eBv=`u14}eR~@!
z-rx)q+3PAQwE7Ekp|ArL7WfP8!Bp*;K-T%$Y#?oqHDR5v!Mjb^st@DqgeHXX3ib7^
z_`0(iX|8$x>ABq_RQ^e0H@7_-0snOG=++p-NqzFvh7;9>osl$b8jXw@u<+k+W-L4=
zP9cLc$Do!w>~dV=NS{(WjD`*Y7A<~tzy8$|+WePCGXH|s=Kq4;a5ruKku+>7NYzz`
zj;nRup1a2#)Ly5W??!NIQ&bDesfOBCz&oZkmm?{6%`%OAG%81*iC`d4+WiA@-qvz2
z$-4G(usT;Mk}i_$0oqG<kE~jnVJyy2rBcdcT&)k~1xln%B7;dZ=Or)_MNtW_xr58+
zg8flO%F(cwi;Qw{G%C*Bzg<f=vUK^%c&4tbtIt;;>$DeHr-p8Uid=K8^D5D|K_lZp
z&_ut&t7i7Al-qg8LoHs+e$A-P_Q7eK_fwq9hM9dBfyIYaGy4S2{dET2j^D!E*Q?Mi
z_Z{~!2#n(R@?Gt@Rxqx2od$)8>gu&y76BAq9i{HLyQ}}?j_ag%_^jIDvZq_$aevdl
zTC9FG@#zSLSw9kuDtdfHUw2x20`Zy|bFMY23$}dh1s^-G3KN9#T|nH48+R5mT|U{0
zOt!>wtd5WX(q>}mqo^_Ok$94nr^im@vU6QR&60aep&%EV1XtAzp&XS2Cxw3P{Z<r$
z`(^cL+pnbj3fvb<2N$!WgFtsvMil>w>C(&HV?4#v?KJZl9CxQdJy^EpM2d!wV^8kJ
z4(w1HdU9?9WZV7#Spr^R473Ei)X3(CS)&8yI5AtFqlwnST~a8xJTvgVi_hB@WD275
zkN5l!XV4SJI+LyOYhCD$z|cWZ$2wFU>%aE1QzbZM<NdMWu0ndma)Efhku`nwPQdd4
zYICn#Ks>)A0jt^N`6gS+dAh_S{(FmaibdK=`5F4rC1!CJ`jufc$L@Z41>*vw+s#KE
z{Y1I_C^^2C64=UFf_y7bf(#*hyyCnJ9mT#?2248UE3a^D@piD8f903#F|@X=3Uz!X
z)e$fjlZoG6q9HBq=@u||s1QWvE@MlOxMKthxQ>mzc>Z`mctO4DHLU9C?IYB%yioPQ
z^T%~rXTkU{jYJ2}pgnsXqSiGBKOELHzD`b-O^!}jYov#HC=z3~b>)--8zv~Lbh>EX
zHg9{&3vz-Rt}aM)fQYR;=Z-}Glh5u2SKrf`V(0U#HN}p`m<-fA;L9H8T2Rw$9g)g;
zr?%YugZl9t7dVNXizArC%n_*!=mDU5gAwqN+W=H&)d8<Rdz`5wJFcT_1g)H+MYY<H
zG@_6j$!LDbYmF5dqBnev+VJmk1Pzx%!*mX`Ht;CD{maz${~k&E*R(qDN*zd-s|{yF
z((qQRf5WkZ>`H*ptG$pR?ezZE5n6JLdZkapai4bqymT<|$@nr&eHqi>KYv?Wf+_k)
z)%y(P$-hT1(mvK!*~n)DsSh@MT_g=}%JnaSh{g%-9^W0KDb_t=;noh+=3jr@NBZq)
zt!+oc4s9HoBKch@f^k@KQ|VY+5qzvUX9$n2M@xWUyU^e7L5^yQpQD<L_HR`9H-F(w
zD6F8uNBo6zw3MUO9O_N0a(Z($wFk+>eEB^s8;+mYui1iLeI3Y5|JxrbQq|}cqOih`
zO)8iUunNV>!TwOea3HioXP?$W1y=B}(9`Fqx5PmD6;u3EYZ|l;O7Z&-8|eEl>H7@-
z_vy`jKdphumFPMUoCYVb)=doo(&wevQ5uxgpebt2fAJsEj;SdEy-79i0sw2!g1QFt
zS=L~}%bI7kD$J2lDb9jsO0muy{O5j*ROj%Pc#FLccxQU=^Um;2SM9EltX~z?0$D$u
z!)&kq+cA@){K)}Uw|p5M<jO9nQnMBNFnK$B<GpcuUPUgTmk$js^zsxoAyMnq%FP{h
zThPRsc?NxIXlJ6tyv2;}`*+l=gKKUJ9hDs`4p9dl4HW@<{R4?_X&~)!An2&$HP;*s
zSa{`1kSJ<?_OCOkj*M8i(O+1BAKnNL1UYRE%E3X1KK^Q?N8gHti~WVjHY?Y@dC}*6
z)O#<i-QC*f-i~Swx=el+KJ(ht61pxv^#*)%qq+d7t#R_+!2yqsR3&{FoXuAU+DpeN
zJ+Z8vj#zPC|9CC^Pxv$w3MFX}Giv>+LuQb@nBTlez7v@Ge4u)>O&E_TfQuYsk+$cR
z`xe-3^5iTG&Vd|cSARTk*LvU|YaQ34Av`dU$HOp?osogutsK9F7|6{T72dcN25)=O
z{4@Vbg+DM0i*KNrJ5><-{%8U^%M!GQ14~|7iXzsk*KzQC8C|YR=S2y)xCe#Og?7#{
zO;ojK^35=cu7X^ms8K^HerRaiPHWO+vZ{8+i1TteW~rpxV4}8=IpEroCM&Ohdo6hh
z82>-!zC6Ch<BR)-EY}h@_SmDM60w9>LM;i2+;BrEt+llVwU&g`PD0&YLD804ic+eo
zN^5HoYiLo`YSG%a=eqVKLPFj-bLN?6kKFYAectzvrtWjT&ogJfvz<9JbH*j!))kwQ
z;cv6kXoG_VIAP%lCoIZDI-*T@j2P}HpqsGn3H@7gukG0GLf4j}cajViFhzhp<$LhT
zvMV<GGvUA)Z_Sh-sj+6$bGZ6AThbe3cmU=kR!Mhvte=jXZF@hR0Q#%@<sCqOLaunb
zYl9$C^@nM8j1S`gKLGUB0D5!4y;=kiC*M+jXT=K^UVCg9R@h=btcSQK^bKRDABDG=
z@UA!SW6VM%dwACSzw8J8b$&kL|IXKm*Sui9QM~5<3k$v{c=!y(p5XJT1=$n4F13Jr
zf?rO{$DZIN%?rLKxKDHJ-fMalG+uM1dGhjtYEpzfiGclIw7j0qRqWq}`x4lbzTkLJ
z6xNR)7re0cPE!<CXi7l}>-mfV7FOq}`6#U0;RP?O&EZ&B$%UnOD{hz9u(VgVub8xa
z@3;4!U-07co2n?T>C+2RTpgwtu((!F&PQ>zY+CT*@@R_1b<`v8_}a&9P+q?p#Mibt
z)@b5uuXFJD+HlW~PJHcqLW+ZThr=Phb~R9CBzrg-UQC9f?(L9bY}@Q>+=#JVeC~gW
zv0ZwyBF1*=)Pls=?l`r8F}BN2{ckb02TjaJ<uNrbc#Q3Xjj-~}$qh3})?&i^H}QzZ
zlOZe|5?<KhB`gBGW1=7anuTxoa!w}ykOvr6p7#j1(lFKbrna=fSY{9c8-iA6#L#<m
zZ3Cuw#*w+e><?g<5ljkt!;(6wq(SY|TEH24lkgrmx4|YRmXXad8a&v<fPF{|&MC!M
ztbo?BcXA<+qM7<{!fMksW`C=_2T84mU;8xAY&>^BOflRBkx6eB&xFgx?|`uz#@mm_
z`Dl+9yjsQP9;A&KuD6X%Iov(A*+HxQh$U@XA-vu-lrE#EwFqsK85Qag0C_Vf4Hw?_
z@-ao)GoVn-!meB1Ci{WCR>;eWSbBaUIyDy~Qm15lSyJIFZc4U~CAACvhuJc7s|Q~5
z2p5pqZ$;UiHaJ`;OdH@~a=JWB^7F|;FY@`6EH6A2nUdv$$5v9Z$Y;))(4}b>nv}=e
z#4X#pzloZZK}}Nsv80aIPi?^>GAEtvVN%{tPc?pSVjBN!Vj5S}|3<4|qH!}K!$iNZ
z(nPI5jS}e9l_ciJf#VE;Es_eEoHtD(FwPKI*pmSFm~_=z*Anjb)t6-#V&~I!Wb@uF
zWO9wr5tIuig04D(Dvv!(t~Yc9fuxLGujvT>A;lr%8|GXDl^Y)l7dEkfhetwa-hnVT
zhQ@^V)O96O!n>@*Ve&{<{w=8?un*MXlN)b#2D}gt2&EhhSDtj4o!r_aR7<{->ni6e
z<0_?f5yaXLLwBAQTAL=|FMN691$B>g$PNQxtfNIB_6_faq8qy*3iw>s8?}(SZ2Fnr
z>@%L?XIK`^C~nEb*Pru``3php;YspP(ckz(=jE6}XbGbi5Z$23)V5|6qMeOnte@?T
zvHpp^vG#h_l(v3m=Nbxt(D$B!vB8I}JF@t3uEUnpf9UY}G<IKZ;n<X151Ty;PEB=8
zt3%9Cr*)sRg>-nzW{Gy%JhE(-HqN-2cM{(reZn2uJU2$u3fjS5Cx;$tY7s~eOtAw^
zv!Y1H<#B_?z9bZZ{UFq?5Bv=v{~qhtA<gr))!x=$42jJOjPzTw4^I8g^^-NN>_-hE
zO~QGb{BEQ533$;coX4V3285;2c&51QJ2i-;Wve7o>_Ox1<m%fG{`5TCp;$PM@{)`S
z^#|~Sd!%D;VSn4tUOdp=sf?AzB9v{rjbZ2c0!T+sHvrr0F@&@X;ZE+0+*o@%V!Gdh
z)%H!LUgpL*639=Y)nTjsoKSfL>~75!%0yv6Au|RP!Wf0QHEBq-PrjugXdqD8i2V<8
z33~ytjuM&>cKM1`W)^Pw>cxyHUlNRvy0xXG3PDotCDVu`bJ&k>!HlSj^V<k;B+@6X
zzzIMagxLpeo(n}VWDgC79>F3ZVd%27A^u=dNANiFrRqNb6C=ro-jwL7Ms$NzVH35P
z*cbc2njo)qg<~z$O)*)@T{k~;u0<%1X8D<vyFW$2JANiwC{x=g3Z=nOVMHJ;k$OdV
zJikh(b2Ky+&wpw3F0NM^&n!GV9N4NnY+Mf2bR#un#aMCYLhvx0*@MN3I~pR36^Exa
zs987%?Ote!SA@V+*sxVIZdf~UA8P;IPc<3Apm6z!jA#}X7Sqd!&0<m>4G{&Mn82hK
zbg>}!V}nYY;QS1Ah5U7(7HE6WCrZ@z+97T2ERlb0uNTz~oKyk=G7qLZMaF(r+O!k;
z(bV)L3*6%@-pA)CK0R{ZwZf4_j#1sBh%!x4y|q=^it2S6{z9W(;ry%DPFKBAGWDV^
zdz;#%6^AhHCd=-lX^oDi9FE<0*E=PvsAbVU>mN6exa0e&X5RI<X0BaY;>`KiY-15U
z%^vvDTXe%M+tx$8n~2mqq;bD7y#u5jHKeV{W{J9FORHPXn+Nan{8_6;F_S^;z6P1}
zi=d0R$I@zv`U|pitWq7CG7AlBOB?DxZHEK9V8N2Q%7i{qb0Bs&E4^5ULliqOhld3%
zx0`B1dawxA#Y8>ub5$WqJz&8>ADERf6(9I1r};3M14FbVrqhR}BW~fCM5gm;%xH-a
zXGlWzy|pNn$?z_?6L5>X?;X!5dUo*$n=76~THqT$Ft@`+!Lv5@hDF6apRO?8A>!At
zPh5l>LTR@s&wy;Bs91>B;wGk#{AtJH*d8A>DGNJ-Qo9yn9SX6+S_pOTdP5mc^W+UP
zdm2;)Wx-a+fBmxg=+&>SB}^u9C4;8><R0#JrF5`@Fylx9x8SlcZ-?i%GhykFchT=H
zmV!`tH*Fc03UkdP3$FPOSfca1F{Yj-#-*i%Nm5rXC{;qv=EaAU%>+rOxanG*D(0Wf
zmtJ~oLf924(f4lCM2ky_hTqc;Y5w_7)UKCkYX3rX?^5aZbnnt)i+u0WA`2aix)$Op
z{5Yk+WzqP+B)a{3OL+)<S+j!lQIk#q=abCFBk`ks@T0S5^RDBc9R=??WHlC#oO*rX
zf&G(}B=Y?LJ~kizQ5>6-ic!TJQTzN{dc(9lq2K+C+)hvri(`sm9@tYIVLjDoZBGT8
z>);Kc{!g`NZ<@>w&Ydwuac3890u$req8_%izWy+8qu-=g(8bkc-4?jv0O_hJv*VJ*
zK5MqvXK@!A(M+nqWr~UEDI&}k6RUNjKw*)S*6RKyUiz!2YD>R-{%iHtLb~>ik1Wl;
zE}EvdlxDsEmS$_+G#`7*(ky<5rnw=P5AYKv{-+N3R}Z~3m&wx%7igOCQkvfXEzP%e
z(~R<#b^0V(k6W+o^NEdd>Z5jawAAbKE!%0I|NTp@c-(~l+UGAd8T9$9ybSvMHD1bm
z#kyXdFM|xV+D0?<`~}ZYZ=H^_l3N-2B{xJrLuR8474wo+j%;iMDUwP<bs9nC{8x_V
zR3D8+;0Yg{O6;!m@YlXGIYQ|Rj(D?B^v$ZKX{3k3P%gH#mP6lR{pd?!%4VZEj$!0u
zHm8+MTDuHx%_glhyjIVubxeGcIwF8iQps%8RXdMKYQ}y{Z9n{m`RW9jJq=#r=?DFl
zyQ07hyB$WRq;Nf4ja)eNmMi=N59}Gj)+M-OyBIuAYuRsk2Qkylwmisd@bHxKuQzxo
z>LS}&a3H&_WLKpttK>IZYneo2m=RVzp|v#nh!seTV=g61Z^IL-*AIc>E!Y*S@gd`9
z`id(^X6eqCSuA~HbS7QX^%Xmrc;bn#I1}5pZQC{`=ESyb+qRvFZR^YZKHrbt>#Rnd
z?$f=xtE<l5)kak)5B9g#T#-~}{pDD7dm*R=>?}~sB9-apuO=CScgf-$l<^+ysIlQp
zUYO9TP^_?Np}OORz53J*uso~|ZO~IuUIpA3G3Z<{VKXeJE(ms&E8!!$ZV+~rDB&Zt
z?f`ZbC4q*2)gs6WVvH=`DpTN*bnG?PDqo-p-*^`IrbGCKVcZK`FN(G1Po*34Q5b2;
zKj*ik#L-cs#ZgEZlgU5#4zdCtbIG&H5MY5c9+zj4C&Y=VI{~H_#YzjT{z{ls8Y#-B
z#xN$JFsheR!8E=@V}Kfy$g}z@z(Qawt0BLN65E*TT<V>47vFdKv)guS2#*}O&&a@%
zGk;_n5B^7{Fh_{HkE`7i{>6+Z;PAlup(#<oLCUaaV_7e2D@k7h^so(b{vo<#!dn(J
zv@0KS->%0N(2@_rb?7GzXsH6(IP_xzWGn*=F2ntH0npv$khuT+5CJPiAPsHgpcY^`
zpWMtlW8U`b#>jwodtHR*bg(~tHD8xJ7s?h51*DWf0R`QDyG0&gdwwjt{GkQEF%o)R
zJMay`SQfob6u2H<hl^zQO9VmyFPy~NEr}8J08T!u+>KQem5B2=OiYw?L@J2<bVFv}
z?`S~G8F3jPW7ne&I9~*mnTGq}0f2>Jxt+-%aY5678g;Ohscw2iz!|e&wCo_A6BwVR
zG}@)hcasT}PZ2>61}XuvM^v^jX(_m=p}9_|N6=t^!;mSrD&KwZ6%QcIgnqWhEk8O5
zV5<aqAMd6|0t_?z&AbumkpRlJF%u&j&WV))3tTrp2zdmc{LZ~gK8HY%cPOjTtlWS;
z9V8vC_k@*8O@}q*v}|+8fy@<(N##kmok>JbQ&e=uuLE+<DD?weUs4mMN55`SRoYYh
zsVb<Rel0VPyr2c!xp9R7Fq1s_o>(JY`goMdE0kML+cY?2#edb)*Wm`w)2Kd!X#du<
z{~f7>>xbcx7*}l9sfLHD)$6R*pqF7sHV4zJ%AwD4mi8}=Bp%jS{dBYnxeBDpr^?km
zPVzt(6srB&3ilG?v*ib+{4P<|!Rl43fOhpA=2P;ZtO)exLAKu@baHCG23o(gpZvMu
zFzuhPWnpH$7?(KF*BkOM`4i>|iRBur=o@|}CMIo27paG4c1S27nBcHUL4<!UP1W3a
z7rnaIu^T=?o7=BW#<FipFolgt+s%jEn|`1l0kz6H9dxly@HNS=rCdvd&e^e93Z+Kn
zd;xP0{{$}(IaVI_!)fIFiS6Jo)fdm_f9NlFYyuS<)GnGT`3fxrg)$V@CI@dwxW9d%
z61vBMKEr}D&byVT#=C37_)v%Qo@hwN7a=mO+#E|;;;NCOIKD-*CjzIK2~}Yx>4s`-
zF}+)fgL*L`ctV?lKhLj{2M#*AoD$9X#MR*+37rCwBbwYO+xR`40`vR2knDzSbq5D3
z>DQOGwQm}JJW$4vLY%&R|1wB(-RftvL02%$R`4#CW6;PvG@Tmf!;c3O81?H;3_<cX
z*`}Hpre;&)@W&$XPC#;73_08~skghXGR*h6oWD_JCFSg$gN%&QkBDnez%0bRus~z_
z+BG!9W0BdR>zXpQVOWW%?mK79YP;-2(*DRQzgr4Dph3IEpgp|!6I9tU*HNfx<X$hZ
zCD7;&mwH-R&!iD~K%;fjPy$6)=<52nBdnOE*>z;pS!T#wsb7QxWU!2Bu64C{L+r>T
zL{#6MV8*@!4a{rW4d1{)W^RBhWeDU0aNPw-{}2Qn3g|JDCaD!dEP?dnr!(vF2tEO?
z3PT*{#C?&en#i6WDP}QCSRDY-1i2oR>~iH&diG(8CN`b^ld9#svgfwz_~^#VMLX`A
zR$Mc@9Xm|T(>V$^96h-I_tFQdBMj=&wWd%yNTIVeFu~%7w?saeR_Nqtp(i>mbm5zO
zx&fZzMBmZlToIdS0G3A#H1@u&QOmmq<B19*PW$47gyj)8;eu-0;sh*uLmC|}cC4-i
zOGv9vul)dL+&+oz=G_b<D+bF+d)d-FA9L5=*i56FKspFXYAv?EdM2(cJ-zbzZ`d}l
zaEHC#2u`*EL@t_an-sA4nRd?SO~<87Dq+p_l^iZOXo3&4;Vae%5z9qf0)I?0yDF{!
ztTgk}8-j-mi9)Q^JZSC;iFAxyjT)@HwktY3VWN%}YSTxlgEx%f_$~_BW=^sFah|;y
zOD{LWyzsQ*+;z$yIFbGRjtCDOlKh1Cv-0qC%l|J_AriTwMDx}{;k{5tz+8mz38Z|<
z5^VFT^zJZVY1F2$HqQpu60{~hlL?Mfz2#0-`qqxb9XggvgT!5Jmg8SIEn%yyd?}=C
zKKA-Aso1omek-67Z6)o)jONgDhD%)+oi7O&Qk<JlJ>JpF7Tm&O%jGBY@I{+twosUj
zuVC^qe<n#DO(}60XkQ9Zqx6*j3VTyU@%#zY;{3_I<nlM@E={)26AaoOi+M_UjCQ5b
zdj5ifhw^(I%j>Qa=7RzlnbCrC^nx^k)Uc)>TFPl>%J6pCY-Re;ciZj%Bfc#SPm}4U
zggOWD6F$8Uf#&TF*?ewPEO5P|<-|!wJIAK%W;Y`Q`vmWKy%lt_{?qL})AIgLDa9>g
zg!0~$&dZ5Xip$UGZ_56)8CQRp_(kr`#ArXbafeM?geZ@W)pi~(9ZO?Sq9KDAN#Rc<
zl;)RTgf;yCx~yV>hk=1YNo-<VPf2M%FEP>r<zEs42h#KHVn-BWAV??3KD2d6CmV7r
zx65!zY#QwiV}I(qw&y~4@!_l;P_-e@6bI&s-aSk?#+IyU;gURJs34(KV@IiamWu4f
zblze|9c->nB13}RI?@G#yg+CZ-ClGkv%5)!IR#qAtlBt!^t+8Y&lzi19W|@kb&l0H
znPe>Dfd;#ch4^J<4G97|_k5rjT$NV1v~1DbPD)u}-H7yubNx4Cp(7&Xez0)L_Q_0*
z5$G%NlLS>+BxZ6&&n=zC(OPpGpf_}?s!66-xzFX)Y;cvzuk>(HRP0#I(R0HU#ujG<
z85A`uzRG}2C5dM!n@x&NA?cduQm3cV!3hhhzmZ6&*G9A@blND(Ej9dTRGc_H=u8i&
z=B-y0aGa4DrHFAE%Z{IwxtW$<rzrIwcH`vjTYC{#=iEN<zj%-Q{-!?0Ql678O~o8H
zIgY=rOii1uu`_lsdyX)q?tWCxxxF+L;#_nHl&xR9uc(drthsAHE;lRIbk7%5)s*_<
zum_!C1*IFKMY9qHaSFkrN}&XuMD{(P1dW;aCPYbbE*NP8jppD&^;6vur7w{D2MbXm
zZfM+uX<y!z$#w`BVOO4uqjI%GKFi0AugqErpJy2jpb;k#SlElX^C1=U`Pw=FGV12;
zyMMxHxu5gTZG+B{5)Kw}>U`1b7=i77>c(ML-4pPHRuO{EVaJy8CkkUXg;sGBHdRM#
z@~xQ0vVcZNQm3SG4AVkXwBzCxY;=?8af9qTwt$WqY6Lf4OptZJwbEUX)n||_z)llv
z<e#n>xSyh<<N+R{8!7;k$&V_PD2EX6Ia86FvF8^DcxFcZ_^Lkn`7W(H|NB|jQ+jyk
z$(zPD(3iA%C>e%iHir4|)c`RC8qf||LnaD-58gwbHj_HemV*VDb4Wp+vboAQmda($
z5?!=Ia3&q=cc1uEIaq}sF6y`|&#BIaph~Q2*=nw{&aBWdtc|YapSO5*>-;iq{dRGc
zQ|fa=&$@`iEui?ZqF-35v-ptwUObpcC~KQ+N6nei)qG6<>_?RFc}KXAGTqqQ=^QN|
z=QxWoI(+5tf3xwGju)`U`szDcEw&2SN<`R6b#p3|Lh7_%7hJB_Ba+?Q`J7?e_Suf5
zrBgk>WeDPt*5CPQW%jj%d9nSuAP(9izX4ks*a{6wMWS>*-t8XU3SEr%;&3ZDAq0+a
zL|rd10{j`)I(mLpxrcbse|VJ}UfgN_+2xq;1wDa=!Qx*!t5iSZi0koPcSCNEjs0#A
z>&^sv;Ur|@2v#;bcj`02{fH6k4kV{RodweXTl9BS;?xPgl;Huy`lkFIGR^^NuGFrB
z;b|3q9)tW=Jv}OERI7rA+KiBS>>n}-l+3MHpEiH5sy3*v4bWS5QzR#pH<iT`p1QJQ
zCj!;-Zy+z*-}I(-C#-ULY!z916vcM!(Lyu>@hipVn@lFkK>>`JA6}!g@4P630)t;H
zw1kIsf5?&A`u5U)mR{{Bb~2kk9Qd^Yj;UYZCi*h6R+QgsvYpXe1^#-jC|9gan||^4
z@dc;XXS-4)UlCmfelXDS!v*8CWVioyWzaIcHTwi{=Hh?zrefK=C>M8EEs9~tu<Unm
zxcLO9{gR^1rWhN1WBf3(RNOVpB_d5S7zg6z5_Q6LnzQZ|<}eVhpppoKL4-uibEN%5
z<aNOqeto(5iS14o>-}i`d=4Go!XaqUM$l<Ge_|ze>aDTYh@%(3uFNI@jUZ%p1oxE3
z%)>{Ziw5cRCu0N6r%XNY)0gU{yD;q^kKD1w?<*?8N*1z1@=-Js=08(CA!f-q1RRXs
z67B)3a4CS&mj@{3{SbI=F!i4RkD>*FO787cmlf+s7V=}|Qi!aACq`10;Pj*8S-VBp
zvq$pYTTkJeXD=PP36Fq$vEh4qWiRbCU20C8&QJAfyCEpUT@pz8%QFET-=huUt1H%#
z-iK-fH8<a$n2bEDPsZ=kcsh^%mAdgrd|VvMHu<kDXmiIsr<$vfX|E|Dx1&;@Bud29
zFoN=UWW1G$tl;iw@n66(7@Qk7%4GP`J)%DtO1?ljpEAa0mXowyk-k8a7EINUX*N$t
z1<HGNaOrI-!k-weaH1wnch{2l(aw=@4(JxKFz?iya3H~3_r*f^7&<~8=`~8LWd7@z
zjwfXP!k$h;zG}QzKkmOqUtf~oE-SKmeL|UUANzN>mZ$I3u0UTkn(kcYty#|XL+7l&
z3-*ZlVAM7}GF_)m(rXN)1vs8y%Pqc%*Y`X=Y@|pM$U1q_a$EnJ`jR=G{z{`foFm2u
zKRU?HP?*0Et}s9nFw)7xd=k`Y4P6vmUN|qZwD@<zyiMRgZ;Dc!>b#*g@TynQ9--z8
zB`0x(KVR4&h6+)Leg%a?ZLs;IKx3eN-#2CdM$d{_+tr3ibf-t#g&CJEOdaF8sWb5E
zVboy0Ocr+3N@zoEkchkIvdO&?gTj5Ms-36GGDmIT?a7)#XF!^~^jiWd;Tt%Uz9Btv
zY907+ggQlR8iuYa#7O+G=jRN#o&lWRDp#okO3G?Aboc!D0l=si4RwiOpmW056_Ltd
zeYM(vhl@yO=tBc4_TNR9Z(p)<A9YT@N@io>Ju^4UnjCoWo-9sllYH2{yz=haZt$6|
zCg0+WBN{*>AwGxT*5c)vGU~<^TWN~CF3bWkBwQx;Lb-_D=0`FW1ht8{Tdw4!u=L;(
z>U6AAFGXq{zP7TcmwL)g5NKS6%tOza1xgljlw7bb5tpWT_KP(*;DdP6Mn?Q<=5S#@
z)W-32gKyUM!S#S0EwWPOy0EOcS;_D+O4B{6^;V{QFdeerM$k4;zxg+}%ONL3%j3h2
z*4IrNj#f8wpLJEleXiD*gIe<0*#o+kDM#R4vr^+a#no}QBev_kM0TSpW@lGdSh9}p
zHfVC02Z(-i!B}fs5ssuXa|q^)rgs@;q4h4I_8QBg;!Kn3%v_P>p9z$G5wSWwy+6R@
zGM|{`dcm|aT4muK1!amIYVChkMmgUHBW+QwC@f-fQy6<Aohq=@Rt40tvj!q0mA!TY
z3$@Bl;gLd_QMht)B$boW3C9Y{l34|ATa}ovD?w?MJG%nVdTkYuTXY=rGh=X1T{x?^
z0_%K@yJ_F(1klctTXL&vsx`_uT)2f=l^*6FV&A`ocP~_W3d<(PVIp+JsH-Y3hZK}&
zVnJCx=WP{fc{hv451tyCC6zs^#3hv<iH0PViNk-=DLc~|bSN#hgx)A92mQB_ZsHq~
zC%++N;zgrO<4&nz@t;rN;E&1Q$;P;HPylo6o>FRLId}jRlcjpMT~8${_;oy_U2L^6
z9z;(}T4O~fZVf&Fhsn>{i{?xaP%&R&?A;Fn15kU+NV=mWz^nI(j)_+1-4Y$HxVnnp
zE-Zr@)~!`?zI~=jD(m9>3@<Ee9d49V4&a8ZJh);FPR%fb5U<?{VcaDm8W<$sA_AOp
z4O|;!GfuTCzk{wEJFlK?vV^x!l=$mLbK5k^TelrG2#fEC%sRO$Ck`inC698mI(#|A
zFq*CLK8u*IwQCXHW`DI&j{D-fzKr=^B3Ehkx%ULy?j!Roep)<SdA-mzC(FOkdD0PY
z;%TiAKk54DVtpjnrWTTX8AnLrqK)6HJkw3nkP?K_n|~y~%oQhTWaH;dZ&P}gF?zf3
z{5`3^fjNy|lgyp=nJG?>=85aRduHg$N!;a965m6jK@jXQmFjAW+vxr(d+*TJNX*v0
zu54C*Injc-+w-CxpYD$N&C7eQv|mi=m1D~PG6^i4JJNmD(oN)fqs-&s-hW+5;qjO7
zCfWt#cDna}uJ3!kDoJL|gMYYv<jCRG752TDQ~1h$wuHlT9@fQi#@95BxO0EA#3`Wi
zEuUsQd2?KpTw%+NOqd2P&!lFt`Rcw^GvycDJqdq}9bQpMmr)oW($bACIEi3MQP7BF
zZ72l2fIbnMnf-ll?<4WG_xDuVVr&)t8ZmWP{`#FY>Ml{%6h4<e<Sj2|i`|St(<&^v
z+KXSb!+X#Odpecc_D-D5DEwhaZ+e^5pt-7I+qWRKY`>1(=;=*y=9cP0Gk(;{yJHNq
z6f1e+sie9wT;z%6<K;z=emT=@HqV_^eF5G%J=%=w#ARBO$*1D&GI)AH8fw(4a!DH6
zqlNUDvENpoaF*hba^_`)_xw`fb=Ff<52*>YKd3;cVtdv@*QN;-otM4*<=BKfjP_n;
zB~vvYZTW9e_YoB5!7(W6m13=02lysHs2R?11V^cvA6qH3YM<a;8Cxm5`UG4rh_&Wh
zB?qpT#d;UlCZ`{U!d)sOq6AWj8U9^7^2-1N|B(YiedOm0pjQP`>j7y8#O8r;?fH=c
zS_(ln4*ZM&S`)cewv#7?jV`J)A(WQOG6ZE6n?kQMD{B|MtTJf9LhF`VGkEMfV?Ll}
zl_2Lke%^p*4Y21VFcna}LAX_$5cJ6z53Y{zE0+={(8}S;a-(*<q2C+f%60jUD!bZ`
z&;9?k1V?&8VnnO|T^<S!-;{d~R5RQ)!3K&{|2sT8f?u;sJnZ=MD@u0d4a!$!Z4~BI
zso)JzlmLnvfRDI|eO|fNb5ChIdNBVDqx0?_l1AP$XO-|Bq>G&h9i;xp=+<p1Mmw0L
zxmUDd-11!=q{y3_k4aqNxs2}wUCWufUn=suG_CihHNkxyoupKsO74<#pA++%L^vAN
zP4sq&33m*3iAsFDCpsly{iLwu&#nBs5zQM#c8;79yKm{v6d8*A{JXcj4QPiK=~oXS
zW31bsF<jnvw>Mu1V1i{S#r}lKpqoWgvM@o}VrVRlE&RJxHa3cEL}?0YSDf0gh9Br?
zk6fe*C6;mUcP3=wsBJhkZlZ0=Ff0J;fN*)uG39O)_SOL_<OY-R$#k=(^I(D_o4nOJ
z(&#iA-J|g|t+)1#wD)sYLraAv%M_xA3UQCXprN$$psmIE>{u>u-~q+ta#Y;y*{O>-
zo|&X1<%8yC+-qJ&UI9zClBx^Xyvw_It2yWWe!2AeeC31Gx=ve>wJg&uHmGtuN!csr
z5$%GaQ>B+3KJCJp_C}F~J&uHOOjMf^X;LDmEN8#Q%l&qM^wdu+#U^eRmQw)&92{q3
z{BKZ?iHvIVCBVXQK8d+CURd1!6h5O}nJc}aQ`z;?0047AI;K7%wgA9tdp?x|zcWsK
zX)UmlL2rL3ke%uq2$elQI*^@^VL3Xkh2N*qJm28sR${o|ee<13sX~9ETM869vy_^o
zN4$pM%Yl@Ou;ps$1iLN#eM;%rQw_LIjN~XUZ?^<&L)$ubR<ezax$Z{D3fN=v)DLSV
zYB%n;KNfo5FTAjq@n~3Pdk-PBuS3mfNPbA2SaIdw)8Z?8V7kJT4$t`Nzfn&ZwPf#v
zzIs(WfzB0OrKEH|DWq6V%~FS1-|t|AL)FW173?w}shZ@v)$A@llurogzrim>j4y;=
za?~MzZ&k`SlgIG%t=HJG%;lEv)5?2bsU`QI$hfgL6t7SfZT8GVsWg+lU+37&I!?;Y
zo1gj=ZYN<0QDjS(XVVqgozhJSB2sAi#7qt917^_30~v31Sd1{j(@M2;O>#>hg3S1A
zx7*GC^j)F^WxKWW=lW)>qkXOgD6kz-X~Qn7qoG~0l@;2t7284Q+ciY?*^B<|Gy2=d
zFKUbdmTwm-lxs!uUJ9a+QekpxZ(m^7pmE*6_KN1$cY+e6-La8#?F7|Kk?{dpNbgcf
z8w4f^1WIw_70wJ%G%&#K8KVW`@x!)9pmn(j<<-#T&rr%k*D4kUtro}`)wZWq;0(qN
zx;6HQ=j*>k`!{K6tqmz`%tvWs-K}BT={E^GjvYkMIk(<FDcfOX<Q~)^9x;U4V^Qwi
z9_sHiXzkxt_oE~uM~?prldKOI-+3J|Zb_?C6#hFd*SO;(KW6;X?nS8V?@7?cPMx(C
zNNWdyOzXQ(BW?0<I7JJWuh_V;{ZwJ9{R#P=!wKR3obLW@z9336NTg)_fHCqnKmUv<
z`O{+T5sjbrV<Es>7?^yN>+C7^z%bj7K$|^;7CX)?O_3a^a^k>VSrRZFgJjV<!RaDg
z95`3SH)dQONa#LLC3iva+7jKn)Po>`Ox-mIjREIBPO8ue&(PX?z<L2YV*EswFb+%Q
z+-jvH)N6e2&&3MW_0SN$U(B1gX_??Ia#-w|)eCdgrIMGumB}r#eXi<0$+MlUTb){(
z>%TnFN7+7PsRB#&mcc$2xIxf0G4&;<!nAggYvoF;!KA2ij4_EqAUtcea&(EGPxz*!
zQ{Vh_aKap~4%RM+&|#8Q5pCIF!lO1EXo3tIB8Dc?X&2ZR+4TMLA&gXb9&*rz-M&?k
zV`I}ECSyK0U@lLsx=l+IpPsiYYJePCX0^*O#<sTb4!&Hc;~}EHj92qY&CLADGVn+T
zeMEb}R-nD2Sv;sKNe&p7@Vsknd>F%Tg*%((9-^f_xZdu_%ECOWy<A#4I<BikXt0ho
z8+W^ew7wvQ6I-8`lUR?Qb~b;@uL)?fZ2#}r^i2odrQ1!&F6smND{a;3%*4X>#s|_@
zGu2fXQ*{(mxNPHyOKRUXV*2XJ$^)VeZi72XZ;2$sFj{q8^f=FYjDD4#N?xe+3`cva
zorLj)K&D>7OMYyqJ!gsWPhfgkthA6iXF?&R(Y%}rj<HLS71@|Xj#ZVwBk~x&PTv1d
z#|8Z_9d{wH>JVfFGp3Sb)hN&eYRo9tBt!UyVhjUZFNv)bRrgHru8#GNsPp(=I!>J;
z;p6*5`y}Ui=CO^6Cz9=pZs0Iv9-!lT;D-eGQ3-P2N(b5omXlAW=gEp_2J7d7-NT6_
z#K#VB^2mYg7zB}BLg9;qocYRyenth@TJ+gG?fX>%j&nfZeMvwu06Ejd(#M>LZUlf$
zCO`WaVLmPZB(DmXhy$NDpraf_%999G0<hyP4SX^}Y^e_h1oPxpQXYfSoaBYaJq~He
z;TmHERs0;g%r35DfK4SB`xH`#2&$kSbIGYF6Hq}m9+y)QBrFfEGY7&cjDX6s{4jP#
zuhUCVmtT@2EDx#U09uyC2ANy9Ly}*H(81VqGEH0__yqx0DnM{|ch!dgdc|Zuk{nP@
zkUdY>J-@r2SkVCO%$~kT4t@{-UJDSftE<gLz|8r_<|xQ8NDV*O%8>RI4oHp6p2t@(
z81A=cEp<!4X^End>3pJu(m66UcU=(o46Z#mm3%#{=>ZK{HV@;ApYkk7|DNgFm+iYM
z$YX))S1gZTR=nLe?{QjOgD`he?F0KQg+zETKOjH#rf|z-5_ya?Or@<|TUB*Vz96US
zsLJ#PGex8tS`PCDbIF>@i;J7a;LCQu*4O@N_0`XGiS*@4{MwINT>7!wnfQ6l7R0ON
zUUr3J3>Y)60=!H!sft4&po;avM)?T&dQ2%5@@}$q37x|m$SD<khgN2h>K5N*^ZB+C
zMlCH4I{AGvM>`vCmlZ<2xZ-uYvoD4|7pMPFj(y~9_cZG<P;Aq^{(d1lSA+Q!ZqjYI
zrDIF=*3zxjUBKj-SvRWjRjwWS5i60iSF+_4mCGVNbZWM~c{=MNR?&~cJQ7vBeC7OJ
z&#__xrsxhtteKSS40)<^L_HLI2UQ0~BMZ^UQ807Yg1gVc(&>OThR5qJn#Ac|r5GVI
z{mSvbvwV&v`sCW|z%E#UnTOn>A-DJzsMv~cAp3XtD~sGBg~EyW-%4cQ4|p(^*1p03
z6AXlY**1OdN!Q+qriE~(E6PEsZiDH|Ik%q$PGvjH28aguW&bq28cA1#lK04$^T%&u
zm$MjG3o;Lt{dAd0gAlhShwOOpPH!OIHT__c=&4{JmDn81+D7H}1ZU-?41WiR##DHj
zy+3=l#jrr*lK!~tH8#-ay7jW0ep)#-k<L>U0iJ$o=6DO%es0e;#N;v>-!LGC-F7^2
zS_ipGcwQ@Hd6IK3cS_5!rz>A#FPk*BoBW;74n$_*q0-+eF+VWhDG3`8mwZuoK(Z~e
z+ig<W?(imVnxxzw!AZZnk4llgWm9zgK-eH|hr?+RowLstR+W4ITi_;*H+c6bM*S{x
z@Hgc~I}0DC@L%ybjvI-_&x<gdsPJj9L2s^>fBo7Pg9t@ms;r~MU&X9gvR@HECIpIV
z)(_sQcG6d*jno@xrwWo2xBVm)(alzuGwIt_mq2OviAGWgUdm$DW&DzM=Y4J^yZw+K
zWg-eSNznmq?a8WMRNI|gUz&lN<2<ksnZ^$+^!<1WYX}qgB|DCCH5mmv)TS;ztn{X~
z3ATD&^|NMR^$dENPU@Z96L%@mW84$ja>E^0p{rI_h8#M`b<Rz?{O?!WQJoM`KCF)z
z&tEp@G$ZWh=ie1$=2kTAt_y0L^*+Q6ZF@7~hqeM{$-j5hmc{mj>-!HVvzZ<-Qe?hc
zRUb)ow)``W_S4tbvZMDo0VaFW04OH_pE$w}9AXKA-wSq+DXttipq|;!VU>vQ`47O0
z$<tH9jt>&xz^t1x0-_6|*K!D#&#p%Xcr^zcvFZH+_$&f^_WYUvV#|QE8|{N?kenuy
za#?P~YXBcJf*u8wmWB|(k;(4`w+0h1@90p7u+<*13xDvc*45koB9W1sflal(^8wR;
zL58G_`V4tRaekwEopMEq0$D$Nw^J+KmCYF~9>+KL9id~06!(Zq#IrAG52vIT-&f;_
zc)f>PsNGVN_F_`zs^RdIs6`AO1}m>oz(R`bhP!FI_NIRdgCXshFb^1d{BN#a&C9#x
z{<8Otutm(Qn#WSZ&^TSw@7iN$J3FD2&LbAWPU@d*o)*6a9huy-`2<b)h1$~vc-1Nb
z9vZuK^1r&JzM0ED@6=37KGaK}s?@+(>s9;{aXNJex0Mrg$^P7W?`?Refr@?}&R<Dr
z_1QnVqFvSsSY>*Up*{3C?sCYVtskNKPC(XhlHx2%Jg*Cu{}#)gK$5O}Jz3IOd!^eR
z_ovPE^SP5|v|&)@2%9zj8rav!i=`G7|0TwA*nGA?9bk<A#6x$tI9@xE-c84ATgFzs
zteqkLqW1og`>tWk`n#9884K%>CS7a@b+?J41V&(?rM;CUhWczO*STN&P!ls*Gh3&L
zWyRJRt)3(J@9!#BtVldV7;Ey%H}LP0akjN@m*_Fpu^_HcP%E;KGL2S}vNe$;Uk}p0
zW>}dr6P~xly`|vez->m}W(NPa4c=acMEIH7#cUo6LoDSYtd~`0dZOOA7T#}7_ot8J
z)YLG=V|kuup!nTi`X_f(RIgpd*C04M&sz2+A2F3~0%1*`F65)XsG1-4AxzW$O(y+F
zsc{1TOt!>vMR}Y<Cj`v!ZDF8XHm8DQonyVjr2_Vd=hqI%gp|7p%y}~!f&h6XB5x?v
zzQxm0vSnyzH?GuD^@@*gvps*%kWb;sNg>N1d!NAm*q>b;4Xq*B+}NR8*o~QV3!RF&
zZl3KO9%=JXWnm>wrwx2*zx?@9nz?OF4?2i%J>yN5jmlKx**<?INSM~u{n)0+{$4XS
z?0EiF<%MxYZT8~i6@GBHH1(y$L$O}#6@KwfkRTi1_~klwlqr>ei}n2Zy<=SyW`h?C
zckk_L(+6+z^ddp6SFrWhx5Z-J&u@#|F;QbjJ0;&;J8i4X+)~{9953Ez`nG88+jIN!
zF#N^;VpKI|`vSaZ^@!Pj+$iL2c*MQS9-5D>iP>#rqB}duB7x&kd2_4(u;%qFW>{))
z{XowRFnlj9|4r7DhAgPMWc>)AyIq1QH0rWz|44y6P(v1Pl6xA7*-GtTg+LE$KGu0~
zV;IAJIsaU%9b)!xSf*RLSvbFVC5dHe+r$^R^7%j%yfFa1J1Zte6ZpPPU6HO6z7|;U
z%cqEz8pkL*wfhLeBi-s-9ZL05uWy|qXcYnfhXW_L(dCm^g^e^7s{Z8l`(}I>%ZY0}
z^B(<5z*0hgfdu)dOr-WSw53Lb_X3XWh4kJ2k4*DV0%iSM*@oH}2+y}4AI-LTtkypU
zvZxjo*NtQm{uqnO#dAE3-1k3_x#Ob$G<I%?3azs`vy71GYywNdB6`vQ7=(=l>^zZJ
zwjwYDjeaMWo)D4YDT-UfcOq>zz&}mH+6a<aLgk$1O?+uP9y}El&+joyRy36f3z@9~
ze^q|ERz?dalt79GX+HF*FV~^J!0wTkR3Y*nzTXi`E$khMpvO13%g+Je%zseUIuofH
z@S)<7O6<#q5nSi(CrS!3VPSOjCbUUXWG;@|)V`ZOt%7%+Csh&ET|9%})#X9<mh>jV
zXa!CSI5S;Oc0=wtGe0-g2|eStTrZ{75||JL(1-On&R0gWtNn~t>s_<THXaJllQ$mv
zWiGfB>3yGBMJ2#@!b(#3#7gM~;y?GsJEPbJFTYl2?LgS}M3(aU*K$bUn)|JX&sU#h
z0I5FEaj`4(MPI+0+zSa?ye?Ly8>8f9vkqE*lJ)cp)232@w5Uiqx2O|ENEi#Fch6ty
zcISp~ha@2C8nKFXcKmtN;NIt3n)ZfI0dxGH{{*IH5ls}HQO$OtqAHL`!*t9gKXave
zG~=_@QK|?yY<JA2luDKQ^{wh$p$aKVnJ1f>rT!Pr$2h>;q8En9?p^AQWp{&bE*Fnz
zEIKLSqapXrx$x%W#=3V8`>)4vno84N=i|&MHwn|l-TGo$2exGx2gSli=uFCOANgo~
zFP`cwkd2O-jDVE1d+Mo`#l5>D4s+hR!;<U1*4Ve5O17&q<(-U^%r@0MOl2_%y+G(~
zd4AM!_B~O0?;ceJ)tMa*@4R8RFy@GWR>2R6m56{xY8m1K)U5u-0u-xW@oSjm+hh48
z`9q7^cd-yK{qL=H|7^k;!3On+1u5_{GV<41pxIWr7$w=UbLq<j=fZe(-2LeR;oNaf
zX#AUJf1DY_>0DqJtO!f)F8Ooxs_<=UG)%#pVn}yO_jHU&N(qMvuIfWEht^_&ffB0d
z0uOI;*3xYZO696(e5IH4v1t?NaC?4oqh+d}6BV(yE=n9eQe~*YXv}5pPgx3D>pEUF
z$bYOAa%k~9#=^6u^!IG>pzWMcv!vCCAUV|M%J=mN_Zv`;CV*PYr&30OoE$r0VGX7J
zc(+eH;Z19tItz_(FH_8W*1j}#!UjvfGX2#g>a%Y1;Sa-NRi_PK$oc3u4I)*m@lmTv
zgQR!YjgR3|=M6$WKSMt72h6#wcGinln5pRD?3}Yp$@Y^0zBSiuZ9ng)ACEQdv9*5e
zxaL>fY0ObZ$DJo2luJSh+HRORzbfscX04Gs%h|ZBe`7W<&97ml+y6N0wNntk;QteS
zX2_1Gx$D3pBFg?ZdX5N><;||s<$mhtH`qYLPoW&-z^=3+$-7<(rsPy>&{qW5XV(B@
zRT}Ilz*J?7EE)COg&~u=tCRg*q=+qM%hn%re{+q>Q;R>-S__rK@t+`VA02JTiLHiK
z7!aSz;2_V!T;`@x7P41z6@^tQ7EMgtjuffiEXZ&9;WW6$TgZ7-bxu3eoD(<pho`xS
zSwZG^IrN!vhg<x1Mp!eHUZ+|!TsUjsc1c9@x^Qb!;UA|$Z-6xwJz*Z;K3G7gt*an>
ztq=bB%Qp1pu7(iuCV0gntAj9jY!c|(AMDlu)>wF+@4mEUlaxP+ZTqds9rBJ)b~OH1
z<FZuVB=tpyo!al0b2(NoI0z+wS&)+WQQe$gvFD}Xz-3@??KIsIGR@4tx>Z)}C}ud&
zRW(J_;k3Q{`=K;8wbP|YhJ(X-`QWmweZdecRX@$iz2-W|$-U`11>pvcIA@pUiw)Hv
zVH;a50b}Ln*osp-6=EVI73VXiiXSSoWmU;!^<{epi-a3B9DE&23V4Xo`-{1r>ls=>
z=96ba6s0n_B-Drt<*3cUXN|)mpJIW^+TSzX`TuCt<d9qtsURMC3@(qYEB(b<crAi`
z{3|CO2d7WUe$7g~m-_)a>HUYP8+gw(J@BrRn1W74ux4gJQ@F112T3=uEIe^AAbbLU
zc8TP2wr^`;s!2ZA-Y9<vx&CR+d`&jUb>6H|n$m(e9tqGMP$)6ZBYSp1^p2*Y{fE-R
z_5#Jj+fDE`LG8&zp&d@q16$H~c5#m#M+3WeCT?F)$9Lz5QnbXqr^KDF3j-m8Ylg~?
zDCO#ryZ}`0srLk=0m+7<uq`iLMpQXC`Hwxp#szmLkDEJ1TBU374LDi4lcYB1uiA=}
zB^pK(Yt3|Ee}#6nNIi>=#EXSxW<}zd=n@(H;`kbb757KTEw}^(&kUJd-!G61y55Hb
zAG@K`>Q#Ce9GQy<>8l%AjkY#<-1B&&Plj}F8bAkMTmXLS^lc3QzI!Rd8{vFVBhCg+
zv$ePQzHyx(SPqpCYmGc1gPewYd-}_a7~OzjQ<8EbTZ)~B#8`i@QOi2-;7&f27jcPd
zVAN-YIuK1(aYgZ9VrVL>%*E*C<Z>iWc0JBrU&t-NcwGYO(Z?5Q2a8>azqk%<-UwVK
zGk~h;W=oJycJ%>Mh!w=>hZe+vkSagy1F?QuQv?6!ybE91zGpIZDbvEwpJx6m4jzbl
zj*fW?`<j(Pg)%B$dMih6*pKXU?`V;MaVY|cAbIvV%e>naS`p4674fwGiF%g4ZjxMG
zkspkkZq!!^zAv%PWB)|dR5w*!#!4Edx>j{3J@6RW@?n^-kPZ(X3hHFs(Y=KSEwv2k
z!K?ksyu7&{>PT#@`iHyEO}{$HD}t?bWz49~V3?EEQ^O}5?u4Jyz`4gKi;nP*8R150
zV<#UIWBex{qmT}o9Rdcbbv&<`cT^9pD5KaJNP!vB1Vtkm(%I8S>N(bH=qbsTV5KUJ
z@31@umeEgpn)zX+<daQJ<YP_TmXf7FN_LCbiUhqIG9NpNcsD7?q#6PB9^!hdwb2UP
zB^fo4V8l2qMh*mccm+SWO3FEXJN*o0k~Wz^P^J9=zIys5-%uIJ(jG*s^u;A(W3riZ
z@M;n8=vret%{elv#weujajL!oUnh@e*y@F8+2{Q1EOoC9$s`Rv(X=%WipJJtXNB^N
zm<7m_A{Kcm1kJyC=2tY#0PD`2^lyrZP8+)P^7Q?A3gv-0$fb8k`No-+KXe_e=Ibef
z|1uZC+Of2(u@0n@o3jo)!)zz+q!1Pb>K^T}Q69=Pc<K+$2eJW`-KlnuRJU~?Dt9U$
zYFt4~@kBo{<~>C3eP9g(^)~Z`UOVNPPaiG9D{}Nyxa_!ZKuFFdH=VF8qK4ETl77jz
zTX@m0j7rvqq>$W2BE-sC^PVDq?&-9yR@p4=k4%P&a=M`FXm4k{J|~w}k=4bR)S>oQ
z|LXHoC;?So3b}uk<<&mO1+?ybNb{fdX*Pdsj;OYwHz9Q-%v&*ym0`z?(MPIBBF#K_
zc&2z(7ar}DBz@x@ca2|L*`FnT4^r_2og9hePskEdMb}jUsmfy$h1A)`C@GB&<W#VX
z7t!h@fQ-4+a)fYvtBuM^7!|RLLaWFLi;5!_`BubZ5}y9PL}XNxX*lLr2?x}>!iA3V
z8ncqQ6k|g<6~zLN7-L%k>b^necnQqkdZ3hpP{7K_xubAaMtKtf^(uj+s5(ok((iN<
zEu*{Pr@V?5A>)5m$ACsY!1S0pSXg!S1k$|!1>!d4{}+hE_+KCn!>_IlR-Jx~>wkeb
zhFv%=!OGa6-1DDf8bG66;Cf`8SWrb_^Xo*<$6X5ow>q>e^lx^$Y}G5pZdZQr1gM@u
zIE$Xk2%=w(KR~S7O2VK##KAKl{SM-=Yl6Uh06odre9y+<&oFQxKfKft+`QD^`+fqn
zmH{@7e5U_R)UUGV0|I0Wp?+IIkk+Q>DYy(tteOYeqrwQTwwIaApcWd-r{%cS^NwZF
z6xaQQUG)TV#?;lqt^yM-1l8*Vl0xemf$0^o-hK?6V<tc&ML8BwV**Me3gB5}9Xsr*
zRRXif>M*Q2_84W(xnhtN$e0dweqAB#swuENvMv#Jl_3F7U{wQsol3q9u~3(43;Y~W
z1B8g?&7f{Xjm!4Ix&(w*PE!#Y3oxu}Q*Jp*#6AQ?&uB9rJ_m`4RUlSCKzYqECIU1P
z>|CI^DTb=E^_?fMftV4Rdsc~l`9UvfueZ^S=7}kc-J9~M3bZVVT@+ju{l8%6cShuY
zLwpwSe?y$K&_rDqqRu91rEN+qZ4|@GrUwN$H3Nv^ha=oE0?rozh+G0PS)k;GAa|W)
zufvGJxh!VnJzj;qUT<PjCHMdpGr%-^4<>*X;n!g;bc=L_k!cIrpOMvJ0~23}9y;uv
zt9LjYK#eZg@rTfR03N_TP3)(3cBt-8P(L$-o=2f`NkhPl0$Aujzh#gaHLz>+0g?{D
z^(|SYKeD7*RH*6-AxncGsQi*N;hC1&CMe=vt_kt)nap)&!Kj`PY$(7~Tz1*3NgJi*
zFBm|Zr|?H2xvEhLi(hM5??wkvkrE!jl*!LURoD*(AYEMsLPHnEq~jF=I5mfCY*ZEQ
z!3TJiy$I001t_Z_`n{#meG@vw|39Ha2f$VhqP6FD_#e|j>)&bxz;BybB5T*Lf(P7A
z3CwK@>Zu!Kr>%gZUVnLj<AeB@hpwWp0RV~`lus35r%zh_4j&=KkaaOd7948`G6ju4
z%G^P6ff*doXj2M8h%1K%NM!Z{Alf|!qb6bVsUxz10&Ed-fKU}+d`*h;5L&1p^?)D6
z`uS8)@SuG6%xgTVKA@t#0{SP|qGFnQN##}V(po54s<KAw>g=K_D*KJ8C-8HDu4_Sr
zL67&Q<AF6typ{Hg-(~c?d;^_!t0y1C68(Wptu<!vxGapJqN7_lxCRdBCQz{YtBPz6
zl;q3q7=F&X)4yS?(KW=(*q+o}={eQO7xcbvF)3?&U)WK19;C!vSl+21J~#ek6ZCYW
z>>^dHaM<=_^E(vEpu#OHhktRw^9~Be)F{w_2Si5|s>TH^`u*l47ejW|vyF=V-~_=4
zDd5_br4zFNyt{+?dh}%X<{@$=uZwI?A7sU?fKSA%zEBL*q#pkPN;n0kqfQ}l?)ufD
z%KT~%k3(u9V@n?6Rfb=X0Pyo3!SnGDZ#xC}4!R?KGAn?l2f+mz8H4b!?fzWpu~XQ@
zx**&urk0;s70Qy)PaTtizPbFfnJ5!#c5v&EMyg_#B@+Y6v~S)m4$ld0I+=;NJIx+n
z5buc2#cmKsich<Y;y~o(5f|Hm_?yME%Cg~(@dTp0JbOIkIF|A)xICXKbuOrTs6J*k
z%H0&|AOFx(e}4(4iJ4nU!sE2m3Uh|;A0g2g=KWTx5#@g6P31}DAhCfr2t`EWUJhl-
zzr)P!SxzxjGR<BwKSMb|&HB7oo9om1RzX)^Mp^eRhF|y<*~tI$6~$4g9~PwDcMVRR
z5;vR=2<^9fXE;K-&0D`kfu4LR)_KM0pf*j9>_tsOd8C8Wfi{~86>N#$BkOIQ-lDXD
z_xaFk<{-JxTYSMGj%xk6(0HE&yZ54v8jg2Zm(9Iu!Y;A>RdVaxA#>{U)9J{|R|(T(
zQEKxvKwVb*vCle=clQE2r_wIY-0WKsC=8n@1!(3l@QfFmE$T9mz%IA*hH)Yd`qL9S
z+KWv@oRdH4d%^JB@s6P4E_lPhLF#wVrMm=&!6jRV3BW|A?xTOZ*R%U3j+7GXwEPyn
zFvu9KqEjoykZSH37M;_RwYQdT$DW7eD`}-l&^{7rSs8SdI1xFI%t7Yq$;Qk@<XzqM
zg8!3Ejh~O>Q@3<@daIVXd!=77#Wsxgi(aIOpIc-tr|Yk^9DyvcGZ#MPb`DQhyPY$T
z^uKN1$m{8dH}t=<oPv`-S#JK4O1-WRZ1<1DwXH(CvxIdpT5kTTUbb!?rMjUby=pf5
zcq3q;7#YV8*yq>CB-**3;`it_188MKdfA*A5l@aV)T<%KQ#_QACc4C%cMWsKN>%=4
zP<Eq<5#_+sDv16Yd?R)RQ?C_UYQ}oI@J^6cd=A{?N>n^7#h9E&yKUX|zsZ5AM(-@t
z@X!5Xt?R7b+uNO(3+lbCtS(T&C7>=x&sVQJrd<keFHn)<+AnO5LYt}`)HLy+XKgT{
zD=nrou0^a_$vz<ZkSxI@o@Bs|qOkHD*M`l`Dnz?9D<}AJ$q(qWgz0U7N4G8u8qi@g
zq!Sq08UufMWa``M0LSvYiR`pv_oPAcII%`GJP)d+qG9qJOxsDs$XrK#Y^s5uP`iNi
z)RA#rU3U+zW6h1C_00Cl*Sjj`=QvkRTDdblhZtEo;}z>#kFSCH6rR!n8cyp@>0J8I
zb#f=G7-*tCLe`d3FW}IbBKDS3BMwWrmhr(wYaNKd@wm-vgT{XqfwM#`kk*_*Lih(l
z3INzQR~}I@>M!CM2~9AZH2G0ih*p-*`CnkHKF)}$e7z%oPoMDzCyQf6>z;`4z7Hcb
zzwN5~&f*RW9Ur!QEr;XA;N>ue9;CP>f;b{U{*Jf$QO^7858cW<rJ}Q6#n^K#Wq+VZ
z|1THnO-Wz>4zO~XH1v^ZHO)hf)u_YBjyc^H{;lHWO)|PiCems%OYK{WD%IHKf^J0j
zFNyt3{e5i)@qO;|kbM|3k*xzChTChKP~o4qG9<QJIwUbe2Z~lRrmUG-3UCHDMe)u9
z(W{LrL|4@ZHnGclY3uvwU-5CS9fh>+eX6jxSr3bZSEgYdc#$1WSnj-!!ne_(`;{kD
z#8)K5wjmiEw4SjY#1_#+tJX*-7W`;ik2{$8=fz3Xdmjskvd6`@;a)l~78IQ$NA7m6
zw`d2Kdl+pS)>@jI`&P$cMKc~uLD3Dwu(Yvg6B=Xa8T_1cf4FS0Gu#F*<|;$5w>$-T
zKfg4DPgFcGtqErWk}nxboiOX?v?-`IySMf0;cA_bx{0YaCo7yV$0b>BOzF(m+YP!|
z*H>#4Xw0GsiONCUZ&2KMy)Q-P&74=QZ}Bq<_N~pUB)4wp(D${E^Ubm4{o{d-c5H+Q
zNaUdnmFNA3Xhha`uOmljOx`Ofqz)K2sOfSgrC8$uTr!GqL;A79tf9u;mW2bWA(9)d
zU;A<E85f^X4lISKpC9Dq=o!|>mHq0rL+Y+8t?Q~JR!X+_QV6+L4`-9BdH%#Fmxv<D
ztJ*qF*^@sY@OW!~MSCZ*66r?{To{$roJofjd`2iAO6zP6J-}VM;7H2IMSBFFIV3bl
z^v+i3^wyM{hJ<in7%VVlrc<2B&bOx4{rj)kS#;pdXsnK(=PS>7jb$lt|K`x62IyGW
z0F?_4IsR4~qMPh9utzil_+dVkPP;uTwb{%M33l1c!%9UZB;5cb6h{o?m!OR|(Z9X%
zJ5hClpbDrlhoYS+l>eM)ZGlzjAS>V)Vji_Rp`_5NM}oA<2oK*k$zoD&q$uZ`WWl2}
zq9C_~ZtRFww+e(4{m+9;3-PG5WGBSsGETVLl&{JBD0FNp(mEW~&t_NwN2p-zc5sI8
zWm`83pd51ec5RuK0XtI=S#sJ*a;TFAmXhof>Ae9=HRN2aRMz4StW2YuyWjKJT5`Up
z!l?>WfcMZyqad+;S3;>W14urT)?ER1h^1qPTXAPl0E#zBtNY>&?@m|u7u=)ITU(*x
zL#}s_c~&6;k6>dH!1e0b3;xxMFeMi$LNH0GEaVK<squYQy+{i|2S>$5j!8M0=x~Sy
zcJBpgA50MhzD)Ou2##TSIwHb}BA!$D?)F_<K0NQdh}XpYE~xLHKQ$()L(}aR;t)vu
zcg9~6`yDiulzy3X6NY^kzuu)$6ja}SlD*^p(M*Yj+U13eK&O3BY#VXV_&~$0oa#I+
z{^7s$()dbo&pj1%T09faP96a(1A9*U-ip^aUOKdle#|jHeg49Hy8$yVzAV@EuOV(U
zTI_1(p?>xJ#l#JYGOYYJYTzh2yz#%7!sTNLWz)xZFt-asR7%tCqYX2KqiygPRo)Ni
zET2lRw3G=<g8_1wsnjxZZSB2%-hA!A14&L^Yr)DY6?9_hwzBY6kQW6q-d|(3u%CE#
zc*c&(-!vH71Ja={SkLW&>nj44APCHwC8tYNF+$WZ?d-X_JWbo_Nn#hVG}~R3eS0+5
z891mze!x40$!_x6)`EL&H?YF}nPic8N5TlBqdXY=6RjH=jURtlJf?VRd@6A}7QpGQ
z{KR`ake=6DKPTc}Wz6{($%pU78<s_})7|E0(ss7XdJV2yD7G~7*%`Jpas;}F;t}m-
z`-^vb$;LZ-rtZPv_I0LzI`7!XB!R!pCoNv#_>Nx(l(|i8@^kU}{vwCiDC+5Hoa!?p
zgu5|^q|GNG|HkC@@H;H4ujR;sG=*Z~{DvKh&rL|XOdl)K3|HdpwBm;>x_fviT~7L!
zIeB9Gmq@W{>kFoLdUE;~>S4)J%L`_H{wo7@wzhsN+nHUz{N`IiJKF0-G1@17p5*R@
zFf6RDlhgKOcYXfYWOvtI`Nq4g^~CsOcCS_pHtQGNu}22Pxpn^)j3lo^U}sr(`}kI=
z)7VzuTHCp`Mv0!SZN{6;XP7-D>zAi}wZq+;Z~S-1Sa;kO-`9KWIRWvgz~u&aY3`a2
zk^MEP4a&PE33HB8A-NL@0Sj8Z0>AkVS6sUJ{`W)K=5yxr_>h%A{`-vik{^^#>w>3T
z@(H@U`!0N*Be<D{y#t*bxo!-FqmP{IwkK^bavbhhFRs5ket3Yi`HZM&GTV4pt!Wwn
zapxqxJ@q<<bl=8vP4D<@r*LPsIEh=f=nCkNx!82Q!?gT9QQjEu#B|>e4lvd)_QTSy
z0*nk%*$29rg(3;*i!CYE5gf+}>syOYsnK?M#bmA+ci3Br!M3YIUVY`(7gx>i8%gk(
z=%4<@)c%)En}#iLatYI73lP>pQ)<)lg7bA+)jic3;m}Mdm)tIBuEF{xE_dCqz$8)B
zwtJ|1AF*DD6NsJmz+CaS2)HTo`}+a8YF2E0p=<I?Oy{+Z`nIcjSf^8pk?}nca=&a7
zg|@O8H_WhY37peA@;E8nySs`cw-7=CI*Mm6TV7m6zHi!D{+-j^)AL-<<dxz6AzgUJ
z2g2s4Ua4?J#wDaFb9Bq(s_r_4X}0q6fz`Mu>=dHV!TKaGr^Mx9_7CIp!|G;@>B(*J
z<;iV?&3E)%1Ls(=G`2|u*01sY?^nBKlYI0L<go+Oa@EdpL{qOvh^wN;BUYZ{U~nQ&
z1u-|gyf)4__nGf<prs*m*SZnn3Z!4ITh39hp5g!F>#d?H>A7%S+}&LpXlS%?cXxMp
zcNVS-SU8PK<L(ZPyL;o_xV!u2`_CEsa$nR_HBw2&$W1CW^X8pPugASZ)sI;rG5VL|
zu!QZKC8!)8ou~wMXWntdU#Q_-UcNVQsjWMGmk$1d-52}-B3*iy;(G#T9PYE>?^>#i
zD=teuR50y%LFWhAXC?0co(hH%-zj0=paW~z0?%Fin&*3g8n$mMhU3O4FuH|7_qzt?
zz43auF>CFxu#J#HKFCIBkLXKKJ-QjL3VvKYm|(>0U^PVOPV7LipX}0nhdgJnfr$E-
zOfUrPn@p%|9-X8FR%hOy-nn(B{PtgXe-C;FbUq%&UJW;G``h|SdUD3{fR}o_lybIG
z`ts-I-)-!lbJ@V;W}Fn{KNSskf-i8X;w~f=WPs6qS3UN2tVQ6j;*SKT|E`IevOVx-
z>IX6iX^CN|EWOSpf3Jk;Tib)bH{&&qJ@mE0m_`h2z38y{DXnnbdDfX}QKafi?DIkB
zbpb^gv1Ol3&y{9Zp?!=+I-bo$HLc(Ow4pIi`N5GW&;Emdr)uT4_ew$4EgZ3(AP>-r
z=yzmuhTzKXv;bI0=B?^niMpS7^De}C(4q2_-%feJ$Y>V(a_Ldj%Kq4N8r?$Fta@Mw
z$v(J<>pZ%689UotIfm`Wrc7ZCi}rW6R_zhh<AOT-BSJm9ulEKyyH8)~B69s&JWmBD
zK$QlSM{kI*lxSWY<<1$MdS$qSWeQpRx%r0A{IHE?mv0w(dDP=OWe70x|EbTy?9(!n
zj#x&-$&tPbgJASYNH;wB=(xB42i)~wgQ_i-aC`!bGG|ilcc|q8IT4A`;!mzoAp5R4
z)PcC}2uX`o`wc_U`S?v+<9T{<?s>~W0%ofO?S<Gwz)_J4MZiG}Ye|jsfg5c7*UBL!
zYi@VlNyL5Yyc)Bd>)^zb`~BTfHTiWbBSMuX9aeikp>9m?=L{&ouGnR?(mEwo7N)~f
zU*PuV;03mASGDUw^hyu+EvmvV=zn!}zlR&YrE{`5*RzD1`%j^U&lu!s5WR-oq-toS
zcHgUFy`3X1T?dzU{M1O-gn5!h(DX8g2|L_R2LF)pD?d&C#e+F6*RawfsEYL54)zv0
z_8cW^cF*kWvgv*`t^ZseQmH<<BJ>>fqhNe1eiY$Dz{=(bDvMXnEx7qXBF8d{>j0{1
zm;^YGhuL_g;TD{7%VBK#n`1#jX9>nG$o%vssz7^ci|91$ai=EBL6Q30P!(Y{b+O23
z<{LEhZpM)(lfibT&9c~jX8GoxdRN&N4#88gNi;=&(|z9EMsTF6go0r@%kx=W>V;E<
z;6;7*UyZgTM*DkeIxE`^ElWI~&^em+Ut`Cv6|)t;1)^~AxcoAF2*2Q|x*7{+AG+6=
zMLKD_0qU#C$a>t!u36zWoeCf}|2l!j=o%+js$c;d>ZD~7laIm{srUSS&8Cqs#$=15
zg;0D)Q*C(Yg=Z)r_xpywafZaNaLsaww6P!Rbo7cf^Fhxr2DFmokTvsqZhy=~@^tn>
zZAg-*o0%^qTUJHdo01qvqZoB-sD3OX*rquKsA)j93Z7^{ng+~AdU=18HjsQF%5CPM
z6aH>JL6hzfZUrw<(~tB$g!i7`3fX-4xMDo^&=Z>1oKQ(I>2Ecx;ymew8=taI+x~e(
z<X+;?pE0xiB_+(|0({tcaG`S=Hw}S5gjw)8Dic7(fAp=8V;>qLA41xGN$(Z$S;E@Z
zN%|TiQw3+%nsn`X@%q9mg5O<f%{Y~tam^pG>({=2DM1yn>S3vyEKA{Y5W>}hpHS0n
z!cLrpl)=>Izy$tfqgskXcq+P{-@Xz#L4m!q2Zr-SxP$#Em)^mFoq*^OBoKPWr7%JR
zn_yzg^y4N&0Aq5o;#Ty-ELXHFdl^U!znl#ZDGG<*Gv<78s=sr>I1BJiRN+$;t`iln
zn>fo{qL!UEQH0JH*Gd`VB@YR6IT8ufn1<BZO@||fnE5#!okzvpNF{{$D`!d$^U+v|
zRCw9<_ut1c8!H!*B;Y)|N-Vr?5Sqs(S4%%B*Xq$5&POG#Ay`WoGwQ5A6vJcQZ?ox!
zY!0?on6?wwoFNbDKTk>BLhp2jwTJjuB6zooYDi*|{Wvd5+nKpjiI2;&h*zdFd7G6%
zHFBYvYF!aU?lYV$fg|(_Ngr^Hm*zhEDQr|(G)=-zHS5LXE3F*EffpQc;G!n1D7~T4
z|Ltbl6(S<#a{d&lwEG(uW-551%hti*QPMtE>tFkr)?O&1K*4Wsf{m1aUJD&oqW4fM
zz;7#WD?C&gO}}j|#k^4jS=NHVkdrEMga((uUD>{1iiZ#8%imXIx=zN(4Rq+UMTk3<
ziOWHyjtdD#W>Kr3kL8dX?UNflzdRHjWfYU{cTBM>pLz;>^Sw2<&$wQQzcx_8$w1LC
zd!qnl%9?y??lZf@mCBPBPae-c&sea{4&m_iJhcZH#3-?Fatm(V59@Woui(*}7q~(&
zbhBT1Htx;ZWcTpv+&XE0DzjRjCmaY0*P+1TsF6H;O88~MLefU{%0X7~{;}*)=zmIS
zVl3G8L3iA^=66am@pUAMUR10!H3Q;_KpZII35y8$)&GUVcmzrc|GgVUK>t=94{HJj
zzp*km+<;`E$lmz{VS}V@hn_9th;CNM)@1(IWDSoRM}(0aFWUXf(h|miC5i7(J}QU@
z|0pSo<-?>|b+1U5<ubYgH^Ct{(ujRq$pgH{Enpq}6xbPSYMe!jhV0Xa)DT&$;Fz4B
zClu+O<8=N`#HBpFFBM@dWj*=*vSGd^v}jxv#L%ohg>WtUcHnRaC>TU~ZwsU{aDd;x
zycB7B<0mTqS95iGf+I?;DU@yJK=m_KSv5mf`Jj0rDQ!-nDy$Gst}2XBzDi<yz8r3*
zSuX#)-QQtm(a8_oy8Q{i$i66?(O$5#B==k^H>G(~icq0mYzhaaUK)qW&LUST%_4Te
zH*AyW6mo-mQSG;Buke6=uS)8>vEe4OAY12Hg_2v=1^sC<+xb({-@72`)M9Z_Y__T@
z;X_@cf8P&vAuESmbMY#!iM|im@WIw=#T*L7nM5B71q|a&2l+>`WJCI)C)RMsC+ZG1
z$@IYIS)Q!)o1<L8^w1&;@p!s#Xg>a17$$N;17mHZX?Xf}EDI*LAeUg_+=B!by#zLN
zORFFVhBP}76y_=f1@;o3qj2={ug}q@np1W%Pt*UgUA}Tx>w!z#Glt&*HIDG_uwA*4
zMS@cN6Dxcc&APm>G&cqLbY2$nEo$CUJl2q;6_U1!W@hdC5x$thQ2-Z5Sy=^Q(*bB7
zI(AQ=aV0!~u8lxe&{tphO_Jnc@da!))`t#>#?aNPolieh@2)}xGadZ<h@ddYx`pC1
z<y0l^ZOWAY7UccGjB3}4W&Oci-$KY+Oj5acDb$|_n`?a7zd-qr0o|yGmoz6)qnO4a
zHA~~GCvRI|zeoAt&0*r062qHSzWt{`ln9`so;Z}{#$i&E8n+Cf-kvFFJ?INrvC3S4
zP;8u?;vk=Rr(3a#@oqIfwKLr3aJ}@COGg}CG_T$ef_8P(T&SC(u$5V35#Gh;-<Vk*
z_lp5c41avKRu4tNe1H9<(>b+6VLDx@tUMea^A^IUKOHpD29!}G-^*w$Htd_9v!IWA
z*R@IQrnz$%GJqsc?JQ0E)?p&JZBaROMr#cJOs*$+CABV2yQQD581}B$j_E*}auMK(
z_VnN}U@X@DB)}U@s_GfT(49*Y=K!kSFTq-wes>H!?|;CK)!-uzY}T?Rvo11=S~$9Z
zkv6Py$}A*trIp5RaFe!KR}@xhm(fYElS;srio}(^sRDj;FZs5wkyKgR)f1o0dMEnx
z=e#~XC|KM0T4#-Z5`fB_M8~ps-Au^Kq?&rFW9)^7l`R49ol+*Nl-`99Y@<>5u!J7-
z?%tGK_ntgEw*2u@{Po0M^B<bOaPRTM^z}4GW9UJ%N#nV`+xOX{*F76;T-emW%ejXh
z%*+OCt<{Si?#s98U;#jc1|678(BtA@umIMh7vt3w2#EkrCJvc4F<CJl3U5?6^g+-M
zehh{u<ljbpQ(G^nXmprU6L>vHf{MOaKRmo$_a_z6TeG+Ko31cL*jZ7_Nyqdz*=ncZ
z!wrn1r{C`4^)5*l)8_lL@7z}ie*`I!&QkSsS3PSDKb)G-Q;#Fw6KL(cF?q6j3$x<J
zN=B7hJI2huYX~qU3U@F~^w=C3EPo-CQd$h}7=j>DU#R%1KI%)I9p1UUuhwr+<Kl(v
zQ(B{#-#Y>*i~j;P?>%I$qqFo@EP)>~Os1&$e#qoQeOL%GT^h57V@G-}@1~sS0s$vQ
zd8kym{duLjd`nb~zQ*RDCS%3cV1WV6(9!)3HsbO94S4C&ti)dzrXzJ}$r_$gO|&Cy
zx|60{q!Vm~dl?4GV{CA5=+S$dzB>d>tJ<g-fiG`~W3Csmz9US=<7A9D??Gv0w*rVL
z$$Se7LMTI=8s#avNfE!fk=7QO+mY70;?8O(+?vAGzmLl7`}~=XtP4qxRrkURj2tN_
zWWhEfG(VY7kR=>L2^}XLW9#ukD;dVh^CybqwUssC%(JlTxso=lWXv6D&GeNX5XZb}
z%^VBtFvni#%sQ2u!OTOj>ixeHhSxu0)k7uSi>-VQwfou+&ZGZwdyA=GQhEpyN!iOI
zd0VafH7dD$mESzNqQ?5OX$OoK?8FvK(5VLvta1U2!$k-QEX5YgpPS;JJD8`{5C;>=
z6-1y1zy|_WZ=5`^h28LI5F8fFXb#N(AaDWfNdxjJ8?qSEs0l{tAr$Ti5zKKCOfLyi
z2a=38-2OEz@QPu0Cyo1vl*8fxq1|`+<1m0AQZ_?aL_5q@nxyUJX7+U-&-d*`Fmm>l
z+Q;r$lHZ%uGJ)oBzTi=V`uUKEv{N*lT5^hg@A@xl>4RcLfbRKY6_<vf6<j9#aRE|E
zDg*D53WE$I6O`#B6m|Dz&?q^c4?Pscbg^#j^ww2=`=bIW^`|2DKh(8aSrFt8s2wM4
znr@E18d_@aEqc3|q4?ve=e+{@uJ*G;(qD>0tE~SjR8e<_E>y0pZ?Y<kCm1ee>PaKr
z<rY?)wOSc2xa98a;}x*Iw-dG27KjiW49PaU(>x*l-_Ss7D2KjkWAh^+<cTsx#j5vn
zMl(;dA!S>C;0Z;rPWp##FwYxYW1gA<nJl??9qoO-(s9T?-%<8+tNsYUn@WBC`8%ZX
z=HQ>0!Svqjx%s|m`frnF?x9db29gxBjX!w222VYh&67FCEAfLKnkxX>7U`b`)uq``
z=ccaFsF9iJ5wYBvrsds}EL>z9`?-d0A-rc}kIT__);`n;;DvzPL3N$z&m12(2gzt#
z4^Eb@^G2L|`B8ug@gQWC^{?Qj|IbX#TZKjPu(FY*_2IEWPaIHJyuxjJP*(O@<tE6a
z7KYe&Qn|_p|E0dK9XbJBxA5?UmahY*c6!lnHw`&7j$gKz0|wQe*RDS40$y{vC;~_%
zD`}6l?<9hddK<V__qhjeMk-ypMaIrAOjvL0o?iPqp?qFA^6VKX`#a1r%Qo*K4NGbJ
zdIK)@z8rlkdBYcx0qKtVdJcZxE2~D`3(6BGcoIm_n*(4j(Nt|YjTe}{Cg<IQ7wwvS
z&ETWbOFdw(qdjFQ_Q&ukzxKMjj!_v3=H%h8{(p7(MNMz#_hz9_sByKgQELRel*X8=
zrCaP-F7<$*WOqJ*-^aHe3oI?D74p=2B&9RrfEZ$iPa@p^Y0E>3|I?N)evtgXwdEs7
zx~o!O;&OXPhr_-S|0+hmNH>)0U)JX?nEB;fagC%3t0G{^Y6X7qDcy6@${LaPPrNuU
z8A<Q{|9BosKuVTewCYOia9yNiW-pu5F-@fFJKJ>g|B@#CBa)N=8yFc($%-A5%F_tC
z+pK?&yRMSlRKyq{q&FI;I!vV}1IH``(QQ9@7t!TyMyz@>Zu%&H&9f<T@tdt$QwLxi
ztnnEP@wB~URE7?t^$0XHt^E3yicR-Ge?&)=JPOOi!9`U`ZW=zR9AXg6%F5r0cmJ3`
zAeBAHlK^+c08S*_uFK9o>&7Eg-rVO0ecE*z8jx>2`w<o>6;rp8gNO)+1p<82*sf6|
zpEe;@R==7|f)vZTl^(7{nHD<p<D#5s-K0=DGVi+&lnk(XTnmIIu$%@p2^N#*bl8ah
zZMJQS<4h#LF#o@%$?WI)0V0%kE#zzoCz!j6Ev5rdTC66eq{9*!O5Lv9h4HJQ!z(3X
z@#H~T6Cw+|+)hN~zmFWKUY4ifT}?WUIPQmAWK}ZP>>9TA`K{menErs4Y(0Et!`=Mx
zX`hn%|MO0E!gX}NW;F2Fc)cuiLp41n;b_BaD^Xf2?8NhSWAPq*JS4p-91{AnQtoGb
zp{9nGV-B4Z;EFp!Y!RNN$!zwVJ$0BAaML(ixYi+T_LoZid46}Jr^9b=J^JCan$M(8
zU^5*}QC~6nuD<|s*l};MxNg%8@Na1C-m$oq7r)n#ZNX+wL%yVsw1nMsr~RLQ@-w0i
z#gFP{bZZyi)T+EP&kxz%W#rDkM`KuAb!+2T*3(j>bTT6++K7BU?s2#g%q#TD!R%Gl
zSN^(fF*rNWa^A(t{c$Lp{Y^G(TwgBby7M=q{_~a?>xBlznYart)&GD&Xw;c0_NT_W
z#$qSL2`|qA=j8W<%Jx<#Kp?Ru7rY_E;$pIi#5cB)LPIm!OFCE`o&1mBLdi&JUDgL<
z2E6}y5$h%yNf%{C=YBw$yhn8OouDdP{+rRr=UGcta#u^`)C?NW)JFEtJ%cgV<eJmr
zf?{-ny_A-gJKQ&yl63ns!_7M{^Anev-3Fyv=ECrWC$pg6Z;I;s-$&Dzd<JF`PO#<h
z-HLy1XkCvf`fghr>be?v>W`d1+||8k@+YW?w}gCH?WZr-|Czg)mo-O69@OM>Fv<ut
zAlfuJ(Km4T0v<}6cL0Jfs9VT1IYC$A)a2-0vNpa7Wj~$dXx#H*f7(;;>L<<Y;jW&Y
zrFuH>z3$nlRK<T<ES;AdG*sw_Wgm5IS><cc&c0k)VOFJmiZSWW%HG9mXP2ITm%qCZ
z&$b#gT}2rZ{ER@ElVx*9=RwTwP{@L=iX6*=o{ah+{mQ%`Q1X>|VN@bs>Z}epLuO(a
zr6LU_4PCdO($v_T|KPV30n%Tn_GrRtT2N7z{VroYyQpy*Gu#CQf3wMId9lt5I1un6
z@e{m!ecjdUUcY>71strmvRY343`fe+>Vzki0iK(6S5#ZyMwF+}-exB{yVfGUO1b(M
z#AFJuj5zL4qCT&g%f>igeNG9eIqGrE$5ol)yvfYvgs)wlE+DM#(v-_-=lW;dMWF~e
z^r`pb$|KCHhSXWVM+7%T!T8Z0Upx(3#N;LKos*vx47TqADzxKAbqb3x@KXxH(;L6E
zLn1QN_GD`C8Wf2mTq9n|oj{9()cEOV=c|49m46kx)}F<Jv7P#w%d9ocuZq*YZt@Qk
z?IdBA7sE{LRUZ>G9G}PIB;<Yva=Wa_1$*fn@9FJ2pCy(SDFU~mFB9KA4`RPDy^IZR
zpGus443>Ckvj6)t#q7)OBS_dQd6*nX4QQXpIJ^Fk9|Esp>m;Ci#GrRcMV`jK2)ppi
z8p-9wdH3W^z1uDMGE72{3DXizeL)8d=96j{y<Y)1kwPK4_D+w_X&Ig;5V!@gHuX}F
zp;bl{EVfCslH_`Lxopohe*e~`gwX{ztve^4|A?`ocpQKKx-UDU@QR#ofwJ~%Rp&p5
z#cBn)&j2=`5@(Jm?LuGW?CytlCl^*<1*#~vVarAX0=u;upeFH3%J3%9Gt+@KCoP(R
zNb<#y{x*sf_&NciMa()M@tNW&V?Xp)<T_&_j*$&J)h$I-nafgNZ&<rg#ZZV2QEPX*
zpAJ7D$|{@+Wl<@Iak;9X6<{f8o}0(4zd1b!&gr-k!DT{={6(B(>_ma{0n#_UM>D6d
zgE!2hU{m)={eux9LIJXaCbw(xL4)MYJ#4=Z$yPCE2iKW!;T)otmvl<9H&imQ82{{P
zvh;D2O<=;&M%N<40ic6D0t3F>0MG^?-#&|gCo-gDzcJx(mx&1=$)(BMWaloFaNw$-
zyCvG$&QSz}tjzGWW|ZqHGAh5-=AIzNT>U_kfn(x~MdtuBenK>^ZT2f`azS7w=wjQ-
zkC3Q6WHo>6oWIzB^Ve2+pA-0t*Q<SgU*P70?gQ}A^s#Jj=PyBDdu5)tc+54<Rer$p
z0rF3L)ODtKh<m-CpqJU}ZW#0$1RLCIIQ*?3PBwl)o<TEyw5Xg`kABj15TppoM@2Da
zrg_pmD(YU4MLBD29s7)1uE_Z~E$nQQkO3h+oQ&;%NS-Zlv!0Mz);L^K06Uh`a7`?q
zy&Gds=Y}vyXN{)UIlA>D>`|s&lyW@!-Y?j=sQf{7T=r&8a$JaFM?^#w3x)3r8xX&Q
zpmsEJDn76sKw_Z0UvRY8(+d@8S~WZH`_jDH%zZ}IBltwOn{e+O=_wUH_bwa<`Z*fC
zqk&MIs{%+;o)7f%c=2cj(BFh+f?}F$znW+T$Fb3q)4Y5nrikO!gR3UJ?q{LM9^KK;
zqovHeX_xZR3)^cR6xXK#<vFzF`aIa?8-J)QHMhiWR^#lGYh6kK4D@+3reD?@kwFZH
zwSyq4y#@i*DpC_dE<0oshFk5N77fTcQtmU@Os_${@s8<mHGb~r_<z{~V{ktLYh}sQ
zJWJ4r!19iGS@XCk8(~EZf|%3MZ6J+7LU_G!p@B1}S-s*0xzIetln<=9&k)d-*Eg@o
zj5j5dzch^mU5y^|Iwp9SWS*06vM&lc+GQZe+M8<<`fq!Io-frwC#B>#(9tDKdN?kW
zTjlmZe0q+*;}S9&Nsap!mP}$aY!SgBI0RI8*2rPiL??jl7T$GC(Ta7pTXDmpPg9}`
z(O%}&edkhttwF7yW~N$i)f~p(np4Epvu={U(0}40h^xZOj1|tG_Dhhd-$X6%DP))I
z`t)5tb|>o<8eYZTS%#o+wZul5Z(RXX3JF~b3q-DQd<UA!A&bX}6S-HVMVc#Nj5)6|
zo3o4zw|nso+4e3HBItCpW}`h98F_2<XOuNnp`nO*p(*-%q!x;}a{kFI#y0_Tz~-G6
z!?LQ(J6b?g%FDL;i|7FTX@)r#L;6QCVIOf!qR*!yLoi9hESU)T5eu)xz#xuV5tnAF
zNs1CKMSsboyLO~I4+ib3f3i%Sk-0*oIf+yumwswK3yf-FzKdYepb-YGL5E{JMf%WW
zD{P`b9jIqw&tltkEckS{4Z@ddUX`2?Du(lT*JkFABrHWc<#17byT-4?4O1V`dSu<;
z7LS#0Y`6Q&lTpBF?sfCWqVO*1t1fH|?rjSS!StRZF`NJNbXl%5DvtcdXK<SeKW<;|
zU#%VwRkC$lxXWc?I<W0uwVTDv!K7#x2tXHl#`o<Ux;#*A_gf&k0wj5hkd!%4UZ@rk
zC>f203Op^d6OL8cF>wOlXb!0=-$)L++rfA@p+{6Zwf&q&yXP<M<{!d?G8o<*#mmQ$
zxtzBP=N6mHp;!RaVhe2ZRId*nn>I;4tt39HsHrD72V5OU)(<q?XVG7ZrK6J1q6Xy3
zkn)qmFFuAm&)3w|c69~l5ux~(uJMdjIRMhCsu!yz&cl?Qy9Wl|E1)2R{p7~!#TO>W
z(fQ(cL4s+boyQT#15yOQt(>p9))NExxJiGP$*YZ`Xa|>z58On9!7y9>>#jb(S?kfE
zCa}MDEtXCiea>~RKX37T)k)bHZab{R=5eq+3K+%t0d)Z84#O2q{*M2CGTi<IAz>Ge
zOSYxh<bd_4i!`A=>s)fJE><>%RjT8RoBYuvSHJlHo=HHHC~t!cTj82a!oAW#SjC~3
zMOm=mVG$AOST6LWh;{w<<am;;?Ae0wr(m@JeHJNd%J#u<13+YgN#9#;cwl3j<0CB=
z(fl`8alsbxdy%AYw8A>2`gn9iJM3QVopvorh3-Spv$2?%zZn5KX5=<#ITc<K*l2zl
zo{magwl6o%xJgZ!&yMRP3LE;;|5HP7?{v_Mmep|=&$_88L4zrFu3Orf)>L35i%8;~
zS6o{oiAY<8rN#T%){m95s5H$(IJjSW6&fn6KOrtT-HGXK2Z!-li&%EUVY3Z;OogB}
za>1=~ao|T*6XAASTsLcWu2kG+G&^L@zuC;`j57I)O3vpvGP`=$d(yVnN;Y%*(0fvh
zBFI+-+OCg&d8G``=Vap>#Jrmdqxh|<%<tVN8E+a}^ZU3G`?!63mh-%-g!yn4nN;dg
zBqG|qNb{peTW$xX-=>XL+uwzmWBqXBRVh0C!vjWA<T?XhD*46Yc6@gGy?5n(b{&r<
zHwc$A!KyfM9gaGCStAd(t()XN5&IRO($-!e`7!=(A=$wOc7SmbdeERuSa{j&ebdK}
z)PGKY+kNFc{nf#nJ7)yIDxco@Rkxf4wo1(RNAq04LKI-v$Q!AgwV@8%emhp#1T%BN
z#{mh=YD}XQX9dtP25^`H{0A@0#&dZ~v;eVl7r)uvXkHA@rl_iT7d{u-U9)TshhsKc
zUs*g36IvH`t#F>SS(#^LH?!jEcui}0_eYGYyJlO70K?8<t5>Hl*)eX16{mTziK~zT
z&C6vQw~fnX{5>0=u1zaGq(_Mg;UepWyH9+{goa$4$8fNr6Lu2C*~{;L%StSr9ZvAQ
z<bQh;Sxzi;6kjfa-emL<-Q!tG#x7MDq9#|7E5xqXteCXmZ`Sh0Yovs6_gd=be8y^|
zRVf5N{ZyWlQ4aPrPs_FaaqxXfG|O5eM$QJ4l`4<~)QwIB67VxFWal2U^ObXvKy>oB
z3%75Km5!o3Z5>^qLm1>M0SO4SbFjbTZ}f%9+3T5i;^w2Dj>q=LB`7}}Q@tp=SWJC=
z<<sA3^=-NyMaaDZ<NcjXMR+iUFm{E`w>j6FHbyM&Ne&r0L$c@dLHs++ye0-9{=?c~
z5Y-yoLq@*=nFm1~fG8z$nPY&D>(G<O<QDz*fLYP499488wZES1f!l<eo1WKX8??V$
zs|UiCtV9ckCQE^?%O}DCEr;AS2PXfkH37ZHYFVTFh*(w_pmWl~AHbo|NbaYj;6SL$
zAksjtQvfY&*Tw;jLP(d<>qjMfA?dk1mst9o$$WpHHJ=>jKy34Fd(PdzJeLS*eMh6~
zHhaDlg2Uk(D8eVlfD45Zp`i2y1KL9vqf-8XG!7B68c?8re+0=qJte0r#i3&aDan()
zO~Q=_IjNBSHU-WKanYkO)`esU!1lqD7yqNDoQLQm4{`#o=psNEml(xAN1&^qRsb)d
z`*=L&dklr1G(d1#eQ-X3@$to(ZV5CAUca6+1b9Mll5c;wpT>4(c6RrQnL5g!_Rf%v
zSot8n(9nh%%o)Ue!1EM#Hg*!cW3rj~ko!o#(3F097+UNEZ6v8QQ)hVURGU#}Uk3EU
zh*$2(@j)`J$P#|?88ex^xiWRPte2{FfqcdrFDuVbcP|Pw#NT+YO+8aDMw~nzHf-uC
zYz#IMag{cDTn87}jW3~_snbxqeZsAYH!8G#2P_Soyzzok^Pw&L(};Re%wZGfhkje>
zPha)4n&3L^_dy=I7|v|8`}O*Xp#G+$hIgmIiIsnUF<seqT{@yz{G}N=6Z}3SsXxGT
zgglXv$oe_$@#im1V@lQCoHZ2ViDQ_SZiI&#OC<f9Vv97c|5osNpW)Lq+V<}>o$nnd
zWF5@%o-Ln3+v4ck`fsAR2J~<>ZM{fBRGO{LIOL<)B29UFeNS_^GcSJ~WT0G!g7&6f
z<`NzeP4YYjd-7+m?>mQ4?rV`JVVmRZ%74Eeoh5%6>IAY({6PGuS<~UE%IUVTJ#Op*
zrp;S-lCqS|c|)71l-!FA{B+UjHj{A62|3X#f|IzDj5hkjKbwQtcC`@u#D<H3ru1f&
zSOx>OLFDc8#xP^U-9wk$(?ri8!;u~<oSw*}mUG2X(N~!@92(Q8au%n;GA$Hy`Ura<
zxQin+YmX7l=_>qN*9@Q)d|XMMI&|Xs(J*f|P5s<j30ydg86BbRmr$s)0_n?N>E{e`
zd8;%g9ZxrWNs|-)*p9(=L3V#v@c)&h$IkmTtf|i~q&LQ-%Vhl#CdL%?L0;vz=9&~k
zq~ld(%nMj&kFLcYss@VHXOHK;)L+{AHGfTi$jJ~PZ}k^QpDbY(UNRq)5;00ov!-S6
zbsBHN_jnBhEG<XOTKkc*k#F;Q=e9U%(WJit>E#kTZ!fe>E|Dm-SHsKl=4MenvIbk&
zz3ZMk1YEmbu^6WLe@J6>qliFJOJg}go8XzV9=6szf^Vnqcaw}5DnBdSpx<_b8_HcX
zQgnHQ(M@Y$)zIw3G}L(s(6;`G6ZiMbBNp-ZBpli2+zSV=znW$w63N9!+&r^94Rv_?
zh$>}Bddm25eg>uI@4|*JZ~Q0@Y};v2eYe8MfJKWSQtd*ytKZhmQ}%0OEJ`dDm=^DQ
z7QwsJ;Jp2m>d>w0tR850|3H>hYu_RoZr48MgttLezqV&Qq59o=wA^tsZJp?~zcgoY
zJLXp4CEgGn@RgWuL}htwL<K8`-juq0*D1bh>U?rXgiH8bE0qB@?i3B$WDTYa!kLby
zL`aXDiVjWXcI-q|;&zO)Wa0oDXVR1{RIr?)p#dv(Ra>S2p1eo*oeuT*Z^p%WaN}FX
zANndo0qVaQwFY!m=G<J??@lU7DR&day)<RXp;8sE()t@e@wFjjN2BRUrDN!~OLHzp
zD`k#481qQd^+C0sGb0OdQI|HD;C^)qbh*kOzXL7aWGLvxh#3!lHKAy3e<Aht3y&vx
zO(=lpFQh)r&=NBO%dC`n)$hM|=jKDRh)9#|p}~23CCdppsTu4)#46F(nEa*0--biO
z+D3WAH^xS*?pWX)e0X~>Y6f3yDf=d2>|(99&^%$jrWPlrwtzFu?x>1*y{6`1*ruuN
zOGI<SbQpPv&KyvJ<GB1{4m?;Mcp=R`m^74#ofH|CkDas|&T_Hys5aVOJ~P>0K8uZ=
z9GHE(%R1QZ1G2qfrqUEfvO9ma$aH<)?mq@dAHdU64j=5BQV$=DnojX>M5VMi*)=!0
z*!e3EWu_y=PO_2=Y$b&!30)B&eWIz){9E4h*<G$ne@`2&dw#HjiJg=u)#Bn%)aB-w
z&iHCkdRn=Q`2BWA7pmRm6}p3I%fC|c=7P(^Zjsx@#V&<6Bgphth6Qohg8j#^MU31s
zd;^UW+t()__IL{OY)S@oc*FT@`OIfvZ~4sW8|1LXg9%RT<i1AiWU|4{g<J0h&=?><
z#x(la(Z2g%ul|7Lz2)ETTwgV_^1tRp$BMbO25q-P#W#og9i!8T4el%YK4SpUkG?~H
z7TUgW|Iwc5WzG>1=!-+^JP1@VL3{kBPM?w^*P{zS+0;^JsrDuRdo-XTKHcs8=dqkO
z7b|Dthx3TExaT!_0mW~pkzYA=3h3z{ynUj@pRxTLBEMhqADi7x^D{m;7NFlb|GK}o
z{5<KF-G6bUHu#ix)A*F%yW0}8eQ&9i`^;kCuXO{zK=TKOUzm#ux${gs@pX=eMOQfP
z?$grIivX2vV3ehWc{-b9c*k4y=C3t;R5hnKOe+l(I!vE|q&Kn^9h;lnd<=x-P9D~y
z(&o=wkyy&sT=`5?S}ZmHtE7mQ*v3CjPVMe<Aof*9uGRSb;q5i7Y3=rqaM58pnX_^u
zJJC_Ao!@8OY3!Uk(~CW)S`+)>I>oC>c<l1j+MwcC%>H0u9RUa*tm#TXIRVuN7Ze}<
z{LKfFJn>)RojFiK$dhK>n2It9yiac%B?^z65N!uq#OoljqeX!V3SM9|A=(K74jjT*
zkg^iC&myQc1icu{I7SF$VK7-OR7&f~-jAP0f<^}qET5>rM*?C5YqBPx^93p?k?k29
zOcL5|>%%!rS4KO*!C8k%dAx$X9(_JCPANh-UoHn=tnpIY_jj6xOMi|I;<w|rB!DO0
z-RijeRCULw)5^(^Bqi81AEv-`kPhlbK7H@0Q0*uW%RE~OdiQ+2=Xye?ZyWH>f(VGI
zO+Q~6i&BetZ_Cb<xsb^L+=b3$9|s1=Ub7Qy5>*aSwO~}#JvML{v45P^s&{bLeF|9L
z3YvWCpC`NnP@6t4ob5iV(ndbd$#PbVNI6Q_Y-v?s%stuVe~B<X&29`~(W+an)UEx4
z#%<ijQg?r*hzsTTiWSGds9(^Jazja|_<8V}Pd2C>qLec=u9f;*Y@JKJ%S|w-3ff9d
z*0?LR%HR_juj$G=rq&edtHe0&Fcu7PdZrc)Y4Wtl?Y7f5d2R|tS&Cb!d37p_=0wIM
zSO5iAtta3<0W_)TQ?aF*g!l4{+7wTCtKS9CeK9y}Zh4!O4Ub~lp1&=uh+Qr6#zg$f
zIcrpa3P@E=finO$M=3%v#hw!&oZA$(ROGEPmPtR9bc6a5l2uVy^C13Uu?V7!hb?mr
zxVWYXn&_jAPk(LHM@dvNhhqy>(wmSvX`v6ekm2+h_kueAh}G5;X&}^fqg4zT@1yYs
zE{79otjL$%Oin4(v=B{!qn|bG<B{XRi9_}2NnC;Ti3KqyqdU;6!uLb<5le7E0iz(c
zNhP$vfvOOBFtYKakU%9C(m3>0$UKlx+9+I85VHoEoEcC=2(K_RuQM6K%j)CxJO8I2
z<YWM;`9#39{O#64)Wc7D-AhvM71JbgjJ$Riph1^lf;IW}U3EZ=nR;zRoey~t3Bl+N
z#*NBJ$}g1DY1&oq{FRz+8CAh*DVOBs8d3o%`I6BaQqPENso{gV;x)O0x>|euv|$qS
z7UsA??eyVd)BBbrwWbYGH%PfASVk>u|MIhX^}HomvvxfW;WqtP8Tg+LscUxFG0U+G
z&d<#m^v>zc7Df?k$F{~1nI_35%*gVZ>OwACCkZ~L0AUwXx>ovDnL*HA_Mj|P>N_+|
zD}^8^!PV}ry?)T_j<<;lvS1626p`IBA$iM(PN)9oW1LYqdf=Xa>tXQTiMpG%OHD9n
z&p(4Yd7X5cYjk7ttgzK_&Z3~J$*zI&E9*g~+*StDLJLko*TO6Ir!k|vhp?0|wjR#k
zX9_W?+nqv@mu*^_!U1`OjMrkjpL7BJ9NKgN`}Jc<-7zZrj)W(yl0D{JqNy`*R102!
z$99+Mw)PfWY6t>mb-G-9MJ{lLEh!|w$Xs1N|3#e^1VP&>UF`p0&iw^`F4HRAcmE-s
zmQ}AW=y-mC!2Js+ZbP&i<>(Dn-=@R=0D7BM;?QFu^D?AnPPfp5jdaVZmbxKDxPRp?
zbyGrJWASu;5Pt<$fv9&c0HG0v?}p&s@4RGY=x{GVNS{-QBqLXm8|3J4qmD>0xv1yp
z6JUje&LD6p&K)$!c!vS-7?JcOWcU0@$h4QeE(rI0amWdY-x(d~C2WoZ+jcyJUYS!E
z=6l}jhmt5gPwc~o*iZV=|E7MVIsZuJt;t<qE9YPg|F9)1Z83D^8!5X*P%s45ULRs(
z`96{DQbKxE?N0yDdJVH3#@v69x0B3WMHvsbd>`>O=&grU;OiJ_d*rU^F(pR$FzbHg
ztNEA8mRPyrP|Oox&^w@V>2C0qEzs=6Pr!iZ{bl2@cq_MQDogWf*yz>^n(9Ju<Vh`1
z)K-tH#>k-DTI}~HuB2GAsqo?<c1O8`K#ft`Mnp=o-fh5PN3d;$b9Ch?rC^OwdAs$e
z>sj54pLg5wYtCtzlR<AR&B=b(3xVIYcRAYP+_?UnY<qiwfecDX5rJ6eLTM_Bdx^Jo
z@&b(fIPv}8i;Ou`wTMiI($pQM=qam!dD+*DprDTftE8Hoc(NeU9I<$`SQ>PE@q&R`
z1+iI$0RkQt59}EEzdW;+$>ban9u#BC5q*uARg?Ce`{7w2c1XbcM3z-(7HC+3e)JEf
zxfYFx6%8F8Pn{zbGTL9B>vtK^K(uo)P#vbd9UJ4w`l3c7CiaAoZXV|5azxv5#3DYR
zFWkK^)1z-|CL-z5N-usfVr>h5C)kRnBPJ^?^&-Mq_@MbCgP3>Q5k>)$ECP||CC!bB
z(_^3TCeCrnHCB}UqJfzvG>n^{1IV3RxZzb4%DvC-HZ0LzfY<*!wyXc5<EJF6dhv#r
z9Zb1-s$_PdDS*cW;NN#K|Gwc2P^h~gD%s$+JyJNup1;a-FX=@H*$xTgCg${@*=P7)
z*h1E~Y`Y(c{xKO)f`HNpzMK`loE2nA46wvJo$_AIstUUpU?^FHtKt<+C9Fhm<UNhq
zpp|ZK7+$ww`g&{8vzE{M6;#<@&dOJm1}y#_C1V7+Thg6R(Tf5e7z?N&s(1-g@a3Qy
zc~xUJtlweUZ>w4tI{iu`dXVmJe*r8BJPvt0N-#VQ`y6B2=c3$8c+V9KMFD5B$7A{K
zhnGcR$)R5|(mGye>*cJx0}aCo2~8Z<D*%TVV9^BdGtuAEec-}uDwh|3pqr6>_<z?F
z>ri*L(nGQL7^Pvq6#zK0)P}S14BL(wyRj0!QRctu3?K?G;LtHakgRGNAd2OgMvMK*
z&i=8gN)p-@q|uL&uf%Dd46s}`|C<%OoMmW`c;V|l_SI;(AlASxQu5u~8Roh)^s8sj
z`QMGaB78O^Q5SXtEv~5DS@lmII9U@$8^((w+I%OdQF7O%<2dGMajQqkC440AVmO&!
zWGmC&L-Zcs6mLV|z6?er4}ON&Vimgrp{_W{5zucqRQ?&V=WJ%cs;Y`*c=N-_pnp5Z
zwJ_R#^gE_)xkAk~J_!yDU=AzmhMIh9W9-HWXfu-P(3&w9-D$KFb3ulcrdqnEqiH4I
zYO~p{d8r!hBYm@n!TGpl;@ijh@Mq)Euf0N@ko(qx^euHfM!LF(lu^pT8a$N>H#1p^
zaagEqZ%l9do2E}t1<psKqa4nM&z70dw&Byds>AlBsObnaVnBe(@hITCltYNXL3NJn
zcINxfPapq=4{gw!|0PrM)_VZgb7$6NVb<q}Z$VbTlCPx4$Hg=smB)wi0IX&6ZJaRd
z`nY6yssEyQ(=7m3Or8H9zqmUuEBeB!zlt*POD5(*tCxb#EAAAl&g<@>w$5vRwzo{>
zyYn5N<L0U$=7v41kb>XczfE8RBh=%|p-=a}ucJBWEHTGFu;=o-xmfIf%i4Vy5p3Ik
z7@m`RIC8nlw)hxA8!iJ^W6;{ijXBXPK+Aq8s%YaO%a|xWfy<{GP_o;#B_Mra`j~zL
z3J*Az%o22;kY$2_4z7vGL?dUA`F^b&$S)?1G~8UYlGdb^dxEsC9JGH}%Lm$*{NJMD
z?40q=`oC4hhd4d3KNy`iQcD}<N9Z!l0G+cI_W%akYkWT)<sxdG4v_|NT?#1FRm*<B
zhD;-;p8^e0tdcyOU1$QiP75VU`0PO;xM{Dp7?dSc$q?=rxok1O<FsrEnv|$y4R;r_
zLo+dS*1{cFC0oqw_a@UItOF-ngssa5A@A1)fxO5$BKyP0Q#wM7cDe1?OiIu*`;0Ns
z*20$EP%<NzeFrRDwSr4lQj?9A^w@$ZMeIil&Mio%zDanp>QN!#z<oTj_X!F)wL4OK
zvi2E}b>Lhur=sIP80R~MdrIIT0DnP{UqZ&rAi$-Qrope^=MkX&4dtyg0rCl@eJ!$C
zDEUZ>F^Um^2&n9RUSwE)R@6Y|J`b`zTsT-fV-B=tIAB)v3@)54bRSI|n+PVE@7;(T
z$Oz~nRQeS!`x(rH7K;dEjdltsm65`N%ObS}CJI?SYn9dx!fiq3{Sxx*gL4-8Lyne!
zpT~>#fdf~NV+Di}I=UT@!<&Gk3Y?KAGxI4&?+Cn-AoFDIt0MpRh6SgcZ4K-flJc{m
z{=?EIL&k><Kh569C4x3K(rE!Wf&=<c1a0J@kn`b+O~Qo+If;_3TW}LQ!d3tgMHGg&
zqMh*JXrTL~Q|9VW;a)?dqs1h&pn&$YVRN%R6bW)?RP&m@k%AybsTzMAu~3J~Cb%Bq
z8v7)_5q;ba4KemPus;*L9aj6J%Ylt{_XSKH<MvMc>cC_qnPCd14d1(@saawQZl%MI
zG^3ebU<#I=5}^0`?GJ4i8^#7(TT1YksK>xg$`#D^5BVgx-8&2__Y)HmiOba}9^c+S
zOO>vUxWky?79*0IQ`1>dfyU4kQIbiY5!)M*o4+05zg^Rqw*6e-W%{}9M)z%mZ;tPM
zgD}D=?rx)Ch_P?rQMQbe%MucFN#xnHEkh1z%{AONiU6SGBhU+~H}kQVOkGZSH_AN6
z_cJ~!!+U|ZXQ>nYo#7n=o@t(rmA&?p$!fsh1K#x#LT?Gp>7QfYl1cXtyIJ@U?JjZO
zpE2ds&p1olHPfXe0v}Q~Jj<QS8;Dz!07o~b;OSu{QYzkQT9y5}TVOc}`W`2w(>Y%r
zA4T>8NnQ@_-A-*_0K}7B<fj*xx_|aeS$3b7h_(bTm!cF&TzS?H_H9;+cCtg6CPBN{
z=;;wLcbocAu_niQN=)qLKWhw#KNg0waWu-E);G_=@k?rzi|wAp?P^T>mGVZZ`<0qU
zE&9<k(cmH*PQzE50<4U`@%%G3{w6bEG=ydK<l4E-gc5-auuFY*Nf>3Evr8y&4VObU
zyzS|eP#vd3Xh7lUz=)Qya8^*Zfk$p(2EB33TA^vP&c5{I(Cd9|vX4homJ|ucAF{x?
zfH&5~Zw@(PX36nfXIeFi{gL0JN3YCJDGRc{9IwR4Dxw|cuMKLw=$|j=yxJG0!Bp~A
zWTwt_`)#D0z|6YTlXI4xV3x$jnfVQW5Sj1~1VNgj<G&KvECmT}?#;Al7bCu$Xp91?
zg0!iH3DLC?n&OE<`#nt615C*v#|u~+!pozanTH%{lSn*1{Ki<jwy<`5PW?i=J>Y6K
zC}z7B9Ykvj&+)5&h{6M*jteCdxU4Z?;k3*)a6rzH+HXO@fmP?oZAW5qj;1?ijEIgX
zYDX2$AWDx{=T6j&z~VT-;k@iUa8X0P%z?5Ny{tXp;k@iI;6c_L*YD8|Z%JNc^Gw|2
z-CHdSDnv2?1`CalqouHl*eE75%aYL>0lNd4)yekc=l%<MYl8+Srr;0*;~CeDp(v4H
zM3}Zw{P6Rr(0Jg1-S~M3XbK2llR`WqT*TM!)%c><DrAB)Q6bj*rf7yrV;XuhgmIft
z+8`Wj5VHa*-n|CKhj^8TC7bNfC=XuKYVvHD*>A?A)Ler`RLfDWnB)Ckr)Sxe=v(s6
zb#TUEJXc2uS{2lInIRJ`5-eI``|pY3CaQ@wlnIm>)|>jU#)Mnq__l<ZQ(q!^QoVJw
z(I-Z_-qQn;1YAOFPBf$*(T?2%XwiQ<dOtq@P`8?5v_U&r+H$~=ZF?aH=O+-L6}ZUh
zg`BWBAB{vu$VNu!$|n&}6^~}#9sPMRR=%ERAV7sKX7$T6h;bx>k$lGhc=Js>I}e-e
zIDF@S@Y&fKTcI;(zWP)6=Ub7OI@8Z%@BVy6oX<aq<pQO4<fr2QNFDPR!Z$-3^X0io
zN-F5QmE3$Ek_^{jaAIUeh;fqlp4(}jmD{&E3ld^`*$AO+eAj!n7Rr`X^>uBCBQxUn
z6ociHRdT{tndRoWex%YHHHeqjbT^8t3iK4q(ZCY?Ds~&I;uxHduAJgDHRsi4eK;Jp
zP^+^V!l>ti-gF?&W8ckojGT#{nBpwRZN!(q?I*x~(k8(4H4mt3!H4UNd`UC?wzHHu
zLe+a}el0aQo?Bfj6ONuYpu3H1ko8eOQd9vTO-ipUcu=}Gb|Sn|^?cpG;={t;645u<
z)ge;3Oam#(A_Zn%+g`+h7w%J4FD&W^OkDcuDs(y5GVSzE&j;+p@GG@1@WXo8cKGQ3
zt?Ig(tj=Y`bKLo+`f<$!etvv7H8dIVk1dbC^|y~P@5n~7gS}`(LVI83UiNs&MJ;uq
z&(J*r%55e@u?3#&@R!Bv4mAO=HU~zJNOaQNG#8=o2f{#?o=1hOp)%i)o7KieEWcde
zus22fFtlghANJW6d7Z<ix(Xx-a(Y)&k>$D{>S)0^4I+Uh-whk#o1{KM>Ja&F`Z!Pm
zu+Qb<ev-Fuzqd`@Sv8R!&zcjSDzlEl?(De<`LI<qiN{UBF4KpTotyb&azM2z*tklD
zy+2d(9xLW<=3EQ!FyA|u2}V@WzuYPhy+1SZ?+D%xW4_L@WKAZnMZGP3@O{kZ3s&5i
zFX!l9e&`02KP7xrdJn(27F-3KE5@q_)bIDpH@46&+U!vAtyvCH<WrU4Fx!mMLXQlz
zKQh>EubjtM1>a8j_@Anymba`CB3CgiW>xy~-@O_>dR;PApES4JAwlmiIV|4t`gu7x
zQqmtjHdgKpu6y@qU=u%)8X$SCsOo4<TmoDyxn|nB>l|z`?QBImt7H-1mzqE3*7K|0
zSshN(*-o3Q$3#}!_+y&xrF%bD7jHD|{ZhyA2Cbs)=P3wGF(iVZAx)S$?l_^?hgJ%x
ziR_V+vkvcIZ6)+Yttb~ZuWVtPc>PIc!;;&(yHo++f<D$Lo4T+c-xOumOD4@^*4;B4
z$p%z53j@()y@umXPR4p{ax+O6OmIyxcqA4wpNx#aN__IZB}xynX*q3NH!Tui#v(d+
zc33(QO)+izw^N4j3v;BxTf-BmvXmF83nqPEbtR=kehIBFmG0g!7AuT9ev>lsQZF;8
zPcPzm1=1~eB4KhcT<=^(PRNBVZPhHGmpbT!f;9Y4;h#TG@p$oVS%wxZT2_RB>6E+b
z=MyC38Rdy^`3l|K*Z1EKbj?b7+*#u(X?`Dw0+C6m^q0-om6oyB(`qm8S%7%M{Lv95
zysfT&VtKCU!_16Q-{WtL?Vk_6`JtufA9k2*RbFOk2J^jVkuDWvjtt!^Wnhy5`QmZ|
z(Qf!wQ=0|5;!19oI*FQdj7k;ch?1i4aNa#aTP3N8PoAvm7&a}}^VUeT6%sGXM4jPd
z6DtjYw)(5>>O>SIQvhpIQ|(lPS1aVRe`S?S7v{28tq}PSyiOE(V-fJf`KbI8Y}@J@
z-Cp7OQ(MAw;#79p(;t=Qb;ohQ6ffSbdZNE6F*7>FSn8QY7Ym=&$Iw(#I_1*}HWLPJ
zh&7LTQP*(w!17L23cC}@UuesQ-PUb~uS{2tabjz9*{T-+xT2xmC+2(pnm8IoL_X|E
zl6p;wCOZw(GEEj1yPc3yAm8}>T7{x^i*nY<8%54eza+`cRwix|ara1rOu%m9@I?^p
z8jJ_ctr_!F;$#73V@!l``W}GFEqn!}#LnRSEo~nfn<ZQlKC|3DNPReax=}K=C~)<D
zD_?7=#vEfmb7KV@vqH}ikM0`XZL%CW?R0P?5MQHzoMT)4r3d^;o>(=XZ*)X|Ej(tu
zgXD8G>2G<S-5$w^%!_Ut`spR=#id|2<4`FAB|Y?*h>2h@3J!j@>^s&Qb@oDvk9*$}
z62}^RkS;-ONea)6f~SrDAus0}ruLzT@3D{)X_?w>{-yAI<GRyZ2REs8ne{^LuO($+
zN9V2rlPJVLjR+($&05eUugl*|En?#sdmykuV2?|dlge}vtPX*<5S8c*=>G<^@wUCV
zzza~`|CEXf{&Yb&mA^{p5T&6~aTlUUkLY@eo`S7imGj&`;JhyK4uP*(hmB3Y8XI=}
zE6rIhKC7wmbC?Ey3S}jJ^;UYQp}zqzn5U?JQYSE3otBdAD?7Ilxm`8JH|nV{7Cmo7
zlg)#W^YT4`zbW@c%}4NNWXH|+ZTVQz!RPliWy21o<Vl>K;kICOj@G`r-zXa=3l6aa
z=FaF7?SU<kV5lGK`b*)wxo(coWs@B#+S7?R4~wq`{G45$;@f$UO;pazc@L(ezfHi7
zqq+1`%IieB??orA!ltJkn0~00tPX1c&owR$@z7V`mb4zY5k-XJ)j{}wNV?|W$eu3x
zizl{i+qP{dn`~?w8{4*RJK0RKv29~xTVJ-me@@NZzOUb#t~b@y-RGR!w9pEBX~Ae*
zzc6H#x)y6u5n~NidyM>=W)NK}6logNOiiSc19qEA>@3vLd5*vJ`XVS_sD3s|F&p(w
zevKWD;H~<c7*34qjlY}bL!<US!g`(1@-Vw<j5WVZ4_-s=>)*km&gmE~PAo8B3uJ%!
z9q@#Kn$yuFt~0U0S&R%4*;T*`HEueCALV!MC;!S!l>M+jEov+X)434W=}P}PE4LQ6
zbh$=p-MvOo8_Nso$F@Z&=nM054&_{?`y_d$WjH9|u!1zGL&T9fAVKoIY?Q|1KxhyN
zm*1}+4PQk%n<nSHA3D5PG6{s=tp^Fmm$V@ZgBQ0!HTHK}xeA{YIfn`R2wC|(x+G0l
zL#a#YyO3#<bC1ln%5yT{+~_(N#uD*kvi--y5Y~tvOoImA5?(`1c*}nMQut(+3I4mF
zOQP$wKkwkH<H~Y)2r)<cz$+<6^a=n0mjrxcxhI0*@^Xwq9bKW;Y5p8+`#0c5NQ(^V
z-Oe(YK&XBbB~p@AgbfJ;COD$)`$Xk0qm1LueHbmOm3y|-t3!mhr2h_Yq}Vx6n7#xZ
zICIE=9r01n%1?x@xRrfqaPL1x)5vc>16>=Z2?o2lCs4NsPzGfjwH$Z(C)(?vskIi@
zl7<1;AW7K$U;t5YpoK&`GQ9B7Qv?9)=BCe4{}ny!B6I};fj4aB;s(5H%*fw6J!|t2
zq?d>3j*5S$V=_c8_&MzS1I(y6o`NX=S>zX!5>fPz;0d9><VbT^y9&uN?Tko}0&@V#
zfEjTq)bwX?UeL9WTYQICL1NHuzF5E>JEwo|?-y3&|1(#t23Z_IT`<Ah-%7sah}Sa@
zz?)BPL(5<rAt_V<ts%CKUmHj;IP~$|^iNK1$Y5#Ef@kXic@0p?GzS^I-sQD#W^}(U
z(X&!u+Z-~$KBTPLzxsPk`aOCPC_nA6LRE!#e0&EcsJ-WZdukI}fdHIUrn*A05BVHy
z+(XXM_kI2To1)nj2#R@%fKo8u6=<=?zMO~WDha{9v>)(2fAKg!?#f&c*&P-HAg-AB
z2vO|Np%BEs<OVp4s%s}1l4Wt*C&Fjv1vo42@G(1KfE;K3<{s%SF%nv#@sZ6F;D9Sl
z{T+d}<${I_qy9@tlqh&kE&j3?sQ`KYe9Gdk)ROv{?M<rui$&+-782smvTq7f3c>Pq
zN)O<`KQW4ZrOcwPH*Bl%vPwFlRClT@f(||zqEaD?Z#8+u*f`GgyzbYg;s>hCRG?K=
zv(+1w{<?Ak59?^bH6fP~AGRL<s8S3$_E-y<D1Vv>)pKGt=6?<mWQM=;0<`(DE9c1i
zLcX9}Z5Q4sCFlKdyDSA?P$e|YZ*4N!Sa3e)aTz#C8p0*cVV@OQf74Jfau_}A3NHRP
zp2Rm49CGT9YUprD@fV#azb*ofzEzUafABJG)qtX-T7d-Ssbi>s!}}M%CQJ5`C8Ly`
z@wB|c%L2GGpSatFqCE>mvtTm!wKrpzn<9%F;b(GcZnl`V<MO#^qWk)DS*xnQy8Rwl
zpY-;uK4ZnGa$f_%pE{dgS@D_ZMJof50|R_;zG@WZblzbW;mY17PfeUn!#IR@g$ZMb
zZOg`-;Wjl0(5GA~ml6Ub;t_9X-;5FSM$NXa^(qUwu0H<3%L;>8FPxHUd$h4^g)xcO
z^|4d?fCBwI**Z)*D_;ZRg{~2ftUC9GxyP@HE%B0TxKn+LvIlr;>eTl7OT!cGFVY9T
z%#aS1>7NF$a=MvYKu7+#XUNa6mp*4_|KY^ue0{^C#+M5j8)uKyj;%0dy&)jI`qU9o
z>B*s(9%=W_J#P*3ge!H61MiUZ;Hmz_mQ2Dv&f$?KCX^Sy_737(ei)K%+QE2H1a0Wq
z!Z+q4{^)fU@Ag%)+1JZK5rO}lTq=8D+b-xOt3eo3z*tr1LyithC-1_JAS@=U#Ii8O
zGBIsz3;=A?gjwd*Gu&o`txO{`sltRA`}a`3a@Bg!y_WU^%s;=0zsdO-4lBR}t;fqB
z$AabnI^n#(vPx{(U$P8-m4-GI2ImS4eg%f-#RfJC43A5Uev^#p_;Zffx2kpv8fgV9
zE_abQ<AAVVNDN3r-SgjU>Y1mUd~sGF7LkkR@LmBeRgv3|>YGfF&{NP)8BH%w31SVF
z9W%60qBtrOcEOmgxD(#cI~HFAiIvCD#Hxeti9A%To?qrw{I;_<MLj9IWzO-=oImbU
zL;sNWy1RyDaKB{XusS!gw@geJk+!WXHfCoNSt=+XPf(q($k@Ip;ocQ`Q?xtKOeNoO
z>+z$P9qqn4KuYRhpJ3y8_Cd4c_A9fb;;XA{8U@Y_Pz-?=oXOLn1jFSi)$li-=O=Mw
zz+Y(2xon$3sVVzbM4i@oU@B1AyEBAEQ6|5AiI6>bTfV$--f>Cy*hZJ7tV}@m_=1t;
zJ*<HwPJ2E6H)_uB^lN|mb%K{3pIcXcBnU}hj5OMzE>vcP8mafkv2osiBF+UzQnV6U
zh{04nM^f&l7aH$={;*1dXSYM(>wrT8QoV{+sCu6;DpRD7{<;5Bov+zY1fMNI^jfd-
z^LF?0{~MW#Ve|bWlc2Qw!DQky2R9k=rlr9!I<r9t#T-c5odQkiR1UkCcF<HOxfGwf
z*dkQ@!9mYw9S1Mkh%(w$w(U=<_87b0vJ~k~>I?IGV*KP;v}H7Y-!vO$?P5?2xNpXK
z!=)oaHVY>=h#I|hQGyEEVHA05LsM;H=q0I$m2?x#^c?LY0wB$!gS%t8V`6lThr9D8
z1~P>eqt|h7Fiqp4iUeDt?V(T%+E*ZHVg)}-ilXg#$%lvGo{DV9ggnzTitY0yctedj
z_Gs%hS&EeY2+IqD&gd7MT@4&_+(*Ma(7NPIJAA$ZAsJ2~FLB~yib~qI&r3hV!sbJv
zTq+>yZ-9iJdI2ZrQcv1xS9F1%Dx{rNDtab@r1n9Cxe0c%<CSr!)K*fp_-Jl0`+>tC
zkN8-QqE{z-T{Q{`EkXF}ZQu(swl#G>M^#~znW7exo5<?Kk7VGHyqE=#BPnUO*&^A<
zWrMv4YrOzVH>h(9*#s~zwQr%9*ZK1!&%)RD6n4%U9${EZ6tt9~$8+5w=XA=yN)7vB
zWITqdsP{tH?xMw&M!bRxI!SC)=TJ(=TcMMzM&K>HnFcM5K?&a6Va^H@Le`Tr5xI$d
zbDo2k*%nCKM(lv`i?JCKMj)~2KP#Z&%l#5!x>PJdov%m_Ua_GaXM#zJ0SZR9p*Qk4
z1)frYE{A^;a@8@$AcND2=im{MTgCtbF$Y$IKleF|u`P1ffDtFs8x}Kf*rs?jmT?^S
zxqxv7l6Sw6qK(<vIh96>u>`rR={Y?aF@kY$UBHYwQM55TrSS-UFy4T0v{L4VFcF+t
zm9qws3u@|BZgjk!GI=v9!1w-@Q0OlemR%P!kcX(*Po7@OgX>ohfeu@9!DE6i9J^F=
zYgnPD_>JllSblKLU0ty@ZRoea=AL5^<$3j$%{VRn7hd`c!y+*6p+s<=EeQAsJ0$pV
zE<FT!uKv0NOWap=S+~r2`1rMXawNPtGc@=#%NfqRE7x)HEj_VCa$YDJqhBTRT41$7
z;ys1B=^1D)!>2X%x=^%Z>2X6`4O!3>d??sbhF1Tg(Ubh}%}~-U3Z4Z?LV*IdWxVTc
z@|0R{AJyWYO0Fm&cJy$i=6o4$8u|I`Oa1io(JB`A<ID5zbx5KU6!_&9G95P^rfS%Q
z*3zNxg5I;HH8P~aX=smFxVpoOn;Ww(W!pe!<d>hy^rfP$ww%r+*i$PG<eP1`h`O>%
zHXT1Mr9WyqbT*3mDEJflu{_9ZV!xG>w_xCsWO1|HCEfg-v`MD(UTYWI^6amz-RE_<
zz<8d09b@n#_y-XgbTGjcTObsY0P4a!LbO8>-TBvc!B-tF&Vcs7Z>&pshSXWc)Fb<r
zluav;jZ@xTZEGweCZyh3c#y5J-;3=aT6?0L|1qXeE;@oC9siVyjxFd85U?q72)yNa
z!Qw#cPsZFIpaX0x8^AxPXkNSx?;F59(trA7(;ARHujumPh2}1)`enWL9~xEVy6Gr}
zDSPO|-M?pjyL56&kE%<Ko)HSJ<OK~1$q!C%fC=0oteG1)@YehtN)uEds1R7R$P22V
z3+F96qT8Sp*@n2lf!;PWQ}>pMt6`#cbP-5Fg>h#rtUGX4Lr5#Sz?PFO_Xvta`9%|X
zHFbwH<r;>rWXXjMTmHNbi4hs8>AL%zzVly__@f=ZaWUL0T#TL;*Pm~K<YGVn{@>~&
zuY^vYvVPtQ#lyE_z^+fe?XR|iX9eUoFapJ!7t;GDuu!7`+RW5KE9p8G_!Hzbz_FRV
zTGv;}aXVGp{>gHMejS|@3&xfXx|b=k)~il`it)XS?hair?dSa%e0$@@vm4mXg&8i0
zm&W3hpahaE>x7-R5oxiDttAwZg&!8O{Gngn{Eh1C*;yf$X=%3dSDvTO{LOCNqZB@&
zGBp0qs?q7@Q|j*<kf8?q(1B+q-mZHHH#e%2^U<rA9CdLXxesmlzhcF&%M|US$Jd(d
z4|SZ^n$FL(Vjr}i8s*B@njlnNVEXiB@MrJ8ZLH7R1+lS4KL@0j`_>Rh&naBqL0sO?
zFpBrdkBx?{AJutl{kAy0DmFE~K6F1cuNY5g`TvvQzS}?r9enz&ym%_JTlSf4mUtd4
z9+C}m__b;zY!I`T=<pv^FO(6?9S=vc8YH4(#kV&gld8-64pNu*AGDR|bH+yrayCRF
zU+z-yA@4PZWYrY&`5c$Rsq+!NQ6E3hS3(Yi7s4CCY}%8^FJgE4cM)GJ?ngnc`sKi9
zfxHuHEsPS06;DF!nEE8au@!*#&y)#3)*b~buvdtj=(gf@6=5#r7qh4y6R`8^yb;;$
z*sReRH(RmOIg3Aay`!f3q!{_JDpP{=+?<`219+KAQ&oR~oU(Y_4yPBiXdA{*i4mmF
z1T@&Vszm1SLrqYVGpH!;jM*h)Zw?JXZq@OQc-3g`5%ayXWK`ZZ@VnIV)tzkBN(xf<
zHSf*Op*IO;5K5;&LP<~IKmim%q*(F&BdLRQ%Al8^=||HjHA883aMSkajRsjNsg4zy
zsSO4RYBl^)>EiKQGT>wRi=gLoZXj*upJG!mQ;cKRTv1Drs$k3LdM~<JDs%sePsq}f
z%UQYiY;4#v4Fl_aDy9hQO@k)_$4kv6^i}Zc>pll{aSOuWv;F6>(+2k484SB+`yerP
z&6c!7`AwGn?kOih-qnUZNxnsqy+dC8eJ_roiKz^sk);el+}Uc4;-Sm1AgW&9A5+Z3
zHg23GyD2xk-cz9h;2pOk##LI$C9ad9dZxjip-QWslCD~D;30duP=b-V(5sQU0AeA1
z@gH!#7`9GIFz7nFshDB)BGI<~g@>efgS&W-RxlgYPzxQ+5UyP<nq|SJqMq>zOZ@5Z
zQa!qL;W!0Cw{jwS%_71=A|^tU@R+lrY$0_GQS->Ta;=9`Ic?)Yz@-D5YwSj4-a5^t
zq5(<sT8E@|-A~1FHPmr$OgV#&weaLlj@EkqIIgBzJ`Yw$J4-;axsk)y&BE07wR(MQ
z?OwYvrR9Vb*SG=?k}~4<Y?e*q*4-|@lOP6Z>KE=b;3I%Zh-kv3b+%Lpi*`k#j7bE7
z2o4=EpKiMl*DPEg6KftE7LpGSYJ{SjrdS2eLXh+Z9d$=Eq%*9Q<HBfRZTd$~&oZt|
zy_f@DJx$1=oFyO-S3N$bPl7JjP}!vQu}Sg~h!zH+6jACS2;WzQM;ig_;oUt5S&}38
z_RQk{cw_l_zMq#uf$q>UUA7f^NjdR|e7F7j`I4fqFITnd@U_vHR^Qj#Yw%$rSm2=!
zpSDgr7hqklX>uz5RMhJ}>X)3Y&SxJaLt|RhHFAOb*C08Qaq7us%qQU%*1k7gfa>R+
zxRfX6Bqrl{fgWOS?e~uN@f#t?2cgAZf5n<F_xsOj5EaXsFWud`IJl3iUA-^Fj90;#
zh|e_VmM>GwFGJ{$Z<+4treM6jYY2gfCOodg*>m^v<rnGO{sl<wd0bwaF!BcDzK6da
zbHdj;o<HS{W^q-c!;s-@Mf9xUY&YCh-3&({wRew8i^DkIs)R%If;C842M2I>-LZxT
z1NZOG24QzMgSwyogVQB3pW!tn^zX>IUa-DLquI!w#Z%#d<-9&1sOp|QuDG2I170P)
zPy<FiA+or>h@T}j2xpVUob|_g8CL;RzJXUpynacFmkk-oY%^V16HiRl(Ao)@j<mO&
z?K=LkD^3Wy(OO)_RopfZ#($94e;ZjNjR&q^AiNPYK*c~ml7@W{SwKlo=rdErbzWa0
zr!IU%&w&0D2}>V|l*0x8XC$f@j_d^5uSq0l7W_@@AeH&IS<xi)*YsZH9V1TGevGyA
zzLXX|$l;_XB5g*tA@$a8-Xks<k;*=ADoRB{b!*MshFXy}u)AaW2mH~~vPW&FQBHZ2
z%*RaT$=TrI6w<boTziLv*V?l^LlNrSfT$d0u_nOLL!{FvH=S>M&*Pp#W4MTO;9~!Z
zb`c?ZKFsTfxu~3&#QHG$c9)HjbuZvaF!%Ojdinjc%p`o0&sI7nAww1?CZSGND{s**
zy(4ond6iT!1u~>{;KLYA4z9-4lK&M5VfnDV)7TuzNH*8G&ybR;%c!8kEgL?UxJLR#
zW7jO1OJ`>k$2L(wZa$J)z*sUqqscY8eg026Tg6aGnxluL9`wKvMdJ#ByePm~QO<C`
zBj(Dfh1j{;2FkYs)(@uXFAm<u^x{s^z;+e_fB4tptl}%`8~Xg39~KC4Z22F|<63iH
z^CY<0ANowXT6g_Ut1AIrt&-6*kbq?fAbzWL6+&<nu=avbVg%}&+_?+4USDDomak>x
z$_)hge=B)<Gol)g+n}r|)I=+AoJJmVrMaRE{ePRiRYEvm2!8z9j@RFF|3UeTzhZFc
z!mNgRELctzVgE;DBJ}xj#Pl?ryKM67D!J;yQtwZmKeD3c)o|_s6&aSk+s@^j#4@j`
zx3_b=l*D36P-I3W?Hf9)re>~Pd995eQKwuJRntb~(js~+q)n8o>y>C#*=dd6T?g#r
zALc6k&sf??((Rk3w%x`nE^p3DUIrC4wppIqzdqz6YO^nD@g0SCE~4V*`(Da)Q-#gW
zaP;-G$!>Om5N^&}EVVdS$$4uXL_nP?J&fHVZn0q9Z7Fe&Mp#PVxVRWHPi=Zrd3c4f
zf*!K-pX`&+NbVumgEh3MPVU|2xmqPoN)+0QsjDA)@>|qFg3iLhb$!m-!C7Xg$bLB#
z=(`J3*#Jxo4DrA1;fhtjQWAj&SYEn4FiDUTj`ffv`p9RsQsQ$F<UA`ZV6RcbEB*Fz
ziB>@ktoZjIeK#8|<g^jr99bJfK4q+NDJ`207b3FJrJCIwmd$dqB7~)y_Pg@3Vxv-a
zl!p%0)Svpqc}k*jL09c9tBXLoE_#1O?W0_2lb2)K3OYjfJ(Cj+srz23#p8X5nA5wh
zz*t%Q6X0DQ)qFk}zX{GgRQtA+L2+bFGy!!-M+&TQRsA{tA2;%VaNAYciWR@pk%)_B
zP=(hAb4;ewSyULUzq8!~hqoRXH2P{@63WsWt{eYl_*Nmd80B>;p}tO{l<B<%j`Zd!
zh%K>-(=?9ab0yG^DDpAp6Wl~PjmOo<VlO_gbS5kB3@?>LZwRz9n7VYex>6URwtP3)
z*4pZiS-9DrsYnD_>87z*sjh#gUaWnmMlOA)9;pBO?nGZEgZ<JVlJUW}6AWLFXl5o6
z4gsVsz$p8YjZq>1*a255wxZ+l0d*mg2OcHJ1npJe?z<xibkPnlfC?b#ZT-qqjL--f
z`0yJGkd3Gtl|VU|8`ujP*tY{19|kB3U1LDo467v~1>+|nlA3@5b$1c8S7J|Eaa~l~
z2YB7WNQH>J*=$7@=C%@S!|yxun1XOl{Q^;p%HN=^G72s!sX9X^(YP@Sj+Hj#CVQqh
zR3j1XN{0+M?Mv5gvMMBeHmBoWI`i}h_E5Z$G@s^k2d>Mu2X`yclI!`}vF~~flv5dr
zDxkQDxU;LER@*C9uX7UIx&+&#yEfB#_r2n4Ui-}XM;=69yyC}=|2*<&ko!7isf{-4
zF)Rex@ZIvC2_HequCVs(wq=FGyH~fdPn*uIlQ?xKAv%4AKUG7mg5%__#;|us&p5!6
zTdFG*C9(;YH9Zhr4CvQFy^uCH<ZlgC#QfoqVNblrlZZKxMkqTK_G8&N^ol?H9i%E@
zzq2W!@S3)E%=DUO?98Q(=rq8Tb|!oo0(rEEtJRk<&rs_7DS`Q2fb{rO*bCmdgTQ3<
z%?j84ByVO6E6OYWQ@tjo{8+s@rCjzOeEb9Se-QBxF8@I~&612-$UnIJhJ~uJZ#eu0
zHDgn2aw}I;%(L(MB=m>v1ST9rT$NCsSFY5<4@8Rp^(%i5%(tEg(Fq0#Z!zc`23+!i
z=nUjv_{YD*6Oexa`)-==OAm<uMLIwMv8TeZAfTFvPHKc+pQGYON^%cEw&qjfL81-h
zhcPOQIN!fsj?q12+>3uC@!kowePS`_zC=o0sNE}m+KW`>+E`qbf25CU&n>~yByWyG
zpj&D7$i_!01zdgk_s{yI#3~8s8{v)^k6fx=Kc2<9#{ZzA7EnJ<jldFvHyjD&qxa?;
zra;Fox2Xe4%i`bjAc1#jl=VNw5)+R(<B!c_UPD$E?>-Nu=bC@FA{1~*U#}x>SWr!+
zU?X!i-FoWmp7NV#T)O{YNxNcqEqxs?<M7I>Gnc;WG5B7mdmAxH0m>q#I^byI87fF0
zb~mCrYl=2b-6#{p1PMs^BRYZ!Ks`F2Y#uxbtrhK|6b&ou5cd~(#VGLuevyPXMMRw8
zoy(I(jzo+Lw_iQ+mkVTM%e8Y-Zq{hV{YfwUZ~eCrUp|k)=4_U6@RT`pLqe#pU<B7-
zzHnDQ^msEQd-|lL2Y-cRP+_QoF+;PDCXksT+DTzqmi*^3E!&9M>Ry>FiA7WkRr#oV
zwuR#?9a%CZxP~ksxN+TrDtW+gwZ~EQX5VvfdwJN<f>G4>jqf4&X0<4-p!Xw6D$@By
zJ`N$#-HTdz#2(Z?HFtZkcdE9j{R0lI-4e~6jpvek$w6N;Zpi_E4}Y123t-hY1P(RK
zK8l|*^DFt~+O0I)I<ax5j!mUG1+BTWsJS<9sIo<XqPa^szI;<82kB`!tQATi4_g?H
zZwqN`#`lHP5?-Usx~@NgFlE$FR3FX~1Jt8X%T0uM?_y0cTWc2Da5#~*kbvfpb)SGZ
zSnso&y@E1+H9q}Ui2n%j{`@HZ;-#=J)!&r4x&ht?>*}6zKQgzF72G~w;+igWR8E$C
z(yccd&8y_Z@{4Ip>_Vg_#ETNfV3U|gP^J;M(%*Fpb@_}ng(-=!RTl8@ano|JSCt<&
zLSsBV4Fx_n#Zh7$9V{nMT!DIgEZ7HoiiaqmPW>pooqB7{VV&9zkvNz>@SL*6r31b3
zf`pLfX&$uNY4HPVniJvmvqfDx_Q=+rJo;>~1O-0MUCDgh2lVuqD8M{sNeG)-MJ{So
z2pcmZSn4#CXPN+ZuixQMwQ}k$+fJ?;V1lWM*C>z<T|X4-CFAg`FjH?4pVrZ_ZK`Qp
z=Sjz<SvVHMmJMZ0+V@S<Kh=GezXTUjPOI4Z$Z;c0eQmtnjGsKsv@|R0ZaI6m^|p2o
zstN5cd|Exf3fk2SO^3hBZuL$}7>uXu?ygziXwwM{t$LQ+ySN$zIH|~tMX5M!U%BC!
z)nvo|;eF%rJRUoZdDIBxW$fog<lOT7>w`%nm2r6v<{mn#9r2r&lYOhhJyHvjI4sG%
z7n-^ksimB1S{7L_LgOn^t^T%i1CmAyVhe#3y_%tdb^o$z_jRIO=C-#<domhbb%Z~L
zy?(*l;1|RF0s%ozGI*b5@(krKje*Dr)prUJ81#%s3+3v#x;aZlTir5-7FTT>N$M<_
zqJxk*s^-i))NfuqR7)n64UH_YA_QZ;F+tLT+ltgEsaD>RNiY%nWF&CU1+1=>o{X1<
z!ny7@;?F?Z-}+UeDljjWQgS|wNNc2~QC$V0uC8xTp<`6UI;P2|#Vjzk6{Fz|<Lea6
zxaX7wm;r_xzv>Q<NA{*bADv(ThSF?*DHA~wBtQ5y>N}sC(dcevpaiQ8ABgGqW;qGu
z#$n?U$iF@h9rT~|*S_b$bip7fpt=7}=6Mri{Ni)BO4-O=D^4C~U(Itjr~+SI!oBBk
z<IG_k-<4}(S&Z)0>z;?Ip-Vb$Z2bIYgI=l$vRdO5<=y_KKip)^_L}R>Oo{!CdQ?fB
z4aVx6CU=yw3t}A7>?BL8sl7_&OzMA>Vrh4kVlJr5yWG#Rk;uGKchwTSQmAzGZqN1u
z^VTg+`Y7sItz_tpK!PM}hnyR~dGf?b3nDewfj53Xu}jT$k3RCeUdgxC7NRHJfG6wc
zAfwPN!LTWrTrS!_gYE*sO>@MZ?Rd9#$usmqo9B49_Qg}EkzQf#v7w$9SK4cBd{nre
zc0R>kP)l5jJ&q<r&-lk2>CBGxN1kmsr&(<P0vyyZ>SSies#%rXU^n}*Easwsu`Eee
z1^I`<#F<t_*Xe6)BMy4@^fz!RxC|Ck=G1tYBJ$$*FPO5tD316=LF1xbx~O*Y^I@an
z@v-JM#D`Pm2EB)JCfnF()5Rj=j#FiMOTGB(hUSrCe~kXIKcWXs9xkKTdzvjCeb{st
z_N&n<(*w`lkkSX9=F!t{$}B<XPJ5m=bI1IS%jWez4hIHe&Fj;H_f~l%6X9EJAfqzH
z&FZ}|;U{xe-h0gJ`#u}f`<pXm-r<&V&&KXav0eTYBBGin3It=n)r+t^)fXzyq9%e0
zxhFgk$Eg!4bd0__Abg+EtLOt9u&}~Ibhx~4>MUgKVpcp6c!RX)2N@h!2*V+W-9iRF
zMJ7-iaPi#GnM;tCboc7B!gEB<1;VJqZN<-_!}x{1DV5ZCk7x}A;U$hMvV&{HX8Tsv
z-NJNm4U>4SAj>&F23wt1Fb2Dk*C&kxN!<E~`X8NF2nMG}+`<PCh+4rKe&Rhwb**k0
zrZ4pXRIN6tOl2QYPYn)C|B)=|kepaVPWx#3MTtzj0)ziMWF+cF16anf0}1}w!c1cs
zfgssIgY$l~EP<v0*W;))3G@Ni`>3qM=M@s=puv%flfk!)@$rhI5Wz&m9%Sjrxdxih
zo(A!EQ)3uJbp@oH$!og~qXAl&2xq}7QSabq{YLu8Z?OM&#{vr{|F0AsPdZlgoOkfZ
zp)ZTL{TD&+l9)0KkCS}3P({u+H#<N{!J+Rxx3VX;s}dvYJxYjc=+XfW&;=oK_iapN
z{R@fOL$h$MnO6>61U_Kqp+n*s1yGX<`{0H}4EoI*7rBS6ffo-@QuWv;?3=m#0Vd)Z
zpcDf67JRd)|8CZ)nqTK6x2T?!2dykr!N?B8AzCqP#9=TR+c-v?Z*e8dAPCP`H27^W
zY_NW5H!U64P8JpL)T5%~h~%0f6WUYB|2tQ+D_<-@x8hCW?LUphqPm`}8w|;$m^LN1
z6My6Cj-L3Q!bjOdT~ZhgS@IHb9Ud#$`8q+eW7R_eCFHnuIn7=fh7jxAxv)USC(Q+f
zt$U5NxhT$ssBC`hJJ&wCFF_T?!4Dbg<I@l^LFyBco_OeQU#r`MDE+B?e?0-G<6-g$
z+``SD4NbMnuo>C8^ATRezVJ}AUXOEUA#9O^lZ5Z9ff5pfBA-sy^!_irjrcg&8wp|(
z6Y5{a3CNrMo5<EYIDe&S6-Plxp2`FNgk|wjV0`xPn2$DxFTsM`kR^xyhF85iIF#G4
zysOV1y$dUuIFzgR98z`9Y)({XBUaWE=^j<b<!z<HDQp#JUTyxRM~)Vh-XVb#nF+TL
znfdLm;~yR~SV$os{SWtMh4Nfd(b!K&(b%y|IpnYlIjS4B>M07y96J~_XAYDU&JJ4G
zxoeV^_ndSn>wI(Oc|2<@{{<_#b7Tz8CTY^~+KZ>|@Po5=8L^F^k#qpT^U+M8072N`
zJnRB`BtIm8vOT*9JkbKuckvijk^hj!PDZU8WVR^&0>3=m#j|=iXqytZuo%-eYVef`
zqrtm6yr`e-FnpDSJES~My0kK#V8^=pqQw3inST2DGN#k3v(<mEB$ZjG!4SOo^Q94?
zX4t7N%ODP-)nuy7IJzZmPxSS*9J5;Vbw$jv`^B5Wi0o)Ts@a9=L_}vMrcPf0HuH-c
zI`WH68V7B=P9&b0%J01=ajL{nY@60JobLUv0rmKZ$UrqyT?SpXLo-{o0}13GUw)+&
z4Ovc#nn?0*30SNFgKU*9FG)@OPZi5W`f2GZ@kWZ8gdcs1)duHKx;_w%=5cWk8lB)6
zjq+GJBfdYF*hs8^Gdh=Gck_?Y5X>=~V39FvF$7rp?jSr_qJ%gJf250Lj)YGSH(n1L
z|NKenEGbB-N>K@&8M9AT!6w+_D(j)ERpGtQjH{yi6+-|YV^G>xkkQY8x0l{jRu#rY
zU@dDflT12?+1yC?6zJFeU9wm@R0Ee^$ks)DrqO(VcM;#W8Z%vr@C<@taM&y0=BB~m
z2Z4E$!H>_8qXkgsY>2%!-m<ApL1<<ZD6CylA{%4?@j1~5sL%*wHDN&X^{abIygt!^
zal>cYuN~_1#YSeJ9Z|P*2`n7^E2CZAkLYqni#XE?P;K~O#UaUEo!fm44EZBph~-3d
z-Hzu^VZTRMJ)geY0b4blFdNfjRmU^<Arh>@eB&QBY70wQXotszY$g^eWq4#@hK44u
zTp9hk*BlHibU~bF7b*xW9;+mGrle8#n-bbKxA&V`dtNt_+j<wG<`<#VGFI`hl-SXy
zN4L$|1?Vp{d1NwuGI>guRdC(vDqN<6j)4P$oXUQ5{kzLqC3q!QIA+cHSW#?YWf~`4
zj7+}nQi5Dw`iR3@`hyV2OXsJJ0K#T6k_{&%8XzihHsGtbAVR70cIA$z>-IfJyY<2g
zS2Gvwa2aTF$ju&!Um?NprM0rC7FWo5J=vg!_=Wp@3oooKz0xI&Z%fG<l~AZ3=2K7V
zy8Igc&h}vX9?m~`yWWpz+KB8gUqDW>?r2AQI`aMh^j~R-_IPa;7v%O{N{O=Pu;QTE
z7L@rJm6W*&^Rx3te{H^YZR>|874BCrXBzgJFP&|giKU)B$(nk$b5V{9)@GPm7Su5G
znk{Ic)@oZ<`RtudLb8Ok6tQWy(;l5poXhSTRjdqQn4He26(YDcsfAtA5Eyost+aBG
z8=ti)(zKrRXRo9h&_mOI6f)B<is^b4{P%J+?54yRc9MpO;lPqmwx(XxitV&0vVIU|
zK8wK;(v-=TP=;X#?e(CH%Oz+3V;7VGZsLlkw=5WU7zO(6B1MMl9!vp9sPD+dKYWls
z?;J0{f1DsUO~&(LYTv7+@$!Da&Tn0AU{`5~Frvuf*u6PXdAV_!St)zVOR+$3Ah9qG
zn9{sventLPO8pu*CHYoLVIf3`R8twtb5|pOn-KYq8BHR|wj!UiB3Os4SZ1~On`TX}
z^|5T5T^M4UH9gk(#I6V-oJD=_-41Zs#P1lc4km^x;;FW5mIU7Tv;T7o@CiVgQ2AB%
zA937H0ren2KVXLzNkj|Aq30*UyiZ{A&d)ivJfhMjZ=}Hdg=3>&TuF5iiU6b`H-fNV
zO3EvqYNo;HLR7>^k=-+ZpTBk(xqjR-i+B@x^!>nvO(c>-jcHMAB)+U^?)ek;2uKaB
zro>6YkI1!<n~V2-X~uZcX-9_EpX4C<IkhK2wr%A{suHyx4o73H$nvSZ(i^tjVzYx1
zld_!Vu<T@^F1}v<<=}Vhp7ysm`teG(r1)V-g^8G{G1G=6mv-|bs45|MgS$P9XTam{
ztA>ajB`Ynz<vvpr%b_u~IZXsRv~x$I)|BOtj4}1thn|b%(@*E0<jiF%^gkJmvzQlI
z_KYi{X(Q-s_MONZemee3lbO_Ooaf^#Z9$e*_7P>slu?c*#gs3h@=AzWDxqR&5~ZI<
zsK{HP?e}^Q&FOyOL?YlSCwoLi!c#|i!vHiVuDmR87?U^Tjf(%ff1oaRC7A{!K##m(
z=JZ*gQ@3B`bSVdT)j0(tDwD%|7*ada=RY>y26T`(-X<iO_Jv^eYb)%Q91ppRuDRQu
zBZ+zFa{|2Ze_`Exui#$H%YJtFG$d^<Y~MG`f>$)=6Tr1)-2G8_HrFDwIaBKuSmFFM
z_N{0A%}mAk@sY#x!^@BJ^Vi871dG5Ao)aJGWrXz4BR++Oi?ob8WNClpUrI@0IW%N4
z8_5%D5wv*t+yA+?Z=8OyRyhbat7u|L^$;YnVpP4(AqrRrx?hy0{ORNwSIVo#t$~r)
z>dU+Sd;<Bbc>EN9pI>bb#Txw@W0;J?TNA3=hq(INb}rUGk(e`{Jr6mgfo}Tp^AvQ?
z9jUb+T{YS6&B!<!=KAibbDMVKD2<ek$ZCUj@8~Wfa(oD7G!f{qooy229~Tm`a=vVO
zoOSllgrX3i)Z6r?yEu*0!8@rXcqW6a`cX~3T<`a72!ww4(3ETXMR+qjy?PZX_!-y4
z6{wiwdLHM#V+eKw0hx7XZfcTf;jv_rSnjz*UADS$iZK*USgr7TCAP~dj@oB7M~M(~
zLnte&!)ERTE8w`#HZkujHEjKYooByzp6&^|2%BUcyDZxbUm$sv$W1!O?9DOk{Yds<
zKBu_LWXr_$@O`|rHqReB_Sn#mQSgg}ld^`SkJ}|v-NAj<lB2I_ZME}t=6YPFw9eVq
zqinT`PJw6gHJc-onI~sz#q!ZpKVuD#R6Q$8xeS{P2UOnjY|YHE-_orlqDrA@)pZ2c
zs#W+kuy<;-Cx5n#F5AqvxA+eedztnLr7c~KnP2$#15FdOHMnHze|wRzt%rTvKeggD
zL}#19-rv=^4M3v<m(&@_lb`{{)ET3%FPdFyKqR9xo<QW-{|eHC+6NTi3?PD|0@vOV
zNu!~F)Rb{(mns-3Q^7BC+&zwfl&Rf2eO?uh=eqVrv57j1sVB2fmIeb{u6|&QLH**O
zaLI-E-Fu~X|H$R&-Li_;Yuygyd{E<>dZR;-X%Q3%tX=*27TvYwuvRa@J}Dz6#lR=?
z_h1>oP74~6ek^Ugx7*VnL*LCMB+#CpJ0{Vd?>L(48+p>`v;()aI)HPt=#So%T;f88
ziX5JuM8I2keT?0hOtIi94O#K$CPqpit2DxL(wQYhj-Db%(UZkBrj_~K+5TZZl(yny
z{~^`Ktry}Anayx*eYZ4)X1Zo#Q*C{-4n}SLu10OW@=C_g%xU#2&)vdi2q!1i+94;V
zN>F#lLCPHG@yS3>2jB4E_cV3I=f6<w{^_&;p{bSYgt2DMNUNzu=n`@m7-FCIdCA$)
z;qaf$OZn41m)>Xmh|`I?iuUE`*y!ybGNtQ`wq!KV-)GXPP9Q@{LPY_8aczBXd9%NA
zR9zeA$Wh>m!J@xnLrsOm;F4>In$3QrgK?I#7Fw1Xt&Q_aIXVa5d9pKYW2hYSIlZeL
zyx5|z8EldBSq@6>=bC2*e#KKR%b8}%NcEgk#RQJ0GmG_C)BtpwqKxoyjxK}_R*vpf
zve}gZ>R}J0*vCnlVBk2*@zSIl4KtqF+|b{R*GC0h+2bXt!Q!c!*zXrfH{l-;{{w-4
z5NH4WUfF#Fq%U-|KrvT1TSFVG94~48OP>liJ=n+`pIYhZQ(lyzgrPhbVg*VQMWX?>
zS+16!gu+p~4V$ot5diz(fr58_u26wlJ0G`Z-^y1Hdc1<HEYCif|N3RG{a%;?F_E@l
z;${>_dLDeKSD`!Xq8+dRiV%T*BA4IFSCmJr?*$+pk{x#JjQS9oIK96<p1Y5(yO*a%
z_RDkY5E?d~xj=6XjQHB0j5vE*p@eX*))cLJ)HamE{qh`Ke%rAkqT-|Za`%hln5>AT
zM~nTuw+r?df4ie7d4~Nba@H5$QLV!vkc~7SLG{fvE+fHdushM{m^DGeK8d%ojH~1x
z_x_~7+7<7VX_6UZ)8;1xC0(H#B@685VlMA1hxWC=*0$Uw1N<+L>sB<z+TCIT<2L+3
znNES47Wx6NaDs}OFV6EE+T{-8tL_%W?axEs*oz#7g@4k#Mez#RmT&*^d>*K$#ny(H
zCuR7^bEAPr?8o|Um_O>`?~h;^pJ-(4`za3Qy^HTm(U}&sMv*Evht|i1j!ReUG;~pq
zI#hI_I?U96OxDI2DzL2uGaHOU@6?fxOT%lDy!@Ij*}eR>-%WO3*prPc_2rHpV^TVO
z1^+Ci*p5rG^myE?t%A9Fznk3Ow!V!5$E|ICRNb;LGFBwgd3X}WJMMYo*d*87L$-Pd
zFW_M%bQe9P(VB#$VgwmPr8i^Uvkeyi$@eCGWDJ`%o|!~S!U(Dj{f@hU{EKhvQ>?%u
zcpIatB(L_DC20yrHvZu68U^V8x(*YvnCPBM5Gp54Up{34LJ5_VAoZGqyA#o20LHO*
zw^JODYK2CCK9dnbQt1C|VN=0&6YTcxG*XX-(I5VD9Yr(LLtt)S?88m{6;5tb>lq0=
zEJ}X7zddlYx%f0^{q*_ud3PzpK4vW#`%>;-+#S0Ao17+(G0ys~BsFibAcZHgE2)Z1
z(0XWoS;uc_m#)x!v?1YOR3Rzh;8h_^0%ZVBx28TMp*XB8B;mk%W6L}g0dCeEw=A#Q
zZA%J8chi(KLK3iQi=RQiX{#?wZ@gj4zqMPLU^0%7lwfj#@UI7y>+1NBkm8^e|4Z17
z(``Ip8f@0%3Iy`2-`_?6sw@(6Y!*5CZsKw_fb;8bv8~BYoW#1+GGUD^X{hJd58+kd
zmU?IX6Hxv$p3l|RyKkvv@iGB+u2W;t)N+zqp?J}!R86PH&~Xl@X;V5$>f=HJzUb8r
z7Jh)Jl7^TC{^u{X0jyB#XL%`;jDo1jy@BN^-Z3{d$3^8O{&cCz1-Oc05<{m%tBx41
zu~^t~*IL-6@rQB2nzS?j&t`*K#81l}y}H+Vua4Z?vInQlJH@lZ&e1#t`sJ!syO%v<
zfCc(vr!1BcCK3ub5T|uH2Qk<_c=B3B0t*m~4QfQ-+|CXKBoihL{~0VJgvEd)!5pTG
zKy;6hdiEK8?U5k!Joh&Nwn5X3fScbd89eC}fv0g>AQ4P+<85GN46heMbE7Xb1K*{@
z6AHhLaclf4ij$_#u0Lls+bFQFw(F>Fey>%5!^qpX`pYM7WurT*GVSSX%wmqei9wJ#
zJ$-lt2v*9h<q;05Kp9-A>#%EiA%U5@L;ni5meBcB$i|7%=7u;O1&jE(pf$^i%fQ!Q
zw&UzXQ&mUU>=nCpir2iTAYXDv)6SQ|0U$vQequWTzv*YS3oLKco_L@h5W^A?*Xkz%
zmSrggFR~+lc1dFzVWAs^Gl&eVeHam-8M!tUk3fgttaZ!}X@NVj721#X`UL#lM#B_a
zY3?2;xu+8m^KhwD3trB1An|EbMl0A4Y!b8)Lv9Rg8s|7ANk+?NuU4FP)<(;YDLzRR
z>0gCRx9eD1ZqF~Hx^dS>GJ14kh`LrHLf(C*RzYU)orrK4e<}pvmsLH!ZY9^gu0F-i
zsmGAm;F#=I))^gE)`hTptK#BdzM_$z#=?^DX%Cqq$1;eCX_+^w1=|ujlAL$+FGeq_
z;L6#({(?u?y!UBY$mOQvdnmD7HRxA0L>PaZ`ZltX(d*duyYR7FD4x4I5vWu{+V7(n
z+wUWAYNTs4NG{pu-%W8X<=?GvMR*GS?t$bJV;$&|LDw1r!F0My8h_Z=N$0-lBAm)D
zvaOoxev7JIn?;mz$oRyqoojez#d31qQaZW2(t^Ml=5w=fw@UvQMqq&PHXw%;cFpUv
zNxqRz_id&ooQf#2rJ5QA8crvO%b0TbgO_rg+B#c~!nS*;T^3GvzZ&WT*Kk#0c2c!f
zc_KPBLKObRi6-UCRoJFWrnhXRcS3RygHM5`mFJ18;ZH5bABs(eBVF4K1~YBj2K@s;
zgD22N{Gzllo8feLdE^q@+mnKmWxe>-XOt`I@6)-634*wUF*;oq$|jL2ywb4Lp1*-m
zA1deq{0m<=vq$#AN?(AF+q0^{=8etCZq18Su}9A*uH!3w7dTF_bL6m9WZJkDX9VwP
zErvk@=M~sN0|L?&UIbb3bHYKs_8|FrWZv*}&M?otfbuG&yTf|AaCu=m$}m&OYD(i5
zE;>wOc_i9FBam=)iE64a2$EF91{6FExQ6B;aN0>Da^$X1EeHhKpcSLRN+&Jx!6jmi
zq=8Cej5sZPgf}TJDz{NpTjwlm9-G+^FqLCw;JnAm57^+6X*S@MQ2Nb;T>3OXH-Jf-
zh|aqf*$mXE)WPJKGkOLWpb8FjN<~@&0GfiMXCb1MAOWfnKpKp`czD2F@N>wYXa{>7
zHCt3b*2B9Y5gqCt=F;DnKA~p`qH{Cx;IjXWdXW0A!AM;ofG`QaNr+C71CjdbGm!%W
zm<)-0hUGX2gwjdVZF;{KnvT~DD)3A3Adj;XICGO*+ZOPa@&o7=Ry77+X==}lXJ3in
z2K@Axk5-TaFz0^oq3HFLRQ$HhpZ4xOpI3Zr)zKGrEY)Ojlud<xhv~k*Zl*UMr-lTV
z*L88e^epP^-<>l*L~FsXk<{g|@+TQwLuGvmc1lml$+uP5R`t#(4#0S7G4<LA4H?_7
z4GRl~ZjMY|QRa_K22sMYP_4=fPOAGnd(C%uY~rh*bqtd_^-ypxJt!Ug8Z0TV$M@je
zLA?g<JpLtMSv=$R>}D}UexKL7VQSf^bT!ermAl=++aKTLh6I@l4}4czds~H=6=Ym=
z^rmAuZNI?KK5O^U-@3SDz(nwawS`++UlE&=s1WhADNruhXqpizIKWLG*gORG@1ORA
z;CO+xy`PxGi{69`5rz4{(g)%_1N(h9^%(H7+j`f21HHg}zg&2xjNaRZxWWRqb^dT)
zQ$Ls4e0QD;Z>x5%__s>XU>p|8a6{1r!*X}WH(VMPicwNdhsy)hcn;XV`8}5-*oCJz
zJ2-d_7Ka2m6I0ORy*m;1e}DcG{!V))`j=MqFD*ClUz*}zHY47<jUHr3&~(grzQc8^
zBQ_dBE;~ce_j3)IDsi>nw8OzbrQxRu@BYa9*VY<0`JGnxla&gu+sNkoy0X~sfJ0lu
zcU!ICk{%b=Ejb3q#bN+NDqf@{dxbod=nrY)v8eOk=m?L6Y2$7?B#MNkJBQu)6A5Mh
zN(b`Z&Icz3ksB8Fv3&Z%3HuirG?-HB?M?i}_Og4N56>eZ@y)U5Hi?NnQ!qD41JTbH
zte}1ZBqCMzxye3igMBsD<!zl3138g|wkZcH?|<Pu<}^73{F-mEF$BG!9UQnFZi>)J
z;2*xN_Z}PWaJR%o#k;|`7js^$`Y`>xCo4aI0lN-WwXe}Vx*<hLiS@}>U&NRCJB5|4
z!#Au<R00kZ=;U_+AuPod#aLu(L`3E;N^GojvSX6HDz$+snL0w;^2Lia)z+M}-We$w
zd#s>@`7a}q0=GFCxsGVtk<%|%ElUFCQyHv88{1EJFWb|{I8DnuZw-%I)^*DUT^ly;
zWY6-O4yNFIO)e^)!<^P%8C|7z7S9Y6WN*_wYi(Yt`J&f;4|5zM>XR|nWs_(|<-*Q+
z-9=Mq1>L`OHz|K^6B~W(7VH>4%z4iqid}hm_-EPmWJ9*Uf7(s8o(WuC8GnLb=ML(n
zkd!HZ20K}=?5`#bMboskW?uvKS*U)OnJz8G3k$Epm2!Yia;$4`=BP%;k8Q%uBB>Vc
zuouppn|QQy6(0=bia0_Q>SXSBqir094nN&bL6=gkoA3U(?7+LNW4k^wtf({NV|`M>
zxyfOIc_HOCeV*a805kN9yk)$8N423gz6DtR)#Uop^b0FDp>Q$*U&nJjj}A|EHtrec
zr&K||<WK7}%&~JmZ{lWXGWyI6xaF@JI-+Xo&-xv`<&g)D7yLc@b^dsnHO*~(|KMh;
znC2@%pn!UPsq=qH>-Ou?6Wp3jGVm$LlqmEhO%eTZp83?K{-B$mOWC{d(5Gp@u72g2
zRrzT$qW^{nDRMF<qW^KWg;?GBiD%%Cxc$n0b5J-Jxxn@pBRC(^W*Et(>t`lJZ2HB3
z5VvAvE2cth6Id0urTa!a%L;S?m$jK;f3iPBhaLx?Zw^{^nl+l7{gnj1RVFw25l#4l
zy!fM{mdpgSyR4QV$26o6dRUai&^U|Djjnu1UcZXl(a<XVa`B&m=<C)eKQSkreJ_3a
zSdR3jpf|3hBKphU9n9oJ&|wh@vvh7!&5<Q4JL!q&j0AMXCGs~VU=p}p`^|qHq>l_Z
z9SwuCBGX3<Uegjj00^jEO;_?SN&F7qyQdV7p!-+mvNdE^b*KG2O+45ZmoIy40s|<N
z^7^<4yrK(wKO*s^@_G|jU<Kg~Qvi7)pHh}!emI><km&m)di4z1eli!@Asm1rL7I-3
zHlhO+uPbS{?5%wcWDz9d_EkHYHr}S)hiPjSGe(w_>VrI!M#aBA|M{Ucdsg|d{vL~E
zVW$67m<qCl&}_O{N4DP$%x|)wsS@f%jMv1NU}~D=FjuUP%tp;|<v;1aRCPNxp?%{q
z&+$&W?1gCI6x-e^lJQQ<Y5otlu{7B&u2CfK?yL5K(Y3CcVLS247bNBbf`7I0?UGUJ
zmu=XWPTY!{210|aqwAM+kJC^zA+w50aafA>0Hx!WEsYkqFen0VdC5L0%gydBsSRvC
zgQ>IB9HVC&-z%qN_BA^13CnDR5?1qt8;lpO1nVs5c1wuF4Lwh2@_0g{LB8fsWm)%l
z>Hed0_%0$JjY}b)INTVB_r*Vu_p5jBtV~QM?qxUZMK_a^8gs93>oz6L0#%eTc%OQY
zBgk^OQucLl&aV7c&LFMa<mni@pi;{k3P*UXEgb%J=(?iLumUI~eS1=*O_*jt)npq?
z3<ilRgcu@N>xuYQ-a_z~h7B*Z{ZQ{jh{FcGg-d*s&_GQJW?+DNTELac?;V{0tMws+
zbiCP4tnJ7RmMj9<$WT!_Rj=`gIzcnZ-_vyQ-<}`Kgse9YlAkPj$>91%Ntv>Qyfnoi
z@AHq>R)jb%-G*g=%(ycysi#;-37@*xE{M}B6#1jh%&XSvqiqlxnfb7-;y7O6QJIHf
z<J~^wKPCt>3pYnLB^NL!sGpu>KD`5Fws{JO>G+4+Lz<&KCp`OW@(5Zxu<ZjNO}-$Z
zou3opu4gcQbezPlhwR0pg_@X{F{T=|`Xkt-(p-?LQcedJ8(ey^Y$@8au;~@udrii;
z(uvw4ZnSGT(KH<bPP@N3NgQ2|YJ!ykv~eI$eqdHi58M41rR*RfH5mL}!lM)xAi4Jm
zL$!Ueir@vRC{w*Ik>-cFqjEkxDV?eCbOWT?r@zcu7MGc^W6dbFGIo2B8Sd)Je$U=c
zI5<h0S?MQs=#G+SNHa(epCvpOqfq_FF^oI|f^ugDRE~C=1{NR}ov2_bJCX8c@VgxY
zmaaJJGlrcjAtMi^R|I4v@;imTup!nK6fugCb*+U|6ottce!I+OjC9`BadGv(ah2%;
z|2$il213OI{+@D<BE~A7zvX)RC^`aN0NpPikYU+0d$u+6Kf1k>K37_{i~pPc1$>#Y
zawHgW(3l;?U?;2YI+bo);XB+hHWdj;fkwy8P*S$@Is@U__B6ygw3Rafu%eSML2-ly
z$ld75K|D1U9HphhTncO7Wj23|bBM^NZY0(l_>4jz)f6Alv*%CGzDt29IMZ%zc%urq
z0wvslO)6uX{4a9`rCqb-9hGlh8i&0Ex^!FgNxo8aT)Hg|hHz=zwF=QF8{;D|qp#$z
z_q6PUMFqR<Y7tzeg(yRj!bPEe{V!0r6%`ggPnb#1+<#zY=;w4`>;wwNb(}PCb2waL
z@V@d^5q%i^4@^L_zj+PkAP!hmJNd~})LRQ<dw&P3FMB6jD9d<6n$HWcY~W0mI4OnY
zM+vxK!Rc<1;-6qGksy3dbd-@@v+K)7nX|_Js{vcEdFRgiX`2q6*!~TY@6t9L2${p_
zsa);h{t#;q?{V@i!deV@CBBy+4fvI5*?BXfh3r>!yZ|rNR7k}Q6i!f6Zs6Ve*k0(X
zSCBRI8kWce5SKK5lZF?(@>--YYgz*#`;kP?MpIEz{lxf<InRoYKNWk6(=aQyfsoV3
zR5XAQu=LUN`q^%#G$cCqxVyppdN#roGg7P<gCI=8*Iwgfx^W%=u$l9)G`i2n9c3yw
zdfVek?!Fk;jHzHJ`{nxT7T)b&`&D%ssA<l3%4;QkUyKr5^YLeBYJN{a`uNjuHv5ch
zj828IBUh22o{825>FIeSqi0IHmxK#m?HcB}%-U9PJ$4n_PxuPWr7l5jF8xP9Q))QD
zDm1Xu1Tzxsk_L8;VA7WetJJ_Q6KpHNZfjuI3ATh_0UFco9fJLvV0AUHKr;E}60D&H
z1|C-Lu$$qq9}--hb^h(~+=U)3xyCUHKcjP@%a2>Ok~WRwk6UUHE-DCL1H#`rgwqPb
z>ws`jhj3g$7zqfwbqM<ugk(V2q(j)MAUpsFzvvK3IYNdM00>LjPuES{;OpI8@Dc?3
z%k?V#m&DwcrbG#8j&ts&pgVIb=P0j!QZB(6zHC;7#}<Ds=bY=7_uEXV#}qP;?6HB#
zvs~I{Q(V@W=r7*Duw6gFKP$Z7MN6SCdS45bGG@^a6bSqBA0XmOJ!g?{n=5tYe`QJ!
z^1m{qk{tfHpH!4X-RNhF@%HUAR_IQpblG$=JzC|-lrkeyaNnoud3GZy2FmKX1Ki$j
zKRdnxHPDk{43H?<_kJNdva*4fO@|k^Q(5J?VM4Ys=Ab*2cpf*Hf<!5p-e0f0!_5S)
zug{Z~B+6P+UP&0f3JFLVgcQ=}sYI@jah-?sDn_tli12Uj3AV#)jTB{G3}>|T#dM<U
zF)o=|rRQdn>>LF@**V7JqS+yE$uyC5>yl}vN_uYcN)&#VAy*=`<==ON;?e5wK~c$I
zl>}(3*fE{XlhK;<WQfI|19O-KtSGTDvy%k5L9nZy4L#?PTY|P*%LiK>MBpddJijMe
zVNmCjJ>m3wuuCr?|Db3}Ighb$=&@$Mc1Ud|QU@(?HrbihW-sg!VN6!_;EvQmI`6*+
z^$=ltH9dd<*rzK^kWy%shQt_QsEM1bnxQ^?@tXgJ%rzJ)%<pGUQ&U#$Q+|<xcZ{H0
zn~E|9vgTW4Bx;%uY*YoM8~ANLC8mUtv@rDKE)ht44vr~P@<r;^^infg>usjw9n$I-
zIR${gqBFx{T9Jfd2!nvJC&9Xg8#8w0HqK;p_rCWsg(1*ooXHu|YcGRSIte}dcu|P0
zeY#VRMzE`Jzj0?Es%i9%I-<Y5;Q!7}LVJZe>A@h{DX|OS`UbU|iQa63lhF0+B(i>J
zDcqD-PM`5x2QtOEwq<&o_F>4^(I81LL$a@?8~14cD!T4b^&=}9`46>f%QA9@I*0`2
z>xfsZW4wZIeg`NB$Vdu9JIC}wvdLV*S`1b?ic*!@M7KjA-HTX;NYdCLQT`)J;y7*8
zj{NM$A^z_ZJeVJ_s1N2g798IN_4xKF<7>AZLOo-@<Gq6ptcGw_Y5uq<t`z6xLd@&?
zg5X^(qfF;YMww;;!5K?T7i3lj3ds6vX8nc9w>Uvaw`UxQh6QX%qi=R}qfmKv5b2v%
zmA;AHty4@=rj?}3=DDEf0iSpF&JYc~M~f(!M|aRnG#;QcUWhpeZVW3^Iz=Y5TXgbd
zR=Q|7B0BppE#ev(<@fg|VHaAEo_?GZtiK0B@{)3_Lv;3H%HHgJl$q8ueed__EAm#(
zqJ;$;7TTN+>$Tmo6&Zs2A#Z!Im2%JB^mti-XFaP5z6Fi2a1r%M6vu4A_3IqeD16q-
zj|(~bM8kG@MWStdsRWs+J)qCQc9ULn({J|YsY>{B1nU4}5m2?=xfpFFOpVKF23E~@
z7ucVfyiNAcitOgT_D`<=$~B<I_?U;1VShL!QgA)YevrjI(EuviRYqYpZl)($H1tIc
zJUZOQ`Wc66_?vA}4UcAO_&unGcTnL2u8%$*t<%TPtMzegQLU7F(!&kwy*jyU=>OgH
z)<o9jf`g{FLAJ?T-=@?Z6mwRdDCb5iTYH_p!2i%z1p5S|DASt;cQ*>ftp$a-9k)AN
zX^u*%xYJD?1Ih{ZY>ap3l({=W{;!X#_k6)@{h7(+q%CSmq?IH~A}a2u5kuAwP{a@}
zeh|AD1l-{*ez}bdXC!_^WRv(oXybuFRY*st_(~uvtC2w7$&OO7G7xb;o#HEj$lq5X
zf%MDvCxOfi_a}iAgp)PVA{$Vc5+)l^Ap4jtev_$ScMus+wgjoSKCa3?0$^2oaPzbI
z?e&CJu#pYQmbcLybJpD!?N6SK-mQphr94B7-)1U&ALF{R;_QYyu;lX}G-{6RxL(fe
zI3t)z&?xsrL&nJ+EhCD%%8P_?wa`tle*Q{xoVOQ-9B-d2NE4>gfkiC5d_5i=@kc5C
z#=DT9WSRQZV#joxnk#<=JEbt8yB~%OE9%-6GuueX-F<cZXjm<AIJePS9$Xv(3^zoz
z!qXhb(i|70w^nL6?<bQYl}W)~vHjUS98GQU*RrErf3_lxUA6xivKq-$u)G!S|L#@o
z|L#8fzq@w-x3L>;ily$rG3#mn^X}N>?Jqiqf&y^FlOAn%z(Qw2g9wCTBW60P)oWv<
zSOK=1ez}q)NC7L!f|kzci)of|I#}fyKDx?B|6<&4!)?^-M||Mtxsm=@*v(rQtKRf{
z+D&sBqLE=4ZdU1!p?-6{+_)`k%|8Qz8~cU24V+D#+tGaSpMqC-$_<tV_CinQa36c3
zm6HPX9L7-S1P<BJfh>yF)fVN{JzpeKglvj_so~6u6m*i3l_aG$FMv@j^b@Q*<f+Oe
z0VTNN0kW7VZF}I19|`WOmhvWYrn2+BL^Pz1*2IrYuWA_i9pzy_{&wl1nv7uc#7K2(
zsiUi@e_&6!evqf7?aOOW{}{P`>D(NMMyay$L&_YqQs!WMO<Jfs(XTu-tDRiSlsRpx
zoTQgW;v~I7leGM*JW0!yNwVDUZ<1QwC&R<MwX=11;4vdUjC880P~BkHD>GH340h(S
zGalD*_8pmiF|v2fs4*kQj~F%~M_$Lk(s&jDvAisJ=?{XqYD}j%ckt<>pD>Cv5?3Pr
zb1#k*V=Bef*_nCG#)lj<i-wEhwc}#U4z>~Mi`V`VW7dg|9ZZm@E6VrdnfwkH-5on3
zX0i^9GEHFr&n&rU$|@1WmC%J3pC361D{cCmy3$dA!PqbpZlM}%qM@#dINpS%iYC0Z
zEHHrkbQF&VT8184tEs3A?B3v@g~QL8EriK5w*V3vZ+;jEM({H4DII%cW=}!-&`7%E
zO0G*P=IHu_w2C2#)oQeuAK^tsbq2kRH`!g+<k|PEf;8x_YyO+$*7r^CS?|&$NT$&2
z$K#<{9-9xMKnKw(mbwDRT!63((Q!`NZ)~R$Ok#(e?IB1T?o{}1pWN25T^UmK?Sp`H
zq^~~}e%w9YqZ$2#*{xUi^`867ct=78UuJ|@^YwKPJqhgt&5Y<JNS}O7dL|w0cJ9D6
z<vRti0qPHTCt2yZIse=xb5-X2YL0rXZpF6#4~J3vnwUx^{g0Mtj{HSq>BwiyC6O_g
z#L@C(<h=x9*0?%svF>t5%ICB5-w_blEPB={lQuljD8{cd6<X12n-~qd0CC3shTe9(
z4Z@^4{t#O*8wb;^2TK^f=#m^+QK*5neJVmwE{`|~-I*P1gsBIgva}<ho!Wb5cP>O~
zrm?X|pvM4`&Djt2(zyn1Q^0tC&Y}!rc_Pwi70L)Wo;<oIWSH8aI1u}JPTI8Oj8{4k
zK_g5jk=o0vSZmZxo=n1U2lnV}_NOT<Ok~@ow4$NNhSy~+vYwQf60z+*He1HHQKpG+
zAs-oK%HA|8*|cwSO2Ovr$7T8GQi^HqPMhI|t?e#b>G7aGc?tK_&#~AHzoj_`2B$e&
z*nZ)CcrGo*onl%sFxd9$#TQ31D%3lWJu`&~B%@N={+8m{nX{ZV5OjEEf&h(dVvXc9
zu^Y;1=araU<4HdR9~T=8@I`6I&u2U|<kDk7Y%dvzeS}V4343{vfo<362F5Bz7{YwX
zLnDT<cUgv<kZI#>_ridqali{y11?P|D9KLc>j}oY$!54<YrE4{`WKA1Uc;PLHpAvL
zr;UyG9$U<T6!w?x)eFF!)9UTao}N-D!XQgi9Gh}VV33tFXpkkW;+)nn7kOnMQ<`15
zY>>Y3z&KuD($cY|KI3gj;~jsi2aOjNJ1wL^Fz##^HxoYX&hKE|*}H!S%RjrL&G8~=
zb*1bmw>eTEiE8g6{F8Me4=}@BEn#H<zqdQr%)<@twnyC*S03}=|7MEu>rMIj%^>LK
zkgfDqkS*_)!R|OF=Is#r6?P35R}r2k&=$YlZc4piHypE@dR?%Uo(zJm)9n?AhT15i
z{mhZvO0bol2x9$sh;^xtBe@;)X(>n=3}&`D&ZNbk%O1l1Yj;%o*h@@i0X&P*i6*l#
z!gP;dvfz(<j1i!Mhp`!DtVnhUImEC_iNL|YmC9ILNw_^;%2}Jn_)0LCF#3;*6c9op
z`*$?*FOYbKE3DufSzDDkqv)8AnN-Tiv~Cbr3I_Nu`-^Sn7*i2rdb2_8M<vT)j3BMu
zag<Hl#UiT^vzcu*>FYOu!y)MzV?QQ3*5IE`>v@qaJ*Hva!CNby9e0(y3P(n2V_H-?
z-DW}1Mz6#l^>PSP0VefQ>2&LEu(jyNz{Xg}Y+Pd%QX9#v<AA_0Yr*_s%dV=gV*W+T
zm|pDI0gQjaA}`}N<v+~&BYi)D={gq5kDluQwdN5;tx>5mp>R>L8^aldIPoeR)12l2
zjPt7k9ma<gE2O>snR2s3_w1q!ULk`=%~hTAfm4}iv-YO<oQKn!o%J~lm@HgscDF<Q
zzT8;K+0^bSAmt1yRUi4KW;keI(}TxGYCSdzIegLM5khe*6_xfdDzP)W{y#l1?5^xS
zz1_!DFuI<=Bj|mO`sM6vY3ZkmNtsIxomMaLgZy$!CKnX=BIoGzIRAR>BT9{q3Rc<b
z<*a4Pw>8iq);}M~^XB{X=SQgG%73qW>|Eqa%$orR|G*%$ulUAOI-iYB8+R?EmovKy
zp3JcNrEWJPz#!2@KH0^>`Lt!&#$*fc>(TtZ%z+VX|MSbG{toi--h({NIYX-50p3<Q
z!0UeN{{YvW&2ju}_8#o&Q+k2#Dcx(-TtDYCo>$8G9CI+mNry6?R|m3RRv*fEUWvJ?
zL%EUaP<GFnt3IEsi~XNZTd(wx&*SkmIghRS^LUBxc|5S{^BCn1<vd>Fl|K$J`GbyT
zls|T6k5M1ZD1SUNRdqBsQ6J4O>gA90@BGUjmwwdBA61;gUHLg2|ATT47ysaM4x0=<
z_N(g7W5EQ=>9AOOJ4npC%}yW*&SQIFSBvgE77dd6JpL*N!s$2Qd2DkSTZ*Osz;XQP
z_t2f>j?lFSuxrUJ*?9he<2Z%=mmSCQ`AgB2bo`p`NnyJ-&ClU$nh9gus2she%F+AB
zvv84RBOSf$%q4z^^hz^aW(D4(mv4K}J@)@kNAN?+5xnXr`3R1f^?!8)*MGLEBRD6z
z%HuaD790e_dmAxUFZHI!LwEc0dc6A@oM4^xr`*h??uQtB62fCt@R`fp(SA<1nXkdo
zbxUMNSB^(}vJvPn8KjXvz31BlS?qi}bXj-4ahGFGQ#$4z)XJ~Qc^CWlMAYipc~>|o
zOn=rrJe<zD-|XzHdqs8DB`v|TuJsW*>kc&ach<cVARBF3yrPR)tm14kYR{&5LZTqO
z^?41>rpTe}Z2Hm9+2jdjXXTK2Y8|>7-I=dr&?+mWpHC?M%KsPLdD3>&ox8-5?)=PW
z8r^xq)2!oT{dD{)bbP^w|4YYj{QZB@@m1Tf<1ar#9bdRW)A8j`L8K_zni3&k51266
zp|T(HlqH&qto7r|a(dexrE)yqqw07*o1?_B7fb?H!BYm7D_fzlgu?kClCE%;AXl4x
zF6OGedp<gJOa-R19#8jWX!kP}1h5}2%SjYHZ_j{D7wfgCcZK*jEKKwkTH*a~EKKtj
z+O;BOa)oSAe?En6zt{?2nX~&<86go6I_d)1>L@1pa6q_r3w)wgnmOMKlg*r2GV!H(
zpVnZ_cNrpEjaR)?wej|s{%E}YFSZg=c}zCmDsCugTtk1x+v#e5nVtQgi5HAdgnsxv
z?)__T_Y{h|DRo5hI{fvZJN4jw`f!TUgD%R~t_J>k(9E|7tdfQ_j2Ko)aa+aw{B47(
zTmPjWwmyqmuRIE^Gh!F_ms^MXiKG2?;3rHuG8C%Ct6pZXUW3K7Gn03hKNcl0iR2a0
z`8b13R)>G|fhO^j+&JlMBctFbmwKCw+?wPV6d~FjT_aehx>KiyW2Zt68Hh5`#UmBU
zn4VF)1LcnOuA}N0r_6<RNSWrWuHx0o_jBr>@hAZac`G50h%jS-67X;W<R@oVCdM}m
zg!l%jQ(skRgOEm{4RLmX?!|dS8{Wdh5JDTaPG3unJv_Bq=S9Q6t$d*eD*gL$ehn6S
zpTUvH;z|S_WiXEm8%yxN3-RdFN2goeX1dS!e-WQPIFaJh<%>m>!p5hgpFKf>hTt2t
zlovou`n)`X5BLa<@exQ>jNtz)zWxKN-2Y>||CRdw|22qmjvIVlLJQ4&k_j3=Pf~|D
z&v*-FlT9{-IcJYM?Qusj)L1~BtwDWUi)tH35z$tuG%p+ks>GKtI_U#V*zmg)QrwPU
z|JA@gCRja!eWihYPO!7N^qQ{*wuoRm3HGxF_9MZT6Ktghwv1pO5v)W5TT8H42)0oJ
zD<#--1p7?`D<fD6!G71kwh%0eV1H;}I|vp+us=1hJp{Wj6=6p-umc3!L$JR!u%iT9
zMX=VIjBYJ-8Qm`IA+I#XqV?<v@2Kq2y`!SWX#qGpbvR-BR5(|AFq}I3d~vStqodR+
z?E!?-I)n=f!ZJWOu0v?LU)9Q7zzNu|%Sm=vKCmYO!n=ocImr}+et__X4k7C=8KDy(
zJolF`!sX*KLPJ3K=eRDlMx~74PJq-Jy3}hI6olUZ;kXWAz;zknTR`ZgOTG5;O_^4+
z0b$%tl$_S*fIKwP%RNT;yo$G9{%Rn6WzbRYO=SvV0AU*b>=F85f*^T5gstAA9{hcY
z{q2*m<huM}Wp_we!hX7*WM_j57?5i{{8Nl}&GoX*BTY=@R|}<)>@QbO!0rbByibU@
z%w3HG>Blzs5yXGMwslno&=1)AE;svu&m!WxiS)1{gMA1;e&>iFal4~=7a(|58oKm`
z5~eMk>p|h>Q(MSMPh3j_1UVet>iQCzz@yT!-aSr<Qvaqm>-<EHsMu4pSb_9R|46|F
z4}7?u4bYA~uZJ8~zd5~vbI@PeU#>VWB6jL21#y9b_(3{#bo;$A8r+BY0E$?->kJ#8
zyPw>7DFAwT5U8;m{#k4A4oqslj!o9DfZrO1HVXcE4*nSm|2#>FjM!gkJhmTVW@acM
zOnwgek^Lh1WI&X$t3UrfM4?%B3QfIL8Vgc&jJh}TlGrD0;JfAqEl~@=&gU}vmVN=H
z6@t$Mz>60yh=Qc|E#%tkM*#_-c#HOnoMHGtybF@6xFD0R`$<UXS1#>8=k~yVcd-Au
zK<#$-bSJp$xu?7Dg+UEbB_EV-eRRg-zTZvMazCZ2K096NpB4$Z3<ZUX)rd(Cq(usf
zr?Yo5h2nv2LyBiV+=1$~^hoy#k5U5SiWJH}z*P~}omRzy<}p0qhlOsb!;J|pa1Ni3
z!s}OmFo83S>^D-la7M}ULaAk>U(5sweNkrw2<8_T%^)R)b1CuK(L|IIgO#i+&UZ;h
z4C8|jMqjhf;M?0V?TSTC4RSa9t9|MAe{nOOAkim(fRfKfbUw){m>LaHpkZu(lZgL9
zFQak?SS$?6A%lqX3lU=KH-V;Y1`CH7tXqs$uZ5s+{_<`V^eqg#_)G&F9mI(C$si$L
zo$)NEzBh>sW74g&s*Mue4HPp=KXqgCT+Y{RnAEEm8O;xbs#9#p<IB{KFIXAh8;Phj
ztsr%4-7YrA+XSV<@ps%FqO7XJUEx~3%{kZtx&>xfSZ9(G3`tWP3j(EydIdrw@-}2D
zLra=i?a;oZd{cX4+0Z^wl1)8w53LPPQ{_5Qurx4{#(TP{dc1rtuW1&a(Qm$=55g$l
z4@Pb^oqP9WKTB*p*^j*Dszc7R(UR-iw5s>d^3LQ!q9-1rWpjA=ElstrFO|(!e^7M8
zO+_!K8$7dK$`o>99XFY>X_m~-G!}ZCWCvbOUB}V9-wp1THvE8rt_*D~IF360%-d}2
zAu$Y7+I2d6JKhINIW^dsYovnvcmW2<=5K|=rF=b+ZapL2Q2+aOMZI2p-*zKQl(hTp
z8tmH%A`oS0L>Ajk88$ZRMCZ(K>c@L6upb!AXR$elh1s1JxG-vqKb#W`@nfKYnTjL~
z;ceIa>7L{tPc#*k^N7!vETzYcHfMHFm{ip1rl+{QAm357vfkPqf7u)*(qbkzCC+-K
zfsh@W=qYDkr_@i3FV7ijcep6NircUHYVB7W6CL~9kKldOa%{5DxDm})25FR!f52iZ
zEFgOpv~rI1mkq&G@HkuLiSg%51$`iB-Z>rynZiSpH=|q0!!-1mgSz_&7%v|eZgb{P
zxNK%!43~{F1m`ryaM_NdwDGcWKJl_~x_J3Y?fvyMt2R=81N2M|euj)VZ%tu+E=+1u
zIIU+viOE)3>Is6d`KGMfd7c2s`6sYhi!-Gi#n~AFtfJGH4=}(QxP_WNj#J5wJ5p#v
zqfp#bnV_<|uoYctj$_iaJ2$-C#vXqzCxnqaIsRtOM%RaEgy<oRtCofAAgTDh7{)?2
z)Z`4>R7YOR_w%(}_bquXoAM=|Al~nK{%;BsW6A<y+S!D%gFMb15W}V1b<JTxzY;8M
zZeoPoIr4PRu*DpVISUDhBIy2liovw{SWw;`0j_>{W6!NdF@F6kZPT0`kFuo{&>-gz
zNML7w%nVVyn-V=6+`q$uIcsy)RW@_K=IW?)NI&3AF0WL;oz-Ba^j;{1zmgrNq=xbj
z)|SBjhV7UMStUk`Fho&VvyjO$<{++GHkhk1n=!Y&ySHxrrZ5pAGtOo>Wbd9G5tlt7
z&Cwn&nK;hi^%+`eU|ULa`~$Z#3LitkF*i;$9F<x<1;fo*g?PNoaWhcJs|?QhMO~O}
zG2?~T@u3iHnlsz|DaA{sMOBC^E4i1>7GGw{UuJ|!z9N?14pe#R#KNW)v6y@5Orqn0
z7=O|9#tb|KcZ#bOfI*r(O)S_2cD*<z<KhZR*aIV#{z3~aE4Mo$q_l#oHphk;P1t(3
zJ1Xpsi_+?h(`cNFODi~ww9F2H34J<=f0br933Ra)8vj7Ey$hlp=4zUrR3JKjQ(7;0
zjTOg~cw3wKuKNqTcXJ{w>ZGl-B9PDOHOT6aDaA0-!0n*X-bsYpTwopqUpLRc<TM^-
zGz}MJcGHrr?yFYDY(kOQbk@ypu8Q5<1BVZA8|A(-<2Pz%BYK&Q-Er0KIPFOnaoMNH
zE8g_hOZ-;R&gaR_omJ(|U3jx6-?@Q&=cdiB!6_sqMha;KC&2M}N;=4XfCKar`)^H7
zzUV-iTZHj8|9k@irG`dW(ikthTifHYnT?d2=*2L&kq}KXetdF-Xv*KoXCxc$3%6Um
zG(~V*L^w7e6AajIiAQkXeN?Hq^E%uU%linxD-tpwLN>0Md?7I}S4y9>wfG)^LPQHg
zodLc06%?tLNZzJs#z+;TbHU~r@37`_>SD*-?=W`z&PZUl_j}oG+j46q5~JJ-hD@Q1
zsY4@uJ(|BFjiiu{j0^wF8jc7++4A5|DctH!w`M)knp8QmrK(xJVUQ^v$G>^u^%~4_
zfR!fp&CE7}uTec`y2`ip=VK_=<!X(fPxtC6NIyKIwrsvMl`NaVWZ9fJm>WT(0X0v9
z+E0s`JeZ82!P43ZXar3dQGNc2XFOyq36{1z$kg9{__N241qp)m(d(x@t~a=9dN(56
z?#Y(A;~!V3Rwd3J?n?J58Q|&(`hAR2t0^CIPE=L%7p!L2CUrM*nt3(ui(H#as~1ys
z6`4IFy*|dBu42%u;VPc{1@}Zu3hR1btAS@Pc74RHD>Kx^?<<M;fyVAf$qu0?`f#<8
zlFTYanNXAtHXLA$?gtdR!>z7Ss+hNUK#O8PMnlH7fn%JLzU@H^tF%X?3bheKmEP__
zLjU047(vtCdB)4#$1r~7Jd^0zk(dZt^@9y@SEO&0-8hbN*Kg<Do+|W(46j-)dw1-N
z+uIzc*dfgC2RO4b?d&80&5ZRiErth&ACX?`Mw{oUhXwSKKq549?AY=)Ffni2^!3V}
z)lvbI?68X6oqXh5R>P)cH$C1O;1e6%ki)9RT*1hZz${VjLW>_f@*B>baTy0KnGT8i
zj1h2C(+WqSXp29S)0(m5oSyFg`sU-?5X_)(A2lHY=DLDkNIf}<$H$I<^hGC3`Oo9A
zaZ0M6z!v5c&=MP#dQY?YVBn{J^q{fh=Q=b+tVoQZ#k!zQjGXThbDqjt(cAyQsR7cH
zl<rRUo^R|>^e0pIlaD#Pd1ghSy0==We#J&9COwiZ1VxrZfWWlsI7Q@V=WkAD67{n`
z^bzcxieT@aMM+Y5zRkkW&w4O+bU8!Kj((kFMHds~U?+~WbiipOL&ve<D(zYG-Y4ec
z{DY~eHaI$ho|=Z~6-CEXR?Cy@fZQiN))4M`q=wlFnHJ~36maZJKQ5JbWrA1XR4e=H
z^0*8p{H9vj|3zDQDyp@Kv!+KtvQBh^DMa3)$RZ6P&d3aOzIQGXE>)2cHTgL~?rYeP
z@^g~rYmK{_9A+?Q*JC^<%;GkV;`uqve)DrS6v@hSmFMTosvy-P4Dxe^tMhZ3mHeEO
z>tT{j!!Y9SJU=I1l^>Qa=jYrvI^0iw&N%w?@YzKCG>r0dJ_w&i;HRO+3J#+DoWjI#
z`YFB6Ds(q;Q-`Ho_ysBjNFVpzzJXT&qotj!`>^5u45ZvIi3i=DxvKn_AH75qn8(iT
ze{L~c=VXiBIV~CzWwwPxnX#-sN{m?+7s>OfRF@Ca0yoFEaMKRhKM%M)s`jE(?dABi
z7o#NRd^%2*2(({Zq~N>%@6!GncPX?zh_wy=UrqiOjE8nyf@GVpJmc)nspdq}ir$#s
z0x}~dI(x%~6L8ep3m2l3)K)kp9pA5ige;_>%CoWz>GMbMMT6d$-~u20Ec`cRZo}uK
zV>V02-VXHd5MIWgP1U_*xdH%?lM5qp3WK^XqKn?SO8Uwywm#{`J>;nbYc)sR*@W_J
z&PAq70nCu(a)Cfu+~RD`CmB0|)X~!;EM({Vv=b%J1RS33a!+xRAU~19#V~SugU)9G
zqM*CoIW?Fvv@bprh*dx-&%qg%XT>T?con0Sw_-qT#0^eKHtgJ74d26mDK0JODbT<9
zwVxT?;HG%wuK<d<Dm@z>g)|UXrQ~LhoG{|K=OK)7RJk>L{75BP=!E)2fnx$$9Yw4H
zg4$9+)a*@pIlIJ?b40{MoYLh-Dlk<-oRX~)X^aW_cz(_-O}5G}VqrZj<|!tj9!G`r
z!y~FxoAb04_++~r9!m}l5z=H%c|?^abBX#peVWV%y&s;GdZ<6#<ntk1z)*d7p{w%Y
z9m%Nf=`o)VwMju&b)|$O$9z|7JO1wKCSQPs19T}$I&gsQwV8)FV3sc+CRkoX>e5Go
z<<+S!?Lp7IMjJ^#5La*EQs<Lds+5?feBdP9wweWN4}~0Tn5_ihn9YAS`%8$4DoHdf
z1&eP&Oy^e^EoV1Vf|4w4Ld+LlqTsnKQZRD6coSlRuY?`)xGS^d%)L^b2hjkZ5rpDk
z;u;DK$|`=AS6FnCOz_$?rb8$-sg+3^q6pSfN``=s^e};}U|awtLm1AVq>1w;Lud@P
zOE&ymznM7W)c2ppvyJd%NuueVI=1rOn#=N((zY<<?V=<>+MNqJ*;*oQb~yFcNoj+9
z<o?kQ(+$Eno|ZFQo0jwOASErQ-+Tc7Lw-(+S{RGd<^tJBxj>qrSyl;rYq}PFJa=B`
zDHO-?S&06}jWSc*K%H|diz}|VGMA=x64HDl`M0tZ|JHX?YfL9=45jDHz#t+gXY3-S
zp45d8Ww}j|zvcfX{;8#$pHqa1%Jk{j*U=a`6lU;~pA(*g##HMg7*Wu^iT9M9<AcKZ
z8q75V3vAL1WXE#Ol4E-(F`?B{UO_ohfm2z0E+t1K$(NGL%P7TCS(u-D$#<leqN4;&
zQ{RMYntJ9*s~~Myc+F2!{4#R)C#`pHiplZ8&|H1ioXwfST5@TxB7+o>wkbkBlVW!+
z=^;o7>--IoUqb$INspQg@uW1^6eZ~S!3j1W@)NJf5ZMAe>PZx&)N%0E2lB$aDtIAN
zY}3G0c~V-m!i?kb6Hi<fL)36Tws~Is47uY&4HAVk$8{+qTf+{=JQT?j8+*IC7rMD%
zY%RJO`2XI`vIW@9H|kS2f10f6=DJRi0=jS#5<O+)Co0Ps&h!Ky`={Uhr5h6+dwKp+
z2#+q4{Y9d$zliZ|k^Dv2)_Jyd#P0M8y{X{WTadqW8SW`l!B6a$t1I2TyEUMC`_UC1
zlx&flVNrq$^OqEczR{U&vIBk8n&FotNRi1RweUYlq{C!MO@^YO>b(K<KB*>xtQAF&
zO(j@+4eWk`Jx#C<8dxO39wS(^2G)^a4-hO?1B)S8U4lKTfpsI8JDuJq)xf$F?014C
zYhYG_{Y)^M29`pw4++*!1M6c@CpZP(RA#+ja81+YFKxhI8O@S{o3kmnrF*9|P(e7=
zj3HdsA<X5W=aEtwAiSyzJ)f;0d<h6I=@4cq2>F2UFC9Xzf-oEq#^?~T6og)Y@SF}|
zq=L{E5C-cIp5h3jB>@on>JZ|u$!qm!C<KOG!)K;q&brn!;<_F*cq4k~bxnL%YEWB9
zl6uO8_h7(2ch2>_AjrW^pq5FWy+zMIZN3~$(ORdZ)@><fpoog(-EPW<mFcPj|FrN%
z8i~@K=9DE1gKQEz&<|)*>dJpCfFF_k2fkF*qC*AWLT2`tb-95Qr!T@u8n;LvvA?YO
zXLH(t0G6eDe}eM6{_$XiCoTS3&N=9AUDjQ7j@T^e30|8hJ>8swcmBQ<Ex0q$7%K}G
zPgEmZxLc~mpJPHJr^5VNN*gVay#AZbsQx^t-%FVjym&k-*2L4u?*(1rp(bJSqd_F;
zwrqov?t~j47lk~zBuS8kT<}S3Kj^Oh<sf5PO<oTAu!*0SgYIubbHDmxv`~e8)k21g
zZ$^79U4^MA--V%kmuhDJ4`=_6p8cd%bo6IB;P2=tl47sJT1!e7ozsFT*L^<_x>ug(
zo<|VXK(K_z5M$1|J1h3XG)GUHqc@W}*@<Nq!KgYN1k+RyOryp4ji$mNj3%EMm*mXu
zY?Ri9nT0gNIk={lkE%Zt27}X>kQki??$w+hN!*2yBwN&Wah2QwTl{uYKExTMIWF5u
zZy70Jz+YnCPN7d>%eIP}v91`uTQsE}up9moO}!3?1qV&}9-JU{kg`*=^psJmOaPNj
zDMY?t&T4J^1Mg25^d~&K5e$$GE-cv9+T-DYPfj#)unv}iPdMC^p8)CzTQa3L1I4_X
z27E&ZeX?Q7%}J9O{~PPrPSLQRb!;bkL7PUH^0x{q7woeMc#ks8k#LB~%y4PKJfo5P
zO3Fp)k?!ntD>#@PjPJ#@ixm168oT1Wz&lKK$8&716T@I!wnF0un`0~c8SWZ&$K#3F
zY%4us?B_^m+sBdIHkefoqPTfRQ$+e5-}t#G?R)gJ2fS+qs6_>5v+5c~z;2$>4m6&I
z5q%1cF`zQoKuWQJlp>b?Z4?b#Y-|<9xo)vz8oalv?wjWHV1sw{CVRF;V^Qq!>9_<z
za*W5Q+xOt_SJ>a~I&LE*Nrogm<at34ZB8hseH{E~0j9Sl=b{DaU<Bps;*ji<(&mUr
z^lQGuz;n4R@BNXqC7d%YBpofp&!(AC6?@wCKKuFfdM591{E@!+*(&@XX;cIm{anvP
zL~8HX>g;zm$5q*W$8?clqMV%;(q2<`TCl2tp^D6IlhJy2<pHwZk)3XGhIHZqZ+2QU
zH{Rig@QM@|@7`NL#=Bsx@eU?IG!--s75tm_8X*8K1x*u8MSZQ@w<{K=V6Ny4-0^mL
z2kI(B)7|&aEq=*QUCp7UWRVd;CARZSz_W4(0Iz&t8l><I>iE1B!VT9^jgEu}8)H6&
zp`}-llZJeU!G<S1R-t$(jY|?v-J%BoO!?p+OJii@GIcn}#L==1BpjA#mmmDvKr%6*
zr2Jfs#s>27q9inagcpM?aTVoTzGidmkX{(whTkhB`^Wu}q`AsbU(k*%J{3)yz{E`X
zVMcn@p}dr|>QXZ_p6*ToQf2zf5dOgZbWLcktQMn3iq-4v9|nH$((8ftc$ew*;y~Hf
zMb9SL*=T^5E2#ncIE|9snThsI29G@iPS)5WQqx9*ns&derWr|1Tg@<dt|-XA?N33w
z(l!dI36(puFfU{{zJIow^g(Fo*dIxPw0O0@hU!p5#eXDK*AQsxc7vRs7q2v*W8!!K
zdQ})9hKc>05t6)N4k;UkUfZ6Wt^@#=qckxYQ;CC9Mk)&T?w0fNE;$K%2ELVE_?-3%
z<rl|xaUGcoFoIugJA@uVp-c?6yuxPXW(e7XDZ?kd4h)(aOp5nza5I6&hJ}nNX6ky*
zDDwD6b7yxr+K+seggKlkmW|~P>9Lqz@OA3Y>+(i`<pO;{%J^;uI4NkRj!3)FCWx*h
zt8WtHS$H6lp~qw<?NqC2!b(|Xl)Dl-J1>Efs{ASS9jVzHL)%2+nVE$?%(&ZNgo5S4
z*v@E(Lt*-$`#yS!qO^XLFxTcOgI7D#;xC)>k1>TXX;#7`Las}626A#|A7*0G;Uo}~
zOzKPNW$slPQK`uNEkj(E<mV#or&yTmElgsCZ(`v9Z(+Jtig(<mn>RoUsTu34YpO1L
z<#E7qT#~NU15xaVYnKjV569TUF*dT_HpaIk<Hu&SWfmi|4>C;=8EG-vdJb9YuFnN!
zK4kR`D+Q<n1N`xCg#o^PR|fd-x3y(}uVa%zsW+^g4=VNrX#Dx%nu(s=iZekU%OPz6
zZa%a?^>I{vNP{^k)H@}*Y2xr2?1K8O;2o*dXj}JGiz$CYATn0BP07br#b>))dig11
zrJP^0YC5D^#L`NmJzg@sK7|KER=IC&cw>N=DTBvOS;%<Y?Ai46jYY%b_|rFo7FNsS
zfSG>Nl6ag5$#0mZXJbMr<0WzGhT6|!Tzlq{3O@~Tu5FxkSFZh-x}iSK<T%Y(hOTC;
zWPXvqCK^!_kFK`ft%*bTMJWfpMRX1U79A(E=(P%qUa4ZyC9tC+?(?!}eB8LneO?y5
zL&Ks`Kix1tQ0uD!M%<Tk=Mvw-)!n^ZlMOXw)+#pCd!AIdrkwR134=Y>KPZH(GZR?n
zydVA#S!db|g>{-UHE#>GZ9zLKIt?^<5n1O5Sln<`nzPPudWG-xpeWg&E%VQ7ru_57
zKfCJr=O;b=@XuvF{Bt2g%<kzY-|sLi?C34*pk;C|@yCTSr3xeClVf#xu3l6SwgJMk
zcYq1XaT1j%DtX*VJl>~@{Tz6&dOw%Tvqw%32(w*cR0&4mAQ)M+f)RLS`WJSbX)FE5
z*v~n_qHKiK)7f5Y@_jXXZQk^|?zP=v-n}L#(6$))8agU9{fPu6Xm7<9#zgXd^4A_0
zl-}QRS3&84N{c|kq`dGO1qw<NYu-!|q$RPp{4_!S_Slc!OsTes!q{mOMImOFG`4<}
zQf)`b_&KDyYU^LFmSuq7gQ{&(--lj|KUu;|MHv}#W6~wo*r9Lzk%{{k$}Z^|gGWN3
zx!7$_z%d$HG(qGKg~*SDti-hdFNMsl=jC0&z`G!@JI!!LW?%Ca_BBt%z7_yG8rjUt
zzA#Pfpk`k7wM4_d;9DtZ9<i@))Dk9J8m595IS*T)=3!8XkL0R&SS2J`OB<;0u#Z(d
zj8c^sCUnsAvBD7$@6Oiex0o}%!~e#_)RF+B>d@IJDYUw171A7kNvTh37+FRr$$-%)
z1NOf~_d~RdERy)aFG7@7UslV5=WhZ(n;t6&j4WP;b_m}8iq|o;jqb%7hPK>2pCNt`
z??)hfJKm2#_!1WO^A@K0T(iEV5(tA>zg=@~`7*jLn9%QtbkbuHT<vvyFp7iA0o?Kq
znUAU#nCi?+;sTQ_gY|q$7MM_vuSRP6qe-MteeKInCi2?5^4gCLsew2)4J)1&EcKd$
zR~d#>-^v?Ht-O^vyp@-0(n{!EyPxv2TyYa#aod_yytXk^oFr0$LRAKmga4r2;r)-3
zgyMPzs?k&i=37F(+d!j7%KdqS_vf9A8uX_l^+)c7mGUr}pcj1qOOB0hj}33tmDn)%
zd6HR-PYN^T12aj17e3mJ+?d4W0n+|+gVjp<yhZHnfyWzKD;u~KwNsLlz&3Ct?BT#a
z)pi`lo?wCH+-rmPBUppZzA7uk)Q{Yq*^Wu=R;}@R18wmGw=9BtB@ARoOdA}~rkFPB
zF^?n4-}ez4^R7S|^ZOgTlqZi>_0+#1$&2|gpSvbc)`0pynE7JPc?+*0b*sLWO{e8n
zV))#AKlqG?v6O1RN>ILff`2u2a1Hv_*nGDwFixp>Ag{P}O)6ex(k!`LtR-arhm8DO
zY?hj>ci)9Kg*+!OcUd|8{D~U0-9yzjk4&-Qi<2QEQhEx-vAnJi*17S@%zrz#xeE<)
z{v-E8Rw`T6q#w&0`HT2qYkG1QKj+1>UHoL?vURCG6W1rF<tI1yUuW$8?bE)e!TSor
z3P5;Whp^_fEH-}t2#eWIcYAk)`+j%0yS3u*0)0Fu$90qq-yJL)%lRb+kQ2(P(~`dr
zp#cA!{n6|^6BLIdn3ARFEOIzz?3W#m?y0IqvnNUu_~+dSLvC`Yq3R}G?Z7K(_j)BW
z-H-A{K?HJl;y*xaqPG?C1;(yM@^)?A7cKV@^~jb+`HjZ=Z=S{8F7jfa<~VlZ4G&=m
z9AmbO0k_E9H>hy3w=mq@K%Hb_RUkEyDgDZEQ@u@~{je@?B2)T=W3=0+IAk-)A(^9o
z{Bg9@wP7Uh_gMbP#l6ZWNZl5and4+iy*bYIy{ewa@WNHz!f>f2FI=cDtji1M>{Yu8
z>Ata?FTm#5OL6h5?W(x=eNu<RHy|e7Y%3fVCYF~{7*A=K&Cx$B%`r9H=IkGQHPH~9
zJydiKu!se_vYVoNQh7M|rokw<n=znSTfY8QAZ}bU-Y;>JGNbX6c2ngLD2&~bp8z6f
zXRuX6MfjM{>aXg9b+;`Ad6=b#9>pM!A39fiFnvv4)x@jpVET{jT4KG}VW33(qxY~y
ztmLZ<`nE6k{iJGA92kIIBv;?kp>%%#|B3}1xWVh^0<Gbx$U$<Y{aK}n5)b~(X&~KK
zA8&7&pN8uHd5EeXP+2(1<M<b=el@RtKxM(MnY(Zx;GuGqOOv1t$d^!0u0R(*j<LRU
z<wk3?i{q?S{qEh=Fwr?P*yikKPILAPhxpAndOj}dEhZ@xhBSYcIBy)vkI?dx6be&K
zb500PG_6QsN>p;h&_rhndX7*Nu@&Z^KdW6m+Eb%hL59@49)_Z)WWono__mf3guZ1|
zpq~KR_c({i)Rex9hWXyXF}to>4dJGLuVaM%j--o#6N!}E;?;GZ8OTZ+2YtSkti))6
zV4vokQl&}tnl#ht=M6x6L@ww~s56<9BXWJMszb*oaC53+31SU{Tglu{V^M7zOyQ9t
zhDUxX@VIxp5#$Yz#0^+pCPztzyYKbUpOkpXB;R;RraK)I3$9kZT-Ske^57+l+<^Nh
z9(QPuNcTB7vg_gj3M)!`fIi&Oj|Hh!$LcLeG0OAQi!ZX1?tY!-)Lubw0zz|Cq}EfK
zAjg;+{GLjiE5zr%-l;^$+`4TM2pGVDZ|?Nvv)|N-<Tytz6V9le3iphYHuJ&(tZ;5j
z$@(hut%%O4!S+Ik5TRr%lIcOXaGn5G{h}{W$~nA51gpL{HbIax_d}dWv;X?Zp<-HD
z7ckU`RQ5brExXwcBx){=zQ7pUIwg_H^;^Uk-r2$W?;9V|G(vPdA{Gv#o2sekmkt)o
zQ!%NCefSI`7$avl1gkq(CC_29rtFBYK7|SJ__iRexi3=Xn$KYWPdAHE2iQq4qXAE!
zGPi{)Ord)a1xp9p9sh#=oBI|T?@*Wm8$X!@9rUyv<P~st)5a4e8?Jaa7u+4TGolSo
z<nP+87af~Sg?+G-p!|SYsW2f9@0^80u;WeXyS;%zqGJPe#k>~&Ec;c2aa?Kv<Jg#z
zf5Maxi5U{}?gW|ghZyj$x~BXn`YYH}Fb*}0b8KXe(+~t9Rc>Pv4R9ogS9aWyR<3~y
z{p{;+Sv`4`b+c#WRkH6&xq$kSWD@wpxR3v8g|??s+xZ7g`CX}UyW^7Gah2Eq4WtO`
zLiJO(_6Tyfz7*tcof3Syb<YRvGYBi7MjBHiB3!dlRla6vfZ*DzV4b<wFIH?5hP6b&
zD)W!kInN-t-t_IqkdFcc_f$<$ohMk)2u)F!>juF+KvNX`3oGiWDN38fiaKbDUS>1n
z4)dkivcKqkOPezVdgDnCXEP0#z|A5?Bsq@2F=LkSwQ&f2VXOdig`4s}!bj-fR+j5+
z{!U)7K31i7p9DcVY&-37H*+_2H+GxhKAXF~R|K~~d*`IS0d%W2STd}<fl5uiZPB!2
zx)a}z3ZVFu3tO>V>2WZ9_S*{jY}Z!)8Fe<h4)xKy8xVUw$6n~g4wl~Fg>$y*<Ub8R
z2m?{VIfLz+E_id{Bv$*NSRR1fz&Y7$?>;#!JH+OANX$zz2fG#`LQ*h9Q`w@*d@@rU
zgag%a%~t9OwB>mWc1I<>=h86_V#`Zi3Ep5RyD5d~1eJDEFBjZPewOXpv&deCHpd94
zzK)K!Fi0sO0t29UfKs<+r#(E+gp&FFfB@ti&i<YZyycAOND7m0l=A6Ii8-OFaORKh
zHH<?)8rV~i3R|m#i8JD?f^y9iq#UVlbGl}_u`?4i3wu=bW{Y5d>S@m?zwtg981J*q
z=C}+ZS7FePiK;-nVP=gGmTD#r%!KSz3(lvbf3)cMU0Spg1n}N*xWZ3L<4(X_o`M$+
z90#PsJp*B}NCi7VRf8v_*_ju2!bCDMn8mH4V;xD{|GLU>3wxx_6!{fDsm;GDJdAc>
zHfJL+ueViuJ?N?NYU1`OY1jOtddb~X@MkD`(4^Lk+2Xy<Q_>ggPfUpbbM!$`pul7%
zi$Pwt1ys-xx!*#34#DnNjNZN!Q_)B}W6LYSuJ(&bK;ylHyH|9ai@7S*b6Gg&W+eXe
z2uxY*x+54|bUv+cWEfKGv~;{ntYCZfHg#}NC^bZ(Q_~@!^A2P!u`-GC`fM<pciIM3
z0G%qN6>}J!d}tJmG#XzM8s#4GM<c1JPt!C@)2MZuxAp7u^sP6ldFwY0`)mDm-`1t2
z)bP>6O2e6R^$j<udBd;zZ8%D97#3$RHT?)Ro#k!1-Fy0`Lu%f19luTg)&%ow%?v=E
z8AaONTb4vzmtoRRD+2|^+2i;(_sC3-NGCN_cIEu`ZUl7pjHid(+1z()(OJls49hyL
za6H@;(e^xDvLCW=i<i3R9iiv!T;R_vg05r)Pg4Re-^KXCi4DGo*AE=aBElgjV(Co~
zed%==0A>ILEMC&r48rPQ>JwCwuIzzAs-7(gx)KMEPD_ujM7DAMpjBoY^UmG&B(q_3
zM0HC$?t5y^I-Wb|Z<3yAO#U#@H!?Ak1FXJ);SAthOHan!E@ymXBkS&a-tMk?zpDLH
zWjAA&*X;!l<5=_0!W#$!)jq^dpk;ykaKKrM04b&%a+{O9ZSKjsrfbt&U7K=av11^0
zSYha$0qQnm<TekVv2c$0_)j2Y)@5QPn9K`%JmzhD_B;9k*RR>U#GZ=jEubk?n#7u7
z_5N@`srS4?Ki}astapx5Zwso|;jQ<ZiM1q_s@`Z;&1zV5(mHNK3N{txYIgXd2ziJ9
zzN|(&TzVUJc#q0Il^&MGUf1=|RMVB7E=}F<Z&Sb4SlQGNlc;QJxX5qkHdshB;^h1J
z!Zq5@7_;l-Tlo+a^0*k&3ajce|5|>9o@z&KtJ>8gfE0zXv3slv>gt9l;eh(@45o<t
z@(s{c8)H>$Xck73%lj3Ytoux%Ni&%yO%$3i*5_x-PuS;g%l~u_?QGqx>SY|Di&9>}
z0lEYPuoQew7j~jYzKUC<uebA8y68J^x=ZJO+Uu|L^LbZLlHdj*x?;gv{BxhuVji`~
z-?%Xqbii<x@ug;07o)#EPo9N+9__8+r^5evTSNCR?(x_CiEPxs#5Sx81P53f`F0R^
zx?xDtv@5j0pwQif=W$>nYnaFbwRD4CzE|n;owwvJ=QO|`Ig?AxZhyU3RhzuiEC(jg
zMwNpj=pK}IuO>JnFylmeIBj+hENBc=ck+erz;Fnjq3o3~cz;c<CLQn3Ts;e!1aj(9
z>ZCS&lE9Xij(G&wgk-|IdYH;H(^fdsOTDy4H2LR!*Wo}8*x?I!qLFU0N$$&=f%83S
zk3zh6#wu*Fg`O=I=2SJ&_5ScT(Ul>BfA;8XBeTaPKh}snZgwDh{PPc`r(Z{3*Y(tN
z*Pf<J!*=`Qi?4^&jxYXs(GOqTaIq@B$ORpLOtJruDC(HJBRf1_KQb?q%i9=M1+OUB
z<!=t+LaN|r-9!BIv-}2-N_`Y&RWX)wl9mF4g2%2>B=2l3R`$pa-5v>>&G$$<n(@bX
ztM<qad5@%#)zVu5?vDAF{`cMSNy92O!RHP6S`?kR5I-Du|Br$*8mZ?@50=Ds_X)Fd
zA!A$DI?7Vmp<W7q@TIWdXDMtyPfOvLpjry6&g++gB&e3c4nIpF`FmUn{dOr!;rLhj
zrO;Sj3Se`$J4X0h3NP>Qw-h#U+8pzx%@z*W?+eHbMg|eRL+R16H!J8!>59*S)@7|+
zFuPl^j$PpL?FApsdcmya)^HUamPi0Cj3>HV6?V&-I_YgHXw<c;nlj(5sdQRva;_R>
zT|$Uvx^&;`5rTXp-bCGKxznnIqfvw#&kMxm5x!EfKAz_W{HNz>rPha+X)x`cMOmy$
zNLwjBX^dask|j*ds*SEAx2oB?b!b|mk;z!&Ohw-~iAsrE6e@LoRXL&W(<;ocMA+Dg
z5h}8NR40(WLL2v%WqnvXa-1T{`)7|?G|ht67&dDqG|g(2O!=6~4Y+v((eBsZXm7(o
ze0)HH+_Tu%{4JH{Fn>mQ{%nP?BD^!_bNm7WxrZ8=`J2o@s+iQ?`4OCkd}b-2Jftyx
zNcVTW$)3h*Co<|BpGX)uPGqOMO(gF+p=-r6qrchw+=x>b)l`|fh~d}#NGkW~&Rv;E
zJFD19ZHPj1wp%rV%PbvJ&U=kB<q-O!|8^Bqo~2{Tas|kg>sI{lOaP=nTfcdIAT8us
zzLeTTdgQCmrpPqOs&`AboDKTr?4yw-Ct-YVmm{d=-6&T`+}2xN3w?F|8EEX)URc{d
zhb>+yTa$PRhV$x%44*(ARFO*rvmh3fnDSS_Q!QBZy+CP|3r5lPn@<^p^)hCw(#wO9
z*Q;9yrkXAUKCSaMX%~Y2bbfgjUkHuqi-TMIoz6s`h1$c}<5t$eh`X%=biPlI@KWw-
zu>aFJ|HJE;l4DFG%oZU9tFuL%fRFNeq!G-e$t3X)Sf<KT=-!OuMIo^)xl@?n!Z4@2
z9xdpT1Da3vQeuibAqYFJfgK^(ae|%Jz)ljZj9?cvunK}LBG?TL>?*<DCRkm~Q&E8d
z2%AJOlLpp+V1o(PTmx%Duty2@cOXbCsg;GIC(+TLjUo`CEeU!mQ2piK1QQ5$Mgx-w
zcA_D|E@)t93ATw~SAAN%K+r`5y`lN?D#6|+m`4M<Nw7%-GaA(}!RY&pR%?l(p>YXc
zW74jxq2%kdZ|zdy>_!}yE@6in=SRR9rNh~##&H798XZo=X%)^3fYaC~o=!Hrn&vF!
zadl>?Cm?>I3%r}|R#nylaK^fQasH*oxw@0#4AbF^Qse9boI!5f3?U7W$Tu|$=^8Dh
z3-u8e=rgT%2)dh~^)*vhho)`?!5V8|jR^K1g0;}Vnh|U!!S2_<S`%zI!6G%V2MCr*
zu#Os-g<u^B7Ndc6BAAI_-88U=33jO-!n$i<j}UAh!K@ls0>Rc0Ow_=V3HB+$(lszU
z!SV=};Y01m2|ALX!!%z$&3>)Kc}_HyrdF~8X3o|tw4&-tXMSh1{EIGmPN{;h1rV0%
z5HhaG2#Wy0cFh+dO+jz~LQnS7rxWe@6KkUM0$?=PJ+anWLFf$#CLO}hmGZ`D2M7yw
z2-7dA7PJ9y#$Lh&oe+$KdP=jP2h)-bC)o2E*t5Ea`KFvz)&1pmR`-arx-rhFP+h{9
z1xT;xUbxLy;|v9yNjjXDDpZZd0nQ6Lob76yrhv0nhm)YNl1tkdLMI(7>2gj+*aZj?
z=X6<<+=P%W{R9Y?bv4{PEhEeYgflvXOA5k7Kscd8a4QJ?0O61hVe~oGNFM~8!Mc7v
zqsFNNIDK_Em(@)8_*RB<{IqTgPoGmw&o6+qUsuslHO@zXvrUInd|uU94&W?4uUpV+
zoB@FI*?C;AZv{ah)kBF)GoU?hkI)6B%{lMwgsahQ)j-%sFp}b{s$O2&0zF_Q?pPPR
zdFlEco&RMNn3}WCBDe$bC(pjLyVnhm3m*7%PjxNyqNYoW{yMAVXmULZH4RYJ<bJ?4
z#ell4Ty+bmI>;TvE2sH^vS5s|=EaynY8bQ$>Bd}`su}`RJg%G24rDo_N8(PvKTXsf
zx|eqdt603(qR6qX68Pt5fxkHC!UyQUZh<u^-~V}xzDGJ1!avL4A9(NFEq4z|xC9ZI
zM(G~wdPm?-58~4Rm=9k?J-1C6{(XB@lm+jl^itvtkNZiC={@HTclVJy;%@4$?@n;n
zamTp>++CFl4(wqSSlkb|8!0rt-yQ01!h?dhY(0yyGmn28E%yNJ;$Q5csJibsyvw%`
zH0&EsQy8?S4aR)fom0axt`lC{vpZ*+?amj%v{9Y5@)9|!)8uX<zhB~w=S)}PIU7b`
z%y7JveJrh@r0V$Kbr8+R)RJ<D!W+2RqBH?9MDB$mW(VkR@d@qx=x}?%Ct#+E{8BK!
zgRQmWTlD|e_$F<-%lHhN#JrM99xc7>P<x!d#fS8RRmU6p#(QewdsgBt28gGIls<On
z#AqJ&oF6gYfR;-%&>AS8&jR$r^Z4gOw2i)@vJ9!|A&VRWogcA;C-j+z_47dJb@BWP
zsjmuLU?N3sfiK`y6I4EdshT17Vymz^mJBSA=s741LbXT98HHhcRTcJpN}Bzw_x`&&
z?%4{OsR-Jp)i>z5dq2D&dTWI)l>`vId0S23v*loW0XmcBoB;$(MFLJo0;U21a}AUV
zd=?UGYB~fwoj5=QoK0mJ((VIDz*HpQTu#7TnSdu50bh+H0?ziO(**9UndJ)@i_V&m
zlwTO}>|Ww+YE}#4^?jz+#Jgih;{96Wmv{%-Xo%<jlZXdxJ@ylXTWx^#-SwS7f#_M(
z-;Qwt4eAL({$^AD*VstNFKgML7J3JDDO3rBe^r1$_z6`8!k?3-3{{eq)^JP@(wN-K
z{f?=Qc1+E2Of#Y(S#vt{L|GL>y{jUF$G&9pRl&Huw0%FViqZ0__+`IpRb=s1ks+^&
z3brc7b)!`=T08mR4@fr^7`S65(|2hYLy(Fsfr`)bQ7mZ+>taH%ii}m0u*=i6CE=+)
zNWyQH`6c1{RvHriv9CSOp=M7dc&Qhsi5w#8&E2OC7-H0$xlcvCbWXiEHT62h2KtNE
z;neHGeHprtoo)@0dWmZo^_KDhOlndK>RlO9Tk3slL+XwF*)R19T572G!CpVqYw4w4
z7^hyiih2XNWMq-4m$+9&y=YFoFg5kgbs_3me5p4cs5i0!Q7_z=dZQa4^@>(A>ScI$
za7^P`?BHb?wI$$a5eXQz)Gq;(@6!<Qi9PKF8_y2p<J}uuk9+qDRtHm*XqekXcG_=w
zL0u?dOzdbnS!v&)#Q3dY!1KKWw%$_<KD_?PTJzy4sW{?Ce)2owfh{y69{z`)LkyzJ
z`I4cmevA408+3@Z`Gb~Bu)Jg%{h?Yi>a>2!A+|QgZ(2W7L0`UFbiU<&v|47YV#IsG
zOT0jHEr|E};93(ezBdx@#*co97kaOTc<p!lA>JV`@%D4#9TU97JHCsECkdQ*J9nvw
zM-ds6-%TOj%xIrHZ!(Q~^9N0i`2uY9k$8Q7N)%Rq<t1KOqgoKp_C&3TcPkl*_sb7{
ziMPMGhIp=>eu%f$OT3kwcqJ<0eYul}w@D`6zjvyLw}TUJrJ8uXI{Rc`l4+D!kBC>|
z3rMbq#9O|E5pRf>c#aT-PpvfG?aE!lL4L2?RYSXyB&6M|-}|NA{AO(g*TY5<g(w?K
z$Vw)qu720sL8+nALCP~Zs>%+YlEyt=>)CBhJv_SDZx3&TYG${=4w8kS7s~9;_s*{R
zog8^~%YWzEg*>}OzpG|<37_40>e(I9$tOXL@>GeDYZtzNM=@+Iq!AD=-Alah8q{KI
zJT$P@#QQ4|iTC+;eu?)>Qw{O9Z`W;&<cR4=x#Wmk)G1VCo4cLs6f)UnZddCR*#026
z?a65t-H|I4zNDF4m5&wk%@u~+{+{iK&%897TE7-FyOCaNntg9YnoU^bmu8M88k&8)
z%@56na++npduEw3!G>+4%ax;%S_8Hz)Y9DI1yTid@OO)M4S&cbQ&U<RfJAy3h&0Gc
zq=EH(#GC5a#-9GQWgCvikVbvJ^-H6XjWslyvb8;UomU!sZ@+fEzyz|KKHdwOHdfdM
z3kQ1(pJ0XcvG93s;d89;%6TZ9;4OSnYmy8-FJFVrUttkkb#w;L5Cvg4Al%VeO`Bej
z5qbea&;?(Fh6+MkK)6lz(xK2XQ$a6{H?=2uQ>_F`)4*&5iy&Br1~!Ob!329o0~<oH
zGv^TYyax6x!FCYrMGb5W!Ilv$R|Cr?*gS&0qJh0cu;~PQO#_=juuOuzp@HQQESX?$
zX<)MnW+B)+8d#yh*YEKOBe;#H`I5e0Zh`9;uGzYInWIK~ouj?1LmO~Ip1$W9j;q%V
zUj&<ikO&Bm>Ja)~R5jF!H`MK-FIo>Z+SO%*X3?QtQJUMua9k&K&7D;cegcFeI)v*N
zWrVqaa9Y>I1qERuARN~rd~{Pr=m!XI-t<LyTS4dq2s3Zunjd`@=MVC%dFSr~0q53E
zu!S1f0)j;o><0~O5y6@gY^4Uaj9`^#5VlSOD<;?>f^F5nKoV0Ag!INaS1-w<8TK<9
z%_*OEI5?I|!HNg01OBm2U6!$$0M`D?ez6WHSZ9|qtS$br_Fs{)$^mQh6~9<p6s*qx
zYwZ<&)1PN^nIA<tX*RqQEx690GVRU7GLr+p2H@{rAZD|9o&(<m;8G6cEZvm96&xUL
z-_jx|-Q!ydhE~_FzNK$M>9@Y6z<cm+xTX}{I<Lqbgd_$VEY!O*bCuLG7`(cem;b@a
z@iMo24F4uqn#*A;z2Be%B$t;jfNx-txMNjGb)+F2{Hpge;LlPbFCPP+y(3WP9Oqn%
z1>f-tFn-@sxcBY)R$H2#>-x~AWR$DGr(}?Oiuz}Y`vu-B;NsGEk<_c*b9hdNbMDsi
zXaMfy@So=>IUj=8l51wc9Brltw>w1r^N{r8266&Soddobkk+*J{YnGo>&Lt}!@!K*
z{Yxg3AnT{h2F1d4NQLsvSFCu2fs(7S;;*UL_6;kB(PHsXh+{n>IR%jQUI<ntvaed!
zYn19=){Dctz97fM`N}b+-B6BsZGqn;&Y#rN$T2^x2U(AG#yKon$*XQq@~U&Y`!O^r
zOh%D!{Cci+Q(1=eG%HY2t8<IReuJC<lZk%y+j6B_Zz2>;1!ZQgdHb3z)|pWXbbiff
zxQh3_zo)Y1wA+<ZYuXjWBJFyA>X&xU1#4(GX&uoH+A8~qE;pxx)oRsC{AOM_>A#Jb
z7QgxdP7>z`diXN`PNfH^K5LqtjpTb$L^EKpy9Jqe(l9`xvA%&K?+eu^qQ{eKJ>K`b
z;&=!D*Y9}$RaZ0K*Gk)CR!<SSo#vbvtYmps7R*X+7A@fm2F#+}OSz>%UN8@qdKb(N
zzF=0$3kIyBf41g^2Hz#om^->kd;y^*B;Q%shEtTaCxzdJ<uXxTF4bF<zew_H5UqxK
zPj*4-g?-|edR^*hsFz#<t7W2Qr_EOgH;)r;fr@YeC0-XH67IsUUc#w8gbLvnw5q~G
zXyXnporlm)4z3Qc?tbtR?$pg%5N>R*+7hny!({*Xk6*&wFly}|zv>A$T_Id9C)_L*
z;Wih0U4uxtmBn7dsXc=V;a+Iz*E0zDK+;VG)3^^v=N_CvKA`zPy=h+ReS4!8yS8Iu
zt#|FwXe8f)kNuKwO`wK+TYurZ79Mob8{-dOXu*x~{{)k!>)g$a@qh4wmv@sfeqcNq
z<JXcg{?M<Ct6lT*s-LgdV$F23)^^RD?u>)}?jyg0E(_2Mdf!_8ni;CB8MWh3UNi5n
z^*Ro5&E&83t{Ju8P+2owTKM%FnhHd|*>o<$zO>m~z@?6Q3HNekEeLnJXKe}h(?dwO
zN%Q;?uF#+%+<({T374P{PVF<42{&|&*Jp@?>$}EFIJL`AA>55Hzb->l!A!o-bl$?(
zXrIjm!cFz=v&3t)Al!x?wIy6`CnQ|_hkgk+NYD^&<Z3<PS}KH7y9;H)J+RvAE=0mL
zUhO5E+FPg)uC#d--a_P3FL7V1&RaO0e67C$^`7=pFYv0urA`~~#-(0Qs5O_0?@0ci
z_x+MD)YDpUJ!^z~0we<=k5UAo&=SU6_IUTm;48IYseg8_b!Xq|fSpbA-`UZ3TC3;!
zrIl3(LfR+1MDFa9C;Z`+US}Upc-xhhs-N(J3EvS~g|9D>Uq;jU`jYD)`5uM2F87kJ
z`Q=*dl#d^+?M~_UAX3ltZ@<)g@V16}-B;*$itkfSi@76?2zR~6>*zzmNktaTYfiGC
zPa)igO{?(p<pv4<{e07ckZ_wpzZ>S=Bu6gRf^g5p*OqXhQAoJG@A@U&g_|0}1r+HC
z=lj6QV(x?^!j&xdI{A=rKQ6au-dK@+d<x;7ZQ|F*$63rG?g}dLrQY}C3UUMWlDyPg
zaG@5v_JO!s@7leQNWKr>@k_p?H#Fp1zf2Z{m`u}be4s*0v9Pa5Z##_3K(*~-1Kbl%
zG%8O(7!)_#!iWU|g(!?z=5?`wcVf^oi{||Y*}<leHn6c@2OFxv_yRgR=eXNwfiHav
z$ZhmH&^L<cD<z!=1=4SXMX)3bb%PDm+oH`}s7v7mUv4I$?v>6Y)O9ilK8Aqgi0QDh
z&`l;^KLitiM;i09*G-1YD&uFBe2s;J*jI}Fe~(`;8Q1>@@*O$Lcg#=Fjtl};#tDg0
zz%(<-5kuLupg(Flyl>%=b}!|=DD=-Sm3t(6qLg`<X7=Zadd#mUDup~zEuasxyzF#S
zMWsi4bpu$3wBDa?`!e*oPupVQ!`{Let?~Iz1wIkR?f;*E>FS8frMqcxUXAuTM>|-7
zmg?fYXdMQlrq?<Q`W%COPOudk*v|xeonUJ<u$2TGOR!Q6>=%OdBUqURwvJ#A6KsnH
zR!*>H1lys3Z6(-^JqX*Qf$b#N5rX->JGhQuM>Vj61pA6$Cp55Q1bdTU`YVhKHi2Lj
z8rW%q4J6og4eScRx)IE%x#=R%EtnPrtEYhl>2ATaJSUsKKmU(KaE0g{cnZR+fDoiZ
z`1_iSkO>HX=x!1nR1h8mgsnP+ok|m}0b!l4iOmYa?T;D4Y8}G7N*Uo0AUJdviRLN@
zYXIR@9fDJFWPS_?({-NCJO$w;K*-i147@HQWB@|abzg)&3c@3R&|Qa+bwjn~ntV)K
z?rEKa>UlNVnU4r9O^5c0;$+(N5xfVW^FqC=Abbr7dE|vUz6;mQE<wF+whOqX$_REy
z1KUrqMFcykfgLB<+XTC+fn6lnB!bn^tnUC?--8Ke*1#GP>`{WX(7>7ztTn-+G%$Dv
zKzlzEG=Mp!%DjFy4{pl&%qz!QreIA2tS`^|`jX&qne)YU)yxc>M>F&Gb-%cC)wu0B
z?zHQETOX|W$ZvnhT2H;;7t5w#?E|bw{b7-0H77}NVJ-&Lt{1CDjZsiv1=Ra5D*iF_
z7fo+O?vRC3q6HVe!=Q2u4dcK!0Qi^;1XofDhrGxj?$K(mPzMfq9KLD5N?ZfsAMp0O
zK!taKz=xp#u6S>a8PcT?`tH6dikAt!PX~E<;1uq!@kkk;lfUMCj^e^e;YEjYw2wJ_
z!oS|=Ek`d=0WbeP2m0?GrS=Mr;jnkS-=ODc055+DzUk_ISnVu~<*;W|?ZY>%czH^W
z{CYf-v*&$AosEXVN8GXQF76n2XXPae@P<ey8q$Xi<uNjSfq!;ATdvD1t%fcl&(z`U
zXhD~6oG0(LIri~n{?623XRc9n?3G$g4`fpGj9_Wdq5uIBuilaBv!b-Z8Q{L!^$8PX
zTB5{?xeh%4fDFm7>%2-A2mGevS#_Ai$?PF8GY2!#yOHxEez<K`ASN#eqYN@3_fCII
z!1woT&VJF!rXpKkkle#Sa%YnIMArVQd#HU8ZlB$dw)PGb+-;%a#=oMBn*A~S2>O-e
z)58(?$kgj{{$<F6UiE#PTul6pBq^K-12)5e9oXPCkP93AQ(5yst9LroI?yWlKGaBp
z3j78Ug;!`al9+G&#BB}@@Lq5TAop8lfHy?#?AP2*8Nfr-4t=e@;1IwKl>ve`vhU3x
zZm10Kk+4@a=Y~pO!1Crem(R>+#QQ~_tqN)9-<35FiyZV|t%+B+1rl#lo?qhqeMUpP
z%U`vJK2C)`e(3FEr@u85JiFQnUJ_NaKEloys2`ZdDfF3pv8S#5_cUJH(>`DMndSuV
zG{^C2wyLJN&R5*3Do^v3FV#0O_%z3<r}>LOZdUc3&0GAbcdIX;G8CtI>wg#t*Lg{J
z`mb7$@I}l2NWvCjNWz1!`X%Aj(;5=i{nC5K>FMdp9jEl6zIU8L8for01;5GtseEXr
zzbb2fL*m`Y+TM`p-5keM*Z-LA*N&;n!m92#we+ryumEm24)ESHIsFAU9LsCt&o9*X
zO!(Relh+35yl)t|<ygA}_$?hrQ*Jr-T_A5^s^*XhA2TW*=A+npw6f;6bo#fiEeQjg
zAqh9k^h?5{l7@umKlgJ>=a#{H<${~t1r_xcf6lG2GWGuRx%$clryhPOQ_m)FGpt|g
zt!ct-vA)zRZi3Wn1k`(n>XY6+QVZ(c)2_DE+t?JT_xcRK)cfp|hI&gs^FzHuUh3`V
z)B}B4rrw0lywM*>y=OjC-?`vM?EPx$HSh#f75>4fca|r0)`fqZZ;aG?9;o*$r(XKu
zT2OEI1OFd$?;RJ#@&AwCAt*NP?AWn_9V`)JjEABg5hKRldy73{Zz#4Ci5g8bYV3)|
z7<(*46KtTd#NKOcdpYciSo!U1UbC}1TMo{=e~<6yj~H&BubX}CbLVDW^LoAJHJ-9J
zBOhVUK0%kgp7%KRqF3m!w?}4AnF=AX7ra7Fg&^#eT%p`_LD}1-WbgPpFTGp{%3evz
zo+crpG_n^9>^-LskoT$w?0s9>Q}!bA683V8*JZEVU5>qvmg}&$RAx_^4<WJlbeVF?
zw8-AAWy(zrl)Xht_U63x(o2Y-`|DcJ%DtMbh*qSCaPE(Ry{iiQ=Q5i;W@I>fv?`S;
z0yXoZR~|y+fw8(YUcb%J_~-}2U3T85B_D8NZglx>-9~-Do9Km=+t9`yQy6`~3o*=^
zWd#lF)5pGi$pf3YbAZQYpVdm9_|zEPCr<f?d*XLXJ>M$6d#P%x_`0PTZ540x+Dk7X
zMC>#47pKVuX@$SI+l$0LBgo|aaM1(u0!n&J-Wfka-h$D(<ZZgek(ancZ^2>ac2q|y
zc2om-<Cmy*R1a9<ZbvncSNN5eer7}@{lRH6Bbwt6ZVr$aV`k)ayWjzNw~KpB-gmhP
zd2L7OlK0h3j=b2#dS<+t+fW^;*ia4R)nBaIP+fJgyA9Pq-qn|0`q>dpXriPhJK{4;
zlsp6E^^(aebKV2;ek$fMdF^u%@`{YqC9l>Ej=aX->yW3~PaUb)PYvXGeXrV2{bZ55
z{nS9-@>DOq3<=A$1~hX}lN`|qGY8)Qd3WTW?Y*-ekk`Mc$K(~uNyxhvtxI0oHIBUO
zi#*?1d}yI+XYuxh8SO0Y@xn_#+n^pzXwqaG*f61KHIR2-ChzAnY@Q6ymeEG7%0)7@
zQA;yVUd~P!Trymj!5vpin4G(^a=SeD{Xla{sG449JaA`BE9~(*4n+-LeWj~m{;S+O
zF87_zF3$`$K;QaSwE_C%w;64Kp7_j5KQUr2%_zC41`;u&WbH!n9sebhcj%M{KM=dW
z$K<`qM#$SUOqaY1mpSr;1)gt!Ub8^80eb#|j5a`rJ@wK{ju6)>G=`n12A*LIyB3hw
zQy!XUp7emcoP|6l?~km6yh%fK$y<DhBkz~_I^<=rzqs#w)&Al(^E29C?ES<`Fa5zX
ztqdh^g&HW2<aGk_n#kle{o4cbP89H%yvaU<yaq#b$?JTPBX96Gp6o9U{zkRGxa2o(
z_ZOdh<fWH6VVTyICgQ}XfgYHMGZZ*`B>!3qo$$b=w>bX?y7ZcO6Xtve>oQm70>@m<
zd70j2{A#Xpm$7TE@h;=#55079J64jk8g*{R+AQ*KQ!%im98)dw+)Z9X@_pFkRXht}
z>iR%kre2-nn94Di>@|ki2A^$mc)QMC<89k@_8KqSuCv$JvEBV%<6HNoK%@V-Ad~a-
zeRaJ05)*hiRuuS4BQV`537iLkQJSK?6PdtoATY#9BHoX;k!W#gE>ofeW>K6)tO|!!
zKx`Lcp&V8dv89OB<FGo2#UR#z!#+i<7h=sgECMk*V(mDr6=IbU>&#*85wjwut%oXN
z&$r^<W)AC**hR!fb67NDdk~wzVPg<mf!Gudn~2y{#Ns*3fmlDp7ID}D#3B*<fy2H>
zEEus>9JUOx{D`gPu+@mAZ6VkO4qJ!VRm8S%*sq%GnOaW8rsVFUaZ_@Drr!lB#XhED
zc{O6LRH=Iw91V3-Q#GkJOyI>RNVU-lC~tIX6yE5B=0@j~V(Y0`qDE{HOWc_bw{vI`
zcjhvI-XJhpBQWn@#f`$~jmB&0!Nw}Zicqn^8nH$!i6?cWc)O1@Nj&wKz&Q}8su8H~
zQru|ENW4)+O&#qJrPwSgR!k%2WVh=Bx4W#l-7O~22n0@R1Rl5~fwCZQU2}`OOdtyg
zoYx4<XGul>j1UE;YLbd(GJ$;{Fb0e5zuidscMdaG*4s?_{!PU4bC?yegNT*jup)@9
zLoA5H$|5!!vFaRF6|td+eZpa(h_ynjF^4rkEEKUQ4vR#r7-AhbtPNr&#CmZU_=t3N
zhsUHy?8Qcl><vrN-9tW{Np%LPUiwnQ9<cl`km~V3SE?72$^%lZ^`&||l%!n4MX8n#
zb){M}sY4*uSYN6o%dT4vQsIwur5ZD-F(6f2Un-pCNwoy2TADm5B2}A7RRO7>$1JCa
zB*O&#`-<eQM12u#!ebH?2}e08SOY+EE`uWB=%EwAf&d<oL6TW?ih{3Nh~NepBnds+
zDR>pYIpP)PYWQav{PR8hvjF}f0NHpy4gQId8i53)uV@R4TkvT=9q9Eb&~h#K+65E)
z+GwFJg?qN(Gk?m^>rLTn@5OImxd%mNlbK3XkiSV%f1Cnd&ja5)XkuIVX-d;y6n+}T
zz6Rk(VJp3US-eilCbJABlGQYy!oSO3gP5-{j$U6aUU#*p8A_?+G1cg6xY*g%(beA7
z*45h8($&J%+||t0RC;I7z{j+K9w6&4y)ZxmC}NLdIZQv$hHHT^Irf~-V`?@H^Oy=m
z1#8Y5pPYih8qC*eYn6QTLcbFa(nYg6*dCimj(#G`9LG|!4obp>l9@X@TePal;o0Q)
zmGH87e70!Yx3>{n-I|aO*N?*czg*&ID{5zoE{<n%#YL9Y)IXj|d@<tEWUyS%7d^d=
zWKZuJ>gmOLzOAP!J-s8^3E@)}^?Ws+-uHOs-=kXw&fc_a2F~6$*>I6)`4i5c4oMYq
z4Hj>l@a4!sT?cm`)Y~3!7vETvzkPBV%HIchJjxSmFvlM9hl90a$TN%=`HGiM8}d&Q
zS2<$yJ{K%_AxQkYF8w=L1Vhb{@x9=T@quM+;zzqETWiC+x~2rk{sJ046(>az7!9kN
zpJs(o_Q~qTm%f6cYf6}~@b<9y2kF3bgvhf*GuboONOlRYp)Olw`Oy^Ro;i`_>r)`l
zzmdL2n36o}rh!xVpR5K>;k#K?B(EI^_Z6v?iB^()Dk~)!m>unw*?J0QSNgeU_KUX)
zX75DH%(mv4eL~lb`&LQJ7MiVPmTXRIB>RikP=78m`|V`q<}{Jnsgq@9HSS`{Z14>O
zkMRW`1CQ}#9~HCB2DoK5$w$HLP`Avk_LG^-mI1SAuNBPB8ZI;Yz`-$_mG;@bD<x+4
z&eAe_l`(sfGK*eRWVUXMa`&3ZY{eLvS&fsHGJF1-fuHu6w}GGbZ*LW|&-%M%_IGau
zv;EvMn_a=|pxo}6UG_@BZ17hyvx|9VX}Cbhy+UHPr$fu^9>(l0%50*7*;^Bp+uKBD
zPfnDX)p&3zv*WKCIC1yU%~u*H?!hc7X20*}mf6i&6wG#W%j}TcGP7rLxo0*!O~LH>
zp)#{UJhN8XXSXern9V*DnQa!=Czzc2u5j^+jWZwbcIxAeE*k~Tttk_fPTpwIq8d6u
zd2GDK%}W_Ba>c;YyV1*}@9Ev*rDC{tU$+eZ;H6*~gVxao3?I)WGaRB~c)W_?e^MF4
z=|c1nnc)jFIfhTtzT4sliQ%==AEd{i@nVXuLXItjw-7fIA9c)4yJHvmGcN2gq&VlW
zJKmGS(9=)aCm#eWi1+M0T!GcTxE0Z1TrHhO>=cI`7e6K2(1o3B0v3~O0Vbzc8d+Q}
z$FKa!edTv-E*7za9G0lxoIkErqgEL2HmkY9V7Hl0b7fwW=FIq&AGxor#OCfUC)j!p
z`$@mKs<>ZfD}H4W_mu_M+;@omz+vC(H&^E^X|5-JC64>b3~a6mVsklcwtjPw@6?Wf
zVyV)}K)ZUwPA`q~C_fWe2m(GDf%-2cfsr5(ta10$W&*82AV?$7mL2$169nuUhe&fK
zkPifG8i66NB!Q>BM1gJ^e@9;?a0&$4X#{4xmIO9~z-Z0JsYy&=4hRg@2&{c02@D2-
zMVg&e%b7qk5SR-e9m&GuBCd40?z0NFr#wh^6{kB=l7<A4O}174!4qk$!uBCJ8p3en
zgfvn7J<7{J+;a$Df9ZTIuS2cEtSNZ>4NL{NX%V-$^dR?07yh~>-6M+LgGj=H*x5_I
z2TWv6sD43u7;C*UZ5^g?=V-ZgZ`%4m*80=Iawd=SbNDB#+&UN_&cbl9s<QPHld*L$
zz0j?Mt^YI_TlZtFFQBaxNib`i>*VDz7>>^0;h&QxMe9Rp>!7xCkBPNzr>#rp0a=BQ
zXzN50DmA;BDSQyFp007M(W10bSmC(7q%Ecn!WO%*7Viwg7KvCx+89}VRy_Cs*S}$W
zRlU-eUZpc3A1YKYjBQ!^W{{j_Cfq%McyZbYt~qNNt~tw%EH8g~9sTl68`FSXpG&VF
zw!vZ=_rH+cFv|TwZCXab5jWy|9~n0?RH)p+g0pj~-LW4h=>7wtSlLB;>_Oj-VO<XN
z(e9^d8Ra-0;W!U2S2!)_rEsq@Z2IvXQ4UDF)Lz{rZAzTIoVmotL1=qr@_*PVR9dJV
z=jIzl24yh`aEPEI**5h-bT*-Xl`JNgk8m2QE5}Ec%|;?~=f!UdUB?9}zInh>(nj_}
z!EPukr|(Bp-?E@e1wDPOqzz~10jREztZpe`<}Bkc3>2SFxKIhS6{4!3h89`Fy<>x9
zVNpTU&$6Sd@6;<Jh9oudHAlwP4vU#+HAQESh|3x?y09s_RYY84U(w81zM;NpcLA`r
z956hEq=uXp9xNz9_H&7F%PC=|-9?FkBm!q;V8&AMds!slcM%YuM7))0>J`g^MAW2@
z^nPPsdqo$EeQl1;Gwt+<!lG3a_gh=>VY7uK9<V!Vi~m}zSuJ_sV;|zL@j(9@zi9QZ
zBCEM+vZ%kmq-K5@NM54U|IK{Q^uMzGf2Ds(9sLK*XKMO#`nQsSY@GgeJ=DL_|4jd`
z>$Up-`VCXFdyKOGERcaFi<SD1`^Gc<$8Gyx>A(DEo&G<MskwI&*Z*Z;#`j$RpXZtW
zN4NgZ`u{qe{x7Rp81yf~`o9b$FXH<DT+j3`>Rx{`Hp238g1Clp+!jZwgaDWXMo)K&
zvsta9<nj&SH!`>17alAtN&bIV{J+{?8=KND0)|9!a>-`#_lI$I@WC45(<a-KlYO^t
z6xEJ~H5rVWLUessdZanczPo>wP?zt&H-50cyk!sBZ;#7qj~n0%)lh@%al@^4$4UD>
zAzOsw?}&Ymaz%tB+a0aS1~^WZon+aO*vB$h{I6T$Q_IjqQy=&z<a8g)kleo0>yq`K
ze;>;vaXA-J>gBTrmLd7;h#y;(we_(?@9z_Cx$wBrwAAQ{;ET3GqvAcE34a`@VS*Nt
zra=qW;e2f02*)AC{P(PpWzW54=C={0o;Qv6?iE>Q;33n9O3kJ{h#o06b;uWXUWm{5
zukb9^nGQ{jQ#2(m?V`fs8>jaPFZDRgku+kfC=gCG+SkW&A#qybh@uhZ3lWf`AG@E}
z0scfH*cmFCtDtHSv>zb+H0(iogyY~=v&$>wbfn{^IHk1HJ&tcK&iBNHF20ZJ`)gpa
z*(AH;vM_gbN%7NTX`)xW&sHrX9LF5zq}sMVew#@rvO7lk+M&{|(z)IQed|s9?a57u
zXWh{@*zWjS$XoxlsAH4RW{$q%I{Lo&-i5zgh?nA;hl(mV9*Vsn!f{ckWWv=gQJkKs
zII1I_nV4Q1cQ+gD=RHgo<Knme4s*O9k9a;(>|4SwUc@?&YGJ_zcqBm7x{2#4&gAjs
zx~DXu$!9_x^Fxu_roM3Sd@1Q1cW=^kuT#GE<Rr2uBsNL!G<#Sx?2ZgFq2Z=<TKMDu
zzeBlKE_R<&CeQCvQ@l@-Rq||+e7}L1?bHpL^ecqhtF76HBf)2*-G=@R%x7|ttR&*t
zkBsl_PY!t}Is?i73{o5pAK(fA)uhwmt<vf60qk`60RD9N2INo|b<$L%(NQnWvtw1F
zz0J8-5^_X%(;ePNy|+zl)Jr5d^Sxp`6_I$#MIL{=$W#0XqZbj}RPRMR7T4I}j)7%6
z!Tqb0&SDC49E?rNA+ohQu0Gtl^5A-=NK1HHWPFt-=cyJCg&Ma~wOUw-76TPpgq#kG
zeVfDb?S5XJ{7{|<(h!8Eor53;EHvD*V_lqht<ls6;;rlNZvwZri&Gljx?B;7fO~@P
zy9e4^=VTp)-8z-D1-Bi)&zevWIJbnKhnt@7gg1q^9<vK>D}MK;W$JR`br2aUi~VIw
zW7=OtUCth_E4_ih_e_BiImsR3!uMHSMfgrjUPdEPmvHfA(9|~4=la=`F$$Ll?=qC!
z1>K17@_n%n#<zmrGn+^XHBDv7yYmJ0AaNW5bXmw3BcUc&I5-`9;a6=WUvL2JzVNLm
zS6OBEwMpGKigaJ9rT9tNFP>*L(K{-yzRrprb-_dnbQDqhrVqp6Rdr3QE55rsk(Nf#
zQCi<?B6XC6S2}OYSJP3H{Ugk><E%aQsSj{nsUx})wvEaIyR4?p^g@!X;o{G-Q@Ge2
zoK@i$QtOjOw1cDyJNLcS-m);cWwhI0h@V~W7ZRBbZ)t<O{T__<uWZsQwc>yxz83I1
z02OmiHGtO-X_R|tTB`Iug=6o^fU-Y_Gi7sph_c(US9EC-M8=c3>ha_eeR($S>Wi$3
z2gzGKg9kBqf*kk+lNX0cPY`rS=Lw2t?g^GQHh6;Rx=%1WtMvB8CwN?$y!dY#GA{q9
zrZY79XX3>dXsq+%r_vHx%V!ZkWpFm7pR#f`c-OUVHefdo`;*Z?`ex?eX052bO+?#F
zsNXIK+ARM)qxSfL51_V|8Jm0DmNZxNNL{J9!LKqia7F73T#C+-9Y?M1?dqFwG=m<c
z=pfG5WlYit=Z~_F!W1JMd8rPJV?>Hi0A{aE>JTt=_3MK}SB}UyjH$RP$fFmwiv!pK
zjD_G7EQMbt%DrV%7QH^SGYjoQA*n)qFzG@C<hS@nkMUxe=t8F(>Wv*Fqetqn_3>^=
zHg>mP|IoQxkxbmJm+svbkYG-&cjv;T8>Ga%(cZwEQ3py)ARTB^Ytn&6)@S<u;J&%o
zLt=9SHO&pf=DLZ^*(V=7Y*NQ-KAk~+U{FCz{((ItexrJ&5rYl2+-dX9Cy09?{*L?Z
zE5z<iCzuZxU@+s4`Y*(Cb69r7HX@dn!~78Y2C+gMmJhL!(+$EcBGv)1`y6)Ltj@r7
z(xYIy3I9Yw4yO2V7ZC`v>=U1UTB2pnkK}|GI)3f}srfI|9{Yt#nMEKoO(Qc~DH9Dc
zV>L3jUr6e-1c9>}fy*>Rl1-=%0!K9=lE0Zi9uP=;Ny0*r(+C@{xwn>zZ!H+Hbn?a<
z;|u>h&G{P9yohGucuYqub*eFT88KfD^VaYm^;UY|9-_7E48tha5BTL2PF(>To{ZQN
z4troyH{6>woE;i&^HxpN;+K+u@R=wO_fqlZ8<Q6wLc=h=LJ~-n*2HPbO9IX%n)^R|
zDSg=iU%sJvQMcLs`+cTc_i%8U)It*w=&Ffj^-PmmC=UXyGy>CKO9DP1FiQN0=j(X6
zN>fKY>5Ma4;~LH;OlXbyaRn*_OK}gI(2rg;Rbc*o^0m!fF*;!r8dHhuLBS?he^*~u
zZ}#OlD&#AaqC&etD4YdAzN7-(1XF8_NWf}Mc-9J~<AT^t$@MGr`tTs8p;btt7rO+}
z1-jn)JT}E2@)nj8*Fj|5sDNhEQY}+g!C)FU$r>5g*FPfmptVuR1G+?wNKTCTW1Of_
zr?M7TK6>6xMEW67%D-8ihtW|DV?L>78vP(5E>~H5e3)RbBShb9HZ5^P&bSt7@n5Ao
zhNZc3B+wVqB5m5~N&D>%;@wGxgLS?VZC~jY;Pi2=vBxzL=l|yFSj+BC<-tequj^3J
zJm0fr{PV5<fAxIdG|Axk%!lo<iD@JPk}RC<h>4fSI%*$Q`97oUag%(7f&=oHEISh0
zADGMeU&zKY;#?A+*f%n6h>hk$hL;^kk|9Ow2{KiNN@<Xvcf^iAn&d#*Ix2D?V~8ac
z3H5nl4H|N~QAlE=kR!s91Gr~vG`~zUqvbP{y9z~DX(_w5L&8i6HBD0LiBNN)2ipR7
zUbA>wYx>LMuuAl)R9kn;R^t`imaVoOaC2Kk++dqTSS0dghplZ<n8Nf(DA57=YDe;y
ztR1BMCE|A>>tb*ikhBv@*TDTqS37=TMD0@53K&<}-3N<Q)sU&m{#{z;57L}{)uOk>
z%?(qwV}vR5N4iWETh1|6r9Ii)HdA9#xhCjrZaY6gXLH-W2|AnGHcW88xoyQeDdW9v
zxHyu}(`09S%LIymz;um3{Ci2@m1xR3C%#t;Okn~SL16g%bSc@uE}T!mOzQWgStfPM
z<~ZcKO0#jepRke2oiEM8%$2CzfztfpW<`WsZSg1nGmnh82NxHVhM2L9_pg$aSonRX
zN5+qWUsd_3Hd6vw^FXERRN?ykwDd^F3wo@X^%pO(FNnj%{XTg}weV(fqihlJpW7qi
zM@BV^AKVW78&H2vs?j}=)aWJ)tf4~nwsdR&r%JiDWN2ut7#dp9p#e5>p5LxFC}hp1
zHz?#H-i_Q-V@1_RV=p81FXrP}VVSFcamnKWq5Tok&5P8~uYa+WuYb{|JR=Mqn`GcY
z;at%`gr%gf88=x&@*a>$>R+_M+1nqlwG*DSR&a(%%L~fVv}(HlbsMJM;dvtpjy|EO
z&Q>*0AGh~c0rKX{<lURchKOXZj4Jo{zvwY}#SRnlu7&8=zgS$t<g_XJQ6%X{cIZ7(
z!oRKPm<j#pS}Vp088cf+W2VT)ysdge<tuN!p)wsePVbs5@-R^5;rd(;I#Krv9`let
znecEfSeJ*#-*cVF+)AetrI=VJ5=_{M9-HJ&w6`U8qBIljL>pQvI+2NXBEh8SL>;zZ
zCrVR$w5rkE<Hu^CI+7>E@SSMo994l0cb%y0d5_7vaEOq%sG2T$+ZJ);9sELvykjzX
zhbeg{739Tyf#hA3$Q$y7g1nn1B=4}2yyBaYyo+j%R+*8!lWO2c@(yx8?jugpCuH(^
zeT_Yj(|3cc?>egQW`({dTcEzXBz^yEq0l#x>bp*<@1RYn?=H1k6{)_P)j$>0*V0$i
zcaE9qyFFe<-`TRhGl{;q&_R9Eg#fDWB1vD1Qr{I+-<e8%_ijXe7pc|SYBK5jVShs-
z=n?4KN#@r(o}A$TGazqxd^LhBhsSd3?2+gLX@l4#4jYHq$B0ekuo%QjAm-q(X^43t
z_BDsiLhN2N!RB+=9P0mxHqLY17;TW}3jQC&R&m%e>i<D(Er+e9{vX6PaM(J;K1FN`
zhy99JX~cGL*jB`{BKA9n?bP@*4!)Hvsjoj4Ever$u7^ELU=RrWsu8Hpthq=KD5J6F
zDl&meAW&2zARCN1KGroD7cl{69oU?$5oo|RXCDTE8iv`r0m9lky4kvo*w*3cAn=hU
zmG)yM&>I9QX#~>PEy6*-sky~tCQt?hZfOMGuv>V6K#JxT&zQiiP*LE{E4G&uW*On?
zCbVe1{h1pAOc>!Hy`EAi*hD;2&fDb2N)6^8DSW(;!aANyFYb~rMme|2UmNQDk$#X&
z;Tq0Gsw<_O(^Xe2u2D+6`b)tPiFS31LUKALJW3vV`#OcBO7^Z$io+NyJlTkN;X;ay
zlrUQe7bucmkeUCj8lqXBQjmCD^z$KnC3{`H9+&KZMzS5ShS~wRF#oNo(hd;UnroUW
z*5(>J;JrB1e(|$`9dIM7fgJ!F>ge+PS`Tr!ogl9{zn$U1^4$M~$F{)Hy~Gxn9jI#y
ztewl*0=qs_FVE2wK>C!HfV55@`I&49kfnO>&*ZH}x`sghbq0pOB_9Jr;40QTDh14q
zmznE0-2>*XAM=>Gd3y+RUzFEnZqOW#xrq^4<~A_qls1XP+$RyTO+uKf6d^OGYm!|4
z$-pGJ;B8=%Tt@q|S9g)QZ)N66P4l4Y(VC-~V@^}cr^WAtzr5vi`K$6Z$KR)REq}8a
ze={k6a~1r(Z6e!9gg;jknLk|<Y4MK+Ceq(o3{0fcSPChjo5<fDnZH}H9`M)euMgxe
zPXgiZbQxX#9?a(Wd*4{=SR2S3kpsaqfV3TIOq~scvz?7)&SFezXG8xrdd`MRUV6@k
z8zg%pcVsvD*a4tw#}p5!s&nK6sk*m|P_?$SE>-*EII7Mx%A^l+aU-P<a&{xm2dP|7
zhppCIPdm+e>*+_hO4!p?<Y}7B)7O(dsIHagaHd?38k+vxNoa~GrAyP2SsYCp!ifXY
zSF;ZIvOiXZ;%w7T(Qf@5u_heW5V7irMRJ%Ov4V)T;IL+hz3xY_HXQZ^V%HJt$YE^}
z+mBc`4(o*2Pl)yAu<nS>LhMTp>x0-}#D;L#0K~pPESkfHBK8qtV>oPt#-9I^8JT}n
z6-~s=8Y6Qj6ZioH)@cNOXN7#mgTMw&q;4A%=m-L9v;xdb{g?=7?ATwJKw%JAsu9@o
zS`tXBA_}b1Y)ku@30wey#coan+fgNh6T!Z%LQe!!6>4G&pJ)(>)+~HRGl7;M(EqK%
z3Eg51TA^cdiS}tvW>tSoFZY1UkxGL%fFgE4sw++1tQ4u5OKs|=tVSe%E@tZX4@Fbg
zoQv7hWNEOEiaK*j&TiKkr6qpU6`}mN$Mv!D<FBqt%8$!j#grfCxN<8$#t7SOXw;9-
z>Biok$?R>ZJ_-EHgu`U3`e0i`d?Qkyg!F#LQnEWO32TF!VZ(K1i--8zRK-KG*)mZ)
zWa|$G#Y1{gJ4sVKq%W%x0NJ)7slwkCaG!O=UTL3oq@$mIvMr!%-`>$|yLBWj72r?f
zoHR?OtTmGE_k&EkfF!890{cO_;Yb`T{(Yk>{v9fUHnOMP4qvp3AEQLsT0?g$_OyFd
z4<hWD=mhO2X<314Dd{#`p<6Q9Y(JY?K+<mTHN?h=bfCK_32h-zZW&QdGMs$UyW+=n
zC<TV484R#pw6$G$JrTcMYu_%W?jxaP2vHXnK``5V)gJeV`xAlPha~&2YY7wk{lwTY
zGVd>pgugV|PkFMKq{1`u!mgOyca$Yjq`q^tp0Y}|*msWBQ}i9Ii85PJ6NPL$ZxoUk
zhMlPRPX@(NR?^M-n&K#H;NX<xL$E&}BKD9KcF_CN;ycPYJooNL^(i5}DHoGtvG`69
zExzLq8z6#J!TDnKu=tMBLUv!e<nkw~(j`YeQI{^6tteeW0?+j6Oa5q3z~l<`ergJs
zTqoV#;E^k{N2YNo;p-`xc;pJ7l*cpMY`ZL`sfp2DU_VjJ=q#qutqgB9X1I;sY6!hm
znatekkGkbeF*u6RLItEqe<lkR%+wf3jk=KuA1bFS4p=o2W1s?JP7b?kQtpn2A9#|j
ztjP&8q0Z&fn7wqPD`_c_YiSSO<p5%bIBXwcYZ3d4!;%n-L+o!3JBrv4#LjXUtk+c@
zKRUnr3opxo$4@iA&t(GVL13~*z(QwdKjAkJFlnamv2Udo7J$G2jlfq-U^oc$)Chd^
zP7?S61Ohc~$*N2s1O!ToA6+FOgXHv;f74wBlsmYgTA&k4F(1ILW|`WNn*X}pt$7{X
z)l6p1)6;SHat?2~U>P(B<#R9@QekSeZYT|vO~t=#znMvb6^y%;f`iC(F@F{A^Csd2
z#fu>iSY^3v!MLQc3h$}~nP69OUZr2qD%`7v0{%iu19^A8P>rhCHwz25@1c?bLg`hK
zO6%w~E893uzWrnxe!D^ze&e`v@hkZj$Ec9Ee2ezg<Zb`L28!SDVvUgN3+VM@Uc9}6
zyPt!kgCHmQ3a_`3QKUZ`MY^hLrTNkU#R>yT03A?*hTwqW%LbIw6L3KBrvr*Fyx{=V
z8y-}fq!$Ij{xaGt+{)Lhjb@jR7p(_J_E+kiWZ5!1J;`!bZRsRSn{=sfW7ta(ohvME
zVldgy0zhmMI372DA+9)cN~3)$ZrUz1JT0B(V`a2o{%sM>e)&38GTJXM@24Xh(Bpmn
z7|r(6k<5zB?5EqG4NeGc7#iv5iTml^3zLexhHPc=QaagB*Ua%)xN;bNuRaIK9kPU_
zHZfbHvqr>?3UYacq>_48MPH{!!Vc7=NXJtlCDu#1{Vo~E551TU5<-kA7<O;MTKjI9
z2jtQqlj^)tO+MW1QU6Es;id$5k`H&VCU(3%HQndKarQs@!=?Nf;3@Y^FA_$Mh#Qhg
z*KysND%Wwvni;r`FU>P>9pB4h;5v4q1Mlv?^-T#QSl<@{hI){_uzH8buH!a85l2fQ
ztFEJ^`WVj9(y&H(4Rh{Y$L1O;*YV@(8Muy@&oyuz-|;eV9p6WP-dBTdri6VmbN2>&
zz+C^|JkNjm5%XXC^z&av@#nu(*D~kcX`CFQavJXl$-rscdyawA_#d-@)A%lW_#&H$
z<LybAxebGmIayf)4{ezcrH8gah&vB$^4EGE+DT?T5A8J6YZ~aa+RXIIKS;_?P$aQN
zhB1fe__9&Bq)HbY)Ou(~)>Gqx*?LOj5v}&Mo=3E#u1B;S>NW3kQLi|eukiy(9s-Os
zylMS!t9FJJp-&)Y;jo;DZADDCTJ(2_73Q!4h>b-|w~}-h#L943NyHi;rdwsYJYrQi
ztO8;=5Yw$d{jep$YI9f(jUVwbbFhsp0>NsHeJwD7)*x_6E5ICVHHm=6!FH1g<O6|I
zS^?%@ds-L-GzR!ZCU6P_j%Wnxu*8AQAW+fJLJtt;6s8tBFEED*3<iN1jlfhU&<q4d
zypz3vE;}uGb*3zO<p!ixV-a>&CD%s^tK3!06{zs~xpMQaKJ#2!{}@|<ANfSuXhGVj
zG^kzV-El{Ra#e78e(<uI_Pldl`>;m37aD_KR*~$(0CK6ZZ>kM!B5^bZn<!Bnj;;1e
zVK)0dAxr<XorA9I0NLm7y(E)yR#WjOSyW{*-suM>qwRkcf3H<p6@M>VIivXdX~%zv
zzjtoP$KMO|^B{`6XrspyTGM4@Ld)f=JD~**<0iDwN}k5wQ!A>BsJj(2FrpUB{J{A8
z$_9M={YoDXnCtSZ$IRvV0pp)p_2ZvI`1of9Pvh@<DyWR8Un*o^M0J?)f${e)_Ar+J
z3CykR?Lknq?1m2vik@0R`1{63m%m>JbNu}g<Z1kUe2~hN8W5C$DOF_p2gct&4&&qR
z-Ftb!-<|az$ltuhnE&CepZ_t4&;JO_Wc<BRpwhal9q7)wb58X*{(j8H$KOBd=>b){
zfBrzK`g~8Q3e2KQRfB;XRV~YBGX7qqyfXfttGr?SeP67{@%OHcM4qP0Jo)wTApSmY
z-G{~B>n|cSnY?sqDms9psd71k`1`*R#_{(P5ytWNtr5oY_wOQ%<L_f5jN|WJB8=nj
z4I+%=@8u(m<L@~ljN|VQ?Z)x<({|(d`wqK@@%K+H8N}a<TQZ2hzxB%?{(i+TgZO)b
zUk35_@BK1}zmN9IApYLgFN65|M}8T^-wXI<5PyH3JA?T9ncV95`>Cn){F9Vw%J_Q%
zz5EYc=Hl-wC~_DOF8)59A{znWjPijLS&+hva;HBU<&#sYaq;&sD%xKX{r@xmUb7S$
z{BK>=bmH&o`edK>@}NE$I8#SFeFeqIf}1(|hSK6>)qO~DvS4L#vah$Lr>l#TUG~G`
zWIaH$xf=iHwx0h-_B&6>naTamM@o9K-}y|B|0Dk0RXIHI@7^ha{po56_x@cdjA-cZ
zMLSrrz6%XgT8UvwGjR>w%0kb7DWTlT0_VS!P^|AXb|S3ro{lrH6AK&JiN&(8^<C~y
z#fd#qp4e-3@L-j)YlX+FlmT<eoL>2LeZ4uoNl$K0Z&#d|KA~={#FE98R$`vw?ySTE
zWA&`Wa=J{NQ*>lsu*Q>)?PP+9?TKyMwkNjL$;7rbv2EM-Ost7*_09j@m;3T{_d2W2
z?(=f?URA&PO2dSr3EgHHL;6*Wa{SL0MB)+CQ+m;e3#|0I!AYW82aKdjjEPR7>&4)z
zc*>)(jI!vP<KZ{{x4N1dzi*+B#??<>@4{xYP{Ni6Bb(<s^IUr*rYCli<1JbJps7vn
zpj&K;RFZc}ugPmOKa)dx4w~xhE4d-SpV&2LWZj@O(xDZ{HTa<svPagik8mx{Ar9v?
z@1X&-zaz$3a@J9m@T?HAFX0wKa4|Vbv2gDI02DhQBpty48}`}S*S9@gC;-*7^ye-G
zMqO}V{!fw+ILM$r_K-9sYEDACU<(g1h(fSN_4nh$xJ#*(kjh^RCSF{zxgg5jrx0+B
zCV_^HUHu@&Eu*#xe8kZZ`Vgl;L2rCS=-?aO+ga(i^{^E*$-vN}fP{~8|7v4F-u0<1
zN8+f1kOtwcDLrtDQ+T5YiMU_JpRUnq=rJ8Hbb8=RA)Ko4+<i<7EQ!cBr)<Bgn_`dj
z*spcnZ#(JN1}$X1QG76}hHzB#g-hz|oZpPG`(VEqbNJM}4W6%Nycx&Rs2L1y2#x3o
zPHZSaxilk;AHKo493s$!dQa#HQn>v4ozOmS9mMfQ>LR+_$6+|2*Lz9oqH2B=*?b?^
zez@&3wSj{?px0yBF{OSn^h2{ZKeb(IBs+%%r`YIHAN*wvjsS!(Hsw}0wVpD?fEzp2
ztcuZ;kV}K}HC)aJJfu(dVSUTP=rRwRka^W7VRY(cmV8Rz`}gF=9WsH7094bIy2TWf
z@=*}h)c3KtsSuedyJ;p?%fcxrnvAngEEb#!N-GGrHkeAFycWN)oaX0h2jc|95iP@g
zdi&WToXaH98B5w+uIZ(f0E0{WH<yV440M-RU*}!8fsJEd7MBh;DnJ<SQjV5l&P8Si
zM(^*&4=bF6_IehV;4B{{mYwldLe^FbJmZ=tGW{cyKTcEAlL+fJ?O`jZ|Kc&VM|%Y<
z(JqzD?<H~H*M)*vrL3$BxSvH~k*4S{Ds+Q)-%*3tX88*75E15JdU2Ee$mw+TB(<Lk
zQrq|{lqT2saDVC0BL0AF#w?t$7Ga=JUboCY7uQ}dm~NWrh_lygt@w>UT8%5lIfB9w
zZeLYg$tdq?%J2P8cI6<0AGKV4#gCd~r~;k>Qi~Oq;+=oYC_-z~Dnbh(<pO+yFfE0l
zOnJpf9NR&;W{gsMqk2pP`lNd7b45QPXAo=scjkn-O$Bp3&Ey2^G%?+NMji{@eodZ}
z#>f-I!-}wI*ZqnxnNqDqej2IE>6RrqooUVp-DU-J{S&X_zq!_a)>BcmvkBwxXmp`k
zOvq=U>2UR*1S|OUyvuML>4QCD=gcO9+_tbL_^9~P#`EFR;<kXW7-4$6dKv-_w0igO
z>76>QApv1qj<9Jlda!yg0_?bSPLpk?HO_E25=h+vV+1tb&^35u-N-eIA^(HAlyC+i
zTmG<*Uu#xF98POY;cg<fykT|{Q=x12$ZtsX4dEaC#&F>;r0#)(pZ6-Y-)9AqQq5fq
zp)<3?a?4lkM$`LHQP(Q5JQ?A96(Dmfp^#aCw8Yn08apB6@lmi=6J?jifEqRB9nET?
z3i4|lv^fHc)*QHZM1Y_*l$MeSCE6S$1qU;*hxj^JVh0RCh7B5ck(vLCV1*h6@TX2f
z9Xt6N8km@wFXlz*_!dH~Bt>@3kFkaVXk-K2rT598rvFB}wlI$QhU!^><~gZz3=cqI
z1LSBU<OTKp%j_G&k;~_TWm|%^H3c~2MFDKs0B7laSg6mR&F8X?pCTjLiLOh-zh(lL
zSe+LVFdFu=(<O;Z31gfTQfuSS3wvs6F@eaMym%u0Mxk^A%QDIaLl5<pXdkeYy`;5p
zD+-Zalv=-Nzo6E78!YI2jKX1DY>^il{`ljM6I?d~3>*yZfl)DZPn=Pvt|-%T)SW0s
z<Xu<xq)#vE(|59UK_oY?vH<TK+>gbq>Bv{2^|Au9)YAYn)#p--a-<FgmQ(4ExUD4>
zmA{u4A7#Zw&^#|cK=+#JLvRm)=UVSA1ym1$7G4G*Q^XZeTeZzvZOp-0fSG!y0ju*z
z^i+lO$Nfwu@Qf;e31U@oa)Z)uRWWO02-8bf+sr<4N^cZ8cL|h!;`I?XpANc-V{{45
zynP`O&^g-Z^cT2MZuh5sG23}<-x%zBSR_r8-hNo5#WAiyW9F2#s8LIYnX1m%{o!IK
ziFWkvaKfUw&l=nA=)mxGQWiAWqFtR$qQ`CX*Kp-@{9v2?x#02Pn~=o(q)(C1{_u5F
zKJ$rJxI4T@kt?NPOT6~D31tkJJtqj*(r$Wh_W-+iQsEA4@igB7J6)OX179K!limiu
z*G3-5!+qwZyK8+^MR~5|x`24;M2&essXe=Gt%m!mr&S%!cH>(`Y9B)5S<LhyVa_f0
zA*tncbh6v$Lmyv$){y3LueIjFyno=o0pA%26rOE7<kNb0W4J#{GQZY+dSzoS?-C#>
zLF^LX<i+>&vsNu_9XY%E!P5<@?gRNl2;KztKBx-B_qG`BK6|JKyxR=L1)LnRef?!I
zFJMfus~Eo*(eV~q^Y0`eSp}Y(pACWX^8CYQ2O!VO3uLM|(mPJX^NBQgbJg(qyc$mg
z+Om0Zxx)VoVvK)^vGc+?-r`)TE(AKz$Mf{D_tZxog9&~w!ULUpvV0Ev9zSzJj`qsF
z?i)h*zxz~vJ!+@@#9yH;ea>^cd>;>eAs7e`ed$x^)wVO4Li{eK>!&c2cZ3JC_pIlF
z{cR%x5aVfFfbskDlf-l$5T^blODF`Uek)6elW<7#;+`)Y%PPcTD_9H3Z{$Y&IeJCW
z+DB+P4?`fn0vHUduFiO@V&3Yc)*Mh>EW_DIw!^LxlJVWk5C+fOoxFAV&T6HgRP=^$
z`t=xGK-J*jgg2w~oyaTxrPJ{}%>0uBPs(b-+aRq(<$*i1qL)@uL3QC-iwK9xzutkX
zcWw2Ul{acl1UV~ijd3W|`Rg2!O4^b*=r2SMU7yEgi)GS{`W7;{LTVvt%Nk}URK;S_
z>$HYFR25F)xQ0BGi$k`SNASpNf`i68W*iZIA$$%S_Fcpl%7lvRoN1_p)ID_YQ=*E<
z1c&>a-XtMhf4@#P9E$7_B}`wEUeM%;`<%n%r#M{dfHA;C6U}G97zI^Uj6P*Bm$U`C
zo|E7ay*?v6qk+1<H5^H7Dr|5{d#Ps~2Sxkys#+-NZcDV8=o}n_3j(mp4p1bN2Iva!
z<VjkCQ(>gT0MeQPaTLG;v7LII9c&CMWI$;%K#?3+A+{5tvxAN?h6D)s32D!l0;ysj
z382cWfMR3@77{yZkvYb2*RKZm!Np*_5nwn53MESHz`K|{K>$ths2*`C=O7`GtsxnI
zP`P`dKFjV82@FH}3K{iE>;PO$w%ftu%AHI=(~!u4Lcb+;2wY5R0YLJvJ8@y8BLV`f
zARoWtI8oOsoJ_8a01v`O)e=SwF2reIKyf^nTNTRd%MNN(kj&#Hyn{|*Ytt0bvYh8p
zb~3$t6zMuRiRB_S%P_JEvw1D7LA-F{R!?eB07N=*F!`V#HdHI%IT$f9`%xJ49lP%v
zE;)N?AvKo{q`n{Kr|~XXr0aU+SU-$mlu|V5t`8RX^G+{%7qyC0Eh$VMSA2*@xYiR3
zjI#q3PyF_U@z+&ftVfmkP9H?)>w1ZVy$Sn&_RA^FGtCur+dRGM`Vnp;x0>{-FcA)G
z?8%)=;EZlZjO;+!Jf}44f#N?K#VU^F^d93VjEB37-ClXQjB4I0$g8})!Hf7$Z-2g9
zTAlWGZMW`%dp}RDQCVPEgu@I{IE$EGI#GzZz{Jt`(PZ+rg>mLbTHSFG{{4Y-O@~S&
zoy)U+q6*dW6k2)K3yI(``#Mitrw0<xu4X9%iG193rUw{Q;7A#q{^mhh*ln`#u_Z0X
z3IA}UIeC_Dqh+p?snGrzL+ETmb7>tuyZJ`Eg40NOAo`V>ejuxw#}Kl)jAuP$e*wi!
zNK-7YEtF!od`My4b^KVJ^)ntJ(|f&7(i0>j8n<{?I_<C;4T6$VJ+WweJt=j+P0s&n
zJhjeObEhvUd8=!U3YiZpZs!!ys+QwBUk*Dg!t*Z3sP1h$CJ|t)?Bx>e%CG3<(p3)l
z0j>~`S~;d~ZK@Pr&+7Kq3jT-t-Ed0$p`sNHxw@6F@)EHy?EvgB@<l9lKs$hJY>=b{
z&Gn!7ISEK=6dK(tkQ^?+r)#NF3_B^mB8h*?G98NvG9n<aac8@q^qUOrk3WH4S<mx~
z6Du97n#vJQO<e5}eO7gcWNS9WE$_mwj5=>A%*Hg;h6W`?l|Gt3Ryw~%&=hZ}?}9IU
zCx2iB!8l(nlxvMO^5-`T4-Y7oCrPT-Gt*~9UPS#922U`}aH9CD-k{t9+!ME_5im}m
zsmTQ&uJ^;l#Azc@eV0{^-BV58D{Uu_yeQX++*}otb0!(CqTF*}%rLQ&ANqApFx*p(
zI6<mW<WDTGJw&Umjv2@GFLiG~8w+#RP1cD5YS`s{LzQ4oSNLYdhGkgXGcqT6kDHq!
z@=9P;#WzLSH$laBkz94-&ag-;enZsoolZ46_RqRG6Q1(>K8{p<{v#|_QO)lx>-?__
z`Cgahrpoz#VZLXHZlvYwIA-aAyW-7OE_`H`VG50b_OHTc+~PK8<cK|**(S^@W6Z1H
zm{hdX9NY<egXqI?kQsYP$$R=N!|Pm;_)S8QD3uxazkfzVSoe+Uir<th+SB+aiVHhM
z>qcH3rP9QX1@0m9V`7%-rP9>QsQTuq_zr3QZaYvdYSY#uN`D`iL{Ci1ygvSU0(Lj%
zc~W+B+@QR3sqISSWgyAaf>E+fg<<5WE%IO?^FW$m-4l5pawPS@!(RAgwONg2-FH&_
zo98`Qw?g_eU+lq3#H|T@nTW2;AT_GgyDRcka`W5r$-sdu%W@XHi<(2Bn#VY$a`%Um
zj5p#RkETRg>98>~ie-Jg($y@2q1~NnZd$qH=r*91JMx|IIhct*K`KOjbNJytb5vRb
zfUYjj4581KW(+h~o8DgA#hP^Vha@#+u<JhSZ<0hNU6`Sly@vnc5013&^_m2a166-F
z#x;xD@7CvihWrjWIMM>O;KSfvr#HRiGqZq(?Nfe-d>ou$_4owt;=S!noJH+Q?-Nd!
zbdq)LCgC|pbr`SHhpXpPufg7oRU+@(d)_`tBQEv9aEOq=W;`Go6FIPicusP^{o4>E
zZIBR7Oy7i>G%+u%Z{dxe?=0jmjQI5uv^9_lx)e0f4sTW*fbk3m=|4|+lS2t72k}M5
z%noBw&LKd?{)8+#;I5pz{`L3kL+SOG{jFXKXJQ~Oq>Pm{AlVea85aeB+ASp04$pb5
zJs_`#CsS2f&>#MZuIJ;l0W|hBRHbLO!OGMd0LO*qvDCi7IpU+`R$(SQ^!=4LT+7|v
zogOz#i;05|O_Cmy4U!Rg3c<mF82`4KvAO>!-UXBJ3zFH=@P&}MoM(S$55DpDgP{Hz
zPddiTy7L*r&$E*}>1xHoYK(EhYen~Vx4Ot|CCr(1p>=PMKRj!}T5!m^wW7L)<2oos
zUo5o4bJ!84%#AzMlAHV14;r0W5nY(ztq3Rt=`&46qcbG!GfBp|J|d}4a+!|bm=BTq
zh1rcM7oWFGEeK-mBl8laixNZ<QZW*X5)oQ-#gkM8@EVVP9l7m6M&&0BZ2;{B(sJvr
z2JjU$%I!><-eybwzuFmLTR}VB)IG^9k!MFbp=U?zoD<`Q$VG;i9l1{m+Q$!+XZ@NG
ztW2*q^t>If3f(LwQYsjRE@pZcb?Ffrs;-aWZB;)C5wd>k3d?giDSR|4`7K@oj7){x
z{v5<F#V?B3tHP-aBUy(XBCuXC3Ri)ndFC4E0ah$9deg)KHQ|9$)t+>VOLVDF5kt!^
z`Edtv5q=j~`t*;@+&r^Qi)8RolzpcQMY+OKd*GdgEzh;XnahbV0*?u2D3%JK`yic<
ztZ{4PvC5_162y(!ilyGNuvbC4hu($Wp4iWutBlNmL$rsdw58}&ppXJ6_KJV8clV1W
zmWFD2B?=f_qK9}*OJ3Swgz)oAer59d0*3D(J~dxK8HS~xN$U|E@sFs6PmsnXXiE<i
zaF+4eD*J^K2MGL!6MGGko*HI81mL#ig`9y1PYw42N&@`8f9!8Fvj=B$n1j;(cSQ%j
zMZuOKP!;Ik@(HLmBeN4q8AMtIniMi*ssZ&r%7IviH&2;X&$xw8^CY>pzV^O7!lg5k
zhuN$!k@Z}`718xvN3CKYzF~Ts<~#k221hyI3#v6?9mOc<8aGo}y`ag-7CC*aGSr_o
z+sT8;GiDvFmvWMEnWBsp8AWhh;hmA>c|^E__llUZ9c6D=n@i$0C}EaNwCZFBb}a0%
z5h7L^HB`7{<D{T{_An~k-8>jH*^w4&6A;0|bh16jZ#u*>n#avLG*bEG-BKdO3Le@h
zDhxolCca<99;<5jbhXN71E1EVQOP=N>*j1ViN{Z1kLZ{p2SwV-lwBbBGxG_vI{%RK
zmmtm0lSv*ua5bqa#(}HFwLp8nd&L~@c6Rp^NnU==HhG&(b`d_fK1eYEkORFj{xEOp
zqFiS`W$yVUj*-CjbC3Pr91U>(=7jTWU~v7{w>>KC<-kjJkcmvk+H1INe(bb5+$Hpd
z5RY6PMck8sk6vX1M`z)(!11MLr&vJZkHM2I^`*^vAQuirDPo(dxkpSZuFJfyG@A)=
zn-yVy#IoXSffvl>UyFEl$XUOO>;>iEh}QdVR4O|HcT1lQz`|w-t@?I}<cQ`^)qHT4
zC#7$5tJg?KQ&adlw^>{GuPt@bg8LrI#&iBg+MPAQFP#JAN~XVYb5VnDLSZ^hMHHlR
z85W%0=ofC%^}Ly~xhu^8s#ZAp`0U6y^5po^Wt}p;R~GFeua_P<>kib4i)sw4D^pLK
z<9{F0U;b_v<xToz0`StVxdUEs_d-1p(lT}B>elDj*qy|LX}0GY29L}Yw^lFa(N*<o
z#@{Y2#{IMTipQ3oASU~g%w<2-yc=?$zUsU5vPXHg7aZMGQA)?Sgq-8LT0bTymxu*$
z+T!F=yCwH*2qWYp*PfVdY;}+)gZv&@pTa{$pq6S!p-K#s40w7iwx`b0<TZOmL(D#Y
zK?UWFJ4wAyOSS}OH+yf=u7m`ekTS$9knT@5NBkz6<llYD4ehvhu8o@h$^`t!%kn9=
zivrCKd|||Mh7F<+=Ez<1;K{m#Lhy)|Q()7#{so7zCM?*CEYRGHqP}g7qWcgGfH4nY
zjgr_q_~3uvEAq9<+*n1aL2jlhY)svt>(N`RKpN7mDTviCo0bR_O&pRA5D*FTKX{P;
zIqT0A^}f*bN0;U8wJOLDp-14;wF&+6UfTCs+B?xBc{j;S{3LUixk=IOjojrek&1gG
zmVdnT<8zYD8jI3?#V7Hhh)g7vYMJX>o~Un|zn9YHsND@a5`_SSv%HFC__63x7hoPt
zjg?!^vWPaFoBaniarP!=*;P5yxrFvBrN$5Qc1{wc+DmDsNX5lU2C|Pa>YU3Yy1OFF
z?IOvJLZi^xoBZhj&)C%NaTi<b!Q8=jqC7I&!Y!9B+W1|UU!Q6J!q3EW_uXtB3EU(;
zTmOB#tK4$AXA-h)oA|84$y>mGV0|(DtB|Yu{O(E2DWOM;nR+tM7;J3ssW>3(OHy)`
zdJeKnKkE?=ODmTaAUE3a-oOSxe}*K32fv3LqiUfM&C>GcmaVm<o`*~qsityKt&t}^
zL@cZ8EnUGK-bFAu6baOyvYL+IQ-rP@@+ib33me{3izYYfT=Nd<m@wUkSt17Y0!R~4
z2Kf8EAHqaMrCBxVYHYrjuDFq#g|!2cSDMuuY9PYh<Q4E^!t=;IiUYfzlVJCFw3G}M
z`V9j5J#qhtUK)wBf2R);!)&gt(11@)n1YF0b8|3~fbh6riiWvt-;~0k)em$d>3uEN
ziGjB$Li^qzTg~~cq4Z$fG2C-$Kug|I^Y_sSc68ex!{VRIQz_Eyqo20<7Cq6+=f@J$
z&}B!Z4Vf-sA295*Rjf)bG3=u3NrlnNdJ7?C?E;bICj_rVOI5Z-77TPJmzsACGwkhW
zFm6vI{HIyyLUP|Sg;K?$4k<y`E6SUR#z}X>*iwLKB|hM{5^aXXnxuIyJS#i0Iblr#
zzh6$H5I@8DXJ-~%eV5R$!iK{BA+eJ8xLS(%)>VCsE3lA=lV7;7UYMf12FusZzCGq4
zdV)e9P5j+;lVSKNf{%Rqr9<q*#CfXB4HDjR1YJvH%cL(2D-Cm*lPW{jDq1&AyHM=a
zZLiPv<mE_8L*P0AhYYq(ElQKIZcb)2O0|Qu?qoi^IrxWc9m<9AVot{9aZF0mT_K*O
znOi2Jsn?}teb0U?kl(IJ>369@?sMKZP2Kya<>x=fiZrpeUz$@Min;Y~3J*#dc)l4D
z|GvD)q4++TzBfm-Pg``mp+!S1;NO{Ye)HzB?B&}#HT(9ldb}=*)JUgM>NnD#AtCb0
z$E0ej<L%1Ec$oAHBS$K)#y6cICC&ZaA-1Qo@*#DCJ9(mu#}4bQ&ioXe=~UmD57T=3
zYy4+*1|2nBxk&1sLvy5&guAN+=FjrVv4!mW>4+z`*+&)vl&R;`8FhOh1+rCql-m}V
zOKX0e8MRp2$6eY*<J~ZI=s^*0<Zk1B$r~=iA<Jtn=-C@>-dln<gSDc6$2j?S1mgVO
zu`YB-xu)TlF41Eo9wCve(wbZ?(Knf2BafLMXMHv6YL`ynRj({aLT^qwhnN*6i`k;{
z{*l%SZnHd+#W0#Y+p`iPQoSYhJ05eefSUbgN-m!$5Hn`lmSxtg6YOq@VGKIg*c#1G
zWp6}nGd1sv)|&KEe~wNq&6FNJE&I!}5ZpTdwi5cqFi7H{kG~Kc`QEpsWh$w|QzF}^
zFKepWdftL~l^Ijhc#gZ>%(LY-t>V6##JaekKRCuPY0SHA`I+j+;xs9!o1_~$)_Tr&
z*X#P_M|H;1&HmRi{XqSV<0RA6*>SY?U~JA;uNTs?so-~w&sK<ZN3Qh@-yNAVy88e2
zQqWTIE9-LG<TT(hJUwXG$?DFlX9=F}iMs7-*h#mY5KA}3{l<!FNf%uI&A>A#uFFRM
zhmy7e*>Y94N!ZvnA*6MAfC5`D&Cq5$o!iBsYNh7=fU4CU<2~L6=`;5s*a0M4$zQjO
zomI4)e+!45DgW9`i4DR0LOewLvZT1kuwd8X+z!OAm)&fauFD~4L8>1Nzu2wQ54RJt
zB?`L`w`DYuCTJn5w;GCd)?zWaK;<1b{@Mm0>s<)k;p@SMTo>uP(H2XzMLtIHAv*_+
zIlofx=}Ci^q%F8V@LN5eFtYiviQOXyW63!1>hB2L@#+=A^>^zKGC%t4K>ZuN{sTEg
z5b_Fdf|+s(l#XDK96uo^Hd7%rfI|I$t$|{c%(##(R*)r|36LGYzA;{FAe>yj04(AP
zY_vImLdYmkVkfCHv5$8?)lH+l61!|1vL;A~J4VQy@|qVGbM?QJc$BbFj70t`zqAn|
zY;wD#vtz3v*;P4KS|LHm$y^kw%@x#-5z3!8kN3=ycWjn)Vxy#gGTtnFhB}B>f(O3@
ztiFd}1*85p9O<CWKm1V0_FEW|$oZ~%P|QJHEh=x!8W%Et$XAxmgv*xCBnmBS#5f7<
z%ea6ZIjg2z>`#V$KQeklO=w5LEbO82^Wn!v8mKRHk|cG?7zTARcI^i;Z}eI)-81W9
z-F|qE$T?qF&I&bero}5X!i6~g=DMNkZ)a)@SSa8n9*|S9m{0>2QiaWD1!g<tSqh6m
z!&38RpOF;RVttj|?yG}Afe1%N>sKT3{7SL?Z!(NEXuwzReB(Lcc3>aL^i}>}ewt0s
zZ?H{mrP!XQiIBgAc3O_GpDv|a%b)=`Yz$5E2|Cvh;69N$Mmv7xAux1ez?moZWkYR*
zQK218c?3mmgx<hDJ9&g+LMetR0I&;X31GM=gCM*B^cOTF{UFEZ6gLy5C#=^afL@37
z%~H*k;?D=$aBVBO6iz5j{4<*t1>k1a9~yX_!~No!AT{c+TY~!dV)|OELcEBX^~oHw
zk2arNM7rgdalOjXX>8cFl3*5cL<@G6kP7qoj6R4UEBJ^7pO_dUmtv^DW3PUboSR(~
z8)RxR(06W!H(gZE_`t+V$_rvwKRuBY!~gSh#TMn-7;q*;{2=blGrs6P;B=_KHM;=^
zlgoQ2B;d>VOojgrfv==@D8&y>m2BxD0A4_LjdPCSbm(Xh)LSc+anzQJeff?EMF0l$
z1}HH9&PLd&tyWoS#ZbxBZ_cLM1)S%3s5|;21SD0tj4`^r@Rkm2JEC^m6nT~=T>nfz
zRoDT!yF)=LM7#RUu#7(0$&!rk3XABX0_7)WGOrcc<LRy-W#_detdUqKDu4vW0Ph;s
ztZ3~J-@t?ok208@4SN;et3#ftly<mR*RePX=#uDK3uoy}^dX4^|3KfVp6)Dv{2*bG
zAG8<(xy7MLXIuB)hc{It{ReJZ`}x<;)(y0yEhVVj4sDVKYu|3Xv!BzL-XA=(Me0aC
z9<iK%Xmhc~ZpQz5oltszaytJ(d`E(#o;p@kE1nUuuhr9W)Ya+B^e6pOG5cSuo3zo<
z%$-kjc{a`6zn5jt8NqE(<K4Rg)6C9G+ui%E!$1RSyDOoFb^yr)GCRqicVl*Kck&iN
zX3dOC>51xjmwoX9T`Y#7IJmIjav8{9X&2%s-;bf+e!NMifK%EJ84W3^U>hBe2))b!
z=TU2pL;VZl7h^=w@k0pE6fo}>X!Io>=fXALoHWz2NO~QLu&lo~RXWI&$uxD7_`Y0C
zy2g0#s`2BOS*9&@-q2Oxh%fOzREl)F=jX;;uKWsNSgvDPW{zA8S-K3i6}vpe#aOI+
z_RpdzfL^|?yDL_cwN0fd)G?6{cC(I{X2ciu!zeP!!fJJ@KsYZ+B|jW;=W(5k$nn?F
z(^fctgjP{N+~Pi?tLrdugQqN+J&2$I90fSn$N1K>SAoWc32%ol_l9#1_KaTki2YY&
zyqQu4ygHN!0zG<Gmy#_3r9wtul|Ul*^FJ1-T!rf&9zeJ$aNyu=yX~eP_nNUShj9ZD
za=&1lnQqWl?Ev_7XM$eNEn1JGQ-i1S+BL%G%x}p7)Ss%$`2PZgN{q?V4;9~r+TTp_
z$`rRp9^aUxW0KP66H3q?eqvo)65srg34C)!M$0^=drt-<2{{(|Er%?e{GyVIOFS`G
z>j75w3sF2miTt3)5T~S@GwI%)L^D4G^KUQ_NBK#@$!mJ$O695PjBagB9Jj7Ek?Ly<
zC~Gxe#=^9tR!^0J6(EcA>0<Dn5|>J3dE1?qQLA{NKfM3C#2b~6H+y{2A(;0P*OoV%
zna5upx4v(w?l*-kSb1hTqp>uqhAd)p_YHI6T<R&x2Hrez*xmOs2WpsbUbW<Uv6E1#
ztu}EKQv!zqb0xDx)_6%YcHr`iMVpk>DyKorBEjtxJtILSLau>5$C+cJLX)l$CP(KP
z4o3F+pvFbh?2Imh;q1E^-QYkn>k2J`YOMAoR!MX+ysC^im{6w+b~k*A!%5SCB8Nd)
z4v`fOiOtip9S>JDnxVVxUe+4hml=TarLQngc$;%XUIQk&AXZ}UL&P(~&23SfU0Xt)
z0V7P>|F)>{>i#35pzB?vv?ptcsDhUyaR(005U-%sR}#3R)xU;s?$z0ZrwE@DhJ6HU
zaSZ7ZxD)+YHH7q;GNuXth*?8G_A&V~-)yO875_T}fs=V8HfNaLCrMnVMphR&%?Bl9
z)MH_-GX|MEiv?w24Y|b%WF@}-DiBA**+Kz%@qiEK<OyEHbz=J^+QX2cL4Cd_WoX`V
zQu3O9=DUrNuB=zj4epx8^vck~C&`xneG>&59NDtGD8`exb+fw*mZEBw{;(e_I|O+2
zq#N&E33-B@P+H-;a4zbitltzO@zj;zDdcn!#91D4Yg26szP8IpYw;LbyC0Yw`peVi
zO3=l4)oe*+&=qgYjkP;hd$ZPn@0SXjLW62fLUr>-S&U7zD8Y6Z4_Y>4!AQ}~91mJ&
zy7AG?l9VU0%^r~URetp{rBkaa83W?U16c6ztyL<i+-Nj<^)kW*3JDm)(GR3y!XZh_
z-spef*-;sZRzAFf#`ZkD95cN(gSF`_xj(cgk&*%qsN@tf%O(%@-UyO<tCnVT_MKF|
zA*uRDn@kWjBwn7TmAo_39k$yr=5$KX9o5w7kL{uv`?!-kmSmPH@f?np0Xw)3-zfjI
zHG*dvsK(=flQ1L};qlL>4-A^Kh?CHWQ!Q}P5EaaF2&eVLK5@N5*9g55f6eJQsKanx
zLxx{=6$Kc=t84BI{Xv-p>5?c`i2^&^BO}yH?4xVbEM8#IR;eeO@LXU2iN?D*23_2g
z#?YnY{G-)x5m$8VHPcnoX?<@5*H`v})At%VTTp*tl+^4#G)r+;W@YN-HsWL2=K2z%
z|D=}xOGdvl=ca`bFz5Q{l0Ie*s-RWIXz_$~&reN`ZcAaT<RO>sRFo4thr`iB0Kek_
zO>Osb!2mw&7*E2Kb6@$|MOgC2pRG02Lf%O(Sr(U@G_xQ%>t>Be^<Y0X)vk3O`SE0V
zxgAK@D$ijHtMppE3;pioyPqypuXbZY8#C%Sli9HBUp;j`O-wH6v6NvkgMDi8LHKVh
zR3y^+_}RG<B{x^E4HWe@0+Az+hiO9;djC?07;4Nej~PkaX%ued-|+GT6_9=QP6I^h
z<&5X`sVCXF*hqWORzTz?veHh;<a}@wh)K9vV*}H+q`~YAa%N2&6d7Z`D7X+MGfu?Z
zjU!A*2Nwgdjh3ZPn3<>>i+licaMn;(k(#*xI^vpoF0kmw=FwFh);)|QW*Uw;HhDG!
zfARsPZiIzYQI(LB#X4`zA%k*n&Hu;MSB0;N>LfA-@(^6qhlv%+5{Q%j{EpW^MGO~8
z=F>I%c|@6sfO(~w`za6ak&yUP`Ffc8#*}xA28lkOI-`YG0M#ld!c?cS!9OvTv-Edr
zqWvIN#{*Tz^oaIUJrI))YRie0%e|C5`$)LGb6P%f2`_Kte%~TF$lfk=oHd~(HGCCi
zzttvYW_HPs{6NU9-wkEoDrDQ13;qAlda430uYdV@N<K&u$bet8*J+eQa9eSW4XvjX
zn~~E~vevfOiSKTP3n&S<vMiDv0n)0sGzKc4>(ET)_Ek5sfBsGP7WrQqs+f>JCCZ3<
z-zUx-sCN}@Ic>=5c<1^^Q{0qNE^SwPN^e&s8Z1nyKPSGo6Mf50srX?$InnzL_Ub4c
zY4|x9@;r%>>i@EeP3!;SX^(}?F;~5)IsHo_{fMB_WC?Z=Q=NeZfHn?O&vqkhQ&gzA
z4yIGh35yt}L{9fKAO4ygztuE2)BDI&zJf1T`2a1nT%e>*U3fa+d^}>4jN*64oMbI^
zlPdiqqu#%OiR`f0@r2jQl#k@_+5=wYorZ?ei;IteRfTV}s#mca%v`Kd{QE#$D4UuY
zo04E2^P4rL73_OWHVrftf{t7~fq&Y#Nf7hd^~ll)q)E8#4q}3vRgrJ-8aDD9R((SF
z#ZFyyxSP<q2lC&DwbF13=Wp~@ho|n>X9^7|?A+VojlDC6-=;fyP#W>DhlMVGjZ_^E
zKuQ3GTw?lItf5}u?1YSBN8l%B&a-rguXV_bEC4UUJ14s60EZrY6F}bN51_@~aNPJX
z^6l^=k7E04^W`ASPx`L$^ATCf2+mI#Q`Z<{fT{4#mpN|<X|N*Dd|@X^^?mX&Yh67v
zQ>I26Xa;8g604yLadWpf91l~K>~~AASMtp3F;<e^ivc5JBK{#o5%eqjs)%>mbo&(Q
zZuZ-4uq?L4@++sl_B@e)_{@UEpCwsKJ8lC7*OTkuC8H&juG4<C2XP0i3LNu_!DNPm
zObR=qTXax^ydP@L>Wi8`Y~_w~zEI$`84ZW1ZBr)a4@Ukv)<(=H?jlP>U%K*px^4@K
zFu1yg*8>>)j8o=aXSpZItsVTTIthD^W9Y3*eJYE(fwGH<3tCCRpchJ8-(1Q{t~mdH
zQdA`-aFY2ON6e8R`c~<h*3#8~5v$U^P3FJ$gAP(n9v&Q??gt9m#yFJ>^Ul)}8N2m_
z2iV&O_9&r~UeUnfO(5FsdLyHzvMG65N=$Y?nnw*wWFL0_G(|@Sn!GxMBiK6Nql-+~
z#PNe|#|qH+<KO-p9*xESNB2IT+1H~|?MG|D9%TYGruM#Y*`}aeD&K|ltG&7@uvckY
zp=BCU+!Ialm-teI#uGIR237g4!-c1iZZFX(&UdnhsQhxzyeCWPIf7Fh@qrWYjB3OC
z9^N)2{69k;5PToF@~5_Sr{dEDaar8<a3Agi4y&WS$o7d8^vx0LcscB(_G<BybmUlH
zqsYTGza7g&y7FPs>T%LVeWytJXy9BB7FqjSkVymBT9GZdAHsD0=?4@1Dw&R=baW0%
z@D2Ph<sXN+&JCWdZ8hwig_(;pEE&{=Ow9Z+#lDE@=|OW6Wx=H+cxtAVdp=yvfX5(|
zVm}Lm(^ZZupp;v~R=lKLFYBQ(hI|u;`~C?C)7+l=8Yr#JAL}&Djs}vCVsiW7gqU^w
z%!0f5kMKdkSc%aLfukF-<dFMzH&8`H8O;ojA@O_GQ61Z<YmHG=>o^<+ld;89&baYD
zRH(o(Kp&ni`-uA8vn5j`n7P2Kg+=a}o>A3!VC<ho4zqExeR>_zE1U}<);b<d<Dr~H
zOXm2$sIascL{p&16lVnKzt+)tA(Hye!aYnlYKepa!`uuv(vYW<sc}hoqI~tu7fa=S
zE^T3-24P2sQA$&)y*>F6g`tS7=$vqV4qRR|d<PbHQjHBWf{nYsX6Ht}9Y0k2yCILr
z2zUY36gKo@)pGg#uvIIt?=!x?3W)23P2VSO21UqR_ruOIkTUU*3b<nuI<n!iA%N|8
zz;k+T3treRcMQR7BKiF=dSA`36-7pZV8U(&h78NPyvlSsCA3-9Ur%E|6+69Sob0v4
zkf#~B0S)LTwU8&h_7tKxSX0YAxg{aYb5@*L6rRDqDhRwvgC|3BCsn`84^&LI)$rvW
z_vQdee!sa|v@TKxY#;qZQa^w4!sxFTFgxgk8)n#`Dq>pNZcDv9Wf(tSx8hb@?`Gm=
zAQ1KVnXRA@DX{a18;5ct`08s>hM`D*&Vr)=482@D37&cGBclfweNJNs>EfLBuUAg~
zM5h(o(&~zpHef}T+a9}e2TF|`)GQwU(8drvC~4Rx%zW4nBa7Y(E1bt0>x_>3E^+x3
zIMD0IU*af(S5Rk+q7UCma7azS!f;nVh_|R#Ke({Sg3n9v(N{&pOJI%3OAzbcSHJ9g
zKG!h2zqWgBOE`>--$Q=y<*`~^dtgZ5*RRSS@m(NBeFXVx$b!~gi)q;QD=7c#7NH!%
zFJFPz8+jSg-`yuprO%lIXbaBtH1#_OiH?q0M)8J_L3%cP7qtdoGOP6^DE|qk;g_ub
z_YFtqOL||%iEGAY!y2_3WY3A61PDrRGUbf{{6a=;5=O|42m?aI5~es)MgVYPW*su-
zsCB3l2w|8QedZ82Js99F9`L8F#x}1~BpveN)CXDmk_hFpJ_pzzI2VU~`kqRfoMFQb
z9oYh5V=kyPHg$qgsi2?>8W!!>KV;~V$=F^Z-y=O7Cf@0JB?_Fby;Qfj9NTGW1P$D<
zRQ>s8vXBE{A57<5$5zyuiG=k9U+zSwKt{85{tcV+eBZKBl5~x34wQ8GxT|om6_M4k
z6x~0Qb88rLeLYaI6$$UZpxuYn#bd!W_iNCYe*}%8g>&yvLPYL)8kfrsDEte43{ZS0
z^Pn_Z?cnL}4uFLBz<-rpDZiN9VLl`klxv?b6s5Eq@3G|<HaNt1WAP0d=+QG)VYu6-
zdLC<;fAT;|eMxEfMt@g1(XJl$7>=RN>h-&#>o3Hcm1;*`sq6<~+*q`FN%v*+!->EB
zh_yiOx@5n7+AGv3UD|8UeoWfy7K_8?)iJ|ErS}QLgUxT@r7~GRRS|}a>L*@)Bb!^F
zxb=#c__~MR)r`6;egwM3BR|&{<Q1_;Xcv>1;@G7WXJ}O)=I!`PMfDqV7fBEq@|%WD
zMqkBBPN$GtPM}zbHg$#Vwq8!Oh3(TPZUULznqnALpFR)Ly}3iRM9$b!=Nu-(vFg(s
zNqa;Q_I-v@UDnWtD2ZD_2Q`RSzSrk*pGywmk+dWXu8?Vf*V_@aNSn@MnvV>m8vL%0
zmo=q7Fa@{>_vw=DjGq4@A&##>8ykQWfC2u)1E$I4!^6Vjsgj4l9RPqf@SMNm_u(@U
zmhmG)L!0nR^RCZX3>g0?nVQEV?z3VBECy=hDvQodpyHKPN1Jq|^k-m=LK$Pmeq`aR
zE#`U<zx56)_<5ABl~2YiJfQRaylU-_#S1ToWshZ<^{it%PWqTPn|fm3cmB42@XUHH
z06*#*T^9^;NanMLnyc%q#dPm2CAbaf0E+hX@^oy4<}z1AjJ8ryMIZU!iV^ft%JxpE
z6>M>!@O4Ji@)7oh@{Z3oSjcYXncwkm%r^WTbH;=3?~;U<zVJ>Ep?{CXO#K#tY0~bU
zFt9;p4lkc9(mzD47X8UzOBV9;biAHs`gj2|9h99-oZ0FBJz)UI5>nghDYW~GEsh2e
z8#Y8y=U65E%p-PSkE{uk&=ixf1T$An$&&()ri)tnS+hxQSKiu_AeBaK3Lbnlejv)a
z#CEB*xO{gJ)x-H>oAEPxWCHVY;~YGMsP{g70Okoc1i#RghOZ&3@cP!V2=%i0CV^;3
zl}>Vq9gQXj(>4wtkNACKSDk0mSMxDp4X0up<<=2nU49Wa_o~eIWq{IG;853zh~0)w
z4~xB$dqaOoj;8}_Yodw{8rT?6)+&j?)fqK1?KtP1P~}GRy?S%B;>fo+QeFOi!mesU
zbLI8i9D=MRO}VOq$$AsINh8_{f}^6DqYf8@ThfF(i_F@B+c;^h(OzZAT5=K^wpB=?
zhL6cdM)$m0OV5XyE$mtL$!zXPZKg#zAlk@uqHXQs%Fyhf+|MN3FVPT$<xjCoVpmWd
zvW*^PR;B$jL1-Ep?aOiCKidH<&7l%!EkqL}G#AG;wjlu8TjrnzNh(JD3jqgAy(9u`
zOZebd&K$a)i0j;E$epw$axj&o1+u=Gparj9I^1rj&Mo{w?EjnxF#gYZfR^OTc|aJK
zb*rwSL^^c21z8D8%*Cjb3F8?W(%|O|<n&-eUnnpzjS_*L7b6@1T+P%yFlTJECXN^1
zXPNAWd>7h@Il}f!pF9`#ky2l5o9bW&ni9|HkvV4k*To{q4k*p&qetb+M|=MD)f6P0
zA2~9HWDIaerLIQP8h``{8?{InF=C9t1Cq9BgPi=VnC;z}nv5qyzkZ;d56PlOzoqBc
zNV^}aJNt<V4zN{+Zvb}-zl4T{{sVvdD7abspoY2oF!j&r*mp|~qTT5uNaIN%wye?c
z?K4wPgLI%Ed0KW-WXla64Ji3p6b~uc&XnbOnV{@C%qrS+hG>t=#)!b<o}D?i^O+@J
z>{Ncw$Wzat1zY!DKYYN8Xq<c!Qw_!<d7l0%TX{zatNba7QtdS>OZ>K9IZM21&r}s~
zV<#F2B*>WV6SB{ZnW9n$4rpb3*;soC8JEHks#>*6Q1h*8rHQOk#tyW8G-Gyf#$&uz
zA|B+uS*{2v2$~xahncf8#}7JXq%vz3Ii||(dI)+88Si4o(eSy4D1F<ON*i#)=Z5!q
zT2wjS%KW~pXg>XT@^2;ca4@Y?5${_QyDuW*pE$?jQ~^mdr|v0}CA`?-40~<9JBK5!
z4GM8#>3)}l$@IxzlXZ^zjJzKcPTXa+sj^QT?!`T{_?=SQh<3IalfnV`>FX5TNK@wv
zZDy4}(omp$Y99k9ac58t8jdLL132cM0_=A_^88p%7_hzR7(kQVo4TJYUj0<}(V#u;
zFJVddzh3lCXbEPq8`bm{(oMbwHg$IjS-p|TrM1YOasT<eNRe*+@r+~MdUI-EU!gOW
z-OXRpN=S29+)4;HgtggQ?|c6KhBf8FH<+C8uWju^&MTHZ`NJ(&3EOh9_`Ecad&2#Z
zzSJ<%b4YF<OXV$Ngs#Y&HAYja*aELM-uFMrW{uXA8nygZ8{aa;Y(V12JLnn0W)XS=
zUw()96|(l9wBvroowKqui%eupoEoxW#9X#Av2EE=GGjvK+CWx)8F(HM8?De6_+|*H
zqk0z8Os9u23^)e|rdhzH<iHh)4dBVTL;-Bk+%X{=tW%ZRGy1$yJ!{*=rCVTK0t3|>
zW$1<=Ux9(O8i5Q2nW*5?=(IQ(Up`7#Yz$_W2*gCU>6zGDjo6oLA+E!mkzD<PZ%&7a
zg(~bxHh?G$g5tD1bxfuwWeM08r2};0go*p%5X={h_|wSYBxWF~poW?mf1n@zeUX%&
zc#C7lIy8<#AzcF!nOO{$jCiN??<alBWZBZf8ik2CAHC^hq5wC)iublDb@>;kSURDX
zA0sJ}H}foR@na=B+gLajoOES-xSea>a(@iFV~;x-p{(Pe{+ePq1+e2jq@rUd&5<)p
zk`oQcM~79Bzl2|I-G!ljYoy+Dd0Xn+^jZ1k+s2HcP}RTb1Md2ii^cI+c8Bol(XT@;
zgI|UbmEBZWIcQJs>}&{o9>k#}NaL(h7sVHbLV<&`BVhj%^jNSxe|hpXbs%Ld)?Ja4
zU5S>Ldq5K;T{^mcoK!N0yEk(x$9GaRQ*|2Ih5jjK02j7k*-WD`;KsY(_@_9<ad;*&
z#Sv3~AY_8h_*AVJpKX+g<?KrFN)Bg`gMAJOtl<h*2VNR0J4PG{y@-Fdu66A){MIrn
zl1$hj+oT$et(xpHKA^}{bRFx!cx13fzg#wgo-(4bWvy#Av+F;%;=gI1Uo1m`*?uEZ
zI@Mdg__|K)9nmCyUK9rk+ZV2zUhPtwXaJE>jWXwvz|qqN$64vOMMa^%*&JD4bEtTN
ztmIm4`aR*2xZLJrOZif#KiMvTtmOka^Wh0RKxTCc+?x15WY;Oi5!4d&|A}1=I_k@u
zQU2k>SsLoCWw{d1Ynj;pAXkS`Y0OUVpEUlH8q7Z_i`I(r+X7&U*1q^veV7arx?--F
z^?<~;9F_M;|HjXey+~JiI~54^h6?IO6c1Ua-75IVe;vhbvV<9X9~w`XL|ldWZEi(!
zH_KQA!%O&NYD9F(e2t~4dzI09QOSE*lo=-1OfsxE1<&HV8GECy37+%eCT{{oS}uw1
z!W}z3<<RhNWz?V5K;1|`UrfwdSJ|5@jf}lST&0bRrl7sjym8E@9U6Zbnopm5(CCK8
zsJfG{1CxCH&M>;TI7MW*@;MZK5NS}q6}rv&<{Eqcn(~}f{2E3K`-m6@`@B^&zY(~+
zNgPG}NXM!TQ+SHUZ1(zk4sYkGkKf(Pdk=`(W45u;GB0P7``=UsEA23rPZZ{r8RnTL
zWZBpGN?8|8h&uPLa-o(UYW~cea%Am?MFV}`rmc2hTIu&;A~CL_=bo_GJ+Uy%w-f4I
zBPY3=$wHn;%V8@_L9H2O-y9V_vuK%{+}u_x{jE>-F^Rj5OjDVC+i9@NGAJLC#HI_0
z@AvAXdjQ_?6y9Tx3eGa#5gfa3t$)o<`rLRL+Xf7b+*%7?B~-)I@?2MybA-xbSqr?&
z#0&8ryB1aX`(sbrCBH4VI~z4!W=*MnuonNZYm#vrC2V!Zm~Sh5K;`I@oFDgw)rD$x
zU)S2R_Hx#hkZQ{rQcFJEH#49<i)#?crWc&hDX5~RYHT~RAq0EN*ac5?JHb%l%!ka~
z8_Bsv@9zHxCzcwP)Q->D${NPz0jB6R#2x=s*X~B`GciusiOb<}PxI5BKG!*z_YnRe
zK-oPiX?$c_-%ldbhpOLqHBSVNvh(vBTiRVVn}<6h_aUmsgs|-;XY%)dW??Z|bd(3~
z7yd<;^vYz2EeBp^C~E^?*kD!IU^j8<eL0ly`Mo<p6!Sn)uwzEBo*51BGcab&>pq+x
zLbPB47+^lRWr4zAYvi6ge{qSS!EB)VQV6h65d(W6QQqkx4xsw-0DX5E@NHXK;C$HG
z?>LI;eg0q@*kB~H>V33e$yfyEk%;k-fqO&!Gl{{3I_i>tH5u0rHEOC6bK-pG(XA!;
z65i}b(UE&@r&FJWLs4?rQCs4lgVP6Xfq@T<pP_r0xtEDUcnTm`1c^Q?v+nXB`!R%Z
zc4zYleN&!pXyKAUL5L=szI<!>kYKtE*XpN|>R@i;obu+a_?8~$tUun&b~(fafI9ZP
z6&@||6;!S@x$O=ryBu2sWqF$qJ<JxuaUBppye^d#b+@TLUH!^9G=}6(US(p<!xfL|
znbDl?{0L>W;_qt1?TQwGUo8spb<@z*qmin`Ek9N=Ufs6~F96CdH%;>sP4nDU^XN^=
z0M*h=X{-Fd=wF48d~yV*z{;PEYqa&!R*p@FV=-DkgR|8ma+eFqC#N?yf{^!#XJrrN
ze^wrIuChO5>Go(U^S(R{dp2~IpmTq+^7}6;8ukL0&WI7@8ckK4-E8D+VETd<#<y<s
zpO)B5z#YSFmH*v+j5g83)Ijw&5cK5nE7v$O;kgJCeYdBzqw4%DHq$056&j9}lHNQ0
zx$!{$z&7Iv_rRv$Z>6Fbd~CD6Fv$C2`+hx@x@BKq{y>IK^&;c+Vxn?KPMMs%_otsn
zYZ&qQr%rkkQiXS4OtIPWRE?LOKX((NHg{#XA$h3m-wAXG2{gTBNW&4je_mxlf|$Ss
z{A5|_aZ84~#qsJ(^Sc-6*^T}8q}=vltXy}#o+6XxsVvzQk0rTn{2Ud-m({(jQI&80
zk5o@rL7yH;;vZR7*6zFaC`*u~`}eOnj>;f9mruHnO8jF%Cs<XN0kiH;KXzd_1&~Kr
zTS>sh7gW3}{rj^Mnw5Q4Vd1P-2E+ATtTy1(X!Tw(^TY52w5S&RDHvY9j(Y!O`eBIS
z%N=<J3f5Z$4OM-?!HPeQL7AC%l(esD|6R-`9DfMFd8ob4J2Bi80!0w9vJ)vN-7`(U
z_EJ*!pMWk$YfeDp|3KOxMYdxQL`J5a5a_lFWD^ui*7hkl$NuqD@?rTA&>##V>RZxV
z%RK{S?o96Lfrxf8KgB_;A6E)2|E-rI3{v?oYH_gb^Xm7fp9Rm-wi*A49L`G8mwkxj
zfeyv7^TG;^)6RMldvPlrel1PNN7lt^@=SS*jg0JT=HY4rnEOP*8s=fL==_AacTfjS
zsR<UsAlW+7<GGz{_{DnX%?3kb^`&92<yEEOi8JF%<!g$S79t?Rx(@L%E@~Nl`cLAm
zZk9Bcrb74<hftJ!)D`5!eTXUQzzByFHH>HnhEddEM$ye$@>x9%=V7&M?!S=|_7_eX
z5qY>Vffu1Jtc}^1=C|;{*c4$PG;fjOTSvY$q!$*JQ6MeJA7%#oAA!U~K-<EEBlW8f
zX7nw%7^!Jl(IB)`LtXEIoKNv}p5XbMW3`DTpXuh9qrl?2qmJ&G03<4UW3|+wTZ=>u
z8d(<{!BTaV7rWj?_XXIr4v%Jn4-c<nJe*G>{e6VL7zwjMGj2%HtK(D?nk=y;3{1q*
zCJ!qP2<g8PSCxSAtgS6z>wh|GN*+S1<HW1|a?a<rvk{V7AhZOuN)s^?c*y54-jj1W
z;idoXz)_ZtzDa1ch(UKqTAJT?b!y2la8c}MO7@5rg_Ue1lzxh8b!k$`EnA8w_8%P+
z&YVDWJ3s!F=)MiVjck#M5q(&2-YBy82}OcVq3!-%uF{2>hLv((A-5>|J@o~5o~ma5
zC}3E*m4hMO-Ypit>wRnH?2)=ps+Hq~BC!C|dc6S}UM_@cTf_TvDMZ=vLCySsn0m+P
zN}4b1`^3h?wry*YOl;e>GjTGpZBI0@ZQHhOJ9*Cif8S@V=gZY~s;j%#=?}H4cm4LY
zy(1b$x0LlZ?MySus;}B9;nAoKp3asgC}jU|pt5*3V}{BZhVwzVs}#DCcW`98+hlXh
zGCI;)<g+CQt}nztGb3*gTYt5%dj0#G@mv-{!>s$&X4)X_O|8l<pIngEfbn*@yZW9S
z?9;`hXNuk$(PZ9H{j^ofzYmo|!<b)P{_j{ljL7FK5jEeAEhyAj`J~jB3B@HU4|gyT
zVcRy~Eqd>BA$l)xRP0toy4`m7*;6_};mC9Cr#<{Wp@q7H)M_<VZVOUE-r3amUt+$|
zCF)pXdU}(?Tc0*oDIf3Vn6#&YWp9sudTlu|O8%P&)vatq_I%FWWkE-y3Q@v*a_(g?
z)wS)l)CE?(qj3L~g{}a8`uVnAoz_07R*d;7F%2UE(~i47#P1ih(;GOBkn(BQYuC#}
zHK~`v!NS4J$A=HoXwSFo4;PyVnO27F8;8(xpY$QUY6x??aCO>)fyI<0=C(D^Ln|^c
zdX_`|$83f_%`fYaZjm7Np0iRRn3d(-gRj3MIi>2VZLb+~BGqY62Ns)Nadjt$GZBp)
z8o%_eP&nNdd;Xq`y@O!mMo`G&_+tK)D#1mtFpfdBTC*Jcs@p+GDk9Ys@Jo!hanUP?
zw-MIcjJ_DV&%kAF4b+c`=l#c%#lL|X34fK>;OstA*D#8|F=p%ng>-j9@L|Mxx0Ct8
z%pmwQ@q_)=d9Sx5mF4%%XsOFr2~@gE*mQZW3sySjP$EpgY(y}=))yspBcvsLV`cNl
zXib8W(w}ZG9f0>kK_UuH`*7#4dSg`7UEVr$sZt3?5A;jFPXqxIS(<6ff4<Ee`W&Bl
zGBxet8iy1_@X$@q`P0?`0T^)T!1ABt<whWfQp^YEY?aUVI)hA=UR7NCWuqOOC+@D>
zxv1pSRWe*`xoXXG3QI7Eey@<(c~!g|?%h)4cz{g@3!X=NG+e+vgDKdKc<5IqNDV;m
z&}ir!ss}`T40ZD3<0h-Xes>1X-xv*EzcSe?uuX4`=;fyf5413Ofq}Mv;7?>Z_!!B|
zLf2bg0x_^11tcRSg0K8msiCT;Y0<t-J@J<;&7hkB_mO*R%_!GU!<bCcbS06XqYOi5
z_T;0#B^URo#m4lyqvfarlgr7&tsSAdVHL2H<w14xROP*+Wq)m;#?GATGN`m;>O!(A
z2*wf=mXZ?Lg;xPdzntnEk~$;nu;i9NO&1lP2q>+C>;6)`$0auYTuqD(t3ai+J~qq!
zp_6b4EvU)dQu!K;4=k4<<PK<o^KZt=g8|$@`~N{&wB+yubf5w3;BWW<u={ZSB}ghg
zf`Arkz!hr`2S5h{07XzH#Q@&Z6#C?U6syvM1z7lTWa{TvaYeNa0^kj@T;9gYV*qgQ
zQ7BK6@+1xe=3Ux!uPPNrM1f$KQi4uD!JJysqB9X~a2>o{6P#%^&ks!s%JsmyajN&g
zMALjaR8w(o><Y+rDLdA_gdfSQ^qVZ!)6S0q+Npt~hK5>?>gYmlwl&h3zJKQ~;3&P|
zP=~kc(+}GtPAxyB0CdLmc#u7GAPVV|bk$Ho)P`oQHZf~`G5`&5p(j>!CM*Ca6Vz^d
zObw-ouC06s&sZ<_fr0g<L4}h8DEEpy?~3}iK<$<)uHO=4#r7eM+rLNNcHiN^dh8c2
ze|s+QP=2-EZP1psyZNQ<rRAmdrTHVdrk@J3jNCOWn>IfgRI%$@{CpK<v$-A<J5PFx
z#(ru;WKx7xR?21QA&QM~`Tz6Bxg&gVAZ+CJ?3EpJ%!INwS7j3O%)1`-I5zJ4?Rtsl
z^l`<<rw7U~8>eeT#E&U#az}`Ef5Xk2inlEqn>)DAw5uIh<|f2#qSakFo%S97=8`JS
ztC?HngrI&lPage6SSo+~)%L!BHvda)IO}U@5r4VFTDmDbjo^q@v#HR1i+8<H0RQJ}
z6}?G!u2oAt#JQSkJ*@_3bw>Xm*9xM#OSnYzu<?nqMW4&wC*{vJ&6b8vL=GBx?1Mhv
zvK(AE?8}lf1KEoubdz5zD<42(h9keeO6YfvAk(MN`o9DsBr9kAT>+#jN07lYi=jbH
zRm41ND5J@XhoKvgWto^*mHggE6xbE~K@)s!S^P$2!WyVgXa`G#?KN>PC-Mx8WO7<^
z5|I<;5?Zl}c$TDPb;+T-i0TAO)n)n~8m(ocV<Pyv=;}E1ybpOUx8sPCck&tX?bNWU
zmuzKYNG|yXo6Ul4S~XSoEPX1}_9De+F$ZZ8WkyOhQ}vY|y*#ba9=&aX>uH!3!1{U}
z2AdxoM-b;IYh0=|3@M9$5+i5>T~LYhnf`z<bQJ-tVEiE~&OYq`9rt4d3eg}bpm|w<
zwCSaESwIh4Z(imoKo`KIs2e6m>#$J&>qOm9weis?m``ec(9jFaq2}@~EFB%}u#VMH
zA;wchRyImY#<7u_A=x&sbX%VFDsQ8LB?j<{o+tUKSP^=QjGEntifUB!Qe4TbZ7D0*
z2FLd(L;BupcRNNjL!NXY3%*$43pPQ7fSPA;a>`0c{TJwbQBFwfz3lJ@mqN+3f<_e9
zyw^ckjj0F`$-PSI*RVl54Z31)Oqohet;wrRA`1HOsTOj+=%8dp^^IwJaYEZ5-iBOf
z7Xup6`cvR|?jW&#d@BFI{EcZW!C2=-Hf=4A-R@NKKPtu1D$!p#Qi#$jCjv>j=IKfQ
zu#DCEZSgR`HF$oW{t#h@C46!V=$qYcmoYs271Wn`6@uo8uuDZpK&EukB08v#ekrAL
zQF&4$8XVJS8!3CH49~n?YQcp8#l@tT?@%DN8=}Xcpy3rgj;8mWpwO~58P~@j$OS78
z9)ZSFCBsZPQ^oSjD6fAEtxeZmZjy}|)+=4r?>w>*^b9Q6oE<jw$z*Z64}ZzOMeC<N
z*q#c+Jq~i)p4Fl`4z^(|LUhfsg=!QiM2RKr*Q$uh%*>Ic-cS4cg-QdX`xA+Z){(<G
zd%^&>OZLmMAD0v&l_G)2ADxJ7;QDH{h0LJ(@U~VA03?yoxydmo4k7Co6L%#nX1uCp
z8QzX|UTXGZ`XH|ICbA|`R)!?Z5JLg|q{ai2NyR6sh!G=hO}4SAybB+>B^*;;#if8m
zAOAXZs`I{4p1*Y1ru^KR>PZNqnu2mmaHh3XxC5ha1r?BEA<lKZRJ0*=Tyh+srrh*l
zHguGcn0>j)D?Hx=e<CdRDJ$ldX&@e`EPzQCY1rb104iz?c@TI7NI)=zkf|E<&My#X
z4Va?2Ei?am02K*93EO}dKmqM93aJ6^9}l_%2}TCki2`s91Moo{BmmxnX95dgLS@LQ
znd1O^5Ta9<dJ;*?CM2892MRs5aw}xpa(nBcvTn=A&9KYTMR(H0?S?nILjT?=Y70ZX
zMkToWs*OA@t+e5a>RKko<X>>k(Thw1h4qZgz77wxP`6+;FC-5X+cZYerFstAbs3}L
zc)LjBXLyFaNAr77)+L!M-q*i@LcB%i%hXxbl%Ifi8xMCI=tHX$O-MFDQD7TrZYWk@
z+b*zSv0fd8EGSgKC~W^&NwSnCwYzT0RvxQxqAez#Z}8-}8{|7LGtnj32^3O2x_>pa
zIgB%j^P|CeeJ_U$>-39eKPaw`uvpT&IfqRw{oeEX&Skp0rPtGap`>`N-!5~EjovQr
z*qA@(W<A}&VAZYAzUF2jU`0|}W%B8x6<V&siGwxyxnZZ1P^evO-h33trXDiY&Kiqz
z)kx1KR8Y^aDeL2QrY(frWA`=jwt9olw2)Fd3|%V^Sz%K7>k(S<wgdN_%p{qIOfBMk
zHI(e*ny5}!h!#h*`36TQbnROr2PxPxl!afPIU73R8ZI?HLK+Zc$Qx9BZ6vf!++&)a
zeC0wQKR+MLoQMUX%<6_Tx2B`%4x>X-?y4=Q{g|b8ZQ6&@&3Q2+5`5kkGttS*-?8)Q
z-t&n~gWDaGk{N#*1^uP>DUENX@2vh$ih;sk|DOQuu;@3dfP%j^vXSy+Z(=7c9X(-t
zT8=PjdkXfSxFTfN6~)%K>AG&@mDMm+zwv^hLG&PkIAknddJ<9lgY_kBk-|H`15QDA
z=vbFI0Xy=&I)c4`dO(dlIFqvv76|mw8wjKYg1;@Ofgo#gIjBLT0gb)6KPW(h7LZX(
zW5ekjNM>zo7~m!X$p!6Cv)Vzwxy_+uKjGGRMPv^H^s}(-oyf9_GL2Ss<^dnaDL-=2
zv|{tZ5GwE(h2W@^x;U>YnC+75>LF?II~G3~f$Q+uOslWn7qQWN%Qdyt_AvhN>im*E
zK#Kg!tfytUXwzMaoxv}6?$J9=igW>+%n=eiT-ZqT*ddWCrzxyvV@{FyYthcYrY^j!
z>W59gXqsHfld0H`HbW9-22S)@)m%c5SDhB)J=%)8S@)n8MG|@fnu~a>38{1;P`yc;
z*LlpJC=1JBt3^x8VY1jKspteV#zNg(YG(aVa?<JH`^0jyVw9Ka9l68-T{UT-cB~wx
zC0#byWT^;e43bu^KMs!xH*bz%MSDfu!NxN*tf(!p&Hnx>={bL!SXkuMywZd*VHsP4
zz)-R$y64{VFMFcoX$<wuTN_|hbdmKhk8hKpKKU~F+YL4*`?qaR3adI&MP1+9Ar9sU
zvKX_JB>B&`xltqaOrtu@{A1O}OyCLZr~*^S1U3r8PhYAyai(>|Im3hJ4ATaiKP*M3
zC_XQ{aDqXFt&>dc7J`ebX-|0yO3Y%HKNEdwp?)P2u+6D22d?#<;8|(Z92$VS6<PR#
z;abfGIg5Kyi5u5F8Ctgabk$Oqhn<=H!q~iFgCpb@V9nj~>SH5#Q-q~)_20AQtsNgw
zHPHTBY@~_Z?j2~G64AnYJG&rECi$6f(i0|VI)D_>3qCL-D-o&{7jMufffN}NkJA&D
zJGEZqVnZ0{a)bTZNR1D&F{^cTbE7}p+Xasg<$@tvHM50|=u54lC^ayRP{|}hbIz@4
zXcl5nz*ZFvAxvH+^iOnX50GSgWO9>Xbtt*RJ^_!ERB@b?Kf1#d6q=MGx7g=Ysw17d
ztJ+jxLqM4sTxUw9Ju%vqbWs^VVv;7RcL*z=tSE&dCMC~L!71L$hdi`z>QX~TrVr?$
zGpqsDS6m)(>(RkrT7FDp1l(gLI8;y+0-4ZKtwW+ONkp|}M74eG%zLF}Ew%;@&9oHR
zIb%=|);sbP%+a^m4C#IqRM5|g_=EdjXMrw5f||qiWY4Z5xzj(7;poE-iAD^X3s_Tp
ze*cb`tPe?;G^vy)3m*@QpsIRrT2%B6`rZ>u=-YADoB&g9ryL*+%ZfkOlPvSVeHQUK
ziLtM$wo(0pmG8n=2UkX2)WRL!w46lYx<AlffmfW3En9g)tH<tgU3PO$>D+gXC@Nd7
z4OTvs#PxIS<AAklUX>JJVH0m3n?`fICu^5d_CzPil|JmwHNimO7KkDE*5uyu<IwEJ
zO?1*ixUcoZCOF=_DPOJuEQ|wyMorwF|3s--LUou(T$K=zvmk#eQ4B<QLe2`~VBHQ2
z<7g@>(38e@6jkI5?KsL7UE0TsXfD|oT%21Xd-Y<5uE)eWv^2hWW^1EUXu^h;54P;V
ziIt!k1hY3V1~9&&fJ-+?f4<{hY{Q)Ue3PB~j23mYHJbvDQ}$C8&$ePuwbleUnRApn
z#Du>`I%U=5YJip`%2$nYuj+`KP>d1kj7~pd!!A;4ihN|wuvX>-aC5Y`+PPazKy1xy
z#=u^U2L<OU5vKlxF7C-N5FMmamPs<-u;q+&=B|w7XHv@CfmwWMXMQJta2^u3#eE;i
z-fwr{A9tr8i1a9fC(O0Az|?2NIHS59G>*%@5LYX=!Vr+k>@5^bHcewiuA4us;8WPf
zn%hTxs5)bs1&@0lIa%DCXrP#+IS(?809UGTEEi+@R(5?ad~U5Ufp=V)nQ;OWWD@)<
zHt$h}X<N({&3Ch{6^bjh>2PRYto^32^C-~4*SZ{qH~a3~u)`j$8JWmurkHtE2ZuKP
zZ4<u}0j~1(ovd#=TiC(=eZc%+!&;zk{>PniDzy!Jh=RtBz6flfmLuBIvkN=tZf&Tp
z|65sTeJcz?XqsrrdZumqER697k|#Bq-n{2-Z82VOOn=2?akpXGqAeS-)ATP9l4)^g
z(JjYj$~iKg&&YNGp3b$+QWqG@8byn?z+GQ#UFN^tuw0o1j!kS65L2MVoy6v$d(h^&
z`b-BG?<siZ>zkre@FMfd8xQ%X@*8@&z0BTGiaKqXyJpxvOexn8L9VmVxN`##eODBn
z#D>xW#6hmS_7WPxXyO_Xg(zk%HTUH_ats$i9SIoDuN?{D(UN+SsX4H4ifg-H(Xw|^
zU$AVk!S)D1VT1t+C1l2M-}`@305)m7tNNdG1sv7hh@(#!@0!!34fnaLF~tT~|JzZa
z<4Ysw1>aWj?oJTq5Cs5t7laJwO=UptT&?3~S&Eyn4FmxZ(EjckHQwj|DY)LdyZ^Qp
z{(|Pg!lgVz`giYSsT=r11JF<bT6fX_z`#LjGZvA$8o&eGKNw=15g>%(?IjPn0^vX0
zX3Juu*z~OVPkWszE~u?h6b0pM2}N?GD?s4G7c=*vN9cKvE=9uW+7Q{J+uX!4;HrhS
z3Cp*jCuBn`po!)!*ZNf#BK4*nws=%m58Q~41};H?Y!KI0dW`eTXO=m%bpLf9E_}%j
zXpaBO!#p&Qwa9zACtXTiz@lqbm87qL)g(67*%#l_E%J}*29*6EQsa_}T)J(-w(v8p
z3s1Hw2n^tSPBS4HY^tz6>)d#cLStehh{QvaWT^UAg9`@Bx9)Z@-5)4aU5>dfd?|tV
zPkCJ5r;;G&+|Sl&&|o^y;VR*E^Pe5%Gb-FWS>-i(&Ee%l>8-E?E+P*|FReFak2-lb
zB`^%iD_+p~HGR|~u>BcMXiXk8N+&C-Hy$_x?XZkaf3jTA3E){B(FrmS>kjg=wV%NR
z;QF<OAz(wJ+|z;k>@dNpUo3?;9;h*Wf4E74V|0VJbHQ(``kE+zP94{wU0CkXZ!nFU
zwuYx%Z#;WobeCQVD~ZjtaIzi9dCRn9`Srz(=i)f)6q~O*1BZHN;1}Lw44FZ3r;j@o
zw#WB7OfsbohCE$YHNQN&OVDFlv}fKFKV1to_{HL`cSrwzf3B6t%<rFha*UfYw0Png
zN!Ljc3yk)LEYFOe7J_vydHvW5nKp%~JQZdbk72e?8Na&)2(R)E!&6(&#uZfb7YOa^
zq!^J;UOwXqI=_Er<+gt2T$$T-SKqNVZ=1iQuV0INOk6%U`5rxa;R8o(PET+6`YHBp
z_;#!GQNR0OuueniDMXEl_VRrvfoOpe{RB*yA9)}HieZjkWgu@rdqhEM{L_!sr)m99
z|9IpK0lYw%Bms0rN3T)<Z;G^IXDkC)Kyd`XEa#aF(94%Q1&{?{5(AJi-*?af_Q2oy
z13>h0lmUe29H6PWeqnCz!P$#s+JsF`H#Gb@$cV#d6`rr|G#)ht8BOW<t4DTV$yp#U
zspMY}$roF_QSX0QaGtH*Yfg#xpx}#VJZMx_CSq8>-0z0IJ-1%;hj72^fA0empnQ>{
zzljcwV$N!P^|pgOD`u%}N5ChSvAH$kl9!AwAJt<F>6d;99vrPL8$GrekTz<}H;Hh>
z+<JpeRr6Im3n~d39tu{c>noNhSGt4h{>xQp*!mv%n9b?dO&7fD2;@H>w7oTZoJNHO
z$(*9hzcy^i{p6Vx)DijYN8tHp`f4&uMg6Y1w$1jV!aCaUeOh13#5(GqfWME=nfR48
ztJU3io{Xox3bFq&;*c7BU&=qiwEdB{%e38z!8w7{JxE7N>E4alYHFVKzU^d@b^cUO
zxHvVya&2gq{wy}$ak<N6>7^Up=iSSoz~!7aj>d5*N0o$#rKHhDA#SLe$sbI?@!Fs1
znfb9M>zt|69N@DODhBD{ClcrljdLKfy%=hwKWZMRV^IFCkh)5<5nbcTHy>BIzR2CA
zr}?W1Ue+;;(W>~RS`AfMM_hFlDeB@z9{%#C)*`f|LFwOFv0`KXUpRD1D<sFpy@6<k
zpi=gCg!DD-XyY@+bd8;x!F~FhR)H4HqybwD@*mR9Y-4iHb*NPD(5A;+tJq1w`4{?f
zZUm->if-A7x?-9HNvm9|2uYiC5+=`FtMp0uVynh-Zu)i2Vd_lEwf!)IGMS`l5pdYR
zu%QxoPxFKd9i%@axUwTP7$091KmZePpI-VK4=@j|%@Pd40crpY!i<brPC)iB5!+j%
zfx$xw<)-pjyI8<$`N46}P?)%yMZ4vNQra$PrVQZN%8>hTmZgwOmYQ*t3MPx&nP^Hy
zP8A$#I+GHrHQhGtb8orv4XnqsAKooH26eagHV6y}F%XJ+fW0@WZ1pT1Ap90y5==EW
zrGH~HNGGweA-N*O&g^jws)c#pE;`??-d$N3jgFBGUv7xCk;egzQ7c)fJ`a6Su5`5N
zQ+Cyl5N-QcTiHnzo;3aFfn2oFgZ7A;K#%0J9&GvM1*Y@0<~twnE%IiD<tswb-R~n}
zrjLL|RWU{dUyQaiqxiC=TF9hQR5Pj?-RB@>SR<Bi_d6Fe5-ntn6<r?el>Gt%Ce5DJ
zyOE^>X_m^HvIhco`58FR<={gH+n3-ft+cR+8=ljW1Vdm4ZzT!q;|D`j5e56w1Wz+q
zqd_XbcCy2|ifF96#|sO36+_MvwN-Z-P(jXKi{5qKh-qR{;Vn#?!j3mkqUo*JO6<-{
z;RU}kMxyb^z4F{tbEF6Ee|P^xRO)&_tGc#e$(|29T8EzJ?quGk0H^v;E^tuAHiMHP
zZ|VUkYwv{Ulva<Uecco1JKQpez&3+BqM7N!g5&f0$4s-~7qL{N{6aW3`yHZNm$`fD
zHo6NhuNS>4J4?aJCp!VV7_|Q|U^MeqTI@>er)WK#NTbcTCR<j~b>g5js6GE?Dvi2*
z$yvX~<TZ2J0<E<@(~zUDwXjxOe&9PhrP}7#n_r$JKi>u%rcT{Ap&B7t3D>O9AW&%O
zlb_VNM6o6L4(EAYcnC4f3aK)Qt|+!ODk*Y(K<7!BxTS_>lTW=eAoNot)ZpHuQ{-mT
z12t6W`9$5<;s6<*Q|2gK{8CNy?ocBo)kP(yNZqhxycP{-s$^0$naq-Pe%JHbGPFDu
z*aQo%c~{~zV%k0s9$9AY;Da!A=T1j3{oI&nUWs;OT{TjV56-(lr}PS`>!Z5gaeJHm
zwQ3wb(!rfhiIMe<YbuaMM>yt|Uja=?8&p@VsP-oj{nsj6(yKFzV3JQ%T{E{Pc2c95
zCNd>$EO39Iyl<2y|AIbgamPee@rkV&taN8`)avgA-x!WlohQ|}kfyTS(#Yl(HqNKU
zBZ?6VI-{Y#0=y>{7&us7C;+Qp&EW{5N60Yz*a5PoOCRI`4FF>UX(R{`z%U~cV*)}F
z4=4cRRd`Vp03-}6GAVW*C%_ZVpW6nK1Qehgj2(ss2@UAs0@)et7~1fGCDI0Tn9%D0
zdhkJ*QW|UE0D<7$&SYS8AVT&adGt60NC3y#8%4+$XaF{79<bN|E`UhmMyH&`pAay1
zl9(h=D{CYv1!hz5ASso7QV1oh6k+&2n?OcRUl3mLw#bsv^LNpdEg&{;+yb;(`m2q&
zEeA@yPBOMmeCBbZZcd;e+?gNguIkur>rsccS|GaW_$HZ)*8oG%?5hMz5OSGC_*%P)
zL?9POu*ys8o?h~U>!yLhmyRn{=i|4HGV1Z2nJ-Y>d@%&SxMi?OVoF5@Xj=^wG5b8~
zdD?AKIU<SON{1;#+8Zha%~RC`$%kU`dDEKZ*SOP;<#^5wmS9;OnWm3`!gxSh;JK;<
z8!U+v3<cLNWN1T~N<CpKNhPywA+fuvgcscW1q?1-7<}ENW(T&OFq-2}v`5S0O%!ZV
zARfWMJ9k)BC~)Z)IJ8y6p&gx{umtlKKnJ68Vkx!Mkcsa;Q;Na@pA06q!kvb!?=saJ
z70v9(^qhGJN6^D0uAS!)C}!v!35RCZ1e_vj>7j!W{8$QWItj%MzxRPlA^y>xeYYHw
z+5PHAvc|&nF9g}FQT@p|h-TwLV{y{p!AYD*MjsssPAQw`kW(?@_@Hs#bA;9j^*{S{
z3(WD-!(W%_1#VxqOS8*w%{Zw=IB6{{+iCR7Z-^oU0nsl}&Cw9LJ9Sf`_9KVglhCQO
z%h*n>=kzh-{o*>=d08F<Q|APJ2aS5oLx;O>6fw_q^^IcA%p=TQ`F)3W(c``lIy*|f
z-w3Tb$Uj>yYL?>0;|IAIN(kJXidl|o1Tbb!YU)=5ozJj?!RFvoaVPtK4<4+`wqEpF
zz3S%K8n1H}R(f&eS8gDMG_cc+%|2ZbQ<l(0;?0Ru@gZ@CDOhB6+L)mgrWs=uzMur6
zi3`78^qOxmm>|j7+?%Zis%D^!*;O(Z(%JurVd)ke-6+Bu;&QDHw8S#z9fR-38dosG
z8cK^`>1Pu2OTrFe*2<q?ic&-{4Ka)&p<;zMHrc*3z!`dh`mba2zm5vgbVDp-p8u{5
z{O{V|NdKMEa-ZzS8obU3WzN}jq>0MEnm{L#|0Ex=FlUg5JOO?J>|Ghest9obHiB*I
z@0f+S0eq+&TQq$n<kcLs03>3igj|p*u$@+i@V|6Qb*O+G;le@y7#(B}+%5{aMxhBF
zU_iH&4t@q3kN}v$Fb=lk(1}t_0FeR^bp!tO?cuFv8dN4DAOGtCP=YAPfY(qB9?6D8
z)_!0a5CHCA0Jh9a|Ni@Z$J+A_`28ir$-8xgA4L_Ft}R>lB_$x{@~49#*#&G=NmclG
z<ntdBUQl>OoJ^cxwamRBdVXcMfaSeD%_ygODyWnbTm8R-D?D9TsuqJgPa1A+aZW{~
zuS&jHDYps3S>)|aECfx~&?5hYo>3v#Z2n;~hy|YPtsqa6OxvihW2B~lx7<kE>_<WK
zHLX)$t%PBkhxIe((6|14p{tothks1&R65*bsZ#?Q6UnP4pIDfFt7ChNR-Fy(4u1J5
z+O1=GDx^Hr*$dMB;&r0>5)<?k)`A%6YuC7N5W^BN)Ha1>@Q!Jw8Atn%s#w^kKy=~P
zv$}u|AcBVaP14b{CPB^0CeP>VaQGce@|CJHel@vuC)<MUAEk4z{YdgtK|HsDYj5QB
za#Z1u1-}b2@IZ^7rLiJ2BX}0qHmOAcQ8`b4n(u#VQYW?(sIz8mxw3mMo8R#|F6Umr
zsYIGtD%K2Xq0uF6xwkODs`(IZxi{cI(6-BCLRd@N^Qp8u+FuQcs|@1CHg$K~v3(%h
zF`h{FAt`u3YL%ta=jvBm)aX_!L9tu>RbG3m)v~YkSHHm4ZzIRQx@l!_fM`vJskyFN
z>qNs~MMssi+@ft`B7j!=(mRgyTUH3lw=2xRVIr*hh*GO@rR11hEU34ENkIDvnkII*
zYD`r8BU>uPUiUV&MnJJ%q)F%9?r6F#ov?^kXnAt(nP{`uiu2tvc4^W|q3LsC#jW~}
z4b*xfju<IA$kU&&4mTSl{ZLn5m#Fhq#8K&0$OufH!WV7*=soZ1{1z2s{K0b$YqaT#
zUd0d2BCf+asoOz8(FlDe_xObmWvUbxH1~0#h)&fAV^+2ZAL>Ewi4`?UOX|UKTGGL-
zCz&pheyoH}BC=TgL5O9Z!WI(({K0yBrHiV9mhM63!ETNPMZ9{+f|bCM7l9(K6aC~p
znC?ilTw}D{d^G(8wus!%5VY|!al231f)|3vk?AzW4K6I|luP{UJ+?N-Q9XsZ@tD2q
zZg+{=)YO<gY((lS!&#~=?Gfg|OPmv`t}exb-#|`g?>K3%6H_%pngES@Ym{nBidt@2
z@#E00@Wo&1_F)reP@H;Dn?2&*3GEv{2#v7Dd@dW3f9?`OFUJi{ywXwP)&~iHFdUJ3
zOH-nNYlj_eySlo7%Q8^R5j|&*H)$^iQzfF=gm^H*7%4D!Zx&2hx`#a!2<dBC(rr%j
zi&;jf#8z~{dFY8Cxh0HWkbvdw?TdinQZ2%<m%Ywq^wW?mT3=vy$~~`Y8Zy?jtt<Kf
z(=${OFW{2Tz=d72U>1X2RfgYhROD+4JU#ivT&pgg6U83o7rDxs70L*6l}mj&=TkDn
zLI^5VT0sON<kZSGXa<mv^hkV*DUZ#iP6A`ZGzH|2g6m=x)WQ-E#Wk_UBAi$v+q?S6
zYjUv(^0-jtCD4aKe@EcDk4eK5ZgfhRcyOh+J38|^OE~i~W{7jC>9B=6V6pv=9i{sJ
z*invWfiXKrmerQl@)jgVO}<0It0d)>EZ#8&r@H!~$wNNMN&HqJIqrdMC*;iaAfS2R
zMUA8LV35k$=ECE1GFZ22)?hC9un!#AZ-7A~Ak41<l%ZM)@Ch;OLj`66$ZH3@@MuF+
z0D5$YIcmZ{D8P1DL25#6B{uN^nc&NQykKk~Jz5|R!L|~YNI-&g`I`=m?;G+C3Ecmf
z75xSYKmb?u9a%zSfD5pL^N%~GF(3wv!RGk<g2V#z-<z)0uq=(OC=0!&eZQzZTpOGD
zOuYWYBI`A8nO{F6n8EZNKw|MesR$UuHT&$3ZoR)jZ`vB%Rya=rzgY<3G+(JXqRjG8
zhS-cVPq021iv?Y<jw)Ct8gY3s_jg0UQmHI;a0t$<dPHn+WumNLZCom!UFtTde4k%}
zspI@el()vOAhCwVvnjUcr^MHW@|w{C0;DINHvCDAU0(b^Ff`|8S}VK}(X8?j`omdu
zuJH@q79Za8Trs>+Afo9@p1bier@{5lhuqJ#wYlP6>e}eqsfFhCD4>Vz>d?H{_>5Rd
ztr*;l7>vv$Ke6GTXZ{)mD=8AV*#Dm&tw@q1%h?Gv)g09<I@KhksDnVVUYa$;JDA>7
z)XQv&@O9Qz?rxoB3|Jd&KOJ37OqV)%aesIT9%UmAJ}iiPt18Ts<FG?5TUsc+q23(2
zFVJ7e;OTOJu0xpj#=y6YFx7Fqq)Ty3zA`_ydep97QYG>Yx}`gB^jbwcYxZr8TC{((
zzyDV6PTq($l}5TgsK4!J)%I*3EMAJ0$U2}MJdBi_OiWWyim--q4M0;iysM;`<Dg=K
z<IG7=Wo<ule4Ww%DoltY`MMWVw$#@An@6%z0Rx$(Jaw-C5s4l!XZ(MeQ5bZu_wqL~
ze&^VGdCwyZ_1|l^F9{0vj~-sZ@g3~*&tfGD>R*j7N401nxh-9*5TAba;cxF2R%*Ks
zelCAt)N&Wk{horX-*SIH>7V9$DKB(479W`}qkn#?u%BD}!TmmYWW4<Qh5p6*nTd0f
z>y}mOahUPfk6U$;OI9I#zI)tp`QiKE)UW8<r2OZ%;Lw5%;#;a25DtZZ$vpoa)|vOS
zpYmJ!HVyo$E^YlN`|Ibi^c`#U`3=AP9otsyHwy$(H*g_8^_7*k1|R)o9roFlzjYV7
zrxSs=DK7ANL8aIer-UUiG>&iX+<O^cnRWPQ_Bw<{*f|F}KF~_t?Xpx!VQFmG(xO50
zC_fCHYehv{bi>1lBoi*AMRoL|$Vni{)2al)>kD1Sa%-u_xI_Ocb0lIzrbSC|qi5EM
z+j&JsRXaWC5$<((4kuXuJ=c5J9(0w5<JMq@#oIVZ;=Nn`QNusnzP0MLv9}c?M~gv_
zedsZf2;U<T;{oI!_YkSmeP^j1hm(G+vFb3Bu#DV+44yrvY|Fus)PHP!&<PHt%?W#2
zE?eF}E|(VQP$piCImPl^=2jG(!t|V5Xiy{<>F_W*_H{;-1kINECPc;w7h}!kZ>}_e
zcdwu&EasiS^EJQCrj-9f$>rp570%102dD%_3P1Tb7uA@HxmfY8h!^OFFlL=#CUR&t
zbAcNn3U~Ft3MV*TZ4?Q=h&Gux$QK^{^jPFPaD2%8Q9Snmash27ul)0vaCk$dV3@fo
z4g(c5P%{#vlW44plvxjjI3ncD-n#KOi&$9BcU~;Ap@avhjtRwP5Ct#CVe!V+zK5NS
z)<|LIE*4iC>9q9+5hn$0B$e!SS(2x^$7uMN?qFdwb9;7YF7~EeN~{T9?bqfonUT*3
z6k#tgm85XtM~<imxBUH`)HJjQ8^4Tdvj$vcA`3qpcfPr$2*2Ph$XcjJUvhV~hQu0V
zZOOsIZ|NXY=_D@~HL>aT$fAWm$}CkL2fU&#N-kKlQ5LR-lBlZX)3z1zGk>WvoCwOC
zW-V{c#$=_Km97Hj%C!pRNXBGOPAS->X`$l@N9)cFw6X&w)0wf|@5l}hnkS~i1RU{U
z?u8fomRJ{Q*w~0B)?u>krkE~DBIL%ne&ATH*0HNv7X4zeaf~DS)oWTpMJirFuB4`y
zhE!6EN%1$n7w8ze3a8AP$p*6~Gjg-3hv$$oqU=Ds6&X0vNIh6<iTa5WjxyGHppk%y
ziYctfg)GQ%oNziUHcQtmB$6D5gj2vXHcXr4t)G<HacxaoW#PJw>d{&atxa`CHM}@M
zeph=2gL~1#=4jZ_=i~&z9&HbLp$SgNSZAJcw*{hfg{r34_Zd~k)TbNf?^BlOytttX
zpWE+Fhu5Sgnab3G{mAbNc3<9F)`Wb?8aBC`>L3uZy=xp+hFjQ_Gs!5qHzoCbH2iFL
zDMv_cDu{)mN(@13GEoj$^DbFY6pWX-WMW~ElmX?|(bc;@fXLo^`^>mecWB}=2gdjt
zHX73~%5<9%qpmq2RM<y!FQ`W&T&`5Cq>8k^*c2y8OFEK~^RkKj$Z?34@#3VpFRws7
zOEbZDq-uP9+l$2Q;g4u_*NrLD<%!*VG|wBSzyn+vm6u};u8z&pKE>JKT%W9<NDL!~
zU&id<mMVjo(xy_yS*8xa-l3eZy*I($a}v;Ry+!kHbLaSX;I|x%GUL+YBI~UYd3MW6
zu}MK><)5ySDD@fR<a1ZTv*O8@8O{k@1h7MhVy|@eQa!3a9Vq;g7U3@DkB<qVY-A4u
z7C7HGcL;1-QH-bMg+%)e+SeZx%E}NgxLSf2kDMk>l(e{Uywo0TrJj_hcGJMx@0T0d
z3(W0_v#&B&CN=_<gfib)Z$A@v2ACdg?KuZ_D({rH-Jm`VE>!}3<8%lqh0o05PrOz?
z-cGzqKMqP`b0!#k-?+UBnV<TtMwd?%p3mkn681u~(g?vT?F3g<Y#UQeq^bjtFbteW
zS2pDJ5EhR%&O7b+(jD|I7w!0FT@e}aWWKV3`c>tNUg1*v7LN#*JPp>o^%9R9PYg*>
z@qfeaxkAeJ{X7TYHwX{@q~$=Ej(ZPHp%k%dA<VJP=Mn2qBp>at)ut_Aa<QG0;eyw4
zRy%`#ZtB=2sKU9jP2b&0Vcj6T+aW?9dz?+<GjNq*(ZIuhP0dY8+bMCWyfQ(lyW+&8
zc3r(&%0L=`iq0B@LBiq3?yP4~x63;sr@adPSiB<&=cYXGE`Ek?ds_v?=c0UA?K${&
z6;temY>SI-S!MM;RaNr0$&O;J&hC{a(`9_!IZu0OlTSd#_Ub||bTU4uh*;QJ(9n52
z>3^i^zWFc1j+}1I+qhzCu%|5b)&T^$KVa0FPN_;Ji366#yT7$Iy-f>LWWOp0hbmt{
z4?IibvAdd-JTViuNDa@@W~KK6r%evP-xB_9>urWMIA`A_Smn)%|32^pyJS}o^mPdk
zvksnJL9?=+ou=el+aE8TM9++vziS%v%(QNrI?~Et)0sj12m|uA{CkUfL;4#g)9NOk
zbwdPqKPpnhzkiTn^GnJ`<lBI9@~8VNr*dP9as(gDG)_oHPDM*tCK_k^&-p3v1oE<C
zo3<-*WF}6Eu1W#jXH4!DIq*%TxmQV&5QJBy<eK13uk&r#Dc>PY8x@*j5-WddIwsj3
zn4Bv<(PfV`In?DUx`CMTasl~qAjaw<*Mw@iollpXDe<i`LM`Y5MTx>Yx+s8<P|=>8
zs|`ccmoUpB?m=x<v@uxuV^kpvNyzwWO<p`^*|<tJ^zjnZEQlZxB<%|H=tfsH6CLm(
z3y^6k0i^&lIN|pa!UJ=G5)uSq3IfRh<YfXz3;=$B4>~}`hC0YJI_ZMeWf#8z7}y7x
ze>H><ZAJ+pjXjtUDe-t0H5eVZP;}_QAx~{4pVG+Yd^ee&<UzpqA0;aO68@WR#io$}
z8<H^w=Q=p5^WZw%tP9vNt-K2i%0xvqY}04%RiJUhed&9kdjcm72FEJlM%DdgiSwn$
zp{D-|$wZ^QI>=JC@I604>7*ZkvKbu(qmG(LrwYa&7jy^Fx)&3G3DHwHYz60zPP)jW
zGh(42E$@<mM2Ve}^ZQK{q5`T%Rwh2)od$f!ukg}x4Le7W8><>WD)4$+PWVwK<_!A<
zOYN@><0+Hkis9CH?NyWU*cNZLYl!PkLf-t(c0{_JZO^>DN@YXhzQE-jUe*teo@SOI
zZL?3&R+#1-pVD(2MX6<jG(-7CN+z_mvs*UxP3>%N3m*D`bZ4Wt)j5ZFA*E_7l+pyb
zv44p?=Y`1albdRaes?hqL`TS@f^&%lp0%%5P9Jcd9XM<er&T6P0y+ZEMbR=7p<@M9
z6n>0NU}eo6a07AIi;4C(+MZf18(}$ae<^jt4aq&Q?;9e2kCV?eJg(feWKkB5CTk@g
z{I>V}VD;oXtnzlGXyO;+Hi<NugqV+XPjH_e2qCVavoAcssx)-+{=u(TUvf2+aQgE*
z#{_b_gW$gS-lS~*yKBp(Qk3#sHa7cOs`C`}_~rdwu$=R=*F^nHb~-l{7>}BA*0FE1
zWjoNx(z1-F)1KqK&aTX5=v#biL8=BlGo=<)lM&K@*K1xX?H67h3x7q?<_^eNqcPej
zqopL6F4Ck&(dBk@t+G1=FAgl*B5oE`+&@lmG&-qnKufDp@koTyF=8tW;(MtoZRm`#
z5+t0W;I3|iZ8kd>bv}Hu@8y|Ic{&&E4^J%RiPGr|@YXX4KDq9PR}a(Uy{y(J&fpi<
zbuw1b80S@f#LsN2&E6DQow~X_nYywiCT&R^yXoNO>RwEo;kA{EYpQ=2((qePp*Z*>
zmb5M{KU;D+daFLXX%PYY<W*8Z@UCXq$kAB~6Iz#Djh&^v;P6-prpD=kthOJ5Q^#|T
zHhdPbYO+c10-Vew_cqe5|2enpqT6Y2eDk^>_QU>lZc*T7xWN<mAOPW`{Ku!BE<3-w
zkfUSOR7IKiQ(Ms`Xyj=@=b|S33E!<Y)1=1kgO*e5cP;2{1)xP|M_%mZF!f)f2j^Eu
zSovm4I`2|9wvo>FQK481d26$iPwQBP(CFGJdF}5y&H%@GDONk9q`>clK>UWl%j7`6
zguu?mz|N$=?u5YphCmSy)^b5wG(2`WW>g;7(`sF;JQ9ErL=T}2a}g!L4VF9I3wviw
z1EK~S)omPQ@S>?=S{zYr5m9Y7v+P64){2--^(^_baf}5B<!k8GCTEi#ym)b~FkTi$
zU1YnI!|&6s3oK=F)}mo8OVY<xbRkV1tXgtGx||I_J~cU6dJ5mm(GfZrvcx>H^Ej&h
z+jH;loy+b4{NDUp8dE^aNJFL_<g|@m{jH5eLl_=%_RObk=g!2NTKJ5h2Z~BtNVD^!
z2Y!x;9Sxqpv%tNj4d{f_Srlerc%YU_CWFRzq#L$C9()^CF(-{raAxwEnf~->Z^l#R
z*AH2cOCUKkXzx2>%o5N|Fy2(Lg+pO0KVwIECe(BfVTFX@)cP_Rq&~SrZ^troLx1HG
z^={*vRfh48eS^?-!~V=7>58E=*+wM0{NnD6wSA1CS<u;yx8(?le7}xCKkbsI7Fs&K
z0!g(+uf*|Fz8Fr&{oXO%dOJ1f-1rlrwaYbV|IIW)qzdj*t@TTJXRT0cbPvs^F`)tN
z-irJRr*-)n7lGR`q)2MWur%SiGl|nFNz8iAx3IDCFA*+_F{y?rGKvrsy7OTcHrr!J
zR4S7np`iwjsJd3;pbsf&AwV^*8cqod9S;fCw}Se&hkjEpLB~xT6hpz0&||6r;zk@V
zgNSop8)XI<`AE;$Chk&T#0;$PulYX;4v9OF=-K(`K_t(o0wU&^I)8mOfk`eP@?`r?
z3eKhRv=ixmG0%91`5VrHmpRuLrbE4<j5h=m?{6a?49|}}=7rVz=f*3`MIxT(J1s13
zV*<G}OT7Wd68D|tNzbrJ&ymt`&-$D3&!9=}pHM@Ntp!E%mt**oSzl|DD2tyIgqd8(
z^ru>EhGli!7<r}FRdE7Bq&^op7dqDKm;*|`A4H($H>s!cCLG)&vZ+`%vW+0dzJQBT
z_Xv|D>?=8DWYds#<$=HdoyMW^+Pp%8sc0Bn`hiS`A*CH<;Liv$BMq1^8(Oje$o#0N
zwS=D`02Dy<=tBMj^OpwQq4^Iol>|W^j0obxssfzB^^P(@azXl^wdhsuJVT~jC9(tM
z@IT3CkD=GKZz>g2Z#hx^X&VlL1G3Wvuo#fpRRa8@N$YFG-Z^E0Kz>OW+}Lrg^@aSN
zNG4-f5-rQ6m}!~!ceG$SYC3`!8)tI>vBiHxSJK|ez;Xq*DctDN3VOtEt0*P2wKcXj
zD@I&clp|M_eA5*vXRl;0$8hqX%i*YM)V);k*i~up@}faW{7jY<GJc{Zy!Rin=FmaR
zDoc+$aMpJzbH-&r>aqly>)&zI5|968m1nY2RBqa>yJ%Vu_7|%w$)`No(I$Kg^FGgY
zWBpjd9N)Xhh)~9ZU_1N%o57w=AS?tdg81Xj{)6W3Qnhp|<)6<!%%U}ls|p;U$JD7W
zb*A?L|9zVG!Tph8qd6~~%1TbpTC(}|gj<)1sUlLU`0@l)(5-ws4ojDl;P6ZFXaz&2
zF_`0qNoN3;Nu4p6BJHHxM@)S5$*HLc>CtdR#Md}l-;rg|<4XLcH+TEEoxR4C-I9;6
z_BsO)OWqou<uFW;$TZ|`KT3Q!yf~9%p*9~*1$=z8#jl=STADOr2)mp1DRqGxBwwyh
zrPjYIde%F+>0bXB8}l}i&^*zLsY?qN%iQe~FWTU<no;!)aBLL5pUG>_*%yIt>thUR
z$uN-UKd-`>n?dr;H87X3&)gY_JJNfuYnFjOO*IR7P)2%ctM*(=Do^})RKwJJ?$IGs
z*MFXO9}&@58NDI48QUS~>$-jVd~)r2UbuDZdLFq&^s)cC+;$%v_!PLd+w=X7Ub;QR
z3m&Xy!)X5)d#fL=Umm1o?09fAOG0_OpI8qXTf#>u#Y?MtmZlI;{YZFmjL-*K)x$yS
z+u7AaF>p4ocBW>oUo@wruV09#0wwc5f%{KTQ@Bm*kIf-2`QCprbN8;fn)}oGp!bM?
z5HT0{A_1=8#<vLTF}fgoTtRO98{?q;Y5!<D1cG?}56vHpfC~X3lBObZNCO!I>@?fl
zW%1Ip*Q{nT0;T-FmNbK_O}(}DY2~SLOY#;d<O>>L9s&qX{JTc-XAG)*NMR9za|*|t
zFbjQ7qvLEwn8m$7t(^Y{GcEIwyZb_PHFLMDeVNE!zL}DXeQH`tz2%6NvFA>@GQmR4
z_A<Y1(U==!P<vE{*2efJmOZsGd+xhorLF}Z>A<Jp)Y~lR)cYYx8;<=wXK6Xmh4pp9
zUg6SA!$L+2PDwvj<Ct1{gd|T!C-DGso18<~)zz3Zsp}(~M;Ib@X>2?GN7;bICUo%Q
z_0jp+_AY1}KPB0IojdUY8v5AQqQPJt(XS@6ChuCPD(zSxJlz%k|H9Lt$MjmPwEk1l
z;y`rTyOcP<7dZ(oM2Sm6$i%>b!rQ-KzN0R5H$dU=I`(9{@Cl)mX8~i%uKeSo(BM3#
zdtIoU=YW+7nkp+m|JE%aSVi?*K~=kCL)G;|v}7M%$weyrRyC5O@~>N48S&a>y2U|Y
zPH@P+VHVR9jsU!$oe)}-svQ%2@x0pn?F$HByWJ3e@vH7@KZvNaL%+cZ7JE50q6m16
ztsp*+Fvg3tO%=H#%8@GgNWpHkihz5Q>zMR-1D*V60HKOc^chs6Gv`g9p0ba_KBe0t
zl)Cp`%Nvot*J-cjXv>>{D~<wY8PbvxIJ4$^&DDXx_DWJ$07wI<F;moL{z&=sF?v6h
zI~y9c`-&MkI+pbeY!rxsB*_8;(*D;!p*m6Zr!MJ=!2_F7e>A^nw2B`s>1bCXN;xCa
zVwUWnFw~_5E`?#gK*I^;uv;HuO>~HFup2RgVFOkPOlkv}5t_kNaZY4nH_XaW**5U7
zsmS+IBQU};WGRBOX^|Th8pf0biqu~BQZ14xy(82-*4KfJ_?g(N_B%^VZ_Vf~3PO*6
z`lwVrmR~TX{G#tc-rOs<lw=FV??E41!w0BN-=uo9pU+@T%8{ze6(?P!FjGF_e?uI$
z;}-*U-(sRVOW$MAPWpYsDK>YzNRKV$TR60z@nP^we8tP6`>(?oQ$u|q%(Is#C^>ZX
z7~Yq`Fv})HS9zwkv;&)Vp#S$>M(zVcZNLQ#0|tC6O|S;`ch+2~A~&%GT2o_JClH!i
zX3+uRi=!W_I&x2~2GK{R#d{WqirUWL#;mD>dh1|2IW5>2?C5Z#t^g)gCUmgI7e>Gq
ziVcGw<nI|xkQbsy;(K_CkIy6SoSW}#_C}nHHDVoWBrqAMp5o(>jcHHA-z{;-y_>Hp
zov&{*8=mbIqx;4SdTv6mv>%w9TH<F_9mV#@9{1kz>m$#G`FHI{wv91KS#y}Agk4J=
zb_qD~kBt~ZgbsWDT^fxiBh-&5m#f_TL_b(#4C)V_>6Ub~Ep-*ito_%<P_1>>cwU8!
zz?U9KTm7Kb@JXI@9^7QwWGbf7h3l@sNMG!&Zpzp`n6(y}joIcDa^`Ma2@8q0skP)_
zcUa&5>G(^M$X^6LA5!}L{Xoz0=B)~Qqz$j#qXdT10Ikm!l}E`RmmDg$-uz~-OJ{+F
zKCVitR6@2J7=4%yIL<HOOAF!+rL9`ZoSxRd>JLIx1j=&Ey!&tO9$v&BA0CNFc)VBC
zFhPNCLn8+dT)_uETe>7|*U<ruVwM8dk)e|7pX59iX3C|mOJ^54|GA6OVdDX5aocoN
zSF6ndgyENiUWG*%P*8+Lk<OubnYcecN)xU8cWi$Ni7*SwlpN+*Am_hW!4Ia%WajFH
zxT$V<F_#u}8p?!Bg6)hG%ooC7hl8H1-JG}+N9;f;f>Ui-*wWaJ7w8?OXO+ABKGX}e
zv_$B0Ef8hN81j)mOC{fv$T;SSD!g^J8IGGio>j0Sb9HIai6erxv^tC`=}c0Sl%y7}
zo&B;=5Im4q5)4WzyF2@0EhiLqgLQB6mCzvlm$b#FGmCC9Zkr88o2Bs>w?zG{Rq{bQ
z&b!mUyBMi6KuXeHlxeS%leWOz%kiAC>X7NNe$W$2%tOw~aTxG%Tdh+YPnU4*4JsR%
z+E@-`%5`!_I(he&56o;6-$>KsGaGLG$a0rDvuR%&;=yLWZTMy!1u7+d(fEE5QQL;5
z3GZ{MTMh%-b&3cfxsuBd9939y%$+#LRqy(AiU>@T-34<x-|y77TjB(jkBY|)XA1lh
zS2nYbLTcMx&s&&Is=g5K%@O?`k6NV&ADSam#U9)_)KACzDSGGn&03{~nO<_8WnZT}
z+L)`#D_sK4qwB_Xp7}*us#YfA&Tks=mam_kM_jLeF&xuuUY6%Zyfp*ab}0lTNyvMJ
zb9m=u-=T)Izsu-a;?}w^53nW9$wu#I&dEewFKaqQzx<>i69py_fSn4x?j<y^#a6IO
z+J-6R4bBz1RdZ{#T;Sxo4<7qEMIb&G#Tq;hjy%Bs>UcWolx)O6``jVkerz_bJEFSg
zH+k5V<B;(12q}y3?%B>RT%}aK)uvN40uFpHYcL~T0dNBLY2_~6sleM7=}jHc{K8M%
zqEokoi4zbd{hU#vSEu%Dd+iWkJUzN6=$fBA<|mM4&3)!#o%G%^K4!c3h(({DIOb0%
z;by;9jPuBVFg9E!uian-TiFVB>IMatuuFQu2PA{b*W-YBBl$al?(iRdP6C9Kd-?wl
zP45^TN!Rvocg)Eo6FZsMwr$&)*tTuk*2K0sv2ELC|8u?f^M3i&K3A_^T_1YYu3h^)
zj<T8pfC1#i0F|bG<N#`902Su<3hyYNX`N|Re`|l!D9}CDV-)fp&z6iUv!XG7(b6H=
zq{&03dahQrW>m#uQ*uJ3erWa-hVyhb)`Y^iapZ5vRPrl$zH0kw6eKg0Iml3m^3oxJ
z`8r2pRbEpPasBD+ty9*98`^|o!rF|g4fwk4@r3n?m;BUK$kM@;{{CC5L<=a2EhS`D
z*fFOqWecaWBjz>D@_Ds~Qp>;mqpj6l{Xr@{G5Wpv<mp0Nr{u7k6ZqBr{VcuEoK4Ub
zCkX6{EE}Ax9IjAK1?xg3K0?_fI_Cmz%RJ=6Qf+c(PV*W%$0D!4M2kQi=OXc#FTT4J
z(;Js7xRd^r9d4{(n+3L;{bBNtlrNW%R)q#DvNx{g+{MrGY}x6IrA1mEs_F{IQw`rM
zCWcI?^h;YVX1Z|#_0RB>9FaRcwDvdwyVrnmp^bn6qp)*Ci%#I-aux?$Q)GsKzS-1d
zW^smNPdp9{?_%%mKh=WB&3`GSkpuBErm{|(mW=g_j8Ze@kv3z^3SJIN19aLu9uMxR
zZPi|3cHRv+gv+{A?A4LJ2SyG{uTvh8FXE=Ai4Bxj42%)yn53pG!v~e4FyG(HfuJQe
zZDK#h`6FmD9LNW4oq2{e=i-Jbwmu{)OKR%9ERmblRGX+Ys_{G@een<yGODqAlB<I=
zKxXRAyB&N`*>CE-Mb2^FvJGP#?hH?%)tOXir6aa~P>FrFkiQU6bqh+f5-)UHf$a!N
zqt0jGe1F}xFH=+Dy6^$n@3k6(z}B_Ybv&9*YBRvZ)Ix~886xO=tDymL)OM5O`_(dj
z?LH{b-|cBF^fXSryHc~%w^&)Jb$M9;Z@S(QmyFuHO*~`QM@@B({{UtnccY>4eq0-)
z{etNN=7?4}-MKpsWRJ9KD=r~S9qFFy(9adnTncuHfJ+H8*Vv9_ah01J&gdW`8u^aP
z|Ki7grSX4ZV>r2)XbB_RMpm(+TPl=E`E&{ThcA%?9udxu8N@DYGD!ubSGUjiH5=p(
zOg|K`GQv$@nFjhI@^5`@7yt#h2?VV4bLTAr)M?!KEiv^u0VzAghQk<O&qkZyaWKvR
zc{RGg5VM(xIzdJWkDg8Bh7X6iql*j?_Zy(f06c^Sph25!NMY=V0g7(THSV4>XBF6w
z^kn+WY1?H~Oci%cM9i><t;r;p{#=y0J!UekwM$roxcFJi$i+UZr2-Q!_0DGpHb0%$
zs}qu_eJR5q)Vk0ThK4#b&@<)nPNq#VheZq3lvZ+|Ev)_{D~_$c-f~0Ta!p$<zIflb
zds5Mkp)Sr#)!xT~-%h`K(=B=r#Du@sig=Qdr5%eyd#Cv>L-SQsj*gd+rM}o9L-RtC
zg+eC0z6`drK=H0bljy8U*Mzy@WDl}Tw6EBS=?9yWv5$%J=UP`9_vzaYc$6!)>>2@I
z`D5E9J67}0s^^Q}<vG_JvYO9x(uGr6($Yi}vEk+i`Be%UKEjwQS{7jMRVe5ag}Y)p
ztg&OIiG-h$#sh?(i`rA%^^GP+3O|k~3We%ij%KISLyzK1MGfQiq^%0yO%my2Xa4o5
z(L^OL17Le{cR_<yVq2wmhc<)yQTswruF?h+UXDAydk3>`r?;9Mhex{4XE3J=72J#x
z!<l?G2L>@)3gUA()lY+?SzzCN&p?BhglLsojnMOJwMc|ukxd*?N*Wz7US2GIMSG$u
ze2~9@uDmMz@H99$(|bXhL-r=Gk^a@jImm~FOvXnhdVR1R#o&79tQY*V1=IaS2fnn6
zx4+cx>E|JZ(?U*vu{kYwFt2a>2TH^>vD~hc$Uy1Mj^h=D+u(|;5%TuevsssI57XLU
z%d+$OPL*iPr`VNfjJN4SXs3TUeRR2ALONfP45<qa$5Xy9`{BxYT6<GAeG~6Y++Q$r
z4>2=l<wcHFMf;!-eU)rfp)llI)MH^Ue*{s+u@uMpA#&`ndX+3Ih%p0&CmynQG-DR|
zCnB<U5aS{F=J3Q%Vs>VQ2{m;^I8_z6Zb1yNC@B8#wIA(0DlaI%VPCr06yV2y6T={5
z$JS4P40s1`0!Yq+GQiosxoAlr%(ZCZI|e;#{kiV!;tXAjDDF{9`b8|Er-X6;YYdD4
zB}kJA2?EP2qSsOk0T~0yi{sP+{Sr)PG23dnQNan!pV0d!^iwTx0QbSgGt0R+8)|Ny
zQ|taun4G;nOOE$+!98o(`8`o`Rz36<<gE{H=^YK)ku{20)YdQ?ny2kR?lUX<^IqJC
z3^A5pAkEQZ1cKcw`<N*Kx6~^<4vAQ9@54!Kc;&=QGM$EEph-t7!}?J48m-M*uNHg4
z_t9x5`L}a3T(*OHA*rVw{yV~X*`-0QUH4x=lg<T%7Hr)0iXV5x<z2@c?s$r=oC~49
zk#Na)?gy;azt9T{j)9*VSMXPf*X!K!d3L0Qc96w(%`yE0la076Fu@%er&j2ayYSJ1
z*{^Efu3MdpbWNca$uw&^b*W~_o3?Y*VVQU!{pdH!{nR17TRa)mUo(!S*m|!N(=UYd
zJ6H%K7>pvA$O)xHlpq*}GI;;D)6@44<bAi=<M6!kFed9yFDSN)4M2PL!PbifPG7$#
zFPqhf?)rt(%DXv!H?`Al3X@;x4#)M^&2zx=!MUalH?qrSKcDRjz(odMf$!5+TS!|-
zrBPKOWpn=KuhyX;OI@N_|H*TNd+CBqN<J)<F%7T3+v(D}9CV@mZmJf?!)5z+;pIGi
zC9dS<;&axpzNzf#0`joxZaGa`^K=nW)hBjf3JjB+tN+#g1nO&hcfsnnRKr}g9E0BE
zl9jJs|5qoZpheb_LCC(NrNsGpG2zzg+@N7~$=E%7NlxG#J7Xz!BwUj#XZ!@&ge~<}
zAZ?&6$}3~ZvYW|%W&D7}eg#baoH9LPDU_uu6U*#!g->^TaEecNZZO}sQcB75rYhXG
zlRNf1ewk_#F+CE7SaBFvmN)IfEm{=43F1O%d5(31?QJYP{yf?E)*rJu-+?_;EZGjV
z{cT03u8@iB8*Hz`fTuOk5>xH^t6}YkMZ}i9VFpiHS4RsupXf4ZHURR1h0DXa+C##0
zLS$`8Cq5+BuA$fsk!x`PFJZSk@9Nqzp4*+wmmsHy&o>~qT|}`_YO6~0@nBD_x~L9c
zLcKIo_hLh2#Gq_k_lF2KayMy6e*nbj^{2RM8IQ)k8G6MZy0kDIYOa=W8%91Y1gwFL
zI)Q23RP2{e+Ek5;cD!@FB>HOK__F7bN_vLHg8aQ$9j}ONmR6d}u0t~${qW`$&+D&%
zF1DH!>=UDzBO|bmyvc6JsUyg4Au(%0v-zN_dqQyQeg;DQd%VN0FKr@k!_Lp;f5bUR
z8~pgw<cq!BIr;AkWbq(lygBw!Q{DHsQS%sSS}?FNvnUVI)6GEgwBlP?xW&@j7#J3*
z{YCFZx|$UD0%))w^I#$Q0fqv7pBVuI`}K}hud}h8tI2L-`x_5AcV;I*2^oY!D@HQx
z*zax0l!?(_3QrJYitOK{K(x^6an=P>lC#(<w=651@nn0(b<MAZMK9mv51q+pwYK@8
z@8Q1A#IxG!+<(KG_O$C7#=nuHUzDAOou~e17{?Sf?86m!(8x*fc9+&^c_@HP{Bl2U
zz>Dh2gCQ=M7nol$=uWEG1Q4p%wciHi95W9ckOJd(R@o}T4gd{0Lr=!Y!vTDN_p-s?
zQ1XLJpaUW?cenv2uztU+cs<Afox!hWaNqsPe#HNID{%hvRuDs;!27XpC>i>g-WA<D
z%5naD3II>iVAlXiau(5GkUfh0)*dAv7}@4iBN`iXXiy}%7gmCjQH9oPWrtCxB|;Qj
zkdFznYZxb4i)zrws{SyBQ&7!KTtxGD^^9uubBHsgrpF!vv>6k!lL2`3+d$C)Gur=9
z&4vISfEjUs^!%PL0D~sznbhKz4*-u0V8hrU0%Rcpjxq8;00=OC<Y)vBL@gBH(AW&U
ziHvbBAJUPD8hZL+a3Kly$qWQ42gcA+Kbi$y!XGK|p&Cs3_{16mZyu_Owj$_w1e+-}
z1dztWHB*|q4n@KSCqL!<OP*FlwnDVn%%T&M4rH5o-zJVRw79%cQ$ws&C|;tPDVseW
z$XbEz7behUCvdcse1~H9^o+-`8GW^Uj2Ow2BUIR~A+Zy<2SkqRhh8iUjII~%Va)F=
z=OW{7Geh~87Uh^zuRJUDGwyXC^)nlU2&us(&n#MKn&U#>A*7DhenaM?Q3g*Hcaahd
zDSDa`oDx>>w5{o^QD)D}6v-EHKYq?!fnyk1AwD6Ot@l;jj;2LSI$3_kS)mP0>u^6V
z*OL?#7&%0pU~g9!6g)}ix>+sHt5@iCq>p}-M9tS>m45x2p?)L*0Z(&pY@g+Ouf!5K
zst^h?oWFPh8l_Xgfvx}X3OCB$dm`d$iw+vK6&#k_YK4;9hr#p@0v5Qj!x)^Xh6p=w
z|4la?ep8%;gx|LxU{TjWD-ak`A?(=tINkh=2=u&E<d{$xdI^($-dpCS@-OM4e{y1V
z^5_r0i3_XFEcutY^*F&E1)SjIiU^cpM%Y4%U~6ZTt+E0UO6cIyax)Yxa7u!yQWAgF
z9NS+Ntt!35s`lt)a3Q{BwJ(9g25$g##@<ZeONd0?bILDTwj-8<yJ;kx)Z=ZWw#u<q
z_!8}<8T+;uTpC@0){hI^XsJNEV78IN*EUk5NTyer-)N@xOFNlAU#;F+zi91VjW)3z
z+ALsp>-F%2Xpuu5wWt14JDjqAZIsmOd~j6O54<??#*A|~67M5E@N#++1m!i@y%AV9
z^dHhjkMH=<+O@e{VmqvwGwjwEr4pt(huCX3L!-4h;h;W4H%CVBl^xJiPSvQGF=#O&
zMA_0;{OW=kcqOEHMTI+lYwb0T#ovk>570xR{ppV3K=E_8)eGx@9-qt?U57VD;Nm58
zxZNwOIC}OjLeD%Y_P(9N4^P0w5pWH`kp(t`sgijrPdWk8DZ<r35497T-Ss{_2F6*)
zlPB7xgE8h(WA9Fm-4@54p?MV&Tk@!XHS1J!V$q-DE7AcI4vLB^EB@X68t;UIOiFw=
z&r2&U{-TfX+o+Il7bE&dR_+@?>sd2~t?-s0@1(+1O!Gw)`*X^#hWzwZt&jfBBj5Mu
zBDDpwd?GPwpoeY(ZRXHmf(J)^qpa@5@h5sWigS<W0Nv0bM9{dcLnelOn<v4@Vf>xJ
zRN5cmx5&G<u!pF-7@|2Wch`S$#`sA-CaqDjf@>~TJ8E-L*H@s{HL6{N)|SV}YayMC
zMVIp+IM#66E{u!SBkOO<9nagW5>5M|ua^xZf$XnT1MF>NQ_M+FQwSDWO&7x@t{*vF
zwCh*Twp&)1I{n<0z?-?adY8{fM{dVIF{Nt!c}Cg(k+J2?^s!s-{{>$JbL>`b_;*}K
zeMe2$caVu?h+RX8eup8^WZ^T*@9!A;FE}Q@<2WNz?0P<v3$+WlQ;k&}IrURP;*Z{~
zD!e=lAR3&1#FP5#r=Qs$wHsD=JDOZjXmmjKRl^G(z#vGcZ=JE14G@M1&{;(pPzE%j
zm0+wf@Y4Yr5doj8C_?N2PFN-QP0a6$^%}Gvl2ycRGMm)|ku(Fmk>5Swgc>l+V{+>Y
zfJbu~#2W%cg3KH<xL3%Eq={X(h<!)uf1^^-?|A>O)cUWi_%9-bzoTK```m#+-={sT
zKlnHW$F&SMVPp7>z<&?`o@z%k0RXFCq_)jW{5E(HwW<K4dYAw>z>7*6!OG<KHTfnH
zS|1r)3Y!1B9t7-z)Jg)ZX7+%97ftAE--;n1$jy)vjR)OwZdl(r-m)O^Irv`9obWQE
z@*F5}mkP|JVR9KgMi31%p@eZ4BgnTi38NB50?(2Zb*rr$8cv=NTc>kFf57&=&@~yk
z3i&ct@Ky30@Lm|FW$L~CMZVzF#5$);2={`epz`KNIruhP0ywBw#wdoi{&b#4sV7TT
zhLEVVX&3C~z#|diSCnE4B)~6D$f6=_R|z3l6(m8gu3ZgW>t^@78A(Qz;G2z;%+FLl
z`LPc3`O$~pT>X~IWnJ~ix4ho}z?XWfl{ZxnapFt52J86oL**@zd*!DonFZByOOn!8
zCwg>SUt~2)d~@n=a1#ym#__49q{zm|<HRsdHQStxxnA97?KJf;SxK_Tqgx7U!fa~f
z9}X>Pm7nTro;|kID5@n8#h<-jeJauByw0{PgeGy<PX!o`@p{e!0dpXYd5v@nl1+No
zEoDLN=!r-EPR925-U9DtoE<ZDL8>!3X#ol(%y4U!IiG>-4|G8uPsV?ts23W1x$sfK
z7}{24;$==Jw+cu#|Crji=-l!*nYjHhh5P%H+D1*h%g}x#c)=VCjt2Ydlem*FKhA^g
ztOYiB!Sh!SDy)r=6idV5UP3{iOH&vhN?VMq`T0n>)(EI>oxQi=iR5_Er%xTl`9E-o
zqP7<S^K)T~^EYEk6DDbk#c#PlKynW{%5aY*dB41(KNn6K8AKbZ)h11Y6KZQ=GNC3C
zv0vLpZR8t9SetaB$6>_dM|kNDRV<z9c+<7cSEcK#LOYmK*SR@El`z+-jsruLYdGrK
z<%$h6k_2i*W9aMzcfPo%ur62ga%VX?QVh%RqgCiZu@%@59IoPr`=97NsO}hwuNz0)
zq2)U>6uPgl!WZ&lH#yv7gP!`|Lv-rUgkpjbB)CI*C?fxnETyQ6<WI#Y$MjIrGM)t}
zxtOui9_vi62tNqLp912zT~J!wPUH3x+?`OSUBv4q)e2iDEy=stl*De8>AtBM?jhz0
z%IC5w#gE7y@mmhjTTIDY5{bfA7o;L})k5aONHdh}LWK+_6O@ryAyVUaeQEoQBG>;z
zS;nWo;h4kXLbnj1h(c$Sng;d~b{Z8idk(qiJ&kOR2z>bny#-~8ue?U_TUpUtRZ08y
zn7zVo@mrAOy=^a+h*-sl77LW)LvmV1v~+I$=^`#2V5SY-&0S-m+Z|IV%J%b&Le@##
zo-Ga5(5tS{Em!U-`PON*f_6;l3um#L!jI&=4ial8&!#W>7ZJ!`390<8qL_4x-aqxn
zqfmdrJKOskO-K2o9k~DCS&_KXCj`?sBFOguEB442W$8)&cgFDV1j|#jW}cCm>H<R5
zm8(3G$65SQ!WDP1^{>!3$}$aWuIx%T`2X3^w@v8F9S@&3owg5TaTfWM$}3dV{>nZz
z9Fi7zi@BZ>Xdug8&4Gjz*kB3SLjlV~HU#8s9HC&?Twh>}U)j^q$ByzV5y{45>lw(Y
z#zv{H-lFmSJ|}JfqwOg7r@wDe*shXNPwF5Gseh6=vf0>>*+jm#l5!j(9Up8B9DRwd
zD#<>rOxCs)Vg$b<$hGxlJ3wT<!yC7-r(11os8lk~Bgwsnavh?uE<+ombF6CYA34wu
zEMv?44{7O80gFVpuOAqmL`7D$yDGUw*K1o(jEH!r9@J~5=QsR6D>}b9-~qh=TnKYV
zqZ#!7tmwXA`qhXe>Vp6+kehVC%Dpgz7mS~bV3Ix;SQO-cPz#9|L?cwMo?y}rHP`}3
zZ?1vPvMFUA`8U(@C+I&bdf*7`PBQ@7y&5zIB(JhIs`WRR6@cIVB|U+}w^ddZ>{qvg
zGJ_WFrVo)?^#vrh0C)VcR{*xa%NWT<V-l8S-d%_WaHiAa1y<{N&vu1%U|uIdeV`?B
zuLPMMOT)H25BtsshAk8N&+-cKE(`RpU&HE2{!?2TO1nF-Y&z!+5f)mS>ZTS|Kl7^a
zF^ikGbmv@(2<%ZUd8?djBPtQ;8(8OCbQ7Bqo(M!oYahKDALA<@$=Xm!LV_Glmzp&7
z!6q~loc|sg_H&R$=>Pv(^ct15fThU#CG^=Pm^&_r@XYO5Zs>K4`Wie-S8i+cu=?oI
zZ+$@Y72aP~ED3CqT9-G!5z|Y1y%?Sm4FYg&nam;8@NEdA1A+~RpsdB19G3f5EYf(O
zcW^4f9jEfQZT){#3kR)jp37aLi<`sazL(X}Zywz}_CZnogXHferl2v9vEK*%)xn=O
z@sn2ETWdT8Z)?<aKh(7O!6j0r3O}BGR4rm0Ju!ofA-@P^nU<7gObat{o!R=gwI`ev
z%1XrV3KN&f{ku8IFJeArBs%jI<u%n5b>xWezw$y&b=Gk{EF=}^;VgM-Lc+A>QK_MX
zW=d}Q!vxP1-)Xv*_OAKJz7!?tV5qgkXJN*vXQ9#=6;RXbULAH|`iuB$Kj5pOU-)wx
zih(7UZRWg34ms*?$+E9?oaLME{87&wP#jqS$e58qf=2$PCcpTw0NxXF^4Ox{Bm)e+
z{#1L@f`7PHjsMHx)2#~>m$@k_*9B72o^5~d&G*O{27clHTlgsLF6hDk7LDiemI8P9
zmmhMM-}ugf(eQ7+5G5woGd(!ppXp1ZRs+@SWPnt4-|li-vl$=@%kiSp|HS4mkGR#q
zR96|`8Zi9}4eYZc+0<gIs^Ua1=Nn(SDPsH&U*S95{Ki+<=ud#QOe{h)+Q4P-M~+XZ
zp396cGR<%0Ip0Da5Q?7VCz|2|-O#rz9Rqpd5eQg*sM%2mKB?<&sbLNrHru|6$EVOd
z|7NWAB#UvKM%QEFbnX-o)fKenqoC;9*0Hxx$`m6bVRngqj!kn&bE~MuJD^dd&8Nk=
zQ-)7pf|cZ8K)MJXtfCq%%Vou#K}z{I0ZrZdqQ;O=`waDg+a=N#i*x;Aa8o#&96(%H
z(`?W{;fKGY{wau79F9+-$6mzj5IP|i-*7h!g-O-bf+j<h#eInQqB-^htyWq~2KOC;
z17b9#P;YMgU9R77EJ{{}z8$D}7V#v7@-<|v?69Kq;rm9HkYw<U$I%v@7=<^I;+7}>
z*4jMnlyOmLH*gcSp{*;cMjh%L(lPX236J2VsT7_(m_m8lR~NK~7*BECZ0YaFcwpWx
z6V&Rn5ckrYVZ@!#Zvk5p8S`D8+yvdD>Xo2~V1OqhCwp4cOv_5*vvJ#-_cDAt#A|$P
zvNFHYz1LTi^%>uYDhjMg;+r$*inOZw3!tH4v?3NnDL%6tog{H)I9K%c9^QjJCaZC9
ztn!J7)9L+5D=*&WC#N`Ekpw1j+GMSJP~%l^0P{w<*_>&hz7+jl@K^A`xmZR~k$+46
zL6mmYmVn|O$nZ>iBZIQO|5EZ3dZr#kAV8VCIXS?us(Ee(6sED(A0@)?_iyDPMZ_XO
z*rD;lG}Vq_041faNEh$y`FjPbg5`K2gx5_{s)u`7Enz2qv7fci@x+8p{b<Q#*Yo>3
z(AS4|ZgOHZy@APe%5o}e)=*6Dxg80Yg(Ea%?iSM*6>_h2p^Xk@-+SO@xm5a&r<J>p
z#q3eW)qXB;HJiN;^Lx9dqt)}{PK&cM{-a^B`%zFSLUfxwpz>FS#6m5@jZdc~e5DWj
zq|jMHVhmOm(T_)#co#$O=&9;ss$;B4)cYN=psr*`n=E!Z*#)?%HV;Q{no9A$N4A%0
zLzx%rxy%Yq$1xgDryqG_fF5@pn)2mFV5i3p#S<&Pr^o1xm#NL3sKfR~MM7%zwtZ1I
zk$#bBI-Q*Uz+S%RCa^VyfB2#o3sidD5rM5Ty3tj)qM_x8N(`H77-RW&b>aRXgS|C<
z_K{bBRh<oy3x(l%_k*@+%)<z_VeY9r`rB$wKi`x(*~f0QH7lcMo=*_rTs8WcC;{2g
znJ9)?zOK!zH(eu28IY?K>x}IzBKi@VD8jbS6MFK|nNyn2F2#YZ&uRVR)$0)2(3;A7
z$PQN@1tjk&x9)>sw~xU-z_PWvIaxs61tLBzl{$<sok|hhw#m;jt=SYPY=>hjh$CKj
z^+Tt<_vXV0sYP9~CCNn1PH^&c>1C{*YKu@D<M_z;k|V&g&Fy}e*L+|*?pC)sTrFSW
znaD^)m&n<(*flRko#(jDhID~~*j(FxnB_wt1j={fL5|`xa5;fPY$s{sOmZJ*<hMTS
zUJ#VnAWRGmr$4ZH4OQi`ta(Yi3VcM4Q$UTX_3G-NyR()F8tl%^;g9L!=W&p(jLZ|r
zLp`E78nrZB_5&^bsRvy8qXPSR6%G4k;ocfNllq~#8m$is4tDZtC|#nh*SGxF)R|YC
zyMl~e3~U19#kUoYcbH?1Aci3fBcE-9oP7iX!XEsCZw;C`;DM<bYHm6&{$&J{ryOc7
zb}L(cPGid!{W_ot?R|k>+wyXh6Wb>4)H2JK;R<Is0d)JvoMo=lF)KU{hDoPuA)gO6
z*j1?$*Y~?>55OF=vdTE4pb8lUQ?$Ge*Ou*_4sS-OQ;Z1$TdxnJ5Ac3S4DwLN=^P;3
zNR2Yag>GHJqg}hXQiuf*K|CV-96vNu4GmAE7Ir-q!0hcDc>sO3AaX$%1Nk5d0~WYE
z75;tj?&4fG2N&xnk&?2~zExH^G6EQLT|;iT$CBNjM(`xc4!}R0zcbxF?Gd!!+Zb_O
zdpr;fLb)N@bY%IV7YKsk3#Y{kG-4+Xz<9a*IE8j5_*F+CN&;Iw)ovPM$GV(1E;WJk
z8de_OSfPCzanSvv$8behfUPpFO!g(C!jaCcSh6kfA%gkATViVR$$+@S{77$(N@2`!
zdTGqCD+eA_p8=noaoR7jsI+iNw!i$<4+rsrMnt3+LUUJC0QSxHt>y$q#)xn@Q*AGX
z-%0@WH(tjf9GuXH3ajXSPPbsSjjTd6FU&Z6M&dEUOkQ;iq}Kwb)!y&RboLGh=uDVb
z$lH}ldJ}`oV(`}iUrVWBKw7Yyyrww;pZE^d7cC1pSYun_T^IxHU9A@GBKyN%qWIqi
zxosqg743n4>g}t9l@qSHh_v8uL9S^NB`6ZQOvd5&!D95J`B&K$x<u-msY(>7Z;KVR
z{oe6)!VPhk%W4cLj(Se8-m1?ibcD85cp5F$T~%TY%`qS6nuR2?xVXq^3iAM+p@0$s
zzf*Vuk#c^&Z~;K3`qr>k@hS9;$V_vuTC@Y)0Md^4%W3${zbjsh-Bm)d)(=6@^q39G
zLqyMrhc}q9?gz;uw=OaX_p{*~Mq+c&AG3_g6x}1CH!9>7AI<os-oB{DRg~q^l19uz
z(*{f#b#zb#=&@Bj@d^_^NF^Ec6^CGCckpgFhW)1ha_8pN!ix^a&pteARY&d%Iv4A4
zhB=WSACF+txU!si1#GLRj+wDNN8EDbUJPtMD2->rZ@aq=ALO_q(K?#tr&nnHt8G8F
zRyRM`FE>s(As^j&In>c7G<<r*8k@6(ZxzZ2_yyBYuk<-{L@iNwHYGnLOtgEe&xHU<
zRy$exm~B+;0sn@##U7Tpg@-6wnf#hHVaiWYu(9AwwAxJi4C6d!uhKG`vO7L^nkpfZ
zu3hb>p0Q*{aZ>WWhfS}=4I2R!4BuDBF>Ub{@9RMj$Bjr_37l&ET7OM(*8(2aIuX%A
z=#G7`gx`CG@29MRNT0N8O4>H@+qzteH<UaxuIkoELtSqn4KM%Xkur781c9LzUcaWs
zLYa9gvs>eJ2|?5d!3TTLTAl2En`T0(az9T_wvMxiojv3*_U@5?9uMx~)pMMC97V8~
zh%IjEG^^$#s+qQE7jDWt$|;Z;pQ{$bkn#1_L~=3hc!%j=TQ3XVbhI|h+<ck&*xBny
zr}Vke)Exgb%_-UMs`EZ^(ess_G!+e+y}B+{_97j#{mS&b3{*nFedlZ>oD_Jg!aeMR
z9_IfF_Xt}_@`xBhg{)2J%u=p7Heu;f?{YpvZO?X<8E}K2HFP`ztKdjK_ZrMQ88w%d
zlO;So2zzMtU<?=5*rRK3x+}^}pw_3Z&Z*76C5WA(eNYOk+OrKfMbwkE84d1-r*2H2
zx;Y&GyGqSYhHSh-iYK#4DdK#%@>(b_O{Zug<5C%m%WO<e=IxZ($^Kd&W40TtY0N=}
z%>KMeT7PYO;^#%NHInMVzsmxK_VkFlRgkhtTGJ`@vA`R*>D}qy-xUi=4+he{I}Jz{
zj~@{`J)^C9Kt37}RU-VfE8d3GXIOKX6Q+iJH2&#H4zj5$v6qW!+gizpQ^5S!>jb%b
zkxE9&I(?AiC(&*6AH=6CWR#lJo)h#rALL#SVfS*<efSSCB_5rRqDnpB-|v@ApU`V$
z{tAiVgunH_L+LZm_nO=z%Xk(x@Jd2AwrA|XgD?(SWn%2b`?30UZL?!3>lWO&+j8+Q
zp+V@~P}{qwVd(?YIFedApGuH8M3fa-1om$r{}iOZ7jU2F8;xw8d%V_QAH4}0iPXV9
zV>`LvflwoBkVkJ~%7~JAt7}5TKzf(;qh;L#qfQ`K57%G;MM4-U5^EtvdPoe19!U<%
z7Z85SO<^56Nt&WXGjW&;jJ0%Lig0PJpl=ACDhS|whfYs*j6nK{JP{i;6!Yhis$*&&
z!5$X${il)roXp{*mo*7LbF81C6alEvC*nUCQT^o}FKDm1;X#RKI!hDq6fog?Xkl=|
zTJ+VGhM+LC{LS#rP1FvYlzb<O{H;j%S@I-cf2ztKUCCo={VINWNaYX*Mc|E-;H&<l
zO~AHj=BaCUC3J5{GOgquyMD`*Y9;=AjoTLk<SJ%OEz?X3tLIw9Lk%6GztQQrPM&WU
zRE@TIX*@eH)&(p4zNKYeJgcW$=RW*ijbXpE$tW0a^HAVhP5?oG3E~0?l9p-Yw*(!x
zh5~)l4r*sb2H>6-h7c4LpC08pWaPu7oQ`m^-KI~I_{{w$O-l66K}=&Mk`+Ez_|mfa
zRpOF3dA=mw!0s%C(WUYs@lu^vrNjDeah00{=lWHIPl{-HcuLX(laxa(^O~#?H`lmH
z7WTsN$^dxdf0!dzt$R28tq1y;xY^s|uV9k83|DP-PQ5T;D7J^s>j?(~fKV#9gE5dS
zQh_Jr#Sl`#Tvtu^KrSsy-!sBsPi}iq1>YU@mqfT*MyZGugUi_k`S`YdA-o6PnfiC*
z_vSL?)hP7lLhMX~?oSh{APwhQqA7gA6PyOyg8I@@7Q+ve4b_G8jJ`CmpbV_E#WO~s
zh$yuO+Eb?;T1{=iFir7nq71lmzIoFfIR@7QOwhdJl<d~u`4PyxyZPZ-$RpN|0khmT
zrvk0J#f0bcEA^vsP4(vgCK5d5P0-}hFm*y2e*Iv76HQNdR=C2xzh%<i5nBA17=Bqj
zSlYd9KpDL!+BfaevMh7Y)?}+WqA{foO5F-_*^ml!lg6%rzhMW}7I|rpPU2_7ii=>m
z9IG^T@T#9MXDo8;>aV5F<rN%7qZ>+mfvztmY>MHJK`yAMSRN;}vMe`~Lfv&rvLpT%
zdTiSp1O2)eK9Drz^(420v+VAL^$q$?2sbL~$F*K2B`bf-x9F7|PNQeJf-!073%Ag!
zqw7k}3HkO-pL6F$(I>73n^d3q8j(2#K8!dfu&vm?YbH&z(99rv>O=G~PtKXljE@`n
z*NQ#)ZsEiL@8v;{_qDbabbgVM$1;)&Oy(xk{cz;Rw#6&>O%lsUajQ%aNl8p;^t&w1
z*AF&5SCCgw$Wy!K9#gVRFAbmBQPEuyBNxf{-!VR?B$PL+2_D>{LQ#96EgxhR4Q*CT
z_ebjVXJ{3f;W@?GQuu=aE0;NlaRVT!+7orfDzisHH6@^un!|4rPm`#k&$-Fzx|lVs
zP=W9IQ$-@*>y!R%N-XMxJi6o8K%<}o1PK>kU8s^g<+F+194_3=+o)2XI)gO>zF+^~
z*}H91ZGYkY`SjZ`HfLCs7mnNI_hXvTjP{ikng?N#GBOLbS$)}zRK#K7rf*f(bmL&u
z#vR{FeR_0KA{kM52?3eh=g>S)FYld=u#XMP=U6HxpxbFSx_4@`-b1oy#0Q{WR|aQr
ziVdp%X6hs!l_%l3<*#-%XI|?RS?!+UQ&E6=RR$J=i$6HGtq9;1^*hcqyBNmytwUNg
zK#_t4W0U-418c}#;WN8Nt}(`POn#^aZ-jI<s^}?vgZ6TIdUje+W>(><;43)B)$8wV
zLFkO<<XNg`R@eljOLATA`C+?tT>5x;Q4sN`p4ozG9=LUNTxwquY;~6!2y-!sa50&>
zl`{K#NUddNZzR7}zc>PjJ~y5Xn$??ueB<+X;;#mz*J<<%J*oaoA2_X1rZ1&6X+5i$
zP$qQFoWX!Ej`+<wcrgOkhROI&Y9f<%0UKG<))Cgj%6M9kg=PUS*<(_vR-a^rE0ao|
zogSV>S0UQwNhBP&scwXfE8b_3mRpPxD|m+14lDdb+wZEY{HVcmLZoh7#3$;3*pD+w
zHiW846fJTKy;pgHrcx>$#HX2wUauZLf4J3~v*Nq3hIfe~y^c_ZNVunWTl`?N4r%lE
zA4@Lg?AEU9x%`UU41aioU>&LU*9qqDd71&915uaK@DIM1g?HS!@HEhljPgasB1QN=
zYB`NazJeYcsd+5$V>Tu=;2fT-um@h63Evm?zhSOmM2F`S97<OZavd*_16q!2&?;EX
zqsa$!lzS5&@>!SWIl0DF>D1Rd16<uX)*mS9^oG1VBf>PCNyZA9k3^;V_CjD`YuCqS
zfBFur1`eap>e4WSAacYtfC0AhyTR(u28h*4T#CDI2Hq{TriN=^f$XPmt@I}Q^SOWR
zCW-nV36QHziqJvsCH?F!YZLy>Pb%kBKctp&;0)xhh-s*i1sUV}`zTCa6tW&91O9m2
zjs=+npQe$z$F751woVH4KR80{fPlMY!py^@wg(@93c*1&B#*tMH9m*X4`0vn2&bXF
zX;C+DGw}rHfKD?{gXMU!LBhYlG!<O`m1mN=XOqWVcqs3Y&qS-QQ1$$^lBsbqDO1iS
zMD#jfL-|Lo>x>M1a;_L_ZDLRDoyAelJ>;cOWkV|1fS))n{zs8-Ka0cjlkTY`4_=E*
z25YbISd>|hFGF^9#tXsyHmR(o1`Uh2IWTb$;tF_oxCHGmT7XnF!6rL<XnCX89oh0r
zThn&zZr32YFj&gzrM2=?8ZK2QD3zL|73IawT+xoB1;Sop+mTRcxL8;7qZW;}3Yzv$
z**PSIEOM&nX!!BN#7M|XJ15XjRqf5LU2;>!Cql0YWYy{#XKKuJc^M}<Y1l@xpbkoT
z3Uj$<P<483#e=T=Wb^>k&B%(C>^Dd!sjfE!w-covi0utVnXg70&^yfm$Q9zJuzmL@
zzmxYN<qL8_)x;-}xaIs6C3IMPqQKAj_BAFC*HNEuC^hc0=zUEtu-{A3>=rd6-wuUh
z;t_QXw7!yM%qJsI4-CJZ>tAN4637cI2rD><5k+<0BJ@nnD0-DpCnnpX!Z%-=P;p}L
zb#PrfT=?M^rAS@j@pb*#+WR2{{Q62YkExu?QoZzbMlc0hz5@?GYjVGqpL<H)FMVl7
zK5IfV*MSaAt-wbG$9KJBuMR$RM|+^9$9K_2bL9)+T(SmC2;gqsXMMf&RoVSoo;Z5y
zDc9TpzSXXN*64$~SU;=-Ie%m<eL_rL`esj=f%u0JfdBhaV@0n8vRol;0Ox>o*S^_s
za`=)d-Cv4ZKu#_JLtrEd<dtuHfA1%qBF56!aw^TGulMTQ{{|`{EkG6}Ltupv`@7!y
z$8!(&=E)cOm$eTt5^fF17}Nl4y5!pit_?r+<ScIi%N3q_mg+uhRQ%udDh-|~>w!a4
zsVnsK8XIIRUq}NGIJrLMSbQ?xUYtoj&-iApo3cpJl+zif^JU!&$~2n6H42-LIVouS
zv#*UEGCh`Nt~K6bcBfriavh#8`9Q^v^=4H#^p0E?wcCym7gyXqlCG`G(#<Xxpzq(!
zA4`M9@rq2(WtDDq+DCI$3SSY+8Fr{OwB>G9Kvf{;tp@v>nr3#&m-A?0zAx^R*@@n^
zXU1|5E5+Gj(KK^lzOBjv)x2qj&1w%7Kos1r;A>H;*uU$ms?xvfo<pbTGgqNXxA4FK
zH9PmuTdMEdh(-TH$lDZWcMMZ+sx!eDDu>2i22m32H%LD-#;C@14bD5SU^kTvzK4!7
zN)cabp5l^H3xjU$Lrs`)azXB)q(X>X^%7%=Ds^TfHIb^DvymttzGYauv^Z<!?=1Q&
z|EHx~zj_CGRMWW;NFqL45d&E3>{*5!qu+K*I)VT<igePj6=|RQfP|ec<Emw7Y>gx_
zxG#!M;P#OcD(x0u6kE1pxSoXQ4uY_KNv#!fOsXKAIBk>74~N%<DgoM>)=aY0kxmD*
z51QOwBR(7y-RD}+88i@5C=h8?zy>}Tf3?~unPptew%4ju+v`Qm-wJMz;Di;Yx#fEJ
ze}>6(cRsvdxudYIbU&kf)m?u5q&kS;JBY}HxD_J~HmXpM-Pm}Aom3^YN$qAU8OwO9
z9E{RFwnE_g3`kCRPzAMN?i!WU*DNKGMahbHD0uLa<mFcqQAQNzo1qEyOZlfbK!PE-
z0w43M%LYWQy9gFnWv;T>rY07pc-vq@_;gwbVHJ#Gj+%W$2#zJR@YQG|=^PQY58G+R
zDoDU(O5(a-YYgsn3=VAzF}cjAPnOm0HVgL(M@r_6e(+NY``69dDXeU=BNey1?=~dm
zb)vSw`KCQ1o!W-cQ25$p2~0_;Ejs7LEj!X^+ti?NR@AwMIjpQGBtmI=^k-eQ(*?xh
z%7_`bdjE{$P+fpqRuHok`pvw+J}E^k+}i68eOQD%UA$YjML>a2E_|*Vf4TXlL)eiw
zOHkGEYl^wL!aug<nLk{Y7p0szmI(h+rOdEIuNgU<*>r3jAJ;AUAzOZ0mn9=BY{bk}
z6j^KadzrA%S;v=g2GBx|4Tgr3HYXF>BQvkTjhl*0F)5SnmUwkerpLOOz?iIEnM<5_
zQnqfg?(T6QuT45n`m-jQ;7ljjXS<9H?XdpX-SyCH&uQeq9ee+D97f!e4VlB0TZC$n
znDz<sKMuK0Gvk*bH|L#QSn8}M;Fh+uGaOKv-zyGUP6!}|(d$-@ZG$@&i;pQ@zPbwU
zib=Cf@r+*l9bb#O=yp1w_RWgSCDu^U;rxD1bc_|{yBs(t^Tucts$Y>T<s)Qvr!+3x
zxT)!324|~;YuJ6}JhuDWQMA~&_}3SoxaDoocm9lh?QBLaZVL)}iX_2l#7SCAf4YuS
zYutc1=SaP>5EH{WDN}{E&hD;>mEG9gC`my;fWZ8$H7AQKMR_NJ^ZiF($F`Gk8XuN7
zEynfIuB>U!LN)|fnJsSmdW25iD8*H}ffHrB9h4|{Aa2j3gEEv3gA<uM+i5x|#E5mv
zXDL;pO&WKI4%a9LJjSXX{%<0#@Gy1O2wRbKcFy+i9ZM@}cy?TY1$e5o@Ai^?hkrv<
z#Fu5;;)NLh5>>Zg1}3SRJj_p*je323#9z~V=9$$6rCae0lT3P~p*G5}n3b4I<EEO-
z55PhbaZ8TOj_X7w=VbfU`PMjSyt{L}B+<7^g}IAvDVBrfxWtw%XQz}D+>~9BziN|c
zWezV2jiS2G$Kof76SoS|rQC%cYI;oVy`UWB+%^R958+Fms=I|_Uv#TDlJAAJ{$xZM
z@mp037{=1;t`Y0t?eDX0E_6B}U5OZ+DOrCT<E1n|E}+XSQr>pk-MX`g0}rWEg~g}Q
z=Ivw127l)r>jysUyGj_z?F+D0KF*DMdms1&MoF2j9*C^}8c_pF=4z6s@C+y+{d{bJ
zaT|NeCI>1t+s-tsC&&xm_1qjnv1`)n|G+qrb@VbHWslMI;ph9)kzMWQRzNlWfFf~v
zYI663@YMX-EQ#cl3{SrMVP5O2kZv*&R?Sjgc9n|x{`ggIG!?C^`@x_571@B9&)>ti
zu#|7+f(+vy8T=WEuVA86`}B~0|LF$f?tz4DSDDD?@$VDx4SOz$d&OoE%(vV7#+#UY
zH(&c6EL#@G1k$6YBAlo{AxALvh@GYpKbX8pemeg{K9|k=R&ii$;=Sg$eee$A*LaM9
z9X3NQ>d;#ZFJs&cc~Lo?ya&`n%LWSYU=m()zoZuMVJ6-?_>a230|k%l&`Za*B$Mt0
zaLqRbR5o=r)qLX?a8(vRBbRWCoJUlgd*<6IHC+`|$Y$Hw%r-exHYqfp!K*6N7PCv8
znap((%daTW-KxDIM)%%0vdfri0uMXb$>YzFeABLxOgs@M=6~GXK0iwk38brUtJruU
zA?Z6K_AXN+TcZC(1mT4q8+=0?KeR{^CFs==KyPnpI|?-g?bk*K2scld4deG47Ii4H
zodI#8d$?^w_o&z|w|Qu~@F6loZ22NFd?GY!x_b1D7cKr=G5cMzXJZGW3wQGgDJS;;
zOpN&I-g>Jdn$&o~0?^bPsli(%jTkVpx=GbOOF`Z^DX3|0lNUN5cdueOf^(l?9*i0x
zgmeGBL?`Ra0hhy<t2Zqmn{`YqO)l*qn{osL3ww@wXnY?0het1m#sJ^}3vbz%i)u)}
z<$W|eNqGq-1^`Wm$k3>^V!6#{-g&#EB>y04eGs<S^#lI|14>OrYUoUkk4FycE?Dus
zLpUv{YNJVZTHTWEWy{qL@m=@mlNyCcU4ZA{ZsdBXiMwU5Q})H@0jwBe$r`^WH*KBW
zh>nK$8W!!t#!)l5FR2G-rf8nmM)n0(5C*^SHD}qtbjMg&R-xdg#Fw}YLLb0Lirkl1
zuC-%_xvIDHkErDC2R2Zwhyp$ZFS5ktil<BEHj$`dlv|z?pvOORMVx$lr?q`_jA=U(
zc-NWZGR8)VLMsVn4(X-W_j7+aB2BIhyf+v%EIBlU6nJ{Knp`^0ke=Z{dQ#P9B=R8r
zUCjH!4AP=D$rp{tvVR(1?NL^AT|=W{I3M0(m0vof3^n(X?XYv^2yApMPRaf3f|h-{
zUzWl)MI7oL?}`9@ozPMX<hn%kDSftdu^@SMMQI4P89}_x%z+(uy|saT=+?-RDhRuV
zk8ewZHk^B>zdw~3P!^aNHR&Cg6&Y+I^=8HqtKPnl5IT_X<h<p}W*)23)5u4q?G{Bp
zBU+n@4U6Lo7+M-NlWcH+4k5c%p!ez#7LsENiOkn%Z|9aEl2J@ep+E2$yTdlY*fmA&
z$NYoc$H#MwCn9r^i0BYB0Q(QWmD?>S65Vg>mJ@vk0qC$Cv=hW;dy$cseIr_gngL^L
zGS4{~#Aax&BL!p2%9yT7j0<pH{&bgb&!CNF?BxWXff_BVN&az)j<gdPhs5Y%{$+ti
zSO~dNY9%hm??=-bJg*V{&8Co|BEzA-w5|K<2hXFuz>oz#Ku}HT<R#aHNTT<xX0Uy;
zyr+Ec(2p1I*I0r|#RTJ7&ElZxx|<R&7NR}yv0sDvEd7T>f@hE=VWs;kDQfGU@t*`J
za!>4isOzsbW(JgG$C?G<CzW#~bdz_8Zg`5lJcNNe2N1`gU6UNRWgbxU(@Oy_UGiYx
zbGhN^Y_Zp22<TV*87Obh8@JxK+JA?y*J{>Zua|DJWT|;}>HZn+BP*?1-bhNCV&{?t
zV)diDf#dM;NhBaGC9LBS(wsF_5}BuaXtyqzvoAfR3@aB7?JILW;HpLYR!(c0&%fOi
zxk8m}Ra&EIh;3CnyvZ%L1&;@(*R)2GP7VLwfNJF=k-fKicPro`$CSpvy4tP&WgpZ>
zmbH&evxN{WZd*-9R|e&2?-sNKe#49)b4B)!1%P#Z1x36&z6~ui&i)ta7mh|#)+cAr
zSH!bNjzrbdAVGo?1nAn{te?D}{FlWH$CIZ0TJ_(#+9ouoM@5i0C0boVQwUb0*8;gS
z3ORgkZg3Q2jB9Y=mMd!l-fNSJQ+T})io*sGiqM*~bv`X8E(-+C>W#X*cMr7hM-m_}
zQ-KWQ5Stv=NH3osCDc>*EGIu%O}mXAZR(AWa&>0b%pqy)M+Heo5IW-r-AzDl+)jAU
zRo~~=c8D-v-l2J+dm8{7GA&(mo;wxZFO2n<#jhS*Pj3UZh~AKxwk{%iJiP6GP;?!F
zRXegX{Mnd}cVLspQmmW1n)2zH`iIq~p&~6-6MGxJZ>V1I+ZS6xpx)^r2QB6UjYU#5
z3N)iEbWWXAn{t81h{i+I(T`3?n$o_h90CXi0$xR_a#A$544ZYV{tfI}h2(WNdNBmp
zm8<0A5EXE$)o$7mnvpTd8sYBp`n|XvaMuZ4i%7$ud;Ny%FV#3i$=YU`Ocx1A9q<vj
ztH5^ZE<2`CFfRO>lhI+wl6-#Qcg$&av;>|U!?`inza!nyL)BnDe)-&WfQ!dp-M>VG
zA*K8D(GU)puUfw1R{sT;&;9&urZ2~+xlh45Z~xA0xoHBA(3?Y~_PfDBgSd|vwPip%
z6QFQ$Yjl*7OKEeAv%ZsYj*4%6)2K83^0pFkrz7<Yv&S}=^lOmQD2HVFx5Vu4X^%PV
z4&Zw>_>b!)+pLsuAQhDg7c)YgqVv%ZUw)&Lf&q#t+bnmmds>r9{pi3atpX0$Hg^mT
zDlV*VxlMs3hZ;8(jg|N6H<s~gfLh1T<yuVF+=rg%O_#AdL?Dw#>{jtB=mBb-S=k@G
zC0HIJ#R{$pmb;dwk&@m^OTD}omNbN@IG6v>ITdpBlo4V_2%H=NRJ~06trSV$1hJP0
zws!!Uo&{Q;4(wm5=x=^pnIWZam3?@@*`=dtf`1WGMF%?he_IF10YE{&;hrRUKd;ke
zRr*(^&%KT-?{o_^bi6-EAi5HMzo+d|DCiOwuYHI+{eXH~MOuGtdG|^eJMUGyQYm>7
zwPu<5jAOx%JS}8(Rl55RRK$MQTtT@fi`)+}RDXR?P1--+O^VY=2kfd)2?wY=UE1ze
z_&8~|E!sF}pMu@3CwDu-BMF$VF&h0iuR?z~(vWy}E$#`wexP7gzzjR?&>OM{$t@@R
zlE9WmF^|&w<1h9crtiNPvqX0-CCFap4U@PNGmj!8p_^bPp>#&=9WI$o+mQS&r~IY~
zlT))I2IjsH`ocmoIW_y0Ad1KkP+Nl%()#y3l-h=ra?ga3G26>v$S}d6*7i%F&G%2W
zCBiC-?$b}ca3!Pfi7r2zDgI84+n=hv_?<cZi)5JPUZogaA(Kemh+N%>5X~gS-~SJR
z{&oCUSA$jS7teI$+}?z(V^&DrGa6<!Vqv@S2?0=Hh_|R~q#t8ZOpmM%fy83UbKNAG
zehZt;GU)c~ztCM-@WQxWhb{EnfMI?W{8!7;<<yfHT=f^kM+q<ieWQffOAC<)1!^T+
zVIG#iU8x0bOfX;);7^RLgj`Iny5UM{XqZ}TOea6J=xpMaRdH;Y<k)8F7jtB*H#$zD
z_mM-L+CY3u(6zdhY^gj&owoV_%ie`-3_*?=OD=sPfs$tsd}BaPawhR4rE#ixO9^)(
zR4k<l*+V_m5nTo{bf3JPIQ;K3^sgqYuv$vH+T|4C^BiY<Nw%A3!D+pBLQ}PDOqUhS
zIUj58mm}swuCjjf<O!eZE!_(_e6u$7?@*4bRpGZh&1ruY7y-*XcHL2bvQ%Qg<x#~4
z6dbFW_yCmnpM)BE1=PE?l(pqlO25PIf^zrlrH=rXioE=4%_=c#Gu@>xrMjKmK$ndg
zW@Ja+7Qq+}wW)RYzY9_+TN*+?6=`#;jq*M}IbMU>{!!v*SBp;=jZVRm$z6{?tiuK2
z?87{lgn$wfS+SO=RMMfnN(Z1x=r18kohqusT}u2m|3%&oE1c1GfwI-gf=6U>EV*z?
zpKj&p<bu3}|32s{qyby#BE2+;rG5Rlfp;?(;CN7M@iwP^SbV-J1qQhcMW!SJ7txQy
ze=i}c>b9=4h;^HiViD~&-n}?EqV-h_zU=b}uA7O@T;tfu*t?BHz(>BtxJ`A;r5y$^
z+%3)RA;ppgm9tbKzj`$#=khos>=7>Qsq5bhW!`(dgE+p4nsb&lSWmSk3+J$_#}&)O
zQ6q|oP9x18y5d~=<1sJZeZd3z2sT!6aBas&(4<RAUC8y-WMUZMAav^R>i|w$KBnC{
znm`qYqYE)0k?`Jr7)jQpBawKw_vd+biPgk@x6JxTqagK(#PO~}$ko6AjJfjv17|>(
zzc*%ZRY{C0&JC>hT1rXghTHMeXo_Lt4<b3(chPrN-A^)_uexy{SJjQZ`oxDAKjhEl
zz{=Ysb2+2x{1)SP4FUY_k7oH@Bjb0jGURt>RQ%4pT7%zNgZP~-DDHTSngjYGE^yvz
z&0RV7z0^#Y@~wtUw|=W3)6>4ykm)_XZC<92^~!s0A31=OhX&F5PzAt+0JjGL-0qb#
zbj(74#2^4&le{4~3IWbH`mL5^>B-fUQN~L@E~o3^p$CG`3objkmZ<I^ZL`JAK;#yT
z0U-kRnw2Iu!eiqhk6CxjRyj)M{w8^|;q^3t&uURQh<XuK*r-I21`d$RhNJMZVI(WO
zp%{%<EAA8$SLtbK;|uK0M<~x_hc%>+UPz*^8Vgvgd^TTcM>>(?r4FHfnVc=2lOD(0
zMV)0VRNikXbs%9UA0)m`T%NxnOhq6J-Wg5M1tnO<H9K({u7*MuU3t?Binpan>g<OY
z*%cX|n2#xP#WOy9uF&IDYOl*jky;A)hmpiVk-@Be9|qYBDKlasFiciIPcb1ucFyPh
zF_}nqHT*CEL6au!yGl_}`$~33YH8#<pcD$z91U%3PI{3v|70wf4PrIW#G@AUS4J%p
zbX&ZK$!R^95OZXXuG-=_Y_vs^B<ICL3FEo$3NWj_@V>j2BoGdfMdjL1nat7{chdh7
zhBp7^D#}H)5crKE@N5Gh&<7F7VY;3c@I?y&eh7iPAh5AHY(G@6y_I1*>0lVxUV1Jx
zwoX966Bnv>7X6mm%YYu<Ug%jA3UWIAkXH~A(e>OJ3UUgCoQsgX5i&UxWJlV&fRJ*M
zn}uohULe*i&OScmFnKNVFx|}Fy8S>H!}Qa$&7|Aeo~APVpv^=3!)WudXUXw^wLw0&
zj4w5$M8cOEQlkBr8dBm)W%E)(ye6Av6^ns|KNfV6@Y4#wbOcx&1h7W|7>)p&g8;TF
z07(e2p59ZPU#X$EkE(25alfE6b#M_h^+!-&k^=A*0vy1kQbnFeJhN~YiMXmhy-@E(
zci4e@!P4yF8OJK}rPZvW8Y-|5&sSB@3v@qZMK0<MmS!{1=V>`AP$!<GppP@qmgf7Z
zl?ep?&U*v$Mfv1m-yE?Pl|C>OQv~r6s4L;z))FyDB@Z9i8wT+;u295ag-Q&PJBD4a
z5NTy)j(QZ%W@-Hjc0DnxF<^0q^yUhGQApTw<>bV^C<!ZwhwBW82JwLOx3g3Xt_~D&
zPe;-a=pgx65vj;N!6$iaG$0XA=u5p;P=PZMe`ZL=75*Y8ABCTw^zS@RWz9r&#BijR
zw?2c4y}t11P>H=+44*<2dqqsjo2A#5Q#?v29xIpo4++r+K>8I@RM5mqk$$^Cu_;mY
zdrzd+hR8%xYD-M<ZgpJI^G}ihPgnFi1IZR$g`lhP9sw4a<71II$RaZdS;Qut2NpRH
z<;P?lQBwlp9vnP`bEj$7EgwwUIC2i!5M&vo0XLTR^%cV9BHUSy3w=A!qYA;^Mkz%4
zXm=PiYjq`P^?euZdl2?*L!q%CWXBbm{z4KvP7kN!9Zzd^+&PPMyy+}-Je;+6sb9S}
zr>q_&PzW3rXZlMZeCN|$Vc=kUIwACc=JxlOK;%4SIBhmKLr9>?Pc$UZKR(frKu>?7
zA%PZr(!2y}uUt{oY5}lpZxBy!r2zanAEPIO0IUkYCIlE56cjR80eBMuZl#fs|N2-%
z0&V@cc?tBe($qw3YI0Ct`3k@Q1Q-iHJ#$e8F+o!(-Fk{jkGm&;1j_bIU=@ONJ*yZz
zfr%T8M0{o$6)e3cC^85+spLLMfjdl4#8m+UZ5kh*3~Kchl|es^54?}%e^DOIy+b9B
zc5M%X6laV7wmj-1YRaSQ#PH;i#~nf*eI804ebS;lda*(!k18sfkw@1&TJq?AO?j06
zZ^|RSLM4y5iWcQj?kO#Kv`kYTl?KS8O;jEYOlw{qIWq{meBJ}>vM0)jGHqFsXBrYx
zR?VPojKwzkVH;*`xIrcY*Bjwdn~_^1XnQ(@yS+uZ_0=7La;yG_FlhUkCp5)}cL3?T
z`~>tppn18qBP~#FEe@w+qjtwtwBs1;IEA%0s8>sJYjawl+`9687&xpdZ$@rC-z!jV
zy&X=Q=JF77tLZ%rx#fOOLvHPPPeX2f_g?dI>zHC{j4lF3zb{BE{YwGphXC7y0D3B-
zA_f6E2Fa4^6#&m144bEN>*n_~<W`6GnwML{l%`(CrqY7?%1{87B0%q8xwYUJl{l}B
z4v<?@Sj7{g{p8kx$EYxRbhKJ-r83}qMk{jbBL+Hrba--Ww1dj6>qnC<y+D8Be-v-^
z{jDl7b<5T;D6jVMmg22eJsuEm<#_zRh_@OZ8&14c{NsM{R@XfqGTy48)BjuXR{Gf?
z;;p7G`~N52YQS$~zbo~2!XS6`Q^#AiIa(ho-fHw-@?tmo;!FM1@m4#I)Q1~ymG!np
zyj8EaL&RIPe>-%%)%mwV$6M`v>)(vGn(}Z9@m7N#ZXw<(?%@{Vt**^%A>QiXOkccJ
z=eIN%BKKCf@m4Elwh(Xi$jrcat64CIs(33;G2P*CSe1CI{l$LqR^PMw2d&{nEj+x0
z-G65Fi?_OCsT^;0@-W>;?qm(RUvJq-q5_BDeOf8FVz>8^Q$7*ick3p~`;r-gnwgfi
zEtYv-k;41z$oooU-nV)&^1ctqdY0K=*<ywLvF!~t2TUgENf?eKLx~`BK$0WtqQS=j
z?bzjbWMCw}3@X};19o3bIbc3=zz*=kNws}sf`tM-etIZ%t5nZx1r$k)1FBW=(~JXV
zAO|!f2b}B20S!U<B>zKxxYEZD8>Ul!xKiPV8I&K6S(M<rwMIeE&3Ih0s`Ly;&6m<Z
z^W{7PSF89KhGwJNT3$S5Vm}k(+rwEvH2v{t-q4T$qcm+N;dGPw6HYhyH5w9Nth#}+
zJ1Ma{<#lQ%{gEb<{+!baYgmt^%QmeJ;*IgI6RuUM;#!|kjuu7hzE;(JN$aH7NL{t6
z?i*V71FhSvs;i-OpU}Dpoqt^uty@LwTC3_J>B;L7S{I|L)9V7ctEEW}Jm3m|+uRn!
z`tDEw4m|__y@CMxH_6+%RS3`{2p~ZLSc3qaDD&L^YG}#u&8uNah7=|2A{!g-8Ps!<
z0+4_J*9QUIpa4W5K)WCS+3jMGj!bLT?P8Fsr!lvSa+tH~mwK<8rV%Ebc`$0*BK=M2
zxG$7=B9#|zETRm=AYE5P`Sw4D`Gt2h&7p-a3{&EMJgmquOyTd%vQK9T<?rKs?HZ-K
z7E=CRB*pwf`Fq+h%HLUjMk%|5bW??ADpPk!(Uah(qrr<QklG1Ot0aiqgx(wGjv;Q5
zT3~S-A55abszp+6dA+^A-$~K^57CpNrHfL$e=F`JxY8Rz4y<p*mhMaQux*;{QE&|!
z@Ev9#Oh1C6LfnvAEm_wk%K@pUAE5!MPYeyIkN;b`_>e@EF8<oLVd&xm7qp~{>lXy*
z;+N<D7rOY>)<hD`YhD*$HQ!Gce{#N`E-tI#Fh_IRXer`$O+|cOkRtxDpBQTWU&|jq
zeZ1uUQ0E_twe;~dn)>)FnymgcO?@1rY&G@irfo#Z@X18VSZ@M-`WBx)UAi}Hefs1}
z8v69UmqO^%RWF6sr{8!fG}nCMrLef>b|uEJeLnD`>L8xCNdY)D6_ZT{0eq#X%ReB%
z`#}I7DFFXOfY+MQr=ObY)2BDD*3hRvS>3!oou{0u9D+?*g7oPe1)w_u+|lT#PshO=
zdI}kPeht)Z&%KJ)yK*LFt;vHGZo8Njbsij^Hhtqf%5DD~<flzb^JH!M)t@Q1tsSJv
zzy57~dT9@pK7D9i82a>Mb6e7<g}K4{blTkiPM`jq3rC;+=}|v@y5`Z4`t&<d|1ay)
zYbS@$r@cl0pXt+|d;Ik2UKoU{)~7qw5>D4PfpEIh&jsq!dpiDK)2DZ=3aw9nzACgn
zy?Rw>eR|QV(E4=#s?hp$_NvhObn>cyQ=k51QVaU@ib*Z#(~nGQL7&c@<kP1so(nA*
zW<B?B>eCnRX+fXfeNPMe^k?_9pie(@PYe2V(LI6s^dmde`t<2(f%^2X(^UHOkJDs*
zdgC<8x$n*J)2BaTg~Kxx4*xPMx;-O2eL8bC<?xXie)@E)M`V5ao9&dt|1luQU*b4f
zQnrgP-yO|y7<u0)xG?;Bw1MPKa4eKKfzLTh16pfmB@qKSnJidLhP@Kr!ua~O0^r<w
ztJmw%<5TViFFhh40QcNs!?#$nYbBZ`TIMb+RRp<~cVaCt&$cX|YA@U&%#)6!O624^
zNvDdOyf<<xU+z}SZog&#!ek{<es=4u1eUSh1fcc;p>87y1*Zo@tm3hPmC$Pg`M6>M
zBw2&tS}4&danqsV_P%$E_j!`(nGs8aE6*#A1s=POk%^_Dyn5*#WNKsXhRNOr!ywK|
zoW<m${WdBgqcl>;x?(@>j#k7mc9rWH>Dx~wuP3FsH_F)?ZP**mPo);K#`bzx=Iih+
z8GP9^5IL!*aBnm(;BJy4lCRib-nh~v!f!#*AeUK@bV=paC9zog>O}w2T=BSEQBEor
zVZ{h2Z<5PrlX81vUT)-k$tGT~^}c2mf3wy!Mt}rc@{r*8{V$vD8cC8~7fI|rzH(`!
z)aus$940J4W{o9H(#8I?<Y`vom5#EKQd%-Z+DQuR^R3<=p|vQhqfxi?6DuA#JZtL>
zlir{sS8<VHu)~-)MA&bDe<S&FUdNhPPMa8H_12N!OX%-@^6y8;?_55o$<r13X!Nv!
zf15m!R_}IS+XB0|@2cdzM^5TSGEgK`(TqT6K+vs=BZBVLQzoFx{nF;PpaxFjdoXi|
z91xIgMD^8VWViYlUcYTHbJF6ETc(DtGZKP?WN|M6FDgV5apGyO-Zetal}N$#BmekS
zjAc*H6)%&xc+`Jg6Pmfsa%m+l^_=mr5<VzhlsJpCn^c;jHdVjdO}!4j_z2d)fG}Qk
zvKQG%N{c>fc>s)sFaRw#{d;>eX_}3))H95xznz{y@7bVtI-4$|RZ7pFu=5(??^^oY
ze|lcyw>$mLYot)FXCgQtb9OzZ%r75&l2UR~<7OykKNCk%<7PK0Oz=(aO){GsifryH
zoZLd_)bp`gN}5>mw-jk4)Vlk?PfuHq-qXqx<yq=ktmLTX%c{s%YY*R&f&|XJhRIL%
zMaA71LobeJ=gID)60v7$KTfh0;Kx#ie^?q^AYV>8jRF0Y;&<q53@bdIqR3L1%$q}D
zbM~PG4#n6;Ppl%qWA000qUI*O#7@68Os37QOi}WoS%`@wUb_4nFPyfJgG!FZwsUhW
z-=QJ2?w&4R?iAg~-yBySoZo-hmE%BU^ZPElV(7(jb9;%~1peb4Ld}VO7GPY<uDtey
zjuUq-*li&!#zI((#k<{7bGpYcSK0uKT4@aktjEv~>F;^Oo8{-<YPge>Sar36EBayM
z5I|+x+{xHX!AgtkZk^~BW^C<I?inl8xRV|}H%&a#`!ZjdR>D^<D$!XgvaZh-uUab7
zuE#f)HS)bsKUh%fxYBlRcX6xW>eNQu#aE7x0MNU1d}WN_X)C&+cHYs_ttpm@_UgoH
z%u}}MUg{~Ee5-#(a*Y4Ii=6$#*eW8Cj6(S?zU(d-LGcn=ouCS|{tmCRNv)UWj8;;;
zmI437{I2jQ(#K?YTuvV|;PE;7C=}G0C(awF920AWx^&$J{9$w6X7$#RJUzC|B0V08
zH<VW|iDhZ=>m|c|a;7LyRm|iVK5@4A9mFRIBVFmHIC?Rhem##<a`#mBB6=U84`^OF
zbMI^Z)5$G1{}OHfk~51nPjdb@Orb)RxQH^>r6BYAvfB_&z92#nYi;6rsY50goakyQ
zJ%c#qKELBxIJ&jwNt~r>7+H#JK=>y-pgohbgvv4fB57!CR0`+Tdo>F0r1GNl$>!vR
z?{0|J5<i;V4WYOu*4#svR(e0b^Mk6~drdaiH{>#gobs*qbdqb#Cg&P6lLMKq==C?y
zY-j-~#mv%_hIr1Ci=c+(6!aYiN=`kSZ6Z4(Sk#YJU*F9yubN*=xCD!&kD)nb27PJI
zEWDvLN*6Ox!Tq{FbUB_xj1^%{X_|sc`hLx&pkqkIJ%Z-#CM7``J6wFj6B@3n=qH*z
zT>Ks#_SK-5d)BCG{y{CCC0O%3n~frgpD16Y5j~O4%bHvK{77f-riB%^;ACmUPYRfO
zPuy-5_b~o=S(-JtHN3MKhIUCSGZO9#@F%Cd9&C**ID#pd%GL<)vHMn@yn&{&jfW!V
z;&?onR!GkO)JtQ3j^}K>&tmOFQuKLZzK$9OdQ1*#Bw1rtkxFS=Jq$fGovc%u9>|(b
zL4$g6A~vmOP1o;HnkJ46XqqEeK$5%dKPRnV(+x~jXvJE`{JgC7vt4QHJJ94^oQ$on
z<!I}xeXXx%t-ns(B_v7j=cE;EomO6!)?SJy`Faa^+Vq=UDNzC$<$$Gj_%DH7W+OhG
zD3N2ZWr=4ApDRmTr&AJqzi@jNsj4Q(&!Q=Q3$Y{elIv*#j0r#YL5Jj~42)PaV>1;{
zW1!8XvkzOTV;&xChMf4TAfxA%8ZH99j*~D6(Q6V00#N5!RTlVj<6a{&sibecxTDfp
z>OxguQW*ON6e0u5sQQMwd@Oh8O|aYv#54}c3Dx1eJZbg-j@*Y4blQ4S&}r-Yg3hN-
z3-oFgKceYAN3vC`P9Hw5;XYsecnJ6T(#J!)&mVj|w3B26t$SWo_e_wJq@%(=w+p~O
zBfWthj7SEMA$^1Z7lV8t7nzf!P;w!_pFseB5&%kx(hP*z9R#zR!QfhuauBA*mn^^_
z?H=dn2r){V{C~zvU-<t_mfjgBGn!Y%QJ#|4%a74K$qIY)>KB;LP36xp64%5Rk;rv4
z67Pte68XwL=F-OeB_l1L>)_!r{>h_61`@ckt$Y~@bel7t=C08%XwRysY9QxayA0Nj
zxpebkH)frNX3TPXllUi}Rkt@xr)saGe|!A$zf)4jHs6Fc-A}=9SI!P-EUV3eQ4H4R
zOa=qlmRYEc&S|M|ypk-)tdT6}Dso|mS0^}Q68Z9WfRJZGi=Wu3`8J=6z*N6~_?ktZ
z>(J6gCT~Kqg>AbAC_e32{?7H|l$L9w^iu;{PDHLvG)SZ08f+2YY2(P0#5aTUA)OlM
zGR$4{Eiy-sz*_0<!!0=N68+G@@PfZR=iQtmUL=W_8iD+?`O3b%Ev1e3FB)#C)WO4J
z3x3Nf`-3lgmsml~CGvX%v~~*;)vKr&EBRVV8!d|l(zYfoct*R4Ijo7PXsA7)&Zmjw
zR0-t7KS_?o2c&O`@+#?@uAs8#ZE7js;I*;M3{i1RPHH`lllzaRz~oM>#?wJv49H>H
zCwk9#y1OF^gJ}Lb6b+LT^<TB8D`Y)pm6UFrbBx~K{$v~%q<z*k2KV@fUvGs_B*Dt6
z^;->PR(Q$X&`7TWW~NHlG1OG~^rn8?N;Q801tkWw87=N29nJI0>6PuAl^A0wy`)P$
zg)-FO8O8Edu~GaY&u<jdf=Klpj^y;p75_q~ngNK+BGPPMU!dj-##-M`bXG^xRQn&f
z;&Ds;W?k{k0n_#ZnYN`XJge3Ihq~&NA+K=5p^22{C%R*EC>D1~t#;q%4IJ^n$<0YU
zg_E1=#f$C}V>tT|Y=$_)()|q95!s|GzETgSS<2v7I9Nq({px$sdUHi`FlSJv?SWi6
zZCB&{Elg@XkgP%CB6>E)$X7<+cVq%?|J^M(ZyX7a*tyY2Zl}egB1+O(u%fOdNnV@o
zY*3zAdeY{Q)Nb2JFJ^3gz8W+K?1zPoTsu60lcvl_K>y)O-^C;O9!9q;%Cz*ouaBqd
z-uecn<E?rsl|vmT7QIub2k|yAG1{;1A=6BK>Q-q?1=tGWjjN$)=;0;o;Ux6nz5~XW
zjY8iE=n)yT80%KfNFZ%XJ^GPBat$iL;)SeuXAd=fFFUDc!z2{&XR1l=TEFNNXLp-(
zo&<W^)Bm#2Q#JG=w5zRq5*2nW!Soe&h0iyM<Z?0i#uBMwe3Hfv;p<TxJDdYb#D1po
zVk1(?Xx!_w<FOr@MnXX+(Ea~v4~gVSDPjKq@d;#)l6LK%1RPULV4^d;<Tk@<`WIj3
z!K*b~gVw#00b}#0;QD}mfd86Cm#H{8vCz|ts5Al&;rPUfQbh`<*gIB7t)8^^GRZT3
z2j00OkSjGr3@%s<tOYObc%Gx`IQBvBf%=9F)CEkbJMjX3TM5?h_p3k5$;Y&?+Y(gJ
zv05^nh$l{Xqb+k<V!RDKyY@o#X<3nU;D4)Qlb+n+VZ)pdepjN50XlJig91!-|F==d
z#E74=>%DYamK@v4Cmu()l!+F(1Az2y1F4^tXaJsL?R`dA*We}pEw!5J__869i0(C^
z<{GT<YdW%0cfd4sG74W&I4>`lwh8=*oq}$^zz^Lil<z{fPm#U5;L7?Lv5~$lOn~Xw
zEKnaR`8H2ma?NTT6~XwG*}ri%@~Ix1=}*3F1(}Ar2KX(A67Y88+!@xIGm&_=fOti4
z9QjLd#r;UQlFlQzqR6A5lTvr_JviQw{WJVy``KUtll^B7{)K13wZK>)@Q>7DGUsfZ
zo}W4LuR(BZh!RXYi|eeW?RF#XC+P*TolQiN(F=}^dYkER@d=^)l$~6$ux2dgw1ZM{
zRw7A6Xk@m2)Mkp1L@#k69!VfIpvas5uBJ%;30zLE$LK!4c@N8U<+9cfvp}nyNPfod
zIcOmZ(y*QwgqZM0T72=Ww|W1y>lK2=|C0au#;jof^};;rLpLA}M#N!yC>+fHZU1XB
z{rWf1{;!NlU@=+CHtBVNrr&3F4L{2oQh2Mcu)lf&64}isWWDyz#3N2YXP{=WLsBJ@
z9s%wnKL?$BK7*6?zHrP-Yym&FI3Sugh7J_rc5NjK{A4!NH<WR{CeUqPgH(L(IMI|&
zbydu$5^0B0eHW|#sjJ^+w1pLZ)m2W_j``PygGw2##QUd6-4KevcVO^hSHJv%C`M@L
z$u)9qZfoi^_<I}bvH(8i3v(lWIOd!fu;0QdcLvB8u^s1WVKVdS*b)tvbwub~x*Fhl
zOQE~C7}15?l3Zk7^hbQK12hI1)3Qy7<Gnb)yXH2#yS0;A+7FqMIMs`?X?il7nx<t&
zy1$NUViECMV{P{$=7Ocl486EjnwZHPzo77xUP)Or$(aXaTGEl$4ph~emS*`4Q|!;}
zEgbcdv+p)DKd0iD1YAmfXW#9)P7oslM4D<a+E9I}h>XORN1GjqJ=8^bZ$=WQyybTe
z<o988ApX{+9~Wq!<De9ZKhroe_!_)<gDZfC7#-zE0XR}OY5`F_bntJo4BuBrTuv$I
zWx5Tc3rGkS$)lM7KQWjqzJR1-QU|LEY`-s$&?L5I<|}_>*(?vCn)g-)$99qi4!9f?
zX++aKsvJ%UbPx*fRX9aOkp`!jR}@aV$5sPErF%Si2TAuRJ4)8vA>Vxb`-e2Jquuq&
zxtsi<vKOV6Ri5tb=SBIH6&~p9pAVEwP6oMd;d*&d>e>2xV-H<_L<=+$y~LG%CUPLj
z0ThqxQP0-nL&USqRQqm98#Z!(f_(1Ia4MdWP6jH;Ok;iDLiP5ch}OzL{&6eC<bh}v
z|1bxx`?{z^hI3b=nPYVB;{`{gs3Y;J1ssZBvHorfyTA9kX!f`2aCrUor>z`~3b#L#
zc7KT>`eTca%rCag$qm!Ih-9Xi$J)hkkR7_?@%-+gc(SU0&XA|B&~NI_453r^<aJ6u
zX1;Pn#74jMkG&hPuxU$H$9dQBmDL#L-ZYqVMlFNZ4ELfrbRhzJ{vGXnWc|`DQ;(rD
z;LlexN#_lZUBs)FrPmk4ark#N{8hE@@V1%PU2MRtA}@@GFYHtUk2gUlpjXu>y|{e6
z48mSEPa(Z5WxYJhdKt)ixefk;eg{^+Gyv8mNw3!3*ZjstrFrAVfbaF;lkR)rU}FG2
zjXDLNDTq%x#plc#icbW?=l%H<pEu?!_`KW1@Y(yk(){1T!snFlg=YitneD@8DdO|?
zeFUGW44=6RDLywad^!?*WcFUff`ow@+5mQVedLqxLo4g?0w;p&XIBUNrKWSG*Y+C3
zxgCV`(kH^ycph6%_czje<F8rk>3&1{E%<8+A@uLCvDA8LdWy0STneq=K5(r$d9Jd_
z`yjDn+j-L0x2J7vflu??Ah)>ga2Dr@S>K)h`uZ?#uG*-|kZbcvH=4u})`Kj4I_a3e
zQA;a&V4{G?DV-b)jX%?<w8}u<T$V$nRXh#6F3zFSD!D-PyL+5Tt2`#HCX!7bVkf|`
ze%3pNw2(q}csG1S`0lAp*%Wr9P_d=j@vsMl%$9Yho3y{oK)E!-CzlFgC?56>CT_PB
zg(m-TFQI{ZU#2wh$bySr+Fd6*y5Qs;WSo~;b8pW51PujUJfr!L`InR^&6pH)dk1YU
zWP4=*&#eHEPWOm$Ape#rM^qkphsv`yyq^;L11r4PUMWnGrr&y*>8u~J>YuTi)Qy@K
z#|82$?{<f`<Gh|=Ji4N<T_ww83yi{ALcyJu3%c{lqRBumLl+I2RZ`I;GGKlFP6uqz
ze7b1<oJ$wYZ*$|+_objJpIADWE4hhG=t@D{B7kMt7RXyyn$?P1cv>(u@Xu9m{6x1g
zwR&T4zBE{LeC6;6FpyUkyv#YXo<!u^@K4@PE>4clzdV?;KA5%6rmOQFcg`m_dhY)v
zo^#KR;<)p?VR&8v-#_}D`?EOy@%QnVBdjyScSgF-ynX396V_Wt54VoCj=x6`^O6f-
z+4ToXDe${rmoK{k+H?O8wt&~;{UrV@>3YR5H4BUn8?uKD(jXJZTtPt>g$bRh7&`SU
zy(lbCQEJgUFTJ@xKG=y=_AYejzMW)`T#`pTYPiMl?mD)?nvKB$cGf-<piOzhwAvpA
z?Yn7;vH7GW11`EB55^;p*aq*c*Rh4Ta1bi!X!Z+rHT2BESl|H$pNeSO&X>g^W;9e7
z#-rXUZigXRa<^|t^fs{xhh(OS<1~T@{87H)d#Z=!VfXJ3CYSO0%kmOI$!DW{l8Y3B
zez-r_2;$4;&})Eyeu(TiPFG!y`(PCMrGPSkFqTb4!XTT;gfO~L!Z_APgD`p_Vcgjm
zNEkZk$~`y=_g?Btm*jC4eig<g4Oxx*z5Q;iwQx2*Te3QSiXvUWCqf71(1BIlWOJ1m
z$pM1XsG}DZr*hV1e^DO4hq#+E-ERYKSuw>A)DPF``0|Vh8Pi0HX;vRaRNM@xA!dkX
zABJXfojD^n573vf9S6<%_*x?2YgwE-i;&pxJi%#DLZC6{PU%3dq!(Gaihm#0?@#jj
zjUemyEbr*V0uuzO-Q;-YZNSN+kw}7L0}#-4ev|L&yymaLL@XJq@Gdi|X5)Nzs|PxL
zM@JTK?DA*u%C7!f_{VE?0c&?y?@(*kc}+b<_6K|)Y$P9?!g)pm1;jpiAIv_szAlge
z{!9)<05bww=gWtZ9ldr`I}J=$BipuMSk!mS;^=B6=E~7Y0VcjcS1r6zLYLy_p=iF#
z&ssG9H!As#JV0pv57jY>!vXV4rYe6@cvH3dsytO`s;MfvD8KKI#ziV3Cs8!ARA^+N
zZ<g<0%|BJZ2&P0@@4X=;%Vhkaa@<fYmR7VIqn$`|@k(=F>$<hnT=f*q=6ddqXKh@*
z9b|G}x??xsGSwMyGh}_|2+R>Wj)=fs&ruOLaLz?0d=Eby7ZA!IF-N5!MI~d>Qut|+
zHLhGSEpb?FcAAlMclrxAnq(U7LTL0>&i!uCNxRjJ^4X2gd*R89Ab<spveWH31Sljw
z)1Pe^%z0YF!={G8l+F?HBco4x-NSKjFvD|)vdwhuHg>6sbnZ54{fMplah^V8g9X3x
zAS<5RitW1Kh;3$t_xTF-(kHA?Xw{FYG*vU>0`k!*_7lh&BH*KzdAB$kK)_SlkA3%y
zpIYr$n#b|0s;PF8%Ki$f(gIK}&+{8b<Z%T8zogo6SVzmHJ2PT9M@f_q5&$nyK!3PW
z|Hg3sFDVL8I?n!_v1ImpKSO6fYc^GY{+K}(pkHUiaq90AuSxsPp~cXuxQpQY8xURk
z*k`jj>4BS)II^#XUxEg0scg^EgNe+7E@aoZzKL{*K~X5Xjd%f0y>#oxiXNb+t_VEM
z%&7dSYt)c7voNUf)Wev8Snu5-ThsKo*p!Xx{Y2KkYe^3f1lFb+Z?r!uMinZE$U7f3
zgNUvfL~?@=35b6gC!QnT#?CiBlZ}j-+yF1`SH^3C96*U-Iu`LKVxzGTGjSD(PP4ck
z=>coQ>K4zi4>7V28B<R`B;H0<xF+eh5Aj19h^qoOwu^An3imMCx1?V+li)DU7l=m~
zIyo-+G=Y>BZdWn(r)lazmZXsGv;_pgN$>m=&pG})Z0UVEh^;GE6dABN>w|lRnxmje
zq|YluOLzQjG{irG+IoN3@rq-#!hrG7Bcfy`A}RJ;Ni}ne2yF>k<EhA*$Q;=lF3};$
zr^j67E3(S>#RnZZEKY!FOV+WNP2wVaXtIWjFmH16#!?TjeA@01ED5p;r}7lOL@PHy
zrN^ZhLgV^Vf2>F6=K>te3is;d^S%oG{I<M#`q8WCXFsE#!_CqUf6<SACL;Z;`KLlZ
z0@9C9oCA2nWlB7yTp;mK(Jl@7F@SQ`GRpbHpK?@t$+Lb4O*syK%AsC$ksW9j=v|o6
zJtr_@#QI>ZP;(dvEB1!Rk+8D$gs@85G7Mx*#HiLpTt9@M3%!aiawlofMaHD&>B6GW
zMO{1|^bA24@5ig?BC{{M|IXXjM;AA<!YU}#h_A!>$MtAo2f<+=*$nqPPiNRbI0T^t
zV2Gy)CE$F2_?`y8SncB%(e-BE(x<2Y^a{5iOMle&z6r!lQvWr+qEuev7_;v4RI`gr
zJJ%1<T<vUbA3HZV<Z5T={h%}ZR=Zxw5b`2wLh6H!#T_V{-op9MYw^Tpw^V+hDGKyG
zV1}yMhTF@1*!j<<zIgw<vOag79n4iByODb1(Hpu%&A$3~TMgl=$ngM@6ga59ZA>Ot
zg|jBPuV~euXeZaVQN1tw4?C<w9hrZ#fq&K~{0E*=g#YU({O4MU@b4>9;XmXdD*TV%
zPlf-X`{M%RH`V^(n_zuC<pwjYatDm>PLiFI_*|Y5bla3(H=R^^-HE;aC6Hb#D`>A<
zr_o*?WxdY8UN!tX9f?Quf?Ms2p6+WrGLr16lE&|0jn86@cVdml+^^PW*!|T_wg;C+
zjdVpd5>2+;E7aBD#0$K&LFz4#FraL)0mH?X<GFOJb99Eq;f<QtI(3&Dk2s1OmK}v@
zSSr@moQ_y_3|{Ra)EtX0;O9j5X=UP4z3>#90#6vFu(N<K+La9@H}=O8eooRI<S+7f
z_$3wa7u^N?o)hqVwt%0vHy#Sk!9zVf?74J-Uz(N)4;SFUo@s!mO@gB?UNAKkZxBoy
z>^BMzpPwk`&dK*v#_Sfn8w5wqM8UM9_$;|(d$cR<nw9@{pX2-x-7dj#ehCZpJj0Xq
zLh@;Kq;iEgRW;*x^91n%44mM^08fm*5_Anhl`rb*7;o$<r0&4d%f~PR%Q+0>z&wLh
z++ihma&H%E&cxVK>n!39OX=aIIecYxfhFi>?wr(W9J@{<Fv{YJwdc7DL-{$K+CbU<
z0^WWQFXi5yQ@+c7^MxG#n}fN!@2x#Aj5ek1x2NQ|CV2~TdhX5<4;CL)PB8KIo%qf!
zc&E5)uCB)Fs4-X_)dtU7LitvE>(o;u@*8l6j)k6=FF<D||IWV0b1c2Fvz=DmRcp`l
z(Af_A@El+m(Al;eacA*Szwwg$+Xk-{$J%stc(Fa{?+xM?-YZQa*)2zbo|#r-{z7MQ
zRAC@Gx1@t81>CD?aV!CKfB8K?T{)?L<fNYRbY6)^aUUEWWp!+tXf<u-U0G0>>s*qN
zt2<8agUF8I%BqV$$LF5Mh@Zds2mI0Lx)_edSoChfm?!%ep5@5D$l<P*4quALqzfdp
zg&fd}$Jk7A1)JljPPlwfaAkGC1A5{{DYt(DN8I!AbPv9T<C)$2)5Gz{8v3&J0IVjm
zT57H6^Ug6*<y)7e3(mVUKGD?=)x{Uz0w(@FRn(<}-2bd#I%kg+Tt&M2h<L$u=R~_l
zFl_-Y80e36oHSa*#${e^KS#uleqIlobH3h|Ip4sS;SDzhIbwgSqc*}O&eywVqF3ZQ
z78o^zZq7|Hcv1rRV}Y0q!xkZk!}ZzXshU%<mSr$d-Wx39DgKFl9EORWTJ|FcdYE9^
zU%b=i9Bk`-O<32&BC`b3M!xKJat!BR)}2jON0ZJ5U*y=qjdXQN5yUHk>FWGBHr?5I
za|Pg17$Rve7Ia=IZ5Re(Z7LWh_O%P;zbt8Q6OR*z<w2>#&|_ZUTy{Oq`!{_7&J`6$
zkfdkQZboErHVjr*oJ|m?7<}L99zZ<#JE6z9%W=uFPK%vDfpTX{pYyy1Uqgdk{RY5&
z2MMMhoZGv}_k~tdEnha4oIJT8?7XH5J?je!om;4J4^|@3h6sF)n}(mch4NE;8OdJa
z$|9H6OGAdzkIoVMPR=c_mp>YPk8ze`-chc&G{LbkLizabZb=~Lx!^}nLA*x~12M~u
zM>{m9;R8-%8b-VNrdUmlHh#nz7!w;m^h|E~DSPoq8Kn;_A?HCfAM@IDzpF6n7l6?y
zz(^1+hJc`19BlTH{E99Z6&O#MfHDQEfq%IMO?fnflZ3g)ysG;{>1B=AT*De14Lugb
zfe;;eNVT^Y-A@|KxjzJO$F<4DF;LJS3os>?YuMoeN5fS9Nus(tTWK5==s-N?#DHI(
zfF2T%39V4^tBBL%lmGSh-*Q}VBsdM5i~juhV9s+3hB4p+s20($;X_xn{qeydKeT2K
z>xq?!vE8-ol%!><+nIzrbsL#-S)CtO!s3)%(UXr;*B6aUBHE$i{3F|;wbG3bbm!PX
zzYPgVK~Blywn|5+E)E~vth%_Hy0#8<0(G%Y(cNdpQ-v|&VqX$JLG-Bw5rU(sU2&YW
zC>D1Mg!s~h<2ZXZa%fa^+(|d!W@6`m92?AihgV-piD_{_wV;T=;JVTu_+3$goTvo7
zHG~G<cb^!CiuEw4wz;BTJVv0t>P|m-y$eAXGSCZm$8n7R`{Q#mMiZYex)OXkDEO?p
z-5;M_M-_aY#ZEf0PL|(I@cEyk1fSLc_^d)u_h1V8AjQX@UFYSBo2=rG<XCCFRRpl@
z(#b_B%w!d3B_>;V1Bk1Dyd%+{EzRZx|9xAR0CFuxL#{bW^jvW)=!rB``nyLYFSByu
zrQ05ry!9J&_8xTe8IzoVg&EB!V=Qims0iMmgVrLT<zr+E<h&prkX*A{&PmX_7r93{
z&vz3e4by7jwevSqS-JjPUoOOb81&|~?{mdEb{j?py=z+}_eg(0Pi8tlr^hkjcOKb?
z-!8rQH#(?hj7k=AokPfdQLHe}M#H5KNkyzApF~|-ojJ+|R}ndbi@s7DfuZ&`?f{U~
zU(Pam^3!(=awRj%scY$s)S10T?MxO~3$GQaU;Bi;Mgqv4uMp1!@s~VCU#}+huTbX{
zCc{#{zJtBKpS@neUVo9jewe*3vDa6sUq8!UM|OsGGBJ`V$qiYYO{z$QzCYF3v=T`I
z*+nm)!G=}nw~~g>qPYu*N5w3CiF62zD_^0%JfuH^On+t-{gL;8fh~i#Y_7M+(Bq3Y
zl0(qG7Y&g?ui-h8k)*R%$k5|!H=$`y=0|>$t}?AI+p{jK*}L)h?kE25hU#_CY})H#
z|6X^5*X!!pbY+s>&NkZ{x+~}{>f>1|73su`Fp_qbCy=WfjOuV>Wt}#E|5E~8s2xuC
z4LqM@a}E%kQ{f}_qqq6121WhY!k4utTHp?=coEkt@S285%!wn2HG*R&P*WN_o)>CP
zWC`n)aD6`Kyr8QAW$Apb_-AhKOE&S8P}3MGl-J|JH`qZ6W?dpCu2?7OObPI}!7A2y
zB6Cu`R#)FMR;R)0EYh=t6=$T=$tceoa!to*ZXc^-a|8UgiRY}2M&sNEtu?12@vNhG
zLU0`Y3)HE7R#(j4)OtDm-%&@x^6N-gKFtrn8)E9=pYin=z#nrN{uzJSaKXYajjG3g
zv+FURRg_>lU%ba^`q`f3w~t5T$x{UpI2afhHF}KUx0#L<pRl<KVGs}6dLQM>{y|pM
zh6cfL)i^KOCLZxT45Ji@MzFY7a2)$9*EQ=B=)f@-;hSk>5ZGhJ0xK~+0Z;XLJizxa
z#P=@)-@(?P2Xq^Z1l_*~x_<$>bx~-1{|q?Wd-=s0QTyB3!75IG`PU)BFn)T$bfDOc
zDQ-zRh`v1)1<+&@XONr{pod4*X=s6XPG~wPc+(3}MAk`pNeSqyDCUu*^>~x%lmo}T
z9->(8iBACiIE{ENq!*JY1+MU*53x?Vyy3Xl-(M`-^OuC)jl#0VWoS!1J(<woUUIqj
zbiK81Gg7CuccZ75|M*Z*Cw&2RsQ4{w#8&y`J;)i>(>ng~t2iAsr=qC&-^r8hG)HAS
zN5b#X4bFv8Ii@X(+gVIk7UOw1&;2VcriR6tm?Kz>6vR<_&(xs&iq|2Cg=|pY)!-Qt
zR3C}08A<){22YQ`dfW?+@_-JB9gKrfI}0SDYTtQh)JRv~-pqgEG*L?1tT){qwdkzP
zwXi|;{h$M5Vlqo+Ueu!Vc(BId1}h>Lk1uC<J|*c;sCp@V3S$z4PwFl}XSaYC5-mT$
zk+iZ6fP)pj4NOm5X+rM<g7}kA(*(=EDRR*i!F87x2zm%C<?99Sc3~&j0o9%!Y(BwE
z%!wd)#q1s}#%u%*0w&|)KBHWnpv<-#=3xA81AL+-b8OV&od`}&)NW_*r|zn+(HHlG
zHP|HVY{F&O8CXq6FcmMrSfznV+i3z(nag+a%h99lEQ(T%uj?_d6`0CSX|ywDqs8=S
z6z{r$5J${zo47%6cy$YYaknB{`zq&#7CjRG64+h68-ziWD3_8cj7!XQEzw)P(GyPA
zXcI4aQrP=6eWgu2D&259m|N&A?TY8CaOGK-{Y9v=>?_iWdz7p1&7+)gH(Q<8JBLMO
z4vkt=1IraE;Bj%C4HE!y$Z4Eo!St(XK!CHJkICt=I-DvOn9XSRt|w?*_S^#SHu0*h
z_j#fBK7m{{Rxdqw8$ko?JF9C1g@20TiT80jVP!enV|KQvObhA1i%q<O{r?1iwfe7w
zWmSq9l|1dJzoQjB($-|Z!wO5v>TKoAi-L}EdXK{2Ao_0)D-YVMZ2$;puPR_3e4v#6
zdy^TU!Y6`%dW{Z!vaUQR-6`yJ3*IflPRU$ftLMwf$$ZB)5KBLKy2_2@ir<eGqYep#
z7fdC3W)xV9=LFN)CF88(dC$#i{6@QCCLsNecE)WVEynH36}MSUHH(wSxMDhvc23@|
zAMLblH{>|2Q8}5Tq89H!ctXHG(e-LIZ7psG#J>*+Zo5_7X*HeWmoGqL8HNSMGuL&G
z*IMHlf{sG(_tu@)MmpmTWt+wUnc{itkz(BTT=9U_bYbbw?qTGZ=Gl>AC$M_lfIrO!
z-3i*=0wQ|JG58yZ|43Jwy#6l3`UA!LtYE5LoIJ{vhU@P#tUvo@gL6KtzemaXOH;2u
z!SvG-C-O&`o?XKMUulR{ch>6NV%^y=+S#ct#{~7R`^mEE1crC5)wBih9R~&XswU9P
z?0+YSh^YoLk?48d2K*xiU9vq7Uf}0MbtvHHZ!O@bZ7JaQ)s$Bk_pz)q$n$U0X+og~
zv%K1V<O2UqwV>M}^xQ8v7B+CjtxB_WO~vVgV}vmxbr<|7<yUPGdXH@|mmXUxIPW%?
zD?o2?m7EiL?sFXF1>JTi7)T9jSnO7ih))rt1x;{F$=CPHarj91#wJ)No_Ce_<#-Yy
z-<n3&J4cY97~GdICh97{nzK0<0J~aXP!1xsCheV<`gWG^fM<DooxGQbISI-3w{w)9
zXfEi>wyu*M*`ATA`9;U?FS)wixjnxxJ-T#gMJHpfYuvfqp4%*rBfM3&VOT|{4pwJW
z{YWwD0Bzq}E1=8kDW;d|OS5j{O5C~5n0gTNChO(HLh25iZVP$XK#q8iGFZXHt?{(B
ziW{sjQ@N=Jp#$`LM;Vk!$maJQ$SMDYFP{msZu!o@<~vt+RT~zsJ_LCCzuYErEELA2
z6ckrbOZHus-Z2srlzBG%^L>%Abu@IC+f{ImF$y(Dq6Ej0!ypAp;s0j^)6V&^0;6Gf
zJ_tSx2PvIC9{9{rX=Ud)ZejpE`fnF(QEeBHy@D<DVPn8~7b8_ff{q<IAJbQn6CiaP
zPyv=cx|&F@87Qzi=fk|`>99Y%ZopK-KXJPf<WN^bz<b0c$=lGluealJVvxtj-bZi@
znvz9gzjkr{v0pzCX^p+$Htn7+NzCkE;b?lPW@0-!<D^JDL?ghjt@j2efxj_m&pBQ>
zIX?wGO}}PpY&h3tHhWg-pY%l1q=+QW^O~yWP5QlNta&luay74<tmdW&yj+d^9Q6Br
z<W7Y_Q!=>JYN_F_WX{u5acI31D@S;*_&?OWd3+Q_6EHlR16HnC6l6J+5Ee`@LZToE
z379|vGq4L$QKF&*ISeWgVWUB=U=kn3Wfhgj<53@P#Ya?BL`0N?BLPGOL_m;Jj#-ye
zB!nybbyfAu&g^ag^?l#p@B0I?(_PckM^$xobsbGfwRPRzBtdsIv#G_r*v5)+dmn0C
zQ}2v89V0fF-1eQG{&7eg$Js-cXtyJQ3{G%*2D1~u2H<5bq7XS{g|fjh6K;?qTp;a$
z3#6ZtQU#!le&WOyHsgiPxt#KVJAn!F%c`B04bBd0WM!3Hxj$xbTK5j_+q1j_0%Nl~
z)MhEwMLXF3f%iG$))kCRHg#FH%cU!9a_LH&{~e4mu|+-H39w>Fg2ZH<%6)7j?%rIg
zt|F|hVp!{L4qBrar#HjGC=$edixs`Fil)e(C-JDBnGjVp90ID_P<Q-?T6-QCJq9?x
z;gloXKH)AI_&Y=>tKsflkFx*DD%_o6%{KQDc=XMHI>FWn^r)V~TsR0pNxPPv=*q87
zeYS<>OM!<DuH(Ev?V>u)GP3$V6>tc?B35pY-?A0P(tp5s^naGl$P{J_$od8(wv;0V
zekw!ah=HCMb|Oy(Uwn|CloKkLrh%x0SsCDpE8CIDM7TUDZS}PES?t7}EzHOcHfL_H
zFuc737HH3%%iGFkZDm4R8=$QWVMcmR%8`^KY<*=9M31)|qiY1^7xkWKn98Dd_@>j5
zA<tTkN~*N)r~Tw_u+ZX<Lc2Ya2o+*4$K-Rhg~07}BHX8g|7i}}O-H~5^$xhr=av%&
zhf%PyB%`R<n(i5zO4|)aXx#kq#t*`b9K`Z+`Yd^WmaTO+M}Jc?7~qbipeW_WQiI;=
z#TBKjBe#Wg#1`S3-_8&Frh6_!nj3lo(xe5ECY2T1dtTfNekf->Hh(K~MY`@>^7I9V
z5aP_rdTPId_{+jylg#m@7!`g;;a@NgA%;-H_=CqV-l83S%heAoaoR56bciS?>{I`2
zr7^XqpqgQYory0hhEs5Q$E#BM9V)0j;~4KQ-{kHDr|&(T4+fYtF>j?j>jF+i8~=oq
z9oj=v|H#iR{GsU1Fpt%{QYy-JxVyR14i<GnA_f&f93xS<rHh09&SK3gl~`B4)*ZV9
z(V=uzLWuu+585emFlwxe`@i=H^?%o*#^zuwp$Xay!+a#3XS6&#5Ne7$Tw5O13IMKv
zA$Zse4QaOQ>YRqO7LFZ;Ex@i8@#3aClFa@z27aM@$IcYER_B@2VGR;6=;~F7VW0Vh
z1(*U@5N0X6vPvoCi!dW2Wk(KBFUbE8CPA|7##^Wsj%-HzF9+a$yJ!+#m2=ClSu0VU
z#W=tZ&<yrv#$e7+c7*VgTr)p`+irE<g+L%X?Rcg*Z?)Sl1y(}K@CGrdmD8#jUpNwW
zgHQK8K<_0pVg#bb-)oK3h&$@mT1`d>X98CdsSfy|Pb4OA!@F_eBFvi%175l5@`8NY
z)GlWYG^TIzi(+X3oxdc7*#lpUznSPUHCtJorL1QgKSg8`zwD3cL)v*7z)*lf<JdN7
z1uTqiMktj48AQ}mO$`~4l5@nx`+->PWUP|S=yg>B$@AtU81D#F8fPkf8%vp>U7*6{
zZ7+(}77|eDs9M>;82GGfXw0X737DFBwM1DnV7tgx_Nv$OK+CusGa7aZ->x%spK2rB
zo=u661NcBngdD&dQbKb88)9blt%^wye51ptw?<DQF|d|V@1ZacKEDo-2mrr^0rc0o
zuoVEnFu;F}Zbd&Yn($*zG}*{IwkBy7_)~aMb6$iDVe<q?u6tTNzXc0n#c$<szAZ^c
z`!Dd9V>9@mkgJNs@oa=>q4{r04;N%B-@BAmKr#6!cR)m9wnh}}NL<YCleiaHX(huS
z5u*J-SidY!j=*zr<!Cv%+>n#22=%n?#)OW!tiYy@ZH(xcLkYPu#l=7C8%QRIX*YKk
z1RV*c_`_wkV5cyceRxh3?R+ZvyMO~4!}uzWXh&gtdiT5m%j^+8AePS}EGHNLcw_92
zsq?aeyaQY43})gOZwr&+nCcp_I!Lh{Z<IkMC1r#(@!NtpLH9T}B6f#v7w0^AI$kYg
z!mUpxuOENc2nU`mT`z87`-SeNItH40FARtO7tH?$0I#q|e;=L*I#bPjn4C@52$bbH
ze>31_H7x%Z0-^UuyefxP`C}*u9cG4}$19RH{~i8_*lWvCsv)t*X6~Bp>C5>4K#<ni
z-z*zmJZ3TpWUvZGd@ZCv1trlFpMVI2lBEiQ%dFEi9u3rFu@l`bz~R7!7Ym+}5~PF@
zAOwa~TeHEt5xHpAZMo{ln74bCE$o15qouX+g8?qAbi+kY2H(>$a>q%B;ICw7$ccmT
z3^^G7U|zmYrG%hG^U#0;C;0Ft^Ze=YNbE2*eBa>Vy|$?LA(en^iX-eFGC(@mWGOyi
z9-Gbu$7bTk&4Nd5KC%f(7aiG;ghCb=*-BjodajN}&}CEjeZ025RWOLHc%^raUtexf
z(djg}Oamef;vgGD)}6U(({q1ef!@FVau%r9AGko;LVS0DhB0a*+A|ydXHH6<{&v8<
zo@`Hqs28jokMO^21i2hHH@UmuW!oAlafA2-+^vHe-?GKuTJlV`23=!(aSb|Q6@vsL
z3p5E|p+4S(XQAP;PXUEaHiS9(`WY?E3EnA%hR85`<pA}5`D(cRcVmN(4x6i~T`oFT
zn@D5Q?1V!wzUS@z@*u?O;z6hx*_D%^9ZE{i(>%7_kR<$Veqh3vNc<p|>zdyE3plj4
z_AlVjsKm>`p_*eR9QxNe8hiU6lS1vsHFCCTxY81F<vS_yr%BTol1Sw{iW>QEgp%?d
z?k<QPU|set23}FNtDecp0x5(66R(gGkAuRmsHLRrh3bq(m<-g$ZM3{Sq?KrE<X%a(
zMm#V2(qW(`ncjwMjZWVPW=XxjmvJo@$hekQW+!O&Sr7#&27HSJ&EJN5+_g8$A9*By
zXj+d`VL?avs+25&MG?fZ!$H9#RTn%ma5n<ML#>PA&Wk8@9FH<c9l4s+VdrRmP_4K|
z^J#(nQolKb@C0mgG_k@|`W!FKG?l(&;bL+=6O;FgWe@?cp4g)=z=GE+DwlcKo4zp?
zisF<F0AE0$zj7GblR)RWJoEEO?i&MLm-a>K`fyWsKx&WJmByy7IKqMoqX5XGBQahw
z(L=lhy@(Qc;iC_c9wb@cOzost<Hn`eeH<s~QIh_1E?jF|bS2?Po>>&Sx-$?{QIMG2
ztkBZAo>Xff|98T=7fp4~Q{7ssd(~72oXH&072>%z4m%Fq%Z091YWiU&2n{Bo>rrU3
zXhN`m<IQiaxS(a}jD@#84|CW3QU}=2WK!S!Fn|R*z)ApkEet@*2WM5^0szPd=a>Bb
z`MDugef55l(Hy58cvx7rPCry+`Wxv75~~`0nt0H;8UlQNoqixuc~J=~x)eVS?tffe
z?YS)u*n4)3SvwZKOSM$^E+t0{<P`2Z+Wdv^U8<ScnH1vRb-c7}VpYfduE{2>ueGOW
zD(0?D3dXy`-6VKhL6;NXz864!lND4QYT<lz49KV_+C?TG=!xZ-LWHPxZ_SGn{7rQ-
zxv4G!nV90))y7{=JUfpsOa+MReH9<%higpxt$tq^%!^vjKFar_76#eHi*ofAkgM0|
ztoCXUQhtsm(b}%<w|sx#qBPCso-={)$aGC5?hm0U*ew?y_68!;c`94bRcw<==!ctB
z!+y9)jqk0?(00}KCr!cp>Lek;_zl9d9pugqh{F09`kTg3$H&m_vc}N6!{v-&!yz1l
z*4>dOsk>*Y4Cnm_{jFc_v8x}QzKk*C)n3jRro>&&7@C;J@Y)|Vh8|T(#{4%-W-!e+
z%K6WlWwib_V<#W9JZMq79jiw&YpP3TytC`uU%Imm)e#2`owcgRPf%xPuTF}b|7AY1
zIU<rrt!l|xhah_<*wOI<EM6$g4x}naWjc@g8e)Hy6FJfi_-t~w?Z!(<cbUug>7Xkw
z-1|ec2PP6Y6`vZI8>jiBb>D8#aX8ZgOn&!_hn^LA{oUAve0}Yu<#$mXe1J_zRd`qv
zzA^lGoHm9BRwZfiVKjHzJ+uRaoIk&<BlNQcm-LW%NrxZdOKJ#{dhQ7=Olr`Xc@E8z
zo*bFY4p+4_Y)h(^Jl!BT4!ori94vv=U!H+|1DQ5sVeBNuFT?k4r^|4$>`UHc9FN>G
zIV%+-w<K_0a1gA}DplJBP423%OInP`Jd;<q$qGBHe@-v=_lEeE&%}jEc94Lx_xX19
z<<W%=F(fD|?7ATYa#QHW*)!~z-;1`=J%S-AQ#pLLs7DZMy0gMUEbJXD%wUE0V4)l=
zluY<lLOudVndItwBuv^W<kD80`aJ-Q3<DUc11tc5+rj`EbAVjc0|4iPnOp2?>!Xff
zZWgQBNPlEo|AiwCevNhV2ob-hQuiabsk?aLqm`P!-9OqdpQ?Aid>2l`_3oEBDQnfw
z|F|3`y}8ZhFzE;O^3C#GI&PNR({Z!RyxFi>{&tv#KDDAgc_DPaJaP15dku`?*on&-
zgYB}$@b(_lM$?^lcm49DaR24Y-!G>hztkA6zpODhTVKu?cJDTgq0mobur5zB!~-SX
zibrMIDjE^roAP-d6Z47Vm(=f-_7e0U({}a4omzh*awBfsgDeSZ)W%PRv!J5>rmzyZ
zoZV{is)k~YSaqWk7k-)3!N65uVs5fW&|6=Ng$cpJ>rAut1Z_^A?qZZZIfV3QzD|5$
z-Yyb*^-pOe-1c{x)X%?33L<v{UijZ{BF2Z%_WRk!P0i`K-*&MJxk-OG3>R{v*;DXB
zPQU$N=lO#ecu&2lseoAzY%b5k4psKtsrh=;saD3lAWw=__DodabR<I->r1nj#!&|L
zLK?$VU@lUvL)RFB8(1p1EoB-aWVKYL!j6mU_%H-EndZpH06^sYHx&GpLZb4e>Y-xp
zem4AAc5m1Qlplr}4}@hedn7F0=TutK*+OU(`@=0GBrx0BvYrHH-?pqjf!SLv>rY_z
zWXsFS@-7Cn{AA63Whg3y?M{LYaAXGqI1zU5a-vQHSPuaE!T|Q^03QNCec8(Z;3)uD
zg^#`4-i-YHY!Bq``N_KWH5SD5WJnF$BY57pjZ_E9Qlu2X>0Jl;{<qW+TxIP+ZO>fJ
zf7#Ve{9V^lqjI17C;tD-zV`7bqkZlAm1g@|v;7Rlcc|CMmRy&NMz$C=bi4YmI2F|h
zHmSVEJ(5wkwXDKj0MoNkg=;HxS1GNth~=X#;Bt^zQ)O{qUy{*EDDDJipb)sHa$gM0
z%2g-DnK2f#;pbHb%hkh2;=_z!pm~?4fs1h!$f#1OHo?P1j`Cer>2IRTvN9*7My_5>
zo<FPYey8#LV%Z5MzMEys3Rj19CHrRfo87`Dd;6Ync36`&yG69j`ZZX|Xb$I`fl79B
z#?Z!F<v^93RwI^;VHn%DB%`NLe8j1ok}40xI6WEHbL&Q@rB+_5SvSh3_n~EDE&f=+
ztr?}8;0)AZ&B-h_a=~c6yEmtNzgRwkwV#Dik@fR3nJh+l0W1^QOYU80!znAr<<dQM
zPVXRl$|jjysu+ab9~bH$P`V;YF0G7{(>91@qZyUqs<Z)v<dl_i<!>?YsVwzmU$!i*
zUCOP;OQyB52*qoh-n%VEh*}MzxqrdmwI?pb5EF;lPTj+mK2)Fx=jpz-0>#Yc{yBfm
zo>;U+iOn0B@TsqLWw<<5s3$-8KN3#52Z%nwaMGRG<6j6T9ky@u36o&5v{2Jd<qy(&
zJh3;xV?W!s)aVvQngHh!BgiR_iWikro+3HriY<%*PYv4yrt0_j>dy?|;h=q3viic$
z#6FvS!C7xW9ko~EvTL1Gd18^_WU`1C{<<i#y!(H6eg5q;t<RIb|NH9`udh$>=J56L
zH;rWf(DZWFXWZsXtdF!gbbV@mqS>DCxxPLtcWdjDIEX55{oJrVEqGzZ=l@UE=hPw7
z`W!s;e}8>$+o!G1woT#dGpI>~^|`sp<*d)zO_x}o`I|!5=gv(u+dq7&uTRHa+WIIm
zRet)ZVSU`Z@YPTMpRCUv2TkkK|KR@v{<c+HpVW=v>+@lw2<!7gqsv*J#Eq9&AM3`@
z^;x`uX1nV`eSJ!Q)z-&1fGV3WG_22NUU>eK@b%G+mqQcc>J9=-a;gz{uI?J~%Pc&!
zHSt(5UMYAENZv=7WO7LTW<Qr;@zD0ke#4<HE~Nr<JWAfCGv0x~C_SFa$QC3q`vm5I
zki?t~(7}hcM!JlBQ4qq;!eaRg0y?nb84k_PM&pHTu?q2SdO?1-^x}{U+dB2`ofo@1
zE`J%@d=zcWx-pzb_XP>u7og<c{n~9%g289uV{3%Pf7yC*<FOk8n&(Txk8FLf4MTu<
z9iSlqToo{6(<}zV%T&_b=~s})b7+l=x071g_A$40Jfx1<P6v;BdDW?p^xMgSylCG?
zNjzVNE{t=HocLv5zTi=Y1)qcqzJ8x^!N1*STySn;gUKm3sn1=Apy=rkc8qm|Pw$Y1
z5vI3S!;3m2y-zdu{r7AIUkO)mG*mx_n&*S|#@T%TU%)Bqkec!f&Dq)oN#^)~$q^XY
zMR*uLt_)>V_+Ra|8QOjGg$SNmH-zz~<giJ*iKZwS6+kyOh@euwra=UivbDiQRmxA&
zyu7lW;o4(i$oQC!jE@6AK^Q=R4sh3cjYg6U2Hn4H)%cU#kEZ&O4-NdOJ1-pmVYodb
zDR?$L&%;iJ$A{GOsm&0C2rh87r4c6j3f-!PP0f**OJ4;yR7<|o24*u1tkG6Nlehk7
zrk^~n&JM{jep>zNcvEneY79hoVP#{WLv*S3+>G`EOb&8-ZgP2MsN&+-Qx8HOTCohW
zUphUVc0G89V6gwD;k9PNlRYsGa9D#wu+#IXYDiFf_a}$yO;8JH-lpX#ey8M}VnDI-
z3bPUKhDSq<ct_5P6EvF>PO0xk(>&IbXz_pWZc{d1wZ}SOI>-GlN#5Sg*`U;+f5byH
z?=lEBM%i#T{TUCD%_L83T-Tv=e<#{vW7uy9xRl9$t2fZ^WcGVK{~gDEFXX>%kTACy
z-rvwgVz#3xWX%<qUV%*XP|8}hUGq}`r_!l>9Hz{DlKoM?VqNh)Q-_QdCg{x0c)=e{
z33A5(Kpq1?|H7Y%bIzZiBp6K7&uk`yII)?kmH9fa-NlO@ov+=0+^%QdLfZ&h(E+nG
zRG(|c@Bdz)46GV{vjMc7bt&YwMO_YZzr7|Ba^Jwmvif~~-)!zrvylE!_h*+}s!P)?
zm(wL%#4i2kC+gCT?^8T8)BLdsX;h+zr_B!Dr*5#2&Yv|Arw%($-Hr=R<K~%xu=Ge`
z`D=n87%q*;7KM@Jga?Q$KS#3cF^oORo(7mAdRl0T=(Fm!4}k(}>!HBYsyYNyL=(Mf
zm$r>x%hawNFhViIr|EHACBMO9xKm6KE^hCh5zrhhDykUgCb6UUg0T#dcONC9OVf$&
z-V^a?Veakmc^54O^+IxxSDV`+r=Y%B(86G_d0gKV=&5(kSfr=^@Rf1L7(H##=qaFn
zusujmodCdkjOeLiBT+}*yNsS%a(aqWKj6h#@9K2)0x#<Nu30^rDJ-;@_lI03j%Lg&
zeT1bMFv7-c-%qKyD?I)OLlTJU?L_6HGKcPgl%Ft~IXZGLLsKiYP2Xs?-LIy^J~?*E
z%7?~SN*RyvmF+0zcT0lBB2<y5mJl&%_Dz@&8ij*LS~nIb?Q9y8r^K>{t?<=X9R*R4
z8z%slBMG28H0#g26!dGLxBD${a{}RZmiz)+$TEzI#e`sL6NQMxTB))&2BXF_vr-mm
z1gbm~<Fr5+<H!Hghpk7YgF3=+@^vbo0_Ddm9EdKM?FAF^V%;>T+gzc)BbKd;1w|p$
zeGYX?jCDWib(^8?Rb$;|z3ykID>2rs(CZFB-DuvIFJeu7*$s7)@x8_Rd%r<l5`XVA
z^LsH2KUACXy|@P2drhJ4&*g@?R(f4?sM}_&Yo^!T26fAfbyw+izkkT;-Z0kL^}6Tb
zy)t9nHG1948L5I=upGxwKCvx76b<xdq(ZV|xIzT9Q16TbCt`MJWBl3odRv43mf$_v
zsk$`<1>q~hpnO#nC@&qZMl+-E1%dsP_)kDKFcSexJ}J(mXa0JA6uu6~nhqh9_3zEW
zDyJvS=^06<0VcZa1N)B+o;YEUw@HSSwyvl#|BQvdlZm$mbyDIF;uA;OF%-3|cP8$W
z(zZxq-z|_?AQu7Napd78-5R*GP^i=FZD>h?fXk(4*wM8ZPEOQ34CE^`bn(pNU7v^1
z`by74iDdzZnAFuoU*Yf3M-cwUDBckMU4(ssjO<z__V&LzFy0}?MND6WyxrX!@9AWv
z0W_uYiv$^OJqeU@gdG#ho?#EZE>XsO>`u=+D3ZC9Q?A4V#uV$T#j=6zpyHTZ8Hkok
z0~V)JOObq&QjICrzn8=TKG=^a#;v=Z<jpt&ZL1^vz=&7+n;7Cn?ZEC1RASDV`>X7B
zrTxj{u4y^eSJ%q0zI!lO+Za7qn-6lVJG~j-$=;atDVsv$oyBYh4Zd@;O>7?X6GJQK
zPoeqMA^h2941cy+Pq1Dkr+x2k3;ES$MU=cl7$e5`Y%(VOK3;SXjJENJnzlJ!z}N@M
zt2lMQ^=O)7{D3oY+!{SW=jz0Bk>P4<fli!ad!ck0p{ZE54`m<1RE#i*Sf1+i<Oi`_
zJu>_9P`vW$zl7ot4XX_7emJf(Y;@=N9--{-akWD)DiB~i7RD*SCSG0eEt3hZ1H|C*
zfYQs59>nsFz&pM;69@q3;midL*3~m@iMhPY>U;&wh&6G5L;%>v0g3@&)KvmX4F$ft
zz_gS7D)bHEMxKljxq%V&M-Q|6ByVn@WLkqjH_!$7Z)KIYkYVt!V^NF_*h^IuJ2RZ?
zA-Uz#cgwb11&%1osPJoe_b4Nilub?sNRxgVto>$fqZ29Q9#peGbLh0K)8CiqxzhW`
znxQZuVBitFwqC@Zf;}vPugqrP!J^NOv!bF})BM2{t6#OD>A8#5`3hT@<`0}G)t5Lx
zDgdl713Uo$k8yxj0ARn`1W=0np99pKW&qBsLoe8OpC$|d2B`jT8N-0@SxLz<d|7bY
zs<`mN{=)YxCER1(ZPiMc==SBm**10WnHv}~R!H7!zDWROUd}cU&#F5mgQQl%{pH27
zUy(i3#ZAtVtE+`*ps^nBviFxBA=yzqbt;ib&<(-i(B)ay5Q1t#@`Ey8E5;&9W~K`6
zQCZ^R0sZ`wWbfcT7@|Km<ypuiH?e6N`|B4q{0&q{X=@&PsU#!1py-d2;>4lR7Kow3
zehrVdv0vN9iaWNC6}SF0>ueyv=;Q}<=jr1c6~Le;>W9rbK~LDvZ^1Aqkee)idt9Pk
zt98c{1(2|wJjDL;vd7tPHqs|>q!^Tpjnr-&=?5^<Lwux->lta_YHg(BXr#q#q$-W{
zfw?r&iR`bxrCI)?@jl1K`#{)utrr>Zy?nf1H@(PsoAL3!a4<ODrw-zHXPL&^V)89g
z^-4b8H(|UOoelia{!FAJ6u6SU8jayn%Xf%nA{%eXR5siP#l`*l`5$K+;9(l=%g@kg
z-(-LNtwQD9Kn3IOINr%&<Bc(l_q$nV!o~~z`K}3h*(<vvjQ84OG~V|P1jqXy`0efe
z384Fgni~X7%$KWI!z}~b_1Gb9fg{<X%SC0Fx(j3|NsrLmyByx{T7%>wmfes0Pwzq~
zYz>9%bb+i#salFjR$_j<4htdbhWh2ncw}t5uqilmaJfrkSZs2cU=WiW4al@#EPJU1
z9UYL{aYA>p)}WLAM6>;LJx$!v0`PH~gRM~GEbxf$=Wm1Y1`nyT8w1L)GoW%PIENd!
z;dI+`Oos4SAqZAYwlyxcXegZx)k#*0n(LJ+_e4w4e3HQ3xki0*J-1_J*i$r*Vb4th
ziRV`J9uS22?5I!gxK8kGZb;qE)kG!jv_9raAqYBZ2Tb51iipe(LwJS*RfVdgMdNJF
zX-Gc$fXUr0u!i<1!y3j#(HbUm;deIcG2iO9VO+rk%(AM`eu?r|--a;F@9^nf#J$dF
z890BEJ<|pC#obNWk2_#8;gIWe6oAn(d|mzZ27oETjVVw4Z)`N~b$ObwPB=nx1bUEN
zfuD$VKTjs^$z*8*2g(F>?#MVCI>o>SW0^p%4NmtS%^{A<Hlt!Si%fO>fi}=B2y>j(
zO8`QLFrsX7w>BVper4t%%<ganF^xbjle(56K?p^+LQHO_r`QT#09+I8cG=U@=@}bT
zNbXbD{s+_{d&1QrgrCrh{%uv%h-A{>p`TnfOFO1buvlJ+$Mr*MY6}!Tt<LlXTy}Y(
zj_rGkVzK|Fv;}pK5-u^7u{4!^Qc`Iu;mExVBRD{pqHkf7>0RJZQTYB7lUC6*f;@>1
z%he>E@FiLK9NClZK}L8?TNQ}S=_NpQh<Sk|<tSSqK2p9;s^L6Po)Dw2lVg7y#C1Bu
z>{45dHZInzM%?~=de~xVVa2a6qwwREYBXa=Pj9qb=Jd2r=F_vBjQfK#w6}L0b_u$C
z>FIgr+2HhGY<+Ed_UhA<oF7No9rPIr;;&&|f(UU<v_3yEzv+1V%LB%#Y0jtSr)h@*
z6w-*tZO2`BE0QRmE8kk-Qj@|5vvn>fKNpCWK?-bkUkC-(;R0hk5Utx`1o@*_J}ych
zNcui~AelXl19{~N8c3sQxW;1HhVyU_p!IzPd*aC^cwBn+k@<Y(-!QEF%jYq(hrbi)
zO9QJS0cNGG61@{qZAz{6^=8Cf7QP(2f#Zu2RTifQiRsd)GUb^|Qc|pWqKT41QH5)w
z2l1KRyC+CO*~&pMB<woQIKxwD71a5U^BLY<XPn`Ul&JU9-!FFDn)w{8T>noUf`2vx
zE<@mutIUa5XpEK>;;nI(#C06$xrJ=29C9}F`t46l`nF5`6{-)N#h$goc0;ZPqp;9;
z3kdgLJ}A69Sa_GQb<U9(*At(aevZE5hVK-fGk1dniqAZDo}dN;)Pv_kJKN!cVL)8~
zM!Wz>c*M7cO?lQA7D$ee5Ji$=IV27CeZqHRK(m_(E#jW+6U4ZSs<qIJT;iucu*}DU
z&m(uo3BFdb99^%cMtjWRluYR*3~AIul16x!@kEm7)-;b!)7L^qXf4GgiZ6%XrgP;s
z!Gwfj8Jv9B%uiPFZ24*<lUH>k-l=rzRL13Yiqj4E<chw%SCDR)7*dOfj;y3dD(h(C
zHmF7NP+oN$=Spr&b!{A#rp^Ll17P(fKFU27ZIli8DEF92O~Z%sSFbQgW_LXnzA0(D
zye7(RunIbDs(DR70e-}Y6lD+^8C7ejby<eenp|2f0Viu^jHeb@#fo#CX}`Ih{Yo-A
z3&ls|(wVh_yN&D_pvoRGBzZ!U6`(AdxlM4dW&mqs&yYPK5WiQ(3;y{qT6+{JazH{1
z0b0#~pnKr63`vyAz!xN2@k3Wp$nm^`@-Galx~k;csmKmtdP2^3a$vP9?WlVI>w7n$
z_{1Pj%weN1+a9UBrheYD0-^-2Tfo+azTy8=6U?C7a5xF+b~Dy(zGzv>PSTIVWtKDT
zG{webhg#|^3AJEfJH#q^v)Hz!LV9LV``s4fk*A$5+U36=at5>w-U+vX=cM5C^`<-G
zuOS>CC5p2xfLoqJ{`n?=_ksY&J|uwW>57BlRIECvB3_{U<wktk98El;&{Vpemll{x
z_e9f)0d<9%_BQRbdvwU)xjnEx<i--J9#0qf{V6cSdauE^21jrMAHgc^gEWXIm&YSL
zSwoLF`O$zz?0FU3RT+)YId9}_%sK0y@y0vuh~rEE>AUmm4k0|+U1lt&OCy?;Ly~r1
zA?%I7!EU1dH2T*+VXM_c8K-^+HZ?xV&eZC4|8SHOq1~1N-c`<QpMUb7bhRBcdFG6H
z^iBRzlWT7e-BezDE%K&P{%(wc&z^V$`K-=_y=($~&l+Zt4|qb!Kbyrw)<0h_Ea`nV
z3LRvAfj`PRr*bBxLQT7HoxXK<<LLPhKe_le_Q`4s?w~1qaR=RIa^>AjbuFoGkE!lg
zsynj>>r_+SeyZC^b;nJ0hb=)7qyvrP+3<11q+b3oj@`<JAsCwNN6psE{AbhiBD6bS
z2)4`dF!mp|dkbsVf4kP`E!5~0|FF^Da{;}Fb5;XPamjzk!eim55Hs&wsPx#Ki^GWI
zhu>u|@nPa{XCurSfN2p1V>iOQ127H3VCEWON&sdC$<|-*y7(oF`v_TGB&Y-7tug49
z-@6>&N)Nu(3;e&a@YY~qE+eE*13iI|=E5J1kdB|ZPKYROZ>ll$a{D{%dlfbHNaoJ7
zhRdH%0JIkk==Yt_i(bKAq_JMiV4qhDgoBaW>cT$@B;>y~B1pp;nuZ6|e(<f@Q-OfG
zuI>PQa0-6V7W|;7E@U<4Y3z0`_z6{jCaz&6KJeG^fo$bVhyNh&r!NKmOM?F(QmPO1
z@xE)IXH$Jw!ymT~B47H)`=|SJ(IL@)zdzq!=)b{#xBo%^b^a-mveE~cT700Y_dn<Z
zu^9ut_&|8`ZG^|6Xof^O4%PMvJJsd*+xoBPr8uc)KW3%f{9WK8^+sNS3p4WJLjiP@
z2jRDwF8u1Q^m*#?j~zj&_kJ#qqgwE1kPMTc$;19Z{s#U5{wRFZq02rts7W8FBIPki
zdTN)u*=O7EZzQPqK=&H6CNP?0&_0|&!LI_fOSBL)c4<l)Cw28KE#3$PM}**f5aOC!
zFjXxkdz>HMYY$kv30ML)`^|sBRKa~6E3D89=d;33Ev)!Tvi?QW?FK13{0&mp&Tjm<
zCCnzcktsJp=8lUVxPKy}`Jdi&1hZh;)X^UiPdQ&=v>4LuHFLo>thBmNb%IXOGdb7k
z8I=dIv1jU;v;O!3MEc38PS4a#S6ZD|{;WVjv$1yb7a+0qGYd!*C9hvxcp(qdOv$cI
z@_uy#{8L(GWuJHVb$R*#x~Onfvmu7AkP6th{9Abb86$k1+W}UjtWPT1e>Y@EvkOK8
zN04%epzG@e*FJ0%SON)Wd>Ch!(f=<IG!s8#Vf{Aj?YV7P19kKpj5cjyR>4>4R>A!M
zAcj4L=Zit}E2rl%8=jP2L4oL;({l@ED=J+jLFVbJH2ryCH7m-6Gtq5yCSvEgX%2Rv
zYX_mT*@>=+Bjiw%wg`@N)0nj6t^^o%sB=0(PjxLAkpC^bs2UWK`BIm%eaAkJ56avt
z4fc?pAvQb(%&J9vy-q(B@q+6?CuOqf)+`|>ZzCOzepCP*&3#zdKUkQ<3S}(3C%6`O
zn+_Fo(6$!PSgBUG{1>s^=Vky#DDj!ed_kIV$ORnop0K66OZPvS4KUc@v2#uNvd&4K
znN~&*?4TELkCdxdq2juFHJp-wH#C6rA)b$%X?wKuQGm`zM=o+cl9UVlVyG#0?--nq
zrdsK2^x$Xlc!6h_PBA3xIh(DvTQABaejud$m<iJU6-Isl_M~d7szxv=_xS2QjSsOe
zTmmtL4E~!-4n~`wRr9ks|Dxn+@AOP$li(N2ei0~8DQ%VD*(8EzMKgaVBR^25ehNo&
z_$ph2mGml-h$kK9W54kL-XVAzbyq?Bzb!=5`aA<oTd?q^VBw9X$$uL2ZR7OUsZYPk
zt<b_SY395j+(C7$4hM1FWzV$`OcR|PmMuhoX?r~xzYOs?kpbtc>8PEUD$!z3Ux;iq
z)41A?v4T`nR0GD);usnxFb-JMM`y`d3&Rj)Y%r*m#!t-r(<XcRz?W6LY_R(GK+~+n
zqL2NH*xaq&96_VH5DT+{g_#il9t&N;LTBW>H%-+puQ(|0jTs<8BUJSY0B9WskfPJ4
z`X7*i(S|1yzCFf}=A>A*ANeYV#DJU^*?j+?FwIU!LI^{Q{sgu=?jun1aR?H!_U51l
zt|ORP?RT-YkAr<`lM7yf5FB>67)R|E%)HLOA+1U2YP+0v%w3jMlF=3THyn!b=Hs+`
z51YFDpJ3`led-vwuJt!Fk?&VTzQ<lh)fRr>Jsu*;uA^So$Kj|q7dFSy9N{3oaJ~^e
zoKor3T*2KIG0rn6FJwxNe*_3MHGxobA3brk)8>!JhI#!*@q*6WU)Xd}CiE=#|6`-@
zmq)TkF0fF1G><6STkCG;$K`K=Zv6+)?ff|YSm9*sSi)?{7(8LCRC%l+=5jpRL`tbE
z**8;MylJdBVTCziQOYK%L)A%fVw04y;=~O+;m}z&s+&$`i_5AZ6I_RiA>No0xpGg;
zkhJa%-957*OHo#b+H9q|XuC;%VXrscwz4PtyY)<Ypr{Rm*e$IBt38|lC8>O^+v>7Z
z`#wemx5-PhkYBum=B}Ee@CaNr0)|(3C11ghv>ObSd6uC51cBb*KnpogR_TmnL40~)
zG$^a~gPIleZ2qgpYWH0^>0^^c@7!oK49jNR?4?f{qhRd8ywg=`0otxti;IQX48>&c
zV^$uJ?RWLaTvR(_Y@lSgt7K)r%%y`c=Il-t7h6lt)XnV4*O$$+U<kaiHc)v|T((y7
zc4uw2SSK!S0vSR}&IG1y@i(M=i&gANEZY`EQaQ{;%33w{$q3)LiP8VxZGR?j|0Qbw
z-Eu)FVZ1^R%hus$<8%}nad4Z4dGuoiX<R*I;RacRF)qoE3;~-sQ>wF+4Ou07X68V?
ztgHwLvnr$xrvU-ebOg*6x30@!*pdvvF*eGUvvP+&2Bx*!K<RdK7&(p2>98(G*;uq|
zY#9FKRWkfzEv#iN6y4{vRD&)WBAobNoXZ0*4Fxw2m^AU3Ru-du?d8v(Z!ZI%3kzQe
z(Yii=>kzt86-!FH%FwUOO#SQao7d-e!L&ZHWn9@}{7ApQwEh}4`8$~Nbyn#WR*76N
z3K_h+fPM9uQsDp79GN`*G-kAxLb&9*`SA!8$8hJr=eeP$6k&&XlL7jsF^H5JAKVDC
zKab-d|2*~+g8;$3khnN6j?r+8Fyp4oFDzv{iXO;GfeUMG|C&+kv;@?luVV(XL2%zQ
zs(%cl$vio2)wDhA%?x42jqDY1@ecMDgU@I1$}aV}`^ZM}1A%UdM)l8-XH`?0o>kMf
zvaPFh88VS5@rf5XAF<H32f9~{?;IBlHbYuwcB^Lh1y>H>6I85W+qZyiV=skoPOro2
z@@D)9>*ZAT5WYRhUS%^7>{jVGHb<GWiJ`%*gq>gA6@qdNmBZlQJBQ3P(A>(qh{q|T
zdN@sXnL{xatzZiUEzQQ$H%8ObTG^$>%pv_<YVg%M^_WLM+g@DWJWPW^A%+zW<DJ7V
z?X^qDrnSd<A|9h1AnR(reuaPAT)N4_Ib`@FaU@HH#&bh(XUuzqWC<L|4nWBvK$!@%
zjI8k79bwf{`Q2A;_}$l)92$dii)Cfew9a<^2Ix|J!=r(_twM^72GvM)73^W+;=wky
zy2=8_JofI)p0MMkR3Lt`^=%M|9$Pe%yfJIo`m%%A7NYk?j1PL|A!6YN{)dVfo?%`=
zSL&hM1r06q`l8}^H8N!HaEI039PRV=%F6l-_IgJU9w6WQ9Ap~6y}dDALnH<mA#Rv#
z;wc*IM!C}0P*&D34&KC-vZj8aLGA!CcP2KmgfZ>wk!iauE94Gm2c~u3;O=E)*!#lx
z_5805{Q4@{vH^HCN(`?sd2MZx=D9!j-?-UY(HzmjXf~scB2^mc2_h3YjG?Up6%f=)
z_BM%O6jjaMjfue-nzq@uiEZp`0$|Z*mxWN#B95X%AwSJ-HAaa<MXVA?=+Nx?NeJKH
zr9#X#PCxiko%-2qGx5wp*Beeh0ORFRz6%)HR37eWxE)%Apx}a+ueS9P+3dL-vg!Kv
zWsuDkZ~qmt+3}WvYzW#&G9l0(acCh3jnmAat>Mr!IW%A<hkl7e0|yL&zLi6-2|_R7
z&>O;`J9220%G_~uIqV^~zYx&cH_3qn{Ap&b0-@Y+q+olB@6<VPFYpaHuZQTcs{LlL
z9rOlxr1_4ocfMbKGhU0QN_W8Om(v-qIe=up(!i2_62e(hNLwz}mhVFb=X;yKj-6RN
z{c=0gB&;)CpfgW~bjDpA+7bWl{`UTB{Bi!){#N`$af18S;O>vgaCSD<`m|{pdntuC
zdU^OT@eKn$6kV$?c2SnTl0~C|TCaX6Nw@^IbbP~zEz2)~EvH^LV#})+!<Kcg(@F5T
z2f;ttbRL&b>4te*TR`|(Zy`TPFrpXLHzUb(=^^&-e?fkX)?`N)G7HQ#39im(rsBaJ
zvPmX8J(I1jv_HkN<G7`tbSC}=F2<04UHoQ4=^wXPHc6#_%)rF3HL7?g>*1_(vj7|C
zfbX-*OH+dNb?WlrtO!g+-U4~)8}Lg5wwUT~ulobaN;i;)GLfD<td7CEAC*1bAV_8=
z=nEm9cdE<tSS{r-U^3<i6)cG5v|lA<yDawI3~@TIP&a*kAW&XW6c1gVbq+R7b~+K@
zkLcXSO3*7#bnR5Ol~+ue?NWNOPuBWh=R;{RT;Niw`<i+s)WB=;{FGI?N;1$q6HgcL
zh{%^}V%cki4P^yMs6RC4k7FB=r2Hf+7nGioGK?+V5SvpOU}tZ}(K()B%F<t>1Rm3U
zm--Pt^l%o^U5XWh^QjGAb_lZfjs&o~XIlqDvqoCdIq$7@NihU?2kX-NxG8sXOtg?S
zJ11H8=3tVDT=oNF(Pp~5MTO$9iY&2tPN7^~UP98W0MDuLp9KHq$!x7ki!*WSvq22h
zWQ>L?J`H#ADM$PXD345M^Ss(BE8{aEnQ0s-fMAVBNtsgG_o8<J@{qiO<q(-k-T4{$
zpDO_Q(CR$N0>O=Vj?`o(JOi3oWzYCbIeok&4%<}pU&>|YvCGO~Iq_GcN8~E8?1Naa
z);=ItUWk@UFIb$AArm|zTO=4gBG*acfQ?RzDv5nJGUS3eOmMehYY1UC1XaRLRbdEO
z_DO$qPD;%XCF3Y&-v9^~qiN8~!mXlQx~dkQm2GnAdHbXha^>M@NFAf>m6n{RFWw?`
zsARIp4@@5Wj@%&)Dp6a^PomBFla0-A%og^abBj%E-r^^*`Ou$q-^cB8+In|;ZhwUS
zkJWVC;Qo)G3qGjp!O~vg+ZUVuRF_i3{!Py$Csc1tm8|4Q6wST7hV*@&(QvS13m}#a
zsiT-zR&~|kK){#D9!ra31o7#;w8GcVbtxGRHe{<y8B=U{U0>uFT;$JSkssQbCq?HK
zgHuUs!QBMo1wV_)jyF*7fjtXp@yV<h<2m5s|Kd{isL>6gXz^X1F~zR*cL67hW)Y$g
z@!6fq0V#235CbIe$@m;a_9K4>13Ks!&>wqN1&a<A-f6!T*?nLR#}R?bX#E+o^Yxd&
z3wDH5c_f-mhot!GS$~F6e|i1cq+V?O;kL!F{x6%?zmTnev0?p@yhE1W*9%RZUB&YC
zu0pBuOth@H3QCJJ*wQzT!ll2O$HQbp8zp7nDxW4&&UcPG1sm@`kMpLuk}0<fMcbFd
zCsg4Rn8npj%So_)V;^LUYC9tg_5DMzg**)ETSzVC8JXuyADQoN=~9v$vKQkqWaTk3
z_6@br7MbbvFkW-enOI|7?JBVh-5A*HR|cY`(tt%G4`{YEriQJygdWh^YR9>INEoJ>
z(iHG@AN(=LNNx$2&w3PaDHq^o*zS7;F(42u6U)&4ytIm8zy+srTq>=zPr6sCJjyVj
zN>WaQU_jE3Yyo~C3^4jbvt_rjWd{t{3K*~zezpK)7`jErfh|(n5AJs4|LhV>2(TIv
z;DCM+lKLVWg*S)Kt}-PTrW1pmu<tWoo0T72eeh4h{qc9)BWRVFJdz96_Av7<wqC>d
zGNghno9_&|9fzjj{Lj}HH;|cnhORH#tBFrQcsqRT-E?P9K|Q_m0Q|PVZ$JG$^(*_m
z8-6P*eIFY{Ti<*90hG1s3@_dCUp>;04ce*>C}N`K-To+lJH5#5W<>)iEVI8CNT$88
z6=H<$8wl!$LxF(51JvSw?fi}4PfPf(F^{{q<KOx{$!WFOeo$ILM8cRN0dK@|)yMfS
zN!>GtZprf0Epw=!6Y?(-FTM0I!};%>7z2i)#Jic?q?|8Zj-XCfhEhT@;4j;Cf5Y2?
zt&BDk4e<h$o8ZPqRz_GQ%14cHx*2Eme$JV)96j8TOWW^#AI4LNm1^8_e^<X*Y@w5_
z>=|K|(?{5fJ_eR+cX@7+m0w+n=gs@=uuWpwe^8NrKw=D+aX?0bDks5khAWvEuFbIJ
z{`@~;6|f$B%RS;!+(!h%o_kbI+YQXhE|$&JH{PS{kcJ!Y*m^czr?>m}_`c;R!~P#b
z_g|pDtw4WBblE?H%;WqS2@q&;=vJKoe}+xC4bopT6ZuuK{dXJ09|!>X1=O#ekH`B(
zkRKTT?dDP*vvL!cnANyO7FAXT*n+z-W57s^Vwt3G!2J%e4LFTGW_idv8+>=#6E7Ye
z?7vItuCq+GDIa7KCR}NHh6DcWQhOgnr5}7M6R!?vcXcT~^@$5$8N$A*eE?be8szL>
zGE{M4rt@*%qlVNoRE#Tm99X+-`H{GL{0BPjK<iHBEI8S(-^*1aC>%ow5XRbVV);<C
zLrFv?el&!MkN&$%-0n^Vf{=hxY&tF}^D(LgLnDe24&!ht-OtI&E?3%tqBcG_t)%Q=
z^}$lH%*#2s41}N}Cm&T0Cub=29b3!q`C6uIGUF2>k&Ph{#J6DBgnRo?#H^t|oB279
zXAz1|xSvDna7>Ia?pa{x{jIQA39{18Ayd3`jLjCa5}s^`L%t~VP%>u)^!EN>E90fl
zZ$rNN8vOnj`)%NstqbXRu<;&^iE_j&LUCd#D<;5&`^cqwz6J;^@VmKm;CcQY%;(DE
zCBpuxU>HQ?W{CW;wp>A=T!`M-n4$C=Q@B`DHmPqH(jJ2eU`2ias#^+o(18tFY{6>v
z)f*4tIjmkt$o~O7X0U|})^xv0xnfVt-|Fb6ETRx6o?%w9Z}2>3*X~2q<l}*W9>ggh
z|Ifw$Gx7gq;7x_NZk`2PneZy!Su$2BCmwc7aMJ$QiiYI1`p3J-;@H8#-3)@pP-4mj
ztCDHA;PwyC#G_=y5EhavVxkaahQRo2F3SO^%w_ZE*n7L6=abO0n2=i?b?M$*r>7{-
znRe3M9$XIrkgbp8Ne2Ut9tZWC{i4GRwvfRV18m12YzehP@Yh5c;n}g#<I0oL)&!^0
zJ%!7sAjjuR>5~e;0H}iT#x+I1`-h{-WBHXpc{S>n#SX#gEwG;yC&oT8vJc$jX4=PA
zXC_RZ%q^(I^50`fMofT_r%LG$J2J(x^H?|@PnfVTrQ)=Jq6Wt;mhI&#RdM;X^eHF*
zlxT}hV_y=RXLg3Kw%5L@S!^YQe9PS{{5!r<3uM2<IG~JT;R{unH;4AJs0z6%69;AG
zs4MZH3@i?#Suq5Qb1EmL%5#j*owMMP0r?y|vTu|seHjLJC+09-x6Q=sg2$8h-$pT&
z38K51;3=maX2R+Jbm5ejiDfV1F3E+{JrJd0(ny)HG&xYkq&o=G!)4O-DVw-i1>=B*
zKs;ctBifp5X8#S{3|y=U-xDK7=-DhYj@DUIM3h$A@jlaIla)IJJy_3bJgoZQhaRwJ
z_MCW}98xDBX_KIeg8wu)@Uhu9P^~A2O?3{#hi&?DH>Tyj_fcAI>8r`^(Iedx$B&Z~
z$zGk=e%z?81=?D7)K{zkR;<w7!?@N3zUiiAZj8&^Q3!dd=sQ?uc7E_X6MsVknct)N
z8nZ1#uB>Cn&pHbp3h?-u9C3{yP-o;dUil`j@en2Hw7$lRX^n$rVi~G^OIPwWW@u%f
zG+wIovu%s9%U>>IjYIR1{)P3H(!Tp!>;2MGwBGqJr3I$-E)1?WaI^WGn~}a?A*gV@
zTG}`({G|9)5?i<e8$2(eXM51YCU%{RIOIZl^xR61=q|zbo@BU?r2ON@oNOBb#k9JG
z2Yx^xG+gFa@y0EQGaYwJxS%0NWYUhR*F8d)KgsGf4^c7p3pxBNN<5_ahONl3O$X8K
zN<_CVVZ5(A<{X#TpreV0&_xdz5~3U^n*SzSxekmHHLP>Jj#$Swb`x{?D4e<c2NADY
zN4$W2(rBsj7(+a^kY_Fj@yH(MFX7vde+%CdX8%S0qVFf=3n8S{95(an&)=f}HT(xA
zK=uC-f9JyQUi3Q~es^WR{W0w1sR>sJ>aQ~#g5L?!$i767T&mUW?61Ek<qa~RSVB08
z`C9<|{{X%r96_(-?Q$%eRiI(nmj$6%*5h9!m0h?sNvQ9<IqUG67&t&wVR9-^OP>e9
zEuYCijF#?X^flO)EiN9AjD7|TRDJyoG9`ffpXFB&$MqM2E5IVW(UH82@|Jcjyno{T
z502_8DY^El%(w!5OaG}AU2GS~bdApTCL5d;?7Ar!X353`0OdPC!E6)Dj={CiIg41n
zHkx>S=JJm8<wpt~_(it054jt+_5|44Z@Qar?bVq*C%JX54@V+)4*9hW^ntFhv~dCb
zqU*$u9}?M9rNM^(n>G-<C|PjN0J~(h;VYoV#1`ETQ=hJ)KJA=HeS(hsaF^bZ>&8s(
z8k~nu+g_v(gX-(U*BJeAvNia|P)C8f>~(&LR8pMGfZoxZvLsI?E3z|@=vh{@6g<RB
zirY}eG_kx8qoOUkcn~8Q^xvg3y9?ser7e*D;kF#_{;mz)?*yt5P8v0!JH#3F=0PYT
z&w$*%p6*N3KC>IMPZsi^@apS-`Y|NXI=D*1&sFY;kv&&aSl;f8bq%#x{R=>2%m!1|
z$D*ycNV7Y0f`jAOq;ZAriIdozD!J{YrR;0jV<wN91Q@5!a#rh$%<_Q`>Y3&E*4j6l
z&^H_F-(+8LjhQ@oBz&bhGwy*gh9zxyv5ytk_c7HTGQj_i*FHAn{s+g5avKJC+r)|P
zA*KOV*)Q_Vm=EBJmKtwCjc1Jy;^vt<b=*vtWW>#%FV^TM^XnPNSFI>`R5IBYi)HN^
zFr>3^q!Y{9HW$$P#}4fHmqbHsTuh^vODBzNN3qjWY<GGJ;#_IR2vy6{5LFl8xys*V
zE)bn0r4M)Hie<@Y@zM~|x0Yr*BvggFAdX)w1P5S%)>1~ZGuFF2JyVWo=NV<Ua#Ve<
zoZ)5Kad-2;>hy<_r~U4qAB>OXbl63EYp|rz4REF9!O%sA$ead$te^<e9!OdkYDkl%
zY|JXz3pS8z!3MH2)CO{GM0=V|Ipv$ko@TqtvQqAFZeUvXZDJW1d*^uX2Ai6na+K{w
zyT+RAA73JSnvLvbu^c1|mt_su)X1fkHvfwz{_jLxP2x$T3TCBP_G&9SwN{>IV(WPe
z?&ugvG%i9U(LFqps91&xS+!`Q&0oX=E?bd7O7;N=+b{zTx;$r_|KA4!E>L!{RV6j`
zvnBED3o+Nj#tl1jCQtGngU!L^4BSyVJ+$_|Yq@F+bEWo}Le`gYvZs}#w5aq6br?{@
z@bQ_Y{%7F2HaSXs;%to0&cHVK4-2w0xq1~Y@Ynk4dO`fZ$6}11i<YV}X>6V`?^$II
z+pD|40<DoPXXFki2B&pj<Cb&05-d(-j<N;~o{aWRu}fZ{^{L2#D86XfY1s-ks$lcP
zR(}p5_dJwm%GXjZY|h1tt=USQTJuEXAT`2<{kyvIWv(y5GytF)_6!A8OEuZx9z!eJ
zt<d*W{S(?C!0^i5iHTRsPDqwIslyg$TK5y~?pfYP0%Nl~{E(%bDB8#A1^Qq6Z?x||
zUS3m_Y_zU@9rOuoI@)3gJ4$4jF{7<H-%Ox7IFj_4$<qs9Je{AwGzc280ZN_z4HMQK
z#~&JDxq+~LmMf10jf;;(woqFmq_DD?G)`ZCRD{9W6Bl{nOcZy0Ab#}Pm71~%qQZ02
zi)5JpzhiGPi^rkEKp$Q*5=mLB&bpf{wJ83_BHZxMS|UA)+g_ZDY<q#>^PcZ61Z^+s
zfYW(jhZUjgaWy*~f>f|m=TTObwTw(JDEgg0$w=>TvgK+iRN#0B2;cn-dv-lUgTZ=b
z=UkcWF(l8uwUVbF*kd?7kEu@243%}=sr(^}eYcW5M&IYq9;2fxu}+><XRya`iq7M#
z1iIuBU4LdP#~Ioy=!mA=i}$7emq|3)eg-Zbbt&V}8K7Z}EQ4MTVC`u4LCE2;bL+Jn
z?`*If9}Gr_vdIY1$S)I~H`pIGGh+0cbKwq*@t2?7oWD4g?v=6uhjlrp7sj;Za?YJI
zL-CpHE}cQU%OF1gRbzRdHGrWz0V`Z-fVg-^H%|}jLN<zU3$<$^9R#oj4+2S3;ks%X
z9CSuIBv;xY_AbOT0Yw_ykPBd+!=zX0ByMfVV2XUO&E|us4@ZjSRuUkDF`9HT>fw<S
z9vC~`ZIDN}WZ9reP=1iBt0@m;wH=OMXr&Cap@~)tN1NKaVeCXMT1^^1(ydD*-!-Nd
zVU$&5hmC>5^643K?6SWvSp-cN#D%F__2x%To;+g0$nj%Hn3}{SsS)gpCSht?V+!H;
z22vVkV3>ms@F^P?hM@E6x+xTlgYpGX=rs2IHCn$m(DOFlFDnIS(n3(vs!?chWfxmr
zb)e4|0525`y`~&fmzKgacjo>G9>U_-9Bc%1`!HEw-?F?Zjd$cIZM<VfJv3(Yh;b9x
z2(OWrPMA1iQ~@h8jdyvY;5tFCO9bj2t`FCp+D7RItZA;G?(}|_S$8UyD~<lz67|tA
z>f`&hE{`4e@EE>C!FHua#I>!MyxFiIwSr+m(u)7if-G>@qNq2$m$#$d#NDrt_X8)6
z*8$^w))_k9>MLlxwkY}nSq{I7$M@wui*RYx6^GkvA-AY!ukz?x{G3h(db=RO^r7iA
zf+c(e5CWiz!jEG6ne>cd`PtuMZ3HDet_Bh*$NGClYEwF5-1x$YliZUz))!51j~hQ`
zglU3X@`04_fvAF}Ys>b=BR$N<Pt4(xhZR_HzNF+afi2%wm1(ED2ZV{;*q3_$5<O1h
zk8e=t=d(W+xLjDszqOFcDJG-0$ExE!>6i*fggeJMpib2WdOS*_ZGM(1$`77pt{oIS
z%iwsm(G9lJ=#KL*?t#(SVRU2X(CBKTNa8Psp|Md_W!kXMwKRkwIWz<-svctV`G{=M
z*mHX{A5mO1wI4_23DGp7KaLqjR91i^%8TYB%IDgQ42>DSJ;F!|uy&jonuhdTLmE;(
z|Kv7(NY8s{NCna61v89_s$vuQsEX-vdp13mQ154JqngV<F_+3;;-hM39M#7U;HcJU
zquRhnmA<?gjq3aRv{5}aa?*rx6CMC;yq0mOV)vwxBOWvJ;Pnk?a2xoSH|T>~{1gpt
zTXf|0+D1c}Ie><u(&Iutvg0&@T5V)P47Cq`fg!}u$od{NjBN8*99b&VIlZxdsgHgP
zUdq-$_-X=n@|gPJJc=p_omT6n6YqxQQBUv(KtFXqe*j8TxAF(zAL=^(0K858X1am-
zFN6mz34<ZZ9uwz4+a{J%Qj-XAp}yc1dqOLg@Cr4w;%i=UJhb9lUQrubQOPSxLMvAB
zR4e&x-rlb1BVdxK6i5j;^LaK`rBiK8^y^8{Oar&uHPB)c=uiOVH9H5gnsHi9FIH1R
z+o|9l4wFF%9ZKJzj_i??ukoiR^EjMN8U+=qC7LyRCkDPG2)-mTI9m3Q7<J&0%W$Nq
zc!bP{&Ee%XYB9P%gW4Oey=SdjV-DtKIGX-;G!RJH5henItY-JYg<fcU^vjcnGcG0%
z+h^A=4?D?xef2n99?qx?tklKf^byITw;Ss-+wg96Hzwn`Fd?}1|9}t-kws{V?f_d<
zHbqr9Ma#4)^1)H5{_{b+$+I+R14UIZdzP}fX!0+^Tr@S##k;!lVMzg>3`t3<^ba$w
z2b%|ZGPo13c6tiTaj}a8I7VSIinHpXTQEnMe0skr6!uYd>brkpDD11vvpnrRe?HxJ
zaQzhecI`)Hl*(KAC)2wMPt40OfF&c(;fE>o??qxqZkiA;__`m4B&FKj6<i5aWp)sJ
zSF6TiD;CEIzTZw7i<@9Eq(c4ESS(`kb%JmFpBShn>v@dL_MXKUo9!*r6>U>|rIX<6
za?03}c0upUKNYb%Z<>nRVR3iC7he;xJDW|#EwDIA@V#<6;+Tfj8jG7@ac9AI%^4ii
z_~&p;kYhJErau6-wD+x4S7)j_OLaY{u7PPTqAXa~n(CUF>Kakqg=ewuYE#{nRJWJv
zt~J%Qp}N&n*V$ATPjw$qT~||G7fWdFk)bCkq8EzlUGvz~^gS6G+9LIg0j3eabUqUb
zbAu7);4lW$HVh`-2(toUY+*31j4=NNnAk9wCPtXY0p@IND2&Ajb0@$Y3xlbtHNe~m
zF#E$`_VRXc$8QEOKVnIb_xtn#$>Y^q`sm7~uaa0pOS3>~h=1ZhP*8aBKW*9G=qo;A
z#JP@$bLoPw=>f#KGtc09y>G%RG9T!@lj=S()qz`C1Ui_15S#lSy|T>o$`aEnIx*~{
zS01BR)|y^f9r-IA4~0(DwEc$3Ja7jDn%-}QAr-_klMfjHmjU3&LlH^0#i5ArUpQcR
ze;T~+KVW?SDt!NX!Iv8O`&|wi-p_#d?R@-CU(7_BE-0UAZ5(FZQ1*61Ea|=Plb(XQ
ze&K<D`u%4I0=}V4M)9YDd2|K*>I%OW!!HN?S^&Qw2%PUN_+^7%FJZL&YW1$hWJ0H5
zPg*|YBge{>zRC30phObOazUE?t$?xn{_K~p4{xVAwd2c#!qpJ8yCRAj>B<}H%p23h
z<K2@C;_;?Q2Jv|HB!hUoWRgKV{&12(JpS(_gLwQbd&pXB@pt6;n;#iLLFs<k=%cuM
zpiLRh0BAs$zY23wYOo71qfYkhPk`I>IR08M{@Po{*E$7XLud7tVXsB=*B&yycJw~|
zH4wekUH4IxJ`lInjr;*bY;_fX0I^#Al0Sebt^N-m_|}`Iit{RR%4)>&Pc1xrfrS)R
zC|0xwb?RLBa@ixkfHUn>(J>!pc~DleZurZ1Ux(dCeO<o6(AU1ySKn|{%mTdczTnS%
z`U!xoIiM?8JA~J2OHp&LVE{h%fSVHSS_Fp6x4Y1=e4E%q<`))!Q*KE58G9||i0+2^
z_Pvy?t5AKJ{mLvm;=a;Xt+fZmPw;PIW96(dihye9RleTDozNxl)<Gdr3(^Pz`2q>g
zA?oI2Oit~8lsl-R9ON#zxD4d)2e0(w^K@c3&6AypQvP;41S1_()YXgF%$uSx2G17C
zn9Dd@j0PZ#*Z9<MNANsxWB_%)WipS~XtwXb!7f7OehJ9V<>M@50Sj3+hFLXhSC}}p
z?`ng!tI5uFtZtf-k1Wu$fUH*7(F=^K$l6uQ<>0=}>>}{5H>0`z>*EpaUtcEs*Hmu*
zI-2ZXQ-k)e5;+5q>1!tFFBad9ro&dUD`wpS9f2Tw?kjXbbda=jVi{&;^o|D2A=<AN
z{bAwutLKUi!(_wt!%bYP)KF7+wjZn;i#F*QRCxYzbBM9%IJl601E&Ctw9+4TB)g{?
zZ3q*5TT$EFW8clVi8t;EoA_`?+*eoPlI&jkKfsE6ABRo6rNC;x?L!r6`pazv%7a_^
zT-%7&rlFrMDu<0Hj?BW0_qx?$Sz;7sTM5e$*&?+bbHt!|Jw>B-r$`D<v!U6DB~FRg
zwg@O6tR$V2m7QQH)(W%arR)e6k!vtuFniYQ#2z%;i8;MV-(AW;F_L|v*t`k3$wjml
z+XB{N2?lGiv6_AICGEv(N5TMy!(kU~@U&ztF)J~sH(*>b^o2B~ZHnVjnQP@Hi50kz
z5^JdtO%jPKNj!0|H}>)Cg`nlOH}*q(#Q61ayoSt)aOU<bLTVy&!~xqWHcqi_@m^pw
zL<DSxV(#o<Ro@4uhB)*Zs4RJ`52CQPBhmg4Sc5?Wq1L>IW^B{nXF|pU^ABj;9WYI`
zGl|^a*WVj9{dUo0#nvKPx5LL?bqwj1|4M*58g(e(j|C>#RChO6m!)-12<zO8d@@_>
ze|-{%S@w+iKH0?I=5zk`hR)y6*-1Ic_}k?f?i+1~I}8Ns&%e0s@Hj}&2`dBlF9l9C
zAD-$`#!x~kG#~zzNdM4{Ncy&$i1d?n(ys*4zyDDr{n(ofq@Vfkw%nkv>gl!-Es#S$
z4Wy5Dv`3tY7eX9if3T2^m+A6B@&6q&(Rqlh2IJ(;Md<tEQXIQn%Ac;ZV?}l!#8qP3
zU$9IpdjV-5{A2$_&U3*&Dc|59i#DQ;AIL2$GVRX=dI$fkq3EC0ggZqd#cxH5-)giE
z{XVjNXbXo<@2l7rfb_n~syl31?~6yDrF<|sEYNhC;4DjdzCAQ~aCHuo=_GF>9!Q6L
zSYn4J(C-BHdp7?a$L))=(OFPZb`dpC*`lSM*QnWMpk`eEgMCm<INwa9j6Qe1&FHiG
z9i2V_9n|8X4vse;_aRJbkU$<V69NY{D#fq03;7y&HCC$<hr%Wv;!Ui)E{QjqHm7aS
z9>zp}bYC?Or2wM8?@%7t4D!XOT~5zTa8;S|aXtHW#%?gUu|m?4cRz;-Z?{{g+QM+!
zm9!k|xcfy*9w}c+mkP+9g7$IlUoxzJ(7z<UTO|LIq5{}Q=i{n^dszB3N3Q#Em(q>m
zzOW+S0V3nLZb-&*HzMOqos543GJa(el5wAI1~Q)VY+HUEA9%`0#zD*O&@UG~38ei7
zmW>8ix<L3&9vwwwOeVq?BDq^eCSx^pM~@HN(T6=^+R^<{DLb4>lAmqauC(*GMnQXT
z!#;lhU)#q+?Y;jG?cdI{+K~M_^={g~GtrYObpOtUTs&`Z`IWLLahqe>&j%L5+X=9B
zFEnoDN}gSFUfb#*0#9YX+jgSg$w2IxK<sg-;yp;jK4%jVd$LaKab{xARL}Ghgb17X
zzD(o+OTu`-FRwEmu<{L^2cY!s&SiUaI#BcD=MLfyJ&FDGcjnZetW$qnDD@9Kr&E8X
zI=&Ze&Q`T!FT&=pJ0=PG-rbBBzSl8{qj<a7_3h8Ov=1vo9WkY6En;~)wAP%#ZGD=d
z3EqC0$1~F}I($zHaL4gC?l+`*?>AB>Ueey@KrX2C2U+2I1A+sxev+lns_74KE1x&i
z!h84yM`OI+P$lhpL*myPU@tY<_BXWeS2J>DXO~=;XKWtW=v))DulC#m#sn=t4jShi
zW{~WpGqxBYJBHi`ark!+S%UBkw_>8iatkiNU~B0VSb&p)(FQVj(}c%lgMV>{O0-fH
z!>m-%e((>c<p*bnDk-hWaj+kp1onelvXnoJ_Jd8Aj7R&y6Xi8Uon^~Luu8>fZ*Qah
zV8Gp+><1ZM)!oq+yO<TI&Q71wefq8J_$J!h5A?=#&;r@5k@d-TdipW4+#*#TZ73^e
z<Vs%?IpswC0qlIq0d$WwMh?e(0JqDm5kS@eWAxj*_7T3i2m5mx?;F=W+6Fd&Uw+}&
zlMqx1%0FY}vS&b{oIaqq=nC1>Ku+&(b@$W4*ZiU0D&W=e8=)^wp$4b0J>#ne!Ey{!
z?Hf*&3!xVu8eYm~<^E4i@ug-Rw&H1?_Z@sU;z*!vP1|7ZExJ9+Ro(D73qPCF&kp*v
z`}3$Uayk-Zo{6+{wH-L8jqcuiJrs{e>13yp3VQ)#AO-y59l2g?S{LGga5f*$MIWh(
zF<J`*InRTp@~S|0z;@GJKj?St0kv=d-m%ZsB=Kg;ZPf7>`{*5accqT&y*-bULNN}Z
zX*>0D-h=Um<fO^LK5{Y58+%(<I(KnDu$5it5%_Brg&MYiUTuv)_U3D-d;@i^N2g%N
zPpe<{$BttVGqzZJZ|H;8?Fk6*)p-jc^RsTU3_uxe|GmBdc?500*B1!Oc#+9CJ*;L#
zm$23-IHU-^JL`;kXd4zM2)-kfn9^Q+(dg5!QFQSS+1&b{HHwe2-nCoqC6(NDTqV~Y
zPDE^>{<Tcg8*1;w4kTqAnEalRN&K{_$7Isfi4+nJ%XaYE1a<FlAG(i^y9Rd@X!u(h
z)1j%IgC79M_w^QElPPdUk82|7w^Gp@WI(QzJ|IslE05)8KQ_G-vYG8?Q=)_rw2os$
zYg^iambD{8uae?+f>?H^MLU-MlI`FJ!<K}O)(jmT2WjZIblk)VnoVIR9XTHZb&L10
z1VGRw96?hl*UR&_QcATvEkA1&nP(ufsq_q*VfY(Ih_wi<6^Jspjo<Wi?Tq@sm=TYT
ze7J~xU%E#6s&M3}hekdC)?HGNR0Onp!XPgLtl$uYdAi4`Xu7XSK6zx6*K~HLbb%te
zLawr06~slfd*TL9m}?SjxH$doiK6+k16t*Q6`GY>9&N+?N{8ChUA6z7EKfs7f&Mzf
z(%y%n;dUAB40}T&1+lz47}Q)vi}7JnAHi3QX8uDRO_#^eke}*BvtONQAAE<?sgLea
zbg6y^=LqH*z5DE%O=A`13&+{bqvw2X0615h-Iw_6HqmUb+V|3Cw{X&!vEzzIJW3jX
zIGkwh!xaKeYXU|l!fZBT`6k?Zhp_ooVBf3BO0bIM-$0>q48GA=8_w5hrr|(<U*2%p
z1;Ka~7K7y7PVgNRf>ZSB^=yjnxDW^|Z9@gGLqYZhBVTBVFWw;dCYg%$OLE_ZNH^A@
zBP#0}fGFt4wBYO<O-6Q17xXlC98Km&an2e=Xi{uIlM;?5Hr+|q%U@ua0)Xn{2MAMa
zDMwJj!Iu*q@@<;YCva$OIoHth2ELq_{S=nd%8!AKmN(%0Un)&CJNdO6S<EJU@{|cd
zyW#>1_0SqcAIybrN`TFA>OmI~tAyB3hKk8i{QIf&oXM>*3+el@BfF4^7|{JvSiG-(
z<WkM-3A7Qwm((4@=ne$Nss6wp0Eg8|{(!M377YvECFpp~7;JcI#vgDwP!(a!f+=8{
zYdQcJE4Fg*R8#3r8pyE?Ap*;q@ofZBA%ymY@Wo{9B;ct9ICI3ktO26iwSsRJZCaxq
z!8>8_Y!BWEe+ICny$4X;*QUBJsqT8JTWP9WPIV&HeP^nxrn-}bShvAcx1Q>@Qr*v{
zx{Xx#HP!7j)j>)Z^Ck6&I*M{7sr`C71Yd4l=q>iJI>YsDdw|IagOQCe=Wb>&J;Px7
z@DJsw+X0|k7{E<Bz*hj^2m{FEUqN*HH^6iagSpWN^9aDinM4qsM@>E(2>6@&>EiJS
z8mh6MSxlA~$HfLj{#`>2$iH!@0r^)AH6Z_&>;aNMHRE!~i&+lL677ZfT2HYDe*<cr
zgoNTO6gx<EcnDxiPFeg{0Q17`keG5Cs{mp^omNg3Nf@bWdX@uIv%`lWUJG2e9x2K$
zt0>9@{h?f11vYT1gLMg_z#a1^QltI~J}~U@sZ6asKl|m6)jh!D)a|?~Q{9kB!c0L6
z5N3?$<)OD{ftTF5(&Z3tUYL==wgtTPohINZjh&SBcq~)%G5&of#=jrI4y)3rQg}-X
zfxol#YlNJU1uu$=Yan)h@I39ADzW#ol^S&xTWMuA8)zG91l}@4#Q)hJm2yN;dD^mj
zSB?#pze*2FvT{mJyx>v}bH~Bv;+$1zcl;BiF;Ol^<(tH^{xQ1FG{;J6lj;i4ZApnL
zof}}|*8MYwJFN0Xh%sXw=y4w4rwquUit*1pGCTGqI6Y~yXT0k2Jf_NNM<wNVS?s$7
z+>%6eIIL6Oy%(L6I!lV`Ogt|2wxD}br9k0gE2Z9`SNjT;Yoe<Xw;$GYEgpm58<HnQ
z^4zB~xn(xy!$|Y9k4R$QpWq`8v5&BktC{R0PUUEMh5If5gtc;}on%Kp4(Oy{Wr-F#
z?li|fiDj+v9PSdzD=^TKI6KQioHR~Wa)dz&8?^6Di<WOVai=uvg2fc=mT}t)(Dfy}
z|Ej_|I;9N7Ey-g6pEh;?Y7P;>@C&}%EqXj3QwPN|Wcdo)=TEDXhQny;pohRKVMNEm
zhTa5Bo~7Y9xz}B0-!Qzf<Y}aj_jA5;uueuv%0R0R3bg!8iM#6cCc`$JqU(6Ja@;t9
z%JMo=vL(O-`bU`bA(z=6xTrM;oHR@#JLxtbsKo5WulSqOuFJZN+p;3nN`W8X&`oiT
zF^0t0x%>iO(6aub#?X_e;!Zi(o0RNtXVTYXLtvgNRAjO>yw&CDL&AEh)AN7|;WE>H
zn-uL-_QB*ggO0?hYwyPCUn3{}D$jz$X36x1a`h@09D9Z_P5Xd60?~dKoRhu%Ymtup
zR=AE~AIfuj#?*4xnq)FdJu9c}p2W^z+xe$}cil&yS|=&noQbtWM$;Q=tBpi7?IWB<
z|9iwAK&hQ9ryZMowM)5<&sdJ&J5UGNs<QQ9bT+VdvVvdmhvx!;AOo>cfWN0_2o%`F
z2Fc&c4>1@FWW?BLoxJgwVg4A8xFAsI7BDBcml$DS(jmF@!WGkcLAa$vKfJ5qmxm24
zhe_oPAZiYbw(=|+^f9>q6DVAgRC>-jb8AQl=z8+IDZn^@+to?lz5%IHy+!gSMM;70
zrHvP4xbuNXYH6p$ry*=5@B=HRdkgk|us35o2#|w3F?EBKn4=h8<=FJc2YO@1Q-7Td
zJ3QG{Ho_>Gyfagro|zaW+m&`6mQIh7y&w-)tdlG8kUT4(AxAYK2i_)3Yml`Z{$?w+
zfb>(@Z|DRFe7;B7L(NJ{Q3p0Tb<)Oj3?+(M4)Vs_0zI&@{?#$i=_rV&LvZA$HH-8h
zy?F=VG|1khhBOUYI10ctm&b9GV;w{Ai7N0|XPVy`WH48#zYoI^B*=+7WfON{l&i`H
z?!qWn%|_POVu-@<f^GNda8>b4F{|}6qM=XAY*s_lg4LU^57$e{a7f^%I|%u5j03}%
zrDww}2za<roO4fx!*3ru7ve8U-hNhD+08*(qEc>^3v>|hvIjMqGy!RPeDeux<Jw8_
z&3}e*U*}W~$jW*3@SVVg56Q}5{0!S$nqnXnHp&P5NsPY$C93soXpG;k)}YhSo)9>Q
z$Kh}$?voR@GQzN-AL&8$UiKMZCTN{0o-+@=o(i3Vz>l@Wg_6TNdW9<AsRd&9*Bgjk
z;(^$UU&n6vex}HTrbVFpAcH!m0{4H&1S)xB`#pC%zfjd|E>dB=T%HGVU7m?~uC&AM
z{@@jn5Mmz!_mJ)@QY!p5o-b$s#X<RZh0K;rT)Y9?XzzRh<A+*VD@EUv-aeI`d?sAO
zPCgXLg&lh~=C{FnnN)TdZjPt`D(7T4Vz$zv-yBKQGzMcI8$Dw5m{AXd#-J)QF6gp#
zGuOhz5jO<eE;g~*;^M4EFse*CSjSFTNjc*s(Z&kJ<_vQ{Y-RoMrBDO8Y?|pZtb*S}
z;a-Io(2Ng(j<r~~EUDrt)v8Ft3Fo?Z+L4+v7jLG%YATR2^Y;;L1d^;XWjb@350PF?
zIx&^b;S)j=H;gs?RcmeHUScgW^iO4Ll?h30JDTn%`f$H;_0zEyE$?lS8f>c*w6)2?
z+j2th^tz!dj6OoitWGYSSs=LY4}yFJYuHr-X{v*C%t@&c+oQ&QpeN(F)`^S{StkNj
zuJp$WCjAy{<=0kRIghPW--iQYh&MA2vPQ;79M8rV^t_VB@eG3wrD{!0yH7(Zy6j8F
z=ppJU2OgV&0)h!=BRE!kj<J_}-*A6~<h}O$FP^-&CqEHps_!STlUzdBX)j3!coG1v
z!ITHpYT|DFf-qNYH-MDIb~UQIL(p}$aq7vNG(E5H8d7`AYM3PWts$AG6V!FQ`u>KH
zFQfEql)GK&S&O@Q`KF@Qj1Hzg4RqfyrDCO|^kn~wwgzHzcr@?}<Q8NJ!*-?-HW~gP
zzf#*_q>lk?%N%A0X3IX*`XEFZz-o+V>I(!QmXlbv4sm#@Rqc5z+SZnRr6YAFWumxK
zg%^S78Rxr0@@CwK*WDYzGPAk@CeP`OvB;&h0e4R)?0kWWl9_egoJw`kLBrKGkf$9-
zkA`ASh~Tk8Jpl*V_8~-V08=;cL#mw;%Rk$elu~BR&m^wIyjt_AzPppglI|Zlnfp{5
zl)}R-Iy*wKe3D96yOXCi;yS<xT*k`nHyH1NiydTCbf=@;-!Meq)K<F&LH@GRLj2{a
zd)jcs*pp5C#Tuq{3g<7sQk$c`<pl5Kw{aQww27eTT8X#-xw=Oo$LV0WKkcKT#>jC7
zegj#uCC@$V#Jnq%KWXsKzD@MZKo~vGTJ;hqP9RP2f4L9HZDf$#@*}tyJx5xu=?Hsg
z5cUpMSb&B12Mb5C!rQTMLa=bWnMRv)8jVx;Il#<1jEFzw0Ik$Y0C+15;5`mtRo?)B
z7sCKP=Ku-nOaOQX%$YO%z0lc!7P3`8ACFRfp__>b9PP$2R^8u?bRE;8b@Ktc`XeuV
zAUa7q?`7S2dv593=*MnXHb~z8kGnSkkD|&NhO4tc1A%G~rP&h*ng~duENLN{Kmt|L
z(I}{KKnb!KMuZ3*3B!_LCj({Mno)F|cbpmA#(l&YM8JiFB|%U&Wl>~@P)!2~d)U(d
zJ?Gr2uIg^0e(yZr|3ANvbgJ&TRdvt3_bm6`v$Wo9VN+;A%mT@>A#i{(gZa;m68r-s
zPdBDulXb>N_x2D(TeN5!X%pKDVq1yncg_4aN=#=c54c*ZL(+P{?vSS$@(?=heaw)8
znDP%VIDw~t?h<fC?O@^OMvXv6-8IqPt_RRjaZ{rGIA5hC!Raq5c|p0J!sYrKUyxi+
z1G%1}$@O?PmD}D*PiKTsToU&!1d?DB2S=#|_=-Z5@YOslCZmo49f;yGh~jSL2aoo=
zPJG8{TBa`$N?S$uhBA?&``NoLtqR%o-TrVV5J^jM)?Y^)1!#KzeM|&#q>O1=9Kl)x
zC7^0&J?(oU5IPT^&?{U_U={K-p94Vbl?<AJ@#>tun%sH1FU_tNmOepgGnN;g6DS`K
z%r~cJknDNPhNO-uht%3@AR>k{sqqk(8hqyXe%=r1<_z=4G+%EEq?_jJzJ;Ol_3Fr`
z=j-zWe$9OKG<SLm8Fwqr0QI9MQ<5X-9}6a0g8ByySp@kya$(c*HDdo%U#0%xB6QXv
zt-J2E^F<Bsu1EhKvK}<|SDQw2e{KF_Xn%csPt*N1w*N2m7qvfAT>hB7Y){e6nbpJX
z7S>k621qnDbvwpNT)ajt$!8C+3PRZ)adGfv*Khx0*Uatj7S{f_Uugg9cQoC8)A{xy
zQgIkE_u0z65z8Nmg7%KESs?12Cy%Yp3eqq^JXk<3away@lgm%C>-!z3zwje5w31ZQ
zx+V%W8TNun<0rz=*rXZYW>kI*IU?6Wa22U%q1tsjX&$Hs#4|3GfvN%;c>q7cFA)#Q
zB3Vtr{=Biz-guXwE*ga%`&i4Btkn;OwQ<ym<#=?137F9kyy*5G`~Z$B6it8}kQvk>
z4A0|j{g*zYgh2Z$XpUjo!s<GM2WRYV6#0Gl#qxT_t$eVj8R0l83T=bZe|QL();&R{
zC9}fS4@HpPA3PL6dcX2e)6#oTK$E?RT|os8<9S2%3eiyEj<5>-^a_W%z;R4ih0k^I
zUIi82Yt)oqSc|m(%(#B4zrT|pE@#sQ=9IuD7^8s&khs!haHt9Ic1fC1hBb+J>XIwH
zgR(t(FmYs?>br%&3lLnR`nJ~wCP${HZkI#&=d%WSLc5+XhZ8-uWz%6K?7D`~lQZR4
z^8*{>2OSx?1NrEj?fHk11=vDZz;)<<{v~sJ?+R;g+%L5E^?v_H^gqG|zJGT`VXDz)
zK^_3XGI4U3+41n*K>nJ1Ao_1^r2mdc{}7R-CZjV%W%(rru=BQG%>eSv44}F#V*m^9
z`^^l%b=xm9fY*|KBLk=lX8_HS0d&_H!1oVCU;tk~5P<=_|3Cx=u=s&r%K&<I`~?OO
z)$tb?z(M;jFn~%sX8=gw(0|R?ENYU-`zC5c-ZPP?_=}4MBJVaxBk~vye*Gd5dCZpD
zfTmv=<mH7Bd07%lFFy}$nqH>%`OWll3!|5*iMEWglVW*m3y?RP43-?vkVMT~Q!J|!
z^vGg%vh_+Pt-s4nx~<n#QMZ|Vnl6*r<#f7C)fWM41lW~y(el_H*@p5$CU}^nIh8`)
zauV#ww^(%B@z@FcIt`{XT24x6zE10H?|`@8F<4Fx?3SpL9V4<6ZD<`}=PU0hS_jyi
zo%m{O@&I1|y8+J0BhG*zMI<9dWD34pf(o}?O&p+&e9Im*@^7B+t(ozGeoor>ql*oO
ze0FtTf;OFgNT8>tvZt=EU)^=iJYU+(3!N_?Wi&lshTQtg`ZO4)8)Slm%Y<f3zb<ro
z^3krkyRJXot%-{J{}!~VRzqdRSgvn}$cwXPd~TZ?HvjMbh54WS8|MFO`ut}@4FcmT
z35+&G0<tHDkpS%GK#~@RG&t8PmaRlj+1NN6(+r-_G=rTo*fz%`Iz4H0^bUv9;Dxfp
zC}p0qPp;622;vEH0VArr+9hH*%oP(S6;7Hqandwd8E&7PSu;F-!fe@bN-U4D;MR&A
zqrXE4N}MB=Peh@iKoVK<dC+faDy2ZDeW#!;v9|9-Gaj7zV9^G<77Uqp8I7v#WE47-
zqoI#(XKajE1#+i>%bfy}J6CV%!Ob+e^eBSPMBA{|v|sCO9p6KfJGp`2TAI~;%p`ZF
zm}Jr{^eh_8h(s)}0XYO=j98Z-*~vA{p#RvU>LK_J)1q2-f+#5tijrBZu)h<{kN|@q
zpo9TB6JU`M;6rancY0tX!n`IJ<*rOWOt6<sFz~@J3zdspsI*p}WMk`7!#0hg0$PQ8
zpu*X(3U&G$lA*$ZunIr(3QWI*3g3lQcu0T4v9_$jh(_3bja?SUChp(0iQ9EVC*t=g
z?%HVLPTRT*6?b=aC9bryzISlTz>%V{y6#=I?W`Ml#gFSr+}*gLHlVMUgY^FQIy1dL
zRvb$2Ck8i7?{j-KP4ALpvsgCU65?pHNmh2s$~o}#4t1yr^A8a*y7|C+yfL>)+^3?R
z99U@Iyu|k3jAh<EB$l}=%NWP}PzCshyf!!(zr3i8F?RX873fZ}Q_b#rECA-UkSsuH
zUj^G7nXq)R$boebyE#qImz^n2k4ZE{aIOkeo`qoD-k7)?Z~x8gskk^<SqCAUzxT(m
z_a9)Ft~RVla_kn%VHWz^q*iM8-!_K%j2M!)LcTNQisUXy6I`7o&#)vms2L%V8$Rd>
z;T`7K1y>i^sTmn>t}({9kX0G87UvUxUk1G|h1Hfq-uF9tUp&2!G4hc~q3;_Md|yyJ
zC|7u<hvrhv2%A2a67aZsv#ji569|mul+&ho@ro)gf7&7isxnF&8%t8oiqkEI-rW{h
z!+Q6O<ZYiSF7KZzDce}Jz}z4GEp>aYjZorh<Mb9-7})7JQ}iM0;O&O{zZzrAZxG!;
z&G%?g<-bS+cf9C(ym6|ejI^=&D=8T1pN-^b8vn~pjXy>3-X?qF+UIzO>|#%~Z!as~
zmR{Dz{~)_`wLxz}<y)uYbkXbncB$VO?w|KZF-la11?K>G;r+W{kf5edIU2yY&x1*N
ze4Wq(&piHkqPGy-PlF*P`o38L6LD{*s=1*iN(>*veX=@-y+W#q#=hg!&)D>k;k3hg
ze}i{MKzW*WSZ~3?+k%CCS8;}Ue?$59lDC0bHiK<##;}&fVF(!ii>4}nf-22<l|NAx
z-|RrZyk5sM`9Y9g7L%Sj3LzZzMRi+zSW72YX!@1p>F)GA!IoWzT@Lnse+O+oXb-GK
zSSP1vF!*6Z;%D{1bc}PY7PA-ocgmh_kka@DeKQtSEZ-RTs!`=KP-B+9U&=mS0>M69
z{o&)C4E)ph{VT3^lIIS{|EdCW-}*G8{eAqqtyu}VWcj-H;5*=u4~?Hcx=$3Kkt1Wd
z;=`3<GSda%Cj)*`;KvXzr3T~?su`I!jF*pT;EzelW>n|{TOny=qD^dz$^#@dP!3SM
zZ{;U-<ZA(L2oAO&_?XdsG+tdr{a>ITO|hYTrb_qw#^+K^&-r^mod-hdM0)pQq*tlS
zeI)j}v1g1Oo}uw88zlH<RN$RyRg;_H!N;?Ou+hvIo)Rt948snf6plYu8uo)sVvLbV
zNs7}mC(Y>yxW>yh>u@Pmv%d7}IT)?H8Q9k$y+DS{RuZPZ4ix$QsX65*i&_N<p`~e-
z?*dCyNNROK{kR3l@jCxH$ulQ~XtrfH(D>%qx&GI+2j)EV%z;<Co(yk9b94O7|6O~!
z2HV3~$egah`5h*3jQ)STzu1apPVsg6E9!sUU-PWN{wkyf{?rBgE6)j*$n3jQ!oM5+
zU+bT1&4b_PJ43&t?`Jr{k~#ACWBzO3pJ(_!57+clXNdPQ$F445^B5(t;Up~uMZBS)
zKSU}p+&e<Xma*~t3}E8}g8F=aRyYz1(}RUWSm8h{l!Jwm$-~bL+&otOrWw<YU19q|
zGr5M|Onnb3Obn~=IIqxLT?iFMff%ST+sA=xGa9O=UT`XBoXTkx>`!w%^X;-b5G6hf
zVL5Y@t7yL+%`_9cw9O|)OASuP!I|kYV{HLx)ys+UOYpy>Y>+M<l9IPU9Sejmh;mvE
zO5#`FT-+wrR72CG?@!@*W_wWnn&o(=St(TqT86>~q_t#7h<<y${2hI)Io_$?36#J?
z1?_JK>{G1A1Rfi32}X|4da56PJB%Nq_$1}KApy#?2v*1BjC@RUMm`3rcWO1yaP_yF
zIt!VlwI!0LmE;*^%UT3Ut*Rw=^=T<#r~8m7SvIq>+riab_COc|&}G*%w6d9swSGur
z$&2CmWD8;HY^CIlOJWGEhh<KzfGwQ+gYN+}U>*$_Q4clp5dht=#Wtoo*~yS2S!xI|
z#Pj1?9l|n0dTae5gUWf#PHN33hkFYl@>Z&;gj8-!U1E!w<{%2&j<7NX6GMD}WWAA%
z=w{=H`s8-U0@typEiGv!WQogXwG_)12;jSP!Bvo1RU1u?>IN!@P#mpceD3i$@3!d_
zPTMn$MZRB0;jp#+*Jw`Rs>P0+*Vr|z0b&^#z&Sm)Xz?djgKrx&)O8k`$`ty$`KF&g
zc5;OrsAei=wbS!u4b;noibe4Te|mZz%Ux%(;RWcj&n7f`ZhA|p{G@A4)zRqGJ(Icp
zVpezLFiuAuaIm#j$+4H=Hwg5<Ax%2`ZYPJ|RZ)q8zdEST2UL599=PRU6PJ%@3F&E{
z9Zo7A`yQg?^xR!m>2it7cUK*bPCaRscg}vizg1`t#Lx1x_KaZd`SW0CkEnM#>*#&{
zHl~i>Oj(v$*R!^XYPYCFYKi|dt{<v%Zt5ZAIF5;BPs7GFw2(D9Gp$;5k7w`ky&h&r
z>XX?M*VQNPl5oN6^t9vYyquP;vYzls=2?ff$~@~39F~l;0ZC&}fh}@X9a{ijRCZ*P
z9xcfbm!F(0PFo+k{5`@}y{*6RGf2ou*bmF#_7JUNH(S~M1glzqHXG6;SO%ZZu{7o+
z>>KIrvs|h=8sl`dPjV$?dY^)z2`4j^lSMyGuE52!xa&BZy=`+W$7GCDvCigyJ9WFi
zh^^2hus2qA<|tcol=UiX)G*?e(ayNQdY?COxm<N5M)qX0iFUW-5$;j4dI_u-n-5)-
z)ypb-hxEbN7v5P`b!aSDYhytQ`%DtJ&D<8tEuO)F0nOn4ZE;#okM#CuEv}7`ER4^!
zl9ZX&MWbvOK*}V`aQ~n5Z&701C@J+42Ey1VRUMCm{!RD^5>mA_^0V^FqFXap*ff6P
zv_z~0I|58cJ&3%|vQ<i8-=5td6g4XyVreWIAh}1_qf)oCn^JM{8Y%hyh74rF58E<;
z1AB`Z``v}?cMB`HleBrZG627qmQi$I1wk7wt6hAx0gT_$D0|xY-!;p>B%D&sDUOk6
z1a3^)*%Y-WS{6av7clu&X4$yEE9LiqNDvocZ=WK(+{y@R0FT1753IA93|$dLTadO=
zrgK{)_pXa-(GAFpk_^2IDk+<5{to8-oWMHg;E9QL*Vm}X4=o)MFBBiY&)es1nN6{g
zp19leG<F-LuY+mqYDs?K#Tw-LhQK8}hgc0yewL<>1W$m*Mr<XG7#puG5o^Kr4Wvrj
zpJO=>bH7ryG{_0{rH4v}E^5!_9gN6DcP$%{nnmsJVkA)tBq1wt{n%{Hwq`EM>Ic)c
zA5GUHoBA@k)?+~mD@akFg#!0H*ePN2J%x$p(4CT$c0Hg*ydakCz+>=i8><zvTcWmP
zwS1px{wX-D?uNEAI<lp@U8*`5!`^y8^0qH!|6Y<D+n#AHdHZLhx5NQ7#yycIc?Y~R
zVH8?nTGcCUI>X52h55_nviaupOty{m4tblAba$!hSd7zhOk6}^KF-SSBMpX_PYE?@
z<t-4?qS)$G2FsRpPGtgPP7`cS&y#kia**ju(cm|+?YLyw2=`2pQmkl|1AcffRWX5>
zA-=ReBmO&B-F1Yx4DD%VgQLviww(odlfQ$^nhkCNUjzSDC*FKCFswS}mVoR&$|^o-
zhxk$^Dpxl>bTs1n4VK(F5HFbgo;MM`R(V?;B+zoNO#!dT_|W~xz<LJC%^A#eJNK)o
zVl`uvI7uiz3L!vK8zeq8m}1Rz&zL^q@?pE#?C7I2Gq&bDpcV;1W(HDy5-y6HP-)uR
za2Ktf&5hZpH4Qt!YBhw^Iwi8X@kpSlEkIi{(RMFeyWhwDH8*KP%}^T}&a|Q7s12>9
zcyw)knIN~W4cUJ|cS=tbymR?b>mv3}?|g>%44XPPfUZ#~tQS&1MVpF^ozukrVJA`B
zKkN~C|4_5#I^Cv6aAU`8kA@pUj6pKV3L;iRs6k#4l&l93p$5EIlf&j^j^|$1D_cP%
z$jU~Ui3B-yjj}bd1mYq^2#d4_#OmB$AXYb`SZ!+*t5>qwYAgX_5Y;gG?M&DpJBC!c
z<V^1f5T^~9N)5yy61Y5F!<bg<9LrC#dkvGPYi<4yoe%{Vb6fbD!Sdo>D^DfK(1O-7
zDrYKrH3&P|+rCnAuVK7>6jPb9ES4d-;aJM`^JWp%^JYxthMa+G=&2ZXznLlNTZRN&
zEtu#e5hT?N15;tae=@Q@oW%r8oUCllgphg{O?ILvL7GdB%|)%Um;i_q%ic#z@Ue-x
zjDwzFdSe|M+d`F1f2VROOF5Lq76x(tZXxt1F24*?-81)+O^TkSmd<8s>EOT`arx|)
zj>|=(WMxC>`9T`0v<{}aN>*8E$hz~smM*qNVxQRP?^ywlGR3p~Hfg~cObP92DS7{d
zDl@#gK6N{6sVZ5H?L}o0Xx9*j3LN7Y3#v=qu8wU9n~-%mo~MLNPj*9jW$_)da!nm@
zxu*bS<UME7M{j_n$l#VbJ~IVWofFRJ-m=F9*gvE~xtxh<Y3ppx=mM1#Z%1Ze9qN{u
zj&()(tbc;}K0TJwVus&Harymhz^m@eZRzr3_t*Fb!TujUxDNA&#{ya*?Qwe2WbeYD
zieJY>HY9y4hvhU4RJjz;w)7$`#6S^H--)7#-RV2cE3Qy~HOEG=Y%A{I??QFvTRHg$
z2+vp55bg9#w}J-bOg@f2j*d0x-8OSvaJL=oppvi25K2(l2=yFm#AhKqitJb~izC+G
z<L#5AXMI)mtgjG|M9=!#8TPBe{DHm9w;5L$C#B@`;4_S#m20Ks?`LL7RR`EK^h?QW
zG4%635J5k7KZ?Gf)*Q=Zwk|#Ex<O9fi{PKsuQZsXNi2W9q@0nx{rfSoz-GOxgOq$4
zD{oXQu=40clzyyXyJclQdvK@h*x_mmxl*TVZ^O85mO6mTj`L#KD=4Yp3(#Kkvf@tm
z5bXP(m6ESW4#q65q231@(lt)y6tuDfz8414vKBW0P_$ZDsnc>e2fl?LO}^-Ah2YET
z(QW{{!WO44oU`5*bleQ5fU@!!YkiC=E5k!)hU87ZHFuDpewTYRZ2#4LA|BMznwUgx
zasCG|IzWF7*m$NCYOxb}A>$keGgn|}!m7`@3#7!ykI~oTxl93yr&vM7tTh8h-p4+B
ztiC7sgD<XpWG#G;v9sY(felPc5*IGT5J6WYZ|i^78_zzKLs}G;jc0ml0dKOV7d;LZ
zr&IM{I%N|fdB9)rCHfPu1)mrtPjmS`76{B8TxN5yv})AwDaDf}-f_Dzi&$AZcq68S
zVvoeqBg2Dl96H-IsXC*JZp2@92r?H`nCssZtj`*72djU(UjN@vKi^_%aqVfn{)6lR
z!10dY6A%N(_gR$b3(JB}jF>UKh<%|@ub&I`8wFGSveU*E4P^EE>-FQI{$_J0jXrJe
zq=EfSopjP-G=kIJRd$-u62s9N82l{A8{a<u1dndCw?5d>)2C0>>w?d)-b9Ylr@^|z
zr%oTwP|}0*l;xP(7mMxdD)<JP+c&-5G*Lp@*8;wI7k`56AJufjH(9sTWOT-^(H_|e
zYW-rtgi_1kBiYl6p3>`nAViGT^s-?3;J0<*AJnIYYl{C?L)|68x{zp|)tx#135`@-
z>ET9;5Q{|bjK_mdk8;hJ0-Z7K3GH0*PF%MGt=q;hZZaSb3>B2a5XTns>Z;##hB&qZ
z++*&<^PX1+oefCJG4-zgog)}a`~MBF9t<|Q0{KB;i#yP6W;=x`>#aweN*6qg3us?D
zbxQwIC46ZdeW@e=QXl@MAMRkwCieH+JIwJ!@%@a!To`VNFM1ppk5p4tG5N28CvHLD
z8~3Fa;=&Ix?$eFaP5}Rjdrq=!3mk-gA&VsSo>LknV7xRoPk<6w_rx1WbPSNtU-?|&
z(ZJf8A7n$qGcp=RMJ!8*ikR}IB`0?tTYUXV)4LcWq<3{MdfdPacfgDddD3HklF=c5
zlJTWr`=RN+trpXh_h0`>!;~KnPrk~Z<gQO0%ulju4^J`<5uE+tYveo3=Q{7{11GN6
z(}wSz26eZ;;i(VIPcc@YJrzs>T=s>D*ji#Qv!&VFf~no(%&%e`h__o~M6PH2OjsNm
z5?6G$_DpZ{Gg;$Z{F(9EGeg52pZvFJoqWP?dYn-n@8lU%u1|eG`E{BAqic1f9cdyq
zk7&Z)pJ<{oB~lc4qQ18oOxte@@t+r$-)p&06)%>*01@_(V%8wVw0}0R(S4aw%r1!0
z<4vFF1Bz+?XUTFoaLDsa?gEfGrDFMCcot8ahGcUc$-XJYX({YKjwD`cV>B{ah|pYL
ze^z`(v<=UNles)lY8%#c6zIH!Dg2&T!C-L59XiXRK!}4v<C%}o#lzvs0atecqWLIj
z80ccUObuD}am8ovd&30Z4Hy&B@YLm^>pVqCOJn0(W(vN&NOTv~N3XR+Lqerm?ct0P
ze1C|dw@K(k58VU7xXTwrX+6Y4L>~2NJ(Pm~Ih_y}QnbbX>v*~;erZ`R6Ti@7^|gtD
zwIuJQT<E19>$F~?NYanTP)FsOI_gK<T1@Yfh-Q4_qK#&JW1=x4f9d>Owk}#+4XIN$
zqzg`O-(K)X%u;3dg=mSke=b7)V}^vRtOKV<G(R{6dzY>Hv(?jrt7PkZ4EIV0`@mTF
zLX|}<>y1midvl$h)EvkW58FTBPdS7wb080MmJ(2BU+N^V&Ub=+0YlCSJEJy?kf)xC
zNfh{D9t;dsu&Ec9bSJBcmNY~qK23S`v`^GrmNV3?ogi}H=)?>x0&@#K5sFo+Ux0}o
zxCZ<<FD&Lh1kS{Kt_ZLApgZ?&@JOm2+z>Ju3uL{ay?5gFJNbJtOt*J24=fH*Ga213
zUEEzDx7gZqJ-G+w&u|6ujs5laqd61J^`B!sweW=YX;Z2*I_c^Xk4=a?BQz)geCU=}
zne0EL&+rX1uQS6r=IMwzN5|B1_O3B6vv<8}Tq<-?wcZ9?a8Ywco!F83+8Wx|amOO`
z^@UokuVF}oJ$>){-TC=K(;a<fYm*&4;^pqxsU>H7@(wRzS7<WI*yvpNxEF(;>|ce6
zp#1HSzrOPT@z)i%o#h6ekM%Zk*k~li&J>$4Q?uHE2rt8`v-;ZwpXFNUnfdQ@qt#Jt
zG<_o*b(49kdXOz5bX)igb^95b3Ai4D_y^U!1%Fq}9d%6o?2LxVha5btnoLp|@HJkP
zQmtF5T2(hM>|9NzIX47>x$0yNY+SDw=BfAdLLU?&`r~fx9J+t;V9>xRU)e#2{jBSJ
zIfHONV(%eb36}kg!!ZB`ABwAaaWrm04LDaz#h>uvbTksU3w#gCy5aQ`j8z<=uqv?i
z4DmW(>D=b`{RG&pZUNDz+zo-EEPzhp(E2GM(3=68&7s=~DwaV?LS92G`vjqhiNIy7
zM!)QahlY{Ag{0I1S)ya>y%pUBUnN&6IGMIQ5+u`mGZ~rQtMl@gO<IXIef%Ycb=bFu
zHNha?J6yh39{q@69p-v4d=2K$WDM4@(+B3ksRkWqj{d^F{Eb{+c|_ATY`{6(>+<!;
zeG&ARpH2P{Tz^<X`U7k<d+xDHjt#D^QgW5#zGNkfb1oRaY3NDIS$AWUSO%es-Hl8X
zK$6h%3u5^vTsCH`PNWupbEv20Qgi%By5>?-N0&)88EN-UpBB`C<4h~RL~QU7!FOJu
zQ0In-Is2Z=#1WLR9Y1UBNZ{>wM3>R=)Q(Kn4v=l^<L?C9@d0m#-hdlT4T#4Er1AAQ
zqQ#d7XAWuuF(P;9@F|m~PUOo213IqE@TGyjFTIAxI{)yX-aDrcn{|b93u+~;e3C^&
zg@=KD=3q}An;`gY){>R%V))eYkYruzsx?6h4*|^dZ+shtI#QDk>K*ejZ$eGREmNjX
z3r0G4!9uYLtg>eW25l^ayJDl*P!H;2!v&6dqrtfk!=thFq_?{udrN`=J5IrHdIrjl
zXRNMAvQv*Zz3FrAa4>D<WC%Zkow6IyCXqJS)K-j(u_v9DT6pn1wm6pq>)}<f_s4`_
zRYNpHc9I?Ii$K-xwC*nQ5rNuUU_S$8>Jqa|^$r+ufP_W{2#rA?tCq*1&?t10&~PV_
z(8y4edqIAe0XH5nh#6o)Y8gFo7k}dZBu&g*OoTJR^jV$2KB9G|XGDWn3S=txHTYYt
zKyi{OR*isYY%i+1Jc(w5;`=djz<2dp#C)V<z;^vc*h5AMG5$nP<ieL$_r{H7;BUOB
zcC{t~#wKdXY92_W_56Yp6`T)%KyFQg+vb2K<rVOOQAR@$PkqPnvo&||9Y@yme9lb|
zs!KfGd3VDb$E>COO7r{e^oB3@M|?k@TID+jM|yuog!h~Lq0qMn;&YVF?*cKa*sZcj
z@(i_Mi0h&lc4;S7#0dk>(-yRZsIHYkU5OE^I%#EX0P@CQvFA(74j?<Oy80<&6B#j0
zuXiRNqw{0;JT}IIB%VP)@@Cgd?wWe1<EW&pFFL5_s9AhA0itU(2qwoAJ^c};Ndn%(
zv-ib7{;Vo>h*-Y8IecWjjlGc;)6%wp`f3ZFzz0r+(CY}Cwf>3dS4+u_5`;BWew38U
zj9J=eJSkP3ik1S^vQjU*4_v*+8@KizZ~Gc><fvIg?u%>elV!}IK^gdTdK@a+;<m7#
z(OYao#kO&q*w5%qwzEUUl9(;<o3#ZzH)3)e8;X8#I;vg047q?{e4L&rr(%(m+wnln
zUB$%Anxf-mSy_69^@)NMH8#<Hk2mHDI-Ujl{UhG*Cn%__RI@fE{dLB=2AqB(6V^4m
zKS>utf~lnWhlZRNv1ueL%_;gd%qcD7lbx)r*y?UsG)9NB;fMCZ4LZ(&@(cO}cuu8$
zQ+j8-xVTD6-XK{vO5XlaXf+Xtf`qv*ECj)-RA#ylM1zZirAi9a@bkhfwjd7-y$};^
z70W95eIvhL!tbx~`&an=RetY*_PeXEN`WnsJ76jKkH1+3oKS3&l+9A|PByfbqHcbt
z8DHge5b8<+S?Rig{YDpc5tlz5xDa!P)zw-Ge52hIwPe*{UvZ~D(NHXj*&6|1lLDLl
zOuMLV^vAN_YZdTjN4+Ett=B~}EI}l=%O!W!scda;(Cz1R$qZjG?AW6%7<iH|UT$eQ
z2p0$#Io`Z(e`k+jRZ~N0KKN5(-cLi&dmOYh_|#1P6s+enSHxf;Uk+xdpS<231DM*;
zPfw<qB$jVr>=utGbCkxM<Wt7{rqyEEfEda{Z~&1#8!5k@!M$apB#sEltp^E)T^;pg
zTpME{x86Gbbx3}CgiqR-pM$g3sT|I6Tq7EXpr!2Isjvk-qwcvfqi#7+?PNp0;wpXl
zZYiNk_ICMJ^2U4zUvXO0)a|%`B-*lez^`)$B-o4jf&Dmtu*u#+L+UO}&9y_IKYE6)
zb+Ti#D>>{u*2**%8T2Ab(M6sX4Mnve$ss(m`j=A)f~-*~17f5Bpm^}jgwBw?G3$8f
zF~HPAeH*0q=!r<}$3ILLG@31QUPY(L_BS+T5-Gme>#Ans{ML_5zTU)cJ&c22SQ`a~
zB6HDuwC-tRkc>@jItdrn#)#z~bM9f6dgIY;1JjECf@NdD0~FHF@e_mHyY!uS*QDZL
z#({IVSpqTz<c&;>k=$UHVeSu-+f!ioRSUL2(Vu{%!lFNYv^!leM1ShYm7Gqj!5Eod
zZ<tj(ak-l}49>q;<EBp06;<#zw~6J0ao+(ON7lCPb#|EBpyZSPVxQ<9Xkss6HXw+W
ztw_30yTk~r6?lIrxSto>FPg6N0SWYJFND!1Oqiy$b+W;y{qg-hjo6*qWx_6%V>hI=
z7TfBj3u*ub9)w@EI~^BY`EpGS*$A)GY=kp(`~L>b{{JG`{~u|>I#|}NgXir6g$eEd
zF&Ht3sUQ6bf+mw-6<gki@dIDK2BS`<pIH4Xa=iTW*D$Aho7)EoYQycAdiB9O*!79q
zj|PKWEj_OWw1naQ$Ms?b*HgTBq(4^&l(PEZ+k-y&6AqE8w`sJ&BR@lR@`qtW{cZd=
z_}l8C8Leu+Lxvp-o0{PT2M4YTA?o{%C*Uaj^E1uA4bF=xaO}gX<i6b9mBD_yxl-A0
z$D$Eu#p%u2zx!H%o9BWb(!m@jR>8k}swRuOD$@f2LBNA$(7|`63;yQp;!$>?o(UWY
z@I&WR_K(ZYTr|+*!L>nkb6@K2V#>s&Zj6PxFLf-s7d!yiKMB9tntjWks1>z=qFbS;
ztyUyLQFGq1y6;0;=8Az&6N<%Fj$=o}(T+IYP_$3OF&f^q_j`KN(a<+(IKH`q<M?lO
zp|%O)$ngvF=Lh@c<(cTse?NKi$5v<BEEu9ZNq5f2jIT*x5y?rwJC34GIz2@~j%Tte
zc`_kzK4($D6`H9j-}e+ak7D#8mR~~sLJLBNiWuzxUVs4PjM$s2>2(I)q{V_98__2}
z3F*2{^T{s)eCN0LC7*n!BOsPnW1;SoU!W!gj|jkl=l8l#zE$(dfBw(|;Xe6Lca-jv
z4|l&qi}k@%dGK8F_YDaNqZ4U8IpSBwMF<J=VO)feFt5f%2nn+wuIZ34DSAK`8ygQ_
zLYQC9V7)@!c2=QJScN3L!e*$@F|5K;JtWM>P~i=B%jOWe$j3JABA=vo-q({a72EEk
z{loV^H8{)1omTlG_sm`bKldqZNS;|#8wibu(P@j>KmJ}vsDJ#oR}-4_j~`o`@GIhB
zj2@MxtOxUb<p;LVR6Eqd1_xM)L1IqTS_>%6vB7r2)uTPlJ}krRXtp^lUaA>}SwS-v
zJ(*TL%wb_=8SGy!`<KuD6-qUjF+&jasGyIomBBRVqI&FS>Wck8_e9Y)YiVyx9Lb8l
z<wX-&QN;Bsdh%a{<uQBFd}kB}rUedMItKz#pKeY&<#}A6y<rC_&iOb9fYJZ-h!S|r
zb=qX71kgllGV3^Aynz>Q<%&m=p2&;RG*Jz8&m7Q+CrHl06LQ6}!YERLl9)D{7#g<{
zvnwkTB+~)a;utWmu|oSDg3Ahh@LEd&J?Lc5EUUWd1tw%*S=AFyvesC+ar{no{E?mp
zMA$qo>&n%WJi^$NnJV^)zoqGDqW3CvhBqOK2bYb2wcZ&{Ey}pYQNp?b^13FeFH&FR
zv%V-0%lo2V(9Aria@3i8J|z40vsO&~#g^{TGFz)*`s=L%TV<z3Ow$WVM70&cXh<6J
zBA&tWCBf&Hn8vKE_szpRY^F}vJEt7OhG1G`>a0Ocb=IA)N9e5l`2S{SJ^lwnXO(rg
z=xgt=iDTsxC*L%2_Q1sH+YI|SBVr%7YyQ9M<7<MUk4H67AN#TJOP=YwQEk;F%5Z-{
zZ3VQ=^c`hxVxCD$j(2*VEOrk55SRiRKaj=BJPebTN4epjECxZhhzmL$&lZ4Z``9Mt
z($HrAJ3L>BGT`~-MZ(h^1&70wN^GQ(buDyaCFLk}IgVPf45tVtaj%0FB_whGy`IGV
zxa2-`)ydzTW2uw9aXV8lz{;@_SB{v!{Q~5Bz5vTh=Xn7VxSyw#&lhk(d4a8^s@a0_
zOwsp}V}~m-bUoQtRys(E1@?+?tHyD#=s5cMm0y6Zw2P{Ifa&APlWdO6k$A|RnDu;-
z%lLV2c+6}IKT0<xS1Wrp3Xjsa#o$r;=osTsdTxx~Th>UuWz~A?kR`0QrvB>Q0{i0M
z*k6n#Ta5X7BlnkYB=M?3IMh$RV4PpoV%aI!;!-aDAJ4Dp$Z04Omc*8_l}5U{at@XZ
z>m|=Jee)FR`G#12Wsm-Ue*S&47v~?N-8uOY=3ha0$n%FIrc`*y5@A-B-vp&$8^x(7
z?@{Jn<J<*0>XcZv5CDQeeZM=Zx<Q7Hs>hAq@qD8fb^$R%`w-myk)fkvHm7cfJ>GSE
z>hbeH)?YiJzjoSKckK{ZZ|$Jo+KIijQ{VpC0an;INgl@0MaKOo9Xs@o8qz=S{|qzW
zNjCT96r1`7a?>lQL`7tbT>Z|pAU%RLXOJFa$?T;Uz>4k<>ejie(1wK%1`9{C!Ye{(
zw02flD_kcqmRWtCr=`;Kk2M3*8nxY|2WyyKog5ajs;?eOy+2gw7FMALPq2romJRCI
z!s<M5Mc4nUS%qO&LMzl<3%<nvisViIJYkTazR?4>6+VRPSLpg5aIMhw%WyrfhrZpA
zr>1V#SN|mL{K@_de~iDg|4w~}pf%KKt!e*$s~-9N+%|2QaC{pnzt6tYThR9wZ0h&C
z_{n#A8}qyK{M)<8(x7xc=!h_BTmnUi1050W-!4Nn(bbk5aWH9n#!sv<ZA^S4T6eAC
z>*-OFat6<|XGzlFS-Gxu5;^_EuxBOrFv&V*t>j({r+#C6@xIyscsG%wXY~k&fQf`X
z^Htc@FGF`0?=UufTQBc3N}!|;xcClL$-IzR0nR?vu1}!?Uyd0qYifk(rLgbSZd1Cj
zstpYJ$;KoB{8zwNg~Qb!p$xihz=FSI2>k4`MqPtdF?H5M7_R11UJsLvsZP(bXxI@#
zmvso|mRUMKO>i~O6qgSl=D!L0u(CrUsB!G_YcQ+|<fe#U*Tb7STu#DI{G&ceYo+=!
zT!*HqwvtaOh9r9b+Nh?y&v%fA_mFix1??fVvYS5LZ0edVG$DTXmeIu}eE&l^>-3c5
zfqVf;;Pgz-&vDd=Wihzffm^6K-pO{zOm1cJ(-i3XzBN4sig3-tT{|81Oi>ns+Z^%0
zLG6@3Os(H#*xX2}&PtRh?+&}l(-Z2@=EiLTnM0rnmN)iKHR+7t8al$}2G+tTw~I)C
zpvf6*KU}1Yz_7ECPdghg>`DmQ^ugBTcvzE565lpqGi}*6ZC^tQM)HT6PCdFH+>N5h
z2X$ik71+=KtI`NTuA8BAV0zt^QQ;dJKVjkMU?HP}^z~TySg`O>R=5-k3xb7DnAwp7
zzM`B`GuK4it;piw9snK`2EK!XqXB$#7#LIiG4PQp2L3lLdCK_2(1Ul1WzCIYDvRt+
zm>jfUX__DXDnsT6#z795A1-uFgZZ&_M}+y|`Ze=o$$B<F7F=j@eqc1pkohrfhhcs|
z6iJ#N&fxr5yd}c?h!6vr2QK|p^JB}U2=imrr3mxmol6nsN5!RIo*zsPRTC<&J3jy%
zRe9a{0pP={uRA{gyl%BNKO$^x)u>1RuJ2*Rt7)4ILM>i(?9;Zix^E&D_4(gvORM`c
zwU`m<UE|Z2H<IMDtMwbH`XVFPzgOi6leTg26#lktMYVwn6ThQG+SkwqV$tYCk(|*n
z8~3Yl%IGP|kT9dXCtKn%S(*C&Xe*enS&3;jKIJ9vqjo&daeDi@zI#A0`zKCJOyOok
zm}XtQ^()q_m9BA=@|@DiPkE|v`V3ZtRz*M)ZKHxTQ4Bl289b3=n!0McwoMaEJ+=gA
zmhw8D=2X)Gte)`RK!R=5kG_mVf|!U2KUan)74XGe3W=uPWBgt{z1L>p-?Llr9^Ak5
z6!3V$v~nn}-_gLhm{DZ<8b*<IXOJSXmaCsuA2>>eg)5^#l*cW!Zh=I_M3+0aC15qX
zv07&fnA=lhpm)4<sFxWSy<Tf0aw}CZJQM|<v0qZhU=t1qya`*4)!dfg(utZdiZ|gs
zV>NgNny^IBn^0<K0u%?#3}+Q*LAiR#I$n~Ymux0o%<3HMg6Op?nY!sytws)_=a%1X
zvP{w$OA4v-&zv6x`u28{zKvdC?)2XgEMoHQy9l=11p9$tJqWhP1lvWhW(3=3g8f9W
z<L3}|&;;8{u+0QJVuBqY*uM#O%mh0ewq`gBHUms%4Ecibq1rIJ;TDYq?h4?mVc;|l
zZd}E{y~9=nBRP0KfbWW!8yvuu08R}9r*iNc01nR!-j28YSpdg|HSHM=o&ew}?51=c
z>`SLb5r1-e=1Dn@MzO30Hm!ItbnjD)A5BcOiQVx~+L(=`wfez|FeQy~0E@-MaHfLL
zI|k%Ga`ScB%|{X04GHAig8~`If5F#`{OeD3`~})`!t}@N@Fv>Z^_`jaAU4zQgLHRH
zqdO*_&()B84kbRPCZZ+nZWPbm!{#}N=!LNnMYKwk)aOhD5#8ZT1Q8u|CW44QdAey4
zoq|HPR-Mnr#@F*YBDz)`x1tFVU8`oSh$y0$HWD}iz;8id7DyMtgn{M}_S$mIvUWmY
z;kcQzpL$&L2n%|Ymd}o%?QO_cx8&h}vB?(?c6CD%`U(65p&G2howrBvq<LgrL@PCK
zo*hI=5}!z8f4%T>vY{mg4ynTI)Zk;E={CG$zT`H%tElCy#Y(PjTwMNBw3dBOd0v-n
zg>>|_?O+0X{YTsq1fvI`T~bQW#G;G?V{a5`XP(xivCG@gt<|E7LklFeNBI;Y7Qy>7
zTerJ7rXK&Qr!Fc1yF6}e+--Fm!mh<<+Hg#t@#Hv4D45$#S~YnFyPP$BhQXj6vqp>M
zt<dfR6cvUgzK>y9fQ#sr45a?KI~ycrFRbTfSy_*KfN4bRTYp=IE=ZEMz%IM5S&CYt
zPAe`K7G(>58?1{w==5@2of+sC^h;_HP4u5nc$RAFz#_V@;Oao7hT{f~W9!vz3CCW`
z^bxFDMI%_9ku+0BYb@BKuBVS>p_cYMy~MrV4w&ZC5VnD>Xx8uKiD?fTy{$A{3vD!9
z2k3T1Yr0jbwe>W5A0;+e2&)Dv=hkfl{%4pzdUa}_FLCrzqBv%0-0Hon=DRoYKicTc
z7(Z(qD0bX;k12RT`|gDn!U-P-i#@{UuKk2hMpR^cu-qGatQ{ecOSg88US1ToJ3or!
zQxHY?6i_+0{Tr}xr~#j`Um!k92%p#oR+1G^@hY&WS^0{<^I!Nn;-L&QS5>x?nGB4F
zI+x$TtW&4+8z40G@$ICD7pr-26}Hj(SFZP%j|%=r!0lJi%p+#Y&|OgruNXBSI~J!1
zKJlutxD6KHEco`BirZpwvfz8iq(12`l#dhBA9Mn^c3O~YLlD3oSeO+o9A@xb>I0rj
zee8m7|J6_~+%}*^)BnrAds6xvbA@IB%@n;DDo_T1^ujiS1offTd>@C8K=W;e5xBh7
zFajsH8b;v2R&4}!va5{GEZkVBPF?<0Pvk}2Qn;}aY*)R(3R6$g-sCIn+J6fJ_~ZE_
zZvKeBpW%^d`Xl-3<M7CMc;t8NC-tO%99BA}%J^iR`l<2B{`jPSFjc)vw{Ph36)oD9
zRnVgCqY9q&<f3ZPKUScg|B@Dgg{uEcZ6ov`ze-Yfec2N&?1~{0%;HMSOmk7doU`R%
zdt!{Q<F2lNmoM9*1|X7U9gmt&quySjuPTexa{g{fo%1C%@CGCJnJv`Qk~)@y&%H?P
zANvF?VUN6Ms6OaR&0VoCuf9GA&QR^F(Ek7*a2&~IUt(`{HI_wf(MGpnGmb8~qV4%Y
zd-pbW1yRV*24Lcg<bhDEZe+Eg<N@BoRg;Y|rhQMYOAsRGYhQ2zt-&F7{SJ(b$Yc+O
z6zYcyu)44B6v#7d#U0!;49`-O^;yX$rK+Rx<kJgt9#2`(`iTjcssLM7UzNq7S79Gv
zD)O@LC2w4mq^yyuE=Nh_+viVFs@=8Gl4YM1SR>WcfL&_PzB?1_yPI3-1Rm}i`MsUr
zU*q?!`TbRXkKS|cs;g39qvXD9Dftf?Z*P>6e}Y@rFbR@5_L7x->>`?$JmT{E15!;j
zG~hzaP3#?z2^a0QL&`slST2d#n|ye{2A*+)NVjk=Ba@OeP*e)Qe!CE?2VfV4+gCqS
zI}jQC61*KtrX!dby#Q<gXxnzby5y1WJhGy?<ISECnCnZ7si#)@X2)XN{4E*sjs6(+
zdksc4d7sl!?*z+o94M6Omi1EAHBj`V<T~+LFNCnPoW%W}HZT=-L>wol<y3H-LhO}|
z<Mj{0JYJ=OalBl!gJZ=cr(vAFpmBl#N-$1?aGbj4C?{Z?itY>PbJyVTad6!dUM7p#
z-}%L`e)%>h`GnJPfc49Pr51FeyfcPu?#YNc^`uOQW<!i-rkVI3H=So1JqsbPQMOg8
zIvgW;huFb976!6Fz2yxWtpd|%{W%(T64uKTPG&2oWXB0GiO(1RxDr*`!&0)}X*tOV
z=<7Z>{6DFgDg6YcDl6G1xf?8*u(K&-cRZQd;=4@uwLrF*bs|eqvy$tj*CfYUNgTEt
zPjybIm*Zek!7x@!RgG*IFU)^Tsc|1;<hDx+R7V=WVKiP9+W6tUYZ{InT|a?iN7v(N
z>^6f(M9FGNxg;rDq~u-TQsL^&exqC+BxNVNh%U+k|A)*AF@vnGf!rH{?vjjm;2hz<
z2}Y_dj#MicDLwziW`m1F(76ft)F+JrzGsWEmLSt@S1^qNR)wBD%8peMj@eo~ID+Nt
zfUcjimFw~&N$8E8f?IGvYi}RH!=P1Gk`}CDI#l#x@qVag$H>s?oUn@c#)<gGBCB?|
zG#aa|*G`{Uwf8$i!V9dHjVDf$=k-`zj+E~a%dT0-Le14oTs~|V>kamf+-oq6n1tPL
zI&Z2|-`!8=P5pKT&zpMg)KDtlE|!r6=vc(<>v#|^XZvy{j+`ucH@Wvhs*qKaL;Gm-
zQijn>heP|Q^f2LM(Q$e;<t{;;a`-wpB}c$%?$zty^!+}<Y0QowPWQnz=m)|6N1J)|
z!rGpirB#8IpZ27vHrU8j)?Qd+5z8h(#$9EfTvZ$6jD}&+5W(Dv#ADS@*lT>ZlIKIG
zLropWi7yVlN{7Vw;6LAE52mn^r52{#f*3W2r2p<<(=QuwnRG)@9Sd(tW4G$zC_GnI
zqXvOeUju)X<4)yZYNdM1wVO3<qCnmFAMXFYu(v?=p@v*+w`sZ9N?Eseq0DQLxYYNr
zbYUgPb@a&?w6|k~q@5A+G2QxpNd7f3)ZTRL_NMJkPkixf>`kweuQNR?UuRy1(^DW}
z!p@sQ6LuoMh?K8)(K|hVTfW{~zAzkAHJz^WLBW)+^HbK(>h3)qe`~tV^{eQhs;P9H
zzGV;m*Youz?vJn!CSqZTZT97Tqrz>ok7D7kN!RIOW6)%}&QVaIsdSyULxrZ&b+&~H
zzb#$o{H5Ar!?l#CDz40su5<cY?Ii0#4nFB7CHuiK5%ZU|{AWo1#kf#<>9eJ2diiq2
z|NHck_vUY;my4hOYI+IDZ@ue7MlbK}{>}9A%ICjKFDpO&@6*e<JrU?-|DFi+vT;uY
zdiiY6uceo)H-CX%dcOG!^b+;vFVM@uH-0m{-21UcFIgWGLHt~5pqINVHG1jA!C#dU
zz4Xe9NH53VG}Fr|Ybd>3-PAO_JpWnK^b(ri$`t=qqMUz{r@3fn>P0un^Nf}09vF<7
zDd4%~Y^`tEEv*bjnLdbV{+j17s>$)(XCwR0=CZPe!ZB|wJyaqt-#9rW$KP%NvgcxO
zCo%<h@@%)M-$)8%TPqn0JKC(2hiZ<qO%|uGW#!Jql*yv23IaCQXO~}ajdL>X*JjLb
zk}ZCDD#x<JseG4{@EwGRWvda{GsNz6l&D3WQE_rAmvfYL>cMZ01ag!EpaU*vPiA_D
zL!{^WOr=^@d`?iViauqZ&B9N{4%;+P0Pm~vO3ZswG*7l{gy_#qH@86uB36?%+DDl$
zrpLBt)l&n;=6}yaM{g|u#&yftEb&VpYbLhwxKwqBwXr{Y*L+oQ-NI;La>7PsThWi~
z5zIPM{!LM9*>ah_S7Y<Pn_B4?Wy@B7bD50?Bv!SkPPR;SuaiRZC*;C<g#5_oPl6OV
z?gLjLL1Tcas}DuXHI=l6HLic|fi;fR>MDWjM!JTz>OBFvp2@CT;-y&T#%+KtXu}CE
z<dv`iR?k*{Z6G#4@)}&g-h&I+PPlq~KwNI)UuA0@o7L4`3RH%a6*0|tjh`)@)?D-V
zV!w_4?rdr7?-X8>)pJGTm(Bog$y;YwCCg4pIRn0N=^r-?1l93*_J=8rXU^O#gybK}
z!)=}`G~b<`frj}GF{<*PtqnL?Uxmzf%*8Xzs(ZEBA=iN(h<vkLbt(=M_^=6d-Du>L
zJzA3x6q@|thJknjWyOdMDRROEj8dM;Zbv6(u&J<yO$D|5r0aLa`OYTN$sEghIpI76
zGOjuh1Jg4}@(i)yj0Y-nO$9vZpyRT7y!r^t(AG29=bTDyd8I4Io6RPis;uYpJp)M$
z=Xz0R*|JY|SF>ri)`k<GD8ly`@KtbaM-xJIeO)bEUabGO#UGWr-H9>&^CHH#H}}7m
zY4n=9jwuv5N|9Ao9<}8#aZIPPz;!N{SOnQSFHMHkqyig%i!NhHhU|IB1|?~5jyvH`
z;OL#5kHaE9T$w4h%`SkSJou5A>K|WPJW3GD2Q#@}TAVAmT4lQD$FPElVEO0Cwz`Yw
z3gQbNz@p$Jn(@JQM?8$M<nJ5IcT)t1G_0LZu~pbqwupjgG1*pWf;3lhd?$K;kCySp
z8LPqBOU<cHpjatT^U3vTvZcn!<3s<XE`6UiTCB3?sRDWMQ-$Kg+l&5=+ggw)S@AoQ
zuNY11*NSBfbN0Ty5Mmq7v#_Vpv_2^;C;&y+*39a2T{r3`^efgwqt>ynVKjjIl>R4j
zlv>$Q2RktFu4mX-H?RV<+rMI;;gqTvRR`8Wzz_Gqt2y5O-^$*YExNyd%r0>E-(__7
zXTR-tfo1$I-Mo9J<k;luT!Hr8ZI~t@koshWQ);G9fj@r$Omze5H~&gN^N<{6Qa+m!
zXz!j2KK!zhT?qC@c38<vzIk}=drY0pCW!PJdslZ!sbb<MmM!JuGrz{OIdRx&+4E?A
zj%Qv0q-VU5eSdHkn=RQN30ls^q7&>TP?lM0fq76M_hz#Q0-jsy*%ymLrZQtFuP=kB
zhp`)AUlSCpl|4Y6150>y&$=T_;@`Mc1AToflzx7=li*KdPd-jh{;WUw06YmYP<?}*
zZ2y_|qzt9=4tL^S{Ly>iD!tFSfr5I|`6B`U6aGoEQsXNJ0m}X^q`z<wvEps=3Ct}9
zi)nBa#5W}Ti6Z02V;}l&_4nfLg?S${ouRY;CaU&7KWm??U|0CO?0r<iXa?%uYmEUt
zwP5_m38;gnsl(syiB}owkhkd=W!azjc_MGix>;fViC`AZ^al5e=TRGZ;cGn3JI@$$
zHq*Qn4Awp*(VuFL-=qwZ+{1FM;G}Pp1J%fhCoF<j$d1jTcQ$)T&XbLKnAs${I6t#=
zZem9P5{(Ab!nXo}vdW@w0ER)l)PJo(=OxKADh=ZhLVsLhI)S>QgGC_n_dIHq20w~%
z5N)mmr_x*U0`Jde(|E5Bb`V12_0MB(+?SKwXb$V~@OH861fC<DmmoeqBVLJ!SBgZu
zl8Jcj2I9R^Wg^}jr4J+Cqq1W^a3ibh4-mYA6)@t(;2rlFf_EVC_R)zKR~5gWejz$X
z7oy)B!9>82vuk(JQJsLTA0_}RX4jJh=qX%mP!Nu6CPca<=6H%&N6pD~4xW=ImV=uE
zc!cI8A2aq@jaXKL4EI`ChjlS^*e2FtKT?PN2$@!Y&-!XF_SKe39Nrwoby8rho8JZv
zZ)-scezck?f8|H8({L_P7^R#K5`>Z7n0^>(#1oh3RHjIhl9?-cWAK&eg0qR0<oQaj
z1p?WrC$*QCyygESB*PLT*Ln4fT%R}%q@DgWT#sSbx)(#d+ILX^53AmB@ngU`b>sUK
z6X7LS?~weQKrF>E!h9!W_fZ<1-V!^T0pjxGtQkT7qQW$%r51)^+iVMkPl3o2%JIPc
zX&BjTILN9PnQ=AQ@!i}lA(?1`<Qe&EJfhld5xzIx_`SgWQiQK<3&u#(=AVHbq|lcn
z&%;QKP6`$fQ0>bCWb#TmwHS%2M=Jy&+z;vtTucn7c4y^y=j$zw)ZR~vP3_Hy)LvHI
z4p|2uB97SRjKvVO6jye0{-ZUHg46AT3=+e6^GwbT140{Il*T$g#Sk{mo&NT>qr!7{
zzKDgH!NLqy_y;V^2^Kod>)LaCU29icyv)|MN5ky$rUkSL>PxJ`xUiM+IK4s*RLBhk
zg3cBX{#}bNI`Z$dvOWB?!9B;S_UFalKHb}7FKpVcvBrSR!jPcI?lFiUk4t&DLO0r)
zI)3KNY2%;baVhoCj^&S|-}g+k3PM+RZXW1fkE&Y%9iadIpFR2B3Ab<3440hBM`(fz
z<}TczhsTs68$NJDhS#p7$``WPBI4wYzJQa#8w4^Od33270C8$1`>poW_FF1+>z~Ta
zS^&hP$BSISwtv+E+nxame<8Fsi8}VncXV^ati<AKIwr-YE}<r3Jez6?Y{c!VD7KLL
z>5JSd01#M$PzcRqAFO|LTnn;si^nY?wW8e6GlUVG&3dVu#N~7<u;}?j%6@^<Id;^N
z2LvrPK%o5wFk8fLu~#Hnf-ME>MQG|G>RhdFOTVOsyB-#8WC<s>ElW(ZkeOs9e-Xr|
z#Ha~W1x|}A1^N#j+rS^o<=@*796SpQPJu<US>iD<|NMeJ9*rM{#Ke5uN|s6m79LxS
z_E{FMN<jOkLJJwsS;2Tt$<r;Bs66)MqtxP3x_yD)8tlX@lJ}#;*LX``qw*!(ZZ5tX
zw^V`ypMSrKmP%X6ri}Fy$D)fC6MUOj$3oVyST(Kasd1Aajf9fhOULP*=7iI3j#Dn-
zRJoFHIuNubvl^|hxcS&6jzm4({(;{bti}*0YZT#RCF?65wsU~9s{yBduOLntQ5+|U
zTa$HO-Gy+v_PmbMpFcpH64_<x2O)#xZ$=17QG}302-U41gmR-IBgE~;q{j$@e7aRQ
zLI$%jM5ve}R7~Zi9HBW~3<$L*gqCUut>6fC(#+%fJg*x!PMb7+G8-E$NkY+6LG!rV
zIX){mJ{g2hcaBfxb?~V)<Fl1+f8_Y=rgk6D@KHHFDwWrBd_L@Kz$bk%;u9au@k!#L
z`a7;}NBE5O=mT`a`!p((884d@#ARMA;gS?hxTFy-qdq5GQlcZ{g5}=Wx#Otu8Fags
z<03_qzeP01B`=zA$)oaoidHgUe<uSjPrr<~RA{)o#&NN0BBkOvZER*e=^8hwm~tx^
zQZtC<H8F(DYaE#rLgtUl37I9=L1qcH{zZ<=Qo6PA+ZEL4N)4F}9GMMNzLg`>&WOz0
zFCj7*Jcz9rm%R(i!ez*%S3$a#l@#jwm^!DDOc$ZW>gM;!JPyV}t>QN@$<$^11}I2<
zm)`(?Q2&SD00UIL{06?GmcCDRjVWd&E1GnhG*f96FU>HO*6>nO2$%Bjc&RD#K>7E)
z)RefP{6}7Dc5UB}9SqX_=l9e=xFOJ<XgVFSvaT!aVGO_LT+O<Rtr<~89Om@SWGZ5S
zX^3Y1uo0HUf0||yC}$WdiGll*AVdJJH$g+J$&)~Tc6w&!v$ae?j-%0a`{W84G6chE
z!plp@$pwt=j%#f>l3;90<=5C2Ng6yXS1jv-8%JCXD%6ane_p7~*(uYfjhixU@^mtm
zX0vzFw3$<;8?!K#3(+)tHCfKBh&TKv0SQ954&UcS-*0f*v(fGC{MKOWjW*z#lsBqQ
zU?b7NU;|$JVozP<GqgMW(=dDS*y{zXcv1c8E1JDH-)!$v1U~4gRq@82di5)VXT?~_
z^E%nOd)%bv6d#b3FYwZnQ4dz&EhVK9O-%w@ODV9O;OfPyuLxFO5xKgwU>#_s5p8p|
zXy?9#=Z$8y?XkFz;Ole2Sd1!VMn}Q-+=Ylimls|%7VC*SvP^ORx?pjC!PnRj(USM`
zOUB}MSbVGCn|j$;thc+z6+E=NyAoZFe1g&C=qS{6r}re-DHH5C!I~57tO-^}F#l?V
zHJD)M2)2b_*Gw=94wwEPf`Qvw5Y|YrKNGCE2}VYZ>2nAcXM%ydLImSzUzoA-kSm%k
z@(HE``}&53KuFaqY=R0s!YbUXSNH%bbO@`^S+Af#g}AT^HoZatRIr3qh}A2MfC?8b
zhgP_JS*vg}RPcvYxTIHzg$l>vR;f|n8%#F4OYrYno&GA`QUm^8+^TtI1#R5ziPGae
z@@kJ%(AqEGHxRO1{SB3swYm(t=PiQ_N`K2BgHqly$e^BY8D!8+Zy97zi?<9i=<1t6
z%Wja1Kfg#}D6^t;W9xug^P*-souYp6qS3M&9(kWX($@IMV*Qacby3(O&+td~SqzVi
z*B{AHAAC`>mmbNla@9<Jm8TBkSMh4!7d1QXJKm(T;3Typmhlyrqd_y^2K#m}TEJBe
zXO>K!xN9ol<LBN0`|XQGb-onj;%ie+`sVNzIcxCx7pTE~jSXJ<0yNk+nyLk_;DN>b
zfvbYyff9P4ul_*a-~$u*1DlKw+)EEM(;uL#8a3Nd%S#%ADNG90ZZBvi?CoFZsV}tE
zi$}?1`yb<b3q1ZPAO34gsMiYA!(Q4@m@~e&V63spORp?Yt9Xq^#?u-5{qVLZzg8Q+
z<mF!)Fur%#`S*eo8_-}5HzSfHPl;9CH<)X1sFi_RmuHOCIblM~J>D2#m=Ld3s;NPn
zZ&7Yg|Md|b_hc)_vdfQ%FOZSOu(V9~)tH&hQ@_Dvep$+;1qT^ND#=nVR~?U9aELwJ
zU8*`13&+ME|9%jYcyK)TA9e+Chqg`@3%6&nlCGaZi8#I2O8m?96;_~57SH)6i$5G^
z*Y%UdnLFcI!D)7JfnEG?9>VPOAIPrG!j)^Fja{yj+|}_AqNvj8xa8_AJ-IDUvTTL@
zd0C0sECs40cV(XJ*iuxFhxFj$I?~&vRu;ed!F}d#%XZ0qW<IyX9+N2uneISa@%i_m
zKa`8IyRMYZxYQB}HHpN(rVIX?C|-i3w1m(BvSU9T9?Krlsa*DV(D3ohju|{ZX5Ma!
z=-wcCW;9^plna@b_)Jiwg`!SidmEM6xFNH&p`GZy>vloN7ME8J_r#Q9RzJJAe123$
z<Ccul00Y;j3POgsJm49!BGb{}`p1lSe8uQbh^^l{0`!n&sN_JTZX4MDz*a}DG~qRj
zAXL6bT-29+0t`5Br@&{lxjf?o+=xd-)>8^~%PYkfI>KS1H}2=`)RV9`e9Yf_a_IR5
zME&;8w}LV`VXN$3p9EpIyy&3n8J(Ex^vuZ1v7Cb5-;S<*;rrs{sqmt!a@Eyn*?rXl
z33}-iFkbpv-xpU-vjLt}0wx)&v_hxlz|6V)P$Az{q8}>!6Zf3g-mCOK%my5^(D?an
zC|MY6mY2K-o8>(G(ycEuye<0y?|jJ{x7N@BIgm2=XJ0q?l%`J`zdfT2+z<HYix#Br
zF@CV*MgL!O99PA%ZKxYwaV8(uPCCV}b{MAJF_>CMMi52jN(-(mU=N7TzsHwsb~vhu
z&jFL3%&)8h9kJ#+m81UK(O-Bj+|+{0-+S*K0mo5U>5>SC7@)1o3$B&ItW?g4WrtCl
z_Ko!R=`+&PrH|}spXiAm95we#_6&ycI^l?#za~dHXUb=-w8zl?^|E_igCnY>&c7r(
z^@u+fCl^o0z&E;T$S;_)5jubP?oSD5f(FYI@gG@<qU<ff<lMRHnF$s!W^1FrWT}O3
zjald=vgbaldp3LSg_8&&yB+UB^so%g4DYUtfh(m-2E(KFgQOLcrcNYhOa@)`ZRN0k
z#&qrdjbynjT|6YGZg65?B7Cq7dr($>kW<%zZvaNj@psY38#d7y2~Eg|0WTQuqkL<R
z)b0K%^nb28aJ&W2-58hl7lGJw)dVZWsGhtS#x}k`H&EYr%2DbV+px=?Y&)20C;`o%
z5i%#U?v7U{%mTe|jZF(S1womnqoxx3%v<UDi)6C(;OXcNseNYAW&t^0u7Ptxcyd4m
zi6`h|WuF$15>6hjEa9928ccql6f);lW6&`O&Z7k!+qw*P>f?hu_1#(F7g%^}urS%I
zx-H{zN1St*;`VOH=6%Ux0HrdJ|2eQzYg1Oq(471iSY@?#z#lPd18(%L=me{+UeGFD
zl&|LmNx=*YIA|Qd)qMqAbUrZ~urI)!#=qdE&j5CrN|#AznVh<jU7r<83|n-?+-0_b
zbJ8@(d5|HNJ%_;n`)OG*(tI1yz2t0;gOS)d!AP^RcPxbIJDQ`^0<8ieLiTT`at2&s
zz@wtZ28h?c1#~-!4)8ICMA@rY^&&=<@H}CaJvl<ACnj;QW$xFKr-M^D&q(!KN!eQ=
zDG#zK_Fz3k0A%D@?_Vx^$-oja9yl716~QUFz32vi-egu^WXo@>(@`%e8(dkECzr`2
zt0$FBUB~V753)ZY@%@wzlILN_(bC|!z2vlib&hhvsrZAh^+&T0U6&C^D>QZ~JJy58
zF=#E~!k>FH5^x-Y7v#E<;FR#(TL}~bIJj$$-fNciur`O+`I|8rl%2|Y>Wbufo~M&w
zt?(xs+v~}Q$y7#MWo%pWW?HciPBX3`mU)qIEgl=#O*G4NJbcylJ*%AKsB?ABR64MS
zVrWb$d5!-olJAU7jD-_xoNBoDEGO?Zim&xz+4ft3pijwFjnVAoPNg0f`fP$$-Q(?(
zVm#XAsp9J~RlJrV{?eN$c;Qfam=e>6{T(|@$vPLq-o*qi_B0Ao3R@;)sK;ZHvRigv
zOPev>sT`D&f20!0eJOs%qjJ^BXgR?8&1Xt)k>ec#=`A*;Za4N9oBT1~vmfX86vgld
z_;voEACvEwS)<|WE<5Qv7|&1(W+*wf7M+AMYV=t=-~mGy=tBzruk~e)x6cV}6v5^y
z-<OX^<d~a)l2>4!fK6=i@7rwJ0qBcs-t0(}SpE!nY(TgSP#uzgHV(=<vFyQQ7?h*G
z-LlB;O3?L)$KF8wccjvXG1v28Tx0irDqz;oU>SMYfP4gF2pE^E_8A3o)d@BV>tJ}?
z2d~QBKAWlY4f%e82}Dfe5eMTjn#Lmzqe_n6X=BU@#;GLhdwpnrkR9K;ZkB4Q=zUd~
zKS=V}kR@ozMb=|-5g&$i*TyOBxdbGg6do*ztQo37P0Y|)=N-g4`?z%0dG})Emuc)W
zadD7!S{HNHS(7nh+Vok|v^0CY!pF=t$iz7dP1_rH;82f@Fw{lgTz{DVaLa#Tm}mVX
ze3(B7ALc)Y5A*onG|Wt2`@b>1d5eC<_ztA;b<WVo_vM%L@hyHSIKE?F(nRCR=`&m-
zaflUZxGpH)7a|KvG+r<aH;kdJbZ%lBK`gsqF$n2YYRQ_X^_FA=ThhzWk``J^sxzcu
z)|e_w<nMoP2@%w7P5GAx;&i(=B4^1CG{sqN==EQiaxs4kpK|YpPr1e6Q|__fH0Azp
z%r~{XiTM^B_41bJ&pFI0c{1X`VpS}Eg>}4dnrU28aa`nx<AUL0uRAU;_xvx6%hbPy
zkIN_F<MMj=xJ>?ytl<A1zn98>VSG%3Qnt@XoVOBj_L`;>=av_cB5!Axt6m5a=igs2
zYtX-$|KExOKlC^9{|^%W8~pz-|Nr9u&;G)AgHDN=uS&F|<m{=xXr0un11a2g$@?Uk
zC;@||2>&@=T=RUy&)T#V>nZiC1wDhos}-`gfWtRBSo<h3iS98x4-bWd%hv*KhcI6=
z7J2(gY9LIt$DY@w+A7zS3F8WjW)_&tMP9mzjtvXA!2l#$r<21M{>-glqDT|9@eoo;
z#^b|6GD8?Tl$u;hw`()$b`iC>f~*o=PkfDk<TWZ^!mSc+yfRQb{NAs=JCjUdH0*YB
z?B;0(R@J``V)v>?*Qb)k6;3bI(b|3^p|zWTafy!B=dW@@n5NJ=KzNMgXw}p0w;Zho
zYQ7N7(X#S0eJh>m+xVIOU6&1LZJj~ZFq(ma#0?bYuI@l+)lCVa^}}=epiP?Q8t<Ai
z9V|(1(XngAv6G^MrbUF^kFRj6nCK?3%Ow+qzj5sH>2@>6u7I#8)UYe&A1S8tQjT5z
zB?ES6o+i^64Z9T_yE&RENm~PUZ8Yq_nB<8d(Ky=^Rx9`iD=Y#xhw~H{<MhF=?NeRn
zx}n#;mdlYXl_~cK-^u}(cHGV1Cn;;xon=H;2vW!t159P2Ia#T6Ums0m6(7TKNQxmG
z{-7Pl=M-pkKWW@#$df#ij^k&#rq3Av#H4Yi<M>x^AY_ta=qq3qMt0`|7jxs77~>E<
z&*Q5}`f%B*Gwft7gAIw@$HymwZtvr_QVdzk#PH$D;~&hU@_b55IpEWahT$4kNY*kM
zs;_ZWXKTat_!Gh5TCm74Ttz_=+tiLQe2sswRG);SU*;AwF-=UuC4|Oqj>b~Dox*Qd
zQ0pr-tTynEY@qV39IHJS3|Kuioy=xpIabzK!m4=nO@!6+lY>}&y-+7HFs^XTE`&&Q
zH|yBNaO~hEIQxyv+RFpBY1<9?>eJ7fdABW=cy%nFWNCDt5lfS-P-|l`Z{sYDcdL_v
zZA=Zeapt(0zy~Inc=xQf)W%}o#zK7rw*QGnpcG#p4F6{u0RqO}#JjwLZa>eU+t;YY
zOJey5yvINC9+fYRr4e}KykP|VPvHn0(6CcEcF$-ge=R5J7G=-;kxc$jNc}N%NAW*4
zLQUmgg~Q?1kOfY?SV5@O$C}B9j_C~K0~c)|=rEJa#Kq0{f<H6F&*S)7n-TMF#__c`
zqc7X3JiZy>JLQ}K-z!ro++j10Z(cLPw@AzD-f5!7GM<_=bEd{5YBJ(+vt2`Wuc$LR
z$VFIa#ZZU*`}u~6r~c1u^EAt+#+5eX(`*slS2Uw(R;e{?18<mXwMY$HFhS>KlPArX
zG;IRR{_b3(88>5+iI<HQIW6Fvhdop<fG3+GwL=-jO}BFPx`DUb$~XT7ZZafr_*QCS
zz1HLgx)+*LlT(`WCZ{#0CePF;WAo!d%CJ3XqFx?HGDsOK+fa+)CCCho)Qe7wxy9z5
z%xF&RvN>;70o@n!W-Za0^&W553?3yw9mJaj(E%nxCR7j&dP7FE0dwf7K!DHVv+!;>
z<@a`Z3Uzt+rWiftm9ih=e~yQ!mDL$#C)woOvLFLZ9q-G4Ez)}MYQRH^pVZ2aAY^4D
zeWjr_Z6GeCMsL-S*iH8bI1)B1N5XC;B%aph>5TE(bRfYtZUUdD(~G7BcMsleE$Aj@
zaP%N9%1RttR_Q9y5`y(a8j0QcES<TaP{yM|g^OP_=F?(VLL9JGdK|E$);mcqw4$M+
z;H1kq!(D8W?CMLc;WY1gN?Up}8O@QwnEGzMmY3F^qPKkO4Kx`W_-I21;N;^Sg&$*>
z#aoF@TY0%e_qkT;z*4OP7x509u7#OR&DTx!rcH5;n>=;A7H0N|ptbD$IL_3#vQjG0
zTT<8yD(41*0lh)7;VmRvH|><-BYFn<mRhz{Yv~HQujDPQ*IL@ZTRM%$X;&AH(^@)i
zW>F!8W@jz!s+la$EHY94;Z}Uad21wH!W4Rl4TFK%b!9vPy|FQOaiK`Ju|xPEv>?vf
zf^*!Y7JQvU<tZ(Q<6b;v;JC^YWL(%nTl=&i^qyMXnb3Rhv7k|TDN2~0z%WWnLnTai
zj#>f#YKD&5E6?$TPgAHB5-#6x=}}6zOtYoYBNQq$)L!Esd5y}KaMZdOQTx|qTKH(F
z?dGUWUEPUL`|eR4wOu8MS`R?2sw5P(F)azT-TbR*I%=yFzWBj+e?-T~N>cdxhtT<u
zV^>eNPJY`!SU|i|TK}}<EWahOnU;M0bJDo}nMCWKmfHHKC1LmE>h65~Ggim0BVl(7
zVAnW56uZSO2s?>?HATnn=S6(+(=swvSniEIKY|NSx*f=|DxlUEYFHKX_ZL%nDaWed
zgaNC|6KUO}VYPx|^?Pkq*AcLSqd!e@-K*ncq`%<O?mO<1vZ7_s(w4AmT*w^+S`s6y
z#5RP_OoGSulexU5+d_`?Zo=k(hNa5Cqf&W2$MRXf0n7G;Wqd1bWz>qWoT6cQ$C#jK
zE}z#lg3%m7cnN$sUPrJiM=+&T6Lg0_Z>;5hF1G3R(7kjkwIY7qN?Q!^kK|E#ek;Q6
z?c)aQ22P;G5MdX)cP_VAX6;%93x}0=qr*m>+WJpquM90$^Z&q&8(V_E1HXYOsSf8i
zKz*u%-vF0U`|um!rfPS71B_m6$8SI`sj>V9)CIL+Hr;?Gqx$&`=veALeglf4x{cp}
zzO1g}H?S^HKj$~FkWoM2H?U??|Hf}%iK<rc8(4g+Zhiy%3+glc2DVbvDf|Yui`23F
z2D(bU4{khUD{ipI$CFF3Jh2&xu_QB8EWd>VQbGZ@azI)rpf3kxgaT4HKnexi(JUxK
zO@M(MpoRh*98ez$7{UOha}&n~wFx8iPX1VKXbaLgATJb<(JZJXn*hT&z#0k|&H?$M
z0GR^{LIF+=C=3PM#{tEmfCsb=3k5vL0gFNbc^ps?3K+uyuZ030<A5chfbksgUMOH9
z2iQUZPc##B!>Re{se7_hFYxpC!Ze7hi)Kfwhmc1{lIGEoA_uC;TuF+N+-vh>$L6`;
z$)0ifIi6VsPRCiuM>rUtP}fcuc*Kaa<j;}f#PErZi>?B>rl$1kIRbDSpaZjiv?zHq
zRj1=XQ7Z}48D1>%`%`nu14XSo_cwTF1eB*6{4G~;>z?}?%D0#7k|AdgcqOYj4`Xa;
z|2q64g<W|6NeH_@wn<LUvcwhemo;NjNHaM8_gRe%ut5Wk|M~`e`;guM`XaTV7jFX!
zAS}6om)P|>3A`kj=R$;%1?#}fwrK~8b!tT4h=+X<{VqBjHx_rm;(mf}-|>jP5r6YX
zjG#X1M8w+NP8y4E!s6Qm-_es18#v=sMCXlxb;ja2EKU@BarMSx5sPmTe6Q3;e0R#}
zh^cViWW|{^!?9dex@A^pb+Ze;Gp8edap)Oiu^wyw$+N~{J^4<vbH?J%SbT@z+h{88
zgvGZDz86eRG2O9vkl=gpLd3!8axr3Y?L{=1`<oZNJN^}A^zQfob4H~vAlQFQuulj!
ziC`;Cuw?|33HFr<wvu3d3AV-r`<h^F307l*ttHs`=Mna;3ATY?KN4)43HBYqz9QI<
zCfE*wy+N>pCfHtrl@rWof*mE;6oQ>L!A=q^hhUdXu=4~<C731J2)jnG8wu9J1dEME
z*d-6b+L~ak3AUGD9Zj$s306h01QV<)!QLTQvI*9UU<$!fO|ZTMdx~HV6Knv%?k8BL
z36@T<0R)pxuxx^LB-s5XSPsFiJ%_MIOt1%|Lz6bOxv1qtD8Ij_;0s&`%ZZ>@m<Sav
zhE-_1pj8+K73#t&T+l1@fC|ULDxA_QSfIlGunM($g#)>)!mh9i`}7K{p~9B13Og?Z
z^wePLU!l&rusWNJb!I`Gm0@+(^E$ZAIST6hC#=pYW1W6b=e@8xpBU@3f;xW-tMj(8
z&awMgotMJu{KZ&jE!0^UR_BHPhq*U_kD|yP$9s|q3?b0NJs`&<L`@JOQD8GBff-0h
zH_U`^2zUY_2yz-G5(OlfMAO@hi>|K6x~{9cuIufpD2R{=ki&yh1w?Lv4#N=+AzYbX
zy;s#e-7~}C?tVZ2|K|gl?s~7f?t1T4y+e=lSHM{qfm5o-SpYbXMBo(bamE48)Cine
zdYsz<=bi|h2lO~R;1opQjML);@(E6E1ddyeQv*16MBupeIBx<@-w2!mdYr|8lN^C_
ziyr45!08-;W7p&S4scpWx3=tj6cGD2PRr(0xnw0Avnm4~11~)N8@_O80Hx{qQ^CNk
zB(*LAy*Wkq>(Mt7bnT_^S#-$t=eGxNO8LLg!_Ob!`7!$Z<G;xBEc!ej(kId98Ss23
zeVzc%B7J@f@U!W29;Bz!=S+CMkvs>I0xbhA>W34`4^~YW)reK4W<2SS4}k-g)_r2C
z?}lc1<hA}Knx;vtAI#86tbd!KlUSdhp_5pjo}rUiAD^L<SZB@9NvsoR=p@$BGjtN`
z&>1?3)iFaSvG$&!lURGq&`GRqXXqr>xEVT$weew{#2R>5C$a8+SSPV=epn~5u6tM~
zv3~xrPGWuMVV%VK7xI$6Gmr$GB<)e27)OoV4%I2aKrBfFBe&@!@e>nd0l8MWdmLB`
z5?H{_atSQgNBUg1Yq>z)RgxoewPm>;*XO!CR?P*%uyTAXHA4UaSlP#3K<HJzXD<Sd
zKYPK=btQYjAS&;(7Z75V*U1YNTvg+_XBZfSRb>f#!9Y7+_Ja324?)J$SS^r6m2nIR
z@~1M4y`b%8HhTd%Q%PelAX_Ru)jGmUNA?0Tq|$=DfZV8Dx|6<utf-t|FCZT(``HV~
zgvt->1>``b_RgNvV$uX!@=g5nm1R5m^1sGXdrAm1p^t|{?J560O|_?-AFHmL=P-60
z4o=aXbZ~an=muxvoiI4{GbkE)njOlJ!!o?5&(N1<$kQ?m3uS1>GAz(%Xc~hVdTJSN
z(w<Var{3C=i$0-$J({zx2D>c;dz-@S8jO8EeW&_W^3*$oUrg{xN*4{*EmZA$$Ixo8
ztJYOJk7hV~S<P_%vX<c%mf?^33>|5PEn0>jE^DP<7>%&C8mv0>vE8HT$A;=ZR!1}Z
zRm<>3D8u_KLkE3^muQ9sT81aIrzN4Rg)Hk&>vdW0qgn6PGTax+;9?p6rO(itW*DGl
zaD*~gS%zYLhKr*xLt8CF2bMwIvVIz+oBH38m-^4hysm#A{(#4&`ZwVZs@O~G5C*?%
z=r5G;GA%*66bw=_Vvys9-$P?j?u8UE`U=ERtkQ+acFy}a97NayvssNWLYF{37-$~o
z6Ubz#NThFr)ZSXPhy1=vh>#8-FNg~k+o_ii(&noMSIRjj7k0Yv+1-ZIg`y6+gN35r
zU^zGW##;z|yW4o=a42A94OCOUSAKtYBKoMf?Zz<wdf?=4@<UfL?cF*TO(b)r!(e;y
z3`DgR<)I<dUa&yAs%h_*KB{T&_CDdJy+8J$roFr2*I-X{9rnHa;(oWIc`v`%d%MB9
zw+gI#yD{rt)&AD}jo!W&?36K3QNFL=0fT)nHUCs*n5cd4!uf9B42x?Oy=?5AEJ(Wo
zDN~mTa#k|B<=d~^HJdOj(hj%e5KGsgTS#%qB_K)OF@jV-%-6eTzMR!lklVTBJagt?
z^TM@)+=f8N<D#$KQa!6*8$lk~Ae8zW0i_}E5h>hM^e|fM7(5kXic%8j9A<xo#x`z8
zgZEq2SnCn9Ak}0RniuU?&9$Q1YY_}m-fHmgDN1|5<!=r&^#a7pqQ+-%AU1CnYh|M7
z%Y$<GvWY>k)eC|*Rrw){Ah&eMImzZsmwBNdjnB?Q3pbEous;oN-*RJp^!^^DUxn1m
z!jj8NIIwU18R^uIf^^aCd&nZztOvbbG4*obW`qAxuxvb~e1=tO5~w*V{|pdAvGll!
zfARt}+JDSUb(q@+a%87DM;=Dr^Bd*I%(;%*MJ-*9^NVg0<k-NZWiChKqD=63EyW7b
za7$o9c>j^%Bq%OHA}C`U1A`*qvG6q;!iP2ndPMYpJ2E8$f#z7iXp0~<xTSrD@5`ge
zn(Up*=CAA^eTRy?j&Y>_+`h*ejs91ijbs8ex-tvQ3r~TybZI@IULJ`QkP-M8T!{LW
zSix7&1cuR@>xE#guvu}QU2mbWn}yP^O@g#BpvHsnNZ;g3=AA<63DS3S@Wj=8QIyUL
zj>acOi_(R_O~&@*`x5SiTcv!tE6Lb(t4I1;bodvgjPND2&6n@}#*#0)zp>`ZqB%En
zxOvegzz5kSuz|Kubkr5Kbjt}_-BQ9gqO@6boadjJPewCWE-;h%<MG`U6#aog9@95s
z@EdXS#eBKn&RoY>Gw&Nou=1sT-*}`QqT}M?AL@s|1d$qtN$uAPrS+u#A7Y2LC*Q3V
z9JNmzBERAFALh%-MYUTw;bOj&u$JT(95stlhWoNen)@P|GYc<T<;7-K=40kXn*klG
zzfp}>N2ZctJbZbizRDoc)F=jP#m$ZRa{INpj$x#}lW>l<zvz}~L`N;D?`V>czJ*MO
ztwQN}3;ztdosow&;`GZW!&==4R_&=fAi$PC7z-h_7Tz!T#svlckwI>sxf3lSH@z;<
zgVkr4uf2!1r~TG^37Wpy?WkJRYq+m{3%5LGD?~!tY9&+5l{pIA)81ofPx_X#eoIjz
zS^Z7I=AhuXPz0`c+d?mZd*ZEvuRV?*M45WVMH(O%hqZq&nS6e6b3JMJH!jEHq~Tp?
z!^seTEtWQ#=I^9#GmP6CD?h?ty_kB5Y^!ujIFJ4_!DF)E1Gfd|g>yUHzU)u$%H~|F
z?>5D8%tt-=dn!FbCcypZ-fT>Af#^R9gzf-RcreqnioV=NcoW?63^GZR4}g_vK9SO-
z^*}9i$dhAz(Oj3DOS+0|Zwns+Yt$4`UPL{7xn(=psi!GjSRQnsepqRV8Ts-*;b7(@
zr^$jDLfOe<l5Lr=?RY`I{@!HES6p`v?|kjN?<rtmo+bUdY~IV@UehiDnW4p`&|*G`
zqs5>i{R!poakQBCb;X30F%#UXs|E4Czd#wcg2({1iBgLv@sde)Km`Pk3?vT<zQb7X
zEv(?zud`s*LU34JPuF9V%02l4vKNauL)kWEwOK9O4rPC6#z7I#WPz1yze2f-G6F-c
zSf9caQTjH}Ga9_G73m-Se%ulqA&_lbloH5KLnJ*I;Y+>+9D3mV1%Doon-@Jm9W1Ov
z%j|17^tjzb9eU)+=BFX-gvoW*Z!hZ1FMmAb)x%+;UOilL)*5i@@lxSyfW?<DhJ~SF
zw&9=tg<%F-;{M8)Vgz2G5MN9tPk=PvoGY8xxMiygVh?hzvx80cqAsKg!$_s-TqWnp
zXHIcgsk%Hl;SYpH7JZ&04<=hUA>p3{hVyS;o_DMKI9V8^soC&x_!xes-UYQOC3Sup
zM%%@|*;KeYuwmuj_r`Gin-}=fmpNm+R>%5zRu8pUfj+B$7aakd00k1l5gbth;1x<b
z!dNT*4?PLLSx@h%`^S!jQ!E<gj-Fz<rs65q#eX<Z&!P2`r-Fe|Bw@#$;h3E$=4OWZ
z%MyZ_LJ~fVz&thuG5^UhS1vgfq<)kpK0&y8|It_vd213kp8)%tVT6t#C)orn;s+c`
z;K4!#?7vfYgK@TT{=oboJcB6Zg7>^e!pjK$3$au!axO>Bxy8~Z%i<p+{qmb5sydif
z_0r#IRe4fX>c<%C`_Urm={`ewOM7}%dwPyMg~ba&t9C26s3yBQ;UfmYUTSgsvSP&G
zMv;&Q>9ipAOBNmHo+x&cMH}e6Y?!a>tQc&UdG~P1d|Z@vxg8f5-9<LvS+u?PR+B|B
zv)YROQelcv;czQFI@T3+CmU|&5HtU3Wm%>7<3Pu-^~OI3=`TYuNVi@@C)016fMit?
zl0~TZS|C~G8$>yWlq8vV3%;)RA<4?@nhcBGy0}|ll={7S!f@H#1Zd!bB{M7ei8}~G
zjEyDjjHT@yAtyJ%-rkp^+tCRHJWP<C$d8<_D>K);@C(92kC1vdkzumwh6%dSip&0N
z9$6lp_~m&qO|@BV=d~j%UhuVQ9F@(<<|QPT^&S}0w9%kPdO#b|xs!23d%a0VG<z|b
ze557^7m#5izq`oq75Hh4H$cOhLQpJl&~XFPN2Ru5gsNHjvgW8+&}}ZM2k5O>0y#$i
zJ%qythZN{HKJ|#0x=lo{6zHsD+$4x7G=&p=LoFWZ9Qz^_!K*ze8{~ky`4s59Q)FS&
z&Qr(}>Ad!#&U-n~g6*G$&xmp}w{$Ylf%1p)Tr)^ABS4NIG6az&8dqa)I!$)m07yW$
zzgLUe^UI6XjdI>_>iXzQ+=~dLkU%y#OPbowyN5u|%KbiZob$e0Ncdutq0;5UDMw;-
zXW##gk#vRGwDH(G3CH7=ztQn{e-Ya@iX$+WQ_Q&xvvd*NHf&1j<8;Z{lpfks2l5o=
zpR0f}Kj7@h-$;1B#y0%YSWPCvD4+Q_cEbrLL`V}Akc8A-M*6f_5oCfPXRXbVTja<@
z`WxGrBgf=AHZN+IOE|;sgu(@;YyP!z3G<!_qR>sM{1FRDHk4b4JTo*xo*}&I5KEws
z8n0Du316l7`Hd0lSCBFVV6%f8+(_jk>1j*3g(w~Mn2u8UK)#bxX{jTAVS~rFsL_aD
zjPg$=zwiu^e&+F_M0P1_;B(EN3d)E7K&qnlq?LbW1*+&bdCJf7<=f%7kL<JPB4=+j
zdC7Hl-Sx;z_y6zYr53rFEf;Okq@_(EdU-{8$qMx63i47%-Z#o9F8x@aLlTx5<fYfR
z|CPKn$d&0>v{jRqHf!@MM~*kf4~Z@>#q+)gjN;Od=*>?oz0_jS&0(U0{(B*L>WLlK
zl%*bsE=%<^wD-E?skW}nw$NTCO@-R~+vTZ@u>LX1Q+M#b8^Xk?pX-~06*G%3VT=cR
zlNt|Jl=C4JEZINF&m-0qU`(d`bs!fd4y>VkW4yi%cNpXK-T(5auy}p$d#@g^@8{gB
z$LkBL{|L4IU?v2*Zr+SgP}^<ev$++}YV?`=z|_uM2=;JYw$7jK(5cY_-a5nD*W@s^
z@0pjv+c)!`tGDk`&h^IcETEA)=UAO($BHIl$WD)Zvj{X;8G8hsNMgh^Y;`~I?`F$Q
zKQ>J67l1SLU)r0{0h)lWnUoiTWNQFdWI)^}JI#cxF8m(I&QekzjPD3OH`S(VD+fb$
z?NJ`eNyLMBp1&nLzPqu1j%OJA=ZP01#{ceXjQ@~pj6ZbG7{eTJsB^$A7f*D{6Q_9`
zhrK<t_@#sBpr<J#2P3m>A>bk<e6;Vyh$A#!a;QCh!rHU?PvPxZc-Ph2lW>jp82M>B
z<m0SmTljK_r4$<VoaBiR7IGQ{)Jv@fS5bULB9M27zhX=>@9hQSb7FiVN8?gRH4vTt
zl=ADiUxL~!S$spiA7*?d;%LeIGZ6Ayoj_6I*$ggO*e8~IY|Jn@r%#F?3s&J4mlMd~
z^vcg??OZOrgqrCkSthP14Iit`CKJ?lB4I21s81?$C<|08@1cS9Zf*Z_n~p=x`?n2E
zSEh?<6SVmX?#0)GdvSj0%pi@kXQlTb@4MLa<(HFQAl-)JX)^{LdZ=Omr<|%FJt0*G
zTEd(zB_H6t@%SNSx{J>4^n_cuu<;)_z&QRJo{t#+an~4s*KgX-MuqmXVv90oEClG%
zZ)xRY$hP&ex^4Yol735jah-lkn>Q)imKN5&+5L^}Yx-k&`(7P;_4f64{#WZ&AnUc@
z3hUMM{%>BdAM`V}XJABozP<D6?YVc*ZyK)x9sO|%rNxSY06jv4wG~U$5!p9EKU(!w
z`q5fHAvysH+h2FzZfxJ|=fc}}bj;P;w{YP9uzl^Ief`unm<;V}VQAmM`>(5gt;5>)
z+Oy&9OSne+Ud{du^c9*p+lt<%;rtQX>X8Rhh4+W1xg7_*H%G`Hnd<y>IaLk#14W9a
zYwr?$6Ihrn>Td<(YXKD<*$Vc!eElA07ghJ5p%`1=VLwGB#}WN?JUxuwE(`CkpGRH2
zzh-7#Pk)UW%{t2l%*bd`LmTZV*61wOXo&X!ox>3}WG}S&z65NuRo7;#7+j~iL=_$D
zu)Q|cUbe0Y%O0J-XdTwx*Z!buuN~+ANZMZOa4Tsu-zH-IXa1)7?=teo1p?f+Wfl~8
zTazg+7LX|pGEpFby!`}k$?AkZb5FDhAHHAZry1L``<d|Z>pJr4<M-Yjzo|Wa)b^BQ
zaNe$=)jGI9zf=7#YUQKE=YFlPvHpD`>VI#+)$4!M@tfwK9p>L%q;7V@{2P3w`M0YD
zoqwV{)<)(azq~DQ!{dGhZrCsjYv7yVvrxC*?!or1?qh6kzK^swo3$5RG0YqhKL1F&
z?WEmyW4q5}L~ZvnwY|cUqsvgN)a_B14SQ7HL@_gO8eg`b<Jh)q0|Ug?syl;!CxI5&
zM4PZ;>h!{S-U-ttf#U~Z#iV%?rq6zGN-=rsp;;h;ItX4-!FS2#MuV?y%%Z7wp{9~L
zk*c%-?`UJDh{$QWlT)g5k_BWu3&_)WupF$QvT5AHd^q;<CfjM46Ep%N!}8<!&KwO0
z(0eeAS7V3_n1dHM`jkBVrnqDsbd5GjQA|eC@w6^`>b+4s4Ufdclu+W$23NvmP+ea6
zh4fy1Q7~NXwkW7ZkXQ={Q-hi_f4eftrAD{U>(i5++hzBmKKOqyF)#g)n8Fe(Nn#j3
z);o+J`+Wrc^IU`e4Y+Q3W69B%aE5`%k!J<fz<<SX=u#WS4pDASm@_gNoYU}D6y2pQ
z0y_vAR?zL6WrOtw+`Vm$87Cb~KwinPqq~M0rwyG@I267-&V<o_(62F>WBrn8M>RR9
zPp}lcKE!!|m#<J@8ktK4Gz1-anuzwO&;mM>(1o+K2gV|W%(E$;Y)&Z|i&1e9%iCMU
zH&{73PSBVv!1+(3BE-Y}6S+{FCC7=PBJkr-02OQnpC@af)iZrZal!U}sF5zZ62ZMc
zG<V6{^w7K|Z}Z_y(w#|`4`2R6Q!rQ$imIAvQcW{6UCv#(`u)@~_UCuO%q$Mg%=sko
zjl0ma0$LCPEC%}z3aHQn>S2(<{)57N2AD))BPr}T0}SF18E5*rCe_MeM-MX7m56wm
zF+mmK3qUv>fp9|m!i#{gHv-}3CUr4A3JBjtAdJ<%a3>&u-Y66H(8o933tr+3)^pk_
ztLjBp+1*XO)TNiAe3h-P(KmakYxHG?n2v}w%F90-3|@i%*qsu_e?J{@{v%%F{O7jc
zM6YiP@!x_)$h7Eb_KU*^&4$Ziq}ipTuS4GJ6ITD#Pleb2J>ly0&$>qa4f_j*#=^!7
z#r<V)Gu&U|Sfd8e(5UC#+N~3jFZi-Jbj<TAswn2B2h}L1zFZsC&hXtByk!(_8%~wp
zr|9;d=E@g0^yJ9q^WY@!BsXk6ThMq*BVACEEGTZrdH%_>ab(`7;O?*xR<#!*>|Ri+
z`-6*uF<=-=<JzVvYdzgDDJ>N0cJIx>AYJjGCxVItKn`szUMVAyKojS3@CxBeQOK>P
zaXdK|BoS)eOo<`27FJA|{owT34^5Z{w7SOGW8Rcm)3FUVvNnJcTWNI)2Hl0Q;Glgf
zNasbksDgmqG-v?-$4a=>%P8#Ws;G8L=V%#b<+U!FBbZG5Y-biBt&-MiFWoSiM;e7D
zHn1vVkXUpPu)=}6?+NHHfy_jYNOs?tk+}QPP_i-^9B*GWliotv4O{TTF;t-yw_@Cd
zf9acOFgr)IJQEF^x|a=*87y9)s;*%Bb*#EUEl`4*3v^gWMX-ml4j-vx;B`G(468$h
zR)>jwDJ3Y@a3Js&Y&LUQ>E7f5ESjVQwK#r=*}yt3Lrb~9Qmk5vnO(1@X(_E)N{W_Z
zV<|Q*B}u)Mb!QeU{F5y&6H2l_M(_F5jBF2~Bb_cs4T`qzGLo0^qjBTUH0d|~-<gmo
zWKo#Y0L!8<JB8&MU@i(XQ`j&AY$$~(qYyU202@wW-%{8Z1FV3;KBBO@46r*X?0E{i
z-vGOt!ip(uvH>=M!tSN8X$IJX6y~I`Sq9j2lh(s-DQ$3dPMVFY-x3ix?f%P@LYb9M
zY^0}0Tn<N=ry)EC2oFXe{6#}}1Q4EyKzK_-C;)^PBM@HH5c&c_MFc{HhR_-i9*aPD
zOhY)<i6A^2f$*?~@GT(R6M=BgWtEh_3kdEAgw~hTFZ>=5f)UZ(9?=k{1HuFN8WI2!
zk+#8Fj8h3eP!~PnFU@|m02rv2AwDVIz}m0E{Yq&;z90BV@MV8jH~_SSZk{&))SA;P
zl|3_V;@Fi(SrSC@3XFtTq*C*esBuEev%R=_IDsV)h<<i&vJemvi#(AWw_`e3P~msn
z{VBsCD1-ZB<Tk2Ib7K<aKCH?O>?uuYlcWX%Yo4U?CYKZ82{szXb{ZJ1=+?5zqEv`$
zE#Uc5>DpzepVUtYg5%*6fmW=_Hl;FA4NAT|kybwcSIXin{}x%C2zkD{-N+w&@I*L&
zu+({V{-A5G-z<OJ>;i9aRK$(NOAoSX686BH3`a(pf`u<TgfcD?ZWMBxtDfe*Yexwh
zA@_xoW<LZD=X9ZXzXMXiTg}OQsw%36#YDHzRxKX{ZgvQ-&!>R4M=D2M>)=)$m)e|K
zemKc9hVKDt52AnxMqzwNLLqbM{x=7xQ9px9!wo$(sfAF<X@jXOoI)j-o0u&8wb+>r
zyZv@0h>Z^kx?#+16n_U@Ln3I3vimkV+bqhu9+auQ_cU_9P@Ru^&`HqwIYo_N2zg%V
zq0W+JEKdr_bA|J_?qTy|VFdp>@EZK@&A(xOpw}9i=a;*XeLQML_A#N_Wi<&h`Imyu
zA#s=>j>=k4|E;N^+~NcqVHAH%9EF@$ipI}-q=SO&vbbgYnmC=vTHXd(#(CaJg@lrN
zJyH`yA}pVw;~X<YB5p#=JJ9e2*K9a`yOld$)jaP~ceSrFe?JR>F$8zJ;IOHc^1!V<
zIgML%;)DT}GQy@!Lk_W;@+VXql-8@Ya?DDmkh9B!WMbQ<%!a5tgad+-`SL?1wQe-B
zJk-rDFER_#Y2~dyUtgUz^w#P`*`#U~dIxJpW7Df_VKwF97zdb)NQYrQgDmoilW>4s
z9&&()1z~=C?_ud4=^V0QR+SZ09s9T)LB1Tl#mm$@ld@quZltW>c20-JGgfdDmU{xa
z;iC{ExJhLM-`3|j#~~w#y^7}nud9sUGCdl)`XPLDF)jY?8z~n!O+)yGae))vl;w3Y
z9&ln%$MF%oH5&7*rqmgEK#~G#jOc7Vb7nGLmZlJ{1X#Le29^$e;ySx=Xo?p~Mt{uC
z8@T#ddSXy6BI~k+)3Yucu!!vG6!wDwwwb~_6t>*}`<}wmDQu?!wvEC%P}pt*>?aC4
zFHk=n2G}kN+eKl&7+`xT%uiv54X^`T_<2O|G7SJWoG0ADsR;g}J&O<48^FyYP7<;i
zxD|lYBEUl#_;_mqc0_<347?G*y(7TA8Tcar_lN*@XElEoz-=OGzJ!4b0qi9&WP8Ku
zmY^~^f+^Yw2a!KJ6Gmn_3+D+lU)kMTVY<BE_oi`T(;0S#^6$<n%kg$+y3ae0v6B&&
zds$~SpsQUe)36^WPr!G?)6XpEO(TZJ9;2+pjCF*SxS~Etr?B&qN5knwR>sxo#kYyq
zK`%nQgzmJQGqKZhrX3{6b8SNTS$bejn>J#G31xb#D$`q(dwU0iy3_RLYpj&fc(A4B
zit%VBx?&7@Uwj95Ut}&Q@hPpb!M<+8uEawH<&3?jDp-e(HW!8+ZIX@j^-Keka2H3J
zgnzhHCgEZ)dSGtRbH{@tj?i<B2j-NI2;(8N(A$IPary6Zqa2qf<zDr;{3)!g@)_x#
z`uP#Z<@4DYVT$rRAWYNqDz}k_1X^jY?K-JEFY@Oqe_~NCbW~?zLq|GqD~@O<dRAp8
zOPqHEn3k~l_e2Nd{A=wEpMR_RUw!_$dt80~!PLWz45G>nwe!oJqfqr0P9%V5`3Nb%
zlO;fkzIY3A@MXJz;23XI$P66HTwQZ;IEBFqskKrKJv8ER*2dMPQ$NBLY!VmX?Fu*p
z1|;R!r`>61;aP>Ux+w`~U4h;=99;mV*}@RqcsCj3-fvA<?=r^~>j?LtBKbd30d0Rg
z@zN^U9&6RAA69ZHb1iLXQ~`WxJm5pmFh9pV=F!NOUvMgqqHh$iDg|yI&7sWrOxHr2
z^7G{+F8sELt;ia(+GvI1zJPmH>`m%Y9O|-^eq8NKf?dF>lN+Ge<0Gp9Gc6VRIDEa`
z1m?F(*1=S`XRV>*Vhxbe?9Hwyt85h}_6;TWF|4vTuqMg~3(WP<*Nls;C0lHKpo<Z3
zs)_oF!TxJ$VQ2ALC}>zkFSMhp=+?u%bj~5jdJ4DqxJdR`P>L?A1SU_OY6t7@vUfSk
ze_B2AY^x~Gwh<P`nwuUJYSv;$)Kr5bJ~t6$`7rxrF<3)zZ63!ZuQ;S+VK&DV9~I<W
zc3ZQ@yN7JqSC;7gZmC*vH1A12&58-UOEz#)i~N+*eJ0`D4#AgY0efbp<ObmEAbt&z
zg66?XO)PGOMvXB;`zd*mClHBYF@}D;jcgsH4VpfP`U%hjx#+cme?+ozD1zKPSYQe4
z73KReunyVi_TUCwf1yhv-HK7a6zxCIV6p$_x5BjRN2K07(tm3quqz8%yAnLpDf^Bb
zB)fEFys#n^yLO+DUL{DVUQ&o$b)l8+nq^&jav?Gy7brsMg|73=={o}xgwm>C((Awk
zKiE1O4C-4o=d-y$E2_^Q^b3y7^Lv+MS@McbL7*XvX)5pCOrGwwB#@`=Q~8}gP35<p
zUP9&&nX?-L&4n62x&<gbALL(HtF8zOTBuub&hHv{)q|NINE4L8xSpJv<qG!SWQ!f-
zmKTto4tgJ8p@WD(Pv@35xjDu&j_~gor2ZX`UB$nnfc_o9y#J^f76STr%%t+bu+E8G
zxI(#BJ)=F8K!jDdoChIS$(U{u{7Q2{`bO{v5`^@%CHoii%d4jHvn!|a6Dv>gb1OLr
z>ck;!A-f5vWxA6s7>X9Rew#b-0EBxYlWnm(IgRwapY*#@e#|?|Ey3XkEZp~I^&w&t
z*{~s$I$GSDlMV4XbNE%iil*HVMmF)#aG&{6k0YzHsJq9PT#35G)W%V|pzOc(mmuUW
zuk;rCa)VP76=^+@;)=c^Gb9I#j~mf<0IBn~%JNFwa*G7PL`HY5mCQ;j$TAj0wbu^}
z>6^nBwK~uWh^1MToY$(BQM5Pkm-Na&0@R3}bDJ96(tgtAf<g5uy8V(n*@gx$r{TWC
zE|flD<%({gq<!D5pbbleDsa(Y0xJ}<8H=>HEx22`<(|3xa&K}x?r2Lm^`KoYR>(r(
z@q8_~UXTLd`gEG;>)l=0e2nxOS+VjsMU;N<q+TwJ1(yirTfD8ICoPKH`<GyOWl@s2
z<TBhtENV_BC=h=U`267Fh0R=F1<@mhQeIj7H*dBm9S0YxZv-s3{&LgLx=I!%w<J6r
zVP&gDU)OcQlC>BxLSNZ(uniAvNv}hm(k<DgX_gAX8g8KkQ^YMD%8^dN@Ys~rI7!w?
zKYVNotf%LHy6z;b&jwgzWDf#6K7RSomSvURR{Zk(_zb^yP<<)N;8kJzaGzGwFc$ri
zX@;U^<TpNW2(rP1&hYc)B6P+1Zv4}ofvc_Km;1B2ujmdt?BH6rZ-FI;UtT}hmvyWi
zNh&?uAWCPHp1sj63A%>irs5#xR7`6rkeN@g^Wt-1(xX`F%d-yiB@i;=w~B;iw|aa+
zP>cKC!=1Q6C~az2__*NsdS0s$KJz+}%vQIfvT&LZtQMsPv2^dHVZQcN!+hq--1IuJ
zri$|LRko=jKf5X{zUpA!>fUH2f5&XJ58>OmzqOLTW4^VY9!%ElMl1cXi=}?E$5C6f
z+3l$ICh20iEpyAHRWX8;M#HaFSp<T11R50J*+yPZiV1W{uXI)9B*$0h#e*G^((h6e
zkrF3c+)_`0EGbxQ{BqKf1@VHkA>->u2T4DsZV)CnkrDJCj)k4;R{#E3U)HZkWGO!)
z!u_G_wvvyytz=&0SfK`uf@2%#FLosCT!U4h%_r$(U3G--`wC6Yin;M6#bi$24n}f8
zzvJY*RJOkP<)@me1bI~hhm&KAAg$U2j}_xAzOg~a$->=2aEKMFJO*xf$?mSsPo#gE
zz7vwc(_l*~cXZ21LS`qv>}M=sFd?9o-qB=KNsB%5s&7%U<Co8mFKy~JKXVPtqttWq
zaF|8@CHvscuJn9&{yG2F6V8&LsdO9IJD+el6uuO0icH5zHvXv*^dk$C<DD6e^Tv?x
zuCq`>>%4eZX=AtfuGR42oYd+Z^66Z{NBz~m^|-U7$yE9yWUK>I?0D!8SL(?eM;-r6
zGJMh00GauxI+@Uxx_go6mXed{j&lg_4^V-<9cf~q&l+_8<4A>>Zm0VchXzR%(8Ow&
zg#$Z8iHINV$U5McKWuR}t%sQ2C6Bk{yjg3|8QFytjC@VL;H;QtAu9zU5jb0RCj?BM
zM@p@7ODC0Io5KNmGa)m!sGmm~80brjUL8FzXUMyP<VEKwE&1hQyrcGs_;Z_0wPZVW
zOPT6`Qfm>2HZBFhO75g`JC5BDOR7RJAKONHY(zYf!YTvRfF?-W$hHZ1!wLTsczvot
zUmW%$7zdJvY{tAt&Z&dxT4U8sWRFA=r3SZem{mIIChM21SPL1B>R=sTwh)Es305*j
zi{nT5x?U7lH?jR-n6GP^Sh~R^ChitXn-UBAkc1$xTW()+6>97_4)CSm#|Z(xu1MiT
z#}2;q6SN8ZMkKsm$bLb--6P%ZCR{#A6_E?vT6DxM_u!XLuz2L#Jd$^()g#4_nv9Bf
zWmI{+9$!~K`7}n3%<*Nd#|0|w_M|p}fw#D%2~I)_Q}TVuTSUkA{8Mk4052Kw+^Giy
z(^gucoqVZ`724@aJ>{9aWrVN&)~RHFxxpiK*6QP@^(k50k{!)C%g)j`;ABFV!5M=~
zs&tj^Z32c6=s^yQlgm`+3i{ph^IvmxNz~;_&u_%%ieVN}x<kV%^~V4jdSoZhQBXy)
zzrFLe$(slR%GEXz8o%^wx>*p0XDNEBtZ<PD;c#XY#uqx%D-HC;mq5r#oiR_9mZwcq
zCBM9u)MjwJE49Jps9m(t$<2><rWD49wiz*4?UBxirN3MvGvUB+U)O#4zO0~FT9cBS
zehl{bO1j5m`(b}Sg8Tas+}}?$kiYFu;J$u@Ztq9P_P(BM??;QacpQiLG9Glh4ue-R
z|M6ITVF~+4VFyGLm_*x+WohjjLdt_OtnE(>CdEO~ZAj6lhme9!G{BGfgj(EIEDlaD
z>sydN>2+_L_;RpZt@o2ZQ;qao{6eLGq<aeE1>ayRSsfb)^WYtt?`z-S@g;ms`lFdA
zk*wQ`9=`Nc45;Y&8$~L!i6DXWAe+YBjiS`qBat5;`40%vPhdoU&`o&x9GK>U+#_Fh
z?<7mqT}!h2X?DLYUm}S)uu<p2kqGSO9_h3vbt@@<4_U5+Tz9ny!EfA&WQ|=+<ez+&
z0|Qv|IYy!9wQ~E+Uy~P$$5B-{UkI)hA#5s;YjY);?p3+cS<!zemaHPU>EmDtnP3%>
zfek`u`)OzE=M(gI6ZUr#^!Ekq?+diQn`nQNFVv9!ZY<jBcC7U#lM3w-eF?STW@+j&
zj~wHcNHgMLyTLH_j<1W3U?Yjh2OE|v^{i)db-p|X%;3k=T1hX|SYZKr+d5Oo+~o9g
z6KIG;76o7S67H9kXZ@z4q#U0)-OZ*vc>c&|b3T_$dQoZvHpk_4-s$MkK=K>fm*aDq
za>$~|^^G)PR=KQ-eP&C(RJMhFrht3~Mn(@N3%87xSRnwIw702@EVtUCcX88zLqgwB
z6XbH0G{%BYaY6@&zycJ4b>MWLgY?3MqEt%;sYz-$yPY7{;(`v<k6%76KG)aPlxzCQ
z6|BN)$<J@25z(H<y0|I^lk(dlW}a_MmzZ!Q3+{;HO}Q0!10v~$7|~H#^mic$-N%=`
z0G<T=&XkieBjV}iv5~T<ORGTPC|FDPj`~>ykL<+AA`SIrrIRi9LcXu}1+XV~tpRE*
zrtTq2_+~2I2l%IdzJxhW<@@@b0x~9=_D~C@bNthl1m^bjBlES|>T&!CledsOY~Y`K
zi$KKST8~61&Y?^Bj4AV^p7*3)&>b1WjIF^L>ygfBM-bNG4ZO7-*@M0z)AgH%)BNIC
z@_$GJsncGP>r&A!kK;67J{a7dJWT%RPcO)RP}<bpn^1nXC;@itrn*3UdR?FyJa4L}
zM;pL*X<J3buz0$)r_|+CK<5?4ll|gRLcDjlVHtp&M+hz<x6Q;vLM<=cP<WHumvD}3
zCOgQACyTa@FMS1u$(L{n5(pE_mr8gE=ofwc8gvAl?pGeUjazEtA#4tMG4qr4bQ0Io
zh<G<)>|IS*5xfMRZ^@->*Ik5=o_=&huJjY3eB$JvTtvJnU+Z<b{0CwO`^-Pka~XQ_
zM0PQweZB1MY{{3rovp*9dpiTgZge}g7b)Oy@zikHTsut4*=*Gv;0>3|wfu5dJT9yX
zSA5B1gbyABODkBN<EWn3&uAY6%cF@btEGNMuiO%SbdgEt@;QSfPvK8M3yDNlV}+v%
z?H*w#vVXXVH2GoTO3&9qR@gj>vLR1XC85(s`q&Scp0h*@J4Xv7xjw~ZT#-*EdB-OI
z9mC=u-9h;@N)4+#(pItb0NF(ob`T=9o$xq&NIww@bvEj3G?WMQ@pJ?E+x|4{pQmvD
zJVnKy(+%)rK225t**{MMz50pKD~{e*{?HrFfm+FrH0Jn*26H4=V<3JtJBfLuk;t`w
zxWrU`c@#uzh-|OibvlVdmpP~EcQ+X)xYHoNItgz^D1sDJkA{5gww)@D^5ZJ`Hh7|*
zlbnHb1a4*sC#wAJsd$b^x^3ac$ATUq&PqF!HtndXX$ojFra?rJ30g#vdy|{1{xANk
zcqWTZC57Udq_F$%W{II|Wc4)79$^yElZ>e|L`g{R&c7wf$?^l3cw;Cr*>LpsHgrOB
z<=2x*T;Np$<aG+!36STt+nBD+&*1f+d2_E&|I@=^klm!;3DP)=Kv-|Ggwo<)<?v`o
z%ClnU=h=jsycF8?aCo(5s)_6r*{y4`=>Rt=#~wKn^!TRQL^&b(Y?TROthaXxHRjD2
z0Zv-D*`gDs1<6a6s?Y2cd|7_<M~NC}bqA9o&gc2^Q(%EWRgSGn^+Q<jlIa7~g1>)R
z2}TrZzWzeTL@o3=eW8!gLcP83Pz#;2;ACW>*6S~H&o9vm9blrep59Qq0S&dW8pHn5
z9jf6@)H=O*?vco9{Dux6AGI2wHG$QbYo!J6^FaIi@3OOk&nkU4o{lWIJr?Y}uJ#{@
zEV!spJ<eyVVp2*Js|t6@6|5?5Pr0&HMW>W2TUA`V`MRts9%p)zyi$4`0?kBd18mR`
z9sq<j5eP}@2C29Jp<RT!L4}532ZYD2Xm-IX!DC6(>>|)QkQ#^&+!$yUNDRaTx-k_(
ztFq`k?!8KR!{H#DUbOnIm#QII$dWF6tG_a$EQJlv>YE#V1&Gfji>VFxU8!1G`wHCS
zEg-x^{~7*)988C~uff&!aGPN|#9jY%*t9Robg<Cra6e3iu{T}g8UlNz{%8`XWl}H5
zyp6OY5}>tueFx24k49q06D$enif^2i-e=!643siJmw;-VDYifo)57lx!Eq-~niq<D
z9Ba~a2`CLC6#)}GD?QV0)d>_8A=s9b1{ac+P#i$2toUBbkg_5Mv(_mqdO=z7!H}}z
z$B%2uiszIegv#pl5Zv7idI<D_Z;#R~QPo437q1|7v=HQOWqMoh^Y+f*R^P^Xdr>kb
zSG<l}{$qOu=?i?6T@7%i7cWRnE8+euxJjq$2<tYACe$IAwo;99;co|n0gt9P5NM$U
z14*djcuv`HHVHK^2TV7pIDURMiBX*Q*^^C)^-w*Q%&#?N0-JK&O%rb-i8^`u>f`&E
zppLJFj&DXi9baMP<T<luO_}YTX9ysBjUn#UfekSmU&4^gH4O1%@u4BUHU8>DyrEb(
z#1l^%hPXpl!w@fGLwrXMb%>W)LPLDVllmd<*yDdW#2BB~X%7u?r`HWbY_aHuIB<pz
z@#u#PL;U?2b%?({qYklsI33OLwYnj0$r6XuqP~cF@QlML9ai2Ost_qIZvG9VxvOc9
zV2hKxlNM(svj$tPufg>ClQd}PUk{?<3n@SzM$2DY6Se%_wEX2zexk1Yzjym@%CCM+
zE59Wxe@OK5-^<1F$3ywOOuF{}SLF{4l`o5|{nfof_v@%ULrB4+*3hLl;ZgQYAhVY;
zVNJ^ZZ}9rt9De;xCIx^;w_w-b<l9eQgw1+86?nq@6<w{o{VNA@E8|#sg|xi5E0i}c
zK2%<(E0<@`XC80VXC51e`pjlkpBa>l1(~BhdD7xwk<viL>Bm%Y);HP)S~oT@{UTdP
z+A=VMv%BTuG^*8{#)5BCld=ziF<XJ*%O}i6^KXd0J!^_6{S5X5<xjzppRZqERl~<Z
zSCD0diRligc5OE5Gx@sh+7h%%#3{Y>l_;WiZT49YOerKX6JOqiX;{1Dg?-JM4v?xQ
zodSxHJ7yDxH5F~!(4dgTH-@@837jc2H&;v?Re5k?#9z*6&}O^3LE8g#i&PET$~tFr
zN_rQaL7T7t?@x~;C<olWzhgC`Tek_0J$!j$gmqi9^LB%E8=?&`g{<39m0GiHtBz*d
zhIzW1u4UVXXkRj=>X2<)S))B<+lDwNIA+_%)VK?<V1s2F;vHZ;n4+Z|<8)fhm~xJ#
zSXc^3%yz!~5{Ll7YN{nIb2O^xdWb3tlPZm0IuJCUhZ;1WwIGa>FGmg8xRDyO$z74(
zK5pQ*k5FEG4uzdGz>ZPaXbL-HfHhFq?<nk?0d|_gZlJIW2H05&3*LaR%Ldqa3Ohhy
zoI%O%5{1=Jn8g4yQ=_zZDXgUd2EJI0y!<Lu9zLY>-%on%!w6wvGXr-7@VW@_Wd=S+
z80Y$i2yn9|3f>Oj^AX_lEcXfkAB_MXW#Cr;yeAAyC&(Z6Fq}sLXG_E<KEFi4;{g0l
zgz;S$mOBH$t#q2xW>s@~d{oV8i}Kb{%FPd~M9v`nSRj)rLc?lPUJM>)Mq57e1Zvc6
z_26kFH`S9)QSLpe@*ShtlSL88lcq5(C?b4~6t;N{)tGj?ct!j2CO%AGT8!}j(DEAo
zAI{i+i+y=gg#X7jg8Yajy-q3RqWOLdvnRhltiBtB2>&nf*YN*x`Wp59U!3oqTM+Gh
zFFn}we}2CAm)())d*@Ht|FiSG7du5c-+Qvt^_=f@*nOq*y^FgH=X+VFPvc}w{)(RO
zh3U7Uzi84W^8DYX<aS-kZ8`k5hTQVA-i1^P5*F2WLz#Np-#Juo6Xbr$2L9@_i(hqI
zFzxb42i=JW1?ELuFp&|<sxC@$`;x1TYHk;s{St()z(=2k3FaFboSKu^;F79A+wH@U
zw%a6&QQK|I6|~)M4F*H&89uGn$ygzwG^?8Pw$qhY^kd*z(0qeRQtC;n9ijPVJn#Ph
zcs#Om|JUO&Bkp>~V{^0r-;M{42I)t#Km92EN_Hqb{2BquUEc17{&A%6Wy_KLlS(^k
zi%z(GG%yI+lLYA}<r1M-V3&$C1&G_1$CEgb46m3u-|BThtw0|L8S$Z(2o3$xYO=r1
z*V~48Q|iy)UP!k-<zj0t;*g9l->k98`qWKW(RFrB!$<J-|F(5D93BMmhYaKj9@*F6
zN{Az&1kB*nyu(QXUEPral)9c>ICSp==u~U}Pd&Qe?D2Kj4VXz#4xx;HC75)3R?2K$
z@SxGxVGm%mVi=1M;~Z?Q57@vtdWTu_2XU)o82J94T^J4irE3>pqaJJ<Wy>6aiM>OK
zw;1_~)9iq>xw3mZ;VgcMI6+kyf<^fX5Oy?aW-S(Fcq?YZptydaOvaASb;l3AS>ifK
z#0+<knqI*ltN`m7+#?BcA3?rT5z4pVF!N>LNyROvc;qPxD&XG+K2yNshajCuKdany
zFD_GWD}l&OrHw(pydVypski|QktfV5hFitx6Bl9e;Y6WuYK=LWGZD!kh9i^}#BuIp
zQ~I&=%G~r{NCH@ba)F0b|L)KxklKc@3la3SQqk4I!~=oMuJd$uK|E^1SD_#i`SQo6
zk4#`Z09%9@T<4bicpOs{{;BaKLmt1}dn4y6X_`=!lViE;<d=WvEcvdatdczK;&XPC
z?exCOlz68R&TG9pb6NxcH2CR~osDFV`NKWrv3_z;)t3<_k4a93l1Lv95FBGkF%Vdc
zU*5H2E}_;>xJrXP_;MJVvP#z)2n_cHgmTZ}a~i{oncp0Xc%qfo2ZP99yDTTPZpf*~
ziqa2*V`$SO`?%7Tv70Y{gM$+Qj97^8=mxH&dJXA>F8q^;sAzb3B46GKO?SQo!SRcU
zus!8$zjhU0J&?rZw77Wnk@^g@5lIEL`k}JN8axiHBUJ-O8qUw0LQPfLpjWw^jDB6b
z?VX?5;e8-|r)Le$ikZnVT7I<&&sCMx@h|x8o9P#E*el%0rXZPHy5WD?1Q*F;&@PFV
z!!PgMB{$>OB1c)Bw?EWvqAOUFLso$~^liWMvx$NCSUD<~l^1wEd<GrkbLt7_?iDpX
za4}fp&Mc1TxF%)te%<_bR`ib2ZGYsV4lL;@Qft;jm8^$sd^z@F^d9oF&aT88@ERwa
zERcP0nliZBoWj*FzZ50$UzejK4$x;WhQti6emttAf*F_Gg02V0NQEzl!-^{`F@g2Z
zT+%<)?##In{c~0svhP~!KO_3Q*9^cc%9_LMD0elsev5J(ZyGIN#FGJ$B}k>o9%Tuq
zT;6Q3e@>uw#Rdub03M9ckT^Kelo=2|x|N!y+}lillA#j9ad;BCJ&Y3|)Nplkq=sKw
zFe=N6u}FvZtc10y?74gZXyI7`TRo5hl&`uX(J~?a;ni@-s{9Mm@PI|u3{h>$=-BRn
zLh0qBZMskr(qVIR9W|W8a$0pc)0EDT6CKx)0<+p+fq8RvR5F8PtH;A#U;oR^umKg#
zX#@JP27Cz>>rNZ+Hz+cTHQ>?>7+3~(Ol6N%t=1j-YHddx*1um`u>#d|bQSoVenc76
z0g3dQ_^VyZ@qc)dkz1RRznPHRdHOj#7v^vpSN}=G;lTiwD^0OMuA4(d+NQkqa}t{T
zTNHO3ZCAgKdT{}>Y7>W`bO!4DQ7`79WzNs))xs2bA}v_dUX9Q)nx)LpQd}(MuJ*LG
zBiXOWeqH2unc;lc0_U;72VT@{vJ*xmp?6O)vl(B8K}iU|I1$bY-^TVIM#)oo;pxsm
zyzh`dB&3T=M$aT@gKU96R=5+&m`YZd6HlB6lLa>f?T-bByko2AjF(90^Kc^c*?8(M
zY!CS=Sz=~Tey;+n&}>q{vMqesAUxq5lRRGZ_2binrRUoSzMS|5fgfB={$FtOLoP5Y
z8!UVw#B7^t@!WC~c-467256@LsM*D0c9q@|1F>TFx+<E(c1zLwcrs^O__BX<w8<7V
zeuX@Xb2~`89%ZpS=Z%#VT}DwZvdCi<x<92h3X_ir4rO6J@S%UR_2op<35r&_-U<a2
zeHa*x%y*Nr<-yLtlhUsiz9T78eMw!3tAZy275Vy-%fUeq-RaTi0*5fidF7)iovHS`
z?t^^!-N7L9!Qz}lZ_*|zH$4SUY)D_eaI<<eu}A5>At~hSg79Ovy2(o|lEJ0a*@c6M
zJM9E{l;Y;|D#g@V8vCnXJrUcjFb^8p%4`eD5H*$KcYHv%NT&^KT+tzhEW+t|0zTJN
z)^7WNspZh)V<;X!VlXHtU*bPB;;BK@GkPU*S}gPh18-tBsW5wu{+JFmgN5x4E$n&e
zTOhQ7|1x!)XMu=P`l<2s!ON`kU__jgv48bb<w*#PO{PkYv`;@c1Pr6&lGgE0EhiX(
zJ;uGDPf%sp6TTyRL60B}^~_v5y)>&c7q~Gnm?<_$+mk|rwW?DR-kr98ua}x(qB5>b
zH=M69j8pG243_>ROaJLzgMI|uKe08=m~FTzmUy?EL3s@e&{8X*r7f9y&iNfMMPh-D
zR+}yO7$T!Z`AnB)>raRkg(kOT7$0BtJGOh+t*ntb2)rJ?)iO0g+E@2&qmBIaon9P^
zSKKI+)@btxB=qb(=Buh*{9HhVtw+8=y$g#@!iIRtc?M4h_`zqc?}PTp59;Gv3vypU
z%1U;_*@@HulG2I>st3E6NalQ54CqlwKZw#9!QW^mLXt_4{6gtwvL9uc!069^BvV+)
zRA-yJ`P>VF$?qoHpXfhqh7D)puXdm&E(qZl60C^yMHp{U+9jkOkrLXWLA~T|X90QM
z+ZWQM`cQ@CHZBN$D37#=(wzjy1yK+|H{0rV>?_)b+m7Rq_ZDq_$qC6W$-_bT4U)w}
z{*!eEXkzI)f_kQCmr#DpYk}x`b9ci*q&ZoTNTsG(+@_0yG~OB>R@#?cn>>J1{(a*w
z!Ek%<X?m5vJiHamn9851Jk2l8v%()c{7DmP)>2i#wFG5?6Ve2sCT~1)d!;oKfl4^x
zBGalIOEIA#xs81WPNxXjN&{3;9$2~<u14F&!L{X3luirCgMjyx>2-nIFyN;kB~%&K
z7F=EW9#aHI4PW*x*`(^1#lYbWl~?6C8Gu2^URP1@A27?_Zf51sh8CP)+9f#Fdk4Z{
zFl^O=bR43OT9xUkCe4$Qa@2MRd1uSnDiiLSP;6k7&OYctu!<+lizgGVJj%M`tm-3{
z5|-6c|BZ>`!t5!%*n;XSwV=FbEYe`~UkRh^<ZYb^GF)N9sn+VyZS^4`eG??XLlwAB
zBh=ALdQ93R;vwNi!G9vbonGUTHn~dnE(V?Esji5l!rb&qA@LlX4LYXsb2fo7IGhZA
zom*b#O+TH>ui7k{E{KVzhB<m~;>%`&0RdT+Q*#r)&XqP7?GB5dK(e>8obJ!TC+fhe
zuDk~@HKrO+;{yHiz;oJlA-G@=Q>%q98riZG9o2jpwBIeA7W@}uh0=>AWXm_fnzRWk
z*ka^G$3{Xe&kLsQWIdkuln42;&1lh;1;R6@RG+kyL0FH2BT6%Oah~$CAOehkqBZz<
zg81#Hl$RR_`&+)#i*!0?r=1(_Gxq_L4-du%hC|a~J~MvMZBpRfuA3{$;G1>RWPQib
zG~vtd1S+SFFAl5sci{gyI0__|g&?uG8hr&pX=G!)>Yb`UkbYD?$c7g;T*|i)q~3n8
zM<E<8Osx!WKQ^t>ECR;f3HmWg@Z>zR;PCTH+rnL|D}26r;9kO$+7#Bwt5IeDjOf1<
zE0$g|LD)Oe$-{hI?V(N<9N!3h-VV2EFX8!iKu=8)d|A7&gQqlL2M?EK9)!NdZpE0V
zr<B1b4g|@FVBdT3NK)Bh?AsKPYC4&B>H0RK{w7jrZu&9xn~UEId_i6f!$%!G)eoiG
z<_|TELNY=6axT55`GS!N7aj#IXD%n3OIwvQ>ykL>r}{TZk`d|8+F{^kf>OT}?nFWO
zL6h+cT;afKLr~^i>JQQqXsh>cvEJi2?#&%ilGT?hJ~>=AAJq%0q+7EqFORw!HTw$Y
z&z+>~z$aABg{$*0&lYcOw*#e{X56=}J;=U&p$Ei0stKe8It7{q+6CGKcszLp#^<ja
z$ya09t4%3ba1bxVoXS%hlc=W*p>#n3SJYjQ7r^CJk%O(x40ss`V|VEdA{@y>oPs=j
zd|0L0K&5C#Z;cYW-OlN9d#jX_+w6Egyy6X1wu_=KQ%vO{I8T?*5&M|rPHRABCJgXa
zzp7+6Wp>f539~270wud@r#+-g*%AB!`sPoB{Zn9G>%rNG0P&(}4*>t7sk*2dEi)rE
zT2z13P=$_bTG1*LXjRbZ`E_FzB1s0Vzt@?kW&8?Ea_0Z)m>uPtG`D0YOczu1qxvg?
zFRoPw4qrFX*VXOmtIjW<36z9TuS9y!px{D;`%ML!_TLHRfx0A3=|%HjNSf1OO=sGi
zC6$Di^GyR6SKWhI;NmKgJjT<<P(zN#aOjoaCd$7P<gv`(NWTG8GlzOboT>WR#;Xic
zVNlp1g%_AuMaR?ki6&a%Woo5fVwGyXrX8)+(KSh`->p}gXiaLIH&2>b6dGo44DH#M
zSkX?}v-<-uy)xX=M6FX_$FIj#uwML#zIJA>U(h;LnpmgSnrK~XY5FEw$NmdO=sLAk
zEp{q%Wb|q>$Usp4_RO`n(tC|znm#&dCd`T&XAjbXkfTys)KZ$AG$DgFp$9a9)WnKi
zZfJ@X3ySk4(z@H}Yj@U^lo+gXS`0R2RdPlQZAu1Bchc(i|0rMQt#oh=Hf1ip`{JCJ
zvrtMEP$6!`0Tb0B?fR<?MIWfCGG{mFNvy)2R~}$5Fawl3*$e7R2)k8vih=MHak{pT
zi+1_6m(%MVsi}Kds@;&fo1;WBjZ}QuIK8Io%rm6EOV$;~T)~ej>?YODM6Q18MZLOF
zD@?wTs~0cnlRIN_I#++uklYTFZ{g~TqC4PDr1WUpIoRljg*JMTBvxVK*ihn~B=LPr
zd?1uKi6p*+iL*nAvy4LS3XM|Tyc+anBCf4I(5|hT0m5G+5Z=@f4t_-to{vCyNkdo%
z2oeOwr6MoRhY3IH=EJC;b@L(jXWe|r_*tC~eSW6uHQ+57=3whORF_a5%>?CMCS#tj
zRn=`Wlw;&M&>Q0T-H2IEC_8JZv<_=q8K}?a*YY`)&uUfWoOf&0GrYgSx9*_snh(&Q
zL;5c-VPA%=So!4+-IpJ#4JiQK!@g%%M%E_bm8c*(_Ap<~NoAEq#`|B@Uvs~mhpE42
zSX7_?xfgXO9r%o$F$hYm_TBR}RK|XmU>VN~-^Osy=YTlcK>H;XuI#{(8J&QX;HhyF
zs6M4UKLy0C@kFjpgPj7D!I9%LlL1WM37Z9aQuNJ)BR3~lFS#lCov0KL*@g0P%8i?n
zI6Rbx3&kzU*zag%QD0O1I!Skg4leA`L#X^bei_cGp?44Tph~6_!9g6bPZp5~Z;BwN
zxjr%pnPZircHmWKAskTV9Xt>$uXOP*REne!46gD>Zds+bKl{L33w-g}jkFR@VBase
zrFvz;-eAyJ6RONuMr*?2w2T2u-r!ny=BL;je7Oa#2thrPh(2n8-an8P*zpXkz`G$X
zd81DVx(Hv<7#K$Ymrsw1yk=G~@y<}<7~^6(qOI5YE6HNo*`%_bF5XWH0Oqq3JGW|{
zE3H#T60BTlZ#@KFF@7mCNL`5bh40{5S84Xcr?19U@_#t1m41E&$#od{TD*Ay>Py3E
zD6_wy)JqNJL+KR+dmqnKJO_Yd5ns_nB)}Yv=958JnrVZ^TT%7YYRc9SoKNwHQ*}06
zO<e+00?HVGPO9V0z~>qR@N8okE3&B>Bbz4rQDDa@<ve%*DCggqUM^g1Nf!9Eh3sWi
zrQJBP=TI6-Umw1K(NIeEfpaklOc5Ij$)M>@#tzKPV>A>_RGQXM8mhLY*rc+I%wKso
z)*9-loOCN;2#U0B#U5?T8dc27E72NdWsNF9NJ>O|N@xQhHWDsv`g%8O-b=LJudD5O
zn|=Rnn*I@M&#Oaq?de0?vsZ18qVbGfX?r}&wb8Mj!_i45kLS-C28uPTAdWUnG0|yK
zOj~uwe%h)AHdM}NLq&mcuiZ@B!clf-5NoN0vNgaHVbg3ev}rb)ZfER{KUdeZ(W|j(
z1uEw@UgO*tJ6!mg*0d34HFh{NYSWgQDOVyu`^Lx6_RV!mCxuM1C428h?VB}2>4!Uq
zKKwiSHGw>KrH>ip(L^6p$m5}3S#c{1XHD{ov!~7>?BiH%0gPl_I*~TCB!;c73i=M`
zT)67gM%J=Mwqs@jitkgPS#xa=c!sd2Q)g;c0uP0_)Ag~mL207Ah*RQ+#&gnoT*EP%
z#t6s_AQYrI`Q_`~zJBE?OjxpD^cm$wQVzKC^2JU475K{jOUVzRkOH6EAQG9`Mh(1`
z%T0YaamgiG?t>^Yy_&p<wx)r$?!Dwj`cA!JlNB1vT9*+^%WSK*?!!+E%=hF;Xov-^
z)A8ONnP8R?OXZqrbXvZ-hfYgpEIo1=A8lG9&=*&eLg!%teVxXpCFrYwkQ2+M<+NB@
z|7kRRF0FU}UPE-#a@ChOEkRlYF8t*)&|9D4*1EDeFyg<DqwM-0>nS4+)m9E|q3jim
zh_Zvdz&upGWiPPklr`)Hwie~z>;*PY<sa+?%28h0Lb>#5Iv$(FP2kI$OmwQJ85nSL
z3{9PDNR4Ny#fDTAUGzcOR6sihs0asiWZ%g!q;`#=Ouvov)1Qayng02TEsE%1Vfap1
zv;ye+PSo^$U&WRi{6{LP|HyOHf8^B_elIbF-}n9v%-Uh9@av=szm^(1$RNP2MU_Fc
z_&uLA>ct1mJ#**t`eZHg!!|>5S4{55)xUfps>E`iLB7$fERu;J<Env}6C9lQ^-CU7
zozu_8)t6n0ioW#{G8e4^cv1<T>O#5|2a&zaK6zx+6)iJ<ps>>h*a-?-L1B#s*cl4@
z3x!3suvkK2F$O)4CJLKEVa*M&SZZM*Qdoik28$uo?4j7~`?>m;E<_kVTv8>Wl^>CQ
zITB%<a9l%p84&hFARN#TiUHyK2!!n#!Z<*vi$K_<Aq)Tne*{9UhR^{JRzx6tr6HX8
zkRW^zf$;4m>N*(rg-w97@)DK#hzv9FOAv$VKP9mGy?Curt?fu-Ht2SwybZb?>5dJ$
z9qHB$x*f^BLAN8d+o0Q#nr#TliLgr^T8XPn$-h-6m2F<BN@dfO_2fCwp2or<pyey+
zL1#6Erz!tfNo9q(%AWz$he}_^K>V|_GM;2*9O<nqW0qD%u`+2Tl@DPbQ^v3t*t?WG
z_Vo-U8$QBXp^1f5AOZ_O2;49=s(je~J0>62f55R=LxJa5&6E|iW(E41ZC!zbF(Zh>
zL!M>_*+898K4%$v=rg=QGvsL*h6Ocg9y@)>3f781YQP-m5@-Rv(=*UUcXNLK3f8Y$
zCO6BJq6}tFP9@{*AbJYew6xc6us^x^I_yt=I*?_If88-6{`EHd)#G3Lf0MmT|4>AM
z428=EvyviRNXDX5S=<V^0z)#?u+J7P2DH&0)zF?UVeMJnA;SLW8tr+t^6Kp|#$Spt
z#(&-064irZ)%dT3E_6kKO`e!S6@+AG8azzIV6gve2|UWD%&M^r4|S=@D799te^H&@
zy8DpC#?yoOISI`o?h<dryF`zvN=&>k%#pCko1?!++|TZ7;r_7pNB#XF_<9#jo6t8^
zX_Ynb7vp+@YZ|aCP=m2f<jYRP!_8?zGFs5myES>flecx(u2E~nFVt&P@!Vd#My<t%
zDnZT@1bK0RC~X$~_07S5tY1m+q}QUQ#g?h)G1g#dv85i)6SVfDduU_4O3S~JI4xN2
zcE0=>;Oaw8_wnWfR#Zd02|3icO#h!SR&L)68;zJN=g=s+DJTh2&iHkXam;UXp{oql
zDwcUGpq9erZzo}-=V`)<&|L=HJnzC9wPQ8%NS8eFVvA}^i=nS*+-vXmc-jt}ashD2
zz$&M~^n{15@GY?LM^O%EOWYq@GEt67cKz6^#iT_VGC|F4rZ7`o*lBE3ck$%!25^e}
zQIdAEu%<m1vOE6wKSAWEInB?B8-6H@JIybKtAmsWio7%=@mRPWVv#zWS})tlx~)it
zrme#H3{7-0C(AQwSj>sEN+l-NxfQ0+9R|BU;B>*I%t{Ka31RW3s1iR^;CO7P0vX6s
z%X7_3fO9D+ng;s5B|v!vpqW3WgG%R8d=Wqetc)G$FU7Nb2&XWO{F-UkcHTA!`*JQy
zduVj=DaH3ak9bP;sP0^#HTt*4eSE;3-Lb{Bti>5rJ4?O2*+g5|ptiV?zH>~xglh(B
zr@x|*qdfLp;3~-MjN5cPi&GB&Yy+!h!~lmtc)#;Vhe52O)epFRx8AmVBsFD5F!2BM
zGJ}~Gm!oJ+511)Cz2Zwd)mby?&|q$WF?EAUGp2@GyMklZt5rv9>RNrKzr~<6HI5io
zq0+>v@R1&^JF5a-Fkux2uqssO(dMu!l!U4<QCEc$wF=|)na0v86lhf_P^;k7qkSGr
ztB|5q;gglL3N}4jGOL0$R0UXWY89+%6%2OhEol{SQ@|?V6QFI<qZP0!-~}dDA&phx
zZ9Uo!6RpDQoK}SrT@@fXXf#A$%OpyRmhzoRFYiIhHkM-7QueVFr<M|6DdV-2Us+1X
zbUnyYLZ<62!1|ofIXqmD$qpDI6y+dc)%(p+W3Ap}5VJHFCO=*Pc`A>^_-+mx5}~HO
zx%y`>8US$=(2c7<e-TBhmAg<JfiPepaRg)3mS(?3VJ!@>I0}1`!V(NH3x!RkFx~)b
zNnyh%tgQjon!@@}SO){F4TZI(Fq;9^p2E)ljIbLFuuc^A6NPm*z^M0!?9~*OXn=L2
zus0|y*#NUs*i#gCvjNtV!XBouUIy4r6qZk6w;Eun6m}bhr5RwoDXb%f-EM&OrLYS-
z5jMa8yN$wjQ<%d5>rY`-6qaRx!R}}j#OxQTt-JdTaQYPyJ#_#B-wNQ=2=EjJZVlk^
z5#R+3eBy5eJUasX4g+rj@LwXpl??nbfIo=<pJ3qU0K7i}9K&q<=K=WF2=K2g_ZR>x
z5nzRZ`vZ7q1b8O{cLeZ;2=E35KKD9^&k<lh18)cLrxD;!8F&SN{}}=PCj-9%;8!BR
zDd#D80f28f9}Zs1!1n@paRj)5fwKX8AObw*0tI&ma2{+)gri5-2(hYbgqMsr;!Fw1
zs>ttB|4Ka<!<}SJ`p)|0D1gG#m)g@y^eHe2Ujs#$o$?RLU8|Y24=?W3)Jt5>YI^5e
ztlYt#EQ*~J^@$0D?;4e>Qxe{#ax{=FWllE*GoO2hh^jjS{jo4ASpV{ldOi9RJ~7IU
z(gzBiYe_O5^ug<R<<oamx%8cPRF4g>;}dYvjt0^xAdbR)E$DC+Yy5g?^)jeJ*;j{y
zqGLDQ*9Mj5Pf$+|bMA!LcUO_;?*73j&$YHh#J{V%x;*#ozpq<9wUY+)BJ!r)AWuJH
z5ix9+mHgObiz0VLx!N8kl!n*;9<2X6-y7>cusNxJHmg7K{R?Yp{jI~Tqz!x<!tl$(
z37ag~jqNZ;Z-?<dn+8Ac%P-GGakOVM6i4H#bHP7SE(bcHrNs)zm%$+@9NGfsk((YA
zscS&dH<Y@AFzD0fM#x(){Tb!02Pb(a!N`|yjxoqvMVx@%GZnYvJpbfpgi^1dw;2mT
z2)Lm93+``F(U_TBr6_NG*A0_WLV*O={<A5l$!Qsy6D2FV5p`3QGa3gLUc-XGw$uq{
z$}8YOY0B&er_X+9!aV9hsmHu2v!-M1d$HPsLwmQ>BuYmGP&k*{q#wi6aX~uo&U{=^
z!^HA`tONysw8EawiuGtMOof!vS5&8jwoLqPH+C<g4-2b#Qo3?rSP#bnw9>$^Lk<A{
zzsaTrhILB^-M$;M-(gIDl%TNZ`10v7l-CReg<bcdoihf7C1^uUp`ftP>*i~Rg(bOq
zo30%emY|u~bpZ<tI|M7Bg@rvwefnTnSXT5E0>cu_Q=IP31XC_?I-VC(n(28}OtI>D
zUQFqt=Uy=-8B=g+xHF3t{>cQ;^4%8`m1VU>*G^hPJt{f2A|rB#;XHf*JuB}<VS@~?
zObRnmSdIbaq_Bfq5GER6xfE7MVfhBwFbaF0!bTflBPi@y3L9^LjiIn23cJq$yNkl^
zqOb=Hu=^=2o5CJ4z$Q~zB8AN~z^3W$38a+joD>^ZzcJ$UeBxy_ru_>q5kfpN!bY)3
zL+}E^)Ch!EHH6WC;EO=`hlX$)Ap9u;;ZGVu8$ftE0^w;5q2Wb>P#l3!tRZX!gy|6o
z(=~(-0O9Tkgu5@R*9<;D7#@LOy`+9&CLow1dUBqIFdPsbB(H=j;PQ)8IU1lIMg{1j
zr~1P=(a_WV$+mMLy;5lk+^D**ee(@C{tjf-zsa%lb)fqh0TEBL$rAzIPS4$wSeBB{
z4zuXGkA8;t5%ezMt~XTOvJr2nOh)b-DtnUohRSZFzd_lJ3^-EL>4$;NSVqM8|7SY=
zuosIo<1?#r<Zo0R?8zd^gdA}n3|@)<xbUr!e!mtR86N+%^6LDD`<>r%o{YPi=HGB*
z4ASpr%)g;qo|d8>AlpR<*!~YZyIM~b2&N!?w1x3g9wf&uh{vmQZP;A-{*QR3CVT<M
zX;UW5CX8sFZ7LD4!M!19dbKcxPS>oORr>qCqE~A;Dt(aAVtBIXqw+o&7L}K}N6p2h
zz6Twq61ukTXF}KbuaT}T(<sR@m6DWbM<OTawIxuJY0UrA+jjjq#fhTFVH%_HZ5*}R
z_O<Hv=14Bs-VZej>P|3D6iwFavlY$Oon@RTS_pwF+?jAp3G4=6z6OjTU@O)gJjBz3
z2eOEEQ>|3jccUWxWB2}URCNE??I<9sf9!MLj=G|M?41;LE&tf3m{wYxGWm}n*+gid
zUe*u>1H$nLgd-Y4;vbn-oe^Q1ro+ksLTv=XNbL)Io+Ai@n?jD|nrYG#7d<4m=QZly
z<=`Wl&zBTM_*j*A`n;xY2FVO@)gyEjCyNJz=uh9Ueuvc=*YEL*;p_L(s;jTxrEguw
z`i&YtyPZiNKU=T}nHIhb?%Z|Zv3XTZKX)12a~6Y6)6~tHnm+0)sd_fsIJ)%g%ptx_
z;ryVUIR<P6DA#ON?yKrX*Jqd~8l2Hq%Amuo4K7tQ5DO2W{m2fgx6Zs8KSr0W@?f=%
zZOtn`JRFSh5<Vuv{o1$)7j1W6M@Vf=6TB_e!u+KU7FYk!8tO+9H)5hIl<0)>KTPz5
z65YmGc@I+sZLNr;uj}0rN}z5HAq5b!BM`C~f>mk0Ow|)rr|3UEpi`8{|9?&jMc=k5
z3;(PVvcf;p85=)Go7#5eK9>0FY-ay!oWHMBhslrU!{=|-%4^8KZ~o`>=er2{W2I*C
zD*bu$x6z*#I{Gul$LJ4uZwKompg&|^wO@_;^gZ#PQXkPseVT0})aTi?{|WV3@W!>N
z&tG5tUr--^6zbE0QlCVP`mC*vLVZ4{z5?}mq58_y=dtQ5Q=j{)e<Srdxbzy-XWi0k
zP@gxKUW58Px%3*;XVTK&N_~JoNBe{sI_mTFJ1X`0=tY(Kyu}a)&Y;xit-%M?_;H5y
zd!)*^exLa@eElw5e)aX6@cPx)FD%==IJv<kx1C?^94SDsIJjkkHB22;JPA{w<cqf;
z2Vb@e1hc5I=?$Ugsl|gDnx4ls5hwjSi_>Dh`{3$dALCtlzrQZJe1Y=BVyePkpjRX;
z+fOHzWgSkcO$Nd6TNBp1%yGp!!nvGC{*P3^leZls0jQOv;p$tR`8W%YUa*qJMitP&
z^fmM{pI(T^?I8k=<~v(;pJX=#u6O%r4&{~sx)$1$SD#3VVte%tQZuqm(h9{DV};N~
z5w-*BvXp*Y?MpB_VbzJ7nN4YPWHm6pZNKhZ1OdKDAJ^W{aj^ynk^ifr*jg;a#J-`#
zJ_Z}wH?SrOFC}sMuNhZfOGY30K$mFS0zFw$zNsLqaxcV8VZMTJLEZU0T~Nm!(mVSI
z#gFF&c>-A-4b(g5*Mk2@0w|Lt{&bq3V{S8*f3$8Y|6uJ@ew)9%vZ$Bq3oFOsx4BJG
zu|V6UywbbxG{34+Fl`bNw+p3@HF8DGO0rB%Mg4`+JX=iq7V=WUKVK!Jj%;+699k^M
z<E+k#enf07J}D$_E8Wivri~=w4%MYclSt&s-<vq*Vi68IXFhT;NIl+*a_hi9m#IPH
z>@30ydijy5?*}WtJkOSFssL}I@_a(o=3ANifjhZ5Gpe8Y;=v%S>(<&)7C8RI!#{br
zg-}=Oj6bA*6BuUnFPh7*+UYTE^(1~%vVZa5iuN{-Z}dq|;@7UyeY|L@8dA}|jVPPX
z4wK9~==X!w0@yeG9@o;CWJ^ibZCr7^M@~2^`pgch-s29b_r$u%J|;?AMSq~VC{>AM
zq&(?Akpe(%$!ygIA&1|#Be#4fU;Z$eDy}tjz?_`NbRjw};RdV(-@Cis5u|a&ED%A%
zB$RGDryP34&KzxG1OcP}6RS|#*ru?vAdj#K{(WYlbRXG@+n134&k2srkG2wg{oqKA
ztDi__CE2O^k3TVzOve4nrWZSN<HP)w3Ucd^mQ$p&h+6uvHZmUXf8~EUIhz0FkN@$1
z?|->ld8Gg4$6mHan2=tV|K(1rqwG8}n0PJ!%P*8&$^Y_#GK2r+RWDQj%YUCt{VyBo
zqm9tV@kk$6G5Yvv6#97Z%JlKNXylZ4uSz4OJ_Z_jcX2ctd5F@;UsfTF{N6w#H!&KS
zebsti2c7)(o!>?$KR<f?bTYQDflhkoUk{xuc;~m!$z2a#l}`F^{jccc^e>~#)-hjR
z51l-`<iDqrZ!U>OCvWvpI=OzLDlh&o_LscWX#2~^zy06uFJF~J?k}BR_z(A&&sRhl
zu{Ty+&;HWC<VyR?4JC&C<=z+Q{*p5xB7UPsS|>^yfk^@XgLpytqaal&|9S<^cIH`F
z;G3Tg0)Mc;>Xs(kTqTQRS{5b1o%oPvT7WWiZ&A)8ZFSm9iVHYzTZ-_I>ujFM&X@lQ
zHw9gEK41UIby;v~^DG>6p*!gg1ZU+<FoXX34!WOQs)AO7F0!(q4t%e5_@kDZ3aL{_
zYM_vOuO0o~Yufi94*kkrfHQ)A?{h8Z803c`X9mf+qZV@>({gr!oVNl_2bxm@t%gfZ
z<z#JVcJ4pFihKjK6QE~@{hlgN?7vU-@I1asMa&1pgg`v=4_L+g2cA<p{GP6hRxI;B
z?qlmCihoG7#?F90PHJ1qTut~Fs@86^rg*2#d2qsP=4wJ`y33dMj^#Ly?;*T`7MN9+
z$5&)?qn~MdQgKMheJ;W;3Yu(Q%`Zv^E&iESk*M*{{7iEd@}XHFl_YP2V{vBx8O0OI
zWM)*yJfXB_uX;}?0`r6dwuxb$P^w$%Z0yFDMfZf#eoY(NfcXoc0q6<kvG3_=X0<a#
z=U4_?FcXe4!7=_5it>+-ICQW<0~A3>Cg~*Ekus^_XD9ku`vT4Iv;X(1UFWFWF)lGb
zH-~i5%~}C-SQqKtru;wd-a9a=qH7$!o4SF(E=UPzB#99d1WbTHViHV%z+Kp25EN9T
z6N;f2HV_19NrZJ-#0qv43)TlL2#AnS5>UF*Ep%pCIud&Jn{#Gv+q)?|`ucm{?~i2f
zotZoBoH=vm%qcJ`-)>XDo|9=llOLajCi+1WkFAvCuuSJ!s(U=@$@B;REtEf(9k@)0
z7SPyoAxf?`qE>mBRt<QOK~ZqFdO1ds)Pd;=iYSvjhoDMuzQE*9iR92yX0nLxA=<vF
zau3n`O_h6yCT~jaAxv-jau-r62tKyrErOt<y3D{vZ>_jbP~Ej_orvh%So*jy|M8|z
z)z28s^?E%_jul+LXp$RXa!VGM6XajtAcORppk|O>V$9PgEbmQC9;2bD4wm<xChskl
zH;(0fsL5Nz@_MtpPc?ZT32J?T#@NLN1lO~=d)gu{oN7!qOs3oWM4j~NSy{Zb7z#YC
zD=<!xe?fskx&p)G0)wHzqq+i*%LUS)K=%sS9&HD((%F(V65!Rg1u7&fS)f9)Zx={N
z_SphSJ~p3z4_0P@vY}WQnF@7E32b$!@*_z9LbXE@pf24DRc=GREI+AOT*Vbi#$$0L
zx=^|*Zd#~w8*(SzNE>thgx?1TEKuDC&+aSv3t27u3;Cr$s&I1wyC5Fi*V|u6BDxm%
z7L{&*hk>)DV|;|HZ}-q1xZTO1=lFa-GHZ5)C*58Kju<gah#47Oz!8h%IWuhNbZZDe
zlM_?nQBFd$Btq0~B6B7M<`;9;E9Mu2ZNrCgQk2(PGVlNfEzAo35p8Li;KZ)f2t+gt
z98JVPYpw!=8bhT;r2jsz82!pw?U${w#}%J;B1rpl8o}t@UXBClF`BZMJH--LipsT}
zDPyN-*e9Ag?ZlW1l!!w_+7t{ePv*Q2&h5%F?JfVzwBG`snqe*okeU(iQPNC>cpFi$
z@hW{s|9Q8<a)*c|XZ%IaM$zt~$M~C>&X(IP&VViPyHvq#vqjU`QVhI~{F%ud`YZj{
z=T~#Osb1(_`mfJk^QCmt^nhRCf0tju>M1}>+L`yOn6%Z_Tr4YLHI;<1^S;>v4n*xn
z@UDj<`lR!DE_lc+ItKptPLh!?L<rnXv_$i1ugZ|=mO;>klJEc$9#jjDZpUSK*JtqV
zVq+J80PinLIJ~ndz!h+}01Fc@aHnM2JIdh3CR{IQKwTd}-9pfRo428IP&*s^El@|v
zpnm5)^kbN5pZdFyX+H<BZh{t>8S!USiKfCgWniC^fSs)cw$+)k73$11oT~!nT6kM`
z3jpxlz5)IV06ba)a0c(jGPuhS+^66{2KVGS5oqLtj=8y?HfO*_=$q9*5b6jC4*Co@
zkIO8*sqmBxdhRI0k}Kc+ZePnBWdIheTFbHEZ^2)(U%x&0=hgqG;Q!A558?m(ZNMKO
z{m|NA2I+z08FyKhcIV){92@A+4$mGebC&h}7z;^okI19jNLLUB8<#}nHHJL~<pQ4<
z!l|68mAYF(^&Qvxv+9NMk_u|moNO?N93@xnsKcs84PoiV77i`n${au56j7cz!l3x)
zfpk&DL(67+&JVfmR-fop9<7wj9LGi{u7pw1@eSm`N;T)FE(X?<Lwu03zwfVS(1Fp6
zIR@75AwiI>qtMTeAjoccB!4@Qu5vr57}?SOUFH2tk#sB$k5#tRNvq{8^*&AaR&(AQ
zSlsjiPl%~#o6PJw^35dY%@9E{))wuhWa@T7afrp`RmLFJQ#1UQ(KA+{EE>FHH4_aU
z0)tQ|Q=$ct4}Ri&6^oLQO+j!q7c<?{l(ig;Yq^==+Uq;C=SLO3oa$*tQ`iQDPt28=
z<fUrU7}-lz&qu9Rc`nA(R?HP)ruXp~U&Jv*P`L+!bd}dcJZ1TDNQ~rObCM;;pMA$D
zm@;gjZSwfx6jQ>*mBaIG!^hGjG@Vs^WyP3^S_Lqy!PBebRb~W>S}*JZpB!^C>>0^j
z7wzEKGoSZuKF6N%D$hQUzL32y;(gvB^?4uf^Mh;avOX`)k@`Gp+*qm4ck@0^7&T7S
zXL=mro_8=10mXnN6s)xw2E?sm7_c-@!GC0RJ58=YUF%{MCglgRUeDm@GKZtfl0b$o
zkWZ4r?#9OU`6;f!BsVaUS1-glmD?XkH!?RmX6^<k&7Til<ZghHB*Dm%r)we@S>cDC
z%#6@)(VsVA;1Y1sZl)yV=6-%82R=|NpS{oEJy|OCWCia@qU8ST?x$7mzjA@Z<&7C4
z_aM`cvEPpT0F;mLPQc|D_~RP{F5b3W4rjrTX;;wv8m(PGZX&W+$mII-QGyZ%nf2_D
z)KkLV&-0!}1n{251hAfVkVw64v`p$LzJRB)apP^Hv`GCeCxwzY9mP>*bPGrVW;1+-
zijm53DujOCv1@Swj4lW8uJvQ@g92FB=1W~$$h+2lZBy2@{i9?t%F6GN--rT|xcGZ5
zzhNr6-@w-SLf(g~yq{Sxkwd4e0J?~^T`cuw6MNsm`yvDitPcqi$$4~?Omc83Nlk9&
zq-6#pShbjQQ{bP;kf9;ix(H-<_a=55DN3quS>%Yl0$qe>xxhP!4_BnCH6DEGVsdlA
z)#s*9t^W91KAi@=tx1+Ca)O5RHpS#Nf@_T?Su!Nh46v{nQe-+5X&X-(solnVD%<$Q
zKtWMZ0&D+3#m5~WMix|U4rF9FkOL!;y{82-V2sCfXW*{ym}@Lx308qt>&j(#i_Gjy
z$b@&fqgo&_rL(y+89D^AlD`0Ik}voREH?5Ue}UysUgj@AmPiqQLF@T^{sQ|7d78h#
zwoeA|7c^z-HJeGVG#6t<U;43$%WI^B*_QH71*oP+o$)I7jCIvJV*&S!m8MC3hZkSr
zU3?MGkc@5QjKw^|=$-L#Wj?t+<r&4^8DH>>P2L&*@l&=mO~%(eV~2OfcRXW}cg6}f
zi6MFIHO@SF_VWICTrWt?UWCG~dxO-%uE-#P6;YcL$u&Rgr*LhWjOTd9A@7VCJY%VM
zMgh$zUmu~dw^!$3L{)a4NxEVis`5n!=p)Cc!22nYyCbXV{gmX6EIeD~j?B#Ozn_i3
z4xjh#6uN7hxdEg^+BiOUzsJmDG&agZnf<aK%gfQ^jbwQz-o?CUG<joK-cKxVq9!kw
z<$cBSrfBjevAmaA-V9CNRF*f9<rQi2X0p5|Sl$boyysb7N0#@ZCeOk0qFCOmn!Nce
zFNo#6p~-uV<(+y5^WN3uy~*;nvAo5ay!Tk%*DP;|ChtR*_d3h_Qj_;7%X^mPeXYs+
ziscPpdEaaDzF~QtSl(()-U^o2oaL2h@_y79mmwpOcBkMPaM9OR;hOrFI$17#<r+%A
zH@=Mxe57gMeVy_9mg`L9>rXO=MhUJTb>7$x@d8<-B^21HE3i*4P#X$t))m+)7dSP9
z7FeSzuu(3s844`d75GsuumlQxr7Q5ATwpd7_*hrqOSwQc6nIxx;3K&}1{8Q*SKuAF
zKr|GXrz`N9T)-a+Jg+O@lnWdgObblY6)2Jmlt6)rx&mwD0*j!)e{=<w%LS%GflqV=
zzLE<JfCBI73VbXVNQD9mbOqj*3)}?-Ue*<8c!Q}b;6{CQ5G~`cv(W$TnpDYND6my$
zW#8+ngqF*pKqq`nee;I|ffTNW8{^b@@SM+{XTft0eFlXHeo2ANH=!ppS3`8=U7Gft
z!L@-d64%dy{0{LATrZ-?zSMQbkNqC!zrXv*e)o{m`E8nt)7d^v#p$e@rs8zIo2KG)
zmP}J|I&V!=aXRy+sW_dP(^Q;}ZJLVH88MArp=6QFr{RhN`J4LeULu*MxP#bGWN&%R
zRf)jkL)YDP(eL_667n=&!(h8m_}Xa6k=(h_>}myXaE{OymrI@|_iz07515v1%Jluh
z9--#{jK-Q>#Y*lvK{N0Cu~d27q&)tlJZ@1Qj|kj;Q0feQIxRn)<E_&{!c@_eQ!K@G
z4~OWT1{s2Q2~%q{yT17#wT0C0E2HEY!I*m|N3nT8M~MeUsXPyE9i_T_D&{XR1o91k
zL21Ls`~^5J@&<naE{n{iF9lPh148oZ$Ugn@c>!RS$kWi58J7*R-0KOR3ycxT<S!`d
zOQSF4U80Q<a^%3)n9Ud*Ytm7;?lNx7yG!jKu3*D_7;=ND;BVo#ymL%%s9}TS9(jhy
zNH#+=QqZ5ESa3Q~v|oZ)Wb%a;T-`nM13P1dDMtB!Oszmfjo|t%e~9*<$fu8ceB3g>
zj_0<n>@I9#PKBr7YOTD{7RNL*S@<YB$r<4!SDUwDRE(JN)vcI$E1h{O+PLd)@nf;J
z?KgR<MqemgEZC3;%JX#JbiU?8Qz#!3D-UZf1wo7;!Tos<M2*7Gdo1(RlNdEmYAVWC
zQ+29oDpqdlZCabFsmGgi-YplH0tHMS*%rx6LPk*H5aJGSN7A+=y`{ghrLYaBvYD#P
ztOr$L)pzs6F*H%@j|26UId(iuu_Hag>c}@+lO~%@g@=(VL2X#8;i|Y+(S|)KI@+RM
z@KyQ@o&iBMxHE<E6tm9rU%Gu~`i#R6K5a9EPb={bpSC&MG_FpA=MyB~hYi5@;l6B>
z?EokS|B_L(%N7f2%?C0K>n)KtdM2gpvvtpKJ^{WDf61^P$UCBqpN1|IchS%C>SP)=
zfhM@6pv3HcALEYgA<vG0C{8_$R(nc`#nF=@@MJ&o-6%ld5K|#gABxG$#};DqPmhEM
zP|oTYPp9P>IxSxtRMT=^t0e5Gjni_TK119&X<8<jZ$GLWOv|mp1c61DYmlU#m7l>Q
zWRxnpT+gI-J4}T@H?+~^R30QvMWA%54kh;y4sddT_W*Ya|JnfWs%n6DdkxT*tZ{j%
z9$a1>^}xR5u%0(uf_1wRraSKCuk;?Bf7M=e4LlPTznKj2_vK*K%l>DPm;HE&&i-ds
zHTFL_w`2d4Xj(qQ0dN14CP2?mt5UuBGlNFGc}kBeOn?IC|4*3!U3l*HRGWWWTXWUs
z7(b0_^Bdi3qS~DI-0i3~`z2PX+I&LzTdK|T=K0u@CeN#hYIEqLe_yqEQy*Wd&5sOX
zThOVt-tm6_wtjP8cZd)D=4WjG^ZL!d_txt-Cyk8w@ARAZ&h-Jdb#rT?-~4Fr%JiF)
zdu#NYr;cR$&BNL#`pv!Btech(G?<o8_oL_Y3Qzg^h`iQxN3`YQZU|&$ElfK3{J98(
zDd^>5yvpuF>G6wgn<2JgSQ<3zP_x-o1kTYwVYkcR5M1<FQ5sY<#Ji&OPPC%;<%T+W
z=f9Lk^JmKWQQr9_)9E2;SUL{j_+Z%2gC`7NWy_~}mAyQUmQ7@t`@J(0b7|(CEOWJY
zW{**@qW7`g1cv+$EBK0c!6DDkT6Tjrv)kwnqU;(!*3!vuoE?D-`k!$vy!}6G^wDDQ
z=yL^lGiTtCAHZsf?yq1u)|XO-abc7Qu)x6(guI&+6S!N1Sk^6$Ef97n0bSfIGINC>
zg{iPOp9+(%TLC(+Ppl0Ks4hGou!KO3Mt6Y4*^ScGIQby7V|Wx^&NB5-b~$?<Yq&<*
zZDMx|>|VAn5gp96>QV!`oP&5(;SjINOx}DJf>oJbD~1fWkuGKt4>pcT5%OVd&sT7T
zaW6RyH1!-PT>rJh<*^i$Mpztm%hwrfjYMaIG_fpTX9%`GY$u(Q{yXWU1f+@1loDVB
zfE;0EO@@PBz`fsYN{}iGzD5sEUKIsYSrH!Xb_`Qaa-iuiti)cfcO*#_uQ_mDSFyRu
zit$u9X&CmfVxm0U;}!ZI)~&K4givefp>(&vx5IqN;Wf}ra~-z-q;o@@Fj-{JH>|6C
z!(ule+`}07D#p7@@Ue_Chm7mt&|~9ga*v1hy`t-Jy()W*C*G9KtjD?=fY0Fy!!ap<
zIYs>L2DbP0mG)A51+_2f+6%3sJvs!ky%XEXweeP-@?$JPK85KjxCkT*zDK~Od@7GF
z@2Vaib*gD?u+P?Nt6PKnMH0(e`)!Hb+9$Pce{7f1eYLjIptMGc`&D>oL-j-DhC2FK
z2(_wd=mnn*<)|8p-$gPmd!VU{b_G9L>c`Zenx>lhY%1IU$2^_ZE!xn)CFw}e-Zz5s
z)*w^iBdB8VDq^h^GHpe7MNw$NC*HT>iww-icRmF84HJ|5LsaswG4Xz}V7-yq2Jqm4
zw20AlmfZ$~6;-Z|ezUN0b@W4pm8+v~D6B*so#riJd0%PrK4W=vS>89Ay#EN^7YA=~
zw_%e=gB}pPS?5>m*iFeN$|X8!uHCu<@wcP`yP!anP9=VtTwoa#7^f>xDi@d!1-{oi
zKdX=mjDrG(3SU8hydhT969e{v8xi~OdIiY+jbUd!YbmMlw-i(utoHLPes_a7b^Pw1
zL{qn&aMo3nANv89$(0`$*-+2f?Vl0vdD!0aN~ZmmCFwWdHb;WLe50xGHH3yn#d&OH
zD$a_Iqeeb+d-~1Tt}RmS-_vNZXVOI&C+RnfN&CF?o98^`t>4^F)^8Ralyy*JI|M--
z1bjl93CMI0^j=+0bW>JW^AB~aOYpV2gvwVJ1m7@37pJ6|iYEG4%cr|4t!-ZH-P$H!
zYxzJ`Yq`F^`u47J?DBBzve^H~j6LBM9e#F0XyLM0a?78>+#uQsSFerHVV7tim0(w=
zTm`!_?JdtS>_T{O?1JzilqcfYMe#T+cf6(KtiQ!m3ZeBX$FBbpzbr}H{ww^7d9rf+
z;*-x8jf7tc&<ksWmz=4F8bPIbMO9F_b;mydl`qCu2bGufP#Il4RQ^qPEPVWS;eqk5
zcjI~=E3ZJVI61mATY=)roMBmmhdzz!op*~XyJdCiI%;^%Fpc8mkG_`w_NtaY-PH}u
z?f;Ca^rT=aoZzRT0zAy-iB588_9aiVFq=RS=0ELC5ZVU#Xg?#MiuUO-wyvoVLJPR2
z2dlAAQZUnDVSJUep`hMBfQ8M+R)>WSJr)kD0d1K7Z{S~8-`l1Khy{h$Z!zU&1U)wz
zb*CvC0C`7(_sYB++hgGQl474?Hu||Q?EA3_>|-cb1a4&+A{0#tRAC=C@EDmUW8ds|
z6a$akcf7GL!{0~yef_oVvwi550AD7DI$Y~qC9d6L`Uh}r)zj7C+KYNz8(9NfWBv{P
z1$<l5=XUXp!~L}zbno%6@D)Z<2Z<kUR0WBT>in0G5LJ+f8(keFUeiNjY>haAf0Z8y
z>+KB>vAXrosBi&2ez>kxV*lg?k56w_1&_$ke*hkfM*jZ;9&>tC4i6uUfMrC8Bu50_
zcult=Uoc#zirnJykz|E1&s?aoc+49k6U10Q9|SSkuWELH0(X)>lUttMf>Pz85$clx
zSA*a6piGsUEmYLtLl%0O-L>}WfGw@k!-1eV97tN=Uf**QTc2pRJmeohyV&gN&~Ba{
z?MBpu1^t)kaoEGRyZ&9zS7P+)wdgnAs%p`9G5!Oy|M{@$W`DkZ_D9uZ_GkQS{D0<c
z(_dV6g?5w%P36MiHE@?nlKY@gvFRXL(&svM`$ENpR=y;CfdMM%<;y*=p(%6ahUWiq
zM%PeqH4SZP>8l}Th{PKT5uu^f(8gTWTtOONzF3Joc50;!4fWa3(?GbKsUN+PBGuhv
zt^UfOVHI^J45i<$0vivqv?EZs)Uirs?-uJTYgAQbpBB){K<k(c?dWxNpuXrSqvHU3
zL(!Sq7+Yg{it+`#om(xGF=K;JEE*`h!W0P>VG+r~^HpXEP{!`!nTM9ZOJS)hXEv+3
zAqSmDHqzy%K>VM&`ek{f4H{J@PWC-gX5B=#wutg=C~_8!$Wq5CEj;1_Fjdaw{U4+Y
z@w-UVRD{YPr(BcRv9ha?N@_a%KGw7&CCbYPVu0!bJ70T${a@NYB>1p@utfN_<UpTw
zzART<JVR$Oahhl7ELYC)44r)mhJu;70d79EHWsVKR30|{U6xm_$-Bt%X0f~qP2P2u
zm(B8mH0mi3C>`SevAo)vykM5sn&p`_d7&(?KFe#U$*afm%5yNUsV1)x%R9jGnrZSt
z_f;zlKXaWaS|BzLYzsb=b;{dqZm7y6LzxJj^7bTknZ{6NxUS4;F8t3Y<!xwz-*v+O
zbGM`dyP?1#o#_6gT;N+MuuoUuPr1M=P+*6yz+SmPE)>|LE3jQI&<hF_<7;YyGeIED
z=AmMFEIi-Ap2Oiem_65n=NnFZ4ut1(?D^VU`h1i<pMmGS?D;S}|ID6u!}D7D?0(Aq
zBq}z$j?sVahuxX(9&U@fn>)kZ*#&xZs0!^WgMXk)?E-Ow3n-rpE@!x6GeE(8Cn`U<
zLtSu#<PLPbBIUycXah=B(37`&x;q@yqG!SL9pG4JiaQj3Z0L8#Jx2cIFeM-E0g(1M
zZw7B%e}d$0klYFWb%%eCz`rM;6hwO_-?wE!=^iqpinTk<T?>Bd!@s6-pq2Me9`neG
z&9)SkF7=2MRgk(TQdGLsnJFq&=`>E?vPf6n;5JhWuXyjE7i1RgmqcgZFp=^uE$7ja
z&cIHEDZ<L;xS#xqvBW<d9wy94i56@vn7XiI4(>Y6$%jPy3Vd{=pBIaYZM8&u1@3sB
z9b&--^OK;lK}t^?L;YIXK<$@LqJm6k6DY_C>%H_d{_gvul0(6nr-6Lfcf;7gwOrbq
zoai7NB`WN8ah^o0(O}6m+P}488a*n%EG=w&?(l5+AXSE@yw>PAt~!+onrm<wN*TTj
zX@zHOtuW{_54%j3w~|ayG30XVq2qGps@C$V5=*;8_d~1GLG)=Pn3gU?4ihWlmi}W}
zNv7iixl;(yo)s>x8Z&tEkl{2*<Jc~V+Z!)J26;mmdiiH+l8=H&+R0f2r<Klx9o-_w
zK&))Z(;dqUe4~+|QsoPLkiP=!P|7wZgO%f()&3#=ma?6O7EkzXbprEr2j|DJ3Fzt0
z$b3o!-ZzVRW{YE?+J3<P{z=54VTu93TUKVv5l3FK>b<Y!jRU8}91A0AhJ`aXnE7t!
z<xovFN{-Tqpk#yRrOZXzqHNF*i&8YiB9*de6Py+<xLWA^g!T4Fj`YJQ5M5p1l`e%J
zjvkX#&Ev?siBjmMR}*FZ@_B55M1^wway~J$dPozK-vgsRx$mRdFw6ZCnLR@BXW;Bh
z{Y}S2$>W!qw2|A2p-+IbCU;9&Z><5(jU!EYJ7HuH@5#d2DoytuJh7lQu3u*V5QZ*0
zp_QEd;k2G9VOD2C`C};pM4fo!3l}H}M*x2osnsj8QT|NvLPOW7p3^sz$q`X{WlbaV
z<B28$o?!r>+6sVbX%zK#qedlp`Ti(D{zy`q4DY~{CcmqtiXQ^{U<GBAP=vRA44BM6
z$ezz#l*8<)9|CZf)eIrw%nW)4K<^by``FcwZln^uiZ5R8gC08*Hq3yQkJ7%a0;Y%<
zAA@}{;SWsyliZ7o@+5g~Y!m#=qrX!B5gv|i#u@qkLcTIjpx~SqLysP2@&5EQv4r@K
zDz>~FZHYaPQ(-S9OZUpKd+<>PyWc<id$9ZQZawTwg(E$<u(}Pc3T~zs)A<TAkv*|K
zU^h5{!S0%oZfeT>!8oTIN!wK@Hmd{b^Dq;pH;SKJA5Z_h_doj$a&j*;6u9pd&;ay@
zB9-osp|f#+e0e(E9~-Im$HD=BXMg<oPkDcIzrfblJ;oN2|9(kb5$U?U97afY4YRbF
zMUY9)v(3yTc|dJ{UzHwE+bg>nQ&*JyZL-ZG2IR*O6pq^u(KA#(zDZzI$-w*S2?7sw
z8+g#np210LKe{mt10iM(-_t0@Zdoqx2PesZ2cqPCj?UuHY0`cG8^p?aSn3K%d@797
zqIq3m3z%Xg!&e|Qqa|qOH)RJmXW&<~j+Fy&*c1%6`iBWpPH-{JF-SQ_X%5{xA~=L%
zYPxqoj-o~E!|mob6^yVS`CUcWcV|#i9EJ4xBw5jhIn|B$NT$zF=KVGj$zRY$3UYL2
z4uk%^K`jJXw>yID;mLJ_y!kho{-T8u#|S!Kg&-rEW+W}Y$BAnJL9<}uRzN7(m2f&1
zO_og*ep{bIx5MY)$7CsXhtiiL^o5n-*!}U7IC(}sdFGm;H(#)2WaDr0<QR#Ok0vdU
z?kki~nU<&dm+vSh!Rxbmd<VKFd;f}Sa`k*%lUC;hN|sWGKrfja=n1ct>nT%HK|1wU
zO_J}R^)OXLkXO-)ue_5WRos2sNvs$?p_S(aiw;|f*&R;nFJVfoQ%k(+FEOJN-iXJ+
z@WS>ut#92_xuc)8x}xuBy&86OF0E%3F3NjoN2NF!sO0=XeYRSz`>XZ+z3El|SxB#r
zJnKcTetrD!(5vzTGQCQEo&j@$Khi5*JS?tX4Xm>09LTtD(SCrepD8imoMz36s*+|c
z<}@pYyI&J2%>un^&fwa50?ir*j&{+qlJe!_Wtv431MjKB=oFpZz`dcIenEsO1Nb)T
z2UW4aS9I3HzLsg$Ir3SHD0O_dJEmyjyGa_}h5e-XZU@r&(p&Zoqgm3@V>HW1>sUnV
zSoyj{nJn<B!`~DZ#)FU09*lU4_5iSrJRN+T?v=#>;!4Fz>@b*xITJd)m4F-IzAj+e
znahyy=YEKUa$7$`TYaRqe(%fZBjlW1rKXST`{EM6ZQj}|7L*SH*_9K>l6}XNfN$TX
z$prEoS<nilWW@8Hia^GY8LgyvQ4?E9q;g9EL$?3}C6J2wOBnfvXSf9*k=p(J6BNb-
zlDXCI?=7d}dii>i*LwNzvA=cx-K(5`c|SV~xL&;5|6&@pKN{9+GgbT1f2;kjO8bsk
zto`+#SlxOJLwksF?&3X6TCXv%UhkOZ#bfNcyUO+YgdacV`d+Uay0i64`Hl$1+d5mG
zF|{~L0d{2}>>1Z4F4d7x3yW4x*T9&sR7=&<JW7sW4t=dF9iyAeeI3X<%Z|~5b8`nz
zrb(Kff6tH6Oq`w*9l?5BAA9@-O4qISM5}#}d~jy2cLF17DJNz6x-*2m!ikv&1IL3i
zvl#h86T_U2Wbv1(gL48KiJ2dq?fH!8B(j6^NCPANratW8jCSxtQl;p?{ZjQ2CQU_G
z5J|LTMpz(`nE?Mv$;`pm8JT$|O+{vg^-;(S-I)W2O;VGYiM<(_ft(r3)nulBZzMA@
z9FgN{N@l!*EBhcbFW&Nbh;PFV@dqEP`mAxJLW*8FI-H)?f8jK%&aa$i@kzdwEKTyI
zWbGmRml(8EBgt>64&nIC${6Vo9znj0kx1I&80io`UOv&h$a53PYrLHpa&Q`3uXo&x
z6*##Z86!EQ*!HH1U?!4><=Qi1ByZer@$Y}R5vwMcF=Q6cSVc1wdgy%~^(|imdXXjC
zJBUNa28cyxOmns(PXB_$<EGU)-Dv7toNlTYY~i67i_X|OSe-4;2z;e(><YKM!J@Mz
zq0<~+Znd8xn=_7jEN}{ef9CXpX#v9YChieXP5c?JjA>aJ@y9aa&$yd;_0QtjXc^iy
zz*4ZGpCxJIbFmi319US^v>HyrIezRWkEgq1>KUQCy~`N^u4A@~j$lug(Ot$4=j!O)
zOD84>Bze+N4~OvKASSM|UyoJJn-DY*?ue2$<t3MQH5l`P=qgHdH>T+^fW`1S$ZbTs
z+k)bJ@%}im<gEXw(#4L}tHgz(<6)W=P_mvM`x{=4?;zmS(Kga4vx#7J2o|_2bS8W|
zUX}-dgG1ui^(aDb>VPIfW$<wX7vu*Brg=vZI5+5Y(Ubk4j1<9AR>qEfWnp{@)$>P*
zgg7)U03wt+(cFQaxw<=22+mX%n0xnhM7!wXzk}}C_Os;L8M=@*x*taQg9SEYkQ^+2
z6GSG~=m;O?WVW4PKB8rInS{iduy$OEK-xz}X`Af_QQ8L4cGB$|R2lZOo~%J#498s=
zG%NlLC>&^@D4i$ROiYWzQ&L8}DqcA-XSA}b6gf)HdOQ|S8H5|g;g?N4!sDTN`E!u$
zY0dHsZ;@uWoKEfh?6<()XyS+z@Y3v#>|QXnLl*2Sw9tH*-=QMK&r*t?TTRZFaf0&`
zJC%3oV2H>&)XB8m+QBc~5&EKMbHTL`)9fPX<j~N$R>NV>;Z9hUZIyd$cZanDg++*1
zFqsIpPu)*-nt@sGxqDyiWHNW@kd<v}9e5%;Mab(k<pp=gODvJ59e}jfCPyxvGIw*U
z;R+F3ga|N>yf6xS*Ap<6#mGCz$KIs|_gM;?2gb@s_y$n637t_W)v6#77e?B^3m#xG
z$dgPcb%_3Y`2%Pz`2(1dDA?{|k(?9hCNb7VH;ER~Cea}?%!g|LAMrsS%+~q`*jC`}
zAE1Ays{I3;zQ1b!0M+|5pg+%;<2RF+*HP@O#-G8P!?pcwt?Ta>=~eeP<sa+sk&^2B
zdwrN!{MA{y_}^*O#Q$#bPxZG=4f^|pSAWmW^zN^<n*RP4dt3c&%KO`qp>iA&tC9L{
zW~;wf`nzhVw!b}f{eAnPs{7lr2L0v2A<8gTJl9IV*qWul(l4cZ2U=#S*B7Ig&8&{;
zMr+ayTO0bNyQxb5smvdL3f5ybC4tG%5yH38Ll(!~V$nfc9ZC<7c)A=h5nOJ8^_yyI
z<3T>ECa7T`Pkau|u&s_sF_}f>rb5_(XlKH#ju8=bS2t6V%1;!QvSLYB!{ok$>vzHa
zU$7x8GwG}?tMiPM2Za1H7Ds3__hD%}lvz|<x#Gq;5yNFO)r}!{M9EEnMA7}B=;%f%
z<il|VhYjMD{Sd6Op!h0EW6Q{g_eCHLd>ejwh%spsQpaP}jn_T(f5~`r>)+0JzirOO
z`$hBH9Pf=O+VOty|7yIm>QysdXNr+BCRfSkd#f0tZhUu6`CkIh56rg%&tuUHp1(!c
z7@jjv!ws>;zQ<z!OSIo2FP%jx%V&tt8I)3FBr<mYBspOWL0#r|8-}omb0^6!Jn8d>
z_zNuKj@2xblH<8VT0tVvm0FChSRHu~B5%dEWC0`-q6I>c$_H8WzDzp(bqr3hwZtEk
z6YNn7$W`GKYXkq}SIE{{a2i}^mOKH16Qlk2M6qBF&U^dP22gB!f)xA!hv-bL*j7=q
ztWs>t97>a7|0v(?ls#Y&<roe_3WXhj4XI1CdQ51#KK2rhDHunxK{b+-#NWqAOgNHz
zR}4v!MzQtVGx|{k-_|Iu`&BZEp2{fF&LsFA1!yXgB^PlNp*}{D8loSCB??Dz`gDRc
ziYq@|)Q=+cwnovevQfP6ud;TJ08LEh+5`M%)WyPqBS)u5@+hvtx+ko{!<0{b`5}^A
z8;P<{r#;_?GpF^|<eca@TOvwlEVxLt{+Td9l08Qo8Lkk_GhGe*nUC^BkV&E1a73p4
zY-VhQmlpO5^uV2I|I1Qx)8A5X(|~r-V0zs$0!*U4W6!v(hC`yMlZ&3>Q3)GQ=%jfE
zpa$#Re(?vftKIDZM|EAb|CX6_PO-<N?^gRYFMG_3V!@G{R%i4t7H8<*_;OIkF4ov%
zUP?EO3%vsW`&=<!GEEP?ME~`<#5A(6phor;dU7re5R)$E?Xo28u|;dn`=X<s#oi!V
zv>U{N5+g+~%9gl5AA5r_lhP0HRz!>uFq-}l6mb~LY=E0x3b30joJ^Qjg>GnknWIy8
zZ$0D1Or5o`jeO11`+G(&L}xp^HflgWy1@KY6<oV(LY!+0=s=eRTwpY0>II{ALY1<n
zS%8ytILG35Wt+wY?!O~N09S5@>96}vFL{UPStlm_WSTveeljD)+%50yB|4R61Nd&E
zPyNlI^l4wV>EMBE)80!nD?A=S$ookwxb86(KFF;)07bc_C*l^lVw9seu8ddAJ>QS_
zHn@8VMWy{Ai~!&)Ah)S-940;m5?`Z;xD0cwOs{Jl^XDLT29aF8B9fa#6WexX?zIJ#
znx=a?&1lLp=BP7JVUOljbizERCeP0Dj<CF!HF<E;td;+b;U0TMGCCwma1GEYeb&Dr
z6|jW(bl3a6Tp$JtEYTHM&NV5UkzgqBiB8q>bGg6?3IMNA36f!)_jDJ%#Er5eKpQ&t
zq}mZfnW=D2D5n}0`z=e!ElLt@QIbHoH-;FW;i#+{<BT+06zHQf88<i52x=RFs*?_u
z4#pbgJ?wX#&9q;(B%M}3Z7N)hP$;`fbC42w!g8MxOV0U=9?GO#<Hj1>st8Esh3`l&
zenoomD-wy&J@CKJ9^W<`JH({zwEs$oDt$aUaBZ)(-`IC&gusKS<}iPAX|#i-oM=e&
z0=7P|^3d&hY=KvhWp2)p=(oMDe)?_ikvmm86e9(VO|#I;z4I9tBL&ljGE(q7{dJo$
zz8<Xqi>BG}ewD2MVAcA+G1H@7|F?LAC$nVh>j_}%9v1t}!ByG%=CwjRRPAXGS?H2i
zwl8J1I}E-oZM{CvD?uc!Y*$0FWGXBR@x8S*h^PdQ4{7jNF*52J2Rp(>y1$+2Zts7b
z;__*_m#OjgEqPZvZM9$ZWphh+HH@cbF`TB@vAq)XMSR_h__`PNH|uVgRVkv{UPRZu
zGP>@xByF?Zqe9pDh_A4}aeRgSjd<;EF-;=aMHSoMSU3(AP)%e3)l_Kfg<?%i1s`ya
zNh07v1hYEY*bHrSKD=Miw^&*!KU}RE0}#b;u0{&_h$D4@sR4f9nQ&pC%n5f>FDEe8
zA;Sr-rG~hc%2aE~L#|g;@U?_zpFJcb3{^VbA1L>|o8!E`?+t6(cQd(iB~q`&hT$l9
z-+NTjcep_&pPt0NH}cW<j^2IGY>a)sF+lG7{d0Zvy;05kp6s*l#mLq8V24*@##CmQ
z8Ur>lqovz|vJKL4RaEm|+&<>2mwn8!8u@p;Wl;Hdj9~ULk2i_{6BRgIYD`p0PBJ3+
z#sEeH-ycu~KXgCcJoWT&T7PrB%K4!yH(4Yhv*dW-oF`J^gX%t|I3Bpx-<uC=Ch<WE
zMKcw~<88W6qUf~<>zigx0n=+94&;Fcfidc?@IMyde=zYeCGk=4|B8u2l*GX_@q7{_
zj#U!JXxWUpvd^jM0%bFv)0v&zcT3`A20(!@9iy^NE|3ZZzR?v}B^S603Vg2NWF(Vv
z?+Gi~4xCI4wgKRz|B-Frp%&F`10Vjs+Xh;ywgL5etA0NSyW_v#4=5_0$Ji((XW44&
z@g!Sqz3H#J&U|To{d`TgzIK?F+hBQ(1+Uoqy_Q%RTVk(Xla?5_VxN06Qf4`Rc-)s2
z`)#lq?XRivOtNDBuUHM6;UB`WgZEX3V{iVy!!aFaTn%QeG2aGexjwmqwqhZD69jUp
zFWPn8dW=4wWX~7i`5=2f4$s@!^L}_<PoLdZ*9&mE$Z!?FPe&=%IJ48r#S@-vE!8`i
zX*}e+N4c?&Mk&i(NBt_2SX$DZ;%?*arcTdy$Gh7z1qmsU2Mf6tM9ZhT+xp1*1G0?j
zY9h#~Wyd`3y38M~oWpds@=>N4#AKSNh9{PFLm?^om3YuXtL1@MANTpPJ(CnkV7igK
ze94Fc)X_qSfI%X9)nY#Oi|X*$n<gn*;C<I31s*L>6LRt|u2Tt`rk8U;gx4<GOSFp0
zK_~w}4ko~|TEbe(m17p?G~{LMC&;AB3L6sxY|Qg@CAEJ*36;75n#H63H9W<jLOHjC
zn(D(2s_xnlHiF?-Be??C@UeMg2GUW0%2sJwgff_pd@vE2j)}mNC2mjgH6W;vG-3k^
zfnjh7vHb*0|CfI$BMF0%tgaKqolSE?Yv?F*HqF8pbGs>S86`lRXthO@%K9npF^%<8
zqQKNiy0=zYKfTjfGV*z)F;n8w__Vg^{9aFD%IvC?XLYtR&sA;$CCACStl6SNFgcR$
z+)R7wop>J{$sA1Vqa^mGi4!n!fRgwW#Q(y?kxJqSExXVhZKF<*bCg$gHSu_J6HR#b
z4#*DGWry<YWsvRB*<pDqSoX`1jegWs22!mWN%MVABgyP3#2=&GxI<~d_%m)3{;;)u
z)=yHaI_4*-S{?91MXtPBte%4nnOfD*J+XqU*tOh`nX2^M6D#=8r;_ec&{~nMZxU4I
zVLHTLo@0x==%x`aPH>%%3c_G8%uy>)<vHgt6ST?dSRB*M<i1=~&a2NZrPIuo<ZfnW
z+RfL-AHCUm#SDuBR)A`OfI=O)d;k}SQLheY1Gg4eNZ|#DF_UX%8vU==iem1MgK^;o
z&h9O{KSsjGgydRR24F72N)NQL(t||%No)Xwl1!3rjqXR1-VbN$Zle7#4`ws*BFNtZ
zqIDkNHMWBH$fpR&$bENfA0FU~TUYM^K8^Ig9O=^oyqP3H&Z}I#c8efc*{u^8%%AvG
zMg$5^o|y4#tlC~HMn%_Gonat<`MQzO^~nJo-is9ghCfmb0Nd@a27v3&aRAaz?*)0U
zgYNxuprV8ZEQF9*9jHjSP@y--Y~l?Eh!YgUE%S!A@-g38t*V^w|FBs-dWp{JVolD+
zEN3&#k=u|awhtWD=uoWq`zJZJi_JPsO5#a7Y0`X6JRUmR*3)dZqpv9o%;?X9)qveO
z&iv1OrQJ<SgJy~n%4ONV7ptb%-M1C1rg7D=YK{wDv1(v^+wKbS8sEPds^*#S|H)7_
zM=Oqbg{r~zr_pD<0s0tEu`mFR=^AFOtTPLVQC2)Y>nk1+z~Aba5<_`o=7-Gc7#e1E
zJRLy~Cg%7v7S5rUl>k*hs=tEJ#Omx49qcxlnh7G@?{5sVB%QN~=`&JV;{ARG%3wg)
za!4#HuiTP#oz-4SemWn?>f?30zo64j32hH=y@h&#5rR%1Qa9ck{r{Jb_rSRtjyE!Z
zsW3DN(2rZA55;UK$xEA2U*Tn(0DloI%qU&F6GqK7qPV41;_r+%pT8|uORq^?Vq}JU
z5Q%MOCa9B6j9^^EgiK)i5^Pp9*ah{5Wv`-PnNcIjGYU1drHvrV{6RLDFjlGYKa<bv
zYc$ui#xODv6%-%>kQ_Viw>lvBO?bAu+{kB>d^FOirj3}%sv~*<WL`@hYx{tXwQZx?
zNbb51_KXAtQQFbOU`$L^5>sg6#paM`Q4&QBO3h{l#YJZ*GnlVqCG$O!Xlxi17^N#P
ziWdkYozLiYAv4)Vk16h^?uN4A=8sp|-t*`dnF$CZOYkrQ+3)h~_FGV;yh~;LVEJl~
zr|68W5%Pp@95;f>u$iQdL^iK6q*{URn@)4A$@!GmbK}}&`UspSyJSgGxG!hIK}$6p
z#Kj%ea1b+3DjdXXz}EmHz=LA+WBeSjgq+EHcC^G2V&p>Sx17W412LMc5Wi@F#OA43
z4kz)!ay0X1IrNO)>1ZE}$KL2F8IMmHqc_@3Vfc<OMlZ`9sSfpXxSX*Z`^y;+pZQ5<
zIZAobfS<hieJ#J|Oz0zWFo1HFFEBj4y&5oFKdykGF0eWpMlPq84@R!T$=hY*-oD4j
ze9pe7CX8IuQ<X7t!YLn&oZ~W^)q=}x3h&%3&+2%dWZWDpsP*wx{2VTW{3CoB6k;4y
zSTn;Ri83|+5-am@gDO~=mfoz4Ma#-)@TGFb<~`2X)GGI8Y`pMI+V3uu;(pikG0lE=
zKT3Nw`<=Ll?RSgHVk@CX*(+4^DC97wM@xr#(W7&Rs-Q<hGc@$5M@BXDXvmgo7Q%%i
z%0dVPv2vC4=+y9P=+U~DebA#@NB=u|)IY+<`so%?6MA&uL}m1-_=JWY^}5Jbj^!d-
zCWkl5E2lkA+P1MedbFW)HT3A<Pt|~7^kD@I)2@5dqu&C3(4$X|+%7!|ZRTS>uiRY|
zdi28a%IMMf<38xojq_|)FP&#o=-437>LH$#zoBY+M1I%Nqusy%tMsUm`QM{Q&tA~c
zBjxM)Ui#AN<AtI#{jpFZooP5<{Db=MM<Z`X|NTlcrvDDVHP?UtUo_rXM{Z}l8_L;u
zSC>~kUS@B<0(Y80S$cbWl|2f2{>b+uZ(O+LDYzPhE}d{2LJO5YByUO2(#n+Yv*gc)
z(9hyG(+^Frme@BvzFxyW)48@^Mpr<*bUW6FsR%7q(c#fqvUVQ0Jw?wVC8@H;MU#??
zdWRi~@6&1zJezm>IPeUkZR9F#JUaTkzKt4cbtL#dlp?IUABb^X5-Isb;v3DSCRN)x
z=XoTbO0y2p6Hc~A75LhGn$fc*YgP0N;dO%yTZJGEf0#25=q2ix4$Mo`$%iZT#Zv7N
zG2!iX5AkcJw3CtENADlEGFGJFS}rd|{JL)qcE<RygkLgx{4b_2_5Zw`_15PSTW{7&
z|5xct)E~Dq-eDKnc>7=czdGJFzu(SyZ5P;hb1qapULHSoj|FJr4U+i{V*VN{UxvNI
zSU6r1EwP)@$|?AXt(=2D#0uW_%d+tfn(Tvr9`b8Y2sd1?my(mof}jesY-Ja<ad>CL
zgIK>1Bi-4c_zN83An#1v&toLXRm->l=>&PBze_JbQsRnMOHWr)HY<I`^f19xXfQw=
z!mbdapj==+Fz$qo!|9_<Uly+Wcf2K;hP-G+U<l{D%J`jAOd#uj)OgnaIL$bvV*)#<
z@RPzDk9SZVRCs9X7=BV<w_4;i9ChmG_I%V8WO0!XX<wb1?jm8NV0)yGsMz=UR}L8-
zder=o44KvZOd|uQXAySuMn}1uHw*v!Zn7g2*}p9kbqQHps?L7Ej3nMtS{rNk(OTV_
zPD%v%>MY2DQ%e)%8gmBwkWSW6wKKs?d&W$ZHXg!?3zUk#8B(d(vqoL@r(Kn#!7*fb
z2b2a6t|g0AzgclnUw?y|idAFC(5(zVG<W}^PKeq=$BFb*=~nW<*lX(fxZeM?o)3k?
zSL^vuIGkRuYK6nAw<Muy-F=kjaOu<qyK<(aA33v^7U-Z8yLR9OV#pRK5Th#)BNzC5
zFV`WU9XnyJni=}~ro;^8!B>lK%FIxhyNNqNa+Tt)<BsJ@1BmeCh(^k5CVP)C#%bJg
zS;`wh)*XrD8UibLcGmJ(FMoY-1Nnr38A7%h0q(-`@=zfKWfJy3AkOuh?a(8Xk&>2`
z!_lb{^9WTxGz_##BFAy}I#T-e+JDnmUlXUwS6}}`rq1x{cd;y<xvu|j3atOR*}nUK
zpe^?QE6OXbw5$66NNw!@;IUr)fAH`2|M9u1{=eOU_5aszV-<UIojmLHk3gPfDg=M<
zvh=FNBOTiVcry9Q!$n;iv)E>HiV3f_d{(*e3Kfn%TFDfSDwUeF+o9H{=<14O`V<Wr
zO}~*?BYg@#R=WMqNmc1nxTfp$DVp#6@AN5(>i7`DjIUD@eG30yE7PZN{i4#RnEGcV
z*Qdz+ldYm!->CE{p5lp@zn1hVe8^v}-qOimj^FxM<u9*SwENfOFW3L9QXZ`3Cx2gx
z{N#yF-u&dRmpvX0KiRgJ@so~au|gI8^G-j2t9?*=?$1S9)x(1Sj{myn=g9u+es0Sa
zwEwbLnLqY|xACS9-j{FuyYl~={~o++{qcWO-sZRCcFs#(j<NGn%CY~e=fnEjZ|nSj
zl%M~PRy|(P5x8^gBlIULMs#!{>*f9Vy66c1p5|ED24Ib@3#<1j*jSuXVql3!uJ<9Q
zYQQ41{YkzVFDNdz3sT<-uF}W)X2wRfrbhwyk6Qcez<AmV({f=wkEatDN#E1vB+Bpg
zSpVa&|6cI3U$;6^&yRToA%epQgwDNA=v+Fd$HBZlvCfx)(>HhuoRo#|#z4-_>1mmc
z5%h1m=o8+-?%E9A60BPa`4@UPLeELCK2{~HO99qK4(sMyHLy0im&EU~%&eFJFnbw%
zD&E?YC6F11!@OZjXF5KpYNoY0XLW-}@fOOoHm0xI`7X)9`ApQ~!zVf3_>hSrxAlqq
zP*S(V2TG`2?Y|mW6Ic89ZIQ*2mHQ7=uANNF1H)<0C_h!m{LKXhK}Q`CR>w%AyOHMm
zj3STChBgUFr)^JI9POe-$5>)XI%~0?%QSVW08<4Mj^;X<fBA@qf^4TH_MBy=#{dzI
z&6b&H=rQ$scSGi{t_&mtGo<82>1*NFy%2pV#i$^&)L>1zJmHjSdBFVvMJXptFBiLi
z7oDlYo_<6iBQ7-)z(HLn`Ym(Ybo_ENP$#62ZW)}4j!uo}>==xHCtoBUaAXQ6&{F3^
zc;^@dP7w$349Y$yJpU!j2!xDoJcFL>5}u4t!HfXNXiYO<$}yIQ|0?F5+C#q25x9a$
z>K?{Eg^{*<q~l2J9*L!DMxU(q)P<vAeWkuZf5==q6xXvA@<AwqT;DBKaelW{#fjZg
z6~ECZcQ|(}X(`xv6}nYM6El;J=bb~}l+dH1Kbk=k?V$-57xkro${D%TW{|v#C%5=i
z?T^x%9&miQHA;goCr14f_%i6y-^7=&>hYxu?J4PS!5d$`yCmU@;en2l2a!H>DOt}m
z2(u-NKBr+mcaP?`805)c5r)S`A`FkyAF_#7?>bSTlI*t!W?O>AwcijHtDxvpTnzc$
zClV|cLvmN1{O%_{_0=VKh;ZhK1Hu<UVKR9ng9+NHI0A=^1enlWDb0vx9^g;1a09~2
z3Ld%B4e0OJeV3)6!ec60#`ZHb>q^dvPBaxRL=yfSW#GCI${9lG7*pZ%SVMoh7Gl@u
z?gYmNG3ln|4_G`~Y@IEhvW)n0_Z=F4mZg@YKPD~dl-M#p?;=_(b$6!3S?v{8`w=qs
z!VwR4hk|{#YXSua{a!O(_|8=LxCdNALQNCTy5J?g*d0!bTK#R&F%;6tw&;inp`9qO
z<2kS?Hi%kxqEC#V6PtRDLH@T23GzQ&kRb1Dm7<3HBWH<+iyIThv|@|CE=f77!iPGt
zzu=7{xond3*d;B}^j(M<2eJ_}4$>d;6>Z)%NWqLSa@Q`78SI-nyHtp>;{YPc`|xGE
za||Qqek38v3y>Vnlk+}O^x09dRPEa&Sd^UOO(XHUMEiciB1`S_y6l<1GZIC*F&}B~
z(-nW4_MaiN9%!I~+pwO_l;)PQQdo)co4NliFw`?_G8N8Zu%~F|NuM#*<at1}m*gE0
zi+0&MTMdUSNgFJtP8&E~wgUM*X#r`#I+6^MKo<W}SjBcjqlUBi0s3Ba&^9?U_KKzg
z#How){1wS1-|mN?y{7bhH9kI_rtL*VoKkukdTa|cQV!L$u}bti2=4}ukd;ye<z(7Q
zeGl^LYJGEp|C3w2s@j#e1HuH8mo`w?Lh<cY7B{_kH|H>d$pHF^%LE*TkM%$EG(j-l
z5FO9M+?S`t7)?b_G9Thr$Gu6z9uYEOldu#}0%0)C-hg5h5Lp)F6TwvYEz_M>dljMs
zZB;L!7aGnn(J3s9mMJK@NLvLlGRYf%M4}Z|oCQqO0jbb&0V<S`xlc2}%za3NU}hbU
zQR=aad4~ZhN!mS3O46exlc|Ux?gtaD`&fG4mP{{csUY>1i`vIS>3rF{QyNHBq<C86
z$tz=-RK>`I7#qI##g%?(RQHN*CH_kVviW9nI%69|2hB<&nT{_4Ag)^`$fKIpqAOs=
zbKonL61j}d?v|os{2;O5#7$T)5g@c28O%H?uWuM7fMzv)UIT6!JXvw3HRplfXmYhV
z3h3THOMiKruhC~%;#-Fae6GDj$)=*Gg9RVhKROtF=9+Oi<ILLX!LY}}EJTo7zfm0P
zhSSXa`3Cm7pHDM0MiM09)e<heVt!??0@a+74|Brt;$l4Xa`p^*#4ReeH4`1VZ0cyg
z#;f{ei+1G&p(HM-HH7x`&Nmf32HCW;^%0R^_8y^Kb+rhBlVIw+!H>{+eu(1aHh+11
zR!24gJJ&Sk*}*w3%~CMEAI0NwSf(4D0NMZ$qXFpJ2`y=@&cPUWjkaEAP8&dEX{cZD
zp{kGu?%EEHWC**+kD<nR8DaZ!_bkoUMhR#HIcP02f;5=}8@E7r1TpmSW-LB}(RAVj
z#T@e2AlbIFPxRgNOROSXsp3kkT*Ys^iqf>i2ws6$wvKzcf_fZnm@9urACSj(C!%4S
zn4EilVvv|T-Z-(Iye1OK7B~ThqC0ZhT*u9DPMbt$$_N!0t@a4UHhzS6Mwl4E6UVcA
z6UVoag7+<ksVFJP7cwUD)I?2chakbn(rX{2o?pHUdS0t^>3tX^Exlm2^cuq|d#ZkA
ztL&S<*eXkQE351Q`kd()mxUFs<ydeC*_sh)U@5u}pQnp(9$km0MTSM-+eh+evC)!r
z#`XlWow#6e1f0WRC2hAIqgYZY6_*UVS+&zwu*sdbCQ|Tf>0LOP-cnAcLpNp7$za_S
z>4*>R3ZpB8brtb{Qg0A=--pq6$=1P??yoa|N&W^H2vXv;4H&X5T`eQq+xIaHD@%(R
zJYsl98A}_}BTEl^=t=#89fO`>VD&k`lOCOOMWznBWbY4-dBE!4hd@0Ide(N&S)>_v
zXm%KXS0b!49+JYD5ypaY<AV1|no3z5#MWFB6t`+lqIyAO76&v(mxXBRTWpGjL6k9n
z3W7w}i0f?-(81^E-sIVx%>-~hFdkeI<f99{FM)A^jsrgtq4j6)Xbj4elr_Lh64F1A
zA$J<?p|&`-RPeb0KOLN;@OkIuQ~~7!$d{Cpgr6h%XNWxK@@iWO%IKNsT;99xHk2h;
zeYr{wVwcEcM-uC5WFnMSBf&2?Z4D2L*aISNk(Mx>P`6+FX3^2GWq%M#Jd%i-pmu~2
zoizPMpx#$0k$xvT93?2@VaD>UNgmsi+z$=TSN44Fe@0Z|Gka?4e+K5|xgR1G|1;wm
zfc9^1=7R!l;w<aT4Z!tiMK;s^g4wG>XRiz8H@n!=bS%|O^m_r0#L)Y)#r`Yt!={f=
zuF*9Vb+A)AU^QO1DN&f%Qc1jDTl3>r8MBr~mQi-q)%~jX)o4$-z<en1&{b^f=S#ix
z1~tnuF<nWdSeE)eCT1y#4|~NRu8``FgZlUB46xhZWTB7|e?p;5w9e(s$#PanB5|*T
zO3KyN=s-?N(^?9yT{qOpQJDOo;A*IG`w@xBNx~X<aCKo*``g7{`Wx;tO!T_p{u&d#
zZn)pU#L92D2Vavo=9bX?N3MB~?=iVRZ79%9SD=Sn;M59QAVpUo?V2=0o1s8FeI;3U
z9QBYMcN|r&J2N+^j&q5m;|9&??tu-FoF?77f!&+^xFA+=fq2wa3jcsdcD)1tzDIOl
zFD;9_yCe#h7s<pzN7u6&rqCM5$6J~SGKu?>EPz*L|HMl@x<GX^zJw>H(L{H+-1nDw
zax9iDBazBC<B5%DhN>$Xm?>~E)T2E6%<Gs9E<e_@5Gl#)r7`y!d(6YWyN{P%`#KkI
zR3_h`>`4lUH{v*THv?xIfpl4l1Dq3$p%aZF2%7)&;|`IpKw4V-nT+^j@x}4G+*Wx%
zhwfVKXUXCX($S6*$vJl!VH2TyOD>7uyaEf(tYCzvksopa_Ma@URfzPhi~TTVN$zUx
zoUkKpMn$c3)5{wsbSN(|P^M2{Oiq{x5(#!n7AeJneT!W938b=JqQi_Xh~B{TWt~0V
zn{lnlq{PBqrq@c0C0NTIuUbA-*Ydei3;4)$PFTx3OuN#=H2V>Xv$U?FK!di9U(|Js
zQ0n-J&k3@rM)KT#1|vEX3CU5w%99p9@`<uKMiPr>qcwTtdDHA~DVcGkT`ej$z4$48
zbS*<FB-fLms^?N9)^lXFzMe_JSjV(FGFU>_`vglTBC{+YmRf3v-|QNpZF1c{rO6qr
z$#Jwv)AIF{)r#x*HhsFwP<;m+>#FWR-UG`F@x`uF;IE_8RVMNnO{|7f@tfVz+7#%e
zyS_FJJ}&hWT%UnX4n$}IAVr8tS2#igQ<7%8i@|B_rbuK}!hl&ocPH*f@#U&9Z`(_m
zFjh;K=s2rA1|0vG;}2#gRdD}jWgCEDQ(ajt4;<Ww$qB)2kk!$uJAJh<_RivH57Jp+
zVeF^KGYjd28i+TChr*e1(zfCP@^`Iy7%71X6_y`d0X&GQ%RZ1K)m?Fy;O?U3r-B?n
zQ1fd;{+jPVNh`>-+(^0NxQ75nEo-Ur-(~q}b7Ekw;-Fo3NhEk{GQtpxT2pLy$BWKX
zXYWS@GUy-^?%hXI$@-pv@PRqKQTjFp^5cGMCb(*Oz+I~?Ixf@Edd5)$pLR>Zb419i
z>+XeF_-4zPF*Q0x$m>{mFz>;1M+QX`)~OKMDf%&-N(2>Zsf(QWmKB-vl#f%>Yq-22
zMk=gNu)-c=DJzq%!Hi!1^d$d&ht&T4I%Lv~pmP2y(|#P}bnGsy>DS1GX4+4?*I=`Z
z%bHM%7n`D%lWOO#S~S&#i>4kR>zC18Fu}t-#ye9(AE6Wc;(=!L@aYbAgIg$f9dx_|
zK3O{aC|y^y`caaOb{=^Q^%;Jc@1@T$^YnZ!*3ycmBA9%NY2nE7OjrkDO!U;t?cpAK
z;2cr3+13wZ?6RP_We~oONkrbA)*dAyBe{GFMCi1ZL1gKZOoYVLY01ow^csGqqA5sN
zfhKU9syMPR$f$^(;)sQR7pM6SH+0Q+>_Acbn#ZI1IMnCIuM2|0(W^$KXd_uc+X%-b
z4F@*ZKb{EJDY52_)JZgRb!v-K8LJJDcoOZuUA@4IGq_4qyf|a83Q`4@_ns#2EtYqT
zVBUwCyhSW;6U+NlllKwJ`-0_trOEq@<;`b#t2BAb1#geiFLJ(k5DEJaMb#NPzW8&w
zz?H9Pfwy%9e&q$?$Q~%LQCDE2T;Mw>uv}MQxm@7YuObEYoci`W-I(NHSLmxdNOEDu
zZwfB1lok<LDcP_8v63-T6P=R%x@=GAeFcE)2A7d`@u1u`j5HvycwjBbt_Vu}jf%dt
zndE-p<8C@z`wc_sM1GhsL)Vghebz;XaNTrh+MQicNEU~0p73#kC_3Te1Tp@Ej}yd`
zC#pU{w3F>}PJKZkaIa3owYywkGZaYH6-f3-z6+K>ftI=gEqQ?mG8+nn!`|iR7G%eD
z^;Sq1y}>IOSUumf3z-EDxR61q22-8{WkMc_96vpAl2)yTcR;j71!ntU$_%wR0T5Q(
zf*vv$wIqqdFaIx($ER98rG){EhK{T+sqae&(hra+hU7dJ?nC(J5PXRbU%*t2)}yIt
z9;cJ&6T=Ef!6NVlUayxTq_3>S1QVl$EP}3o3O1N^m@`_3T{gD#=Ah&N(W%F=UV7*E
z?T_{H?fgERW%zV{Z(w;oo!=in+N&nc?+;f<+S6k`qnNQvM@RO^1*}k@OjqD1xxoEU
z;0Ij+SB0eFT?+~v&=oi!7jS(_3;e9Qq;xlzPq1UYQyplHWB|Mdx+R0$hrg2uQ^t1;
zgMXjHPI$h~cMOd)?b}c$1KV!ddWOO4!@y@KWmL*-k6Dwh<wje9m7&MFU#<4*nf8sM
zeJg4E%Mr>y91-oVOgo``Xe;i}un+8w6lJZFag54bgly{_&JNkMR@<P?rsV;N0c%s5
zPI#2F0_at+RJ8vj+DphXesbjs|GDqz*#X-q*#C|okhl4%f&7ynb5&Sfk5YPvD~*Ja
zI`8<hIynJ`9FEoK;gBsZ%4_@QM$Skan0J?H%}9g&92q*Zg-~#7ps5gcLdpf>-buOr
z0+Dh1uc5c>dviqK_5-3pm<wkGE9LiPsqQKA++2|A67ffc=RdBfNuMOC7m@4F>qBc!
z;x*^6nxm?&`5s=gw!SkLus-I5)#~^VWA}niNFs-b6(Di~?scQ!U<MNhH&Vyn^2M9|
zBF~S;ItTpC_Jd2IK`P53a6e1d^a@9120HswRC}64DP+zVdK71I1XK9Z|IlX9=4tii
zc2UjM-ppM`PC2La#0s3Nfg!ZgitSB`Ii-IxAz<gLPSIoU!GwUz{`4UPd>a!pl|<_b
zzIr?38Qdb<U)=vOUA+(LHlH7FN!wQ~DDaie24sV>{wWLU`c6k6rtlj2xmVK;)y57*
zDIJO|OS{S>fN3D06-oucb-fBgR`3xgWc2XxX9hhye6W?B-ulvZNW)HedRvo$r?<6`
zpSz8o-X6qGq(VA*hJP>vKKPb>@DBUnUC2*|4~E|2bS(7+n&z&>p2tG|;jPX1S!BUd
zMy(zwj1}BQFV4$M@_DwIW=rM^i<BLh?YmZIK6)gjo9V<bpj;DxB5nn^sQh50@f&Z&
z55|ONQ<-Uj=6+VW?M8uoAEs|I9(wWF!{Oe$X5Kg}YB{!p??I`D$HmZ8Xy)EF<O*qB
zYkG!*Vy0Y=neCH{1j(3@LOSwygmk*28(?X={o$+b2%20Albb6Da4*BibW=$;ijvd6
zV>0Qt7t<Z$Q!NraEOScJXs#;_7@=^!g@pb`;&T1|!)E=>St@&jGhea9qFEYygBrsl
zwW2zB9L>K?cr@+#&%vX0X7%uR>7Y+|JbSQ4@Cf~&DtMfI-y0rNzm)AizU1~FGu8GV
zJn`}jm3=s6Hqpw{zVFHPk~@G1+2(=5gSq!5aldl`9@=Z(R2@L97@v#reRYh$_XRP&
zFa5DBvhoUg%rWau70q;<U=%w;M97oZ=YWqZo`*28YCkY0vTKpf56t^))>c5yYcjd8
zd?E4i4}HOAXYX{C_puf{aUD&}p3n7zIqLGMF_VVBaj5`^yuxm=sWD4aW8_m4KePj#
znm~mmez#ni8qEnmTsK(}Y-%LM;^h54CZ_rRDktW1c44yeJv#jNG&zfz{PI1>Ss)`z
z+~<<;r}^h>4%SRlIq9v(6F;4%ito)<_Y!4w%Tu(j0(|tsk}}Ij8g_nJankGj!VkW5
zmFM$Se#@4Mm!31^g9$GxvOsgpa4QTJW<IQRk+kg&A>`m(g;PH*5Oks%Hm;qnAZL6z
zz@X`62?ko4&_)N81RYQk*?M21oKqI>^>I%)4->r{?@h+UN*(XbWDI8LyL5%;>ez!^
zk7Oe1rW~kisII_Jxxi0QppVBR83aA?spd$~<5OAx@lyuR{ZmyyZpjljOy%~B+#bH*
zbiOx$58td5j3NhP`w5I#XUP&Y1er*VcVlcdhC*L~>j(0<>Js=@C7E<jxW}4wF*jNS
z6MTLx44me^QaD<Gf-2>7gRF*fYwSft0_gZ#-|IQ_ytX>nw%5Tni7mK%mECXYZXdv1
zw%Z4A-`-s%aA&~KMe@Mg6g1E1VE2p+ySh+dh_1j8xxg99SG#(9R0^t7KGA?T=MxFM
zLq1`Uy#A~TyqP@l__KUJ@bY)6l}S+u3}*X+X}O=Iz~zWk?gIQQo(<OI!Ny5-`In9~
zb5ZfM+T63jpGyE1{(v88b6OhV(MeHd<~5w~FiU~QkQXECxysx;=TxosL8Mb@K!gD0
zZ2RcfKLT25<?k7^7p>EsnQP&e?m??#5Wy}Dl5dWrzVuf5QW{_!=+&1ga8W?V)Rk5j
zTSYB(lv=vzM^q2Bk<OWlz-^4{9uHi*Yli|K@G_v>j_%lflyQxLJzn5?zY9NNVy3vs
zvVAmPi!|}cwY9*h9A0a@_cAzXE`{qCxGF-3-w7O<v^gP;#BV0;kH961vQhOFkXpI|
z(-jd8qn4-7{kJ=oeV30N%eJc~J67-;mF-w(7HW2^X&*}1Zu^kmf9I>PeIQS~GD#z!
zD>yAG^LOVOoIkYo8TgVBaNp<-usE4?4y)Psg^ww`bjagDR~vcVl?|%kT3~MOs`T94
z!EO5(Z<v;MF?tHlPY&6U_Y_dYFm8YRS4FbGNTo~_NdP@HxI3iJnC4eIFBJOn%Ev}9
z7hjAYa;F?Q4N`O;{@fGxJq45tpmJx!y8{4}erixgp1oaAiX4<{cK870r#q?#Wf)0W
z;2V@-BnomCxErhd1pMa%2Cr@tRV?hAA4o8s&$DADD*Eq_qIv5L5{(B3f2MPlz^^Ew
z@QsDIVtrm=LjFOP4_BC!A5I_el%#DR^#NOTtMYXAHj-|)eK*4+uK*rl07a(h4Hazu
z(1>!F9{l~<Jmyk;*;_^y?D+~g!IRctQmJWqnqNWjm4d7OrrEUvK+kfzUx=wF-Cq#W
z$~PKJMc)ZbS34$@Ax5lP+)LT@ax{D(rgj>6OXU#;(i$fSvQHFre8U7WYP0xVY2ng!
z!?#$52rn?lChP;1oTtp_OT)C($n<q%)`FTk=s&(9>p$kzlk^|&8#_36vZPFak$n}_
zCHSs1?S8>ET=H|1Zd%^eFE7ipso-io(`-u!v`~j!qf20Dz)aDw$#aOc7|dGi$XhH+
zyR&_}fwr==uu)@e?d8^%({<(oEqrP6gAKYF=QEa5uY<1{f2U0iXM9`3>Suh=L*6q!
zZ%!pMzR{;n?}i|0#_RI&zs$xjt{Rdv9LUsU(Vlg;xT<IG%skuRAvq8<MpopA<{HvQ
zS06t<cz@RUcNZi}gJ+$m<EMwpMe%~tyUNDTN!j}*m476okHHV^7%o@lT4#_3!U380
zk_^bUZ6rXpl>vFiUyU}wh&Igx*B<=>;^274<P)6R;%W#^&mGl+^QBa8aISs65^ydJ
z^aaju0<~ah{Ccvc(-lm;v`Lkn2Jt@w*M$eXF0B>sPSBxRtdV1Nn7KzW|JVnttWNd?
z8J8OFLo>8NfUm(UW3cec8>Bhk#mG*l!m69|Wml4=Irr`n((jaT!Ikdkb$+Z#{d}9w
zs=EGl$+Z5%GGZDTV*WNyT48xWS}2iGuc^X5w7lC2B>&PJNhtv>o@{h;cAc(Z(ck3S
z=4omJOxM&Fq@j*RMDqy2g~DyDCWuwjjaQRhmUfqIFkLJ?dv_Tu*AjM9tsWYLwcIVZ
z3^%3D@F-b^dD5B->-6x$R{4A2tMn0*+&P*qY;Y=F$Qe$n7&b0%2(QAHu5aGmihUl)
zJ}=^*)0$ziXXlKQ`(L!ekJBlNP62r)25!4Q3K!j-eL-LAzifY~+JBiE)ZkAcDcr}+
z=o~JV&|U-0#%~lAXgti|{qPC}*5tD@6w<vsUXcE9t_10xy?fhoM~xk!fwb+q8b&gt
zpSq6PyLXrQ;Lk$Js#c6nk*_2c(#dtT(w#cv<pPtSK$HjD`nptqu^{!UF7~Ur;M%BD
z&#iY;y1r-umHFMo%7&NvIACXCVizT`GswS6tJbo9>jqPzMmkhRC(~uu1sFegRl4B+
z7z%9Bse<pgDs{353Y0Ka@ZycobdJ*W(=_q(jXv(DU*A~C{q%DiE4iOm<}MKDj*^sk
z-PO;sa;e{E9kg2?lzSKWxLoS@Rw%GQS77NisfI70!23Gzd~{8!!2tzc$Jc}qBeS@T
zS=Au`Y|fS+fz$!z9at(Ex9hxzJvH1O#?xxU6KCk%J>;i!`Kbe4+LD6un%6mR?~au7
z8*^7;07-W(w{j48>2*nNJNtEZ5NI}9CAZDxiM2+n`E|yuqj8Q_d_`%l;L-@Nyi6@r
zVytn4xERZ~Jd^D5cr;`tUlv`$;f-&k0T<*`-?!Yv4J<t9c9IX_Tf*>up}n5kFh^6G
z<Jmoo%Ip(lG2~tAeNcel^;MqGmauc!n|9xhrbIHsuJNB<?=|Tl7W^8U>i0&f4%-)B
zWr;70RL_5JoO5~B=)rl_PLN*hds2!o^q9WLf}NEd=2|<dKFrm1RC1Vm^i_74J2RqE
zeTOXN2Be_EFSl!F)AwCER-_IbPv@|K#o4WbCiLl8G4nd4SWR87mZuvcY|ShMp1|BD
zD}b5q?C8_+M*O<YrscMdo`UkpA$x2SMf-NL;>%ii00hMnxT&_#Q%g|5dnrvOJp|wn
zX2#6mVc`#Y=7dZxjiRG7(BY^C*y;sofUc{Y83|H8e~*6dIs~}x?0chg+b$h%D19lV
zUA_*zX~B9^gd$~)?H7hFdS5`HTI+OY254T0v^yKQv7^-yCF|3+G@yiRNM)kGW3OsN
zf9?*_wVxw`iPkFn@N?xu9}+euGmNcLW@t4WDixT}aIYjW^p+Psx|UW9az5J5dD@{F
z*PEDT!-};eZSj`*HBow`mmHdk{sUA7Ckdyf3kO;iLc~q4Xol!+rPjaJxBtc~Rn3Sj
zbA<ibbyO=)WK$uP5THbf4~e5IMWyRTvFyH=*lJljOlSYW=;=Zvl;=@m+$DOX5mB*D
z`_swDh>f?{PoT;#Ix61-UIPLbu^Qj8-zBK;cN6jY6)G{-XJqoan~_OWxETpFGLeTu
z_>(*wr@zXr%V^<3g%+CERB!EXB#R5dP)}BkYB!%zuPsBh@nz9pgQFXr^+eIpm&6x~
z&h970f@`%+vyWqk6V|yv+7LQVG+gi;zGNB~O#dDZ$u`;Q%%7DE{>cIt;_tzdY}4N2
zREYL$Dg<vH;)>jHwsAx9vL6svju<y?M9%OB#zVB?68N_%+mus6YckOaHqqa1P-EcO
zQ(iT>>ER@ybz!pL&Y};a>D;-y(T56J&fSqdG=h`_`mh61TGEGDNV$hT>@R?czCo!T
znf)a=cCj_1sS)E71;o3H<QYsgy;>}}p;&5=o+_~i8mW?nIlI9X0@wxB>jq(b!;sH$
zrXHppA&rV#2w<GhM6{PtoFmVlZpm6L2W067M9!Id07{--izQ8k&tmvmEZq-F)9n})
zhf3)QEg2QI@g5j3CX4KbU?^ZJ0CL+zoplo1vBnQ!hNp2%<KD0UjI^d0t&X8)Qw%L`
zss}#qP_w;rn63_M(n;F@OW8)r*fLJE-vWEfOo15$Tm^%GjYezI@w`*+gv_EdRTu<-
zdY#BkE^Ez-MDqjDUCjD5>h)%lJ;E@sM>uI4p>DPkdxWc!J;F(5?^$*8lD(&MCM*MP
z@5wC@T(6;<lPMI>$r#$ioX(VmNqq@k2jFWYMT?OtTFmVV_~)O!#=4KQT$j8>U){m7
zV(k<o+27$9dMsQvm(d8zAocySq@O^J{Kzq3J~DG<EP}H?J3bAc9?9zK2Pe$1$1_UP
zn)cS1B!Pk#IBz6PPqmaZ`q0T&1)$vUw<O-?M&Vt8#nA{9M9i7aNyL)em*ho*YlN2E
z^YP=Kv30TD!c5R?ce{JXA9S~fKPV;Cad-O0z+dt@=x!rZ)JhNOWnJ+IU?~fNv80!F
zy;E>K%+6X}SNc>Xd0?gY$xf?EG7lC4UTCbL)8d-yb+Ti(k!JG#bbcGD*grZX4*OmQ
zw|^X<;;_v;amfI+{9U#F6Pf=hD-%a~$e%aRCnnDE0b)SQ47l?JlPa*Q$&-i$Gg(Hj
zg4y2q+?Y~aiqF@)>}!tY)p6ur?c(g}>0<9hF?tOjVeZwU^69(Lf_b}W|HHnKtel26
z%yz=;Yr+5zL+tBGy;qtE6cP^f0Wn#Ij)}r1QEPRx=6klIRI+}yA>pAlK1^G(@1xB~
z6T0Tln~2&IpVGvyll{Y>FPPmT3&r6~XtS&xtUfa7*+|r!d#N5AA&TQ_z0F-T7Dgu;
zz%ub%@g>vr!ss+~5K|bPWx%<j%vBz^b|;jP1N%x5JeMTerdpl%{(d%#&cTQ5P$K(1
zPsqKVj67u4s(Nsc83=bFPS%Jb5qTBAVt!Apb{DbSD=2k2xcp3+KvR*aKDz8E+;4^g
zwM9p7<2MG;{%Z76s5fb+sc<*sP-thlV|DPJ8@&P*$4iW2@?8AHRJa(*+gXm)5idHP
zql7unY;inhB&(umUUG&xZv!|%fNsYjqNNe!ElkTZBIb074m2$v6A69{ERK12KJOJ{
z?-SilbXW$71&42nju7U6!$HR(yKaH~g%ba7qZi_Yyc)fT{@NOFA?{q90n!5Qu`(pL
z2HdO5l;g?R6*L6U>Xl_dxBAI~V4Ov|I(}&$E~L%Lq3pba0f6i2($z9i(bK(1rVIkR
zEPB!gZ>-+V9UR}{r&julxIrgV#IElU(MjuNvE)ps7{77Gk?E%8>#}w3SsAGU$kVSV
zuS17E2N8}UTQNt9CGZ=$mGUH^t!c*G=p9(XRswEVuYy0hfiQ&m*pERJ7mt|=!4iq#
zKlpY%XEB@sS5=W)EhWbTdN@*ATa!kRyfElKer7*H{`wG!Y+(`5L}xcoc9+Pj>7Zr4
zKW}xmX<VVyYT%O}w-bOJDk?@_XHdr+1G|TSo|=l@1o5C@Bi)P5u!!(u7>nxxx`gLT
z{gFEp(3%}PO{!M&_PZUKhRfOpz@E7yt-HKSbUPy`DT|^5mfQUnik&#1$n@_GIQ;Il
z1m@NVM%I*%ETI-#ynq0$7}i`aS7S|v(F<j0VUT@u>3=ydJP4x*Fp4W76fg#qJGux+
z3ZIaM_l666`|3VcZ}0=VU4*IVui6Y}7UB3d+lEU0tIL|4t?D1^7oBCcHdOuNLX!uD
z6uE!kidX8Is#oWLpXW{Rd!dz@Dd^^7;b>d=)stLZD|Xrn0?9T=YK(`1D7~yS2Kwh&
zTz0H#CWMvz>~giuM5zYDJD1z2qiVk7uSnwu!Ub0wBlsW2j+u(U@8686(LsWONXW>V
z3d0Nvny_<L;C-rY^9!7`$|tHl`{>4BYII><)n)o4jp1w*N0V}LPmT`<U4_qq)2o8i
zFPEY`^LmI{o>>mJuLV=1)6hto4Z>8o*&l=+bP*Jz6DW=Dui3ObD5YY0nu`8YvJ#YS
znz%XJG>jgB_Lg|)PPclK)frvav^=10$>9KtVH-UZr+B9BcGsrs%XKyg_RzmlJm>+}
zRQQLWX~un*c7L(j4_oY8Qaq-@?*!)i8cql?ViM)@dgB@;lNX_z%M3mdPdJ#7x7kuK
zozynXdJew}7FUiPH*oymp-&GM<2P9x5BrO&@NLBK2gUfEVn|6|U(lbk6qK6NP0PDP
zgS;fA!t~-4kH#PErF7G{fN0%_cUYXE4d{0P4N8vCA@9LHPu+#Ozt9f~iYNShK%XND
zdKPy!?06{|w=KkP2byMl`~UIwE^tv*+vE5-JY-bx-~&Y^8I%mlE|6FtVt}A$bWlnw
zDoaZxEFYvZsfCKpj5>E5weRhDuf5+lD=Rg%GR6mJnXgJQ%XfCBlkY@)F~7am-sj9Y
zGXv81|NH&>e3ChPul-(o?X}lhdo6mX<Et`~gPbub^ty^&aha?T6^1UR!cZquQr1#M
zAafDd;XK7Dc=xiNZs5^?eSS=zoq7ZCUhvL&&qRt)B|4o+U6fW?N$%CtZU#Bv2LI%q
z6I~VI;y3=uZ4_JY73{WF{(V6=Y23%>{KIXMY+m{`)4vZ$&(tk23VO!&!M%Nyce$EL
z?MYj?Ti42BI-jIM?NqY1?tUSQ9+`-EtLRix5~H8bBnsc{oPR#4HzM+}i=(GmIy-;s
zSh>UGFVj@cWn%)h)A}e*H!$ge)DSQJ?5o0YBOhOZ8~KY?+Kv2qD^6?Wj>n$hC~d_y
z@<E=BLRiDW>nvgZ5ok9H`-P6Z2xs}^S#muTK2m*ssmI@y72r~=27_ga=+|@883KBo
zBx|r4IWV}vY-iwMDtHOhyqYAhzX?Z5s93){A?*zSb+w|N%D!qvJ(ZD-4mJb%RdboA
zvLS=y&Tu#Rd<(cPh$26Aj>;}dZQiGj%Kqn7zoW7R<hRLoHB49-VyFwC|H&(YhZ-9+
z)Vk9I^wNi+hkE40z@binn!hE<>j$Vqt%S5SABG<4kF7!tb?fFPhMM>u9qN0p_=ox*
z@|)0AO2`HKQgrj197%qD#3KR((Hs{lHZPODb-2GDCklmo_2*T;8K(fPS2eq17)3d7
zI!Ci(-o_oX7M-{Xg@;AwSGrx3Ov`+CTEA;l#r`fXc*n4vx%Pju)ExuuoZ%>g-@riO
z1ZSJlaf()N;5C~vme+4e<&-w^>Zbf-Ki!mIVzRz%DB?IaStX9E$A==0yTZ6Y`D;;z
zFHoL<^$Lzg(oT`xCpgxf^ZC3Fk%6wy*Wu|_G7zcqgJ3)@{~!=g(@zr6yFLhwr`Zg=
zlM22PYVL{P%!(V}+B3Lt6|UgfEKa&i_7|X$JM!4Q{b(l$&YV$KnR$8r0k`3%^+{^!
ztACPKzQW`~z=fwXPY-$0dkogUb0*hia?&zL2ElorL~cakbe9mW{o`=hC3Dy=8H~H+
zqV%Q*eVLG-nq2~y_e*clT{7?A{#{}vzrEAJT!W!{D|$F2|EW0~LY-se^m5O-V0P!V
zC8wAu6kRe4Mb#kwD=}*iD~3ZS-)X^N^#S4Sy~C*=uTJkZ?;qsAHJ^G(kY1mh#Cf+}
z!-5CiZNA`d=N123k3*@w=Yt*~TvGr{05FPHYsYHu@K<{~Nt}v_5BL-BCy5VW;uNi{
zYm&Z&pDt?pew?tU-c1(+d-3a4pHJ?hbM%O8=+ezsHHF`U!Vug_CpYtRt@OlO+U}C3
z%ycMowZZ56ocDHv+wlRoWs67?>#gx#u*LbD*Q5#d^BjE^Ot0i`<CPp-t^30(h_y9T
zj!Th9ZoiDi(}*q3K1BtcG^U2vq-Z^|Pg{F{*WCv8W!XV4qSo&Ix$FktxB0&_^qO6>
zvqpOVi6pg2)&qH=4(t^Gn->Diu1F`~nh0Vi7MsI8z#!Uc8>Fx2qD*bxW)N-Zg=n+h
zZcd0MEdBN*MW7Pr7O53!+9}~$ct0cQ(t<5Vee!+sJ@TXSUGfNdwEO_G62P^Y!BMFe
zbWHlA7ZoRm4NV1SHyLu8e5-tmoXRW-7}RD4^@~ZP!cKci^OhoBGCq~$ul8T8z=tNC
zKOC}2=N%~F(24gDo!Xv<LEGPIRu}b43EeWCA5X%_uA7!oKi=-hK1!t{4Cud+Ik##n
zJvayb0>z@+mmA+|Rxr7TYD8$nl+Pwo>1{W)0`+|l6Gy^%X>xvVVve}4porr(Bt5<j
zxp-2Zlb$%)hl=65qVRHaQR-Eb=eSWsA7{|GDSNYEzsgZhn;xIhl-+0&3K~K5kofI2
zvc%D0qO(TyG=`D-=S+3h+I|lg`F*0V##CFKp1WMHpDz^Fn0$lkBMb(?KAflDjqE#(
zeP3hW$?W?o`|d{Nh*w454$;=g&;49<UIM9b>OK*a!-L4bVU`;~LuvDc3yyOfJjj2N
zkn~#UMt#H`q>i6qjeXmK(l>@oCj|Xl?|Vr52dUB<_K*~OJ{u{<4A@O|oFWJqE8r$P
zQ{jV@Cjzf!s(cW7onk)iN5NxMGb!Vy;CMcDRN06rql5jS3yyje=6R8C_idBgkU43T
zBgntkMCT4Mb+4FxMidIp(6IJSc;bnR2|^4LzuDxuYJ@X6^><-@d(ypP9z3~ABew>v
z<%7X%xlFr$uW|bItKzilXPM<+JIi$Kx_yc3hCL;pmOH>c!*YYkxr_V=w~h!{14~Zu
zx>#-sy;iaiFd-)AR#WOOb9S{^D5y5s8p5V^7uJN?8g8;g+8TOV+ZALLhWV^fqHm+g
zR^5mm6yY4EOR?AN+$ePi4Vvr0Sk=K!e=<>o4FWH~8O6?vCeQB?=J00>>_LfzddEUH
z-iND_wEo^rP7r?$GMGFkA|NIMs6Xf<;e`)qz11>$V_L}*x(j<)=leeFwdN1@W9qs6
z>;!Vc{YcO4?XNaVx1K}S<I)&XLS7`gbI*U12^{7g@&{eEp3SJ1Zd;$MP}V%@rwU4Z
zCKm?S-*{cK61f2T0t{qwMs$ra=z{SuQ-bw#lN1@1u=+TLr-+5gjR!r0=#1W|xOTRA
z;+cbQzjCJy>adk3N+({Sqs(t`m-w7_kx?pM8}dPq_5*!bJd5z=a;<tuv|&Sea}d4{
z*2Z7>2KKkqdTAmKT&uVVH@lxPpfa4$h1x+(86LU*drAll)N?YNM=Q?yU^K>J*G;15
zaD<sM=@(7pR2=(#A8wd4qR$AYr4K0)Srt_J)n-cf3@AM$sPtHW={xnMH%rI2W9gen
z>6;AH{6-UFp{aN@bV3^3Atpq04?;<6Y{0A#=E&^Medos#4y;I=g!IYrTKgE=7K3Tt
zwf7@9&QdbWRS1T8gf*i0@Y;uT06!yAz)M9Kh4Xx|v(fAtkPHHHG7(+LP)uYZik+2x
z46q}e2SMs;kl#`tu&I2@vQXnm`TOH>)HOezt&yR|v-7_#8IS3^zcC)|a4O*O40}3r
z0gb4yi0+u4wE?eZVihB7ZmenmZkl4by(TXqQ#DX-P0D*g9il6-V~n;$UsB>WwZuNq
z!9=Sin4S1?e~EiY5il3OJ=6OtaGICH1jh)xZ(o#F-><Wtzx|s43rx+K%VhDkT6X4Y
zPEv@c-Zq4Nw|yXT4!Jciqjapl&U4W1fnD}K9Mt8$w|QlbcG*53`_2pY3i89T#~Mut
z<&j@<I4^t`Wz-X(eBrqo(#2m$s@Z+(X80o%N+#QmR@e~Pf~1-G4}*!rW-2@PnVqMA
z8=L&Wt(<AzReH`pjjURZSGgj_Dwg|0{5>p~I(3p_c3+B4jnPx7GL{?skRu*_d;*MR
zoJH=b8}FruRG7l4)<>yDziMlN@^@!jf_D{~b4ZI6>-^;hPn!A&nDi?>stLA-mOs-C
zrP5!xXo_{RQqUdz0Kxkd+OPLJ9+S<<QRK(;138@P$)nQ($>+U~LiEIp(U`G*O*q-%
z>z!!nY}s}PlKO@3P&?;X>DD*nxe#w9+LDU$!AS{Z6gxAM2h|j2#&g~&K@N6~tKPtS
zlBxFo<ags`kXAAdUCd2o#wZ)!h}ZgtrSXN~p*9kkD6w`3?TWk8Ug;>{r6ypID~H<O
z+&nE2&1%jKNDYd23E@Cda2SPG)SJw%sRp1(a6#QfEi+jBKQJhP(@^daps$Df>Xuma
zy$t>zX&eS}U!`VHVs@Q1k$g0;56eyn5|~IXEQRi&zCx#|K~8{_f!dTD-6iG~B}k-n
zW;FFM)lM5G()%=l)fHH#6aW(XRmd`r6L5&@;DfC~<2v*zFX5ziPX<LC)J}h4!1-3H
z*px?svL5Vhw)8>MBt>11=O@~<ZO#MtS`EP(`?h#hfY@DdI2e(2r0RN;bEnC3I@**`
zi%hw5SMpp4sv4xU&)5SYRYxw&M5RY;nJ~97Io*_W=zIYUuR52Ix-!ACu}s(}IZj$0
zMS(4t{l${rLecnzz_y(uOhVbR^M%4!zZLUWO-a9?|E{5~0f)`mQzdIsF)2Hd$qfIH
zMmdi9pzJRTu&krnQtU4Bl_g2eE!HndMj^K8p_+MXcN4$Q1fkh&8`0xdEJCDv@AXkH
z%SL2`rMZKS6IOZiXS^Jiu?Hem**2GImO^)5H93DYrT!(Zz2w9H=8|jY^m4xmclJ5U
zKyYAI>45NITYv-O4~x!0vBl0m_4+`(&0LrQUW;oDG!ouLt0cD*Yr`qPxY(kM<K&M)
zOV4sYTb;>Cx$q)_U}o>>iAqqc?m5SOQt$c5AxLwk)9_zUWmA{!2V;->^!r(7f4&dB
z0-q668{iecr!f-5NK2?|@XX|5SDMK+SrToB4?_Sl{uo4DBWxI`I5qLyc91lqiCmO~
zC2$Kjk?B1n!U`sc5N72I9MdUqAic~+EfL;kU=13u7yMuo8JG>h1|%a?Cjw=e$smRx
zgk_=$RRJVha9Chv2}nl<l1wXcj7A0KW`jJy>^vrV8p1_eL%8K}@^6@BAo-WKb|Tzo
zvFkC35HPT!5bRU|d0vho<<7_v<lhD;8)O2mFJ~#13ASb?<9yaBEm>axy6C!3V!-C?
zqt-59+_w^9auGzRoDaT5>d9zc#YnHTGHZ`w$8pPI3Io#VdlWFiJ{@iKR8YZDLK09>
zhEeg<B0cBRX&mGOqqy_vp;SkY=lzK)1}7RjlVge$H93{ImXnfaGFRAv`s~xx_+NB-
zrProW(@|qaJ-L7--P?n6Zc^W4f+c7N$AMXSQp1xyI9Ha<7h&<pa|oMrXj!wDz3<fE
z6jSdbH=(bvM_^EQ5Xr8zEi#^~DNN4fu`dwgjj^kQtCGxQNXjL!s*CbSXm1ob9MJ|E
ztZBPY4sGsU%Aut|<R6{N6dVIF#ZCJ!sNx0)w=`lyA7sR7SnNa6oz;CfLOQDP;-YGP
zoXcsj9&*B?J1?U)#?(xZq|`A<$|qqrpq9;fP)Z&a!i`Mli~}g#Gz1AZmoII03Tx>N
zJMCUFe_yJX;)>47eAKjx#|{kdN9n}iewru_FF!)rf((+V$Co;sBzVzC@FmLxtpC*j
zH?!!MM>TuK*>$g=@(Qwyop4gf#YDBY1wk{?MA)^yl31|g+Xv9&ECkw7Zy|S!=M>Qs
zx#&v=!ob+iT8mWNy__oO$OLXWn83ltQ-oM#6_mBii^Aq(-u;oj7Z5=LRsu+qMV}#q
zGjOU<iTNjkDTlsSz!5o9QMoWt8Miu1V-2G`EeOyuDi4?Q)<eD03BwJXH<BszQu0>w
zEaF}qk6N6Qpv6H0J?D`P_{8f152LgsQ=gU;7^C~S`z2rxe_wwGz`gQd5*IiV>wdlN
zOf3K5`ZH1W!}VsO{`0>-6Td{!IC2K+3I0|wSb%69N7%stU!K+*1K(k!Iwkc<ns#T*
zUmW6z=VVOm?@!DoiKUoW;7`og?V%-<ZI<sQduYBc$3b&;lN@CF^&Iz|K85362>|Kv
z)J5k*(gi!P5FV)$exc99%>PwJYQXsnZo5t3@#8NO7}|{?jLZ;p^va=WIfiPp<mn_<
zcu6||Z9tO0Dj6oL607gWhOnw~Y(NjKw-mc3P;<!(s7>Akl1j7l<Vv3064iLC!Wwfw
z&UPur5@);A#u7_-fa2`Ggcqx=zj?>;U@JMCH@o|!no_sFPwt!}A;~wy0M4`uMd#@a
zy*MhyfBPpOogOjOD~`J)dX5-H@Yjw4d@*~sNhoY2R2BZng6_P@ApFiL>E6$Rguf4H
zgui<EeZH@tJ|f&e^;z)Uh~Jhc;P*B9dp!KUN`F7BmHmFBm)WPH%)T>|*;@-irduD;
z*I>DW33&12X3YnRdAov`w-bta+ku!@bAQoEz{xCiHo5L33_bdVW%O?yM=f6*Q^{>j
ze$eDR3EaTQP)mKo6G_a*oh<g@!r;ZW6cbFJ;zYT^P+lun7>wiyFv%6}%4>j|fqRzZ
zsGgIk;>m|dHndOnR`Rj{a$g2e&EXwT8<(50*HMV6*7k&84cwW-t?vVy|Ma~{{wBo+
zd|8IBbNx-$1~r*cEiYHIzXp`3mR)2}FE0x51l5j-gZvWK0{!M}rMkWCID%}>i{OeN
zpZTfHr+#XA&YS8}RJBwxD=e*VR9s>n7*5Ll9(2z>)~Hmx9sn>@fGzjJLg-GizmL6w
zz2at6d)Eb3cS&vU38?N5ZSd$z_fwMb?5*T{7M%^EtyZrDoV&0^O2GERnG(>Con@#G
zOvm?ew3`}{qatf$g02)Q34pLOH&HZ5e{hp3TNoe9V<-RYqkrF~<0oE%n1b;BnWu(2
z@1u(E0$x9>`g4|hsZlb9k}+CS&I?n)UQ>*P$8ICPr;pt}92W3I%|Z^temi&MFmn{w
zS6IC?eN+-m_2}-<>E+bsA86z$bTTTvy@<l1wK>6F=RvX=K^Z$Xj2>nZ7N}VdPmnUU
zNy&4%aK+F&ciaa%;q;D)OYO%g1vbnCbRWC%oDaAcY>PeNPLYN_Pfx{^4Wn^}HzHHJ
zc~BA_4xVEg)ux!e$$B$s;rkuf!qLr{Y76j$J7t3a&9n|X=c93(ocl%3B_mXhOPrFi
zM~a>R@`$(@w1(FMYAD%&5qxX;bG~3}pz|cpubC4GYI&|0>A?&KefEA~zPmde3vEtx
z{w&sda5&G8$7VaxW>bTj#g3PRZ1&lX)YJ*xZ1B}0Z%^JD7L1DcAdkIFDWsfBImO7B
zXR%ebbfDp1Z-(Y}zjNFNW@ckK%MG+yLUYRl3<@TVNetOKu;x`Wc@E#XkUL^H$4G6{
z-MD*aU^iw#H-@&P8^1lAsMK#yF6T9Ga4Ho0Y@TBWiXAOLFtdbZj@4u?QZkpZ%-5An
z(l<jGN;wB7M00TK!iNUrwo;CN>0=HEvwH7`u))8=qG5tfhzKCkc;%zDQMV7zPwcE%
zWj8-bKYbrKNnn5_-S~D3CaL<N&}*e2q)~eKJ>;+d2OEjWzmyk%hG57mZG*^FL1_40
zET;lXCuVo?f9!{k>kMmG(6F$n;cvBISl-cz*RB7j?Sb{fg-bg1W((?fjt&)1^Nirf
z2&s4XXk2f2Yr$E1!6YwYMmVnr8{uR@g#^0P4=pn2vBA)7u=(ZadRKHD5bTFK(icSK
zJT+gcK(nP<V^PL&IojmgOn#@BvyWMB9#l1;H#hU7$u_rvvz#!whDaut5K#My2NOB@
zTj)YL>jG>PZ+XY-@7MRf4V=@bVNU=3MhoV&--C&aMr4tj+U?PV3%1Q3z|9!~_LJ@#
zxX<$l#;wAt$*^?s&+Zv(<}U-Adl0U-mHz^n+Gf+Zq5-CPwQz$nWpA$BPio8K=42E>
zw72D~8XwyGyJnZ0c@!Zey#YmQNzpu$t)|qJU0ZqNdSm`a(3tUI-n*|WV;1a(+jCr#
z<Ia5`k@Ic<h_zFv{i6aNn2YPiPnbS#+QbTrxL$p5zCn3#ZrY#-q~X>14)|wdnJ{Uq
z|790R*#`eqtI6<sN{*xNxfCkI3k#kG7d-GDkf%pC(6_4WM#2%zy%pFZ=eI&4@C#v@
z*A8cWHRpw|>Z=CaMwX@1ZK6BkOyw_TSC$apl@K%(qVo-=izmd4UF?VRCoyA-|J{)+
zdgLew2;%u8TFm&_c`C2!#N0e#O?{a#rA8|!-%3`93}G(B=1ST~x)ISHp4P*owQWU?
zZI<5W^M$X@iu_(Nsm7c=;G(4{-~A*!0Nau8JZn9wa%6<Xk*4C4vom05XXZD8P}@Xb
zmXXTkH+1(UYE%m^E`jOkQ5w$y2LgLRi0=loh35y^ZMglM`$W%aGLA!}uVT_g=w*Le
zt*);(Lti~2-ykNPF}pie4bL91+wye2J0JSHHQ(v69@O?XYpU`@&KhgxYYC!Yf8|$%
zMC=;wOmeHMHt?L<B~q=~Ibb)23K5-_-3A3=cf%9--9|)M1`GnbbXJI<=5B-8HGX%j
zu*Ohzsc~+xZa#o#)U5wDpNFjfHZ#HBVt4X(VNJBb>};sI<g46E{t+Bsk|J_<?f!Ju
zVg^L+g#AWkbhepBats<H=v1fU=IQ4VkNcznKXfKz+oIZDGrM8JiS2nciZgwqvQyc=
z3ifZ&?Ou_A+?*X%_}iRZiXlH2!dLcI!M+@RP-Cl%{?VNG#Ynw>5wr7>$+;8W7lG4e
zlPe*a;jzfq0s1O0GBbA31e5b8g6k$g>E|fB;G%?^T>M4P$tW;L@<`F945`p5g;W4-
zC7?A$8QT=xZUn5!Q1E4Ukz)_VmyIHSMoeljIX9U+$0CMiCv>wE<hu(1Wp?E|H(C$i
zeg=FoOjhtkaIAna@#HRELvY5U;P}gB{`>P@FiNmhwleT!AcEs(yb+p`8bJLN!H2-!
zKDg7&d=2TV$$8G?ISRe$AlQv4zwmFmeFQ(DKQkvO`%Q3kgu{rh2K)uqQ+^@v{V-X7
z$|aqWUT@9g*1~CZdPL8W2+^6)uC}n9LBU>nF6w9AKjpfS*?WW1u)evG-G=+pOjsY7
z=Z*f6#p1~P+jC!;c7ML~gnzyP;Z6J*I=-4%d0F82NHZPQ$7)6@Z5tWSDI5Vl8eU9U
zOEN4<BWpy@DMD0EkwYzMFJMQyzVDtQM>U~;MZ#BGP5fC?(r(h}ZGwFsX{5+4`pSxu
zJVnl}KvVK4{d=7Bmz1j}<*WrF-v~Vgsv^Ipo&F>wC(i{;f1BFEHgx*Q<oe8E201|?
zk5Fi|`M6IVfiuAax*~YW!jqE}p3g163eV^C@8_a|p3haA+|f~lplpUGbWyk=D}VBi
zLx=U?r{0xMuCezk6e_1h^htCle5a*PaulBTlpfii<v9O?5LaHT*=3YtghZ7dSf-1v
zzU*1KV88bY*vXDcmZo8prKobM8oKieRVDccJolS`^>1dpq=TEZ<CPbb5zgW+4Wm^G
z5wylKLJl$yv>vD-yaY1oM)g$%rItTSJ!Wy78te_k2RAGLPZj92VM83pX?T@5hX<MZ
z?^kD%NvV^<&uh4Nb2cH_cdHK;S&ID|j1-bP<|!114bhp|3_^2;!;SdLh>>CYEcADH
zq!FI$6Kd?3b{VljyFVyx-jW%O;*Rg*qY0x|Ojexy@7zjAMii;YBounYaaJQ5IDd(_
zcp`iqp47Fq4Y17*Kw#=UWc`M_A`Tb32>%NbkGo;^VGGdb=kSHX56Tji2?ywQ%AeN&
zf)8si!blR{5nLIV-4O%Ho(9=agYP?&t)apCj$8=mug4oMI(L{;PdMu5^o3VaXK*Jh
zrVC-4okCc?=a}FGk_w$CU{e8<^v(C3IosD&Fzz|6MfdEPQf>#Ha}{L)GCc}T0SSL(
z+mtT4+M3<7VB}_@@QR$F^S4l(P70XNw)8Fl5rx7Z#BpcHS$@uxy-%=rtA}&!PTM!M
zou9}MW=cP`=Q(+k=($W5Gh!Ed)#Se`$~Y<aDht$4`lR<qByteXIa?O&{e09?D}A_Y
z0QjkZdqb2~K1z<7+~JmH1!m}4yhJ+EA6$zQ@I*`Vo-Ru-u$KkW$E1kYbU`oOWB4pA
z9is{(7XVxde72B{Cij7KWR+`FUkQwrCSPaRmj}Pn*;h4wl@K%+mH_jYaX?66C52A3
z5I7u4M~4MiNSH+7u^=FzncWY~?tb@v1|ppmxEYzESnfpd%eM)y{rNc$r3>!%RD3}8
z$2)gHXvsXkFz+Tx_$;Ks^D0*FQm~pJHI?P9M9)N|g7J45*u@@9jX+{|&O&KL2}Z#o
z%YK#|Ae2bJ%cZypU+0j<&lWoyq~A{gZLl->1XWGnq#+i+3-&_l0jF?U2%&NsCf@8%
zOx3Tq0X6K6Qgs$t#VY}_+_^7;U<FuS>GdpXzO0H}cD9MuGLTgR2?Kd$D=?6om`4SW
z^Aq0jh3BF;bM|?`UWDX+5OR!Byq05Z$1{$R>J%-=eoEKU2+tTxtqaSa3=uJP<dY#H
zrVe~EM8wooOnlOxSfQVVou?FRUV8_bhw4*-GVNDSE8F5l09blD5MZfH-#?)UVmiRg
zmIGmqYGFnI%q~a?B;4m3^@Lky@^qY(__Sz>OHz-HK(2=oay=}FT#q#3(TQHyHmGd7
z=V<uXTEe|8#3oV_Lhhq<p55Iky(09!L8bS_etKW6r}ych=zS0H_eG9vkv~i5eSd}C
zBej1|P9yAmxXJlvaq86~$MHEvGlq$_Jp%;399?8rCZ`uV8w;IBr4zM;uz#r%_Ge~F
z<D&^-A4CYd<zAEXpvhK~ZgRC_M7<c)bSdmU?i!X(;578y1P^jmdT!~Wq2>FLmbWHV
z%e6ZBA(PgqB1E=fM%>dvDdN&~A*G0imbO52^R%fsDI)7h+`o|LFkw3}4aY+Y6080Q
zB}hCIt`Q`@GEpN)TsHCgg2W?h14jmrMWx7=jO=xhj*QN&rc2YpHL||`QPJ1!MOjcU
zP~13oNeg<>O-$5`zg#>1^6QWPsRP*oEu*9S$d<JH`VdXay|gWNZb8fP4_N^%gGrF&
za<`!6-b1K3P#=zT2Cu<{&#xTw0gr`xCBm1q5?xWg5(8pl;Ci7}9p#C`fK#m3$q%h#
zMgAbX$D+aVs20uaqFOa+QVtrDJPNjZ<BA4|^EOeLVol{1DpNGm8a4HmH&<W6D6B6Y
z>nqM9++L|Edq?F~xm8BB9EMMVK&z)!2zxFW&F(&13sbL=hU89QZ`5iqaA-B=><fb3
zLM|c0T!k0VLE|5y%b<BbW7&fqDd_q2{^QNPo`H!2z`3u{Gp26_jdcKNs4t%Qc!;BY
z)Z@*wa>dHIAstI6XU)JMMeT$}dLH4LegiNgsp|Lg#1PH>hKZT}#J<|vkkpZbl(`ni
z%l0Iw^6LQC;tVkRs?xc^0Ch8d=0+{Xw^5J4ALq{*)lyeSGUo*v-~}O;cRJp5H_-#|
z>vJRpoYs1WU~;YW;fZ5DxxEUoIEU~oqC5x^DAwmRiS_A)iJY9^y#}p-mfH()t}(o_
zm%3uuq)7jyexzD2*m<E<lo!rcZ!cJ>uFM}dv>gjTU=ZN_h81Tb>Cd@lMAH8ql*oDE
zdh9()OL_kQp<Zh_N{$SyD4TDlqDP>jE_AlMUD@CE>~CjY9T03+X?%aGl)oC2s-z=z
z{e>qC*d9)ua--BAt`Wsrn3VpSXTT*=SGWwo+eJB9?kUI0?c`{=8!S!iZ)9m=p>+_I
z=)%&nnx^o7M{iSA@OSh!cNh4jx6*`j95W?+B0I@X)DG5%CThwo4a}yqv^P4Wf5Jr(
z%pL&FCvqiCLEZZ*%1+hVlN)%HAJ~&GBQM4@!tT6Sl}eDmT$n~%itGd_iJ`C%Yr2_T
z(<O40Z+rK4>~|ih>!CX7)4vkX1QZW!=knwRc1m(6=3Rl1AhyoVr<5fxEPzaRxRn-|
zi3Oj-iU^l~|Lr^`mqhrJH{dCDC&?idRgr`odva+6NF}~wf*pj;wqs>1ehf*S84=Lt
zcYSEa>)`<zwJd`REU}4YR3lkWH@jvUinAL9d&MoFcB?Uff~kR5{O6fmPc?vE-$hpg
z&jEO`l6lbQgJREnpp1R1buXy!V#BB_0>|y7GH=~2$S0#TdhNI|Qy!T-0a&aCafAO+
z0%%$Y57-KSZB!ix+LN<zwx7ehQIk&*kfV;p5iT4@4sNx+u%P;+a9ZEt@Syrcck~_N
z+KMr>i(<xBalNHv+?0sO1F<51S-f}@8>AJt5kZE&%inq)Y2B1jUFfV<>m<cr8n>iV
zjGPC>*FK_F?14MR#iO8H0)!<!F_GTE@49f9@Svfk!_aKi0v(N}+b|MzaOU|V3Vv@5
zUEUbs-zISTX6~KjEcLvvrRWFfNTav8D9Yt5Mtrok6LTmo3ie72o4GuBQ8?AtE(>Qn
z2gCx0sqBSptk-4?B=q5I0`8%_FltsUhS9B2g5QnOg<QIa4s#4U>GK~k`;g!md=rJG
zd3b00L(0sgvUN;!J%^5TV3*@C5A$@FpW)dqhtfcA8V$#h9$_hbowPWY^28;|=7ko$
zy{Wtl>!GG=9j2u*2}R_k_j5Smi#&1>125T@82HvnDFplZo_K*@@ktIR-Fzc;rn;x6
zrc!sm&Hp8N?P#9Em&$S9^x%LzQ2)_!HzjdGY~-x!90*I+n=~CchWsWpEH7Tnt`i&&
z_U6>P5)vL#Gm=NJRXPQ>O5lSN2Q`NdDz7(_P7*Z0y;QRv92jM6lgjV!qOwMieVEN9
zxMG!1ChZs2u76MwsIa+r$NcsU8Hs&9u)$xUBO`Wp(4|?7K8*s-j?M!TTi)VBK`rit
z7CZc{7T?ZERH>ZkiZ{C|3@AXE)LE}TqyBo-AREkU6CN+_$evqhRA98c2K@48ZNEyr
zO==xD(X5!^fAz!D%fPTQR>@+1oATF&F&ss+Z1-YpQhM|E1T=quMEb5|F`KW&&CVBE
zXrVDJ%nodC&U*6(UfBjvb?rQ=<T%VWxWqOQj0ZH|&K;<+>AMQ4uBx`lC=;eGM)IoD
z+>F%e2mD$bljlg}P}=}QD{Hce_Y}KKh9Xz{{4as{6=nQfBz$3t$e(u>&VZuUyDe6&
zs%IVSGyX1(nx~6K&EuU!SYH-TQzZ<bIsleKw$riUm^_Cg#o7p-IY(Nu0W8=@@dmSV
zJRfUzR`T&MfmobI<sujcTO(&xvPAw`ZWEoY$l7jQ2(DKK6X3|=Mfj6+!;YXv*%++<
zt79*8)1^iSfKNgv@g=;tmg8~ld1x*JyfS7j!bijSgd!q&LvIDu<A#2nL$+oSVb|9`
zKzHY1N}&#e7c%_q$~(heo;2cB)VHhU+u`{vx*b+3^w#fudJ}F8$9eE%luzy``42TK
z4Bw&bOKEp6!nOwLi!^&qIdRs)IhDOhu%GDw2S*Ndvl?o@edcL$zm2}s<bFGNrltGs
zB|NNFvBT=Dly*Epb<~EP*ZaQS%BYoc)@XJg8Ch)}^Quq@&nUjaR}b_#l62q0)J1NI
z*?nWpih&%wV9JB{FX>?3Ad0TR60Brj&{8@#>gUh)2S2S_Rb@NhKSbwl>lryNV1B8+
zsF=M=6bg3X3#hYF7dTDHX<LUA4=>GaPfMI-T*iSA{;o-OO+>fR6wbE^mm&N7^ek5a
zxkb;60dv1Ql4$_iys81+(yTwzoNpoLhGckAq_xkl*RCPBwhOU%uU+&nUjABzG}W<H
z_~2*)>vaG|1lGo$ojiKJe?V>cKK-mT7Am5Q1brGN?TFL5xr0;ji+0qpp^G{u&DbOL
zpB+VN9Te|(19(w=fVLyAGh#Hpqj8l=l&spWv_X&4<oC3x8zK<Z_KV*PyMIB}-Yt_e
z1J?7>xTmtjd6#}CyWpuz@*|e8H`B6^6Z~DNhOlvMZ8Z@j_q7FJH@$mCt*z#o+`(4U
zD98AA=+>{?;H<}sV#XeL43I8$H723tyTk=@keLF#MNaR@Qb~8mPn+p_QX-X^)@{0w
zGJ5I83n^xI+}ZDQxMl7+JiKi5NMWXnM@Toqp4d1(-&vQRT0KZu6HzdP5Um2fa8X3I
z^CJ0&R3Xm0A^?Nt{9y*UMqh3-tv6wA-X&EL@Oy<dqweJw-NnnD{rb_L0c!fsRo|u)
zW}L3hA|4dOCCqL#^2HbL<f#7y^=%wJVu;+lR&^P|UK0V)e2n1_<#yukK-px>3s*o7
zEScRgFOmc)Gmh7-ymEmP9J`}A|C-X5RSR38S)SYp;%P7}$QdgMwkhbDv@p4=5|J_>
zzcX3<bqYSej(=A%BswZRdq)zdK3+rfZ+f^(i$)}%1tfgnZIsY#N^4-bG%EAF20~@f
zcp=mw-<uusu-d=PqMm8cqjV|krm^aXbq73Lg8~ltyubs#p!xGX%-Tsg--Rz)=g+$Y
zH!sUn?RmZp&hrdYQ|I|??Rkz5&{pBSOzJV44x>~#$?2Al8{A=_a*|tkLYqhPgri%5
z$D%oB1wFj`Ax@c`ML;7WtKemK5gg(Fq(A*fI732jDw)1zaFMCQOUX%d>IHG_VfMUR
z%-$l{Q*WR|2t9p*>ED$|vYT+j*me=BPB3;Ih4+P<vbURsAxA{M&MXuhF?o(hf~Cde
zA&E402zD(ZP4pa#Bz-EI3w<g~g#P_Of2R=!<w|k(DP`F#cav|k^GpE!7GkNER)`H3
z+H(*#CS7PB4*Dyypn0(hQz$w`k}!7=8TBS3InRvdY{|L_US)xU9ce*2NPadM;oL&*
z1>USGzP7%?`BVt0iw*y}yo^ERWo}rl@G__F`Ww8=b!6&$(gIkR>_gUM6n$tC`d|pG
zw{foujuF7qOosP=qkyMLQF$7|$83>r0{Jgyq-rz1mQ!>L&vGXJ?M6<%WxAYy(VT6N
zvykC4%vUwzgXo?vY-&#fvrjRY&N$%*D4IkOtSFofSTO_;WE=hIM_})*pk`Fsqxf6w
zyjHBmUlZW(o8A2Qi}roj2>xCpD=0DiO$mX&k`{kIDx|K5pkqUw5x0n*-vEE#tpq-|
z@D}La&7^xn$?sT`^Vj0+MiqbWBi~KqZ@v&)#3>k@FSIY>Os?V(IGiucEs8bSwlE}a
zux?P1*mG+lhdIFc;1*^Sfj<UGQW)pQUXleQw1%Qj3pjIL#paSv6>K(+_?y@)*gv}D
z^EHXl92tPubxG%+UEv7Kz&r;WhpRsgbsUaSd;0OGcoHuDE0e5k%rf#N{R+>pT$DMr
z%}wWoB{>mz)~W9$ohKwix?-HcnDRmz;e|A5Ttg#K(wD(3ao0&2OS>ErD;O7E`ddGa
z#-h~5Bw(+D{VX`$tmL4QKC4U6G2G-pd|f#Z>83HOn<k%Znta?e>#lPU{xa>jf5HO~
z!g$3tksO3|+Ji7155n}ogRr=4S@8MSx{Wo(#BYQ1uh`Yz^yT;oRB~8M@3;mNz2g>>
zJMI(OGjTPXi8mBz&cu$|GjST8iT?8tq=QnsrvlDH8rw6jXk||Dc^E)V`e~?1{Y;gb
zJTohRnkdI1c(*LmoQKzf&%?o;0bwYCGdWM12t6?odSa&ZWOyigV%F1>hw}XNgkbM2
zCQ484ok?j3bnxeyl(zi;PEVdpy)Hdrb5*Di`M*t8jOu26<YR@bY#aK2?~wc`g&vaH
zGqFp)Z?i%J3UeMy7Zyjsx!8{!fA<u_@h51Hzddq0-66M;9&*P!l0$9{;0Jh}MX%(P
zdB0_4PH5&m>Z4H9YC@PY0gFFEYIX25QmdmY2(=p1j#mkwZRP-OPBv3_Yw6?6u_Av+
zbe<w?m9%6FJb9@xjT@rTY@3}8m36k6dEA^kl;XPb<^J*mcPQnVCL0SMP_G98lIhPl
zjZp3AskYeJI{#Et^L4+cOh{S7QbaXHVGmyN7X;!5mv_N|3QF+qlCvBICxYW!h}6EC
zs=(hFhL)>Pr{8iFdu7XY(!6!Lywx;sGR@nd%Ue(L?xJ~{ba}KJx&3I~ce=b<n%9-)
z{h-U+N%O7^#k>Q$JW%)QmFLsX`0#oE!uCm=x9m)yZvEbKRKJ}rl>xwzbAbRAs&>8z
z03Hd_&Ogbt^SEG105c{CW{ei*S}cJn4uUDx!t4i_oFJINTA0-UlZpP?^&%y9C<0KE
z0`Qv^BB2Vv_rvaJ|Aa;WE`F(~m98uMdpX%J3O9pWeJYj%d?N@i*qyC8fBeH@S8ts}
z%;oR%b;Mvyyau6IpQDpdGK|V;5z(2<D~-v#{&(^&6t<}nbK}iPoHoLYNX1^G!OWzm
za=(Q1f|`iiP~at!%?>P%DZ7699aOA^;u29RY@ftns|MVbX5B|KYiQ<8BvW3E`cS>R
zi;%e!FAZ!;X8Hc{V6hi-;EVlVxibO7<m5pNJrn}qO#got_t#Bqsknb@ur$CJO5ES9
zJV3DaV)6jwhX_VKGX4<@@Ixdm%9ODmSfQu1tk8O3g*s$wSfTh}alc=_PRFqd6`s<S
zNx|}d0RiKle^=#-DnZ_FX`#HoZmKHpf2iVb$@|+)`FryIp32USyX^zz`2V)x|AD;!
z9b+PwPnZRAhGyU)=(q1890WZ8rDfaM=~tMnH4OVDA7inwgHKp;Ki(L8X2$sG=L2E`
zl$)N|Nm%Vd0~sk;um#EWfBv9JxxW2KDABM^G3MN^yC?vMN_AvqlAe?<RyGSyZVR|s
zLfsa!^_%6xvg1DOWNJ5yYW2aULU)1CsmjtrtIEVs_XpIEZTtKBu_OJOlBdmRMnCr5
z#3uD)Q{K|+$1EYFYIiC-hzZtKOi~4F8IuD9Yl`f{o1u|U5NzJcYvmNDi&HOZ<rKAo
z{rlE<;rL(3Ct@<$eS&s!s52smi73J+`9%~9C*k!XhaAD=N^#0!67ebl@2S}Rp+s|i
zD1qC981nW2mj_Y3JV;iLdU?pa0VHbv%Yzu=@}S2iWwzkrMkPg)lCx^yVT+!Q+y!)`
zRG}j!NJqM=bfo<ng^tW0`2T>8Jd_YDbnA$Z%n6SRYq$8y6>^sVcUrCUgYFW01MU(v
zDu48R6gg495E6CFvUQl2Q3kitDwAU^(sIn^?2Bfmz_I3o{gIhabjm*uxJbC=FL1->
z&d3Yl3hYr#Ec7Q1B8kO$fe~W#yxn-8mj7!-c)PoOfscA>=%b!dTF{RHw7?h0Dw?z~
z{{)yja0i1uy`EoejuT+vhqQd6_;EHTdB^@8Ly2d)!45ht_1Z~I_s~`ZT=Y(()+N3Y
zgZHs8bwAfoD?HviG7LX1!3Vm|cTJZxQZxRuTymfLJ^`K5mVn1H3_&{<&Ygy?0S0uM
zD^@%7i*`DrUI{5GU5-2FQ>Yr6%|YUCBoWLN!_aaLW(GXOv4LjOss;N5J}90Q8uVei
ztI!5WdM1wNz~^}?A&%i<I5Qc9XQW}2ik9MTuBE!Rj}nt;6m%LK?dt_O-1=w(sb)>u
zQ6IkjWu;3|fN)Xzb5K0~{fy+3HGvNE)|+c-*L7A`(B&LTrv>{fKt@Y^)WHF@_pwt;
zbZX0jhM3r~gD@SP$q{LCNB0o3zqPhymGf-PsoCN|F?EM9|3D<X_T6DlJtt=GB@Fdm
zupKL5Hd;7PeyhmuQjCn?!LpxVDV=kyg?mj7oovDJU-)vdcxB2RcQosAd00?lAxPv{
z%9yY~e!_2twVYa!W*@Rl4~{pl#;3s`6@+yBE*Ft~>=;04kP@H9v1jf<xt%_Ewh5wx
z*8(2KhGPJDojzM_-{G@#lpgMq7|=hmhF~wp3-*n5bal|$6Npo|ZgtQgldjIpZ}qE#
z6|mKr8SY=59pNEX2d(X#)Y{I!I#>*zCjqYvPEPzLdxG6Wdgi^m4$aV~=fI4Z{giDO
zNqiU+OZ|!W`F)IoRa#Bn?VNYXeyrd&ge`FmN7#EC<PmyWhV9@T+`|(>HmEL;*u7P!
zA$G3-%(EJp;RrKoKl5+Kz@Fm4prOt?fcD|z{vlqjy^M+X`x8sS{~IPw@F$Lk_+OZ4
z@h48#_i*tQO%Jbdq=!#m2^>Y*HANQjGXNN`1p@TCrm18Nz_bs7NxVko9WO$52lBC!
z*ILcmA(D@C3ory6Q(gcuDpI|pYr=QI_LSR{LHsV@Xok_aU1x{6BK~B%%W@ndb2Vwl
zQv)Hl+Hpy0ZA!?kkI-s3jG`ylO$QtpLpvpM=z9~awYBd&+_|4TkjY6eKM20;bKipB
zZuo7>J(U&op3t2;9{?s%;HTjCSPJaP3bC#$FtOa9_!voi5ff+l6Q2qY5AD$`NiUy~
z^FF*Ma7n5e49tM!Ya}oq2f?h?!W;mYw}N2)tA+UjU|zzMT=9N<j&T$Gaega0_Y+oa
z;mBl2n_HEm8ZxZ!2&c$rsW2UJD>WG#;*nnx<Ei;8&#5_5MQ*(RBfJ1Ua`%^Fb8AaA
z&Bc$z$T;55(3i+2?-%s1S~M$~p0IGROCMHqXrkZu*A&hh4ev7k1^+Bz?;c)YfB(bl
z>-ekfIiL3q)<9aMrk9WB$75nQk|-z1iP}>CXiYW(4;cmkxfnq!RhSpSz9oX=uEW5r
zZ=c9{U!f(vZ?YORR6J68seK}+wE}J<Eg&iE#Rcn$oebM+k5C7NIFks2n#!tv%%6!9
zHUAqrQEh%n;pE=z^+vk1?WUtXxr|^qDe_S`E&2}m>-{o}<J31E{S0K_<t+O($fm(V
z{cZOm)q6i>5dXrzwNks!kD>qfR`}NsynwAB4rLa8Kr2EU(*HL}SvgFOB=GQzWRpAx
zYHZZL0*ZP_!!ZhWYDU)Vq!-1KNngq9yIiq>bh#tz@_P(X!oxKUy*m2uu%?HZzaTW4
z2`4uO?;1LX-UICK59F`+QFu25pK_ku#k-NCQ+4c9I#mbAUz$5sb%gx|u-tcsslCSr
z!bbajUhQb^U66@%%e#Wtm)`tf3!ViEY(TF=iQAwPz@d8I0A_DF>-Q~ce>=fH_sc_7
z)EfKX-<iEP+i7NROQhzBQJ%CWGKm^4N-H9hRN1ZcS|r?TU^?5&ZJ;x+u2ed68xjtN
zqyLwbRb0D}MyZzmgtmWqTeDWET`0>j{F0HA+d@zO`h@NXt?o;C@nU88{C;3Y9<LDu
zb@(YjpQAuEa-8Oxs-$jbsiH3R-;9}mNneR|qPjc3^yuzc+9y)@WFZFz!d?qW1HYmj
z1a?o#U?1>)Nc!<h`hleA;(AJo=I%>@d+*!~)V@Gp{Mwfn=$&{R&3jFk_aB-!gyy}i
z%X^*X-9qzL=<=uuU9Ld$R_XFq(!BHOnD><~4`kQ@aa5TmN0gqqNY2h3LE4q~)HpT|
z0KiK@02NyG%k2R3a1hMxT9^(1lN<!|C*$LAkDjV0Fh2+Jai3gMc;4>;;Pq>MdA066
z8(yAVgN>i_RWnDDS?JUe<Y?PX&Ywi*wPLtaR)S}BsOZOkQgo_7lSIoH^z=76xq=z+
zYVIclrl2MwJq>@MK0}nu*=L{nhYLD4GX~>-G#D9V)qwQT*8MbVD`Y)LvgCCc+d$6{
z%M6@pH0eT=UxJWt&rDUPtH@$kQD6vXB)#-{0_&?5^@nw!-uwX;EgPM`GZ(r_Gu22w
zR2RBOdUqi_F1pYyn~A#MJ-ex&SSUbU=-%)Ib)icm*;5y~rBc*D4#`)k&V}y0KaE@{
z7rJH^#v26Ka7hIhu4BzEavoVmYFy@G1jW*fJ<|Rd^j%vx1N$_2vcFI8)<2fI%zf^^
z^sT?%vHEKrAR^IhLY?zl;5s=bd`^y9H+p+szYXe68FAbv-`SE1#Myxrpo`hxhttEz
z$fz&Iz)1<9zVi)<fzl@2>rJ)QYjyvCwg6kCXIj!$XK2g00u@}$TMU@hGS9K>RT@T%
zU@fBy>O9)A1tOC9q&F8B;N^K&eIIy=OOeX}KPo}TGbuR>;uM#gYHR6b$&y?VBtI}`
zA68@sr>(M_QS9(F9oBZA$$5>1cl!055p2ul&Da<s5h3EB#2ZT(&9tac&;ExCblVzr
zsiOqgE<=n}Gw<dskErKXQ?vhOW#CGq3*~F(7R>%jt*Bj51$&-QzJNnrXN9t(Vx>qo
z_C{6Uz$*!ApMO#EE{4CEWMjwm!Cu7Vecm5zHXhORiEfPo=u`H$T<C*zb~`!|`aNT7
z$AzFKPDs`6Vlqded{LLGzNiPZr$mA7V~sEB)@>-WQ%W7Gum8;$q8BR!+G&c2lvhBv
zXdWrdb~q9JiP#$2SUTDoVys=(qsMc1znO$?$)uuw#qa}yzAc$a=LDY*_{b3h#xkWC
z8O0s<FG}W4*FfC8n2r;*l!Z3A0mLs-RM)?Js^bpok_0?9<=f^)aKe&*^B4`>y#h;S
zoRpLG@zD?~P2+|{fJqD3ZMmVIV%LnUV)uX^u$3O`23tvRoNoi<s<KB|8^LaFOMcfE
z_TY`yVUQNi&HNl-pQ*xa_aqC52PZ&<RCdb9)#k-du}+#qc9P(rW*^iObgX<&V7#D4
zw8L8mY@zh!GU!WT4+D6Or9tN7YM#b<2`kSe{LedQecs#2x{=wp^a!Kq`R?;dO~uqP
z1*>d|QW?y0EUHFs<dlb~^J%Rs9zz48f0Hk%$94?{qTi?O)LVl&1=!7=es(h{M1a3;
zL4y1xj4P>-Hj^3g&Ly8@kt(@4Bhg6^NN(IWWIY4R-7gvY@is1+R)0Dq&+Ljw!BYhy
zSUZ1)r!4*6KI?<f?Bj-1inc9TrtB@1KPeWHAWRQQBi>yQNF!jgNc%;FMu6Xll4c0S
z)Ud>+Ywz_*X!@_#&Io%m^$X3_f8*1Ey@v&mx{EEKaBKKxDt5geSTW+x#vv`J_@U-1
zw$BQz7-cmRTT*dEa}^f`Rh$hK$F`*654mP4u6i%zRD3bG1r^`Tfl0w^pg>8W`aX#v
zEQ?)}v&>IiD;?p^OrtSpaC=IbWXD2ySp#m$M2^$68}}-ugA)jcWpdV$&H2*3WOE+*
zPQN)3TLni4UQ3ygU%(R<UOvDOReczXq}6{u609zM&huc#o^|Lo>Ci&PCBT85WzN1R
zI2Ln?lxUi-hyU;f+Ti$z(;VEGvXW9*)3~AtAgqfU$%glKq_%mjlj)7M2`1t;h~nd{
zrPShuKaBWj4Mqszc|-Ci9|C_uI%$<DXXEe*4hUdKqZrz9U+NV?y=lY5e1Bpd#DBrW
zVt=ApPsUzR$=Ee7A!AE|E=Bb!z%Kw09RB2Y72rz%sB5II0-7aPYo7{4Mu@>G-CU?3
zBk*!#o59HHYdxB--Sb*jC~~!ZPzzA~vF0j1SrOQ6jBPW$B^9@Wih~b!dJlB1Vg_J;
zNS%{)92$KqDaB^s?s*wI5cA~+etN6~l|#b-NqUG}nwsjqHK_XuP-ay@3%WnzY7e!n
zv?rm9|6>b$G}YuAivpJdsZM@Nn*8NT4@!0B+`*jRLoMh)uZo_Zv$N3u{VDJtJLNvb
z1%8C$0{<W>T}fybL=MXThMvmxH2N;%pmg_ZLeKJOSZwwff?S!)(<v>Z7R(cIjeu<#
zG8Gr1lks*&#`4Dy2Iik%>&ck43wXMMold${X|mO3fsxgVavIr~KP5IR<*I?%DwoPn
zkSqIob*}I4-UZER@J{QZcUs&k%8mmbNdfNDy_tnEEDX6Y@8>BCQ|!FZ%-ZB#hP7e7
z{qoVwY?;Y5LlpUgAmL)jY<3<gc1qH*Q$8OAw*vQ5Xmqv^%IW=)eS>QtEE$PQTyJ(>
zA`2ZT|9G;*%-09kZ;OJ!kI+IFY@wDuha5K#$|=a;@m}VbsN)u#g2?StnW)2rY$U#d
zp&`91AQ@k?z|NxYS0b;z+h4Wcg<V^&M)$4&`!n38U6&<r@;GcHg_inP3mZwL;BEwO
zzL8Z+6L87OVI}|*q@#88UQ@2S*W3#ho(JT9<o~eG`H<JLC48t0*mF$@P1`c?QeA3$
z-haYN`&LjHXEnzK`nFpcSlwSF0fStEuuLDy?~4SK9rot6vcsPAwEa&)Qz6Z4xpQgW
z2wmPVnm3N-jnd_n(7Yiu?|xn0Jv8qYn)iq<?;)Be&^(7OZywD%-yQS*smohH^Y+oa
zrMf&9&HIw(eXh&<gyy|Q^VaI}R`G!{)v13{NhU5y@=<auKlCT{e@)B3tSkR~P<ipR
za;E=&gcQyW^4FTH0@MJ&KY{>+GZdg)dItcwAPfJ9Gqj6{((?f3Tu>$Tr!_DS0nG8!
zl>h05!vJ@4{$X6=0*6s@O$nuDgu?kj(%d2yz;~Dc+#Uq*&^66O9srnO*RThjX%F7e
z_28AD9=vu{Y2Z~TyzFXV1J9`dvjM<yHQ3!B6<7*OUzL?PzZ*c8%7LH=b(^{}eE_Og
z(4=~=P=FCqTLAbOKXbR|pz^r)0L69S!OUdN>m>v7e&*K~#wv<G??*hU7CGio&&Ub(
zvAlBng}VR!)r0d6WQ7NT>gz$Mfx5VBqmPow>dS4ezHiQx`np3EqC6PtOz>;v5M6c<
zK3i3L#Y*4&VWhm4_Y|iNr^0)Les~YEMAr09u9>C_q3MrU!B5!V_t@VRoZ1c4z72tP
z2_tdn>lDuWwZG|D>DTjTeey*4J~>71Eyu|{Wuuza0s7ua9-t=hkdUq&-f1rzkMx@t
zfdv)V4izgJZWKmsWWc4;TKvUm^)2rmL!~0nYR=M5CEKc23P<4Z(h=N1Mxe}_RKXGr
zBr&A^BOVQYYap<^^G6KqcLk!>*G)EX&Mk0M(*Tq7ZpY5b`X}k(SBK19k?ypNrAmof
z`a*0lEpUnzpei@CGh9V4i=eE41Cz$1JtS2vN>DC|t9KiN4>5a1C#0`;cE)YpGfum$
zd&JQLj=FhSkz9p;F$ib8n^T{yQT5G4h~Vy~7OL`%TK=V=Cc>De0E4rB)ZQF<Dx0ck
zVnN`#_MlO%ub^sxakO<W&D{vO|JLNnE2$z!ky_R%+znIYv>u~T<e(2u?c7K^7bN&Q
zu053Jf}#ri<gda~<f_V4IZ8v6_fl0konwF{9R#YJ|2&LLanxEW+=K#Dm2>x9RFy-c
z1yjLuxilb|@i;nF&YC?&MU`U$)gcOj&DqCjIQc-OO?k#1DfutJ>A0m2Ve4y0`dim1
zZ4NC9rL>t1vB6rPY(Z90nFHjOL98J?-LD1Ln7GqD0^1OqY-rto`Uf<GSJ(C}X=ueM
zdc#EK+LdRlnt2yzd6+7yn`&?H_`rdoZsCp07PL2jw3oMNQu2Mw0NUgp?APkVhH=el
zbwn54Mqqw?e5PN!<L?L4?%ed0Dz}*ga+}kZC&k(=RJ%iWWLc2><P6pCm{GsePjsAY
zM!zFED+v=08lFb!3bN7UTdrmbCDut45*44+2#Hh-niQ)M6#2buV``EAQ4A91|4heA
ze0O?@uYb9J0HWRsQ{Q{|xe$n&ODcpwc%d~R<*Fv+lvWc`uF-_}&KNZp3TfqbV+c)1
zJqA9EyZ-^~;FJ>mPAaFNJD+#chzcowK}Ht&NyUSfNW7twwT6wazh9eO6SDl+2vWRw
zy%cXfC0z;@Oah{Rige`dm-=&3yW3iTk{`%DxDoC?b4{M#B8IsW`anMwO!Ny6X|s7`
zBjnM2;KVmk(R2OMLrUyUDOmW%bWX2h6dY5i5r={!1VQ@9Iw|5s!SQsM201Xr9>y_+
z6gi1p4}<ds&{#pR9`|zPv_kg>QtnwiVmE;Jl2ExNuwu3bpXFwZS%mm*lEBa}b)zu<
zpx{5E2yrG|9=O+t*67PrnhSCdaumirNyzdYx|xn!GZ|O>T+BcWsB?6&hFD_1C7#nA
z7npcjdmY3ScoHzoRoF-MCxJ|dtw4bTG<9rqjY^&=tl5K4285!$PVza--Kmdg+i1`n
z^{y}s>kvAw{8)A`rsI?NsswJ3%hD$TX0e)``O)yE!kNIH%=ibJ_&5%BX>lf^^;okz
z=FIXOPTIbbs@|%#V;scBI95$54jT1+OzHrlCwLdrkz5hH_=dukdnzW#EPYUbS$bbE
zq%tT^4JhXzP5se`hKrCcw`cJdRQmR=s=rp`!wMb>4hytyp|_NZ7-VO_3ALY{*@3)D
z?kJk~vo3Eh&C8;BM|F7zX<h=&`(2lJjOKAP?@wKxMDvbEW8PU^-btFbmFCs!^3Kt`
z6*TXXF7E;tc+;X6DK>i<KaiWv{GiL$d@W22z*GdmbY@q=vC^M}6Y)j`T?yN$0N(+?
zm7p4~TvY)63jlux0jyv(%#fS_@Jdh<ub{E`LFsYGUKW(SOue<50AL>ZR0wYKr~RFe
z1)lbx+m=4>(*n{u`~>ALLXv%uu;ioO6SUK0&x5ve7Z>Pnb#m5FSK+OkhB%Cs$_6SM
zOvmXnz>ow0b-dc`A6A*b(E=c)?ZHuXsypt<GTiBx=Vp<+NCVmD|1o89()ca<4XkV(
za4F^A=+;}nLn2C(x1@s)%f$o88sMXXZf!#N_m6C&_cJBmq?6~q4R}|L=jSeRUwdAc
z`MiphGa++<vPROx$S$0)hOk(!(S%D;Qb$I1xz0lO{H$NVLZfu|+nZak&=ZdLxK8ca
z69Ul)Y$BvdEvY@~ct|vAzQHp=Tq^iUkglY*purc8{Vy8)Z%~7%==o<$8oW{4pyzN{
z%UYZe)M7rg7~hf>KR?<-Ei2s~-o^iss{KgNehAu+Fzv^Mu<K#hm2rW6y%E<xr6udH
z?dw0oH0{p5Zo8wVWQD@&ziw(lyGxH;537d-jS8{)g_hKwapZr2WMM%K4uJ-5Y)OOF
zheI}4zlkUJqh?$E@zKCmi=ov|dbgm}p`lxCzQKnd3AvXBwxq%RhyFKv>CT`b=0S_w
zZ)}PF_mBoZ|L}G8fBdTb*rom0L_T2V{S^9BZT8#n(QJoz22IfoP_TPTI=tqfro-9V
zcKcknU29Og-J#%H$t`GiptfC4qo&<ejn`{;`IFfJ?ShU?x}_!U*8Hkz*Q9NCz;)a0
z_;^SH@_Db8@ISxy2%%&1aQ>@>bl_R4`$7qsUiU=>aGHW(X`fehfyd``@xl5pzG;t6
z|Dk!m>hku}yty>*H(lNlnm3N-oz&%dY2FZ;*G8uoYQ^+lG*8gwwGGl4{liC@YZ$8c
zY7l?^K8xOmGxcmO;agw8=zY1{IjsIiUAJ}xm4ES+hIhXU$~%I>3_7(iw*t(JAec2;
znAQOE_9+_wk!${`Xk4Shb^lO9O0^0ygt@g*Gr~^*rh5>K66X+GcL7XroWrNJJ$wvc
z$}uH3r6=lW_P9Y2y)mO&>faq66XwR!^v8QDx|^OP-3#{Q-pw2fp(GFUJ`7qHh@a&B
z82<SH{sA<^fJ0t*GU9z6{(*MAF8F5w{4)<q&y{D(&&adn8D4lWU~<+_iPps3q<4@a
zKTOh;Jd8RCf8!KbDuI^z?>3@Y@t(I+IJpzXM)IOvxU)un4E}kPLF3S)8T8u(8q%3=
z2KwFPE`5K056-&~dORKKD}aAu)b6g|WmKgka*|vExry*kENizK+I?;p6_t&Z{>gro
zN>#v@-zN9a)>kS$u0oE5{0{oouI@kUqmu3d)-GbkYIkTVp-fWTE;{Uw-b&HS&vg0~
z38!r@nx~^Yb+Ezg$}+jeNTTC_U<V}^xh8E$gGQV`OGdE|=kye&UdlKr+8X$-CtH87
zi^3R@O#SuQu5`El0|P(9KO@>g(34JuIT#FOz{dU%{KNzC!&&f?LE&IU3|_GI3l0b!
zEXVo#n_pEafNL+0B^Cp0O8oRcNuy}gP1+G05FRX`t@j7fwsv{cwzkf@gdr~<B`E$&
z5gb_NWaIi29N=lG%Rz#HW7=?BsNq1@EImlM@6~dBS-C^Ml5#iEa?qo%QOz*!usQpf
zStvNh5Ui?-fY;}x@`9rVh#@&kjL}HSBMXbDekDbOtEMH{D6N>4z}c?(1pBZs`qHE%
zqZ-`*8<~6@WK$r$Rqw;&cA1@r#nfHG{P#&moZi&k;<&S7_8CzqIAi87LpP<iRNiHP
zfaO=#7z4zKTW~LoN;W9QVpPLIF40oEpQyx+rqHW36M?$Wp$ttbg`}~dSA(wcbZiTk
z_S3xD`P~ds*iitwUwUs=0;fID;HG?^Z;LqYn%Q|&OuZ~D0BM++r>G~rU&QbZunxU3
zb=~8XT7T>O$#&T%I4*$^Wj}h%Y`$C)e5?Kh6Ppgw=VL^<R2t|Z3wkDq;6CD00B!&P
z@ZCa|6?<<xd{q%J5J>y>R*-gyx3;dz8ZFqrhEM;TDT`b?1IC|_>>314;-X2q6tT%j
zlZG{j&N|07ntEy@q!L7QRY)R#2BToyfpvPs)cvF(!}Q^z^PqPLq`CWr4GP5U+yijN
zMR6RWruWuX>=)XTd3)$TJJHS?r$=S%@mAq;<!?pX(ZdklacbnFc{!XMBid?=V)i+~
zK0E@0&v)uecG|8oVa~q1`dVJFCxBa*h`wq0&W3!CWXP|tCTI_=2~CK_1p5sDRoFKy
z&2u^)%OOaau;p?Xt%d<a5CDT7AY2E~Di|O_2Vl?xkRF@+#sXNR4y;XZJ*{*A(ZK*w
zI)HY80G6#}R(9%OVp}#X9fGFil73n`1$E|<ep)&Q1L&tEJ{UkhA>D!j^b?X044|Ko
z9x8yn7Np4?0cx3c0_+k=Cy;!ab`~7RNUAac3P^aGA2}F+K?e|-=0}c@08wdv<Om7S
zIxP@6LV~qT^CL${fS5Eta)bmB(samyFrlWU{q?7%W11g1Lber`=0}c@0A14j$Pp5t
zYnmT9LIQM8^CL${fE&{M$e{=L<O%{Lrg`511ETERg8eQKKzQN>dnCU5-znODZxG#?
zIY5EV<iNQ;HAbR;<93n1a`yoHPSF2k?-T6dJnZ&4$sGygFJ!{&%JPLdbug8dh?)qP
zxT$iPFztc?(j{e@Es-^a9r?6#LdBo=kV4+FLSf66Ff}KP6`Ot`9&^Ig96->D<51=(
z<ZO;mb0VP3F;eDgB<4h7&K)F&;4Delgq2utBM?`jFd>SfK?aD5`vv%)@|UpeAXT(V
z3o3TG5hk@`R2m*+V)iBLboB`F?SNCIe1nmz%1X2JL{@|y*L4f~1+XGXPbP51j^mbr
zX6F&YW3YJLgaez_2e~qE#cDk*_tww9uSU$SvAC-Sj<%k!X_Y3QV!V-C<TLiz8hk<#
zVNmucJWDho3aLMd<1R3c#l-K!D5qxUWho<^u`RSa1s`h|7xfBUh=Lp#o}N2V*_lev
z0s=2nz}{}f2XHNZMrJXxFDlPcOBobq3e%WF&4iY*Yrm0lGj3W44CoiJGq>x61lEwY
zqbu2s!=QcEe+zb9laNL(^1zjAFY^2k-uMQ*U7k1_g1gy`i8uNalXYr=SLp1GUrX*5
z&+2lXqd7w%XA!ArQK;IdpKYFZs#1BUFj9~A$spdzz;5(tV|?%n0z)5z<WB8?7tZ12
z4?!?;;ruijFQWI+^xM_+mr1(ZPwp#c$Z7Je@-57MEM7_{Jd>O#ca!7g&dgE`FF)~+
z9;L>%B^V?{0((VJ{~9n<&O_4kFM!Dz!RP#YN0xwDnWNs)TXdcknS*!@Jt6oWT~*lz
zFCo@5a+GrW$gUv>TLbJ?6zcx>lIyheJ=%qZQ!B2!z>#pGzCL(*Kbk;*O@B^>H2qd;
znbj6L#jV4_@a8_vdXQ%9gpA+UVurj?v~4y#nE&u5xE_-9w2kzZSNnX5;$P2yzazuy
zlxzZXwJW-7O_T_(qPntuQz)!S$*;OLcFvvot9bI`X<^}CoO%&5yNnnRWvpRFJC@|i
zi*;1bX^U^QPDme-dCjlda#+5Tl+Bw{Mk{$hSoq1`sHA)ooiwru3m1XfKU{Q^{W$Lu
z-8o>CR+MqvWb^Ts3EnGkDRdX@A}tMQJ!6<MG*^m9E)Y58q1phujELsjfZIMaAUM#M
z1(}$Fs>&>1FKaG=G!xQE*8p8WqQC3Rj3`%LgWC0a>7$KmwKWljG5TsDIv%W-x|M75
zz|RU<vI+_CfRhiYDPtuwe;8s&wP#79vz)N}5*cO<>zaK6Trq)M%Oab(e{5`aRQ>s2
z|AoFSMb5uW*{212XS~KB3iJUSc%-r*e+}ZmjQvIS<AVJyoC-4hu@YUtfZ?BzKK9V%
zN5K!>PgU3QEBn)W9+>fL=;BjZ@u{S^{HU&fxU_4?(h3Xj!v1N?3kxGi8rC5!#cLm4
z-J0!UTTe4nWHpd2>Xk?(feTTuE(A*=ogxe2{ffW>Wnnw;qYZQi7X1&SCp!5G)iM+q
zsrQbewjgaGC-6@ou^9wLW2GQ>8LJqivXl770RwerDtYulx}v9k;30av<jJwReGLv~
z@ED6`Vi+_XD~{DD%0(%6i=y{nCte*p@ebo!LkU$|j_-n;cJ{hwG<e}e-|X}Oh?0Lu
zn#ek&_hd7%4Q(k;ms;LNX{N$J=rMg@+|U*1?4Mx$dGvNvws#Qo;LUY<V}G=+F>Dx)
z3vqFzw0zz<auRNi4LCRjN3S+uayqzF<g3ADXqJf|Tn=^x;5GtI1!2h?G%Gt^lyOqN
zQ5yBBkpus|CPFn_6oTsMH<v=_Bllh4g3L8J%j8bzLrB4mVQt9~&IbJcH&O8X-TpfJ
zuKOSgT`w(L6NSOLNYWOT^a>``40RRWXh0w0;1eKBto0b5{+JNP0UmfFpVh4o0X~KZ
z+el6kI8#cc`QOo_s@v-B;7MR`V5u-Dh4#w+a@52@8p4VmTGgE^a9M7QP{pCIz*@PN
zvt>sT_H<Vcom`ZfYHKMr{b@jpTd)cus~7i5KU|ZA>vKulg~?fDVIKOeKR1$~>J^ez
zA~N3t<VWP6Ge|=Iz2w*Oez_b5uF5KrUVH`?cypfi`H(r=CpeyGZa$Z36PGiCw^B9b
z-7v=Fu>|{I`s#kKR02}}<Z!Lj-x#ia9}jC6&IyY;krKnnR2T|`HHA0w9;ubBAsi4T
z-BM_42($FGHSpF+_`Z)iDJYdZACXyHH?_htaq5&uCdpa4%(pRf+Jq;q6Q@lWFL&2v
zE@YV%6CSZl7!RJGnZHrNu^8o4)$wxM09m83W>DY?8{_-Xl_8iPu)-6zQMz;Ov%nSp
z^1%eOYNg&c&;sbCE_4HzDl$Y^;kz^|+&>dn_?@->6`n<s^6w+-7@rxi#I2tq39$I>
z3i8wy{;e|93SYFE1MK~*_i2r0tP}jJdQq^09TnJr{f?{pJ*QpOZODt|9zRjiWI&Ov
zG%sX8krgy=uPzT%2YxpVuz)pr@XCoI*DPA(h_1-5w7Q3Ao>!Om8_mn7dBNsudcN3p
z1<kX((}G-uZeuDSps&)36{JUB1aZ}CND5dRyCM67pzL=VHQJwv0Q0XPn6N8QMZNdz
z<-nZBuWCAQ3zRMmGCzCpDzz?)hV0=%*~7I)a?*zcW&lZnm$dN0C`(v!9$Wxy0}HQZ
zlvC9D5vt}?f6=1rp*%Q@Fa+HbXS0U83i}#1#Bz$0j(r*Qxj=FzC*?hI)@O1Jfg`}g
z4=FFORrUqDGO#Bd>W=O!+B^{%Co>Kx4<6`!);SuSF&{I#CiW?IRo-eKq_*%@|4z*G
zz&3lKQy)UckDEb^T~GEQ+m&afU$?+M{9UqsLWs1>a%%)YXO$*!CjKPS*HcorPV{u!
zFhaBAGHAE^uFhpfWuAd~NKrpXR|x1E({kwcN-2@n(Cw9Oa{i)wZ=pKAw&wX?qmZw=
z)#DLj1CbG0$6}~n_R?b<FWR=0qCMJG;G*_X%w2d4?s}s%9@tp}bKjKjBl(YE{+JN?
z%j8Ev|BLw(wE58XT)SMZ#SSGJg6hT`-y&`Lz)0PghXm~dLTbXzy#i2)fl$zju(TV(
z)JwAfCdLOo)$%yi78gC}5LP0<TD&b_5}+i~O2Xg7oJh;zq~F4+Hb0hAxC2W96*HKV
z;{()%v%c;D$SCm#JLBI=zk&$?i^k&f5VoRH%=QS2Gr;1qb`wSPO|f8A%<KycAc$dM
zaAKyVfuP~U`c4$br3cimG~I>zuV@$M{7Sp<6m+49`m6J3{XDDxa@h6je}U9*`x-ao
zoE%*|5HLM25i$PEJ)+3}Y<6Cf8vgS6z_Hvo2b9n}(cWYG8cWT&h1CJ;GrL6Ofq{|U
z2*a1%q?jG?5#wo99;EIcH8PUB#Ce;6v(_6se0#Vg*vIo~ObqY^{5mEE_yTreV$+KI
zj0+l?*yTOI!V5tzoG)nb`TV;CrhO31{TCE@$sPb08Uz5yO_oRc9I`v$N3C?ik-~X@
zA=T2Y>fGctgC71y|D#G#>iHSfBj-u+pHcR2r9*vemnVg@#Q#85f6`jyK~NRMitzr-
zak`g}KYnWTd$>g^zEMe0A4HZ)ACojMn6Kak5Gq^6YQ9-p*}_k$o6SvV5umMfGUUvX
z$H))K53;9|1P`BX3J=?@@4-<|u$iCI;cU03aI#VEAtykq+3-)Mwt;A9AYOGKdu=6?
z|Jc>3DV3y^R5)~arIFRXmw`>Orv&(K*WK@ERJ!xv5gvV?RT#i-8Au7e*zAnOJBfk0
z@A~-`B>E5DfDWZbp6$<V5IK4Tkscl*2Z1zu7Ug}jba$JKFshJ^7hU<KXfu~zo^P82
zhZ{V;SA0c5<LL^?RQ*wuWtm(NeKfZ~qjX1mj)_v4C^QSNj}%T-^p-<n1(ZkujLibx
zwp=<eJONI+K39Quoaz8HWI*zU1a`K?lVJ{^!?YyOrx7V+tUo<LXzHhP|H20$>B=e9
z&;JsNd=2mmcgfcv^j<YMf*e%oa3NdV7xb5}(}U{ZFD1dAYqnuxfajW3m^jRzI5faa
zhG}-YNQ2%YsQiR4a63Ncql{KEWIqs;eXmb>p&kwZLwo@d+sH~X8k~n=Q5g-s{pK7L
zB4@3SQzlNDcI_C_VUZb-WuXI#fDI7y1sIS~e36#z>x@{s2>#C74A`iriE9p&G~*sb
zSo;1orT0Z|lHR|3je60iop_+hPApo}1KTZ`r*5Jw^k7XlVT|f<c<D!UL#0R#_RA<e
z^AX)z9p{0>M7y7Cf5w}DySk$H@E9eeM7HXg!wIQC6Iz`UV)G=SQ)DkgCRZkmj=Tl`
zrfe+};<la>O3DBC$NZj@!<`d_J|57MdoJC1P8c0?fTf)klXi%$YozlZ8_C{m#Ui*b
zrhf9vmKA_7%w2TQ*3h2`G1o=nM&cqw;Vq9~qw>LUvumbg^3|GiW(G){8l{&%*2)A&
zGl`Qq`-tEGCkrN5J7^@enHui%*O2FzS&<s7<6&F4TA6doC1F0q_wepP8J|j@-1i)2
zy(6X1kov1GKRjcUDSKyN8|Oc2q7BP(Rq#dbWqbpOA2p300EQ79SA?kZwU3${`5xr6
znjG;2UCEi+l5o7xIg3v9cq7QvMK@DXLQ}&M9LqEn*^UT-6}6>u#U(blJJHH^!sTYV
zRysHn1h-kx0!C*Hk*=vySkMJlsH-n@1vfR3UW&F&o8vWmS(P{D{+HhSf0`Xi-iW?d
z2<0aG=tpYN<-8)UojUCw71O3#ri$yvPnbS#+QbTrxE{VAwU(uc8y=fF^|474(kcpF
zGt$dMVM-1Bvj_g!2LIF*IqJ)Vxfp+ZE+GZv-%-iw<X`&GaLxp>X@p4|5yVJ-eTQIq
zayxc^^KHp_B7OFqr0?V^bZB)HN8jV)J9ne?$a!HZm`aec<d+yrev-mv!U3|K_j%Ah
z%=&e{ZwH~NhR;6cM7~a3H}Tdi+3?4qSHz1)#Ee~#1V1*KoV!gPZ<Od9m27bCN}emM
zsV)<ykpIV4pA#yoNh|md>1IU{C_vukRCQpi5Z{d;3>@HO#`cMx)6wRPokbbdW^z*m
z-oH$kii4iYURNevgqUspNrE}KLJ8Qmt;n&>l72p4_{t;l4Pw$6lXIiVb2MUTc0zl>
z4lma7-TA(<!lbSFPLFjTn;)=K6Swx|z#fiZpW|7;2EG=;vYE&UBL53indImWgWz$l
zp`?#@$Fd-D=8PQ~KG2IBNO>AZE;=2%3VqrQecA{?<a%mi$dS%$6YLO@KpP(Jpf>27
z;J6)3fBfO$<hS606b~09!t5KQOXG1yma~V`Ff}IE2m^?x$Z*NEqkU~*djp<yp2HD^
zP780aJp-Y`8^D(kL6@nBO$=$q;y1yoNt^JyB;fos;tk#VGG5rpeIaRw5-(3P_ZTcM
z*+0&0WSrkxMC}-lQvEf|cU?_ie;~Ye+L6Ao4E#IbC~fZ_^O;=3$*>YU;APZ>ZiJ5_
z8zwEdO7<vVw&3oCb_#&q{O2I+-J(PAWEH{3`VqWDhv1eq47<&|q{D8LD>Ip3I3$w~
z=RP66hbg1hL^@zF0aE-Q>fQuCrt5nEe-lZJ5O0()NF;Phv}l4<LR3Q38zw|iQEf#<
zL@6ON*3>qM8e`B_SK8{g`=ZrvTeTF4B|#TU=|=6#8)H{Qi}~Mk?tO3Go0%lj@%{b(
zpTEyXX6Ekqo^#JV=iGD8$+X=umR%qie}iJ|jSO3*U%cN#23SeZS!lTj)-If^-7Xc@
z-VZCc*QnWIY`JfMqtT1~Q`+q{C-o*w16jRYy={9fhh_T%vVN~^r|Y+a)U`A*5q^}w
z3bFOgrEs}e(n14)LR*k7kzAw+Eq{fMANJ`u(X(Clm>iAfV8_#y`{b~<{R8P=zg^ld
zmPqAZc@6b5cf^mLVtAQ`izSeTO}2J>0fYpb%zL#gDtyLX9bwA$#&LKsV9C%qf+M;N
z11MXI%JiH$4iA%l-hxQUsurvZ%C*{Ru{L`VS-Y2>w%FO=0hR|!R9k_oQ{}p}^|vk)
zRO_OkAKGp5dgzqvv6AptY)M{zQl4Vqi_v+G$<g^T#K$9(ysSkEH25-@OkY+8vIGj5
z=ypDR%Z-k#b@CQUd*8E#2!HyKnm=XsBut93KO&awGmjFimHgx<$&q~-eMlJB;^{=r
zFXOrbc4oPvRsH}Rk7@+#mMcQaE|YEF)K+tf8ebk`ahmLd8(+yx++wmn(YP`*@%zj=
zKU?+-*1zjpqTqG~h?Uq9Bx1@o6MnVtWg%sU!1vq%2dI{wo`hr1*HeyN)1n*49IllK
zZTC)YD`<XUl9QR<&}mUVg4UD8$9hI9n(khFxf7T)jDinaSz@VJ?z)%D^F6<*SCoIs
zGYt25d;8EcF(M8Im4J{3KP?)L-3%?wTh7@-=UOYZd@)>RTPq{@l6Yor41r?cW^qUi
zH8(B*FFLK3NQW^594j(tsmwYKZ&VdFF;vK9?!`%C$?Tdkf;E;#y+k;cu?tIFlOy7w
z^k~jir0o6IXhrXxOa1o#CVQ7vWABTitL^<jTC|U~jro2e621EqYUklvz@wf29vfF&
z$J7Euj>ni<FL6{ss5jYj4RIJtYr7(r7Tl}kyBf&;Ls&emUOw@(F4h!J3$*E*mc_|&
zw7y~7iOG=QMSQd$w*c(gq25nw(XJa4Oq0cDNSjX3pDN5@uD?yiF`anpF?xqtTqw(O
zI`IrkoLCs|V?Xf!-F}_)`M=n&1DpMu{rbVfs{OkEJnq-8&P)5Xu_*1=^v6(86>OKt
zMm5m~<R(LXbPI(RK;N&T9QsQyH%H~D4wR$f_V=g;hx{5SlKI~za|@f=iFDGhAsOhX
zMz08(EAHd`w+-fA89RYs=$c6(*6ZfHI=}EQZz<lwmw>+o=MC}){H~+M?JW7TK5zWQ
zk)0Zl(xId@DO|iCQ%8<3lu}2#^5>>JJ#pfAz8Flf=BAh@TSoK6pW%0Kz|I%1#P3rk
zj?LwZm*Mxq(c|;5W6Ln-JZQ1dJb5f>@!LtEbFWVr!*O+fF+aP$VC3Y{a-ta$X`TCA
z1BLZt&7&uee0uz7A*F%2ClNSCkIbDoVf=LR6API;!170KhBteO*To@A0U-r_UPYQd
ztEUv5@oB+U7gx<yU%fpA$8=d8tfjKjQ=stJzKbe6(kmTVZrebz$JVl4kxpd0*#`jb
zyqNt$94A%s-2cHy%F~*0u7wKAF`fAR3aYOdRlxKWj{&7FAY=&rk(p?Ci5ucqJi?vu
zfz$Whhsqrus;z*Dp&10>P}`VL{Y7S!Y)UB=><tMwFPiv1rN*`pTZOE{s!!v<$Q~R&
zK<&lv13f6s{+-A^c5r2;r_K$~X-h^uFaX){>*t<BLiRl%ElvW|=D$#sK>cR<IjTp^
z7wc&ZfcXWePk#!vMss#nr!|_riY{V9GBMXXOf3CixkOJ6{Sk}k-+5xZ=Y>}VON^c9
zLr>J_A3pUW+vo~eS$<8QS_?7^J*dYukn5&ltW$Aa0_>$;$#d3%Hksp#L)bB=)zP!z
zeRejGb?T*6C^XZk+bm{n(}5PYMJwIEeP@`1pNu@D$rtX$U8B{V!lt?2OB2VJfD^ho
zGr`Cpf*FK7AB*u3ipNO<i==(cXcfr7*a@ebq#jtQ|ADzuqB-X^jn@Ij9C)eig9@A*
zL)d_7(>^Y?3}iq&Exf#CKm&Rl29)asl8I7B_L-q3M=nI>JuPN6iRMggkK!?IvgP`$
zK>dP%I&>zJ4zF_RnMDOOvoKotQk<eA0>6qF>R{0P5HJ>tNh*t8A+EBMUGB)yv)~o7
zS;xs38XpL>Ij*Msn!*qmF#Hnl??l}!S8_Dky(sy=gYtW-of=pbLrJkb86v<I85D1Z
zn{ixP@p-`!b)#uFxrudbn6JDH!5ZSA2M!@oM)9DG;DJ^i1Px|HBTB%Eyhc75ykbA5
zkGEDbmraOGj3vuwc3}mq8n9#$v|5ut=t9!KXyBBbU6~<+hM%-P%na&@=el^$?2ASm
zr}UsCXRIL^bBYW-$VSU&8?8k&dfRFM-yba|9AydFbpz`neNeiO(uybdgHr7r2Ktz0
zazx#as}}Vwenh^oEeWn<%4&6HUeq2#_}s`!f7D&56`M?kYlm%d-W(-gVr@tV@^W*!
z<4<Y)^qs#SB%^U!Knp<rG_V+G2+r6Q1NyufMEO|3-o&+EsE423-<SiB&7*eFVV>QJ
z!)zuGvs@l#`XE9>2`wEWzEQ|AQyg#OyOc(p4^zw+ccd@p7H&nx*r9S-X^ZkRo!5VM
zyX}Rc@=TnS($bEHnY7>C1eZ1!KO!HZWBz$yH#X)`bj(A5=!<`j^Q^3TuqW^FGuV=|
z_xKr*)@wl7@_?c`=y4EVZoxtHmk05*auC^74&qh6gLv~EAowA5E$9mEjaShcu%uNj
z=|Ire0tT*^B$ioI=Mq_r#<4siemWNgA2R%Dq}8MxOBYV;QWD33;_XNXJ3pX|BWhUv
z?%XCMQML;4UOQ-)wizq7gIH*^Zr8!<P%RS+k@t<`DDS(@*p(6!^o0ipZ{rj6Zb{GX
zmbAcw#CeGoU#@83ySAV01vw&We{)>Nv1LijAhRcHIrW1}Zr>GpvXLB4!}TC1KbMBz
z|Ac|Ry04i_xyM9i;Y!UVM8|(9BatR~tUL5v9Q9a-_rYmOcXg}u9J7x_Uv)1&ABWFa
z(>#Np*a}KSoxcYMKWuY%Hu%nL@I4;B>}T-bHRSwQu5M|_sZ15+jO`8Kxtk#ZU+emM
zi~uoRD-DzocP*TJd7W`!WzBG4Z{9=EGHp|HHn6-~bYSWsOl?S?1p5VggYL;*KyP_0
z0HA;Oh997RyIV~xZ#TppozNJEo4Xk|)3ay0u+21GMJ)SPNi2W9N5Tq#)3kLc@w;04
z+0hT}MyyMr9bVleVO>0%TKT*Fu<qMP*#sD@e--SSxf|}+da$|9z6AT#(iZlr<zCXu
zttjk8->@4VOK{X}ieeqDDx_PTFS*2yoKIh(#=l3|?}N|bzC`=qg{S}q67)WP-ImU;
z=}pMMc4|vDemlMoGG2IqWAB<wK(H==*tm>I<XZ858`}G37((P4O;`;NV?Zm7cpJEp
z@zBUc@ydeck`;9tol*1Y$pEON8OaP#^XRO|ArWRqAnAOOY+!wVByVVajt$C7*Hjk9
zbWO$K=rB$EzNj|tcjn<2AuT?nr<-So%toNh&QLgw@oceClxGuUdLeT}Vr~a8T#j-!
z!kIPM(-mO_g*M&8VD;rYm)w4L=&QV<cjeLdAU=5RzT`VR`oiu}9(|g7BytXsPx&?d
z$jnRW%ohka^;5NA>UH?yH*2vq=n=~J$C<Smgrx;YLKEDm*XZ!GcT0Bdo!Ho~t@MM?
z#Y@6)d>1$1_y#smjxV!;e8^DjGL*scpL3~^>onj=mp3Kk`f+}97{^B3(2=IbX>1&i
zvT@w*;*TQksH-~AB-n$y7@W6c2)}!VAJ}(o90=_1ZCEwz^V>x$$awRg{J{R3x2u4C
zNMseT?-Yt_`_g(`+gtUOYg<{L&S%M|e&+K`Vj%MwbWhdudF=t5PYj(;zaRa~=hRzO
z%%^|7D&{k)7S3nuI-JiK)qF<P=e+gFe$SB6oh8Ph78}Q(f1GeTPlWg((J$@v!_+?9
zTFumMiv*e)v)@9w*hrkPVI7_ygDX2RvNYSn#STs%M5xn^QAnK<e5upwy8c+$8GoV0
zcEwtpdwHaC?pw&OIXCMNko2&2hwk5MKt{o5FukE8YHR~)uJoUW*<LWPxxY}ran5>-
zB`f~edrLo!j7`){9ab;-UfR+Lta__A{cY**D7PI=hx&|asCkhns+B690K|w7$lb!5
z*q9x7Fdn6yF1knBztODI?w$SY-{L;B(+|I;7VY&^7VY&Y-G28YKe#@tLm;?5hOZje
zKZ{3PPvmjHBX;@0^_$D9!1aIX_{DYeOfr{)Yj7?$)m%#I1%~I(C3@rewO<3^m6pEH
zf~$h5c-f9jML3)oW?(9Y(+O{lP%sq_vCcr=KtXm|0+gqY@57d3ji~2%M9)2>a>r|(
zxJ`{&rBNL(yIsAAm_xUp8GS%SJwUs$WOQSQa4##K@tQvlsd+fY&!rN?HXSHk{4P*y
zz8hO0p0&6CmjD)M;?fpa_{QqS_<0dOtLWqV=wvS-6a>;oUDAg~_=;Ibg)gftd`<T!
zeC0CXtAkl3e4Q9Wgs=5esqmG?%0!q^_&UTXgs%^f$*ZVxE`3tHC9d}l1TdE#OQ<2;
ztA({C5h6Db5rXVb@kD(jKX25hBE%bAnFwKG132;iRX-xc_}a2y_Gl}$VD@xn?P>(G
zzm|CkX1xlk6wKPyRS9M{r~3$Izcj+Z4-Uh@mwxFjn0=7oj}7@g+@D~!H@phLY=1cS
zuT~ZA$v0Ao@dbKPg@#FjSu7jaj~Dz2X7iEvtpYc8gi3p<0c&Kz&jH}Zy^a=Dw`q9L
zTiELyNSnJC`4RSZmC4$Y9(8fr)-UmZUUbMyzys;-yJtLtgO^q$j6z2l1`LdPnetGT
zICt9)9|Qh6U&6J+K+m;97D@bTH6%XiNqmAN9>K)1p2U2x|6h#<!X%Z0!DoFO3?8~n
z??uzZN6Ef-{&?BjqPHKrIMs@YP$1RE<hO@hKnDd9&|0s1KiWO|uqKO8=@8uM<gl!C
z_GbPMX?}mz@cPm`p5_fw<qe>DSHHl#;i|l$H1AiMm!ryig63_YdHJfmT$=ZGHTA4C
zZ?r0JB+VN`^X#g;=Y5v=+*xUfFIva~{dpD_=zd!H6IJC8Xv6hs-hWkjpOato_AZ?-
zBP$ATzE3)(wO<BJA8>jD=a5{W5DNV0Q{ZEz@5BL6=2aixiOXHm1Uf*0MLq?b%0?of
z%&$IW4w4ktV0GHsD^kM;%<yjSig%@)N~yrtP+(xCcYzXlXfHv5DL&mspH&QPB9w`s
z>;K6rT;uyglxy6Y#ur#j^Ngyz-XY$AJ#|shc0*|UXP>}ezh0CEc%_gO*g-?BwWl5Q
zQgzUScHV&IEm!5eO7pILhI!jmd8IV(cbfNuDsKnP+eq{Fs`7rMdGFA?-&J`BXkH1;
zJEqF}lje=3c}`W{DVmo_^De0J&eFU@ns-%|cai2r(Y#7k-d{BD=BJp)sUA1qqIrMP
zJgq7(luCeQG*73>t4H(Rr+HDTyau(r0o~-9+wDyA+1OuSQoMm`IGKR=KRyxp4iQnz
z8Rk>fcv(^Pw@L8S?=oUWLpq`jA>MTJ8z1yrcA7N(uFrGX^OqG^`5ZKT(1)l$LPq79
ztWN6)X-}!sT0olD6Ojl=dq|!3`FX{3>Oh|>&U^Q{@2a#DM8YaLw_f!w(DJIHk!?_h
z_bKzOC^hmf6!=K=E-=VR8$l**Hk3*Cp?STPWrjnUPCjM2D$8_%GVwlT=E%ggF%+2O
zQy^BR{MROu0=l!_1?FCpTG$T-Ci}d8i@B~C#%d^2_qtD1NM)HtQ0BHzJE6)l`B3JH
zPno{grNQ)p0^NK%>TpAvPHQL-djstCC36vAyvoy}IcL~$x7+)idipr+ehGB%oIomP
zVM_N;cA;g_;D;pdyWefSmn3w5k*250>F+^0eaD8k$Qd)(>pQ&krDh7^gCr64jhXSB
z^A)mTod1D8Ps5)lA?8bp%P8A?g-9(p(XR`8tLJL$YVCygWzNUss;yAx!QKsiKOG);
zds4LG&ID2>RhjbPbm?i}<M3yMGXk19D7{W(Px0nLORG6`;&`a4b-u!e1m^F~|7aBb
z_nVFuG1AXe5GJI`4?>H;H8>#_sS`rZIw2aWb2<EZMcGU!6rBRe6X4Gbud$t)MtW(Y
zO!*m7!dy}*M5N6m&Dj&`yJ4K*bJUpte;$B85NFoq>G4G<9I9b{tkHJM2~O#pci<aD
zqH%(!CFezs8FR@sv!UiLNZtZ}(DVyzx2Pj#kKg5Ql$Gv<O6YnSJmR9gyqs5ingpMz
z&N&_cfN6l}no1Y66p&#8%fTNbU5~hiumnW6(y0{Pvirqza*$0TaCE9t;CO0I3(nO@
z#*^7o6>AC+ASbZSvH6j#`I~*?J@MGUJP1sKR&vZ$G5WK@)&|an>z+PD6j=cEucyb)
zp^tp1gil2rFyVZk!^?~M@WyimUeGgtap194dNU)%hRi^_22g96u65^Vcx9!pTV_C_
zh^UNdN5rQaN6Su1Bu!Nz0z<IR#Z^aNu?Z+!m+Uj&gO2vVGu>+?1axEQ(?ON{VZ}I0
z@Kq4nW!vhi>^V$omvXT_PUcz>aSN7jIEY#xX}$e!man6?g_u~S8@Z3E*YcQW2n63$
z<-9|4YC+D+09mriuUMoDheZ|&RD&_zLocSXMBZ4PJ(%@eGJ$pRPISIpas@OjWVP0#
zfhVkYF+8}e1!!@@NNsYB4vU_>d+L-~;^vFzg)oD%CkzQ`-)IsKx{TiTtQhCcc0oKb
zC5~ebo552Q032hN!Q(L}Uot`iZ&w8OR%6N$zBmq^3-W6WEz;-Q8d=nj{GG|aRGN1E
zK$><t8hxf+->w0_ixWh2OEv-CsXYSk)FR~$Cr<(2S=)}fZ0h(%q&8`<1H6u%C5nq?
zfXS!X$P6U`<#@5pm^hAFN}5tczC<tilxdT<RM92>d@KPIcFQkm1TWE|$sePmx1I&D
zV-I_E;u)Mf#!b^_I!5bFwzy3iwmACr5Li>(HeD_fN3v<eF!Uez30t^0>c{1xB~x~O
z2)_o)k9^_RZ~_GuS}^H>{XIaD)C|tncRi2knBy~Wwq>WDST3#v)HHcevmZ(P0~517
ziQu7PJ0|9O5=Z&kcRKg_xI&R+eqQW8#;?quEEkA|0&RT?+$R_KCyx}MuGP@^_X#lg
zB!JvH4FUNeKrmi1dwps&>=Q4uSH5I3qe*&K9SK}|>d6wpm2C0A!f4%2z!gtDQj%Q}
zZBal&q5z$|-BDT|V%Y6TNfE5ulGPfSsc-vP_ov_Xv+kL12e9t<`>fh%wrcU>cCrx8
z$9xJrCKq^bG<#mHF3^V+h!d?)0O16iotd7-iS;G{f1ym%yV~PV*MoAQGX-!yO8Me%
z%AfJ#&H{RBK?0z?xVC^&H=X!-0X6o1BqQGEJx7-3xKg`c)La**5a9_46zGeXPqJ>z
z9}T)I95OkMtH!Y(un<P~w#<|>d@+a*88)#GzouR5bbiy1)|+YOVb+@uN@rnR!9G?@
zy`L|6AJ3rk8h+kM@(tfx(B2YvibHbaSmaEI9GP_aLRU^4NF;pM>t6IyuI5N;ccD8c
zwllMV=2Nnh?|Dd@ion3>%%8;GAS_jv<)5$TmL2+OfJD`XN{~4g8cN58uHKOw>JAN^
z@JlStA+b>TTO^Ei%4TG&PuvfT_1VOogta!Vy_ZwC@H;z!!f;+s0>h=M^Cvsqw%az?
zFc?{mN62RGuM@20dcitf<OII=B^JM8D%Ed$7>>gsjCP9W@r6ALrK%Ta4UOY`UBez_
z4$pKFk3l2gmJ_-efsgB{H8~+1dhxT*PPk3<VLo_lNGauuuTt`ViTUSE<}8ib%NXGj
zn3>ylSe(wEXd#^mYLo%i+3xfP3<Oq>`Hs-Dr!52_W&X=#1D`tU<M1>v5&GsDNvDtu
z?-B`<vZ=m=5K$kUgEKmEHTj@UjpqE_nG^eV=M-}$XFx0P)F@BE)V5S8s|-bhwv?k&
zmpBbnC;0ap)mou%pw!kuM&tT|4d3KwU!U{{UNn2j?{PFD-dNBP{^ROOX5<v-cf<YT
zGYWx@f}ao3OpMmlc+MPQv}eR?!Cms#K5KC#hpmO+vlc5{xEAlZa4j-PpFLAKU)UE<
zq3Yv$)y|e*GC)3GmXki6Y2@deBEw+LoLl2NF*1ss&FK|{9<SN}>BBbA>w<W8UEuef
z(Mod*>JKinq|~f6*($`v<`xXq9W&&U1H7DOt51&ZuTu`QC+Kr*eJO_-|GGDaDLu~U
z36C?@(JiuJ1cB%(_3V$_k{&a?NphWgZpnTs;yFt+5anc{#BG^H_hZv>l)L=$;drjf
zxos<K!ATX(6|P>c=888Tzdl1-m`GY6l!Av0sqAtlCc^Ii0?J7l^TdL}7VKPjg*DLO
z;cEQHSkDQzAC0yHlGBR{dM#U_Guev#!|`ZrR|ZE6=$*DM03aTmjCYLS7%L~7U3bBc
z!b7!@*-Vq}`jP>sn}~I%gH2g3c(FMn-SrI}ti0<>R^Ii!!JKp_)4RUNrzkB<mYr{l
zXHlmemG8t2vHxXy*Qdw3K3Jpmjp&t{nkIH;G*Rscr&EZ(8^Dev)p|RGFJ8sL7Y#{4
z6Z2env<@EIOt!P)37mXXV>*oc$;YN<bOf2UqvExF{su8H1PEXiz_=tzz-Yi`vie&I
z9(*zCIjVw5pGhq^=VFfD+&zB2Hu*eDctb<F;xQ*&ToWO57xvQLy`u+M1&FTN<i{2A
z1I+%&>@ET*_25+129eEe2JkbKk98s+5#dfa@;UOcsg*QUQH<#3hYpp@M9(CT$hHlG
ztDJZCX=&a(oA=r^0pQ`Ff)-V;<=}gg6^IRO<_6NHdtwW?j1<(wr*v7CuXmtNG11FA
z&?}gj=}9!H>CVjCl6Ro{h7-Co-Y1A|fm|RI3XJqAFj_8f;&I?`X+-4~%lru7buh7N
zPwR!ZB_jA5G?nYqSNA(ofvHfS19h{WyapMd<1Ho4V&5+a`;#tHJH6-}O^Maq6hiId
z(UA|$*h4a0eO<j}J<?`Ya%f6CCllam;4@+ZwQp#X;&But&KOO(=QOc^HK$F9m;F@%
zSp>HwY5baU_YP}i1OE9)d^Zx=^$#+GQK54M%?|fbl!G^Gs1&8orczXSnm$36p<IYa
zb>Xgh_*N)hPZGMELp?%Qn>KQV1Kt(tN{@clvI^dhel~g6sK2=utubHGMM4K6{dmUp
zo_D3l&0)0CKu<UDfU`U;dbC{2rmCfW3yEnSc}s)xR#Q)LUs23YmZZ-1lT{0|n)}NN
z!>kxj)>7s1mPTL6GOx2nM}IwIZi(E=s6afv>84ZwY{m$WvHk*>^q3p5gd-?%kfY^k
zF!CdZZ9KfjPB5jo%{j)3ZPFX;+Ooe;Ilg&ah;L5HSzNBf%#xFYyOQFkyCPJv(|^SP
zXcb@t(|sri0~cM}uqQay!^GFeweS_G<9tNwd*RWIOo@OHby@0Xo3~n8t)A^8n09UP
zo5#r3TcOHXNpqG%&N5k*c4*vXkd4G`N%80(1=nA824uATO1TR-SW@d+M!<pN%*6%n
zj{?Q!c#3@c2UFw|)@P0^cx3G8@wtL6E1B1Y4LIJF;~S*u$=AX3YrKq=>+uqxt`n4F
z(%FR`{~aUs)OKY}Dci(1=_cOzi((T~Zq$)v{ZDt!_0W3yhAgQz>BSYlKAiqqcrcZ7
zHCs;~>LvYmS0~O@j~)_^q%ZN(1nr5Qh~v_)Kcb1_i@#=iEA6Ht%DlYMk1;Q?r2lV@
zb>%$n2GZARabJ~-Ng&dLlT6xe*b*p*-e;7$-)WwQl^F)1EiF2Z70vR<d9bq6fSnRV
z6Bo_NK}>Ywb4E$asCq6Vdp)q#!gW)>h{N}-9{(ALT`*Rrr+)7+)l<g-a7~%DC7mW3
zjD9ClcMdw=Ie^zl&v3;McXQ831@UKrj#TZ{y@`hN9e?p$s;BGYptsU0GmcOc=Ri?i
z*J%5}*$M?2Ks-iVhd=6{xY8S;y5My|%VhiRrx(HA;Z+yKu6o{=Z+qD}s23*=BIn>1
zTK5yI+sd==T6)M>Jd&|A&iSD40nQq$Ew+Nj9=qfB4sZ~a;vQL4{SiLww$#{xN5T20
zPjBzYy?qS@Uc5sE9h510J|*eYlb@pJ=AJ}yV28UxRgq4bv&^p&@x3~|Ke3)GkhM{B
zW`)$Xj0EH2qd7<jh5$Ttn_E$Me4j<(LH7IOhvlt5f_{xB2U;>A4Gc)daO37#j#juF
zT{-7-Ko73>(ZpFsp}%`Z1OA{iK=ZTLL9UaI%>h}SV{_~Ta#ES)p6*xmBppf4hS(%D
z(S|lrFH53h=Fzzl9qU47Q2wVpneYEp)3IW3HSTG=4L06`bFSf}#v^FsUks2MA3MQZ
z1U?Z+<1pH|31j5O=BOHrz{Xl}uJN>`aN5%70W#J@Go*=Vxe0T+r+PS6Z^60R)9Q>>
zXzi&E9v}z~n!Ps;IgJX~jgKSg`R$$Ha*uk9L83A74@xw^t(Vxu=rL|L*{+DspH%sP
z@wxQE`>uU|GkPI@M0j7<64K4E?|N_`p(HiS?m|}%3J#lk#_fF8t=u>g-#|Bxgt|Gy
zDe6{s@bH7x-2Z(!CYbxbQ#9yFAoqX2|GWD?SdZZD|Hl5meE;{nzx%)E1G@j~U*-K@
zf93t(Fo{+z8b)DiXs^8gV~KqG>it1@``68)F}*xd%i5Q^Qc?6pJ`%3t3GZ=V!M&+y
zI-86_G6uv<UyFIRi{i}s(VT2b>!oywXIyClzHXpgspJu2Fr2T~#qq}g49jRD8%z#E
znC8Dygvm!N3ZaRAwdl&QNQ$gV#*;(GBVLG%=KNU5@+DblQA|w{&^<Zc7GR_?JIt2+
zN$8z;QedogMJe#XCTQ6erCLvVOJE+@YfjO995?M!Uwg(W+EvO8^YP4*(yCRg+f25f
z#CE1Q+AiyZ_2~MLUh9GBx0lfOOil}?op9WDx@9UrsoB|7P%h}G!zY~@h-&Bo*l_jP
znx;2RVsA^peXdj_8}KLxG&}^dA((hfe5YPC`D_OokS<gMa-M2H%1=_`_?%7Oaa6l-
zTA*x9j%v{_k@K9nRfdAht+HFap7uwQP4;&2M*9$iKRlgTunc?z=K?_p>r+g}tA&wl
zDh!eI!4v3+y0M|?!2$HvPMlb;FXt;<++%cCFz3hF#*~Vpg{}w54i&A{YQ(=suQB4x
zzGNS6CetV))A&X?4ZI&9<4^M*|BjbD<A2_&9RFh)Y5c9u;`nEt@QnYZEoA&AW7Xp?
zBI8f?j6Xi0@ozBV_=z;3DHB7iM`Nv(5$2xO%1FNCW!!Vj(jORJKSE?=I~P??#jT&r
zfZg=H6K+?R8Y{kfR;oChRXqAG)j=gN9Y-8$KfTa>=98fGjf$uG{^7^j`k>7`G_oQ0
zlA9qF*j=R~IM{^+;m-h{`r1R|*|q?1q`U~=Fc>y1;H1^hpsn9NCf%$YotwmooL}4#
zsN-xSMtIm>^cJrDXLAEt`yPS<ci#6MEyEwL@!DQs<LxDnH-?TkQyy;uj5o_KuF&xo
zk?|&b#(Qf{Amd%q#}BSFB)DSfKn77l2C)f1?y5(A{Y1dK=_3m2Z;mo3VSJ@gm)sEF
zhORa`YClAWzZi=}CZCsJI+ne2?a~(r#U`NI+^mjdZxK?=^bbb+EWxC~&?t#FAq>Jc
z<EZ(NW1L$-!ys%cI!Nl$I0&6+T@`(qmBs2G(;)dK^&yL#QQ1)WurhGAw21wEv=IaS
zIs|`zc9w6Dgr%7Hm?v=vNt}s^PkRzalEgeroZv}(*2|*uCKX?D#B065qVlG<eDl`d
z(sliQD6qsQ^h{^@KL0Bya9@>%7IET>y_unfY>Jk^xbG_W>h58LlOD;~kQ~>e82>=F
zKRcEshdcnIfaA3}c8R+qi?S;@1|o0iT=iY`ToJBFB6-yzl2@40<$0XA0_6`Dh;m6*
z9BZP4H4$T=9FKo~hoT^nzWs1KTFTtC|LJ%t^)w-?0LVEzs~P2Z;*6B1)Jpu0TeOE!
zeup~bRfZpV!q1~9bPvW}LtPhVqsnbC1o%*MI*C8|;dCMz%bX5Gwo|Y<wZo`4#w^uw
zdm0bN6^xa7f`F{#AYc3m<9Kwy<LG-Qo@d_RnOj6W$JPE8O(`z3k@;IB?9F+O8XKK4
zpQzU1;&zj*T+HkhN1K$qE`Gt3B_>0>7xKI~v;~ns&XCpCHBALbWE=yo<|(Zo&V~X@
z4J7~%t}|Q1F*<tECdh6rp-38d(Lv5eOF0_>?s$%g+iFE~)GaN%)CzkKIh&|+2Z2yU
zy-k^mkPYynI`YO5Lg_jK_L61HGTMGKIi4V(7?ed&?a?9P{e3w3akZNNc}64iKi>lJ
z-^}7l2(}Y>O8%#>y<KuoyE*w5Q2z~={>JBHo2GKCM>3#Z7b*QG!^8d~$E@$fr4NRI
z-`9=H8X^uca(<nJ0PDbxuL_9!P_zV(gYz>2IS%He!*L+<(^b9xee`%2&hzjThAfEJ
zmIw0wcL-GkXDbJs=^ersDDMIv%KN|!Ka{ue3_p}tGs6$%JvY62%KP;#iSo`&BV_S?
zpMYG3JCd>c<4_>V#|AFREfq+C0<Ej0yjoG8CYiX&CctB>T(seX3C-;*)7);Zc5*P5
zf_@5us}(09Jvbu{>qlwj<rXM1%EVPG_UK3HX||YzWzLB0S=sF^eEs30{ir|TQPP1}
z|4ij%sb7kN-6@JD#+xKB8afX#eHgX5QHQ9Z%Y@&^Mr%r$9thsD=W$^57+dfFJ=zug
zz({vZ`~biBFzmbU)bU)lE91G4{g*}fuQ-46`Rb6L`HX7B<|EI7Djf>l&E>(9Db=A<
zTK+3?Y+~5smz1$uE?S!6zGR#Tjgh&i01jW+p8cm*yFIs24Z*SQ1l((Vc0BKEcz9<@
zwe9^x+j{}p+u~~Jij@P7v@l9~hek$<7@tKe^bT%;CcYZ&CtfnRbv4<i>e1`(Yj_IH
z)|%{NbRM6-k_=4fDesD;{4n+Rn<e}Et#=OYpM(_Ae3DAnRa`oiL;P1AyLKv1jguRP
zv(NPr#n}PgyD4&D3(hMxgol@)@wED=%sMr&o}XK)UC%>VROg(Q3O6O&w2CH|lJ??#
z+IuRn_AYhvZEuiZ`$rs_8xC+7?tD0_1*aZABB`Q+V5>wLUR$W>gW5x{`K~=(OO>`(
zRR5O2OF*k5pf%3`r>*uL1h86y$l%b~)kLK)*-nz<0jBLKOwSt$iL2zyr_gVr(O%Es
z9sg|rp>P#`{lv>)at<biJePy&@eP7YOZx~NT$h%KwZXKe>})+Daf{IM5AY99xSc6G
z^Y~nh89;FA{`9pvj>RuDY5bM~|L-NG=3`g+?@9&D9--xLf^~W&X9=H^s<~rH60Cjn
zA&L9Qk2(CZEkfIYm1%QM&lc=Mb!iJaYY4nA3oU=O9_IzkZj#WIY7Pk{HQH{7T|*=n
z0&u^y;@%T(8lKc>ukZR$Z9f^0#J4u{!`X)!sIBRvH)s|hi#|dt*rw{(#hJ;#V|2wo
z#4$6#$T8PI_Tovt7*Hb9K1*9%YPJ~no+BibFhX$<qPbDtQV1Al-5PJ|W+p9LXGqsm
z5JR1tcHCsUWJ)}WZvE~3jv8(CDvXX)aF9<ZP@yPZ?0$=!`ZEb|30dkT3ii5QpnWTo
zfOZ8a+BQmo8C=c1^=qbXWTbrY9nRBt95?NBKS$^H1be-!a_o{F!i`fHv4novVzh^o
z(?Q1qml$oO#xk*9X5tQG%gU=g2|zg+pe!tarE~gv0KBsQOwAtu<&D-YItV3j*yLz;
z6~YNzHfhR*mUreHpS_?_g30m7Wm3<2hBs<TdoE~Ho2=0q<@y*M7Ol8D^_JUceNIp0
zDtJF&wD%^=Zl*U)nr>>rIsdvtZ|8M$h!ms|tiRq6N1BjU#VcvmQbYr5WrN9033by8
zWyeAV>#?H{m4N(zQApW4B~oy7hDY<9b2VDaoFnunsr}aj2q`!&W*VDdn_E5aCF&~{
zc#|i5#%XD(;mg)Mk9~>lXTcsK*un+JEP@4-wW6~dVu2pxAA)m)eqJ*i?tG;m*}Yq(
z`}O~S?bkOn%KdsS*3W*$y$bg#Rqs_oKE3uTHh4uG{`DC*cwlMHww@k+u%gY5y`MJm
zx=>L8&@rx+H_#w8{$9SC!GCu<Q*$J<<*x)e2{I;UI!0X1Z25CKnUPVmwbz11&5UJd
zLJ1O2)DTRc9hyQrB3nPDoG)ICXfT+dUTQ~fn$u{zY$Rwkz}~37(Gl9!c;hGrQQ3oE
zwqS&&K{_yuD7#2D-Bx3ni)^}oNO!o2^a`jrOV0Bp!wKT2Z<gVgsqtSFt`JJjn~ypl
zaQke8Y@@Uhd=6~x-|UAhyvaVNC;OrMmjm!lLMwKA1b2j9il^}}_k&9RP>BrUk0!Dz
z5T|}H^_HIioJzdO{+U4lRI-1E(ki$#PC$LwZgJ|H4{*$jvl&9m*OD&FvLH2^h_K>d
zRwM`X{rN`eW{Z002WMe~yH3C|RC<HU4^)TPnKxliTzaa-rQVw1M(5@VT5To%{tN?E
zL$xe*wbiWJTFhQy$Y#pC^{jd+N7WHKSoIur^*yXQMz^jgHXP;XKf+=^{dNz`5;2RK
zV><*LUd{Ompw?;H(5XB%Q2_^9;@HI}+_K?Cn)t_3vO|gdpL2bS25eSf7189n>}VJt
zPZpVP5E{bkG^E)O+>Yo`^gXQg8LpjNu|Tev&g()AekxuN$6>|yaP^>KE6K;CvTkqA
zZ>JBkPD_<_S9{g1qTj1aPPpYddur$pEWywqi<F`M^Tl3^0+84b_r^#Wm1=QZ`F6GH
zy8r1-jTfKM#dB5Y>w?`cecq^XzZl-AdB1RP1hrpwzJ6ExW#Q|0yI(r4xU2n=Vpr{#
zPaMJQ7qcVC{nE`5{C;sS3Vy$AU37Q*rJ*f={qlLw;P=bqo^-!-jjVFN04`+0e%UVA
zzW3QL@1bhcWd9l!rm$~xY`-*lmF*W$T9f_Kn^SKX!0M~7unl9P8>Y7Rez_s;c}2Nj
zzLxh(Ty^{9jQIL1%Kh@5yk8Qk*)J7ze=vkkf1M)yjzAH<mI~p81uBGJw=fulw=N74
z;rlKO9^vaRR3L3li0%hzpPC;4(%$TWNc&qbNV~BIMcR@GfAKUIAin;P3HbUW;42Ym
zuNxr_;tEFoc8fEYJ;2oX@B+iAz)fl?1Q;}wmC2&E3m$r(<GDm(sM7e=9_$h&5IoUH
zcmkSiF>byBPZGoz7EnCNlEIy(!jlBQARE4bf($F<)BrDh5qAY|OT_;c2LP+ghY?l_
zf`L_ohbgRn*LwMffXB8(dO?jDPflW^wY>KAGL4DPxM8gfNyldb8GL3Xk>i*4v!|X0
z4T8P4J4=_Da>jC@q8GgyV^2rb>Y1hg8Xv~JSTjEKc`;yo2!A<ve9#rE@L}%!VDO>e
z{2=k+Kl1{>hwiDt<AWxZ;=|5x1wQ<1cx_l(GrV418Zf*bdntH$<;+vTYj1Hd@LFCR
zB)qQ72>@P>uEE1=U{?ySreWUum#GW0GHu(80H~iCm<V{Hm(Zn;gJV6O&Z4c_LNDz2
z3q2$oF~yqKGq5Gs;vKBC<eVi^u$@8o7UD&iGTfMhJ;Bpf#lj`P!fB<Ij#Dk1?KE39
z+wbDW*>ur#s5}bA_mSSQLWiZG_@Cub|H|uCUA0yzbh*yfs*;}y1iueDYR2zx9ZLM>
zb+urLbChU3dui}!ZJVt^>%Zp)gVx*T28q_qX9a-PYq|uF)-$?LIQ0zi@*fZwe7Y^F
z89q%G1x$Z_SsXl|jy|UX)WA8x0IK<%AOSVGC;&i3J`_Bl_9jt4z0Tdud0}5zGrYzu
zRKm+-zZVi8T__7ExoViTas&^vc10?fy*Vown2nhgB+NF=2mofoItLH4n9dYtr|z@~
zl0QGVAOQNeAmIHq#U4DY=FCvR>T*#qu-Z@*B&_b49ssOXbqpR>lR8pZrQB{)#r|6B
z4KJ1a|22(OM_`9~H6s6CVlZs-ye$8ZHwZ>Q^8Xp}>U`z)@{#}Xz0`b<{12Kdn5EGk
z?oaLq0e+=NfS+Td0{lmT3h*H+z&}4tCBRqC2u6V4G9yR<-Zn!agx4gv`w_x_pArD#
zm=h3j)&_$($q5v3xPRLGZ}dfHifh&vZ7r@*U$n9~D1Fh`;=9!sHF*B6^hNq9Ds;0=
z3kKZ=O$!p;noSE{Uvzlt-RX-um;*r7o$Z6y7dhHfR2@?3?>q{YzIB;bGkt3~uSWWI
zX>PFeZDsLY(YFr^RR{<8_wNzzxFtx0``B`K^zG)P0FY+c1Hsd`><1{)#9eRmzqvoE
zJ*UR|qm#31zCS9R9n}4iZT4N=AN8GmxA#X^=HAu)(ai!CwmwrB47PSI3=&)anH)TM
z+&nq>`y=b*ySqR7c|riYWI}xK_eUM$=`Q*EN}H<m9l_GqUyEv{uU{3_NMDy01xsJk
zX5STk?K44zv1<#0!Pt2PL1L`2;O^+_>*E8!oX)L-r>~XwQOqg5)TTy#;tw;F`a~sN
zOn~HMrCxF2b3y7AUmdT|D@IHVLa#V_T+Mn#&3!@X6?YlvYQ1=|O)&Z@`}6?xAJYSt
zr&|{VFHa|oQ_0isJR6KWJ?_~c<>@VB13>F1?+sp_Zh0>Sl=FO>!1d+lrYi9}({3;T
zKz?DV37+@WZ2do&5hRX(HCBP+t;Yv}<8$+C#_^a|LE-r6mUQVpKi9^~zWiU~`|>F@
z<NMSp0pt5a(}TzNw0sr5fB8%>_&)QQAn|=)UI6(1Y+Ug8o)|}gcJpji`lCSL<uca{
zuL^U(@R~n0cz7+%Q^89!HW+w)pC2T=T8$0>UK?8k53ji`D7=i$s^Ar@{-#Y~&H9^K
zg*EDLj!q6rfAjI=yVc(ewA_{cCOcQf?(NJAhTVH9FGzOp@x0&#look+r@xu-bO1P8
zCpvij&5z9~&c1y5f2qHjT2QlmF{q$M`68hpSoz}U<hznD&Wuzc9N^!-N4QqGK_Z-U
z)ZNJ!DLDZk&Hkpr%NMUTrAU)=@_(eC?lYlg`gZSx8tEH1At?H`^Vz$lZ<7k{ioQ)7
zp+Yz3$Y9XztC2yX+l-OH)3=95-W`2g{A2*A+O|pX^zD3OimKln3--SB({VNPPtT7F
zn16a?Lh$@k){`p!scb|5dO(H0F#MB!M3DT`@!<i$>ba=k`KR<K3adIt|JV1WXU5ii
z9&H_4<9W1lY_R81*7&<RkA@Cc5r`d6216iTd@@J^G3?2^JC8md769U8Gz|Vc(l(@s
zv**t?|9*deKc?pW{o$B^_jlei!SC;aVXFOoY<MvH`_th;?(dN70KoKSgW&h~$OaTl
zZ4cdzJlj04W_aBg9WcDs<OdJ0(xEDNB|aVuy#5&$B)lGdEC6_&=YxmWmpp~n^gsUB
z^6b#un)$s>xi#{8y4;}nz28UOEx$K6@2>d01w&Ni{N~VL$obZxL6Y-@Lxbn{`VYN3
ze($Y80pM&(Wbpjn?RpevxBvRTlxII2Su_7&9a$s)kTWt^{y~>}SNubhK`Mj;{QLI^
z_vnxy5w7WwyW=0m4h#TkLhA<4KkSI0NVD`n8~ObVc<QKt-OAaf(j^8L07K&h$B1~r
zF&P~>&xwcw|3h(j6~GsRYvXi#f35Xq2wx1awcga2ClLUv{iXJgGucy2_K{kQLUhMu
zJ1*GD#P>Ef=lVJ7r3xv#EZX#nN6=%M(O#dF5ZeAUxxZ2KgQ@LtA>|i=@A-?-_Lwfy
zmZyjJ>zX}ATewiN&k~z%ou$=S-h#^DD9u%0`bLNvlu<nB5ggsQER2J4WB~cF?K0VJ
zCYFjl`rgaQao{G`x(uEX#2Ndmynhyup8unENP`{`60eK@z2heMVg|3nMFv5t53nH1
zbCjV$9Jn=!2bXFhL5NVYcR~fSF+;PI<u!b936=-1)Zm24WGCA-M~i+NE|3Kj^S;B?
zYlo{RhXR1|qySkzeja!MSFIsz|2WvI@pKhom+HU|wFAQKS#Rsiv2?5@IpEgm9_Akj
z8pkyyh3th|q3l$s03BP)1cc|`A~@`GM!BiSaAmkA3n4VW5gdh8QwQZU_eWR^>d#=|
zB(V5OxEI2{)oNd@YoS#%2-+)GV>#D5QV>4?fH>$|7(q80vg35^78qOU^L^g;KOS(V
z?Ba{Jpv$p;jJ93Iw)-+|zZlEzgbMcAWY_f432iGOB%CSbQsE3E#uy;~Y6ElCwn8X#
zhi2N!jBRgbrd;Od<rAu7O1WX;``pNMq&}RPQjy8`sWfWtWb!>Lspn=5b-h(~CKOq`
z14i2q;?fux<uQ}(tO?S}N!yvWzl4-ae923syt5P>fZ8gJZ7-Q@7@jWEcG=jrjJLjl
zC;4Uc7GbLt+U_8`yLVzK%&#XQOXN?3(AwZq#Aw@@sVTFZHE9NEg|?T>O<?Tc6YW>Q
zwnfxNA0rt5w_rOAKCc#kgJZlTSdZ4?iy^9Z;!g0_($!?|Nl-6bu+1XmV+%w;)Cuk~
zA!UaJ{Oge3jn+G%{5%Y<T}=M;cQgtyl0{9~Wlrv$cu?)%dw{)jvjO&^X4?L?)Y$$u
zbF6lNqjNJOY13%ksxzkiWckx%AFc%t9+{foO}2hoa8%t=uwAD9EePdI=No7U{*el0
zIw9qz<($dhPfMnWg&|(#IXqa(1nV&}kzp_qw<n&VJ;Y@1OXfo;%_EBWR6t8WnS{1C
z1#2al&j*0lz|r+iyiUPl?npkp{FU=Mj*KVN0P**X)@@`!mn<$-Jl_z(K0|A?r5cQ6
z$7!()^h$Q_33N9@+KpAV7tY!%XYG|+TrytQ4+D(pWU`IYf=8504Iv0Kb)L&n0uKPj
z<nw}iN8(QE4=gppWY35oGY+j!4*vRZ+(hUgNpG@c)Yn0p9@63<EgsV1AT1u!5+E%Z
z(tv5GpG=lLjm-2GS)n_V-*e5!Rfffyj$u1@CYF-^$O31CKz{^fio&745a=%i`U{8t
z!lAzq=r08N3y1!~p}!F5F9iAvhyKDzf2E|qGSc5o(x0;-x*+VnyKg5>oZRo2n~zod
zZ_73kIH4OGUavRV9}?_Sw9NkuxT?AI^KrLHb4gg|@rrT`UBc8wK-j<`G-1%m=nBa&
z_keF7cuiV%p`J0Z9O$Rcw#P7=UsIaLPaywuO0Vz*r9@O9e=_X^zBGah;YtY7^AjT{
zH3RZSIF>wqHX-81me;{;Oru2dbFd*Tk2i10<9`)P&YK4*@CBUVoX^x;Gq${j9@hKX
zQ$<tCY|&yMbi_O!CTKSUA^%&Pt3T$3e(I2Z2*XlRYR+`@cIUMeZQCttNk#^CQbsx{
zEh)7$H);;UHbdX9b{rKck>DK7{MG0&Ua|PuFUQ?R+xGuzTp@}3OyrbO$97yQxeFo-
z^f&myLl24J7!N`lhg`)Qmzn`_-~CAnbHz98Y%E6xH!yLh$&s{RMOXBnr<MFA+jbM+
z4lwKcjWTZvHEFJ6yf9M3=op|O!#-lPx(DztmeSA%j_Gn}g~qNHt2N%KmIw?(B?UTI
z)0!S8Rk+~$8Qs*`wu*hu$8xscTw7&FfxlG7;#?;D(8eo%Bbj{`8f*R|fKR1gL>D>s
zi%ZQWaOFj&y|b_@CysIAj0Nz}6E1}vo9v3^d}2MDO}^2&T*>MHU#<tBo!U~6l=~I!
z^vNO>q_!;eAv6Rza*^?Q%1;C@*J1R(Cjbv#APV-rIyeUEAi4aF`nQr|RoK&}LA(kR
zVWq6oM9vJML7cO>INt?0dt0>tJ0_C_$P;k^`l}XT(pi5C@Ti{!c-SYx8BR#G4ELU`
zY8mR%=qFXJ!7&v)?`l0Jx?_FU<Bwaa^;kQJtjA+#{H(`F=l^m&8an?c>*1sCpz*^5
zJ2@;N{4w)!3@om==Qd^f1fSSaMl3E%jWnJy?6zqb`w6zzOUoc!ig$b|FakE(C+LNe
z^L+8c8XCn@2Vxk8Gpne8VtK0bwYTJW*$Csq?c3$HSNs}J&?_wNJuryo#oVP1Eu@~U
zvt%vWA}WQF238~6bw)7{2=N6mHCw+7;qi{(`|CerIXOZWM4yY1J)XiZgJ6FaXIIh_
z*zBhWmD08H6OQGdmeq!1`ILItTuk<v>upue+cfl*8FF5t47itOfwcZ+%j&pne#vw>
zgjPG!j`JDvlQG(YxSsIdz*|3B(MA%TK4eKfSP}x^#jBKtE@YXlDtzn>YrwBLx9$SJ
zI=%RRhhJy@2^zm{6a<4`<uA(k)$QQF#jn+|e(-B~Y#{j6;dE8_)#!9}_|-i&Q2hGg
zlsA4oewpISm2EP9^<hazwkhzd<7J9p_p{6`+W^0$_=nbW`3$X0_B_IVCS=-Y5eQ09
zDj?MS^erI#NX;97FX?w~!phb&I5FrB#`+c`Zy+(xG@?g(N7C7Ggqkln7E7J)5t5!J
zQS+Bh_@m|-eyDkZB7BqUUWtAWI#Ct<eh%z01$(+k4U|Fi55bDG@c08YNXa-DSc`|3
z_{5;H@RTLUmvtf5?r+7^>|a?cCY~f9-r^_d+IZ&ro2=QYixddGw=(@B9ETX8D{NN|
zxa_PgSSx7A-(FfW%a{!joa!*Mg6^^03hEz?bVxC%C)Nu`z&f`m^zl-BSkl2*)`5LV
zCGIV<Ky1aD2#%S0aqi{_9GkOlIL88~TD!j+T`fykj`{@%L)wYJ!}aY_MSnL(RMlTB
z_Sb;*H@z-;Hx@_Ui1GCMK=u7@lKb6oob>xe)%U>wf5B*T!<x2Lhf#)K$b$eEv-Ke|
z3W%y;B7A+kDdj3(JT?UNIgM!P_8->kgn^o}ScC<VRgbBBq9xT2ip&Jh(p*ic{JmO3
zkgy&I5!hsV2pKSEGivY1vV$w}q&APGa$@db;CT4r3LNqg!FE9$h)L#+wAB74T{!V!
zR_Ya2%8`^koXB=<STY3s$+X?cw4E{9&cQ^pn^7uSx;}*}pA}Se0i&XH_ntS|F2b5-
z3yx(p7)Pr`us0y)B^k@L1C)wpF}i88ow6il+HPgqZoqn_IhzsS0RM;cjds>0Kk=*H
z$w^-uIj_;sk^`DmyPYtkYeVt)Q3BW%5ZWRR;1bWT8E<G*c1oWCU-ao^r*!0-*$|yx
zc3NvpIYL#cOO4>wh{m(9GyyF;`yK}lM@ccuVWjatH1$K{zinDAjsFtYN9+sZdS8|E
zF3m}RoL3QvGRUy&2_*;3NM@e@D+U7URb<pTpHb&po$W+S^if48o<|4x*TH*w$wA8w
z*H2VA?SLpL;jbOXsI~Psd&^fUeE$eFQd`l+{Tlj`zJ~@KDico<-XPtEUbm5g*G@d>
zoK+XXPF83#FqB(yRv1;z7KmNOY6u0nNM!cegf@c5d=%wwV6bGkZ_6={1{#{YIg%3N
za$w>d1$trKNb~3sqbBB#7HmQc`88p}L^DYuzw~mz#di_$%%G+nPpERY@dh1V{0*`;
z79uTd*Fq0k$jpH*38CYQzplk`v_}?ycQEUb*M*JF?u6kfuksVajO6=Oes&re2@Ye-
z=n16nWV!F3HGcX&rSa<9nN~{~lQI$s`F%bWOZpKUFyWJdi>9_`gte7a={Z|Sso;xa
z>qA%L4QYh<7|YzXh+wWU*(wF=9<HyW5jmIk3T4hzVI9+y@&ey`uSruW@IChmCHqkQ
zY;KLwZQ%ZiY`j#6xXp<RwQw7;orVq}drxqMB%beUGv6k2xR{x8jxT--hHb5=G(sqp
zqk`3~pZttacCi*{?QAy%>#<uVM=Hed<cyk&Mn~umiThZXI>B15&lC6w<)Ea=fc*?k
zgzN23=XHbk>&U{I4v?iDd_YH%XNT^GzZv^MKNl*b?6v$Xr0gc+@toG^uUBWZ5kjXW
z$CuWK0j5RES@@D!a?-5D_urQxAa*+g9?~q{Rp@qHdyPod?qto=5Fub+#Y<RG0;06@
zb&V2MQfOKqST(;>4XkF@`@ezJ;qaPZ^&ekYO$ZKFOds}t53h9>1BaL3h}<(c3CT)=
zU^|Ubq{Ye?U3lGC06Ur_UohF6M%!;<!Ur0TP&_$|h9rcv!fV%51I9Kc#GEgN@a_wq
zFr;PLE*iZ;O%SlF<q;O&T$JLQpRu@HX%K26k}ww;j=t^;o6(!SH~?Ub1NP#HKVoU4
zif|Kgu5VyCnYP>f8Zro~YJT@Z45OYYxf-tcAYc5(-)?uNV-^@?h$Wkv5|B?I>}O=t
zB{ZaV0u84_4%gqZHAKjoq60l&0U`5=`@|^1jbu9V^v0A!=J9Zc_>soa6|{HLu9s;n
z=|aj5GsaXcz<7##BRJP1<N&*VPZk7}-lkOslrGf*h8?|wVis+{yqO>tNvH#t5^Lpl
z3P?M23RAv`;Eawn^u6^NvCGXyglpM^Tnk@3JPc&Q-gH^Wc5-JCl-Z7M%y(i8Fggp9
z?ZSEkhoR`lL^LL|e~X?TH^k(+^z$fBKjWK0gPZVnT^VpI+5m^pRnP`2-c>mw|5yxx
zvrey%0%RK3speNvwa>?}c$(7)bC8sE^dU~Xx*xeKgCf00C&Eh|r0Mn8fSlVjp21Z)
zqNmu1+Tel}vDakc?v6E&ZQQvS3}lr>>5qLrH8K#g1&xpogR@Rc<7N#ch?GME-2kI-
zKF@>S1^I&J0x6jDk*2RBBhGE)GsrQoL-{X>2Izn(juO(0L|&jFGJh<puue<mW@VCQ
z1!c2KNqaf8J;Ap<cdD|zRBUhVb{dxF$D(a;-wN9UL#~SRTEpm&5afcT)eUiF8w&62
zw(^pSx9T>od3oD7=<-5zXK_Yi&5PRD6(hH5??aZdPkz;{?^#4!e;8Vi4xsh5XI1E=
zIZV*$y?ux_dPVxB1cFYBFx?`dlUR?;SD_<;?UpQ7JgSlRmt_JR6v-I%*!p*q$q9t5
z2`B&i*Usb3k<ZTWN;orfm<2x%;$=m5x0_TWLo07WD7%w|Nq$P4bSW0MGdaFai=B7H
zdP}-|$#<b1+;&9OUW6fyvKG<sjmet^z=F*Dy*kK@wo_tOAYs3F@WGlFaH<m)P=)D$
z7g-M=et_2I<@O#F`MnNVGTTM5Y_JBxuNyog{t|nSe9JD47(ux6x9UdxopQu&p?uo_
zM!a2&;pTj2I0lXI%eH!7-SZ{?gh<SD-#3p#<PQ!hqt^E{TN*-RV|CotltXpUN9y~2
z1qOY1kYHBdJ&0M+iu6}H5X|a`>3qo~j1f85P_VfjWsOtzQOyWpjaM$f$nBlUR~!9`
zT=KKzJLQrkzPKWUO3KMMFtDM9B>f(uCi6(w2(4#}2bw}#xkTYhLK_E0yJHt9mS2G7
z|D-)UjD5n8kAj7V6xIZij%VmDL_+rXMk)55BPMJCphI^<zfP#FEXY&y18F%XduaTo
zSf)I*{b91*6q6QQaw{mCf~x%l@?164<J;#I69Nc`zqga{i3zVV4Fry;>IscJ9a9b7
z7AgC=ANrZpu4cTAJS}l0U%heMO~rYzuc(V#uQowYC+;O{_w^AV{F*$%Z$E-)9iNA#
z40}TAdmSh|*2luGoO|miW#Yt}jUb{%_vzR`J5K`-sCAgy+f;{HAZqu<a?YDRA@??d
z`kL&0CqZoIYM<=CuhII+;tnX_x`w)hTG;DMPp>mPvOqhO1v0!4ySNPw1Q=3m?eSAo
zwV^V_iTX<8*$Mm&B4%{Dh5fx$r}|m0Vi8+Mh^=6hZ+S&*o&6zQf-sWlS}r)cpSz!I
z<zF5+2KV$w;rlM~T{6@`;PS;C5m^2K-0oxy=WKuiY`L?chOr-5-PwfvbhUEDIfnxy
z69vESb+vTPC(GiTi@axr*lzxDNtK)+@(0PNYN0yujM$3gPypu-)8M(i^z$~H3+4ZK
z>_sue?OfGEw4ESBd=EPPl>Dipfp@BDK!673aGbiPYo^o6CNZYuxZ5?|HC4`<&8Ac!
ze)sBe+#~{Lu1nD$v7Vm0v4pvI8P(&#jBv<k;K@)}P8En_U!^-Ko;KyuD(fbQyMB+Q
zQi7O8n11AUR<*%lmKGm()BDpt5+&b$fKd4ST}a`ZqZJiR|2m$aLKdd;%SwlDU9ExZ
zRquF>g520<<gFp7sv|121W(0lA9vz5fuJM`y)L`wY(VaUNU8P>?DWi|<z6nqJsv)f
z6i<TU>-GUCu#~Z)97sCYL4a1%Z+OsWOK2Q$?fTYu{<jIh8gt4qa-7l;S+ZGQRd&!x
z?tn-BFOUwRNC)yv!{X-CNV~8)*NSo0*GnkRpxsm(sM$3#XMPQiNF27Ah-0?xCR&{h
zleDsJKIJyxgU{H3rYh-nOB{ebO)Q+=oFl&s6bVMtU-1x~HW}mjkOXp?>glEUARUB&
zH92CQeZMn=#!XFw2)Xxt@CMj`ME#cn#zKCX9Ff!KcEXYB5SWB>NOw=xLUh_8Lm)zI
zh9N(T3~m@Hl_iDc&JvT>L6q5TS-y-)FC-@3Oi53cnx;xk*T|SqC3Jp~p>rQV=g@rt
zKxgWam>S!CPu*^DAnnEm(C($DrFP+hNo*HLyA_A=W<pS3+AXLBM?sS3DCkTQ3o$X>
zlb8naA2Bi0lW0;O8spjZ-h<-#o#fDX(kIyL$UD;6_X8Ao)Th8>tU!YJDHP~Ke!7gV
zKCa#@WH%7C!~?OO@UaPEs{>R#NE7u3=%v)^kJ?Bo=QObvOI*$pYg(gs|BS)%<30iv
zwSWEeG-?kltTpG4ot!(OV5G2a%*2Uf#*gmQL0CU>vUz%kg6SQEO&wUaV4tnC&Q9P!
z%S9xe+4M3JewE@ccrL;;V1!#LfUjFH0}y~;`~(pf6HDnkA2OwEc5TDQvv&AKv<bc~
zecOQsUIlslc-jEAgil47LA|w9C*7AMo|oolyC9|<g`1-^Enb>VK#@*|cE?x53mF=E
zGm5{Cl3#LsYqDo6-|WW87vAwKDtLH0rBw;&HU<o&^(YhlExurDuB!gm=u}1ZFq*h_
zv8p<)Ih53t$nA4zw<d{~g|)E<S29SMM6jeQA&HxdaQ;Nj#F%?1XJT<n9ZA?+DtSl4
z_tnQKM(N-tc<TnrR_WOd3}5mt=<sRhvqZ60Z;<BrV&Dm`6A)=E<0OJ@FJ^BYur`?>
z<A}-ZDQ~yF0Z!Ho*^%$e?aGOxTheVD&rnnkD4O7fqTIn4ZncJ46R@)ZsDmxku&EtK
z&&0V%dee$AtS_OyhaV;f@wbz&x}9|ifby2Y{6QD8sRQzuTVNN8Q#Z!KiD7hPPzwgZ
zXuVCC><1BfNE(C9Lvy<_fRRNa;?8xj7<7uiAEqmnFWt<o<T%A^j$&M2Ep6h+>s>j?
z%b(FPM8l%53uJ|z{CqB)3ZXd|@K>lP!_iG=?dM4CQ?q>PfY9Xlnmv5F!4`BG?O%c`
zIZ~j!SU9OUwk-f~Pp^wbFyT`a3BJFvGbBe&InGk@r4&@$5`vg{X8<TFlS7n>%FZEd
zxoR`~eoa~~X_DTH1B2h=XYgX)M8#lJ*kJc42m6uoXiGJ0YC_@v`fP;%C$lMcAP@}b
zJdfa4)DN7;ItFyevq6~4&a_)Z!9G(*s6eMf;nd{hy2*AHUThq1L91j-Raz;`P|jG|
z!UKVsx^5E__(k9TLj;UfR1WKSn=Fkb)pJ&KBZ)DXnBht6MH02QaS>nVl#2*gz$$@b
zA+;M>wv`+UGkt=TPjyR%C52ER-;F}f=eMA{Tu*nSNaE|au)CG2?p9EEK1cK3SLMCq
zH57iy4%v()40>DVbBz57hC&3W2*hJsNSW{d!4XB{h{k$Gl&`Lsc!yR57`vWO=jAiO
zlNXmji^Fbv_c}~2FaZkm^(pZ4ZQ43+guYOw3@zsT@yL2vd{>$pM9z4evK@MQ1@cWa
zgcUUtLR1sc>h}xqG&9LT*qNMZtI)pwBvN6&2N_N9KFBiQuBH9qB2<k0cWF0Hp+D}E
z)zjX2rC9hoJ;j(}66krt!y4(>;7dSiG}_Js0oTi?M}*+`41wk9A|D_y0_gxT!7vo3
zhg4jtt-J`N23NN9U@VQidO<AthVI#wY|k>5)MPtvF|&22TNd7e+|0CH60L_Wy5;jm
z65|_V=%SfAVN{>a#*}URqDV0E8b=W7`<nx*vq7kkv2b{4EJR@^_+M=eehC_eGZYl>
zBek4^+%l3-+X*<({G-S4Y!!OE(ky`EEOCDfJZYQe^IXW%9G?sACLf8V;=)GoXp6CM
z@kG?7?=q`s^w7_gjeGAcBI{?#wam{{S>qE@!_|-RjXC1?L}+z|$+ipm;(AD^;|g^d
zTzZx$i0?yUWAfA0+*QvN!P51vd)T*Z(YlK<6XNt;loM@0hNQNKjA#6$l0m~q3GkSj
z^8V<&5A=)#^OLU4V^?o*EOgXea^nL+czf7Va5PF2Dnj@2c$}E`Y8AJv0{Knob|?{!
zQp?Dk!LV)7#ID@>2!PeX?SQJibS8TNk?6XwdZ?4s#~txb-YGwQgkm2>)%O8I+`Lb2
zT1T3Gb7@yk(^p5i{4`xV(57>->6tq5;3+NF{S0Bv%pJQ!Y<Nq)U^~7UZdwwrix)P?
zMt0E?J65FW3nouAOSXE?y4os=ZdDfT<W;n%M=1xz%hOtLt`1OHODoT3m4)@AbH|#;
zPMlCE*s?s@=|K@xJ5Bibq(=93^1yJ`Gyc{$JTMp%>MO>4sjzF3<=#_pWeSV4>7<sk
zZ5PKZ21~UHLYLa-M1mrS0OKWt0?v6)-xV-^-2<ce>L{#G$#qL@Qoi!RFF4S`eRjAJ
z$!cVfE{n3nKlF&pe<i1S*5UNXs{0RU9imqITZb#PIp0eon)njh^vQ#=TxbS^dViW?
zgYE5k!Ox(g0w2_zFZ>N^G4?NO%B))+;>6b9(#u>$`s66WxYwuY^%xa)t_+j8K71{N
zvH+tL*+41s89jCsP<ot2FSWv>C_T<$^f(LVmG4Ce-}xzqGugjFp1}S{wo&s4;d_&s
zqoRqd(fa*VeIveJs~vt$y7vL;a)q3ETi_bv^N34s?<N#WP4J=Kd3Y@p_2^XOQ^)j3
zCFpo`Q&T2^)&Ct1K`($!52p)eot8kT|6z^y5`_A3Uh0U9m`ZO&bvXY<HD5LS=SPWA
zA>Ax)2G0o31D_ISw4E_I+Mk}%m17dP@;-*_shfLzIFB_+ASs6$n54UVaW|&F16wpE
zDF2yA#REN)biwn5`0R}4%8Gj*OI1{4V%W>G{Z#A>6&YhejV7a-k`WX6448}Z6Ia~K
z(uH#G4HVpa3h)%|35PKCa<x3g4?rpEtpy|DKmd?Givj={f|7e`20+UnVi=r(Q#=$P
zoQGRzH^5DaEduCf{r5_SG};@^cg!-J>3g6)S@zB!iH&yq0C{gG6_C#^@&n|`2mQcm
z!88?+&kgni<kiplsW@Po50E>XWgs6r<^|-&0);Ygk3!0Je$j&xq#YNl=N<vlt=14o
zZwv$kvx*duUaqSd1YLH?dQNe}*{Fcvd~zb~1ht+I1<=X9ot{n}3$T+};}nJ(d-<9>
zdDhd3Y^dRgJTjS5--Pu~LPM{G0jDNY_7}b*6u<MA)ZRjoK8Gh1Kl)2*Zy}9*h0}ZF
zRZ#rjO%laNFf`%=p!i?x0E%xmq``ae;x_@&>~Q$ma}CMx7#Z%Psd*YX?5KI#6NW5T
z6Q#cg_jXcJpP6#O+^g4|)Caj~=Zz8pPq}D53j9Eoc(z5b9TwMr6)QFG`jTq)$xsDv
z{}($@ScunnKRwxU4p7<b>7tM%uENAwp2X)!;%nyyNP?h8$e%|Q07W#<uF89!=H;9V
zNI77?POpE@{+EbOv#xu~;N}}tNRJbDLV?jYybI*Z1wMiT!+Z)<+@KxUAbUOe;bBU(
z$dtx$&R4E^*V<AkH9HXMeMNq{w61U>&x9ykYxBjcIK>5~tCcI;3Cc0KNDe8okdp*K
zKe#lioZi$Yh_8Qr5{<oEzCc8<=B~j^B+3#CHcAS7+ZobBHz~u_*!7^Ry?Rt=Hr``n
zENinjYxBpYq)kte1hE~<_<Cs@FMkj8Y7wo^2ALd%Iq93JiN#5<6YHR~KQn1glWj=t
z&yvAjtQ@F3X><gS2#$Lc?awOUJ-^caj5I7L8%Fyx+MeLs-t5N8_ENFEx!Yv>Gtawz
zzxNN;bMbUWspQ<+$x+eKF+c#xA})O+)v%5?XnQAKH&#?oolXVW!zW$$DfjC(PxsqN
z_vN(vAD){*hkjiidc0fUGf;hrgWuOorEx?W)SDn*Z>rM9!_0P?P@(}sS590OArsF<
zRT0mGZ84m49IEWL#VdDp%?{tMZKY!V#>MnOf#<z8d#@fR!=Heu0N*9J>3L2kiB_r?
z`@n)!$O|GZ#_pouN_NibN^9kL+22U@#Yuy!s{IFIU6(5A=d=2Wk1OjF>?+TO%70p?
zg>tj*r<DPprm^yupHP+$mCJi>#9u8$uKH|ixN!~pctlrj6SDt(_IP+HrLMvMA-Lob
z#c}?Fw&p`He+ynO#<6$!HAAn<779K0BK91liu*P#(~o%U4TgL}&d$n@sYRLM?99-T
zv-9Z3)S?XDJuxW+49ob<4XBiU^i$cetRf$+$@JxE@rAOO{uDDJBZu-JG!xUo`LuA2
zq;3M;3}X%9%mY&|J?g~a8>(&+$_aHubJ%S1Er%<oH$gaz`kQ$=jA5Tj$^!Gm$s;C=
ze0H>8%Ze4&=Z-EMHF<1-S*1EShIbs_(VGg}B6io23ryZ%L*(WN+GM!gWJd2ny&g4Y
z4TeVYD$?QxJSsPZ3VL<}QO^9mfq%Fi^f&1J;FF{Gc42GAP=+ENS*~@*HB>|!evB|A
zY(V1YyH28wO}zLXe3R}6WYKM)Mp`>%D&E@wUut{85T9<HO?K!ErWB3`;;i;3H5KS7
z^ql@2Wj99kNtLPQ_M*ek5;lU(%}P+T#K$V@m#y?$pVTFrwKeXylS@f?d4Ilx<dT$U
zdvjaSF~Wjqz4etzKjfeV%FsOO>LPw!a|G6r^|eAEI^Qox@q~KuLSw}{j|O;Rx8<Dn
z+scES$K*DgQ+r359D&KLIA<z-f%fBx0lv?_)?#ASrd@^X_99a3^9kVua(!+u@>v0$
z*cu89yF;ISO297LAp!ea@-6KfjVqF5gC^kBZ(=zxU4%2+{tf6)Nd`^Oi8H>ThqzuW
zAm7r8&s!pBE0cE6qx<Fp`PyDDn!cgR(vu6k&vS{UPbDZeR8Q7>=i^<ub*RD|vybD7
zOD!V;r*T#$O|*jQVy&8KT=7OpIK3NwVp4Vd1flv*njBvN!BDmBeSS>C_N`FPw~IrQ
zm0g4?yVyo8O}$wbf9G2j{L7KTYWWxIv<z<6P}2UiYTGZM?N9S<pP!;^KZ6ZE4cCVr
zFcO0lz#+4513hHkm|ul|H|se)zA>asBD{Xm@r%Di{FuNV6_68{I<!)ZKa0TkZ}92K
z-WL!iX}ifD&)flC7yGW`IO?ayK2W4C+{EiUDIL@*FL#;=?ybtF4P?66Ldy3=D_jqf
z-F)^)wIcdf`e6UL58%}@0(KzvALkgBpj>^yUiW$#8K@}*2Kv2VPb4!S5I&CYA;zoU
zLoisvvP<y9M)}2GpeR(9!_1UVCLUz|d`N2qp2r2d<|B;&JR>;x;WNsVE3%`l?~3f-
z<!41=JS&nR0C!4&PgcZayIJ%qF3N$!)h<dYU6lOy$)bEs5JvCgDiJ*ih^r}$nN!@x
z#~u-$F4zVe(yY@#JM=pqncovM=?zMvT$n;HxNrOj<JWFf>4Ye`+t5<ODGMF^&P#E0
zMtrTM+Ky)R3_o@>n_|><G(})X;|6Dd#yqth&1XIR*wGY>Q`^yCO+K%={9eL(PP^$z
zEE{$D8DtylJ`F}AM@^2%tio<+T9O8qd11%8f@L0QI!nBBmP1YtY{HX4SCFQh>ZJ|g
z?EVwI%$136-;w-g5Fj&W8{o7ePUX;|4Q%;Qy*e8~MYRGfzeWT8AM$g=9XM3o5yyI%
z{SLjOANejpgO^nZ@-ofo135M?i#S&kR}@1Low)sTiXu<WYvaM2)t^gOdLOXthv#{}
zX9l))C6mocuA8T0>@5b;<6|jI1lrt}KR4r4UPYKERnP)5(7w{Pt7JxG2HVELa1Rc<
zob-J>v$^jM>Pi?C=zcgl3rgD@O8LXnD=B|ik*4oIal&ZHk3mcD6eL%$cAs((mba~E
zdE-4SNGP%((VVi1YHdp>>)?7Pmh-eJEuCc*U9iZxUh<mSKQ?Z+!G>(+Bu0IXqdN?C
zn5V%iWzoYNpJpBg{pjwmV5i*o(`b5&lMF9$>R!Eww>W8ju1RxizQsup|0Wzsraez<
za<qS;X(y@S3*vF(DL)O<yV3DA-I<*h-}N***45e5>;o;&xbb0{Pt$b*ZCW5rlVxxf
zrFfR1b2X!_aT$`H8YtZsKk*@8Qqn0PFN84!p<(^EkYRN`p!W0u%1SgJvQNtwO5AWO
zSRr)$g31))dz%{(8Q@*iCOAH0R!|qkm^$=MDH)%(YytDK$1h!Ut5mF|pk+<B&I%<2
zdM}<!q!;~0&za|HrPfc5dL)#cCJ8`e9MsLk4WoTZGO{8j7^HN5!Qq9Eh!3NFA<Xl_
z%uZ1-2W^%S4?PBbbcdVq!En@kBBL(5N$vIvz@Y_SY;jXcn1fGPy*QQluVPfj7UG9L
zE0n&hSBCiL+<hA3V%yE6B3ceU#TDb^KB>;vZ)Y3+8xv65)1Q#qZVYX2s|=v+5&xBM
z5W)FvymTt&h^O#bNmMs%G;-Jz)I2R`lYygBW$#BXxn<isSy22#L-%(M+|U0JA*=JB
z-{-SFer=^!4^`Ppb8HUP+5s>BQek-?wQ)EO__Zi%!=6C(DHS-{n)~maB=wKFlsPv7
z=)d`wRF9e?jyxE_bpFaUImmH-?BD-@b%Y1{sL4l{D0bNS_FO}nN0U!g_$#QDSp$5J
zq0rx_dF$_)=fy)p$@!{zu1%mLxxO4ZE;QCBbIS6XQ=iqSykFp>ybn7tz}E!*(*6Oy
zCg=w-v1$|a1Iz|aD?UTU;w<;Efs<_aazx{DzqWfD?<nn`pv<Shiztl82UiKSyf0!n
zR}z>570QN0^MEzag|rc_Bv&WdjD5zNRO}6zA+r`aqUHAp&ea79cZ5IqEuQsU?Up<D
zIYpOv@tzMPWx1ApOBU<1zFwJ*E|pa8Z?XhiBLh8Xt(%aSpY<eQv&oT@K()!}(#1<Z
zM~J3?@2f)%Oi4`Sw{1**dz-AM(OqF2HGdAu5!*e_t1F7Or&~8+8-ndm!5(dx)laZ)
zmF2ASOg~H7&oXH)2=-bY@oFnJe^K0XLu$Sln+K5zUV~Q@?UbB<Gt{a=-b<#_m0T`3
zp4G!kO~RMYh?7nzF_E57Ix%EjBhJe*OV2jB$Mh}JK8u{-_f2a+83R2WwL8=4Q5y$G
zZDZe~mK@<;NA?}@<yEox7!<rbKOiIvWzNvCmp}dFlTVm`(%#L%@^RkyZc;aQ#Cb-4
z-Gp(H&5n0Bba$Lv6zjt^@+Dg};M#pkDD5pDdrQ*gbd`F$F7EH`uQ!jSlK<Xj`R(l)
zc0R~blUCgR7dTT-I?^cB)8*doE<at?uA$4ie!HxvuqJRszWRh@tq8YXV&$2OZuFXk
z#PbzKJoP|4<A8Vq?Ub)SwJyC%A3*7+5$-?J)%4R8;Qi+-UiY7VtrSB)jp4lYtCs!*
z?UU6M^{d@LC;NJOG=l#(Onl6fID{nHF!5<m;z*Kc#>5Gp#Anq+@>fP?Ym2qWu$?=6
z$gJUxRN(l_q(GDpnVljRD1!oHd<w+NCfzHcKvS?;2zTA@3URfT#fjEL$Z$1N$ZJvW
zQ2An&S)ohRy+#$5I`R5Sn!VUut^cWPCVxyb+OGN9Wu{>)3`PQS<RCjHa60WsvP4o6
zkS*@)PPYn%pNLoPe^RVJ6syU646xt&F~|oNXxezBGi$nj6bJ|9THogD(B@k}(LkCv
zd<-%|Qbhrk5wamoryRJKj8L;hY1iJ8jF7w>R(r+&!`+p@MOA(OH*Agz4ld~A0+^&|
zrr;K+7%0da9Td&d(h^fib4|f0cL&mO#H`#ZOUrV}O0zU~K@i-xG)*hfOdpQBrnoWx
zd(OS@&3iL%h5_sM`~3dD&*zuSz4zVqoO{3L+;h*ttB+XIHhQ+a0Mwh#XY~z_-Of~N
zRNtP)8#N{3ejhIF_m-{rz0ePQMS>PSlb$L0TEnygdZy$}%z>yTb2%AC$7Q0I8MspP
zsR_J75jgrk!vEhs4g61!dJ4_{x&qK_YiJ>qNNp%Rx3J8{?;PL%t$?TdpV8f9D-&Me
z-Gp%9YlMyZ=Mgr>_i2X@P@n*Pp+ji!omHITIft}Ib*RcowOTq8L8mj=-?bkAb$m(t
zI+LRgZEF4YH2!<_K~s);y#tqfL|i&6JpCux%(DEsDIK`jjdXtog&XX*=@EN`*}XyF
z@?SSKiey((W^cl&c%!%Dbdp_%QN12jOl%gDd(mAqU~^UY?u*M5-G(r@f?mhN9A++h
zd3}i_jOK6fVnH|OC;U|uaoUKlud<#At3<ejp3;O!l=|161b>`j?mAyxCG~YXz5foZ
z+x=N;5LGOMBwUx>Nkv^t3&GoOdWpslqK=-Y<%-1gCBa^%=&^g<su;IPhV@?WlRfA=
zk7g=kq&QP3r=?rPnKD}F6u6nO%3sy@Y&i;(#74m1n^42*!E$`}rIVi-vN|}^x;d}m
zjb9Nur64GYECl-3>Phg~B_R8yl<b9<zF^`sb&zEFk>%VKdfaP@ir*N}Zb7F(d8LPN
z4h6APuY{f=k#cVc121{d<A=-YgG6nhFUA!!0&=<DNhl}PXZcSbPegK!C-pC0R$uMm
zMp^?U=}-U);4@D*TPR^>b!~UMrJb$tGGyNzLN@Ezq#Mi!gw45uo-J_4;R-5hS>(ZR
z4t!Bxsg=oKelyX_GHl3}jj-p5@ONno3V(UQ`@5Rt{8=u_^1NNc{e;zKBUCbzcFXtV
z`+(W}pACU$<vn&wZ``ujB!cEHD=?`$?uY}7u$%c$>)wvN3Gc{uwAL#*Cw!yJ>{!vm
zz3B7Qwrp-t(yt|WFgM?S?jdLWktj}lb*OyPMGq?P{W)%QGbt;<Gt@0Uc<S9j57g58
zr9{i5zS4tH%SsM`cxv!Nn3KXNc!b|N*eEfZP1sM;@WEeooZD+)OO4(0Kl!4lzUNl9
z=7bMdatcD0soxtb)bGs=wtRBBB3YPn!wgaRy4fiJx<(O-9=uCM3*Q41Ti6qut7+js
zhMf|&SmC6Fki12~3KnS_-9j>pAe@Mio%m|3?X)B<hbnlX(FG5dBxgx|&nmBJ6e|Z*
zCG7djgUScXD;IatN$GHh<O8P+VYRuq{^uR#=~rSv_85w?$0tYyBM2NL0!T77-@0P0
zO$E~TX9aU}QD0Ml`kJ^-Qzt&dap{+tn^?QP#uWWcE-aBwS|T##yQ~`(OR(O$lI-UZ
zM-9_TV3l+q>_i|)AV>D1?wqjfvs#?EB;qk;7=AgDboObjSaPaYD^B>er3^Mc<$!lz
z^%C)}g#|EFL!%2m1C52x)8MqxXbBgqPdY{jxlW~vD%CT*+x%E-mFf{9J2cTsY{FuE
zI)HyVHipj;yoX)?Y2@h*;+tq;bX)rD7TT`$N_$QSYDb1vkc-==Qy1t>TbnEW+j}s=
z)JZZo?tIi4UFKB{y%kMI-7~?yg%zmo8ScnKq<1vU*Kp!tD-2i-k7?KgXJ&<N`HOl3
z!l%Mjom%-+qud7UiSP~Ser<CUCoIpP4ww%jRwmyE(!IU0LA-ymyXALy-%a{9l>!0j
z_43M=_Gvr{#(*n&T~}Gc>U93r^6g5QKWQUrF_FHioN6CTYC56z?b&Fdo1l?f=z^n=
zl(}L*x<WsK-Ss2PgMPGm{Z>c9GQx{<f<<oMyp7`+2G8>MhgMddxJD(G_;iE^Pdv2Q
ziuU978eKD6Md4}Nq4GNV5+*)xPwb@>lXD))o*IvTmu#YIoP=?2rqaa8>jh<QIF-5m
zNLHpflsV^ArWzB;`w0F}zzfuTbo9c*&4He6s#9N6?AWP=9&D<*kEKmj_|Vgawmc^`
zgixTeCk-wCh-z1q!6S}yRH;t)W(!C4LVZCmluY$P1_zzG|6G|qC??j0K0UEieLC<X
z)u;D`?v8Qj?%hSGPw(rbPhY=Hg}jz-Q_-heFfqxV*u%kC?1pFyRwo0D#cnv##E?5O
z`nzL-=fX}l?>i)evg1%-ZHbEQc?hS=7^e}zpUT=)B7-eLLqc<I(VwKXB5>>DR7aGe
z4%DEFvUw3$N)+8emd=%=d|ig0Mka}?OZr(0>oe6$ZYEWwcYCcdSF{6ag$DseF#Mvm
ztZKFw3Nz+_>omxrj_z}<&5LH+%ixp^0y$ukH63yT<QZM(h*kzMP~>H6jBK24X!zWM
z`qD{ZZ6du%4zSjj-Xz;H=on@Ul(b~La4IX94Y81A4;=`$cXE4bw2_MACb#Cz4@6sP
zxjh%!OE%!-_Q`SN5RO6nWNH@7?1j|y@uh0nMO$3B<DcLQ3XEuDjHH|{5f*m5Zr2n`
zimNJ|2hUe2dH#|XtRj6_G=R^?!>j0p_gdPU6Po;`(wxVyqF2pF)tm8^D7&tEzMCpb
zSH10s5LIv6W(3Rh+^wGz_1vu>GvJ6^&;1$asOMIF?h~NYcR&7npS@E&(RbIJhc@L7
z+U?^T-TN@;ULtzJ7))9zdQP-p1#Y@IOSD5Ro<`|>>Z^@8$t+ASoMp+wUR93=F1^2q
zBdC5ovhxEJ=IFdp65bU6IxKjDVb$Y(mM!1T5W5IN9Go<X^2}A#S0f978M~D9vFxe>
zocR-OzzC5BF^<7zYSC2!kK$?(ywT)W>00@Hmp7DoACO&iw9B^^Zm*<gen2fLlU`}e
z(bpAWViYIlx33F$rt2P!a_I2AQQY>|klq%9<%UV_CYO4c5q|Nuk5S3|s`u!9qQ!f3
z;0Ph|qzCutKfiB({?}(+AV<gjsz(D}_&y!*fc{SJ6Wok{LkBwkJ!JeNaQvUR9KToD
z#@|6X{u7>zf39r&-<NUxbJ_U&Igg*kTbgzm18A8~h+8-dd1cIc>TJ*U%p<s^lX}!H
z43wxBrZ&PTS3=m-It1D!1Q^<P3D9L!#OYF4RceJH#hl&dk-mSB*-CzJn}&x$!BLOV
zk<jc>2#S`ON|HTy+7lhnv!23KGQLwg^{)#%h!%Ei1U&V<W$y>nBu1o>M+L+4N*X9=
zJ=2AjFk19$MTR_NwDW-jvAi72`5M!JTQJqKa88GQP*KWk#zdFFU%sSwZi(*@NU=zf
zvzT7CwSt_vGDo3WAv=@anr+Oa5x0_FYHSamy^JNce@WplkMRd@zKOddhAzDe+kURy
z<B-wZ8dQRNBk60UNPIo<pebqwt9NY2ZAV9(U(6A=Mh6Sqm+nYjEz`y+yump*8|Ru*
zXXDzYuAPn3B{zmv6};vJ+ZRqR<c^g2f0H1=kDTltIj|!g!5=L|ZDxJwc*RN1s?4-H
z(#veSv9rjLrszlCtE{N-z1tQ2j`njxI$5_b6gkT&s2NCdWNm!(z5BECDVun9hLI18
zYS~2N7o7ATO>}lbgs)AMDmwL%ot`1Whb;N&J_>peO-n{A3{QT>px9&+%MF(dK;XF!
z+JEqB_8*}8OgaZahj&TlC3#u{H80_#c1_H8FacqBlaSQkgT$+_h&@HKqd0~C29m#g
zh<F!<7hpxhpoq)(n7pM&faz^`g83cT2AUu8^sOZift$=!(XtUAbxq5LK*aoZd-UN8
ze8ge0(fi<EJ6XtK_=vvlqJgVi#vDe6j@eKWP@j2X=un8IvWxnaA|k0Z1n+0&(Jjcf
z(}3>*2E}&Zqju`DIA2bTiKH-}HM8==Zel0A-%K`|FOrJ0{3o32h-4iTAF)UH(pQwb
zqsUIL%g7@qc*N0^xrvr<LMc?4NA*FLnuqOy0ZMLA2|5y@@!_jsdJw2NMcjzk2K!{9
zQVf^Ybi0Oar+T5~k#h)<^^}vqz7QpGHU&EU6TJB#pL4Ye--@~fjIi+yej%HIPeh7t
z^lY3tvK#D9iPN3PiO<YVeHP;b#p|~2HfU}b8XPg?ob~N$>Y(*W3ovMM5-kR8?6fFY
z$<%T2S-dSJzCljBd3V|Y*itf=w&b9q?05*Z%xg+8syJB}tHt5H3vMt>qa=(vM#m7s
z=M?%9gs-7m(!j_oEy3_W1Fo1g;D$}3H&{M}IWV;U6s9%xS)Mv)^d<*ZUpW8Go%P^E
zg#H;|Fl9pNkfP=qC4Cz#S*W=+pD{E!#BVIL;s2%>AZm~e-#gAm6))VW<&^juOeGqO
z34fUDo<&YXF=CLnA!@%-mvGjoxo*^TI%~)|?+Z5++dl)KunYUv)f^Yi8FDW8l5TDI
z<(!TDZUbFxcLM*84luwqGgT;q;_e0bZ7z0>uMT1E#>DCZ{B+egT^Rmd&Cg)zt|x05
z6Cjccgye#FKwUuF8$!4$gpWFzmQ91%{4%3Hm<og#%-=4;!L5hcF>3xI3FvrHMmTT{
z4YZd}19EEkjhsdUj?>Z8=9{_=aiQrm<7lLyG3aYE1kZlBdO6*?9obakBeI3ot3W-4
zi$FH{LW6l5{%MK1&J$82!gvYly=;d|b&FPK2GvDHinrE{fu~neo~A4a{t@^lIegAN
zZ$9dXZpK>=$zI(C^gpYe)c!lIRTYQBI(lrxjU~s%@|3v-vLd2RZKxZMrIZh;$I?-i
zh}7}J{&S_fc<cTyj0K;G^e0`8I+NA|ZW>1xy+GX}`m+9tQ4%wcPHAVYst9G&6y9i=
z3uv$ByosR08YuJshw+j4C?RbP#7BZQth7mp6L96e%_i*5B(l$+V1eu$yEH4h>He0S
zQ1d{cP3B?_)i$mM^>!xJ3B?FI8q=_L&nA(huo|db3WQHc8Xk+*rzBs*3t2f`Qe#mE
z1f(YHIO4$^R$|RX3gHt)kH=kDh1+|$wP!ksv|k`XbSm0s#p}g$3U#RQ<nYfpf_ub%
zgZVfOwHuB;ZplE<$L&)ZWe8pnO_;gGee_}kdoht!!{Ho4k99HLH2dc}QJ9TR3ebTd
zIxR_Nz`dk11@1%9Gd;Sg*bJy#_^V-EI~W@yv>i;r*cdq&qmqItI(sE*|Ihi#wf}$k
zid~kFV~8-?D#PX>Lg64<Yls5ked8lRJgk7;U%wfFP;YkxqSToeTQbCl4qi^o=BU08
zCLshSAq>sK*ejmO{`7%Xx+09RG7c~UqN(&@_ZaXg3E9HKC+f;k=`(}WQ0e#fE+<l1
zbVN9Ix9~zsZu<*RPtDNlj<P6(nl!Xe2uQ8T#F7GG&h%iiZzgE9)&S@Rpf28=FRXZ<
z9$NwMfRBo>U|$msb6k)|Jx%1{EBG;zd&qRKxx(vjL|M_^&#)LAph0U?pQ^jkLERN3
zs=KOkq6UrGkf`apehw0KT}M(GBxRbxo|)Lt;Rsnn{yVOzG^F#OAs~<)1Jww`C==eZ
z{CBmWviX?JZ~-BFv+bJANov_j*K%o*U2u6Dnx=qBRd$K1Ph}TleYdhp2*@rvp$n+}
zSTnTiKB`^sCGUD*E9|;|a6@XP1|MTs86jbef}RYfY@n%7T71if*4*~iQ0#iEb9Rw#
zuykm|QR<JR@W=m2HbEiu;%7oW-SfiPo)>~H_8jA1O|>g8K3*D#T6#J**<gO<sI?Km
zSJY^}$5D;u7&zY3C5@(}$_%mk&wYITWu@T``pYqJcL0>`Fo>R0R7`d|sK(EJv<%L{
zp7wT=K>owTWP9QOlK3+wj<6?!GuZ9Ra0dkE)b<^aaD#(~q6Bu;hs4<V4I<>Vak}bT
zT_U;*dJ+mOb~4ZHU=s^ypujVzQjG4f%<+!Nq1yXm@SJ_apxXQRl^=c;Z~rPz`Bl$H
zqABov_^OjrZ!0`tow3$dW?a253bXy-%QNJsb+mP)wVibsJLU=fg}bD`1(WK-fgU7E
zw^o1V*_Cnf@>E$Uf-%C1;i92&Rw|W(pW++aW#@F37{EKcH;y!-+KC*EVHksx3Cp@U
zG$77xgZUAfoGU&0L|n0krpWEj2T`pPb3g;0-m(rO^xvj%*5l0=bawRBvy3B9PS|;_
zbpHnv;VL#YlnCc{0Q(a03ulhVU}Olf)O2(TJkW62s+ZL2t?q3(VXV}uE~70zep7F`
z5^1?8kZP_YogQ?T((MBis3voM7Z$HvCBF90Xzl$-)Ks()FSw>s`3dZk34Xc;=Dpj+
z2QHbi35N$LCu2>Me7MQ&(Y`CXRnvAHnoEK{<Aq40=H{lV*c7ScDx93lwam3hypQNw
z<QJODn@<Um@1or_E-*w0HD8|mOvGtYHT7qb#B0cTcM$?3besY8<QoRffWo{fmsFKM
z@pP<d3RoVk1y7>|ISyKgteO%0#vvmHQ_nLIhxyH^$);K({7(n)n!Wtpb5uuB$w@~+
zO(Lkaz`c$FPSl9g4vOtDhHWXsXtQuw@DOxpsI>!q;089L4l7sVo%$%I@gO>+^R`^r
z*@qeiC8YCFxw@=lejG!D_|O#I<~hnNiI%rwSU86ZFj*0kD9j?I+pKOv=>GZ!3J$^*
zmh?J2XWE#Xh~^-r-X1P`N$vLVA!tm@r0>Sz4<fr+`ghcdjW?a$niKvE_)DenO0;q9
zY!A%%;V^pT?O?96X<|os3#%awcFU^LkvHY|L>v_bduuZX{}uD7wh3fOT7n;>K@Cw3
zqR7~0u*g_s_};!`^0ivjwdnM9u)8$6qxl4%bFB*BYAccj5rFvycR|(C4pl8c0HUg8
z50NiYyGi>M5!tuq@S0-2!F3}Ub5~P`BbCyEyJyurl4$9rO|;ZWjIhS*e(I$)OuIR9
z2wB96r&8aE&5E_9#5LF*YtBjA4yefQy_OsxqRi~HAfu)LW`lr~fTA3oWmp?s6NZZy
zr)UdBixhVa?oy;^aZ0h`?vUc{?i464#hu{pE+x22a0rroyx))9S9Z@_duC_PS;<c3
zxeOM|xn=(@EQKz4kA84e1Q@@6La`Icf-pOvXq5AOBj#@P;zb<3tN5x+5F3l{$sJ67
zV@PI3cOgiTOm*4wVEM*@OX4z~h8&vu_^Dp)Wt>PV3Ca0ooXs$lgyrq9@?Z4bWnc5J
zIqjASGLG7lgkve(*mcJmhN4Gb`Ri3(q$XviC+4X;k1b+P-mX8!!q$bUW_;67z3AT$
zzZDxFxap*t8$y1)`ZIC(VL{vVP=fx1wTaRPR7xYv4ZST8Egtin9wNk>IYc||w#FQn
zq<JuZl$am7=w=y#N=v$`^=KjyMH^}MOgl1^EpLAaR0N_EX>n|@Bj<--V=}$Z<tr!%
zbgFf)+OzR!&uwtuf5frTL0VGTWmq~{8d1^%RqUx%V>fg^5`~{E1s*LLRfpN!vACWw
zy|km~g7Be_DWz3;dA2XYb0rEV_x4N+B?%#gC-+E(V$N^v5*DYrdeY44=896X7u5_#
zqOR8~i`YKB-lR5U$|w)3W{AEP(2E|QYm4si;j=#bC8{i=6W$XG(H&v5Wtt`{gw2~r
zQyb%D<iATZ+BH#sVn(Q7XTAE;OicB*CeS{{ch)N5i8*Zp@-=x?=bNf1qmU=AmL{2?
z9MM9wGOOU$#6$?+NQT9)=?iS8mr!(NRQ2`{NFkZa#bk?kDf!#u--r@&utvUkwx5p}
z>$lqby(jKmFIJ`v$eMk@+$@*3R^m$Gz+_L}nd~1N5WaNa?|UEj4Kn`V12+|qmC1cC
zWHN03#K?n()5aZ2l2R4pfte7rP{39%^N*v~>Y`EpA7=+?nhtEd95?@J9L9%M5%b44
z3N=i+rD%)rk<4N+dzW`|8Wwy0c>InugY_;bXY%PT6I*E2HZ&@B@qG;c{KlQP_UR!x
z^@GRK+ztZQ3<jNoHTeRg5b0+(!fejBiw>m;YHuUwDLE5_-Ut{#X65B=s;Ia3hEi)l
z=Lb~A6?*OK6owlk*piu(E2dT}!bDNSg6YeXx$jXfjX7(hL^#1vL=o}Q*{Ms!9Qog~
zNsATi1bl4n_!=8Y7$1KjYV_dDDtUL76FnCF#rtGbN48{CqxPH2ApFbktDUXVK^&O#
z#qL+m-x_-zd4Xoajy|`%M6<JAgGhF5I>afCg8@C;pB^G1(h;}Dc)r%{`?c!N6XN$=
za-5c^Uz*eI=$(gZAJ0zzIhjFNQ|PUIM#;A%znlJzWX5*ntirs0`TG^%O&|mFk9x`Z
z0y`gqsn7t$hG4POKz=h|*frVLI*h7dp$*24J%Z!iP*g>{RfsK9M!?@Nhog#Jmga8m
zRLo{nwWqqFy=Hemk*((Fck>}=2c>PtH(gKM=RPB}5P3?;C*wC~{PF+zL0s}Y?&LRI
zB0iON<`yUjfeCb!HcBrNqBt*0DRc1Ap#or)G`vRf2E_O`CmLoWO7ViLGYi~jyoqyc
zjm?H(Ql!D!+kV6KvCnRR1;2A(%{&cr@WfE}NB&w+p9V&$5JvXWX9Y2fFoGjhJvN3H
zRbe{6r<V;eaX7oDG`!DX2L3Vb2-J-6!k~1s5jF#4rhBR1{ZU1c2fKBCgdf))Zs-)i
z{qbL>tY`}1JwpakB&vtN(nJ`XBJc?mXCw=MS2h2w(&EFRm_!V$r$LoubFCi1GdvcP
zT*m5Y1=anrX02NV-h>Bufq$SmhvR5&xK$7=Onsv-d4%SwcjDXt<CGzWK3<ZLYjuNZ
zAND98@2P~t7Z!;TnUmxj(JP_^@X&2>@C%iJ1ms2c3hKz<&2Ol3pS^sKIvU>DTQ@{~
z7hptFi+jlY?&;U9-C4iU(~MWjBeR#{X;dgO0IU^;+4_{QO@=o5+2~%piX1q_2(!*6
z9pEnlzz!tbnWnJnG@yT}04WTpWd+%svC{BfdWHhHNm=$`nz!PO+sD1zp<*}%#SEOv
z7Z_hn3nQ^;V}N1fU*<tn!hs=)4?`U+`0$6^<WZ&EuXyk`slJyV6kw@Iz~~-dc^+Y4
z){VFC8%j5wG_N<bBjbgxDg+Zx1U*zyt>74ytyB7OR3*wQ2e%^5NBJzQlz2rS*QsBF
zVq8e5E=;Fgojo{=f6cM;CDpBb%n#>e9m*Tt35jl<2JsMmyyeRZ;7?Q%fX2{%gqXNe
z%?g%ndN@YgiYizL$?pFXWWK04J`)JY!cdJLVG!Pm;9~^OcM8SN?|V}A#;(m_+Mz~c
zbI4+*Oyn3wO`2~?UqRh@Abccm_d^<|n^V8pz9;O1HceFRIm!qP(szBckq-_k2yonx
zI?DkbDv_u%R~{?5;nYr$)_eQY+zOm16~7)7(*y2KzU1fF&H^-SU0Me(23gmRzg*cu
zM&X1OF^+eDRLQ0mLanJEbY8Q4MVOLtpsDtI;l&NF>oOaX%}F*ZyBeDn7$)BZ@|l6L
zO!Mv8r*Qf^6_OafD*OyrHCkCcn<P-LIQog4KfQiq3u*D`Yk`I0J(tLiu=Q^iKf83f
zqTAH4wjK(^-ljqUPn*A2H_c#^j{p$q;OM!CoH4crH`z*;M|HvBZ8R?+lTW`r^we(U
z$h6VoMbW{%t-``myuJ-Psk6IAicedUra@FT(_Wn=6X^r`h^-lE!TU|&zZM9*U*Xh;
zYi^H}<Y!6?_u4C|<T>b=2STXaQAS<|&sMLxqY0g!_M;5h=BD&_4&bTWTZa>q(~Z0~
z_dD1hV~vx%rev6#`q_pnYmTt;B(K=vQeR>2Ei>U0(M!+o&rh?1|Ja#jBtTuU+By8Q
zHJ<CCgxEiK^|U^`U_rd}|0GyP%9@tsE=`Bh@5gKVR+SXw*C)l0U*x2*oeO=q;sm?S
z={!`Snb*WOSUP5~IAvtpHJ7y%*bkmYmQLAt$6-0ePw^PluW4HiA17*RBGy#Z?QbEU
z{nCF32lUpmskdnOfpm)AQ~zkV8AWUgDkslttl8?wvUb^nxMMf=?&4TK4gvgILJNlt
zMBM%v%YF{?t*+ovmzk08pGgO_H?(;H_6VAwI$Yn|T1>$WOK9|dQuih|dIXHC#?*53
zKy*ph8yCHmE6uX%MYG%46(3z6lGAlkSvl?Du+tL@PccD6maY7BG2+`!?LXw1FLt}7
zA=DX>=U}<WFO~`penri)obz&V<I&T;zetsexqZ4Rb=NvS{J{)!Fu~KX&vB*w_s)L|
zl+PvFj-hL}ju`yxZq2{C<9AtiQ<!<i;Vjb7)haG!C}Q4m->|MYRu}$bB*Nx1&itCw
zW+lp%PHB_?KbV;02U(=2OB}?Z)~162qI%Ft+uTcRX~OpCJQCz$h>GPfc#POa`{yw8
zNn6=r?5J4IYviE{aj&^22R(au-|WLUuTS%&b@htdhaJjMr0#I=QWR>unX?7m*U!%J
zm7ZUx!c5#g(dUE~#nPe|g9Htt((C+6m58c1(74Dxj{*@Dv=nApKcak)zR~9h|3i8p
z!E!`<*Jv*Qr95)(j}Lb&8*9bgHLU(+NM8sGrA2CI7?8`3%XpOk!9jlg&L*^(-Xj>f
zbSax4$q6N|@lh|1K#`%HBJZ||qMHB%bKj){`b&*HYI>zX&Q%cg_dwu!s;)jEu1-+&
zdU}kLHXTYk9V0kVBuP*1hLp;(J^c06NKz-$@xHl~Fn1{x^IysOrs=Xzf+3<EKbu1%
zMK)Oy!P^4$KTa2fCch-tMrU?u<%Yk3GB^l|!vdb$$}lg0enjc~JR2f>34hlzBhQv)
z-eqzB_FP8M|0<?F#j1YS$5W>_;c-$746ka=IM(#VC3JA7WK+npJh5O6nER!iK$%k@
zL3E}eeX!@?m%rLE++4Uj?S6MA@Aj;7?6_FFT-?(-VWT(17dOw?I5CE;^z*uVPpFd5
zp&Mcc*)jv(;i%kch445>NS$0B@jy~(AfyvYzr6+`JJxt=m?wOShTG+?Gv|caL&P%i
zGj($IQ5dg|)s*f44nK@O$$*o1AcPY>dI?ME`*tN>Tag_Wq;gMFzd&V<1fN_Hy5<E2
zBEKYH2&14p3J?k0H(L!JA))xYGjUwRe%n+<1V(uawjv8M5-p>n-2F>%_+Zpx9{+M^
zSF)M*1W{kpDmwfyRr@x5lnX)}wXPa~=s*M@_B_u$q!p&X2;OjE!E-iVR7Co$k@9*Y
z6efF(SFPdyPs6*~Y7nUerm)i{?PxQ@_q<|3F8syf;s<xX4p9p~26f*?O-?d(@Wk$^
zSg0!6QNx6au^iu>BDL+8&gur}EaUw%USgKGb5+11sk*sD5m!Z=TktKm!jK6svdf}Q
z)%Qiw+1nij`D6Na-{^Pl66&-Hk?|lMU8FKqMI0HLkSVMii#ofP!EC7;mCg%)tj_Le
zLa^z8>+Sl$6SrY34<$!Bkn<OG28kmEn>%x6+ZK)c+msB^FW~m0m9O8sCi0j1s&YFQ
z-&H&ZuXQvmEU9f)o9;`+{S*P0@0D!+Iu=d#I4ybfaxrX3rXnA{K#$Zb88S%F5QR#C
zzQpMxCV>30x0bknB(0Jw@q-59I@ME9YTJOy-iPB^Ss{VYSZ!84WW8QuUfVHrDH6rI
zW*5T`b&oe@Ff#eD+uAivA%m#fv>T#8!{xgZu43mqnC$2y89l^dsqTg!<FVaI;^^fp
zhxRec#Nt^ju6D@wvxulZyGYDbs4D6M%AYlcJjm8AyY#!w#oILF`+WM|A18R**%jLx
zn|xhn4g_!;pOIVC&E*_@f&Ioen$ySjm|ag18o}11xM~qMuBT`uV9Z3y#jTIo*u(#b
z$7fm`^{01#OBqnN8zbuEVy6E<y3G07w%hcJg#KAeZgv-AgBOU^jPmHj6!))l$ZNaF
zL?W5F8HJ!Q`ya7pbV+**eeUs*=qx{R4)HG-St57=FeLTM)A26tNHai>M)=FNfbJ<5
z+4#rf?am}Yq8Vb-wydUZ1DB-soi88i2ZuLW0QMiuJbZHbt=W2>+%-idSy%`(yTMIA
zSg1TV>{olAuS~;*2v{U5MGhy(87bDT72d~T8{7Om4e)jGWTerL_}fw8tht%qq$75K
z@J9pzW`mlM-mXuq$N}7zdmqEPrQCdOe|@-`<DFVLEgNQKyL%F84_fSOHsZ?EmA3w@
zXGC)?mro=Kn3DnPRd60$32)^r5}f1fd=THIMM4?i%Eh10;*me`{tGg`5nA5(;rkoS
zw))o8m-@i-*8`0qg~;a_E~Z&4^q$sJ3r<;^vIuVpcX@fCoo~I)3AEH1bp5uW`cKO-
zMl{6qa=tNgUrU{F3C8I~(n`IM4ROQ`TTt44iD=sVo={8nZF*B}aJ@D0a8R%7sk`v1
zSDy-%a9Q5d2RDUu2ddoUyS&YmJ&tlS-jLASsO2l_%Be&7NT@_|A)&mYlyP2LkSG#s
z4%gOb?W%j2+@56$QaSp1|8LsFi?cs{4^*DMLOWnzX}!^=V?gCH6HbV}!yQ-Lr7%kF
zPnA+(&(6Pxcw1FgqL<L9tmzKw`pf36sF)n7g6^j-SfZ0@rd5PDf{OLw&HEz_am}@1
z7SZ=*b%I9kb=%P5-)x;N#!`s8LOSh}z+wsi3cC0jUeCz&pxnYaKw0RCr)>*mqDF{H
z{e$p6T@kuh{QJ%D*`2;_)MjM<7K4Kaj$lb@(eYhZ`>X3p*q`?z;?|Pd!053@k6-B#
z4SBICS?)5D6Hooa+;@}LSCfGLW(DVUIGQPZ06T$ah9q-2=4oJ;WZ?1E{y5H67kKeW
z8%RRwwKol48HJU!mx-<1J_{2*iLKSbw+#ht<5#O)gRtViHiqB@UKnJK+84TjSF>>0
z{gg_ncBQ*hO`1KTi)p<WyJb4G_kl9oKAwmnFXU|$ES-Lm124kelMxYpj?8hi`d)U)
zDK58H;ZmD$6HNh`Pz(kw6wM?B!@fthRx&z~`E%<CAKCK-MTBZk)FY;i-|=h_=syqn
z0|cGkSgKKVUPx{^xCs>QN7mPnT{;Hlh`yQJXZxf%xi9p9U!_Eg8JvtPDq_J;&<w2!
zOX-?82|09Zn_w1BF4ofVD_ULhi+Qq&StKqRBzLXgG$y2PDyh)ZV8ASb3eg)8qW&Fk
z*CM)K_gu0wwj7H>z<2zRk>4`q|Mgb1U8?j&lFW}t^H0Uq%Z95~vd0>G!S&y$*rl~z
zoBI=iDX-w1Noo8iQl}(m#Gs=PKBTT5DXqIZMXB}kGt46}?57LE($P5H3bJ6-GRu;+
z9K#g=KDgcQ(@YRI>+_Z8+AmR1=ciaGuBQEW!d+t7M@NEuU<kRR7?G3QL-hx(hhs$F
z0}>ghHfzqu=k&i$vu-n(ry+^C1;mfOGtb0Ex!rq8ANNYSwkMi@lIXoZWaJuL*2e>K
zyyhvlnIc3L`X1wMQ2Y_KVU{fm>w=z5&va=ypz?c<c>8M{AJ*P*7G~h?^J7zR*-tNj
z|DnDm5j8(!;4owNk+*dyHnd-AJM9}Usp#}NQ8rs7r<pu%b(9EmG3a~Z=7uBFoO!UU
zwZK=r6Y}HELZ&ltOUcpvWtK)L))!?mfZ0a}6$~2CMa&nBBiqDIpR=t^uBpND{Ffqf
zs<)U(kH4%Giyce(^1`>L%ibH%Y}{%IK4(Y+?Jxd_^?c$u(&G|t4anz|;%zvQ`YEJQ
z*u)6_mxytDF>a+@VKS`GgkwoZrt%(ZNay2Zn({&zxA%Pf3}b8`C+CnP^NORVP<AW3
z5Vj@j88B_N0lso$iAc6?zk1fU?Wj_>m0ffcVk@A$+qW`{A4ae_a5!KoM<f*JqTK%u
zOF@<VRSQIvq(6Amq`x|EX1e;M(`xC5)lwWtjk53}cypLgs=J6~L%*kCYU}0zs&`{q
zMB+{)`Gx>}i%gi><gKu>YQehgt2E%BQj1o4Lb*-6;_di4U)+DulIR`mZL%voxPNfe
zD#$7D!o8&qE2gL4tTt5%97wX>Ass4|%KLX8)o`l$85nP|0m1t$?FE%PyIk9%2fq6!
zTo9+pw`okHGDr76NjD>!qk|q)s9aTjekEknUTQ~fyOLsIr|4L_=Wv`#LphaO3cMoM
z=*a2$_ajLe&qvBloj+9{0&aJc<*s&_(m#$8X)*Qq1YXvZA*+%-WGY_p?AS2%%;ow`
z_+2#6eJQvlzUq7XIqzgw|GQB{X&wv%!%T>XLkWc|zZ;-}La#*8j3yB<Q-EY3OG{^H
zChc4p6)ivM@mu;zpCmy(HW6gHXj2(;Dc(w7X+so^rELlIBD?nMwl<V@rjp0|9BY{b
zs_LR8!RO+j<R`G<PDIVab&xSkd2@h?21;BA$>CCTyOjLG%;XTVbskC0^Qrn<&ELpe
zGoqf@&t{{{y$D`PM0DsL`jM7fDXBf4>(Pq!cw2F)1v22;)B=yqPBr9ZR?c#1es%!;
zj-uXr^eK-5r2z-Y{?X9GbyI(7`_H9mcoHQ=dyxy}3{bQL?#no$|C3es*+$IcvWCAG
zX7Te~#Tp)Ed_vWjuui~^#bAhb>_i;y^m~@eY)0~Ad_f`(`*32mt=F<dW<RWKr6eeL
z*?*MSV+GsI&Wv-Y+20Hl4s7}HXk_<sb`;W|C;zq4Ch~uajmmups-FD;qN2yTQ~06z
zo9&uepentE9C3Y{RUx5+zn2j&bprVI=h3!NAULQ0y&5$ZK1a5QtnlIYAw%i7g+Hg8
zVRLC~Tg<n^##VS3F6mj68tk1^vSPOLo7Br$`(VPQzPEjhI0z?*TTz9`pbV0^2ZvPH
zG{R?b%G`nv-%*7EN#a~TSNuU!dIQ)FXxQ~DrSV<mcz?cymW0zS5lcRNjbHNV^-Y1~
z*)xvVV+u5pBic7fU0jru0e;N9qN8xNli~U)2bMe9hEUo2o5@#$qzTG^l!Qwc);Fe8
zAn<$hkGMUPIiqC%t(2bIfx3P;<u;07ZiNYr)7LaXiX3(a>;bEjhYk-JT5RtWHg@ea
zSGDGVI}9Z3m++T{g>iGk#vX=_X9CKr5zWzr1|&{XwBEge@>-n3KR7(5<kO>3<O|a{
zj(0fS-ZMCkrf7~{1FB6{f05(?%K?2KPsE!#midhukUqzKN9*!VbvH@qNY8LHVH*;P
zClv~9!eQh)=2B(Jo;(lrWHfJ+b$2!$wN1rm`@=FlJo)vDF4H<^1f%f}jNrMZGakLS
zXrIQgBQFsK%*>3zzR2W%FTVl;#-ENY!X&yA2Fw!A7z~w#k20NPoE+KQEk?lNtI(Vi
z7a4uRAv*e@_}vo1p+B#+4iXe8wwyAiacgomz8V1HN_1vb=Q<Q3JDPvy#_lU??J5^}
zH5&~IC($@yOaLUV!LMsdy!5SdbrW7?y;G+<Rw6qxc&4PU!5X`|R^SsJ2$Br=W9CxK
zKC9-gpZvAnbjRyskql1_>co>l!ad_e`xE}YU)iv};<d_L2T^2)xr)y7x_IA@E+#B=
z^kQxC(NhGLc1*K-=h580Ix?v{o|04cZ%xE?2LN-*?<+Drw16qbC#*3r=89ZSU0mJi
zLVV{KqYuegF7^spP91f~cJ7v%Ns2~*mU=+7+UAcEL`pG2KV{wkMB)-epYu5i&A`*D
zd-D1`fARV%30lDLh$vN*IV9|~%;cTSq$|!dwI)5oONXuJea%;K6W5nFRCMJ(IYRvb
zSEcVBg2Dyt$R*%Ma`2;Iy5?<d7ES691-(*XWimgCs-70B$g@xk525Vlm;B$KPc#YM
zA(7kTM~C{ks)mtZu4RRn9uCnb!Y!|K29Fw6O`^nHt9z2gNRDBN^H$-HpUy~c8aR&_
zzkxv>r<FgRFP2I2RJqpg{ZG8Ezl)9mp%Sk(6%#VqeE*Sem+A*%?c+0f-X5F~yx+!d
zo=LUe9p6X7vJkVOa`3|8vj=WDOZ!b859vR9x}YGsO{3jZ9AAP&dUcNAjJ~(NhW$Dj
zK(Ejm)8vQId*f~$LATN18lf{N$%U3{PTfvLq}%5%MFd}z$8aFN@j5(dvtlWU@PVma
z;lrhtWE7mMYt#W|Jg9Ry0l&Y{656g9hEsI4Ezj|GtuDPnZ|)V3e@kq9Z?#pI9?Feh
zaon0)eW}&=A3|P{!aKs-C6v5NYWx!a3f3>qF*WqGDd@(~Mfa#0wt45M8Vu{!0Uc(W
zSM2NAUoMa}{@bpw{|^?8iak0hHYtHMY$&OLHFwBu13JcNuSgYdez2A{$+%pop(Zr$
z^jbsmy;Tn9?$TR{+^+ajCGFdopF(cjNkFq*!ATwaaJ+!`&iEGR-KEwN9<MLal458L
zhW%IH1yf_jhvNZ5Mc>9vKRMsqzlA=&yns{Aiv@EA-^O>4S~nMWG5UTca^v;#(1+u)
zjqJ+>QX=1!%6^@bu;=RsYZG2AU!o&K<D9ii_RWe7q}O%{Enh8#UY&|z{^w%qqcSPk
z7&1Q6>V>zf7$0N~ocF|#>P3ZROo-F+f9bM^w1nt70D3BWOEgWi)mFZ1qfD7-D>J+%
z_b?KryLFs$*tA=6*u)TwKYr3gv6x`P9M9ZDuII`zS@coiIQhho-Z+kK;a7oEUu<gf
zg(S0*ieJ7WM`-rZi2Ub*7FCsE`ZKK#p;E#kEtq$fbhuqs@3O<DXd&1mrs3IZN&ZAO
z(5A>uxQBOkHF=Ztr(fnPl$9J~8bWDXWc5OkUoA3TQK1(oCm&_`YnK4%oZsvriTR>?
zCp~<=m2CHYrAGYDtmKrArTvo`a5LF2-W*NJJyzq+fh8;GR7zzf?AzT66Rl5)#+^!P
zCqdm3z`Q2y*ZhH+NvlS{-haZZCciZTLhxrv-=J6s5e-|)Go#k=3sP5cp#C8hcQ<4x
z;*B!*k+>`3qOO{0WSlKGxqb7~t^6#yL5S~<e1)CHyPv!^)^d6XjWR`hI&1HKu2<91
zR4Fw|7ioRNOwjg|)+>NZhBn9YCTvxSrhNvlCTL)Q+v;T^npY=X`}OPBT88v*1J`$0
z??kC1GS9-@V@~VHcYrZUy=fHWA^d`_4on#iB>8!lV*Qwp?l)P4a(*eU#_+C*JwFl5
zM$|jy>W%9!?O1@Mp6BMC=V>db0uS44#Gs5wW1`d7T{fbf0<(QleraDy9ExSi*klCm
zKoZPS!><7p*sYgXfuPUc;|%$D$_b%~ph5XVEDB-`4Pit=8JB{87}Ht5b2A8DLM@@;
z(;PD>c&=5JhVsv-6``_y=_zy4kqe8Xj?^uT0t!G9u8#Nl-$kxSl<jGlO0)h&Qwq@7
zg%^%Yh-1tAej}Sd;;3kUt1oep?;t6~AvkWO(zI5!>HVO`>@sg30_!-H0m@p_B1aVS
zcZA+$mK-TGG~0FQQ*n1j%%CWF#+kHrf10<aOEm2o`RIpl#E_|5^+qbrR$2s%^^>-X
z=wvB;wfOUyvgo#e1qPL>VgHCpSaMr@k_0Xzk(7|~SXLS1#AN@o{K8~ENO~dPjK1;X
z5niFG;H-e`fOC;|bmZP};lV%sSgUkF{)D0D;cB0`k@KBcvwO~u7zVCPCMg)MA&4MB
zqR%V|=VJNY3HZlQS%cCJwKg?<seuqZlF?HsdCqSyxN04(^#Aw+7(<`eZmbI!Wm`B3
zNSDLn4KnelZi1%XN=Yi{%BD}3Ww!i~(<bmZ-QQ*B7%oMUNc}VeY-99byJ1eg8GL{H
z=I*4uH}cxCD?YPwZKWa~Z%g})-{TKzFF58MNma*Je{$!1gFBLT@bkgm(p2ZDtJuZv
zJv{JPZ=>S$9!ZAOTZ{ww9L?nVnE`^Pa`q|EMzToK(NM1{`W`992A&2%OI><o-@p~t
zIsrobf2|q^!|%`0FbWKmswxU!0g-7<)f@T`PtvbglY2$be+}TT)qfVF5?<l=A9()*
z?k7W~DhHXiS7VvfBmd2sL@JMaBxwBEqrVA?S$h{{I{HdA1T9pe>EtP(`oGniKZo7@
z#MDsg*4J^rQKGbhD3>u&{;lIy1|q&1TKwN|>p#Qpw=3rDl*>hb)NQ6VgyZ!rZF2rB
zX1JBj3pG}MZj7z5Nz*f4j8wNtT>NT%R!YRFW>Xa&kZHYejwX3By1PJBQr1!a^t<6H
zz=8Z64eXw*1GL#SG9rJs8PGABOF&PTd5yJ?R7YYE7HlDvIZJZ+E2bB#F74aa+j5Td
z&qS-f?496*A8g-Ckpft9Z%QL0kq|W6QkAX`CP<E=9@^O@g`=Z*Y}d)ybLs=QD@{Bv
z31V^As7Se`WzlD}t}ka%tmN&CiuN%dh7af+U|P$!l1FTBQIDrlBofyX{>Z`5GLK8)
z0a+kE{1@DojGC~Z-D{MVCw!#@6l3%2M!`SX*IE~Wwq2{YtV6yN5W`1b8BNwD-}U>F
z>&ELMhU-Q+FVvS#Pg3gpBwxqA^(2^FeNyo0Z?o;>^JDUlNmNne$83>u^=iSf8p#9O
z$q3oH=9F?+e+H6nx-6n~KZ9o!<F8KyLf@&fgr<Sg>PJ%N)#$~|xXek&b89;LmNXfW
zpEhSACOoQoT)XCouI<d&<ll7kAc;El@;V$%#{vOe)0hG11eD)GF(CxyujK=9loKsP
zQ7uHpv!RXy<8ve-B*Fgd!>LTVk5t+un*`<0R79fP1Bk$$-nLxV)*F_1#@pm$j?0LY
zg@0B`Hv4yL)+t8?FWw#R(h8Vr)PIJlKS@y-{wq!zv6?F=!e;o``Jvz3qQsqdc`nGi
zX*YO+r<3ljW<mi;n_+X101>-u#;y1~-L5g=o?K^W5kuhGR$ySSg^j>>MG3mrDFT78
z=s4e>zF7$V7v?Y=6PE81Z?Vl~CW}T@wW)huP#*nfQ<1-iDLi%ITE`={dye70z5Cj8
zQQSq(An3%CS%a>@ys(??cXfLaWa6?^r$Kd9nPadSM8{o`2o($ni1>;<Jjz)UgL3Lc
z-6a3=`SJ^=C9T?TJtLyofBZb_y}~J+zf<B?Lm<eUvz2V0C||Nhp7Ey9VirkVdeD$I
zU}VqoX_p@qjcPXQL_dtvAgoKWyXSmTCi{MBRQ5!@6t>$Nty=`^jv6S}dPay$zYd9h
z>N=e7pVfuE7fd`RAMO@^RaGx_7*ZiO!vGDi#P56{Cb}dL<D9%TWwIjLRcj{H{A7Yl
zq=KaGfU~`u%M?z#u+Q<iv)+nDVypSR2tn<)c$)w%XL9(!3n#t>S;!PiCi}dedKgk(
zy!Q{EI=|wk0Ke!>tn}Nm2Xg4o(IrF#bwgtbwn?|wzvB#kR{uJ4Kw570R-OlLXLSVt
z)h>s^3j>xHpQgn#1^FCwu{x`DdCxd+Tz%(_jM5zYOBwgwa$+ws<fyS|!fVPF(B&x5
zXx`y0pm9ysd++q|<xSgL<b_>{(r2=h7TVV~54T0@eiW@^ryuEn7WLf7i}9_*y9}(E
zeCpTe&zcndGJgCwZ|Z7=#7T2C3CY)g5#>EFl*&$YXc!p%D)D`tDjKpBGa81M<<#t|
z;p-pDF(!s~QJf>{JD<?d8Cr@|*7G15(QJinQKxW6B`x2SVC(p%fLGQ~wY}RiS49TC
zl=aN<K96{r<`>f#tEM`?8FY8%9%AN5b*%oVJ?W`ev>qf3z5VDboD^}^LPb>Oy1M%_
zWmt)qlXEh6IfHgJQ*wLku0L%)IEs=nK-V5wa3iu7d;})5N+MDYEfBF~iyRz@Y6>V|
zrADFAskekT^3B|Db0RZB{0e!ktB&rFXX-BIL3LO7))E{UUxn41h8=>50(w6%^F0ZU
zPGVVSziIo!DVzcQ9k{eDl&#t5+ecRNdo`&s@ou+3)$f_>*Ol7*`aFMsRzjfgOo~5k
zA+F@d+Ca{7fhw-JA}9U{YrCv;FVU*HKbB65-?E?+rZ#^jYzMuGEh%!G5x4RB&R@bd
zfg*3+wTrM%aE|ldv~w(@Z6ggy6|+XzDqQB*QUehX5;~jXKL&OTQdb*h;erswhPo8Q
zz8)|qWF7b6XdrXVwF+%AuwQs_+5l{id+$p1P94K-LhP@+XG!nu!V7-<(~PpW&r%hq
z%bQial0UyI`5DTAP;PRt6l*I08WfjyW3A$=^<tfTWc)p{^<6w^YV~IwtAa1*IHz=a
zWY{8-ianZfryL`8%GOggz9P4f7lm(IaB9z)BTBLtqDBELs<TCj8!O?4lj)Zw&8xml
zJsz~7WPNFVtNo;!S--1Gnp7z*%T_AF^P2)k)5QSUbd;x<-Qul>PO3@00aB#f<I1n<
z!-019f$^sSJt2*|Xok?XMZLw$hE~>h+ljuE66=sP1p=wNz!z?w7#jP<G)udP3>|gm
zm7gJj2vnrAt;|m;Z&F-thTNmQ(8jH=RqO#XlxrxCi`N5Lt^um+o``-<MRUTWP_0mj
zj4<5z&a<w`;5E#$EN+VO&jMs-OLU69ON92^GpveF$T~P1P1rm022GsJRB53t7dLz`
zKx;{JB_C+g8ghDZrlI4%O#^yjAn%&c`|R@2RK+oTbnBs)oTML(Q;xGiD)z@2Q4=`I
zsV@8v7$Rv}ATm?B8~f$x&blc@?cTFwt%BdSp#JZcT7KR{t+-fLsnIb8N;Kawo`N%}
z$EgaQ`V<Tx;i=5y>F`N~MLcn-ez*TM`$g9RTIT1_`i%U!5nU-lLI<5nY~lQ@_W5Qk
zYA-DhV~6NUL$yozO2e=#`)Y1k0C$%Gp6I=oninfv9;Wm-W1sP?nb~FH#6ETVl^vv}
zV%T%y#AVo1#<n+2)No|bR=qjg=e;*W<og`2vSx!4qxt-O^?u`NE%^!3_S+Ti2X*$k
z+nC2SdvfS?*jon{qP4F9H{{)GgTT6F|A5A$nk&E);KBAu3^RP>rFj;u?uGyH=Eo_B
zIZ*3v1NT2D^yHp{wAhmC;CgT-bNKpG+A3`A33VM9!+$92BdS^pZ~8uhc17U<U!U!C
zeOc%|zj|4+`uR3uPS=!+mg#QONM!7_09D-A(;hUT6iZyA<+5y_i-lN<)1Lk9D@aeo
zfGaopxLv>CqyDXJClf<zmk~(}MPAyNPcpD-(Ot7rD`@$uGKIG|+h&1rHK_6NMFqNa
zd<}4|3f*g&<@c^LdTC4PGMaL~_Ut^TO$BzgSPgi0LJhnYD_&go3~F#!ef}CvJsZMq
z+nlnhmx{@89#CHjCFAeL3(FkVJ~bA8SF1M-50LVsty|7iB~&tMi`fLQGhfWV>P)_<
z^4lrnNWsx63Z~cF{C!-~7t)M(v*U`qRnAp{&dyav5Huj@L?oU>xsE4@5VGU$n;mXx
z9>el|L<go_mc)<p+V!ZlW3w3A-svnW;P51ai+>%`1eSJbl+=GFmioz5uC-i;oVvP<
zBCZ?T&?lF=QX-+&kCKA>C(d>$P@%7DNl@<{T%GHbn=sR^N#clWw}Nn$i9@?O=;{c*
zF?e6V`24~Jjy&`<QjK1HzIyD+%HVJRk*;rwvY8#tANI5|dwKoDKN^x}+$FJcHB#mL
zY}@v6B&!C={C5@JC;^J#O)r(4>Wh~8v<}s{@3)}wfmGA}iFk`6w%07%E-`%MRm;LX
zG;76m%F3t7i+$g%f()5VPHzTGS!-6ipotSIvvjs3>}ii7=lq#&_lG#31SD0woRYPq
zh_uTOIdHzc)-N%aq}RJI`5;7K#;T=I*G`X_Vbq@4d&@HU*(@L9?d?#%m5(V};x_{V
zeC#`EBZ+=`MKEz-c$9k1g?V`}`^GOssca0a?<kVUueDrf289c$UkKF3I>G`%2F@`h
zz8E&XAnpZ_@bf1Q9U1f_=B-sq7dj>S`DZNp%=j(bP73Z?cS0r|Yr(+r_}2?>S_|0l
zk`hkP>DZ~`SJnhh=!Es$+UrW0cb+V%={ne9t1dnz87t{RJp5VBJB=R~oI2Tabt>;i
zuD87@g;h!T%nMCBfu<uOe6UX^ops;bI^#Y%HiC)3Zna<??mxGp*C^HZV-Iog0a^oy
zvT<n@f8GslwMU6H)5*&h-jv%#oolmBoxIQHot8PT2+MIafV3YFp0H*UEIq}!xPBjU
zP^<JnP@?$T^Rv@9|JV0bbA(#QfF57Goy%$|cteH<Rl1G8Qxxw<UQ_s;5w-<jRFjap
zw@jNa>skZVF*zLJl44VG1rP9M^<j6f_$Kq=BP|c3djXS1t#X=EHX~Ut)7H$faSNd<
zk*t8LLpM3$KSK>V`OQOBDjN!<Qvj4+5Y@26_?PWduenK`{UhyL{R+lk?UflH{qCs2
zqlFB<H&|;V)s=h&ZNXqT`a*I2vc79hF$CM$KRY3SAF23|Nr<PUql}}Zqui-Q#_}Q;
zd$jp#_VYW1qPj_@q5Y?=p&Nhfp}}g_Y#)}&bf()Ixz+m}pFn{Dnc@~U0LSl%n4N?}
zLN4TFyrW$zKFH{}iXC-N_u?C*A$AGy$>lqa9C!d-@;zb`ZYXhwPic3zy9yRbj+YES
zW#u~*LUiekH4wC-gPrk0$IG~G(s<8rqy%=pk@f{Bol#OVefs`;u2bB{)(ZZeYL4Gr
zgy9~hAkVVyKY0oPO)4n<_#0{8Y?!%4lT0mYLfAJ7myBvBsKd>(@E*{1WM$1THTrUQ
z&AwtG25)jpjDP03z}j1OSW<Y)_hs|jc7a>IZ~RC-(=&ii+7!G`b8Q4)i|{%LON;P=
zd)5k%uU%-Qjknuxf%-c-8JN>Obh^m)&%U;P9AEQu`Z@kIh8UNAKPxS_zi`lQ30{;l
zA8+6LC3J27h@5dB1Rd@`h$0$a`?I#g;owL|v|pvE5aI=|F753IArdhM&x9#`2cQ23
zOPsVcF9-5EZU<QnGq8lR`FPgrS*fEYhd84d@^iFg36#X?V43Rq2!MVNUZR8J5JA%%
z7_S^2lo?=te{?e*_z$617m)logDc1cE}RaQa~~TB^mAFifcOxN_JCZ7QwBkeqBr5d
ztgf?Rke^4}!Nz<L7tHUkTn-SzDh(5P6uokor9pvrWnBn71G-g1fbEZE7Y<}%L@?~j
z>tx{4DSHU;;6KQnv$MmSRvivDI%J1IW27SwOYH$jaDOMs-3=Lr&lRCHsh2eobc=>(
zAK;1yHF(rlkn{?b=ck|FG9K<1DE78C%&!fv9L8GV_;3ocn$3*|a{Gt-cn`sc`^}Eo
zhx>th;q49n*^f|<8Tb3=ryZjY@TMu9gN;(JVbH<>6?`(MWOL(rGOiD#)S>y{k(!19
zFZOzMwJxpX*~iX<@!7}m6;Eg9S67ghb$8h9&+zA`gCs84nZZT?aO#ES3Nn(%SP`pB
zy|ZDEy6g~Q`Ao)m1yM&AtLfbB2Z6#;BY<Kj+7z&tYrnK-fcqV&AH+Mv_`vTHMFv}N
z+S}YHholXHFj*)rAxjQIuUnfqhu*t)MFSa5H4iqL4`|?bnIX?Up4EZC7gLHb;8e1!
z$NolV`e8TdgmWeUm}XkQ@VsWK!}zT4_6i@mnvUlusoWgkPGAC%40Y^b=_VKnF6#Ad
z*ZAf8Xt_<=YlO4t{OiWKVc2OG^+g?R{yn-dJ2gHi|L@o1{c-6EG7eONkyj-HfzAwY
z(NiNFD1U_})FagL3L?({y)RMU-7si<ZeI_124szbAnH(lB}TZrCkymG00XY=o!<)r
zZs=@n^giWYK@PKLcQ^k3aUKJ$a6y~dQh+C;dmG|%P!A9-{QPyB_^r=l_^Rxe(ZC<l
zFvAaQBOsvA80dD49zK|&1k2gegH1d%?`~`<Lht1~t{j{MA3S1PHKF`{+|YaMSAW7@
z{ULXTdemb=J?K+_B^uDB%4FatN+nolMK8z@Qhwo()z0)x=Def<Gpw)TfqLlwyn-~n
z`m<(s<zUAIUrZeXEs*bRtS3IVXN`cO_O95KD%+Po!3=eVS0HhzigFjj+$t>3mjvdf
zTmGDT-?#oi+RV0y=U{ZiqE~H!A%H5kzTPK?w4jiC^VGrKDb?HX5Mxy*vn{C2zxs=N
zeKVGi&?F(u<_T%yMP&)%$x+R}j`k-*-?s*uHNSZdvJw$f_$Y;h7`N^*Vj6=rF)$%(
zuK;$Ib+8CqB;|zg@+O2}+6;daC@x3B%o`!leek5%TTF;DW67Ste`0fP5legyal*Na
zPhhEIfv#FX6TDUGSO$lG%Z_Q^q29$`oF<(Ppe@T^Ig^dhVx?hNXz=DHXOWSy5cSji
zC>5mL3_(>E9GU(1Dsb|e_4w?nyj;<PxIY<%e}6n3`|V>Vo0qBb(VxG?20Bs}${#-Q
zRLWE_Cef``(1!4uN0;;NrHDTqlbzPxY`yo;PI=hU+8PqK-n%V&nEeJ*7CtbGKvyN`
z%l{&<Y$bysx*+m*(4Y>tij&`Y@9*HphPX^Wkxud2jUO!EGsFnN2GK6cO;BWCq4bKI
zp}&`b%`|p}`Onxe{cpoYbx8);_88ja!tY1&@Kc=|higs>2#76xY;<6Vwri`7y(A~u
z&nO1iRwL;3i)9a(>F^(3&nP$PubEu=U_M?T0%ORnG!UU=N?ZGq#L<`gnuLQbyAw@B
zSL%pm6WYnEnT>Mee8ytJ0vDJ>oXiq-C;mGWQvXYDKJPa(5P=_l;kLuRxlGx`1Ve-^
z>x4it4?9<W01>o0|3NX|=Q`Aj<br<vAuxj>c5RKmTJ~1J31En+&qfe<0O*a2e<wT`
z^vfr$4M3KdGbD`$L<r-Ukpd#Tbloo-i$B~`JYinE7!4SAhq$(be#K>#KVmNPHGF{~
zQuuGSf_@dg2;Y%hXc%?E<3YbRmRc@IrZZiCkHZjAv3r(a)DD7AnBP2(v4n3OK3jYR
zBDkER%;rf>=wIk$p*Do74puy3zE@z*;5XW5&nMIDnXI`l7J9@i1@gu}Vp_4gdfbsr
zza<zuWzWz1XWY%O@lKJu<(}kX(Zl`KL8e4*Kv&`c3{k~S{dHxJ3Wk-@r1~Yv#R9z>
z5J5NVb&refUzbf<so6$&9+Vc0#qF#}-#s!1tv|i)!`ix!xQ?e>bM9u2TSfMTiUJCk
z2W5?V55TyJ4Hx`@V+9?;^Yj%P5-mo(MSh~d+i|^gPXpdM+PxLs{pEqWm;4U$1$gds
zF?r?zv+LNojRJJIz*<Pbt!*0pfFRKQdkFHn4FnbPW%;hf)AH=w2k?q_v%BEMWDW_8
z;bJoL2b}U^Qf>|Q$+Kizkf_7usS*P$=+cDcY5AZScd0V|A2t<V8!Q{hA-?P4M39f~
z)#y7k%u^3M4-8(b3aIp?!U@5xb^lPn5o_u=9o*Go1t}L_Cp|3>-UTyN$ueF{S}qOr
z@!sHX=e*VHJ5DI~w8XF49ZTTqn1i&DLs-1V-a&+~N%{cmlck$EO_mgtkV;s&YX|oZ
zGXVTyGJ*RECFZrSSv|Lo>jC;m5Ad*B58z~}d?!bBY4l?9Un7&}0fB@;;ysFvXUQe~
zJ4p2D0R`kEM+zDQ87OrzIr&G$v!t9gkf6(`JkVni_?4oATWA6u;`*&B)B`N?c`FAk
zZ2n?$gIT77K$gM5u?q?Op}98N^B|}xF37`o5Vq!7@`&K!d2r{?+o4gX&<`kM78wLg
z)U@{jQYk4(AZEBpTRAT}V?iFz`0&@5#`^si({f7qC(nZjW37wWshU?8S4X%ubI_H9
z2LTHIL6!Au55T`>?Q+thlL-uc8Q|K=@tzYN0=%XU?c@-gz%)D$W=hyDR3L79-GJhQ
zcUApZPJ;kBk58IM!qNdAUG1MKs;j1Gz!86VZ9h~-dem9biQ%Mf<!q6hd0I|<mg^vR
zA?pLY_`h~z=<ns*QE%>a<Y~EO3IJy~re&{4MNWA}dz{y(4FOIT)jO^yk%>C$Z9;^=
zQ1=il2#ewGKo9M_cWJxV+|?J8^)@mc++}G#9oJ8Qy&eE-Y5@EsWD-^biEmx&P@90?
z%I#eNMS54@w<P7T8V?1}66XL?@TK9gV_r(z1Og;|@pYK`UXJf<=4AH04%2J1TtLT8
zQc0*sxj*}MPBdNa6R7JD2jW}z=yW-`W!4Hm0gVQESP#6YZste<;9{FO$`!BSEE)Mu
z)S+?x7Xw^N&V&T6Wx4nVzeSvSF=ki02ELS!!y8rB;cliY&&DNbJ#e?m16YmDOUXqn
z+*jxITM81ycRA$|bY8O!_ePUUIe22en7k9~@8dnE-OkBv2=#lJe=(j@ym}mYF@}F1
z0suk<pdeVrYfRBJFD9eVUPtEX(_hz)`faHU_({d?xJvuJAh@idKLmb4L<kutt=NY@
za+APn#FCysurIH1VSoLF2Oh=Tk@Q!xAD|nm{%j1=rRcc+H-rqy&e{p~$TX&QY4(VH
zopPeh!k!1660buQE@$m&3Dri2%&%96dLWVr9eQy2yLJO8+1NjUbx9rtJQ;YP8-oDW
z=9WGHZ*%EZPJRjvIHS4yN5|X?u7{`PElFII2gcLz#pK?`YZOTv;d$KvOTHIiH^8Us
zA#O9L6p^TdKrcVg!xhE68<1z_740$jAGYf?FH{OiPCXBj^O(S1ggW#cbKe^dJWITb
zhCC0>XJ6-enb;Z%Siw*ar=y;Qct-K+deZY?A2paMC|74QCunG(ukoI`AAs}|yTqq#
zJICQC-H`XlMeJS+IppIpB;3PjW$a=ySeU3IDe?Zn^Wdg(_Ht6S{<Xs-&~QeMSC31F
zhGl>dSn%<~0Dux#qXz(-&=~@t?T=lk-1)u^P{^+qT0t~}tsK$32+xDL_xG=pWP0fK
zz^-#8n0aEu5rKIp0JP-+kKG?Vaqv8c);k0HGNUZVwj4Y+LhARf`JZ?5ER~uaH=0_W
zVWB0g#mMHK>nXs)tFACB-$HatAg%=VW7ej#At6(}Fh7JU_(WM?$O8{GDz8Os$~@fc
zT~L4$-TTA#Lv5b>_o_6h*-5OP(Rde2E6&0Z0&Xx{Xs)!cKkW2}NJPumLxi4jSj)32
zO`>Qqav|mR_Di%JY@;S+a)YGCdwgTeAvq7UM9lQi-jlbt<#5vKeC1KXO~JARiK6I(
zKhf;N{o<oRUUTLm7d6BJ8S;L1&K|A@n-TS>up{zvBGKwEijDV%%ClR08H}oVS=)!k
zKC9;WszFc^Qjy@WdwUDVdE1}dv5QNj$J}`Y(G5*H^48WmUEK@~T!zgjQyR9#1C~Bi
z?>Fm0>%)8~uX(a;1xWJsN9I59e3(excN4JT1^W`q<O8S>k0eTmetmEeypw0sx$6qW
z%CKd|#iC+gC!)x{=}Ak_yS($2LT2b>nXm7!@LO{tl<#wqN)-?-BPulLPG^}Ro;B)E
z7uT8g^Zb)RjJ7#NVJpkb+w(My%YIw%=}SS!m%;Gg>O#VOqRE{Il~_UCdw=>qQC$FQ
zQPjSe10u_cF50~bnF;lj8N#WI5#M_0-kj;f1A^b1oj`>%K5QY26J3w^w=!<~XuARd
z?>;UThlcJYaq_3V|ATn*s_S+pH%yY_vh!(>J`DP?hk@JYN&vhK@YeTW6Wzwi(}I7{
zr-6=HI82qcj%05(Rmyt^&=@_r(^B>y?n4wSZ2l6xVNJq_yAYHSea;t=cEsY4CeLia
z{MVY~B}{#qYaGXoIq$%FCDl)qnC1@lM&H7`A>cflg(f3}(y!e!X8?_Zp!q$%h{h-G
z@3g2;uf3LkT}dEIzSBQMeXA(Tt`)Qfm{S6sR|zm;;l$7&ZNm;#q*?fOWD`h7`Rr!%
zGNy!TYGbQw{}Dh2mF<_HRE7uk8Y4oGWW<VRivYK-&mZfj-!Okd<tfl53Hg|MGy7)6
z-y{=%NV$4a-=f=z*KJ4V?b^QOfvnlwy+!i-8xAFBA_Wu-G_fbdWTBRXFT^JOw;rNf
z&*dpIHMuhmTZ6MlIt<ZSh&N-~Bgk(>i4{S(mNOFLK8*<iyELghF|;GwWM_lq7^%x9
zT`?8H6d}k}@v!fBJp}oYzt9#tc{GV6rH`KQ?%zr?OmiJ_0TI13R%=_?uJwgu%-;ok
zoBpJf6+O|iJ|OmG*J`uS-@j!mhU%!yVXo|#!{?G{qIl~DdEOZpQxi;aHtxW<pH4QH
z#nQKJHJ`gOIb+ow>U82yyKJML^L1!Z)E^?<>)Dgy=o@ICek68&FRQ<>^?4^JCBW+T
zDxLG03)KcOf%vx;F+G9ra#8GD<}ud~UQ?p0gMXs=<7LGNo#^A6-+!WBzoWqqRHjW1
zRKz5fEK@E~76=04_J8p0C9(X=sGxclbv-Z{T@~RfnH?sHfo(pQ_%DK(^as$p`hCKM
z%KMCb@l=~&|4r(vYsp9VZ%RLy$9?7m)som;YIz(i9KzC$A|I3&j+`2@H2NLdTDsa@
z@WKnz54qm<qdt224@>uA8#BvHj%;IEQwQu4$FNB>PTbs{w<z5kH7Gxqllm@XKQ}yn
z>y$U{*O{lBFyW@|;1A+5-0`1fwywIsQK|&1eo!6f1^ql|+i9-G9qV=A1xi{A8nLKH
zEnt@IZH3N4SwF9`g4P#W_L>=dO0V?yh~Ye-m&bX~sDrqp8JB1W^W-KI_T=XNZS1qf
z=`q6V^WZlOke0V%$_DC$#)bZ2DKK{ftXI<OP*Zgsya7}37;<2kJ$u&n%PD!j^J)_U
z@s8j@Sp|aX7FGSsp0y+B{AbV}&QQF%iA4;^GHR}sBeC}prD7-eIp>PAuHP_n6E#FA
ze_#Rz$s>n^<jc=KE8wN}B$K>ZBHQ)lU&cu=rj{3VaSg`DN1rhW+qr41R~Gn@98a8`
z?j@7vgqN20>!m{WnvNQN&CS>HD2{>v&3`W%uIBsq%Vm%6odmJ}v=HH_%{S<3zFMXU
zI{<5}7$+#QQSHKvnt0wkknKIjQXR>;IP;`!Oo@B$;_9pwENP1IZeMu-T=p^y>{KU9
zf?Ln#ZcPBmSXD_`Ay!fOE=4zP6}V9Lqvt#seaG2;#KknP>#71GdB69&0pphn#F3%e
zId?><{;O79vi(%Qv5!m({=ECnSH)S*QN^c<%JGq~>Y^H0^4EkB=ZFrRT*0fS*YiIB
zS3s!0puBNVg)sW_sWBvl6g3ioX*ey~Tvqht8ClUld(jwL)SEY3C4?o(h`QjZOhi6%
zn{c|hLVki)lb;aAp<tX4Aj-?8Y%;tABHJcJ@&ySze3R=SACNk-XdOhZ3>WS-KMUZv
zUs2L$K4ShzS^lpyUx*;tSWZ8y9%rx5bU6UO=^d)uq2uuOvUV!Hz2rB)K6>=)BZf2|
z!<&=HuQ6jsr;dItErt9FW>=bNRd_SQlL7s5?dn^oDL<w$XDv)gQOY;+_Vl#9730MA
zhK))cGIrF!5u}AMU4ZZD2a%kvT8zGw#`M@&IB9Gy_-}~F=CgWS;Z67a-g*_A3QUP7
zo8q7<vv|!B+u2*X(SGFr-Mv$Ess7EzMH29x>f0LsJ)M)HJCRMc2#&K7*}?aAY9wc^
z0N!1p0?83XpU;rU=VgnoAV`UHQo>-qV=vT_6f)<m)nx8TJ$Wk@+9dz!UJ)8Ch>OBT
zcZ`)9-97Cdw3_-Yuu@i=dC>4YrM?znKX|4v?Ew7)H`yn@vyUd$v^_)o<*mV+N6^5N
zQ%1N>cEpVARFa`3#U}f3x;c0!lGV8a+p#<QqUaQHB|hScwF~a|`J4u{+r3Bl!c}yn
zZbQt=d_m6KlutNIm1(9uUby|6?o~?jCM6BFU4}tje0bBYzHl*^Wyb9!CDLGtYexDI
zj@@|T8gwJ==lsron%FyW%`_pY-ud2|*r^knc~wrUnV8j~8NLsh=F4S}ont)NIao2$
zbB!iew;`^Xm%R_H16p0i1X7apM3<Rnqb{4Yq)Rx6qGYJVv>jP)ayXHA<0H<~{nav=
zH)<f%nD9B79)m5<Fz8(<W|&q0XQUx2Z{leO)|Jz*LcbP?H&go{v>Cz}yW9%<{TSHn
z)8Wua7M{8eJsbfFsYFzoVmK4?H+W6R6B2oXH}5u>56m@~u4u+qnL5$e*4$_o(ym)8
z7z%dT*hQMC`8bn6)gj@AtQR!oLn7_#rhf$2-UQ0@m2RFjm+V?wrk*v=W7pO5C~y!D
z{4fzC2;J%t8JQ;6zt#zEg9e9&$@B%d+X=pK^+oo&y7us|=KkRL3B%?*3y}UeNdBZV
zSA|F<0P0%`)YNk+D#8oqkhH<PWkQHz_aikjZDF`9oSFa0r=#$aFKlx)=;#OgsJ<?e
z>D<CVPZ8r7|1Yy17n|>=!8Woo*tCPFANUDY=bzRby+PF~ia>8r+U?Dt^7UkVMUBAE
zRzV)#`w@x&<)_|YdSugO{K`O=7`k>M)J2-_Ym6!~>N*uMFIeBON&kkSv<$R8py=1P
zbzGF)0>WZnC#{D5p2>a(Fnm5#u}+|qMni@y`h{?-F7=s(9>9hQg9lUmHdF@7;I1h|
zmw~iliY{7-F1|v%<SxGId9i_2pq-rCS&Yd`>gsDJBQ~NeYE7Y}po(>*p8SZ}!ihoD
zdlxP1(4R~*z-7y%5EksOZBtyAgr>MIzcdqr{ndt=z9qYZA!|}Nv^YjMbND`7<AJ)j
zk->b%kaN)|(R)%P0E00A6w(3UhQa2NX%6BN&97?>miS0M=T9F(AbPm2r8=9pOhFve
z2j3MoZ>I|6Kt89?+u+?r%k)GA!r|#E9@8@CNtjp$fI}fAS)S6E;NeJz8(UNK;1w#6
zxW@{&koZgL$Lrikh&HImSxj?wL(W`Mk>3jUSlI3qZ2m~*6pVazcsYC(YX7RC@~b3<
zyK7s6<r#D}-)qS(UXds}LbW0E;`LBL1l%xxNB)V(7HaNnz*)nY+MKX(cb6>u#<Y5z
zwFP4IMpDG7Oppiau%F4o_;iZNs~Tl-rnJI<bc*DYg%?<XE8S4t>S8}f`!D5AGzMrM
zb`7w0x&_uwhZ!pua`b=saiPzl7(0}=OwpUBgp*@-6-keexML*zu^X9maOiW^I$*yP
zYs;r>X-U_|wSOyImo<qLh%?_2s%Q98lP!`vH9d?=tx1SgIz%&e`jFExEgLq~p+>;k
zL|8v7jJyZu+@#jr<mC~kp?>mBlBM+`Fxbj5`JxpA5n}UM@s4nFZp$?cif_$F<xV_W
zG?J_z834~o8?7awLuU45Uy|5KW113!oAglp-B~kr0)&Y~6=j7K@<A7k#;{$4Yy=R^
z*@ok`f$2aDp19=mDaq`-jkt^Ftu%aoP(laUse63t#8B2;YC7R&-qJ4wP-2pZ5~mHL
zD3M?{-<>xiIkFltWK$j!CRx`ls!5MPJ!~T#a2pxcLEJy0II19cCx&z4Vx#$iF7r+D
zHR(fVvI@VYra3k5C2PL3YV*x%*qisF&0lISHlM(nfAE}I^MC3xeQRLzahyuq?+&%M
zU2t8k?LVvA+dkMH+a4vg9n0FD;;QYf)v;|}t?f#(w!5je{jsd=d9>}D?Zmd@S=-*O
z+8zgAON}xKWd7^4QNwmo<{&Kw8+M5Dh|!#`m)f6J&EEdYw0(;-_Gel9&$qd5Q*Hm{
zYB=^zT<Qp?Zd7I6fW{R~o{}}$oHnVKnv7sg7PfZL<PXp!;U$7f^tz1saIpCZ6eHo4
zy<<0Kq`2tDtFoE@wH<cj{dSJsc*#XKGBPL-C|rs_;I-;<AOJNZqravC&-83FWEXPb
z44|3YQGll3d;o@YBZmUCFb2@{u)Bvl-hWR3Q!CPfC5~DgxTyPqRCf)id%h=ihm*Qt
znspf$s&XE+@{`m`AhgoLlUDY=QxE7TmP_sLNfU2KO(3AzpY1^tuhS;tJ!~RaIf`MP
zG~q*==;C1$N23&@@bjdJ&)>!-5<F~ThSUVY{bf5mXrklWo>5bkN7P-c9<2_I<n)d6
zr1~@ISUox9Ta!aRwK9kY+1hpAas0-SqX(yr7y|dH+5Gll&qP|am(G03-@U*`941`j
z2Y(ghAP-p#S`Yxyq$^@4Z-$H73X+iw6U@wqL#OCAWT)sxk^d)W-_(uC=2GZ?rcjZ<
zkmVE3Z+m^nfI%Y$jvL2sN*l@kipb$31b*}2MT6e`^6xr(jGCSN-E*`X{@5XTn<#9M
zHj7JbGaO28PVKvTLF!-kIjEJ$onpn6oGRv6#n(%%7|c2&vhDsmb9hTal4$8{X+2Z8
z_YMG~Jegs<WI=bZ5a7?m&<<n`zeEX2H)k)AgCq7>gHxD&CbPS?<roIVg?8Yha&%cM
zP*i3a!*cK+OE<iRNH<u}Y$Q&jHCn#GRuV0f1l~djqO$-aqn1EuAB7t)AuUE^1VmAl
z6sTdj%{UwrHQv*_)e3D~K)~3u4Q}e;TXZfA-lvfk?W<|Du)*k`;LQj5oU2tpt<-8O
zl1O|+Hs9a`IgNdyQgowdBQd1tQg^4s=}zp4&)kzbK#p&3#p|{nF=*}^8XPs`ob&B!
z>JZ?U7H-h&OtkdU##`#dZUxGXkN8t;GhX*oFQ3?HH-VVrE1uG2%z#94Dx}0W*c)#?
zlJ+fVuKt=G!9jz&NrP#1jhX_&9{~n(JfP+!MWHX?E%cT`IGjxf9s&kAe1VU~54kZg
zHXPI$y)|Haq6sjXM`-j8^CQkeD=Jrzc_ARP!7nfg5jY9qvPsB^&&*CuWcpSZ|89fk
zhM~a`L(W+kzt%skp+S?ANcb?(Qq8bs<dAXW29lXij5tNod<_vri4~8ej*rjcVaPf0
z=G|$VVaPWvbjaDH`ZPVSDdA1|0Wj>Mv0(46953*bP`JZky#92&)8CJz<K->$nDtz5
z4LMl*!?-6BsnxOurR(-<V7*g27|m%Qi|6bFJ#IW9Io~e1_$O(829ykuZ3KXyi|XTa
z0R0;+YY<?YFDEv+%x^4|%=q(k8P8UN{{G45Jn-dB4>YJ)JxumRA{vWk{N9GBLq=V~
zJzjItsOxl(NZ7t0PB)rW4{!ScXLK|BG$JCkFX>h=>7l_K7X)2gM*i+*j%!5L^Ohm%
zN@{2FuhA^%0;uVsF2Gw?jRP~TBwaOc!hL`*V**4D;>`d!r*tMG%nczMOb8z(q~*e0
zgBC=a7so;9c#;FtWi<apl@d!}E)q2*BmwtQm<ku11y575L3pDtQ8fHUPJ=HzG;nJ4
z)NP0h?K?A$8q*|!!f1OWT|4hqpystj>>+F@ESXo62wb=X1X~pv%scQ;OU!l9jaA~!
zC7XfiZHMW}qRSZdf6RRecvQvG=$R}q1i}PJWFRa75(u&-NF)KG3F{e{KoG<TC_xs3
zvP77H2nc~B!Z?he0^$lPDtcYes|d)F07(Eh5QVS^0a?y4hD8*@I<Kp$&zW;(CNc8=
z?|tunUNWbvy1S~E>gw+5s+(?im8;8w>CFVE`6f&sm3>zp?1~I8t|h6~#7mx~pgdco
zmS<1z$xx|lX4@&Yoe}Lb&~%6mt%um&%N*h*+*q-LRJNR`E1DI#rV~q3u~#<vk!x)g
zxpsNuNe^>euGz=)E-)C4a4uezC`<G&$_6d-m0t~NS=*U(d%67D3gRm@-sK~<a=paX
z2AIR07pufpxLRyka1N(v<W<xb|MKdk4u0g7hHshG`^YAjF|Ww0IOH_STV6d>rM#*W
zVvRNF_9*gd!c<!7nY?05oAjmymuJji9m#~&GissrH87mKNF}rysfE@QWLV}GmT4*O
zTQ7deuYbgxxTL$0R}Ho)@@nO_s^k@uKk}S(w$xQGuU-khTX{9Jz^}ZTw$&rAu58uF
zE14+EATGC*_eB32@@wVPyOdx5UT$@zKFsf|l3VAN{!6*_e06eb&lD!N#^0p*<0nXi
zwG{|0iG&uY&*HcN-I&~B3Z!94y{m4ws}tLWj(oXVE3_@3q+iTvA-KM*iGttZaw6Y6
z;IpEM|E+;`uVZ|`^#q(!W2ld}1u~<@BRn=9_MynC5KD{E@S(IsehOrCg~{W?<StH2
zx?t(kC%0D@A?NZSd(a>Bkn5u5G=v|ilED%<BCDU#LN3?!H8dsOSFqMAXMerOeP}Y8
zB746AviC9O<@9AMM!n0>XEoisf8IgfZGn;^C44D2m?3}XrD{6=`=?pwzr!$muYR3b
z7w|kecNv~991+y#3kTVk?**=N>mQgUjk4U-WVz-)ORWmb(v-3|HCfL1&oYFvoLh=n
z4r#I+&}30~F%U0bQI=v&mLgahHAm#1RL~K5y3}h#3&HtTg}QwdGKRXa%uFh?NK@uk
zpEAo`a+%V@tjzr`?<Y?^|Bw+%0ioj`-Uurdgbx5=kq<(aLUsWlJX+zmTkVLI{LuP%
zLF)Adya-F~55MEsZ*6&>otMi?fbv$K_pUJDf{YLj2v=Cit_NMouDQ+@Y*@Rj&c^Vk
zldFTPy{nxw1U|+(1L4m|=PgE$YnbzI_+xfnfImTU^btOCcM0;Dqo0x6a8fh8z=A0z
z{au%AB!0M0vGg%YQJF0~7za4Ue;9@nRtDER*Id_ZSB|Tr>t47W3P6NX=|;#&x6A0d
zhu=eNp^!G+zGkVxD(b2cL^)YR8E$dk7^5O$Fejp|OeRmipQqQqkFGZ~@hrr=KVs1`
zfg4r}-bQ@$qu2uRPAncDwr(#UA3h2NKX<QyR%!LO*Aeh2^43t<R0H*psbi;rX-G**
zl>ElsI-J5DInYk$1Q_3Ebr5`wkW-nYVs(odqE5`Bw*w@rpAzV-PSPz7XHsidEErgL
zhG88XhOGqGDmHaumQ=fFyh*0Z8y~{^FxkG#^f=uGos4fQXzjORZNKu^9}u+03~hEq
zdWun>HwTO-e$|2eKW!rU-!I;sl3!uSKhFqK#UHUhooKSpiyCb28>7d=0bGUK(ki^N
z9X9eud*QM<^mFzl_3SJN+-m?d^gYt+=`EN5GP0JP0M=N2%(^qOjhzvVLqH+0otM7s
zqB>AFCtb950$crYeZYh&&XiPYSdz_}!U>wD@2g7JM<D-RsJ8Xi<0YRooAtPB?LY7r
zN&H=Ci~Q}`gZ%x(zNAr|y!hKZM8jW7Rs8+j*^9q>{qg7O<A=FVApT+X%>9>`dy6%;
z>qDO?PX-!y>YLilwtu$%H%e*gX#F3g3WF3Sm5t)@f4it|Cyi3kC^<UPHymL|7e0Oc
z-cPdeDcT3H)gAVOsIb{?!p&kB=_Its7l)zoM!)#0t`4M+^<gq5JIk!QfcKv_;SR0@
zQ^%#Gn9y*i<hh4YQ2-wdhDQqFrF^uB=?2)Y{DhQEiO_@R5(O#pW96CDdsRMl+Axmw
zLcVt+*5HlQbK~fVNWaeTM5M3heaM18=y>#|VMFf#v9uJ8fqE@+|CHyhV_0Mj5HRdO
zOQz(G>$Q<>?A+(jn09+0iLHKVB(^59kvC~-NlH_Te20=B9iW~dfjEXD1!rggNj~HD
zU@9UYO>yZlaq_gWY@m6{DA!D~U@W7#;M@b}wD6?mkjeHv6T#A*{=ovtI<P`4><Ctm
z&?1KXchCp|TcxLHe?)?N-<~5RL&0J=NG<r;5-OdXMW&TA5p_VA=0Fs#yVvaHW>8)N
zo^@pow;U>W^$--JAkRBKk-vQMSPTy*;|WnZTG>R9g}GF}w?C`k_I^#Fe-iL^Y2ovz
z-89vywVQkJbodZ7$(&j0Cb=EM_JJz|x#_t#l|_S;rhj7Ew8^~LEmQnV{YNoluR7LP
zx$6fG@^t+S3+wvna{f-vpgV52+`p|=l{{;iz)G8;+_Rwx1DPH!*aZVov1)cC+|!!g
z${XRC{A{p#m^%xUqJ*vhV2xI%Ga2w0rHe}=ph>0`RBPYy8i|qsGZQ5aFAa{HUeuOO
z4+0GiEZFEpj$WGn2nms=9--$q0UeYVIgjw9i}$wWluTfh_{OhF#PRwU+b0(MY|S)*
zVxZkT_<6<Y2;KfW?X~o@e&2Y%2Ja|Wi~;usqX8Hwzax(2ejeh;3PWvNo=xve?K8-*
zvGGB=EVT(_t)vg9(Onjm#NUE>N|hbW6bgc(RPiT%%SknR^zSCJffbK7*zQ5U(FQGD
zSm%A2hvWGk&24EzxQBHle6%5%N{atkdSxg)vH;ZzC?}J%v?yBsSHkU6==7*0G~WWg
zahom~IzlmIqPIPShNWGU6)rpgU>X-FTx>8$P4T!D3gFk#de5uYQ_|Q@ex_x?g)o8W
zvJYUY*MKaq9!{^an}2MX#Jd@Hh>h0PpqoE?tQkJIO9b0F5zaC}k2(vS9ZlU1hHz#_
z!h;_ru!1{H`7}X5KQK({xLPUthI=Qbh~rY(!e5#pChashU<R7)lM)Bn`?3b-7BXM%
zLNn7J`xTs?_ZWFLvgbtcgAi;5#t<^5+|z6hkOu=id`W$;1{@t5-Aqsl9|HAnt53Sm
zmKHGhoYL%x7u>1tUC!QY;xc}~EGiMq+v0yt&AX*DEZ@Nf>gpCa5V8Z<A4A{WV&2{W
z521b<AB@!AeOD$APF2NfXiQ`@rsmO57v_zG%Bw9sG`xk}wcyo5N_@8l4RK%;RYJzc
z55ym3`mmuTzAH)>b;se9EB6YxLQ=ljq<HZ!P(Mmd<MN})_+TefKT7BBg@SUipq^Ne
zNB@ERBIPIXGU%pK1TJC=c9H>6>D*t?zW=P$z5^Yb!%%C0ZnjQ-3quV$!$DUwqJvJq
zCoU81sfqYp-)w&t-1Hc6IE|1{6XoGZ#j#*K_%}$<-v%~8$$*7;y(Ok2IlAKsPQNG7
zBX(>TwG!vtr6$6*Xw<8~pGr|P91T6+No3Mjl58LaRMLmLo-rr6tzDG5Q73j=??Zzs
zK0l~Accs}b7?wnXZu~TpR{`_=SQu8!gT#)W#186phF3WMWuQ7!dbS^1h@RIhQ8o~j
z$jWF2bk1U+f<heWh8N$4n~I}c3q9>>r`2cu&}(o!jUKxufg_~mipAThLYmKP#C1@P
z`!aLqHV>!^)^-_&f;F(%K0OS~#?jW;kpChsV0WaI$z;6_Js=5mJ+Y9bne91=sfG;$
zM#k?EOLu?{nb&J!2<xsnk<bMZqa$%b?l3Gb67%-lqv~A;4N&9}oQK($Q^7DiL3j-R
z8{WGx`6OHN`dfZVsZ;q&tpRHj1m!~6fd|1C_#3=hf0HJcBNtQ2i@|8N4)W}QgGV*2
zV7y{HU`IZ`f4oQwTP9d+4@;yq?UK)^G8Ci*&`OcRhn1lqJwWgnB~v2yD7_<MBj`VK
zaT!e3SPv($FR%T})xOPjQI;gbhQ7@MG>r~T>_`~U6xuzwQB!R9OQIv(B<AgCPez;R
z13_(ZV{=1zU>G-&>x$d0Fg0&z3qMO791vl>aCn|+iBdlo?^=he2;7i;$@M0JEFd$?
zOrwTa!P^WZ(hoGjiFso)ZfB<+OctbDPhEB^+gVzvB`HPO(aMJ)Bb8@y{Lv9GAf0Hh
zT9H-LIz_P-_O$bXTX;CwXAaC%lV_%iew5yq;rtU3AM_wTz!HNo@nKKmaIHQ$l~n?*
zurig+;;~*%z&L@1rH^yZUO3^O22``#`y_A49S@GHFRS{6*?v5eSuybuPvQt|DgAjV
z*sMCJsoR|@h%)n#$OELqtofbEx2wRrU%~qV@Y>ymHR+!g#Pf~i1rcqJ+Pxt!h;S!U
z-O{^tcr$)jB(aqz<!ha2JB;fNO2dlyLX1D`YOlQaUym0z876nJO3m3tuW25Hr|b4d
z69?M+wo%05ci*B|EFEaKutfQIF=2QMA?0eZ&hns~#3t9L5j_N{LoaYoX>CUjWIezp
zj78}}{}x{7g^F&oEsW;CwR><5{PbP|3Kp#G)yFQlxqb?h0ENx($!scanmB2~<ngGZ
zirzYEIvcJ79Ua?v9*o*iF}wqZJ;iPP>8jmWmflzUw$Vjd8}())q>cOxD6iLo+Lj45
zRPsUu`2eFA<3$?zS`D<DzaMHQP>sFn8Vb(QA}+bj_(UoHkSzHj@!syRfh`8#Tujd!
z5JmeH`@@OcCCwcW=m{4=ptH2R9T~FnA);geXk&odI!146jXeM^>l_iUM_|K$(Di<L
zn8GB`xA)yINUwLg<Myu}7z#cLR5hbVmca1@n|;@2qRf6RP%X1p1cJ;~`k$KHGUi{m
zZGA?rbm!F?wC!s{<+ha{bp<WpD%dkod6jz0gL#!9*4buiJ~uq%U<>(q690cxxZT^D
z(~`~_>Ai4lq|Vt1Ohc=bwgsJZyK<mcqMu~F;+PD}_eEa94rz4++i4k<%=wi0^0Wlh
zyA}k&ZSX}`qW_wwL(O%S%$bz=t7%ko-=LFj-vRuV?q9d4=eTVV+Z{-stgJzc4oGiS
z%{=+{HHSjYU29VF4?|Sjq3VmTr4%3Eh!uZeMGcCdip6tpv8wag`{FB{dv2(2r$TTo
zY%MrnyNT;&U5g)YnOA4{S(8p;;$Tl=ns!Z^b5pe@P3ghbkV!YaS3fYOfOT{*fHQp-
z$LqIMMcfNG=g6n$1gyJ@r|!<$jP2Cx;pHTjF`}yVFqk{_L}6S4s8<-7SJ~R4L#5SH
zgMHxY2J*58%_+q#uR#}mm)1=9=aSQvl0mhS4!%-@lAqxvOO;c?ecrNJAMkxo<!3aU
zqifsS&-mE{NzYW@_y;ej)E)~{pPjodc=zlq{(?%6`n5C5x9clZ-O>ec&ao6{F!+f$
zh6i5%d?=n}rbF?##%%@XcdQ`iyO13&jGbHHpI6}XOZbJ3I{5P^=U7Od1^-OfDamZX
z=tDP(pxe8w{2CEIvYZ#85V+C8t8;vD?>r}$$!{d<u>9x<(+QtWxPWx-gzR%&vz=fa
z=7i@@uIF5H(2=Gq#0g%EoXb_DNyWWc83lrhe?$I0L0-K4w88j6<nl60dZ9O+bGE*x
zt$_Ee1D&s^i++m1$>S!qYv(G<3}a=w4Dur~SAuJ>>c-a97H*=!e`f^z6Q*u~+P$d-
zu~ToPw&0XqN+rq`M=;7f7eHCkAr6=p;d8%3?!E9@r<X8~k$tmY{8c<kk@d0cOtbDP
z%N_r-G~_&<ebDWV*vqt_gw8&Gnp;L**1Y^t@cSaL2Kfq`=;l^BbF;vuk=s<d3y%K4
z`-IuiY2;stf-8~ki@?ApCEIKdirqGv)WFrDNlbb>rDK_wJtU+sMZY-3lvMg$2IPT5
zK7N5z%T(Imv#RiIYUqj|5(VkVQf2PHTxHi-P0a*nHoiyv*LO%sCYmm~aP9r>f<M4V
zN}8?MWcwbyykCQx-n`N<k-Jlo+(x5da?Fd94j#PaPP5H3f+%Yb>Rc&pg{epGL+@IS
z;nCUBr;CHo^c+tlZQPx)_Uu|rE$JUCz~k?1^!{v4I%CLRium-37Ow9c&BLDp1v`1&
zr}2X89@Y3@TL`$+OFCmo2UW&)TzWJP9nPN-WnYbX*Mp{qESRgm)j9jwNtULhS4v$G
z%}_9mDR@AF&b0wXqX;jupBLq8Pf^UvkpydoD+I{E-)7JN>LuX_hqL(2=pm24+m;4>
zN&9aRq#A&w>+R@d0nhE#+RqnwtV5=rqP;eZ0@0lw25#8F_ed`QJKp3^1y00Yl??ZW
z;3ZXR8Xk6#5BWE7I>r~Kvh58VabT*U@9q*hREbtz)0fiQO!;(WL@z9)jDyPAU+!3_
z;L~_PJ{bZK9EspwIzRe4w7DUSiZ+BT!4eH&%gNt-*qexJXfPU_PY#ccGBhwVJ*NR2
z?!QU=!%fy5>G>zZnM(P16r4M~UJN_VdEQqk>3o?)4?kIanS3LJmdW(Z?VzncUqVwQ
zlMnZF817kK!+l_XSSIJ;qm+3wz>!0w=De*KfM9aR_LR?os7dc_@3u~Q&jj0+o#?rx
zL<(*SMh+>$yr0-^HNHZ<ADoe8)`6!+CVzf94$nu6#c_R7V3R5)70*54dJC9*_#|VJ
z>>^C|nZ~?%tf(Y7$~`^Ndw)4I3y*W5y!pq;0|Uz;j_aSo&jaTkg%W2pfy3YaBp2hc
zD7w$i&Q$V0c!uZikMdAC3;up?S!(V)y<lkq!w-k;+V$uQgZ$UrfFVqSTl)5TIex$>
zlsd<T2#Wt?*uCQnQQvC5220r#9Ss~Ppec>1d3ET#7hOUqPE?oh!Ob7quxXPnPaD`c
zW1UBi&;@Hc&<gTES{F^HTIs5qdE*)io`L5w6+VO&pi2Vsc0M{f2OY=10gX{w3f6>X
zUh6W^K15Fr%Oz`L#d*18jYL71bi#Vv^+Z~M+ZyR{UfvYGJ9@r5Xq=gUi$0G^!8|j)
z3!K-TbFI@LeBeRo!Vz8}LeVLty-za~5-5NlXlVpbk_&c$q}JMB^vD8jE!m^3^%5Nk
zuLq&K@?)nH6=}7p9;`aUS$^rxqbEH5JY#x<mqFc+T)9T@^3F^l*+MR)etOc6wz&Dp
z>b1p2e4BuM+8;{O-Sk$~sSB4T^NK-|Ns)jG-pXCWT@S&1EzS2KRnGU3y_wb$$1q)q
z@K1`X8Cad=pDu^1U{_!G$K=wx>bmN<YP*8rvn}2c^LF^|s%pGH5ThFJDAlD7Nu<tX
zOJAH}m~zjoZEnO<^iS%6<yol|&gz5tsL?k>*}ZUWF!#6LFWMiM#L`lHA!j=x6*gev
zOjjmu^1P2bDaP+G*$pQ906b^co9wf~lviXwh(#6k#Q5UeQ}YcQcKALY10U32HN<4z
zM8mYup&9Xb2^uz$tXo_CeZ?>>ygmCG9vwH)U|}U3Dl0fj`(dNmo+Gh=ZJDQ)PgnXH
zw)}3={b6eL7b+M7?Y+v)N%JLZOE96sZ~(R&(uff!+)(B5N8;i2AX|-}aP)CcY*l94
zY2C^IeX&AxCR9*p?QPaoz#?v9|3_!4h!N!+$;O6neL>~83|qpK5|6q*i7#|DAh;vE
z94#=+I)=AP)OeWkzR$0b|K}Ao@c+DA?f)4}-`m4^waV@D=da$q+viQsYurBHYr7k_
z&wnkxOSjL13Tm(wJ^R4jyM6xn0a8b&*HQd4^68SEX4_?gjyb@)g>}c=SE#9@AR<nz
zN#(LQj{Gls9O4A`SV@g8Y8t&>G;eb~`VN%aT(E|UwsYtTR~i63Q|y>1Y4ajg%f)f0
zYSh$GnwA59&Dd_X!%{>(wOW{9X-0mP&Cy0L#=l60M-IEvl@{|fSasQECsTX%*4L!H
z%rC3ki@LkL)^Sj9!xeYgPA&6Q?ey~VchOE23;(&DY`yNPogV5%?bNikI>dv=pE481
zznJZ_*iNnmptX6aJ=^KcixVtXrhxN}jrs|I1={eOG^#Wh4bixHnIa7+6p|r~jX_j+
zW&1!gJQSnLG$!NCw(BNanY402I4UDiw8nqf6FC$Wt0{5|&7roQ#K_QEe*6XhLLSY{
zj)a)v9`YIGSvWLrh=C;;6{em8jE4LzsFM}Z&a22s=5JaSGVli3lvj%GgEHV@(5D4A
z-0<e5qmuFlr5N%Dz!hlT4n4UtvK^F$_GBwHhV}6@k79inCbfQ#?raseqvX-Fgf&=a
z#k`1IH!(phH4;v0e0tTrrSi0tZ3s)bWN5&>ErE@w*2U5X`{-uZNJDd0Q&JeCG#X)3
zoxuISU^BPw(aewSUI@3{Gis>@?G|dH_Ld!{270?o<@SQHS`VY^_Nhz;k2di&86@{e
zYJU{gc78pE_IuoqCKmVjKf6bYl6FQ{<sRvyXzm{A+++Uy|2|foX@p_v$J_+ZAdO|^
zIN!MAed71o9oeZ;3LvZ|??=vCiGsAWR#OTx#ycfMawIZkE>Q8R{TWk`ncjxx!#vR_
zz1D?Jk6!9RR($OPtBMa&ll4B*@z3l1wIwx<_po8<-7oxw^E3;8{DQk#_;2Rk<--5a
zb2V7_EAGGhh5w8DNv=JsQ}tJs@;T2g%jajSmCsM_^~mS{k&OOxjz&fY-d~-JK9fMa
zd@6Xw6RKKXTeoZF^`GzjFUafL^S$M@YkpPo`kjPo<@NNp{*}BQccWY*uSZ?|7xMb*
zUX8pi4X=T`p5E>MmAtOptCH6p!v6>IdPRmGiJF^H6M5aJWmWR}dJ8VEyZbA>bw*9)
z^%pJvL0&Iw;gQ!#*O<IMA$ZH{-@0n#^_}*9<h8Rse_zy|<n^<+V^s5h#ISV!#)yGl
zT-2VNGNZ@Xl&lE$bxC$Adw2V}o{QA-U5WLS0<xp!q8iKf<F>n(>r#$Ju0J~GZsdBK
zId>`7XV0pET#tyqd%1o%j%49GH)A~ds*gPXZ$ZuU?e9MSU(mPP&eX{A?s3)0@+O@A
zlQ&|#-oNEwB%-`+OHjDKxE_xhxd&9dlLG$;zq2uCwolDuM0fJ@nh-+ja2r^&t2-ZV
z4vdU>PI+4*N~epPz)_&Iq-7KN(k~|pgA$642<MeVv^fe(K+~5n>G_{7xJ|kW1u@Ou
zPmcz)4EZ-ge)yGmL3(lD1-I(4S#2qeX`d$BG1)pVsmwY;d2B|JX&iW@b6)BbAPZJB
zojGT=U9~=-2tt-%?T7Ero?n7v9^Orr8kSTrX@S?Eeys9VGU=2*%#X;LhKZd$iJdfJ
z?*%3w@UBF1gYIlQ?zH+`D?bBQV}xdu$~f9+x-ZL7kLZ@lbF+tH=wL5Q5@Sd}l~=|H
z%B#rxc;a^~(X+z;<No{mg*88~c%k4f_u;QvRQvFdS$DAypD^Q}_u;xuceM}S+mWWz
z%hzI5@i%<r!Fvm8CJ*NPZ^(mtrfcLuyN=b#gF2jn{a34y2k1H6R~Y1C^|Cz3`Dc01
z>s;0H;Fltj2XiC+$b-Wdaf)xRC(DDG-&HLSejwz2OPM^F_q~@qNRIH92g9n62lw4^
zyS?Q>PmMh2jq*VDe$Ir!rD}x1YY_iph`;z3L#h=94n-LJ89}o=$43}g)WYC9jy9%R
zVbHIYEDU<KqIrMdFO@K8%M-W#6{Au2Q-qDM!tYew=h-T8`qmap2O!fsz3|TlYSK1J
z+HarumKc-fi6B)pyZEb8+ulKfCommT(X%`8XxSbWJyR;YP>wcxC=?R;6jPfa0c&&q
z0wl<bgTG#TS<6O`W9^H?yz31NdClN%I`4Xzbso-8()mMQ9zZt?i8MDgx|3rIrv&Op
za&+692)Tp8bfRMp8(YKlOlTPj9>hy;qFNf#CJb-RDWgiuj|mcFs+5~Vb@cEO@)p>c
zHv-dcm956N6@D5)eO8bDlCNkQp?0hi@0bk^kffQ^bn>%{D4%l7Np8zb**SV?G2Jm@
zEYjOv_q`C-2JRTkAwY7m-kfyXdfwGDt)QZs0LfsHLAU>SZ+NX?3qcNp>)K2-4{Jv>
zXJSxXAZM%}a+WDqoaJ(SX1CSlivOqTZ}Xa;gPLs@UAwR<s`+qR-yvf(6tsai$o53(
z^^TFS7qG{c3bJ4azxZTQ_t>a*tm#<88}es?!ZB_)IPfZf->LTcdDmMT@}FkE3-(w8
zQ*E7XeWKU^3ZVNQdyYQU-Z{0jmT#%GJ*C1E3=<fI32rn^196mVPC98=*g;iCOLZO5
ztd1bLj<BlgcyFXqM+IJAdrF1?({jnb=~N}hvXb?lfd!p3*-s~F$IJhyzkUc)^%oDN
z-984^w=&--tD+;J*a=TDgU>l(%@`dWw+XG@Z6`K^Lj!4RPmFhcghA147)0V5BO?UY
zbe8o6%6bs9vUb@7PX#u&fP4j%?*|#Qtp}uzg`9~jXFBC{YIB0^w={@ymMb}XLTbB_
z6caj5`g9n)AU<_Rv^R8qO_r{$Ow~Ji|LUf^0bXxl``h>NGkG(sLF)W8dT;p*e(#{)
z@51kU==Vza{W1LpZlya<;qQ6y`(>66mONbUNmrV(!r{%g6UIG2JTvCQHZ)g3+!*pd
z2K41D3C#nYt32q?Vb-QHrnM!sx2qS3ez$brg&0A4Tvd?eB$J<{xs-Ao1H*x$SkhNK
z=~e|MrRF^#SnhFkm4DWCwc|gnE!a?XHKFDm{E*zxec3M;7KW=vLUB1dSb2;W`#vj{
z5F;6)*569HVMFk5pA8oB3oQoG9=w<R^u&ot-pM|t5%)I(6RwlnLHCo&5}VP|8}ZJL
zcwt*D5`5ChN?6vLzwjBx2eU)I`rVl-@gM%GduVGgiA<gjfUoawhGz|-$ZiQs9tFv7
z^W>|4#BhI*oW3*<eLb}F-3R$LB&g|2ROlO$nc$%>mFT<iDbjb7{gI~LucGgZR!H9|
z07P&?ru-q(_Z=kPNucBr-t=w#RH5(VPc`(t2l?*N(6_3)OyAfdRr|ej4e5J|=zALS
z{g|MluL05b5CE*4kRMz!eLW%hah|-vCDR9LaVEIZDY$Bh5p9=6+a>LKmnUKTmJoMm
z(N+ZUTi9j?MR8JzXy{$Sk7gircWF>GH%M!Bo<iBtfr)541?276&_tkEN13B`D(6R_
zCapmRk%ZQqgnw0k7}RgXrJNJ6#+k@Zdz1)pWZ#&)K~cxmmjt-`;CZcQC@-FEra(44
zM+{VQs!k2-ksJmFM!|XEguc}}RoPFm=qf|xc)~oRZ0bAz9#T^qpN|pvek3KgbahIu
zyQ$%22$-4z-`lm{=T4~890OK6hLrbeYS>U@=u^5=wf{*MZQ;>8p0Xy?s-!oz5FoN!
zJ{-5EeyxkIa3y;5VT@9Hrg01T{I&1mZs_H}!5VPEb@U@J3oWE^JoU9nqP<>pU&DrO
z?Nf8_j7c>tFSb0gPG^~z>gc~Z)iIdSmTK5g!VoU^HT1c}N;2CsC6jxXxo763S+(sc
zl?8?K>hfx*R#&aHyXY=9C0(@IT?0Mwr#0mn7WHDyk7XK`#)JEy?rwNxQAu09Ov$V(
zFJYOm9Hz|T#-og8r|J}qPq6ZEIsna)Vg!|ZWHTrWBDg`E>T|G(*NYH9X@^wa2B>Fy
zTd;pI<o_(-JEej>IrSi1Zr8d5Wi1hx>KL(_fpTv&nbnQ0af{Ir1jDJ%aSR*uj-jg^
z&y?rhU_HBsWx2{4?=qJ5>{BiaD>Dr6kB6wr%sqP|HMe9t>xHJ%AH_GLG{Qq)J(Wm?
zMcTbMw`zu|%$RNT-zHd;ixpH-uA+OkT*u-#WX>ycqTkTcSv)jvztoz9mM*KU2`xRT
z5zPwSxfu0*I=w{3yAcdL**hvXXBgXSyowfz7{tonTfQQJCr}tT$9xA~wqRhM<tK4t
zUHe3Lcny1Iemr*+)_`k93mVa;C04VQ8K46vv;Fm^yh1%lXe#93(EEgKLwQF1Pvven
z*f7E=P^?K6MGM#7J-0O%HA|GpNMvm7i3l3_ABy^%sSRsI59Q3!8Is{k-)P8&0(i2Z
z#0pEMSYfL90iA50Cz<RcM6>P&944)+Dsb4(N-(zjcrnY=`O|rRxI&`*fDEt3G5(2<
zv`kW|to(wd+k<|dHMM-u&$FfwOicGA4)OB!r+!+rGMFiEBYdt#&ho2~49N-zhkOu5
zx#hc);lcb_uyTfQDvXBV?9<A@LM+$MPe>D3qAF0&2A({aCHs3Hk@rWOI?fsdLH8Q0
zMi{KCZz_ZJ+;JRdBah)=O?-|9Ym_ore+g3^_sR|4Ni|SIPGA9@hOmJ;jAt72eL0+|
z#Ep`><Nf5Ccu-3W0uO4+*~=aSF+28m@AEbhPH{*$m>oGr3{}oUfnQB&A7EwN&Y~L<
zX%}0ATv?)hJw@|6dyA4kWyxko!u1dDL-ka@DF6lc)%c&KpDUX)#7eiNF`F{sB+#!(
z^`^9kKyKFVE?WDyb!GsD{nd5CHWZYjZ>@w6-svH%*Rk0Z4%vR4jM*%Gz%f5~Tw)4W
z{8j0=4vyD~fp}BiEuFOvTe@ncF0SpWk4Ldr!7a^Z^Sx}&+@`tr3lvVV^I-6k;6KX}
z!INz`QV$z!khvI72^vKEydnh-6OHiHGmh-TQMe73ScQy@->x;6gDRos!sEBC#14gL
z67fI7tCpFOXqXI7BRa4gfF7rj5s~0`A#gIB{BUK+oa8ht+#ev9W44_aON*fMrS@2u
z8wxvq)weK9A{#i9d*V~vb{el(ZJ-j{Ie0*D<{m1;k?`=;Way8+by`61jBtF<1nrGM
z1}{qHYcS-I@@M>1W}Qv$X>2Fhkk<c(L%PH4cp=SJE{*->0+XwKGDKaUET5@>9<B8d
ztqS|3U@e?&ZpN{e{CN*QLg;l&O!OpnXNd)vIKh)RUNb-50J591G2?nkD_34p{9N4<
zm|R)tBX}+=2uA_oln+9%TSnLn2v=blgClQ~W4_0jAEMtnKf&c8Vd_!Zaz||j-AtO-
z0XO1H<kW4QAocBmus@7gtE7VUzqEKD?HZ$`(JYtqr(14!YH2?_4NbF65c-t#jWPO+
z@`9$f!9UPd6+v{(u2}-w_r?2QQELm|ISHDzb*g<pr9*V5+J;oRqF8ccOm6FG?U;?&
zCaH#^0ZgNt{|=oHf8=g1xK{YO9E*~c0>r^KKf^|0thP@_fqC=!_(EyI@K%DWmEzIR
za_<Sc;gxQMkT6?*TqDrW@Z{$pxt7KsqEXr%B0E0Z79xjQ{)%TXAIBA-3jc=?PMLJQ
zE4JHsi@-Eda(!q**M|xB9Z96{m9BcIU%P+EyRDm<f&0<>!UeN`ABRD*=8n(t6CYJ>
zkPEB!f7Fm|CEvM==V`Auq(h4*e#85s5ulq%w4*cAT{b*z={7P*`;aUU?F5cX-!*T<
zo9yyoJ>M2ds3bhTlk44Cb>vq4k)h!J|CqABRyAh|_X=y{+dT|s5(+A*SvFw_gH_W2
zcT6C`<M&9tLIoeX;NZqKI@*|;H?Nm4uM78g0d6TLE;HHZWtw#;(^}Q0=SbuF_cATm
zMLJXQ+~XLTcHaH!T<Z5r_L({O{>UvoqvV%eWXwGYtsTc(I|`i$c(r!N2F>^`Iz@f2
z$6M+FJ!`3dD#95?hX7w3<@z-A7`^KOI}S7XignW}J2xZ9`vD;N!o~BcW{vp3Pbh=v
zU$9l?YOYaws7n(;RhIOSNAn(c2nF}KL+CfIU%ae&zrgj959<g%_C(frADQ0G$F8S4
z8$1F&qUH+CFWvlz_U+w#p5Ejof85R6F^xu|ETkjH<eSX}=M0}4s~KE6M@h{9VZ0B*
zcm?6+4TkWrN3o2OY_-^e5vWL$*|p@Wtn6AOL-a>fS6QQY;+4ay#QwEp3G~T9J?Vpo
zV+5b~EIGV~;dP25BIh9X!q$WF!nSF=<wLVCYM#;Z7qC9>-#<Ah`$&xBIS&l4iT{K8
z;ACxH99yf#Kpcq|gYgy?hDjoSPUQ8zjtx|{rj|57|5wU&Y{4E&TZo}!+bias*G+Gl
zJ2wu_hYngVxgxyY=aufD)1v*Nq4$0YS8wCYi2TH7`k_SGjL5BQf<>vp+9ramU$f@=
z^;c@HXX4R8#+A=5xXDulcjsH*U7Xr;YMfz-iPh%<*NTsHtyY`<iFUi^nI7xfS!GMd
zzohm?2`xQoSPfb_C=@37c(9W~F&mDak?`lEf4SYZViIoM`$6j`7miOBD841z)-m~Z
zKHiP@?}w!&m-yZggj}(_F+7}#FCy=!+zaL07>{~HmO6jED{_ABoOjpUV+9rPa5%;A
zB7_PxGfkJRdTgl^56DYh15f|adiMzMUDPpLP(8`+Cz!ZW;<enF9#Yz;sLJ*^U6(C)
z@2=N*Unw`n=kYL?5~WK4{QdjEm>L;UEvri_Va7q#`4E?{De|erRaI1NTp&P@UIoYU
z_CVsnosN(5y=9w7=8m@Go53)EEnT|UaDj{BYuLXe3pQ_Oo4SIdmO50RJ6+GXT(B!e
zEf%+Ssdi+pAYqrz6mXYKF%BHd3MN}YP3chk#9w0s1#gp%j>(4p>N&6BHiCKc+0xiS
zIg-HfGBeSvyMy~jfgdCE50cLiPAcaZ9Vyc?b-Z(THSx~%@*#sC{{$oqGdyOC-7f?Q
zXme|&C(lw_mSDDLhNamb5Gf)aJWo@{!86$nV*EZxy>=GDn!&Tb0r=d{WZP%L=YBtl
zMHlOt<4aR*`%-hu=l6q<aj8C!{`$oi!ppnyQA|T^bq!wlK^U~Mi3ZCN2z2uugblja
z6E*11!Aa5k4Ef&++Gs$>W&T*c{g7`jL<9;|MFeuagL}Ax(q7$3x5++)^;>jNnti4o
z_`Sa(h|5>912CZ#lD#3W=5TUIk%E$c-<ODIZed!3nAji^qz!)SCfjPFr=j6&lL~T{
zgFo5F<t)jwV7_IyebfXlL^6~fQ`=+z`}cp3Rc$YNadeICML!#J_x7S22W#v_+Yh}P
zd(kWDcWEy=Fs%m5!<kxlZ!h{$EfRCj?2qyCM^Tghd3w}8zt<Qrs>c0P>+!qqr?50l
zKP?z?H~lnd$X)i+yMt=bPszb|-%q+=>Zd(FsqD3fu?>=R%@_obQO@H*&Hlk2>YwbL
zl<rTn?NBV7%y??U1W;!<BWr(0EV>gYI{LfCO);jIqv1dCnp3pxr<c(Wiu<pNx*}0`
z85Awsk7nD?X4@WVy6d_-E$Nye{|bop(p?~hO<QFV>|99l!PKhqN^irodO9XF_sPQV
z=Y9o0TVg<H9!b;fG_|@pFsWOaWne$YND!C@`q_?HPx1RTmL*hbN<qc;vuxJ-X}aAY
zFHLzxOlB@ak`78MZh?W(ASU1&i?;A0wm#_@ZI)4@y)KjfCVTgRj-a-tYiA&QsO}Q}
z*df~cuzs1t7KHt#B4=%rZ8uvN>ZQf+PPOe%%{>VV!X8)<io6$uJ<hglY4dFF@D=@>
zFu~Fkr@|m_i%nx7ZRpB>h|$W+Rp>2vC;Er6fG359a<ox=I=}v&K#!x7yh@#+prxJy
z!($-RaxmHgcOpRo-@3v^`YTMwW4){H^f(Bd2l-j%kMAX4uIMrXya^%R9qG{&0jsGD
z;?*oKvMq@|2K`qsQV+QK(Lyl2^GN6JB{GmCrRWv+k~^BXU_zJC5`&4vlwcwere8MH
zov9<UG{_)To(VwW!Kq0mok=qNfqQOYgk^d=dU*sn`6@aSsY1W1mS*9sWv1n0iP${L
z1l7|Nwqek72mNq<5G$>9HAhD}QAn|9EJ<lPo;>y|4kSY%77c5OOpkwfvm?t0ZglqX
zGR5t+u}tY<RvbC=j~p|@GM*LGqsN#rN>PW~Q&Cwuw53~2&t^V}UPj-m;G6y3jp?j;
z_UWj6<Mse5|L^luK9HFGgeL$!FL$4g%8S*>bk(AKTRr)jWk2CfRyNOGMr2gVWPwi`
z_N@;fvJwM0St&e5MWP(*;Bj6&YrRQcq;=qBrvy-$Q3`1dDQ|0@7vj7x-^1g)vqECW
zPF4!J9ZQ9XL{L@$Cor47b2x$PWCGW70&`>nw>lL9r+X2&k(a%m6KGTjY(RMzI6VZ0
z$OM+8#ClweF5yLNBy!4R^2+I3;^Y|vIeAgwE>rfm&qq$AQyDpft&=A+8V66CI#{V9
zg;xPtq3AG$$_UDTRPs<cb2q0_+}s07VdaUo^cbbE5MEepAkrlUa(dJ0J0p<jT`beP
zERZV8l8K!vDa1~-Oq;@pP0t!TRVlxy9hJX~6RTH<ZASS!^ZbUe;J-=}1w(_BXrTL8
zsZ6(A(u=&LRYciFnbJb~-pwhklqnU0sAWNmk;i_~InUUiY+<xMG+~BSsi6<AK?vew
zUZJ%yWnXyC)36z(o`&rK#Z0!ahHd8&6}&Kg5R!%ZHWV61--+DYQ&tcsH#>+bYbVnh
zp`vx#R7UHNY|A92c=T4wiqGb>RtjFU9z5%zbytasRw!oLR1K|5d0{z3+bWsXHT1oX
z(^^KGf-TWvFp28SU}|CzhnvX1eW7&w>EF@23s5Fy*P;(-QfVCjfUzKr;2$uGB@_RE
zi6`~qA0Q^AF8l+;nbewpKz&jKe5icUD@#FH3@u)Q_Zo4O1N7d2;~Ws?4LHdGMsL7r
z4v6vwoa2C4Z@_sD*yl}dMT{)idB-<9<LUSbF#DgLFx@kuj>J%3p%ZmGt!Z{+!BIng
zGOIH0CR=(3#Nu^Q=>zeCvkOaHr?ZBL_G~=_6>v3Xs_p|~QRRcS9eJlB8QODwU>jTF
zS%R0~vM>EAw4hGr8|)QFnhSoH-s!Eu+dddalUCwpB($hU)TMYK=ZDq9`@4%R@bdAw
z*6Pd0XIuXht^0d>(F$I1J9-iN$6^13=8q4-x@S<`>!Q_luZ_kw`{8V&vcSU(AXoM1
zYL0DCFeIt8#Z8x-BB(PpS-xejT4qP^qdOB7TJdyn(-0`q*(6*rZL4(S|K=-0yldd^
zxDi9Oj&UU6n}kwR`xBsLFB%5ZHmMA%1;yBq|2?i-ZYjjjOy01SGPMcZ1(kNXm#bQK
zu8Y|Pv1gbezZe=tdG*8xR9+(M!;Jwn+hxTJotSO^EdcpJB?%nr5ih8j?eaT3ma&%I
zPX4dzlaVCYNuQN|Z5WOotc`ealU8um5&;_VXP=b2@xJI<qyT=zjHF%g)kZj_tTvWu
zW3piRo<7Z^pCv`})z_m~vc5BO;^9hz=+9SzBFG(0IdC&O`Cs%bDv|Yww(%#4HgPl1
zG;PfI2@ocyG$kr~#+WRH#82CJ>1V7Vx5q-$4u|t!*4|}&WM_*uJ<LXO>L=<UjWw1S
zX0~NRxI?6$kb{kJ#EwLtlRDDpC65-TgH{j%e6=|?>c7j5r$98&@Q*R=!=vE^2NkJC
zETnB}$LCqM#^Hh@nimNw(L5VIeB8tBZ7m3XJSiIrN?P;Y%A4H_kBh_R4|U!bDEJ?+
z|7ioR82OWPKjSuE#9QstN@0c<&jrBJbk*#LS@|q*GZ{VMyIS+}OmKV;6^-ld@n>3W
zaD0KUDQ0I5ay09X%N7oq<C1xRXG+W71*AuMg{!HseoQYj?EH~CTCCcJgL`6gbOu*N
zab!!KPO$b)Y5FASqG_IZU;R*)78(cHE#29ku|%(oRy&Ua!ZufQX?sxsgFt-0+Vod*
zZt3bXaJN(;lIBKdkO0D01-ye<fA=a(6r@KZ!iC%|glf6ZlZkbn_w>FZ3pfCvseP}%
zBB?37QQ_L$uz@JUfHYqrt)e4z=moRj4lm+VyVY_;6{BJ-%0NDPAYlUcCVE_o%~taS
z9a7RGTyVC!qju1(1lC(iPWGNM!jbww&yl)`B|eOa!##<^SYnFN+lYiEcEH4Gp2Vrz
z3&aL^V|YQ@a=f|V402cDG&`1Ktpuz{pIgYL96Srap+4Y+cL<yTU@QB`n+>5EL3HCi
z&j&LT@w!HgKkAC(=O?_0@Irh|QaHu8qVb;s4+$~8)l3}x)3Z#DZk^@9FD+y$mDk9>
zBR!U+9r^3wrpTyz@~D>v9%~NKNg!OSGQNB9@olnOI(v=pulV@>3SFK;7^lORt6Xxw
z@;kn1Xg487Rik^>RyMllG_3LHKIAjHAHQ71=w7HA-Db_`p5dxybeGWRzGfW>>E+7k
zzGlcDM#FSx1nMi$CZ4f2-}iy1^HaiqCBn}I`aDd0+>`hiOPmx@{Rr;lh8xHW(v72R
zbVd0LzW?4P@KFGN;1m6%ga&vFFXU^$GWrzq_8kJR1TY$1;i6w~)PgqrtJl)2mva{*
z1^ImrXbrJ|7H6r&bP(_x$<Xmuq>!QI(gsDaj0W8)9Tk<lHPo=>qU~G!=^JRCWy`>9
zF${g92YsV|bX@G<sOt86<!;bk>X_`c*!l_7*thVLGf;(p6KG6_1@oBh6uM&z9iZ9Q
zM(cyY0(Y0*Ph598{Bkw-ieFU>7yW5T7YzBovTus>?xf=~jPq`70nfK9<*4sJLe%$2
zPcJux?|VJp?KL-vYe1grLD}a~;FoH^?*rI**aKdka<x=v4VE4r5rI<$l~tT7_g#n-
zSPvZIb4b}8<e$3YcJo{<SuQjnf`d;@5P3Rbgvj&8V4ukIWfhU?%B-)rR&wVyTu=RG
ze}LezQbf0+mROjWm12<;$ipvD=xS4*TW=_cuP^vm;~EP7(^SAiO~7MF-NFTdUbe!O
zz?<asS$71Cmbe`~s+(Mp!ImL@k2JSE9){yQx09-l_Q!#s4HtuoP9+|ZTDN9Ox+ACq
zlZ%yNk~Fi8=t$Eq6YWDQA@q*znM%<XhA_uay_i%a+V)RBCE8qKAg9FkCcRJXthJ|L
z7`ETcNx#EGc`Y4=d}lovgu^Puyq%R8WCU(T<@?ipn)_3{Jl%&sc5v6Qmgo$hyHj+P
z`twA?)E(MGaxim+n-;t=t(T-e{NK@!&8=8C{NHWTT{pG5JUA(Qx21bOhX{xNMg45M
zt*1Qv;Q4<5o&OiHoYuyo?hyJ8&f5{@TD?qUVx?ei2yB&3Xa)t|QXG)J|1m(wo70Pd
zj~HHT84R0OrW~s6y&lTMPMr&uB78i3$aF{^rWKFBq?x~h+SY6WTi3=-A8Roul^Y61
z2MFBcO5RvZR=sC3N)26As%ifB7Z{(CA{-S06*^X_xGDSTCwufroAD$>IKp~w>OA$z
z`wDt;z^hJ_UOlg>x+aIa$~uoa|65umF?17KM!VI;WfZY3T|D{nqhkZ)RqPzwlLb&=
zVF9vSh&)eAsGvq0tfS?#Qm4@U72n;2c0DaGpq26hx=*Ld+nIeR3wjrS3p%2Gr}JLS
zUvg>}b40tPR#Rn4_)@;^_bQiiaL@o(iL%n*36F%O9v4Wy<R~c;Pf1i#{zU0sVqzN+
z#gTZ4Vad~MX?4yF@EhORaa*n7>M=P=a9*I`E{j7^b-18b9Wb^A*nbo3iUxL(VCe*_
z)WH5CST};**1)b4%t)}>IyEd1M`!Y_dI)QvfrS#RoM4d}SYv|iB3P^j7EQ2q1nZ=M
zK`dykj<NQ(93my|0Bf@qx4o5+?Fxbc5Z3!3{GlLR_?aR6=7Ui0j*RdFL%@OHtn|UU
zsTA{}f_2UZ>zsnMK*2iTgLQyM^uZl>hJv`o2XX!_xwx)Cd-g4F1W7??00@WKr^fz<
z_7oAaq-63j%SS$b^Seeqwv$He^OcVy{m92Gm3;j3%)gb7b(9(hNT+{Ngk!&{RuGPC
zDonwOEBy$_Lal(DdFFp4Ad|HMa`{(GKsKsXBLR88kAS>!+K+%7RE>aaaH4tv*`a0v
za<`9w%s%Z$Kwhs#KrT970|EI9ue?w#Adhl!n5Cqg@ez<06#>a3H8ANo1*Bt+f9beX
zBOU8tax1}knWW=W`l_YlV13onv8%pn>3EO6YUy~RcGc4Hc<rjC<Br-@OUDmtS1lc1
zs9huJ_@N?h8ve-IY?Y4y*`Xj@{(&L<*9YOEg0K$|%6$+Figf(^2U$?v^ufBL6k}7c
z&ii1USFpw@SO<Nu4yvVN4+U|%58^^a_=N-QGkm0@OF_8uJwrG~($OnkrN>3nO+&#W
zI?z3jF}c}|$<5~=;I!>xe1$8T&Ku3P`^{i*1Iln-iQZ)U3(Sz8>Sk~}{1@zn53$|w
z;?qH3oe6$Rd#**L-ntvCayBY=1Z?Q%_pc8X{cS3`9caqCtuxysF>jwR&=DRhZYMmq
zL9|^LlWrImJ&!wq{iZE4z^s!Dd3l&haUjwPP8;$8ZJ?tUOg%x`aWxVS><8Prx!@!d
z-Qg7c%%6JSk>2?GxEtaZfQ^*YzZ@h5l_ctp4|D|mE(g$IdN>|k@$)Aw2@9VCn@})!
z@la7Po2A7c^{RLNV%JM-RDTszy|a;pcT_!}@}1oCPvc413F++<k@(&sgWF+=u<Ob6
z+Fm{jNO&gZ_k{WEStfE`bINam9YMvk&mwkHx9Cx>amy7)rx}OM0z}*dac5{r599{h
zyG3bMP_yk%DPSjUS`+DM-3h6v2}#%-^uGmL#4)-+^{UrSy0E)B20fiTVNCW|3t#m-
z*A4G_FS)AIW6c&JN3tCMmxsv8?gUofiMyMluab>Zra|=8DHBY#0Y;O&kM0_PuZ;0M
zX_m5P$b26u3&2Wn&0-t=Tx?D78B64teOG0?r~k)Q`CY_3&K6|xW40hKywk|DAm8V2
zK~^^YD}5H_3BPF<Wd(JbdSRx6KcF<#J-k@(w<0SUA5yQ%)t^JQ3GiN-4<4)H9MY)s
zd&(}8Q_T@1EosUFKuihHX;x*HQcvf-yJ3lqbei1_OKGmtEZ*1Xr74_qnUhGOvHcE{
zrOrhc{I1ahZo?Bsa_D9%tqnshwPXO>+I&rm_oo6bZf!M-TWebQULsg~4J?LWR)TfZ
zz+wsZD8agDU>yjSOt2&kEP-IH2-Zgfdyrtk1RJ7(4I-G+od&Q`8rUNQ`+;B+G_bJ*
z`+{Iu8rXP(tsvOb8rYLQi~gY7baBwKgso{0_^gT(I9LF1h7b5n4nA4Tl`Ov}zh82!
zZvpH5s<7VXSStYQrK+%AP*(jZfH$WqyjcofKfueX3U4gddR%G=Si^l79L~W4fCu=1
zPu=AF?_%IzePXdbbc?_{0Nf8gipEEW1*UGNg<&*AQifY*N2lBm6Ul5*M`yvgd;-P|
zw1+3+BPMx&b%5=!)Ypbrci^=lS}0DLrpS8?ajDs2jR(gB7`5+}vMO&;)>dn{K({H$
zh<O#_6enG8gm=X+ojT<ca@g9zgih1uf~FtGn#H;Iyx&_md{LK|eEL>ebq`y<gj@S(
zcQzMX>l7>4dwYNjvgD7e&1qQr<ZoOPfMfdmcfupS-&A4OPA7SX<C@`AsSd%AVXPBr
zOu2=V>a_q(*lNw5Lt*RKuWD{<V{%Ku8Fo;ej7wHZQ^7e@lUxgvTL{i)5BhDgZJOkU
zn0&9`{KG$X{2_I6159o&I3GLYm%xuS$q|^`NpPO<j~!d4PHu+D-2~^TGQaG6ph<3w
z$z51e`Nxhv>=%3FVeE^qZeU-;YXn>;5`L=)cE1MJm0)uT)>8xPPOwaZrD$MuLz&!{
zVEr_(RD#74Y@i0#pJ4R}=2!4vx{k2n8W<Qk_-PHp5g+M$Mm4S<FJ!~?g)`nbmwr~^
z^Z=aWKYQaGDkE7bN=*P^cbPZBPYOcic7{;sgHWm<90G)mJ_y?tgbjeO-Us0u1z`ms
ztn)$mTtTn^!Wtih4;6%AfUwF3VYPzL6%dw{;V_y~3BqHXM|eEpXOyo$sve2;FgaRq
z_Bw_|+>1r1-ygHY2uys~lQ>*WjdJm_)Okdv>dkG8sv|zVy#JWIlFb2x9ml*8_8gN-
z7zqfQiKrFVsuzl#&!}WvE6CUkQ<8(5#0%2JCg@%<1AhOGzY`vRn><a3o6$<CwevW5
zrT9)x-3F3E((B3p1S~Uu)T3>MC@s`MYVy}_gG0wPO?c{LmTI!?0$&((i|dqX!6tE+
z^H;ddvz1CcED%X>7tTQE^gv3CVTsOeLA0cywV7;tRQK2^kL}T&qo>^e)w$wjELf(F
z>~4;BalL!~?sn;Y@_);~@kikkjIpFo*rzK*#sUCPy%P3WJTS9lV;}iP4FzAK(Jrq!
zpVjPK<3%8%k7Vf1=NZHmp}@dj*M26Xr^y+d<Z*bHQeHIB5r`@9$o%Vmm)y?Bc?%h5
zU<)a@dRDh9Or3JJl;{NuM(J=VY=c>QJ6~oTI>GlU$3-jMy+=-YtaP{X546%<&p*&g
z_dWiBR=O+s2U_Xc_y;!U+#{;)n8rR*zSg-yu`Art5Jm|E8|IO#Q`o1gA%nT<a)izb
z0)~fd>4OleAn38bONdXf-IXr$4<oMc`~z%sr9=D!G<|6={{UNDX)F6MC*3qGFHFg=
zu(ruBw6@fq?=W>{8C1OX@F}+`>4fznwdBLpUGWvJTu#}H5}?dE6%RBR!1)aQ0@x!2
z8>7IU@W6T!EM0*O^T1jXELDN^rC*-$UaaEfa<Sac-vkQEBy)aDAI{GMwIgf?Xtx23
z59bX&$qKXCB&$&89qY-1TGL=X+SEvGUyEU?FE6;6j{bs$m%4(noH+FGHJp98p5kCk
z=?y7^aFV&&t7l|VnQ91i#1HT#(vac*SBH^tq+05tukV8SXbn~JR34%{Inr?ka#>*j
z^@M*qYWN43X4Vw)d`9VmUCrrmM0#@<Z&VUiVt}9(Ut&Q8+wQVdXH)>S;_PXBcEXeN
z$9O?TX&7t=-t=ms2Y`mAkgG4t<;qmUx*notC<h)R0I@Gbgjb^&4tY=fik;LjaJ?v%
zgW_y}($7w1rDKd3E>9+;UXtSx)FsOrG^J7V#U$KF5W$bZKO1xk;n+t7J3(r?9)NzY
zCBvX+CWGP({-2$v1Z|cl4ywBK;e#Nk;j>WS`Z?xz%~5mHQcjj4px9TaMCS@YsW3;n
z$+kkS!Rm^fJCL@P>a;Vzswyx0RjwSz&!!zzOOEvU4jf6H70k~Vrcw~5EK!gb?odhS
zL}|tj^+2Ik9s|e)6=0ooQEL62eD-MVu9z%^LLz@uAw@OiX0-6}-u!YrUmd5!$8}{?
zd1P6#mlacR)cT3*OX%)vlfiDPRJu5sh9Wve1hUMw+Zg?vjoC@CIh*W}CusKn04!6;
zlg5_k$-P7+%7B6NoKR}L0{jPQ-!H-@(cV4Pu%UlcexaeDA(Ie``$pGKE$JVngJ`+-
z#Ju@&g5kxBV4`?b4%qGJM^DpTjV3O0?<BmQW8w^s-2oVboAC%H=||aDZjMo~L^3^N
z{15UA_&D%xD4nhwBrxe+$k4;g_QdUVmEE#I+Wp_=I9@i&rr9R&#FkpxH@fA7>@itp
zTSZ#ZA8flyM^r}KH8U#G>{E@55?0x@?}M<@!_2k|;3#y~=K;8E$Ko?y9y+Wqy|NFJ
zqj;s`DP{)yl?i)l*vRv}bVuAvljB0OBlz=GOhY>D#M4Q{GTACD9px-=+Lo)Fwp}DU
z0aci;?{-JxzCJ@ifQ1X(*QEo=p*$c!sA~t^&9QX1;w2OOpiEH(mAGh~qq@+zXvm*J
zR)xtGxMlfDP;XiAxLbB%WhxDdu8YTXeWTk5&aWt6Fyyn2@#v$E!~W+FENro+uzWna
zNdARj4h_sku#E(JSp$1f@IKtqxk)n)l~P#0JOA`?&Gs5UB?^;T0>TSE2RyDjatU|7
zgi9Zv63P^W-vD8c55i~#VGAInu}_!-*e&(h%vfG1k_Re{@2*m5aQg_4ugduSr?`ud
z#@pmoBouxzx$*u>F}T=-PAYdRo`^1OCE((hH2!YW^KJyr8fDwZ20_SDrnrv_S|I9n
zyUXD<e%Ca?l`Ps@m~40G9m4m=A_WMr95yJ-&_FOW5ZTHwhz)Tu%4DnMiV*D&!mtaK
zhL=PNE;dnXiMHDDg|dI_iObSOTO}anxpizs23MB0(hTRpr^;oUzYd)vgbZYMXjZvf
zgWncI3aUI6f>XI2=V1sLJwvE5FX&V!C`fZ$bcsCfiC;A5Ra|(o+^u~tkMHR}JRC^x
z>0d04{2#ujPq$g3gP__V>EzXL;Zcn@4DPQx4tTV67j2K|!Dn`z+#X#F`FP`v25Pnv
z>Hc#8IH!%|MJuV)GDWmqcZE${mfNGV<ry)rC`?Q$vakgpUbGKo^6-w%a)$jIU_EX4
zrs0AcojbEOV#`5-?qziCzx!p{py@XmK<Y$6&t@ORz1vn9w5=tins0;)Z0m}mBzG6A
zP`lzrL1cn&Uc!<-Q%V9qj+<LSp0-rdyGltIbRghHIM<mLUx8l<Rx084OBCC{xCsu5
zAhrSgl};YPLT)kWwpIj?wqFnD<GkM$`B%>?a<TEsuXgMg`BcC*L*jStjKnhRFZz!k
z^}p`#VByFAulyZU9*+Abe+Tb>`~R`OgV-IBcwl^KiI=|vym3PJ=I9E9afKdL!K1+y
z!+h@NJ%d)k{^Yk3BSIPSUj*x5csHPSb;lP<4Ex2#Nj9F9Z-OOPdRR|K>)GTtVN$Ss
zKgAuDL_w}twsysZ$a<j?94bnxeGOW72|WUmZ@<VbY>pwn6%<y)RKlQs@orHW0j`E1
zPtt7X%sm;*kar`<li6&$E*6~(67AtkJ}#GEtm*M%J+1G0CU`A+B486nKzU|p6Q<%A
z@^^y*W*;9N#d<j)t>Cof?KIsjIK^Kl_^*ML!=sWq%uGC9FQL^WOu4bQa}pT1mUINR
z#CE(m7!M8!J*{d4btjDbb>WdeF-A{{!DvjgPmY#MdAA!(?`T?ZTgPZL<P8kuZ%r;p
z!)G@ZoU36#d+)Dr*O`8=$zCs7EGnwYjgLj0#3tOJ`}%gQ6tA6hS+)2<)0?H*!=wAy
z`*yt5+flCql5>m7#RKJHoqetc#L^v5MjF$*A2i#X;(jO7N4wQCIUaWRVe4;4chSi}
z@xa-lQ-N%PA1G%)R(GA<Vx3FqzjpyqfHTCbI}ak@+8L9(lrFDf)|jJHK+zXLqfRFg
z!6wg-rlJe=Oz|bqg|Mfw?Teld9;AF6NWt^9C3v%fZYl6dFdMpPjNa-v3X6CKS%Mos
zHvNlW>P!6?J7yEKF=+4k1@iiGCDpK{*sQxGwki{g%7aYyUbV%fX_B>(*>+a6otHZP
za@-A`vcN(q)zQyAv2QCW)mCgRMduj2ir|&MG6`ciR9H|5{SBm8N0@Xaro56coRxN&
z;Aup#b0AuD_^UstHus{u(5uE@T}#0JfepMA7<jnv+lFphMn~)AduY^al_`Wa=}@fM
z7OjI(N+WSN3`+|PLW@q1Zi__6Y`A8IOEj1SmL9HbE<dX+eK@#k*W|P&Dt;{CS<Zth
z-T0cdze+d0W*wdeMrljn7Q68+)OH)60##+Yy*GHpwGFIvv4uN102AkV^q1#YV#P^R
zWuMomvI|Mg-A^#P2DS)brKM<@4{-(0OXFrXW=*jJ?`Jo1C8#&XP3XZD;9%*&bxir}
z;P%!|+bIYw*7<#w6RsfK{*WOA`yj|Vc9?YRL#|_sjyY&bk|M!HnOF*@ZGy7^J1o%k
zlm|T919rtj{7k#-%s2st#8Fd(Kz#s#3fSN7*epzH=V$BaRuaW8F8V)yOAmvxxlZ_F
zn+T8HfnpTl26@N^Ogg^6Ifh?zVG@sz7OQ-F1C_WMEK|R?fdTb@<GszQ52}4{^Q;QI
zoIHuMd6D6@$nM-sPp0+clDE=pbCH+)?1}2{29Bs5@&|tacS781sxmSHTR93^8S5|<
zSQtzi(>g+MK80AN(!$ZS6|sYc7BjxwO%6^Y*)P`s25|KTtkHx;DQ5Vm1N_q#{%NeZ
zSiL&2oNs-aeIajs8p1D4@9*0biLh*G!#KiEl>S&x_$ks8kJIC^+4-6nf?>4`VT0M;
zW=I$Y4OD3!wa^6_(=$r@qtzG2Ye{FDllZGrzYjYK1+Z^>bf<Rxde{@-LZG05pwQSK
zV4JIZr@_EZI5;m+DA*$!`dyOTueL+4^)oR@6a^REjIK&-Mbh-w37BBAo!0nMMM=Ix
zdiks7f+q(qtJkGu%498r<Kn{O?F3sf{HnFI9mFRB-@UsRGX)#m?Xxy^M0@~Wjkvlk
z42Te1Mz*lDW00=_(vU++`bBWp&QKS3^v6aKpSGuc<0FK@qbQ1~VmltcM>>rT&$~sN
z*jB|F!gdv5+?k~#;qk@bX5pN)pkoAv#=2Ufv!YkZu&4+j&0gCCI+-J3G($6ith=^3
z4Tj|UA92Gl3Fr)?mXThp2p6bIX~rr1Db+m}jyvNkk3#pKlWv|37rgyRa`h8qv$KU;
z4jM1olUTh?SOwC<E2%REZ6gy2*4Q^#Cz))!q>-%2A;thJd$psTkd}0to@c@;i*~t=
zh~bNPo8$QF%O(lh^^{WZMDooT{MDjFT=-$x!80$?M6<bfJT}ei5aP>=$PJ??ZQs&V
zuqR4ob=sr%PDbA(XocN%+Y7F-a`Ck(*TjD;o_o_xQi{){;-B>tKMabW1jP@cSNCBM
z0Mn@0@U6ij(A5HHMHn0Pd|DHMqT+Hp#%KGmVKzV>JLxqp=pFBZ;`&4gJ_aY@G*0)a
z<sFE-7mieGS+a+Y3Yx#uTySkwIgbD26FNibn@j$fJ^n|H7<c$Da6xMC!N$qu0ya)M
zEvIqPlMQ6gQ27()bJtZ6u<(+h;5C69b39{*NogoRM>Bc5j7nG)M?!W1Zk0FV9}C~M
z!^nRUM*fEHaOCGPC<YgUPFa4QZ-!y)&pHuK97Ie692_@n3S=`J$-Wsob!}~M(Foyx
z&H{VZMkn1)w?Lz{00sbtFYH_dZaD-#1CQi$a)6SjfRc_xNeI+Zn^O{^rljJyOvx#h
z8QnJG{ezQHq9aP0YAJCwJn4qm9|@DOw&1!-8#Lf;Fd1t8axd2G&R5mE%&Dq*hEj8u
zy5`AH^P){y^O{<knxARN-APJ^PRS<=KPbO;D!(=<zdl!fy|4Uw<CI3ea9M~;fPH`j
zW21KN+}iHWmPEEq-?kc-5leGM<w&5iDVGr=Qb^u{n3Scg=i8Bxo`-EyCm(w1cjX{u
zI<(BHJ;!mKYY2qUc{~nR+ppZczK4>!NQogIj4|1sERLw@$f)@~4`njNli2-W1RDjt
zqEkVsLi_HSO(Wo?tj-#tA<j68)&-OO0k%fAT7zq3{;SkI+q$66itfCnznAlHF8OeL
zYbIx$<gy;-%FGQo>&&)0OtVdLyM64+3<W45@_Op5`6i#H9m$v(_cql|A%P-pE>tz|
zwFj68HWA?VLe&abzZV0<5ug$P1`bGo9E}l>a9{y8{*r}sj-}T&f0NzR{I8UUgZAF&
zVD(xSGG{w0t$mXzSRLJpTY0_Ibsb5by>sYjx9hNSx7Ym&dRer07xU&xf~5)ctz$Xv
z*0$pz$E7#1KN~V}2$(AMZ=-NY5ZcgwFImWix4#Vo;AaXWb|3iQVLPgxl3{*FzR`!4
zyse{)2BUN>w<GymJ`YK@Vy^%LaTo~$+9r0Hm{;5gZo9e#w`XH$G90rNS~8e)OoK^R
zDjP5+ypC5g;6D+^mC>-FpOCt^pWtfd?N9!qXuAMTi~`QEWof}J8V!F4;JNlMctb{k
zyc3>J>cRGtuQta)U>CUWhXm6MCZ#{bWJ?YYu^@QGQ7feg$U0gNS7&t<<T%HwuwP)1
zZo_cIC-BXf9Pk(xtSl*^e-rGyG#<5E9fQnj@$n5FN$t8C+q)Q=wqPd&xOsuLfIl99
zLDa@Gh*~T6ENQl0(S1t#_A(02TVB@=^FOA?Y$n#WuD4k+iw;yj7ALsn$gKCUEY1-)
z?|Mq61?>dqMhtoeMDCr}k#ESD2z~3lj)Id6fO#l`Iq%c3ZS<@v%+|#B`4N*enuGt!
zq4gB>X=&D*iZ-no---Bcn__}olNzihFW&_%n~-u~ki9rwdsXq`=<PWt7;sr<#rcGB
z3wSAjtZSij(F+{k^W_yA!MAZ7zrvdg|BySll6)R|+x7{1Ni89tX7D!~7kkH+=o}pp
z*M&cbkVd{LdxA=v@nnx4Qzy&<Pf!YhbBqGH+tX3GV4|}f_8ZdBosq1>wb8i<F`8}J
z`jV6|9E+Ib2)<~dvm!G456&GxpR0&8cpjiLJ3fhC$BSM^>Fa4=C!A`lIC{D$SyrQ?
zr*fGMiL=ppdwpW#m6b9Z6Q)lZJ9*M<aA?(nGc{wvbPZEm8xvC!uUS%<n!AITy5!5$
zCF0`9AmW0aRs_%CJnHFv2Ry+*ri=kpw2{)Ixc911HB+nKMyAqb_n#Tu{b#4`p~Td-
z6*5zn9zDiQo-h{JXpT&!Sy_^XDfd0ZR0glPTw&_NB4R2tz=x?!;^J4%R5pE1<exc2
ze6GyYVqWxON?*pAN{mr4wf8M#s!(QXH)pEj_Hbg#xm<Cgd156x(KLeB)af%kj!6e`
zR(A9H$`n?P6%s4^d|BB?v^O;q?dA0OG-pL3k}t`uRPv%LDP5r5MZ%P56)WyHk(D^v
zOJ^eYC)$BOYLZ$k*UX*q)2Bg?l%zyuE3CX4L9Ae2?s}J4X~0=Y3G`tFlN`YY&PqCc
zuIH>|kQ33&K+Z}QFFK3Td63$KciX5~=|-%qky%;CS-E$62(dEk6)h_ho&Z*uw2HDm
zsW5XgoS0e1Yuv3c(|0>Dv)-4P^+f$coS8!Ue2+7;n~2^gGgHQkE~E5v&djf^Rm?p3
z1~L;SyCXGncckrQ-@MPitPHUameUXe&%Dz-9-TUKPB1HfU`?FN-bS261^IA-NsizQ
z&Pg17Iyona<bX6Kh;t(HqD4wiCx@g7b=91_^*VBrD|51#a}q1N$KCRh!pX%~h!b)1
z)NvEWOq!Cdb&flu5plGbSG!T+Xx&!gXqhiZ%ZP<qgNcPT^m&eRw2mlWFLSg}E}GH{
zIY&vYR2+Tx8gg_==BQF}70W#jo?j*pw6WvHO_(ub+H~%DaLmN1o^^3cL*k~ASGiu{
z=ExS}hFp5H)iFci27U0b{^8t&(dTPv^a-AMKoSRYZoqz4<W3Ds$niFC^K_Joo7=09
zo6KO&O;#{*(^i(y%@l6NkC`-e%oK2R0up-agc+6zEJ-7w?=&E$vUttw6sCeXQ`x>u
zWfK>9!-<Pr`aI2<T1><*lbKq@i(W<PYdBLYTdJ6fC8qYtOqFq_Vq`bR1C}a-4zAU~
z%`yAA<|RJ<WOn*<cFK62Yp}ev(dGF4CjJFC(nLdWt4E0BOT@vB5%gI}Sa8gQ96&4(
zC=LF?B&Xx2gkM^yIGFe<a*$Gsb0F3t4x+b55(fn@DjYN*vfHqqH<x*F@J1MMAo4m_
zaSqaJ5eMl+Lk2$rJHbiLtVQ|^|I8w+Y?*@`URn;N=W-4jsySG@5;<5ebFh(f&}RER
z#KBI7!a=4?_U38R$IP5GVb%;bs@f_{R2Ybfjl9}r%BcE$6OF3ET0WzykXWeTEbODt
z&iu2CC@+^el6cV)rC;J4r8HM@^z#bjD5^H+D7H3n)LIs0mzO9Uy}wlEXd+{2iq$eh
zBg(pRj<5*s9*8*lZ6k3MSKEi9IIJ(YCm&@g^f{MvB-SP&T$^*0!HdqI^h`R1OqkkC
z#gRZ9Et5G~#W`vvdsuJj;mG+Saa58L>v8|Spg!@jidUAa@DaiJSX0|aB(EXD^Ee;t
z>GK!P$3~*JQ08MdFM2nn@8f)Y5UJuLaXIpV4tIbLy`K1p+TM!zc*L&o(TDhmWj|vT
zmJ&U3xj2+q!ZN^P6!FvV8{#KS@52u!If4TpB?hACGn}&*t0&>B=lmq<iJwGDPoYPM
z2?v|1_{n+&`N@{~$>IF8l!fx57ZkM_WH7CiOejyEkUe26OVSAC5YAB!=O~*vnz4cJ
zZhSe)B^FLjCKi^_=gS%Nxr!)XBXhKlbF_}q*K>}7)EupRnRYiaM-u0#g}l4@+9q=}
z*{ZDlY<DwdZ1$L$V<%fR91W>Q97&v`EaK>$uld%-m!nI>!cWf=3-GX+eP(k8^>s)R
z*O9k2b%-M)rAN`Ze?r$LDvox&L|dCW^46vfanxMaH-BF&b7Y-5YdT}YD(jo77zc0G
zB~CCm<0KPzF?C2dXHxZ9{Mw<Rji}8g;{UstK63~wS0;WjCw?)dFXO~pjVj`66Y+&I
z@w++k&1Aj5t%vyRC&rAOK4B`?`^PGzSB4PjyE*9@xNG60@1x4gIO&Htt>r{|4*!%0
z>yk`*B`3X-(uEKreRE?K>E>m$WkHyIPMFyd{M8HO6dBGCHiInQG&LIDMs0)On#7!B
z{gCX<p`oQL{sH4h8pS_gdPsx$2h4scm4ASAle+N_5ZO{Y{sAkJ)Rcd~8Y_kJ4^SB-
zfq#HHBwhJ{KG3fFEdKyqRyxc-KvkE%=O3^Gk+$;>*jq_o@(<WEO7HUz*b7Um_y_Fv
zB|H1TMOsG<HirZ8ea_Sm=!tNK<|wx>4;PxLNgc>jvoxvcJT+UBI)bO>Xi`UGs>fVf
z0gT~*#omA?IAEDKU;+oM@&;saz#4DB(;TqQ8!(jv)_Vh<;Q$|(*cJ{b^ajl0fZg7J
z*&N^#U*I_oDDwv7azME^AddqiZ@}{$aLF5B<DC(vNnOfQwQ<Z>U}_-R^Dp5C8TGdt
zND4&dlN2y*A2T7xGGY4E8D?8fOD2@ru4e3$6UJzSvXu*EJjsL5WF(a9t&j9sFzKA>
z<=6RwNuR&x^99p$&Zh&BlE{y+)aQLnD7@cD5eny|?n|00XMn&#*!D2u;PE_V;Sc?f
zmu_626D%M6!Fe;$obh?2xAMgg{I+qL`GMbq{8M}2x3;PSzsn6(H0Rkp2Yz&z$`|*K
z7ZS~^t=W=3ZR&(+6It_X+S<;S4f%MlQqjBK`V7{<Pw*_yiv@nXca+o2kM~CNPwnyE
z+NzHCI;&YIe8F?P$7ONJM=DtiM;n`F0a+_Ik}O6E<$Q-rT=+Qlj!HcJ^bU!qMCU=J
zRk(7!d_i-@SPt~$k&k#!ZhB(cWb|$$+C-0X9T)=C&86oSVQ`C@GnqWv$U`&z-=8dV
z_N;35@a@O|p!=I|h&^N?gfpR?e))X*rE5~V)}o?W%i5YIQjyYYzco_k<S$A)@T2x6
zxzrARj@p;hA;v|YqxM&y)i!{5*A1}6rvaLU!j1R_RRh#n<F5gl@dgl`KY8=CaekFN
z{iG+JQha#YnWN<?<*s=O-r&s>bc=NAYZXrktNrox7`I|h(WE{LM>-33!R3kS%FmBW
zh|_2Nx(l6pPMusIliLc;j*>b#6q92F=Xp(XI3{-#oNqh*I`Vl)<NYH9lUoZ;z00pF
zi*H?iy->{j!|y}<P8EI$bXE9uPVt_`(@-QP-zPW+UsNaGgUOu*=dFu=Df#A-U#A*b
zm(|IwFgZzZM*r!Tz!QJ^ZSU8w_-(4Rzx;bK{0mJ^*M389qBOoqUPQNF$%_g0ss{E7
z!6p;zO$}@n!O{u#jt2G?!MYLb0}YJaj3pZh_8$%GLxSDffUxx%*e3)lC)n2-*cSxb
zMX=2p*am{FBiMEg>|25@A=oYrtdL;Y1lyy56%%YY!G6@h_7W_SU<Wj?p9t2BU}YNE
zF9Z_^_L~NFm|&;BM%XD0>^Q-86YQJ@_B+8oA=n=pm_)E;1iP$(RS?WVu&Wx_p9ISw
z*i8-W8o_!I4Bmr#V2=eNEQ(;iYGC^Vz2D`9{6)9T^`&)lnhVaGSG<ji-B)CUMSyV0
z2jMRTVIm-$@j-AZ2>k%zh!4VX1tA&`e)2&$s2~IaLa7hJj|#%6*$iR34?>B8Py`6y
z_#kXk5Y_;~=ROD<6omPJ@SzXFX9~jOfUw#J;R6LB84zCeL3mq1Xa)#NeGpbE2sfW)
z2#b6WUQ`f{0K$A9gy$86O@J`V2VtIqunG{S`5??x5M}|wlRgMj6@(FhFvbUAqJoeB
z2#@$6j8YK70m1BpkbXrrbib0r5K=WV+JM5io#3=w@w-}_{TpSp@FmU<P%%C8<7Ywb
z?<Wki#0t)%J`|)~l__`zD0twi-!<iN%_^a+_>W!no80so687X5U?1{?$3A2%OMD0u
zr+N~nXz6+RnoQ5hS&W{%Yd#(Sx7?<MfH3QCpI*5tBdi95N3MD!G`S`t%majwYuwy~
z>+?-ks`UAKD^>cudj<L%aejnK*iI$=-2b8NUEs1PzW?!kxX9!6dAww(n53wbnpm2k
zmY|~h*ke&yQJG)~Y2HY{s7O)3cs`FLX_l2G-PB6U(oBpBZ(vvLs+B2TswFZtP4UWq
z&YUy5v(K(r-+q5zpHJ+}dC%^d%QJK4%sFQk2~XND<_Pof&2!K&<?h?Nny??}*p~>a
zYR?e1H)3HgQZT0@S9knze1CmyFEV_I*QO9M^mg4EM%9uj^T=)br+7u;=a|Bw^kK=`
z4*ZU^z1kMSvd1!fge!ek@`AP9iHZ8z80`Uei`u=wNie4z)_$373Z(M=Y^+MG_Bnfs
zFF2Ids%A~FB3O*o-s9UHlt}~pv$mG-^OdLe*N=+(JNt0Wqrv9J{ohlf!7}J8Nm}}B
ztnvBLdV}3MTME^(?ik}WoW7o<^(XlD(dNGBq_ceqAy$pno8@KW@fo8W*S?)xC~4n*
zUnptceqJbP-*zmNv~QaiO4_$|3nlH_>kB3A+meNn_HF(`N&7Zup`?AwUMOkbCM=Y+
zZ+9=0v~M>ql(cUN3nlGa--VL)t@}br`__J;q<w3?Q2H$>3#H$}u?73<`y8shj0VKF
zu;*djFzB!S^<dGtg{9d~1zI;*d!Hq0yMPNu2ZFyw@a6<xWWZCkB7jE&Jd)ru2)^g2
zJ_hTxaYmU5+GtCeAynoKxlAvkOokRYOT^k}JBtQ7{7xDJChu<}fJfa-r1DsawUhwO
zowkP(rI7fF5}={ewon4Ja@zYdrSMK~P@;nCHz)xbH?3r*6m2J;5};YrW>BIU5))@i
zF<8dTlp-<RG*g(xCDK!jHgKl#%NrGUo+1&oE2zl61nlKR{Gq5P;rDkk`!J06<u~*3
z4pZH3?tQ}>^yp*Qpm!dT8g%z#yg@M_0~T3h6#0mXbd!s`PDT7ikz%8WpNbqiEESpY
z7!Op0u0U+2s+nRGxQhyGk_#kaf#G@qk5S+XD)8iC9DD5$+g-<AX<*OgA~ub%hjKaA
zsbiZO*slm1Co@ux1rDAQ1%5lH7bv9yPPu>|3smR@HX8+|QGuO*N(Ju10!#D)ON|28
zQ-Ni2fh({;j$YtVqd;>ikS!Oedz2R#trxh%D6socEHF$iP=y6z^a9ry1>U3rt>pqw
zV}WLR0hdwW5h}3%kW?TI3-HS&c!AopdI1j=ct<YK7Yl6B3se~e!l^)>Tp$<=l<Eau
zIjdWx#%RAhg6qX&H|mST^cyYlYMfk06vj1Q*Sf*>^dz`<_)cnzvdH$dxf_*7y@m4V
z(JA@`z2W2Tg^SL0<xv;1euxe<E;Vkxc8k~aouZqtc7|7V9;(0Q7@gL~pb9BTsFad1
zok}XD64c}_;o4v{-K2N#nhaA)s-1r8Ef)rS1*yQ}A7NH;Ri_1U;$lfdZPs#?A`2CQ
zrEQqrK`bdj#FA4tyd)!~L}E!TyE%K@<caAML5B)PO5@=wBf(vF;tp?hE~gOT=e3hR
zBV$fsW2h*`u?<;ha3vfnk7I&_5)RW4rH(7%1baEU2_>CBE}JCSo0|4eO4fwzsT50n
zk`YV21@Z<Hxwkm<?-j9%Sb)m#Hu4i-r9OEIvYJDzikq5?h@~Q8H4j-U6|Ann^lD<Y
zTCl1St38Ar%b5p|RhK*T`V~SkeP0@9dJ^N>uww}$jy2>sZg-r%hL*VvjyFt3jy2*~
zBaZWkvpnMX2x;ttDL)(y3M1+2^`v0pI9a!ZB;!Gk!SO504dcP7M%!jJM^3Ae(~{-r
z5u8)j%wV%Mv6)QvjMa)lM}YjEEg#x%!pXE?un5y7#9)PBa2qjr#mB9Y!4(sA20Jeo
z2DIIIdkPNuO=;}wyO2W{ahOro+~DxRNyy<gVR1<uW^gMAZWV+a9T6PXVOpUp)?-45
z!&u#Fk(#iP!QsoxY@0BJ7~Fvj&R>QMPLP{$#{<Y<EZG3=AO<IJqXur|gNBHyA;jPW
zOlJ^-rGmi~x)CBVm^MLY@N#<wziWyNZbJq~H@cQHm?|^an;2X{3~nO^Q@O1Ix86a9
zb_fP{VY-?abcYgy;ksQR{cN_}uQRytHSx2_&a(O03?)V@kkQ=NuqBh_-^|>J$Y?lO
z>QxY<$=ou5pE9BqUVJDqs$x1R6dBDEj27v(g4B{73`SeMX4{fwO_0I$$Y94%Y{?|K
zC4ZTK3>FcC;)d%aJdg6Bg(FNjg2DBet{?`F2nOqj!6;#F{z$scV8N@pxw+}rausp7
z8abT)Dus*XF@%W2p~PVwak!c|R8?^Yw}QrTk&TGMXiUd6LJm_K5r-3WQ@?Op|I&00
z8@(#}dfF7ducHlnn8wKH3S{)?E68YkSu2Cl=k7;FCy>qF3Pl{k@KYck8Y;p>BN$zb
z=~7~JhhTIUG1^%S%H9T}zE=dJGwkN_Cd6ndwJ0$fD-X(}>B#6VVziVPjpfJV+#UuQ
zLl<F?O3=v79fpj?hY_QyZkR_i<lOQ4xwi8a`x$bU6Q!2Lv_8I!9LAJ2HaNT~J;<=C
zAR|IyCQ7b3lhHpX2|3FUoaSIUk2qZ|I9*SiMhX+c-S_F7=Dw_(5E=r|;V@)#J$*V-
zKZXB#J{fm%Q^;7^f}jFz29M+-+dDA%ASHJpZ`HztP@`9Cn16&!2=6-<W0)2FJqe9F
z#bq(ky2%~cLbSP0SVT?7;Q$t$oy<1gdZqeMrJ~6+E?lqFxhKfJ(`l(x4BDujp<2Xa
zGMADnTGu5BtGi@+bu#9slGWW4e@T^!#7dQjN-fr{?nnw8e6Oe!ni*tGAX9Z-KT(@U
z8qr9iPrCKm^rqUBT5D5^>^FZ5*<X#xC#W{-k?RVq4cpGstG8kP4ysMXQN1?x+AR;D
zl_!i}kAEhd+}>G=C$}KrZ-6PH%*7T9EqXDY+ycYeqq9kM1c|AXfYGLnqXdk4Z8Rm|
z$EuB>1WYm707}5bsP&>m5swc_30QTs)|7y?QfovBSlP8xd89f5J<=bP0I^BiO9>G5
zw67@vlB%|q5+Gq~>nQ>I0PRgm@Yu;OLc%XhYNRvhpDDOicp#yg2$6w=10jlyeNYX-
zEp}Ibgow#Z&i#wvrGfCjLlm2n@-qat*l3*(5sQzU8xpG6TW*Dgiq%xkZBB5DJ(oLF
zNC$FmTY^^v!rO%ksYlN3L~x7kSLaY6#mTwR1h-g(^#~PGshrz~;1)ZvzM(?QmU9OX
zygCqmU8uBqkO}cbu$Yw%C4$8^Z#WSw_GTU;Sd8|(M5qfS+(eZyTT|Rda3yePCKJIK
zNVppav$ufSK#r|b+%N4p?jr7gE*58VR**|$;3a+^x5o6Lm-v*I+t^(jQhC_+oaTgm
z_P`^y_7Izn*jfsVIBIL*u>Yv72}ZWbIH5Jq?xEBu$86F6v(IjG-1d{pj@zPR{<gI!
z`M{JN&a-2bno%cg-@W&QE#D8Ev^Cf`ebV+E4=&iVY1nC}_;Fe6)BGH7y6K#IDxQHy
zAnhR&EfZ-9(sE6-9Hbpw#A&llw8xOP4QX>tv^hvyi8Q~7_Bhf?kXB-%%|lui(iWL$
zPa-WDY0sHxPa|y*(w3TN&(rxo(q1*uN|6?VwAW3v*N~<?#c6MuXm23xbEK^?(cVVd
zYNV|<(bgjEDWrX9qLm>n2Wgv3w2zQB25D6$+GeE1Bkgk&Z5z^}koJ{{_65?MNc-MI
z`x<F~EabGGOthUy+kv!d6Kyxr)*|f}6Kx;T79;I<6YW=|<s$7b6YWo=r6TRLiFN{M
z!;l8o1Q@jQNQ*{V6BDgb2&XkeS}PN+1=5Zz;I#H8T3e)ji?mKAT8EH8TaqVFipT|H
z?(C@4%&{Co`*grS06by=%+>+z0WjSHn4tqsC4=>W1u&HWG1@Kwq*ws=>45hEFxmpR
zn*g!e(*W>V07*I^8vqFwfJ%UPZ8QMlEP(5Dz%>B4$^z(jQrsic3IN?KfGc&t(K{HR
zg9Xr;07=>o0JOFMF4X~V1HfqkxCoG}Jplm40tnFoQvmR{#bV$rnG~dIUH}}j0FLT_
z9st;H0n`v+g4P58KUx5LbU@ARU^-+0d{2N3Z5sfpEP&5+z;XbTTL7C0kfY57z*-C7
z109eCfRz@&niCkq55zAm0WdFFFe_wCN5DL7!Mt!niUoM;Hiq$AFbibNcYw*WU>+w7
zKbd_8FxeK&!!o8AF!x(9Q*|Sl$pA>P0Md294Y!d^34|~co3dXsrA^rnnbM~0^Gs<|
z_Hm}PDSJ0l+LXPPDQ(IYXG)tgf2Oo4o0%zX${x&=Hf7^8rA^r#nbM|gWTvz!yDn4O
zl*MF9o3bvM(x$9!rnD(*oXJo6yYMT6>$Trg@U-lfui>-|T7k)(-=)yGIvHSWO@ZTh
zMy!qG#SUw0s8|QN*o#Ineyh$CmSVY7?BG{YvHOi;{QjLgQpAZpoXvSsq!ao<DZ<3#
z>J;g$zH5rG)9H{Ro!YlZ5hghyDbo4<$+5!l<j`2@B)^)nleO>1N@x0?P<E>J@mT3}
z|J||TvXK>IrE~u0DLX@Za;$XXUockKCOk4$I{Tk8Rx(sb9V;0E+&WgevS#>L$toaj
ztYp5>lM>t_sMA<sFK`KEb88+aCAgi(nR_~-doY~n#qABWA5il*LyU0kV8;G>Z`_&e
z!w@*_{ytqH!XKU32R==)dCIVP%Cvc!Ve|B`%~P(;(=3~(IW|v)Hcv(RlV5*&LVtQv
ze|k!PdPaYG&gSWb^ZEqBe`AZrNKIZerX!C(7a7x4j{nI|EB%8LT<fN}Ss$>?u!CP)
z>vnkjom79YpNFPu!ZLXba=1Qrl>Z?ox<JuEWXGE>dJx&$fp><5vkm98d8lP|m*J7p
z9=K4sCJApRi3|wSCBk>pMI{jJTvZ^MR0&bmD{&7lyc8Z=46n|LibNNM+h9BnE^Mt}
zfYwD*?fetoRB)diE??r%kBN2Xinv$@KW#&-TVi}Hoqenf?zio8qR-dbu7cLQ-M~-{
zugZX?HKLFf_xt;Q7>g|uHrNA!wW3ELK43rPw?X{eKYOA=oSs=A@3{3{@dmu0WIQmI
z-P5pk>|tJ4vg>vG&l}mgl3pLU@HE$BXnhTU^XGLVgh(x8im;5k{Voy3)_WHkCLHXg
z8wiGL{V8)hWb&ekjB6fWTioAqE5E-Zy|4NHj@!TVDz*LS{tonidl>KUXvv!P2G-B2
z+k9`wl6!6M?XZhyi{lw?^O=g{*~Q26aJOTW|9X!<490U-cRrSza&v-N(3R(&VO=>?
zbY=7W)(W?E_4vn{NBT8hG18|@oH{XU+`W@&q#IF-ep6_qW3+nT9__OJ|7mCwi!01S
z8;lyX@pHt`-Z05Jw6kXf4(sfPp(QRnLT@dSM(91zGrvB>N9fptI6}Wk7bEn}65A0P
zRL@7~ra~B@k;Vw^1ovMTHau)^)JNqY*3317EyH%OKCU|efQLX7!?x@JF>IIKA%^Xu
zJ8*>d>LCr=Jjx93A%^V}^V=xq_<iQ_yRMIU{4V<}aQu2_G(3KHr!+i%;d?k}$GQuC
z${xbUE02HcRQ)+_zk`k0)@;mXcVPn|9;Tg}SgG1(EHwvG?<zEMZ_R7X2RmH#_>}&k
z5_5e{#F*>z>!*SB$<1!KKFuy(9|-38kE+y<RU!i_@v4KW6!siTft1Osls7A&N)W#j
z2J5my3T+94^))V&Wb?uL&ORKh-Nxf!b!sb%Mc~tyiy_`<KzsBKXpc_<+hcN8!|ieQ
zo`2Q9S4oYL9|u7(S&OiW-@k-aJW=%J<1_90(q?`g9>D*#7XDXeHq8H^i}U}l`t#uP
ztRmNnA=(_O^}VRp>c=k7pWo+8{rNGlJu#E_=f1tzpSRyD`g6Bm^yk-pYkv;EDxf{K
z1-8eM=?%9>&oTcGf3LqlV@wi*d*}-+^=J?^#w)r1;P*PWm$^POssiit`GXDDXUyII
za{ZL#!QN(hkad!);G7~$fn*nOX`)ygWy3C)JJdTTz^VK%#SjLQ*Ts=A=r)AG-NXN1
z2!lB<npVuN&{9`FDpt&*@ir^wbc-N(6<fHD&xD0*lCf|-KwtO^I<t!y+223Xpaf{6
z|38WH+*ADhU5)ognIfdViECbW*1ok%1N?0CC9`oN_}R!S;_~~%iddW^R>b@yT>Lsj
zNh{)1%520k({1LLwmkywU)yR~|E67J{Y$>c?+J&W^qX=O&QVBiW528XoDgMZ@5Da!
ziG2=o`*QzG_Cw2v^*YY8cAv?{lc#<Q{QmA!Lp=Fa$)32+bAQUu$yH_!z(Rrd_h9*W
zEdS@*Qu$m~K9-jc{9R()bDQ>Qbfvj{PHYZrpPo}2ZlCfy{>kr??0+HHfaw?dTd@8M
z4a;8-n|LL=b^dx@G`k5jgR1~e3`Y6y=fBu65%e`JL0C3SnKqtc1V{!N%ehG)`@ymI
z;;ogs*=@L1c2f|Kb003UoZ9UJf`sKQ`!&+_HJ<#+aEO}EuUvA%lM~3Pm3Z9Be&(o*
ztE8JFEAecZpGe}V@#v@!x)@Vi8!s59$a+)I6r<CW%=-;fj7GsYy~HNC++nUO_^mAS
z(1eeDJ_)<z*~u6K0@Nk0XohiJq3AJ0`FBH4grXfrH6|aTq=sCA7K8_ZsH0lcVLnA<
z?svtG7$XS82Wm&d(Z0BV;&pI4g3(cpgr&)Mg9ECUMwTX1v!@u<yPmz&RI^wI)=b5k
zeLRUGiaM+{i^uR5XQ?Vln0$<qlC3s|6m?+DCOD*U0LA@o+Af*T>>JThMD^f(75Z@_
ztc-K8ZgL)xo>>(i4%RbzCBP0m!S{!$9xJFG@mP<O4`2_iwyDQzWV}ryWV`~Ci>Mxw
zfwx12Xrfe)U6@bNMEX7cCDj8$f49SWxPwR=5KA&y8g09hH-NQf*@wW{p)53=S;76`
z#*)Gm64yY2O{G1?;@q38T|RcdB`*9h-!HDh*A%PT!BzOGVt45OilPLpEHDY!#!b)z
zBn&w#9}73-*<F;H17~edi{CsaXLB3C_{)@<J8^+J_7E&k{fq^wFU#D+GZT!=c$WDI
z&m3iBdIS8aX~7E7lCKAUYRe_0_2&hkKLCzc0LKa7)Y<~z7enX8yW^cPQg^&M2D@X)
z7||UI#^B}d-MP~Dur}R;9+5wOAT+_^Madp?Mg(=Pmp#{pawQx5dRK^FFMkab@8Lm(
z@<RDFoQ0P9Yg8@N(~;kH6a!a>vv<}0#f$%@{h=Zkqd$=J(K}U9GD-VP?MMReMpdlk
z@2f)3x(bRz^$b<&Wd#-4?bF5jA@r$F-7V<=vp`J0Q!kAmeQND%oZ&H1$?W+R{tR!u
zLq&z*;SOB`@4pL>54r@%+aFrizxyw;{w4ie`5=3wE*s#AH?yx04~FUMyUNygE$L-8
zKxlO@0;p$p6)5pxjo)d%#s}^vI-Bd)t=uC2q+dk-x#?fmZ-h}lj+xoVTE8TyU+F!D
z^il*+Apre&Aps^np#NrE9-yE5z_R~MyU70c#(!PEVTNp%D^<=SpJ~ccJL&A_3so-9
zIzE?0n(H@rLty>pjc>Sq5f`f;`<`oEij&o=U*!m=Lj{2ew)WYb;dWrQjO<>(b_yWU
za#yV?zF$~2wKe>}SON3)FTEuHbWm1A{%J>6%fhd-+cB1pm3bBZ?aivMKl?9S2-Xsk
zhP>YJ_xHm0^UdGy_Rqhcf06Io$nS-L^83}c@;hIEwGV!^6XACSi12puJC^V9s@)*j
zWj{y)^#xB~7NFl-ZyEphUS#~=@bC9G|FnI0w5#WT`9HT0FW>Z)|Ij{jJDS_)>Gv)3
z-?)p+e<T0j>X#Oku+iK(h*T<Xz}S9Ms8o_BT|mDy<3UNk)Q+D)kK_8K*<YZ3>BLP!
zzm)s1&@WAY*s5Qe8xhbR>jK+jP-?^N@ww;!ex6aQn9egmA5&<1R`K{X7d@+ZPYFD$
zn10#+i?fO?3r(7rC16XiexlI4w7Atq^D@kGRxzT1vkIG&hrW37piZ$ldANpWMjM&k
zO$wF*RH0N}1EwC9QwQTT?X_#@G)>pB4829@Sgsf><g!kKQJwOBD@n)Fgfd@l)zzx6
zY#*@xt_>Vdf85jXc*-5|FZ2gsDD3t3W+Q3}j;OdMFrpG+L}e?Z{Es==&km1$A*e4u
zDg)mr7+lv1Z`~{VT<|iR0ZmYC5N>hR?RRC65??eq%7uOHBco^YjW*$C=UoN&Y>~ow
zSBiY8`xSG4D)J}pCtT8sVstm9sHwItX&*Pn(VxRcY@4ZcpR4STcH7nDL`Bi_=qe`m
z6v;iP9Fj{jI0Rw3lvvv#Hv79AxGg<GTjaii#b0{sEWR|wmc>bpO<r@~e$fxjI%F>2
z?n53_<Nz(a<_r(cYKP?L3?5WQ7)#yL7#LN93=Ib`dW}%+4l)>RI;BBB#IKwtC%WU4
zg-564@^wB28CJ=6S2)ob9-T=+lIt@#Qeire7+x(HULPcDXhug}En3!pmCo>-$+j&!
z*lBX2EB+i?*5uiF8!@_`7!^)*hG%C*kmUFb-cy)9LX1WR6Qj|=$mlL&w2xqPe=nWU
zL6dA5T@_|>qPt>}@a&WrUD+EMjV34FQexEb?2HMP{GGug3e&0NW?Ui|T}+JbAVy<^
zGhLj)=$Z%Yo$1;Wr{qjm`T%m8B)c025vPlZQ{hBsxOkQZOODUr?S$za#HkWOoH|2D
z*+ZQ67OtN2d+MA%`+&Wx=i`l#(-P$L@ds>NJ(I5@_kD8fEg?<~S5J3{<Nyth`^MET
zy8kh7nnRpc5T{oOm(O2%=$y8Gph1_<L!roU5i)#!qK(Vv@?PY`PYf3k!-mUeUWnun
z4ddCk*+ut9#sCQPyB}sS_~OI{T|Mt32J@&zC)&7rHX;T!VlYn;sy5;3c_c(~hz6HH
z<FXdr51G8$&d*1$HdsM6K-|f)cOk~=E#oMLE{GhjjU>B7NGzrV^rz;h1PnuMCMDq4
zqdiCo_|0qMDFHK;b_XS3p4CQ<M9tC=%H)=B{YFw`URim!j;(jD!n??ci`Ur{9o5$7
z>pp^8{EO0UeZD3W+~Qm`Ekyjh<lO8F`K#rGh<QWKop~XDwb>zJK9qAGzmUJ$|3bt(
zFXxsJ+~TjcFhs0la_+MPxA?0qA$X)I_hrg8dxEV9vD31?6=I{2EockNYW{Uc?nU1R
zla2pQiYO2%WbW3{AQmMzWC?dQU#7?K!_Txd*%FR^CVQ_4Qs8<3l#MPdh0hC+jS6gK
zBl@|_c~1JdaG`vD3$V`}+uAVPoH4@AJWj06W<B*f1!YD<J_oVV>|Yi-9v#bgMcAHe
zF#L)Z-OBe|%`0%vHD`!oFc3P~*3azizinN_-al{an04g|z7L2Wcj1_!QR6NUGt}mF
zGwnUM!cW?M{0;l;L3Or%Ufb(zeaP-TW$QzB_LMCrb5Ha7CZ%GmQ&XMpq4>8*n`ENh
zPw{V&mTjUvNbzq|IBk}R_9(@_MVik<E2Q|hNLy&4&8PUcNPEFVdzRwgB5k>e_6o(n
zMcO+i+A4~Fi?k0+wD&3gEz-7{Xd5a1Ez-7|XrEF1TcrJ9qJ2m4Z^v@l0TXR6#lJ<`
zArq~J;@=|eq=|Nn;@=|8Ve)4>NAYiw*3?7`BmXy~U1FlO3=Z@?8gN!PVN^%4O>B>|
zfxFz^ET{HTQyyQr=C?g7w!h1uWLRKHL`9xLRDUfGP%Tf{qFSF4u0eMJD#RWYtfTq@
z>Uf<k>O`Gz5^4dc-|SJp>L{%XL+!Lj{ZJ>|g*E}|Q+w1WI%)}^HrS)e>xARb3_z{2
zN3GORNq~C69<{VixDZ_ls1keBd>s`6s62broI2r5w5KyeW!j^r>!|gBy3Zb!Rwvww
z769sYd(>?@YBHdP+oRMv;b1fzP;vICSREA!s4MJI(S(ZBPG8PY?d(zEI_g_MHLlZ7
z5V_PiEnbou?~RwF#@pg0sZouWq{e~qlGJ!ryd*VV9xq9aZQ@aCY!)v`jrD_3hZL**
z(vy3j=qHWjk@00u>GTnfBR}lfk#8(CX=5Q3;?5e+nhU8~5fl=h`})3#95^QR6uv0q
z2)0d;H-hB%GOVZYO&LJ29g4iMB|n&sJ%z7IYl7`k<c&J{#hmCNd{_SH(b4eC*A)=t
zC$qhW@MYObFinvaD&#k_f?$!_iyXFu$l&cVuZK7)ozp|8>2i9Y3kvjsac<hSpd!0f
zi8wDEf4y{G`rG*^@;}+Cdt7YOpLXd_Kj}}k`qQ8K(|P^LQ7@ia>Q8O-rzriYyZ+R>
zULUD^<ZQi8XdmCaQdH}uEAiAePUkk5m8w<fST|hDBS1I;;IX;!7{ng+_h;X0YtO$d
z)U2;ux74El_FP2&ef7W4S3*!1ufKZ&{CZJg`OqaGd@@1RG0NXJ%EPTI$b5xVm!M?~
z1Kr*PS3%!4q{JL>3F+gwI)`st3Zhg}c%Uf^+gDIprF1m?#^Ncxn9{M7c9P9W45f2I
z4OyK3Mkx(Kx~FQZGW9Km)fnz%_f%DZEDg88bGxW$qyD6H;lawZk2`c^jTxGFmr3j5
zjjQwe$46zj3O|Lb>%^t@WsPajC$rsz>VJwi3X}gku+my#N9i*031CL%JLf4*35V@S
z4C#x;puQ*r6<K(<Guw<TmLmUE;w{SxUE;<gmTB!6moUcG!)0_6r)H*ke8a=j6RL(s
zPS5iA4twJMbQSh*u8=+0THGC0v3aJEqFl;(4t;n@EKWHr>jwX@t_tjSoT}f$dpDdy
zHR08P{N|dqyfoZt4@9l9G91l(f{<sSu1kViaotii)&j42W(a4n5go7+FI<*u)m0nX
zUaHmfv?<f{TFpp<xVMFmH8ZMIN>zdoN>rs!p2sRdI3;V9)>8x|jMS71oBFjFh>2B+
zJ9-}5idDi<x<ps(sZb@Zgi69HWQZ!|Nbv+K@!DnO<1oESQCdbjUZtw|4k`DiWmUz8
zL)F-5VgsqEQJ2M3mm*fQ4c4V2)uqI?F3D7vRH{on_p+tBB=h^=s4nZNE<*Je4|U=C
zsS4!1TGU08A`e#L#mfrW%JI-?+N<I6pvy{|4&4L216AYw<C5xBLUn@p*zK@Rlb*vm
z#n{%Vj$%3~RHs-TMv3YKMD5lsSSOq%mgq{tSf~?MX~m#Q3-5hqh-4{PVI^L@tdKn>
zkFuuixRg!hWs}k#PD#tjm=5X#-Z?2v#IIb;K}+zyEk67ClVae!Sge_9@w})a5I8np
z)6r0_(ACbB;?8FFhHX-0!b-e4S)nVocqlb(2<Ij<B{OUK#Hsf)ZaN}w6Iqtd+mCG0
zxgkHdtI{<4TB8B|E!B^brccY7c5Bvjwa;HHFIfGEr{GO}j;f8n@)q~I_uV)pD~vs4
z6~yQjbkg0ycs<`qZOQCt*3Y}u!iuaLJie{mfC2h|%Lhx_!qM7R&{KNy&pEPNv6Z4x
zLQzOmZCf#)dVRlf<;w5c^l?`x-netF!nqVM(JkNm%sv?_g+Q#tdzTf`?r=?y76YFv
zOHZGe0_{NRoh+~K6wJtMe89X4OH~+5&l6mQaGj^97xvAa;qajhJwRBCAszU*i&lM3
zY(Af=hX_MGSLo^1veXv(d}~8Gt3>h2!7p3JGzds!qFIbVN4>toYH`0suf-@@@5{KQ
zW4MEATqMZk6`#`7JZ5sJGa&6+haW4#OQm6)@vEqPINrGQ$^Wh;#+x_p=2hz3Y?P(D
z72;-SdZC6dT#YRc_eCpt=(^3>U(X)0?r^zL-gC7q;87p-7)a14p|o}b{f-K@O2(>H
z@hUU|6a)8HD7J&X>vZTJa(o=BcWo!_wl=I~;v-;EgudltJ2uSdK3+8+o;70E-5TFO
z*U|lV^{wc)hsjb(O4r`;u3L|39;H}V*Rn3#{|f7}+z7l*U36KV(Peyxu(C0BSrIje
zMm2>rv@m?62yfAbE;~Y9R!3b{M_q;tH@`hf@3Qsu!f?6@dp*6d0$&)3p&8+VZ0NEh
zqRXO#M3-%&wvTRvT_(;#V;f<Y!6$9HteT3&(|73v6F%gipou(2pZ0PqE*yRLlpZy4
zI`1}q13GnE9d%o(-fc^+Z=l=g&OayhlN*z-x1^Rp5dyCI<J}f5MQ@h6t;fr(+qSmH
zd*e}v8WWYnX`qBT6NVjDN6nE;^{k`zh1VD1rQy(F{Hk%V#78>~)>X)4^EW%|T@_7d
zp+)qn=pcMm48E!ayQ+e^it|MBDE1VDorWe~Og$wIgI7>b!53|MDv64%7MG<5>ECg{
z+7u1eJ9t2|pf&2ai$h}<GHG=Ah}Oynunv0tApFYqOL^rHoWZQ#l?C|3IEqN(b<WYe
zarLgkXLx3L1h5U8icsyLZXGx*+JI$`REzsYsIw~-Y>bG=AY92=8#bRG$=j|Hb0I=t
z1pW}PXcTM$U4;*_-BZm<_*njRe~h#-gWfsP#teEB&-56Xs#)8XrrVU<+!7Qh0Y)dY
z@{!mVh*=hkln}jiYXJPswv=Z3T>Zp@Hx<{Q($8FbvNr}pOm#?&$?r*%PN#V0t3k$u
zuH8k&CdkEJq+&&KvDc^=Uz@v7u?)G`QYw}sXD$;g$eCQfD-P6n&ie!_kw5uSkdP!r
z&NhNAmSNk2gzzkKejr$>466<j+Xj*IJHb}Su%iS^)^pBKPK=%t3ZgEXUozC$8-e4I
z#UWR~HjT|U+u--i@=w7LysNOuUu>8?+ekiw(2of^F&YzUdA_Hr5&V`CDu;JgYF1x}
z@W3$>Aq)wfl$wsmO@wAhh*D~HnWEh3P6Yom9leN)n^4ws6}V3@rV~!sp3XEjorG{{
zDxQticj|0I+ue+Z82%AlnXQ-<<Y(~!ZW_`;O*988$Zthj6BDfw()uH<m5J5@X&sQ(
z-b8DQwEE$k*4ae63~2|DcBP5d4QW+KyV^v%3Tba5ZGee(Ez;&AZHS3>J<>9fHqt~J
zj<h?Fc8iI2Bhm&U?Jg7TcBFMe+Px;)Sfm9b?Ew=l9cjNMVn9I?Z7R|}L)s%I+6<(<
zjkGx?+Dw+JN_3-)K1CT)IjmQ>QZxRzB_h}vG2>m{3?hP^2?SiP0~7%Cwg9d^g8`fP
zB)FT2xHXX$OpJ_K517j=n9B*nXT_%g<Fa5n$(RhlG`C>fgyGYq7cl2f2VxvDCK@n@
zEf~nrF(H8Y*@CH-G1W~N=1U9aOBquRm~so|V;Qp;Fsm$>RWc?EFwa{sFUpuCz|6B?
z=E<0zfO*7%c}&JQ0W-;hnIvNlGC8^CP7CHv8B+n65j^K9u3r*o`~964J=;H_7+WPK
z=FClu)mKn)!Y_1kT3us2=7;^F>6o8(UjBKyIFEnl1t{eTY?X3!-aqjLJnx6M<9UC7
z2=#T%^?2S7+1lLhxHuQlk}C{vN7|TUfWOVKDCxK#w6eAiX!;6p41LGmPp~n_eVJ#*
z8JV$x=QOl^o}W=K{U)PW7u1Xml!qkr9re;L?*tRFYZ48eIj{7S-6#wiAhKF_RCISO
z-uw5qM(z0NU!zzPS80F!8l?~&loHwyM(^`e%^$o+s<fdW?d7`ppK8W}e%Du78%`c!
z?OIcOEci}tq4d%ER{Rx_^a@3P#X-gVitk%d_$=T%j$Xmrp&VbaOu<)t_~BkrN7zVc
ztGZHfHsH9F60nWe7E*%OWiBN^ouoZX3D9I|lPLkJIxU3~po7$Ip#<nywM0trhK=ot
zhY>m2WyCjU^>UWIh6hyxiBk(|C50OMyJbg1!mNve@?t9_VsDpoiBtPbAfebtEu|=G
z8>4U#N78Qv^zOCS@CL1olUuW>r4(eXHXk|XubA2rS`(5WrfMlIac>q)Z;T;E_-%DV
zh!`XGu|(vT8Fp<c!oqbRSS-Qf3C0iG&bvjJxZ`ew#S=^=7(Z;==@wz*z95)Nuq1+k
z*s85|i=(?`1mk2p-=LGWd2VrTH^(imaLaMyAtIlD1~N4JT^Ib6-L;@1`*Lnj4d(;?
zT$bNSzt3%Sm;LpgxV?BDw(|h~M7AG@5~oWsT4y)@el}nx>x9Q~aA(jd)=xDz=})ox
zQycy1+<EczgZ{Khe|pjI_T-~>jf?*f9?=1*Jd{<H_Qr<2^%wG2Jn?&fv%g}YCH~D-
z7m0rp{;%SLbQ8`j9{=s!n??1HjP&}4M01CgrLlG~KpOD393H^`@Pa`8%X>A<zxUGr
z%)guQAI|yT+y7tk|8$L+|EKc<`9IsUVgBc}{m=ZzGyYZ1f2V)T|F4>v|6k`=&Oa~0
z|L2$dSAW8d&ryUO$)E4`YyYu7->q~0qd#E|e7}?V```Eb$KO9NyTR|9{Z+U^s*`Ko
zBs~2+!}htAL){Lqf1ro1!2|bpum8RP|EKd2iioBl<h3NTyjDl9DjBRsKMWME3Mi?a
z_xkp0w<;*4x#^^ZyHkYoqg+#Tiwthp3QrTn+Et0uIv(GV`jQMY^UyP72}xd~qnZnY
z>u=6QFu`#G7+kj<*x)^Bqxo$`E5*%JEvI1^om4Wo=G-r;cW_LR1KH4TrUFJ&g^HS#
z(0Dc{DWP?RbFrbP6gL7k6aEXG4Tf_E*!nMQYK)9lAfpopnEe+xqko)7M(c>t3Su-F
z7)=&RSyH>=ft#du)m5xwHS>w<5k^Nf75)nkpVb*X7H99j(3?0VXPfFcv;P9;bO>>Z
zr{`;pE2?;Ck-(F4ev)b<q#ITU;@*eRQB6dXZa<@QIw{V!NndaxqqNOPjuY++Qj<P=
z4jJ7=jOsU4@kk+ohv9&*I}DdCB!v4?W5H-QgVFu5wv09<M#;(Ml4sG$CSGRr$XR4m
z4MsNfo2qyykia8uK-e8|%cdK`eaR_)Rgaz48TH0C=)Uw|7&2Un4EKvQyD@Nv2NT2V
ziQ!UWI2IU=4LrvNgxxu|Y+F)I42Ox9{rr^9@aF!uExWf7GD^NSUp|8^8zZ;u(`S%T
z_>6w05Bf=9G$!zH8W47e)3VWva9?U9d~LcIjP~kp?`z{FPRZA%Lw{`2X!5ne-~VX`
zcMJ^TRU&r9S$Z@#jtM-y=JT1&>9uT=Bb=B*g~Lr&9V`i)-IuRz(BWnkUGPQ@H^tWq
z_rO*L*Vi(xxjS8`5ypsnAOORW{Om|NTn2>Q;W7lM$)W4&Ld1yu?4;hVU9WA>@uov4
zHg6s>+JYDjmq%>zDI5qn#AqHd%9k##amYi)N(G}Uq<i+nnJh3EET+>d4F*^Cv!70}
zA18D7$|e1TqeEkZtrK;~mKKU}f4F<48-qpp@G`$jJhbFIg-bW<i9<*7H*T^3wH>fB
zZ-8Gw8920QiM_}fh{r!~3$~YswUV~d7C67Hv<05gR@wqjY%6Vn$F!BUz&Ev(w!lN$
zN?YK5ZKXYWbX&CbjHFB+ioA7O8yAapY~X{vA_y6-LVm}J#baeA<(j=P3WCk&Hii!l
z!6Qw%#lhzD8p8*N;L)bsr-RLBErt(HuyoL&=PnI4pSc)5IKk2>j^Tq7Y(9H2;xPwH
zr#X7=JHh5N7@e>-SUT0wb2kv&;#Krvuynek=WZsr#jB_?SUTm=b3Z3|MId}T!Bb7S
z-x1t$3)U`zn?0iT1PftP&OI2+#a_wbrct27%~LV_LZ=Ne=ywAnPQTD;Gwe$`N8*J}
zOJZ$<_a3#s0cp|SwoWbG?JqCdaKaYtwfBtKbJF&cId!(^CZ}v2W?ry&m>G21_T68e
zw&nZgGhAKi?8T2M7MPAHp1>oFKYDW7GbY+Xr0qc35)*AP($*sFB@^uhq%B6;G864(
zq~#**O%rW7(o&JO+C*E4v|&hl&qR9%Y0*gAV4|%<S~H}5Y@&UDv?Dz@ZHtLkfwXUt
z_KAtM6=~~{_N9sTDbki8?HdzqJJRxyw#!8O7HQ*=_Oprh1JYEa?Kjc(Agw3TelyVy
zAkB@mKTI?YX~(bRw4)~4A*AiP^1^;*<yT(7&y3MZk*1jZcFrQL0BNBnn#1DL^Zh9i
z{Il872&JYf(3@udXQ#xWSnUx8D7OGAbik(oc*g=*Pk?akbpX6>0j$yiMF4ow0(k9|
zaJIM~08d*0&*^~S0PtG?3kVRcbp=4a1@O2I2mwHj1u*NBxYOvsVFt*s0J3zzCIF;a
z0F!l>q?Z72j|DJJ2jl_Z77O6cQ^FA`1pp&0fE#td^#B-b0SrGS+>bf}puYt$PzRj-
zlL2~K0N0!nPDeihAj$%W)&Uy;(9Qx7ZeGdSvjDKTdCk8>2jl>tkp<BFlyES*0|4g(
zU3BIL>40kiaLfWYsk;?j0sxJ>?^Nk>-s)y3=dEZa$$8H=ljOW7nn`lr>}Hajm(@&?
z^X_jZ$$57*ljOWn%_KQ5z8T7SvCSkouSYZCnbDH%kP_B8Y8x>g6TxZ?PDswOeTbYB
zuKmt;CMXLV6gnsQA^;w#eE@LZO5Hn$pNlNx?_gUiZ3#Ttc<1orhgk%R(Xt5^=$*rl
zACd_ctKCSjYDL~()A2(eg2ijy2^Q#`!%rZZ5KPq+f*nz0{RbVz95@+4hZ#SdL|C07
zD|G1irkr5O+Pef(ObRNxGiMROQZ+w^Ez!yR?wlD!o}f*prwr|0zOQ)|b$oHVnWU9i
za3VXhpdvd$wyz@ppkYnGKj;9Qhtz9TpTdy`^ij=3ejdReCmD~A7>~Kequ+QeHXfH4
zk1raJtBl9DjmM9S#|q<dyYcvy@mOs<?l&H5j7RiYs>0S7eS)<HtJ)u*L@5pE!@n}?
z!`n`_#DBcxBJm&3xBn0E14AwpKQNZZM|{pMblSg(AJ{gae#0kO;-9s-Nc^*N|D}En
z$45-M_rJzR9KOR`zZnl$;@`EtNc_9A|GIwvIDV({@PCcpIb*xIe#<6W;y<>!Nc_it
zU%!7mK36aPuj6ysm*)C?Kf!YUL(7ZY|8VC2zwx;v?Z1xC@4qnDuaTvGpSv$||H0{t
z)Q^2n^&R79StqrtZi<F;EEU4={-{;=Zo^VXO!se?&Zl5~8|AC=_`Xzq=k!(97ZL<!
zJuyv|fLRZZ*%6!WI$UwgH49W5Rl}l^_(}p%J$POu<i$W9OD3|iXcniI^}UAw3--iq
zcjb2tV;?K5cNIV&>XF4E=QyT#P@cBU)j@%9bN<IzBP2T2xT>u5KA)&no6xdoQ#gE`
z+E?}Wb*a9-O;ukTmp{wp^kp@59&=6ey4>vB-llGqWk#wjHxgKLxfyG&Nc<8jm|q#K
z=5LHv<0`Y)@y~Jd>$<x3?ECk?|D87!hkUFShiq1TiEav}?Tt!Ozp7D#)jDt7sp;<8
zRK}a0&b-A_JfdDL>*`q$1^-h|)~KxOH)?~`uTHCuO<u?8tR|}K!%x-xql0Th%i{Uo
zy#mBS^&3qs{Q4t)P~}QIf)dM;t$XWHTgJW{BYmguMZe=J7z{E3eXFLw1KYdsMs9`5
zgexVhqw(teeGc{H53K#2YJOFncKl>}Zq2TaDm>vTc$)WbEf`V6f_+kaVxL1I*j-g+
z-barzNn==4a&6-hPyN<Waerp1L-PjpR&tKs;1BtO>we-6XB|`vPh>YW45gZw?8Ga*
zzDljdfe3sPy|s3=(dGdR-g*)`>1SKLTl9sZ0!3XYx=<uP7GUWu@EeeHQ5Wf;aP9da
zioyoTtWm{1D<N|A1Q8F)OFDP6J$s@*-R<$W_4sde>K+jMS9SnY@K9M-IO`C8%fMJo
zt*Uaq`<4Pf-uy~75FESIvWdN7Yn{LEeL+3BPwlgbocUnm>ljg84}N9Mcxas(FxyQp
zf#+~ncso`Fc$3#rt!^;hupi#Qm8;;m;PLJ7Y}CS3-*$E5;bz`GRSCWw33=7C5?$*m
z(i2=$E7D!56@R%hDwK5iPa>OtE<eeBY|Y}*UDI}?yRyDYALiQmX=33gS<%N5UFBbS
z9H%{(|K-`ZKV*1ZlsoI1MAq}^iI;zx==&;r51x;+Qq31Pi&3EDC#+;PTS=-|2fICN
zs;OOCGSWZB%_iW?aCKm2q^kfuxlUq*<Ns!|ZvN14XH7FM4ClfL!1tPO2w*mQ{Se%6
z<AIPw-}sJ-r)pS7C;skpK?Ta~YgzeWzVT71d^SsP%?k5WjlikOpY2o!X1lX)_xete
zJ8`3c2u8`neCceenKhivDZ}}cVtxh8Exv4Lt;$4fHfipKLkG839$Z~to2r8M%xEU`
zcN_{In;bQPdq8{ResL9k3X^c*LDi4LD9Z_9)zgl*w^80U;b-}5hRm<n<?*o!di@kE
z%@`H6z1gUM0dZoJBkOXw=OSM9HQOXA16Bp#j-&4fiXYYuC3C<gU=+AJ4?kC5U$YI>
zitmJj!Q%yg$DL4*Gi)#0=(UFNmuND+{7B8;>SXoI{*~J~N)>e#wgv~4w)OlgH_%rS
z>WY)<eK)hOtf#Le)D>2^=8vlvyYnCSfR+MFUD6<LuKC-~3q8}TP^tp$I`>{`;|%lZ
zr8dqm?_JvPodA!Y5nK&}_vct_rDy4YE&#}|03Ol-K>(P*lh?%!h*7j1aeG9#)?_VY
zAap&pT&=sdQElVeu-Z^Yu5C^jx0YH1TkFHx`hovo!VmtdJ#CU}p4wZlFa9eBa;3Yr
zwmeFKc+Tc{2Ekx8a}tCNzSG@%#GxekQ$h-Vay@Y<41}i<Y)D3qVgp=bi|Eg^!pCdB
zhIQbMuHsly1Tci-(S-b2A&Tn>bk7O7+gsdsD;LBZe=@O5_5JSk;kLfE7r$Q>?0Hm8
z^^IaLOmzCPnY{EJ1YiY0?Y<Eqp13Wp;!Y0EOY9BB&Bm)6_l2nbT&L5Y<qYx0{hj@x
z>O%zp93^{w$5h{FHg8<<jk><Bp8uPr#%*>LL~{e1pVf`$g4OkJzJdQ#*V~$!f6f6*
zNB$1BbPbAD%WlJep-js0x<;H*9h%oQ<dh`gu=+RZpn&(USiJlSRKnx)f)hCV9jnE|
zrYO)!2|n*ux7T-waU2!tjXRmu0}{SE<30qx$|jdlZkJnewM@jxiPhd4cO?5DN;6j;
zY0noZ(U7AYe|lLf`mq&jcJN*DA@3E3tX1<um>Q5D{o+XYDe9*hk5AJo{;sbdRd@(y
zsKeUk!|my)XW+1?99IFq&;)!@KZY~yJ}0zIKcEp)ReU(VpGO?7b|lwySa>}sQ+S{T
zJT@gRk)X!A^>73Qx+AmlN>mD=X$YpP75wWKR!QMxJ9C-1C+NB#geBFCanmP`o0^qr
zx+iD_xs!%F@W6Kh3g!Jn@gAB;o*hH}mWH1t8u*6BT%t&3wxJ146y30vOsE{-R;@aa
zY1x!YE$+8@f_@jxN$s|M5w_-49m!=>%i0B!QU;t_cYjRx7&Th;?-06y2FATVBLruJ
zKj)&8e-YI$p3bQ$Lb2I~YUKrNsFskI?dYfoVLb8c&Ita#NN8Ke(z0CLf+8zz`c$2(
z8C=W)L6-d|78bq?Sf)iZVz^c*?od_=T+^92h)+k(K3{9$Y#xIJnTIjIyC@t2EJp+I
zT5oZ`?cD~jh8Q2^M0sKZ@(xb&TD8W@!TQ<ND3!fi4;;dcv_MSo^01wFt<z)-!D2Sk
zT6qC8EpmEbZP9^(4QM}pFNRq9^l4L4CSG$j8)6-q)HNkzatg~b4Y=H39B^oaH90C3
z2V7+k47j!20?X@*wG6ln{?X9+<U5~-$w*2T8FpLzTBpT9WML!OZ?Pu6C0)AK>ENCS
z$);-w+H|pMwHIa*!Bj2QyS0z#W)dk=#%1W0sSJYc<5{TBE~-y5*5`x+>r+jZ*wL&~
zUSFzSpK7eYtUjb~HP@%kFz@2^aRy_3WHT>TpE+q#ecE7sxak*}R;Z7lX$4F)8^GkE
zEDZuj{@xT#E4Xs}y1(}s%JCRVaOHRxN^lGRwv^x+^2U_l+TpXu_tjekwapH@!}L!m
z*J(a@r(Cm*!FQBvj%fK4<(dr)_EE0+EdDpjHCq=P;<>qC_6gqHtNMy0UpxM+X>Vg<
zz<HUy1y+Casl7LcpW08$iPhERWpG%%VK+3*G-XeHZC3{Cim((J<^tGWfT_wJqd7ke
zmyh?kbyPePi#|VP>*JYl+SVoW_-Wg-_RKSO9-%c;&e|TTcR9yp#Wl_Of##oze4zO|
zm-nxG25HAkw8Kby6lrxP+Hs_%Anlxqb_!`jkrw2TY3GsF9cf`ES}^*UHbq)96U~XV
z!_7FYrHR%YY2P5Nt%=sk5qMzR`y7g?VcOl_u>OcV7bwR@>3{(MxWoczrvusnpos<0
z;+(i0tL|$CsJFy<4AucV0dU*`sMF&;t^+`g1#n0QECRqD3t+zv$O6DO7Qo+U(MyXD
z)+E3j;5paz?ZqVa%dXnPT{wO#+A9wB_$;&Yh&0Q5dPJIKK0G4LGOLeBv&<_;q*>-^
zmVoejo!MJqwwv*D1Q#3j+=RDoRe{Jpj%8xVykzY*_6%2iRn<mPk)c%NO}WTbdXZGE
zGkfM&hu6Rn69e=)RI~HKPyBwZ-4T59y+eNIkGtWWHLLXk^rTm&Y_~X2dz(Gg?2tam
zq)S)99zLZXuI)vKIZ4{%yYVom)9NU;4XEXBWBZ#(#Z~Z*f)iMzcJ(jq=>RU7;78t$
zLKaYxNZ2io1^d&JTkEx3oB?*(EsoUM>HN9iMbz7#xIGkTuX8~~_GN+RX~+NESMQBG
zmVFr8fuBLeT%{04l|LazW051we1|eUEHm9Ueq6Le+;@@aE~s!7-qTo7iiSls=T}~M
zV5jYm=GR-2X}=n`)m3m+W0=S`^8jtdkA?@_e@1dur1nj2xH5{Rq^MLbt;LtD>SZJ<
z^9Vt3g(FDsal2fFPlDu5+7Py!bM?z_s_##2`2mpCL!y8XU&)p|1*j9)QwA46;KOve
zBKLF9mVFVS!0n1@(_wdzJ>_2hepP=z8q2{;V&D_p#$t&6k-+^xx$S-c+)253P&Ss!
z3t5ck;?QMzv5NLvaBGMp!eLCLjQ{xt9<PJ;5#mgit1<Vw3g>Yzj&eL5=F4Q&{`SV{
zvw*!6icw4O<oY+^m77rCrjl5#H(3Ef8DA(5X~G*QtEXrxlg1KY-5TK_&%w{D``b(F
zJpk_E-{#jl@YagwUu9`2s5{_p4pk)cN65LGa>DhTG=9lSnj7?*e52!^67Grn!&NYj
zEypE%$TX3L%uk=ekQq05;<(I|spDYCu#SzS5yLkQ@`zz?Wup48TK2wwIbyOtvl}sQ
zJFFunS|2g)egD@HGg%rjduFl`^Pa;rVp{yv;D`we3LG(us%=ILkM8s@M+^uQ|6s(t
z<S>nxw$*_n=3C{TjTp|GZeI&I`xRL-g&YuTJo#IkFiHx40@Wb|hA?ERCS0cKtkfK}
zzp8Tps^!!WtLOu3E_hQ45hyCeDmnoM%m9Q4rG!{TFK)jB>P8a5b_ZKUH^4wVQz62w
z54MVa;+{_-0zQS9nn27U!2E)k48$BXiF?&Z8;!KzOtb@v#a<3XANI4^^9frpKe32T
zwM70H$a^g0Hs_IC3gj@$wWJ-1JR8Vv3)xNNdx0EmAqNwAD3DKBzRd+DMvelqW|60o
ziStk(-v9~S^gC`Z=sP31W%(iAT3e&lfh+k!=PK;Wb_6v;O~XvT5jOdh?J#@k6dz{$
z92b`8w<7JRiH0A)?scRcH_?tDtr%%1O|)Z3dk|@-O|%n8yUlUooj@GY6q96r7HJ)k
z7HXn7P@;Dr&1s^ASS0$JPhrdZt60kqvlzRj6L~U_@3fHT6L}Pn=UB*#iF{R+tzD#_
z$Sxqyw2)^K`A8)rKWHHzJ0}blw*%myWz5}FhvioTd5Fad?_DB43FOyUg5L%KlVNiv
zWN`y^5WM8AuDCSq{8tfNJO1=*Q3_?oYBgV>yco`Zxca?mU$g9*S4583-+l$cacxIA
zuk7GHilY7YK`!Q_iQ5A4+S)r{Pq8p}Z@sSRpTTIgBjuNjw|Q}@{^Hw>7e{MxUkT~A
zH+uq!Rz*|{;Ul%SRL{3wmFnrx%bnbTPm$W89SAHmfRWlR%FK8b-RyTgy0_lm{_4eh
z&GDGqj<DE&9B$vR{l^a%w~vr)KN86H<9h9z(IE;ymGwW&Wb3RJY^5LfP^?l0VgLBu
zj1dpB)Eb5EW?Xx!m7S|~fW6M1aRK+?4G*l(?mru@&*WVV*T=L!sDl8VewS-q0^c4K
zw&UA_ODhxH4sk2F>UYrfD+*qW*QXuDlpfv=<pxB>^SkY%VYkDb5hWi#jQ(i2(k-U6
z@Kr0Jw1^*FL}?K}I*-yKJVp+sw^2HS(mY<JPXuaXj8Qt3(ilb=gJrV~juDSK(o?ks
z4>wox3)bZQjuaAhu-1Dc$f^)=7yPP0R#nT$!5UoCI(p-(U4_rM4Vg7wt*U_UfI>D>
z^*3{R{X?A)h&PtC5vn0W?>^rj17!qbSV17US~97Vj9Wp`77pjI(b~r!IY@oyL+8{{
z@cRa#HC{M3fo#f4S-eNf?E@sY(Cc@-c2h+JKW18=M*emlU*csLVmN(zS{h4*kAfrT
z&s++fxnPLZ3)K=X2tY^5&|g{(z_SjjWwcbwJaa97_)zvTEypjAs~4p6sCs5!({lTm
z$u7Nm*J&9aQ}xD8*Q?hFt9Rezv~ha%8cEgL)j;*a*_Y5gFtpi5tX?ElFI=x4$k0aJ
z&XvoKskn{cE^p9@IabHia{H*sMyCzZp8JSu^@yd@GABM_blS)kMy+-<P%Ed=X&?0;
zh=D+<R!*r_8B(pfQ>_+Lt%T5@0kz7o`mdJTM_+d9wHl~x`H<Jj<qqAFg{KGn$F;P%
zQHgC0R056w8et_?w~s+HYN`Z~L?tFjmALl<tOWYBmg^w{Ch(o5)u*-GK47vjUkuRd
z%f;_0OYfSF*fsaFEWK+EG&5>d(Lk-hDTii_io5#hM;}ltO{!I@RI7O#WCz%CJ-$FH
z)GF2L09$VB04sG(oOVUI=o&Rs>Y7-o66+hN#4e+2Uc4?=KhA+l?2;;xELEbaOm>$o
z*Fz5^LnV@}9<$}P9<$P~CRQ8&f#{m)fxjAzrcPax+tjGl>IP~BVK?blGq$o1`e0M7
zwn?>0l4^ByJ=Q9@5%MhJ6eK~dctC|ztVN!vRS~93s8&3pEji9Zt@>+EY!F@Z#e=f*
zJnx{-niy4C(Lhz;CKo4G<+?%GK^0V$^-@(-sVd#5D%+?kB9eg$RpB8Qb|C9VL{;iA
z4e{mqZz{|@SzoJdE{iY+gYTr4Wlc-r(Z@0TI;&DEDKva+82xU!JaTJ{>d)j+;n8Pf
z9>0`UTlJmUQzJeMXV)-dYXYV-h^<o2mJtKJpVpJJWr=|f%q(eaFr(4?;3ymgw=SSw
z2ID#iyzEQXk229$Bs7a`0Z<PVdI=>dV7Hsw0{Bq1UrG1g=~2$n`T$}tzpch7nrCB#
zZYSU+TNMhK4UgKxZ<*U*1vMO`L7fC2D`GtshV8bRt~c004kY+@EivA_%O^L8ILusy
z3_dsX!f?`0MdAyqv2EQjw(`n}KgK?soMRwn*fv2#WquKa6ho{o3?(=o1>G8mIi89s
zPW*1XL;sK*<-D&p?fnRIlylZ==cFj-I~+8>=)E@OfPJs+!fu+`1{u^a*@==zkbyeU
zYh)V$mk-O4vK=E>Z$1Ap@2%J%>aE2_Z*ga&&sLH{6SYM+RdNS4ZXGsmyc2sXlI{wL
z55nHUziWx%=Gj$xZz&XoMWq)~plHq|dts6j=N{^<STWc#^xkp@VY4SYv9}`Wg%h0E
zTkuJn-ioGT8T4H;l*n_M1Ds!@ZG0~R0-PW3F9$ehJ$A38=8q4exl`}45BAyjn2I(6
z^T<XZ8I!#znTkwI2%;XNP&PRMJ$6$f>#>>-d5^6SJyv4$7&n1y_a^pOJhexW7?#w)
z6R?3-Q;(HUkFDl#{u<=9`L?ZkXJyd4*3-K(=v_JZt_tj|Bh*<d&?*BjPr=U0qgLNW
zomE0F+(n%QpS0<$#Z;`CzDp({@F5482IjaofXq|oZO+4RJTxg*(JFs$rF;Mqgtz#*
z&RcF!O!3XRjRlWyj)8Xk1rafP%Lt*Pe{&Vi=b7aZAVZ`2`I%3+_B+C9z_N!>eDi8-
zi3o*T#vD$lZ&Ou?DIV7x?NYD^#WjBzbhNK3T-nv;Pp{RKv;Gid4mL8cXPLkA%tRw|
zm{}_{1uRN^e`=4ejZkV*>jR>i7Xm32NICTu1u2zG05V)zWsYYqNBm~3^JuW~!`43f
zdLLKuuXad??0{$#JTo`gn7y^fsn~kC*o=Uv6g=}WDh6wVmPExW<YEtr2oG|mh}og)
zIYj|MEU>5Lh!i~M*?`~`JhN1eM8R|32nbriGvARTQ1F}&0)kcW%uRCS37#WjT5OYH
z-^igTc+SrR+abda$}vlL&YuL^CByy>2v@>0&r)W!oEc0m2Ssvb6S|)_Ue9U6b3k&#
z`07HKD~@nbg!M>0!g}msHsGHLlXcy?^~x=WAuM_#g+)(PKt@ieOzfuAbU0$BxRBCa
zsi{74p)yO3nkjCiL@PBT{xVaVBZYAgeC$GH-a2-n?>unaOlgIbD;d|Oh#f9oO~&$0
z`-^l(ov;nn{>MpMyP(JM0HC_Y3$6N=DYn5I7{6c((roW)U4gW<CfaJG%|lwbiMAeT
z8A!8@KQS6<pPOjgkQR%yZ%wovNQ*$)ZWC=6(iEf}G|{S&c2M(PFjmAiq#ZZWjv#F%
z($1P_bx12gT8Js;1E0?GuggMOGZW2;v}B~UG11&e8-%n76D=HRkw}X&(ISx+g0!9{
zS~SwM-#D$Wi57#j&yhCBM2kh*YNQP_(c+Qz6w<sVnu@d>q>VPwl8`nAX=6;ZWTeF-
zZM=z=YKfuo{wZ8`K3&C@oi{9}BpZnQCXiQI$g5AGAroJQ9$#e}0OKtgb01)qSTIWo
z!`G$3fGM_MUXU>zR@oj2JwX`0P@QBlb4{)VlPhDs0n7sy%oG{(Hel|yVD6SNe!zGv
z7_W@EA20(fm;o|oC}5&3m>x2w(@NXW6zycpnK$8()`DpwV|D_j&T_C-S0`cC0OnT<
zrbfoh2aM%n;rTmd%p|~UwP3c%m=S<kXThwKF<k)jss*!L#?-&TFpDgh#WLn6z|6H^
zd@|;Jz&vEZJR)Nj0%n2*GeO2o0}Nadtc%J_Kz?OPtWq{In9hZk>}{o=qQF)Kju9^v
z$B1?2Nb_Ke_EXKkAl)1eR36$JY@5WgFU4$#BkkZ%5dOOgJS}|hMQ|AocF)=$-6=pi
z=MRg1%(s?RT1F~2J7hWe0k0TNui#htzD}>;KgXW<ibQ%vFZ~sb16~nKui#e$r_(F=
z%uutIzv43mU-5g2Zu|&4C+){7vTB6H7nA^<g;qfc-VAFf0V*hM86|j3_-84>W2DTZ
z1dj<nixNCg%5+NbKq+aI;DJ(-Spv)zlPHtNNEu2AzUAw-Ho_3fuV566`wn8c)`Vz$
zH-BzTgdv72{1v!C)DNbLQT?EOLrAW&siXw&wNENh3{NJFKq?gjv0PiS1~;FnM4UiG
z5YM$)YlLNDHo+zkEQ4VD+&6iR2t{%u!7>PzLogn(q|X`=iljTiatM|uDgv-3YeXm#
zg<yFE6ZhtUc&;6ISJ+Sf@Gio{9S|j=3IHpASHvrMmtZ9XTP*Zb09!<`9L-O##RMxQ
z7>MWE)OWF6K`htCv4q#ZR!4wXu6YT;!^{kRS6F-Y<4<@9=Z!mp0pz0!DzYQN83J<2
z-`ta5Sps9H&DMSOp13_2FXfp+-HbC{`~4j><D7$;eSWH)kG~+;DdN+e`qL2o=`#H(
zOn*9XUOauSKdsQ8p46YF=ufxnPgm<t9rUM@=fqR>ISej8YRumH2I7NXHPn25{eAbq
z^XrHm4WD1HEc;jI@eRk9AN-^3q5FmTpE<<L|F7Kw`5&{rVgCPE|DX9c;>*wa;a~Fq
zWrCUiYc2dQ`LbdDd;WL+jrj5(@A{YgUlzds+^!b;hc7N-|M31lwSP!beP>kg^zlC$
z?v1O@8b?+Do~o@Fpdc%%5%?p!)ZzrT=dR9fs^(WY;eNc@+CHNS4`ny?-&|Kbz25g=
zU2T&MBm~@CSNQd;oe&KJR=pG2l$W_nZS5A-|EL?4S)Z;0Wmd54<m?iGK!m+e{&kQ3
z<ZZ}n`b%_$Xu)1zyUD0sddaQ4R)bZ4rc=Yv?E~Snjqa|wg?;z#&F~{GN;d3iZdLRD
zV4Zf88)`|OS=rrLhEvYy0dBJr!!e9u_uatfH$S2RO>YWNpnb$MhZ~uRVE@K5?>1_5
zm#NX_aX)L|o^g2XOWXp8UjQhhT=O&Q$s?PP%?Nq7MXh$HKx$ek`27RJtUu#Ux(b>)
z0tN!aKk<n86x99Wqr%|+5C2T}DE~|tA=#POfsNm550|Z@D(0}OFb}8sXqeu2)Vu^@
z3>zITz4okfiM1_EmF?&C{o(=7w<_SUkv6=PJ3@GTf6(V^TkG*kX#8o}uj}Ivm{K7$
z2V5<}?-x<|c)XAsJKP%tR?~ZzGI{i7fSbpgF@Q>Vv%sK;<^w4VtXSCi7{SB1guB*_
z2#<0UL7-><Lr&HAkhqr93mvk@>-$UltmDCYFed8YP{=SGtcJL^kpBi}pA!_K!n0mP
zm8iW{o)1PjjvgE4DnB>Mv3JzvJM;F>8dB6Ic2sf7(NULwlaRmP<#B8tTGXb!XX9@n
z#}ZuA9LI*ZW`)Gzhw3ZUxJp;S6TI0*N4fI`U9IHQczj1a8~23_^@p@j9d(|Q)jWnp
zu-AVpn>u!SHXaW1_%?es);1f}=M4J@d*QT@@O0OVPtslEx23yw))XFc6~e8R3H%g1
zz#n3i!@iIwzsg;BD66`r2Q;^zHBw$~RHQ@A-+5Bo_HKI^kI{Drwmutg*!-;1{VA-;
zkElGp#;5AW-<tv3m;ZQ-eW<1Mp^b$V*;gj4ck|N2m@wk7ML~3o!iubY$6VzVs$++G
z`7Sm8;W{O|QQjcO`Rsmb{)q6PK3}s$p6jVi>J>NF#pnGxOZDI3jxXxVMA@99>g79G
z>#L6KEMov?d^7xJm}JvlQ7~o@>;BVPv&Z*>tn6hpe~a4XC4A`Q*R`D9j?F3I+?hUq
zADi0S<gx!RP~*Ou(OfO=3)=^!CXc(!{SmGf_v_WktMEYf+D~t_hQ<n~`!U$>ZZ?lh
z5)jyAhxPspcoS<#@EU;83XzO_aN+G0+tf0{RezhSU^d^Xe8(!IZmbJd%f9#=|EaFG
zx2gH3xI#652ji!wQ{8Y4#UxVWzEfQzerGF{>KgL9S{!nS|6Cy+QEU~2n%V5}kCLx9
zW32-hd9$IwSU9cvnzi=$5|sr1D5uZc+L_>TC%RoNhqZRIVv&r|){(9|DiT~R6WyMw
z#7KB|*3D4fcPik%)0Q4zn<&-i@ZaoA@Ua$ixjk-H4zA4g-yG?I=mf5o32wD2Arb}B
zEj)&iH||vSCP<8mJD)X@eJh>fkGVX)W>FqrSOQxE5}?5tYd6swJ^q{68@*AHEIEQP
zHbQ?T8}IB*C$m4sIr5jc@f41Y;dWl%IJTICtm5oCG>neK7-F4jatFOG=0tBrYk%_R
z`oQ@}*efpP9d+E}tLMHWWYD24ewI9_Kb)F9C55{i`6gVZZkRDK?V*&kso5qE>M(LC
zkLEKM%!)PdJIF<WO>t^KNP%eC<9%3E68A9SvE3_Co6l`!u<PLlmZr#3s9*`1NS~Mn
zOjN~pN}D`BQ|Dy?d2{n?H^99fWt_S#;EA?`?~A;?NUtwPKgF!z9|}#sLXpD!hlWKe
zdaz4!O5u?M&<bHC|67U2=M3J@7cE5&=<rg6Zc#vv&)w2ux%Y~S&Me%W@c5UlI8Xe<
z1>!%hM_XT28?b(#HLyF6dTfoW{w;Zl>s|NrGt^GJ!|ofGnP%y*@*wQ6NWH^$t-}uE
z5dc(-Bk=Ef35^1@6#9B)d_-ndd^mhw|Lm9`bKk_0{J*(9cj>!u-wfzu>YLgtt$oA8
zo!a-!p>EVS5Qt^gQloF6@%g=MJVpjJ--}O+VK!|_3a}61DOf{hO@A0d2TU<FB=_lI
zHR4`@tVS_dqyKHf8pSv)HKM>2;r+1+c$Hh|Co!0m;!$un`(y{!C>irpk?VdPx=C*K
zt6t<aDv?Ip;rqmBgVW$LxOr8Z`*|zA>jqY}AKpVv3)d!m{+<|jo8Ge<ci$+AVh#Tf
zZmH_*EsGr&xVaIUvogM$QnTOW<K2{JcTsBYILl9de%;PB>(45(W_^*uweFuH?L`yq
zIYmBn)4$T|ob9nwu_;?etLWY|5k8Q8uOZ}(gYzGrIn~IVVwU_KCWqt}+JQx&@3uJ5
zOw~P>Hvu5U0(kqpc*9EoD7857yn0@|ArAnHL=;u(y$)-o-fOW|^j^qXvq$p5Qgko&
zww7Fhx0ed{;uvjnsqB#qzm9jPNISX661_;QR#GY)4(65$hlAWw?y}%2`~XHI47-5)
z!^t0a{2KDdty!RuBXaE;(%D36*OsEr=F3d<P^ip|5;|F4&u(i(JtNkDGLSP4yq;T%
zt_^9e1ka+#fu#}rDn?KV?PSljp<MHV{8ug&@r}#bQ^8LVLZ@C!g0J(hta}$Ul=a&6
znYv;rT6=OSGI<3tc{%%QUQfZcn9DspBGc%oOUW}+8@@oFSEi;-OXrT6Ny0Hx%qM>|
zqKO&8HmQClZcNv(uSWRw2^uFpv9)GPzSlP%r|TGa;$c;)aSBw>VC_}e=uN*%jH}gX
z`fDpfr!0LEuVPWlCQnRH%bExazuHkP<7+O<;uiY)wPB4YWC|NPZ4-=;I>1IM+G!VK
zR3X*(z3SVf&0ZBjNBeZ~WF;y>IgdG*&LbXI3m(@KkC%urMrTTpN4CCXrcF-Q+1VXR
z5l<L9cf=d<bAX*>J9hqBDX~+5pRX3|XbvOdj)+3TR}5Nk+lV+olS}m5YYwN{!~q&Z
zY$ZWV&YUn@!*-^k8E77#weR4YJ{8m(A1!u}od=JpCHNKg8{kY^47b}9KZTm*%Law(
z!EvCXNp#E6c)aB(2Ca*df~Z!>K}PHxaj_WGYBANSwO9wAo{zU1d2|WT3j#%%ApuGQ
zp@d6-5X=bN`q@rJ`)w6oXSA5uil@*%<1w^PDY8)^*xH8a9mE!yWG{(A^Q6&Htpr>3
zPas>!j3M1DePeiJUDI`J+eXK>ZBIP0ZB1-zVjC0Nwr$(C^W}ctudnOWu3B~a>_7eE
zRPS1=BqtguO$}9@4>_x|C`=hGC*7l127K9f`!KpuJ^`F8wW%?b)uC{`vItD`${)og
z0tP5j*c^KtS*DVO3<;v?B81a|*u>tTl7%#_=TL})33=mC9v?h;1^bekv7_sM5|jyA
zX$BQ}X$sW9NSA2>;4#rCNHZ@=$Du;mw&#)C^dJ{R3({Lg`8BkaXe~kL{#-ZQBG#un
zqc|;k@5?Gr+mQ`h{33;!ef*{AX*=Z}WHvmaJdIq@M;BNFqrU|I%syl|7oH7!g``_>
zS9*g~q2wO6>jJ`L6@{~Cb<Gel<IR1Ne0KP(Z%>?x&*8VKy9%N~7s*ku1G-_kNOM|2
zotmRQuZd1ZO$7|9MpFRxQQDA{xML<MLj^pa+2n`vu~T4A4x?}sC!m)wHRSa<MX!@!
z)K(ViIB5`ypj^czI(wanYd6NXSF=u%nfu#mC9giw3V{|)Gy~4*hK%yCINecOvFi1x
zm|e(q&+wgyp1$wSoQD1k;q>^2(*Z)q%!PEW6qddoic8IJL-VxhF~siKPNjWpJfNxF
zUP2TlykJFxDZg86E5g}1-V45*EZIISDkHS^GdI{KAe^1RLV(C7BAgxBf{?_fEu0<Q
zf`Rz|q}+lf$Ju5b<9;&#Q*vX6`9CGM^T7X8a-$d03J+&Tv?yVBS|dTdlq&p;YB>Jk
z&f@!1u$NCqq>5R58-0HN6>IU4gM<U^naAjH;?9Ky`oQS<sNcg#CjvUq1On&Q&xr-D
zqXViHv$sU=f@p@4xA`~i8fl+{kP7WLtH$6Ba$x=p)MEr3H3u9BWZwzSC<^He)We1$
z=!<XP1_ft9>zB>F0}15JTdr3!dAwF}IQQH0+tH$`)2fwqIYx_qvhjAjsP!rR2Vb}O
zfts|d>|Ce~*f<**1FD_&adruEQP{yCF(bUk!EBa=H_m?bsfBLu=(Zw}*6WgEdPp$*
z&FgH6%j|4C#*6@nDa<9PczWe=Hv3rTtw<Wvqcs7cVn*zLB?j+_em4d0&3uIf?@c8J
z1skF+5?Tr_-Va<BwTP#n{W5MwdoL+9sqy6wd@f>87^ay;TqIlGcRBoCE?HCi_1XyQ
zo>+?Oa>khU#;Oc?vXI(CSuwHz-V$t`I3)rAA8J0{H9N^a6xrxH0?UlJp@SNoM-Kjz
z+F#VXIx-LGe5s1QMieKhW3OFd8?$q}JtcPLzSu00@r%~WOR8{7JOuW{tzYb{(fHy9
zE#1XB5<2C<z}1tE*buj@_Ev2%HKi%P#XIi}o_gjP_Ik@!rTa;!kbu<SEr@*w-Emu$
z>~#^Tm<Em19$~u`5b`xX<I)=we6R%n+9M>-2|c5US|=7qbUHN2froY#9<FAx`MzV9
z7d39^PK&O*BWQ=ZW;mEybcQ9863l}r6-xe~Y9BPN+kMHN&_#{!v$vfh^;Sls8_!CB
zTn!~BSg!uGs67ZM>6fRqFrX1{tVM5KTaQqRZz56W2+eAlpYI*a;+D|&8WJn;*crSf
zd^T&u6=|mJPl`a=QCR<4n*MmBR8X}V6tA#wo>E&|^_f!h!H$xy3UKVIsZu!ze$=T-
zX|)BJ<7b@Rl1Rt2K&Q~+nlp@RS`=LmYhagrUl1)9)!Ky2Y}yokhqGvpf2s_Jz|p(U
zpHFi(O0nEOt`RF~6!UOB^{C}W1oxW<F)s$?2HnXd*9hP5(D1?sdKm}d%nRkK$esl1
zUX}RX^@|0rSqIq}5@0<wp9VdWu|;UmB)nTrmKOPnP-Z&dnN?}Q7;Cbwfe;>W$eZQi
zMr`=a+b_e=cW9X+)RR;(mWf<hnL&xskaRzg|8Um<_3I=$f=7Wy8MBGRh57vXM>~nU
z1`3mQQyuYGHPiqswCL`H)E+-@?O5^B>JQmp+~d5qt7WwHM_@Oc7XIIu6Gj>5=b)3i
zW@cZYa%-xJ$%LhzboU&VR1E<oB<A8RD`Z`2=>t-Tw==SNlq?7%3$PYsOOO*M$Bobo
zAII4ED<~zHZxgzosru#qX?)o${%PLVhn)2iI4tiLmt$#Y%0k(zqz<R=B`iG4<OW0{
zHU~ynRNDVvBlzPaW|#?2fcoAis}crsXgtRB^Js|aiW4qsXBuo-dmcq4g0KoH%DVpn
z!B7;MIXQLO4n+oTp?(6gyKI83W#ER;;1C5xgjlIb^zF9tH;IoI14FI09rtP#hK|j0
zFhP@*3gLR=zwXO5=d4R=R<vc@m&erQj4F=1$D^0Gp2uRA1r`(VDh`2P4Nb5J&%K)K
zpN@p@k4G*lO$2Y}Fuy~lI^A|n%(p!;bwirEe%zDCXZj8}^zQ%M-v8Xqr!4`kko2?h
znd#WN)%OaM5cLPuVmu&;N`sXt=$?C^mqn15ETH%`QlOVnkd<=KE3h5}*d1+e><I84
zHP{_ge0wS&b}TETZ@G^5iiZsMOU+Y`+852+4EH_FS|XE4_}_8)jSH=F0c6J38W7?W
zY?T5`YmG;6B}*<<D=sdnG|9!uP6i~S!QiKbcyDa_e8TTL`;i8G+_C4gB5rq&VLu$u
zy_{xqG3CZP;oCPiSO*)N(H_jO>!7?edY4MvzI~qFV0N+o{NG6;8wiVpV9WKb*`<j6
ztJoFgsP7Bqs<=#d=f*Q-o7hv=Gg$CUctfIt?cBA?<ik<4S6qsZ3djEXM!&YN*TRMj
z^GBv<(bRis`ab8+b9M>?k$h|`@&5pXp*v>$d5o2N3MDsoU%nP}J;b>W6hdacZ_7AO
zW7S$sAV>=%9uZlO#8`{w`#`&e#opdb)>uFOEcIg#EnhEn%Om7|+=y(DA{VgHC11s_
z5YyS*3~~>0ww4VviX-r>De-WCa$A&h-IczuZiRNRWuAYBzSKj^Rl;gDCp_M`5`6Vs
z2S<21%(~pSyA5b|_>3T6f=C{#B(<zC#_ut4*ed_IA$Mm6lYLE)tD)qrjac$fr9nQ%
z1PKrZCivTc_RQUPm2K!;wXdTUL-DmSKxwY)*&i&}0}-$Hhx*f1%l?}o+kDHG-p!1%
z>iiK1G2dDg$xSzQmMa`NQ*?|miPPaM^WY^OwL>9EKi3IDo>3OuA%Gow@)#3F-cQS}
zEtg=-=WHkQ26%vLSD{XiIrI}NDAQiTD$4h}`-$RM2SHml^8h>3*x#|ORmF@HaTO`u
z8o-v2EKe$H8E+9DoC!`*$$3D_M0XumKhe-2GG#em7t`&=X6yNMnEghl&+)IWRj4g)
zmTh`eZ7DtL<hT0{UDqC38f%WVoeic-_q(Px+Y4%(ocf0<xuMtO!1zj8pg2bTE$no9
zR}Iu-m4&3|tf(h~1wmn_VLqLh7DHhr<E$?EC&!#xnt64?mnV8jr&WHZ*qdEpr(J#}
z@lRq*uHmupTYOC%^-^Tcm$Y(DbY1i(?QNQ`s_8uSIUQJeowHUeyR@L5&*_AY@zdbw
zjNa9RKDU%+eob;YAdTkoqb)+0V_k-uHW3t?-S}I1Q4Vqg)K7+PY*pK(hX@F+Jr|)Z
zc!_vk4f3-Cfs-!__(&6|+@%L`-p1vY;neRDNJAf(c1F%58~BG#5myar3PdyxGBO9;
z3`{f$A~_H24Q$`8s_Co6xQYXWnAx-;m<#&#2g#PG2FR9^6i5$P|3|XS!|xrxEogfe
zMk05cID#*bP$cqimQ<grMWQXr{2@~wrL9D%+h6AbtkmPiWbza7<rc8u8skbIe*V@*
zJx9_+HiX1nAN}b@{F~3s5nEF$dX3=)_TyHfs)0F>gu>2vnqO;0t-_c$&h#3i#%}&P
zqIH!Ws*E`wwQ<J{zYktF<jiRjmhgX*g@C`6{NCKY$eBA?fd~Gg3e2`!5jeaLh}`CY
z&DW;Vvkw`_4vR$?CGd{`kG=L>Zj%UT&|oh)US@OPLs0L2p~lj)`%QCyxIXTBsk^OL
zLAlGeq1ArW6NoVAOlpuSyA=g_(ZEE=qza&GbIJMZ;d}5syp=J0Z0~)$e{W2@G(Zpl
zCiG^393g529YHB7W+f%iq=5^D3|;%HK)5I#Lv@k8vEk>FytI@IfG^V8WVNI!V?#!>
zxjf)G&UU)qc%R^ny}AAT)UDn=UlyQtnojeWn%HQ4-f-GF_I@wA%N08Sy6QA`c3E+B
z7Jy+ejb*Y^HJs0~<4=5GgiwN^6l86hc89Da){NtUkOTo<HO!Rwkq|M$%&57~yzm6N
z|C>8O6!ALD2GZDPa92&X{y8>S*#0#}hS;r~C!Xt)mk}Q-au)yW5TvfA%X@=TQ$Wo>
z!V~@>G(-_AgZ=C*U3W`_`vUpmgB4ustgFwmkfs@8lWJQL5V$T@cgSE3(h8q?@aSWQ
zMYDZDJszFVq~1?nyX7E5UfKCwJf%AXN5BkjzTxHCmqiA>%_g;dyQ%rsrB;=)JfXTe
zZdrkDy2h}V|DZ5DLsF$!P!yW8<-<(Ri7*_5Qc*ShCjFpJxzAwbMJuc0TliM@7#dsm
zbz;TJ{)yvY4AwbyHT9Gl6*XG*J-lFR4X;{vimVYLIvMC9=`MRTnOae3Z?**Ra8VNW
zHEGb$8EBaMG>d)?fG_?s<fWQjogBYc6(_>M7h`M`ya3kRF*XBnN<6T**T==v3b6TG
zeqFAPH`(%xrY=yt$R<h!u)m9Y(xf8yy2;xrb7+)gq;Q1o1I%F>!PhVWB2D3IxO$h(
z>@USDP>Zo5tF5;&*KuNe$`8?dGfXTuS?natzJ|Qkkgjwf<J=}A(*DFLc*?yru+7bu
zEV4;WO7YXJpe2mv_v@Ry=a03I&XFYL40BTAb)LEOmFo_7o|)8X`GeA>lG18?c)_O`
z4bM2#<d}gKRP+zk5wgcbk}du8o9M|!sMaQv$T`Mo%22J&n$jhelE-OfYKrIF=M0`)
zM!4=Km!6RDnBmy5Os!gWe{bZ~*!9ZjHpSSl*(6m#w8?oM-Dit?i9fYlvr<)ZYLU-C
z<HpuGMpU4U{VAXoj878Nq)Aj&HvR&X2Q!~n$@P54)SX3Cz>IylhmKm()ZqZ$aZDc3
zG#SU1@+;y=JfTePl`yJC2x>Xg7`7q0pJE7D=iGByXnXVAq`YW=?a?r9-N^VM_892)
zyin{QZ+#-&1;SGT+}p)Ebij&>1N(+Cf@6dGfD|>3^8G%~lT4ah?=gY3?&*Fg$*_}9
zU=Dhbb}gX;%Q?X(D|GYK_qVb#grx#Jz!FdSQ@mGb;oq!<K)A34kC~JG<~k<~0-dv9
z7~&$|G{zvq+Ui+7yHF;SL}FeRy!CjQ79Vp~S+mn^I^#xsuUX<{-H*Ed<=u~yUejM{
z-~XO_LchAF)#;S4O}gG}R`@2>@0ke>yx5FaJ}1<fk_aEX7B$nWy-1^9sqZJhExK^n
zUcWD2r4`=4-@IIChd;d<S^hK3KPD+{-=_;F;m4f)=UK-8n6m62)ApJC{(5$x{miNt
zO|a+C6@mR@ELjKky;Oa|hF{OBd)?BiyYRhIUM(+o_9oOB5S}>o$l-pB7-HA*tECgk
zlsaEN@1**8&hh=?`SktkS*xf;m$dZ3{bHCXzuu$5ucLC{>3y$937*XAHuZZ>J$UOA
z6vCHHm#(rj7tF7OM9<V}4N)eV6<-wzc0HS;*Q^*uJ&&I+gb*IN0hLo8yM+Khc^d1N
z6dxNzL>O5h{_wV;VjVUhzMwFo{U7A}^u!v<F^k=%m?l21B|)-1gb-y0J*em@XmsVC
zH?VssIE!lT(yiJk@v3e|os`=sflZS&f+lMP*=&JrqEdJ}LFdN|Gv$+K8~U0|6I$A=
z&QC!#?gm@QJwR?QOW@p0U1289(f(d!I^f!*o!Xe{=L4Ri#bgcMV7+S)K%33|3X!&f
zGD>n5#>my`cWcz>r4S2~eY(2YKvh-81Zz<!0m>-lFOqyLnqz{aE|NEqt}c?Zf*gL~
zIZ5_Vs{6yytB+bOOzr$1)EPSe^#A#q3yu}!`%p#BlS+-g@g&+BtU?}iOAbM^PpZ0L
zk^9EcopGcZ8>Pv&u7&f?12eNPa_dZA`JECzO{B^xZ4}$9FRmJ^<knER@U9&kmz_zl
zTNKMtu4JWnTCg@t?X!n(KEAB_=EL^1Vbq@zxdA)ssE#Mdl?UP4Geg^GU6i$jWFil(
z!>|_#E);J(DsAL?;1mVc@PZ~d)4C<dsd#sc9CcjTPrlHWBm-ve@<gUy1jkDdmMdlu
zEFB^+x;7i&PW|!(=o?L)XVnD_NdJmLejH!5S-haezSK}Tz6-O9RVfyam>_8D?a#@P
z;|`Q+@+|i5v_!wfrjnh-cHjKFgFSZ$h!I}J5PO0i6UJ;CHOFEWNVHKmURQLzQhk=n
z2n4KGjyNj)WD%(A>=c`@OeD}X`NxX$WYvvJlrUoJe9>0L68Zd@<#shYgX<U*lT?jw
zyi4aDNASraS8w2mF``wb8T3nZfBD?u={|WTepZfr39ps_+Ve-~wY`e?;u1!9tC|CI
zHcX`mKc)7NkO-T?tTu&fK?i^_I11Rp6$Y{QC@^lpP_994p)i@e|9n+XAcv<l3)<E3
zbQ<Sz06&DZ&7U(owE640x&6rs*5#Xtv@gM=f3SUGdpK*EFDHKR0qbN=9#%TS==xL;
z^cudaV9*;bdBh3(uBnOQ_XHh875dPVxjF@ezX!bV?DyRKT9}x}2(>y27s>)e4_MMP
z!5i=_iiJ(gTiOSxx0zQ;4jQY-Q@8m*zXklN4b|z$w#-z)3NhKVxyg|@35fr*fwcDB
z8r<;hl)B{ub#)ZQf+=X94!6ry{U+jmMr97g9k&>!5Pbh#B>hTJ@^!5rgGr4SCBR+}
z{wFoqq_^LBUoW}3=q)AVPUmxcdY<n+g{dH7Uyu13rI@qu4=!$x^pST5tN8KJN%kUp
zx_))k%Ba1K^xcM1ny$T>L$**>OPUx$#z}s?7KlgYZjSkKA2RU7PS&4k-5tNj&^c%-
z8?kv)H8^1d%?08K4QU=Wf{!pz33CMPc9Q-9PXnkDIRD<?>uX5#1aHb>e+*P8h~$+A
zS)SZ>cm<|S?xy^_If=g$CdHeo#zvOX2*lae5+%Ct(fHxMfwoT=okX&CE%v1FjQ9n=
zXL?R5rUY{_t5R%bnlC}X5Q4Nc>|Om&c3Q5yE7Fg=0D8Pg`xf~Hz#qb^OnKz+<N(}n
z>k2TuA;>}M>Pv!!<dCtz0DrA+u26x}>`}@{tPDbDh^IzjME~kV9S`G2o}XV-JlnSf
z4M2N<B5BaczdgTeR0p|Caf5CE{iI(3SMLljC4dE3o%Wd(EpwBK8YS)$ao8zr`@_FQ
z+N(6Jq4{Szi5FEWFH#yGw*R^PT<7Mm6Nt0gh0=R*<(R^!K)Kt5O_}c__9UOuIl-<%
zTCuZn_}X!wSOqop?qeE(R-ftPVvn!vlIWWczG>RK^j|FZ>9^V?D{BpPx7zPf1@rca
zhxPL{P12i}u~u?UZnd{#3*V}<0@SB^UwsP_T`d~=@hu=7vYO=eeX9hUDUVMVJeAng
zce82WZ&*j<o`K7e#W;K=fGtFrI#YZps^I*54FN3X;n4nj67IG*bA6!}XsTPvx~9VZ
ztWAePh=%DaW!C$2BjwR2b#5MEWr=2moGVodHY|BxgSh78_zYzW$Y1K`G{rbmFWFfR
zqylp=+69gPbNnp$R%e0lG+2XwL%%2sEQRy)w16|j^%J&BW25YROKx#KV7|v!b{?=q
z`o>0y&T*skI`t5hP@m*LpB6cS?*2hYk6}6uPx0v$NBc+mU?U}XFmcygIv*trrJULD
zW+BN=nDJCkc3iRLQQ$aQOT$-wPLN1giu7lyhH!z04}~(_Yn?8%mEOFfnV#;=5+cuU
zXJ@?*MWZ=W8@3)^!541aq1yMksc6`GL=ms(Vq=oMrEvh7t>Lgu2BjM+rk>9AffL-K
z>n9j^QoUD^wS)>tp2+(GKfTT2T`LiBLoG?d@p5C+1BkAI#p`|T6Dd0NhJ^dx5RY!`
zPQ<K5j=%DJW;My9Rw)|EpJG!dXhIqQ>~Xh5rp;KM#YIEnwBB!!=#y8$h%+ZTA!Emn
z*mWP1DI_-#San|O1@<w7o<REAZvoOb^stxh`~SrA*1|jpE-!aiw~*@G-g7p#?9|(9
zn`zfP*;Q&eP^Q8&CNB9nw-Y)iQ#<Fp5RBB1fS>R`<<Kk--4X}r*LfhkGTim4u(@p~
zQu&mGj6!1Nkaf^ClFShTru@iVcp!OLY3t*T&BUGM|Ahf5B(N-UC&H*6;jy1|zJTO7
z#Y8v#<t;*Rq_dL5H*6tA(lQG%!9W{?VC-7Fz)<+^C48JwMbA6Y&;CpteDaKhS%N9s
z+i<qRn2;kr+CZ~r%{GXRO^rru&uxz2+&>w>60}2aee3p)0Q-VPYeSQ|U)nC<#5l9p
z<9G5}#x#pDBTP0evRQap=r{GvbfDKkJ^a_>62@02>1%6Cex#$8X5cleNoSD!X6K4u
zRv$54W&E3J+nxFpXBc?Y9g*Toj^PE7#;0yP<+U&N3nlBd`Zjx<o5gpwU0`>zSa>^o
z3nz(3KwJ)8bKdsoQF!Iqu_G{(+|cNqU#q4Tp5<*fEWRIA3=(e;FlS`n-7A@3aiRek
zk3tH^P}`!c$Pl*|8a~4M3-5!yMKk_jMD-B;7hOJAoSFL`V_7ape&a!J)CPl69^UJ}
z!iHtjqu*;oF^;CIHKf#$=an2E0as~earXTnr@BV4rx5#U@eZo4?gb8!SueLoVvDKP
zEh+w+6Dx*ZQigm6GFXDXxP-Po9FTu&6l<7-;4Q11QiG*vfzB9PL+<R?IZP#TcQEoX
zv4}28xi%OJrgsK@8H@y@pv)^nu?%1_j3T*`V>}K(*^?yO1`|!oCt_mnC7$@-*~_q)
zj^GJFigqY6xB^qSc>(JyGQH%rndvfSV_;*auuZ03((Cva-N1BsnUd5oJGf&N7~`;_
zd0Rcb9p$;4w=`;#E#>lVlqP9<Mpsly)>?krAEz6W*IR)+P&8E*N@2Kcq`dr1H83z<
zVPmFUGSt{Y8fAoUbrtRytzirof_lR}UX?<M5^DGpPSOu|OinZ6`pE2e;n)|tRZrC=
z=ZfD?OBn}JTn`Q_ik8i-As6X!0tUNZKPT1{0#QDWWmv=QR}o{#gOZzc-?E63fOMX<
zapqOW9r1VlO(yF`1wGsb>N8`Ig8xOXZr)r${h>h*3o%NN2J1QwmUIT%7!2lL<tUgC
zy5-(3TZ8O9@s9u~p)^FQtWe0GNNE8MCaxGYSF<QVC4Og2dBToJW-si{cWC~dnhCMH
zTqeALG|Men%{FYxPm+Obx1gR$uk;`e&_of%7bSKI7C4QJsCJl<NEl<+VUpU}F8z*Z
zcixX03<8SWN2$zXK(r4j{QCT9)!N6xzya4AeaPk_w~xB^NfpRTd+W^X;ihcdwj6_e
zsI)+%Y)6K`@S^?$SZkCumF!W@m{`5rybj(#|E_at>{9j(ag1~peWlU6SX-o&06P;G
zwal(g(2He2rG+<C9a}G4J^a?pl0D;j^QcAwG{pI22nsM1-a-lJiRm9A{GQOflswQE
z_eUO)8=w%ZPZazf^U|DRP^^MSy%WFQ(&t&=b%gy$;ug#i=1KBlq>JF&NY$!<HZqN4
z>e6d+N+3~qKx5f}jGRq)3W@b-;@Zj_lS{*4Xmqh!QgRt&TF2nxL5Ve2)?TS9ofrOz
z$)u_N7!1l}mu+e`7{~Fwx=p!EIRH%2+ByPe4u-jU6~$|-p(Jvw!?vAECk?l0HlbCT
zr93;ltP-8I;W(JvbzbeAO}5}y+E~7ZN+MuMG-^{Xr_XqrrtTkrC!`KeELr{qG0}v&
zPBZ9RaCJQ5g1pZ+_d-?d31(M7u}LGIj_d<+Y)j494(SWj<Qh;%{@-oy5f?grzOtru
zY!TMzy8;yL48^aOb?=7hiwTjcvh%?t4^n?rM%=`-NFFYOgn<A-?M1@UbKjQ7@jtWu
zzMJrsi2uR31odetmYOS-QllLO2urQAf>1}<nrWjHLI+n}0$@*+9lR1~c)?(Nwa}(u
zzy%aJ4V5^_(WV-LC-TI0G4tXeVLa(zwxNQPa&Lmg436cDhxCnZ;bvZ6ig%I>>xCzQ
z=PGst1k=$wASCPix<89Fg{~PUVI<yU>ie31A_FsD3$>TRZdRI(Z9UUW?t*TtXs(cM
zejbZC333TiZ!{YwHdZb2Eand`*ClN4axXP22Mp2&YqU#gRdi9a$;4@D;weKO2^|;5
ztAF?MQ+$u@2~G<5u6Mu3+~lW(ACnR=U%ieF-bE|j41rSoz1289sE_0*_4ucqNaWCY
zQ4@;GT*YlIqmiq;x~V?Hs$uGxJF_I=T==2#)kp9a8zl`>Ew7B>RFuRr)ys-#D<kG4
zf*P(qzrfYk*MoKF1V^aRp%KajKLhD`lNu^uaqzLx%Hlbdr}KyYESUdhfUo8_lvj!$
zgN#BiCf6`Di^r_ItR^zxsWsxgOO4b^4;XkNhW@AQW5#aQ$?R29_Bwg%Z7nvY92R`~
zFCJxsaxU0OASjFl1^E;w$&3>*3Y5%WNSo^@v@)3OfpNUvyux66L(Om!MQ@UPN9*s2
zPCr~Zg#2E7<KJS{Zn2p@4UsA2;15C_iWuN<Vq>J?R>uWIZLE2aPCPfyYVki>e;Mh8
z`!9p%!%o3ws|6`g0wS*&JDRT7s85zrSUk14qnx2Ske!_3m))afXAx|#Iy(PmXg7Py
z`QwprH0!8F4T_Pthk>`)#fTB6T!P#f<3$S)SrCRImrL@IOvOZG-KuN+?x<$vxwdXL
zJ?6feOLb!(-jznX`-P4{u$dDeN*o^mI8bG*IAn}ss?MOm<b#fh&4YQA0J1`uhmqfG
zdQ1!<0?D`M9r$WXukAK3xJ9zMFk*j#_%`c+S9njq&GuOH&5u&!`n;7S>aMvF^rq8T
zvhwR=kL+{Jv*!ajB9816k7pf+3`Tbw5FOOL4C0?F$Da-DUi<R4r~W6VB6S|anN;zD
z<{uyH%u2N;!cAi1LBI}n@?|NK>QfRphg6z#-81~Q&7;4?i)EM+pM3jTvW1ePzg=eN
z2Rkcp;s^RWw9K?4Bi3x|$lY~89e)~Ny4Vfwla6K|v{LZGi1@k(z#unF-u9Uqea(%V
zF<CKO>5(jyC#kdM|26o-!3`V%=O#Fb9z+t~?WoRZhd+KSaF+q;2uO%#s(BmQ-@@4i
z+&>J=Q9!G}#a;#v-vFJ6S(JhlfZ$V*ZQ}tP&1s~u`cAmm?5_Bm+!jI&J@r*N>dFW-
z(IM3EsZIVe4BiOpX~4yD4)Mq$k!r9F8#uB!jFHt?GH9wMPm9YC9Okho{FYNl@OGHh
zOc1V_f6zTeB9n~@&XOzu+_@vcw~WBI9WipH-^G>S?GNbkT8ls=p+cn17tAyB5m3;d
zX&Aw^|CurUb0Lz~AjvQ_L_ZmZg*-{B>&(ai9GfuGVY1PoYOHI)&l6)qVLFTeOkZy#
zU`H@M{uC`;mxk{aGJhc{&ZT225sscU8RPC15CyXX+%5>SlC-CDZm(j3nH+EQccSH+
z$?zKCVQ5>{(5Zl9G8)Srwx8x*?WUv^x!(zQY<|NWrEq`aM9zt{X&43EV@%${mi88F
zDthZ^V`YQzc&NeVMsmez*4H!nNZfum<FODJ4e#;I8Hhm<u@F>zNizgtM`h-EU~Z|w
zzEP%@^Q8FH%+P^f)uY8Fv{=(@6&9hrW>Ns5UGpiVpFXu<HN-}GCB%JfEyRX;EyNwf
zrhui<Mua!7X*TU!(JFBcCx!_ZYeTg<*M;i{-77szS1A1kW+k7rP~Z=^UGa#nf7s-&
zHUr#IkJk_zvXTus?YA1Sr%B*uYrdEiyH(wG+NBj)g467J&mPI=%*{)Qw&RN`fjK@i
zw}0_hT<z18EyovM{Jnf;&n3`5@wTM>^y=sD0MDtb-v44A@}Im9AWtK6Gt*&RL2rA7
zbiXNwzq(dp=n}~Lw^3}=I`CUUG#|4q<XJS1r||~D!Z`cWNDF>GCi~rg%eB=(yaSJ{
z-sTADzH2IfN&GOQO3RluX{<r9eW%lZi)5z{DGZB43cC2lhV5Kfdu;~mUe~f5j>Gl|
zMRbc(yA<iw{pL$p#+saqlcz*}#`_@T$&qUWYipCXSX)c0fn}gdHOA@QQF7RUL5w!?
z#%?EGFDStuFhpBCjxTDjfGmv{{I7e^uX~oSgxGK1sBh7~sCY%yQG%2$a@dAzLp7u0
z$h_2lk$d|oR7l)Ah^PXbMx(<7%i363WR>YiIU47}JT|_s7FF-MeW~QSm0QHOY-jC3
zZBa-EJCN-xG%L*}XzyhH3DlQ5m+dm@E%u9aYIX)1uwD#}4POOx+5zv~mUUG$cmAGs
zF#j_=4M)Br%?f*TFtNE~#NS;*+)%_y3YOeGYtD)0L|~XyDTsp)52%fM`pWPUUZ1AI
zj&>2Cf``!-y<QFMde83ZvmDBZ8T~+2-rrQ|W1W+(L`ryVF&v@SMP21%Q9Vz67L63F
zya{7zpWIlLW99Q$swG+LPQW0<37zhfAN{J=hpx^wWBZPxIe1Um`P%od*?WmiVRc>v
zk-fNR<8>zeOvU}DZgE1?6B98Bt>|A*>@jo@0R|Y-tHoi!qToI85P0waLC%;b;Lq*z
zN2lso+OhzjDyC@t1E7k|`|^dN^_55;-v)aN7Vsu*tfcAK*~<9J?PgY7WmrqyXY*fL
zHDRgN?QismB_{AMv~p<RH{o6DJ3IrLF9@@%u33+(Gtcf>g*)ww|LN@Okgu_E8rZ_4
zrUK#ueiK<}sV@ZI_9z1g_qxe{%%E>;K3Pn^Ol2;)9mCc=Gz*^C#p?UQIx{k+r}#qr
zns%K|zZ&M*_LzM&cR^YgtUwU<{;dX?GD*)diwJcdouY1}0rtps1kZrzjpS{ss97{!
zE99x{yLF7<OzoOug??Q;&8ISV;&lC{m;-w@{q}oD=PlEItqSFPI(P4(wHBWDk;{F{
zGN=6p?Al3y?a<p+Pvt^a#H)z^nTpMo1BY*+fMQ$iT`zo5`5V?hg`ETAT~DwXr~vUz
z-Tu;-jj+Asb0_2Gb0?Z0MLCl3@@7UMnTdegS?XzK`@MQ|=mrk4Y~}lqZt;u1oc05e
z@2c;6=8XOkL1FmK4(Aw>MHkoTZR~vS*iWarK6R5t+k)y4e!m?XHnP$R?y|3LNJ*j~
z)V8x~wi3^yI6rxLHa2i?7xI8E%WUgL`XASQ2x(DY1)*{|Zu8C6`zEXDIK7!ESZ*n(
z^ozP*KXQQGgzr3&z`iCwZB%#wB`0u{pChbaRv)j~$4igdiqnHiPQeBtZTENS@wU2a
z0ecK=0Ev~k?eqTQE)&~+`%|9zG%;TdI?20e+@&S{^GH{UjA0xdP@J~`-YRCkCnVQI
znL5Uidb~F<wVG_qBu^xA2E%l`_vhILXx+6IG|R7PWa^1f5s8=PWHyV*%(Pz8XC*vw
z%Hchan#jE6-}T^np*xIls{v$CO?+&5%f<$M8z^4q9o9_-c(9X+P=hmY?a5)7Tpk_f
z+5NN#u5<i>yj4T}zv0p;_N>4Pt#Fm=TY$K~HH$`=SN7H<wqNl57e>e^`6$&!Cj~8C
zv}6=y`puP~B&LHs(&E_(&J2mzkR3=LHne-)#HKqXmF5AaE30<1HDJQiVw!Ln_btX6
zC^*cqxJ@hLQMI@BnEiR-8n}7K9RY*ZYo9q#JP*I2>u6BaaFV3=X(lM^Ni@Uxg^$ZB
zF=kphf%D-Y6FQ-}pYM&>sFwbQ6F2jA{q(|-jgZ=-L5s{_i|zG!OrI;Qt7Kc!N@O5A
zBaB7cBVElU&6uj4{HBH2|0<2_ZE@%2MGFXpHrGViCSZ)F&kDIbMavl1qY*k5XA_LW
z?vA8$#@xc=PSGsKnrWrOvl8!yYO&8mE)iYUe}Lk*W-&%*PKi9~CWts99O!3lYxQb)
z1M9}ks`_6ol`(g>d9WZ+gB>~%{CaZ&=uDWl{1Y(oI%^YzTxAo}5*;nSvBS6#+T@~k
zO@`;-xQUy4s^q?sYC92r)1ra!6<IJoY~ab;dz8N<xzkN3>|kYPk<ia)g3J!t|IGfP
zi@h4#bw;&D2g!)cK}cEbsxhmV3wmPsCdKW?Ap9MUuv5PHJOdm>_r}icSF4~W14&!d
zc;P@*^mw)(mWaAA!JFxx2rgEc<WuiM>R;sZo!I|#%-vtF^sU}k&yFNux87ny#n29@
z?Y7xyf)Q87Y+pZC3?h5isTb?kX*11W#<$<ZICAYHIAR|lIC^U5o3JV4o2Wdc)4oiA
za<bZp4F2K<<aIY;VN`_G(MME}j#cqa8Z$*qgxBdQEvdx2NUXXhJ}Mb2<Xzw=KB^dd
zE3xC6+(uLgjEU!2w~*jQ)ln+3OUFkGYO*9os~8t3siB)tMbJW<aAX_SjYiP^P|rXA
z3OhTz!7fHGPKe9E*<~nV!NCw}p|L{+0~Fnt^KZHop&)_>F@o{(>?vmyN16Z=m@vbF
zyWo+1)_FHv0NFZ#EIN#xzi>WZG>}Rv2uwdM47Bhrwxat`KBFK&G@vg5Be=wtcqIzn
zEJ=uR3@)s$_F+GHPUB5p#)8(nvWPW#%7QAoNJU%P=yc@==Wh9do-BVL9j!7R9QKM(
z9-OYb^q|)=jaZ{D{gK7aXpz#|X_^WJ$yyl~<ZkeUvMm|@$CS2@Uut&k%~dob)+#z+
zX^Y9zTJ%!^$l7{}DZ^aH3x^I<r!HJKv_<q1;n8K|M)kMGNKp-M^DZ8_>}~XV5zXb1
ze#}4WO@$3=KNXaVdWWz%EVKef@%z%?%f<Tl5~_Qh5VPThGk(bE86BhUrm+Qq^g67C
zsKZwP%kf^?V=(Q+Kn(ba(fQ5DeGRwyPNnaegSlAhRv^x_BI(Ze&7bQnDr(1OLX15+
zanJR=;VD&W1fM9IG2q6)5L5?qK5=%D12B)s2!!-$`*9KQFk}kK`^n8Zl**v63Ezd6
zh`2ue*`%O--E-w290;C^L7gY-?c8kS#MYF*2VCeg(Zii}D1%p<4JhMD$whHNP1~Q0
z5*JCTG1vVsQep-R=ytV;1+N2de+_EnmawlS$F|<nLOc=-41(OD)a#$m*fp&-tP_$%
zGWL2<;y>ndBeIv^x;bYAbY#16z;mXVA&;&tBq~(hZMI*3DfB;;jD#?R;7doUCU;AW
z4B?o3)AnP28n-5PU;i#B?y-tv_%k50s!~qjwcjgmp-_2HJohEkpCSDYImmV>>Zrip
z2-@Z#F3vW4X?MP_TKk9}i04}M8$UE_erYCe^*Xz8qIYgPqpkfayAi}TUmjQ1w|j9N
z1FhsJU#x+p#|L#7{7IuV0t<I@7M-Os{jY^dpizdKQq!;apW`V^r6%EcI+0cL#7Z?|
z8l@#r6GEywM8zk-7&~=cESow<F}(l&*jWxZ7OIsI?4PPMzvWJ7m`7R|_~1TcMW_bA
z0@_PEry{^isgwwfM6h=}UvUp%dQ}ZPxV(ArVw(HrZAckXcUI%9r<&skpR>I-{TL55
z$YUy}o@ttkDD0T4;2~Rx-eU^TNc`Il<>2pe1^&SC#+Z=T8|{ySMHj|Cz<fN#J+z@I
z6Qh3jdhbk1wf%At{3p@Q3-Vi&s<@Pm%|7B!pQ8Uu?RPOf$@d9MfjNUc53PQ$9E@f9
zU0S7CBJ;#b(a<#C5exQu&~~B5=RA30w3j;S>WEANBkro$r1%z~+>}(i#gvqg;R0cG
zI)dEeNoAXN6ZmJ^S;SpnmuW;Db0L7`{yM#A!p*e#)yWuD?wevabxhCVz9Vz>@JVEg
zX#JV>V}IMAgy&02gY)k7>-sP2_BZJBR$Qo$U6Mm=b%$i0o|*<O?8{hfHTT3whTIGX
zLdr00p9i7PHU!UDt}5x+4IcpyIRa#Hpl+%u{1rJW3%@qXF%=xPY#{YA&l~bk<y$xu
zFblEvPCe1FH<-`)z4>|X9NQ||WC-sOX*3=WZ(3R+w)S{y<$g;oRbVs)IhpqgmiPL;
z_6N$=9;)V~p1IzG&HTm_%k|4^cRFnSHC`xoZR99IbVPP5PwJuxj)>oFyF-yCVlZk{
z%Gaix`!n4`#>J*y)D!{I2q&%l>29ak^nFg!knk?oGoCiWVfM~HWw&iJ77AFSi?4cN
z>78~-GZyYXPSA&xlD*`N<r9ecpM$g=pUKXlq;rRR?qq6t3LorX`}wHw=Gpg?Qt|kL
zG3kxt<idP&nDb&}FV6U~%xk8$-zhx*Xg-1jQlCm96SPvIq?x1ASFp1dBpsF0l+<NP
zYmdktBsm>lb@zu|G|*NU$F^C^<jj~Y&s&%TK}>n;WzA9<9pVuona$q$Whp}JD$UbZ
zB4wSGnLGld50I=NV(5U4+IQ@so(oWAU{D3xFbp0GXkclbny%-p%r&rHXD4c=y+(T}
z`}b7uf_}3=SciYE4SEE=3ceaaKLb|8=#{oSaIThOYIUM+aWG>CBHynnbHQ9B)M{YQ
zs_Zcr@H-_P3++-;0^6qjNk4B+p;B_`$G^UR#;c#Pn-hVPlySs?Ae-Py`iJGeDHH8E
zdQ&0YO8l63Jv|uFi)sdNlBVV1+$wTco<;U8u6~S?w|qKzw)LO2j86U$-ct3pO~z)n
zoaP^!oW<u1yJdT}aQA6d^K*Dg#>|81I>{A-<R;4dRAc4URDJN5j}a~{JGbmgH*(FD
z`8vPwKDnmh=`CeP(Q}`}DKd&pWJhOJqFRc<<YPks=0#)?XjR6>!zN2;V5o|KA`O=B
zCWgm*qqoxo{QBY)K@nFRTc{Pd!ghlW*r(S#M%O#*P-b(ZL$}M$U-qkJ1h2g4_exNS
z28U_k^~V2P+-8S*7ovgg^%k?z&bjnaA2s7`l@DB#Zt6M_v~TfMyNC;@!EPm2t@y0m
z7mhI)v{l0YU~n<lpXp+in<_KxBCBj-Pl*5BqaCl)JkY|ib<iO%(~;{qrVP;`4d8`@
zvC}}?>Kd)B`xM$WiR=T(yWs>(Gypo>6O2r({DjlR4AK=_t{BmVG|+~&5A@f(6tN7I
zu!zyv1BLY>g}XDnJZr>qk&KkW&|&`N&TQrHbc|w-b_(Vti4p%i9tK8^4u&pBSWMAe
zU&&k)M*j1!DPW-quz(H&DU|nDEDwij;EXUZU|WuDWQ$EBeSHl~#!1_~hP8PSHu<Qj
ztaolhjrs?+UHpl<EoGe6|E--Ve~vS^{Q91D{#|AVC;%JXrrTGxY8JE!TQ*B{(Cng2
z+D+X-HhF356!=Uk6i^M3n9O=mPv2^SLk#9%2&{EXO@9b+?%BIy8@s{s1Y$G#=!QeA
z*JGIUpY~0ncjf&o(Q^FUc8GvPYe06m{64G(u;^}evqsu+VAK_}`?7HuojAPtN*jUg
zjT=3N#a{aMes96FDSTXKP=7sBP+q+2)ug5{h?}EeppFSV^qGQuYuCTLY$w~+q@GVp
zm}|$ve%RH&_kTChVtg&THxS%(hb(}9<C5KU`+$6(OT288K9YSfuwAj@=-hPcn*I7P
z40MM5YTo^cfWHy<eC@!XKkR%&nQpq{e>PkTJaPKxOXGco_0TG{`?FW)&t6BiZySBx
zQT!a68T-Ed*NETm=CwE79RI80=wG%4{l6d4U-b0)z6p}wHcA#&Hq9UWzIE)iE`2ky
z>vw!bt^>a5e7ipxHX6Sd?N5DEM869fUwg~*zg1~#G&9y8do#GN1Eap0mXaW6A$_~@
zAB3P#PJKD{ycyfHYTtKC<Tf9AnNp(pPsW)}syV3D2+?Q|&jP(OFiH@!JJ0?h`Zz5%
zBF2=Bz3W$STnA=#*0$pdkUjPmFT6C)a`tt7FY*;Vbx*12yz8yDWxwmmr$PE{%XirF
zUJm02ZO633OlMDX3B_*U`n)evJ%?{sx%I!S{$>F0?mXD_9I{)!|9A&4kZB*bD#6}&
zKJtOC&3cX8vSTk8r8jF~WJ+^m_Fa6o88qi0<vr0I%4<~c-6~J~?xPg$L~C1W`v$YP
z65Ny<H!$8#s%pIT$VQzkgn#3mYaFu%pE9gLhiY3|^@X$;gmCFr#VD|HKojN9Q)(f^
z6e*HfJOK7d`q!fgR~$gSQTu+(>~`_@?{HBx9=|mbm+P3CBK$as0*KiiV!?rTAWeEM
z&5pkp+ZBKXgEO*MLotmK{|&kyMFm0*FEdpd>Dr)Q0#2SS9WCtnFSGeDZyiI>1&^~N
zsuwt~;J>|llQ9r8CIBq81J<Ki%0Qu_VJuw~cTkieYFw@0+gmAxJB)h>1W=~~RPh#v
zs^7mX5J^Jvz<<Yy3GR|6TA*f3=I|Y_fsbti?>l7sHYH)SQ*jQXqx(@5MTqi%O6Y9R
z>``IJ+8T<!_)e&SasNf)Fuv?}LOBY)Qn66#(_S3^Raas@cYd7!67?1WGXE+k;o}*6
z)q`r150b6;Tk0lmGJXw~g649xts%U(*1$b>;a&Cxp43o^ZYc_e{{GNY`=sWugL<AF
z!ArW8Y#Fzk!TUM<hZYPn;7TVf78>TYw|)Gm&&ckC1E#<sIh^q=;Tk7x>ARg;RPiVo
zwJj;Gwlu4UanHfY2l%>;sF2#H=FvBxK9zZc+}N<M`ix!w4@PUml9~6x)49nGdp1d!
z@nc3|H8PbVgr*M=FKp;RnyHiX(0?HIP8!&vMdV`Eq|0E;<ePYpvIM)QMMbp?(9tHX
zK<rSvx6FheC<u-s_oIrwy7>;5yuN1>totf{$C;Suh6rBUNdsnC3QGs+pWSVTnmIk8
z=eePt$cUJ{L7~etv``}?_|*)$C||*dOPDz>Lr!z`Reyr{&H;LD;3W)O!X7@bbW@O<
zm1BhjN;W06!x`~`suUN}wAaUP*5_mQ(zG}!2Qt&_@UipWx2skAAvVPQ`R)`v$9TR?
zXpC6l?rr+y{tZEA$xSo$D<lNh8-lc(Bae-Vwg+|Fci#V)_?H9S-C5ue?`Qi^KbX#)
zE%4VF=8US?<o-+$e)kiw95^yTtNlz&PUQF24s$a?q<A04ybj1p4&Rv6_vAbb+0~N_
z+&%O@PS{ntQ1{B1%|mT8l!@DQaBk$ZjvcPohRdMF_BpgOec`ozF=Xzb^@Uf3d9_O2
z*=2Li$JLM(XqE1O*tUGZNlvQi2r)7L+LoL7aB+8ULng2lDtD4mEE>{nd(gEOkaVjz
zkNEWuImE4>ozJiRmL}XyC8Rrq-b_a~P}!+2?96Y)B8^$jsl7~c9<PUf1W#7rwSUl6
zFUyu343XuOv4RXCgq%tMTWUFW;0eImJoq)L?Bm#D;z}b$&IbH|`v>(tVMo_C(82dy
zM1Q@2I5h{X{BgC2aR!D#I7b$8rt(4brvMit6otG&K3A9phEw`O$?Z3*5?ctG3U~-T
z1u7QoWXET0i-0L2YlF#AM$s8m6$r1|tH=>mcbHJfFXuct4!Ph8yUkpU<6EZi558zc
zfTm3x%iBtq`*SByn0;Qh6$W-%6=08Y;eyU99S~R*kW5x%-M1P6mV9AiWp`yl{T}wW
zjhu30G=pc-(TYR4xllQWtQT5cNTDqzo#9HRl6u1lsIlyIFK>q1h=X>RcX`vg)mq!_
z{$RUFbCTh^X)@LIeYmOT=-k)3k@Cx`d~+va<6=4;*AiT!dPUc`S9M)E2WQzj<GyN@
z!mnMY89Z&P#kRb&uS*xov3V-Zh5*_iji0EInZ>(iwv!lEP!n5B4aMXej78IrgeJ1i
zD^XR+7+vv+Ys?Z*R|e1ysnZw32&#ii45qF_N+i#{AQn?2G+_c*Rg8QE*4ZcWm5rq5
zRxpo|pldoM>Xc6!+o1il0pp8lLW(V6n6v`U^GCSzt-;3((b7;&oD~1}=Yl55*c+g(
zL=hvh&L^URVJy9XRyY3f*>Upbs-@Q{ASVZ54rWQywQ7SFZ3`q=^?z-?Xo?!9O7409
zUQn1wIv6ftVidGGIvChsVK&876Qxudw5ktV0I!+S2oj7ypm5oLZ!<4o|Gms82lbWb
zGH&F@0nq*m8Tg4A)F_@n!zgH?Wh2Av=FTkU-xMm|KnA;F1WyU?_ECut_vO#10q}r=
zDKLU1g8Oh3p&9`}(808drM60?E})T(D+8ajCqP*Ohw*8MdxvpealUM$kh4D*SH2Yg
zNOSr@;Kc$N;Q^}LozT|uk0bZv)cvHTegfkFidQ01)=@|g@dU3pEV&{K-=C)A5QSFz
zxL@I_ljez~gP&0%Nm?Ictwcv%@QKsh9`usM7~lSt)?rK^H2b+VJOSO)%E&8!+9V%^
zQjzqgrWiIDFe6M7rn*6k2&GX424-$aR}qE&cp`n0wQ#+uI0IEhZ-paZb^am4_k%4E
zkcHf7I%z!hGwGn2aS?g=yD)+B$N^K!CEKlmWn4VzTLNm&@gP!&TIDO^3x1}D0l{>P
zqZ^n;i#R$WS7{NLqvvoOG-1XMD?imyw!EgKfU0UD6?}sS!y3Qb<v4uE;2xyYYA`do
zgb<f)#F^cF9rNp-8tS@hIE@XuueYu4{g`G4g{a(v*?|=S-}qDx<<y@=UYeAtfS!0=
z1^#nB-g8ZdCBS_}$_Xu0>gn;jj2Zc^rcJL;A8G@t`icI%I%P(8rW=?m5m@!I@`%<Z
zGN-@b=FfcVQOV8J%hmDJXEDBnl213w%(vjuMjnlxs^{Iye3JLiWh@<#-Rt%wq(|4Z
z?vwhVy3!ve<Jmdt@*Yg}K@4?EAFj_Yu#p5VUXG?NU%%@OSo-j7q^8^`gJ6?-dV4`@
za5=PO?;9GoP!?die-ID-hk!@aJSmTplt?010%S5+G=YIw*66zcG`9^$(ICI_-;5$X
zC`5+9+l1qcb16}9t6E#EbI<Bg(DhbM0cb4T-XL-_?hhN&1{4HfiG+K?XiLwBOf6ax
z?!V3LBmB6Q9c}Ts3}(Uxdg*7K>}s{unywq}JKSq3EDm$~&B@=fr)sR`S_bk}r8dS`
zsj!KOUXaL0XuRF;4CboMO&&1uR8bPr^o5dS$xoaT4YqbzgA%|-#8O&c&9^X^8Ki^P
zj`O)FTRhql{~{rIg}o_;ZD(Yp_@)XBKobZu_<Cj(rC?@z{bre^H`c{xW{6U}jBmJf
zAo)O4A@XSO#EX2E#D)g$4P8M<J02_`u7ta9Gs|`&M3N$Le=>aAbywR6OVJBXL4Q}N
zG*W-Qlnb4saG=F%OmW2UJgg9LjnqRa)L$4$5Tf8E?BhT?biI-1qSO;@tyPfsn-GyT
z?Pw6o!yL4S8YBn>&OGJE3W2FXX$8}F?{dMHlNVUXe~)`gG%_faj7XF5fNDYf2BU&&
z{1A=nxly?=9nzHTpd=b~l&P_h_JG;wdGX#kgLY2uF&Qlab>Dpx=k}ZW*DV2QP4mKW
z;x{?tv<j@hrR&#C3pge$J!00im@H9qiM`oxYRoM8ryA^-Q?vvqdd#<pK0&us720UF
zwi4~MM&9sgx_Q295_}#DI}d3U9dr@MWBL6YCas~6P9(UQ(;N7)1uL|<8DOmFhTe2#
zdjQjcVGz{CVf~~0zf}Wo9@SW)(q-6PvUs4~v|JV7JoXK3KMkx*V3LKV>6xhWWX4=V
z;t66Bs<<Q<?;^Cyo;XNdht=m>P|-|sF7;xU_^BTMNc_Pu20>Nl6ZBIBGKyg+{J_z_
zjQgR#qw8uTtkHJ6$5~dv#Mq|-V!t4euG4(aP6cqsGx0IDB6P?I;P&L6z=%UyK*N@`
z2F}4Z9q|?2hx2c;6=wu@T_XFm18iTLbKrtoF@imW4R`<(HGl~e=W)BhKGDcNv^++5
zG;wXTA?UV4pIjt6B`gXw0?^<sj9@dcO-C2S6H8^^8vomb@wuLtFB1!WulqVyMpM0H
zh@poch;x_u|B-Z!(RFlfJ7{b>Y0x-1v28WB)2MOM*tXHwX>8lJZQD5U`SN`4kJ+>D
zYwk5`&HS3#`vM8BB);$H1@Ub6F21F=!l<k5rw%F>{P3w!H&pA5qv{8ew{7aT$5DO<
z?<3UWfpZYCr1^>hfNyGZFY!Uc?-StztB{0iDn+pU1W?@d$Yr46E$2IUMi+Z8zNj<&
zGH3C5`(52O)37S}48Oc^jr`&)T7@x->2^?K+0n}(Q<H#yrhBF*a(L!2r=Hj{#pc~p
zaJ1WQm+lQn7fSv4aq)M<l+u2xBJc!a<?kl+ToYyd1U%P=r2))Olbt@v>(yxI;daQh
zZgJi)L{SujmK(z2z0qLcA>&r}_N{JXaWs$qecq+8Td;X*S5c?v{+BfTk?4w$1<?pl
zw~q|HIq87Ic*|rIN0q}Gh8V$m)JvnlSEc19wM5Lssr^eQ3iWY>NmpZpm^amxGj=nh
zdb;Zsdy+Mok5m3eM#i!9r~)A8HJH%^%PjZ4|II*E>b!o=WDgsLDn?8q!Dv8=%>B}O
zKegTMQr}BWeVOg{1*56Fj>QDO!gVNXhc`m1yv|`e*TUYWiHS`9t6!ST{lXfEs}rmD
z$IE~ltW%)Mt-KcT2m)w6o`ulufLYpr|K=k|y%XS98JP+L>s$Lcz%uVFX`Osf=LpQ)
zSWE17XvWU`TN$S{xBW<Yg@#L3otX%I5#TuI=lzh$X6WlGk6+WxHw<&Za4fG0R@yTA
zZ*hOa;ymlB_K^!^#iLk|=YnslziI2#ZlUaT#h2@%V_rmO`YoY<%DmI^++CCihp9l5
zZ<S^^l`3QZ_-wQ;&TQ05a`l~!yr=0az0Y&IA*IvqwQ`PrV;8hl=NuZl-d@o^YnpX%
zzGZrOe4gD@l~wJz*5=W5WpOU^+E!di_u!zQ1I&v30;2`KKz-m>&AB+tZ?pNG1lZtA
z<Q*Zd1AJpZ_S@>7zA5slYteb>D}M*W>}sMWM1@bwt=Y`KDZHV@5b7O^YSyB50{`y=
zg}txb8Vue}2QwJ~%0N-mP)U=bV{G1l03M)?Sr^pDsF-S|B!y#p%$v)!l^;ioY3A1l
z8`(!)J1)sb{lH43!SS%kM~>u;GbJUuJ<2*a1DwaRI9YcLLGd=2G4Oe9579u>FW1_^
zF6{o*5Drbe3J&9#PY;&!r)3Sb1o#@>o~-A)cV&k8fmPi69^Rf2J7aL`v6<7dkN1q>
zYB3HnaS#qf!eJXZ^ZmRpKJb<I$a%|23_f;?_1(Shekb=xMcOh){h*@vy0qak@N`;A
z^f`?m%H`qq6F$n}#m}oPO&30@?lK~L`TZ?z*-ov-$d0qxZVv<?QM?7YZ_+<1q?CJB
z`SK`#=szECZcQIcM)9_cT$|HuY_j<X`VV&Hm@xuX`u+%30^GZD?0meLfcFM1fy>Vy
znE?eFFCScX*g&6zZimw8lQR#&a2)>a>B@eTBOd{O-jeC-V*)PtLtvsyK?|_nsM|xZ
zzCiDq>KHH$ydTlK8m=?2l~d>4KN^A(`WUHT)mOY<fU@KxkT8D<s{6Yx0qEi)=TrkF
z44eNPW?SN7$y!>`?)#~?A6(uTcTy2{QqiS&j`vuf$vZ=`HmX+*Q=d`=FbER!#v8!(
zKtvIIq>7D<TbmH)7;>8*G5<;f608t^h|(SSeOKwMcLEdH+{jq5{rj=@S8>hcZQ|vb
zaVw+^JgW`Q8@cPfk;y#ZN+{!bsNLvbN2O2b=xZBMF6B$jSRch3q;W^*@!a5emBVCu
z*`Y0rQMmb6A=^;iY&DU~Nc>En>axQHptHR)y<`QjJ15X+dR((wc|N9LApLZ$C*YD(
z!wN0U@9${D#pO1VWPf7FZddkywATliu4XL{W!X5cFHvpzehn_a9M+QvHaF0rkj2s%
zlnh~#R?(q2g#MdaByC1hE7I*TE(hrLXSAA-o?5wvdM57+lWyeCyd%338Vl!jiSLr;
z&3wbO)WozzDC@n;-LX?Dp}?HFX2SH+#P^6jiFAxHHjopXdfOY=--tfzHfT}u<Vy5&
z6y%Zg<U%tX`1~GyUnU)3-`P}#SCX<mokeBW!gO_=@vFZ3T5z}r^g{5SL*_k)e&hSJ
z6aMx@+GjF?u5M5r1r+oui~(LdI}u$kW4aMv>ww&VFXLU=cH2gGr2jm+>_Aoa)sJ3V
zMEuJb*f|P4sh0F!5YyiJnG0n|IXxRie?rtimg|8f<&|EVrR9}KS+|wrSk!%<r(w=Q
zPAVF_J2ISaZEM%Ng_t*MQ!XiV8z?zKv)!8!N*e7ujtb6=G&$`{i|TxR-L+PpZn<v|
z@1_r*t9H`PjiIFu?>g85{^JH^A0LWIR=%Kjh3OCeqaFSiD_fwW2fSHu;f5%$)9jRJ
z{nhb8@8Bmi_M6?u?&@dj_U54Ay)Mdy6qI>A6s}+tZ-(RUZ>H|QEJKwWvivteF2I)$
z^(L?G(#BF8AWUS(OA_x(HN1AO^fKUWlVQ*Ze%17&&K#(eDgw{R9|m|UARkNFB&q7S
zhXB=;AFg|?66tndEXV`zDmkcsZJ*7j?CKyfcP|<i)G}BhvJw!`lH6Foi*<8m8}|Mq
zTmF*Rq2>52`-=p;BMH7BfI>2^kG5}oUG|S(56|Z~b%XJjyRPDM^7@e<J%6tbJ$iDv
zj@<*9E(xZ$MTG@Ld-eER4B!fhH&9q)H!~R@ch-x3El|Yt?b#`NyTO{o;1l)OYT1O6
zxQy3jJg=Ee1ev=pmg70u{dBIXpce~{sO8yk+W<F0YeAyN&J2$X;M<cjFPuzIyB`%j
z`g0U5ri@-ls}NA=i$4IYXjUz`ru(6c+-Vpegmvcsx)EEFu$s3jT$68))bo2*3$Omm
zT(l9h*%WJ4IauQ#=zf%6^`D^d-{K2eRV12h`LOIJ1rMI{nSj8Jd@q_DNII(QZa61~
zcjCKn>h~_smy>0mBW!J-SAb}33v(Qpf|7|Y;yMT^f`FGONe;1hLJCt-pS!RFIf{H^
zfII&wqm0qjy2EPG6o-XA0Z%;}F@yZOVO2=wi#&@pF@9YP0cBpTX6$~59(ljm52wIr
zh<Gla7#k%Ied(!TyOt_6*_tmWzWTnrTwb{GSrR+)vDtk*a@zaW-h%|y7@v>z@A?<9
z7KMC421Zb|a2>yh5(E3tVKK3X=rF0Q?P)NHM6e=6hmcrZQ>=uXTi`m@wD%jmMPoJ0
zXKE<u*y!PE4O!1DFPMl>5=C$9k+r#EasB{`WC24@rr(g>iaWnKWOPOg_aoo6j~2Jn
zj552^Eql^pW{DkEy*#LNC_V&nGCnKpD4e^wZ*!YGi?h9x@^pk~;{(>73f4>n>6wso
z^Dl=@`%$b1MSkfcT>jJkt>o`xn}tiFq5@rOo`Xj~_`$thCMSG)sMJ}K=(AdZ^YO)1
zT5d*-G@S{4oO%7Cb!fw&V9cCQ_^?_yjj~xQ6ldTO{Md{N;jE9@p1@Y}m*=g7nxFKW
zWqd1N{4w7=b4`y?v<x;M{ds+?yqHzK=8KAQJZB`Z<{q$KJ@4#n-7WRxyC7dDXo-+a
zaKCrTM4SC|ygiT`t5@b?(+$^kt%s||RquT*vZL-nSQ_J5@v?SZ8-g`&w=k>|*4Izt
zBq>jy6!UoKSuuOKU&EgbUlQB&_j{r-r!f&rcfnx3d{$TFMJ%7%mCulW*@MdcfNa{M
zm9x5T%|r)=l5dn*w~T8oGD^n$E_MUQa?16TaLQKXCCn*fS<~ML7Y!Q`Fe|v9CL`Ni
zQR3}8IM$FPc2<a~>>q3)Gd+eMZ;(ke0fC!NU>~yEaxgbpCnPiAUhl8#PGI|K0<p-3
zxJ%}9;Br{6U#nJdKS`uvnBLAlPQl*6J7I`wXycIW4K>WuM+}oWunPC3Y9`d;<RD}}
zY-!=>AKNV`Y8I~l>>0CDj)cc9dT~<;sG~uwI-Tk+%TC|dA<#4Ct7GxR86(Jg50B#q
zJ>)b-XsgBbNW#iO;Vg2roeX0`kZSj?`Px{x1y-*lPgOMlG?8inn%>7{Heq$y-o0mx
zZ<jX-)$7SqODgtIzo>Zs25No<HSixbGAAIpf&!rcI5ff=P^oBk5p~U&tLN0^0d=Mk
z^f0E&3aqO#;!T96!-`M-WS%Idyh=~CWN)aZbV^U*WICaBa!EF7COP@mh+|E3bvD%J
z;dOcu)-Yq*xz^QW>(O;*)V#SPT@tI8+i4dt;!g}?^7$7y;!osbT_S0JpEdP<5mSY%
zx^=$6458oiB0yb|=H0+jU(`~2(P57H^&v-!WGiyDuPLrrE3GhMc0mWnGQej9_0cN2
zZRg+QDY~Iy{-K8-59)(eOtn*T`$_Et5xj~WY@LS+4?oWU4}gWTQ%p5fN~OS*uMAl1
z5GPflzW5dljvd^~S(}iE^lBF<j}kdGUpHkkV_{bZT|ZiWM{IFN+bWsfVS6B*xctIr
zamN!+^;2K)NIFqNKby_nW-^hon%#Zwppi`>y#xEdriu;>8NB10Xj~IPMT5TQAzQ=*
zypVM}Cx(6NzNuGPUp;~H5U$8Y_GJJ1ByUiaT`sL`%kJl0X}68ynFLA#86C`KqcAPZ
zrWj0xkK-dWa))M{KO{hZy$5YT>wP&@u-3mnT!q7)>$U`m@D!~ZoQ{4MF3m4`4X?G7
zo&F_)sw?4)PW0iGfQyadH>3z7$J8EfjJkL}_U)7h8?=|Rw|$AzdGT_+cK08MVKl?+
zMpu4_nto9<sZJ<oKp0QItXZQm^6Bdcj;}+fR*AI4WlAJRj`)kbL+@lA8-Afx@PpoR
zw@^8;<s?pB@D&Js^QMpI^FpCIu+0+_r-J32a{s~m{Kg-76g4<LW4U&l)}o~JF>WGJ
zsKbeb1P_q4CekY#E46zr9Z~e;vux^Y-OgZy(S#lbhs4ac<Z_vzg03F`3DBxaD|K78
zfzwmI9o$G(thu*!lN=y4D{jZMsCwjZ1&wpfCZJ!>H3fBzmpUob|Li`tG;8bRT1S7q
zDhZNUWQoRqWx#KwD$Bc@=^No#8Lu^E&uHt6A1|?;7C`c?=EaEc?lGr#buV^#^8*x%
zwCq_c;u>Tn3tgmm0ifp4VH>ZSgpCS|=Fop1TIzo3j}uA6Q@vVl+fy9&bMUhh()pT}
zO>8^FaNOtphu+-tZogbzM-ie?dJNUSV|^Ep845K7-?L@WUqgYDPU)C=mf|)`+00jH
zG3n@nM*wzAJg!&RF@0WdKqEgd%^`y9VR7sXv-G)B&Qyey6OdQrojF}*Okg4VUWjlF
zUC+9&YXT*MR{F^CzYgNsU`e+6U`esH9`bi{=8DUxO{R(xzrC;zM8%CuYA?$>^+>DL
ziv|+#!QEoIHJiqkpALsmwN6%02)g0yf)!X79j5Ja_FGLhU4A3G9HH&4oBp*^M!+8U
z?fxr&EU1^S0p@NKl5Xi32SIbzj|pMRqr7lPRdEu+5*EECOh}R1N(mMfULyq;9yv0g
z+E1JiBABjO56gDr2tFr3<V!MBy-xU1i;5|q%F9$Izjc66nz;NSa(1BB701)Mjnk31
z{qi1EH{5@_coO1V70&w6T<$)q`tP&wmh*lYK2XY&$O0zei6xJy5TIKLrv34dR?cnW
zd}o>6hToj-Dc`T*I9#%A8MAWI$}{5JE&+U0nG{U9DbFar{lKrk&2fL8E`OdTOJ5g#
zKq$Aj&Eb#USJ_+=R8v0B!7qJOkoKzk_u{pr<MqsT9{r2qQR4WwK<vSz#IDErAJDQ)
z9<`{;(@%Z(1^0s+F|*iA3%p^g+?~lSt&?B?l1s3z{u6kL$SmRKL`Hs`xkdH|q0i`g
zMWD=6b7`P<>ofSW@T}+i9@1wGpJ}V447=jB<jS+@4{X65eCoSV%WhKQ&BJg;0j<0g
ztq-T$xM&5A&qo;553$p!m&n@JQO3=*vB<0yL$I8vX6C;Fsb@vO1~iL5Z<rpdy9#?4
z5F`C{D8hWx7|;hmQ)X~`z83Z0ZUsBjMBjZk-$5Fj?iIGLJF-Vn)*!SjwEDJFYQB+B
zmps<HD>NPRgC=xaOyNZuPMfTFt0!@V)29r{?N(EQw4cHxhtYwX8|s|=p)BiXMZMJZ
zm9}R=|4l;`&2%<ZkxiQxf2MSuA2qd|nkTKQbJ~cf**MRy|JRr9|6kuOHJy+1{LAu{
z^5(;&m20W(>rG?3Dre`znqFCkM3+m-8RhYRu;ufAfK101P$Y=GRoG?$?E9~;{f2Sz
zCxE`8)V8cq3I7#>Lq;?QC}DBZUMGzI3eRzqcioIcX#23JY~?)vT4-CAfemmjwe@f)
zm35vUDCE0JXh~}K6ivQERsZs5r4?vR(%|H;O=^#bWjGXWx+zRPqilY2*Vy|05?W1l
zzp_Gsc76A(VH84b@oEj%7Nrnr^+1>KT>Clv(cCuOJ^j(#mqA_9wyf`tTGBS`LQ~R)
zKBFday<5_jbsiC&V$-mVr2iC6gtoTSv=zkmu<dBzwtD@91q0wU>7wemz_{1Dtt%Ed
z%JQ{CHmI?l7S`0up@6e$PRC!T(z>a`;B4DDFKgR7Kk_-kGth86{MhSfjk0h*hxpkW
z>ie+Bzu#|A`6uUjZmsHLQ&TJp<0Ff31so9htT!))1G7|=66!sl;K99qd%oX_lAmI*
zQu^?x$@HRPvm=E>OXos=%d|Q}UjSTR94ZFh_qS`UN2|SYNea#djXWUdsjgUG;Kp=W
z-^U8+`mlIwr;`tabTK1s{7=6t68|k4T&$FU?=;`p(w9VOR2kHC$oOb?&4=sdCT@JP
z#-mdp*>yU;x7!bTUoq{ji>P`c*}Pc&95{5X-M;iOjpfmOqANdC1k$}pdhs>bBafn!
zOovTAA(*!_jHg@5SPYg-z}%t{J<Gg=`K8Onu8j)ji<4l!k>9<JO-eQlKg%_DjTcAE
zw_-)qo2F@U&m^1Dx!@d=M~vJ(ps7v&`3U2vJ|dZ2k9?MVI3s)4Cno;kEjC|Tdq&+#
ztep;6YFp@sZn@G}0?nTh1L=614|=@>C8NK>2{AxElvmVSz{F;WM&J1E!#B_Y<2Fd|
z0-)|aNXq0BAn}M*c^_4P@?7cF^09SB=L5KQ_@qnbzYgTbYUTIt%}(FQ&h>0CFERIo
zhj-lAztnj7zV)f-bfmVQSOph9LGDjzXMmaL{^MSw(+ctR7H%ldXU8VH<lpz{^wld@
zz4o)vT{*#?1}b|w&yKD`_vjS_RygJ&vg;36)U2?Q6WvKUXr9P;MEYLlEAaYj@O^<5
z6i1B<+Mroe1T<`!Ih-!60oGDW_!+Gz%v=CWoI;MX2H4ABg4sKVmG<wS-Uf~XaRADG
z?2M2>A(NQikx)R&gpL^{7}^{4kI#!lub`!O2FOXsh9g5ED*=9|nirnoI8(3s#+K9x
zUgorv$1_Ljp7TODOsbH)?;_(ZJd^*3>+EGl`LbIe1Lr#2TK-x>WKXn&PVUI32=N}p
zdDoh3FT-IT{CGS1&G&DpjE@EFHfNaA8&bDEsDHYkbFoK2Z$Jmm6*McyyssZyKe!qD
zy<l#2z*7z6MIY=mio2A}PtQg;3p7Z=IC(>j`q$3~ZpRZo15`<YR+3`Ipo6%3F0vb1
zg!sYclf9zOK*c7nSeKCVagES-)6}l_e&H>KkZC3dpVgTU^kTOg(9wRYpfa-%_cYh1
zI|c0tQNxTf0te+y?XR)$`(T2XqswtRB(J1luk~1?)K9d+`=hfT2U-?L-*H&G0`qE8
z@;4%rNNmigfic8%EC+bket$&8TS;k}t*dB@<(fn=5kl#TvNO<3*p`C~n5R4&ZkWYi
z8DugF8cdCTink#b(u6cP?zQypfj@z_bnmj)QgfrN74?D=a8Zf3m3Vy3mH8pwEMIun
zWv}V|woTvgvMmvbDOI2K%b1yJUn-Y=6%Gg|{|!s3U4W_W%e6zL+*a7hOH{t+(RPW~
zkhzII{wMNnWbhgxj_K-yRf|y|)A)frO{@5spD*PK4n-jAW+$FSDyNmZ)ar&f9~VC7
zry7_|=w{}(4kFX8LMscI4`C#}C{aTnKA4Mp@1w7qwWO_oesL{WLN^iDm0~)kczDrp
zk>{5<a2K07z~4gb`raWltL(I7MmTy#y`^Ag&>ns`ff;lQ<RBaB&as~O9okSa{Jm=`
zNS1M52bV4Eu(_DSczOdkyM}JZ{P^vdFt-+}{pG*?Ixjw_2Vfb&mgUb}U}z`%vC>yM
zoX`eUDX>MP%|A%=<du-3N4w7rxH1{3WG!VEwwM&N=4=s_p@r;nHo=>76~y_6x7pa=
z;_ypk0#@}7&U(GKBwgFTUtrRHl^9H5nE2HDql}@;V~t&>rKOs`{dVHK$vw{Stunl6
zU9?S-{GaET8TMIDb<k@)GZK@1y=RMS=;YPz77|B$sAtO71@V=)QKDxH5G7-yzmwDE
z4+_x7@xS`v=U0;`M{B63>(&AB)kn^M^&w}gzvsGBxkhz+5m<*<^6rbp5Z`+<6p`0H
zr3Nl6d@y!!caR8yBA1a87XzkcK;JZWaDm9~k*esfpZKn4-VGhKmxa=^HnlZWu#GMF
zKI!XTDe-@&f2B=+x3NJYB#N4rN^T0&4Pe2`4Dfbv!DG2h%lS+S)bC&EmzfOk^{}Or
z&=1!|sAe0fVGlO+k!7IO)ET6kp=M_2S3wP8cDAyGOL+oW>uTsqgR80%=Gf>~%PD?d
z$6_y&C}#m)X1D$n7I2U90x0p+UvOLc@d*rS0|us1-PFbdl=Xdsb0#icwQOnL-J0nW
zE`Vgp`pL+`(Tl(@{OReJ1xrTr7jDLwjJD%@Dr!z@?*>}LptOG;)q?-tzDci<e=Om&
zWOb+Y^+yx!B{SKVDwm+2)a$zT!YR6@D>=QhTC$Hf_sP9&eiO8ijc5VNw85LJ;<jR?
zP<^gL%&yc<>OCzyHv3*gaJ4F@vN-a!RXw(J9sqiAhMUgH1y1$Q&%bo>jX!9{!)0H6
zXHm_v{`^Dh3y0gN0S(E}j57y&yKF2DA>r*rIS-Ff7aI8udre_m0OOiY7-T|;k2|k%
zL7JEgC>(+{dK{+|dV}h?vo0_Vf)QYiX$~0FWTSThg;0wl2oC7r;RMu(1u}Y_D)^ZF
z4G*xxU#e-z#qv4w0wBsUMXBYo-gD7o<fK>7G?>EAMHm-`mNuC7>;4}9RT4|{6=GaE
z*o&w}>4q#+M5UVG%1ip@lj?UvXhKgw`F+0s0(V^9&5)kFp0U_Z%fdBpPiq8KW*%32
z?fSx4IX88}BQx!hJ3bi+<M*kN%Rf^(Yw7V!EtTFz+gj;edPuht{VUP%dU_wy#RR{D
z)8I^cT8})U@5gmTt3CQvO6Bk)t)i8*7lXstaVl%r9vFUxxHwnL#<<n@Gz3G-)uK#t
z|G@e?AUKsA@dAvnZQ^^G`W_?NZ4m5UR=Zj`LmIjb&WWwwPPKuW>zqq%!)pS~OZ-bN
zH~-c0R*}Jtmp{11kmZ=ndgQVHSvUC2Re=W&)5F^Yi(pf;)l&1()-)9ekuKz;Qex%{
z=e3FFEfFDuU?GF=T&Z^yvK*JaN*!&}r+JUlU-+<U40(hpqw2X5S07Hnf(((Eok-;n
z5jmm4{+twYd^;m5cFYwkKOHeqCrO)-pmtk1N%K4c|HHaaQ{Y)%KIHYwsTt@QK`0jH
zv(G&tOn(CBWp?&Vw^(g`A3waU(3y1WszfDP5|e7gbb~T+JC|AiN2RUK9Yd(V%4Zo?
zcq~jUn*hy3i?GOv)k8iFMQhqZNBN377Ef|wkhy~ZR>rh3JJ0vXp2@apg1^n>AGkg*
zG|Ps;8O(eDTZKfi-_KbtVDDLiz+5IOGAH|I85`+9xK_`=`p|tQPAt!#cN=2pO7Yv|
zy5i>~2Q%0Kd=u|1k?)@DF^H3Vfqpp=J544pL2b%2Ok^mN18aZa({X7V`n`KCX1e*C
zxZa5Q2Ey+O>M8MEeI>S?0?L>OA@I*I@DuUy&&GryhgKYB1{C4G+n)a%qKIag8fcl7
zRqcEJY_32oD#ZJ3MfNia8IIdBz`|4npM#l4&c0GwYM!ovjr05_bx$rT)?;@7cHQ^G
z`HcD8OOG?2QUanuqU^p=PNbhw0#2V!>bL!`jb~>0C<o062!IagST7y7ckn8K;mh?a
z`D@@9OOBuyt#hD{m@hZmPb!rUOtf~$o?ev?WGz)2Y&WY@FNmdee*IV0r-#FRkuSyF
z1h(L6eY~ND+>ZB2o*vG?&Qe`%%IeU+$b~T+p7!kR#({vnFQ@C`E#9v7MDw;XqS9<_
zzNh<kl>Bu6L^+V7?i(BJR`^%k7Y-42Lx0rdGok|VYq_YRjtoI)RfD>`YNRaJntkm5
ztqI2^wD`rbqv~#{t#U`s@+&yUh?Pwqm6qU5W2wKa$reSlFvOo~pd@+1#`NAF{}x2k
za4jjL%*$d<nD~iMMT#^i;=;qnYGJNLM5H6<&J5(w$WbqV2YX-#hcr8Yr~#<UHDOkX
z&p@S+mH=_x;DL7G3v;xTAGb27I9f9~TPC`h+2HUXP0T5S{`=6t=O72gnWRE2*YMhd
zBSH)MRwhY&S^25>p@f{Hn_3f+53Jm3S?5Q4vd2u-#eP!7-?;*;Y7W2iA52PnQ~!h%
z-36SOE5H2dkfeq2c9A*Un%=i|Hr@CGRCoQ&&cCYpv-lOJnC^3$@Xi<htu}|+3kT#r
z{S0#e`d2gQVKBVJ8SLuB7Hq8GD<v#wk)*<<VDyT!u%ctDD;}*Ru@4$aS^HRh8}xlG
zd!F7!fml$vhJ^b1cAlEGLwG;F*xMIOX$OCdV)HRNm-YvFy?x%~j7J26yq3s6@3jy<
z9g}-}DG}byS#||^$Db7}t+!VLK<|dZ2nL{+s;cMd7uQ~2`A!2qEm;jdt*|I6R-SFO
z<tbNtO@|SW%kQScU(t*Zooh2Nvv27YN*>$LEq5=R?$_t3N*7zeTXfD&z~*ysrLUvz
z(K}}(6b(ja>~~ZC6wG2^7V%Lj@DR!I(!1a6Zflu69N1Mtaq;_wsBjC&#C~-Ko6*v`
zQ%meQ3>E9#RF05caY2`TYr<{ex(m!qKO(mK_eT4k?O&5X_z{~jcKu={nn{+ah{a*Z
z@-!Oa1-I-G_V#1rzR&><2ic9BYM4O$bjoL=l<nQNX{c!xlLtPWTu($@o|Eq_ia243
z6^U!>_v(&k4*?cx@eyIbV~tcKEJ+dWy?&Oouo*TdhLLzaSA4{mq%>3mhQ&pyu3SKJ
z_8F-Q2J<HbT6|IMONI=jxof^NB`fv}qGkeoRB~DvHM(=Ss_@9IK!;ddyb!t%WzxR+
z&=3Od*b;Wrb6Vs;aoV@Uhx^Un!KcAy6yOwKWT&v%(t<izy{vec6ndnJx`-ke5~%4T
z7U)5gqq4LH-`xHNL5*SX5+4U0C0;&0pR^dE`j$zL?$1delW>GdNJ_ArkHMr1`NKVN
zO(W(NQg2E^%vw+?A6BGj&5ytmcm7OL$X@B-qFRuKjc@CKghtsTve&&!6$WGOM@~)P
zbGrya+fVq5+>%kku5nAS%w;$LK<LGeDpH1u+PQzolJbk!<)fDl^<+m2G{cSbYHJ{j
z<WT=*r~BLb7d^2L$4Ha{>j+64iNA?Gpb^CT!z7ZGVD{%{#!+2P1}l!1AoJp(j;F4M
z*X0lapsWL@DnUU*`kuq)ZaYX~QkV<bOZUclUQp6e`SlgXgsCOZ7wP~h7(uT90o<U(
zcUu?r)S6NV?H#6Am>$|>`~=7r`V0<3$551_A$hZn+ye8tzV@S}iW`A4)L@KE%pSo%
zdQU6`c>La+Sjd<Y3G@g60^pAO1&m`h;mCa^QG0#YK~*<{gb=ZVEd67NMi(-fDq76e
zKhsS#xqdnP@*ZJ=tMBhpvR(PbGLbX9fd2se77b5%H9h$4h1r7AYPvVOYhqZ0tQ~Pz
zv>8^Q0U2f5F$SxFKBXZ1X|53X>rGe$!&{g7@!_dI&Nw*H^c79ZjHwtDb$u)X;!Zdb
zl#G#PF>n0_;qii2e@N)SSqs?P{PwJUMG2<GlCmInFM4x>)z->HF^qV;kQ488DrFr@
zHaC%IPLQ#XgAqb@3g4Z<)|RpMo<;v$O;xh29^qItt56u(?q<QE>|0cizyj!1AP$%d
z2PN8?65smH?fznO$2$h;iZ2@kU!HS;irwkVAJjxwDl=~u#gJYk3($_Bw)!~S_;pAi
z){Cb5OLXw}L78$|wnHFkm`FSj6;TlLrvlGP-?QLp&*;|xRs`-%N%Xa`tMJ9twR?<r
z0?Q8A%0bqg${RNM=2uvsQAc{y;8)A#Ukv5)*9_q--8OP_tOiQA^T3pc>9yG6cN)~-
z-z!s`h722o@pP+5bseEf%cMWG3?Vjfn^!CvtjURO_+4Jxvi0EtRfX#8KCNiX#yfLs
zcm5GGyCuFh4hHG`x5rU*O;T0o8rGtrv?L`hF5aF=E1&00iuG4d_BGy5139c0<axVc
z=;!P?P<I^E{vEMQBRJu8lM&YBW0v_Bj^a&Frubtnv~>VQ7Z2jZLz+5(QWK8p8`dgu
zQl;>!u=o?w*iqhvx%d<Rn6jdaTs)D47U9^Zq6wAK629p%mKOM!h~iT<S$hx*Nz$ge
z$+A*Wcb`d@e%-|GpviV_MJ5?taGf)CdHzT)zLH+Fk56K#4EY;w`D`Qh$sCnP9zJzN
z19b%&yoQIUc&E5gtKu^rCblLfHe9fR(5`r-NV1|E7G_Z^lp)l~Xy@0O{z}cGi5<$n
ztbg|;GkCVMcr@o<agSZtSw3}BH2s|nVNEAaDb7uSQ~TIi$aPa0xfr&y7L4a|-?G}U
zv!LsyRB}~T^D(4&totkwd49;zDsiCrWYJFs=1|Gr?+lO5@jc7ev7vM&e?g83h3@v2
zUscS{<fGo+uWKuGTIn$D6y+CrNHC;mi*(zv)HM--T=0lRvYVc9be<=L{$WI(5(4KZ
zLO$62enhw@5nOLkQ)N^+k6S{)r4Nt(d;wYfamFKN$Ok($qmVzeXD#+mUwV6U{rR3Z
zJio(eI}?n|T3y2Y*$WKwCmdc1tAfJFCT59Cj8P{Vfjl;aA^Swk&Y*f<6_iH*oG1nH
zfyL_@r!UQa3!rxe6SZH&TB#AjGk8Ll8Am9My~ClnFu3KNau-p7-ZAETCGw4W4}Zt0
zc9e*7$yWQ^!{yRz@OVbJpp9PUr7#Ko=`wBqq3fIN!nH_Z=PuJC)WH1+xxmGz8|Q0#
zK3$b!s5>aQ!tY~KpV9|%pOf7MA?_mJPk~koxZZQ_xnhu>1*ZjR3x~Kt=B}6iwu4&P
z>%h~*K{%w82bNL};B|uIfys6jE@IG)9#{XBInESe-=q|7WSN48wr9slPb18i7LiaO
z3>9WhRrvvcSbgb92eyp0dqL$@f66o$g;r+@eHT?)E20S^N=(MPeESyuOv=DYtdlRa
zB_ZNl9ZxE}H53)ED1K|qRaP>M+y3sIZFa2VD_&{&>C;@a`ftI=lTinEUB#~c;AK@#
z19zRCsRC#sm+i~BojiYv_tpU{U2n=hKt(J_@j>f5(VJxQXqbJzw*LK}Z4n2)Ld_7V
z*}h@HS1==?6-SIxabphbq?$a)&ed4{Z43hVs=d>z?f*ajB2-v-5*<tq_@0$TTv4Oo
zQT7S_%YfOr@+|iB?zPeaHTWSP2d<RMwa^R`m&pBp5xXAkT)~o5LUt7#L8py-x~VQ>
zL$?E^8iajAmXN0M|4c#SN_U^zD3PR0V%y6p&#@#;JA>~O9k>Ilavdub1^O)d)?zgh
zrIhgJDA%+%ZKyP%Ctc6FZ|?il!<M9?I}Zk3$3#RH(P}$sa*yV7_$c*r_>P240ZaVo
zdW1m>4#+aUU}>IAaJ(ckebN~aX*BTLHNi{FDu2b0nsfxrU*hW#CM_@lgj>(o-zN&x
zx#r6C!ZxRk5G0kgqBUA*ERs`EIe8)j6L>C#k}z}AyFdG&1-!~x^Z#M<QmEF8y-^)<
z;a=wS7bW2-DLdHNj~T#r*+4O}eypF0y}`gZqyJkA9D`H76dwI1@8|KR#Y^viprbms
zzfgwUcS+>38_tN_F5J@I&j^3p&~N+OXUK@N1?5i-`1*8!i}oiEL5+@S3kw8fmxci|
zILyVGqs^>5V0}MjY$bNT{vyNMf$*9M(khLuFgZM$%?3aBe;czh1s5e`<C3evPL#Z*
zBQbdwFi9V!Bl3CH7-R5Qt9VJB;dPM_7ldO)1s4Y5(76cCJ%U~t$9A$#%+T-N*bh_9
z&D=6Cu~Rj&A>u|UiYrL)IhvSFu<vv2xixF~HR{wIVDPf^@Yi36p`zOtoxe>n3?i5t
zJGiyk{ig~OHJ_^vSl+66lTGSFS|t&sx7m2e?X>kQQ}$%`(mWO`W);<gDwF6)KG?iY
zY&N_ZwX)s%JQUVu36;U!!ucpw+Zq20?N~R}ui#8db?O1lmxYF2SrDsgpR5ABDVz%y
zdr-<dANKrZrwHjL@!?qUT=IRXm^uGxO7@Z3SQ<OGpM#&O0cM^}aBGf(pI4pK5m+h5
zV7C5XA4(#yZv3<HP4AYXa@c(+(F?<s#4TZOKc$X$gUW~IbfADG;NZ9f#{WCsNBZB@
z^M1CN?+%DG904X1Y@DzOkwXCM$|*Do{<$lJ?gPO}F4zQD9ygIV6DND|xCNq#ZtiX>
z?tlY%*Ne``Gbz{v2+K^R;Q#}CW{pcbcTc^yb<XhYHyw}wNaIbXvgB>U;5}XeYhdoC
z2_?UKQ~6ED7#EEsXXI`DU3l=yu9>R+)Xt#4MJZ(e&_}kj`m@RDkHf1@J+;C|<)1GS
z)H+ifuz7IP&DXP)z@-wpSJ^j1E*dL<;iGaumhs)ez3QV9L_Pg+xiOCt0y?`Ba`(Lr
zry1PuK1)39BLV&`|KKLS?(=oVd5aw6e5~C?6#4sYiv18r(y#>lrJ8bsU^}VV0U`Uj
zs7Ro2r+ddUq&n>fAu9;_N}Ah2u&7ZJ_ydK64}6b(e<<QQsa9=jqF;f*W13j^=n^gn
z3#$A#a?s+=W47>t4#Boj>Maq^Y62v-kHd}l)a-<KU&HckBw{b14y_|#aTIGrh58J}
z;9vpld+ldy@Q~AkO(dOPB!8^8%vmVKFKqA07?OOu%VF?Y*{qd%a!Z*<bpZFva-95L
zPx=n;%qwqsBnvT@3m(Zymg<+`b}Gqli$h3${K)McKDX2%ge3j#j^ZrVX}mynl>Pim
zXOEgv(}x`6@<2-=!IpRBHm_-`)lu=Z{pfMKf^lF6$9d?nuVI{Lfur!qQ~c8Jdl3il
z`{7&=U8sbwJ-_;X0lkF%;t6J2r{CORnZOP~7{;?XpQ;F}u%81zJJvVc+f+|f!%1{L
z?c4w`UIE%c#5rA5KO<TQCL)cL@f8Hp0W=i+RIVbzfsYZ`o*$K0;NYp!HJC0~L&!lp
zxILeX*QE7)7RoIcn%RVABRz;5M>Xuc5Fps<eZYi~TUOGjw4so`YFM}e!rkC7)@aL+
z{?aw3c>hT74}0b`&dfC4#~K$eX#_r=Z{SfBVy0w$wEINpT<D54$gH;CTSojA!>kbx
zIbvcu=!#BENibAYRkmG@<k3)|R*WO|Jfu;sb45iYA>8BpqX=Q;S-#WW?UB0Sr~8E2
zhm%qvX0wQ|sQN2%#S`|0_P_Y&4X7NL`tOL<lH4$;Ad!#Mx}~bXp%iXn#$|^+_oCNi
zQO{{3ZjggVFg78uSd4#{0ep}6arz;7Gt2(lo~1oBFTDR}c9~I7ua-CvH5PS8*$L%*
z<&bMRq3tizm=^(tA2kk2iu$0ag(LI;_}t`yG4E|@V`>i7rW}7q8W^%IBIb_7ntz$7
zEV!+l4Bh~kegov9eSIB?ohf5Bk`$L014HNzL$D@IjY!;m8TY0%7qO2xre^%sS4ec6
z5@F!UfD4(XRqZhy9Nwec`gh?QafeSE1cx>0b!a;?E0vm3EwaHEQYfBsPN+cA^E3&V
zndXOCC$LRD5~(jK+Zq2U*bvG`_!igczth-9iDu=&iw?<Ma;*CL5N)-MNoY&8S|J_l
zK*M#Le!ccmHSw#9dL&n(1|(~uFB*`OBWAyzBfY2mhIUV%-lTrC;cit!<zIG0SE%0p
z7dGO4y`PlpA??Vz&Em5I+cm-CURK*1)5JK5)odvylfBx#^ly3%YsNH&FSS>);DA^M
z19-RJQE$pUHpUw%5R7>HU6?n)%wLxzbLr*cgYzrs#_(zCzSIr4rjwXj#z|^oT0vxx
zj3&;9XpDQhb^?|ad}o^Zs*nHqW|UYem5^fY3FSqJ_Zm=(`30CM-Jrp%3GW)nHf}oC
z9uIU+A_muE2P25=QYk)9=HIj{uB=S#PvL>T2AC1MPD#xVa~5Q=x?#gZXV>u;`WI8H
z<GV2q%Ro+()Xw!JlF%XXy&1ps)U&Ef7-61{uN%sAFYv(OF*hSA7!01C+UWLT8lNVK
zlE@bGk;{iKx9iBeXUe;42o(Br{SdC64G9E5tl49Vg>w+{IFz%8s_5EIiiUbv5i{{^
z;kzbDvF4%oez9tVmp&+5fQmQhbUMZf6+iugQoukRr!N5x5HQReM}UL?AHFjbRF+o+
zoAa4;axAjbVdPg?sbG(V=QP3NEgIv@pD#Q|-u3?e5H#lC$PhC@89TwCgh>6CKtlNV
zr|qrO>E0d0*1#V%9|5q*H*dR?==A;x0zU|D5kq$)L)+;uxaf`W8BfSoS&)(Uqr1@!
z&GahbxAkI-j|te0<SAALqKsDD?OhRvB`fXmj+vC;iZdGWRnw|1^!vzDt+k8LfJlX3
zzWtKY<>1sVhNX05#v{dx{yF`+wy);<9VAnkft55jy?h)M0dTXUS1|?(EdurJdNLr5
zN!ves6|1I+ckJyQXcQVzG^{<OWWv^c8##lN6K4fXf|!hVqSFCdc+)#U?&f?m0gak>
zzAc^@H`EbD4qhCqL5G=#QkrCvu)^qvQhq`Za1?Pph!-LUan#?zN&U#gR{n|x1^rBN
z))O~CQB{3-#KwALhoGe(gcFwkE1IMd12>K)^c`*Fv#ib2%-n^O)CY9^mVN#5Hey!P
zUKD$Fc2#zEMhpL5UJrmwc3sAU<%<Eo_T<|+1^rzIk5<A_+Egh%1&?{j_=#daVUUHf
zlL}Im-yD7)WWS5Pb>B36d>gxt`_wta^u>hmI)S+<g+Pr3vwH>aC?LEiKr;+p1|Z_?
zPKS(>zhBvF0dC~-yXjKh!v!SqRL~D0qbkHal()l@?|bYm;q3EkWy)uG<Hrtp35>Zy
zwBIde?_Z$H?%myoaz6d1o^b+9gK04uUAI);dfyRzVD2Hi)Ztb^lQ8#zSEbXvUXg~~
zfiGvAAamrS?ufqx2YQGf&XaU%F!wM%m%F}9AlDR7QJ{Mhw#2{~%>AP#LI#Zc^fAh2
z;(+Q-S);v33aIM-1!|oA_#QMgI_sTq<|SaDNJOX&wb;AsBrL#{N&Sr{CkI`TEe-9)
z%g05?e-QuctR&?B1F-Y*J`X;adThy?L-NU{rEHLM<|!aZ!dpQinzHbte&lsM8zR=d
z?dt_EZ$rU)*|R})*{KVi9`*KwzQ90IZR5B#3Wz~rtRJkQ+>@m0z8U$9{Ws;6ulisT
zH2HHG`hvCENOE*N_Em$*FFc5js+ExM6Welc+em<*sz2&>B7Q0FVESrcwj0qy=RRQa
z;yzq{V38kScOAFBXgdyqU>TgB0EmNUaK3!7i7)RKAF#xv{&yu;))d;a{&$4aGH!Q1
zJ$5Qz>6Bv=_cpJYd(#e((PzeOBjFJs639K_%eQ3?GZB-*efPG1*f~Q8xIYTq`#`?u
z1-IME!v>k3T7t|yUif?)ftoqV9s)5}1yCLy+0}a~4h6ZA;`PyP+R9-Uwb$V$tWC0P
zajtOYRQOPhS9$@u{0<dlM|)eMqbROGMG~2-%P=7f!(Am3nYwY^bVq3qc(UudEfrK3
z%jbMONBBEB?9XeM1C_WlVgDt~d?1p&W7JSZeK8+byj(dceycZXzl7CGA5cXJlc0my
z<SkmjpV13r3!BFRJxdlbp`7Nt4h3K&f<=0#aq@Cm^6-#uFCWJL?>prF$e*Mc#F9R1
zFrgAWVx}EN?z=Ex$!|+Tib9L{AjW@%KeSj9e17s?ky80xY|#7CC4}}F!DwpD`WpIW
z=t-bxX<er)9^+k%JCVLX%pB`iW%bTueL6xNsGBU7#N@XX&z4#wXge1>bxIWf!hd0N
zKhi%h`U+lkE~s(W*Gzmsko8iPH|g1~f0(7{l*6C;L{`^$uxxH$$pbnf@@XG8rrc(y
zAZu3e13Euzuia1S9XF2)o6)cA_3`ZmGDf_RQSNTz0xlxgL}gl7TJfqM#bMn4EC(*H
z6{hV+R40uREn24>*aElNM%x+YX8;bxZ4MQ3-IdUv8kDV<{;zU(e=q+^e;zOL%Ks^N
zaOn5=dFLuvwN2rhYw$t!!ux_xktd+*;T;wAPnO0cA>)c`6icAgCM&T+LEW3u-TkeN
z^2Pkpo2oUHOyQ0gI5Vo|!aK$bypoQmYP}_1q(CvNvGXwcIX9@8{@jo`;)hc6u=@3w
zV@AFt${Im;s0>Hs&;qD+-tY02$8Vwt4fp)-kOsbNk-=>rvuvj?u@}6rV^2f@tn9O0
zj40oo@OfiDg;393|4eZ0y(sx#@L66@uirO*w1T|1AFU>5+Lo&io_W_LM<a2NHpD5O
z1LwLW9Wp!1&_Hqoh-Yeu(P^30mWWQwD)#ude1vI5a;ivG#CXW8kSns9mUZMfafRQG
zbo)$MXeMSQ_Uu?}i1>N<DaEI(4}BR`du%5KxRU9SV$T<4`;Bj0enfL3k523wr(+*K
z9{zb|UUz)H`uRxi+1JdvlI1`MbGk_<Vb_CJ{CyYS{GSc2Y)b5!NLQdpn5cRm?tWXM
z^aVh+pZkvy7ZR@wedAaJu<6l-mXJryzl~c7DsFuW!5$92=nk@;SLl|rFv|<^aQnMQ
z1m3Sz%wcAfTF!sudV$pA5nZ<X9%FmtFVEa-tf5{E1{PhiQ{0r!fws@GnKZqhp+-v%
zVyMclu8n2wMl%GiI?e{sWnEkP_-;Wka-nE0gv!`FY_6>`LntBFcL`mDQN)P)z6i)$
zUq(W1oz+X`H$wm<F1KnMq+^H|X6li`bF)cm5glKPCL+FBN%I~V7!~pkBEB0j*Ck=X
z!U$ND5R;g~vmZ2cy#rX-I#hEfGSF=nAFJBxHpdTVtJT|K4QL{tW{kKYDmL}AA(;Tq
zDz32Rk2ak9>3mMDE>Ee7Rw~YB7}a;o@8MF_LO0X#XK`!&q!|WJSf~0Tk1Akw;Mvu8
zLq)zwp_y0fFQ(h`6T8nJIuEUPG_=<QN(<9{$vK2_WP%$gLImse%<IgB!F!n8%2;>8
zO_6@1j7VClyQR-j$*&=8UtEy|xPJ@ZKGuBx^#t=<rDo4T;At4*bl3jlbty2pG6cgI
z0UD106RdWmQJ9@Vqu88#KWcaM8+N9<{y|BK^j_gg{jLn5;Lt>(F%bytAO>(6-9BRr
z1iXBstTmG<HyWX(_aU?K6}Qxn0Mjcy`z30o$D#U;P;NV#{tK=9PrL?}w>8{-0ScB8
zX6E9_Pehab*aO<9ts#OkYq}p8gLvY=A^GLMm8@zWWHJKdX@hl-Th_w(!{`7#6?E1@
zVftGpN_1UQft3J$B&F<xzs1?l6zjTEvIRT^%{#`8!PuPm%@}n=X888?aa$C+=Xtji
zU9qc)NYR+^kuMM)GUWhz0|;JC+kD5&Eq$BRWxg#816}_Jyt+WVVLOM5Q9+%<Tl&de
zbGxZs$4KtsCv=(?)}0(2Gwgy#DP-SLKJqTy&-aR5oIlXF^%}t(v$MrOQIM$FLXzOE
zjmXKjcUC%86q+kSpCxyAembcTTdad%eXLhVx<kP{6=#YMTCaNzWWi%a<QzweP|zFI
zlNV;TFWS9y|Ah3Q*Di+1N69LT&9)aBaSg`$a3AD_scaL1v}Xk{m4soO<y;2Jvs6E<
zQhl#`*fXI|<wec3jdo-do$s&-Vd84)@68}t{t|BkEY6_dGG{S{hbV4>v?480?w}Tf
zDr8bU#4uHtE>ER-LBNLJM~7bl^f^7h=bvDD?&VP9@n1Z*tr6ilfc!{13d%8{j=^&}
z<&e=YvcSweneXAH`TK}f`5_I?3oVBsCR-#iky0eokwJp}4FkVTTKqR{5oJ;1wRD00
z6TejXgsCoT*@tWfyVQhiq0NjnWV5iN1y$tTRAhI8WaEDmnHMS%QFrFF=TmB}`IcN#
z*0D=i%R}w{#rPxaLse!b=UJ#?^E2tOe~TkslOQGIdP73LP1b@uP19;^UcE?^F3pR;
z&?`m;e5m-e4{YDj!p84*^`gSrYw2BN$ef*Ni2%R0;ja?N%`2NgKj-#zMuc6!pt*pb
z#AVgj%k24~8|fVDQc#v&aDBKM^z)i`DX>6*s1}r@Ap8Wo^$q$?)Wa1bAv|1*MXCvh
zvlsCzYJ{@I-KZ;q3EQ=T)7Fe>;{drF#Wo<L-2UEDCnDqOuiW=GNT0H9Sic;Fsc$_B
z@3Xvn=8HQXdsMC@y|IsQJ+bkHKf~UKpGPsz19Jr3v3#;yBKL|{e_XmGjk(7HE|1Bv
z{6lHr>8rFB{QYZdHt;3Mv1N}((9Gs1IS!c7eL@7G1|f1B(g168E1aRT7Oys3iE4N`
zBq8Ue7-{&&Ouv|{MSQI(mt0x1-AMQELZU-9SWw@kAbCeddaboGe#!G#$=>kG)%|!S
z7GHf;X%MG{5e@4|h9Cp<Ms{qCfRG0V*zA7MX8Xp8MRLwonEuA5ab?A3gA6%RiUs66
zlt3^cgHt|(%iWB?;CiF>?6Lphl+s!6xq+gK2(()tk+{rh%oF8)7QsAzVj%?7A5`Jw
zw|LBe%>7S5(?SoRx2#ja#;%9%j2YikzFglxInd=N_XkQT&IhN`e0TUP=;gH%rP~`H
zOfV)9{AT|BhUm85&5-{#u{Cn%c)Yc&Q?T_?a7aN{!uzJauohkr*j)77>Ne%-je3zS
zWrg_e(vT*+2ZuLbN7bB1e%g<e)NB6ZeHUE*FRfjZ?%{DzUpLwi;ntcH%SHYTr-`@d
z`<tgUvTqI7;J*JK1IDcYPMwbTssePF+?%$>>K$q{qQSHKAJUx7##?(5*;ilg>y_v$
z;;e!txXjCl+Vot=sYDr@ld0~n%w~D|3onc@WKaObl3{}Lanpjy_l%$x!K-nad^QAE
z;=3aUo;BuF+~JVAc~YLW@YGaVltLjfd+0kac%n;sxrt<9Giq&Baw5Ca-5f>A=3h)t
zZ$Hq3pzr>zkDM8Kb(-yFZf`b%3lWz8sjV~*&#GS_-J2Si&E6wT*${&xi28?i`Xd_o
z1Qbm%<c87y`{YpT2vkl=ucYu=VI;d<kfy+vbQ}Gsm<|tL!1fp-7ECMEwh&SE3;NWF
zF8w9xpOh}N1wb~F^lQQ4y;#CvTgd()2Aj|rRoIB`=)1hUHT|)PUgW~dvc3GE4NG7*
zcV)?>KIB(2wH(SS{H=Q^&%tzY=^BlaS|Zl<ugrl2mah2m=@8^{9qbAU*4LtjOG0SK
z%}m`Cha_p3HdLi=REoy(<RGOF@&@Tbub^#6WqVg-ey<0^cKdST1FR)XZ?=7H&O>Du
z4#hx>P<Ec#&8-Wmm?25XQyl<2cbc%s_Eat^aj0JUn={w3EwbA`0kIkHnaq;*B>e;=
z%#ZlEqeGT?%H!{l^B!}g4RQ+(`K$|g#@&_mML7C~jCQa;-YhDWks7$y&4H%(QcK!}
z=x^oKxxyb;H<xt&-5)#UVE4u0a`_f0KL=K4zBf(<{~@XOMGg-BLm=0wUr*!sYa`B&
zLLF1VNj!0ia%Le~tV;Lq=)?a3S3s!00gj7O-q_nr%Mw0J))F*<CwGwBOZ2}tr$j&R
zbQIMOu=U9ovscIKYQ<wyii?ep1;oYcYXjh-p?X=U8Bix8ex-<bF~nz*lXl(3+W*a|
zy4&BYj`mZhu^}Uub`RA4-@d$4`v=sk{rmKR+CSb%+kf>>(tb5RoNIBEijF->Z*s|6
zZFWs%D><4)n~_CT?IrKL=ew7fUEM|=?!(+~5kjHHTqh+CmC-KdJ(V0iI`5N6Vd12(
zgq!Fk7bY*Y+r??@-HpuDIXuCUS+xaWdKPcw_~z-<*SB#)C{=t&#&rP@*<6_vDlYj#
za-9g>NfDYC3^SuxMaw)-arx0n)%r@$QrMQ8O?wv7@zK6)Uqs%?Ox7Y;$rvF-uv`Nl
zL%oxsqi=d<YQ;{G73+lAMH3~{m*Hxyy7v4?WuCd0;F-Elx(LtS;YA{BLF<115qT2T
zI_6pJv}69+>HuRt{!qX%Z?ZL9Jq@0tgU_s<l|qTrI2`m`9P|a)?Nq__G6g2haN*@2
zKy}+M0*q-I#Rm3QHLR|L$7d3SSV0Okic3|D;>I8vFLk9Vv6&eyi2YZ;I%!}PrGdpd
zpn(-C8fe^<(!jruN3r-AFq2{s$u4qayc=&khPR~{l=<zM?*!nt+Z>enZ7g^rWu*>F
zJ2uN(Z;Wbdf4K?W+Pfb2k$?X2_|LfW_}}F-{%;2w{{w-?fAfFy_^<gV<3F8_e}CWc
zpFqa{9yb1i>G&tsYy3SCKI7k*jsH=f^_1dYwWNl|m%~s1{?extRf6-;ew@IkSFVe|
zR`D4n!~mAGkh)N<eMCyzXh)>YTLDI-{MUdZvZy#*yD{am8_d3Ak&0s>ps!Xs3}f*6
z9UBX>QLXqiz*w{jI2QJlXZzNP-g1iGb~S+BA64jG(~#*uk3=c@8?EjJ538^DVu#iJ
zg4kho;xx_4Ik2;vPz*u;XSX6ab`RGyvsY<qL{H_=<vjGiVk9#^Q9fv+`XHwde9&9@
z;CuX_z48IGSCMYg4|rpUb($&)$vovdjCL5ntYemM)o<VQR&CR^6{WF?e{((`Jf{9Y
z+g7~c=eFURVd{dXkjGe5(})gG&^6zJqE!XW)E0zpA>Cay(AWP~p-9_KG^z1+m4t*q
z*B<#wg?d`VH>?OKVal92^8I`31n;*bYC~#U&Mjakw)~}2b>f4z(57Crz?QVYDSs=Y
zpqolZp)9q_+?lgw<9^$tC`igWGqz+5c$gj~8gQ9-4VQ`M?<Rb2*Pr`v8=0N7^kGKe
zGg1>1d(p5aYGMVmler&C@OGmm>BhaBJ6}cSz3!%K(Zs`4VdLk&#(q9gbnH|SJqbTU
zZp<H)Zp0z^8|Jm72tfrT-t4PD{fu>~y{aK!fUZVxh7|T9hW9rtg{Sy}671iis~GV1
z4D}pK?49o7I3_|VW*kP`&0^RRQykZEfxJ^C9Gyas{te`KfF2wWecjMjT*ZfEl-ZXC
z)tBfJW4ZDrqSf7{R>1oeKm(_?E;v4<73Ur&t-s>aft3*fJCM*-DJN7@&dMQZhoXrx
zYMV|8BT@Et1D|)AtRju?5Ox2KCZur&GB%o6Va~yUNCOK;%5a>K8jY9fqB5CmJh?sV
zK1rUds7*ap5nRQ?9{C6uHUgKPE{~lLMKMjoo5?NM(~Iz=_NPgXjX+Y);V%{E@Jku@
z5lP6h@MpeYE{n(vU5qi4)@pqfCF1%^O`E8kgXi@jRL>nl41pXTscWUjV|Gr39i;zM
zG{B=JI2T7JT6>edLPT6ZGYq1AtASmbsiJD`GQMCju4)(~-s`_)7H)Ze3bAfsU6qIY
zw^T^l!WaCTH1~*DaywWA>D%m(1p8iYn5$Kcu%5zscp+(rzz^ML)=2_CXdm>F2oTox
zf-8AHmM%RO)dr(ItJ~=g&WNX`jKdxJOQfk5$8B@cX}*9)J>OCV?*dkL(=>OEP~r|2
zJTMr)3F~grY6l7(ODwLgdjyw$7wLmeivO9(2fQ(TKm3^Y8`Jpa`h)OeK4=tOxuzU}
zpIwS)+38ndZ1!{H*C^OG>xHC!w(UaFPu2+FF9auG&;nzg2*Uz6+-5K*9k*2og%_;6
z;J7528$*X^Z%C$NG4+3JB33}6OJ7DOF5R}3k*4^!wNq}K;9IoC`Gm<*c%3f{MaS5)
zfL6Em2%u2=k|cKZCf=*r+CQU*0)wtc$SrfP)Bvoc03B5Tg=Qz7z9J!6lFnEMS)i3w
zmZTd`_{Jk=4zCN(MG((EqP+~jYJe7%?^%&h3}5g9+H1K|O;l}!6l(2+1nH$kwYAV>
zB*sv**>#+@#9s5#pP00bFX%z8I$aQe{sf>ufzqGgYOA5YpMd^;6A1nNCKUc|Z3Cot
zgpl5q4r<aPR42krvjEZI!j5BGWd_1?R04UM=32#)3&Emio3KHqGIPgsqO0pc7}Eps
z<vAihyO@xVkG`KbHrWk7V|F9KHQ56{WA+%YrtwSlyYV-DH_%uK(AW;!uVT`ETT{WY
z4@(uGc6TiPYRe<)SBpU)w1rCpqd)sLBT$OffLrr+LmQ6WZUw@F_8n8xoXQUEQ?flY
z9ltV;qmnzl-i6mZ^lQ#|@CjC$2{0^4$E;K2d%a~_^EN(7u4))^RtQcWJrS9cs%(t~
zdzk?sZEklwY;UzYAUY`G{4GPZ;^$W*&|8RmE3K>0V-1lSLi6eEFLHkEy=7%j+19o0
zrMd@Os$--vP;f;gc}+<i(Vdf`M&e$P(iNY>@tJM??l^aI6(jHiGQcL~m}}Q3M+je#
z@w1{gj*(W@L@@2z7cBd3$j<Tchm<KeT17K%L90r(m+GZ4++Canx_duve0)(1Zn*<i
zap`<fS6It~&CYB|^lUZv&#s)`z?oWASiFS#T0SF1aHxb2M(H7ac~=8Ix<HV~uO|DZ
zNwj-(wivp58Z?n?s_1;pmIjsTBRPb#9!kTwE1ZhHU=}%>L=S>y#3oO&rn@peNIo++
zrS29j2bqkus8ny5<kO<1seI8k*o;~Cdh6;gtiQLg^yR&MyVo3Mpe5-NUpNMawj$hv
zMp{1oVgS7m;98A8K*cQFz=PbfzyBS#BB=lCy-~~_M{tfZNrOpb<wNv1M}3~d@;lX;
zZ<K;-%V+w3t-jJI*@x)l6YIH>`e0~Tsrq1u>E2h&Okf&y<zUDaa_z?+s`DWRc`{2e
z(Zn10z<xziCQ-VN=&Z-!)<l_!%CjDi-#PbPe&^iny$2EYlwPp`Hl+5kcXmL?OJ7}z
z@Nq!6^aFZz?KQ~pRwAECcf2W2yVm#w4gPYsGAoTz5KDYxx4*s00^+%x3>*cXcHP5n
z=QAN(ASRY-?usl2N6vUW8e!eU_--PZBkrKak6#ZUhqv>?TO{q$0(NX#-6a6#PIajh
zb8IW0e-SYEjwa{dROp$AIj<?J*~MxZWv8ksb{6kap==LJoW4uZpHgddG-%eMEK=%u
zjiMq_Mnx7qR@S1-xSpJcjUCIWsF@7kOQ$`44iRkQD7~=~W2j{mM*l|S#$elquMGFQ
z$xF>KBDLliMD0NxWD@+oes=)Ni-NlYSYFJzyKc*iERSqTT5}$D717VIVzx)NP(6YG
zll%ZCDf`k72$1QuyfC>9%5bDs(b0;O`c%<@+5MC1K1N5Dxc(=y*?89zqhjOfrCd4;
zyGPSuFvwH9=_!xDkJ5(9(KR4rO6NPDZ8VUsx#byZRGn=sy+K>p`X_~+wEh7pSzRBb
zgRu*FuVZ)MB0Be+2!HtW<7`nhJ7YxWV-jC9NS5Ht&g2r@DjT7EbAHU-oI5DK7+D(w
z4J_g{xodi2Q(tlzPE97L&Bs)gtprr}<jgqcH2_yi;#iUhcN;>O0QulM;bcEJ`6n#M
zg~irBisG2w;diDQ=s)!=AVna}W|98CM~mnY7W7{&;@5ZOGX~k`E8EB2dez?5>^j}M
zJ}md=KLFn=ImIUgkcZhhJJRe-v^b|rqWxCrJm7F|>F2d^r?127ZE3w4r19U4)aPHG
zJBi~OmRKjI<qw=OdEO*zGCa(iW}RexSai*bzBM?1ahF?@9<y1kkJ86ExmK$UH<m<M
z{c%$I0OaBd^r#}b#_2`q*)8<#Gw?h?sqG>68b}Yt^uIB^3rip3c52{xmfjuY5eJBZ
z7x9qzZ#PYB<IeLYo~DU>fz^W%N~dC^<Hgi0W(M0G`)#88Xl|Nwi5|IE;%s!yT#PYX
z$<DE@)WALwhhYX$RS^4tm*ufosT~VuUrp!QluY?xy%v8R_VY1}9dr&MG{8vROiv%p
z(L52RE((rw(zIZ_42@#E<1FdoIVlLeCPGrAH|Ygfl0|ed>ZC_`q#$T;7aiy4(ZJTn
zZxv1QTaJ^JgAO&<J+fnfm9$^S04r(dj&-l33ze1hKWAYbe8g{|d_)2G7Xpm;0~oIW
z%tZjRcO^ASD>7;bH@>ozteRv#fMi*P8v9dMB0vQFi}`;q_3n47>5@mL%O0ZSyGF*T
znb|oRrszRN)t6?3a|Ok=exlQ2z#J<4V$Ob=6A3v+ZO->Ia4onDL|Ra6y=%CuRTq4V
zJz;H{*Kd-ok>J@Zc*<c#D;EmO&3wjXkxxHJR#T+TW<m1$ZC@mTMEnJ`&^ZX$<pn%l
zaX*(LC;(p+q~Dv|aQ;L!>p1iWnRRpylIR^0#~6hZv?6_siO!Uy72%vpak~C+g#V7a
zK(mdM9tp6Gq|!N($N8KBJ!&DRK>r#+%^4!sqxrywet0$WyzvhY-Q1?e5?$P>_5qlp
zJ?-l>7+Ox5#wn+P9v1o$OgbZ&)>0Y*BrxV**|UDCq<hxGTfOH;M0ooJR!-4z3j|!V
zbD>17VsNQBmqUg+S;P}`%raxvQOw#yvpQmyQJeLj96|<y<1muJFjuSogbb={BLjg?
z|HbU6l!Z7%WqsvKsp@hB%9eZqS_GzjtBb$j_QnIEQr7;<bx2uOEAgK}>PvT=LkSfH
zx0p1(XgA8KDXX~adV?;Fe|ej2QkrWB(p_5JQr)z=>f;NSVaq(*#H35M=PS@lbdFcw
zL5dZexs_1#_02kKH=%5E+(0TzHWHKm;-86uF(uXUFSJ9cuM?_%<nIA^fERdvV+#1Z
zhupX&Z7T-~sJNt+6wSKhrE-(_!W#tGSE5#S;pG?UE*!Zz>JI$afMGuT*i(n^#E<=a
zSAF=gX(t2mW0x*a+J2@)!{0OeHg5~%s}{78uZz?eq<c@VS$*d#5&!tUg{khAv-=jG
zorqB1w@7A9{<WB%H`a~Mi-He6yZv@2d@hTq4?e?A1j6S#=V{~m7Hjtpn2aP8;9tb-
zfZSX^fNTFdAd;G0^9*D+ID^YT$}M0|T=R_Hl%Fo(bvExT7ae6<e<!6?H~`U5wU~4i
z<9B(a?>1@bM;yfo<iN#2M6L#T3yhq#ncxcRHmom)vCTR6Xqgcl3X9ePbb-K|OhQ?i
z;p;Cr(%dW3+O0=CW?iMQerC5sx8dBew}cxfg!s*bF~w>zjytlmEkGzVkS)c&HBLFX
z8(f^gF}CW)2At56zA-tT`9kc=Z46<AbRO4vYKA(7`Fxk8_ARKN!!QSe_8`ktnN&hR
z2QyYV)g<hb=w^n36uIwwH}R%4<K9F9pHD6dV1cbWwO~(8JGIc>hm-GHujahr8*k!C
z&M%jcaU{xYQ%hp&IDqI@8qlq@_ZNL+GYx&Tk4YJ|mS8t1-*kj?70+Pl&Y_Icr*jM%
zJd)gGBIi)0(y{|Ss)bZVcVm?A1uctXW(BHBnYn<sQkR*UW|TMrs39_a57vxymtM`u
z_km$f%x+!hoY+MwlXOR6rj`Ksz`DU*R22UC2!Q7+bLZiT2x4hGzJku7t3O03hKZ1z
z&XWK5Axd*UuGaAy?Hw<nh5vXJtf}XCxu2<hyxzH`8n2&!z2kVb$p0tf)qMGXb-Xr)
z)n~l!`-6?w3w49D@rwFGGhW}ErQ`M4SvoL-zt@b{%PhI;_derwKQbmHE(9QOK*rr1
z;ekrglB%+E3r^u_9`fa9$oZ(Vf!R477O0WX?R`Q?MFY{XSu8o%M2z2&cXBCTv?GU~
zU6R9R7hl0!r#XD?A<pa^K$x9k!Yzy-*LzIBM>+J-Is8&|yn^?AEFE`T9mLORV$9*^
zY=Lw$p2J#8a?<&Ol^KQCt(j(AI&)TB&ES8yXwmIAJ9b$*?lL>vLdl<c(V5)VoU~N3
zh2hd=!e#rEp4>wyD8e<^HN=yX-mx+bZH+3-xUkv2gL=|Q9U)>U-nKqiTv$wuE^SYV
zx*ei@GoJep%Xxr=R#uGl;GNVtArSx`?@_n+7bs;Pl(3_)+}h=8I{!ljG?29JoKSKS
zTGzXkU|%9})-Eu<IURR6_St@ePqxD+<%Q+8rlRg|T3?yb{ZV|en-_Jzx*LePKd^SQ
z4oLl^&ryr7{*)YC8;NNsUlekD(Quq^V+3crUGNAj8f+!xz>lDZZ7R5<JhZXa9feH3
z0awm?1o=7#y{qU-$%itft-3aNr+*do8Zt!RhDdbAkO@<VaeORb7M@etb0jt0b)`o)
zr6>JXbXA)U@-(}(5nnF7yb(`o+O@;>x>DL>754?T;VKe6ihJG{FPJbd2=lJ#+K}za
zvM!2lO)2h$kbIOS_gN?FTj=UUV;2w)w@^2rXxBo5qH%zt4GYyMG9ij0RVeEJW34D6
z%H_K*Qxv^|?rN|ehNVZbJ#TXaORrNbMFzK_a!taJhli29IA+6YYHlL^+OZ3V7JW2c
zLwa-=VhWMe8j%!EZSVn4vwkFa3Ry_-6pEF^LZ>TwdGR#!Ji*hs1(3IkqX_Bzos6en
zFu8~&H~Y@_evf9pFAyCb#TtTW=~4;L?jm+IH`wKx-|p3M!ur|P$+NmWJZGw~VcLS+
zX>(^jHVx4khsTqNg5!ue_L}IpAeP(?CAyJHOW_6n`3+=PfK54G3@8>|Pw7P06Onk*
zzZrkZbNE@Xn9OPVOj=(qZQZollc%JupE7IORCk0|{_yM(?4_xK-J|25$7|+h=l#b;
zkj7ithFneK=d{R4<7YpJ_mB3%KbUsEAI3H1m$dx9@#>MSBfv`t-@q20;f%<L-;&`R
z6`T>jBctJAzF@4L6j=EW3#_WOz#LLw_&+SqP-}U3cL)HCq(Hv#A}}!ZD3mY6_`C3(
zi4@Ei7Qw4u;f1S-%ivOS9V_V&UpNiV`$rKcv`2;5QlX?qFW75zd;#?=SrcT<h2LPl
zusiXe5{HXkD_a&`0>k0lfj_WL&caRNer#OW7X#5l4X%X0;{tjmzlQX=GqLJ~uN&AR
zHsP@M8j!XQ2R^;mkl?h2ReZrdQe&}Esbx$ZwFrT0>FBK`JWwsxIqDktLJS#FM=d7@
zXlmJ!UrkZnk?4p7sA(ahx&^#$Ahk8$h?VtvJh<TjzVIea1weAa6&=Tn1GLsf#Jd*8
zKa1gD?krg>dbXKeoxl7#f%CWb0C|3I1c%!nIzqL$mKez`p)=A5mW<YJkQ~X9`?BQa
zG&znXN0MZ#4P=~D(X&giZ!1PiqNQ&NCAalx(_tM1zd_cH@EdF!4(nPZGzZs}Gka)(
z4jqw@(6}swW&OmmW_z>FeMPg@k}Q!=KPtj<*B_%K7mOufWd^jQ`!#{Y`*5%lUL{Lq
zg6rPyBzZ1NM%z&lLvjIoM?_D@7<#QBlO3~$r3|2&E}}us+=!Q;*fp`5x9E}U3|WrN
zm2O&rDWZlJ>Cw5OqX901xqS)!RRQh4sptGddK5f}Gr*qmZDZm{=Piwsrq}Tcd+Bj`
zS~Vk5N7&cNv{j~!Ut?43))rLD$Eq|bRTj1krh!k4LJMLIVoJSU2FbTDiooI#Ex3v+
zL8OLCxd!yD>Rx35(jZ7J{EXIkmDQNJF%4^M&T7mg-DTBgdaHdph*tahP+Dy!R!d;{
z!bh-f4(rB<I>5t(5QHMHjSzGj5FJM>vA3yBP^bVzJYOJ0Tm$X!(k~&s4|dVP{EkrM
zd?t@e&$Hy$XmTV=p3jo=XmT7&&L+v$$AErP1<x)K=vN^03)_$$DcRajMEY$fBK@MT
z9V@g1yLdPKG8w)^0-eZ`d79jrB@bcARXZ8o9upl$&Hb&>iMA&0NQ<L}JX^zw1{JNZ
zP-WczbOeVxV<N$e*>Tkz3-Zzt86{SVl6_)#s^4Sycx5N;;dau)Ie?E#n7m}C8Xt2a
zS@QIqYJALzW67C2HTV$hTNplslAAD}ZvsBx7w`eU6d%JxI=8~<mloFXUM$)36G`sF
zlH0Omi6mS2^cxn(H8Kay{b$h*8?Ehd3Dd3Bx!a(Xpf=O?Ctn1)z=fOA93u_Ljz@|P
zlr_dgN2V<wY7)yD5Y@S#H|S#=GmN7AM$$39U@f7h+x}KjCat{|4b_GQQms|SQg<OY
zj>b|)-BZw5>MpObR0O_v^}gS$F`oL~Ydn>^n;K7jtO5AY3ow!a{EIYQbX=kaRv(`<
zL2?zfMNl8~<TR+;yz1{7*;UgupwtRCZt^%DgXx6LRZUp&rpF_V90n71;7zSco&vnE
zQYq^bEXzSutYwn9;0XDf4u6rML}2Nx^N5G8mPg>pJyOZo%`!5jt(cL4UpAs&V#B^<
z*(T`&_7o>QT6hHY2GYDWAkQ{;%K<iKNShCV{2R<(P0}wxRGSnhC9yBk@Cz9}PKsj5
z_pDL#xFp`6lOsxmRD<X!7Gw9C9c4m^Cj^kc<bKh9{J7asBIx!Bo-zTXG9P<NA!%+U
zFa}9;tE^Tbsi$=!JQ}P^2phUN64}tDe~?nQizQXTA}pLX-rXII2HC5%Bm4$gTL9+_
z55cy!LQ=f7H^`a>e7KiA2z<tN!LdU~+6;mP4E^Rx?_-txsLnUYkIoTBrH^q+A1hUT
z97X%MS<qb}eJnL<`Zt2~Zv^RIGwk08xqqeV{_WNF?}~r_O6C4F!v0|k8)5&*1N3h%
ziVsPpwEeJGDUVh1qdMOpKmPx|e*xlA&JM0uJW6gygkL;LzG!JsMFS$-5q&hd8wBiS
z6VD#Ir^UP$Xj|U2ETJ#w)aR3n9w?sXC#d|z#UXF-$zQ)C$1rrY>XJuEOLmDFYi}aW
zeM<Hr_cQ`4(PqiZG3nnQEBApT1;<Si#uT_(*bPiQNb||%6ls=$<K#OhTZlb(15{}@
z#dSJwvCh*&aTXEa{C<H~1L+LH&v;S!tl)YmvGyg^A|D;sgF23st(hXF$_5;B`<Mih
zuC=Y`Y$g<zTN|TyaP&CQ!`cwIabk-gpp?}BZO~O^5ig6aX<6^HvQlvqg95i(2g1|_
zDkyoP4~i9v%xz4qBsvn_sN<WbRuZ*TBowS8;I2&AgkUAuJNE#&{zn7NL6O;5WU^dj
zFIr^!KPiv+1IFz#)$E)VEg(;lg=>GdImvCEZgEWmfqYJ-JKop7`!<k<%PP@^Lm)v6
zMOS)srGUvvFmtwAy9%xhqdBS48Y4PeMGO7Ma<&+u@Mr5b(TSQ`r_CS@z5KfeM&}zh
z4=ka(k!as)1m@J@I4#EFeFeS6amy0>msoO3Z_%AMJB|w_Qh&a1MF?;+cr6Dnl!+y$
z^k_G*^RkH(bz8lyNAL6njdaw_2HI|s9w_a{aSH`>1fxy@`i+*_Mk0qe+~iZd_h3%?
z({=!vvU?F=U8QoZVjIY3$h|Z9huO57UC~~f_6B0oPBTCBgrJkm{Gb!iU~6-<2q`(M
zmpWi$9ox{B9eCi=dfFJYGVexA<&!2v8?2r13DwSIJVD^Zs}31d+J&|PLvK4L5L6Oo
z;mN}$f((KwXl}*5(1?uqQ}M;vox<y6-`)nbQp)ZRBuVjuw>VtwetRo{a}QLlk7XG&
zh=^k%tgIJFkpw;D>wEEz1gxngRe=0!z$fufml1rOwv__3CHA5hTOurI1$!~-O-T)K
z+ci3(THeczZ~>R*i!HORQpQ#@8C#bxnTRQwSaL=`tV~Z#Ylk@|#8Hpju+NK07p$Fe
z<bko4*!o8B1sDxQe36DHNw#w!F{A1ICCTy|#TFTQKp8PXm-~tIW3VLMu%?TyA(ha(
zC;E%7kwy*u^TsrJesO&BH1GW4$kO1t4=OBy?H=Zr6VDNxI%4)jBS?vCEh^lBjCs--
z>s?}5DAlNiycO3EXk!RLcEzWJcl{GZ0~Pgc;R`Ujjm)i+WfE^xB%8eW6q5D`{LpGa
zcSzs|RU?TsBglOJB9dMiy}W}e^D=!0R&ys(b9x5@NGyb~%t>dh?eN7>wZaddc%9)K
zK`bG^TL*zxb!r2*<BbusgW{4eNY+u-9HxF>!8HjAxJu<ZG`EPYhGprvV6RS{2g7=(
z!i7yLsn83a632G?@nCYmO*YfmeS%}VP;y)kT|?!|ZoxH<UDbNxXVv`X=R9~Eex|_4
z%=#mT|Me$$iNFLSOW2ab-`oNJHp5n(3bo&|{RF8c=wb3AJZy);m+V&AHy8xnZoyNE
z{fAY}b`d?pJPI_5@!x-q;4IGM=rre0wE1a*3)1&nX&Rw0(K(hAVZ}pc_e$d~Fj1~r
zlPtkcdF?0CN*naR8Rcv#IOh?#9S9fPAEYxxmF*}cRhfXFJ76N%%%bRjioK@N*VzY9
zayafQIk*zKbtg7H4|Jy+d*u3-bQ348o1~BnWOpA4xf|oz?*3=v7R=anW(Yo|ywtWk
zCoOJAZfQJ?&$;w@S37u~N}p$AdKNspQ;-ucBiaec00M-&2YV$g9pIkMUP(VXyG3^p
z>;otjL1&T62fhtRh6DDB0om@BzqZ|rXd1mbijtMIaK8#AhowjMt5C9E8o%E}gwjr{
zqga1l*SGNEUt^D%NVbie{J3Jic>|$rD7})3$8GV~r6|<85SKq?+t9>@o-aTvjX`|D
z*US)%9v{FQL-`Gf)nV16R}OtDTb~eK#}|wx@WjOj2)t$|{GUzD5H6x&!U0D(H{8{v
zD_%P?DEHWjK@$jxv3vMs4+Np@X746K>=hyDAk6iHC?wPK4MDeE(CwxBpGzMuI*^wQ
z67W)M@scTm<Dg(adrQ#W5Ix0a-3gd#s`V|MFA_b2uBSKU4A$B3(vUv$1$LIHW108k
zOAvb*A$qpsH7R6}m;ONb=PJT14<O8PIC}9yW;u;7;^`Mnfi;(3Y+-_<+T9rqtRkT`
zZjil8g4|&$2*|gFKp{CRgxJg20Yt%QWCI+PqHeqBs1{4AgDi#ROXfJL?I(iGx)RY-
zg6A2~%1rD}81~^y+K0><IiY|h+?Ep-u!LJQ!TLB%`&*)?T(no~mVN^(kU6#lRx6#Y
zr8}97KQxLZA@5%uWNmG6;A^l=;EMzg?QB26v)%jFRsAON8O81hNP+&^i)-9G{N7gc
zTaFS-Y>7E(4{VQnpo4tDhTE`XdCEk)$7pR!$*=HvRPgcGU-`6~tSR#hBCP$xTuqQs
zMC)JVO%o+lWLFHnO>L&~w<hW|Mzf-0Kg{I&Oz6-%ArAjIc9<O%@x{`L7VSB&d9$-W
zU3324XCm6$&8woAJpi3fX!eGJ2j`e?ATw$x@L1y_`JzF_<wIix`yvC!7ofiudksvW
z=W#=D&5JR+o{UxRxArFuI;zMLoQ(zN;7Gr@^6AswxzeC)FbfCS7!7q}ch4Oq>UNrA
zPYOu~V2%J!H`-`+JZzF@NHDAn%ob=cM~oC+a5sfA=si1_GQnO;NtW!s0NCl(nqa3z
zYZZ3pHg6C8&t&eornb8Q3u2QXJX$ZQ0b%6&k_nD7``KVYcMx_Hk(%k{tRVAk@O8bx
zK(+GtUc=t=*!ykrZe57ax9Iac+_(hKZajZk`aMh!!Ldh(J&5wFwJ-dl5)Z^nyC>K-
zk}rDPBb1d<v%tOvYk!z%zG+?j(_q)#0ptjivJq5P;|89i<Tm<ii3PE>60lhbodS{d
zfi1rFAawkbcJKw8iTn1OqGN{``?JMy09ir7xfE8t!A2pritv$1mGc&f>lFUQ87#!2
zC=WtFi5OdLNxIB0n}JJj(hXn~Z&+N(11w2p7Jg`zsH?H?gQ|#e!8&qk;z3r2n1${a
z9XqA9r;##Gm>uWLm<A*pY;pVrjpqyhg-2P%WC5un+Jj<ji^XwSj4k2qZ!qqp<b)nC
zU&n42Zv2)JUySo>5O37OPjh_(5g8&!xkXoEJ7?C7HVCnm*4Ef|w5~Xa2ct2keusVF
zZ^3aCF9|>YEome0z{i7O!+@9ga=f3}&y2S!9HD|^i9sM{0Ki*$N<d7rokZ~1?Z7<i
z`DIUFlMCQygsWAM2uMxZVNJ}4|6MDejdb>o80lObVHn{^?l8h(?O+(`>K%dnng|Sq
zn6%plV$XP37fyi0@SE8&+#mqM+fi^_&SCPSE{$)F!XkW70?cf+?Y!AJ9C+mt0*tnq
zB(NK<awni84`4?;%6@8g2AQ41pg+LI4^j1}3`;tRUm?p^1^q$a2Nf|y5V=l=#o818
z`smw$&Blx1(Ukq%3Jt2Xxi$LRAi=o^q=DpUk=_d4Y9zJ7YVaqqPJ?ngsLKmw<(0DX
zN^NdsE$hAuDW(@J5oG1G=wOj~(&$|S$YtXi{oD(%V8@pef0)kXMrLPvBj~Zdnc!I5
z3}}0CBO@l6%#QSCMocqdS|p~SPl{%dm==R+ahR5fX>pjA2xw2m9S1N}GxvS>(*(<i
zEMl1NDUUCP`T)V{L0BJ<%;He2F9_=k!umq7zEG?$2<r>N`a-e3P^>Qq>kGpALb1M3
zydzIoVA!yrzKWLgKJKL!z{S1P@(&N+fr~HJ-k12N?;8Fpi+E9oeW4&a1|A!bH9w)r
zn|R~rKhbfR3t3e#+nZ6*WW(Kki8CbhZNjuQ{~@2EsRY7FJ12(|Pd_u7&@ZAMqdwzu
zsq%$-?%75qlWitcSfrX=??;mj1?pN5#F_#1=LONU?NBcBpcfq#PwL;xOcxWe{slp_
zeuR_Eq<$JoqcQ!c6>Bt!Izl2}DiM^>MVpHTRHk=|;7dW(giO|il~6S6(6DiFq_own
z331p2fi(f)r1EUq1T3`?{pjKMdvl7nByv?-_9z8Sh{GnVWlhM!FHNc@M6xE}n#)R?
znn#<E%bE~_O)#-0Ae=OWH33Uyju<zN>_I+S$C?l$$9@&4%Ox7nnO=H;FD0F~2^eVv
z(-NU*6D{pc)`V2ngh*_Hq@zthIBCly+5{}ME&b@VXgUykIr+%QLBmF46C$w*$5|5u
z{BoVD3B{}l2Jb-Ru+ogO87nqn9cu!@NvW&}$Grp5WgNwV#F{`ti&e5Fm@q(N6{AG_
z%WNZGx}Sc;vBJ?u@FtW+Knhv&wc@pBc2*qm+M@(Zc@mwCIG!Un+03prL~6jIvs4|+
zW@(3D_>8o=H#*Ud9cL#hM(kJ?s~h2@=?~G4VS#LBKET>&Vpo|+?A%Bl?U)gPm#b=B
z!D{_DNa<vCBRZmMS*-@FbvdgQ;iStGX|1?NFh_tNvN4EbwUU^)iL6$G8A?cHHQ`^@
zzn`M$M*{O66(Zv@`zr;PA4T<5<I?Q7%@+>VQ*>s^-x1Ssw8;wHNWHWklTu2Ld2kd7
zA%So>0~4#ZAM@Z%h)$TYK!Dv7#IRJ}2&)uqJtcxGxdcxarM0CI@_mnO?323@3pDf`
z{VEOkjcCnRi|AJfh%;V#mVMe4Q$ALGN)`yR<ppU9Nb(jy!t;pg0*ZYKSR0^#s%=UE
zINKzHx`0DI1#Aycz<1kN$7`gWW%S$5_-&=O;|(+)En~GhE=sSdKQidNAMwTvPV<pP
zuIZvQrA&q5NS&r8pRZbbJ4gbtb}3VJFj1%NAVT<d@W579?RCjrs%mSdw%Sn5NAKcC
z&H_ens>AJl<SRz#>Wp7mMx<}XL6%|g%{a_52&UB;M_9%o-;Codqu4j&PnPkqZ^jvx
z;TzPju!7Cn1)9`L%3M~bUQ^Z;b?Qx>yo{<-bwTp_u1;+bByT+G)TTl5j;Ky;86<Dj
z>eMzYHC2<^fygu{I3qiw@!%o5FvGv4sWDu|?7!7fij?FJZ;}v6ubmx+)<NfVYU?0^
zJ$uTNH1Coo&rS0t(LDd~T#z@I=2dI*uF<?MG_OXJ_czUJO!I<+)OjA7cj*ktGidVk
z#KtJ)7n;{plh=^ueMj?JX!4rTyf<lHYfWBDnzxkZwbkUAXx_s#ucIcf9nBj`^I|o5
zooU{^G%sG0*Nx`!G%rb$mq7Ebo+f!|n!FU6caY|Zn!F5}_dU(KPm^Z}@{M}knMJ`0
zkp{1c;3~pz`CgA~rvOADKr=spFa<z|0HJ;WO%;ISp8-J4O<#Zz1z-~bT=xUGeNzT_
z8v!o*0bEl6o<e{#egGE~fC&h2)DPga0?;1;4)_5aRsbRp;3q$TJqkeervOmw2e6d@
zP##0tk1${R!4xqV<bI^D5axY9n2#9@vVM{aVP5rvd4s_qhbqlPnB{&j&oLMzY$*d_
z7Wu&}VKB(=OC1qrmLE(mgF&%Gy8Q{jJam(s`MDp1pZMP^P7z)Op3H1NtN24ssW_%Q
z9a5f-C{JgVr_0LIP34KOr;csN@$^}9j6^C&u1i|D>6kZ$`7HK=tfMrEy&$hEjbbmz
zI!PJqh42%J?1gYA_p%ql>$GPtC~Zm2$qSkWHGrpYbj-ise`J>`FT#_>an0hmL@kE$
z{}VwhYXy1?F!w(Z?6lv(g7?Kp53w}aR21!qhOso+3j~Hv?}J4-r_$F{sSCa$_lHi@
zUM?>9-PWd{*cL|o0ou1pcq}w^<1r7r-+oDY?U_LSH;7y0tF#x}D%oWwa&3bzGUQd)
zEKLM?9M9u&_$SJ9_^IUnh^OQ#|3kUil?>ZwE79WWeSj}&VlX?Z@~S<He}*61IJZG`
zl;M+wTyQ{LR6#tkl*h9^=mk-P;E^;Fl*>xdR1VLH8dTu!uC*_&79D$%J=Sj+f75s)
zV|GQ?6GoZ0kx$uG+|8Eni3d7U8ecS2Cwj_~YnFb4{XshlRfkGE#n7Q*(bc2@bSM=&
z1YhVIkV+Ttb1(DJ4~d>_7{1t&bkRC^a9(l`ZovgniFR?xdR!>HUc2GUW(;$@<HHEK
z%kHn(1u}DVr2T|Wxbd5Sh_#nhNv*y&alW1x<f~YTpBy75F2#jW8h-`IWKl0YBE_s|
z-)3U&gHZ-{E&-|OK>W|rN2}2JXfR*cj)@v^n;KIQ<;VA_h$3v5XPw%w-#qJFjDlE}
z+Ck-~l`rfW$`Q9J*^1|YZ0TQbP_oU|GA{^;e%INJIBpod5jP_(Z^?9S9UexnCt?$y
zz8&SQW~k>5>({Y6rtGDGZ5(6Jtrg`6BWN*ihfxuWi1e~aP&ReU?s|?uN}DsoW$gi8
zXS@1(gg=8<a5v>Ro;pf)PriYA_iWri+xB#^&bFUxO4`08vbMH2r^Wo(>dtKsWo<Xn
zw)YLx_QGR&nK@-Q3$v+5dvpuNoQXf&N)EIEi&!y}8EIWo&`1S8R1A~$u8auGdcUZt
z$?INp4O6g?o)X0qUTTCs!;%*khIK2|0?5XDIN2es6f%dZ(XyF%KPQ9XR;eF#YH|(e
z=7c!JUeJ<)pK3{Qm`7fJPy+6nEU@&Ie}}6hjckp$$G_~mV)h-4D~@y@OX+^wyNYOD
z-jays@$mR9eT;#}H(K`9DnI%LQE7cOX`d_!GaOMzL|(kO!U|gUl}8&<5yvTa0RDcA
zsvWQZ7M<XMbf&A|RLYKZ9Q6fmWTb-rVO;6aT{h~OZlGh)F%KPIcsaFBr4z_i>jbhj
zLg1<*MJMppI+eh>yiT1!PLU!|Ke<jNZ?3LOppGw6gw!GGkJf2F(h8}!zNIv|&X*>4
zb5!bE?VGWWWi0p2_?2NZS1X|^IMzs^Ty0V)7f8yhPzGNkX>zjUhAXq`WKWUMVu^&7
z2CN|sVteg3vJRzaB&H;~M*T+f25IsJ(7YdM-cU{6V4C+X%`<EA1e#Y!^X}8+S!mu&
zns>h@Zxqe5(7f@Qym2%yp5|q1@+RoiUdJ1gZg=7;zN@D3pAV5wMrb}6MvFU1^G0j(
zM$)`en)kRS?=hXP(6gTf433jVyaViNsb56lT?#-q1lZ^YuuTDIf&fK+02>ql_uByQ
znIFKH3cwBoSnUV!kpl1u0<81{Sj7OcrR50V@&kBL0ho>e%lrW5RmoKhL4c`Mz5riT
z%g&TKBfvY=z5q950C#I`#?flo<DL60_;OD*TDfhlC?Ool){6D)?^o>aC-kp-68uo+
zdCVsf%5EVIg%@`_1b6~}mJleGckd_2W!E6Lm<{|Kuz2KZzV(}99^wzfor%z}0=8I9
zd3Rh_rLo`87ZR^U_=Ym_3#0+;DO>8zo{Z9tk5w)C@ng!}$4K9>CzJHa$H>>8mC_bR
zaVwDT!a_Ye?0+}ppXpBzpkWRFrXdDAXtF}km3U65qGZ*i#xYY--2RxJ`BwApTty2a
z-<;eOO1Gq*Zz>M>r_QlW$tg>1J8PQa#(#@uLWPnE)t;+ZL)6i};lT2@ViPe?n9_{-
znr4L3#PQe+Cn-_^91#dG5&+%Pu(2%QK;avz@C36<QzNWOOWWuI1{?^|X{tFpFaTQ4
z8@qE}o`ykw5hA-frNP6p$&QL6zITZ1myLB7+809Gclvb&nK`rOOfF4rD>u-(*xR@e
z(zte<dj@{W0wH|r{Zt(YAtOK_gn0anankc%zcVLoOJNZYloq=ZLYt6i(P%4&2PD#-
zZD=c(;0TE)oBXO16&~Ur<7o2$3#$7|%!`4%!2ae0$1j58ih$Dx1&K{p14w;?H1f{>
zJ^62KJ>|d8|F6n_E9)iyeO`zB_a>A7=12MZ|MGV(jo5#Z7@pjSzu+Foc)imfsQhpF
zI*sNFak!{`hTz$j?zoIzuL=@~GMxDS>Kc=lcYE^UL1{%gcvv+5x9cT3zJNqOsnhM(
zY^XLZZ`<(-w0NQZ67p`RE$&Cld2s%Vfj^(aKJNjayQgUVsk<`v!q>^L_TGoq1e)*p
zXPSBxS71T#SYhyk@onNy@7IADn;|3qdWGcY8w^t2&9zC;s8Wur_#vRHFy=X7(tFfV
z*bSSapSeC%7h?^^3nxWG(c$TeoHy~RjAy&Os^NS|a5c3Ds{-lRmu8Y^rh@#yj{|bv
zJTwzVZ%MKJxNb`x%gB_XKGt#e1$s`7m6`*vS17E&fY<7_)KPx}Qvbbm)*qnIOzGo~
zv^Ce-NSL2kzpaC|a(h*y`Ayc>!0OEZyM%v9b00_X=S*+mJYn*?#$I^cI)U!&dp$l*
zo=r+PT^1`hr1PVFI7L54{U72UBS>S+;Q_>iS8zojp2#>~htP`q#2v%K5hgNk!D!AJ
zO|Diqq?NrJA_s)`La!PguJvH{6X$<iC3{wrT}N-+HO${j;wL1rR@c!#()yBLhAH)x
zmYKW9Lzy{2Y7e;;cfqT>lXAi8(|0H%WRO<BLw)`v&WqB<lzfI|bePA&9c$y~C@~u4
z$fkTz$obyrAcZe@3ullsVL!Zz&QRhcB{`Zp2$OxJ{4KR!fId>H{CuR4pfgfz+mq-a
z#oCjKtt=X{9GYwJ%syNIw@-higmdn20dEkI%3Nj|Q|tWavg5a0*|S+nDl|^&^}UJQ
zc^(Pak?wvCS+|f5y@{8UNX!rZ!NgVc^e}g%DNQi#OH}GXp$+Ex_}5lD<^>YQH9MaO
zk7uR3kgHd@kD5WPja0$w9-l#bWb~oLL>dX2SP8hs&^{#+|Kus*oR3>646&Rt|EFO-
zaYKBf%M7fMZFs5U+lRJjNa_@gic|3-kkldO7i#faloVP$u8kLFq>4&2>Lh8zB|H^U
zf>09Og2hoO%?d>RO=VYnvIDFicMPlR!s1?fUojIKwpF3h6RT*`7Urt_XKVe7?IxC$
z%t0@#DGMadx`@R?Z6r6WR`*{m6PWuizesv&w_g#-{%*glL!eVqId;nI?bLAM5r-9C
z)SDJAu#hrVUy6?EFLT4IIoVg31}i72z}9aCVC8_<|LL2||LL44uYbG%<3;Sb{l|;!
zcXu4Grsee+uhlPT#w(t+tbDe5ycGZR>>>rZD@7ba#p2a7_{qheZ2a-{aS}=W2hy-z
zBzQt`T%%R=>KmdKzsbx&{~N$wr$^7#!Q(uv75+Yfe<5*^4t^HHn)L)j%p=t*#Gr=G
z$T-(`ZwEjPi$Adcm17=1kM(EE>crAEils%*1D4i%;~%~upGW1tLfOREA5*#bpT!aj
z9%J+I{~Z3#{ap+GCf}+Zf3Lh80Dm8q)(3z6TpIlSv{J@j+RGGG56n{GuPaMTpQXkh
zN-fui=nQ<p3H3@ILss(7Ii~2BM&1Y*WkTh#KIB*&oz{_lp(i$1`S=@L;MIUD(I;Fa
z`Ixk=ZvbC{HeUvYtor%e5KFVYSbEH7)fcPeRsUldx2}Zb2z1sTvO1zW5!?jg#2JOw
z4`E%DqQ9e;u;1R(9QAbVx7EptyhmA)ubeOtuWDJ5VT=`NApHw+EBed(DI%ofYfAi&
z*I4|IN7V5@SmGOxXySj=y8qM!T+hx|*JnLT*;=3VZ11z0^=$I1w1L$#|4*-H5w~lZ
zkNc`>pN}Cg2AGenx724oe(KQ7$NsO#qx{thI`ztDs784eOZ?A_D1U!)S%k@y&!nJV
zncbBWL7q4Xl+3>z@gT<+gG_fEL%1psAF1T*j3XrYRSdP-U+|WRWAV&pMH5xPLNh6r
z>ND`PDpk=JIK$;oe7b9jhtiy<B2=dcNtbMm(OnOeWZUEJhVidU>crH~D5x%54tUxQ
z64{!rns8l!jB%+fSQn~XOy(qyb(&bVmAa+bCcCAHq4K@#g624l*9E{dUe|>>;&lm%
zN15BtAPsBdbv>}k#8~DmwRi0PIA#pW)<Q<7tu;3IdQKE4bzDU+QW7jzNG(=TX8CZA
zYPc-}Xn?J4IZ;%9pvV#+=1o%bN3Y(?_#;Y2r*8YKo`HP7UWyN}YDRivw)-ho<pA(0
z#dVI?k8J)w?Ug0G+MEYpqRYUQX*Avx?GK?uV9~V`oHbgR>gWoB^O@y|%0fY=dN!HW
zQ*;8Jpm9WG03ghH7!#y>nVd1&b<Cq_9Hb3&(aAM#T9n$KN3OyW(>=l$^>^K)LH*2I
z^+3Hf?!Soo%^T~3`mu$9P=9O%Mg9D#e*OF3!ar~cM(HCWSDlsiIQ_@qdnX-(Umj-u
zObBOTl;%-cEKoeL|Mm8ty-nNC2WbDzXKDLe`n3O>+y8gk--We*<g@<m@6XyldWyFF
zS8oMu|5%y9FgbQ1f5ANIOJmTjyDMbfRSbQe5P2zyi!U#{An+NL8_0bRK7Aj8?Rts%
z)rb97EGs2}GF?kRfK0>yz2svc+zn{XAiXQYHpXmu?wFHqz`XGd<kHFOil6!RdiMJO
zIwRZnbuwxn)5&C520PCxP0nhXb1@%sUiQX+a>;wQ%|&Ng)5)sEJews}Wk-3>D~S7C
zcp&JLuNg5-$1~&laNeNoXC;q2pl-w!a^DriRMYhr0L?!WG;d$W(7c)XX))7XK9O0<
zq+X#)lvMeigE!<4@;pRu64%X7Z$eqY{H@sH@dU3uH{6*OG)UX>WL6Nmk@XzKL*=9>
z@A^s*c(KM)tB-L#ZTK6P1M0J)?+vh?HdHU1j`ejm^jE4KXqy*k;r!4^TRdPAQ}ErH
zzwQ*6zkcpwefaAm>*~W_=PuRo*E-h7*B|oJ?*NXq?K4Vt#^xGn<RlVshqUnA1zBiQ
zweW#EjEcT8;HW$w8(>tTwE9JR%BAlDOwGgJ`6}nMlG3A!q%?C0NJ<kt+OzwmZ_x2H
zL#F$A1xH656i2p+s(HDcC1y`VdZfBApO70UL$K>k?Jv=;E>MS_JTkhEngw{ejgPX-
z%L3#wXWeFsp(cSa)I_DnLImwDs*@b{Q9Mk3DuUB|D0f;~PWzWPq0auXtAHaf2I$}I
zQJVgJXsU1jy2jL_e;2>4Pyg~4*U~=&>)-0}QHnluFVRcL(drdT(6{CiOHi9lt+yN>
z$@G?i4IOo-yP=`uD>u3+hK{)?U{M6Io2+|YQg}csHCfA5bm}o(!nq2(5idHI8qv-8
z&r%p|hqWt9lB^@pJ%X)mntc;WkesarG$sy^l4f73=lB8=s@V6a2a%61E57BZ<tFP;
z*s~q5F=JSVNVNHltV35IJMI*AC}rz)(xJamV$4PF?X*MmI%e49^L;pK+Q^Lllq;^<
z4w_x^{&Y<8+zlP2n@Pg13Eeq%&I5~q)cd^?s+AoYT{s*kuxb?cx36;)p8S)H0)IW=
zD6kWz9xwH%brjy~9Dov8bcwy3D!N4WH+53uE@of55Ti?|4uO^xQYwsiz+eADcqoI^
z;du%&ZgCjL7llX>#7X|cc>WV1pZ^HXUa&|@s?(n~4+T8^p|Q23-?yA2r$4O#=i^59
z;Wp^lV9X_}+9Bl>XAx8(J@zi1;#ghM)ThV^&cq0Eg7XmOrM+k3Dsny4&%G;U7^Yo#
zmkOmH6ws5~l&mN@>eEXs>7FeA{!-g)=yu+cV2)qDla7va0t)U;Tb@qh3Vuc&g)iDH
zxb($@3h1@fut^gb>C)Q(gvp`tIJB(6bIfX%*%dRhSGHP>9MMN*_R1(BTedbvie15w
zWQq1C3clb+j+onx`-+&`=``kcw;`|KXTI<g!b}f|p@9tJEI4MwvZ@hlXf|o6s%r(~
zS=aCcBN9(A)FF+-9%0#u+8s8N_323qU4gTx>O+p!xrXsQYBO{+v+-JCvhYN2OMOs*
zxkc(j6qv^Kp|pezJ<;ms;rFNl^T-CGz?`@ir$8s~6o~TWe(5b*cT4|BbVljW6D$%P
zn;Y3u&N52)HDjZ^6XrgaSTWWoo@;Kc@vdr)ur-4r<?W2#jO_@(p2!1FX1~7Uo%q9<
zU)F~|yk!f-A3mK=yV8EFAAhLm%M~qoB;`7Ko~iY8et{hSs13D?&f}<NjySkJ?8_s|
z7i`$s{Q_L^1Z>UP$bdSAfU=TG*=<jG=!*ahnfOJ0WTii>fn_C=wAreWl}6{uvXYob
zk#}OWiYM#M5_gV{;{5q-ww~^RjUU$0)nUpy>I$oU9o?5z*E;&Ijox*XAEsJI?<vr(
zqdlPtsq-qfj<#Ju*3qyqvW|vhUiB)?IvRv&A28+K#HDo6yf#W%M~AVblcQvP7||>C
zT!)Sxt`F5k+B*8%rZk!t;V6c+wD4pf=2_M_eoK5Yi`V8#SbGXr3u0A=*EytxZxgG!
zUPt3dGlp!SR&^JPniIkD4E)Ve^oyka6s#I6w)N+WihV3|_-8&MB-ymv@jhPb7!qhr
z+mz(Swg?z4X>7iZbCj%$#Kp7R_B*tJFB%-g7i|~HHe<o-aHqE?KihEergg}N+SW-Y
zgM+yEa(h(}|4NBVzssnUO%OvLr5_cbml4RDL+%<V=y>-}1s%%}9gn<4&=GxvqNDG6
zijHI7Qgj^rwt4OL3aYcBvvgIO@f%&064|O`NbAjHYn7~Sp!ytirNaD}{4_D1V*)%2
zxl2qIh>L@3ZNs@VJYlm<$I~g%xg;`;FB%bSKhZ>Rwi2*<srft|hkjr))OC*;%H(=Y
zl;6_7!)l50O9K2(kMS4un`sRnU;z+5t#g6gL&}tX&xL93jSV?#F%6?Nbup##TO%3a
zpOx-oNfjdl$g51A#vob`%!GbA7Z{aDWL1X)iq`SR>LXe&`=maiby%)OwEpl(CjXE0
zUEgsnlFGJ`ix1-fPC&80x3Kw(zMmV-Ye{@RfA0|yw<QWKhMiDou^4Ib=o^F<S01Lc
z_*oI9#nInTS{x34ee{J!>RURTl>gaLWd<r$e0^N00==n7Ptqz9SQP@RqVj86h4i)8
zewJb%Xz*r!4ZP;r1VTicfV}dMk``C_QW6p$(*o>$tFNq7VzIo59%*@-aL!E#t>&(9
zwtLQ?5zyrQ{)+eX&!{~DBnN+)_0Ww5REw%LqOuAU{^sCcNPGkj|7Jmx&PcsDs$=VK
z^Vf-Xu~D7qKubXTF8Mwp@#R6|wrdy5um;RZzG>&*RqLg5ZYD)CU$|aRonJ;Oh;Dg9
zK{T^=VP23JuBWc*%T?e-mMgq*P-YI_JtTj1JjXA4CWPwpjGMY}#4!8tqq1Rk&dk{}
ztqWsf1xIFI-WXC0l!I5i;Bgy$j8Tl(Z$T*)Ji8Dmb6b0Vk-07623#th=AD=VPRvOM
z>BJO#bxN=PPN$}zu_hEkHClw{D4!#Hc0wz~cC_MsM-?kYvUa`9I3mX9Y;PTiiBHBZ
zWB~a)7iALEB38Rys|Bm9i>5&;-%^^&(Ed0a#M{&4Zr~zf#9(AA`TReb_RGxpVyvpg
zbygLv0NwN`{bKyxaQLnwoCJIVgdUJQujn`#nS}q4c0EPy$OVjAkBg=GDIMp`)ys5q
zJII%Ae*dd(y6O6cx`)gTQ|YGkM;P?+E4<aQiKGAJ3C=;8LQ)lrw1nMe&X?w#^y#+X
zA%~>fuhrgjcGF=Xd|J_#1bhPO1>#-z77}mIV3~ODro`KBW&q;t0~9;<4~2Li{KJQM
z2L`KeU|>n5sROu*m|)@yFK<yMm&U(bii)2D-2i*tlJtE!GoLPr_T73?J0KeBes@L$
zUfMCc7MMtsn2Q*$?zwO7=EVG4lz``uKtcU0_64aXirJO0b5uM>agV6;N-+zh&)*0m
z=B^85t($C!J9b8IPBD(jV)QYPC1$gM0(xhcC||iJ{0>uxGzHpF%ba<+Re(8Dc%FG=
z(Rh#{A+vD*e~*a6A8A}}{5y!wjcA-3<vI<4G#x?qA+w4==qdU~S8FE_hL5iw=vmj4
z-`^6ddr-$nSo$zbjgGR-bf4G^3sp;Wq;E9S*o0<zt8j(QINXPnX51LY$+vW|;0e6~
z;YIeWqglTS$W=;vO5D2yFa0!l=@Ud&=BCf>?gq?F_wD?$Vos**7)sk|IRR)p5eWM3
z-xS)u_csk~Tc>;JI)>17D(4;zbExU!H(>sB-#+(o&Dwu-S}kjTn74`uZ54bWaXBX6
z(^<=@Z*oFUiuq?>(y{e0#mKo2k)-7;>GnV)D*r;E%=N((rSU&YLm$Gx8C4$ZXYjre
zH(zNgs?Sy-=pm+%KyKwx<W_dQNVt_}_EB!-jn6CCO|{fdn{#PMUWfsUqj&V+()8XS
zYc0G*ZdHE#4sv!@FK0JTdtz{}V&>f!FkjKuL%y0zzMACy>LJvByhDZ*iPAfyxZ!)z
z--V!mAXl-k#`o4>47(h-K-vxXuV~|Ut?>0*a!Wo(fM@-D%H-9^*9)IRfXDr+m~&eO
zcoYG$$!kLR!9JY30X#f(un(sk!mNMpgr}l=jS|1|w_M71Kc240pryI8jr$MmNszu~
zV8a*~$$pDvFOdGlvhP)AFJXz{-oypcOqQriSH%w!q){yS+~6pt2+01pxe~twugbBd
zpx?uE6*Q=|#nBHdyvPZ*CgyjRnM)GdB!GWRW@hGZMMkd;O(fTb_LG}KB-X2Y;0l2{
zH~Zjm)h(Ice)oqi5Q4l-%#Q@mHgbK4hte|mB5OC;ZHlf7)FJV8eVm>ze2p!3S*(Ze
zB+-pDTg*SjaWGK%J9TlK>{BtF#tAo~7iCwgGg_sQZ2fjjiL(+Tt&9k8ccWk`rT1m4
zklx35>3y_@pG9vjcwcCSgaHuy&#2^|sjgA(6yf=7#b4^{Kr^I4rTQ4IqQ;Lz|EiHM
z*KVHzBzju0rC-kZ_`@b7ICwTChu_l_(lJWi@1f>TceBimY5ww;_dJW9V~o+BTn$cC
zpIix!-DbyT=}hg`Q9kEavzpf9{Hpt#^*O&PnOw{HmGBsqE{~_G{hNSXWO0;<j-9gN
zVXndKnngU+O9yNuu$k0sDr}_Q4em}#P)}p*OiMYu_u7YbB%XaUYDniw=y$j`=bpwF
zg^UQIw^K-rH)lfMAg@*pqk(AkY6~+0-%fFnz#%uJq|caUjjGgK32XcGA^qK(8{v=J
z=E~`?yy*afcfDRGf_KuTFgqLelw!e^@`7$SCoNk}FRUcvg%#UWqNbazBWk)im_Nz^
zTSo^)O*bCXYTz4pgxkBIef}sVyo`a$TKUGK@>;oqWyTEj+H>$lLvtDpoo+J-_JJG*
zoT3hU>+R1M_VSR(J$<+>O#if2m$!5lXVq;9R4|dBokJr@_)}*?jDQ+!%jCano_{56
zHnv3!vR_`9({P`yKY$o9KneqEV~f4Y&(Xm@v0)BxZEBm?8-uHcJVpNgUXsHf+)e|m
zTKfskRC1Zi7Du#^_n^jO|FU3Ixwc0w9us%%$@vXY-EvHdsnl`ysvw&_z8I+7IXF|k
zOTxcg>}x+H#~Op|VB3BCcZU4SwCSlq_DX2_c3ZNb1g0loZEW|@pgnU0()0}zXwx@O
zP?}zxLPEp7EMx!wgMZ~ay%WZ9%YXg*wYs|Vi9RgdIX^k0@cI&q;GC3=7``8J93^XY
z1?9G0LjD$1(h*f;&I-}7M@-snC03^BbVYQH)G-JcuM-$C=A~k)42x%f{p)j%)EAa7
zi3Y?c3Xhg&#jE1K<SjPpHqEyHbDbq5?Xy*;JHJCZ#nz=l>x7JWk9K_V{uNBJf?}Hq
zV<yn1SdwaNr}@`d1J>&N8sv>nur!%lGFaC7gZM@(P|?qm*=F4hDVlW9))MP@czCjy
zUrKbgNqZI_kqh4<-^Zethi^KE>I;jP42LqsvNELLjQCUT_I~%Dw+at$7wx54V$#m1
z+Cz1TgZLtI-=H*m@(T@Z$Fc6j3m}sZ*1LbPe^2J@lAg4k)PMPt0>Ttf97K@zIT1|N
z#KRbdNxm{mFz~<E|IB~V|4xDXf1b>D>qtbxZW#$FN@IQ6OYmW(_-J1XK0@P*-9c-0
z8l2Gk)2#j9=+G`=Ni*+NV}wa}E`^EWSrTh@&d-MK<g6g;GsVrX&=*#TCFv~E-xhaq
z{O|4`{PcOWd}@fXw4r^|bEHFlb#0=Q?^$vWR0ouQ3f5z+ZyoL1-T?Le0QIf=pQi88
z%HXmwaGP?x<5{MR=boq9k@3u1+&8GP?KD>N`E(stW5JR9RUXN{GC8Mv$M0p@$MC@8
zr=8F8{Kod(X+2brZ|eW>_!it@SbMQy)%s^p#<wg$ecwQRU;5hj8Uvl*HD8auLFff<
zMR8xfT~XYlI}T~{G9n5u-b_W|7v83d`@U~d#eI)AoBQgcRr{&$M)~4cx>3G9Ht<HN
z%rC_zxhSM_)iB&Q#sU-A0v-hnZBfhd>fHWy9k2fN{SjmWfpO7XE#7ux7$+TCLJm{k
z+!P5NkRHs(NNT0P2j%`La`Xtm7&3-EXTozLdrpPtw(L0$o;mg$3D2ia(r4KSC_Nfj
z6FlKU`($|I&A{O|Lq%V?v;bS~NQj5F;Q1~#DPbuvhYhF+0}i?E5feGz#k}8^(6ik5
z1a@AX;<*mVn^|&1g4!NNBY&a~P}wMrL>dS?UfqM-pGn*pM2PFGG`w9n@uHc9$~&U?
zn}N4qPR)!6;6eF9DAj-^DmQ$xq<gaeCO3Q%QO}rK%MG891bV|KkzQeWb*72)3$kAL
zKGV;~3C<Zt5D86U>;<vpb}$CDG!kDYB!0>vp`<F<oFrKs=gs_}<0ORSXGARs!-cC)
zYt4RAW=Xom7qo-2hdCGDh6=_>!<@Zu3jObwY|Su`<sZ^BOGy06Ux=$vOVVxr>FH43
zFjv<LRmiWit39p>(WVuoeP(CeCd6O-bwmL#ogEdyp=X}i^UO)d`NHNze+k0A6CLL`
zA2$lRi`10Hv5E#SAWlc~XUHf<QM{DuCOL$`ji8ho4dLHn{7ZzH^^tT*Ai}rV6*8o>
z4=2Ssj9eb|r^H!%$nfZ0jrg}CHtT0)zirg<Djfym43ox_8-Us7@I_wxk3{Cquxa-x
zBIjvU!rJJe?o-(pqp*m*sv_<eF&6o@Dn#TnJ5hp1M{QnB7Gkb66-4wyHAF*@{TvEg
z!@R<l2#Lc<;{D#lv5?q@Bu?=rPKLye&-vc346KGrl-7=7YB()GvI6h|0(A2O=&AtB
zMu2vH03X!I02Tyzl~~O9)2x_OHaDVTQV@yNNwD)e#{Nnw<L$$OFb+`H+Z09Yn%gu}
zPGEYQpDELukR+ipGm$Uss1O~lIE>)Tj`vwuj$=}boIvD;5VezATP?X&Z2@xI@bsO?
zO-Q=L7oPPaw|A#$$&G-a8wQ2ss8$IH?#D@i2@db_<zOM(y@l8wA;HlC;M=~<fY@F3
z9TMT$z(ly665;QT07O{o@YP*G;#VZ`A#dVDNL)n{XLu8*Ybm4+S=x_E-C*P@n)ngW
zJuJIfW<dIC%d#(xglyg~`;{7+y%)2WvwHxr@GJy`EHnv@2aION<0huvON;bdqVWP_
zHoFZ2i=FH&Dob?SULiUy9KFC;iI*t18GvqW=kNmKsXJa^#5N_5lrJz68hGnrdIymW
zRniUXqaY0UR;=MK*!{^W`Tpb$dVjL6>P4mcA4d?ymFE6r8*D@VR@@v_YC((RtatgJ
zaSI6M7ImIj@=O5Zv^CGveOusQm8^{HKLUx&&lO;+YI(_sK!A{HYP~4m-)t*ymbQ+#
z5NAo&=6@5-WY=y{oHT9<#Uj~Fk4XZ)5~vXjDzuwo+Lk3HvBb+=mBd8p*YR$W_y;6n
zJah)z?STl+-Bfw)KI@p`#@n3+IF;J!k9cE&chFOH>1$n8)t$@I6ybi97J)m2v^z^S
z!aEgAKb=56Et9swJM!z9W=FB;*zVXz{iun~B(p2*i%n=t+U`~OBRWdbMm-XdHu@2x
z#7wjzv$oX2|E$DA>Lo!9`NAXrkG(ICkD|&Ju1Y$j1A%Igr9r?%8%$&|(ST_Qk|tXf
z>4uD;;<zy)0Tl(I8=^oG>_n+4T6y#I>FCVpxQvYY)EONFR7@w31XN5=0S&SWR9mt`
z2wVC)=iI8^63|)x`M%%hPtx7@-nw;{bI&>VtZ^u6{=y|U$X`hE*Sd%kkZGb34)Cht
z0h~PBHc*eUH}IkPfMDnTX5Mc?dMd_aph7S@0hJ}BEj5wS_N>}(rXgrVmZTp2!LebP
zfpqH`uB0fsEb!_STNh&>FHFFPKd@~l9pE#zCek{xK}~nVpeDQL-5(m%2t7<Lb;B|-
z8G}(*l!k`Euyj4kWdsf1rVK{)EO7{arttcB()5tk3C4K3>f=%M@$8NmPwAsDo?B-`
zjOPQMjfc8nX_-Rf;UdR_DSzs#baP`E&s6ps!<rH?;&mP*gW^N!%DtThnKf$vFL#CG
z(J#NB{lNLF75B3slcMUuZ!szf1$I}czJ~lF$^j)F$lRh{$i+E&+v0PDXX=she*0k(
zG+r&Ns`0k*o?=<e;?W+_mt4J^MwBqHjtrY$fe)>JuCVG0ajAbPt2*zes<PVATyE7N
zr%+IX`bhM@sICB_36tU6w<4tiUfKIHqhPy5`6K$O<Q_$-bytA;wK&^g6FiX1xrad8
z)#0|QJ8z4obNofpmxQ8M-gF@{eMzYJ<IammG0NzF{8F-T;pumE=Etm-NEmsQh*5)j
zBDjM-HTtXzZCK09hz;93)7Y@}@GbWrJRuHr=6`L<050<o)}^S=!*{J0rhf0H*FF)d
zO;aD6V&Igy@D0}8Eojq1DC*8BER?^f%eN(O!wT$S%1n&kf7)|I%hKD5YDTE1p;MTK
zWZl&aJFU7pgy1sNGjB2LtUp8HicaxW+DC-1dVOTzD=Xlu9_lno6BCWEO3;^QEjI7-
zA$*hoYP%Uw+o*8U==(Od-^kj(PwlPHzK5D{vG%(B0Uc&hUuDLdDKiZvNzip91PYQH
zEy*{S{3nQ36OM_xI4&<oTH3&5E$bKWWNxmyjBG_``IcE0?~1BW!ZJcG1j2fmkw?y_
zf1(Yaw>*avp2EcH#+CI>n;DZ_+-J)z$UJ21pHeYR<SCNipIt0m<n*E(UCb-lH!R-i
zR9JQjWIoZfK(YsgswW7xnZce<wCE~0hBk4yCvdnm92;&E8!hKd4~qU^yl5{o&mSTB
zih|;rA=2+`_`i5MAj(amUmYhlpB4F9kw5FcT@*gqBzljH)21MY%FG%}HsnC75qWA$
z;BK0L$KR~KGG1)RW5<pdlgeLPxlU8~uE}M?$8#rsrNX6k9ic~|;ArS5<=us<Gh^y8
zufJcnC$Sh_Dxo>Qtk3y9ea=R5JE}aYS91FP(WX|iFF@4j?=<>bLVt7dfaC(rc;X%|
z993NT1Fb9ze+rxrP^_Pcf7<Ny<yeGO$rk@!lgNLiM?d{Ku!HA1$e&WTLKmitQelqM
zmQpIX8%y(rZT<qlj<yp8!pDsge@sek#{8%g?Y1QMlmed^EG<a&7s!pCouw;KKxLgf
zg2Sh3;3-cJk#DCIr``sO_U9GG`XVzq?Jk^+?g`}I4b<Mo1C8U&5;CS^a%@7?bAbI^
z%GHw6L$LOT9V1~Czgt`v7E&D$Gn=pozQ|vRnRU$G`c{i1e=qqDC1OTi|KVh3=3#kP
zZsoxWpfJHw;o*i-VOq^`VQvkFiR~#vYXzDYvFT?<O?+6#iJRSp(Gw44_{I6piJ1RQ
z5%Xt@s=W}o-qjo3mpl1JrXWkx2F2_L1z<U#?ho$Alr;tnkN{6#IOQ4rN?NbaGcy<%
zP1Yh9)K;i^pbIlG%+-35e4E9m6{>C~+0%S83o)<gCTL!Nn`m!zL-##I*(`dY&aCx{
zmY-(djScH85us{VhTyN$c(qNEFS#GasqM!gkVUKgD)0y#z?k_e*?8NUW()-LeVet>
zrQ!PvGQoejH6-s6&CJOR*N?eZE#q{?avC#0gQ=;sW?=wo>j*$?^rhAbr;DZ8`+%jM
zB&?K(>7)Hel1T)a*+5=ka+9qBI2nMYnrK)8p2`5G(+Es<1DG}zz-Etx75dmO!uwK>
zN^-3P3o^-`bD7)i@Hv8|`KgT#+3#tIf~UsWXoI$`2B0a$$u}S*VRB_1ntmUBe&Kwv
zWSZ!+^QXIUMfDlUeoWZxl5@H_8uGiLs|Dv$7Fs1`QVNA%l<b>@svMJk7WwVC@`%1D
zU8c+u5m6xAe*s@iwC8Me-yC^l_A-4C&QE>t;`qXe_AEG+tE>ltaCtU6<s83}x-W<k
zlL1q}wNI#eJf2~b=h<FM%4mJNMgFMxX?VL2!gga3eyK%dN+?_TSkM1T+YKCu<X4lW
z%$kerat-YAMk%%J#CTy&G7pn)f{8TaB(@Y(Z*iyNCf7Ro8Zoua=^I!%!JgH^@|8P$
z<8hap9CEGaJ2;Oh*jFE*{q@7_EiS&15@&n;7VRadH&Q!c&h(e>VKbxw`+8U66y>aD
zl28FN(rl2y{AQFzG^cPnwRo9hqzpIE>9bW%@Gjn$!V6Ch(yc{1oc`VtJN;A#P!Kq*
z-&I(a4Ln)!&RLTDjW{gdRwkvNLh+C|%xNo`;4`VB|4cl&Gt|_G#M{Du0`x0XY02#Q
zTs^VWHZlE6WC<i-`qJAZxFHBnjzAv6e<9xGTf$H9<vfIT&ysgToM>-bknT)ZMepu*
zr*HUD(OYYl?570A_@^His@^61bR_T!#{ia6c0r$%CAyizAmBh*;zT2vx`4F&$?3@`
zn$96nq54M@;mR9;LWbW|O?(o6h~^wx1$aBW)J^6*_snb|X?(8Q{bno2k|<*$EnIXQ
zgl5I2ml<zy@<+t<ZEE^VOn*Kb)=??o8172obh-O9SjP(}EO+v%VHRAh<X>oGp8a||
z#yotAKh%9Qtpps*M$W-D&)7#pNQlT%Z=&PNvJk#xAYi}=IW|r74c|vXKNuj896WxK
za*IVLHRAPIHlQ_UfmM!_FCogcW7N0m42q0sB===lNDtaR`setS;ZgjGO8kljaI%4D
z+PtnP^ZlU!?t(Si<<a!=M*vG|)E5BByT}Ze=nruN?e#!Rlx~vT1Cd4mgMYiy4~VPV
z7%)^o1EK1st{fR;rMTqN5(1_-$OABl-X>IEWJiMY7ot!UK)NA}4~W%=+`U9!&LIM#
zsijuR77-6a6qWd5*>v7j-HOJADdjz!@<FHEj;848Gg^W!U{uX`fBJfom2>e2aA=ax
z^i!DLF*@r4I=g|`y~~MYj*O(Y1szxL*aTnik?@>z6z4wxYj}b!%HpQLPGAiXPmtgM
zkOeTL?5gUrpA@RzO2qk}aHj7=#u*Q_@JW;R_&9!x=sjLeV{cVgkB4zBJ-3w8*GgEv
z6`$Ah&anxq?@QPvFfXk_)dm8nESuJUg(Tm_;o1U+Cn{OMO`jI3Fw?!HT;W1rlM5a6
zq45+V7`dY|fWC*?L_94<(Ok1rsZgCtsp_(ycgklaVf@#qgGy3QOh+A*C(V_9P+E$K
zIxB%3aOh+qINP8Ew;T~cg;Q{~<;!RuDc?iZWDg;_Y168SKIv25FOpLT?IDfX2HaC-
zOJ)sS{qTdOhLsv>k>p4ph3F03x`3G~gkf7l#8jDPcG~v|RpWF7jGP}ZzqY`i4Td~|
zz9J8iY>y-{wMbou>eTg&lzNOYrNhnc%qXT5<$p+Dmfgqbt6%3ww;^o>1V;Qguq4Cu
zoC+|iG1DyW(J)b$JlrOE*8^xyGgE@Z@cC*5ki_BBS_svLkt<k$I6M8P$iuW=sOpi(
zWLDWO`Cx~`)H~`hZGywp%nnmC?4Kw<Ls&?tIzf0V=Nmd$!FvfiPn2h0;9S)|;0UtI
z0mB`k6SY^}_M3<k^|%vGq0cm&*ckFQl+zhv)bpDAOdDv05yLt#h)0Lbb1F7l)NHGK
z966FYm0^f$87tnu*k`&%I=zqBNR__ShH^0}EC;kCH%VbO(wW&%xfj@qEx=aPMza-}
zTLMXNLNgCVO;UKeAFNX##bB2s;KN(rMsdl*oDZT}1T!EZm$6}q{Pys$Ue<@T@}C>l
zMFDX{1RzfGCCd}+0~_7h(YK@Uco81keiH$YcSpkG3j~kF6MV^VA;PV?UC;7?xT0dh
zCGtBCH;cZ3pRwE?L@l;zgPHvnAsLhsScU3`Q4cXM4kwO;#Jyi+8>!z9q|io+ksBF#
zANWtK*sz$RI{}aG#qX2d8>fZWOQ_z8yjaAVJs%AZ7*FPXL^6D%BAVgXQ<no{9NZ|2
zW_J&QVqB7diSQ7rHpdt_$+K+kzLGqWSZdkLf^nt<TJX>hLtm(9N;x*3<2oafKXb09
z*s|SyLkD`~Jwz$--9#;cEEdbdky?rvs<gZppkGXA-hLOdO2@GskXjlT5Od(X{wP{G
zy~4@wC8kV9w+YnC!fviN@G{aVYlriV{52eJppykiU*R4*wgWxY6RrSArU8W2LEHQU
z81ol+f29v#FD?L7J$C`4r3Un(*RZGx{umUZC4`rLEW$bOAk~y4w~O|3LbVJ_tBn$U
zqgKC067Q0~jOGjp@0uYn{<Yf@V7Zpu-4d46A79Xubjc*@dbWsZuyXO|4G8VCoC@>G
zl6-|`(Ox%yAWXFl<&kEbvpOA~aN1AIJIol@DcFIRrJm*7SB2TO<s_|&$@VgoUiSxf
zWvXs*&%>8Jud|OY6T{w+g64?HXk+DVNCOP&z9z3SXDH^M@m92P?gNriq)Lhq)AQ$r
zR!-Z5uYX>DJxbDI8og1-2HO}O>}tJrQ^(eiV(XA3?@mmy0Xwu)gB`*@u<GMqrB&x%
zk63j~^tg6Au6iN>U!eM8Y*S{Cx_b;&;*XK&e(bX4BRF-Q5BF;9oo|ii)Kd7a{-997
zgIIYBtGoxlOYmKLK%1ojG&E3}VeL-s*V<&XVs8k|QmERGgmyK#xHN>OgRe#rZvg*j
zS6~vd225F$f(l)SR-`3s0u<q|>oq%k)3WGsL<7}iR6!Yz05v{Gt22gr`~!T4M-W~Q
zsy7xyfL2bYpp}ZCRchE5GWd!wh=Q+^`4RBt865#Up4-EdtY(-fG&z9mkMi+^2UV|d
zCHFH>xgtLrD&Gi0<!d@rt_P?*r1g!>j|A|kxkmtejwJY848wHqmtd;_LX&MVuStj3
zXbnFDqNe-^5EZJ@g6t}E2{7G~XXT>yl}D0~f7B1DiuR`JK7cXxFHnGXTGe+T*xe0(
zqU;r!{r4zQxh)%Gak;Mt#F(8~!|364mFvhJ)-ziS)-XG8zeg3GtBDChqRh*Fk2l)x
z6PMPaJqyXnqwT|wiuPmf-lB4&=$p%9f0fMM*8Kxs`6G-YXLX|x?165WByHcC%jxM|
zYcWBj`s(d0e$k+L%p!7R%zScSKKH_WrqO&Jf?Hn?Bi~aEN-Rpm`;X#oD2uN%RR_xh
za96)BTYNA$6@_t;{Y_MyU9ugOYnC&3TR~7!Gu3Ht@cf|tJ+sEfv+=^fjj!+VnXOtc
zU0)&w>qYx!sC9qiyq|1G$198D@SXc7D*18QE=3G=@A<p5w1(WteUpL(nOkuEUG`@8
zM=r%G1#9uWj>?bNVjYz1XXn2XSVE>zqsDfnrCQgulcg$~%9iT*Tv)0V;rOkh441rM
z0jWn9T*boE-71keDLF8QLc4zZI7dFrM!<Zhd`!Ki7Zc1_MBk$!SDvAji)L`bGk$ZU
zI{`CBnJX8~B-iVF*z~C2tcPYWo#sUhNIoRf4S9oFK70TttJ)hObz=8yrWky^n;suK
zG?~aqEuo<g?qujM^z3BlW_^4(xROf`?i)6^I(5%57~J;IgT@daxPc8Zt{cYp3G4qv
zmTLv>o@B6K&D^LS`75&(vSR!MiL(1R<pVCcO}*s>=CBr>aP=h)6N*)I5-rd53`NV^
z^Otb6Je{*K^o^J}DkHUw1T{u5vYKfrtRMpmjC?wyZuk@PmA0<MAQ_I;x?``pd*Njr
z!p7K``<7^EBw_t5_jO{hb8h;j4R(eE4K4O>uNlAv`o<VpRXopvN<9RX+HyTi2RE9n
z^z%s}?XXqVMzKO~QYgO*Q;yDJ%2B8Cs0DRuNI7U?zJx`8WZ~oJmM80}j^Rd0_H-DY
zi`ixjQG=t%Uayj48j`ep=H5Q_{ZI%7D=wsAbD=ZJzGw6}icVV@nj%}(hHv_W-Pa}M
zHu&ttAT*pZql!ZOFt7gC$h(n&*X0|c!iX)Ws~e7<=m5)<@eDnS@$byKpZ2p~_vzpw
z3VRppjCVCtf6mg?pZbQ5ySI}Kz2@Fah6j6%`9OY>2K)7VRLvilC-kdWvmzY-E6eb*
zyC#cmU~OVV?6^L9;r}LH8IA8N%kSgdmz4kx`}<&)^j%NF7U>^>jfARqXj{+WF;prn
z4Dl_|AF6%^`&ty&O{jiShxVIqCfA5XSc)E?yVT0jRC0f79&h$c$C7tacv#jli~5fy
zauJwF@p!2)*Mb5lI8BdVo5`s|Yy;5beWa+&PjR8}A*fzAhOuTCj|rY2yZL%`AeP!2
z9Ky5pc*AK0)M+?V5Iu>_|8T<Tdx=Fv4CyYS4Dyu^sg~~a@LRABrc3J6WH78e$t={j
zN&X{=lH4l!4=1}a+Z}R~qjGme0qQXvF^Y^P4hWN!T91kh(`dM=Zi>|5!0+x8ZXUt8
z)9A|TLS2rZU0DYvxktucS(!e^AJXLvcJW)`I%$#UZjW*Ilb!rV(d#z{5;0(oyckXf
zV6|MQe5XyU{PbhSQ2_ju3KdgO-m(fMWWI${4KZMu1vdHlf%u*|(15`Q9553#C<boS
zFI4?L4vmoD`jL64!Gw-C7&6Gr`o7batz|~Z7s+~v9)>GtGSYW>lbBvB`p?FT_N{^!
z?TejC)=`Id9XS-`3abv0HLoz~M~AoE#Fc+0!-Iy)xfrXzJ)&-3MgCQQX<-M*&ritr
z%O)F}1F5$#Lok|N6q-c)2EkVf=L;^^E@c5QG2c&h`Gyb1j-H;xqf7b^RjikMp<oX%
zse`jCR}&Kfr{4r`5DNUbB6w3B9On~Ty=UU)S-ow^Le(7T76TepVgFhso+s>f^&p<q
z$7C$22w_DjK%cbQfIjK;Zl*b-FSX23r2;N3&5}Q0Xv|!hjTaY)z$80WnQcP7D9JOM
zU3{&SdKQ(U6YN<QlxO}5A#78D+#Hr?uAao?A*fIFjFk8$)R>Vh<mDB*KD~*FhciUf
z4SEK@$7B2f?GCiZLG1KDyHTB9Pqps7tZd%-U{Ln^1Ln#-eAi@~T<ibQQn{D!I>nYO
z*ZU7!b1M(<`Q`(nUrn*`U15P`XatoG`6MoP#AXIE(Ze3f7=VQUvwG$QDko6XAv5z3
zDG3PwFT<lv0=yOMIKM~qMpr#wzZktSYQjq8@KMEuz@z%oL^!G=Ix3jqwDxk(ic&B~
z$d~-OZn=AeZdrRC7e&PB<f`T(rcZ_;K1BnQ;dJaZiSodn_4z%M;dJ$6r%U-Cs`l?T
ziN54GJm=_cp1aH)XI8Ro_?eWuY<67N{AKsWb%QDs79}e^g;fp{Je49QHN|9MSrMHN
zSdvcxkLx85FRna0vjs3}jK8B&A(B1QVbzb){9wH_{Yh*dGHI$`+~QE4!~;`ZgX%Y6
zp3af`z3>!fgm)=R%(yA7+EC)x<*Ts-^%X7|J^?*UZxp>7rlPjoH<YAk)2B)NPp&ab
zES_dVm1mLC8zKc}4RGcVj{sZiKNl~0&+)`(HK88YDy|C&%;aOD{kZVN(>UO@p;CUk
z;Qbw4YPYcblU2`h5n^$*7$r&@T=IS2!>uq#DT`6jbi|1)=vlR90*b|dAQ>pT)0d7y
zZPO8^g>m8%q&wwDNoQ!5eEAztz=c9_#f$3{=tB1L&Cw%z{9!8H6dF`DhIEJPb<{Y7
zr`?2Wlsr>)jqudXQ7ddKU2*C4y^5`G_AgoAF8nWF-{l?G_vxth{axhxE}L-a^_?cg
zu5XvDU%0+`ra)4si~C6I;y&Ez;x5F+^~NS%_Ki(=Yy_tsd8{QEdwxzz@&&R~OryiI
zLQ<9(_J99%UOz7dIT43tr$Z^At@F^<0rN(CM*>wmJ{Bz_>io%9P$RaX_$7KruO)Ng
zyUIjfbBzJC>)A}{sPPihaZAzh%O#(e{O98(?|I%S@786^DIK@;xu`95^1B7^3sGD8
z$H*=HhiIjXq#5?LSiW;VE-CI`O8I4IaU$=;eO*?BYJH5cS=~ZXGB<@sNWV^hR^MUN
zm9eS%^1p!v$Y+VREVyui3+*wxiz9oyG<J8Vv)zpvitsc7f%bUE-MzXDcDLuFEy2=g
z{Ftp2<>OX8NE(h-+$9v;!`RZaD-HP^{D5YN&oe}}H@Gj^q>7wGp&b2tyLcD(%;w5>
zAxo3t^bPMRc{gNd9?EPXgb95`?02H%Ei{|OU>yJs+VGc%_PQm{!=Y}I_#?;|uPNpM
za7xXtF{Ku_AfXK<J`uo7!2o}wrSy~Hn()4VE>x}6jomFS`GDkahs|$?%|C`l920%R
zGsBB1*}riLML#<EV@_fGkFM%NLRB$ozL+LnPn~i~tw#~Ce3&fgplE`ee+uPi<vm6D
z2&(hsz3PhvsA6apQBm*4bBv)&Z^{Vk5K%QE7n&#dOssDnZuo_?(<!K|u;5e&(^Si0
zs^u1;dN&y_4t1p;jGW(>df+iOzxJ5<O^BMGX#YlJ^AllyBF?XpfpK_#YM_A76V0rc
z%`6y+p8WZQp7d!UdYXByl`Hm{uElA&*t7t44{^~G3Z#)D(pW6v=`T^(*wU^;Dtl4I
zbK0u_pxMy?`h*7nbnb$d;EM2lof)POJOZPHQV+K&vqpPZls^+zB`p7F0!6IZ$x*}_
zOzdOiQ>Mr`cnc5vD%ZE~xLC*<E6RzsrtPATH7Upyq8psNRoy#s0QVjr5x<CT!^#xB
zcM<^LoxTrt@H)GnqBP)v9+A24jA%^bgJjHq^5#n$^IxuuLHerR{<^0cEYC}8CvfU3
z4i?|02b3|->6Cmci(E76ljSI}>9b`y>LuX7B5c);;8?0YsQ4BuP&Kwyy<;RRo(jc3
zgo{t=#dD#z<E*#tKB`saYY~F-ZT$>~>NJ#M^hJm2K5I>MXF;#(o3CLain(gzNaj^A
zRb8il%T+(nzon^f!Z)Wps%{N=U$2J`^+T8%*`Vt8{kdv&sEb9RE*=SWF%!ON8R(EO
zj5%bNV=tKw=8!F)PDR0i<Xx|lK4K(#8l3kW!F~GUaPsS(i0yg3{q4{`q(6<arx#6#
zus)Z+B6Ii)hKruJUKjHyJz1njpxBfzxT?n8v#P~y7g_kxgX*7#58yIenCD-lAg?Zw
z<4DqiZ-|VI6$&7|oIG<-t}|6P;>XCodNj=^{%ZtPS>yF3M_CiK_dP@H)P&kTa2^sV
zz?JS@9t@UPNS8wqs3Qh52hA>gAJc<m7=iw2S%nsILlO)(ByXPqA-5y<oQ7O$>B9T&
z3Ar5=B{H39nlW-c6y;(T?K(y6J#2t(JE%{ozDk#?$sgD%+3#h#@6l=|Z+qKTqx(W#
zfx!`Q5beEj5L2!A`uk_k2)%w+7j{<{*})4(;GC;!e?zeP1NDW2q9&BAnugNIUacBK
zIm&*w=|f42(}$7~$A&Wa)9!32^Lrbi7U$eE-&0z8f0-zk3=-GkvbdoLepy4~yR{46
zzE>@onORd%6+{sgEK^1t8__JM&z1|&8mGr1JqW$`!QSOMXpFHj*Hcop#V4{*xO>#;
zd(cYQdaru;?xAQ|#a?1Y!)^I(8<J)i`qVgmO4HcyS#fMi&l^*ES)Y>S(<C;fmoFPY
z!DpwkdCgyV|IB-4EVv(MQlFbLTc3^S`vZZBQ2llSvjcotpUAXNF_gP1kF!Gmuh~|T
znIJ&KRC9f<g#ea{d<h>8VW7R5{hX@*tYHIfgbyCy(iF!g(8S8O>ru-FygGslr2>8X
z@&Q<9j;Bc_ytZs~2$qdQK{#p+@`h@;WT9#tvD$nc^Mt~EP}l1}5KPn$^&j}O`sQ`a
zl`ZnnAkj+`s%uSL$1tJQjV8maF|u?s;u11N>+E==**rVj|Lq&W>4uglUI`uSDFDmY
zt_z)Ni*caWcZmE~U14Genw`S~>a6h={TS(I`NN)<I?H$B<Cty-_cTKv2A<)Ps|Off
zEcxV2`8=nC*vkyGP|Qs`Ma%}B7X9EB^z8iLCYsp6&6Si}IOEV-)Y0#-L%W+}kVW>t
z78ZY8caW)PwsG`&3p=z{{m`;lxW0tHJ~=wH4ulB_YSy4Bi|Q_7kbrMc8!{MWnX7)1
z(a~>Fs4k0VJDM9+TCSI7M3q*>hZkSn`Q47-B{#hb+w^+n;+uZs#~n9)L&q_u#Yb-X
zVRe2kMP_~FuUVmD7GnC%*_QAC$HD-0oO$s<>fxXJUSg2XeiS=MWT%oSePcuLSLTl6
zeMYxsyyTnpWLwLAd+|44{!hOdL-hjd@9v5_1Bf(OVn*YIu1I_V`@&BHgQ$bQ-4T4B
zH(b4is_Q5vbRskfT-`<t-Br@18M?mYh|UJAzAFGvXJQZjC{oDT4SZzCSw9~cBO&Ao
z`bt}*gQ$s$2XcX~XCjNcQ}GZk@ZVU>{MwxIRpaaPuLACBUsT&9YMaUh#-63Y+{FfS
zd(>cV!8P`db+Ed-qw0Rm>V~ko=}~p}u(~8xH!G^{zRoA;JJ;z1_mWrT*iVb7r*Tm|
zjbU$jmDS}()#b9fCs~~oRae039%OYBqv|HGx=E~Va#Y<UR(CzCn;KO&1r30rw*Bo^
zBVO-E-C@uF*cuyuV8a=s!3)@6Rfm|tYxM?m)km?xTOAs_8)`5W8@$}1!I?8g41^o7
z!H*ppq@Oby^u-1P&c!wue9jo;sbq|N(V@X*p$1=L15<|v4}@OvJ~p_cLxVG+2EW4w
zKXzzv^LeAeBiJAherj>rRiTiv=lTucw0>GID$udo%x`uC(fGffZunntjPiz#I`H2p
zr8JY&L+|DT=!UA0h6N6h*;G9hprD96AN4m7#d!7_gJLN9H;eiRbn!l~B|tmi`RU4X
zcR!}p%uuJmH@F%I+9>^%8LC6CoU0Z=AKE~@Vy>DNdTKCEE<SQ<%fH?cq=-usNHAt#
zEIJNs#GXK4Bp)%e@A_iY9ViL(4o`v@pr-T)2B<DQf&p5U9>D<p6@I|HuGHh9{<iM`
zx)vT^wu>z?s)Rg!>7ql)zwYmg?&46Pb<=Ba3)Rk2i~Ab0cJwtuPv4+_D^W+#Hx`z_
zX;*<$u4?hzTZLx7zz~-39sExv?*{bwQcW;O$^Je1lhgWZFS3t6v5!ATu3=*z<8|x$
zM654i{NY~#LG%K?=iCz+-Y0a=9O0kt!verw9Z02xq;{U|nk}?-59wW}sMGbf=hW12
z6zmk$sTcnM#i%dP^Dk|2$JfVkO5s$|+ZMlYA!f~62)FO)rlk_!=m_o>6;etll?a{~
zYqdW{W!=S5AiM>l;tkgt=2%Z-5!r5d*I;?Pd%ub*aA8#=1u;$6^T#mr4#Vhb=3}9V
zbc^9mr)FePL^`d4h43Ab!cio;*PT6)yRe5_&%@S@*JJBGqoDOVLy!LB%`A9b4b(+u
zX<{}UZ(h%=lfFKfO0AsEo>BH<QTK7;3*;#n|JrR!ljL?`Rl=)(WrCmwi0dA-9DZVd
zAN+*2D&3dhPs58d#;s3z#7rjm=-MaA-w4*hQYJ7~4$P2ib;(CiDK5grpX|1S1+sck
zrFhtf(;}vBLv`CtQ9hj4kgihV&q}FVCfc)_+&4w)DfgB}+q);2uV?zoM$}hc5$nNe
z(O%5`2af^Fs}B<o<wzs<-d|;iij*C4>ut{rim98!zLu6KU(2+xujNJ<(I)rkXkW{y
z@swQ`;cwYL(%<rr$ZI8L9tzwSM^Qb{-r;vWGC6fr`~VI{iSjBbTvh&?5u7?8egMg_
zGUJ%=q71GFTfa9!n}@BTpl4<3{B8nC&9j+d%n^0`NsiO6JJCV$OvKLtN*t{7`DJ*(
z_E~v7h8i%#tFB9AKkzyvXC-1#33%-scn5ZAq(v!HzfWUtHM5x62i2bj2wcbf5P#uy
zS0?7}gHNPU&?ohCV3y?#PGv~^8w@VVVh~?|=AmZtii6FNNRAlVE4ckzNLRbHlMN#f
zx>5(B;|zqFg{m#kag@3nx9W?GFz5)?sP%L5^&**6)L68aV5i>G$CHNRNz=!ZA<;@l
zjwj>N;~5+?9`r|u1ZfzHBVsI`ev#vN11~7Ydww6(%=k@(Z)i8`l(YQI)HsB5v(;gl
zZ0pL@rMpdZw10o{GERoQSU;7I5}pBf_UzbBER`z9UfT4m=7M2*CYXR!{_R363(~9I
zNIiWRU^fuYthTRteFCR;AI^lbj|1QGsfe6`GSZ4XEMsN;EJKwaZmpsj<9_wbwTKP5
zDNGnIrorzF_?^psCw%!D$wZsrLwyx`4h%bIge(6T%O(xC67hIrFVK|hv<z)zC~*17
z9ze;i)COri(SW<2t=%px?1z+?$Z@|=#nx+$MIFA2Eo%OW%cyJT-c*XX^1&JwKIU!s
zjE-Ne$H^_{>y#oBo_{!@ld{DJn}BxJuFPx|S#V+9UP)M$pBd-Pd9o{za`zWbA5b{^
zai?7GIiP)-SyLAszr;!cpM3Nb-b~h#r}RwmY3ggsf<aoqcoY|;7=b%nn8%@#9y^19
z=g1SCoL;9Iam{>1EVnEM)6c-fG%Jyd2<JaIDPhp4b56z1attf?o6#A#jA+f<B%4I>
zD+(1%>^l0uV@&*7q8sH|@q$;Ti(j#w`o!CP$Xcn4df-AgU3Sg2>et*9!>EsN4?c`F
zs`NIq)w6~&Fp~#0WejD~7bg>gyvM{HO$>ULli0-wF;&kD0y#a{Tn42`U{}IZl2T|v
zS4hTuJ=O=)9_?b`5y<usWs8T^dC&8(ItLKLp)ijgg<n6a-+K0t_cA5e`uNTLL4=#C
zD|Ur5emU(yj}x0@Fq{0V`&fx(yyuDt=?XT=3E8;fuRNUSTskgeoVKY#^*yLSdWBeq
zv1{#kibsV{aTXN5PKAzeVJ;M|ph8!;&>4N4rw5H2#T6VJ=PAM1^FA}wpgq{13ry|M
zU`o(P`0_nAC<q3Fu^JywKPL5Gx*mZ#8cQ9?zGQZTdQk^bwE}wAK14moEc|mj{^=eH
zm&A7)z=alhs9JlOl>>YSO)Pr6C+b5R#O@~<YNoV@n0nkw_3J^#wPkHr#<E(~_qwtU
zQ`7@5?AKK-f9T2#FSB+se)X2Hf)3%@2;_!9Ebmm;m9fm2DSFnHW3RCM+-aTX_<n9C
zSuGEHENrz*_I*?JQ$?n<Q-Dt&{ntL6Zf<s)N*X?wZ=nhdhBW3j6_&bs3nR4XNPJ@&
zI`ZZU&u);Gw(BxE{RBqKfzVGsx9X5b^e)Qb%EvoCMF}iAmH9@cc}8=F{yT5l1SKaM
zVSU=!{)p@Wk@cgvOvT~2OrI~_N-^D+uE$l;wS{-pWgardP_>vT08fm@y}#0-6tw}v
z<&Y<}X(>>=gNif4AaN}P9XRR`{6&<BWvl^{c-UrM0H_<*0W7c8+oY(4*dQes42KH*
z+RXNG_KwtOe+;FFl0CTlm7sNA<`(sV6KM1o&muRQ>sZ2q2z%QM&OMl=XsE=wdRMc{
zMb}VI@qpJIw@!xs3bTRaXCrsYRI#FOkoL!GxwYL4$l0k5--Gw9nr;^fBkj8iO)_e9
zqh7SLkGcQ-!ts;<Ev6BKZvejDc5(HLdH4Tj_Wh5|Kug87pO;L3B5TR8zl!`OQJI)6
zp5BYY$0{7)>4Ru$hf3pwp?^fMCVSnVu8bUDjQyFF>1oS`TFH_*GGS%B=*weqz=*2B
z_l7*wo&W$Ia{9)4mPxQe2Pg)YW{tk@nx&-|j=}+RmlP}cV=2g#u6n*A|Hoi!E${x0
z{2QD~DvOeI0xgb}9N@1oCXo93`-VW@rr|Dm@o+P`WXe0qu}gbZG~5|3VowJg;%B1V
z+eVShB>8-YNTzD{r;=bm-{`rh(4s(nb7LauODsA~17alEH+Y7ii{l}ox+_X1x-*iT
z&*tYG1C&~*N+JUy56j1Lf|l96o08<Z?O2wHWtfg~%wn|H`3FLCb&GotI(Gsbzj74e
zIL_0(KAw+=#|F=*c<iEX?QlGEqiP>$MwW+C-G~a#?prk>h}vAC>LIkKxjSP0JLbF4
zJ5pcyB$0F28w8)7&YfPIFP~A<Y#m?l8jv<eu%W8P{mJ`0Ef0#MDLTlR?pEek5@{rn
z*<v*Ev}k)YlNP6O5dlkq$kuje>g?ZcPwg}wc?rYShB4$Ym<gGZVtjv!H`g3QdoI9h
zBut11IoBd7U7Si9?1kAi#$$1Jm*l~cx4>);yw2%LEi}?eua9y0UCDLs@;e;hC?NU+
zIT4<}LP2C~jC(?{F><aVkKbZ>Ad88SV~Y%l(f7)hV6kst7J3kd9A?)fTj8}c;IX?X
zHije@Sd57O`f9?&BYLcOM_UUlHa{6|r`qI};6>yQ<ic}GO26Qef6`6NdJ4-=k_PK5
zTHFgnh!&Wb(h8_e0UhydIQh6RV!Fy)Y~<NCtKlDpCtPa&NmL5V6BOru=8l6p5z1bu
zB$0X~iJ2!$W~VX>{ymC;EmW7XP?hY5Mfpcb7{3)|NCK&a+tsU6DVD`hQC86}Wh_t8
zEc}QrMZxJ8k(gBA+E<8z%g>yl6se8n7sHn&vD872z`wgyz;4SZB8Odrcfl5Yh3_hL
zqAAoV^`jKDgE|anb4qnh*&?U?1o~IAMhLQ2p(>4T%RzNT3Jy!CqNsq13uq}F31Jz@
z>ycf8t>TJhScSmLJV*S7nEt)E^a39a#{m-n5`H0QgyVo2s4|T4(Q4h3ipSe{hA8)B
z!5iQOfyvYvt#{P;gsSg}X@EP{Y4!LOIFWW7AYR{a)<-(bIvEdW;}x{LSO3DX={7@M
zL(_eqGZcq%oG4E)2e811ub93QSOz{S{K!!#2}Xn;IhrpYja)yurd?-1as9M=qU58$
zus;lE(lZ!xN25hdfkm7koA%IKw4RK`g(0&`h}b3uHxngrvg`wZo>;teE5U3y=n9J*
z1i(C1B`xYi-|!5r55xEQ@@|S@185)i@HZ~yCRFByBe*z~nQ&;nbK3XKi+9R<aSwWs
z{gpa?Fzte0O5Y(ZJ&!Y7k|;H-$2r1poZ8}793SJS_Cln81&Tg=g>*;E(99SpA6`7m
zsmy3&);AH6V#-wv5o6yq4=$bG>90oixM2{zx(?{2Grf(SuO*2F5YXvb{1;kX?WNfG
ze8{j%_9OHAy5y_%6)oTb8^|S>;>QGa(|L3}m%mdNokQ0S1L0UG&Vle$xjq%Z{VhWE
zhbSiS*0;HU)oYiUk3_r=aLNTP9P#8XVj&uW^A1Yh3rUM_1m-|Y*YMd;e9s;jFh`QR
zppQ0A8~s}3BblvgDm_~dNc^0+Vw>Ugr(@Jk@ugM2s(yuW3w+~)6tB}aJWdRLAvRwi
zqbekc_EW-Bt7&a!1DvHt```L<9>U8+v0`d3mQ9CU@&(Mc=tCLA1fS_4HfCo%ir4Bb
z2C|GqndF8AsO(~af6iV`n>i#L_y^&rfx!_Gv&CH;pW>$;_2+*0j>E$1bpW$0w$||;
zbZKuFo6iBXc={CkOyh7oW*BihG+jal3B;y6g>j@J&nJd8g=LX^!xP!E=*}IHF^gP^
z?Qj%u;<=ckB64=xHD?$-C8@*NY|^Ck@1-c*1m|9rB5)I&do`aBXYWZeK#hDv1h&g8
zJpBN&JaE?7K!8y^9K#cqUX(uSA#UXyn}{)wSkzM(Hb&GLgVN8cTcPL^dOgrxU~E@l
zT32L+Q3Ao5Tu)l6^+4UsBAYY8WN2e0hEbG9X=y~|9@y1~fe?NVzzVzi4X#7FQ{E5!
zsXBN7;`D=({1d$th?GF-6JgeKwUI<$@Cd6HA(4Q;HyG`6DZ>GxBE@ENrtg)~x4}WO
zP^Rbus;_@bFpv?%qnd+(kN}r-iP$Y1C7QXnMItxEFtGzqQXlM38+fHNT@#m{izY7H
zp+q0o_wsfixBo?h3VcYBqN6q`#P7mI%&FYq5LVr7scP{IchnbJco<w|*-XyUALa5+
zUqZk8M{{fDa%iaojPva_3y00Ps+Nd*myRE>KkwQ2g_Gqb(bv8F&WQB(a4~wPT;jA*
zqB0l`JTnGc+~3LxmUy8jOu87U20&C7t&gaTL$0;EnjCNCG+3%GqMVo+zT`#cr*p}*
z5~ZLg|6L>{)f+uFsbfUo=1@@JGa~PI@@L4Fce7L8;*>Y4yZK!d?n#vV2jeICaw@cL
zE6|t|_EB|Tuiv2*(=NJ09gutrEaZvhGvzu2OBbQ1$q#I)9~B>JLEHdNt7D#-x?c40
zqdQ3w*7b`>{u}+%Ly2gS<G{Vt?@cKzkr8D!O2-Izl>3NXsA4nL=7%!BGJZ0Algzh?
zlqjhb4Q4p5KHoNvhp+ST?eMt(KcVn39{wx_9J_$U%UAFHHKX=sbUsImUW>j0-`-&)
zON|g`U8(!upWGP)q6yQz>etcvUCDL6&(KRswmxD~^p!vL=d^c2zP<Lg{<;7~K)Szg
z^SdW@k}|O2vs5l5xp+Y@{5uqut|<AZ91fjI5y0CP$^T=bByW`bfn--^^Tizw(I-yn
zH-dAe`qAsKcM=qAFBRP1p&H{W4Ahx{YLD++{AaGzI?2Bey$-FYJNq@NKE5iDzr)~F
zG5Wkvm`~4OiEqY8oucmFx)J?bx9hnsZ?99YUAaGadj#+s{_8q=wHSf9&!MlumMKGE
zkpNLIqO7ZR_!AJ^b!g*@hPzC~^?9H_8v8qa)2w(0^P~VK=;Bxg*R`b=D8u+rZM2bK
z2{4G(k7=~fX#T&lhH`o<PcNrD-9n1nP?}apLxG-{dkL3UpFbAP@ppQ>gHFeLW%PJ2
z>wLTe|Ml_ix&A*o-g%Rw#yfp-r{kTi{>$Ud{LhZJ_U5SZzJGJ4<Nf&HzdYWh*ZnKw
zML{4&8fnKd4u(N7M|Wgxo36u%R7b-UCST_#$oGswdL*)R*eKq^=nBHBBCCyGh7l}~
zJ&+e#bp44F=eH9@0xy>CLCH<^<@%k{iqg5N?)0nJOzJ5L>J>s8ln^_d51T)BB47CU
zf{WkfO5FyiV*Ik+*)HEb$6TpjIlOxXiLc9B)_VX@5EF*};sH-onC$FD80w{7sCtU7
zcT;SZ%AD)CvVbI0(6&iR?;euRbR)x3PQJ;&Qt?h@vL)n$4_HM5By|p6M=ti(h|ppI
zl$QZ=4mv)y5O&DN@pj%6d6Vix?%gCNCMi)R++29kyY004{JDM{a}s0xTr9qsj7fi#
zdn_2Mhho=l68%3W<6u+2Lw#`1$Z%)Ct6bw)9U705@3a-FeE}HvU}!XvZxU0ti{3}u
zI8T?#9KPK%O7s?4<1)9vk4oX0S~2}sZMl^PDn#WrOYX8P9_Y|9F?AcPzQ}(G1veUW
zw;k{812~o=i}~Q~_;N>(!l<+Z*QmX*f<VXH)^lEeQJG}LfYzdS&u)x{4F7&7+M5@2
z7kya;#LHKrA{e<?->8BG64{rU)wfPtaIvg)hCZN2i1swbMg_+r`cl`4KZ!1XLzhbb
zPhH?H*JU-jb4Wtodc3#6EJe6zO#-T$vw>JAhXn<C<PGjjKLf*VclvUc75j!C6fqB!
zd;$4a7R<M=1*K#KOgd~oG%o;HAPsp<InNpj*jt=Z>`OifpJK5>pV^}CzgX4eTxe-=
zcn^$&JJm7xo)IH3LshW<LO;%Bzp!9XwEy%tRXo#=BgaPjk$FedH<QULNsVjoN21%`
z!egQ`M!gbRF%7QzWHJfF)m>Nxq<vc*Q#y}(ktv;TfX@hi6BkY?5-}|Eut{kE6)B>!
zFhd-+FkAGu$BVw?&El}zEOb%jH;HS;(ZD#1Xy4?12(id8;JIO4F*<EJuy1Ghg#ydp
zAnyWp_t%^e61k}dI%*b+OmLK!VMIgD6Imo=s3BQKUUqm*bHj^uH+mxd;jYn~`j>Gn
z!4B~{O5|^h%<i{|EE>YXG|YvReiASDz>j80LCi4<yEIO;H!iTFY{9#`UG(pc6XWAE
zH|ACyl7xcIPG43d3ufIacu|Q(!K{7k7zFUGPWw@G4-|?TG0-Ij!*<Fl9OWFL`mbEr
z-BI1u9rdySfG!Fhw+Alire)FZQRc&fPZlG>SD#j2PDVf1F>1+a+~F}!`9YKpL2Yue
zFXsS;sxD8)d)NFlyagc$>hY)Z00K=1fNgDq?*N7Q2ij;gjq2POs8e_6v;-s3Q||wT
z_~`{c5<lg97LA|&ZF=|CJ^!EH{S3WZdGg})?w_F#CGBDQFxQ|D%CUcoKK$PY&o{<J
z!t?CLPT)Bren9&rU>fEe1Jh_r2aMqjSA0(a3#??;x0>{T<>smyw?}IJ2~||yx)h8D
z(Ytg7h70i4rD0A7tKfZ1KLnQXl{pz)*<Ro-otdzkrb;*ryCpffLGtCGIVDip`KtOU
z+4L`J<J_wO%d4W&Ehfg|!^it^+8<C&_DSgYTppV*-8lvWVpg?t;diHSWe19VS+9vo
z@`(s=IKAHh0{Bu3$Pp8vg#zN#=mBx`m^Y?yR9Pc-O_pP=g^P}-=z@dQX?u*Jgob)M
zfdrhu5HH8j0xz{4j`*_P8BSl}F?h~<5Ds_^9Qj08qg9dXBl$dL^(B({F0pb#Rc}-d
zDg|aqaizp8l60&e7dYA8;n-y!Gmc$Ybofv4WA8D3EDg@vso8Me<h|;k!*trxLh>yX
z%vdH`gr1Y&Ut*MCqziEyg=Vp#kTmOcES}{*cRnX$k{~4xdJ}zU!#dBb%4Es0$jZ3~
z0@MH*FOFG}I|8GR_T%oT`+tF6Enoj1rdQ{t{(pM)GxVzM(0`m>eRID-uUdZm58Y=_
zAI{=4Aaoazjt|ummQV_$FGT+#0P_tbaI5W@5{C)g2AD>WvfDx_%u<}GhXC4pr&C0?
zj8ef34{qCD-Qu1ByfQA7Ro(6&(S}e}!BGf3r@R+CYK|Yltw7*7A@PS@sfStU4khQP
z(_W!sMpp{<a8~Uf2TUcj|1-3QN8uRF_2mUiQ@6`?9*kg@Pp>tiT$PCYH*nt~nH_1$
zsYMEz4N`tAdiO2RSI1YIj*8wgm2+D{{kLd;%B*3kRPzL1@1xAGl|LGzO$%>%ti6-a
zt@L90m!&_kL}^YIG6P221sw(Kg=V1&z1Ljw1_`Zw&ZFf`jpsgX5W-Wi4(^E(-jCpJ
zgo$|Up9x;FOjWYB>kdYG2vz8~AhRY|Vv#pg)p#}p&f@EUEG_E16N&^M?nJkfXZ^Tj
z6&+cXB^X3Th2B2Ij#2@0^jMoqH<=><wMR?fGPUXZ{%A#P>tVFUmcR^n<jh0bV{jmq
zTf^})KhX2pJVV*E(JpB!GezvP>dn#QJ2H(~ImnCA7?=zU^=Eu!cj(068K>15OVNP$
z2#UjB*wmkkjo{$vD}PTW=&QL{<IY~fB}L#3%&_$JZ~AlEN3j0U`ZHachqtEF!IBj8
zO=xJ?J^WoxJ^2@mB46)lT_5KeMK^o2feDsmkU<fN@za}W=}Cz1SbZQKn9DUP`ZR4%
zOysnp$cIRWh1ymqB&XSIfDQd?t}A^%=2K!F0er&^(IKl2*{?ng9f?YgjTs#MDuB25
zSc@^;EXimzJixB_C*NoGqdy1FnKjY+Mdlyn8#Q!N$kXU{yt+Og{0{w+ZkojWl1_2V
zFR8ngIU6Owr;gv?@}HX$+^yfojsCVy4D~ky`x9AzDSCf>W}wpHp!!Ka*55z+8U4Wy
zk=$kwy|FN*p)d{2!YhFX5tWJNRzL6Q1xx@S-97_y?ObMSK;F}hqsz6Dq*w5)VlGt#
zE%Tu~XqrC&<_@T@3;Is%Z@!*VxQz`4InLd6=}n%w_g*VJQ$yyMQS!Pd`RclyNcrmA
zK^^6*xW19k|J?5q(KmKGfV6tmwPsk%1gCof7pbD~2IGa_)r9E-(0t&M5@y_o{2K6M
zMY>aO&C%b!3nfKXC`!SihN862@Ec<<n8g6=YJlFAGTywBcMp(|4MV92g;*jR%vlvl
zX!)z;SsZeq#nDjMo8GD9Sy#rplSJPltLoX+4WktSt;&N_RhXjWr9oRpVWaF@C$|=v
zdCbj(1nnFOqu#7Qlg3@Rb?V?Bx^Z`qFzlISJA%xAPd-PF;CsyK5^RhwJh`tMK6OW6
z*nxf|+nP=fu=y!>TUzS`_W(2;xT&=+&hv0<oyp^Ftuwp3D1~WqQCbpki^>9XZfia7
z>2il2h!<`x-UH}-Wu}tA+;VuCQfT!~vH;_-`@HA_jzGE1jFDVrRAPEYVlYTpp;a(_
z(p0y?+uXlX3RC2w6nLk5xl(A8i)`>_&lB2jMekmK(q7ue2oSJ#&+LI-DGAr$htho*
zd<fR0kUm&v2Q9$g!gSoZPD~N#J#ZdwH%dtxiqL!xwR%hWU_Iu8=jI6IrX+W1t?S{j
zXoHMe34Xf;9XP_ULQtfyGpvI;WJwb9BQ#<ZznFw**A@=ieN}^_jrHNca1mTR&*7_H
z*Zv+E&0Bc-VZ*Rml1cX1t*JjQRp3@e-$VB9a1D@;0#pKnliRu>&XW#*O`dG{YxWeu
zU*2;oYSVLD8+f7mPh5l%xI<ZxLVD<0btGU7e9qkng*LtLQC4VnuYtley>LA%<lS!q
zeY3*GoEMd@PUTTm@&+p^?u4r<$uj*toc1$|UG?0RK%L_9mzD9Navhqt$m`W+>rj}<
z?qZ)Q2i7_+G`gyL=>l`Gogj)(g)!E^Cmez8I`VV@jNg5>g$qBJj;0|SqVc!&Y4jL|
z50v4-M=txQWFHvP1vu7~f;)L7@3}0qb!D6<Tl*ET`M%qF2gXfD00yA-?m5ql4pn)R
zcM~ssvc=bXi?>$t{|MKvte(KRuZ(kFE>546B6>ISqVUN^U-HJKei;Vf4|Eav%_~iw
z?kmlnH0oBp7rLE3$#$`}X7_e+dQqC_ZN%ytpQ$E+YE`JMryl+SJ?Q+gz1^J}MzU%$
zrES66k&ada*PIUqBk&&yb|;!ik}nsUVe-mEi#*99qt6W@AegQ^(MqTg&Y?)zG>hQh
z#1uIC$|OAf^29Xbe8KtqTUYW5dlNsDgtxll`7;ONf0Kmx*;|p#mE)Pn2>4$;6Rh)A
zl(64o;BWX_N21T(Lr9cv#BhPo&lOar!S4+C%!N;2=NC>5qv~nUY?h9rJGUp+O)~U%
zWZt7A>Uo5>+&vK^8W>Bhdo+o2z-q{O7N>8zm07*_ZpfpkwkRuhcq>vkw;=fzTG3bN
zs%ZkM3!J_OGoWDxw8(YfWZjoRiwq#5wO6oc$rJ7sV0j)CS&t$#oa(?;poSte{QVVV
zrmdzzLrE!`21FrQ@>NVj=I*X<5#IBrwdPskJQ!XsSyC3xB7OQ`5=qbMpa`kMzGe*M
zI4z#Cp&wDF4y3$q>fC|M<JtTcnJ-|`U3$@}H&Yq^P@+y4z;RQFhLk+MBZ%}vy<q^y
zh(-G@Ml41{O=*Nav;+-bVA{&0Y~TGn-1_2;{Rn<heW-kh)AuM^9Ib?_eZDy;3HkM+
zlC4(0VM4z+V3ofGR(ZTqTq1hw#C+c))C23^5!_r*-I^=>X+wD`_5$}^y%$l)uftw$
z4E6FAu)GZD>5dXPKEpPr!t5XfxDQE#w;VRKyX0G7C6f57y9F$RE$j_tu!W0o8_x|w
zf4ON?Rl=%Z(-z^z?Z&DHu}XOuk#4*@mr&xBlCof$w-|}u0U&ydrisdAGmtx>+Ka5*
z#_in@b;bb|R~F5JwzH5G9i%R83kH)OgiD7`S8WlKLG$G1fo#Vk+PHV1Ww`;v#040S
z1dcCA;v~SLE@d3eRH*I+=rJ&WkSo#AaJu3sdYWz~dU~aq=;>AFD0+H}PEOHMAI?KL
zV_ym{$JCVB>}Q6$?WHq8@1hd+Q&bz_r}7|Mp<8K%98P8aG=mC@WQ+!vm+Fn>R~Q$V
zl4vSSB(0}rHL43~0h4e6)&6avcrvYdK!KBKO#rB0_JoKqU48n+#ij&k$kl0ZE~CLj
z)8afUwRfXEm*#{#?v^+9=K|A+_EyH=8{!I2=PPqk3aSsGk)iO^Qo6X!u}c2^7%ZRU
zBL&<_eu6JQBM|_21BHT%b1Kt-Zl15Gz{u^SRjUEIxqETCqdu`Kpn|x9WiuJ!+^fFW
zb13KH4`Sk1G)#8cPkG+b1|m%)BTo5@DwSGL>R{CRoXT*ULwU$TOu%I{!MoshcJ(38
z!T?5Gkd#}dF$x|UiSYE5bj6Msjj&vRA{bGxm=Ps~M?|~ws-$>kDYy3iG@cDelDDhh
zJdU314eYh<9GB0NQIPoqtOsEQ*YqD?MRq4L#E^l{3gKseuRj}HpKssq*$jP@Kp!IX
zAwnOq@is2fU(axVQgnZCZ722tZARK+v8m35IFZ}`F1j+1+18bKkvM(bmrkd3$2AbD
zUPRZ>6YU+&SNJ+DpZf*8NxrfWps7`O>MP^Mz<aJ{7MiN;2mXPv4_?1Syn|m7-rX$m
zn**;AerxAFiJ4oR@-b~zzTCR>01T&sen<M(EpAG5D)~(Unmj5Ms>q-5ehJ+MeK|pI
zgXBNb#iejAc%75?JAfl80FI;xSQ3Y~Msg5Kat3NdZ*81t-|BhK0a!_rH@k<5&}X7C
z(%M+2iEqZi%9}+Wkk09gvRynNq~Z)o{#^2|PlQXVQ^?<qwveOI7P27okTKq3C1<#L
z`a=^Z@%1no#vXZ5HPHo1(7wQBKjQfo`W2zy5>%H*cRI<JRgN8x)jN*aAL{?PpY0#+
zazLg_;KB#HQ9LbzL4?(h*%l~~h(SyxboIcgV6gMfgTUNP?#<*HAvg=HothM3uNlkl
z%|08;?_t!fU&ikVmO`swnPdgl3jR%m?}ZugI|ErR_zm9+Mffcu>jl5jC;&*=q*+it
z4f>h}<?uOiR$Vmx2=K%Y?&XOe+{ZJ1@Wide4^AfeQHAb!z4N04u5!BN^c{6E_w$5X
zE_y#FW)!&NhN6t{1wHzH9?SWCIOS5D-^Mv1&aWY_H$x&tR-Fs8A{VypOX9+;P@bZf
zlXLl}tULwE)AaH*EPsQQrvcYy4smT6$hBSQLo__Y$e9v*KmUG?em|e`bvOKyq876+
zY3g|VqTG>zK7>7yy#0Ai0^`bNZSAMu`u|k6BUl<Ep922vIr8{}mN!AmPUN!&e}tEF
z;!{{=&}}+jBM4Q0<Jfi2(~s!KD7swUMwiP+1JBTsEwDzgJXY!kBVw!HeW|lMpFx`x
zXcMQmNeQt<>#*J5Sv!;auh1?H+L`orX`yyF3iY?Fo!Je~FUo+n1WSo(FIWyO85yPL
zd$UE3WTv`BFjE)jnbtjovXmxDl&)llrcbHswD)wjNj2*;5~@ximLC%4sMJH7*(8K2
z43-_ZE~07+t1=7K`N)Ue!|v~JUY2siZ#~8lzqN?Fg!}?_;taAmb-Y`=m>}cIQ1Hsb
z?BqlVGvYkGwOc|h(s}GG&YcIHrF7QWpitAA4xMS;LzO)BW1>N&U3yT@buuV349XU2
z@fpp~jO;O9{Yc35j}HmfI|^DpelSwdf-(~C*lXJ)jDd%qEFpPIfON%FZDG~#L{+~T
zsy=p_s@FtSqw{WO0-HFY+K(F@#0)7N>H})0#V|Rc`U(Vs;qWI?+yl@nJT2+rT)N}L
z2d-n{o~-sxTF%y6_Q00MKVdCz>#XH(^_FO5t2XK_Jx~}SKVo7zCO_gmS#;3L37D%J
z+3|;A_afiO3SEvgoOH2AL!u-}xy^cUPV#6BC)ovf+j8I}OASu)(=J2xr16ZCd|X0X
zy4e0savl2H!%=^|V)~mC)gK(nY_bx#Ev-YJwH^C>m-YErOrMuW^=THW4!2{UaQD46
zjnt~ZULlvcZy|D-^`W(@`no+V)naxeA*t5ELyVJT9Q-l$hTD;otY<jpF@uu~^P0!h
zKA{#ct9wIO2wDhwixX3g7BI#M*y1*5vEpBnhux*i!>%p)XXIg5lk6zmRP4YRK?ycx
zvau|B#pjdg6=}cZIkWq77RSLr69B>Lm=6*tsXO5H4osFvF`nXdgir6g6W$l)FCW8S
zE$+ZyZEE}H`KyV<V?kS>Ws{JvN`tm2+JeuC88Q6RBWF<;KK23pP!b-559FWTcM<=j
zb2LMo7n7HTStaD-vOCjXgfFXMEymZyF)R|(W9Tf>UrLiWU47y5m7;LWA@nTl?Pw?@
z@t8|4PxCHH;oO&rzWJy?D(%iBP7^0#bh5k*WR6fWfX?5)ttV9ntU_Kk_L6N}t4LDL
z#8O+kGO^U%&!=)7`I!iQ>3>U!U&>HzpP{Y_jb8BjZ^eiGqM)-yPtIX>yA^YG#NNkZ
z`n${M@9RxQe@w#RhR%qEI`=sffnBfnIgI*@;HQxNq(BBJUFvN}mtawTm5lKMCWgdC
zg8K@>w0VSSe?u(Q{lwWMI+VhEIWIqwfl1J%7*VVXmIab#Bq95i5y5_C=q!^bO}(RD
zXTM&OFy4urmrYF8bMT5>IWL!3xE0#72A49t-r#L!BhT|0z~k*_5FQh5#t)_Y<TKLG
z%Y(N142chu^<-R9)-$n#tfz;kr`Fe~&c^~bgY~@ZP9;67rbkP9MjVxXiKM58=gnA2
z&m$p8&nv6?bAfwx30aJMxr4ri_Y9+5T*T<*t08*%cRX{-!zpNb^9g(poFiuW){GdH
ziSRT_=N+Lo5td(|k#_B<I{BaAkVw@D?QgYcj~AZkLG*cIc0FgoRKiQo;4TT?ErcC5
zEyF@aH10w>AZ0<WuFp9cuaCHDBCE*PE8vEvPr#k$@|9be$R$GFBEZF(1TM}!C~)~w
zR5A?#jwt()6mFjjFwdkdO@^|@lN4eaE~4t$av)3;QPp$h%@!RppGRuegXrBRd2?>%
z=E~e<8KVEkL^k8#IDDWP)&e1TC(WZ?eSd<53+y!nGXJVPM)Va~ozoYhS_DA#OUc`y
z%N5#O)vfOF6MZ(+^m8Pzpz~3z<Xo#h*><rjKgkn*V)6vRldNSIWVX_G_eh|><AM6#
zzY^dHy8?1IK%AbJ--%jC;yaZbREkJTi!*+ibmBQ^n%$X7N<#IOyHcE9oO`iq0QBD=
zKf53pyS}mX^z(Ba=;_&iRbC+~g&9ask%khzvlM1SeKyiPsL!rr_p9HZBzpS0lSEJd
z`y`{M(+hQadQ_Be1q#^x=6s}pJ;a7WUF6_rbQIpxP)Ovpp-?vo2zyVin2gs&d%p!a
z^_&^OZ~E4yXK}aYcLfk!hDAt%n&qt_Fbyy;J<Gs!(}M4`z48f!(4L}&lXq&XqU;+Y
z`nUX>{r|1#(*0Zi&HjJYS^v6nD1yYEy_-nvH1(0XZXD2tS$J|%9j%4f0=W)#JG6i=
zR&^4#kWZ^mZa{;>MIs}{qIxh_z~33{cZRx+{f;F5uaW7r?)Cy?x@smP*NgQ}xBfXB
zJ|p)t3=eU61P{ze*J8i`R07`ya3|lI3!fr<P7Q;~G-$?Dl9Bo3S%24!zbJgk6H&hk
ztXpA541lfZ@O&rZ33ru&{M5zZGv(jh-$x2M+20b;JC1WFs8hxXy4G+&Y2=C;^(a?k
z^=D^9){EW>3*5GU;5vqCI43IO<Tmeap6Er7%#E1h;90-ZR}s__@vkx|NEr#MYXAYC
z1M2<M<A~Aa&jJ044I3yC3X*cIU-*6Mn7V$P6x;w<*F6c4^AQvt9YGUOpF<VxsvGdq
z*uw{<OJ!L9h*J8BEV=fgclxu?f7)xJGKR*BZmqDgU#ef$lA&y*`I)gEwwsLg`tiQV
z^@v^sLWTlH8}-)fgyyujEzW_C0bIV|Y6EI4v6)J~hpbXVP35{p6k}M>dNKQKyXvt^
z!SyctLHGP(W#9q0<tim@$Y?Oh%uZ~PAj-qEZ_(;96(*hUn-I*Gr8aGFN7;q;e$-Ml
z7)znf|KI-X#l|3LP2OlIVyRSPLUhF1Qz2~-tP^u_H-vR~3h>;&^uC4Dx_*j3)vvbo
zW45#y7c}AZn=t+yTvz6Yt}7Mc>&ofd_3KKJ#nDg{X>EnK5EAK{*5WOsNH@4DVg^@5
zX->J#5Y2|;Q^XE$w>~_M4G({+S=;DZz%KUaJ9t%<Nw+@KjoU8XpE2F{{vMw04_jmU
z%X>B9m-d&f_cx98hd<S4V*C3_W$_VW`ip|US;Xbi2D@$6`g~i;aEeQh`<zQL^wj02
zb_6lLQVAtya@pI3s)HO$)n?IB5uai%PPqO2Z$CSy4vwP`Jr-)W7Ke}i5fo8^BJcr|
zxtW4;Iprhk#u9q_QSE;%^A!I81EF}^g6_9OUkNYTH;BUc4HU2pvp9;v6Tig=(!X)?
zKVk&4478@r7L^Ch;+O|5?oljkEav(}Yk&2>Hz2$&F|%k~6d{Vr7h$<K&uj@yW)c<5
zvj|ho#p(?8a})6J7(tIFjiifQ4)?F4lRhgtZQyw{9rulDAq(<AW{rANa3H5!Xzcq(
ze@;t`2$NUBR3a~~V+N_y<y1zW>2h@x(V@4!+k61>wl4FBX+`3iIqo_4%~&vFwzzKO
z+<Ei^x`{g_W}bE``EhMhW}}qU=Dtz%iD#+B_3pT{!iS6F+LxYo&*8YF)1r{?$657Y
z83mEsU$VZx4rLeuAD%cRUhj-+bNX^miAl$tLP3r0D}fI<<y!5FnEN!~x8POo-thNI
z4**NTp&_HWwO2xg21hR;ZYcb^ieqM~KvG72^<9vHQ{G;e3IC$(jY}xP@=-F|SZH>R
zS!i)jCUrR?0H-Yxmwj^`Nix;aUJOJeik3db)<ut>{szuwgVQ(5iuqPO7-lBXv8;d-
z^<V;HwYwS940A^nZaKpgW-ZIWs@@G0W59?{HR$*d<6+NLF8N_IdDxIU4}BhuQ6TFv
z2b}T@ZhU?I5G$u`A`!=Fb>I8_X`dH885xeHV?0YqJ}D|UP|i~{UqKyp`cZMsQ9Y2M
zXm1p%>L?`9H=@7I1mMA=BeJ&{&R`agvE=+ejtOPpOoS~wj-h9S@yDI=e#(a`rk@i1
z7fcAtJ&-l`A2g{mw)EpDV61<?iA8wv<)mQ_EJ^X0br8VdC$3tY#ho_dxprG%aT@CA
zDi51+1LlE(&FH~4WAE$O6i(j+*o+IjXD~Uv2&=edJa8Md9XAD#4-kFDR_%Hgnv2EM
z)st*mF}m}MM~85F#5!!io)oIz;`9)G@LU?)95zrADm0=8!Z$+n<-v9BkSL#_oQRJ=
z174D0HZsgccAyKg1>-t9?Rz}m;}0a4!;qIm=KzdAZ<geNHgaK?UGN=)B0@8ai;uY*
zzh!54*V=x1ByAZe$t<(vKVXvh!$7kvG2t>B#_Mo#4S>ZpRxXfBa)+^l_z|3%7}pXs
zVrQx!{jEQ<<iZu+NoZ!VErs*+q|CPzi%mVfct=p{%3{CW0b@|>zvxE}?1MjL$fR#I
zb6_vOb4QH7a<o6Bh(6#5Z%$>78GW(=)YgVUtx2ew%rh5`6h;@KAx`uS<S8UuB*ckA
z!FK?0fULiBVZ>P2Oewup^0%7|O(sFyi7$!1Yw-n{L0q?DU(O98C0z>v+y!;#r~Nsq
zphVQ<q8UO6J=B^{5gS|}Cmh`N(GhYbESJxqf1k1cBJ97Y@4pzi|03=Ge)pJ&$4kTV
zj%1s}5-np`TNiY3i&>()ydik_$$*D1S2K99IAu7>v&^D@pUKIe6XmIvj!BTO3=Zei
zWUhq*>H~qOeYZcS=dS_!@^L@RPU{iaiI5Mg@r!m)dV-*OKfFc#`ZKoU!#`m=Zu7Do
zU;gXp`whzL3`c)BlouW|>CSZO&8sNfw7Z-B`|(Yb7sHC*hZ4%(PU1B^oYa3;(39#%
zkEe1M^Y@_ut@x_;QsGDq`A?Og&&xF8$S`s?_Hf2bVQ(!Kq3Xj#eCHDwF&;38XF%9u
zxee2|OtSBU)uHN8hvDG9;`FJg92b^t$AqC2k;+>`QK`&OTD6#>*_*y+@6O3pmwrJI
zr{frOz_T~FhXWZ9<+Bm;h<UKwk62C!bK*`26};%JwF0C-+gi^)w#$K4{aCC+{9}bz
z+#&f)4SGn)J8fx7UIq-2Zg!Z=8r4^s8!-*81-YaQ?Zzm1iT7YzzA_$;*V%j++jKw#
zeMPz4EKdZGsiy#T)}S8_V20hl<X#**9E5(YwY)g}7_8`Vv?|+1?na0-$GB}N=mq+i
z6;{#Yc?CwF;yoCzy%C-t%!e%R_o$A69EZ6!V7$f~7XJy^It%l4h7&c$Dep#$Fbq|(
z=B+o`f1>biqbPjR>^(k?-y(XCm+LX-9vQ@O`q!<4(beis<Pz^gE^(iG0`;{0XM5U3
zVTxN+_b}23P=1t=xGmJ#owlhM3a}+6;8+Gi#|eavY=jPxP^}$c0Mn&9S@=p=p1`ME
z$9zr9Svi?673MTW2FG#_aml;%=vsAB>bddutmoYs5s|fA@;T3r74S%R^|RrWSfm+a
zYNfjPM)ZcoxLVqup%F}hGW6P8JmUk;=_wX6FvoG_q@5J;EZd>nYLR;{rTNiF^#_Ei
znR<q)@ObU5Le;NGbUX}s5nzC%^q*imMgN&NmogF^(<S?tk}&>D(Z457vVZO=f@`i&
zML}LMH9T`Kb7GQ-y_l?$62hP_Y>WEz#_wQ2tbruAIOP*gg*5>3?wQ~-eZp3Dw^MNL
z26BOE3P)ttM2=5!CU6dAN&;tZUOZHII*tq?YD|)Sz2^rfuTJnKvp)C$aWZ>JNm@sf
zt;PWHT3O8gAbA4V6s-Ln7%C1J#HGwVbZyu-bT2u^;_d_V=7t>D8+8YEhurL_+=Ho-
zHe#wIf3(+ULFUFl>xE!2gkk1ldW}ks)A0eEXmR>{z%;GyB`m4d$}BY0Ta<yoJ=cYK
z7?*RD^2a?N$C`#IkboTlh9Pk!Ug2jWv3N9_bB`~m4wg?U$ZU<YKbw7uWARM?+}K0E
zEFi0V0)7?C15Zl9dYApQXPed!?*7_PY5F$Nzc-%z7Z0oD2Zzwb+nm{&FP~LEy;k68
zPzXe2&h!JK|8P9Zg3+v|*HcUNu@NkT&|Lgk1~^ctI?kgAyH(Po;saG4NB*p39rK&9
zKDvy;NCVX2T<oh%WJm(TY<o!*r|((5d=$fIcfMEdPWI~J!SJNiqa9D`CJZSsjB@|D
z_*yCTc%eOOh5N?XbXHOE@49C<vhzwY3~rM6COoec1MkHZ7zA(F1ZCi9q%2idb|q9t
zFCudk_3(TBxIjD#y~FWrvrdc3t;}8t!N5szj}<Xnv^NXYU$h&s3l(l9FI2sbzo(Z4
z9b?L}gs0!dU%^In9djsRhW*TvVdC^=(bv04yIh(s0?chJOQgrOUU~$?-i?_-ME7#<
zHs7y!hg^~&PTwfXS&fpCn}%<gfuWRhgMqu+L#9a4L%I>QDYI~5M9nULkFl7!97d|A
zSl>>Y7!y*V_1%74L}>Se^ph~M+cwo{KjFzl-i}mrpJCn7^~efD3V_1&2M_xRH!wD1
zNED~O01s#?bqAezKGOW8AX3H!&Yvb8*?AfmrG2g65s%D9I#Kgzqx6W3C92wsX^&GL
zOXVVC&|jx5i2Qk#HZyejo(lzNaF4xt(v2pbLe}APdWT;=n#!qX-w7?ywu>&%H}6C&
z&|0+~e^OUYy{oE6Q$z8B81r35(eh5B5faM;)~*UK^$6z}L%sOUCpk9a*c@XY$AzPI
ziUzkqAWPDz1?7aMSyC>RVky49i;;h9r`or%3&(D0=l{fzPIQ1z%5{Q#f||Ux2c-@B
zfa8p782UBuQr~}vRglpcIW8l$KCXV$js2z@;^sB1(Lg@pY3$acKRr1Vbs=JQ6k$d5
zj=gOQS!U(LMdmimj?>>qtj2M*xEn)CDGW57|4V|IvXFs+Z>;0S3EXkPlJNUJqd9f>
z7Z!RkrleF7hTe##c%z=|Gn&@My!KICy+72U?`@wKjnZ`^vGnhIEnMIb&30_Nopo7=
zU4HvH>k|FTm4tnE>M|?TB?bjhCDx@F-Q_*l<qNFKkMu52^oA~<(7RklUB1k^+|%3W
z@(FynwU)X()jO)oWav_x0R1h}`+F7p8%_PWbCiVpSYOYE`a+zgzRCLfYjj^Vdo1jy
z`V7^F7kz6|$8Gcc25~@=sGz5IC|%n5x-OyZ5vma>>6mHkqfOE!GZhcIU}TRmKi8iN
z^q}A?WAlFIsj{GvJZ;PWz*86-JG#N0p$31$1}@||EZSIYjMi1VK^vu+v`p>VP#Uur
z{oe((tF*z|K+S<E%Q8YK%PxDRKi!Ak@}wHsG_7j;pZjy2twL*U7d@|M7*bz(lf|QZ
zz!MXnw<L618~0r3wl?J*yeUzhEGvr>_xE#A0$u%@cION1n%3JB#y4U6Xz26YQzi=P
z4t+Mg6x-+Btk0-8!oPl+^;ql1c(+mGdudB(eCywh?W<R(<2(Nq>&@-f#}_r<)uH}+
zzaQIQ?b*)ybFN|i**fbl*cj^X<R?adxe<Ln+-aX>8(E)C^HW3ixYLYK2)Cx7jtPap
z@Pdc463}>@dc=|~>Okso7u5B_I{Qv{39{)cN&e-uS<oMU2(Z5H;RJ;Ex;6F$PP>MD
z$Q90L<Zdxs^zDtFuS0D=fwl}X_hlLSfoZzaG2H&2n!vQ2Ptd0x&v;E1V_tZe&Weun
zu}XO3`ajgY3w#t+(kR}O3}gs_9w3kbK_?nDfdGkuW=zn8yt<($L_vv*4>T^~rvkzZ
z#08SzBtqMc@U6P*?z+mZkHuxz$Et{;m?4k^MC2h4d4oK97y^Mv2(Qeos?$BMB+A~q
z-~WH_{ua~I=bY+u>eQ)IRi{oBj;8nyeKgr2BN}r-A5oKyjY!f)G?3yv;D~O(5e*j5
z+;c!(e;14=Ib=Lo#j!7BJUg_S-`&-Pq8aSGql2-m5!qP25ZPFu-UoNEk=#Brkqh&e
zUT|_L=?dDAGD4<k?6r|o^lYm>paX-ha*7I4uYQWgr0P?2@H#fE1#6d*G^CGA71+oQ
z3L&%f@pWu$lb#8)uju3ZFl2nctE3;=tPO6)T%~ig!M%Q7AKY_ijaM^UV@+2(TX&n-
zZ2j<)Q5)8WVZ-XB4Xc|Fn6USMV%Z#@pOL8DU;g>^^ia3R$=cYWk0+|zRZi9u{MAp^
z)4V=ewcR?P!8;4tkZvmsnW;Z?V>9*9bX-p%mnrT6HB5c-AI1pA)vcu?CR6%P#$=wH
z-obo_;wO}thvjy(LYJM>akPK*RpRJg;p%a8zo6r2ac&1V8c@J+)Vm-AN59TxIC4)*
z<l6aP;rNO>;6L2pjz+iPCw+8FQ?82tc!ypsMV}tZD0<>xeO$%CagEMr<GLe1K+eMl
zvr&EabOiqi<EJ6>wLdeGo-a2C)@SBb&Xt&b^>by<*5@iWtAn|kmdD04B`;*I`e(6G
z9eOG;;ykK^yoS%AAJ<wd-jvzdE`29jb<^-{z(gsg@TgsUAckXkAW3b(gaBk^*lxtQ
ziSwbK1C#Is*Xp~4Vz8Z17j_Bc8^Q{rtNyZG#-mz1B}LPJ=DZ|<uL41Y!%tBH31ynm
zo;lx)U$yX6m{~YS9u6&y*b-e|T`SRW6~$NIYS7FUba;Z|>)%F04_#SFoMQ<^2Ew?H
znGc(p4=mmf6)ELRo0w83dfKA2Jg=H3s*nO>`AalBtkjM?u0ylO!keLY>Y&fa#_X+%
z*5a*+%7dJkazI#lSvyq`5f!JS(TTbZfs3v-0|mv|%wZm)KngMd`mMwldL=`X#E<r3
zZn~;}8Yo!qKRMDzR^X@B=E|v`*sJ}Ng-nZ)x8zfh)~olRa&BQt`E5%RIL&#~h!g~J
zd?KEMz`K8l^0)A44n<iNnk{lF%cHvU)lZTI15~$`(FQADeODMV)7Pu3-j5-xI#AWp
zYr8RRHQOxVAx(Y#j1eDj>Jx7oIku#;0kL;t%1l8?6Eg2pougQek%Uk2SlBt7g)ihN
zFRklB%*<<*38o9H$IWm&k$zUmGhP1tiRsg3r8jij%vU`OYGC>vQb$f<$SE}!^n)tU
ze^*_>DP*CeD3)LKdskRQJCl~k2*#qmldVwzU-beNhf+ZTWeC3tD)^J39TnV!ftwRP
zP2jxe0B(Nz5p8}z@j%_@*KMJFQQPb>bVksXI{lz2Kiv<@B{kIknfajEF(6OQ6kN4N
z%pgbo_hLFA7SB(4n#0sA0s0bbwS1L}4v6<h(AOAuTw36q?m7%#XWKFdw33Y&@GUS5
zptge)=M>ZB0kyqD)Ry-No-?g0kmr4h8cumn-MwPBn)vZ<KaeMN3{R9#i}DV2?VnM*
zIV-r0Ljpu6$SFv4W86l9DHv2FydXL-H{t7_u<VRha$aFmJM|L74xr#Nq9Dg#pJ$tw
zl*(7{N1U#Q;`BznXZ&LH;r2f1N9_A49Q0hI^UpA%xTrV*W4|_uDL>)4mmiP#AN?0}
z-*6nOvE)G6CX3g3DT0b#t@SQOLSYPR2Xx<i_a!!$+TGTzuao7WB>a>w>&H}1z3B+5
z&!f`tc>p}CuN{W}ybS;G^#<j$r!NkaPm`}}SQ<qQ?A+Jc0blOpi6QauuOr_8+a<?f
zAW&bQ(DNj;uU!hUuif!F+Sf$oT2xGXuuB9v4|{Kb*IKx#Q2)M&^Wm@b1d0+MLwVdp
zr#Llqps<EHA>h6jd8p%IXT)m+*H%t)$3+RN?`8k%BHGRXQ`;mM)&QAp!Zg=-Y$m1D
z3Z6^R(DDa+^?GeLk${@|0Iht>wwbJKwdNzuNx>aA34?(nO~9%Yhdjvfy^IYk^k;ou
z11(U;7{Rs9DA;`b!XyK;!Bu`lG|Y(LX_F{-72O5!XPQYc_(b_3vzT(ukwk=j0?$^3
z57Fkh%hwC5<?y|_Vx9c-#`H#HttQdXD9Oo`22+xKECaR8@3<AC#K3R474=cxY~p)$
z2aaYI<gsQ<J5---)+dS%s%@>#-T1?9yX>$*+X#Pk-pm645+X1pKHn=w)GtY+yMn78
z59*w|7_k)nF#-0KVbD*LW}Y!-!@qUx$VC+~=uf+Y=sz3;vUD8+iZmSDP2$1hZ)ny`
z^~xU-ICbhj*;#YV8;lfJKE}?Ptyz2hkxra(z(;v<;6Ya&3Io_6eBK&hP7Qoj8coM`
z7W=V-13}jXpq&O}SQsr{_##L<+ktjY2!;lrofAMAjRDGd_k#qsZ1TBfM#_-o=m`Q-
zt71pj5V^q@gDDDJ2ctD+6Q4w}A@&L>7X&%AyYL#&PIr?M1^+eUlG+Qir^h433{fC+
z@n)EdUX(n{f|*Eg-VWn~-PYzv4)GVj3_n1KFmW-|0H=u6JMTQirs;35B``rwko!yW
zBPKm@983|+RxNSGa0g15rnCEDn)V*p9p=zM{>GT{ZvkFpc<~-XghyXSFi(~Haf|5x
zPWVd4wKl%<M@5(4?-(z5PIQ5f-y^u=YejdFsvW*Q(1mVxX@Rhdy5X8%#~ce$)R>Q+
zap*U)3t-!UUys84^cC-UzaSMAgVY-B?#J82Ehm8oKL!&Taep87SUSQ*eC2b5VC@X}
zqRNr?;5rqs=byR5?k-owl>P1Ef3Q%$X^3x@#L66vt3>k$6<u{IIYnJW_Oe||bBSq=
zld&%Q9!TS_7$^}Te5=h;@%IStoe2NzAil4S4UY)pezVdLNF{BErSzVB)wS%_tZx9#
z7ca;YO&Ez7831n9evVxPQpTH<S!T&?{BPiyuM%y`2YjjF<Fy-h0wFodB=<xWh8zVW
z%~Kw3&66JnCbUzcbmSFH<J=>@C~^;^qgK1^n<978=XTzH&<+z~+vr#guk7+hJ1_mH
zr4J6mAFZU?3YFA5@@$Rs{#4P61Zvx5r|Ns2(aSh@R;=Cj1GI(J`<>mk!;y;6c>50k
z3dWZUZ3~nUwmjQ8{zV?wd|w9RlJkgYfClw^bt~-JnR8nC7jMU%`UFcBXX+T=A=IoV
zY?LP?H3_(@_}61zHRLmnq=U$8S_Rt~{-u!yb_#dUcl(qj@J-CmShW_H7jPAKT=rOZ
zd^T@3eg~7kQ<1(i%hFC*vNf3Qua$S7C#lDnPd9I&W|2FNq8E>I4;05J19y&596L>8
zl(+*$%De-3AouYYck1VY=U5bAnGi18ega8;74}n=c>4*wH)Pw#S2<9*u>AxI6=3fq
zp(`8k9iPeYb(Vh-V>MR{V)(k^JmS5peY__4V7g>GCh*b;!S<~q6`mztI)<@^NPkk|
z)0Na)Z728_F?(u7g5at%!bhFQ1w*rt`9PA&&_7y%L66Rq4w(5DkD?IuBm4)Gu4N!!
zYC<hERd9LQ5W%2eS`lx+9S9Qw!{1K8-*?J{oo0E$cOY1Sv|Mb;M=>Apc#sCqzjTq1
z7zYF$PXz57CKxtJwoQE1D-6(qvF;I*h>VTrl?ev`)_Deie`z&wkXk$+g;~eEWbm}5
zRd5f?mXr|(B;~OKCZNW5MbD9_aqiT9cH3bf!_$Ji$!<I6_@mwSy<Ogpm`-mA-A|R&
z+W<$l?ei8?^kK+3=RD#4wO`A3I>sHJ2u(%az6JBOq#zjHemE4r2*P$^-nA9IbmX28
z4K1(@IJ@WB@(`mp5LetqyRRHqk0=FxD%G3v<h*)wSp4}A`o^Tz51AyqraseD<c@!B
zoICDA(eq=}827+WX?w8kDRO6h2>rQem+L^0M4E4M+z#*Uz%+U361o<&ThD2QN>W;$
z?dZJ6aXr@=aU)XghB~`#lXC)K&>}*6-VXaAysCGk!cS2?U}xZ9J*O40_WX-@vXAST
z!GQG)4R-L=ZahnyX3qRCGw)tNylz5LtE8k$$`dd{N$(eFDywLN=}uiH$?E~VUb}ow
zvaNFrg|~vdPvoW3AX+UcRN|5gmH1)#wk`aN|B7PYTW6GPjm{%>!#O*2qxw(q+U}0K
z7UW#$_eQ(zjN?{#2A~J@06&581H54XFB#y?yAj8auzWavRRqHBt&A}vuV~826ky_V
zqL2dOGVIVN<pJO)y!{*8J!~Ecw3{Z!5Gb(Ay8t)!>060jlsI#~64x)!wtn6dNDym)
zAT~QeYd<U54m<A~3*7|X2Xk}CZu`lRX2&i|m$0!;kI+~#n)7TP{>76Vj+X)1={$mg
z^liKN>g`B(1?HU0(STqK&7f^{yR;1ew=#I{6(z}Ay|2&&NZJI5H~}xg1i0B&Z~)lZ
zB1zr?c-sIIAlf{RWOyqDCZHgQ|9O*jd^IAz5cf{|I5r?1??c!#;hpe-_%6`!eJ5*g
zM|`7b1Na_7mQkSE%pCLlYxQwZHcK`Pkg^5&talUi7Fa_D5C?iiwZhysWAY4J9kq7c
zN>sBSI(<Ie{|F`n{>692?@z)B0o~J9hu??B2c3fGHX_}i0~1cj5cYg2y+*g^DI>Zf
zj6B<>dAG6lu+W^UXsEH<b~$fQMw_wg*95z62zDLh)(yUX!J?>OQ50Tm977iyM~8BN
z;QiuOP2P+Zl;4;@3V=Q3cofU-5z7A!-$=GvM+vD83UG@OnBn+8Ae*qeN7y8wPu_l3
zkiUV|?bt5Ds*u}&;+oU<X!ds{wSS(H)j!X6W!@?rUoDJpKkV=CPSN<^!2TkwrCoyU
z8<2$&KlTIZdvyMn+CN_z0nN|NOVyk2ae76=4|dxYCx8~rd6{F(Y%lY5TVgltKqKc=
zQ9c9QQnf30!@p;m#<~aot4L#O@ChK$kD%YJb{T4a=lGWT?Y9RxS|~qD2Yz-7^0Vb3
z{LJ?|)_*|49e@NNjQyevTg^7d&Ds!HJic6I;4KKl=9`zKH*d!N!>&>1?3Jh7W6saK
z8)TEQEMAXbYnn9_WPhB|CZbagXS50E6o#6kJliUlfuJd3)I5v#PS`~Q_nd?AD76d6
zj-*|bhqxTQ65SImQsx98jjHMNvoQH{3&&#8fd0GLH&PpqoPf5GgQ7gglp{|hYsqHG
zT})1?B3+=b*WlbtNvj%!F9O=s`NNXD*{)2qh{_zR#Pl)|Fi!%Lq@f>Vl}{OS*as`_
zU%>L3flGe`0-^-c9c+O6?DBq?igS1qd`Ye{;`&@AE78_A&w=<`3-~+c^x6#@McYZ|
zBLJa4talJkPTA$}C6rL$C$#oa_`htx|A<6rf4!}Ze-Vw1I*g;vqjtmhqHV8pevUFH
znTDA;$2@;}WV}i?6>2_4bz$e}n}w7%p}M6UuY?-~{~AfI3$0%OtFNFbPbpIK<eo@_
zf`5bHx@eel1Se8O0UGe?T}BztVSP+YMz{1Eb$hhokZAKd%0%}Z6{a6GiyWn*HAk)h
znen_`d0YkDHi_=kPoy9oMGcR3`4Hl8btn$khmQyF5exW;1AM+-(OYzRjJPd(eGB#b
z<n9pz0|?zB*^VO1-3Mz05W1e|c|;tvk41cLzQV+9gz+unbBk#Efv^4?Ugu;^)aC8J
zUtu)bPS%d3SIVc+MAn!Pm1hl686FF;DF5gijn2cEzB-R3N<hax+&(i<Wn8Xlh(pkQ
zjkH7lC0qc4%V*%98%MSPtQxcdoIe!MMM+zC$JdK)J9&tup<eYwSNx1B%KPXtSfqcV
zgjqjqf^xS>1maI=MRSix#|{^SlrymZb%l)|7y_uP7e&~@Zo<EEbAbPM&rt^3yz}BK
zQbgo#uo;7b<2)|fwmK5%deHk}`j~CEW0Hv1A!>lJJp%vkZ<6F6q?AKI6TD>e03DpL
z%ZDY~6~{LGD_;ofZ=M43<bWL8{&`=ZJnEqj3O29vnD1>|FQRQ7@A?~s9I~73@~?p*
zJP4xp-L0a0FHqn!fQDzAMBqQzHE$bA@v<)rneDZ3HgWD$kK}$T$?WSF?vKv&?OFK(
zXy&AoPh8LUvU7rVwTa!{W6thmr$bd;lD+EnQC!dkZlzkgFoE-ZB)Lmr>K}l5=>Jan
zt=Fo8>yo8>zDRlHU9~FRAh{TB1=<3ljWLOzxD^&$e3DoXRoU!f&U!NsZ_&^+PBYE)
zO3(ub278y@f)~8phLBFV)M3ym@3Z8S9G2fCV06_S9J?-Lmaa{Ahx+EQ{OqCn|FEuM
z`oHA<tda=28PCCbb;Z4HKMUc8M{)ANB%d|Xet}N@c;^T+0pUdlyK<*pnPReoK+VGL
zbQQH5<dS?;O1Xk|H9Q|tieYK)6jHteW^<QdI}JPbPlEiNWNUNW2!HLGJdv-M@{|OW
zhT<#6izp3&b}8DLoW}&)PDhU5E&)(8S_LHoQ%lOl@Nb4W;;2I=>!PeSRa1fu?>yQX
z_4Sq^$?*TlKnYV3dn_uux)$nsuk*K4?IZ1lbkpj4JUP|Xdv_{m_TLIyt{{uSGeyC6
zj(_PW$2`u=zW!nOLq=e0<lXB?(@Z6`9VB?ooaPnW4$c6=)NDbC{|4y(8%)4cTcqUG
z!e=*#DO>Gwt(XGxN8A9rZ5wcf^&)bGEsjL|D{otpuiToi+>sCLIlkhWP=;{KZd>E%
zCc(<bis#0-M`+(XMQR^>MUdm+pHypt?>3w9i6Pe5EY#;UGt?r!@OG*CN)_O1IEG?r
zS!;0K3(Evn>t);*#UcQ0psm0-J9KDD);F+7Y5^dOY(g!3VZt}s7i!@PwfYwvvFdFA
z-4~7aIfarUfiN%?Wk*&$V3WqIb!PshS|mgHv_0jx=q{j10bbUXO$u=1r<ojj0?2k7
z3~ieUlRBi-k0Ej05B%;79!1*f97Ex+DA!C0m(PRr_)r)<O19Gu3BYfIEf1zEt67i%
zQ?k?y_#2IDx)~OFl%U<D!*TV5O;w%bqBO2{yc2y&$OMMQFV08VGg<=r(G072)C4mk
z$w~0<sal}b2WrX0N*Aa@V*K`SC2*bT=S->UDkuejy55p921uyZo&pfRky5sS;EA^w
zfP|Xt@=g#Y9k=3Nd2NI}Ur9~MSB9f`Z6Lq+x5NR~8kx!GCnqS0-|<!Rw0(@JaF3YK
zpxtCo`DvUx^?HzyVDtA%a<kpG-7y@mXvo{c_LKP>Y+<(V=3UD#_A-WUL@^z;xWi}x
zYT~Q5&<D^hVGJO49I*KqNluXDaVGB|L#N-i+HHGbc&Z)0y$**5-(DBN&lEdMab_My
zGeUpZ3JZQ;)W0v$_p3dOnsG3|wmfJ{wrzIY0)OrD=16=2y<D4T`(fS`ezAZSG@==_
zyVT%#97#=1i5AXScRcnG=x?)KJ|n^E914H!@|p;EvH41Wgx9ZP6s~0ymtb!P`pZPc
zGKJw~0_gss$hn==P7G3mGzco30CPZ$zi$w3KZ0@})S1ZY#0YYsiS*YZb0-2;`}>#V
zD2-AMDh4B?7?U&M4Q2^w*}_*P!n>8I8Q{$<lW$17{bQYl-HfDjiF&=+2?M(mXN`~r
zz896JF`%QB2?2^hP(;cslj0NPO+rc?tiWM{Z9lv2$=i1dwiAw<1^JY&|J|9VfO1@q
z)LTR3RcB;M_73Ndbi6~6HI;{x+3uCkiGe%Onh;oBQ+~hbIcdZw6>^(zK=^q48_{Hs
z*SE`W#p{SUOzJMMpi`BIQS`!hMO?uf)O#y{!PQc{b-HW;yIHb!!h)HSOK4}JNTc2j
z7!xWezbTJ**we5rR&b9PF4ztLI&eDzZf85?u)<$aR)1lCmE1Er-e1Ev_9h&KqAo5^
zpo4-1q4I3lP++5Fo2(H=p*{@ty%)(bIy|jqNA~k#(2@A6F8cYzB|OeWVwX}5(jlC!
ziFcv>I^YSwOG9qJOwf3_EZrm7&hXFuL=x{$81j-Y+z6UuBFLu_U#LokLlQq)B`=ka
zxR8|2aj%d=3}y)*TW>thNVd&@kpt&r#<_ENG>G>Qe!JT*DL3FDh?H_zsNP!MUAs%T
z=C|lxa0KHn99N&7Pbr?qxQ*v@zAoqD@&0K%9rX<s>x~qlP(;rr_MwoE{2oA!b!UN`
zgyEpW<dXb!e`Fu|>JrqKrm&mZUmhLFsSmE*-C_Rc>aEV<cynkl-V(b{aQD5D(A-Ap
zj+)iNr_3CA4xDFa?}gZP5Hik?wog^!FYjX)fhl-d%Wr#X`H@(Ie$XIYdya+YaDQ<v
z-&W~3lQJ>Rwxzr;e2BuRsi)5M#0dHRY`^bOij?o{hxcszSFeBe9-)2>&T{(t^cG*b
zP&&hJ+fhDHbd{Sq=WUd7qaj95+>vmpC+ABP+{J#|nfZNz7&n-x##s~9kWIcn`s?Id
z#L@zjTQKCvMWCVdZ1G?f4+A1wboa*yeG>^Ew$vE^WE15l#r$4N|1NTBZY_F|b=hc&
z%<pCFD8E<VivkxGKfDl8#?>y-;!$bUPF-Nt+!RAItSWH(7Eg>L0gpazZ}CJqN40p2
z4imp(=Ai6Fvj$<_^$w$n&+XGK5O_+NX_04Hps}MC+6{zu0|5wLY0{iNdvYvN%j|sJ
zAGSCow(({F#bN~24b=0kbddk6Pd65s@{!-L$drFzm9_o1z`QKR(FbOF*s>_+h-F4c
z48Nji(4ujJx)lafcp1X7cX>bS-HlU<Eb=(ZvM9$!s6TMgxPi-z&UL;Gyrstz?@>I+
zN8h7(kfra1#e-}qG{-o4OsOv%h-tAXuWd-sX6-}XuD!d3`u|dF>nP_S%r`ayQ;j_+
zXkl}m4gtdplfR<v7XJC)A)Tx!99Y-Yw5Y&<!CWyG_QpUN5WPik7Z~cgnzh)6v+`gc
z!@ySl8dymfr1~wYUBw^`s_SaeAnD(9yr@ScWD89E9R?!Ylp{CfR5n!RE#d^vsjyIk
zXJ)_YJ4CB{Cn(pdc#-EQCGAD{pclg_2Fr%FE2CN5i7ryTF7oV(^I0roIYzE3f7Ki_
zOk#{9mZp+VukqcW#p|tTH33EnEg>NTwLrN38u^UtP?TWsY&qpR7KH(Iu|W|uh>*8%
zy?_omf^8D&K=cG;L=_K2l?_By2t;MdA*vcXs9SC@WT`0-fUU!T>)v8B2Hpoc8;f-I
zc@7cUSR}NMe4lCb^mFk5l>&=0&LS6D<RZ-MJ5VFkMFj(KVl^^fR4^zazV3VPQar%F
zzDw}{-+GtD103IC3Xcc4^_&nMudRTwkWS^d1t%>eWL+X9Dl~UN@NPN=E-bX_xeMSo
z1}n^l-^JSR5=yF2UpRvV0r#9Tcvr^vT8PMiKTFu3rR>j#1b$%+$7#H8VFN4J%nA+$
z3shFn#0ofrR^aa8YsFzMHc{7E5YqaE7DJ#RrdoxD$?Q)C`y;SFCG5{s_NR>fS;RoR
z7Wl-3B>wAbXv0$XKa4?_1PgEO()8m<sGWTSJnm+XmOupfN4v2gBNhzpKtZwH80&-}
z4PcO72}1I)=GVjHKO!Lw*B~Y1ok*5x^(nkM83Jic5Ylghkmg51x@=;QGSJgGI&xrL
zf<T@K4s3iRkWCs8beAqR27qWisd*>><gQ>(21f!}ssSm%NE%%tdoni&q+hTnTqKa0
z8jz^~WJcFWAh!j9G#(BB*?BkuNS+3yOuHZ-6FH(&4+h}W91e_Vc_f@Z1m{JHGXS8F
z$V~xI{TZmYf}j?&_KEN~Hxkr=7zXM!1_~ESw*aU<3{*)F)Yli%sC|9*&BJo0JsSY?
zfd*z71A_}KHnK;(f?(brK0@!&680GE(OeDGN(KrSYxe*s3j<a6KmgQV9=esa|02&h
z^AX1r)2D%!kQ_w02CacX!-XCf*|D-9G$(_G9eYFvtb;OZpms4($SisUK=oyyh6X_m
zKBS@g3+I$!_dW8I^ViU^8w1dO=*pm}3>q?;o{=3pFew1-#bE)Al?{u)*gG1iRt5^0
z6(0cAPh0;%Q1|HVznC&?ykn-b6l8|tn*z|LY0!|v0W{=rW=^}4jI!4k)zQFTmLvVP
ztTCXWZ>{J#Vzfv9TCa0lZJE)ZL!~;0a)?v9dG$GHhYhX^X+WNFZE8KMo~BpFcs=8_
z>epgwF3)kOKA+vYJf*(Is%PiOg;X29DyTPT^{o;0sc;HwQ5@2uL_Jg0X^Rqd1Zy!l
zq{USA>&{zDRijvo86hpoRJYdRhW0JW)XmeO1>*#PMl5)Udau^*rpR_$`KzqylJKUu
zh}8j|H>L7lv8GGIo8rP%54bvQO6AwFrXPkk#f7TA-FZ_gKQfJ))`U03RjEGFc~dHX
zk2T#K-V|4%I;``iR6dP0Js92;mz>)CT&GQ`{8rYqDZD8zF?D6<O{u)~X=;k=Fr+E2
zCv|@3O{x4V*3_&u72ug9jnLQyN65-mMc)c5IIb0_kp(BTf?bgXjaorNWI>Zwurjis
zSu0o;S<s>tycSt-K`U4kS#Vji)|G|5jf!S(r-r>XX>Uuy-uBeq3Sn>KwYT9B9|mY|
zlf&LxwYOpM6RK~*w+q&yR2Le9PIEl3=Wy4r%f6NKE^P7pgRckB>svVQ7ahND40{~_
za?SY;Ym4VQtUagW*Y9);WJlQR{`5MX^TxJ@zV1V>hj89IT05*gE$p?0UZ=q)JFfjh
z*z3OZdMM{LU+A!QUfAn?^m-WQoqK_z6}-BbB3S&(5E{YaeHPu~SyuL0SlP#{>_Jxc
zWmuUO6(fh0dBV!RVr4h7vbwOcHLR=~EBhv_te%xMzC>l4!^$?YvMsD^dsx{PR`w|?
z+Z|T6gO&Y(l^qBx+r!G{v$7*$Wd~W=Bdp9DR(6z?<+HL=VPz*+Sqdv_4l6s&%6hP}
z*08dlSlJmjm0bxdy8yq!<3^0Rq$i4ac0zy7n|UcRu*B#<g%YfAYr6_}1S;H)6^68{
za7&;<Kdf*=y9$E?70!)^3fHu&aDAY{_gJA%y9xsW6+Xra-P={@9jNeItPtI<LTsSI
zGg#r$#mEZ&i+Y7(tkBf1!cTz;!?D8Ab``vV3O%vH?sgUS2P!n)0~Nk&S7BSA!bYsH
zwq1pWK!xR4;q!JCz6w-$0V}*uVI45Cqx(zR(Yz=L1m56QMyXW;Z*ULuz8?ApH!trC
zp>J^4^34tW#J$S*RNyD>P`(EPKXG636$O6cZsfa5`#CSE3<IcY&r^Lj2cAoO*94vg
zA5YJseA?GVd;3_DCGtF}z6k^L7!#v8yjXPFyFu@AaL9s&1a&{`KY})Xb&K|c#E-Sw
z4-#WO(|(XR^mpwCiB*5revo*!MEgNvo=f{d;^J)j0mD?E(w?TOk7`dPYKitFs72aS
zhMK26C98L6PZl)|pOjT(u)yOWGT$hxX6V1!+2^Vf_S?}#^*@#Xs=_K9s^osl%8IiC
z#Rst%w1s4Vi#SXBHNbbRq7dqs{L@8(jG~|*6%jA$9fG`^2^-7FuH#y@E6}ikHAJ~D
zqTy52aIQsimu6tpPzpH)e_x?KoL5ic7+rIxa*k^RCAUOS#?FX<Fj(t#@0h)Q>~(C+
zUW#${XxF`dcIj)^utZLcek>srIaPQ;Ks{BO5P~6K{CIU>H{~j;S9<|~C6V_NL2+mc
z^DlxgE&EdxUS7j;=jnDA6JIFRFD8cD+sKTse7z`u{zpnfdk8Oz!+HlV?qV;3Gd2ug
zxL4s!sxz-ex}eEbXO~{}%=sQoxZ1g@fvS@7G0v`}tU`LnyJ9y+_^+H-U;ASe$FeuK
zIZta10+Gh&G9a%pAWIn#XGx%Z5|yu7L~Z;m;+Le9mPrb!xao~zeI14Ns;|Q^{dmX2
zNY16&dav)wmOXvm@fcpv22`nPG{E&8S|a$@QQ%|SX~%;(m077=StDMHMsZWJop&4*
zs#`jZ##Di>nCcjNfA&?a2flx3!+|02)#&`<%|g4ll3NC7T+$wm&pwjy3nV@95yZh<
zfe`RJhJXx7c{01B(RcCn38hCEAB;_8V>=@%d5wX={rIzkTZe;tT4ICiq7Uu^=wb$R
zu{ffOpG>AMCQ}z*W?i&E7p)z2v8&JgAL`$?V_E;YhW5{bNrEE!7e5)7N+xvCgqK)L
z#rm}r550aJ>y#rYM)Oan%o*rQ-<>iW+WbzRFWp|<*m?epodO19rtBG`#$r(L)4sLZ
z_2e$<pB_%&BC~J<Gg)icOZTI~tm#_*I}=L?gvs=N-ku(AOMj8x=(hA_><_NW(DQ<D
zeuL>vaiyiuxu|1+sB{&TB1;7Bc0I%*d2PnO%B-|sZt<?x;tguC>O+0;zD0!b)>8Vj
zd|4;!H^$d@N+^A3>r?pOTc3Xy8HvOM)+aEvrHrYqY`+?P4-)@dMEvjC&R1>igTJ(D
z|MH-o<>#7C7EJ}Kfq2A#YRcG1JU;YbJK|}VpFqaY4xix(hLHJLG1?ZZ6ewus%jpCI
z{w|)3aZdTC8t~mxR`z=wI=tJA?`E)iZ<ernyQc7$zQOmevAS=5$OYbSo5Ii95)J>^
z8qL>jS;Y71CnyV-;KzrslM;_=q+8f^@q$dfDybC~)YBFvA6Bn8qv1uEKl4H=Qx?+*
zT%MDH%pPqG4nr*z({^WDh+}ZX0DVuU>eOd=U8cV-W3Lyn*VrS62VUbt$Mmno^F|k?
zWL&@sodQY9-%2#sB9l;B@)Nwq4+fk_b|Jp`=jT(DM#>|LRg1l-T9Q9=;sJ`{dgm0r
zLQ0x3g?D(S@H<uX8%ZahiA~}2*PO?H*=RRh5fk^3o6{J@sPZdJ{`Ia4-S~y?qe<J{
zch1_8oKPC~f?(L<KZIdM1f|S`aYl0Z6~-iggR2$lK1X$X%%Zx+1%jc$e^6xJLNnlB
zfr=r%`w7)sSw<7}xfztJqG~t%aOeA{B&ss7)H8fF#uW5c(cB2oP&5nZZaz*GN{fwx
zZHvH<-V*%o>=(V=@WT}UB*XhS1(>0a;)^svDN@B!+#JzUe6$Dpz*k`mL*I+cKN_o0
z*Z3;RxHgkr2@Q#7J3Wuk*yYh@QsLLmn(7*77T$Vw)l-OjimXAkCVMN|+TADpf(~9V
z&<@5Ee(8QQ1$MOveju&XBuROPW?QKao8(&Fg{qC{&e{t_bOvd$sCPdQO_#&<D8iIr
zWN!*cnFdw(JQxA^5Jdp~l*vuin>7-#3i1zv@@F#f$(v!B#9)8`&*?ZZy`F*subIM6
zs|gPZOlO96C23>&dh!&e@XeFGuU*lD?v|Fc!Y61cC~jH-DIURd0fz7c|2$eWgavs?
z$;?RTCYcXY9r$uOz>gIz_tQ!cKdDKCo(|!D!@K6wYvV4umd>&^!1kG@_WBj7AJr-`
z_fKcgDL>|$*v}{ys!me_$UC9_H5ue_^jn3`wZq<5Oh9$h`L6P5Ybe$(i=LB!wY42%
zt%0*ES^F`Z@=v%B<8KDqfF<ZygAtLN^3g|(Eql<I*cxR{*z$y=$?$tZQgL$*|K%yk
za8yV<2gCGAwpPAsJKj)`zhxnQ#*qUah51RRFh6WneS{iB>eFmhy^Vea?gIamyu_v)
zyvGB?CVRCAJ@o16_-Tc{Ivu|1TtxB*^t5l;G@|r17~E$je%SCmCSt${&MYmmHuskW
z<<&)ue2D|6Y^MAbwq3JlOYToi#BTP9o})(8j?*Of+es)Xgs%_DaDq8vsgKTzrWm$q
z7_lAijArLyAYc|8LH+3&C`GF1;ER-P#8x}=V_aI$v0UJqud;RJCT@-X(>n!^KN@c|
zrL@iNDY(DFa`n`6(VVaMEKs<OYk)%_Bd3)JFo3XM4JE*iU|_jApt?N_YEe2C5LC^&
z`zm!8ogM1|hLK!B84N5}Z+jkK^qtj5@EkG%;{<j@V5m{)q?3~J6;pCPB_&5bXHU5z
zdagu^@?Lw&$=S2vGc{PA(uDj20~5Rcf;1NNG=!-~7sEsRb0)mpYdb2*heW>c+cECc
z6w3UBE{0y<kg9-N1({KF7sL0SMA0=4nAPX37ax%&<w=Z$ZsJ{+iBk<cKvywN;}7{j
zsQ%?wEpF7m>P>i&@U$TR8Jm0YLcth!{83FwOK(x{|1b0&G#-P2ucYq)c<&o1qt%RY
zXQ`s+NHktLISf2d9SU_ZPQ#sc`D8@AiWtl!BG$*~U;pEa?CU_n)PsF^9Yj(-)U-hQ
z3{&-HOwa}@zeg4WEx84<S9t+rVk{;Kz4;biBGz$xX#y&tRjvG)Bs+Pxkg|a;-5{~-
zpou1{%b<lY(K)m3lH4Oa7^eF+yL=w+pa%QTI!+z79dPiXau?GVw~a@AQIbEU54fsP
zSUA}}5V+tT`2_61lDo@8%TuAl4<x01PCgCtfiHf**jb2WG!krk4ucPm%KvgCryl#`
zZhs*EaEN@8%p?Z7K+-J2GF66QAS!gKb`+ph<c%BpaOrzQS4FX5jurl-8Rqn7ZlxFo
zZizV>;{jD>aQv&aJ~E?R8P<oZ+Cy6)UwsD&F=$QNF%%s*U#EjOkX3;jYNu48+6g;s
zBNc@mZsA{(f&FE+rc7k3T41NYUf&0WTNBEoI1XjH0JM$q?2^&x-pXQbi|&dHyD~jP
zR36Tz5dE537LxccKHPu0PO_bI+?!iDZzRW+HH}f?nl**Z@gpYu>k*ppFI-Qn4J7yb
z-KdU|`@NOERakHZr-A?N8koqbg#xGg?lx13jbtQLN`L};+Vo^vrXRBbz!p6nUOsH?
zWB`5s<Ne=}bv6B8Rsj7U(!T#e3YpfEL>izFM}A05uD_-B(Fo&dBq8_Eg{MbyRW%}?
z-^gCS+aD=Q1@cc0KZ6sLSr+sWP7svxWJ<tsMoq!sZ}bu8pD?jeh8_V2z7Kt^s&P~W
zd$hL)^~gI7WyD*3>6BgUw3-h+@@3-Cm9u-u8t0<FwZ4J)W488#XBXXYyHkJ5>$cKX
zOElT#4h~4{;C=#a{T9JhVd5Ocl%NdL$V<xO$ta;_0Ncs{IVLFeVdS1;*P+zc+D>k9
zQvk-}YTfu_eoPq_lfK7$3$2U^dfqQLUHO!fV$?(TvRq>rSzaBH5>4qKVUo-go$fhe
z!IV0%+1EQHf6pWf+7qW>M!{jkVh^kJtCJ{0*<nl$m(nP>uJ|20L>s75r$l}<?8bAG
zF{)c-Tr|h8K!ks8JfCHlQv%90G#64%%w8rLfUhu!Y8eCP{K)s;n6OAtVgwfQ^P<1l
z0<Ep^7Ldc-^;`!pQ_`xLsybspG<9Qws5}HR;oJ-shy4B*_WD_v(lrK$MNr0L(2zAk
zy@y5QXZLGO>3anCvw>LacTi-{P@jM1rGkjGsy7#K^r7E>Y|!p{23k7m1lOpxnJkEU
zPOH1vFW(L8Xr;D}a$2ivD&E3=#i;*n>(BXquScY#P@&i6vm|yaEV}=4OM$_Jj-Pd~
zbh-k07bN3{(e1a+jBmW%Nu=sH-zm`7rLV1s(xasb6h%GAPer*aW%bG7D+)|veSw9|
zZnUJ7nm_@pywHZUVXC+zLSN*kL(gWfpTa-Z05alwzo(i1ay<qTv%8Zv@+;yn%~|CI
z|GXU-k9{3H@l~;?+sNlIL>RlKY6+DOydc+RL9HXSdk;*i%#7lzF`PzAE)1O)+__d?
zzYzM%MGQEBBw(AsSe9d<yW^u>hojliiDKMBmrGD}A-zX)FDhNYJS$QJ1(S@e5j=;x
z;EDk1cl5$^RM5DYuQ2u!>hpSO$bgETgIxd*28=L<KDqe@(Z4RMjbEHc?!?&~;BR_<
zC`LT~8o&rhEOE(zk+sk!uM0;*oVU%}OP8J{c}8;Nr4pL&tDMiikN*ESpM$SzK8=Qu
z`F#7|pU*gbKJV^uK3}f*-=0rpg294;QBBG{#?0}?@>mqPDKkgAX&$OYhzjEC-<t0;
zZNd3Y>u|m!;{jh{LH*ndb<<9=pe)oZ0E|bBk&sib4L1X9?~fb8!S;%*(m;It<1oGd
zJ5BG$oyRI~P69o)roHx`UPDMHrJu!gvnQS><C2XO*K9H_fmVAkzxs%yl#K_K*UOT@
zFC}8)%V;5b6&fJaSI08jg}j{&q8fkO);X`E8%>m=1Jg3?z-{7*hnNbB2+winC7}*`
zFh^eNe2dI1_}MPoAJ&aAbZOanjcBN67MU7~e`BGlY2JK4iy=yh9j$8lOHn`uFOyA#
z7&mMLlJXWAUozi9ziWp@#2AY%7rrxj3k;}!cyq`y_i>3qyCr^3SQ!ktxQ>Nf6y?(*
zsE4A<Z@{FY6c2U;$Qqb1G%FAmmKXT^v$%EhqtAk%LIQx}X3(|hzLh%ap#;Jcc5bXJ
zU7>rzwqwq|Ud&07pWYbq(lHxWV5=R&X*R)@YneG-@H9rlo+^O0=Q?y*a%WL&PrKo?
z=r(S`m`IFY8F%1+r5$Eu7J1w8U4^tA^?S6hIrn1VvjKto0wz)BF@uswrx6F8jik!y
z$75NAXlY;0Ftdu;M(G4Q5EN68U5MBZ4ef)sR=86+^@*2ucb2caOke>_Q3TNF-^}*(
zqf)dM;jx}&D>F2Rt99BJ&mW@<dqVnVe1HBJD&9ct3ME)MtS;+Eiv<eszGnJb3J&-r
z2u=st^4KJLPQmi1%aadwx-=y6dq+=rEe#_Yqr}8hv_8^leN5KZM{7PvwND4v$9c)n
zA|##?JjY;t%%T(~X0?wLO~E~AcwK3Dh{sG20i8)Kw@>DTq--Z~u9?hYrl9ZY9g}dm
zI3CV%7vf53&5`S!e_#elTq(;R2wf>@xKipcWwgFhlBsI3H<RwpP)y1US|wvC6f!K4
zc+ZCh3Ja^H{pp;42^42wp{lVikhR!7379&0L=s-?7L+tenWCHFa5Apx+n#gj)3Tgd
z;a+Yc9!AH<fk|o<J&iC)>wadET3~2BmQTX*!xUNViC1uTCJg05&2f(TI3;yJs8V7p
z>^5uA0zemST^zH{n~+VKnGsQpG`(Gq)A0Zq?$Xo`?gvsvYg!t9IUT+X6LVLX8BUYK
zO-^}=Zg1PdY;Dd#qTw7%oLk2X%2uz47YJ*-%^b6lT5xtYEXLVUm}N3P3FilJQ${Ro
z6^6%ffGm&z9IT8u*r$ZMx6o8&PdOgsTNEdqnUgS1dURME>(n&lAs%m5AY3}~EsT{8
ze9Mbz#b*Z0LoeK)Kpg?LHCCQ*j?;prpVoqmmX_@Hk8_V0PAA~{HPf!S#5HCR*Z7#M
zWuc}OSEbG{gs>~5jrs>F-t;X8{&ANK{3GRsQ2r5lKBdS1l9U3g9g`^MDMiNo>h<Nf
z<nW(mN9EW&bCOZU=BqD}{F$90KDoYx2?WdV&h9HUUi4DHW`cWMhQ@CsLyfp9$Zvj>
zl!+O@Zt(T_AK@WS-XIt@!*dRA89*CxVYZ|^EMQJD&#4$m-X?f_aZ-A-ygj?}Xhk-^
zq7evqU1a7&qF`@HDkmlGL7p8y0AB0@n%RxydkOi<Fig&OTr}*pC+;m$k`CH!Kse5r
ze4CVHbPUdMPe<Cjk|UpX?m+&p(c6jYMrSX{&@8xWF@&qx_eOdRx-wm&Th}d^J@b|&
z#09b?c?2+kK-8_scxfb+USR8lg3lFa2&MNJh0@tZ+t~^ro3G2F1jA04P22hT*MhoL
zqOoz}Et^#IP_4ua%>1j!VUi=_*M@|L*d{2kl9FQ%nSw8ZQ*by>5sms392S(G^bFkp
zFmLG(GaxDVnIz>Qb3h2vxqPSc55{f<^#9kyRL-8bpN#qGq3Hh+#h&5FJ=S9MyTn~~
zC3TJ6mTz`;&9~W&j-g?~%g%P|y_en4hPX$$#rNm*t-fTs*La>XUF=ZLJ{N_CQD*M%
zgUei0c)K#u^e=;8@Q7$_##pz7rbQEj;Sg#g^PM9<CJ%9?$g13DB<YganXDNDtY{1{
zp`B9Rp!R$gHFVe}FgaQu1Cx@h{E7*9#u9&z;7;9wX_<kaEMX!O-b!=y!!Sl#@Mael
zn7uoRJCQ4xT|OqJv;{M)ix{4?4i}rJ&B(aU8BBIv<W5b;z~GVT)lW!<GZ>H>Bt^Vf
z;m1wVbKJNn4^-%$_aYzhi*h~oIwp|p8atE=9l9Nu8)mK^WJk<i!26$O1BM2`lRLyc
zCa6A1+aWBaZt^<ysXG%mSp`vM5#vob96Z9X8?FGudX3JA!(tZ$8(LWfZ0N7myZu`H
z_(1R-yf!YmzqXQp+hfc$^Q6>M&*EEI4nnZ<5}L4>CPP|`ksZ>=BS3Ruo(Wo>VvN1s
z%S4OLbI=IVok7&ncAG=f#ErEpx0CA+S_i+zT)pb?@l0E!jD){wW_gRA6=6SKW^j(d
ztsZY>-;GD!C0ahOBNvRE?>@mb>Xt`;E+JgSZ<!P4y5#<x@A*Iu6$0q^AS8v#G7avR
z7chO#b$0o7v?BFEW5;{VEQ!&XtOO4FPMZ)5&aJ0aNjSi4Zv25gdRi5;diGXkD|sO%
zG=@}o{3F=jZ_zIA(*<O8-#z$^_m|?nm-#+AfS|yi&xx+*@tw&#nF;(4BjGBm$tz55
zlv1vQ##sNBuPTCaP^XQed=f)AU^op7;{ap~LVsc>LjR#Kp?`=j^wU|tntP8HVjX^r
zk&Qp%*^ceBGr^02ebe^@Uul8~i2m>!vumU1UlI`gPYABVAo?e56Wwt;(_6HF_o4Cb
z<Icl>CY(3(z2chrUK5%z=)Do%^~yVMrf?&+v(8<DZM)-Iiuch=ltIcsM|Sd$pmP+-
z=5-#W0~HJt#8#l1o{5VQdi4f*pULko)zmB?&$w?y`6WcR0!YJP1vRGj5!h!efOYh%
z=U_YU)c&Cqnv`r(MlG1vBZW@YE(sox_F?U}M5NiYVt#r|c_L8ia-hjEZYdp8dN)W)
zBAQn%%Z!eJ7|9+OU=I2}P_(vCdpTxEbRCSAluXh60gdQ2V1>_rj`*PXZYb)wyZq+O
zVenH*>Z$&{0<FE6yhE+1#09<>$4!^K+AVO+UJ<#p<;M)|*EI&y1jJ)Hp6Z*>Iz1d#
z=PM8W?CRXeR_Dz(!s@Jv%uJv!r1#R;Ldr3+d|QZU+KDjxI$8(>cOJ97m=$u#8HLAU
z&d0?Cb!>*aVuD`4!R$AN(TS585y2CNw0IjgRY&WI0)0`s<`!aZ715{}Cn%#$tdkGb
zrq}3CqI)%S<L%o-87n13Ijrdx7J_3^6@qRN<^7bC1aMOMAmXHl@=R+UNZxsJ4q#=q
zhLvYpt6MalML`zp)b2_BDL{<8+dGF;APp-o4`)~z5*?O5EK>gAyNCaF`Mb{<2<pGP
z$4&2`BTW1P!LR{-N%%`KdTLj)OTB$RQbz(X&7W7h<6dZH_uSFM$9=sNPli*A67=*x
zhiWkR;N0Z8+%!XdZaUVf&mBQT6M9URn?bO0v*BNHAk!qCgf6)~LCccqswJbpKZ-du
z7e<BW+oH_5m~QK9q)By|JpnJ@FkTgniCiRk77J~bYhm52wg<X-$Ny<Jy|+blvqbCW
zQiGl^vRzC7d5$F<Z$C+a4!!sF|6zwpB0E%XU>)KOiIMrcBmJrGVkcUCZzI=5aw|4t
z)9+hZdb-Oa5x2P|r2Aa0i*1ZA{y*oR7@OGMKe0n^!MjJ&7?J~HsM&&uJ+Ef4F(k7w
z%(7yIgs+J~Vit?DIsW^ozM0jtvYjN{t56?LU13_7zg#H$x8mVgTj-ftJst6w)pr-r
z=@m&)c4bPoUA}@s+gNv2YUt4ya3$4uM}IE2E-%%DSp>83j^*e@4`d+Uu?D5+uy`HJ
z5T$>VU(scyN5n&{34$`{9S;V*h~_O8iMiI`cXZ>%S@ljM8aJ9cJf}lKx;BH(>6q$M
zMxj02qwWWo>f410XgqkGnfq@VL&5=X?jn66P!P_^@SLVS7sGSB_M8pRtsk@JG<e>t
zJzG)Xnt`0WhaiKXPRWMh7f+iO=IB_j78~)V!k{fR6whNT{84)d37j{cLatDN9s8~5
z;6G{wmVH#noNT+bSy_hOQE%ewKWeYfUa@jh!t>n$lI92~n^wI?i?$VKP*Td^-{fpi
z?}hqxVTacbB=IbKS?KxoI`l=d+fF%(b1Sok6TQbJ;SsiAQymBK2)k29={5QRHf}_{
zukFu;9bdnlzExb%hFp*xU#F}PIQ6Mp%v^+|(q2EEfH^8b(!CBtkfK~054fVtFh8l+
zMD^jADFja~)s0u82w8eM_b+?&AxC|p08^;Yd;Rx&^t_0LXQF5?dh@b1lHd4xwvR6Z
zBs%JAB2ivYx(tTLK;Rhns2kv?T98lFb?9qcvuZ;j6FuRh`=()j!%=l3P=?vB4ihnZ
z`Jm&gi6T_^qh5lhzGWIY+?h_~@EsQXHJ{D<#Y;Llti;!f_WDP74f5o8=-i^!)VXfZ
zIVU_$!frXR?gx3)t>bC|kq5s2$8*?|I`wUVdXmq2Qh>Fe$w$Lems=PJsyz(f_s?g+
zWuJjBvi<ez$vDhI1uV_d59CW%$M&|31>t+!EEC%W%sQiD+sQixf$ij1pR?_xKKB+Z
zpHiQD+t2MJP@cvaLX$q@meM6n-%>DqPrX%jTw+svayUcRCl?tO;nfe?tG~djC5S)a
zE5ctA@Sl<JsOJHEWVjKZTT|fq*DG0~X+%nYsH0BECDd+IeQlbMGwSXI47Fk*q4va=
zgjyf`QTxF}_?EJ2yYa=kT!zy@7p)!V8?};}1)W>|C3VgTGxHieN*KR(UJ@w^CLDQp
ze{W8`k5awijRkqP`rha+*difNWmznG?jS#A8Rkd+{!Q{|`WO5m;q3F<;mcn%n9%x|
zkE!2KV2gT)9GZq;cc+ZT(ehO&(Ww{6|Dztt9<F2~o>+i7_^8%ZG~x^JM@@nOdIeno
z9CZ}mZ63`AoqWMcfxwn*-s2BBtpBKyO<6Z6p3;H7qQ@@+F|!2&(a~+WlO{8K`b&yd
zz;Y{T*Y3kToepvVPbU^>DBR--y~5-`rt_6odV>O65%hE_OqP_X0=a6DyA4L2C2uDX
z3t(rTO8ho`k0w}z_zK1N5+dz;{#wzt&oQBL-XM<d$HeVr?m|tDBfsD-w3Y?l1jPN#
z!rX;oLinwT@!Jr0p=YlLetS7p^N^<fR2xb%of3Y)24H~!K<Q*_#{=m1KhXc<30Kqq
z&l92lSrPrONY+w&Z95-D$F{Ht3t^`V=BfW8rVp20)rc|ZkU-}8qPX<+RW%ZycZj|D
z{HG{7_GlMy0H9NV-9FkUDv8kX6V5-Qu#?O@Yq99p(97&k4Y<rg`g9lT6FEEOryrqE
zj6NFiJKqK@Ey-%ePmIv5EmocSt?I`oqO=R3{k394i^gvQ_OHO%33F~DSHklwG$uJW
zQQo$8&Q0Ae?di<9i4G6E!<chZPtp+sh9YE<(~Kks3d&r{cxht7pX^b$Cz7L=g-*EI
zP&6yO9@nPlLxWJg-uaoJOhS(#3p;*${H6<jlqKH)Z9H0t&b6|WFp}`lbqX=`7HG}h
z-)Qauo!sx}X#E@i2iE_E|J&Dp{8g?0YjOQ2|KGU&`&`xfAB5{axs&zpIvU0CD@?G=
zzGC{%g;;(e1(0_4ef+-z_iI23rYkmP7`8dR5vqr<ip9~4RrF!BRD3)NT>`3V?0o)7
z_R8H9Md5Wj<rRaq?o0^q3P(bEqg_7g`#r`i_q|Bp6y<fkg%K=d^iIE@v5-4MhV_pl
z#6tKL99_qmbG_j1v35zw6(Bo$6nbwb4%0}1q><CytliUrVNN!C`@=6gxqD+qJ6|H>
zL5b@_c+e-O8IyVajFs~RxzNyKIv09bt1$PBHPl`MTKE<;$D(*%k*p5dh7nmSGYkTs
z@43Hr%94okD_i~k%8V#y*OqL9$q|)abAQBnR7Cx6L+d+#x&EKGvhPQC^8NW*xv`V-
z2caCO$aSHMBhGc9tFw#XZ@9k}KdaeqBI*y-;Kg(TuZLD{(#zZNFV||iipW>>K$Ew|
z%OvGyauQ{k7musII|m#{83!zM0Xu90QZJ6hqw$9$`H6dmIo<E;6V&HwBw*OKosQcj
zxA6{fi#pC7mtABVv1#U!Ik83VxJ@~>`%Uw9N%9(~<lN&khr>(XT3ObebB^R!Y!%$b
z%|aJ0?EB8ezJ1~Lx)sHk0-G8Q;8)CuwVieNgwnHud&F$X=4dkW&(AO-gasI5iJ&O5
zncW9;_T^WIv9=A)9ze>zc%<hqjaX@e;Eod|<*5cMBBMWtDqSOA{ic!Ah_j`Q|BrM1
zHO&F8zbKsRqrh$9t5!rXd^{Ut_HnV^6Z8)68=+s<+ih1I4~(vyHwyj3$0~7`8N;kW
z|M2x1!@LI==G~q9hp*@v@DHaiY2Rgf_UjRRbAbi;rtt<dMPRr5EX(g?2)+N){cq{<
zZ}i`j0R7LqKG6S;mO;t?L-hZmp)>k7G5UA(3MF~Gntn~__5!=Yic92jkGqQ{y;0BJ
zOd%~w0hYIvJU#;33$(ysLA1N@RR?I1bcDrwrY!k?0DlzZy+i!nt?>^LlU(o7apD~B
zyN`eFRf_vFq6xi!Y!8|E#m~YEZw35^f9~0~h_VMUE=Vb6)M66>5=VnIKTNGCz0^BY
zR!BOa$qEvm?_;kXQ9F?p_~%Fw4*g&%-i^H_pdLK$3E7(atD5|Of~m<*1PiU|i~IEr
z`s{I5ZMWCj>3J<v6v{Ap^-rKDfWjci->I*)MzOmIPntxM>hT~<KTltdW;`XIV;)EH
z2}!=-FSfQjVH%6~2Jj+62loatP?Z5v?G;og0%v5px-g<2x%~65*7)`au2BPX*|}RM
zhDLV6B(GEd*{we(tG?#~$4Xg!*|F01s+I0*2e#L~FbCs>FtX3%S7gVc)6%a({Hxu9
zIX``?ueY|}i~d@>yc=`nWQ=nUG>cn&W8DKMiMA0x0R49p-2;EHjW^Bv0h4Ol);RY9
zs|=_A{PY^O0P^`2HDlbyn!pOszwUg|w>u>N3A_y~01NyQV)Jbc4%J@T01HnXV{<f^
zXOGj!pFo7re>bH69H<_j!>?#ygqzo3MchYCsueUI6006ZdWSFj(rYGxa8o;T6)fZi
z(d9Ac*zPt}{KdCCU~dWFud+Qcv6Fu$tD;LGkkX*_OkOjSd>1R&O00ZUEiKqwYh_t6
zr(LR|+e0mMf#`y&Hee$IUybLG$|8(&QN5mj2`@=XPaY~EA9$1q20~ZI*z$&^@l_R^
z7JpxKtt+wHPC6#T7B+c|?SY|I=SkR`hDLRF9vRKAkcJv657ks&$ad}!<x_UUsWHmD
zp@fAMq_!#if(v-s>i8R-c7m?3{3cwr7nsw)wC&7K)Z|;(j&?E8#mOc7io&R*wyap^
z&4N;BK}`2Y<d{jfQA`ZFvj?;_Pl6h0h;H~w{!LMw<`{%Q@!3%;x1H`W`L=eZ?@lFs
zcS6#PpvGIKUOdNSAFClK`=HB9gzSSZ)O3M?uc%7Gu-Nn<=npJ31bNzGm}Vk<CJqUV
z-+g={AP&81Wa5yZltAGg6o;}|+6)wjK)67WC>zzB`uYg{(cJF*-@jI}{ph$aw{qT%
z?7p0Ilw$%#tK;x5Xpn2zbwsqMbYTL8IYfg@^ZgYs%v}mf5_5QvBrf)6l0>#Pgk%^3
zU-hOY2|@2s8nSlMd((fYzvqls)8G1@(BCn7f9=Y26G?4-qY?jek^_!<O~ThfTh4Jo
zDJmi7ye9Yo>yo$hCvV>ZSR?mMmE@y>r!fX^NPAAj3F)Wu<m1_u$I(U7KZT!GAAZ*!
zUGyp>=yT$ZW`4RceG2brK;Jx1esv8x@BMRlD(AQsT_hVs!x=Gg3rGeHj$!$3!9OKG
z(UUJXI1lS?+BML|IZ!aP(cLOny_xRFr}^FzV6|6co&cmzB0}`nNU|~_oK5?Yc7Myl
zHX|}4;fWi1hxm(=BX5cE)n!p=km9R$6SGC13A}6Pi`VpRSbAmZ!B+HVz|>AYzA6bS
zDt#j5q8YJx+woVS`c)b5qMDHX!DE*jL|c>Nc1q2-#XHU&F9H^JGWjTeXO8V2l8-iF
zR-N|pQ44YUWI#Xk%GeYlAknv-FZuR{%SUCgwl=2)iuG;6;qxT~@B5Ut3GS>45S3cZ
zvquNSq#2>xL>!4poA|2Jun)k8H_=Yvn%4kZW;LE)cz0l+4dSme>j4~|Bbsd!O%)&b
zR$^)-!9BMGgW{lRQ5g$lHGV2OI5K(y>}b@I#wJ*&nf3YA>lv+V5e;X>#I1m(Esm^w
z_uWV<8}j8XL@QnHADYTx{f2y0CnQ6iKu(-BX5Zh?tM6Brn*I1y^qUPydDy340_KIH
zsQbkj(crf~Msd2>+#~Sz9~aq$6^*O?`AlyuFkk8RC}zQg!Wn`xhise0NLVH6&J{<f
zQ88<@tZ#zWs2ruQ1#72<%Xc7)xJLczj-R`uDDMIx^9l>m7^5ENK#JMrmEeW%`oQ_e
zGjaVnUq4?jUo3KrS)XZ#BfiAYT#vEpfWCOtrL_{&x!*@|A$`3ZulIH9J|-W2aUfJa
z9ADj1p3Hw%7-egkX_cFVCwG+y(GO?9vRKAfok9Yw!Fy!_pI3_#L?NuBMXxc<n%xU&
z6;}qGgb#{}m_gS<THyyg$Y;q-`ylfXwktWn#Y7?CBfLTMoQM<C*K`&jC7qazFeDZ9
z2z%lN@)7P8>La`-zj}{j2>J-`kqq0U#BW4p;4Z;7*XrzMn`Pvy?(}1rj!EbxyeCKA
z<J?aE!O(CwG~}x>)uU+GD!SHC^bOyiP$25){F(V|?EsO7;b0|mnd-7{9gC}J!cEYc
zqZC@nd5f>6cy>sR%*Kffh&+OWX!|mVwj+QkQQ-+|M+A8%VXI!V0RHMn5cdtcsFrS|
z_p8PPb{Ds=pp3D=ii4#U*OEgM<<TyaB<q%Y(Oqa|{@}p&tfG85AaNA+Lr0tA-h2G|
zdJj2YXg6L-&PswICTT;gW<yM)2vvCZQDUBU|Mm#W4u_5q&+`3hQommupCx2`Ngz`t
z*5O<n3LW4332c1#2F4d^pTmSgG%)qH!%-ZHt-K(6fZ(<7FvDNx_QqiQmP2@`6f`^j
zQvJF^?Z21b;rD)l{vNFTAE&?F2Rov_s`$?4C;#7|zfFDqZ=k={1MTVW?LNOazDWA}
zOKm&)8`k&g=x@aVMn8tDq@U-t`o^oQf8PN*9O=NU4Yfco8_zkqz*7clClU5!WgMvW
z6JbMGQv#~&v*S7V<eH#AS;yZyw!ic5Vb;k)&=O=K;Znh9+cYm;DBU6PUl&G+29TvT
z^X@Gq`iUhtPaW?x9qlq~i<t~t%+#yiVsL{wp7iq@%wXJLY9+&FDX~FRK!>-LnVns1
zGmMTQIqqECTz2Kiway>->q76J^a$Nq{tB2)*(8)QS&M}s!hDaBsPnFZsru#l-^b?P
z^t1E-HOn`#FM_r@<!7w^;C&Ia^$Ybc?(J-@Sw6hT`WyB#_%T-r|BrirhF30W#~&ru
z40vPC>i==xxOz`Vym2c3pWu!E>KVctJJ=5_VdMRu;*EQEx95$Edj8wIv3hko-q_n5
z!W$#}oyfAJ#K;9!rNAtET<fFcBC|5iC>JH+udeV512l^Z{AKAMaE^3WLyU~!4d$Y>
z?;L>s378p=uf|B3s_@c2KRG4lS}?M~`UE53X0}CK&~`8tS`VrmYc@#G79FJe<y4MK
zHh|tR86l1K4c45bG>A@7z3ARY?oI$LtZqM1&jC10ojnOHIrXAkI6065^Xxh!M~V8B
zySz`3Cp|s;-q#=2<9bmRBXw4<FYgcQy~NiI?^Ou?^^RCuT17K(obpq|ql5X17cU9c
zpGx&jKU;rXHdG!6l?7iM-am<`KQE%b?tf+$<ZlGIi7s4e5pKFtIv@&<(9#q2@~&D8
z7kRh8*c_>nJ7dWP#<1xcl{xfh4ZPb(F_LT5jm;KNjeNBMt!R?pLTXI&R`PcYzmF%%
zJ9Vq%UFt`Ty}6vag4+#tWlFN7P?U1fb@XzmXN;&gxrn%hCwA_kxP=k!F%&27l=@W3
zUM=!Zjdus~8TlaHmcjL9MMjg1%Pmb*%ITb7NZ@V<rtiG&{wO^FJ+KP@M2q0cN`loY
z10df7yE4rzD$|m`M(dsW@}LCrXOh`UM7z6PR@J?q;97r-Jay26^!2}DAB;(8s&D#?
zofey7Fsdv-cHRnfo-De{L96`}v&#Q?8C$(OdM`QP^g#z4F}lF2`RuOl+8=LGBt_oA
z(~-aW5Yr)NZy`@5{MetmGAF*$Ei@mLr1zB|qbd&g=lFUceFIaXbv6guXz`8Cs>hvL
zd?QRvm9kfKUG_V6*loaUj*0x}7E<eh7cH%g3X5-aJsRWWvr@|8*~>)3Ug!;rZ}gfo
z5Z{O{IS1T+fwI$Ue2t;|4Wn(%bjycZZF{4^R#397{EF=HM7?ObeZky;={EmsX1e`0
z)LgriqxeDwzN#-~zg$reCAfQBnlX}7;uc^4SQEc+gLc8nJt|>3`KT-w3>W-|l-b3I
zQ~r&3&igV{Im??1=#9I+C+A&&rYctB%AcXeGh{JhFXFHX3lmXJrjOp_TCc=t8^eAo
z0$><47V2*__UF85Aplk(#Ouf`tbOx|_3%yfPRLJhsVpz%a`;#3fS4b8AeEEcL$h8O
z$w_>kD!MiqHH#bu8+`ke1<6-JlPa3rPT@Q+w%y2y3obJYT^9K^WP0&DplT~$wS=q+
zd6atz0FSKSHJoGnGIf`Zk{A^(v&M5;o@^GlW(F>*GHjg9ZbdjSC6R;Of}Vksl}+)%
z{;0PLUi)&~4$SENWJ;m(BNv)N<p9T!k`>2SZ>2ah{iq87=w|GIyh~WH7N<CPtwC^)
zlpG`39W4w9cvE*EjXMXR2kppzVF9!qs~y;x)sN8i-92)EgPd=l)*F7_hhyOcyJG8D
zYTdUKN>`g%fvRShIp3-r#1)dTT^^B?TbDP&!g>Ee2bq13_h2My4&35;=S#Z9<u$ZL
zCJGthXI7|e^%0md7JpP<?x!y>Uc2yHtJdc$>1OSz8J_6=V&|tGvHGb;F|M0?dUUXE
zdVI;&&GydjfBk>`yQ3p6bz(H|Ggo;US3VVUSLCN3p__@mp;MNKN`Wv&F&-3@sU-XT
zV?H{2*JH5VGlu?nydjnrq=~k*^M~T07p};SQpk#Qtkw^n*7U%GC$IWntD-sIGWgsG
zj(^ERWvggyC@%a1AJ6$JiZ+b&mSx6lT#O{gqR$*O|E6*u*(yz1SaZR3sFmd_ApKKj
zIXg=0^5m=q8c6D7(FoDDasC8RDJm{dvi>5kaUG6cX4G2d?@$zsn4H7see3=&gKYy}
zRY8Q}LGa6r&Smlmp&JP9ERy=c=sfvL7YoDN;9Ck~$$+t}V`Ev$#<DbQEF~R|#a|H|
z%hJGD@VaL}|CA}pd~iHV1LMii$5RqEo@M%Y{t-T&xgC#ZX>dHtLdKKDm5V?MY2?ip
zN<XlPPZkZ0lv8fx!(Z+3t1ry$Nr7kNI(1yM*13W#VZl1Y4-m$@jQ}s3D=z?eLPzkX
z2H@SbV4q*TBM6W0qQlD;T<b~@*mnRdk9BUc4lDxRi~zjh2=Byi0`LxW)#2p<ylfqw
zkt@#^T(xES>5Y<m)C>Q;&!65Hgg2$kZaB#f^3^v8)^UVIIa2-W02am%E)i_&=532O
zK@H}g*JQRiCKrg}KqDlpDC04rAYYB!o0``ei)TR?lTUD!sZ45z{gl#@1ghSHRr^EL
z9HqcI>Nud=IRxs##<Z%2>e0n{zWO%ukLkPbo>Xo%<_}Rvo{!~xw({FMs@#`VZoU>O
z)14O6dG-O>g+6A`#A;VoSK@3g@V5>JjbbFc1Dah$F~&eO7!*`UzDEG(D>Q|KlCL1*
zsvkz3WW^!^!qk!*5QxNppv2T4w2c&_sHwLAb)0WRxN^c*V^B%;4;7k%LeL{y^$(~i
zkE!1kX==(srb23(itssVDu-c0dV5{CqiD~6rDqB`;9VW^e4s6$&3LUr&4yyV>&nf`
zdi-0E2=Uw%{mW4~4HLEmw2vsp29nwE%6i{_no!_8#I_9i9NRR66|`x{r+nXp_*2pq
zG1v-KZ%^XZK(*s26fuY(NVqp{0W~mvPy6+d!PWzwE$yEZSPSF3Fz05VUxDbicHTCC
zS_W&2L0yTgjsPz!C&0vC0bX_x-b+Dvx0-c$WdJWjgGXe;l}lPj(+FPj=X*lo2|;*w
z2H`~`auMG12ts2g2=!ZlN@FX})u0LlHEKTg65tgF;hmZtfJaUm1h0xXEgSOY9L)iw
zyg&msnSgytLx%ky;FSd7y%B_WYm?r;MGRiD4iEi1C<=Y~Xn3u0l@V^j;S%5{lZl_4
z#${17JHStBqxJq_dr|LS#68y~VfTZZbgm*GS1Fq;D8<MpP+#J!F^!?x*c_|TN^Tgf
z+*=VGUkH7yb_T}R%!krPnob|tY-AH9_xv;(*^OfWRblbE5s(uA!PX><R^q&}U{M6K
zyur1>AQyuMcpto-aKb1T4|J`MmIbp&TokzRx_KVP-O~ZOfZfZ+OSZ+5lC+ERcR5M+
zAowV`QSb7wXFu3M9|i6t+yabcc%>aUr!s%4W-FPmF^|u2Z4E5fSX2H~oPd2Y*-Daw
zwi0M7L0jZV*Xi~TJWO?t_1zko2S)?#oTjduukob(sbP(RMw9Vs&KTWjBB06}2Fv@&
zCjp+MW}MX~jbB`dr`6RV{3kPn=g9iQ+nwAWkD!mVF#15JJ@wl&^r?(U`ZzZ~NFQk-
z^gk;|A3b&Y$N>5%Ci;L`u)r)V9rgiG$-pF-3Eab!xfu~wE1HRW=Id6g44jGRS7|1!
zp;jxHiMbh9HxqO9nYc7hH(zCRIuoA>KQj}9KMu~s`%M~p_{IBhCa&@S(oBTdlfw7>
zxt72#{yr>qb$k<TvPL-<1D2!JFIygK&f!-S8CpC>XRj7dlrtNpZ&z7bv_tTfK+){z
zEvH<^GQ{ZFCRal-S_Cmju?}`Rg1vkiz%n3Fj+(mMVngNFUIrbGvo|bCGbSqK7CdW3
z`Jn>Cl@=I0YF9aT0(E4;dJaTZtuIlo3$fT}w)qPTEW4nbHHwlq$m2_>ZdX<pW1u;v
z!s52Jj5b6$hxUlV0_vePAZbjBCP|}v1t@#8)4g#jmQ%)>(f&CWM4wqOL3L2?BMR(3
z*QypZp;S}^5T0RPG8iA?v;{{<#)g+BkK`2N0#~cak>P5M<*S*4JhKe+l3=$C7zWbF
zsi+{WCEH+dbg$1vhcK?PwAZDMt51pwRF49*IET0zjBGf`f#FnA07*c$zc>44mFvU#
zt`UZlYu2g;hC@aWXsA}4jt%s#H+@cX&jTThzE_ln5ppm#pf*_hDK=QcGJ_*epi~y=
zTh%$I{C*O_Ktc~pKP8HQHTrkJDcQI}GY-!&a12h8CCls_Bw`$BV9LUfoNU3PMn6&W
z+0%Pg$hi_gt%TXm5Eis8OZ$LhK~zx!gcX*J%LpG#qI{k$WK52$uAi+h<ZN8XUzA~l
zrt)l|zGl&o4>%<aookTusFgQ&=UTGO2FEQ7Vs18Cu@ZuO0ki9>zaenB+4YqqJK*;x
zCtm{Akgc<Z$FVuEhHPXFW_^{<!0zSwl7rxGL~ui9>--=)tmXinAMn-Pu-;pFI!~B^
zel$rRAQuQ4beV)$a2eP9F?hbsJ2*sgtPXjfdnNe(DXKGSSOOY@p9+T2coN9w`YQ$$
z{TSsOT^=1uZhVy+pm;wf51PKMmxDDiP}0ifXzXb9ZoCqdQ5_-Af4CfJ1TnPf*-{_a
zXW_hOuLRlHsF2O&yO3ueGqubM`L=pju$O?gmGBww>dV0<Ioj25`MCP3$}B5Gzl^x=
ztrS{oJGVzD<FYb~GWco=Sji4a3XPd00rJ)RIXVcq7xmJdFHNLhH>Nj6_**LFlO@Ax
zQHfb*7~{^f`b9pkUQp81XoIe=WnthcQ5PuJfqn{X7^6Ya4M)%ebLeV+4rX`8Pei~6
z`Bv%9LP6R50-yJdpxDMJBMy${SL7YM<QiuNVxNdh(s?t6r`V#p4rU03I`z>Lv7D$Y
zjFe8KJBmE-`?57^@off`_2gt`CPU-p7t_!}_I_8gkS%%yxXeh7S;*>cWM(Rp`bR8{
zbUN3}TjgC@s*Yt}py|3}d>b>1tbFzJh5)`P8((HY2GdJ(l;5E^n)x!Df`<$=1?6ZZ
zVpEWVnXS2?z6|)u5EY)`ClRs#9m9``_)&ibKcl^|L4_J7$hEG!K=|nvz)y}sq)=T`
zJ}#07LgruSc>YPBSf}X|5hSo)7u)%l{?#!Ngp6<U)z1Im@cCD@`PT&eAPFoFlEAk>
z0^Wy0NZ@@Wf#pUbf$E1tNTBuxodkYw?3@JV8W{<^v(n1!V;~fwOv0}i7Y$OOS(6Bz
z@q()+V~f{y2)eon*r4~5<FUFF<ohu!KP<HWY$++*Esk-pPqYpNmRwLtz*cT%S~y?*
z{W>GX62VMw6o;ajWUuSgYo^m~A<ECQ%wqes*dpG)LW^2mj@s2h{LTm)3f+IxH^14)
z!nxxpt*u@{`do?RUbT$P9muo4erBJa#;*yo+ozI#GPOhfWNHWc$@64LgvnYBUwDPS
zaHqr!Daay1`NNDNB}qknrE+ROUs-q3qD}rQ8l3;d-kZlaQLT;RlQxC0PQg;5f&_1r
zB3mm(TLDR=g$blkl&f3?<yyt62o)13i%>`_j3I!EsMn3_ie6OiRoO&nSz1tJ6Ildh
zQDI_a6-wEf-+7+r%w#4>>vG@k`~LIe^C4-@IdkSL&v~}<EW5bKvQSm1Fh=>agF=i#
z<ugFMN5-fMm4gB)RP1*e1s5B!%h&^u#j6a=uPc<H)8ebl@>pfg7*&-5&(*;%4^d|J
z*7M6+Pr>lJ5mwpvQ)KbQxsb^&xI;%yvUS|@EcK6fwD@Ip^2(Tnx&!N*%N8|VQNkm+
z!WJc0d;pCvj8)kY8!XghZ+yAJX1EQP;@^fpsw^I>vJbX8mM32+>}6aYSehT-i7ZXw
zkA~rkWxc^0>LHyh(O<VZv(-P|#r&%N{>ZtD^UG16STZf4`5*MfSaHS_dokg8Q}e}$
zvB#@#KQ_a|FZ`g&E@@nLF*E+1Pf_6(3k}F(A$pHqfDTfPdvx>k|6-5+s%#wdTYGei
zvi_FXJ#xGq(F3OGc4LHYH{MYH_&j32hw*CaStF1glqU|eO%JdYfuP24KdxSxw}C5j
z3*~nQM_WzgkWd6@2rQuYdeZ*tWT)9AY;1j86*lfa)L5W%pvoC1Ok8Yg{R4_k$r!Cy
zeQ#S118()bn(Prm&zeD2y_B`{kQIiXrXPNKy~AH=G7jHtkd^k5k~vu${+kDJ_~yv)
zd#Pg5u*1gTr`JFH5j6ZX{qS4C@cmP>Kqu6VV+<x&O-_%3Mu@|zNRO$|m=4gm_i0AD
zN~W3wkEOD27L%WonT#<t0e@zjNF8nzMl1|g(+$Fi6eEm4ymjUK(JG{-8(Qjw5mcb3
zX6d0-dEpJSKA;f?*_SRygpQ=z$luF3v!AS-cs)Vg60!7skSM<7Hu=dQM{IjN0p$om
zdtkNxfh@q`f2-9!@H&5Bj!rpVs1rP{)*<|Nbbp(5hs%Z`PYm`6HYsqQ70v%BSHm=f
zS8D{&FboL?G;bqFH4KZfj>g>hb#MsaMf24D()9hM|B?Pyz82jdYkzT6RgS%xAXMhq
zMFDQzn<*`kec3~H6Y=9WLAYlv7N#0oHc)7l<Zf%su+MWYq=FSemCzKq&T_L`e#=g|
zhRJsgzVq>WG{oCmY^O`d#df-^8*MLyAC%vi`@Z3YQB|pZBbT0?;<5&#SU1}QQUN5)
zDz!rrdWrRhJX8RK$evLC`Gb|g{jGwhl@#~{M}f@J&&r;Wf&g}J>_NJy#c+T+?ZRx(
z6$e&Pt^B<*vlU1VV{OwfqqgXJ60u>~Y-`{;Dx+F?;47=(4ve&ps&cd$+dXJDQNM+-
zKax_p5aC}wuFM|SK){gDk|O!eTgJ7PR_5lohPnn1x=+eZhRjwF3Amz0XC}e6xrj2>
zR+Xo>FXmZr0zFI}_X8LGuTGtjah4!_p=||R&pI*Itg<b&B@RMT?JjKm(N?z)?SUlJ
zwz>s0M+F+N)q`G2;ZNw6gDgFKy|Wsk)x}#a^i~%OTSP6yJ)3n4abuOkS~PB~N19$k
zEBmHM=1@go)TQwJMGxSZKDa|2Q?g-9D_=|zTx@=k?eRu!Phl%qY#u>EzmEr-LB%RN
zrO#Y!2kzFLeZo^LscGgPu-l^Tr!n6=AF!Hp{)G2vsHgNBIp^7c5VDa$UeA^RUJXT|
zmFghK$H#go700_Idc5vtG?7Ko6@&Ri@F-y)I}fHt0L%utWYyy}jDL^RJCLF$Dmz4w
zT0(z_N=%VMGy_fuJ4C2>!+4nN5Dh=b4^da{?8nax>uVuDkZ`)@3H)>&Rwj+mPM5<J
z?{vM^l(vuX!uLwYmgpXt?<(k@38AC`;3W#mIR&OhZ-ls<MH!ovFN1*6Ck$h)v((nf
zYU?6>Yl*dfm9=*Irlm7M_+SDWFtDvhCrma`Xc)RTTHn&2+lQcAH=Uf>9Mnn?U9C>h
z!zY8>)FD045+r#+3SGzd2Llo@Fa}s0Oc-Fj(iJdwmR3eg6c1w(3`lj3X&zPU_l>R!
zrKu~U9IfAXj1tGJjdHNs;c8!lIdx2<#If5{@2D@pRnLyDdU>X`uJ#xD`BN6;W$*N)
z>%H|3kiC1eMQ1w+s)L_*kju0Uob|}+eI6JG_e29e2)ui|7GgWnNmCi4QivC+8o_-2
zvk9mE;ERbuupF(f*fxPhvVSN;UH(t(CAdsmrHT_xrHm@@H9Yq#rOb*9e{C+~{jcL*
zspnnoPxbRReL63DvnNCEn0kQc>u9E&q49%Lt9Pnos*-r7D?a{5`S?ApqQ_pg_IGY^
z%cw1u2GbUInV%vAtq^EJgBN;Li>Oz5bAQiknnk_l%piJA<#X&c|Gpeq=f4JNoi8s)
z6hd#SrG0qmQC5nUVCYZI-USvHVre3SKcdUkr#W3t(CG35aK?C|rePW;NtQI4%+Zis
z`sc{8TStz;>sM*HpJS4iP$Z!-^3RI<Z!xqu*@(j}Mr41n8F!mkmlOh9U~;8Et95xq
zLXwROt4w${#n8viVjToyt|dOfcw9#?l7A<?=<!?hVhSud5{nlqt>^<<7%DeXisRqb
zK`9a}bx?{VtkC>rKVTiW{4d}k<O{%P^g|s$K7E(0S1uvj-=}1@9j-CWFn}~7Gu~_A
z2S5X{@?SP$pfs>^A{oq4)B+g(#szRga+g&l1Q~2+_bP{*V~D{N#;LTux4W=X-Hb23
zu>wkV2vhr$E-O5uJ1SgD_<1UHn@(haGXo^69nP2m^-*}&>~E~3RqgLk&6GA9A}27~
z!C_S&8-cyh%xJ(=Q~~!VQzLQiSQDsv`46x~3W>T}NOG6wf2i2~=&@maOQv*AXe^d>
zVPymTQ##|7SL#4O>X-*W#V<dy&%yo&I;R63lp@|xkkM;(1p6OBfB%E{$6A2-e4qux
zT=F)C{~L02>CUKf%G;bJ2d6<Sl2Oh$33=jTQzQl*xZm~#SNqe0vhCYE<D>kxIs5`X
zeer~j9yD_kK1B!ag~(V!_MQ2k|BARh-!0oKLLF5M)a3`##Uv}gKErU3DJK3S?Ufm_
z0?uB@@TSv0xEBNq8G!c5$24ku-T8aE3&Ce$L`Hj`_7zC(n(Jq{Be!e^(Ti{MOkd`;
zUpFAT*B(z!Zs2a1;n%tHx8B1Xo?w2<kJJ3Nv&Y0TNUrEIZHMS7Nb_Dbj<>AZGuaj1
zAQe=&*q8%vK<kGuqwQbfw2_!%PPASl1<c**a&Myzb+Zq)p*vg^KQp?1%2g3;nwPP?
zZn_?932Qe`1$;tYO7B)i@DJ=@hled;WQ4Qt1(#{xv>ah-E}f^3?lzvMB6gk_)&qm?
zt{sfs-MT|PO*!l|Ip8#H;YTF}wGh*a-TsGckf-bx7g=ySEHP;JZYe(66#^;P1py14
z=gl|Z2{ij^62#fCs&wJ<IRyMC`xy4h><7BpJa?^3ROw=mvG=D7$}`)ofce>o9!Rs*
zF`5{Py1G9fn=)=TjYcw^&=08R4HQHjfD~;q*^)w-<g)UqfV$59JzY=-qKIq+dd~F(
zAY0!Q`!K=NmJ3>L`^cy?0XKY;s^MOxnH@AAtB@-aAOI7{cK+FRK*dqdo!*&>ou~88
zF@{rCRHLtU5`iF|T}KE0Y9dMojK7<GV`{nVu&2OPwVo*1C!FBMqhDc0zcSda*F(Qt
z@@4XMQTDE}f)Pz<z4|^PJvZ{9jf@@|y5ab_prWtXD+t_7|3zbf1}1!dRwDs^z0IT-
zK5sRlVEQ`MO*Pa_qB<Yd`3!Z_sO}-En`NjgrMiJs7ckVxRM(B_o;TDzLv>eB-K&PW
zm#FUCIjnozQ1?%&+edXD80y}mx;0eyA4A=TRQD#;Ei=@8Om#D<Zk3@9&W7<az2yl~
zi4`g0YO4@TWIwAMlt!cq%wdE|$2CH*-$}gs?@oQnNJw++HH<%ZveQ=+^u_c$<0SQK
zQ<i<s`hDVL^eujiQ)+_+&>-Pdbc04(11~hV5Yxk_*nl8e83JwIjOnEMlCDh`X!B!?
zJ;7s_b!{3!n|m%tx4B>6=BHJxO@2(9JI>O8`z!0ALC)Fe2Ctu0Rg-T*gLyFxI#jC-
zW<UdLb##MvT7$nsgJkxT0+l$$3br3*<>K6f$HU=JOXFjkkE=_013dQm@rVYqBkLk)
zW0FDeYS7q2K>icTTUAyeWXHS(OsrO(XFr2*s~&_?7Ca3f!13T!=n3We?Li)Oel#@f
zYN8qy(TSzsvd>^rr2AaxKA%6G1wRUduf{y}7Cg08Ee2FbF~@>S=+(hR{ClCmdp@eX
zyp4upQw~*<&BoqJE9MJ${2w;;_2acht5{{QN}b68WifA@^ADc2fg|ou5&@4gp$V|!
zkjNOz&=>2s(De0NQ#Hb&Je)|>#K~W^_az&;0h*wZMjQTx?ux-#d}tUeMx3!POj#1t
zVYS6!k&YFp^t;f}@-3<Of`c3A1;y+Iq0z>rg-oiU38Bu$((X|DcVk&QD9Z~agw$PN
z)b83ksa-GjZsQQIYO5o8V(B)X0=zD=ckwHg?1^RI9u-_)8?GxKa$!jy)}u)?_HaXN
zJO4xJdD%zB(pQi}9c{O`D2vJ{ZZB{Y1KC|rZai!vyE4u|WB~)=0Exju%x%)BA>FzA
zC$JJ8Xz{bssVGG=M*~5x38sI}KI(lt)CKVWX{o*hWIMpoXwh;8?;BnIepYgg=<5pH
zNy*HCoc`mG$>=S|2Sx)ppxiw+)+^2{O1|}lMv5t)s&^z?z_#uh7|D9gy5ggCbYl9y
zU=z6E(<{6v^972}2+QtZ%kCKhu|6=$fsJOtMtG-<`q_OjY6>c=$kY71Fec6v8n7ui
z?tzhSJz4L_cT*6i`<Gb-{)p!PwwC+9EwHKiySTsTU`fyAh?x8E@y)?7_Y(E>zK6fF
z4t8e?Pmu-}&Wf@WUlUpp?aw?619X1vlFvEiOML?jND59$s{3{NN*f%9$?Rc>Y1~mC
zH4Qn`8~{!5##TBYXsSWbm=HY@L!O-xK&{fd_3b@S5s@y*-_46Gv;VIG`8&EPJAD>7
zk~$##pv1XiQ2wCH_XW3nNV$J{3YhsbZts|P1?%4-KEHu<{aPSB&MA5zCYYx0NF>M)
z1FyJ_Jst9fLTSV+*0o^()*pY$K<z7>m6q&B{310L4z7}wsLbe0Of1{y-4fc#_UYr}
z^}+_;d8I4;;AP9Sxai5s*+=(<2}ZswCm1Q1AMKAm{TB&I%~rOBPWcSOCwvRRc@VeI
z!Dt8V;-{Zj1w(R0ick&Ta52h*R@VrmE3-tj?hQd#mP}gr{-7&sX`-tu%8h_&5|xdh
zDPw0$;(&r!DW3qv1EV;nWDZ5!F!W4kCvQILvXt6f*0H<+6hID&Hnw;p;A18j=FD1*
zIy%71+)_#T=mOzl1R$6HPWIhWg&_y3QUHeX0fvS#St`FL$x@EhO*MFerL;~1$%+oY
zBcoc`cn7GL#-zEXUq;<hc8QzG1t1-uYe`wy+YVJ!q*Yp!#0Gx$N=>UY3!(J5GOpAt
zIK%5*ltdYkha(4kOZF-=FM-GlULZZV$)w(1GK<N(Ir0&d@6Ics9)ixVEgeMMedzZg
z&RNZ`Ct@YqJ=yUk+OAVm1pe@Fye*kRcQ3$?K*ZA)^CHe4Vjvqu=rPi5{wc?V+x$7l
z%-J>GK_E2MD)wF}g1ci)#O?s5z7VIr3blHx%~6u<?Kq~{*hqQ%$rJ&6v;;7{ndbc)
zbh*9fZ*|!us!OxJ%iCF(!QNbfqw{~MRf?lKh6$NLe{e6>9E`l^Eqsxf%vy>aOEJc&
z8q5?bA&%+l#(LlZ2mLG>1vFMRPhq22hCD)|<S$~Vpt4p9G<$PqhOjch0Cl%-20h}`
z9JUv|>)c2&EB;14I3-1WcpvSZ6zFpD<{qksS8xB8oZ~OHf#1#mzgf{7+gH)5Z9a5`
zkWucO9#%kS_)0k>oDDQv%X*ST_jW0enQInE++B#@`tfPQ0d)NJ<djG=9Xf1D5S4?9
z2}n$XY{ueXy=d@D*c|5)h6F2&>v+#oG3(g)OKTmAmw2<fcm`Nh(k7=E(1>y_jL6lY
ztj;&%B&<f!o`;JU%f1sxD*=en?f=9spjP6Xr-+dpHN~AHo_^h(U9RdT&M|rePBiuE
zCNA*+8NENUs&8kUap-gP<vf4LI#N-bj9T+SP^iQfMp3FE()9IGjHaT60$Vd6vNbMN
zc<Cq<j))WvXN5<x@Zm^dAuHU0h2BV^$0*2sUaR^4f2hqZ_-;&`fNU*JKsIX^ydfOj
zpo`YP3JtD_X>g6!;M@nSfv7WjaWldZ8XI~n^e6<ld;&hkz{kVzaTSku>7YfvVJ%1_
zCzRV)kn#)()!DT{PLF%8AbR}uY$l|%30)PkhEhW*NVxeCyOOmCC27Rmp$r>j*5FUM
zx;o5zI<=g7l4sYMe+(~VDS(<-c2NXsUklXDk^|iCCkPq=^G(3E$zNg203+F7y%>xe
zRuOy~$$uJ0brv1UGsJHOMnK|>fVeDI7{yIt#HG2w2i%VI<So>S@z^y78LLwABn<MH
z$EC&Ejl&Eybm*7?kZr1a3qphq0J+uTX|60RXS_hejAQuQ!T13TFw3Ts%rA0YKOGL2
z?(_7gTe#oF6O6twmL~ui)I0%jM2|+#bR+dClx_RW%J~Gci(st6cYgs^VJc%4!rC<y
z;2Go=_86|AOzJgM7q)N8`W70)u*XDX$~lFQ4{l<yDZ)5>f^P%D1&DUQ8MxD4Oo!fh
zb7a$Qj?!R}vyf*4K12FkRrQN=!1V}HEv<)(iy+v(8}L<K7c$oyE@V1yBe_+7Df7L0
zziru7*L}=CQE379G3K}EJ|@jAcdiIRY7>%gVb;@&ZFGYLL9)Ri*8S*3xWVcTH&_s1
zYoLEhZ|w%F8;Y0O4HknpVX%L6?{w920WZ1E{e(AG3jTo?9BFVBlK#hUtb*Sf<ayO4
zH+!8p+X2+=YV~Sq$40tZawsoONECvFc+H`DHFyo1FcZp1-us_e|5-bKd;Lq_`2FiY
z@{g>4$^XInqX!3WL2ttr46ahQpw)P`1rNd&_~*a~%Qhhrfje@PcjjEjHw43S1)tW|
z<A37*u4cy{yuV|Uk_swdLV*C3J$#Yw@1{zaVP3ReGaz8@LyIbzYIKVVw|41&<kqeY
zG0YKvFb`mv!)`gqZ}29c*A^}K0KqVM`*+RQ2kCqKQ}ZR$fyiUZBd5Y)SGY=Z>|Zy`
zm0dMuH_1CA@S#xJsMz-@kBgY@hdkWzsVBRF`;rvsWi6RvO%x{XU~{ylNj;0xy}KCl
z)IEE)tssQfs=))qId3Pxc7lB4z?dXDdEhPN+VU8S<sS_iiYFPB=r_#Y%L?=|ALy3U
z4Wt6J?qk$wG}wBqLQ@K`?Zg-x++GCGFt7vM3K2O{3?CC{)xI+c1@M@%tOx{5_L8Pn
z{}ih^T#>zX>d^337+yYL{@q<Q0mb3Q6bS4E<pN1Q@Ink4!Wmfpf*qZ7FSwJxK=Kc@
zTJnJU9%aNSxgwF5j<#B*C}Ea!>KGzFBFz3BWSF!jiGnH;@z_Fddx<uw+`)1#S^$Ca
zBVnqA!Jv0Yc6&6O@BqUAqr+thB&ETCWiq^hu9j=^#B91_lOtw+3Xo8Gtm2XGq?Ryg
zbN_@kBQT%e&CSO4%AtEwgs69Ro|K_`r|w~8=iMohQABuR&_%<Wz3sta=tOxU8N~6J
z66?~yE^hX6h@0Mz@w!L$*C)lOeNFpBd+V4t87ug<%7s2x8zBh@eBzu>P2@5u`R}tq
zsteWyumhe!oTVAa*cli5KSV*Hh%{u#(?IZe#^L}^v$3Pf(?r3g(sfJ<cJK79PXHAI
zrNNwyI8Zs&1n$HTm*VaADR_8|cDs!|&cnfF5AS9ZOJ4=*ApgWimao7VXf!%-B{VA^
zWy87wh9!Tgy!TiNciYQJvyrTZ_u%|4obtPmQzGg=m>1c3=_W*dewPM)?p6N!7)>ls
z{smVOQ#MMZM=?yYX%miQh-To8c@<7goNc3P^GuC>)bWggR*$Bss~U9}l|7?VBCb|*
z%DFHf+rw>I56z-_SYYVkE@Y)iKFHVy$~6F<P;2x*LV7ok)4M=t6NW@8bozVkclvYo
zn*)PQ*&DqsKx5Nyh(co#tU_o^FBWsG@<9h!&!CbtTGh|6O4}6dFXK1+YZBAn{k*?V
zA59U0z#pN0uwzt5PXCnsW`++LD%{+Wqe3GBWIPdTjOM#4u0V?bR$UyWli_bZb3Nfl
zXs+A@udk>LtI@q0>QoAr@dlNGvT`NpWyq&coYSw)-Sk`^yPKfzw!j75hDTC#o$M2c
z8gVKT=+f_c($v6t0{u)O=x2%~zj+VW&j9wx*hZ?E%Ldg<hwEciGvyj8RmW!>4u}oi
zA4!R{)hPj55k$@B5H<TzRYlWiPrWLdjTnFAHHObtV}_K-f-dtI78I6a)Cy}It9aja
z>MH7ik(_OnX%DAp@*QYH`Wyif{x|L_C;f-ptH8#$ZEcQktAV;7CYFI@3z{4U*W?uF
zH8~h>FrIzMIkGSLeL9?puUb)gvtE54=@oYTo0K={#-Wk&CM~wmXjqEM8_)+Bl{Z6o
z#Zlh$!NNNug@0v*H(=rYk;1>T!d6%~CQ|sAQKj;Qro4IU6{`^ZEJkbN&~z?7Xpj-3
zl!=6Yy#Ey*{?XXrI<0{d8l>v9HdQCX;o#T6h;D(8P4KZEd6acQAXdR;@Bt3vLGU~c
zF5-3H(08<AXULLN6zeCx3;PpR+W%WM0(j_M(!_)(;XNYCXQ2_Hd*E;21VTeXgF|_t
zfgx9@e<(N9KI9Db;Tj(#^Bvgpq4ZFvP)B%eORoAM!&s#;bdGwUdCL=pP@|9;?xvx|
zZ$b9Lk93gTH^r=-4Q1C4VLtT5@6gb5CeeMTL4Sl?8%FVV$zgu2><Z-ac){RK!I@i_
zB)<cS_LdNrC5+;>)#B3IK=bpyK$;&i^5sdrfBcYJOXtM7EJTayuu|ke6TRd}=v3u$
zCspx-*=8Cki$6>S`|4wkS>Rh0rNI=-e!z2rmdM{L3lE|Nxh0-y_2cd1E7IFMn8Iy;
z*(({(JiI?BbRM#)cE#NpyPRc$0SyCH4)V%Y;+6Y=Tj`~60`bU<I{}P1<q<PC@1`rC
z<TdoBy~?wP(ateTn0g}<NiakL%G=Y@-KL{@i$3{Ue&f?W%jH|24>vvx272^za<mG=
z&VA1snRnVDb@!+CH^;ZPR?!{$mN0aO@%I?I8>vHg$>iV6_0@`AU;VprUEoC>u0znl
zqjqF5H}i`kK0~0eB&KlsdVo|TW}CD<4rY6BdmPM`zda6S>$$yt%(hH*#8kd`fuWs6
zF{V+gHK)w?putBms4pX|HkbtsuB{WZG5qpE6lVJrB#H!0MO>&P9Smcfh$qL}45*7I
zpIY!QLS3uhATTIW9$2g@q~CvoFu-l&b(yu3m4aL|L5%X=0qVOwYhcU|O(BcEbjdrN
z@;R4$xi4rL$OIrAi8N`Eix)&LkI{Q_wB70~c`~61_;K2RCp!q(0gcUF{wLM&N~3jJ
zqE{M2Rc<;vr#49PA(jfd#;L}})0?P`i?RUa!Oe#9F*?n?f<N5;CzLu~G*bVpuW}eX
z4>VYLf;-(IL1x&(P2$FIy|}^f#`-oraM`THq%?`}iHAp~L^_CoFEB4QvFubM>OSfg
zh6!@M-XCp28^nW+^>&T>8xtmT0EfIQMNr=glyJ99?32TArVlj4TlicE7RK1FH#$me
zA$nB+W*uMq7eS{@sG@OjiMrzzUA2pTZr#D};BjG}?!#DD*iCQ8I@a`pMO{+|UPX92
zu=a^Uu?<HfSCkxD3mGu`FG}_{W9>knc!aUAo|_PVvngwMylm6d6m33vV2#XPWC=CX
z$_`oh9PQ=3P*zCxG-h2=@U*_XbKsAs{6^<z;&lGcM&#y$3&CU<%!J3j3;8!FJ2(|g
z=86fMb^($&ieH+DOZx&9yn)+65Ig4q8<rEw_l(w;^sLhmf~-j(e$Wj7EtAy?ke`*a
zb})pf(iuX$`7RkkgmY%C;!s83Ky}{P%Oops#LM$fP>}0)`5#kA2=@0?RB?&2==z<i
zh8Mi3vLyKxbfbhBgDf@erjm&XjlFDlC*tO}Mt)t}{LF^DAGdtj4e64c>EQDlYRrEJ
zoIrowem0a*ihrURq#lXiaGbbW6YjFO^hT!W!{O+GM9IYTVk|*VjnUxQHJgUcN=Cwu
z68@tQ-EiU57OR{K^hXq?)s<JOVnuU2u}NGq%u+gyNI|6pgwxBhn--b89UY&V7MWqO
zvfQ9v1#@#mV5M}w)MJdb2N^P|$b&68dLbxN7lKF`{h%JL7=)c?t;SKQOvnqv<DwF=
z%*uo!XEht9SuCB71L!g2RJRBlaO*z-|MzgQepfc*WjFj2ZmHNAU=wuP6Df$0KgFWP
zvv(+aDz4!0$C^)mJsxiP3?l>f_;_Nsh~v}tg;pWsn9Dzu!3?*Qxuy+pOAI%}n#wF8
z;%_jO@q?+%7u5;s&DRovOlA82o!AySc&Nr^8|31OB`e2IZhKk|!)@O-MfG9^!(`v2
z!g}_&^<+0ljV+0}C$*KaFSOzu({O!3Oif}<yx<Zs_D-EQ*QM8KwbUa)9RzxuelSCr
z*3MZn#m>$`YYaajmV&?4%Er{-hg6EM|JmzS?I;2V^zv@9NlG)=4{V@iE#&N~LpjsN
z98dZq4J@o*G8as(TreGFFfoX=FZgr(+IMqw{93Xmo8I(hYDC>@pgA18h3JaIf)Ha0
zCzdI^)M_X_&P&q`rC=S%IKNp&g9I1w+uRqH>~Azo)DF`EGo+V;R)>sr&dn%SzGR$J
z@KK8M*RKi*ZDW(3&^CafGx?Y5S{mw_Q(beaYi+2zg6d9JVqF_Uot5f#QC)jOU0bSK
zNp;s7>aL}_*Ql<Op{@hf&7eBBp-!T@QB?P}p>8YH4WPO`hPs`mXeWm;+$#WiqOG$T
zUphR7^?mHJDw2N)4epI;@Uzw+01fuVG&rm^7!3`+j%l!4YcLQRY>a8JS!-|uH26HG
zL50?!5j6M@hC%6_vjJD(8pA4F6|)MTR?{i~yaw+>*lyMGU;Ofr;^Tb%w?rZ6LidMO
z=iWC|Er+U5HNNoc_4vZ;3@>a?J(e3En+}ity9T^fYVasmIpF<5B^!g~T=e|To>%AB
z(a+|0<a~64ybHRWOoBE&FW`_IG^8&C{g5i*g=%)F3(<XftJRmSdYW}K3V*f|jN`8u
z#>W4^8Lay0Jww$yP*rv&y4yi#)ovezZu`V|k9=`PZIA;EK06b4ail1x5@NaMw$%pR
z5FTz$gC2+@n@y&BIJibIxOEpXHYTc*;Cm1M{+7NqF=6=g5%eBh9;sCH3Z}Q!a=`32
zuqQ&(Kxmt!@8}9BE`;I&`0&EVVE7oS{nZXWh8vYsi(e({qn-27NllsZS}+{y3Ju%9
zM{EAtH09&@s#@u#RI@f@Wz}}oyy#ipz^csRf2Au^=aa0MT4>|<-54W~!s{eqc%6nu
zL!pMS%SjUC++jGE-x1%n4;FI|j~uv;yP~w8PwpEl9@5z}QUBX@@ppK)#vYU6_PF&q
z>hYn6H2Zji{0cV(WWtW}>m@F~YWB|~BlgcTL4@5vA}lGuG&Yj6{K)WCQJ@1HIS&-D
zP>2Kyc!M*Ai#Q{5{AI578c>(k>!`BQE(n~pDUPVV3YCN_HQQ&NX?e-Zn(gyw#{9A!
z8woUf#a9NaXT06gOq{sFOU4*NLoqN-PIFcDWi)$ke><qYhT1jV*OK<c&Dm6Lt{&xA
z1t`D5zvz`;$CYV!fyr|fpPeJ31j~`prGD<#aF{}OUCB7870npe+K>;%vw$60N~GB1
z!)tU5+C2;4I%bO9EKI#6ZhTn=$7nFkc>v{x6FjhJj$O+HvR7vyI-6KiS-tyhwZAFd
z6hU#6rD$z_N(4;!@~`|#)wbogH^&cRuvs7;4o$)RJh}|y;qKRK+qgduzhC&1{9D^H
z9skCy(;3zn{}S<UCB~6?2f{iO|F%^q93-Rq?c(Qg)Ne;VkE4Fu{&^hr+p5p&SHEr1
zv}*%P86d2Q(XRE?lxH_UgUmWF7Lt`lrS)Dcj8qg~l=`hZsNaSFKK)xPM%Jm_+P#>n
z9e3rnxm*RSC@-qIx2|&upH|*)(7knNN4mF>N|((lI!@$GU%uZa)D?f32`^v9_q9>h
ze`o?J=vFDvtj`bKB6^%;6kwFIxBQ5c#cQ+|pRvZ_%@-hW0#YIaj&ph0wVnrERqMIL
zq5`VLEuYoP8@U2G&>RJT1^1iF-k-sN=2(3mPYhJY%^(LFZ8f(qNEO&S#pksIr4ewO
z{aJmNj}dTas9ZgRgM;Qp^<IEBCRtgNwGTC&H~-zR9gBFejTKY$$TSz^JTwNCGmxi@
zYKo|TtIOZdW-wRKUoy0?#J^-%=1vi~O`6-@%njk^zEx)Y%#a~=3PS0<9d+9MhhW2y
z`lSK&3#rbXz@H=i8>!JhEx&<F-c6H;Kk%Nh18-{Qc_Lf=ts%&=hoVMpQb$b#24|El
zLH(HDPt%S0<9X_sd5m^#)K~IR|NB0hFi#KO44qyCLK={&ediON=<lm(?Cmc_3=pT?
z0+ca*4JdCId8(KS`zl$h9M*@%jrCSK+7xMV*~l)bNf7Qid^OFzcf)Z>=L*kG*Yps`
zqfAXLAn8*Je1KrxFTIY{K~>&im`KqLDMILRcH(Zn0#vQ`3LxiAf`7qWk~gBy=ul`}
z#Ri))74i{ofCL^cU#-atx>2*;IjbSiR!{_A9~z_jsrjm`q1F@#8G>Bw-DnqhEAIfe
z+>=&yq(1FmEAML<242gz*CUVe?ZH8aIKRWfRXW-V!9!qaRF%uq_j!fBl{r1wX?$bU
zJaOq@(-KHd;cX{>QF6FEqrBvT!+V9~zbkqABvjja8&p>$Q@Gnd%pWQvs^jr-z@Gy|
zygq`W(d*;g{sw=jG>O~er!w`JHzF#&{U03f2OHz{ei!fk#PB~p-h1Nqn8bU0b$HZx
zjrRTs)n6e$TTS;dHz7a!02%h%7yuGK`_mNdN`_Kksyrzv;y6ni9s5c(<A+nj&G>h4
zj&_egn&mdnkPW}8TlEa&1j&XcOyz7b)?V^;crTzawl=s^z?|CGH&?H9ZFH^s%{;o+
zb;}fC4XpX+@mHe@r+fft#+J3f>Vg}Ce*|N7a~UlPy8UT+elH?kE9#fuLIpkyc5ag9
z&UH{ATTfEU4F_&`G#ERx(+qm$EPgxk0P1CP64lU+jSvHp!GBl@_e&AD68#S3l5Ol{
z-+ir_9sUCKhM4R2fX&180iIbxp1DxtnbU}8{swsFFAr%vb0Lg*pxcZIL@lHzL#{c(
zIol}8uAkh`mG94m!;I?pG_bP=IXg?20<ESe5IYOStCKX04)f{O51krPhj6?NWfz~e
zYO4-9`h9Cv=|aye91}=!X;bdG)*L_f*a6P;QtYu+JoZ@FGlKi!0xw~k7pt!f6Te%3
ztd?5N?{=Al=Z5&*NSv{!=ERLN=6xg%d+vQa#+GI>*wUDySzgP>z=KSV@F0^|;jjNe
zWy({6UYP=E@L1h$s`DG_W>Vc}R5#C1M<$59U#Gg~4Ry~5(MqZ*wWQ#IjaBRu8Qb$n
z44XW;Rt=Mp2n|NZGze)84i~cq`(qj$&>B=ggKaSlwrLF(LW2rjT;X=WN8bgE^L_B~
zfcBTlN84z-cF#`Lkc@J{M*xV3;?;m^gY$!r_~XfU(G7TOjlbLEvvOG6+Rm)OuCk+C
zmCF|KM;&+B{wV%`@<Lqv@8kIY&OeU-JH_oWiTC*GoqwEO4aM=oX=t}UUf=J{puU}V
z0>4H5#S9J}KNwfZ@(6!C0fuI@4<Ih<E0??rEr<f<t2s47?MkvnjqVz6#f#N)q&EgP
zvuzw%sWSMU2z5Hhsnf|Q>Qob<P8T?d5a<$4nff$QCr`h+t&E<&QVqDs)h%$p`h3GE
zJENSZi6Fsk=!={nE$44Tj3!qrj#XjuMFS-XBS(WR)bEv&|53DNEpqW#*>+c;KUxeF
zMdSmG-+U&K4@h2&$|RtH7zoBc*h<#j4_n+w;iyN9mThA_rq$KsAnGwq<zO>5IZLKN
z2!?!xq5C@y-OQ%Z`_)UCjI7qU#hgm#3Q)T^QTf7tZ)dF;Q4(`%*^f<l%MO&$3fHX*
z1-fpv0TCtoDG~itjlJDqdhR9_5ZuvXT*yGH=InJO3$;TU)BwrDD?BLY0p-m;Xn2*S
zDxZ8E%qlI-^FQSH9rjmEA-~#`Z;kd>mvYR48uc+;rO^c0Y^S}_DWw?ytXy7&1l6qt
zQXzHPIDMLLSq%a^U%g$v`y$P)i1Q1o47BxDCLn-h^odI+8NI|29BGfgS0;W26gDa$
zm}-oXtlZtf9RG?f$O$a6Hh#LS0Ikw+y;kYJybt_poKBx~P@}Kc&rFR+^u1mv+!j?h
zC6;|a0y%xXC5Fbn^)DoSuNX+*i$oS@QQbccb+1z0XsUb1Q1=Ga<x}0i40Z2PT_)8n
zG1M(q(S<U|kst&|UQ#tlec<PtG10b$)~W%=UVEHTz}y%Td8ek$dJ-D+k7=+$YcL!d
zERAWfLTk_y8oVFV;6ts!RnXvd9TiqCp)!PfG>2}7uVL^pLi_8EILfWt%2GAlsysM_
zt{a*?rK+~>m_kG~G#KeI#MW_4Q57xk*v%S<E3Or)j;kGiX4&9~zTywk<MZ)IRMli6
zQTGl06ZAN4k6zwmv%yjH81lCGiZc_`d@mX0)%{I2PirPOC-^FU^_{;sp$X-L$udD3
zhDjTFn^H+Hd@7@SovuHSx2r2`-gY2#TfJ97KP881OU^g;H0QZx62#~6DU`P{zf5;E
z>wyIMDPr>YEnn7{Epx>ZQ^~|Of~OJ11cF>MY?}VbsPPa{nW5(B@U~)z5cD1D)OZ-7
zK&!TMcy1a}D}0ZcboPX{Y4<mG)H#Y9*(m%DtFOl7>FTRV^w@nh3Ep-nOO;GcXzIOE
zTsjb^o?LRsQgYtp+auhw4y*53XV^bTgeH~k5KHmeRQ_7>zkpN-d@dzQEUjGUV!K!d
z(Ruy(>D6n^o>qP-%U5yPciuF<bw)X*-@135yxn&wk%}h-rGUi9)-K6+q=r4g$lWP_
zs(b}>5LJ4oS-!)fcHER#`t!3w4Sa_aC3#Cm*moh(AwFN_PpOsfFzZ@w$Bgl;Wg@gJ
z*x`3Sb4eb^z@ca)>*JCXn4HW2PU$}bj84WE@-nM((+r3OwT?;ACmFm-kg1owNAguR
ztgbMzF`aZ3^vjn5DF~~ZzD^L9nA9mUY9pP_Wb9VbmNS{8uwBubD9_60z|%bI#l5KQ
z{Ld1R@pHJi@@Zt37ztv>kd#G?bWTScvfjEb>O9dS5T7jGQv(I=yN?lTlwRm$)60%r
zmAp>*r6g6r(?){@j6;=4%Jvcp^Y+rfxbY71)r>yV5P~}bdHNnai2RcodsL8|mwnXJ
z(^=IJAjsvbGP~u;mf&8bjamb-6s$d1BeSkiMtSfZG_pxVwxDB`1ep`z-!xZtm00?5
z0=kE~DlR3se3wja`Jm+6CJYF4W;{?(stER$R#5YBJ4wt9LL6lAwxCpYOf2n%Nr8HS
zMp00l3m|CuhQ3ufZwoNUJcwjqw@+=39yv!K&Oz$)d&7CA6EHG}eutLxE2n{NZzmY3
zJ7CAI@=U+D<$`4J6~eqgfgutDlaW%{CN_Yz?oR2hisOmShmT+V#iMCBYv3lFayM;R
zeD%$Do#{`{_YsqBzC)gm%-0-$zSqx>o$nV@>zOZ`tHh4Oo!~0X=3CANu-)D1#;Ez0
zC5I{C4$g1Aetzr4(jTBl`G~8cHUU(zc*eE~g94q?-O=-N<NQv#+5Ga#j(P4Kpw7)Z
zALdroSMI!w4IEQ$H^&I@$023J;OF*+2M01cxO|mnwk{AH?1XaqNtjnpxBP@<V8Hy5
z1nIYoS(0-z!nzKpeH8jEH{)0|xQKJVf<!^P*oRtc*4F~%4=zG(pm%s(CqW6W-y8n(
z=Xc5l<N59UWS!@?#glY?_x6u}eq9)YjFC$VSn5u-0ejw-?Mxo{;JLu`)s=m~Q_N0h
z0zaL3kT?zR7sRqOv<L5JgG7kIJWRzkm6AHxx$w9BqSn`F=<5VKe{|X##Od!BeScfA
zzZ3>6yQ2=n0yA{}!=F44-z7%QgG>HKx%F9qfuGe=kw6<aHHDoBm%Niv7C00wp4khD
zNBFs5WX>h;2N2q=d^9<gL2hR|&O-{c!G7JQkc-J;l;T+|-BSxrFa6lkl#8WgYgRro
z2<B-~YqKf=*QR0Y+LZnXF!ZHR*P6^o{BPDIIciOAc*d|M4dSlJ<+*jO$;*=rYtoso
z$uSp*t$aQy`Zd`n@HP2X;6CfV^5O{2eAC}`CBUJD;mhDxD306hdHzhhyW_8sbpY4M
z(n%Qqb$`?%FhpXj1Cbo$h(s*?p6!Q*Ow#75$mCtAY#$;LNPEssUjvx7=^|qV7=EmV
z0}eRyobt{@m~<~YY&>EU7sN7)H>2E#t7%3jJS}qNo3)(|e#och0?Csd<Bl8jv)dq+
zz5)kC{^ifiu9bdv1LorF`pcPYc5GYr^9de-=%d%o*&B8R+H|8C{^(}wOjKZfG0gB*
zmwYduU%zN<86P%}2>%Ui&Jm2TIcJUmHX9ObigQN-3LdLN!3k>3jgWNNc?oL5d_%>#
zo!~rW)?#5~9mKh3p!{-eq?-n6H(}_ex$XtptAB!;GbobwZnv7@_eN{}1b**F>Mz3a
zFP<^tcxghNIKImS!trOFJYQ`zf5tkRmaO!v2EObG&UPK~q&TY@SP;=vnt=eKQ>I3s
zEA@L=DVDyD49J;3vw@j<24vgp2m@ll^{X~AAg7hL{lI`6hjD2Ph-*A&K%R(YK>8=U
zI~6-z6(<;~H~~4?VRp$*xvMs_H}x}%W<56iY1U(kcAhTy>tj83J{^bknBe_w*5g?8
zGKq7)0r333R)uAaF?lBRDg(YZK4ZW)d)3}>w7mU?_=`5Djj*@bQzz{G+e5H7vCr?8
z4_5ygD<9}t|2pM^r2hl?p#9Uo$uC#WishI8@x<?t5AqpFD2$O0fHM5w$p;y7WWGu9
z=i4C8eBU4U8}dOumk$bK<O6lS|L^64zs{=fkan9H=aBAr{Ljk=1_>ZWK1dSkkPi+l
zV@G(?^8c283_ET-!<NVEJj2I|=nQ|_vtIf!Dgm814fG@7f1Q5Jdny8;3GwO2gJrSw
zqfyas&<}R}PM8_}_-ga!&HwxKV`W)=pgF%Z4rtyy_V>~c-7@_a{kZ>A27K<N|0Vs{
zA2Pz;>@ju1-s58k_Oi3<qaSYnR0ejVkX)qbWJkn{2C$39i*NsVyqK*AyDLj0VAmi%
zUOYY{7B4>gSbcQB-KnUEVZjD4tz<3;;FLb958ielyd8B_gxQqBY)UnJN?CPGsYaVp
zsg9La`uT85{bkSR0<!tN)ald$(6yU^K-Za$Q5fbER@RQzj*%2FbFogT2ljMpMOF#H
zy~JAUUpq|>J<over~feE+xqd|@SnkVg+U|CSx46ibC(|_nA>nuz4-2?bFuvL|31E3
zIQ=*Aowp<w-(C6WZ{WKuj_>~U{`>F$@8i2KO6tRRZ%vDX@A^OT{{Y{OTf#tY_`jp@
zU3_?G5R8R~r2l>TH!Ye$i=}^4<Iul{e*+$darx>0i2hBjm;OB&kNy?@UU*3Q{qS)A
zhd}>6ih_rX9YL@ms3YDps`I8<1hGs)-BVcd^?^)b33M?gd+b)Q`*8aUB{pfW$w(GU
z-$6`VoF(}Sv)ulX4hU;n$-|hFoq)%l7HZD@Pr~b5+247FmP~0Y2*syd{-*oMe&D3%
z$Goy~Z!`apnw-FZaE|PXHXB$kp$bl}QeL>7J6o%70L^3Qt&AP6>6c5`XvAmNN`W2^
z5AQE1zl;*OsS2hCDNI8J((5#2D;u(v4cQid$W0&~*Z;(Lj}G}g<6UtN8*eW*UL32l
zvj5E{a<!{*h-eQ>woI>(RfIkgGubk6vnDXpP?KrEw*^(RW7F1vhFfVf1vA^CcRS{z
zt400O9;M(4iq8Nxz7X}*s?c@lIyiFUQz;_#oCi|{8dJ)32|{j0b!j;}2ftF$kgf>=
zoS0bK#z2o&yYR~J<2`g`n6{#=Kv#xiTY~r9l)d0O3AL-ArwZkVe~A2556_3cdhGZH
zyRh$7yJ*3?cmlduJDF}Bd$Go$Ufg!irX1^&z<c?)O9J`7bhD|mDt|zo%>rIIl`5%l
zIxl<}3bEwCb7J)UztMlj1%_@H-Ts@!rAdcRNkVD4SUMk~e)R0|CHu(;_LNLe6)!_0
zA-s+K42=ojegIr%CR-%`bChLpoT41+mVlQ2SF-)`7c<;i39Q+`0T7NrEPJ*AYzbzq
zKr@_s7&7n9@VNyyF|XqpkB1@XL~i9<LN7dcN%E&*2wH}>UA~=|gd@e^-xl7Gm;H+;
zYoNc^ad-AK#d|!DuJez>%bQQ!8)iWNEtzoul;p@iD`^sD3J->pVC19WePzqF_fc@o
z>9s)1#<g<?n!V4q84`<QA94_!=ohpWgkX6RMG#De_<kkD84U4Ug$SvbA*50fRR+(~
zJPu#Nz{FC|Cz3r^qjljf<?#J*r`^|L@jYo1rnL@!$^q%Z<NLx;B+fz99~fbEt^qX^
z8$#&Dd5jb+G7SjiWQ8R$XB|fJ!U4PddCAJyn<2FDdZ{4S23e~ZiFopU;{z`Lla|Os
zO4qKqW!^7XIhb--VgFu{{7tGW*fZ{Ic;-vV-$?SeAfvA;rAa1Q7I<HPM}m)q0X%ZS
z)|zppLuw>BpZ)EuF<3X58v@HXf}xf+cFF%SI_LNN7-Qp?f-&%~;#40*HDTX=%4$D)
zBa|(qy62W70T{gv%8IDn%fqPMo>Ah(FQNQJYWp(fvc~eSM~P2tPh=lE62;2xv&0su
zlHUih;iOJJjO0|Im{E;hnIg$Js!&U5`Z|iZf(|WfCM5`K097f^qn>vik00+SVjlwh
zkqjR;_(+Ej2Ylqi$4K^3Qi6k;Rx*!&FXZ1#_;)$~Mnt(BEdR(Ru5VFQ-zi{V;?GT9
zWbrhv@<FCNC|H#2X;{^_m>hSW94Qre3+0m)2OA{8!|b_0Q!jKO5A?YGxg*{3TFJMz
zp|iRij3jnTWz}NoOZaH!=?q4N%R|jry+z7CP2p4A{+7<_+maJJjh*509N7nEXL*6U
zt-1aIw*G;pva{llImfh-y$4Ee3p91H7v=fKS@YymE?)(EQKc!5K}=r3?Y6wK9iBH_
z6^9dZGxmjAYV_OXTW873{?;>dus`!kXLY}1i|3bcmHZhjP3SP2Q#$A=7t8=Nn<pjs
z`yZwFcQN`ql(D~kJt6-org|uY#}=7A7JnHmKq%37Ffm{*gUbQm!J5RrMUp=Ni(g#<
zZ2~V+n?s3#rU7hosK!*`&$R{26>Lr}zZcyBUHvgACqp6VPvZi{Vm%%lxGr0P=XxeW
ziGMBynyC0ilIhRvjow^Vi{Ui0X96&L8cH($!HSEhxL7SNrs7#tJWnl#Kb)00_5_nu
zFu6!7_!#DveNHSZgN6l@J*;RkFM5rNidoSTUbKvgrm&(<c+oa2`V8Qal`iL{N2s)v
zN>}mHOH?|GO3Qg^%LFW)O{MF3X&RNzqtcDM^j0dJPo<lA=};<tkxIAm(ub(@6)N4y
zOD9q3LMq+EO9NE;7M1SDQcn*?h`R<e1!YGe<2w8d(MVv_J9G;pyYkVMH-k^fUp;%n
z!SQ&f?M+r5Hc@=H$43AcdobF$GSI`i1u6HsAF+!SAo{L^uu4iZ=%*{{s9UX6*gNkv
zyz}5!x_2IWg0)ScwsWBEjfS?L=-Yk@ZFf-+jQgQ&14G+c`nEE(eV^Li1Z}^4NZ)q2
zzU>HTJC)ithPEFX+NSH<W<cB9sqObiS=$+gwq||XBxrj*wfzsYz0=Tk&t_fQz2jJ0
zvP*CE6tum;&~~xD?FZ0y3$?u)+SZQJw=L1Poepg&zCf$4&~}HR?NEK&zp}QWiL7A~
zG<?s{u#>)FXK0uYKJQ0Z!xBTo1bxFqXxIUGKxlZEq2b;ybq&9L9QeGW%Fw4pu&>=Y
zt^SDU=*q=75^?UAH2|eYlzaMFh2ZKM)KB+OBte-pCRG4LG^{!t2K5^F3*NxpdwV~&
z7<j-+<-u{y*mv6o>;YEV5T3gcm6jLt<fB1|1cL6Ey^kGbHG9USqH$;Xb>IffEk5tK
zn+mVKt}g%U>Az4=kc%Z#Z^i&iK(xPz1+50KgR|Pj`IsF?L?O7e0Y+5yKa$?_kxX&U
zcAx;<gW9*=3anqUBDcm=FY<9^a4<<wgOmEsTgJ7PR_5lohPnn1x=+eZX4u(R&i+@_
zfbqE&jzS8c5jy5{DNk=-jIONdY#%CKhn#?|9(|(|S>d`_!?YC`czFd{Z_W#}5Wu-R
znTZ>U(?2E?#$!>=r>f&wqZq~``jAHp3}x@Ds)SeZ%(CZPfk8~ryp!>^+t?TzR<8wm
zTj44gWRuD^dAdmzhY~Y(K+bk>i%oViUN8-4@e($S?Bn8`bATooA(qcd+1tJQ*Fa(#
z<=U|%`JlV(Pgj|RyzDb#sWXY9V^|iM#Ihv(G04KWHL<K|64D>B^ok^&VW?WUx1CuC
zHiruRLh5Hw*P>!<4D@CQ^eBD}7xLPF(n4Bd7P9~B7P=H;Rjf9Z4yF&!%uw!A2<$&b
z_>;_3y|=|pf-W*Y+qaQWUC8~CpF5O^n^~mB6hN7DCFm5C(sNg^SI(zmWK9n!B|nMr
z<4xp)iA{{r{a{|IcXbm>&1Tq(-kqkPA-p3|ZwTKDo`C5k(*QsFGLu7_-j+It$#I{i
zAPljcn|$Q=!?fxsk11*SJXDxgo%eeD{0i>I{MTtWZ0-QH)Njbrr)fiMstbN(W2>lj
z6Pm&H$(?k4^B4(f1R#Og6v!d_7%a8s_i;e6{wT&-&Vva8f2V#qKSj{)y?+ue=k^5s
za(<N%$wlg`vI2M{E0eEKPoMLr|4D4{@yobuBVMZu8_bYfP`rmc{}_f1&>I$v^nY%t
z4rs}bh5<d%Tz`;4fBCP@SPBhq^{aKAu^(ndpRt~Fi283bo-q$UW7kpj1H8J9GuG|<
zy3d&HOzatJbC_ZE7cODotcDYTm^mZF%mMM=ilHzsQs_21X1t}oLz&)(Q8rMYMCDlL
z?j>o;NNA7~<6a_Z4f;TXY#hwNTFI~B!qPJs+3Qd(h^`DJmL0nQnH3NvehHY=KVev&
z{LrwxvT9E<5V@OD%}DI-y@QE)Rf!bgVUIL@Jy1BKM@~zeUs_~-9gJcB!2=bK%^SB`
zh0qG)(D!SuGo`FH_!avZa)<8KTsNB!P+d384JZc3D{XDyGQ|Y%gtOm<;rqgwZ^NNZ
zAxYC2?M<SlkGJK@ARd6F!ez*-XHk|U?c*Mx@9;-%RUd)EXLw=9wsqYH-Ym&?F%fAn
zTeJSw%Kn9<!s}ne{!cWZz?l>ky@FJJ6%3or#enE7W+I}gnprN;KUT4kDz;I@!AJ!u
z24|k6FA6?8lTsbb1dUzQOo%pXgX*P8oezNa$|FYUp&5j?WHsc#rSy3aSSQau7r0vI
zfrnBa_m0gAP_{gmnyFWF-(dI&z1S;iI({Uq1hkp4iAm0n2#*NL*gG3TifVS)doTW8
z5{&N-R)F$R20ymmb6BnN_=6OxtfNG}L+#nO%SZVt1@CD16Tpq3$+^H)_{d#I@chN)
zpUoX0DLsYnph-HnM+)>ZVc7fk@>9`MeS3fM(UAdZluWS~3ZCX5MiwGF*1aLP&GoV?
z1Fp6S(4)e8goTaj@h;Y5WH_adqmpMfhDCrU4#tk*I{w6Rn!o_|1ZH%br-vVZJGXzV
z1yfxw7AQ9(kFie<df+MBAWC0}QGfC3aP465vFl4jC;NoAHBVIye_t*6)@4De>TRLh
z!Ikgo$nm@ie*Y!%`&z?s{R|AHYi?l&<==+#k0^M~_fYeu%YTiQ(z+Ln!U$uA@kTt6
zW=17R70WPogx{AOUA`5{eV-v5c-pfT6c*HvJ7Y|7@cAHk{bzf$rj)tKk6U7F`YbhF
zt~Dhz?k|sR`Vchr`{o(>ChuS=Fu6#%r8XQcnaqGGxw3B|df~u2{K)tuExCH_IKYWL
zB8!~K3WMX~P=}r4>ZcChaksr@N<lV5kXvH>`gZaL&6V4r!G@RyQkWWuN_%JkX;NeL
z->Cg|<j5Ob@@6KUkQy9Rv_+^m4+HJyo?#E^RNOo-pQKO14!Lq1$&e8_U2MU~v)tM4
zme1$OC-dY(;cb;Z(4&~51Ku)j3HN-x1K<dus01}Gg7+TA47~7pCXxZ`%KdOxFuVY-
z8_Fwq>FU1#dLK6ft{Fa_$2m8vGGqc2wECPiTTObzDkX1*$ZOkUCp~&;T_1q1P1N--
zsoi<k7#*v%`V?NboK{-1o>5+GmEW{Sr1O*0MIz;Zb-o_2zG>P0OfpXlBa853QT=hM
z&hzcGDo@<ZcI)R_L!AFK<??OhA^Ci&E<%-68G8TTFg4iE8+cMFp9kD(xRI3(B$Z$g
zAmm7MIByO6WEESO?aHqh0Cj!Zx_a(MhJlklF0gM6=6LtqCE*oDASvf{>e~T*Bh#M+
zeP==643=CFk7hT6E(T-DtjnlyV%&#YzTlP*Ib{Y(KDxXtRs?TysF#W^;J2qYaB^07
z6B~KbKlq!{wKt`~o6>L=U1%1=bm)j44kX>iXP>V<C&6=4sIuPkuvL=3#?fEW&Vv=s
zgBED`?=Hp?>Q96<-ifeAorqH|c~72vKD;e9-0{NbqrkxQ`IQ8www0}~U;vpva&Oo*
zeZ30n=qhu+2Y|AQ0cG*WU3mB~29)<qgUd(NVPFJngizCJK_eaH-ZYIM*NXACJR)bh
zF5kB|95cSskp#+Dj;SA%)r8D8Wl<(i$gG3dOb5Z~<|{Og%ccbGBQUlqt$6hZS48{Q
z>fqT?A3S%jjSJ5d{|xPQtZx5g1-wMBb!G1!*9wxe%Uc-sQ<M?lOmdoWMwX0n3Qo4f
z#M*d%E$MYdS8+Zsqx*2sTTC~_Gc=xF#RXPK5h|HZN~_hRy3)BLF8>^?g@l}Y*l*E#
zrIfMO<$r1kG8IcH_0D!zMX;eu-sq}On&xF}bjsVEC5Ir{=_W{aS`nS>bkittY_pa3
zb`o6ePeK;b6ca1hGfMP)3+Y6^hAgDrcox!iuJ*qU$ZoSoEQMUI`b?zX8`evo!qnR=
z&$JQp!a^?6(93XX*VeI*u|jhwW<r|^-{eeTYGH21F?XQ%vv-)-41NrCjN)JVN|HZQ
z0TfvdZa3i#QbFHLSN4V{(;10j)TD3zfP&78;ADLb7i2tWg{P8-mIH*L91#+Q&?ixR
zN0j{(m~G`Sm}u&PUEPh|WtXMwn>|*Szm1)4T^Sd11%TQ3)Rsc1iDuW8u@6pn8prmV
z5<!Q!p(IQ2wA1(=^R+Emp+ZJoI-e6bLrjYL3!1>Nv7X`qY9SRWb;97MwA^b6eX_*F
z81xSrW7<^kybJf0D3ReScb%<;FcZ({hjAMXBRCNbQsWRBCe$ANHmu1j?UU%fdt!35
zymCjrQ{ISP?x)cL{$>SCPuPRv()5f?fqr3MO`{1t8B)0OBZg)Q%rhj@w(vp8KQP(V
za}Hckcsm8J#=DumkdaL*Z52#H@nbJ95KGS@^sYwX#@bGU{f(~WD(t(?9Ymnth<~ij
zBZ$xQ&!KP^+oTGGLHq?*#m`M$8Efm#L<^w4^`1^bUi&W))LZL8eP1ryCp&=p#XQsQ
zy!KlMW;d<z+~^EE8XlF?{yV1}@*XC878Sm~Wlzw3wac`_<y%X+cHeN6RGxE`)Fy~C
z!Z19>I*$sTMKB&{Q72v2gzZSA;V%85-)K1WG;#c6EuU&#6LbYulR&Zn#Xjp*Y@trl
zLe(H@*uhsQqa0RZ!`+dUXc@B-*Zk@fSN-ZX?Q*x@;>vD%(sR8t@C2;H_fGj&SP8ZU
z;_lOB)!sHP(^{H+d2;AOK#q-9!ezU%^EOe4gh4<yKlZ$(A((vw3Sa~?b^;)oW8o!G
zuWt~ST9}|1a00Z6Gs}>6wQBl-4&w6sxygAwpF-GrJm5Uni!J9VleV00Q+f1qLecM8
z&Y;CavF6;2IaOcLJoIv&tngo+xeV(P++L%5-<rt#j;ilFikNzJJh(mmyWqC<-y*w}
z8nauSVYl|VO<%j)f9cLPAMo7b4BP{|wa+Q<W4jd>KNI}IouwXr{}C8+uH*t+MKqlN
zQia*1V_|C!!PWwTt*>1bAvTM31X~XegVBDCqrFN$+8=Vue)P11(VlUezIV6Zm6vTk
z<>}yLL?4EG#3`Tg9?}6<dlw@+zI6m#9{_NP1Y8pwB814!6G}IUr9a@kWP_68bcRoM
zC4e@gg27FABOs|h3}j6IiUOHXM|EdI?bvS%-%+vb1~9Pu<TBg~DIqgdu|3Ar*x4t^
zJriORCA<6|(#DSv>e+c<FSPB?^S?uc`Y9sRJS+JLo|U}*?YG|5NpNEz?e<l_iercN
z7WAvSE|)PL*8uL?=rWymwXYbQowC`JmK%_OL|5d>8~KT4ZP&84-c-r78>4E#jxPo?
z&9c|g<$1K-Qc`iQ<h)6o*&DGp=XxGhz$WO*yzI;4ZUC+agZj!Bl#@fzIw+M@cpBbT
z(yM1zZ(~dj6dY{AkXk~o+G#zF@W;lV%Z5Lmu^ta>WcyqZF8@_rRqhUSPRk3}*NaPY
zlGsR&^$Jh<CY0)eKfJBcrkuxjam&G8Vag4Ro~C6GqZp$ur9liw9H=|{;<%2mxavUr
z(?DCX3bFKVhJ9}<nbKS6DwYlc%?v|Pm;#Ei7Hqt)MUB@Pf4~C*O>w|Z9I;FOijDYd
z{1VFw!W81r>XM(L3@5`W&|(Aq>OGrd6<pIRF%JvHOUu8;8gm2Sz0w`%vV4CgYoo-5
zG2U>0eLVHF^`wOv*3l}2mdD`V>A!%)oCERJzEMN_&O|W{QSCA-Sy#Z9Kfgw&kSW_S
zwX0DO*Xu4D<cLctI%6I?!*(M1YHKi1(ASfLt+V7wp{v*C3U6V1z*cmtD((HOY(5XP
zpelGBTr0_Ny8uRvj4j#1IHuKI1-b^XDW1g?CbzRoUZ2<T7nko+*ki-RbZ3Jj@j(=!
zD)ZzT?e(GY{Km$u@l3T$8iojLHmy<c9uzBk-}868fH|Cqi{X+_L8Pmq8n?V9xQCU+
zW|1(=vg|5k=h*PU5RTpoX^7ye_zOv{P|D!N5L7>};}P+xqXHdA#*fxO5_b#hOriZ_
zq8ZJ)YAx)vvI=0vSHq6PPP{+DXr3+wy6w1DoG}(%>)ER-Gd3wBJE(EG{e^S|!Y?r%
z*}(7N-~x9TNpNt{0Z*#;S;Lee-y83-au})ZQWFk~O9fv|;|a}IfQh2`W`#K8FD5~E
z*8)TNS)6exfe+<48_GA=GZ8O647UnwnwUVrciAMC-3q56&|~lVOhE8e;Dv5HkJ_%Q
z^KYxo-xP2D3EUP5=YM^?`SX~qQ4>F*oA|Krj1!0KWJ>pQ2$(o|lUVu$=o)Lx+$Ax3
z?t(fDnET%A)QIAKBoPN;1ZiAFp<W>>&+U(0?KNn3Pz6FkS%Qh~fh=fOsSLe^bqa}(
zn6P)Qp7omDMqMwwNQz#sJ|^9IrC(PEyxg*`E_l%|Tl<(9oKh~IRcGMMiCLv@1>Gur
zY-ba?H4NZ2n*u!&?zBOdR^=1wC?>l=EAT0rz8)}}5mo+UM7^kTBdvND_SVoU)vP<e
zrfi2e_nM3R>|zsegpju|ETow1usn#87#=v4Cm#v^iaBz6e=-ejA$!~#%3z~r9Jf+g
zd^OmSyh7#uu>5CM{vj(5rG`>MEkntn=Aot_r-d3sGWO!NQ+7AfZER0a<C_n?BR>by
zXzoJJ`BDzs#dOFvmnEC+%2jL(AbU1d#a+-nxct5BCDU#cJU<hrllSUsgAF6})j%I!
zWc!Wbp-~uS@Y;v25<0YPDe!=pMeMX*xhoUgp~TV-4Ixg0`7aqen2Z-{PWj|3*stsg
z4};4LnTb3{4>(Gy);LPSSB?9D2|)LGz6(s<#(p*)x0C(s>JXo=bXZPTuVu(!55p(y
z`Tv;M^WO5{rUqcdTV2w#t5cj`DF@y1PwtLq2L(EJ2d<2+Z*f$mcC?LU-wytr&cAK^
zJDGnA{2TAcI&!o6jyzy>N4hP7?<M?uA^)DozhTLI=S{NPp5jfBmcwf>4kgci8M;<l
z4nr{O%6#V&yiIr%(n1t6CZxfYBXp%)16e)6VF4~ET<5+Y7%*o_;c|mM3$V=!I4Oam
zu(M=JQf*haeA0W=6}U4jWq%`yw|yh|s5{0FzmF!`JlRaaY<p++#=u0AybAx43O=zz
zTD0tQ;#>u+UIKP@4n|WlJa(i{K+=_;dt%5&b}E&RTE)xd_hkb@B<buNyE~p{3}A{l
zqo^UF!7P`l5-2ofQVgQ4WMp_v;tg+zNuF;U-f3}eb3Q!PZzIsp%GJl1(ekKrg??=A
z>~lDbvTC;Uq)7!>rBTADbZHZ-C@)}3LTzi`%M`S9mRg2X2s93jl&`)ZoMxqLhqG}a
zaCw;7NDw$aGHPe<HiL`NL&-?qCW2*ZReuN49sgo{8XZ&;fW0YLj2JeMJB+9PgarUN
zVbaIk4%p9em+5$(JfV=mxl?SB)5U?G>G)~G&t&`*Tva(;cp^|*Z44-h2?Ufv$XP4r
zbg|^gQ@SKG=1scsBP_51BiEV!PJ@qhU~jvanwp%m*cUr_;`0^4Ci`W}Ml5i$mza?z
zsJURku<oWr+Dx3wkaV`0hPklKbOKir=*-?fCTo<ls$T-b@^BNLW3j<Uve?3G0q)-I
zAE_W>dD%qHDsi{$+C|1KvlzGRs!dl2!Fjasy=dXz;tS7umVq+!g?9$ZK-i13`0uk;
z;84nzek2=dU$I4LXXt|ck<+;dKS$zcK7KmzGaWx|_?gT;&7B8Um3E#ds0?<@zHDPK
zG*HgzY#A(1=?wd_u-ivipzaI&odzGQ>!t3_rjkvjzO&#PHfF7`qvX(K%XTdBT~6?h
zbXGluw`aIPv-t)wiTQb)9c@csQkphVh6N7e8fLa|$>WDftGO&-ljO`6jQ+Q<;K1da
z7I5}j*qoIOOu_E>#87+E8t~7_s8%LjO=&d5<Rtl>OhIhnuvR+Ka<x<%R|9y+$alO#
z8H@@D8#x306WH1tPCi@vcliq%s4uvZy<k9~%|-qad%Tw{GSN#IYdP7X-Bg@NRv8*H
za5CiQvhb_8u(FXiOXJt$Vp$Pq>WoKwJfLrRgeBIN3k=g4csZ+b0rf*l4A@R31CCa%
zm93kZ9H)T58f~ZdFGSnvS<A@l$+1Et)@LPbnzFecc|G;JPh@L!A(YJ+n~I^p*c3z<
zoBO4Lnov7d^X^cTSsI%3Mq`P%yl`px`O-{5*?)`P^!DC`{I&2#ICRS0{Ea*B6{GBo
zI$TuEh-$84teO>m7SynQAB28O4gEG)sNR}lr%C<Pdz&X&w~>4zu)&p%jzZ8$`8AK+
zQFk!>FYc&282*QM)DaBdID;R~Q^0#f6Ww7F+t1^B$I$b$49}OwJg=suY^YRU88<EE
zfy?R=eFF`)#WdJ+S-rmf1R89*tk15Zt;UuZ6RtpwZsZf;(aB`t+}ML0X7Gtl3}2pR
z9Hx8B)p%n!zos32&&F?lsdm6loaKZ_p+)(E6@q6eE5DDG$Mt_3N@g1Vc5p3XflH2S
zFo(hcP$ukTT&XhjatlyvkV8HbUEVrNCe!MD$QesZbRNWXKI*+C8{hD)+6{$8nf8kb
z$G7`jyEyzQ<gY?^)xVj@7$(ra2z|pUm3P>}NCg%|GwuS186*tT+Kg~cb_F`}fFrBB
zK(e^y3dvNFo4t{hZiSpY?t=WLdGbb=sXRA(yIahuau*C^{QY(pwEET!tqP=+Jo#If
zX{|H+OIEPkT~KUwF>c(nE+_juD>&dT7}<u+TQXJVW*=o8pK})!+92wIsVX=77uJHE
z6Um+@|Kc*OcV>UZ3XZzix|ude1%+wZLH3)8KtHqbvSyvLzoG$uB|-hL^z6M7*6(HG
z?l~+I#_eNEl_donS?ouZOKyNRxh}b%1%iM>ptC%=pEXY&#Kv$Z6JPF4XUIJ(PoC<?
zlSfI61n0ZtJBPXCF(X~_ph8ctSbq-b6~sxu{)do*6+JotLx^CZpLH9L|9UsNZC*`{
ztF*={0=ohlH{p%TSmQYNZ!UQ&Dx=QeeE^p>RwTDX7VDqDXUgl4Qvi(5*aQdT7aZyA
zzk~hHXa7gC|3zX8^c-VfWJZU6V*)X16nA*(ttPtr9!-gEniH=J4%-*gtz1o^lsC4<
z8aS8D#EuwMsVc8|`XfPHDlB3g`BV6&@{_Ct+_~NI6IN)@4SxDcs1isx`-RM|jMhTp
z(xk-YXn5z5{7EO5Nl@`3wXW%ctzqn=s`{EtCP|G6p%-h{4Fc@nDuVq}l=qG|6@o?K
zx($1zR@|_MA&gS?PUWHA<PuTL%GQ8Il=4%bRJ2%$cpWpqBBryS1wO3s!Fa@eS@4I$
zRn-r<O;#`r3P!SmB3@9;3Z8-`fbZE@_S8cDa}ochR0zF~_ej7@2uB>v*msWuOVRz}
zAp252W@8NQu2mg1HbdEcy(t>TvR^g)z!6hJ&;|ZQDnPTzM|TY~eIdVq_vZx@in32n
z%Y<t+9+SGq!!IGkwps#g<PS!Idru#N*Kh7Zg3GAe%#Rp#d#Agex~08@Pii#tdj8Nt
z_K=!C%|_BX*$3U+3-B5f%3Cw(&*COAgFzuc`Q)yMlOa`(!vbNPQ(gY?7QC^=>~6~4
z(13F_$x0hbEQ~@<bR)0gy_SH-MwSQ+Zv1Y58(Rc!fMFPqh1W$2?FJpmdjvj>uCNNB
zR}D4)q`{nM$!eb0$V<sJL|&|?VSDuUeY8K<^Zf~=jITIsu5XJfU%)LI_hFnZTHc#h
z`^G!fE&A~Twnd3I>bI!u1>+X^_(PZfDjMxY;*Ia&U2r7p8{hRbz8xRL8K0HE>e;`l
z<I92Z6=dkg_tOI7_<ra`4~?jAe0FX9mIhL`*FCyf3vhIq@kTd^zv#?Rb#(76W~1AX
zt{+|hsL|!}ht>>@@sC&8gXzD})gV_<=~)G&|Cwi72wYi%xcUz(Uzj)#A0y!-A3hxL
zfpWf$GPR&XFqt*cOTgM9jcgx2JqOs2a>{Vs|G4u;4&`>CB@b@^Gf@?3z@sd$)bS|$
zejpyD`w0N@`1|t=dKcHZKgxXEpZWiavp?V7LQ6gL4t0MTux842-SqqO?tJ6^yv-kK
zcSrpF;p#mkOQ76?9RhU(rPlg{r!>)0{FYUFa#?p7V1B1Gd5$hxx=S7RfFjv*16*a;
zK!O4rt5+tHja9K`V^swDm!e><iIV9;iZ$h?y=bpubNN@{w&uwUQ>`x%bkb1p+Woa*
z{s5%jRmL4OF?yMtu_^q8??NMSCWfpD^cWa`+uf7}lIe8#Fx>=7$-ww!xq8mF)4eWS
zV#CegFt>c(E!P<B!xYmvN6C~X;jWTg;XSEY3aT^8A+tQN2rS`q8>Y=IALf=H8f{pD
z^TpJxP-`|4nvD#xMXWH6taKDoVg1{()VHnWZ<Dlc9MFvetkno=DIqb$Qy8@~9L^|@
zUcz-4RY3nj?{h(j5nGqNW^s=ERi3;-0^RaXZk2)lFboVN0E64uiwO+O&kz`-Lq0qJ
zgAOoEhq?w2PBN)(F?{faF!;jIBp1X(qcB|yzlR;QfJy?GDzZHoSCp|MyvcXI;e@Nf
zj?oXh+jNd(Iu$;Iy9)tO{K@FBqkp4rn_T?eBei!AgLe<3h2tU#<Dg;Tx_pgRf5iry
ztf>}9=`peNTF^;U<_e7fVoP_`Vs0i0g65VwQN1wSZW|cr+zSo1H2?fS(}t4oyoq9k
zOMziwRM9f>>;2IcFt<afaRoBlN#QN7>~k*hwsSb9!=RgF9J-R5u}OIdlN=0X4YPNP
zGsfV{_Mp2!(@r#BP;D?w<?ZMWH0$wvW<=D&Zh{{Rf}q9U5lgSaYm}U}f?QE@=s-!u
z+a>3Jn($Mv`#gutmA%eR*rzR28e9hQ<;%h=N<0tT7FEA|_?ne$oU1_?P(D3e8?I#1
zvfJ*EC9_*Dw7@b}3XS1%Q~CzhZi?NZEnpcWU}i&~G#`f!Af@ieWVR#0hoKtW*)UHO
zgKT(RNW}O&<ro|fa^5(_rI}{=bjjfZC2QX<x$x73!+4>v-%(Oo$^JS!VTWO2&rJLs
z6AK<ek-T@s11Lx@d;kRL^K4v+_gxM6ot=^_iSFwF0@<0Elu;gPq1n%|@k!a0o{>4?
z(v*Z;`D<s%4+oqj>)v*jTx8>OmRw-tbC#^FWPkDTrKxA;RB_$rsS@0GuXW4dI-?YC
zL!iw9@0_gX0QE;IT@1yrs$k|0w&m>{27F(R6nV2slrOIV<&<)vJBH?{!dSf&nNCns
zKhERSlSC4Br0{klkhJaDOcljVf%W`^C)XTmAE~_mF{#M2D6C39i%O^1dC7-PhM9P8
zj;pD+9s%l2;`oit9`Pz|42CE=ktd&5PM$a6MFV@`M2)lU!K4YDe8qmvA`yeeen9!6
zO)BJuDmP+AUvJq-7lL&pty%;u?afR`RIapuL|7AAfF}HGzRJ5-5Mw*G4f%NAe6*eF
z_C1^z*^jnEd;0u5xx%FyQ~DpbJz{#Kv2wK5gw7ws*3Far{U9e#B4p|rWOB+Ioh1j$
zoh3C6Z=;e!eM&Z!%wnbd&aY%@LK8~kDESB3B)`j6GVu;Z-h8aYSL{geJ}LQcOQR?}
zR=58N1^hB_0~{9Efhx0|M6yd{-OW8CgWmymu#|4{G%h)BV$kmC5bCC07{bqMsX0ST
z-~WJ3shPJiL&&z0;yVPdxzd@?SbyI*N@ssPOp;Hr!_o%8x(xw1JKEfHvtX^nL?FqZ
zDuI;KahFt4o5)ZjJ455IXHc}3E{_9A_K7-ce4EZ1zl-Fb9tn1o%$uJr*0~qhjP3=_
z<q#1~x$!G9{Wtm_(fNk)rbuwd<R5Q!R9Bj$0(Mr1?rJEBIol+Eg8Cvv!|V+y{M;tJ
zI<anN1ODEXoB8P_{OtQhQrCyAN;<4cmbOxk-!X<j(sKUNG>r_};H5U*OLOU^(mJy5
z<?K1RD#(}J<f{_Ss8&YrPvFEvsc0PzPrr;Qns2P`n{4)UE^*t_%xYpy#L4J6-xw)f
ztKegugw=o`lw~a&M{Z)Q%AyX<$Y&UgoL+_>z}89ryA+BZ5SXC2dfugY+hPhPc=dv=
zV6Y|5U+0=$i`lHN3gu+%Q-3rI-TbkM|L}H>F#*UR>2ut{1Oa_eiG5cUCeQYUV}GsF
z-@hgxg`M)?nvjhZPsZYo5z#koIbs8+Skb?xtbE!_sOW{0-Pp{8+@}rV?;H|;PbRXO
z8QgCceQ`7?!7Ez1ch9~9WObeRLp!}k&U#+_%VAWx))8;4E`8_HJN|!t=l`6(bJ$Fj
z#}Z$QtM8P$kZ`p&7xkT;sPXPs<LW!F=8d1vjn#Kf|D`xVJ%eCfA@5dJp8}X+hu9_0
z1eyy0o@`>-CrFuBmm_{UdI@qc`X(w&eE5)Lps|m15|qQ2TcZ;1xv0j09+gnNj#az-
zbD>vgmDNlTs{TLb-UYsiDtjECv?&AxCMZZ$grHH&LrtY>BE?N0g&9n-DrnbdT@dT4
zON9igmbPpfWgG+S`dHW1UDwrJ_WRvk*;fTcY<RRql$VM;<SCB{k++ueYX0Y(duK99
zi@M+6_xJz*{p^;>%$+;u-h1x3=Y9N6IuDpjy@`Ng#n7GXY!1$_5C`C-Og!~QF=$5)
z`Eu$PwRlpeD0~4!e6`P;Q>o;|eswNV3Po}zd&w$|sM$wF-(?JPDlLNzPXYJH>v@nt
zkir*=4S65F$x`XPaTSu8z6;<de_gEvD*Kv?@+M*azI*b>odADZ!WSST;zoDiSglh#
z2HZljtmEJ?qaq*N+AtfOJ!^0_eQ>ty!F9*MwKXAo4!|Pjxu-OvIUiTb9_}GGH>2Jb
zbInbpL|gTbT_LbIh)L=~fq6H)KoCuuUWK;s8TdTbV^uI#)FP`56viEG4R@8Ao3JNT
z308fbOFBMx37*`G-k|Yd-%q)yZwK`KFTL-7vA(OZ?|OXx$SR6)wX`tSNtsRWs|xXS
z%4{9YEaA&hyZPvifXzMaN+A(x4|3-En(k`GdPsj`%7GnBk^cBqq)3+|d(YsxfD?#5
zBV&+3;-#c<1T&8JBOd`a?<QsXg)U}TbqAFytQKU?3Cl+3cGkJnyqwu-M?3V?m*&1N
z&hFd0BlP3M=F8DP{cnrRz&2jlDX_mjKNHwh$Ibz4^m6Xgf+>ao;#tHhE5&d^7Xy>!
z!8ACS8+IxkrRcr7eKwPl?+XrYBPn?TKce;C^In_IP*BK1!8Qv=L3UA#<zuTcJq6}v
z#Fg}+B=EBpu+738rYaj6Eq?QHJC(He)i;K&4dT?wq!eMej~=&V%#O5Mr$1ecj#}%e
z<AjAw+|g`G5bJsMvm6&BCBZS_i<PNV!B#BcN*ghfvV=vPQQUi4_m*5Cc^;O~4d-e1
zJ;}mAX0Je6XC|}CQ8*}J9jx6kDPTcria53Jz^4k)wf)ko=-<PuK;8<7@AkL}gV%P!
zRq&=9yi80HL%XMl<$I2am3uy$!v1XiYKr*T3V3n=o*aZHdo!MVEMc7|@5%7r;71EQ
zi64TC_!L>JStfbc&;U_~(c`*IeHn=3bsls$i<ekFBH^wjoRlM{9-4Mh!B&`^k<Xy)
zLP;&-uo#K`bm}KKYyI0pn0J{H+$?8?l;w7$KaC`xQ!d1MN(+E4EfkcFG;X5Puavsc
zwGb#w7xJn3co6RDxlG%;UU`|R5@%F;j}heJyw3+A^1j6+HA{=E_$0a6myi7gWACzn
z_-Bdd19ZF?)_o)jO)L>@MVGN8vn&)v@`f!%5Z^F^xPXJWh=VA_qO8s`ihybi+bSPL
zcIURnt>TM~>c1&GqIhF;gE)7xh2rCyn=np7UZMv{1Y=C|M+J9H^IbA1j)5aRM8Jb}
z=3tf36&N^@3|c-34q6%T4qFfkn8LFN<HOsg%!gNcYF7*u@U_hp<MJN%YFUplh#2RR
zd_60^5Z&EU%T3?|;K*uwKNVwC)fafF$nLfU7D+6g;Hn6y!(NrR+ER233@TdCazs9{
z2V;tO?xY~E3eAG9y2{E)IiBcIQn22yZ1C6Z#(2yPh{wya<1sf-@un<)=M=_G?p^R@
zO5$lO0?M%2eA3xWCyIa<#gwObD0#%W_h72n*y9d3g^H05J?1J)-X#Isgb_0T>?;U$
zvkKs9Lk^-hBNjx1L7bDuD@8jcH5b#d`o)GOKT*zr7&uZAO$Ef_BYJvN?+P&{Q2MN5
zf%2p7>?(_al|TiN5Hu3x?b`TRJ5sI7Ea4~XH;B;~!TuI=_EU=;rq|LbRne8R5((iP
zj$c(kB*#9+h$NwL47G}!fD(md7f2y7A~(S$o;yAS(s=27iRayr;ybOf+K+vr&;lH>
z#g+v-%g1ZvcD;QQJAH7!1V_N+g>OyF=pzW(`89@0>MREp4*WHhh0E&G=<odP?dY*g
zU5WL>`p~<iO?(_PM9jj)scdIn;l7}{fG`M;Dz(@nIvlbZh8OPFq~>M{6;!rp_Aj@j
zFdBGqI`U|j6j|w^@HX<@Y#%`RX&GMBe~5faq_&VDJx1!3iP0STq{<?@E;8bo+B!zg
zweiR~HA2P2)qgSz4-aKp%R`y`$~u4DPQ>v>#PP;#9B-5coq%QQ;WcmYkBXzKLYH9-
z6G$GX<Uz;AdyCeI^;59u49H_siU)mEtgH`j$KBoiGPb){!8>B~S@aCFG-EsyMj9u7
zUpMPIfz{kW>NN$a7kUHJ#X|k!4gF%ieo?1iRO%Py`h`!waO)RN{lcza2>QhlfnU%;
zo?(J2r4tsD*e@}7jZ2Spf-)o0SQAuEYMZyS5Ex4AWUO35K7&{@90vP_d1L9^E$wRM
zFMQAF`-uT~?%fy5d-M^*fTMFGu;F0E=x_EeJNQ0jqfabB?=LusN|9K3a<(E$9icH6
z#S_1yhtG48nZ~i5(tBwf+ifDC61PEhK(2Gg$#sTR80{7sl#Yx$I!5g=r^Nel$ZZae
z+kr^+?|}@d;_!+XeFyi1DM;>3beoL+1?wQa2#-K++7B{J;>P2t6sGJI>l1hYE{krc
z8O;f4m4vG*!Dk|;EMnB>KvLUS&<eybG-zC;s96a2p%sYRj1>@aE45TpGN+&wDN&@!
zsy(opNJcZKG>lEoM@nDw6c${0pXIe~O*##Io4={6Ag7w;R1=bE;5Tftw`o?;pzrYQ
zBSLsH!#SX(j+F6zcz&mbNV%xUC3Mz62<BF4$=4<I->6&lwKic=;D7U^!25D>{UvQ^
ze}UA$z~qi91%?uvE`Vb-9y*`3jkebIE-pBjxD<{br3v1Pw$>b$Vz0l##v;Y8?mDZG
z5|v*B{GVU_6$N18cs9u1jbdyov9CMZsB(4j@-eDwVR3X%)eS^910%|vvxcHt3E1AT
zrShat{Hc`z#WjcX$dqS1^b@j1B;Axx60ShF%oY+Evwe~=yt0zezIqRL>a)gh#OQ-?
z>MF~CZAb(6Jcj-yykzRE#cHylzL>}#w-L`vAV$w(hw4~qoQfwcYWvi=nbcRZv~`Ss
zZ)5TA5)11Ns?RV5-bN{Y2sn&Y$YIC@N6)=MbjGTid52(@1{ObjENEF19MmLvi;jef
z{IO}sSZ(wx$2y50?m4GFY!>m0qZrus4?Oc2cST#}74k5C4enB?F3|+7*($P$W)>qB
zMb!8Ay)iNM^E5kJ;KLjtv6tJu+(f+s%1;aF<bo4t5$9Y7NU`^kLS!<qe>y!z(2iL#
zt0HkOV*O<lSn%&ROnAB=6Hg--vF!669a+nabl8Zjz1a(ZtoDMf6o9JZ>Jj9rVk09U
zqZDj~otHU3>PrjE=sIh98dZT;9;I3rMjNXx9#QO^)t5&j$Ys)`Pk{lo{vw$_Wqv0j
z7)C^K$qTI@cQ3+8N`o4HJ`)M6V>BY=ZjT!FDAS6Vrb5}F4cdk;Qk;grJTl88)I1=?
z?sNN>GAaUee9sgkKfasi$9HqeA(aO$Cjpd#4Jgk@+8zgv5_v(7JiD2;Xru`<=2w5f
z#|2+i!==g-=u50Uv?cxRipZ=|p{5+ZEoFS0>BG<U{ff-*2Zre1F9k|irhmNA^zn%m
z%54Ema)tubKIFG15$?oycd?vOUSJ~B^h#8e9LA@>;3)pe$gB#X=0O0iJPSCT-#Z6<
zl?*-x-HhvW=qdm@pAOwJ6LkMZ^i`g)lK)y^nr2o-KENkJO$ESEWrpFq=ch`aAC^EQ
z2w#%4rBgT@(K=e8^hCYO_Zfhq=W5@qt^EpDiNYaKC9Azth%bGB8#HHHPyLDJxj_&X
zTKsh%P{u7Wdc-COW`&Ap2kKsCRhEpHRTa7#b3pABbbB-_()Aum$ECnf0ZbmE&A|~>
zRpDJ6DsqFUcVXJ~$Wui^&7Hwm*zI4!=HehSQ0qvnM0}kFn0ZK6yU?^a@w94^l+R)F
z;8FJ1pIFcY4hvC)ao+Oml_Vg0m&5R?mq(tm3gX<yxpTh{%N&zP%f3`_5RW5e0!U9+
zn${nF(_R~81zx+1di6Gmv8yc1Bm(lVg@b}Qj3xE%D!4t=)9TN+hMFYx$x6%$(v{~$
z1bGP^Zz#XKkunk44z<*#`3k!Wtv<Vjz8QKBU>s_bEJ=K(D>8|zi{;%g*~GNzl9QQf
zqiKiJjNA`B|A0ekI0oP1iuxlpAbQMQa|(4jK-jwXun5MQ&F59oL%nsKFh9q_`La3&
zGxKbsqf&Fd3#gM?PCd$##<*dMtCuI9JjKa9<+e#^_b<*7l1-B()p`X@W~^>!JJWcV
zP8J)iSKzNX0ay9tCU#A1teb0}s$G?Y)tJtyDyR}lt6^tzfJ)v7%~n@;S|AEv*n){f
zYIj+L$SlC0QecGAgbu@vD``Xdpm`YZr#*XH*%8m(lPr7}7tyxibPjgUs>m#O6-3nv
zac&P2`bgw$g4*By+#eO+hcQ$@Cq5FIw-Jo@Rg^sXP1(3ukKweqlA6Q$arpeQpqf8U
z4Gg!Bhd)lWl13=75eocF1>WQU+v3T4a)eQl>fu(Q<^|cZ9qUZVk(G`Q2!pr6Xfw|z
zShYea)&s=Ji2|nCj!hVXTL$*a`LMqocA#Gl2WEaa*LUfoSKgmPT;`-MII*w~U=K7`
z{~^(f6cJW|%dl{|)`X>4nL)<(bbtp$kt&!5r=(s0;Ean+xDHp~Qvhe28gk+kI6dl&
zY*2{MA|NBn2@sfF81)KH-I}Za9GMjWobGK}nsQ@l24&X2G1ezwUY|-T3%0Mz4_G3{
z_bpMyB(_9w;?8GF<jGzl^ZK-X-}-pIcYR)d$h1DCnd^fSQYtnCUFCCZxLMqW)wq%q
zUZf*5Yus-#@-%EA53xPfv~e=lZ#wLsR;0DR(6`IzB6)U`zE!qIo<<_O8h-khN(>9+
z=9Nh5k{1Gfp%-BBn#ySU|3GKg(*%Hfc9k;$f>w3GEo$J#BdtE5pjYB$qd@|RGH`8p
zFxK<iX9@+)`%Wq~T5Ndi#`kVfi*EFz-UPJ+>O`A%=$h_=ukLI&@ufKY(?fh|S^au3
zif-?>sKFbLNV88aaKFRd@*-7^95H$?Ts6<eSwI?7C+Axea*COM+{ScO(hS|hus&94
zKB-{B3J!Lduk7=R9aiN?#VNm8=3%uG=*`nsCeqhTfTOU=sAyD-ooDW+>A(r>)BE@6
z{WB^(cblF;%}NE1aLYjVAJJCTk8H6X#gSm_Ep`NC=U+h2!-5Uk3;FEu#y7$V8Fq~9
z-67WhmGK!Z!PxW`nFrW4uhg^CR^oXgv9ONoPWDA?=kdCS!+`Q*Jo=AIaFdjHPlVSd
zOQq<+jD)oK`<w}B-^0{~5AW$GBo}5Tq{aKU;{CU2u(EPr71w<Jiz&^ct)ZSe7o)Ab
zDb3Po`Cnj=LIcHvp;>Yp{Tr$v9{ML8c<8M4Aoi^CoQKR-f0~ibJY-g+zZrVCU@O`=
zQ8W-jm!qEK4eI=PQpsnfquq3(FIh#`5qnlYVISfv^QXo)Hg$aCkMKrf*gmF<LR&2_
z$W?#5D{+8`{5jLQvwNf99$wKN5TlcM7LQ6i4`EJOe9P=MWN*a!DABZ8M$tM$C54%Y
z(~f4Ol~Py{y9^P?Xu<MVv+{N(weM8+E?m4wO@P~(;KG7ZL6@DYtF~)b0Rg5hIxZNS
z<u)Bg2j{c>2>YcgUmDmi&A4B1=V}8cBT3^s5*KF$Tbz~E&5@^lLd{s{Ps;AE;@tgh
zuh9ErGJ(GTkd>oo#nDy}R_0QSCUO5rbd1f8`w1pBd0E!^HK_$UJC9W?`&f*v<m=3G
zjLKE|(Hgo5@$UFIb;40k(0d@X0*y;d0a0Uz)Ap!MQeHF+khn<WRO?Ym_1XUKuaZ{(
zU=A5wX%>9ege%2#hWI=3WPq~rc*MDX#W?v`aXEftlZ7e23Nq*uZ0DU8CV}g7Fv$-`
zdlT(;G4?3-p#Hd$b^`GSj9ov1=XxCZafSDQr$2IF1};A*Fc)^5tl<Vmqk@M`R$#d8
z|E1Zw6WE?n@I4P=OE;J*%z^<tg$L_Ez_A0Hti{6W1(ql8%B0`Jkt6}5I-25^OR4y%
zigr9@v;$Xw`2~!o<Vj_4kuOF3Hn$(unTWY9lJ^ra_7a&oO4?+#ALCLEpeFeXDON~D
zQ6<YEDZbAN(m;U^9kpQkLUHt2L%+QeR!lHZ000CFfTMZPPSeJWi9U_F`4IzRu4Bku
z@2LTUQjUE{+0@i|_)n&0xr6m$C$nD2>bpn>OVnq{Dx~M(<NC9>vd&eDmWxgd7oBU+
z$TT?wHE7F&mX_e4M)c^4f0Y;Xx&~kZ$<e4t+vHc4hqvnaBYR5SNPiZOHin&M%j9oK
z9|?G#9G8|im5rJW_67`+=(n;=ito+~Dz4t#I2-6~!_a&OV;*U6)CY={hyzl5XC5$=
zzzD{X-RokPM%>%Qf!eroF?xtHD+9XGM)1nYHhJ(_Y0*xjM(#?nUbNy~IBS&_VZCMi
zFDSmF$&s@bN=b(0a*Oh%#r#>0>|Gla$DRyYw4gZZBt~6aA>j@obZkR29Gp5nt-dR(
z&ZDwN$y}gs<6_pw2}dm&wkuHzt;pL+vJ$i+uDD9^%1%-?UO8|N6C%J5C*Cf@tNapW
zFFJwv@n4Ge$jm>7|CeARO)Yi8y46mkza@73Ta2NOZrDg5zitYD$`}>p2rw#mOJx%k
zR0ai=N3e2lErN-trTFc9(qUTlnNPHwNu~UCOI%z{;%(!6W1^r9k4)6MXhlE5^k=#z
z<-#_01e=c6Jh+v34gO#<-`Trh-_-_Vx7o>>kSr*P-QBhTYX)vBQ7?i2`E#dhsitv}
z>Smh|a;2K&NMjD-R*5$**4OS&rO5UWYSG(-zl67yPcu76HY2y_rW&9Jv~f3Pa6i#5
zC(uEk;-{{^rktGLw#+CrxFzy`W3fvEx@=A*mQ%g~3|uOKR@!5ydYJ;34n2^5k%cZD
z$b)z0k&1uh{tM0#h7ZqHUvQ2Pf9Um<2MDS_=TObTFI;Uv^==rT+IZ3oRapn9Cg3|K
zh3o_XqqedzeB5-}vCaL2gnMgt*zIa_n>E;GG2OZT*!=|MZ^NBJx!Vd~q;v)ZWp9Mi
zodM-P?$3tuZ}3j?PRxJLx*pwm*Uw_JYgxaGL(uQ0Hgmsscj)&{E2eAU%<$^|==M1B
zo8dzRZF?a;7-@f6612-LEQUC^DV5T?T*Tw6M=m*ynyDtOPaa0}j@<SXMf7fmf3#ij
z2I`A^L2^L4V3Qu(+lWsi78cvP_1%F&vNq{U-j{qbIWrl?0K6OLZAm2`O+J!*IMD@(
zM|tx8<h_a00A6xp^1|eBBc0aZ<W<QlD4o_w=o)_BkSt7ImvkquNe)X6N#-Z7OuCYn
zC7sL>*DM(8!yUF7i4#86+3&E^;H|@VU_11I(p(!@7~n7f_j}lL@7E^wJoG`b7w?_@
z{_FR!>Zg-^1>>uKThG4Q(7+Qo@cS?G`@d}%nB}ja$0OTirImTb{Z|T)mF1LYkR^WC
zo=x`CW004u?k9Bcu<psCiS0%-@ksl3CRba>vSh5=2;$d@OnA)kl0%Gm)_+rV(cNv|
z6?6NKdkD$zpVmp#<XaZzc01r=J!*2@6M*Q4zcnNJ6Zd3BO-|)6B`y-rQ7_#_)PE&Q
z5H2alSuq1ldMvABsYq4Qt`}e?Hp=9Ar$#n$R)#}>M#Z@!C_)|%H<dlzb%v@1KdGga
zyl|qRUv~u_M%4w4$-bHLCAy?Fhn@<E4OUCB68G2b+TpK@zwO5muigH-Hi|cDY=SEu
zZ&a?wL(LAD0t_h%$wwMvpW$xk;4xWUUrVKu{erQcAKlM<0rdxKUT0<<81QU%5To~X
zjl*9z#Zo6Xk8u)+szp+(fQ@XfqEL1ae6%apTF9Q)Piz>4*;mI~8h7Tns_S+|Y;pgb
z@s?n0w1YB3q4vos)Z8wsXie`*h6D5X7g#U}zZf_osW+%IB*}X$e5HiuOTThwjx@Xd
zEMWJ{K5)lE4A7*fos##Iq#UbmQePm~SLIF+kcwI6s=gwkT8wfAZ14c`y~L0&OhzJ?
z$T;e<pu&~x=w~;^7onQ0EFQ4tXDoqh9*aH#f?`(HVEh=XDo2?q(siYY;dRUEcwf-6
zizb+IoNC&AMO31jy)~(h+1XZjn5?(5`tL0B9Y{7#zZ!P>l^Is7ko54yv=kmcx(Wo9
zgGfpc;F=%5-_hQNt{`ORXXXkw`sS<SJweM!9T3#5q2WrK8l(ig=@Qvx%)wwq^&&M~
z>Q@@*a7Nxi3oS*bl`*Ag>ywmZ4IE34N||#}$B<*Rl%9u`Y!*sQvq0{X+QeQ07o1C(
zo|lb34$?M!c8>AcZH@HVvdGgFfHd&U@(%Mqy1c{p$~t_nxJdtA1$-|*{k?zI5z;g~
zZ+!BUgC@H?Lgj&lnup-49TartdInV;zF%(oe%gHJ)>7j*6qG^4Jn%&-Ig$I7mzk7L
zW<?7jacK|4yfxA!r4w&aao+ts5ZrAHcPk?A)0tK?L5{t?AdMPkeKdJ`GLXA+n<Ic+
zVZsk>=15XR$djVXX^l#!SFd17Ql-BOD97Uy3kCn80W>rgY(%ci#}*@{*BU;y2!567
zkx@|2JiLmu<;=Pn0|<3m2;F#Y8Y=M5>dwgHeho|BJVv6^t(js0@xR1ScnX`s1B+G1
z&IWBDLrTd{n!BI!T+3zd4(e3%dS%v&$FWNt&}HLErdMU#)aTI^MSQj1qX+6MEwp66
zeNo39WxMwL&4fLb(XHa#cLjmdhrC9ee1I&Oi%_NE2_mgvI*WX+vv5*x>^R?g0(G}^
zXso1J-lr}43XgNNyJ`oQv*Wzne4JkZlUzAY83t&+63dH)Uj_CsGP1(<orn5Ilx9ym
zy#@~TrRHVAv~cJ~Y$Li9REF`h1m!cW`a_Upm@)))7nfSFcHG;DViZXH0gj;{mAu**
z@1z#$hK$c}QHp();TZzc?OiLzw$iZ!Qd18Xx>>{~oJ38;XA&BPTA;<OPw@yXlhlh9
zd>exfW#!vsZ{0ozLr$&qYBewO9>&Ec3{FuG>P_k${YTv8sM)IC)qlhtj+#%Um_G$g
zuuP()-bRCkRcJ#OE<ko0KdbM>u-LrFo!qgXba`~_GF1@s>K9C2{SIF9<Bb=Yb;ilm
z9tkR(lg_|HG3~n458r4GxT<Ifv1lXh)EL8>)j*WHlFLb8Q^}+c5b4Ox^jFv@zCRbu
z5|dr!$*Y+C6Ily#j-4oEc*ioU(c#dfpgL?Qsr?UWHMcQ;-c|J*!aMXgQ2FbF5y$z6
zN$(Zo_9IOnv6eAn3LZob;x8`%Yw@B#QiDb!DNjge)IXBx*NQrvBX~jV#_Tv#-{59I
zZ`V(yc(N<m>d&dcnS!(CW+}mARpr6h8;sx`OkR?qPhBZb8e>JxM{Kbbk2_YuN`7=@
znVdU@%su&jm4b{Bfxot}J}xxuy{IFTQAf6(+`z_{jf?dmrC88%K#CQvmz00Gh#+A$
z5_N{vTe!Y<)rin~>#XIRcbtP`Lv@xqpTdFEg{)9Cc|l4AI}9gUE4n)Z>7OEoT6CA#
z(AB7nilaBnpd+%fOpfo)8}BVVKlGFzuy;yeP>WxQqcY0y=gM2uIt2AmjnT$%PqQ!W
ztIVSl;4ISuWjO>ffH#+b(iKsKohhR5U#gI+zD$kdJE0})QIR%SD1lq_gj$_ri!y0h
zluo9aXXDjC{5?<{4TnoF1sX_^>KwZez7XV}9CD0M#O6SbgIvheUc8{3&!9c%|4_$i
zr_bPPB`k(Kfnn!PGj?v$v2#;r`_cXjq*b)k30FIhr&lSk9G8AQU;3HZ_MR+=bmkg>
z7%-6mvCa%ciw;CfXF#a)35fZbxHXaCRt1`-^VQp}qr80*wL3<Qn2@l}+VsDIMpvE#
zjizUy5yo5ORejSr{`}sAKh`_{5Anw!&kTFM`46y1j8364d7WWU;+D*OD17}YNI70E
zqAx@kSeBpZe)p&md*v@%QmCWMq)*EvcIqC|%FfqPz>1+Bka88(|LHU%?3swcnR5Lw
z*SazW+?Ihc&)>l?rqPTsi*$@xlz}lwPw$<ZN+oVQZ6Gcp>KRg}0o^P2FUi*rS;XA_
zQ|8n8IvLJH;Br$dOO&%R9;zQ%Fp+l;PPP(Qe_hTUUxxG+h~He=0jtEhSh|QD7?PJ6
z`UUosd@|xpI%pPSf28wi44jL79B5=>^bb*Ynsr2>qh_5Na9Bs=)U=rS2s$Iab9Mkx
zK(4>idmVT9`rFx5Ei_Nn0)46$bhf#!iNS24JwNR~&8Dp+Hp>E2qa-o^gd66hx=#X2
zXU?a2TJGH>&Rs?(5F+n`vd1)PMB$*C&qk@iLDmu7YgYe|QJsr!4dn>%hIv%4=%ae2
zvr&~jpQc+uD!y0ksuV((GR6<SUzMd(`qSpVg!qnB9Wvh1>=mf#$P9`eJ&x2Zhs#-<
zb9tu1W%!Xzq&xYmO;@-)01dU8J!XZAFpj@#s9eq*X0OeF*C-1<)5&!wo!o$APV!<*
ztC5Bbqtrh7!$1M^<KvU>8`zpn83V)D)jtdrI*+fP{WaykLjBGsMp`V=?vSw>wL3jz
z-9VPs?8xfa@+`H^yMvJ@#p*$~mY+kX<HNl~o)Dpq`D2<xp&zc#@$p<od4Ipol;5U2
zJHHL^ZzqvJjCc+huD&2jwFe7@^lj_&h|S!trWD(Wjg^)A9R9k8ENA@cOlPz;e1)tQ
zo29W;x0<_%tB7_popS5}N3^x(Csbd!v?~VA1wJiURlf=g;z}v>WQxS?1u13^^DDD*
z@GTHVNLMoyIQQVBrl7ZZmUDqcR$77}ca^9@$s}KXaMHMZRO85&lO^7GXt`erlfL6m
z@1R^)?D0oxQQy%{se^C?l{FJ2WwRb80fY+ktz_#v)Dln7a+Jn#0Cg^df5MnEGBi~Z
zB^%?EBTa5j&Z^&+loRR<5G=z!Lv^%2&rlu3`W($v9JS#yg=C@0Z~&s@T`Wn;S#>Pg
zZ^N{+?=$-+UUA*{LLqs+IFJ$27UtKsc2<d`o=1mZumHhd4TuF?xTHSe7^M`RQlIQU
zN~u0&^|m7+Ew-7xq&RITQFdt;0S2hWp5$BV<E4J(@c=${!m(v>v#K-s0A6YIpg8wW
z{5-S=W0jH=-wT3h%5W^gL%4~Ho=zrumM0K*R_Y0)QS==7c|TUtW4ku(-~EK_;sIfY
zek_)bSB8;VE9gDT<xlP8*zb}*SEBss)}C$z`ExN7n-wdn8m0tL)quH$(7NEjY$kBR
z*#R6>NC08ovN#vP^{=#WHxxEaO}SReQ5aNQm=B61Bkkjbh}5vDaHX6it)i%nvg-S~
zteV09vGdf<OO;fEaD}q!a*|bd(&jqL_+VXB{UR-@euk8xBB)-cY@_shvhq#Rk>$S`
zSz*YljGLY?C`G-fH~G~&QC_V^dDTDSPDk|yF0kTIV3K9C)T-H-X9`KJK9tw-v^jg%
zInGeg&j0P5dDeU#Wvq=|^?4ExbQD;9EU`Z(?GL!hXavx$Bs0728bE9mRf8B{ItiG?
zOhI)k3aUQL((6tR*7cQ0HanMBad++r-CLp#8^Gn&HKWcUuexEZ{xZ|a3S!<Xe3-A8
zhl$@qW2=@615N%0*EZh|#}0GHvx{@zCFW|Sn|u3}CkJG%7s`_X7ZWH|##TL^W~;1n
zZje=@a3hxa5X&&BhY{Izd3OFrY(@U(Eo{JRW>w27rsqQ)p!$T>8@jlycKe9X#b;_k
z5b&FbfDzEe6puE;?-LJ?xA?-(7nn!O96lLyI$86!2yji)k?|hLRgV~e{RpwlK7(bR
zl4hBAYY+V%S>~OcvCKYXnXl-|S?0;OLAQzZD|jTVJCkJ&qLXST9HB9eYCeuSfhp^&
z@Cd9jMu02nMerxLGrp*lvkyK}Pi3(W^Vao6W(e7WOlIf?KQTkQ@9H#5|CRe0SMx@y
z7iWfUhlbh{Tg}YSabI?-{loj%YmdNd<|07f2W4VyU(#;={ndfO{EU1-QVCV0=EdDu
z29*rXWsKXzxs(9sa@L7w#4%YJi#9374BTo5HrIU)KE{E#>jXXqDTqBZ6PTGko!F<I
z{NenJgXho6+cnsf!^@prA{>sF^|+dk&gT5gHGx7QeY-G%;SCd9cE5VN)34m+k@b^$
zFAhpSseeg{hyColmic*23M@RO$GZKIr<^ba+iQL-$40SyUWVH?#Sh5pD8^6ZGdoT`
zaTK?@CCg??qjjnTIEsfK5U7Boos{IGoN1@*71c{oK?>mi@n%Coj_+-RSLv7vDxYe<
zT4oW*!f0q%yLLt7wvlpOIZ?1mbNv@f@Rf<Db8jX*y=h{0aw5Xhnmr8R+Ro^B`d<?O
zPgiX+<LNCo^LGtA9m`*f!)x>Z2l=*7jwGPop3sTmHu)9n`ym6QehAVH86YhhnQ6Ff
z;4iu1rObTtlG4Y;vMWVu(ESrLL<M8zZa-VZgIKtEM!AIk*j5))si&ASmmIRMeE<=7
zxjbo1k;I&_QC*CoEiI(6thtkSSe5QDi(W(jRp;#gfrs?|c`Om@e6?R46Tp*z3<43W
zs~od9gj}|yeZIs<zjuuo`!#hxzEV<-N%7rXBGtV;Ld}j~Y*=sf1eDYsE+Un@bQyPW
z#5$Rgm5ww^yeAvpa9hyQ+TpYycn{CycAjF4_AAwmf2)ztvLVpKHYdtR=FG@c-?=@V
z<q-LnxE^&zQM6T@ySN8#F65TW62HSbMT3?dA1zMp(Yu4w-Sw1EQm=h04I;NY+1q14
z=oVA`TV(l4!<(m=^qoChb`3G*2N`l+W)0j}#(b1uIO`XvZL@60HK>GP+9GYa@8RAQ
zgX@$DuE{LHLa8`+M|UIZ0A}z6j>n08jEYouMfLWp(9QdpbF-ka;9&9^f2t{<RG!JQ
zH=z{?Yg0|S4RB(4ndJRkj7=i<JlPXa3or7==0dZbvrodkozvC@DfyYVG1MjCtvnO@
z?~+)JMH&Gg4qXf^l(VE8&=L<*2!a4hNkx;tp&FShq{VH9pWnw~{Uhg*cfS-*<x=t*
z>@-(WPD-&pUTG<7nGz-Ch~zys<44ka#vRMa>7zhQM(w)?6Gc~Jh!&CXqR(+i+ABNy
zqFlfd;b8D>@-lS1H1{xVDJlecC*k*jnc~owDAi}N97#<d3SnykW}-xC(nfCIlqyk<
zlmOKMe!W@S+tOFKC1xFlgGBz0rBCI_LVJ9oGhBF9B`{5g$({x)m$<SUE=puET6JNe
zo;4QgU~&jwCf#0btj{mV1gtO71hz!w9hc~ntR;Hqhb+-6oi5RaZvVHI=-X}o>r3?N
zmzhg6s`-a6(aUU!fZvZSp3m0gpA_(!^k>u8_&%qS2zEOvDYncx#IR4kQe-2?d_F&8
zt5l&5+dLcN@SU>;Mi17w0%~Zp)jzwP?p#?MZLJv=@P0e}gXGooKfrs@gSB5495lD8
z-r`@1|3cf^&w!3%^SQLBV)T&|OZsG&mFAMc&E_>+E7l+AiX7G%Ievz%VG!3asO%y&
zV)hzdpI(8WW!H3%v4$fum+yuz)618&a`4`?7W2xjq?LnN(}LZO+@b{bqIEF6cBgRd
zwr|N?yJuF?+FkoY)~+7c&RCzwV&>X9_fr_`2ehYf5l!p2#~DzL2D|P0t_37Ld1Pfi
zEuz8}u?*H@@ELv8uEJHjI-t4+`)8k_JMLmY$s3Bj`=&P}N2K+;#<G2i%a(3mz0SXc
zJ=#<I5xN3+_lc1w@g!rbddGLJs<R7A)uivt;Q!jryl2b*XlLTA9tn2aDJy}qoh<O#
zO_>Y)_VORTz>_oRClRuHB{IASR4dNLJ;G2UgFaW3Bo|ZGNa%#ziZ3nlj1z=`<MH&j
zP!3oW{2Zv;AQf4OcR$PQlh~HS+}YWz@6VWZ>Qk)$oC+hh%klPHEcL7$p#?x*XI!km
zn*d`I<y|d_V>hD}Ssb-lf}_8_Cq<JKZKH`kwuvTMTBMHz_Qtm~b-ifn_F>xlm0!TT
zMfc#O?bj-o;iUDr7Dve^jq(9ox3T%sSXN*db+kKS57v&S^3+*$y$cOt9~*-99}VHB
zxuzjpOG9W*Pwy>?^#oGpUb?@{ZY`Haa1cjuSo>SNuTWw+!zNx&w=T!5I|y=IhWdL*
zZ~j$q@M(1VjJM@V;s@&@$9`nlAVrSVa1WDxXr!2ZdNu%2{d7res*Tv;<W*DVvv_|@
zCh*+GO(~23P#h@wNVCu4c`DX#A*QqcwX)jJ`)Tz$8Ie%gEX5N}@0MzZ6hGkfuCHE<
z#bnv}t6&L$Hjsqcp!w0-g)9Y%(|fdfPx23PY^)8CK&*e8B&X9!7uHA^d`cQj$$ZcQ
zCYON`RA7sZ#>Sy)%4oDasLr$j5Pt8*>W_lTQG@_S9Pl2iz6_y&YXD>+bH6n4YiW4!
z%_FscOat^)^4D_Ya2-q|L)GY1ONV$$OsdXIk*L~;JZWbfiCB+wX=vc)@E>+vMPqoB
zyuyD>HZ)mGO<+=*C@nxO?E%$?#Sxa=nbwbFq*)`^&nm-~RH2<ejiq$5vnYtjhkXS#
zTtvwfnm|esW4(wD&ngc-vK*lphm{YotSU;n6(#C(<n3h6YSSXWpU!IY6=k()p^IfD
z>Oa;I9{ijN-zuNV@nqK$<s&(Mphro;mUCydNql*n66TrKBL}s}gt~8#g{~`B-GIe}
z?VGgCmz3*(%ZK%v*5*9|__G!>D8~;wy(a;GmI3MPxc|j@XHKV5iM%tE>Z-%$66gI6
zo+K7vcCOhgP^8I_!AE{%9V%%5$|FztrFgx7UH=2GUt`yQ#OwL&`c=HHXV-J_x(cqp
zt4MTujdpy%G(mrw(|NtTDoUatMQYtS;?KKd_CBSR*KwxI{N;31V+9@j<)-r+lS9-W
zv@#2FB@l=4`O*iRAPq#HLpXXO%h1Y$g+_p8t;b`?R?tW%2z1kjh#_YAO?rVIpu<0_
z3LaSo`)y1<E>9%R%tTnK1d~U^ta0i^@-7qWhgg|EBt@j<w?dB=F&e^y!P^qb!)y@w
zyp%Ww);U_^R-gD{Q>d?6>Wprvy(EGBf^l9^o=40}Ii2*jjZU(D2bGV|itU&(U#)VY
z$ps!rlTxxbCC0{4!(DBZf?X_b8KVwc9Q5uE^$jRPU<_8Ok&{@CGdIvDlnnk@T6D%B
z?kmK4loT0p2h41@P|?G6uv_}LB_$zw4~WnF7vb#zAnRfTP44_Cm&E#oG<BZ<fq#hz
z{P+#Hz{_PNF-95oPvW^r<+X-*?lsz#>+x7W3PLN=_qE!Z_xs|PE@yDws~7aa0Kj0(
z6=BA0pthz3?J$vIRD*q_tc~o?P3)p<9qT!;KS!Pj(_`xJMoUweM1;d8&O-;b#MG3T
zA4F`eM9Ym+i!ZY9_>b7gw{Q9~McTO~wEsVYRd!gyWqx&r8+F8`+JqZ=3XC05Ewa*t
zc7p|IHaNP_LWmX|5pvl=SIw8z0rUcr`knX=9EZwwEpJ{fB`Bh1;Vnj!51<J*F~hLk
zXdvD)Hy76Hh#YCeh;+vSYxo|_;Up_U@@~vGLzQcL0|9YRW~m3&an9s}27VFXV*SNu
znfe-<I*gB%rr`<0M-ty+d>D6<$Dl~Z->H&#$%txXICsL`#3#^1IU3oOD@{5H8zne+
zl@vdjBY98OTxe`9Z;KdhMG}O6@K^n7NQ)xNoJiXu`w?@ku(?iQT^cE}9>``vtHFO`
zioLc0V^nL`;t|%rhyN_4nq*4zN^GoUndChh-jWyxJr=YsAcR2v6qwXzWwUmT_e=DF
zaNz!cwQ^GSqfC2+azE^(Cd^rivx!;j*!b#?0Z}bhuchQw3#|CISiI4%j(2^CNovHv
z+SuI|??)kp=)<lySciWqTcmF5Wo5i0vNN|>dF&Y&V2jaX_#c#LkQN{$B8ru=qz9Yd
zwGi4l8IgQ%5r*H8PQ5$BEk|KbA*%=w(D`U8{AqF{5aDjAA%b>1wJDXfWAM>?cW+5$
zkzd|(IrdCFZhV);-wcRk$KPb@CqI=?+n&PBX=fofMEJBl6_l&9NT|7s@F*CoaDQNU
zDYs5Z>+5E+_;s$Y%jfC(?5xgN$>kVu-Xu>NTSN+HJ%GKbx(Rys2{jXV@8y!N!o=Rq
z`oNhLo$4=fc-KY+-n)-<m#D*pu2)0XR-s1LyRI^I4gGbl52gM>dVki;{?xGnG!DVu
z73cm&pj>0+dZ%*p3M{jkER@vSIm5GqWdpg&TPSElA4LQ1*nmlYgZ6aPw0<({c3Hiv
zQdWC0n>zXZt{JC>4y?m$5T8jZd5#CY`$8>|rFgREhCh_lZsXJm2U_ZuVyY4$tkf-i
zi;m4`H4wVw@3Iu18Tw9^vTp)f*jrh(k4$5!$MEj;;Q>q)H6u$2ZgFl+j_#cnX>{vM
zVJG_LF_QF1lCgz7^11K@bdwwb1NlVdGTqr$MLTzAW7HN6bd-r&50zdk#}D_A3!2a2
zXxkzn5pWb2tda+vz<B9C=v^3}B8HYRA3?ERcirXe2(ShfI4k8-#M<Y1NPW;%2ESfp
zj*^^RJuWV343a-$P<1tz;Mw|H8Zls*jFrw*57rcs)B<V5om$uh$C6lIO*C#>P&tlb
z@68{P*efgBgGv%)-v{-&=;+fph%)3?u@g!~pi}~CDhEm>pr$gQ#OOnKuA%>9->TK*
z|F|sL7<QLf*2?7n7`G=*6aNX^6xGO?D)VYNp(~S<((*GEP*OH(7nHH$M#LPU;UX^Q
z{!Gen5`^u&i7WB#dW5d_o3oU7OP<84AOU0kd>h<K-k#xfrrXu9&eW54GZCQ0EL1cK
z+@p+La4En|o&)3`GzGR1^U_A9<bA_cWio0Au72rmOd1CAEi-?c?cdGJys;d%a`UX2
zl;lM%bfElPK99*B4qSaFT9DRLT^l}4E6y<jg%>J>e;4XdFYFxZ@vuk<RO0v}OY7M-
zdb<<o?=qmjfZ%<G1sSJ7F4aN)>)dRR*O)<$pBv-_9OO52kl*MW<ljsNkY^CcHB|ub
zo1MUWl>x7v&2JR|>(PPr>A(sdfc>HK`-+hEd?#S%cMj~KNqm0sK$W<Wni4XVW*Mmi
ze<xGAUP_Zw$Iir=@9XK*LMG%adm7Hx`BLOVN=_sG+@F(mx&p~ME-URp^+!SVk1Q~0
z&ly=Ai*80NqjsSyixe)c>y#97Eyu#;ENHP?-BUI}e5o;+Q_v{0<gF#@QnVV24ZZ75
zwb$N|k#E2<MVzr}ia5CiXvF%|G9Y6cfcfrS5-a*bZ0OTFsO+jcm8#yD%$1do;YzH3
zghEEH{`(_rl^yks;R_RS5-<SDUC^uuT8*}_GAgX{6pBZT)}!Qaq*C{xUdltVy@w|P
zJRvEYdG_XOe*y#wq-DR@5O7)K)QY0^+TUj7OYn<RtuE6D;;BX?#B!{M6-LkuuUf4H
zQT1nupQKp!`iy)dI=rkd&G*3TCI>WvH@_pi^CtiA!<%I^PuH(yG-fp%8*t_ktU&@D
zOK7}6$5IIMqree?XLUX)abkG`J*<|UTX&+tbTZ^r6C*P$z7s<kEcQHqd_r>+Um#GW
zEMfqUX%&<fW_gFw<Ml5SSsJ-^!&p3kRtV<Y2aN>M4pv}#V_aY{-IMWidYM})+<D2r
zcx?ARZD*_>oj>{5MC8v;|FfS_UOHd<Al8pF9VVwe7fTIex^oq)@u54)@Tl;s5YF)R
zX$QVSxOqO^9GSjZl;PFaKsBb5?u?uBFo6QjmKJ-ZpOCD}cv#OMoeobD;gnHxt4y=J
zMI+UIJ(CB=BSZZ4AK1<MnXEpazTQ-PK3$>vrAC@SQ-yA-zTE|_;G6%^4^|VaZBc~$
ztIuO$r7pPWHo3VO=R=N-bzott7zV)sA)fiXDTqGkO@#+_DB0~YRd?spr>z^?u|)T$
zbn~1gy8px??Wg<-rs+2sPku+xXhD4PLTB}WBVYT-U1$yYK7WHki8{(SA7o~l$#520
zcZR|#Z8GWmJNFNAGqn)NM~@XWCcDl5&;6T?x~}W<Ol9sInPu*XLhr&O>7M(zKhOXt
zIw$M5T@N6v_uE0<wh~{`JjTuF6M5g9cL{pm^rsss()Ax(Oo-6`6?DDH2yV<}!Hwi4
zn!>cX3!Wh|;!Bs8JXig;5@iJy*ZrJ1rGU(<6rjkf++vlKJM7WcntQx!s$E%b*6$DE
zBRR?)@b0=F^T)Ul@P>;J@GEq{TMh5lNiR{2Npop4ImVM7k%Eth*=f>;>BDY+i8_y(
zV6>eEze#_K`q^jK(JA*U7D7a#KnaW_o&-@~`8i|msH{)Vvc@4o$)HcskE72;aAOlN
z&0BypC!+^Lo*<n9XnZJ9;y|g-1}!^+gT9a`S5RJwcbE{G5i17nTvJv`%v1y~gg1~c
z2xGc?%9hhIR@MQ=JNYsb$bqB&#UL!H*DN#G(HIxsl?Ur>)1@pM1{~RVz>$ptj`%>;
z;VP_1e1Bd+V|0}`zGe1FRF0v|ZJ;>%BRB!ZADP|GejOWpl$!W+gC3iyF|_k5a7&I<
zd+b8Ej~uglP|gb~Zhv#YL-9vh>-@)oS?fIY-c*V}L3f}1Sbm^Oc72#keF9Z?{etm5
z>I{ccpx)9Spm13Mv-)8tyGfauA)(5#rL^Qm<&TWq^CjwB10gU4y@3$VFobydKSKx#
zWuDq|%+hmXL@}At5G`z|%2b+4l(ypmamm3F%eIn1pJUP~LX4s=AjyT?I&P44twdRa
z=wS=5G@-}&C6*+j2MGQ4qykNn5~9bnfjMaJli5guN`j$B(RZT<HTDDN=!frE<@nzJ
z07XXU2J^E}WV8aeZi!UqBZ}M-v*t5ZfMaxXAfKbiSTl+ox|9kg6H7!W61*GL8yp;1
z;pYdC(3$bl-mI505g^g+Zj(LN?9VsI$j5T@+}?acFJ$!(hjrr3cj*%5nD?vCbZ<Tx
znrRga&E9+m`eu6bY45X_egZF{zO`#z)eQpHnjHmV%LE~0S)N9DI-tsItkx~i_iuto
zS3jr1=(~6^?IC8`$ZoUhT<KEtU5U4@%i2$~zxG(Luu9N1Imm<Vklm|7#;=lm)-u#L
zOh__HX0ejV%xRtp`hH+`Z-XuR1+cJPTbH5sx=otocaq-wa2NE9w>In1p~(2VC7wVv
zR_xFPc3B-r75~iDZmV5BEl?>4b=9uPl!l}%RMtA$ZYSk>==PvG$-_jSA{Q!1WYmuI
z#=xc<G1<?M#hX&F*h6`~KR92Rxm%kJtWp!m4Hllwc`_zK=Lwr8V-}Rj*c6NSs$7|X
z&bs&pufum(jQ-L}V0nOf-7PR}hZ7z1ulPehp6Vb{r3s-QtH`5NiS%64=JSVjo_oSK
z!vbp=k5?Iwt8-KLi7zhaUkhE9D6wYOXDZlgz~Y97^;<*tA>f%Yb|?BXjfl-+vbhR+
zQbwMFk=sR4GgOH>nkvp&9GC!fIhrd7Jiq-C7b23L%aYvTF>k&)BQ0ni(<V+sK{GqV
zeOWqfr=EwAsrfLJ^o=y3O)KFr@Q_Muo{QizA9^0qfsU2W^Wt;7dQr)s!<5v}OUgG^
z*eDc7@5r6S(LJG`O1zd?P_5KTQ1n6dYo@%l<m;g2Y;e#)iBaaX%Bsi`^v={U#)p;j
z!GSMnKx`B1t?(s3Of~vx?({1w!VOb!t~mgCS1d9@iXWFPJ7lWF11G$ygFlslPo>YM
z{6KiD7Q!~M9`mYYe0)`MwyqzJE#WKhFPd0w#3f7$ccaxQzArDB`!B8@If00L?;Bh|
zB1Sk?W5=6g@h025L6zYHN~|9LoH35X-8jUwJq%6|1HzbfuoNpA41A1DY?$Ek(1s3;
zsoxMDRafQ6?vjxR)Jlr=c^q?jWGuQ7QF4TZmioqUX@YPk7Gg!W`D1*M+SG5z=rPm>
zza_rd$Ug@ih{>NUv=~1_6A>wh9I8Hdq$-dT9u1r5mjl=)A|<!JiFh7U{i5S0!X2~-
zc2IH*baCr|%sOwrbJTh3*u_J)rBXaTh@7Wr%ZG<iK-q{TTw~jK3U=z7bO4T2mv<tY
z&Y+wA^i3b!e2{LIq;Cc@6Z~C@!QC*o1GOUxh@ibrXJ-JMnPLrm+FEQ-k;-oH@M*ol
z->^a1Y4jEP7j1aja-Y)vV|W=<S&c^-&R_Iah~4YTPhOZAZxmVKEb$%+RgbPKx>l$<
zh_)7eMlMG=?ubq>H^A_IzN`}|^KrU)&LrEfq6sqxU`@`?xc?^JKQIUGzoOGWy=Y;U
z67TxgNge3P3NvO>x=$PPVn1UiYKs|5p{;*-ppf(=Z{V$*niE<jhoGKAIiX#EKQ2u=
zcp5x<vzEX4tA_{braHHFv1ylU_wg3thX*qHjdDk%*$~SuD2P80|IR?fFH4!wee~IW
z$XeN!pPN4qs<n0saqEU&Rq9nib*c^7Qdme<<W_EO#9ZmvVXq)*LbCMf60Yw`rwj*L
zJ^Bs!>xza6RS8)wK@LO1w50>##}WP`w6+9D=s@+hwm@uLDxk=1$^LlfX7im9@A2W>
z))w7R`?|!UXPY%A4hSL9p+fO1@f5VpcwxT&0&){yKhxPeKgBJ8C7*9~WFf+^-}KEE
zNX{kS%>H@~`J$~ZMwJ|}vuE-2V~N&+JP#jngczxPo}@<8;ZBrsSyu0I$Z9P}VY`8M
zx(=(IVS()8f<6A$vA`{f#rv^CcJ8w6$I2|fc`^EAtO`vd_a??P@M5T3>o?d{n9kAw
zeH`I^v~gUk<MbEUju#o_jIkWgTK|Fz(03ZOgv=G|H99KAD5juJ4o$y|`M@54bEVV9
z|Fp0Zizl)d>#NCF_#zELY{;?xuIM81*%-P|ulkU}RvVK83ExrU;#V32VxYOWewAMg
zG)k$s<XsbTqlTt?aZLK1zwYG4e({&f;CdZgcZchEv28u+Y8v6C@cW737FJa}5A*f4
zS;XjN7RKzkSsmPl>F5J<7PI{#z)ML(QSeuR>vL2->zwGZs6ZI;Rodgf>qq{d`51Of
zI!PZY)UJGzm1wTxJQ7VQ+d;wDbVrb<*g+zRszavAO=*X#`lT5nR-O>qS7^b0?AJc2
zVjZ&_MpR5%j0zVsj%<;BlM#m!1(?c{7wIl{=1S3R7nx5Y{q704`_CMp+Wv-|#DMcy
z!Cqz;T0+Go_2l?Q3`yDy%;$tnR6(m&e?g8QEz-S6S&gp|_qs|$!_xDT3-Src50OTP
z;qw<+Zlgl$iN`I>wbmyq+e!xSrCiTvu_&5yP>P?;l_F;?5=-zLj1}gmols@(nxHuL
zs6+{#kHP^JDjF9n`WAuI{`OaLKuunabINScJTV5)*k2rArGD};c&-&o0AAdkSD<CE
z$%^%GCm;tgDan^&J&(U?gWqUXh@5pydqR#M%!MN_s2spuEysp^A;)@rR?s>{B2Kun
zF)*d0eW1rT_;<oLl=8X93H&?Z1pTn$liI*Hz-%^IF_+{z+536uvW)yNy(MKL`Yn@h
zGx-s04kz%!@Cz<`xi7_@`p}{wfmDBjr!>z-^Cg+IpzgJP#!YQ>{rS{#5ho>tk(rZ2
zxjJ<0XSFQu#i;5p<-uPgqn9t%|B)We5>W07sx?~Bdn)WC!}#SyGEj3q_`f$%)vtWq
z!C1{mj-0WFrgDd5Intgp?I->Za)=vAg)dA7vf`VO*YJ;1s}Bl6Z><(SNPVFxVcmZj
z9f!Y2G+L;h6l>pmoEkVN5IY|JI`KBbLf8wZ`Ea?pi7C;?IE-{+I@Zd{VL;c!6ntS(
z+J|}te@Cnz+Ye(3&H&hFEJ0-_%TGScX-3~q0DTid%T7SwL`n1@S;#_ez~O_0!w3G0
zIZ-3v$^OJ+)uc@@=b_N?X&=H{2H}=ll*0Wwph)Bf9}w$bBcPYH;co@7<CJ4sSc)IW
zl~T*lKRB}QOi66m2`Sct_Kjpo6r?gx)@(lvp2fct&N6gO5xS<Z5I_JQz+XG7ZQdT<
z04N)BW#upIEvNBS*721t&<h;XXDoPu<10>uM21(UiU6c78GKd-Y9OaRkz+F)=BbE&
za)Ig4;b)DB<}Z7kV<i$9359MC;H6mqya^?_XiRuX7#qHXkQ0m1Yrj}v!pp+~$IH^7
z@|6@n4fN@B&a}~fGS`^$r^u<Mp!axa2;k$l93P3{`hZx6Q(95F)9|N>KUtVZqDLB0
z&1feb4qf$)7OQkn#z2(FNNOVdYfn6MPW(gE$ilyIvHs3ZeE4^AAO4Wr@ZX=hfTJEj
zgs9ir5%r!p--LRnDEj^urN@3UIhH8xgnYj>kgr`wzN&2GEBp@R`#-`z0zNb#1OF~G
z(60&5?_~G@UFhgH_!kEHg<ytx^a14!bC(RJzz#XJCIj^z?afec0poW<JrM7zw6*g=
z2DrF0oUGC=zt13&RQ{r#Ot#WsjRlt1znX=XRT*f>Xr{xUncu!`!c7Y))nVB7&|Opp
zfFnT8H0gap&-2av`*JwULf67HZ8PKN=X%$Oq`yk{9$u4p&%(q$gf}>1GEqqwLlqpC
zE<8HfF@QIC{0w3#?2<$%14~({7jKhTKjM7UJG8?VYPU$t9a-uu&O|ceOpx~GheqOD
zcnoZfzikjoPtt{oHdvv^5~lGqu=Ya4+Al<Q(5KI@pt761tz@MKosLyO<uoDhFF5kz
zZ;rf=W+JZ~>wiw<o&TTH%geLrrKDV79Pi6*LGP~c0Xlzle0_4RalGHl$Ys7kE@@#f
zRt70lYPF;^bvi52re18hC21&11@S|<I&Z99{3d6MgUt61NOExSSz^he2Wy6c07wim
z*H^K6Tw33s^%HnSFPoJ51ev#)dphA+C6#fQVzj&$BYm7aW4y$ZNI#j_7UXQmd`T5a
zl$_m0^6+^QrRdoo-k+3Fjyw<K$k?=$@&pLQ8A9O~SoDL%cQ;c;rj^=y;H_ogC{_M|
zgOdCUb25ykP{)C6a41jf8|#~9@Xb8*=$?$TcCef_iewWTq+Ea9-rTxfX9Bjw94VI`
z)7{2>IsUqRJ?eHH57>^HpEQ1Dt^2C7Zr429X1Fb@V;$zoJmi2!&ZN3SsUh}ZG&s8A
z7o>1UGQ}tp#xSES>JL)QK;c*;l%PD>Hty{tH*GR(+-ov)Wgtr)*e9fA$ymKnMyQjd
ze^k^H)n8L?PNkAp1Y<o1TTl?yZ(r+6b%4{5i^=TjxBJzx@Q+n&@LNX3`p~9wov^K&
z<0rMhqpsX?m|x`9`o)H^rSzuQaGOPFtlNFowrtLA7JprBsSujNyPjP|<<UcT@^$ic
zbTY%thP!+4NF=k;y-HWQS6MO!$t#!Ej7+5v2)hA9qn6{c*6lvc;DASE^k|Mh2Y*bU
zCOf;-?fwxp&=J5=cd}7@VOituJXjjr`Z-eiiSkk1?v}b!bHaC@6Y?q!d8HZh3LWx_
zP9a}W!~z278&b26ggS04@;Lz3yX=hza_e?m>UOmgK(H?M1-8&|8cwU<;tb`R)A_(!
zI|Y5M{fp42LG#^AuFm#93s&6WJuQ5zsFD@4HTvLpaeb>89R{m28>^W(#h*V-<*@$E
zQiTqXR91(~2-(_{orD)}!A0x?W))s0sWCEFsZo<5SXPeyfO<-32p;(c8iJ{=QlDOi
zAvhp@u@zH16qxENarOH+Z~p?ZeoGE2@QvC^I&O#8rp>-$bTu?Gmsk4L0-G2es80&4
zLyi>dTlCFvLGAHeYE|T9H}Tm|C{JkLhmQ{zq)9!VlPv2~yY$6METoh~|DR3O`M>)g
zO%=uwe$P~ee`=nl-=NOH$Iim^JoSMoQTsfX`Y3V==IQ1xi22v|JBIVr=Vi%qEVUb`
zsGCty59w(NHfZ7!r;zYiO+>N?E$?k9bajrI(!fee|L;x%8`IOksuL`>=!T_ClslGc
zVm5YWb|1Bo<pHa<*oE)~Qml^!6M6)do0<a_p6@k_Ai*xW_3UtC7m?g@>L$KZaj#JL
zE2;-`!h^G3{E_KJ(r3l>7Y!?(BIV<|bz=PqLc5IjZ!*14Bw{wapIBot&6a_B*JD5r
z%-quU|G&%}kipw*j0~2V$)IFmdBf=6-f1F8Q~TkKrm2m--HznyE_>^;oY2)-lT&^s
zYjP)h`K$PbX@Z^g8$<;&;lTZ1bVHSA#BEixhSy0JyF6)ZP<ph{1AKr_Kkf4In1eGR
z7tRD%UES_l+p@Z4b#rdZP5w9o0OIaq+=9W4#Jjt);rh(O_2^XJ(<#+oa|1#>0bNJQ
zTk9I2Hq6b8<>OzBj@{a#$1VB<OGb)5eT+>4Rm}s&z6kr)MwC;W>6}c<iLBPTQJD>!
z(otC;XrDjYj})>O=c3Di@$B?ec(#~7tIT}%$Bjb-?REa_8G4qvp|$ejo(#?@;znO-
z!kdHYWa(L{H1X0&9B0M~zP@!x=IQjNzWBgWw9^HD`KYDiw}5!$EOIg~Me&y=KIy#8
z_IH86EWicPcgkCxH;iJ#T1&=&5C04%<1asD1MZfS@oWP=o6ny;koj!Z=P*$r{w$o+
z$wb{4=qYF$MjNwL1G9zFdlLYec!X-a8NGenwNTKm<h{L^3E}F^@TKlQ?Z@VUl9v%3
z$zTHlZNoDs+Is_5jAKVr+jH*-VuP^2BG$We^=;f7KLWR5^OPpOJdsM(o$L|5D@(P=
z>MH8Pa!Vi!>!yo>Robt9c|H}wJx(mDu3z7;y<<%?mZgby>SLxGWj1^|`z5_t5Iki%
za~#r-PvCsqY9yG8JgEtxZguD~a`Op;qMA3St~SkkAeU{)atmXX7jag(Oy8Ad*}IY^
z$TJ)!Xm_jL_hJ(Kgd?>yBa>46K4DZ{ZQ^$Q2CSYX5lD3gQmp6R)~r?dXJIO3D064b
z>?b6;rLw=6qAwn8&-h|0u@i1I`2khFXwQ11jluX~#v6^biN6uwa{cd)3`bwATe@ba
zCBy_)+Ps&UV^z0zdZ7hec?+$YRcWi{Ot=|(i(Jc5>{7?H#iW!nzAae`5AI<P=9nMo
zwfKI-p2aerDeT$h?Ab2`v#&a)N6IvT4?d=w!2cW2J#jJoT*MoUX#*^o_d=32aBI(D
zgZgB4gM$ZIgDUM2Y_R=cc7xav*5E2l!Ui=*vd!>^j0RU>gB|cwyKi(4A<;zPv?I&@
zfD<+@Jz+B398EXxOy8UcH?N_a73rG~!_AB6=2PjLPiB7p)xG)v7CZu<SNCSZht{Tf
zzue1;36i;BHa4s4tl4bdjBxL6Y&NyCW|e#ONxuQxJV-xBUc3T`j&<cGyzYh9Z7b+H
z2d}?o*R9LpdM8{bZ{qfL`qaD-bFRNiGCc0x+Ebx^h7DAEoVUo6jDmG^e<HtsaO^;0
z5|=Zj-OX@2={CB$7Jm-n@6jAwig(0hcdYK$7ysDJ@T8`*00*Deci@(k@iA>W`&b=(
ztYbaASLX{tRz19#)kZzMzufyn>fv4e`|tD^;PvntAMRKWPg0JM<8DCp^$&nt9`H8R
z43gAw244WQrtddMYvPQlN{n--Qs>C8$LJviZ(<<^BS}4aO*+tNGK=c#$v_<Bb`lY&
zN`Tb7(tY!5Lek6h8!@VT)UN#@)X!jAw7?t}Pu>)hU{+4jtQ2xv&&{L62J28M()K{;
zU_fk`oX6e^s#ThtY7UO5Ix_Rmst@*P?VHKJHv7<K4yQ?#Hmb?$5t8p^SHR&3h12zK
zP?3b=ip;|3#2;g_?Fg`Jj)JX}pSIYeSJ#$eJ?_DryTISts8$TXVY3BQPl@`lMlhiX
z?>=UnO!lPl(ipxDm5~F1cg^%WM~e-Z@#o|Np*>RbGMpK)p?`OigQ7#rui#TN>Zbl~
zG5U@`W{Kp#sNN2ly!zq?CbRlG7)!AiyLNH!$ad6?#)2-7Hnk46C03m_<s<a&oj%lr
zFX-d*K=>jCX835bUx)as-NC^J!u>k*eF5~HEGV%Y)}OH3XKG1>p51yc+~)pOX*99(
zVs@1pi>;YIjT!5mCF)}?tt5I-tUmxvegC##CS#w0Ka_`O(lj<ncASAZ{cSuV#y}r2
z8fEiV;{BGX)06`^_k}q3KJmqsp|4nOazG;h;Rv8o>oQB|T3nPLu|<)+CuVjf%&K|G
z_-^tE7~nJM_}lavLUZxidtsZ>E8@J{Fnh(1;ZHVBCZ?ba#r3Z^UL6Bv_()n+xtjYx
zl;du<Yj1WXe{;X`8NzuPP+&Q}-x|!tjNeL%wdutj6v|ivUcmOCMU&%uq1j^?B#pI;
zFhDLaXR^y(T)#(GLWDdWg2kd_qrz-G#a4<6K87hG{>(EFrSVCfWkYvy^y@8Sg{?B8
zsC%JX&6`?YjGTmj?N`TI{UgR$L-SAsDl^IrIGJutB^9`!du$gw>#A-SLXW_eeRh>|
zA8?@Id(+W0n8`aUt{LSXAgy_QPcu$V&qMAxS03_G)N{@p217eVj_*I9@5QHB-*1@v
z?kxE?^?lx8==-;nEqdggzd^F@!W`UfRHrWJYJ>AAGIAt6xF${SuV%c5UyMUjM5g0s
z*;(t+K6(%~^`5iY+{bP0tbtSeGd392j;h;`tCC1@y};_`l_R=UaKArivKQIY(aQzt
zY;m@~AH#&umjK{vuYTu&v=|-t3gElRcg|T$<L6;sOT&Efo!?1%Y~X*s`)jLloaI`)
z9KQEqvOhoG9a`yQ>|EA<M9e`lKPl>Qd&z!yqn{DRcg17uWOr(p@T+p|_mf$k4~N!|
zvAx>wel##U-&SY-eYL;-LH>Qc%fH*dkL7p3AW<JW`Lm?kaLkladUv^b1@mg)iewMZ
zu!m={4TXuITA>ApKB8fT3d0&vsRb>E*z8>Qct0KuQfcF-@B!`hsd#gS17$4M?7W}#
zgH2uIAfpNkW^8#D#|?P0pW2im8GLIx8e<NU9{>fVDu=aocj!mD&I_mpoIC&%lg9n|
zj(+K5fC3u#i_xpNbXk@`gRaa)yd~%9$1y>0zF#S}A|jWTD6{Ocd8BA}nP`|>%2+;k
zG`HY97o?KsPsy;aAanA=?JH&Jd<S{YeZsas;|TP~h5C*e?~&m<iX^~x1rI4)y??ln
zzP<iRCWZNU-HGnIQMuz}xJS{n2UsZHrpcC!P%n^n9sZ_bArEOe@R)@zigy{GN@0lG
z`$(5cV#O9{V(Fq?GPFHaXz|%riqRiiOiPkaRx6;%-3cKgP2}?!VYZ!0JBI$|qtrcO
znjXQ+eBWu+uoeSzUF_)|a}D`V!k#bHkVTv$nC7RM%@4Izp67MT(0iN(GV|84=c$!;
ztL*|kpct4=t?oAVX(<CIm^m9uI$Q`M>t7SY*(>j1Ne%7nq<$GwWdwjyxJfzwEXAK#
zVbRiNHk9#2Uc^^%QHNC=b-7-I%M49F9U4jf=NkgcdVpgBAdoZhNRwo%JZYlUyS}!k
zB!1}2!PqD7x>*;(jF-`F(q}=NeQkTH1A#2+nDhWBPS2M*@jh>R5pM?4H%G(Guju9-
z>6^D_9vgGcFj0@@f9gGOa?CiBeY8Bq+YpquV4I2#Z6<Oj^)hV;HW-tl1Mi_1J8=##
zrJKXjH-~0+_1AX2s~vYkS9o@2HfTSq3))Mu!C_2S!jnHBCTP+WM$#SH%~RNku+htE
zJ{d>F75u>m-hr9?%y-5!E4SIdFQ)m-hyO`TbJe-(asN-^n~$~#KOnyOX(uN}H-9zU
z6yF@U3|P{;8vSB#AhPhs!2_H7Y)7JWsbCIlCjHcCAWD8cD#b!qUbxE13U;<-2Rpwn
zcL;X=&hwCRk5DbGc5<cR`HX5xnec$scbBmACI<@+0zae9l<>&oWp|yt?5-VM{NF&N
z#Cj^v60@ym<X>Tvyeq4lkTnHP|8~7!hq+&KJ}b|;`d^2lBlb_}r^@u6KlVpHq{QGg
z_vw9CnfuPlzl8a?I`6+y@Bi873GnnMRw3{}l+iLkCHwMuvM2ahg`=Pm**!N#=lD1q
zk-SomSF)@F$=I5TD>i7}Kh+3m)89X0tW}KdA!YJi9;_Ge=+Uy)z;zb1n_rjzA-yOT
zpG0K#gjPqMM8O%on4ry{?V<A|Z}7Tx%;!$B9AiueYC9#3RicM)RAw9vvAnCk9WEG^
zE!9yA^)np~4Ly+U4R$i(&aXhC*}{(we6ID$fulp6fOHr(*(4Z*q?QO&CMgg%SFF)%
z|6vP-7q9m)-<w$8-;S{@RE{TW8Sb7kwtG%+gUrZF^|CTL<MJG5t@A106^s?67$6fv
z$N8jqBKMJ1?>@e@L7KEmdUQQZWYBKKKmfbHZYfJ^9j$Ih&kJc%2*7!?wM@>P3BZKx
zZt61KY$DRcM^BbXxz%=eW^0f->u-R^i9I=_F+Do>ySPzt-mNJN{y(Jsd?JboDNGbp
zi;04+wHPR~0MBm!5?mUdC2ec+a>hTgp<=$MvFI<>mDijQV@C*i$NEM^s&}3d!e0WD
zV&f&FG~B}#xb#`8-m?G=<(w}Vr&@QOYt@<adS~n2UtsI*OV=nG$BU`pio?pWTy8se
z4HvWrF4Z|Mb5@kW?5tWG`|f$mN$C=pGy!JrcstD;V*YD_F>^pQXu>|oqwT#Xd3T5W
zYU$8weUs<&O>QGRL$fOYd<O#jxBe)_!HiSY3?r-Ed9ruKtihOyNNfmdn_J^Kq3x}4
zd+1F`wQ7+nt0nvjhSs(EEIFaM$>l&Cs*os9ZqV5PCob>%I5-Y$7Y^)QQ|3obr$SF>
z0%@u@na_*fWk7m(CqQb=gtUr7+7%(a4)G#Vt$k(*zkv`ETrb0y{9@qC<eH56A+VC~
z!9%flxnCJu-3k8_>)WyeJ~=3A4g>${i{WIns6czg^FRo-9kZCd;>R!dN^6sc-OmpG
z6$OTh*{Aj6H{U7fAn#?IM;PBLE1#uLBYW#8dyZKDXL1hyN@fAc$PX|T7E_G)FuR=A
zY;{=#J?t~6?8eaYck<!TZLrmYl=3<}t2=242W4ffQ=LzxS2xJYm*QMZc<xtkwZe*)
zN%7seQmoG}3tE#GaCs)ulrMRYiS=utnYV|#_K-K|w$^BgzLqRxQ#P{<uCcsLN7&ZV
z3vD|)FSJc-i~>mF?XK9@&2_cc3870E_$<3guWR%HM1PdZ%o~8;Q%5@u`3yFkvV;XR
znS-O-I($t#c@dVN?V1HXOEgEDEbm!9fSu+6bgacpbG?iE4n+Df1hu1Imt}!Hbd{^I
z$QK%vmFwX4?Zep`5m$80Md)Jin9J^KU1<&9NJ=v9&@y@*IsQae<wQ<)7o*SSba2oJ
z0Fox|M^B>&u=%~j7Xz+=vf8DtYPf)L9>-CKJ5Z*SebH6nu2OS+f%_f!`0+YcN5n6_
zw6d<M0RDZksn~XidB8JC3{lL`I@_7_&(I7;*Q9W<1vAdGR0Ue`m3*N>e)2H(w+39j
ztrT1rzP#?FRaUl(^;j@KY*-&TWf7ypfXQnbn{(bj&P%MI+jr$an*<9L89|sZD6-cU
zKbY(5{+Mf^Pi**vr?@{glz%Gx5_!N}YDKrPgCNkw`o6zyxUjS@JI5Jd!<+^N>6TM_
zcF8u6r26x-5J{K1*XgUCE`F`-;D_}>Sn|XnHjrNb=p{A)zkI#A1|5-Jj-0ZEZjPLS
zmHRWEZyR9m0cl$&DR;TW=ne2r>sX70B~X?!F~s`*5Fv4G9(&1}e#uM5>zNMpC%*(a
zBd6MB<Tg6Jx8zYTRDZz^)Xx&?R`)PEG2l=9PV{bgSu3q-PXYB7YDUr%%~yp2p^viI
z+0p2obY;P^=t~`2`H*K_h`Vqp9hz86NqcNyd#b)MG?RX{j<MLp`Y*{hqsFHBF2iSH
zbagI^WOEvuEWhJA#PV)C%9$fWVOvIt*2+3=wkvVwLzuW)oy%as5vWf%)hDeuKlW&<
zrib|Mm>h4j_{?bm+xb0y%ypo9!yS>|OJ|YUP2O-v^ousSSSG7}Ux_M9M!NT9-;?eg
zz2JIO4S|I#8T1k5j<I*}gS!Uy-|=E`$?+1)#*#s6#;b)#WbX`TxQpLgV+|GhV~?UI
z+%~_GgzXUC0IkhMrNVYoB`9c+e7TsF-hwUOiZ5J=suQUz<9X#j4-tU(!;F@Xeo@9a
z@daEFK8CZ*rNlf*#GtnNEw+r3jJRAtl^9hFuvYm-O<$~mckmEfvr1#lDrn6rlAiB+
zt;->{yXw*eHZ#S)d9@SISh6;WGMUKq{A8wr#o56PIdKzbI)SSCaw2WL#Al}g9xoPx
zux<Vj7bBB-{SF{@Ayiofu+sRxGqT!Cl{HQhR3A`@r){x9OQflb_9!5=tTZ>%>CG%W
zN|i&7)mmls28!8DEz>T1@p8(!2CvGoqOMY;Igk1_+*Me!!!KMeaD^J%O#}M3r%XHP
zm-OIio7Os@J;l5kI+=!(2QqCD&JK0OlQ(qsUO_U`&fx64a(Bl5f89>rU0LO~WlFjk
z*?&fx^*~R|z;KT-TH_o+g0pry5u8qW7NqUSvz#7?3XW#6L5Q^Fg+@f$y3qQBZ-uQO
zr`9G5I*<;aQ=7j?(<#&*B<{c*1<G;0v@`AO`?tdPWp5K~lu&sm6iDX)D02)<P~8Eu
zCYDdo9DRc3WKR&OEviMJOj}OzlLk<uH1Y8%a(;R96LNluZ5&Ry7M+WqV?%#Wz7*d3
z<#a6jae{(Xw6PN{+<I_U1>Q2&_nC(U3bA$uDRq{loM65HH(!{8UEs-i23_1({uy}3
zupdThJVMQ5X)d#rv`v`YO^Pfxt01_%E~_)#o$Ciu+I$<=4~+2u`(0}2AJFLVgW}_H
zOV)kJMa~<k?!XF)ls`=-2&6=nV#63<e|mnlWegzuusFs4Exe5KnhwW0Lzve{M(*P)
z%u@+ern#V1`(rU$3swYUl@2*_))Kx%Y$z7|bGjs*da!1siE8|~lS3)f)FCuZRL+N8
zI{OTZJAr3nbO(CNDPIPa)5ywI(4mEDjeJ}&56e4*#RZh3+Vltep?+#?juNli)n0e9
zdl&?!S_f*~&PO0UYFB<bZ`NJ#qK)C}>6M~hV)RPpO4r#7o6;|c_2{Km_dcJq9q8>V
zHr$%SKRHqF;nB<<@^g(ILf7hT#+uuNt_QTb_92E=9)?XvF31s*mtxLX_QHjkoh~w5
z2^($1DRGrcbAY@{5l`b^4JU<~4<+mjMLlXoNxC)E(U%=LpCLJ=7S)b>b>og%{jFKJ
zE9yS&AMpA5#_;19=hW3-SLC`T^q}e6dH)Z0?*iXMl|7Env}qflbON*`AeNvJTVA#T
z+DMUxKA1oPRT1mEYgt4=K{mmnP>N|+X2&S&>aMG<x(^lI^|dMj@@ROpfG<GhA&P(s
z6M}#sr64r_bI!e!Owz*Ye!u_E=lA>V$EA~*`#ksDbI&>VJj$qVI%NLE?}GkuuD)M7
z(mi$&VAbyLu<s)7e3`4e+}UC`&Npg*xR-96E8_TjgcquIilc`bTIN>njh%LgQihzr
z%GZ=whf5}-y0pInV9`u%@zG2>y41XJ9_kkgWBP?F;brN(#Av2Y02y9oz}_2VFKH?r
zWEDc45^j6vKf)9dt4lhLW?HDdSfWQW4P=Gxh{K{+yCn&s^s}V%SU(rL9}(;RDk#4!
zzWf7NzAG#L<lOVC?(gBM`<|K|2XI@0>YnZ5$38f#muedgrB=|-tkLn^CS$jQ*{4h6
zKWP^DwDL?OE{y_d{>P8kuXRhuGm-wweo;B!rd`HgHusC>w?XSIJ&`CyA@QQiLQ3G<
zF?deiAgdQX0FOX!fjPzdbV|%_HALe2pnu1axF}pN^tEf#ZpuvZWMeeD&uy62XCO4I
z4Y@l@K(mO|Hj-DSQ+5`~lJdvx<${#QBY;^_?&m-2*w0G(2}~V47xCvRc((E93V1g0
z=VEx)wz21Yc>a(-6X(|zZyw2Lzzx47H-I>U?$Kc2aMW*JcpxGx7tZ+x01z1Y0Q}MJ
zfdPjOprwS;gtL3?dQ4d{@;3a|?d~iJM|_v9FXcoDj2wfn0AoO$zfa%AUSDg&c-!sH
zn^NT?x@P&14nC$>aicpYn{M$!kS@`dos<;~8@;`CpEhJt=xB!uUueVNc*UGC^;-mX
zKdA>){&+VdJNfZy==S8##sXaFB<SLBcRF=!ZpW`RADjS3WR?K!s=JA>+>}UIh=Z=-
z95kmcK+#e*ePv+5N&7q%>C05ESf;3oL|yi#B6XRL1DO}4CHF~7005-3ke2UBDX#lU
z@Q&-S>%Kbkp10c|r%{J-n(SDIGgFCKY)`6QuVJdtGBU>Xw1zwDrm$sXj53w0LUXl|
zqhJH0jZ<`weK3~ovFaS$V{!LsRk0;jN5?73P~Op*PFYO@$-1UMke*nhWZGlevISYX
z4&!#zlx4d7^KEbpWDrj<#v1xiNYr@ULiq|_`Bu=KFgOQUjPNKn!UNT{T2%`0hQAeJ
zx~@#tIrM$W1-eqBo>Vvmg0~;Y6xNuEi)TcCl(f=IF!;`>cr~g)7sl>EDxynM(QYUw
z2p39n&!tU-LBs>epjEsvvmKoB0Z#h`f>UnjlXJl7hi?q`hnB?qLpC_n6l;YhfRoZ8
zoX+-Y2PeDB-<+$@B_2-5w5mb}pvp}ERV;gZe!J0ZN}&tIs@R1hF!P@WiJ9-imBN-~
zsf?;E&*~3V*5AoA!=vgl67{`?c;2#q6oBn71UBelz8QY4;8f^Vki*G(Vj?X9QJuOu
zNl@ZPD!)xuj>~FIuD>Zo+t~vp(sfKCCBwWxjfsU5)dCF{3(ls}J|-b9cz0lUCY!*F
zZEOPOWj*)=a&Q7BK7rc#D1Hn-&`5=cM+>L(!hNvt_9?9JHLUP*R#=P{)<JV27Jii%
zwzI+kR`|^4df`iX;l5aS9xr^dmI_y~!Y8AJd-1|HEL_10Z-T;x`)-7*&m=2Xu4SQP
z1H*f<W~#6m<(v4G>%tppfJR9FotUxV)0lGJx}esk0il~)?NT2`D(|n!PsRv#h-wxt
zneO^<Xf(EMXGEtF$*4i28{)d980=5*CREv(Sj8NxA}?sgWJ08A_jdI!rKCSn{Xmg2
zHB!DUCvC?^(Jij5;9I$QJyviB25-FyZ&P6Vg)cSWV<||;na;?%QjmEwQRuOjjkq&k
z3hboqH$NBUfDAeVxE$cS6h<q%sy~!f(+0%Qm9kn#Lvv`}xA=&Bi^JAcOtc4KDd<+#
zYRP6aFWnIiQYuw<^;~<Vi<s*M6x8V!2<4#3(T+eu6j}Bhd8}$`H6~)v?GK2OWa{VA
zeFqqQDR%3dxsdbNJUzpnNE@l>t<DAW$pu_$SkC}vLbZ5pC2`sb38C8Eubn49RNtg?
z<cGpUS#<Q)-T*IS76l!)&+g~>O`}cEZ;$OyFzM|Vq42F+7(f>r64FEfQ@gJcsli9c
z*XHuISg*}X#Z`bqJrw#IhU#8K{slTBdokaa`r9ZjU&i!=Xq1A8DQy}GmD@;SZ;GMk
zT>|P_+DLoxTO(dy60J^nEpEaM$7_)*LTCt7Wljn0^#yQzW!jmQBIfm}9SaC&k6)Y!
z+GET<_j)`g7!v%THN$$d%h8PMQ48y#d?l-W?6nhR|61dUL=x6xc8B&7sF!F=(wi?b
z7<*t38xvI`9nk;6IATH?KW{1QEgQr1m^}kGwONufb;lTTYYUNJI`WzwV+1C@_PkM~
zi*pM_#m4=K%jYd~qVnH&m$PnuQifEI{!gJ{3D<V8E)T7b(Hr91o@#50=#BW^Pbj^}
zP?}VNcSC9F$or@B6eZ=@C@e~YY4{hTFIJCo21!g$Br(?L&fg;FX_bkX)xS%np@c^{
zz>7~d6kjPY!vPCZJ5towVM)Gm9bWLEDN`zE+45tg1nEVt@$jd~z4lWZztw|bclOy6
zX1I4<0x)hp+lI_Sp?=cBc&VnhDGVdXT6G;0G#PQ!<|l!mnaQN+zsG-?jGuDp)5w|I
zK+LJWC5v1zlVRIxf5b#|N;7;rglV~yCT(I>I*erG$ZaG`U5z#R-3qeQXJ<L@JaPcO
z`{)*yoamAseG|_&zTXfbbsH!T-*Wl-mMhqW_D>z|Hx$9%i11ur{H)@8f-E@Zu4h^I
zuH$W5V{InTzru62zxoVse@t{gW6K{z4WMpJq!AtDpS!>6obBJPw@(I8#x6EM7o>x$
zy*i$iOb7YaStYA35I#PUF>rbiFZ$rP0&%zNXF<Xberr|y6YVQoT}_4H%}+q3&skAy
zv8<pmo_>T<e<HLpk`!IPpf4X%N>!?xbA{l$#-)z8)y<hG_{N~egj@ZUnMpy)PryjK
zl<nwrqnz?6N0FU>^{<E_Uo#e)z2=v?i}Ww2Wo4UNITi~@k37?q_WV%|3*StU@GAsL
zRJ@ErJ4vM*Q2k*gu|$1{tPdKcM;kaVt6p14Q8_VocR@?R#>JvHOAeTpz<IpJj5IAx
zt}X_&2<pC8feH)R?QvhLT+#y)yXTP2k{=~CSeA&q{1VsWcKlC1d5{IP7$t8xEsJYp
zag%qpEUnxm`+pb}zAwRtt9`qnHvl3^^8!>&%y$Py=i@NLJutslQ<BTySV3k|=zQx@
z<sF#cHqBG*Ds+n*J*pXhZs$M4A1^D$(KR=s#4CTQ$qid+$IDXLQ6}MbdT%%8gJUY+
zN3Y;FSjFzZ)GESiCq+m_dz$gse=y%@5}A-_)2%X>15~}(wAER7V6Agi|8^n6Z?g+;
zrX1^}02A77s~lTh`qLRoYesQagY(8FW?`$))tce~gW^GsS3FRslrE6t{^XXn$XGS~
zC;uFDoW_vTEzaB|sUG8_`{zuB#lJja^p9yb6XqM!^?*V5Ajj(-s84=`ojB1(Ip6Ym
zrZyYh^Cx(WRFq^T=2eYL^LF0KJxUlQ-PN_PG2Z;zbKCd$4^7oged)-zQSJzkV9QCd
zG$BP`2Cqr>wxZ5b!>AN~=J6W>I1Qr*-ZK0~Bb4fUrf@GWc8!KoUvmm$oD1ugq8Kgs
zI@K-x9kFDWJL~4!le%~ZP*zF<`5C<`;UxP*OIw7uL73<rfi@kY&6~jn>2EylZ#^^X
zlEj9FB{npcH$(~kW?*(d5Mo{cnZ$bs5yD$owzS1&3=AFL)*aEdfFy>8ph1n#%xBQ9
zV<EBQEhkvV#1-AGODRl%^4_FND%V8EHilv`!$YrxvYmL@_I(~(nZP>TdIC8d9H4Jn
zJBB5;eoK=X!(!7J7MAgFghAifiEcac5>AN=pBNB7$wNQ3MZ(F@3tH=`b%=DZDF(qT
z?xc$%|EccM!<c$-d8LpdNPpiX`G-;v<m6f9iR{rJU6MMWv0Y}3+J9Scms#4eM~@zB
zqj*<h%jU)DQUeMO9`#OhnY3hnvUAH3r~g2qOU<<FX+SL6$aFy%rxq2lc&`8wjGL?#
zzbm>%Otfpho)pG#6Pdg1*YdANO=z+7<a(EWC$mcAfGb9ep9J7^HmnAkKxm&FZv%Qf
z1M~5XN#3IQ_Y`{6$tkckpf9||DRe6b3R<)sue1BbJa^t6+20!R!m?biH+pbILZc5H
zXZ)^Ns(+R-(>CKZvi5XmX7$3Nc}%dO=``>Ml^C!u417y4*WqlPf70PRQ+o`J_tA&w
zIx3r8_rNgN(B<Tpc^{y~oP3O->0gsp+|rC(#WuP6zCyHb8R`z0C=?nT;PLcktXkCB
zF(y~4e}`DFpxNWt;5*pR;_D1l762F$+S|R^n6qpk<@qnT1RZ6TnHU{<PG~1JJRMBf
zZg<4tLj8}J4r)Femj&PJt5-joxhcMJ2gO|Y7|$}Jt6~Uktm@_u61>-+bBIMd4F`bb
zJj&<eM~G#bY7~mmBT2o%W^k!svDTB~?O;k_;|#`DW!@^^lP?^IM8f|BUj5`4#;aQx
zufDWJ6hec~=m8yKPL<d4i>Q25M9#|XDTIpIh0~Jw2JVLjI5}@9z$6eQ5lVTKz@Mw-
z=%tF1y7b6gv<A}!NdE&9le`!CAFS-`EkQcaQk-k?O=gCOHmM%jtWart!LMbxfxK#e
zJK7e(CVVRsin-o57JKk0F|pK#_t}J^kH;0QILa{s20_^%7h9QzlPD7gvTLh5-C3%C
zg|O=e+5bR(5@P~^0qmd9^lNcVpEyEIPe`gemEoJNUs!j;AVg6j`-tHZ+@%-EiYxM%
zUWAE^Vmouqsd2r|Kf<@ZcVJXLPONcPTn*0=#`5DBGITl*WQ<*<7XuJQss4Em60s#{
z@!j4MwE1SV1kK*g*uK>8D7*6?Lu`R>cE@ui!v&O;Y3me2%>?lmMm7UR7S2t0xdU(@
z+#@lIR~%v}huN%czJYwqrgm^DiJSEehuOj>`CB_l^~k~cTf0aNNd}XL_~EY+^mULy
zZ~+L_Z$p@@NFr8wJ#H(P@?E$$>U*eE;pn=eew{p+Ka|;(cGRw~m`Yd6Cd{ht_(%%W
z8A>iQl=LoM#Vr{6P>!UK_U$oI2tTgBP33Pt#<#B~LTlMjA;cr|eN}?naxdG~FB}u&
zXVox(88IUa&Fx_5h=Y2M?>P(!^xn=&&>uYRKXqmnu=^8=fsGb@iCZK$u7RzGcmsqt
zc757ijR2B4@-y~BUtUYQq4kPux#mziX%zL1qYYDk@dthCtZm;v!XKgj!&qj4UIv39
z-h$r$FOVZ()>Fn(H$$mVCHpYn_+d0wXID>XzYx0dEb24k<xw;yqUjfq*D`Fv9;CTf
z%?nO3%(IgL;FNr)e}$cN2rMpTxI3oZh`qyTly$XYqx29u9pMLVk+X;YtYbg7@SiN1
zH{mr}XPbboEg@kS4w6qjz`&SY$_ayd6uBca2;+mh2|RpDobr#XI#UQ2Q(l=fNZ|fN
zb6Lh-D_TOy+LjNylRl7awM_j*3~T``B>Y5K%H|pY3>`94?L#sAR@8enzHNZF$Yx~$
zC`vI@c$}m}Y_m(9ZZC8P=2b!wTxJl|4tb=~Gt!bWk+}6{|2&iETP3UWpzYyHCKU+U
z7Z+kIG2g3nGEkxCQ8Sd}dkRn#OC5V@sGz;WO4UP4Xt#O)<;zn0aGTBdgm#%J|FkrL
z8TmW}$p4PWm5o=EOHxFeFpe2KqY<=JpG%uDuASc}wiAGMLJ^F00P=1z*U*u@TC*OI
zhx93Hw6_n70$sYHz9a#o-beSTm4KgUf!Z*+eZOzK2P9+!^Ar00jUD*3&b{&chA~%j
z!<aO!iw)R}%i8(04&?=8?O<OhU~h|FshhQ$f$U1%63G!rF|C%zM2SAIX>OI3Ez*)n
zN&eH_@1Nvcijss=`upbJj72em8xzNPwLZEV#S32=w5+yxEh~qwXFt=It~E9S04aJ8
z-9m}{!`D!%*4CaMVxBU%7{(|;Y1%7;FbfS&VuTv~?~&w%Wu8BYQcE`sLW{3t78_`o
z86S<IT`(<0siJul;1i4NaC$hE^_0>GH!(;z!v?)6y8Laod%r~mZ_9eocPTXCR;x5u
zWSx6N)zSO^#3BYQ3jaAFzC&{(hJPuCHu4jy@K7*a_z?FEJkJn)JqsE`w;E%=RB3K;
zPq<tBZ<u=%@O}k^S#bnAEN}~(2lIN8`Am<qIcQH2pU+6pnM@X0o%t4TLobYBOXwsc
zMZ4F-RJ$lp(%$kG#q;kaz;=(bcBCLZ_V!RxP~~$q(S`dNzXYdHlD9MJ2c(AeNepZT
z1)W6?DT=02fKh_LukoZu|3qGjYpo!5tkO-ULaz(DzEbXY@;FN;IAgPJS-+{QVWYP{
zTIFwXiKkutj(O1H{~J@e!*2CnT?RXDN?E^6Wy%)cu0>F%Ypy&%z<L{@p49LKf?I6H
z<i0K#UidHZ@r}eCZgC4zawc0efvh6vN?@t}BY{k6QKT&-wYFou6d1%<^+Gw2eh=Y{
z7&3;1DlSzgn@w(Yx|!w6K;H+++6%KeEFkX&*U9}9&X?kMc+tCgvn!~jA^d|!(%l8k
zPGz&RZqNKO4Cm|YAf9hy=<_x`UmYDX$~Nr}Dc|wvh`~LkQpGOHfg+Kjtt*GMmdk*q
z3<E4%6m@r<88!H?;kr7WL??<F$)w%W(%6lf9{nc#AtM@7vDQoy^~f)vDw<kP$CYmT
zfHtq@acFE5hX#`*xLFeB$#yH=#<2ilL>`)(Sn9G{>~c6WJ|7*$rzvTlkIuUXr0sJ@
zURi@-X`b%gQ*S%`7Pl&Q+jA4th2IXLgmSo};&x#)V$AV_-;(8ldMf8<>Jt|n+Ce*=
zJf0`Aw26fY8%2(8lnUG^RfJBeC@bsHd2%uC#E@L=G?S_EN2p0u)*@#TFs)~pN9iYK
zQnZfnEkGa8eid)fe*7ff>A>2~=^(mZg@7T<g*GajPuhcIA8>cXbo)%Hej=$beL|U9
zn_D{KLEGF^_}4ynyx!TvAIF@rqMdCJ+IeQR>x}Ru^mSVVTc)5(uu)2tR=!c><uRkm
zeSFJMUXRLOzGcoySOyyiOSz+Hk+;Z5QT8RQFVdF{B{BNqyUj>jo?aA%|3~q@FV=Rx
zFXscvw%u)!aBqt5M$uAWe_!0Zi}rU#sZzASsg_%m;K?m5!DQcHjMhW3d6-Fjn`V7>
zccf*F=o?zU)#nbml8y1-l;D<7K@ey>@WR0GIO}Q$0SUJt0~9=q^g%^*MZawzBQCWk
zGY}gF7&%ci#{%v|nPRJUFqu;H+63=xAfEXc$d%oCFBnMqfAfKgq+I`T%-9m`zT10g
zBtilOnNPlIi`0>x{{m{defSk0k>YZjA<nFp_gRD#d^vI7n3aQaK)WiLWmC0DOWgMS
zdJsA4H+m%=5oy2HrAtpC?1ESQSZ}0eH8L>p5(Z-v!*-}U8Xr5bO@B`0`Fzhm{0{^U
zJE=YZB2+y5oC9L;yW}IIiTdO?U#yNG_vDxV334ySy6(=p?qDAECx0TI_b=l+h&Qv4
zUXF^ryc%BqhF(_1Ufv$h=e|UaKl?RP7Mw_bZkOvcKWae!O(qoR#}tw|<Im4sFN@ZC
z4QsvHj=Sy=(F;6+1x$>SZ}yzu<G(oC>?EvJzyics<M4^?_S6sJUA3$oyK1piQEY{d
zf5C3RD)}Xrj61I?;Zz!*OQ+I~gi~o`)ZqOql!bG`y`rJba<vEWRhMvTxMw&k+#?$C
z=F@@SM#5=^+q3g_{Q0Hq_Utdma^mCT;IT%t1hyVebc}sachwN7;SV%*)8z$lN^S{f
z$Ku%p;f*6G)qf^X#4STmo7I>Za@JQA)MmS$9dg!3@Oy|;da|+9+>Cm4Ul(Yj_&pIC
z@vX)~awfOzUh>mmf$=XaDKV;t(RrdT`+Vf}p+fjFV}*uuR48Vj=e<5uzg6M6B4?uD
zUQCK$?d_G_xeTr(H<g%0SQdoC&1>O@5dE>JZoXOYW;Tt1cWRo^DTE@$T|e$;MT$Gn
zO^+1!AKFX#dF}lv)*dRUN#UAshvv}l+dzQWQn&Q)xOR9g`44>XUXUREbzMA^*w73>
z;&^|u^WLvoffq_Ymst3C4i^i%i)i*Z-Jb5OJ0YTQi1GWz>G5iq@b&AQpDiCEe;gAK
z-#wRr*grwq`y&$&9}7SAU&@DTF8p7W4}n&v3*J%K45hpu&O*j^A^Y2I)RnZv91TZ0
zsI%ewcJ{q^VQxaI+^Ce9bpewyUpt(z-{b9Txo4u9MrrA<kk#Atr1W_I(s+Dlq<tQf
zH7->mp#ruRa1i%fc;*sW`A80apDq`yCx7iV?Gu-vhc50%fC9R1Uvm{^1aPBpIUn^E
z{Z0UN&CG*e6YcrHmq82LcQow6JVHD?Fria?{M+ND(u!|f;vrYRA89wUs55vySV-B_
z`jVZF7kPox+JwR#5$t)p18;R(VB5^XOep<!C~GO-d@1!C<ca35b&KBv(`><n%p~+t
z30vqoc3JeF`e&hiy_RSXpM{?-Xbg8_#R8don8&KPC&84oz5O~fq(&v!m2u+67%SP$
zjIqhhWAfQ%8dC_ri{UqAKX3=`uS6_(*<qs8#oo?_sMLYsb&oR-*%y&c9-!P4%U|pV
z?5eL2t+EejM=CNXeQOsNCha<@eFE)ZK3$Oa3n`vvZ;`O9=LI6!{*OA8)1m!6p&N|f
z-(0Dw*oOKW856};xYY*>-D-6)hR*1w$5+<#mG_LwhedYOq<^bP{j!AcSF&1CD68Wt
z5{|fIwk&Ko7aN`d4Fkqh+puA4LVi+cKOfugA8nr-eWYlwLmPT`pKC9`ukgpv9ja6E
z<GYL5W<3C<V!jG-@*?^ymGYQ#UVD{G0X}1b#XrZUYa-D6*9qVZS}}c#e+`omx6ln~
zjg@D8=rL!2pk<m_Mu?46?O77dTs&N|m66;{*Z|Y^Y=#!<YM`4Z8=dco#f6$wZ?+&6
z`p%=;iEXLU9)B)X_bD}FP$!o<%nrONmsoz>(Z<}uL85OAI3swo^e{`akX83PO!H%U
zNESCo_IT7WmJr>jK}Yr9OAXIU0>LoOb_1Qf7@NT?9)7(6z2x;O(>to-q8Jki^#VL5
zULo<z`NV~BJAqkSK<q4tg!)orV=Qj9*b?sKQCh<$7^B%Uf(P@h|C&I@l0{<TCKjT?
zEjG%lV}$O2T(B8m;R8@SmW$7$KEiWK@LWyDFhYf^V9mKARIp4<Q-@=wrcIQoDZ5>S
ziX6<;w974i>hAY}+hO|JJIEQh8G};naw@w(UNwZHkQ!1^28xBG2rmv?bF%JqlJpSf
zszu$&wV`j|Dd0R=1TVj02b?~=Rk7*q*QZCCD>j{TO~MseK|zFE>JuziptZM$JMekn
z6`pS_WCuWEZ9yZ>c=j-y@uxK7-q9JugkiqDk4r0#yT#q^e%m|_(+}Q@1HS<Rxm!8z
z+s{)_9fNt;T;f`nf2{>6UHBa|9?4iv$#K*^8F)P_)twT(*$k66Jd;Y+xwt=`!F+(r
z&P3>c^D#HbQw#{kxb}NEM&)|cDQ48zcn0>TLx|#;5nqB_(rB0CL+N2l21{nL?{Z3S
z=~A!osI$#X<%Z0sOI(K%FxGPAwRrncT*YJBKMQt5!kMg9{X0dHk9fp3@=C@i*nZfg
zy8pEF=s`3|TTPa<jdW77KS0G=@QH;&3g^e?r^Fagl%X)PMt;ggiD|bWFKm?^Yox&Q
z6sqP{_`e@LRDg-#Psn>VY^=R3DnJS;=%aiBBl$A;P_b}MJUzz}dW~-=LQa{5(&8c+
zLK3u392=PHK(qZeS-sMYv4}C$hwQI~!>|DP^L);}n_gu6d12HuJYRc_xN-`$YE?Et
zV{&981_+@Pq2ejP1F~&ZMWk-Hy5vz?zh7WZqI%Q6d2JYLnu3Bb|4>Fon63<$8S$1E
ze^D!lMzM+w23<#~Qs5CPtR2O{VZzFLNah0C=~1u7XdB$Pg@@N*{_{M%#<L)}d(a4Y
zy|e@k%<Py`7M<*5<twSaZz@?{L0KsJ`+Z1qv0PCSer*u(tI9Aqd<WB~M<=8^(HVd@
zb4B-Pd6$~Oh&tv*T*{pD+O#1DaRqTSb%jY%!wZOSEoGuvYIu@N7|U#KN2}D3oQ9S{
zx0+C^TjL(Vkk^~(RQlNA@HCOaB7_zLQx>^-ih4IsNsj#aOi$h!d8xh!(cHEE?atUS
zCJ;{oHeGbHEVJVSgJM}``$jWyALW_2rTURcf-p8vgn{k^?N^tf47+}`a?86QSbSTX
z!E$Dy5AW4Oc0@dwFq91f!*NBly;j(;0n;Fihl!cj*>)WpFi~@)YUL4eR35;9XCP&<
zey@l39*aEUAp)MtP|bJy&p5EJeSWB*RSP|-0bnEt$^odOUSp+%wM}U)Yp~K$867H-
z71)!8$|b&^tDQD%I<iT2z#f(Y7o4FKmt{%H8g9SSaFj2bO==j1C^F(5A`IRuJjxKF
z2h5;#FHL2hZqGX1o*%XU_!X(r%JM@P`qMoSZDXVB1>id4!nD9$I^nV&=gGB2%4xD0
z_`f2nF?;$aux6(~N`N&x1xw&jegq;c(6XJSWqWln(#<B1GH5rf8eNdoTFCVMr1slE
zEU~c-jqHGMozw>PMDOzBh%4f5SgW6OvPUq`mw_f&-xo$u&`7zXxq1dk2O7MhyIyGj
zX*7n@(M5XfBeYuB2LAv#HI7Dl>|SUnG>0jX9vXon_(d@hydM|g<mO^T4gm$Y)OL!l
zHK+A_M5o1`Lg;P$iKEahT88ywm)Y?B6Hy>TJ*4WpfI+3D#KKlzAv@4cJ^`$mvK>cP
zr9JSfiTM%A=(4^W&K9>4aw$PgB$HLCerK{Etfpw$qXuQ^IYeXXE8HYuR3|EHw6-n)
zNTnHT<)9(P2#k(UZ$o3I=Jj-=(!X7N{3F^^Sy>p+rIi=Q{A{ehPX^-Bt}}K?+<;o%
zic$6ar#gFQ_)m3_8m3}?NHuowPQ|3ZjJA61Q?-{bGSf`vq_E2BOcQBMC&IU%`kP5l
zGc``z`L4inV7Kz^i*1GbNqq%YRU6*N9DOeXYoHv~X7w;f>AoN^wKaW4LUSR-s+%WJ
zI)FVUuT}M!8#elShw~EPp`7yXO>Wre?S_DP!-Boc6O>k{!>)8l!Fd20nST`R&gf_J
zQSJK7ES4}7$l7@{lz9;yi{6Q33!&cnsL*iza*R|%h9eKt`OU(&S0*zJWo~S}|HacO
zqs0Rduyb(WYgckkI_ibZ`RD;nZIRHQlNmY08lk5s79t|%ZI2rev)f`*v<zi+KCESQ
zHw!H#qRpFcNC-el@MdaB8KR(?1J{U(g$^$`w`Q`rF3k{)2?VT|upQ+a?TsceddmPr
z6DXx9#7e4_HhgCB9tIW5!S77?n?)S1K?xk4C-a){(BUX*8VFp%Knlkq=QT_9rDXYh
z6u94!EJUJqCYMk;G#GnoX!NFHct2ltJctAJ(Qvj5)blvFbuT4PJHch*s&jz*{dEBD
z0R&;61q34G<*Kv>7)z*U5@ksb^-4-y<HQaVIy-Q#&c<VBE5%>foO$&*nv1N3=I-T=
z&ms_+i``1Kd0fEsj;xeeVv7OTFx4#Qo$z+SZLJ*C9__y);t~&GX}&TbV>g%NGLBYX
zUm)aqV$VRji(Sc+^lfDrRo7J%h)rNbC$@W2ov?kwDbc-(St^pdnyHMwSG}3hed_B(
zd-N?!7RzS=e?u<{?SORt{q)WI=K#_dYuX}V_b&qYdn?W<<vy~8q+I4EL&|MrxS00h
zsFc;g#n2Lg?Ov|p_y7vgjqJKyF(C}^@ELWa5PIqlEC)mWvH?(c`Ob^b+Pps|ddpg@
ze_C}Vj^^sJ4EB>n59xaqMNb>>=b-{+8Ud=HU7#1y{(3b<73j=5vHgKX706%Kol1Va
zya@X_eF+N);JuoX68<>!{8u^`M+v6?bhhr>IsE1Me3Z*IZ1dSmXzcdr*fHpV_E2dC
zKdFk7nEeBv$5ido*H1@6W0*7O1=kM{w3JDd=1#)rQ`hf^X!lQqe`diy;k(0A!&AbO
z!*_(MaJv6`b7v%c4V&<rBQu0>XZHM$krcEz{9xD-9vmJXz1^9f!fe4zJ9C6^FKpp%
zY#}q;J!}bQgww+pW37Ss&rlLN^mPvxu!hHtj7CGAs^z4x+<GLgbi;hS0d~%6CNoQh
z!%<~@*DNOKXkk-NBYOO+E4wK2?m+XTVq-o$ih-eQ*KT|S6-P4cgk?kp16}W%GC)|K
zNz2%zVSF5rE_}m5SO(&0_6<T#&;AIV9FztHg`LTlq_Bf|cT^=A%6~W&5hOH^5Tty{
z0E!pE;}<Qz?P8e5u8SFZTwl~-ya<o-iJOe!n0SPekz<=w|2VR{%IC6j!lR~@Doy_V
z$<CHWlk~(Ir#itbmHqIh*w7+9YQY5If&0yJpp4}E;`f=8`nTbsQGG8ofOT9L!6DjC
z*$>c^T-_r3*IHbTAEkho&Xp$FzrPjEEtgc*qR!1}MVVs6118@ZX~}3rxk7(yXKyW;
zY9B?L?YTK;l6}viPB)Jfd!`&9ofx{33|6k~g-nt+kB3O}V%&v;sF%)nvoH#HtMz>w
z-Ido*<gwH&I!T;B8Dls4DnO7l@-x_}Nou$REjHEkoO3j;J;~Z_IE#h_`we_hCL7#~
zX=c`6j1}4%&kC*8S)s9AfV{p-cdt@Q(BvKMRBtdhY^^O}x{D1k+*Ww+l1iIt0IJKR
zY%OTv_eBn~H%E>%kpkRt%y(4!V`KPc)D$E)Y@NUIO))$^x<x3?E=<M|7h_d*S)w*m
z=-~3qQbud7QI9K5X)jvY79q#rxHu0+n5H63W5)~!#nY(?pztn>oiwi#2*z~I62gB6
zRBwBL$Fo5Me-;t^sEue<&7(j<d2AMK$EXY;YJ6O%DX*N4u&yRJGKj`r`LCT3{CgSw
z<pxd<brPxetDoht+L{fDC&pKy@Mz<c01%^nLj~2eFtUMEy@%7-op4~}axZCnAC|?|
z$R1fOv8Xkc;+AH!)X)W(6nL^o4Miz}ZmLUxfk(*dICC^}b%4ShW7zpX*E0a_P$Ma&
zpe5PT5(FvM4;!x~2raI}K+QpDa1%-bcsT{UW{sZyc>IZcLF@8EHYvi>Qdt{@??2uQ
z<T-qleNRt|Ufq**Y*u$*cthW%GLWWpCfTVWEe%apL#Xh;##)LkFp4(u=g#Kva%l6I
z$yixT`ni>V1sp@@U8+3J(&Ds;Qo}CMFlbh}B+k}18Z!L}oDK6;HmnFnac3*CJ^AMj
zV-v2(5L5h$EYep5?Z;?Et~YhCA}fx=ip)8}ApVf4-HP0C6RgOM{QKJ}2`gej09==1
z1i+O^KNkRRL*;NGubBkn``I;L;oNcV6bgqm1^0ZY80L9QvJ_W__R=(JWS7$F3Tif~
z-t)6p^fCnHH&9%ijp6;FiOnc=TLHU5f1ze;S)fmHM~-S^UgJ1`TH8W2WhduVw|XCs
zjm)xITD9VBXCp2Lh%Hx<JCoN=X}&NqZ87P)Qdm^YVoVdquTlhg;7koZ7Hrl2oy?Qp
zVg}n2AYQuFf#fmH^n^a-efj0j$yNI0PeCK_UH;RZ$kIi6_+0|U@K0tUNyz-8EFO#O
zLltA_*(3%u`6PzLs*~#P{n>lycW(o9UKe@&hKRKAevu$Z&^xUyM^Wf@eR+;aH#Ney
zDN=1CuoD2>a3`}st4FSR+sKKNA>Tv48!BjD9%9HhOKgXn^KJp;T*1FTBPJl{+GWt~
z5`8V5h0IEbWyu95=*P}x&cC3tf6_@{KHpEGG0L)(*|lNP0AY%BOV<GX%?(bGvVzB?
z%3#Q!q|XheHXo-}&oT{E$g5HNMo|hJt<qzk3W@X!;dDt9xhgnvJp)q@6&qU(CE<o<
zt;%>5FGQn{<FYiMF%+b8H(R%z%Q<lt7n)W#^vus*vIB1mbaQXqL6m@)ZfNju2bziz
z95A<=5H39ieHT}R9*(XnjJpI!xlm*SgO8VzheS}`67ug6<xU%DyvL==#!y#uYTfEo
z?>8YMISx3DPzAHt#(2_}@WlZ1lz;RaB7|(%9Q;u6hnsk?*04!8R<OB7G$6z3&2a@*
zF6PQ7n|AsuQZ7pMjRXd-oi5L2UFce{UegPqSopWytQ?hczAM(9O7V7)mIVE+slGB-
z<P(qMPK$SxF{-uKkh%*bi>!*Jyg599N|HoDSr4KdT1;b;;bfBQa6<;1AilNo^mqbG
zw@~c?!qJ0FA=H^BSM?1htr$3supC1Y-ecBMV?Vn@>?dqTAYD2U?H*180l+OJvps}J
zGzoxO{H|DB_noL{2`mo+boPv)ykclRxrU`oPG`tsGq~koOMTuaw;U)O%44>M1^t-_
zcTH<xRz$fEM7ZT#guAA-VJjmnkM-tqoDJESrLZR%N+w6*Qo$8#BU`iS{Qmrd9LE16
z8)HK=B>$;y-roLGl6QdrREqC%xq7P`5Zk}bc5}#@Vip3X?!nW23)VzmCd13<kC)&F
z%D?v+*s)=k;GIKHV#nq;06TUGXUAMu7}&9N?ez0HJJxs^|DY|oEQ9+$7{=G#+tYu_
zg5yi}T^{ZFK@)au>MjRQkCF}Jt2P<Nw}g$4=&nA#aX7wUHjOXEIKEeg$Bpl%==f~W
z@nv^3zBF&9|5R6BA0-C4-N}YQETEANA8Q=MtvHAxHi(z%VG#ZKAnfsj`20D25YG(J
z2l0D&T4d-y)!W^F%H-=E?Xb$&``fJd4`&#9pMkxv%A(#U7<+$dSX}QnM0>w5+Ix>7
z86EoHP+ma1{Zl6(XJPV<jRj?Jsquj=^}UYKS=KILTt!9Hk)4ynFWw|_xQ}GeZBY-&
zemXPIoiegVnSm#XaL>*UCl$1~0`n`i&Q_DaqOKo3+(jVK>Q$uFxFu3voL??5+Q!q#
z`qx?YaQb`e*tZ&&nifm`FxM_?+mECQ7-pT4N6XPTw-ubE7AM$*%b4fyo8zfKM?e5A
zrNlKXzBhn6Y)&VxBVSrlljM(d@y$UMJnmk)83l^HG1<)Y!*o?Q5cu=(oG46L`0fP2
zx&ZcZLR$8c_Cgu~citOq5qDttbG79{*y)dSmKtW`Av2SXihM*F4DgRKG|&}GXLglP
zXwZ*A<zGQ%slhDj(Ajx7m7Z#}ufI>_iB#HY)&9<bY12BdODDTP<?Bd=8K`GFrxU>1
z?0ZP1v8j$Bue{94l^V&2!Kpn6gV)2?RW^>n-xg%h*z>0}qa`;Qj$fps^hD^@JEbiW
z&AbZocYhtPFF2mf=TR__RA_J6&aXndBBFaL79RjE=2CVI_8`@o9II6gBb<@Sh&~|1
zapn{}_+1n-cZbHZI13l!6evjH6RE~zUfI)`>dmse7fv{<`wqSz0|PRI_~F!WBW;WJ
z)_xeyU6@bL0%t(FOKA#c;y=BZl_S(I)CM2ZXM6GY`l{s}O65y4id3I`X%HixTd&K)
zKmMRs>^vZYKMB#NmOLYUq&OIJaWkdKm<2C(Jo~z6UDl)vq{2e`-Lk&tJL~3e#feGG
zomJcV9XrZ41@#6{-$wLMR*sVFO=io)kZr@WbtYXYyOHgmqY2(SRcC8MV~xa|O4lC9
zW*_SuLws&3A=U5TSV{_WGjU^ba}bB54Q*opFf-?bZ+B+5a~JSUVZEsj=CZ7RyR{2n
zIvZgx19PIqQi(#-{BzDb|Lx3sT3M@o{w+>^N3>#k&iRq_H&KKCXP{<iGSki8Qak|9
zgeCBY=2oz=pi#Tq(OZae3}&s%Q3mF}ug!^%U%lWEnsm9<J1rDI2%yy^iF6)rb%xaw
zm}f$n>Mx#)=<=FksKW06{H8mMCZ@*pv{8IyIJdkP`A>lWi;<$GCF6L)2#~|6&651k
zU*JRCgXkT-1)e<OVVA!t1;04!u7<u((b2O`&)tkd9T_pC1H%J<R}G=1TSH5?;|rLQ
zzcs>*2=#N$T(A`wXzivmY$YwaorsNvZUs70!R=jsw}4sRka6g8_eBO*ly~?o9LE_O
zQkx32fWgmN?W5g|Nb|<__DCZ&RB`WiqtCk+eMv6uLvd&xVs=Pup+mJ;y19hxRl|4T
zfb!go(wWJ<dyRG~l&y<yR=gdfBLZN*<qSy-(h`gRbc$Qq<4yOUPW7e8k&SS6Zj_aA
z6|8jNf!Np{!pSvk^mS)0>HMAv&Y6-5Alz>n2{+R1+wLT~-Fq&h+qPvFak~99lCkk!
znKF9AC3LY-zzX|k>V+@ng<rzL{dnPLE+MLX!3Bu$9(6Q@WFOm#H$=maOraJojCQ9V
z6RWX>uhV({L)OC1-q^y8u`N@n2X!BfhVGr2bTfS~0&iRedaI)MY&M!YMA|vjJj<zW
zg*E~zgaYjf42(Lw_r?N!=;!dO`G6nP2Rxn+`0qI2A$-7#?HNM2UsN$U=Mbkn+KfYN
zZ>BZo7`JRCe|>ayju09Lt8BC<o^)LWg}5<$Cjl{rli6jfn^PfpWeRODx^8|_7he&J
zJal_53j>1zICuaG-!OT^?fJe7WS%TN{v*_zpN~Ga=$nCASICDO(>r8&DJK423MkRc
z&c1@z$@-ZZ+!THdc~Dk}5qMT8{dLm9hF|3R>v;bO7_H#-LV0yYe#7^*H>3SB&;=8k
zEoamD;}P310&!%$T)p1qSU;~2cSxEGsZuji4)1QaT5ZLb$K)7kI;Op|9trh0d8}dz
zsnhbq?<IH&z~U{KOp8}GM-T7an=jrmT)g`_v&9QvlwtIbrKkx;`w$GQuC&USv>wAr
zFzwb}q&p;Z>oM41U%~*^5}nd+cuk=A=xY<>heVSlO_o&?$}=#)#d`qPCQC~OT|y5{
zCi*L&$(6D_Qelys8y8P|Lr?`hh$Q|~i2sl`P$jm4Ud`}4nRHX|Wva^`={BoByrSGJ
z;{qn2PmM<zyQxrM4m}Zf_#PCzW%S6+2k<i4R(tW%iv@JLst~aa>|$)7v?$-u0KCWD
zEBMTwy#2^TR(O>CVVhpu&B9bs^boJ1IMQ1)d7QLpb>9HLuLKJkF+zPma`E!@#x)rO
zAC%ymV*N&6XZ(G`{w_j6qjTXsiQyIL74RA_t;iAd=cnO0wtg&N2S$X7dKswm0dS2A
z2LeoSGtiB<w(gQnLS0QCAfYc4mh1qofW#MxrmISP3;h~S9gv-_$@f1nEXiA2SCf?C
zt0Bq_WrxL=ol0e4Za3%!dc+r)!5VW?)C0`8LTpk&BW}oVP`d!kk(uqYf4nNPQN?=q
zJygJJK=F6ti~9`4kt{xliiXWl?veO%9#$@d{0Hqv7GBFYc(K)&sR#S<c9vOmsw8h#
z-TY($STc1?Vck*|jpT_&9C6hDhR7ES)P%<k-Tp13V~A0t?na8lp{?GK&w{*Sq^3s<
zg>CVL-!K%GmdMwIlim^w8tXU8>a~TkRJI0Iqmy@}UiqT<%FKR_MNfhyFO-(J043H`
zQUkoQuREJ*5w3<et+>9$oAhQ9kx7b4H2$=K04gUK3_HC-BoG~14fALyM3Aq6O1(O&
z^x0xwDKwD9Yd(IegHo?YOO2)lDrWRmr>($${afHX9ndB{`xn~UnWF;tYMOURKJ$g3
zT!FYbiStfF!g}h*Z1Qpme%TG=nNcj1BAip6!2K+e;tiUw2U@64LKE9?ax92q8?nb@
zi|fDl4c7NdLhlQry~`GP#5jvo|0jXWzlmJaCdPn%)RK1z9Q*sa<FTLXRL8J5eiK^5
z{Q*3mwZ`G?lP`-xsDH!|B5w>u$h(j8(KN9N;Q2$hGw?nUU;p}-#rR=0+=T#MGET&K
zv;@t*e(fgXo5sOtl}D7=!ny4W{2Cj;P-~fnlDV)$LS32RM$41|cqH9)=Ky{rb=6rY
z5Gu9Z$?Qm~>_cWIdr!s<`EM`5lpkQTX^Q{!FnkL8qx?ndH;lhn^j?lo0iX^{*dzN-
zrQJUkqdx{l_Nv6&jr7N4@l<3laLcWi4-mpR@bK2ep+Yzd9=`s1un<m%hn87Gh2`v;
z7Gv~lhecd`n9z-Syl6PM*nzc{%ah7annoL<8N{jAA2bO(-ajz(=2?=wtgO^E(KTWG
z?Xsh@Hwk5<HNb{6w%*L^t7B|y<NbG$YWqh~^nZ{|tN(<N-o<Uod-zwb9^-X1%^xlY
zOj~qPI9$1fWf%Dk%f}&c5I+f^(jH7=AU@F>KwRAhpnQ4OP%`US+tSq_(3jmpm9ZXP
z8)zlG-pbw?=kYhJVd({2c#K9c2*QvsNjF;RF&x7I?e*hAyst*GTeaIMm^SK(3Q_e`
z+yp0kXFM=b10?9_)%fXejp~hZQHIJ#Z~4yTlEE|D{PcWxIPcR3$&O7vGgc;<2t``7
zk<I&fR=!L8(4DtWc5IWS(c8$Af@Sa&H(*LvI@~b~7o5kIB=7KW5unW9^GOhW2>&RX
z+)4=K(0v1X3!#~$^=rbpJ+zmRk>2m-VD1j?w7`PKpdMYFB(vZQUJUs>(O${IZc@0B
zK$eSC({6jkDhf%>LNx)vKYXFPfFluom*8aZHKp<<FGK&SB<~a9XX5=uNTNsZs5ZAc
z)l9J2kLelrK6h@&><7q55BX6@6+d$49gK(0^f>6C-xl;N)sw8jY*=}O7p^dn64(?V
zYh5zV>-qdKV;rCREL*@cW8~$R5x~1$#sR(;0DfN{2>wY?7ufE5vI(a;?_qHN+uJ#b
z`N|fP(ETy<U{=ne{rTKG$t%v{c2rrV`m02i)M(0`iN11k0f5SWt?QF#BXxx!_gk1s
z7PYEV@wRA~fH_XkU|Vw~=?dJ-c6K2t2l2m6`)dpQ0?07O-gF#m+vnNziiz%s8r2&S
zvU*H9GLR(OCipRoqyGs0vRFpnG=XgRp+aetF@_&#6;**~T#2hy#q}^>YxfX~xx2p6
zI}`21k7>8SJe2h;#K4=bu0q1nvHVF<of@+`TN+6gNb$K?h*NxW_l#rhzJywc(;XhU
zfvE+}%il}~BC_u6b|l`ud-+?s(a^pCYL9EM@7K5nOg+Nr_?z7_xFGoi)P%l5g-m(5
zs>}JcNk#k=v}&HMa0Ct}v8`D<x^QPCoPsJw2mW&r*D_Akwznk{3f=xzj;?w%Yc?7!
z!fB!0l`!pvuVD2Wc6mD`z~?Dm-3Ha;@NcSamj<$c6SJrdaI1HiU5-QEc^>76D=v<b
zJ5bM)q=)18b22WE+i}F#MfR^XyB**7!r?2=8%Aln8|e9UTe4$q@^DJ4Jjz*@GQ*5c
zB>9LQ_f96OJ+#rCk`UC0^g;?66atF3JZ}<sFdsJ(u4c;lCp$Js_4lGLQJ`Ezj4Tsd
zT-8mwMK@0s>j~6a-GP75KzKq==8l5_a|Co0s3SQOr1BAS?KM(;Pclv7uT@D}a*ar4
z3kxUOGg{V=?VklB9N^ecgAN2j8~%hzXlNua?%ID9d|x-&o?*jnv4~PFNlTnO2>e+Z
z1aqOn3-Wt@NEMpu?HF@Rg!z^7I7oGK?HM9+?Lx1OokA#eQ%CAV5a+mYxc2XEX~e|j
zF6Xow5dNAe1%h_!>umP(9aiwJ-R!se4uNI44PQ=#(}L-1sp8tkA%fP371d|$HnL6M
zCDrf7Q9?B&KIj^QegSAjhbD`?xW8C48naOr0ubc@JG}Es>Wcc4+w&;o(00pe8enR8
z8!PWt!Zf+%G`X!#<@-(tDF~R1PRuO3k@oQ5G+HVf^BpT7g`dyNl<r>ucU7u<?^3=Z
z6M#g261AR&i<aGJfSlmOJ@}hU9WUq(38yRQ)1A+!%lyokm8(A8-g-XecJsaPyz|BJ
zP%26okGcJL{<1G|Jj@psvuJUg^`^2Gu_a~?i`(&})bMCBffGQ8{DLJ0u=-C>d)CZQ
ziI4+WO4Rx3A-BjhJeJu~_ceHdwrV|P;N_a!@Ego?v6ybJrXx|OoXLSF_*fpH(%SkO
zJ^8P4SZfU$)V45Gwpz@3jOSlq9dF<rZ{{6ilgX^(OOFhWjfrl@c%4E~FpP)=VQM#=
zD_}S-^;WZM#H|)@5gQBedX%yRh?q;c6?l$TnR$RSaMsU*ilLV|M#cP5)q8-1?)Kyz
zmY23hJr0|sdK(NBZ#Uh_2|0K+S@xe5(RY(P*kH5<54I28(wM!nsJW%ldp!-`db^Je
z6n%$nYe!l#DgHq+x45^u6w{G};88HYvo6P1QavS5L@z1jEIMfU+pM$ha0L%1yCSHN
z!@%dRz@Y7NARWUe3vMxlHm!nFvXq{{f88f6PN|#eB>dw(X_+EZ^o*H}rN^B>cuxrI
z4{-WTCbWCq;Bsv9GWys}R;~w#ix}^oV!Sza`p|n4ogj~BUw)lQiAUVr$I+wAgDKsE
zP8tVX3i>(Xv<w)oqcs6vrR!l@08CEC^CIJ~^5~T){<<}?9)7wV>!pT&Vm$To({v7B
zVIqY;YL}vC5oQgBmgm0}dWFdP$Zo9A8yyvTI`jrBbSRk$z1>kEf9P#isF@XdFTRlU
zSS~vL@iKpBW!_0Fa~;M*Mukj#eq#*v_*gP$7bGob6T4)ygpRaJg-k{Fx3O?oCpPK@
zKkK;Q2fW~i(Spm`>D*_Y(ffS~N`-!PCb7VCJowhb`1$v!xq=m}fQ<#)!e?d%{ky)(
z6x@#EEMM`|M3;||MfL%L)}Nd%)`qXge=4Gyc&qj?^4r}&)P?s$@Si@>kG8Oto>maH
zXv0DRIUCT4_NULXxpzU}GiJ(D!3HxP27`P>_Tn6VzZ#dH^J-X`4MabV-!;aJO^M|*
z)iGwVQ7rcYl?C1lc39eC(Jhsp1lg8_QT!d=rv-|d!WP&M=nd*|v`O`7g6~oLV-gh*
z(^4aTq!%vo@c@RU0l?^@OD_1aA&Gsd!5{BaJkt>{lB@AF1vaM&lO{|JnCgOil9Nkj
zDkU?~_7WtsA7IO+6}L2@H}57_^+XWV8n${zs&7AmxE9=(To9q)BXQ>+@-dFn-kxsN
z<Z!kWTSV`nNRvWU!uzHya>6-;Xc)-cpj<c8naqfAz_bCnb*k*h5KFu+W|pyAqtr_@
zTuQzdVE$6hX^dDGimVoavJva4PcVlnWit>k?ui_9Rr5mzb7L$AJXHTcKZARd3tE7a
zh#Nm}-;N)o`aj?qrWWP5i~;b5B5M??68<_N?`a=5DI1#a&@UNucaAzd2hxviC$+(E
zJ7*a1f$KC78-9Y))5e%9lgno+fC>}L;>P6hUS+)3t){t|2ez}N5ht--uBPh;seUD$
zG)1RN)!(A7v{Zc*XB-|#?U$)H6^;({*`eGvvn=_hiqQen4rth!JhlQFC1ndNPOV$*
z?ra$i6YK1ZG?psVjw^7J6>8hY1p3_U41QxO6|pA1868N!5o&wXSyqp7+~r>jV`@Si
z-Q}vj$%YbvA_u>LL!>3#74Z|dV?An=C#Xe3odiJ583~puY@lDp1?kx}mH_zMUk#1(
zh9U5Mbd-T_Os5Q?{rwV;CrogpPz}m)1SM=KyxuZIBs~({O7pN-LM&32{tESYQ^OZ7
zVz>s}v=Axr8bXSekPWj>P|GcgZQdTN*gaUxkE4LsZgq;)<^T4Ktae#!!OSxoy_bh_
zObO>XY2(c%Wbp1SboswK<L!!fO8~nN((FYpT{=coMTSsXVyRp6ymN_Ice)prlpe-|
zxS*wAYxn}72gP-f+m-E3sWehn--uWeX#({14w9A><(CG=JnyV)?d_Bv55n_ic<v0(
zjb-KySk1c@s`yrgi~OfWss0(D3uvx5%<da#^q(p5Cc)%RZhi#^Ej5JDLFP0X0kHMJ
zXxOk<tC*Ta8@YoiynIclOO9pgsbm@8p8IzM#@XWSW&CE=?*B(567C+24@@C|k8jTw
zqQD@7UFHplI-~fDe|S}y5HrFU@xGW_uyHGb3hmFBtdT?+N|#Qm4#z=X?)x@cpRH2;
zFz#JsMK#9hLm+#j!44u&e~~4}$|pN3kK;SvW$$BXDss~_F>MOnP#y%nN?XmV+8P>x
z-IMB>y{+3`;T|#BUhKPyF3FH3%R~7}CL^+an!;=4Q_+S-Uw31CCw~)g+CQKKJCz|}
z7IzG=$az6I7&56PUU5UDQ33RghTv~rLoA(RJ41HeX%YcPfr+<E4UPOwRrJj!dNa&!
zT>gV_MyutO{?>G<9_<t8o@WE{7MssR7?{E-G-VKbE#W?kfb&ZOmap7`1D7e_%}>Qr
z{c!ZhQd-@CqCP0cpvm@#iG3`-&3MA>aH+Mhd^4?DZFqYG0I)o~9`G<ZbT3nXtUg^X
z2)>dif5WF29)bK1eVfqk+Zg!vFnzl@rZ%`Kp4|vXO|!C5f?zc%bai~W&!goIH^$1X
zZdYz~v|JOEBlq|Yt><=>F~f>m^yJ?<5k#*6Z9|w5!O<qN!uTgE07^i$zdWg3VWODN
z@WNTFa4jpGcMH=v)lgwp^1d)r@6>3a<cyegLY21s19p3G?ejV0(J2`$7oPioF+P>r
z6a1-4`yDTT(etQ(MEix+nBq`-{9q<i2BK#0`adS&cwEIph1I{K0e_+G-GgeW9l8+$
zS8I0pER&Q;pFWouKOR`9)wo5q!h@Mi3A#3#zfrchlnm*HMnpBUtGS%rHT!GK=KH&@
z;x_==o)>mT@O%PkhntgnP^65f&w-Sk6U%|}3`(OI5Ctu$2};wRSeY$ImXxD64Hcwr
z#a6dtkJNAhg(+y{9yuV4Ovu%37+E-qBOfDoXeMI;w~|Y$4pj3V$oPU;nE`*|l@R%r
z^fjosgi;~2Jaan^NDZF~20J5qgCS{Frx`}owjx_-F22A!<MJWR#nzd#W_W2}YlVb?
zEx9y)V3W=<u<^!$b>jnb={^%?J~ZFF_+ixvOi$tRM`Wo1`Ku7d@oFw+fe4xf{M%HV
zD}+8~@p0Q)a3lUob+!g7BFZ(b;VO6;qL=r?cIWh118LMiUv}jOWmi(!J7Nv|3SKUz
zm-ogRxJNe_a?;)4n|wQ_YFENyhW^@azy38^AR7xj-lktK>Mf*1^a3XU@S&D=Ewn^i
z_zVjiXwxw~&NKy1h7-@^2;t7*3-LMhOpXvW9xB?vcGG9EmuBtK4cXkR^Fsdl-Dh&z
z`3Ez7zcSH2Ojd8pM~0@*t<KIR^J~;(0!M#8nqFu%6A~Sq7v&iooI@{=gR|7IlU(A+
z$ysXn5Pz(U2GN0L3MQ~%8R#N(TKn`qrXrQyY8A$9bPueuFh5^r;46@&afNr5$8kt{
zxGaV1ANS){Ue7(hWgz-+D$k@V7t1(|ZA7-;c`aTRrSzCK?7Qs|k9YzLSe@z&lgF{2
zMN2UTWNPyD1<}u$4Wi$`o;xBm47%gO8WfhsqnvOB&nCJ2XGJ&Dnv6GUP5N@Ji94z_
zk?NNuQ_!CmNpte<cceKfQ3k!?X=tg<pktq0rKXuKCZi@)WB_MO0Kf8+OwuQkEsPcB
z^)k&X+|{YvgZYe2G#xzCE65+#lej)dFEy->>v_6!qa}Jj8ABzN;{v^z%&6Scp4hS+
z)B4n!1SQB0cC`57hLC`)k3J$YgUCgk&d4n4CW}r1P{Q$8G4l8@1^@51&qaOAh+FJ7
zZ?95iC>-V{is}<Wg+xsMIUPBXup!=(W35!5Mh<LWx`Jl_=4V8-)&rQ24W!%T<x!X`
zpUaLd_b0oQk1%TJQvE%wfJXdPlVFIJHS}9rficRkmjTXv1rFo6((M~K*-$@(lyAjH
znHVIiF9yk?B_K8umf#I`>4dVocBeZU_N7AR5@f0JgEk+;3V^<K`YzHuzy?D9f$4bv
zdKd|?1+}URNd^N5X?y;~oYR>v-Yul-J3}CHMw&_;UI1Xj3bgm`4JQyExbzt2<_o#$
z77<#8or8*2TqCI)4C)BxlU&KK)hGeR5pC(XRKZPSrDeu|BUyKwgapN1B@Ve5sZpiY
ze_I#yt?$VKdaHQ(im4_0euS@mwVbOi<a;pY{ZSmvoT2C7NVy=%psWqxS00;6vhcr@
z<M0RP(k{46D{9*ac7<BfxKy(EFJ>+Z%$@4iyG#Z?G|u^eM&A&Lsh=qyJ!)CB4>E=J
zw{Z!O<Hdbj!k+=O`9|e>uv<v+G`y;axTEK<(^)C*UbDQhAB?<WAKliyX&)f08o@b;
zA)@Yv@XqP3sBRl}wESl|A57KOF43J20wZ7U29)Xd<RmbB*9aO!x9b>-Hg(x$$fA9K
zBlvhPjbMm<0Q*G4&|VeT7^Z6ZFb3@-3-dLYs`Z1Pz^#o9%i(fl+`5HFMI*0QYTpF2
zqcBA?Ck~!GoYtLB!eJ8+WliV%^cUN;`!+G<mg7m?$>5DsUE9UOounrcVYU#cR>y_%
zGT!Q@YuPmbrTM^6fBCGXOa7S}Z`55A_2@y%!5*yk@2?%oy@4pacRo8EL$9*BQHf9H
z>C9LNRNSaF<YwSzd1JoTZupfR8{KeeZ%ef4_Far;w;s*@HnRUeT;4vHRzAJFB=*uC
zcN@8wnH8^nCtC<V8~5b}c1QaPet9B#*k9GCANKi;?6BYP2Lpp}0e|`SABaDWS~Uhz
z=8Wyog(DkFmn}-CTCZ)$jCph1|9$!SycwFgH%GIUh9g`Wr@zXl#4aDp=+%TOKZ*r?
zk=$&u^9!F-6>P153h#F*5$)}}y9=Zw7-lD%DR`|t5AR?!`Aiu^?Vmdydj*-fT}gR)
z9>?RPI>V`!n_S9=9`Q$ab!)-aQpYK`RJw0MV9?d@_aHDD-h1VQOXj)uw7B*S$$5NT
zFu@Ph@*NCc_Ma}8+q7f<&W>IzH{nQN3{G{t*(08GSMSBq?1537hSBtAqdDU3jqxNS
zn)xqD$S=$A%69~-KzV2&{XFxyIGX<nn5G?fo{hK`tV2~Pj`k4NWu05j)A@z`{xhOg
z&WrEg!uroVPyaS!|JH$6e_bVZegrGB&aLO^+%W!#CXa&p3!0yz@gKqQkGHZR^f}KE
z^zk3ird}K0e;?Mr?L7V4jQwksH2*4n{x;UR{pZd<_hZZyxo)Q3zn%4;`*ZuB>ZblH
z^!{^M|AT&R|JrTw^B=_e&;Pmo%af`9O1=MlsO73I9|rvcM+L1EY;^>21lWqlamJft
z$Ug@CSN6d5BX1J;>N|wu`owiWSelcW*d3P{?mYRXSgdIvdZp^sWT>D{GAWzMVq~H{
zKe#7ZG1-CA!$Y8`5ewQ%@479W8B)M`t(IF#r<G?`qVZ30>0RTk%&Ng{uLxu|lId3I
zv`Ky7^F(`<T5b#UDGq*<QaWum1}yg4Yt-`G(ty2gTKS+#-DG3h`20%!M*6PV!|0S!
z*fHV^erqZT3_4O87<Ac~K+!;FplCZ~$Z`fU3n@28skn*k+TcZZe3%-@?16u0!V4h6
zPtb8zD(=HaWE#aa_=J2^z|>7Y6vd-*bt_QRLhag}Ov{0%QmLr<8w*KaNjcM;fw`aP
z;eP;9fy^!bHHFH@{-#2wa)ncwWO4@FgW-9+*{PJLJC#}s9sL;VsBm;(ZW?^5%_QCz
zU&;C_3bs~-uPXIdeJD#)VD1R~LF{r3exIp-x9bKhFr*@Ukt_2UrfweRPA@q~kBRB#
z7dB9%5I^MOhd23$#fA^V<m#=SKvA~8$Sz3rk79}HkH-auWniGKJWT!vkcwDmO_GC0
zlI2J<Ml|v7IWsmetjQz(;PMA8Wd&PZ&1;$C@LKB>mvrx1x^y<=S16I@mu@+Ve@t6k
z{xu*_ZuT8?JDR=y<mP6^Pd8hQ@j|aA|20RO@5eF_G6u@kJLSAjrx^AZaO_w7kx^I>
z0G1McGb4?51by>d)wfw3JER5)FW;(f%f#m*_H4!HD)!t5pMS@mZTP&DJ=^j5OZJ?L
z&uCu(&x7#U&Ytt}S!U0}@OdhRq6i@0{*)W>YolBI0TXXfqJ=dUX8jbMU$^7Ze5V=z
zvEo0uvT{u!J`~H%&I(rKno4|81utgu7ns>;0ipr^B@2G#_b>3DJbBv!+U*O1bomaT
zcoIRv!BPJMYD%7h#ZHy;;_QDJJoo$J;aP6su&ZBZtVsFfu>7Qp8HI!Li>Z7jhj0B0
z9hbi%dLqdS)=q_^-nSoWS@}xT&rTR#;`m+~o6uh$zHaq$hyC@xhMhoA{sk&;<7-=Q
z?|6Joc;YnAgz}51yq&Lqz0hI#mQr@YK>0VRd@je4`Y+FRRDSji3F9Bc@u+@jhvi#t
zNhqJsaLqda$|@&aVl$O4)!{R{Gr{*w2Hy&TFK5}GBD5IsR3i!r7B}h@>hP60#O#L`
zy-BjfSFXIzjTSKLrTSg?A$T^~pu`y)7zFqll7pe5m<5b1m4)1*CQGA3s1~qdB#%H5
zCKM2~?>|M&%xT>SW`Z*8h(`gLJ<~2bzVKd233&$D<M_og7>&v9YA)mJe?+T15s6^t
zOk^Kjj<0;X@ImHjHc~Xl%1qtNco~s7<*ztFSHN^cRu(i0EJW*qbxVar<AwRjASd2s
z+7U_2m!e9tdb>rY$gXJ^mOgke9TOe&`{KAX!_;kxG<)L|Y4V0C()M6Oqi=w7DJoLg
zdWapC!fb#Ijo!V-r4@~6=iG0H?4Q#r_)_bN#5Uh>*+0gbRIn9()L|sRylYyE>-Nu=
z)f+6u3x|ooKmQ>2+wR{d$>JyQ;wr|^V{}^J44x)6(@Cx-bpL)Q$N(pSfp)1G;g=Wb
z@`Q~%v(mWv`52a!Ra!E}Y8Mw$b{te)-fxNejHhw^mixV((d2ndfWvD#W`Q@(T+qVP
z{kWFuxgo-1<MuBmQ{3edKlSwcpl;v%(F-%Jp1^fKc=~N}`u9pMaZSm>%x)kfw2W0u
zJ6Zd9!P>-9gOdMkUD4%2O~|9Bw|LZREU>CqxlZn(^b?!mp-gp|=*I?nyM}TwjkB<X
z5@{}F4QANz6nw$+XP7L}RVkIW@1&d<Hv$qnSF;rqJmTq&i{dpJrrX#Zq9DuYz*9HZ
zZWU$!_LJI@<s|mm*uuoyD*~+jt=(qz0=dyjF=+jJ_sD_FI{5$NvSZ8au5w^l8QvO(
zDuC92SUp@WLP2w%_QHEzg~|l}PR6+W_gQ#W4jGP{grp<*>f`|i6*T>(musi|zk=V>
zAC1TFxcjTz7?N9bB)3M9+-5{_3nID1k^Ihg7?Nj;x<>^fIYsnPr{Q&0cytt>r4<ob
zJSq441kiaQaHfI#VeB6RGRtDq!ps7aca_q!tQ{9HO&D<PRe>ACjjk(l2sPS-fV~Yl
z{kG)-sps{aSrn#0SqM`EdYX_ni*koykhkr?j=>z8<ltdgv^MA+mm}Y>9H$y0Qp2@~
z*0gZ(`Hh=8szB=(@$L=v;mB>lT#yX8cfLo+ookdi{zv$|(82J#@tyYgeH}Vc99Txq
z5b<D{^>9bo#5Ug?&oBJnhu@px@cR+<JoqjDm-zkgTMWO;<M6wX6LE^fh8C(TqcnWX
zlwXAJBq%ASQ*k)o)B(;@$YHc&dGUSrF+WPkfKq+uCfz@$Ti+q37c}d^WVKlhY+JyG
zU%nZJ8#lu**$-#h+U<vp@6djb|Hu2m#`nWhSFru?=3DLe19wJ6_mKORWAo|u7|3E7
z(=mm(idsJc9{!2~&w_V0!|Q4DP^R(C+&6S>EI#x9P5b3{ar@<#h5tXC2RFRV_DgEq
zerY8UdYZZ5dlw^2;i4&ve#ZVd?24WTa%4SbjOWY^?2WpjJYa6H5O*JTt5Y;m<L=WI
zJcJ0p=YM(*+!RH9T<`yc?}Iv^|8M;-(f=xr?;D14`u}=I^dE06xF>a7Hpy8F{@<kk
z@%+sr4gb6R`y>DSKZ<|1{h!Idx4izp$-kQm7=G{h=ehWI+kef!8}4fWe=sb8N4?YH
zQD@}J>I}<jbcxbx*6EgE<Ue^3BzBLoM+@HE7LhRp7v@w`zSb7F+9H_dOA+zcr?=tP
zuj7@=p|4)c)cue5EhIeEp03H!U1V3k#%#$RuF28uRSi)<_-*pjuc3He5_cDv&D{?5
z-xoyh%u2R)a057G>v?Yg|BV-E8CvkEY$5zo`@2C&d-<tsek-@gcsy9#YJW04d6X1t
zKOskcNW6&hwp>nrniJ`MuAoIb@yBdr)ZKv^E9M{b*__f6lij&6&9&exg;wYvE_5+{
zCLo$M+*5apKBg_-dy&9P`7+(g2xhQkiN%R>HkXkdmPhdkB~7KntwMN*92nVhJWtTR
zJhna3F5fmYzy}bgN|v~^b??-%gw_<jrV1|$yRi?S4AU<QnceF|w6)l)9U0wSV0W<C
zBnFV9^_$5Wm(_(#1X{$%1qHtc;?qf1=V&rdR_6|+Tn)Xt*-a#I8<;u}ZIUP)P$28q
z)b~W>5XpJM4J;mfF20aHcl{N8#!F?jj#<jEOXdn@V}bsn!`LLQ=aZN!EBlwH3Cv<3
zeH@#Df8EUX;~#IP;0Sn{D3tR^y)Qa&fN;b7!R&ejhsW)oap2wA=ibyG<};vpp3#BV
zuz_bp2d+#sj`k8Z+Nm9l_O`Kcqb)V&x9u1oZ;ABl2p@m_#D9&C1HS(6@NvoyfRFB@
zzXTucwTbx1a3bZtp&jDm?ZqA7<9XU&H!rdMEcRhg$L&W(b%^g3)cDmbr#V!w5RrjU
zK9=*g&6-0|sl?N=BPdIwgE8#sI)*xTw?q40?DOi&8G7Wh=*@VOMcBiy@5?V|Ba{(6
zQaE~yl6CZ`z(^Y-A32<dR=v~UPeG%$Me8LjiupTDjbXW4Ep)3@@TUNi7iYOJzbF|q
zWGv?1Vc{W!JgZFt8n<fwA4eMq+1gxez1KH=dNf#ckOo50yPX<YhOo(I-86SFZDJc;
zBciPzg%BvrVV@5buszOw0ciVT>?}Un8w=QES=@l=bSuVmZx`s#*Bz$7U@$f62IL<(
z=)?2b0nPt_S$eF7X@ytE%vy1_O~rkLP%e4sa|;j0bJ+rQ^0oHyePsE;e>K9d^WxjY
z2hV}ef6ea@-yR#;4&Q#+`i+07<Mo@e=ohZv(+_mKexupvarx(6zdv8r;rcBq``PO^
zebdibzsRDWvwm})jjmtDOyl|qGylW-JuxS7{rd0^<^dh8-zOv5tzV+O%$;WUh&wIb
z3g`^4E#hnhq5E>P6Z--hQErA`R{F)#u9sWn=5ia(6h7qAhg{iTVlE7gCMTGoZe@=<
z@2I>?zm%bH2*dFh3$`Z9E8n|k*Ao0smfp}jjvpz6fh?85nJ_3<Ugmn-j{ha`q^Qh2
zncR9aUDM7MqTq4Oa^&9Hq7KT_J}NW}U$Uga4A7-m;)6&3;!+7vYm&{SOq6WxW-%UT
z;g$fs&ccAaH<Ksx4~hJ5H#mjO#B`$Du@4@d(7MYab;IOn*MOjNy-n)ogm#_0T~{uA
z1K6xDl>Na%w_~qw8UDb%LQ#1O|Be%ZgKV1FHEn&NTWqEDaq(snKu#Bh-~@Z%;Pyzz
z_D>$=6OXdarF^7^&m}2}bdOiOg266+Ly}c0iDwk?rtd4v5x!UsOtTO;pxfpW8n!!N
zZ=eY;I~%=J`|vk6;aT1v5B5)&a?9)z3kvy42_^~PF|HrpevuGPb1Rg8J{lK8_K4rP
zm1%%j<8m?ZYx@ai-~|61+D<tcU_(s!GxHWZFg=G7Tw~fe;>lD0#u)b@e`dyR{dvJv
zQ1G1gVa(vrtxhqMbHwU?j23;NGFl{AQdSIN-W%{3WRJN`#f7#gdHNe|%q}i9)m@#-
zGmNmfX@KW|)NY41yK-z`(Dw|0BOirE68&Gr!#H5yGuZ+r_7KQyy-oWLXo4%UzJoT=
z$I#_iKdZ^50<NlW(j6&ggoaiwdq$5UYy@PC{`4dI;}9s9TQo4xsXwuRK);`sgYoB$
z^oCf@>Q2N5ni*;RWFRB0Q)RWniW>`kW&`d`X*>}%avbr_bwHN5J?66m4aZ6qLOmbJ
zQsI^HWa-@e7&h*&F$>-s4MR#P8mP0T#PN)`;E;d8=-8p3k_XL%Z!k9e&4B+|!`ZBv
zWdk~zHiG`@D-vc-@&Bvz$<{Rr%%C-&@qt};4q!|e&%VODOt%|oJ#065xXyM}-JED2
z8Ixxbn2SYUXNn=DPSV0X<=~#H0mVisYyA5z06y)71Hi8JYvP(jIFDY`(Tjp}*LA!;
zB%aWyt2k%*{Vc{=PHhh%&Tkatc8C~#ho9%XV)q9i=+Hi%Yq$ApO@j339zj<O1*Teg
z^7vgC5rx?UVjz_2auelN^RKPMWZZ$*s7e_?V{D+b5L30U_n^0}>b|hB#hGjJZUPAr
z69xLx(8g!b8v;&HcQ3W^AI0s1gg(E;ERajP0vq{4vrGI+H<m{S4$MjL7xM0>5d5W_
zwT|Y?WY*VYzD429v==6{MJV2^)4!^Y9X`|Tw%SR2x|R8Cx-eNFvwHj&b++sl_seQ>
zY<6o=id2qh=-`Azruw&7lsvK)tfOS<j`ee!pc59b^U<$}#6TZ4Iy?)$5BKBoVyONj
zygq^y6~ck&1tDyWSjRz+I;9H0+J}L4?RmlKR&(1!)U%mG^kIN#AAsnWF^IA(595S$
zLlgs$8Q@tlp2IWo_TyaprP$1TVu&xQveoD~JN$-A5r6kCM;i~GGwS%KQf#xFBmN%@
z?*!)8P)B*t2%DV3%WdjR8{#$e6S`ZtThJUokd36pzp|dKhro58I2y8Dw-mHsLU(I8
zXA#RD9%(|<u*%g9SOxW$fe&a!Zmn=nYk?yveJFV}%WBeMk&<r#w2mSzTjN%3E;gRA
zYUxnRc=!iL1jjfH=Gj&@n9=^ZLrp^MBDZ)P9eXg(hI1vuzLtXTjr>u`FqfKcZwUex
zOw5b8q|(ozdpOa$N4xRnV>kI$1ORkJ{d{|x^@BGI)yXb@Q@)F0xvZc2TF44Z=ATz1
z)XpX-xC1XBdEm(@zlQ<D@n>blyni4oz4ZQb<ND9V{&VB{_a0;Yy8x8cWi=Fq2Y57>
zqiOEH{PSSuzvd1Bl~(79SkD0evO?B=4>%!U$`>Kxf7(HJh3ah9)t}E8yE2hgkbiw8
zcJ-EjCGFzcYxUmpovVy{9AgX^_jkU&zmfY{be8rvU;*3TO>z6%zmm3h?F_x?8skI^
z@T>ZT^V#^5VLlCvG{mO#x_{+DVut`h&9!&J>#FyoGa~p^x>S!~Sg+5??JL?L^kqZb
zv{AMzeZ3|hH+ISbJ>Zh9%f(J#Ip=*(ocwd#rL?hA1S32-SI7(;VS_z0!LtMxsS=IK
z0x#249)!aJ55EO9wotMl%)M-!T6*cxmSP}sc63h1pN+9>F5@j_1&!`N*C`hd6|`5!
zwM9y#CDSimK29yVv^~kY=>xM+Tz9sU^kfkJ{D0hi349dg+4yd<fh7mCfdD}P6AhRM
zYJwnH36c$)FcW4&6hstSu~bT}3c@Z#jS$>KnU15@YHRyhd$+c=9<7av*KPtiP$2>3
zmP?LVmLmZS;mZD>=Xq!L%7&x0?f3ort7Lcfo%ej+=RT6T7wf89xf;yBK1CL<ZR1y*
zel_<E16TbWycHGcaa_$z_|!<=m57O|glv<q7=L`9!BQR-+1jV)`&ta}(}nzBJCTFc
z{9HGI3v+J-0$I7;{k}#CK8@HG%(q1Q;nog0VoT=yQ(H3aYS@yWmR@*ECa;aPB@cJo
zl6!(%a!2<qDPo8}oKudLhtslH_H~4bWu=(<QB>w=crNcq-gaESyd)oZcyt?}3z&@%
zyBaPaK&v|Ok*)wAsAmkv8q7uo)Um$u6P<o9o2~Vk8|pKPUqkvGvwytclwTkF*9bTa
zv0@E5rNSs{bOO%Hqq3Gwg~3A?9H$=ae~t(;h|d0G5c{Lee|d#A|0lz5F?QY*?X(|T
zzGB3UmwQ)L+-$)8blnbOOGZ`2bc2h>pe)R|D##D20y<G1r5d}*Sq`bKIImg#(Xp-o
zCGdyY4ap+A&sO-!#!`bUK8E(4ZPZ{B>Vc0th%usREGySGmJi!l#{bDn%6mMo<@f6Q
zS*`D<zFr%_z>MxN(EYr6hKB{^fqyGJEbsdF!owR=1OGfcFcslO9V$w)QH%zr&-tJr
zbAo&)Ac99=lqD9%y-BmN3|2{4;=f>^p8Nz8dc#B@QA-butX@86fu@{gde%%Xb$V6?
zmnyOvS?a_t<PB$M<p$y8PAb&}#E%c{#gVA}E~ov74{e7|Uvo`5|63ig9cwC^ZE{IP
zjfZ>YbBzzq6_sC8A}Tu94@vF0-9LEVbFiKK+$Iegdh^y#IOSI~Y*``Zydj$Fybcff
zBrm7=_!Vbp&zev_Cy#SbkuZ$baQfPK+Pmp2^cJILeQNj36XdFYa`WQO!}MWUJ^>{V
zxx|F)YYDCIUhPu6ZzRa|57Fg=;QH#5c<X1J@-kare)siF-<q#4u(8_$x0=Hjht~OT
zZfzsZ(b`NtN0@ZA>{~i;<VFHV^nL6JJ`Cs!A0}S`eCXE^<tvts3wQC$uwAT(+{F>m
z`l9ap`AfE+bN(0Y=cY5bpR_(-DS^wAE48)mGcaK?cMjWB+lTRV88Gk?Ch8v^y<T=d
z=x!y@{rC-A?@X44RUX9FOnm97QoJM9L*e(MR2F@mY|Rfx+z(p}-15&a`K!~kWLzex
z*K~tHkhS<<h!1Z(&A=YdWh-@2pRS*Z>B8_w=g})1{_=GZfgQz((lB(@90`4;-O*L)
zH;t~Qb!u0-wEJOn^RHTQ*kBAspv%4FigZ!YV$7s2^<6_hgP7B)XEDHh$doA^8x9Gq
z$EH<UQ$=rT$DqMVtTkC;rtUCy4jMcVYEXy`c-DZrc{^)2b<?4iP^&gQ*DPk;pwe}X
zUS`hlrt?w~CQ!ina5<(d+>3>jw*)^G;-?JKePHBbKCcW|G>9}5A2AJurfF7RvFQpn
z17*TwZd{}l{%Qr&3O{zoFheZ=&7iuE52g!q*TM5aVfx4cMcSw%4MDxgNSm&lOb^TA
z<kCh<xno#l{yW{i7?C4@Mwat&<5y}MpB6~f_q9UQl3_CeM6NL5=2l{=_b&BtSFjzA
z`(G|-R&tpKX4Hx`I^hL8i+8oNSVeEpS-h&9#hWqC0>;%3f)6E-5t+Y5*g?!1$hKs3
z#6b)QdJ3@Y0kgx8VrCWFoVIDh!tAXxLpxD{1+dZTN+m|I5-CpHs81Y=8<5LK#FRxT
zD@$bFB6cm)3{3CX05-jA4B=H3mQ2(SZD!QmK3LA?HhtPK^2h8BABE<Ng2^k|phH4n
zVwxBWOv<#;4%|L0B0px-{S88geuF#CrS@=xLjV%G#7*Z?yI*3hPwg82KGY<1jYEBf
zZgS<h)NlAEKa<8bYhnZdeLkVbn>=_K+qAcC8)kU!()O$2?B(p&OJ^^-U#_#4xL@Mg
zZ+gF8>Cg77Bx1jQSJ2~r`6}6dttcO+)ng9#zbZ^8VuZ=1qxHa{tdq*v1#Hw+-w)m+
zb<c;oMmS?ueI)()zvSP$EiT-@_qDq&<gbq90eg1xg*8Vx`BH_;ZR(vJy7d6Fn$Ez`
zWceX8rb_ydh`@TG^_UQ7EY91f)r4>;uJmBa4trKFH1_EFOXvo*TJHJ`!TKrZ{#sX_
z7gZHx7%KLmS3+JV@7<jMn;3tBTW(J<U{oo&q>BlF7#G8or=+hG6VgM)C7ge}V8Rax
zD@qs_3}my>X69Q6EzmI`GVfA`&us|h!xD@;F6M&Idk-d@u)&FE;cO=uSh*ZPr-IC?
z?M<)<2#Pk$#g)F&J|R7rv_wysv?{bSje>POSG~&++Le4mh3b&b3Eq7PrSh0-MEN1z
zZ5@3C-oHI&G?#!3UfHF4@ux)wuv~Kd$_|zh@bDiloJZ-ZVCKEY9vo=!S-QJOZ(PwW
z3IOTX<@iTiP`*PejxsjERKiLXs_!pLp?>xHR=j+3l;i&+xAoxokK=QeI4-r9j_wp2
zfJhuKKMETQ0*q7ypjec?vLqd=JyI5$^)4g&BklP81^tnBl(VEl4?RGR!{(U!nH7gS
z8H**#Bl0|01lWRRUG4=BucX*LxoG{5<8Gq(HO}77yPJBkgu2LEIN*ZfOOL}loV^ua
z(tb}TKdmUBH)F*hGnS5X$dAL91+bJuuECT|_kT39^45!(%$2K_4a^9hua#P;>3frA
zaFt%us-%1nQIbLP^4jTOwIF^)U$u0;`B-~_QVJ+6ZHKyQU|0=bi|W5eFBcqsVURpI
z<Po?^=6Au!09q<|S%A-b&QTDzLVm$0)HK%RW>$ndp@k>~D?Ai(K*J53Pnka=Gg&F*
zjL9;_=^00`UReq&eU-mz1`(HD8cAF64%a<P)c{81It`Jr;_eB5{%s7$^cR17LC5sJ
z(+;ZH_YXAq{}_4Ub_MI<Cc>}27ED`b2<E8ziHrH=+#p2z<3#v7Xxw5UmH*70Ov_Da
zPu6`NVmdp_N(*;(=;pr?(dC@JtjhyhmoXd?(irS)OpfW0@Jw2Fe~rlT3ds*~4s$6<
z`E_uhNC7r9o(8MEd&eAaShw*Qe~p2Y$meH&ObHKxZ%R8JWcJfVGU!HdOvtOS!m7%E
zk;#l9$_{edcr-u0N#934jN$%rG2?|?lePSzdi+j#n6NC0EDW+seWpFg<}uMnAfBmD
z(9!-jK!go!UJWp>o7lWUF6$x*A%9C^Gc1Y_LfS`%yotm4HLEtq){<EKnt_dtKp?RH
zF2uGy#ztQCeu!<m?(HzPEjIrgr7u|7))V&(f_^yTd{0{p#yMPDaBEu(wwXE!am-h=
zebXFsN$*&?f<<{fa?I~M%uZlx@vvC={VrW!@NQx^eZkq>Sb|`&HsY7|9`ps5ARq5J
z`cKHmMTy~;M+eOrxjo6pFE3;h9b^9&<l~M$-Q?qaH^$nQ8?@0HCh78VxA>9Jh~=st
z`+}M{WK))y5hWozDk=%Dz@S<fOhhzEI>T7;i40>!hrwvBe&_q>@c=k*w-6W&?OEbt
z1eNqj4+|<``;{HJ0`$Tw%;$g5JQL`h`AvQQ<QcGxe!P6Unf@$N!!k1Q=ufNfXehuz
z88Bbl+b1FpwB`nV4%uPbyZ#}zz27Se#)pNAI}5`EYOEP70La~IrfQv}Q_?Q=_YZfw
z)Mda`;N<&IL=R5>QB`0Z6L7wO(BnmER2H%gIy6=?wjo0c$)F>cPPg|8Z9%t2+}^jZ
z4{d5NGDcfg=Ywon&)J6kGwb=8zlZg379%ewc1QX#)}kSy={h7S1D-d>65EfA>UkM?
z+A^983HZbCfwrDG7hO*wuBZ7>a6P$HfDhMGWkq^^)lV^iWxyL7a)`@~Mi||X2rmpd
zlTyH#G9X@C)%CQhcx_dKMum8o=vB>nfUWApL@j@36u*%X?rG^3bWh8k_zms${wX%U
z@p@7>expZxn!#{tg*gJLKJEJ_km?wX;N(W!LF34tkm}?guszvzYd3n+ZGW=E_h&AD
zvHh`V{9muw{9ocl`M-$qPE5YU^B5d^ykVC)p8KNXX)ej8*yFw4C)W9gV#<1na;_jR
zqr%;(n3^?MxBGcwa7uE6>^4Kl@b~syto0Ve$fm3$n!<#a5?DB5I0J^)MVnzwLXf^V
zb>tQnZ?@^|XhXMnv-PP_93sHhCzVtuU64+(+Sl?(Bl2E8^qtY-m!fflAsidLe;@`n
z2*++3SJ^Xb%d*;&5KPEg8Q?K7c(+Gjfz<3UED#3mcg<(e-abC4zrDbGlP+bx7vjXb
zPj`kk-GYeee&^cQ)BW@J*mR4=Q+<zcdZJHwhE_N@PRAt5k62`GKdyFBB45+toEg*y
zDMgmzyk@NSL-bY%)H$S9!P@Q|SEi)(6<QBXRfgO?#cJBJXy4LA_`Jnteau|BMU*x{
zBiDAnB@#d6byPi?WN?iw<Z3&3CG9xBqRtR8v`g`C4{Hxkk(;2GhS<5<qC~s3!RZs{
zHcVAag{4+|orQZ6<2!iyM;KO2y~q+p7+cr6uHtHiMC&@&Ak_QScwCvHGJN#AIR@K@
z$nE&Af@!Sdm1IGbE7xXVEX^*4Rp&6WglM%K(dyWJL9|+kSQBXMR5;Z;E$lpzY0$Wy
zXvQHZ`B9Aoq)$CD4zI<rW4=9t;yyM!2F2x`Kp)&P#Z-riIh(b@%sqP+>v$O9u?7df
zxsSoYEmnYop7C=8{i-jzM11Kp#Kd1mO_zr+r(NoJkHj8tS-0^b<LLzHq>ytCebl^x
zc-|dI<(`hC$_ATB)Ac3>#wkAl4EQB~>PzM?<38900P#Mrlyvg)G)xQlzV%GyAk0<j
zRWn!~i45!J$|c3t`o|v@WrN+?`1oK!IxR@+d>CjQ3GWWdIFVtqc2@QiU_$URYg=sH
zSos~hwXX6iUTWpNK4{WX$o-<xZf)gW_7+yJ7dd;KfT0kQ7pp(ttkuJnEq3dM$IXJ&
z>X455GaS<Ag7+}Iyn%ZfwaV;yvGprX`HKPTlLgje3JfVpka{_=-a=b+{9F>VcVsw}
ztQ-7h@=`|c0{K?!`pWj@oVIY7UFBEk@9g$;(xSbUCzmJV++gZ<>)Of#g0*3Bszd6<
zOZnJ||Myxx$x~>ixR1(9>c?Q=o_UP2lyo>y7rhddRoB_An;$m=Zt?X+%J52Ev30kN
zd)Z^JhFvH=!*j(=zMr6ntki+kD7<Psukc+s_tryvpowo)d3Upsmp1u_M(uy8RIrhE
zA2o7MFicZ$LXg^cYa92>a@w%=aQ|YsQw{{qGAZp7T%FbP_-w#5eahtN_2x2pcD)4;
zZmUCT!Ci4ky9DpCjAH9HIJz~()<&GMEkm_cbsC*-V_$JJhi#$mD&LBfmpfLQT^7OG
z;z|-_(<h>2+9*g(0?y7xclk7Kus=OGKWRuk4sJcpJ#!5-a46*g0I-P;W1SFKE3}>|
zlZR}yS<hB(;-1CQ>%keWuUt(<LIwA^K93KNb{7oc=M8|cV7pG6mu&}r0`34nPFW`_
zB-_sCY{fWsZx@_mS3LJLB^FR-1OR>}@=C!#9-yr?P@Lz%T6aV*N|m%?wx7vBpjvqA
zna969MM(oV7B>Q(oxTzFb8Y2TQG-Ety^5`^xSuxbM(*Xh!i+;zXN=BT?1}AWYpAoz
zzx%mJ`m&+JYj$M<QSIVeyRbCv0A3jbc-eUZuKAdaKy&UO<OBErnN$h`MpH?Ke~?~p
zI(Z`%ats)`Cy$X*_0a&{fmXFlPOi5B-0$F?-O`0SyO!PT<CSZDja|si*rV$m>Pjk7
zeq#Ys$KC;y)E;dX-1*UlRj5)xU$v}fuGGxCjC*4-VfafT`~t0Ovu`qJmAf0&4h37I
z1vi_QXPSAe_uJ1%Za@}zo-U_~%Js86V_~e}8E;=7hX3W<@pl+F1uH7nba2n0Jr9F;
z(=jh<;fI+l<v-P&dLG8`57ufa7pj6%&|7wzc=tM^I_~wsIJ`y9RmzN#8E2XHBF!jW
z&R3QOq+FbcoC-rdeuqQa?+(OO&S3jXOVElB=CW0Uck|f`J#>=*2eKSkkNv<QaQ+<l
z!1@DTWeBghOyln`@tmVw9w?=<qQhTuH5SbX#bM1r@(6t8c4l0diKPBok(E!u`hHfA
zAP)i>u8Q1bkC4;E(%`-U60JW4yQrXej_+Xwf%@IsUN^9$S%q4(R3Q>A6MUG&GnTp0
z)3o_@1FO$tXT=9A!mR?cpv6q?jj$F}5#;07DYXqS6;slqy4H&_@tXQl{i<%T0c%pP
zSiRC1ZCfalFKCT=f@QJUbK5|JZ!u#SaCr}Zixsj+SC{^I0I?2%++ha4$sfl;Rq3bM
z+E4p(HGP_<kBy931u;dOYb8p*k`eHUXPCS&AH<hz6kk%p#242LICH*KHg$%p<AUlU
zG)6F?C1HiuO+MoTq`hc}$whW&@wwD+RzMd&c05et2a`RPUu87-Ux<<4D_Xw71ivuH
zK@lR>i$pH*iUL^XMhG67G_GCUa4Bna=V${TrC`Uiyp}OQAD$j<&^SS7km~^+Gm|a1
z;dBfs>-(neQr3M7BBiY1!<dwXb&6uHw@3M9%GPf3OJ63i;Bqq<pR1?t!T%nK$?#T2
zsQIMIkTjD<YufYC0};~93s=OJW_H}oxLD^6A$W_WPtqL7VyKfI-O|H?gp8hr$C&EA
zFp=zoPPPb?GeV14Ke%T-Qh#kBf4M%wpD%)51YPXT^Nn7X?%iv_dw?n5(b<4q239PQ
zs_|e{gz$lG$mX88n&Md>$f7|1#x<0RO*-g9M_?`fBC`{dnI#+NaSK}Jan4puX11ZY
zW`lD$re@pbFxCs1XG^U^wm8d*mAeD;iZeGBOWRy~HF^%Oq+~ymW5Cy1;WbxZhp`ET
z5KQ0i|MhcJ)@zgcVv3RF(B`EfUZQKc6sc5V60B<;zn_;&FiP)1k}!=vGV{-!Z8l-_
z370;YS4<;?Q~M}=8@aAjVw7<!a6-M2Ir6H>j=UzD)M~5Rv%HwAZJuZ29`erP=6H^C
z3q1y`7+?UIRr5LkEFwF#PAFj4Z_4Y)3$W-H*qvtRHrX+EzDa1T!~KGdNhqnvG5Ehn
z{s^#N+=4XRuC1{4ZMg33nD=eO2^;spcHUUeXPy<U1v{N%ZOW{`JbUJLo3tIbi=8jL
z(}M48gLhn0(G>_$zPrw%@y8D7yhC~12#cPgm<DN!2G+)__7?M+s`f7DYB$W|9$E{l
zYlhV|<La7$%kj-c#2u#WVG3-#oZ1BiK*`n;Qym_|5>si)U9#Q7&-_&k%NR~EEK`m*
zb|%949Q=8HIs4hD{k#xyZnlPoj;VVCshIcad?2uV`GYjt)vW#1TKinIlC9LqeTRDQ
zrl1U6fmSkvC%xR1mQZDdZ?qv;ZVE@!ia|ZiDnr4j=i;yg5xPbI-IrOe*mU<EBY$cu
zFrZl5s8g-D2lLgbVa}WyX+(?oF}RQFlQV#@Cor;hk<Lcm!%|zE$RYi2$o@-q$853!
z<Ldf<e#r*ltd7xP76RP>{QQ7e2H+icX!tKD+<p~f{2y<;<nh1ynvFj`V*GwF$Dgf@
ze=<8X{))pd1*ttufna42JHXXnYp{azO2>Jf-4L9YStN>pt|Zs9=6}_i7gEhNa^NA)
z3esPk)Cu}ajG))Yu-|FkfEP31E!I{%Hn?K-nxNl8xB>6M>1??P*_yq58jPe4`W7W#
zVEPRB-aGU?;yiftxYW*L@ui<fk~X_h5$Ewl|5)eo=`=RM?_SH!BUDce(>dXd1-|vC
zCBYObJ5G+)Q>g4=AG6`(0roK;KKj{59*gC&k2Cd3WXUv7ErdRl#RLawD4cKb?+)s3
z|1bGZM&|o{Aot&q|9!^)hJ3$2y6%5RzF*&6-*CR){2j#xbUkXBaXI;ZpUAnCe7_gW
zr^1wxDO=k|8+veG%4K-1rG0cPb>;eF5i&~me1t*qr`wqK^*p9Vc9qy;&WalIV)nWo
z#^2x8<M<=k__?vi-+uHP8UMbX$7iBc!sfQv>%Z{$41dpOxd(_e6|?T%)VeEF|J2V&
zYEsSXK}i+}Ol7;-9Hz2nl7i;qI6aFJiA_9`O0{Ar`iar6NPL~n@b$q$hOhZm8TV#9
zbnk=r-M~xbh^HTJW7zv57&)CVaxP%x=OX*Jvi_ec4AO)Awje#2&=#ZzMQuTPP{=;o
zE;6K*hP(}ioYzgh)WsQM@L>7!&7yp>Ltdt$wzs;kQ9ErqV^RJU<`g8UjeHeX5&diQ
zqQXKQcK1Mn0*jUq>g{9fP|{H%%Ru@`+()kF^zw@Kb3WQy3Q>OJ@#peK+0Q@Lex4ao
zeRK|UfPr=kwN$I;cd~XB<dGWmi)lxOB-+0-jlot`IHQRwm`@(LpbDm$IlF!v4#xi>
zaOhXROqn?=;SX&<UUQyD&3$pOA?U)naSC(c{J~Wb@+0oECjwtJGDlUmV<}G@#kDY3
z+wLpQ)$|M}kLqd_xK9P_S=_PUebQ=9QyN3mw+Pa1wcfAaE02cDs@Qyjx|E>5Q^@@g
zU7lFVT;>TnVcXG2^@whSzK+ddtv0Xdl)0J_`nE4)s7Fdqqz2U^^)dWW5vlZHoAZ;S
zJtCDnHo~%_F_B8ILs3ZO0`w!4&n)HZ!#$374I8g8_IN+>UEX+_pKaxl9>=>!JNP3p
z#~X2(<7w*~(DV9O4&;P=vB#@bdmb;Qe=>3VfEVb{l>xK=2G@sanlz>#qX(<V50-EA
z{Ax&r21W?;l>1WBGE`YKY1qTO#R-=7ggMJ8W9>L)fclJ8c?R7utG+1dPN{RE^W|O2
zd|!L(-#6bE4#$}9{+0jIe9yi4@0;(y;C!v2`Hub9<~yz1e1qlbmjfX*;sj72vka}!
z)vxxT>)WMF`bK|@O|E(>Y|>%)@Z$6R?Hm8*`Mz~1#wNEsdD-*r#pb)=^=|VG8Ymh)
zEjl<5$qT~+mo(MSeKEFn_>=z}JZSU1`rkO;8NL`>>#F&e<~!%F7n<+Fp;6Z@a2eD6
zqZ(tn4b_p;y{J5-#dBy@3`Ok`?`xF$k6*;Z`ycI%!uuDAAIWCp6<>6`ak0lMyUg*J
znkuF1;Kjyk{5<A(JNI1Pc&su($_E!6@6OocJ#?AlF)k-%#YM+ExH0B<UAw!F7u(+*
z|Le)&9ZhATlF%EtxmXVGnnU8r9YJ0&!r`6qItj-P=)54=#k+aDk7ms_Yt14&-Us<~
zmT}>%=z3Y2y=>vd?SmMz(vy7<7K-a#rn0RMuDSn?$Tf=*Yfdrj2$~0J&CZB5r<~o-
ze&)jycXapizivZ}HD9BK)~s6*ubLKVMcid%R>TqHt66n%d~hS1*YEdV44!`48WWyg
z-+4iJ(gq6yCniiV_H)8d_QVz@G=XN~{@B6<i*rl(*8ZR{;lxc8wN2FE>&g8wHgV^H
zFu>9D#gXz@R0vd1JY!0e0c=h$XyO^Hh>R~m@l1=jEZnb)XPAZ`<EKdB5K}H2xieBO
zyNJFeLf6up9p4xGdOSYO4FCSVn8$Z)M>qXeL_HE_uYK>aAJ^TN=V{~K;+#Wa5B~Hw
z>}=OZxLB53ZZp@<P~&ke2s*@Asw(0P&IcXxJhKChd4jvaBx0Zz>T`ddiJ76u@Yo<q
z$Mc%i$x{M>s(ho!*;R)$D(hXmpHIb4*kJx`g6j$#igXO&MM`{QxPFmO;698!_K(qc
zNuT-zC-~KS>Fm^3jT(X31ZHgxP<((hCCt6%IaC*isRt-H_~Y+iQgHBXxq5JLu)BGY
z`sj2KYcpX*mv<0-$Tu?2B6$HOFEbZo^(`u%?!PWnA6%<@%*(}{EMj?=>qbn{>0V>O
zr24l{s;V4oFjO2C<;M*Uz-jBy739DfBY7p=U{5pnKY%5in}5M2yv{sIp1pCP!T%dQ
z?=S}DMj6v~P9jxsdQ4StSbU>=6;`4Wt!JHig4E@|B1~W07*BuP_4G5x%i|FftEwBi
z_U{qoVSLSYX9}DQVKv_a@K~$D744rz`?(bMvqOt{mM3EU1!g%XhlWNE<_+ML*;$;w
zpJqP~tPucA9M+@G@<~+%HySFAV0v3#fs1KXox2?Xw@LDCoywws^e}AGDs7u?>#W(Z
zypEk0Cez=ke&>dP!4Xhl?*ARajyyGb&;DF=fjx_akC}QhtEVu+noCa)s=o;zQkurc
z`k_^zt$Y4}XYn0Deu^Tw5qApm8x+XMtkHt>so*`FEaa^wqjcRo?jcX4$sJQXE=Wnb
zD~FJWc^>*JWC)pu(cd5~6TSkLn8!Km&>XH7*Bs%hKQ?r$pNUrWHE6ZSRLL4E$^~8<
zSKB+#<nHXlJ++Zxs2kpZ8#&jsf;Tn=b_<l%ssjF-tcun)*VS~QKP8}dqVvXa^}vkH
z0i4`JGjjm3IG5R!Vl>sOHffDZ@sDRc6avr!hMlSkb0?d$`aIB|^G$z?fL03pkw$R7
z;{PaQ-(O&-WqIdun>}#&R|>`*2q6HW7V?0g78$-1=mD!tP<D+bw=FHGCRl4>totp(
zH5D)A5Ww;8Y5J^HTjMa>=A8`N99a;KZ2-TPV}4Jn!B8~BVwj0V+SGUVZVB|5U*Jt6
z@BSFiIBs#j7=h_X7TzIayF8$2VF~<6X{JBRveh>ap9|zQ17f9|`$46mn<~P~e@A-5
z)takLcP$?mR_}FzA<R(J9PpmtK4=Btws5t{7Vq8!-nfaEI;&0xDnIwf!|dS`S3LzN
zQJ#l{T%mC_-bHlhNyj8?`G5_={g<WFytKXm-g&+ke$z5i5yMqt(L;a*YXdJaYROgi
z>Baaor1k#H=zN0ihFo#{+bmeOdS?PN;PLXp3_%`<n%J4VtR*hk^L#vIfS-w}l;?<6
z0O$l`wEs6RzfaB#a71?r@)GD}Mz(_@Ldq--852nq!)(h{5tsnRH&nCq2#5;`EwFvn
z^qhJB00qWQ11*T}VMN!je3+d9X`eFI2A5*hLoj1C>5k0-eK17h<G!DQ^*R{Y1MH&=
z82;)=gK7cNg$eGUSvoeeXwBk+&1_wx4XST(3XLEgRoBf=VJCsj-<S?C$>zcGiJ*N0
zz>8cz<o6j65kt<yawq2_J|bRL&f_tsiTix&qFjE(c_WCRLa<ga=Ptpto@k&ws_s0+
z8GJvZYo_m~`+T2J<3$-*|Iq7A(&`^#Vicp7zsY_>C!jU|1M{AP_NGPY@<7>s!#O3H
z3V~F4ck>%}^L<+UMLcu);cJdKC-IVxZ}oAt1$}wtjsRC{zaik=6VGov=-nGHwZa=*
zZC}1m6W^yZ;(S-ozyhlxY&-<ml6@BBsrj(#LUODT<OO^XkCFqEkmu<Mk7_Qrj8{c!
z1e;a}=##~l3z@3!z_t8o3PLC3130y_7=Ubn_V!E_=pa}93j>Qte^sZih+i8;qX+S;
zcejbWUwOH}$XoAGUBeM!0(-p8Asui?tJODd+Z=F6yB*R=QD%Jr@_gK;Oh)9{X_FdV
zZ_Yyi)n<{vP0KMbG)O?g)jWiz9iz(p!`2W!ETlJZCB8g>nb`9&0g|dv4bIf?u|D@d
zkLOvLRcOH4#QAKD>O?ZKKajN$uVID%Tix=5UhvMnsolAEgLf{S?%bO_-Z`%NrHFg&
zdYN6ny1&5ndlawV6SqZPzjyD8zJ7oB9bCU3EsVT=Ke{ja`qiC*>v#Xc;Psn&U)c4_
zg;9L-qy0OPl~{<|QvsZw6ZT8ykT(&nyIn~<R)_%p&+iw2rOUYoSvoGrs{ntp)899O
zUs;FD1kMDDY5i?D)%2n9{clH(M+C@tOB#KhiNnvq;lFpG@&EMg%Nu`mkK@mT@d+Zh
z>Ir880ky)KX7JqvpMvbqA@$^O)Ns}L?m9;s7PeoS5an(FT*9aaS3B9r2O0~yxMzQH
zI%<CbIC_UWssubh&sumTc@S4?8l=-RAV`&8_~ydP9at@ld%*(;5z#tXKx;Zt%-$;1
zi^^M+<xu`L`|~G{fu)VkJEHTOn7`J&CPT0ua}Kgq6^tT&la*cCr#_nxJnxrz8-x{s
zDxCN8bpVH@?-!GY&=dJ725E~g9R_>T7#iMH<4b@?{$9+nn}=DzrDvB1xLQ|+e`zpr
zOuG6>+2%mR@6Nl}0a)~SKzD-~A5TD8jdF7xbo$Z$Ih&oXE--+Q@VUQlgwU`Wy>n+@
z10usJ8Uolh*AV=~2r5n{3!haY<Kv7QMyq;x9LA1>wQ=rX6XG=fyodRWzr^``dbK{E
znOG038pq5YmqyZln=vvz-=cF;ock4nCQ^UAMWgl!YWvMN)xWcS?{Iz}&VU{BZ`m=g
zHd7M+D11foMFuWmP*A=o$YSUH%bW4MgB+KPgGWgVl{eE|BZb>P4o*Sqa>gHt#XS81
zin9mbyAs}BWkZBDzyXw88E}sM@X^i4-JJMA3Vu-^yAS_1s&ls>QyEqNN03fo=6Ja`
z()MnNwk*A3dEC^Yyd;nmPcFHaN)`nzksb1d=n=hKOPgW|b7@{K26^!<AO_yg>XXQG
zR1%t>BVq`WP56Dbb07E}#x=ZjUdTM}kd6x81Ex~B;AYYKJ=HY`7D(R1=uh?QQn(9J
z7m&b8Wl~^X<`yi8d<=s~(p~Qc<$#1lQ73|w#>!P97(D_x{lb4T&Ya`{8;gI|$A`g1
zNh5*Dy?FN{K>aNGFs`lsU*>uI=o03S7mXe0tBS0SbUeCp4*DaOQ&qKb2y=rzrkc7K
zGI!h-m|;O^zI#ksNQ%ZNuy6MOXF!<0C{OZX`H`Pe4Ur-xNt4%`dXOgHQHl6I)n;JQ
zBpmh|orW-J@}wqBf`AzN#9Is`$GvA@q5w#8Btp`er_+ItfUT?xJ9JI1bc#L8lV+4B
znYfoPT9>M>{+i3)YMv!K!<!W@9ex}-*u2v4g9YwJ!X+A4GieVvoXo={aKalfP2Y4R
z&D?^7GXhpyrR;aXS#KlHdv5dEnr7z+6o^FQUOw{>Ol~vFJl&6XKMD|VJs_)jnQNt1
z7rsFPR86xhEpkxkZ=?Tr#d!fHS4P4^bUw%qUU|w)^&s;>tiC4^wI#E{@sBdulGp6-
zAHqi-QS$QEt<G_xVoDNP)hWuDLeV;=4dcCeWlWoUnb}aWMTE;>-5Mj_d%LY_d6L0(
zGgn(LD5gd}!4NrmRJ=DnHap~r?5!)|>*Pdhy%P@aSr*=HOBAf@orC;C!=Fg&rFwYm
zGF$862+6@n3p=qy$#*afUNIFqtj<OYSEFFeoHC{nsJ}&&zhf51f5+mSjgli3-*gw5
z%`_3N`U+?nsMn^$)#Q^C>1pI|j8zrTpk@Tk1uIc{3vXGN=sW<doOHs+F^MpY--sit
zxsbD(e^;->iB-_5E!5?H-g`bCgcc(@u)A9ftoo*A3+B34-yB@36p&PdH^i)dR+2_q
z53@fGVGa{QCL{8rzz4dA%LWiAQnio0>WjsI`N^jV`bt3u`|-JH%*%<Y{$QF_nYI$9
zT?)@kDrP|>g%#VGngd-hv-*hR4bLYj=L^bH_>h`AkL7I#T!L#Atc_gFgBUkiTS$9)
zFQt}@@Dt^g2_u)}0D)SH`kQY0yP1Nt3F!|L{;<;h`yo8^l?VhQuZ2Y+!B3~Y;-$?t
z#9(=in#0~Yy!rPBwh#(~-*wt#XWo42=#{1uC|>%6_xh9hy!xI96x=}6F(sCu0!*h+
zVx}MCM+S$fzW__2@~Z)bCiMSZ12j?$s=KnhRC*irUA?)d4j4$^HSgsJeHV}we~DgC
zg}E2IZuTFfgri3HZosv6QwF6w@Nd8doPfz){pkYJ%-ZOM1o&WiPM{=*<B?EZM><=E
z7Kb7AxLYHA$JIYfV*0Ziib;P)2r^TZ)^Ifi49i98z^)LDXHowpP{E)e$!jAO*zg~I
ziYl<(-Bn;!uMmIYs)<&Cok11YLOWA|9hx1k0*j2F0<e<4Ac}QP#0r9Qi%r(L$~1oN
zX9D-}j5yv{$6MEO%JUQ|D`w5aSR-9?(8hlh0-gf^IRq5=0W0532PwnYLf`9fOXna5
zgY^RdC;&Fr^WI|s8@qx5J9Xi((PYTmKy<2*&pd^`(^kUfK(D;Tu$|*E@~TNNo)$9O
z%j8i_4y()JO0-!YG;!5Wm<)zug~vE7Z?V+m`aBAsAz^xH5{t+3KxaVEjGL)Yle-Qn
z5sc~op`d)ADVNZb@V#>!AU$+%WU2|woSqJ_@pM)d(d-wrgqNCQ_|CilpSel%_+CH)
zeAwJaYIAQFGFxHp%{2Euws(v;edpxxsegfUJzNwv*Q<GB7ouLAum9&cYxucq5IG|k
zBpBEDo{Yzu9|5XaixYpYx5ZFg9RREm&jdfSs+{Ev|KbWp#ae;3`v`cEyAMmq3131=
z_!53bG1+>iP(8<CwWcRUtE`?5Rri@<(N6&T@4Pjd1>a(@6TZF*txZ}A#B1kr26e-k
zb0CV%$;Mbf(gqQx#Se4z59RuYLj6Oo{vkvEV9`Ic8MF_(^$#uj2ao>YP5r~K^bfSM
z_t4FqsVSb$V)Q&4U2f+fMKWV3`PZj83RPw-_W|{b)UH7A$CnZ;upL@o$aMV;DfZl_
zvyiGPx8+JN&?kQG+tj)BIQQ(^_}$pVNM}?P4&7b~dua?tl8yVj7D*Ni!JyVpXH^)P
z!lw%V>RD;$U{=~!=?QD0W_i%r_hmXdaqb6M1xUe^$#L*zfi^c2&aI7mwoL0Om+2`E
zWe+rzDOqP7$^%-OR4mV&)<;ik%N%#=S$^S3=|Q*gY}}e7=7F02kJ;)NU!m2(3Co8&
zTzi@!N^{KJ)8$@iWCi{*Y|?`!hvc#Vz^Qp}7zC*}9j8hr+YChS<?8(h&jr{Hh4*mO
zpkJ{=@fL%~qUoXn&6Tn1ULuVB=o<`p=e)-u<i3a-=)HAwz(0zgdj<r{6R(dpsQqqA
zF<`(Yo`W*>g_pEfR{amQ{_(9Sfx=fc=}wS0=XSzdAL3g(Mu)%kZSAdG_SUzww{q1l
zW?<Im33rGn<(G!cl&EMbq=z#?5AT47BkAFHLJ#kShXd*1L!pNcMkd*H29xamzTZHD
z50jciHu%2QAX}}*26uOB@I9?Tt~wVR%<R@+B{g6=DRm;YS%ObM0N>lRCE&OE$N9%<
z!T593!2UqMpX1NM{4k@i%}3A%|JK4^t(8Un+0cOoe|#{4|A#{dYA0)nvye_Dy?rQ&
z_*L*$Wd0oW!$Bb5$$v)_A&&n$%5=^v1gV$yNKg>nx$&d#ZDRJ`NA-szrz=!tUa+py
z%+=D@A>P)<yIYaB&B3yA-a`faDxJj@x#B~-(FgqPAw(F9Lj0{MOFcRsi=3}U`4<@U
z!@#60>kGGw%A6lpn{L@0n4*jtgNj--Wm86p9}G`3IE)8G>9@?7`4^n+6vcEHCeCEk
zUQx+VFs(i7eEDzvZvYGW>JNYgeg1*X0T%yRt_6$0&h>pXlf{xXpuWR%cZwG7VP@eT
zc7q{O9w!0(y)VuOC|_<?cR?KWrO1@XH;0&7;a#0C5l-z!jusx_hdQ3**yY_rqhoU+
z9^yh4q<nvTjvfY1am`!wxaLoaK^z^1<ggXf$z+}>wT@|VW*4InTAaDI7{t)MddT?N
zVkU^T2zos8YgjDcMNfU6CtRN}jV(xoUDg>bPj^Pk!x$@3o(cl`ogtmjCjzkCLeDIB
zo(C87(k&oiZ*XL8q$LdwE{WT`9i-c#z+#^ejXTB6O%AK6-8n*849x3J>4fV5oTny;
zAFt_fWeUcP0$OcxHE+RcoT;nOvq*jQ>J$ToWzK@d&5H0?h~z&})o1IlS<FJ?>dqUn
z0_IQAwk3VWOJ6Xc5eeJNj2=7W_jILfZ=taf-{9T(@YYGf?)-cdBgDDC+Ce%AG0P~e
z#E<;kH-86ztnJ*hoko^D<_`}W4OpHb6&c&_e@d1KnYjtg5fvmul}KN@)DLr$49v(Q
zFH=zfOujJ?2oW3|`)@XC9RQO&$6aZLNj>8x!phhVK`C2ElatLLhM5`llXmjbAyM*?
zM$9(dc4uIrSv|arggT%#1z8L;CO*z01oN4e^pniA81&5<Z!mP9*5Y{Fv;}5c#~LG7
zQ%2dluD{wl8ZL3M;Z@+*rXrP=i_O4P(9ga>*pD<Djam<6QEKq{8iO$KFM6c1^jeTX
zvxMiXPY*_*&krW6Pk9&F0u+d`<h7FW`@f84DXvc2-bL>zbv9h?XlfdS1}P4&`h+)%
zOVD2sQ{e<jjjuM2_`u2^5k<{@bu`I9*+fxM1|p*Rz&IuY9hizl@-z_1m;MMu@|}_4
zMAG^r?OlA0=;T=KwKt{`mAsLSKRsgna;);<-rt4h2W>lR-U8C&-W`uD+BzdUeUjYe
zWh}n3+^kl9Nv>90&0i_kQKKM#%g|A8qT)-=UU(M%1ZfNF<e6#$*HKx5@}OBzo>Vp6
zpasjrYx$R8WULnQ5*3D@PJ`Wwb~#|w`yq`Ifp?@w2%PD*s)@#rNKM7rPmv?u?oL7a
z64qhDvYDc^2SfGbG_(3$<M{ybnk-jfg+-8`VH(ZBK}_2jjhOI}Ch<Lq?6O0ClIbuv
zfnd>FOC2HPwfBr~9hqKI`t|9SZiDhi92br2#LNcXTF{31BNn0Bag$9t9+5vH<=wHQ
zcx(q8HCiyXVx|qkQNO`_Y=EYQ5}G2NjCyWpib3BT=}Q}I1W-|~=J#-tbPT>%PzaZ)
zG}dn5=@0=$CJ#!TgiO$^5EFDa`hOMS!|#P2&g)*7fK#9C)4edkKh83aXTJI{{ObF|
z*=UYuz&X7^IX38ZF1kTtu)&Sk;4F5?>{Hq5mz4KrmwJafG-R}THI0SJ6^0&Wt3TEr
zj)aG?_1z4A3vjrNbyzizmwv>=$R8myR<(S-fk`S3X$>!ZVv|k^Qoz<xm}7E&SCIcf
z#hQ^I!zo=O$d3bKw5G755pKp`@CttZ5DBD$RKs#7s0hrz+zG6=<X%ayen>w6PVB4R
zc`Zhq{urO5PfVSy>b{(_@@s^8^#o9P9qOAKj0W3^a|Z#(Er;7k{pdvu0pU)9OKQ>Z
zR4JN%Ff6>?CaLN>EpQq1L{g6evPXT;(5erzP%~_B^~Yi%v;l5hx$hNX^_FI6`ywje
zMQqK4ZIo?ZdMKW9a^xCag9LfGnN_K%`;r!iJ@_Yt&xTT9Dhba&Y|z|s6)I8!!VKoa
z&%o+|p{b5qcRs)hO}Ya{S2CVuzB(Be?oYzqbtR}jcc%n5MZF$=i2>Eh*sP}suV(#$
z;l|wehH7~A4+G$}w9yPfK2w^)GC;}`eS*e!-~Zv3P$`XE^)CxUXP|!6Y9yfAw122U
zYoq=0JMEVb_J@NTv(GR$*sA5c!I|7JiKli>)*epv&n-rSXg%R9#XWn~=(-XU$aZ**
zuB&-#lQRbzQN0N`HUG7M@4A@3Iks@_<lTF^(8u1|<l3w?yb>D1AV%h<Ok5_e>V*%O
zr0_KS4WAz{tDWdlhP$1@yFCELjWd0lU{2b0k9;CUb2GaQUVZLz?16?uTmFBt2ma`W
zOR@)^x$(bg4~)QXq|89ac3gG2O<IroOUa3KZz|E-o2h_s6X$SudN2_&u}p;|qOgK5
zo7KC2dY)VY^2PDatU_mMv2-iCW21#3mlB{Nb;)()9N^zQ7nA`TxawO7b$%^)&&LTM
z1B%SP0peXY`tW&u6M|-rt9Y*XG_Hp$I?bcQ#33BtdoWHtdOcdV*OW+=e>ITshZ`;(
zK;iF`QJVvT@hDCO4i{y=gX)4oluysh%G{T#LJk~fR~*(YVtI))-w)Z&q9!VWN;<s5
ztfpit)#<2ajv=W?SnW*Xl!0goSoC#*)FJ|(yihg#5I1j9Mi6~Yf~8H$MbpY)m}oGQ
zjeb17^#juk-JaIx9nsgvJv#)p!#AAr7*5Fi7Kouq-$qPT?>8f|!7az$&1krJVj%NU
zDBUx(C;j+0a{gER?7w*aBYQso>tdY$fdA<EXZ)DXKR<N-h43GLf%8whtn;6R=Rdp0
z^H0;xf7ieF{BQa5KX?AO{`2R5G<g0wJ)eJejPviW=hH0wPr<;BpAZa~Lokp|D4|Cf
z_@v*(U;tBn`!X2}4803rp!eN9!N9V93<gTR9BSxhFa3tj|IE+-i}(N9p3i?ojPp<Z
zkKX@Z{oKF~Jb3mQL<4%h|CY<T|99g3pV{O6w`li&d-(lFUQWJK1!n9`BR_tI>Pq85
z__UO(8;6s_%ZnZgIYOn~|FZa)qO$`oDL&?h+$F}xd_(a6=zkObvwDXAYhu8E-~TN9
z|K@V}pOnjj|LHj_w4n$1Pto9i%fFZYUH9w%;`v|Q^Z94SIRE7T==sn2!{y??q{}-0
z+wuIT^?3eC+WBw#_n!Z%m;a0BpV9OAUlrs06aTaP@1HOC{QF$i`IqDQ-`3;#_tDP(
z^M5n{`_g~${D<{?{zGG&zxh9U{=5Hrx$;l%%R2uuJpZXZo_}xc{5K4ZsCT31!$XVr
zxA!NI`G#dkhQ@!LkkUP;Tc2RQJKjAZZqx-MpFd~*052XNU<kdX=WM&GYXD8@oz|h<
z>J@6NmGiq~9o9K3|CQ14h!=_nc(xad2f&1$QEXAj`Tzc2X<@19x{bg1QpV54@ka#5
zN81<~@A^XD`gFcf4LF^37n#oXgz)J^`Ky<sX$QTScblAvHo44P)9gy}50*~5_r%vU
zGxPacV{fzoNuAIL%|dCs`yjlrybTY|-Poo+lE5-HKb+9bzK&|kpZ_sj;~D1ffVw^D
ztorER(FoAcQD@|;e@N(HNEW7TCI5x}38>&E)#F({r=ItojRQ<!gIjVvFst_KS$f2r
zMrVJ72Cq87HD9$}Nlpv?cyuf<9&t$b0Uo%|EGVXz1*zB~z|yhLoKwyu@?|)q1_o~q
zIE?48m94Q@OZPq`3$L=^J&=HoiCD)w(rrOqT)H_BRsRSx)QaPmTAcmlUN)&0rA?3)
zn|;3_G&LR_H6oGJs|MXsBQDAbS(JQ{NJ`|2!yS?D1x)r=f*9$fT5<&*!2wt`j%#`?
z%2DGgTHgVNt2952`gnZh8l2t~#q=5=4oi2xj9_oe|K|S)P(t5QKnb0t<QyEGe-aMJ
z+Qn6Gr={L1V(JL#0IV22G`yX0m^c8_;N}4CJsrneo0iz{yto?Xt8z+xVlW=t8i)0q
z6Q+Jln|eY1)dnr+K!VEAoJTs0UyITYEdB?eLo;SS&N(AseW1=b!RlF@%Ue%7^I=!e
z{ysb%Rt^`&A!BU;yeW&#80(tTAR4=boRh8${|Fp0lMUxj!`mQr1%G#v=6Tnk%>gm~
zCfqAbLmj+L>Oy{VAlyBnuv@%NhajB~>gNTl1ebGMQ_-t)Hf#w9@-T<I44`qBD6yR}
zHbpD!9kL5<pbM^nLs!=m%p6JP^VY;x*E0{;1p|(x=NS0R&raC51w(Ft2i|#{vz}?k
znLb`m9Y9G((on5GTT|<!W?Y5)BV>M7resm+0Eh9g;N6Gn`4OeEeFXa6!+DC<)2?B>
zwbOYIPxUQXqUWy$qNh822b57lDJm3OU|wdE9;1%~$~fSH0em`Y>=(emt{Tmeq#nf9
zbl&&{rp-Xxt8W}!0nvECVLXcWx&wi#oAzDHS5E0Lt*4xJwELhoYJ7>snd5%UY*=PS
z>d;*Gb-;#E6wa%8Wx$oI$S#GZo7^Xo4F0}0&eDssByp+nfM)tenQ=b*&6bD*H<a`4
zi3R}8eUBw+W|}`oG@*MTPt=iYUw~M^u@*D{X83b-MB9e*y7yc!1oa@IO$s7fXB?8o
z#<p3$6hj)hjuroAOF*lib~u~K>1I(D%nnRgBTuzxCo!Gb_|l1ykQzly*s|94E_vA$
z{q1}p54925;qrT|{2&@~gQ-{y&b}~3iY&NRtqSx<&kpMo#Y_b!#q*7mEFt{QYM53n
zPc%3;0>NSPl|M$SD)j&mR=XUgeXT!vUWooR+PK<ALH=NMu-%pFKp2U<?GpuS<KprD
zt)ckzSpBI7y29Eo`b&6xgmkc&s|9AkA!lW&A3-~Z^(0q47Qn0cmddQe#XEhE1Oj3B
z4dLlBe8fa~GR$CV$gGA%tCEGhx(mBh6%Sx8RcpzmDmC0ojH+K`Q}qkcxKYgfM38nO
zRhnWQlj|HAUIb&i?q8+XznCl-HwbWhnD+v@E=+I$Ei-;Xg)9KXQpvBbQLR1SA8{~N
zYRUOzRR-aOoodGUWafvZ-v9y^<~SGH|K41!IneAr-DjyCu2cCBFmfXKhrF>huqUJk
zE>i1R2~5Gl%c;m4^K%RJq#yMx7l?(LF$Pi@`_+SFK;AMPqdUHe%+B#ee`Y?OIw~?d
z2f<h0;3+kA_b+K;A42ozEOA^a-1j02ms(;$DI~SX%r_Ph6M+7KKzMq=A_H^G^}+f}
zg0vpp7NoPQf~l1TIj@k~Vf~~2CzM=CUEYw2d6h;8@<dx;U_@G^etKFYmNsWNwA9k(
zM6M??{su#A<a@{oQ3EiC)F60|0)RF26xFAt-mr-BLuT|%soq4#R>C}^^E{LejfKmw
zG&GrACnj+Vl5>O6euWVk59UyHq40RWW1{hEKJ&aFA$3R~t81y%bd4)VFz#?zAILJh
zu41NUnY^wKsg0J+<YbV6R0!j8!qX1?l?=2vX2OmAq9Oo)f*8WsAW#5+$AY$BGll=<
z`U(Rq{O@ckhW~{xB0TtSJgxQw_kk~J&eL(uY1g=tD4h)82ZJ+L4+f-RTx-H20#m~#
zLE(VU=6U>PCfFF!&o3(2CMv((1>k4M&%)qm;_5K?*>oZJ*<arS{J`mJ_p|rX2cZ8g
z-;21Pyv1*Ye?h!xcIEnyakaeBy$2Q|nltdxQ2!42m4jvW_78xY3`bZ>Z9)7lwUE04
z=FQ-OdD*7|6~MX;oxyv2<^6PzEw@G9V+t`!v9NpmRCY>)yrwhL<7{$CXN{*K2^;M_
zFaQ|Kn;h~yb*fS@0;H8r-~wuz*{`eNS1P=DhR>;^3ZKAA)if`A0E;m@q=Q1vW{2?<
zAMo;xb-5E>Ht3r)iK}&v2y~c6n;A1s-@DlN-|64av+uvvzn^2@F*y<lYv=etGw(ia
zT>f`t;c~qA**OvZjdNyF!JE_Zu0=qNrUtaJJ4}hd8+SRsB?Q*TdR`pkIdK1-@SBW6
z@FOGrV}PA!pRe*~BWoX6$G%$pgBhpKnzGIL<9^y4A*X?z(poX+_@Zpa_2e~&5o@30
zs{sb~{(07)$KMQm|A|{EUHUKne4_y~zIoJy{K1AOf9vqGx_LjH6+VI?^rsm#jhg`X
zs2Ct9dBvP|DqeC1j%vfQ#k_mZInmh82kKya;3XPy@lo<I5bu)nMIENzu>Zf*zISQg
zU)H_{wC_J--+O6a6$HJ&T2dal&ls1#ElBIMN#Kd)(}@kk<Kk*+3=|sMH|zvJSPnEq
zKP%||3{I+zw&IZy{u^l{>C0gM)pRQKCD}g!Pb{=y3H#XA;E^2Hh^(&)U>X33y|UH6
zH=-UJ7P`e~%u}@cs5ygcc>{)?gOG_zC#597zc*ZXJ`4ZPpYq|QAeu3eZ#|7!dtj%f
zT@;kLL6n-+(Wo!8p5m(g2-c0ODa}qW^N()@<99Euo>`G~%u7z8r+Q{HlY6dbMpN3P
zCOo$-fYO~!9weo$5ZsL>n3{7sFDC&fW|PP9Qk!Vptz`isjoV}YOvSPrfM`Tkj&nZ-
zJnj`Sbt>v}Cy7f^XMQ|1h(9p(FBOi%!jip-f0zvX!(^sJsOfMH;JFXiooeM98&Hbp
zHy-t!es)`+K9>9}%1bE;#&<;dF<zACmg_ky!s_J;T6&x?yI*>go@xiOE9GYY=Tsk4
zo-!wD8O<kP8S>(M9O`>8R5lEis}FTev_9(c#>>Vkol)c61>?c_WCU3$U<ey0A(I)V
zm<sMEH0no1pZdLk{*1e3`3A%L^)d9zR4-^u7LPDn#)@2s%J(ed_^d3hdIGsee~G^6
zW`9oDdZdRe4ry6B=C8rR%akXHy^=`Y&!e(<xxXMC6>>HKZ~6t*t$vC)ro|wDKc23h
z>5Yb5=MvyuR-&2K0S_J0Q9VD4Jdl_Ce9lJgWv4}umyp7xj^1-+@hi@vzyg3{z(1V0
z1)iWn2s4l`=Q+m~X$$l%-40&`rNlz=XeuUJX@mPAtmq1RTjazxcoKYD<Q#2wAd2w%
zeefM#HDytKdt^y+wu#a)J_n;!GmyRS0~6x1QQe#xAF&fP9o-|tyPwbPZ<7b*EZ-yT
zJ)IBpPwdk5AH!Gz;-G)x9B&W)i8r&jPMDfQekc?WeqohI3!KC_GM@j5PGz~7rLi!F
zrLhn*kDLJHbwgAl3+Amj9`P$`J-!l*haH$)0vTDkU^h!#p(&)2da=Y6wJ=D~Kd?FE
ze)w4L7+EWL;~J*P@DLMh)>2l?*Lc>+y^&`Pn_M`{dLu0Y=e0+l7c#4I+Fq8kBFLsv
z&#u;RHZ^QqVpCrRHZ_&4OG(?!yfclvqn#MT^&4al`8@hyLyii6FkH-0VL-HgJIq(1
zeTtlXSoc-fcR^o;hHzhnpKOcrRd_YhR{`Wax2F?z79iYiJ=&kF0<HKr%5j0!mpip9
zfr0Yt(BuO8ymaE)Pf&iA$t=;Z7F9F+bB@NC@F4b7&y>~!S>e_~vk3oTun6E%WZ8l8
zsMT+t4*+8hEC*M;0iFQ|!qqeqo|%$S^+>saWnz(6Vkyy@X6_lRE)V?s;m$5f$%Qc-
zj5Kt!AMkVA;X2P0tY1I=2rti{Q)-<(Ji~RMsH$>!T#{>N5pb}>jfGVQJcU(Vg|2lD
zWz48jxpFv}7&s~!D03@LQ=MS0)M_7|>%5*#!~dI)SbCe&<Or<h{*k717fgv|u)xNy
zjlh*tHjK!v4&(1(&p#2Q%~SxY;mt4q$AD(Oo4y!;sSd7$M=kIOF=hsP1ov1gC`WNH
zy>Z{+aWbCmUpH`CcuarXY?jXW)jypF%HhrPR9P`~rnkp@v_Ks>One(APX~icygjE2
z?A4PW^l3fzBnq?4iS&bJwm=b(L(u>Dvk3p^DRRL$@_!x>bbfxp$k5KRFtkJ7&(Mu)
zRS5l@i;MJr<^`jd1+YYTKTip0_0#q7L;lZ#oZP#+|MM@<|5-3L`r}cIV*bx4Y+W$_
z%}mCg2KC>fyhQg;M^rlJ{VlPQ8DZ@&Wa(Jya8yUji$lk=PE&VK#u=$43l7P10cUl}
zk$cd{a^za*v~q>a4pOt_5oIV0B?$>0)O<DEKYhQ$cv8qbi2*!X%EW9;;V4=csF*SB
zi1UGvoBAR3P+$|~?pOqaGIw={p1#BNR#3MQmcDi;(<HF;wH9`izL^0QwMRkY>FRJ|
zT~`0i2sdj(_hcT?`SbrT)rU-s3$G6;ezfHR^&uHE!7`z1^&u_6`jF|Q8q?}SQeD&D
zB1V2}Q+r>zHNdiD117DmqEOI>%+(&}oxIe<x2k-=Lsn``=-tSQhBl`A)2JRXrtXHL
zv9@#7W03PI7;UIHBuH&So<{&^5apz)l88uuydC6~$?)0iUyGE`!#eV?P#gc9n!lcL
z*TqUu^4^1R2?5mY6IjjxLF#P-dSinJX0{A0OZgd7ND#zU6=Y*sO6iyY@0QAA#$#E^
z;7!}BcD%DCR%uE>?j=ypqDw4IIWeG@rVQ#&FIJy2S%YJ9Rb^H>t4}E$?ElTwr`&xW
z+0?`7yfSve{l%1*->i<@mrPV%!}rs=hsF46W3inrvq-;7`J#G7oL-z<WR^<I^-=Vr
zTtqRnAWM`Nz`a+o_G~Z+pSLz~)%TMK@;TxLw12+$*{AG(JoiQuY8(*u+$}KeQD%M>
zBjfXW@zyVRZt@}IV7Q_~yka67FUV3=>b>XsGu{H7LRL~r!jUT}^w{e|#g~|KTuKHq
zxbj!*r<b&!B(Xmrt(BOy1fI?`2A={jt*l^A7lxiD!_(*3)0OP0Nt8MTX$P!O65}n-
z9Q-V`Y4M}H#fF%bvlwh-WpaDcfcr=jt(~r~@Pos8-Weu;0U*N*aBV?0=}m8daG%B+
z9&_zMnUqR7X6;9z5sUE*7NvX5!HqDg@X^gnwrFcLuS{4tGRL6aJu2KJ+YNsJ*KraB
zMVx}2%70K!5^0n4nY312he5%B=P<(qrG3Ku=9%c)b8=rG;6OOGakY0Q`Zg0A*C8G9
zeTJ973Vm?ZKPDu-hRO^(a=w-haZfygk0|96R+RD&evTRC)!+BhqIYQwb;)#=t!s~%
zqZV_uOB4CIhlHG?FuKSUwZV{^3c1>^F)J-x{|t3pJZYyI1SZ;Hk3e`b6C(Ot`kF|I
z$!<h3BuAxLaJ4O3N9u_<OdR11dw&nb&NqtEO``OeS(;{Hw$F%rO7)kePEn4NAB8ow
z^Ku`q_O?V6bnjsFLlJ;A-Qe%1%fo?shqO(wZg7q(Q-<^tTK!X$A+sFvn5_<L!=gP)
zIYAk+)%uv3d%3=&-sox(sj+LL-^}0(h{_{L2G>}wb_1^@xAH5z6qFep*7b~kM`XUa
z+W@Tl&`Vd?xmqF7Ze8p2q2vkQzMTk&+<ArnTJ3vTBJB27SchHO2EVvCURr09HrTD(
zxa!{{xXnE-Dnpi(%Comx*iV9W3-<)NsVq$^Q%qYau#A4Njju3QI&oZQf%2#kj;Gyv
z$_00&DJnm5Zq+iFn*|0gHv=89-!dc7>GR)0y`1rnRu&oIh&tfLxAQ9+4O)WpF#I@<
zS3V+>Cv@X%gT3Y@vs4a;u@C^dJUuGEB(efXyZ(m4#AGwR#8t0?FQ>Ngb2o6c%cxM!
zORyJ>WpZ@`OB`1L6CA?!-yv58pE-}iswzN|$rY?k&U=b6ksNPb=StwMjZOz`r)XWj
zcr@}50r-Do_g)+PuSd!&g|{qAT(nM~2XuB6I&=9%3E7N#oG#4TnUK@Mzf^B+amD9(
z>H~EM4D#EXuv@C$Nvo>45il>Tw>G#rCw%D6b^&=V8`Eue*)hqWO*(EfZh-ZjvBP3!
z2nvuz#k5>dOby67!;x$P0(3jVV3Crxh9Tv&+r0<l;iQ)HIcGqq!~Q{%GFwWe%08AN
z&SEkb0fy@X{CB!&UF-VF#wPl0n4lflR})G0go>)Svt;%}&4C-C=-k?RQd)qNHzY`J
z)ui41F-b8${sBzJ-Kuc_8AcWOU_t(%LAQpxz97T<dQrYM5`H4><v_dSi4peqHLwY5
zpr^(#`}<FJkv)BKqF`OKxWK>dBK@iJ!rCu-ZC-@^Jy49T9MGz87h2yBa@C{A`o17>
z@g83#e1!Fwx;&`Vw%GGYjxjI2KHwpERFdPl+Gat1dYyq1Kzan}X<GA2o4LyazuNP?
zOSajvw-m1|N$jS>ik9c;{OJ^^Vuy7cQyvxm!-z6AYBYdcM8Ip+vP9F;+ZczcPNb|E
zfL9AU))<|=<=G$vN}mE>nTrnqW{%jn;v-zG&CJq}<k3*V_?untB8}UP41#-^#o!c}
zvx2qWHNpmr66~c-l=d)wgz{aw`VwN3ytkAmI{p4BAOc9+{C4tkI;H+p@5uEIYR&+&
zB>J-jC3&@mE+ft#*zuKgWO$?70DWArKFl;gnn~5$o%56;BVO=qFSCn@N{I!IyBSV^
zQpjodgrB<>3pT^pO*ZeI_^FCXfQu0}ewjSoY$=nbN8b;JwaN9B-vJUguOSRtc0aC`
zPlP8;!5JTgA#j0wfJPD()9q!l=*a+qdR+$eY4=#TRQo!>$_-s*&}ynhHFpI9u!LmT
zKGfedNylf^Q(xC1D&Z61YVPBuM$KNz5$)IrR2cSqec>$+Cpr)Lo3SMfXll|jZie;~
zc#{=0yGLk0JG22J^&J@FP4}_aEX^qf8V}@^lyl!k=NTS`GSjUs@dM-gETeI$n3q;c
z)qfgE9SrB?t1fV#m(qP6!mPr(w)c;=pD}w?L)87Q-5$KJ4Hv%O)W7;<So>J_dnw)T
zInYY5?&7M=bibGC_q%(&rRmdjL)Oh8_Ce1x%*axVP>KQoV50mx0%LYb;NK;Q#)d$H
zyDO1<64kJ`+?L3>pP&?MziTzKh9!wyZ72M7W+mDc(>PneV{>;Va!(DSln!G6k*9%t
zTG<Z5Rplmhl4`f0SLr4Tdj~Byc1+r60Z`t=yS>@o1Ayt%mgIFr*BhzK1z4-h0}j}f
z3(%a$yBpGZ>v7k9ngte4VrakmA8cmRvl4v=;3Le)IN7XuDamPB@QI3yjS;xoCaQWa
zS02adeTvgNPSg7or#FMxt#N1@fXRJIliQ1vyFIVtxeLz+hGG*!9K%&(4l(M`w;!=y
zRadV?w*vO+ZF4U-8<yQ9wdHhj?=*RRoYBj@<84)yGB}Rrd@onz#csITHbR7Zd1<RU
z4VL7;2WNJ7*IK&9A9xvxo}4((-Pvo=Bpc$7nr3G&n{}%B@iE*xEjeqsch+L}t=v1!
zt-e4L9Cm&aSJcFM_hHW5<JfrzFsnA>0&||nhgrqCJV<Qmeko~Yq6cql^k9P^z5O}S
zgBd_sM|62<efh0RHnHU!>bmM|E8z@m4JC=>OHBu^l|hH0wx0?FMC(m1kf^S4NY}n;
z^nafX$Id%A-lw7QHU-DKnZ|?OVZblw{MmRjU^pCHkZ(os4UP8TDXJD=y#~j-NwdO7
z=yPUF!yU9^nr2ZR#4AGzrzoabf-Kf$fK0I~1LP=s9iqHl7C0VpZo8-yS)j=hQAw^t
z%^#4VhGGEcQc+3UCAjOdfuk)1Ui?cHu43NyDE#1%o#_^b<h%j}G*dcCXji~#qzl&V
zuCHJMG?A&m!VB_UmMPNgZ8!nrBp81i(u3O*ZTWRht6fPZ7HKMgu?>K8DgY<rC#TA@
z&Cvf$%OphqHZp8^(qUSv!`kZF!%`e$qM*X+4rakemCaYU6B1nE-Camc!sZKOPEE8K
zn{5HFD8H~4PXg_|Wzq}l>GR4`V6txswsL#puo)r=xHoYzngVO<`tz$sXC`jDp{Wb_
zkEhpayaq2l-Kg;zyksrRUzE70FwYY)A0@dL^cne1UGSaME)QI8m`zclEvL<9ZF+ot
zp<!uaVfLa#@~>-t)#!T4|A#RC9om*A@^GYZjO!e5d-8$e2_SmF*?Kw|jYTSWduMQe
z6D?CE*ks(`L^v3e8K6LQ9hhcUW&|8_>u@gsl&%8WT!`;Zk!OFBQ7X;$;2ZW&EJ%_)
zv|*w$*@BjRM{!Q8V{S7xE>n`%lR6pklal-y!Vricp$WtIsX*UnTWI`L?92kE3;b`Z
z>nrM&JO-zlZ8`1GC-#H=PL-!Ofh0P;DFa_?0&r@w5Y2(Tf&DSS{?y}6NN^xr_0uHi
zc_>K>VD~&x+io~cPnovg#jxQ55YIpp`aOONm=j?1ywBN{LL)$DuVUpkBQ=++>$F!l
zlu6Ya*sCa+AvlNs41iM2Mp?<@&j3GN)o{E`uD=khPJ^vbN{slHt*SGgGRfMwNqFFV
zpqczA@%f@kbWi|5mfAYDK;tF?pm2D;GqG41Vk|apvjysCTJj5<De0^90?oy?vIxfS
zM=d8S)31n&ZiLWnS7sWESKf^cVd>}?@A@4dz%2t77n4(Y3$xqfrY16Ar3-+Nis`lj
zO$=5;J0DY@QqH6O?<P!RM)`H9EFx;}a#Y^i8P8kW7T+DLs?G5uM^ZLQ$;an;MUY6J
zFr(hr`n4#v^W5amL?tUnu&x%l$-7xL%H3ot!N7@9rC>jaK68BiQ9<EDzjeXgWkPR!
z72fwxC#RXc=YT)^f{3zFwM*^pJ@LSeDHDG9@Myz4o_nYfEd%!G`gh!N``7GWIMD_Z
zQcAyQJx;#i<@jb4y_cBVTcFu>5}lrX=r&WF7jP(}j)^oIoY|t=qGlxOGZK_B$1s0!
zUO-e5+7?3p0vRu0X3QP~GwEuBe@$JyyAh^y#&sB{a}6-+%Gi$=j*hN(CXH!9VH>X3
zNeZ!;WJYQHF;wQ}V5a0wGS{8q-CgO6Zs)y6<M}`Xs;}L<&rMO18%ve6M&!_g`%%O#
zFs%nZT3l~AF$t!z9#9B;hD&ck9(|W+ZEy|^=YK}?67U#xX3AY}t#ch=7SXw_=qxk7
zR55+6Z2)c;5T=7MLQUY5&RItr)L*3c98baEEy1Y68=9OE-o%{U8oY7t4{=68m=i}{
zBY4lnV^%s1=1wAov!29L;wFDuri{u20Tp0Q6^(lU=2Y^JeT%^yWkFRBA0U{UqKrB?
zrO|ZIz(CLF?9VHYn_=_5MwM?~hq`0`rhq74!^_jmV$NQ4XG@}_S_jnMz%RiFK}So(
zuJFNKIflF9zb@!*gW@L}C~T0W(A5;B008eXbGKlfK=d5B8Z;vL=CNqLm-AtNCk%?-
z-;g+ryZgJi*t=`O+k97WXM3}qHHGc0Gwu?0HjNO}F*I<fKi<zSb38q3<K4S^bJhD`
zRz%>t`5)OD?NoNyK!rF0UQD_56~31P$h6DMJ@G38^H1y69?QJzPtx@#8TylK{YkF=
zBwv40s6XNLC*}H+nfjAC`jh$klZE<|3O3urRp^Sq)y%~J7HO{8SI8Djvvxb+sb7V|
z!?+rU@f@HH5bY5sy7%^Wj>bTj-I4dbk^VFm(&9+u4m2RrI)E?bw6o2?B86H#tH}0^
zg%<WTUHh8BzGiD*bJ^E??Q0?X%4=WC+1Huc*E#I#eC_K(_O*gdOoerOVcn0B0Vs%=
zu4d>c(*NGbQ;-6%6(Rg_&1ZB|&>ZeCp2VFKy!+wfc?|suuNpj|ZY)6d+_cSsSooqk
z3|}nQAi7hhPu~s074k??IxprNiK0>{)`X}O2w6EWNBGzRREp<{THvN*+>|q)R|*Kz
ztE=`RV6Vmw<;TqatMUF429)p$zr6>qu;~=h4!o)uq^OKKtheH&W6<guXyve;=c<2B
zFP;%|4#5_6^6oR~i_HWeKL35Z_fR~dehK8$1Lp+AbP~8J4cYqg0_cl)6>uOH@jU)J
z{X9yL$>-po>E}q8#K-Wjh0&QV*XIC6&YWm^C#NFGYc#S`1r!g|4<o(~U_7H9Ot|C|
zJgjS?&>E$UR!pm7BmAT>aBQ#ji$qA>>W!QvXB*}}5FXhPS$JfLS&#0(q9a&vL|#IL
zXwUyVqSy$BjyWPa5()CskWayS!Fw!Oz%nJ%v&<LpDZn5qKpCtgww_!*Bku^B``vr8
z4MB&HTp{xmxfoa@Tnx|`<Ok@-lpdnD%>UxNkoh(9zer&I1=i%=uA6ydr)XVhc3qEV
zF(+kFl}@5VKnAXD#V+P(&<97BsY>C28jn*9dTso+o43Igg7Fv?38CVUnm0(UuS_%2
zGUqfEk%1ts(VY#{9-R%edgK4M{0-I`!~G3*{Nh6X2F!V-Cw~Ks_Koy6(284Ko4Pen
z?cr)lG>yK6GT~B<1&UY|vocV%{DBU`{#jx6^sg_$KOg}%tQcz}IxM992Yyk^w;<P;
zPvfDtu5}Hw`jCRUsHz~xPyy`e5f)ROd_(9i38(fs<jNbgD+J%z6%u6U4Hn#@_kN0Z
zs1tuc=bU&7<Goaufl=Wu1NMvi3!Llf<}Wa~@f-3N$RM{?I8|lr^`*MMz}b587s%H9
z1z5aa7^V?E3Pt)I;N@=zx9LC#)1X(ukAFg51p*5+3+9*C<5|e^Okxu0=`%lOm+Vtj
z-hrrd4=-sn+9*gRAhq>!$XqeT62hI5b9JTPZO`#a3CIrN^}^~zn1^*U)(cC!MQA-V
zRT*-7nOv~NVO_sy&(eNn%8)I^)=6d?_j0`rO{|}Z(gtYnYVjw){e??}=Ey5iV~0BY
z1g3h{M|3^w{}Q^F+QQ`1@<cnl&Y>xgmzh%D=T8;qZbmInnLNA2;;?RAoP~yoTj339
z^IJw<iU*c;<rGUWoR-CgF6~>UB)6bKp?JK_T={8Uv;XrL{HgAIxsE(KHERu5Tar}m
zai*YFG2iR7`P%W7+PY}^^>zajZk=fU##dauP%-D<k1wL@LcW))`3E$uI^BnR3S&wP
z&0MXwAo0CK?63&cHG3v0rtc~RYx={J6$jhm@#s#eE!*(u0s{J^8s^dQ*;md<B6NY;
zBlILF;FYNsa+IsHNDZV!9<!u4&l9qTh(=49B*u|F#EANmIMj%NnC1G)wsLY}!{kJR
zI&d|P^cX<Hcz+6Jz@R{8k3lmSqE8UnV#*Wq*DfjGYLD|uxkVdHDfo;wLMd1d=Pk<i
z(I67qM_V|HeY6V0jRql6<*lb&`^c=Kj1ic}xxEdD<TBJHw`HJFdga1IGRfSC=IMaf
z+P-)=^ao>gp{}=0Q-|`>2Q8%Ty3?%82w2+}?c@WKENqr&V$+OG%;i7mPotIhWOW|o
zfuejhKYkEby@O7)h(cATDLg8l9r6dCYPNu-iSDjGOUHkV$CPsl5Gx#%cg3DA1A5aY
za?g7=9xJR07~Pu<Fymu3tIE0WhBu8z;Wh5bsjQRAti;0n&c)NA-_>TO=$V{ob9eSx
zYWoN~w&ygUUsrKWGxtmH#-oK*T}JmNe6g7{bGR3_oOZjlnR^C(du_%xe3^R^?F=w_
zqDv5^tSllRm^bE>nnbj=KP=II!^h~1qe@%wa5HokT?POm16_m73}6fRpch3XtmbO(
zHy3uT!HTO@kD{9aS!UGIE&Z9>Mn>Vv`DOsaKJaQ`QX(+jl<WZTL%WL33|M(%e7tLn
zL%P*}BOAJJ>~{?j?|vWNr4XAWbf>U3ElWJrYHR}j4xmx5drDXtX9o8Hwf61mBp+6q
zn`F*Wq2(i+F`g~a*c9;iF>n&P-i&N5w7b#|640-L^v~Uu=uEEZa3$k8bT#=C^F01u
z__;-0S(M03_1PZ#N>YiVW)%I<o1LY$kRh^>q#~u%5^jOKB>N-lzN-nl*VL4#BScMU
z86Zclb|C=Ex+Uo9u#Q(2T6FcRT}h)mMr!Uz`~&!~Z)ce_yDyGs@2lc~eNiFnu&#CO
z#U4fIz#*68q?%BfZYUz{ryX^PD+}43v*9!XUc1%1_~v=h`tOFqu7)!CX%9jJ!lNiX
z-Ny8U51Vbu!T`LrXp6R-E-xzlq!*fkZUSRzqdl}mXkQ;=CifHh?Nk4cy*GhxqS_wE
zlQy&g3JH5yl%Q3EBBY4g%GS_rViQ{S3W(JzQ~^OrpbD~>78-{D`doNEeIjlJ6>vk`
zu%*y~$|5KrxBx0l3<wI8BDDG6bMBqVOqMn*zVCaV|Id#!$-U>^xifR_+0VIjM-%Ax
z(d=0|n7p<2^%b|>-fa4J;qyHjiT9nl_&*fyd*)lye=gqluU%9Of1F(O|Hb<@E`N7Y
z#QTnY>Tihm?QndrEZ%oXAl~;bWxOxA8I>`=dU?EWdf0g1>{=G^JF}Jr|7uy)Bj1KF
zalaFS{O=bR{|hG_K!es=oyFLMEDrczq9D*%9Psb_Wr+j6RTAo#Tul7$CznZ{-w}xa
zeQbaf|GTcy_}?ckF#eb0i3mcZa;|z1KKqF0Hzxz}lMjvOQg+kyL8#LJS^wWy-KWWV
zd$qn9k0016_&#VyRz4}wV1Z-i-M<UB^=hR89}1NjCeg#{P~KZI7QCgKH1?EV9k<Zz
zZP-F9$PD7(x}L#<-9O=YVHg?gtDy3Cvh30OAjKH->({iy?AAw%Bh>S2l)f)<|A**%
zhaLYx`rc_9rSHqP|3CU34Sjz=LEmRB{2S=|t=<5AcZ_GWeX@+U!-m0(y1Ug7LJVhh
z^qAYPy{hP1P|o3{R~*v7Luqr;LQtrQO0jD-ZGtG)b8AB=Rv1d33-lvO`VIxT;_=!6
z8m}PfkNW93VU3dX&hsw|Nly>hX%ze_D*Eo;4u`ndJZbu*o!06KOaUb_wXe<iB}DH9
zeb&gO?9mm&d5-uRI$Pa4tz?n#7RZxGJpr!9^mc?wawq1_YOhumRogs6)iMy31fli4
zsfcfmo?pxj@QcaGlKtnM#`wiY#SQQaT0cn1FXa58v3f6W4U^S-$(bE(y_eIEMN=;*
zdVcg$bCDm7SslcWR+=L5Bh|>T{HWvV06&@>GFaqCl_MJAM?+Uqe)QX84e_H>5<jxR
zi<9!pfgh<{QSl=~M1G`?$d90=pmc7zk#ePZTTD_py#~3`=%Dj&j@i|xCHudeAI(92
z<OhBvn*IM0o~Wk$sPz`$M~5$vA88ps8prsN0p`^+eiVht|9_7kDf0`Dmi!I;=#4{r
z!{-;~UDo_U-P&wzRw*PHZV8uQcuDz%<Sw<A(%=Nc<<Tk@&&;_jTxfvAg)Sk#(7WpL
z=NI1DTjUpCzS$VRaL>L#{Q^v!rJ1z8T%f+jpEJbzC#z)jHL#u}B<imRr##TfX3G*(
zzGk1pPhr4DND-{Yqd_Z$9R*OKV{e4`EoxE+`VYQ|?qo~Uf$tl#8qrIBf_lj}>E{0%
zuSAHG&`(zaVOwa1|J??sj~*0m!<dmO@bSBU;P^3GI7YkpPar6YY7lUYU3<(&@>m30
zir{QXb^!o8eO|C+H(34Q8}OQHv4rJeVd+vu^#`qQE$u~j+(}#alUDan)(U^DHRZU@
zwE&UGN66^x?pA-bm3Jan>GO6w6&}6ms?u8h+pR9YddAPRfEzzmYfJf=Mj2uOlNyCT
z;U*aFe2Z{NS0xT7z)rz;F9$3SLl+9)0)wtoWmnge528dk_1+CIw&d7s4z?E5o{{Rs
z(Dl6fR$x7xe=8INhV@J%v)4GU@VZnqi~-dd_f)OViIb2{$3!coDdcI3kGX@*eVWbB
z@qoBR<bnI0&EcSCF6FfIH(zg}=0q;Cy@w?x9TskUt{t9VtMyf4^;>1G2<PcP=1-GK
zIQ-{sJlt;k>NfP$!x~}ZjJ<wg`+Ce+6|P%DD{yq3P7l6bV2A3Zb47ka{bSn*8ba88
zSISoUIkP$NV3221Sb@{nQ_eV>`mRmd52c{GTHW8Hyv^SVaaF&rgvVD66@9b-Cj>c~
zgsKyCi9J@gq2*o=3*BIeJ=TK-yh<ouO=~+PK!3@82MRbZt!$$bnz5U>hmI6RJLyeq
zu+bC!KDNp0y@o%}FYa#XJijrm#q<2;k%3F3dg*)|$E(WJ&Srpr96wU<bs*Bf0I~@O
zx;MBEbtXheb&?1e-Kv1|=wK!JYh*>x+4BrJUz47mNu`<77))U?fIlUUEY9p}x(<r~
z$EN9Ryiq!ba~P3}hM6t&2+nz6O0LN;sU0~4SvfoGvXUBSCpdGH9=N#>TnPnuOehg5
zGdSE|6M=fAnFtgIyP~=9=X-#S!%X4{o2L5o&?7eOcd1qL>hOfkURX|w9j|$n@_0?(
zO?bQ}@~RBCAdI|IcED!Gd+7n2ZKMM>o7&t3W-kPj!?Bt+JXt_GPZJUtgp6}B;*pwd
z14n93c>r(1>>H>!Pt$?tY5u9AM;AmmPg7dkzR_V$)I2>-cA_Symz}7&e_VtUHFp}Y
zkmAnXVNcZDuzoj|QtY=UK{`>hke#S$xLt9g<{iM+#LG<@N6*bHemM9<&7rL4frrD^
z_m2W!b5AJob<NvR;45M(K~jQ{`DO_thZxB}6Gg~{7{Ec#ggs5qgeAy1n3E$XCm|;f
z$XQj3$jLF}e6A4RtC5qCbHqD{oJK@Wz|Bz9e0MCI{u;ndV+7pHNebX5oT&QoXc=xk
zc6T`3G&P8uD{8~x=B^2JgN4P-nkaA+);1t73~t^rR)(8zwUFWFz_Af<^Op9Ao41(5
z;^wuVQrukjO#nCVXSg{lOM#o8{UyWA9b+g43R8k{b1m!HHsy+-dQBICpKFdO@l*fi
z#p9;|aFpWb(-c3gkkGBf&wMLr5K8>~2jJ(mH6niI!$Qv7ciwMxXA*_uv3!c3AFKjV
zVWgn}{A@isfS)&6c`};e=e1TS_KT&MMI3#zrxHio=gDyNyKx~nYIlz}dS7HXif>rN
zQRJnEgeEoNaI_b_52G(FXbDv9_B8oDN<4jbL>N4M=MEX3YMRUN^tn4C;OU|^h^LEg
z42!3;KcaYA`*i?M?`C-VO}YY4+tteO)N}{M#?;Bdc-oTnTsv7jAMir(Q}0va=hU+Q
zB7Q&Zq=Mh47X<VBn75+f_jitpir=5RLCNpOkC5SO_pukw??;>rhp%()xeWaNx1nKh
zwaF+MuI6cFxau1j0ap*{5mygg9~M`4uBEtY+aAjAO@kD;djDw|uFe`sG4kmLf^qd8
z*7N8C7t8PS1tq?gzxIE{?{}Y2@cTFNgZce^D;nkZ8-_>6@9*laq@`aBmEor6jtl4a
zADsw?n?K)m8TkF++%UL#|8N;@e%eHan>oWH;AUn^#LY}oSlqnjeTtiFz6#~{3kNE2
zbL*cn+&nOhVqoorVBD-?JwHyk6n<a+s}etruQY<6dy$@QWc1X4*r!`-RRg7}sn9!{
z*Hmc9QzW?IgBs~3UkeQMeIo`lGt5w^P$IFZ<R8aK?9(yybr~%+<ejM<!{Ipgsdh-9
zBgotZisdtGejduCYky~?Ha&5w&3#<hdncj*a6pg0LMp&brTF~J>xj>(jM(0rXsX8t
zOz`-xArgu0LzbE<qVaV~G+uhGgvN$+zBo}2`=~yr&Tp-*D!pN~%EI4b^Gr%i<*F-c
zyRU{co{yWWAbp`+Fztv})uigxPP4^DUzpl?jRlU&2m!6z9uLVUkQ+Id)2rFK&`oP_
z6%CJZ&Vr;GaE8paCFZGFdtNig6pL;xJroUMJ|W>o&44s?5@+Y)a%Tq%8DMf9&{L2Y
z5riU}Y9!r^1IcDI;AXrT?VoUHnwOr6z%J)}5;A$j;d<G%oyESzbmP8?Er3jBoBIgZ
zca1{*QP{elVvpL{f$m;<=$mlWSbS@oFH5n3?}bg<1Z%&rbKqbPoA7uzb|Rd#hXXIB
z#0DFgUI_QH4)zLO=lNXOc0Q(t?F={X%Ei6BSGkuZalo5{TH(!;n&Hl#ln6Wf1)N{G
zx$js*H}|g1fz3U-j&APNeWlG!mnIwo)Wz$^=F%<P`Ce&rL-Wxb+N`<viVNP)Ck`t2
zbM8wQ#&4G4&0i*#Q}COD<@6aH%yRx*-YCn-85|wUIeL|n<&3h)SWc&57tV4re+$QQ
zrryy2%Q+b(%h_)Y!*XiuG90z~69O#fdwT?yvnw7Eb62;pET{5qik1DVLRn776a~u}
zeN@JBCfh0cmE0Z7a)z;<iFeCc&IQ@)a(@c4f4p#k@{lQjoP>Q0;V$0(aYSkV7)2R~
z%>J=V#y=w1KeCm`nHtIdVGOc=SmpMQ+;GUrHEjPl64w4Pl9AI(vVUZSvwvjE?H}i5
z$T=`OlKrCzwSROCZ~u6c**_}7*gtMj+CRK<`^W9f{xL4Z{=s^-jk_fK$M-?@kLMf0
z&s+}Kzh^O4o(!CX^-&-{=AeyVfW7QMtb-Pa6N5vs7MH{O<e#G$&Q30>v{v{MtVxv-
zz3kMl-hHJ>W$(5N&hu$&ke`fo63UwNgcFFWZ0fzXZabj*VZ{+R87svx$>Pa`GlfoA
z+*Qu~Qv5e7tiFNZU<<2yzZHD1<e%@~=+oMcIXb(A*D(o(FUQqx;3^I^vAO%S8m~KE
z4*B`5v|M$1E6kv^F`$YAP3)dTHM$@8Nou{l?<BRs(Ib$iMgEL1LckCGOB%@E43*WD
zo~Si@+d!5o-z5<|@7?!uA03d_5k=XcqE=)5{LPj0KbvlKEqJVKaH<@fY1<>2`-t_$
za4B0kU6$9TuH|%tyl`A=JB~#bc>1LZoy*YSfv4zYdo*)shb=LctWZt<Sz)O|aFN5~
z@WU2|i`B&0$$m`nIg;(*P2W47)hn0+|2P<xi{PX1Zw`)$2Qk>{sy2ha?;H3c`Bu`N
zY(r%0K8bd8-FY;4z#t@!g43HI4^~VINgDO+F{y+Zdw2W)cjFO);-Bw}E*?QI#v>S{
zcm$(79zl=0Sgdy(Lj!~j7>}?Jk!w1{BNWKu5nv3#{G^?_QRO~^<lppfAgx9&<qMrF
z1LF}oU_8PO8jsLKr_VkyNY^SMjy$sFCkG*R=vt-Ka@A=V8|zz-GZR_g`msnD-~#uF
z{!aCN2zl9RS9|T<4$eI^XHaQdt=)6~ANFp)T3o;Atm;i^rEPmyD-Jdp?C#eRLcg-L
zc%7D7E1zb#-JRYNsuHDXt<`BXo!?(>g>CX2`95fFzj#&AF(fTNHyO<L>&yrh<}V&1
zbV>XIp$T?=eBjWSP1cHI3HGF|WF1(=-9*q~CqW0G7QdAo)0GT@*o2Q*gj}Frk~;hd
z$Y~>6?|>Kbedf+eG}71v`=SP76KH(E1;;-_KI1066#vXC@);H9?Gj{~t+#n5bcGaB
zoBD{Z6i*d!pR~GuspZy5)r-4T3#VRbLpWLy<oH<C8zKGP#upHoWTF9*6|vy(Z`{|v
zaq2JNclWP3w-!ndT3zQ`>7J^vr5s4rJ+&#-xD`x~9aD>sIoeVz2Zp}clc0i`d>yQ0
z$$G+&*CSV3x_q}ktx9v9-|G6608TVu9FpS9UH{JA5%a~V{A8)I=wqza8<+K3O=P9#
zu%_)+&iyS-F0;|CR7~Cn1nGQq0A68<-x+VMu7(kuE18V?1Ia&Uf_!dU!Lm<bTC%;=
z?o#;56|8~Fr~IK?d>TbDzcBI-&<%CPEn%xo{3?&bRB>BkzRd%~Z5AARS1+u2z8N~x
zP2@GeA#s9#DLpyCBs&dTSF#7M4n>~H1g=?HvZ6&U)C-GICbN15PsNq-TJrXBdNW3R
z{AP1|p=zeVGTbuCKUFLIB-Fz>E`(6@O9ZLOB-9<QM}dbOTd|&RgG#Siv49z|R25b(
zYkDj^u_;<h%_bsN!ht(B&yDSF=uK!#hN?`XE5?jEK0{klPP@IGU>^5aP-Z95lig8i
zC-Pa-cD+$Pn`(2vm56n!X*PXv;xYt)xHMQVpmZUKg8(C_u4;v+i5o<dMZ4ZqMm%d-
z7Y_hA1MBd48e|KXP+=ijW%@5)ok0+%<g*y4UCqKDydOcI=jJKrl0b~>+?tAUrjK+?
zjC%%z=(}E~V%&EhksVfWmh-gZTlH26E1v;uR>AomWQrbS3LFc={sqHKY}j%b=IVbH
zz5Xc0^@l+W4MBR00HKew<Q*a*x(>vGLFsEXefxT(<WMTt4998;Q?dwcNhWV&jhdBy
zzEf3GsR5&c(Gdsl!q>#Tmrk;10pe<pM5|}A*6NurFcBFJ67hAC<Rfx%tA8W6)S9wU
z=NXRI8vrbbY~$7-ulAdwqfLOH2Fu)m>h(y3b?IkNbUaXNb^kzaMZ@XRHzBDwsNvgc
zh2ann0QYhX-*%DS$}fT?z`?4bELj_RUS}<SA;fzA3D~Lp{90W0Zm#0@z)>B4;87if
z^gg&DNPgUD?^Yq6$q{s1*|i`y{%KQhvk?h6rQZq1%@)tYATaK>xc`LX$|QNQMcGRx
zI8);fqFD8|s=ubkX~2o9cs|Y+#}yxI@umph6OJxOP>B!6{ey)(2&jBh@*0%ff;Zv)
zH~D7c?}b>-17UOtSAX@}1VNl*0<k%xN#oJCpm9Q=al9g6=RMdhI$_SVb}HW+@*dsd
zcOfo=^cD(tlV0yD<fjs#^?4B>6#!z-2Lr@Q09^r~76Uy{Uoi<=zpF>&&KP=ysKgkA
zrL)_ic47`RngkbX>^xMVPyg@9Z_g|0N4zj5y802}<TrW!2tCunuztjmZF{kPL~FHN
zj?>_;X<A9Zs;<B@`Xo8aH)Q-0yZR&xDgM>ot&Yl9CcEc8B43@ixQ-C{Y9o=auCrGB
z+5}{)SQN1IC}8!(4^2-|pqd{dQ04Ibt|U5xE=ZJub2st)y>E#OMYiQeYsFC_N*yJa
z#ByRr*_-jgZWslk)MuDKW><#?gTu&Be!4*+KeZ^ijPg@%pdQ4FT2X%T%~Qxv7kZv>
z@G)7pQXzeB=<yIOF>Z1PhOmPQ1kskRS~Z-h?)n;P)T-fx^NQd4aUV-X^mG}2!pV)g
zL4VrazuLQ>#(Exgv0O<FMC|Dugz@#m3Osf~s*|1v4U5p@YEbt4R!@)PR-Vw^sbZ~?
z<HD6sK#YB@J>{^j7+5TM>b2xIR<WxyJX}EDXROt~31mIjAt*7l2g>0p!k7b<^=SPJ
zoj#!k$_>?ExuG*qZs-ivA8Rn*rA8{V_l-5>TgNqE;=-vm80h;;;@oDadMwo%I_Uh(
z<|!l(ai6XGAzksyKx@TfNJK9`=$ojlgk<+jI!%P6gj3|6X`C$-R0!1BQ{=b6de6gp
z&l5GqR;wk;tu^3s&*O5>OXZQih4M(($s%_dezdZ>M?juFEZB+xmftzO(m57mA8$h|
zu-M!wHuwEnTAl@x)aelxLE)5dZzlTfb6aSv;@tUdP&n0Llq;lDEV^y4--i{KG-O_3
z$}==Hv3foYP5j(OLldt{l;SJH%Ev|`6qT8ykdGfp6@_B}r^4|mDjb`ca9kb`j?1ZV
zT*`#wS|%K?_=^h1tw5T%|0^o)g_Dn$EDn;7fAT~lALn1ReEj(j!SeAB`xWx>zvo_}
ze0;j=MajqBrWYe0A84<XkBgcG$;Z9=gq4peDlqx@@mC|u$2liZK0X&0Rz4p1EERM=
zS|!TI6A7U3#1nG)IN?OFe5_@|9$$s>am=fiPd?7+_aB#!yWD$m@^PR1|6TdG^y%p3
z<F962s(gI#<uLN`S1(5+AKz8jkbG<@Y(zdb7B(Uu`zHj;$8T?=^6@oUGWob@8Wn~0
zSu**!fHj`WRLI9+>9?9}+M=Xr=(j<n-vF*KZg7l#e-)tLUs3w~bdYhwU92!}Obt)G
zce#Uz_f@6Q5bxZJCf+f7gNe6sw}N;dd^8;Kel#rcek2_6PVUqI@xCG=@$R9y7~*|(
zD<$#%L=!~3AMP2JcvC!BOo{iVe<SfMR}jxnDe->lHzeKz)M1JD<4Y(NK3^sh?^P;7
zytfw1iFeL#!Nfb84ck<P#5;ptf3)KIBO4~(-$WqZPu;?Z_j^$g?<X1{-dD)wy~gPG
z*l`y}za69hcj@=$MbXpmgc+Agzq`E<hJGi!5Doo)>7G#fy;`E*^GL6ESqS~sN#r>n
z08}CLTO$Ds1c1|W`h9FOrQi2iWb}L8WJ;=YEi(H33Ty0ZX`Ft8eY&<M?AxUpc-@S6
z15q^r1vkhjxKX6wFo06<zo5tcD<R^!SOtSn@f`swzJpTnrHqRI#i)2%9i`%6Q^@fo
zz6u40kuVMR^e`fs1uEX6m{M^wrQ(xl35-#XQ&MgYL(0hvgIu$W$trm1THT_#GGcD`
zJUCTG$df4{2hwi_Qf?GU`K>!CDTmt75C9;I+(9XMDy8HdoRpF$E3W?#qvXm}O;u3x
z97@R_Y#X5DxiU%)-QKp0lAD2&C(9}MJ@rYHl2e93D7Z+@4RUgB<Y?4_oSYADPRY4Z
z4A~)5DaiRNCQ8nYvenz&M|H&|l$8Iq6iMk?1u1=(lJe?bkd#kjwq~=Elz;dHrO8RJ
zh@|}Izmil!%p5r>FaCv%l}PzqHtetENXj3j*Uwd4-xh|HuL+RyFCvigYBM9{D-@(W
zgo>9Su1*34SwY4PK*rnC^Cso=dxV01w*mV7LLQ^vC<k2t0e^4!e;EP4CYXTt2_oQg
zMf$CEOZ59DIsJZx(eEoI`fU(w4<)Fiha)54uSx{`MMl82kqCJHvtbB$Ha1QQG)@d9
z;PJwbV?zn}M-l-qC%xX4K?IzVmBno&BK<r-Y0ig*ij|-o0Cg%r%FV)6m6Vh}-&dmA
zM&Z~5O0`P@jb>plYn)0NFR1=e>VK;K(SrYE{i70A|7iaItABJ6^^em2j`~N-{=@Z;
zCjS@LKkEPg>K|Qr{iChN)5ZEng^kuf>U#<Gk0Q#yT<>V?7loqq3*ZX-MKZHrYz#=g
z8>!^GFxY-^CYs=kHjf0^FYcM~_XcMSst&ea<Zn{gFS<Q&iS~=4rWa+um~=AfBJ39h
zDy9A6+{qw;_uVVP+Ak;`F#AQ5MUm|nJHJDrceZFiRtmiv=CJ(trJ~UL`*9-lws6RW
z-o@Vq+b?)FtjSUodP_W)&wjD<n*R&?#S8X}vtPV#{Vx-LFTj4GogKaX!Z!X=?H70R
zVZ>h>AC3Lury&j5FDiyKV!v26q!IhYoFT#XiyPNbq4zbj%zjZjmddwF%rg7M&#ZB#
zIXe4=kaU6e3n3}gevvBLFE$6L_-0DQmju}_T(t`O#l6;wUz&v4FYMF8*)N`Z=<l^(
z%%}*mUp)J{!hSL8-b=J!tctxT`^EBO7j3_I`Y*l0e$nIiAaee5hlcGJx0Ob=U&Mcd
zr2M_#!rCv+JVI&mLr;mM{AvOy40=#b$~W!`wqKO9VYfYnr2OLrm(P9?Z~TwhFTT&Z
zNc+XfwEr>!9=-j7D~jHJu`vIV?H9{R!Vqx2BpUn0m9~cL7b;sc_KSVl(bzBE&knX<
z-19Ca<@>Ie*)MJ!MXC0t>t*%}18ZD!{S^(wNB4|I{!W&Hqk9I)-+4^_{w6@VzoC@-
zg<$#nY&7!sKPCss--jmtz4G^lPlDy|10N~m@0Z72qWoQ3mvk}m_t7I4BY*#VO0ST=
zX9__CyLapG!O=Zs@^{JOk>&59+mLA2{}NXI9^|0Z_tS+U(SDEs3Z6na(bjDXmcN^`
zVI>QZXg7KM^2y&rJN;kC-(3b>Wc<f~|1$D@A@Ls%UqJlF=u3|Om=iAkV@_1@ADIow
z-<Hfq<ZokUBl5RDBUt`^`z;p#ag99wV+f1?xJDlT!5YscHZFf_L2r&GzvU6LWIqW`
zZpml#dvAb#@1^v6SrGlcKPvjYYeI1R$N0aOe#fj0iT`+C8UK-Ysqr7R7e&8&9J(0#
zef4oA{r==o5dD5QA-w&hmpuMsRs-=Ln`!*VPhsiz;}5d<kNHyk$B%@5Z@otm|FJnF
z{(}wMG@r(Q%({&6A8r3n;y?ObWc)|+|1SOBJm~`BKSo?~{Kuo=;y)gZD*hw2!T68V
z#^OIx8;k!)4T=AFoyC82mB)W%v-pp$^7s$d*thHdcz(;HYPtXFQ<KtvMeoOT)Oe9c
zqkcM=rnb~ebP+bq3H+5!3#4OG%Q`8kB~#&#IhmpRbiZA_%iirvn%rWrdxrgC@Aieo
zbx>zjZ%8X`+sevoYHoLHzN7QQ@z_<4*;s%btE(S_eh!jX4v5Js*?Oycm$kx2_S^<5
zc{lc?ePl|^O3_P?o$RddGD`OAN{YZ&^f~&9me|#Qg@=S=b_ulON3S)sM0w^=bf_7F
zk8l`&LH?YnWUJ*8vTWR)PEhZVV9rTU<%Q(K#BuW|{R#5lRO&*`iwO2_TlrC1uKS<t
zod|2XLB->rtbA8HKS68l{yoyavoVkc6XNsM0SegoIijbVBT`DmF@p7*B09P8oW3b7
zQVM|_fn(d&t&U)R+wRPxT@I+iBY^~?l^YVH+?YUYqX#jVz`HG2)yM4J>ey+@R=!`H
zl~0e;LS9Yxvye?<;!<iI_ai<Yq8@YMmhtH0M(6pI7V9RMRAh5yqG#M=@sIDenYpgv
zig1jj4Kg~M3kiLc)syICQ*VWXm4SXTuXkVa>XUZ*T0l*St5ocWg@%q-_#dPfw=4YJ
z3lsl_dIq;v`2B%AxJndl$Aiy%qT+l7eNqjS=<s!x*K5b~6^vZUHl1sRT0CEYBkN77
zW(O%Z2S0Q|KO3K>x4YB(!7<9QTy+{eQdK&iX2>9o2H)DGV^+EkeA5)?x%~hnX^UN5
zVeNKSs%K#N!`iJD)9uPhLp+o-$aeQh$adQjKnBuhyVDc&SWkqO0jbWw%Mq!@kVd);
z^lq6i{Bx03ioWn;kiK_2-{*$g`QbOf4h1p2^_6@5w9Q7^2+oj=Tk%&6yzP$zoAZ$9
z8=oC0eNb+#5D3ZJOqPs<OeH5|Tj1!^l6FAyK9=0$^7;om!Vj|&34#nI^zS=%q_aMd
z#+PXi2`G^2)kjbNmIdk`^#5A)XWwwUB7bif(TmWfJxor?4tIe7ifk=+L-X(iY{wWj
zp82==K?GSd^}12zx>hk<^&os({2+rn(@+_y9zmn@G{4J#gr0iuX^5WwD@uBLJ1fy*
zqa|7*(bb0(boIx4IbF@a2kGkI#^`FX48IztuQ&YvfWAJjpszi;{tfi?!?*Uy=qprb
zr1X_0TSAQ5*S}l+RT)WsU)P}hZ}nFb`f9eOY}dKIk{oJt`z5Q2et}HVq!V~5FTog{
zKGvdZrO}YBNJ!6c5SNZ`A+)x+NNdSMO~cg7bd3QD2Lq6a0Aw2ogozS|zM$IkLY$Rm
zRT{jr2nJ*XNOMcbR_!~9+;#B)*=h*cJbb&S2SeavTm{kJ2&v>`<a3t+NCLE7cJk@$
zK}jdbV~x{GE-H?a?a^3qAG-UHe>M#f!tHwaB0g5TiepR#ickfftK9@p@LcWWxn{8E
zibt2|iq{iTEv(3Dqw>BVO0=KM3eCN~AbB;H((7bGuiySsq}MakkzOY^NUv|{a5?C;
zPJg>W*J?0%2!l+d*Q9GTh&+Np>=E1sPoU(j%r=ViJqfkQrKUBVVQ?xvd1tB$ccic+
z8BgAUpTfqmc=8V2P>_>b&{D0E4j~y=sfcH6;5@kRe+A<aI}dK4KHBr(e$_=d53aH6
zy&%8dc3rgBb4I!z(MS3Vb2C)J)t*@LP@C9xWvK3u0lEA!x~Iwm`SJk24&YBNMEJxY
zc>i{nzcq|t@&Uk?0(>QfKff~+J~jwG58(en;lGIj-URRk6#lK9!RwC=S${2&;Dnnf
zd~p=;n*lzS!jFvteks83;t{@22z;{;_(Fhxg~BI9F@G|^Powa^d>st034zxFd>V!S
zGz30${=Ksad>ab?bQJJq0RQt72tO&@dMehn0DOC;mJBs+u9Wj5ynh(~3LW1kit8l<
z{4@%m5Cyyz;L|AlFFT^R|Ht6|Dg38F@Prn64<)I*>9=U9zV4o(<vdL`Z3C4)9=LUN
z7M3|fQkG@ps<X^E&OIZ!Ix7{vD(+uAPl<Eyvbs-UP!3M$U=#8WYg22g)Q(nG&ulH{
zI$Y1Ws<gt$eHxYBGn?o?<Mo#6O!0z*UuPPv)tPuj(wFR-X;wMflA%QAo<{z)n>_cN
zU#Q*C3=YGBk+>jw1QgK0zzIy=%Hnu1mI13x&Wfl0kAy4mJhPfCt=iF)^UTx=lgUCj
z*G!WNf13o)r*vvO2u+3Kss--nJy;(hm3#(`zcFaM9macR>V=J&c+D~1FH@0F3$bjH
zbBFf$WzP@gDR_M6I9IhE>dww2FE4XhJk*`G@Y!av8dJLGAvIxju|(dt__t-0)THYE
zy=nF}HqRrq93NXo1iEyspVOsRa(uFIy%wIx+2V5NE?-R2F|no@<DYObEIN74HJd)$
z=_Xh?dA6<QkZ1cs1-${QXC$m916EVyipPR}@FJaBk;A}oWa0~jQ#NU{cjjIqXvm1P
zp~cHHq1H*0=i!5I@h|eBGc*<H-!OLP!qtz*tKfCdrVsLI^=W@inpW+M8AGoG&vN@7
zO|U*Vf*~NmKO$Ze{NtyXOO82`33iz>l73lY<#ja`YJ0&iw|i^{<E^^%?Hr%Pk8Jxn
zI#1jcR`*^Z`EWDxTsNkt{Oa5>-r}0wN#!sSoWuKnG(+{VYVDt0KT?xFAbYvL6G~r>
zN6!J4Y;DRA4s6Xw>hXv<D15t5Z1y%A8>b4|FDO2<`|ey75A`v12EJSkkBe8u;72O`
zm`gv((WjDTvK7oU+tozq&L(2jS60`?cyf0(UHSnyw(~Y?#gSMdoXVe1Hs7y@P~8O#
z2UV`kYTak$9!<FmM94VO0xlAJ%5mp+oCgZV!-=YrwB@y|*D!e`rQVTFkw&l)In5G+
zI=g2P)Vcd}1?n_=grH9Uc^7~>sk=3*fc%5|!BwRf+)u+CnOYFYtnR^NM4DEoPcvC`
z`oSh38APzkHi>fw;RnILZjS)|_3s29e3Q<P0RCyc1)pj_e`e&WWDAljO7!%E=ouN&
zBXeh&$!9A0<j7|p`OGJuQ^{u$=l&22qPss_LO+(lM|Js$C!mJ%f;HGkE7ZCdl*4LT
zEdU2a^@6=B`d_8;{9HI05o#=-XUqD1vyzIowxWGoB%``-$pa$-vBix=Ud9qN1c_*R
zVp~gfdSW6aqmvR%7S|l3%AvD*W*C4FPWYr5kXt*1;UTygpi&7`GL7tWv>~8o@?y6p
zt5NhU`K+1B>Y0?ti5K8tL>?KDtAZlPCP#ZRf+Hh*$smUw7lwU?*8p#&5k}_YuzVOc
zl?*FX;WhHfh^8rYL^m=5zzwjjBJn~+cK2IY+uh>&94Q8lD<b2%rO>r`3C)Ey=m8R5
zgq_FtVX3LoI1Cp4C9E{$p?xL$ogMIW!*usa*UzzmX2(OWb1`$;KuD$QNG(^ei)*@v
zb3dl?T}{@8l4#OSviCpz_&dMF{Q~+>tvoG(@7`ziET9b(5nP9B;o^iMpRjsZ5G0w@
zbuO0E*=o6pLovcPQ@Y{JYGKjKaO`UMNUhnVahNjr56f`TFJK>`_)e3RM}#Vi)s?`6
zUN|e&;{M&@Ivgv5bL_Ra>SN}#X7^z&*p2tm*LRI5P$%t7cmE-r`sh1<hWq`*GIk%!
z@R9sUZiKc_R3<k93leXnjNJ&iMBq-Ekvoyr1~~Tl8sy2p3(I-~X)8`#gEQhjU=ZsV
z#B2t!jzW|NAj%oUSOx*VE&SL-eNCm-X-q1IHrPrvm3qgGWVt&K{<zTZX0^(9C282q
z8us^5t7O2=U34raF!Q(%E#xPLA}9}rhB{VO_%j~<OoTsE;g6I2!5ZFz(Rt1f^2NH?
zD^%Fnmv97)qb(wkYfi1o*_05mT48fC4GbU@EIB;H>j(k<&bQ2J7J0aVeKQJs**BB$
zJNsr9UUkrG_aoO<$fLr(E7k14$0hryydqRzsiwlnfMhC+Oea0EdaWpb*vO9ObCNyx
zGf{)-D_cvB&At{S4J#kVBn`qvt3c9NViF~d@4Uz1aeJl_8lB5#pz}90-h5AB{AxNr
zpU*A~9e;KB@y2P=c;CZha1qY~g@}6mnykS1-h7(AOzUXF@t**u2z}<`$se7eS?|!3
zX22L>atk#yYt}#_VYy7Q3SW<nGEI)pLi47!Osy;VF&0SKY(kD(5C&=>4AUU&`JfrJ
zB~zwK=<ZCQy+dwNtAvDg*p*AW2!WjmM0P%O{qZ4o71Az3NoN8z{RFypW7m30FQJ#v
z%b7qkk3sJ`(rf3}QyNLov3CZ)YAKSBW6s`oe$_JU*rd@FS3oPjz6?A4x)S*9%_dYN
z!(C@_{TfR~IJR-T3#s4+*P+-ljV|LKFc(yCQt2{y2+rg@pDe-G`wH|7^7Obq#j9Ib
z17RATMMxZp#6(C9=l-)yLtf4|&X%qNv9^Luwx&dqy49z(@R~#mL|gD{1N608!!6}J
z{T?U8=?`ncw@8a-KhRAjzk!m0V6Jl?x44L41O}(YFr0TSQ>?d4w%)hsdY94lmeKXz
z2J4+b*IRaB>s=<TcavhhdvLwm?(asZ(1UtHWC!Ys?^h%JS39pEe`B0>AiYi}`K#5H
zyhwS2URUx3yn`Dsl4LDVR#&!O4Q1%as!`zJhiPjz5JcMx@iKSzjE7+{j`s-kItm@b
zpx4QvHvx1n3axSQ1iG9;YZ!F79Qs{=R#RxLuDAd_&bV>NKuoA0;%EzDj*BkZ+0pkH
zdZYz=FQ7!O&FpR*<8AyaJCJ3s!jF<)bjA4gT#peEvz^sL_#T8i5Y#<%)bAJS-Um5k
z7DziIK*+prJP|VYP6q+eNkyc#P!nI2kl?7^-@eqqwTzAy7Jfd^dAAGxHl3)K1XEpb
zVZ0FeRMzYLCz%lM2KdugJ@JNi&>J#3|K)p~l6u#HdN_{>wmoilT}g}ce!sUJ`IA&r
zrb*R3UFG(IBSbG0zWW`ueR6!f*Bb^POAb(kR?S0X_SVAe9`yC<ilH{Q*H9nmDxh6t
z6Mq6-H^{oU9^#8z30;Fo*Laz{e8+>RuMK?=^|fISD)hAxG#mqtd;pmewKao~Ipv(+
zH8Yw1Gz)u9o+3YU=}%7Bj6VzM&wSw{`1uLWhAl<H8>EF%kur_5CqzAwXSyV?SIabx
z8>?MqD*7Kk5jIR$XK$~C;9<3EDQlO2ox9i+%L354;<jviIczrmJ(NiZW)rT!bHE!Q
z%B^I}?5m{^Jt!Y2%QLmQ<8W8D^W7nV45Bl}I5NqM>mtl}g#^A|6+EM_h1A(W&4fQ#
zU3sIcdoyG%c%x)>T_uq3DNbq~2_jR=QL}BAAn`LTJU~$!VU7{dy9o%@x`ol3!Njpq
zPZ%A>Q++)gWA0v3$z$%&tLN(f0quKL(ML&O|9{fH6^g#s;Hs&$`1Yz(A%IO)MW3mz
zq>SLD*Gv9{0(f_ZZKkBMr62a0KRE2lTu;NUS_qpvwNrV!)dvII%>Y^oZvep15P*dY
zKqt%xfXB$sC9?g1>ipP;z>Fd7gsmq|`T2>a)Z$~h;=5xQ{#kAOG_K*-J2Ex`@{N>0
zvNa6((#UkV4P)NbA=Ak)?`jRhJXlv=!|MX39Tx2Z>+;1iw1ai!H@vROkm+RWs*GjW
z3hOFtcwNtiTbEI>E}l+j#C1(=cwGezt*d}el<MHfL`C5yx=Mn*C3IcI$BNqe@+62J
zFkA7lM}UOPZIpz>G_)`^nd;0YRXo{d#Xyb7ce3FfgUQUL5oW$d8oV)t+>znrYR(S6
zF%l4D*U@Gqc}p5y?-L=j%GS%%*$Da}LBg=)ez#y7+1ZX(RjyZ&Dj^wH(Hm0fRE|#L
zt6i^Af`vQ*wAv~cNN#H8xK&cHrIktwrprZ2bhRRCxGRllKAD4kCPiN&?b}29ZdCMj
zr+uH$zTS$yp0w{J+IOp>?<U&kqJ8}oeaW<M0`0RX`ufwpY}%Kp=o>`)deOdYMPC-}
zYm*ZpO)(M`e(4;craznuONFb#Hd89>hjIPShaGoq*k;(Ax{|v<N_sK;xcTA75#n09
z9)|hD4->*RQ#{s{^Z^;jSr>NXxVm5-FySxC1LB0o+Y%m-_g65$GYlYJxElcGhX8!W
z0JK6X0IUiD@G*d<LRSFzJ_Mi*3qfus)VG1$zK{@P3j=5_`~U#GLjdk)013jU05CcP
zVCgxLS^f(E+#vv8pA(toqX4iW1R(Cb$Sm&wfHMSuo)^X#<xLML?ESBLPlek1fBHOv
zy<gO?WmbPZYEE5{O-^x7N=(S$A2bsERJVA83SzfVVR{xdB-f$y9N)~wKO$IN{yDnE
z=@_}uoa<h}xhh)PQqJlYCaD1dnh|;ylU`b+=J?(=_g_}`Mxo2tZYrDmK(<HIj}WvN
zWWZ07iPwdjxLN4LXArYmhfZ8MMlrGc4i^2a!bBAVX0KZ-evM5!Ci(MtJif14O@*5C
z*t*9P?eYtbZzWsC9IIjpvu>+Wbqc=x_ck!OR|x}f5#)jXXmkGzCwh^UaF9lka?JUR
z?=I1C&$%mvpI0|mu`XT7bn@nXsiK7ux*e;UGtC5|hQ0gn__?3f$FS}Zq+9Wlu7H3)
z{=wvuV~&1y&unu>(l2PgiRi!4s3iYQ(N_Wg4VfdC`G2?u{Xb0t<CB%+3)%Sm2FJ$*
z#@Bu+AHNE?IGG}YOi@Ip2#Q~dG+%sRzB1W-Jb6fzpq8ja3&2Y_&m!QyH5Ej``$z@0
zOthrH&iepos<QI)fp0=GQFlxxnh(6Pq+GZ78cc9G!=~2gN|vfc>ia88ilJvYw!%=b
z+92(isrdZJ9-nIii$3{9GrGLuyUD90Fgp+?_4B3ynC%2cw(ycH0_i#!OBTH-n|!r<
z*26tm++Sq?g3m?#PKlkK&&EKMl<QC}8A_hpp4$r&R&t)H>MB((H}5O}Pa_*-b7>ss
zud@0#5xQU}5AbvEDMY=^?l0zkF}Jim2H^Rt$O!*HT-Wq%zF$DcC)mH_)#fVSKUjv(
z{(4x@>t(p0O|tdeH2p62Xz}QTgSBV_`id*itgv}ztE=Mjxc<1Bj-=mGs)L9%IMSfr
zMmABocRnts!o7hk$5PsXgODx)(Vs47^YpE_96>|YLe}Jan$VVViMGVp_<XXd&lB46
zEN=c-TX)!`WMd!DEd;lQr7Hd&t7lG3M(G5)yAKKXkLsqftB+V+)iL;zi#tQgOiEwf
z{HFks3Ks1}@{*+{W2cIb@(%K_OZA+;95bO9LKGiI+XHoT+Q8SpFUU4>#lScW?@3Uh
zX;qlKvN@Q>>2+TrqkZ$q#O`gWbGOY+Ej4o$zr{l^wfHu^p3eIYp&zndh<OEvddCpV
zh)n;_=?sgh<8(1~oGzx0)5X+rx)>a%>HGvjWPZ^t+J?_8%}}OxUI)e*K2>m6xVETu
zpKb9ZY;jdsE4*=>y27ek{gqYyl^6Dz#dTiojE9<W2Ym(U?!)sAlZQ74f3x!#X6=Z#
z@##Bs96ylb=LnqotZO@&(eLT!cU4;}j>p+~m7QG4rmnEKHmfsqpOt5MH02goxz$o3
zkn5c#Jy5obOWEyQW2xDwwz|J^T+5L;<Hbd8aD73h-05k%(*^k=WYE{JPWM-wC(Udt
zn3il;pW^szGX!3_s+mu?77m5D#aeMVHY30<viW|!gse{B58fE!58g=q!M}q)IE^Fo
z=F)k&(0O~Zd2zn#oG9kYC-W83`SKf?FYB%-<}0!lpu$9_EDD{nFPn0FkUzYa5Z|xy
z`O#!8yuGy<b?u-v%Hpm9cUzezU6=758m_6OSeU;Rl2Lj1?*77cC>E$2wJY1y2kh#4
zaJ8#<Q%lr9$50ei?x*tgKPXuz)bKNvC_5jKNPTlgnH^Vh1up8O+N|b+z4(Nld4{#6
z{`;T}IqTnGtaMSi=fHV}P~n3C{8f}=PeyaDYhBc12#ZOhW6Gl*qtz964493DjWZ*K
zC?GUpE2kmlkFYEoHC+)Rrx$*F6}*EREsO|Q7!|NEGGJkJz`_UtA#x^r!4$Jyebfeq
zRV$xkg1C0qCcqmaItfsXvJXgD8A*QJ-?#I#`m2Ozk4Hq9YJxCz&b`z;>lu}5a~~Gs
zU(`gr8OC)9ue}}wqckwS%JWB3>K)wzK@h^i-~4_WjV(q=JpZfTABgut-x3c&5jo^v
zrk2mr^Mm#796dy%>N5>GeU3rbDhuOK$!|0HZHABr@|%3m<j8LhLL10$@;x)3{LY6E
z2lAVI&nzOpiy+j2{3hS$!!FS27vo2(1@vPPZA6wx`j*i?`mu;M&R;|O*3d@!LE|I%
z`G_<0#9q$5h<?y$3H|)dblhf@6gxqNqx6BMe10(+^wEv$Mm`oM{=+>A<3AoBh4CM*
zQ7r!Bc}4uk>*3-*AYKaN_aV6LOdz;z)awlew>|QnM#ZP;E#wVYsx#ZdM1<jJlFEGv
z96!wfUfZ<>a7t$y;LLUM$@20<{YVyHw)H*OzGDn<jBP8B3ns-fSMIb<ZB%2>&AZ}L
z8d>%-`DF3K@+qDmQ`pFLfh6i7UZQ&}jhjg7gs1q3cy(1L>Kh)-rW;B=$1kbL(yJY9
zatUWM2q&%rpD5?KH&N?|U8Al{DzAiiY;<daV-24bKTcm$8SiLUQ>k|Lsi}-{PQ=PZ
zd}g9ME3xTaL|36s7rbSsx)LL%*rW3fc$aJ(I4^q+x=#7&25=;`7UHfJqx{H>j#a)6
zu)v2pz<v0w?kofAc!tk3y0eVrg3iUhe=rw}_ddVUzj1H``ZxBCK>x=65eokXJU{*}
zatmrlYjSS}eCgG~%_z^Dsi}-}XhrO(&Z5?G@~GvZP1WLeukjsCK;KOpqc9A=zfa*J
zd5!$!(@bTtj<#j+;`o{QLekY>k;g25nORGrAg^DeQ3dPABZmcP#WBv#=t;aD*-nZS
zxt5FeFbhB3i1P0S!93)g9}U5~Nn;{woJkwi4k89lH-OL|8xZL0*Ef^Y1;?7;0Jw2?
zdRyEar&6AOMV@aIA{)Mfc*jkEMZL+LB;orVLSBKjAk!#gf=%3HQWT@A;I-fC%So#7
zWn*3n!PxcW5r#^5o<3Tl0swBV#&@c5bm9uK62s3*XnI@mh4y+b#2yh$uRpB|rq}z<
zUo5>QI0^WgGz{t2^}~>U-7t*OuUDRt)2}8k%IR07@_FM?;|TWS3zTqqvh)m;zg=Hb
z5$k9VC41xehYjv&hMI~P_}axit&3Y5pm9J<BpUb3Dm1Ag%3I-e|0J}gTSQoSpo=Wt
zF_%#yf);{mwT4Be)O;w$pA5tP)?`ImTxPYf52gm>ezF}UNLwf{tEZ5uXPYFBA8c^v
z7|LL=gS)tMx-`v_h)XbCIs7(czhJ(Gp@nrQ?*BnUasQ_cRqTI4?_zO_8-lkuozk2A
zwj#bY%zjfl+u^QDly=%p;!ZQLO;u&bO%>z#o-}r0jjaZs^Glm)YnaVco)o8wX76Od
zBT67Vr%h5#S&Xy0&yrLFXzZQxG<mcIIR=jG2oAPHpDpvM5Y>N=BhL|bL6^w8z-xY*
z#b*+nzlFtveg*NM^rf^XFD2drZzUVv3ViM2&hFAQO&@gx=zzC^=~+Yjh2w#PlG`C1
zfOAXx<^EjUFZbl)eksVM`(@fw^8GU6rAvtSWReey_awh)Ovs1p=r1b4U_@FV78GUo
z>IDZ>^uO@&LMAxU5~Aq+Y?-V69U^GV32Z|Bn-Kn)K_rbVz14FU3;xV%YpKp+p`Q~>
z7T04&6$EEG4N#+2hth+v_8%+&bOywKW|;|ODuJZYpGJtVbV3Bu_LfvqSnv-TVQH{>
zrmzUmERKxHBV%&u>=2c7q9qOF%#&t^pwFy)0y&jH7Gl7o9%qM0r6GDcdv`XwmJDEF
zpIJqA_Zu|m^E2F*cnt_(>Y<~9PCbR!uzFUbV#Zzx8MTa#!k7S?yH6sF`~Y8<r`;Sq
zUEqgLK@`bL@Y?A0@C}l|>*(M$c*%}rU>O})qo>bp_EYT6J}hTfEvEx_(1DwAppFbI
zXVmcgV&IS^@cL<F<7a!Z=dkd2Q_x*#1R|k2F(@JGto#QD5a5V#uq6nIh%!NGa8^kC
zIwLHzo%8!*K|Li)+tpO9Vn2=xhov8UzeFKVEB%5P9B)%K3pSji6@v|*(Tc%_H)v6+
z5`Ny-1vFpZxA12l8*CI3SocQK4f1NJyxD1m2J~XMFJV!Ocp`hg2e%-JpZn_QlX+Ly
zMohI3xBnDa8KL-l-k~Ds_IDsxLO~BOo^b&dK_@KYK{7`e|9}|JXy9{<7ZA_5tZN`1
z@tg|d5zTyda@6sRbN#^k>G)4n4a7r6if2p-#3RlQ35JxdKf?IjQ_}T)0~(5l>>1(y
zuavH@h;6ia(9_FfV4vp!GTR~L^SsXHc~qKDFU@zNCrDpO<u><U#ao=;`rfKZ)5l;e
zB_M?G<ii+Z`ScpK@2T-Y?~ig98$U;DK}+;=YB6fEtr#^)wq@7mYL)QYqHw{JZJUv<
z?Tf+%Pg<et{YBw|C)dM-|6CLycybL4oJo6;zBoErJv1Vbnu`cbmjnVcio&dsU?>^+
zgi(_+fVqjnP>MlFBF5XXI6I+=ZzjeC#yV^$ew(cPTG&&va6jZJVn`lTp%)&EW8r=V
z_K?XSq#s0!x<Xj<kTUG;I{7;$dwOa!jAerXGBC$?;h8m9mlnNB^fe-=*!h7h$ZZ@L
zH6{mw&Af%6eJS+uBrD2a*IQBky1^PneA)c1r{wWvGqx&}r^2m@__8~;2FI6WVGF*p
z*$JX)uQxWXks9IU2v=a^W~mY1Mj?03Pi=Rxj<NVM(g{&Rt9h8<2QdK4IV?;7Pb*(%
zvD=C-DnZ;0(^L`Sul6lhMlTHM1*NO536!o%4DY&kzUEu4bjeQgi!Rx!(`{AWJN*#9
zB;}q7FWVFvYU{6P=n~v7D5RXQtS!zwz|p)aZ8%wMu1cj;P2&+Y?iBS?`pesKISSvw
z@=k8B*z6c)<)5WC&LBVPq}UKY>K(BW9JDhBDEz1y{A^=Ji613_bh~G~At*n}$|oeE
zL+;q^9-B8FJvr1N$6S@5=5|;E4!KPkDaW1LIWi!fe<Ybq>PWMB?l$9uQOqY(o2yrc
z%$F<9$3;7z%mF$hbiP7yzWiwClQ~4M3z_dD*iJBIDw(oK=1+(`pUgqJXH{T6x(#f6
zpF|6dIxjiqyunup4UAZUjX~xOeI5pjppJod4+gF`>K~T5Ci7M){IhFRqJNeKwu6hd
zasRB$jj5H*m%+cj86V9rx<v~>%<-%OnqjT@1)cO{KD$cv&6C--2KnX(D1Gz2s#HUR
zQMyVf>x*7_g3<#54*8?bSA8A9)z*wIOc=UEbjTldy5X&H{3BHT)QNeqcZN$;RCapD
zTunWAq9gy!Ma@;RO{6RN5F%}A&inmRzQ35y7=><1^n8P@V1^OYwlE%>!Jb4sPCnrO
zMSsnxs~XH-JWAx9*bLBd!5KC)nI=e@LlY!Zqy$N2e&ns-v2G+k68vE^bLrGv=+r&g
z)HvUVeHzcV1b^7fLONf5BlA@sjbeR8wgO~&bjqU8Df<S}Lxb-BjIr_cq63UvVySou
z9;5$4u5vTGO5pwV5IUHmn7@q9zebwBEZqDw+JRle*K-NAYzWV|B6(cs6?Daqv&BSh
zKzXf9?Q8`G6vvCc?g9H<MDvNR_+j9$5ltxGVWgYqF-bzb4PqX)pu|UgX1t#BJnVO!
z1!uG0`<M!xjhij=4uH4W<{7L{V)in-XGkrP_sG-OVdq=p|3d}4`%BWW*RI}eaeV<E
z=ABudwmU7Z4OUCVZ*g|MGyXqDu&aNxxV{8{{aKza`z@|Y0^o}y<46yo2r*FV$eL2?
z{3n<LZzR_tbgN#=>C!iIygHJ{oZJn0(2yt<>lj(4c3e;19cAMO2^%M(gH<3PVFvlD
z$iqz(1)${*MD_p%+?#>)<mK};P`@zP{(3st{<`wyf2qH$jP{kOBpVXxqmA>+X<xZY
zvM7;0iYU~S#4kQTA@P?RKL{lKwFvquMSEvOf3$~v+#l^>pY&(`uQ_siSjK#6XkrFW
z$!-OPwJc+G7Rq?ztFwAA4_nZAc|rcMGbIiA$L?4f;vd7Hj94P`5@8==KgQR_N&Yd`
zZiM#1wB5+3nJiFH=fkuf<H?sE5&dVLrC^L88ib}UPKAZ}h(uj`K90H09(<V@7!>ve
z*?7A+ej^zJs}MdpA4kp8f7Z7~W5x9_hr%9Al~=01b#?SalkiZKd!|xP|00#>>3>GW
zV%)VB-P+6>OVe(YD`-ua%&$<t&=lP6ISu618v@$kOaoH|onwRv<T0Ukv4p@F11VoK
zjUr5rkVauNlx$h}Op`m!ME&v;p@A%?M`>CQ8isHeq*UDF52O$^VOP)<Uk{;wOU3qM
zXT({%KzrE|f`2ReqQ1AhFY0@*^i}%XSbbMLdVFGa#U2&p>8c^PeuhERuX2fg)spjA
zgp!>QTwhD$$DdXO2bY6Sr>)N}K`h6~VjO+RWX5olb!4E<f}kk%reepOn#wMY78Lc_
zK9G3@m}ldbXCxgB3#pOk)PF@c(9=foLuv_OcRy6?8%f)r#P<6G?S<7AroUOJ{-%aC
z>q<Cyg7ZQ<y$_I%kC|pSq_$)y(cN{6Pm0+qfRl%hv;`}j_s9A$kgY{E5FkHgkahJm
zK37&xgKlZ6oN1f`5RG$b(8}`?0{@~CLsjZk^3Xv8R`sowiep&#=_aJ$e+gUqob%I|
zFtuZil^<yciEXP<g~YZ&2&|<lzI9M+o5w7VZ6oM79)k}@8bjvX7&_-Wbk0sebEYWf
z)KXN&csWeDhmAo-nJlGQY6hd%6~~A$PcoPr35;2U2}IBd^}!KzQlXH89jN3DiYLU*
zCAq}dIdWf%z^-yNwR>U=E<orc2(rrQ05O6>0Il3Glg7_w2bxy1rm=o_*|`6r5r<|F
z45;er&?8N1msCzZW1K0zam=gK@ll9TAe<r)_Y)?nZZqe{fsX5l>~ECG2Ba$zu*T7u
z$Xg~!-b&aquL1=sgmM2-;f-+}jH&oN)^#|BQ*RUfRHcsqYl{$1b1qmuxc#pSmk$P`
zj6i56pJQ@oncRa-y0uw7bZZCqD9!0nnn}K8-AI1jSekQVY37ZUO8eJ8Z$W<i)Gf%5
z|8WcD$Gc|8`SHz<N2tdX?4GL5qQ?MKXXOJ_rA!}F^5mcAHN=xQErEhe<Mnp;Y^flV
zwK~%XpN!esJr9~$jiw$1q#tw<@Ki7vIoflcX<&A};w-JYFyfJBVnHX40Of(T4huPP
z1Q3j{@1KQyV>koTGfZ!DA0eWhpzj;6veaan0>Lu*V3zDy3wl6iKA%=d)=?-)fR$L@
z>A2AGPwFojQiuCT=)R!~t^9OE7{Hp^lO`%Z=L**o;fQ*nr~Z@GN9b@sMS1#_XDCk}
z`A^Y5&Ey-gI+OFp43$te600*!NattfLMopH_Qkape>K);+D<g(*=F!?%v}x!Zs$>7
z|G@i)&NkWnta`uIzg-wdA%639u1Pbg9W5~KW5wHO7uT+#F*21&<)V0#9??EtsZxb8
zf-gQp9`YA6!WqH)kcTR)o`Gg&6IwQ}L4w>GmO!M2d@vc06>fZ+B^kyO38B!PR!EEc
z%+xoX2xV}`_aKksjucsqpXM@~a%8*l$VD3TA`Pg42cMRY!qJPq<pEoAG9*)h)L{v+
zA6MLj^2EnCp*-=)P2uZF?YcEyMIP!vhYoj6nwhIkOGWM-A(rN059kwN>PaQDd;oKU
z`2aF=q3|z7K7k4Et_||ffiyqCInw(NBu=rq`As0?zF=e_=OOe<W#H!h1vjF@9C^;Y
zqg2iLD>(ONd^;8JX23qyJ8-o}|Aj9RvK|JptcPgqSw~_6`49h!SpTZz`V7^_0s#fB
z+bGt*8hJtWuUf$#+~M9$W4@DU1bzj%Pa5;RK{ww3lFpAT3cs1NxytLSXZ9t9y_mjP
z@1qw`F{@#NP_k$eQQAX})JAI$3N;4hc>2tSsr$>UEg|)|UTe%ALJjY+4lBO)tB@|d
z^LE5hRWuQaaLcs9$PvOlqzGZT!Ef}#8dc<YrheZA^UFui$@yiNdR^afq4l~zzu>b8
z9~lg4hEAVmhU#4qd_Yv}R@p?gPUE13LykdOIHLLyIy5*RC_m@UM(WQGMh@W4E)?TP
zK)-mW7xL4Uy^x>2*^Ba1*Hk$_y=GQJ`YriKgi~OwS;^cw;HT93nKhhp-PEeAT&7Ql
z)px6BHpE-+cQ>l<PWOh_cgN9oqPAgdAhhG*N13$UMB2@)9gidJN!!h&J(;y9LwkGL
zo=mu_-Y9X`R3O1K|3vPZO5Xr^_<UL(S!y2TIZJ}{;r?!>55Iqm>BDc*FD79*{bCmW
zNxviuOW+GXCRGYv)&0cy?Aqh4nFfCJN$TqVg?x(od%(ZHh`=fLPfeEINaImch4RAC
zcvJ;{<oHq4IeHp1p7x+i6;kmhh?Q0{kv88;)$;k0R#PTvHD9R2)TpEMTdJ<4y_zMR
zc7%hOI%CR|QWeLGz5qp1z89D({z3#*TvxIf;NBNR#raXxV5XY_wO3}EB-q&iTS{Sx
z%%4YL%>-7<V9gTjWPlw@VTp!v3x!Q4uzCiYEWwTiSTlt+>WbT9Wd6)l0*^I_TM55R
zV0Vw2j;}qSPU;Ed-l??xHyQ~>8aT*j2Z6!nPP5U3bVpa3jPA6vtnv{o@f*PM+-Z4o
zvqy9?MC<t)RJ3wS({fo(`kQ33;qJ8IbZ+OXz7<fs-gThf#wUyKzC;6h(s-FIBjt!_
z%Qy|Gz{6#gQm#BAzLj5~>podm>=E%L?1HZ8vM%AU_{=vz*8*AB*2Cf>eh0di(&&Gs
zd}F<V#wXrD;}dUaz+N(tD2D2&?IkNilJTj%WP}6(De+)0NsDAJxk3V+6*jY<b)LgT
zX>d`dh8Hy~%%Zf4MQy^#u%5&WbHj_erlCc>sHWxOU{T2pFY0_4%aV~SDp7)%fRh<9
zNIaDViRZ?!An|gHAm!kFovB3hZw(wo$y!3KNGBc-wIUVhFkc_cDU!v=+ZM?gbf?qq
zs}<c{rS5BJcTYw4^-^~n?M_j2-z;?>X^GwGitbb>xf9-CRShWJ1S+$H+N^%B3)f6u
zD|u<KAq&C}vxRLY4_;T|f?-R-8Mq8}Ed3o`%KmStfh)Ey3}jyhnE;UQFvx4eLEgb2
zTL9z&2ALiXa#o$p5O*hooDdH3`8t^)?j{CVQm4>&Wbqm58{$>S@HI|70C+%$zpZbS
zW_HcwRC9E`_SI?001ZDed?QsDwi1G3^6Ae!A$_G7%@OOkQi|!ADtz^)pGG3X&mzG-
z8p-^5N4siQsfzx`RlDZ0uZ);CCrt}kQxx$Zb3@`kLhOr#1-VpW$%(BJr-h<OVx5NW
zYOz{~u4JTIOqz44MV`G?N@DI1!}xPjjL62*V#IPNx)M)}+)%k9Mro)FYmj^?Cd7ES
zFb0i>&4P@F=Q{@(ByWmjkenPk=jfQQM$R(DoP^bSk<}7io*Gn>jc8D152|>NnBMyn
z+-Skz;Vie;$Z~siu30gdOfBa3vZq?SQXKdZ9hk=knxuh+%7K(MLLDS>ho+D_d|MrI
zhtI3=4todPVO6Iflj}`%PIJhdGehSrq;uXDH0Q&eg3_M7btnL(iizts_gT<>Z(E2d
zo`5j!?REHIZS2AJ+OA^uRl>_Z!{H;7LzdJmbV*R<fh=ig(2{=YC@qO0WAU^)_RRCt
z)NY(R-clW3s<xD7#SpmIfaQ2pNba?yV!xpd#B6|F_{=1k<@jBQ*LbupP=5g+zLg*d
zIz0~%Z!w5C2Jzk`nQi%1fSAN;IK(rECnw2ryB7k)zZpa`1~G*~i1)exV00+kH;@9Z
zn}2T|H3u{ZRK$SLu)X_UYS?aBC)v6ySyP`t(;C+F3>p_?{>$hRl8W~`T0%aO9+Q!r
zH~U5>)p$$r<u_vdmJ*J@_)XN!04x`x&w~-$kGV{C5QH2=V$qdAc{OBuP|Ji6&6-M}
z0{E06A&LthaZtQpSNbLS<voBZC(&`Exv<u;kieRwf+gGHK2#Nm-W&})L6iYN4>3I}
z6;2yES^zguA9)CH0gS6YQ@sBX$WXC`zgZ?|jpjU=vE)0v7F{~Df?@z}gyAwbg51wQ
zKtNe&0@W6}5V*WhIQss;w?I!Lx$bVTEzAvPFBy9(*k1C$9~bLiAiquIw~73Qv=pKR
zW)h7pCz*2(PDWFOt2&kFMXBB+U#L`)Kc_|0u4oU5>5BG{*sd)9<u18B<e3K|+C!w=
zSNVA^dzeDa@?ReavUezQ!yYMuv=nkj+4}0Vw$uojWuVy)b0AeySg<!v#b@h@00YTp
z)E;3a8V4B7`yN82(iq<U@L3VFKlJ$lZ3{-pw$Nq=vn`DNNwh62nMZ94rStaqmG&z6
zln;ng9{fHI5@n52rb794nyH}uskJ;&_Uw<;Nsz>*?><kKp9Yy6)IMPpQpZPYpKz-J
z_6d;CGEqY76vnLJoGG~XGLwRlh-^kMD}ag~FWgNo=Su*^{LBIR3@==%{%krV-zjuv
zvL0Otgbw@Gh%w!d$o+>c)K{Rs`d1g!SI>26$iMFx3%Y7*Bwh7N(d#}UR8Q6WjACyN
zkkZyjN@>pEeAKCa3RS6IbcU)_`WSG)Ck7nwSBKSSoG<xShluR=$$jT@H&c;4*B{^~
zlK){?S4A}S#(zV7E0Y*XJ>m$_Ya%!zypHhlvNFf8BU-NRmhA9FVI<f<oT*b8XF5J?
z=yYnU(Arin0e*qRB=c`*U9zm-(g<e%HfNhC;z$eb6$?UHF*4)={Lex8jLE)-nCJPW
zG2nTIfIP{Y?EWISREnohD-I*g`r_V~kcMnQ;rDxChu6R!h`@l@-k|x9aJe9Q-z6m9
zw^P*lz9={FIYyxSqz`F6q3y;XfAPy5k)A)_5$XBAI<oxVJLL3yQ+`zWzyHp^T=~Bb
zN6!C!HDdnnG%5dgW&`=Z4~zM~-%&cdW#*;l|2`zk|NY2-^y*y$(yR9j7nuM1(B;Vg
zZ51y6w{>Irzo(mAV*YR5rRD$T{q6a`Q!hjQ?|1ESzwB&}`(;;qCjX3-@0WH3(dPdK
zM5BBHR!BvoaP_EigQcW*?rBI$8a9QV-QrHu+dKsZ>ZER4oramaHup4kW=nfKv&GYH
z<99U3;ru8Jtgv||n!%|}0O_$U(upnE`)CBlu2B$MF_EJaa|Do{*5XLOgIWm0-6MdE
zXXOL35XmebB(r1N;?N-vnR=33RtVer<X)613WIYA+?6m_yVj73$^tSr@1ScvKt(cP
z=`txGV=HSaS=NP}-zTgr7vnJw%wX{t&y_P-Zqc`t1XRrkdtODP{LV=EmCXYAl^rk_
z5dtm>g}ryHA|2`wDc%CZ(L(bP$ukm0j|`WO_&#(E94Urkv=Bovg#E*0seY-{-3wlR
zncSBzxoN;gCb+jT`43_>3JGi>P49d8Ze@C3Vo-Wt(jNK-<+**|M-~O&ofMqg2Z4j$
zZUN7U_aVPOI6oKSGuqJjj5ahrqfHd~eXl>G$nSgZ8AX1dpbzBVjl?HpiBwuzO1{et
zn|x;wyE7%5XQA+jDnjO6{zPTw-JUb)(PiG11!vw(kuvXW>)Wcl`2qPkaQ<04g}nIm
z(+YX<njifBs<ff1@tAcNNpf8MKm+wsb48PDotSTTyOkf2A7akh7HZD=L><=FsgIY;
zSsA?3m{C$=bN5Ju6s`LVm;r+MS(?N$njV%eK>W!@jyH?(GRy+Et_Uq~m?8GNb1Oc=
zmNvdeqJ^KFTyo55@=b(aR^C}C)}LV`XS0zA2N_*XGp)EOi+_nLqv0><2jVFqFpJr9
zY?2i5@)!ZL&E^&|_{q6gcy%7UTu&iKD}vPk|KKxJWoj~;8A`2gg1n8u!<&<=cyP12
zlZSSF&_mnbM0#jevghn6r=4&5Km=Idgf2;Nk47_<*z4iQBjorZDoV7b^*F<&b4djm
z<<T7rj|IeVnEd-ZoLu(4bS2<q!Mc<XzxJQV=gQJvmV7Q<F_g>`bAfszzOj6ulAQmM
ze4w;ktEW#K6da|+DYH3pf6kjCYBTCDtm@q!&d=#qe}Pp63BJ~Np^&Gm7UCv%`tEU8
z&pSekRFd~;<I}&6xAC^Gby6A1s&Hi}?R--^xu8wG%|h;m^lr)WBy6#`DoC$4jtn9_
zv`FP1=bJ>(yPAWEBZvD!Fm50v=sHMpQ^foR=L5kA)Y7g)rba}O<#$ruERteIQ-T8d
zKu_7j<pV7|8?2vQU;B6E1ChB1tIjEeydW}HJ}n(HxG-3sOQ8B(0@dddSp09cTt59^
zRAcrzmWvQv?=Eb7(u7eB#V2jKR|D2Ki+gZze3D*_PujgPjtD7(^$?>ZS?oA|ni1rR
zM|P;>NjYM$YS?_5x_g<i&9NoOez)s0Ci6Z2rD(s~F_{|JHcxKIez#JbvfGv*``z5n
zs7A_tsj%Ord`X4MhuHM@PmW-}n>#LA``s#)+<q7Dn22g%OXOrdFnwaEZ&cVIAxH%h
zKHSJ8x^Ltby%xgaan#M}Z0qX?Pg=K~+V!wVTRh9zxo{)j-h09r`Qm9gX35AWT(waQ
zi|H$7|4{wP+Kk4hG^6n;%`S(%Z)}71zL62_eG&3;UcWok?AP)4^r*~!OMPV_X1{TA
zv!DBYYWA}R)lay)xk7^5`9wI6J130ZCG)uF3j1$^#JaS+XgulL^P@Tcmf9e$M#Pzd
zC^$Rd?uLZ3hAf4;#fwxy#TI7G32QBEU1tok7HS+%vNRtsXADv^8^`0K2~k!7Vbg;F
z6CzDGi(p3l>KCOMu}f}q7Lj!oVC&)w@ZUi}!O`HryMtB}oK4+OMsPzl8P|v#O5+$s
zeQl=j+}zhUsm6C}^qxTH<LJiII9C97k~~XWGd0S3iNXBrh4Uf)rE}5S8%2A`U}`hr
zA+j{bNJC%;8|C>dl>z(y9dXF7hQ=Yk8Wu<S)zuk_`l&-A*;4|n%S@V+gY75c`QgFF
zlRiTlGM=;_7nSj(4Ktq1_<|ZFKF>sphnZPC%wX|2_ZeC|%nFM~GO&$5wji}lmYphI
z$;=qnQUissesPx|dsQfZYBo+o<6`G+K>n00@uwXhQvOu7u{9hbZcw4>i6`_nNo^+C
zSAphi8c%uEXYBKX@q1`|yfR*P+{WN|*-NpPoQMl&FG&_m<1W}<@_tx*$xoXJ^SeGH
ztO3L<W0hv50i^UZnE@mjVp^#I#5k^D1Bh`meW6hrK;9V>Yyg2=6!i9l7(nFm-IKA%
zAD@Ut{>aBhWB({V6~@A0zC0F=WMM`m3&-ryN(;y7!<TO1c;Icx!jUesZ=`9I^>1AY
z`$ooBVBg4%XxaD{y&b{%AVKwmasv@VGJdu*n4jquey)m8JZM0Tf~T>%Cyu_Xa1hpW
ziK1T6kqOFrH;xW~q(Llj!-N0}ys#22>wZx3M6FdS(V{CE0&MY#@e2BSx%Bx#5%l?6
zn>D7-qblf3@Qo&FJyi>HnObO$u1rKXMC8F^FRVty?13Tvgdl!8DTJTi7BxQ&)(<gk
zhR;a`J(0kgsViY{a*+P_kUt&x=>zb=H<?I2Q2*<%$p5r9ny*rwWrnWt$W$vE)c=lf
z4eEa*8_iGIy*7M)%KEk8^HW}@?Iy@K(MsB)8HjM-O4Jt3x)0Nmp>{)ZgZkpukxaQu
z|Agh6^!<e8oAmw!HAu6hL0aBn8f4yQq6WF>F3K+F-zE7Q(Z3+_%buTw$uH4T{m(2M
z7#pqrH$W}d{|4%cApj7?@Ls8bqkN~(K-DKzVpQrUDludgD3TY0yTU1nXMyWIwKh&V
z$~QtL38bh94^TJ_97`1;i{vMO8?;tTV3<O)J<Py$X|~7ov22OOcS_kFk5?e~G}HDB
zRwE+0G%Xo!fflexDNRecaD9{;9!4J>NFGnUTpxYv15qDc4fe`2vaE_3ABbrh&qJ3+
zmfSJ+1Mx21_3T*CkbH~t>8Q`b2hnHGr$^Rjb-H4B7g6S0oKiKGZ_!H~b-qPa$YiqA
zhWP07EnW<>D6Jy3;cFGmw`h&@j4Isssc~;nViTtR#n3SIFMb4fd&w&*dG-JvU4`9G
z(C$@=?v+yaMB4q4q8m=OijaE%xZ*t<K8fH^gd_s87vTsJ@3rCTX{6Q50{)+Um8$$b
z!=)RHmsj4H#2|-+gDkF>nGpst$SL)T^Nj-bgjVO`<Py{4j|SIc)K{V<0gohzwix5W
zT;z!1><5Z?e5Z}Z;y<erBkd2U#7O(=)gl2)mtyY6DGm-RQb!R~|6r)2X-s%W(;G*P
z%AooOA_dj=3!SsOI&4t=FvXmNbQt{+!q_9ncL!Gv@%xO*F!tT`G(QhSKbgm=`p#y7
zxbjcMsC%eTf+RJlx`<I%yj+BNkHMsbuP#y=xw?pJm(mfmYk(|9yc6u6H|v!#;_pZh
z<mto!#1Hk#`Xh@6$YR8QtCOO;G1_|2tu)%Yd!VToYr5?s>W>U`v_o3VijeHbA|$u@
z?qZ=WPv0Cx5fV=qE$6QktB?c*VpoP(ekv)j#+gU{Y8_^vhcwj-Ohz$zXfgufF~V5)
zi3%asbs(nVcMTROsp8Z>B89{iAL^qC4a$zV2(5FTZ#Bq=!STi+{*BRRE;inn;~}FM
zjzk)4LJ^aPOyV3fO^qIG)~(G-)~y|!T$+<ynn}K8rI24Kr8z03nJF@R(b-cd-~M?D
z<=c~|sC;{}w<7+yUnBKR0unDr{*k-Q%EJ&GcUB?!H<kP=;@k`7q6V~}lzu>6wdw`Z
ziNFi+L}0FZ!AmOoANeXC6<-;mA6ebIt?(R01JudB4H=-G$=0ZBo&vqiJyTzuW}vgD
z8F5Bxmd6Mkv`h7<PQzj;1U8ihhP0u9A?;SbPh)ki>jSD_CP(d3vpLu+1#hBViX-j0
ztUVXnvuQigbu;r=dmgmkMBDR7JB#R<oe%AuX?s3tFJ$e7&>l<M3rYJ_);<;5eJinj
zDrqlb?M2YOi?$b8`T6kFX*f3)$%ft!uov^h2ta87pp*eTO#w<Nz>)yK5(Y4h0AO(u
zH?1`3K0<I>s5=!$xLJ3NSR8-tQta~!ns?!qyOz@Vmf^>u*ANfzxM<GJ!>^!XF-L?R
zAJU32nprF+>9}zAO==x%#k#yRy9DBIbA^vz6yuXphq3siH(q3##_wyWE9u%{5$eTk
z`ZZl86zQ>E%me8}g$1)tq<S&AV_ChJ)JXMWdX8oFVy=XTf~C~))a>aK!k3I0za)Y^
z&a4SnFQzMbsKWC}tSC(JF-KNvpmv>uiUH3`V!%2{kJ%^bG3Qlc>fV)Nl6)%7+w+4s
zHxUx%_hJ6sbk3D+64e||QcYG7-XgrQf~h(S30y9L6IGpD3GQWpo3lcc`>8-MJ&(YO
z>Q0^ny98i|tq>Ifj>6^>SZzpz)f|AmZiSe@eJzD8B(P%Ae4zyUAi$n06EnIs6m}|s
zH8R+#66~D-yPd+O>WU9h!Jvr1rZU(f3DyR%uK+CMq?IG+TG(3ivQ0?wX!&>iDvs$5
zW2TTX>`@mx)MCb?b12KXe@slD1QJQUYvKD3^t&Fu`{;Kgd_POSr>dBGF}{Sn%U1CI
zI-#hywv;XiGi~UCO63azF+%w9jX3eVco!M6gbj(2hAfc}DT5(z(jl0Tm`4u?q?;VK
zKB%W{gy-&+)?b_o3TkH{34gpTkp!{xYO19oeJDk`z;3m;9qV}+dtMIQcyT=IS&lu+
z1COB?)C=f&1$*Exc_@#xgr--q=~b0<M*S`Dsa83Q;4?-=i%Y<F4J%v--?b_Sj(!VA
z!(U~2r3D8G_4w;}+=Z4`I+Kp25$3;!^S;KeMpl8vC7|bZ?0G$~rs7Fh1rm#rx?N?`
z0(B*D{;Kz0z->iwrcH3Z`#0wTn)aWsiTe32=o)lB(6#3^ai79D;of1gu1{YRx8*y~
zb+4@J<=4brxD2|Svab2BiJNXQbj_D_O?*w<W3!>_IayckYivtRhMqE6&n>S>8>gfi
zvJ`KTSr<CKCL*z}_+#koT^Hy)|7rkTS3sw&F1TLRkfUf{xcw;F7qXA0EByf>{#z5x
zhyGb5=0o444xo-p9oV|>N?Fib)q%}=MGV`lx6zzuf`z)0Q89sC?ue1_q2$S!z>Z%P
z6L{%g#)wp2kaDPRixsK-!dQ{Y{}{`tJTMe7!Ma2f$lBhg31n^eY68*`objzI$spgo
zbDF@$9?6B+>_2T1VzXb-B!bQUi64Xg&;$jy(){7vkeTO&&io+GJScQ#vvOu}r$D|l
zR_=N<4$`EbrKfs8@h(m(-gR4?qIj1`j|PiFbK+2s!{aflRJo;`TJ)hyxzBkaYd@?B
zS^F*xj2|7kcE=CFYey3Ha~)g2k4@+Tkcw5S=Bi6M!eq;10dw3{BGhIE^(uub6`>ef
z6|WEhS2MuZDBuzqAd=gKBH*(O@MQ|POg<wJs3{`gV+`<h3b;-Nh-7-G2zW08TuuS^
z%4Z~~Tzs<#n9Ts+qJXs`ASFKrn%<os^3<P{A3o6npZe@roMCwkdG4{~xyJ;a`}zIy
z=N?PxSJio(yD((#;h}R|=-eyA%)KmRZbASZbndAkb9V@xTSMpmILzGXA#)Q7dKI0!
zC}i$^F(GqT$Kc!>!ptq~Q_c+}c*i-I`dKQ@1kL_@=<EyV>|cbL{R!plVzT*6dV$h#
z7Z@FSfh>A~Lt!q^J>&w&3a<VCXnPX)CW`JiO=;6|Y|0@KP@+_A1vUKuX$3T)rQJXR
z<q)fQpw)_kh>!pZa+nsn#$Z)cyl+MQyg&iDY&lv$JU~trL{!)i$|<E3X#Vfb%x-pb
z^ziS;?^m+BGdnxSn|HrA^aEwlKF}%h1BvtlhogL8<DT#j5OT7$jxc`6&xED?n>RR_
zAyRa<CW#4~lkZO$95dfvhdnuw`TiCrG$-F*rwXlg^1&W*;9urh%)C@bbx7=d4rwqH
z%b2wrR(Ok5Xvr#EO)C)em5LSmoud^}S%oC}0oZ4EV)1k5Y4H`T_;B}@j90K@@sF(d
zDpve0Ee2@sg~hE|8iX`f{9i0afbEK<gIH-gE1loHrA+mTld-~+tU?b~;UQXq0L<xH
zsIZw;xQ115&<bS1_hW@*qGM|?UE=#^Rp}Cc>DH3-PdQ6k#rtpZ{;kmcO1y7dr`&&x
z_i3T~SMc5zy7%J!ZK3<=ct1IGKMwDo3f+&!`}gXCD*0EoHxn&(-}FSTNvRqK6JKu-
z1}t`QJ8|?T#~l1V#Mf&YCRFUFPN=BOr#N+FWBC+8^iCUC9CS^g;xDFLgDc>zmeMQW
zq4v@%V0q%>$Q7_WJ?Is%JR|89usoPN1)6%ayWsUu^wr35=bp+q+nFjVl_A-~8^R}H
zHWj=fjM8)L29u&)A<Ok^MmLc1vB<_xsLBy*E2L!4{<tE3VmVjD|I*??YX*oBtr8r%
z<Ak8|$2Jx5Q#SJXTWi)D1b$!z@GAP6wefJdQSjN|G7g_Qd=vF##s?n9ZlDY^((W6g
zCpS6{Fv<5=o7~1>ZiNbR8PDO-^yI9L82J^jVN%t=!EzoC<)I9j>34NSRcN-*gp=dR
zsud5yP2$bYZ`upMQ+1;+6g2GxU<b}$ATNw*(&{3t6mO?*jBVl@fRFx5-<a6MHvmNy
z(>JCy<qd#QzO(?9@-xX>p3-IjD?wNf(f7)l@gCvxZ^Vz@d4c!~hwH1iOo-4|S2vPR
zRQx;PpXU?BRH8Jes4=?$pA^880(?>cPsZYtvG8OpJ{b#7rs0!m@MIc3nZ_H*w86vq
z^yF7By-guHPAFZ-N*A)n3u!Gvw22sP^O7??Y$6q{$xe}FetxMJe{7}mLmB|t>o25F
zPuWNG>B;+uKE35Ws!xBXv*!HgD;m|O(|mOB>%?EReOnzICcBJ$nc9%c$P2w1O&1<B
zRXAn=x3F~KpS}i2F8vZs7VzZX62h{83#i>`_bTxl!Ceo{=krUmN7_nrM@DhZw7*65
zxR(`m;mY!*2Sr(bJG(#A-`*lJ{q41{Q2lLD{}}q)PkzYZq~&!9a=z~d^|xiYjph5E
zkQ<TjTadmU*8F_m7F{&`?OiZO($Afhq~14Ce@eb&wxUb;h?8{&i#b`uU%|;D{#ts)
zyg5deW{=b=q+b6XrsILV%~nVi{Ra{JbOF`A)Wc+ZKI>8O1jWO|@-p!-5$N+#%)<op
zds4x82zxTDG<z5o+H%>G;icKbDGPWbdorRldjwThkSyZ8BlTBk(A*v^|7OxJL|+s4
z3(?o;e`$)oCeGc5xcCgke!1_*zPM-6@4rar6jtFgE~Nj!nf3>9L!xNvpvk|6<X3VA
zl`g>b1u4Cel@6=qjG<D4>m^cZVWq<>Ia8?A=$b=HFK4AAD!I&1DG;9rf=nznvKk{R
zxq?s)9bY_*>aztDK3au@kK~&a;bQ<3KAM?teB+HV<&XYbqR1bnx`bxPA1{AN<PYRc
zzcB%C`fk0#tA2*}i$nKs;C*@M{%O4bK6F0|@Aqr`Ga~rg(U<=3`P&!mP2q0=Gu-65
z8}S42mK3Df!(w|&0^bNsV~%)stKai`oS>^9jAR^nR#$OY?*U0zw^q<?wpAR9w|Nf5
zIdy03x?N5n5K$Poi!PG$Yed8=cq8KP8p|L4(vjxVd*mMN-XQ`~2tgc7sDyV2p%mia
ze1gpQrGtTD3_+w8qOrK&FWyDyYujCfzP8&%>1%d-HGO@rQ!IZ>IbD{<Ukr(<Oi3SP
zuX+a<7GX{&LPz(*aLWzE;9MyQ*WhUg_0fGWse|~<KI(w!%{D_Fv+BI7i2NxpUlUKG
z-KtDdn`h;du8OY@<=0mES3YzN^RN8#8Fs8y=LM7`jvz14@p$hfv0PU4d$V8^iDxK!
zC<0698)`x)NFYykF^K7@1`6U2IHo_L!+_HPO3=S8!JBIq^UO(ig)+1x&@rgfw9pWk
z8+xEG8PTo>7Gr+*-**sv{PPZikAK;r_0I$NsmU|yTtfx#T_(Zv2e7GnZ+<OmU#RQb
zHF6Z$aFyGeAnKJk%20}zu7NA%$~Qz7Gheqs-9xEw1W*69%g|-MXDF=fKas9xQ9ku$
zV5QnUjDPwr=0Kmwk_mU4iSA)%{CV2*FJk&@nF$pt3i)6?%{9RXtAq>lZJIG9im%jF
zRT}>**UQ8gi6kv69Aai!LQO17=;RTq451;{q(@XSUSY0D(x+5oBs(5uc2c<}bthq7
z4JLz}@=V|W^Dz3ZE%h+ESB^hua(H*UMLKsUk}u~b;+~V863>Fk{h2AvNi$U;6ryKQ
z*dYvZ&@wdVH)`^G0lEO3$qtQ^dXNmHEE*<*IQv~1>!7!O(#$6lLdUb1!!o|bK0R(%
zT4;-{{3rQ#X#AKr&+Hvy7KfSvBdO$-jBNy;UcHUr)9%}t|4$oD{+$m0@AzgJziw{d
z7=D$mY81boo)>a(kBDW~oDUd*Z?8@Z;oH}rlJRZ(jHvkb!c}to^HU7pemtMz+dnK}
z_?CBd!eGT4(Pwx9Mhd#nDK`PVi}KQ%gh`KIiE!Hxw!W5O>+4I^*!o$Dt<j<QDQ|A7
zn3sw!!gB*p$}qD@!!LjMBf-ya|48ujJ3ltyKi!m2;Njuk$!*-mfb0kDw!^)PXTTxE
zMAGkFp>{|HG~Ib|Q=)&{xZevb*5c&}a$pnsCBr&-r%|`vQ8XSp20o5+_agGZ-IVhW
z9r(DNQ~Sy4!u(_jUVUDt!K(%(`*LgIgssWG?0SQ|;-;^pvR91CD@4N3yrQFdDWXyX
zUj#Ln8O6)>;)*aY*B<iOcRJdQw1|Y$uW7pxq6)#-4y)T1QK}$2n_k{t<!t&jh6Z>W
zNfG>0eG~Es|K5~J*+EsZ;Rjk#8dFfOIJS;rkEVqlWwS>|>cjj2nnaIyO}@inj1Ya6
z+#EuLNpH<jl(HnzM!dWAB7-}PG+U5N(!!<2s%voV2AY=E5KZfl%;NLH`Tz3~=k0a+
zU&kw7yoK`fTPQ!jh0>qN1~vV;xor%689c$bEi3%y!*2onj)mWed<t<kts+jQlrTk!
zN7Sg$PNX!XLK|^eJlBBw3?8Em39DEf-a?D5W_`S?g?C(LAR$Nm%k!7s?t=*u<5Tfi
zJ`lz4@?40U)y{#j6NhSr!W}}=F1z?Rhn`W#h$${(o9LJ76ZZsd;)G1tfEMwv;LFa$
zuq^0PEw(T4Ime;dOl-n)K`-!*TA|`VoRqfO%-MYttW2e6g+AruNdx56Kda#DaLat$
zC&#3_l9W^b3ZT+hJb!@b`wE~U{B>9ZJfoDAMD=}ww_hqM{4V}BK~`8H3kC=xcOqeG
zQlWFxP%(51Af^B;|Ky2ymsCnLfuxT6S5hDKw75K|fyG~{w6=+JsqQ)=V;y{1y4*+A
zgmuG+Cn)y+;V0lbn8nWSeH`$0RlKV`nNH8FTF#AxrB*sW7sxff{s$%C(#m07)cGLu
zrK_jN`bJ~Ae7@imrf*y`mlFG$v>5uvfva*jNjRwJ8^<`jlM7<$8_oY|Oy5|a5utCK
zDB1frrf;MQ4$l#j9Oj11PEIQDS8kINKnHCquJnQ437G>+s@*;OZ;_1*6$s<y<w#|@
zqI=gs@q!H?7V5el!vieDwVng|Me+Q=5t(?>0LKp;+z&OF4qsvB0AG)*v;6dU1-lRP
zTvsA^3gXE{@pe9EySt5Nzur-}!I4xch<ySEn>RkyCSr21DGZLQ;)R8Ruip~@%_r=z
z5fFllR+v#;Do}N)6%WV&XnfO){)P!8Cm#jWDFwuF)YqZIJSZwl2zkQZN(uQ+PFAG$
zRh+NxSB{`?DS<I_l)#v$b+WJ2Yt$o_It;?6xl#}Q&(74iM)sb1h6{O5y}`-eQ?AxF
z>NZW?qqS;Teg#0ywknlc7UPLcnt0-H)vT)2U)6=EXD6cfDynA(Nxl2Z>REC&-!Sa*
zQ>4pJg}PUKH}fX+krE#la`hUDO4nP6`{s;PgEXp`Xm%&kCN~gc-1KSa086#O38zUU
zQ#@b11j(_9zBPuZ>9eQNl9x!PQL??MqdDaSo}!P7$>U;9j$53?d^Jl+*Gf6I9L0~Y
z=OTG7a`LHGh3xs0<T?IN+}bdV%YPgE2b4J8$}gxC{en0n)hK-#w}*@kuvnsh#05=0
z>`KB9*KHvD@VO09^v5B3!Su%fM!V&{6L(wk^~)6~>aW09fiC1|H&21Bw^awFtX3VA
z@-y+(&9%U8D{dJ_f)g@J%K4|0$w3~+2YP1;7~p<`(^q6g-D6qo`1bakqQFf|*TlEO
zzUUJt?~5ViD-*_`lKXDB_7iWOte*Vbd-TX1&c|sGe7U;Hgb-)DTXn7o?0C9_XNj{M
zyqKk@CNo^c$^>I+E=V(#al|WQpIqk(R>w=~nB+QS&DY75jI5GKDy4-g0URxoE1e^U
zpUf{-x@l3mIZE42+4JL3`PCoeX!}o*_VYvS1AyHrS6ay`JxMA}W0mABl`U6$msP`E
zRaBKQTUVMJ2Nf0XpeyByUfSO>+TS>+TdGrfyh*3&F$0AXJm?JYD5jmOflH@vW~NPC
z4**aGO-{jB5eqCeu$i?4>;5pPu+@jG@r82ZlT8XoAKU<KJG1_BSNK1=(8%!~Q??Lg
zjnqxolEWhxo<pRACWa0n`1;_=WQKhf(=%J9Apl+!sxbG;WCmoe8=><B!~u%zuO|6F
zT^ZB<u;I&S{!hOr{KHHQZC*tgra{rd(3HbYo@`2`j!csIO{xke<J|h^Q(q@(8M|M`
z?muAn-?IA`+5LWYKabs?X7^Lsy_q^MN%yn+-t7JscJE;KdF=ka3laHYBkU)gTQvPN
z*Xb7NRZB8vNwk36b3k8HL6``*w<0I%D4Z@hbaf8haZReogAQM>e3C8_Q!L8qB6}98
z^F`i#LElKeNKCQ#kMl)ls^py}if=%YX!^)lx<r3A(M)6)z_7=_6cj{1hqgBxa426#
z4=L}urus{{sks?L!l}R1DNgp6>cIS^(Eo=J-WUhZ62p?78k;Ko@hWRm3)$L~K&?#<
z-AT-EDegp166A>nl4^-i4IP@8Uy9S`O3=dyPsrX<UE%v>vAz$eHJZWdzH@rQ@kqB{
z-++e|bv9~E(<4litjA*>3ry+)jm2||p*yo<PX~1|+k||@0fNG{@^Y(ZBl3Iw-H5&H
zfvx|@KgNnrtVE!LCsxHjhWf^&06cjrCj#F%QQMvA4|1H=UY@d=`lqa>{wb@eysba0
zSIOId>6+-D5>4M5EkD=-T|?oSH7Rm<=H$rm%setBVWF9F8uj*wWmqb8<8%-Lymd*y
zZQo*K0g2;RVL+nnoMQJ*6;KkJ@+kFOh~ka1awe4%pUcLK=O7<G_<$@Q9`7XkqddUm
z!`G)#`EX~aSm)3G7dZX2-A(gH;Zhru5BGJ8;*XMkUGx1>(AX5|kMaXdi!|tLk|N%d
zBWn~dkVNVGYvm(rdQGD<s1<DHehkAsyQ10tCN;b|br-sO;DN7xchr34U#}qi`r;LY
zUthAKVSkUBJea7CvR{NQ#FL!7MDdHbL2=4%5<jy1lGx|3e-wouG3;rMKg5&Iwcr|{
zzpq?K_@DbP>`H5l-VpGkUJIKo4d!@?K;<u=);Dl|`S^tq`JFB_f=@5r(tLc1(cAPa
z_#r|F5zzC=Z(UCC<M8DKKaN;V@#7z-)cA2jeRk9EV^!Wzf+oZ9W4Q9s#TtyReB9aU
z-|^o&>V^&e!09Bl|K6ZwQT_KuxTyagzbreyh<Wf0x0U7&kAgGjJxX!rT{m_K&v%+H
z9llq_pPzSN_;c6241eA^nc~kEI>f-AxSu3xThs7o`K68F&(|-Ff<OJ~&Bvd|qvFq}
zVa}xFzZLw+yQq?MJQcN{<zyAq%S;_Y{r1osPK!t9e+a|=;;Uxk(NB}LetWH@F6mUz
zcg>|fdow1fefB0q`0N#h`|Oq6hM4${2!Fg5__%$ve2R0vBKY~SuLypg{#Dcb@wyWG
zTOZ<&H<ZlU{S-U9XZn|M%<nEf<acLO``v9Kr8S)5cV|-j-BGVRiBtUUEGoY_*Gn>O
zNDR@2ogEe0aHB#Snk=s_>==_ieDy&T`hf7=bo%h1Pw|&~`b08E3|6xL8{XH2?jOc`
zL$E=AxWQ-s_w;1m<xTX5<6U-@KitHto8b><t2h>?_`UrQ!|(0VWBNw&3wC)moc`1`
z>i@Rk|L^}sHX*-saK5c{2yRBQ1>t@e+~ZaxXaep50}nxTp{7?Uizz?9nDX<BDZT1h
zt)^Ey&NM==FeiRdRbBz(=wtgYu?CCJG(@kiO!#-`)r}7WLjC%vhF-n=d4%~%P|Q#H
zh~suoV&*48$ew(N5;B$fDIbVh0TQ)>&}O5QZ1p5c$)4|{oOg8iPKEz(Bh#-tW&VFW
z<Nw>lpkMdBgZ%%NCi4HLM*07a(fI#v&8J^&qxz%&@DTF<)s54yRT}zrYiahaTKYBN
zZ5Z~6Pn%7@j_Skd*X@^U>DQ`p;q(i$vSZp2YMB`St8AILUGY=jIFY==C|nMsa0R8=
z1(d>NA}Q+|LE-*Dng1m9IM?`_e@6YyKcoKUpEZTP#S{9bWAtqZ_5EY??eR$ZR-o}K
z*SR*yG)k4U_CG1fbPX1hSNAaTcB_W?#kpR_xsgxMVXvMs{=ec;mm6c!H}{*-<ex3g
zl7HqZ^zF05TKe_|-gj)6o=rdgzo%!*Iyae~-K(N!Z+44K&ro$ms^v@K-dJiYLiV;w
zK=@>8XV+EXX**F!T~CSP|8W0~*Td=C&yCTyuh;xP;<;!nR|=(Y1wg?HfP&%HBZvd;
zZ-skAATmXZl=olyn9#RpKPL3;xsNG*8*xxg-%cNGqC8fammf8seK>u4_h>`(EjOtD
zSLoZFV*%mrIi#U)D?W@WkF6_W^4L<~4oY+LqljVLcuKr>Tab9k@>i!@W%^|?F#45v
zE2Cfg?xXbUB0~)Nb;nD9$j5GI8vU}SG)BKJO^HIk9_Z41`t@N{`HR0Frt`^z3jNZ%
zt|aKQt(vCXAsM<bnqrV;A1(D7yATH5b5XOYm*s+<<T^9m7ot(_R|9Wr$%+H1&FGN7
zbL-1KB=n@yhlHMV{;+BC67?d#n$ZwjU<#oE>lhWt$Lt?*p@bPa*G`#)TppqW$C4E~
z(1+21CgK0&nE3yi7o*|-%4XsJ*&+P@C*b>QH27X)kEa-4Jp3<V{2M|TUyJXnIy8pw
z<%45-k-5H{!1WiGG+?T*`*Lwz;xK+YgucVfkq;lxhwD?q@wwy8aD2Y`d?WbWzx>~q
zSJd*zu=feR9`ruJ*Mr|@@vr+e`ZIqM<dJpq`F2t8bFsf6{QUmee+NIWxd;8<4ruUm
zr+1^`=WcgX{EVSYC}Kpx&tr-xe$MQ!#?Lp5l<{*}9K+97jb!-w#xWE>Pl<~qUn~Gr
zweg##;paD7Hin;Pwv2+GH(k_x{QOf?{QNM?k#u;!f}ayzmk=y=H<d5uG5LZ-M~oE1
zgIOPa4#xWG+s#JHFP+hc2^EPKF#_-m6%g*fOD$A98m<&8c?ePV!w~`ko@nIH2!`hm
z`}!SfpLmDbC*ElqKEIeq2|ek2Fswe!|A{Oabk#*i?D4MeNI6ejxkrr@d_o*1bc$0_
zTa|N~)K&yRy&)5WZXsfDApW1)Ll(uy_Rn}G3O%U(raAQBvB!`eG?-w;98@J(d2AmL
zjjbV};X%Cry`ItADD=br=l`01%;TFzKN6|iBBLLVbZmfrH~@G&m5hYs94C;_MJU8r
z$;PbeVMHeR*M{sdUET?&FUgJ37jf~wAuq(12X1|n+GpOR_L(<X{O8YV`tsgy*)igk
zD)Y=B05lMv^dNh+f%wl;`bOhFN6`2r;MUE+tt$bb(c(X$H6{MDK#Bi6zcXt5Csro$
zpSQ^IpSQ92Px1o#vYh#Gk)B^rzAi*BSUjk$3Gtx0EW&8}2z7)}BA`QaX%hoN(@*M^
zXtgg;Kluj1hskdceAx1h=<%SASn;4&%b`RLZ9FJ0q&h;gOQ4%vvrkwV3o^2v(5oXs
zmp_gnMwU>B(RGm_M&Tb>7FeSVHyRrj2HGWuhJof22H&dHpW-CT@t<7?*1yvZB$MDl
z7wl+N?B^}v(LS>#kVv27a-`2)w#tNL0M599rA2b2&vibG^f_p!PK<G`w;fqMr`!x=
zBhL)AjR1%`!h5oBx}FM!^3<qNZlYVAd;WxU%YMv%UrEX1AVjwBQ&b|g-a|?PuQVrK
zhUACWyE+mu>XK2;lC5K0%HzBAaunyJUHZl|#FLCgs`vZv(sN<@YZ|XPlErI2rH<G9
zPs8z={iW~o6I7C-xwNSPn^ztSZGjd4I9?Oi4M@JZbf~$ML~K%dvEmhi|5m(0@ZZW;
z82;O#@!$ECAhAZy_Y?Cn;g9gz0@3})_UDP<zkh8||9@03A5nxyaWP)IJ)p`|#%rf}
zrsIKsz-QyZa-(jiDZRhnnS^-M!p<hLU|?4A5Q0ik1j%I2Gx7OJCwUI^INQpeTk-kN
z^tqLiloY~|7r=vpC>;5ae8Ol;?|1FOh0YsN$A4DqsUM?jI61~BQyNDvtkOMrp*;mK
z_(Kvy-y3Rn()0h|S2Lg5^Nj8s8F~KSs1Z3{JkaYd6NZysXA4$p)+6}+z>*p(|N4fR
z*WxEz)dhpVu}c9n?Y~@@GRQmQ6!7%lONY;r8V5y*fNR8gq@!3UbHr(X6}JJm-fu^e
zeA?eluA2zvDx}<c2`5_v-r;0t_X<w-iQmMr%rq@e0$tB7ILW7E7c_12_yc+_=7ECf
zQ!e#!%BhQ|)0`)ns^gV1<?TCN;+=9H<2z_QtLk_qt6Xn_bjTqmHNJ_|%N3Y3VC0MY
z&?ouKfMDiJy31_8oKtv_L+%dhs{P|tMLvhzgI}=dQB~0-<)fR?5m+pe_qTl^J>O^{
zJ>O_ynEVj!Ji?3G%jXd$^2LYf)azXKSZ5M;V}}m%B_}C!6n-vYhrlSMN;e%7ma_3M
z%xKMBqSXB+qB%VDh!vib#XIbmwc&m}8?9fN(67stD(h%-nJ%9C1_BDpCMYcG$%#3B
zz2@Y^mF^rlU`IJU(f<m5)zkkCTK2A{>`hwcp=BRx$}o#=^n(}qk}6zxbe4#$;6GX)
z?J*9DFS$yFGVQsIL*-+Rq{V&PbAD@mc!kI1(~YEOu)>6h3h&8>8c7qe!VC4W@>R(4
zsTm}~OppjoAQ6_ulm}Iosf9I3iaf}0ht6%M7~&-bLoi$c8|p_+o-9ehDVdt{iAr_a
zQ;;K1jhv%XWpHJAqIEc(og#BB8;Zj-P{Ss?U(T<zf_!<1P|2C8!#)+GXR0DIC}yCz
zVoE+cKl$x!IcCWsH#LhkRZz)g2qLk`C53{tU>KPZ!`Q<`45N}j#SM|euz4a5bmogU
z(qz=uh?ZZEY?;K~L`$T7=m|~Bq44i%s_^eHG5x0pL*d_;D7D+pWQN{a;|_R>9Yw^P
zY@~Qv3_ZRGi|s*emf62{sLz|$A%dLONI1nk^(rNR`+E@juMa5!?!$W$OZG3GugMo<
zhA`C`n}Ms#SbV})TN;c{IO3X)2XQuoS^j_!&6JGtK+kY~vdJ8>ALIYnfu1+HY>Ra6
zn-|5oXDnhQd=YHV&G>6{bq3izUlm?Hr-GcEP0#oA4M|#LcJKpFL_5KA)wg=C>8FGi
zL)FZtRAnTbM2<9}IzZj^w7L*u6pH`@p(UA`7h>x_o~n(|uh;z3^G5NUQMk9jH9c$8
zn+r_HP%H5JR>FrHG41700r_#L1B@#$t=^#p^f09%1uXwndKuyWFE1nff44Hm|8LUp
z|35UOU$4ru5?)`<UlPvTfAB*?%)R{pz&26ujc7>0E=R<pn0OF_uYpfzd^y$oD9KtH
z&e!tT0a-s{9PPhkXado8+!xpxjK;4!4-kIcDE&Qz=||29R6o*_yur!m{5+P!`O6k1
za3STjH#ZG-MOWArcfqbGS`_boXpzC~T4Z!jUt~s=^pG5JaE_vq&PJ8=OlU?*dP=2|
zHiQ%m(e%;&R=?|kpB`cn2U`ICUxv$G;^1D3;$6?dWu`bdbCJRI6kPTb2ls=GSOS+;
zaj<m}kV!lX#6Ke#;g2$BKJ~YpPyH?DNAindXH~c#qSW>!h1zaVIQSC^eZE8qX0_vS
zGGTu1kIH)8l&jG0LG-%jj}lZgJD<>O<hGC$_90P^K)A`l3kF3yZPSHor{h$#IEB8|
zi@s%4-m*lz1qh<A{8oVK!ZYbxCgrWJ5pMyW;N`bA(6{>0x6I00Z6e+R+W&`qFvJ`5
zEh~L1O?m4A7ycG72Fv8P9;I*P(6=ngTSv5S(Mjh^<{^oEI|}UuX=!v}qw4WD7-ej*
z(&tU7RMC`5+nQ48kET@mTTRm6t^^YP^#z5bKa2Ojh3=og`xYURKMC)<hwkse`(dH`
z;dno_J{T#V6RSYaElsitcn7D|RNUkm2wZ_XzosJ2Jr08$$>~8g6|kS)A{R#LGFMY!
z#w;&`b7G|4W;%N4-Dv;h^?=C=M*tz+j8#<;hq@o3DtyZIJe2o}SsqVM4}v<GG3x;Q
z-$m>6i&@7=UFM*UHD(<^5?9DhbPe09TMY@Pr;pV&Vo%6=`5)P<t-yH`f+L8?G^p&;
zBDGJ8)IKe;__wuc`gz}Gwf+qLx~TKVM5@DjZ*GWUcKk)pfp~5cCn(kemG`Pi@m@8f
zG4kgD%zM>@cUuM!v$9F$y(%X=QyD+i@fIKTQO>{nb0@VYzu1S_laJci`FBtf(syC}
zs}2vRn{JYRtwn8-%Y-~)95Dc!rH%Ai{O7vSX#8DQ6fQ4D+JDKpr&RPybWJ9MZDS3k
z*}5%o7k&*Duhb&zt|e}pajyM=wm9q^He!*bQ?mtofrn_*x^`MO-rYWMG1mQ%)-@}p
zV+4ujpK3j6k6wvEV?F0f2B5NgiI(0zI*-uXN%IK3ojgxVZ;4%zD*5%UORe(hzb2{e
zU^c`gGO2pFWyk-j6c#Z~0iL^C&&lwoq31?25uM2dXOjuOO|h&#5~9B380W%KX<CXn
zxhUK&yc$<TKKzzR^P3MQQT@;RxCB_(B2@SZ6v`iTJspKSt-8HY^7NS6db_F|v2^IX
zSvuaPh-!2)5?xf?&?cjXOvg2W;Tbi7hsg?<0n<b|WVV+<2ol={9x@An2K;IbIi<Bm
zh>+lDC^vyLK;+r6b8HdGh|Iu8YZ|hzZn+SS4?jBpPvwgk`L#9`6MVO}nBcp0#T4JQ
zTdl@-y{lr|3-T;PSkU;NXtCd!%7(Dt#XA*aKukjbI^CF<F~AR>k=C!FmH^cJGeLpk
zs|fkvww+8qm}TOKq0b~uT`ue4`~ODu@V$SFE-zeyFB2s`RiyTZHwmU(-;ZL-^ZRH6
zfA8DL?0EzpF{_zpoyqrrPN?`@ufh+(?@Fp?Ugq#UQY(1%i*$l7#}E|woOOaXQ!1;&
zwLVc??%q>U&A(nAO&=dZrV;x1t=TXy|6Psx_*_g_a1kKw#E>kJ$YhD6Y-5w9k(t}W
z<6$r#j)&&Md4lG{c|wEVMrak!uU$A5tjRX&$&u!kaAX!YTE=6e{p)@r@b-`Oi>k=o
z%mY#Mix-paZd0(|10lZ>#DHINYWYLv?kC?FCVRNPp{Jg4YPmz^>L(9V)mE_Hi!l^p
zYj0@;^G%tHnN=F9@El3Kf@tx*m4Fue1r_G?dA!HSynj=l<r<*UWrgxjTqjMfi<wA)
zXtUgVkX_KbTLlEBUedd61n5Lw*Al_&D%u~!puJ+GU5KVz8uPWD@`r#!hcSEZc(mt6
zY?b$|uvO-)_&2x8h^-V~HUl4rpU2JgH*d`%`1s{n1RuXLi{fL?GBrNFVzt(PMVxAq
zbEt|_Elhtyv9$nC3PM)hF?i(mx+1MU|7Im6!`~sSU9qYmtX=pcDk}0cE-p^72zWL$
zOvby~+F<9}eYqw~YFJY3ZWov=?xlGS*(29IPT#|3%yW1VCSy?Y917m}R6)!PbiurQ
zp<IV;m+i(}hrsB~G>M1p-l-<c4+ozDBybv9HHW7;w2e1&(6cnwGYj<0f<0>kJ<FtN
z7TtVc9O)Iyx_Bqcx_GF;tc#^fcdN24+I@L&HPym;6D#TBl5wOrWMS;S2?8T^0`#oF
z=9!hx;nCbv1x#DG@GE4R^4PK8v&J~YgHq~s#A-bTo{uFbZF{Q5691cnQW7m18<xlj
z-7c=h|61A+@f?$Elj?%86Cs}JjfoIp=DnHGD{O-b=q36x*M(Ed6F2lw;@@^LdE%-b
za{OCw7XP+OmM1juMrDE`6G?`N`3KD;|De-bMDk<u#b{z<X$h$g+J6zO!a(saIsf2x
z^r{NwA2iGP2UBsQJABj4a{j?5btM0wIV}I+uCV-r2{vz{O}vf>9&#4Vi0p&X17=R?
zV+qEQsd_Z6;f#pWm5hiTbx|`S#_o|Nc8^9qK=L615VZy@C*TR(((omUWnS;fr+$O<
zm~6#t9y%r)?UfRDE%Ro%oF0*_n9M^*WMlR+Y4<e=oLYX0OraG8Ln{7+S8qWVo>2C^
zeyLKQCA)*T*)jLtEn&&|pxC4;-W)o}*FQL9E%)Eg{Hc(ieT?uYYab*0$-2j4*~if|
zvMAo&Rq*VuMOl(Kmc+X*t;){Cnx5(T+^nvFD_NcyTIxQ)YFn_FFgb!`npnrI>w3Pp
zj8j?H$24rkMlDcO>-rF-ijQN~^}f*D*l5jN%<8)H!z}Aba>0X9E#AX7Yc1ZJMxndg
zaK&mJ7zPi&BoFTlJ-j299UILrffpi615aqp%dLX4{W;~5_MHDhg#Gz?IYGB{ybDyg
zD%yDo+WfrUhtmK*%tv1ZM^@h{X|~G5WK3B-=K|r%uD6z^*}b{2)~;c=dUkO=X4el4
zmh(R^Mjy2*?OT&Ji+*wQ?9H=FjTO~sN~D&=seXrVT2N`w{h8BOWQP5U$+LxpPG67W
zFn%37beX-dRjQn2?>giSJ?rCbrHS@n6);DWehu_xJ^Aem(i2tnNn4>h>4&YfBQk*S
zj$+iTn6fnR2W)XGj{Z;8=-Wn)-l83SrZW0*U&y0x+pN)B*yuAgqc3aLc#nPlkH)KZ
zkSqf7kPmp*A@)k;pZ*+4go{|!<&%F^>Cih69{^Q4bpEM0beoS%iJow8*Z~=#(|%R$
z9pWO|!*uY_-sNHKEiF{qQ}=iNCdLfdD}Z=p)DZr0Ah$?2$d_YD1O&f9@EX-Vo|)Qg
z?&<KU|Ac*NaOhKZz`xF{)9#N0_oD4Qfuo7n&n~00&PsiOTy<J@@6zPZVI620@N>-e
z9?xn#Kx=3wz7MgcBKI(jidStNVr`7fiZm~L7*+UkPzw(6H&uN!NmKzz9;ARY!k0<C
z{!BtgQyNGz!b%@@g@+E^akN$YdKmz@%>S7z*$4ssx_ScL5WK@Bai`~d5L{|}y=pv_
z_KKqkf^MgvI}Qj>;6K}mns?ognEenvBs^znSkFT?aieVx9wjv^qg=D!y^ghs4)4gd
zywjWH^x7qd?t2?ZI0He#$paC`1~QHfgdC^0trNcO(CxH&He>0wJYV~5HqTlpJ)8h9
zK?(7#$SQY#3?i7To8Zk^n;6@S|2;^eRI(Zc!pv2IckmdMC0vNGgtJ`mM5(1Y<T930
zi%DFvymRW~sPV(EM%crX{{?$^9<_;w*}vg_4BU@_Yxv6>!{nz;lc+vx64hr-V)pNk
zH1gBp81`>jodqSCvKc(4zpF}E+WtjD!qWBYFy3sY5tx0&9L@v)v%M<U!bFrz&vXmb
zb)^Zu$?(@<^&j;?Y4^uT0PX9HviLy#?p1pTh2M7`LWA}?5?^Yeab(B;?i^wNUPts<
zX;hz;COz~XZJKcF`>&(M^Rz8gr)Azk`FYj*t;62G2H!_}`n%W3=bxmr^H08|jr{WM
zPL2NrwXZ*Zdk*KfhzS~f764yBpuZjalr(G^{YwwP*nj<qet_E5dk?%F&u<*x41@a0
z3VnEf!$)Ym!6P)@;E~4SuPjXel-5-J)AApZV&;Dvox`o*mY(eTwGRH1<6phaihmv0
zaQ?T?5}KTUH9O5wINgE?0=$FMwCP40j90p)VSUdr_a4N-;p&-+5A<A_te?qY`k7V1
zdeqN^Eqx_mR_XUenx!9f8!Y|m2b;0<<=^O|*$b0qM%oK`V|E%^2-9#&rtv9*(_+UL
zZJj{y%jO9LzkEA^<$rrm6TkX#O#O_?zrHGuNE#t`8*5blmbLlF#|@#FpVlZ^^pHAc
zrpe(Q2jcaHcvqTtoLU{zUDk|HcY3}A(^va3SAC9HtyR<PaQF&kHBGQlHO;v9)M^?u
zQ&O>Y0}8i)N7K{1bX!PI6Yku9&7~pdest#dW?OA&vW;>CL<6dej#soL2=TXLox|g$
z!|>ZRYnVU(yO*O!(sUDPu%*(Vi>R!tYDfFmrBXb1u2O^F!rI%rnzc7FMteyFX->h$
zu%{1^R^iFLtoc_-^HJrWF#SmzS$~q^$Esl}i6$vY>bQSTNwTiMEUO=Q7fo(+3*p$^
z#3VU`q^3b@tX0gm{&Q`@uPb8)1Gt^iwU;oBh8JZXF*}o3=8EB_pP1c`dNiTWy&vNQ
z!n6)=za7##913Y2q@TOU-uyjDq*DZbxOg0)FKx#W`qFNkhQ2VRLo!t(<e37A%$64I
zU@gnPaIlt@A{`migvY!&Rw!Bkda%~o+?;>sV6FeO4jru3p#L}#-uH7Pka<d4C6|m=
z6(+s*w3epZy+cej74a@7=C8MlKiIrO%z->+==ks3$(-huN#BW*xE4j%6e7A-^e2+*
zVVJ#Os4@2vAn0b#?|S61g~ClvU+UBByd(XTuJ*!?vPtJ^LEH+mRD7ucq+n;(p-KA!
zne5XU@aa&^NjssYY^$*d6@Kb}%xpEAr>qDZP(;_>;Sn+mIN84rm7F0Txo^3~{My%Z
z5pLUG;39EtBi*(wH-|ffvj`cRcS<JnQeSmz9m|h3o)+|D1)kBQz`z`B(F%sKHj%z<
zcwS_L6^t+L9gOK3zPw-PyhwEJHY}2l3&7(b{C5)hvmra!Gm0JTwKtPF|5&064B_Ku
z3zLU-Byrxs#+nM=bsaix-GGi;cO%%$sHrdzvz0Zri&lHtMeE1c(bstdTQnkTf+!iD
zAYO6TdLzsgYtCBYj!dc`{1=D0VQI?&cJ7lgSp)u6Ga}CK`snOGmCr)<t0B~e<;7^b
zp_w#pa7ZTLcJENDm}eD-SXKT8XYV8Y)5-e?|8(j;mjB~b4gd76#@|4kYHsNKNV~X`
zgkH<Z#OJ*m#wlr%iGTQ&o=SV!Mu#}v4BV%Qb9E$~Ca{OVeF|4lujDbWCvnULr-AtF
zy02va0weV=FiIU4%Kim=*H9^F$C~K=1*^Xz@|2OvQ$}g;i_E{^-Y$&(vj!Hdq5cJG
zdC5eXX5w!Q-F_w&?f<VOHJw3z<I9NrF&IC3FQH#6?j`hV<-Jkt`zEUTHcG4aqJ2Ni
zlwZ3<&ozMWO-!CLHdUS)yEY_GHC;}+CllnPvgX^rjgG>p7-nmXw14-FVgG*dTx0g{
z0IK&8!GsG%|9zP(fyTcB_pC*ZN3JLK>#(JM|8iLBidUMk)L$;v6a8BF{)Rmb`+BI6
zx-kwhMv-^ExQFc5kM1G+_2YZk`L7GvemyRTqhQmu9{xUVx;AiU3~4w}!67gO2b5$o
z4Mw;>r+Q0#v=~|Dm8i;<F71fHv@4h6bz6E}j@Jor?eH$yh(ZpmixKUT2U>8%K6&-U
zZL#b}R+eF_$;Gx&SdxY;MjyVJsJ=iYi!@<D5(!n1{<<`Qyj*Q+E9*m)^BPh(vJ=~`
zq&qR0{l>v>QCVpGZQmo~r-L>MEZ6}G)6nS@eyt?fSR7RVzhmHcBK%Gh#1~3QwHM0h
z&zpqRs-QCB{Ljh5`OE1Kj-5}Li^Hy(yPKo`RL-56^?2f)X#LUDMt(=B|Lp7P`U=0Q
zl%I^+UK7U$y;hA6?iSIz<@Bzc-u<W<`)+bKcfUN&u>Rij8ilv2T$aLvy@#>!L(EK`
zEFwWB>%#Vz2HtM?T+gAY4uRz|HLzUvIgMkHHg=)F@#94Z9C%P7wfk9~MdcZ)?2?F#
zXMQ#*9C&<Ps7h_eatbuxvEL2L89h+J&zmv!Px$m!<&GuDu_|{=L+c;+Rzvdxe`%C%
z56Kk1#`Y+}9Ws)B)moX0i4e<>nG>=)PU%<43CP|Q?qpnEGO)XZDMmuq5aauE;DC4v
zc{AOM$(*<^uvF7u-k87}c|IkPPiX`EgAoxg@DK1e#OTd6d54-nNP<2`!sFX-#2lXt
z>zetP^hz}Nj)aG+KP4jj80oFHh-4;@RWOV-fnu1A?X_@V7*-cl!-1(RDLnGO1$o3U
zG_L<r7XQzFzhb|iz;BH8{Lh<B-G8B}7z5SDvZ-MFozmXrjm{t2Ln;7M<GXv_h}EA^
zQx<rf8SDG6HwvGOa1@b7SiYKw^?K~TWW5CGgpp)k$d@E~Q6T+BFUCka>BU&-J9;ru
zT2C*gNh`_4N(2V!GkQ&O2)skD5o<{=8VR{s$ViF?OPu?dVTrd*6ia;6wyg#$B+rk)
z3R6uKD}3`MUG-&O?hHo2_kdR#!3UukgH<1rj}d@m$;BaK;cp`R0rsWG^NI5*ks+tb
zRT1Qi+r4t`fAI>C>>CWp!sS8@zKxvk<c|ry6e4Eg#7Ar<7IvgF@n(v4COBWjOgz+)
z&cs(s82m4Z3I8WwYIHtw1v-XYCmVoO_5R`)V!>MoU8w61h*`g({Si4|KYvK(YhuKF
zReZ?iYwSgIz9t%xbD2CXqUMXVrb%kkhStnAl9?@_Gg~0N?<E+=O7E@G3wZCHZi%iA
zH5en9oWDBIb+~3RU56{!?<MTF!{P{fbzosEeoq`_K?(xD`FQpe{Emg+iR>)js=3OM
z%VGFGoEP=xn!Q8u<a)pdvGMg|i(<gz-HX`#8amKfGxAz^ocLq}Jnn5z=i!Pk*!aJQ
z36BR}Xd*l|0v{_rh|&MIK4AS9+SC5$x6$_hb1|a-m$3fd_c`tV9iPYS|K+jPFTDR%
zx$+S;QSm|D`!V|e`}?f_rR`|{%UToo&X1_M?0p8`*S4fJi&|?(T3H$~(w^<;NT+{B
zM>?7Pj{8hKVimnQ+1Pp^`2<o^&<MYn9BaHM-jnfPTZaEyh2g)*Q9RU^;lEEA{`)jG
z{a?_;^&*^G?EVjWFGl|}<o@qYq5a?AQrmy)yommPl0y4``V-p!>Q7?h@8_B@|Lauz
zYgsJ(TM6hlk{@jQY*Y9VWOv0OlvN^Y9kxGZe)nQjXd)k5kDr-*l^~u_xLv}{_IwJ@
z#N4N;Hfax36HgMqDTNWPr;PCTQ@#oOso|f>8k!GTP>x)`C*L9KXNp+AN8VxUXEM_D
zGbf`<?`X47@{8*#;`~Qj5Z+-y@W=QBPPLfFliF&SRP%r7qMH7@GZ@Lg-SdokzTvNn
zmfwzhF7|p*zK-bAw1fNPZN_}3CNhq#b7F#q*?whUT~HxyDnnXV#k!UjqIZ{2TV2N_
zW?pN97p$IpH&xNy@Ua?XL;YXt)54!P$|M^pfxxl#p`(l7x`72_@klEE<LQ5*A5qCK
zvHKIrZ_Dkd;BC^=n)MJznWOP9`GV&r&ecL1=}BT<-JL#C&yQT*ODV7WFj{$grTpip
z<$pgRm#@&26F&y;H`I$(yTaWBFJaTk^B$o^zKkqw&&0M|;39IFmWZpY)OBwM_!&##
zXRI{+3BoGn)BAjB9KFw^_nFdYdT*xpW@#|JH*g`(SyOghkit&=BDzCr*zZyHdyxI^
zTckyY*3kIpDC1ugZGN^Z<u6Aq|57P`Y*EDgdA>ot5%!qr(TWD3gt~H}@)WP6iF0sh
zWS;0#ypnDsPeT(nXpVNmZkVH;u&d{2C#=()hzU!aBkRMz`+(^`*zaog`xX2Bg#Et9
zeqUq1&ws%9Pi6eGmGOTNZGILg<+nvGcPZsJL@ghwly{0+-b*R3dp|1tE9E~&E&qF#
zvi_R#kg0|@4Y6WCGrtCx5b^n#nq)4JOx9Lf(23Xwm>-z9PSOuUE7@)te@FVOL7Tx)
zn*wPwD7B((;;m$bHtk}iL!5?2lsIoT+$9L!$<f?R?tL{fgL<S#+ssIhw!o_Tpp;M&
z?$LILjzs!37irh=D7hF1BvG%nPTzOt8lEqS&6njg85`b8_g)+}Un7p!N1d-I?M-Cu
z?f;v!hqqGu@b=bqk3RoV+Ox9u%4mCdE3G$$wYQ{SliM4^+OyL3@K$n#x7RME$?eJG
zJ$@=Q-qi5+3X_`LUIA<GP1+vbO4~bzwU>QgO!yrU-e4MQa42mMZzWGh1YT%xA_8y8
zQwY3?YT%s}0^Sc^V!l#&0D*bLS87oxUB3yN{uA@0iFp_lVuoL{L#$<C##;S3vp?1l
z^OCxM2&$i*4E67ii%9<jv4G@XdXn@{Hs6HxFYzUk1PD4fROuiIIMBO{BoJEMC$&4<
z0_vcZD$j)GX?A|`6f=If67%9{dL3pj#Z1GruV#h_^t7*dEA>G|H|{!u2p*k_jDueA
zWgD5<6#G_Fp?8_kF*(uZ9c2<nU?<3R7jZ-v(GVJ$#`b#6LNu1{rkx^jX}?Jy`s>jo
zE!j4A=E|b3x4_o>t`i|-^;`$_dUq&kXuX%ch@9~(mXT^I&MC`CMSX8b!i>B$c+4_V
z)k`A>$Qh~f<cw5#mMB0FwZ9hD-_MSd{#wZTw^#S~z2b)YoA_b`e6sA}t%%E(SR=JR
z(}I)XlRY=%^Yb<2xtR@#UzXjY2rhcWgx?16$?;<$e3IHeoZc*I^8Q~a?|<4J;XSsu
z3v18gYI1w|ti62N9^OjD;q5)=X*Pc1j)m}3ukiK?OPh|Ll=VNVTK~41^`F<^`aiEn
z{}c80XX|fN*8g;r?N3w0oRRRnI28~mYcJ<>i@N`hs`h_d_5RO#;$PhV3!?1*%Yt<O
zS9WIp!7<=*Omzqz7o>!(&tzY-*V|YfTJN0j_Vf#yP0!1Zgy{L-#<2E!Hl3c!{hN3s
z)W3Jb+ta_)e0c17Bm|EmjB0qic~(R4IQ7{^@lo-~5I%|ydQG6`vjQP{xrA5u@AS-u
z`nT(uM*H{Y3EDsCo=r^{8|=@q!=e6k)AZ-Q#~bQTUgP~4$@)VNfQZdsDEXwKuc-5I
zXhr9=QTK3NgDd)88Ou2Ju+qa&#;H6_#;G&X*xF!F&Ny{Ox~-OSMxl&T>eW`IQi@4m
zWO82S50Ufrt;68^)Q?f&JHkJuWq7`F#o=epkxY`B&y|{q+!>&*^qf?)P?eKP)h*sc
zbXPS8^DV{YeDSaN$k$?(fXFT<)qwvQu`=Nl1mBF*f{YsJwXcC!@y<v!JG`#cG-uWs
z*BFQI-qZqzZ+xm%fd35P@t+{MEL;zwhF4F69v$L=V7?K*c%F3PsZ=BO()0Uyhj>g7
zj|$>uX%`+z>!~t8`|dRYd@fV)PBjQ#=$6Ba-SQd-@=Jx}CAy4F(vy#{?nytchVOW0
zK#wtTz6<NkNHs{}-ebW)T*fZ~?e~n-G)Gp@RcNnTkB-9jstvQ(Oy?X>zktLa^5|#m
z$l8x-v8oJE)g1_AI7_PCEki!R$!gc%S-S-B0$n?)|L^T!`i=$GlaJwYw~$^sox;IF
z&RL(yvNX$%-M-!{U$KzBTUQXIsc*F-2qNNjud=6W((&oV-CNRI<jc-?WjE6PmOFwl
zC^GV$tK^aMC2{BlX++oTo+w_AesO0okPZ+P$iOfG^6Go=DgZRSHA}*asATv}D*vW4
z#~v0)9&FNw^Ov;qSddoi$|}AH6*cif4Bi9=Z}~BSO%P|Kj$shDk3!s_+?WtI79g(s
zG6r$D{ApOHz@Ak_QzPJ_jYZHi1TK=#AICN83j^SbpJ3bU;<X5V@LlKx0l<?C0Q-`7
z*y2=V$Z*`Ab%~gfh&|wQb~_5+O?{I?qxYY#_w5yb>NBbZZ@=#Nj+p>01`Ps~O_Cg<
zUm7+LA8jz$vyQlT`zNDEeRUugznmW(e63$0{BEAW1}hm?D)7sz;CIu{$AW^g=Nz!-
z?zdM}QP^FNuq*g(PaUiH*E9I7mErdch2K9LfL}X-UzDmI-`5W2ObfqzP6GT&0KY;6
z{GMB=f#2*T0>2Nxq=DaC(^T-=?-Ch)%}^QUlZ^bL6=Cp;QSyP_2*0l^0Ql{W@Y_>?
z-@gn1znv8LEnPstl3U%G3&;>WR;u_~hTy!PWC*^4Ro$_wGxPuQwK)3(^_KOuSXPWz
z=-Engd{H<A^bUVYo-e5OCap%#2BA4-;IDw#&qMmAb5Qej+O)$vHQ(XAzrdMwkT3a&
zqh1sSgw4lKq%iG1rV`8)e3Pxx*LRVx+(5pPZH2!~p(>l2_K7-)WF16xl62!8xCwd(
zJ=w5olY#zBHp_XYr~?jG1!_3iD7C|?;$$QIVJ<2<HkFo1-al0dbQ@uC^g&lAr}st-
zg_Dp)p12$Z)u6QTcnTNT$t;<CNiSS55&#X$b>vy9u>6z#{`#yoeuth9UeC_=m<cUK
z^=HPguW$Av^n9E^cyVY8kin%(P-#VC=im9Mo;h;UQ<d5go}Vz(Y0xT>-&S<i#*>}G
zMR4@Je~hb*UF?!7c=8Gi{#+eKEyDtde>u`m3(ISR<lihIYXe`5g?90ny&|Z$dxAPb
z;D6)>`P#$cZxt&1{e-V+^&l_s1GhSKwE{n2t5C8{5ZkA^x(mMe9b`Jm29thkfhlB;
z*~JZm#oI4%PVpGbvHM~Yb~Z4hTJ?}Gew?h&hFZ8M`oIgONh5@cYP}HLAc%fKFMa*K
z!^WMuV|HKs_Ziy&7RzkBvDHraZ{$uRi0qCX9Q;3W2VTd+<CL78M!~Z-UdY<&-XUat
z=jtSQ4R(<isyGS{<pzR4f%+XJ1Q_5Hrs_P-=C-3LR8RRZOx3Ic5^&~=-$01GP9m9=
zh!gU@$l&&6n1RyQ-`M*qPO9s@BP<>k-Z|-CV59Z{6+Q7B0dzl-(hLJ}IQO;@L`N!c
zVq6ZtbYe2}j?fIg_ys}?#u^dFnlM`cU|u8L-$4MKy^gHYu4#5(murQs0c5Hw_Q%`3
zGg<()yhXB$yPWBV?0oiiST<K10g$Xox>>&?SW@o3!agSm5HMS)Du*x3cJPi`c!JQe
z9RG9h&e|NYwxoR8LRTNVxDP(#eks7K;TheYy^d7l>_=O2?mKM!(n^@L3ZVu1ANhNd
ztN}>+yn>NmYD*TpBLVAYZFa|Jt#e(<FI@*6g$~7;1Y8J$lckS-tPg&!1BRv?W;sob
zk2Nicn_<&rZFVgUEDzg%r?9b>g18G2{_W73Q1T1^eEH~gq5K0sk=Q6pF5OZk<yf7Z
zXLSu!$4&oyd5ri_`u?}%{W2lq{pueYc^_Z&UuEZH{vw~WR5O(0KG)s4j`_0_W&?w=
z<U_-d2L<N*5TJ;2pCVpBb-MVobYryvkLI-CiC#!iq0UKhkCZnIUL{n*B)tMCg>Yxs
zo}zO1^)^3CiI`!<m2rTE#>NrS)?0o`n0RUCWt5s3q~USMjRiht)W;y%$P4&|EQ++G
zyO*lSlS#UqJsz}Ft<P8CD>=g6QFs`ThV-_MDNupYJm?S)OLv<|8YYvoZ;{#6#wqqo
zwR>_+20tDpY4?sY+S9j(u$et;JztED)8g%^@ec71q2iog@SM{T5#vYLJUw7;{926W
z;0O8z-EIdzzz_VdYt|rNziLVncS!AZh?Wlv;s%E}V=r<@GusQu!2cwOJ24MOAh;cd
z_cLs|9>fd=dkZ%DF3Ed11%@%fXczA^4f4g)26Yn2+e^B32C#bs2En}58P)QqW<4MH
z0Psn<1@Os789Tz_Pk$0{wY?W1Unb$%wFrQ`P*}$TB>Wp|&IdCXywkmaWt;t<ljrMV
z$y1&qCdBG2Fky)a$wnd2f!mR-8wcFY_*A1a{V#jPg?N~*nU6Wd>Hr|uY5{H@61G+g
zVnC?)0})RbgMxU@Owt2P;_P$~yuDJTU+cF6;&B;D${$@HNGmF12<Y)dVEGUQG4wMd
z!S)UQ672Kn%XZzbcF%gFaAt=?R~_&=`reyrbeZkQK030dO70Gb$h+YO;A2uL{YJZt
z@{DaT&n9)!v_cFcb|4-}5`68gfaSM(M{YF)cFF!{q5Ka(G-2R3I=%NxNFUzrNZ4%x
zoOM#pWpv&zR_0xutReR_&a{^O(CA0lzLuOFRp}lmp+9WqBK8YG2sG(^c(+<=y7dXX
z3`}PUaQ}Z2x?E)wcVe8kP`K9aYn6!f#egyh@i74EW5Sy*cmu!P*uyjd_ZUaG1bCr`
zP*t&L+-ICO32u79Unb!Sb5gA(<uk7WoPV9QxO&>9$UFqg@nfC~$!;KPhY$gGe<q0&
zHw1>kt$0-0ds{NxLAh%`Vu^e}Xjgwk*;t^u^*OM54@w580$8oR;Qca{BXY>W^N2~_
zJk*Y0qkO6IQ^YNYq-*WTly$eL4+sie!jMqD^ct(!!k$blHmkp&A|O0EDbPnBeWAur
zur}WU=cC$ToucfpqEmE-6_siBPbSPwE0SiBY@vxAP+sw%uY<$;4vC2HdTGQ5ka0oW
z=t$oWEzg{Vd(0?&{qaZipK#`PyST$%Q4QE45a^)UuXb@Skh7UqB=o)>qwT(4M}RE0
zf(FeF5ydB9CM*O23qIg2q%BqC@aBz9U+NLqLMGwNPYzumuw3xsCuw)=SzBCAvY7;L
zo`ho^E(A9^vW~m^;J#`r1gofADP4OGcb40XpR{EG6uCRl9o15^nc~^b%hX6y{a@>T
z6|7(H8St}$<P+GGQ7-**MMri14nZ^d{?_m)Hog+<cvvX{F%5nUwnNH5{7;?U_ZJa5
zF<+kWG-bm1`Oo8$z;pqY-s>Rjmv-`Z+AEI6qq@i95Kjf#Y36?)&VM${Kk%oc2m5-R
zmvsP$ATtSvhM%+IBEUBfOZG~#1RI9>QqL<(a4PT>in~VEK?gx)VgQ$-r+O*);ud(&
za&V)NwcC9$dU{;}%R!hpG^f9ImY}*6f@}oUbUVEd8|>bPjrOc+IzRw1v+GJ5%I7w5
zAP7Jk;+-PYfewAHbM}27d%>6Ng8u_w!cMk(JKEEC2+Pka^cAFq7vj+9f5s^uwO7=~
z***0-!n&it(8D4S^4eb^uU$c4@H=$JL16F$iQtR7k@&lQpU`FgN&4a}$c982NP0Cu
zj9-Fu1;cCYh_rSh6Hr{c9kAm`yKXP`80d&otfz$b@;_4OwAsb3I1<<nAKS%;jR@Ih
z?XZe}t49+AOm`q7oS%y}A<BCXkW^#p)tIW2SA#DZjMuOtCiRN6ti=`KORmLNv#Q;%
zJH6LA(yK!=N#rgEk-H+NvAsoDqs*UpLdZJF&-;*VixqMKOe*hrpP;2}fNl6<Qp48|
zp_-F!t3^4cPCczip;HKldK3ZDat7zL4knv`psOXaUqAg$UIRv{J5EK|%s!`?Sp{4$
zK~^A7!{2Ip`NVBRY~IW|T5=02jeb%0i+}oF6t5@3f1m68eJ*IqomgHC&-~}{oDX0B
z(N_@+a>G?>4D!-t9Z~vv79L77(sl%6>x*m229{%qF;cR7qEI2}A1KG&AKWMwr_Lr*
zxhj>!Q}`UI0)fLisXfx3LRO9}5y5%!fb()HU}6Lb38jD=KOgpD$tIKld>w2LB0Jss
z?#!MX?1s$(e4v~(@KowXjw<KKhsgU+rP2^Ork?}!F%5ZoLGUf0Z~15q$uyM*E-}a#
z&%`Mx*Wf3h!1k;v*Zn}1TP1kTUh6vQIeVAO?;BP*yYBSV-)H~++w6+>W}iJcc_++c
zm${VN7gj7o8Q|WU?I;60CO=)%0l)TG2Py*y*qLe4=wx>5&uN7{N14o1o{y?Z!2uID
zn~mW(NBx7n1}3*z3vhM>e(3|ru<kfrnXX|D-vbyX9B3En|2n()t3B%o2%N}Tqdfbw
zP;nsMp*u`@XDMqf!KXVw?j@?oKx@_bQG+=$HFNf3AdZ@?{L&4uNNbrmia^FMeGvN6
zmXvqmmkvnI+TaS{IvgkKzzKbguC9Sp*5~{&P(N8)>`ok*Q4Qk4Mc4*kJRDli@jVp8
zBo`Jv!q+Z*c^V-(4(~*XHB|sjjZ3y?{pL2>04>0tJC`H+{RQv}tkvm?gYovloIb`7
zbJ_@OwQhAi0F|%9zWXiFVGGcm)$YydV~Pb`#^}(s!o_n)$sAr_vh7e$vU|s;0<U=-
zF{l}J09V_V>R=6BgHd&1!F0-~xy6Y$OD#`rC)!*K@Ck{5bgVXB=sP~uJhc<1IwIx?
z@gSn1-%lbMIs@cuFlrHKGE>*B{^yf94p+|MU9}e1%{F@$E*3j~fM1%I?DVdxQc7G$
z2J%ZEPPPTV^Ly&4z9DUPzqD&@{DMj)&8iLB99Ue#myAnbuOaF)y98Ts18LHhwE<>6
z(|tA2K5f1~vu*Z_ROo<_Upf{@^nTk7<5QDehXM&s@qCV0ZO{7E)hloVZD)hs7hgr8
z4O;{FhxhHi;#AsOY{yldf$z8tS>N%+w;}NGORH@af5i_j%<0jL<!{}KEdOu!MPL5G
z-kcuIUHS4!JfWzt>O*1C?~)u@r`)hwC&_YebLEmv%a*WSy6gn5G(4dzjjZCm1O|kx
zpC)w#J{r?WAz(;nj-#x+2Ua?ptn^v3(!>2%CSkvR)XsM%SsuP*$$8wZ0!(>r$tKsK
z;3k{+o&T-#bcJD2`X#a@K1-K)kAW?5842V3L-dp0BHzPi)mGr}K049ieSmCE0oW}^
z`Z=NETs(4gqZtN!mtnBIfmSqLEP&MWT99u+)V0GpIdvCgdF!zB$!f$!?ma*<Q92cL
zd!6F3z-IY_<YNJlfNNpgfR}Cj^OZT`@rwPxYMi&HuXko0Au|S?26}Xz*{7fm3t$XM
zE3L+c2mpur3<3^67E*9P7zu+2JD?bViav&BLd8cD0V>3M5t(Ta0?w>e$lB|^Y6(FG
z0w$}XsKA1QvP#@BT=w6V=m>zMVWsO46<DWsBJ`Kw4uT4H9wjvaKssdn!Zxh{A4zj{
z^QR_IGGoC_%`aG|F6K)TptSfGzT|1-#e4&ejx34IDCXZ53I{f0ORcbwIehA#7#P(%
zu(>;G!oze&S;^cvp$^R5?SM?P&bcqOex*ax!}an+Ae-@BH4(5917<9`7V1rEFHb6w
z?@2k#Qnh_fJ)H&^tjp|wv<1gy&+ganS}VU`gSw0_xf6;&Kqr=AzQi3zdkmn?xEYYL
zk-Fhdc8V2J9e^~fC;>#@G)Y0Blj2nji@IO}6lgSzD*Nx_l$9{9Sbz+M{wQHEo|(y>
zu0iomy0~>qHis}uD|Xr<b%<*Tlyp5*o&=TGTuG+8N;=xAB{$d?-v<@>LZOq45XrgV
zYh{OZ-V99)lTacQaDnqPHUZk=pRYhNc`dGO@6X4OwcUwpNY{1&TifVN7)*WCg?;`Z
z9tsbl^?#5KyWinvXqja=s*-Y{pZ;VN+<d*4&Ctw2@Caf}L`uF6rH^YS!q`fl2oN%1
zWNA_xojeWW9#>7np_VPlmaw8d##3$-3Jp!4iS5^rnRx%MSTkXbjv-=A#gpTeskn(F
zQ!(f+)l~F_zWRe?clQ48ba^V?#;N!_K)~UN8Jby0ZW##<30zB>{kKEm4AngR2E3@f
zFs~U~d{+;$#Xr0=`WCn2X}ZlByl)&E{26ILFd3V6-l-b=jnF}V93A{;k7)*f=5PoO
zW>445fFU^?4ibXN^7yB#$Dc&DLyu;|z>nPt47`2EzXStwA5^BHZ#|iY+&fg$&?l)S
zJ$pipHlEQj)G5{Yx1*;=IL0ZSe-2ZM^*7dLbDY~6%29t4JUn*>A38!02gAdI_>eEb
zv{@)a*7}5?4Mtw;_rMcv7W)63quJ~P>A^MaIDfZu;c4oxRw~%BLTB2SV)EG`n$|JZ
z`cF_cmXtlLEgQd_v})rk;Au%Y|Mbwaa=Ry1L%UYE4X-ldv|QzTtdfJb;t%kJ1oDL}
zn>UYsU}$ZikM?B{miVXnI`%%Uhj%r4?ELJnQ-3IreCPWb`8!4Uoo{N$5Z|i7kF*TU
zY_fJ@gnIcc3%-?wDu6oz0%jQ}N>@R;QraF2I0LDHo`H<OrGaY#orr^uz@$UT)Sn}o
zSIeu4GPY!6J1&qIhzqo1tr(^KhoBXFB%73`Nq22*$0@CB>qlET{7Q8D66#~Am~RyN
z<{4ZhQt3h!ytJIDC=wmsaTe4u6fciM&NCZip21e9xW$>i-d=G&ez31c57gGoJ8D2(
zOSNk(QP~_sBaU?HU<x%?<p5Kpt0b}!*^9xA)P9}lD#+L-R8`Uxj+G{-cmd=Ad(}YF
zPrK+g5T-G>7LC=CkiJ9k)Fw{O@T21o^DiRaLT0QE?Bl?UAPAm*JTL;9!pi&;({O`@
zvP5dyA83GUBfB=iwV7R~!L@~5XTr6WT?=rX&#nvLdJMZB3)d6b^)$PudN!Kv-7m=V
zg=$Z93xz+B4MwE#O9v%q)C4D+ZMR7ERm2IyNPItt4QYC&L&V?7Lc|z_tYfZ+w4Of>
zns4%gO8@G08Waa0oIupE9S-zv*a3*hsmz7#u@wMB$Z`eBng7rCDT?EXZ?c&j75IEM
z@lkpIZsMboMvf1W9Zyg~LT1W@Zg$Y&4P^R5Zgv{`xZoYi`YREKB_lfA9S&p&4LaP}
z#q+GUTfRnzr9;$V$w)h#h8<Rb80K{>(XVczKnya+;AtTsb^;Ki@^)VD1oX?PcDbA(
zAinm`NFcUTAa*byzBder&ujIk_Nw?)3LCCe1F_LjfIehb0D5sl0R5-`6#~%bDL{vv
zm{L?0YCi|smkn2VXR^y};a!?tR>R|6Cf-@)I|1+V<+}pB8zbM1#k+~}9f0?d*>(i)
zdGbu6=!4*$Pr-YP4BiC*-oX%fL)~#u7k<S;_+2tP+Mpc(;p3t}xPYiZh8Gol!$t#m
zX(oKXyetg9&wiW20zMJG3!t<4QimG}eDA!I!1oyV%Ln)#8x_98-AH4=_kIn0H`Sr^
z$WoO<DT8kTJM8`VO^#q)zIcot0o#N290#>nInb0-E>zU&?W<(Njf4MeKLWe3eALb4
zUke0#&mcVkd%k!UyeAvv9lm~6^z^#+_Y~?>1*?R-G~Ei}Ti|};dZgI}XB7JZpOR>2
zX?N}7RCF&gu`Tc?Yymq3?8&|Sr=stIKj}vBA0WHnj9uOc>uGiMUSRq!_4o1&7`FsF
zfhNyHS8Wo=WM_GS;Xx)ofE|!mz#in|gE8=cL4Dp>d@#*kHLsN8810xhn+|PW8QJ3V
z-VBv2WF?De$?{MMF(u9+o<z8X_>z2B^6+&-!=%?kmEN$Qp2OzYmRf=zvyGDWD7$JU
zef4Ad>JoA%uB3PGERVIr9*DlfSiFAN{xUUtf8Fq9*#3HHBkr%2WRB1=n~VcGPtr{F
zdxLDW$4BEv^H3(54!_DH&nnw-=)RM6CLBSa^D7^1zflKRe1-0}ra8dQSfX-(W&3S+
z6%HWWTKiU;t2n6#k6u3gpT}!6y%zDhJzmS4TImMLiH&(y@vk;YlQZeV!Rm+g?BVtB
zF#NnYVa^en1`!>DiBZ>^SK#p8Kau*!d52D8R@`qL>3_&tyAim$X$~qZ?F}TAF@0T+
zkiKrPuYC_@Ik;{W(boOq)E!~&B!X^lU<-<2@PQE%1;F<KgF`$(o@A8Uv$liSD6U2G
zgZLM+XsEPZjlDdxo9Z9hMF?AIC~R4Xumy6^P5CI=^}g#;VgWjd;ui>2G+Wn~RJbC}
zdO7h1S!gA8k}<@e7y0Zol(uAZRDsm_4ysZDBsEJSP9SK*b9jLXb7uYRPDfwvA!N#k
zU&&GQRhs$>)yW%5%H6F47PQU>99Z!ZXV$?<z0n5?y)f&^`9i-it-Sk^?AbG};I4Id
z5DEu!(M|m90J65iob|YNnyl{q3l5_o(c0!6TI+iRq?M_)ftFv(639@HC1!1;;}h43
zJET88Z^xm()$YLJnD+iOjB4}dS%vO-nSlJ`1w9_Dc}noMad@W~(9bA+vrti|M>mc1
zol}w#)W+c%WsgptD)@R-*t3qhCMXPBCB+WN`iMtD{3R7r0g)hox!!=2dN|NaD5;4l
z6V2M?5G$q2VF08x)^Y$=dYl0@3Qq6CX%4T&#xEV1oKfw}I_fr{dwwS!MTlm8X*sNT
z7XrmV5j6Z28bSzwxDsGPj6y$Ugo8GcXLCCsXZ`*nNI~Bh!Q1+7JE9gcs-$T5qqf;I
zTXL>G#6FRmoVCF{)FGZw<%8DEp4O6c-@q>&1`<-m4f)Bg0FXp+N8l>de+M^Msad0v
znl)e?cHdlT&cJq$WmMaP>tRfM37*>BcYJCWz9bL5+ph-@xLImgmK-DJl$ZYev>iS7
zJ4gJBfVUG5@$}wrb!Pp=7nhKI@|PZWyOH5Xia+dLw}H;f89FcHHsK`n6?DglKj%BD
zDM8kRCqfrV+xwS$ZQwfS<mZPP>g25NX$P~RgMqbSE~%JL#XHL&jk<v5>sx6)O>~U^
zZUk|R{|1Snv~hO|%>{$!=F#LXzSe_p#u|c25UpnTP2*Fn7WlJ5k(CzZLlNKtVGKMT
z3xCs~s5dDprTAku)y<R=8k#cuP5MLqU9t@r$SJVH4M&IjpJ5-<N660mfIemc_NaGV
zRA%?yC~d4rVGi>3?qd$`WTWEF|7ivKTue47DKlT&Kx0szufV}&8_37h{`RWxeLXzJ
z_X=Wu@5b=&UBkY21%8hlux`7{Z-N^Io_#G|8ZMvxWGKCbB|KL4lRr?N!iD?e6Mwv*
z+Ue{0XX}E@wf73dB45pyz44`=*VF}VvoRTXOZLR@Qyp{qWg&izx8M5(ZTmNe+J7vf
z{YBeix39zxek<-E_SMig?tZB*h#we$Ikf>Liif3{FVjcY5uxulX`in?X!p)SMWYl4
z-?e_FgKZ6;Hp)+Xz_$Z&8P%esiu{X(pEK>^_OOBey0DHg3g|oYoQ`p9fMOL%4(kHJ
zg-@ltTL<hS9>{^BWY!tJ_+}k-wlE3b$X+FOw5B@=$wQkIatr3b<)QwFCg7FhskG>+
zqRq4*UOc?_)_C-3+w1i9NOh(kRr@wo^2IH6$bkP1B6FPGb6)2V_cM<i*qvvEtU7+~
z)5u@y_Vb=+5zb12gel~UpC?e)54i$P+PfX$a>D@e_V+LdW@Z}!3F}exom=tK_8@V&
zfo>yoACtzc0l4?YUrT%3BbD?Tb=elcb3W*eiz>m*s^POSmGnRqdz~O|#U4FD&gKw*
zP&!pI4jpZ(<!<m#yRrHlI=e8RXk0@6K-#-Hg`@8Akqn?M9vHpuEp`ND9UQ(*7{(7)
zliephTpDrSjsgzE&*pEs^M?+lJKy)PfyNUV<mjVs5MxLm{FFi?Tg_<L0Vx{KY%-$K
z<r@SNX&xzGkCCr-Z=zj{Pj!k1F_}LOq0?$~Tq-oM;GdAUFD913^N?wuPpzVTUOBIG
z`2G(awgY{AX9zo60QQVG!A{Jy02F!}8XpQRO0ROYLm;V;`nmI@zqXMPU>f)!_8<O?
zgMIOba13_u^-f?<?CCYQqtTm9`gAM6g6<5~QacGt);Q|Eq~iB|EmGtj!A>a&@+Ijo
zl69)`6HZnR(~8?H3Cc&X!wW8~q<GT*_sSGb9lr&PwE?iO(V2DLbsh6ZhMtt6w_7a<
zBt(y75=iJyu>)lV?0nuXZgKBpkr_&-8;H-92!jFL%E~jktjc*;$m7WM2YLJLr*Vtq
zb0+v)XJ9Ds{4Tq9h!M{{sW_{*XKk6ZBcnQSD~UbGsF6-TUQdt}no$3AWe&`!hKa}V
z;fv5F3}Fc&gy=eqv6&-N4RkQA$SI|VZ2WT@+}mg<!?Y*rgE{7E;z%rov9WTv!^kIS
zG{cON&Ro;RJAmP2HeyB(L*qqecTX_i9DBq+!H92>N37S3_<B0xqOyN7-qJaZkN4g=
zbi7X$#~iQc$TXC9#;8KdP@(4VwYa5v0Bp(lR0lz5GOB07x>b<1aTEq01{gfT7x#=u
zB|=R`HKKG2DwWd$U17js_=U3MQ2zk>TG8X15LRKp)?j`bF}5R$6OhCH80%#H=30)l
zA~Vnd{n3KR?|Z7^;W=MCL67H;Ux%TYM$UZ+#WolJfP03kvLbHMvCv&S3vEC3=K((2
zk(x}5imtW;v&I*<db}k%zGqdqPYB{h<}P#*aP@%P*HgARP{r0?T<Z{jSI4(6eIz;S
zq}xQ;Z*LNYQMm$vjv@ZMa9d8_@z1p4eaKW3Wh82-NFQ1jZ*uW)m6MvBxzUy9AB6OE
zX}M;;oZffW6TThal;3hE(YFG>m(dGsGIJweVt|_c`tkEnS;dv-@Jo-|X4m&$-k(D^
zrR?Jv-sS68f}x0>L$%WJ?+CGjxhf))l~X#gC2?)1jUq0Zk4pyFqm|&hxs^i3ZW4UG
zGKI_P1y6nAq!CCW(+>%rpm|aro<j;dMu8~DWmO<{t^gtX>wy{NF#p-SF{ii{{O>64
zGJsFXDQN}&J4(9Pk#J;HxqrjMH9FgUy@~}-WvikxZ<ct2;HikGQGqAi$4Un#+bW@V
zByxY>QXIi}T;Lw5f!55vX_DUWafrAXnSdCBc(w_n@vNEO^K<u-nOORLj<`8}v!igW
zxH&W^dr2){{0+g$y~^<GAfC+?0Mv%~;^*2cevixXbs;XgPI0p{{b##p?RmSWuFIsm
z?G=aP?7_88z>jO>fjcidHN@BJHL^|8&p6YM+jSLAAgP{%we~anLihyd<E<k&A8(z{
z=2Kd|1^?x|bsV-yEyiB%cV_+U>I$7W&*~5K3h>qP^Eo1qPwl`E9l_BBlH`1rn{&kR
zWvzUpbfx*pC>ru58;K{@wqQlpR^GGnyypBNkPdfR>njECsvi-|;1=k{s^jFkbgIEO
zDVVi&($D@9Yy#U4ZBW?T4&v4V3{fWPFVY-Y=lJ5z=Ml`&zcl4MJ#!di$_>`pf9Y_g
z3IuN&fR{Ddk+s3qC2%>Rx8)g|sNy74Mn&w!bVpEsDiR@|2N>smkg_)k9>7)ch@mEG
z_!n4h??_)ON7jB<p=d<b3?rszKaReh$td;)EBK|(WLwrIzT|SkpB~og!;^6j^Cb!7
z(~|(QHd}9aB-wRP5WlmDC;Ue_j??(N-Q-L^j{!|%`QjdAqY^)ygAuObT`Vfs`mApS
zK5q~8uHS<UTrp;PC)y`pKLRz<@Xg4QY(W2kY;ojQB!sO^NYB%K6SAX>4cxgTMRp{J
zCllomuft(GefPcwJ-XkBYcSD)E<$7`N^0=fnqURa7VORMNR*DwPyBt;1)q;2F<pSl
zj>AmDYValR!V5Wl9mt!$gcjqAfPl%};-4lbTTLM9VgL`NTQ@Di?RiMLC6#W+0^mEQ
zX_?el&tAz%bL+N~VC<nc?+gaw6?PRNjqrYF7SnckYzK(ivd23Uzl5$g?+g~j<X=2T
z3LHd|!P6>$ZjrPM7tpCkJO#aHh7qTa#GeprI}qK#CE@gn=4-I>#j6O#x~YgiR$j!<
z(pWxe_6TDz-$Jx`B$%MM+=2ca0Cjq*C$eCU5$`wyh9#!2CGpw7Cy1w=>8I@#7xZ@B
zccIWmd)9aSyh+4vG99?$vy7{7WcepuV$Z4}NmFQyf*%h&Qpexyki#G)<3_@Eqc+70
zoNrbY>(G2suTn_ITr;&m&jhg!P`PQ+JwnA%J)m$q!0gxOWwdzN#=*W;>p_yL0$>=x
z8{>a~{~SLU0aL|qf&Uy^j74^S!rCH!VtLM~0sO4^AMpR2AAn9*#5=P#x;HzrDqWqK
z{{BCLnBfrH0zx+cVux<6bsxrMPL_;cptfKnYCgL;bbq1xZK$u`5#+K%(<+bN-OGju
z2&R=Sq(32!<A9$^5X6CiqAx-v5z*jzDnaD>Kla`QKC0^4AD>AEG7Nz;k*LE%33gN>
z2uTf+fry!8COHSr@KCC#RH^X-R(!z>1c?wj8R7JJkgB~ttL?q*t?jMWwo1kN$Rv;l
z$Ro%@p$hnbGYpRa5&}Zzzt-AkX3jjopuc<n?fsO`hh%bQpMCb(d+oK?<Ga@CV8I}w
z<E-!RqC8BLz83St`e6D-uC9aF!6!T{2Jb%$>`KL*3+LBRT@<}z9qimT-l)a`>8IK!
zdk4X`rAT`9g(jx!Ff0!Y6m^O(1XM*#2Vq#E^rgpfmaBW7q`k&Y4C}`SeQldNj}L}3
zDIomgm~wj~KO`t9!$05^69v<YMzwHD0>87mFo@nNvLO1c7*)SjzaUOnifsn=D;8Ye
z0vyOYK*RS-9-vPvVe(+k&@(~tv=^a{Tk}Ws<$00A;|t-OBJ+n8!nwswJ=vp_tid&k
zPITZIjMj-QSkf{<3-4WeJU~xo+S`xjTI#?T4m)`N4Ih7qW<4%u)(f;Q`83=&$+Rb(
zz>Sxs{@e5DhCCd8ho|R)%3N25$B%SUefzZ>LueHI;e;ay7vqqNj3Lt!8BxCzz=+PC
zKt$UOw|BtjqwqP-jL7}*{$!S&WAwsUewlc9CtC43Dy>GY?gZ_x^=Qrsba<yCxtfto
zh+(kWKuV8&qYEgk?IA&?Qc<xA@63r%%wo`(Kx0PncsANci`88&&JgY=$g4hzstdpv
zn_gv+mGGFol;L2Vdfk;Mxm6T^PEwFmDXnULF;(6Yg8MR)?bQ?HlB;<+*N(;?phI;K
zOgEF+_xV0g!hrcoKmmEykPwzG-CSS*4dVK#1?2fMufCWjWB1!v;O02fNH}42{@*Py
z_8U6d&TF~-6}`JEJ=@O^{&_eGH5!0ca_HmF3qZ43nH*2Joh8!c<yBF23WUY}Mhw8u
z)1qGUP;z|w5B(^Duvm+_yhodC5!1jBo|jJ9`%B;;tg-hucrPK?dIAFOfRVnmf@JYH
zeC#N<X7~o`Jia7LW3~r$?p+zK0v+$I=%P`GJ@*G@-HtZ$mVzQFj-AoIAWJUo4Ad{~
zL+wOqpKAY&))Wb($z&eE{!oBgq5ygfZNt3J+=^w$>6H5lobRCu1R|CoMdeLFb{k$X
zj#pd-5rK29C5n3mNlA>#&X4>zJjws%8N47JR{xtGtPzAvrx=o<w-CgYwaEl=OKII9
zuC5Is%5r&uPNz+Hq*d2X&1iJ#adp2y{CuRDuPQHQY@nHY9R1Iszfli2tlxBAQdx#$
zFIDgS_kM;@H8~|l!C_3kV@!(n_Pt1bt{~x6U!PK7cyEY-8KS4}0ZP>A-n1^Gw^<DA
z(?GbT@KESdDnWWf#U{ch4uW$zHjt1F{%S6z61<``LoI7E<*{XWVj=KBOw7%#z?Tq}
zdA##|wjhUKL8AVTo-{YbI5$nS9J6P{*5dH*64qkyuhXuDIx^i_45YPiqwO@Z7Up#_
zvpue@d7Qi^k8C{egf_4V?elZkd#kh@<lKrpMp)H)!b*~t($LpzTkM4{OMIb;|C#oM
zE=~JF6XAuZR(5rF2<!MLiZbJgsQk4CmNSUxY8o0-K^DDX{)Y3;!4qr_dOZzu;K#r;
z+HpDtup4D|H7RlzkviOpci4*0(62bNZ>6qxL2P=uew#2oBmX1q^mJaEZh9`K^~MNI
zw%)U2>m4eK5HfVx2j_j=_u1<XcnV(kFQDCpdb8UmpZ7NIiPMxVX`j0HN!Wacx{`so
zJ2f<GsalT>*2ACSyJA^J=4gn5FCLD;3~cIe-et$cCb$^BB%B)_8NN2$H=G^5I&2R2
z3=atpj-3YCFZI*5YQ{_KTzFpJ)1hCmi-Cs+8j|q}l)r~UKPCZJ?Wq}xM2hU!`B%|i
zFx%q6kVhBBrI6sJ<?;b#v|26P70!vZ_kcL(2zwVzRP4iqwu5A0rW`q#%%?*2;IVRA
z$ZwjP$x97dLLao()%}eEN3IZ-c181PG#MzLMpuO8)4;gmB`&EwP+$E#9uv~%@F3qa
zVQa$vb0eL4?Rn_j^`Xle11L4$Z)jvBlB_Sm%RK;M-1XGnh8|`oDCQyUs4?(k3%r+w
zuV5}%`Jp^)Zqa?|%POqL684wk{aoE|Q6f^@5jRFt?!!GNeMRYocv;9393S}1+$zE1
zXz@P8t@<eVxyd8f46=IU1*$fgvsLu24@BvtREs`CSb#eJZ7r<k8vLri$8lor2%d%9
zQ(l8x*!Kgdo3h%Hf)T#Hf?^s(z<RmVoF*HQlOhy<-4u`P^YzF4yJY%`THUmezXR-Q
zq(%QOTwMX4Pn07`IvTeJ3}H8M0nERFW<gM}V4e3x)=8Ta?{CNI*~h!|<=2@!L%Cd}
zZ5WWHEGR%+0jbk_fLme`7Yz+F<PLOW)uaEsyqH@x*}}pol!Y;tFr1es6!V~fWz)2;
zV_Ar~RqGh&#nqC>(yK%fA2VAB@gYCl=~5~pF3Aad{XK0nKinDUSn@}bwh3OK9$SHc
z4^e6lKNqt)AMVF?^Cb_Y!3X&d&enn%zNQq8l!;O84KEc1bfT{i6piu%H@9kr1uYA8
zf5r1lDYa@bbuNak$%92zX~Vh;JHmtX=TD@G#cE-WvIjK7sg;C0k8z*Sb{KTo`4o<Z
zTfJ12hqnmw{VD;5FmO5lAnwdCrUkHj(4}>RdGMs2>fXOn?A8xGQfKwEAuI%s`qMD9
zJ}x~=oAwI68S{<R!r!=A9~}tWVEK=cN`7vL)^lZF)qMFb{=)Ca<7reK<2UE&4<5|A
zycBP_Qr{nZrR(x!S0q-ikP<Uu-hiEI9=w1D6Y_X_1?m?L3p){SzVu9#->hN$=8VQ~
z-eLS^5AYisn=l}+Qs5>n{%W&<TmB?G#3OyBC0gCb1@MBCz$pDff5;$kB>l<Ny_CTW
zhy2WyWZ!c-*7z>NH8y)>1GVw)$49{0mlo67vz6ALwIvk3=EC^Z(qh3;@9U%W#MNN}
zEa-O)h7SpH4Q}~cRUGYPUM}Rv-lB4W%nXeZ1Z7Y?R<^*P_3Nn~66lMiEbUoo^h;eQ
zF6^Yh`G%48^B$#)*y8Qyk($&!Z{mEmW44I@LhrLY%j_9D%j&&PE;l<RlO6OXlSi6m
zrZ*(Tl&i~uhLI+k1xFJXC?E<A>g|t4X0*M8?2j=_&wfFwm$rwHDJA&_MtbrO>V4rb
zAtG6v(9tgK7lM%tU24FIXt|HsAqB@qk*ho^8aqX<>?nGg>w*S^*_OOX#*B?`l7|4^
zr%ZCa%S@0_kN9WmD{p8XaadXA5uf-ndBle^kN8LgxQ<s$)EDK@sw6|CenJ9A@O*2+
z6@VM-*+G?HUxf~9885CTyi$jr3b?>nq;+jJM<PS*oq<^dbVKHz5O53L1V4x*zc9KG
z9I$3~Qf@lNS;7O8&Qpzu17l&MA(eULx_TT>lt+30p1_~ttO<B+&PqC|_Yg}$lk{JR
z2nh%&7}tP+0PN_VRCYw!J3v+t@(<6=6r>|)QN2>cjPHycVJPWMe<5~sryzY){Tz!r
z!FcEYMScWNJ{LcNug=ep@C{b}c`GOoA0_dlZpc69<VTb|0OpwsJdLDKh8*b)W60da
z<lo@=1=(L{A!CC@tjDsvA4o4Bg_hIB8@~GNDuepz=UWrXMJ1eXS{iLKHzS~NCIL}X
z0gcc9!e9tj&zmnQB|-Gw-vCKKw!hD(02;F>)+na06CY%FMuvOq7M}5@Wem@l6~i+k
zumSWB1T$cmJ_>u7!J0fR2!G*LsRU?0l;}?({Gw8n#rvDAI>e&d_Ch}`gTokI76#vs
zMCnutKl4pU#3wd8rETHSC~qa_T}aN)Ef)*QvUswHBW?|_c#;bs`q1e(#M06vCgf{O
z?+*~969lZ7YBx(Li6z-;C=K%11y=7!l+&b%W+qW#QMd{#YvC_9>vcfy(9mH#n9yHO
z`N^gk45@nJdi0IUfwy92z5;|iVl*eEQ3Xa})#ZQT9Sz=lqv>CcVEUH>%EG47+DK~t
zmr`cpK&;){4`5X4k6tGe$NkO%!+V!#CXR)hEb#O<^`<AYI(3c35VDz2Nu}(iBJRqF
zdgx`;II$o^b0^A}uP*GT<%rS0kCpCQWFxo2u*`%MJY*!R0rn;bUQc>ocu1BizZ^AH
zvS)Uov9jlFWJ$AutS~$?p0^NgWASOl`ra@uSdccvQyG$}lw0u_Q`abD7_@2?ldqYz
zd~5gfZ9sLOvK$IEMbZ3*LjDmH_YP?J4N)Hb`c-19S-_DR!&i4RzoEzY6$7MGayH6u
z$a{Sh;!R-^m8yWM49x<_%K0DiT-j!LD7sCHF%v?8x0kx~Ri*;+OTT70U4z7HInR22
z>8VIGrz_8iL6A6}Yh?Mxb)<N8NWr6TSG?2YCS2gY43=);?<7{c3k2CyK<Q8$(K?Jd
z#XVI%vJU@PXC2n<$BA;u_XK%a++uBImf|DoO{*di<Rlvit*2Z3Xba#AYM;r>-1mwx
z3I*Bc`vVMwhk@`Z1EET^4mOYo(<jEurm=9s&PaOrwl~?sCmW-g`MZ2uq2Frgw>r7s
zH<7bq*Hy81OnSdcTT=f%t^anzd0x(-z1(_3{N?@#gO~w>n2|ULp~^iQft)vpO3~U*
zl1w7{_bW(x{)sp6`QG`0G6~;JkT&_Yg=fER4BwNw#t|}5jEaoaF^7f799(~3_RkW%
z{c}Arhu0IB!{~a8mNs@E+(N4Jw8YqelDF|F9Th)-is0habkP~VSPB;}qKlsRMKSTv
z{X#Pj<*C1_?PmyWJDqGldg|+FgIa7*mlEkc{48sbrQU@NE;~zy{qw8Of7tKrir$rv
zcdaKQmZrx3wl`B_C*3vB5WYB;$GzRmE*IYwvoM*}Q@>}ns_)%3kmbv&)bmQ85ofFK
zdB?Kk?~~a;ez~L{r95v;wg<%WyW$b(;#MuNaCJ*H8lLS0o`#m#gg8I+z4SqOaJ($u
zXpIH<!Pc<i)(CYkzz<Qqy_aYKe(J+dQJ9fF9V=-J3WXJ19gWX=pTGlnRv*Wq0@J%u
z3)u+wm<jSQDnFp3>oP$3^7Q)5`|-p6m>W9~<QvIO=fpHo7{+}^@JmzSuBiRoHP{*p
z_@L^?j!)qIM#Ho}^VjoE`xcz_zUnoL`x(Mb@p>Q;b@`JyET#)Z8Uz>rqyi0R^gMbc
zQN9s2qnFvRP+Zc>JK{*IE?{^qj3*4^sf6)l{grt%qmvF3{b{&w!o+W67D<?T3R+n4
zD2r9IhTqiWK{fod9D~QPpR0Sgi}aC73k=y=+{F2Rgo6ExB<kuHDYP2yn3+}{B6`9u
zSTPD@NcRT!WCBkrO;1rXSEkUD?E>lPZ#7YR8uGIgdLsPm{~|qATJW9kfOqDV;iW)R
zD^uvn7N@7mH@ibmI~OI>Q}N2~(o;Q+WKe10p>xucEly8=ed9vuY22a|dV1lB3#F%f
zpU}}0L0^*C-QYL6#qR#}ND8~t`*W#8g?yt3(kKQp-<=xBoJIWhyTvaLe<T*aJeGlt
ze!3#Zkfcnc<;VX!<9mEz^7sxY-5cMxKQC<G<-FKc9o^qf<sbCCu$|+)nDwXb?C;YH
zlK1zt$G_WoVLQipvE%g%-QRaENZH?ilP`3COLD^gP9x8Zd%as5eDnPO8F}VA(dXFt
zQTqJVPyfm2v-!2|(C6*GWcqwd`k$fC(XU-7eZJ>Sq0fQRh0<qec_MvUQ|R-hSGz@@
z1>SF<PYMOMF;Ee{NFMKBY&G}>zK<b9>YrXpj58=V^HQb|b0km4sP6B<ihJ!AqN}9_
zW*dq+jXAQ{V!52K=s513Ehxh;$FO&~=Af0?C$@R=&tm<B)3M4gX7!F=L><LvqlSsK
z%rJ3QGfce83=?XgzWP_*8wBYvrUCtru$k7|UD%;{JIkD8b04&ZU)snbgLQ)q+>9pO
zErqRQ(iWvWX|{PeZ%wJ_f{72LeJ<%3TFPu{U(|f1HPW^}8N+L1^_Qd5X%(c6WPU5M
zqXmvzRnZ&Bt`E0rqNO<Ky)on`mq$Zl{FM9#xoGhwc7v}c8ZN{8@HVW5P#oj}0#3!L
z%eZCz5nb2HtqPW0zWQ?b$d$E-$|5sRd8kY&Im99#+6Cz=_4tcaE(r0l@%V??y)jb6
zg;eN9QFI5X(v{ZnN_I2v4_XCfDyD(tBk?TX;*gEJzpLNeM|j7&d3`1+rZs}U9!~lC
zxw9FPRsc<Yypr26UNP0X3tNTe2I6b}23s7Y8Gl~}t%aXcH{~&GE&QDNL7s-FWxw*G
zz}hwh)?T5@Y_d|6;jJ=wser*b8_ekbJ%BG1=6Fojxm#WRaC;;?ps?P#+-0{kRa&T?
zvg!UK5f+8_J&ZC$GKFc_qix8&uHrrOMJedY-^*9Exum^(@Uu)L%3=^$m0Uum>PC@(
z2dc?33sOxMEWS4jQ%!dw;#U=vl1(HIfsA7g^kaE}72fDvKFPwE=xA<Ln^O_(Mn~Jc
zVX^(rt=imGFUW7~FtE@7L3)E2@A3+>Qiib#pYoA%D`I09UUiK%9#5E3zlj&5t#C4k
zFrZ#8M=Mu%O|NJIi{_?wSlzcUpr~*c97k9gLRv?$KZ*V~>8v1iP}omVq(O@Y5_xG;
z%-=DZpcM|7&0B#hoOF%3#o`U|(ovVRCH%dWcn>h{+%|qGB}?XI3$Of)jvVZ>y>N?1
zdDJK<^E+wk{EZ-N27QvtvCdZ~%0Gb9$YT}r+ca=EMp)Rm$BvR$v5g;wHg0JXAB+$a
z$v@5cZ^~e<!8{kTHq4N7vJIHPIz2%j#(S|KO4p?>d5%4M?tLt*hxhM4BPiLYVYpw5
z#?9`+dZ9VUh&f2a9Aw0-pC6>>`gZu4TaV!_4M@!mjEw8s2`pX@`^AKzKU*>M=gNe1
zXr&rnoClKD@ZzFli|@b$#dMmN+-80lR>8nhL4jS13o!S%^5agAal0N5Pk98syc<}3
zWIbj+6Z}n`SXpSn7gR$dIsTQL5k+gz*@2to;7|HRQ6MhntAI^|ZjL!X3sf@z9a^dW
zj$0D_9c$3vQI_EESaS}4M@qhFcj2MfgOC6O#~Cg#m3$v3xWEKFCFf#}-8e>Fb{mBJ
z27w$;>%{ymqT>Mf*bgy(nB%mEt2{kP8GfnY*dTJ1A&+r~RzHbmgR9$YApb8#5V)m{
z9;sPvc?OPXsnabT#gKRCT$D~w0fj$8n@|pM=c$OFMc8s6!mYRthzz!0HiZ^+hA-E>
zA4XJeMA*ntKGMR~HD_pqK03B}KH;T}`uVt?5>@z`5U2!8=^XO_?4R&E+Wyk^Pd4nI
zAUnkh1!YA-ev9x*IP}<%y|a+6^BaJeI{Bri5xYEhC`MxV_jdA1k(t*Z?EZDQO^iob
zfI<uBf19?=30Tk+`pn^_AHW0{sV(B;9UuEbaI(Of!2~q8q*g&v)uJ8-N_h;+_^27<
zE%JAI?>omZdgCy7M?2?#197LuARETV++)AaFtB`YAL|oKC7zc#f^?}i9JGY<j#Hp-
zW@31@{BH)J9q&TT;V3lMM@8$AGvoX^+m7NMkK!I0vEdH5zr+JF$NBRs<!J);&L8)S
zb&Vt&ULAdJEs{Hb37)(@`2VOGHu7QE$kx#7h^Yl$<B|4>W2Yh^Vn9>^5k>RIKVab_
z^^pyXi13s~+Z7SfMS(4gClZB)|E|#oP=_eL(H0{J-+L+heWJx9zp*h+G6%!Y>-opV
zr2VPU<Fgt)g8Uv1-A5oWf{mX<-!`tgN7{@LMR}@&JX(YdpsYw`X3cY*-NH-bp^pZB
z7`^d6+)0ciFsyf;g&-24muZ7-=l%OSMckusbY91^mF4^xrp6D$63WJ=@k-HQ<XfWS
zQ|_@tB>aCG`Vlq=9>~O`X4DC=@ZlZs@OIR((#ax;^_#8Pogj>KVsJ@z7Zz*mvK|Mn
z-3dQjomLEw1h(z_2rHcg_M8D;WJLRW!UIL6q#Yi3{5%JS{=CR;MDeE)grJ=4diXK5
zp3VzXBb^$JR(4)A;dueiJdV#CqJQQNJg4A!r+|-tjWKTpLU1o^fO=1Ui(vfdoH7{E
zS2;X?J^Yxu9tE%L7Cf(7tjEjY`RnngYdu9ZiH=S9{L{3q-U6O=$YX~|@&EETUUKjl
zj?|=`UroLPAPaVq#LP=hbQ2Npb-`}Q_VsmPbkMI18omJNvsr&0O|OZaM@7y^bM!oF
z_DzR<LiQ$h{&-T(pB-Tboj=X2%L_SwB6#e09A9yP`{~#@!UgVOE_XgLi00yks|@N}
z4J?}PSG3PhV$EzMe056Sk0P<mF!n_`2K5OvwMmWY{v|B8!)`Z=>#MwMdnBcP^JGzK
zlr{*`4ySYi)9g8R`1)Wa4v;QC4gHD~k536-7CXQ3Ie&OWKVQ1@`y1zLn>JtH=DcRv
zaLz>M>kykS3I$Ct+~LbUvY1{TrIZINwnx-Q6gDYa*mZTCi%rV+2W^ie#k*7sQVSKs
z@!Dr&=|4P%AHrjJ1_mB^3+uyXt)9$m9{4)9D%*&df-qtV_Gu+$K8-^PKID~At%F(M
zjtygW5EP>JT}fU;dtQOzJuR3=z3PuzfCT#Q<y^aZ<*zM<&~X!!EvK<`drBptDvFc#
z1DYHNIK|xdbw4#QJT+*<mYFL((m~Pjxp$FA89qp8JA|Qe=f_X?!L%l-d&LF7r(X~v
zYq5BQ<8$A$;he<vbQgX>#Sf^!Oo4_fj257|F_I2HeRr%NjSUOZI2~&ke!5sIM{`;D
zdm3J8GUBK2w&=d}A%N8#_`+*r)o8wlz%s>akH9r<MGJbfK}BJA^Lbb}6;agVoWMjJ
zEGUc+wF)Mjqw?fRpG$&QX=|fkkqkv-ad^e5GZ$WAJV+2Y@9<`au^5ItXSh|6e@GP#
z3MmlTL88tPR*dm9Y7_;$v_U=oIPU5Y;R;};EukEgO#-{Tm&2_KuEtehFjD~<H$9F?
z=t9u0FREg-CAJY<-JaMU;p!IR(MzT?+Kx@WJQ33~l)`=*>cq%nAIHkIsLnC>qrBJC
zBYo+Djqljt^@eM3T}1iU4Lb1lpqPA+2EWY=8_vka(CZZV+{A1j@jb2E&qD<z!0vri
z%a7*R;Im-a3r4H3gkL&?UzjGy)33CO@;ns{kRsJ{T1X093GBm95#LrX6H$(0XRx%H
zy<c7wAAUtwv_Q(9K&y8j7D(9`vLdP$#3Xd9&AlA<nzjz=Jl0w7vf7fdFqwU^OIEl-
zv~$r$BWj}Q(lBjq61>S8136BP(+7*~lnzKCtR3;v#mq#-CjbhD8x1LW>A1i!Bi6i4
ziRd1+Y@m*Ve1II}1DQC;?Sp`W^wBuT7r#&9AfLZ%VNUgnO9$yv<i7*$fS(VKo_{aC
zOzG)=+ch$tp8i>A6J7|9&elJA7e0Cld-U#sx<}ue{OH-SN3R{Id$beUP0&4h2z&H!
z{i837_N5;EDIz682N~3G&~s>k%!^wf2c!R&E)I`h9F_=4cvgcX*wlZ&tDhkxrG(Nb
zu?9YDuowgJ^J8h-bF3Oks3(8SqF$aD$BvF=;}R<SR{WGf79JXxRDV3%&Z?`y@#=r1
z*s!?LqdZXXH#BdeL$a3X2N>T4496CYxuRmmU3k8ze~b`H<=^<oTA`|<nCj{}*4C_d
z`ro6Q7f*r?tKX##WA<*XzoBXR8)={zu7Rl7SFOM<n1Z#wrX}1HPPYuAKmCE4cs@>}
z<dSpqSXP~$rEfy>Y8BYe$9OgrkKh8ENp1iswHcV)9;!))(W6o`a526)h_kPT=7R_!
zSMWHbs8_<j2B^nw$K$QZW$$G~UQFS=EV&ed3lZsCKoOw8Li1Q=Q3X>Pz=oyzOH=w2
z=&hFlUNB{MjU`<cdH{A)W1mcAdtzU*VrEJ87{0>Ot1jZrNfX^X>e!_PhG-ng+n7&H
z9le}(#%UW+{EY_YD46tH1Ov^_iz9)qebGV+r*iS7?_OhgFH<A?t5`!DN%wGL&seh~
zi*?N+|7D?>W92lxcFNhj?mwcnFy6ywo3*wd{+Gp|<;#2Pg(&>!#bp$Jc?}7hH#GlT
zE1#e*(12+wU!yO|;~T3CE<Q&WC&e#LOs><gTH8)$^{VNxoqnIP-(HP1=z$GhN@;Mr
z)?ldm#U0RKf*wTlWPi3D3)GMHM5u`Ej9F}3c8<~EhgLtvHsj}G2tU+4|3e<~w!+8G
z>wox&Ri)L}qBq&OI!xCtD%H{OwHfG%xL99*FzSz}*8CAX6Tt+zBrE2X_%fj!y;*Il
z+p3kLKWj`VN3UvbiD)@`mH8!}!*cZGmv}xUeysx!Gg7gy*UHgH!`Cq03Oy1<b_TSU
z3eN47h`A&d5q&k0OQL1w%GxDH+HcG&&oAvHuTgKhY-*}B8qj}q=TppobPjXJ7IJ3r
zEH5>sY1?-jtt^?F!+%M|GjzlKQ5xEBh`B#5)c=9DlG;;!xn(u9x{J)r2g1F}VV`BH
zq}J~-ajQE0&HXg@$5;Lo_eZJb{)ob2N@3Muy5p)X$}gPN#i1?0m5oWBIV*Za(8aJn
z!Nq`~e<?18!jB_S7X#VnMVtdl&4f92iZ{-8NXPQm@l~g#b$oEY$$L$3pGn#Qp9Chy
zfZlIg$yrSWqGT$75fs3~o7#EIpB?-R=<|Bc+7m8Yt-2wD;*F7U%3NdV@`orLl5ZsD
zIEn-vN9SD$`;A+5tgC^SS;iwYB}yz2((+r)$}JJc(e(ZV4Px%n)%Qk<&;kH15#=lR
zv6pgn`)EbWFs+~W7T{R$x*qwR4@kO1uXkx}SKkFUNGD5cPjawJ%gs)IC&xV*EZuSh
z1{o=>jbyCGBZ({D#H|WB9V+L)8xu1bj^biJb_?sL#%?Js?wofAbiKyR0#hn2&f3nt
z3wW2*R9f4?x#S6EH}I>Mq36T+`taar&l{n6D?I!r3%Ba1Gyj;|(Z;PnHN<5I(o?Vw
z8;peW3EGKg)+z-Vkt@sn;AO)j-mk?o<>jSFRC$aeQOap)IlgR@(~K5ULFx(Zf#k4=
zXKB}3)RIx{@s^N}T%EBrnnn^x(F{b{3vMm#4btscc^*8qL6nZFy?d~vA!9RrMILEf
zcqDtYJ^j6ggnKuEf{KuJxi<?#U2HkoW^4h*DN17#mKH|_XBC?Aj;an?#d34L3N07z
zfEk};F}6hN!%f(Xmv&&;U1*11m+&u>;zOLb+>FbCE=AzB9Be5k{Ku?cMk^3&77%NY
z5o^#kK@yEtsxBxh<E^5SYZd$r_`lsLwPS>oGt%N61zp``aRxs(3C6Dle`B812%kaJ
zY6sRib0zd_D#Xk@*G-VJ3n|AYaM_S34~E;!(9+3SGjRV71a@Shb$1pwc)#zI8nI6&
z?4$(#gZ=e~_D1Ngzkn`K7>>vBp>H3n@`wr5O6xjUQlXg7)G5_F{d>9!TUWYpww%UR
zXCx@fPp{Jgr&=dUPj8~n%g37qX-uq@KbV2d%w!1-W~6B<0JHi1D@N}SoK{0iS3NI3
zzD{!n^3vnX8R&#%ag-L%wahIoOw6aJWcS3JR|)qt#O}%Is^?a<xJZr9Z+ALc9^F)G
zfPFf2uH_ErosEU9uNZyH!vCei3s75LDZ?1TjUL$NFq5s$;9gjrHe6|)sgdXb^CxBC
z`WPolxf#IH+I<IIz-eHGu{llz(8*xz0g0qH@mfQ>js;GV;3^S;s7$iD;Se6}&i~L;
z^`U@V(0CeY2JVLG1B%#%>o=ebo(K1t1^~SPJ$&p7(fz!fg^zRQABVef$j||{&w)pp
zt<XM)P%FJkhr$#X=2{xD(1Qe1&Vt}!@;ZV>-xV&!R48f_3JX?0QJYaWOsOE{U_m9&
zZ|?&&w2PO5$@UYa)aZgmaVt}dbhBL7pmnrmqExqqbu<||!gtnx4TMq0p1GXIui=He
z>R>rreE&@Zi5M59!iaYPGt9&iQNS(Bae?_r>s!eE@cP^uG@=2qO6?sVLE{!87`=Vx
zR*PF1WON&MIwK7<EcxjjEG6U9%mA^x44!`xwX9U84#-Gugw*U(rWxJKZ^wo(5g8c3
z`fEOd6Ufye#zhL24n3MN$-;<p6Fc%BZ@{!7krqaqv1QQ97yd5Jn;q!D2=7WuS4-Fe
zYEe)8yjfjdMr_C899r*MUTML_Lo5R>Mg=gjb~s*nBc=dDa!Iny>+SKTo|vdH!#YvQ
z?#ZwXL7&QczUAi0&aM{hotHU865$dO*&8wY<P_j7$L3eKr8Z~&QBT#!PU)xsOvXDJ
z*^FCSj~s_@Ze;wgk>m?}Ue0)FP!2vbC&q15^k5yuT><>dfZz49>c;Dl5Ut>Zh2o8_
z<pQPf^OYcxM4DWVjq?g){w=uH;_L!Cdb%}EuTKXV9hI5giZcQ?%>4)%67C{7J3&yq
zOWQMDL0l;5>6R!s%y$DVKz(6rB7G}GX3D83zj2Z=9JuQZBHQH?VNoyX3XU0Xng6kt
zoEwGDz01!ZgwH*}65M$0Sxou_{XqS<N&T1+`B(@`w(I4`RDAA|<=uiu<xDy+J{R+a
zW3t0MkpkmT<&A49LlZQWWed}2Djs<RCckBYv#cU}X52K4s>;f^WjIz}T!=Jd?l#Bg
z-fE9hGDv7Uf`QFsBCbIbF)AqAJ^6=0LD?2lPzuy5tD_1^SE7Q_u33nq3Q9XO5kKo4
z?UBx)h4{HJmtr5*^pj#{9v;-BA*e!Q5)>5B-U?h&wWgsICut~V7nUhOI{`}o1rw=q
zOjmJAJ3v`^CpCWp&^bEfY1u*T!jxi3TEti?L<Cwys{Y`OsvMdE@uj9fSQ8Y8MWjGf
zeUk!lLjB7El=Y4Xy8N+BfpFn-&Y?lfTp80J`lQnza#*%A&>(*ORU{Jbj~awqQy})K
z?H`~5aUV!#!_YKhMxzN(jLK}jqIAertj@1Mlv0SVYIRA6c-X<-Q7{N8gnL;x4t@SS
zlSz<rO*keKCc$gRM8InBOOv3K3`dBPAZK~x>nRxPAu|hNY?|56Kq>uP!?k3&1YHvC
z7R?$xhQLc6#4e3Y^rve0rLA%N(wcPmC74ASO-hOQ)YN=u5!z@hf0k3)2->+Q-(q&6
zT<38dKv>f;u1+$t43t)(s)_0H#h?MJ9{HXgR;p)=3F7j1W9~!3aByWI9>XeY>^83M
zH)I@|YA=QVMFbtfT~C?&&06{AW-slo?`gr3+U^oKPcwf5?yJ>W;9^Ulm8EoH1(VPY
zhKfA5Ts5!+WQ22p4(CIMm~gOE#%B@)5nI#EKvy@y4xQ<dM!Ka1W@l5S)eu^bo|12V
zIz71hQG^W@cPGqp;qy+GIW}O7`YYV%uD}g!;{vm2UezRjVAQ@Z&<g8n&VL@7N0#)S
zqGPD9mm4vm9R|(OK+EGDEux3>q)R#q-9m#U_lT69R?p8fNQ;GoYdoqoaF`zqk0W=6
zT(_1^Bm8<moZfgio9kMl-*^wRN8t5vPxc_#EIgfcC1w_?T96W`>g7Dr8g=(vOn9-U
zyFsd$oQKNMOQC8jWzGjJtW`Y)q#C}A$0Rm~UD7eU#8L%iIi*`^Jz27f1n06xI_Q#4
zghy$<8(uNd%Zf%yjAfg79)B#B?AhuwIktHp;;Yt1%Qe9sn@mYUiZL>iUKG=LdauyZ
zH8y#q4VdI3{4gc?@Sy99sIQv=x)Np2qC)f1fe>a$NW;&g7NPXad|YT>)FhO~9&}!Q
z{%RsW?}kC>^M}u25b7pBPiqf~^Yg8TBdMU%!Of94=(Hxr&>89!9e%}o7(d?&B<hyF
zjPY|<3PacP^DN-!Sx%;1NBOyvDv6bhjABlozP%sS8kiutM%q%rr(<;B(-G<T_c!5B
zyT!lHZ{MBr&_9fQci#j5u=d^mrZlfH`)=a-NJ&+ws0~#I!P)g%K=5>83h;2=`&e~R
z4Lv}Kw&PPRNEM)`^(<_q1fgi;(eZc0lkO|r0xUtDY|@yw?;@ZCkNk(Vnq?3A-r<y*
zKq6Vma*c2F<-#gqrmp*0UTrlr(#Y~%nT4v2n2w9pLb!{PzXJdDZm=>Y+{WjBjMs(=
zAl`Fjr_nh)l4X;nq6P%Kqb!%F)f?}p+y&+28^VlM3-1eI)&gX2=i*s!Ydothu!Y?+
zHS{#zLde?aP4(JMjcLwv?NQY~B1RlbPxF^KTS2MCuLG^Vt9d%Um!4wXHE7+n@k>wZ
z`&$=it-gs0=wMQE#9s5pkP{8BW2cxOEyf3c%5hj~AOM~EOA?pYI;HKe!}b{FlIEG0
zW7(OHlFklLiT6a;uY30YMHg!Scb?1se<AS?eZF=4!-vG~dvVMDGlAV(R$GYOqeUxJ
zuDI?uC?#t#24d;{_Do97ryjiToM8}Au74M%#^NzS3n>4qX;pLvcDaZXq@rwI%H?D)
zXLd^7Y|MMjA>JR(1f__>hyXNi@{T6o<^(svk&HBMg4-L@y9p*+ir3AbfN=*(?oCP&
zi#bq==JU<XY%t9>s_)^lc7l{@1v;p)cDiH}unL#ehS$w_9e8Ym$~(6Ewn0Cz>#iq+
zUd?8!t{+|+CoeX`MR>jW(2;j@Ua}X#5%VG>%lF^LpAe5v;4w=dFKup2E`;8KCl@dG
zWf>}Eff$8Zo`{KTa>IiX^yAY^{d6?26nMxj@<gR11GMD{O7;?BF`_(t(>XHVQF<!x
zm8`6!CX??}KbuX=Wt=FTJV(B%nu=(mDJ<B#{9%gUG8hu-&m^=TrL~7HA1%RK#$nWv
zn3!d%<}a~4QiJhpPvX~bZ_S!mi?dw}p{3hD1oU9}?`CVIF|~YCuI}c)8^{n?umyk`
za~-^yd$Il%BNuoA6P<&o3QL)XvrQ@Rl63vF`J&F@FZ#P7?k~DIjlam>)oa1n_i<0>
zpOhz{$t$>YZx{UOKV{*b41Rc|v^HY&@4zY^N61@rJKSkJ47YKQO-gVUO-*zb`8#_p
zaK48fyYidj-l7i=m)3R}{oARkh6@ddNcGPAqZll+!j3%}+wta@m&lUhCF-sB5=}!_
z&B9sV$xAe5R$5PwCBf74W{Q`H9^Eyw8(yM?J-&^X=sH99yhLL&$V(I@3i1vyqd&*^
zY_{N$U9BLbx|*#zv%g1zi*9*ptIZ`%ZMF%r*a`=~*qo<KjEGfj=rNk0m~JApBJgSS
z3rr=G^dw-H6P4T@g1@2IUAQaB{ysq-)PI6BeL(vp$<)7Gp5EVF4u5q{fKS#5(x3qo
zltKN`HY-pjght;cQN9$N2j)r2pgVZk2KVlSu^QxQc;imsOr>z2YbPQdZ?}-ss<_cx
z?ox7b(;9Fv&fw>ncsK0_cz%u`^+#s|JUs`_kK4@f@EkZkZbPIsK3MfQcKWub@izgH
z)@?WF+)Xq85BZyzw@C`WqURunn7;{qO#(WdD3_~}z0Mij1Ji0M)tSYi{X}_cM(0Fn
zsu6yO8J!h!ZbpTaYsAZDyle*AQhguaj6NtO8!HzWG+*UlQ4s|ddz>JPjn?rJoa+g`
z%0?@!Sfi~>nr=2vl3k5?6D5~9>Y1t}3cQthrgS7|^%&dS1pbQA-+=MbAm}f90CYFN
z4Bgp~0tUbnr`v$02MvhQpXgZc+Z6R&x#F&?NiYNWh)MFG%@d{REkJ<To6BW!Gjt}l
z*kJgZp);{1kK9?7s2}Bye=dKP`=7?2^}>buv+mHxU;Dc(-S%hA)%;l<-Wg7u1-213
zkqH6?L#61blOi~ETLK8**p9AO*bc__3izwDLc+Zu!=``_R-jWO&?)W<o8UO++jt&N
z7jBM;iV0m^g2h>UbiU{e?#)DU1b%lS%I^f`;X(?={5jKmbpmDgvI3>{>MWB7^#Y3T
zWy9-cypFNG!0^`jwuwsie2)z6rnXvjZe))H$G~JWjJnn40d5Pst~D>!`!z1^{kl%C
ze_w$Ai)D$<ZqaK>cb?M$R-$)+eHZ`N{omyOTA0TFRTT4o-I3t`O0GZNLB&C+4lB26
z0w&~4+`p*VcdGNhibQG`!Alh)$Ch7gWMilHqSO)oSQn3slEOf2%mw;ttsE`h{d`pm
zQ|rfx@`EI-=ZW$?>#ZITNL5ifCFX~C7J_?7;L46*9*8`K(q^^a$*}&w4@u@8weXJ6
zpW$Ji{If9&4C(O#=h={|$1mhVbxE!3wbpA>6!_}tn&BPmQmJRBGp!xQ5mno5-BQ~J
zVADK!<Mp`xoboNCvSXF`T^OiAI{DD^=I5NORWZc^>COUPo>Cx4+XVmGtd0gOTcaX8
znXkIH7-uRUi-}|6zLmh-uQZTt8S9;@uQCMkofx?&I==Mnq4EhzSv4<@uNI^Y)L)SG
zSM`%x150{!ov7F;3t!<OkgKlM^>?j-5XiZ_;xP-3gS@oC_sKb+$7%AN!xML)ab^aM
zU3TW_vSGsgnE&%B41gUsf(!hVLOah;zLjBFNhvjpW5{8%I$rEY;9t3vK>mXN9XlFA
z3_d$EXAPLHHya94ogL##@i$f-7nB$2H}0Qe)WHY#!!MhpZBiTI`#{fiv|;oG4|L63
z2I25<bP*7H%>_NQ!73>4*jGk-QCn<qXuN5})Q7)CKCh5b9XAS4lzfSXRhA!$;;=Ok
z_T`zF9_0`AS8!PJi+0LEh>7+Hh8;y;-zUUgmysAbpY#YnP`=QIEXZ|iOjyK}Dk}li
ziTNsqh_0Zb4bpV`Wc0I4<5%O%;y?c6UQ7cTJYvGQfrltxqDMLt&&TSK_G8xTiIl3@
zbPul#CplI$9zvCn6?{frTPxe7Wr>w`^Q>repR0&|R%7BW;pA42@r)oH3jdyGzAqdK
zsNa(X$0y#3cz;e+V+6SQU_xf|EREv<b+H|V-L=lz6GmoHizoZ{_79aBS^bCj#dz#S
zUP|l+%TB7l8piXX?$GN-AD0@|@p@<^tLTKW6$de$<cZq|LH^c(kqkkO)YNC8C2_S0
z<Gla=Xn;lA3LQLrPj#%Zja9PRt-cd$`kTqRrf+IZ8PONVsP|ECwE4q0j3}7=F>H>p
zGhQr(cv^kz{wSh+{B0DbF^D0`eY4V}v79lBrLlB&Dw8A96qd$v!mRVBv0M{_itoI(
zpCR-n{P~vFz)4{91+fOJvBB&VEcu*RgJ-e959!YvZj&&YYt&!h7j28e*1~#q)=w@m
zgono>I*Qev9Gm`^vUSMvyQVQ@xfH)RR2Bb>-C{P&EyXMmFYMpG?Cu%a1C#tyAnQ;9
zA5mUl#^^;fIq~@|{OWk!ycVu*3_4$_R5Bmz%+zfz?vKDNP8rE~g@yEnoB6kY!2b2%
z9ou-W@&Ipa;kmK{ptc@j2ECF}b=s{I0V&8HgD!*#<Nl<-6Lf;lKMfqUpHudjC9$6w
z8scW@2RftM>b)LYNvE`U6?qD%lvIij)J&|TGX+|a@!V;}C=S$RM8_%L4*bL8=<*gP
z#fQtFW#DTIGACewj64ZCAgoIzb-+>}p7d>J!R=xx=2{{~&|j2(WQG^JpI*$U!pBB@
zY;w*+<%VY-yUL(0UA8qjzLWez=D2?dZe47P<Nt3-@()=FRfCY4LH4-)D^p*;#uhC+
zSWlcP&m+%Jv4lp9-wDzu9>-ztBG9`=@NHo{xCvZ?oL8<fQsQJ@+9u|IiHV6mLm$ya
zB05W()!<aEyo4_=nlL^q$&}ZF40Y%tTKMl6)FXY0^<JI|XUFkbg@;6{8b}_ZTo!v9
zN7!5o_q(Md9_g!S{k>QKbgmn%TV{`Jw`-o?&%-|ys+t94&E(+nnrzIcqWAaaiZJw^
zQ%TM;2kNV@DQpdwbqgD?oy9zMxTFJ=CtNL{`CCKq9TK5LDK8EH8k*K9cmeSNJ>u?x
z3-u4IGidH$T>NgigSXy%-uM7?3m{z>JJUG@bmNnYI48OX&^I8EZ$O&LnKie7<}GgW
zeVpJHKqWE7EztNUatm0`89h*u7(FmLP4ocTPvq<Zmn0S-{G<SQnpgmg#Z_RAh7#-!
zer9sY*GpcjRgmYyXuVdO?#%@07IU&IU_{InV4u0NTlRn3H^mdg_;1`od<|KMRYSUn
zf(_p#q5un0Mk5NQvwj|p1r)6Pe-uz~jWHfjaJf+nC=f9+&dkD=S)OY3Y?o#&z9t$|
zFkuQ3;?Qrh7O&N;#U5oQvlfqI*5d3bn#FhMIb#a;s<X&iTwz6X@hFe9*cy#0*f=@u
z-G+p_^UrTD*7N!Vi*cbrZ!z8$w-~QUv>5kCi}6dbd<eJbO~$YX5xgtAdZC*u3$#mD
zFC^$JTcYW>mkkr{w4&iqkXi+}XQGm8L3^CP%jk6`#S{!J+!fou!);D!&cIG!$~KUU
ziv~jHHnXS{*#z3ZjaH9iyYJ(8e1TiO$SqABXq_leHNy>42injqXpVXhnw*GI6qTE7
zv514cCVjktJbgf?Q@Xtq4TFL-fT7kg3L@C<ajf_4W@can#*kI)83Qu|BkVD522QYd
z{U5OhJMa7<GYLNy{*B(>IG)VGXp$^-;rtT%dNZuM86o{TOgGE-DCb&Weax_+Q!TJQ
zxyS=8n3<&A_xa5%5`l2mQ7bTotH@%ewM-Jt?VxUF+Q!4D&O}>qrY*tldrL}0g2&h<
zu!w}j^Q#<|xeV>UX!{*cwqHpcVAjmORu-_Z-uF=&v#(PNS*Vl;Su3RJX6qz*y45@p
zKH-S0=5t$nA2(d6wfBdbwRh$JoPGD^e;WJl@4l0L_d??pVD@KWxPlfTBN#g|2m#h!
zGzM7+LyD1CHy;&pZqEud_sUayqQe8d9wK~Fa(gniQg0O;>xjN8Ev)!n8bhyJ3bL4<
zAhf&9;w(Ns|2DU@6HYgwYNt~=#$!~&cw}cT=|g0rEEl3cxeycc;mO1Mmq~N_1AnaP
z4`Zq65B$;F-wcG_E;@Gkc4MH!F^Z3ndsRqcjul^eqAVJ4;5jzEDO-YzsfOQCal`L5
zGgn@4yn|>?K*s#&f7ITqRg*Y;>o=Kv=ck%{=UyH&`A&=I>Pw}`SG?lZZUsE#UH%RE
zV0m5(SSZFaJ*Yo{&;Y*%>E&?_<6fvRyl5ZF@OaYpw!@(P%@^f+f;KV$Q@RjOCT^M&
z41_8_tWw$X;!Kv2Kr`=H<>}2<kMbbAeMLlYtfg=Xkt<h8q4R3yVk~pJMziDQp`mD0
zB`GvBSUGgmnK=o~exWmlL_9{}me6y+Y2x@<sguud=Wj?*f5c#d+1P{H&mEyZY0c>o
z-MNR2WBEdZAzB7(AC6V3*cxGKJ@y3Z<5j%WF6MWBbBEk>^<$^o2XQY3^MYvAg^kF$
zwuy?*_!hkj=W53sagH|Mn9yI0tX`uO;z1OEmT=V``h_v6o*v<6PQmwrV+U8a7&)R+
zVj<v+X$h=fvssYm*kP#-u|&}t!f?B&+#eCg&aoHF?Sb`o3TW8^hrA<`7Uo4aEes!D
znCizvST;3Ezmgi8%Nmir@uN4xt1iDA;WRH8lE#be6BeLm6uXJ~ezXMd9Ez}+iYSVY
zzO8wcG+F%ClKL&(TeBwCWPeKiHd?sNuB3&#0v3+XSJ^;N`PV<ON3^@dMdJbzp=eGM
zrVj%VVB!PIx-`5rSyx$6Nvc~~(!wt#87uVUnRFS*PI<{*_K{a_FB|>fCDHl)N5|t$
zcYQZJUV42S@p#T}#^c?X4v#m6vU;T|-h{^+|4n#27vk{{fd>k=2|+EOPD>?Lyli&q
z;dt8-jz^mJ=BVbq*`~`WEJ*XsPI<mH9T;zTOas5-+v(rw@&ixi<vT$Dz7IJqSC@gD
zK%NV`{{go7kD_u!+}|W9?ue*78ga>YgRqLFG&>QcI|MCUm^c?bA!vpErIYr4@$1Hg
zKMMT^aZfe2UE;Q;mSm6K>&C#Ah0gH23us<l!E&kKWAmL1ye;M*;uE}weB67OP+BbL
za@=D#aWB^AwIt`OQ*L<nVcK8|9@cNL?e|@huHJ8|{o+$YI)q!?esRGFw;6GS+Yj`{
zi>Zmmi*E&R8>R=iT^<FvrLkIMMRZmR0-F82^gCHCZYfP`cd#Vb9dgX6RttK#E&bhz
zR*Mg_zMa)#QAYQy7EhVbYLTYi!-dxyvVE6&LlbhN^&b8-^dGd|knJ4xhIWYEsrT^X
ze#!M7TCV<X^@eQcs5ew8UTD3CjTfcVdl+{0h1PpGbyY(Bs$0@QCfx{`bRlFC!INkK
zYfiF&wc4BrnT#POKSry`BqjR}PzBeaD(DXE@=hT$1A-GLDuZ@|PF9?3uh8sa?V3Hz
zJFt@sV)7gt9I(R&YKAczE+iVpHfx44nB+T{Wo#E(##+!awhJv|E#@-W)dKgrb|pe4
zr-;h<ymYY1Wc$hV98isKYe&#zry$+dIZ1Nmbe7A5a-33sJ%Dl>vz#HunCuOTfmzP5
zl;i)+d>!fRWeNC6{+scW6^Ng#ApE3^pfN;=WoO`3L||#~$(`qgPnIKmvP{Z0BaV`c
zXURZHTP4CLD^lQ-x1AF{`AzmSG^1L}(g7$po(Di#DG%CQfdI-$^7PGUNo&F3Z8js8
z677HILr^|zxKNwgy*dQt{{nup@}I`O_KSaD{3IeK+ckq4Vv3nT&4|EaW5v1glgPGF
z<2o0HGCQ6w<W?u>6iAIOWsruU9CU{+OGvUkZB9;SnKUN{*lJPEM9G_DqwFDY*^HO-
zU@R(T5CIK6cRsVJwLx349>?95WKXL%SIDk<E9}I!G?2=%am!l4x5rb8E#~e4D#z*!
zY~RAZW+e^?$M#BBcL9}L+`5+AI}uQs7EftIjmQHU5vfQg$$YXwE<>d#8?`51`UI2?
zk8}i7qOU<EB7>Fp3Xq{hc_vHrNs7_3B2tXL4~o$bD3v##fLr8Kaf_hiv@V<!uI^UD
z>M0_{VdJ9)u}9?w>Z={(qX&I9+kpW+;bB7lC+CD$>K*^hR1r4`!%=$==|y+lqt}bx
zyA$*x9elquW&Y-aczCBuiI;Ky_{e&uRKooI7>id6`G*AE{7sF`-`&>uOI2Q%G=JZS
z`;5+Cw;JO7MVIRD-%m4tW7+)i`JZ%0!Aw7YrByV4gRAuOxA=$WnZKn6sR}ja8ke*9
zs=k;~8@8ATTMWd&+f>Yi;gQRLI(K>diBcP8u>etUjVSFBrA=XLVJkuG+=X9=QllvC
z;H$JP3IZ7c`hdE5()U|&=8L^nB47cd$u{s(6Easq>S0i`BaC&#xv~!tR8rzW_3Iw{
zP>=Kh!VdF9=|hk7iTY9@LS({%v=ecEc^+vmCNhCmoldD4bdkV+BA*9=`({!4T!gck
zEBgvl=3f?zt+gVm@K)$XyJ0TgaE>rtR-#<w#LmzJI(nwtdCc80xv(Clg!_5D2=w|J
zg!NsvWZw5-CO;N9H%Rbx1j&Tsh9H@k@}nA#EqkrO5Ut$q#SGC;vu28DuU6fE?rYG}
zlp8P{t{CT%Ek}Ghv2Z)3pN44z$@Ay+@VHOokJAvKR3C%2uEsB;k1b8}*o}YcOZo-K
zTeDQe4V4PYohor8$Csk?nZT7%79b8o{)ZH3v*x?flYdYP{EJimn&e4?X(bLlj6&)4
zPK5$z@W^171TEGe2_}}t9&#hH+bf)M1xr#pu``?pmo0QTKd#ITjisZl=nT{^d7izV
zv|D|y2PkxMf~xlfeW@<NZ~QTUpEZZ&lYQlj0fzManTi8^O{g)ht{0_<`2bTqW6?av
zW~2qPuNSwf)Z%jN@fHbHYY-^qQHJ*v{A;a(@}QZ@CpC#!YX#_BU3?}I5eeCZW<by(
zJ%XGiItnnG$roJRPmNj)6{cOdfV`!4{N@Qpf5&F7)bf{bf$Qk>ismp;L-{1(z|*jN
zihA)G!g1GVy*)_;a>N-~<3wYt)3JsIKpVn03m&4&|DolNpOTnAp2u8Gf?U@WOObLZ
z>BFh{QSb`c*+uC(msDkLDz_R!Xt(l6CtT8(ICp|$t+y=9$40b9h$S(IkBjNs>GH|5
z9(-n;c<AX0Ei1`*C3h%-t5w_ANwa(t0n!gk2f{^cPWh^%Jo!GG1Z4?Uknu=s)xD=9
zz+BY2db-Vf8AGwVq|Y$JN)gRqrgSsDk1?D>XM2~Hk!3Wd@+XMCEdiqM`p3nm6<z!P
zA3kk%Iy1R{c?_SHR6uW%MU?iqiucZ+Dz&)s_wZGlUD6&t_?gLD9^7k^8sJkx?Yt!X
zX$cIlhO-KC4UVvegG~)%MZgBeitomZqH<rSBxYe@pe!`IGkaZ!`ufG`>gtWur8fEA
z%5LQ|=`LPvsFnq8tA<y#CE!(;4oibq<(2!WR;D@TU&@T<Gr`(A6ET@d;jVCBwx2wd
zR>V6NnAGJ|ALKA@1ku<<yyG+V?<a|Id=xG5aoo2JZcWNR0!J@J_vEkyB!e0?cxia4
z8<XFEl2{+gP4Lo-K(v1p#EJX0jl3^>xlq-t-?ub^ed_IO1cRApO!`#IRAN>C1UyZ^
zbQPH0ErXTTw29Kt^bpaM`Zxc=0}>=}Z2ot$te+YBUGRYKrN8@Mc))+*0sleloBzTC
z{tFNIFFfGC@PPl+c)(9behWO{-5nRD!2>4Pi(VlGv9E|IKC~FcO%&5xtQypVmmdK(
zw?y?wXFQziOA60+9TBj$@&Qtq1ubx>fDm|}@|+8FYzzcy#&nVI3`R^;iQR)~guU5L
z2^jF<!J(rD24ym1UDXl7$-ke|{P3P;erTurR+HMc)`L1Y7Ewi85?XH#aX+u;l|H|E
z3avL62Y>W^1JAkJP-3p;HB${ny7DN6PuA*$VIC)CDl`D$pI4vyWnU^VWc6TaApxX&
z6|+B4VAM7(tPAan>VeDAY|@mF_%hkhlrU&Pvyxow0!4M{npaXRB#~>$kDOS?Cp)n^
z&yofjFuJp)uP!o#|B_k{l9vaI@`G?@9TD<(Qx@oy;KR3WiA5U*IX_|_L3|b*pKx_+
z49r)4@bVl376fI`1DKv9|AOr8ZI-;S2jn7<G>cHR?~P_aGp4)jZPlvvYGH(jeVYaO
za*zCgSui%EBx(!_(nK>#kfI~(y;EpzMreb`2=^0KKiF+$?*IMF-7Y!~`3{7y^8_O2
z_WbWa?QZUIn3fIPt@TbWrzbuF%UcC@c`4oI+N>M{)qzSv?>s*7Dua6IBvzo)key>t
z?}HzOhr(O%!lvJCi|Ea*DR>@{a-zm-aANQ>7UJyXbZp@2?!wxF*>)s6a|}=EILy__
zcz^)?nt*R_5ah*_X4WZfat8OCCdl3r3d;kTUC7_2<(uW|{?nk<(Ngangj-5Pgdsbs
z5t4}DQ$Yb$VS-Xrf-3;bN;a8Mp<HBEug{8B{lo(1Caw;>==$=Xlx~y@$V3Hu6YLeN
z9;i399w-xT&v<8su8#AUZf3;fq)G6%pdf~=r#8r+_3US$0v(hM9LK3WfeSRjiRv0V
z+|C8wflnbU@*Bl3Cf6gSyT7R(X>{oS9l|JMmt17m>9=digdm!%Qg0lWpcI*KLe--^
zVx?0Z38hniM5R*`=j;D%{nXe*{1D?kvCKKvJI9ow`6u|`SrZ>Pw0I~VSvzwjO()JP
zP3gEEh~RFt@{tWp9XV@U@JXs=>s<Km^z<FAnrMwv`Un^<(58t<JrO^Q^lm45A8v=!
z^$;vS*;GqR0w(Z7R;;;F3ism~wg?S;`LWkf7nu^MVz@o@JA)3NO*HS6IjJ{hv>mS$
z4aLI3s@oJ>t1);}3a$HQCf2*XHO+dJ%O-oI9*sar)b)+)rQ1Kzl{-!(jGHf@BEUDc
zaNHA!jtybvYnSY`o09BZ=cdOWW&YFA<7*k;o*pNoXd~Y!%8SgRBjUX~5gtcp2(2f}
zWJ>TjH2y(bI6t}tkHb@B_@Rp!JdT&gvIzE{8VM$6?#6x@%5r1_C)YO14BRY~d?SxG
zi_6i))d{3Vfb`;$$Rak?Zq?!CaKBXIcJkV@(H<ZwC8ZOT;b-71q}`H7nOF{}Ra;}b
zWo&%6c#Kq=(JGZ&QMh(7G&(#1C@Y(!r=<1uD0ARTw?WE;y>k|ANTTtu+7r4dmtAME
zA8py)*h92Jt)nU4Gm_hW#Q59T`JF}dHih(Km{ix8Qj0eP6z7tf!ee1NvXiz{yeF+5
zY)ZcJ4(gpiJC3bf;A7lLFp+`HSQ|F~1WJET9K${2NJGEUAvTLerSL*uS=m_w><rGy
zuV@<$Fwnbxl^1{4@%ruLk`DVGAk+FG8fCIQpS|zYwC_7^<+s>hg&omH#a{XPi1x}D
z@9&Wgv$tL>#>G3tLdSBq2$ANvy<ETlMno=(k_Yu2*@RRg_#?&z+tcMFO2mI-IL<AU
zmWQ%OgRIG;<1Ak#Nz>6j?{@wzmIouk@xz7zBgn+?lER?qILiHG7}imCoWKASu5yE@
z*z*O)8j-8q!y7{)SGLE49y3INk5@{*#G$J*a>=?F!Ynp|zsrOcMHTK3PsMl@|7T}-
z#k7qU!3a{tQUBh|!VVqUekRX7(9BBN$LISvx5RaV{ls#4Cf;$(7Zx4IyjP_6hwx~K
zs5kSGR^L~cay*2nYIkA8qYOVH(r9pGbEhPYNQ{mMxb+eAoFJSxW^kM-a1Yee$X4P=
zy4vBVsSCyo!#V9ch{O3_;TF9UL^qzI&3vQ*qjkPQ7KMgYN3)j2LTcjkv4ByhD4pV^
z)4adSHuo+*csP@fz#-l)`1hQdpkz0XS8|)(DCEa-sNsMbXh3D0HG32Mn7YYY&gEop
zf*<hlco__E6aI8<LQ|v3<7n}16&+39D|Mq}`!_?BjJ))Hm`Ajl!RQ)%2N)+UJ!6Ia
zICi{ZI-$)G&gcZiw4a<GDZ=^3_lz{CkCbnXoaa1vpXsoFBhNe>3lF9q3#P>V`rXcl
z?ESIx;cw)3r#GAVwH0RIZ@<JRc>BRuETz<6kaE>tTaZ)t7{8(n?({!P3+1N<&3?Lr
zhPCJ+IN7T474A)ag&s4{HGb;_j$hmt8~>t**x-M68VA2<wgGF$F9Pj&-ZXXX92)au
z3XZva2K=AQH<!=WhFT0mEybZekUG?!$^7xVjrYYb<Kr!6<2`kX##_L~3p)I~JoU{7
zXuM62(|Cu%e;bUqfQ?{mRAxvs+^m@?<F$Sl`Z)MSvivZfhMP#+pj*y+VH+u(_i4YY
z;5WtN-3s&7;|6*WP>L5=n=7e?@_T6D4D~T2#k(cS>mW4biWu>Ud|7@L$<NtQZ{z~A
zG7Sd*q8h{Ep@pr5TXgqF8svve#*KVcN3&@(UVzO#_U4+J{d`p^?BC9a_hL~pWi`99
zn12aASgF|}lYv`d%w!q1nwwV6d;#XO&xv1-MDD2N>@(TJSEroEZj349tI9$CUpq|z
z-lhBvPX>8jad~ach)hHEo^m*PM`Xy^k40Mjr+O{eJV~*S;N@H4jc&>tUp4$~-gs81
z%9cc9Yh-VEhiil}&-V(P;3Fo7=V^aFHv#|T;aTA)wM&m3!}@_ECLiN++=dVUNI<v0
zBK+7FTwpi7mz#zcnxXq*as*x2`&IR;QxSN#{_t+mH>E6HSfQiT1P`Ht%+b3Bz~|%a
zS;y&FeRN-<|Bha7@^bj*co%y>miKhT-)ZFPkRA9tGnw1Q-<hFddEjBO8Gh>Jkp?cX
zI@*u%73lR%XpQ-|55RBk)_Q!Z2f<MNfM!A~plL~O-)wx)r|tA6lU`1J6Obd_NH(JU
z5F!!P<2z49Kp@FAc;^dpUy7b;icGOar&u>A-({ffxBv8y2Ac1I+5ljot)YuBY%%^f
zdmW|Erk6&7!gCg1o{h9FM1M5%(qUe?xCJOIJc~V2{hBsqt{pZNo^OFI-UrmI;TeYT
z9Ja<-hH5SxBu7^FLS|d?yai|J{+CkUkRDX4f6$Fq%%A;bFT7)Hnma-_L2LCkkX&My
z;tOHHmnb}&9G=mLz6Xy?yN!Ed#hFMXgpTeQe`&5{8%gPL+w$Z+&P$7nrR|}iy7meC
zd$u5T)h@9Tc*Hw^M~|#L&8FJco{CVF5Jw|dw-*I8Wihb7dh?%O1JS6RUw!Yj#bNV-
z-M;_{(IdlGg`4s6$-Pd_HkdDL5afw@9=QUz=4L*qW_hGjLNJsq6b7Zu_9Y;z&m?JO
zM*T4m5DX|Kz!u*!lY6kwlHOMt@WGxTL7?~tb2+&9(M-;}bEb>iu?qu83XVIucN#@w
zi#Vhnaavg5&{5Ri`va#^9+~MH@{v<&^zG8|2e`X!Cby#@Q19!*d}37eHT)tkZCCH&
z&<{N^4>M>YN(A3oD#`(-l*1;KQgcl;nvqO;iSpgWp;<j~t_K-G+%><C+e@`ra)_X2
za!2Yx?kdg0AH{rgDbLm?SU>*(m|-3cykM!9K2B>cok4?ZF1-hvl+r=iT>22MT2rYP
z@9KQ=HEdc9z17w-L9>>nUj!j|<w|PkGs5U$aIIMRWIQaMV1rw1BCA*OkX4YH<R6<{
z@*_1)#Wa$CmRGU^_@qERh_!g&@SFgG-G}PG_d>~djUX@1!<)^5RFQ|LjafZ&%xaMD
zGm&k**?{*r-_64=4sk2y7`3uzg}dB^9l)kVIolpCNIL)ALo1|`*PW4Og4Jf*g{phe
z5H}4iISS68ATKQDjl0#o#xn#h;Xyky`yVw#d=0=w^9)*k%c|KXUMYE%It{=PQO{n0
z?^HiB=isHq{iOr2j2UqHy%(XGTB`=K&=jjum%RKakfeJkkGTQvft%IA@N!hok(W-Y
z-}hz^@gd|1ncbr%V0Ia>AKih-;^9uEa<J3iJT6f0;)G6TFw&z;F}-^=Jf=b!{_Y5x
zRQN`9`oHX?qFi{_Wi)LrX|}0calM;Wsmyt|Z@ih)zZ#`B!{YBd70+Ooq&k%!Toq{L
zgf{<YooEk5n3?1>2M#T{GW1h27G>L^+a<pXQ|Ndk-hf;2WB9&s7w80xn_T?Gb98Wq
zCnw{bD2F2fwm|gocbVrcavM)LBOBoP&pA(aIrFzwO2glA8aFuQdrfq*u4StQ2P-1b
z1ld_!TVsQB^)pxw8+<f^{_V15IOW{hdB2RT^Pld;Ekk&+P-S{jG;WUUS#6>R<InJu
ztIe@dgagplJJx^N!Ud3^S0nkC^yUIT#>M%`0X$nS9tbZIeJyx@ZdFTgZx4T~Erj{H
z)ywWbjg2~<O=uKpfkSUzse~?^MR32Iy)<+QHa|Rvnm4Cwo<q&2Y0Z%;3R{7!L!V$K
zN%96Wk!b_Q)ydA9K>cElui60TtgonWOK6Efv*tOQE3wd0#4SBIV<!A@PXq<9uMqMg
zRnA5$jxAJz2AQU%`=F~Of>QE0s%nK>P~UMY?kuN&ZC`hw-mTGzOPce{8Mw~D^-B`2
z4}S(OfmGFyff3$oUNKVdGz#zKPQ^z(1v-G>4hu^5<JwI>!<*8Mvd=^s<)qn|(v`B>
z%0g-3mheUT`c|MTHh35F_nj{G*Emdu#fNyM$U&;FT;nJZmCB)@3x>yO_H>Utxf3fR
z2-4S{VFQF<IMaRahyN*$c-vF8rM%gMrI1R6NKmZ01m<8GD6`W%j<!dib9R(|Z1y&I
zWUB{QFS?Frgx`U_RQOaK{<Ej*1frLoFcI5=4PV%Sxb0^$w}M&>TTVL>E0>nR_a?iC
z!b9N;Iu$+AtYVNz3OiKpL?j}}mBnOGb8^<oJTAv&AL^8|Fb4^=FTtMR$XQ%z!gFfx
zOm4f&Uh0%9XJBez_>CE5MK~|)lj)I^7K64XT%QJ)QT&U%{}7%NpJn1;n*@21O_2Y}
zvio9P6ZEcrq)uIm1N-Z85^49VS5i`dJs=9qPLT5(@wNFwR>CD)-x^?Gk~y3=j!y3B
zATq9}>&-2VY2rzkev1OxFY)0Wm1ZL-JZQx!ehfJuXv|gBKui%}`^b*B95Wf5{u(>V
z<t-T`mkZ6!xMz6f+E;%*(h#=eU=|%P84~h)tQD#-X5X=vQ+|fB1F*ni;l2&ifLoYr
zYs|nn?%?H{QOe4jSXK0zVEnYhWd>PxmCFn~BzqYbKu`n5qmvr|BzE8L)lv77MC(;x
zr+SxzB<uTkXGc$?cO?!%ebQnGKNgKIo@yQneOviqx0Le11DW@3`Ro0=R`K#Yt4lHc
z9Ea%2tT1`1>MLYZrfaOrY~lhKx+cnS<jJdOU8?4r_^K_u@tCKoXeA6#8=GmFzY|9F
z8p+bVxPTQ|$_ukKS^EfVW|Fn{(T5B!(2n**`Fao9xxPTIfg>i^-Stl*sP&|}I1C3+
zYnLwmhg1}98Roa;t3(A0bVc?G^0-par?|S8D0+8)C+}a<X<+qnVB2)6*JD3R3CmXo
zr0@|}=fyuzK)tUEX?z?VdUsKatjJ_@XeyK9%hiEjp2Aai3=ZdyS7#VPW8fQg?JPFm
zV{pDl(c4@>9rb+0gcx9Nu~V)v2kMuM4lfY=;|yF~Cg~n0)qyk3OcrOC51wV0zqsmD
zB(xj;@bAe4&RHfXAh>|kgce44p^gTV$hl5QYx&@prf{x~p3te|U)%1rIy<tA-gfjU
zcdmr>-q&FQDvJ^1pr=5Msat%Oy)2uec9^0$Bv3cEtNjkZ6y3?h>tx+|^y5rt9;yAl
zTKhd%`+ceQo6~-0J-#jKpS&4%mHG_T$lHBK=(Uj5kaXT6!i8mC7v&{Zr+n)S5H^7K
zgu6bB2-2N+HvF;%*%bMhoy`?Crq-UM(?*@sj`P=khn7IY5E^y{D=?iyU#BfT3HFu~
z8G^SL2{ON;lW8?6?{cLHdHWI)sst<MO?MZ5AvCYWX)HVx=CFQYRg2(XGmUp_c=UEb
zUQ%4ftrD-!09K$FEWX|2W%26b+STYMHu&1gYHO~B9o<^i;kp`>;-F~UPn<+9%@eDN
zUQy3}aEjm>sCg|t9*K;XOxNKc!q22cD2)pJY$Ql7J$gN<CBk0amxQ?8Z_mPP*h3;8
zQnuw6F0~jE<jYDls1`@@yfB?VTg3DrO*6v!wID4PSYFi9@>beNg+yjwS<skluTgqT
zSrpZy%-?V?`nzJ&4^yx7xLCVau7qQF7BDq)?WwLM#d>@3gP@blZ=K2A(*k-)Yb1D_
zd#6oQhFiH+*;c~uZ51W8_Ee;1D?*dj!Y7}L_b(bsW%Up$KB2(B*T|pz7#S+<{^I>~
z9>iudRC#Yk)SoR%Awk+u67j<6iMiL27yX1z_QhoW>dE+lM}7~F9!#r(m1NaXix_<4
zlYLe=!WZY^7lQ@)F(e{+vMI1-aSn>w(BwT#Oru_Q2B=wHjIy=2m)fk|B{WwIHE7);
z4p)6`pOyIDWAGbj3{y6^jc{a?ba7AIgkg{?;jn$st)HP_1hlGmHjh`buR#~e#RfJ<
z^inl#p}`R<NEVx4+K;okwEcMbzV!PMi-QF^yra<bpxjlAH4%Wc+TYC9N)xEt+R^=p
zxn<PngLt)Fi}-|H2&6jh2_n_0%|NQs=c_r5P*)<MR-a*ndMwvMxzcwo+ZOF=5_NS_
zz4i40^ws;zQt%*?k<0Z^FMix&m`1$mg@iUMwQvzU%tiS|C!7l2UUE5d;_R@;C3Q0P
zTFxsI%pR#r@bBxyHo#ktIzhh+eqjn<n&?mWH({D>;;%i4zn)Z|m65+v-+j^S80Dtk
z>?rS~X#lRO`#bdKFRb)Z2OiT8n9aA$@$y|(%w82#VPma>gE^ZoY~Y9Ng#BR3(JwbB
z>en!UA&c)Zrfr2d!a%)uFOWt(Z`{le`H1%~>@@g#)|ME%e4}`Or7fdy3;a>bJ>9_P
zPw6bJ-M0j7ex=KcjJ#5PlpnIg{~5;{H^GH5Y+Vt$1aJR5X|>VhK4;$A79pTkmmv2I
z|Cad+v{;O<5#&a|1!O{${d-lV&2C&y^|Tk5(GsI!!$gez{S;-?`#d}0yyXG|jSR77
zqf@#M{WZZ%4kxs;2yaD=Ea96I{Hw;J$6eezXFbN<o*_GGKU-3^Jh#}R+;!A5<U=RC
zkzi~rU!Dts_I?v?B_nxS9PB}nCf?D+DtnPTu(ss;hH79BM-iVsNzUynD5f#O$vu4G
zX3*Q{Ljx~oiXg2qM_`s9HG&AA?J4{k9tT}NXtL>6B?O9S0Hc|m@5k29V@%%^&-K6|
z@1D>wQe<J0YHRFyM&7^Uq&oXEvTzT*BelYx#_v0G=Jtn!&PHXm{d@QDN^ULuf0B2!
z%?Fvb$W5BsWD<|yR8&T-^_7vhZB{4j?nPN@8l&=J-<V~qg?}$@+1f`|trqqnojlDi
zJ!nJU9fqok_ELleqWBL~<aV?yz8xMqQO1+3&n)^?W1r@d8r+hq3VqnhPeTM7=m^u$
zPR^qY8TegKqCK^v%tCRO(?INl%TK~(^=`pp2rWnR6Y_AO2SQ-9&`#`}myWAwf8;@A
zp9c3#vtU<VEF?eO&g0cm5Rj~<SYZkiWj-PLMaiBV86x$hfI7qKQsaEr(QAov(NH=(
z2GaKU8kJ1m<5-->)jda6f%%x?+l)h*tUj~nBDk_ZyYh~GGaeB?fs6R)$-MkHU10^n
zA697&Ec6~X{D8lTB93Puj6th10$*3#*wMUg1u|SMW>tEFRa%iAXLU)MStS-DYr5}V
z*7TR~=i5E#+B^0=v_QKtZ_$TKFtqh)x<nRV7`aV-b&iEznXWR}AQ!j+!}s9g=G2Su
zI$>v`y$cjWUVezZJ7{w9?u(ec8T$vKIHM3zRKoDo-Nl-1E86MHMz(-9SitMej27N*
zJOvyGYcQ*K^^LD@u^B&u_V1Wuw{iiL=R@DmNP|~6sa8V|7{D~w*->H4gZBqQ)4uv4
zeC2<Ogt;X-ctNBK%r3PwzN+uo>v0X=`}883w0e!|@P!7gpck6+dw8L~#cZbV`_NSg
z;nDTbf<4q|J+$b0u(2t*8h)uCjAknYonVvD-mb(>&@ZcwrcUZuJTp?y1nRAi8#{u{
zID-W^KhBmBh(OhzmIr(sBb@QNI>p=9z)Fk8mjAUMTjJGRXhnW!FvK23N)zwD;pL3;
z<&EN=7(=R1ms-$zks)*~yXQW-Cog`_V7Pb-UA!iKF+Z`RWoKDO`&*!+N6sc!G<j6}
zx&^;}h*X;!GQVML1sbsXM)gU&Ye<CoIUg#cc}keC|BtqJfp4lx9>;Imv<+?G1}svv
zV%4fGAhZf=BSo8%!o83{1=J!w&?=$=A|!&!qmTr+Tmtx5b=6hZ*W#|bJ{OU7vEkA3
zP@Yl*6bkaVAv_95DNvgK%$$?trY)@N_y6Pbp-ImB%$YN1X3m@$*iUtWz`5ecMuA;#
zSB`0?(-|ff33$r`^u*!sMf3zO>-=w0VNPEe{TQeg7HG#S&!YTfXW?Q$ODFNpgbv5x
z`2L3VCVE#T39&t>0=sFRdCr>%IV8!bZxYR$dES$VR0#;2xNsj0vG<#^36K6Wo6}om
zr)?=#)V8Mx6iTTKG5ooqoMLKqzHMRlF52IFr;k_C2Buz=Jf||&K)a`J9C<#4*tD`A
zkmn#9$YpFGS49S*jn3d>y-36F^X=GF7}qd9^46ZfhCLB750c~Ke{KpZEXtH!`8XRl
zZ-pa!Od<<A(+#JmBFT?}a6YZ4LoL9!3%D&TNU^OO-9x>V?!gQ&I5-?Z_n~Z+vvk4%
zo5Q=%ZG?tu*Ov>#6wh3RXQ1B3XGtaC&rd=t$Bc=2b7+1)fPEn!wL4sDAx)kptxutV
z@vUUt1X&=CX6NBF5D#psYoS>}_Zf$IP^W;lGy~yUm<<r@n;5}U_GG>!zrOkXJj2hy
zD*9IN@;1lLG2`o2<+%27Spp1xJ27wj^4Dq~YeHmf7HuKVWPT$s+ppnV58;Eu!#I?i
zVnewufw*mx!%7z{KfApM*9l1f9s!7Y?lKAd8H<GNM}}gbV^&IXDx8*Nhx#bUVf)=z
zNa{2bLy)iV(PVD73t`fNmShnij%jlarLZ#x2peh>x9?2Roik_HMJ_aHfF?7VH8}yB
ztmztQGDBj{buHS>%^ICWjS`~iTHe6d)WT3lR`I6xIDBIs`-&*~d^o^-^<kWBYrtLZ
zz;HtG_N7DO?MthbO`%(vJs@CE#Nw|yY67RTe=Csvb7C$6k8`AR^!bL+Ui8gFLW!;P
zVR$O~ra(&YG`YL&yRxykC7u2!C3cS`c8e#fpYhOArCQ&WKvdst5qs)zv_K{n*u~U%
zO_F*?u&?gBm*m!ik<AE5qL~L1LTUDy+rq8FHL_Vn-w?bTE^TBzWkh%MIwwDAH38ZP
z_U8p+TmB=bpeH)lLjmpd?Lc&{Y>XR@RsjWrPlY4(A!U4g)x+nZ>N2cadmc;m-c&(y
z@`(yg2)}NR+}O8>Vs{?h8fJuLZ4widKbyj|YadNPfw>ynA6x+=W=vkS_5!4bQt{gy
z{MMD1=?Z07Ls=CltA(|Ocdh{7ghDrC*^#U@R-$PJD^UX_cw&YY<cR^E2+*#9B(nYt
zzD^utH92^RHuDu`_rq+I+k*IhFPLaxqYO=kyn2C`=B$uch}O>1zWxrl7e8YuLgRQb
z`Z0?CK+Y#LEYvxa5bEeacQ!PrnNW}7!iR8n!B=^k(e+1L#~?XGW>wJV5q3;wy3|Ik
z!~)=<bCX-3HJtVOw>c;{Wxo>AQSnqAW!&4~c&Sc!J*)F7uS1E4dEzWc3}JGpJI}Mg
zu-v_19PZm%KT?LgsykA)+{aW-x4n(G8dS))%T)yesHE)CA-elNp#TDU)-&6p@w`YH
zBjaCXwXAHgfwZdpiUPW?-j#~Ps$*^!A(Vi$fU)ro<^61QEfX=|0)Y_y30dqgfIl5N
zALj85=`|O9gR@MouFkt=3V-+I?|rg!4Tk4?GxG+4y*hw`MPJh^Qo1hG0x4!9SC$Aj
z`VQx=kgz-1$j)fb=R`(^Toedw5)Q-!M^Ae`jy!UXgyYDgiz*yI4h-OFHh?Sn08BW5
zEd2nA_yD5*ekQO7Y>e&xlFKtMvvK(y$i%^1wLd+<_~Hy^2(w3f?ZH&8s?ho9>D9t(
z&#i2-x|G|1KM**75P6*T@R{P4ApxC~Xp1FcNWcP0ym&~!=Q$<H(yIRhJ7a9PMZ~{o
zfe*33{VfXI&kGc3J}fYpF78$`s&E-F@1YF-)1n!D+eoYT=9^c<A^;xuGSXww4tQDi
zG{}zEH{Kmp%)^RbCLvX?*Jj_)MIgKT6|nSMqB^2>+V|T#Fx^Z9_L&c)3N7GjV#;$0
z=i8ya_)<=6w=qYtAAHk6h*pZsDQ^wE=+xG{(W-x=nMasDBkY+zMVNk<q!aPWv@bWY
zftCRxo_(I!-3Iu;4cw+HXQ1PPU*3s4_{>$<q>f$mOvmfR_Q`0xfEYdsF*L`)9x{AM
z^1P&uFK|40s?6!n?txpm>%p_6K+A$k#r5{yXa?uN@8S}B?*vbS$<@Zw&`$I%PDZK2
z-n#&>Kd(Mubfv3OL8wDB`Pj2Jk?j_AYS5RAdrE;xnNTDtCnQfGrKrBjAc^*MQhBLF
z@8+IP!bc9>d&r*E1yW#NVt##oIFA1?=G$gY$wIjUJ%HFm`&ojT^`!e3Iwie5p@sUQ
zoCNg9g<H@4<UrNcI||!TTG>Vh+fgX?`+I-)9D(;W0I&9s90uD_df0kZ5+wSj{926c
zjA8^SDS{3`pHUFv#y4dOzI{vqYBsm~CqlGqTm1k_g6PXg<dU+sWdj>U7TFW9q1f0^
z@^C2E@}a~>K0Ske_C0q1Gazzf#CiMAvYW`)64>4Lvyp^h<OZY!S}B?W32qE%fMY@$
zxkzAz9Z=Xa1(9SZ8KN0`kommAPE2M;lD`YdIa1Zob#iqIDS*N&v35J`s=UYue0LsN
zv-#WdF`WM8Y}lcWDHsF@V!_40gN7><(8Jmo6R^gl6c~jLZC<AFXhUvq3R4Y05PZIX
zBd($m)4EyiXbKasunaVU5q|H~2y!mS-g{#NG`GSKRj$S2ZTBh8nl@w*EQS!lgDkD|
zdw%dzbPFK$57G|XD=V7zYuDDG|1W_Xp#*<GQMuT%*yI`l@*lELeFo-C?-$oYhIZ^b
zT@OIsJ6;#-;l-{(3##vWH+0uxqiZw_-b;hdo_=p!lNRj_eUm`7Iv#m0+T<O)NlP5|
z4hj?JEuTO_Rum&-chF4ug2wLW5YqjDYerByRJQJ-Hx2b)Z=P>X;g561J4Ji%E1>YT
zO>|qNzyIL)qO!dRcq6Ht?v(d8BF@Zz9$F2KH!xi>EGP;+Cg$IZ;txxnKCq@)=TTAR
zgaO_O^yBFwyzKB)M(D>1sa%%ODW7*5cIr>>LGKv?_{1cXu9ruNR-AB+kkrgP_4%xs
zVGVZFRL$0BM%L8PxJgZ}UGO7k`Zh_uIR^G@;KI~lSxgj-ZrHZ9lVPWtZs1@K-bw!D
zVo=4caJZIjN8c!vA5M{pz|AofS-&pYaE7koW6watpIpyTB-n7C*3fqx*YN7t8g_|a
zj(t!p)JdPl9ttm9dp@#G=l=!kv<!jCh8V0q8xF@2$UN=Vb&NFS0ZIC&n@G~l&#=R1
z{&j3fdBN$;>y>KZwX9w#)O&{2o9<@yhVy!*!T!zbNm@0phiu>Ntls0iUM8<61=}^R
zSD-EA^?-Tnoy_V@;Pv)j%jy*bYZ{u>E7I=a^@^b01{c-K<n=!0^@@UTH4w-<97B*7
z#6W&4R4SW9a#!MHc9lNr>r8>&P`-_1tY#0pp)74^BgC)I$c8W{R<18$85|8!hNwtO
zsASy2>o0K*2oNeXAsQn2mv342^DjjiBuU%A6Gz7qOSP|g;+?UEGD0`<>^$vto_%wy
zjwLjb7tA950O?DP_B1cpCRQ*5WxkaxdnnI7{9-h_OzX=Nx5W~(v>Z$%x^k?bi6FBi
zmOV<_!4v-iiHkfl@GM$rY-V{;ASqjI%IW;I_{<V7FmggybNweOtHJ>qlT<#yh@KMs
zHoAsE!!yi%axDturUF^*kLMsinPt&ltxn0}%2MME<T8u$A)~$s=s-JlN)FFHa6M9$
z{zbAnm}2~Rs#7pvlW1>{%lk`o+D^o$e*Rw7C}U)WG9va8VSL$%O4u`^m)_8;De9Ok
zyY=V{P4YZ%LGN;SnWtU%vnAfUoQW)ve{`r>>}ez3FxVF5uSIgEe_yr<X6))J`O{6(
z=EFAY*q6=I4x<&JvKcbmheBc;J<hLW&lcS`G<zo<>&5*>Xh-xuj$DH2>WfRBP6bvg
zgVaZA8}!iP3WY9@y>}|#VjcT}SzM4pk1;^x!+TpB>J-zwYh5DirC^O~KyV0i7}e~3
ztNQ*b=C|h&ia0^l+$L5nw3mHilLc!;A8H2*3&lBT&?cbHs<7|ZeQ}We(63EhvA^(N
z7@f#-s6kt`%R+j^SWuz~X%0H}QLD+CrC=I#d^obrvi~l#^eulLd57fhRUlo{Bzc-r
zCJuEd#~rzcBu_YNVt>5!1({=MB%rwC8W8N$mq~u}*CqLtqZi@B60aHlI=q?v#P)U{
zd~fgYWuiYThqc<hN3u4#u9W?~yg;7JqZg@G<u>4pjc|McDxYv4x6Lg{wN=6B=rH-m
zDm3tT5)O%O=yAauYKvjw{ir|OQp8Uo*bx~#v~W?u266T;0=ZGzU{}`Vu5*;HP}arf
zCHoqfa|xK>A{@a$f8lJjmL2Rj&Xxmv6YTy>GU{_G>zuheWzUL6*>f&);$w2)aDp6O
z;Z(ND%Oi7lUUO=&zt^9M4bDB|%&n6R0jKhV?AhNSpZTc-gLDW8kB^QZJU(i~2a6ve
zP(G>yZok24J>sr)T6faKXl-2A!%!OI@S{YPU<8$oc16TI*;?m5f-?=lURkG%U1av(
zZJ1k{%6zoWz=s)2wuA%L&7x-_8g?xLnW3hr37An9R*8K3C@k7i(cH-<|3vf|xieV8
zf^!w<ACbrWiNs{L4J>SYR1*@`(lTP25N2)q4Zl8(MuI0Tk#byHRKpYy8K{8BB09~;
zZ*?UqLYQvC-#cg`J;Y0CIz2>=UJtRfJ}q7kLGB(#MO7eEI>l5VIY^%JxJ1k^c>N@1
zI)J9%KB8T`czj`SE8=lh3)RGRQOPr+hS+tm6+LeiC0-v(%#M?#7n5RD8}W}0Lg>x7
zoOduMN4o=aUXIGwo0hV3#iUian0nxW`KTj{>JL8Q$phwJA++XCX$<KU*DI&-L@B^k
z0Qq>kmQj?z^m+H8*})#ogukuTqHjwwyXHnkcYeKQ>E0Ap#sY==I6Ds&{`0f5;3L7t
z&ake@bRB}S_82{Vd#pfya(9`m+A|AKFv7R;MHo*nUPe<TOMM{0)ef^q;fh#Gvu0dN
zh3f+*R|b7Ur!rP4XGSWOV)i_MS7mo3pd^<`E*FnQF6kv@g?8*Ad|+tLM4A3yNi6z&
zW`a~5K=VXT;mlOgyCMl2`I6XvYQ$4nKyIcaV7ozdS89Mvq|~oKuKNVYe!#P(SE12f
zE^-gmfU*%WB1@Yw07=qVCgSEetQSP@9HJ#na_%v_-Xf1j-+#ycN#Z8~N&L?y&&fLs
zTO`lP>Ew{KNqhWibW_tb6EJ>ik;DJ53i9@Q9L>m<--sR<nq0j`>+j>|=F&}24qkj7
z4`syPN3k}2H!@epgvvRN+%*7u2kZwFP{jqWqWt(JEvmFEI=nOcq`=`Mhq4CX8WN-N
z4$n!x@bnyM^KpmY_-(P(Rhc#8uykg-WY|8?Z>$9H<%D+X^aIv4qW4xhai;*)JJcwv
zw@T`C4dv8#X#7EKX=<WS^e+P{VICw4Z&#*{$$ot~!+Htl;fEg%e?+h*;}3LF4$Cls
zJSO`)`p4s)Jt|t!97K6JyTHJ-q(ugH2VD#0E~BzZuZ-^*yPj5UT0{+i%GITORmpq$
z1XOEMLw;ripsl(KC<hO6L7sMzfT+m0E*qFC#0Z9UkLY_pA!5f7N%?EU*dvnSeFSy>
zyIT5RhyzBM=KoIzvQU_C9h<@5#`F}J5;mUPX3%}&)tk>pZ_i_MV|GP|^R<jlGvdp@
zprf-9bBYm(M2{1bZxHZh!EGnfxE#;b(5(Tu0~_Aav3dZb3Xj+Ml#l2lP*!$0l{#(I
z@OI6Cd%v6-z157snC=PxCFryZl(ID1XC!4R@`FdooiMwDvYv81h+B1xe!uL|*4zjT
zx@RTkyN^@xsGqK@zOe{J-lL*dB9!K2BU~i|CytT3=9^KtzdGjsiJHeNi$JIvPJ}OO
zThUg(UE7MbdS30Nwbi$9UGoI3^It)<%5I^IKE_oQowSAzp}?LNmxz1lc5t`01GBd<
zvy$}MR*tdoo=aa>W?kTSgxUgZs(lN?lJ*xOV;zSD68Md2fmF?{tJo2v4Y>gTKXcWX
zcoP5&5BdnRk9~sO`%U;d9jYz+1J)U_d22XyEtL6^l_`mqL4vRhNsrchGrJp{p#3A*
z1`R6ava&lKXY%ZXue)-277sKnc{7t|E3k0nY#sI)-eW~2QM>+UX=qsJvS`U%%(^Ai
zgAV4<?OcGQ+p2rCpT4%l=KJ9FOcH$68<RM-!($`&kF}q6;0H@hkq%0^yw*cdE0n;G
zf1cNt=aqP`XyFfT=8-A*Obi`m+127ao3(EGJphX<dXPdO;SmP60_CuFW<OsbeC&ke
zrXXfoGQ-5wJnvn>OiK#bRqYr^*2HU4h2R4yZK%b)Y*uX=w!iEqYJW?4to>In(f-xE
z{eJQ7o3Q;)vY`E@6ecaf-X91ws5k?kUBeN**notEC=H&}K;9ZSxvL{NtvCw_4r$_0
z@c9701m35FM0{)Ne<Zsge-~<PvEE>{S3!w7KBojD<@^VTB2a)fHtWygg7&D9R`1Tj
zkkN1epte@DZ)Fd_x{Pl^>#_{sjv?_B&Liz9b|=XWyMvnA24~8C!@NE*qEW^JIaqW8
z)&|+xVf}`NCHltGCjW-q??Ce#UBG~SoSnm%FI;dVo})BB6@URpwWksVb?BTCU3F-d
zZwtDOG>Hq=5;#_Zpd4x+lV3qP@~xeoDQyl)YOnRy@i{Y&NdC<A_#Rn0vsp514*f*$
zw&_kl?biUuDo!04w-vQqRb2pMyKWrJlkz8IL{!<)d@X4_gF+sgNYz*@>?LB4jsZFt
znP#Ji0t|P?U&uFP85!CWV*>P}K)Y&EQ#g1fCL`AHL-2!#*dbWd>=4WX-Y|0=${b#9
z*~xU{cqPt$w-i3cHsbE<czO7GZs6Bk_~>&ujVsDqxrL2-?ktGhgKB*odJ%(m_-n;2
zg$&VGlhB$5{wJQA5!oskv8{5*$hJyGC$?2GaI3Jz_N|9JZN^owUjhWg-p6xk8&>YT
zo-f%JE$bxThE%7Oz4#LE;H%4Zdy#iA89V5L9gH)g+Pj+Fdsk=Bbuy5kch@k;zr!KF
zm_z;@4*3GPdKJ6>euNa0C(jY&-@L#En1hfnh`ayR(#Sw4$DvNrP|Rc&Ysa;M|JGBa
zi-oKUD|Nx@x9DXg^}-PZml#3Phw+x*<S^cn-K(R#R7!?-*R$*$JbM(%q&j0`ZbAHh
zU!Acr-_(RFWKOKTIE)z(Q!>XDi#E0>mE69Xa7?U*4m<WzSw2{O#(w@9ASW*MFi*8a
z*4h$V>%a1wto7+^tu4B>R`DIm%~!%&qfml!G*L6m#40~_WfLNN58cO(uLA8akHcOq
zO`xm9Z?@A_qR*heN}Ng7$$j5pc?;w6RLZMuqT4f07`%t*R$wnAwn6&fV^%?W`fw9a
zTSsJk^e%4X7)ELkDHa>txoEzKWCxvx=Rqs3TO&iqd0|W1QXp2L-qGHp<z1U%ox9hz
zsP-9DbNbnh26VjdG5CpE&~yWPwQ501w~^3_*%}hDs}VS{`&rO|Rtal2LvuljnC0m^
zt%g995eK4l2EK<_-nDUgU07ZT%j+JOhsQ_!l?g8L!U}$6lB2D86PUE8o85i!QWK)3
z-o;W6(TYR?6`7T{YdC(TuA_r2HaQ=h7IL*QJHq}E>P&bnc1URD^aJr|1W%@T5c2^l
z_>g(#swweYVk=|a$4%1;wE8z-tXmsfozb>vsZCg_s`XN<qow|arIwH>TeapK%52O^
z_-Egt>~R)ZGS!ZVm~+&OpjSWIKc7QGCzc(uM+<(%3ub8lpl^Jx?~H4rT2r25&%0{x
z+!hX@4?nHuPU;3X-}56P`|WAoiOf5RfOSN)ggBZtcq4CcA!{bu;Zwk!hn@*NP5z(m
z<o=)dXF2~I$v=lh>SDu79@Q-o`mDuX0?$UrLFt=$`bUv;giPZH(B*Bs7?LsV@I!34
zIa=*QY(i6F6>_xoJh42Mn58XwNC&pZc|W#inE@FeV~0msa#u)>v!^L#{sPtMdD>e~
zT)@Z6&)GcF^90u<n>xLhwv44c1!=tm*BD4E&}vxPBal`gxbBCvLhU3=8v$vBf@>(G
z6=_|bq_n}1RwTFvK$=~<jivR2G`rv`l&TYH6EKJBDD0#^&{GI?gD<1;3yL=X#4nxU
zONR&Hiv_drOA37X=0QAE_VDV#pLekf>A3fD>`JLjRyN3Jd3+Mz`T@6VVLa;-<p`HU
zs9kyR5w_>h<E=K7|1ddNN|UyUWJE|YxUCNVBoiaB=N?8n*W`K}AL;^yy%p(o29np?
zk-V0WwjKfh5S$00eiSN(-ZN%%(O+A7H{f-?j@n~w*9sl6{dcqx2Q(4^86i-ga+G+`
zHDp=zC1FGod+_ea2JBeQ<f5A<GtB?vV1~th_>3x0E!we%S+Qg&7N`G?f)914=h<G}
zyD}U`o%0a-i6A?^ny3N*W!sx6Q5;9ml`Kn%ae+9G;UA~8R5Z&@<xB{Kk$QR*+%F6M
zTg3K>q{72nxlaUU=+{P8lc5oA_n4touMEdv5Yb4>n=Wa{^)fT$`so$ee{;DlsYM(2
zF8s8h(PbKGg!gD~T*vzC(yY&6E5l^vy34IIeZ8G0R=MNgr+?ojD>agGO1XgUjYf+z
z;*_WWm-)E~0>79=BY9Nf=03{QC`@-r0SQq%?Ol}E;+BD26%`?4R-lZ{P7mF%NLEXL
zbt)wll5!liN{2hLXCjV1Ah?U(l0;Ne_q5fQ7)&l3J|NcXhuu9924`|&M*D~J*J{;Y
zfgFwQzVHDi`cn)2Gp3I{u4&)0_faFU?!WbQwWA+nn448tYQ?ww@ybE%o;O&90l;vA
zNGq433nmbt0%QxM7B!nePDiqHLPNAEXanNwgr_Sj9ZaL|O!_l1#<SnujPXP{k-?+L
z6p>z*a_OZ~V9Glr!Rf5pl94^5rc-tx5I{1<pah%SrJdl&CEMRJ<g7<=1>TqZS=7s1
zt2aN&V3%osENTZ`k2lGE##>yynd(j{;Tk(KBKE8X31qxUg=LGg=D8CManKu)Q|%$6
zXW3&?^zsokZr;V1r~E1h8WUwtqk+7fY!U|g)3c<n`L&-YS=UM8fXxm=t;C{1Ae%0^
zI!OLPa)+w@ak+)GH3_HzfZ+^OjK9PNCo4b6)}!2YtLS}6AbooSBs&yMMlYsg<iN2+
zbV!9(etR1o{_ORV-}pUYgh4}ZWKn<F7W+2*>(~Zc+qhM1@7M}7U^01wts)nvr);n-
zwh8RR!Y)QPyQ^gD23O`HNrlmvvnBr!7@7%f*JL357^UKX({~hK#UIzE{FPqAn^=HN
zrHfM;ZQ}Z8<4RdUuWWRA2D_vMxc9MV3+C@GMLfiX|89)f*Szr}utOhnJD{xS%luzI
zv<NL<^GN=_BadD$XeGzChIRK=XZ{RSCoPm5GDh@S5rtWj_V*8&bDBv{qee@JnP-#c
zm1uG^+w5o0UlqOnn}U{n6@>Q#G)$0CJS~l06*_fgiFjm1MffRrPblF%VTN{j-)8rO
z+iq^<o>0_9&tNaw`>tAdNg}*~5#f7YfcdY8o<iE2%&4Sd!WDwr-?G@~?!4IGa>AB8
zG!(aF4JvJv0LfN%wSTs~PyeiG9U;3sE;~PgBp%Fg#bsn*hRJP`m_^h|wSSJafA+L1
zu$d5)J{?z@ghqeTvbe-;hSuUuOriBSL%sw?Yb|bow`&WQvK!zrxc?>~ogc$4gkwq=
zSb*M#4wIbz!qMwvH^3QsA$`e@X#(B>nq+mH7G2DWvwSg8O+wB-{B8FPVNW=-D7>$O
zf)Ara&qVgNhf7&DoEc*gH^#D;%4LWOqoSyg!6fv$e$B98V_qv*a7~Nb;%qpWr^JU;
z`FKq$diGb>T=Kg3uT00@bs-?j8*w>rvm6WNyc9*Fzq}r~E`IfHb}!s>eB5<$1y9Zx
zAG6nHm;HQi;jTgj20us657EDtCJhMMzWLTN@EaO_(_UI<Z3ac9XDd)li|!?|N}pPN
z$$hki?IUqP2SHyi0*P1u#5PpVaaT0IUyH-vG72WKQC5DC8J|bNq_;4#a_yNIc9}SK
zi5z__h&~yJK3Ux8;F0V+M79FPkU$lQy%|qRD`m>cQhW%9yfDM9mu>B$ui<d0t{$n;
zCw4LV!kOF{9z9a^-{}j`*ZC3pg7(v|F<@Lf7J#t`<sTTQ(RxN)_zTG)&shKmmGfk!
zg>jmm`^q9vn5LMu7Mvj_d~~X8lGHqm4vWl73DJY*_F4|5lI*n{expg=tQA|Q&Nfdw
zEQc!{N}zRnEsP-Sz7iwrMT7LldU3xU`q>6eDku2;njK>{mVk(W;o59b6D=*2>MXB>
z-e#Joi->nd;K6{GJlZ)XYPF<aK#WdHxfi6F7f{b7&fkZc&8WqTe?Si72C7&6h=y&s
zjiKw&Ul=-hL}Fw?2Jd6Eii5P77x3C%T<|t(UlmPv>wjji>^W)>XPv}}1r8@me)Eek
z)%CJ}@{j5;IQiCR+0-Eo)^iS}FngM4-8l7m>$+)a7!3o)3tzjVQ+3oO%_m*bpghte
zy+oUG52=#K**d!C2|a4vIIU2!?gnm|(pbd-1XJK5RJoQa4>m+9yKf0S691lckco<%
zq93KE`W5iw9PbPy9P4J+En3y&1VJaku_1ZK>6AchWWLeloda?5i*_h>j*VCstKG9h
z=pRCR9-317WexIoFC>5M%2{C6bAUa}vD&hx);R%6@%R;#J*$80V{4fDE5@eqF#lu&
zYT@L&QdXTN3KB>jSB~NI-qvn|jzfRuW921WyZJby1w|j)H-<Jx#?NQ&O{O{RgR~C8
zb4@zsR}7lo&zoAzdna<SCafDcoFpmf*$)2`P4ecW1O3K-a3)dmcVFqCmzKb27lmv*
z9yLnl^_s6O38pwUAQBk0^gXVxy|N8cYh2a_FRfSq2+#<No~1GUrwQ_{r(Ji_-2y^I
zia-U$^Pc3I=9u=f8K81gbT;u&LBMT~jE9P!Hj~l-+CQJtM3)E>G<_Wk?^)P(SHi<P
z$R?5|&<iRAZwu=H#!9+sbbV|kU(`<jV?SbqF#lKp!vih+Pmm#u+e}wwKRT3iQs7*o
zv{YwQvk3r&c1S^OhJguWXHpo9j;CO)RRE)Kj<~>Rh`{L96jWjS3M>|fQKpQpP;nyH
zA&|QA&}vVm0g!T{sKbi5e%8&PhL_w1C1vYRu0g2yH8H3Uia|XWpn_NLU9iC$WBaBh
z)OkT)8qVN2j8#p(IK21J6Bz=~s#JjY&Zhqc?|)E<W=<iiwP*S=^~iYsIhubyz(4Qi
zpM&{lfBtzp|NH}dwvhilM{**EE5+yV7sGDQ?r`|KC&=ON<;@p>`pVYR;sW;O^mHgw
zTL80Yw*J<mqJNgah^pT_E`d(f?&Fw3C|yy9Zw0oa7jx@tIM!$QsjR7qlJY%BNG{+8
zj1?gAfp{?h*8~n%GcOo~I_o8MFfCC>Tq2J)6LwT+A%|aRs}64agAa$%{o*QvyEEVu
zY~)6V^?<vrgAW8_!u6Gvqq4G}ZIT)zB3Ps7{j<PsV6gi~WpxPkHx~PwBrzRa8ut2Z
z99`&z1Lp(PV&fNmcB12h8G*(Z#e@YzQ3<*VwtaAFY`^ioTrcaU;pbiEV3*0-HSn>>
zX+1rC21>PlC#+8J4%zTMTbzL$Rt`f@9lk!R&+zQ5X~P@<)$f}@wX+_SSva*1v_HUT
zLhnaVF_!PD)eUC{dA*mF)p3(AT<NeLa`lfk9@&`G@{JPgwH>f~L)Yu@yk*N+tk{Gk
z^pJKq5ea2nAem@g21@V0n&NLS{)sLu6A+?Zo0#7JuG<)*JNah`|Ln^@d-Knm;Pc}A
zW&v{1AiSRuy)Tk#tcjS6KIkgRivg@{-{z1Cg_O0YLRq61Avt>u%lb=l@L+T(Azr?e
zT3C&N74^)9+E22fU{@t6+ZZy+35bkGT!To#!D&-o9Bo3U53`cvX;WTnv<V9alaV%Q
zj@&w6(58=<0!Nc1jOKnkbouB-NW9h{$qIi@YU&Gy=?=b@nUXrBmeE-MgFj-|Td;I0
z_PZ(CFBOT=SXR<q6Z(+Hmj|-#kk$UYL9Tg@quO65>8N&8z1$krzM5uoNUJu$Qor8R
z!X%pRKMMH$2mc(zKl>F>e2j>?IFA;SJ?uh#uz;uVDc2B*T?D$XlKBqF#-Vm&VlKvS
z!NKN6H!a&GKk3H0En4(xC~8ytH^B1e%y<x(P8kgeH!x)f(Fex!fp|g$0w4Gjfp|+`
z*QKPWc>_pO@K1suM9+652_0G6o197$Hb4D+4&tj}NVH}*IQ`RU%{K5F!=Rnecd>!f
zvhCyp=Y`!{LvQQWfrjOMyxCRZ!`!fqM&~#3O9<^2fwpZP_n8O~-~0y#`L+Brz(2qK
z!?tki{?*9-X=-++H1jO#N&#48Y_wWdz5^a#X;7cdvQ~==8WNZ;bZJb5D%g5P)ud>8
zAkk*qhSmn924;;i;Tl%-<^J3xGZIAD{{Y2-wP=g}+Uf)RBAxaFUxWpBkoM!HpRT`%
zBY>sVY2-B^E6y801~<dZ;^Qgm!p3t0ACH6`W}>s*sJ?b7*Vjs<;&Eh8K+{@m$APc+
zwMChzc%No+^qGdTjVq5%E*V{!0%DU6U4dNE)%l-~=@8#VTUK8RGsa++o@3E!V;qdS
z$)Q)^lK;Th(es#cn!<4beZYg=vk4FL9DLIg2o~z}xEM4SPKAgPm)Ux_u0?CFcW5$P
zpSyaoh3OGldQ`6q(+^=tF^WncDL*^WM*D4&d#f7YH-;%geeM(<l}cjzT;MR8>2u|X
zwzj!HeAMjX-{Gj=HE$K$58rBOU8DPhWZmGpp+$Tj7?u+Nl}GQAJ*!O)YlAz8U!wZm
z*Iux2;|>KdYm7<f-v>3k5=AmW(xWo)w^$*cmL#-dfpjQ|90X<KD__xuChS(&ETVrJ
zT4@<Y?>m$~H9MP<=f6PC-D~9P)eOz=&%hVxh(6kf?=y=WLafLh@kf4hv)`EEaV3qs
zcU=u3{_8uKc@9HFR#=bzU$0^oI)w0m{4)8Lz~E+ad$zZO>}|e`?%6d0vw9{s6;Kpy
zE3#P8JNmJrwS=tPijd!!U{SOPWSnMFk5Wbnm|h|wvinSYW)=gxn4A#VU(1ql%>U|%
z(VHL5a`bsLNAzyzb~qEr4hJ^V1X9;4kH+t#P8cy_ld%OcnpD`57{yVdt5~@~#ZgMc
z!zJIB%}G(xd%uYkJ+O^d#Ps9ENYPCz(}dqdh2F9KUMiGIzRt!06&h!8b>}3gMBp?C
z_J=ag6bH7ANPf^?0w+6e46=xUKXqhhwdn0h%AMnKAe@K+29a-K_eKS+k{ySkL3ekQ
zC3+P-y}9dsc7OD2q)(tQ2U_-7o%nz2^9F;i&%N(apFwoK6}z@NAMrf{P})P$I>|Y=
zXLW;&`hz+ku^AIb0F#!8uDO*UyRIr+FZ+!f7+qUMbS)CUShSdHket=TlQUxtQL~yT
zHLH=V-@7`o`zg_(WU;F$G-lP@hv`MAubw%p-!b1p$3Kv-&JN{S6E}K9!e!%xOHZqo
z8Cs!LUT*yK$Y*5Wv@OoSX>$}H6Bs~NlWKMX0py_Qo!$~4WtRfTYDVaZKl;7!$ce$D
zwi!Ius!@21fPp@nr3Xk30%SrQK$Z(ajQ;8A_cF|AVHgEay8Tns65pWq!|?6Opaztd
z`sRKbdFU-EH4Ji+ax#>^lq-<?HTWvUg*9gxH<pKCeLi^xRmVGnfwRpm{8#g0MObVu
zFZStKx=XD51UniW>)i>7f2YKIV~Ham@fAvZJf_Va6W`0#oHZ;8Js3aApZEiVJk1P!
z2fv4(@ddtXV)kc9Yc$P`E&*D+hY0A)tim#%P)gs$o30nM7wHW_-#795Z1#N-et(W0
z3#??%3wq4#5IwrIYx=V5m9K|iA%u*fYeIdZH!sOEJ8<)r#zI!;<>6OE4Ed?@ex5#c
zxX#EQE3D@k<-^&1=-tCgB{iA+(<d`)&N~b)Q`DSDIj@~P+(rl;<1WJ;w=namY^q+w
z>f=oZHUSKNa$Q(J7g-prLD$M2?F)S?$-I@_!}PXPy7s;;LLlDpwuP)<fGPj-9aK%-
z!mLzyqZE8({akjx`_i!J{q8WPAaeL;a8t_afn-YQ8putIu8asz5rLI_tlv3AC$L6D
zr)B~x6<j<dYC{y0COlo4^zeMwc>n0X6+SNob?`Zu&)~Cs=tbc3-`ne_Z|@b}-uM>n
zHIK(KBg3ISpM}9BA8IZ3<sx*Qt_vTDVJF?8-yS~l9}{EYE;HB#ed-(}U(pzrtwaY+
ziQ{koPyOE%>z{|ORA;vcU#W}MwkT%*mccJHk@Lrx*5Z=>Y2Hd#TXD(Y)PjJ^7R0AQ
z;*u53`SCBSh}FYttcp7sFQY;Sup-|56$C^dMggoiTPV(<$iQpGC4tD({Ngosamn6d
zf8huGX+HXdzu`@M)=qu|V-NI4r7<VjO9s%(d>`=_L(H=O9<#$=6qc4p9<e*FsiKGZ
zvQuf0a~ot&L)OH;(Ga=~z)s8>=r_+S$zMBqQL$*TFEqnn$3l9KzmVSJFU*uZ0TTwv
z-Gf1Luaf+|=CJqpcGX~467(<fkJ{!ANUa)>Dri|g95pPn(kIk5YR5N_pU)<g==JaL
z*9*<x;Scl|QoJ|{9`gy!?|*uQe~<1JzUP;Q!Tv)2_&)3eFyQ0+J@T17CHebf>xb{}
z|3dHY|3dHY|AIjH3&3ergVTD5-ru{f#+UV+-?`*_dz*T@GFAWN-u(yu+<wwcy#8-{
zZ;xIw7|bY&Hj7+>lqlwZ5JO5Rr%;QeUhYt@mHKoNy~y{8ONvc+-RgjI6QJ!>zxj^5
zlZs0wr+S(SC-?dm(JuE4K)#>J=4t3Fz8Khgyr?2<@NCE79Jg6D(Q_|UF&u;P;_M-;
z_S9@xwT4N<p}|!s%#<J=LjA(Yw&mEOJ-5oP4l<R%N%?kQ>#?GWCWEI2E3So}2BzXf
zZMi4x*0tgSwCc7Q>aemnyA#g5BHY(4JCy8fGWAjpA}#AcSAmzo+(JFRt-}`vmOmkW
zWwA?Uz$w@db8&7}HWTbW1Kv2Rm&wX1amf>=qNdg8{I=q`G{IH)Ewe9v4Nn^&6In%b
z$CzMOwZWK%X?=lIs2G}ig+n=^nNv_bmMry2boX*9w}*PNuK(D2T_LXSCJ^N?p0%2W
zm(JET(^JoEHmp(l;f7%0JnoBx*sQ{n3%&N9(7Mv1^)uyaQ1aRB0I?ydhBe{JP?bzB
z-QiR^hvinlI7096<rkMcm<n*c$K+72?x)&cGAs7C%}SlaUu;%RIQ-^WxPLKle0Z(v
zF^50>ZP+7bd3h735QF`hd9r7N!FkPY+0%5{#EuSs=G$^E?3$HE*>gTi^c*0oIT+~*
zW4!)Cz0#&!!OE>LI<4#7M_~vwloGYg0LAf=nbz9|RF9&eJN@Yu1O1ukM?|pud->Rg
zJSBNnHcFoJ-6!7V1S~$Y3wxa?OMy^=6kZ98HwI}M;x{fG;?G<r8)^U)nYeGsf5?Y*
z@YnodG3?ZLfpoQZyqk&gG3{4}^}IVN)Ey`QV4Jgi?GV3tUcA4I%Ssdr8-FDmKl<$z
zefx29dh10m5*Bovh0m33N~I0>1t64>`gU9%n_;aj9B`;FuM^l#SUXsGc_V$FI}rH!
z+oGjBfdni@(m#A}rKk)<_HT;~u4`~V32T}vC3QYEixv*be0l*p*9LfCEh?CpI<Y9f
zGHyNmW;kuu#@AU9t<%1#Qe1)uOmV6$x6Wo=Gi_s$Fgdj-XJTrEqR8PYDey}Is)q^W
z>B|7*OC`g3SfMNgdHi{Y=f%5pUc8%$3-DeY{58K9g}>9<Bzg~{gX6#jjA)2z=4%1v
zg14j4s*7JFFO3{mFuaMW5@0Ui>jsp10BAs$zW_bWp90<}Fp^~FHGqWY2Z)}}$)EL#
z#`y7+s3U+L2O3KdDd8Bf2HZy+emNZ390SzhfRW1ZxsAAGkUDu$Eg~yBow@6vpI4!>
z+3C+T$>H^^t1Bl?aQJ)8vnf9U+Rl-4VTV*f7fo3c%j7VyUh5HDa-cRr&i&D$?2_Q1
z0a@%dr{DZ1*#L)aWfnU9)}Jq*625+l;QE~K_47>TnERBwR<`bP^?+mTRoQQzi}B`1
zH=iGzw}MRPZKYARu5};9iAZV+pqMH5l%srQfAraHSL}1m<bk?FQ4XxIz*hKv7RL)V
zqynfVdS4`BQ%StB-EYiyaKr(`tQ^cSrvy+(R@zJ9HE6n34*fPsN+4oS<1aGU0qIKo
zcN(aY>RrJb*fLo0Zeb0SLIY@Uqt6D!_p-j`N|+6kZSn%Tu5tgJ_8rF8^!GPlEn7uH
z;!@HgiTx0PrSRIN$c<zA#Hq5f24fT}b@e|&;We}&dg%7&J*g%BOhbubr!BmKhNZr|
zow-nYnZ{z9TMYeopppap!>>qaUI=%q-Ct%XnR_o51OOz+)=KyLQn-?CB;EirssxI1
zP9zLTWt(p!V*%%{Kt*794cmLcNl*@O=wGys{=#;H{n^U~`@1hgt(5IsBcfsM9;cy^
zZJs0IoU35VK%vhE`+I$k7~(V>iulT!V}LxMpF~IHGf1|x#92og!(l*5r?ML(F9E+p
zeK~W_IdjiShOJ0sVPoszBU<{^iIz0jvnrsYS_egHp^palL8tYU=z9Zw@_nO=-|T7X
z>oWW5-DV_DO>07_`IVt${Ju%MtChVxw>Xv2zMO!4E<$HuD&Wwa0O1`2{k`5sUJiHq
zV1GKCJu84|6DOv_E__>3wmNdxOLX-7o$gLfNPhDI;Lp{3B~Oq3$EbbDKiO<+T8n+~
ztx&=^jWRfS){C>h6$s}}l_)1|x$ETeoi=5i!?#lOVtftQZi`@_;<kT{P6GT498Bo%
z&*og^8D}m+9#$rtIq^<8a2&YGYNyhOuA5*5KVVP}IdVg?p~|Tokk9;#-kg~J$NtYF
zsOA4>qYa?^Pxxd1XC0}NtVfYP9&&YoP9yxJ`eY-nl1=G`i4N;Z_feV!y2M^rtoB+^
zthg4LZT?AyqPY_oPk9USQovN6n3N0ffl1n$RytH~9p7i`VV|vu>@&Onfw1+&#2p++
zO##GL<z>o8YJm(YtZQZdT0S0sFB9>k>X&EOfda+9q-{HQFd+5iO@Z46rarSnA1^$-
zLI#THP_{-$A@Cn>$%gYVq0AQX50D;yLG<v8i_pWJqPH_zLp5GN|5QAl*VPUcgnjFI
z*LA@0#`~|?qZRDG!2NNYcORG4F6fP;Ed{8<IAQaqScFJ8!y<kByiHOr_qfyR7W$Vc
zS=UUO$PC7jv9_Lc*`z>iqQl?40`FB8Eg*#|@R_n<wNn{yDak(yl1VpNP0!A+*KEIB
zK<gn?I_Eg8jqd#pLnzcyu1=<LLOW;(f#&u3yD$)Aj66&JzN?mBFK9!)-AXEkf~gh(
zFLOF#JS3Q3*)ME<XvpS1rsb+M3~lCArWtv*n7vur+j(19AFoaF%&-U)QH{=p8?}nb
z=vyL5PQ&0U%%5I$KMRdc7iX<vMylZ2>QHax{sg~`;EL-MU?!}BdSl2OJ>Oto018&i
zAQeQ*U8!9TJux40vbB0rAD#caR@>7KKBFr?@$Yf=T!%_f_%J!u>}+j0lyh2t6}`QI
z*p%D`GRdUfWEB!^AFpv)*z)tJ1AT``UNVN+%@ZvN_*o=c4ER|Jn^eFrqij57f>a$~
z7U_WuwAwYP1zMxRE<&<U!=4j$32D(?grE<cyS|}|knnPyMY=_Q5t9A4IG<$mvnvF4
z5yGBkyR!4>A_&*>qmJ!_7B=E$)Qrtsg;N`eDqHpSOB(iWW<Kz`JcQ~HUB!rk@q-+u
zCG1-iuP~x`hNw6Zm*?@}-1}G?A(Z+p{?rx_>Q&RjtCiZQo9SuYNS#7ukvbqpGStQ5
zm+AB?K;!Fe7<ku~AXiu63o4sxob9$@Y+DKvhtY0*6b2ffv#pbrjoO8`@YkwXe7qx=
zK*p37SxL{96jNv*#?x*i&LR5+f5(CN%D&t<OTtj#v6jAQ-qO2oA!?AqJ{yR%F<WeJ
z(u>-XvQzgnxU!u=XqL3-3ZZ$@Rqb1p+9?{K<BfnMJ-YHpqv%OyF$N0yd>$%_JKoi;
zr?5Po!~6A*+TdOofB}GK19};w{*R2>vD1+^k;eDh@NehdjeM(vZ~q<M{RrOkBJh5h
zHs#&SZg)5uje-a(D{F1_m5?x!e2eYS&*$ED$l?&hH_{D5N8!d+A#VF~Gl=K?nf5dJ
zV~Mpl?{o_&9!hHg#q7>{v^e-?v!=Jb*;>;*n_4veU8+IX&Rfmf@weK}p)>l<A8%f%
ztkp`NpVL?B)x6SmtyY?rtRG(Zjb@dOz0q1FDN$c(UGqv`w_52kp#_ZVOc6}=-l)UW
z#}QLaa|u)bo}<Imx(_dosrFM5OuhFV41h=$(R$SKen2ssYnz;^5d0I}&tU29??kZq
zTKG14QS*4Y&3^;ETCb%%%-%;PsghAiL-##@tQ^Vg_lId$@XTa<)(9l9y0T&3C&1X4
z;9DJh!&`s^B8^(l-YG&ef~M1-+msq~juf`#)|dFl8wUD~M~T9D&{e@Iq`nT(Sxf#<
zW;5#&7AJn6_LOgH*rpCK`qoarh2p=LZ}XfrxclbUW9M1G={`e|CCgnVqm)}Cc?wSn
z?ly1+n9v~QREe)%oQwV&Y@Q3oNn`UXgEyj~(#DyGn$W|lzo;O;K6Dw6FX^dD0N!?#
zWIf}0*I6!oC+BV+=qX$;xH`hG#>g-C_Ry8gK29y&G+0SrAD6kzsah~G^qF1JJhhFe
z|2SSLRj)vJg*wOaU&xxH(HQy}KP5huzJ9d$%%;)egms^d7I&>1El%HnF3DX+Nx`hu
zCyewn369hCCMZ9Ay`|L(?#p9^-+(S-{2tYaWL4nrjNmf}e5>Z}5WPQ&U2j$gXw>aE
ze8QEob+v0dz<8zLJ|QXQm7&nZ<6AQnu}(LM3xg!$ow80hi}QbGhGORMFp9%!ag;xA
zQlB*2b1&Ha<D!`1xzHRj-ttB+yclBK?b#Y;K58XIjyyoo0>q5M{4Ej87|JkXxXI|q
zJtun#Ya*B-E5;h%QE_f=1TiK7VhqE9ZJ3E6;b#E*P>{bRbVdAqg=a;A<f#VysByjN
zC?D{hGq+)or?3j}1Aa9|ens)ap$^$JL@`&zWiE55A}0RN_+bMC*>DjAf#ZCG4nbsP
z_y!YJ7{1{m7?K_<{ijeTF27(kJ$~Tt7=GNEUs>l6KfA@%jt6t{kF}utO;`f6R6fWg
zy(Z<ZkyT@qQZ_@PHj6m^d?gbgPRIxaJ^tYRofB91yrkTU9H(WVMYIgf5-s=UiR}lN
z#P&ln#P;{(i0vONkksNLNg05C`rT>TmfP^XcR*5ak(5ED4rNkVb-zalgw_4Vkf_+-
z7+$0F8x{9HNm6Hw3I6p-OT?d`IsjNBWAb8y8za5nkk(UR*2|ts6UjfAujkLyAy~fM
zVuPzqw47wvASq{p?UNFapNlVFUu-bB6Z0!q5~Ek87Q@Cqqf`a6Cm99SemwtIF+Cy8
z-4Ww}x<yItUr@1h9&ws~tXv6=j9$d@Sq@sv2rkp71}yGMh~@W?)WHSflDiERU$Zi8
zm738@g@mGtgIR9F%K8;q?lf`9Ol&z&n@SD0Lcf_*2NO~sgpF31%pAwvP42JyHnzd|
zsN)h*%P$-D*wpDcq|}hC)vh#$;gGhquThW<)i%%cQGz(P9r?6cjV1Dr;>ATMUzN<B
zvx!o90K_~W-cWo^izhk)P)#oHKS~a-mOQJ=0DVONhD3JFpq3R#{`7A3_HO8c7O%W2
zrglpdp1mHnc()vo6)aLWTagsd5+ASpY00=<w#5G3;j}gOv3E1N{{|9Mw}>|a)i@LR
zIqw(5*tK!{W#tES-uvXivte}LL|&~u4T+-n8~TzU`mz&vcj8<jkv-kPr)of#KD@yo
z)C*9F!n3GTOiO7lcr9l_Zs3&<(9s@LUlcb4^UUyC&sks$+mazhZ}BQ*49yE9!-?=-
zZbRLz7LZ6Vl58aUs!`Hk4S$^0(I(NmjUK2_x$6#N&jr*c-dkuLfB*+SqXPSE_4aIo
zN%VQx-C{SiCMs}%gea?nE#eYaw**g<S@eB_mR{c&xYhDOZOA^>H%er#L|U)}wqUDq
z!GZ&!^};mKN5(_wlVPhi7P$vyr?*n{HVM&&`X3TV<ZfC3W4bCf=pMDY4&Dv@nJ1so
z&)Hjp+VKq+qLoJMXSs=yQPGejlc&MBl%voZ*|0IVG*)G_ZX%)&U3~`g!_nNFU-aEQ
zhTT1g%oan4d-oGUxW)o9xE=#Ua9<r;dDtV`NBi02+SjHC!6NJw02{n5)_V@0y`TZi
zu4c|U0a<;OSkQF~ti>q(I=Bl$ed2q#@c?UJ&ouzP-HogP3)GvUujfkgG_`SGiNa>L
zJjrkjO>Q5rdQa`KOnR-}IMd+H<>UDguoX}R_H&}^CdqTCQM<f*3T{?Zo(5+&MhAY!
z^#<zqOgEU>Xh>(+uRH)>LsdHb|HHM|qN(0spvds9%O&+$6N<%cwKv{P#V6|)eCi8b
z5Nx_o7Y)rh4~(*iBY6LOOrIJrpP_}X3$0nu>2V^QSc$Glz+o<iUAmACv+pF&!A54-
z^ZBC~q~jJ$AUl<lTIGXAQXN?6<=;MS)F@*MOE}k)lBe$j^H5nZE~YFPizX$iC;_vq
zq=cl!i7q=(|3>byWDK?o{Jo{zC~yu)QW8Vg&{*(Q=Q^zfilF`d(TAf&(C%9&KF6se
z4zl;x3rjl)p`B4vrL6ndOXH<ITa5<>AaW?{=`j7ClyZ$^WZ{7B4=&(uSq`B+CCs0K
zQfyj)Xti2arwRCi0DZuGj@OvL3g_eES;?^{nn7zNzaS=TmsK|uy-SEc?t`zA1{!Th
zrwPHQ3`~5Y@IuhbIwFbF1aGD59(>r4dRGc7jBNpOU9sB`SAHJ1n$G%~ohQHxWn%mE
z(4-$yF?z0sF>gF83W9HNLhCytMEf;iJ42ygBtv@;F`$1mcUdqT1(p&)=6%2Qvmvfd
zyOw>wBk20Z_fo9i&<OaJgOAxe!p~8mPLZEh`q>A5qUquksoND&Ae8v{R@#T<TU7H4
z%UIi+T@spN3S0Nl)I<5drAkL#6%+6ifnZXb^aahhuZzBq$^b4_^bV)h+Rlu^(1}b@
z{c3~T?NlE#(G$FB<WFfYEVy;2=<^B8!(6{e0^ajFtOr=6dC7Owsa$Z1_G9q>j6*Cr
zz)45;uoUJ4zZ#!39o%Jzyfp3hlL1|>yJrW#BX;)y2)g5hNarq(?AhOhx=S3y##+{=
zmxU5cn%KFg5c6ZSc}5#xw_$N44bDzO2D%_--U65PMrWD}r;rGKFH~B79iPRxSKE+_
zcQ>{ii2_gJbHDj*n1`v39igS=B?2S4g;0SuKP!uMJI^Pd$GtLoQi<1>V-O^oOFR#Z
zM5Z1e)W&a?!>MGzeJDdem!!D4^zPJ?485?sWqoljD<{)jHsa8-*}1Cy<&`!xr;qkD
zpUY%5G8eg%ZY~pEX)zb4N^=?0iOprhe<E6l9~MUR3hScZDi^kizQ?ktL$Wx-7jQiw
zsRJ_b*4$vLuQa(+9qPa=*%K%Tb%Jj>PTyKrGW;ABGQm#^e48RGTb$k6%Ynm*C6BK|
zG<TM-E%p@74ZAJ_W||r)lAsX@8yN!)>$o<qOJk<nZH?)qOPeVf)`V-dE@p$^DG-8<
zL?H&|;Ds!ZVd(lg?OjwzVkQy<?aQ{T<Q7&EZ&zXCwU=N>Y(!G|TGcpL3BV3h%?rf$
z0^*C6!M|c@>tvJbIqi#Dfi*{w=X_?~IMOEVt5kzfQ6Pk1o?+T%Tal4y{}VD2#6E;6
zxa3Z4_w7(kTu!!^-Oy#QZ*8a_2JljLYZI#oWm!oeo}IK$uQCXs%>2sGb<E?G35%y|
zZLT&D{l)_cKc;9XE-(Wcc3skYKSD|Q1+`Oa(=cYa8_}t^Ig^~-X^)Yv_K>#6--bT7
z!>2yp1)9XBNY-Ltxe*(2p%<In_b$$IPpWth+2Qx;@C}oJRgLx|usBG0zhj$@)M_Vf
z>Hr;8{ec+KAsHwhiN1egLA4lgrm`T2JZikK#05CqJmVfW3VL+l9Q5Qz9R8$hI`kCe
za`Rk=ArRiHoti_Bf9eB9Kqb%K2Go4t4iY2@39?e@069ShIl=b$8Wa=~hjdrX?fMKf
z0*O~v=z84c6oiNcRWx-aj27@3=7>+2P=7?!tT4^(CP{WXzT<)I^}s!6nVW$ofB+tV
z+I@3qFX}qD?L|Wjc8Djz9gN`|gbZhY#F*JpC~BE4>aRNo3z`JUo+&0lTyRgAUexLe
zeBI?_IM%?f*^!brwJ3S~PYuAl7Q+?=&QjUz>}HY!LD-@JwnZz80p2#+^$ytem)Vx0
zeUxo$B}lNaP3+eg=eD|4SCQFw+m9@|t*YKzs+Gb}l#Jj96w(fU7tO}GWdvV_gp;DB
zxb!4mGibSx3_p$8@KXp*re~zpa9r1DGtQ!91_IA<J*H_5J|+sODY3bQM_J-l#yH|^
zSRG@GE{?VmDk(X^3~2ro_I--_{)Z2>bkO%H?ECx$j0XfGeFc)|W&}gX%fpJ@`XgI0
zE3Q~Ck`*@*`+pKfWCQ6O<mMIp1RCjUzJP5KQu#*Lrb8)Y(;_qJ;X@;<qptDsHC`Qx
zjNtBw`;ix^>62K^SLx1=RX^_4fdy%UuhP|lUc^<0?=;2AReMouLi|Fo(*=eV%1W)M
zOwZ2-FOc9-474DFd5jKg3%oQLMx%5Cd?g_@;%zuKu-E97KWx;iFJn<kJM?6iV>J#q
z0Z%2+eVUF+xXL0F!ksFq&%t3(U4VSnb2%(fwWk_R6!;0WyBcVBC!*b3T49<j5vD1^
zFX{Bvaq`7_cK1`w?|$YW{-%g?+8CIdMSt6N?Q|$in-=(055GT%5cOw0$V8g6Rf|nY
z&sI#q|3s+cPVN5Yg&m&e_jADovEn_N7r)9w#--+Laf!t?H$8i<DfBQeo6x-M2{?;R
z+Staim`<W~1#O{F9<Q-!R<j!4&LW*7p}Pf@iBJO(Kkk~(-}{wzI`#zpJ!)4xMeNCc
zM1I?WtVP0tHfX1bmmPDOU3T2FGs0$!n-gI!%A?;#z_+MAD)?_hTzuT%`at||_0#y@
z&&U4;Y%R`ms3{I>rF*EjWT2tqY~`d!>jNgY8IP_hSCj>F&xFJA2Tob=zyl~67Pq2N
zN*vH#H755dHi|D-jsR#RjS>l)9~LnHWHq^TTcM#lG{AH_%X?hZV|p7w5aRB85&N>Z
zak7GMFUbRzzju$eaG;@2fbg;}iDwx{Q1)I9P`;a!lQ-wnk<A>I^?bjUY~cMJzrr%@
zIo~%0Sz8_*8tatJjIf9A>WkfpO`&xz=MD2`@^Bp;{rX~EiT!0#wDzC(YRL)22R_C*
z{24wk<(~oNk8FG_t84|v2=I{fujXV)O;3=N^khjfC#nNR!O1%J?*fH?$4y+4e>BvU
zzo$0@WB9tU7LFe%E|ss5!>eRc7JfI)ErX=4$_2$0Q*&X3_t`u%>|s|`alJhkNJ-j2
zb$Bil;jY84B(x=y&~_RACJ{^@FK9AMbfeVmHizN36gZyv_;yZVJcX|aqJlBZ$u9_u
z!yctv7MaZ{QRZ{PsEtKaeU;Pm98cC3P$;`d`ze59MRC)b@;UMps|zro-5wh-+O}ov
z%-t+{A0|;ag@s(ciyT*^x08r+Akr9ikRe7%{(k5q|0upsnNoo2*z8Bn!_ie~SS^QF
zW1r=cQTD6?czr+hC*M)t0qR0TZy1K<FS$CPCC$9B7rsxtnn{~}^K9~{W?d(GkT-;c
zS(0_bq{;bfC1u@WgR6_A7G|sI3o$U3$)@&FlwJ#g1S;s`(6i1U`6mEyPB4E71O4Vi
zyz3a`?*+iGGDh|5Q(tMctM(Tf?TY=CMrG;?jcVa5cGdWTT`|6*6uv<BG1g7)?V*uM
z0NA=g{&ZYC%RqlGXs^nW-^{;_Xt6J=6D{UtqGkAU_>#F?Y(E@Q+Gj2k+uI?fy?HsY
z6V|ittr+{$mxl<a4k>aXxCg<hGz1_#*q@me1$!!KIPOCSbr^n|0sN>`y#mh-06T!g
zoE>sFx@9>HN94c};4xP*H5@9PYYph!$`HUpypI0<N4Gqy%OvafqTfT@@u-4+;u3rJ
z1W)0tHtrq$>h0YPIquE<DyDV^9A7)gU)UXk&{?#<Z$w@s(fvLZ0el~%+Pjm!H`E!w
z=CHe6U|B<L@HbZ@4zZ9AL2=2@1kX7$b2a5T*GBaI0TFySy)8)3hOLtBFV6C;xC3^m
zyeV)lDU_VQCDcBD3$3|>g(JU@0(K^38{ltR#a;u3+5|yI@NE$npr<os6Lc}LqwF`&
zl>F&wvUSU(Ne;sa*}8txlM!6%WK+}U0S>7)1#OGd)#ga_8AGBpjzsMk68#VOGf4@|
z+}jWi&lrR|h@ns#qL5Mz+kECBdNdq3l!Re8<L$W<>fo<A0sah6#;=*l#eh_p+CDP@
zt@M(~$U7Nrn=wY`dcv!0MkI2gMB-}MP$d~wGQ)#-&nUs9#YUl-vy}XL@7f~q<*Iy;
zt>6=>{6M^fnRl;Vb#N}3St8`1talYqT5axQEc#MH1=<HlsI*N6ZaDHDIU>);&PmZ%
zNtTRwR(>naMxzxxFN<1{yTmz<(Yx}bj!AmiYjQPG_yBN!i;b>ZRGW!nB(xCfn0y+1
z{9dD=ty&kW;{M)Kn;1MTaC?wb<Yj%kw)s1fpCc-%h`C1B?{zg_3a!$<UZYEx75YM(
zyEc{}`p}DB=q>GwYJFlECMsH&_4>qqi26^%AMIdVdN)iTLH7se$ex2nat5To!Z;aY
zlpHVpb<u9$AaFwm&GQV(+<PFov$lOA2=+;uun~Y%WYS6QQ5ZeyHK3j*Gbt*^kHEEk
z_feAL@B1K!<oKs%?xoYX({wzdlUympeXL2=b0+E;;=#*U-pCX^XY$mUFxB5aEh_&5
z`)xr}km4Nj)%jm!XMEWc{OEQ;SlOJviNmkmdi*-d@yphlT>lUZb#H<mx2~KLk?URE
z)KXJ;9e%q>DK&+9Ukt%sn`ac1b)J2RRM@?h)B)vNq&Dj$G^>w58`f`Z-1@yUAb$M@
zYi~_vJW&19uweE$sr{C9Oa{CcWx%^oYX2Z6V2z#}5&HO${uqMQE5+1u2~JkLWdKpe
zf?+ZJj&)&4w6Bp=E0bVZ71*+|_AdV~H9JdcB0fY{6Y*+;;!$zC$XnyQ2!l|E;&j9b
zKpp(3E~042QgsnJ?GUPfrQX3}*-1}d(uDFuc4x8c)(%4Gb-+G*5@FatqaOR(o+j+e
zVR=6r_1Jgf*KjyuzZ}DrprFGQ92)8wK}aJ!=|?d~eHR3VLbuo|8q(Y)af`UCBz_TZ
z)ONVpBIZwkMZ78=Y1ry?0)){%$71E^o_}Cikx1R<@3mP9Z-BZK608Ko+pFDexZoVh
zkiu)Fa;x1xAZ%9*)^pQ<u`{2Q6gXR^SOnLV%yCuWLoAR1Is4QWz%Pe#3T>#kaFukO
zkw9}<q8@BDrwD8*EbqfaJ=m6=BJD~jng}Q5*QqEk#PoM4-YVb6L=2QJHVIMbVkefq
z`yrApZb;Qh7q?eLr3;I;`PGPYF(Oqb4_r|ZFI}8-MWhS6zSyZ5@zTZCXfYcW8^Viy
z2gMZ4;qN<aSuyaoy~yh19_ks(KB{l>of%BRj47NV6>fNyi6!lxWnxM4vu(IPt`_(e
z*5g+@L#z0887EPr3BRVq;n(y1;_>TV?b%6ec$>!==+Gb>Dh?~?O*dci7uHDOjgr!U
z_BOCv@lbI;C{?41g4^A<hLYa7fRa~F5`JroZR1)*tSxV6_uBw9ldbEfy$Yxacq~S-
z?p*_6)}IAE){QzrST~#H<r(x?XFow$_k^JZ*3H9r2+ia__Wst64y0m`zXy10<@+e?
zA4y<9zPD9A<EjMWGcGjt(47V1L^=z|vlFt1`x=100|Yin<*TLg^=hwKYT-Pka2BwT
z!Jk@iAj)Af)Qvtf4GIY3e?NW6HYK&!3J`PP<S1MrDZSPOy`&rplQc{A0$o>eHs!n!
zQQ+fcb2+qY4YAudsr-AXe5<4~pH#rfcn;y>VK)tAz82VL6fH(k%r$1iXD6{ee9u9P
zYhx#JPos6b^eDw8y%NMFg{ehz3loaw_DT)z#+9j^aLG!jV_gA%%<E19_qqa=uj_*N
zbVvK^r7NO>bQb(E&pQPbXQAeFUg#+_JHaOk2?T&JoUS(!_1VrIjA+G0XStmLuu-sa
zM6GB7+c>X1LF`ce1b)&Rr1EW&fB5DU*5xTU=uV`tgDwF#fO4~>7~&ob<NaDw55(H_
z7kcP0dciTm==Ch`0sM$!^u%NMex_9088{p6Wf-xt6@ROegf8k_*;%r3!J%I3us&>Z
z86C=_%;k=3EisASFN_ov1lG9BDEW4YbAL3VI<SPELF75rX&I7QV!?PH_>{)_<0J_-
zFvcnqv{551q>p2l>?TL<Ny)cmdK&lmd)vKR!%-hM2kiK?`%(OFlKsY?&_@|`GRjv;
zKA^?9HFWFl$j-xfTUidnUepT|NKaOl!75UG_oDn=)%I*N9royCDbyA1(Rge`7{8~)
zWFj}*vZvZ8c~*ijdS7;t=pB;CCg@Nn6v+PcF1C7m7c|D|fOeG?Q@h}O(D(4&Gc`Le
z%p42Z)RfrOPa+u$)zHlv%A5tNd7k)QVA5+g)!xNug&|Q{aX<hDX^wcR5`9R|9MG>b
zceOrZ$!gL21o@^q=}?X~^Lgj+gB%p~03}<$bBF`>N(Rj#7VmZX_KV)}2`EGs9$-Ki
zo}J-@LwUytv~jG%u>mBiWF`HW(|2@wIw5P7LpkhFR%;)ZZG}CrIenEFpgc$Pjv=K$
zb#P?7zLIXe4^rFOqLbmUuX4s!!M{cP3iFJ=?qe5bFE*iwcu6SSN0%jc33BeXW>9#9
z99aL4AaG5KOdl`q_LL!3ouoKwEJP;Ge8v-@sjy%&3@pc{I=dq>sihXFTQOIQel>2_
z66rOd)p9wEorK*ra0py%60V13#VrKixPXeidVNm>W7=ai==)u|2PN0T=&lQ4j1i-^
zYayFO800thKw{)j(2S$R1iugB4j^0)4!CeJ5ZMgB2Shz$7~;aA)@WbdLvTX17{icW
z1gDO{J4snt&lAK2HfCf-)Mr~TCz4ADB`*9sTAD2*gRw`+C7XI*w%Kz&?7oJ3g8h~>
zKP(TnT!UI>3?=37aw-Q%Spz~@RGBc?nR|dmc`;N=>dlfmv{X`p+69x5T98zf&FX;c
zpo`(QgH&U8wa92)sjQrw2|c<x0r`}4$_D5i2NFc%n7Eu!56R#6(Cq64ZSx#*+SFq%
zd|wUU8NE~oWX0LDk~3bk4~lcFgM273PjW7qfgvFj|Fg++@(#lm$#ZhLcE}I-I5RvG
zS+n^VW!&i>Z?b)3qW#o88+}>lbNLiij{Jn}eAiZJ?u0|J@>hi>d1fOP61^-cQ*e;K
z`wc_X!W(4ua+^B9*r(Vy^;=184>{Ii<8;{C!9|kNUQ+L@lRSY2NSjd?`c(G!Hvyd%
zy(<NJ>Kf`5??3$<(&^molBb%&yuCD>kK!8HKY&%7#~1-Lp;jM*g=~i=M#eri<5XbP
zIyscH*!u?fr1y)>`d=b@j#Y%jm_2_ozWtP~yIp^f)xiz2nyi+>8B}k*(>Q$}d^Y!g
z3G#<JxDMTMLJ4SZd2{DJ@#XdRC2oFSB6_^7$Xy1}r*OF|53f?5z2?7Mn7FgF>4yPB
zgb^_gm(Y}MTqX@N3TkmFU8&@qq4Qa+*Pq>64$|43&hjp=*Pq=>4iY!o5KTmGl-?0G
zo}>VNvH8i$CI!P+&@@Gdb&Y#aiMT{E*zjU#1aK^+FiFzN+B}6X8r%=saE2`A1$H&^
zCqXFV6R^P^5|?b@Gq`gQniqDQT2BKUdKw465l##(gGSe}oMqg1x(B;6t<u5=C}UuK
zB!!JxIvKNn)X6IDk$6E#-10MHTdaoLjpMvlJO9N+d9{_Qan{IY(uJ~fWY9zdPx|gO
zjqgvt>Y;w$0fPFcEU)`%J=BY6_-$W4-2&>fPlO}>>W7uavHk8Rqb&b3Q(Hl)nH;5V
z)NUSqai&wroJDASfAiTemL4*KFR@9P*uYnv(obs6ewx&gUn%dNU-grEaz9OK)2}Ti
z^;umw9P=ln6J$_)jxLQj`w-hK55vqV`OMydnH}LX>!+1HN;4ys6wFDTVEUF!k4vVQ
z#gZET69(%!*Ra@}0c6LdHYX*;;@O+1+&9-0D(AC)!Wff7zgTiM4A}dFxMU5v%CRXw
zI+YVq*=9I^1D{VBQH2Z>Q-W}CX%8%`0b*4L^bq^9ffSGKZ_BFyzItBzhf@To87K8X
zEdGUnxRm8}IHd>T4Zjc&-#pa<h+~g8+mAZbm=dKob6TM{2`oShf-wKL(VJ_vV+Rq^
zdV(XxC{F$$y5nUe=iEt}#+xVfQ+#kAO>sBNd+&sPiv9M{6jz+oPZ5_<Q;zB0S0lZl
zo1PfGkz@4cp62u>!F@l`o3@g&7kg>D<6_k2I!0{<v9ay1i&C4v?IogeGs`$u7o|2Y
zu#C<pqtu3myYr}CUf0u``(pHFT#MCkKZE1EPJ8mxi_;rPHLhrl;QVzU?akLt&=7O#
z^e_+A63nNvynol}VUG8`kT~i@3z&C2iX@ZK8%G?y85g5B(_29)4@apSZN)>E5OS5w
z6&E2mQk3H4Gm5jdj?w?)`dM{kv-*nV9XPI^)!98Xt2gRe%<7IKEc$GV`}BDFLy@j^
z1Sr@F0fMO><5RV3+eft^K!)Z7Xt<65jnxq#Nx5&0DfCDy6e$1mcnT!PQ=okVTcbdZ
z2IP%eQXqu5o&+s8PLOLns)y>gy9ufjS>D29dZ@m)o1l94@fJ`G9@g*A-^}kM{tkX;
z@GlqTceW0U@jJ_o(FCrJo7}#iX>xC|yc>?{Cs*||O>WjP{p9dHjAlOkf8uu%Tkt!7
z-*zzy^cn5qjwx(_4<CtApd1=q$74q+W9*SA1rk}twxdxBL}M-s{_p%wVuasW|MCCK
z?-VfdQ^v;kQAiK<u|E;i3t3*_5k1sPe<G-79c=;iSG3>7?<DH^o#OldPyEhGHmN@z
zp@IK!SU;&(chRJtWqFT<^pkpi7ftH^BP}KsIQ0AZokTsqGv>bk2mH>;e_WE^@wQ5B
zcAsvY+BD;L9u6^r64V26=uQG+f0lRcVLcH4u#<q;HPix#QxE=Le#iJb_?_i@F2V0S
zG*HLyD2HhpA8Yz4KDC3UIF99gq3NeMYzIy8&cpgCqE9aEPX~TKzhi91@7%xTV$^0B
zqc*#OG`3$4MXAlQABm`}U>Qw^qSWRuEaRhKl-kg65AXjy{Ejig@AUcTf9H3$%d|Ih
z*$@j3>0y3;JHfmy%Ugd)5A!|S3FarX7BIhl|L@^<jCy`&OWFUC-+72poJTcA{}1YC
zbv>Jv%<@hj)X%C7o7GJ%XEo%P|KIo>qn_V6bkF|_e#iFFCHb8Wtx}+|r+yp1bIl=w
zocVwrsvEZvRFhcV+XwVe{bCzIHF&TERL}0c2*2}ul>W?Xh5jUqzJ(luH~%*JldUaC
zF`&78bPEI8kTE^q!(rG5^t%kFC>^9}<nGr`@yHJ}#qKOGZ@+$un|`1vTH>Zi;Xp3m
z8##Z`Zr>hZcW9PQ_AsfUp>onlm~do@Kz)>C_oMXI$V}W0+280!4)p@el0?~TS5}k-
z>u?*R9eBrA4$$z%|3X98Ze@e6V5!glq962?Y|xJ!Xff!AKqgqEr$6_{=+F2TtKpuE
zE0L`||KY{y4_(ByMu28B0;KJy0e-bl5Ao-=(%`>ic?07H|G-un{HOa{4F3H+NPvoj
zX0|=<XLb8>cI#NBa;)k_OJ&yN;g_5d6u}$CS#-hIVs4ZgOlG90Gn>Qqz54mRzJ=y@
z;TOt#VxN9~)3?z4_Wsgheyet~`9=N1>F5u>G>uL&+0c^sz$DWQ_;3VK5vMvxdt}%p
zd7yid1U;l9LC-3?qa=ucV8qsd7kZjQ;9eai`s)2SO0=6*z&os%pSs|?ax;3g1L@IE
zb<OD!tE`kERf+)K6tn(MTD^||Ik8p`<ldVJ$RDx1q`i6|civ1u_U~%}<OhFlLGOP%
zeM<Tr^yvYk0iP1-clk*jeVPFvIvJ%;2lmorls)>1IyTWn*Rs4td-M~{+e8!n$6ozJ
zDH`=NKmC8~eF=CI)%N(LN!t_(lS+}Is6~nvsYsEfks=LEVTLB93IcApRC)4zDnbH0
z1X@h19fu-5_kCB~#RU}=8w!+7R%KNvh%h0t2wF-D&HtQpCzF}9EGoRe@B4m!k|uNS
z+<Wf1=bn4+xo6S%6Ztgh2ALmWPuE7Vr&w<h^QROrKkf1pGpF$ybLzujTeFohr)O3X
z#2wkwty>NBzltD^Z3^+iE#dWjYWyiS%%2)wI{s=V3xnqPQyk+@57rQj?Y8PMzIi3V
ze<v$@+W`Okl?4BgnkMjDw){E%6szM;2XXycmA8hRa70iA=XAk|_>;<izt~1&=<}m~
zeD&Yb_?~BF%YM|4Z|k=-zUkYVj4y5T@%hssJ%5U6hCjg|VWZ}V6mg`3l|=<7l#qx$
z-K1kr6Lst<?3?EVIq9BexKsO=jNFOpM=__)%`&GU`=Xf>y~}u080mW6^v|t?#PwVB
z2!476A-I5*jrl>3;HfJJ!9BJ%L2%VZiodPrN7FQZRM8CO#4|@cqMTFXN1c_KD>-x&
z<{z)r9ohJ~+L5g_prvGTA*+D75PzgG)Na;~?~CO$zDca?*k=9so?lMmyWvOu_~LPV
zKW$*+gY#OsD=l7kUMq;4*KUYDuf=<Bjp&Esv4{L6O-^hS1ef67C(xno=N|~P{+qQ!
zTP(rVb_FXCH*1HsUzSn9$3JL?HiEX-2KBsis^_)%@OiE43&&r*{9H>+bL?m$fgRhM
zL07&>kL~<rgza-!*|`R6Uq-;UYTVKU+urq&^O_UW3u=S7J2HskW=N`3JFi`sfBb>u
zlxM_5pVxBux!*>Z5FXe##)a<LLZHvts2`SRDGh5VD|2qr4{PL78djgC!+PQSQ0V06
zwJk<{k<!d@4Mw_G(-&n8Zo-Vrr+Qo~zrou4Y3<Qx85e?{tHLKX{c-JMp}FJQx54I*
zYvmnc^ry9q&4jj58}umcxP(w@V`aZ?(4#bV38D12O-)dm{~e+<+CQ~WO|~OrHnTVk
z)lzmp%QG_2lno4NCX49-zYAhiry^hWLkX~%QNeHMuJ0(B23)C&C=YBlP?j?dBW1-q
z`VO>&gQ*-=ZhV%-EXbjkCru>76!Mq;cnbx!6r{yLFWNJtW3VrIf<=^v7or*P$3rY?
zc>rB?&<on?Z4aH3FA_#nu>rKh(c8#-b?_R3s;tt}okc^^m-Y<yiFCVS6VgU^^mZ`q
zOW=Yx!i%a4lkOc)tgk)+a|Rw1y4uJuc!4esQdXq7Z-1obD3VYd#_I{f045Y-^W)BA
zv4C|uOys@JKX6>&Jc>%vw$DbI;9I^|Syrub@nR}CpB3EseK!g|lf<4{Y2DR+fo`D6
zjcY^3eAbb8)a&$1XaY^+N`7uW+klG6gJNiS2?1-KmB2^>m(Ylk`&dl0+~e;*xiHJW
zaoFln5iOLqDfd3j=DIJwJ!vc(EczoZ*+h1k!MoLEl?%t~p@q883~UegyDc0A$w`5Z
zBeRTP;xrZphY~<A$(L!994@>(*gMjnvVr{f5ob640&_eJ)0Am*tiGa7G5Vc1GsWE_
zt?k)@MpWG$G{quKu}dCb=rRZ(Ra$-hi29SCa@(8N(>#`}Q&;y^W#B@Z%0aB)p>^si
z-l|;63c9TiKVj26VRcykKmK}-jnS>=q?qHZ=hiXmdgjX>L2~&6Yx*u0*iDh1Wb=G4
zz04eKBb2>m1II$yVVD$X6N8NKr5GmVfX`u#5u|*pn(IyQWySFK_cw+4Kmh$Zn_~sD
z^DSHeUtvrjwOJ;>mtih}0Dgpd!Pus}z!TK5pvv!Q@z%zfJpBZDAf<8YdBB&0Q07LU
zyb_>%npB3{=Aj9hQhs|2E`Ta`3TSQ)7E{D?b8zCH;3XX+;7ljh#LXs7Qgbwz49yh=
zTSqD!Ai9Rr$T$UHVU#iD>x5`71N3A1jtHyu8jYoV=O@Ba)=@#q8pcxQv!`p<=~zmO
zm3sYlRQxm@OSzk|5K~D#(A#8oO32kqA3$wWkfAKFdT%F&(vdL~z3Hccp?D{S4dGWH
zKk4{5qcbP*liPLv%{Xt;0)d|&Bgm664f^c?Jc~7DFUnmYve5n!dHbA=VKid|&ZB`x
ziB5A10}mOhy}FJeTkFJg5r&QE2w31pRH9|QAnj7zz+ccaPmu9YJ}k`|ETB-Jp#{Pk
zB{)Ek<1^O=`-*bUG@-24d%-tEKc8QU;ffa<JgMSD3F^S8-`S1sFxVO%I~8N-gtpz+
z(){&WrLmHRZ)ghJv4Z}qG*+^M6*R6fvXZVVn#u>)XbH~Np--ATITd|~k*O?-qo{b=
zzOgcnQ(b0Mo^n6T@+zuSi#taV4&jbR)ex90Hl~>`eVbE5U?Q?{I{ETV7%5IpOLNQr
zN>hx%eeNX-@gZuow$vD1w6=@P$RdUShgd0(w@}~<bf4BG5)dT}Zn2uIW;ZF{4q_qu
zFl336TAS1)&_7=`J(eQ#*!1apaxp$pJ3-E;2vVXv0(On@6k8EC8hA{Bq1s?zD1BMG
z;5kr6p`dh+Sy;vP6jm{lVk)jw<3rV29x{0^C+fb{h=KPE7}&w-Fz~f0jKS^1E=Po4
zTgI2Z6T@CZ?mm$sB(Z%oP{eQui*JApGaGjmVEqNmWBiQG4?-?aTYBkP=I|m=I>v^3
zB2m!*;L;d9fTQ$NH0>1o^4_dXe}F9TSpYn~bRBWs1vgV{En3ZhZ}}?V8iQF&OIb@p
zG8~enbzrVZ_ikhO-DBEfR<0$FifL9BfA%}<3WJ<(F;f7rJG+HK^D*co<Ly)8(5-9{
zF7YIF^mSbH=>KgP{XHh#=)2MANlf8OcM>#}HwS)VGswd8AtCf2LRjB4*bHAf2bxm@
z&bTNpQbKZh;5pN&pyG1Vsdl5qw9&eVaK0niB(4SGV@{>dyBM9(zNdx`)x`~!6Q^rY
z-fWapYF&-XbP&6=JQV5jfow!5FhF^@qWQV1%Q4VC_N?#(dpb~{jq|nn{wzG-b59w=
zCmMQVU-Vq{vxr4jnttilqoL4A(GY3k%f2`iHNV64CN;j%F5{3cO0=8?Xbbxyji)1+
z+ESWyp`KJdy~1Sb9i~N|yyXv!X73fMD80`m?J$nv;O7b2w6ORm)>9nPOVL9L&cyuJ
zy-wsF%s)J`p5>H|S3Yk@;sPT6WN8ipPm_c3Zus7xLV0$EDf<T3wBo+V#sxBt(oPt&
zoVLg#)!G*M&F54QSVjfrC0MXkd5b+=w~T(WUGsO8%frcBHpa0ys$(~|*U94>m|KEx
zvc=?W0sOyv?Eq7Z7dD7NHkWiHnhg%jkb9cTYCSzg`ATJCeI4w&`4q-454RQ<z14M6
zj_BWSc8sYGzf)~NMFwX)c&OnYv{Q%lA!37NSuR`Z{e+(@g!gMX@gd)l7M=p%kp%B^
zqO=fq#d$JwJRgOQ=hvdZbwA8CYgXBtg@>P1a(23doKbcwUwlgPzVdQw!0phmhYE$E
zoS(&ML8R>z^CLb~Xbp4=u_)3dQ_^6s0}34&q0p(KT)={KWq@D{6uLMoXeYyy!9bz+
z0)-YBD6}9$va}2ig1SI?wMco3iSot)<t?6s5iz@7NpW@#Gs>%#6X(olo&D;u%_qv+
zC73oM<@GFAhZ&c}JO^jC1aYyXQFq^M@ZU=(UC>b`Ac2U664Dk-U@EP`lNJ+^eu`)3
zFr$owPk}&CMjDQXDCa{A>r)Wx6G=8wV%75)U%r!T5=ZuEIEF19g7~sK==X58>wG{P
zG^VUKEyt4+2tedh{HwC!N(&3&hDYsmU4)R_9}`$_bY|qG+h|W4o=(9mrS(GBdvlnu
z!qDzY%a9XWI{FrXj9`yZ6P#>SFs7Rd^RA{aABuu`52u6q4O6(oX5|Dpdde0vojgmg
ziPbusK|$p1Q#bSeaq4D1Fpf6!7cMev<{va#Bb&Jj=ANct&b1i9+@}X~j70?#*jz5L
zxjdj>5IqZ;WuSm3pwGY&PJ4?l{Up3eeaxN`k3<H03T$7cRAl?R)!+@+_QC+Vb+GxF
z>8R~J%TXI|@+LZXTRcV?e96rA?{VZfdQwn7H|szhZ&pDaXFeUEzTZ>7pAx0bCM{lp
zDp(JrbMk~36p{M`uOLu?|FvbJwZ61{umc7wXTr6v0LAM>?@)rVsd$ac((JjSbSYo{
zFirfhG@ZPBW0*csV19yW4w%54%#@=A=F+8;E{b}K%_6<!?G}C`c<;$k9h?%@Ok`91
zq$^KhcIN5y8I$R)DPb)G4f&+fmSEZ(mbSvPl5#o6LMKeY5LAsy-A3BUnaJ`n3a}Ur
z4!P7cGw{PJ2upvl&)0fjBU93{XpK>ZH*YKGJWL9~a}W`zLc?gk6mr)Zo^Mi}M1|H(
zd^iupogC5hqXU?)e}C-P7)x~BA{vx(k$yy|@+zpXU=&5pZBj&7{3;aa?}&S~3PQUu
z`9=5NHB*EUJ2c9YE#=5<a|F{SX|aD_tlV=>=2HIE#r%K#g47|6(C3f>O8>QS%puxv
z;LJAB4z6RyReyb@IWtKXWNP+w1B3JQjW9Rw1dXwkaHql^B0cQr&O|{wu-ksnGV&Y)
z=ZOzoMEiVW)K0VMtptsOs)FJvj`#lP@dhyX63B|jE<stbT|`zqJ1h!1j)g)-x$%)k
zCO5WIN`3|Icz<I=ZrpXuC^ybK5|$g=b^zJNe}n|VWtAiz`oGqcX%D_n1#?)z@~@dP
z?Oyiu*-D)<?Q0lIkW(ec6y=4ZNhCS;UfrJ4#|IcTw5dL~k_+o|zu_NP!5v4RyA&_O
zq($tC#))fo&vcB7py~`!oO3CI?mzC;-|vEdmqjqGr~G2yC2+wUy#^L<x%Mb^y~9^A
z!Sj?Y_Zy-rxYnqV6f&`eX%@Qk&|Ph{ec~HJlJ6@Gd*XY9r>U%<y^6id+0%b~qr+bD
z7ftMYG;z$0e$&TL6mw%R0mRss#(Tmg&0Mkr#+Iq~go7zR4Mhg~tmKI5Pw$fI5oK;A
zdHQit)*$$I1Ijia)W_BV%Ipp~FX{?dJ0*S9%fcydPLJShorW`)oavGd=+lzM-Z!6c
zGW<*ZJz)EHDR})&tSs<lH%=|!Si!*g;U^4hm>qa@v-&+%c6G~%X)gOJzO1LofG`JB
z;tmd9*yl15%T;fMCW+EvH<B8~tMU~`k=Zz<rdWrwm4a`Vin9Y4_XNX|V4ysHzNIxV
z-qxs5y&E;EV~iTrhV`UT9UalAUO^OTz^`(9PYV}3M=2<24zYr4ifB)DdOe+Hb{Esk
zZlgpF5zXxRDa~qTy|ieP)+SKkir_1N^k2SW_U~ViNkZ8E{cW0%)vT=lJZ+|ivx3jQ
zGS1YCbB|Bo7}HfHa0&;41pcmx1y4tgfN6GM4bb%IuJOuY!jNmCMDsK;jWCg~ovLbO
zw}iE_Yr|UEFG<Ka8!r|xE-#!{4>JJIe?5WI7KT!D$;sCQy6a=YBiI-CGEDwl>rAu3
z*B9uz1mlCkKJhGVJ>fMY%B`C!aa)IHy6fdS4eqF#rW#yt5zKOGWR@fFcE6-~>agRs
zqkkt5hwW03s*G0?7|5QtSkja`-+&eVJnT7A+KKfO6GCDAL`o3$nSX@n_I~p`qJ`4W
z^tbneW)nHgXJzd^*XX1hD|mgLkxnLlLNT?KdtUx7q-AsI@djN<DSMW-=QPzszgo7z
zd=C%x_l3>e-we?1Z-AN#wEN*GS}IU)a7IV&d8PYQLV7(+NY8}{=|LkQSv5lX{*?qy
zyCTJN>0_@GX;@93;S6#!kXmrCc7=njU{u=b1&k&Z08O0D&t0S1EN)V&GI3Mdg=i7B
zB2@sp&=EzJ{^BHZnR{M3JLtzwj#sxMeL~LAj~J`E--{QXFi_p=M2<?2KoS>x8n&#2
zFK8NH{#3h@`NtcymmT<=nd{Bf6ix-KV8iFeJDDdxV)Og(i{C}GOjp0g=C{QXHowwt
z<)+`*>>jReujN;utA2_XEiJ;bhO;o9ShciIHQIT0e_bdlU!I-{p5el_ewDoMt!8#i
zHN66E0KHGmEUk~SVK%xghV$kbP5Nq;rAO*Q6m#NmSZ_5d&^aAvbA$38mgQK&ufke5
zXAvPW_Y?h=8236YuEvGT=KK@=;@a~Xna1o`s5gxv?%sV)C=|6HuFwKWyW}x8gy74h
zBO%eg$U7V*d<*cUL{gu2M1!@&h+_1yXQFS7FgB|Q;~Z~63j-LPNY}DDjcLur7FZqq
zfdFcVBtWd*uC(L~@qUc)<QZt;h<l^vbc02@6R3IK0UXcHB#OBA32+NF;@)m$MR#4q
zy_*D#d$$nk?8Z9bxOcO=<3=`74W+kRDes)XvA}$5_0^_#HwNarMXTlq8D#!Iwc2&v
zSxTJyZ9sThYM7AHqjNYw-=;5ht#<8hjN{j`GYhfzY8UqR*)9oOGybQfA&hvHwtd=Y
zHAr@bs?p%TFS2k({T;25sGH4IbQ5U;s>j%7==7uo0%TPGBki8GxTfMK90_3t75x4z
zudXj8GgwE7Zr#$q06rv=^Huo5L~_qlVO=dr!%ZjzZNxU}(jI)%*@8DsX`-4f(Q{rn
zry0D1;&!C!ZO39bXbUm8=|7ZZEw}|xZLXpf(RPl;a<;roEN9OGD!5<{({V3iPrqBh
zblkK&lHNyu&1in|PHQ7S$qyR%$*KC=TEqUf&))Ng{cV*rvOE0vV;X|}Lp>)r`Vw)1
zCt2Bw5A~d&<|X0;_kG-i6I}G3=5HGbE990I;)+9SKM=e``3~X-@3eyP13wt!kYSqH
zAv%j>3}#Q(@%Y1$GBn?Z8^aWkr$1V4mIB5Kfnyh0DA^dUnvdutggjz5CA16kd#6+-
zeM{@%V#R&@?oY+(cP1{CX6-MV(R9~vq@Ol{xUi3wjH>0<t(jlwG+HHMq_e}y>Tzt@
z;P=}S85wO=>UXncb1lPVkBEIsN$Lp)qn#?7oKU4rni=L-w1k|PnKC<`)=-D=8p7%z
z2x?V3*5eYYMqc&A!)yut0C>M;4w2H@_p}4+Q!mhB5m><;@3RBz{p@LvIqbknbhYyB
zXnR(Tyy$?xj%e#>c&{1KlI=C;I^+V2CZt3*j0;Gd%1%SS)eqGj<5y+VktX*O!-h)B
zi6U~9z89R_S$c%d`1PJ>XX$@v#;>r3$HhbfE<Q5$NQf+7cT4-6(m`^VKB8f>P3Pw9
zU;BAZ9w4SE{WZt0pJV(Qi0_@|`Ssfoem!DrgkJ{}!u)#r&y4WS(HL}i`OyGAqTqR_
z#C&%j)|l@N6%pp!=K~^;r{2++@2KaPAtx*7_AX<-0svw_oxgi({XoZjADbQV#~8|P
z5?ylfNaeZ7CQh_hdwQd&j)HhALC()A`2t<LInPyYdBR8>rFTPJ2+vWnXrn7F7WFl>
z9Sxf(U_Xo08m>N&RcBR0R{=5R7G58=eTl*RzGr8*^qy7n1tkymKCR{f_Rb<>m4`&R
zz)IK2c+Wd7i?n&D!>bKnxg~#OIgFQX#o6YGt@yc>AiO;KdN)q)`9Q~mAgL#zbwt@1
z41?Y`Wb|)u5?^<|DwC3n6YpEjHPunH;LBFytCaTb)MV6An7U9}uUtBwjKL5^ebr#L
zWlOylK^`(PN^BLSRSLhpF2uxEX@LuA9~bErUz$0Vt55xn3Px!?`*A5LA7eYeM+7kK
zE&bNzc!svF1Xfn|mVWE%{0wbfd*9V>T@)Vo&NrI1?{2za@?ywTi_Af<Cacd{6g!0K
z#ca(y0cb0XK}`Yb4Z|YK(Q_!L56$y%qt(k{PH*+{3a7Jrc^7{m;-Gw_D&~Z5g_r5?
zrYq)|Ptg!b;xq%Er)okWW{UF;7j24THtB(SUk}vh9QP*;6q?vv&>o01yNU~E#8R$4
z8VaF!j8T(WdM*@i|5XzQ__L%@;M<cLTHrnQX#p@YfqmPDlQJQY?=?h#^j?YpF5kug
zBm<>PQm5-oM}4~*1-W;i2R*0n!DYaz#=cE7I{yugvz0zcJZuCjSn>wrY<IJ#j<*?S
zBZ8gxYBTnvg_MNXk&20U?Faa>*GL(0uPLXb5y<r;GMib)&%H`-pbqr<DHOm^tlm3H
z{*Cm2B9S~I731X6Evv6S#FrkRd7qdfN=sZ_bFx^Xfy!_Kl?PN~fCGFf23~j2m6af^
zl>Cl$HG=djS|=&7&IHT-l&w(}+3!WaB<)P6k#jeYOz{vYUzIL0TKxq>)F3#YYxIk;
zC0}ocoup9UMoOk_^Gw5Ane^bl0cKCmDZuMFm*vY-VXch7+R<`9P5v_F%67OK3doRT
zATG#cW{u%V6l7jRR&PbSbtxs-A#>^R$<jy?nk7kfa1KoF_}Mt+u^+vLb9@*Ty^>$?
zKF-Ji%7CSP@tR5}D_u}_Ei3CgJN%H*#Vapkykw1k!5Zj~M%c4W-bpTbfEBp8$y*Ft
zfah8_aOaCD3FflQrAmv25KAy;FnUQIZQ?T51}}x)$Bc!29z(2GlQ;l!>;_<|FilGF
z7AvQvRRzIX-#`)F1+kQKYWJS$B0O-z19G7N+y}okC{JpPd(+<L_ojpD-o%&9WZzP~
z11Wb{juTj!gLs+SzQmJ>>FPvjt*dKc7N$0Jgbl^z#OW^kQcn_1|GG+%7QLgRrJVM<
z^yBY!iE)@z!(MGcZ)r|RZHq*R;oa5X?$<`|c7hsfcG<{4(Off^$-D+1e}fiz<tzH#
z%l9aY3B<~(U(xSg|9F(e1bU;%?)Bb_(f%qV>>W~GqqxM(1gbl3$DQyZ_I!9fvlep+
zCU1#jc@K#DTyz`e13sXsiNZ8m>0KJ!)4V^7ZrU*0sP5WhPBU6Bn6|l`J}HFT5PN*_
zPj!aa<CiI~-NE?3tCfihc5cRtS0l9RfM+Pzj5*%Lh0!6k%j<;RyqEQ;xBiEPd|_o9
zU)H1kmq%F0m)Dx0zQ+rO^>$kEF?UBaK0Y~%;Un>+_^9s$_$WK;)bNq<8nb_YNso`Z
zS<F$6l`VNmkB=W_F-N&qo8aTZ=QVt=^BEK!LbQbUq#n!$WH{51_hY{%=ys$J0W0Lb
z5?(|opLZ9fZ($c}>2=bMa9DX}JK_e<BR$lc^rw;-ZVt2r+@uq3)NIcHT;%lk>&Ip;
zoc|>WH}z`trja?|kgYS<;{N^k0{faN3BgWsVaUE_Y6qccO~^mn<dB9~g^FRT<3--N
z!6jelF5BtNgvE3Pu6>_Bezpk;R#AGG@k}rnpnSR^PLmoIE4ydn-c_T&Q#q`hwH(K>
zUzFWk_|Q-tZoxA@EG>Kroc@JZXd-64KsyBPio+kKEuf4QT=b%LwC=|W{`E@u37eY-
zo{jc*($j0I$r!&Uqxq~GnI=8Kx(oyxTVo{HZi?B)Cgu7TFezz9c4%C`pO`u2d!AF%
zuqfAgOdMH?*!`aNnkl6Iji;*UR-|@;$=e3@Iqzn%h@6ckT?}&@>>(753px5uNGx6;
zgg{tcV0FMYXg@Huy->77s7PEEOb{y)7iZQ|#P9?`N<3I0z$C*F>?w@;Bg%2JO&)V7
zCls|-E`6D>o$$PVt*oe^wUWfjo_k)uRz9qtwetH*P1Z{7(<hn_<{TB7kJp=LAa8TW
zpAYZW==m7mn$5>@>q+LL9+ruc$7)9j1sBZVD6Gp%G+6FAJtC@Ru&^#KQrV-==@Ief
z3>Mbq#U_Z@`&88arO!`7I<pWz_iDy5-X)95Y1)D8(-^$5T>)H1Rh%tmS!W)Az5guV
z5jaHP8@@Ua6kf%uWjj4*<HCEo8gOH;;mdZ084~iDevXo9F)h7!VU0dN)`h45Fn0r`
zt3>-@zO+BPyyMGa=#<3FoC1l=n*+IyL%!RR$IqRH%4lWIDAMl$O{0FNo<&%QWH-66
zm4(yV_T(ZAr(inO)GW`JT@I4_P3pbksWj2l`pZ&I-gPAl4x{u`TvAVJ20W=`Jl+kh
zoI5Tdp1M&#f~r3X<M-T|fwBBCJ&fB7SpFdv6ScMd?0J<T?ouuZS#|mOu6q&-D1+NI
zEifA0;kB5-?RBcZP1!4Pbc=G0EkT#LS>J(d)u+0iYQ_3h0dEM;iFh^D@_AYi_dm_F
zoX<(bpn3N6>!&o%?PCSC&#`*np^y(9|G-lM*AuLdlF6vV<IKjzkzl69fw2v=^}$Tm
zE%$5d<5+lo{03jj_D&)j#rhkLgff@n_48wXdw?$snAqA$BLDM+>e^|~ykiSY$br<g
za|70B*hFim0M|~wZtZkqy9ZzPE2pytZs2rlXMzP_EZO%g7d?q@CK#8BpJ<3Rfi!fg
zws3Ih1u}eH-N#Nh8JhlcqNVc3U_AE>!Fb~%$6qSjO>pEx4^hl!DeZ&W+n(vhDOUva
z>*bQiwDmF;*UP-$XuSlUQP;}@92Z2gANY*6;J#?kHxPJKYhXM!@Nd>YPql$553mKd
zGx2x}?(MJi3oh|1w%{()7995sEv=*{*h1?10Ie(asq1lV!JWklcB>1s=s#@1-I>Vl
zO^XsS=OQ<h`JV{#b=_-oO)=gsq-pC~n8Q4e!zaU@ab>lh1VQe9eV`t;m(0rRt5A8=
zx-1lu{F#-dO9ei!>iR0o|J&T_mbfZi{!gaQ!TX|;$uX3~a=Cf~^uqc&6nrm<-0@7g
zp55`tqLuB}Ajw8{?9g`gx?{@IH2k6JV9zcy$RF2)FQ|@Dhu6FC%4rqI5!mM?tj~e?
zeN<%~8CLZEwhp$o99^b2Dc2e{6gsHH$Ej{w#_N}yBvbe@Zs$`3Pt{Wlo(D>sfoDS)
zo|_1sl>|>ndFFe9XE1(W`3-~TjTI+=r(PLxogPU{v8REBI3k!vGMFwSm>QLXKK=Pl
zHy>9-=A$)(B|S19iLv3XY)#}RZ8nZQNj)ukl8wIH7m2s5i$?(CE%`U}Cy>Ee1I_<;
z)L(Bc!JYE1PaiDc?rXzho3gHfi*{sJd!NaAAEfr)0(w_P?-xs1M1tL~Y4$KDhNpEC
zcsdy1**a2#=hfrF6VKrJOkJ>(@7LhrRd_}i;Tg)5^E4Tks8>{_>j;u_BZ}KwS>Np5
z;M3M7)l}rAC#W~^38rC9yx(|V;ww%MdCo#rI-U;t2y$^@K==w*bQRGjmA8(RP5GG0
zMn}(|Q~rljkOx@{<esSo_MR7c5)G#b>5x+{76jFc)|-qv#dF1qiScOVsl2(&$_0}n
zmek&#k=WPl<GI0-r4u7zpliKoUfSw>4)41RX?;{v95_nbP^&f@L)V497Tf&+O?k#6
zc+=6$cG6mA+sU_i@;y#b9s<Kn>oUZi*3DzfH)nL4o$4JUNJ?N8+vSC@*RVGQ1|>+A
zG|vS>#aK4xkC$38XQwu1EcR~4#l2}S&*e*&ZmQ#_oSddSk$66bUE+NV>&Ww@Tb^Kb
z;OTq3fcBl!>rj&LjxgS9CQNOIIon2)QxlR_HgxNfx(B;r$m4Cwv7r<r!Lu1_4V|B&
z);b$%F|Q|=G!_<ip5`(bb~u3Jx?Aq8@A=1IDYJcV5AcVRk}muPn^fZ95o=GV&aqL+
z+l>G5a|fByQY)2MHQyadJpu|)a2WLDkx1ZzqoRl|GVS17Ix2H9vo%a1{IrP}E<;-5
z?rIhN0dw9MKhB}MsB(ZWy9DHlACHAX)QBJtR^<wE42;MX<gW&D1$qA2$@6bjM6SSm
z<jv4QoTP~ruy7AlMb;B3X3sN>;#P{Uu8pGSP|Ej?Sy$I9ca`9x-6~Z=L)T+Ve|(7b
zN6*L*JCz%UsPdz*crc)QZ4QVB=QX>(`?BLOWLy<yV{VvYxNoE^EDrMc$;(_CIPbTp
z^DvcT$xjC;J{+Y?h}7SED7t=(TK{9UzS&U!>n8QhYJHzt-(sj=(WJgbtv^()A7`k4
zW0U%EYW+@X{a8c&OPkb>RqG$x&+5k;>K{88T|Zu}U!~Shpx>4FXf;$;e=iNZ%F2NX
zM^-g&A4n`Rl`q}E;n8U!Q(!U$gr;0be!{*?Jv{wL_hWFN`Hs^m7qUN74@j4W!+`<U
zEkdt0m-MU9RmftuLr8Agi3aG-(}Eq5QO9-y@%@Fe=p%+^lY6{VlxB>3>rpdoe7(k$
z)0L8C-9;ScrMG^O%&|~B?<E3b3My+UIsNS>%vjzln^k`G;cjYWpIZ4ttUMnpSF}x-
z)s35fB`Z*#i^mt+_MC-pOi8oO&msLIdwP@h6s;GPvGf#eb89&&ziL)D=9juyDc!F>
zG<@=)3IO)~DfT@;1@tS<cuvrU>%%-a)cDg}0@uX82hY#p3Ey*S6TUAz;XmsqJpWU5
z!h7o`{I*k`@T?P0_<O$NpDCNuIrVd$Q0Mf1J<-7J574x7Yc9g0m_`9rh}gg`hS;Kz
z6{}vss=i!7r#5Z=7t{RjV)H*!KmW08{%2zS-E8*D*|S^JXEgVoSa!@h+KAn>9Whgz
z`G@xEXMSFpc3fPJeGXQ^Ti9ql&iSyumL23?ff}P{Mazp9s`BEnr6e!5(d0!YC%TV>
zkCDL&k`p`5U~=Nli3WS3Chb|8Z|_Gpr^=nrvi8=<ti8w7_9#vkX}d8{k4Z}qUcES{
z@m|FIJJWFjTHSW5gA1NNdX`fj2@`#mOS%s2`cRZ(uXd*k|B)$p)pu@5LyY%q5ROtD
z71uu`N(W0C<Z+9K$jO_6mGFy<a~xmN?%ZJV&WWmM!HO<<q}4%2EA1U*iaW|JkB9ww
zaaQooyv!|ue*>KY&E6T4Q?lsrmq@fZCCAJYtvUSMA02Xsr?9rWXoAHpU!U%l@3XnP
z-jpNygRom~!R(~&qAj9-SB%R%(U#k(!wW$d)K5o|3zI3r4h=tHn_oQXL|wS#Vrce!
zwN)kqY=PEZbn>5#wZWi9o&_J1+6exix;y;4Q^bUA4*yR!cS3_Z;ZOkYey?xFUQR&&
zW7M=DQWw&E3?B;9kXF)-6Td*%@&Dj;;red*x>UD(b-KIgdKm0DfM_@jwBGFIKUm`~
zIw<;of>GXtqx@Jp$Kl@*<1~-Ra7tHOoN}QJ{=zISNF>K7>~IL>)V0BKzAna5($LyF
zmj7(zS<`>wU>BX<z`@?@9R*KpE_p(h|0j#XmwkQ<ud8~1l|Zk?y`O{O7ea+mS<ss$
zx7yMMALds(+ptQJ?!1o&Fs59TeI*HOT^wZnI6#Ea3BIZ<M@iM;uW<?hD9gA(L3iZ5
z10`REOL*U2Kr2AMB^M?rP}7Ku={gX-ws>xWW^Oh#Gv3N7X249|WOH?GgLm|KW7e{n
zT$|e|<5B4nr#vFnffgO@U^Hf@xzHN;rcrPIl9#zQ@E+?2WV)(JMo6Czz6z6kV^y^N
zRCQQLammxNT=M7~w|zHXI+a-1I<yq5xYPyn9c&By1I}=g8CtfAzG@rP^IYqY;lxsx
zIB}m?<SgS{CM8rOR8t(0;0AO9Kt5cCIW;76aIr%k=nT$>Pa*huPRY+Tqp@aA`JFM<
zxfV7bRo38ZP@WTfD!hH&7<TsT^;L;(-@B?6@V}hxq%KP-zL?nUk7H^=!E|`=AAQZD
zR+NK*YIc*DVl8)act4bmSk-UE+BYwJi_Wh-{g*mg5b>^}Nfvimh%X=63UBF-37^-5
z=)Yq0J0F>chqWnbu#wIN;Z5}Kj>Xezry3q_K+)IEH_5{BGatpmFWHMBvs<cho9Z(6
zf@tQJb_6K3EcP$T&TeWjLU)!L<Il85ALh>~XHOSR``q>geChkNbN7&)X^9SLfYnhw
z0QQKI{-YhzIGdw<@>!$d3DCcz{JOSz(&QAkwBB7YJXH+&Sw?WdBKQ`K6zxm-if1uS
zmpnELQ>1spE&L);_H?80DF6vZM;O+Pg+;7~J_Gd;cs<=Pa0*}gCC%pIo1?0ufn@+c
z*m=&~Wk&>kB97s3OB}=ZqW@T|=sRX|u_VZYE0WV)(k7RE^F*@%haG7n5ZX91+B8Y7
zv>caoTN<8=T$r!gg_+Fx(yn-ID`7|g*!>UT%^XaH^6XZgB{9c}fT-^9&nCOl5~Zz9
zslkaM1Oi7nHV_K=Vu0V19OX}mu^034R<`Svf@!}YFbqF8drnTtZj-||H8liq*gTg3
z9!H__E{w{+r6$I3wDvMXT6OOl%zuuEDXDMCm!dOmW-XLDLwso|xnO!T9nxV@9@dRr
z9?UYS_{WSpI0cK<DF`gq@Qt<8;Vp{Bag|Ap#xdN4oMUGg6{7#=*dbESj9kf;Va=^}
zW-uzsl{^`?+;V5eS)=hG5K?aW4H<0*NmDXX+?WLWhP3o)DPfQPwMzOAYeR%$LN;(c
zOxK=@+9Z%y7V})B%x&5s`fFm{rWzp0$f9sz5QM<B$B><AvoRIO_JFHvoM=**Dcgat
zRdCPGBo6>DZG=g*A<oKH04H>#nq)bSI}7%|`_b+*ue36Ue|)h+@;gelr=og4&+7Li
z=cFEn&GfK;S3>Zt@O<!dKSCR2|E?CIw8<^iVbg35%BDc$nOhv+AgDQ|Feww@q#ex0
zo=9^<_*QQ;O#6%)qz;exgBLiZM%~+4@b+vgU)qA~KAqhtBu4^;cjMGY6e1&VumSD4
zzT+ROWHU&)%cXU$E+7^DD8RB2_^-d$l2w!Pkru^z<sP&WoZetU%iS6Gl2ZC#X*PES
z%*xlP90D6et2G#7O0XBB7eO+O=I?Q)-F%2Ic39CjcB~*dQh-n3Mwp6`r=}m{u))%E
z;xQ3+c7`ZhGBDVhTxjV#+%naT(Hr335F6jcl{S{|0*!@}%kNPvn}I81hpZR)ggS>D
ze6b}BKV50I;G;%)<lZdIb3XPEe~%-5G+zua3Fzp4#6H}@&vcUk<7Qp`iorF!ZNLFO
zX@Cu08Bhb`h!NzgD?zXmq-A}_T8e)Nw4>AXPS`txz=(IK`1;<}<!40ahbF`@dUB73
z1u1acVrSZ5+9z%nDu$&AfHF~1lpXJI9K%mnXWAX;<?U~b<>$^w!+7GVJ+1v9U-mBG
z-60)t_-jC3skA$$*VKjZ&BxN1L2+qXCH}Q9AfAR}?e0m%=DMth1yDoY7Q*z#68JM7
z6|(_MFGWx3_7LbSRtPPYe)VlPe}h}9z~>zix-<%K`tom&6-;Y@Hph<U_g4b0TRq?L
zVqgsSw0)iZJ?}mItH<{te%h^-@bS-=M)Uvr1-@Je|Hjq8kKeH9bNHD26#P0mns3;T
zPwMc=M)k?z(fs)Dfq=%ZhmWy8EAX)oKDO+De|tvrjmzQR3iwwA{}u_pJtZ*0qh1+)
z`Jw8PYv9Y0(fqVk`uRtr(yOe(nmxW9jiwF0Y7j>Jse;|_-RXpR%5h4Sz9lggiIaTW
zk5)ME;?VUw%UO{&-QimpkJx<)Tj^Sw_7qBMzMXaQjI@pLwd;&DH1ZeLC?>ztv|T7V
zB1m7Qksst88*$56M2iJyIMpdnf`4PvVfFh$At&!_aQGVW@1c?@X^AW(ix)b}sgXxo
z<aen{=owDnv{<{oOPy0wf;`DeQOw{Q%ydrWE^|)F;yV9c3qRMDc5}s550%u*us(9e
zCkWMkJOc$=!s+SuYaH-?;xde2kmbbvesrERm4gp&j6=H7;wbmRdFA$mM%enNw#bw6
zKpwcphP7?*<eFsoxa;gZ>Gl*+%1afi^U@KwqU7!_R$P;X&Yd??@EYZ=gLtm_?3xxX
z5ISH8j6`RsBnlGxGTLH5>gf<n#`BvCO_SgphGi&?$lawLY>Z=V4(V4%mm>~;AjVZO
zAa1l%8f<|xme{4<vsCmgI4b(;v&W^nr8Oc<T|q?$Ui4L2-1d#*d$>$!x70$gZy0|O
znc5zS$lJ1Ax&jI<qR(#;?Z0~W1*YKDr+-h37+T;4w%F;0w2}E0$xjtjB)*ur1$cnv
zMdB|YURJ>yTfD!x?VG)y1@hpv>KJ6l4*41zjMqgg95%I7cAcXfI7nqFhzs^){%>ei
z`U#^PSiu_!E$cm(IOII2rU2^PXA2eCON1^5m0y25kBe0PiYf=qXu&4KLN~r)fj15d
zrfOH0{fKrlIY%>w*D!h#oC`s$J*<>`gL~*F>ZCkJlOo!;dOdh@B(ZxG)WEKY+{!|p
zSjDA2Dbb!>K~JUt%c7rM;U_9{$aD96>;VL@=?hWx)yd)-{^3-b3VnKPc$a}K>{9~s
zc`mp+3>d(|myJbNobhCb{2O0N$pAn$huvd0>@&vm=JEC$+-u<V!+hzudbF%6h6OVy
z6(jWGK6902YF@MZOuY*P%q|-QUv&=Ny+6KgZRq$r&C_@vJtPZR2JSC|wEd+|cz?O^
zPwg)kBSlt}rr|y*U}QD4Xd_`rfDc<RQ$PL|+V}^+_+2>u!6`z8km|A@5F}Vu<1lOx
zUa1zQpyxJ1nqv(^T3ACJFX(%(W!lHMYg7ye_yz)e0};M~2w$8aPpFiqLACXL{|)d3
zA3{MBdk>rqZASnL#A8=}B~~b^6N(N3-wEB<jZ?Cg=rvO5<CzjunD;myv%UZf2Q#2*
zhbef_TCB7%)UF>FuDuRx%j@t^20s<^FL?IqmtpP<M>PvNp7$GXf$uHgdoWg%76&un
zgO*A##qcfICTI!91j8Z6ZdRW97Z)Mn>%ZdZ%Bs_YcxMV?Eax#*samUs#qlPgy0Y$}
z4?xc2W}7^hI_2@{d1bZJdgNt>f-RxG7^-&L8$B0dsN=zMb{&#<P??Li`a6|XC2^ek
zM)69F8YqvqC~wceJNRv?{w&vI+)tT3dV@=zh>mp1*S7P*_7?|N)`v<fy|KzB887e0
zo0z^D4bX!L$B7py{SIyMb7SKM58z5c95mypt)ka{aR80^Cb=b@b>k^+)?tNzvL%;O
zy4N$>DHj3IJEz?!`gfZ1GWWteuOf}YdTeK0kD_mp)ouU9b2$d99xPkBpi~N5!K9SM
zmNb(b-w)OPo=q-OfI?rw2^EB7W&K#Z+f!Cabs?In`)qgwUd^A!F_%CzLio=Na+l;w
zJCXC)VkK#S2^dj+jvx;e@U|0)+sfN=yJMOw8!pOJhi_UoH|<i8)c{n0d-N<(o^Z3v
zv<sWx4%04%7Kudzv&HEPpCV?sXv$WHJUj;uJ2P2~WLKJ1TJ5Vb`|2&@<1=dmFT>O6
zJ3ziJ{>DlNtf=#yTON3aXsQ#ZSJpKm5>3>EtHNQ$Q>GP*-4&%-g@j>;wYgGf*6iks
zpk1v1gcvJ}QsY}}5vEt)j7KvR7w<!kLk=o;t{+L`y@SGOWk$cYV5AUQ;@u|74<K(Z
z`TSKnzLd_TO>(#sQGgb*+UPBrOM`c^q0h&iBXcS4-@wMl3Z}yVK@JW{&Mg$B>?QQH
zVoIM9_F&2qYxqfJ_=!z@GyEG^wjTzvn4^I#^S*(D$Ut{J|Bg5veaREX;&|lyU|IBB
zC4~Gik{le#&rvb#fO&j<H!0t9r3_NO^BhyY4{Hsa#IcGg!oS>2eB`%*132Y^6+DL&
z7N7vV{c7-813U|CJgVip6QnvpE>1y$Q>ob-GqMUJMcu+<42aRu`_tjT=M7ElQ&4$^
z2FK8n3nX@HxT$H%@&}L|RJrA8v<6lrp2x9RXSfDtN>nJy1G7+dWD_cg(t$pF_W_~z
z1TI8zZh+v``&B>`&^x(;U4=H{p@l+GF3@{5qxXeVwi+Y)V<efU06(<*0zZ=u2&&_{
z*HjgDKz2!s1LGIPAb&LIyOz*^(N|d6*$e%UH&7rg6kB1(=+5@PVJII>!B{*L*{N0;
zb1xFkZMcVETrCvJ0WdENW-rG1En5ZaJ+Kx&fEDqjTVo9INkrgyuD-XW<?yA?kbQGT
z8b3ErXR*-2`$KJ>Db?E>Wfm(6&492ynM;+c7lCy4sY$SJ<V$aj(d=xx!njK-J#PjI
zu%lVoE%~ypWZ%DEx%or9qu@)=Re#TV2E!!hWbt!zuG4kMmtm}>lBqE*T@_!YmE)=^
z>l4FXIZtik;uvOxr-Gw&zKP=u04hKA4BLPyvp2x{q~<(nlU#867WguY+Te;0ScAV&
zGL-$=>)(xvZty?h2KOn4*K?dkA5&25*@x6sxB-J~Kx<`hhD(&^)-wwZ%V=DdfT|gs
zhAOTRQRST)ZbP{M8VJ5;?Do#v0L@Z0EUTG?sN7~8Q+GboRd!0hD#7KEX;~iW>#<|l
z7hi@Vq9e38&wkjuFc5-=zA0&A6TD|3?cAXcxRmYtiVjc-eAz;Dr30yWHql=s@@45e
z<YU*b|0V}4z0^p2r3>KUCG;>O^02Ehyw*L(Sa>Z#`QpVSE^u>HoX6r4EWAK@4h!!k
zeZgKLa!t@U_%Y8pNmgEBl$Bxh;hNs{!5>(BF&R!-ZO^-x?!dksi;~hlW!4QiF0Hh7
zER}wsmX3o`7>QIBycj<&#E<iWmju&;7X{OT7Y0*<=WCH51!d=rh#N+(%7z=+Nu!Dm
zbxh9B1#ppHww%_UYhq7*jTR!P0aa>x8Hq1lO4FR1B^0@!NQR?Ind;<Kx|YT20wx8o
z-jHTf*&ttrn~_pEox}k_zTSpC`{Tpn0Gg-yN?9Rrz(nGOY_HGC+=AyY8>we#zn=#D
z5AEp`e+xXqRC?Pt-SjsF<1@F=h?OtxCNe-IvO}*T<E4W1y^=67j+6ETx~TEhY|0%8
zz@Q2kztq`}VW_(<M_p2l;IA_azPcoS28K(gYw`xtr(!TOp(5W(3FfO8)nSWWel)I+
zH43^R0u!!s%A&<7kFW^x@H(eFz>;TQGu4)7UoiDtL2elw&Gx4}yMJn5K{f|3QuT4N
z86N?9+X&LYy5PVj`%_CyE)?vh@q?DwB&%Og7d*R3{k{Ngl^9y-0#++X2cpa6mH?(G
z{o*$L!sLT%NG3!+Z69ozvfo`Xwa!p~Qk~$dtm`|(GUbqHuO8o8l==&jEjV|yst*mJ
zA>`{MOocIN<7dtze%DB+#f^A><y%xoY^(-dPKAoXMzld(69CBoQ0S;#XywbclkQ;|
z2+FI1De8FL(((eyvPJOiH}Uu1MAwIw22nZ!$F6BZMX4U}Xc%8XMdCH6J1dYoz>6K$
zxus<y;5U6pMdDcn@(s(a1+r_oEe~*z*EioXbv4#UK{vQk)u-E+dRw~W#C0wyak(h1
z5$#9#nG=yez_AqQ$6ax4Nc0E$yG_f*&~kB2LxJ3LOCFvjfenR11yaxDZfTQfZz%pg
zkV_(X-C!vhcIE)U{~{qY8QNVU*q2P(1%IRAA6$`*ff!(zi46rfks!|4tEZ;tS7gI8
zR|5tiZm`M476%;lrmn&21pX=&Uru?jMc<yQVi3Tq^hcRDv_xD}S0E=><-ttz6}OO#
zo7~`%szv(}fEQ!)i@u`?Q!k3L{?p%QtOdzxo!~oSowiw!2ZF5C66p}6+&a`qcG(1z
zC-_4^1tIg4TZM`daNgY0-&J90$GXo0DYcVfyvc4h-sE)!5~5~}3+Vfj{EFlRmpp78
zjCa^Nn|w8l_i7q%vfD7;%(Z9>*Ab+iMqy1zu-ALr3KiLBA(mj-X0H<}l4*W%J<oK&
z0Od(h_!$s#OMY=p01&g>VV?|$Ifo$zNMM=ht20g95{L^mjsL{r`$t$vEMp->#6mWN
zS;%@M*@`<sz*<xjVIR8n<*%^_zM2|<6IMk*4Y1l&AaS!i$dZSF?c`}SFxgIf<<zzg
zdmTRmw|9Hp)Wl#ug9pB6^ENYY%O^F74a1^3cv~I^A8s3;1do%<e7Yr#Pp2GXNqG5{
zl*a`<sy#Y1&^NjP-e%%$Vw1P|Bz$HH+I8?ZeKm%+4Q}RDd=?{yR=K1Aa-|4=X#<n%
zsz~bs=ZhLqS{cQ!&_9H9Qoe<$_N#zDi4_H@M*dU-{Hdnz2;xtR$6pBpkAr^&dYAxA
z0mof{A8|UU1RF-cpBU2OWsy^1z0y|WXR(Z*%^-eOi`T?u0u%<#Xc$u=G~x+p%^t?a
z1m98<1~~BViWN*-(frcC8@_E5rPaa9)ca9so#_857MAw82*v<73!iJndof#q<T^J+
z^eMn6+Ec971)_gPY=NBE2KZJRIEKLfJAk)2+gNc-Q0%f-P8;h6siCL-d@F6h8*1zW
zDqH%(hpR8Vm*hGZKP~4X0I<ON6jWs27(*`{!|TC<isT#Ff&Y5}f65tM1^AaI-(_+3
zy~{G?O*in`S4PhQPMzvKTePqBCSevkM03&*4ALq}%kav2=D8t*{inO)I+b6pWBk%B
zZ9@Q|gT4-E+|hRothimcLjay&z?#+%VQxb(w{c6G-S(>Dj{|<%Nse}eE!23J9IfL|
z&<OCTHZ;pgfG!ll@DSDpj<82kr!9ihSq+d?9iFp+9&7^@MkGYYKpz8ZkWvl+)z!FE
zmbMb_egt2mc}lTRF`QT$aGA4(&?;a$d6|{LOpRV)%kXcH#oJHBe@n!FOB#!r#sXxs
z8o1O{J8V384FAh;*udC`k&7yQ$jLD69nQ^z#gW%{DBvHM5#k^DU8=Vy@LS+_je`B4
zH(jXc$ygl7UPy1y8qPdTJmC;gi01yt0=G6A{Q-oEaUpzh&3@Qv5NaSeGj5O0z5-0l
z2Q)Do1vW9rR0MsS^?(!8#4iI6H0u3ZhLX)#!x#5Gy5RQA$^-ly-g6$vze%IWQe!@v
zl91W2^1--PaGv)Ty5-*C^YoNs9m2<|IbW&@w5KMK%iRPM9(0!f5(<5eLg<6$erv6-
z#(MGknRHc5L)R7BR6|o4{Eu0(oo{H7PwNH;aXN#eenf!tHy&Zu;Pw|<C>D{zMRx?>
z0zw)F!H~Nn0E0780EG>Xv+7+Qn)s6-3c~$euJs4}T~N>aYnUd;dodmQeNmmR7v(tF
zTDH{FGPG2(s?u+igNgBc5Bm{?z_qXEOIMQ)ZUsf)ZNR&Q-#P=-_RW0RB1$-xou=#v
zKN*HOJgO_Zw|EXCSTl76-X|VH6|@aC1F4L%x4PszN8%*C*%`e}+;pHN*M2<KyWvb^
z4W>uOr<NzAixt^@1ar?chkT7ixzl8UZWdWx_MiDuJSDs2yEsQ}p2_N6=O~$K<|cWF
z2REW41Z)<{b(wJBBo)CDW5Jr1WRR*?CM0-Y1DKR{ozTm{?0u5j<;%K}Aw`~QcY~Y2
z+-sQi${;8S<WupD>6DhN>&P6z-(VI#58J{C{0AFJH^-;62lP*`w0`tHC(IjjX;#p>
zXWR3_;T=Ne0>)$Dn4ALZ8|1Bc5`*?9x-zRB(rQOZO>rJSw{o<Dzq@iYe{<zQerzQ-
z8b5$}2pta};_peckLK@LJ(~Bd8SUgZEX#wL?{p}S|7wkBsuw#R9ANJ-i!ZIh6FLZ*
zqw_j0%ahi4x6XnWT8;cFjl-9g!b{#(E>kr~L+C|d3%*9yPw04H$yp!5QP`vo(-A8+
zPaMo(dN3w)X#}gv-KfeLMdoICWUr9SQldss=1mD+0EKGW(#Ug9g0CKq@)y#+xu==T
zrF>}|mFZ{jo<!(wKOOR?q@{4cCD>`%m6qz;ZW0b}0wxQKth!FQ{WU&12Zm4)d;N9D
zQ8uW_q%s%iFD7oe4t0wxru4jjSb*E?pGW4rQ=nje7q-<a-)<r^Tjl!;aZ$5iw9I1c
z)s<E?9IY2$$m3Xef#=`_Vh3Zjh_wG+NtVQq5ir#X*-t%BtTlF(0l-;)J%E+hB7mf5
z3(dO+0W4queue#ALI8%84C)V->*Y-#G-(j7yH*Eb{l+E`ZupiUJa{dGa3mKtl^eCz
z%CXB9WG*M0gql~FiedI$?bY|sUmG^COI~Xw|132=4+U#Dth|4?gH9!I^G2&a3Qtpc
zS_lVN{+)EM4x2IF8*@aJEiu5MoQ9bD&a|wuTFH}^<GBj+qm8IQH7tz+KA7X=A~JV(
zmT{pazPbed!911$D*GD1Ns(o`U|JHYA?n;mSp<~a0+_}(P@<@0O<@Wez>t&U%gTXa
z;K4QsoHOuEtSU9CFaC2HSy{mHUhhonPM@iPwkAWR%%#dtpN0s=RAx4SCT@ZKoUy6m
zA#l>^tbgJzgdRVSs`iwd!e?V+)XeOt@{u?cU(~~)Q_zI$ZumEiz???IOby<xuQbYq
z7E`S0a;O$8Bz>SV_dJ%3tRrS4>p)jIn9`w#{@wrF0KnVyPgdW|d`IE*i*MjZcbcKv
z9OOrWoP+$Rvbn_412Y`e&RE(}fXU{tc_^Jkoa#z=;#7)cobyFE*<y7yMck1s52};>
zmW3vJ;!xvc)4JTFjC3LXn7-bX76us#wp|H`Tg9eMtvh3iZg!*V-vb04cu`*;Cc6G(
zmF?}rFfYLMy37fM0{=F&`h@#95Imm)ExHYL2N!S@g0h*~4?Cdt1%}#F@{iN98OL^r
z)7S0pI&RCqW9>zT+GkDH5m0pf&I8ok+PeCKiI&QnR-OcC3*L#^@=@n9y6S~=)g4J{
zSfl~Rb;kv-b^^4}B~o?tsN+@*PUJYY{|T_i9iQIR)QL!KXnMJc?i7C1F_bFiiS1KK
z?BN*3Pp;CD7}`VXK@g;%5MB(vY+RHkqNXsPXtv@xh|23IYwEDH?z%z{Nt7So2U@~V
zQzz<bBu-w6iCHLh7mio$s{T+7qgR}$trdNt(hBZmZ7sslVO$@e5XN4PQ}HNt8Z0Ir
zSbm%;*8&29H!#N2uRTWR4I+(nMH;yXX(XpPShlj4fAGM|7o4EN7B3lP!^5sO=ZOAa
z%#JY&i3a3?43i(KI33ckRvcyEbfx7;i6Hqe6pZ(nzhA|SAZ+upV=yQ1N3@TRAEiE>
zj}A!6t!u2DMn1R^0XP{{j#}yr<)iZeWslL;-0L-CgI!sJ7aAK(f(B9iMLrkR)@W!e
zm=6tIZ)|AC9BOFOjfRGntky$j@kKS({yZiw*p$nbS=DcywQuKY-;%U%@!GdzOT*s|
zq5pIEKBK$x+c@S=b;IrLxyWf@^ekU-D&|@?MP<5LM|o*N7_)MZJrt4_MIvNuwxbo-
zh*V6gPVqb!k=kgGn!qewi!kD((l-sIT57@IErwizk#Hmq`k8xz;6HL=xt7t+rDn7f
zP2XY6#RSWYp#2nIjf89bj)iNSfst#`yyJXd9RU6f$0FBi!&2kJIH~kyLuq@hbW}Jp
zOIvb-*MiAhNk4P6KrLN+u#|PpMUNG<v}#opJys6(KBf0;^Jqj1*n1t5<wyu`ZN>@Q
zc7mD}k$LhDr-KG%PG^Y>+u$igUq+eJS%yK~V^1tv@1Gr&aFCyCnVx2<q5uauoSL_O
ziJ(S3ZL7r&?cjn*=tQn|;Q*0ZV9%XeU{AmIN0&SZEzbp$Lv_OzG&gL)=!Pw@^pny8
zSJxyKp)(x9#sM=g7v~73Mu)WALHKp7+u`sBV+VFhe&G}w&MRB%;2*C#Ui*TnURvef
zAFDO*?36r@f86iLTF#dyqbmGL-)@t4f_#Mle_6_<Q|wvjYGS)3LoxJLq7pv9<Vm7r
zjx!Ih?r3?4;Zv$Uya7odduBrT5hkA)*^SGrRlayxe=K^-r8z`Sh6BE0e~;OLe7uMp
zDFY+uoif8a-pD)m;XASFJH_yhPF3CHypcsFNu)4YNeYv1BMOtMWK}&<6{FsQD<6g*
zUDZ@$V$(DxDX1|?*EA+Yq%rX(qsAmLjro95Fhtmq-16<5TfWO0yjW-dIvn*S?F2JG
zCc7<UMXbE>i<vAb-1cAi(nb@rqadBhDpHw@3!kfTI3Qv^(J>SvmC3TGg6Hc)p=g!K
z8z_10OkygNr<ukigQSIs#za$?I8k9DQ0d7OCbp9)Oj2-gsi#q4a$ysNNp-Zs1ob89
z?;KBG@;cl0r1i>o-I%^4Md~m;EG`<=B`7>xiTaWv3Pqb2;Z!<=0jD}&(5Xv|+LA65
z`n`E=Nh_VUM4h~x1`zgsSJfq{>Pg*(P^L$n)O$Zl>XIy@x+Fu?Ya?Rj=$B9rk*P~;
zn!2R&Es_=7qE21%!V;z~c_YcFjIb%5ufxiSfuc?sao3V2%80>VlQQCVktrjV?}tIX
zz|<u#834THLp^|x2uxjK)6^vwFaRq=ox0>$wN+iL<|ZJn`6>+JtAY;1Wz|hUeDf;;
zae=@<Oy3_0u_n6tqx2;woP`e`VfvCuH?&uUpna8LacF0yH7cGB@*`5&uBVVT%_u)a
z>37tBbcl)4eWa7_qo-$>DEC*cpTcw>fT!OHGIk<fte%J;P>(A?rv7+&py5OuQqSr(
z#n}%i`%_K*VG9g0sh9m~1>arB;PxHlZQMaL=u8cCHr9ZnZ|F4&y$#hwInO#9_L#?G
znVEVj`Ed)<G2rE6rpKW{jDQ{))yjP>&@gR3d0Yn8a>h>YhLcS2Lj99$JU?{PKY1vd
z0HZ^1YG77W3$A`tsvZtggX8su{qLm0LolX8G^XG%eQ{x5DrSe+)FA90EDqEj;&zIE
zEME8T!z6Ps#pz1NSxwT+@nxuqDBI#Gf~k_WD(_DwdqJ40=4WYEEX`7<JmV};FZ)oX
z_IzJD-lK8tb`?~3dT}>EN^ABTqsc#5Om<j3InQ8?B$^yx|H1m&<}@B)Q+18kGCVA~
zRBN7s)u$ITJEwHRNGDKga03rAfIa|_tx``E`01Ae?YZa@K2jgZ>BCo$obdjRXo+%<
zm+gfG2($zXVL#B)dBt(eA`Qt&xy)(`Pd-eNv`Lx&GBBHijmDOhl<ek^c;RIL#p39?
zE3#G1LR9VK?oj)w=-Q3;=2|Y#fV%&RuKUpy&9^)mupPKEy7pstpyq(+G^+mF2ubTE
z^|P4vC93kV9#DDvF~;98xwoj{>fl`zXM&PbE8ow+OoF->fAiv;M-g|es$($ZuP(ix
zS@HdQjsq>nTEdp88SMq)V~7ZV%nW3p650is0NpEO9XJfVOIQi6wclTai7bbb<|%YE
z;%v+@MwY2U(+anDLow#K@9%>BB+%sq@BiEtDp;YyAp-tTGr$x5{CpJUEmUqaDZd{F
zx9F&b<aA}M96_>Lslw9~&84%B5<=5IB!r?tb_Aj5>I`LxSayQsqeay3F6H?NNnBv~
zQ7x4LrM12pgv7vo_0&n#2iQ=rNJBlfntS=O`{B*NGYp)kspeIYnuYo<k#9b1ZeS*P
zDN1MT_qTeZO(xYD*1#Y$V~s%#&D3~Cwd}lH+2(~ha+3_+W3_JPV})DjXRpE>3eUn6
zA)8(z*<rPdg=`@;i2oa=1|jx{Ojtrn4zGYVcvn@<)HAXAre?CH%JfZ5_y$!oxlLR7
z7LF&uJd`c^>zc@CO$^XCak(BErj&^^^FT|EqRYJSxt0Dtq5hqz{(V6GJ5BvNLH&C-
z{Dngu%MR)&Nm8vyaqS1=)W?^UB$14gs?-!Q9nI%M+ecJ4smfCI@yqad)*p?3b~*P~
z<DXsEUkx35n&Y4KZ8rYd9~@srkH0*=Jy)KQ@#S7|I>z^2=3gG)<TEqABKzqW-?!cW
z^7vYuneq9uPRIE6UiO#A_e{StGQL;)oR0Ce`s?Gn<jjn(s`u#_-=*FD^7!UupONwX
z)a!JN&wc4%9^c?IGd}Za8Q)zQe|dbH`<|Koujgsm|GNI=@tt$inc4p?KP~&;C4YT?
zI5YEC)T7z)Me?u2&o+5&nM)}Tkl$4?Hk7#~*hVNCk|<Pk_?E&2!!ub3iN3{fyms-<
z!(~gSr8%Tkd6_#SO7wg=dzW%C1~@TQiJ^sV`)=<qQC5k1jr$*7|6Tt2`ZzQ4p*i!o
z_(j)Bvfd<{PXR-usdin;w{J0p>FqCAIfvXE6<lw>eYR>d_2JuA3K>3qA->IwRy8@>
zsysr)+Z4OdK03aq=Ff%k6K*G0!$U5NYH*O!=GHE@cr1c^bsg$8F^SXmy4mzZtP||Z
zJXfPX6IS9&f8fw%<R1WVu{95!Ik(Xz5EPY>RitlMolENDk~=wS7pl+lq@NwWpUruA
z{-fJ~IT*9Z?+;kZ<DKP~mk%*HrC;$^z6qb&%7?_z16z513_eIHA7Z8lDdqVDoj;IT
zKE#5i*7z;o!k(p<4~b>Z(#!K>*|YBDL*m%8?&bM$qJLkO;8(KB2SLB%;{`bvW_Acr
z(jfSkZzZ#tJn1)wZ>KptywZ*^tCZ?^Kt;xdzGG&-qBr??k%3nvg>>EmFYnuK7K(nS
zT*t|2K`VKh{|imZ`d~b7#1YVoP+=(-VX25k-wFO5F=X~ut!(&^JmK7OZ-(VhF;#Fi
zM)KvtsHA63`Az_9uV<W7ItVaP<-8Hr&shTIL5Tq5C3c0M@d+I}G2%bXuOO|#s+g6_
z%R79#G&tJ@<MQM_4(T#MzMKKM&>|MC7b>zJ5qReTvFLjQQpx%deU@tk`$kV|vXZy8
zL|=_AiD_tQm{VJALA%f0b%L+Bj`JpvE_>%>x>3-(+KH&W)e<=GmI6v~{r9lU@s?|U
zU^Yh6szo@l91sKLH$geWOW;xpyis-h4#!Vs%JaT?dIN!3|409)lm25)1N|?F(7!oM
z|L^@Z`Zt|+`d<^Ff3uSH-k+fViKjsS`|YUzJU;!evUA)i)Bi-3{s;UY{r}JL|F{3%
z{QvDgLI0jpq5rIt(0|q+pns1_|NZ}u{{QFr|C@hr{{QBmp#OVMf&N2%PE7yX`uqX<
zzgMOI?Ej<x|2h8u+TWZ1zxF5S|L#+v|K2B||K5Lq{_j@l-~NB}|3An7U;caZ|Cj#+
z{oi>C^v|D!{`dF#1N48VO8>o2M*pME4E+ymhW-ae(LW{(4!r$0rT>8^r+*7yaoHcG
ze;|6(65T3L$zLV?A6_t${=8;Lf1Zx?$3~I9Ig0c@;#deGjr3QmeO4cb^pW08t91(i
zDF0Wad;qTh3xAyOgLj+);h)_rLiisvL-@5lHNwB_WQ0HY4o3I`E^p68@>5by%JpF{
zkX1_0pX<m|EEm0iuEcD<Wo2Pgzg=jcg!xWchI%z$;?@5_lPEO5*5?&;_13@CE&8SN
z@BvyJ34H|{CPa#Uzr&Rn0|f&kz>-2MAU??u79bk_5T%$DVSt#%{QX-njrp$9N>3kh
zXxXg1`$!Z7&*B3aXGqLy(tT*V`kFWTwc8#!3E)5VJ2Bw;`-5w=gv`tp=ddUp#Yy<!
zCpHPga1w@~D^_+SH|CC62vT)8eZWCw%`A*PZHuR98zU;A(|7^^{!pk6E}Z7*Muxet
zC(A(93Z0^Ls16`~f>(&Db4Xiea;-0IAM7Bi?jeQ(<{*-yrrn4#x%Li@z<v?Iz9<5F
zTYMl-wB}#}#{L-b3!O&>QUHVn2Dk(BLX9ET63hc~D?@2^KeW%<)hJ*xMQX(}PxUql
z&fzc6$DfQQdB+Zh?W+;nZX)>~3?x7H;V2@w>0!b+AXh^<MZ;l#8PWq7aDq}GwZoXW
z4AtmTGc@9bldHFFkCc%YPOge(?Xikv=)XB6+auumXGVeh;Y<pIEXv7gf&|0{M6Zi|
z8F{fh`o)PebxT{zkamkRiPPn`T}e@y4ymO3TTNXE4PRsU2O9{9;hF9_GsH}C!?bYD
zOf=zZ$<MWww<)*sbMsC7+(J|NP*b@8-|}PNS4{cPm~sKW<(uJ`xqPU(T!3%+7Wic;
zA8IKV;9Gty{E96f8e1;FxBNKx6<0nqu3Ug``SI{8zI<qWxd7ktp_f8y`A}=Qfc+)F
zuY~fU3FQKO%Wna{T9glMQ7*u@d;qJkW%<yS<pO-mPlR8I<wFz81^AZV3VyXJAKI#1
zfN%M&;aBVOp{>gW_?FMZFTQ*zUoP;5tGg!r*2u3KZ;0ksM`uLMMR113uX2vhuNFnW
z_6a;VF*^$9uT2TTo*@si5qq!+VgJ4J$dRr}FlG@KRNuQMj(3*wDq}uo3gUb*3JSPs
zdTefK7fL@MRFqYE`Cz6~s`1sB-BKg0gfv%?BKm)}1Y6D$eT!|PZ_xpd%~2a?@*F_-
zfjg`TTyPgQ<BcupR2Pg_1%L=|!_9cD`Mc2QSz5k6?7qLNVj^@8yJ8~Z2{uNM5`qa%
z=@<xH=nPWyvlv=Iaj9x7wU&63$10ermAd!@4&U<f6qlx^&XrJu$(dq9-#Vmjn$sP2
zdLwqKzn_hGS*pna>B2T!?h<jZY%hb%l#b4bUog+UC44F7gp9Zw{zJ=mKa-vhPp34Y
z&}7%KIm{Q2xm9B-aI>TDK#M1dwJ%C5lt3Y_-tGD>-*||1InaU~*gS2~8#9;`c3$j6
z&WoKhm$K{;gPEJeQr5?i49U{+lsy!qJR3D+HO*J8$Iq26xnl&{Itd4mYQ)fb1BS+E
z7@GAbFjPH+Fl6Y|7w+`GjwAiDoOKHHv#I>d($8B3P3UKI`Tr9AeE#4Wrk@AhP3b51
z!M_FlG>;$GA>L*p7aU6j;zu4(&Fw8v!Wpr((}1ms8n#~e6WF@eMc8T%gw|0Y{C~xr
zA-<Ure}fMK@Z?buf&J>TQ0O2Eg9n>nZ-)VUUJZNC{R!-yn@`wl27ooC1_1uQ;;u=)
z+^F@*&((306aYM@JpIhA&)p*7%+TqpKDE>TpFAvwE35@6BUX7lWaUPZ1aWS|x{yI1
zH9UMYR1VxvqB99X81=x4f>`$hK8H1i<us_aq*07R-<2`rQptO+cAk}E*&>Qw!$iji
zf>w;*iRTqT?kgSfZ8zs-R?6e8(lXK(#5v{ML{x=TS}Xo(a@rT5<5xXuMzGj>Sy&y?
zCfF4k&8)?zOii&3_0N}3z)`FYO+s%{x*)BFBU;f?!N1+YPDB<fJF$&IiHSTS>c~xZ
zoATj>?e+1kiiTL_5sCIS)7pY)MiB^=yVu0Q<i~|_Lcv?%?`)IzY>H@Iw)Edu3)Kq{
z<(W$}YlE3W(b$lE{j?6EZ<>ws_MUALDx6E=Mc%nskh7F0*T-?ejzUFY$o}ipwu0<h
zW~CYjtyDv@2A>HnmU@Uq1FaQ;$srZMnW;4#C83I+H6o>iqijX_zZ>IowSHG0pR004
z)A(G*`di=8*Pqo)eM5Zh4Rm;I6e?~?tsX=!@j~?=N;6PBD2skVo7a7h1n|A1q&TJ}
zU$%;!XqCqbS={_@=r?AUqx=dbcx)J$f;B$60(~c|m46Px^eX5*xsZ8JW|YFBNw+JW
z3}0OWo)FCXxbp)X(%tF4V+r2Y1}|DOHhGiUWFNIjhioZz0AxU$zeoeKqQW5yzJBjc
zK9PS_@w4cr6R-4lByquqMR_VlE|{E5;om<z3o}7CD&rd)DLy*JQ;TQb)rG0;;e3;x
z;7!6*NP3_#wL`zG6ZiQ;A?tKm4rx-XY(7e+0XxI<l9l*WFYUZEK+6Oi<{w2l7RE!+
zk)M`CO^je3WDQ<&yh9c0QIhD0AC5aACzh+3zCYL5PcA_F_xNs{Y`MSVlD}jh%GBn6
z%|5)>nX!M5J1zF_jemK3^*zsw{p)EN-(AQ4^7!69Gvn(Nds^(@kN)NHU3X^2muopK
z_U{dUd3-I-%=n7T&D&=i_OJ6_*Y97e%TBi6?R!mM|E1>YtC`0Hxp*u~#4&FOX7L+8
z(k0(_v)kV29jImRdua$}=DRP8)%y?orKayFWxpup-eoM3@xAZ}^-HOkuuPYa@7f_O
zAK&<q(6aZ9;Jep{MOqCW-!G~15DXrC4uKYr>RaA-q=nZ7z^7iX<`U{P*QUkIX=?`Y
zrRsL_LrqBP#?9}@F)z<|N+}k`Ka<EeRawz_KRPTcY18Pj2U-wuZ$3P447M<xwNPzS
zTfkwDp%&VHZ)4uAsVFF2!=CL>pS8tj4)$!P`m7Z`yA+;@)zy`g-^ZX`g@VBg_QPkl
zu@ob1v)6Xz=Cc^s)yfecwevQ@&`O2jXCJerf6u~kQl%(cs?}(4EaHiBJ2VwYqs?Wv
zB1~o8vN`JCEcI`9`0FdSl1vfbWP5&k+$n9(UG3`j+)O@!EH!HMd?MXxSuARFR6P6%
zg3HuM`BqL4uR1pcbIz27_)^MI$P$wJCJ7v0x}PE$I?<ng?8tA%B9=!KQ4VcV=F9o;
z>Yb@BIm;#A0ZY+Dk&0YW9f$*|?xJnN7YGL7+T<7J;Sb7SYg!=8#~)_;u~<OCjiY?E
zrfLx*mU0-rQ#4hI)Ic2l@Qc(yJpEXJA@0)$$j;|6bVmolf8>1G*@~kn_t(Ssw)j0+
z@HfKuUK|Bw^@relKZ<WD`s>bzmt!d<s|YU-P~WzQ@b&<D-IAuXJhzSl`=kpMi4`P+
zngVz|T9N!X`?W{(hf)Vu^!%Fr+~<<}x}~0J7*(dbh>5W<Kdp$d<3$Om5Sr@Xz;LD*
zEC|1(!IxzGl8#r#_$5R1?@i5<{*~69E~DT{Pf;3{mW8Rg@mCIfvEUb{oS24x1-v$b
zb3=l1<2iMtO&4Jtg>LA5q@&uIb{kOwe7OU^$PP<ri9^D4krn;kr64T36iZPYOGxXI
zZZ34lPaySR{P!(5C^_GlG!M_L#-w@re0haY`SSABtarJX^sdmDEibxE%avy=&@$!a
zs~PX|qw?f=A4HawNjdVO>Ax_XFHiq6%a*rY@a5WI@5oKDMu$J5D;?#$!R&JR=j8UB
zL4V@LFf}V!?w@&D;QDr+b6_Sa+AdCvgsxYPw4tc=nWCJX=HTb{afH?z0@A011JdiS
zTOWg$n!C?Hmfn6S?7eqT+_7rqK9L~2J}?fxRL!EpHAwG(jYPrMpTj+pg-`2M*TTrX
zV{azjo8MB$z4tOU{ccOfy<4X;?mc=E<7lHM83Ux{aPkl*U9Jo;(GEQsxJEVY(38^<
zROr2$cIe4~<?2a-oY<O_9DPW~Q5(+OZuyX(J1!=tWbt8CGZg2PG@2*2&f({-2UzAc
zT*}GGPjp-@$QD!8neT7#f4RTS_5a=e{`p_-ul~q?x4(z}%l)16U+(Yiy8mu}R~Y*H
zi~gbM&H9J-X%UD1p@Of<s``j3(LSQ#`u~OXe^@`>KX~5xdf#6@@BEWHBj=s*wU;(`
z-jN3ZK8tB!)TuVCcE^Dnuo4F&71f}r8cKV9#?PG$D6I~oG-RI8vg3NebO003w66l}
zZUA}Xm){Y)PlgLTy9JrkX?Xr<d>HrMzbn4YzyB@pJ>|F4ititTe^-1zdgyO~@5Do=
z72kL5`Mct~)4{(5zMuQ`#Q6TN&;Lo_3ABXIX6>^JrEeY5cMb|DOcw2BwO+HFn<&UF
zG0?E@XEZhTSlsemb!B^}UEHrB6zb1EoCq~5ER+h&uJA(?X}{p#ZFZOK^|lXK;OW;`
zqCMnG570TIniu9{c2Yb@3myL-b?*WmMUnLn&m@y%fIv?mfq;ks1_*LX5H!O@XUGJ)
zVFD2ZQ4v8PA|N2l0Lm>e8KG@QSueZpdR=vQaozPUAS;pqk^l;la8*>ULN_B2Zn**J
z@0?RTGd)S<)%SV-&-(E^q^7H?Pgniw)TvXKbE*#SK-$}fyq&s4x){Eb;9q9OBlOzA
z;G9C0=W;5X;&D0=-*w*228ePum11F9i1&@o;H80dGFKW^jmL74z3%2qiwy9Usl1eD
z<_9Kua`-7D5?y}lF5JYM%Ey|zAO<dJkwxG(ZR5QaMZC9Y5X_P8ozC0#%%3VqqvrBb
za)1}x@Zz9AFi!Rl;tZ%zh%*xf?{1Szysh3|%O-4`NPT@4T%&>hB)>hHi`0*Mu06yn
zHe3-2{2a^s$_4SdJ5`Vt&c*7@xw{-M5F0if@2xfkyJi**_b2~EWi_7R{ez0x&+~kD
z+Dgo<lplmQa>Y4w1@ATc20P9>xgpyetA|aedt`rI`#Z#g;uUQC7=7cn62yIi_hfbD
z7L#YbV-u!%Yhsoza#AH@@J8*z=c5`mHq@x6<+@&4qo(Ef)CP@eFFeZ{wU*3$?w)%y
zUdipA9BNeMOPbJ6wN{6}yJWS-cL4+O9Y))>bECF9#9g`)`DTY;?|C;DDFOG~lMo;L
z%WvTo|F7efQ4M)z@&Lvw&R=8}2XTwO-0SLqEwUqQ!Ry&#{HR}I3qHaYyq+zF!W%-P
zY%xW}D<tiP->p2@+T%CKgVwYEOY&f8*8f%>yfE_D%Y%n<f2%ym&HY`<gLB<~gFJA|
z`hOq~+UNe)<iXvy{~yZ(e#CE;2e*&-|E)auq}y+h2k|rhOY-2ce*ar};2r+!<-sW7
zx5|UT!vCQ>i2WsbFu}3OO#RZlbh1-C2OR8P<}KmKDDSj<p^LurclgE5FZ0t`$A2K)
z@z+H<zV?A7Z)gmLyEEQuv)^ejJGorhVcX^8Mk?&<o|WWHU#yb52)b^+yfFA?BkVA$
zK09Q)rYweLEH&#`VG^=Jsg4!yu@W!1&~T?7Gfe9HYdico>g;9M*@sh`pAU8Rc7o)#
zQlsBLj2hi(g;p;OxBB%Pb@ySzu)EK)LbI#kW-oQD1{zw251%KbYi7_oGv*hqGb<Wc
zXI7wfW?IBL^PdK^&P3BimGiv|4|I><@6pz>J=t1TIlQN1p|I}9$;MLL?=)WLo@-7P
zmJ5M7=^l&iXraKYEccL=rE5yDt4R?$+16WG2IyvV;}+a%g%`-)m~)m0Q>ysDDM%>M
z3@)X(&?R#+$+||(8(mUAf)oUp(`xn=El&)Na*7qu8+=8}a_~+tvkNBZ-V>qkeCrTP
zg}`Z3ux-8jY<cfim{yinxVg$$qx%Bxu{?3WYzUqv@~LRns2Ma?FoVVl`Q1KT*tCtf
zRA)SSl+2MzMMchzVOB^|qE*>l$802_lP@u{jhue9sqFsIGX3$(e7!v3ZFOAXn}h+L
zUvNo%T>eMQj>=+_J1JK@FF>&z(okm3($^`<WX^ILX3SmqDKd}dEQ$GRpl%jkvu8;l
zdlprGdB2(LS&B`bTO9>mt6kDSGB@d+BVN}`f!#guxTDE^n?o9Bc1R-=gBgxela=*x
z%Iz-KOkO?v>vdXj3-C(j4zhSvmP|%#SF##9Rn3bR*P^ZKK2HlMEI;Ks-=t0uZx6y3
zOjd{3)5^ab<`NP=_#tS$8ez&6#wB&p-%=io#qG_tgg$T$;Qkf%Vkthj8qvLT&t5fp
zKP+Moh4wjAktSpl1T2*66ss8vWn-ap#X5m(Zc9xr&UwKhZW970O~E$N`<G-dv@ObB
zC~F_X7ihN#$x-AV-0_PnnIkXhcN9nW;)o-j{zhNs|3Tk4=%5n@nMHbK<7*mkK-q}H
zF`)vqjkLj4Fc>T!)j-oQ;V95DI5eVWV2t~AC|n!<%L<f%5$!bZ7CbLQBgCx=?vO?X
zYofCg@7<BV8^US1xM%U4fD`&Pww-?rh?r(59dimRL0IhM{dpGNzpTO`RyzW+$)OfG
z0DX67?%pC@n^~H0Nlm#VBk$dUi(nQ(-R?QVd)1726LDn=;LlXyjY$4P8<&(gfJ-vj
zIE%}Mx0?@uKTh}sk7@XrhL36Zn1PQO_?Y4Hn+6EpB0JQ<F4!tO>!6e%UYdbG1A!Qv
z8y*nvt)Q0km7{(X&<4cEVL<Hb8R42TKT&|nB3Hnmn5YekPvD@qoA+LTK`{{0kILrT
z1nFL&+ixc?-T_16&R{b<I6b@v$4(^`Szuh`z1u;k$JXm&0`lUy271rE_ORYl5*`7s
z+(_@qv4`}Yy6^y4f_jfjJgPhabqn_wTb27^vJ^hRi+h7NMet4lnaq=v*$RlN?z>RV
z$aq2(xBQP(c<p#x9LAT@Shk6NSIoR`NK77aiKpnixP1EpJS=`XxE^TN+gZXc@u%Kg
zXiVsd+5a>cyUJGid~de<fBG^LrlY=&?(U)UUr_c8CPag&_2fVGU)zsb_q{;(Kkq^L
zA37C=bgRDFt47YBF<V|bQYH<xAn)Pnc097;U2ZnGo3VrN^2clA4KCXycbdby%xqXj
zC&qT?SE=5`m`SUSA2QXm-1iQ$8r)_aE7nY_Qkenl#3=hCIuG_MO7P)(4NLIznTqHV
zNbfZ$fz;m0`wqMB!wZot2G8A<TaBKk8`yEI6TxOuwhAIL1KK;mA(rH1s(L(!OM|Y;
z|M*9|K~PKawA^{51_Yo`>Q~rSGt+7G)DEq!X~aI7ZiRG@u4hm>Wi%T@*_BbJ<W}i;
z8_#XLG)_j@bh#Zqy7A(saWa1A1Vzx9u*ku#M7;qr?;ZS^>xO5%%J7I6C-be648h{i
z$K`K3BoWs=elgXshWNbx(Xoj)CL20BR?#wabSxs@e~o?F_`Clf+n04~)6l-`MBeYr
zzU=F0i0+CM70)k`$+BpU#;7a`qp4wxq$rHaqA%*wW7Ld&M2>Gw*YRlI+dfM7z5lKm
zRO9@(TliJ{ILXqGAAjS1*n{8vUiZUV9sFJFhdp!P|8)QH?5^J{-f!>!UEtk*|Bdlx
z<EgLQ(+4YjEAOj>anGO9<?mH0O-R21pygpnc)Sk!dKEj#J?w8))E6(%U{ytJv0HY0
zNS1FfG{AI6zH~=CbLCOV-f0EzWNN<?;P-!P|9ju>Yd?0$-v8V44?BOa{o#f3-$j2&
zEdQOgf7$P=JU{RGeU)dz@2osufAjk)&!GRIJeqv3<O)Sp@<?TLaO({?H#Iq%Bql(&
z9w2V_9!>C8o7@?YWRJnL+j(QPxLd%Bvn5>iGYeuhT}1g^u6Th-@jsl6G58&-LmZk1
zb5=H=aln9~xs`HT$uAULL8~&?QS3ciuNVXGzxm?Fc0;g)_BPslhEuDO;DPA%KP+`Q
z&APsdF7jb_OYsmZvZtdzTNQ`o1rth#<dKdjRy0^FfJ*nX!dNAL`Ddh7oGV_(b-)k*
zjEL-Wh({c_pe~+wigj`@u3E(}brHWsZ&*@4E2y}+xUd<hxAxX?T#P|`X=oCAskI<2
zn}p{)lX&qQZdEkDQl$nz%Pb0h1d}w(Im@A{!FPCn|4Sd)4az9oT#1^GD>vN}W6-b9
zihFXn^?ZzAtYM9j#QR49qTdK&k@7**+8E9Ed1xkSIW$12(G5cSbR7*2Q_7XwI>Z>p
z0;t|1GcM3x68Fn*equ0)XYg|3QmWd6n6DY+t7i|-+@$F#-x8uMC#E3?rEHRlM&`<l
zMAV|$SFXr|@EhmgcW_^neS%Be8ggNE0T)9CHsic9R$?7g&|xerf1*FP&LEZqP9=D^
z6g0V5ShNV(Fc8Cw+k-cOS^{I;N8{p=C%D4>RC&#xQf)K$2wyo@xEmMr%Dl%Cyfr4S
zun3<HkpHGFF0m$8tPsR+<!{bl;R8s-hdaGA5sGdPX~cM(GmIJU+p%n}nmvKJfO3ho
zE-d#UIq~Nh!zFH6_V|3RF7A!Py$t!>f$Z_pn7q>LJZeASiY)lX2CZ;hVG?dBcayTs
z;_mJxw)ySdy`?b|a6auAig&#RDz_N9!Yg%<DJHW>Ke<tNievJEXUVF`SHyEU0beE0
zjSK|8Yuumail4Wea1DMdIxEP-tKqW*@j9-SBn``g|LO2Q75<y~(qTL?P|~pR@P9h|
zhq2vlosK5eA9)HEjWKYAXxJq9$3nBdX#J4=rt9W;$Ld@|!J<4U`UI<;D@@kzOwB4-
zWQ5l~F=CshZcf8>tIfS=mo2lX;Hoisj$?JaqjYEtt?HBvO^p$xrDkS4IIIn4$Q3<i
zG8Pm)7WkhkNI6-8Er;hN`pj$S&C`}+FE!u-8eeKRQw<7>@blgx3#M_tb?DFYGx+n7
z8}A>@DtHph)L&&cuuhjon|$TVM&r5()OA4?FD=U|*!&Dp@^P4JMG3ASIG6`l<X;!?
zx^0U)#U-_H`G*-nyp4Ahd`_>pPw=*b+{%M=eYy)iW;1Xv1`00BSGLvRV$P33;8Yxb
zD{r{pbURN5PJyd2xG4oP%XfHL9xZzwEdWu@`^Ol0|493qf+xzMEMozsf+sG*ue<42
zOZYX3e)WZ4xYfd|J9)2Cz<X<r%fG_UPvW}=_&`k@@2vrTx)rl{YhutnWlb#S%f*)$
zwKRBI09a}GE3~s0pgU|?dvQIfy*Nvp@7rF$9(D`-oIyVgk=FWiO2gI)W^cwL_VTVC
zL?ODB;8o3LbRv5-3s)f_w8MWM^h<0%F~{yG^{qCrf4u(-EB0Z6kNm53g}zxxaSkyj
zFIV!67o-O#ah5{sc8ueaa>nzJ;Sh~_In#;lSsGu;qNymhAKhJY#j2o1(?<nwX_{a=
zg7&G)HT%@hlhHmkZ1wujWVDC<l#!BNweDeLIN#IoBb=)catYGdG+^6wzWW|NP#w#E
z{@y>?Kc4$wyS_%#<(%#W%Umv9s}q!eE|#CDi@pK_Gp&k~djMg6#Ww8Px-l+ax1O6u
z>$ws8+L~6(zLpgkO33-{M`8CM9W4kH1>3^kqrp~a2N-M~;s@Xam<|pEMsjy1>o1qI
z1P%FA`Og_x)`U`KG^w>I^6zNDd#V6=SVDPY+|H|8fu=o5o)$c@-{6^3@Wd7Rn_}?H
zFL<KA!Sg7tjuQV~H7-Bw0!$_e-AjUTC`s~!KwX^RtutbuwIg0xTw$-)Sl2pWX!r{Z
z{XWuOloDp>6kzDM*2K`kc2vuzR7(@qGD3(|&`rWc%C)1<-0oX&nJ`cXIqPB;w&uN+
zu_$wR6w$Bab&OJMFctb)hPyfM&&$Ahut^Zd+9^}1-4er4NhMUI*iw61EQ?_dL&BeC
z7tyB{EQ^7n5;NhjwVCpOh~on%;&L)8wOqlDA^wzxWfg2-^5za~Y?tj4)9nbVk<y?H
z+yRLZ0|m$G3Tm2q4i9SP*@?~8G7&wHxW5eUAlD?GTO5_cjA<aD=*9dY-X$3p1NTx<
z+IGlg4!)gPR9NJBjS`0xEXinP@T|cw+2CG%X$WU=W+YzX?k~#cddF>mIW_N{U`<t(
z8F)G&4CZdWdkG?m?U_2<pL{!xDuCF5`E7Z|O_lP9-mDMUF(xnAKJt5kg%2Dzq4Qr`
z03pt?^BZtS4%J~^EVORWm@)$tMVC0sYT*ipC!wf#D3$3Sh1NGiS%P<k@x!5s0SLn^
zuyB59b}hpk1kctq>~w1lG>D|}13^Y}g_kXuK2ydK&MZApkt<D0&mA}|!`)X9ds-bB
zi^i*oY$S79li@25rUS85L3}V>Nx+Xp^toBqbeFiqnwBdqP0Q_m%{A~HDkfK$0WvpN
z{7DF0kL5RnM1_m{Ko-2$jV@8<y?YG9{fX)P#<A>Q9BQ_<vW2mrNx6(NzabRw;)Yb9
zBx(%<%@rm-2iavuSKKWs2DRcW#6O1d_!ij?i>_jWIH4F+0cSDQqr_R946@?nvKBmg
ztEqE|$K`5kxti-!T@qmJrt9Ed=RnH&+xKL3eJl;@JHl^T!26xWD0VZb<*@|-SEx8C
z2Hd&~peeV!r4|OopI2vJ%im-%co$a~p6HanDb3)hbXtvRp4ORX9R*9Qv4$rSH)YW1
zOYH~D?Xt#zO6ILi;#Rq0>Hg|$nAG!A6932>FQ~`zH*8I1G`PYJv2+MQKJYX;z$uE`
z3cXTk0+C2MrkP8eYEAb%u6^-QES)*uyQtdWeo&{vywMbiP>W3i#?G+|Vrg#o)3`kj
zyq)h9=T{2@b9k<B9b_zJHsTCa-VCqU1@AT(+@{$H3k7e?c6<@9by#!3qN}JS#c7{_
zAtUq&q5HvxpFlfvr<fL|FL-n87DhM;2<LBD(K1x`PV4}N{GG_^zM>`6y?G2~@>)Wf
zt{YjV&$LWlV0A^-B9A68pG6m;blm#0-dzdGej|M({Qf2_t0(jke19#=WDaF|S<93c
z$^;{Z;)TdTG44(f;jIP@MQCC$pdS8|kv_I!R~%kYz9{^J@5~^=f$-Pw(g;_rW`qOy
z^;;>^)^MhFTBdR>(^kwB$0&u1h`j_e{X0YnKX(*o1EBhaGVReat!A0jB06viaEAHq
zeJw}6M#hW$_Giiz2sezVWpaeR1q~Bi2u0RP<DQABokPWik_7L=n8(}IQgeJ@B6zir
zx(8$0l~o$F@WEgYC{l>lEtq;xOZA$y>5XpExPBM6UT(6B^{axKM7Nn+7eGf-x8a+w
zt!6%&Q_)9rEA)une#I{Ah{0sdKL?&TGkTAv1&+oxDJGWY{k$y7-t8cPpCM6-<2>gq
z&KI+5DSM2!x+zyUuT}-pEf^l&>Smnpj~X!3;~3xN)#5JG)Udp~aqkNlvG*lX$6A8D
zV-f2e)RXmcXae>+=-9q$08%m6;uJiL2Y%n&mI3WEX!VO3l;}<*Ms33R%4<-+r><KI
zU3V)yYAx$4XsdN&N|!AEQ<1U4rG{ovsxgdmeje1{TuolQs)?}9X>5rBCPMfD(Ck{s
z4_&QNUACiK;W+iTAa#yDYtVfb)MtB02UpracaMy;f~}M*{3}!p=6dO<h0!DhN1~n?
z{O2r_n!ww3@!T-Q1v3|Jh{EGZ-6v@}L5E}Hl3Q>ZP^>%}6D9V(iqU#E%zO>X6X;7R
z`n&zxl9m_wX8Wjbeg)tBmVNVEP(Yz;&^M3JH%H$>!=3V4OoQs2N&RhPKaP!%z1o41
zeKS_83b)RF%^_}cc)vE`VnqL1#vU+upkmimdo*9-EcVN&F*&|K$04XU6?_FVsg))z
z2h41tp=;1_U#ZC)r|F8o$M=}c(0Gfh1+`RZYidxL?!U1zUaHKC)|U;DN_AzG;w2WX
zOb!o`obOJfAtV8PeT|_?ueVp{V|CLYW-xk8aW@-`Lm%hc--a5sN%4wZPa&<hu97oz
z`Qe)zGVtrw8Uy##G7Y|&Jl664Pub+ie~)#pT-`w%_l?*qd&iRa>rfd0SvpvI@5)L|
z{y|nH9U^lw&*DL(>{4fc>R=<_2V-@gx~xUS1D~}$>NF>*uc1zJTHYDY89;~WGs2(P
z2M=6fD_C6Oj4WQnUF)ArF5_82+|P?MsC~pdvpD9m@<J@mKdwQGC&Y%B8pX>ywP9(2
z9A6#c_;}>_RglQaIRwj@s3`^M!$l}86_gJbbn#8~3)(Rrl`m5tHeG%!i!|iG3DB5>
zpoj6A+zW|35{gWrNx7n`a`u@j@(p-X74GzH!=D)#1ufJSl+9e}F}rKvbl#okD9s^P
zH=x3Rf^4^2up^gW2C0V((t`7qTxM-h){4ZYZyh~{DS%=NuOpSFIBskpUUx}Zx!tep
zIk}iCoSA}OIfv5fw=nb<#t0)ncoXZLc!!G)S^PIViUT6Rc4|k!GE8@wI76<#UmrRa
z1(>2h)L|Nd(<PC#JuOS<(Z;`^TJVpnMG!}{HyB_7)zncsw4w=CI1zs}B>?lQnM{B2
zQmEaBic|a7Yx86%8ZB8Lz|s}AEm!fNwXa-jd0spycQZv=UWsROm}&r>i1!8JOl5+P
zDtACU^p^J2Texc0Ql-na-U4M+YO5NE-E*yen@D+6CrS>tWi9ZmA=C|k<(1dqBdmL*
zgt|vOb`M`wR1ZKt8wrpA5N9JZk2CVJRBh&=F~2HXV>u|7sTZy?@kW{EB#m?eYB1%N
zi&0-O-Kd|nO0D0|K9513u=YVcp7F%A=zcZ<<>82G7;^a)H7E<|tDcU6ZJXPU$A%L^
zA4IoDOe;~=T!5LfZ5wFEsAXtpi*Xvs^Z?2;>w-2kP<OeeZzXtfQcL8iQw_RHat8lp
zxUs|wyzL^l>O*RwGX6iI1ZY0a`){^z!xet0YruA?tN~xw3f=g}4<`NkkH6OF$Nv)g
z_-ne4zt)B+3OGNH&cAXDZSH)9ulR7MN7tYU^%^v4);gqhecq7`)O~tV_bElKBl=7E
zx-X#_gnleBM2{sWwXuZ0bSS0%mzEi5ETJ#qoDIg2M`0Xs5dXN4e|GWWeY`UEy4Gjo
zv9rv*tZ(-EQt}PU|3XUQh7?11VC(QIKp4NKx^Blk=ewq=%Cqpt)nkb@BiB~N`Mzzz
z0G{rW=B9pP#I=QCc+|^RwCpbC)Ge68<^zJdji0hz@Rp7jY+o-;&y{9pWfv?N9MjbE
z(+K~dKJwQmV2l|El-w<mK=7N)qRjH(P4w52Ejb69{H9{;pdTAE4^yu$(N=3Atk%L*
zBMY;%aJ&{S(!!UuaDx^e(!y#jOpVdr*TV5yxJV0M*1`>1ct{JYwJ<eSdtVF3YvCd-
zd|3-OXyG9(tk%L*llHzAj@QCPTKKXSZots7F%A9}9!CCwIf2WX#})nw8D0(G3R~GZ
zezUgjGnVgIMT>5A{N~%Ve}Y&cbgbqB=VI^>J088L;sfVFc2x-*IPD*1_|mBT6Sxm5
zc(ji3?Ql2cxlJ{^x9YB7+-5s`GIIwo9QR_tSX22e^9Z*06z{D|b8$ls2;N$w;4L@g
z`0rN-8z49LLZINHG4rf>r)QiP@E$Ahzi7spBj?;BmIahpXUA^^ak~&W8aLeE&&01N
zL4|KH=CH4yZ7(=t7*g<s30pqKZNlv#`|3OM#c?tD;!qQv*5CV+3$)m^G<#W^mTOy@
z&K0(5g3BWltm(P_$5Wu&W*%11@H4a|%!>ie*W?Va_j35-@Gh~MEZnPs567i%zvSR7
zL#t2$#=)#)NUCvl40rDiE@`+izjR0vZelsDsjG*yy2K?7NoMn0aflf`(&dXokaPQ(
zeMO(&g%#ujtB17AECLPx@0&rxf1!x>WA+|xQk=gA*TnHuu1i`3iiADg)xEmG-atU`
z7N_FcE^ph)dG7*IGfJ}dVfwfy5r?Fql~tf>c|K+<WQ+c(U)A)y>L^%NXYjn_D7e$$
zc`h{LZsxhe!L1*6HL|evV$q6PQrTY&Xe(gN^L^!Rvw1t`8w*k-n_KVfV+oFc(ACF+
z4$oo!>uy1FcDyLkTb=0Xi=|n#s9MDqzK&Z>zK3wWP_XQ}!JQJCHe3S%g9s(!@R#jf
z(#L!Y_uR!gRb8>fYE}`l=T73ia`0$En@;Yz{qQ(K8q~)rJ!0a~Nuk_oVYT`>_CKh1
ztI)(NhA$0FI{%76N?hRxoQ!oe`I@e^DRB4;O$9W2cWy)1kO4WivlHi1wC8p-j$8K(
zv6i<chAVs&H|&f@`M4sAF?uXGS4(zqy@ytD-VtQG#Fmn=MA?96AIoZB23%$b3^?B^
zgH~gX_NxT(nmlbGuA2byKV3&f8Pf_!A~0c|%Trce56={FHR5C)Q_cohv?-9=Iv3|Z
z6Xoh8tTk6y1TQF?>Qtia`}lff;o<L?vWilgcy40oC)4u2?_KB;P-a)3#MLfqDqazl
z#I1UyDbB5$kJ*Ilrlu9Val49^Tk`v!>d4ARxTv=(-(SNG%xm(ql<po8NwX?NTG~AA
z-G4<@v!(K;mOffb|7SQ|=@Xt>IsgX~=ld726}_0IJaR2mK`r%_NNQI_sGs_DB-N?(
z&_4Qun|<{4s6wSG&931kSfh-n7W*DV4cg&dh7+{Ak;-zGZI*KKDkJkpjf^LXOuVw~
zDs~fKh-7MPe+(AE$Q4eBVT+lnnX$t-4`T=4t+9Fn_bXoVKMcdH{6aiibjmQY1*{CY
zqxR9ewMCN*?;`eEqT<rZRX3ky`8cXv9Tc2S0~e?UtfMr{#1;O>h^P9XvXv2-CMl+?
z^*~$|No}E=s;!s$Z6wvKY^U`*dg!G5C-RW4ydQZOs{FN9D+(2(B2<j5m@uj7%F_BD
zS{nIKvhq;<)LD_#7{x&oY{bjhoGmbPAh388us+pok!><lIWoAyx9dWg_a)ZvWzV-@
zy(}H5JGsqMt#cjTYeve=t@<OaLp!Y#oyMae3|<ZmRoruE&?qmMSFK9VP;}i6>}UCO
zJ15Qs3X7;XTwznJvDSh^l&5RzRq7o>xKizuSv6q<Ey_diK$z`_WSO7{HH-zW&eK?H
zLsXv~ucT`kzJm<P+^b=N4=XLS70irEyD?3&L$h?N3nw>K&R2&YS}VsR4<==Q<e|N?
zy*h;DqQ@B*`VI9MHA8v3S}XfAk+M%!{1G}6m4a$bLb?}4ia%O;G#tG+5`B*{I`Zla
zB?lhl+PNf?=0tt@cBOlDbR|8HYOnQFT105%E5_=mhVU%WQh4QbRdmW6Eybnms;WnO
zvX<0W`M4@fySMT;c+lG4Jt9=JLCUib9eQ)PmibO)QRL0x%FM{aNM&N=p`UWM?&Wq`
zY?d-GlEtp{jyw!dI#%Jrz^9}r;f6W4vNzc;7g~>!X2kYUTac<v8_#4S7G4i;a)tNS
z#&S=YX&2?9P<9Rvwq4kJ&UcRUF=q_5KvQAVjUFy@N9C3n_jWe_zlF@!I)6dmz(ZFs
z_6lMk2bBH3Y`&1qr9+p3zc5#EaNPy`<2dT_-)(eqZ||SqLGT9bg1SYp)w)5~DC6GV
zHUH~S>b&Fdp2<irTkvK4V~o7v*^MX0pg8Qv54_8*><K@H`v+yhTquqY9E;=93kTu2
z&!s;z2={lm?$0E$urLwhm8&=`N5F{{a9ySXl?dLS3~K8Z%oSd*l)j+DQSyEZI}6fO
z;5L=;-U`s5$-Iyh#O?uy=wD5*EkU0E+L4xHFg5_I%#A+J;<PRbA7)|Ng?5+)67VET
z=!6U&`sjftSz6b#?`v?LMY+&If1c$#c*H5|B0S7eV9*Y;_-T4uNtI^#K8AetPqb{-
zX|2_~?Fi>Pp|93-Ui?;`5g$6*f^`d>YoQN?&$Vzq>kpv8;Gc%}iS^I3bf@xDkwYca
zpJ?&-mp|=gaQWl*T<8)$H}pArWZzhZZiP1_pj%-UE%!<z-|9hpgNzmA#n%%64k$4%
z1F6>_A(VOJ5q$j#cs;lo-noiN;*aw1s266@3sC=!7ErC_5tus<;_qQ)8boD+WL6+t
zTPNm{J7LCdkg*5L*eW{XXNFM5ns_WeB*>57f@L54m)ordx$q8*9sDf*Uc`Q{#NV^n
z?*;gK68k*^f8WD?PsHCm`#l<e4`RQE;_nRhdjS5n((nGyenN%otwZJWd$D|HU~rQs
zLeZ4J;t=Z}Y{IwB-A-?fXK&?&p!pmpv>Tg*>)sXLOUGl8LxT3;J;6c20l}=`?ZM%}
zzQK%OZ;HKBi%kpm3$_oo3#JBp25$|f2Q5KsuoJ|ZA=U)3<i!K22DxBUh>eHX7>dpH
zFU><fWXGsZo@+t(@?2}8t#UE{@}7>61@#6`SL9M!7h?%Mun#QzJk=n-dk#AS<#K-~
zzXDIuS>5~Pr-*u$JQDIp^K+Dc{OPpL>$aw`Lz#FGla39QCg3U#=n$1|7rN2*qgM);
zztEMSIhk~LF^$PjUTP`{CT~s0rS0o>(8}B1Q^pE0)}fa2-YseQIkq~_;b1(4cs1&D
z-J!9}v-WjHJYa<D*?2N1IA9G(5cK!%J;u?;_8!f57)^hoX-fC)P8jan17+-c89=g%
z);?*u>m8U}egpE9ipEQcO`XzYlT$p_J-|Ixg8Ev`WIMO6MBMT@9i_}JTWjQU_Ec^$
zx~DkBsQ|y<Y0V=Ta8nXjb)jnWE&RawsqVH;u`8D}6yO=kPF3O5Se$POc3?ZbpuX|)
z3udM_=dt!RoyBIEiM}6>W|oWhSW|I-Gz+GOJ#xtHzPKfD#^jPbW?ss{EsfmnS8~Ol
zg}}8K!M4u{DtUWu)p?wh22NWXE51=xTv-4;1kb$MgLj0_2fM5$(d@#*kU)p`7C{D$
z-gS*0Zou01ajV|Jo-r^d)$<j<;hKI$??;kz*Nk`(Dm&wo#&6V?@@~PC*LcQ<7r%1B
zBy~eLo*Qxq7xwPw{ey4?)gVuf!L`#;)K#)Y(?4hloe4EuLLX?v#Ys)(p9;31JuWP-
zON6pxnf-}x@M3N%olsK-Fiz7ETmDIKGhI&chp}C0N4l(1FZkwvz<M{o(SfpHbPN+y
zyu7m=iK$DOAP|1&TTVAzgxaZ}JON6AC+pnt>|%@d>rxHWUD>7;q};Ei#Dr5IGDnL%
z`x)zCjrXrq-nWA*jHCUby}aMFi@3+%)1FzLSrlxJ{xG1Er1G}??$m-Mt&(Hh6)wrt
zDp#_bbD?6fb~$*2PMB{Yb{q$7JQ~WBY=uzfSJdLt#h3U8nZg1sauMA-;5`zcAwY*R
z^TrG4(w|%10r&loyAz;~6L$;ZbskUge<QzZpxY{7U^k5P_sepLwRnmaySZ4JSt-Az
zmZ^BWmexERt4-Dq6LK;uL+39{34&SzgM6yXcHKR2NWqeUP>VCerNn`}B)~gOxOIY@
zz1r2!7~B_KfRHJ;CJeZB+sO<Bm@L=dGhR@OaTmiPtWfcsC%5u6L4bDh_Sra!&xRk9
z@CWE9_B{NN2S4oi!_HX@oQ1b=mb^61GCl+19>hOm)8J381+y5u#}WkN*V!e7T~`3%
z-uc<3&aTUQ_r`;TSu5eME9-gqdr#I|@OMJi$Jty`Vb_%g)EASU>H0kT@nYAv*pFAc
zehfe8-7S=JOX#tj9?L_I$LaBS=&^zxQHver@7YyYQH)g$rso1@b`BeV)C%G*dH>Bf
z!{q9xgk0m#xyEahTP=nr3bt>cuTWEPg|9(x*P0_ZTrxp(*r7QxT+#v=yWv6FHn=D+
z0m8Y)D?ylv4(`(jy2!>p<!a;nyy9nE_vSVai*ZWJO%DGk)fVvd;H6<%Fc$!Q5_BnN
zlbRJZD5|(sZanEF#^*c50rt;~$|LY7Oey81QCUvuK9j?%#w<x@=i1?Sllc~>cv!)8
za}4)Fm<#lC#hrrpcy+FSh%w*6&EA^N%`JkF{Lh6n8Q7c8&DjqB55fOEVGll#?`=Dd
zUhv}+^j?<FJ$#vBkJho+_dcwn*q`&cS?4gKGya*sCzNsVo0NSnd-pWtIt5>-$mjB}
zKzJ3xAM&}w5FWws9E6ZIrzD>X7DK2&I#8Z-5yE|t4&f0De}WLw=InxeU&H?+@c)3Y
zVru~z3~a6Dd=C2HoD=Zkad_c-cmcv7JkQ++Uzr0D`QJeTL>z%I2+wo(j&1ynW$=Ga
z8N@@a4sU^Y_#K4bbGMvhsO9g31c*EWzk~35ZU8Akj(mtb3=v1*cd!hQShhFUR_4ym
z6>D<42S)i#c9=w&Tp(k-0h2>KRFD6pwocn&C+9lsupM%6qYgo?49F#@J3J@(DPQGI
zIpOMljJE}r-s|8tg9hNV9rBEH`5!e3E3PBsEOhYVbzqtf@c&lc@34cw6$0ntUE-%!
zoCETM@x;*lKD?jA^Q%@1;a9VHp;HK)iVbFFo)tkfZbMep+h9Q&%Ii&6QQU9E1yy{}
zDJ_NZ@<?VSc7@Mt%hb#w^!+xBmvXb1n@1DOvPNfCM$XSpS(0gTbw4eL)j~jyA1Nhn
z6}Y!+yoXeQd#`4sn79?RgABZJWxrSiqpO{Jv6%OML1pjAt(>H?t1o{#*}|aUjv}*<
zlOBR0e7VJCyXx+NUQ${{zUSSVhS8SLWmf0pcTeK{Ly#t#ar|wLmzywqIEdG-u4>dC
z2gf6c!__{EOInE6b+TJTyKm<|KdR{i<ffq~4OsgH@iI)Z;&^Yhk=&}4LDw4uN&>)g
zW<Xd$h;?x}wJ_wkxFNLyOlnc7y|<Q7mU5t%9uveLaJ+@@)QF~LoF&H$bH`?=uB3ue
z*({Ytg&a_>a!9#y55^b7>X3b|*&*hlG&iH{hPU`s0h9zT38a~J$X)Ojr{NBZ%XZYW
z2On~6r`&guPa?a4dA7<iI6$OZ84cX503tc54xGf&(djT9!MhD!zwFu0w75G@w9uTG
zh@ihsH@l2id2zg@-p~c2^QG<}I+x#CuGY67#KjJF3zbWH#Edr7uI@(xRugZlm_ItK
zP9?Z{bOv1wl%ZpMX24~;z^z1YJx~<1^WuhmJ<{K^Be0W;8z#Gq#{g`Q;%D9WyR-vt
zKUKFt-7DyVYCG_nU|I}8&sY}F>RjR!vw{nJxZ?_XSHI6KhLC?Ayg(S=NF?V@w%wky
z=qxDs1Pm_dZfk_UXE&e;1C^;8(sZY>)dv%i$X^5PX#g1UGM<11xW{wOC3WVdF=kiy
z<GinYSu@fAPsxL-$|9#+P9MYR$v`ZP%XozsXPSk;Po`Ysb(e@5bM)n){=qAT_cF+x
zx|gFrz%ab*Y9YK6wR;sETdRq4N!=m<$AOSp;Nk<y0M56K^qninnqO2QP}_2CSKKXK
z;yD*xc6$^HHLvx}26Qq-4WC0L><nWqVh8^%!A0bxPuzkP6A$tM6~6Gz{2|aMS_9{~
zdn1i;m1Qbs3#Ntr1#y-H_&>_RC4oYcMC&2Qthu%-&j~_0O|VtEITyMNs+ChT0{CGd
zYQnFF!9XmeZop`*)5}Bt3)p=|FgNix|HI#OyD8{Y($X2_)gH3q!z+#;Dz_W%Bt}I&
z*%5ROazdGB#eTm<pLq5bc637A0;(+Uk86{aVL;2jNDirs!JvD`-~Xe(_6l92G#;k~
zUt*Q~DW<o2MXpi$dkQUk?EQN$x|$9xQ{?9<uD{IU<W|EB6gK17)k?7tLi^*@PUf{n
zPYix*yvlnQspPHch#d1kJiF*gJko-^Q3Y1)Ro9FilSfWL<=fyJ&|}&oy6}EeeB~h%
zR6Ukgx0l+}G+}EAxxac)e;*-z(>+SE-vYwWGYsW5I%R5(HofieNTj$m7>~{<)URCr
z`KdV4#D37!AZ4dvehwM0RdbkEXQ$x~A|}7Hv8g7k=_aiz`2~o;GQILH^Q9FFrN{7U
z!Ct*SmZ#Ofh5S}55M<>Zzco^a@mr(DW9>dg=Bo-6cQvz8wMco11M^HCQ|68!j4M3+
zPb{kp7(MMBXb;;A+0rR4wg^&uXmC*{!Pp_FXp1cgX~Bcx@rk5&Jj{$qr{B7Uhj#|X
za4!~Z4XqEv^AcI1Ch}rDI-eA)fS5GWq6TnABMmXxwl8Q06B>)S1J`RM)6QI9k>?gX
zUI60cJYO15OA<r1Ik`qa9BFY>78!9nIzm;D>?(duvZv`kRv(Y>V2Iv^hQc%<2C5+4
zpAMtx7`*BDkUJCiF;nPnU%vy?iE8xa!}-t_Q=FLYz1qaXMcsBhG))?kg%=yMPv)gY
z`ML7<f9-XgoU#ce>lJG+QLi}nx~^BOX-U0e)7xw&Yi9l8Ns8^iClo8!WE-?!=bNF&
z+I_%yIK+4d=Np-yp}VX7^HlNi>R?kEr7O6=-POKwnuvoiKF&RN2Q5_M1Q9q)DYXDg
z9%oZ^r9CAf^*;dhHJOzPo+8YT<|o!4+ChJShHVw<4*5(EX+k@QEUKfuu+kInU2ZYB
zb9KF@PCjV}_nJEDHH+yI>Rs<quR))h*eULe)pZ(Gp0mEGA(#l+gD{KST5#?aL)h@2
zdXXyUu4lby?B7{0+O(AQqR*D12RSFoOYthZTf8q;R2pGM#&1VXW46j8sZ=n1K2++!
zlf?#*GU|@-Z{W{J|LbI+{%6$nKV#$lkKG5wDnARQ1TfkYAh6dAf$2N8F*)JGVlUg3
zKnAaD9SSuKO~=tXx63~Xbg@Gfx!gyOnBAT6+^p}g=O)2>r-3c3Tpt@x;>GtJ=!mg`
z_`RThP0KnFGw#jARi9Qsh8Gc<zbw%^?bDjp1bv7D{zr7kl`h8|`E7TnhiY;Mo{w5!
zcA%?;EJ583<#IKt@MMJ@_u;5SK5a)bzqX-xXl?C1&-R?mO7@<6JJzI4i1@AO_NRzl
z-V6<c7qeQ!Z?(a3=WViSE(taVdYBv+JVJ#yf{W+}pi4O<=#?YV9OB3{F+1&-O0~7V
zKidBxonX)kiT07f&M;`SAy-95WbWOj==;=#B7oOcivIIyQ~f2kh<N(qy`ihhU!&A2
z`EPGCer>*ZuUfA>qs$)~u@#y~4jg^Bmq4`EZ!b@5X3<vajV$>W=I<Mb&92h*rFm3>
zQn|;yZ25>*V5ehQ+TN@AQ7V-u?x<p30ITHr^s|_kW}5Al#YRsnEPe;Ne!AGZ)NEMZ
zESSWryYS~SGuqe1{H1~fNvh_h?cuc0&J24VP0!gDX+-;hBa%JwndLAXC4uUg#!JaN
z(F=huDUOvbmF`!?D?sV;d7ud*mfS8nfm|uu&B1@cj;O7tvJr<X{D$gF5#iTZhJo-R
zSNMpDR(YAb5a99!9L`jx%iXreg%G$l4YTB0&<1o29qI&z-6H3FrZQ*Ocmilm{woH_
zv_jnueY)SPdL<0LnI(&D*~+k)1n_Y&Am8!lI#qcdPkq36Io1Gm^~^&bSa0xCa?ooh
zx7tZY5@(b#v4-gNMKrv_k@FsF8XG!0hlb7&KlIy)6A#}qBRir8V`z{MO>rP3D_|vv
zU2Dobb)YAad#(#gLbTuCVwQ5uwhGSwJs$a(0`*DUsqBbh?Up6Kc~kw0O#CZU1dj!<
z3|zaY3?ND6fBg+|{3D#Bd7B0~{_-m1@P%_MPC+rZ#5#$*wj4ms)9<pjkz0Ll(Z2~Q
zzg+ZX9c_b8(mC97---SoYwc(Wf+xSjKKGO%;d=1xQ3>9zqb7g$ah)2nC(DUyQ?$8S
zh3A`~aToukUgPreppN<qoq_t?|0k%A2VOvaMb6@U|E38w9*&=XUDcMQw|0$sQGWa1
z@Y<c><jc2WCoI+F$lM`6ccM-uXD4;?J1|r!TsZqno$D84>l;At+_g{!Q>Um52z=5z
zkmKucj+Wi)ldyjW8Qu$LIM$&7i68$0ImB>|hq^`Asn1$So)J!-WUYt$8F}zWkb@8B
z=x{S@qw(m$?W4VxsP6$AjF-Rug0=a0U7K@-@kjympK54#&-{p=#d*NNn%j8=x)TgG
zpumcW7yZ0Z%r)~byTpE5cqzxQ*2oq1!aWhYs&qkG($J71sr=`vs_NY}a?c&Q&a|fl
z`TZ{~24%<f`WY5p4Q23ShUs|t<qJBULt15_bq%q5#7pEr?-HxMiKiv)bLkWA;8$!z
zsjZ(7OQWG|kacvLa-^2(J-Z6)offJ0Ef9GhMRtiqTBDp!`dI;g-efTZS45>eLx+;&
za!e@*-lh3nO_e`d!q%>8UQIP<k>h384#?F(dz>T>#>c3gPc3P#JZ}kW<y3jPM(9Hz
z6tzAzJ~TL`yI`1c;4sq$Gp?`1vA)=WgNvt?vJ7|h)m`++70#vo{T$NUyn%$ZMuBtg
za!EE+2S?_G2RBuA<QWW_rO{Jca4;*yDf=t*b6W!n<g`XWc?<)HorV*%nc@Ret@c<P
z_}h}akZ&q$L6<1FY;N=mb3Bgi=jIKUdS;;9&C=v<Dq9U$H?01MG4hXkp+YNVv@RiM
zK3}KeCD`5?qkFQqrirID9pUHwPlOrY=P)tisCfnl>EAx_m(bg>?#{pP_E)j&Z9Eo^
z-iwtE+Tp(tkrr=+h?stn$Xgl_lQ!5|ltYGSDu-UG!{)<**IOL}gsO>9v~OU}_Xmv-
z)AnZpq35Crp#;d1&#bFcp}V9uai?N#oSguoY%Uf^#b&dRpI|n4$Pa7*juiC8QQiwx
zD&ZF^)ln-8T6V04f=1S3AvR5G%BayF_s8i1iX+&4EVwD0rskzJR1#=F@zEKm<_lhI
zwC#_}{nyk{XGsG&D8NXe+!NI@$K@CQu4RzV^nm34MkYAZ<PpnNrl*DT!obn>`#Keu
z3W3^89<s;Rqqgql$mceKhM@dph|UoAnw9}cm|<*Ew${thxhz7WO(xo1*2_@-f{w&b
zSf_$|Inw?bs?$?Fft{!7)B61r2IzGaEcswBNX~KjXQ2y^^LWw+vYl~>$7KKe8VQ$p
zPEP9+I$NP<Gjt>s(Wi)$nBcWU3tsp*o~GamJJ5i@=~n^@<Jf?6<pLAD;R!bi-lG)R
zKO%Vh>1W~Gb35qp>~-z*r$v5r1J1wCD<3r&XclSH^fWmK@+gn0^wEL~q}`zXQbfB!
zQ*KC`%F^Dzv{0dxS6CX)(*7Bh_IH-nlcjwYmG%)!v#_+HsPBEj(k@p}T5;5SXz~zU
zkw4b4irgVDSq~M#lj6~sEYL<wn64Ge;~|ezl$FU>>t}m0lnpps&RmbU$;$Eu+0NAJ
zs5RB7?XRs5?{gt)@~L%Ds)7b|YW1bsvX0UD2_wDR#_NV;n6|J{4)j43H*w)%&m!Nn
zlnr}X^5cEjB>(f5QX}grV`#|J+}gG9E>FPOllqOk?HQOokvM_TP+PM^8!Gv|^Qx+?
z20Wl!_Ip5EZ^MhHX^GEp-`3E58}N<2f>?=*mA!)KABU!lO>s<o5UA-_Km{oQm7cKM
zceeO<R5#!B$L*MGhkD>XKJ$5&9(V5=bjdZ$!j~4M260hlSQ?}<e?#KJjHvmlKTg!%
z7w<L0yEirRu6S=cy{BLAXFm6#9+#mWF8>@0beYU@`Pyx4vg#{x$K{Hbp#$PVI*E*r
z?0CS-Y8CwGdjTqIPhjq+UMzBez)urLnDJ7iR9x{Shxnmo_D0rEuSTtl_=-GDozndF
z&VlojJ-xk)lZ~EuZ5awzko_s~AOQI<Qw`|`GcyimD`OwL5(fe)J8h&isKS8_o(gS&
ziY8j)1e;-$$BDcD{}TMmQ)NpZv@N;|B0OgtYKfGc?6g%ZfGOjMv>dULwKtHufEl(5
zYKhBM;W@87rcx7!$$s$5=ToxikO(fvr6~B)P>nCD<ean7e8C(_Om9DMdNLj3%F^$x
z`X^eLK@xI~G)TsJ;Gr%H=bIaYJNa|Wv@UZF+RN3~K&!!RQ0MY)OAYp|xBe1dF*qYv
z+=&f1)tZVKp;Wk!v?LChbXkTxf2e_0Ob&0TQZ-AQ=pl9p8)66g^)@C5tJsP>TEHlD
zzC#FL&UX{K>O&J5%G0GS^LpX8Msn2P#JQ*D&E@1mx*vfu^Eb1rhJa#oM<hSai<N5z
zjpC)0&{yy47|HWD%yTG|=b_{<p?5k(GT}I>d=knu<E9Xy54(r?W0LYhD1AUun8@;5
z!Wr%gdMNb^tzy<L;UsJDeo6|o#_3rFrY`78OTNxf9(NWVhq6#<df_c#H8AI)mu7L{
zuYJ@lOtLI2-&E$4MY1Q`WTL@6wdp!@P-w=j1o3Qi`vd<dNTE3oZ`x$w=V!^z2zo{f
z`uzK7YV_pwC?2PTmoQ;+bb?ZFT~!;d$BqqMC>D{u9xk&;8e!pmI{=|TUcWqTm5a!T
zAcVQ0s>&kSAvveC82bF;WY5DnnJ05HRR>;p;j8q_=KcLQJ{7&~ReG2f_?xfNE%1L(
zn}7@a-%Gk}uU9Cp{{<E&w+GEfVQwzQfSj<_Ix4prIUgE@XkT+b&-;_<Bw42Ft!u(_
z&RR@K!`)`|-X@?*gFc<`H#2Z_8H;#hwYnR!FKo;E2akFh`$WI>ys=I_#rsXGp{pDB
zgznVR_8N`bgJ<#Mo`-PX_Bf2V0?pp;Zx>!3JU;~Mbr4rv3-1FB(<tYHyv3`CzILdk
z(g=`OH4D~aO>#svB(JQsnBi}NTI#aZc+Lk`qY%cOC6_cgE%*XpF~=8%60P;+CEpR0
zTYNewr`8Z`ou6W``TlZF#qfuV2_PQsL3%A+(!*&QW}I(3a_v}JP(CfMhg=wb0AYjm
z-(gYXRY?9z!;+oS!uAeZ30ivGScKn+J!U9%kKFE!iSS!B5f0;9NPd@u<ae;Sp5SNj
z2Kql5<nqtQf#u(~>IW8-)DOHAXTTB24Go*}Y$Vyhk_Wv+Lk<e|&=3{9ZTi*V_{ab?
zatqr!eQGM(Hd&^H3n0wb?T2dniOVzOpY2Qx-}4EIVIIWr781jWPs8x4?ttkPx9Swh
z^%Uc3@{;y6Z!A-f;c<G>d0<3c&XJytO5~Sx9nry05;O-vv~<`=-uJ?J--En7%N$&a
zBLmFq<#AN1gMzdm17>_M0qXJ%OhKgu`juYDcGt&oh9KX7yn6~God={#fNa->Ir3!h
zM+wpMPCzr3A-ox<!t&^YEwoAmf7(p+><|+wYWZf`gz5!R_=&A7M+bNezN^2Fj_vOc
zGo$0~@D}^XmC>^1frHdR{<>1vL9#1J*34a{lQn%PuD_4P$scxOTkLDkv+nRFgu45U
zfalTT7Sv9u6)z2uBew<tjjvYpGJqO1N?(k92dEhB^u_q%3Kc_nN>_}v6xY8_>$}~x
zVst!@n_s7ZYd50xhwNkI@JmDv+4(U>?u<sRHRijI#hqHg;?Q0}&S7z~7S|l(G9gYV
zEiHQTee`0<vyA~5x==loKTSMBdounMdv*^4GcE@Xxqg}GypLsQu9ZQ-IH=lWkS1c0
zAel;O*@Gr?nEoh`QhKON)VR(uY@J#-NDKQx7}3vlc*nrdC&fl#{ZK(etf%iMaNaM_
zVV%bcyVR${dJx6+f1bt3o4PQpKRX-7`U%X|mXUj?K!>%Fk$cIf!}aVXihHs^7xyiT
zTT-CIy7-bFYfCiNe6tYN`y4u~|G?-BDbQiP^b*7R%C*L^zTQ-a_0gXhwuiKEj}~tK
zIl&Mu&vkekJ&E<;u2|L(?wY-X&t1!Pa38x!<!w=@gL~ISHY~9?d8C!WJ@n@=+<4qr
z{wE`cUkbzhJR>)#PzUWY7T0XKE^Y>kYrb3u_qdCCxXsaUf7>Jk_cXf>?oN!(-eo$t
zTU=ytKXtWnxSwsJgZuFygZEJ_oUDcSL74xGc$*sX_wuC;0bgBC2<={~1AOiUD)DP8
zb%0Nxxc(orIQfT84DkJD!hkQuY&J%2`BEL=9T~Y}D|ND@Ig9(tQXSwm6%_aCQXSww
zRp<dviw1nUIRyCSJ9U76#OOS{R0sHL6%6o{+QtFD*{lQHaE1X~t+22{3uWa7{2kkX
zzb#7|!riuv_5US0xQ(p5y;tbqK6{?v&Sr7)?2ZiXd?gGw?&Qfk_YgVD5*^$h)2k`s
z3LV_9v$!5hbZ|e-;(9I7!M)(T9`4j=xNG7=aQg=9;2y&0Tw1JyyZ3np_us1<hx`3_
z9o&DA8N8wvuF%3K<QwsKf~PsRE*kJRo@@yC+HctTpC|R_f6h^fH!arzzJ%iXm$Nwe
z`YjCbE2qPNi!=r@a&J7T1Kh#L_0i;VGU*#EZsU_Wz}vF8FP_u^9(PU;cvdvvtK&j|
zClAsAUUrt~tb9@j_@=WA@cvbe13oxT2YA|P25_ntTC~u7I>O(0mt;FU<;f2mYT<m3
zJ*%pmC7!czTv7s;)MBgtzG%AL;i}8OFfFtgRXPk^`5H=x(XI?HE=)ytW{cLcB?O^#
z8|tnOsb`^-oo<ueJy89jV{p2a;oHTT>E7#2JS}u5zyvWK7nnwAgdCEoP|VJXx}=!*
z4lX@xztJ^t|6sQr-v5@x5PU^D75Kw+wpHd^k!sNC-@tFuD6?+|KtVfZxT3=0R)#Bz
z@wzUGo=Dxci@4;8MLMRt>1SfF?-nrz8{}sbsTY5u=#vY3h4@TGv#JYU6NNh#>G<s1
zAe+@{@-dCZe-<}-k&e$kVsZB@((&1A!5ipgX|W+b`<G3}XOA*E?H1|yY;2J6+0C;W
z=d=AWz-LyC&o-Q7eD$FguGPXfPwMnvrgPs+_;Toss3q!Vqj<>}1@YDe(Gc(XiU4Z8
zPzUjbGlb>Bg$&|vB?fWkNs3;vAPn&dg!oxTVc!BB#0$=_VM&vTw;*&6v$*pMbP$hZ
zaTgZoARch$2CCR5V+dj)O9yd0qqBa24&sXngLvbN#vz_()ImJ<1cNkJ3v;w^FogOW
zW9sAGK7w}=>SiPB!F`V>8t%zE39Ns3bZ`p_;c8|e$TOa1aBn$I(Jeh;xX&Wow=fFR
zJUX}&h(gMU#X7hz$rM-M(ZPL$#jW({;QmU!fhsoA5Q6)=+jVgNiP7ObI=H<ugL}lI
zjl&&l(7}D`7=!mmEj*xwyN^Y~ZND*pn;P=>iTTlhS8OM^Zg=YdKXjUq{gaykUbC73
ze)lno{_FfO;4%XKKBI7Xz7Fs|5`~o7Cv+lYC5z+SI>2YMxFoj@@cU2SKo$F;?ne#q
zNBipl@5<;LoUa4C<!J`^caJm<`13$247leg1Nbp5oTh~j9{nx+9ovAv-SeX1UQtS5
zmCn<_{pcyeHGMvV`{`8-?&C)&y6?O&+!qn<yBG!EJRRKKh(gN07U|$_#p2$ar-NIi
zK_KO=c{;d*KixnTn|(b5ckOLDxYsi})92~ne)}f|_ssmp;qH802Y37t25;SuEUeVR
zb3gtj{!Z|W;?_k29{YGS;Fc1CYuw{Hz^j>{UjH})yzNsA@W+3o=)l}C;FSpY?qZ^l
z{J0MAbwnX$0viFo?0`VN#p3!rt^@p87MJ<B4)7;W-ar+*el-NR*jESmP)4U}t`6|N
zCmG<iQyT~T<EuKrU;2Ro?AJn{7B2na#{AtOf_E!#b(|;fB4>#P{P{W2fWNVg;QDEf
z4)9ec2-%@?8Q^OR8Q_K=C^~OW7;wBwL4J@?czccxa2jv?DNPsXI6RZZeK|)5_{}V?
zXpRo>CMWcOr$+<+Ol=78)Jz@V`)P1Vd1{Uh@W62fxHzS8z#X+Zz^&gifZJ<fvKA(O
zuLnGT%?<I6_vBrwk9Vip(RlaSN@#gz>+o*FhQ<T48Qxi5hWDDo6n*ruFy1DlaCQq(
zxNWu$@BJj}Q~u-DjhF!zH*&TP?|-wnyxBUu|9ni3cSbbc?Q24KukEA5dm5wDdbSR4
z8gHOBZ69tN@3Lwg-k*NQ@cow-zN3Y&es@E>qvf}`f&Bh-Ry5jy0AZEzm=5iCj}olY
zA7g0mT*1)p^c_Xdn-xa87RAYOMxl6?4(&&XLds+Fb>d_Ui#s|?hxT18?)WSn+C7fy
z(Y8mU{eD#l?E$@YXjjqDlCpM|4($_17~1bmY8>q;RXVhXe#_9kQwwj`!rtHhvixpj
ze$%wx{ATFPXtc)^5mtYmsY81p8y0J4GPEZYFtk5CMA4?1VYE4<ki;n5J5z^t4axbG
z4%#S)(eh6$Zr)5C+GQ-xJyVDFrXTfa=S8D!uMDC6bx$4IBBL{4rVee-j|}a>4>gYV
zl`A^54;^Ia?$N^ST3B?j!ThFyzAa`(A$;=DXoN3($>x7EbO?XT#PZ8C7{ay77{a3u
zQuJGoh7lf)6h2@St~{zk_)kP3<wqv(zifxdd0Cugh7RF5EUx7Y9l{U%a07k&$IBsv
zXY|k^+>OyW^r#NuRzEO=4?oyA!Y^FbA-v!KLv*$l=4;`^1HVZh!TDr8z~@ho2E1Ss
z!BsL{2l({w3E6IsGQh>94De(7DLQj{81NxT;Z8=OaJmlgu0$ba^&B1GEm_<f({+H?
z(Fl<8*XcUI&m6wNeDbkNA;4?8>i}QJ=sYrA2l!iu8Q?P}G!A&DOFF>g_A`L5?_=Q=
zEj+vLH|pE<;5I!H4R_KPtp7ivgS&<a<_(W9xZ5pZaL?OE(OdGvaF0X^-~5Ltq&%X7
zdp%J|>8Fi)HzAB~v$%{$bZ|e%;`%<KgM0CJH_*51E`;EII$a0%Fh-|3UkCSX-!Zta
z-rqRfpIp$v{l~ow-e<M&DJ@*K_czZc>jD14v}nNJ+(>Ypnx+GM^|yrVuzUviyH7H}
zje9Bj?rCAbha!cEjKVw9bb!-%<4-v<O9yyg7Pont4)6{vE-+08c++ohFrV~SgaB{b
zO$Yb^8ckAGP16Cs<q!k>>H8W7d`N{3@Gj*H;G4BDMGKpk|7LwVsh<8fwVwX>In)29
z>h(W17#^6a>3>gX`d=B-|E7cipF;ZI2B!Z_)$4yG>{FhesRKN~;zmx@>whdRZ>nDZ
zJ9q<qyZ!mF{?|pX|1mnPr|R{;gPQ&~{ulJWb9()6kEZ`=;X7LR>Ym@KZ`Z^7<A<a1
z-n^dBikqUt`yU4g*!(FB@9hg2-f4R%dhWwvydOdeOBsc&59{!rMif$RpP>`rceA)3
zAJ*YLn8h7^SciA_12@pO|8+Kmca~L$_Z1pjQvUw14sRN7P@f&wINp=b>hN}c!|)xX
zh5fX!=QlURyTSb3zB*c-WKWKUJ8vC<^~cFNxU<;6ST&i!ecu8G_eZ-a+Bi83_h_Wh
zf>F3<vJURbeN2(o#=*7-<8c-@XR;3N-7N0$$vU_<?z_SKeelmAxOa5Y!Tl7YbH`*I
z+%(=mZ3c{O9PW!j9o+kOF?e@rVX+o&+VyMX$z6EFr4?>|<b}aj-g@0aJ5dis1AgRF
zf~(6U9pI%*Qa?3`0WP~4;Pzb<z2>1X;13{$*BFHp59t8+5rq`#5uH4FoW<2Wqyzjx
z7H62G16<g9gFS_>&x8OU-%$s63Zql<kPdJfZ=g0i#xxH2iZeREr+&=<o}h*IXrb%t
z-!`ADH(XAg7>)MhpAc5-C+g6?ubf~_Ww^*s&Sz+se?`%qCWg_zm*hXA;F+jHyA4rD
zvE}R7JC?<*nW#hiJPimb&rj5$eYorf^T~-y2<<bs=+OQLqceV@4(%7p7}^hvZXE4a
ziVp3{oebS`T6jtef85zXKS6u#Fi)pM+i`f3<q5CgnJhGbGK5XEy@PKqvfsdw!txzt
zJ4Z&}rSd<YLNkP_;HUcYaiR0}oBpG!g16Md4%FlMXS5IV9d@_GDQ$C!$5ZI&)Cdou
zll8Xd!AWOt4&1^s7eeyv|EQ|ofywKe>mAc32PQ|@r;eGzN8@{=ad#@7$xg#-^ysb{
zf*1Y!rlP+fJa?Ue?qpwyVTa^jLXR#y;t?$`$o~BntU@Q=59*PBzF7mJEZ%^=8yw^Z
zBRf?Phh~Hzt!F<^#|Py<Y({KKELdoC(=7g|Wml>a!uPH6WRQ@h9u4_}8fMnccat%@
zzj+YZK4L<37ab3L71ERye@5p`EJDJFx#0-+GBh)sWY(VMDq|x_Qxrb(Fisg5c@UJ|
zk%vJ_$H+q;C7B**p`sHzTP&G%7G<6mbYAx57KV`L9AvX~n;4rps{MJYcsH=w293=e
z)xIKLJj6JSlZO_9>=h3MH?E1`hfWY)KYJ5-xW?nS-^qC}py^x<Fn)~6KRYUaS|j;E
z;NN9%$H||zibuB=Q0ONI=>0?Fd6%1v?$*$I(f>u{tf{<rMx6G7Fn|t=YW7vjEp&nq
zX6Cv*bR*V&!x#1&ZHIrK$1GHbdo9#8w?^%MTLi4eRq_N&R<n3*v*fZm1?f(_u1xjx
z^^Y?;CA-OC+q0mZOX4kJIq<I_4JyOb7CgG>-s3r+S)Qo|<LL<abY2{YzHh`a7I8!}
zb=iyZVgnwjUY=_3baQx@L1j_}a<>$zOna70{x_Qc2@lX7VmtrLAY|~K|6n~+BlT><
zOUqT{9BFx4P>QPbr>wolt+W_|Yf*lU4OKW5rC8{CE(p=Jp(@QWsk=H}!SfIf@!W8!
zUj=VF;J%mlRl3u~3hz;)rz0;`M4xXq@U}hfIJ9B8gnw?uQxg7pW;9r&1Hot?ChmtG
z3?vUANjx*_>4Nr`;z4-=(HLPFE}AZ=%?8d)ba!FCZZz9uAVS8J;t}zjtUerPpiG{_
zQntxfJbxd)DxTrJgUSq^QfLBkOd=G=b1t|s?9WQP#7npHwyW;u@_7>XvFPMwE5>7}
zmqt$Ad4BQ-b_r#!@+rPmB8dAOz;?o>M|))j&1a6hhN#@kuP8Eq3`14bPw2!evlI=5
z7ERl$3dU{0rb6a6VZ}B~cZo+KOXijw=@FAd{o2uSAFg$blzJXTw`*OTqKx3)oWDl!
zqxae$<$DZtGfY;l^caZGv!2tzc(PxP%gH<&?1VW+Q?bf`t(@X1Ufhx^R>->_Lq`+E
z4soALl%3-7$npD#eHc6cJ8-DkGY{{rUDXCgQLzXlU)u+Cl21w)7|*>J^1=mzNcYIC
zOBkR}1jf5pMvw=NlRYWCuiQOb-uG^q3gb^Glg^*lv9Vzl1Pub^bN@sIqJLLX0*=V9
zT!kU1D@1%A$%mp@E@AoFYWY6-^CcR(2X0L;d}s_)_eS2Lb5U#Pt&{^}bqda+9i%S&
z?S9?4sHqg!e<O>Nf2xI2ya^GvMd;y4YuV09QLA(%Qq4<_sES9^B0k*0w1%}>_@)-V
zyrtoJI*T;XOt+V^G01kv(?<Qud$q~JnY=&l#C_Nji7)fUfO-to=Hz<zqQ0HjsU9-3
zSF+%h)%sVYcrgK(1l?^V1lw`z;#VgGTSYmTN{~ChU@_>#iod^bPc(Al-X-K-y+?=K
zo!beynfK|CyOrYl7qB?_y&A3kYQ}`=p}$%=p6K<zZvtz-OMhbRw>W?&&#G`h@eaPS
z?nZhNnQYZ@&&3knr*Ldox)hbAI!IB@YQ`A11{ms{Ak2^USILJA4Th!i1Ba$^g?})R
zz2WJ5dl|UyptOW+22oKA+1TeuvlDX$&NgwrFPLhHoiBwh<~_>W4snHaQO{x%vzVBG
zcai8V_2i~g;|%C%JkdFDiPgjvPBJp{H|YJ=YG#dtx3RcDP^T+FWDzM|YUU7Ih_QI1
zoHWAZ5J#HCY!f`0r4eR$GQ*$(Pl?iqM0iRRvlC$qv7jsz#E~E?vn}wP3eTW4jfB?D
zP9-N=m}$7wQ$~L~oG;199HXQQ;>jRKK6u8{MaON)N_Z?t@Z40*+hQe^`7zKm&w36!
z)M6}{(<XCIA?SiM(vl;dW%e9EAFoUHe1Hy@$=+%w-BFXn{9jB@3%)`|K*P}pXpDe^
zgy46fJtg7lH==zDv-$Y}ZGN0q_)ztN31m{ABdP#e4JK|Rd!K60`Ctq5zsU?-CZz?}
zBGl*(m^BC8Yyz`~h+eT6#t^27h7ArKVky4h`6hTuS5V~$)h$9>xsN!kRNj!eS7jEt
zD1WNhiMreFPc<~OFTINA3wwgL9cB>9AH^Wb<Tzlmd|<MC6WZh+inbobR>OgU#Q!8g
zJdIXC@RP@pqfCH?5?Dhaez^w3j|~||9O^dKP)8TM%NptA8lZFx6TcADZRp_ieDGO;
z)!BuO^Pc|U1*lIwf3M;$@(+iT2Xg2QjdlR01|@jujJOB2RWn|9*`ADvrdokZTVN5?
zfLIbZ7vnv3P2A!=UdMO8$lG>uD_djFsg4!IpXZT#1-#YIwwv>EM)ccUEJ({zLAOFe
z7Iz|(Hm?>W7=lfi&oTQu=zFu+<zHmZmGV<HH~WYLTJXz%02z*4))HmCiOdSo)6MXu
z39SEd76ZEOM*Ry^6IoPvDS11NUbmwIr8ekE?BE(+Enzyj=L+wwOIUCRo~t5aRZg+Q
zB`Wgp2jUFyda#R7nqy!E=(!zxr_)yC;IfNg{*o93RK~IdHQuq_=n{Ll#QA0?^i=2S
z#i^{#^)6t2MF0x7x(YbXSR|GN`||#NBH^Q!WbUA=607*Vr+M4Kc^Abkd(U`lW4}Z{
z7hLv5TM1XVneJW#{hYKb1jG6-O^Ml$Vno>7xDs<Zq{N(&Kbe3^Off1k#lnhWro_mQ
z1(legpu}u<bljtiL)X{(`JCQgt$5W53Z>w^ZuE36%}&Jfm1dh_s7#BoW!;%yVw1_G
z%b-#Fpo)kI;(U;JRYKr&EM(zDlhr*3+wCpP^w?&4Vdz^e3?Zj>*%mI74;)Ve9fnl{
zO%Fd0*RSdrpSg#wUNBZ@50M{-^gl8|do+{rES|kR@z)lbcNg^LTq_6PEK|{ME68Ih
zJ5dD5Yb#!GFE1rpU4Co8DW2_KoC7)igKvcj22;cOF`oB9m0vA!+OD{}j*$9YM$8jP
zopv831G3}1=4q~0UNRxh5G+U0jcYg$!iZ!5aXgim^343eB$w3B>ak7bV@+L<_;7#X
zS*C=KxA5Gi0Pn2;J*#LCw{FaIP=n|92Rd_ss{?}A+9mc2)OUp|4YEc@DX%>Z^9|?%
z?Eta4f#c-ky6lZIm0OoRU9c5<Ou^L5q7nY&bAo?R3Ev%^-BxE-%Ddk{aOTg2wzku~
zKms?Ucy;#lpkK!iOl<I_#7hwl40el}PoTe(lvC6Q$K-SO#?j(IA-aIb6))#Xx1;sF
zSswdth@H`iF5uaXH_B1`d+9#LzsdFd*#kEl&xSZznr~8fcRav2FR=n4zq2v`gCkSv
zzR4_yIYp%Z*CueQ9zb(=5n5feRw(FxyB>Y*=3`6-KCxAB*(ESOE4P!cjVSn;KU4og
zv$ATf8uGvEU2bmTv7o|Te|r1vzkk*AcBWgK-m>vH3jh5LC3oT_RfX9Z6WrUB=42Oq
zBbnWd$?Rx>ZNfRkEUO76wo5#VU0ajaKR+3f*K1y<F6Hu12YJ0LBCpT$Ft<B#8Kt#K
z(z=Somx?}DUR{`AU_PkP$u>x82|g1M)pww%Zcn0G^AB53US|Timzgv~FAm4#SH?mI
z>#S=glGUKgWEY1db+VPBHA&qWCABzHC#cO)f|^?$qyF!t^iEAm<IRIu*Mh%CCYrxO
zMjw~CdmEo<0%tp<**KNouS|=Q&}(?Hn%cfZ={pqHkChQQ=n=5qdfHVvIU$DKTEbk0
zfGQJ^_$<7^hjWVkn(3B#q~vD4a?hFI&xF4+bGOm(i~fRv5ILdKh+=!U7Hp-SB-|Ng
zDxl^egsnQVor2XlhN$^d#NOUk=XU-QaY1T<Y~2^N#9rt^^KMJzD^a%T>d|OZb;_LP
zk{0n;z?*o9pM-Y&(*$WbaQ7gq#I30L0m|Ze5b}%<e-Ly;9`%j(p%+F9po_vA*2o(<
zJiOtush%;cf>9q<p35eWVk%7Pj|Tq$QyjECKGPoAv^w|#s5+P;2iH={HhB-F9Mwp=
z{|&5OHVQBPs*{V~(%)tC<EZeOy&F5C?-jO54$)r@V3Qho%0{$wUufpNC1%uXvp*o$
zv3T?rvoVjdrShPSY+3z9a^5$Wvg7N?A87lZpJ@A^pD=q=B{(FCzm$QaqMkLs2^XVg
zr|A2G#Qel@nyV1KGz{4-dk2@Sy`e}v$Ry%@b1b@5QgTIn>PZXLV%f+W-e;9g_ugF9
zJcC-ozPg0cQY?w!AC=0kJRsM{e!MdWAbNLf!$Nbue;H_b`Qq+w2HJzz7^7(i|Lpob
z-8*R^*Ca06Y4>!Yw7B5Q#WW=}H}EGw3jxT~&3JFA8S;CA!Aw-?e{p-^AWz<*(5*u5
zY^?bC;5Paq^G*Nm%Fr5Px?VZ(4u0exH-eXYu9q5eOIZ1s#h`ScF;jC>^p15eO^e#+
zhMoJF<vCB_mLDejwB+lqdiNbg7ANJq=f@ceVO-MI196QaC6{hqd*0TSf%7@XxOXGo
zpd-KkGO_g-$n<5B#@5fQXZ(8drU<{X!u)^ieG7aORrc_Nrfq<>6SUa!ZXsfUs*MzF
z7mx;8Is>WHm6a+!Sc?^v6_iAAL8zwHjzbimtFF82s=Ko4y6&nd_-a~8c_@#9Je8LS
z6C$*Lw&l_0JLlY)$s{SY?0?tq|NVX+zaLF9bLZYW=bm%!Ip?0oZEtG`o{bL-R1thS
zJ#ZM6sV2%si)5pWdYhs3-{-S8uqd_fvMayWuly6Q(6=}AZ-00<KK%XslZ&JIE%7c8
z;siVf(fQ3_l9HwVA?^WESuwQEE75o_%pX}oQ(!CELu!>zQ#ms1Z;Qw;to2+t18uZ}
z@jQikwuE|~hN-9xJ+}up;V~5J`3!<)26etSu*LX33)YxA+CR2(|K9$=p2y=ZJ(J1+
z!8`U3gD&Ni;#W<a)6|5=%2G_|bnS3E5`uDtcGrDC?g`-gI`B2<Bh7^t5a(cH4Z_fI
z(iK3_wQ@IT^h4kW<WJXWDI&3Yc^)RNpak!c`I*DvH#`b{g9&z25(xx#mfRp5j$ee}
zn3}@ixL!a1>TvxhM6Lg5Xj4pACd?d5R}x?*vvg2+7t9o-11uf+7C`90ejP#HQxW9l
zix`4@pvs%NJyM5*Q=TheMJIh5%V1I+kefb{L9pi(>)R-9U0W~2oQ(B2SZiPdF+><!
zx%46=!=}JSV}3H_cbHF&jPFb7ci~MmDg13%e_&3)>*mD^o<prl^4xf;DzR6Y^ep8R
zVfn<g6TaB@`ZN1|WPWYFXZUX#FNM)MN*jL6{1LI<{PNg>1PAgSUXWw2fUhA4j~xL&
zl`Ef0;s6cze~yV)m5-iLivZOtV-t|ek6n!)z(EFLwiIbVV^0TOZGsOa0FMTisp+~e
zdngHSY{wf<KgDV+9w|&^d}(YoUS6PH-cp##McQNLi_(vjz3h%zm}M!i2-Ag6naij4
zf$fx}L6ahU7E*-|fv$^}@JkH{L-R%XL&O46+9vvr#e>2l_!<+O_LlMki}~dZW&Axg
zW&Dil6IdpzjGw!Pv%|H;PFq^u2PPrC<s?7HoLk1b)|BP*+kFK95c|mj{*yJL>6Dm$
zT=eZXUz3|@aXAXSLa?kL-B%#3aqo#(A9y@A=b0fKc2NyoxNU-IJJ7RL@YGn#_&G3G
z;8~|>4bc|BxUw26AmQ5{nAU^Kt2pZFgQy9jT>)&Mb5oU`&X%B<yV{j(-_16)`G!pm
z(}3n-Q?+`TAm5{)moJ~1D%97L@c=p#1hjulh8+rE6>dqWK@mxJQw3lHfo>9fN<6NF
z?`Q(3mjWn<V)~Z^LIB@A)kY9*LK7-gZsaSf;q|dvB}xidtr9>x)mD6RJU=JlGI;YE
z0`&|4kPm^guK+~LqNOJt{3ok$4TqR*0%e<%`}>^oJo0JSyRjdKNv_D6DyuItX(^q=
zRG{_R;mx-N%ktCrIiywY_hFEH8X$K0Q?LTC09fOFRXZyNZ2|3B^wePuNP1g~b4aF5
zph}ti9GIy8m%vo*yWtH`%Ef7$aoXz$A^7cUL6^SdB>%}~r|F0=1WOF|-!914S<8RH
zxw1i?C`(@_ZT=Whz`YZvFp^DS4G0#M6VUP+8XX4?{1K04bI5;Q)X|*b@bAiro;QHz
zl^~1+WUvQOmdX>-w;_t!85)Hl>QEI?kBjM>8KT-Od<C9I8Ig4tPVA+n2JB1}Ot9Oa
zk3qdP@F$8l^I;~S&S%rfL<V;-5m#n7#lR$b8z+%$oWyHH93>=#|7mIu&L2lo3q^ZB
zIh9qf_}v6n4ItQ;rC(}MKO6gQiL6iTKXW>Gj(UB-Z;*NJI!%QVU}4BPJ`Inrk$$`r
ztZ1xb)mP;OR?3(BWj`{aG1_vX(?E@KgRmutr9Y!6>lzCkV?d`lNYk+I+!7+M4Zxv*
zyjD~Gerb~psH-}Xx~hquoS0sBalVbBBeKNwJw#IWaB@-#Dv!Emmk~YHf!H9V??7_O
z5oEIuv-zvoAjq?<SbU)J3-%(i+2)jU@YUwwmE2YCexUO46_jrtv-!89UcP+^lALRv
z!&`vVrZ}WJ_wylY6Q0nhjY_Gz`-!I2%y9)MO{VEX(_;UaAgf59hE$iT9Pf$qp`rz%
zl}^S5DcKjn;V|Ef<5H52^H4Cp34{Sf_A-~|@gV2+R|VsFZ!;M+5352dv8(n_R?$2q
z@E7&EvLC)JHR$ikzE)iMdQfX-DYlz>V0ys0`bN_fw$UI(&}P#FKX5;a*lz&W{qdAd
zPDv=TuW?A59p(EM7x2s1Vy#49_@Wlr*8)TmdwGX&VtNy<X0nOZX>{$vwcJur*}y1z
zSCOe!Og}05z6C<cPIVO&cyB~P+EO6xa_>QT51!eK&osa@?!+R~8WDgldVJQv>w>gR
z`7|Dn$)?Q5ieyeH8`DmjEV>I-zOJ7%Pc)_R6_{a~Up`UK6`Am`nxPCG$pPSt$6XrA
zP{uD$491`w5ZeSF6>Is5#W5VGDK~JpmznN%Gvi(NA;CL<+Dm&;kXluh#7RC7rGTxj
zhgLsWG3jaSSJ1-g9kl^I{4=4uF+KUp$#gc^q8z`cC0GHBe>B!=U7pyDb$^lucRvQ*
zH-);tJ=8s4F^lxN*v-i_L=79_V;sUnFPu1yy@$ZwqcVru4{(IKyU5rbJ5P+gi>K}`
zWZflTcmHBDYwbqe`Ma_1{FK~xz=3XhclD1Mx})<%Z|sC5>hAq+)ZO3V!(Ym}JH@&?
zqIUNZ>+ai7ck_+iEnwYcUO?S_z`A<}yGv%>y~Mhc)$S&<?kYmv4KsF^$-0Z}McrM`
zx|@RC)tRWf(X6{nwY#&F`+va2q3(7)YUu78x*fZR!LG$b-8I37|9%r&<@Jp%LComa
z-P0PwSN@TsLE_jT*d7P@9UBCnQwMPy2bs?XF)<L-ut7e?L3*({Z#PkQYt-%p)}1fZ
z-B4q9!&rBBT}a(M!@667-C-G9j8Ym7Tx!x-pbf2r)dA#E-&K)=K;2m8An<eo)~<yM
zX~vd~*z#l6@>8|t3nX--x_#N7$rs_+7%~&Qa^J=5!4=8O*0ORlKK&RzjroYE@qoKH
z{WWf_G`z-bR7E0ocMp1vF&w?dDAriH_|YWQ)lD@`;OOtZqN)9VeI;Jacj_N;TPzoz
z4-&mC(W1YvU67;n70tiY8{5zw2aXr(S7-Hj8A}4dj{1OwRaUnO^@U`K0udlX`KYQb
zDAZ4w#SGf>=2Dvp^M!g(703Rqo{(cQ*bD^Ef>aI_%?TFF9O>C_5?Xc&-Z2*Fu2p$)
zF4H)EJvx<JidxtVQj$HNlfvj42#?JbWEuO8c=Fb{sLm|NP@cybbvj7)T&j~j-9G}p
z)Q0P4T^Z_!IqFa&^r8B9Jk)gm8fdHKv+ipD&uaazf9$7T<<2?ktIU8e2LCZ~*ma&@
zMlqDEGgTi95Z6+b(s3<8A-C2QZ{O{|kfjOEKnq<@sSO_}Qgyn7ap%9!J}|#XevC<>
zs_?WHwp$RMeCL##3Q)6~llV^M5UwcQM_X)n;}*NSpmMkCVicBYLEdzxS7Z8C-*>pn
zUgnzU@J>KEXNN<ob?>Gfmfv23(sGe$Gw!V-=yHKKaDTlScYl~5mc{^S7q-|Wp*}x}
zoDgx(h5a^;N_uV;dyq*Wls^_l+QZ5xA`@v><uH*p)5=6yn-vSPY4Kw+DDJmf(RvH7
zFG%YI-;o3WjgY<z<?vo*{QV$N%tSTChvpo|M|%BIr>VnMC?%l64+>2+o-c#6=y|Y}
zbH|mBF}1r#37*2#ZuSQFQO-YGBMiH?HLv{8VnLo}&8q?-!aM)CkiOk>fEP>~;leMN
zKmj6^2xRt>N%Jbg^WQP!w*;A=lPD(z-dL*pYi6jC%jBD+DWLrF!c?273Z!tXz$-`(
zsHG~rP8+Y5#d>Soc9a4rA2q90h00(e{hDmCH><L__>q1dd!3OV6`78o%;!I8D>CgZ
zO5YAj?f9zXoFeb7$BWXpIN*&$Q|*MR<i4Wsuo<vpjtNj_u{oCw6kILfG1n8s_NLmb
z<zuek=KDp7OaoKo<RsB+{)O1Gj}UkheW?-T7$<0nSclcu2$)+d`T`&!o`K;=#Y{D<
ziofzGUy0|jj?eY=D>8N56rJWl;@`)TgQ4-e90Y4%irZV1Wp|Ssb%yG68kxTr<nq>D
z_w^A_*@uY>p8fj-Z*n>Oe_F`he1D?g%`QNbo4*+Mel%WtM-`ZXd82caBF~B^Ay2Pg
znWU1k0D4=5Z3ZvVm)gksi2u*x^XzdQ;IrX;<=?{TJ8s`XIDJtVPLn^Ce76P5*pJuX
z2QL^DOf5qCM!;P_UBUYR%zcArKg@k~RkD4uYzCz?zm4@H2J6M#dcNXKj;UJK@#SN3
zx%mpVa>_HT$bo+Q8LEPHx=xF}w@PI$>a<bTA~b(v!f&ka+Zc~-@@N#Wx5Er@NwN$}
zatd>fUxUc3E}ojd+_bu*#<YGx*M3%BGaQ|F&eG6X*9!lAd@jaFd=p9{2bAjD<JEGM
zk@oR8@<0K$eDkOM$atw4)Ak^6X5}DonxdR?v|x_N{+O4-iUrTq+-|RK;{VCJ27ofv
za0N+wpJ8mx3Nmq9uSnp?<6OR4Nq)OM_z~KsAB!2=V0kUpos4ZMKu9$a|I41B+i{Kc
zZ>3g29!J@j`)g+jfRoG2u0brMYEX&)!%`D%HsegpZj86x`#t+&VD$YZhTh7S8oEo=
zy7M2t-GqWiJr<!nL;EtorGC19BV3R0Kflh<!MM<T0Q1*?#Ms*GGgHloCPBUk>nMBn
zw>H<%C9w&sX~s?W_kF;`P4{nArwSuV`iOz$nm&KVDPJXe4z;^}g}JD4OwT^EtA|6r
z##*`7-7_#iI_23P1G;8%k#`YQyL#_76YSjMq*iE%=jzEYIe2Pu6X)&@b8J#>D`R5g
zjb(ZSlvYZ$Ua7RG^-@*&7KW$No0sEB!<C<<sz!;+N-%<Cu7xURtp)A7r&G!zOOqzN
z!kmlbE3rW5y3g?`W%NQEE{`OLK>gBA&Qk_Pou^#X;aS=a^{C`tGNkPY><Wvw3y*(U
z85aNY`=5%JxjL+U(@W9qBjXYHp5gIl5&oFDEquk@r0<^ukOFT+hb(|Bp~Nqn==jZt
zSh7q<l69_MqKO(C@fBZlScTvYi_^Q<Qc!u2uiT3?h_@=8D3p2*wK}D%obnJy^D6aP
zf%Kij^Ic2<ZobGT{2!w8kI(0~RK@34jjWnt%9oDgugNC7YOR{mjV@TLCU?UNsZ~>A
z=t64MWSX7NpH?*mM8V_qZL*nN%cz<X%dTZqO^#*PvZ|)Uv1?gXljB6+u^iYBbE*nq
z+<Ea#I-kO7!%CAa{_AM6KR7%GW3<<+NC$Q)t@9j+k-o||eaAm}HIj*!Eb!|PbU<GM
zUr^)b0sDp0ABFBG1S#1Tz!(&ZG#i?gt|gv{HrK20U<zR+^7$=d=~lsaz^sO@-Ty*=
zTxY;k2IlvHlRE0-iJ_~oq-*)OU4dBg04<qCo@S8?69Sfe=>$yCUOnEMIXqY4mtcu0
z!8_Tat}lr7>ag{0-r+f<&om_vR{(@1T`rbx!`a}@E{|l>Tm>(de_Sm6if+Ih8-CYc
zbzyfU@fl_tZ|%wVis6SP*w8N!7?3%d#uwd|#6@_jic*`s8NimuKMP2GSn?}3&^Ch}
za*h61;3e(NI9t3A(1H88jMxD<{!3JsfpZR+cpK?f%2%0czEXcr&RA~CAWsxaUpl0%
z4hrM4R|A8HktZYwa!*nEQuKVsIA@Xko2JU6i!K@45)6*xpG<<)_nK+5129ifq(%Yc
zSoEdnLnX~V#XI^%zTyPaxKo7BnqcDSdmyB@!)q#WQ^}XWDP;hbEgCF(7lFKj=t#gX
zs0ad5HRVeO5cbLq&-drxlB<Ut16znR!4jA)$fN1a<ta`0+USRPU4-kWyU<y>AOYoU
z6lHZ6P?SnU{?mHR_0z#GpK2rL&)cyM26=x1VhGY0Um#ZbYz7q<v`Tj;h@K5Vb0Z_%
z**=947l+=sGKt(4>#fSx`;$U%$UoT^uKTg-H%RF*LS+MBfvc}5yKLw*s{F~lnN_o$
zh0a~(z)*YjByVyXlV^^A;#|kRHikS%m%t-MKw)!5Pf&Lut#^PJILki?fgL6vY=bpk
zsmli`uD-w&yuFuZh9m^#<S-Hr?0{ytv%F3<11HYvTt;|em_bI+>dgb|>@H8VP&895
zZTk2{k0-_ZX1I^HSiO4BYKtgUi?CfUGdubG)k0~F=*=#t(9?1%)hVqD?lbi7w&30_
zNO86G6KNw0i`Oky-624J+z?z^MH+OHNN!ph&jMDkO(<P2nI8{rCffPU^(+Jqp5Dfu
z2AUui2+zs$ET5A@V!?t0zF?d8E>rGlS6ZlF_f^s{;w%>eKa}!i?E2<f1HJE+{0_AL
z?b#a4hn-Bm5FeD$UlLg52AB^$VDvvEcqPi$Sb}Te3ol(`sg-=tJN|SZCpZ9)?G8wr
zg!Q^W#*r`j2<M1$P7Jzgu32cRwO7MWm_ohFDqnBOt3sznX|?~4-)s%So9VxwfZyT!
zr@B5U8UevAL#Egc>jPuT$&bm|PfFR3Ny$%!;4kEEclRWZ$qoLreeFT!E8!jG9!4g{
z1H&lDX+>|285q$!RvGGI2F6#G#B=uQ@OWn?oLGbxZczPyrA^`Tqj$V13|_hG5Zm<m
zM9K#&p4l3TXO0UW5B*)j`v3p<+y#7IJt+9U0-vvjc^L8evO&TBAU+p=8^Y(m3?+QN
z;F1pT`TBbqK5vrZe@6VO{_o?LAeq;N5Ujjw_+^U3uXF=`<rwfwkn-1egkW^u)(>62
zqYw-y#4s$Rum3yvW$Ge+?dcniUmN;%9lt=b08Kc1qabC2nwh*&<!1)`YWgOGUj;V8
zuYcJ(z^~?e7=F!t3?sARBJ}D1k6-@=e)S&kzXHFW=pT+>i~9d3@oVY+5Pp4^PWbi9
z!5!e&^RpR#Su1}|{Q8gXk8upYR8=0(YlBc)dy?;EemD}p$lMT)UNIQJ6SK@LPqwh|
zlY)7GU7HcRPPm2$QVrq=%qmav3*FZta_x(OzVkiI?1K2UEQDTo$7WXEgQYx)>0Znl
zl1*kv=EG?{qCWXw-XAZEz^{SlfnP9r^JDNQ;YpZq!ecn=Ct<z@{K`5I!mr9fgkL8H
zb%0-2-o^0i-ACd%=rAr!KKOrwe|3moCjcbA^TaPxC-`->0l%Q{{Mruj3rDpnGhro9
zzzW$Su?uh4sL!GN@!#Da`$g=J{ko1{IQx3|ldut{oKTPR-WZNwn+*7M@c<UtFrWkc
z+I9!Suj2A}?!<o?zeK*E3FmKG9f4lP=l@gtW0kqbdCK<-EPTOsQt%PU0KEpIr={mm
zYp@2l$1zfa(0!XAjRXX!%I_JmI|4%L627^=D&dob2KtqbNY?>=ZLBgU(NkgYI$!*X
z=^}nDiomaX&I7;r<;n5<@@zh@Dm%U^nb+(U2K<_9knijI5`JCLuLJzL|8|C7O%KI$
z{PNECN6#V)$IyvgK}3qgKa)_}Ab9gP#S6%+(90Sz=>?rp8TAM34-X(({Ex`Z!P<_V
zw;C~VL&WoHd8T5j&2&<f&KfZXBq0$!HYxDmDV+!|rA}B0URSD?*-W#6VI0E}GjX(K
zCijIH>G8EtI@tn^=U<E`0a-$6ad7l?35)B5;2J!Z0Irm~`Jp~S>2blE-4y5!f7e5Q
z(hkgqBV}*$UTY$(TI-au*HE{vm|$MeFkqxU&(^CHGeQYLKsG^6YWA4`8onTdMk;h8
z3$19`_s&-;*De~M#l?*Zi=m5AL*Cd;*YWziR>J4{JOw{jb6QNCXYAs8^EwNoTgGxo
zU65nt0xu(;Zu76MkL5!94O_3Nv|ihg8oc>y)V1q@%a2hv(ecReq9uZ~9`kPHZs#ke
zcVlq~QkxoXmxbYWc{FFtC5KUsgJRKgybyhk<LDUWCQLiGCs=HeFc9~NJhb@RgF<~B
z!NFTZ;d#YQ?@XIjr)SkM*sAs+yKEWx(rKr(KUi#4tA(#tDkoc6k_d|7%WZTEPAv!F
zU2sd33n*?G>m)m+1Hs~qu*O;JP+I+Ul_OZ6pL@n#;eQ1u;2F!$MR<=2!8;o+o}Pmj
z9ifYPaPd33SQNVG43EIOLyf@W71xzk&R+sQ!yC-g8(fDCW=1u@2zJcyl8v{o3o_UL
zw0wD%MT3t9<5WEHd4kG<`@V~@AI01;R<V8+g4%e#3@f(`5jG<pkL<Gm4}5?Gc!ZcW
z2_YA!I|mrShH;EN1y7wt%suK}8Mqu?Ub&}Jv}|C@v0xOS<!ZqLD8jjV5UMDbJlc#j
zRuUHZ5oGa7hKv4<-B`@u;Xp$$U=DN(XrYQ(%Bsp{;)ypUr*eTla5<2u$2Km@V<CU3
z0gHa^S@l|$^0@lsV0f}@X)!Cr``oQb5!HQl``>o|3!*htk1m4Wvh&)?2KVL2vW8<Q
z`1M$R2M_1)tZ5^j@IH`(v4{ZD78Z<Eh#lo_b{!Y-t*OcTCauag#w86EF>O*%kFdt#
ziFWmS56*bNVu%l;L(I}?7I|?(?&(FpfYDf_S)ZC%Tvp&~BJeG*V8RSVqRzMCMdSoh
zYAD&1h&;oM`6*r3BAW{&;9sG1ZZNlfQ8ppZW(z$fbJ%E^=vidt+<%TpftZg=_kCd!
z7kDi9#6y<~^3=_iz=f3!yyQYWuJ<9f*c(8&#2$~c9wn>47_YCE?Ea!4^Jn*reQ0)G
zCy5iCQtRSp7!@Usv{Ep3g}z>uLDwKPL1S1d(4NY*g-IbE+fN<g93i@d%)A;Oxa<mw
zP7ZuZ_F_yks@#56d=&mL%o=?&0N|j(z86-{aKM0wdWMnvO)(xz-*Fd+A@gZtzo9l<
z{-FDXa9_@YA<LFtCvCwiqwYdZVZkLX-2!yJ8TmczaHi=UJ-=P;e^GaMy%K+pr72jV
z?FXn&te3vRX73t0{mRg3u9nL4W`En~5&32aKWX0prn24MtbBZBtQw4m-jrW{PMIW>
zUs2cBSukBhA3+wZNFHfw3?QL>?GQZaI?yi27pV8$`+#pzvO*9An%xaTsi27ht5FnK
z6dXN2Ve!Y9y9FdPS+L}uLQ!C|;7#6!qCoN*%(Jl?JCu^!Q4}bq^JA(120(086qp_%
z1Q5L5xD)1rqY>i+8Ndqj27s&!Y5<YrZwStSJ&jY>!+j^Erow>6;nlGQ`UUuE;Jx<F
zFz`+#@NN=HPeRYfRZw>mWIOHGCRN4K;;})jgl%9w_S5}N761f1u6-6|u)w!up3wfc
zm*9po>Ut}Qo3&Qebz2uW(Z4{6oz4W##q;7L{a^h3@{_nQ{iem<>_3#P%NxKiTR#n*
z2mXxmX>8NaBcF<(At0U(B0&}Kbf}&yLKjneryH=9TDf-_#MTXwV(Z-C=y?f?KQxG~
z$2DBtM7X*hbExcKxZ2bOu~mnEC!%T&CB?NyoEM<{_~@tquKZ}!Z}J`whU|Zd%>I`Y
zuHQ^1`(KG_|GO8rNyMk;uQ1}%vX9S=PsmSgno~ZeDQs5yu)g&bxy65&V=8byr>(b^
z!@z5yRVI-Z^9zEs!$vuv?!<4OX$v~#F*XcXv=rqYc3m8iPe@KtQ{z2ypbb+$V<Wd;
zy>`!6ZNX;F<Qif4O(c#c0KrnZ*4;h8Ge<5|A(dleOdMr>qQnpH=7qdDa7~%`qu+ii
zkNIBQ&@(kupEz88M~MJkkfz1qYyN--?IS){!w(NDY4|mF2VZ$#9CPnl9FLzs1@)91
z4%^I*r<5niqxa8l4^r@-@<2Ut7)tzxjp}FP;eDNQYd!W|rz!|(2+k~~AWTI$9NK)1
zP$)T#P;g@0oSK)qSjhG96#}Xcxh`7{FbEJc`R8h~YO1E%1_mzErP5$=R%E^n3<~u4
zEW&8eB=`z5=Gz9PBF8BYb2Jy2(%eN3etCf&0%m@g(n&v1FL)EJy$lIeStdoyO!YUe
zow;mMW;VDY`4qRQJxKZX$`{%Oa;_U3<qvi1>Ha19mJH9uFfP}`PzSAZ+L_mkp%3Mm
zIqi%q*DI-IL3{$e8<Yh4&R6y&ABsFK)XN3O+JaIYs!gdB$Qww)`@!1WZ}^Hh^h53F
zwf4bl^|E&KTGCEshAH~RzU~Gu_NKAb%9My!iqHqzJZfxn(Ny*_*i6g~0)m+^R@z@m
zzQv(-d%8!Dcw^7@pnp_Q%^;;Vyf`VMp#Ux4<)LNIh?eW~J7^gvK+FB@;Vt)@J7_sO
z4qAQ~(ejcDB47D~3!&N4h-O*++JpS^HQ_Bk?hh@?D5`9sO<)10PPAd|P?la5IRQ|(
z1ZC&gcGBVmWB!?nA>^Ds_L*O!9C~#~sTzxfc|YcXm$oan+}R$~@+Yb<^wv~FHWH??
zmIs6W-EEO7<k~i-V-8XpF99WTWt-uxlrhPXuim3KywG3H8XDQxDqo2ql%@q2*n&?r
zF1T`QT=a5}h==a3H+H8i>(Rl&%tN%eEUewqt2=1-);MSv7uIf8Bwk~?k$~9#J!g#V
z-i<^uWf5Z7im*l>r*yE$kETMqr_QiN&eIoJN$TIh3g;;)HnzffVJm#?8Cv0g-Ws{W
zl&@(8Tj7OwM6Iwyu&3SVn)hLayPt_%;g-|d3MUSQ6;@7bFQk0AA$r5PoNYK6p@}Qo
zHng!#fgXB+e(gm&%a=L0Az_F!Z8-yfK|4}OSU_{{rk<G8ss&N-=rm(qt8aTU@iGm!
z`YTYfe5;sk^%vhsiHa3$z+UaWuqXf4lf_75I<S?a@X33NDMoq+-1uw+$M&l!bEual
z8U`l$8G3Lkxp-Bcr>7E1Q&MKeGs{8m!jtg0nPX-J>m2m&J*=dDgo3x4dk7|{lv0%9
zp!gBgY{f6W4zhmc%!=165P8b@EGrjC3-k;038Vyi2QE}^2+A<L5wBS*LcrUf!}jaH
z#iX+7DuZUR>_bucl`!x^dH6$^R%L^$Cx(f!@RwSA{>~58JWiuLJs6ZQpTtUZH&h%`
zSmrRe@!4<{O2h7n#}X87jC;BA;USzFt}zwV<!dHy4+fG5SY#!+EJwARPzo$%?`;I%
z8Qvk>XWdkw?fy+X7f7Z?%B^>>fXY<mSL!#bGU9S8j>axutvATNBR<kU`r+?Uq?e}J
z5~LsTeV<yc>n+Xgr1`VVA*B<|6hCsxqy~LB<zMGG?`|r=>>^{F(vL;bcY$82{ZRDO
zl?a}?Wv(H(H(ygkd-D-yT|!EJd2btBaqsYVgBOC$JOK!E4<<D>9SWr3R7;c<`;i12
zm4CwLQW3DdDE9}xVgY7eM4w4*&-ILXxQBZm;?JypEr35lTKR+5aeU?TxQfmBHV{3=
zYvUeJY&5Rx-2(ej{UY$yhw_QGmDmi-rR9Fge~$^%-GuNV)I+yJZI~zIiMw#`m+I_C
zS^SW8AGlGulXdpdCD<8XF$nq!);V&Ix_A1s$#j^P!!OUf(eMI%Wk0sRs)LNZgCsfZ
z<-VIqGO0LCd)sWZyEdw=rtNJfiYQTk7w#p9VVcN=(^zW(e*+SgDC^*glb)B!OneMc
zuSBVx#sr@#O4{70oRnGe<}*VntJp8K*2<gEFi=ZN<+{q@S)37cWhp;?Lb@^qdjO7L
z?m(1BDaY~+>)Ny(ao}^^u(Ljn4@`j+wz|93xu+_d;TtSRz630K6{4b%t1)6uRo=$t
zfRR50Q#jrHSfV_q_adtewm^gM{67zWPbEtLvp;-~8L}|n+F3$!hg@i`tX@>;yn9~>
zRt)F>TR^10rRx)bzeTy<yDk;w#W_w>qasft6h17<)8O|JRgw7WYeM7A_T7FP#{5TR
zz>^Ep%I9Clx$G#pzj1L3jZenhTxjC5;|H*f9M^P8Ylm7VX3MxXFpcu$sl&W;tc_B&
zqz3YsHS0H%Sc*_7$B>}TlAT1^q^&?K7W|Tmf6@X8S`Ly_dSoB=WMxS|V5sc(OqiOZ
z@+Kfe|E=(+pyDWBF}_<k{!^EuXWFv(iYZvBM$WVu1z#e<-I!J3TOyW5<@cAetO{Gy
z-|JIaIzoK+Uo|r~$hR|b2?^;Rx{)FMa~wO?$Wfcz{xw_g`Reaq;ctfFIZD;kp!Q?F
zvU_S+eij51Wq!>;xXxF;m`c=(nEwxTj9E%c6~q1D5JtGqg*~V&gJ%NERsEH8nqm6n
zfrsSgF|zlurz_V2Mfp#w_Px+s*6i2xiDl5Bz#dfjhk8F>I;D&gSWgeA^Y{Q+86J+b
zxwrf8gQq;7*j|Ba-QB$fxxz*k8AIa7D?JNsGrIGYBh?H=C1K*v04Cu6>v|M_(n8|T
zAh`Gkx|kWdI3irY*{_PQ^Oej2AmB7a$heCiW!7IFZ$3cU65$$V`y?&4%$~$aJAlkT
z3McdTOj<klj=&x~MHmpcBye${M<6{g2)_5DqXk-c<<;E`1#*-Z;9DR@*YJo2%yzc9
ze{m)y41YW12Pv)UPDhf@4RxIx1$Jhdq6yqcrIr9vDG75_jEe}Y-aQhtqf%_x9a%8B
zsF$bpM~j7X^g^Vs%Za`&iQeRhzD^Q79acsUXY|GBtwr4dKA6Es2>0o=^p=f^opJbz
z73!0Y<PIs3ubdxbf_0ACS?dlXu^mv99R_0Scddcg?ztBCmYKGkvM_qXpiiQ<TdrlB
z%-h-><?UiN)-2_MeGJ)qyu%_i@hN32JP`QUD37t7JVSp~Ah_1C?8!}k2SWR}J&fK%
zAo=AUjow}$dOI3MZwK;W!`@rKI(iH`as=!0VW-~fzpKl1me(Pj4QF&V>ADW+Y}9p~
z)7ded&Q|pSQrdeCI(ws!N@s+1MHm_T95nU6z*1X*Je(egiy)uU9UA%Eup^p$>MmvE
z<84g|&&L@>KV+!IB2Yj_x4x~?(M^c<dzH_B2$F@$S|HzJF2F=?3vC(v6Mw<Y#ePtb
zzKh6Wn}z~r9wwd330#S}qwrWB&sQl?mZ#PtO1E0VnHX+XL%W6If5p4ME)nHLIf7}g
zvTr;ijaJGdaXnnyrR!L!%HXfs2p4y$LD5-M#{#q+JOanrKtEVXEkD(w-&tZK2OFuv
z#;n(b_OL5FOV^dXH9cXVTP@<~TdjQMXgn^HFBhe~;;=^Hqt+n(TTB7dkHlbp_IA<N
z9wU0%O%&C*iJRn2&JtFzc0pdqT_^B`n=ulYAHNwi4@~7HV8ZV)U*W4NbH`IXhd>M<
zv%pg9BG4vF`9E?x*or{FLle~>X!EXb#ov-5dV;C<&BI_MtP3KY5<L6QI=$InV!uTu
z5DCrnRWK>`hVcB5*8H#FkMk=lrWpSUD?-3`!TUgJnZVz(8k1w>pX3+A9r}xD3C(D2
zuNQMSy87dJ0xV*ZK$(CoB;}xzm%GD#NT@uD{IyXLM^Mm}1(7+UNV>d8dcZ>V8PS_x
z2QOS`Wog9_Rpi;orM@##W4~~FaBvlfZ+zuJAO$)lubGn9*(v!(Mp3`I2z18UGQP1|
zO^pV8eul>9iw#)R|2yRMv+)`dJ|%d|t%C)oK*_fWF9Lmx@>3n~_t~~IzT!rz-Qq?q
zW@0#hcVN0Kw<|P^Q#t{BZr@eR=))W-Ko~zkQ&(PKg;7A<$Fva{N(pA-0X|g~&Zk@+
zc>UUI;Pv^+&*7F10{_RHq28ZiOl9ECHjs|$k!el{BGWt=c0V8U!;g!c6kd&um{Q%D
z4yWW!bOcuw<Q{e}^MA|O<dADRU7k$>YziMGqYFbgr+l5%mP5+RaL@lcG!){ZV96H?
zN}WGubhP6N-my2$8Nw+O=WY&ye8H(DYFY=eY}ZRqf{tMc^weD)0#;(5pD=3QjLk?Y
zB$oMf24k5w!c#_m$=m_35DZ4)Dbq8o9Img$og~WllYOIVFuV`QqoclFc`3J&73tio
zoEU=MANT84klO}R{ntLt!$WO0KpRh6&~+Uaih3zCbmM~|YL;bC*w$9}<XFaS)OQA3
zqceot;c@>?L%;Xa<D(w=r=iQ+hUf*bDBJae&Q4eAZI<ae;X-(~S13O#<#!&)K>OT4
zD%z=BdIHrr)yhz=UQ9ia5>fw)(uxZJ3_4y;M6ZryQ6d4ckKj4fj_zZX&F=5fazaf6
zwaaf(u)tfrs($hp#i|Z9!D3BVJJUOsX7t)$$lymg7k9BEZf+H(GNRrC|Iq0pw%77J
zuC~Md5Cww*X_Z6Th$qPJ+sc`I3A<b|i%d<pm~mC#Oql~#0V?O>xOx+Vu+wHKV>Pt&
zV=wsZuYL|9=8K7{@Q9|q8gpD}nMQN)VjezKOd=1e`Lu!I^%?kQF4GprjiC)g@Wx*J
z#W?tePFb^US)R6Tt^}+)ld(GAmTU^7v(~-FU`nUNE7p(WkXNG^i=_1C#Yr5r8*Iw2
z0?iWt^eLzeE{e^E&Aq?6p*y{Efj^8yzX09u?gBlv`%`439vMi~uRKfK@)LD;-J?9Z
zAx<-kv8`2*88nr%S8^Oqbpj>6nX6zvgsWu4xcNPC8Na>&@jJ#*zA!GB<{ltG6Tx%L
z#6L0{hR|>scxi<da19vNEbO2Zx0(`EJ!YVOiw1yxn*B;Gd?5zw;Fh&0_n0enLiw1>
zx%o#$_2lns7NQu~%C-QEB96#-^?)sj2BSRDWjI(4C0x}88yH;=rK{uR;CRIm<Hg&O
zh%;qj^Efqv5{Vw#nsF(2bYNlejD15uiXI%I==5kONdK?eBdy(bGDyA8m|}k(`0pUP
zGWMIh(6|}<*tTIDRxFTK+t=Ewl_RAWB1s0WAcJCyGQ3<>?Ui@SxzMx+sBhU@HPn>$
z)pFtcFFPGHybUT;hmNLjdcMhG^1Na=T$D>Ve9M|~XgD3Tb{to^Ti^>eW42^LvVx?T
zCQ1{@Ae@Mv2JC<uE7Pie){*{PayN1&?WQ7iAB}~M3ln9#1-ffDMvLgJ5X59&@2-zC
zWcs-xn==*^^o-3YMDPzn@ZTGh=C%d~MuR`_&oCzYI90aTuKYC-Ip=B80iyGF+Z$HI
zAuA;}er3`bHJNy%f9b>DGam~~Cc`g}9rDjSZkdU%+(|QF9Ly<a5(g7abs-LBanu)Z
zL|M#_)aiW)h<|h$<6_2|smbbRih-G>MKH50yqJSe35=P|WYTysUMG$=i!JSaSJBc=
zuh-cVvah}-_`{oUumqHGiVPg+a-HAYL>y>zV7TVeydoh4pkb#$b-EZilGc2@iJ>Se
zz{-)ej5kpMi}|>%%({Xj@}7a@eTS2DS0L{aByXVZw2tZ>35>o)q;E$j^j(bfJu8B~
zFG*wkBv0ojSvX*hI^dxH!FX9Xo)9tKhl3bD$uRH}tTgC=9fUEHswif1V}2Ky$s1A3
zgq_@?#@o;XILWkj)wAKS(ruyY*{oD8<U-Twt<FACmoe53KTQ^3JIL_bERoUp{3*u#
z7m@fr@*Rfnd%KM9dRdb>K=LF0+xY%SHsSl-tHSU-!4!`4SkB!cPcdNq6*?L}PeS>K
zz@-f9X*XPv7()E47C`))jEMiB5%G_&jzs)9my`2<NBi*9p6A$yZwcRr&swY@+L<0j
zJIVhMdTHtZ^U}*>{m-9XhC8}IFLR^lB~z!DSL1<R2C$vCw3K$<#EoG)@7$X%<Wyq%
zV7^97qaW;)m=<2bi0R-3;l$)RloEY@7)DRuzRBnbNhKr!XQ~pgfu7<c$jMXxpWHrX
zpM#u6+F89qZ)_hQ%EIVYIMbHFZeC<3TDz(`L~97OfAl5M*FbJbB%6i@n1l#!s=Cc+
z1czs~E0RJ4_xVX6xV}b$yUIv#<+YIn*FM6q)7%_REhtF#UV6UrV~6xo-{;))@;{VU
zJEWIseLAL>PRQlV*e;OEzoN+H9-Um~nSoqx)wY*L<u$iP5yS59lp^l3F^Xv58AYfB
zQTi>NH!?@Yb|$I*sX0iVBcR5N-Lm0g4ruW0!+i{aGOCOiO9?OGtuCgwI;T#(gBhnj
zim|d3ndr}qnSF?n$A|Fhj^knVVi?|8LiY<p_rvp}iP9Hn&(#ucHifdBVzyD4XVpOA
zJ4>DGlnX6R+-$VGx$8vVkp$6R(@Eak-IzD`{>w0L?mEhw+e^=z%WvOZx!ZN=NlKc#
z$(g<e{e69hVkhTjXSwdgoVn>cq+0jhh<Yf7?76!zbFS#AwFdr-)>Ra{Pom`g=n+a&
zZ^77F-+@>`>fZ}(duXEUWdUZ<iz-(a!Rr)(eD2#9Tjb3oQ=KT!=B(oA*<7mY0;lv4
ztn}>`(Nkct`Y|sO+Ow@i@<YHrjuj1S7d~pzZM;~nkW-8LioSMpn3cDGmLTmEeE!k8
zu{R!+lAX-byAzY}^+MyB@32`}l1Xd|ZM+8o7G}bo$&xvnG@!{+el|?`keJ)(8c~D}
zQ>_vHD<}Cm+(`$&I8LCv{j055@8k%6(NCjx_D<r8q}$=Y+ambBH9Jk;iqg&2h`eQh
z!dW*B;gr5NZ$4+ei&VioCCz|6D?-?_A8;j2L!bQ)EP#Rd^FW3m7iNi410YU(k>ta?
z%SHCh4ynOWegNwmG+=#$nhujM+cUAgf$!u5Kq5<2^5vnJe0jIiv|dQBMH9U5FyhhG
zu2P40IwoJ<?T~i6cQ4iI8|;E-!t*b`&f<kAP-2_%egGvFEH0fvYqvkvDUGpcNMu1I
zvZzROe+EDiFlfv`Jk0w%4=Jv0IK?xuoyrFUqdl4jPv+5sf+VEjg$%fm!+M%I&{{Nl
z=D<`}Z`_}Xu#}E>qD7PnE&d5~rZLDVeJ2e2Mp&U8E(p0_@)fxz6*U1ZLnjQ!1<z*g
z8gHf@-Pn9b#t195g9ayGaKvdk?&QZGL4)atN!~H6OfFWjQF;td;#6k^z&CRX5SBCd
zTX(Ae_Z&qJhOY4yWUBGhwH6`hb_kxf)cbA`d`DwIni3>G9x@bpvo{J}^Lkvu#_F=A
zfS(Cl;Lp@8Rz%Z;?f7@<b}K-_yahqKML$B=3NPmx7FFMm&J*g{5A{3&3w0kV@|IbU
zl*sJ);{{2ouacDOlzwfQ>@_zEk^_Spqw!q00r32a8#f1mzeeVpzfRihl;a71JH~Sz
z#|giI<;aUQ{#Yc{sQj_xVn;fAoHh(G`!r#;)xaKWv6LII#~n`779sr%qM4YR-N$A3
z76WetuIoOa^21$1eNB*}x~lO5aC?f8JHD#kE`knoMAJ@twdYijFYpPaYee~8;Cc^Q
zg<-%5gJ!h@A$Q}VM9SnSo09~2YLaDot$J&EZ3KMIivdgl2Cz7*%K)-hBYdvP7{b{b
zq9LTw{&1D{!+?}!B>X*L`-evV0Ez~L5n6`=uh^>*JT?Fi0w;fsP`Xx>uLa=T3&7bX
z0AUHa8x|o%)=dw^cc8f4THCSzf2vxkO==?x(x`(6hw8cz26tl4#9ty|f0|AYbLOR(
zoH-@zJgXj<J@3I^6Zqxkt1GJK_wx$-%1_<$!2O=;J)YKIJg{5jU#pw<RRAWzP4;GA
zEqV)0LT;VF7uGqYQ{njR^#0l;=6*jf5j3?V6Bd!4|9v0^cATPNXR$!fu%I*du*gq1
ztDNW)$01=Y5KZ-BaHIb|v^6airAFLH20L@xoYHC7zP@553_)6jH*yYZ<15OMmzmmG
z;y{#(@MP)Wh@Ko1jpXYUt?FS$lw_1D23HHgFZs$JKvE0j!q709`{}^HKv-%W*{QHp
z$Al&MG|vTAkaRxE^=&x3BPd^sO>K=;&wqBNMA5(ht)!&zdaNv<Y^E1QJ+yZ}m@3FU
z1^HS9)UN6NPmVVS!}%4~Gnk+1KdCeawRk)V>)wu-QNQ}#Z+?$KHp+x%9!uu+gG-y>
z62$|vOBQ?ebgk~L^8FI>Bcwht^@n_)!VWJ=4^#h`PcQ8Jmes@Hd&SomrqPa3Ux>w~
zwRoJ!_YKqUQYk2Q8=m*4qHqOBENu@KTVbERV-U{fmL(K$f(74z1g(XADDK3;FP}1?
z%4ti&F9YEV4_|IgEs*D=iO2x30u{85XHo1D`Dsr@cl_9E{xyzvApvvFX0gZ=@^hrK
z*G*evIfv&5lOVlqLzzEcdfnE9@0bCDp5%K~*nYrY%kynXRTVbW4ys<ZouY<s+s>+=
zsCt&wSJ<#5H>Zl`QiTnZqpz;8VZL7z+}($t9C@hnoT~>ua1h&@(4D#jk)`%nEJp#{
z<g|T4DTTY}!?stsb6YIOJduN2Vmb0|L_iuaPd@>>T5q})nj%CKwx@8a>LDnfs~20g
zrEq$Ftcdd`!liAnI&3{X3o=Y3O``g^cP@ust${%I@{h@dz;%)RXh-grc^{Y@<%?4}
z_W>NP^{g2m+txuG5%UOF${xe51{Cjfx*B`szD!PC$i%E^muP1>(3*4+<<L93gACNF
z!^JFYJy&;iCg;3a%9DTY33@0M4#Z}AKVuQfN?{qtg;EA+y7Qm)^)p_5g=5-W8Y;9I
z&fFH)otmMceic>?#uYUBD@E1|ZejI;4|Y;7SfqNvsIm_L5_M|zg7H{^ufTdrin~V=
zNAWAbxAHE}i}nN>K^M>M2{c4cOtA7tp7SS1B_>GK8@z}Ox(D^*!l}w7CM(B0e2BlL
znyjkB`(<x8kS_bztp;z}G$lp7{N&b@D1Ugvc9urCwpGM1zjguBX$O@t9HN+Os3?8s
z#QJWB@}<+vOX2B%#IdM^W0=eP^)tZFyV<LO2d9OKmT2+&4}ZT2_c{sF<qqO28VRpY
zI=$==5K;N{#ef>anh0&sYiK^+d>3whj!X?(T(C%OQ9-_2PU(HyGEO~Qy@=2>G4|U`
zI(SXRyj*ita}wZo9J}3ifZZl@QeF(Z*r;9<h#TS1CFC3u&oF=M0fzarRKpEcuEy?^
z3CkERTL_nF!&A{2^Jqk#$X|#~T+dbmWp3j1yzri}v6ptb<*j330xz6|E$=hEiuAA`
zPurQVA%)Z7o24d1kOv9;XIE3*;2wDu!3TQ_n;Qco1sTIrbA=X^tIOR(h(@UB({|;q
z8sjO}*QbI(e-p=PaSzQ(k45^*SSVlsSH@~Gtjzp{`pR%7wlY+U0vU+9GI#H1P|m}Z
zvEa%Gc)LVhnNs!k47@l?U72607w6*8^PSrHdp+|yQP(G%8fpGpl%gbuEzqlf#RW3k
zI$j^M&A2?g9hWA{WLTQJMs&I~8<@9b+i_T$8r9EaX&YOZjLji`hp7Elz>>9R(e(?<
zVkl=T&|(EUEMPHivH3QAkG;t@0RB2{w8O%d43uAh30Fj_frx1Czyx8@yR7o&Id)m;
zm@@lI+;Z6d3Xp7Ka%sdC3)?F0uK87;sN3uN>h}762it4vzqP&2Jgjf8hp9M@(hV?=
zZLpS&+OGM>FMeW!{bqyKblw+iFMVsHVS~Lzz4-h_{XF?6_?`0%#g2Bs?_Pb=$nR|J
z9rL@e_0B<$Fq|mXsbxMd-cM`{3${r$tlvr0uZz5mm7|Z4z$M5NKx4K}V7QRaFTZ;L
zzkD(w0{oblnlG2a{<k25x5h*-zkgW=%g?}$$ND(Da{GGplKBZV$gg@^#e?@%Ja}Ej
zgV!VQz$tywbrgVQEBh{%4AQCO;A(W3lQSR2W%%ylV9?Xn17oUK?jxskT;X0JaVOP&
zG%&z;U3iW5D8&OfZo=}&B)@&3Va5&XR3yrYKq7KQpe9$YizSKto-b24)jz?bKi@~a
zc`e*r3TTr<I$^u!GLC`m=rzuS?|d6c-^dQ0LT_2ms+=%=`aGWZo$28DP<(v}DW8bC
zo%U2<KWJ}O+^vMx!^oMN<y*+t+zr>h5r^YZC7)f&?vofmu_|BMrv)Oa#Xrw`{=Yu;
zpPT;&E$5zp_ptfPr#qehPt`{U`g!VAq@Q^B#=nN&3XK^wqV&hRxd{DHttIb`6<^1v
zaic-WA>1?Cf&~sMGtnvU(6k|3WdjySkQxNfiCAUr8D4eilVVs2Z%m=XwwSRTbKa|4
zm%?fJ8z^f@UPfiJD+#(=2)(Yv2+ZI<_$5K-D`V-Gn(x6I`_I?d`^kl2A_|sd9P6@m
zy6b&i%)9{O0zB0Ts9mb^QGDMUUSoX68u6~F%yDs>Vtt{f8vTetv1lkzzB$cDyD#=q
zw-xp6(<p(^t|6Vy><c!r-yDJcxLOyL+Cg+?GP0TE=e^33wJDq~I5)Pliw~^T^)Ge(
zwy@`K`5m)rSfZ>NVH1wi(;Q`YKFjTFmi2y~3oR>+H1$U&JAA(;Jif&M-&2473HVk&
z9|hlsPIVQ&za88a_$K<p;QPlPH2A*W#z2|5#sJ?Z)r%=>&H>+~=g$+qThqG&-#e5j
z`2KK`!FNghIpO=_E1kg?4-Mu#7X{${tz89hpU$VQ0{HF2VE`U`QUmaWvkaE&R~rC)
znR;>gYE8Zghwo?4o+o@=X<dPD{NX70K6`?}H*@tl;hX!XpMvk8XQSZzNpn}>yJApR
z;OjgT2H$UvYw-Q{Gy~<`bq4ruP%mCz*D-wWdFDLfo80*%RrtQ~T@-w?k2Cmwu__wA
z>VC8H59)psxz$LAl#5kiy`w$Fe~P{2z0mbi%{P+2tePdd{_SiwfsvoZcI8!hmJ=Hu
z*WWp9;7@B(G0J-fNs|H@w%g~Z0K%r9^(`*W+|<>1eeWr&&r7}M*IIJ99%!<(`0s^o
z>hoAep?VIVTAkOA3t(;`<+WOU9W6?8BhQ5<2Jc!~n_|p2%IN>)e-D0tYi01W*P=dt
zy?XH8j2WH*h1LfXILyxJx*XpvPJ6eh2hR0wH`2QWdeh8L;H0fe*-8WOHIMgb;P<H9
ztyg6Bj9u10PxC)za39zKtey^Ai_aPUT>^j)yoXS{xklHfEXupbc&>6cswop|BItqk
z|KFbre)|M8GS?`VcLK%I76!$DFU2TNY5CXGoXU90vS@vn)nAk^LMu7O5M0Knw&cPt
zoka{_hX|Li@8A%D0C-2gP7$}7ndeUL2VlLgvkdttBh(>2@*kmk%W_<>SRe<Dr3QEn
zd#N+|P_{Gvcl_MKU{*5&*+<nOdxIcf!QR@0GNB-C1i>$gUpOTno5EjT?0CsUX`gaM
zCyTZGM>g`+)v7@;tbV0asuiUT%?^{r-50T?B<>Un@5T82<(<uVzF`SWWYC{?N2U?_
z*rYpmDo9!B!WJ)v-p4zt*BfeFOW*=go@g;Nr1#ycxqR=7!p{{ibS{q<<e_1E)ctis
zxq`~ID3GtDN?N&1=U#%p|G)q->T{K!IHipuz}}nKGLCx7px&yXx8pcL>d}}Y&oI9}
zKQX^8Ye-*s_OT3oeq?-qvGLsVOH}9g+-H&Vt7N@Rq~1dF>lQIT7`OZLq%Sc4a{q#p
ziQ)C!vHp^v=SO!+Yn@UJ8AjQyS%iRk`^fVvEk7XE#PmLpQC44QK?X&o0_zJC*auIV
z8l7~dhWQ5;X27K^p&mW$(PViCP+6e>*NWl)4CedSw>$a%#k{Ec{!K_T=JBJTg~N(_
z3d`lvHU(d4L7FkpqJBaed$XW&&8Lz0PUT7$gM>3T^vn!Pcs_U*YCtubl_eIM&2!JI
zvnjFsbj(7B_Imqn;COt+RP_k2vVrA{B8~bi8!HXRLcSC`l!l9eS0Ud^(Yug>j#x$Y
z)`*JgXkEmL)UAe+>KO7495qLjHj6%gyeO>^eM&-+eT_rf>?q%lo;_>Pv&R?d|FD+)
zA1vtq&_wQGCgbV;mV(L#*Wi-{{3pALOtoVANzwPM`I_7@sjiFy?~TE-g7hr~(k}NN
z?Nq-3+PnJ{nbwHp{p7O-mLYZ@Zc60ry91L^hFt#z0->%*o(WU-eP^B`jmex`pP$J}
ztjh~5PHCRSu)LGyg_)Mg(oLC`_e_S%#?tGQiH$KL3nGc|afsjAt7#b$(58oL5Mxqp
zzPRilB~HmWxBEm!r27Q=PC4Z%0Oc*BFQB<k6xnw<q%Dr}ZxPD75z4h4dYK%LV@`Nc
zJ`^VlU~eQSw-=eV7o~5+DvFbGvvXWS9o~D;hvG+vbWDXZzx_z%QFkw+cgdUf>VPfG
zd#Y?bdMjO%g(d5q(ioE<-DI-7Yf=%GB|qpQe1vnuN9X`P#Q>j@e-A#JV}CaIJpU!Z
zr}(GgqvoUHmlwv%ywf}ChiAtDr^&YA0fEIBI7mKa=tSM$#8u_n21-s_8vM6mVd}#s
zJQlynHUOWj*zM-=w9<n1RYK;}irskjq^G#5SDK$}VEM?hZRHDX1GuOskg9(DQ3_?G
zS__RM>aqW4;-}_5Z#;Rrjf;q%QhMe6yYW+HJNR?NPpR;h;{n!H&vXISs{z*N*`5af
z5!fp*Ke+N^xATN}#S>kCc;j*g@oCUl-A^gsU<CiiH^|eir|7M+{4Ppm#%jRhM)eoG
zAo)c3et}ONsFT<l;qwryKTPDchQ0ucpI8h#QHjprn^Xo*o?8uNQBIr8XY-+M$k|(o
zv&R`}YCVW3jHWghnQFxJ)1vPH&{TpIIs3K9+1C|Fn?sy^9kh2}DVjDRXD5HHWhl|x
zoLItlzQw^Wzuv6YdZduvodDcCLKV!x*}}qn^=tkg6Aek5P@cl_32CRyOpB5ywpLcp
z=b2XX+a0`m6~st9E@xKd_m=7*t1erblH9^Y+aZ2K=d*;uyBJ=4!)YP+T1j!(PE#XF
ziZeywwnJ*ubC(q7k0f&XJ0VGYmDHI=!aq4%bs9)hW`4zU{+oj=?@|1c2A2OwZU_d_
z10lV5&pyrkk?%i6g5vD=4d#!_)r-^K@7O<uh4+HIKprYT2+|mvAP;P=H3Rayk{nnx
z8i?`&|1)tMC+(!S=bv~KbLD!SD6THCl@q+6hu~W1C&BS4Zqr!8!aLiR73f>GlsXZE
z_2{hUsk4f?8+mVj9CC_pTbG$YY<-#f7%%6KI4gKs&HQ6%{00eY&c~UdEUkFEl?6Pv
z;3??PLMr-1N%!!QxA%w3GPz)J79I?jV<z~Dz1`GXqxOB8$te}^g#Va{jb!X<_e6Yy
zOk4Rw_>{9-sAGx@VZGk~y*s_J{!ej`9M<hG<Z+zxC3IW<kQtvL@!P~6;VX8>;9HFP
z=Gu!n|F)RuVQ12?Y_ja(99G+`;w<#B!m1Cw=M5Tq3=Hkh>|p-=prc8$d4wQ?l6A8p
zl)~CO@o;c9o*in=61ep2NYQC?);r=E8#bwzO9V{Bz|px4{Je=ob%%}855w=7=s!WE
zh>0gY#YZc5^A+!NT!_N5l>1I{loaa^T<FdCiUlzSfQH`6!rtnEPYeL{O90S?@H*tl
z9QmFj3(f_wp5Xxd`(LT+(||w0O|0i9vFE|q^981;UigZ!aFI=r*L%5x^>WzIi-^5^
zT|n;x+hPXR2rqxojLY0S<zmFy-ggb>uu3_hf&bSgBW~o7zvYS$#@4_ye8nMT_}<vZ
z?U%qf{v)QaCI|jPli(Y0612z&5Zu^utXYAp^(!ifHo@EiBMr~L%AVi28J`~?_Pj-V
zXoQZ4QCRHi4zJb^rWuHbFFAJ(hh9Xvzl|{nzB27>FzD~61J9(7JDiRC+=`*_1o337
zfPndAP0X^B7G(!Z3v&|t-qaD4kN*ktm?pkbr9xSK(V#VqWAn(diT?oGwgv_h+g5*T
zy!)^Fev)@zcQBE%bWNWa#~ELG1UgC$L(9Od;q-RUaag|dP*V<?65I5j!Hl!s*luME
zglfhMdUleW4Yb?eMlOLTVD1S@3A8R>K+ECkwNhWsQBQxA$pupB*;Ke^xRdul21ll}
z(BK~EB=B%(RdZZ}A~7(p=we)^q{|Wa0z)Hjr?cBdw}(#}qsZ8{$!7Z|nx8`m<m!#9
zMstIS?fnqgRte>aR%dOzE8U;L`G3K@@K(lmzBL|IQ*ZTD#0{`D?!lkYfoPh?T-{Ed
z3nT_8Kit}ihM>MB_CIhc$im7V$&VvL-!J|io*yPEesUYr$#HP<(a1mn?T5da&}YGg
z-&<$kHoXP+!92zgrEMq?TWi~b(Z<w#c02-rT%=%k7UapP%7r^j#6I`Y4z$oV3zgaa
zC^G47Kn4mHrv<LF@AkK2<sa2KnIwVN*OD)CAJsjXU3`)*@|7dIF{yIO45M@MRGi3t
zin4ZPGvzeJ+;rW$ajMtEkW**1l-<XaE6<!o0mR;{^lvaz$`Z0NsFaQGYOBE{eN&OL
z?^7^-@0tB(PO8N>Dr0*p8mq2TjfEQBt2SPp6R>8-o*o|AEQ8D%XwA^I&1g}$NfU+1
z+Oe<$Ye(n8@Z6Tcx-e|&f-s!jsW99xLKt4_>W;#&r`i&T6}`yu<ctDzh6cG9<0>0r
zdC85{zP3m@9xR?~$czIT*D-Wr{_G^CFk_cfJ9&61lglF6>L_BXRQd}IW3<k1wVVw`
z`tG{!_YbAO*HMGt&t&+pa!hv+kJtRT3DYNEu3i0XC<@I=GRtBtFn7nb-6<=w9U6Vs
zgCxv)rA}+2ya-*`cSm~*f51fx=zQh-Tt_~{@1fYzQ5>pw)V=Sqsb#G!zzL_&gfWE)
zP3<x^wLe3n&-$uU8?H_*OKJaMQ!ol>73&#)>Kl`XiMr6GHI%4}@+Nx5ws*^mE{Nu*
zixCCUw$jCO7eqU)#={CqDbTJz5EU@ns5cmo4faJfIH)&B#|B?TH8`U((kz9;2H#^M
zwo#b5X>1@ha8V#xFCo@=a#Juc5bs=pf3DIKcyGfS83zC4X<K;?Bh`9DBG)xPo>kKT
zXK&?IrZjx3rn97NWk)R^z0sk+C3-5MPW%!o1V(MSYC8E`qF#wE;lT2i0?SkWyb8IU
zdw`>S(FL6AB3-LgGETEBm)DvZ8x-LA$ciQ~b4mz|wuCHKS&@8u4l_Uh{shVabxtV_
zNf)mRQl?Gk<yK~@bwew31NE#baY{2RNR*h)sYv=Bqp(qqi1|7Z2G6vql|yFQtbtyl
zv{k@F`RER%-1a=CWxmOl0rT$#cy~n%#+JiS@@yMcmE$YYP?nayFB<l}Q`#r^T4MzM
z(@mZe<4ovxv`9@b9ms-451)M)MdKxxkgMWsTbk&-*+RNmU}U8IdoOuJ9#P(G+623_
zLN8ip5gu+UC+RwwvYyVolo$v3vzqwj#inMT#XYjQ#^U}=l&N^hAz{RQIfCz4j35`M
z2_wem+_~*F`LdOQPl>s+8o%Y%EPOh^!y~R94tT^oy4bw%VHi*_DS?YZ{%I00%<5J)
z5OmebFTallo0!+U+Tz}a`v4p5UUjrdY3M^W;=!CdH?RR4WA1FB0go^Ir~guBLDJtB
zd*Lfm;3{gS=FyYP3zzsU@Kf{_ScF`KuUJVi3pk~tf#Fy`^oVoV5n<SNz%(mvg`P$o
zO!UMKzM_hrXhbZL@32I}X*9xV`FX(UaZGo`=8N!3(%{7}`3+eFltAzQ7QAd7!Ye5p
zUO^1g_Z%&EV&{Pi!|}<4aoR<>U%Fh38~6hkgx&8Yczmsbd~IuUp2>o<b&sa0ekaIt
z(=cpf#G)LW6bKS&qO{35Vqy-PAMD{Vjyqdvs_hGx2cE@z7x<{_ae1zJ^nK=quLfXB
zHXEiIgc*E~l#@jTAYDU4@_B+y;|xbcX@_z*$C7A6d-nk#JuBxP$o5m^-Pvtgbui67
z^yx8_ptK4@m+v6^PL9zjRWHM+x9X0qfX!`wH8S7L3nb&ziqaRzb~4a$AdO${FbNW{
z%<{!?oNI{WE8m~y>QC$2O{lLSAKQe-J-!ytscyWd0eV=L<{ruNBdFy(mF<fu`}u_;
zZDw*FaW=j}GPATDbozQx_#>+xZ3_ZBOYR`WrlWkJty@pGi05oKZ*Ha(u9YOfJ6Y<@
zG?LJ;mqk5Ulyc6yCg#$tRV&T%EVLzai|_USA%@Nr@DlsTV;?!JL9u^f3{%ZgRXvg9
z?fqg0DboB)lRN8+f5IL^nNHX#**;-KNM77e2W0!`ON|=rN}(&~igN{!RM<433bVnd
zk%u<?NT%op%))U2;-eU>!*rta`HJ_tsRa>CwzM%Ow3={zj^=kiDoCL0=`Sc90UAoi
z^VW<aX}|JiatBou_{!ykx$tJ?A9=AO7f<sb6H8?y*)&L+pF|?EJRY$AmpNEj+IK8L
z80oUjwFiatZ72CTW;@8W%xnk3>KYVQeFdO5WT0@nMl>B4(?Mk3Z@wni24w#yXjb4A
zP{8#SNNe1?$}m1ZR``A}hfh`)pmOmRLdDcBU@imTk%8wU;=yCo(inR|@apxPYNd-@
zUx%cK(oW@%F)D;nnPd(IzrUJHD=SM3rWNK>!0Hc~s3M$z2kQB-B2GC+O-Vg848iSd
z75jm<AV@K?v6X8VAa@?;>Pfj!u935qKx)`?n1)(7(#EPe!Nl_U<#}dNj%U?J+3LZ}
zL0s347_FVRn-7FZ1`7<%LFwekVPq-n+0;&-C8^&35(sQfLNK;(X&wVn?~k9!)asAy
zCFmmD-uXM|T0L}NML@M+EJ1bVv?!<oJaRZnG2_Za-dQ5%?sW|=lG+1_gx^?fJ$H}G
zD#}+Qduvqlu^h&z<34yW6h)@pw<L1WA&px8AphfNQ0YY+Q)3o^SjIxNqPRF4rKW+g
z(Z~OA4t*Wu#UiOr4Yx#%U6fH&hrjCK)<9i>Ah|uHnWLy?$bR`6F}K;skQ;H!uUZht
zIWWbs_tM@Ejw2}!g{rO{IibM0y%+`7{aT&G<5>LaJ>vbD=Q>Ra-&H_!c&T~ZPbb)!
z7!`(iQIO@~P5x95LabLloTnaUopX4s|NAmK%z7Lep99`Nxd82rsAgkf$SDQ|9o-Ki
z6m;@Ph*Z$&AXrUQQ)J)Oxq`m&@L<Zr5T2$+%Q9d?9(J<Gv`tKJ$J8v><c`U54R?6&
z#uMOg98v%j^zi&5BaHb4{)#GkAI$jz{KP541Pe8G>rM$wCY3$>vg=CR8ZDgbGNi}H
zZ)Nnz+?+0dGemyu98p`$;67mRg^`u%_{W~46N5zgRl~W5qq)$O#!{j?rHyE3$$Y9U
z=-*+&#QStB$mzG9dIN5?ar&)x{T494>~Gpw(F^rv&rp|ZUxZuTLtVy)ZVmh++=>m|
ziV5AC&;Ykgp<BNU-D-UnZWV`a-5$DC^eWsc4c&5wZr%14+?t0L3YNAK#K=@khig%r
z&NnfU!=ko-^`FrGLH+rB$)^lj))r*e&ODlR=nm!^$4E62<-*s)f9C--PiieEzl41x
z39^_L_-*L&>wnZPX9X6AE_=ViA_hp~7anY;3bx0TzkLqh(3tiNZOp|MHYHFDTTs*5
z8Ho;|-u5ol20<&Yv^wAl-5dFwb}vJhNh5mNA8PG>Rf9whJE1@Kpuc@f>)6UKZ(@g`
zksV_snniy^l&Tf;TGUoo;{sVlvbY0-{gnVijuw=8PEz{q4N77ID*L@BzsjsKX{_dX
z$_SQN(TeHd(wKQmx!~^<s;%@`#j7>3xK()NkiFVbzPMX=m?QsOHJe{>s!xdW2b~dV
zK5~r%zIoem<eN8y_-2WdohJuj%&TwjsV1OC``T#%H|P>(rts8~4|hg57fz<$E)Ml(
zi}r=KDsOy<zR=-}_*VUBSAx4##9NOCPl2(hBHAF`PHnE$>?Nmbn3d$|=M4_g->DZL
zdj6;DL2S@sB-;cEe^ln5ZDaL0PP7NB@@;Vy)fm4>Mu{}Of{|p9ERM`u!a>Ev3xJD!
z29gjUbY%nogoNzsbC$6v$QQ|rn0>*%n=IUcVd{Bvkra>jsPL<_$RY%5h0=9oV8~t1
zd-F-&qms^E=P;@c?UYSLqZe7-tBd5JMZ*q<QYqolafQhoQKz9<@NC064Oa@%DIxbX
z|LEh$^-RsY2U#>oD5y(W`3j0J_Ks;|bE;ET?MsAD5IXCoV0i|RUKS;>fKlWvf84t%
zs29f(*FjTLBUOSyKZ7FaGI|xnKeYtHL?-kBXhI<ITWN_m<76J0N8dN<^QoLm5Iw35
zzSt9Z62}_*PP1BQP<gt!O)KFg-GpZfdxF<m)p!dQ{Y}Ee5s;phxJF=am_`rNOl1W|
zhVY?Cx<v5gSuB_@FpVChb}Uc6v`3j8Xb-Z4f}|9y{Y`9a3u;Z!?tCS*(rd1Og0V!c
zx$<DhCOg1H$G??ROsf87Z&n&tm?@_t%PdixLs86FM&|i$npqdGdTNN~X5pRLX4MSr
zl;>NVqvr#tauIg2RUEcGqG*RgnA#@z+F}Gx8)%#grgL+8vok_PJH*@#PQLKCU{aj?
z_~V#A@h;M}Cwa&Gi11N9-jm4Gby7rZ0mOu43a#I&9^*Xq4O)B-2$c;4L`-0{UCCaP
z2xw;>P0EK%-Vl8R$zg$OCoz!~DJS;bYLAQG2~-33*!KN6I^*g%Zw3G4C#vl>UaD0}
z-{U!HhyQO_?FP%)5bC)vimGR$*X~JExVO<ayCkPbzPd=hAMo^tqG4x6-`N;I<wd`M
zZFRzmmm~8>035#KNKiPY?E3~lQCaOCjONA7is(6Og4KKAYgUs_Rae&kjpG6->^D`y
zt6}Q7GWad#QWaNz(u92cg8IY`Yf1qeHU!3Xde(PoP|FH=^S^*s4y2!B9f?CYWkeDd
za2z`dzYoIiNGy%YUsf~a;5SdDaDgFMok}mP)8k&Punu=GD@7+frE}68B`}v=9Qjm=
zq24*GF^Mq?6zt!kBo_cOEuRoAw%uZ4HFvy;r(Vc3))hXiykb%7j3VG9pSGKze^Wsf
z$s@`iVp+K*D@r!J8fKC61y7QWH3aqV-f0U)or6>y;OO{a@sV+OG_j8}9!-4Bv8qyM
zdYp3-?=EGNnAP3TL<nzl_F2|uX56{kC^BoqB_NE}gqj)J%mjf1#Nvh*GbzCfY8Wfy
zU~^Fx@1`TAdJpKZNlac=es?-f6#?$XyP<As!*<(4Oq$4j7k1BG`p&uTW41Nk_9W9^
zZhTT-?Np^7_6Ii$o>cwmjp~dwY{dspILC^Atgraxzl&J$tF4j1w(6MgzxGiErk%Zw
zpbTsB&daPxT;HI2-um|Ybl!>=kM{|(Dw3;}<zuxjs0QxN@LqDZvtE{7(8+AxdxAAO
zV~tu^L#wu@S*zI8PP)oi%NlJ;?5wLAiM5(^(K%nA{~c>mcwrPG8Cvyug|#vzu;OMG
zCfF-a)$pAD2<~F<zQu?p%;zsDtTW_Bd51gWMyvu+ys`zv(?BSmZ{`YyWoMV1v!0#j
z`&1T5L%GCQ){yOjv`#6xw~aDo^tUn5mo@>($Fi47twmBxk#t<CVb(LCjolBEJB=kf
z)8J`C)|#Bkql-#eCzOQ4DV-{?SED6uY7-`4Fu4jG<kn%xrxdeNx5tgLC0@c&)J|9r
zQWN%YK@%2TTb-Z#qkA3dxvJ?X@%l%G<H_*og_n})NRK*Uif*b=$<XV4GV&^49Lu=`
zG%Dpe<a^BwkRRXBl@Lt65>-uY>1ZEu%C}}X_|$&7!C{TKQZqOJ9k(1HlfxSLB1#R?
zE|IzC3-YZwMX(;e#`q#>kLWv=P-Jia>D;Ej+K!foJ>+{n(r9@&Q-Im_(DHD&$n=Al
z{<Y{kXuc*lAq{=c=b+`G%^@|0`JN9%6NP6r%WC>&QRQw|0@|Xf7HECIEO_eE1bG~D
zmYrdI<sdW~`}D!i_s$)f456gI1$*b(c3sb~DF0Z_khbt~-5-?sBg^A8n+B*@<%=!w
zQJYp<e#Yc}5KSBZxCTudrh<xUS3YWUi&aFVguWXA!-K_H%ylE@Mb+%VTsJ^*)4j@E
z1K|Fb85eVbe(;5VQMZq5goc4$aBbUogWty{jNqWu59iExHJACYqdu2W#`2O2YWi#V
zm7soxf{##i4$n@WffuuM4@u-Elt)Uy>y)Bg4MKWuYa$wF7R}TXkf%|~3fi1oHv;+A
zqJUO{0_N=~PYWn37HbK*2k7*7zWKQY6fS2()_?dkk<zc^==s1ioD?tfKhFoAL0(J|
z;}ybqdZBJTzy?rru7Q!VfVHpJFqh+lkI}A6`&}P)?EdS%TvRXEbj4#ST-pES_5GlM
z*7uLMb+o=!Kll1>|M=%!-#b3;^7@`#&DPiasJ_0ZQrP-FoZ9jF?yT%^eINe5oYTq^
z{2WW%u!)xV;~AkP2F^qW1aayC!2o@?ahM_w2;vOq1G#EZfVr4F?e0>_UV~nGb5WrV
ztPew$S<%SSVf~r^5x%^!;^)Pet5$S~FAuLOH>!FlTOItS3#S(EM)@c`tZrg+m789N
zP3%6li6OEr>CKQW`J#@IZMKI=`_S~-RSZ>c@cgg9zh7=3{2P7Ce-{4&Gs5w2_qv}S
z|1SCP=f%Gdmv<HaX72tU;@{VQ4#&TQ3mN`Bdtt};_kFpJf17;_|8|xe@Gne1m@i1{
zrLRckBuyskzg=Wy!+OHO52uIfsA$nuPU(c?M?21&2hiMhlWhhjYrg}RwV2BBq5ZSK
zevr_|xSsKBIai73AeH;AD+QKwC@tqWgv}mxHMgC!x{3dNTuo34aKJJrRV}5%L3O}E
z|NeL#RyTR@{luv1Ca~AdkM<+CD2df<4SO$Ex4TBAM=xerdAb)D-3>H7vdDNoji=J0
zv__CNcQNbQf`4dP*I2$UxiE)cUXHSPEuOzKJB2s)?P+QfuqhVIkE<mg>8bqwy+ked
zjA!iaJ32EsE^eR<7?{04s#i|@ktqi^>K)*C=wRt@d572Zg{b`dEcZdBHl4+m@X&ig
z<LQR{bKck+riJpC;W3&2Uy0BSTDox_!D|tU)BRiED&^l`b{PPkjAe)8XkEz5;ylv!
z+`PS06<<x;)AWa^v^@{~jRB?iL*e;mqUMu&Ui0~KTUX{YBYHkZm$CU&F8qo4q@CA%
z#&&5wn_iBZ&&}$5eq0bSA0cu=8Rs>jx4-JjgvLcr=!-Ylgk~;a^{~!4pRDtmPya5>
z=O4e1n$H+@K3jhqHlLH>lgT-+$vnBWE0Y-<J(+*}Rn`B08=227Vm^82HJ{*?uFU7@
zm!jq~NS)7z4@T#gi(D_^yrwj}OH&HI7&WCOe_>OyJ@^y&Q+!_Y`MRMi^O+MppR=#C
z`8+#6Y(DE@Ly4SG$$8CaQkQ1*%?nX8x=Wo=H<(e`(ojC46S#+`8K+bvtqB&-IImf~
zzqu>3DvX}h*4NmqW<StDel;?~YI|@P%+7Ci7j<cNfBRk3?5<R2x8eTC{4?tO))z=V
zhqR`H8O}Pt{C}IeGQ;@j89w`}n*Z<q4&it1`OQ7Q{Er*EGQT^XkIw)2XEpz$`&{;R
zka&L-hP8>(_ju$fdd~LZmkc$l1v1W1B*|Yfq{4f*#VAjD4z^G7CcGwiC$<Xmb(Tr;
znAe)en=JYK@<J0|iE@{tx!S^4ev5*&JU&g7HW!T$azvj$rr^&1!`_>RM^R;s!`(?I
zX+ofavIJxa7$JcGiNKI1Yz+xiK{bn_prE2?L`6mE78HbNr$@`8kr~199i2tT8J*2>
zdl~mhCy)Rto5~_Chyv9VOCXXoOVYn{&b?J#-Dw!-d%pL1pWpX<e~6u`TX#A4+_T-Y
zY(ZyqETkhT=RAXEz|*7f^h@^CR*nGx<*t1~a0Gcg)i_zrPmeky*Q3;X20a2FoJ@7!
zb&}lMm2;A^-R;ta)k`Vwbd99cyIo-+m=AxF(-huM(q#TblYu|bg+7o?SMIZ65@+Q>
zQ%WT0o=tBb_UlnX^c0@B?+UXgtZQ8eqOVujNnP{$GiI+JqqG)_7LZgi7v1v9?%Gbv
zLr49G$x)w8-<<EGE5iRoRfW;>GIfHZOufY+t4;vNOaRATA^3!ifx|n~t={FZEPSO6
z7rvD`(jFbAKY*=#gDwWJT^{8mL1-Z0kX}aqsq|1UQKvZErJ_R?<QhqkH|c^p8y?KS
z2lb*LhuC!WY_=;Ebft&WkfPhLf~s=4q-1#TvaLZ>FBdjEVjtgB@AO?KsRHFiTi6B_
zLO7+0wX!O~^R1piGdVJB#pmU&(4&P|@D6nv?7+K6?@96!KH!~t8_QI;qpWm-V?~%o
zn@IHws{t=dnkK`bjR}KV5RZ=^H{|9OHCQ=dSp@sQ4!l>X*Eka7_tM#pM>|>@`HoAj
z`X%|2G7dCEoSkL;LSQBUI@}EEu!%3Mx{B`tUh1`o1z*R`U$(G@@KkB_1e%1vFQJJ(
zkZm~II89g`gszMY2XtHpe}*5XB9P4<AO)?`&Jzj#3Tjp(tDb`K1~=0Qu8TgXiT;*$
zD@LJfP{B7a>qso#LxBB+&4gwVn5h^#hg7P#N$W@7)<-0Nt8>*}Bc~Ww0OR%bYsKJ%
zs2I}5$w5bo6x}TCi~wRtt_EREkZee&^xhobrvx1yJ7Mvc)0EEJB{+Pp>PPRM9_-u>
zU*WCEG<Dt{=QMTJ9zZ^zG;U$TT)S^%Q?1iiBdIq6qVJXmErAU_kt(Tk;m>d7LCZ_r
zcYVV)*hGJqzT%hq^YEGXS+{y4AopCyipTV)nriI6A)>#gRor<_bnWo<6N8;GJYWx~
zRh{d_prf3^KiZr5-W+>GSHsFjuoPo-GcHoJ@4#O>BeLqKCt?7^P_p~V+!$B1%>#r0
zPLF}%4B<ca47#C&W1bY!0SP~2NVs#wZ}cmy_czdoH?v$70nsJLib@Q=P_pWIR;9%H
zm+byj`NEA}f04Q;ut<(wWQu-2o=&DrX+@`{QxaLM<L)2PKP5Qg=7$Sy<$<X1<Oke7
zhZn~0y@qM@Q{E@%gF9F9cu>^qdwhuj|ABXi{4I8h{yHaPL8rE*vkJ9crrd5i+}CSI
z_odt1(fTrFMV<rMmxJp0evwXz=!0E`c89ih-u5GC8{MQVGFwJ9)ol6W0!y#!_NB)z
zv$bboX#IA>aq+!3aqg4eqq+a}QFHE5?dE+Knfr)s#wcs7qYQ}~rDz+kZ>#<IF1cM;
zt8rPf&g_1dIZ@c|>lU-8%IeZ=H2>X;=2UeYMZ$6OU$T16Kh6G^Dyma+;>|ZPKY%x0
z>R>VUS?)9cm*&$q*?eY*!L$P+89XXi^|E2;$7H9vG>3WiMQ7&Bq4ZK$m0`xHGUGm$
z`=Lb9(`;)~51wTUeS;REO#o{w3SxbTnTJC;K&fRV!mmqXsqwA(Gu5B5y^}}%hZ&Fi
z)%_HS?Y~#Ik=Q0Y$0W8d@3Gp$%zUtoJeXHM)5FLjBj<JGtNht3f~{?KfHoe#PD`@a
zM>bt@o?ozJuN~Mt*++)Q&~v|HGcAIdn)y62EA2z<^x(|WwU_=R{AZBUHvSaIEmzw>
z&dKNV`@604;T!mV$$z+kxBjGQ{P<LxX*~8Un@0D$E%s|OA9#FTi)>T~)a#u*{Y9Pj
zcIp0TEQc@U1V;}yZQdUl6m!~4-<l4<m(ymiuP_sZudN-|wqDor+DkfSzs|P5Bdk(?
zIquD??9Gn~tv}aXe~$LpdLvMM=}cCCOSsFDT<bRe@Z3TxekY#4#J@3rs^y7|1WW<F
z`kC`z^gHY8@r)iYHi#kz7Ww0Dg3+1z5^=zMO2>zOx;&qnr5ZEUo7TGBfeE3$of}^H
zn+~@4{?TF^ej*Yz^3~Db88P`iG2X}I$LLNT$B1*{8F5^+0kL0FQ-WjeE*x*u4t<aS
zIY7q0PT5W{ucVqb8y-=5zTk*A9w_9Y0l=d_L_Rm`E#h-49t6JClk@0@b|vL=*_x-`
z;L(4YXW?^`c9}dn3->z<JLzQdM75KJNB7vpd9=|osvY^%Xn8r#BAvHv*qM$M$Maz7
zv9?#3y;d(8X!|IYx81nY%4zHB(rsayeQ?apg8&|1ypQnk2?-Gg>frJ47QpiB#RwLv
z)fs)S2Ej7sO#;gu513$yYPamX2v~krXH4pv2P_L13hm<-db7FERO{q3;wIm&j%U`>
zK7C_HG%TU+6+0I1zQKfp@9!Xg+PHXxS6PBvGW0iVq3(FAHVdyYquSf_2YS@==$~LY
z6{e!Ku!PzZOYp&B!lJkHX3+oF<%v9F;)2`k0HG!Mh*dg&cK|;A7w#*F`+uks7-nG3
z_MEx=!bAwX-4&ID>ugj+Q&g81iLTk25O|fkm{`PW#|3tIJ7}SQ?1%=cy$+Bd+K>Nl
zJJr`*k%q|@SWkb1p2k-l7pfMKK5optiWiKk%3H>#p2Md{e*>tN^=6sVo^!D8=s7RM
zn8SQgRNf0c<!Sd6R!EJ!oXHaw`@}cek)iF|uHTQ;OvJ_CWG;R>x@;(vTBw;0fR=T8
znvHda`7Ebk%}jU)-#0EuOH$+U&K$nxOb1)b3%PAUpYJEo%fW>>`Y3bs7s)Ybk!AEX
ze2|5p@`~zgO)Bl2=j%?kn;{v@Nxk$n+y$YkH~d|EJlrp%?Rf7zo_wqC>ulX>b92o-
zM-va*>fL{Dv(-x;v267%o%ym~rwu@E3~R5vlI`Qum$jW!-s4HYKe9_A_=C4uz`t0E
zf!}*uGVpik!spTRG6w!$eQcB@nJQgAMbR}ZffVJA$__u5O5SyBuv|VEO@4`GuQT8U
zb-Sq(>$VOswDSGU$Pm1<xb(rYSLLw02-o#)kLj>V)J1tYEV0@NEfnN&aGULxNrmlf
zQYafJN24=x!a9#%cTyPu{8&3&)kI~~Fur`N)5eR6;8eB0K5K-BeOHxfGqYH+?_M*%
z^Oj)JmEXP+!OZoA`1{}^EOR|aEw+l%>os3T-1GL@!N1a;rxYJ=3+Gv#5i^bpfiX@5
z#6|+dG|Q~In6sMNc2?r!Y*uZ$9oCI^dpLuYU7T;{aWQ4;>+4{Q@<0=oX4_21{e`?a
zXsBD0gXuF>o`7>9eQ}p2s|y!Xz3P1Gs!?p-?|$3vCiK&<@VJ`Y!Y?;cz)G|l({cJE
zcA=^S+D=u=S|XT*-*unn+aszUur8IO+RncqKzy~~P8pcf^LThwy3J;6Zs*laQ5b-B
z=-1BJ^U;+}QN1U&E~VBa0kRUy(B+!@2@>VSKd@y(lk%z`guvJ72-Zy`lvI6W0D<im
z{)ZJH4Fthp>yC_d-hU4kkEA4IR8o;U;_#xCX}8>CRK0}*FCwd<q!x2n_PMlSz1i#e
zSk$kQALJaWwxwM)9E(q~ln+>dQe9G_UOSrVTVT-!{w6LMBalMD7^mN%V2qEtSc5U%
z<6cYKF0)pp#w}!ZskN(?#t?pA8V1t%5gM8PIs{2zB?pNK3h3b)C;N|sq&)-4{=1Tc
zq>!z7^Iew&Np7!;gXFSd7XyiiNm2L*;b4cKx_fV2WU74kUcB^FeLXKe)jO}g*i?UW
z{35%zKZ|y6_&;g)ZtQH`z3V&wTj+OYOL}%;@+Do(=Dd30C71Nl6&GL9y5fs1>Bb*p
z(APeFQoxFP;SBhQGp_fRPz_D2$1~5u!fw5cScjL0|KXf?iKW_RQf%)P#6q~V5?oDk
z2+u@#otc901A49XeweZl_B68)^5^LfvqXgd<brCQU`<50j>|R=YTB5)InSWzO&FDC
zqI`>IWM+59UQv(mzmG5MLf~@xavh0-O%v?7SX+ub<65<yC6onc0KOLaYau`}Q$~~5
zsEJVZDLiBlm4j*bRutOa9mvMj7U|Jw__sFZla<qjZB*w9wo$o=70Z$eWxRrBF8ko@
z9jwZ&Mt^>g$5bJU$cBK$_Sz@?**<666ZiSxQHHwgTMHNQc4FlD4I5Qk4But}37a5{
zyw_&kVSET9?zO_=@ntR4|K5b75nzr^42IaCny+(*EeX;<uRE;07V=(qB=$NJdUgM|
z-R#i%?i<0Fx%Fwcju!FQ`r`BU>_tw(i>h|*=uqGC79Hw`J6I33uLH}4D5}t8nP&6$
zaR;YGi>pOf$lF~~XKiu<rxex8ME@h2%@@|4!0q%*S!s}64aiH~l|R^vkIO1!+Oo>H
zG}m54l`(7L$UQJYD*kwo09am9`HspsorzZi7@9cmu;7*RQg~(OEbO-aad?$;QM~fz
zF}%uYgI7Ho7+xhpFK}z7<($o=g!$$6SK$a1+hZGyg2KWP>=bpe^W`vVn0D*!KXp01
z*$3sf7yiWM{PD_*E$96sj2z;dFjko^%lrc}QTX2`0{Y9DZKd;{KZF`Xy&Rk$uc2UD
z42zEm=*O;4)KI!{1?9ywY<pPy^@~hF`9&HjDC^TW;If&uLssv|H-Lv%Sm!q|;5ArI
z4L+~Mh))D2E0o<qT)?Vn=UU_j4io^Y6_|b52Yu*+)eM-#hfVd-P)Kv_>?=G`J=qqt
zU%<AYl0cs(bSX@tU>e&X2iXqD@Hh4`!yQFo7^|(JEfKR?EsNisUWZw{>$3123@+9@
zSH2aA`*Om|G)FE2x6vRAoLqzSVDviQBI&w|Dv|$XV@hPx@7NwGL^7Mgt8Hy@;z6&e
zvBd`bJR?zK+ds>qv3*nuL=ESQ>^3wjnaZ{$gUP&AcX5sRZXkqV6!zU4?8qB47g4!l
z=%8|zg<n5F-!*vvJK|}LcP{xWbuwrRuEpk^<o1tE^NqKX{2X(dd-513{VLU>m}NMa
zVy2uxgRBw?N8oK!Iq=M?O3Dg6;)(Nv3{8w18iu^EJ8Jg&KnGepQ-jJX1-8sG_HB>S
zfeGK9e%|u!2<x{_{%znzm_cH_-vpHD!tx-XRJK@D!rBXfd-~-G50B)t^){uL+iUE$
zramZ8LStquxQW}fCD$e)@Gm+!+1xV35y~}N^L6(q7Xaf>Z|tW1<u{}^b_6`qJM%r!
zhw#lDb2n~b3){lK*o-aoC`WipA@D(xNi{tn*kCq=vP%;Jn9(9uYZK!(G3xnR7lW9A
zV6y9^?-39K2ynac9=$zg?xcyj>&sb^)B1Aa9PYaE?zXsPu>@fLRT^l811U8{6EM#H
ze?z0X%dM7Y2gRsc@nq{GV>Jlzle+QUZDC4n;vW<FE4CgMGr?a?c|(9(hRU&Wz|&Y@
z00WqVZ!-+2d@yN>+mRIR&)dwyHdkRLhkvv2f4DNq#-HfVHXhS{gs-)mGVz}l8ZvRu
znYcmxY;JRKbIJxAJDb}&w51C-E*4lxMM9Y6CTW<N9%o3jpvz^5C>7dc&oiR)TOzF^
zo;s0diwXKn2G+iQZg*5R9@1L0QJ14(W_;xtLa1XaVD!gY*^uZHgfe_4&UFH`(@C1&
z+!Ik_liq<Hr*~JNPH?<!NbLkW)`G{%>S*n>n4OEaSlN5QI+og-Su~V-?VW&w8#``Z
zA+&+dsQU$GLnio?n(%o#^<wZL15BBA>#yk`l>%&f9!&z9(64rzc!A5bx3igzw9l6d
zuzK9vtreCXoxvzvHcFaE<j{3Roj6CGI$sQZmn*gli5U01j;zXB<svvWm@v8cxB=p-
z->~e@J^#$~LSR~MbrL%b)3U?BX(<2mtMnFgJjMjfck!T^>4obZdF<qs<rzoMYJjw!
zzm+=90J?pJbxYn-s8Q3Xa$a`$vHz!CmxOuO@~e~;DXv@n`uKDB9ZwXUqwTp54&g5N
z(>&0u7Rb|)qp_okS1PYz!|#u_ZTN#0-!Om;w`&C3>Q`u)pTt3rOkVymFSB>w+O6;Q
z!(U0r(3?l8y9d}OX(`rE>?s$8Sor;BYZY3vyDkyxt{>|TQ?SKv!sir_J|=~||2}Sp
zINx|+zV#ym0I9=I+zYFJ@ki>v=1=r}ecbo8j6}SAJq7;1HirpeIqyz@$-Va&tVMhL
zxg9*S_PN*7VQG{3$}-r(Cc^?Io}mG5Wdl4#3z*F2KRr7fz`v7xc2Tx4537C5zd(I<
zV12Gj==1618}sWUi6nmUc>}dpECNv6dOoqi;L}Efx!9ohX&Uy~Khm(}aj<f;eRzbu
zyDRS99c}hun*|ZI=snQ)2U=TneWocMU3X){l}(AW9Byf*y@_r5wP~{{Y-zIw+q@OF
z3^<v_d*ZBhyr@=z?H+`O?)pi5htk;&O}fMm{Te<9zjU@u?^u1r+Pf2bKYXsuY7Sdw
z`orD0n!`AQ<fmrh;l%IfHyC^N3VuAZf%fd+ACS^4jHfhrz>6*PVp&XFSZYpt5>2~b
z98j9Inb>QGv()SAKhSQkiK7`PC?)P>_v7(9nT4G=jwjB2%}HbK`d!dq)yc#LuN*TP
zY{dr89iwTa(HdsN)-XN(t3Fn2`vrd3K}+oU)`-#bVr+0tB(Xv63DyZ3&omj^bUZ<$
zKk-r$M~DaMVPWjyp!nXdK4A=J$F8nCkvQC)W`hF@p~0LJJb}aqWW&+!0ktShWf|B*
zG#6>t<3r3AtY4$g2v0`UdxG6;f)*=n7&OsW>5u3|Va!S&?uY+08U3I}cnXCy%u5+Y
zTn~SVe|`}g2w@mTLtXd?4MYq!ydQtx6aE~3zl#50^42hF`Y_N(_?wzpCR~m0L`$dI
zb4y@q59o`q%E55Go4!E5HSEV$Jz&C*>dW<q^`*KG-{$I*@qhjGJ54W<xl7p1&oXT$
z{o)qSGX4ijF3?Z5K0?pZi}j&;dMraY%Sg1uNc7if3G=u4^Q3OJgl10d#|OFp`y{Kk
z3Ho<XQj-}PItbxyRyP!;y7HL5j=!MGc)H50M(3IOeC;ncrP*G$&*kxjN$SBd&#YNg
z#zvbrgh|kSP>oaO<%v>o5*fB<V3es-tgl5mNe(X0Vf}F_PzJfN_zs-1p;-;VRQZAT
za0K;oB4Lucl3%<MuE4Y}({5TzGGIH5`|L#iFK^o^5uMgJ54365*Ua~wG)uCkDC81J
zX${{PjDm7iwRbexO}L3{nxm}|O3s_Z?CdJ9UY3JbnRB$Ez1mx9khs3}U4z;{ARnEc
zdn0cv=e&)nQKlA!E3p#d5u`!=fbs9YWk-}0DAb?uh;FBcLt{sD$UFQ5GChg%ouQuO
zg*nXyD2B75iKlcy)HtQ1u)!?)b5@?ykiy?yU|KJRauJ*&!F~5KuLArOiE7p$8(k*m
zSd#hq<^vFmtw6lz>O2la0v6qBzIjD^8%r9fJpp=?o>E-hwjxUsX<!A@7PtQ9(z);+
z<_nyo)M~SDr(Ady=xLIPc>VK<a74P8XK2s;>~P#a(UKywhCjS<BFh7I%|wh>vg9LL
zT=xW$4V!v@zP}|y2>g+-|2&2A^L6(=$kr`Vs%L&pbKBHH!=6IUfxIkKwzjw<qR;Xo
zG&&)$ou1%QO)3Qqr#E8v00h;FAR@S1Shta@7~Y=x1i%&Jua5d~KzaU`FJBBU&j)1p
zX4Ls{u6FI%4QV!<EmbF7Y$ihjfIj>J0<;6jV-Y5gMfCPDK_C*SUiBuq`r)pp19s?t
z!1HCo<FR9CfuvMbKOzALzK}=G4FJKMr?L9ew`klP{EG|heugY&l%Xthp@V?lrr<fH
z6m8Z94q_C9O7F#P%)fsK5p)(|A?7V;ENqL2LI8c~@nhrz?#hq0;C^{~fELe{<H3~<
zTNsH-@$v9ye7gJYbf7Q7<*`=Hs~pV4hTE7cux-3y8r#Nvi4lhJ7qL(SsVik)jO1U;
zF{>Wt#w?;T&?un;TBXs633_s?50$vp>qjFD`tOXkP2WfMptgFsZ!pHew=*kNBNxG)
z(Clk2L`hq3;AhO(`BlHZq=)D0EbZ)Nx1#SOG@tS7OP{>eJo!PcvPt`TKAb#_LNYM^
z?UDltPY;b6xu^aJ--R)_oh&6tE{1^|uMg1+_=6m+A3o@%Gg}H@V(;LEDA{Mmb+hq?
zPVFp+s}}*uiPfzAL*vLrwJb5e0&z0Lw)F$Jixu7%a1NF&DL;tJ3MU62P2^t(wFhpt
zS_X$;aTqGZAR0!D7y~Qk46Kv(f<g?;S-fA*#`E=-ol(o-*QeRAh)>{U=%H#qI}Wlk
zniV5Cto_)ZY&KPB|F96=wJn1T?&Zicm>1<2p~@RhlX;2SgI$sOKr7;1Cw<qIBkw9i
z-t`imo{QQ56S-GO6f>8?b`N-tl4n@Wf4T5Dn;sX%uwZC{ov)W+=ff&g&jS?0?c4CL
zTTK4-$jv+*a&fhuLN&InnHVfo{?uKJpetj{6dT|0M-Po*H2%IZ-P-!M7BP1pCLVRc
zZMuAh_Tv*|j3YAYtSzptecfIgqlbpSBI5|^6Dav21AiKS1gcjSqNkyMd48G@cpt^E
z*qBsbepZ?d&F|jR;d927*i^QkMN_ymqP~yz4jIJyC+Vvu?eyVHn_SR9m$T>#RLQB2
z$WbA1o}t1FlkL#PFGJEJYU`Yg^f=@1TmJq@v`q>`A#hzf;P@8OjtO@Rp<&hB<c@Q0
zbmigno!i4f;wy@I&i%q><DPRb{Jf3loa<W4HAZ1NGg;miH*k8~z%d88ZEXj}G#@nP
zfD{`mN#BC<cHYmKakartyx_;grM-Nkb%ep@2>+dSu@RWrwv)Csz)$pXU4Z{`_^K9M
zV_DVj$u5{46kGgfQ<mVF)+WOHs2}m=4ZE@#ZLIN<kw20m1W*@2Xl$djLA(&ymiq-#
zRqZ!tq7leBufWEtsa4M=FN&($sY3FIc_OdEr@g{oOl2=#sOiUFtl=-Nc5pQ0zBL0y
zi%={YbcGxR7&nW<Fzr`qNs(*DR*=UQ@FJ0|S|=2^aF9Wqc1`||2Dv)<Ao><|W9ZaQ
zfuPGE$`<z>3ce#+qEWshJ7-vSWD_^#2QZ|Npvx~@67G{M^!~9qD3Q<&<8r!q@!1WF
z^`aP7bV97S3oEU?;U~nn$-KOoh4~(+6GF1l)X7oa3IE<Ltl#L%W*&!&{Y(~IzfmN=
z$>5`Si{tGX9%MKD?@^6l&xJr|QmMa1dC;j{i)B;N*J}G6$k}LxLe+o^(Wqrb|Cnvn
zz;2@X=r)TP-dI#APN=i??c=nf_N09=eh9)S!qzuE%_bxJ`jTm1Y`nk~Epg+Gn{Bza
z+GI<1ZS_KLi<n2NLe;!@3#JZVjJH-hE+n(Y8e3rHQxq(^ib*CbenIviWUgv?gmkS)
z`1iI;scdn5*-ee@YV66kDyFfmOrpc&F&!qI+AfVrQV+Flivg(qhc&y;Cv0dpsw3{U
zey^$TMUY?Sw;JiL?*jmaySEw^JcFUCt)@b_Oq+sjP#}w!+TJxf0jX`kY?9jk1dmXE
z_K&$~Ef?IfiDhS71h;JD#w%JV-!K~>d_4?scMD@2Vw^+GmFH>Q9oG`He;;RSeSz6w
zPd`oXUa?u<{lRwW3k!prShwVjv;3~&_t>NFk$4N@(o1!hu(_^tyr=7_r|aW;x;CMH
zCO5}*)4sb7>t{yVT8BrU<)B6?{XVuDc(!e;W7bydvDKGnFKSLrHtl=^0KZ#<(-z{V
zos~FV$Mcr)uEOyyv@!86IBQ5<4s0;%EYcADN_~l$FWsp<HDBNawsJm`u5yN(YPG1{
z!yl%?L%kG*uCv47SFt`6e;*&l1hGTIESh);|6~U?q>{{a!z?+uyYts?@NfUj|Nr8!
z#CmxblgETLpOBoze6J{Sq>NRg6|v)2dotnwPAr2=rK^E@2?_H4Y3;FV1jEB*ED8I6
z;le(7m>9wiV*m@$;Pm>VL@wu9DBzfDO!EII_3?K@Vc?&``L8$W|D&A#*JH)P90}+=
z2=3k-{q`7tDld-m=e}v>RZ&)+0~b}>ht*psMFBsU^y0;ww-u`<V*4qKeob19h&95^
zNG1sQ5q($^+N(}2VkB&^LBi_wt70-g(XjbZgNFU(8Z`dHpYDGm={cxgn)KMC7SeMc
zeoG~8QSjw5^M$cYj+kM{%v5Z!Nek^a1?C(qV3La;E#uPi?1n)$tE7?5umKGYC@?S6
z7PMr>boH3Hu_Dw~Q}^8m+ML@&r+wWJ^4^|I7C{9so=keX>iMj~vGu91Gi4}DkOBcf
zp{J5q@&ESJCBqrtW`}s(Oi-a;jX&Zu`9=s@Uw9jy5H<5ZXKVkM$MZiG!9nb69>C}3
z87F=XZ_pnb#LoOu{#YoASFg&9c;00cWc@a)3Zho!VYL+@I~_9*I)&^M%9|-<+wuST
zZXw%7`3l|qiD-JJ8FpEeI6ix~2krVo+}g!tGkT9);b0z5I6&2<D8pqK$ZNHS^L!0#
zN@Uqf^G%YJCg3pnBBk3DjdYvB8Y=W=C`Dh{VwwO;x#{+gOJknM;n!^O0<>+6Dcepg
zO3=%LR->}0-FPl3qFw&4wut7P0$cyaleqO2v8}(uz@SAqAzy#dUt46Umy5YDwEw<^
zoW`_I%Te_lm*zbJ3uoHxvbiRzT~A$)i*-FV4y!(4coUumSXJFNPbT&Ixc;YjeB07$
zu#`98yYPFh7JM6bBg30LgS#b(CpGF5ZBI_px6#YbCFP8)E}>9<ft#CiJUGV0>;#iz
zK29T_@`-h&6Z)X(+t$ZUzHQ{Tj=pU`y?Ir!E@Xx|f^}Zp4`7+cdUOBswQ;vG8)Y`P
zBT~2=2(Q_3Hp;h|jgq=z=RQA9Xu1M#vj%cQKt3mG14c0fDvA-cg}9N&cAG?P4r2a%
z^v^^S0jF!LbVk?Ka=Mnw7LC^z=#_~rwI?GC<8tFM?!^zHZOfa}bqbKThl{tEK&e8X
zEDn@K51T;AVL%ypD>vL4{z=`E8E(-~MxmI{6(f|gvLu@k%lx)vv2Bf*zXXzy#r1)I
zPZsBB`Epyb*xe+HneaB834elO<R3FJz!Jo|Bf%L_WoAV0OOFc!%*JIt9%@MBZeVwc
zCOn<V@qUi>?o^Vt&$h(GcB9cbv(Y-%C>%Q;IVcM8gVJ?2qrmxE)@*iUULI&lNV!_`
z_3Yu(11)4ZUpv4bFB_P&emXl}qVln@!QHlsiO_)`FUm6!>`*_<Qp<z|p1@jGAyJ9+
zWqbKI_@rqfo|<79m^<fRc=v1b4#7E;?Z?8v0LXi0$Y$d7Rk<xu*Ct;Fb>fUt<N#G`
zQ$Z^r?^&bC=)Nt{upfhO*o{<F+sd6&$C{%(nr<0w5{|a}OB!v|X(4;!jMKzsVqGdf
zYl*@OInP-k4B71K^2p`X4E}&Q_|gS66J`OA%B=GkJ`(0}zCE7@sa80dd;77;ypd&0
zrd@jC(xoqxEZv)*u=MpQiAygofFYl3A6vRuUxVYC@E&ar`qwnepjT5q$$d0ve>rZ{
z`wHQ-!mt9cr5Pd{xMvDKpRr~G2E)i5ab%-T)~W>IIUDamp5yGcWJwdyfK6`ys{9lo
zaG!(CIGg-iv-xJBQ$34}dQihGx!!3_(eV2jd~xD?#yI%Vt4wsQn%CY~-#JI(`hMJ-
zY<<7&*LHoQ?QPaK`$|~fkW33w`S?DDGmRmCXC3ke9P%+Xq^A+Fr7;1i)(vfmHWE@H
zP8B>dz|xB0lJ;V+G+V3*;2E0T`MW@`G@AwfMKHfL?U1Fe%1;#nq&gGc*=@{4=L`pt
z%bf3H78GE?1vuwV_fS1<dRw`ChHbpCep755p`;}`z6i9C+xTl?eKi)<&9MpVLM5Ap
zswruhjgC5%SxDME6kxn)(2HuhS7H5m&>6mWqRnW!Qw$w&;Ce)%lfxeV)Y+z1XO0PQ
zZxa$&T*4DhV+m7ItxFi?WJ}28OBhH|q!VZG+e0!c9>$Da%08{Gv?a>qZ@l!-e$|0N
z=XeHrcg|q)$7AsHN#k3s7NlRQ&MH*x$hg!hN9FNVev^@Gm76o-#KM>(J$^fuPh<@9
z*Q@@PJIHHYCNRV6RaDe<gjeDoeA)#!dy&On=*#=_7vJ+2jm%$u?Hm30i>>^{?lgMw
z^qvC#;tl@dL-yi{4MX^g=lF}4(+Hww<cI0Qi^^4B5+KG*yP8ET&aikz!0Ux9oHT9b
z)l5uTj0TEjX2c1XN%)2M(Sz|a3DdP$+~QY}OzV~C(h|2ido<NceVbQ4)4I<PY)OKy
ztA+#Q!)_-t<mVWM{QVP54LfGVAL(RTwiKLRB;kz@-4Kkl^BaQw<h()=)0?z&_p+OU
zcT<e>2V%0}qF>>}4W$qpp(+Ihx8J3-WfrrC!TH^mmPpWle-%9bXIdL_<Qxdkf7hn@
zV?B}nw{0E<t{GmOX3`F+yOnm74uQAV&{t$vt)iPye)v}NKa9p}=CJ5HmZrc0+tUs*
z)|IayW8IG#R%2a5h5?wWm$=j_Ud48LS`k;pMb(~=p(4o2L&nr>?bhR&6r+WY6L-JM
zn=DET--R#0S$N&fXhfGdGPjv?pu@WujX;4$*kI)dg|HQ9=U*Qx3JC$^SVZTl&@=Gj
zXMR#Hoq2DkHs>9k2HIfaUjSOPvBg_B`CK20O<~^%*pcegi@d!Dapk2{9(ur^QUxz<
z2EHm`cQ)@1WQFn2!tmZcXs$iG2t9m93>jKTAXw1Hxc6umNVk~?doLY+rg@tJ+vFTZ
zmR=>+&((7J_TCej#t~hFW1Y~RAAv&TN$nXBi+NMz-#<(uo{yOn?qEAJ)^1^#rF8$Z
zlNjbu{9Sbo1+d4~-8dUi4_I|4d|Lr;@lv3wI@N-nvJ%!V0EUKt#QD8riXyHmnuZtE
zF6{~$M5wC3<68NzdWIMS>^39H90}XCPK?wvNE?eL98*6yIce*_aGAaSH>6GYCZ4qA
zSV)`wM@HIm5|MlJhA8*V9t%=G?E71Ga(9ed_>!AjqQ%F<nRbIac27x^ff}|m87Lm(
zM-{~|-j~U+{ZA?J_*J|`YeX4i|4#tZ?+Y&pCieQ@fJyu6;$Zsn^hLnb=`{mP-KG$j
znDQL&BjZS6H>3-~MRo&;HA#q3zgMl)@6|Z!_c}=pAJ9|nE%PI5_iODu;)j{?!kF}y
zZ3pf{j1Yx6A-ZWBBSiafpg7TV*mW@2a}+oBfsIQtr3{goCHdmi=$$LL1hNxU$hH#5
z`z`1j0q~)ch{kveidk{P`1M@I*AplrCyvVR?a9<@Ucc9hG1}!fwL}2`k6?gIlGkOk
z>GfR9*Lu-~ob16Da%IwmbZEKM$8W;N;XBWfVfybrRKEwr^!)zt@Hrnbt6$r!%<5TN
zqKE%ru5*i8?r01hU>AgQ*~c%%eT?zf@%C;YVRUI1oJ;{UP6@qh{mV4FZ?dq#HY(jW
z9{LhkU*A&uFy0i-h$`1*hxfLb%Y+tVF6&BRE<o?2hR6YuY6kRG>m^@MYd?t|+lA(W
zrei0)60QeVb`v&0U#8R|N21Yim|ygWNZNBsNfgeo@fHKIMg7^t%b{;B7~>onh0!?|
z60afGSv#%8HjiV(0Xlz#U&Mc2z<(YmurR}hK39K8_v#PoY2nJ);~f2Rcz6@MypOwK
zqZpudnq=hL%b3Ir8^7z`&8AP`ZSWN9?fD<%{dJ(+NV>DToPBT~e$ZV{v3L!=&tF~J
z-IBZSPyFFnd`L9q?MKtie0zrb*nF~TFD>$@D>Yf|?@<@!X&%=}Ump+J6#qhK+{`P6
zzr27+m4=sLb|#~YCtvGl<2Mvk>i+h;e0*KRUmqO6sA~y2GLL7c0zD2nU0u6pP|V|y
zoF%duQ4Ji=Oy(@{(W`CUeSEpa)p|$KUrVOZzYRt2Z_&STeq5cT(GOnIh44cfTH9VC
z*z`Bdd%gK(42qF%G5Zr$u59aW6}T;#yH))CL2zllIyv7TN%8g(HmE52WvY|}N2Me<
z>qGuXs_&|*E#AIp0T-FuXitwoK3AU);p?Is0pf2x7!0q^GiBD8sooG;<1U7@e;iC|
zs$cj@k~^Wy;%aj=|CkGlFA2ZTnCbE9kpRDX6AN=EGWfmIHPL=&lp`ire3)9gq5XV4
z!WvvT+9>-oG~R{DX?Q039`Xb$@^KF)Ybm$VZRObF<9hkU0>9XYbWs@Cg**$sCYyw|
zaXux3s$on)yJN5=$P!Ni^5}LTu3rC6Kbt-?Zq5ZGOjmRxTGlt6sbhwZ@XwL-P+kLz
z7y7uWYA<lN5laUQU}ZrmzuXuB_L-c`t;Jy5-dgIv!TLw{<F-gK2Mv)f)TiBVxJnzL
zYgSijqIHFaD=V_5J+Ojsk7%OH#XO@8Xq9h|Ap34yGDN2~*3EW!cV~8`y^a6Bu5(g<
z)f@`DkTAJsE8bD3@$ib|{z^NCS?{a&8kOKLM@kdJ0OqfR*VXo0+W0FuwAI6`7uL|p
zYpfIFdo(B+_tn)mV+UknQgH~nm;Tn<O}EUi_&9&;n@MujA%jY`YN!4lCE3Y^H_%_T
zVZFwUwKLHlbv(A8%x<jL-TPB+tR;0?+>JF(xy_CBO{TMQ1Yi)J79~eA7^CRkOW#;W
zTg@BmbnOHD_Bh>_G*h-S?LBm=VECDntfbh$aSSJFE{nw@@cl2r<Ic8R3{K2p`J-T)
z1mh@uQ*1r{F$c}{6y{7}HQ7?|=6p}^zM`0SGDbi#@66VDao(9Yjpqw2C%Gz>i^D&+
zF;%_@Pv@)YOr6}D!fY|-bfy<4Nov?DjTu`|dt)gw-szNPSd5#s=Oc9ULMixv*D1}`
zR^)GFu6w@W;XBE0!+Uv<_d-+JbT-z@4V`$l!jcr`f19(71;d#0e5ELPdY6n;mfj^c
z)eg{?q&{jhQoGRU$wmk5+PQ5&H$R`!>cRlKvrQmM^&45|wJ98yZ?GevJ@#qBw6crv
z056MABd{6OK(%uoRRgD~n5Wo>r>K<8<1Xx}kI_@z(3sbu*;9{H)|1hR^(ddYF?N)3
zoZu?+4!U31$KhD{6;^D(6TK?7J9D@~mWeI4?Sd9W!DoF%hr5ab?W|K9G!z$^kPD#L
zT%^~s$S!28Q*F#2`Wl*|cNO+F)Z~9dtjQM&%?@wk9pVYdH9Nc#7u!yAQcph0jqtbr
zX|enXvv8q!X!X8K_bjqr#$V0S!oWvM@uT3%7!Y2x8;&2=FMPL<PeO_1)L)Fz#+_0t
zvAf{{cl!FvLhgJY<5B2*|IEURI^Q$KHHJ&^xyZPB1MtIxE+k6&*KyL9t+fC=!;{ci
zCs_pf0T%7uXW_qPmzTF#Mtv1KwYMbm<213_y5_5(X}GY3#(L{c(ycHI)Dp==5uwR?
z^S14+8hfi}z1_ijJ8Yx04Xn3mk??m(nUAD;Y{WH$zy%aI4bDM<sTT{x&P^PC4I5dn
zFawmW2_uxGBZog>YVU@Mi{z1ri{mmV%+o$&tF@mE28dT&us9)3A|5x#*cPobwvenT
z99WQb3-1GcE3}h^n2_ay!3YObT#6B{>cAqPK%Ds}e8*=M{#%<^{-SfnB%a3p`<^qe
zz;m@;s8Mv&FVlzW9rY}|Kp#MnuYFB_#BA-{NT%f#X$>P8=X|ogsmc{;`}xBq?Gy7&
zbAGCz)57{jMxOSh#NvO7EWtl0ZS_I@4-quiB4jNZ*ft1=CBnOoA7n$&auKW0p1+RB
zRz~rDU4Z$p_@5$ect0NhQ_8N2{<&okh5-d0kC*9M3arBorQt>-9j+@5*H<fK!{xwm
zxum~-h)KH%&q%&B#(%pnAHN%(ENTR^cqVcs%))y!LtxsG(yIk_N>QL88gavEAP<;|
z9ery0vXZB?o%3Bhu?&Bbtxa<Y7KV=A-D%tcnHvjB!c=(c(RaJdeu=Q8>_p1=QY#Nj
zTDt(z@-Ayw(w!LpxPUoho0RdPpWgR>8+{L7z_S&^`mRWbZW`BWMmGuChp=Da!EI6)
z<(LHa1#Hlc39ox@`!|78w_Cfu4ZpmmP1pZuH5^&o*x>i*<Lz&;`y6KYl$HOqIZb~X
zF7S<hX*fGLqns8`lOTV1m6O-=jMq=7mKrFf93PN1cQjb@gaOGSY<v<|O=UHogML+!
z?7Cm`^^k)1=X(Ojy*Fd9`0dva9$$m?S>_n-1?ZKlGrU`(`!3-+O})}y`tHPTvB%4(
zN8f9h`bRmbz17={4)INL3md+W?WavQhM%)RI+lZA(*Z>HK`@fu4j`JzuvtkZ$Xez3
za^ljCTmQXl_NrfS0((ST12EDbH#eitFkb&M-BSPZv17j{vEw`%3Vp>`AOgMPspf-r
zd_)?F;w&c^GwJN>MW&C(HsW`4$@a0h8?$}%?!s&z%dEDK@!UI_+ddZKE{@mU+L_e$
zvFO=kk*jD%rEqV{klZt}w)4e@#0}(rYzLhK6N0GOJkU8eTdUid)V%fW`Xte8RZH0E
zdiWMfRu(&5C0PIamP<#hj^qc`sdtNi(c9Dxzr0F_TdSeR-B!#t@0`P8SoH9RhaAby
z&$5_B#|+eOpJ%1`u`BISDKWnT9+>6{t^}E}!qn`H2(|p_Ng~vuTIdQ(?zt=R`b^D0
z>)K?0B-Pu`A8{~dfOz?*;c2$hLZ?*x>?!yx{4BkoqC?y%>B<b0`!@l{!dr24IHv><
zK(0_b>f#dU+R!tAV%BC|Rlt*4Wc3yB9y{&r+5O2U;R?q7e&4B(HvqOp4W8i*&N0rk
zSMA3eY|Ulf4Et>HF1Qa|mMpPDav$8?+cJ{}W(S`!ybzulYUJTi;Fo^4b*OY>C`p}^
z#M{>zg}Z2*1#_(<UHMG1NX*T2kaRaf!1Yu=a}&~fq}kfG{)Y`O%2E5uh7VGO*=fg>
zem3Fq)HY$W7mxO}B9WB^ZfN0(NAWx^?Z;SP`vgAqmT|3tTmD`@OlHNT-ZOKPIBg!7
zd+Cfc7g`Nwd4E4{Oo?yME^4?KPs0Z1tS-i14K}uI*I;(^?zVSBkur7z@GgHb({71L
zd6_>PZD$s_;dWME*L^(}5;clbO;dU8tvb8|vn|3hC=IMs;LWv`dR?j@<aC$SbU3ii
zH(#^K_G;<fy9Sr&&ZFP{Mr!^}EZ%{S;0KnJD&8U58`x9hM~$pbcgpJQY%GTt(lR9F
zV=1I(NyW9wj=WXEhUyC8KKO5b^=V;owXFjGDc)Zp+~46txu4C`_p`<c!u_4Q!-KsQ
zg7?dcGGR|+d7#OAb)#GOpiZ{$mHY0HlzJ(2#4+9FaQQN(y1Xu@x6mD&6s;)h+u&B}
ze4jIWBz(WKLfBISoU@B$-!J)Vvw_cK>%T7E#p;V;QW)eeZ`zaA8#CY`s<&h#>w?9I
z%2qLSGz(TK_WiO^xZlyKLU?FPg>d_37$^h-4RpVgZG11=leUul)qr{4?;3><s<A#{
zUr@9kj@W$Zm80#gz7e8-a!yL|F8HHTSXUz!%#4h$JiJN-fR2B1xE;>WDY5S!|3N{t
zZ-)n?*vw&%CCra*k~+M{S<!A+l-VmKwWIz@ES?~rig0D{Vpo&1iFpYdCg<eYp9IPv
zV^LgXX*Q=ka-P6SGHLp6c9Ye!)NZ)!ATb+Ee@%53H;MK2h%(YU2EORmTH{ka_EU{z
z!UruL`?sFHdnymEn($=j5>N1!Q?To9SdnC}o%m$u9=Nrz+4tK46IMA~Y@leJ=&BQ{
zm_>J1UUuc^t8L4|l5$E4edn02cJ3$z9iyb?1B9MC;Ky`zR!67#m*qzd)<jjW&BpW~
zp_71~wTPac;`1E$966TF3S()9GPEiD3%4~s-qvGJ{*C0X&jwlW0Hq3`lnIp}j{;fS
z)2wa2x`T}sMq))G<LYPOR`?^G9_%iv({n^vnCSoRfEest3IF|4bnScy)YRcr^D<mS
zSHZ{dPT|8nV{I&8_pd|KsUjTDha{?F`5_kV5z#!vB0sJX(RzrDr~F4P*5~EuvY4c|
zRa9AhGUFNkvndbeSC$m{t`s&bw!4)EcjbX^-Ib9!LKPY)0Am4bTZ@D$x*!iO%@_Uk
zMPiT=RYVQ>ZxECJ*4xNE3}hvtbBE3TesFH*b=X1w&kt1yT|%dYIU)TKlDN1mcv*WR
zZH+M@i!8_!wq!FIj3tkHu|BB~cH`<~jO;1K$hso)np0><6V2M_%lW<BVopAAM$Gf1
zOI;?;h$0CtJ(F(9XR<?0CJsKt#KF6-yR_st-4yW7UI9#HeEh{tU;twez0P-yi+Hky
zON*=})Yjrfr@B%LzuX5)sExOU+q<Gs%X?YbE~$1|6-&fmhnLCQGwu8v1-9})wJ4N_
z01EH@R~{=qh7O4!3Rb(VHQ>S@4~-k|TD%qB4am#uNp`i?lRVE#N{U$O?HTwEVfXRQ
zo!0q8C+Eh+OR1A{fv#qjPR?7A7Tv7Gy`}sa3nu4^_Uc-*ej~e{oB^63tK{Whm1|o$
z4a0N1<;6b$3KYkkcPThLLskxo1vO%{hWxqEjV!vcZemXmQV)1sKYGVbtQ<Wc)B6QH
zg+G0#^ua8$1gYn7BpJ|m*2KycBcqu<2YzSN>P37iu9oceQbC>hiREP&<)t?DFo7u{
zC686nt6bjO=Iv28vA2y1e2&it`tYcoyzYSMMGwrifMhM5Zx6}?AGfW?=dN4@U3GKU
zP3~>O+I+zgBcLBl=DjOA!&0q}`P8(j)<^J06Zoz6xWeYZsBo`255d}?&F;#TJptE$
z$4rquZEpX{T=@HGgg7sknG4FeTfHx*%ysC|YdyjHa%la5<10IZ=$EY={V3Old2=W1
zh+->v<|OuZSjMVM*~9JbCnxn{0;;><n5d4<la!U&*wpPhw(1?-fxUPZ{6O8H>FO!y
z$z!j`E-$Faf$8CV(Uk92C*_C>c8IPoA6*D?XO5&Cvf@XedSzGa39mM6w_RbA7EH>4
z9Tf|JQt-;GY-X}@0!D$EDWS?!Fu7^HKw%#on-?GDvsHg*Q={a?Uuu8575cQ_ob4{S
zIVYjU^Z%vtN{<w)yz+@HiM(RgYeX^j;xY@YIYDOO&R$D@b2iFCx`0wvt;Q1zJP+W#
zKvXu1J2k3|f!}~+SiDP^U9IPs{vUA4{k6HGYpdW#u3I^}n{C-qN!cO6NevxH6SAi^
zOb|L{r31*?qp%{UXA7MsM#TDwPW)c~h<YxE*6$h27YDe5+ebhqMS18`k3H<^`yG>q
zoSxuaAP*gK`+op=XcNdog&^UiO;bj9M44!+lg8-?++$+S6s4?VjvGdFO7#<SsK;ov
z<k~D${R)0hs2rVPTXx)o^3C^Y)6~&dm=b+NYCcF35&KaC$IPQv0BhbUg~A{aZIVLA
zK_dDT=7G{pRz9G^E<gvArjMdTgps)JcezAlk%y9hA^Afwc_=0deOO?KLa|ci3HgqG
zx;(Ull(u6?@7C`y<e}&LlRT7f%0nGZd1$lvQA{2>Op?!L_9Ip=ouYlyh3pBitCO-}
z=Y&oZoMQb10(EW0+W-5`+o-tnHm_yp|NG}H<JZ>n_Ld!;MOWf^TP`Wvq@5=ukmUWf
zPE5<vCn0|gFikvflIs(}f2ZN?3uv5cTlNF+SGgEKjHhm51d!g50f3w6ghR2aEF-%@
zI9c5&tV)HW$1bF>K9&(orT+<&64q~`o&V6(P3{xz`x?uI54L#hA*t_K^ZdC_Nqr;!
zBXInx;Xwu-zp2V_K@2|ZgdyF|#)&Yb0Ce1)GgT=Qa`@P8Kn*vchIXYfGOP$!L$x|A
ztI=fTJ3!|&Q61iXO3*PxY(8Yj-iO$6M5=EdM<6yD9LLQtEmAgYCbocbyrmrA94N*E
z`5rrvmh-qH`6rUUCL2EUeiJ_1+D1d^-@nbVH0$a9^z-<7>^xresc|0LUm15E6a0nL
zJ}Cb&gmcvjRTpR<L4wuCvi2Z!NHB1G&2sIbt2$7a*?sVTu|Ab13J4~a&I5&_3dJT_
zE%gMV-h+~Qe~}1;=o*i@G}oivnQs(Pzl`@!b<=ZY*Ku!WkmH5`^+bar-Z1OmgS;$(
zfC&>QNtnQyybgflcV>G6KL}M1M$ub%D2(8g{B_iOP7J@H|GHd{>zGi5KFt#<R}8iR
zHb|hS!Tb(re}$g(ecT3^gLwkGVzQw)V}1DNc^zyC_Iq=G{xkX}1|M-=lE#H^Y_%!?
z|M$_mb8+^NMUnpjdN<&@T^4$GFPAUqOaalmE+%9EP8RRdudtj?CSL%u?-Z)~x0Np(
zvN|;~P031^)%MdAIo-*zTd()1ld{W|klX*AP!4_0H06n}ke=<A?7F9KEu&{Sp5Stj
zC+a~C1zExcqJU$XQrMgFgo6Cg8$<{A#jvwR0!gRp1tvRmBiZ3|DfEM5np$|JDLZJ=
z`!Q?a_asGV^n=J22=pO61M_r&1R)oHE%)7o`<-tkKl{o9`-Q;tm{G;dH)wB3+8*sG
z@QwFd@>`5isug`NDM0*3^s1r7w5P1!Y|yK@y%X#y|Ka&kQ$!_QRN+7=lkiYEnc(pM
zmGji|%>Tf7+B5V2KTrQl=c%yw|Hyf|W0T4MulOH5Pl^7=jSOq0f~XXVrb_;3N8#yj
zNT`6xNUm>KE)^*VeYy7XEVjYh@fQ7z-VN3(EB9jbj8j%xr~&#;p~tG~1NEybGp@Zu
zDGR;BW%XWYcTO%iEf#zs`Zoc-pG42U+^cs)J<5<+H@*+Ue>U|SWb}AIJnB%Eoa+cW
zH)BprXpFYehbec%Sq`t@T@g{8*#MGfL{#j&_0OpGTDYp(_buhZl6Ib)9?WZH;T)3k
zg?5N#K%ql>RNK>viH!Gp3Jyr2NGfYZVSHyjN;pB(ppd(GQKL<MBJ;d^lsd||-6ASy
z#DW$v)RHO&%k4nb#))=1u{$GTuxCAsiFa*YIT77Mpe+#-4;r98(f*8<Oe~Rl0)eS~
z2amP&1cL+6T2hWl1z$;_3#p=VG~9tKNW=3e2EzRTCRC!VO4Kd%c}lwnYj65ngcTBj
zS_&4{SH$JFWetsiKImk#O$}z{VfqT3z)^g-6br3~en^o^Z_jhC_yoPWfu0S|!_?vh
zU!lisE>6h(p*cR8?@nnaI%3e>1?P$zWjp4!Q48}D^c~AW!#LDv7=KDI>s~guD7s+h
z!q(ucQ<vi`4yAZphgNLn@q$P7cI+4WijoOK`Gx`yJjwx&a@KwQ3~dS(4UO}nvDp9O
z{mW$Xb4H@O1(i0u*{P=E;Q%o=lHx1DWK(K4y7Q;O8nKY=J1k*P)q3I#K*9G(*z9si
z0ns%zjK!X1R|rpBkxY4wu<YZ?Wuo#aP&7b{PsN=rB;?D%ypuAEX8BAkXcR-|Q$YY0
z*07917!#==(3>UY8$(`~l}1mXNm%nsJeNC9OjU<BGe_K$T3?!$_v`7w(ak{aoKo{{
z$^MQ0sfTPE<2?3F($1D?!O<u9kd0!&c|PRI2MDRykT5YxxqxG4R;*>?tsIJ4tU7Y4
z+WALx#$nlkd<Wss{fG($A8MBeP6FVG-dR=-;SWmpp!blJGenclNO(ZhdGHKi*#e^&
zhekQi^A-IK9sHC!S(SO#COD`yBI1gsjc;X9Cb?ok7_SrZJp~#yWDFVa$cnTp=#uCn
z+t2J5#`fou5&R5J1Ni*uXIrCqnANO2mT;$rCER)ZEjy;%aSBg7L%t7P0>=hnrk%$@
z&WIi$Yw!sWVYF-ZU5F~RY%|b8thwO<=yWgChHoT9F&cJ1n9$I9kQ)B7HeAeOWV6W@
zepFi%xe&z((M32nsXqeG2=!(4PAXH7gJlXl>irrV6j?ba2@}3Rzmkq<lKrr72aE+W
zRGz2cnDp2Mln{Xb04ORY!Lv~ug8|#`Q`EK~?=>B((PuTJ_i5ueR7C;8{xP4HlA|jU
z^_ZjUA8poEzV#Ir9k4F*MSMa4(dAgX<%bg6-F1ky`(>@37i*W=m;klYr!Pb+8|}HZ
z<g}d|7Y;YLl;TgVwG^(33+Vco`6GN}7i{{!;=FT(r&FUAm)aMgMfjA}V_{$i9{+Km
ztAS6m(C1)>=xX+^#AXGJ-sNIJL<C+VD!?1hiONnfbT$PTfX^%XYa*im+_DGr@e}_6
z;15~pqCW)e;jHlU?#S5e(4ZRrZV-Onju>5osGK$R-A-6`PjQJ#Hho1cPx*k=HBv$<
zJ(cc}_F6Al#L&4^@uLeye7^m>o>RQb-P`~Z0HJx83@5Ar4%v2DsYc0B2}uPzWsu{7
z=>9DEBX*$*3-Ng{=U%EE33lgt$$vKU!CaVpz3AF5`2R?u9wE6P1dq0p`S_P9nErAX
z%w1IK<$^tOL4A4g7I<Ri2h-G^JEy6`cTH1<@0_Oe+=UXPKNOK&dwf601zW<uvc=n5
zaX=W_&Jr?B3wHjLah0ud!7ilVYgV%<_Y?ehr3s^<G1&ios!%l(DSPw&^5P~dKU5!y
z$m*>TS-CBOTO%tE!~a7ODZ0($YV-k9`OH($=qZ3%ox1@0gU(Zr5fg@0)yVB?Ky}F#
zs{W1`@?TPOL?oCBfmhK%)<<}=CybT6r-2wC`D-IE<xLUT29NTMr(m}SB(f)FBeUnP
zEsya^(-WKlg51$DLf~q|O4s%!z-4M+I?&A?$+b&(9K~7adlM}tIGq0PQEH^Vr-9Ue
zK~D?L$_3{n`+4ZUL9(|>{<;Pa5W41X%Zq=QC}fv?-vIw+eGmW4I*dPi9-b(4>Ir{$
znuV`AW#QjthZ}&>U+}n&_&)Zyb_ju&VR8Dy1Rny<(tAAxwdKXt@%(<8I;$o!P4$LA
z3-Q7)WfuH`XAStQ0iQMCvj%*o;WG`NY4}XTX9w`v0ep4<pB(^259Uzodj*lL-4-zv
z&h>Uh$e)!#OA71~0;4c~;5>$50E(Y7p620GAS?j)tpFPkIrab+@8Y`xM+wveK#a8$
z03OW^@NZT#!lRMk(KrD>floX2Y(`Kt5>y%ikPeUQG{R%25a@;@XyjQn6Hp4!sNkHp
zvskc`e37;z$;ue8gDH>W!Z*THWOW=!8Fp_kF}Tzza=ak<eWUhO{~b&Kgw`wSBjJJQ
z=N~$n3i=)%QU8GpQ-Y2<SO%Uc3%p_Gj_vS|ygeKK?Ys^CnYRsocIpgIJI%wVogDDA
zle{e(4jRmVv+rZsRU-smIuG;TaNcVCO7zDUW#!{og&Fm4tip=Qvb2K8v+5xc{&~Qo
z9P$*L0h!9d1w$$)l?f}7>|bLh@LZHMa!H=?xGo4)Uz5g*;=<)9UCfD~vp<SeLis1c
zhH6hRZ{u(~`~Xq9R#fehl8$yp*`@oc!>Bk&E;#sgYz`=KQ6RQcSo1s`)a_#EBuHJ`
z#hq{%HBZpdN^<~N#ZzzyB@$2IxUi-l&oM*-P!ac_hvR=z?-4J*YWQIQ@Tg(sD9}5m
zsKX<u2B_IAoujfzd#)Mh@BJKhs0GzE5w+Vr9{Wl2%T;xlYlSg!Zyss-MPvX7V`LJ|
z?1)gMq;mLCg!<MztObS>cO4e0ZXz;VSPE(v(5$e8Vm*k#a6}{J#m8gwof<403PR#g
z3a%m-@pDZ$J6|tREoTV@K!pcp<@#Ev%Ao{bn<DxaiOQA0)BwYVAU%XeLn3&+zkX`a
zF_du~P!A8IxK{A()L>_LR^t>4c25b89)c!f4DRj*Qx4ZsldlaE%2CaZPybH0GS#Rl
z$#zncsFY98v5{{MqL8^cFWC6z(7pfwabJ3&J~<t>6KI0d3Siiym4&c1XhKknKxU25
z%3+tZmNT?9Tc``(cGc%H@F&Y=;PuHcbc`*Ca;wj@D`Cpa5OfGnWx*koT4gu^i1~UC
zSRC{y7c`5YbQ_PcC;(YNroR9%`E6oBtL!??)9B+y19FxKPd|@MTql?)k1QDDDlicl
zdJ_X{DL6>c#NI0y3gGPP`|Y4gz6b#}SAbQ%$92F9LeW9Fpa!)&V6;jdw*Ifg)*v5x
zuYk3}qVWC0iSN<2hI0=8laA7fm3<K~B!Of5PR&R?je%<@Zv+bGAh%QnY^;_W^mW8j
zQ19(dlddBrw@wrK?TCHJ6ggZUO@=S+Sl@&uusyi_QuEiizCM6fnxQq<X&)uF23oGM
zEkuG@hkIBgDVn5wAu0PXvoTUC_w};+GW#`4W2x|2k^Avd0VX{}ga-^ehhLY#cPQCu
zRD2WK!GB`h^+OW-3u$^eWDX!0HJ}uzgh2L76<s@5{0!v26v01)g#0Yx&0@jk;%K~l
zGrU9$wWf*%AVlqcv_UFp@nDH#0-7UFE=9sth0)h!!zslC%~hY0k>&_D<TUDitor^S
zF<1_B(Rte!Y1iOjEJ1?~ULu80)0r3{tM@>=qh!wcjEssbH}T9|GUr&k@qMVzGwfMF
zDA1fEtM{_tbu!Sb$AYhlj#}~~WZnoH@@w#hB=(#NYQE33=OkF<WTt%2%FERY6YU9T
z<iLcxAZ&Y-Gl<W*B8Vrew@}@X;RI!mJqAGumLV&;-j&~fDLwP}%4AoA_jMCA7_W6i
z`}7pS#wDu@7;KJOVRJ$o(Fb93hb`8H@5AuIDEg8a^W*SA-looVlAYxn&36hp{js+2
zk%PC!!-twrI)&z-?@ai_)*pv|3uSV0SN1SFpd56x1I-r6l0w>u4197mGFvivyiVM4
zUS7`B;OL);L5Cqpi=l&QWV`^8L;{w(M=Yq9f}OXa89H>pL4=yj9x^i8vb+-gRtvt_
z4*}adV`FR&er}eOZ>55IAkN%ygC~RS7qY$ibX1W$+dr05XF<;@W>axdHXP`Fm$3S<
zjhQcJ;AH0@37ro!+lKNFv#U{f8krQ)rm&|X-rm)M;)*&F{jN9<%+{K)T&(h?Qd?CG
z<Q&9|`Z8fdBN|T1lv9<bK-SnI1&4nks(>Hm$P$6u?e=EKr7HmU|0Wik_F~|KHnP`_
zXlpHe`mr1DM*;T$70;o8V~z}e%n+*386FtsC$fT2l<g-;iI?+45WuxaPeh(`Xu=S~
zwa^l%7>C?Z__<Xo_(HP7@jr<@0$FL&^Vs${fXEj&ar>xaB*C&^HvkRkMH8r*pv-Uf
z1PiytKtnr@{#=slYp;m%7eMP+#aa}*(69@u`R)Ybx~!Z^6uUgZ;dLZ-WuRHf<2vEZ
zlw4o=HtKNVjscrSQ$v(Xd3mrVc<Jpd7kux*<wlvURcj9~;8-uT9BcNquSVZ?DSU=g
z`vuE#Y~ph?DL((jj^fVfaY;})--5~>)K6omoJ)>oM^R!Nk0@P&V;1Q*8|Tq}2F17-
zKJS3VfVM2#k0SROkMRV_P&(g0X&HUXp+}C=CBkZ!QbUf%=brKSoWl#;eFYpW0iO>c
zF!-(!G8Y`T>>D6sWO^{~LYZ=|@-%GTF2Lj6qS{VUJRFa|K|H=4@c3;sR0w1chLfP(
z-D5{o+1pwTJ?wD%4;tuvkfXDV=zM~q^KKc0YL3nzo6bUX{zNP2f$01lV!jyO$k4eZ
zhR(YfI?Kv&Nom#xS}{3}|0Uvca}1xi$3Vk8+mN=q&UhuvylBPeZfKzCbd15}Y+HOD
zU5^Pc;b?>S3<!PFn~9=rEl21UZ%4YxAQRlR-C<R(AHAJD1&3w(ae9GiZM9L|lOuEs
zA#_`Oo?!$aghc;$kyjnQ?yv@LuU8#HfR#W$5JBrPONT5qz)RovuR6SG>O`lW>OYVw
z2NyWy1)3DR*Di$)IZ#fQ>g&)fr(bEskEk{$wS!HJehMubM1PB2ShJfLQG3LC7^NxX
zkc6_06I40>g8!_;JKBFX)wg|`IyxUcM(W7%b(to+n!Rsg{f_}?N_!~ghwV$y@7ZTh
zV<{>)mHq<`Z>C$F?u6;L*Sjlc{okd+GAT;40k2`yaY_UlQ4|IFaQlzISF0LqLSQ`o
zS>K@jDy4%hj0TT{LfWRwclwErws0qkG)M&iR{aZl<_?GnPNI~ENuBKQM;zXKOhDx(
zhnqmPw*+0TE$NCLL2v6`FtXm8E@}h&y<J4L)L4|DPQ^8K!jPzq*>h{nl_9EiCChZF
zu`+Lab5-6B%$p^9Za8Get43JfJNUzR`d9h`jh4&$Gmm#OXMLtM9lfaR6`sDqFimQX
z;~n9%y_8qSx*v)0z87S5NSUGm{&+wfhUuv*oyu9EY%|*OHj<}WR-PMB!kgvB178mR
zWa;h7l&$`Qsc5|m-t4sRbi1|+tN)0)iT_Z<6R4JjG98#E?qMa}mr!nA{O38OtFm2V
z^b3R^eNJ)H_@;Wtcwrr=14opw_U><6qr{5+2P1A&K-<W3N<LufbBsdwOaaoI;>4~1
zp|j=EMd;#`NqSPf1Ym|U;_#@e8YJ~5SPW(f*$Y}_E^heMxZyWZwzog<v++Vh8r^52
z;?bn_wh5qZx9YA63w@>bXz2bZn}5{pG=8*ER!UexMeSKkqlh<+$0T)h9&USTaTBdY
zslmm1Gu*%wvXrgCyX~&iLKV53fnotG#@9li3vT3sPsMgyB?WJ?0P<AR;9rQt+L10D
zER%dV3dnvvzQp-xTj}LSkus^;!gn)q*?M1DT#XwltOMG21egWrOOt-n8uh3{+_3rO
zislA1U^o#jWR`7QWWQ(@*|m>uv4%{T_HDHf3y~t=iU{4S5V}*vK$CY4-k(f3X@%^@
z){X?(LHPa}p!ft##77vao;Cr{p+r)72C*`#V750t0HBtEV{d0GIPQj?^_LkeKI+_o
zZr~U!piBKNzM5IBY&AV`HA&A0EJ=`*&2T0nvQmvFz#*yQL8lxmvz>C|Mmj|Gng&oP
zyqCulmhdwdqEY;)NS*Br?DAest;dzA_c`TYg|j?x+&95ZTaBql5l>}hY#3QTovgqv
z-?oGfUwW=JTCTLX{fAO{58jU^1bYrF#<}_WiNX7wuDvU+VsjORvQ55eK!L;spGoa@
z$V!GjNu8X<8a=w7z5xUv)8p_wrB2zWO?bYQCAmTd*)eYA*qirF)nij`vWW|}ke7pf
zGrB4Or@~bLzxYI2@C7k!+=xa|*`{^6`U)GW<Z3A`w5l7Wp<zz{2~;=+|7(d0j)hZT
z_jUp**$Na9u<Dz+;R&da118)Ehl>V*XG6{tb&I198N?K)JM}ar1OPA)w0J)d<5gmC
zwiD1m@*f7e095L<yx=UrMJTHUdV-ob`fr4?F?eVCJ`B1;pWFeK{->%d`a88}@lZV{
z+G|nOlYmZpTt~e9CaPuqiIIGXn6I&>_k>bytf5o?BH`Xe=wq9qO<{fctFv#Ytyn9o
z8O-Yji7Tw4Oxf&is&;tO%hcIf%4Q>dpd4J~ECZ}7FH@><pFmv5atGaZsa-Yhbyn~O
zyIbkwQR>~w7HL5UNu^sEp5d-9%W$xxFe}4pX4fm;f@28lLcuv8#kVSFlx>poxl#jI
zQTSi2QHsp)sOdP6Tb<_AU$)+l{EyF<;+y~7eBFG$E1tvomi=$eH|0Np?<c>yG<@Ma
zd`9uO<QP#mH++6ex-Aah1ve}KXmxq<7LZ)Zlp3Tuu$<{xN)3x{oxxVK)%yU*)No>(
zYG^g%?P9x-s0gr{Ik*~0+3tqbE&vMtJ+7t?tfr46l^rTPah#coz)aCMccylKIL#*3
zhgj`|5D4CIw#xcAc>pzIHH^>%Z{!O{O0)M_w&rGuQxJ8MGrZj7ZtVn+v0gRrGyjA2
z-S-pL=ULDog$_F=D#J%ktS=ksa2V@@Bl<mG-`ob2?xqq;LMActC?<kK&-Ri3c5&y|
zw_Tk67-L66JEA)_?VJ9l)!%!THEazC|KSMn8&Q3z0j17gMes5xwM?n=A0{{~cPgh0
zw4IuzoRx!1oWZ;7Wv(sW9GNK)_}Vv8T+kx6J1Z*f_2D3Zz#|m1U`dj)N7;(k0voj{
z>yhrCla&Lg0>GEhyIUC|DcgWKEZBx5QBoYh5N36ZVRSP6Mft*wRv%czNW9ht4oQpJ
zN#ZfAWeVvm(*nm=PLYGlot_1U-Jt7*esILo?^F}jfU87h`w?x<kDwO-k(HvK`o0y_
zVM+sv(QF8%*?%MzMCvk7gW#+RW%XiksuLL2PP`Yuyx4C03Ad|G2%=rrv!G5nAufox
zm74N`(;grMSS0|?aR@`E@mjRtv;<5HZ^<(8ChRg#P_)az*`VUpc*n>E+eN?~vH2Tp
zF53ayYO>?`kB~i~LFiO=bptt(JFbQnAPv>G`VPayagsFQ0&RR#ox?4ZM_lzQyW($O
zN8|yABVs$)o?&{5Viyym*(wv@O~Hx4?SQTbRp`U#22n!-4v!&*n7kSzJU+sYC>6<m
z^t<m$ZK9jR1?N2WA0=0d;HT`7q+A|t3fX<BWX(S)h0gVy5*&Tm1lRD(d_CZWw;UB0
zN#Y~=Ht4tG{R*0kI*JQwStjrdSaOOOtu<S%)yF3C=kb6B)xLj%<esNAYAa4hqv)d5
zGtc-&2+XnAN0l0ohRCK#zxeV3eWRGrsd$&`%avWLws-|`!N;_QcAF(2&#5S<B!Z92
ztJhl`A<?zJ0PU}bsXmZE{!v{jm*?5M`ES`NR<c<;dWQ0S?#EC>L)q(&qC6mT54|An
zh3|-=_H{z*aGwTL`<MbidS7Q#@AI`IRqxZrEE~xLIh1IaRlT3n7(s_Wt@5L;raUv5
zDfy^TVSZJX#^O9k@7jB0t3*pYCr#lT3;b}k*wS1ohF)Xp6WR>;(Z~3akG>z6x|)1I
z>Z@P9=N~rJ25Q=HwBZT`WoZ98q7AwcGnar??QI9x3_ICQ7ieN$%D-4hvmto?qLmzJ
z^Dwn@?q>K_snw3pN@MGtG1pk_m$N9#ruNGZ$zR4y#vt?L!KCAB8=p(#cg0$Pc>!>9
z?OG!qf4oGrNBaa_6M^!ol7<$ff|@10#DdK%$4BulEqD^t4s|R#{sgKY?xA1F-)zyo
z|Jw3qS$o`h+W~rnlk;^(AcaP$|G>O~mEYOL=VW^X?+Zl3x0%v@<BtmXQDU<_Dd&x<
zE6Xc|X&>aJ^!f-k7A!yB$hA?gwO_Y0S`o+Z8-eVPN0VqnM`S+}$1~Qi*%zhJpOwo?
zY`}Hq*5dgy`G=8K3h`R2yPUc0E+ik<I&H%n$f&E?^lf=|yfDe-ci7}Pc6;7<oVG|6
zmZre8r_yyD)<4j&GK!g`d?A__=A-L!mR9su8kW4t3TzR6SA$m-NOY=z_<Y9|_4!h;
zvrydRKif$R%FYH+n6MT8YmkMB5uQQT%dTu^P!&d=NBC?9o6VBt2d1BK51YXZVZ$Px
z*-EQjL0MtFW1Co63cIg^sD3~{wWSSNwx+VY#ddEdHeRfC{Z%^UYF%gMc`_K8nMr7&
zb_&+nlxk;qT(&OVhLsJng-)r)2;Sf7e=gny3k>u@j~o@|9iB+HGxb{8FLy@u0r+dw
zFL%bA!FsJoBZs|(+FLBwt@hXVx*BN+7HYrc51)mH6_$MIiS&t#3honV9!r0f3}}<$
zj~=4y8#>EUtbC(&J;6<1$q(rhx_L;C9cLuUw9RqK)?V)sN6KdD38c(o!g8AQ3rX6!
z6Ir$dg7(A-M$rE8ZdY5v{T$E7Lq<2XNK_|jN@xsnx+O!E`teVe0y7cSQDVWj@`6*c
zt9iv}It*L2x39#w?{6&WdO)^Q>QT0@+)`QgWc$#`4EWalSR^_Q)rZJKZ|ZOi_n@=r
zK7&whU!0aWAD9dR<A^p9nC1<&YiBTT>cd(i`#UDDeRgTl)R0Mi7n4aBf=oIzxlDR-
znR~W&{_8Ymt98an-t9>^jcFW)XnHq_rf%g&kWItdEoy7DjJTRr^7fgM_tU8$dA}6r
z-*au#<b1pDGT5Jdo~)zCak88=O?KM7$i$r5JI|z3;<S2g?9)5r+=GmKOP^6Lg;tE0
zC{0~*gRlXPoM^Aw^>6`DQ)OG|aE8C8vfb&bEz8nD5l+!T3a(dnYvTqwY=~=<Ks68S
z@=D4M|A7otu*WHT=!S7C7LU6Dp#?bpvff*r>Qw3qwz-z{^cJeu&O@A=+rvSnpj4i-
zn{Xw%Rl#X(HvSgXsd!@`3gw#vO`!URj2CMY<0sCGAw4y)U#J=hN7sKOL-a?}geL~l
zIo=@#yUeRc=ikxqiS|9wBd|`O7EjVeYP351p`De(RmUpdNI=%cpXSE3CbzJmE4FM$
zE$hORw@v*S?2@vLME+_t%_*k|zsl7~S<1OGwZs#w02Hecs=B10*~mb%dxF;kmhF_3
zj`|`|X$I*^snOP@5RilbIwyu7`S<<Hmj1u9Tl;s#`X3d%AF#MEPf|VsWx-$V;0l9V
z>6r!EV;1S|<;sdIXBd~3(At^U8Z~DRwcby>tQm0N`Fz3wp{kA^)yWG^OGqpV8qj1S
zyBZ$tPM6^Ov^RRNmH{mLLXM%7!31Rn;QSM{j&N>DIeSOU=)0Gm$mm;6p40RDTmf7!
zBHJ7En@OBN99-U?;oua!z(kOZ1!BSvy<2?<PJM_hx&XFmS;{F-a3#QO3rlCGoW=8t
z=DA*Oz<06Tc1anl_iB?nK6oFa1yMH~lLebOOay?5U|4Ger@mDTj_9&!5S0-_GX7rI
zG&r-<ZB$0=etd!T&3iXQSrkr9PP(nQ2?j@%59k1#dQ|u}X*WE93ZG_@fR)a03Fb#l
z)^>2)wxg)6VX_CU6UmA4Ia4P$Y3F~AUmT>5#^Ul3Na0@5D4*6Km{wf8#r3=v#%HQ~
z4qa@_2~@9?gN0|13P#=YM0FhKqFN&fmc0C<lPBN$?fGc5(Jic;G^avnO<VidLADCF
zuzS)Rx9h$c?)phHa0stiOXB96YS*%G>SoI55*BQ>MEY;$1IzKZI+qB=#}$n;Gu$ZD
zJTr=q`y**fL9ROQR+>X6QpI40*4jaq;<`YcOQ$*oe=E|!4R(->o@_+qjRNJT-14Zw
zVDUlyB~*7yCqmn+0Qbv;4MpWuO~R8Yj9}n(Uk>~Pss`-}LjJQ(VRbvI`Q~Ku6P_U@
zm3LW%rQs<fy%;r;dZMdGjg|pSK0FK_suPD}4eqJK(G!}k%kaC7<mj<STZ;mQQWv(z
zjp-0pV=hb82_t6F8IO(lZ7UyfH<pzugZIc`wId)bki!Bo>(7)k+8x({+<!v(0>s+?
zL)^E=H&JDeXPT6zrF6o(B5IMSR8XiQHaw((6lNfS`UDXb7e&|gfsi05&|(^83=w?b
z`dnAn_j_Fz6%`vwTZ%#f6;R&DW5UQ=+EUu)ch0$Yl1W;+`uXmDet#(G%$;-3J@?*o
z&pG!z3QG2|k6+V2exA8OBc@FUDLHin7Eu%<FW})$7uG+&fo=p~Bf6Ca<*>MLYBM44
z?Tv`n{mQ$lbitzdX*|oJh2bC(^mi@{08KAL46mg@t#mpziBG)7j5`SZF*o}n3%_`p
zH0Rp9L)?FfCTM1Nn45yq+S%u^c~NHO1ZsV~wc&U<ofN;M-gP4kwvw87&!r`UXI2+t
zMaR__n#jNM&B$v_G$BJq=FdxwmMJ3#I&ru7Yb-8DGi<Gj$O35KQjVdiok$*;-o&W_
z_(k?mT1A@VofLN@1Gl>5TId?L2A1}NRdxuSjvY;`Wu~#^wbvxJyaLBAHYMBBX@4pw
z@NOr89yU%7k<mlzsQa7X_$S834<d+i%)dJgmJtrAz>2kf86BQ#BszSksI)U<_6_O}
zgatjnK|6WKsKowcrCqE)6nyI^V1G_!))_h^q4;OD7whl?-l6WFRt(3`#z?8k@_Qwo
z_imJ5-RNlX1E?yQJbZV^=r}$Z9G`BO-@8ujK*}txQ*j|nzFMcgGb$C;Xp+&Jq*P3H
z`UGY@{u+-v&5>98wr-VkDW}wjr+yzrUoiikdf0<YT*||MU)ZJedj!A#nt%VEDNdS>
zz&H97mL8hjnd5SPAueA1zOv4x99DhTrkYr}M{!{>p0a_x-VB#=#2Nje6wWr7RWh%<
zZGk?;!VSThnWF2YEA$ZEPEH~nXC<P9-Uxq=;<7v?rGxa<84g01a*y8{xrK}lCcFhg
zKTEvcRQn%*HC0HVigkFAr)G^xjaT<c2%&7%AL4snDkpf6vvw7Vv)&G99}iR)caD4l
z$Ae4RO)84`#Ovsp3`cL?A$KTs;R-wphuXES)0SX+3GH3gl4GqHnoAzcd+Xm8++yJY
zw_}L-sGVdtl}z|Sx5XkM%X@4uUVVr9S>&mi3*ACEy4xA_0L5JvYk0SL!6{s;qW>9^
zyPONV%h4)n7<=|A3v_WV6tzF$H=!<T@gQ5!z+OjDl-dAq;S)JH*J9;)tSsc(UnM!r
z;-jxqF5f~^D6;~Of7Tl+Uof`!zwQfAenu#(oeR?diYIs>r;ZrNisE*s+6o+7=w2{%
zAC7gej22{nRl4!(^~eHFlOfRuUtebdZkgf^PElolW3jjxV_UfE9@RIc0nfOQ(%KC(
z6~ONvUzq8)DaSM;3;r?LzDOnO;!h-K38$pG4HEp{9|pl~x3~yR;r`VroN^dhNraO_
z#VLgg?-ZoqWte!Zy6f2{k8l96P2og%>#M#dBjVjL)T9u{?BrukHH>+nK4vEyb813<
zCgb>t-{O*rub4&akb@Qq+|#~U4c?Y&0u=0k0!vO-6<N{5EpVsQLw}~X?c#5Z9o!EM
zwU?C*%BF&nbtTS)S7IugXw`xS)KQf+;-h=9!ER->vZiDWyzh>wV&VNMdLI@a&A@@~
zX#>Fd%>-bLvQBSs&;VhB_~>}*0T!sTl64_55YjMg0V>gh`+-uC*YTt|b2lF~Gblun
zIaBCjpQ=v)+{%P+2&}Riwi%)BMl(a=)o&~ES8V??wGk9;rN)22%;i&O@CM*f4S}fm
z#5$Zo*!Fl!JAn9kr707+U@!|?$<bBD58)$eYE*VKilL<@7Wn}uZb5COAd7`jkFpQ_
zrbhVZ_P3aQt6(S2y45WlnO0?LkAhZ8usd5&Gy5qU7FsI{gdX^mrw+aXrBjFb!4ht(
zyW`eWQ)GHHPQ-$R1Arianoh)7Uuyd#^aQ8&SKNx{#u4p_B<d__ai47<5Hh|=<Qi6$
zaH(B~fyDdp>e?L|w)l&_ro64%?IVMh3(;N~vQ*$E6~8WXh5D5_{S~q^e5f6}t6ofU
zW2QZnNgGJ~x;m6u?GMZ0NIOZ`f?hi)ij*hhr$QHb$3C(2d-#Jcz|r^PK~<h=dCV=;
zM|WYr(5Jxq3|Y$jn7Ro%bYEzd{MCY#*vn6n08;X|+FNJ%PQOZjjK4Rx3OATe24H9_
ze5<VXuNIO((4oX3q_*0FC2~GpF&J*_jSDu(-yj3Tqd;wOW?or2-O&YV=l{kW7q~N@
zB)V!auJ*`_nC%^O%kX|nUNo;v%TD%J_gC2@N3-`c|6B(w!=sY0-W9YsoG^w$z;ZO8
z=>$BTfT%2#fspUO^6&1T1QZWDfu7K+dNdH!2^4h#N!>!3TUf2V)$;x*o(8-7q-HvN
zKz7TVgx(ch?BwKxMU9j5kp<g1zoH+y=#f)cx_7pfiym1dZ|qm^7?)~tDys^WX*q>~
zy}<m4uNtH>F@SY;3YC4Z`Y<Cp3MsoPPDWAHKHEiBYs$cIOno<%V#yzkpsW58-n4K7
zYl>;k3(zpu2{@5UIjCm-n_l?7(z+r8#<qVJn&{CxWRLPUw)fdFYgNhYBGc!jATHrn
zQ#A5oDrdYu(eBPGi+H149FC7)smiP6h;<~yyiQ;?pEHV#1C5asKBPw&4J24a3%2(S
z9wf)894wI;MoBBp-@qxc*84uGn2AfQb$`9tyxxrsC+$xYai%c4F0UfsFXL4&VVCDs
z!`6TM->~&J<{e6~w<<p>-zH#u4#T(`$2dE2ybS+mK|%7@_YfbOha?DtP_!6M^XP6a
zf{OklCQ@H<Er<*Ek+O^H;bT;O1DGQuGS*D?#K2bXB>!o__Yg{n**HCGqKz=6M{vS}
zbO~@wP3s6E2JUQ_Q3QZaj1j9D<MRohyp8I0M}fEg#NS_p@70u;NG$pn3kG}wf{st*
zMT#WMlHqW`lsNw5LQF-EP%ETC?i$B>@rkq)ee`!-1p>U@*Ow?H&85)gy?n7}OXU8C
z!u9iIs7Kz4uQBu44Jlk!aw&VzXgI%_W9>hkA_k_DSE$7vMEBL%nP_zmRb;V{5X#?-
zxgkIdL8eRPjObnoCIGW3gFfe~Do7)q!CVT+WgKsFO>~0?e_ltq%L?qy;3&Mrn@qL8
z8Qu4**EA#D59oBqd_#TIkjPS3JSniy6hMv83C&gm)$_As>7dW!sR(JYX&qwEd-4PY
zeN?j}H8zKlM?o}*(@P!2=!I(#nNo=ySS1Gf;FKx5II|vD=C72)hugV?{XiF(aQ_cT
znSu5oR=#4ynzD*LaxQ43gZXawd|^8&T1oxvQHzGBvZTv=>P#rgg-w{qnoaDjfCy2H
zu#f_)S>+SHKxi2(K7~?E8JtS6Flg!`Uo?`K2%V9bwy+!KsESs`rL@_U98dBOt8BOm
zYrMsMqkB~q)Uz2YQ1RbN*cfYD)I<13tOU?i;Ve_+nP#$yXqk+#?_QZ|!lF!UR&?*=
zj>JTaB_g2zQPlq#tJZ#po%B(ED$6oyWm;b};Lm$-Llo-?Y3J}esy^!AD^n@d>6-7d
znE&T1>;elO4d;(G!=o1G3#-rd9V;p1L`i3}`r);dLj#kTl)gt36M<7fTs9KZX-t8`
zaY*JPzKNJlqoerPu=co?Iz0PNgKdp`Xwlb~Tf-)`r#$J%{6GY<*ja7&Y3+HY3Cf=3
z_@FTwIhp~g#;FuvzPN0xP_jG6+uvVy!e8Gw^CI#brr0-s=TzhdsMm`N(^EOqu-GFV
zQgwLh`*$^B;vg3$omiQeM<i0luGR3)bm=W@A2osk2LhF{dV}iUE!6##7uJds#$XW_
zP0K**8d}z{GwoKS=+dIvsJ|X~#7)RHV{Qrv`XC2wqUh<}@o|PLFjK|>Re7i>8Zl+y
zTlyfKe=wcl!bnt|VkFVCOMygd(_^1(x|yAX-{WOLK75BC$ry(e`$i0$4XCNV?uIYB
znPXp0W?z<?5j*IOEcwZ^wkVz1F!`iWJSqRaC+~SLo*66Ra4j6}duGO%*eKS)DDtY2
z@h%O=N3-Q4z$t1?>K7<|3-o(}trkmswcMR<B*kCegpXHRV;u)4vyLw_vjMSWYdqa$
zUYLP+LNJ2({5b$ooZLT*yE7lR0$>aa7Qq_mdJ6zkZ+{hF42h%R;%K~=Vwl8(3EeK(
z44+tA8TO}EGT&0Cv2iE%xeLgxmb?T2s?u7Y?NNwT^G;~tWXiDG(Nl{xT8+|2Y>~e4
zkcH4aNHcpt-FLhz-PT`#V+}r_Vr>j}&`AmZf$so+Hy5)n@K9i*>&J7C_2Dp|T%Q#m
zty|fxehi#AGA4lr9dIFA(u|KDdLAAfYlrpZUxr@?@YfBm!LRM@Os3YcKQISz@eW{k
z;OUBZWb6AW8IL}Q$4WlZzE!}ou_~V0QEiN(bnBv!Ahd25-()grHnsjhW0X5)d@zYk
z>kqix-R)Xi&6997=e08qY4lcjbZ$G=;R~~1yFbHm9KdnBqb3Q*+t)V&W5*^ryvc~<
zCeHPQmip()ECPHR{2Tc^m6a|$pk6jyH*L<&#lJV^fmBq1yqoiDe=70ozrAPR*C0gC
zPUUhHu)*+#h<}$*w<T|NtY;;xPJEhmyz6pi+#H;WXK*HPWmv~Evq?Ui^A!e%RI2ZT
zECwjd`BZxyv?q-NZb>!!hYaQ-4s*Z72s4er3}cHmLsRjB*!N|G!i^X}BYN+=$Ur$c
zs23AJoy|a1G4wic^uCFtp!!&*smTCAC4}>mK|FF9gDAI#97e;amvH3DBA+zJkVCDK
z2r1QVkqo3n(2JgBpr7HO51U&7{Ta>Q5C;06kqON$$BnQGI4p_7daX5Bgyy3|bTr$y
z0t-O-o@Ah!@))QI<}=f<dZ<oAG^`;F@yl}l<vI8zsEr9cZf<V;0FAE!6Yq2(eOmlo
zWH%jp6j6SigI)RDgqJXxcC8v4-pc#<BBf;?*13I+f=0ZTi{E0soX>h$6L~n^%ink}
zCqZO{ui<pZF{*U~SU*>{+Rvp)M?}1<S6*gaeMa9GS4C{`t}f?YJ>JM{INEA#8R9)1
z5L)Z$V#6UE??rxw^>Q`q<=e=+Ladjy`K%XvLN6EbUKX^{i)C(K<B=Qh=9*VoHwXK3
zx{Zu?v+PRN&DVIp8>ibh{aHU~iAK(<++**e8P-`uy<}5kGzd@WyyzdlYl#VYGdqgQ
z`oKvvyFC}~wCp_0XbqiSJvfyzAK)E{i-Jvds`EzGVtoHgbl&YciLPGI@~tnK^`UdZ
zc3JQPu-HeWsfW0zxZoC)$ErwFJgD|w2g=87bQf|!t-Tacn}1!a3)yf`8~E8@8MVHm
zFN>?SY)-1+AV#XE8rVYqjt%DZe!MP^G0`38{1e$Hfg>jYrAZAjq4g+#?y807BjV4u
z@Gkl{@KsFbV(AON;b3$Gd%q5&5AiQ*c^S*5Q+)o|7thujzqlH>U}R!6*3ARF`v`Vl
zek%6-9R@5gst%sNcPd_8SnH|RfYUnZ^@1tK8B<(d{f3=m&ws<Tl)R_AnY7Mab-Dfi
zCYs=$Psg;G2Y9>mr@NUF@1v+34iC@8%fIVg;<Eh0(kPj|@b<GirtIA5QkvDwd=}*v
zC{qs4&cQ3YN$cX5(+%<HfyiaRFJc}^<XmvFFfXcob|!xW33Dr9Q68pBO&!%7#lTvZ
zvvxE}Da%pLE-6lF&&mjbfF()fC58EEM!~kg>vMj2JCa{s4&mq*vX*MiO~z)T{}pD{
z!J&!^mzrWu2``(N1bAycUcBOd`G7yU_hRDR;zG>GBV#}wS=MH)G}C%`)Wq-Ho8wLu
zkw5oEAIU4)y=8E1!KhKywY>)P;I0>q>}y&vkasY-F_qT?8~|^%d>|R8{8NK;%FjL@
z)%(NhuI~~luXp%)e@=Pbts_<zYTLFNS{3b{)crA&^S6A@l3S^JU1T!F3I552hPWSf
zo1&Lhy(h<7p3I8;Y$?mZ+N(j%yO0<ic{lIUE~kuWvH5l>yD2FqWi<q`>?9?D4Xbv6
z`EQk?{XiOG7X6=clbbtqmrz)`cTP{IxXfcx)`a(@IsL0joasN5R?nV>cNDTxLDs0(
zP0YeV{s^qbn2fPf`<Mw9D0a)o#Ms1uj~Ep`+RAvHSb7~@4m>;st*!msN;B}ZS6(?8
zW%*c;&Fxngr!Zfs3DBcc`2jlhE!OhbWc;F`%!)oJaUZ?QxsTpw$IU1{h^76|a+2YU
ze&<rA7P-l!(I+8rRXfzeRZsi*jPcF0Wo2zF+X-eTEXC66h03o^|K2nw%i<YEvx94h
zeSvRu-XSi@u1Y6K_Wf6lmWNs=Dn;Wd=fnU?OaxnNty@_m1}4KXtnS$e1Dt?YxBkWy
z-vj_JlcB*Al1}(foqn*81HY32Pcs77!L3ny9&O~&jTB{SwCF@WPP3R;OZ9?@jZ{gR
zTggu)wH)<hG%7A@Us^3LT#sr(wA^5Uh#Z1P80u4QiCj*q5)23g^*@s>ls>9wA4R&P
z#U2exqenyrv9vQSVIAqmmcY=Tw8q+A#o9*BjXxTn@cG9k<L9eE;D}sfWjP4^<<`i4
z>b5g_M7lYsX=$js&o|?H1|(3OY6NmENa>LdR!sGMAGWgaR?8Avg`PzfFg_{{o>PaZ
z^pQK$VyJK+MYJ7a_<~#+c`Z#RB5!l3+1O@a2-?iosq0p1FayTUVYQe6L#cq18Pm|g
z_U%m;>KOtX<>T=wNaq9Z1^=p*KY=RgZ#4U^bq2>z3|$>{DibE+^<NKo>x_<`99uH#
z)=$hPbcq{HE^+fpnM>U0iG_~)i=0)X$t6w<>>=f`JhF}Hm6TG9E;4_uGc!I@##)rj
z!xQD-^v6B+e9Qym0FHpn{O|Y>cvZf7=Nlv$slz`x8AZb`{M@^VvyF$^@q^%inp0Cp
zr84iNP7h&*oR^0q@7&Caf2lR)jl^{-)xu9WBO1ax8Gx(4|MiV@PlYLfT)`<8N)t#K
zH-NvaGn?pgXg^9@*KcJ0hB@kspJl}WprJcoJ!=L`%`d6wYPy!rj{WMOW<KgQsWfU}
zULGalX6asP)U;t_jq{DgvNqGiVk&o!iCZZ95}KNQ9{LWMUw3+y*yV+vG;(x)od(+a
zG*ob_D$w#E`zx~D?373V=#2p+2x6%KdQZt*dx6P2oI!eOcULO=nU8jrzLfWv3@c-j
z3@h*6i^dEN<xAjCwIc+osSIoO>{J$NArT4~6(Z?~qc_9&x6!zluz|ihcxL{T6Ez!J
zKGjCcX@bR+z(?1>T&M#M;`FZKOCx1SEiJQ~DD(U6m<i_|yuQGj5cu>iJVB?Q5bt-{
zCt{(@yTp!eyX}NnY_apCSa?4dfr&NXv@UXHoH{idv46ddmVFY&`EwgB*EJbimbB6G
z(}b4G+GzPgLd%|QQ2FD8mQS?-^I4O{&@#V`mcJ%YX})^qmMICnf7(XN?1Yv-gQgR4
zr5LB}qNmXWhPK|Vk;N&vajSrxqBr9@b!$D}x?&33G0FzRS?9ql_VvV}eVyX~-<%Hs
zcO{%*-<O~XTu21ILg$8`kj=AP*>DDc*CW8i2>>5KfOC@o-m3$=trdV`=~tlLL|(7Q
z<RS5IPU+uVBIqNGU|6TI&5wGU^jMn&z{3&n;|YK_seji$`hkS&a^u*}Mw8k`GO6hU
zT7YJ4ytQfhYS|0$YDp4KP6pmPhv9?q5r$LN*qJR3Y3>40BV_}>@x$K^BiM^;8QAk%
z%!fVxnXjyo1#Oc1hVfb~-bSc|Haqkx5Xp;jYJ-`@oW)pUk&!ia`I3$*b?85{OpG62
z2EVk$pvVk+fhjUMsK_kFOOp52qat&~=ogre{&U|P<EO#7kyMkG%hivfnC>d6`##pe
zZvB{Pr87%oabr1ZC4YE}@!^wGm`W?-LwfR!+9JLw7Qf{Gbqb3)7yGdAHnGnl``_{3
zT(^AyhI{6S%PvJrNh)Z4SZ*CHA01*F0xz6@#8ik*<u_;UDwkv5{09p2YQ;YIVIKs6
z{8;RWM)fN7q?4;JTTQ%P$VjW4Tct!?xx4+RZ1ex(f4FByanaXY%Nw<ick@2V>q4U|
zcb`19hH{P=IxK!lnz~&Q%3JRfkAV43^5vEs<!;e+RJ#p+Ym+h1aUzS?WYUn$#G+fL
zhTWmtEd}z_Dj=VwpcSy7#i<wLP(oDDc%_uPMlxS(1+Z?%E=ngt@n}<Gaaf7*Lla4V
z#8h?a>w}uvSr=8GhoAZtA68FhZZ^<&$?R(>0b@QMb(C_r4<)%|smh(u#DexMEG{gq
zV9DE~VqxB)yhETBQ%t9Jfm`uWqFF0uGQ$(piq3vhSA*O!QFhdbp|dE*lh>Y)NiZ>a
zlJ7e`CuNb8TOoa3ucw7~REVXYlZEeBtnMNE8?nN#<X?~Z-eIvHlN`szM;}AcUf9Lb
zt4pAw0q&Am8p6LqL&<woy=X0lkd=>92L2)i4q=|WqWM`oh8cu6(|0vdPoUNvgb}dN
z#y6M22f}tXhMsmB2TB5x6ta|4Dk-8yoC=X{q?K+!Odg?%(aO3QGJ%=o+GXs%cmdk3
zKvUd<9*v((#}W$E2XyApynn_<`6PQ_*k>Q3|JM-m;9ZG+D>e84>+Cr+-+n4uK(kn6
z@)jcRz*K_jkTLOt@VMGxGbp?x@j9P6^8GcbBO?&smoXr<vJuGYjXZ`EH1qcGh5F#X
zk-o_JCK|1Op<z2t_cE!g8*8GPMN47ju=#hX>WF`{j7S+J#{5o(^}FEL&uM$2y%G&k
zjVv^>PTg`j^F*?N&g-%ZZ(F@%Wh%oFlygev!03m*o#V@=m#A=K*$n^C1sT2zkoN`$
z+A*mUT0x}+tFQ+H6Ta#qG-}PYqYg5RnTOToA2RiWPD3j3LLm023#d{=mHNfjCTft$
zeN?O^vj>~R(#u5Vnv%^5kC3a;ZguVmY&0334w;NQ>-nyDkv7*pThBiNJ90MusA5^n
z*__9Fm6V_0{88`N(ip2J)BsC?s+p_fFQTMVln)lc`~Hb*I@|5|1<>zGYXy_$ALY7$
zR8>*3;$hak)|tmYkbfn#FBQ?U0O+UtG+D2^;dUJHZih8|W*?7laJkg|4UVRNJ8NNb
za(vxrK}o>^;xFDizC`~dZAJnqpZyaS(*Tuc?j%Nj-!+9~CRc}kfYkSnj1ktGA0w*r
zGftz;qwG>oj>G^%EEj{FX=f!s&%UWKDlXfCoT`ih%MtKDE+tEQF}jA#JD1O#+c7|V
zw0jpAIV~P;LAj_4Sx{bHk`Q!d=-{&*Ox?=HE7r%yAg`PZ+=1+Bjw{7SKk8{B)hWAn
zB_;=izc4Lu<O}$L<#n3RF=3Jdz-&555Q*M(cWK?wM?DKmwnocwR;P=lYtJ#_yE;7q
z-v>7XuJ0^PFeTwch=Ds&lUDFY3W!mEf~R_mWhqH5I?RL?7)q|UIGNl+L+$oByBAW&
zUCP}^zGxR){OCSNRZ@1V=RMmPErgFPapd1>Z!(PtWj3MPlpf~rS$h_3&<+QUM5N*<
z$axMArLZi(C0h_nwPvPtXRB{cXlIISgFkgNUr0vNg=qfOFpzL^i%t(iixq|zyOLVu
zRjXI6fHo=Cc$*E$P~5Yi#X19&4(6m57h{VIbG*fs$t~(pxF2X}F*CWvql=)$bVG~k
z<Q4-#j*V0rTI^45@tP0K5{4F+Sdv;yM?5aJ#9K(oEpGV)S`->u+@IXyt2xl(9z%=A
zEiI_3eg$ndwPQ=DZ(s8AfCX|FrKs1xdoJla6p6CcLueXXn)FKfN!|BAV-#<?EQaWr
z9qm~3OgC6op-fY_{=B@^EEMFC=Nl=MfQ2Y@qez0vSR?^Z0p05oJ1EsVNDTgX<asm3
zJ?Mc9gBYlIAOpq&X}gnP<+p<DH3nose9|9JCc_x+jmW{%ylikB(9St60gW>N8Wsnl
zgd=YP08C#wQ7r9A9uThWrpN`UEohnUYY8>qh#n{6T`Uqwry>jVsEh@Ah>wne2HLJ9
z=<j*sgfv7BJ+ek<laL<>tq^kjyq1`Ll-d$gl3?4y^zT9|n7;aWOXxFn=+1?s1leDi
z61kzF#k6b*;D;bDhB7I>K>zrLRL<v)JH?Lld3vOK%g;}h#6M3pe14_=`3e2=)X0`o
zEj}MJvnAR+jYNUHAcgCPOL?nx`uxrGALxV4TF__1!>!Jwf4zmpLuJVdALL~%vAq2g
z{;@Q*z=-LmmKMu*rG-blWkvSaw*a(tR;wG+|B;S`Q{l9FzdpA9N1>4?I2YFcH7V?9
zO=Lcuh1QtQbhNqKgyaq54#Ah|<!_Sh7>%Xp$id;k2UV(1>JAo=t#mn3NS!|s?O=y6
zIjcnurn!T6sj|PRSX|sA<^L4>b{(n`o!r7P3V_?d0^lOzqH@6)0H>K*09=+Fnx9g*
z@IFBfUWqBDSMTV7B?@pk%gP~^<JwqsZ6;ofuQjzk?jdg={k?d`!(ivYc%m?#YoM!8
zCXHu#d<)FTUCz#Z8d1;XX7&dTNyL9mw&iS0Kbx2w5FG9nj!ShLC7}URp}8Fm;-WfC
zj8UDUFPIn1`huZB%@?HL0KBI-u^k76#imkPj_B1|Oz|}A(Y06MWd%wz@iKCUQ(ADu
z$5!ANQI5f+u}qmzKN)8+X;&t-ym<w!0w;*37Sz2%FPTl0%9|88Cbi4sEhyAPde*YV
zY{jdGXL3o>G0LHj+R;&=_GGLT3jQ!bs+yN-ikK)iRFA_OL~(eP@i@HHQ;C6kEgC#|
ziiOzev4Gtq3I?o{SQ7~y%>&qGXB$A4vR=+~k`BbwX1}!Y{d@lj%YhC5p}_+U2@#Fm
z*dXG*@=r8SMB^FXf56_Kxq~X!!I@8{&Zqwaiv3R~hD5f)Uvsd@t~NRu$Y9W>V77o?
z`m>A$E!K9$30O7fHMJq&G$62F5@P}upI|Wov(<~A%rZqvP8il^{e{$3lGy%;{2TOf
zM#5h5+kYUe+(<(Tp>C|~Owb!1T!Z@6J$4C;kj_qu7dn#AblVzMjdB1l?(|({Q`D(c
z`M)AtW4f;^mIr%|j6?BYhW>@6QQwWIPlwPNg4GxJ-fZg5G-?h}4FNbU2(03!>NZ0i
zK14`&s)rYYBK#U?(FN&Z04;5Fm6$L+S@_gHtbH}Ho_jkPS<jz4abrPbMzZQwT4PW-
z|LSO=a!$xFs+@ObaFz46j3hXjMmQhkn@psiaYKpv;n`%UM=OHW;}~ccAKfap)YlG+
zy1o_~B`i429`*)|7m_-jjT!Mr;s7Y?V>xQ*ks-+g@~<->a$zze7qmd+`Bo5lzcoZW
ziHO{rgh&gexM8gUk(aM*LD`CQBV~U~=aj8UPu3@m16rCqpzC@h4@hifK<BqMpk9ds
zawZMPkvyOqjRU&p$|OX-Ju4ZJwOK6@*_G7_B7+kVnUsXcHOYwl{W}99BL^iRGNJ_{
z!B!CYTWg5in25-nBt#xaMr5-Qk-_;brubc}af+8)`4oR@O@ec)5zaL&m&(NnOJ%UW
zR0bw5mCwF4z*%!e5@B+)lL_-hhn9r-u0tz?Ic7;9Ovfa`q$d;RT;qUlYe|@12?NU0
z2h=xtK%<NUawO06#O}!h>fg$MMzl7d^@#&IYDpZBnrwautuY{CyQ0N_wkHhekUpRT
z6r%GB#f{xdkxe@zQ#k9SBk<&TEyc5+FdQp%#fS6zGSk;`+==RW|E9aRD*dVY?v>m$
zrY>2Fah@!w&lc7wTAz-?2P5v#^eE9MKG?w5AbI$Andz#J#MtNDp`rey`!=NKtlrYp
z_7bDx%sfgvS8ieEG`HjQjBSzo(z)kzt=f+bB>usSnzm%XS)YRZ_WMzO`b;P%;yWT}
zPB6&K?1pjdh;tUlc}oO$;Ta^DS>J01_;7AMmxiN#_y>^urd1@lJ)ZE(3AX3dyfm4Z
zJ0rcUF=FmKhkDmr&)9e-acI_ZZT}y@@XgjREa&w~0Y5i-&?c+#GrLnZfO2b`iW?)|
zv^F*SSvA^TK9<gGEZXaT0MEzHxI+Kf`drs8M$$z+|Cj6YNUMZx1>ayYzE&f?=f?5f
zb~YEo|0np`PXAZ%y)QMs|Nl6?#Q%Dv>T<C)#y<nkgMR1VV-D{zhb-GubhE|GS+EX6
zz@Ev{Fiuc5@x&$$974guJgRUS&qFVXuA@>g4T~sF{TZvehW<$|S;y4HfNW$0+OFy_
zDPqa$64yc@d>E(}UJxa!?RSSBV2X<NT0A$*pd^Loz9`ELQ>$Lm>Nxt=@^Pg6cgGPi
zvvE{GuaSo=|HX0KaaL>NzzBx_#W;HLaYUh4N{sbi8^_Dpt&O9y_J6akZcJh0xDv;4
zFy+5Ejvu?XHjWxLj{oi;o)Op}W&r6T7yLH|VQX~|&R_mFlkuI2jpJSDHG<`&|7+ur
zy0tcr&aG~8(T{;GXBf*vzjG{$o<$fN(UW9ubq~xNO<6D~Z>ye?zn-P!uU7{@lWFn<
z4zUWJm%tzB)06C(Q2slJK`HUhOpl8>J&qaak<H3~VTIVpgDhAKDb}qkD~N^1PqLY(
z)6urfJXpyTdm%72UCs>Vx;DY&A2onk*any#ZGu^81mkQ2OwO^kz*vqMz%+C|GnhZM
z31*ZL%)i<IGw^s@V6u-Jz}(XYm=$e;d5yp%TKyI@=~lmi^Ri5l8JN873hi<&PwTH;
zqV?5swTrY1wB9UZhjunoW2(zw!{U{ZmZ4d-b_Q1;eSMYsO{k~o>wY$^`w>rOnzVbh
zyR>QA?b@HTDcUXCWNnf*QM*CAPP;}c(#D~4&E(5BL^YQlcc-3{-xSsIwVX3yq@AU8
z*SfN(JNh7VVU|ft;~3#KyB4=u<r3z5^u$fwOxk(8@ocsKkS6X>aKRAf+j#FyF^9)&
z)y5xAG(Oy#!(0eQ-h??xOnUenCK#3+pcQsc!4Qklx-ZFEN?6nN`TNK};}J<%AKisM
zP1kK`idLGf=;OgJ;a)UcQZDQ)Q8u@7gN=ATy8(r7v*Fta7G%Lc9^M!O6u&m!MzB^d
zG*kKl3A0?TQy-{lic&7+N-CODUo0-BK7(me?iR^kmgROF6&EdpN0sIbDfDoPYvD`*
zxE?xUys@f>$t|1!!7?S%z<b{PgWfaeqzWZij0E}ntG`bkBJ=M$^ANElJsV<I`Zirs
zMhehpdgM_KbNi13b0IxW(PrSYIWbZu-tzmq6Fv*uYZ5lQ4A4an*g93B4>~Z|soEv@
zY*kGR*%tSs{$Cm13)|ys@_V!K0vn+#KEjz*enDT{5f;?{-yr>e#zf|eoB7N!N}BS_
z*SK$+C8dUvhVPJ+Z`HqxsU`|w{E1xr%HzxC(Q4d@&)~f^v^Xvs`i%UXjbX%Wn<Eib
zBBJ5erd=~#Cg@~lRE`}B7)GS+J=5D7dfV0<)$!Df2h{Lasiq}y_dOmy`Wu!F0)qC=
zWRW+H%V*7VR<>*J434%qD@O@7JX4tnF-G@vqKdW+dDZH=7gzueFoJ6rm`&f9Y5eT+
z42Ym+4YZgraiWW*VT_%Z<!7=KyrLbDDG4I-&H-6S?<08kMpY|WYQ!G!RQssa_`W_E
zLt<q~hG^QF)NRvG!s$Da0+rUoZ+GyneDtAZ1=*?ANwYek6OT!{2V@Fy*}O?^1<g~n
z>Jyz!`lXH4?Z^=yMNglxSaKK>Kzi^Fn;1I3!|rTmci5SBIl79k#a{dpm!5Ik7kNwV
zp)&#RMDC*C@^aZ>v5SvhXlAz%IpVT{Nt`LYlR^$|?z<Bl+=klK!>~sZ?r~42usjM<
z?oX0G3>@N=xadF%a)?fhLp-eCxBAPFL!2fKA=4Eqz`JiV?kZc$t+@*2*06RPwUVG!
zq`m&lnB7ejBn)d{d@-zn6j}qdR9M4<{=mkN%}8UOg?;wRPkL9pi{ccv`!UGvbAbcj
zzDaKt=a!EQW8Cu0JL){{9s&UR{TKtlncC+6z|@vAriLFM0rE!nm^d!s&B>q^wFzq0
zOl=>1c-PPLA!mZDmH|F5+ltRS9v3@ut{K+fblZ+^x}Lx{k+<}xQ+|jc(30ofBE)%~
z_As?C*wK=B{)zfggYB-Rb}A9Mqt3jwVf1vy&Za0$rXEzfJ83F!>(8e$dkbO9`7>j<
z#xULZJ?TI@ZTD62i_)4#1M_n(?7|zw7+g8N-^1;?`_*$YC{<i!c4L(L*QyyAsT8_c
z#U8C-DD$!|3HWwOHJyo%2AbO9vUfK9CoUUkHr~#+x+otfHlN@>jrW|yr%odWezhHj
z0Q^w$FnTvfO-yXrwt#szA2D&05M_sc^Ycc1&u#sXc{gL~TOL_XP09x_S!p8w`(Fc?
zaP;k8kO|Jt$KT)3?<x5xQew3wb=})dBwtR%KYG2>6vaq}&^_o}jD9%h6_AC!kDH~i
zu)RZF2g(RH`fz~So~kvK0~?)dpM;MJR0-==g)+^OfMQEZQu<X{SVx{LLZuE{tpYT(
zrI;haccBy<NzTbwEX9N#%D&!lI_$U<J%?4z7JsB&(HKogLu4jb*A5fzFfz~ZKC@<l
z|EI{x;mF<qOhB{0RFld7l^yp-y005D-`U11;6MsM@Xxj9r;C9vQW<w1kZ?!*54yJ*
zcHmvQBUV$5cf@;B*+hPyLaw(MhG7*0m`)r6Q38j=QoP|LB5MOMpXCvCcE5Ip%!fLi
zJi>mYQFJYx8)E6DWF%zO<r}cx$!&KxMkR5D%WivH@O6h>B5(NhZNd9*?Y)Hjw4fTh
zgT3IzOWIQ`q1C_?<Jww2sxhi_e}+N?t5vY3*C#YB9^V+{P1eVnJY;MFGQzu0;f=o)
z!xI*)dM-h0j^38dz9~rnn?H)cO3!I?*z0!_UMr6Qz^MfmZ326{GvV!D#xzE?VeCyu
zv+<4dT6oi&y&0YG=1PpgFtAkYoDw1rEOYuRWoP(sy9mlQu&RW&;p^LCU%w4=xty}n
z;ZVPMQXgvc>TEK+(FB8J1e1Lz$#c92=6~7}Tuen2u|mr|Cx#Tdu-ViPreT_{1b+(t
z-las)q06S;U5uTYFfY5L#{uY$6PKQ88OhNKx8o37Nde4H89^$-8t(men|>1?5qD6R
z-3MCRKWK2TQ|i-0g|Yezas1S1Ve(Qk?0SxaZ*AoE6i%p#F<8@D8?XAxIDNgf0_Vp_
zPaTde24_ja_xC?%n4kEUTO)e}{^ceiKAMsi{r4~A3sY(xg^iKtbwHsQpyd3y26&>v
zR<gd}S^-%T8Kr|9YyjChyr=~5&J62&rV1jg!=?oE&H(R~tN#PMcXfDw`(5yEm0I0r
zt$<#wT?25vW7;0?E6*m*=NZ>VwPwbXj0|^)ET~)^+_f<poQZYH)muMA5!7D|P^w|`
zSL>S}0BI{>bF_N{H^&9>&0$a29Ivp=@%&$4b3C1BxcT}NGu))955wEYhv-K)C{`74
z!o}=teq{_ZcT}mV=NpO!s<T*hX9>R6EgKWnUKg_y-llfv-`_f>MLoR){Yb)!n1h?K
zaRs*T4?mM54W(dVEYNTOMsf8KOQ&GHpF#>QoQiwQ5L{SWn75a5?%ZR~*Djj2L{@s*
ziLJ=~RaQFe^!UO`7GHP~iS{?=yM+_(A-CIYzO{OIVS${xDjr@aJ65rL$&`n`$t?Su
z1j+zI;e~zl@WLl?O$e&!e}<MKMfBx}rGF)9h=&)hekPL=d4b-QGe((w2&<i-+g8E+
z&JyNK*@2!2FFsupr50G~xdT$iIUhd5C$jJ>jz&`Y*=a;l$aRupfo&KRm=BaO1R8eG
z0}WO2k$VyX4Rctjl)OU;IEafWJ+Q)}4N;(#^BdX4A_f6sm=%V5VeKf41ssr^A0Fck
zYt=h24pXSWi$rMdi?CTN0@-AX$)pQywd%T#xM6IyD=prv;B-t;Z_C?CuENSDmZttF
zt0A?47k86H*XmfFdXsWo3h%Mx)#h#0y6Ew6{z@B8L@Ab2_Rr0;n0>!WLV0j#p1%gR
zQ8Y9(>aUW+N7_lkPIu6iXY~Y4o?wA0Pu<d54tq&B?H0<lcVJZ+MjuF_`kFBM*ti0H
zqRiuw##L)$p?*95#<GFMf*9w`&4lHlF`Yz841V0bvX@Eyw!GEg$HKYH0NG(Q+fng+
z=`38jh?SQ`vHf5JY$6m4tlnZNI5r;T_`usazI(-GV^gH6N*3ezM22rNO4gq>;1=90
zS5+ZlgCi}Bak)ZvAjB#l#INmGPBf4y{-PLooX(tL1rlU)np@ZfGA*%o=&+A2FFU`9
z3Cwp%ygcI1>Ic0Wqb_k-y>=a{8NOkx^tU?8cM@xUmzH_^#@jmIZ`8B5%zBL}8Lu)9
ztUmiO2<Tbyrn4??L@!Qmx5+*cW!lM3b$cy^2VUU`)Ov4(ff_0}WR|fZxRj$weA_J?
zg%N3e6Wi-=0r3p+nXvTzE?NAj3XAi_3OQ1cbvdXak=v>IkSji4@!|%9PZ^2t4327r
z`YezZsDJ3OGg2Q&PvsPl`o``P_b1t!4ff?aVoV)6-e}N9KBt=VXfQ1Q+#3HW#C{^$
z-!BJ}KZw5^Uo~;@7|S`TFMJIzZoyv#U*O2XEy`Q0jzihLqKQjT+U5B7p)Z?~BsA@8
ze16CBrZ!J%4l#7alpAB_RP?e?*Doe>YVVQEoci^AW=<`9n{v8c7H{pq)~~VFH{Zxw
z-~ZnBsJ0&4cYT{B8Sn6Rs;MPC3&dqroSr?%Uf&^oqLH2kB3crNxFU@9G81OgS5}je
zI*H01)&ep65xpzm*HEH&Rg7i>@$a8j!khE)*YH*POmxRT%U1p_qCv}U>zd-r>OV}`
z&*d$q=mVhHfeA5EI+2tUo*+`b>tv*K%{vy=E`$f)#M|A5?fSEJ2Pd$0jqhxy33~la
zM(~&Tzt6zGhI*~Y?t;S$YO4g_Ilwwsbn9zUA9x;^vT!s|<~>(2$111#4>VH|*lYE-
zzCFSAfok72ZCheJHLOA|IqF1zPs$-cc7_6NaB@9hjLh&%jmp7!HaY0aR)@52WLY=S
zh`Hk-=)`eC^y4W9d~FCOVa!C!Rxka0V#xq2KH&)@SYpC*V0xb59aiLJV-}rc`Rbb0
zop-W4o{z&jN)gJ7pixdvv2X*%&18~IOmx+S?iL)!y}e?E(0m|~O6hB4rHdV_fhu!L
zt&u5s-t&5Hn1?f>zJGEfjHQbmzag;6<E2yvSm15wBavQbDmfFcm&xjbvow@l#AVjf
z>e(Q?w5P<3X&(zWm8%WESjb2T`>MSi9wgS|P5PeFKxQeI$G^|3Ri%9v6U;D`vq=7)
z?$h{Tm{bZ+PllOA>v6w@QbW$}kAK~;g%ShKK0lrka_V$U3F)=531e3$xBg@?<(09k
z8+|@`C!MI4?rc8L$QwH?e5sxWWYkUjaLhZ&3>_$wLLf{56j7PK69F3O7aT<uFvkrH
zl+EwYi%&c8pxCT#xSufU867!rM96XyIf-Lr4%Q6kYaJlPO9&^_J7D#osaTbkQ<zt+
zMC9OAp5Q3mI5+L1D9eU+DY7rj-iXmu;<7&O&}^Zg^w6AhoZ>Q(ayR-bO45JC1aNN<
zqr&WsRj6@cCUr&Cb2n~7>8q)|uP8WjB31O9h{8G=WuhY|vpVY7@3|c)Yu-r81^2+9
zzNTs7rjZl<4;Qts8p(2>l-_~H02H5j{c+`2I1tTpaK052qiz2)PvdrxG5e!Tb#M2m
zuXs*IwToG1n5RExX?ey2zRHh)abO(Exq|?b4I%yVJW3bg$nNHZ6p(#+3dm3Y&Qm}h
zK(lFPbglB2BDYeHXMMa@dyCYMdzS=9TXT>4%WT6i-pcv8iOQ(D%bbq&;-dAho7p0n
z`ZL|@)$)89Z}(`IR69IT-n$lyG%F|EQ;$oDm4<Bu;1pY|BVIG}{ONfc)qVG8nJ}u5
zRTsv{vhrK$3GXuXEp|VvY+<Xrm3oKVKFpKyVBwZDscJOS(U`|HR%yYDE)daH0*dO<
zXIU7|L}aDe+PP$}Rdz}tOgZ<DjwU_t-C=dw(<mvh$Q&xpdrBSoS00$djk}jWje$9p
zF}rA|WV@*E;=<Be-*uRQM;bEI=3QDf%E~xy9fj$r;qB0gf27r>JqEh-nx$<Tmj1;G
zoZLJabmzAyAct9E6M}I9kCGNN#0`CV9ChA1Jj!pL+(yhg6Rrnc<?HqS<HLoGlK=R8
zo^yG77dTrMG-3tYx&1t$w@i9<fc@&8bFqGq$MKu@Ts#JP=dk1&@W6LOYtO&`8Z%D-
z|7~G5fDzR{)7FT@#n(oe&OcFo>?Y9pUAX)~&)|~rNE53D`rcqr>P37=O1--W2p4Al
zXSO=52h;4k^49YP8<Vk!=Ov$~!Qt-U!=M62y?4k}t0<wMo<ziJPt!7%U_CK>J<?xn
zP4^v>f}#|1s&2<F?>-OZ4Y|5LG$X1!0HayXM{{+3U}JF=)uy9dqhCxybHowtQ_ww`
zw$%OpOjFVkb*B8QO^GWxuu)uy)>IEF4=21iu*b&eYJ0~(CJ?I-|Fez>S%8@q;_0By
zIfNIEn@C~C^eSIuknyQZo$?}z1{I9msVS$LSVpBf^-6kyih=swHFzJ~p4}x!ueR|l
zN>y;o<=x6MeC3cagYqSz3_#aRhoePBG;x??h}AiA*^A_0A$?(mA2td|#w%o7V*Ov-
zj{s|m5!OUXfre4cRWAE<Y!`ov0jtVS(W2?_TdCmB>6Yl{Xwhu^8;c|dChOVJn|Xw5
zPIO6$i3e@~5`dDGJbWZaz4t6h$!3Y&@gYbUk$Qf9OMTJl&XClpN-SMP0$EdQR+pHa
zgV|qZ4Um@WPuzk!6LbpfF|ZMt(*W-vDKzv)n#)2znP5O7RW>AiGGncztV#IFw}x9t
z$Q2Nu1}EFC^V>61je24M$ghE|G)6DxhE|`yC)32jDg~7d@?H}gDBaUoDrg=As-KmO
zi-^;dkuF+vS8QTY_Hrvtk<rcE(~dQmjTrQyWJ|E#S<mf25Q!F1|8t6%i-9NTvwC3d
zAw}hI)a(gF=MRKkIP!~^;`zg2bvK!4Gw)ZYJd%k=B<88Bmp0%Hz5s{igWJgX!2((E
z(0;zB$;2||;1kB~fn%e8#o=?fKK>VUOKef`DKxC<pS?`#flpB6ALjZO{N4(`(H{-#
zdB8_np_YjX{?ZN`bmpX8rk%@voEPIto6g2UCD`yDXh{BSbSa3*UYDPZt9PD>v4Tv(
zq)z?eif%FakZu1es!iq&UgbnL%d>;GSOZ&u^@gTd{ijok&y%Ktzyxa4dhJS=a@zlk
zIk45YC+;u;l9a5RBnO+kjhK(%;KnFriLG-gx4`~uhslNpp~EMFmqiz=x9Hzh?>}vp
zM0b@G-jf0Yh(U}z@=6cj|Gy7E;Sb|CuwT>f#xI5AXHLLx&)<GOet(>P&s_5R@oSxa
zBmMw>f1G}n{{L6{z4r3|l76=j_`lLG<qzQZ$LaS&-v5<;e|qWn<7fWk`{VN8kDrC`
zGvZeHVh>$Exxr}Ld*aKpn1>$at}b{f)npLrseOX_3V%m#nwDvhsFt)Mf5W&=O2I4f
zkb*O%*rsl2I31<Kq(!wTO!65TIfd>9^2#u~q$mj$E@hWf*}?F2p?bN>P1g!TE*1T^
zVdzX~o**u}-sErS;Vt$z*u=n_sCkH=rHLz6_gXEib}ALl4Tq*-9fc{--mzMIs;m%|
zz>ZX)u53)GU%nKraIRpbB~_T1zp_qYa(#=~wQw+B!WynS^elK%aJm&Mq#hi8G8*|w
z;PimC=A9GRDh56w6qa?zr0YMD>RFLOzEFwwiqegwtEMU8@a{DK%98XoSUdA^{(-C<
z0ST|P7(;2+>$>U#_}6B<j>7~Q>hgC`?5be5w+yk_q-#EK6W2BE9Oc*;{*^d}J?e!x
zh7W}}#-HjKlS`FyMA@XKfPRL$^F}d%g_t7;=@LH*Z=}}<1L_N}`Q1|+<lrb!^i-zk
z)z9lgiwg9j-Re!xP-Eu`R!DLeUVjEI#3G=j<OhIK11NxdZ_6U*D5e2YdCKtB?2*K5
zS1He<3fL3_6xrRxYAkG0KYKNf(4`1<>Pi{w*5^hrQ;g&Yi=j8DF(Rej__Wy+S>BAL
zk=TVSC!!6jsm^_zd1!(rKA7a+(agkk36%-qO$T6W6msCf*t^8Q8zi7KsOMo)w!hP^
zA8Pjm?^KzX70gFNAiHMQ?S0r+$)BT9C)VgQk*3g$*J|6Y&%zZMv7qOA95K-U6)ZQp
zTMA{83nkBqGuRy*VPkR^R=K!}?sF=>WOYMvK@+(@YXow4O<_nbe+aeS>+BL~79(=t
zKbzPwrE0_gT%W<Q6O~1z!d8{q*^)JtP+CIKCP32yeP|$v&m}?J-`H_RF8t*}1!Zg~
z^CF=6QOt5V0RPtq{W6LqmI=ODo8<}Y^<It2RS{D=C<SD>dcj|Npx)>afQ`+yPZtm#
z6Z>vQ4I7Kt>D607rt|ejJ+Vm6twVKWx|X9ir^k4AH~{|_{|23DV90&crfaxeGff~L
zrP(Gn0YGxGbjfKT6W;VYVKpm<b1R*WSv|$l97+~@1KmV<7Sl>2ON$SiZ%4-XS)rM8
z9<*+T_jHhjALRuVrm|?15&{7yn%zehHpduI;6ePBq6kpsP%G(zt17Y|W*wlVCO|uz
zLo=C<F1Ijfb3TDqI=4gUU8LnSRWQ-edU-qesXYO0(hY68$J#Vw8#F#d?xYLWq++Pv
zp4!#XHBRLQn4_lTLaD&l)t2f#?0*~P+7}Be$h4#;gRGYP!|F=gG-<ra%Bem+Hp`^F
zpk*dUUjRoCC$NkCw=QnIUTPnAus<F<us3f7Rbz`AIMNqKW2)L}vGi3^)i&V?g%%Kh
zy+A?58{kZ_3%C};2ZzM;tu(h-xJMGgZgIpOP$)gQN96EcjQUsK^kt%El0Tx#l}|<-
za_Xk!vbCh(s=s~P6!qZpz6W$D$06^Pc!XIoCvA43{hC{WxDx&~d?x#=(23k8JC68v
z$#h?=c?WrvlcXP174r5+ke7wNMVnCtw6B0>+kLypSz2=J@O6qTFrl5`r2fR~m8+_l
zg`+HH;Q&HtT@&l46Cm$s|2$^zC^WG|sZsA<59nTJoV`lAFPF1)@YJpLu@tEFQcyzg
zTQc=S2~*W7pqt%gbql*CMY1LNzk=@NdmVJITQSrC)2cUXIjBn&{3(;s>9D#K>l+n3
zKxvTG=l;YlpL6hET@l0twJJJ!YEG)B5nWF=-i^1#+o<CaO2c#p<r)s<XWoMR&U4fu
ze3M$$+iuP@sozoSD)kwHSFZNtUv=rzjh@ei=W%LITjHM&WCT#{jC)8xb68|So4a9K
z5%+(QvdC6c&g3Dy0V3Z4<GQ!WRh4XJtBCZW$#zl8V(nou!8hKqN%pIwXupd3Is~t-
zcZEj4$>L15U{z3t;wl+SbL~)n8=b|A%W3bkSPflLO}yXu|ApUmzZXA{Z*%MU=I<yj
z+R_45Wiz{;afj}-$<dmm`zF~Rje5s{oZT#ix|GYIaYyOiWWV~4Sj;?%(r;LiCsas0
zS$>0BO2LRKMj}Dq0M`TJk-y$n{Gm1$k0z1(0=Q|@{wC*cgPngAQyFI^`mazkIPTE~
zT`Z6d_9!-mbJ$kAJ8|d<_D)uR>x7hhS_*@T0Fv%JF=^w0R^Sdj+$?W6;!zrr*U3U7
z*~ZaIZq;l64=`sv0vW<^yykFbgd{LkHAQ1?QLL)Wp-PI$;x3v>L~Uf}u8kYWtqI<j
z@FFMO_fm4sFYn{9U6#+s?UEDUF6Y6+H|Sx%_`|-5CgpKa-HmKuVU{T}JepW4y!Z+B
zvOB!g9*Kp(J=dNYkqhjxxHzloZ?DJF&Ec<m!RsY@eB6Looh+b0A0~^S{R^biNJSH`
z+NbWQAPQyc?`_zBj#`B+a!=5_pc^YtERU8E@-LRNx>E~Z)!y);4}Xzkd;x@6HGs!&
z`G-9+uNAu8JFiX0yf@h8g2@GBc|PII>+H?`k?`iZn8V$j8BM$(!_66tHmSW0g%u?J
z@aXy7lIojtG4ZqnTU-jO!^wZn9qN}NN7u?5nq=iSl;hweJURa!T!UG7fZDXaM*qhB
zQh2{b5_ZVp1F&9qqR{@}Dm;7-cpSgZyJB2u;5;5;!yAqZ+2^sqvpwjZB?&)cu+y~y
zRucAo1e;HL7irq(ZNWDH6q;sfL%r-+<+B5%JA?#CY>R9|iNHc#{-*DUSgz;+>cMiD
zT=d+VKLxjQ2ij0E`=%Un*=gvW&_G}d>*Ng}Gk|ci58!X7LOh2t?c2Xmbu9Cq8}AWM
z|Hb9hse1^}sQBNS*`w^20W-WP!wl0%^LwBP+g6>Dx0O#!E^p}{cHP5m9!l%j^dE4-
z^skJ$R%WZytZas}dL>@B6d39+f=umPCIHV%7aubT%uo>OU>Rf#GXOau_*_$zd0Q@k
zUycf=_);Z#%j3%(&o}9wQs3iGM`h%n{MA2RqWd?h4}w2SY6WLbW#n1@`nsj~WfjSO
zJJnH3aZ8?-a?53L1Sxx6NjcnvRi-0%*B~SicFva;oEA|3sVXBiNc3O~3&@gAwCfkU
zMfXu>`0#nm&E-$e#&DbPEa8TzYuWhj*%$OdEqZ|s>ZwW>Sz2Nx6hl|M-OW(IaUyi6
z{_8JP!0{BkSka3yfAz)3(KD#)>a$t?CF=@gHfn&LUa?hws#?BcThgjF`1Oj9N8wkz
zd`Y&ftfRy3H`;)6fe()73CPo6sX3WesSbf>@aN1JV-Hb|#vN*>FwHqit!ZHv24ls|
z*HG3J<s};TBLGls5Wwsf05+6y0Q=R-vKW8^>K6!LA8(n)p?u1q_*y^->QHLck~ow)
zbtXc2B@TrKb033pOA9E4aVUe0P%eQ#w8<@+cZ;Lm-iUhhH_-f&7R?WQ6C>5OZw#cW
z`Gz)UtA}AGTO5;hKEC|HHh1O*1lmsZTm?I`B2jUoxnE^rJM^A&j5~B%VttkDSbY^N
zblwg*RkFWLJP71`)HOkR1EzUU4&8rLueShF3oqnwTx~v$^!6QeJ5J7wEdZ{%Y+ONi
z>PYgc6<kU<tbVmZC&|)el6d_<hJVd!`x1F_?8F~23{HFxc@(QUEn{_jIaNM1GpgLs
z^9=P$QJU>Y%nFWnkcIBYvxs{aqilwUlFfrP^CsJKw6j?}l9j}=3a-R$7fWkQ{1%<6
z^hFwI5&jqx1Qd-+OW%Br{QQU~_kbLZTJSzBSB`=NdD0;Nh0u%Qu=)%%1z8N#HI&7K
z2M-X@x8rJ?^EHt$JDp*OW-2j2uGL8*gjjk*l=1}M;%l3z{W(!Z_0SL?Y7TvsAUVcX
znoXUQ!f2Xub~oJ~t}m|Bu_eIw7oxicI2B^rj>W@-rXFR&5|V1gDI%4P@3mL3sq%~V
zGwmSkB=ptq-$Apz|9J<csqKf*4vO!b#|1W?%X;8=t|hO5E2UtuRSI5fqg&0{Qt;ty
zyw1}vIjcs}#G*f9m3sFvqehs#-%gOBzfR7L;uR=NWtO;@r9QaMZj~K7#8M2-l|!Sf
zn24pc6Y^Eqn;;^d)VhN_?#9d8&}h7dr3S~iF(T-*%E4}I1nATWR2=9I-b-1QbB{~8
zKa!%)w%_`xHL&b1jf3%h9eGFBmx!uppZ5g&OTp{)3gfp^3ach`a-Kt~%_***hW=bH
z1+P9T1)cShBJkFOD8+dMSiw%JcMBTE_>jGs_WXWX`BB~1tjDLKw6nPx9iq2*a(Bt$
zdNXUq>a=>4Na9|OY!%2KHM>=Jza;+F$D>rzk=KL<pxh=Y++>zQg#wA5f{MOz8|tM{
z&nmLvNRHL>M-sC-$s8xBl<;@zJ9=#WVY0~YhR5nsqQNeTzW)`Kw{W9bQVvEs5bwY;
zKW=-r^DDd(TArr!z#VAL4`Lcdf0H;@CQ{3xepSi&fO%0I>S$Xg8CmTy(GVa0RfI_o
z?@d85(>nJ%a;m_LkuoWgXg<wBgq&Z;`lk(bOwGz51Fm)MB)5RtO0b_jIbI?@&<J)l
zITP>XGw)@%@dyy*XMEL>u-KR4aqOGBnhBfAK`ouzz`NL)QAOE71|W~J%cGof-cY38
zO*t<U1ku*-mq1^@ilXSkCYDxX*)6KGO54L?m9W5QJ{nqr-SKvdv@1||l}hz<679v(
zr2-S)m7ip6)>&4%VKr_{JmPkQ$(aHZBJ{z@%9%e~Qr1f0L$EN`N*kK!Hp?BdA3+rG
zoRmmkGh<54Cn(hu>B$Nby-rqkXq~3<_`VaKK&|-1Q@AfT93C4SSSM3z=Obz_Ld&~-
zd}wGL9HdscZj&tR(AIjC3K{zK2o<0LjSCGu%)8{OJ9at$0a{e7OLU(AbshT5!1D+D
zo8KS$l7m-{4R-krm78UxKKS;)ruz*;b9h%9J!sz@XxF;9m3^$N6DFbRAuA_|C!Iu>
z7IG&+XND#;xbRJ*oTi=KpiUkbW&RCro+4sD#gfBXQPlzzC#jHCZUoa$_wnSa)R0>Q
zf<SQf>}EPlTAzO7eX9T097<DhlI%Wp>T9b}-rkJa8(1akl^8S<v^?@J0e#)A;$u&<
z+%(m>hTJsl7?zYZYD#;o(ZnW$l=EX5jZsIr_)>XflJ50J4XZmRHT=9YHGHZ(k|)H2
z$dPefb#Y^q(n*9^rVNyUF20yK3fkPkJ5@3OdqNMYp5Xl|Y!o=;Km++v3T*Udp?G-j
zEj7>=`nY&<e?>>Uxb`87o>ffy_>#=oqI-+HpqcskeE|)^pxL)L;Fpj|ci6mpDbgC5
zdOXtl4U=({Q?tnD%P`EV@d*(`bI05D?VjB3tnRGcQ{|dH-tJ%aB&xjz4@yo5IpyS@
zofEfG0e;)>!K3*iXK-|VNCM?+e7$x-!r}ZaDYWW+m&4)w&FA#SDTeW`P+V-*r4tm`
z-OwU(tT`Hw2K@Odc4;u9Q@7;vKyqVJm(8psy%c=kzL1Q)tWp`UgyLBe{O<vevd@zX
zQeU+tZht$dzA(8aDhu0riF)`S&tKXomTpI$MB51i=G1)BI*{#%h2M$G$~+<as(}Lh
zfTN~d3JS8)4n#$(+oAc&B6zUMjxzCyN`?b+qynmTFFwIiDAh>eBfynvBn){}Jt0do
z;Q)KtlS`q0p1>jTiSwy?jhitDDt-uy6nO3ttw$n%SMkFD2mnXt4~BDjOmJX59+N>E
zH(*t$m^=a))emDrmL>`n5mdQuvqv}*`?9za{Rr72N6C!R%VXqx1TS0&vjbwOV&?S2
z2z+(YO*K)5xMROqiV5<@g!&Buv7{c38X1p0H$_F(7v>#`<2yFguRk!+{uC2H)}^1B
zj&TlMRp8MwMselVODK0|n@JF_*Q(Kl4bLhooL!en{%}1sy0jjBSC@_rS^85DABs==
zF&|9s&at5`@NA`3%H1?3H1tx;?}ei3Ta#*{k#cIXok_2_5T3-RAJFY;8A=jvfy4+r
zN#I~w#U}@sP;7EuGV#fwc>x0Ayqtsb)_9ms8J+SB1co`9-w&pSVloE+Pp_wu!z`)W
znJ!UHAb8v2AFxKNVKSf}?Q*oy=0<su^Bp$=$_>Qj_MzC4yAQd#8+HJ$e60rz4j{U7
z>m(3L^~dN4*$2ZjbDQ0cL(HK=nai$P^ToxO+)8pBW=EYH4gqwy7$$H#_)2%~9`eBU
zp3Rm3Vn5+Vj3K>_D8O(9TJ`Zbc6l+`wL5nuN<X=q-AX04&P{F&{L_23o60!i`}E}Z
zZeb<i9Qlm4(&72NsCX@&P}u&}OR$`;-to%FlO~o3#c@h34bT{9ZVq^ItI#17kgg;l
zuu^?xVom%@Cg|Y!2pK-KxyemD+(EQ%JC5%>SXQboRaUCwl3R}nby3+A;!#<Nb2va&
zR1lSA<tKOWQ{q(48{EOy*{|!=-lyptwc$ZqAj3h++|{!&*#&%^58t6Crk-wK?ULd<
zTh9+gYm~%gq7hx4C}Aml$}BlH%pD~88&X6+#bkss$#GT6U7Z(A;4h(p`BJ#qEalcn
zj!pB9%DGK=^TCK_v7_nI%EB>7#~I?nKi85HbAT&4C$#g7@^D{}*sZ8Dv$n6&tW}^}
zJt#bARjIC{J#mFQ_!leIzCd;7d#WMH3_QDUAa%zG#`m>0nd>h+xEknqFZ|J&D=@w~
zJW({1A|E30KcdIigl=p_-x)>Ce~RflN!qfT38&ZDbF_Xf;*&9TR_;*=6d$_0g+>wv
zV^pJt6dFiW#!|C71!Wk9ThX*`-2Q^)UD?R+67Ay{X|AU*wGV2EHV$`iDx=LoBW(_=
z71twe?l8qcfG&6!1&8YRar)rd7QD&IYsFt*i(=rfE$QP9-IhonYJOoYs!O|L^f`lm
zd>0;mIkB4+cgT_sk{_}q1+VbTZa60wZKr$>pb~scr{iRM_Sn$SK~l)FmYr{Fr0||p
z67Ho?7a5M+%~Eca9O|+T6G?}6S%^`STHwZm)@9GvZZoVmVc!^DxC)Lv__<nEcFMU`
zz?`{agFA!G7an_4XshDsEPU%W<81~8WdNf19KdfB7wzZjeGwu%5n1RIz-%4Bu4H<r
z?k{gco}p|`vcKW2h>Y%a-|J_fP2Kbx()?$oytEA1IfxlmE^*ljR4iP|v65pTYgEgj
zf!|3%79fCSfE}B>Y3?B)?)%=Ca*wlYtyS07M4QXu({G(vXB=IO+_?>?08DhlA4Os*
zX4iuQ6I4v3qFXpZLay5`d6doS!fSEyG@yttMarQia4}A~gYa{Wocp6J!1g~vHDF|=
zR<pC|u>h0j`A{TG7KgOV-2_BKeo+g0I0(C|J)wT<;-sM&$4rc}W4l-4X1HIcEkUsh
z4IeO?@CjV&m{~7L?DB*LR+8A2hH96`aoC$7JGS{&;RVXCa7?2p9_3Qrr`Ld#=h)`$
z;?DiWgTsw7TZH-|ynt<emtkA8uYD`Eb#1L@*tI|EMpnL_qphyzcLfx8h7NCKDfclf
zWlt!x#;}xg$UJ)xCB_2ocIC1U&~DN9qi_<%xcGWrj~BCW(h3Lh^eI69&(@Z7AAL!K
zI_IYH%4|vJi;MQrvUDe|=bnk{nKJm;WMvziU`gwF9}<Jl8ZGAZ<A!;|;Cs+o8(m66
z$#Iyxjj)b4Nx^hk@$hxL1K08Gu#P_kmE0?m!31`K+E4_l)RyKlfUw@_-=i<*J$yO4
zaXBAm%XyO<glfK=K{mY(m-Bb(7e%<7cjL;JBCFVPZi+AGjchr)l|!H_V-#O}B`2JJ
z$?Lf;zMgC1q@fwd{CFP6Nw198K*sgl9Tk{kM;TpCwOr3bt6)7#u(h$mx5shBn}MQj
zIbYCC-Yl~8k&61uco>!AH*XhD?tZs$Na7i>j;m|Nx4xj8XhA3BbI|qi*mZ$iwd&*T
zFH&g5ki}<_#K$#Y^}UPDCR{MtSS1jPkH-w*9_5(&@}(x0VoM6mi5YIQTIh#g-@;6{
zX9%{cLG`aY%=x$rvP{Yr?VH%e<n{qf`SV%2nd12kbo|{I*t|~H0Gl|@ht;~=7C7^~
zVTg0&lHY}M`tQW~1$z?Cxg6)Pnfn*SjKwSiX&o9sm;|v-bpxurVAy<>g(i}j@+Wl!
zC#}thX0lEE_M6*8l5FB4AbGMkAsLQo)usIzl0D6o@FO|?a}%7{s_8Sjb4CATa!#+R
zTmp+kJu4^66e#mr^+;t{5afuh=JdwMax?yoH}<Lx{s!F`C5^yFFEFZbUK#8Y@9L6=
zQqp}ZOXj3xiqFKtofGnn0KFy>_Y*%Go#75XXrqKOoOQbG%<+I6#4&N8Q>k)>52Sj8
zI(B*!Gb6(l$^?x4u|w`Ryepm*-jxa(<E}hVyM9ZKN3V6+I|*J`Ilyhi><my~b1-Hp
zTeCCyER^uvn-#iRKv@1$qOxH|*yCvQ4#(YJp!HzwQ63btK@qOZ!Edm^xz6AqIdlVE
zfK0aOefoYtUjnPP(c@_L<`4|b-yCn6XQS&m0MYDI_1g9nYY=QF2cb<cUtBgOgN1=1
zPZDjIR<)zWo>!~x%>=!0P3%6W2=)!_{-~O9m5BnEbHrs*Mr}C7*WDe=sSR6vxo*m4
zYBh8t1q*CUaW=e&?t(Y$X|%`&%#JK*K{=Z)1S*X!cgOr~Y<kMt)4^HfG=n!AYV$}k
zsZMZW1`#p_EOc5co$00$IYX#)wnuxHdg?4#R>3S5_Yl3BIV6_cmT_7NUXB+wH(qEq
zaVJHAm1&=n(FCHCHk|&#VJd4%_B1Ul0$Q11q}~ewEG%^Ol@^dY%R!N3Uih<5Jg;(6
zejMaSF~2hyk6Ky4XnLuvtg0=@u=p;P{6kEh;844F3V?(8`1Atu&L=Aq^t`XP*`yT~
z=0!EPCx~g6>eNnzOssc?jE7w)z~2S9GXbbilzA2(etYFag2Hn7)4g~)*BiabTnYI8
z5XZM0$M*(A)*a0E4woseR1IaHB!eiM$`&M%3`nquxFjUD-vi6e4C6|`#JJyX&~ppX
z7rXH!t9Q~W7zV3gREirY<Xkw)>Z}}<E;viZWx$-CjXA3>UXg8LE)~yRkZK}lc=&6g
z%}p04?MTt#kucw2OZA^}rrxZofUYsM%}bJe2MucyacNNRVYrN-73qelaV{(bTnZ5v
zPln(Q_Vxt!ilw&!10;O#2(`xWaVt}7_z_C&?x5X{W~`uOrIb{H?;=cyxv@Z8TIo18
zw-+!*7v)G<Bl%aR)rJL0bgh?ygSBzN8Bxcvc{`=4$D(2QP5}TR_wh8!RRv-LaHk0z
zaG=`v6>gDD-I5kEMMQ|DlnXd`xjG1z8!ek)krgqyKnjkxNsbNPeiTYnt_IF$ao`E=
zh?0L#vlQ&a+xmWxf>##QRti2~@3p>4Y3g_@aQE34NlLSJxqIrUsB6gR%;FEF=sL+?
zX$_9Ix*XwoJ*25{D0SJSWx)Sy3gJLN%WbDIN|#FDq{;-VG_@MkV$c*sAOX`xqt0k#
z2K>XO@!;s>X^gx~elJ(7@6;Fc)ztLPlmX_8E^K)$KZ;*nCe_d_@cUCzTb_43KRzAJ
z%|?E7-*B4!k$m<++j1@(4bwjwr+<8g;0X@G+o94Grr7k?sp-Ar(?8utUxBK^gF*78
z;I%~Zvvrc6j|z3yUOX#LYlPkbd+Kc>bD3|WPUZ_h=g<a7Q>RCVJeXPhr4(I_Mo^$K
zES0kuk=JYKNMv+HtVeK4m!k$6_gqb2y$hoSQO(b2`^2agv~{9-|9k0m)m22V;ce5)
z>xj{6d#^TW1(X^4uiv6^$}lt!6t>vO)m%R^o-Y_v6P1F)Wso1#6X_@EP64;UM<&W`
zngV<!6H}R$si}4W{-88?J>EMRh2L4Sa!U?2lB&Y&VrqfE-s+v=ug~z!@Sytuw7su$
zB9A5ywNW-qPpU+tMLB3}3l><BwT^=q*|LAW&E%aZ1xM!B7WB#S=H^wGe69dCLdga|
zV4SFRmqMv5P4XxT{(s4ZGSsMSyr*1RW>_LYX94wLi^2814SV1_k@mn*_(xXuf04`R
zyc}~5sh1X#J6bcmTT#F#AoKQA6Q#6(Es6%FUnjDBNToNkf9KwuxL=CYch6&CYD>#*
zEKj<RneD-945TPBzcjjlI4Ok>nJMj}%RUAFSA_p7C{*@2{rl47;Ehv|o!?8@={>>u
zcS%Z(8h9U_HYTHCXD*Xw@=<Q>gRa&EAmMjqUTqIyy+b$5(3B%ILr#BFiWopOtYog;
zV-ia-h9V@L_Md8eaL&g9-QGn?Ow4%SCjsK+m(bF^q!oz1F$B#!l0zEuv7lW=uy~vS
zu|e-7$-loD>Bz2D@qT{ARne$+xy!-s4SnmiRQT<y&MQOh#D-b-LAk}<Q$W%7%3+Uk
zO1-f?@d9IHyLv|@(xXy)JrZnA*pHFZT`@#4{x^JVY9)Uk%F!e*uf(<g*{#;_FR3V3
z$3<r@96yjC94|SuJS?>;4_}rj4{PTq``?pbCX|cW=|+*bj~tqBRqu}p;J(c=@)Yey
zdOm@a_HteL)wF(6a5T_evPt3Hsgi=?rWMaJDd<2ESXOp{h}8>g3kG}I4f&*6=Bq0z
zDNe_FDAxEk_YTMV=ky1Qq)><JGZRV>h_!;{bJT6T=AbjvUvHM4lR}vRWJ;eSACg2*
z_{MTz5#Hed0hG$%aP{t^DHt(py|FwGb_|Ch#9^cmjEW=}wWBjE@U^eq#K@_4F?m|r
zjnOI73Eq2{q_!+O2Ft9&LO@cszusbigI`SCr++amCVv;ibbs|!1vIV-4-S3=gh(&h
zjro3sEfnBe1$>ySAn=323#YM&yoGN2;7XT$h>4`6C=Z&jeM}3tAeQ3CkdILL9wUjI
z+}se}Z~0g#%-gG-H!|qG$T~JS^rF0t>XKQFoU^dRH2b}s;n>@rr~m0Yrlou=4A?SI
zIP-iO^23n2?PLW%9GiWjOWEg9nw*YpVre?eVO|;h1<w+{FA$flg*64Mu*3NR;2U&z
z$cDA*ESc9H7(lcFPBu@5W3BIQw{npAS7nsUX>amP5|_<D*{xvk0~y|f=;W|g8-@N|
z0>-e$K={6nR$vzx26~jtd66Xl%wVn@3gIi(<&nHY9>+;>Y1pw{T)NV_rldg-16VXC
zBnkd{QCTfMB4c##l>*OCCN5hAJJ=cYrrG3Bmo$(ivysmgsK*5wT?M|ab)}vU!qsBh
zkgilf&+05GZVwC-FVURQRd|4BI325e{n0Zl;eJCXnGNIUE-t$o#v2}7l;PFj*mEjB
zu=z%;#Zqic#45~iREUA+>9mOeJ^1%5wUGhF0W_*sXfxfE(<F{i;C_<-5TR9a$WkSx
zB5jQH%9lfrF?tmvy<k-_90GGubVO=bU{VxDZD7Q}Y630j8$kOYkT~!arr*lY2UKA4
zIO=@qv}W*r^vu+KCWgT<Bl*f0`C8KNEhGK3#c}&wi=ig3kCx+&Okh`3ZRaDxw1&7Y
zn@b)_H+egvaB&3obfBzQjJz*kHv0@XJ71$v^O2y&j{|Wm7g>6DO7t?sXY&psPlrOQ
zHS#cdNMLd^t8!5Ns|m%Ro2~MYn{8t0mvp|GS;K3np~r+wTFzZ3eG$)hyiP2=o4gC^
zxa*_<#KKt4F`<4ANjWHm4-Spz&XL5zgKpuJB#t;pH`7+SwH$f~2dQovf~k{MA>v~d
zOC!jb80I`bE0)woeSdIGbZn^S|0C~B;G3$l2jHYh+q6x2DQiKH!UP4}sDKg{X&{C7
zFaZ=n6c-fjFyn@pu*lLvTJ0l7>+XM?O=on_(HV8L;DR<Sv}K2~3NC;GFFZh?SjyIX
z=bZaq@?M%&Q2+D&zu))!L6h9~?!D)pd(OG%-g}k-7%|ub`&6>u9@ooiz}qrG1lWV-
z!{qx7qcxy2&&RPCL2J3<3L4bcWIW|RZ{*RAk-Sd(Ft1Y$q|ECyj9#bcEj@2caOi%T
zdXT8nl>})G?oI{K`~%v8wTVg46o8T?sj;A*OeXAa+Y!hG1mulD^Fay=rJrn|0nM<v
zXOdAOw1Gdc@m6{%{Db@^9~}1e?|T@eng=#U63~Ym;1k!Q-dwMU%r;K(D-e<n8PKgt
zOeoUrpSbdMEz3(r%^qNdb-v$$#KidjOkPgW$xD*bATSHcn#oJn#JV_v*|NL@Trh#@
zbR3RJOhG3xM<af&GopPOS6&4SEd+-GFV|#CNAThokFShImDd$n`FwL(`63FrD&loV
zm9H1FdRa^IQQT6Xm5<LySv?=+1Xr?@NyxIOe0(`hK05KdW)&%~y79-$%LkAKt6*3<
z5z?~!$la}o%ZFluwl#UF;I{<t2NA_37>Pl)&=5hsqr5abWN%>{Vqa*8A(lG6E{3_a
zfVp`2xJ)M>UyI7exS^FL7*BXkb8(m`-k|^RWVg81DFV}cW-lXjJFSu0k~*)OLhW`-
zC-cMfB#rqYywb)UaOSwghEGt36GPJDH?sHyWDKGn%PPjrP4}4$)Yj%SYHOBJ(^k>k
zOalhb#<tS1`{M7-Aj@vQg>rCl<?S%A2Nq$5s1s&_FWPxq*7^A{EqDIxRFkfXja6CG
zN|g=ws#O?RZII~2bz;aPuJVYr($iEIbU`PcE!(&(yc-uEwDT?z12?F-J#y-~N8lyS
z1{)hL%Wb#SbA@KRVmq)4;0Uj@=!cWcV7s~%*k<0X9}dT=oE2KGQW%GUOjf0~l`381
zdNHvoFSb(U^j-QYW>)3iR;p}|t72hQu4$#pcX3scSe0{p%T+4w(N{@fRaUoBB{L3V
zS**%StyJj}2UserGOd*=mqQg7S8mG3*g5l)7=`}<Lzf0jn0p;LgDYN^WY7_#GU0=-
z2Kre9V`2Q`w5c6u&>9=!il2juQq^tnT9Cq_Djoe%>F5(};TEOvxVA9e#0q<3a2x{3
z!a%ytqz4IED(p6Es`gT<j-)q<h3`^|=9nlLt){t`OnNR*BucFlTK!8hhNOL1gO7!A
zZz~k=_%L|;(PRw_4=5dq6lfCt?3GZ_T<JT?qm}U^Yj4(%3~43&N>Xzyr>j`5hbE*u
zC&Oz;O>r}KeOzM-N&IyHyj+7a?oE$I#)(}iAK<s*cIjWYDdAm?lBsExd)hvMLeTDH
zk%{&!=*pysTRa{|Q~$Zq#DYs4fSu%|&KP|5hG;n2Q__GmDp8VO%o>leh`tLCMq^zJ
zjeCy5Fjq^#TNMBvVgLx@Cek5KyTppklGDG(=sdO4nOnieIW>+PkXw|bb}<>{5<_8Z
zO?q}5bGe{kU2)L+ZZhcsF{^-lpQHzb^?WjpHx$WsLw^9^epB3_mQPaJdL?07p}4jb
zSzOl_+UgwN)`MzW?u2bU9oH6$&+rw-7)FR=@CZfMYDcxz24kXDN5!?ONZ6^@L0hx6
zZ2<|bov1YRPu7&SolZ(Sc<oS9=j2|jP+L?4@LeMeEN8j8F4Mhs?GPyCG^KRA{oM6X
zdfFH_61Up@m2o3M<6=fZ!l|8tN<p~Y(vD17)(ft}TMcSqy%N#A{uZU-Ee56G9k>Yz
z%*}S8!O;51O}63+Z{MN?*zB9stOuI)V1_MqDbE)hrQINx!y^#vX*=-Jj)k^*n!K>o
z&{hqSuPbQCT{ZJY@?Z^)dyN~zDUF*PyeZ-oZ=GDSdZBAX@X8-eq|uJPBP#Qyo6<~%
zdMCGVG)3R8-__Sp;N-TCp6qlyGTvD;n&NN!ESSphKkyCows$m~lgc<p?#63YBDoi@
zS;^tCAXZ4b09Ue?*C-OogGYP8gDJdbA(uz+nl;+ZUVA$i9t<FgAcD}X$X|nSl{@ho
zrAw)GOCR-uOvA?L1-`ejFL{CY!>cC@UM0PI6=fh8e!4H+R=%Ced`|jFIir$62<K~O
z$R(bZ`iz7=|3<E8JERBSLzl@j7+mT;#k;$obTB_TLHwjehj$WuQJa__S)5sI(7s|j
zbH&Fq`d}Uf?&}R2eeMxaLZv@Rd1#5{BO7uBOV=y}^KnarQTuG(KK?UZ*fmOV-P{Mc
za)UM;-W-qMUzOw*CHZF9UoEq6pKtE5*|=F;k0Je5bETg`YmUv_b0OTu52uKJtKGpX
zjY4EqKHjAUFp|0dT$0Zp4v<woMzb3*!9?d<7+$YuGNzsNLx-o$uyWzA?JV>!1&USd
zXYM_SCatT`Ucclz-0*ERQ@cjrwd`fZZah|_AFJW~3~7bxHDR2)KcWgAcuK*X8}wQV
z#h-$slsjVd_wCY;H=D?63K<mdbNFe8_`pbun}yWl9nymC%t99r`};{L`RePw;rY2o
za*xP&(9H7UQCPiRY1@W{E@$f($0mJdQX7LdVEG3^7lU9tlJ}7ju;%L;4M);XT6!|m
z;QS2dQckAU<1;w=W>ZMz92^~nPXkC@7%$E7SXZ{LD?#bIk03B9TH3ku@bY^miqq&Z
zDRYY61fc_&yzxh#g-iRKg-csKXDn|#rcQDR`iO-mn#h&ugF&tPD&I@qKp)!iC`P&=
zl4%H!$Bij;nyl;e5~Wjv;n?Ras@m$g0emf0c@3fH#D7jyd=A<){`ffwv1v+kX|eaX
z(&d!qOL?~m-=*+s*W<gN;UW;;P3czA+8uAQitTtHgrDyzpMNzl<L}<?Kn|G%WTSgV
z;IZj=&{X~`axsO%^P=&R%brJ*iuCXT8|ujKB9w9{i9~m?orIxs4P{+~C78;ixPp8P
zyq4fiXZ>f+&C2qhPU1?o7?^|PXGTV;@6kq|!AP_&9wqHq`qx;dlw(Xkx<Ga2z<=1s
z8Ec#@eBj8*AS2Kvp{CgW6yXEI2g0y8n*m<UQ*6~nNwM&P28zVA7|(cXTy{6zJs2@(
zz%h1jClc|w(6kiB9X?@Tt{MH}G4OsCje?j?iMDnh#`SjDDU@{%sBdhsI%|k6R^n0V
zbSG3F$uR`2?WNnyZ48Wusg-b#vy^<odk6X>OlFRtXwHHmNh!Fr^xIKgSd1_VUoWsA
zhI258p_^nN%pAo>?}zswd9-d_!%Ug`&=}`X1Veh4THx6%do>mCnz5gBLlR38;a1WN
zC~$Jc3(io2yw>LK=6s;S;pAt1N}BjK3pjYb2@m;>#5)dpyUI65)`)0Yv#MF(p+Rnn
z0Eml)cIgU?#0Y=_MF4bD1i-j9Yk_-D4rtW}{|zR9o;;grkpD-%T<#_RM(&~59QKoJ
zsco3IrIeD&tPlUZtAjxkdf<l?R{SIs>+bVQ>Hy&-tG#{k66rQR*x|?LPexd}dNfq*
z6v6Z-pmdyKsVO?aQ#7qO&T_qz8}SCv2TV#b0(2^_>ZPWyV0FHG?qnoa`Mv|btNrWZ
z?OuAHHs0<gSMzwg`tv0vnML{4AaCa+^N|X<1Ire&%B^T~=z1(}a|hp{6DYiicZw&S
zeO9_0`xic*pW7gS21owPPR^DOve)LZ(TNJ0^`YUIm8{L7Av_4DgXNJHp-+t%cJ<lo
zKW$s+_0Q{?#XYsrz)Yo%3|9I@S(k4-=jyXxn6?q~FKK%&6!~di<ArPMo#SZ^$_PyC
z>!@;bu4D4=F$VDccuUB$TSFp#lpTFg3QP+D51RW4(?A5xhfh#`h_w^6kMSa|A;uw#
z&Pu+|8s0R)f@v)sd!Vlq4D*w9cOD7zEw$C=TN<EGPm~#qOHZWDM?{&Hwi;rYmfB*b
zrOV^}>rp$OC@6USTU0y83{LRK8JTE7lg0~9vBVYMMjkjynkAM*v3aVcyUD2sG;tpY
z#(XtMt+#_J7(u<4{%yl^ZfdPY{87qz^Lzw#hZ=cbqAW{gEI-ns!$gUIJYcx%okjC4
zk!yhaQ1Njyd5$KFw=iMZk8(JED@}Yo&A{@8U}X%P5q-VJY^R)K!Q|vsJ(+fiqH!v=
zF+JJ_%<@#S&uZ3CBj0D!tgB%kC7jwM7>|u88k%~I?^3iV?mC_~Rug}3kjy<cMgadT
zSrKL`de2xD&DR8D!WG7YHm_$<gya^@zZOQ-m!gv)AlXsxA)ZD3!3^PK8X`UZS{iN~
zVs9c<D<kT^l8uPR>NBwVoVe;Zuo=>JXai4~E0h(2E_RG^rlDETlWZl<ki8=i)S{Jt
zB_XXCd(Xb6RpGmedX>@}K=^*FwXfvGO?;omS^Wj^jBu(>Fs=a{w!Oyp8?@K#%^O2J
z?k_gF#kJ_l_-S`?WdwZ~)~WPZz9)1j4$PF$(}I<RpG`Lz%9OTYei~_hYN72Unx6>G
zkJ7kwU-!iGL-DP57~+CB!gk<>+zNb-?HYlv{!W;i907VvjsP|8^zG;UXCsOa5#}7N
z^NxfqOm_?d;;7-d5jAc$6K;D7nfGqRm3{@MgqduT7Kam{fBKl<fGhY&HGgW0t~!eQ
zMO2r<ypBp#x6^w@B{ieQW)en<{ts6r2;#T&s#b&ez0cy=3;|_cenYP#-x>{))D517
zd98mR;`13c@#J(6v|i6gLj0+3VILSFTRy$~3Jyr+{Y???Eqw6N2q3R$ZWEyQxbFb!
zDP+oSLnO4J%$XElZEl-31|{~-4N|6|nSKFyPy(Z|bYaRj#KT8dwo1X(EJzVw4@3S$
z8}A;L(Bx}hz5xxiM)Sd8-QlbB+>TV#uWg=^1~jJZkA{^9X)215ZJDS^OtA^#H}L)s
zFTwjgzf0Aw)=<0$i!&~<qBp}^@Ou;fmf^SjYC&^*#{l4I&pCGhR;{}v6e4!i2p&9T
zre&9*s7ATRodn$r{*5Nt{srzMr0cp_X(8h%&anDcKlWA<rbCGt_OZM@AEvOlwDUK2
zXlAd<?Dw~mTGPnV6q>wUK=7Yq4Qs4p!tT?VbTbaJ+>U(sSwj@w0C_-$zmymxZ(8;6
zKGD^xzLgq#tBAdo<PnG3wH7!E$VLU^)tfpP3gY3_K-wN5)xtOk)IQ8ygel`@OUTJ~
z%tx2iU}mbJ3MyUXpUuE{x@)7L?!LsTzLgq#Ya4qjiQH+mJ`60t-=t)gwdK-H9pd8q
zEA*zqYKy^oS9tt>#3kBndpQJf#*b#h$8@g5F<8a{EFa@qP9BUlJ}sm<d_kLZF(ald
zs`s6#OOt%r6O@IiJ<?QmwB7bda#gJH6J3<X`I<`BW@Wb0iI_2^N~13mzNy`7Fwje2
z7V?O<55hed;a+}{(Ev+tH8{Fmk_TgV@-QCldbdl9Xvcd3Q3m>VHG|?ofP$SZ#9C-H
zp+IQ#qyhc?CIMkcCPo<VZRn72yuD8*8gJ4Ck9UGQFx-i=1<LhVkJu#m51eyi>ds8y
zcX_z#r^K55XJ;5dLrs#eU2Fi?vjNEMg#a)yngX&8LojJ=;McJw|2AN!+CjBb2DN*A
zheY<4#Ggn;y#G{^x2M<$ikt5e^e$i#lKDlABrM(1nk1yfCd5V#&eP?%Y4F#Yc+mtK
zouQvnXgz7b39~_N2js+HG07l}HYD+4e;vO4!zNtbszcbbv}~}*%hH}BnYb8+=j!~!
z8N`<{h`TGYPX}{`)G^7bCXw|I+jCi~UDlCMr{vK!(nHWCU`<}3%WumEx;IpryjSx6
z@6Pc76D$w#7nhWh)eF0+%gR9AL8eLRUfG)-ugPm9@N4oU{H!*_;LE$L)kSA1TXeP@
zhDGO(Wh&!$AjW4=@x5uV;R`=!Y-6aJpd`V*|1@1$O~D6q;X#~z0l5RQZKJaJ>jGN`
z6v6{h2w#638E_?8Zps4%aUEV=9F^X?LD@t+&o&XTFBJDeCEr>`y2m<_mD6&@6dD?}
z+TCe;1Tob;?L155u~SXtk<Aur^e5h{=8+7S_A@C;P;Q-cMN=lZf+&eQ$baQ1D^kw!
zg@Jfkb{2G--ITxaj;Kim#>Wa|Zhqzlg9qJT8)-hp&45Es!06<%@$A|1!M_Z=u~GQs
zcUKLPEr-7SlW=MupSuZ*=!<xQH*TV@l|sO2@dN}|w6_Q$In^Up3ZX+*PwuXweT7_k
zT><xSWdS#};siIN0uT;=a-r;z%>U`w!{F($rhX*%NP8O;>@48Cy9!*~j@|hsyS-P}
zJGswxyNz4iJ=XHUu2cBXcV^x(G~1Wr@Mc@QeVxH6kpfqb-A-}0Z)-sr)ZL7AcR^j>
zRf4fj@K?ejP-&C@$QyU!M%KpLINSIfF6$=vFW}i3rH#ehs8g!SD3-MUOdIb=|CtQ$
z<Nh=0Y7X9^c04^Sy~S=Vb=xytr7n9LI)ZcAIsDVT+GW3nOzv0H@z%<Im~XnnQ~UcG
zKF6DZFYu3aej}pXKz^;kfzR&8D+S7RjJYTzPY34YQgao>n0*=R;@Qy`bbu7n)twlt
zi<B#6DRl#^ZV}eSyWTJGk5r<o+c{Pj1FcBg+OxXju1b!#SB%CF?#;Bg4}&+*QRON+
z9Ub^5_~{l0J`Eq3rBEf8T48yNT=t-Q0#ZyZe8)Rn{C*6+bJ^XAYDQTw)vO@a0l9!|
zJ1vC5KsB44Vx1ExCm%`2*^GAb8S&iF9*HMZKLUt{Yeqb|_4(XqXFbM^o*p&hf<p^2
zM)eqnb&xN0gu^??;_c@QK7iEowNsRRTX4Ukr5~;YcP$>{X2Bn_Asxvt0`k84t}n&U
zMArP|E=1o`?Z_`98&Q6Rf%#>4uSLI%{wx6G<wuf~h}5`ul=#b&=^!iEAq%U}fh)*X
zCsYZHw7@2`J-*i-o5{SI;tKb9qA$I2^!%4fRN-RKv6;K_AFfDd>il-8@Ksb@#)2Ac
z&ck>FoXy19ZUl0lfNrElF3W8MdcVb(!{VW+$sYCuKyR+%P><${FK>!OzR1C0IonzZ
z%$kaR>3>AA4O5f?B=6+1Mp=ZKQA!l`VXOZ@Vg00M+o4z*xCB~*(f~Gkm(6MjZ#%C<
z0~<CQ%hGLZ;k~!IgAx~c`3ZF_8~P?I-&RJyeFER~`P7j=eWO*51irJjX^ka=$>e`P
zL1kD#u7gsq^JHQMJj#`yfr;?$Q`l6RvQEn>KkSWi%B!S(WHC<Z)i;^>vx8nNo{H=#
z(7`8evNsJ)_uT_qa&$-GG1@_1LJ0!@IX)J~ADvoY<rKfw`yP!%R~nlV@#&y6{hSIs
zK<L?v<e0pT0s8S6cBb{o+azsl4BFX!kQkkL)UZu{KY_l(`-dC6R;@CE9w&U@ZX0=>
z;0=XStagSDBn!rG1o0~b>*lDd2^6UMoZjCgsRjS*q!#?I1u-Ib)%%-}|22?bmEvr2
z(%YL4&a+6bPl`I5>|&nRJJCKJA3ZtAKo#7Mdf(9kr@t^A+9|Zn>8stfTzfjhK>lSW
z+IceP>)Zxu%&X{WP5ba86vytY)M-5-Ra<*&V+L`g^;MSF#H@Ut`vdzt37;rW!fWA0
z&3L$F<I+)&xMn=wZ!td@e}yHqH<_)+jv0-GR_~=y222{-<NF~udg3Cz_cZhJJ=~C&
zo}?bd#K~*5{oZsfwh(K?x&ZvJ_O06XtMv6@)}fC+xRJuFMR%hYBTRH|9fNN`R^db5
zHn5^%SR~&uc`7u};L2*7<eTKk^#PIA%AIuQ6V4pRqe#rYlL!S@o|kSnS4c_Gb1AV&
zte3V0+0feJ(0ri9oD#p0Dxgr_piNnx$Mj8L7%Kzz)^r4~0Mqgo&`Ek7S3Hp{%SS}`
zFBFUJRK7<II;w8q{gG5|F<G8RYVc&rzo!wSdjVDR#tnRM5#DVTa6eSQLegR1mwn;;
zBi#<cr$-Dy@%Qk5bsWB3TzMJBV}{RH@=y;ie`P9OI)=Wp<fm;3eP?r}?S^OLi=3f-
z+0L|GxRM>hg1^F_$rbQ_PyD+!&8sI0xZQ`~KYV&6SOAX{aQDFf-Eslfv>(cjL0JQo
z!T;U$P_}_jHc<5IP$O4@fI!(gST93I;R}pmM(srSQd__+taUqTyq9A<8{=l}{FhH^
zTeL5!=#0_733#X)W_g3}5Yxq#voQ>r$OmpxS;h^#X9d1V0=@xewX%1j{#hzPU5><b
z8RjFz(`_Iqh2Cc)JzfH3IVc8@9&f9Xssrqv6YBjiIgHA)Zoi@Ud)b(aAM^Ga#0N9)
z-q}~@?FE1?HG9)QEoDH#jz}FrDvDP2JvcD!tEiN>q=4M~G=nTYd^g%@r7FGr>j=u-
zes<<l+1s9M_%-->&k}{7fhjDEnalL}vbTV*&M|yVu999^62;c>$zfapT9OA3FS%HG
zfbMnPp$QPqJ-MFPJG1Q$9nw?zfCZyZ+{yd*Ho|7S3XQ~<CUGTyHn7tfu6!J{RY`4G
zm-tVodk6bZr}<{XCKC6K;~P<tgxzXM-NM_|9czJp?<kL{$s@nEDrJuz;Fg+wJt8;R
z<eu=;UuZEbyf&Qs(UFMy%O3XkI~j>QTgsM4IZbWZUNkOUD~n*ixv3NGH@nC7!<W`L
zmCdP>ZBC5_xmLSJ264qbbDMgoi{d~38{C?oq9p1%c_D5hp;c1n9WepK)|{T?B<>Gc
zfD=)^IUa2+yxiLjN?<-JVLs%}VwF^0N=BRFPMk_hgA-(AQUG=>1$ch1HaL<R?4fIr
z+Uw)(u4(TQj1O=>YmnEp$aAjHl&Xm^MINzQTq|yq%ElYWt-H9+o0V5O-BO*0u9kdy
z(cUK6%)Xp2<<mtxAXfL2?EDQq_oSP~lOGXlfjK`DmUZ}G{Hze^Z;*%X)bdanqt9Do
z^a*@<`%Y4MuKKdCE>6HB=p&tOAzl13c=mZO_CS&@V|+U!C)prwk$(3iOv5hZmjCbp
z1A3lf^if<L4m1Mg0v?X>(<%ezClvVrHLru3Y<xcl-nVxUybE?FfcN%Pf_K(V4ZMRC
zcq_USydOVtA@G9EuK~EEyP}^?q+0|RN)->ZkXw)sV&!2KWGBiM-Fz_k??(6qk}m-N
zq3s0!iXF@{&Y~Z|D=9RB4|ixrFsqlE^W@y6Fa{*1de~`-hr};&9RH+o^kd^V#rqF7
z<~3B~KpJ5nqV-9-bhuNA|NqIQTK!*hKkO0LyTmGSJ$cqdq<zdL*)2{-g6*GQTA+zJ
z;w*hQ!xI?pL9Gtsqtd1ej{&>xHN)p1*xAS?3Xo$F*ZB9D0Iz`=7Iv?jKgY`DZ^ygc
zGr*V_-eVu)-8WD?%BP*+MVo)GNxY-fB43r;0Ofc&jrX--07iP~VNCmd49}D4hI*Do
zoNnQ#Rf}C0$KBq3fe=aS&9FJDp^;M9M=gK5TH^1%I{xlT@jr^S{GCP;1N2-J8S(Mu
zf0q2{RouG#;Azgsxi3h7@QMV9>US5(Ut_iseRkWX=dT%*UC>0-*>RhOI(PPD{57>J
z@z-ts3*xVUxjM#Qy}By=^>g6;!xn<~p{)tv9mC))*s6iIw*v2bmk_*fExtf`pn=zS
z$uE)z_vqxot~!GM-7WF*fJRW7L?ih77R?9>dZ_Z?a2Fg4634zpC=hri5#DM|BJiTM
zMkf;f(ItWXEXo77Mjq4&7bp*2(8>er*R9C|W4t`LR3i_r)5rtZu-97TtD6gib?=-@
zC=htDYh^--@Tnmt5ek~$|NcCEqM+zk)+ag?U4TB3$6vfY@pJfV@Ft?q%*}fKdK9Vi
zP-FvAXUb*`b=F?W_-lMN@t06|(fUEh>|dfEEZIo#-nl6Oyn`9MlQwDK%~s(3YbS#D
ze->W6esF)MUr|3;vw`6M)5dstKqHvbL?d`%qh<t?x~cNutB#6(uw}u|)DQm9@xt_j
z%KV?BADr9yzp5XscssE;Xh}bK_gu!Wq95Ep|9@9MNS=Qo`oT4>|B8OlcOB8^`E`2!
znu*l8>nu@c!#WLhF7LwlE3ZBAmt)?=>j%m0e}R7R_*#P3lL+3v4Bk;%cr6ONW$g%F
z@$rk-4<@$z74?Hp))4%`wej+RMlk&hji7j~W(1=;tMXu7TU9@(ocpu&gD2ZwfPV0S
z^XKRXhqwOk>Ia`Ky-5Aw)y9n0^aGXj#?tweJ>mJ()!v>l`jd0&@$SSdjhKV(t~U6J
z6Oc{^vt}q@*|2}1eAqv`1^K|@Np4^;05Mzhq9VdpI=LkY!QiaNfO2v6IX{R0&eRb7
zuCLYe-(yI<Z=WLSt*+HjZ)r!ye>NNOU)t;o;XeRbyC84nk_|t5|HI(zmI&T64FqpT
zExbEBDEl9d?SE!ny#COO)5y0R9lZA>fcLlh{ZBR9|I{$~VADg)Gl=i2(Lj7zhh)X`
z;GH%IGm(c?`ioB?Q7eQ0Z>{1xiw2N0MR8WR7g|!|-!ZFIkGPUGj51<}AT~))4^w<l
zry>F7x=QC+sz;_7i*8Ie=9NB>p@xtAYfM6%lGbcO3DFOaDNS^_)S||4J4%RN8VNB>
z{3a?P*tifL&>RNp1jUyqD4u__nV^`Af+AYayjZnl)kuqnPR69g?WjMfQ|E3)K3wU|
z(a48OPoR0f^c%0iZ~|!9u8|HWRO#@G^@mlDwJskB2B6&|LoP%-5S%A8(&3k#Kklkx
z``?v%e)A&rE~zK#eRHLTdZ)K#{B|sZ_$@s1Lii0~)-2E;X8e5l(3in`zA6E{yG}6u
zr%J2;WGVU&gV%9E@apx6<cwb+A0Dq{`cGB7d?1K>Gl*SUh*Ppu`S4Ua!h8bR*di4^
zN;C>ze_B2uMOAC%!-(_*@_{uRl@AX)E?z#oy{<L+V7yTIz{Z8})FzY<{=X-d57Bz&
z$^`Pkb1Y6iOc1xIv)3zLLeTjF&0ltG{=}VAs-%<|>}Kl($%Vs3gACk@RruuRo-cg#
z$OW7)?79AewiBhl^n7907mWWa^!(%_{{MmTe}$I++bH~>%J~1`3*jfO+?*2Qr;k#9
z!G5AIgZKOw3E<szl=1%;TK>;e_@BY+xFC4RWmE+>B~?8S`8CcLe*ZbaKkSS6{RE95
zn~h+Ab_5Mpbw4pbMLA!1?4b)hUnsSv>NXRDQ!ea$;ogB4xSx1QyPx=DZHxPfITkK|
z$LHi<nm@zpI00P2kRGW-VK7*%<I}eDVm}ZDrFU2?^0iSR0DF(<hGO39iX6BOt2!y*
zpEw>QK}~7bl!QA9;c!d_+!ud;so~!nTH;^3j(<BM|Ni)ZmVenvgT~+T7U1EPPH`g!
zk!+H(2WX}0c#TB0fP~GUh>&r&|5xzA%=edTE~1r4)p=2|+rLH?yC8I<Qcrp9%4k4q
zE4&s9Xf1DID7j9KqC{T7Vp#tMisE8e{|&}}Vf;BkfByF=JOBGk&!07P{wEW4&xdE9
zw^z^q(v|Z+Q!?!Te$PbhGNkF){hvvZ7eDWOc+~HI<@4bme|G`$JLlT}&iQbcPYB;f
zKGEa55%IkyO!z+ViAI_%wJ?15OCovL=XV!<KHOmZCFjGx|Cq_YICvunZx;sdby|2E
zQyIKPMuK<l^o!r$<r^<*z0uS2C(GIS&&PUrQ!uR8?<Ima^s!>vjPUXbyqgR_&uf3H
z&@-m8pm_VKK4z&CnVPM9PRF-jHze!x+l%$wvf1hAhjB$gNyD7qMd3V<tXW?sBfJkV
zc&iz_=?vblm&dO!HiUTjL4ugmLi|#Sy1sM;C@B4<Ag;rBFV^284J+BgaU6ePDLMN2
zuArozHJHJC$I2uF<wC^hCGcXSCM!^Q$!yH+04qV!D@-Qw;&$>0Q{RZ}VO_r#F&oN$
zjrBEs85{qy`0;nA@gJb^Z(XLLu$Pjf;|Cy!dD|8I%=7zQP38+)Uz4u>Ip_C7L;tJi
z_rb9jcfWt+`(Nk${*C)C@cf?H@57c^SzAB5QdwK)AQrF0H5JxZ1Fo-VnqLy}_LU}o
zZr1vzphuOmSt**9eqPx_)0oJur8A64-l&|n{;d12583+nkzQU*M(P{<J-h$<NPGWf
zQr5q7X1f2H7AM~@_sX<7KIq;Y&9M>{Y!5=6Uuu7}>px8Y|4<L_-3afJ@0kAop;rG-
zQuP0`1aJ7>i-7mDvwC>r=ksu1?R;LZ%qQtf)gv<uihh$D)o-rExfN?-Dh@9W!Kob*
zo7QkPZ!$0?=Z1Y5vA3go&bl~%OBH<s5q-Bbw=e9bwJ(&>l}wTCzBc4tzA5U{i`!ui
zQ%~{as;rbp_Cgi3DEs$4IEWKyPrgE~iRq6hD{AQ008#Q~AAC!tZ><_}rf9Vh6bRIX
zF^EW&boA3CG*LscmfJT^Eal745IgcXW+@PQv(Oo_N0GgW<rmEGBNWbSow&^tm~L@4
ztTJ*X^*9rO;nKBz6nREk?n01YB+oD+^Qd(D87n3<N%uI;bH$4dESy#GLPk*N!9D;W
zCy!K$;!*H%k|9hH*_rhydzCErDXVhKiWKcf@8^oi4pOxtmE{S}hEeHe-yo2mzBY;+
zP%=Rw1SJb27+LF5`7-ze)P4QflMy8v>>VGQ4KjyS0;$a3EHb{Iv#3Co6H)mm`1dz?
z0uLF&253v#e|OYmb%*}N@RDuK^3fu_Hz7KQ6FN7dW8Ep~_~p@gz9Zp0^I|ro4vWp9
zlUp{5tZQX5Z5ILyRlG#kN5Ibp?`<*rTDgJ}fOQr8HyC{HqCx_=c>~B)z>F~#^iX{n
zN{Ko+Bnz=Ba?>CX%(5SWJa?BmP_Fo~Xk23&=xbXw=dVs>pvXdl(Cq?4djbpPR>ZB}
zk2P}7Tnd_>w?BF~5KqbBOe043Mr&A%5Wih|;x1wo3>NaOnl$I6fnvmiE^<9aKQf_Q
zxQznr)QCUkHc0!HCy~1kOTyNE8K@{nVRSIh^0nA%1cd}n@^)xBGCmLe_S<6_;KNE|
zhk?UNu@h>DM@6sQ>|!n?<7}jq%=7*p(7y@2x?pL`&s|OYJHjy_t?(vqh5!qk$FT<R
z?Gm@6Jw7OBZpQ}i)nkGK($EgwZCnl2+<h>+)*kZW+=vVC3tw%(1sKD)aLY!fJ0rCP
zE)jZ-&3SHxd>rj^%@k~?N;>os&d5&rtC)TZz*=b{Ky={*%=Gr*mTh*5o1HKN`8Wkp
z`~$p(!VE75$`imFg7ttzwFc&D@8tlqfx%osFjq!lu93dmy#al4xMeq{M^+bz<I+_t
zbbtY$--zHTCiJe@{oO^;N0T9rJ}|hDmOcvZXigtn75eZc198X$Y080C^s~-i<g9b0
zn8C+8LqGF+eEzce-*wUR|3b6*zu5KvpKSeqN5B3L!XU9rcC+>W9qsym#?03Ldba-G
zelhER{V&&7`Z9RW|5Fd|aD;c)E_VL+Pwn~NX$Ef|gV%8}@LKB==qv1eM_HgF(x9H&
zm2aTB@-a=GY4P4`6^$h#J^qnSW0_+U#2ZkT$5_BomuR0;RapXGCQ@0}UL5}P``JTp
zG5hDY_4vC7@%M)>34i5pYw$Oxk>Ss9!fcSvPFD7_urz7>9wMv#r_*NlhN?Z^#A7S#
z65hBO6deV@W^cQ|cuQmre(Qk8bxg|O)`bdvGPzg4ETpZ$pbCmt3p9ku1<_4jNm2;2
zv?ju4$w47dXajBgiB~(f=*917#fzUSo(L;kE1vwb4h(C}lmG9$ctFZ{H`5^h0nrya
z2K!qj430WuJ#fbE*34K!`@f~k{_m~${cI`Dn6!gt%>0&S#;P$?3GGJR(5W=~RyJou
z@6!N3!7&lc+6d}jaKL6vh$x<72_6AO-F<25(O@<oS<O##xPqf2E)lkq3sU)j^)xTG
z;r(-L2Ja=%6)d!GZBNp~u{#UD+!zUFry6R90aEpY+3+*Z69@l;jen`0UdwRwhqg2O
z$E8~P#~&HJj)yL#8z)8269@6rZndB%ojBS;AtaQsA7f*$0qpoP`I=OkZZ^kp;}1v2
zugZtRN8{wfuW)`b=1pe*@Q?WUeg#L|xQ#~K{vVnVZ$GKd_Z>%-^NR@+HRl&x`3&II
z8sgOf%OV^6O=+`-@WEk!ejRyrz%t(06gkkUNz$~{f%Z=Z20SAUcv5WtjC$ZfH89y6
z$<JH1r&5m4X{&+tHYl<*i4WxR;<cFjR$HmXZumfZn1}(ev<-l*K>LjsR*NfdpURaF
z;POfbq?WelF02w>N!P$1>&6pYmbC`&5HGMhG<JCs{#c)>hni2KbwU&;G!5Ghn`8OG
zC+J*{KQQQBkH5tk`mM(G_*;Gc=h1DA-p)ecR+iPShP;nE%hxIA6GBk?z}sEteq4z=
znbDZ;nYkO+fJ$=8+lPFL>uVzsYTWmg5FBlhcd_$adbXn$6??_sSk3RKcPnOrDet=1
zU`TL2qsC1e6iw>JWsk|@vX>yp@KM1&(6bXhFnArF8IjlPKk3Jf>FD3g6enYoJ228l
z?tbqi0ZrEesz4D1wF?iKroaR5B>3SLE9G_tWkMuGdmR|(NZwKDy}=b|>vD9Of6&)K
zeMGLlr+j<mo*<80T=~syokjbSoJD7hf`79?eOxJ<+!*Dti4QeFe;c4Nt~eQ>12N?`
zhWI|4Q9kkh(^DS<8rc!1FzBIhG9L*EVy%FoxnP?VItT;UQNVK#S3|=y$>ElJq}!}N
zlP_+shwZ@WVl@=kDf0>Nj6ql0n=3%KwB)C)Q5|f@?14XRHH9ab+bp`tdc){SdxD#B
zWNQKYv-@xXw{;afIgSps@Z_lO$u{19s0g&sbG~Qb*Cu#Wc@(}>0-y`4-HwpAd(3}!
zT-&0(NkylDthTc)wxh-uMn%R+Q#CT(9hhdrIKnv?MYlJ)_Ondrn~2a?IYaxCJ;wcR
zaX%91T~R`Z0=at`ADoEv%llUm{SMdC?_;?Q`9S<%@d52SzOUrY+WcktES>qv9DMF}
z9Py5J2HM-*0h7S8z+y;MsaG;=2B0zDMn0Htk=MuKfi-{kG$vsn*ZjjiOgKJByX(h1
zSr`hSS#onqF_S}yWnfJl2#g`a+XfH%<pyl|xRK9YEd?n{L3J3@x+RFu3hTyi(+e=_
zcxj~(iDB6z7Qyi&=l>9XeT=pg@bJipp!r>z8&?SM%Pp(m9mi%Ka0gP|z%;{*7|8@f
zD{zZ9(m_iF&Wi=(4BNQk$H|#IbN{PKf?x_P50onT|A~v{Dp*<Gzh{^Mbud(<6nzu(
zhTY=~eV<GjaXrR!z<ihx9^-}#(#I<cq+*m!5IdkwjkGyA8_1t56H3J#9`lJF^N7c#
zS+C;E-D1xPxb3}}Tsr7mNwJ&@YDT4Fyk+PIhCd7Qj^Ufxz8k}D(rR}WD9EFRj71&;
zrK9|90v^F^i(vBN4-|N9pX6GP+tY7!O?juH<nVyzhi5nU@t6U7NV;##eZ0xsi<nS6
zj$9r9y^>o2LgQEk(Bx1jSB?=v9h)ATidjQvz)A(I-pMTv4aseIu^xHi-DRk)e*=5A
zhXLac+u|a^GL?S$`V2$3jAAj=NN3k)D4=sCnA<o!mg1w<!}^efV0IG#D>Fj-OxXOa
zbsHj148bv7a8&!ua&~UTjluS(gy7H`zRwvvvIp9G6khVcY|jw<O?k`naFO6fR69$d
zR(NXs{r3cn?&Ube72l3WE)8<`czgLswZimV@kpdBN2M>#<yg%XUqu93z8UwxqXKud
zwYePK=Wp_jRcaJHj(No}{A?tI@+{ru*z8*_h+FjSdjjp8_^R(uFs>;UkGRD-`1W+K
zB;U){BPHTdzE(`5B*HpgZ>(vq<Tg6f+ftCYeXhhoan?0`eD4<P#4p1=P-PEs<v`Ka
zHT<HGKA$5W$l`-bu#9><CSTp`-MD;;`uB5Jhbv&F0kavfoVdi*vI&pR`ZV&PMpzn-
zAwH7<pWX#r`Egk8xN`5cJ@bkVB;^$~!9X{$W*pe*%yh?bkYC~seSg;%EyVm}fQVaB
zS#b@Xl<p1l;t7|yS$?f79@+%(VYszu{5qXH$|ld}NYUIhn94Vh-AL3&#O;!+op#UL
zg)1Lvah8s<z-I=0X2kZt_@tSu{U!@Zq0z5sEF6mKxZ;K+oH2Io^{GX3?UnzgdhO*7
z4Dkf6cY->`74L%A^8>%NpujBoItjC{Sk%Ok4_Syjr$Ofx*!hTn`L9avH?!W4zpUv!
za0MTjqKs{NTa+`C(aXDdHzqPFovOXN53fzeJQG~;w;E`FqlNb6HxfZxrG>T{p<SJd
z4S6q98#$R8P1_!kZhj+Xxq*iSDSV*6f1w3t;<;1<<qlG=P?dA$%7G?=>faiuDpEC2
z852VFycVjL5UT#EY<TN54F$CgE&qF>hThXQ^dD^KPzq~kzowzvwGBOzu%Xr3h7gGG
zYf3|y?n-S)&^B~g!iKt-G!1owAK}SLLoaF?8l-LL>%S#xXs))Q`PdMbqMx}dv@`e0
z-&&fvoym!24&&bm0d0>Zmz|G9^2L)*|Mw=!L4w)0G<UsR{&>sh?6P-;)g7E}84>K-
z)A0=##5+5^?If%%(z1Sak+3TT`L}<J%olMnGA}SUC-X_D2kF5Y76+Ck0a(TaU|nrY
z1lD_xpNoWj$<2CsD6W^+%@;QKdlUB3*9*OjZr;oIxL$@P=%x8s78Eq^VW$szc(*yW
zu8-?sm+6AA^%N#>!+o7%(?W+cW`T2^_qFlwHMyr%xznKYezL_G@PLMWC-i$g8N=Zo
zby|o=ZGdx~5T<SAL2n3STF^Mi4xH0NmX`ps1Q>qmkm;8~_GApQq&PNs^t;aSa6TCa
zCnXGvgVU4%&c|DXv%3z?&KfJM-r>QR=tlt@p*7ZM!Dn!XF<0ve&SoNu{TMS1u*R4P
z^NYnZ(<PKViz2O??ViBpeBc4B=@hp?<x?33c7isY>YFI#O7jJkU8RblqSZ!c>DY9<
z+~7(u`cu)~vsl0fhG3S0@So@^H9W;g-Xx}aJ)}!AVvv>_nnU^~?fNos(~Y@TsS;gX
zYv*d>7EGVoAN7A52DjQK`QOPjD0Q~d-H99Y{JW+Z6g&36|1HxH{*szjG42-og==&r
zQNM;TrgFmZ(TIh>)xH~`x20y^0?_QkrMgOZ7Gp<ODS3f48Sj|c4G&-<G9ETDtI$-Y
zD^$%^Z+?z~;%<+O2j%7m*gMF>@a7j2v$(`V66H7xv~yF2XngDz_qt)v=ZxGmM}`*i
z4Yak`7a8AMxmf)44@m~~emJ{%{EJY`K4$o-NQ9Lx)0FPOQrZ^07K*pP45u`zRf;uL
z21iRD)|5UJEuE|>{c9sCpYal_<3s0Qk0J3e%<yw()p|LadhaK!cXVc~-pOb^sUlXd
zGGV>yS+RQeol^(=UPZG3Z){XzD<aLzcrBCpgZer|<5PiF%JWK?#8j${i9GO64*sFo
z@D>c=WpiT$Zjxfs!Fw>1k2js=$nme_S?DjmirL$dPX`6aJ&Ob~B*}XphSjcd*(oR!
zd=hY2pu~uzls#u8?g&Ptj!2yj)29-a{Pbap#VZ-{6T<_Ni9>_5_i#iBc6sZ+BN6#}
zK}_YA0he>j##su)8!ZJ+5%$V>>4)dzP?C-%=`8#CI3VR4L6^XD<dr$m$j_|3)PJ)c
zzkRGje7sW%U<JEVju%t7W!U~$=nOjq*|KbOI{Z$@TU+=|*TsBbEcArEjk3X>K))a8
z%{z90@&r7B`vUYB;RBpI(9`YM>m47pMYxJie-QIR0C&KvboK~$HWuc2^XM#x#Ya2h
zRE#`)1M+i^xE)7)zYAYWXBe2;fGh=jYb4KE)NrD8yz8j51*Bm<ViQ<r+VcqP(CS?(
zs2v_<op8k)5IbmvvelrNqpYR#1vijL>r;;zN5oxjG3*idNNZ0-BHS{Uy)8mBfS|b?
zv&04Nvu6wbl?)s$Ja^a;piFjR1ppn%&xM`n57NE=AtK@f*f=kS-AJs`gC}rme~?`G
z6k|uC0cC*ozgHT2LM18lyJU-@!BiCt&U-J4;#~sX6a%!4Qa7l8Mllv_vmfXg;vIGi
z%^cc}5cGHu;Qf$Wwuz2kb63aRS9IkHU-r%<`#r}7-!XX!ihmUupC8BOzxP>iK$}g`
z=10?cE;WzIvbf@#Ftnhi3vK({GyUPIceL8a;qY%T<BWQX4n^MXd~g6q(fo`XG2|b+
zMVD^<6pu$>Fp*kdol)uGLroV}@lsZCG^;o|J^Vh)YbA(3q6N%)DS0T8Mwn9Ftx}1P
zD=EYzbfeC*i9@RRMu3-hk`rGTr%4c3A+eP_k1yWQ#3HI$r0aYj>pV*SM2q;1^u`d>
z09J<U;k{@ADvNaWKN(}E%;=!lThm$1HiIURakk0|y$HX@X$4d4DfT2gCNviI@b+M~
z6U1-36+ZQKpxj0EzESeRXdxLAaiu#c8uBdQr|M?>GzrPKMnD`Y{DiG|2lFMny=X+^
z9YU$Q@Jtlr_4dI7(@{3%Ffawr0x>~{0P=<F4GSxmm7-h}GMe4(y_+Ss0<B}4gqwP7
z1(t}w1U!<oiC5b7^m;4O>t~>Ch)2mNBWmQL+T)}a{@FV-YTqJ1%Zv5Y_99gG2qX|x
zlhnph0P}%)T4KF}PUOC9v3>5D!AP)qY9DgAua;oZgl57R%4>pVA2l%(8tKjDXzg*F
z1|(mjtI;EI4exS1&-@ah1X>lH>EX{=P*+&7XjD@iicMVu1{<hS=9Me4W6s0$rU*+@
z29(VZe5E5QX%FFfj-#F{xfWmjEj4>U3d}^;xh9Of8MQCLAd31Bir&%6*~%v*Br{h$
zp$noooWjrknXN}l&0b)^J&nA7P9vu1H7K{O;qk9$82pXt-pipSpBGmyAjk*lmU?b9
zo6AB}x-Nq^<(nHuqtzw0?Hv`f1+ZY?MIfX8ynl$ni;J)HTiE=wc(>5Yq1QlLVXxTe
zmHqgN{hRuTyj#85uV_@Pn^xe<YR&iP2VVRysAd=c&c@*Qh<H<@oW5MS_;)szRPf?X
z?wN^7_(V=h3!)mcGdz+dzLMS=$wKPB2A^dU858HxjWM$@!c2=!Jk<v-_V&a~rpdhV
zOR*BDprFjrzcAZ7kFj&*9^WxuTwCB8GTJh;uPo4)$40QLsT`J$4wJ5aBi&GrbaqNS
znveA0j8u?Ok=UOPj->pNS$IY_l2*76jB+o`S%julc(gv{AWMdQR6?08r=eWQtz*~w
zdE~f)YJ(D{x;HMAm}J&~_d!bPsax>mzgilBE{_!bxZG{G(V%M4>H<&Iv*q_&IDf>H
z1@6G`0*rY)=T@)F6DY9h?;EUkTxKbM0IFZO$}KaHzSr4_+70w1n8t!ATbV65*7-Kb
zNoqbI&8-e7Js1SmK<U8LRo@->9V}kuo^-cE@})XIG#0P+@?3d1cQseO8V3*@YT^Ag
z*#Wo37VCU4LM5(*{<|_E{^cZP-~kvnHWhM&eJfnzp0KZZd<#{o=TUh2LW{sy>^-B?
zKlI~tt^|Ye7tKpEcm+O?;h$?Ua8KhV&Pn+}^K&B@BGx!2=<0`-FCjiKNE%$0L=o;W
z36l`1!Dyt@ZnB_c7aTk0Z<HVB%IBr$VFr>J@Yn3iV#d>X?1uN;Gf4)DZ*xm4Dz{6k
za)WRoty^5fiy`U3Ni-FyxWmeklVGh7Pq2+xWc>JOH&q1*?~f;Y#0_L<wM9UQb)IM8
z&VS@XM@$MFc`;!82U1b{&qh#k5R^`^p*uX0`p-cs>*U5%aqu7qbNC(wg$1+h_Py0$
zkaGlBtkICc+Y2`QO(1t+JBV4fa2NZ^z9d83MGmH=*gTW&^5pH>`3p~(X3)mR&MT@p
zl~)uobI(=8<pV^0+AXeiixuK}c1aF6HlynA4*ZtPHXrcdo#|?CUvUF04DbW<>p3PG
z7IbFXY&G(~Ugtw%H?H$I_InQ~@k?RL<p?j>DFhb)j{x@12x0{e8*^M^Gw`l&m%N+^
z-xGKc)wS~cbkS@l8$%pt`1b~bD`2-%mPwdpOgiTl9|SA{Epsl%J|AtYEa4d_;24M3
zfv^g=JK7v!F31AO4($l6Le|MTFs?)}@Y)eKeE*(+i;+b4fOt{I4*{a_y^meI6K;#l
zQl`hB2h+q=Inh<Ai58{eATk5qh;YTnNIZ<P;$7i)U7;ICckYQ<-C)fQTJcEQu;?_3
z9L`_d4b2KlO?;#Z-{+^*s!w`#!zorCapj{dxXNX5PrlHVR=G%_W|d>!ICv^moC@M2
zFy0b2+YIc?2IB=!?Mgq!TF_Ju+89r547;(2%;lcpji)1f3B-51(|O&9VEg@eI=JWz
z!LoQs8fKXmx91gYD9S7C9}1@eP>aq)h9j$SPdo&V<-J-Uf4GEzd_4vv=8U!IApKJ(
z2I(I<84Q}@N7GsH!|A%>GfMF(eeq2htaxmOu6VOjyg^@llT~@!sw@77Qv7#)agR(^
zd}*ex_%)^Y&-&sXZIrj$=!*9%#ryQdLpWAEh|?86rxZV<FK(+$DreIbPgjcX*B9Hf
zSaFXmD)!GoNquJ*Mtmq3a_bhIh7TL}TxISNMsJ_91CH(IdH<R-_%sJLo;Bx?eYlZW
zkY_NA3fhTwd2U1#UFpZIA4EY<lA=X+twDEKF~kD7p5zWpmjwU$!ompxo(sTw#P|7<
zt;4u7%^&JqbPgeT>@HZIfa-(ul3b+^z`}T~8)WIG^_>lFqYN5A5+7NGgGG}|$NKq8
z!v4;5^`Yc2|5Ebxq+Dt84#llve`op)btvDpOWX?`h#OQ|mWY;56D@~kJt6PcU~-;<
z;5m8(4^R-Ct3~j+Y)oOymck?K{@Brd)-aY!nGiB2=<cByh31lYKP`2}G)DkibV#UA
z2r#Uw@H^RTSTKU$L`NXMrvbyOfbnRS4!Wz`vf?Y+>WV*Bip%xIkF{gPGur8jUvJNf
z|I%Jpd}Rk#+^2)C__$JhR9`&5BP*WUQCB=rVf<@5Y0$T#lZrmXUXdY6Mp3M}1ATC7
ze_%-xOHd6PVzCk?92K9}h7lfl9UhT9J`LZe?d8@^{|j93U!ngsEz^I;IQs7%NB<o!
zlKycRB{&^{6ldsrlL8m#f4&o%r|d1wfC@pYA=KDCw{{qN)YuVgho>18EIh@k<2sV8
zSx4S8wYrWxZ^Cti8t`>unFA4TGXQT*h1@f<iHx`rK{L%C-Ct4vGcO~pZx~L`%r0~*
zGYsc$W}9I+!JjA7tbSwQjo<L6w)4j0utx!$ALpL3LzDj6BsPl0TM)dESgiwZ7(rLd
zJ+Ta-+egqHLP)0Rv4bd3v7@y2LK1WRuPj<qRN9Vb?eWwgk1ftlijMc2j?M9XxLJ$-
ze|10zsU#d|uOM3@yj<tPMD8e6;!Z6;a+uhATNoSa`q-=KgIB=*+SoeS6~-vo)g2S+
z3wVy#$~+H?HSq5QFs(=clkgKTT^Vcg^^T<M=-YfxZL@Tw5t%6LX{TWC`;G}oHM#X6
zpgq3Q-}(eY*sUD`@CqMl9M0#~veC>eY<VQJ3KRxhkr1=~wa93jp<R*2krpm#tBj*A
z0Zr~{PC-lB5h580@oMGW36bCrE4{JKlEc~XKBnRB*%r^duS2K2TT7Cli-Y8V&xCOt
z`K1g}$d8Rk&(eQy`>V6`O>H$S?Vr+7VHgspk1=t2LRz#6#c4fJ!pJO~QvW_vNgem}
zby>K6e=m1{1qv`EL{{?C>IBDDF4#4Tt>||#%WT!P9j(sC1kC%I&GKWN2+h%T&-X5M
zBEQwj<ZqJqD?+<pmMXNNw)|8SzL#tazK#f=zsjNk5S0}K@QM}y6iqQ$LJXD_N^g}m
zZEs&hd+Tj$2^(#c&L$@4Y?}3To~@^d1K7dD`d!BQ{SOq2YZM&N0>rZw2yioNqx`)B
z))hLiUW|hEEY}iPv$_8QSTAsi!8+4MH#cStT;H}~aP@5t*NA}mb?wwtGFU!WI=fug
zSw*z7V4Ie3@R-uqxI}$fUsq7jQICO-S+5^O5fG;rY>^Kt0KL>k3(%`kfX-#M1kk?B
zmM0}(-S_KEN+dJ!q}<;kSU3JRz?$9ySR1S@f%T!aMK&J6m79B(woEH$t%=$A9&3w2
zV^qt%{gluMw$NLBMvH8)Gvnv7L5?*s8$6NG;?N$*_}N4IAS3b6vNKwmwWjnIi3vxh
zQ<s7FbPK}=tn+_G*9D#8IcuvdDPUcak(ihkrMHOjg7lw@@qeW!#&~;Z5tR(s<;L)^
ziu&8e1sl>7jRGSmxWxkryM2366XD@X@p$vi#A5^X*!d#^>lN{Yc)SI5Y}Uu}{uYq;
zQ51RKq-n+zz6Wo~)FC<3a94OGsXiJ!CTs9`DI3?UNr~~e=sbbmSqzi16odXF2L1cu
zAu-$%^y{Ll{$MSP@(WP_|7vLs=Zh^0&iyUne9W{c&U-01XSlvDPDlA01NSejA-h7}
z---(JesnMoS+oehPmAzPsjZFYgH(p=g+E0<cHLOw=w>M!%HLZXO6UUU=FL>?Fn*^U
zMp~=GkW-XtDQ<CE0_H=?P%cx3!Y7`W*V$nH+}dEixWIYYmZBZdH0^)}r7%V?>KP$T
z!w4PNsAk=oSgI<F&;=QR*Kxv!YzXhQ#tCa<`mYv9`T3aso7@`8=Oq8%MESkREuwst
znGMJz?$=;ENrUmfnHk1!M+=a|I)O5x&N!k{Ez;j-gLt>KLBzz*r)DkE%c3y$F#jZ3
zG@1S@WYO82m@EoSKPkcQF#R_q_#9JW3I0t|Yjj(Yq|og%7eKeUD&02QamJJI%MA4A
zTbun4FOY=)lB6Z!$yyRlO8QCi_}2JeA&)c0#N;v6*c$dn82?YMpH~@MTtCYUdU9_Y
zPwopI{W+u_-2`3`sRs=@QfFovIwL@FhfCZit=bxiP*5w*9S|`NBQI7%d7{H2XJjuQ
z99Vrn3qFvIaR;oh#!9nZ#JB?kE%)>#quj?HVb*Ke61qOLvJvB+Sg|h>k@qMN?~c$d
zLEIhe;`#7S3;SN~iF>et@1Ow}5Qg|=+~HOl=s1Zr2=0kVhoI*7Ej=AXPg^_EyzMZ&
zu~*&yFwo<Uh!;O3q5a=Jm$;V~w`;mt)TAC%j)gbmeM&34n$%X}k2^a;XW@IKh#HIR
zJ@#gJPORuptSIh`aj_-*Qy_%3Al%xNa3Jk}vXvjTtz;?SC5NNnHJvvp<fv=7`%gA(
z2x}T%9&IK5O#2C#u<+%v{+>?U-^icr&#vu{XRXAaS1%s_lg;F6n=!Ts_C|OuoVO<m
z_KtHckw7~fU|MW|@19FIz+OKIS&A02-=1p;vVrhgD<|yPVGa5BIG2$2a()sPqZXFk
zXImP3r`BOPBWYlHk+l-;hjm)KEfT3?CZ$HcMe%2J_9HwmuElVT;w|<Z)$m5KSGxrx
z8F<mR{|@^gykg9w2o&EN&|C$Lb)4dQZDfPh-uuuZ%pcm5TL%Tv`$&pl(1j29EL?UQ
z7QtY(uZw(rET6pgiMM-jrV$(QpW(z47{7xLc;I=OHon0)vUy`Z2pUV8o5^d{WzV5F
z2Q_@qW06;tC4ToZ^<6d20WKSSD{&4m$wF_==C%*wvfOqXdKBe0NPn?2%eEZ3LTkT<
z!6Nw@vmJk<S))5Jo0-#Y#}~vJXXqf{?UYA6i3XnTXhaAoD04Qr?0~Us>YM_btfZh1
z*|MG8=LdD=-Zr{`C!yTka*o~}BH)HW7^?_})yjC!d51Uy*9pOe7U@9*iTd<yr63S;
zU0gf^_MQvp%2<VMcpObWiLJC2C14k_mJpbvVoMPB0CtXFhS=$9m$$^(_bJAWip`RD
z6xl10<qivEso3v)U?TgSnRhfZG7{JNzhnMylP!GcJ5zX3n#R!RE%sxQ#eXK9dm$7Y
z@FO`Hu4o8$ZSYqKAvuNL@?B(&{|xjo(Mo;%nfhq|EN@&B*@s7X;i2##XjN*i4t8D5
zYWf?oNvzLc9F|7)J8EHM_06ieK^(A2;jQR??XNP2v(3tvjbtIzh7V*lRGOI|MqsWb
zTx-x3A5@Bo2b(n=USQF^eVviL-QTDyzF8?Ar!Rh3DSkj-yjdyUpf3(9#RrTEBrwl;
z5|BrDOB!7OhQrK4D!dmy#U1{GrjiKv^j^F_^@l7JA$CtAG=(;r;%R@x$dwpV&>A9l
zclfRpO_hJOQl<DkK!mt)(ZQxjq!6p3eW81rxlHia8a>>KiqS!Hh0|XlI73p3VBG1R
z<}Nb}{?+(w^~mUyx{X!5zcPt;?C@2FKh<`g+Zw!ElNETgwN)@uV~bUi)geyQR$1F}
z74PHv;bD5kfO(TU;NE0uVURyDz9F%m7fx&u&<b^IR?X{|wfOpQbzFagFU}e~&WD2C
z;YN#c*?O&b%)iHkA*8tc5f+~N_fC+8Pk%{#Pzh}w$KZELgsC<DMrd+1H5u-l+G-0g
zx6;Bn*24AFLJEdB;r{(4EMZUIi|3eMFdM1w%cAx@4oy@&bdEIQ$$Hd~r^X^U*3GXA
z_p-z{*G}79L2K>7gu#5lbir)FWF_pOB3zY<K}V|evCYxZ7dqS(exr4SJdxTWLW)a}
zTdEfwVC2M48~QBo-)Q8y6_Mc3h`&Y%{Qw|+>z?L%)~wPN5K)C9F^y*#5pDOa3g3{@
zDiFq&fhhT$C@Xv}xz!fFNNKr+I@ZEvt;4XO<rd-*5g5AJ9dK>7B*Ml|AmVK6!)Q!y
zc^LE9Fg{L>r>80kDFABN%!vQAkvWYx#aid0JqWKmIM$XM@dR%I7BsqHFYO7mrGGa|
z9&s%c>~tHqIQ?sk`P_=S(ZTk0PJbnchC?Zyz$Nr=isUx#cKX-i3%f@LyTbP>cmc)4
z7I?z@Ymx+i$R;=%eg6|)(G0p?dgw~*IE+a6g=8|_2zyN|z5|hb_(!$|h8LUJ({lAG
zhxQvau>FnPlpU^2B7zUEG3%vyfnMH?3$`~1p~m5!+)XWrK6oQd2%UyEHn%DT-vI{Y
zipP?ln0b@t1S@=*F@8ZYxB})fR{$0cCv=+Myi+Iil;5JfrJiuThE^E+hu6d{T5<NP
zzij=2{=9QQ5h;`J()ST-{}-(v*nT!)4Qlgo(#$E|Wks)|E5)60q7D=(lcGpjSNlUk
zC=Bnf4R1@LWnyzubBsjcjp84O+29N{cF)h<)WTH28)?qaX?SCEtFxlae<Tutw$*Dt
zWp=J4Tm6Bx6O_=Cc>42PGG@K@)9Fw8IClEuyHj;Mm0vXj8BZ5O(4~HWRXE0zMy;?3
z41LxW00HX?T8D=s-CemGLFmNEoY4Rh8)&UM(1haWKTD0w7dc>lHf|J;CG50$SFN^R
zi|r3&?JMnGV*Hhs5NvuE>OIrU&xThdmd9?u5g&>Scjs<Q)XO*+Gm{6kt@icrrAF^e
zAlc0tMwdOmiu_;7m|=4wW{AdrW&5N5mn1k*`lCS8EF5r?MUC&wG<G7|@crjhTJHWo
z=6L`4X8FU>M_vr^fi$jsZaTUi4%5r8pwpIHr}dZZx1bvzsYKsUWWFDG@r-PZJ<qKx
znww$p4dlw}V1hPBqjagw`~D?=rOSU@eiQ66)2LDhe8+LdEA!LNV5CWh*I`@8@qrl@
zu6$uSth&&ZMg8gG$}2JaY;J|)%$VRU#%!L;ujC!a@uTYhKjWLgl_!^-8iqb$X?!4g
z0er<^^~2`F7wMUK8HSPy@4+u-z?)LmLUQ*c*T%f5@P9n~&x8N{;C~MMx1n2da9E$o
zbet~TQ;5koy7h&Yp!5oC@ap;KYnt4N^@3jA!`fl__Ic!1DqVeThq(B02%jMa-;o9d
zzQgcE`r&Z}J_?`l=z<u0(Fhvw>c<K^n->y1Z#NJ;|HKCVJdfacxgiG6^H@Ggf#=V;
z@$l&V@tD6_QK2P+D?#g9^0_Mc2G6-hW6-r#2!X@IOo0n(3>g^pI7#)U@)${#bCrU=
zQz3}e=)ddh=?)CX7#h#to@Dp}S4nh5u5^pX1#zb|Hq&H~@1vv+UVC=6%gz~^`~9K+
zVa(}|<Ha2s|HH%GV*ZEynE&B%Aut>?v`<WQmbWuf_KFHM`qft(tmyu#clQ&-lY+Pd
z{q)Y03mmM3Z@4i?Getc;^~qCsL2}7_3d~&T>1+7>QUgm*Gwf9sm^nwvnvX8HKe)vM
zZt)C@?qI{CxGPpiB61ly>wYU>a;$3XW~=m{111BDVToY}PQ@d0@qa*=I>pt1&wO!>
zvuI6`tJLPCi<1f`yE)0ntCMHoHTi2LHuv4oX84jwG{j1dG;bbdZ;;-&rUQ#t%;t8|
zkw}EitsA~kPMq@5=}VJ*SMW6<!w;_l5q0)&fHiT0D>z`a(_ak&_-G3HVxw;BO9Q=D
zPR-pdcT1!hpv^BS2hlUMyAt_-CO$$uZcK25c$@YJG0va%mz^hi9Ot-V3|oZ3LSfwQ
zKyMh<Wj}Sk$QA#C&JM4}vqNXmLR*IKGWf_c_`0JDVB3aJl5ZfPD;4kju7llzJb>jl
zJSu%DV`OGJl6*~`6u185Rw$32kcULZPX`kBuLta|imttGqXfI=HBeRuizlp|uymq_
zi*XaH$dw2fC=-u5!!G!iyW8Vv;)*}gjxk4$#{UI)1b`=Y^vM-3i67c-HngqLp>>H3
ztsM?6OAEjJAAp;HUaujEy<%lEphLWfaLbDmovuFLo}I304q_E%)vs59%+T>+1`llB
ziua*>g+W?A_?Lk<HVVsschw--a_HMX38(f5fiymM6PBLZ17E}w&@p`FvODv+m7ajp
z;t2>gJpBO{6T~$DpjF7NEZSEH%T59Ja76((wc-Rfqry;te=s`4BbjA$a$x=Q^jK3r
zf_tQW78LC);JmvET-=V``52*~-pPHo8`YK`Yx!W;DSYTVv)~w-?Mrn!yxA7-)z09Q
zNP(-zZl}20w}tHop@9HbK&ZdX*uXAmz}HrZjtUx?O@3JjxUzdssmiUW(&{U)f)C*R
zg*J4EotgpTN5`je+5Wvo{*>bSqy{_KG?i9?Dd8IUqU57w{^*#*>TVl`ibV+nk`;yz
zc;S2Os^=at!^mc>F5vE~E#P*9fVcWOm*ZN*_OHf-Z-KgC18&<}&wW+_nC5%HB+hL#
z_)?078k>MM{G+pzKy?^uEaG0M<on#zm{)Y5kPqBy%PSoKn%tb@e2*ReeH?Gx2nB<g
z4>`zC0rS-xl`Mmpyh-Xha8rcEw-5qt<bTBZ4=WL$NTieEgJF})M`zoOrMR2~X2S+(
zwvC*VdA7EEgPse^uEj-#D;Yt1X!J=(@)|(D9<!ihoGm}MLZ}HLr3s&?WG3HNQ06h#
z*SomSj(CjwJw46?{fsDW-`f+s|G1~eIj8?1Cm2_bENy@Jn4tL~B44A#hxV9(P#!Vi
zpBpiV$^=k8Zb`vd)9w@-Mx0I&U_EuzvT(a2iiV~d<{TLp?3yP4L5&Lxz4XSQnG;U!
z1G;u2f$tj~n187y`U@vAU~&iM!Fse!2ps|XUMYkQTRpjl0Vt$hbB<>2!X-zzl7SdZ
zcLmOJe7s#_;!1*lm96B6cTe~%EJ#JL^njGzaZ0-Lt_(w*#X<so+uxWqvolgHAKGi?
z{d@QD!S+S)|2f{Vc~&ML9FULq6yY2US%OjLg9F#6pwa`PT^cgQj6Doe=oy1ysS==;
z|3aM_{?tKY|62GG7;A}shc8tv=tJW%2G(|#NeUF-Hcs(~M?B~Fnk#OD`}zv_0YxAa
z*N65dgY32TG<uz|Tv)TYY@-uUkYVtSbVgP=F&;*`)3M(7J6P=bKsxEZcXH)3(QG7d
z@T2M8Lr&~woy-@MfuzJ7hS4T`D_9fjg`jm^EF!T+{`C-oPua;Ap7nVoKlg~oaguv6
z<OE<}thB5tIs>c1ZGgfcZ}c~EVlB5gA0ttZf+9>#46CaU9GZ%uE~IlGQxs(^gE5(V
z!v5+lS_WNa01EmjMA!R&LJ@&AI^D4fGliax&8M+w4uIW>6n!x?czn877Q`BHn<8%r
zNJhzQWG+O`Dz0QXsZ@KL?Z>D+uH=8z%>!%mpc8ZRtPC%X$A@tb1szdAEx|Y~kySWM
zA!x4QlNkav_!}eypJeER_q`aejDc8kC-MM+h*ejzs<3zp!Qw>tF2R^mi1L!9sFS78
zpvydtQ$DlfYj0sZqMu(5Z&Q~;W0>3wm`pf+-!d&e<-bMssraEK7*BXkG>==138U=;
zX`3AzybnM#)c{|EE462m&*Y34sCvIhHGx*`+b-ZF10gVYYVr{vK@7PNqOc3|AJ)k4
zmqn_vAwCKZW@TaUP<zL68|0^|esz9J`{n$W_WusQx$kd{-z@*%;Wx|waen)5+W!fD
z)5kw@VpO5C6nqD1o^v5xe(Q8>;ELCfG7Z0=OdD^8E8iB{hqTg((f=)-0Qu>x^N}>N
zThkree7^_f2=9yez+imjyPeVhnY_WXf&Pih<Wa!SZsQryE~8EOR?q;q3BmR|_(he?
z<KMdjgN5MBy79V)%(q+exEHG(>w*09EGK~eeQko{iS{>fiv>D!cG<_%i=x|Z_F3T7
z;@c<)9cW?GL8Z!L5#`F9Obi8XF@Z*AHBmla+)BFx2DZDF2EP`G<V86q6*=Zf#xbc#
zhDGy`+(jaHkX<8z*sFbgc=1bBKS;nYXs;x0SNMe(&aY)S#tg)CG5&ZWjz5q+YUIa2
z<x=>804bSGL|yG<Lb0kDKk$KUKIkX;I1lAxer|)pNDC4%Qdt6eBeZfQmB0l<9<-Z*
zvr$hPa);gG%Ww_xLP_x#*b_|w!?!yy$EL`K=J@tta9u+6#=n3rhhRB0xSWc(Y{oBR
zn&T657#R|bJ&xa+jh{g0O76ut3Iu-1t&E|xA-xjvQ*R0<hU{cRcFGjL_K2q(Yq{d}
z2DXBn62Fe?|NkgI*)D*erqYYRPgcfHbBUjNQ@Rt1avI>XDWVo8IuQc-285q0--5%%
z*i8b9*_2J8yC`vrAOeo|N|KCG1oII$%38}Impw~d=H}R9Ng<e?M>avj%CYH=wZ7j_
z>@T+7cG9i4g1AAf*Yel%Du0bj2hdC2BK|r<{6+P-l9!0TVr?8i9B&L4Hd}vAN7ruz
zspKJKn<}n+EiB+0q6@eN-?>8YX@>8Ggzw!7zdfY#8!r7Dm72hB4k7qV^ZDUQK4AQ2
zW$TX{DAndm2hz31*lj8w=nbp}>^2o9VY&_DOUKb)g85*lf;1Ol>5fBqnwPIYn;S#6
z0LYHv%Qv_=zU9l{c|0l-jGsW~N@l|F3H*}jk!G=G6P@2-q;ovW+>TtQ>TF+m#PbfB
zE6!GQw)0S=JFnx)*D;#PRP?t@HhBw}`nHk+@;M#rP<uOs_9kq6Q{wculY+Qj9)<c_
zI6D6enEHlItOH@Tp2lko$MIVqAsA%i$1Z=!&;8!x_>r`?!!2oVqgCy#po}Z8!i6W`
zO|?Z;3(HQ7i)OX+Mk7X4XA4tuPsO+a7N%s4D)(2FWng8g^7T^`kY@6<nLf8g)#nzd
z{KH0?56D^xG)Np2E{m>DFE`WQwhH2^a8Wb<k@Wi8RE2-4wCY=H`rB>>67dfMX(dSe
zRSfwO2qYm`(j4C<biNHJFL@iaHwz6B=#}YjvbQi1qW`izhG^<NH-^b--TEA-zr7aI
z-}FOEu%7O|2>lK7aFIqsI~P>tfD3F+@i6FZv=$dvscIY)qWq1~Kc~>YB2Nor^gm9e
z|1+)9|3*gtG5J@hp?{4Gi=+QIc}DYb3h3W8<URmc;Q&}~qSTM;4Ngl2d!v{l5VNCX
zC8DNHx1OSA<_bKB3dK+p&RfxZQ%;6&Abj*N_^#%SJ24y+SI*N}^3}1k<je6axtCr(
zy2PW>(yc%t!x;VNR>=J$<EK0Q>w(uaC(OLb4QpYGXUsf1#@Fy?s)j!`iX*Y-D%5pg
zdvGnPI*IoO@%m$IzeQaBT$DdYYx(o^Pw;0=0{+zNlT)Kwp-!c0QJ=!?74h}MG4^a#
zpH%3fq<<5tUpV0<y>WeW)WhmVBt6!sxk?z+T%WqQ`M)7H|AjdJ3lhwK9kM-}Kpd5?
zOBkKA6nfA;@y=7{jw^WqvC-oE&22V+azP@x0{;4Gsv@9D;-^K~Z^X|Bg<#$mRo2%w
zHPdZl(5mq;_4%lm{sZ+hH8)qTnvdE*`M3lYFuA`p!a;ecb@`7|)m+ppqlG3R_4mCq
z4P@mhow+N+AXi86B{uQ_4n<JlR*UzBNToR5!j(Uo?l>{OAC`Kr;A{rGrj;Bge3zoU
z%A#~{Bj6>AIKx7T1~=yoo|*3bzA93wHxnRvorSMxQkEU5$)ni(Re;=Ml*QO>mw3@q
zrP#}L+q?tsdv<fhgN<sKba4kCNW)ZcTy_`D@$aXx<KOSpBVYU?p25k(ua!bzq{S1M
zVgms#gpR_-XA2*at?t}<y85Xr;2y4wyZWiatDhI|$}zZm?8YPe_Fc3WKlS+~4c@`^
z`P^qsg7I5Vk8j5XhZYK<gXS>~>mXn12*><E7H@xN@L|08`OzsJ^=;A7C*A*WI}Vi`
z@!i84xA6WdcKh=j2!eX<5d-|^F&E|d9O%2yfPdIm9y7D#S^1jKR2H(^S#31<o05E&
zI*aCH8oZr?{8|6$bF(=pH@;_-t+^GLYChR<jC-MCin^(4ZV%uT8{C1<?8I>8PHUvL
zq|WOm-+&)6(M+&I+pEYoU@@RHvIkyi;|@4;Tw=o~cxEq#q%|`rEH=BZ(cim=$1X`S
zP+M=YwiaHgX{%^1W}LYvhb!)bcADaOXjFRV?;6_YihID50%y%Ai;|5F_#ngJ3EYnv
zExF?RGoo3$4ods3Cw?g4eyFGi%wY?_4dH!e8dwzSwhZd_tw6oBBuQ7r#;WXnq~$96
zpH!;|RHY3rJmNYr<PleS#9HYMs_U}%bD}4X4P$K&!Wg`~OZ3{u;|a)k^5>x}r2WuQ
zCyyL;C?BcfGj+U+!4RI7t{+Y^gDt-m*u-M}a5z?_Z7Wq?io-xAtMcu`Em!Fu*Ncf&
zd8d^swzw*0R%LE0RgU=eRV=K^s8*_+iK~*ts<dmR%8n=WRZ>`$JrA{9#U6*TELP>+
zR;uL20hY?DJl;x`8=#7dD<6_y9N|h|QVfqjgwMbg=!k<H#TC~j8FaMB=G!Ss(zpq*
z&$$$EhA;8~r%mlT!@yj9i$8|C($0nO8nznks!Hi<ueR{KQh13;Q+U0J6;3pvEFXft
zL=38FCOuThRN+dqrs{o4)y4E?J7E9+hrM?JkD@yN$9Hx&+06xJkqEJ(CS|Rxq9%%%
z1=Jm~8)je@q9D*htu_|%PGOfzfe3D*8OK$$+I#Iq`>n10R@>S{Ta|1AxuHNnxk#0O
z0<)}O01e?{=KsFu%<Rr?HUSap@BchspU1FsJGb}qUd}o1dEc7fYPS$gN7zbBqPT6A
zWIoV@(Fb#&>EmoDXCJU6hUEQ}w>1nr`F(hMpv};RU0Q`ICK$xrQzzq(F16A}H&|18
z_P8~<XNZ>QR&(!B&elhHIeekaUk;TowkFfAA*C!^oOb{CHoX4*OthG~{*^^!-Y(^@
z^U2&wzESz?4NMx=M8<7#2DCFa1f%|MQC>nXG7O=8JGNhH6f1UPPI2C~jRsBaSU!x(
z7ZJVulhF3cJTuKLvA1}WGWEs*==?5E=&r6`oP)km#aEF#<kQ{Cf*?i%{3yDb$nv*|
zr`1lc)T2DMOl!bS3u%BLZ6(W(yS!3&yTXO`G2GFeTyZlUfLIDlkdH`iZc$!>Hx&6f
zJg&N!XotO4^iuQKSyS|n@SXBdKs$Kb#FM;3#?DkMG$*&~@KUW^6H?km8&aLp5Gn$F
zQn%uo36$7oP3h+IdU4(6bj5u;rMQfEasQeE#Yw5fP1B3}Q`+LLOeqefZ8Sg@2=5@n
zbmy;eD5w%$YN5mAFh%dOq}21tkF<KYwDs&tktI|_W3=FFXF;<!k>WN0n^3Slr<Znw
zp<u(Hmd9vOf7gogfk|JziDRFw*9+Bzc=26O;tFglyT$7qp%eTUze*6iMC%C?&vth?
zdB4)|{ym2GFV@~S$KQ9P4nS;))?^QpJOCnC#uT5z(Vc>h&)k#&IWImS=3Aio5i*MJ
zXk|aCm;JFxFPq1_LQC?!xQzXddb6XdK5+Sp<yi7%q+~yo>@R?E)2#@E$Rbb)(K#63
zq~fR`-)ib=fVu5sSXF3u51!ER0z3XbU^YcLa{>Z){4xQ7#S9&YOjGnu_^I6bLzpef
zQ)Y&5Ryk?L%<9%k@A&XYa>{{IC(MrPALTz+n$ZZYoG^0^+mlhLy1*P`w@jGHxgRX&
znkST_O^ey68lz1NISsLzN$~2<UnEE|Mr(mBPKuERxc>7OiMD#RHwT%bMTS?NHoQ`(
zy)wWQ9bkCnLBlI}k`Z6YFh%#960eByR|0q8V~Z&^U4K@Tcs2>2SxvDq1gr$BNe0LH
zs5#y>l>6Dw<KMFQ?Rk1PV^(9v#FFT55DMYzvM-`1G>Y(q24-AQw%klkXw1Ecp3vBQ
z1@&q#QiOY~CS#t<*!M*FehnhZGE(o{c)bJD)$5f?VwdCP5yC0-CUBW4mWOviR~qhC
zny5=&@4V;r<vB(RJD&9K+0U>IpQ7{Da+Wv%^HM`}?iYFoYVNk0(yXto{G^+xu|_Q|
z$TVk>fSUj(lcuzEZy1f^5klB=JKjLgWnZycd?0K+Ks346IgZDK7Pvn%_6jz{p!N<2
zaW&|EQ|Jo^b&m{v@eQ`B9QWv}4lKC{qeWnD9$RSbimZ34>e-qL7?M%L?3WH=Ho3!i
zcJyFquPxML1rE-nN9BvK0eEm1eH9XEOm4?N<;1a>5N1Cgew@69e$5_|%tR?Xq^iK~
z%SkE|UK-{kZyrR)G!MEH=li8Y%Iw1ctV%L>#-$=mB$Ua%)l%5Pv`A~)4-g;PDbQ(m
z3;T3EHgi-aijDfo;gLmxy4Htznoyx}A=S)QAH+;hr9?!=*GHftUM|91DVosN@};2A
zJB+c<?_Q3YaxJFRtNvdspgjZ0^r>`E=?M}mLwXON?ZjtqXOOy>;JrzslXh5$TQ@HQ
zq0){I(@DnX2IKgo4$loRhA}TMCs5%5LJk3&rwmCKo1Wai8Ya;{d6{#Z*271aksfly
zU!C-GE#`NNT8ZZ&=&^;QpKFQiMt51U;xI3l+C`T_ji%1!1tdooZJqMyUHa=mkFWTE
zuedArU4%Y#x(iIF{ObmgX!{;&Jh9}Fa@eWe6*1T9Vda|pE-?9-&$(I#h#0&GUmAfq
zTs+E%p#x0ZY8<>+CM_O&>EXkR^{iTKHExLes=C<f6DOf3m!Mf$3Tok?tI54!7+W<B
zZ%mzyg5?)?lExApvK3z*WF;{3Su~sh^YW4119;{=e&t$Iy{Zy(8IZSlzQAnJfmi(~
z4p}WpJdE)<LL@D1Q}mz6_MsatoP`;-E|U3fP%%<@cWfAaZMOE>0|1`awVYdgcXccK
z<c(z8^HqWh<=H|I?Rc0C8<vsOunV<@nM|F;96^?lDzsN^+N;>wq5QuH<neeA^By(J
z$7=6oCEjCe4j~ul@AlxkDCMIpzPp-uCjR(@suD<7IX5D@;oo}g-&ag=!C*i+0vvH0
zuF_DB053Q|03KNJhVxCzi?kRr^T$OPQg)S07c_v~e)D5(F@&m6Y$90<$)SrOetDde
zWG^3VHe@e<|63{9%cIpqPX(MK{BotDF^HWUt!g3sv8xA<#v}jtAP`*-m`#*5qQ5+j
zk{z3pm)sOg)lHj1<5oD2=Q5bP7t=5yp$nAZm*VM_W~iU6MaBl>iEuD0a5Gw&{&(^a
z$LMy_R;~d4cd&z)X08Z_MlPKRk^~QSG*>x)MMz^>f#Zd;A6Fy?aULuRtiFW`yz&fv
z1>|?np!wfw_Bv;yYML0fjs}M9!~y0BeQ?)yF8(TyEyrAkGeuytxfmY?6e@J^C=S4j
zb1xvEE<pC1D==Mr=nW?Z_F%AJ6B*}#lgB?EOqfQEpeqFzd`(}B73go0BJlJJ$$Fc3
z9i3Y}N~Mz+h=KVbx&o(-J6rY5V<6{d>-nO0eSztrVXpNeXrgA!0VwA=i6b}+rdmEC
z`U);G6aG4BBXi8?RXuu^-fW>)mfn4s*u3}vLSckKiUfwmZc*Qn?k)FApQk<xmSAG1
zm1|IC8^e=fs>tekf%UDe?h@H4O0P0oKo|_1LDTKUg+aEF^&k2J6?4D4Xn-m9^Vnsv
zOSR)I9_1?60CN0hgyMA3T*7ah%rnKTF>^f0<_INAd-OYav<h?OcJnf*#Ch2~5csCl
z^T}aP%K10D;r!bcJpXn$<^0>?`1v>MM&0RAFF*Kl?1Pm3{&G7!CLd*?api6c#4yF4
z9iC)2(tO3Z7>yq8C-_jM!xX%5HDX@5V*;92Cb~S%2+{<*AlW$iMx2PqMF<6i%8e=e
z9e5nm&>y#Z`Nhy3ntOF4<`-;;4VaVEpGs)jg=}pD^ruPhk6t|XM{4J#&iMWeTkFa8
zx+6grI-~b25RDBKD<VRqBV+v7WhTe+K_q+fA!Q)RarJj5X2ukQ7HN{b2D5%{qYnPW
zzlLN5?3PFK(lK5h#Mb_Z98xSv&}Y1(xV6{$#0aI&2BgoiB>J?H?FgVxD<95ni=R)_
zOYVI>aU%5MJn~UKzT-X?h>5bt?n7dU?uNiOVug4Oytfz+C2kO<2Cvi#Pl8!qcPm>}
zN$i1kA+kF|kT!Bs>-e#O^Bl|WA)6c5gn!6**jm-y6TF0%w&MPqjU!-iKv`4lqSWjg
z!)FJS*ckHhp_ukX7atyVm|xk{dp|x?2){!2?-tYjyH*~Plr$+nBqwOBPTXCJ`%4)%
zm&kq!n`69z{!KRZ_PIv?-05hE&m)uHBhnXoMtB~qpcU6xi9K{sX)3mAdEjRk(OoC$
zL*<TdpQqiti`;AkyM5;NzhdSdUiJ{zBnK}G3W(cW2Rv)p`d75+=_w7A6So`X%eDA5
z`?BE;D7suZ8O$M-%vHue<{&eZm20rEG;?L>hJW1BuW0!*P2pK~0f?68;)%(J5~aIS
zd9XXrlrml<KPqx&N?%yo6Dyn4kqPj0N;x0qpc~z!8<!__qtwoamwJ@zu@j-jnONsi
z$zjsdl-}_9&9wD5cZcVz(hs5a|I%82b9eQohyFoYk4Jl|^PvMTB<<gn^HQFZWY?^8
zOu|j5Q1c~xWS>=JRJJBUdU!+#?d#@W>sHBs5AlV~%E|FLz+<-q5Qhs)vnVaK<G~S8
zzBeC}-bA7n5lol%{XEl#*DeqRc0n$)3n6t7`*cKfcYD~U*Ln)xK~Yo$6RE%zuNRs0
z13NsZC1v83RukEQtaQ*bBJPn;B~%a_B7|o+&_Y^);_fkSy;|C29j6MRJz#g-n-BUW
z*(pOg^uzUPDxMu?)-ln+I&J}rVLJRj8LWoPg#Si7ei;haha9HBKwch8cD^rDUbzCX
zl=0NN<4lA!l7(+BrKfHUp}<x=lx+%Z7Uk=;{oU1Z=k_CB%;+h~mw^C^pC444K~gje
z@*8X7?_H>rT|w+3uQOY4H!m0)+isYDr72GtVtjx8OGf^e_JL$thPfS`PUYa`IVSXt
zuEO&>zA?+3*$Y05E>THxU#<VsN#CLQ9L#`%<!I#0;KKv%glBJIUx{st%eS{&1Wenk
zDG?Cu%?)(Y-2i9@9R{{`sEy&J!J<@zyW!eFPXT6Aet9$$8~oF1EKm8fhuRk|Q>+g6
zhk+*yY>i<nZWuVFUnc!eIpW-={Pz3-gc1fBmVDl8CZ1r!ysB3L@^F>AK6XBE2MDOO
zcWEnaZ^K8@dt&%6#Gb<AT%7b7=UU@+@2UI|%$x+-UqHMkIo9FB^wEAtJR%-4S}qDg
zEa(6d7wy$jyWnb;qF&do&@o44AhdMYAolSMngls;t5z>&J@YXqy{<h%#RlAnHrD)*
z#8-TPM=<-Z9EIxRSPo3^+>IjZ?Tp=nbIBjf0jrTWku3He!U=RszKE}gh~Yb}MM4Fb
z(#zmq*;ha&6KTpvf8VPKtwo%xG+^p<%Tznb{@np}9Tug|lvSVPe5Zt^+(+5aAcn+H
z6vOv9J+V>6T`yWa>@!U`O^7N3UTmkvX=ryhhu#yMbf41>?et3H9!AfI&}LJ7yJhit
zxKD9evOPmrPH(+a8`s~P^p#UVUhaTLoO-JrCQ&nR6Bwf$N)4gimKUw0GS=75fk~W8
z=E|)1X!st+eVDBx2}}{sySp)P4+%dX<+IuZ5TKzBi%(isWsiOjGumHb;^gH8FpQv|
z956!;oUgC23Kd5c&-cux==J#Z7YLQ7U}7nKiU!v1;vH#@u@d=_Nb@d8>&aPwfYXi+
z%wTZkKtBecyJtxxFrI|P!^5bl{w%LH(WQ<6=4Hiif|+Qn#rEKrsAEeaY&9NNUU4jw
zeH5K|O|5KgWSs3y+&p5(E0R**k&z1(cH;`&iE%k5GSvaNkp)td$x|~ohvbh%ZzdG%
zZazH4L3SS-98yzcFQ!Y^)}zL=4l4tHM8+{5uw}--Rx?^>qPr=$i>sNC-83QFq<FuD
z)qr-9#>NI9dy_=oADT>wRLWqop-o)Uwoqhik4rtS^<qVnv>vU>zzux3+!5KA!AYGM
z6vChc9NsY<Q2m%rsC^6~dki0H?!agvA7g1T3s17`g54}FD{=^OC5W?SMI(S2%IxeQ
zZ&7}DKI5sGmrabaYtiyjBkn^BTw4Fw+QU5!y!=Kd@m~R>UwUIB{;Zi{4^LO!hvt9C
zt1#sueLy#K;@Oi*Zz`=EH2XC#4-w^W@?(dxReMR9<Lx-c)5E+9BjA_cc$-*vZ0(|K
z&x)SRMK?%CJu8mdfJaL0T&UXyYS**rQ#2|)D^&CAB%)*K2DUcJxfM2q6LF8}5YqmU
z=?p0cw1TIkd%-LynoQSx#7S*McjhAAi;-5lY+iYi-B;bp{su}uh(iDs>m{#;*IS|T
zTe8{OL!9fd&)v>GF&v(GO%YPdP^@u<YC{iYrxRhrV@!mj3PaKd4~EXhu3C*N_sWxF
z5CjF9!w+VzmTIuGO`IJ74O5&<cwdm#u(kKtJw0nNr!}#n#}OT=l*8wMQz!utY6q;s
z?4rq&1JmBIcubc>nNY^k7+?HYOK_B5x-oV&tvWCLx2B|TRk}<D4P$GCY<Ej#_R)5x
z1xy1#EwRxw?<qVx5BF4Ds5_*%2^CB2E(P9PvXwY=GA*Esn(#Fq_m7U_dxJ1D;crvz
zOSblVIIWlgdjAq>8@kd-?dUKHz|O(L!D0>=HKGmvcx?`;6JEe6k#tB5=Q@N?q!W+d
zsjY#@k&oa(-dG{jP{c`%99#;a#*SX`xS&L9J{Fq~g%1+Hfq$*v!2I)qdq;2=G=emS
zLnn3C!NC85qZD2oTmXN)gK^d}F`EMcbv-9Fkhh?*hVo0HeE7g2I<RDPQW|7JX#h>_
z@VncBJE?afBHvTh#a5wPBp$ZjiEWeWxll(BO!o}_fW$qPY30<2C_mHIN%7k{S$bvz
z`CT&+X2oOTZ-pXee65?<a1nEwR|R)V@Xs$YfkNa0Q%g@hFF)Q!nY*5s9&aYh%>mim
zo|5_5^F77&N#hsJ&BUo?(l-t9ZwB?$v$ZYIn(^73tCMrLEZ^WU0UwW;pFOLwxb;OQ
zD8*hhBEUr6<$<C=$Mt@Y17k1<2ub_hj^yPC!Efm_j;|TV*G$O5;9n~PBis@E*c+a#
zY64P66jBJ@2EyStgA0)6rcU_lHFe-S*<yHt16V&W$>(bGSF{PF=3^LeNeh4ME8a9G
zg}#HZtU*NHJBYjoAU1%!Zx8MwWx|{i=e8g$phPSX{>Sg^_?;b15Ie%z?jTlgmS+Tv
zkZFE)BSK38iqIub7~8H06a1z(Y%LbG@%G`)hBn|n7;!-w#H%eBXn8hFuzGkY;thKk
zFA&KWzL_C!%T*29mzyR_Rh#IS<?tm!+4vZMQbjAN;qftazNZSv+Y)?<AQcZfhRYcI
z3WTTSH8bI+QY1L9w!Vha67SDnCP*y;z*y?++6FJT5C9qRJR{o|9>(~X_c^tJG)sPF
zEAgI}o*`}FYQ{tT=aDxjgr|MOoca=?+Z&$A_-ej`FJcrK!CfDG0qkG0iu+Oz2GRD6
zIAorZO~JZ>nhcLO;Bu+jLa`bjcccGlsK*w_1!F!J*`uc=mR(#Q%f#Osm74J=s6cg$
zsP}?er@)<p%YA_xK<IUXmgO1TT5+I+0ucI&TUVidFc9s7fdsF1f>)S6MgT7@1TRov
zPYV`EV6zApUg`<znFv{I;z~Lfmcz}BKB=8^9r9Of=cGdd$hW`^xOj&M_etwe;Gunr
zV0Uy70n}Ma09vX66vWTwU<WBOW)Y-A$YdblP{55RkQ`4i$%T2QhNtF$8%9rUa<5-d
zl$cKeMY*1O0Az~+ko7tsy<tvuub;nNV}YIsj=%Iwi$2E-jwa(;U)-wM7vWKMvf3lR
zdXx$jc>PrZ!<xxJq#-?#F%z>FZjZ0$lq;7XQq`G_XmA#--k>JUZ!2MbyNs7Mit=qZ
zj8kFuxH*`?x!VFm_=<L(96TzKr#T$%t!y|%RPYeqZ4TN|0;8KZaaAWawzL6sB5uQc
zi&*y!iTF5Vt&FYCqQ=FK0D+sT)xf^!7x0uUT>8OglaBhOHOg<UL4Dujmky;_#~kO3
zlEwQcp3y1}+@(g)WCJ;JvmiB5`^hh7()F?%NeFDe)Wo3+w-URSt!?M!XEy47#KEC-
zJph;a<Y$h@-HQ+6omhn+)k|%D_qM?3m|G=O30qqdCln3qYbGJQ!mz$pya~PvW_aD3
z0t5Mq1|ClnkTuS$c-$RmiZ<(`C01+|=n#*0FFUVu`2e1Ve`<@qK)A0H%0{1EVp3nP
z(O(GjUvj;c4#zN<8VF%)y?!b=UUKk%V>_gFQL3lo=fx5A!jSe}uO&;C<Hs&@IF{$p
zzKBw*GV2IN?eD#0Yg`iPYd$^#r)AP-xZZ%LM7(4lp9EWxwn*<tZOX-THXU#ReFbvN
z*WDQ`L~q?`2UXRN8OX^2%;;7Vnf6Niqj;24bmIv;atKP0*5W>k-S7Hb+Rr|`gbX2i
z<>NFucEKv*Vbr7SA^ua%S{=&5Y4o(iF43j<(6Z($_6x3qP`k*E2X$Dx1(@)2lJFaf
zQ68n(ZW3JhIVn-vuiRltDs$0aa1YHMyBaspTncFgNGYu#r4-8Wy8?#q3+eZwbS+MV
zBz;tqj@_-o&^+!#Y}MbPWAX$$J$8v3eMjHtD>kvUl|aMM{Lg@_&7ixQ;y?`!)A_{!
z-ov<PZ5QMsFnR*t^AUu&*9S9rcXPn+#rdM>-mu^rjOhcAQ=5C2+7$b1%6X45mD%&x
z>+OKT4nkqUDBz7}Ha22&q1Ay5*GB$ljeuWEalLj5Kz?-#7E2s6>B-HjL7_r_Ydf_&
zfg{mjxOA1YKAm#jcQZ_&*xHA(K?QJ3J9MwzeLPU+50^QljYMa3;zBFhQXt(ygK$ze
z>JnU=cWnedTZQH+u}(qc55no<AehvG?Yl9!M>|l8d5sXcRx-sV+32fwuvIojo2shy
zWJ!gsZ6wRm#Rp;+8^%YOH54Wl>RNv6ea?Kgs@+7tDqs}Q6oULlQ(P0gM-~=0i1KC0
z^ZVrWzz4yKyD4dXkp@hV-)J_hFYX;e)(a<qz+byyT<rZ*l&91h-k<-MB>5+)K77j$
zZ><`FtBd>Cs*z-M@xkl`yQ0f5%&gaGMY|b~EthnYL0NRAT2Js7&b5GW739a)Yxc1q
zJ>I0*$36A%)KhY7;rpHuJGq+5>=g9(qIW)_cYKM2cVADVWqAI{;6AP0SA0OA0pjBA
zUs0KDUUV~!5T)E?q4AvTp02e_z$VYe5Pfe~;Yu~!0F)fySl<D*mb24{QN^SxVeIJO
zYdC@JAPzvNR0X;i>u$ubZzL)OCrZ2M{s}!_G%)G>;UrP&klv4Zp><f$PxXR=b+~v=
z)+I&=;oLR7&nsgv(=eG76AtbKA>7wtA$|UMTTa!Ez|8PO2A6?Gw9r^}7?u?Xfi@1z
zQM6Rv6%DwU;%8c@afa<j`z#CXv#hlCS?o647}P`p>1aXfd1fB;ZB<LW#Rth9wN<MO
zV~e4k1(p>W|7c{1nZ(q}1o_w0Ga25U;!rZcWQAVjV(z9bn0)H+tVUAYWhgyx*EIMs
zx|*%h4krb-psC198|eAS*xUG8n?a{1#?#J+SCZB(q48+6(sh3-vK)sysy7jS%$%hy
z`oqgZ`0#+h8@M@uC+zKnYs+F6@bZ(|o+2-w2X?gn=n7K6rM!GeKm5Fi@bfTIOZ4i&
zIjQHv1sXpgg}*Zg$N9CXfBq)rD_hP>yq}K07ZLt`1>O?eJJ~8b;qOH{f2TW-M)#*h
zd9)x8B$gOoy(#dm@OTyACCV>Ev^6UXHpA8~%x0R@CYVaFkJQ5bF*j$kp@)fI<_qoJ
zCM~rI%oyn66io1L<kWhyw)H5kCV{k;jz;z&Y6c-{29as&jriAlql3o#!8u>45C*n|
zX~)EH-e?fxMS!&8t`vMatayB;2<81XDDSU<2@052hd|zwJ?>DWT?=mTPpb8&IkQP3
z5NHuI!LIGX$hl7P$c}Bp70~3ijUsIu<sgUkv1x80Jl#PQ5{Ap64b%3ktk=M2*c8$z
zYmu=%P!(+u4dU}E9joct(LE-z$Yz~?BL+X^LJ!$ZmDft$u1>bDB@$(s2wN9vSHe?p
z39%%?j*nn5Fv3I-Vp=%m#|Kn3_C2K9cY4|gQ@=sa<N-?Ngu1QsOG)FQ?U|f=ihcPg
zwr-=Vjje0L;@jD}*7m5{0>mz9VaK=7(xb#t4GSOrsj70!gZAS3=r$<RIKRoW6MgWi
zrVlm=(yQ+heK6fFO5f^<kp7jlFWf@AZ))gi;A(&dTvJ&#%r?g1xPwq8b^}%wJBo)>
zuMJv6X}Djy>=h<<H?2-vpV8}kJ5k@3czvTueNZ}7_#UA@t#3M1hn3?#CBQdP+j6Mw
z6-IOq$NH{~um2^-V>}N8$O+{<^2yFw(QmUkruckqDhWyW(CwbCW@{ja$NksPL*1r8
z0WU8tCpTU3o573uP;<9(0el}DOnwezafOn;7~BfKJn70QN?%U<z<4=L14%hW@p1~%
zmE%ZXj+7{;l9uDp%Nd(mj2XAFo4aR4r@@=3U#8*!4dp{Oncy`TrN<{8QOPJ>3opzf
z)7ZOT*`W4!-kz6oVZH!b;R}%O3rVOkqOPmE*eCvEqWjv?=dnTbyr>jI2TqdBQD{G4
zjJqgLTMPF0R=?}$d?4mwG3;DRBrfv_k!1qTK6rVQQ?U<UufilHueyH8E3uLk`Mgra
z>FRQu(2Ntm6>yDP>B};?)%dSh>PGj&g&2|*^tN#HJ%RZ^l=hHRlV}q<0+)#Hpec9(
zZp4DFSWc=$FSFl&lhit>xIRVW%RUD&VkA7q`B5+brQDwgQYZAFaw7gKZH(n5@1Hfm
zgsbu@zFqNG3|qlTZ9?dT8pxUw&YM*xPuuF?+-=L>_lK=3giyVeKe`bEw6?vbk{AFj
zfuTZ$gAeE3;ug0$g4u$rQ-~;LuT<Zd!2hPe14)~L>!>%AAe}^)vgWlbRxdC(RZOa|
zz6>Pv2y)&UK@P0JZ6Mr&v?&jthi+S+;-=@m;bt^+QOfw;2ZQU9chX*A4E!f&^6cu3
zxN;m(9DKzF-qjBL>WVC28s#!8$S~gBzTiCEu#PAhviA`?`#d_VHcF95)DclEm!7-?
z_dxS9aZ?ZXS=YnU1&v<W`gfk`0walYcXRA-BBE<O2x>E21$V?=NE=Uk<tML^0bk~v
zsk=Ml4(&W`nAj?joVfa&50CpvaXp<pY{DN^#7B_cDk$!vw@`Y*3>dw8mN`pePVOy~
zNq=K}(jF4~T9dDQXswlZf5BEgZlRlkMPB&_rmEJ!w>Wn72VUj~x3Z^4HJKKbaqj;F
zIZkb&k+YlQ{^YCIc-<X=-|}OhA<bZ`GROqzn=l|&sGYq1^MpNxne<?Gl;@N7aju=z
zZ3oaf7o*6!8u;+2_XsTAJqrtn6!l8SHt*&lpJt5D%6ko7%)`h-BS>PdIbP{L=RiF1
z>cFXVk$6SGS>TsG7b0Jnxs~cpY&OqFj+-ZjM_taVO+xsg0v<}@-A5M{@h~xPZK09L
zagE`2WmhIz7`P3Njq*Z?4li2=HAF{{xf^Ex8~Z95SZoJd^*z$jZvkDchPP?^tmc&V
z!E{b^?dM-RsXNcO8`!F=$>FvwLZrtmgnAgVWxmlgF+8k@f1SRkUc$TA@$7`{I5lO*
zZ|CtK``^f#+Is+mU*ljYi!RYNr}mS2CP>aY01OmdIgmKg5r6QB7q3_S(q|yuNMi$_
z&OTKR*l~qz_oQ&%Wk@d}Z2e6fPpu*#CtvRr^genub~w>fGFS@+0{UMAE(v5HZRe5|
z5Fn=Ljs%9yStVz?wiD!S-W!Q#WR0r9YS8&@Z*S@n_tON4iO*4dyucDAx7n)maBU{^
z1%nQxbhJjK87(C~TEE0{^q~?j&Y^A?P!x>Q%OFNY`A%m+<zO;WdvT-+E?TdW7yQ*9
z)1C$f;2KlC4Ye2CpA;T-JyKmCt`)>EUgj(ygM&RV%pZXJqCYu_4zg;3Fzk~Rc-rB<
z9{qm2A?%Y2pdYa+J+6Ji!xyHXVCWqQ%p{(<yn8FfS70f!la`@!Bk$_wBi&|PMRR?~
z1Fm?ci6AhrjJm+i!owGMOd$4vuecrrh+5o5<V0*REe{MkLVt2bLL^SkP&SWZq+Am_
zC?^U?IzCK?>7nk(G93rv46Vr`{4hWITOx^6q;9^T1ynQWmm{2fKcH$fG^W+-{+#`F
zJ^QPOS31m!@A<>`g@JUV9^s^+La5owj}16S1Ty^YJwZxA-gOvptSa|k2;g?_30#Gl
zN1>2k)dREPW?Fry117}Q5RUB#!L`QE?4vB9jDb($^pe&g)6eCv(8LkXUm-%rU?lm-
zF|!yRX~*Lr{A)VQ1ov9@(dC5yKL<+T$1@Ec(Z#L6W`S{&!=wI}PMVG?n=jOW2XBf}
z$&|43Wjx=-HQTgl71%vigmv&dP<^orVZ?mJAG38{=fK$cLa6B^rYbnByzq_nD!EzQ
zTD60%t7p9tY%dgfhdr{#k+qhSuEvqR9VOyi6ezCFNQWiV(Sf4DgCOEXS4`R-+I2Fr
zYhYHyAHK`ZNmHzXt1FO0)*25hmp~<c<}*HW!YoRf=acj+;yy1*FF1dzU1N+IzL}m#
zAhZlquk+$A#m7+Sd%%3dI`ab=%1UbvxpzC7bQ#Kg?XrMgR^VmzjsWrNm`<L-NbxJz
zpi(q?h=*@@ZDN5*`TZn3-gZOIB>4Rk`un$d|1tO-TP8?r^s3k@j6oVJG299)h`Hbr
zf%Az4jMH-Cvl+1g#!FslwV<~pG}II*rDqZ9v^)8xfSbC>|G|<&f=1lGKF_3mja?6Z
zQ!gj@8Z9FDCjBtjjIZAauPb+34CAsr_GHrjF7IAsU&vE0JmUQk9`#*DgH#7viE>#1
zALbcBnp^-=YeAmwkgY2v>o555u<zm)qu{>HzNl4qw_9a2wZH%-%32^%MMe28J4V+Q
zT^$7X?oKxJCK16p=*26B3z3rmiCuhgM06iwAN~xU``w>m4h?p~+mpj13xP32c7h@@
zyF_-pf~IuU-%NONVjSTF<?VdJ29v@g|5(~={Ub4nLGuL$^Wo)In1}xp<vjrCjiKvR
zQ6A3AQ|+Q_H=3t8R6r{a!xIq9$oKn{E6q6WW5G=SCqW>HeW}zwDGWxURO*Ob&S^O#
zFy*b4R%EDT1{5_ZJnmIqT53=6wgUD`Z6jMf6XUwgA?J#2Say%gq+BGd?{mHR>lxqs
zhMwN|&K}a&_<nPUVSL{)eU<S&dj6S@@36aJeBYdqI=*zh4M!GFA(3g_5ss}RyFylP
zR<5nOH84hM33b>)-PS-6Jo1?F*=U~Wmevb04-?fa9<xhI-NZ%meZO>wuBJV8hpL7-
zm6OWK<3|j5d66BD{so4|k2P+9Z$$l@u-6P?@1p5{8fS{N(PB3!E$`wfr(?X-6l>Sc
zXRPO?&AikpNHDEyDlzK6v6cmHf4HoLt;5xyg&PaEg!Xm|vbfOB7q|Q6yoK=q1UQ*c
zH(_VK6<S(u3ap70$dl|+lWV<u!LUG~b{sF~N;9744!jgIV{VYLb|!eS-j_)*>22j%
zUrTit&rXSur-9vqJh?Mo33*lB6}MmH8IJH|HFWHfMKk0Hxtb*hbD;Ut)%As)Qd9fE
zm3wc6|6HAzLhM@j4<>k*;=c^si5#>taGQny?rvh>zlf6Witx;Fm`}kZ4*q|*(Tn+9
zd~$9H=RUL$_j?4UySU!R)|CUG>NBN7URNveX^C2W?)LfY1UYxrl(2ObzP>$H@0D8M
z-Mkf{T`cjT*xbRf&$rF5^D(WZY+Zmit1aF_GQn$CxRo8Z-U>R~Rgc#zJB-csGWB#8
zXyq7uhHd8Vu8%jGIYiQ<$P@AbNo?JeAs~r?XfyI)-WS^4%`=C2_AP5mYJM<ac+6A4
zbn~tzG{=P3UivfrPh?+i;+bR6dnhU|0!8M9BKFX(ZV_OqHpAEq4J_aR;GuoCz)*w#
z$3T&3h1m?RZU`O{Lfy9c{-pKv8+m2}TRRyYP0Gvy(*nZ@mln3R(h5&-*A6{&{7eMy
zWWtpV8i6IEubI0k_!e{n_`FTe_hIBMAdcpLDs@6ZL!cEt46E`##FF0}iCH+=;|Nbe
zys(d=S>Tgr=Kh<I<s%@=I`(0-8Ps)L;SR5~qdm6rBg78p!mE`ZAsM(x4CZe1Cxf>m
zF{_t>he!|a-8+yT@J_zh1vY-Y)GCID2`~frnb+0GM?Na>O6`2s_VHjL{VY4w!HVIF
z*8O3eiF#CWs<TmuwAs9m4I!<59R*0F!G``Xc!YEeu41!wGqX$Okrwv{3t1>kkUd58
zYqi7AG{WPhfXc>9X}c@RN$WWPxX;})e;|DF?<wJ7|Ax<Y#G1WCCXM_hU{dQm`}{le
zU-2<r6WF@h3(V@e!kF|y`+=2v5RPDteXw#5!D7rzyUxI^$N?(@_X+QOKwuclcWw7F
z+oKlL`=le~X6VV{0nm$q&<jiSy2KNU{^WdkVkKFgv?o^m$uM}55k)sk+Qldf(~%VX
zCgRDp@KTF_%eA1%L}w8>0yx3J4zjVeV|a9eC4qf#NkHm>aRDflJ2)yk*hklCSa_2R
z#~zA>HHd|GxWbrM9}L6-UeV!5!UEogA@S;C;-!NU$3laI2et&j!((in_*gcKJs&>b
z|H3$!$c$<erE7`v@GOVV1t9pSKsqL7Z5J_qMgymU5-H6mGGAMt<s%zxp2uz^T_V|@
zBF#3E=1|%ay~qd?m}@M&*e}m45~T}qQ~nqkmQsga^5)nJ6gCwEHeTrv;${QPcmX&2
z=Ce@7^MIS@v7GI(TA$Pd2pRPcXnbO%*3W;=$Eb*$rDpXV8U>DPKgglrMPWv+HQ9T>
zOoz_Pkh=g+j=_ginjIuCI*{**B8*z_kSFQrkIc~1#RH(10HX#=^n5k`#G*erA1Cf4
zTZ{I@sy_i3HDpA0;gfL2+b7UB-U4F)qrFvm6E36A^`I-f?*HQ{Qacj(s%mAcUxb$;
zQHR<pO)O86Hz?(#&c>v8ch&I0qCP(eHJQm534hi2@*0ggEN6=HLgI5alg+ok2u8<B
zcq_Ejj`@(tyk;j+a!Tljc&vSmUw*K_FE2N7a&Uwn%?=FG0o6cNd%MvH|98}4qS_N?
zPSGZK+FWYK68!RA1$d&GBPXS+y8=HlepY4tEcPHM^0AY0*(Z@Dc(rA$J$Qo}f$Al@
zSaGkN3;P%e;|@LqHvT1?yoi*y*jU~uD34}!!}9LuE85kFGzkn&??!v<E*{V449L-H
zEZ)Sa)9}!SCFa)}8}s5TS0}x4Ymp#XoxGgW%&BJDFA_800({jvAV;eYU!74jN%DS@
zu<sh<!#Hjp7)Y{3=2hrcbcCu2nDqGs^KqRO_v}?R|A~6kX8BK;7|g8{ycZW4z(T5X
z;EHh`S$-uo@SFE?S%-XCxkGtrEgv~h#L0ZV$V5PCi?TC<M>@ceRm%%Rd7d4IZHy2a
zcQu(^Isy~e+HwYU!5;}#>&?+uwaGY%_heW_k6MnQH@e3|3Ui?UQM{Po>p*Ke*R=*s
zSajQwAHXvoWGTc>f%9?Tq6D?}DUa;4kSU*?&}(<>JRH)$<>bU~#>f9^QiIk^iJUw^
z2a;xKi&A*4cBTc7z{rzkVm@lJCL=GfOU<sMU}bHMsFxIO<ttR4Im%08y>i7cY3eY}
z^)9f^q?v%utEoA94(!qIY4+&SZ}zfBXRD<%y_Sk$Ua4Xjei=O9EA5ILyTn_#i?3+q
zEdX072VYOw$Phvw_u#R$=r76f^t9IO3-RW0>h#Xov!{ixIo0P9U}girEYW}V1+d?D
zofg1moEE??-IE4j<yrj!%p3<8v4;?0tBW**wI>kPbVdj}clf%n;Oyh;S7#Ytm>cdP
zhVHMxP+!$A$^>bxaB7sXRTJQ|DYElwpgjf2-8x7l5-4~Qt~>xxcpWI|aPr0OG&mVy
zGvb86WX&WUDKZoeP{4ziQwboRB`T|4EuD>&J{|h*OQrAS8hxD!`m$BH+Nja^`im)z
z{}`t+TaDEoVJk~X9I?^=aAB0U(wXji%bQEda(SRPebcht6-QFo&N!xQ^&ni5cpgJ!
z=-_y<PjIkR_o^hmNdh3zZ&QtT3VnC7mpo#tpNs>hu3y09r2))10E`W~YsAY;f|qe4
z{kS5Fc)5rA%XT$ufSHvRFsczSs`7S+5irLoV2)aQ0j3!MGcrA3{y?U&Z|&ijPq_9^
zP}*qNA^vb@A|FnLpQ9I^0zX}^X!!BEEBXb{zTN=Z->Cyg)d7?kWVRZoSJ9^lfc61^
zZi@c=l=x9k8$SXjHKq$oJ;@Nl8E*Aoh({8I&iQyQEEPLLMCm<)O5-B?^C!zA+d=bO
zWeN<UR>$JS#4xHRCT%6b3tRmFLw9-{e)$IlD4aA^L`>Zj$o%}nG>}<iPS!;vSex}K
zgSE4yCT{6mf4QcI+7fzb^(pkwQmTixYI<nYRYGWO$(&V)uQC3xPs3L*j;|oa*R&vw
zJ&;ZTH6|&bAL;S0E}-E0GX<9q6wo4~fR=&+S{heC$A|(t)~^DJ*PH^eM-L|8^GJI5
zK(zrW{ypgS&M2mmT6Ma3nd7Slz`XR80b|wxV~IYJ1ep831YqX=Ck<eJZ0Z*<W&)VF
z<&rT%LrhBoF>js;V$MEZ?iqT{@iOC+1YRCJD|ksGT<&IYwQ)q>aDfT=P(R5an+z9c
z`(%04)fn+%9%j_VxDr$W6*1KP#ZG`CU|>HHrrvbs9k|dq-Sxe1oIX1cAoF{&<C9mS
zf|`hD`DAI-i1d2srv}4iO^NOg1N0v24||;&!2`}X#RHlK3iL_vh9rW|(+Ixgd`j>?
zQG$D&K=J$Is%Pn+PsemgOXhj|k<281Ms!VjGGk?d9~<aA&Dj|Xom!uy6Al>j)yvkM
zg5v1}gtJ}LDE^>MaV=SLoZ4uMfLyTglGUj%a11k2eCjq73ges_$p<0HA3B+>-=nJ#
zI?=^A(TxPhWonLn>wuRz(0(9pcdY3(|2^CEAKWkfUp#aAD+&7l{S4_(0}F(&+r7~R
z)c6Ra$JXI__n)132cySMdDlhal3Z7{12}7+G9V8lGwo9{@~p=AM&avzpYr`o`aP?C
z|9Oah|IT3g{o29W_o?T<-VvmC2`YS52iWTA7=9RIQfNRFq%O8Lv&QSRak7UvrvS+6
zy;3w1&FAG|EhuYv*#b3!<;!EDNZcU30!y)A+>o%ZggB-c{ZBqcXOQ<Wr#;4(MxXNO
zX!T?wKw?AUHpo8;HH~sT>PU3CKuBFqY-T)P(p#wr(m1CNU_FeJra7r%;Usj`KsTrO
zdgxfI69Lzc!K*Lp?M}eW&4rdZ0dSF6F$q+HkmK9|=deJ4lczan<J8VPh{Epq<nw>p
z9Qg;F>UGZaS)h473EM~t41U+BcmxX+El9aetg@7MN7zR&bRr20FFI`{cDCwGOvW`)
z!0;PsCd<E!H=RtDA1C^o`W2Bcl8*00pW1`QZx=?WCGT(;`>wDdv>QjG+`|{cq{drb
zLJN_0rzt}1AlcX1x-9geAHb7{8c3b2yn!iah4fNV+HlbxYRnS^fm&G`ZTtca@bvQ1
zh*yx20N5$L0DBa=GY2r2`DGA0ycc3q@Oo)f!)rI5cQk8wwZw)dOd#_mXBn_7&IMkB
zalGC#us^)cNsrgt`oyc3;Pod2ugz?oea=|XnaNhY(Jx?skqlV5f53L^2Eb}a_1Ftr
zLLJ@0wW7xZF!ks#?KxLSU9dY9sq4N-wcmQl(*eEZsh6$2@ykGS57SGSCj0Xdd{*xz
z_~g)sE6l3|Mu5d982no51gVPjoK29G>>q!Y@pW$;Ux#!0!`EyKN)L@im8|@hMx{r<
zxuIMx9+TCFm3aiW)yY2cGb#$bB_(WCrrIB>UPwmOv;Cv$v5v1_3=Zi?1y>f?!%IC+
zOYsGhNh$z@KzqOazM;X(Zj^pk>F9FwhpuuvadAIH@G;8iXFkVtMg?B>t<P}>v;80+
z9#7zwpK_i8%uUSZg;9VVAEyVMnG}k7@yr_Pmci&G%d-g@-WJ92wn)R<qA!KFAI9<a
za8_S<n*ezGz5#EGpEKYsV8q)btgMXU?b(DVb4NvKKU-x&)CuWO2Q>tqGoWrpXY5Hd
zltr2v8_&BZ6a4%SsVH-#7iI8eT$0(-fz6?TEf>K?j->R)ns$~fx#GWkkc_m3=oeoY
zPY|Y;XPrcv`4VueF_GD*y+%aSkk_SI#4GKG83>O{6o@xGj4d!<@L_)mIq*Mc6_r=O
z$I7N%sV3lHVge3NmT$T}`20{!y^b=f*USE2vj-D+Je=8|{QG`-{ra6g^{a>IS4?ys
zHwItnSGPWwECrt==fC4pFcpw6-%w!$bO|`mt`EaJ4;hBp^N0j=&=S*>z^NY@q##d^
zJP>rIk%FX<lop%^Etu1XKJBFP?xs`#0&l`)=9fTV0)MycG~&;!;m;CtCgU$|-+lA^
zvkbs<V&Bb=<8QvTKm1js$KR|z@y8MTVVw4aarbh+0Q_|_0H5d|fR^nE;|}z18|vR{
zLH`2u%Fi|Qe!2~n?TS;$zfYKC_<<=`@+F{0<IyJM-+wTL55R%s@R>&8)I&_V#$G1d
zIkVU1#_=-V+#g=PZP1@3Kkdt28&85uCG;mT*0TCF*8Z4`lAraDk`K0g-D2wAEvGR*
z)#TMtCRJV)>3DIZ!OJ)&zy&O@E(s{ZF<rz8i-X5#?}J^UJpFze{8$(bKgrft!JJh5
zoGtt7{>1u+sXzPcHUoaTpXtl~nt+v!r}%j~A!>%PRn~rOuiq!zUO(>F_WJp|3EL};
zq|uf<`vK4C7+-0zbM?Eu{5{bhFCT78EfK{burEdAGKP;ti!f4os40VYU$gLHn3?#n
zsa#<L2aTPiO-m->v_$PlcF3dddnx{Vb(@naFefU=Ji`i-+CS4+Jg;?trxj$KSp~`M
zKe{Qo0<)ol>@%vM5B|m8;Gs)Wes~xQ5`MHO=dm<<56;KD@*Ku1Z47l-xUL4PJju@b
zB3^k`u8;NZ49{h}?rnkLqO_3*gC1W9K8TTuTX@L=&9an9cm5a@YC~)ea27mepNWvv
zB?P?zXFeWVn1*T6r6>^_erc@|d-?=D%BM{$m*J6Hg@O~Nb5IX7BGDh|UOQ-RujH%|
z<-vTo3=m{qIF848a}isGIeI_{X+w3`FjR-85cEq;y%0|Z520unz*Mj&!<=tV_@5?^
zFQMkONdsI*1{k482RVg5V7yQMSI2wlQzz7<p(cZWn&S;nbhC8>u{U$P7#8dXlCLPu
z6fe|tJat}|iqifE`J)Xa-u3C?m(lPmeii&qmhRmAWyf>unc!EHoGlc;S!WBsS*Jg=
zHS5m=zu9z<Q{z3zbGrYl<GpUx8Q@nR?*x9cPl?~IuZG{@@6dSd^mxmOs@C8XK3vHd
z3$d`ZwyJtuX>T&e@}(vcsA7Zia~r0$#p7PmMvP~Jq+r(Z(pIT~m$uV$Vz+)sgS(K6
z*WOOhQ?CywNh&n=QK7|9;fT|y@Z%2*6;60NKA$*){=J@g>gwKm-%#DQbziN2{ApBp
zr?JAj*2VjGG@`<sg{_{p4rkLCwWFwJBsmuliK4o0JuCXZ&7lABm=$zlJaz(`T2;?J
z3zoncRD-RI?ikA$<GGRX17h9Avu}YRQ(eFKHWEifYU3jN9e(zucHMY_3WxVsAwAjG
zt5$k8kdEUe&@ZUxHnY&&umWAt*cUe2mXwO@TMI3I_Ju72m)roqr(1>QW_%2{j-M|S
zzQ5#JxO-a$T%H)_FFdmNO4K+0!p)+zgD>0`Ehj$3K;gp}Gr^DNFy4=KpbCfIv8^jA
zGfhjbTv2Hwf9>RN7W`#vZ_9?4a#oyR0)MaCvE;9`jrX>a(rmHk@WdL-&p?#Mo<<1~
zdmQ+e&}T+#Z~EM%(?|LW#Q7^BPEtH{LY-N0>U=v5b$G4H!c&kZEpd=E(MMX47;jBC
z^UaMo@&fz9`?e)+9Ci!*-Z7AnV4)R$e|WyX@bHq$@iGH12}KGiMcx++H<H8@339}u
zNQl@+_<kn7KO8@wh?h3Jyc|AX!r`SIFN^W%SWx2&v+%M6pI&FA)Gw-bEWWa<kqJH}
zu>U%7Q|vK9t16^bbSbSlD>|S4$d2Ak&z?np(o9m$cs2g|X>)J-d35^mUxk2vjetq>
zg%K&$F;JbK(y@VS-yiB=j&Ac7Z~Q9YQJbRU$3fMr==`UtcmJ?L%h{_CJ6nDOL;A-z
z_3q!4r2g?ow~4gAGag;&;q5mvlzv;+_U_-5r2d_S3bBU|+?2|Xz3orNteHp5F?79u
z3lkz5<6liT1Drt-u29Vj%0+35C|}@}wh;rV(dw0NwsWkn!7JZ^Ceq&UOa`MJjTJHU
zE}BS<R<;_WrEt>wV%A1pVz|&pma>{<7XaMh_A87J&k#O}NUP`AXPaZc_7!i!&p7s(
z2F-ZdK#V6Zo@FQ26E3jWrR{#{Z8V^M5sn+I#AY&>QhsR{#`}bZU^@x_NZ+>mD>jwY
zjB~)CvX79se<fG3Re9)!{1P^F#XgKOCP;^~%gl?j1U&C|2Rw8>#AT1SkQ-JavdIlA
zxsegQNxzXnZe&KU(r;vv8#Zz*lH9P78}?|fe#1^~WRbIj<VF^`ksaONLyWok*`BJd
z#q*pG!Oa}cioGj6_Ri>f+;8j$5ns*N8{LQkDCySV#x(O6f@YOT0H{s}kO4my#E<!$
z;^(oifS>QkUjaWKlSQx0Ic|lm8k7z~I$~~1MT|ccG2>DZb44m*zLAQUEHwo&-8zJ_
z$&H-oJ`F-S2%-B3gmQHVt)tI)dtoHB3+4)59+%X3n3P4*Ps&akK1b_&!ROujbo=8d
zf5xTA9}<*>8c>*DoPBE!<FEdB@vSJ(`oPZJh@FE3J3t4tbCdA1trvczJAZDE;+bo-
z5X@+p*;r{4F4v;P0A}5ZfvmKSUYA+ny8C>wa2qQ%(@&<OEq8nvn09PUy@{N6%@hh7
z{L*HB;eVnt@BsAbf>4xloruC$SDa8&07yVd=H9tZ0}PYpxrRr{xr*R%qb|?T-!=LZ
z+BQq{2h^aj3K*IrZgFP7B?;OfNJog3>E>1}1vB$T_y_FFQuqf9O<t5f1Tiy<m@pjJ
zFl?0rdswxDm23$4C&+kzh=xqGs|TGkJ|yPM{`l{#=!fy&+0jksRCFzUs~7fWzSZyg
zz!-C~{4xM=&ML&8S;wE{oZ!!*;qN^Se^w2D>oxpkB=Fa!;V(0RzeY-9+gHTjsLHc~
zzYPX?7%@Q58vT9(a|l5{z05=iaykTU6oPgN!7K{F>;wdJ;EP-e!2vo1aibynSR8`(
z=n(_#_8DNeBmO%ly5XFOzLWp%1;6e8R{My*O61?v6#2)bmwz{(ru+*mPr}~Yso0w=
z-MQT!U9DlujMxI~HEF;?EFK5!t=6z<MQl>+{ZqT8&tn05FKMz5rcFZO8lvOAH1O6f
zKV9G%^zUTJxsl-Qs4nl`MX<f8%ex0Oc^5|=IVT1f<8c}XeeM~~7j`bWU0~l@V8hGH
z1(>&e7ccF2S&UD=0|;4=g_kAxbVhGEXw^VigBe|*+YDQM2v4%H|2lq?0edzB_Ur_E
zIzAf>_^dmpV)4$`d*PCMy_Y{Ek%u>@$U`QrJiPfd<>8mZqea7GtA<CbhQ|gY_$VG<
z({5!Z@c36v7Jd~xj$Qgy@YrRLf9(cHTBG;sNYvIBGNaQIkhCR3(w+>-tYk=L_kyHB
zE;2eKpNm8CU>uSk8(_H20K>NpFswI-$yd*rn0&9c7aady+uNTA<)e6d_Til<AH7mX
zyTXM&X1JsO;fmLsnY!MdUR}SPVlHk@F&E$NZ7#O-HWwqk%tii8P<s9~?O#S+pW0r0
zHOXGQGud98Vz3uW&%j<}b!DBIYA=3nKxEW_$PWyNY(J-hanh^3kT~Mie(lAHr)4i9
z9xeY3JnH7-mK5`GLvQnOU2pSoO)vBDjPO`}_1VFr(SH0}lKpr`vi&F;>_^WT*pIn7
zBrU1-<6#2~_ZndMzCkdqKWBpRjlcDR<In%rul-nYdiLWT#D0`IcnV12=zoOM0_4|d
zPfk7)B;NbrS+OVA{GUD9FHZAb?uFAse@$;s-f>#?<Q>GGJlFU<tM=s?;d9-6XUo2f
z{GWZ<Cp?3H=>^YQ{(^YprS7WM;5VVP5)3DerIlb9J%Y~`o`fZg)?LP!c&Ryh^<R4V
z|H1dTRX;qr01T^_RKj&v&=L;3L`yJ!e;V~)MZbRer8BMn^I}@U{byAF_19_rKjZp?
zC0hUgd`A5rtM&iSXIlUHH);Jpqxu((*ZP0P_3!a%{r^)+{c-UqO6&aS(eW-u!>S!3
zh9AI~F5dul@R_7YWS1?}up+Cis($ejEM1U32Tt_^2eh&^xE~^@Ye_unF6BoU@XS5Z
zxo|YJ$w%^8#gD^H*N($YFVXW{?Dk`DlkIW7AaXyGFcz0J%qB{TF-YN2X^Zlsj~IH6
z0!1svQqtQYEhandZ}}LWN^>4%>k>EI3Yy_}&%h<u`r$F|z@q_LzvObf#7+3_VPav^
z;zA*`HUq>CUl@sEvPw)L5IYQiEwL#4wZ=Ze_i>lLdpLgn1H8md`0mT$^CjQIOWcI-
zF2<+d21(_^P5AB-d^!~dVtE!6lkHidGJ&6wXq=v|W+oWs*?;xi6ng}QBxNw7SG`DD
zkx7DV!w*~ZyYz=WI*tCwicV6K&tFZSDy_pqb{I1TlSLG7DsJ@^*ZYcF)$$@<HboAA
zT01HoB(bAG&(7%w56yz~o*;Dz(n*loNR`ER32Kv;;j~SPC}DIfaR*HcuS2ro+2%N{
zXK1vZQ9|DD5~clq+=NP@wN0nBRYd;@oz_6K=>|F;r*vFspktX%#|A>jvLre-0UZzX
zg&WD%f`I-}K*uIR$0kb0GM$bMOD5xGf{s4C)alr;<R+kFS%Qvk=wv0(vB^NktCHvl
z&oW~x1hk75(c10AU=vXF{D4LrOBso%?|;xb*5fNoMLYUQqy`?v#6Z_=G%&}ojc6o*
z{k&;$B_A#`bL{FJUiW79Nu0)Wk(k5Fkn1Nf#=NvXau9d)51}aVN_i~0LXJ3v`{OKw
zezT*KItmn)-fh&v4!`&Z&FzS9uGi?(Xj>u@w<8#*rh!Y!;CCewq#5XQf_NcS;&?ZM
z-O{so6f_-d>LW1W(>w6QO^K++cVkG}aG52x6aHFbThI$Rh8?d&8Z{5c5~txM(x~}z
zC~?VTyhIu`7vodjOK1d_CHQnal#s*LJ^&Q^f(bn0sXDN@1QUX?)r3AswdnmMihY@l
zE;WS9?9o~DM^^L}`Xf6kB-;4w3rX}Mc4glLGwTGid_4p^`aC6=r8mK>27+ZI6D%`{
zV79&q_S!KrKvqJq3_`F>N-$e8!R*Nd%St9#b`rsIfnYhOCYW6(Se8z(Y@J{^MuL6(
zd&7S3>GPL-p~$X2!bv;1$fpjW;(gI|M0A~CL;pON<l=vyj=vTp_=}ZZqLYCHkFnD4
zv|DjLV{1snq&Tk;9}u6s!0Kb`dPMh$1(ylZheG6F#sqoxKVT;F{0{cv5s4AoeN<z^
zHD2imAeF=jU%40ar}>#9La5R1EAA59A1>HXDv$h!ACsr4UiW((`<rIJs|RH+Tm?Uj
zzSl$15nV{hl0it9%+52D+4+`ab{3P_xy;DUY}F-DngJn>I6^XYmj0qggUV+;8dPFE
z8dP@o#QWRu+xU9#m*D5G1t6FGHXT1NNbqw4AQ`;@lGzI&wle}q<a3Sf&kjH`bbw^W
z0b)xAh&>q~S;+v&P69|=e4H8}b{!yDIzX~@faDkf^1J6q{_+V$DOOcS|Nd;x;&Owu
zj*rB^9zOvsy;uWPB%1G)oh?3g^(S296NiuagszWOg8Wez|3C~cH2d6Nuupyy3h=p4
zvQJ!qCCNFMEydCmvC0eVtgp!{PtAQ3mwdgf_dRkVU?W@g6qy;c;LIIfWUFy4RyxRM
zb@GxWw9Dd^mdSL#pRAE#(ng9R#TMV@pKO8a=s>!!K)s0B7xn{^HYQdpGKA(P&AoL$
zSYGXH4OyfJFU;f%TZF=9Z2l9tn;yN5!8B9Q77zPOQ{oK5G-tkk_`pGOe|l?XJ8eqy
z1??&f6#T?RiF~psA(A*@<oup?3<0`-2|a(X-Ybo(5pg{ti=3G3@|9eyt=HDk23hph
z`~z=pq&Kb6TM=mCg&Ab|R$qxe42avf<hyuj!%Hv<+n3D1OFLc`<I|g=dDFA-vIL(_
zf<kieRyMcdI6w{oMRHaU_p7c3fE{|DfPr}Irf5eGsnizTN`KhN@-6(xims(UvZHU1
zl?Y-{&$AacCC;d#MLiEJ>RzWOQdSq7he-j6B?|FWOB9=a*=vd7<zM!ZUm|He?dcSN
z*Yyo>vc6Vn*70p2_%6`#J@nk*+meiLZJ%tiRm1nTIGE%3Ua#*<^uqU>6gjq3e9t~j
ze9!Spvz?jB-XRF^I{4W?z~`(=!MBYD{2T}XnB#SCXRH2V0J&9f(qHjrE4`UPra;J(
z(Fq#JZOI_FCxbjI8RXeXAkW2HITYmGI>=v$gM3dM<U4e1Z_=^ds$;vJ{>ULK!s!kN
zof_R`pMF_%fA+Ip=x+a6uk~T#e{4yS*Ec5MECQVU;n_gPxIZcT)&n4~4=lbP<u!+4
zzuDCr(UrR59nsa!yCQ7p@21nm^*>T@-II#z`vBKR(#!3x6uFII#8Tw;l}ul9dl+Mo
z+iRnvR6HB*by@+W8%1|J8~UBrvWSuaoeW`C-OwN4qv&uIQ-{TokEfpr@C$U{Ysb|A
z_jcvr;C5A%XVb;zf}~T{`3BU_NjYBz_#a8}@6+Y`jcnCQMEMa-zDIq~4iaq}(?{!x
zenn=RuXvL<HqXh1j*>mK?Pc<?Reoku@d2MZ=3#%cR&ebXLJgp4V}i6U_-=G6MW;1-
zs7KQcO3zu<4L|R#8y<<X%`#m#EYSJq9-V*g(D`TPSJe&nPrfYo)IQsbdw%?EU;fuU
zsrn!t0~z_ptn-iMzsf%;df`NhUKq#p(hJuxed&cl#-JC{@z4LH;h*QfH2?h7@fG=}
zG)aFPW2=@Kn8-?YuKQ)8&eLO}$vW?R(xd5~k9y9k?s=xS?pYaUqD4CIJfQQ=4|Lv{
zt?QntXRLeLlrPIYi=XbrJ-0rstsjy22Y6AN39~K-Oe_P|GR$2P`eY`iz?NDCm^=#1
zF`rzX?`Il-hXgsd4L9*fgqRYN@wdk7<Pj_7B8m0k@H&fFhv@XMgD~2}AdKF<Re1{c
zU_xtV_Ri0=^(k#@Hnjm{rT?^AfFUza-Guem>P<+B|M1j*rT>FQ_u2nd|E2y<9+S5J
zSbc37qpdP{OE$8PdRO6QX`2w)Uo>8_4*jYJVw3y3?@3aj*;wJ`CsQl5e3c4~{agHG
za{t0JRbR<wHgtQhD!)=66Xy|aDgDzc{Pc;l*~c{Tkg>PdFe&!qXpEqUr}xsvr(kR6
zs9ee0?4xMEiSmU;|AMKSf5E-zU+^hWa!R1k;9n4&$4UE%Z-GT~#QLQ@HmA1_z|OQj
z08!lsU`BS_TdH@U1@r;1P#=J)cASqS{G%4m#zj(Z$!K0`VylYL!>4Xu4<D-U`BD)U
zU~qa;<fAW~B4m5-u+K>|{)GCj6av&~1h5zgkY@Z3etqM=)qV<ZwZ6uG8t#=s&p?-V
zvQ<TDAMOjGrZ3XDFp&Gn<Nl6(>Ty5C`OWcXfd8=9sg{66L?VBFSsE-$LxcHWng&yC
zr^^F#QtYd~_@VGD^22qHojE_azdS$a^f-PdJaKmD(U@_%Jkbw5lKG?HtMkYI)_h6+
zAo{P@M=L);p9!#el1v;ROO5E{aeT_rsF(?6&FyGT%*8+RaGVzN(yPuDCYoug1g(sD
z>>#g`Bu|)21CPT!9xacVNtVaEX#A{PgVm<7e;)0lfn@Z|{j?Cxp0m}&o5vcOXdJ(i
zzMA)69KXC9`x(EVKJx#<_&qf~&G<z=wa8@-p6Luvp_zSAJId2@NvxsG``G8(*oU3)
zTisB2T-w_H>B@a1J2?DaxsPP1-EUsGo1{3#*rcCY8MseU9B(DLY4_*5+G!$RKAcx0
zPtNC=Lu_5;5HV~$#?~#&3pLq8d%Iy;J?<FqYTzTs&BE)3gxYO>Oki?IP#Y$Nt>(ZY
z_$^8eLTI-wa6Xl1AdkKwGTV8zK~UQ;fA%rk{PJXZl`Sx>Z0$r$pnZ#3VA}jl8(iWk
z?}=7;1pj^~!_TbqGn?^NCj4&`nN}<`)L`e`4Z(klOcOK_Ln?~ljLYwLnS8~q(ep-{
zF?~uI<~lFp+{YH$iZ_uX&jQm~yeX0I{8)0n^Yaq<&W|nJP7V=xr8Z1?zAChf{TCVb
z-6ZAtD>UW#GTyAVc?&mj(ne#-^9H=uQl9HH@G|5s$$7ppp7VTToD$5j=z~4U`Nz`w
zcOg^#7#~XSaFGKJ+@2KV2_(BN@o!g~MCKUrvHCTc@9*Q0OcCY5hk9TV|57ae2qP^n
zyiSWG8jq#9P>ZFxutZP!lj`L~w>Jlp?M*Ig7@P3>A%0=0uSZ9Ra0cDc!^?)oRafBR
z4F;*+3++?pUxSM?v~lE78h@$}A5P6@n|6E%Q$Le_fXJ39x~^*@^jy*i`6~@0^xS`O
zgz_Fvj8LL=)!$DVqAA6OA^Lv$A^P{qr1+#~6+c%m|C;dAwc^zHxu)pU_<3%{ImXX`
zWnUA1-hJpa@WWnxYWysHsPFi;`7lU&3IdgcL?$bbxW4Hl+0Pvq$X1Z2*t;SyREMdK
zhsU`<H9zwOdU=vOk;J2Lzq0d3J<z(f(4-?|z<!AXhS@Mf9VdCYh?grBWk<EyR8>!w
zN!hBukP#i}TzI|anwl<C0~u0uO@)3XXK*qs0-$p$FDbp!KH*Sd(>}fu6?nX9)zt5g
z#*K~LKxxpc{OIILq{1$sLRQoaUx3w{D@siOEalp6!*Hj3W~)pee>!QrX-MJE`Wx^g
z)Mg<A4j@P~;`c8(^@!hH^|g%n{E_{PxVNtn|If0-h~rrTcsrMUtD9+V|5O|Je|7ae
z@J}pDl?PFISrY!EOH;1zO}U<xay=>KdTh$|6)D#jrd;QwT%TB)d>u=<-m$cAek~yZ
z{ysx-zg`QSk5RL&PR!^<Ls*VvNt|++sj(PXnQU^iRqx}Jv$-A<UffA?g^V4<R<FgI
z@~s%;IhbACiupsHjl?YSM0Kp+&Q|{qJie2+STDt9@bXLt6wq<;D;PmPAI;t(5$xd+
zyfhm#(8Svd6YFJ88gvJ9)d-<AW?nA!5O972D-849yfn$f%acm@@GyoCHQLdVE`sT)
z?6Z&c<+4wjNyGdm;DI1?=ewp@e%yZMD_|l!yWNJ*RZdmwB_B*MKgFo(BLun3F1k9P
zfez8FEO(NG8GF6babDW4Echd15~MZI5MG8R2R%_tz_<$Ly`prmc#~oY=0c@o<q6%@
z^^0>b=i072$sG;O!~c?R@-v^1ibx59oGH3H*hdJHVhRVYB-hDSVU(sQrgfn9vY@U3
zR`p6f%HLnr{NxWI3rcG^OuIryrW(%?VwIJm1;c%l&?vn0DLD$IxI6KzKt84wRy`^V
z5^<D@R~ft->VTJ(m50fh0@B{Y%J6?`)jdqBqs?8^5-Wp$7IMJGR<c=T?<YTwgO)|N
zvqEc1l6GP6TaX2FKo&UIx_X}Oc};UVvU15e!ld^b<6+?KX-bQ3S&Tf5b)`IbXK~8;
zh;;lw)ceK+LqN|+#;~uGBa-;RY~%+^oF6VcO@6SP3x240A(bEQOX7zkKTPF^_B)LH
zF!)b>@B^-!0}XPWT2hJQ$PlQPC_jKe&=}%(f71|pq&GwC(HP=>figtY$PgnAq%uSX
zSxM6C3>Fcw11#~tr$&}={5>s8G-)iMbAtz9-7al0?&P<Vo&5hQOEd=iV2OVP`^@k2
zfBNCf`C;ns`qvL1J&?)|k=u;?VELb~s2`sG>#6m_ZDncn!v*_KPe0u8iIEvBFaQ5Y
zKh)0egBkvJ{{QKRbE6+hpX*;gY`!;@AO1GW$PY(;|5f$F%9l>9AN-|h^n-oh>FS5c
zQ6o!qzV!bi{qX#QeXztY9_(8`keQ~YAzT*95F?0&AahJD2tM5q()fWKSe@p~XR8jU
zV~Gz4_6Dcnh)KW^tBo8X%8Pq(#3~=Ahz5PoMSZrAFoHaR;{PTM|AI8d19M`)|46|9
zS{?sBlU!;aTM7(t1!+W%hW{%7{#Pa8|31Wj4uyXy!2cjGPcS0?asvCqycAW$U+S<A
zmPJ2idhL(Wd_9Q&xrp}VCdvT0h^AL&(pwq_9QqC60KTHsP8-LEy%CjXy^Xl2qfO4=
z4&daRt-6<VVHx7VM%V=V1Z2;pS_98yL@@xRt}nWj@4u*_^+rZxk1eDCefX*)<RrbS
zxI7lEXlX5R_65eFjItAt?$Rf~qZVYAQaf>j*J}>m0Tl{T5As^!UL&(K>ea8N%+h~1
z_bi~@tTH8abJ0&z)s3Ssbpuj~cx6NF(6|xlc*~K(TO){9URvJ5g&dMBO1T#^t?K^X
zjx=RQ-S<&W!{;fFuDUOEy&*ln5e;-}g5m0n3^%ebhCAP!hT%-+es$2UQ|X`-JR9^+
zajO0)PtiYOcoc)DX9@oaQl_qdZZPT}Q3|H$AJBTe^iK){x~Sd}r9;ZPpT-%mG>V-~
z$-jX*3i)s94{}X{e50m+FvETEt>lizeG7i2ai7nwwN1z6S_3ZqKcu*PIF<dzGX^b{
ztHlr8XX+&n4En151&t#nG6{V}iqw?WE1J^!**J|M1*s|evQcwQ?$8)gl!^@MtEtDJ
zzH);VRDGR5ne+H=ohf<gedVe@XiaF=nX=#BPnnmVD}QXzc#eKG-dX0##9|+1&h@)b
z#hkyI+b45A1&>y7)2Ej66=haV&NXpTp6MS9uArjtxw}1RE8Y?P1b)gh96WP8bgY1V
z6iKYMzDBkMJJgop6LO`d_Jb?;l3mzNscGe2vID4?FD09>a3^xm%D`>13EM=r{*-)I
zL~7x~xgI`jeT=OWAIp~7Lc47%chy6=q2rl>g3$4dU@#KR3>`BEJk_niyJeHW)QeKH
zGVA+2YV12lBd9uqw+J#%mx3|K7YK)-2VRuNnJ~1(bwDk(+#b6!{!**<(uK0gFOM?$
ztGfaY<ct|PCsh3RraQAu=oqrbj)@VxY~7S>Aw0@0wQyHh-2kv<ZYw86B8t`B&4%zy
zk5msgAIbDet)X2k_d1RWw|N&^=Y7P^sjXb$F|V|qjt)F<9fB)5K3pVf=2q?^KN-9Y
zgXCq_YopXfM(JR_>kt!(ZtjUM_~PPr^=v%8GgM8!i6>>EmyviihoRXUCWS{~VuVcG
zu7$yEDZRq`SSD>cyaBC$cs#rudw0$%7=lSeBu|@KE>Fz&%F6};M~nw)YnmtzE14);
zZ{pqCf-}8xAlt!{J)z*m7+(Ppd#QjP<hWlBbQuidJ9Z&2bvJ6;GW4b34jkCgOR`Oq
zB<nbMk(WM1_4wIO^G%avxI+eeHreT+=bfid_573JR(6}Lm}lh^VpFVxiHZ`rk8mT6
z=O&jqIC*-$$Q%Z`EF1!0I_zWX%JR5Sy`2knkS+Yf6G0%0OegPZ<Rd4Nck<Wyr8Yrr
z5W?2%zycnA;~xH?IjeC0-p_1H+P|NgvVZSqBJj_6x`FR!8vINfUeg_X`Y>q+A0OKM
zObeE)ZQ;L`*uTHW?=lr1@D;Zz<+)}P#t*sey9s}YSD41W^e6S%@Jnk2>1}DVARR?D
zIX6Y0+4=B&&c%E<0KY&S{yN)&DszndGR(P6PDX?WBXHW4kADil6m;@)XnMjLuk)5B
zuXCyipUlLM9l1D}@H%hj!^>!y^Z4*IXPz<xN(I@I2T=S?0}9OdfD@`V1+GH*HctrW
z4J_^o9UH`lMSCaDj&FniJ4Lp%6J4nC(QTxF)ZvvBr;V+x=feX8!3C<(x{_yF)DE~`
zuUMS6ab~tEL{<yxL*2m6xX;6Nt@W_gFA_)uXcqb!44#G!%O_4F%AdLz6SWP=C?p=#
z_rQbK^-m2C{&)-?{MMvpx-~qw_&7XxRI4^PNzkfXJlF8fai}gfheNyF9@@(oo^+ms
zCt_-4zc>naN2k{0?S{Jrh8v}y!41}M!~8iI0+9m+fd93eJjzNRp@*C@6y8M|<tx9A
znN7*Ze>rtV5!geTtJ=*9s*kzShaf1)^otKKR```FLMT|MdFL23Q1Pa!O>Fh0sO%>b
z!F0p!&^QppIWpfJzFC#ZyJOj}gJ@AZ*$CfV-TKfQ2$OszI5F20dnHyFy98#Vv}tB&
z8ve2?-C&rY-e2X)Gii_Q%17GGrEoJfUlEv&4yiNLQ4;FT4-VqxDbQ>Vn%zyBy##&S
zB1%EzU`}YSE!1NTTp#MO1Vy4>b8UuK10~RbLhJzD{+55(?G2ZyUWw}_Q8w`lrkhw2
z%_xCbKV!lPrL>a|{V3lQ%uoj0mW>Yb4w~f%O56M}4#z;R%ys+1JQO8#$8x#X$dGv1
z2;2qp<H_%kliZ?npk8(tFRd4(t%_gBHIdje$DxwwweZ?o+Gzf;ySnS48XQeF(V&ar
z_2@lnU-1n~(3~zpBYOlCE=ZsA@&(cdkpmzKw&4hI{~vo_9^X`z{+%?TO`&k3vQ(|o
zYSk7ITCCbY!G<PqFC<upMI3P%i-?LN(gZ;^A&qjq1{s&pade!~S#W058D|D&9EGOP
z1w>Xw1!a@vh73?Z+EQrqKF@RRO>UMhAdb%G{rw>(>AB~g^K9oi&vVZA5kI#+u{*{3
zM4buz+&VGv#GaHV)|wYPvN>+~T6i|w;k(TQ3(Dt${xt6!`jI_X2NuF)1KVJ*!QYJz
z^u+P5k2!cD#V4dBFmbR-8nXrQQ|FL@oafRc^c0udb=Ja4SJy%t^i7!E+{$_aVLD{9
zY~Yr|YP<ZTjkDD|#V?(lZLbaan*t`_Dc}G&O5DmMbleuNLH8bvv-qh^JXRSn;D}Fw
zU3i`B!dlNMunUA`;NKh&VV9(D+@8PA+E7!>**1ZHlO32Eipn3td$J3Q(%t>I<w;<<
z7C)&|`w!rWk)=FM$Rw}{1^OvTTJeBf^&BeM&=s~^9bRz)?+Zv_1GO^3RDeE$SWRAS
zBPvUY5tlJPuMCQB+|ILMfycQ?z;SItb@E~j4r4aq5Mn*D8u`^<pu0~!RkXqeN!-Mj
z$(R6l<OX<;-^^PA^DblHRAQAw+#~-<QXg>N6j*Oi4r}0!z<N9S|3%r#jvQ;)qWs`b
z@H7v5g1eWdgPV02$0Z?~X&y8snjB3Nro5&kSI1TKg)xes!#>IgUoJ!pJE<U>+~)NA
zP_u`=R?-G#a1r0r0#vc0Xn;>)6OZK9SS^oba23}Y@Tc1*;l}*ei;2SH+v*3Vi8rY#
zeuaH~jUu(YUhs{_@<WfKP*uDEe;DG*&gLp!Zb9m9;VRyz%YK`@4P3=m_$VIp>`C#Q
zGIABw_^mM?6cNaHO78hOkrD9$z)w8f9y$Io9LV7{;~?&$K_oH!v6?4RH^5M)A}p68
z=3c~A3Uq5BIE+zxfnDfxaK8<t%zg}hnt}MAM|#YD6h1$WSc^w{@mZ&4PsOi@OM5hf
z&uX1@H%Md`cySTDn9n-KXVnG%a|Y$|sNDS}BH0zg+aMX9Uaq2%Al6`D;Tg2yRY}2r
z!@q{$pHO#$zr!6ixAI3_1cufD@2$F$&)Pg2tB~D>Xq{F4_^fTS$KzK-My$%mzutmi
zTKKIH|2PV^KHTyJsn8<<Pq~M;Ny0!r9olJzrpduC*oTzhCicM;tYsfkgDZ=17k&yD
zLhx1ZGWe=xwCk}-R`3UJ1%GfItcQ=P{-8CHKUjwwth~04cdAa|eAOw;h&^xqU-l12
zmC*T4c~BB8<&`lzLO~j722~e0d$qSg;Ko!3cZN1t#m7p6+omY>*Eazj_#{Dp3bsMu
z)`J%Y#zWjFh?RjyF44#C*T<_1>{M7SV4cx=lPNrShNiCMU3FQ9!iV7-v3|4c*_{qf
zn@(2*QdeL?kN=xL^`So(qGwmktDaXOF6qlorGTFc<~>yBX-ejv+KxIe9<}<9CR;rR
zVS(=c_{|#kPn55!4e4}4pSVz`TX5^pC(NK@&*D8w-{J+0p^)cP3HQ{;1{%~|^jz9v
zUhfa>q0wHzMmwxT8Li?8?~=DRrRW0pz+*$J(y_yX;8YFuUx*(Ef))>5h#xDqV1q^U
z@z(~mf%lIo7<h{G{$X72ZtOh?p6IgRC=9U)hUmtJeBD3NPK`P-vrhcOV>`*iPCiUh
z-gO~sc2QijRA^?0{q9Jc*aR<F*E$5b;HQUru!lBUm4}cuxBszi)^u+|*7)UA&u#<w
zik?ss_W~F*ur|G(gMNAaI<XQuuX3URy+R#YclMTFXy0<;t+wCthenv#KE3j^GR6n2
zar4J!A3`&bfRt9CewQ?41csi5cIk>AFQSho<jIaMN_Pr5ZzzuKZchVrcMU$VFaz0)
z9^TN^$oz^$usjc4LmzXEY6I_TwM&k5IW}&DOR!5!LxCtBL{T(wPyNYAjZX}V6~&8K
zFN5NG;jtI2UNdwNzPI918p7rHv5MpmKYDLaM{^15CpS(Ibl8tir!?!SNdC>S&AvF9
zq6=O@ZF;db1LNBK1KMbrvqWvdWbDQ>OvaGWU6-}Z=#|h-aYMDqb%l0FH^z;81ip?U
zFH;rdDBR#xSYY;^rX<d5F)EW%20T5ExkjAS3)H3$YqKV<&F*i2K7_-j(cL@Z=Ke2i
zHbQNt^p+aOwdb%|U$t3p)~sh-vxl%5LXT*b_|;*t&1~3gv)W7%l~>}LU53s67}MJ~
zam^Y|Kr@fpES)vGE{-4@vDu`Umwpu2+cIo+gWBw3*32B&+d^#CBj%-F#`X4NY<93E
zy0-&y&9290l`YZCx-70)8aDfd+Dy^?jJRg|k3+K=Ezvx^J+9eGY&N<jnx~WFn!SY0
zvSWJV;{<6sHfuSfG*g8C@}aTK1Z=kLO!Q3W#x=VFo4u<xQxu^`+}KVZgJz4>W{Ty?
zD2i?N2{!u)G#gq)OWJ3u*-&P4Z(PT3;1dJSL{oZTT*q^;ndwY42}|Q<GY*^WIUOwp
zkH$5-4x7DC0Gl_wJ~)>J4BkHl#$TRr-^cK4uT|==E0H8}QH24v?I&3b0RtsL3p_eG
z{OB#+pwXr5(TeCt_1Z@(D7S;39-n7WK23*D!MlQ!f<F#U3{D7+3;rlr8XOaJ1V;t=
z;E13tI6PP!92P7J4h|LuZwwX$2L<zj1A_g7{en5ctAp9Bmwwnwda!q}XYj(HIoKnZ
z7VH`{1(SouU{VnF95p1bHjD!_%Jb5DM%R-S#4Ws74?ZrqeOu`ARv+(L*Tob+_cR+_
zoVZch!)y+e!VWdG)+&xFT^$o27&n$e4yU>00}*Mi3m;k?yhOmn+Ai^koFh?|#O30}
z)#9fVi})<RLADC5AwgW@C~Luk5q$3FEIZXSFWrH$$DQIK*ncXq+&cqT&eO9)*sZYj
ztQi%z^?Y+M`-$Sg&GNp5={kr0bTBD@2P_0?FRPc9PJvY=8Ra2a-VKzyU4sok@#3+i
z;t3X)c3n!5XK?uWvg3GNvx<VtcLoY85XGR@Bz`LUvS8DCD7bS<R6Hr%!)0m@`1m$<
z$AOiFUgKqb2rN!x&%*r{Cgg&jXa^K?pOsx>#Son>y{lO5*`McW$#h>7b4hdAbvj*x
zKgE?QNX2=9=NM?qjp$-64iQevPhr=x8f)7w+^b7QUwO54;n$ce0oVStb>Znsc(?m9
zcuUn#%m}*YA;bsP0XU!+8g~l$HNl6h3qwy}t9#$VxVpP<q;aVYJ$P(uZQN<iuW^<&
z1dF&8B__KxG2N+$ErxM5yl0DbVKcs*^Wr%i8@Fnc-Ey3Jb~JqP%Vw*-3coHv5E@TQ
zo-5naVs<A>B}VQ~De!6<;9ZizAr_=KEd6HQPi~4o09*Jo4$2Ae;-}&|n>aVy=oD+6
z;%*1VnVjNDr?^3$xSueHc>-j%Nz~?;Q#|6pEv3@C>kY}E&N0WvUh~+sF}Npk%+*&U
z@ry<p(Wff-cVdX5BXJ-rFjSKb<(|UkHOkO8q7!6xq7sk8{N;N2^w1EMN6mC#G1R&2
zesH=|tjCi-(DD>b2ty)kTH|0>F8^I91VkW^S4~m$l-c%hC8Zv-hpY9|Td6d65y5KW
z*9<}Y2CH*l@9@p<;>_9(By(nMbBG6=VoTtUEtoC(2L6;3JitB}g4@{#V{kLo_vXW}
zK@C*4`zKCrB`6|(r@GyD(04?=Y@ov3<LR^t!d^B|<?dVXU10ROQZziZ_=#3<>dFb;
zvSC(HaYK!s^G;^)mZxtHU{DlWCldl3eo7%X3_qEuyeoc64Gap!(P{Z;wZ1pPpdj#4
z3iyrgdl+~|=16YEBy-m&VX%px`{iV4=dyt=p<v?!w}PO5Wc3G9OC+P2*EczQmkqf-
zS9eQUn&i}fVFgE?;OP+(CGZBl4L$^Nbvo7_1i4AmB6DowKTNTEceuI){#vZl1^N%w
z>0o#cvq^z#xkXA_=ZMB?!88ev>tbp6I&A{1mO-Q0cvhdE?%upb=}t4Dfg`o0tz+)*
zmqv`;G%$9szt8hDF=J=au<E1nI^DwkXuJ^Z1hc*^WF0uGr&;gf$OK|`-ij&UV_^3@
zO?j@-o~E!l;Z}Ss85W+Rhst@W2QQ|j{L_REguaHi40`O*1oz!F16WN~r<JTu0j@rR
z_=&jADOQ6@g8s_E-DqqY9pYYID#)fH#-}u|borzn_(Eg&g)^V+ph}EMYd19X(%!%e
zi)?S+A0QI;=*lhcU9n|WHXo`94$@wNiy`Ra<1ot8h$lHemLK-usv7`<q|jJO>*3I!
z0_&-eIYoZ@HgJl%$XEVYM^u_bH}(d1`o>=L+heco#n4)N4@o=bWM0+R==)z`GF;1x
zAM^ghnV^r8bGq8Z-HJ3_6LX>It4WxoE6$6(g(dhhazJoU@=bKe2$9MJ@l#j6Mv|<J
zYmi1<1zrNRN!JVdR&IGRW&!>}S%8|rX7aciL1aLI*+K;tMXZ#ocZNdY$1wnaSx<%s
z3hE=xGGU04^I`;u_lCHNREke^|LI+)LMzdAejf!^UT~uU9X{^1O6~%k)D5476%qyv
zo>XgKI$rO(l-Hl;)%$K=>gfCeSMfD|K)u{9OT$}3fnz!*12yurg?K^+-KrYkF2+Vp
z%FQ;cb0uzqzNJy7++!ZUdEqHs|5xEZoa2<Gc3v)~9IEh;(a+uF0Y)CjE;;WW9bVwV
zgTiG^<nx_y;L*43@`NB}hCg?J#f*9+@GfT6E~NqKPghjBy7IM^^-sSGjSXy;>f9=_
zV~#XjMnU0S;HTy{pvSd(7~bToWyvx5zJ-YfSg`;_e&IfHlDHM?VTS1JT*m`#J$ugZ
zQa<J<z^j$rjwD?a9Gyw@!vreUx*ilPcHPYDJ3zgL!AFZ+EC6=QwLh4t!e5Gy9tu3)
zf{1&?W-FL!hrSA)ovsG0i{pdVd~P-GZ;1|8f2;{sPf>%_T%!0ifBu8g|LD(x(ys-<
z-b67WMnN-d$kv0v)|*igyp6CkT!k7SUvXPkU7+=h_AqXo|BT+Y{|K(%lk+rI;5y(j
zSvSv_V$dygguVMfWc0LTX&r-kcZSy)oA@<znmwoCAw0+A-NAVSY^h1&yt^>dqptz0
zfxerGtJteUr@+j4uO&k|0!>E#;i%QcE)9V1BVe)RVX^f)r6Rv7ehbgA11wk_+bNzI
z<tZAd<6fvNHdPbKxAzi)4q9NclA)MQX(`0g6<c_A9Ak2JrW5@}r*ySdnwjH7GlH2-
zETDylZZJdkt9%2??}0!z2mYXooB!dvXnF>Q?xR@BC`VRY=RX7sVu-98y|{r4CRP0S
z*a2(G7hj;K7+|V`fH$Eq<d8|MR_MWb5jv4@$ip<^yjaAF&dc(2{;;bu*!(Tl&;%g!
z(NUu9IvsVSbcwjb63l!GFv(pi4WDT96^Cr%@QKjdlASQW(C|s4q@sa59(dV+`OeeB
zLZK7f{E~@NxYjO9^trkz+_sX5HcNSFZAmE!RRx|72_PUWS@&5SSaxaDMDN-K*9Igq
zoTr)X%$tj61<`K0W{R8Gu*6-|bpCw~X}HNM9<%5AZTdQ^=(qY$^|faCon>o*@eZ-8
z^y3V1ct-B(&{}cSL>eMKk0ZQ&ScoA5g{%_|w`YjAXLx3p>f9HJ+x^Xbv$pePTX@5*
z@TLo3^II8<%*bSd&O$bzOo5!Z3{L50L4y5EC{&v1knS-#z5A56H7Lgv(UJ2m#t4;E
zTucqkJcDYc!;=lv95(ZT$+!&w{e&(9bKrB_`6BX9PBJJ^bWA4cK-#Ah$R~(=jUe^k
z$-Ted%z1WWd|IqhmvGLz5q~fsq_m9qsNzw<e>9U2W26gteKT}0Zdnqp(8V~xJe=xO
zcTY^Xi=WYP&ybmdLBTGBxCDl7C&iiZQng>s!_U*PYXiIx2DTA9$iWj#6UBf((9N?a
zMXba|ICgY&V@^ih!&ClNnv;%)1#dzDoGyPgz`#N<HN0|=mxpD0<TaX{P0V?BAn0^?
z!jHNpc+9MQtR`89zvl?P{>k_u6B-zz`epkU31=u3Lnp<VyfhYgSx9w|Vjiu#Ix3Bn
z%*GPa=*_4`I8zDdEhgiPZ{vNv#*~2}{-U2D{?V!0N89M$rfpMW2PK=IsM%#vUD=6j
z!P}Jk|B2?yi$`F}!2(`w+)p!hJDu$W4jzH=FS!@*cft50@f>dXcpbRSeS}aoBHB*0
zuF!ic7YqnsstD^9h)2b3@`zc=IpFDZ6j{@fTXKj@!k@Eocmk>|o=(`HKQ3<bxAx82
z#+Nnl`V9i?9jqWf8CDR@jNGjuFbU8FJAF-i2M6r7px1O<9cRh+eF@8b2w!5LhwvZI
z+-xud^Leov_M%OFvp(lv77Vs*I%~pv54$EefQFb!O7SFJ1&xR=(^22NB$%WNcy85k
zggG+f4lVaMpWDoNHY-#`30$776#%@N)F5vM$3HkkrC0u8dV$m1;2spbNomptR*hh~
z^5y-z;Y&B=ixd5AvBsVs!o#z$4$Vo|xk~YPy!RPBLr&nH`~#ADxn1Y*J&b2DE*)aa
zp2}4`2TOebp__ot`G@g^{$LI7uS>B$ZP(#B3Ep3s0*@pGH==JT(V@fba<}cFQ1DmM
zqegB;D{pBozl#Uc?3cSpwuL6{%}v}QtdD_Om=|7^rh*HLw4W$%*oGA*ajcvdg9@zF
z4!rYedlJ0T39sw{uQU)1s6?4~+<(aIKVo2YL3sT!-s3mrH}IBi<*!IZf90_%NTsFL
z%DrCc$VF{Wvedfw1f*8AUjy`eA@th|`ZcnC&xHSIgg^FzKV}HxVJhB6fBzB}%}Tq%
zionNIcofKo;?vIU!aRmSfdW<>cTx}a9h!tiFup}#;b0^j{9W;Ay7SZy4@ab?C83p#
zJO1ZT-UtsR=x<mYK7HrnpPxUXjenxU6pnxX0l)a>w-f&ib~gUma=zl9Z)xM7C!*t@
z`;_=+cZ`2J*)}t1*9JN<KxlG`t+1!Tfaf%f8dg)l^JDpuO%&(^U(N}JM52bWO@cPy
ze_6rD94<}Mn*_3yARc&Cz&Oxh+3m`*vh6+R#dB~{H`+y726Ip1F^RxB+}`4w?9w!o
za){f3S86!#t7QK|<nhvyPNg4E8ZH!k?(pI68?Q0wf+jp*G;K7lbjE?|MW;h@zX#L7
zs)BC`Lt*}#O>qt#cr$^9uMV#Qt58ebRAykH7RMPEsBKCZsKurfs7+}zPTQI&PMfa8
zY0VU;C5nGc^LHXg$PrpEkIi9mTC)<TWm5nz*uhXW12hqg(`LlSX=gsm(88mGv|}_u
z+R<337lX8CdO5T9Qv7xb25HZLDQI+NeLbtl;hRE1T8z-PI>mzlQ%e})h%oe_A+$*f
ze#Jf*f}7a~W3Uc;(?n~(xf0(o$;qv}AA_~u^n(}7o`7F5R{Kpp{<RdgxA$YH_M1Zd
z>nMDw?|zKbKBfd}A5j9eg)C5ePdHFJfkLtOCkLGDLrTELK9~YS*oTBc+6!(3`w(#t
z_dcZ4Mchi8u4@#WH4Dyi6-D!vBLLSw4w5`zZgc>$xXpY^YzR_2kfs+p4nex~F(JtA
z7&scLX!H%5AR=WdW21<_TOWxcGBtLJr%;1ONRz`FJVq+W93>gAaaihIqio!YPf;_P
znI7Z64ym_8>}k>jH@T-O$;W9I(9<r>RkfV+en2jK3nBE=SmU((v9OkxUdgmPBtJP4
z?`znu(nTUJB~wt%kB*k$SFN7A6mb9O@mC-+zfJ0G!|_LArQDOnp|h*1ttvoaNK+3l
z%x{XHMuMj{+9(j9xe`X5)T1lx+>z>eK=lbg^$W*H{jV4;^#`gScJ-$it5R1iR1?6u
z;VfnuBQn*`VF+MavRQyFI~_l~obX?1%Zv``RlH&@<*ru%6)#s~9@<9k9e9hP-w3)3
za}AM}j@`<W@h(jNYr=bA6C0NJ07Emw(C&KqxrZ^dy9YzNZ0(c!_ZTHPuG1;&-#C8Z
zsV9#7Qs*ubq`OU2S-KmZog(}84e#B-Ra^+)Dg1~j=6kaYbR=0!A0<LBV9nV+95+Sq
z=Q1m}eLsrt69XsOJ`sjG+-HyW`+T=Vr$+5ET@!hW0a3Qvk2`}47{?85(AmynZ8>p4
z=NJaQkdOB0Yv9SHn$c73Z5EDt-qw|dUQ4Ehil`)Le_=>%Ul!dyEs=ckVaXg2Wtptv
zVJrATQ>^F>VMv?TjI`g2;gB}3)dZ)nXF5J%juhFTBqXV}JJl);C(~rXHhJzrV4)mz
zv%n#46W7r-d8hc9oK}Y!#bzZ0kVzRy204}lE+`nNk<wf=P<T`{b&Qm40V8#@({jKy
ztFf9zyWhi0-}nyBi|T@b??2O)V}TO%e$jvtug`e#1ckm|Wufo#kx`-VioTlAw^ick
z@(H>vY*^w>iq*_64gRD=a-ca=d&dLfF!%m=^PrHYBWK<a6*u52uudB9dz9(nqRS1s
z0A2;MN=bsghQ)p^!feW5_{AX=q_9^UX2GB9A7occO_9iXx)M469YxM*U~R_E`-NlY
zKfWs*nod`uqR=ZWU_iIPkHf)p;!G=Eg}e9@4C2)*!E?<s0UaS>Z<HIYU3KIRg54OV
z+-5~LU4G{tG|G*)NCm?bb^<-{WOX5Q(qG}27jNoVrLKa0Lq(<QW+ehIh{;Oq-E~7G
z?(QByLu<sC`zP`(*C;V}80TL3*aLc9@M7g5_eZFHTVU2Wh2(y%p#*cLTl)+5liR%F
zV<j3tK#+Q9qVXUE^1*^6T|^S87ts$SsaWfpz~*I1nwi%@NIqI$62#**e_eexq4)ML
z5B}Ff?}K}>(EAmiu+Y1P;4zlu*Zsq>_rTgS;m;A>^iB>(<6pSBt1j?ROf)_=KgUPn
z@zXFKuR2&)SrvE6(^BlZ+wMK=E{_?C`{$ZCd@vk`ciFu=+#@mm?zU=T@2J)}t`hXP
zQk1}Ztt~r~VnGka^!)E%un4znRU)IQiEc*)w%6l!OSf7Z*bb57?_&1=ia>S0uT2;*
z#4=FeIp|DIsWj6mU3iOBbj28{=QU1CGv}=!%Q8+E_Ov!D06N8C(_F~zH+m~^QhBZm
zdEbn%ueI-D^tCY2e#tOcNMLVKI4bOLwKDDAG$|eNG{#8du8IW7bNDdNX<r|ckGMQO
zAF-e1BU)HK0)sQ)i;ngbU4r=t8wTmDrb_D*O?vm-NJ63!(-Y!XPOQxCU=AaY;89IB
z0*_loG7&v5)?^}rW{me+hepTyo#G)u3<^;pe|0tvCFDOw8a~lCD<nQXQ4Pg~hEEzT
z6<wkR{MX7|uh9hjUkl_U2>AaUSLC-71pIFbpr;28x)V3zTbbpzOb&<r=PF@;0lkhB
zKqe*l&r6S+tYW=2x5<XZbt|p@roPs!N@rQ609IQ}iVFVIa9KEhtvu=KvkU(7QH~7W
z;K7RaXNU=u0%%E;0^m(f@7hQTfEadA5D(G)8qUkLY7+tUBmNP1!<wq;0DoY=CLPeC
z*?(TyqOBjU%@3et+yjdRk4XZ8N?FJI4`JedE*?UeN}fulQ(q14eG8rL<hl2Eo68r3
zeIqvu6zi){Ab2FRUpCt%w-OS@d*~GZPKUix9&h=a;`}z~XcFqxbk0kK=_IF_XFC#>
ze0K|A;c%B<itUSCrD4b5f!?5cf`aR!#<Ma}2JeXvYW?|IZT>RSpZhPkFyA$}D`_nD
z1#9z7c#sW9SuFRuovydvgx{vqyin05VZ%~1zTgT<gL!?ewV@Kvd`Ky3!ULOzvmSG^
z&7*wA78GiSUgp{1oq9F-F-xpx$q#PDM>wWJ@t8L4QOeRDc`<2^spO4E@JF=yk6H3p
zy<+npK)3D-dbFGWm?clJ#O6QnF}_E9{-e;TWCrq}!H^ya^B={D^B+-<>Ut#3e?&Ff
z(LF)_W2%z>n27n0QJDX@z!3lFue&GAe?+yJt8HVY1jxKZ?Z!p5Q<ECw+nldM$$toO
z`H!iBn*VUH{D*+~j|(*U4<-GP&PSy`1_pZSS-ga2`H#Dm{D+%7%((oAL!19NtMmsS
zPJa}K)oQvtWp!KWj|D=a^oP@X*mYk6C`=pakK(q|A73gQKmk13Ek6CR1NXH<BlvO&
z6Cl0qngqzdMraZsj*<ikklQH%;>DGf5+J|UD_5QcmI3KYxGt7DuEK{&kaU&=v9m15
z2SGne4!~B5+ObTCfSHi>N+yKIOo-ke3I$(`WI`s#W<t6snGlM~WTNTGQ8FRCyynA5
zCWO#J1SJz<WvP%KVJbwRREUEC(wPIJ+s}u*&`v(&@z!wfm=NiT2@&Ys82q*JD`rBv
zV<yBQ9_BsOU4l>LSLPoMF0`tdkIZ&5AL)*8<|E!@v&=_&dq(}KESCAm)Mh^Jp@X@E
zyOSXE5w6#RtCowykYvTuPuY<Qlr2ph6B8BwL&@mtaupwdcYPH(VCdwg`{h)Juh;#l
zxjLcDxX7X36xtoIbiuMLpp59?27U?4d*H^d@Xx~T@XxC$+KA_rrLlPF4vJn2=%&?U
z%!`~)tJL2_r8)I2gcT9&9kKVmk|djDFX#Q79WyV)+Sa%5p-Kc^knB3Vo^DuXl$<8c
zzFBgoakfUAZ-(A-oT2{FNzlDb%ZzOEZxfI4sq1)gyw0=R0E=U_DL@4kxRty<a(mdH
z!inqH&!u?5xvB>zu4dn-<0a>sUVPRuPW+eh6JB(#$>6h&bBpo#7%W^}_^i!B*2cg@
zsy(_)DLr}=-Y&1-+Z>`fBIXwk4MrYyUsnV_q6{{ZMOA|3P968;ZZeV=0Uh)hVynkw
z+j1Sdv0e2<>bi<bPGl!mc7dV%@OH&eegcotdjcydGE|vFxC`*X5V(tdVCC6y23>fT
z2Ed7233Hom!(Wqm?zgS|U|zF_;MWxVnvZ`SgxL)IR)~M>2j5bmyRI08cVEF?dYZj7
zIam+>rUVb+9fjaN_%}7UGaRFLZw1$?`R3qy6;=vmJ553Q=$TDPz0YIu=%Wt7#T?$c
z`||epgWpE}WR3jY&EyaBKA4F+s23V{3Hh}@czNXG<*{h@x0A=+iR7_1ERWaS7AKGI
z{Qo158!!F#@|g5rvxhcuuJ^xg5C6Oa<S(g1`Ll^di_XO!zCBJWe@WkmJxu!k<nNY?
zzdQNU+QYk;{Mp1NW)7{5yR2tx4&O{HjxQw^$B$yfaZS89z8^1+e~A`HAzmCW`y!z@
zc3vJku!ooZC{7;3_V58!9`97;aol$%kImnUJg(~9zC7koo|oitvm%d76fst;Zvl7J
zVKPw|oRY%&Du-0CPVkK}VK^bvidZ>1tZ$h}ULRn`baG&;HtT-gH&Jhudcc0{7#1il
z`;>NL>p0Kb#QJ!-wQ{!OHs9kUxXYsjcRNYNDXrj61Hs*pSa6f|(SkcnA1Am4%1=fO
z*O~lYNtb*lGWq>DFc?v=r7^I-I>y7mJb$BsZ3eP+p&gZ!wuF0gGq>nk+&`^=XQPDu
zl$^J%IiwJcDt>AtUL)`Gn7sD~dB2!@@(O*Fxc?@RxGxTi`+!>%aqpvNFJZ3>JcuoP
z6O#fr;FfJ2ZrK8cg?nhrW&l>whK=(e5PEpiX0sgC?AqX)dq?0_){lV!==&xb1AAIk
zl>zxDT@j*nr8rtwZi>>CfzU@+)ECl~YcwMk*$a|`LHIW%xF7yC1$V)}slhK$VJxID
z8<@h>#vM~LQ^Yc?F;PdR)kG47mCZ4E;Abvkdt?(us@FNhJ#9Aq%|mhL*%W<R%Wh$J
ztWP%3Cp))_Dp%R{M^-U~>X{wv6|GO}IIo@QQ>N3q5By=!C%a`o_pA|qwObBwOHS((
zD-taLOpl(6)}yL;J(>)9v^=6ms}*hd0`%yFW&zj^deo#@0CqAxI-)KB5e?kQ^yn*{
zMvvCxz?V>rVMLscP#!@}*{ZAx4lsKZ{Et~466i}d=*uPClb1*9i$9URENjIa_eQ2N
zr$;L)V`hmDd?mBlUPWotA-{l^6`p5PF$D5LiUwSxE*jz0f+r2YucQGtlLp{d(tsOL
z1MnMZz<?+XxH|IoO{xO?hZNudDZp-0fbFONlSu(KG6krMi0l@JxVBA^Ju)@Hk<N40
zm3z!l_W>07Pml9&!b)I9C0J=d52vSkzFS={jxsBZ8QEFm;{9tk$n!R79xe>6mS(Qv
zX%gmI-gB@Cp0IK+)`qH3s`01+nB-L8?mQCe#dEuu2&)sNSF<=&flzN$Bo>9b286nf
zeV>IwT?<0p%!w<NpU|tRMRYZ8@!!K<&2bRuz*wzU!-nD;r3XR~rv0SPn?s0cj{}8C
zAVRZPrLFHg9>llCwzw#Txi@mOd$T8z{MLo-{V;(EulHXlo1e3RB?azNJ)7HA&!&_K
z>8vh7tzRKPEy!x~?A!2Hl+}$OtF5zd#jhx<8}sq6qq*g?P*yh<;vYxAH^s9F>A4C#
zwp?5hLP^Ao;9*(`-fz7*@U`OX1h%seDGay<T%JH3`;Zz~)tVs07B1$HSQ5?Qm|c2|
zByQ`T@V+R|V-ByLTRuQRv8W7QN?`o8;t}~?UQv83lYlT5jSlG%6P6Lot+827a!Uqa
z7?$nTF>&Rv$TMyYpw-N8fEg=BYZoP?@ucn^O3TQ1Y(j=p`jXP_c(brcDmN+eZWGH)
z7$X;Z9)k|cALf>uE4BbtVQ76={Jj?Vdi4lpY;Tf(G(<e**<-+$Vn_B3HmL-wmDk#Q
zKhfJPey)PHR$$BFRoKe?3!8X=Pd&zq-8=^kFv8O&9R2f3;PVlaBUcs!w%lW$Q|9>(
zdKP3{Fn1`{>kvcoe{Nvd9@p9R2W+_~g|hX$zRnpY3@`eDHV!ew2*W*#m34w$^D6^X
zd`R^3;M<9H4qw3q-Ywh`1mj~Z1GxR5(>%89eq1iaZ_Rcced5d3!UJi7rzR82P56vG
zK}0fnSoM59I)8jd>7$1}hWK=<QVa-UwfyylX1oH8!C4K>v3`1(-1X(t7`eM5xqB-3
zcS!H$Ha6=~ZPVKK03-F>7*hXAJQ7Rk`WY`{wl;sQV5#9bTOCG!qcgXOB#2ETV}l|-
zQ4@)(2j7YL94P7Zd>-xee4GfUfvB{ZlulXa&>w=o5dtR6vMP`siuH%u)xW(qMaIXp
zp?^aY>EGs#^l!)dv(dk~iS_UI!<DhUr?~i=17TFwPN?G@F*JQTp*mJ{LLKiMbav|a
znW~Qc5~*Wqn4$sCIjQ5@QR>*Y9d#V{Q6hCLj*;IvZOHG{RyOV1J5764oTtT*{@Fz0
zES|G^&RdsIJ=@aHw&pjY_+01rlTOdCBXu<)(D7O5>maM9UQQx?y^f?SNvp4=0e?sO
zdTDKE^i}NnSIu%s^i0>#vtgJrwl~hhdMS?kcc+)j4+nHsKa)s54|Za?OgazCWl~4W
z<!`Io(@!FIczNlD<nA>^L+>YtvS|w)3+$YB))z+UZ?jx}wWd@0*wK8J7j=3*(>pt#
z&McQ_qkr!WRb*UfL;ngB>EHT}^zWCe&qDuZwV{7AhbUuvo3>wM(GXa@6RLQ33_X`5
zQpLrcP{l#lo}DUw*@>l+)aa>mQpMMzRPmyARPo}fcvYN|P<|h4OMV+HZ0_SaMSE40
zABrLU^9e-Rch0Ig+@DA_J2#)J&uKofs@djzI-{D2>d(*O5v=HpRzG_&<?J<BQGfw>
z7vNI_<}lgB6S=D`UvW#a5XSyrEVef}I|p9HdGMA5UNz)>&ty}YM9Sr*TiIm|_+Tb{
zIEVB=rX-|`Y1zEbNkMm0@JIO#4SpiHgCb^3i$7h}9Ad8^H5Qa`nN@Pf#LMgyFWX=f
zv!AAMWYA^R<(c-1eR%nyGI(uly}nvdNcqK^G|oE6E_;{c)P+O(pRkaA`4|CyMYu@=
z4AaWuHdYq6IYp7kX0F0Qj9P~yghrhAe!L6@b}sd}fT74e2D>=fX9}PjEjg8Nd--5Z
zsNKXu?QDsrTMg+_&up-1f><lB9Uls*<ZcS|P8ji4jwn@XqTL6hqTL7GyXcN0qK)Jb
zJMns_Bez}*<bDChhg*Wt7CfW|Ca6fj$lF2r-K&|{_J?8E^e1w^63S`>eXS}Dw%pS&
zBFk57aNM&eS`-U}un6!7Usmn(6{PUK7Zi~gm5Dr`&Y6=q^C&Zy>&U(b%}%Mea=xAS
zP0B6}nuSm;-kj<}XUiJP2Uxk~Hx*Yj%sz;Ru6HS$`CiyL;#KaF@%S4wobg%EV9yVM
zDp*<tP$AIjS=!S~%-jvex8;GkOQsKC?cl9xdHl-`-&|uJ@B6zl&Iy_9q%E{FkI{^i
zx75wM6-x+};^vC<3C4@KrQ`9VWmn922S$$<8}?@nmGL@R6&xxBdy3EXJM_o$E8)+e
zwSKw+xD@L{@luLp0>RvD73=V<FvvTfyV;TJFSqm3-5@UARQZ%jOl&o<&q?F#n|u#~
zc)BJ=MAJPTY*%U(FJ1&fDY_&R6<?A{jW%vYmBZpMzmpwj?jqTinz%RXX1q>?`J|C%
z>9%yV496T|4L%bn7>jrKQQBXq1U^{B2C+sA$d`T443gi#OBYdeyM*lH%VNPIdXcyp
zRLg(Juy8LsT(=2hX!%=UeJOv*CK;FV`Yl+o$5IcX>v!a?!%_|K&Al_wGZcRw+w-4^
z7?ed+*Est%{su+A(O&@P!uRLwrNr8DlU4l2n!Cnk*+2hrdwv6GcP7jJ;UWnCIL#VZ
zz*;#?uVWn@R%9CHB;?lOn!N|tY?o(F#s%Cn6nO=4oOh-2UW~Ka^=E9k`-QTNJl0^)
zym^7hmwm<KRr_{d&Wk(cXRses?$r*?Rv&y2J_ql^idDRh@QaI42syJ(5oo`|H`$mc
zl-2Sm(Sl^pBq*2!{bNa&ffTSNutZ!oc*9r|^zX3jhIbuz(4E4GQD*{+qwx<<^Oi==
zlSU@A!Qq>hT^#HmTMtp1XA&g0*(!}s$DHArQm{dm6P#z8jtun>dqrs0C46YLRRSMm
zRh`XpYJPrjZ6yCH?!sD%`|}mLzDB>T7R1jY4=i{EltS;vN0&OK`!WT|n61Rwt#rH8
zz8Q;9r7_j8HKJM^cV&fhNAAI5fKOeAWobOS!B)?$Fhw0T0aFN~J^WwIApxv1TZgb)
zlt(M#wkiqzz?JyW4qh#(7baYU9B1JlKQ~C3@_5xhR<1vuVt(>bYi_O0(!wxktsh_(
z0$t0yC~U5AW4v3e+>13<pMWv^o<z@eC=}`P(#mF*J#k0|!Lu9P8LVn%71wI>QKNBv
zwJ%2C0=ax<;`q{tJY}qJvHhx5JY|izHnxawv&N2&&0SQvuL<9&4lm><7iXzWTq~s3
zIYa~aIJU*EA>=MU%`?cg2UK_Y6sq3+3=h{c4_2%KTCtAGEq$5A&9>_sZMiK1SW0x7
zA6Do^PIC+Q?AA{B%1F?_GadNKMc^yf#`(&Bj&KBr7`R#=&yh9Y<zdo8@h*+4&}o(<
zoDc&fUn=>t(c3GZ(MJ5GM%lKPwzEM&!ao*E_%#aMUydUC<RRo+KG%6)nQ<|CO8G05
zDNRG(MdlS{AGG4t)aLvST-VY3)`a6A(Snt5ek4{+Y<?&lv95Dd#C1*$X^))5>~C`f
z@ndivsiabp`(oPk1Y%M-r~in^2(ofqdYrE7!o7GIP{lpK{4N#ox<Rc+PX*_#k`XL(
zMhayaLCjJ>%uKA{X0UIRKkKRKN~<93nGbQ^({xVaMsx`_!c>_{AXag<&lEa={8zbV
zqC>E!siDf~=6oade5xNd72tscQ<wUt>aF5H^xeR(De&{YpPCrR(LqW?PXJntNUhj1
zdr4dtZw5KRc-vyub&56Ei+VtVCf`@}7r_3~=E{|wNlru4KhW7{he+ulKigcDm;xBg
z_nhj&dFlK|N7SLCW?3=*zNaQxL!TXJ(#{ioY+}JeppTK!2k*rLeP9DLqDu$#nb=>U
z4<_H(u-m0i-FuPEP&|F`L_U+e;EgzxnZ@dr0#iFz3d|8OrI_Sn2X*QBI8^cYy7XH4
z?{=&;)Yke(7e+IAtgUk`IT0IZJ;eK~u*3<uCk0Qn*=qTe^I^O}J*Z`Nh=(KhS;YTX
z{bvk<G)!#u93Z=3mqx(u1bDj5E{#bexw3J#wZnaBS6D4;xo7am1GZyrlnu5`zn2U}
zU%a81x>*o=&{2Zm#j*9?5i&>YZ4+y(p8ZXH**4x+v>6Y8i8ZqMigegPVGQRU^!^{c
zm>I3Hw%nj+e+r)~V*vpt&8!+{2J^64g50y{=m!fT)|8fdT%dQor!3GgJ)9LyF;GmR
z62PTa{0au)Ii2#DIe)Dss95R1vnW>JllwzR7pvH01-Aw}w@Ncj;&G;GcFsNqH?f<5
zE`xzCb00$bQY-P8oqB3USI4eDMTF@glpUiDEzUjI%_gSe{?)t1b(cZ}N7+d_uyGvs
ztX;CO+IA!ELr*CCvBHEa2VK8kBcJ>$t`)m+xG+X#$n1oz?*?;ij?UrhV%(9V!(C#|
zzj`po@crK#bvl_(!r~T$O213~if~0&^S)khm1gNyvSeGW+&jylL&W+tY?y`(_hqmu
z7di6Nm#CkffKT6zd?vLcpGn`He4b&f`I#c0)B8rr=jPs8`81q^d=7l46Y_b+bK20B
zd?qE9&!q1_K7SS^pZ8sUcJgU|yB+zQzJ}y;^5+TVb6IG8L_Xivsq&dRMkAjyFOQW^
zTUaU&^-(|VhEJ?q-NOGoLEBNRX~Ij7nH*R$0D0=`iPzFY@>Qt@*m~WFefP_{K&|J}
zi%_fig=_F>R>C!?3s<1MmHxa-KK0&3y6Ac#ZNKj_<$eD!h2Qsnrusfz`|sP+lf6&W
zzAsw;1aS+zRIJ0Di*kGVaXf|P^cBJ4wqj&gu}XEPbc%<N$&v-4G249yyND+BarpZ8
z0mbNpiy46xcpDrH^LQD8wbWMXfRU4Vsno;|>CJhcH{iZ?ysn{2@BRtwy}etC!IKQ$
z&Q@A@bW3osLp(v}^S(47)`!6XTh8__@DUK+7IyS6O4LHTr5PdX5Vwi*X5d)xuJ>f#
zV7y94yN6lknCr}W!Aqm`-Qg=w8Zs`sC+EdNUskr2<QC(eQ3%!GD5a6b<ZMi%!@qo!
zAl_0eNVgQiZbvUDx0mw-F&XyLChHJ;8u#pN_^{;EA?yj~6y3UDdSpLdw#gy7HmBg<
zL)K8J(kj|bj<WrNG(1uwXZO4u2ZC-;iJW7y2@MT!9Y@iO%mRM_!5Lgd!N~*~b|8O?
z{QTG5;HAS@#hh*!DtmM*{X(SMEC1~hESU4P`mDR30Q>)CdZEmT0kpahXmK?!f&I&)
znyeK^^#s-P7a}9x_D60Fpn9bj0nz9*8kU^}k|jqwYHx*)qrH2DUU^uo3H-bj^II@5
z*qb+8p?GlD(*6;v22nGG)?PeXiE6R({iH|-&(n`bN$F+RT}syu5yLdPP;m$u5cm_F
zBg4u;6mruyb1NPrv=$qPdjhl;y!6^pY0vMs-uvSla|plX-X#ohDBVG@@Nt?D*mIy&
zq5Dl)5xO(sUdrmdI>fE=AMeIWwQCqs8{QKZ7&BaNU|dM4$&2?399U}xlL;?B5eijQ
zx)!N&FtcA+24?>{j{l2i(I#>y=tfd-A!69axWbw0#aR~U(XJcu`@{8AW$FZBxicKV
z`}Jx<Q{1DVw%JTwtx`{xEYTdQX7>}whz&)VcQEGyopWyuo$fu!pd<{41A%eAV0XcH
z7dwA?GugwVv}2G*9KupoH85@1U1w0VZRA96<$~)24Y;d~%8wuedS@!~{TW-YSaWVk
z9YyqRF^M}9T#>)YDm{{66>rPP{S@!Vk7U>5cT(A?fLyY-73{^xiB<zPg8w`VN_FnX
zVN{}w*WqQn4nGn&o`M(6@5N-!lXzMQ_|qFEMf!^IHEy{fT3x$_2zn4kty6+OSHXw_
zjjam)yE1}3@w*)5*0d?nS>SQ|T0>6DO*01pKaxAzOfeAoX6h&Sl4kovKANi=366T%
zIu^cgs0wg$qaY>2L<rzys>$g+%y};h1DU|jW<jhDbZc!V9+3_nDgnndvU1{{CIja^
zjuucn77;bOgp<)o887uuC}ntsi}Q{n&-bvPKNIA@{`uyCd>!Y!Ur@J4F^nu9Yz;}H
zC;Dy;iDM^v*K$i<g};SLCMnoH;&$TyZq)ATFp|yIHxwirsYC^`ArNSrrQUrvZ@HFx
zk^$O`hb3+vYN`kfNQq|sBjGJ|m&+8^gL4;{6y6oHmmiC*mZDxV3Ugk2$>_%*sPO)o
z`5kYgvFykZd<8N77qN^-Bjid3=7+b<>2Z8F^3ua}(E;WW;XErpA}ZV`Jj<hqWFsC$
z8F&;AQEU7&V!vA8Zj8yZM=y;u<=62GD^2gcqZ2-S;JU(~>Cmp%gvR~(RnkbK%{MD#
z&H9X&ZZnUOvYVaWeXeV4;$F{Qy}NJ4TJFUvYXeL~kM3`A-ZpoCr<9!yjoe=c3#<)m
z^sWIcD4)N@o?j^km!mWP84~{@GRycUT(Ad$Km`k=5~I{D<QHrFN0K}T&R|%+6*H@r
zb=)F6vuDrW2U0pC4byqhgtu%cpUq1pW=x+-Y4wO_mXCf&dj1w(+&E<^EL;ql#(k3a
zG^fn$53cmGRI*#>YB>Ld0WyIBm^j3OdZ{E0EJ;a?Sdtb@fn5{+7BYY<ALhhr@Hg(%
zSHh-Y0PiahX%wNF{Iz_@&w~NmdXTq#HsiQhwe^sv*|3sQ2qniYHLhIrT_2{(E6Yci
zJiGPRmzY$NBcW~59HTX~5eN-)4CE+yi81_=#+c5USC=ci>P`Jw9N8vUm__x8Sj7LM
z4Hhjh0ksO-W6{zGi_8%gaUQyS8O^4_$fhjDCe3=1fM0UAFuz`V>zw#?`#JFID%yX+
zjHMEj^?KNX1Anyqitvh-nZ)|VBf}P8(2#G7X*S;i#<3FQSQBzAgO-22yXTapLMQn3
z^55Fv*Q&0>uQ`lg&Hh74p1o(pCd91D-Nak!BK!&wzrZa#l!SczcKpie5$4z7Kb!-<
zLcp((*oyq>DbkQaRSLhh@mmk@mKxw!(^eUzOyO6(rIqpPa984&&}n`}*Zbt939!GJ
zA%pu_-W{`O3<DTbtGm#0SILeZMAB}c1Z}7Q%fN=>RA9bBQs_saXdzOxFQaIC^sKue
zBLBbdBt4tLB|<^`XPtxi+mM`NdZ7O{(<DVq)dvyb-G}Iw=sf4wA_B5?*@loq-vqyd
zC3?sh`Z()TpaVN+tBE(I@V;3xzc7TmRJVRL?-{!4%n;b1b(8oebO}nEf?fXw&xGnZ
zKi}kCyWq=GjB=#Nx32Dn<$Fx4<NO&`8|@@A5Ub_lU*P{(_#h-bW(;k}0>5{G*(x3x
zB^eue%O<Yk334AQT~~;HSpM9X@}ghG*GlCrn_XQH>+=Nub2~WXuxX)HvLs@8`S(>i
z@Qr)(tH7&;u9xZEDHwk^8O(I}$RXMVJJnO~k|Y7^t>QKqK|M6fVO3)>%65tMG_2aA
z&7(x)u~4@m52b-5)5@;|%V7^f&H<I4{qRljl(3O|2S}i$y8IJ-6pL*YZPvMKL3+fo
zX)r_gk>L9Y?%xB2Y(Npg)2er0SzD5Z?5-^_vQz;BIvYeFwDLD~NxEPj4w@&|4*n{Z
z8?9oa;6G@<c8`F!ByYf04>N?!8UIOTsZWsA5;K?2`}bywl`6UPoA`f4D7J^s-^5Gh
zW?o;fe2IMcT>Bv(=3@%XrM*c==HL}<E0<50+kJxT!IdvF<BIf98mItO7sbP%p8w#^
zqqZj6-a33kG1VGO*V?aYe#kULv8DU_%*o4^(F&WG6?XL}i@Qw-ttTZsfNy>g^>8)U
zm+57*+y(f8&-?{84rr^n<yK{hcj)Wc+FXu;xQ!?(^{mH8<MkLYS}BN|@<ST^uXRe$
zRVC_wDCM!&dGP{XOsfz6Mv>22J==DrMXA0A#2_7QN?CMt>H<X6Gr5OpLPRbE%}YDU
zlyRb&=RWlFp887OQ(43<A3GI<r~F3fZ90t7FNl2{Vv#@Y&i&lDtM=KSr0Q@^mjGL*
z`}Z1<T@wTAVf$4wRj|~!jluN%%F(`_je@VJmd~Y7Y<`10K7bsYGaV$d_@BkdGj4dz
z;*zPsXO#0&-16H@;JoBluGZXdJ9~Yf+i86t5Be^RGM%HYcmH#{x;|j&S?K!a*E_H4
ziQ}PXq3_1(&glEjH4%MZB!B1n-dB#+_iGM*U;6&LH=^~u*Xz;x4%!V8bG<dJ?y<Ul
z6Y6>u)AgwM$^WRn7i@~x_o@3k)c5=LccAamZ6?(90a5aN_WC}*)B1iJ2Hcp!^XH=R
zmo95p<BKe3q4B$Zc{Z#26W>PPd-^-0??);l`u^O$?_A#p?u*v<o4)?O^!*>diq`k5
zewj$$`F0fkMpSses__5w`fghvukW+=bg1v{Jss#fuPA){`c*23>*>5>i!?I4`&b#-
zeH;J{6JQ6E&#Fc>%l=;~`;P+{OmQ2np$%5#i5>RU{p%4j)kKi&de@cKhHAZgs6GF1
z@XnZgxKnyqhfTl6gQyP60@-~SvAl0o-tpn?^&#Nh7s0D|?+)0S^||s|9naaf5_$*7
z>?x<XTQ>cc70tsF+_FtP-sb5}wVtc0yYbfT5!^<BbsNd7TR}Z<+2*=~_cpk4Fk%ZE
za$c;D&gbiZ!)V_s(Y{r>2atXH5p8Sn+!~rK8FNz_qg7B(U>a93vn4MsI18I~?Mr84
zvtrHz+hBr%r=?9}mCuaT{U3lC8pyOO#!m5~F`L<{;U7e7)q!2#nXUR<$842nSG28?
zb}F`NG+2f-adev1Qa$rF*y?9HeA#}RcsREj&r17-Hj{<Y<WFS8k`Y39iOqHOXsO^E
zWN!+w*R>lN<J!xIHYkQD;}v*%i)sz-jI#y>*=|eN7=Rr(+@2k{Az}x5)9JlvK~>5X
zYYUSPt&24Sjq;;ksb-)$YzB^i8K{YvfuDYb#3=_e&=NKS)o2EMQTk3HnA&R6^i?W{
zg4e|4n?UWB6BG8xOI}2?+`v`*3{_YBhLR$9R|RadUKSb;QiS5CEJATee*Go15cqq{
zevHLquE%)HuXu4|{+71lG2BygDBA~I6|?Juo~1&qF`MizeAO82z!X;B%M^7Sp8O9m
zW>TrVTCsmxyj<N23Gs5(QeTgzDy6>AL<Ih3jIRgHV=g9-z|6o|+Q9pdAkO@>ysqI&
z4T4mPHJ(OE8COtFag0=SjbPb@>6;woEE1Rq_jEc;XqQ~N7|{5hsFjxrzL^Xve%L=j
z=Xyr)-`)FBAf|qqs#77~ui=%de#hmk(|vTe!22*qlB1L|cCa!BnRx6;DGV*)J%o%D
ze&K1XtmNu$ZLFpQep!BHaJo|9mQFR&LG<Y+D^*|nsX>thw?V15gd_RYiX<HYr{*aq
zA>nC3%t(nDg7OO2Ye?|CNSe!7#jV;ziBi98#(FyXP4LAAG~H+YC!MWL6MT;(Aw1PA
z22bV2LCm@yQ&38$oc9+xR_+?l5_mV$$fBz+2CxVj&#koUh1x0won})CC%PCUkQ?E7
zw)Nn|dF=amgy-4Pi_hA`iRH>q8tk?$8GP0@Zt=b7Q~Bm~;j`+6tQvJN73CO>)94cp
z45;qzW3#xj3%O^%#QSjY(YBypU=x030Na`J*nhT$*rXM%0rBv_#GeRw%b?;E%`tKI
z&!loZiB-?;O<WeaH!&P9Bp%1xM2J4?T5Sprj=*2-5(Dz(PdCTCM7<j{Cvra<j~Z7w
zEf(%cJwp=j18ks-FQvMc+jU}%{{ZFvj$_{MHg>#1+$ML|D~ak1%BojuWPn~9$it?-
zc}ZHD-HhNuTiG8Bbm9U&7z1xG=(q6*{nmUXuw(WZ{EE<T&HaD}v+ej5q2HSG@vmTZ
z$0PJxb0Pk*0Q%?(zob6Vtao1*Hx4^{OLA~O{F@To1^=3YU%<bq!L1crX5E9{<vM~J
z3a+M#!de`myh!%ADdr4*q^twgyvlJ<^XQT>b(bkP>20={Qr#L7JO^6A-V$QE6t0sq
z?ekPRyQ7r-^0r&Q{=aUomi#S|z53^83GLOR4gYm}b>zM8&R!+8ZLbEkZ?9qszy>}{
zY_8lf=4yVtxpK8>uF4XdD;G0Y=U}hi{2SV<r1NI4Y@*8(XRq$^G{?Opk-f5s1&hwf
zUfp>{*QUKn>YTm$qiU~y^BvhM8i(zBv{&gDcVw@YSGHxZKG=G0_Uc5Oy&5h}3)?I3
z!~3x_TT=Ewr{x<$0o2$lw_TbWYpO1$s$OWXGS#A^^3HdXu%w(?E0g`*y&Lx*hOKC{
zCL`RSv45lt=?BO9z#cZcKS9Ms8?79?)3)$n#Ax+5@(WwqG+NR2>NPrS3Z0PA`mNSz
zS>8dTRZT{V>{WkbqPKTwv~psN)<Nq(2`jOW_I{}EF0x-QG5a+H;h=B8vw30j^@`Sf
zZ6Wg&1rzNo3kCkoELcg51$&N}r*hST{gQnjtFd4|Q+|rKU{8<*D`yt0Hmr<~k_Ag-
zzviO-I!*R#F4?c6WWT7&a*q7<J7~WQarSFn4AAL3GGK%lTo2ak8mcjLpb6-rf<n6Q
z5V!ED+j!9(282Wu1!l*TcD^6$@nF;!@}Hk<j(aUHxpmklyi4336E7kB##-CrqGYEf
zpL<fLk3NBSYb!f}7iHcGTh$YI^Bbeg+iI;@q5G5<kXb2D(o(c9nzz5RKNtc&_Q4pa
zVCHRXw0RpFZQjO4nYXb~=B*se+t_&XM&r1Ky@kwMIhnU|GH>N=n77O}%v*h8^R`nl
zZ<&dVm!+r1yd`Y$*}uc)Ev%#7NnsoJ`G!<lI}{r?;Y=u$C||_tl{pbjW}_f(LUUCr
z_>W>WLq}0pEP(_zZc?U6U}suWd8z-!VCeb^mLu*5?9w!&8Sf&83z0rb((K4CaHu{I
zRw8wAYTa~M|HmYyX!=bXFqUGxoP4h%xKls*pFU_?oKnH%O3hB_!v-%du!$eDihU!c
z{zapuo&)%W&1A!_w>J8j1;A-=E2{I?(vdmt1wYoIjw^DrHw6_*soJ|qrwkUYHm@D=
z4z6OAPE*2n^jk@UA}oTp2rmy04mrfr2-R^^;KAS$Fm^>IE7g(H?*VJ)pCV4no{0AD
z9(>nSghZLn3Nm5MGG2Tk8v_HJ*_J(#Gdr@Ua^`W_v$zY!flNj2;@8S0@QU~{JZd>h
zPoz9=AUj->cOwRIVeE<^U@`LVlmE-Y{9hl(|3lw7|KCVEH~#<OhrxeC>N)U#-4BZY
zzYp_&T^#@A@0|Zt7o8jbfA_=S|LX4N!2i1T_}?Br$_@3(LXBkx+QLVfW6y7hAcw#|
z<1?ejjn}=psQ@WQbqN7d+zcRPvqJ7kJC){@y7mB47Bhg9j^2(4DTth{K}dNB5mKgf
z79pkG7vR};#OpZ=h?J!X@KO4AfRADpBzL-18lQ>yC|`C{@KNw$hKi5U4{vPXadc>D
z8cP1Am0ML~votMO<v(K9*W;&~gMVZBO~gz2$A5GY06PUQC8`70D)3C@F~4mMp%Xe2
zB*!V;mjk|Zo8Tz~$eI8=WvCWB#VO8RV<JI}22bfVGY&jO@t+m^6f6)GFq|!Zihv+c
z^@7;KL>xiNXMq&ep`>5JBz^Q@g%U1;QNbHQX)sljT|B4)sQe@hQ{aHnqyuwjObXz&
z2@Nz^qYb7>&}5_BDp~>crQnnGW;2^<is7$a{3!xl@M6X~=$G?g(E<i?LF#xp!?#Ed
zDudjpcB|ka5S*&G)$_HUZ`{G>e`K$y<T=}RLFy5KB%8?~$>uANWDgP~nKcHI%ter7
zN7xNn&mMyyPTF9?5iR;Dp@PA@kt&Yd-C=x{2N|@=%@n{oD!;Lv9l;oA)$g+9w(w;i
z5wwa*Nd~Q=89Vpv-&B;9+-Q`QB0^a)5l9L}-RH+btQfO9f>?Pc{B+<leKe;S`pBE*
z%^@0%LzFe_v1<9z#12Ml_|a3re+;m>-p5#cwp=))Fkwm*6WpG7`Zvv3q=Kx}wgs}H
zof#9s+8N5+;)HK$=jQiw`Mk{Up3cq>#Uu)3Wp5nFN}}^GZLeSM!1uI%z53bztzYe}
zUm0D_%ldV4f2Y>3C9g%VUuTW{RUD7}H7suN;vbG#ytMHjE&kVcv3^Mh6iPhO=K3{B
zAHm~P)~`DPhud1e9-pS7$(+UdC1yNL%h!^yIZ4Jb_Fbyrf9+ESxh}GP;TsU{l<Z35
z4zenpTDnHWEM2o>mM*I}X$f1pX0)|*JsiDs9o*XarHesX{<9NH7sbgJ=;8swI$pj0
z6zSmdgsa!54<=l_!uFl`(ZnvHX!y}f;m7j5Y{K_YA7{e_)wDklZQ2*d)4yrPljpE>
zoq3>*rAx8@otxjbJ>PbI_jGoComjfsypKCoy_DG-*Iyx26YS06qzZqyirr*eYjFMg
zHR`W4$7B;*Y`G`JaoIgBhqxs*B!82#3!Ro$&T}^*GuUCv?lcoN4SY!FsYsD@XO2~J
zW@1i)TU8g1zk@~5*Wrm!JGbIKU9hhPV0K)#8H|GbU<hwIL+8g(-N6vqVXe)9!K$I{
zn{Ae9*=Y-^@qeZTBZ419;ZLAtIU?J4D-+__gaq+Z<#897#-l6*zWXI+t#Kc%N!g92
z(q83hgt!Mr8Z30K67{xw4_mnxt10Sj$1+IZ*j!IR?`Z~8V1&j}D=k^2q5@p0-+KhX
zX|AV0_h>9sR3KJOSt^btYrVLCav%lqRk8ASA(CBXfit%i+V;$qJxvITi|}mV0L&eX
zUB14NiQRRAxW=YGiC~Gj0m8&x6Xx80r+5J2N-P2HSzfgwi|DrgH+&iN?DQ2G@h<&+
z#LGK@mv%a{3yYVX-QowGcS;ZENIY^gom=&hxZQsUS!vd<1Gz}!R^$Y)4xhK2i<xAs
z);BIY9ZOKY(t`Xv!+DH);%7m&y`o{(H9~03!WQD^FwC!-k)N<KE+~oR=Rup;AiLFV
z`Um6{t$~G#J?*Np(XD>@qMtKn()p=K{=&*CwOJ*%mY@B?{A?glKIG?k;-|o}81}`k
zE~bDzilNk$F_fZ8duSPEsSA7!p8dtzQ_=ZkN?-tk3z7p3tylwoAA$lO6gb-&Fi%r8
z=E)%*QY`l<wAaO8xl`x^;sN(J3ZCj>p=^VKhhEHE{G6|d;PoCi@zQX{Gx)%G#!C<8
zNW(J`771LNT5yH@0W(@Wy&rYZ#;v#_n1%jL6u-nT<lt#!*AdQxPzzRW`Q;TmW?iDu
zzC6n$U{)Rco3>z3uoCUZPI=px3VU8B_SEp=R#n|L;km+A+4Tal$F($34LuEG)bx^f
z2lwJ?V#{zv&4?|FCjnRP(r|^^DLlb)V9sf%WJ)?oWeH=!;*4avnTftF2GktVEP^^N
z#tZofb$kjLbA+Id?`=(3?<$8^@U~i`AX2SZ>kfURN4`?X@I37Tfan5k@lINEtHJj?
zWwRWfKY`rr?dY3gP!QF3DhjkT0^IyH=rIJ)W4O=inGb62r1K*mv3A9F{eD~SVTQb~
z>Dh94!5<xECk1^?7=#47f0SHRKLR*!z**ty5rg%BZhbm)>&;=e9(Drg)q}*9t>M8q
zI0#b!d+f`4<i*{%ROMC)h6$$pN{1zYOHc4khQHcGPCD9Mjqfgg1R5)djSPh}cxNnB
zXSIR{Yb5)<jt7@x5x5*YTApNt&%{*|?3)q6V59xPF$}P?zlj!TF?xT=vGw^zB~~!4
zVu!1T7W2Mr3n6}m(P8m52oGzQMnvFYZ;3_mtXAP+7czKQr<m+H2sUHdFdD=nv_T5B
zqYr2n$KgpKUZ+hw?Af2<Y0*M<YJq4LPs4mBtgcS+C<e^g=_MDQ2H-JJK1%ADKT1lw
ziMMR#Djo*HV^FxT>s1IuH5B)SoOd6t8!dXyJHUW871%veDkvN!W#lX8is&?fdk8N*
zVk&N^hK7Gf&?yvbL<IL92Fq&*N2!m>zgt2FiFh$*w3u-dLB>0Lb5umo%i6>P{ddxL
zg$MeFq)y|3PW?hr(>IbjzymcA-lhB#Egq;T2Jcd-FzwKpQTD^>iK&GAM?g44!4RV9
z<Pn~hi{pKdvK+;oKFm?@;zs%TzozPN@lPKm8m~ti0k5LOZjQ`v>Vx}GVDa^g(&(zj
z@wg%bjFzXR3+ElB?<9|tl45w=HA%x`|1)jym`-|KtlTI00pgi1R%0R^;+Zo3Hr=Vk
zGmYi12G2A<8qd_+KEj%cXBvmFrk0;>1H?&=0dWfF=FN#vs)oGU8d9?|&$M7xW`8SU
zxM=z6wS{x_{ojo`k2LH|8&5Q}s82M%6ZJ%WOQ=o!RG#qh8VMh-zltw)QpYfS@(}R{
z<-b_)6@ZalF{P_b+`n)?N-(o%({v^h+pt;7$Q>gU3=}LoQF1dCh&(J0%B`p#ibp{>
z?|+PV=7mm5+N1%arTznyGe_={aPsZuF6?YkI%V5Nz_*p@O8D$6k<J#WcR41SM~nRj
zI9RzJd_clL)`~Tx$KJJE#jA1nd>3%ur|?GwpKpBrT392v7yZF83gnMN+!C0N$#gvP
zA=&iih>iHv5FS{F4n=Vlh~LNirZeksGmI{<1%8o6g@%B)<h=|&Yp!BVjYZ=t1k)RH
z-^e!~@%Z|4-f9E+bA2mzaEm7p9AB+dYz0@D!SOvDhU0S<!!EAS0nR1D7%OM4Qec-y
zV0=HO^Fa)Z??Q(-Pe%ZN5qpn#d~-La@G2f3!SQ{KaD0y3dKHc@*CBoejtYVyoswtQ
zFrN`eahk#LrPE2Sp~3r>I>Zpe<1@T~=zBMZ@%TdW9uNIO2h;Y-SANt-=hPoiA9nZS
z36GCg@%Z>?Jic#UXLx+?>J&Uar)3cL<bfo1ya=d9$BU{MAYV#+ePgz7zI>~S<|oz$
zUWA`<yx<Q{*{X}+@gbzxRt1lb5!<Uk@5uumN{T%H9O3*aczpYMgz@+ad4|V_aD0Dm
zWoLEFXMx98{KLlMJG6k|@ogE#@c1&rrY`mvQYq}$8Qp)s8Ewh|m2^zN_tD<t8z7+*
znp|XNAdiIkg~zSm+roUnU!ttRKAceb#^H&{Js7n~m-YD}+Ce@>Q9M;7w(7JZ0WY2X
zvp9)ZjENPe*a-TP6d(|=$cf5`ZhN!Q*ow9CvbR#{9%bfe(Kvub-Eky^^4)cGD&ZEX
zKx2c#wyvV*X?#m73~Oew3Io^P8kEVvK@*TN@ft+#MrPu3WGvSowxZtmn_+!GD=Kea
zmZ~wKwZ*iN2>iX7;Y-E(yPpW+N$vXJE@dF8ur}Da6?08-M_qX-qaVXnXG;Mg!MO^o
zk`Y?;Pgblw=RJdO{T*ch(Cp&k8@uj?&+nVVhhi_MU=^?k(Qb2GSA|dVuknCmc6peO
znnvy&xF_592X?04EQrQ|ku&|T)!^~if`J54PGD^|++fFy*8L-bPF037k*!ig$zgOT
ztCTHCvr66MiCLu-j8y0_{2s#6Gg&1*9o0%I@T*607lz0lc5#R&f;Z#0ICwuC0=(3n
z6@m5x%?VzJ{B!z#s;nQ^>)Gu%*yld=GQl@m5e*M^T9*o;YCOJ!2#$jS0gO9p;y37#
zP1vA|l)u5NtE@G*gu*$P!mx=)5<oZ>WZQv!8CF>NGpxCvA&etDNEofeVDSri&Qip2
zgkS9jXlWO*xo2*6sm@&nL$rxa{-(aRtR_Trw4t#uW+R^CNWydcWmva=O6L9|23c#5
z@hqFd_I|*}%!Zf{_HMswi^I@;vA)^s&tWX3AbaKwok49hvz3fG3KX}n`rWa(_n9j0
zJ=4*`L^`U-koSWYRY!09T_PP_-V$>@r;x{eI;rUA46e~V){5~P^4@|}Fd|*6p*%aM
zm6od<Mn?_ZKt7!7CXo5`C=JDHsDYQGHB|f}R!OaKmuxui-HK}DV6>6!DHu=KMR{tN
zvi5m`?V=iG=Wm&5#Z&78lwDK~nKe0SHL2zRvYPNqTFe05cPJ4wdUdgB8NB#7=D6sc
zAiJmZVU?_<7@Pe10@BMV+|kMt+yWf~KNamX{2Wxz$h$y0)3w^Ua4#z7!sdu>4u>yo
zs^(SEs@Z!=#J~G#lFic0F48FKDZc<J0kVP!n5a60fk`0epeGCkQ`MfKKGNh9R&GA1
z5aM8dbW4tIij~_2Ur|d-t+ntEy$RIDX|puBc@*h*<(ZjSdF}|qp&nbSQ64^|IdmLe
z?X}8t@3XPW)9!vNqC9zlWs347T;S5%P#(60dXctJyWw+~@!phHRgaGRCN+xTswQ;{
z#|u$RccV7Qs0Q_@I_Qlh!+&G+LT#mTrr)2!iG+d2t(=dy0cv~9p6h@n1}FTjmm_QK
z>~j2S#IG5Stc|lC1Yz&OXPp8!Z(Q~PoUx1~smBR7@m~LM?nPrC9z27~fmn8=lQpZ#
z3X~eHP--+%3e-zEIBvA1rlr8feKnTj3%&*a8iK!ue~rOc@Woy5#aH4uZpW|5__ZI5
zWA<45nu1^R@vlxBB7EZ4Lj3DU_&OpLV?Nd=n)F=7XpFa3RL&~2HdKN-6(Q5P_d_>R
z=|2n|1ajGjlt3o?U<&kMA5sH76cN!(G~o2LM&F-lgWf&hzY!XGSEkIKuc7rUEv@Tj
zKN3yrDU8-lS#{hBM;x(5BX`bpew*n0TcY!?v~;d(m(Fz^(fO8WIv0oOe4|R|>r^^t
zt8~6prSpXe=)7NQ4YeoF@$}`yC!*!~@n{-98cpM=3XS>1MCQK@mH$LkeuJp|>UpHH
zGn&f7!c;C$seG+U<ttPwU#wEuoPf#;o{pC0v!nOYD0*|^lRCPxq@nq|Xqvm)m20b5
zW!-$pvs>Tzxh;Rwx1s;*ME{=?{g<9c`dg#vKPXK99F_ikRr>c<>EB(YzcB&*LyP~9
z{@*A47d-WC=>Jj-{e7|YXC^6{2amOHcLcFYASUpQpF8q5eJeBcDzV{tVuSBIvSC;>
z8wQ5iaFxo243!NRsch(~vO%AK4NczGFkbEd(f_|s|5+8Sp#=BkI;h8)v`Y6K*W=VV
z&sROp<sayN81*<G{<H3XvmU2w^tY+UdE>uzKfHRJzZrGj>TynZzoYqmFZDRv)!*U&
z{;u`6SU6w$+wjjHi2lC4?0-~$|332D=<m!GKS2H6Gvd7I@6VV2@9FQN6^c#_Q}vhW
z?GbA(LhW%&t|Kv{V+9l)1wk(j_@k8<19s!GP2xJ6xQ87`erPBvEhT>_JHXB&l&j~F
zZDJV^v_b6oS5()BHS|o^&~wB;)DtdDU)z!y-%s>mx+;YoiJZT%i3j-9W4zc6=qZl-
zH)-kfO1$n7RZEZ2tt=|wIF!z0hUD(QQ%<DX^#^RZC)rUoXP7RepC=t+h|z_6_Mob$
zmn2fuQ#zG`fkhoCDjkZ9Q&b<NU(YCg^w7u9UJyS~h54HyD9n4YGO~u`3cd~_cYXOZ
zM(%EO^m~ei-rN4hrY*EhYtS7c^_&<|{|ZlfM^U<d#><^o%&-8lX<Ro%k)EiDX!WsE
z^GWXfe5QAHK2Ed~v6@&P(ZqDr#Iw-9q`!YB`WLjE2mP!0>-VI8zTf<h>YuCd+vwkf
zzx+V-@9mq;i~c?N?hjx87X3w$@tfPwzX7CwdaeH58mQ_>|K=2SM*n!R=P``}#`>!x
z-ciQ(=6TRR7~$zoD`48MI;()}PV#|HD4_m4D4@P01vK20NC6djW#kSEY@GkLP1#nD
z>R4Xqwj-|!rN4~=7TuUo0b}&9qxmFvem;+OdOn>|z_VHZ-u_PX?{vX=(7&2LeqZ|c
z%q#z+`sca+Tj<|}w|*%4_raj^p?^;<`{C=~qPG+o7uwLj!bJY(`VRH)(8kXDpR?N9
z|NTK1xvs9g@6xd<-W@~FC5c?o#huW^q?gXl75%akF&lCtpE@T^d@afqy{H{coE_L0
zr-@S%`frc5<-gS^+u(7XqP;5055<uF`2?<<@0>OB4S8b%&FtKK8h(2&^NDp$+ni5l
zG&2z%N4xsD_jlike%^8LJm}}|-~9gd^WNwGNA>fI{oh(YuYTi)r=Lmt&s{$!{N{g8
zKZn1e=)jmZ^mAw;|8;Xm`g!fuXXC%lP3*rW|5_Q_d-QgMBLb@OjobN7>F6CXgnc@p
zJ6q8SCH?T(vvX%Z>x7b$E9yBXC4D=}o$cF>lKwWky?Bo5|IKO3|5J9+w|AQMs!UId
zA^o$7+(Gf2mGt8)I~CvQXnwzc?Of;glTOdCBc(N+WxVIPUwtR~I_HY>psy2N{ekFf
z_h<e`_4S*~Z=<i<UipFQ>t&heMPD0!@q^UYw(;opzoLs=xM>TI?s0p5gCIHSQf_7h
zxh)EgE=`4_L;S7;aC9yPN4JsmZkOC$RGP2UwFgHhGB~;pUXHLXtlD`PjqX82qr0!O
zXmo;P&!n3g3HnDcx`8<A&V$iK-)9Ts(WPne=&p;$qcaJT8?P>mPe%+5X?ZIHr2AAC
z0i?Sa0qG>r=T&t!%c=Q!!8%PnGQ^*AzogLhHTsS4=fdq5yyBP5dOtq7)G6JUdDf_N
zgX2->ZV$zx&fU9xV=QE<Ee3B6&z7GJ-dx-Ad)3R|kNi5H{Qq2j3)+<574~#)<tBaA
z=0hmPYyPH)@dk|;Ul=XMxk3L@7612z|FZnv6DPlKeAc1-UVE1EJBz@8&LoiE`(9M$
zJ0J<=*NM0iHt|I6YRgyLlB}c%KH}u;9K4F?c@LecY1u~J_e}O*NYZn8=~fdiW|{E8
zj32=Fcp#HoE~JZT*}TtbLeVn?Z`Hus9R=1fx9acPHiiIqK#0FFEeKL!ypB!WZHmFq
znTH2-Y-0A)G!8730qo4QSL~a05l-mZXnBC?fpaA9e@^2Jf*ZkJB{^ZKT6N4HFbid$
z@VUo9Cd<cwlISAXcW#D#H%~!We4N1V28W^%7Vi%s!eT2S;EmV8`f3*^`%Hx4AvulQ
zietRxc==#li~WHvgxMjbE#cnW%rXQDoLtXr@G(K-<%|E?8dAyKL?_e5b^b$Uf55PC
z&zZh34+D@9Rdic<rBw7+Uf*EPue4bXTDjLN9pJNhYLeiadly|=!jd>S#7<bQjgH)U
zF_8NO7!qy?9?Qd<r{E11(P_1Va%drQ8~VdAZ2A+qUlBH2ttt(++|w{3%U3GM<B1l<
z8Jw@!s<LXQuONl@y`YH1D6%%wIdc+c9%bfo9ohGw-6-`|&bRZvN!g`Avk<C9JJtmO
z-Ykvf17O{`skowH_CczD{4+M5Uf4N8eeROK)KSA3p9Kx}{175wwF=<AfC9|YS`OxU
z4kjxFb|_gfS8L&|X?ciG2G)xA{aqR7giI9I>DbOZMl(*{QaA5bhtCBA?W6ejFkZY)
zJsv+=cEyZ$!P2PlV#EHdp)y{gB!YP5IY96c#OoNsUF{+euR<2jpD>n}QX~@y=4Pu{
zX9ZJ(c*MDz9l8E;J1^axiC{H~e8S?ujEsFw8fV``*o^4(g>e}l1vfIa3M+Q)F^Db+
zjKp1cu9ixTHf}|g!{RT$3)}h+b&+gKP28JxGhWAfoDONEnOlBaI+})K4zUIw3V7aW
z4Fl2uBdlTrVbPq~vJphTK`ruCLII$c#ezljCUG<9mj94p;a(D4{U-4AP5E2E*DwFM
zO)@U!^;_)uYps@gkX^q6Rs>H~5`1&-q?73XkGyYzkD|I7pGgAQJY+UJgGLFuN+Ldp
zf@KLvmTX`KW=RyPSYNb3#5ck&1bGD9q%s{=vBlO}+ghvD*4Ao2jYtKv33(!qfFgp*
zOJLR!2`C}FGXHbVo!RW>Mewuz{{6oGewEG4oqNwcuY2yf=bqE<K0ec5XF=X?z?^)f
zzy^?nH)(%dX-fDM)K-A}z)M73OcAJjmRaR;el0wCV}vGq(2*fJcL;t~CC%%I^Qfa8
zbhq2g3`r$@WlWCxAg*ZdV3x?ht)${?!ny{&zTr#I;BEEUQKrwnXy~p!^I7_gpt-7h
z`mEoR=4|hY)MqYLI8S{xrwe`7)R8`Osrg+gw4b+EXw{nd*H(qr80z=k6<U_Ts^3NC
zTLj`{AdTHHW}HQIF>?n{f-=(yPwpl~hf%rNW<J{ii<z7b1v%wEb7g)l7FL3uW31xN
zJPTS5*u_$F+buQs1XFXM6j9BwvLC45C}ph+i&I4FxSN=cON+8ky3%)JS9~A(PO!&X
z>JD>`1ZK2qye>7}Elks0JhKhFmcH{i54C~!DYZj=2MtYl5u*|6PUJtKWRj%roaX-U
zzpd}4N9envbLhK!I@NdY<focK9i{eG{JBH5*JIOnRC`Z#t@e_QuIlYg1G5+OpBQ-F
zf%|OBj>E*b0^V8wTKlca^7niMJAF}|WCPTaWvV6&on#L@YF~EpXe`IQOZ8Yho17uR
zv+>n9A@5e(I)>Ky$#P+ZTv+GfgVM5-08H___#a7->ztc}6}MVdI%nVyFty!Evm0!R
zIES-Jc=9=5>h~?>YNwpIS28mZn4rYm5Q#RH@Ie(xyJpDhbg&V{RQT->$};raNGtdg
z?fDNj8`NiX0`Z7^rFWS2@Kuk~h_7+2S$J=zD&mKQpO@#A9xi&gq}(^VGg}?a^dF&_
zzO>a$|D*Crq?!I;iA{gr%-8$Oa#R1_9%JR}B`CwAE%^BxJj)-7xz#YMgF4mWz<j}@
zUTI-73dsgbzimfMqBq5p*`jDe;~bPaccrDagcVJcAn%BFcab^j0n+;GVJ>dIF|&%L
z&<)dL52nyXl9(r9bI@rQOZjurK%?xrk5l@rNTPs^Zqft<qR65N7y=m#+CQ~=^ul&k
zJX18FT^w<efBmr5e6PbO-|M)TE=QSVjglH3Wjgu%EDkV$1D>l7bHD(`0Qph$zq^(E
z-wOV}F!EpJFzLU(mHzhw{U4M}fk5)-GwRQ8C4Olu@&9BJe*mNX6E^+#Xpc~SU!XtR
zcYCwRkJ^^@za-kPqI&VPIGU-V$G&WlzQ72l);)-+b@fzh(%N6@HXBs1?)fvA0<g`V
zxD_{8op4EA7&n%E;fb~{T*{r+b`gdW{I4+l+=$!X0uqn21hi2!3(#|a$C-%3_*vE-
zKR@Ky9=6n`|Bi&CMJp-|BL@WIV-q>%I18R7<oq%cIpk=%^d$>9Q;cxdTf3F@c34!_
z+k>=%>}~0|UXu)leWZRwGb)+wa~J;<x3`jdqohs-28?%`+R-(1awqE1)l}YALDtKK
z4IaK;T6QW@LDr*!oM5?cu%<wVULfJgrOd^`&O^`T54y_guovH<KWGl~2Q`}hpfO&v
z`R?z@AN1EKe^3a^Ykgndpqsk#2I+&dnh^EK>u5u+s>Va~M#^vU66K|C>d0Z#k-unQ
zgujRwOdlKVX&G7F;TqG<-$MSQ4Q>2KtfI#?ZT+8*n{;?C>_4IrDB+CT*=)+(6p*<e
zcI85{yhlQbL^ir9eM0FBw4&R2k$wbENxWX`%n$b73zn2!b57?`yZzU>?T?H7|I6%;
zwDsSY{jucxv_JYSJ%{~K+^PMs=6B!O{@DG<|3UlX!iw+5{#f#T+8_OvbYXuKcV>UQ
z|9m&>k1K=Sw?A6Szc>41$@gb}G%xDH{wVIu{&?{>{|5Wx?Bf63_Q%=>{+HSxeb@c#
z?2pxJzjyoN_=4`(A4~rI_Q&XF&(HoKbOJJEoWmxVhNv8slrv&>lHk`!#!|$9i!a%_
zU<77ZkEp9&lpy+pF``ndUnDA<mF?Q#$4s1jM18X{{HKz<lS;Rmh432ud*l5l<5+b%
zbZ8xdDa*=95Bi-y(Tv}oH8AJ}ncy)1Kcpf%M&Vzbgjo!gDbq^pmdrMC@1QP#&ZlIA
zdxy5@cV~@ngeAF@yHGHOa5IJNxzp4s1vR;pwGj2zNEl<a37k-p0t4wo(8aVVv)VZ~
z&3lbH<qnj!H}9hmoTdt1C^_B|UBLk`S!vWOQwsFMAhCAnRTT1qrA?wRIjHZ9I3EN9
zO$-!i;xYsCa{Ks7(LZMF^lXmvC8=UFPNkq(PedJKGzvknxwNkM(*iNzb;N58S0r&b
zUS;I`rwC;|GB#v$zymS2SBil#7r`Ie_Q?qxOzdmzYLdAzJ>lW)p*QkbruM*?rg~`f
zWBPNq_HK_pTsS_qASz>ckG0TH42&qFf5wajsI;Hmj9vD4Z9P1ysj!#+9TT26m;4>$
zs%EYfhf2+&dNZiyM0EW*gTBMnJ(j@d{4_dW#`!y&=Ol}mI^5YjH#V!hQdDyqE6wws
zDWdX?sLsp5cFInpAVXAgb8fE;!)NlRSu7eFQ_bfaKoMan<3npK4Q*(>_wfkXDE05a
zw48&N1C;TY@~Bci$Qh0tQ?)I3J0@1U9g{eGQ-CLPJ@#XEXt!e;qJFv<n2MFn4ryQS
z<v9@7<kC9f_Z6568pEzifSXG>cJMG=3iK7Sn*1k0N@QE3D2%Iz|2N7)ZZj%gJ0(b_
zQG~Kw8;&cfJ+XT`C9Q3t38Q})fQ81@TJoDbHx%J`R^(&psdir#A6a=BSublV08zS-
z>`Uldf04+HjYnf+Ao7Q?eVBaTf(vIVsLH^Il^Gcv`k-wv_L?c6HMJM>KQP2Vzn9^~
zx{JxMKcW5X;TR74vcc-`@Z7@&{np}UnNPJ-_r^rz^F_M(_ng5@>i!~)6IPX1M(fLS
zz4wo$hn@XBMOHQ_TP4+%Gt<AQe<J5ila!Mpzg<N1ZNj+0prn+e@_6w%R35}Uk@gYr
z5A;!~G|KAmcvn+3?;8su^jS?dpkl-(_~%vLJ3&%!P;b#hHC9&V=E#|ia^Wf2*}P~F
z;$!E7m`EN*TbOe@Az$(zYyk_{rq_v>3-_p&x`xN4TmMwM3rsrwA5r7q0t;2C;k^*}
zHmgbVWYBWK>hfsCSHNNw6QQK<sw8-68)!iDOCp-LXa!f`5*80;vr%BDMEFhGXnMx7
z!`fw5`YPiJ#Ct42M*thsZIn)bmp6euH42aev^V)a+)9E^X+{u-h^1S7mx`rLUN`W>
zW&b>Ckd5$-CSHMQZNngnILbH3ti?mj>P}=zym>htKv~T!WqDV`iUayWX|9Z3PrLpb
zxfj&yRxG);O@vkE_WnsUxd^2?9T~pQ4GE|%?VuFZc(tGzgY1~@E#120Vyo!`QR<F2
zKVUDt<uy6Y1Vc>@E`3}zXZ7eGqyDHXoh>|tMIcdk2-<~%leiGOz_<ZEyt&H{MdcIW
zsafW?y|mBMVRFhRp<4_qe{AT1eo0(gekPnKr{A~11MU7vSSTh*RBU2R5a%HW9tD+i
zJqC%u<G=z$Kragc_(o5#{u)H{Bd!KeU%3rI9i-mW9GGJ$k2dR<)VNH9xEMlsPT#o3
z1plVy(yhgB(ws4>;xYhTR+{zSN3YjEG{FU<oN5g+n9C+6Q2yYHz<&4kZ)Kqyha+*5
zfQ$6LQF8)Q1L&0mpta6vpf!t2qZ_qO?-Fx*n9g@h-L!7ZZd26kUNL7^t>q2E*){6V
z&<W=W?d9v)TKZ5+Z?27f*a*uRa4c-_8m~{n_3bp;`Rj+GcG?Y6b9-n9Jde^3{w1lL
zH$#M#LA8nMZRw)FIF<8dh=Iwlqpl&uZPLbFfa2ApCxE`7_mto|jR1*|%^FSmXrnPR
znqL40b%NccoS3W*Z<f^YhGc9KopzrMYnWhk$<oJ?IB%x1NmRCg1#+vXd>pRd7r(S9
zi9@A1AAtd)eWm|EC<}^eNd=Z6ptl!=#}mqCC&H^n>y`Iwe4_WDu8mDOLRpg-7(Nfy
z&c<}Ay>Wx63?sd@U8&ceggHutjh+@)F2tE4%CEZ)`8?M?u_lhl#u`L!4|62t1F~Sz
z34zl+4%5|;&j!1dM*kk(HxPG^m>Bw$_6t^t1ACmT4A-Q<U7$}7xr~p^B25@)1?x2Z
zvQvdKH@dklIPusev=C;<0o=X@D4yYSt?vM45M*FlX-U1s5VK=^qe|<1Hy{>-63jDV
z1ckDKL}!B!G;U28zXK5WzA+5HALopklj!|Yzn*Y67O_?V1epmRnD=|k_W5ReqQ?Yk
zM~0}gf*C2HpAj({M0M2`q6L1`cjii=Y!1+8)iLWC(r1oIpNdHOOg#ql84laT>u3U{
zXba*5>cl`?t=NMqP>_9R7Xy!nduzmPJ%Qm%7RquGoz=d$taAMV=(id^1T)WF0sR7j
zNcrZ3_a&7b-WQ@Gao<uEB3Ug?^^_W{&M?ry5BAEsbogS8jSLq<3tr0VQw4g|>>LHZ
zVqwV!6ah3fxtOgRG|m^^2Z6}UGKB5oFfoAjh{2Y$hvmiC&gvxs*)zy+MDK)+f=*=R
z2$gj>1;aNMT>|W*d6d1{z<!MMAi5)2%C=I&_YR@~$(<ElpN{C72-@ogWxM_pq{miW
zh<J~mfc$J}BR?a<@d8SDn|RETON)WDZ^F)VHmvi_zz{ktqTzV<V@ADDc8t-~3o=I)
zos?dbVNED~h|*79FJ|`?N+~qmzkz4!Br=}<eZ;fI=Ou8V-?UJONQ8cm*pF{R<DA6z
za#6hzR0p~MNuGUIh=K6{-U&1tifl-*7CkX9>o9vus_dp~K)~1DclAi!_T}#1>S@I9
zq#CF!P;aoUJXn;h8cC@f@u&|W*$uD?sxd-G9dAS1<q~mOx$PgXbK;2uARb~?4Hg6H
z-?Gt=`1N|yN-1l-v}`>#kU^$T9LTD0sq^BDO@p_CT7(5Nxlt^w^GaCFs06mPSzFu0
z!-z%&761VX9~b?n;)N$}rxav@tc-39-Pt~VMyiSDh(AX+0))xVYGGWpOBtU`u{LdX
z=BT_^Y~I)jep$UqFR~``7%l;3{ykyM3`cs#oJY-SWlLZhlUaExx<yjcraTp9HV7Au
za>MK=29l36T{O)u3TuO+zY%P=^3g)slv$#4i{Q`4f?4XM*`nGvC@KR)Wpps~A$@QM
z7Bra~hdQ>ms4fH%IVJ}8#e(UoyFM^#Vrd9vZZcJ3Vf7G#TKZ_4@B|je70Sv%l%%u_
zPArUDCi1nc4h?iUJI<{ZCFh}g=VHUGd?BmT?NnT<P5g`pT9uptzMQ1Soq3h_4aPnG
zAyc2oY6hb9_|OCn%hr}2_8rzYh(;~??QO`63!9<)(sJK+{Vi?tP_iK-D`L{f>a;j@
zR<iRm!N0P_1P1o7RAJTb7Ty7EBGpu*#i1vQMwJK+OYSur+GW+DxtiAVzUjozsDpNS
zlmi~s;lN7CXrRi@6TUu^0;8|hZoH5k1dInj^bf&k>08jHtDqhYltJ1nU=!=>B;x~`
z75d&@K7m}hUSAo3&sl)a<AQ(V+3*x**`=BqvYcuvm#$mL=@+b&j4BVbDtQH3O;%?d
z<{0d)^(7E~(4h#wsOAIwE`Yz;7q9*NN`QF}7N<yRwXqVT?5SN;xCd=L0Q(}Xv0oBZ
zc(Usik+6rF80@Rs!=7>$Uws?~Ur)B+J#i)y-pdipFK~U5)HDZM*J(eWnE)E}Qv~v$
zzCLnLFB=rT^L?QIrTxgiIupj)G?V6HO%>5RHJTq8Jogej4xPY>tiKk4zlmz{Sj3;`
z)Bt}sXA=JWW6~!xns<W4?U6`K(_ZUqA#rWwd|o=vkoXj1;8`S3F6R-T|LN$Nc#(V8
z(@c8J1p3!V(5mE>(+K}nr(IMS5)a*Gn*4hh;V13eO8-5+zEp73{3A^(&49^lgUL+s
z;AGNUCj(oKF*nk~>slXXMa}T7$QfR&)%CGv_?xI^&qX%7M0+vZY?)+iG!gN&_M2}J
z5mljFON}tHP6x7nEBMP#g_X-JyYS9~j&yxs8~w5#&z(ws1r77nMF)VtYIxreutY5W
z8YH3Qmh@*v$ciDzVY`vTzCgC#Yy#4v^(H`S;7eb<{wi!~VT<n_AgXg`gTmCFAN>KS
z!`xXCT1<LsR{5kr-xJVtjhJ}~eZrtoe+^B*q?s-GTXI(CAZ)OfEYF=4l1>{&yZxa@
zsm4uuUk9DVp*^e|mDSO;2$FITL0#6D+@U_3MDfT4iKxZnC8eiJxdoo(gB4ecR-BaR
ztS2iDeuKhEmH=V3>B`R5y<?<*HeSt-6NSH5lbHxhX{M;&YWJT6wTyARymuh1vB&TS
ztWwed>JD4_%hM~dL}*J^lioMVKU5tfI!}1l%WB*)Ot9^{KvvzyZ1~f=Prt~c<_yRO
z!*XIE4%e*o)|XXnU+Mo9K0la>Zb!76ynRG}HmsvIKI~k(vvO&1BIi9Mt3RN6*zc1m
zhHbxb3uVQC%CTT;)qs&!6W;$6g!QASE)AP**uIFYLKwq$9lF(FDZ2l1T#60}WfKx5
zXU$v(NL<_gyzk-{-c4qkIiJ#>>2yA+4k3Qbr{(hz8|t=E4>}U(9@Mk5%IS$Z1gUzl
z-k;g$u{2otc@Hh*fXz4dk%aNa^zkPE=~-w;#p*0Pgvz1e6rt>{q>^3UnSpV<P&PR+
zBPf)-gzIWxJSdN{I$FZPt`EdjV=+gukT^sNB-grvdt(9pQXX2sVR}whr`lk{H8sIL
zPO!(>#tA8L2@>qvJ-}=Gb&pU6<`r0Y7Giq~Wg^<cwXOCr3_(V+K_kh5xSJ=dG7w&o
zH>E?L?sB`3;@*VL)RxK6DnC^#f^lIA$)Xa(px;{M*zJ|n*Of*E_7Cj+1?|Xae<dtk
z00VDh`>V}4qaMZmSRJ;kZ{7Mt&>K|XGJ<Y_x&L7UbhMvIWfn3On#EnE^9Mo+9>C?i
zP2Or7+QZ7X(ffrZiE;C%FlVubMYPFq$8x>ic(A_gu;nc&_g;q&V2^d!CFC6z%3L;u
z?oMaXP*U~{zSYnV=atFY7D`^_=%mW+NOV^EhPak4ascS#WM%J6uorkje2P$pw~d0M
z3KG3~sF+OHJ<3kK2mr*sd~YpX0v`>B-PUazM}f*4Z`XeSWM3~X3$neTg&$rFEDuw!
zF>9+nLR5ds@eFlpf~df@pr-`81Ci|xegrEggR^uR+SXu}6TSWGQ=^UoBkkj<Q)p{(
zTBcH2E=<>ty5~|bnqY$^t1r=h3Z74OB*K5^CGy*iYJW@Oyosa4M8W?zG8A8`wXsI?
z5?RZ@=>A5H-$<PA5d%|fM1zCcLa>G3;ALl_T`1j7XqjsdZN%Mug^Rz{##$ai*X&I_
zFhloTyDv^w3PB$ad4mt3=qx?ebIy&ZYF++f8@J?oWlLtG@J?+oB=AAuonV6&m<UkU
zjSLFoz!a~v31y8mHWlc45IWHB#>xGtr4D!F>U$&`s48aqn|sd5#n~sq`<^amzHRYv
z;him+^};*#*nNZWPF+LDs0E=NSu2dIWxa>6`qwe+T)^ua{3Euk@~|$1)daf+QNJ5B
z2<YpyoJoPW+a*=5z@z2ec=+qCK#|*R4@@@X!lQCvoE@6XlLN^WAlY`@`scxPC(41o
zyCr``h75g74y1ji(E(-K`n0My6>#Of(2i06sV>kD7Xp~6l5>}DKL9|0<Ok9Kg4^tq
zlsk4J0DLZtzZ3P*&55p&6<()1kX(hm<%5QB!Sb3P=zBA>U-H#EY|#HSdoHRU=$@1O
z<*5Lc=5aRo_M)B_O3@vdQ_>`q{2G4XK59P-j8g9M?`dhXpNBE?6J30r%LvNqs(K_v
z9*||SvT8H^UOo}ndsMiUKNy3}kkRn;w1cJ+D8j$I%6kVR+PT`6a#3AT&nR3jDl2G>
zSndL0apsJilQ<_QE7~6rNbX5o5&2C;_?wg#SR!h%{%WEtv(e?OUA#Gmo1d7IF(;8+
z_I0p*dP4tG#Q7x_Y)uq_q(H_^9$>4HpmC+ifjFRTc{9`TsD*EC4&yh`p05Cs5y6Q-
zm^d47f#y3n#T~fC@Dx@cE`XH=;nIxXPEzmKkUmklqa43*Z?NN%P)-Pw0~73drCYt8
zyvznqVI4M}97x`bOvUVm<c%7Il5A}S7{*V5_2mvbjh}*@*@3#LGEjFv^(w0I2!Si}
zs0Z(>B}>?EzB;uQHm_4_)A6%fV5eF;t@(f(zz+xbsYFaDKoFsXvc#8_qm$rLcOWiH
zHqi~_ET3%RI}Z>pDJi(s1gzZ&iz6uh;7WHOhX?NLnHRW;r{<;`6@G7>tdwkJpBBKU
z$j*_kfl*4>D9c5B4gAwm0_3gry+*u>Q8j__ScJFSwX`{QH48_`MS_b)-D=GEfY0YF
zl9XBr7+Gm-+5wGgiGd>d`PRg|KpLON?{paz1eUt$V~!%!RuL?&<>O%d-qdnJVCsc2
zZ5ttXy93ksyyZW_hA{OQ$yx4uNi+~;Ldl<DZ>$7!GLFXNCo*Ow0YFYg&#qC+c(oPt
z5&Vc!Au|esf{}1?Ci$=)_+}&@kPhg#8SytBY}#_~Xc3GRXto(pmf;HSL9-+W%o4PZ
zy0k}dFfyo#72>HweQZlP=zuW30&$>1>wp6`MQ}h(D+f4Rg7lqxWN_YA>X0jUwUoP;
zPe`mDp9qWKAb4nlCUb$`i;yR3@|=y{sbXL*sL^Dwtdci~#POry_wbf+fzixa6Bu1=
z%|*_v$phmL<qvEj9_AzWr1|hTpPs1UWM_?U|I&r9vi}fu0BDu>DjCwZYZ~lKT!9I^
zdt~GMAGFcOXqvhL`8;zaZ)2aVqECSh;$mFNX83I04p(5ju{<}?+z)heKYAq9_LZ4~
zoleKM;T|r7e1>GJ_`o<=f(}$~^12LkI)0iQ!|93d)9<Cj@T`NY$w7}V&%9k=cZf<)
zS<RN!xi&g{0m+<}2>UN8sp~D41GDT|hxJP>e~_|YbbjXRqt7zqvyAn!asVEAZ<Pa%
zp;E(Fuy)PxIK5Ri-}PYc(J~_Q8d~uHRk>L_y5F@Q7^US4-qhc3gReQS>(592owW<$
z9EQdc8ncyTD3b{px(Us1<ug$^9_9bdOLRG_d?~;Y4}pF35Vv$O@SdiRl?tnv2VJg$
z)o_#VD%^u!h9F|iNs-skQ?3r9bKzr}_Zr+R9xN>{>X}uiUq1H~?L%SHhSx4-Rs;lS
zLHEf-rOKsz^d?W|7ow8kR%Y3ji}p4ZF&Vz1?OBhq$%7|%r$uGBgYIpXjZXr5^a8X&
zMh3mvAseki6%qFGTh)w-hC5heUr!RNgZK$<Rl)8l-HK+?$%OeifE=`_I52gBqZ3{4
zC6bC7w+GmAJs=}6ys8gP0Ig|t)Utz(vACy&eYN(-L|`0Xvx9g{hxP44i>c)a&3O%O
z(W`)yW)dq^=Ol9O<<pZy1*77Q2xUJ^!~^FWL|A^LfX5E@g9!FRRukKQxrf0*;m)#y
zcnt&T%7Ptgs^~oCJAlHCF+#58d5P5%P_(@cyQUt+dZ!P-H$z1=&OvT>+%^>?j;x>O
zBG-I@J$Nt{J@kRm8!gdpy?^Pxt{KL=4#sm|r@?^N!GIcUiG5#?SsWNHN$OaS+7qL7
zQ{0VqiB2IJ(*tw(oaM6<$(ql`a~&h-JUTb44Zi{aEwJT!uaTJxTSetPvXz(LYJ=t4
zd34U_qLG_QkYi4!wnlgxez4+m`pfE-V)g)`<Z~KgoDE&FQvxE|wI21ojixm|KhfWk
zFhBc!q-y2~brPz<;Ih3f@TdP|qVV(Jwj()94c`AT2k;+pIW@um8~Bp{8a@+#x{`IW
zI5B5r^W3S>ZIz8_V9>Gt=7jmKb;K>1)o$oH4?}o@+rG|O+QR#{<9Bsr+8|=U6mUE1
zgePZWhkPS`Ed2B~_yYz{^!*s4-Pwl9jGfWq$(PgzCaLF2VSP0XBWkX)k-nneTgd60
z!Soe7qo<uvwaW&K$iub=Isr};%I>%2v{ZQlGi`W?hCO;yu+NLvVRLOqJoI@HKA6Y`
zslf*#IVQ9Rh9WoDz&JU}XW4+G6Of~mz|6@ejaUKOIt^pH>3kzQ);GeVEV1j?G7zus
z_-iie>sjd6$pvMUM9!evC5a~*_*x|waFN}HBQP!o!@9r5xR~;9&_|JL%haIlf{$Ei
zeetzMxxOBoiOR<;Y)^akxMAqOWBLU)W!~h{CiFW^NNlOad%=27{Jlk6J`T4bK->&k
zJx$AWz8$U7iLO>hL=8D20u$|#9*A!FA6WM-wb;FBCgOsQODtHt)p!z@Gjh{BtOvJA
z49vD$=C3=@cO%<wz&0aVz9y@8^lAosv=@%&?xo>?z0e@`IO~1;utzjwJZb>~Rg0S$
zZX8*kZnWi==P>zoAs9x`?F`PnVP@O?M|Dn1^<;HLIkE$?v#hLWWOmx4HdkP_0bkA8
zVNR!oPH>e~wU$%MH-Zq&Od7y{V7QIWfYrB7FpU7M-y*YfIR+#2ZwZc?m^kl~*7z(`
z{&*JUO~xxJfw?yA*I!{cOOJ7D@eno_mgiXO0QPn|;`;Mj5%CF;=Z9)98Cbu~d7Fx6
z*L1MszCiulZaw!X-^$Jdu%6#%t>@LUavUCcr+EUyuaX+R#=WS=xu}!%TvRsUfv&Pa
z8#m+w12)01s=ubcJF~O(JTL1DQB8A@C6$G%5Gd<PaTytWq5Ssee*k<TNX|v{!6=Xh
zSl!oqLsH>-<W@O*QDrI~Sk=)=UP+v*4ilBl7^3jT6=-A>#p&^Ld*EdPj1zM!`?`$h
z1$-IlQSnn4`w>s2!zuR5j$vV;1NH<~U(@mzr(3EUn^GJ)ixf+jz;Ns*sT0y!a2X7q
z&Z5fph=G3VxD51qqua)RO$;nnpk+i&42)QfF9H;MX{?!m#+z#hg&J1Ei*>^}<}4pH
zJ|-Nz27^{FEgH@FdV!*%(&lza*{<VV6Z}iN{+|9U08v!-$`}z-p)JKwFbbSR#jFKK
z#ZW{?px-ZWkRG($*Jx|<Ff8B@25CG(j}BsYtDv!t&$Yz(Br~#+Gk@8&{$s6Z$FF)?
z&tk&Qc7&gOePfLI>x=NOoi|3tN3!_3(-_+mIZJOZYhJg{=+D6{Bj$`T^YIi~NV9wn
zPsv&%eA?RQX1rjS%s@MJb_Tlg9awTw^dD@-Vd8j1b^b6Gg9H{LBjR2(h%zouh<KN^
z)qF+#5y?L}skn^yL<TbUyuqW7GaNrohyUM(IS8+HP_zabU6Q{BEdM>sznUF8*XapN
zs1@G99BA{m4Bie9N~%2HCT2Bw)V}kH&#FabCtl$<w&IXi_!ky%-t~GqEaXac<|d5N
zcA8PzNuxQgse<>uMy6NOga+PsLu8aTfStplBLOoZ$_}qivV+8lLS8KfZ085*D{noZ
zpfNmnL>I>1D0xx`EnNr%OcDK+IS9aWKLN&6c4FLNZjLEo+vtHAe_J3DF(TxP4v%48
zLRhAdv>;Jo8b|SuMP8GIh<_$xa8msH*WnhUNxR_$n41AHRj~K??b#umkdlKxUt~Ws
z;O8ss=SW!L#d|WvWz7^HcQHoGU4R&3>}C|$A~?+~W-r!oI7)TSL{8tll4*;g4nSgY
zM|f*QOd%t-M;;8yqMIXwF3FGrL0Q8OqkuN;<g42aGubET4!S%@5jY^!q8Wm<TPu07
zC(HB_5%}r7RP>KIHVn@aFKay^zcg|_>1;klIG?DK^Fu6H^C3W-zAGF(-Lh^YM(Jt4
z+}_(f?`-9NHD{z67khhU2l6K_`-<)XQIz%C(?duTq_3$&y(e4>dM~U@yVh~})0vJ-
zrE4>m{HG*=V)bI4oF!VgC+em@O_eFd&yjezyU-^i(uP^AanbQGYrJ@xF#-I1;&hlb
z9%MgLqgX>Iy@EDrcytI99oCakH2n;t=t#O8)Pp@-e)r|{P{fA?z1hRFr&-Hs7(+E(
zhQ0kPd_6mpy*_HbE)rE2(7eR4l<>F0K~eseP9L@g$JK0q>1hU7MFjm$q)L{NPdtQm
z{LZeuJv^ozyZBtxKzkw`D6(ulQY;+$`qyiai{w@=ngkDjMGvR7KD-qkK28s3v_33s
zFDIeO7Q={+51wqs_zu%feVfRIFq$s9!PszvPq4wTE*h-18d!XbNt!Cz+BBL=;`CVa
z&s6PdjxAN`+S7wRAlClpw%(liI$c|2KK#=*i{F`iXLPV+b;h*M-5J5OHj`-&^h)9)
zcy$cwnkd!<Jt~5f))*-wbapGqO=&Ze8`~PZf~Ca|B733FN%QHtk@)oR7;_OuOr&a?
zuCvzU89#_Y{gOk0#FbhP1PU}O;|N+$E3^UxDlj4~JkS>G@^_ceK>Mwy>yVmSN#sE3
z+CA5qv4#Df34(1AXWABbQ7bP~Q7&i`dYGt$5N*97h7Rk}F<jZwSmUu1|CljXu@Dbe
zbD+RbZfe#OSDUnUHJ5@-x}*4FX47mumWYeL-i!6Q1p3rtbm})XqF)T4tI_r}0BQYW
z_6+SZe&i$S8Id%bb&j9D44=03@31R3R^T=W?aDVtnL?|)MFOjiA1;(lzTCVuJQDwt
zA+jqrOnDTD@8VCqq=SD>gO8`f`x)ro!Pc|FC@#`&&c^7*D)TkoCmf%{+E|PeHY)Dp
zO`{?(gEIL>?iaE_Ps|<FrG;VHK>J!PjBEUh9Md>&P#=Q+F|skd4u?>Z0wbwY9WyX^
z=nvO3OXH7WOG7B_WnJHViL)*{I`O(Q9qYO=8U?HN#sU}Ob-;n>gv$_B!L77N%6j9b
zR4|L&{36F4FzPf6lCZm~$2)je8K2Ws72~~DpCUSOJ_AI65B69taVYAv!l@32=-g6#
zoe^{?lhe)SzAM6*vTQXh|7&b1DfcBIgBF~mdzEgbG2%Lrxr?x1b@^-T0IKj5dM88o
zkhw(5scAr!Qd}EyUpos*C^?2N1L!9r47-e5*@e#iczdpt_-hT_P5k9q>wZJl){w&f
zh_si(rjmK3WesH!XLd>Gwr;eKjcA|Qwta-TY>z-0te>S@y#rVe??#UJ#HF|qwa@^n
zMBjPd{Y66bgU<W=p?S~ww8$>E8QQ4d@?lllzWdQ^YeV2_y9aX|F$yL|vk9w$>9wQ*
zl`8GS*V(<WtA5XOibnTp@2rf5;qCCU@Cr62g>&|I?6cC1mVRgl-*eA*2R@v>Hnwy4
zhMVxM_+2;Pix0zhrwQMI4@~&j`ZdjD3DWWeW!y`A>piLPp3{O-qL#3BF+Bb%ox=;3
zeQ-8vjwY1d5u3hrf6Nx0E^848C4b}1{oa+(GZ~rF=mJJ~yMZ9T8U}f4xc#X=GLWwW
zkY}#!4Bn}K>>j*?*F%HO3Gau0wZ?z!kKKXyrEvR+CcKYtAb8Q<#l7B%h~11x(H5!b
z`1>5TmM%JbB-<*KY_hsFMo|Bxz5U#AfBmff@-Q9&J9~d{+s;01|9vF3+5yIg0h`;d
zuTQM|(C5)#Y`DM6y68_lM~4H+htd|p!56meafgZj^Xab@!iIqz^oRGe!b^Nx4Q5VP
zEIdnQ-Oey{cZNy^MyoKIuAANWI*<Nht^S60(q9Mj4R_Q(Jk2nN98PUJ$6e9;wE{eN
z5|x8m;bk0mTjk2|-`6{$|Bk&p`tSYhZziu|<Zd1|hAuU(r&tqYcaIa6?&b0N?hbZk
z2n-r?e*h*D{+P)UD=e2C<Eq_`T+X}^Y-0-r-Uz1K7k82WAe4k(M9YhH+>#!FlvI>l
zybZ9_H%C(E=b(G7+>7^8*W;fa^%0S=iL9K0AtYr&j_J4?H6L3|$Z;(#9?5wz&hs+!
z%~JT@#aHFU-Ye#19`F>N#ki-_Lg`wzl%=;`-T|w+`YUEX+t-}HgN4*S9~j+r?M=I>
zoonyqm?+oY!7D7+p6Booj!uTrYTccMR(YDk^yzK6CZ^p!Q7HY;+EHpx_Wr;KrBO^7
z11wc^Rtlwus6oGz&@*EwZN4qim-&@GgcdCHoUZu;>RVrL+A<`34Y05T5WBT0SrNWW
zHruEzPVb1_$-M<^cLGZzyFXT;y~SG-23|XHIc_UP#Fh@BY1W?EZlI@fI@;?rlX+L-
zZf8u>psp{a_MkoDLG6iyuwiT_<E-BwkWOTtX)EI+r`bcd2>3gk<I^b-1O%Y1DYg2z
z^kmBg_N)B<T<c^$$N7B0Ma*Xio6pRz*nC!ls8Mcp{l>88<(QrAMANFm+f$qN$Wd#;
z+sxNz*Y`G`%*{k%$2lT5_=)V*v`oUzj!U|{JF$(i)&mEuF$QN^F5Cg(Ul+iyDE-lq
zJfbWXM9Cr(#JeKX5zsyoV;ov@0<=p<K$_qV2Qy+>G6W*jy>obO=^|)~NmBjm3rx2K
zqG`nBkVUrsu<B|r2;G;vJ)TywnR0ivk=RPM*_T;T_i-pf>h41^qqJPsdFZV}+tVV2
zA@D+gC#yU(o^Csh$-B5ql6=5OvSWWDr<aFW<Kte8_IxE{4UmLej#xxnW4`>NqIX2T
z1JKW>B~l8^ni~I0vSHBMI0?i6Y^7xEM))(BLY3?W{vj>+E7LF%*-cs+>94<H)=x>7
z{U3ZL+`oRdwg11r8rlDkJL+FH`*)cA|IlJ6bBU2KmegRQq(8@VW+ZSajDjHyhqP>X
zh_|RyOykeLC^jAW#LQMA-frD3qv0-ijt%#AFv?zTJD;*&hv#z<jzr%!{JI19-(xMc
z89@erhwGJ<+>S{|Pg$L=wOO=;Qaqxb7#Mz;q{ibkC}+^IxdX*aOcR#1RV(}^5#-|s
z>iFi;@&*0%LHM*zTf4XQX;Bg`db{@16PZ64Eq%$CFxN7OT)MR!i`H^nKtgyk2;mfK
zIZh=J$`FJ4ASQLw!Y2xW5uY4jLYKN`JPO^=<n9aI0~4*qE`X6ZOzg@|Ct5x<6o3<h
zEWx|$V1(c`UdaTH7DZGN+UG;suXsLzx&B^Ag4J#ele>)ryOg_4%xOA(56E3b*mrn$
z5)&=u{Rox(scu55<(RMUhu3Y+yVRbTfI;nr_kq|&eRke(Mbtq+PrRtlUO2Q5&sx_Z
z??MMz8UZ|5y{Xw97-zT@SI5`&Yok0{e=t3Lr&}-02X-f#jI8@De*aGJ4UdLzQR?>t
z-{H^Oz}HrO!untuTGbtyd(*|jDzIagpyeh-CBWfNBe$F%%d?y`Z}8^+kW@!tL};JI
z?=z9#vlF_{?+Yh%!0*+~QT!f%vBmEX?~mYjE~72Kf9>di-%}VrzG0)4CYN#iuKwp<
zY3$m=pGB-RsoFy}#?rrfFM{L0)GUslY`!jfuQ%7`eAm4H36lmS{y=1TSh&-;6!<bg
zGXorE(vs4;)?^$5qmpr?N9J+xj~UpX<*NwK;F9*~N%Rk*X7vV39QEv{Fsqj+tHy3^
zD1eWstNbSd-6gyQr~W(e-q-KD!mI6yfOp{`25%n*Z-??=`KN2S)|5~v6d1`Qth<cv
zT#lBO;ZViG6TRa&PHOlHZ(f46ddRh!;w6>Ov$o>3@_+t52E--K@hUHrypIOn4HU)P
zEC#hfLg{vlCscE7vYL)pL(3(<VHX}h4eg-&Zv>88jsKB^aTs)T0le+|E{d8c<kpIT
z1v#K#Y~r$$Jf_L42{t2Z)>M?^Kf<^M_<yr#Y!(N93@i0A0~-myC=Vp(_=B;Ma#q@Q
z*cHf&arvu8nQz^~I89sFBLOjLqoj+=XC;d@%<rw>6nu-w3{&lL;3~W1uev}eo1MI@
z<)6^tT|7#AKN<cbj63=6+@pr!TK!G&w+3_?^ta@aBT2~J{QiE7N)>XOw;kkLuuy=q
zQOx{EcAgddkJ5>tO&?Vq2Ma2w5Z+QM6yNp+zol6e)|JE1agtHBR=}5;RrD$16uuhd
z;m?@W6K2z)K`df^IUe?cQ1iH79t=Mc;NMK)9k=6xnegjsyr?8Vqib<oIq;riDQ(!i
zj@hWR(kb9|ul9?-^IQ}3#KSHCYh-9KU)%7(Y~D-Tg4x<1R>g2_E%F>Xo<w~(i}d0B
zS>^t-DN0BR$QLwX@x{Q@zB!`cX^;fDN)kNBL0>*V@utJ*9MsgD!%SlV#u<hNd)Z7f
z*k^G$!m28vqyVPhRN}yESG?~6QGJhoYSRzf@G*Mgd3FU+gxTSr+VNk+aG@qbZv?=F
z8)ZI(X3Vg#GXZ~0w{*HW2ZAvIGFkZ=fMZPVOF#~h`H^};ZXkIqSGzpUVG_X}CPIoy
zgn?lqTx=0x5E23ZutQ&iD8yCt-^h7K!Ju{?cgV<?TItVXIQ@pvF>|h?=foL}2oLOq
zcT?RDt@q0)c<_A=Cgmcc*)`8sHoOhj1cM-?qa9i{JW)W`udn5z4lEE=tBDcVS(H}s
zU%&vdycZ82w0<k0b9)I(6PglhAzvsd2J=7k1Z{;!^!b!+>@o0V%?e!DeiB0)`;^aM
z6&hl0>>nEpyJW@UIwY_);`B?{HgT9X9KOps9GXh|?Ha8nu+h*b;jguUjr8Pg`nR$P
zk>PW(x&BzUary{&st;qYT6uRoykbl%|NNw(+i5XkAZVw~o;C<Smk@p~!lnS`{<p(x
z)-dfQo~=}y-tOHde`3UW2`Jf3PseakF({$uPeteVh;IM8cI_YRu>EP0?s#)u5!t#z
zgt_DCs9a*E(x3VCNduMsC7r+<-Cy&`*8Y+^?61Gs-=??P_1DdKsSkJYoyJQw8@5j4
zr7)Ko#Sn#F+=2C1SgtNL{#D+4tLWd;f|W`{)kcY|Y-S>>aCWlMQHiW<(b>t4wzn@?
z15I3a*3ka~OYp%9x;**)1I4_c18Uxf>{$6J%*Q6GV{@8nc<%+G|4<9&X$+m%mxzHc
zl>AL!i;1f~hrezQ?S|)V^PzO~{X4a--@g{|{qJkreUI@q+AF(IZg$*WiTHxQf7SZ8
zh^HcBwqtZ9E;rHlNm9uoJ}Z><xVi{aVhSY}(!J8F`xjyU$~);;{?t2hoUHn6a<<Rz
zP4Ot#c$6i8+B};*go#Q;buk8!N||TG)r|)IuUK-f7fJ-4B|5iJ4oN9^CQkC7;W2BB
ze+xG`FghJ;?gT^G;=AlCBVHErPRjfq85UT)n=w#SMmx}>7(5iGtv_p{O9vpbSh?r0
z6#OENEZIql`*Ielg1>AY<ty2F!h13N3#gsBQm}I_O4sWzhXsATU3ND5bo_zQt39-f
z57_`nOoVffO@eVe{1I7MjGjuZq9TrK6P*p1jGLd$X|J5Jad>FG74#s>?Q=PRM>3XU
z7gB(zJwBXA89+aRf3#VrZCvP2q%+4{b@e5j*8du?|IuC_^ESS>owkw5HvP@soGE~L
zFgQN)yxE&f`L~xdJ@~ifl-{P5{>GsW<a6nmeCU@GO7UVYP#6Cyu@2eQi$@}CrMrX@
zEEr{8{qX?Oa;3odM%mdsZ&YM{BmvAJ36s`fP6HdBph*f=853=izXles@<zO3|8Yb=
zmqg`PDz>?d0oW8?`5I;Qdejx<_Ilv}Q@zi^ztugS_hoau>6r_R!N0VzCmEha!@~30
z({1qlppWqU5H{z4EaabNNn3BjXMa7(#)x}^A@ac|HbxXMYE%EW$gNaKn8^#Pc7rZ?
z^?|>0YJwS_kr9s3pg^r@_&t~sZQ?QfM#`Kk;1Qi!h=Jshpo<#K%UUwq#0?`yiar-P
za54t@4wIBKz~^+Q2E!_}R|XE?Fk+#A$DVMYiJ0P>#r|1`A`}tsvw5%_*n^mbwOLQM
znv0z@hyBV(x+y=iUA)J5Gu~rfINoEP8SgRA(&49C<2|ml;yo^ljQ8+9$YMPV?d=p6
z>+uSU^%&p4`|iUu+3@KN^r`RK?nYhg{5TwS5nWWQqc92>$os3P5Q<wG*|@&t`g?8f
z+eFa2rkse)MG?C-76&){y!nGszFi~^QvRA&%E#S^q7gv@izKP6>Ymc5KZ+bM9)oaz
z12BDrgtq3F+N%QwaCA>@Pg^FCuNoG?OBPkVm+C{$MR^g6r5~l3qA(Lsy!*e1{=)Z1
z|Bt?R`V;MyjTkGAIbK>iralw(a|B??ERev^w)JD;)pmXVUhzB2!tW1zwZrc{k@)4i
zkKe~WjK*)5xcyDXxLu)_N9OD39)3HJuI?gxW?vK8EB{6KJ)Zo%;rGIA{~G*8tX0ij
ztyODUaXJ-n+IGeAw;0}$iq~-mdFxy(he*#pEK!PGsmQE%^QYiThq67`GHCF2v2eS{
z*He*E{Q~pUxmx?EcjV&o-{=3%;tA29v1oKtQdB(Qc#J2+@+SEGjMi8}?|oQ$)9%Ww
zcE@@#j<9J-A2W_H-i<Ntscs&o&$QB2-KDC#p#!Q~1G)Uwb{MDlS^dwQ5Lzg?#b^`j
zcMFU4L;tJ(^2~Pr>u%7y1A+Q3#7{^$PvY;eM-%_wMgN5VN&0X8_t4+EAAzCPk=yQY
zEbs5g$i6`o*4-$o<88E)yp~iP@<t|J$v%jN@BY_gFvcx2TvrD6#T-~7^9Sg;_>u2g
z(Wn+1j+l?<T?3u6BTa4fD&F*30FAQhwAIZ3Vw$Lq1m$FQvXvzn&C4p+{_?GX*8>pX
z+ru}AS_5FQvQI>QgLBUBrEbnIw)6Ror}<qMJ-@8h`R({c#Qd0Z?V}Sg#X(V1+{~uP
zg7dWX-*h?4iI`rjHU6sI{Os+6vb#Ic3;*_=Cwk=PkrSm*&99m|pC~ohb?lrIjoeRt
z|MR`_uitsT#?z7WrBKf^$2*@dHPDZq*L*{}w%fQ!ex`Wl?KJOVo3?likHDw9)Ei2h
ziUx}6LYoSkXI03ocWz&jqEu?TMw?Lq>>P*(8(pyeqWpOiY$ra)g9P4&e?u>WuxIKe
zKC{AkOjz+Oc5xJo7%A~@@ReER5qDan{$S@<lxRR$*Yj20*F$X3^ms%+7MK7-!;XD3
zug6^>y9*=Rnk;hQ8|9#ODhGoy%#g8-DqRlM4lFup&@56TVjH%=L)4YaUub*Y7xsr<
z*`Etv8Pp1rVj>G5ko-hJPxspe;i(V#a9~7%vP}*YQ%Pq2q#U?>Y3&ez`Jmp%s5JeF
zLD|_X`2R$gu~SO67F{43L9DuyNAHEQM|q_&xQD9pREPmr3|5cM6v~F-(_YIexN^ft
zs34)oG(pS%fh!E4+F<!&u=6J*==@C{tMmZIIRCzQ|EV6r6W8M{i^9IEWPYEq&#YMS
zw}I@w1Jx%A;q8dhUBZ(|@UO9fRHIM^JH-ONq;A2*LfLi7u^@C7T$<285&Qr^kx%3+
zFo|+ukZM*pU>&&?bdU$nl`WwpI=?Nqg<{x`xX{TK?Do-EoKQc$0;a_6F^Ji5Ldvx?
zsw=LfTv(1KW^hj$Ys59K#(O%UUesWA3<A?@S&$IYu*O1&@*sO1i?93f4bT9(UlZ=$
zL$3?s{HNmQJA(VtSPQOk*~uedmdsB95POJ91;w*v)hV@=S#=S2N8#`G{w-_!Zl{CG
zyX{z-V}ukKpCLLcy*X0h<WxB@I!W@^G@`2#Q|n3oB_db{U!uyX886ZuiqA;@U{dX#
zuA1>=E`<)7&#+`yO03JjWGc7h$DY8<RLpj6WBE##q+?=k%+Rn8bOH$X$UJpPYF_4&
zsV={fviL5%sPc&vSTd5772ZSN5kCNU@-Dl??<Rl%n3%b@=y$`gQ<+x=9{7@QU@>zC
zz$*ff6!YqVZtxRmNxOJ`sE0ZRn~FI$$B)G6S-tY}k^l{&NVn-htGF|pU9scST*~+~
zB^W$8XmAkOhHu8q86>UtuJgyIf}t1p58gRHO<3_4lsO8ZkOTK-$bm;v#lVD-%*miW
zV%M*nY33W>t9+Tc(-nIQ40}r&);i-gmr~=(1S@BwuzVa{_&F?;3`X~`^MLmnsc<}W
zm6jp;D;ohzHjgrs(aZN=7OnI@&usN4j<;DpT}Gb;V7bL{Mg6JrU<(+BaoWc$aNusx
zcP72e2#7Bk#cp(|ccr>A@0#jAowE3W(p^hFVFz(6r}a*4NY4Qrf+6$!5h9`wOiXxu
zFdAofc0e~db5A7QD6uzwY7s80E_A@W`C}LCJiP}Fla$GJYXn~SX$3UFITJ6wjaA%A
z4d2K%O!^OA@2xZ-H5<gjI+5QXDVJnzZR4rVD%TIg|F<#!CTPizfN*Z~#b%zsD@s|r
zOnSq}cFsE-P??sp=xVx;c!m;sd(+*SXVGg8+-);2Ho2W=i#Lgd8)>PjY&|w&xojf%
zXR29ZWrOmOh^5IuOcSDNk6auMFWyS~m8kk77ldEd<IBR09(AS-^EYNzNQLv#uzHbm
z)1oVvon6{^D&}4Mk05WvQul>N#n?F-EIC+EWlk*yLNw#IuFUl=VD`K$V<nq!fmHaR
z85_ExK9OUy&&Jt5f11ty8h7RaHv91BSQxNeE<7GS(!x<zz~@xmsM!)Hw!im}`SmxW
zIL>!z>tWL1_6Ja*LBLRvXH3FVjV)#&9PGW<8k$3BSBrJut2O^_D{c$xW%XW$pkrd;
z{O%&?rkV~A)DAzd)kWcF(W&#p&x3Uqe!{qEQ{N`~JZcloic*ml+h~P5D*B7lIq$=6
zwJ^=af8fgeN?7qBWyo7#mje%EfYwbHp86UQt5nFDUyA-yg9Se(PQuKS^RQ*+S*h>@
z*%=kuLSGD(L6M!BP*QANKP<y$>cUju^2QKuBK<+TGqiY-$@r1^lo!I<P%?$qcC*iS
zahcS{6~%C@*yIg7JNd@@g4Fxv3<$&*3=%0#Z-|ATnFqpVKUgj2#QYde?;H6Fp9a0m
zJmPnRSmM+Z+T^)7nT6@Jm2JVTZ0y3RZe`(ASLP96#p@gv4_G+WYytKMD!^fQ67&mF
zQVY{-a?=1>K&8LPJ78)^D%?goQYcx5TW#5qoH=Q#|0K-nck~H5miZt%)R<($#9V+8
zTwDK6oSn<o))%QQrHK$q76bFj&X7>z#UB9mvvXny*&!E<4L=Clz|DqP&NWhx)#OfP
zB9lvc)y#tf!@|%ZS<&?Dnq1O~pzPL*fm~RSa&1()1OO{+kd)7*%<YoDS|kOJgHPfH
z5Ed~NMnz`5i~rEA6sEbAeZf<M+=KUtg<HwP(I+&=Xgz->jue&o=`|BfeDz|tfB|1|
zctznRTvjIG#nQOUDN}(3Qx?ro8d&c5DQTJY{tCM?B`pGTpy$NEqzw4U5a_d6$YY1n
z9Zwu)m|@P)Jlw_yfk`8+E-_zF<~CSLMKitMZtX`#f6iL%D_06-0Qq>ZFN>1Z`O`|9
zimwe}N*}jS2CPz!b}(3*LE8G|m6R8`MZOVCU1};k`5VMNY)D*6FfTLc=IdNaoeNeX
z*Wfx2)x?$+!L3e6Q}WYXnYC^u#@M9HpH_+a8)K+<%X|!yJq-ga_&vUirI-EqATu7x
zHpQ2Z!@D?tbNu|v(I^c@8IHY0e>E76jSRG>?ji1}T=_#5?ofs~SJ^D5Oe@`5e0As)
z?jXuWD$P-I%qcO7=8OCmoFg_Ap4`eL!-nZ<Gn?If(52M6g3U0;T2EoQ#5c=ItolHj
zGAS){BUZ4SCWiMf!%&mwPK$-N52Rtr6`>TBh7!WXI)saLETa;xny_M)Jr;xDL?Z<t
z5|sPNXnrgfUq_>bUQeRe<GMgi1)ydNo6%F(Sb~LvwyIma6V~KX3|H__tZSKptM?qA
z#A-4`=8uZSaC1!am_5C5e!QB~Tw1;)iDGUKYQ2Jqz&6dvOL1jaZ_<{>Q5bzd)Ii{U
z{XEJUDfm@9MiP$2R8xoMzoGXtqZ(ypx;CylE}hdqfo3#J5e!o!XBV{@rbT<DJdv)*
zs-oszj`k)EAuc<~tb|3VHkY;F41~v5kd06E7_9v5op(IB9N};55dOUg{|PC01mJIB
z@V5Z`*M;FPLik4l{B56Du=u@zdFX>+n5|)It?b!tU})0n-;bEw=r)t{CAM1V;bCUu
zFvB?gi|Bg3lCl}=6#!M;fve6^`dY96kgN}zr8dYOj_-(`6a;usyYYR*hnBpQj{ONA
zc%J~_L3+xHE(UeL$63UOq<q#fJ)v3G!+g9B?-<16l$WR3tPw17uAttIhbj6zQIsYi
zE8n!OU(@A455qvpjt-_n>?tariNVA1;<D2?9Z}KezZpT^@O0WfiGa;NgKooh1%kdd
zJlCA%SGAd}?_!K^QHMJ)fp}C}ve5Own(bg|0R5fME484*0)2=1E0&TH12q>f^39;b
zK&Rx#;Okzrg$J!dI;Es;!ESgHi*KSm0Pv;?-o)XX=xsl|d2Kajs99RvgIn;z>Ynto
zC%534)$#N*o?Gy<)i(NR;{*kZsjg0-KNC3S704>j+S)eXmeNQws1NRoM~6jMQ^5Dp
zllUw=3G-dVG=ew{QK=PSBG%j1sr(V%_F!)>6W1Xi6im!li~KQ~Wl0^I0<`PN+Fi-o
zac9EqdYbK~uy*mRU6$F7Yq8qJo9%|Ob~e^-q}7hI+S$x@vD9ut0<5>GO<OP#V{p${
zm;<5H#0udO<Ts2Rpnnu{BJtNTp@9V^#K9N?+LAhQ2rPY8R?I6WgL{F+vVcDCTI*yy
zb9+^iFX(7+Z!f-{LGZ5W3tI3w`GMe7KY9gYziaw|7Qk0xod0C}{M6vyH1-zOt5dXI
z^*|pG8y@4=wwQ;;%1*4^0(*#zwG?ef`O;{8-=>vrz#IF%D?x`URobon@s7lZQ3J2!
z<Uo(mUx#p6R0~}BBrmH@t9yWBDG{voZwgrmJ>|eW9*m4ZE}`s3ny<fnX+mvyy0hfK
z@Ls613t`_n5q9`TF^#nBJh`|ZrQU3!0ob+ap6E2DB_(UC_UCnpl>c)A-Kjzo?1|Uu
ziCH<Z?s$LL619L4${fr>*^(F>zgG`318Uz5n*omzV=RfqxBd9q9uXLYw|CIn$%NI5
z5v$mMYaBy3O-AzwmIAuLl$X_{ubkN$U->aQ++MVq^<>SzuS<^pyF!Tm`{q8;fA8xb
z{r8I(M*lsoP5(Dv!u|&Go)pUZ%V>peMf}vrN_A+)hb=}P8KE`7L*$G-^}c0<_Lc*2
zH%dmi+0+S5O_LJZS}xjC?^`BigK1L2%YOVR#)t1)Cgodz&p5w<cGICW_BPCiy&29L
z&2bvG0Z7P|=HEg1yHohxgDG`xci<m5nC$I;Is9*?W4g^&`2UcO_0&6qe@nOVKXA*x
z2mfzwj>i8VHg|#l4=?RD{{MXGzX$)WOQZ3hb!iv)cU<0W_)j|iJ@7y6h=zZeqYL=G
zL%I#WH00j{|K2O2;ctMyF(1Wf2OduO`PTdt3f=O5ItHJ#Id7u%P@v^i>BUyRB3?O#
z<_qj1#qhz5QIyEGk<bj=#9*6VBHP-D;qww>!6)!C7GHu5(;!BjmKY1(gO^~$oDzfk
z(yZ59<C-}0^>5*I5BB;pX|-j=Nc<L=53cE9tqWdS7m9kahF7wNXvUZgdva0RNSqlq
z%rYB-9b-0(w;Eo`8roRHkyb;_YG|_>vZJPg1YnGdnzmv(^x!_QWE$2mOUA+v5T%ar
zWZkFR#ypvL-kBXccd<}r1B~~j))l%Ooo{_M-+C%01`4e6y6ZYTo+_Hcj?2R52c>o1
zBBj>9C*I#2=Y1IS1UF&jo@Y361p1ch_ebPNon_`oJ#^48nksmqq!9i8Ih~$%E%-T}
zbiw2=k2vTe>V<sh<gHUC6`%mMtMJ|~rK<H}rFCAboQ9oOZ0Rm<vHuXTp3!6eJTcJY
zFRu;Z#KO_5MZU&3gvaeHHQmQr-dX0Ry-8GAW)$=yR%)Mv2<Uf-_@}lnlZDD$W1ZTn
zF<_3ziLC85r9yk*T4+6twRT+15VX~D(IL?IfzA2=ovROLaHg+`wFrzD{tI?T2whQY
z`U8(@4{zFlmxrGG1?ADue)E-XCj8rb(8@~nG5qT2JZdBi1IpnV^kC(c9A0oKFbZvk
zT>h%1u7oOcD<Leu3NH+j=L+4(dCD1A=K4J60pUryB!<@toXvA`L$7d{;<G6jmm{pg
zuzMv$=UH0K4V$eJkA1LspgPwU-oHFx6AL%FmEk{wF6RE&te$AsK0IyudeiWtAv;Y<
zQtJKtVxfEdK5x6aFxh2Rm2o!*?&qDSypM}YJq`eEd@n0siwVa>rH_9vC_k@iLl}RL
zQ4iz_&un%pA$R6p|4I9j`~Ah}XMU4sCAgKd+JSxM@V~_r{`|LjnFl0160eoj#pe7)
zB?u_M0u4{KU_QB6cpw#i1e+5%FggWYUwA4Z<7`~-krx-MmYD%&7vh~mEGZRFKg7a1
zu#WMLGW^^k2IBfs=51%a5O@#I^)RH_MG8HHp7ORhj&o=;Mj(nYs=&f9vrjGjUPbu5
z%{(@rXP!DtaH|h?f?2_RhT-(*5jcG_3a1Y;oKmLatUAeABMR<X3<Y=y%xJc&axJSu
z1%kX3WA4u0I!k6Y+f%vtDs0las}ht|^q%=CFNLj@)r4zwEj!z4i-U#>J#yCc#6{Kx
z>4*Wx4{yhSk%(zD5pz(x^JD~KhIN7%gCXXZT_dKEAqKbtz1nsREl~S9#Mp`Wjx;`?
zD;T;lI)3YaL_U8t|K$0~=kVtLQTfc<{U0Wu!{?nm5Bc2Q^nXh}`}^84V8`;g_W1ur
z`8@IHIpkAThSx{S=c;cb<WufkKKX9Rr>uB4oR@sQyzBdwPyYLmPreKJTs6BZ`IMEb
z>LcazhHp$Zl)t-t%F2Tq{!`?0-XopJCqqoDd|rGk0x{oFK25~@2g&EXbIw~nzis><
zmCqhK{=?)m?$Ps+&tD$-za^gsyDOiIzy6Pu&q<xh=S5NSxuz5OoRHDY{iio9pHmN;
z0+Manw{GQVL&)Vn$h%H_?#kNK4Rcp0d4w)chq3tcj!fPa9g6I|Ok~%#itNoFnh^cD
zJ0h!hEVAE5o4k7QdCTk0HummMI+oWDujtNxbe1Wv2X)4lw~)OHSU^l408D@8%G%hq
z`1&L8`(j7t@AKy;zR#RPe0|*)--7On?<<#|V|zNw6yJ4UM&M~!_wZy&^Ala;sgdF7
zT+)1Plr*=!|J`kQmOGQ@v?zK0XD9M}Xl6IpTVGh7OG2jfjJDQWSve{)ftF5uE_Ei*
ze6&D694*jKceDnp-4y6$Th2$IzdWZvBdGe4^A_k`Z5H581bXg0Z5QAU*5CU~dG4<<
zKE0LJUm3b!j4GY@OgbNd{zFIW@o&ygpjVwkpuOD}==^T`n`WG2J-*Kr=)(si5H+lu
zh%zPmr(Gkeks<0_5`E1%)@R_<Zi#e$gh<~5?0e9aS)J!RE<Bk^7Zdi(nHpLbDbAkK
za+mN-O<*Fg$Qbjvn_=#%hr*c47X611b1J-7>P`Q(GKKWw^3ekHIro9Ee7|(S6sGG)
zzTKTzeRSFnC_IV6Je!1hGY(@yV^knAf1_*_6FwG|Y*dfS7bV#c{AX}la^@bA=%Y-c
z7o$W6Nup~&NVUIzU;^<slIWJa%;QqwW|C+NB_z?uI~C{Ct>TQ3hE{Z7QpY*YCDI4O
zBE6P+na{UFd=*1HyDeL#z5M`QEz_cqZd2-KuC(xdm4Nbnx3&NMg0Zcqb4-Ig1CJ_E
z_^o32eJu*V4<?aRzkGgD{q#Ac`qA!7wcMptcfzM7_jkglkqp{sBJ7~nV}As~I<vda
zvSqqGL%!CYAsZROBBeXl6D`?S0(-ZUXRQBJ+9Z?=C9d6Mo)j9g`iM;eZuM8$UCxh$
zKp%V^zzVCBB=vCkyf07r$`w2lBdIqkE&hYCIZZWjdFptZTd5G-+w;`P$rNql7Tk5?
z0?C)UoOQwqjE%>3tc|Fg6#aXf-TXd$<{N|o;t36s(u?l$=mXo{cgLk#>F-vmK`oxa
z`|^R&Pm|14Yg-!nb1qy~7fr|e>sfUS$5Y&yy8l3|n5m&acxYx-I5U`s+o=mrjl@&O
z;aN=x0Fsz)1-Kol+MqOMho!>wa8@+MP!5IOg)qCV@)-c(KOH;Yo>k}6O-2npg*rvq
z?Ft%*7njoP^6w$cxYT(z<(P|5k|*R%Mj~$kyo>_8EP4R(ORbcndDPP>)aH5oNkU97
zsqiSMbcyD!C%KgbQE9+hD|eYlpqnAqwUDYU7z1@8tK9AUMiSgL?YKE&u9C7|8*$NQ
zLss@6xB#OGa_D}#LqB56ydfC(wf<-9s4?T+UL0M(So5bitbX^84ThOKez!J;-e4WF
z`?z#&9py*>aJFyZIk&RNk&F$KvEfS}u*1j<ZDPIkD+hjA_nT3<Tlbsi+ro)S4p;M3
znYHwvJY8;vzJIn&Fpo92)bMmVx@<ju&4R!5)<n5)*05CIx7|a<<T|(?^S#MKY!~vt
z|Lf$TnXy8HDG%kFqU2$4b)-DRe+PLezWwC6<)PVsI=(Y`i0xP&_<w;sG(^e6+Z)eM
z9-jHp$<F1Wd@jkuTTgT-56!Q4C=a)t9n>lh)f?N&!>T$<3P#mfzlPPEQyxC6Wb)u!
z9hQg3wpj8|zP?L&_``Z857JNm<?`_V$NKQbhA4SRsr>J*55;$NLmvLWTpwPpKTmnM
zvkQ56V>ZddOC=r3gZ5g7@*tgxkcYDRw(?L?ZArnE>#bku>(40<8_StI-1Bx=9`4_0
z$-^7LF6H6rAd?5@-Tz0{hZkz2<bf~$Z?6w`{->@F&(xf!JlxTRJiPD_$-}B;9m>Ow
zS38sk=ZOe;_)|?=dGJ<RQgC6=`ehHEQy$i?W%BUDe}v`XNA;FGys)lId04iN$wTHH
z9m+$2td6BbGk+x?-8L7MS9b-!h;=PHgB{M9Z(fUPcb{mMCK*+7_N+FSdA`;z`5E4i
z+SA$nD35YL3LcJ^mYreu#lDKVA2kav@nq0_w*y_@8G1(v-x+eZzcW<q0Yoi3jZ+XF
zN8SuycXM-8LaT%OZf4n=yA<m_RIf1jJ;T@CBxN^VcQfxp$;#>ZZ|Wnuxb9}&N{Rr-
zkM-fP8|YP?rin(Sm_02D3d}#fV|gN_S2u6GnIKrx6QVCdS=Zh~WtvtUm&)mTI``+M
zS|mR}+}1*g$^vP}k!=}-bLNDv!gc5V*fq;Lxj#namXyz=*85{J-5=}VIvh6Za+KO9
zx+3>bwr$6ho*>TTJ)(eHEd`jd?RDw4gI7l3Cqq&;yM?mr<iJn(yppB`m%D_rWQXY<
zt6u6#s1CcwCZJm?;D|wx)oVSNvEwi3F~eNWvND4e;7WG~9LL#3LsO!pnwseQqmr5j
zI(`<gLX{XTP)9@%sEt1j3zUZoqd1RaJb4nY9PVdV4$rVFho8>>o8C9f60<atsGZOX
zzv>vrM-ay|ewt{)V%|AqV}vgq4x<bGo7e?+6%e(Na;z>pN%JZ;=S6ut+N@t44=b`^
z50^3q5?iMyMozCi3%#!QZqGvJ80Cr5L;}R(ATfG&loOwpU*C^KH33sf$tsdCa}T-T
za8jak$Krv|mzypkW<*>>{MlOaI?9-hYp3=+@+$vn=okRl7S7N=TMVNe@ByK0qU9E=
zW^S?Suv_fc<o23qxy7onNu*nB!P)RlXW<E~I8UxI)(l-^E#w+|3@<!O%7-SWmfiwi
zNrlytdbdr^+%Nho?V_`C@z}hqFIGzaVms&k0W&Lx;nMS$cbHjmnJe>iM28E$%B+NM
zT+Yvnx3CiqSW@*^iC<4Cc_Xn?34Q9J&iv7-AaAhjP&SKeapfU7+E1+8*FiPlP?qd2
z{|Dhk$!nIDvGTKYEk6N&SMqc8Jmsg0fgJv><OkWw<Ri7OLnzI`WI^hLX#vr2Df!b%
z%Y`RDMm1qfxPv^B+wmS8zXjKds&8Dvk_pph3N1ZekcV(HUBdPW(_CtPfvaXh0YaHo
zPFTZ)9&TlyzdqL4Ae3TyHkL|UD8VRuz+hY$gJMl(H`l|-kB8CMW<eC4pWu3ah~57-
z*Yh*5o)2ulAZC^8x!APJMQ{JIt`@y3WV)f)fiAa*6#8qcaD~^xx|JQ+JLcjC90p5Y
zkJhCx!rbZZ{po9#{ae<*rCqIm8ETvZ7QZ-i@r$GT6k1<@BG<8@&^mH8<<A??R1xRx
z=?0~z$Gem*Xb4M%wd_uATxp%~WI1BgUt>f28+I<x91Q=>v?FQeeV1iz#R4lr$*-|l
za38!}H#~)Et}GTCzNR1|<;1c>K%HVa;7ZNfst=CDZ^M@|Un}!lKt;t!{_=Fu`LXwP
zkFZYETunjVH%Mv-!CwW<E=*<GfZs;Z$D@jk9yOu0$?F~!_B_4yKjZx%RRV#_68Xl;
z4(wm$I9l6<6O!e?EM8XcwY&MlO9qcQWf)_N^Tq|@9>TTWsR{WSh<NZ&EEZ_$t!J;L
z++o%e?@&OEAg;rUMtC1c9NZ!+hqTfnp3?`e#at+@AAf{c)GmA;D>YOb8<hu=Wi{J{
zDH>Byhz;SHa+lH*la=Z7rNRk@WNa1#eXDFlG?K^H*T6Oh1}zY4$}w&23@lYFWhXm)
z<0l8MI*cu6h_P{(6P?xRc1c)UCHfo7L2r)+TV|?bmgw9vceDg+-E7cAK}i`PE2D!t
z?KQGW0kFV$9+RgO=Gvq{Ts2h_iRL2U=vdr_T`a-QbarrGEPi_9a~lj7R_&Q3Ijeke
zdTLhrq(I*zQeboq-cg2aT~?Fkghn2)ie^jxvpK7CII3$^<ysD3=})xYe^=)xpV-b<
zW73j*V49Bd+fAh;CL%6Xz6V7$TWR+1;VIW;udF%|5gC*N^9?;7|EuO3lE2ypOPDOU
zzbUO-a<xm@jLT9o<*PH+dz^>7DU;OE2Ql6J5lY8t(+^qQ;?idmjm=u`5*sJh#FBn#
zO~BXo{(dOQ)=_=R0+#4gR_EKX!`p;Z+p8cT{)IM9D5)luwVQU2+U>YDD>bCK4>8JX
zC+70eIlyd^0_q^C#$}+PP?Jm5x<aMwH+DmxFEc-1-R^TBvHl}<k}Z2ua`8i=QJZb^
zjWB>4Y80DXSZH$v+zwvJwP7U+ANDY>T@RBK_aU3!Uo31ef|y%Jb#DRvVU8Y&pZCcY
zzx>xWE>uM4v*tYKV%`8O1ZTkb`s1uw%d^m|H&(NtKaaql`V(#J$#_6q8ceSg9TNUi
zyiocAKCeOP<1%lxRl<gv-!2wX$IeYc;4yq%__<hkOj7Ek%umGN!C1+Evge%fl5$Ks
zu~YJ&N}n^zqim4;`_Fg+aTke!v>jj+rFxXlR|@vrM!}vmPDpY0X@vhK_klO*z))v=
zUwB{*?4e&GDLW)3C}kd%{6X79)msk886K33a>-e{=tyRRf;ZI=FsoiWOGeU!Nu?+|
zW4YJO_~BMRriv(`J*#3cJWV={{IK3!B_EoDf5kaq!7+&sW&lxNFN7aF`_gQjLyhBg
ztV@!epIq!=ly(5cfXu}}=6qhsw^>QFDm4K<n5ei<hY6b>ChUZEgbhRZ=Tn%r3e$X;
z#Qc3Ey+EdVqD)O^^Y5^}PU_?wA@xaIgyElZ_7A3Lgn!Ud5({s&spD;d(O`Rek^!ui
z%uVQASpwGE5$(!TILm4<r)+5C>3zu53p^SR%ZDVmkIRAK+a+}XhCcW!<6((_hr4lU
zNzB@c`L~{_&|}q`47sq`HS~uzm-AznAb(uCb;&TXumW~?m7?-lls#~xsQNg~i)%8f
z6@QgYb{?2>2oL{1n;1wtjnzhA1zK#!8a=m*&d=svDXaI87w6j9JQe9-XUK0BCxXp%
zjnxaZoU>h>>PV(NmQsKzXMrc2sL{$nqdDt~hwCFe%8d~p%-zfcrTQ5g#Vi11=pwom
zde%PzYB=kc#3}_w+cG^$B|_sWW~E;eCPw&&!sIz8Q2?cZalpa7BxMtTgy;qZ+awm|
z+W^U6BGdqecfnF2JX5Ln5RH2E!psfoEjH&)LEc%qYsr;zV05iZ`7|%<a0Grq4<DJN
z4*y!Kd<e*DRC%0V`E+GRYnGoj`Zg-R&vuD66W!&f;dV72*$IrM%uP%BAuc{ULE6{F
zA_0>0-jtG&cnN0o4S)>1ggJyhlKfT3Odi4gmH2FXb`k?uRnaQUAI_d)E52899-e!(
ztQOka<>&DMYaDVJ0DC<2iA95K(0I;4%+!g&2WsrA=DKEbL4uwbMOs@FX({j24VWbH
zSr06~p1^}u9QNneUyqhQtSJ7Sk%h_LwKtl=lGh=wNbaIgb>tkV@_?Wqy6!=A4VBe}
zb{Xqaw`e}(2BoKDGWee!fIkUY)r721zB{s7w1l$^S;PMyd+!1sMU^xR_vAVW2|YnB
zQ9%L>lE^L5pcx68ArsOA6U6nhth&kyBD$!U%m50)z|26}VT9MquDiOcyRNJ5<rQ}o
z0TpHvNCGG~6;V_I3iQwd0VE_qGGA4l?w+2>1=rp0f8Xc%Kc0tlPxt9_>QvRKQ>RXy
zsyYo>K13Fxgqwl_tdHcH9X|p7OqtmxJq>fzx7zsOO)0#I=d)7zEOvfdoBvPi=Kt%N
zye~(2?|ed&r1zXrWqsu1E~NZVW28J5OO;C%`CiWC`xPDKJL;Ps!<60ruSxbD-^WSz
zS6AIea@*5xtV&Z(I{&;@JR_d;97rt)dRmj`$*AcB`uyo(Jb9h*BxvE00~oVwY^jm=
zoPk>1MI2xK9X1&WhV3Lt5(Pid&a#vDBqHOj$)`xtt*i{_DtR@QJ<Rb8SI5+7xVDkw
z{HS;&=7l`1Mt(&)zQ(}L*oeQh5Z2b>q(WR;V>}|yp%xaefPqrgkF_#?AZtOa%JDV3
zhR6>VG{@(k+b>lg1HH74ia70JlX5uzMtpS)2AUWu2zs};UJc`qC`d{C3O^w>m?Yna
zWp9?Cnw@5Yf;9kfY-!OG$&sK~TIl&G$#R_K0mpX*%{0Ek*nXXWE<nhPZoyZ_`+O89
zmrzD{St%h5EWCN*YPEJ2t`aKgafIV^&uBBE{IK?n#RH6qXGi!kDfr<Te&nozW+mRk
zerf)98a@DIqCIpMQ<0V!H@m2XPbo{i>n$y=P^`RW@o$lfjAaFp@N&?qfr${a@YB<h
z%rAE)(xwC&sRNmh%tmHPS^|BHG}`?s_OTOynZm>?MzqF$Z6H>`xXu3362X$lFZ&K2
zvG8uZrw#7Kqtzzri}L;tuuK-1`I7hi1AbH+ks+%MWD{X6Tt!K7*A$g`BYbsEg4#wH
zj~7|}lhH__FyE*6(hqud24>PT>H#q)MgbX(9Su`U2#CX9Xr?mPCZeXEPwbmQLqhrZ
zxrFG)FDJx&Z1qnlB>T~1V)D1!iOB(faq|oHrRs7WzhkguaV|3au<$T)C5)D*_@hUW
zzN`rEO-AG?OwW5iW@XUSS<p^2{$04i5Q7e2{A>W#Z)C_w(j(*Ny8g_H?T>#1!^IqY
zoQoe)FW)tUXBik=rbCp_g!eX}#1=zpt;>72)4~GA3g{xz=V!6_Nu`;ki8wrtipNXb
z+ubGA`Jtn!&>)M@Cw|H=I}CNn2Q&Z;NG&CJT`#28$ryxN$4)4EA|(Rr^a(g-t(J##
zto*a}6eAQ+4^Y}*Mmc+kxsU=~s{13XYVCj0G3A?vnC{bi43?tAn&ds34QSD8jh4_S
zkEiqx)Z95~@7K8hTJH@yM_{Zx|Lqb*RIDm-<TW{_A9Pq6`4wjr9M1j=Zj^rS5T}=r
z_jfeUIq!Rn8jK6n%<>p)KFCpq#L2K~3lC~j(JejHtaWJVv^GL?SlpwcI!vfON2uP)
zFS9aKvl?p;uo^GG`X>Bkw8qPIHSU7epuVH-t?p`*QX3=ONBpui@KXLp`RWh|{qXt=
zS}mWRiPrLbTQ{{l(Wa~AC9K6Ag=M9#mYdtVsRi{dt(Kpii4t+?Sa<_80y=hymdo1-
zEuL}9pT~&UzldfypB826q%*|Ss>E74`8*w5&?*&Jtpcl7z<P&65&3IUa!yL0oI#e{
z6vok@&ymirOjiSHOToL-x$t?`eI?gX;Cp0=b~V)GaU{qo@nn~M*>Qo9nDSeg9!#hC
z;`MRS{1&%Scsa~(F;lfalYHvmnS8=21t#S?K|tx{Q_G>Ke8M8m>$OQaOOZ{_u@t_4
zz*HtQw&o6CeW)6t8_^~27(@vc=cEdvIj~N8@if$ZoRzKo1bTW(PjHHJDsG?qfqX>K
z4>7vSp77yjE&e#EdjHydntSM?^Qo`7i}^HuJ%pQA1QUjoTiHU%lVjIQEIqOR9^;S3
z|NL(+ivK<>KNA1_PyK87SK{|$f7F)7D=qz8*OLDIbYc4LCFiI}r6BH#mWc-Ir@e6o
zkyZRmT7D9NV$xOt?G^E)Rcx}l8{D>PE)F_T{+10~@l(lxpB~j(tb7Vu>~7HFfh76s
zuHwHta9}wwb;2hs*96*-#+FCfE1i)~?px4|lzMnS(;#soTCL0g>ANXAXK%c}`x6cm
z$Uf!8c_(xvQNF&Q`Ss}G7wPNc+av0cmr0c0gO0s~Y~qNeluujv-WJuGs<J?1$}RIA
zqxe(^%Me`Q>-fhe9+y7-nj=dH0@lyKkx@I{CZ4cHK7na$B8(cb#&a<7^(1VzY?r?(
zgH9*%wzGIv<`nN`snBZ>ve%P%ABMLU!$KNHCigVrAvljQd<T}HoE83ZpnU4wLPacB
zS)=nRdvmiA3b^WSn>HtxmxQyal{#tJ366G&jcOq1jor%hxv$8F@UxqupRqv0f5g)!
zF>{EOO(ItDqq)`cw}2hL)7)Fyvy<ai8|Xkltm#I{A0>V)o)X0N(7^=#On=T{X<67$
z+>Mm+{;@C1E3lwMNz=sUfe%lRY9b$2#!p;*iCxuK*hPH{yRWZH_`dx^=k<;Fk?=j+
zMSWi$|8elyx~OkO_w{uN-}f(fUSDx{^>wH$8`utO`}506h}5ds+KwNi(}?onnR<B-
z16%Nq2R=`jTc`|x3XT8S^E-v<&5GEZBWQASd<h9>4DJ6J2}8TMM|vDrfBR7!o>B(G
zKgCw`po@`(6wzGVG50qp3qQkvwe;~g{P=5(=B&0?xeD47&z87%z&I+>Bw{<0h}&U3
zKoT(~-=D5S*C-vD9M_?{1f@GwaoquAQGdwU4q*CBdPBwzvEZ{xkN(k3kDjL<30jvP
zlo3$slhUKWMSAoQlkrNvl9=w~E8Vfjb?2u_Z)SH-o3D??)8^f7dh)wi+Wg_DLK~$U
z&+2*+JHzqI=3y5ODE6)YFg-3k`ft(Wi}1fo5An3FLq(m8m_Wwmq4NU^w&DAqFz<n?
z>Eh>clxZWd2&M^P+%k?CF=Bh{)S-6gw>WjE-}MaRjCo3NQ23qrx%hSLSL9hBZky|s
z56z6`Q`CWfg984~^z;a1Tq}gyZxjl)|BIwqBy}LoYu%705J#FDr5{O}Sp7B7zb%<m
zUDm~63I&RF6u{?pGN>eJ1kn$acaAWPPDSk|K<)lmURP23S0aekhXqHJQ6j&r?&l#u
z1|2|o3P2@s096Rg#1lnt3~~n@L1GhX8BoElfqG5h5*4aLhgHnVzwMy!{|E5pJN#qu
zHR<sGEqt9k^yBgM&Y>>wg^LLdUlRa~l({1m@a!6R?D?&y`7DlMY=XLY00_@A2v6e~
z-z3Qa4V~sqa0{R+aJ~z0exYC1s8GHvAE9h1r=#CzXx{_4a$uDLpP>`@%H!bs$teb(
zu~Ya?VTL&A@353Rg-4L1(5>qVx<BfmV_!d_evPpGS7-CtFh%^7#7zg2arM*XG}iCi
z_-QQIjg<Lw>@@bpH!8!uK>pAFasB6;e@FlM=HJwRV)Ms+tRymV_$x~smaF+?9xiHN
z{56Mh{jJq07^ELGML}`(TY~1F#r$%7@336MFT?DZn$_`3j*Ni%&#qN0imDpQuh_@2
zwd57Q(zMz*tKoh-dMq_dj)PdT9h6elkoEvB)g&?O-r}}a_Y6s?(2inB+srS+beQr%
zA<$>i?ZdbY2q<n<Pk6`xeS{^ZAPIpnlW)h+xM*%$kA{C~!n|#iM>V*T4m{Y!@3H0G
z2e9SCxIw8J<II>(OKgFKo4#=?BbHUH=a(g8^ZONT`sIV9n}-KbvSJ<nm5{?K_67e$
zV4`$>*$X=Cze(7yHc&RzNeuaOBute<$ftB*mLB}FgM@s=;@nKgZ_<5rtpLb(FR*aV
zOzh$Z-!KJ#sJIgks^{%+OmA{n&hjhvV||$5rp7Mrkd{5Gtq+t~!x~j!>~ELWG?M5P
z#E@p*WK^N0X%^rG0EiOh+6b991AW%qsuAU^^wux+L|J#ME|BpNB+HvFMwYy%6tbMf
zrpHp#?a;K^>!s;LmL?ms^(d`d*$}Xbb^NmL&_ddXb!8r){)Y#v`J?}LjfbAkTx>iP
z@BfkGVeBos@o?>fdeq-=i#8sPBjT@hGQ_W5p&t)5U;n$~Vb%Wsb>rdhjX!8S%>A$K
z$HSk$`f=mo&o}GF!yjhpiSowHy7ADAWO=EQk>ygqemo5S>fad;ZC`aZ9w=ly)Nd8r
z#|K87NhF$70!^--JH;A0oT%8k?gV<IU~+Ik3wj`9nEx*#Q*vpu%d<TRjio=as@7DS
z-kcgWl_C`Pe@SM>Xw{XkDjZEbB}5r|?o+5l&^F1{UuuM|d<81E#h7}v?vgn*R-a|5
z*)(QjGx#K>Q@88)SAi-oOhzLh(A{#)+}p-ckr`sBx~JCf6lStk`mI`{5yDmbRQ9d>
zOBY)|bDyF9h?}M9`v?c3L~T^QD2Buu{Gcy=P&basH_TloOC9`KZ$S?#@hqqrmaMsD
zfsC(^U~HqO>K3sf^i5)Qf)J@uNwf#l2Y}X&DxPOslA`_nT+#lRqD+0-BW?czfvSnA
zvhwd@gSee7Bd;dv)GTQw=t6U!l@GCW<I=P6rB-?6D_!Y?E94`c_+#BN#Ua+R?0I&J
zaqd0i1BFB@g_RyvMzmstA0qCgpXB{tl1l(=$LvNLlSLZEovNv|KpBk8)LJul6KeKA
zuI=Kd(*DoM*e-@*8?0O@HmMqxMfsdrGGHuKk|jg4m)$}klFrg_K~G@D6ty$s`q#<$
zQtTYM@pXR;D@G)fgR$bjGuDtcEql>guZ^|ebj6!XwXs&W_g@%m9oCQk(s&y_=|_*Z
zoW1|Tcsu>sj~j2aS;RI?Ch}`c-re(i5%j4Fp2JUWR8Qi<02*1xe2&B#^dA?S=Vz$J
zrf<ZfH|nwqJ}B5NZ=0#w=g&L**TUS^^yHhIYY=b>^A#I7n_T~O8~Jwh_rFfvB;*-D
z>B=5qZ%oayAE0<`GYw+^VZMoFMPzBU_HRHK?$qZeSI-kSl15S+<1>Iq_b4B^Z#VC~
z4&6)w$+h)n^wH&gbbO=UX3ilZLop!Fvt~E_SYfWFw_fvVxYF7)ko+WmDSFLo>E}Xo
zHaip@P(BK*pu*BNIhh?-#@E@>g~D{olAEpfJn&*hVZk$Q*<;tk{O7wHy+_nd@bDc8
z9RXWt&KE?dxd@+^DDaH=`bv5&;HlOrxJ@<{Ur$qB@2fM@>sdnJeFZ`Qm$Jf0so!fb
zzD@6>+XzgrQc&k3fsw#4+@P_-zeo~%`&>x{L7DQ%o_f6xgEND^$=qp2t;}K0#gm}<
z4h`JF?DYoawSYiP!Lx1*+=&d_8hVZ3vJ;n}Q;2wI10Kzf?E$8%k;+bE55^SYSJ081
z_4fj{q|*;<que1mTEE(!V296hqyzY_V-H;g>^QCNNg)G4_vAWZ$tGkl#VF$$_t8A`
zTo@DeTquNxYw6**=)+=o_zFF=M;{7$Z-m85sZY|iH>7jnsz|)6LREyhD&$Cgu)vHC
z1!iakz8?n#Zo{9RaighCbF|GNv0sf)JRnl#ez7kuX;-Uz6{|}^wQGnxNI7AjBmHjH
zHVXPyt5QT7U{B|iCwK(EC;Y@alayp<z7Q|=@5RN-SDGv-v3H9wy`ALsos_<>s9=ky
z%>a64q#WqVm+kT$a|Dv}#tq{fd|3_9d)6Cy9C{s{VyXPZS_$20&|Ug&bP*tbN4`0f
z<TT^SEpiRm0fMr@)7ZFpU;&6M%XWSR`e0H>IXs@^Igm)N7ab65X7Ud=%;Zl5ar^&~
zK37i|#=&*K_3S!yJiCsZ$gbmlg4Z%A4xdE*1y0-eM|!`De;x0d;PoS4%(U{A9}k4v
z_FDY?x$@h}x1XMA<4^2ng>3xHeemquHhi{~6;z+qYDK<eMbx)n#=iY3_U%{fE!=&E
zcU$pp2i}DQ^r*L-;(e1bcp^a3G?SmR=lD#%eGlAxaU0xxF_T{e|Jy_GpaI_iX6A(O
zO-QVRcfmmKr!Cu`xJGOix9I8Xn4a{m-P2&G;6DhK2a<wTPta}+Nhvl%5NAZoN!M3~
zowa)Z4WifJj`SJ;)Y{6gK(E;F;CO0%6HhI#jZtd_yAFMpT}Qsiu4DcLSG30>Ws=@K
z%|Egb$OEXZL3A}BYPKP2wm^;N;MXHNv_~PW#D}be`u4-vw;#p6{fNDVyE?oBP-nK!
z<j>V>xTk#Log=sg5p3D|#3*q$VONJ=f8nn^+YS5&&4I#ZPn|t<JOyJ`)(Dneu5ZO)
z?W&976Hys<Toj*$r3|0N>^juOt|J}nI_B2WPVh;nD8sJ6)6d{fJ91uSBXa)<=xF5;
z<a<K!{~+S+7f1YPL_En8z_%@sbZw}8psk>;E6jfZm{<Ly{$ujzA67<z_3S#dhFwQ)
zW!G`Lt^ZH{{3qm3>g!3)bpJe~uX%AsL9kY=^Bhj}H81*}9RUs@Az!Bxz~U)SyTO$L
zWDLr;iJ!3}zW6JqeSgwPhu?A1*clLZL(uNoVzBccgy1PWgl7%_%u|;jSkAg?n`;a%
zL#^P?I4M9ef&XAjAY+RsWDkW?1VckD%U}Ng3wVEdQFw0(^yciLmK!Syc6I^!q(D-d
zJ=A)my&%+GFaECUMWA<@0AC0NySnHQ>ksdJ09}V+e3xOg+}X-lj_Hj}48pMHpSl~}
zp6k`24N41+?LFhz*#4SbhaP6vk;mC}T=O{n*w**|^aL2+BK~!V|7*uL9t?F@c3f<H
z@9%tkTg4C!@ZybSme9iC@;z2Dh^O=s*S=@*%t?YT=$u)P>myhW)&fooB2e^+Ys<tf
zWnwS}Uz4Zz7VVy`$RE4Q1HE@!JvG1|M?oI!v`0b}mIjaqEn<RTr~@Vvo(GZ#H73Dx
z^iY4CzbVQ0kqYsh`HQTK^bLZi5kpzyK|q^WPq6~7!gQls<oQ;yLFs^NCj!rVe+N}*
z9e^TLR<YH(<N$I!eWS_q$^PEK$^N^7#?CrnH*B?gwjpP4)A-b3*k$(w6DlkrS1le9
zcV<uYCjqlJ7~=XC64M34c42y`lXui_MV}^q@2BVY%ev$DjL!J|@b!$}kF)F0W_BIf
z&aPup#^M#*L(WbTPmc$MLj0dm&@|?Kv}-+~9vReTsb82Y->m1(!zy=9jS@Ek<(?QW
zMu0Oxe%SmO>#QJK%0RZ11JSHNH7k(KhPl-1?UokTSD-KeKc4K29~=H3KQewS(eq<z
zcl<b}Gk(0ii1Fjy>^gKNyN-OAUB}EV>YN|{S1Y(0;|f2Bai{AU_XCx2AB<z%am2V$
zenb8RlBZcitpm#nc6HCnyD!Sh>UyO><=?_ZWw&(A!1=_C;V04X7v<p(84te~%fsQP
zs8lQ)uhRH;QlNh?d*~c!2VZo-%98>am)k?<p~SZCxccwJ)kBD@1I3&GI*Cxw(iwx_
zd2tT^59t?k$1wh0#I8e^vFpgE*mc~m#{571;(w2Rp^sk}e&GhAE?nNKus`<qOny{y
zQ{gafZogB!DYLy0={c&Q>Z;ScDLLuqgSc9J{F(B2ZhtJk3w~Ag!vaU{f&zH+1w4Y1
zcLeEI1O8I&>9pB{=aq!|Br`sd(w^zVO$-#~3*teCc$P9yNVi>+%z4fYc3nsAP}s_(
zKVQks%@EcRm|W9hIU6ClPlcqX_9jAyMt%F7iGrBOys4B;1ub5Pa{OZ&p45e^ivaA(
zY$4F+gFG{t7xOpdKurXRoQut@Svi23;g`Nd=G{I|$CktpQ6K<-lF|!v6WJT7;ORab
zWxG)G$^~x4-Rt^-X6f2t>3Dj~5tyHC$3;m$jP;Xmt;Wz_%z}^SX5|5BEX}8=Ri~tc
z%D$ZT8pp4--exvomn+0Vb7`HeFq;eCY(NjPESou3y4se?0iR_6w0{Ng!$W|VPxFi5
z)l56Ts2+{uMxLW+o-g;G&rx7FG_7ab>o=DS#0Rs{(A}rkHNz<7M!q8eUqt)M!ZPC)
z)$6WAveX+n<-v9T1w9WGCczRYpL(s)^@)OH^l*c+NZqRt`;~tJ!luK+<kfc!;^e-F
z@29R-$ZEvrMNbW2otjFYPK7tn3s=H|8>rPRYE^|^1^dpcnd!cBu%+*vDw$|Mgzns{
z7{PoPCrOFGX!q1Zm19|w@oCYp8J(Ud5-|S5sN^qyrts54!x)#CHe_r3Gz>;W<_0LC
zXQ$HGf;x6`C~%sjgDVwwx-H61xs08Tm^)!7lb)SMXzXNC*y*2-=-4T<3wFYz|NN*R
z|KtDz+ce5eiRGAla;wY$8M$aPV!lYI-@NmR`J4dvCD5@?^O1Qlh9^)VH`+Uuc_Pv;
zs}ecs@Qtb1rFy1v0+hM<Du4bZoEyI7oawk_lIt$woC^qwG==2(tWBk{S^13Qoi`>K
zs#H|o&vD9K;3<XVf9-<gg6^=8)pG;K`xc;U2rys<??YF@1%C@aK)WP;%2vQA%WS73
zg0cPxz!n=uAqX2LZ^PJ+uDb+JZGx~ind1<?BsoLVe}zabzh+W<;O3p~bLo{Q12=!_
zId}cM6oG$bXXQ7(EzZGprR}4jL_{gkE2cz}Z;LBM@mL5{MP#EraE}4L>TehK^J{u2
z-}F?zIf&m>eM$Kv0ytu)7+731wi~*xVq0WY{CP;eN7wPg0_Db-m>xG7L8|~3os^3^
z)q;47Ak>%6re4;U&ZpWibx-Nky3$!(y$9z9+%Br~P}NMJvk1_BwqIIG{8?X`O_xOW
zBZmr$by7hQZVr{2{DM)OR3!M}VQId5!7R?1R#!TO3qOxc6PP|#@GqE;QAqNH>C~ow
z(lkqG(dFn-npkMg3klPANkgwmS0Eyp7O0x0PFDcMRMzkeyx7GfaqFc8=;#1QB(D;a
zH|V?s`Nnw|kB4Ir5`GOQXV#Za!_v@kLqV{*bc#M)h|EU!f*fh!Kem&HQ$M((Tz%6(
zn_V6Gi=6e&yBBMH4KPr;=%<iaHI?;q+|~MiYC=4&lh}U>p^f@<hyL|e`$u7eOQ&|#
zLDQYlfI}MmD(wDw(}vHRu_#@sKQbj-@R#Q5H%a@!gP48P%c)M>F8%!-xFMMn-H;pz
z4@G)7H2TmSvorb@ikY5L|3T@T{A$db*V*aqgh3SX5nB-Jr9XZ4VFdLDe$8^!`!)Gr
zQvELec5hrs{QO+7B&Vr*`ASyAh5<FyA6j|*U1Frq)boc72mG4yDV~-zXO^cW-8DE;
zI=jAf4t^tF>MxxW5K=)-*&9GX2klgxG)GR1l+F>RPnscM#JCy$QlRb=CO{GpAjt?Q
zCx+MYzo_GhD~0KPq`IX68DcvzM1wGWr!*qJBjb0)6u=PwaejzBpGzSn?JSI_BQWlp
z;W(R&slI9$CtuFi&+hjEgm~|L$?Whq3UV92X8IH>zhM&~()pFA<t}F~PMqH*u_Dz_
z#9H*7Yj60^$sE@)KFzFl3<6v_B_Mq5X}xt`ntgi4Qx3z)$N@3rKG5QB&3FFF6a1^E
zWeC4~ej<i(PFn6Tv_!~(aD?{lPIqfM^G4;@fI_~}(=v2kZ(-ey&<Oqq*&E`QPQ=)J
zxg5p}!TB8caR5!_p!L+iY{qAm<ihQ1>^56id*7q3`yQTt-zd9iGZ$4@zT<t(2!X$X
ztAIHVrY&-ASRnYTX8UiMLj%ba9-hehwW=)=aW9yX&-;e6&_B{5?a8Ieli6(yesg;<
zJWW)d-rlC~Rpk(^NBr_e64f!i@_eWua$wh=z0t{M&ncft7h*oUJc_@$v7c1U#Nz9^
zEM6X0{5mZD<b_xY)wgv^q1WN{#&J3dJ$|`Lp<j<CvXsH?Vs={uw=+g-bhESDY==eS
zeLWH`N~om@x{sXyQFvQ@{$Ik|k}ivPinpJfkHy={3*F*v4!qu&ufyB;%T&A#8l@pC
zWt4_2d87_m5$<BhlBaIGN>}^0m#VdoU{ziXxBa5EUx?Q3n%RBLIIO(u&XcQ)?N*#b
zc#L0XqToQ7QzT<8O&3-^1W!S*tXy#(<9Z!o^Tt-_XZUe=qAApNP#q9fYn{zJo?C~v
zvODJOIOXka+&a7s?`@0wJYOjwaO?0k{B3(&fn23P3AYY!!^aSQ#LUJ^2}@FKHX^9b
z5h%$9bo3lS=okdI=Y}i7Wl0Nj$$D48edlO@h}AlV)%s9Ot>NJsVYd(0Q2$T0fwfgt
zIlssmd?QG&31#*r?W{R(cg-oKC`m(1$VJb%H-3Vo8E*AYV3e6`lJl(f6BLZ3TuKO;
zP{6IjJ4(!}k!=D{ZSmiUT&PxM1MkSc*L^#NeOtk;!@Kak=+c^xTEM85EKa@>@634D
zAMY;1yIy!_!aH2yODS-tI4zl^pP8Af(#f+~6l^aH*SP#4>UoRv7$AyEK((QCiWu^2
z$?>$#=Y6*+a$(0=Z3x=mSBD#p-Ai>60%tip|H>xbb1+G#x+(UTPIQL;I-Nn01)qn5
zIH`iZgZcyS+wwzHhm*s8h%VV7zDfuEVMIs$p*kvd#v(C>YWR!SE7W4WW9D5GA!KO;
z9nO+a87epy<^j!AI*nhBI)u5XIN#Nu=Kp4fW^KAZnzXYxZQeE^Fedq`VX9~2t>zSI
z@(sHpQI^Hrl}0+QK)lOb*6tjfPSm6-sxdZa2YsXE3~LXHq*opf&owam190BmPIJjS
z27qzi<1@ARHVtQD1owCH-B{pK?fvU<?~6zAzN-`1yA{!QO2vaZ>OXPcBOV)aJT3R}
zzO_n`GNp*8Wu!CN(=yyeE}NsH9nr&+9n(MAY27#os{stA(jCZ=p}qBT<da+`G2r%d
zcAHyQQZ!1FP%Y%b8f2LOiX7yFs}~#&u{A0?c;7)Nj-7pvy6C)=0X_i%pXus>5YGKR
z5`hvb(f7MUuew_g^G}D0@8O@T@osfhx!+qsA3w;z&SPLde2E_HsSMTvxV7bK;x8{Z
zPQIQsXwVCOV@K#w6EHv-BpU{=EAbxVz114VZeUHH?xk<KKWk(H+$QE~LRcE6LGjVB
zI4HioI27`tf@4wId(mAp{BAp&S5h|)V{rU3299^4E&f(*aqYv-`|iK5vI@oibsAA#
zyLkIr+5d*7O5AORwP-Ez?B!z4f>}43HQbmPOrK@xVH$Cz#!Ut6Hn+Z{=mBR{l%a|Y
z{|ZBSH!$U3n1kG_dsDbRZ59giw4E|8&C%`rl*i^6E4L2s!e`pz<|lq-y5f9`4*rr8
z&>U`|SzoJS5Uaw%g<CHWK);&QZId^!^0#yA@Gfj@@6hC)3%Vu^*yN@QF-;C*Rouv}
z!@F=<EI?-VwwMdA>sYsVPFMG<K%wwFcp~S>SKy@hNfXSSz42}<-lgMR5brq6`8R6-
zn@8VhV)N)9;7aGWl{{a*W(=2AHQ!%4L!@blt=CJZ_<~LhMvRNW%Ormj6GpzEORn%W
zyLzd+1Ja}L1|zf|hYGYg4!*>BPe0G4p<zHVU`4G~YBgQPQ^tHqXy~|U4nmqK=pjYt
z`)q&dY+$?`PpBQVOtT{}9VYJC=qNsN!2nwK7G44C-m5y!A8SvrE)|dFz2lQu7{J+y
zY!Xot;OXXDZLTjKJ#P@d2D;=3aDpKmIpCi(CtywWZQ<=9Ph*QGXp~b{`Ag?uK-GAq
zVd1-ESTNFD8kFC@sB-Yhz<A}r)R}S+wI>{RhzFTIaJkh}Z04MYnA^Oj5QK{X>+#cn
zcvvLX{)+f{{y36np*fp#j=2bJM-J?awuDHN;vb;lkJO8^o|ZxU^5-d=Q_?brp()Zx
zD3h}~V6zh}z7>PT|Gp>|pSt1)VX-s)>f-nu(HTDbb%Iafn8I&Y@jkREY%J!Y3$Z&h
zQ1;e?ust@2gsly3_YBhJr1u7CGsMe-lo^6aUc05<<$}4OB2eD>!pyE7ZyC}?;_kHx
zDDI|N{pC#D-DHyQCjI9-vTDF+c#%XgQl9r7rvwRjQbsI|j=b<^B;d*w5tdp^BCPyY
zZXMo*=jfLW<s`@ce1U>Ev&G(5(A)5{7u2<uqRsrY2jM`Oe^R17mUCE-b=r)7w%M#8
zK(V*5*|5vr`z|oD3P{#K@_MLpT|ao_cbap=qo{W(9excTcF*oN^zV$_<vEDOdu46Z
zOuI-mXD{zmBKq+V6U(!M#XZLpDi^QEt(bx>(%XO{cFyPAQ4*f|Bv(3musN>W!mY!*
z@WFPX{NHUz`Aj|Kd&H6H3pETUo$rR$!VUCf+}W7}@IcTXb`Jq&J|&2C1wkogTBfpc
za~##J++OO-W}NGevKePIT;t^XE&gAlYR0d*X$mC~^X+zC;yGt<jdHgRapg$^j$*D)
zImg{P+66=Typ(ZNRh+MKW_VggyZS-{@@IF_x!)6E;5OXxxU;rCF@?061+dZ>ld<;-
zZUA0Dp}##v5dQ$?O_(P@wuq&sfHfkP_7*2)Q+l&I+5R@|ub)@#(EygyhJnO$=8X}z
z*f((3vn>@^4{fg+g8m>Fe>%)y5<D$A^HShdU8Pi?i1|M#{54H$0V_zl<f;N1|6z4~
zaMshBT=^Y*<~+haaKHBywfmfQk`J18ZjB!7L-^bq)k2!tJd_i1FP@UlKU<r#&3)eB
z;_YI))F|Q5Ou<zo?ZsVmel5cJHB~In!F?wO;10vlUv>o^Ju5{?m+vpl7E6mr=#HyT
zWI<m_jeem;-CMx?Og@TatqeA|F{-B0`NGt2CB6@o=HuD1eB5xNLv*;%RxH)_KpCA5
z%y9%}n2qw_IQa<z;xH}bC(ZJ1;eAdNyNO(9uq+znu$<t1x1jwNBv%dwr|%cre=1N;
z1xjZ_7flXvK~%cA-&5ECXR8L@i_SdA3w^~c!g`e#1pbw+{L+6U;-2#{g@DdJ#p$jr
zB=((05Im%T^&P`S<iLr3oyh^155>}KSYDOELdI987~yL{XrfX6Jc86>P*BHv_hH=a
zmIU7WyChDrKK!Je<oQ5;`ETLb#?jhrlPVoc#u2(1ZBLhzXuS?@cU-Os+_x{+85M6=
zEU*rsPp1nGhXnwvfKsvZ-PFS>zen7y193e(X_m3U`E7Vydxv<ift$~I&Lvk~jch+M
z>@sxNU(o9h4XiZpk>E{nnzI+G6fNnlt0JYdL2Bf}`0S{Y^@=^O(}jNaYlgb7xF2A+
zDeC)!3^$7Yqv#WdHG56}j`kWQq=hZcJ`+yC%mJ-AyqCvmrX2dG(w#JN-h1RiBoeRR
zqTX(oKK?eUw}*ol)cC-tI>m|}-<1i($$DPpz4w925S|2oq$i=G@M5-Ly6*;@M+Qgt
z2nVSd@9Ik=f*a<XKVFDG7WoLN0EeahNieP43qR`16g{krL+-3AE9chXP58f<rqVVJ
z+v(vi!|6(_Fv;m_l?uyfvicPTi9W%O^om%k7oVs?$dtrIrM@@`MSj7t@Ir&K31@#_
z9m+FT0T=aGxTuhE(bcj1^5gjFiGC{MhEc7EmS=4C#t&h$U6=f4?1P=~o7|@>dth<S
zyh~u9!KC&fzjVK5|6?q35pkAtNw?yRVn^$<Vs|CQ`)Pz+oS>8BncCwg5(pL>$Re9q
zWwQCF&#{Tqd!r~<R<dk%zQ<Xhn5Q<nTQ8k!hDW2E4|!VhdEZBhtoqx5Xil)O`ta8W
z*x0ddKt-YW9%paGw3lJtpR}>~Qhxd0m68uBC811{QbwXOmsK`~tCd2+0o9&o-H<|(
zYaVHg`S9GcASc0f9l7iHIm`i@Ki1$H<}d9%wzSAKFe-38HSJ7)9p85t+tWbJ6(>hh
zbmV@_G&}DOtoXA=>J%PuleVE!AlBK$Yc4{)d$YQxUbuwx$d+Nwex8=WuF=>?C2M2@
zo+p<n)yFjD37R^j>Cidr20Y#_d%VHNraDjqr%42~gUjc0EF3^!%qx9{smJ#nX5)G?
ziI7ew{h=a}bFggig2ZB0*u-WVEz9T&X><nDH;?Scwh*=9-t5Tr`<5Rds6Ia*FQ~?!
zWlFG7D&#<@TyvHxd*p{yh8w}Lm6f)sl^uzsap6LeS+xvuR}Thx=Kidx!DgEBu;pu}
zJ~zQNMqissalt9E%B{FAbHKo0xy9`PTBy-Ueqbe#75PL*oB0|7&}P2QfM%2%1%Hao
zUjm~o1qWN1FSux+HmpE5pwR|(qzJy<uFJ!}=X9#wW%wFHHxOU@uX6Yw#N<cLh4%W8
zd&2@2ZOAU3h|B+xiVZm|M_fHHwN!=WgiDsoDtud9nf^H~w!j1+YDtTnzCpp=oEBg6
z;!i0doP)(uD3M-kPvg`^{O|zBi6E~Q#0QO-$I0s<fDHaA&@TfCk=={#)8L+vrgh7J
zqR{not9#Lu6RuHcSo_;oz&h~rJ>K^~0`tcFjq+$C(}3{NGI)eI<S?UV#JUmxhOLP@
z<P1o|B)1@EU$Ocho?Q`GG|kGdnJ|TEw0-sXm_XBlwR!>?L;}JYPitaj9xe&Yo|ZJ;
zNAaipljCQdOw}LQKVc4~|CnQ+J{e~mt2lWEJVYJl6@VJOSFCjt$UgFt-M@&Ym|^zm
zPbpJOe;D)j#JS3te>gLpv(_)`Fvr;IC(s;Yt)IXq86EtKG=1irW*@mxonP!Cc8|l}
zkxl~@(EI`*;RHj^F{T$H_2kJ&L<|an%-%h8>2=Edi)OnQn#XX?EVx|DxzgF%@?${o
zOn`5U0VoVC4lT`xe$TLq1it3qg;+<;=w8y3(|PaBO5FLHeHgTgRjt&ySgVtA%Ag;m
zv;daz2!rsRrX<Apk750^@EZl|fZ8ey7bM+}RUbm0N#}jLu@rF#zH-2;a6g0UKbe_^
zhGYY?zu&m=Hjddp&ZX(>AI&Dx!KcFQK6Wd>ZP28dgkCji`udY5b<@E4NY2a$W}~M|
z`F)z{!<dQ`%P^Dn4x|&T{<*WQ{@ddXM3<$K34U228R(l*C_A)jDhSId41+-=*yivF
z<>#Yc0DXZ18gn`O5X0#iEE6p|^%LeZW?H7sDhwH%5u>XuG?$38%>oV?8ZAO#<Rxin
zza?AlfPQc<_t*9>JE@FF0&1C(PvRouOaA|IeDzHK9~xgV`7)}H(?FYU^KpVfiYQ}%
zXT!^gIV|U<bUU~hhE0^OR)=5EopS)kINByBD5Gs$f{H`AFWFZ*pt^J1z7~huS1yX%
ze;9utZsX>o|15qPE(wVR$sMK1$RpkJCmF>1@ym-)Ihda05e$1HjSBvH{ZQQfH4b;L
zT@-h7Q-2`tR{ab38rcQD`sndRLeez@*|J~{ipUdEYa&xnxbW2%n9%IECr+~P-XwU{
zLAtz|0!rG^^X#L8pMs=qI!_zZ;YrHGop}sJ763gC<O`YxA3rjP+~_x*O2gA0SHhzm
z@0;n-TkO##@aWmS?9uP(k?RsBucjm_o69oW!JG{(S!`y(nGSzTc;6m!L;waz1og|)
zV&Hw748$RYoRXg0kGdQBtWah?Qu>Ccr*q8m3k2&W_^)GnFloSVX5cq>p=~>nmPm=p
z3TcF<ckD1|%1vT?<RoWq_?SVbqpVfR8e<|#ZPg|x%zPHkV!N>mMxoC8OVkz1U>>lE
zLW}$WJfA*_rU+C4LEQ>eM#MQSVI*xwl^AtJ-zR5)DnD(8C4Yza?0CRO@GksI_+w>D
zd>bEvCUKGf=oy?SXwk~T7w@o(pGq%$pT;6*A9aYW;R-0TUeO$<v_OL^do?Rsw;*nl
z9;U*dhuhA?Y+Bq#99sSmw+`>ZU$?|<S}e|_a7@SnBcO(YV@S9h+A!7W54qBtQW_yN
z#_u|d*11z-ov%iWWCjgw36UP-Lj56ICu}^O#>qjne~iH54@8U4>IA*<l=NQ9jQzn8
z-L=K9<kfIf(oN7_nCp;{>u+spfl*lCcbK9qx=L9O$~fbf62;9**qz16*>YdGx7<rM
z$vx!^IbAl&DRPpWAV+rxvXtVN?$-Hpxfc%w$e-aj%@V(O80VaT!Bk;9qzQqlY)LSr
zb9JR=LtW`Gv=(GDYeBX$7D`pb-xU*Vt~6V|+TpLF9O7Grz%8(foNKg?oojMlC9vR>
zZ>3-g<q1Zk{1>%~QFWz5xkzb_YCJ~~vcAtp5xE-hI%_!Mbzl^)S9Bzbydf5q4@6W{
zesdB~c}GMsfOhcb7br7pGt9~hhH}{N1=-S+!)ct_Q5C`z&58f>tGZ>W&)A0BY-pB!
zqRY=9_<6S_-!+(DV>OVs%6wO@;0YxN8<h#cWL=A6MIJ0{{Oxb(-=)^I=^QQe)iOEO
zwK!+MR8&^5#S!Rp&@hZ!+d*Hp@oRn-sqpP{&Yi?>=zmFBL9^X+KHthe2jh8v1#fG$
zTK1L)`p>Q4Z`xtwC-24Tpmc-Pb3V~k4gf|#cwb*8s^=kL&KwUFnP6_Q>|K;=x3pFb
zafl6e{>@se__^H>s<3=s$@6P4pr<$J+G)3(oNFx5qLQYsHryF=9&L)?zflkmOV8Hf
z1{|I?F_IVIeJ+ZFE+(0$)^>V+#IEGO8mI`H{nE`)#VISFm5OUrBflnHY+$ZHuAc~j
z@dh$}@M|U-Jgw*h);in;Qf7RD`Z$4KvxQoo=}N?w^Y+^PJ%zDW$z^np9mzizRI)Ld
z)Jz0BwGW&-<egplPn^bJg)o1N7W^)Wrk=6r_zyEl;v7jBJEv*xM1=j&1t!U$WUgEk
zYfpBF$ED5mJ`uMjZPmp_nu!F-A)XPIw6baB!z3d16R^aN+~v$J!<df9D&cKOdi@rP
zxDqN5jz6My8n`dPCN`N{(0Tr2niKo{HgY9b#;+;t%daU*R9y<up>=bjHF!ADmQV<|
z|IUgNtwDR;!yehBzIBL)C~?s&$sXD47(1(JUMkFDzTl!BN@rTm>pD}Yc1G=q7o#hO
z$0jg;7)QWmP!Pk}t}k+Bx}Qh@)!+;>$;Y<CFW-)*m9Z^;Wi5JtZ9#vZzyv(|;0R;}
z+ppyK<+*fzGV`SiS4J1Tz|HRV+xTaLp~ghGbI~z8-WEdDx{l`OibPLCq9ah88<$^|
zUz0^PnV0d{d3)$^5{!=Gbi-L-e}|>DvQcbZa)1NfX-O-$7bouRsJggsyvy~d)xFr@
zay<x$yeUEOZE>Q(;-`sFne%qIo0o*r$N_{XPp$y1Xgt)Lkrp~&glq5g(7`0bR=6wd
zY1jj8mcl!u;iR~A$w6xC9QP%9frpNy8+I(I=gco(0GXU37&hC*6Bz9r09pPx0^Aa6
zOd1NmI0Q4u!y4kqje(4nfnwv5dbhigvwnak;;=}HRas&{0HzO;^F0WXfUwciI&@xt
zVZF|ierr_*a>@i?Afv`6(eJXAk1mh<Na3HP2?>S9i}KIf)^7Qy`GThHIK)}f_`0NA
zE_~oZJh#NxdT(s46cf(MZ>aMGzxK4;3bR8X^ZYp-&y>7#WB5Euqz_Q&Dybmu1@xvO
zdY{8|p)Es$sSKyZ%K@Q5EKFIv$08L>+`K!G0x3WNE>&y|9Y_LR0i1~EmK;=wk+vhP
zK2ZE?q=vi6`T??~^s{r6z%PTHj?Ftx@E?^1!>F=Hb~wbg@b?%5vIQj@`l{^g&#b*H
zR46m<Vock>n86&{ejVm)>Avd{IXP7FP7ir_$vdg?l_l>O<v}Iy+$Hxfd1sj1ujHM<
za<7tiGUUvXcR;l$c_&RyEO{rhdxU1SXb3H-9ubvUhcrq#&Ud5~ybl+4`ut3||M?EC
z7i|9arwX3=66b_fRy!<*itlmuXFCORdl&4Zy?B^_qj#i8k%}+Whj7xCUQI~XDRk%n
z0wZ#|5ZO|&JMKK`nnDvLer()tbq6<E-7S|{`KN=nz~r4)U~sq(mAKpQ;h(Lw8MoPt
zwdfoGl&UlcmR*8)%C%9`7BOX^%>UD%J-C&b&X)}CUVR*?sWhf=8mD%t3;zNXP5xv&
z_W6;W<<7w%eEyqELS9G+wI&i&fQ+iy0;%!14GP+c0PDL@OCo4#LSCK2(#|i<M5B|X
z1tZn-<xN7MI7P602Dj$~L!H2nKj(m%E^nI<Iu8;oLIHYVAd;jlZbP`FA(t2_0qwWs
z*o`r1#q(%y%5{iGkXv4X8P4JVC5(RAk$0LZ62Effweia^oXx~Q|2D=B$ArAE?1A!#
z2Jb*&P>ln0elaX~&h_J$E+nO>24VLcz90lJb1r;nkc2=6-3o><vj5rr4#Nq-Q*SCO
z2-?{(V7n)jJ=4xVj6pJjHqzI|^Cm}q6a4L6U&?1WHgoXz*3G8V<N3w5`X;<2)!RM6
zB!{KW^|4?%<unWRHB1Yx$)@-v1(?N1%mV$+h{<>ymayyS#6VJ;3YFi1>WkIr$U7s1
z+5mmW7F{nyHrqX$TkN4DiT1Pm_53#}P&gVF?Qidc!4>%kO9`Gf!#p(~DjkSEEPaZ?
z0HX?eYFk`#_<BsSDV}f+tzg>&`h4HCGdz^a*BhZ>*LMVxLwwALi@dy3ymu;E+C4Qu
z{T9kWd=5`)@=O1V1j$Z}OJfgYq+k#2mK{}>*aL;B7}AgxcUYR|Jt%~ZCPs;34<wz1
zFPaM?cEyzrmJEpaAR#{1-fPNehd;Nrn?SY8h`^s)Bc{_<z<WFXwY8gohDm~@-Sr8g
ze`pN)OS-^60I**}d>lRqf6tv`_^YrSM|{LCF?nxM0xi<_TtSQRoiXvMKcwyaZ|#8*
zU*bXkY=?M0MxQ%@-2M(uHlEFZ?`^Dpqr(p)p|QdOn$32C<CG)sC_{Rq19)3S`cqM)
zPYh(_GNgY<NKax&$KrO&nacY+ApLuF2sjMkE^rU1cC;bZZ*3!lUqFOkAcWi6ICjx6
zz8f(<M2B(ohwXsxlgRHQS{T0lKLeb90bJ#rjh%yT?ZtU>gdpz1SU%8;o-7*X8Q#Ou
zz|UwE3?YFc+??c>eaEpp*wLkC{Qi5EAl?QTGB5xD#g@-qfRC@7cPjA`g!($%$-)>R
zIjijcGLCJKMR0>`Ga&OT*HL*iXkXo|?J%Fp)8C}2RmpX1?(i4kqB&VQayFGy2GJlv
ze87lr^8x>xfZa@SoAAVnz=iQl=KL)DTeJhj&`=1>KEvV20RaNzK4|J{1a&rkKzy|{
z@malFIvqWGFaW9d6V#et>R^!&lsTuL^x{ESMqB9TxZiUFIqAV0wngNtaJ%&8^Ql0Z
z6X?S>q4vXwbaT29jStcr@LcYJCHUWb7}0`fKh4w->B$h=ZS8eFRWZcD_(;YIOz9LZ
zUz$Y~pOu=<rDCFBS05@iF;Ezxm7esxxIH3g(>!vRJy|AV0D>dZ-OZ_-v?YzfF$fz#
z`-jrtlIIbcdg(E^M&nuF{HR;+8*r(A{IYJB`d?0A^RfE?t@Vw%2u7=>U{G(CQUe`A
zVL|a+@MrpXtLp3U(+T8H4qAWVEig{66Flw4g`<V_Zsi}8#QDV6&ozL8UtwZ5PaSYU
zd+Oq_oJMM0Emj92I8P9_3VAg!`SpwQPjTPK&F>*Z>V?Qw7pzU|F|Jr1RMNupD=)#I
zD_L>l36?UJ9lYmjS_1SVKMn8h$0WPB#h%w{_p~Nd_6m%@p?JW&9^|Y6i<;oVtuUi{
zS`+!D7%d-GoaF}4lQ!}ze~;$a#R+itEZ&`KwDQl^z^j+7{4=$II|gpR)rR|gMx|Jm
z^M%XnK6fly;OScNWA``h?(@fa@BM&$D8c*gh8t>$V&1tICqmU0s=5ij48fPHpz0c1
z;0}HRMOJa22dHxC^Ig1eAl$gmeb4)nX;s#;l3$jAi%(2Dq{c5+`_KKT{&TVY=d}KF
z|Iz+C%dzi^t=;!KU+woW)^Ar9>oaD#mXj4n-gti|G!@|D_BO_p$gbyzHAmRj>R1z=
zlD_2dCEyX2nmGOxEL*G0=<bqN2TXajjvucleykB9+mRn@sLURm;E*fZfh(^xko%-%
zEAJUWQ)^JapYJf#(5s%f;b5ra*IdsQI3?c5W8c`tt@ga#cF(zl%D%Qh`3=zB0rN7f
z<bLda90(PHcYv5r7@JN6GPMG6HX{c;j%0cdkF&WWNT*tO_cD^{k%3n7oGx*<WmLMY
zIs14YX2XSI$FyQVthN&Op>`+(<eG{bGg$5>A{VqsyW{T1kzJ><CYl(fTUQY)+{0Vx
z>==>lQkB{!)(r6L5aQQXpxp%&*m$A~WBf5J;Tb%{673hN_&Lt~8~Ayfi^0#UoQj_p
zxc@8oaZW(oEH3FDFN0LPWGi@a@eC(M<mW`_tzc-n^XIYg<aFz!CEwu+6IMo)^2do=
zIBgW*r#y|%N_B`V+lkdZKNU2-Un`4d-#+KPR`(NJy6YZ6Yz0*g1ZZ7ZwgHxkPCG2{
z$_irR2ab0yyxNfCO2_1Jpb0g}W|+6G7T{OjNqU#=`~Y;EtI=L0o)XUP77R6VCe#Qd
zY!)!vcbK-9-1FyfuFKFm)W>ZZf(C28><b597M6QJK{<tT^gvHuG&hol^fxn_#Ou7~
zCb*>I1|xG?w3(+7CbB3KikC{qBo(P+DM8XJe8(K(+mzh}R5jZ0DcB;7`%^NiWW#}{
zTt+RsiXU^Wh+hkN+xew4jDS<aN2t77_Q1+;54sS|!njv+1Ve*h*eUo|D6O)zGVt*<
zgkUPjQm0v7gta0Au4DOLUSzpvV4bU!aor`1_0mJvPux#rbI$8x^*_+({1u?}H8`&j
z{EsyXV;_@Ty+Ijl6hwFo`q{Tq`Ek%lJ{4fmxMUOZfKDBQ^|&~~ERWRuGh?9fD<Je#
zLEycQkr~nfUG&c|&q08A?^&hn6o-F~fEyq%9|K0tRNag;@{ce#*BW>)`Z|YK7-G*q
zl@%O=6^er&A0}1muypzLha(j63rF3|Ri1@_bKcjETZPlGX%W;+k+vwQz4=qD{F;IG
z$adcQJ#u%X9$nK6n5btJt6t8I*^h^nrsWvFJP7xtMg2#(j$=|7EIKhzoXgx;rC%p(
zi}-@DzD1qZ?rDo)A8=ok4cVCb#E-CZJ`@?iLcI5{aC1|jctk<4LOecmmDOFGl;g@1
zB0+%BbrPA}?=lKwUC@CSiQ9M|?ncRjl>K_crV8<hUECaB%rys=QqssWj>rw;R(3i3
zv+?*s8SWQ4FoJ-M^@;bQ{>pkf_qaj=1fR%oJN7_>AAp4RsEXM3oU2GSOaL`Hg&52e
z%0Z5@=Y6%7I?k7FMq-#inQtLt@M|!c+1qA{<0Zatei^RSUi0f5+wjj(*ejRVHsCPl
z^H~N=oAf;KyTe>kZ8HP+M4SsyVHQ}bV;F<$UQXsF;aseY!CZ9==3oj#9D{$skP3z!
zj=XcaF_@3x28*I&P;JHtU*?j15I7q(Ym@Wp@K99u$R8f+*Z3ck7{QvRDW){<!yzP$
z#cdSdG2*eH5V)xk`DiskMnfH!c@>r>XOE%i)x~@NL1#e9q1a6l4%WedP-*5W_hTl`
z)mQLXI6%D!uL3v2>kuptUEdb$W8Ck({{kCxQxVVe9sYdad!s7A7@nkOUW&z1R8px}
zdMU9JEX_hJsgepM4vHt}D(_8$M#H`0{r$@dwm^T8%s6J`!7=zE*J+d&Js5ht7zPEo
z6ac=}T;%ZI58b~<DigO`-G>c!%a_iQGH<hMtl%$|1plNaP|K5?h444URqoH)a8H%<
z7X_#IckM|_PF6ZOE^U`9KaBZF_3(I`otMjlmssw(@8KD|cLNu<A4p^J7r3P{_MRqZ
zABQ;HA>LxNRae16uw2RxPoPcWuN--YgtaZqz_wVhZ05bq<i_VU@5Fwgooel0|HA$W
z{F@TmpirKAb^<H+&K1_(#{MM(`USpxmtc?p!@FSq!mMJLVAVO<0e3;-{iILX7$`20
zF0`kTE1sXdlZT^;jIzr~6$Z&32?7h`8XSIxZ{E8C^`G~M5U?aodWb4ANEPCU`U>&Z
zdSh9&v)<$o+Yq^<;pz|@<Lm_j@L7e4H^H1(#`dl~o3jPWUe~v<)<n;uBT_#pm7}M~
z?+$S>OeK#<$lnbN{1RBi!%C{W2?dM8&yX}JkdzD5xG7*uPH^zHpw-=MC=*Y{!T%ww
z@hf0*fK@S$VC0w*Jksx<W>iK!NZ^Cg<`;>Zi#r?h?ZC~IH`)y!I`R(2j`tbbc*g-t
z;~aZn7xz|(VPfhTc+BKM@;4ZF_eeZwIA$DP#H|jowIC?{ZdfKf8}}=CCb>spHnB0^
zAGuP=F?JOIA#H5i8o{AQ;w11kjdN*PA@gaW#AEnI@@8S;F;+}E`&F8fg)Fl#J|6eY
z2x_`!gwpg$XnHVfx`DlVP5&yDz4|+QwSv78#LwZ?cUNYrk>k7yOwq-BI&1X#J_fYj
zW%uZIRsS(A>IX`H-KE0%i#}@Zw4cJAJWL)+ZWaUOB>8d{0}-f?lTyRA%=u~cYK#Yf
zFW})nm4`2^&eD%pC3&td;xaBdjFQor4vQ(4qqY`0x9l*(wvn)1fpu+@CS3rWi$_4^
zvPSl>@GhV!3^HL}*(1_#zD!emo8Iiro-Eg%{I0h_xqAlgKp(zE5U*oOuMz%d)s^R(
zh5GV58XEQG`O3A3q*)+&@b{RNuDk>u35o2{tVxLd@+t6WDl2u*G(N9<+RXa$InY8@
z`FuWWIjKrn%b#bL*V%<74orT0!7k{`a#9KFmy;t0-3Ig1U&QeU!*h8P`=W(i(0>;$
z*<_MP{)_W^&Kq=Q!R_;Kn~7G#nPMXD@{D^59!QtAP+;Nx@S7VBe7q&&5{jYvT=Fb<
z4NvhReFLTB_g2N>gU^K-ozK11oWtkd1v7N+408#ebyF^%_0u9g>mGs6x_>J4d=`TI
zgL_>4_z&)Jwn5)x?7w^QFF0qyowd;2)m7B<UU2*SDy`?`)3EEw&%hI0CW!S?_E|D~
z0S-Qe-d@N99Bl5P;$TJ<;Q%kvepXQaZ@qs^3_hxV3aY|Q`8t;1Pjz64+w8F{QCI#8
z?q5dI^vC`^ws@veL(Y=Qc;w8j)R1%jj2=1ra{)Q8r>n>*uO#H)MXG65k<;aQ-l;58
zs^EVYbv?Uy#xeX&?3_K+mMnPc8gZi(kDrjAwW8lfKH|ND4T^3hkS6b01e1~X9`ZYQ
zxRG{f4n}Uzb}uwf0SJyex4~Tz=eh-56SFZHWlo(9U*X&l<64MTCftB85(1e$zAVz^
z;f(YKm1-}pIOAO90%Lj~ypnSSl7Dhg5j^WK==S<6P}YBS7G-^(Vd|?5_)1#WSCJ`{
zLHi47T@U=-XAqR4n8t|Z=hQON<t7roFC=%r%UKpt5AR&{VHy`kpAgo`z?iB71mIH#
zQ~-M+fR`hH#SFk@2Vwxsjsq|o01Q8j+rIzI+eRkfxl2EcFz^=g28`xH_j7myr=1wO
zrGS~M_x+_4`JLNAe&;IkyRMOel1=g(gg1zA$=|${x!|MP&nr;%I-C~GqiT|FNjE5N
zep~h^FQolF)o1T$&$cPgvZWB*>GIFcgB9uGsRfY=OM40bOg&)ib%bRD9jY)GxOGDi
zHyD%zN>m#0yrhs<I!g(18t-pa!je?tHjQ}7E)w{-JXFq#y)$`7M4(#({6lr)Qe?cG
zYT6c|vr$QA;$-YA>C6&t9|9-ma?ab4lk)|?=VdlwgMRfM-TF(KU?4iv1+jfS3YW-E
zVtwaOD7!XVc5UZnfea<8w^qIMw40gxpLA=R5V_LNNA94A#mR4Eanbzgs(q+I(RrsD
zn7LvOT>%4co2SrW*1wrKIw4s;3m4e9#BliEHBqTzPy{!kEUK`aMV%L&HF>X_qj2Q3
zV^hCbJ+)PW4ozylJas?n2&@`Bn~e@jo9n1t1bTayqXk!USpDK1pb<#t8qn>6J&`{^
zpE`%QI$H;>)%`>w9$cr^;H`f(as>H=)zfg@hL457S`@DizjArGg_P`Lf)X>JKFFYV
znoDBNSK-d}rtAvKapxVS?&8th{9||kMhIA887Da#D||s$rvK&^TVP_uCfcDVs{8QG
zExz50LD7GoG-ISxKK29~P#g2Jck*uwcH3DtYyN3WgZfgng_D+268g_IqTq6n9IpGD
z(KZDOiYcT)Nm7f9?(Hrb&c#=<sNQ*sDXgAZ%or(NWHne`G*=V#n)@=834v;p!V)i&
zl&+>#5&R6YpH0fo*U6bXm`iz*$w-TLIPKXts>>(#j3c9MGyVYWo?WuptNBRCVue4V
zrEv{0%YYcK(;x+%7a<k$_6nhvWV@w~_uSGKdAP|QI-EQ)kZ}z{#qjH;uPH)5>g>&|
zRs-+bisKSAbsWvk9AqW>z>gHPHadGE2GAVI`(7r_7-6pPe}MR?@W09!{(|%F3b9Q&
zZ&4Pbg3}&rh2@azusj;3foCI@?sV|oM1E;lT^c9XQA^?n*aZ3RIPd`am`Cq6bJCu%
z=uloZ$DmR_ir$HS+cnujA{(6ovZ836744J(`UDH}S78}humzEWNGLd_B3HI`INx1t
zCTr+HDQgfqnrznB<+mFZ#~M5T<_^K~5%2jqd3$Fl3)8T}Z*Bl-*I;xnY%p=o)v(5d
zVVA(t11R%9a+u$ZDo+I{`FKhKUzXrY0mlGiGAB;<&(azvveN<UIwK71B;e9FXf#LI
zwhj4CqEl__6TEi~o)T(Z!26crn+P$PiG0QuVnS;dXZJ)5PTnS-L`O8V(p2>0=ppaB
zf&z49yK8qAMBL}oOZcbj*Y)L?xh0VN!WUO^Qd3JL5=FfGd>X&}+bjhHf!_cN>)IU(
z{%|<5W2`Gkx>kry(xYY;3JexV=s+QiWu{*%|LkT5d}Vbnp2Il{>>i97KNQ9a@t490
zxG=SjAIM1`T4+R6jGZ^D@*8Vi`5ewxJ=>gP_m^j5TO`2)g`Z>3OVA1@5M5v{m?90@
ziylbKaPAoUH<AO<?(p8;8Gr#3d}k#~0h;*iVwp)zArP>#1Hi!G*{c0LDvV$RSa$H<
z%Q87GJg%4Syrlby6u>jd9>f!j(IV_lD3X9_*`NB1y4Oyd|Aso;xD8B6wAY97$Gu4Y
zu{M6q__osKBm*$<O16zPzFqn4Q+`L3-wW991m&lfm|%zCsYw!m#Eah+#2rH3S-f{X
z27eQrm*KM76G`NKQ%R}rYi&--GCH$_NS*qF_c6WZR2UPB&0NL2>X67Vf>7j1M+ZQc
zKe-TzP==6W1^dbhc87<M7g(Lrk!ZuN<!Z%HCGW#sSF&)$Gb>8EMny&=qS0Ps!dNLP
z;~wly5B2n$$}0lEkCZBH68w+l<9+~WdsQq1YK{;nl~6KLmHyI}7^k0Xo}7LToU@>j
z`dX9T>E~(_OADVJZ7_VSCwWb^$ydPNb~#&!Y?Uw3p$>Y8Ie&1Yo{Ttq_@y^rf<j^^
z?nW6a#Dn&{Qx%p^D){lAu+#eDS%oha-7lW<9844pHNX+^{{B{#-p?w(89z85!+XXn
z&Pu$$!0u-Yp3nti1Ym-VsNdw(2pAKpr+l5_M*zQ^!{Kj&v!7k8hnqy#IDXB|5ylUr
zg~*oZuR;1>0$<i3^Y8?8YEP(L22KmL;Yp&rdWWUm!H;ie<izgX6iDh<As(v8+srSW
z)(dU3dvS*f$B)CGV-p+6a_mTJ;k}!(NW?jBK$)0BN3=jnrSi`N(Wq!t)V9@dt+e}l
ztS7_iF8?iw8-7vgG#8vo+v?0I2+D;-v5r$l_?k?lTx}|eW4oumm4Jj6k}G>-b@x3y
zqhJ@m=9VPSDKpfSRIo+v4ds*7^5?1iTLzTRST!KK(r661TS1QgiX$T}@5LCtDDFZu
zmluM3TQo-#7>>ZW%5eiZ=P0`ej}{It*r&|@ioC<DCsHF?*&?;}v3Jj^JYubzFb8Jf
zx!IJhh|eQC;tc5C*gug5!F&IZ#N?L|<W~~Rq_E1U5D(+bksDr}LT3Qy<Mv+>YobvI
zNx2B%YqW|?#2~r+^53Ek62U2<gnzbv-4#^yFw6jte*!bW@l%lqn=al}VnCT3{DyqH
zr;Y?aYX2Psf1@=23O)9*$!W>Z%09=~x78V-9tZp!@&_wyLUCOp!SWJh`+32@ripMq
ziIl&Y-I`weGU+GcAz}FIWC?^-IOwL0FlX!Lb6kH%sN6zWf&c-F>>kYF!+USzIn88=
zo<)IM&H2{ItuV%+5>Sv(=i{6k!W3*;Ygp5kjKXk(;Ax?0ha>U1g%(J>twGf@Xl3LG
z%mL{$OLF*Ufk-N8L4`lB0-b2#CGWjEk!d=pbDWbhk8F+jg7h8lEu}mOvvK(_+f2bd
zrVxGc(B4!&i?g2H#Dw7xQ*<hdB3ke>n8UVo+V<V4PK70!)%N$pNEKvnlzC41%4yd=
z0n!Ay=p^T>PRHJQ&1;qV^40o;K&E$F5r@VHWnja|m}A5}3l|Pzqp}`ZORCRV$MChQ
zNyD50qbd{u;-Lv8R^Gvc;1rN-%-n5fwv(4K^`vW7NOyZS)&Ttp66H3@{jkv-)b&tg
z$oJQ=j?ky1;H!98!|=df>c4SbqkW@pcj*l<`zZ8<VjL&ezz=t%l1XMh?({LyX3<7$
zzBlLs?W<Lt#9WyuBAgH72h(s5c$voA)3Qkg_nyY^WWcZ`(AtS4b%I-xO*=eGa%kYM
zr{|c=jn2P<09SSyrQd&=#uhXlH-2FZ|0$_6PJynIP~d&9qyoR}N~I8JAj^87FsMj7
zPO_kcsVX1~T6TggIH*K1odOV8da7{G$tDhiVKfy7`m!F;4uv1Z#)r=^=SH`l?3PWu
zm+Ofpv<tc|CkOv#quq1CfKtk{6TQQ8^jl8b1it)phoMp6$A2#P_ObMHLLliYM%>~O
z>A7!dn<;#YL2du_wH$LVAO8AkO;~IuVG*PMqrCW%V>`NR3-v|X*|mF~K+b!zhcbrH
zHAGR*t&!WZu`c&QGsyA}n0`MWb&swGrE?@JHYM9Z4iXra(#eAKOvQ9zC6OuFR3E5$
zOm@#=?g=scCt+L(KaOZz58MR>rAZ&9a^at(M9CZ_ZXHP7@b}3|Z3<U<X(TA3q-%J2
zUps#NiwxR{n-oZz!RInnIjJ6|ntGUO+K~sd1<S4GT&J0SqQ|RWFxkb)xc_Fwopp>^
z=&6HJJ6+!*<hg9vJojNL67Wv8(Z<%qRIaP_m#|*9J-HQDVpTTXDopVAhE<re!H5nu
zp!Fs7)%?+J$Z?^5Oa74syFo{l6W{`qmo(@SHcRB{G=;Qez3gYsHx=Rud)|IM57+bF
zMH%>UTemx>j(}OWb85GI=-|r_2nGq%qyrNJNryD<{p<jxpQFXdc))OxZs!v>1z}y{
zs58YJ$3^E5@r=VFM}c=<gXagu&tuQGm<()nb2A8v+f2-1d2==<NJG#0Ms$Fp)0T<b
z*q$hEeK#sIAgawsdZ1DrQmIK<)lAXWL9ufPuJY7LBR84Zs&lN>n;eEeu{r(KL?%CJ
zC97nll<cp48(|{PIZ0cNpOThlacXoTC$5u$Vvl68wTQ!ie>SQ*!*R_Fl6y5Nh)1QH
zP>r-4=6&d62%`xFDp|^4D#=mA(tN@HJQ-{vn}o5?BcnN?&qF}n12oVZoS$;SDh?PY
ztfEWa$NEk5THgCBoDamWhzs;|F9f=)$8YSG?LhaFjP57NEH{a|&lKB<fnsvumv-+*
zCfJM$m5~&w8OLCb*|(@SXbX1n6Z9AtzmWd)^;X<Iz>RkW=>#s)@H6SgEvZmn(s1(C
zq%bva5ZvMt?AJuy(HU{cD&p+J=)EutWSyigS_3~f{IC(YjrY7sA7tD~whv}L68s}z
zB-$Ei36Nv;m$mqU^Ldn@v!pp|a6u03S^X6)4pH)LQQzFYh8>rkB_x(ecFSg`P4FFa
zj-w56eodO*K7V}$K>EHx@pRhkIxc6!DpbW5zY>p(hQC7dj}m2oIO?c$4Ns&}rK7Vz
zC$^oy7%R;AG<T$uzsW(IQgg}3$^<5eXM5;Gc9~a`@o43KpIHQHU*nI%^m4Sh#=wH&
zd3R$tI-JBs@~a6Xp`9XRq;)miPz(hXDpy~*yyG-YN=cDHQA%<RaZ1TXjtwf(a7emd
zSD%XPKc916M~eW4TKzXjD$+utTm58z%6vOS`W#zHVN`h4auz=D9U8v+mk6P65(#&S
z&r^qVipYLV5$W?0kXo!VI>hOw=!7%|ow28rgB?-^rSeDNJ6V*4J7lyRj)__h3*liI
zJ+wt1mcqk)dN?ck@c!7XrY5q`DVpB<Z>4eJuR9!o;3B#*&tsY642+MDV&xUl${n#E
ze*Zn&$I6%P#jg&1A768g5)Gn6vSNXMc4+$jGinVvSm5txsNFlM-MAEj6X@aS=)+O5
zRlRsl*Nfe&p|&T_#W(lSSzVd`#xn1n#hB2VU0ShUlb<E?;1tHPwVbo37*bVNbklVJ
zlQnWWBMn(!9VmlWkTITxm{ayD@W&LpWxwVjb}~t4haRR{om~Tjz?g-CSy>6g!Wq3P
zd_5@U%^ZWKGxU*uu_?6!2w4A&*bNvw2UHS`Z{;sH=>z6v!xyfja&C9~FYG+f(l^sM
z`6E>c(B{c~wW-=p0*(!|&pRxqT{mha)=>!*E-RRkS`=mpOE%%=lWu2L-5>JQ=D_Dp
zUWw3gLV6rNmnCfrz_-u!7kM?{$gzpGNq@fiN^L2$4isr_{l_4Tq+VY{-FBqqr*J@z
zxr}|WK>r1Xm{|V>e$n_j?XAw#z1=Vpzh2kEQDhw>4sDZG=|7HPrG2LTI)|fE6S$-E
z6cm-KrQ(cj5$U=NawmGVmTi!hFn6Lk)XJE}o1(3tkU&|r9us3pazk3&A~o+=bg?JB
zxK4R3{o^Duc@J!4oX1F>LifUj`891$AP=HnvgZ@&d5uFn0I&W+uf}B7Mj>FJeY%&S
zOi)C4zO*un<Mh5y_(uBeckChk$RuzS*m6!1n*Ui7)8j={?U?IpJLxf+SESbZ_#R&e
zO@z}(B#pT*wzhm$+u+V>>yO|5wL@)T8ESiv#L$?2HCJk@UsmD%&$dz&pb{MUR9$^A
zf6#o|K%xmeK+fMQm|v@?E`rDSHeIPM{+WzlUxw2$oh^_iv?k~l*@(&+vSKTczIZoH
zdnX+`fk;dzB4(uy;H2}Z#5IqE;;D1pXKYWMj1BZ{7O$rcHWE3iHsX3$N0;go_;}n~
zDNz3ltbRTekB86pK>hWAhfJz2c`)`5WTJp`EE8r5e&BbB@|z)ufYNQ(Nd0b4j_dw?
z09p6~qro%5_`cn_hjE@-zC=31$8sKZIOk~8bRj*nM%TkXAEzGfNQNG+OWCGXCOxDt
z<vy;W=k_%^8ax1x!!IZ32H8)K>l&JPoGJPFF~;(jS<0cezv*s&k6-!Nc{bb7U@7^F
z4w%z8s>RyyGW2vGjDH5`LHGn-Yq5<=q&~f%0LvLx8=jzCF$h^W5&yKKdFL15vxbhK
zViXvqCvI%gGmh&P=EXa;fwSrj9hOQNybPQ@AQ-~0pcaIiEaAoY2V>cXG1F+6cG=bM
zdK_acBgCm`-n-8c1}hJCkHPDdIekAu)c(2-gKwdfkQ5Fqk^cCddiOlO*nyDXR&RJS
zr);v2AFcLz<#+14AdT!=TKiIr<}fC>3csN+d#7HOCDPU35jOvEpj&Kyta0!7*Hy{g
zBD2||@$L^J@&wr?Un!gA8}P~YyP2O(iS!AS=_JyXTp;(6FOjokUhBtSWQ|i4loy#)
zOf1S|_7TO(F#7#e>VG56Uy5+YSyeid!F8OYVebBDSyo(pQYAg&lJ8#U6o1Y0=#86$
z>P@Z?*wCa%qa0}oHtq|$dT9Ht&S|*YYjgPTH9Gu{n{XLAAMH#y^W$PahtFc#SB2%m
z+)OKTIAX!<;K{rmur76o3yiA`7^|on6Fuw&MFIg)b9J*?@<@>%bJhDyM4OnDIkSsN
zxctFP!pR>n30H)coN0JsXujq^mXAyE`O@T@lR3qa370f49RgH8E(DY_JAp9`@5Qw6
z47Px_T5S%2+S%TAeQ?eI_CP>BqcF--p$72-#g&UrNUW#CqjbDXN;sXMZ+plgMpUEp
zo43>eX>W$rXFl!O3)-_swP(wfXC~<h?XD^ue_qV<ogjD?=L5pmpyr9LT=jPGL)9g!
zokXYo1J%C@bV77Ck=t0f)oiv-1oZ=-eu{~V$%OF`bAg(P`!M;mHm|T8nfFuNh^94l
zfSt#x@XyT`{3gLa2QV?4d5-l&zv6ux(?DrWVOv7D5EaABznfB$Q;hHE(8RQ)LTqHb
zUSD@RKDV<lX0QGUl-n9Dl-#we)5v>fyC*9?Uj#-R!8Ar45{bDNKMG5_DjGZ#JsXyQ
z?geu=bSMEZ-9_oVZw4vJ@6kNx|0|hdENwc4ole_Vh;90KqB?&mc7FdD=<8QibbEfE
zb!z7;(5Y<>@jbGZ`&nkQu^x7=>n)BQ#tO_Z{~zk!1wM)@X%wF(A(=o(PlU+0A_k3a
zMzWewl#GC8$b@u54}k>)#RnQiSY1UjL&Abda1u;^y`${IecV;o@9wVO?)t6Eu8M$)
zGYQNj0fC@A)Kwk|^w0v~6#_!$R@LdASAzO|_x|tw{rwq|ew|aNPMtbcb?T8Lk>5Y6
zxU4!sl0CQ$>oc)qZ_ImhNENRjV}sjqjBk7zZkO>J(r;>Z73BDOY@VBZJ%!#*K`E;h
zlwVMX6x;w;3auGOhvyB!;q3ALO?!vsuSj@C$>TjgrROUJU$94z*%JnYCZkGCsx?|#
z)qs^U@#mY%o=VA@BlxhSObLzex~x%G$MXRu4y3_K1Cho(wqWt$P}w3=!?LGL-Z!x#
z!6KNZKUmmo={`Sv<3x;Z@xMX-Vlcb;+BnPy;bUfunC<lx|76($_(y6pvs?xIN5NBk
zy{pYE`Zk)Wp>r20r6|JiF7j%5Q+EsJc~eqe>mjDvEBVJ$b0T+qvYuc@;wW71UXWb)
z*?}@(R~OBAhJ==b$dag0e}kMz#v5Le0y&cul-mLBTe<wJO{?PL?^YXzQvjVbZkay*
zcmeqS{eJ~?&Nj?-K=AY6;to85c{?<LjsTxQn-LN{^UZ}eL1BH3;qecMN73<>XQ5tW
zBq2|Q71O%w{#1HC_v1!B_rqT8yQHi5;+4d76*4U@;IB733Sx7vK9Bxw{<0FvN1H{{
zHsmjFk2L9VZ7iLX!MO7&Q7YTksIm}zRAOQZ!Yg{pDG+&Yy=x6_BZn!^)cQej{yp(1
z@NZDx1?4UkJ8$`#WdKa%S3?OyeR$UWAAcjy>R@$APW&F0_Xgxy@?o{{HO8?<)aRN~
z_iNm(X(>9kF3xeu0p0$vm)+uhB(FJk@xKc2E8oL!R_voUnwY9H@W7kblNv;MBr!{B
zH>FG6%{IN4J368mhKY_JWh~H62nXj;2?hy$Xi+@~x3KMRW<d$V8%w@Vd1WbN&4WR*
zGYb~ry+wEr_TpQ&u1VM&^Vk27kc&ya)Pq{m=9uw0$ZJS(_5cV34I~hdU#x%Nb^QU)
zApf$x1M6lKqK9E$usxRq+kb0rGGN!nXI)AL?8l!OyYUx)F?Qo~`;B|sV)qX2H}>UE
zV^9APdm4^CeQ$qizIYa2Lm57E=v3apc^1MpstU@qE)mlzpH(wE({=y*aA013yf(%b
z9XDoDonx8P)Mt+jFr|>H2fCRM+LdZ)q!Wwxas2jfwd;2Xuz)${r$Wnmjn^6M&%$u&
zSkEJitMxK_UfA3R3zXf9LV?1idc__SHWn%!XVO0J8?IzlFT4muAJ&Qf`9CwF|Nin^
zBcBD*I%%bdkPKLRW?Z+6^4Vg){H^OvI&qO#PDuS~Te_YYjjH0I@s5;UEak{C@~>;k
zH!<b_5G=wGm+Axs@^Qt$K8bR@*-S1)FesDi^E<zBId?LL_-kIwG9`UzB*gv8f3Q(H
zm*tvPU1EHBY<#odOdVhLw~z1T#!HXy=%nv3zQ2F;UB)-@cb6Dn`>Skx5B`M4=liNy
zADk~_#u#ICtxs5*X5CjzVlq~K0?P*d<JQ_Y5C!|!-x6PwYYz`FF;Xj@o0Kgfp0D<5
zNvStWj;}p8fS{`lO^|=c9{F{GJ@UxwXpa<?k!au?0)P{%iF^pR_5Cw39|Ps@Yp5?V
zd2WVLg(^zWn?5O@b3TeNFn5#x!U9-$LH;~CEEp=wkH&KGx<C9z48MmM&QbUM7S_f;
zP>)<WZHq1sB=6rwQrS%23c~Y9L0JOi6E^?zbrYVY71x3G$?Xx=E&M@=W<Ij_CE@IT
z!QKMWw_BNHb}LgYs0#!mnWEex29IQm_Kt=F_57NS`IJ&_Uf?9iJ0NN;+5_VJSUTC;
zMj~t_ZKGCnKu#~1&)46})J3y<RL7}_{FB+1`TUcua33_F`Mf7M-^K6VSKjoc=K%>g
zuO*4!opSQ;{!8LMl;jVjQJW=y(cCG@cn}wARPU7nJES=YdW*WTr6cN=F;i+IhUz>0
zu7c=%*Qk9?d7~&tFg)4feFM66QI`X++c*LM-yJ~TBLK|1ROC8DUyB8VQ1VxXHv#C#
zB$Bh99N67D0v$sV!2b|h>4X+Kn%X_rp5ovA7-1Z>S?~{=D=K5Q3%)wl<oQ0#-uzJ=
za;Nt*c)bl?Z^t?{B6ptk6}D)v*#lax=pVLSGf(jkQ;7?6ds0M%g#1f_ZqHB3=QOhO
z8_C7U=d}9Qee*dr)Pu5CL{uB9C<J1yv{Gz?&b5bPI%BdWeDPYQDMp`v+s-<iP8r*u
zN{xCTfrZxt(r*7XEqCoLqECvwAz`uvL=wyaL2QljDz?-^m_s1tu)jEj!WgZbrhw;i
zjQ@I-EuYNT@?oY&y)0RpQC$}}*|I`)mXgIH$C}HE`&i6o;uBb-L*D+A(I)OaET)Wt
zZdzkN4#p;_v!vwUg`u)y5PwU!_!qtj&u;t1X_48ieD7CTrpQky^+i~HPhvqmZ^7@B
z^*oKZ<eieT3>a6`^HASYpG?ZnSZTotlpOmo-X?6tL~utmJ3H^W#C+`*<crWNiq$`T
z0cY#Dwo&JQ1Jxscp@}#5Pmf0ZZ{_O5$$8?BeJ01rTQd0EG$RvwJYP1|k-W~nEjkBo
zn&S1u`85?K{F<pHn6JCB-E*5Dk0`*>7sxxGnB_nj8~`TYyJdx<e@UUbNY0|tBE>k#
zdOz^x6lAURWivnstv~~x{h=h@fT&C=#5qi=GdiizXo{xQXfELS6I`Pj+b>i1vUZbL
zI(-P_Q2W8RFm+J(hWrv(`Wr|AZ%k&C@S6Vn50jB1lJQdr_$dUCBp9Ut6Q<)B#)Fh^
z0lg7@kVL&eJe$rd|BN=lWmdqLRlTDbjV*vuIi8~)+7iFHA-GKm@ssgoH5v+)6(-{A
zKj7Mwnsz=<C$E1~mH#lvi;y&9%QqsajjfqOKL<3ui}r+s^&u%^1?5Rt`>JH?64vdD
zIjXerjiXT)#k_Rm3ow#M@b$n-4GO+aSU5$TBp(riM{bX$U`><w@*@Hll=z89MESJa
zc3KQx7zj%U3)~+Uf`<pH1@C2&eRhETQ!)7EK)}#MP|>fop!?FbqWmwnqt{aoza_aV
z#UBaXmC+pn{lqXBI~Vi)vk6iJE8atgT$qjk2qHb+t$2Y}BM0;`e-+FOPYvL~u88as
zGsKHVEefT=iZ`hRP^a@n(5ts##vU{31y{eSpUldzZO$``!Gi-u?lVbVU`bivf`3Bw
zS0ha7eMdW@iQ-LZpZalUi7PSr;x<WHqU!PmdN6JGZiz}<SE_s=D1)guBMETK-@V#`
z8Pb9(NE%zk;4zRiLS$5vw-<oC5tvVTAmj2zfXoJ%=-&P*?8QT7zdM5I^dM7UX3A0B
zxK9tW!{tmo3-`3Z)~mww-KVD}U7*I~3m5<HK{t0=9CaE!y#$t2Vti0?JgIsMaLOOY
zK`N9e=7@UV`VJHbh8%on1p0;oyL0=?VUJhkP2M+2yeK7!hC~bRl_K}K=nDaMTP@hK
zg$W>$xlvY~JD(&N6*K0D^2UFnnR^GhfF{K-C&`yay#+ye0C3iYIK!9*kj@aZqdqys
zKbf98pI_2GpMMwyjv#<>1FOEk^4W3yz9sqs78uNakYoZFurUgDv86pGZ$`s-uGf33
z;H$6#Y;e)Q|FT7}P46jfI8-kvvn{2~W3WQr31QT3-vM6Ww!w|tnOqE#C!kLKD=VF&
zJAA)eyM>v;dPOBi`;S%0W>qGvva*gS=*Sf8RbegQno(a-9ssJTvBWg-Og+^2thAN#
z0C+%$zvoz}df)X_X7~v+`s4nCP`gd+JT6AVn8lWvqTGJ3HD-=-6=Y~v#pB^5jLO*v
zQ)U$%TX^3l{fx~#v0;3^srF0EM{DmPHzuHCS=t1Hy9I54W;FV3GV4WkB*$^j8{cTf
zdO-qp?W*Up7z8>rk>!{K&i-YJ_>-?K()Hb`{`9Y5lA@T$anv>t$D4<h2>u$t|5o3A
zz<;QDm>qzt7Zo!BM=oTdYz8^{$x<CeQAs+PYx>WGapRa9J55PrRxADEAD*m?`C3w*
zh_CM>YS&Y^zSVy82a$A#-9qqqCb~JoiWcm>03y;|aRS|)!>SH8OqZuqDCYF*?>(Z=
zsAoSrQ}#_L3Vrh_qLEZQLw)C`AYP5s7o53ad4Ux+r`>1Oq5n?%PGOQu3fiZE?0h}B
zi?1M2IJiGu@a^9RVtoVr{9JH!E*T>D$CRTg9Vw;a!e7D0cI#0I1(E~m#g|Zp+-Qx-
zH?UT36O{Ya1hs43qW;vb?Q`}12Vk|##2CB*yk(-9&z)q(XUx5niT&T-^qs{1b&4+b
z_s73a$N0B|fX4Jg<lmM>--&-)FUh|xm*n4WWjyR)E++BkGcNwKHH?d!zm1FEpQs-K
z|32#G&WNMVOxB%-^(5pv8?Pre9z`~On%wS?3;pU%#>PjkK{kFUiH-m5TiLi-XXE$i
zRAr?z3iZMB(WoeIGT3-()h5GUpAReU#Ux8R2z0y9aeEotP9^`N#Qm^hVLBeDUWvkz
zUNh|otC{8k+@({wc}JHZZxZ>kV*)A$SkLu{I{U*slfXTOIS?#@O~v=%(%P^r-{ieq
z<c^EBW8PP_Y$04mQUl1TT&jehkS_)3quzqT+8tO~xq8Itw6y9XF4WXr_XCPDv|=@}
zDQ3CF)}c(Xj-FD)b;?svKs1NTim;7v8JZi(1Qb?3y>m-6vEFrsS*aN@Iy0??HR+f^
zD-gLCYLC(B-@SFhuToLi)Lr`!u3cre*`*A3+IC1)l|@dut=!gD&TTK3TbwISqG0HB
zoLua1$}Q!#7WlL7Mkm+hk}C=&u0xP#160K>N65uXA$zyW7Ocw_s!j;DllVy9D%TY0
z^C{O93RM+FLRtkt3}dOZDzl3nCwb|leTVG?e$^@1w&NqYL!Mm}swgle)&Ef{8N3yJ
z;0;^?-j44AZvcDlGT;pXyh_EGXq#LyMhNc97qZ$6|GQbbUO61to!NeL1MPv1j_Tq3
znwv`-yK8w$);$!|ou=-k`I-j}cj{m|=;uXPXF~;?oMZI7_AX_a)z%?ZO#$$G0DLF6
z-6gj$=mGe#a*NB>5(B*qKyMf1DQ0B`fZhV2x7c^MY+(d_w_xkUNAh`jMiJ5GeQbU~
z8Ym!~R|3w_&QxhO5U$L&mfHiilXXLcs*{541U_@h06_(zJz6oQb^faV{`We4RTffd
zw-x7bP#zxWcXa0HN^4qW5f_x(T4^Go&EbfL3cy3K+!l0loleII7e95YORg-IxFGAc
z(CO%O@$L>BbsLU)JB_*$h#g49=&$%2`%5?v@Zb8%%h!`30EPYaIF)K}H90xH4i7d=
zG_j0bA8*5I=fyH|5X1i=UH!vma&HXdn=hD{!^+>c8D|qdY{$srWf*dwz?(o1zj-(}
z7XJ<O<f|_-)$u}Ai@;@4i7A{s+b+twlnMA#DvCiRliK9A(G^xl*VB1Tfx6u?E?8hQ
z3NMGE)AO~E!FQBQ`Al?LKJdJ3U}38{y*=P|7UDjISeflNDfwNLOh<*;J5rEO0c#cI
zsCui3BF{!ja+E56pQM7&8H7!FfKkNDsO!~_{|gAGN<~pqpgzY}Kf+Xx3w>N=q4!!K
z8e0oYl0D$)Se^y9SVXKLSui>H0!r&_VgPZ&lJhU5vC~<j946n`g14*SJ><E2$-i8b
zhZP9ic@g$hGl)#h2WcwzJ5hab%IBObP7s5TyI|4r&tXXgm+TxN>KtIY`F(t>EhDFn
zTYvH*o&w>%E$?Mi^1IiGN}6BPsRSqWjSr|MWiiR(Mj9Wpy1bpp<dqi_$fWrLMkZGE
zUTDZ3i1dPx#%u=Z1(6eQ!JU<tT7{~oiUe+#AU_3s&RM8T?{C%9V_5amiy~{ueK2n`
zbY<^WfAK%@P}zjF+hGiAewQ!?Oar0jzRrkI3B~-@tm>A(v76lwQi;H1dz!qH8B&tZ
z*W|AR<rXa5BHGTlY)9*^aaUa=h2^|z+LC8-bG;Hb4%<8c(qCi1yH(3|S6$HG_<VC7
zh#%w19bfS;2l{TQ(0|j8+8+|tIkxjZtuzQ0CI)jhpCtj{bNdc;)-Ta8bEi@Xf?Vxj
zEF5`DBi#`}N&^|v3mu8v$T;D~_<4MMPF5gCKU=|aLM0$7imXz5Q+wT2F$LgVlgX51
z%*oJ(#2%tK9oV}vrPvYVrQihOLt}vJj~+a_%$inK#I?B`J<G2tZ;IAk1xxt~7y9j-
zRS$q_12P6+YV8HYl*i?gFUE0OE?+3OeN{KoDIYHfnQnI+&9<Lq5fbIYT2PAJ9m?*y
z97p@27G&Wo*P|?aO<Wcp)wh^p1miD~^@NP5QGDnZ4WK8S?M<zxn1Iiw9egu-N?}g4
z-WBID28Mrz6igPR`zq<0AW)xGUmeHc;xRjwB_o`pGn{Elm~=B%RO%Spvcfz#m8m4x
zz;CN_^i+^+obpsOrJ0@KNhI6AZxU|cjbdo8kY)g1$Il!ef<(wak8pAy)0eDqK`AYk
zKS@SWbRUAn16cNeHc3=2F9!wLY1`>^d?tV9<fWs4Xa+k5;#Z94fY9$)&B5cRtu#DO
z82TUKOq*0x|DH{YJQj^cQzpSlCP007#oDj?tT*Duy?8jJWZHthb6j19<exV{dy?hi
zg$0{I)x?tXyDHa<fJn)<&$g+qNUBm<fge;qpK8P9c-+l><(98Uikk)kxEz5s*#Uzr
zkg6i_cgyMBuh8*31K#G}#*~VyQ>ES{|F}NzrV+g90B^buZ#oq)`>yZ?!zu8-axMYh
zYm(r7AsmA@9o|+<{X+ZA_{}7E&DxJC=s}bZzh~B={ciB)roxN)a4rGw!4QL2-Ushe
zhU81Y3;M(<bvUk~w1xwmyj?HQkW#-Ci5SG74qJ=wd{+Hn!4X_yYgigJ)n3c55xB<o
z+M9#>Gx;^3)pQEJU;{fl@&yJ&M#sX@hGsw?E$lRiRTNt@Z9wCW+JfML9DYqPe2*V<
zCxjKjhWGWn<IqGJc^LC+7Nw!|TNFH$=i=9x;BEL!07;uWDf+W5^wHkfN9mC_OceWH
znqJ-*s4W(Q`$oW(IrbSeL+Sf>!N+#?@p0qhf!flB+JUCp%k;vZbZB<#RVI^me?x6X
z%KabX{YjX@Kl%P!c>l(RT64<%AtT}b<qfr2fI5;9=}}nqj-*{)kTd_uCE&;&u<uB&
zzec9U3Sv|GRJ1L*rlA(5Vg$ctI!s`2UnbY(3p4;~ufv+JazK#z)@kZ3z)Eq3gZ4nf
zc}}<@07?h5LadoSK;9KRl*4rmGzDO1*innQRMOao@H7pd=HXM*KI3V6>}fha9YIe`
zUHa33>}kVNKqFpf7}pu>I@7q$WY=cn+RU!AjO#3RJ&0YymWZ20lD;-gz2_ngOrVXB
zb`!oLXm5u>UeTV_cK3geo+n;{p2wlzl6oPb#|_luq%Nb!6LQ=C59xc>_xh)A|M&W*
z@15W4pT2)^WsJVZCerr{S2FrW;hE-0SaBY)$3Oc4N|kb^+-cyA9vc^{X6OVDQ{)*2
z|5V?=ui;?K*9uY4+IX~Ke61cnMFP!8>VX-<9KprA)H}b%tZNwh>I&kUdz2Ygkef!&
zC~|Z>Z4Q+daG+tdI)p<0m!$>x=locI#sVAEw4?4OT3=#Qx97?}YwRJat4x3pK-h|R
zq%ylmsj)Wgs2@14rqIjVc8#kkh7K!OhX9=Sa)kRP2KS>$a90<x5ngAEu%88r@$zZ(
zP@Q`|ag6;e*CJf5I;y@E0sSoKEL_m^J*{WF%+N10*kz`EnaM8A`lXp&X6ct%>~auY
zQeTGu4>Nz#Zn+AL)#E0ay+d(><4=-Eua(=QSd|AT+$nE!`VQA)c?UTI*6E1VoFtEn
zZECHn@UuN92(9gUTON%*+~V|oS?>&fnd#2D5c~dmH%PVbB-iIte*@pkLFkkUFEqA$
zUNl<TPc41m^c{qj4(7PC4#rx##w{PGq_5b*T`4WFDiB61pC!SQ=g#`dXoZ&_hxfGa
zVH=nAY2&g!Z4e}4@Zg99NO*a1tc|T*scm35dOvW8!7r~(f&(iFur~g!PaFT%rws#+
z8<OBS5^G~ppEf345)OM39QVfB7|^GU0hffMBngg(Vr^_Vp4!HSi^*-!;oX5drK}_D
zdw3UK`)xqt#q*J$UDVZ)r2N%iV_A1WSys#>?dCEE(l`AAegd*zm;F=0S8q1)zibVD
zk<PUWN`0}O53XvnU~5Zsic2~Vu#)w;#v=Kj%t!gwg3$umDfuFYqM@1cul$4b|1*MZ
zC%^KaWb{~u(In_zEZI(?H_6s_^HSp}7~CwjLpOM!!9<Y?vav?(UcET>P~W-S<u~w_
z0eC)6^%A?#`6gUurdF!X2wbRP8Tt_Y2&wNrc$4z2pu<m95Kk@SG_35A@S+o69D^1S
zbiR_S&6*ALZMO}y?$dgajgjx7{tm-ahDx>rS{Ax~Nb+d=4lGcK)~^I%wm<xl;~&iF
zsR&072fc#-0m7z$?uH2%O^ElnoN)PU0xp}GPKmgD32)mz!92LnyaTudepQ!(KhJUl
zcV7_hphd*pbxF9hM@2bDl<Uk4A<l+60Mw_6^irBo)h=)!Q}w((+AbYKqP)bc-GCm1
zw!Nep()sO$^(g4qnV}cN&>&}MQVHjlZ?x~wA(MBZax0G%<@?Psf8Q9|lFxhLy<S4u
z6?nXYC3pLLAo}mOxcyJ$L+gnM?1R6bC*be-IR5s=@i%dO|M=q@*Y}}69fw8VibK9}
z8Rm3wp-k2nmD_YwYQ=y+hDjZbZ><9~rq!9<&>U;1$wb^1v5KcSRV{))JI%hs*OLpv
zsNa>*C4lM=Kf46p{W&lSQNGI@*@E@p^%;n~4;Lxt=}p~y^9PI)3D4OK&o@WV^;`B7
zj9{UB%J)S75{u|Z{~a1V;`(8<Rz6;kp1ghyeE*hI%Dtj(H^1`5IKI88f1%CsjJjiO
z624<+S9~K@djou@$M9{|@qJVO_!g`73S29pNsy26jkSn!EC2_u3-S@l?}KQM5ZYC(
z&Gre=@BL;NUAlG)!HGsBm<4qlfCbRRkgsIe_E6Jk50~VxStJXRl6)`2fEf*q=^#mt
zaLT*!+|6kVJNcJ4)?FVP+%ZA^1P14l&x82zFPafXM{<UCqfpf$q=77K+m04~|Ck%>
zQQ!Gom{T*(X$XGK!JI~DPU|SUI7~yKc4bmCFmU}zak>3V7deR}o?R#R`O*A-`BRA~
zM~Mz{L|@o~6|8!R640-@kPd9gZ&y-AxnUO&{S`zHFgx`Wq*siHC`hG;;Y1Hu<H{``
z6mk7AdZ5U{L0oJvXj#MPf%YQ7KpE1*LAL%1V)Rf9t@gkEcu}r5yQ>b0+(svJA*J=V
znh^u-09EZ0Xg%o7*rjcC*$x0HxaCL9n0UwHlxLZ=n<e=R$#zQj9T^Q^iD?g*Mfm|B
zhT-r5H5_|gl>g;@K!B@4Nq)qHX@~ADuzK&&a+rO~smy|#-bwLs8FcRb(iy5?a{`TL
zf<Wm`x<Qi_CM4R)3)!mOBq@&oDYsztX?^L7epfmzeUX<wa`SFrBblN++q{~?+~Bf3
zrTXrw)cyR!ey03MT>KcQl*XpHl6hx~v`0N$zz&{ud$KXVjK6Lo{<<MPzj^WbJ@972
z{3fk;44|X)YN}d7jwUd_J;wZUSkuQBp!v<j`4y@*!L7vkeJ5dle?y!5Hc38#{Iv!7
ztK6xKDX^V*`aW1{SaF#anA|S-C0b%zCEg9c-C?4i3bXd4C~p$wjcyy;_YbJozlrSl
zQ8N+>_3M=YM9FqUlK1J2FaLv3wF?u}R-F+2<8Lds2YkJ-h^1WYVVlHDEzrwJ=)sLW
z@F{aI$+z?oAR79Uzd$L8q6j9?;!7`xO-Qy@g#H`6rJNGWiSm<_;tD!MF~_C}Ri6Tr
z#I#h;{7<wP6ZVLgiONkhTb>`$LT-wB)(cb!9cQiRjXYEGdQP1`&n>C)1+C5RC#_Ay
zY`B7Cv&fU^&x6A!KR12a5btbhMnqCt`q}II_@|U$?tYo#KW`Fj9|*op7ROHBKZ|xW
zK+~f-nkefiRv`oRKZQTpjsRQB7OHk4dn+Wx7o&~kW9rTS%rmi+ecUF@I%)y*iAtt6
zHpO3)@SR@35RR^uGGJ%Ff$`0l2kn_x+3L`dzS>wHo&^TR*Am7LU_|Hoe*nh&;v4wJ
zNdw<5<b?smx5Rj1kAZJvt>8*A@cmQ_-}lDwjqp~Qajoo&Oku&Iy8JC~QV=1w&j_1G
z_~$=CZDk<vMD37Nb<&8qCI6p)pfs#cR3ev2Js&|277$rJK?Z1R6a2Ln!Lhe)xZv2c
z{4RM1Md58#TUJwR+HI14&b3wEslJElq~zAPRE9)X2+Y$$8yZS~D3;I$xJP#rMhMWM
zFm@FQgPx?Xr&uJc!sB5&hI8Od2>gZ&Pwt;N??|CjMPb3wR(Fk72sbKYH|l3-^92Rn
ztW5e1voIkFv{qLMSRs&isoAH|$tM(7W1`d0L){9CP!B;&Y@sfXoX7oTK&VrIPzM|3
zJFqSK8}^aD`4;qY9k0-QAxEH!4(JPM!_cUNT8m`b;y3W!LC$lZh;}QWo0*bQh$(cf
zR2=U=@tkUnklldw(N4g34d>GMrgLNktQ~?mFyLtpETRh~&C>WHq}KY<?l9*q#LCEW
z2(y?ww8zo2tMeH1qJ-YueE9{pd?s=PVf4?&jAm`HtUMQr`888>prO&2cKx<hK*C#5
zs`v=*Kb2G3>=`y%@c*P2UO$1ae^kg`A9jNf?ZC9$&}YqNfmIV+-eHlHd<-o@M*VO>
zzLQ^53FF|rR`h;$EA>|WPDb?*xUy)2?E$!0d<youAtD#XP28$Y7L-y8!$2C}m`RZq
z7@&{s2+B0*qc+}-h1$shbw&<jQ(dg7-I9WGmn36)uH^-0EJobG>^EIN)Ibr0YnCTx
zuU=+!``=(!v7Mo*@a#fX(-h#F{|9Nx%QxcYh9~t@F@byrV6~U<Yi1S{0jhW*x)oz|
zDMhY5Vf{LK_(qnEq6YRC=|U-dG5!Zav;{Mu^LT*gXz_g9JabHuP!+;>b*U5azY*|1
zJ*RnQI-q}1l=;7R)$bSl>77`7iV`(wH_oS`pg?3~0gGJ2oKZ2)eN?-<x22h2!!qna
z_ECwJ29JPiinfi$49(7NI8QTFY0MDbiO*0wTo^O7jb@0|(gCbS{z1msSj=F|%+|*r
zW15qBo;!GcWt4C?KvEW|6aDEI@d$AO&JFLwY%g-iC3lrJ+XeqqoJ&6I)a$JHDD|)}
zIH0uo4neuOVVT3^5u~afv~SotfJ7~lBU*naEqu^@x2i+CaN&nz3;&P{`8BdC3J{U}
z%V3RTd`X&iHERS~lN{%lFUM*CSO|Qx`u=NpY7gYmV;qg);N){o8Kj-I23K<iI?P5x
zE6zplG?{7+3I3_k$ZRxEhvaZ+!?uRfW=HTCyb+v$FUVc|%B#_+ae$6;wu-=?{_`wu
zuE55F5tWd+*F{CKjNT%@>xoAD#EZ+DogfV(GFe2{09Z1r9Gv7&KZEFWuINFeRnK?H
zq0;7C1b;Q>lmmq1>YD^#>i~cpkceJnwojz06O!ZP@?`{5hr0Q%IOfk|{IOgPmdhQ^
zh7K6+<xX^8kA|H3fWHv@_eZtYp%-||+0YKJ45sn60tEPm6NikkQrhQOvk858K2+Cr
z<2XOTDid;R<W58vVEbbhriu9IC!ftUNp6K9OO8x_B@Sbve+-S(pboUV$X(58Fr}Ql
zYsGmQY6%Xtw3+05+aA~~B}W(kQxvgqlfxNMKl_U@+Qb<~#~fooW*SgHA5hJgf`3j_
zd({}tW>Nk~RnOoYQkqlwV;EBkaL-@{Nx2IeWki!kNNiovOEeMUS7NO(Z68*ihtCtH
z{*`XpEHYr%8wk6emZ|SmY$CJeVDlj0BawA@%o~IWX3Y->Mxgl?MsaORKGhDU+9L&}
zrc^zJ=`rQ9Qs(7(CQpxFi;O;(OmBD5K{cQdD2#PHS`H$bn+FTZSQkc+pzd~3{rR5(
zl~p11l#T|B2q8Hrw*cuh4<(>l4WQoFRGlC5Ybpi`!F|{AYj|KhT<}09@WqM&&fvZr
zk=rh21>h<zxGxVLrVGIXBT%Bx>cFUowRmWC7Iz0MSdjseWd`#X%z*Z8_%F0)fPe>{
z+;)iz2<xb6%m;z4e>u=}W@`-I*_rU2onJ!@bI@=m>_r2D`*YAwFsl<@NDCgoQ@V<D
zJa>a$;TCjo;99s>nIQ)E-ym|GZZ0Tt?M6=*u_yAb#Lf}}KH*z4d|UE=ra!m=(C@bk
zSwS6tUtjD65mf>yl~9<~nqt3(wzAOR{eQN9V^ny8nbi^lrH=5ggEFYEeo>3c1u6#F
zO*`sbK*>(|BYlBPK(P>HDJSJ&VBrbq)xBR`pU;uC5Q9c7Qq}%Hb9^JFpp9T++Bdj}
zOgWyJ5ZDy(zVAD4;h#B$qW+2tr+AZTE&e0&6F0&ZI>dK=*g6#E1ilR9=B1^A-)R<B
zoa0z-Y0R}OghK%m@+O{upB}7hGU_a*y@=vV{4WCj>{4Ga4TEhyJm&OI8sPMWZr7i>
z_=#O0WY@0DG|3SmTxv!x;%Z)$ErfMtz!-w}3B9n=wCok<QQKaJX*V`x<BUx_v99_=
zH2VIj`qNQ<;yK^>vUM0{&zEf#lw#-FF913hUl#uGfB=d)jLC&ca))3$q1_b1tOF>p
z=2Ca?2NqB?t>(7(0G_vlATbQS$fc5uAg)V}{g@jZLwf`?NzBvp5=fZ67nM->YY}RC
z^R#PY_2uxmfGfnXDNYq_$K3Mirgr|hdeRX?%)Jtih38<P=}g@saR|Ny$z!H`Y_z8!
zyKV@3EjrB#H?vWYL&*WNB+UWo44AoRflzf+bbM7^P0Wc(7@zz@p2=l<SSJKP;V@Po
zgv-~4#p%7wpIu;TYsLriarJY8YL}ZkEZGiXQftS~n!jnIlFkE<t83}4k64$B{cib?
zC~ssPqj&#O=oksm7Llb`?|kD)*zWzqC<4N?9Xn(K01QIFENK=h$UqZ<pA-YYMX2c&
z3%)x{9v3_)=GId(%X5P{ll{|fdb0^>A%X!y;|DB0LNC$Obs;wG<hZ3Sy`F<*4K3L}
zE$t3*-k+e?QnB_}a@YB>uJcI^qYTK{^=<GVpL;{^d^vQkl|W~A(d~F=qgZFzdT04>
zaMall>?~hUO4Nxz&NLCw-a%9qTD8LsQW|R$RM$5+_Rb;g6WCe1u@A3}V)0ZC-q)^T
zcZ)d;eaF<1+T(CHQ%}d2)PCpVR6tez?buvXpZby(7FQ#XJ5~v1p$Dlt!~p`*3t;@;
zqf9|Ke0wOpKp%U<AQ*cwjJ*i&#fQ$Zq32$QLmyK><IbXl@KX^4rOcw3oRpK+*8{xf
z-%tQXCbJIz;U~8Ff<t^g!`9~0qJ_P-7TAnnp1_z)fH9dCoyly6pL4`ycK63*qT+|g
zoqpK=eBlHp)1&4+LmB+zJf_y*F&MAz?9Sx8W>L9Qed)1GlUp8Z*e=KgL78F^s&e@?
zW>71=vw&^#YZhg%=#6oq_Zb&DM_kCc7TFN=8T9oUd}teB*trh*P&u&C4-W}k5932y
zg{rNB?VL7j`#Hen3FJ@FfX-}A2#!uF;f{VEx>nxW4S3g4d+JAQcHg-*sXl6QJx%25
z%*B@N8bjEw;mwPjPNO(!eHY*xzf2>AJ)4a>jWRmn+-4KsA*S@w0KIf0kRPoWO3#WP
zU|l!V^hJI{4r=;U)H3W&_rS;n(40!hMq8bhpy>}v(>49e(qfvvU}*YtKtY%2n-$P0
zYWsZCb(CckHGV2RB+4I%okzuJ$i4%*L>;z7;>%A0f5N}>B|0*|7A_888SpHzQoz|*
z^pceyIfIqs0;YI<IH3y1j6qYPW9O35Xo&mE%Xx4ca3gS=MB66ABR+OO=iMB6hV*JQ
zt*gskMl%v<jle*%UAAKYM>ZxG3=m@Ver?AIE9{6GxH3*b^RG=z@t&inm=yH7NWU{N
z-Fpt|-V(oNDUbB;*v&U#!oqTUKytwBpxQ3_Yq`mav~k`<cs1S4lx~q1Wl;1wJbRjF
z0#d8OF_n9ou5wR-C8w+0J#m#AyQBnD7Hzyf?fK>QZY)WPQIY8V9{Cf;Dr5rNf&1`O
zt0FC2O47oMQ48;OD>ssDU9v?4xlK=TCSl2vHB-rG!ecl;R@9<9m{JoB92uf7G(<~>
z`xcQ4;mnjIPjJ(X2+5TMN#trS#oRMZH}_0IbI;iMaeL1+!`?F`$=)OA_MXY9_MSPC
z;^_dS0E9P6wj)SUanP+vpzHRYC5iT)(2z?&|KLSXhVD%=0Uf)*OhCm6CZI*}rY+Po
znSesN2?$%?B`Jj{0VcJc2CX9@#srAf9Hu%qC8av=>ksI^HREwiTl58nFFb|JU3i-E
zTz`*l?^P+klYCfx?*;bztrv{^MRysFzUa_B^_^iXwmO7IS*91s9u-fq0q>{gKjH@`
z$MdIN&w>sxFrruR4>S$Mpw>*m|9}~;Zl|jXvs`1DAFdb%T&aSDxlqLjlYDjqvSNEc
zeO$~iT^Buz1!?On8_+#kZh_mg;5MK!p9O-$G9HslIos}Q#a#miypdzRP*QPnKD$}E
zUqznDJB1P|<#EcBmiTiJm(EpWn3@7hbJYCDGE55Wf$5%zmgO0$TIgCXvr-h2b?$ww
z<dckl0IF9!M%m%td5lGpnAZ&^obO%#2+l{#G8Q>9{+FhH;TdA`iUiLPfXAE!&q4-I
zwz}#^875yzx<}J80h(ui#GtYC3(ct?5i~#OADS^bG_U`{l<H683+G4v!(uYU^6A5M
z#bqhiLzAy}$FE6$_Yb@;m!?{-F~i(u<J_{yP?+cV+^(w7=N7i~*woIAEQQ<iQ}L5+
z^4vseeukL%CVUhs157<;2K<PV^!Zw}Fg{-vZ>Ek6_3ni_q5v)bT1d$j*FS(*IK7m@
zlzP~`4Hl9Ie+vwLnMHN28K$SX!_<rzj(b@PCQdo5wk_2|*9gzbLc;SV)&^mjp|}%Y
zgV(40oCP)AGLYq689gv5UKR1B4ksJ(-no&j4`rJAvER>(6G<7952UK|?7WzQbjjD~
zfGY#DK9o0oxs+EQSzw^za~L=~-nSa&BLMrO1q61^!c_9`AnbWd8F@Vavp)X)3G`al
zP(RG%;bBg7x{Fi}p#WTzlH{-DF#0@frR16FrpX!DynGC{t*B=UF%=zyA_K*@AQcqs
zQ2n=B21@$R7(XF-nD~|CpYVO&0gL=j!CzCXR$;9o`3|7H2jQ+LPbzlG_m|9fh9`}u
zxEB(9VhKtU<S!;(LxXC=Wq8h6H^Jonp^Od?6F8^xL`m}af!;nY)9KChXd-|3p4v4Z
zubuLwQhOl3l~e@_@ubz9hNYMvc$7x^+ee92$Hs}SZtDN6VdEUJ>c7k%#4?>fESjIl
zA0C?jP5j}*`2@?5M^mv*&<xX|dG7f>{J}qv%jtJ*$Ko-*R>x9m@MXp7RMzO+2<78P
z|LOr-qJ8`i)lB34k?egn#OvR^_dq6ncZM_aSA9D_a7@(aXWk?I@&oaaI6v6(2;&E+
zk*Z&Mi65wsB=Ca^zhwMi%s*54!GH~nAFTBz@`GiM5MJMUB!M3gN`qd;55_&mFmWx%
z_`#LjH}HcE_owoMRR2Jr3$OfP(~i3PS#Cc2QK$Tso4X+Iv8hs(y2^>ZS1hLH!BWD@
zRjTl?ftUT-)v5WK<skn;z;hY*f#b8~Z)$^pnt_0{0Xpp@ru4b>`G;w&?GLBY5JsG;
z+dYhiCi_jMB>IUA*2Mte6#gOCX5&>QOT^*}TTx$lG%Im`u||duO1^%3aLRRd@^!_K
z__cpvQ11^2wslpi{V+23zD!de`!o8C>`+%7&L)jg5zI~Po^-hl^R|IV`9oEiY02+y
z8R+?nVyS%x26(>I_7QzTe=Cy4*E+cG_!8h{S(aNd?o`D(jx_DzY(^u|-p#50x=da}
zuUadLHy;dPV$KWMEIxsWYLS)qvSqWuXdrQaw?;B^Qt-<sUq5O|#2@#K_`CAnOX9Dz
zE=SkM;eS!}EjQ<z_+Mg}LJ~c+4~n%f&$bA<7}%N+?}stq7E|49azE<Evkll~*mG1^
z6+LecXm|1^(C_SYa7_=Q(+Wkd!b&%M0W*4yIF(9^e|ppjefiFD^&3EOIZDYj3}1kx
z@lnSXA=V%W{?_Qe)?|M;9lpo(LqrCg;h$`PfyTo!y%iUp^XC(=CFNXi`~ke^w1ot&
z%u4sL?wkw+I0Ye=XIRSRvk3EF`@$T<KSClX4_G}3KtrqO%OmfZ+sf!IoUg*BVPZx4
zfZ%@BZRG!sJ-;@Cc(PgjNw?07?Du4vR;}ie^G6ZAoE?}#&ta?j#Xy~y&)=Pyu>K=j
z(&Z|c|8rT1^WW6YS9Z#?hsEh2nSQG(tT2I&wx@5zQ%+mJrBn_pceIuB?x0Jq7$GT@
zW|0d@a*j(Lpv)e@&9*w)_!k4M;R=d;Wf!UXliVXz)sMi!;UgSpm(N8vS1dnmTVxHF
zj$q4zGFAHXPCZD`<Fg)4j2`cPFs6Lnfvj)mlcanNdx$AtzuEZ#vHsF#gg=D3P~J`S
zEUacHHT1W5L#5czPoHEwG=sjx@32kie`i(VXG`LrIq|bu`e)moW!hf&+1UIvb=O|4
zqXN*V%(lvHw(Z<WM;HH6fR_OA)>eiR>g`oF+DDUmGsk<Yz}^l&!Fqe}S)5OppOp3e
zp!xsx{G#7}%?L+m`DIOk+8^2~thSI`GeV!!svgWgFz<Sk+VD`~Fh|Xc4HJ#vs_6-u
z)R*V6N&Usu47ZQ1M4+*arSk|`w<opo=>xG=p2Swx|Ck|b%u4oo(aL0buOIw9m6^bQ
z6Ssd0r8lc*!4uEW-uodXm&?SAbik>)ChKJdM8_t9pV%h)oAeBZcqRDG<&uyi@MS0L
zJ5>A3ER$QAZx)sG0tLg_YqKSQaF7cV1*8{9oQhsz%m%5HsxF(V2jyDgjukNC$o(W0
ztY!mWcbP5|EW^>i`#2l@ZA~VV!Eaz3K$JFpAfDMUSs23hlq$$41Y2<NQ=mlXQKXUQ
zW@PE>Ao~GA_6PG4k^RK|F=V3yjOy0A3pXMnZ>?mIU7i9N+VRwD^jBY`SMvrwz?SFH
z2NT=RiMLOsbB;d7K6<n<zF+D-Q)H+GEVUX2njQBs;s5^R&e1VI{gd7f&Uvc76)%`$
zg1I8i$KL)P{w>Of=dW_gTjWn{9d%c&IFI*u_s&?c6W9(X`m^(!0`;Gu0=Qx$zM$)X
z@p^f%J_p9=Yd*>HO*___@}aHD7Rs?wVU;TiVYwE?mut#??;m&-Yoh@+ABrWSsm!3Q
z2QaZLpXCbWXM$J~F3ZOc=f?E~`2Mr>@ACb&8JTQPc@_ScpOAl>a%AV4Jel@DL}9Z)
zxnr+ZDvO)i>ztT62M^9|cy=of3Re^(2-<_N+6r0ZC&?AN)uRhDL7qBK^2A<DK1vPL
zzmFNU(93|*>_`en{uSFmmU9A@CG@z#WG;0h<Q9ROZgt84x-(yhuMb=sOVdNnTu!K3
ziX~FL*N2@&j9`}L3t=bWgch;`mZ*C0hnc3xO_WR`@2B?>sUNs6kraJ%W2BgiF})8h
zWF+*j6)F70SD$b4a6pE!p{nMEh{m#fjPGJwA3=0gxKxLz79c8(LDVz{fHCMeulHVp
zW@ZvJXYNUc=A#7+nyD*N^+#$3Jt)2T474jS-Ib$j`DEO5eJ0F+Rc!3Gx4v`_Et)^E
z!LA#vFB)|4R~IcHZS5_1w&4c$K%EL(kXFw)M3_DbseipU5z;AfNDpHxH&83LuAa-d
z`b(u-quL#;fxp~CBmGg*_k-i#qpPBN<Wc&5gZ}+zS1`6dtAYJ?>%YtO-{_&zU;PE(
zfHR4L2kF|n^Zr()qF4^vPCR|1Eu<4HljzK3tPRVjFqzqJL~fGRu?NIz<1@Lk*ihE)
zZ)GFddpC{bmAQ!{ao(+~Z8#QmsaHons^?#-PdHz}1XNX(#jtc(K0*J$rQCPm7Y4h~
z*LOLmuWuOQ4;q$z<0_9-CUOa7Mp4ra&lY-Hsm`aD(W^OEs46Q$L0M1Rru`*UmdoiE
z)R^7`HtJV@35{wik^297VskWEpCYKT?VrXxf?Ji@MQ?D>?NP)y?XorbltV5YosOMf
zCRR-<Ld+Y9RW!60<#NWQsMO_);YqRn|DX=T{$IrSY>fBr)kW&hr}nY;{a=EoaVmqy
z*k6<<F&~vf^*&<%6#M6!@PG<W8gYkW+!5IyC7-Iv2NnqYPi}GQXN|C*1K&I>R=ElQ
z4p#vH0)NqfSf~rJRK}IPH)@0BR^wunP_>B>w21kIPOCq97+LTk`sA!APof}Ga=Nj7
zAm5-=6auS#g9Ba0*vYUkHEV09_D^TXRe<Bxdl&H}UNk(M8GXs_Oq2an?LDSH_QN05
zsyKht<r9yMF(=B+S5;XEVrJ7{QQYj}fBFUdwsiqijBO$Iyr*HtjQL_7ZAtT$mqNVk
z%WojyKQj4etCVTTKX)<tXLgeOGb_fN#v>bcSLyQ4G7@U;noU9t`W3#A^xbXo?<U}P
zc~!*J?zxLGwLQatpzZ*{(x12ZF2+=6C4JvLGxq(RR0;MW`hKqdy)bSo(|?vRCRn2X
zE?%Z1G_As#9KXWETO*;CV|HQPJpGW{jECIm#v!+-5)X+f$|zm82UOu>OwH=p$v^iD
zk!82~s|I!?oGx;q{!WD3wTy;ku;_T=zLpqiG3GO>5A&IlI)C&6njwrJmo*f0RAybx
zX@3){b|MhD0EFTxNVgqJINj5pzx1s0jXy?N;N!_43!smtVgF9_=ht($e~Ujqo$^0y
zobu02^5@5b%dt~_45g$~{?Xi}{rTAuH~I8Wi2L-<iZq$x$&o`bxBk;^`JyC`FQ5WK
z*kcox{EFnJp8O^``cFv6pZwqU_xI@j{&%=-7YuLm|I+y{d6Or@jufTMNjm=B+1ob)
z;5!}vmQVyhymfEkYA!OJGbP&7V*c~p<@PAeS21UbXZdqsmcK&ez{9c1ob93!93T}G
zf&v#5e9O0#m^|w!D4?G3ITM2dJm`4;6Xuw3*6S&^2aNawN6=Hp{1RqvES(5%rvE^Q
zhFtub$;>ZdtLI-Z3qS`|+gN_#nI~Z)W^RG`S&Z|O4fC@!3c4js#ku-@f<OBtM$NE*
zfU9A|Fb;G)xVN-71g{qqmGW!0!do5eExYb}kT_>|84&<ejXAr^hyYlU7y*E2-I_dS
zk@j9H&fX^gAa3vO(M1(dK$FGZ2P-mT^2^Si5<}(@&`7Cd2=ZAptI1{7BzxvGVD%QE
zse5TQDzs-mXUW;-kP~xpWOH<e@jMT=27I27nHEKY&6AkvHVs}T`x;snZ)RrS4-JLi
z;6qmlRYNH^wyjf?r&?BXwRwifU=Os~V{Xn|r##sBJ5|5DD`v9A?7mHb+FU(Hrd6ss
zBc)XXhNY@*TZoNBlB?O7R$_dV+=b_HRVbENBu6j*QtR?7FzDOJz6p@#<BF4PJz6dd
zzV<Tq6jMmp1F*+iu<ikF>3!-4>h^BRcYtZ3nJqQgd#7}5wFM(LN0(XS4hs7DVAGB|
z8$jelk)_^DJv(|3s^Kif1!B&CC+7`Ly9@zsiB2!>3rxH|22jE9vy2LSVYAwrgI>4f
zrS*OE(vp3z5IOm%&Npz`(J^N<S-}WCZG_>!mHMi8C;H_00_^5mCJ(T=S|upY8V%+$
z=Rcr6`PbCo0DC(+BE0|~KhHjX9zRYx--Pei>fejP=x6CQz#6t>3oe-~aF`VzFF=B_
zy^USr@z1D~u2MQc+G<a^hdsQf%r0))QClqd;cMUWPT)KR#snIr^VA!7+LPm_6(E*}
zD`?q8mPS+aB?=1brK#OhqT@nRo?T79sAF{8wzW%gjy#CedxowsjTHY|jrmGqI2dn?
zd{WZL<47KfFG!dzTYh$Re0ZYVuDt-m7FLAU>RdTD6RusLq?N;(xfO>z*|$6hL$<|Y
z1`}!>s<-6OuqE6tS;;T0IX3QPQN#XD`Zz44)daE9OoO*=6&$^bFB7<Pg3Ru4YZ2g>
zQvO@_^(NI>nJAMzG$kgJp;x8qyqn2_?>v>Xzr^BKuv11Ja!|6JtG-K8h#UmvZ9=o7
zw|W*VUC-@;EhKT>B-q-z_>~lX#sN>mfLt4hxnaU3{)bepH%Su!Lid9@)kwDY@hw<;
zm2Ys^tU%57>dh{xOKj3@14)g5@uu4Y8q24Jb&2HX*%T#qVkk|zs{<AhTS&*LU&B<v
zOwGbW4Is`i%#^6Ul#Q^wL2ciQ@a~PEXCy)-gQ~+mxml#N#_XHx)P>ok>$sIS3-G(h
zeeAT>5Zof?vCJ#zLWUd`8Lz*P%nu@aF~0^NotVLB!dl;aCM@47F2?uC6H(FGM2}<(
z2>xoMWqu`@yg009Jq2!*<x5pZ1m!haD~_XX`MAVSyvP!8V2Psh>h3%&zfARGrEU{?
zIh#4pAeMyr>qCf<cM`Fk1a>l`g7*1e1X7NMB}bSg)ljAsgAj5JU~Vg5?t4Z;+K{|c
zEf@?_bp&MaNG16T>$sb!*R2|OU~@E<7rO1xSt8wrLAhvu`1k~IVP<Q<b5*Opj6xNK
z94sjt@eSQ%l4`Gn?|-X*k0psJ%+w6*=CiFJCs&vgVwo^)yh&%VL4Ud^SL9!^hs5?B
zDe%p<@@sILm<m!uN<f5jEjsX`_c3!uUZ*=Fw;MqbPQI*-g+!F|Wx)>*07NVtLK{r}
z+|2vfzC&=d`F3#f?0hz=!cYd+YMe*^rK`X3RsvK57*qpN9HcJ|Rd2sg9U`bgLe<t}
zsJaoVU7TE#PqF3z)c`JaK2pnI&%}fyXPF0dC3$e?qxUInu>QviK?;4W(Am9-^Ne!I
zN4B4bcXntaNp8UsBndBg_e#o-ffdezb<rXzRaRle`4!OJ+6EJyceIGMkHl~Y)gw1w
zaa!Uh?NestV{LBcky>U3U4mt$@tp^CC=7Q27`|y9dM9^As4&dK_%}K!vv3|DY!=a@
zeg!X=o5=I~X_I<xd?r<=w_;)$fbhpAgphB18rpPjzX(FaPLO|xg8XY+%Y4bVV-^Mn
zFxPc@u^5X>2Kl<&1oJgcP|8gbSFDZ0R00$Q0A2BGvI`Jd#j!YmDd_VLONoU7cs~Jo
zp`sj?x~Z$V+_V;NMjA-j8?g8$3J+i|?HC>aU$F>*<EKrj5duXp80UNF(<S;YSomi!
zPfLG+NbvOABaw_CfzDVYQolh07sL<0!UBu~oW6|-Q3Cta<I^!pU{gFwV4e{rkbwT5
zj6-|UV}-zDXuT5hn|u_@0to!yi%{}s7sI@<5TzE_xb%s8wt||M3M?{AjT=b^p>YE>
za$2S-U<x+7O;j#dF3TrtZBq4d<hDu{(pb}rnBR>s{m1{8m~NVeHrYOCrc@b-YrZiT
z0FC6qKOq;E#DUH43dSY%U69^tI(-4&Iz;}`iNO)O94t8E<@DSXdnjzgPq3O2Sf38)
zAM~bWg_xA?>9O(|^(FXFKBi@D@8LJJIZix%1I%(E)uq*En|AxEZnfYXpbaNcyIlAU
za6@fSX<?Tskj*uh71C-jD%Pd=f5g~O9;|u>g69gx<OHs*RWB~0!*-ZzvjQvP+LH7m
zc2-M%oBnz;Z>cDxbqkw`9=>x`Y}t;*wJ6C^wrn@-0)THBZ!FPx1P{EymZ)^1&k~hO
zkl>?ea=QN*)-%b+aVMTcB_sdt5{CRyX}P9V3GlMoF-rj6NetdemxlK&gE!~W@SbJx
zzSz|V-jBxuOVPJ*y-=WDAW(?;Q1$`(k7F6oj}ORAa3`6+D%qdC?x%_V?8QIs>(8Fz
z|DN=|>093)ne_hl$N%g8@{vz(OY(<_Y)-j;C*}IJ<ZIM3x`B`oEz1g3KRoR&18FXc
ze0OgAOn1WZ-o~s7f7`P;sQ@3-WGXD6%^1o^xFX4FSS7?`gRs1bmA1ai$UHbLyW#u*
zzA+2;5!@xwriWR5hhQBUv>Hy9UEz|6%~EEO8;=qiiTwsR?+p@$)Q6nD9?m;KTZ9`b
zw(Ot8*>`kja02hzF33FAnrRjN)0mBLvg`?yjS$-#jh`mQhwL`&gTqHl{)sXB;BMVM
zINY!gLdR$yoDIsPMByQV!eQ1Y6rI*Qm0jA<%XvZjoeuX!t9~b=dbp4_or)Ku38>QC
zYTtpk7e|oyV_IbWHej)pnFbLvX?){xG7VN((0(;sP!?IRBqP6OI+?Gq3p5M@UkIWF
ztBbXEf=mRg!TGDE0jyS5cgN~w!dvE?R>3irZ^E=ppc>@Ug#0H-3RvNEb`gkkv2-8*
zj#C0$$sPbT)x}Q@l-qYC@;A3*JKy*`+7A7b(dM_CY<|Oao8LXWTken?pL_O9Z1(U)
zVpY(v_k|66U*>4RFX+)oZD{XHKgptzD)S>_Ffm^Za75{BiKGDT11Q@#0{qGc8KpRL
zpi4CS4HD!Q(Gjc}D%m=wDpJrYMgwjoOLBBnA9Xdm#uj1eyIGUr39HFBihVC;JJIO+
zq@*~Z$EU0=G`hmp=|scp0s+l~De@*Z1{5+CAnpZ#w${DI8kME9#RL%cZh@{vM`z8B
z`K$VYM|-CnHN~xZKZ}1Opyg3+7j2#VGe1M6h*DQ8l{oNiKxkPQGj78oJ^2z+b&Yur
zP!P5;997&ot-USHIBPoqdD|KCOh}njyeA)pb0SMC*7!vKL;X%hbq*4nmThk*YDByb
zp_4MbS$jKLjoY=Af`7ul*N#9Jm<IS|52%M0XD9ei#FMo?EGX&MA(|xrYRn%gjjJi-
z8(%iDVy8-3K68bgU2gwU8_w!gwWIA;QXW2MVb5;H+$4&Lx0;p3*|2*@99z-7$jGN8
zDX#Mtw<F{U3DL0N==C1c!f2ds+D+74W)}VRwSsS7k7tbFiyr5n{h03Kz(M*6W2PF(
z(IfE{J!lfL!#)@7)NYpiRmBl1A4A{#i9{uOSp*>lXl1Pl<AFf-!O|ydD^Qpra**U&
zv*e#=5&X@R1V<JuXrb{P=)pt|@-#q-kWZ_wv=Dwu;71VT(m5at&C|bMAjoqTg-UCo
z$p#uCwX;{x1ost%CCmr#)36YSlp2YVw{ybv@MY*Yp7hjDNVMS8Oh`DOpM{&}(-q8y
zbM}Flzfnwm66Gxk?y=5!KpJMmBRW$7rmh2KV;20wvIOQR<Rlj&EJ%w_Gtmk;M7z@Y
zUa5)M!I03<8tloG<m1upni&Jh>nCNJ+}z^@b3|xVhFc3L@t_||&sJJR-=;3ncMzS<
z3elJk_W-X#K4uP+WZ-@BoVb;sH5GnAxmsxYly7_h#a3lf41T`x2An!&krmB8R1_Z1
z7-RA6{@N~>eT!SZ=yn`tx$1yix_B!m`4{YSI}Y;CJjd?sWB0bxy`Qjq+u6MU+*|x3
zxDK%E)p!jXp0Ju-zk=73;rbPJy$Y{yhwD}Bx&g0mfa?ah76vYgQsq9)iunugbVg^J
zMN~DcpfiQL5KZuU^+8D)?c}ZHz=97izA~P_jlB;q!u{$lcu7#Ikp!I4U3C6~r)SU{
zItRm!v9Alu6Jpq=tVL+M0W4|x^W*JNF$Uw+eeBgQB>$o=Oflq^PrDtx{4=j5qHP|a
z?E?SIuM^QWZ#&)dC8BK}pzXrq>KNMQt;XxB7~1B&g4Z)*Xq&eRughX+o7aHXx1^wL
zV^aPCQMtnzy^DMj34bBL-$p>q1;pRAfWPzt7(gQa*!%Dznk)f-*W!xt{veYQV>NvR
zC`vd6>XYB{YqrG-dQgj?<j{UI1(E)qUe1{plqbw|BKPGgR+YdH+Yd}D3lMQ^;-5K#
zTdRB+jT7Z2%*5&o!5V;h#J9#hUI6;s4y4|3)fVr++_qj}Z4Ya^UUY=`#$&`<#uvEd
zvtlrsCi<crC3)Izn(QA|BFPcSab(E|iR-Dp8cPaaGuc1>D1xhgHW4-AjoMHUR^ajC
z{i6H<o-BTjHDCdhDRTM+SVIzs&~-Uv4W!IsFFQM;Sk%&t>`^SjRep$pd@Vvf#h?Ba
z7JY;fB_JU-6yL4USiU@}XUUXT&lSLjVzejti#SXX80pY+a;1ioOqjlSgh?G&jV!Je
z0o2mqj~G;MjAjD=vTjSCcmrR^O7%g=!@aM6BJFBslxfFhc(04?ae}|WL=`uIH9-s5
z__2$6BOu(f_@96E;GK~6nLfURwlckWecLLvw9<!>KlDWD{4SiyHiR0W63`X>&$E4|
z64)b<^1dFCgFUIjN;^Ht;;_$v7?)cC`%FFTGZpjn?_r;ry(m<H`^>Y(KGV7?em<q1
z7)b}i6t_IZEIPK<T!(2wl^MW!cS*KxVMVVg-DIk}LWE1X+7dr0jMYnbbS^m{I(EUf
za8mUD3f~qS9RfeG16r%z?Bs{!09BO2#o|*~E<GNfAt^N_SQgyv<ln|auF7e8Vo8uh
zrop|bgD`f&KL!t#%pjO9DTQqc-yP)7Ht}zF!lneu$9v>PHZcNdiR>U^f^SxvNVJ`8
zUPpg`Q2Q)#D{M?2i$^tXIVjprh%3&~@E(*<8><2Fsd5^Ebh&>_7XS7x*28+%!!9j-
z{(2L)Vt-E*7h3UrSuoF+rws~~W&^4L{cj5}UDH)Sc_|x6Phzr2N6V7`Avr=KKM|Pd
zO6*m1Y!@-vg=1H>53mIER0@ADJ{?(1JS{r^Jrg${gb@DiJ>>s<XC~`*4s^Q!yG4y&
z<Q|x#HC)O*I!)A%lRzo|5zypL;p}Ii(PUK@!klD^zC%4s>QEyihz@XH7^O}|3)Q$O
z<|W129#Q@Xm}k!v|ClidL~sNe@$^qq->>-?{U4BgrsTtQVf9^r4<Mu&`GO3vE;Z8w
zrMg&<Phx_*73a~KST`A+w&f|sjOsci+X=y#mL#f6Sog~?B#Ms3J{B=PmJ-hOXupRh
z3I)f>C4Unfn5k&1;QvPhBLKMC1*BU2D}D%8<N!=}E<UX_Bh@1X|LRf{%=_@1Es2UF
z3!};T+)#%?v1c66a4G*b$RIXG$I5I$P$rv^uK`mZi<Jdok72N#U<4mT<xOtG1r>kW
zyF)v6$@o1w&%cwmW|s4B*CCs|gT#MK$m-9&jk1k8f}TatlSK?~#QJ$+coWw3M!7Ht
z?FXU)@A;jo<k;sO4DZ3ZKkGfBO+cnUM48^>@=uJqWM_{yXuV#jZhBACj{2RL&%#2^
zU}rFy{lVNU6Qu-)yV_c3LtVDXa}})5`^}gbS3awbxt@$l=qGH6d}hMKJn{s>Wh#cl
z47801ns!GbJ}FZ3doKR%8nfDUT_$F11xXU28y-O)eb`20x0r!IQf?x#2-zk7_LHy<
zvu|Q~SA&4=HqYOj8(3{`VuF*E?6GY8J>J2zWjW5k_?uy~_wq1)|Kh0p6pr`{Ehh;B
zAEGBCjNk7m;MGHxEOKAeNAPxkxrAfqI{<M&j=xK9zTT8@T~W;V_B{BR20x|nQw)52
z5k3Y{0v%!n|Bx9s<9TdlEuTx=Tae$!Y#^a$e?zT==@d}kV6ycsMaC@!u7_QRe>Cp!
z*aZJ#P_yl*;rVYpVaFD0U_qj$`8L~EKoF6qn_DUBx=Y}LdGEaGFbTl}W{ugSQg<xY
z9X8+Y`2j3(Xx@UR7k}Q*srlK^JlZsWP0jnlu-<Fo1;O09&gf#u9O`1fS$m)5`!vQp
z@BwTBSnvqoQ@M*T2c(#pZ8n4LX?Fn!@46J~px@ertq!C_cw65+FM&H;oPe2WKr8!u
zC^z2hVq)QPWeHBycgO7u#oq<D54>UEc76hVEG%ZDw$i9CYp67H$s<m!2RkE<H1w-g
zoEC9K4{mne8-x{0%_cyBH=h;m_ARxVyu+ZAbiI?g*h%#eZ3bSzxX<6TWRQVp4F>-;
z=Gpc2*xyHMxX73Fpn3@WEgf{af$HmIDn3sP_ynC{C(X>I>AKJ4OoI=8{VkKT11ATC
zEnT~=0r+ZQa%PtZ@>Z5!6Qk~u<+tyQk&`zvjASs3%*C^RPc~sB1Lr_1NWufkjWImD
zO4j60(2kpgfw|1X;u{tX-}pzmpRjQ5zA<6p_-7YO%CihH(`excEAF6?j1*SXv5^cD
zup*{+2>gPvWa!Zk3Sb+wXR=i~I%{SNSn64+C?#p9-H>*kkYqG0m7?9;GS$N83Kq<w
zu2h<R`!g|(BD%P+x@58S`sdYby++C@z~t7PAH-Zm7Ne_3_E;9a_ygv?D?i&q?z=0{
zzXU`dzvKvlu+t{_S0sr(oxBgFoy1K!@*th(A6CmNb^CV$Dw}mwrZZGx%#?o`pfR^~
ztpV!5i+@K@_r;zh#J{1j<1{Em!F?IRga8jqX#@TXJ3o3@mg1(h?N-!=!cN$z%jGl9
z;L&v5?BkLbn8P4+;dUdV^{3YAjD8>n52nF(Bp*><AJY+ab{?A|-#gYa#Xo*5Mzpdg
zzl0|so+PM{-xQxuK%PP8IOWlNC#m8<b2qT5aPmQ^AlnhF&Xe0k|FA7?`SC44A@{ae
zBB;zcL7B{U`|GTz{k(N-0BrSB^CicAkBu=P*vGO#zjCxx7sxw68t#<j$2%>Oe@qCA
zvP6DQV_RNerf#*t^tbHH7UeDIBWjTY37C6d$6Sx-3zuSlFO0zju?bV`IDKKj-bKV-
z0@_%fM7bPr_jEGu7T<!nJ3d*ycY;OqkH0C7yE(TY?jC`LHOz$wq6OB^R)2eLfGJfQ
z#P|So{dgLm0Sz{(78Z~9{$}zIIr#qOs2=|fj7X_K!=#pt`j%3xOvR;(T00e#Qi^$N
zj#8WL*d}-I6L*6?`MHb^r(Gme_{Z-wv7N2QDfc*oYML_|aQgP8!TR(?t&9H-m<8Q+
z*e<HObK@$k4<|<3JO?Bt%MIJjaknB0S|rZ@eZhQO3XRpI4%(3kr3=au5C@+!Ctg?*
zFRXa65ihh2t$p-YwSw5kUiD5&1v-V!BS$cP3LBkgD4tc|-ZzK@x?RyuN}4-2Qa^&7
z`n<hib2Q1nK2D$G3lMwSkhuH{)Z$WV&E+WFy-LP7GZ{H}YnCEpLofew!H!{As?p-%
za-4JV6VHjk!)aPx%6b5T>hb)QsAaO^D(OK(9%^NWVLzWoHc1!(-*_GAcnhtdKm%U~
zN$_@#osS9rIbCl5e9)FZlN?|0&-}ZouYJ#N>TBOyYU*R(TbN?syF10cC#Kl<94Yoa
zTOa%0a6Eq+7oB04_XJ;S%)EEVt=vd*EP%cE%7lCX_&&Y}_p499OQN#G49qIJlO*6R
zR1>a`b<Zsyqr&H_5J6ggqJ6BtcT=(UyMD0tY#*#Gu1UezqbV4hor1B76pW2c!Pxiv
zU@Y%{A79AWU%dj&c}MxCi<nF9H)yp{fRg<fIv5s`nMvfgk%W2`DfK`oFT}nc3_@FA
z#jFab7onv&-=)lhHSi_h=p#RhR@88`t5&g8o!4KHNh>A()_w7nk`F6|)`e1<4cz_%
zm%Jan?k$FsJHAusa_mFL3NiR)ns#}@dQmr9Vb20B-SYw!6M;pO4~wR@loHHI%7PLi
zlfTo{KW$>FqZd`j8x7TQilH!}>WEc(64&DtMVeqjg-LMiL4_%7b~}2#5v@Y-P5Ax<
zta+ZKHGQ6<HEl)wn037=Lw!9B)J9~~+FOP_zv1a@EDnTr#p7!4@Ju=%2d$A30^<M#
zoP1I7(pGpKE%vjtR~;vPR^AldX}kgVP{`BhH@t@)lkgO<!#917Gyg=N`sz%R^!z+g
zizMxHvL6)11T}KL^L<n!L4Uln4?2!$KtmI(<Ns^u$W(tnAORh5{g-c?kEc5)F3&Vk
zNtG0MVaV!Ec!s0K;eHhxIuQ5}ELU`x2>f0o%<4sgvTOkhWLte4Z_lm8Xb?Oj0DM-!
zN1oBJSH$BRTBAFS7eK(r_O(%o`F{4oE9$JvGbyM99v@||?hz=@e@RL`9iupl@_UkL
z^_};!g!P)R|GxKsXaAieahtV6y8m=P`)?*}taAkJl(7XTTw7AEX(N6|zt;YVyru&U
zx#W*BX%7A);LW$bMm7xtJsUg+9eD(Mx8OTxF6Dm_3LY95^NyNk);+`wrAL&f7Q;`e
zDBo2g%9Cov@XELj1&9P5Hqds>^_0I1e&D@HsqfiASj30V;RHBCD@o6S=Z2moh9@o1
zf0L^AO-k=Ay3#AkmxI9n$|&r3Nj?BrC@O0bmEL%@oCNiE-XC@KcU@Av0V9mcd}X>>
z%Mug^T72bm=v(;#J#p|>-laIRosRADE+>fV<v_Tf$h%>d&*3af{`50UbO`idnS)>i
zXd>wJ?N9UG04khy@oPXe=YTHGqFqe8Jte<U3(!ZqXP2a0<^~A~=;Mb#AKT;f(E{{w
zl5eac`nVle63l=798B`7{KTAcZArPd;`KZFwf0Y@kIYCs6yTeFVd`sU5tKQ2$dD;8
zTPqA;0D9rc+l8}xgi$>pwHHg{s?9YIGmCw`Fm6U+^}{ebSXdM^$pL~q`4T4AIhQoK
zF4j%1%zuh0*e|j*&n|u+LH&;muvj;i8DRgqpBZ3(W*A_9e@O#ubCRxCL*ryN*rrR{
zV1Lxd20Mq2j}qb$*m?F=77&b+tj^ktZjc)@Mc<czKeNQ06Qb=BsPJb$6-I5I>My!h
z8n?h)^N1uD!a4%<35C^*nZ<e<pzjJvhNX`Wltn4%TS({=iZO1F&==9s$3KUMoua%`
zk{4J67H_O4Il<KFEI|20>~7?TD!Hz+9ABTankk|jQt#P^`0Uaepa;U|bC<#=@2gJL
zpC2Ne3W!sFB?(cEop@+3`d>)G>j%7V7Q?F>*3BkB><5cak~e)n`NNXVux9j2s!AE)
zu&l6p4j%3UbpZ~GiJjpCWkxajLfL|VDZ*hX60%%Y96LvnPmzrl3&{NLGeir+N2}59
z;y*L8`&b<h6RZ6N$fgj<=54`&3By|i|0;$W8Xj!d)vxeFP|gLkv@JfZ{XDkcBoF51
z{tn~-f2F7$6#_l<z#vNDW(hmhG2hKj>(n#<B0S@JUfB7<b0XIsWaoEE#R5vWJ(@I>
z%0<a%0=34Oz%_yb!e`2%!1KtnW9I_sScz=$DYG^-2EU|mPGu2n_d)b*cwN84TR{gC
zfkU2<PXdSREQcQU$lbv6PT+C?rkhr755Ts&3RoL}(hR)PjD?z3PgSxra9=#;R;HIA
z1H93#++7MX;t$Pk+b5#0rAt)q79?e^+1>Q1ca-*i3VoDg;oaB^o>$z8U9^49j?+)M
z`H81szn$jBdKo9&a);JnZ^zQmX8z~F;QoOOsr&Rp#W;3!Y3=J?-QE*pmB;#Jm9-W+
z_=Am;4huW^XD|N(iHOJeLOeFLwV^o>S=>N8>1)MR)g50|Y-Pl_RBqym!jsolDrE!T
z!Td%x4@ioKii|!VP0h#n-OrC--<x`V{Ng9c=f_wlUVZix#wsvqA=|2tvSviTBSe2O
zGzZF`&yDa0;5!)WSC<^?WvOGGYYaA?Z|9VniT(S&wk&pHMV}}d4*2(AB2V0@4O~|W
zP_7@3<Fj?}YlH=`2&=DvL4x3!y$eY_8(k*l^j!i=h=^WA_#DP?vgT^Eg2Dufa*t@+
zZj2$19U8QeS%OAVz8^=@yX27II1jMH-oKuW<SbmBg_f%G_#uN}vxbqJ#F0!hzTX{d
zD>?rUbIO&JdO^fm<(>yI50b41gtTd~8i$jnVIn}d6|+2eCZmi9k_!4_0!oh8Oo6=_
z;Mh%2H3bCT1#7w$l&MbyzTy)Sq1!zVMLV@BdmynT?;3midNk*5pkr!iYROxIKd*Z@
z8Bq-nua|}=dU(AsJZ5+$|E`xtG5@aNx5LF{qd+C#?w=#cC4xN1OpMs~MGsb$#4^TH
zsUR_oNr<~h13f3NuN-5=rLHeuuVwKBkkSPZrE&5Dg0BlEe=Sb_IyU)1ehsibG*1G7
z!sMrS=y|Px`H$&nO<khZd;dRKqRhWQSn(CbLt>uv715u*E1A4G!itS}Pd}5FF9JTJ
zmotw!T#M_`(62i4DM`>EK=g(&O!QH0RQM}`2^to*`98n03}v6-kvoOpxtqC8VPW7y
z_d^!+Vx)UL*K^yYs({$f?S%m~4VqfGoqpK@PFpAR6&%ihDBjS(I<yDWU3)Gwg&GU~
zu4`QCq5FoBsy9Rohv?`O_=i?b0dF%4V8w?q-_uF6N%AkU0x5CcLHru2pxD`*qg{@w
zW-&RPe}dxLI}@<}bdRv22OIJ(m#DreMkTQ{wWDt#B@h6+9k8=u1VIp13+^yc>{9Ut
z#HRWd(Fay<`Cr_<3w#q*_5eI-(l&*bNuglnAw^PY0g>{M23l?UpffOm%1eBsBH|k%
zktzs<w9wfx%KFw_S6AI#U0ol$ihu|Wg{FWHiUKODAgeGTJPK%AUd?yTxsx=Lrj_0O
z@AvzDA3yC(?#$eK?m6e4d+xpG0noLK2z_G3Pd?Q?Ig!ua!K|lh<@7yxMzEt7i<5@=
z!~$u)0%kNNr`Hvyr*r;!biRODPcnmMYR;ne(eBdKoH3kMmKZMUr<J9vJ;G1@t)ZvE
zD??9zxiS>LJ{%tHd20Erbo=MxU0WGh>jkgM$m$jE^8R;ZJ=_yRQ2|DYtbl(YYj8J_
z^$E6+Z&vvmiLA~M80@o+lIbVRXp|*+%F{)6tHG5)Id<&TiQ=+zNHk|wU|i@79kj>5
z#Y8!B;W(-89oLi7-gEVo<Z&#W;qzQLlv^zZyCJ+g<Wbh5y5dpkTwr%}{O}0;)P+0k
z6}*1d>3ZSzdLagi7%uK=z`xmEd-e{%#J|$oW8#-xdQ8OM5EB#K8vhGSG>rX^Frn9P
z+T{=H8WqoWV!SS%ZS?zc3tu1M(-Gxw((U?4e~_B7?fpSQzDy5Tg4dc0Dvx3uEMv$Q
z{-)q8v*v^pY9Oa3${z{DE{0IQ3B|_^k*8@hL#JtYBLr(^!yL`-bLxd<HRiv+!wGBe
zx;!^vKD_TGoJX5~5OR>ziGuf7vXHY|7|@FI0{>)9?Ry6F@u&TFxgnyFRh=}lBh<*c
za3jqJqFeYp)IzvFn4yxMwnk1=tjb2(yI@Uup(*V?$1AMcGU>=>{0|2?G~+!SCwNR#
z;Q!^gE^(hu<e$Pupf1xGp{i*~?i~Js_@&)1<KUXIvO7wx)7ZaL`~#_T_~U!$@Uy?2
z!|(kX?!P(3FTGgXK%Kvjf>B<ZNQ)m?Fw}9u+Gu*9D>`Oj1l`7a9D33$4EO@-H9?yX
zZH0>K=kR+@<m{|!a#>dihCQ%CwBSBRthcI~oZp?|*Vo~0!+`o|`&9Ce#dsl-as`Vl
zg?Ye~J1rAErlF3iAD0wjFJDMyz5F9wCE2g%-(T&os5sDXHr!ztMwwiY;>Ro}L+mTb
zAxNeyS>r93Yc=PnM0P`y0pF)e`1LiSp+y`}F9ANXn?>1=#(6oX9Rq$4-KTk;!YWvo
z+N({21&`|l@PzvZUNY>iHsuJxEe=DoWc!J)?1j#;6^k$DT3vn?tSLCnnjtAYm@7JB
zI#H5$Ypes6oU#KhM}%=%%<u8Sh%AAnTh&}#8Lwq7y3JAJSu%Wqbij|t>OK|$A-FO1
zy+0crA>>UW|L$(VIL&IYE)_lV+Tbp#SRBt)6jhtzum|!!*I+cal+OgythDbs(Nbs1
zst`QW;gfCfiD1}NXG*Q`^Q4PmL@OX_I=;<PWv6T3Qm66Yz>L3wpE<Id{d>v4+sJT$
zN(=7mrV9<n1jBAjK_v?<(Y~ba()894le$l*F6don8eReG6|Don(RHSr3L#j~0u%m>
zMt~7{X!=EckyVl{b9g5*W&^AwGqGT}R&aVwRnXZ3ST#6@|7558ByTt~$9;x>=#Nl+
zYjpLkwNd%Z&}R3}bc|?MC@CW)WsybnTnlo(nWhx=ik{noMRlgDeyy(|$H0BT8E9^_
zqZ<xuBblufnM3KbS<bWuzn~PGVcn8YXX;i#gJ*4p_D_(d1bBkm)>1Ds#r7%gWvDat
z3Tpd%%&~%0-G;-G=MjU%zk3>^Rq*dNpfWUO6y}gR8}j-%!*<sOKxz1UtW}u-gEf&N
z7&rJQBRG=G71o)|6%sB>!thLzB@P}5W=WPTW>_vra<K*Au>>XMA#)TM6Fj5FAsjgC
zzB{rf=P<Ogq&Q(XUVzd$|8L1F7B6Y^Tkj0y*2N<&Zy4B(V|LkL|4GUQG<wH&c!iRK
z<iaZ(F@KwSNm?S)Je^hqPi<ArnDuNp9Thp0@fon<%93m~m=IZ+qDp*ejfg>C_JMBE
z-IT-yc+jNFG&|T6=gnNizO|MZ=yyMxNd>?Cd;)1IL+UM@_NYuNN{1pnzhW@DQ=X#z
zc{eXCl{};0eLw?UWNx+#FYU%v-v~+$8WXN#RwY68Rw$((v|reyUIV`))@mE}V&uK#
z%eZx2siszSIJ^Mu%io9J@_&}yEh=7UEO`1y!E<OpEO;6Q=;84W(804B;d!Ymz>}uI
z^U8pB@Z?9sg8^2m4vp%D&SftA7|o~rbKuKJdXs&6&Kxs`NB@+#;K#Bw%}WaOP4!B6
zKX4I^_5xTK=NT2JF~j}2LH*92j5QZN4mHPVi>D+8cO+30Mwp3mH`iHW<j-k`ujBXW
z@%2$gEPVYjLyxcDX0)f@16=^H?i#-4WwgUrN>&uUbn`hZubZ7Wqggg{+X9iAh8W^C
z_w8#f+kzOhhz$-yDh&>piqY@wkow2TX?R?U9unCI?{6m~O1EGIm={Z32EPO8IeYym
zQ%iD=!i%mwcxiI&&#6HpATvf-vrrmULary}o5xUuN-(#}6t)xAZumGio<08RuLJ2Z
zokk0|)GWitGYLzc`18Jj6cS(-MQS8gK<d=LVA2NS+=!V;Bi-K9Y|y>783$bye%eq2
zh#H);*MUYUdr`s1-O`<mP>89^dBRj8^maXzGKB5m!w4IU2%9%4jIc`)VY4QM5q2?x
zPzJvPsT!ufXP7$F5vJZ%I>ppq-|Q4qU)IIM)E}Pj1XJ&~FibsMYvE$sGyEDqy_^!s
zPw#ir^V2mBJwMqUdVb1r{QLYQ|E5zcRld<Fmj1RSCYH*d>jX<mGsDu<P5%u)xsqe>
zQ$>oNpE4vpKUpL_KXKB(!B4lyonq?xzjTTz_vV<Gn)GZZn7XxzVJh3J<0sl}o5vCh
z%cpQ(4L4z&vzYMijb99!n8x;IH1WN#PdChTOD2I#fSXWhP@JaWD8$qANQggLeHr_T
z#fm6|j|%wJzp(n#GHD7~@aKWrJES~Z0`KsvPq9}{Si5OELLW6#01?4gGxM8w$m~Wb
zNM{);6;TB|Bm-(|>i57i%|<O9fdk}}tHQD%?I4WAulaW)-hishR4G4^8kws;c}+6M
zwipl@6!TDU=No&YQAk%sXu*suWi5d&Yc+!q%$TtBugss|+5KiN@CPk`l|{XC2-7(>
zZnSXW!YRJ9wAuStD2$%3LIl{OZ7s0=-;5*(A_;=(>tdJ$tw@5OFYc5C&x|D!oLQkG
z!N!Zbh3TkH=}#0m@w$!zzYo2FULsfY4^d!r(|=EaQL!noZCr=~ma-@cpg!-;uSoBd
z1aC4D^w<X^cqxqSAF~+=@-{?};EOGc1cNqMI9<G!nD~G2rU?971wH<q>7C-gr;YIc
zNR<x%SEondzk3GZ|H0RE`0tw@f&b%S{D1iK{|x^V#)j~}YEn%6a~E9*{-63zhyU4G
z4FBubN8o?*W`_U2thcn~4`R3nh4B=hDp}3&7gPDt`^Rs9N~-o^B)NU+tK-wcm_Z7h
z?A0j+o*F|GXmRT(@Ckf$3WIYcpW?5tVXb6eMubrRs3XKvp*PKKZw50%^vFE*-_v7w
zY<jHA4bg*h=;(p8aQ5t!7Jp-QX^H;?TKqAL_OCBvv>5(z1TAVeF<SKb*rJawv+PI(
zqsK|4hvg*FgFwqrZ@E5#9^FeAJu)<U+}1NhkBkU<WB@%1kRHY>i5_#8GkRn&dR*R<
zVKn0;MNCs)BAGw>##aVvZxJmLb#GbJh1$%Jp}usY13F}c=#UXbhb)9}UT1X3!m4Mf
zBgQZ~l&j?vLv*MJ(cwssU#A1FF8wxw4jF1$CZod}Yr}NNP{(;09iCcC`b(5Nl26$~
z;^@H42yygGkzO4A)T7hEuwoP;KTx3?4DZ25cF%ZRC6&O_t+PS{fL7^G!qehvC$5rk
z(1n*u>cc&VMla497+x-^cVPQgD4l*jQ>z45xvB%3;5RgB<GD9|x#SPJk(Lebu(et-
zJS@^fk=!G+RMP|Tb9bt$XCx5&p)4>Ew;ImrfT)LZeuJh}+|xTWhHpLoKa;6Vqe5di
zPmC#3-%h;{nR@ltI+<!2$oOaOM-k)r>;}d^Q$P9@{&{sq1piF8>-pzTsh#rA_z}cE
zZ!OXB&%9I}|HwD%C^sdw1OBn466vnLIf8VVsT%(zpAC@?cO}#mY=U2{@z1+7IgY;S
z_d5RZTO#?#sE6WHOKkr6z(Q5+x+wyPS1cO;tURLwqS_Lnl@19_(CUDr|1<tsJtD+E
z=f=n6pL_WW;h*3x9slgeVEmKyVFdqtyq@t-j}K$<PozF{>$C_4O1oOmK(qNy87O`@
zG0@$MbqsU`d?exl!wi)*aS2aUx#>k6fz4Q|jBI<Yxm$<^F9rT*G#HT+qCt5{Od6;u
z7ea$YU+HKd^=CAA{T~rD81pfs!4v<8oQosuU1HLsVM+u&D)aU9_$sASdboxWJ-&TJ
zM~|0NkRH9zLxnZ*cnZ<uv*&g6D92LVkzJs@c4tb69w~?aXY_dWiV!{2qL}oUnS3Gi
z2<+6+V|_nHkF>u>(Bm&_89jpU|2y=sUlT!(pU3IxQJmZ<J$@QW^qBCljvhRGgqsM7
zqOb1#uD_?%`|rl-*W!V$M54jZ=}5E-ORM&}5(Qr^eo5>9ae4*%{jMRZU90}jsCMM?
z5Y<K$#-!S-T`q)bqZ@QoOX$m}cJq4?R6Fqzqnh|$#QsJn^!n}O2znKd)zj<gE}hbA
z^bn%giwkx1x}{4Sz1C>-3fT1Y8rOyB^~f_idS!NLqt_aZUhmuV^fGh_(d#b<|7Y~d
z8yce5@`9N3I%&QTdR2X)qt}eyj9%}&6G1QgYDTXY-nlS({osh8*VDOrdi`kblwMWY
zM6bgx9lhQ)x6x~(Mz3+XdU`2lqSv;kbo6qW+vv4Xqn9C9Pp@mtA$m3c_&=l9V}nEV
z+Idw>dKD&K2)%ZFrlZ%N(;2;5-;SWyZ$Du4^1ppy^vaPU==I~3dU}mY?37-+1`)l+
zI(764CJ?=xe0US(CeY^5L~gXdF{H93ko-#^s--=tquRy<qMG(S?y&R=egCHZ`)3kD
zv>W%Y{~7IeWQAzgD?cXfR>WTj?JoXQN4vwl80`w*ilE)Dzcboh{+515<EomLq$-IX
z!65TFJDZ!TcJfcxFk2w@ijpYY{<&bQe>C1xW{@uuqVw%)-&T3?yRiO9_PJ++iL`lO
zhTd2I1A4EJiP&wy9im((Hnd90BJ{pnau<JX%}J3TTnBHPtWowF>clrq+)4hr_#VeI
z@e0+Q<Y$_!Ck1|Jy(G6Z3jF&M&HU3|r&W}FqOES}XMx^)jwtUIy$3VIq=<%=K9{pq
zu8*{yEpBh`wFV<;2*%Qa$b95s|LJ0&d$L3J+2v2|p=@QLya2w^T*4^@(ZJvtGg*ue
zWDn#5AU^O->0Eff9AB(k$+6A+cd5x`J_~KTkbPt>u!GO78VDqAj?dj_2-odyL09Qi
zx0(D@YpS~eW<3H_tx!E4p#W~FE@PG;AJ1u01yU~Dc=8~~?)UQWJNFv6JU<o<1l;r;
z48moP88hG(gMicd&qzGpFk(PB{CVj}X5yD8deRcm;;s36!RMpU!9FiVh(mly9#c0F
z4c0Ceg5HX}u~!J5r9qcp$leAd2_)uh#VBuHL7oW1cLCt@o(%QkXXCi)A}dC${n5@(
z-t2BMQS4~GuwI^+<trK*B!iqq!(mt@%SE|r?(a>UT$C3TLm)uM`sA+bvn6v)Mdb!G
zUH=%j8Pz+!OQ1o~uNUiE<{K6+n!aI^Nx`#{aHTv!xWY)TxGMy-9}bUdu#C*1WR`r*
z{Onlt`?PY->y>-5BxS+yVr5Zov2uH!q}+q9HR;SdxG00hzWTy&jHO%y{A89q)2wFs
zI7{qREdSt;RY{So>GmmQL8o=N`Z%T+b#KlH#9{Q<qB3HDVrv-=>RhtTRflAA9OeW2
z9$|MwaUx$u2V3xTmgHG)r4Xu~+16aib1(D)UMYy<tDZ&#Tc9dFwbELxeQP%GE1o5u
zEVh<YTP$rztGXo%TXEjXM4P)M0mH7e7+m}Dv$=7uuhEjJTu|P&BD%>ro1$OXRDmx9
zDS22mruO6n!%(Y`eJ_-cV=pdvC6FEM&wEIckEzpHd&ydlDk*Y_0{B*@0phcF%<)wk
zkq}*QSj7qX$jNJooiWk1JQc>kL?OajRO693tES^PE=Ti(!j(os+!F*a<~%_^lzHh&
zS%zBoWE?iXkh#VlQpYFanIMfRKp#vODS=FGT{q;cd$?|#S_gH>Thy1~^0Aq$=8CNa
zqTy?P^$x+4q9(!D6#V~~`sq-t<VLFG&_@|<Rt^I>w3|7k?oA|;m*2pmVnE5(ME1sm
zf3k24{&Y$bQ)*V`W~tjBkK=4x_{V;tZY(laES=A3*}*+Mm%W(DZ3wk6zyjiWB(jcK
zb<O7}H5~MMzDny+3w_|0B0gy3;R7S^Y#Op!8Ww%hm0lbA*g$SWXxn5f&#^EPkyG9*
zgvGry%jn8f>sKJAo$2oza%vj+_fiJjZ6i=!UFu5b83HD}R~KNC03?H_nhm~HZ18Op
z<g%H9EX=~@hsAR&bO@cz-PxMk$@IuS@i3XA<A!+CW;5r%I~Z)sF;lsN&60gzx9IXG
zPt{Nx@_z$uBM+355$NO4{I$p=9f(~f@CrDGCyf)`XF$slf;EK|dHfX)j~H~RLbgwk
z&w#+IL4nuE7zxcMXQX2<Wg!DwzdsazGBQ6M+OO5wtsL3o=4`EM;wOLZZVmFqpVPx@
z&GLkywNdX2@`J<WYjSH>X}{$M^J>HSrQkP(**CDe@fJSSZc!#>u(~q%)sw8%6JTgf
z0vR_U3$D=h3B#31x$=ZuWl|n{O<!M~eZGO<Lw3wSKMnGvp2|`+3FRz93dWO9l#~kQ
zS-cIc*le5l%HL{_lHd_afk2|<p&L;iwL@@w<AB`d*bqoQN(<fpkfxlWX}MW_{_q#*
zi_lLir4*rw>T)X8cKOWeYYohcz^uOTxfv(Qx%V;^#54NjLHrOjxQ&=7VO<U|auB`h
z%JIu|Eh+4m78(R$FarI<yd!)ba&EZlbH+ux{}`cbWow0AC=BOU2;+#aT*-yfcuLAr
zv%RUb9D_kREuylK=Bl;36KHsdnxcRqZ`L6?-!PzSvKDpAizbff`2I3`k_1l}G6fIa
zNb;y{Bpfkx7qDDi1?n3HW*(5C>6o6;wLj@_o98FodVkX4_A<W?x1~EmxXu483b)Vx
zq{HnP4YxjqTlG<p75@8S>_njR^rs<o9{-eKZsjWx==@eIoDYR_R+W(;RsXcy2!bI0
zzB3>JoL$rv-=e+SsZ=bpQ(3$^AIm;Dm8!SL(!O{7^&+k<AHC8G#i05M3O5!~Rv(XN
zW%$7=M$Ph2qOOHBJq$90r-wymdvG_F^&oBQYZB$;B1^LTyn%_<KfSE!A2I9OqsekX
zS*huUtnzYIt9-Q~R^_i~l?yMo*)xXZnY$cBajKfXj6|`S_JiU=tz28)w23(AqYwwt
z4UAWQ^%KZ7>Mw)XBuUjIsZAAFjVtbkTD8wG_N1cxLCzJg-q;!ps?W7X#0M@l*A+Zy
zXczw*J-y|#qHhZ>j70Yq&<C%OJPUKRG+G!O4};^Pvi1fhv+%^furinFqqi4Go<)MF
zR9bP05S0(CYe*+65(Iex(~*im`7WBfF_Ff>8FhR=dJgl*RG63+FebnUm$L_R;Q<EP
zD1e>_f-;eUd&)(a?lXh=+D8)t7mt?S$q^|=197N<`XqS>!u)e@il3>je@Q>TwB@%f
zXkRJl>gz8~=0XuaiU67{VMtMiQ;<9h1i=8XWfzrUP!RNwd644&E}99yXW{Q#>32~9
z%c)X<xS?!r1%j^v5k%yOT!<P4cWrK4UPgaGZx%kP+_^od<Nwm2mcRUxoe5F)mLcBa
zD-SF&hP+oI?H|MGJS&#Y<D5yVauVlx)KebhK%6n}mkVLR`I#EKx_xs&(A@b0XkY_z
zEZ+r_yIQ=2G_Zbfkua-(yJjv^zWTr`IYIdtYsoJS<YLeRH!W2AWf3N-A)NdZq))r}
zT!V(_cz*6#;Q80ilK;3?ACj*hR(d2eMx|q#Qn>cUuc4>k^h$2qUnx_&G(qk0XIY-S
z@8)k0>gAbw_!oGdsXhN>epJ2}wmVZDo^nXUkX)S)3RhUCEwl5h6RL|NO=8vG{*t1}
z<x-}mfIeMK`ZSX`^k^tO+NXZ?qJ`7q#dOeK+^@AaAl%-ba~-y~{v2y>_OG`0<k??o
z@BN=c?cLdNdy>}P&o8vK*IxcdHU;Bv<CW@HXH!U>Pd*olejX{Qo6fRY|L}r-JEnvB
zeP{Ibf7Dk0+h=3d|EyO3RTozOo%;HfE7cOMdPmIa$7t2>d%peoNUZu3+tuGwtN-Yk
zSoQBY!|Gppf%X68bY%S^)bDCx^?PF0zfh~c{{_}x+OGcTXITB0$E^P%t^SSAU0D5x
zTB7UUb)MD#+38sIe{`DFf6E2dzp`EZ(}S%3`(oCAtyX{V*$b<GP`moKnAmDIC1(B2
zEv){RFR*@Jb9DW8X!ZZCC06~<Y4u-yf%V_1tN#>EplI}^^4glbG-fL~S}Wf?6S*HA
zlmB(~pTzpre`pj4G{>rYS2L^o(PyIeYh&|&lU_cozEb_*G^_rxnAJa|Re#Ad(efcW
zUinud1`H<^lDCjffvMpHcU_tw|3vx~ZtfiHf$|sg9&bz_&FY{e9~NZ4`nOct#{p&k
zfVPwLaZfgP@>wQpq?Tfi)Kc_2dy)Cx{xkT-x4~!7!I#nwzCQoA@a>KXo@aiVC?5)|
zr+?|rwiGSU9}R)%R;E6I<yAG#n{aDe-WA?flWdI`_7<(FQSod1Zfj67jIv7EP7Jbo
zkZjtI;gd;e90jPeP>)ZlSEc<Ior|#_eu4e-rAGA6(AK|qQ!l80mJa)Oe-C~CZtn5l
z_K)KKMC@Z3aHFX;(Ah@Q(tnn*U8YrkH<P1Mdw+3Q>5svKt6b5u0k`JW%z??Ay=gpd
zQHu(5g4|S>fWB|K)-S@P#GCLy@EJAOS->TC{@tC!RL4L%|Gt?Etc!prIvy;#+mmy#
zMKIK0s#GntXh}T_r;x{2J;=;KF_oo5J|Z?85#a-t1}6_Aym9Ka|4d+;?{u1nNoNj<
z?(=c{a!ee6m5O}v@tmztmdr2jVqjkK*{a}f$(Uax$v+70AI=FL6ICV{)SR6WM6nd_
zf<MwOi=9t3?S?<nZuCwx3AP5;0nzrUD?aduAgjOtxWnW=Xms}1uTOGCId3<{eiDM4
zgy83{qf$0Bc>3JJBGHo!54`F4ZT9Y*o#g+n<n0jT#SJR3)ebY>HR7EG?^^H<W9T+8
z0Cu|?CVTP@f+qh49W^X6tLHZ-P%aKk{X>~?<cR=ny@74S7%8bwROI6b(D^C{hJU;P
zBgg!y%eJ82pJmyRdQx*g$0)w;R^vh*u;@wY@-Qrmm7!i-GhIH!mC2Rx8;%vrjb7DU
z%x`F+I}5+z>k|2AyZ2nW=sjk(dt0H?zGC@v^|2}==U#86b05Lev)~3ia81eRn*}^j
zyp3Nyont=ezD=|Gl+(Qh{aMnX;FZ3tAOoFO$W?u~Am3=s#k&IZcM<Te41HH-;@vD1
z0drvmYUx)_;$R-E;3;?x+?NaT(^gvXc`B_mmC4$<gs*1!fO7hYapqyMpH5Fdu(H#d
zr>(Eh^)X7$F8I6|8Rhhol9ziPvt}9CV-`@R(pp31qyPLR+o&?H8^(oFU<*oL^uty^
zI&095W9zx-^MlCoGt+^=wQD71JpqA%hz9U0Fv1ib4*r6smpD$;g%21x3M%$J9j(o_
zW;m2Vb|j&tSUv%0AHNW3n7j>Xm~!WWOpafj<bVNeuvaHraUqgLA^Q)*jCIc+j2ypV
zF@}U`Qjc9};zW4Qh$T7dKJ90My{_0ApMixV)NNW}5*C`rV&O>jL#;3w3%gR`DD@R6
z#8!DM>^2MqYp&w77N~c+jg)tJ?ZoR=<nG>b-zcHkj}axj$FCN=hr1f~AS}0ORi+AS
zyY6{yUVfK7uSv2BZ^9(uFdV}n?^UlBy{!q9X{HgLNQRRbNsfZH98NH7x@XhuV!1in
zr}on7>S4d9ZniypOR;=hje{}-tY-#=Ty+PN783NmGDP?0ivkw-+sjj$<Zii_Um1td
z1nNxI3^BO**RC-9)EQTz-;}S8%MgMv6SX>qj1lFlMP;&C%05B)>=YoH@;2i++cyGV
z_zex)Z`C19X&|-}1;f{(oQPit+27C?hEpJAy79{!kZacy^VV@=g<uVkQvGSPiJRl&
zZpvVSVUsxIqVVSpg5gW7!F}G~8Vq&B+c%)~f`lRFJfr_`Ek)qL+3vkx(m01<j3av?
zwMJUr%m{Avl-`~{0V5l(XlV@wJu45v9FpHO7z>V50Y3-|-uasW3Jy}i%PS0A{`cq(
zz2ZBJ;I<#5Q~OHM8xAwo<!mj<Y4ZO9g*jVucD8}ZS7I<i|08rxdt5%IHoa)X_eENa
zr#!j?h8hMz#?#W_xFHkfeaRC)!I_I$ZR&~l@0piLhi7IG34Jk6LNPmj!asQ2>X~NE
zlHgZg35IUEI*h@Ec&n-@?`elYVrT}+X;kx108kO+!d40iP4PgF2$FK6wM<arBxQ;j
z1{#~od|oEtB&)^F;yQzj^D-GHSu^ZPD#|c+3T#(;;E!B#&_i&{_O&JwFPkK}L7mxR
zz?oX0cqHCKMoMpBrz8L{v7?Zi-$#U*Kt4TZmEiR!ib1cqtR;9g3itYjM}=jr^v<9)
z%w@SzkWaLo55fDuLy_-K@FW9&7J}B~U6|G;pG5a*gDW*>Z(w0g6FlOd1;(3iu64-U
zME8MKhv&MW!}DNkNsfL$Nj~fT*V3G$4%^uR{+TV_pAwV46O`VC)kDY0=e<W0-9IfA
zJ-5V_<oxKcwc7b-Hru^FCfbvZNXp>S>e=}Q5DDExd7o(e*7czs&v^Q~4=t5EQw=3K
zdmXlI@I|fN`!DzcRK~Hz)qVR*hAvX}1T!5b$Cu>n4BSgGH4n8)9w8`sX13<+)%$nL
zC++S70HJ96MuV_8X_usQw^tACE&swmga!e`CegMR8mzN>4?=^-BxP(#wX;8fc&wWw
ze<|7axc>eI0(cO*^audBRj~QseXrg71H6AiP)3ZePVOZb;sj+r49mK<krjbXL2i^h
zCfwF%N4!87B3^F^1-5q;qn8h8iu4lX&w;+4$!4n3c4A?V>EVQ|L4&J1U@5RTCkRid
z{zuHUqI_C({{YyyHYj**0dh4(#cz~r?Ha{ShVk*8r1UPT9y+pE-og;#@Z1at2}(9t
z+dkv7dk;Yek4ws>rPYf^8APwz%^`p9uzlltzo5xyaAw%u`{9#`1`G~qI}M*~vU?9C
zmLzSGl(^FBv~;*QJjuC|+(pQK#B8rN<pMRU?=;9h?{QEk<LuStad@B3?u{(+L<ak1
zV!yK3uXy%rIQx|Va{<*=nkcyA%oL#4?Q7BEJ>3+6moUE)`s1U~--n@pP6zlm{r?~T
zUNxN%X#_-?G(?_@fyfT?nZUATJ81al(Hejxkxqd1M#RW1s{nYwFUYUch+l{7Mfr6`
zC%+m*c}H7*QhL88@_osZmns^3l5)G*VLP<2tAK(l8D+t|oUMM!#3|Q{?)^Xn5k$gu
zM1(eZaE8ePhwVh9Jm>-V9}yB+4$q7@bjv36Z?VHW_N1eNGGu)9y`xEFIY33R?Qs1)
zB(WTxLKFz1t-ehloEDUEAP_DR3|)oniA-XdQEJEyfjh%Os{kM@0|@s*G3~d?TkY;2
z2)?hw@O>sJT>-v}<<CO!O+<O+uzjnOS3^pxo&5klKft$LvVEb+s~<pKJ#4_7)FiKJ
z?B4zGe!ZY{9bauq0w@K8Pmsq6*+pgy$ore4X`E!h#D1vEVA5Qq{6uq9V!n3yLjGg=
zqq&`E+XGa0@P)q6h|H!s;DxAsA-eg@f%BQ<vBE;L)scPB;W4E-F#GfPlK?lymv$I_
zcG%9f@yOP|y}%=-24-IX^P1$b0|l-@3b6e?`E)1vKOc$zqYVFg{^+Oi2jG8O8-IwN
zYZw8xwGjYThdqD*U84A-Mv_ki?xw?^1Ff*O2j~QVZYLBo{;0>%4&cIs6q+7Ol3-0?
zEUoTqvCG@-u(CrD13VdrFg8SrnLb6;_x8|OWRqmu<a!raq%W~ZnE?gaCV1Ni@+RpE
z;E%%UJcEuuP>Z}fpy!Wso$`m|NhXdUX=`UAeA#I>-X(dfB-cls4+4LPpz|{R5Ey?<
z0sc5C0y#sfPT!5pn5c1;K>XAuuj>{bo#g48nA5ZtYr{1h=dgXrue{R`;#Jgi0M(|P
zroauDaUKMP2)cuV4MSMt!UT`l{RWT=xJ^0*6MJEG-%E<+?SNT8tms)li2YWt@!Z=7
zB(op1nNxzT(e;tNsRl5Myd-$W8*;Wvwi*x(AQ_62wt_BMjiFKFBts3xZdWD%D!mxO
zU2cVCJ<Khp1*F`RW1L*~{&SLN@_7lS6PQwf9~Pb~Y0H;xJ4^Du=0GCN4{3RhsFG=U
z28T8&v=za8aIFbcGVDS@%}-bioRMdA$a_$*y@|#-mq?z{Ap9bcR`UbA)4Q}fxrfNM
zMGgwK(*j@gg<u%V^qto5WC3~(j4sXo2P0_E(prfVY%Toq*YO_BS}5mCc8ieRC}60^
zZov8lO?3v>{r+VfotvHzU?LSfGoZ(la0F=MvnI^{J0tjie0AT8>@c@RGCydL4UCAz
zNqY;cZ@dT?UuBH%b*;VuTXUvEWk7xdEKgvLdu9{Nn@O7rtJ4xSd)}!O%?{V%<H`J?
z7p`fx5;PkAcQ`Y~^Q%qWwV7S~@?VamZxBgtZ(>PhP5E~LqX<nJb_#MYQLb@h?~o|b
z`&Jl*py}|yB8d_#K0yDD=U470o7|MY)n;;&Zcmd%!!~>H0BG#A*Cl0d1$A6EUVuJ)
z<v-vffT3^qVtFrsAbj~RF#?3W<=^_BHeg~126_AM?Z5i{r8uj)TN3SSagP?{biD&{
zG6PMES9iey#d2U5^Q)&AK>09BNexgM$5)QlO5>o^!b**NWq+;I2&L())WlaNX{9F7
zdmw|A#`Be@I93`DrCF>rfv@~dD@}mX;jA=~uk^9f35lZjhg>OXt9>o5Mg8y5ZcB^N
zzSbBCKJEa8!GDR10KYf{{z@(ad{%07y08fV{fG2oYyy{Zfm<CRB8MqF+2XL(JNP2Z
zGnp>Qr5TbTLCR+A^i0hSwXwbkJp+MZ*hY`)@lhZ(ssPw0;_b+ME%~PlY!UfKm3Y7I
zH|EP0l$F?ZwA<J17v=)8<j-i2j?B*_<#p>kGkrwsYUe^hK3jrG4M!N5#qe-ut3biI
z)%Uz{$h)JxnOtR!$d`OB$haHTbC?&m&Qea)z*^n&fpxeEgJ7G;u-d+c1;_d(r$%j9
z+MR-<Dj!(Op;3GAtE!_*d-<!Nsj8#=<B!6X+Qw`^vPw4AXreq^@VrfRf=~<yxaz0M
z1^GBM{f`=I`rwSd9BaxUpMa+3KvVdF)|4p!Gx((#^hvhG)-1lV2kkij3%94!Cn=*^
zM9-2S#VHuCSl3AMG1l8nHE8oIc;ZW-4e0HblByq<R3KR9V%ZuA#CUkY{}36M_LLYv
zKW)rp_}eg>Yln#XCG8Ob{U`19nB=)U9eN|Mp7*mrec17Fnmoep&*oUm^0$)gXB9)O
z^OxxQ47Ea!VG3{#(mI;lLY*vBOlzuYmaYz0<LUVvKpXgnB3aX_wl2wrf*~8R7dL9)
zvl!Ohss4Qt^$W{3BS&?#9}4`|1^Z5>@o2;@?~>2ETkVf_L-X_DXu%F74wTt3$^9WC
zD7-mA`IIELuERmR_EJ(P@C*aQnwqx$A`SzqwFE`JxDLjJ#22^FMl%Jh=ZjBJr4nDV
zKe$Db56Oqs6K}+E$ki~09>;`=%8k~vlFFle<x`}$08^pF$7_PdTzr2Fn2KB-LEYbP
zAd0%D=~>M9sD^H*H6u99nojI>maoL5A(NF+=a8wwy!6lp<R#aubf&14-L`>7)1gmr
zG`Us=ss#-sTo_`ll5(##eX^2#E`m~h88A&#L%;we4=*N2V3^v2yBHWQ(Ej5a@@#aP
z)&tO?puM&-4SkU$fOiLiorOw(83S3}`SC>@60?hrm@Ho>OnsTNfC%mUU&`dq(5nVx
zO`hdf$1Bhpn$Pd&D4LdYsOUWiH2pDZJvmXy8-y_^<?n-KxJ3&~yo0X81wfXn=iu?|
ziactKa}E%c1qFh#NDzWwU?Liw_UZrdT4P({2+8x_EE;|J2glhs)xRi?v)3gUBqjfQ
z_$?`!`{3fpKIhB=rM^8pS46<G1>ia2I&8-yHc$R@Sl!^2aa_Bk<@vwINBcG;a5&E-
z;{nZ-1mvcCH$GUsF@f_pwQBa|`43>(Z5x@($vPKHWqGLsQ(4w(O%26YHm+dVE}zq0
z2};|e^S4Z8*zPwDvF%JiE4;u&_&yoGpG@#L536<Y1WWT+grBv0L%_;_Ie>+`HZWi=
zcUd}#PneF8(meUA@Qaa;0BlOX$Ht<qe!K@Rcz~Y$JzBDPTjMFe%QqNld7?y`-G0IF
zjS#F8JX3Y~=Oo)Bjm~@FZ;P{BvW?{{pJjz+=OWNLDLWHri%Y-81yc4l!FvX@<ueB7
zrSLb-*#rI>T?-_ejjy~06)CsZ3_qMxv>SFzxvk(s11xm-Dm+UHlt7)0p%TnD5*P_3
zEuoTsV#xr^8Wk$p#?c{hTQ#`S5XQy7YO`@p3ua?*$9v%3?EeEkSkn@ue@jJM9bdVf
zr2Q{~_dLLT-XOp{=H3AeIy4Ifi`SngtYxnUc@R~8!Jxt_){hzM9-83ELn+0n7jMMV
z)6EV!?+6T}CEZ|zvIIJ6^Cw$_4#PoAbB=C{WVQRdH!zA@=Fhpn>GJ4b;4;x;IwHvN
zC*d~dD3GrKZq!kgaU6^?mo4hN5qEA`Lrb3vycX`Y%jZvGL+ayWeK_?`$G5_L{K|Ei
z?A+d0Y)wWXjowaVob2<V$+zT*e;HrFgCyLVx6px_iZSdM?~O-L-gGlAe}6vX@{1?1
zoUW;GZS!XVCeO`fB4rfm%=t<9@!JcL4fEr3kqvt$;6>gIixXT<cu&U*FoDew+z0og
zkA<N{2zmudfY_!#*=}icE`Yzle}b()Us=rx%}%Ef+=>B;a4P}%4{EIg&NkBOg%1ov
z%YW@B2q$-IoU=RP%H3*oEfH+#&im<18E&rBZh#v%;XaUUk84O^CRE*sw;2HkZeikW
z&p;vEn(?+vU<`ZJd4=Fv2t~V{ypVlTjb9IlS9)GD#)g^8S_HXgk1<HrKv%8i286+r
zfAmVgP1$lr<D8I7j3@sWEYDrX#MBzJ#eRz+^Pl*D{}{y7t0<;C@o%k(LEC@nXzO3o
zp0@XzLbUx2*7)c;CRcXNW3<f|qU=*yzVp@bH(tqT`?^l(kA`|K#d@Y!leD?yN|fKD
z`{TuS%ITzht01m}W$A*u7KZ#O*RjCOF(!iVMnfh0U2GzNigu00it=~k#dg-I%P$&P
z-&xl&O(6dcYZ$gHF64dd$$t||j;vw06j0>f!VxZ4;e*<>fXfjfm!kZ|SoXkLh7I2X
z3>#OJMv8nJzVc}W8w{^&uOydl*X4&~x#8pc!Mkutz{~3RD@K#_?*^6h#Y#%g1cT@p
zliv$}i3Fna01$Q9b!Z|V-#p5O4Yt5V?E^3c>L?di{zfdPRFczQ*Zd(Lh?)=l<6ckT
zqV2a&Dfefoao3@v*`pRUsf>IGLblsV{PR$4KCa(fm%$`HS5TIym;tnFj2ZnVe_*l^
zVVjMx@kEfeFTM$U%Iw=_f<Rci=&4P2pu^bvyfYJ2q4^&o!|vNa$|4!?zIUIAqZBoC
z?0Ivo`oLszOSps2ivIxK=Cg~f1#thoc0U~M7i;$!a6e1Cx4?Zd-J7h!nyJ%@OQuZe
zLW84>tc{x0%UXJ{L)Ru|I(!*4v<7>;(wM)~{8~I;RnAQ0$tg}f1fwJbRFr+uul?4?
z|98ln1*N}|fTy97GD69gfMs52?m>Fq6(S~Ax)HQ(7@pl&!i|?6LuZ*<$ul=y#1oBl
zJLq#(dvysH=p*{JutXbM(gS@ZR3I^@oqG44G*AZ5lD$zGW*yC-eBtE8qb!DY<tF)X
z@JnXg6JeXgw~IWVzq<}?lKQpTB=z+bQGO0d9#>dbJT9FJ{6S}>w4QmeU+Xb*f%n2T
z*Xr}k<EP?Y%Z1=WZt55x9_8Q0$Mw7a&+t*V<v+tm>0>&4eEl55$Gm$i?f8Z7s<+<+
zA>f^kLLiai+LxLIU&0ua?xieMkIol8y>=D6|J%^}nC79>{D#40Yz%hvLCAka9%WU=
zTiB>CVO~V=xvj;S0pBOW_pG`iGoEO<x{4T|J&_FmD0iA?QMzh>MHjDK@GP+i@_w>x
zty8};vX|RxcKtc9dCsabG=5S_wU*;%)>5>3`Jnn5d@!?iRV?@lBjM|ZKncF_X2ePx
zaMPlIo4vFX;KsBE?#;kvwm<5Lw@=gIGt^cG2yLhDQ|yGrR&%(MT?C~xox&E>Vs>M4
z!PA@+-ytWneSz=rhqnOqDR{$NtM_jSIShN^XTGn^`EdUj-J7g9{l{t3zoTvXXY;;%
zfM$I(aj>Wc+~QFvKTorob_ylpAu>xksm>Up&8#3m0mr@3x5#I*hEbfR{){@Il4qr#
z@#;?@N8UD@<iFEoxljGgTsAYFyc%Xk7LSs^0%=Scy*%-8S~q42${5nthTw?L*ofVL
zG5^9!Getz0<10v?JTa6gYXO;d1kxg6!@WWtMHI=yt_q=j3kv^8$+XG<e?Wl0s9N>m
zktV&5<2COw)3J2s<9HoMK92a6dim2KU&euO7s`+2;}EpEg5KJ;5xV#bo`*xC1JodQ
z{)=8_&l$=-9q6LVJl&ln1Ey{sTuq!A&_Hji#)XNg)rogn&<k>6=hf{BSGRX1V|4h`
z0-xe~b7KZ#r|@MoW$Y^WjAIDxJ@2{(`5Ks0Fo!$lWxVVK1{2aTavQ$m>6u{Uh=$$X
zjrJGQ*{?@W@$bGHJ;i@^M|g@S`*nwMC31q$lX1f3?`CTAG=?lgR=9#3Rzs}tcvTEm
z;HzqBe+3wuv4dIjcN)mp!5m@-Es$u)?^VF6)786kOq9P(OI6jZ+7_9)cC&%4okx70
zUSSv<sW7abZQ{Zv`tJP4HzM)Iw9Ol^#K?b`3X9qb3uCa?Wl*c$3EmlYf<FPs@ZZty
zg*(D8?7$ahM0&~J{988jG|jefG2)?Q!DQ@EGALQlApk))F&|PJk99mT|Lp#^CuZ;G
z|7R2P<s1I9iTRyMnwVj2upd^*Pwd+o3{TP{S20v=zdb6RE{lbOdA=uU^8!fo2=Myh
zG@^;c&xtYjsWbkNz-bcSonP@ur<UF|TKsDS?E@TiYsYR6&WV~&u>Ch3G273KXn&H{
z{_dC9@?hBW5pcAu?-Y(T3=Rbd8+aSx$N@NLK2{RlEe2<NV~}?h3Cb-N+{@^TVWQmQ
zIJT*ASufV^hUX|my%3r!(H_zRgHe;=De6nlB}5v*-?6?^DYrvQEJJhU$>l_#z{mLG
z8Qb<?^!}!x+)SV)Ny-p3Utf@(bF`rP0SgNOVAciH$6VED*v?ndrjT-jS!_5;*#+n~
z=qNcyMfslrixAu*!aOJ1j`EdnacHfWXO(PARo6ky2V&yeTZ2_Ku07=Z;4$4t{WhqA
zXB2d>&fHX7Yc@ES0#n!G>5$Xa=q@nFF})%YWe4p^TouPJzlH|x*>#k<VEO?<s6P)2
zVWq1<SB3edbB=<%Z(9$8+<aK&oNj;=l@fr|b=V)r-UFEYr_q@kJ&F^dDSx0f80>KW
zFqaVX748u;GV_(MQ5!=9atAm<`T%0>O)8#h7BsBANn;NLY6(I&%{m;T1@++jb0Xre
zE?q+Wy+Qc9iqLmR6AH<15&FI+#RPY}hfmOuC?OL2Zo=L-6>kD05~tm3gE@%0gL$Lu
zd}@Lpp%UfuY}R}1tpwWN@KNtXxx^B%37#;ZRoBw_1i-jMvnLJVuUcgIlMsJ_cm@yC
zBqVD$4ce=IXVzNB6)0<8P>eMHykT&fFsC~nBV~l+J2+=Sc>=ny1WbYl!=ogNY-3+e
zs~3Em*!;UGosx=aRo9zCRlALGbQlyl-Y*Ac&ed&hQ_zcj>VR$>*934GoZE3)J1~~x
z0$z;&zP8hG|DG2A9Teuk>o~S-S8fl9#dI|<g^lbFZf06t-z&Fw%s=U*_)5w`3!W$>
zIh0{E4trs8X>>x+Z)LJ{@oW@6PONb=<MSVJvaztjoTGtsojnRtsTR51`6g(rlI>2_
z6_DgsNj{*~yg|J5&&XlObgWTc!IS1iJR@f6Dc}tS&ndJB?p(vdu5bt7l>;Bx-ZS{8
z0(wM`9-6B8+K}qX_~pemNMOA6#&LRkA&|Il6*Gm|qk7K-gYOvx`CGp+7>=h9A+IE5
zsf7m5OY{MzEE7o~Hu5X5v%=a?(nNGSY5pNHX`&>b7P7q#`5Yd}2=3Df4?T!Gs0}L2
zy+HyrFq*~l!ck-@5ESS>h6?f|duj7sZibl_#wIk#z6*XP*tRU_Dak*O9fl8WvXOmS
z;}-By;!|tZ{)w3pC?|qG6O?J$Et0{HjkRwCGy-hp-B2qH)XMhQ{KVpUwS{SmSa&5V
z51DYyF$^8-D6EvAGBa>m9bq08mZl~C>T8&WSs>zaPJ3-Gd9TnyOk$C^sB9k&@f${&
zSe0!<j<3QHGfePxNAE9R7IS*Z#RE+<@rOfs$U;eJP7o(w$;h}Wij0lz$asRt_;Z+y
z_eYTt;WO*vYcb53L?zkUA#sDMHG#$oLJ~pW`89!QNYeR}v^GODq-JpcL07+?m_hZ6
z_^3)5J?C%Jr*>`A)2cq`Ji^l(txR{#RntHT_rK7Jfn_M&%^~&G6-*&}aRtj2HsX2<
z$6|C)HXOHB+~;}=*O5G$sg#<=jW@YQu&_pDAPy#(g>l!Yt_-1Sr*jz7EQr58SC_wz
z+8|m_;2CVr-gfR7l!p(<OzcJSrD`h$W)tPl9DMN+p{hyZOAd<4bTXQ4@T0CE%4fue
z!wy>mI?C{cKKTC(o|QEm78;I=@(wY(1<hR^GUe<IjFLPLVZ<twyaf_p+$?w=gx^~Q
zxP=;ET6XY-tuUV$9m>`J0JWhdZb2W4u*UI~jv&k3oU6W&%yIs!=%;Cl=rQ?dX$%!e
zd?BbT61pCt8wO0*W-OKWi+tf00n--#f|ZNPFszzieizo!pdyn4e~)n}OH_;px`a89
zdG{M7&(MNEAHBUGumrG$%2y7dm9mSI#w}4@DxIXCQTx3{BKjLTE5|w3OsPmQpJ%E0
z6#sz3tmUip<_Ciu2a1yimc{&rUQL?}u6)2+;A(6bxxVddy}zJ?V*>gu1O>ze%n$yT
zDGz4}kk2A|mSTm8Z-BlGoeLz2=sT%!f^7$1wGdBS#Oql^zPr(R#_da&#x2IfeZ(6~
z8d-dm4_#|2Tf^(DTy;ePn<XE=md%n)!?tVwDiQIc&XOMOGK-+sJ)v!hutkfq2qyyP
zP^Q9ceU*7*YATHT>bUt`HRtAcx@u}x0L?EprsL}`((68@$V5TPlo_f-p{hc)+nJte
zmrG4BhUowc#2v5Bf6~l3<b@W5yVuX?`O^{+SPGVQFt~=1K}d6;dtgvlBRFhg>GpOi
z3EEc4*Cy8cRWl;<lW2vDX6VMJJD9qL1&8!e{IO8{*&U><HN&cc<?h=2N7CaEEnTp+
z+53BNEQ(?!`RYmXdd*=FB)KN*KkauJiRE%8f3?j7OK3B}?uxmY@O1QM0!k>gxJT4x
zLIJ)b5LQ{(&-jfqSq?AI&OTsHjL_OVL@xOh5n^w;)YLw<o`s3a9b81H*c;wONqK3T
zq#O`qcVK$d;(zICmNR}2^epgKO5KgC{<+Jvd@;Xa3By{Zg;Qqs(~5qYri-6R(sG_C
zf1#-%^0_+X9!fq+TL2VxFoUAtd<(iqa0ev<$0YYz=zd?h)!9c2HwMbDdgv~IXOcsi
zZ8iJRz6Kr-V2Nd97EZQpCWk_7$`I%e_2g@<>hZ-_H37ye7F)A8XCHVYi(_>~zHu|W
zLG8h77S5T9TbmT>tgmcF6=eYNE)Jn_*D>WU9Vazhd||wjzZl!p2%vBVW2l~^&ssSl
zBr7%NSa@8ZJ)V8ZW%O7;)+l2;n(%m*#*TArj6dcQQYeBk?y79dZl_?l3Nf>I_jaoO
zbk>`TVxq-$DGb+nAtPVpp^N^8JT$tEheknR92L%JE1V96N8iT6+u90m)z8cKX?sc;
z>f!}3FW*e7(EN|+D@WT`lK!iE!(WZZuWo9$Rdspzg-m?ml6EiHNT?oE6Y%lSR%+G$
zcIP_8zs|F7cFu=ycEgWAA_$Japa2)%25bJ!F4~$tehm{)K!xHZW;}a$c40zo^pa3S
zyzSb%wbxj<a6G7x|9>yheHG`VaJnPoStQ!+E82Va!wm3q*7jg1z9R15G?kh$JeFsX
zSrsqmD0)-`DHFn*G*jQ|bg{OFE!GY`Xb$b`KwH&WZSlU!1ozb#J@07~9;e{byR#xg
zO6m9ipj#L^K=M3brtkrE2GC$0FjM$mGR|2uV><nd7i?bMT}!?^Xh4QGGYv<z{Z-BJ
z-;-CMru-f!g*0vXby!q*K~CNw`Zi-X9k}Q2ka<|<YPry9)e9@$9omYw)GXqHW1_Yj
z0K>uI$*YTW(7&-t=b)bv(?MUqTX^2!N<@DRe_)n?al{U`hPD_ps8}DrRxwC&>3&I0
z;w_??Po1ptsdi8^>}W9DBFSPplxOg%JQQbuvOOFYm2ohs4##i;n*f7x&Vhh{DT0#2
zT9HTXpvvs#P(QIk>YL=r+tLWcbr_C|zPgGHi#W8O<@NjRO^F64Y4qKP;KHJ`1^Gs@
z9de}#!OuWFQH83bu5bL?V6b2){0=#%0mJgX^8g5DpPIC7D_QVNzDyr&tT-aRAMq_H
z$xAUAHYk#kXH=c&u4~k22@4bk@L~cu0^S4z8z8q0MtH}E;q4{_w?hRghTZ=rkmUfd
zI|TMCl+*?Ub{mWL9SYKiP`{8Fu|FEMpAE3GkQif-nQ=QJ-I;)4Is+z*e<3y;V;k8-
zn(SJ^d)6qdee196pTNKSjg;LYcw3Bc>lF-NBb#S$;j8{knk7y;<KRQ*qKO{UL%^9n
zz&{|QPKS`$crNo@d-_euj-+2R;-igzzmAWC>WTXZABMebp2$vTy@+CW(2N}(tB;;Z
zp1J102t7YhN<0{9B^(=a@Jl3}eRDbh#8>vDy^lv*u*LqjnV|zEoWWTy$;Z{kOpXg|
zKoaz_G83?FRy_k1gyjz=USjg+@W9yehl$lIB+s3I9+jeq?58cXiDnjj#Dgkf!_kQS
zK;S_y@}R&D7?AlAqt0L3`0v1=HvSWA$6eh-#CM(QAbejAvi8uQI+e9wAQLXW7myB%
zBO?HZick_R>eSs83GHl5(f;$&*yCwhD5tidBw(nVhU2jMfSG53S@euI2l9orZ!-?;
zBG~E|OcC8dqkTQfU<Y4x2>Sn1Sib)4SyYSb@C;m%Z@18<2Kv>@2WaVfTJ1~Q4+#_;
zlEH_=M!l$RYxI73D1MBYV%EblGZfkOQ&HX}DI+v}W3CxZtp~Nmb4ftnalpb3_jMgI
zT!TJbYB_A@oTA{lsf8_~)mN9AIT04L_NMV>+D{r!8{iwX4e%1s14~#0efL#y^WPEV
z<815u`t87FFSpw(B=z<2hkzPJ5f81K)%V>AEO?MWD?wOYUX6hq|N11Y9Mrf<b_Q}r
zWNWh92C(yJHXplNE&NKshz`htC#CmOnVfLDX_;WC5AH`bo)0Y=lJAPOXs9fQ={1Ie
zeyfSC0{D$Q`~0)H>~mq=^hx&V(}a>qf?Ni_CQTEI?9)n$;aC4~r2}=9@>J;{&Yv8v
zv@5H$JhIXmc2TlprM`mx_Cl#7T-z>VWNlrkwt<`<4`*3z$*i`);o2ropLWaS@wZH2
zwPn~RmA2KkQde6t)n?`V^TM^IvfBQ6C##LO#AiI6$?>TL>2(EJ#o>Cch7bI1L+Gm%
z_SK*7Z0nKeD3eMY3{7xTGKrz7U$}~Magm^;5Ga|P|EIW6r9D`s*R+B1%To*#U%{Yh
z;^ax;s@~UC)q|=U!uekeSCz=BO3<nTCYU~H;v`=|pGlLiZL8*Pc;A0%_@gBDQNx^2
zr;6><?6*jhr(&n-3NogKKg_`oQ^MG=un(V~69#<ylML|i7ePZL#1?`$i}S07C^}4Q
ztE2YG7<BkZS5GR{lg;^GF+_DDIoydN`=p{02^frZqOGcX(QJF7ZdGSwrZ;5q5>eU4
zJ3^IBnmp~6@sp=dYFAl*9b8ES*8t9M4#Q<;RXM{|iNGLJCfOz8m{2uebCK1UshSMV
z@8v?(bYs<A9<IhNO)0S#Uv~>*yz6c$nJG@4h7`LbT&Y`EX*a6$GA{6dj#c)~4zr5A
zaPkyjl_|);tPW>U+xLm|eSa=+1^d1``~G*c!-O09TShpLJz3!@T*-pmHH_Z2>bg^P
zgSo)|81@?J;iNw2Ftnv|BMQx_xG9HmkmtUPfm9bo*r9|hd))c8e_(UuM4BU~M$C~D
zagJ=WLz#L<$lxkn7l3u|JhmCJpqSQE{OWjn7aNOV?TH@-x3y)0C;xJ|Q42g|2z!Z+
zmEyZ}A!FFC_(r$K*}My%o=SpGL7qc}9IFskSMf)olq_qHz>RwRF{<zo{QfElYZ;xg
zsSl?Llq(^BE55ScgA11U57~EQ3j98n&-Sp{V||f6{&U2Bi3LM>-CienlC>ir9@?6S
zI`eo6sz=*%qWqQG@;L3#QLYiJ!$;GeJl6!O32nwD(pmBWbswxkMeXcdlE;NqUroQz
z7PEJsz`Z)qC(9Xxy^D1D$QixK9w1pGhJRrIbUL|}?HAttIL(iu_gGwbkB~uBEYAyr
z#OE~S>{KV=vRE^%h#;=E(_~S<Z)9;O>lU(YrN;{`G3|xs0y@Z<xC_3Weh?PvQv?J6
zR^oTJK!21`R!|UB?NG&OEg)oR8!3y%gw5WZcvyoccTmkAQ!vQXk}%t9qhhYcxk<lA
z&P}m{3g{7nc6m}upewnjHQIUa_?D`grC+cuq8C8R4TP-NhThNEb+ett3l7^~Xj_V8
zs+JJa4vx*j!8$L>RP9<)t909mzt9FWDqENY6XOy8E~WjBPEwoLbmxn|L-_l*X{VR8
zS2zOCv^OP5RO@dI4MochZG1E3KGw6t1=0EI!^+@U!IzkgEmSo*1!f4qc;?E-v@L0k
zUjzyq(1rLr0cgNjMmr?GcrkMEc#VrkhWX~k(9SaBomY<`A2+MNaWOugf^e;B2hYW^
z;Q6x>3!a47@W_iU2%hd5JZGE?o=sQBgeN{0JiTJVV~7pU=|?UIp5;dwJa=pGjED_S
zek^!a{3aGWd~A5`x-fW79%1l&yMV#->Qyn}NsR?hlN<{kQ*3y?dH90hxlMy-f(B3b
z*zjb=f@e-lc#>knBVHIhI|B@!b@LfK%kyKxGddPLyQ^ctlM)-AwdEHCPoW0SU=5y=
zc`@Nhi3QL2nD7{5!;^hs@cjKSgXhHu89cYehNovNcvi2B1y6izcwSg|LGWCv!P7;9
zXXm(>@LV1Xp37pw(=|3cNf!pslYR!zBl8$Mg|Xr37Ym+eSHyxRF*ZC8KXgIx#A)yx
zet^OA_pveI84wGegqZM{W5eTjT@XC;RR+)X8a$WAhQ}TYo`<Sp!DERH&vh3D&w)b>
zo^AItc%HPygvS;Oo`aRK;OQ0{o~_Ocf@g{b&sYtfxY+RI#DZr=On8!G!(+QJcs3nm
z@ci{Y2G9K5nD8XUf~U?M3!b>x@VvR;g5VjU!P8rV=fD_*M^LV2wzJAoQ@|v6kH?j%
zGk*vM-7Q`Cr)#dOjrBa2o+otpJe{5!I(*);AD{CbKL47Yn>u{HhMp&N`22Z#p3>p-
za(Zs;@cB%79^Y~Q>3P?V`%ljkJMRBJd~WWz|Mc9_asTOgw~qTy&yzduKRu75=VXlF
z4lY@kEVl@rl<7+|ImNWBHrDyVvLj@`Dt`f-N(($-rcXfo#;B$8Y&>0FY|S9=25sF^
zJ6Q8>AO@6=sT<=s&C@_LL@P&gh6;LHJ3LRv^@V`!U9QeDnA$le@Kux#5+mq3ln2y8
zkLg3U_%xQlAabB*y1>TJ@(OZGM}Y8m<Qfly-7zx|flMb4t9Q)9F%+^#kq1%(qGxG%
zX)>7EEFcE-CSI>T9&NY)g&ry#W>-qt+G}!4V5t7oc5K*dq4#t%=SO3q@Zzi#7iUkf
zgk$HX!Q#vvHa@xU01o0q>h!x3wDa0Uv)Hnx$EdLJiCLYa6}FCyut>Q^EA)?y$oC*9
zXbE%?5QJHJRAB^}A8H2S@u#=ey+00^;_LVOaO^>S=z%VOa`?QA<-`(zFFyQ)xlW9r
zrSde~B0;Z-4O7e*h*|QKr;E6n%+S0h62)cbX@BUlz-ZCuW8M?K^uR?FDxX5*yI)G<
zw6|QT5t{?-T+Hq(A=2S~d{JHT=yWcySF>-9|KaOg4%6)B?|_?Ve>Fi#S^G8l{IKXG
zf~|o%7?Gcljw};n<<l*ff599{Z`>D;ST0twFs?{TE?G~Vg^!n=Ujcs?_Lh$c-h)QL
zIC>5|L>au|PN4bw$ZF)xh4E6*O{7&lzpe)|ZAC8U>H{$SW=STeMdS&}{+t>$e@u7i
z<2hu3DeDQvc%El=UWxlF=sCpjJmVT9^_F5e5Oz?ph8<J{4cFO$Qg|WKS>>WOXO*<y
zr-fd0WjN$vcKJKpHZvDvday?3>k}RZ8uBIiQLeDAI3JMznc&G^)||_!_dde>&rhIb
z*<?a!{H$g~c>b;UJa16~=l=>V&5%*@9ayHqH^nRsS$+<g?r6WR$kDb}I<S{T(XcTW
zgVj_m#z}5VgoD={fxq87ho4tde2QPn!T$vo{F8xyhU1?C{8NU1X5pWC@TUSr6JA$o
z*H^Ubd)l=|yYA4g`?YJMc14kcSBrMd(5}O^Yk_tx)2_3$>pbmRp<P#L*H^Ubd)l=|
zyYA4g`?YJMc14we+Sjfb+I6^gEzquI+I5z8ou^$ZwCgJE`igdaPrKG=*B#n*zjkfZ
zuDE2P_O)w<b{(!=3$$yQcAceN=V{jp?Yc_4zM@^<)2=nzb%%D{uU#9pD=x9AeKN+Y
z&R~};6SH^&4Xk=N9WLF-OtUOnH0cQbqOn;l2XUWx)<-xv>u_-P4F#HlLHg4pnefJG
z7@aSV><%w{kF5H^njRbmT~9|TI39z~<G^IuDAzbN-?3RRG|wAcT`{?rz1n0A@T(|)
za1%~RPd?w~E;fxo#97u%ag}h}Zh4Wp{SI0$b{J_Emj&@KldnPtn!wdCC7oH>q0871
z7_>uR(7veKO#2YK{OBZ@e%@k}a45T2M8Ktx{UYuUUM(mK0ghJWx%tV0Qi>MRf~{^r
zhJq7XIgfMCePw3mXuD7)(?9=_#E{*i{s3iT7S7=t$`d$W0quiI^1KX~i{74!Xcs`)
z$gL|#j)zi<U6};%!i<7mdN3u|W?)N3Xh~8=N^%Rnb3@pA;sz6WcOZ={Q<;h8*F)I}
zX#qTHN;L45gP=YCCIjZfq2GykX!oiKe+%;1y29jmL7s1^)#n>3L(@U*h{SKW0`w5R
z5=VWptcndsVd6T)bKF||Bl3lxfj~;h%UY9xJcRN1Jmm#~2WH@W151jIF?s~wCd|?+
z@P%kNeOd^9Aq?096V$RGzQjLO<4G=XdyRs8Uik8;r(~>qOI+w#k*ZcMB<)8-UP1NT
zWJ%5vmGK5qnPe7$*Hc6o0ciyl=S>d{*;s(cz6L%K$n?obc~%88d?LxSEWn<VlPgY}
z9?A@ifDh2)94#;^%9G<4Y{seRFUQcZg1xkmuQ+XREfAH-=@kzr$Iriu;!d=xBhMnC
zeGYkvS@b24&gQGhfDX<k7o^j1i!Yfi7+G8tjBF!E2XIw?=xe}Z4m`EN$ZERyTGQX)
zIIW@U0hquuy7(<jHz6id`U}DBG-tXBL}dx+Ph2$Yqr$Kc)~Z~124TlQiF;iGnc~6N
zX`j4Xz55-GIWFRx-yMY?UkP$i0p)+gM_(Xo{bbnQ=9QYO@!hP!7R|n{1p#oMHabTD
zBAip;O@4Jza-Qj-!HhJkUEy(n4mh&eSCGtzG}98Yy351U1*M3Qr9L7pX3|moYNiEL
zJgD8(OF->Qu2ZiWVjyKC>6Qd8@I<4#$Q*}E*yzrVb5$VF+-hL^1wnL}i)Fv^|0#Zd
z+WBwu`>oFZl;1xJ{5rq?<Cp)I-%niJF~8sOr!c>73;bLBuAGMz+pq9@^Us~|`y+2f
z@Vg@r$?s3R72@|_TDP_FyHLjXecm7ogAatND+A+8L_33`Da-<!)|zsQ8I752TEtuD
z@V2*=1fgppMyPgXlU=cz3FAM|kM7yLlJ*9zZG>RGt2guhY;@maj&r?+q2=g}OaFnL
zY$XSnX4Ui;GG~Q81$IQv|7gB8ZmL#Oa!yTUjq4K31{>(Dx#e#EGj*=Xi2EHtt^+y2
zM)w2exEuJ&n!j`H)*D(rS$8YHaEQlrWi`g<GS9yeqY*38h!(+DWM<2bBH&1A<Y_HP
z5k^7Xqi$qR09(db3{@VBp>UDfYMMV#iG%vj`HJG{xz-G{0*#yxy$CDlzWnOAYHS;4
zZ+>-hT(tx}TU|UNSZx{^hR#<!(m*%tLv{Q`23qt?VnG4I*=jeu%0-`tYW83ha+%Bu
z0UOI&QBd$JU#Fdb@hJdtnwH0_s9x|q48p>07M7i6(!#5k7O-9`Z0Sf^i1In{%OiGA
zu{F-_-aJ-&T+A0@C=~UUdD_7=lN!a<vp{ML2kDfe1+eS(L>h2K3prjyn3HY9ty8Sv
z60HK-MR|mFM@nJ1Cz9OrEKOO5H>gK#c^s9wS}I>wm(myvG8y#U1JN=_@NxK-B$r!Q
z#3n)hHfL)@>wcTcaS{IUj5Sk`DT(o%eelqec=L+anT{HI<of9b|B&}MP8Y9hHIGr@
zVd_YH-+(psqhxrr=EVoeIP_rf%!QhJhHKvS8r96N?i$zuzi;q=^{$qmRcAlTHUqx?
zB^ZS9;T$I^3(ROnK0@-`ZkCjBV(<&{AauDz*<@|ByYDy0v2dr9A_+r%jZnwJ$P5hW
zgzYn;*<L&P4Q~#pe@P=rdJyAP;327c87$-idtgz$ft{IdQD6Tv;#_seL#?9QSAZ^_
zZ6H;lKLAdZ$6!MD&x(vNaqmPX+n&CZ>5%76Zwtocclj)-lJB4@i+)NV0r(Yv<0$wj
zUwMG~JPz4d&a?7W&lqTi8J~>%tjjS5Uf#!R5mvHVgXwYYf)gOe*PL4Va}c=Mn^#1U
zr1_#RHvS8@<oKeNFZUZ-gy#iYBftC}tPP|nZu*g{i0E08LWb<Sajjo=@7AD0zKT5f
z(I58|`gqpD4CD7>jAK}~Ah0XZD;TNgVu12h4tN@tVf=EexI;PSf0l9_>`~8B?%j@v
z$v^fsltvNMe_Lcj^DpVR5gP^B1aUW@GjZofC)R&o*!lMouQY2s^OZX9b>x`?FlU5G
z<(^I+9DCHXP&buiE83P;eFPtcIQ(OxwubF0WXS1IRbUCt*<Y#UuY~Gt!>*gc9%9!n
z>8xvk5&wR_7*tL^94?9pIpp_NoX`&mvb`WQ5=yj@@FP6&=b~xHgj5<_-tges`g{23
z?>HEaH*F&`=|fFS8vxZQPhjI^c7IEZe61Lwm&NBzl#~a|Zy1~w+|lhSx*rARuFNyy
zZ~>fIDL&6MtK|)tb-nP4oqxK{ZvLFFe8@mOV}?ecnW8qj77zZVZ2v@$=?ckqns>hj
zFUj{>O+tQHONB|K9<@|ZD$*kK)VaT=r}~B9XTpG8uqszm?<N%#C!zCEDyu4dsX|3#
z$xDMh6+=MU!<IhKqP@D<nyd}=b!@0N&`{riBb_fi5gzE<_|-M*aIEu1yJ4vB5N=nc
z?4y$HyvP?F7eO|q2%ZH7+(;0s)3}MAyrF{Imm-j32^5ZkLeX%P<X!f0zUpF%F@AeT
z!_spd%7j~ZHqGBaV|gFcWm5OP2#hen&?dgnk-Dlz!?3;L(PUtFAG)W>N9^b|mz-yG
z33lAL0CD8Xr45f(b=pj<au-^UWdh6iFF`13s*Mvoc|$Ot28-KuMqRuzjSWPtu7vs5
zhU;=b*)(hNvNJfo)*uQuFcdbfK@@IeC~R?`3E}Yb4Ge+JUmg$@lhtrixcxBsJIEY5
zg(G4p=n3llQ%_QcdST6HpR#{K^B}e_Vo(L|VPno#Df<kNaGQiW<tFv1{Tv-XfD9<9
zY;xYyk-Q6X?c`l}@+<Ivh^;f43ZCRFQBJmso;;I|ly|KFQX&nf)7ZQ{{Jra;=wzLm
z;C_>h`uk88eSnz2+1^-^b2O)hf`t6>Tre1@m5-^9zZ^-%Ds)eCD0f)wN(mtxV0koM
zP3nj1$m6QFEP?Z1+=?*VS)jV%Q~zQ*(QqS!i=GltLb9Nirt_3$PyORxaE5^&YGMlG
zD<e}MiLczx!_$+rF}z!y^E)KMNe$*Ii8^{5pWH}#`$@lzKJ}@KPi_kaOz0;co}#xF
zF_Ckkw<S7%EIZ6%z6l^KhG8%c=X6{rA^If@;1T=`-MxXOzrrECx)j)#uR1|_FzeL&
z|3#A;a4lb%gE9%Xx<{DU>WS9Gqv3~t8u`i{6<}d(I1UOdZnFVNzi?Fj2#ft?r_oeu
z9sXH^e?Y2u#bxL47S_&R37&Z=f^9eNW_d$T!uvm?w!EC#1Pei-s-CZ6*+Dn?PmxxB
z+QKhK9)@>OxUJD7oEPK|NVwDgXUcU@{PMWnQwqAZFG9C&Q4{V!r$DAv`*HDGXEeaP
zV~Cuw1jYEi!GD_I_5$OB3d(;1itdT41Mw6izv&waE=Iv+gf9;Wa)XeK@f}V9u*;xq
zK7LRye0dO&;@$+sXHEr;&{_BcU~gibJrmJc=p@{)!OGX63Qsbe_1sQ|)e>KHW`f6L
z13g%5-X{+5p`od5c3Wpe=p<C3m(OES(yXB$Cq#yYkdR(SzTQQ<5l@Ca#nt7>np?Xd
z8==>pspz<u0(v$EU$$4Ax6JP$Dw7PNGHuvtQe~%QwFL6vfq8za9Uj=>!FkyX#peQ-
zL2=xCJVKjfs5Y~B-Ek-ayBVs}%y5%DtXj%K&D&*0e@i(lkZ7;?%urlCBosR66^g$|
z`KOPQtdu|%e&Kh>zbd(wXbfM;!!QL|TLw!59QXp3=cAbIc&2i<gr_RqJoUUVBoUJj
zx#MwCz!3mA(~kg=@@_?p00Blo1MeP5BVZf6&qlz&$Pw_RHUhe#e(Mgx2zZPUEIb0R
zT0}QIZDR__^I+#A05f@u!Oz73yHW2MdRqdQvsGNy%0`0MlPtnWz-aPc9`;Na>)sR>
zdREjBVw&o*WJ*{QV-Wb$aNbo=z%Y`a(5SkU`Z><u{Qs4~u|XRgCt+~p(BSx996(M;
zeQyP&2YUP~gQ7KZP=xT(HaL#i4ZDl0=S2*T@Eq1X!k#6xGdAc2R7-PeM7gBE|79za
z{L7C-Y&q@9XEOhMT6BEqz4^NJum5*Ny5FJwDNu)%TPSLM0)=^dSl~A#fVNrntVWXt
zKe>!ON0RJjR8_CQw+GWcYQ-YddX~|v-{ZQkYBTm1kC@r!(}#xv=wMyW&NpD>7w=}F
zIE*w(>(-`)Uu)$;yI6eHZ*kJbJuJTRPoX(GQG=@TZVEOs3C4L6tu`=p3EM`aO~3^f
zrHBS@CI*Ma{jO;}4TPX%5iQqSft0j7y$+9y`ZT)7<6dwPP1w$<p@(>u6w!y@GOK!R
z1FiNcPOFFkS%q1^>G3{6KBa!}GT{Oq`wQ7DkEMSImr?_JG5*a<G0u0{b^>mK;nDzb
z-6OP>&;>ox`O23$wxXN#hQW0$%;b$?!!Z$7PoU283&$g_vQ1XdCry-%+R(Q49r|b*
z2RddR>X@W2pHwe~B0kGx1(hhu17VN)|FHKi@KIIQ!uXs_CJd6~3>tB?sL_s^5!8%;
zWJ=T-lE67|22fByQK=}Uii%-|q(C7$3FO@4D7V_y-r8Pozdr1(^=*o1AusY0fdB%6
z%0q=S4v&Bml8|KnYpuP{Jd%L+_5JVn{l5N+lXK2~uD#aUYwf)rHy@>=jKIY-fd=)<
z#1i3sI-gnJ5A$)kN%#tUhpSs7na~BhD(L^DRz?2Z(Eom7=zpwiV26Sq+GQBP!e8UJ
zE=6sRtnYjOg!xSXs(=%q%QXQ;t)l?t&RSPH?J$KWCHJRdkfMh^aVAkPsAKHlOrl`m
z1-5uwKepJw+2RReBGD%4iZ)j>(~n}@P*yj}+mCufK9CDGevf?wu^=p~-AJh6Iekvu
z7Np~m8$0UKf4K~g+z!j?<=%D>$pg0l7zmn)$KR_yk48i3c2jeuh{*t>{G6;$scF<y
z|JwQ&(dYp716=>y6%z+<0F^~<J+hXmkNaKCC>{bBn=mz7a6RoVy@|U^1KVBxd54!h
z1jix<$C!Mj>%YI7+cxzDVJ{-^tfg6?ZH;yyqAnzF)I$V=1Rfe5eF$K{$f6*WIyz1o
zyp1eq12}--YR5@W3N0UvGjBsLoz5R6(npehF>qfC4i5<LCyt<(8iO`bbzm@{F5qoA
zG6=n(ftM)&=qG<jTjV@`8t^%u2IM<{=F#W@d0&{x5n}oNBrVh~R?Ne_t8BRgneihj
zsDd8$X*YmQtT<0D8SO<O2JaAV4|bRX3&_-{T_4gydK*yQW5{YnGi#h;?ncs$*F`CY
z)`T0Coepw7qr<Y#!>BQOK~RFOkmZU#p~U8Mp7N=HPu-Cf$h98umaR+|D3Xz)_5^Gg
zgGmwE$Ob{y9<#GRNY%4hVio5pTB-O=cus>ST_EKXZ?<f0!6MMFFenupUf`1O<P_5I
zCR$UVPh-$GrEncTHsoB=`axU!@ZZsclf<bp@?BRM_IMaC_{%%CM9GM5n2D_Vitb`o
zec4LrJqH=%vDi#MS!*_7^Z*P%gwcu0NX#jxC`CNn@fB3H+(G#l#r5ORGEuC^!ERfR
zhp&k(pIGrbfyNJV5sdr41q0YXBcWx0jaj3lXe~z;V08-SZ0xWWpD$_fe?^2rTqLQ=
zppM8Gc%NFFshtmRyVZ-}U3cUPz$!c<yU|m*SU_j;)?;E-){T`jMhPG@52;Ky1MQEK
zTaWvkrxhXUYDaodW;REQOwq#1ancj@yG==U5bJSz`u%HS$X4-e4=T#bF%>&Mn{dcv
zzxPRoK&J^m^@6UvsE2v7J&&sHD?OwtPee@_>M&J#N)I#lTY@FL80baABgH&42bqQU
z3YY!`#5w0~1iFN`eA9T~A2OpXl|oMu_%R%lq_^%i^L14Z>4oFa2Ia7xpJz=D4*u*c
z798Blf`k7)1%rd*C{Kc@6aFh7@)!8<c{k|p?`!dus<^Y4jkf_m%eb4LN9TVBK`A%I
zj2QDq^ZV~1HdEwselYmvSR(?>AICB~MK6AitMNbKudf}#^HB{!`{lobpD1VHCvS3o
zvdQ2lb$$8C7ebt$92X3J;&Y!`lEaya#eWYn6E9~bn>VmSpo(g-;_V~`vQy~KK>VD6
z{3@A&42d%jKLz0-<`KAr0=F3)BXVJk+#};zsybvXjFFVw@%J$jvHU}!FU#0s;w<Ag
zA(P=yJZ9LPNi5?pw<WWTNA4V$W!(4HH?oXlcMQZbP)$IV(O`<RjIoI<BR_#<05x|o
zY6d|M$~H2JUON386paJd*E|)c=%Kx5q39v!F^aCc87TS~Cy$2b05+HQ4nWbHI7R;!
zOKcc`q9?!k?I}9CBY~oe$1;k3XmlTnu9=ZU(HmnFosDC-3=K2WDiesfo)fWvpZ~(O
zE62Vh5)R}t68_bo1QKo=WsvZpQH)ks3`!#5E&TNl1~C%8Z%{vb&O~y4k;ob3F*G($
z)ORq3U;{|_7`*TftD@cLbN6CsNT0J;c5enf^#on2sTM}i7?;zhJ!mDO*052!&%!&m
z0=i*gNpvuK4hBENVZd(=ozh{TGKz6W38~nv+zdy0Sr;JLa)4x6mszY>okH*Zjttn*
zbLeC`Q&AuII<K;D^hmntb_y6kwE<AKnUum4AV`IG;83C)UCl2EvRL?mB6PCh$o!T|
zn4~GLq+6~@bj$U6Dor7^SkZ*>P-K9+pz(CiRhb$)Cx_vV$6G`*yS8Je?nnmT0TK?E
zBe_%wl?8&r?~Jm9${A*1JXCf?$0ytxO^V%yjUda(DFC7w^%%(N>s+yFd?w6z1ZEsF
z@_zzzsYNce3BFFttelZPLJB<&8tII!SZ7lXtCM~$B{S=U?f68=CJbzq2mh%7&X(l>
zIDiU6NnpjQ$J0G!y#ktG+-8$B+0NgjEzXk6@J4M7e-B3I+J^6nkI;pV&>FrPrw7Z+
zj<?Iv>K3}l0Y$m86Q%Ot@=X{*^eCN%(RIWa3sNSE#FGU~l(!o1N5ThFSd=}RaghO=
z2J!{>Xh&c$Kj)6zf`(W=GsO&jz`;eiQ&ZDSeRyv!@?N~==M@!oE@<ZU370T<>y;ut
zS<8~7U?NU(Y;ae=Q2v}S6v9Us%a4e+z`L?8A&@QO{eX<AI>f5m(h-r%y3!V3B$*!v
zIGu=Gh+Oahe_b4ApgO^V=};iyTE*EVu6iGtfzZj{WjPclZUpL912C&L(<V8C4zMEM
zSwmoMcWslM4U$kJsco{mU0n4F-OGZ6mMvjmo#iRO^Ifp13LTMq``F{7ympCpBb4b@
zT~MMslArXwqS`-#WH*-~y5++|z6;1NCF-g43(5K0Bq!y;XkbSq7{9b)n^;LnB7)0z
z;HpoeqZ4#pLEKnQIO})h72*<)g#S(v<!H0dT@!ey$hB>a;@;+8>I+Q*+Vt=6On^dJ
z*U8apD0i>uQ(JuQ-Tsd!078$H=e44K4#gS(-u@lAP-H@8VP#<!P{7hCW{H&4u9f>h
zm<6>FXat84xddSsneFYZhLVnvu($x}tevdD`H>XYHUyyaGzuiy(Bk-XZ&?Q(M`%l-
z!0mS9RodcAc(g^*T~T~0#xp=z-!9B6grsB*-;Ipj@QsO~`HkeKKLcZ8^^!cDGD(|p
zBdiv%o*Ax=h@1G1O-mUMue(*?Gc#P>k?*2dav5Ga$N0zS6i?-7;vY8x{{SY!{AXTF
z+-K`z!Hj?QNju#tPZ9dXPe@SDv(cV}Lf5j>Uc55G8-Ji0P}Ainx)W^<H~kZB4$rEH
zqYcm{3LR%8sN#wWXkH*tBrkPhhOAD_!mwyoX4|d5V?v1m{aW-X5tGRXTN=iAUy8O2
zK!2;rKS9w($<fUe%2upsBL06^UxC*{=%5kRFQBT8__k8O2A9!!*fO8G!h@hR1N<V7
z7{U>zF)(DhSB%p`vtp!xxf<Gak;MAmm$4Dq^c$$*#b-0TxwOB%S$2Zejq3z1kw1)v
z0T&_TdJTvxvWL#HPO~@H2ic(^%sM=r&I{Z1r7I~p6(4QI?R3{iUlwWfC44Kt>szxk
zW>$c?Q<-G4_ZlXdn4@A`TxsAhkM)XiY2-E&I|BVE{?exB^OyDTlAW)y@Wmv9C=@Xr
z;I*We1;4y^6iKB++G{A9a$M1ng4H%k*hHbCLv&NysEhZ~GBW%9H+t~_ZIbkhD1_%>
zeM8j51*o_2FBXmX9wRizf5pE3Jj$kXISevEyei|btu*$S{bB%Q;5wFy<Tksjy6i{k
zDUw)N%km}TQFjg+h=ER#61Z%d6l}Cp`)aj>iDY?%vU;mDxT(%n?P|u~Bz_%>qBg@}
z<o0UOi$+l`dtLa<=%n*?R=zEvin#tF3~uefkl<9^UF*+TJW7A#hcJj5S2ail7grB%
zqSj~@+EAlh0MqX3>JNEe_^=!vf*nF|D|@wOn$f-!+b8MKe;rwrV#w=SzjN_*y8U4g
z8JeNi#m$48&}9-WOl@4$+)iE$wSir;!fg-H4U?`vWb`q+E*9T9cJ_*j=M=U#NzPA;
zr$UEQsY!GM;U=sU1vu5gV0&vy@fb<nFR7jEC|y!Fvq*5$eoWL6xrj~M1<fsf-L*F|
zL9`7bX%&#-<s*nXbC8TF4aQ-PY<u)t7r?I$&rtmrlCe>AOTbRoD$Gpq0=ie>@vik$
zq|F0*1}FlNLx`)Rw#SI8V^=#xxq0o37`HEuPxd}GSx~b^VbDqcT%-X-b1BaD;yEz;
zImYa#pJn#r2b}%w%h~K5eD+5BffqsYhqf307C`a61W^1}gs6y{ZU%4sHq+;p&AMe7
zO+RzBG5yioV$<*3$)^8$muQOR=S#}QAh9@7wAI9O?(w~C&($nYe=$^_&+C6BtG!5>
zcde%rdUc;`n|}Xw=o(|z(D|lx2-fsmN^jVO@SQ*|)1W7-EUv!^aZ58ZFWMH#d9ru{
zw$W@@{O`KNYGU~wa#`DH)b=P1!~U?gKOatSFaj2@bS23FH_uw~9m-L6@Cq_EP#av;
z`VSr(V&d|AqJBm?InIThB(uQebdiJCF)}a}BQm&thncqPieK@)=j;lXxE}3M#qt-Z
z2|^sP{2AIBb13jW8iYMAR!Qk)oheL~FY5%YMj{oaGy?=9P%5NMK(p?=N+o|JiFKGH
zoBW^`fY1e#iYx(%#26e}@1iU*k0in8=%u8+#p0_YKb?ohyY;Un$u5{GsP&i}Z7gzq
z4g)6g^NB^>KJ`@i6oGOkMm%al;jbH%pDCFzm=VFK;P)o`pDLSir`Q2S9?t~%mBd3(
zko+e|Y|LRbvp_*=;WA^%`zWF1DcbTDo1$f7W&-EeDEDV`yM7^H$Fm`yw$jeuq%F>X
zCtG9)u>a1q;;-ajV}>j=QWk>9BuVqw7(mS|=`x)jQ9F`04f-gJw_~GrGC{ys8?mW2
z*3>RV%LPCvAYPJ1Z^Xv&1>`|R02FB;YnUo(d>>amU;BQR$>%&ptLopW0S3TYSN;dF
zh2`}qn_~tX(%OH<K;_6oZD%BaO2q8z?ww)<df2++@o*(~2hWimDgg;h>GnX4{OhD>
zEr`Zm5hzswuK!Wx3{cGHHDLS$r4`{{5AeSY^wU%T|Dq_m7QimG@_-adZN<GDUHP&j
z*Uw+W?@WqZQCD^N$|xpN`rK8GAwp;O)>hKkYN1jMtCWX%3P3|1Bs=Sk6`Glj>KUxi
zRAYtkO?-u#Q6J+gw1rj(l`?{A_;r@ODiMD$c|FLBmy)GMivP0wwBoDr$`~!gRG7q%
ztgi`mB<>0D2ki9BrXy|fo_xW7wOCah>@fR>1v@N(dnnxfOdD0Z4XXh!4ljEfAwLn6
z$Z6?87#W}h>_;UwNob=>Lv^U6da-b@%j~~2*kuV^i1;L#F{{Ky@y{fKu$pRP_;+s)
zlrPxMZr|vhFyFyXe1ct~xO$dAXEnE?m!ur6m$l0j_ZczxT{NWB9tAP`lgO1UpDZ(@
zaP4&+^$ACO&g1Y&cJC8cb+c0sNj-)(kz?*d)O*zK-{aM$<N(8Ml!MDR=b8K)fNy3K
z&nY7YbY~tc&=OeHr6Otv?$d$Ci(J(S@v_}D{t`J<Dooa9G<XU?3rz!LYXD@MB+6=s
z;@<54*jwqp1+cA=^4n@NPTFL3Mg!nmaVC688$lK<gm6tO_e-I4(ADtdV?uW1Vw^@~
zx~I3nTe)N;VDe`8+=8Da%?ZljQAxW84+~{=Lbh1tBhtT!<@tET&Rzgs!9$$#rQk-;
z12@X*WwQFHHM|=T%BxKv!h4dA9F{i#6hOm$G+WlLm!F7Yz)f-W`vTb^icg|fByC10
zaRME`gF(>rt3QBdXs^9gW_ztzF&$5-V*9OFJ~tJk=d$3-fX~p_ssnh2F08QnoVWO#
zE9~KQW(rwsQ`~uC#R%-FaRTY5xTGXJ;4!sTHiU=1wv-`rf7|i-W`-ih+IQ*hd$Mqw
zR-7G6E>MIXgoCW6(E!|rfiXHL%g%f4V)@l(JdD4Sjt#bwY0>hX$eQX25L2?r3gi!j
zhZ783Ddo5#Ry>!2K?RCj&5FAP_B1@S33&lm{F@P1mS+O4Gy<;NDf-kJ#l6eFyP$G;
z+DLg`HEaOAfG2*$lNEp`%lqL;YA^B_975QO-G`=t_&p81)bOUZMba)NA3{suVZ}Yp
z|CkS9Fydib_<FkK!>qUzasVwz$L?W)Wz;(<FuV2KP`)>%ACw7rL}Bi6?52avV8U%g
zLp~D$$sxpmbSD65QH+HTCHI6CIj(8|{ge)XRw8|E5zA8r18y@2ZvIS8W4AN7?L@fw
zIo!U9zEV#zxcN-sKbm3;BYX??fvm*&i5%ScRlX3gD&~iQlJ4e5csJ(vJHpFjM|cZt
z%z09sWyiph=xldZ;HC6;Z$RL2DhQ*&lxv%-Ix@Mp)?0~S+6E)uO6nviETEM*TV>S;
zlFlM_5}FA@Abj%J@eQzqW;*#yL)IKgB}ObX$?7n&M}>YOcTwxUI7`_%K>Jg&|DN{g
zytI#{)^!Ky3;+a!!|RDtyu1)3><{$|4=|C-MA|+7wg$e1kKuhp`+lmH5&IN?Pc;7j
z(C>N-qnrbHL7F@hjdFK8vEoGxe(eJ}KK!#Y?0jHRLrXN07PAJ%JB{n!XR`bk$3(XO
zknb&dK#i5OQZoC!o^Pc^`IeI5`4;~Te3Q(T%&>XEmQCL+OFkE?3dd&DNzrQ8HfCS5
zRjf+A5%ovdV^eeM!vFay?wx$cwJdov@<H-_B{SMRqiF9r(3n?t?^^7kU9TWp92&$8
z2>x6I|K`HKY4Fbj|8n7<4et#bgKJFee~kqsJJYSdj5aJg6p(Eh@m(*e!|6zul1;z_
zkMg@qZ3%GV^#RIP3OwN1pIpGqm%C_C4WMC3!Cqj6U(zY+DRC8w+Op6th03XEMO|bi
z6(>h_o>tUSyU%@CeDY?r5qsXmPAV{Aj@~jei{kab!_i2wqJ9QDw-3FB$A3k)nG&+0
zV<-=r@-R7;Si!;!eGF2qSbiTe72y=rDFzwnGpw<J;{SspV?{A>mMM@M%SaY^Q4#!(
z9K5*415(B5M>%<+BS)j#G^iF{7G-(DXlzrC_C{%Jk&g^{l>^S$6yJ+&iemX|G;4s?
zG5tcQ7=9_CJjR?4cBB-~m7_oj(I#Z4(J3G-4R_!GNPx6Pex$hDj2dG3`?1Zp^kTm8
z4n<9I?UCN7PXmtn-)R2Mw?L31!~YShklb#(IvIsx8-8dba^CzkMs;kD7U+c@yw$oM
z@t~puv&DSDmP<n{*(dSA=~;KuCJAcKT2s>1=s@>%gv=5dt)4*-j`R81$whQ_vURaN
zGL`h%F9B$;Q)ifT-d5}m_$8I=TPnNQMC^Le#INyBW3u|LY{m<CSp73$nAl_g0F^{;
z#1-IcNdo64{rAx5I~SPv^-ud(((hO{L`6NIPwI~H!)u(O;T<)wJyR+Jfw(>eW^Y3V
zmuoT3rz5~SCRr8j3Q}n77CJf1#FImy%q^G=&)vP`!f+F&QbPv>?N)dpu0}r=_#;sC
zmH1d1{5y{)i0cH=EQ(mPIhAfXE1t&ATXj;Ne}aE=b5M5;=uzl}@F=z%dXHVD1K3|O
zz`Rrcy^eIiKWQ&J))HpF?AT92^KpcGP)`KWF#u5l7!_2i!}{fCIPvp3Tc!gNY2}U%
z^0xzMM9>k!y<dFtAWk3Zvku;K5DKa<)6#SH@ty;t#^@Th0S~1qaiv^uKinI|hOq?5
zapJ0{(6mW-&tWIWFyq5}jvRc3f>>Jt)o|5+@`4!IhD;CmHz<oiZeo2CHp2jE41-_{
zu`dK8_=45+qqnme(g8ir@FZr3<B+6$k^oJK3{Kv1V3Z%98z6I37RMh43iN*;XSCK}
zD_`opH!==rrII}*6QF5~1%#aFC!`m@SC27)crbQjpqSbwn6QMh`*_LqkpT7&tt^@8
z6F}eQ{X2UUl@AH#JeRhe<4fe&Bm}nlvhz5u3r*IkBbbaSRyc91IS=Mpye*=jxyD?9
z5g2y+7o65j&=^`&;II#v*|2pJ4SSn85ebj!n+_*pUP3Q*m}Ky`eEIgX`@<CRNxa0C
zqU8<>_#bV;fibf`j%Dmshrm{Wa8ctK^APVIGUFg#g3mErj$vUt;q=QKr;ii)*XWZw
zVmN&o;e2LVADq6(OqH?uAev}}(+nlzeW(Q`^UMf|((fY_Fyn^Ff2V=nu`#N>dhH?L
zj?>U^4C^k2KXBkFRQDFFi$Rx6n29b<3|LoJv0?#UA;4PXnAutwEr)x%*$2dK{9pKD
z*0PngEMd!bYWZf`Jg|9$hkoNBMq@b9@T+t$$Y=#-ZL}^{yavsO8+acb91&dA;T2S2
zJRY+nN2+)fWireNUBk?%B(i9h@X)+g-!+^-i2SlyU}tVwpTnf^nhn?IC3Box7;B*y
zPX)OG2J2z@7-PI)&u1`hj$!Kz;1*5Iict%H*{<hK?L)j{IH3{-7_`L+7}+8t;A1}Z
zh)*1U2yMq^7z9jG%t8I;8yEqnP{~sOWk8z0CGG?Qeln4O{Uvk-cuar)b0h%Pr_X(;
z<l4xiXizo-gdSvwjAl>8Y4$B5Hz>Jef-!bQ_$`gW=RAaDPNR43PomkIaO0a@{9&Xp
zkzldEbvTXdV+30|I!3I1rvXO1s{C%kIFkr<FXgaJSR7ow4}DptNYQ-pc=cD}$^s0s
zMjJIgU|_WZ46#;#!PW{e>{<Z^U@O3QYy<4qZ12UbHBkzQpMSODF*S&V-{lFDCDdsT
z>+??26~Du75`S9Flk?WSCiIK{hiBZqe8<i~d8MM-KQh+TVf{ND1GK|28_EWDP@Dby
z{bg$O^7cBsA8Cznd;2BxFsXdy6prNkuA{4Cg$X+UrAMPo)oi>jF_?`MvJ4xHTQ!KU
zG6?hDhC)ZW#fNTN;Xjy6{G{K`yD0gU6e{Rz%l|KN^1I@?m=QWHmvI4Jnl7mrj0=x2
zxuIXfVH7%V;o%Je*P@3dyM`I<Q|DW`FMQy7JeC1bBEbuNJqDH5(;mcW@;ZS{`us;g
z*562Gh~I%vkw*QdIV`2y^0l#ho7TY$%ANbggm{<1TVVr0w%RY#Hp~6Vls~b2R0^|}
z8kcgG8w<?cg(ufy)yxdckqH$uC3X3Zyvo9?kthW(z-!0z06~LYLg1RnY$-Ge4NV$t
zSSlBbqcI44^xu+rA5hphkiFD$w3k}GDTh@Xz+MW}m>Qc;yT<4I0*Cdt-vy`+cE~Kz
zr9c+fhvMhmMXt|Dd7Liry%6I>Mz<@@FC;p^KgbU7OFv+T_x_D^;=j~1@WFlHF&E{B
zl-wQurRO}W|HL?}=kYwh<#|1TATqqjbrgnu?$h~y0A>WL7~sO6(4Mz4<}|qxc3L_+
zNb!&2a705*8R#4onoLO>?I2qlmM6Y{{&4KE@f+<U+qrS%S+CT%n&H1k=7E%EBwVG5
z<zDh@=GSScozZm~-u<8LI?cb5uF`VYRT>5tbw?JWD>dja(FS%O<`av)_NhJLBc^j*
zh26B~AG!bX)BP97po#Za6Qlj_uNL7tPBHGUmhk(l27Z6l086<OumJ`h@%Xe`e9ms;
zu4amX4HK|lyp;@UC5{c)L<7s|4g8HVi$~5k?jsoev?Hn^yj$58Nl_lV^i88Om`si&
zw2zZe3n!sk*qZ}G7zRTNk>3nRNe{UalJ3#{7fBlbg8Q$b0}xSexVbkvpmi6FIQ(aR
zVHF$STFkdlm+*{xR>HHVEc))+1V_@XYZH8m+u&==sdz1ODsI?*7zlA*BahF^tP@Hl
z<|4e<C50wtxSH`%NbpdTw(B7&C0PAE;{&?JV@TV3>!i?_53fOkX^J~N!yz#jNBy%a
znN7PSvMqW0HL>8<b1*?NSpYm;5i{PlvqYOlTx*G0#vlD1v)E>qGWz<#hQ;(-X??7=
zhg`#~wr$L6`_eSD+GeKKR3Vtgs@n7)r7^4Op?ebSm>%FSyFU_>@;8w^T;189B}^dO
z7>g$=V2JAtqt2Np^5bbNko9d{gUC{-F4<l)>d$5dBid8|hgUbU1P#&GWTqKee1kXN
z#XGsJBUBt!ABRrX@lI~*sMxl08&9-F(Wee~4#LSr{tEaD?O!}yB3B6dHZGIG+ut3&
z5&o!)*=uN-6y6%$L5nnOvGja)#H8;zGYDi0`W(tKRbD`Ls&mlFNK=Fa>+9(lW60bY
zPjY-(kN)?$Vi_%8K45@9OwQDiTI|q<Li_zpx2FrxNl&aKaO+FOs-czGd9Bp?rC2q3
zC@{$j1hGmHqLu09glIlAhFB72{f%aJ#6Fq1+pZrR{}{gd4ig#RPkFVaPySL#8wSFy
zF5QgxekB>`j*Mw)!ZX%JqtkgjFDp$OL*CsD-`C-HvEtd6K@mI#U%s(DbZ-tj>f`OL
z{bN#lS=8RBSE0S9|J=8|X&7i0M8%X@b$a&QAo`ugd8~S+B|5)P{$92}8o`80(A{SU
z9v`Ps4(p4J!?%32plSUQ1h#-TJe<zWn8_qwMj8Q|Hk#u>QrbaA<~wS=gg2qu`4s;H
zV-JH4@dNl+&Gm?R*ukUB7Z()`ZHbiuV##Ag<ddt2MQG?a!J6VNTY+9h7sF<Zp#&@b
z$c(<3e}5m&8eaWJ6sOZr{rDAjQAiOE&Eb2@{A^V-C3RQw?>O3rP)mA{Z(-t-s|g<(
zGRR^1WaM52iYJZb9rAEGjh3Zn3tsb1|J$taZW{Sc@@{9>B0HH+^g9F2<;>f#`0hRa
zh3AxE6z%%B#IgkaE>K#jHH?2+$oOXkmsTcZqM!kCI5+;mqcW0Mt|u$AlaYKGg;(O(
zFNnr&tpB^2X?%lUZ;yu0$617?qA@huZ_nuF-VID{89k6&!;jA8*3cOf)BQEDYhFE&
zoFOL385nes7V6h{0P`$e*{rbfFm8c`a%hEJfBHjq7BXQldGRCWlsDj^{v(NHe@tcX
z=VdQ}vf*p+mTk>O#v!g|>gf7`*JqmHNs768$%&~PeOQd{W|HmdSrB!_OK}${Ub*7s
z9u`6DH}}D`{*yeQme?2wKzzH2gb6<r-$V(G0b&5LV8n-ZMY{#1t~8XoBB>~dq3mUd
zUFbi@()ga%bEnfVjnHM|x~XHdB)<ASW=WjGUg^W`i%)13o@iamWBdU+biKl^4Byx$
z_M2c`@*t7~K(tfa5;JxpE~;m~8I8uIy-y8`Co*p07Ek|X;ucTOo<(sID{y+KJe9@d
zJ?&p4@41qsR{}~*7!6+lPXoz=s8qENgx=rjD@KdKzv3b9diW1R^&pCi;a5;*Je$5l
z{9HtSjw~&Kq1*YL(>S(KB0u+p3lsSH!32JOG>M-#bGzV;iR^qZR7Ku85<WJwXdnI@
zXnzz?OeMOGsWn@}JcNf>RfB9UG7ja4isry>C^wb!<Qn41*lr4A#^P#~bgM~>4R52x
zugy3YkKFYdQpqjIp=l~-1U~#U&Z^T=zL8a@^|#sxUqxfXV;TR2vbqy#rh6(6<8cz5
zO;{&oOR<mJh)e9G-N}5e-6{MV<mjJ%BS*hB&e2~mIJ$0d^fuz?OF2g$pNT9u&e6-0
zIr`2-j@~jj#?d!$yZW(z0*;;+<LLfcLld14<LG06qc<2FeGw|6221z1Vd+gdtaK7f
ze?O6>U->t%bo49^ucg!Fr8aFm3(Wa6QSnkchBbS83uD%gnB$CHL*h_5Z<{fN)+rGS
zD!Rz)yf5E>h&Od5G!@>1;ntqt@Gbbhd9uOxrO@~R_<qm1`2MQj^ymBcalZfGvtjPH
z6W_nx#>fEpzK!_)j2Pb^4-hR*<olqZfA3rJ{XAb1-@hQv_phJL_`a!|Md`e3c6>r3
zdy@Hn${!iuU$^NW=ljF{JP_aibpqf2iNW`Oc~-vv4DtQG=hy!m`Tvzk{C~(lf&aga
zC|woj|G&fM-w(+DDUQ(~4IM86R$03&j3-nZ79ez=A4VB{S%RndaWu<r5h}G4k$CLz
zF9-hR!9NN9%~I5;t6d*4$i$5HtD)7Kv?(@>!HieusIN8H(bY<_qU?1`n>Q*33S@1i
zodOg4v>$kU+GBGuu%Ya(Up!n6)_1HSi%0m&s=pDnn0)Rd#YeG*{#$s$wqAf=S-ngO
z)?u9DM00X-7Wgq0JFOSBaQmeA{)ea27;FDlFEYN&qVlN!Iv{XCZap4x($QWp&*Z;^
zALaS)Mq-(#XnD*^w=rTtn`L0TS1a11R-e1uCywt{m__93tmdff-siW2LXl;h?S84K
zowB-Hzw27MzIv`YKG^tyTiW7Z0r~oeidC&>`a2f;(@JfT=Rqvaz-{zp+$mdw2L|~i
zlvzxGm7dH=T4A*<+UV{Kw5hGm&d3c=4Kd^rtc%8GWu@t9#hDn|C)k()yDXY{N#;^p
z7|n~+*0L^Z@tx6T)CW=g2G+gR_7DCMtmz1L_7=ZJXPuhTWJ9M}@}reBFO2C&c+Q`$
zXl^vszL>0=)kYFkFxbKt_M!MNnOzHw;h*+m$eTh_Lj33LWZ4{r6}-mVUQa9dxqplt
zS}CA$h>Lt3a0Rc79mb+1JZ%@hK}6QF6ISwb7kWyN0-I6ZjLj?&(Eltqh6q=p!8W<6
zqjNV5PJHqyy2iA!W*Q=?u4Y%e;y$2=;}787<rC*47JTf#5U^k<3t$1SCG{hH;z*7H
zi8nI|NFWC9g>^wh$l{1_GY%IPGmM_L1}?l7!-dJNcH@4bsuUNX!xn9Dp9q`)bU1<N
zkbMqxFvroMqt`%(nTQT}-uk~8AFfEkhXrwbxFQK3rqa~_0t^=g0Op4mWnBcYmS86U
z3>QXQWD7ss8wc2{i2!5g8wvD-0Bd6agUUFzOR$ARfHk0kAGYJD+9flzp3(dN6a736
z@VYZy(gt&QO#pZ`gje)1cx`4M5MB)cuZHl0J)C|p14Oow0pg+o^F>(eSb~Q-@*4|Z
zGQng@j30OBbb#5!3>h;%u6B`Gk7dHpt4x#TrI$%Ujf`BbOIFWB4?r={ER;s8SCg%-
zZFr?_LfN^Z-9&K|yrNH=Q3GEmC4Jq^zK(~lb86x1<fO0b*w+G(1n1OQ`+OvKsH%t4
zjdwk1EN-i(tY?5zaPN8^?!67ZC!d3R@gV#QVWTwf14SFfn^T-8{I^K%6Ovf4nF2Se
zW-maY<c31ES_)lwo9!x-G%xi@N!S|QFA1V743>rSpx`J9V<rrd)E4qT)qhYyG5_wV
zON_TOja@y->eq735sMt`PFqU}iN%6?9|jVWLXufh(d#sSBgHK^K_|0j@(y%%O2GrY
zN+`c_a%kjX%vj}9dk`NtVEQP%Arr5bi!du4?5#(O!=TyZ$l4%DEwD?WN)xFcld~s>
z(htM0G+CqHJSp_=?9+4)l(cz+hc5Tl97>gi&5F7>w@-c*JU4u_+d>vnm&D`^S-Vy5
zIBmi7gRn^+FFvl{HH31p>Th(jt@(TK3p%B~4N5T`QXe~n1Q7ih`~<uB>ROSGSC9XK
z$3KT(&hL_LojaI9E4h2c@;k|-XR;(|1vwbXQ=6VEjhLP%)pVr-1pf`5fr=()%W9MC
z+$z^}r20a`^W<RNe$Wb`(uy3P+9o?Y6m3PWqRr3qshvLO0lB6#b!uqj6N)w=ThZ<W
z@oWl6G#eG?hf+-sz~v|ac)!mbSq$ZO`kb5Pn%-2O@Tpjd3GL)y@8#m^EljAEYd(W7
z+kNT>P+wNNed?zahFj8>cogk!Xmy6eqo|Zo6E8(TZ=1zza6tyl!4sWal#cT#h6Gy3
zbCYDeC;@Dli^uyOyd%k$)C2k|^cBe|bj&rp3PHzmEJ91&Qbn65`P_#W+X-P{y?$&(
zEYS<vaVftjJ|^a{Drf`>%MOEDCWR5wKJ_cP=8PpWi2jIJU{+H?j(t<Kk^AJ(pAm6j
zk`|xyQyFl^CmfTs#b=q8AE&htr?n8L^#Gd|_h~-Iv|hzy2U|fd&I%z6e|zxn{iIjD
z<tU@ymnlRN8vm@J=iid4l~=S)q>8Wc2dY_ZVwO=`>GwHm0b>L)^SXUHWy_|!xeimG
z+-=GByTKz1K*3V9Nq{4_+ZF9%MSI+;XkLIowc^~WsCyOXS5nQHRG+#DBzw808_?%t
zIW)W+MA`kAkZ0UPoBt8`Z?0JWDfNnXWwr@caVP>#n_$N`a}g(U$b1H#auKq59L96-
zA{>2}alb$SBE+*}cV{`|vw{NYkAN|TeP|k{O$24R#^<a-JV(D@=jJ6&kdnDo@1pY&
zd<V#o?=(|BCL~tSN^)f9M`GohgzTMw>~9dN&CHfg@09@IC1E!dS2WmH1=(FER@9hy
zm^|p(<5O#8XRQnbDo0zOcP#4Mx#Y_D0H$Uo4<Hu?;Gq_0f|y()`JAmd5Ltjh9Ec49
zv4Qno=TjSGbg=zM!Z8e%-0zDOXr4{pDvH`9)pP(p(;vD;(NY_v(C7wVXbo|}n*A0T
zXL<mTIX(&hd`Y_tO_2e<Ek5$Mi-__45=#^UdYQ$cDZpK9vU{(82!<a~++Bf#5x|Vu
zAVAhw<<Kvw6aJ+MeZoK~wkn}@_&)L%MV)F>)QQjwfKx5W3ICFi`F)8<kp75Rl+f@`
z6)o#iU+4`s<j-KpAF&~~#^&swuJG_C5eq&R((s_~I_Ue1Kb;g$cXi;i$i<-F-UZ{U
zg>k&g#>YN2kqANKD~pW}&~GMSUkM=JeG=>r3k=aV4vyq_@p%g1Ib!m-@pfbdfa>hF
zV+Lb!0G&r|==rXF-)f*SaRiWHZnOKG8)e|Sc;NL6S%86-4}8R>sNZL9SCWcVZnKkr
zgQQ9J$mMI!Q3w-Q!b;%V9BG_n7t5E?fsTUXaQ+of+ahByRB=rw;D)0`3T3s(z$@4m
ziM*=jfJJfw?(9!hg#GBFEA&XtPgZEWqdHFVk~<=azE5OzpImb|RdKiZFJs2A6l@5+
zO+benlGYr>ptTs22%UbN`vEzTg2c*Finh~ndCB=cp_lcs@&!6gz<i1@zOW^X(Sqr|
z@NXHf4D{(dDn9)NN!K)H*xOFw-ln*Z%A)V6q(+dG;$v=LK_}EbKG>IMS}^fV2bz;4
zjae5f{l=ItlZ8)NKQLx_0RLMy{>gNt37l<#6^in8UO9>O$bRL&?ffL+6Q8q3e42Sb
zlVe_^&k1{RG!<kMpXlpRKziWwvoqHeV}AP5)aGcPnJGetSh>`gSr*KU^|10ck(-SB
zgoO3LBig>moP@_K=OY&84v3yAM(oH-HrXuv8|M#jhtaM0k8hm&wTgO*Ew6!+w89N~
zz>F*0CL^x)#Z7|7LIWDZ*g7LL)`YK$MxzPi<?GugUk!^liH<95w<WlrQM9Wi?NK1l
zi6F*pWL#myd@F63q4by0!CKMo1Cst!a_*Es-cmxNGl6r$9=cM(Kts-riZ&T!xalC1
zZSgsG;fz7heHEi~1#9+$mM^<EFAhi=2J+q^v%MH+?mPrIz2r*V_LmGngh7chsgQOz
z1}4f;)E?>dCwM*w=wTNt-=(dm8@8S%684VBHJ`(#v;$dO4sFb`x-q<mkZ`hxLV+pH
zW(l{@XtNJt4*&0vVDr5OJD;6_`y-nIbm!rSvkXM2CJ-eM^aKf*%;ZqktH7=I`!GsC
z8wvusrEXjf6!q-l>fh0xQOz)-3BTuIa4su?H3!tTFm2fC0Ys_Dg&2pVrq@DsBYt`v
zhAn0!F#pj_N@$gd;@=iBM3bGHaGI<o;cE(@--&ZlFbdjoM_%dW5^cw9-#P(xfHSoE
zK$rr>^}h*F&9Hl0!cWlZL)XWkv#isKHvF_N^d{>J8kcGg0amxs8~~Piim)3eVwapP
z3M#%pKma<#1VD&VheT4hja{}#r$2@2Fr>{W0K+nz315O98|q0AJ1pT7#wfy;NukkA
zleB!8=4vL%9<b0F;h;OQ-&|QePga+Lo;4omqu7qe)6Vu4w^N!2MY{+j8j$x^B68YE
z8E8OdKo;7?%Bg~(3=|6tf_65lop>FqzQ-a`qPbIeHOWQ=Hc|<+>7aB>1`GnZ=pzQ&
zPSOcbw#7PPWe+Lw2<DFoUY$5%1;iEgL!Y`?b~lL?M^aGUG4ok}X_*olzH5?}zDo(c
z&SrWLX1WsxBng{kb*v0Jr%x@h`PBRDio13N2oIq9X^Ua=o`<T6gp27sLE~}Oh?T2i
zL%=N3^6A|&tdtM2@d4a<_rUOB(J^vt#V42txPa~y(S%DA8PI+JG}hwdqM)#?v_KAa
zL33FaUQp4d+N7F;h(1s-oK4wa+7VSTuN^MECHy%pc#DL~I+Z+1S`n$kJ5zb#V-`7-
z{}si3lePS>_&O^pi<XK=COg|vbD>zZvOrP)eJZGj<m!#Cg6dJpz1crs(H;giuq=nZ
zpb0A$iwxoX4oaXoiI)Vd1`wW(VSwCfo6p^Z@*jw;AV)QV9Q6u8pMPmmv?431@k~39
z{Ke-!iMVZ}V0vQ3p9w|gQJ6cBm6owkJn#n~1EL61ewa`L9F;U6jk^TG^BVp!8y}wM
zAIZncCg2_8T+!yW;U9~T4||ZRB}Q7nt)?LdnuX2`Yq`3_)T9}xpD7NHeo=cg8V*@7
zzcUP5ET2v%Dz+2^f(#O_&)wx8W=!>y$afR=bDuUH<lZ`%_qs%QtnCYrKhQ!Sv-m=z
zPx!RqC*;tdn8b_B;RM6_j{x8OGx6|Uqu>h1BWY{!70TnF&Ze=(x1v0b3)741;nTd(
ze~r};`uUfp_&TjO<lT9+76AOkcFsf>1Aaf8gCJ#^=L>x_&$qY(73^VNJYz#Z!ygk8
zAx*J5Q9=Ip;KutD3ObC_vY~r<IbTb7Gs`Axw~#hLDr2YQY^9xM1j@l0!}iik8NvRL
zVmmCc$+SN-Lh0~QGUC}H)kH1f+svG%z67wRZkM&u+m+DI7}=mk4xEEpM;>_sgMvRS
zs~_N=n2l#7>dD9;#D`P<88GJ}6DdR+VF5n$U&7R$gMkB)Yx>;BDcU1^-G3U_j}8Xb
z${bIW&~FTUD9A-10PqU(m<*3ubV>AA3nVWEwkjvkp|)?s2ciOi@La_21z0v4VZBIU
z0hAR7)z4+IgPAmD99o=XIhxN)SPtH$X!FE-j4h9elbVMi02^bW!@~zi#;|AY=8cm;
zWH~9EwS_G{Ep?MG<k-Y1gzd>Kz|MjB*5ZtE4H`!+P<t32rvv|fSd!f>$eXP=;cWi`
zpSqRuMI4D(@jM9VWfsy4MH%7b=)YJF)`Kd$Bd|Ymb>H=xNOZzSVU$~o@q+2}G4vb>
zsFB}850d*B!*X;P7b|{2%W=+SJQrLM3FqQ+F2EI96kD*;zYVT;odCGfX%ge#$Hej<
zps-3j93wIyM`%a>#io|bzhrGO$IGg3m_Jd~af_s7bx5I9_{UZD!xj>pNIHs5)5%!2
z=$wIPcyo|hAa=rxCB)rtWDyl@AeQ$F%T3!@B%j4|Xw+XjgeS4Ep(BG*++Quu!u#!I
zR=ix*M;)}7;9c=C{THV!rpV2#F4Ze#^>P%7kn8?*@pls8af{w@0MCCLtndlXe@|KH
zaQ6+U6+x|7f9ViA=6&&HcFb!nZ;2+Jr%lI`akO?u9YC#>M$7~}D9M#Zl;lYxP!s@B
z4_O)rnl%SgKn|4NxtuDStN=q`M8$XE!FsUaavvVN0?bDY0;$=oxH}fxm}LQ(UFZ~M
zE!dk~?2u3IE5bW9ety2{G|q5x&Lp+)M28&R>~o(Ee8JOdhi=a4beQxfbC|=_!(UiT
zYbj~~B~eHzz7mr=H8w^`;W44U0CHuA{@H#2N^}b}7KrE*zGg7_^%o2hKl>AdMDLS*
z?THif(|pKo3_t~vSd7Jz98ylc2Ia&&HIzSEjyB5CdQf(5mE28B+~}Vj+}{h5bBbg(
zyP7@apwky^28F2!k9aV$a1gVnN>13bDSE1UI!rs6yA6draUzJrBN2^L6jhgM^n8~3
za8fA$D2`9RuN{x{!-}&LBdG=t^a5g6CikN)2AzJog#AG`ev1B?eX0qw`RH5sVfAsa
zhgu^;@oW0zQ2rswxl8Z;x+$uti*wLO7q2WVOvf$Ao*YU&Bn7KGkT*=$3J-M<+b}+R
z`lf)NdsTBEc*gN-qQr1)W)6nO{)h1kgDe7$NzNMCy``8%Tj+Id)5l>93dFH&K(P61
z7=B%SittN9{Ibf?hGhKG+X26>yqe+Hkk0^bLK6hSt*gBo1XFT6P^~~B{0e@G_|?ep
z>(B{?U$=b5@av{OGW_~=+1c^y|DDgB^L*~%lTH7}ozMN{MAQGh=W~17n*QJU+=s`T
z{$=NLzz>KC7#u+?zuU}al0#AGof6(<aLCy>8}QOKm6Za~&cLI)rB<3!MO1v|Ck9iH
zRHvlQwzBlU2v81LgEM&Sk!xf555BoP?gyBUKpN+TK{g2N@(h?n_F9t3gnBReg-5*e
z*U(1RVUd{bKD<T>rNh5xO)16+B;EP|0(_Aw3!kvFI`t?ljQI596kz+P?ED1eVMGvj
zk5BFOiOMMnR86PhUrSh2+Cg1QLZcjvW_#CT_fYaQ*283%Af?OB9kA75XaL(WSVZS3
zvGP9bA=q<y$;B83{`79d6iL_!y{}wFxqSKfbxU|0UoS<)wYC7W`i3dhvqQ;``INq(
zDLqR0fse?}k3qhz=}twnHk#7cIHjvee))#^bQ|-*<5(vq8__*SaXw!g^Xa}EMptt6
z08={N6YXn{N%MjET~GA+Lz_=MqKvqL##Zt9%4uOV&Q31h@h#S~5gEHI?BkQ~!O=ZU
zVOrGVvU4A<Cz9P^pLz&qb?)`-j?e#VtQT9)4{1G*>7FAv|I^0&qy5+O>y@h_`P4p*
zpRcE)UD=PS41)5hhm{exa8g?7=Xxsa%CoHOm`KHQ07^0;+52*)BzXOu_`l*Qj{BGP
z$NlS){O|vE{EvJy{y!NW932S%WB!R#flo~Y0kFDFa@Y8;Ad@Bmq@!FGN*;d474UPk
zFtZV!j)(aY<|H4nEJqqKIgf<CQ2IO4i0L-68xayEKX;3NB?^us$O4DUdT7aBA~Fkb
ziWIGU9gQ*>Z+wKwco@GG$3Z7RLrGwxJPIn>s(7p<z{X5+JWL;+EHUtzy&W_o!<{j7
zbGI90!?fYe1KPt-5EH!e-X*DDaqod#{7*Kz4|uRVdf;-Wb`0z8f6xdnK1b2$L?F+H
zu_gzR`v5n994_!YJs6U)P^^+N3h}@SZP!46-85@_<&1QNs-dTt7mX@&@MvCb^a6MS
z`H{y^O=&$ssiUA%Ni6F1sRzR8crG4#JWA0SCaKFeO%tnTW@2lTv7$eZ_|J@8lpP1Y
zEzR^)E+0Kv2~EL(4qX_~;cE%2RL&SZ39Y<?y#n-$ZUuhOj<w}Gfh2Mj?Ha{-2)8Yd
z5j^-J@^__3ggkbzWJD+Eq8P7abcpA>d69<*emo->`?2B=X2YRvCK8AnCYr_ak9qv(
zT;35H6qd$1vPmrbGw5-R*jF3t>on|D_>R&eJb)YCaz_q8l;@Uyz+v|fRxo$H+7n4<
zy^|sNQCau^FJgo(lJkApxq1E?%C)$NZV@o7!hUH4oum{x@&e~kz&lFt12e;rqLmmV
z9JBY#GKuAMq=MlTd}uoPQ%=jX(2QP5j5f*wM#t^vJH>KJl}`5ah23+}e%{CI=Ot!8
z-$M5DiZpLCo-Y(`B{z|2-0^R+gc!g=aghD|R%Qo3!{LeCz;QU6#i0nVG+`XSZEWh1
zyU2PT#s-pBY7?uKgVys$ecFR2pYtFY#(0guzIItFviY<}?EFnyaRz9%89WNX;;-P7
zO%^uNVHDQ1@(YZGj+{R7ErpXlK+8g>B1k^BVDjQIiu*IzS|xFOBpw|0u0u`Hit4}(
zXf5VEf(h)M5!rc6thkMgT_eL>dvVa8V<y|Z;&auo!3e?Krv8xw`^I~I;z%joWo>~y
zS5~_@tftY)7t;G&PVWmiy;GFV`7$wRBzUx#1v;KZ!DTNM5~5gS8(u^?jNm;$@X!w0
zrUJp&myWMgQWyF#;?uK4@YO<Kgioy{g6|LllOrpQ=<fAJ<iv^>d9!?C(ZTTf=!Y4a
zhBV)VG+)0+teTpM4L*!@{Y8EKGc;ujlv8#<xgSBf<yjB=LgSJCJF)tX1-yFJLvpl5
z4t5DJj*=FMS-L&21yBOke6+*oJW0oeu=a|B(BX0f1WPexyi8j>R5nvCzxv1{EH=e)
zIar?o0%YVK0;_?1?U9*DK{Ix9qMt@)*9v@6w7CiGo=>T!B4QDG;?!fq$FO0aP)~8+
zw;_Byh)@#G1V8~Uxn&zhoHFr<Q}8Fow&RiheI|k};Huv*<An(<>%)p>$D0VU*aL(r
zzcX=Vzi+JU592G#nq-SxUT=rL$5%d;ip-go_^-wi7b&>4)X@?z2>+gl;eDw!B1bpE
zykI128G)oaV5M~l#<1VS?D2GxwDyLJh~X~+L1#{rZHoFrJzmoSlqP3lk3;YQabQZ)
z`Kt0h@QbIuwy^=v&Md5aVKf$1LKAwYXmdUS{`kVzR->WHr$(PgaqReR&`|PM3^8UW
zj<|3$tP3=Gk4bj!#;ZRQt9BL!fniD>Neol65l~^HqA}n`<{JxSFyy1Iy+uIG_a~vo
z&j~fyic&8OI~K%y8A`n{+}OyGZX@6Zup&FWR4AobGBAlVV;ng&2~{Ys@B@s^=fcx|
zSa*t^A&Z53`PJnd*iXd5h%D@oojYX#MAhxGa~JLx?PA4Bf!$K&qS!Tp4&$MH+%TZk
zu*^1$1-N1SiEkLCJZE@(!}u*9Rw-^63lletpPG{VZDGIoMQpz)@5Z;dWjw;R43FV*
zwG+0Cg}7z(<p+HKSj6{_htIly%#H0I9!9kB{i7XY)!aw>$HJujBb!+9z#L=vKpZ2J
zQ8veslbl`9`tVJ}pln0mF65THY{`(qS}7FbUa{g?Qjq81VcTw8hir<)2!l5E?t5`5
zo+5h1)u^J?cyAM8H!R2>XhE_ZKEw9`Z=UQ#+s`@D={LSAzo1oFL+kPTg!RZ~<?}O$
zijtOOd*ySZu^C*IKI>7w$;Kqc%*yA|hmey%d{y?wSLHb(xyUHa=JwNq0NsSk+0q~d
z9gWO`l`%%#Z*ynlyGK!<`@6`OLNXF5W%VN~ls8qnf||p2e%ji<r?|gT)KhF%$Jnj7
ztCxRj?CPLBAA`M}cJ<?8#h<#_u8x~TifeCtSMTM!I&RvD%2~p3>_6hK_7G08_}lrb
zHGYDF7k^rVPHUIKG%oJzwD!BNqO3$s$K_&G^WYk_X<+xYrxV@R@(lMi)$qVUb&Gl6
z$Shvj-{ZfQ7k5~??thm5+ON;%zgF?j@L&6*iTkg;Zu&?3*Pb){*Iqcc|Jv(&V_5OA
z{}RB8VM$JGPoC<B5@&U1o7%^n?H0qGZDN8u+v_phQ1I%F6T#o^&-PVs3_bM!Vg78h
z&gRc{YhQo12hQftcK1KupUoQgXG1Ua|3Ut2kDkq+?GD4AZ5n1iV~B!*1yce)z!%xH
z6RosSaDz(zl|plsb*3(vjI8m8Wu5P?E5lf5rZS9$c5)s1hizc~VO?dN1?$=<9@<W^
z>I8QU+p_(TuoE^rNobl~hr38>$=it4E<k@g*cii(5O5rp;v68WY~+YPmo!ld*5ptv
z8pG^53|p8&!6H%}vy;x_V)Fs=Z|#ttpD&4zR?ipjw`|Y)j%mI)$Fi4xbDHLh7dD*~
zXTd+4C3>yHbW*&xhQ-<pOow+F+xOtR*;ppsaZ((b?uY^8Dj}(PXzKn9KWjc?IcvTZ
zns0@w@bBJQYBqI=Hy?Ng@}T^8-$B5wV}NUY2LZR90q#V8!3GAmF0rbb!)^2S{Q~qA
zDZwC)FVbpMgIq6Gyug;pUbZsbB0h=n8gS$n_ZxZN!8TsN2D{~gvkVppXeK2e8w9J6
z6RY<OulMtQ^=5B{-z@Ac%MqdU--}adG^vi0k~p$SQd>>}@Nc^AN)tX;OEq1$N>^-^
zFu&n|@%w{EW}(hauJf4Y(!+dlFhMK{XXxk#0v$Z(0#e?J4|#m~3R$c?bvaA1FfHb?
zGmS+vVR6}>wa^hGp4p{InD988udn|mzFz4pCLUUFMXt;zR)Sy;48!zOzyU0aKaHHn
z$_zuRNKE2@(x%nO-s?Yq{u)KQM$fCpd-=l{Jh6>iYNEYu%|WxPT@QZP6lFPI2GKX!
z-RrmLmTC)&0#H9Iwjmgi_I^lF{rBmw|C?y|gP?fx6-6W%CIxFfk~*wxWrhi3vjRU`
zDf&kj=5>hW7}~{KbJ$!Ma%^M*lE*YzTYj|-!<4*9XT|j(*&GghNpXCs&aZi$n*HYW
zh_o9JS-oo!N4<oek?cPD#9&6OEfm4P-RPeKDrcIl5c!oC8CC|2FdK7a8?VxeTZ+W0
zJ@D7Ne`O?b>>Wl8Ti{)RR~)ayzh>|D&%8oJp7(yd?Z9s(^#Tqbex4JT4-g(m4(IQR
zkwYfnXJ#^F7Qih13lgDn60MYC@;JdKfqu3E9bCBDMs#rDGxVF&0(1cAJ*x$I2*R=i
zphLKC0Q8-R1^Nl3CvNZ@s`JIi#*Ag{WZVkBQ18N-I~^v*TZyL<u-6i>$8h-KP!7OQ
z4#6<sH|Gcp;Rp-?{>_fS?+BR12xA3QwgQ@L^|p5U<~7fk#YaDa%AZ1I_|5qYDt`u*
z;5TPC%;94IjSMRTEZKvfq0NKv`Mc2OcWL30S~|-x?)}7Q1-RY>jMM?L3p~B+eHRzG
zP#nL9ukvPiTL91dV3nJ^+Yc5Ad*pd7;fv{hA~C-wEGUtt5O85)KPj}#Dp7=B^$?P`
zmB?F1QzWG7R4HiA=HWdi081<W-rvP{m3bYJK|bvkIoOzUj$R9SuVzIU7tiC##?O<<
zaT2Avp%v5!Pf!cZ*jO`Ye{Kxk<1Jf}VFIwt&xHT15d9;H^1A&q5N{@g9A6-I&R-Lw
z-)9r)H*!4|bz)I(&FAI>`izzTU%d(CjWkI#=6?KmI;9#eu}eJE$aj+L6>rsNy-Tq~
zd=*jTZvY<j^kCfWcUukamc}jN@+9{e|9J$S@a0gE1FC=il4-K~fyB}rqYF!k6;Iy>
zw@Ed6wjcDX{jP1&>2|!D(ae*y)D8?jXpcNth#yY3dlTRLrz%>mZ`^!q;0o8aFy6kz
z$FDYFada8HR(5al@AGLlVGOTJWeT~{WOTS&!h#Z&^zYn&p<MLWw^}GQbt7kdMJCER
z6<S74EtI)lTa3W4D{5GOv*$e1OM-tS<(A#Y6Ai4Vij&#Yny9C%`P5F()P}$mI&lhD
zNgAd^!$(EUjm%*4JmF0&6xb_;@J6J-1|=1BF=^XZvlYRMv07<xmsIm*wto<Ia2gbr
zZKpv^9o>pesG~cjXo39=%9!5QGrbPY%pQM-89%wp6XKUA#KR$5I#A2Sa-0^K`Lr=3
zH}ngc5*m4m5Jo+&mu#`HT;YwNFoE*Fax<Eqz<3)AC`gV}(axfcNTJELBGCRF3Fjj)
zhBR4A-KF3Gd9H-cty>W*AHm3BsI95B%HWeU&+}c|WWW(9jL@l%*ygWsZS%(8ydh}<
zv?i%8Sxw(1Vc51;Cx=oSBfnQd%W`2fxvb0NkyXqm(P*3$D#*of;TC=7S_|bRSJZI{
z`Nl`}Hj%~IFW!UMVlFbZAV+`UeP&7a^?MAMN1kMsWHat+VfIX#r8OtdR2QG`#N5Pq
z{zM<sr{N7n?}j{(Vf1S^Q;R;#(SrchXO|%0ER!A?OW_SdmQrXCjr~}Xq8yk@9$SfJ
z9>7*<y$2qc0cY<Uf=PN_QiBr87>&VcsU}7xf0~ubg|6Tn{A*}%A^Ta*ex71KFR-7N
z+0T3IXA}GRnEf1KKi%vn-9kT@eMombkOIRD=D^?TvzVty)um{8-CPoPKon{c0IdO=
zvo*}}JVC7qHVbXy>moe30qL^|$pPb2C3RK~yZ42c>MW}^Hh3sy_1Ivqwb-INcf+c%
z`(MOu0Hgl-PBcY3ozO<$y~ui8mG!e)qC67P;wlzyVcZj<iNAVn2@}L-@lV<CDRzIp
zk_|IEahMk*4)Zb`X5<naz`XtgIEZT7S*9?5S8NItHNrkCZtrX0$A=gr0R_TaF`Ax5
ze+vZ(!j~?FfwH#5Dr*;E7<07|_|pX`|5Py7?(7HVAAfi@FwdMB19SS@43;}qvV8Y_
z;3-z%*=oX=*l~EQO^t5*bNKkA9I{G4TiMX#xl%>5Bo>|of=?Q$9Y+d1KUqR~z3f09
z9!7a)WYla9(YaP7v^Wn(_E5QCA~!<l!$JXI@NL!_!4xkZe!B!YV6U$3pgEIy9M1HS
zJ6Qyd2k&fQ`Zq8gn8So#u55J({)?tl(jZb&dhtCApm;ZvZ;{gt(N-f7;v6xJt+pD8
z)3BF=@0U-<sM*@jk$PGBv(WSOw?#tBc{`=PT|*=eIz_NrlAfreC)l%jlC$6G7a#!c
zt~2oI0~U`F#swVabTM%leSyJYhB>}1hk4<Z1P<e)G%2BXB}!NNGh@70`9kaQZ#h&&
z1HPsoCxR{EW;wJ(f`Zr%)HTMhM-E?LqR1>%g%$T|s~ErngWykmqcS!|3~erBMT^)^
z8T(noeqLlhud$zM_Oq4!>}Nl1?8n47nax6sGuy(3tIxUbtW1q%8w|aRf6Gra%w?W+
zdJCpSOQam4i^5_SHSxXW$??-EW_8GN&kt}ZK!aTA!D!TjDdM=T81tTDhLSeD9yIAl
z7;);$>4`SWy#A%h^@n1Yt&bCXyE|O^x`nr+>&vm71K7@QupNqL&g9x)W1c?c3Bjc9
zmZRk~8-qtB$&-wp6|KZWH9meyAV9=}k;jRMq9STPr=<-|l<L_2$j~~p8d0MzrXOT8
z`C}dCCjtz;uAwO^v!w>;m!UkOtztV#u#!D3U{7n<(<1itJbNl-PcO2kGWPTmd#Yql
zud$~!>}f4~dY(O1v!@r?Qxki7i9Ky)Pp`43-Rx;Cd)m*Qs@apyo|@PbOX|34D|_l-
zPb|S-5btf^X+L|ivL~HA+1OJXd$O~q4)&DIo=kKU63k&wR`!(3o^0$Xk3HGhlZQQJ
zvnPp65LV=2I6>b^0W*1eC=M=*-i@!@|BY6e*+G#Lf*J3Gtn+~a=i}K8#RzTf2uaak
zM+&)rhy^v2Za|v1mBNVz?q{ZOQI8$|mEw_&EgRL~T0Gr5Wn!m$J*NJrdxIO<=^i{6
zI_xL0J3D&mVfgX$sas%3;;UODgMs`|D0a2`P(P!?mgOY$Rr@a}D@`{CGFbiuV33ZK
zm~9>oQjn}CF`2YI@w7|2<Vq7Bbm6-;>584w;LVb-$Od4!AqDeC;_*&4(|?e(udo;-
zI&oSoJ`;(;81G9`+X_*U^_F!Afs*;+V-|tUHDj=eof=%x;4rO`w6Rij0)S}3EGZ}u
zfc5}@b`PNH??F``{+<m(ABr}T9(H|722G2st-aE`c7V%HJQAmF{l9_#rWHRXsi3lV
zyt@{a>35hi-9*vByrj_=q8eY;QLvUN)HOwhM(q^~n!VfidxdIBjC|`?;$su-^Tj32
z^TjhYUx_Ox+JhaQk`cfca-=A5@Dq{yfYDz9ZCL_Y@rg}C9Uxep6Y<u0pXewf*qkUy
zgKD{v5%317fgbZB!|^eNKYAh=_z0+9g6Zfb>_ZUv0r6uQZ}eUQ;Jm*EAah|A{XM4^
z4@3ZBy8%kO4P2|?9};lv-jCv7bXB{y)%B6rnLf*IAaR=q9LBvg>RBWOCt5u*EWUwt
zYZ*(w$yhwOK8D2;ZP3$18=ek`RgdC9)}x}|TbOs$@AcMvfd^USP87)&FE=s#p0^bi
zayuf~!q_pv7yb(-YyNAH3<4jywnYv=0|Bv*>gNm1w_=;{|A+(mZ=d!sA?a+4oy!8F
z`Kx8ke*-nS6Po-K?b9$VfZr?$gN&$osgi)sRugQ-gN-cW`GZ|z3Ge9vBkkoF4<O7<
z$Tc3&iayVH$b$!u@!)|6$#{_9VVd!PQJ-cR53}H5uJJGz9u^o63*cdq@vsOUN{xq7
z2{r@H5CC^p)8DWoB)npd;;Ysqykb79tDaAI#XQDWy_oRoMfU2YgjX-ISFa_!V(zD_
z)+W4K%U)F{yu!b^JcxVaBC=K;M*6g6X|2P=VqsOSOvhX?*?1cCyUSvUVr<Bn?fAtS
zix!4netONV=H!$x$7>uWmJP;1MEFs3D`T1^FAg#>i|EjgVyRnDJJov@gSs2Mx#xqi
z=Sr^fAti7@H97R$Aks>pYAsZqzh-(L`xQJ8#6$V-O4@yPee+8elU4vd?ZYHjpMi!>
z!JgsSzw_=od}j-GSo}kS9p-@T?(k!mfLtBE_&)e=^au94!_PqVKK27i{u@$}`abz<
z;N{_53IWlj%sYsN-g$+gNf?G0O@4EE&@})><fcC3^{E?+(25N6j>@4zM^uhBd!r3L
zRYyBTS*;hJKF^HDbR!SS^HRLQGlG8({5K_l>E(YcidFYyVn#aW9w~@d&^;t&zrVpl
zO*iV7u1EE$S5`Oj^mpE}mFZ@&;zhFkn2^z19sYUJ`4_bMNT%$DZYLSBG{}z`IuaG_
z$0ll7Z}_VvA<MjID@qq_zTu+nj*;R}Pr5i%8ZHi<Hd6EDt5UucO8*4UN+cmXDU@~8
zPJe#seV6WD+$}7HwiL?$1e5-ahZ0QLQZOzB`P9P@67LiI7uwrUjvzJ8y(@4Oowm?S
zDvTmZk!vrF{%cd>=<zTPaoNL$Kj^P`-eiCTw`~tbb4;9vR~%ZD4*&5DhyUC$QY*^$
zs_>6SU6^-9tk@ABC7L0{hUyiofNQEJrQnxoV#QZbDts+enxrj1YJ<V?WbhSiop6c1
z*Mm{3_xjWhS^bC_qh=!yg2o?fpF*q+lhr#+-iD%dv$wJ+W4^bsDANQe60mvS#d(C^
z>mdi4#1RAn;g^XPHx4vb*bk<tg-1bL@c}%JhL=GDbPe&Dx$gob*dtwPV_{B%b-?2H
z1&&gqiJkiMrPF)hMNy_CY=xm_!k9%&KW-_x5*C^r`w7R_S=f5++ApjA4{dnz;I3VK
zj4JjvVLcEOd}`rFn+)R%e+tq+qZa=#q=Nv3=*VFJE%y+%9t~s6c(%w_zKiD?@kK@l
zCQXpdhzUh#)>H)8kHAD&A}B#JeFUh~XU|U;pJX8dkL%qx5%kJRGvH-2vCJ`_{1sSc
zC}aBuhe-)p_R~*BYPG@qP^NZO>-SqzO$b<TuscP3>S>N>xrNR)3OQ2fY!5c{zGU`a
z14F3^;>8d07a;#awMEtzZnI+LXj9;5u-CkJP-GhX6i@bsyn;7$TT~8>-iG1g*5D1F
za2~wsm9-gI2mkId{+5F^-HFWwtGl7reqfL*L5tL3bC(j`d0*|~;m!w=SCHSunB90{
zcJBkfljiN={O*20<0x9)CGxv5{rr!ri_jkW4N93i8Q9$>Z?sWXt0h=cNqt{@`b$#&
zNA4kZ*D3gY@ZXd`V<93KaVJGRp*X`*5HFI@LXR`M20iy3WOnT_PPYO%-3a1zQ!;vM
zC@>;5Bf0Cur@t^bgdCbc#>LsxdLLHt@!A-tLlp8zs`cFL&Px|JihChOU^u{NPtoSY
zXb(CJrx2rRreVBe48!O+n{_-dx#R3_*>O?cDX{_rMpB;?cL7+>DJyiBz<Pj=^x6)j
zC!G%q3PX{|!>;D|U=g=eTZ0EkL;@1=0Jo9UMK<p{#BFXN!&^PFbW$k&6!LDA3wdSY
zEu^nZ(q>!-{9?QngOgYlcR0?kf%TlSD#AT5YdzdXtmlw9)<~?rg7v+uzR!J(^BdMj
z)wE3Vf~eRQ7#6xssGJ5HVlzOq$)*VQ@C%gR@`Qx(lv*2L_?43A$=m7w5Rir0PHvWh
zJ2ALYTCrRhO8pQ!luz&8K)=C`?BX%%>EPisCFHRwp{%VKY6m!VfoMzJQy>ma-7N>}
zQWRu?lDn4%9Y~E_1~dTWB`8n9RkW-wpPJPnMH`_|pp6;ys%>E(I;0UXAUo^q!_KCY
zljX*+n||vUN=&Ot=4fWd)XV}hG_lItm!API11h|S_*on0XCrS+;AeXoKg)QB_?h`#
z;%7Gc$r$}^AAa@|bE*kf3xp5xssD<zGje|hcGeZFMRt}0?5rNx8DBr3??UweFrXG%
zYT{>I$j|PFpW=JGAo2i1Q$X$srMI9vdOv&Qp^9*c7i3Px;P^w2@c_CDaJYlS;b?To
z;cAG()%WLcFmt`-R5Tj-e8Bs~&7_i%vq#lb5kvFfZl<u^tkA)>Gx)^}$9zM(0mi+F
zb~3}C(cg;u*^bzLmOP)yq4ewV9`T7zOe|S!q5P8TvT>%t&aC1=%y_U?3N7_uUK8nw
zE}jy(nx#bUU@4JXVkwcgoGm4?9GVC;6HAG#U`pi7w=AXs@*%_Qc6rO9?~=MsHU{GO
z%@oXg1IG0h$Df9;1%wUa_$?bKvE}&F+YbsSrFkui`lamtpxBJyQf<)GLPw^j_XBSw
z{)$x}$ZFvx8&1oIzM#7%g+`A<@qPNX3ox{GvDv5gc*>9Z2V-1=3QSRpE{N)$K8ojn
z`;nbHt5dM3GmJ<^ycy%0z_QZK<S^0T5z{<xr=h8Ec|IC7Zy1EU($&6(`8<cx&HwsE
z>6W)2K@lHTr9NR*_Uol@46rJ5aaDGB%ev3GD&1#W6<Pg6a=%|}#)wfW2tMhKNor~*
z1x{B#_BoG`ItFWTg@pONztrouUI3fcXT@ek{mdsEg9Su~t6_jd=wX{8tBqpCR#+U$
zo`Pm}ikj=GT##v43h-rGGXOoECVHBfN!i%P_3<wTdKmk!2Yrvc{iqx&!aXDb^19yp
z+5nJWfRO*tTh?<<$oHHL@_^46p@c)8JQ>8$4+W$LF-8mM6{~)VfS<et=)ieg5h9+l
zo-`zbs914`$e^P?8L;MX<8n427s@nwEBy{JuLdM4+>e93=n)_VTTL#I4|~&!$Aw0d
z6%$5k#3(5v)Ry4EG!P%_G4PTr3VT^EXgG!4Fs#ND$=!vUS*uu%_Ofya;}3;W>&eAe
z%ik)g`8%a(Efff}g~yY>`~dXGR-94euU_p(jfD;??!}Z$=sMh5j=J_H`!_?M>8byE
zr0A8m9|PGBkfI?0Dcbb#D+3_KB1DRv-m>0vB1P}nk>U&4y~#idML4R277N^;yznCf
zB`77+mwMg@h!RKq7x{$aAQoE`^((RBGbBC>rh_}m!!zW-sKmbX=c&B;twehPvC8sW
zcy<W<{O69i0g_Eo>+l|L2frE)jj4Fe!Om_JV9+PuONT{@`rQ<22a~Dm``{IBePrb*
zvea5ovI$;8?S)2dJREw9YPb6@fGyw@MHboPYSyoZuaPV$`yiIJ@UoRypKPS&7!LIV
z=^xDhT2{9JS0Q@`Z6c)+8%wE+iKDyP^)qFIU@(%s(PN)h{KF-Up6@LAzW+g<)K{#q
zQ#vJ(rz6F93YIg7L?FvgUuUOaxn6#t*`b73Tzhn&p9zSIK|j=T3P6Y<@97W^8ki-p
z25x`gN@`%PL}s5M4B`=bj>Rhk@n)7j>N+!3$Vp)pmOjaQlp3pXXn+EC9(8QFW7aw$
zm)-uoeB<^g^G4GoJr;RV<&p28s6DAKedI_p_g)K?8b@tnMYRPv?dV&v0tKp{MbxBc
zK7j{w6maBD9hahKT{^wUW-l7`Bk)32>tV?<bFMP2OW{lYAungga*BFbuU|(v;4i*B
zUg$L{g#JE>W05W7R5SsP>6mLXW<IINWWGi#GSH&BFoi)k$HIWs`zi-k;;IPeedDUU
zcYngF*aldYUyU%+JZ#}8okERy1$tUHlq2SGpmkZh3ID9GG2rlPEO8#6;s;b>i48&U
zUr+=j8L>Q_blWliD_(G){#z*MMU(upE<vn#mUP?+HmFK=`m&ZuUJ6gqEz%NOcs2Zi
z=HX3DLLY-orSqm{$47NNjj9n!WMc^{AJtga*@X0)F?8}f35i---$_VUej?Zr%hIxr
zWh>vgeZR0(n%9Pxbgk8VJ{u`B;h62OB+O^W+Qj)NXPHltF&_`k$0Ak;3^dDLNtlni
zHa4GojV^0hmva-l{C-lG@>#kZZ*+MxH8H~>Zb)UE;lOg_42zI6C=Y&revBp5^Qb#E
zg9tkQVyyKa|C|8T1An1$;!;;_FiJf1=LBrn@E024l1wb~lUSMC5?lEtFC$`^M>i1F
zTsrJZQ;eG~g#w0==c8g#-Vy&za<mckVl>?Zb^upEsK0u2eqZ}dbeY?usGa)euGno(
z;0rF=#!0U{h&Ud+`I)M*n8Er_0H9dT^za{2P|E|B!vXoEpRRGpJp^{${B`*_KENP^
z(9WuKldD+{-g2|}Y>gDUu<m8lAjf?E;AK#x;3O!&GRg@so0qF-%gCWEBZp6NpZ?P-
zgyjl5%nUaOK70|+pYY@@X&~>OV<5gh1Nj~s$ld)1^4)<4k`AvUk0$lE{v7>%@^*56
zEq|i^A`kTI@6ERd?C*uQ8Beq)EKFbu3zeGiW>)|31h8;B-@<E>$Kr|ZABC4S^m1AJ
z<x+V0@>{gT7)v6)#7~j{b@LkbO-uT=+7wGkC^edJS8VWHZVI=8DD@7%ijg`hn#E_{
z?gZ$dV5ker2ARUY@9bM3y9*1v#kQkQmO`1#uD)f`qpXn}{XHzu)7!TIzF`G^i3N`J
zE3h_JU?~>(BRs~3pGw0YZVF%34MNk{$e73|T#_}jnQdhy{6?;bT+TfxX6d`UEm7LH
z^$#ir(K0<qMe8CLN6zD=awxVY?IZdhuoUjS`mgw3+4{4*=7`y1V*Ef^ZE`h-SG61Q
zz+|-zM7VA6uDCr}ex4?&Jz~|&3@J3#7V}4#5^^9x+k(LI$}x;v#Wu0xE`d8^92b}~
zMrb(6_>pU(GwuD(TTkmvA&ZHh){Es;%oqJqBMYnlJR=2aU@y0fU)+*!2@Hms-sqk7
z$VQ}7CTjTsnJ2Qce<)j-o>u&fz7X1u{0EKZ|Ksjmz@w<L#PRN=1C1uBMnD@x2-+w;
zqS6MGmVl|y9jc%jq9CH6!w6<@Kt<9`P!JM35o*d7X4e_#;jFsj?9Z8Xcib5S9|-A$
zypUG_A%H+Yfoh6J0L=p-{Xgg2>SqF?{(kfA_xJlGT~+sS?mdrt?!D*nGdimpYLfy(
zgW4ed{D*9L5QwpXGy^-rJIeHakK!|QhT#hyudv~t$GO~*2fWq6FX^tiFN{o&=M+}k
zUcvEHn+2!lebb{Xxf8}RF4B$;-yxnkE){KMV+r%nf>w{YE<26oKWQv~RNsPjwSS|r
zkP%^^e^48od|wwCPthxEQeo5VeNs}gI}hbBTIolm_!;jeW_^!?iEB^&7B6imnb#%n
zzk@U%W6|L|8iCKdUppu$Lv2F&Dev`yd?s;A7&@V(8IpF1o%Cm>@1rf?RJ{N56(OPd
zFQjvR)W3kziZeynEpmRA@NE)oE84qrFV!&Z<J3EJKG^mSoe%o{Y%@6aZ$KsQV~my=
z`Xwt>%S!EFrOv(+D}|S4+RvfLJFLjxSdoKqMb=>v7ZfRFMP6Y=K8q{zDHa(7MIL8G
zo?=C+<BF_jCza~yR0A2)#C8<?$gK-+fx0)dx_7X;o8szLVDptw&UZU(7Dshwp{#Pt
zTDY=4bcK*M<HnJOe;D62djC`gOo&l1wBNY`d0|%|eG5)?exNs9Z8<8mbTKtm^j88>
z8@&IRsLZ&*LZL$XGaYw&dif5owd7mSdWY$6GI(dBcT;E_x)OhDDy}H`*66!NRHj=?
z7N?tv{|6wS^CyD5=uZUs;yB3b5D94{Q7Hpe2S!4cYt)9DQz_bknUt&JY7n0TBL=dD
z#<MASf&OHaz#rDyW}3tBaNA_{ty8JAFT={KOPHWDtAB-Gj{TuOfW-ZW5$}S21;1e4
zxUv;^Y7xlU!Y%`jp{{aTlrN4~mfQ;}iuxS-!d78o=bzHyLOx6nY&>f~5%M*LCXhfM
zQTp!;|Nl<V<^L%*Ov*_;fR&ogN)@tF!{SO+W2v@FRB8k(mCH)?iz|gO3`09EMRO_d
zUKSbM=4DKb&z?*R0DHMse>rI~8Cw>1y+8Gz976J287SD#W3EP6)oab@XYAa|`KxF#
z=pg$oyn2$S*wRVOb5tbibJ8)37~UwP8bPra?X3$=v6Ga^{}#Isk}=$UemeX!u|NDX
zHQ_dhS0>_hkZZ+E6r-CdCWZ5?*N&Gf@Ekmxns~lG#mw$!C>E@9E8fpw7!KTqAvpp8
zrL)Um`G_`q6`7xI1+>4Kjd5}|;gZ3LimOH+XwgBzevrH(ZVXe7ZL;`l4t;H8{)OSs
z*liYhJj$*HSX6`1vS>f$k<V~tpOY-f3$NfaJ&Jd?nQQ~ACHo~{pI6)ABTX4dLKY4a
zLtuJ`x*ezD{PSEie^TlYOw8D<^-RPUlx6do`p0+^hVL_<1st7_-3{Xl9!c#qpI)5L
z{K$N6@|_Bqp(Iuh9WzkQa`;H*EihBwpW!v7(f3m^b)m%r3vE(X^0Lo}Y`)f9`cz^%
zZS;g;)uxN7&%h4oaci@GY<#UhQ?1WMd9%jD>}$_M6CSyhqI9Y~-e8F#?Q!%}lbddo
z<e7lvMOK1M%V+f^`8=z&^AF_Rlu!{S4l4@s9FP&ytQ55Cgd}?#%z)l>w*T;N91^!O
z0UWq^=6?Z-{xcNslXcRnX2UD(wZ!wpAsA+F&9fOGE_<R%Bq>X3EojW`Y%J=Bw;axa
zT=}03kwoyY%7@ZmGY9MB$Z$2&w@?kp6tSK_^%guG-U2oKmyFB4YQ{>R5+<CDz8gdJ
z6#PG&@R}?82kj#<h#yGsr{MusP}qOsFG(r3NT5-$?pYf7=@^@^a6gRi0r=&w?m!^R
z(B5C3M;!lbCeY{^3;Az-0X-BCjHe&bz7ape#;6)gI5!qW`2Y7w{67xqbrRC+!%6fy
ziP7sE4tO7Fb_?=<Um#Qv0l;{}BK!_K>pUCf_pi9J<ERWM-YCOsnvD-{)vupjdo3MR
zpgI%7YM5=H95(9cM*=F?A&VP$o<e>m3{i465vNM>(c&A(UfW(BH$K5x9T{KI@8b9|
z>uSd*;P^f#GolBtnjeP{KhEKlc{ox~=tJA0G~{vK=DRlfLGz-$l+ky$hye}pmfoX0
zi|BSEw~b5Swyhw*up&khvTE1B3y?MVg7MG4{x*s0V3dsO<`CE6F%Bi;k<Uu<5`C^U
zCn<mrJHpysK(%g13u`Ptxv?k<&!@)ddZA4|(TV%EqW)ah2-G<dCP7`_h@m~Sot^yc
z3+Tc|nNh22qrQ1eNeoOh(#qxxdMCqDUmaQMqw;sW;=0$W2xfnKinkBO;cWKXQ!qnM
z4X*aSChZ2$2yhcNwh^y5jz>P!qH=n@dQ&N=;2cS_sQSw>%jl@1v}%T`+KIx%cs`WU
z5>5VffNubRXK^0q*IYS9&2+6O;v{*L_Ouk3Wo8s-d_B>KZEQMcnb4oJOinben82uQ
zeuUa~W2Dj>bxK>+1$_Z|47H_rA0yqOG3Ee>$2SqL$GG`ga(hJMw?>DY$#zO7eNCaU
zh^OoK;3k2++7cQ@&O?XL9`e#|n2O&e>^Iv;#elIT-IaQjk)Td+FT)HYj|v&QQecK3
zGhz82CfPe8@w3hXe>R!L@MZ~Lw-lj0+5Ak&d5kM3Z-Ic2>A#SY%e_`D$+e&lROk~v
z*e!4N$kp7MzCvI^gi3tN)bY#G3?5l^%ZIh=3s=G9<i>EzLay*iF1EnER*{=k&HF<}
z?xo{QkRWWBj5$6&<fa7p&K8|Qh!~7=ErMBw0U7m-BcS*VCnAM?WF+43zzBU>qx6}{
zw#Nryz9pL692?T;o1de@3H;W-R<f|ka+O=&s=fpt-SSycZlqwjqJ66;FwbVx2jiQ~
zV`MMUS<Oy+-5_r~^2kZblqQR3)ZJW}in+QFNRM+Q_wv3}TB>r>>Gbo)R6H#$Hs`=P
zGa?nubw-BJ-(R%vj_<?!h6`hs2BtBBmgH*nj@Qsc<jmFDW+n+yuPq`#uOvU4{kNyM
zlyn<cHkPcwDq@4`MVY~>DT$pn80Ect#S<{@yFtH`<j<kt5yYHFKJ6Lx6RzwlJi`qv
zF!M^Dnc=<Gh}QwIjB0FSG#&^b1v7sHdegQ7lm$@k65@qc^K>ILK}kO%DR#6c3rq?N
z{>nDVt`;>Z-4Gd1QT}sSjJUG7VcMh+QBZ#7CH<_O`7dJJ*hIL+X~t-C7B#RF!$`v~
zoB)aL;q;PgLOr46DmqBU@;XX(s=xo2I59KqyTr`Q2tIZZKF~6Q;UpTby%RoYu|_f`
zcn~lz>;fx8E670W5G*X}?j10Q2*e)wLTDcCqx#b<j1LT@-~sG>N?9_b%lV+=7MPFh
zOUMD(5e!m&F}~qQp-)1YP{`xFn|m4Ukr9pQgj9@)SJIwV+@qu&DEq&W_~pApdue7s
zdbdh)3&!f)skVFrV9Bnd%r}NBqkwYQMF@jh<rsZ8i^??6m*-oVS}X=~*_jK6H<xMy
zUX^;}8rbg9a(TnAP<O59T6diWE9QKwHXXxT3=ow^q1hLr8r_}L<R10cdXsx1O>SI;
zO;#o~IV{%XA}awrQJ!+tl6Xlg$rV-5{v30P_il7%Ka7HWcmtbA5GN6K^45jkzep%l
zuWvxIL#A4d1MH5_Y}EZbVF!MlDS0C*$e#;xJFVHU!n9g&Q|dfl+<O)5IpD=v(7$Tv
z-NB+$Q0l1+DPX%(bbi4t$5RhCXwW~4#=pWQT-byan;4X2pM~wYT3LHmYL5?i!g_PX
zk5J6oOGaMavTQXo8wLWoUQd127J0*!<-&`SMW|S#2*B7`f-=pjD*{YPb7gmsylDyj
z6@>#vgJ_55p__#RV4;Qm4f3;n<9KCCJ6<dZN($)D#iumbLSFFT6?AW#8+VTL^n`<?
znR2fpRjR|A=`etYc>{qj$;X&`>eJ`(waEtClt8|bcYZE6@Z6*=;UH|pC^-h_YTyHI
zqjS3;Z|4G-<cDvCEzL&WSgj2Kc(^qaGCG2S(yOy2<unU+7~bNY$@G!uUX2QhlEvw%
z-i?lWt%f!uw4(RLd9j~oyN{hX^{Ke~h^V8nCG`gK-2Nu?0jUEUVQRwF9{H%tNt(X(
z#fgH_-=^JBsK;-+0(_vO1BA{~UOR(uTObj_N`P=9W@yAv_qI?w$>S<|5jsh|x1jMN
z(|-e<RMsI8l@&LSlrmhvd;LqS!V`FEE!TFX<_e@U&#_WZ6uA@oCt{JDw@`vf@3ZLa
z0lOOSZ2+p#cbBBhg;H~Yq}=*et&HMm${Mwz^<?i*@o?<d9C%JZVC;Y8@_IYMjlnPw
z0yabc^-6Sxa5iCmWz!kS9LbUhWQ`B>Zb$3T@qu(qnhSi>;Jr%>9#0iPm&Pn5{@OMo
zK-4cA+L*kTz1uB9xDvnlR4q-vQkt>d(owmhfWu@3iQ2xSqKXhutM1th3XzYNgKyML
z`0%?9rrD_L;K{K+G=`~^>VM%!m4Yiq{b@4p%g-pvL>F@M1rOEV0-8(N0Ct{((UW{0
z)b=n?G-h8x@0*<Wjp$8zFYIWxVW_8Z%uR8KfSE>>hcVPs9_+C0NB_a1EJ1nDf<c_*
zF@ikRjBq>Zfo1jY3z}f2GUC1`$e#idfXj7A3s<=ijETyWZ6L;h{hRSFc8_*@RNtN$
zNZ%&Hj7RTB>@}j|l$7q6q*8L$6rGj=>DPOlbqnrs1%z;Ug-fnm_E#KEz4rkZ#vr7i
zRX0)2RM`4QUUe(#MWN?=Iw~Hiay#lNj@2m)N9d6&Mf<r0*GtB2qH~AH<?RrRFpoV2
z`FZmrm~vq1$NkV&VFdn>&k1-S8bo{B)z=sbSK+8YZ;rdqsU@)Fx}_sAG(W5gdn_Uz
zy`3%o611c}Fj>|F`3(E_`zT}{y31@WI<0MBA@yJou`vCUDA*_sK`_>GYfNLRSXkFn
zdPGHf1@a7$nE|xmDX;L3#Ct6G9gh!+N)IbS9VjA#8BO=O@(o0&uFby{!a>nl=i85E
zBt@zN#ZNRlc2HbvD%s4`{s+?ampnN&VP<EH2KHf`A;b0$(U5`v1T7g{TwWta28-A-
zeE22hM;%+m?>xdAD?PJzh)NH=MbW;A8J&pEbAXF;Lco+M%0|I>uNW}(ATw1M*&LS~
z^dC+I@-r26ckIya2AbskO&1+IfTDN(7E0saxAed7>VMzIzy3;-=-lqxg9I}O5V8y2
z{5BTPUs6mLMB^|r2XFVC1%xNkGhWYl9b`)v33rF#>&(m(FVN=|v|pm@*T3J2QU%?Q
zLAwAf=<y)P3J>0*_k+(CVc+Yb?2DyC-LkMG{P?tAQu{e(_QIkEevoc8=zh&mybAWa
z$?fN7+&3<xs0X$7w}G^($942ra{I3&wLdSZ{m_Ko3HjGT(=!vE6V)71?f|viRKCNT
z$*$jE4+*Qa)?E+!C<GoSw^$dQ8l#;sbB@hMvx@A9O$EHmu|@q2hTkH|tuFb3`m300
zEXrG`;&YWOv6<Mcd+jATHiMS}U=2u=yrGBZ>j4tDvcFK0)daar!yO+msVsAf%a%1U
zkn<(z7wm*dyCLB`5Od^?T4KxcmWj$h?9!LUv?Aqpk8&%I(ZD&~IvrDl2g#d3U#|zg
zoUmT|9%QS%CdJ7IG|K%0EG2<FBigou7_SuN85=F4aVX`tfaZ#_9s5Pab<j+O(Y-(P
zWLS?E3Id>O-2oG6W85i>LquM4bffShX$939A3bm4)_4FUQF+La+zPI+qHH?okuQph
z1igo=C>cXFvevy&@nIY|EIRUbw(fwa!1meLZz+$CoiBM2nCjP{to(KreZ(zMYV5nH
zaAImY?D)-OUJKyF!;um>7e`nm3dyL?g)cYsn4ZurZa(X|@=}97pSUVkdgOVvFr9ZL
z)aA-<rX?7)f<XG-n17uSz0_!L2OXRZT|~ba-OyLEaU(0eS<H21li=TBAPZes$7^tH
z#Pi(nCSS9>DRdWJ$<>U*O5?bZo4f;YRYr?hs#A<rwkA}mWal1<Wc=1fXoaF_%)#hV
zG_9Nc6fH>j5GO8`1p8RCP@77+0;)+STP#aPEI$tZV~Hls5aj+a+s9$M$F%I*D6ogg
zM)ShFoYDOVSN1;|nC@gjETiMtEBa^35C@FEOh2B+uigdtWr+UeNj>8;eVImHD*BfR
zx+@ob8G~O0{fh&Q0So9$i`Rz5rU`O07Q4YwA^4X7`~v3!CfhiN1t)2Y{7lFfMAB&{
zh(c74y!T?%byURA|9+C0Rys6d953g54f`g#ZwE!mOuE!TR>HSP%Vd@G=Q*s{3@ElZ
zz1xCElnM0u0dCFY^wJAaJ3szIJ>)`=EdBV8^aZlsudk1=F4jrPD4rHcH#au8^N7n>
ziGCdRc2FXUu5;{XX6G|wfixr99T1Qm=nnKB-X%A~9&aPa$F>CeSEtWSgZ*R6(rF^7
zmx(p`@K!934S4r-)B$Nq_WQA{7h1!_FR<i#Z%g+7Spqe}bx=|W*ZZ2a?v4tIp2Yh*
zObbQ{;fhZAOg1)4b|?N-^}kK@cge;^Y=j(y+Kk1!0Xwum6F3U0j3)KFDO_FoMZCvW
zyme-7%^Wn#R+s+*9SfUt%TD>W;brE2QjiJXvG}6j3eHTftcJ+|?=ZZdW6pNy2a!4z
zMA;rmDa73xh=16DJY!DrEr3-}bp~NKKZjm0>UXqAO17ws!QjH>B@u}x$mi9GCCGhy
z<7GMk`9MZTrIv!ai9?_xh}0DYQAsSI5Y_}t7=vdlU$b3J8a0%Bn>UPYY!-pIn`w>0
z;4Ptewt{l40E$w4NOAyvNd;^eSaQQI=EM68&c#r=t8`pp9tL1j4rog2O)tEY9WC13
zNiaXK>^os5pSY3g&r>f4?v@Q0np@jbn0(*y1K=&)aAkPkUV63g-e$NQyf-Doo1p(J
zg1#sS>Q6HyWsGBoD7TgG_l`}7ucRMG-zmwiT~^pW;wf{c2LqZ5&Yiv{9<+2v1&XBC
zDvXV&q=gi!7WaBPzIN_=(I@Yg_sWOtdq8XTA5Zo6!}E2$S-ermoCJD5Y*DxQLb&bl
zcU&yaqwjP&FDl+<^wrvxg=SG8XFKR=NW#-F)SvMU>}%kSv%$9>TAqUo{T$fILA&Jm
zyWkGC8jX384)&t!{1O|w{BCA?h0BKF4T1*pwRJWwn<>e7vI9z>M;R84knru2_~Y3t
z-a9^=BNymywyu$<xN_P?$Q78`#Vmoe<5@;7@*3pI{)$K?&%s>gIGCHsqaPZ&4RXtI
z850BPb<A}z;k=#v2e(K42esLb3Xx6*%{=lpG=#qY$lV^$Oqe&W_K+mE>w#IK@UZw;
zQ|yuZUJA+LI|U#oKw3VPwo3pedfn$Tulv~*7LRcxnLENV&CGKRpOT8OsB3?(A3={C
z(xdtRIz4hokLJtJBZu^8j?g2A6ljjnW9%tHj~vpY`SSF5E2GE%exWlx`idg7sLdrp
z<W~Njh^-4^eCCB8NQ}PhctX^sTn)(-#FI>pE#kl06}?c)ynZv0%Yl&eWd{UMaB=ax
z47F5l=tM2tn(a(k=g|WUphDerZJcfj3J<993q}WW$f8bYJtX+USqtuvcl(cZ69YM*
z<=0x=jvaZN#k6NE*VDD#BKj*+B<F75Nx^xJEBiU_*#e8ugAB?B(f#_YB=>F=!Zq;S
z*Brvg(=lqq{L$>b^cqtazD5E@IQSZ^jBwvLKLeIn3_#K1<)iXg@sJt@YUaFM(}3<^
zI|I^e-WH1pFdc!ffO06nbFT&6#<Q5$u^{w2RxkF2H#X207Yre=7{1E8T{0AIjgt1j
z*nJo4$AwWc#w+ux6Xh*W-?=qD6sg~kNS&D=VCN(}&5wv%0GWx~4KM(}=|h=<y#XjY
z4G+JIGu+OzORsY~PK78FA)W938t?ApLxS>{zTx_NalC;FyI)MaeJmKt$QQ^MW(hjs
zMmG2|`A^wFX0;@Ls|{tBUGOt@-<6Sc-xaMOU=F}zY_A~iRUMUhhDjR-*hc)G4tHnh
z$r(laM#=ajTJNGOEb`qDt_<@fy8}zZl6;;b^(?UsbIYnWB*9(`+iJnFhPUxRL=>fB
zC->?j<SsNB^u&2z6i~{x&xKjA?{O0WU|@$G1mqMOx<tD<3MnD#Asz(%au7By>f(iI
z<bjk+!B*lTJ_xiQwO|w)3r3+yy1?b5(RIE-vv-N2>uj;o&lCKIdUPG{-GUySArHP1
z$tUW|Vp2Sv2ITi@oFuy5&;}%xpP($+f+3jcc*A@B1Q|%(12Zcj-C+QhT^$Sy7B;*Y
zYfzWgE&i|~Hm%hmGEiI;2+DAqOFk#bhefmz2x-p%3SiQ`eVYAG;VB1TkSiNZ#CA$E
z!$0&&KlukV@_~FKW_7?^Y9l2yKbMbF8uNYX_8@L6&64x5?=I|zI*fEy!K9#iI{?_(
z*+L4;W3Xw%630&yOZ`Q=c`DkCBzJg!Pu7f^CFc=|%R3^;XQ0DaZ=ZgEci6QgO;C`$
z&zE$Vimq|gd*n9lAv|9Nem`=No^^Y7*XC)u{<H-3rzM+b;+330w|ek2C*cVgI%vW-
z5?$E=yR4@cQ@um+)NmS5!&XO2f`5SNERRWnJeU+n7n3J&QbX4R)gWs9-=@UooO|VE
z{oG=h%YK%;`&{;Be?>=2kcG0@=1;I60Jd?-7l2E4O~bZe3wKH*hrgFFeh42JXQb=;
zK>B8Yd>Y!*^puP@^MQvufM9^4==Y__Z_!_SF}}IDXb&}^Q)JJ(O%446wj^6Gb;`G1
zdXl{9K+#8mzlZJ;H<JNk3*cihN%sS8*ze@V!LPVUUAY70>Ku~qz{?<ZVQJh$@;#!J
zxQuP+Xc$__gnNRrGSlU}@Z$3*)Z1NhI6+^Dw2ShbLwTO4uej(t#jF8&PAbX#1O;VL
z+|%k^C^91&3yO4N=ygdVom>7E(4x!PwlpJh#2orpA_a8!mJh~6`l083kVx-?%|?a#
zd1O<IHasHP*>jw}n=IesYLkR-A*0g6>f5MLpg5Lw(LN023`_o}3;7z!=);3Xl;t2c
zmQYZr7I&aH42u^@eF+08qlpIHrr)%R<oi*Q?_2qBHOhBfd|u7Rs)5BIyJmkeGbZ0>
zx|st$3iw~qoGr0si2<Gh2u*{JOKh1ewmXQ3sFXLWzn-5E&8L9Lc9#u>yJSP@KE;+K
z-X$AF_4$y66Ix=M=9_@Gxj1=vl9+{3)vW!ZvwYrcj>u=9#CqTJJ`=)blD~+JY>CBx
zNY{<^kEham%pWl&Clarx7GzpGt_K^bLy+~G&7yI*ZK6E;;v7jn8mhyC5}0umtTP4q
zAhIS}M5!)<?OB>+6y_E@G9RWNiCamSpTst;C;*T_kS0KSe~D6D!28r(3MP3P^QQf7
z16rJbtQjIXzwzCR+w!FTBGPrz2f9UnBS`eRM2Qa7wA%_-(R7N&Q`Bj+i+hl?pndr)
zbm4sq(+9t_m{#~`M}i!Rb#!bsbp%YiC<7(NU-*)+si+s;hBaz46Yj(03nb6sLnJ>X
zitPF59Dv&oO0*gGv?%VWY%}9$l<1L{z#!|W%~Y=)CHfp)qQ~?@(^-HDOShSIajxMk
zhq|L`4A`UiJ<D_<4#GP`?uahCstfU(L5OcfA+E<G+lniuGJDq?tQ;r5b4Y&YgZ!Qt
zk>7JjehbFC`M^|?-*edSOOfBAzvg0ma|!ZW1Cgx`{cm&uCI5}lqyLB(qa*s`ANho%
zLS6RyHCKqoSbCD8HDgFsbe?-S1O9nD!zF+2vL9GF0kjH7JxHG<eo-cy{TEVvcaN86
zY#u3wgWQ_Qc*?pHNWTu``(za47f6t+=zkviFLs;&4aI$P8S5x^fHTAeULmA!a>;vK
z_H8cvAr$mk@%Cync8z56ek{oQ8C7Nw_b1%;2Dfo9?{B|YJV^?q?-KpNf{4H1BPuLT
zctHFuXg|+m(BE-TaY-#cwZ%U<^@ka?X1s*-2eX`?FWZ2XVNetm7XMkwft0F+|Bs>-
z*AU5AD;bXn_C1WUVY}6>cmSrewYczR4FrZ$MZsxZdOMJCXdMlq**$U}SC*5)7-Sf3
z`Az_HsN4PrkoQY6KcO>u+Ky(kwd7yt#&2zzxm%(!T>M%xArle7gdeOZ-BCK3wH&sF
z&_i^8u;f|`Gm?p{9|<EpiYf_$GlcF5FweFb&wE|OQs_;2lK6b8#Xa&2SB9rW;{!Rz
zXrBpufTC!~#DIx{QsxJGlcAi)zFqWJw2A(<MMY^IkSouL@-~pAbrS>qk4g5uu*hZ=
znLTK1-L5?(2GvwC44dRC(f{SeNrB<liZBM~<dA4Q2fNoS(HKNzIrdY216URIHN(H@
z`!FoaUijHF9a^k1iO&7L!yacNH0r$xKsv$nLxr0tOU)LvzaoKM>pMwtL6k9qaip@;
z><_2-vgxuFMWDKFG9G201zfs7Avfvq+5o>KvJtQ4Lom|F6H;KR8Fz*lWSVo0to07z
zgH5ThP$c=6D(Uw%^BA8EyBD2pWdHn=l%&>~6J4y2jTrQ@yxu#Lg+7BSc&z#$1q!KB
zZ~H5X*G4Tb8v5*^r{dPnYsJ(|c3C&E^IaXYCMs!9=O~yuECjzzTnM0A2L^w!@5Vz2
zoU7cCd$_W8^25ZG)~$knj{&nqWBi<4S0G)F3%6GUye_zlm)m%MQ#W8!pn@QtMqog=
zhP>!$gvYtvcM=f6mHioQB?Ce<7~DjqcjY9xcM!+{5!D<jBb7CRn_+*Ug^nhSrj90&
zP!*ZCS1tmFRdulB5i`FEhgl%E>&g3XgljH2yxsRSIlPUdKN)kMP735!|3RvutMlX}
z`T1-_ex8cT&mC8kpSwVQR-&ju`Du}07A`A4cO=Wt?M!~2h{(?!F4#EP_gq<iW}^JG
zF!_1HZQRHEFOdA~4f3-xDnB1Z`H4HEZ$Y_zf#fIJMAqU{Tl~{~`ooM`3(3#QWcfKY
zL4F>&to$5InzU1Ok;jj`d+FeaIRYpqn0`96IU+_6aOJ2Dg%*(O5p1$3$rZ(4NyVcV
zM*R;L#!)|AR9~I^1j%_LbZumMHhSTNB({?SAhhu@X_^%m-?fuG)ms2=W8>%Lt?>6S
z@X?`2gP6kBz7O>dQ3koFcJn&L)<zc!T92{PwW1&sPrgO}g|y-<A&}F?f0$-q_G1$j
zskR9uSOrM1I^Z0%zj_8u#)M4CxCtt{N49chAH|7fDPTH)kfP;=$KDi?#0#FC2oe~O
zf6!xZAWnT;ln;62gHiblQugpgXl0ux(0e$dR|@n87Ou*Ij!^j0dXgl6_mlkH&*bl3
zl)rTz*ulu(dhHQ7JVrIb-+2D4aFTot%0fI(K`uW<AzCfURALlYl-)fTzhxr&MtsWz
zGVP08=rM$bz(5<`pC&G^C4UCyr|a=#*?dz(Hm~w1(r81XKt9<_@>p-zyM+3I=6!FY
z1fHHCfjzne{_{Ib0*{VL;GMJL>?JaV)N3&yDVdWb2;hi4H3;CMv7Lo)!sv6~VK&c+
zGeAs{iY^?F=}B@H9b$5B!QU_>Od-j*sdGri&7waU%jYD?xTEi<8j}5kHb-5AFkvU!
zyy1<1PgvsXETZBwNcN79p9sBxqsx~~z9&FP!OpRK2hUCX9F4dPg7X5R1#`K(zRiNo
z;HV5C9E@dg4|)%*kh0T-S-T_W>3Ah3yLMvo=FAmRuWN<Cf-qiz3-Y;Thc$CYaK!{*
z*!s9M?2Z;pDk#b4)PJKx3X{#_>?pbg&k-@%;dD`X5dpShv<6Y}7;?H5O~H^i+JmBT
zkH-%3J5_Yn;JXP>rYIda{4DIiGDYK7bfu6}Da?b>H$hOA!uy3*J?sOgeS`sgPqQ``
zyhlM$<T}B=eZlR5u|qKK)~?k}Jsd5VkLp~^xycd6SPLN^EkvXJzaq{33HSrZs8g;n
zbdeu!yC9zzaJAvc$8M;gOoh=ev@%OBALx&*Wbd;Jqt%)wkQWgM8dR!!J9cQjnCZWu
zJH2|ZlMuIuq9F0%ri2!DybWs2x*ytq+4vvZ|AVpqSw2#{S_gUG0llaAdh78cd=^h&
zsa2cqc6_Dv^T=OoeLPB`MZbKGIQV*}vK!|6XOd5Dge~P-*t1*F!*5}4w72@oi;3}U
zS_<egayPyvKRv}G7Xo{RF~t9ZKDgvG$KN=kAMSs?1z^6Vr}%qSWLfE^_T~(c`~k#1
zl&hh8GdVF_2h?g+|I~*9+)NKWN_A@0C$OQfp!_*tH51y)ii)cqX4on^&o4|{G08N&
zO1alj0os6eeRTctU>T2Mm7Mz)h?0FDFc++~JO`ZR`_eOOAMZRbpXIqppGmWVxPE{_
z>|N^#Og6$oa>$wo3^_0j>Hx1i!g=JKf^)C;3+=D&@*PXZyX4(kZwYp*6m7Z#bj7XQ
zD@d>_q<c-Un76VUE)h9a!t>ls3mR5Q_D%T03T?7?MW?h+B)KA#!~BPm+%5wB??%<h
zgr30@lzFEu7&BjTep_@SSu<g1G(0#QLssa5d?wV>gf^+IWK!t^S@RVOr-8=PB`*S1
zjuKLR7CkzZ+sX_C9r%SS_tH7aZY+S=LzJhjp`WK<h9`7Rl}~CeRt=O8D<c=n<47(W
zyL5x0u#04)iKhYNmw}H~Cj56lMmW{$xE*13wMiDWK6B)LQzYGls~HFD!8lkC#*q=<
z&k=INrx7K@to2E-*Kt;HFMUa_4OL>enuQZUr#TOXh?y0}D5RtESIiq@a*Z03yW&}n
z3;e=JS}KDq=P}&RoP%M-hyC{Da%=MN#`Qj`D$MF8f<7L&nfw>W0j+pDtohuUd1KO8
zpA$J`9_JSCc3!Rx;mr*@C^HMnHKLquLkm2-MulM(^0jD<XB6>{qf<jV@R%hCc+sTg
zMJx)bHBsqp>ulvX6Pg*`L9L`j!NHj58v!Dp69B%1qc94ySm0r!;H-P`NjCh^Gvcfq
z5hdPN9rfD3Ky|G<0B{K!p_!ND;}aC=v;}PoamLGW3t{X|fwf_Ge8wW6KejRSG`z=I
zcI*!o)8XlH{m^bHuB+kD6Eydj`Hhj(r_(z-X~fyM=wv>}8nPpbjRW1~VI=h|?p2J1
z;Ks}pVXa>rJvjDD@?l&axmPz)TjyZx_n5@+RseH1Uc)|>IZ>G%vLIpX(BuC~5jwqd
zdXoFa{D}L743gG$#**7n&BO2r5zd`OJpt{GQ`-Fr_G30H?Bzq~mf<+HO0e(Lg|8&f
zR)L*uA(*O2{llX16gh5tBU!!`y7^)wSczU0S~t=>h>!=ue4<U?KGn@sZLENFfuKRN
z2%2lfGbSMt`ZeBcSnc@-a@IbQWN*5|OTHP-8+<*8ZP9;%vY??m6^e%4<V}U=?u)Ei
z4}8W1ZM6)67a!^5-V$|Ui$qmeWMxUI=zIcOo-HV*!L<7iyq`rY{%_IeRvB^U>U$04
zE!>+GOGm&~+Iz1@8RIDrFQeFgJBV~(6A%vj?jmcywv;8Cg>XHtPMNF+(DRK3t(mME
zw2&CyhJo4IwL|Y4Bl(k+v`zoG*AUAOJX?@+1|tl5d{cS!Uz5J;pbCK!RxI)S5cALJ
zO5ulL`VVdJEe5XaEq2x*eEjsWlLsjdCHJ=mQ0lK022~1jFClp1`g7b*D$jA#(zgBe
z7R<Oc0W&_O+tiVw$$+oTkK15w>(7bYPqv=p9?38~9?d+SZY$*O%xHbgW>|P#q~q}Y
z(FA$ikRWU7j}O;j=J0geIc^5j>j_;5+|Y_hL7J#$E|^ih<6dB|y~4*2xYuM(e_sdo
zqt|B5`j4p+a$bWlC|EPrVhjyM1Bj&iOlTp^Pc5_wAH}s$Cwv%dp-%WHGC|N5$$5*h
zs;l_}W@S_Or>mdBSN@VPh2M;0Q&>GCaSA`3ku-&?XRs+Wu>W#9PvN6eyPm>u=UH6V
zaJ92&kJ!II1QS3>sf9pVR?9sgXu5;^G*c$YaiH_3je<7ID!lh#jPs$AGU66^rg$e7
zBgU_!3|MAC9!tkoqWm}o7u$WK5ffoQhVDTZw%=<|t0$*ne$S6trs;808PoQJ?$UO^
zcPO?Ki@iD}&7l37;uejr#22HdFa_?{*Rarcmk!q_+N&qWZ^m&<`-a8=z%Sj7z;k7L
zF)r0&GoTd1WC_aX$FNhh@K@(@l>U@_>u@anP~1EA^Bb6SI>nU_K!*X0_(lOkI@lo&
z2)*?>*>h+f9d=Y`H=zHfd>39kp*BOs(T%X=Md-PFE3T=qpFSYk4+$T(vAWA}T`yaR
zx`KRB3|>sdtV!gyu-z~|&^wE6bj~e&S~4~j&BxenMdS4ZG-}F2lmuvkJntx887|F~
z<TDhL`+|CCavjNQOdO^Datvtx#xvssCOvVDis4V9z{f*djxk8I96@e?{uZplZEkss
zF918pNH5ENul<Lkf(ESJq~{CF1=PDOEZ)d<v3K|^$m7gveP1K0kls5)`Jk2@-;c%5
z=<r%}Tir8)(mh;Y){ay7c9uLd&i6R9ZZt)Ui;o!%wDOy+Kr26c0BMXX>jgRhqq9Sk
z<LK-cTZzu*V$oY4Of%4Z4ZJwv?`KeVmDPnA*-gOjH4iYdd-YH~?ciV5|1Q=4E`-0a
z{e)Uf$Dpux7y!^Ej&Jh&#*$@bgEwV*70~19EyPT{1SM@h{M6G1bFWoQ$F8@-EA<Zr
z#3={Z2yTiW!Mj^%1b@L|vjIZwLk9A1@kK8k<hk7w;x|%$Qkd7d04D(OGy~vSWCpy|
zOiBr?jBr5#DCcJ7mI0u5#{l(iMdo&<$2h-#GUtDBgE5*X6`wc5v-Uawd44khxqcE2
zu9OWf_rbWqeYTkfw;78qhdBs6!nWd{;ER_hG1NXCj-b{QUw0*|y9$d=z`AavV;28x
z^b7d*n@MbTJl&Wa`QQLU<bNIbE_p(obQfyJQE*O}nxAaOsi6%ISLUH;lp``XGod)(
zTBB};pgdzH{x_l45M?$=xkXYIo3%mF^<9@2l8j01pSDmPjH)4xT5Rzh@z{?ii3<7#
zQZD#yDzoKkL{T9GdRui-Q7jl6i(Wuc@nTd|>?t5oA<FX(L`8)j5`Fcgx-jgtDb5}S
zhCHr5dLPLP2G#8d*o1)V8}yU0c;u6@u|&Wve*h<YAbM{Z8yCE+3k^RAjYxmXR%vgL
zI8fL3F&dc9NfHA;SprNrsk9C;UcU(t_L_%b{LLscUsn)^@jq@NjQ<-JePm)9ixU`H
z&_UKo@Sz+(7~q4}AJJU1zaBqmoMwo`DN^r7SeUdLi5!xq&UB_xe9j>zMkK4CmYy$~
zcsP>|JzBii5cl)|#rvt;4~*Ju(2jvFuG>T`GYiNeT+hgX>%lk$N+GjkJL<__C~^PT
z=<SVB(bm*+u1zF3%PV{#t$Rz*$YRvAsw;XM4U`Hdl0z8=_zrZTJ}VJB1=s|goftPk
zOX_KYUc_P}VJ^wzjWNVi`0gu-F+@%(8|yp!>XYq_x}yJ*rMQSrAXT^(27OaKTVNk%
z%WAj!$g<koj6;8xErLChm|zqwpxVu}UJkXPlcFTgGJE7pxDt6_9m87t^`+ByTvBG4
zrBSmiz6Ou|Vmw1^<jNX|A-=pkLo7muSd0v@G|CV)o_L1%N@s`;G^O~HgbWdmGDKJv
z?@cpI2$+Tn{tDy>bQp_rL;^cRATQ64=ZJEhBVLMe#8=B!YJXr<_}+Dw;fTpE0!NHq
zN*uAa7BKeGc*YUGrrR@sj$!><DGuu|*Amv3WBI%Z5w@5WWs7I<LkJquFmH<bx5j$b
zR5EW|e_b+fxb9)Rk#1!4;%#K~g3JMQFu0b8AC~{L>)>Z|IJyWxuV(DEN+eo6xM2=L
z?I!Z8sx{EDN;Fvo3xEtz_-m~+s9Y=jKLq|C3I7Z5|1?L7+L(hgaMNFEXs~~UKk7p`
zrkC{G;=dh{h97=~A1;b%#EMf493C~|dVsHw>aRx|SVYX^eBKPoHz%<3$u6M`EV=@S
zBXaO6G&`0AoEF3IaK?1C;Y>sH{=XZjsxV*C{H7pd=$-mDAv$$>LcVd@Dz|#QF*a4K
z&Eac(55Ojd(6^X8dWQqc<VwoinPR|g#wdIP&~uH&3j%ZlSn2`*#^XG>;1t$TXX~KN
z7>*OuhG)SFUQ#!Qjj=;=s2}SW9gbSPKZAaOp_}<I=NpI7iLv*4Jj%~=J<7Au-m_Tm
zEIyCk|G8|vf2^f`mCfku3;4?tYO8NkI>>GbG061%=*mDG^MuG~M@UK$jCS!%jA@5g
z2LnN^jP$qEj5?<3r|voyoTlOWvT3*^PeXIyA+kRglp6#kPY_1s4MG3O@n&?W8lb#j
zfj0%-fkL35O}Sf83YrD`rqG!*JZP(;Pq!(#ZB<ZpCdlwMA+V|qC1M&TYmSxQfC<Kx
z@iRZf*Fq}ahINwkMGSSIJP)cEKSYu%gxmRHLa@yw7@Gy<0nBCZy#W@8MRvj8mQ^%V
z2p%(u#%3s}<>Tua@OohJPvc(CLr?Z#N1E21ew<Dd<+Eb&F#M_T*z3e#lSxW7o%1&h
zgkJ*u5*4dp|5kb4qRcnrK~Fk>ELS29s_@Js*iJ3Mk5C%A90rf23HD}zRfgrusuY;1
zaO^y)yWn4hi^jjvlK@jI4B^UFCFoiOs@Flwlcdbdl9WZc9_K~x6xfmt0~#KwadGjh
z;ln78GTbKJo(-B5Pc9?!Id!%PL+Vg;sNuMvSVZSZ-wu!Rq#5JRiGlZQIOkf0e*aTD
zmW3urPSVBn`QyXTy6jq*@tMNyFzd>5BLOFZaQpKGLNIKC#pQLuU)dzw{@f6lTR_fk
zynQKvf<l4d4>qIW`XZq=g?h?k#-NIjiw+&3ZnRPsWYG(Z`$$n|ltsgUZbq)Z@vDV*
zYP}Qm11PfFfVL-jX5QG$2P-(2oQJow7R+{ZNWd9~l}QMEOe5SXDD$B$VH!qJzJ1Y1
z;r0SS2wp&-KNfDEpQQsVd_0hyIG6?JZtn}i?Sh3u-{e{W$EkW8l;U2rJ*c%{U}}S7
zhx+Oy(8jPEwJaYQC`c9olc6tQ6lFrLfWePo%)CD43DbnY13(Z^LJ{Hb1VIS=iilrE
zF)QTKzDM}=Ee7?$;<_-+KL+}i&$sRYH6k5Wmi-m9vJ3+4qORgzqNe~x_>}jB3$kE|
zN^jjxk+QL&zd-@@(Xq79Y*XJJfc>QXO9d?x|BB!4bip$50aJrs!WRd|GO;(}LT3DV
z+U^JhCV=1(2EnZWL4FJZlZ3HO_J#{A0ECHvh^%)*u;rb31jZ({9|PlB21Yu5`#;dD
z_C5pS+YRtyst(3~w`V5pA7kfJwa^V|8f(&OH$)*?z2Ryg`VDr%M<7~p6G8O+27>4X
z{MIK9qNni1#ykd5e+E&Ud`iO4s0~s44B3!`A8QhRIBfZ2UdNA-fpKm<fpLC4p8w><
z@N)!TjMl;Ubz35S<nuam)~%=RZ-MUrvOZxdp!@6@Hd7?_Ce6dE*rt;KuthEDPXIi}
z09b(EG7x}&FaUmrFV^u4fZhZ^Zm0fpV*T5{yZ=mV@}pe6e*^3P?5EWKIryUn_*nmk
z@kNf_|7)#!|N8wadUoxO<fcp8`YAzi8$j`oPZ<=jlVDpsP=on|0Hon2X#5Rq{4NGb
zy;?{X>1oASSMIZj0rWf;xd=tHcNsu)@Wp@TGJsMEpa?zebhPU9a61EKAb?{1v@3p%
zQiBnjd+&Y%p+P<0k3jfp9rb+_{-`C`_gdEXu5~)R*!S|5sQwhUhPcq)UY{1BwB48m
z+x3?)ltp}e?MVUKo$C$o2^Ib$YR1KISgxKB$hqrde2Hn9UYOa-;0gR0AH~vYLoS}$
z9q`CU7i^U5UoO1GV?3sxvz=47eT%g{#^a#5(Czs?H3w=(_G-~}#qIbC>K1R*j;=!b
z*??=0nn#$ek^&<do9@AD3-<bUdR+<6LX33c`45y+Dwu)=0~vp4!oyCGt*Nx`Cf^T)
zl%K@sfRFQcmA$qP0cUUEy{->e`R#Z++YAEQOuhr9X3D6e-I)}hz-4R0v**%EOj9D3
zR^T6D6x8I(?o7jdVU-yC@|wI_Q(r7UG0?lO2xUp;V^!S3)Edwn%G6gWG2#5z_>UP|
z4>pk1{Tr@9TOBpLe7D@(pvtu_$F|&-8YAaw%ahmjMLk?@gZDKq$JX4IT6o`_C$H{{
zltAUHT#nCJ`NlkXM&Dey5nfii99vqd;GLQ$&+D5ds|_kI*SfLgYNHF9&X<?;wYach
zUaoOFw(`(2yl>8zy?xCtY8X4@sbT2Q+t(EOyMft%!E}7c%PGqL;0UoOcJDQ1yKHaB
zr3f#4F?Rlf5G(%^fjjOCpQ}8VoBS?Ic`hsYoke-hlKjr>Ql0~VTN+OD?5!8xK4)^F
zI`>qT@<^`S>T<N;0MdE+qT6vXU!L8!H;mBj=)l2RdHJl{(Vj0$ef#tBCEjrgO#oNt
z!?f9WxmtgIAD@Tt@;CbPd-y!m9WDPZJ`Z!tNA>4-@Oij9TK+A39_g01=+Eo$ImdAb
zh_NmYP~mc*-}K2m+0|E&o9RKt2Z?taazUXA#20XT6Mgy$KTUDz1)K0`noF*ur!Vkn
zhT{O@eI{UPHN9=bx3l5#eR|x5k8|MhJ$l@ZkMrR1U3%P%kMlv0zk>wj%~$62&4n$@
zTQ0{L0A*vIQbyE=a4&-Q>v)WEeFh<1az2k+>gsDM<esT3<mT5G6mn<k3iG(#uk=M$
za?~K@qP1wA;_Yi;kEj*%j*a>9JAGfHpEddL_P6vim@mK5_YJ*#7AyZ2l93n2MNjXr
zr}x>@yX@&b_VgZmdY3)D&z|04PpjF}TkHw1q8zozZtJMu>U{aVz7?!U9V@btJ)LAv
zb?ixHPn+3O1$)}gp1xvFyVz3`dun7)U$Cbyu-oc9=&OmnZ)ESkVo$r+lggg9v!|2n
zX)}Am;A@VmJo$~jU$gfc+50vcMr}Tf=%OxoU}J_WUTsZfI4S;-vgGeyXOEQE{T<uD
z!@dFVrj6dT(T1TWMcW@Q4{Ix43R7~VNPGZq$=7`L-MqZI<ZB~~PgPcXAsogJZTbh=
z8~Q6!w1)VkH!L1i#mCS}E*gxMpnP!!Og;Eu+dzKMcHU9J%MHB$u#s=w+i-#()XqB^
z<U0818dT?URJbrTs<Cw+-w+yf!R6S*%XNHEP4Ty<y5wN-8b>|0T*Avi9#LGP#~+t>
z@PjJdoV$T{Y;wz=@%}HN`TfuaKj>Sx<1@JdS_|@=`!koL!7cCAyXPA;=-=(wOFdkG
z9x97hGuWYrde#H!E7<-f)_!GI?Qd^T2h~CQAiB4INBekJ`4QWRMCV&J{f2eM%M`Yd
zAV~0Esv1-U&F_bm!6hH?A2qfffW`-1aybsTVJZ-gpo?>ZFxtz@nhsvWDS(c5XngQQ
z3h!@Ab<5j}KXA#?Z_uHH^&waBpRm3X=m*_(25sTon#)nm%LjQ_+IU#oU^E@P;~=!d
zH>mDGbub|{yhC-#=b=NKj?;s_bve%SK@Ix50R8R5{#?H?N5^!f{;H|JEnW5303&n{
z3POKdc}M6w`jdW>{!bpC<)1vh-v8wBS^vr7>;F$4U)Dc)e71k`_=fzG$2at!JicN7
z<nayvCy#F=|B=2pMEdR2-)AniKsc(B*9TA|VN)`wf^%0p8ZWmvv_oeN#UBd(N=^tK
zHgV;@Xb*=!L|udoU?!^=@KraGsS*^kcIyUn7Hr?f(g}3c$M_(~wT>25yc;ijGM?Cp
z8@g*@pBsK)B<<<Cx}Pvu&|f&4?k6@Z8rAaBdi+O^sT@@MoWslW#paK3cZPYG-+7>y
z;X^24$o8w04z4b!nzLPs`TyxJxh8npob6T21med43p($q#b*(^Pt357{TK&=0Hy+f
zR0<zjTEgMcsG=?VX?excK3LX7=g`3;DfoSNK`*+#*?J@HffcjWVA$~1z0a&%kN>ck
zjJ>dr(kgR*{S%suzlqHn;q!|lVuvy#%p=JoW8*#KkzpK39vNebZq+?9P=$3=sFRmb
z_PPD{QsLKG;U27T&uHOGtnjVNQVoSk{=K5SLkgI#Q3eS9b_@4XVK>|>*Ynx^cxAka
zGDs*7ri=bci&)xjK@`1Oh}&s@usH$$ob@FGGh*e|>{MQR-P{{qW?#pxIg|a`-^>=&
z==K8}Wb&n7UIdWxvR@l$1_}&n*6i2b#2I&SYxd?TZ@kGWK5F9DoXUPfulZR*%{N%h
zkTv^_l~@xH>QdIN#ES0h7XZH}UD@mOnpJT%^Rw5nnyM8FEXS&Vb#6^iDO=8Z%}d8#
z%ew5fEZS??N*&&P`8vEF`Jg*{frVRh+LgUpue~#&=hdwC3FvwC>kR1FEIru!>ZeJf
z^aJrTW&NQu)&IxLRMwA~Dckp%DUbX$OqNS|?{x<EFNVNuxw7BuV!HCP--}Ea6o{X%
zd}Z~UtonkX+?oT>_M4qSk9Hoy&LcCXys=WB>0#WO%{Y@#Q4R(}nWcxZR`wg5K3Caq
z=u>rsTT`jLqEFTM;oO><Y<R+I+k<N6V5;>>cYU1Mue{D`oxobr2_6Y^6rJFmT}?1l
zEu*TKJ;|lKq0i5wITHGY>~>|t8w)Na=Yl6POOIe(cy|NVmE?VV@U#`kYb`ba?41i7
zT>&hPOw6sk<09U1?i5KREGIL-pvT_ekq_zTn?Hid<4|GxzNmOlN5wD9h>G_*q2j$L
zD&Esk(GFA#bF*BZ8({Ei7vc#k)<uv3Z@Nc&W2{0F4}_dsJ|x3>ewHSK<CdpV^y+pK
zJHnOZpk!~L_(ILRd>U427~!UTon+kE{kSy;p+$Xw4Lm@~Gf?v*WP^nM#_M{QCcz)P
zh%wvRQ;XlzYzROE4gTjl!eKz0yj89y0Q}1^`Q3ILKFmf%wzM4n;6qoxT-n~`X5O(C
z;DlumLs4YARz?@aE`H5hX?9f0DgZP<%fI~0<<@Mua$#5YjFr$hC@PJt@z1VMUaksi
zW~?B|+a-Gii(T!KgD!gm#;MJU<j>gY=GI&zhAVkT160Vv8W^eenBZ@_SS)dC(Bb?V
zM^JB!J&!jgzeq`bks5u0)9rCq`c}&W67E`wzA2W`F(CZOE~UGpLc29dKl4{`bYmR?
zjCEMh<>{r>ls)Av??23Wn|Na|Uy*)!aZ;dn4>5Q+1!FWf8Hi%0*i;N3)9i6H;NLdf
z?!(C4awYFSl0H$HGNnlbeZmbAxdC-M>qKQne|Yt!$%S*53U35_BLu(fCOP&`%$~Bj
zNp$Rk>DnX)Pnh$SblHPvB9)*Bra_ZdH_7(y@lB;rQ$6CEGC@<U;I;7uyNTF?)Vs;!
z*b6;?1o%vZ`GZb=g>R^nj94dJ=T3Td*-5YO+ex2TCpUENq;FCud{7-QQE_dA5>3#0
zquzSZBiD&QiqJ`Yezr*tjp)EERNe93XE~~JLST}ad}((Ja%HIXQZ)W9+P^5><X}Un
z^zcLQ-(dLv^MHv*?n@~>oDKgChX2n8Or`kBRC<_$|AI}X!Oierk2<bS?uLEf)mmUB
zDu&T+)K$=plKP|CX4W|I{s(wtpV}>0!O7jwen5erJ=2cfC^xWY?%JgI&Ve*%Et#jY
zd<T=cHECJ@PFH3<1SKs4e$wSwI{Z*q+URoZxVnbY_@teAn=Z$i;g33NFq(IzeepI`
zpgXcge1Gj=c1JdAKi$uDx(`}xNw^QfDAEZQeo5nVR3x;({AcjakC(Um!^?{M=dM^{
zOQ!(&B=O235%&KNyeSQbyBiF}L*=%h+AY0eh0B(nTXOvV+>&i2SS{m|l=y0BC8!mZ
zh7FB)afj!~a@$}-6Yd0nqq#ENz6F*W4DbTT#lS7^PS-&}^}6(CY#M*2+wM;<K{q$*
zQh&&d@09z*6yGTxs0+qNEP}#YF`%ryQYfv=LJD>6TR1?!x~vuCeHh^4r><TG(fGLa
zePf6grNDDp=#Z>9De1{MQQj7Q!0eHWt)g<j5Wp0&u!9XhY<}OUO(E#gn<9WlV9SVy
zE%TGqIM~W&qseCQbe7Esi(Q@G;5GqW%@3+o1!TTrVTMZ}InO1>6C(S~os^QORScfV
zaywc?{~4o)%fl?r9!_j+twt@xHyw>5r{aaSo?8mTpc;!TQs5Js31zWWk}nDNOQ0c&
z_LJPp|DeIo%@Unqu53L#tk0r-=Lxm^7TCk4&V`QWT8RWCWtLS4kA=4W6WhXE6a%Ed
ztSstH8MU76PmhEro0TPaZ9dD&ugI~HVOJQYeX*6n$dx^7q~!Hn8QxVRbZCrhzv!_a
zTR2<_ECyIEab;gbV8OfH_M7X%QtB)#HX5oXSYTl2XCYtG7JJBdFJvMw!Ap|;lz?Wb
zr$IXeSR?>nEWKz1;1)<MZeYY-yL6)gbT)loeTF(yS7J{9YivMqjo^#oI_g`yhW@bN
zk9uW<bW$9oI1Pyt#+8RadWLG?9~d)Qz$&BI)joBy7&_@7NJpW4UujJod|?LPnL!BO
z+&K8+s_O9RW${|O0*f1qtVu?xo#|_ugu%*yzQU+)n^DXHxnhvE@*N^4G;?e2cRP0E
zmV_NV_eLdo@=Es41^a1{%WFn8t@JRu(-2`&B-t7%a8uwX{R|$?-RQdqD&FB8_HK%A
zpc_^ixq>fgGQn<J_VvdCd-)1A1s0fQErTcfB&a*sZ8OkidkggNHUELJ<U-HlEa09>
z{-X**iownODOhA_tu%lZ=*xhT@ZFo{cGPP*0JRQih1l8%pXlVsAf>u&R_}n43*AA$
zrrm+t{lUvxZ!t)m>o^OU;%2v)HjLvp1ho#qW84F+N%pN0H@2p{p2d50abl?Cg2`u-
zD@%@;y*II}4Ngn|-i<H0f0*}LA@Gn<a-NX5aVMaA%qY&~0lHQAv+-SETUS$gJ@V#A
zoXBC%_m_huhb`Vd9^+9*{kuj0D2NeVazn^3_(tU1b?94~OSzFx7+8cvvt*oQ5g2hH
zn~Cyi(ca;)e@#KNP*Eyan1u`_I4^kzMrq=`fk>i7K%zxf?OKn#5glLWL1l{9Fp8oa
z#)yh>j)%f7C;9s%@Q+TPlLn&qP1p3P^N*IsqC-c?^oZIQK{5i@C^#p;Q^WLlO)vzM
zXg>#5_sH8&RtO4Ev)qWLifK4-$=STHH^#eQb{xyc^g@wh)$U|76et3@-a^AVN7F*k
z6d`=NtLzkd=aJhz^6`=-Hk-jWOfpXBqMy2jb5Q|ND0Jf{4=f`6^v*oxr@YTg#<_{e
zAen}<dTilsIu^Jxyog;tOds~m1LDLQrf!DfD9J7m3&cV0kvGTS)&mU>L8!}5`Ie&{
z2aq2SH&=ez!0bA5>9VqhJe{Kg2*F~aR+MX^V3D-NusTs}C^yA{l|d&|H3-%$`gtX>
z<w~TFMEQlIR`0s$^7IiWzlQ0wYPgBXuNYy(jkfGMTvc(}lW-+C)rEtJCOU8>E6V8w
z(|~>I6H|V?Ll0k*Fw1eIfvX1s7OS!vLy;}Iveb4LUTOTqA9wZtUh><}KPtbcCChK7
zy$OQ+8QKyT$_<#Z4YV8=Cbe>lwG{=6-vE5I$K^xYGmcx^yP(h|7hHmU7#f>)2&L#J
z3!QB%J}3khh53>T!vxONMqW_@NCXy&wNc&D4ioU8;2&#A>oni~wzP#kYw}I@+HOOh
zd1@XMvZiUbUT$&&eM)b$8P=m0F1&poGffC&8kHzt3e*>1v;Rm{?0I}<;&VSs;`7J7
z5}*ItC-M3BHzYp4&^Ph<(HoQcyD8~;VB+(AgOd6ingrjl_~&T8GMrIZpsw?EuW{MT
z>Do1*IJUtHv+p{LvV@DTy6hp+39VI_>j(Z|yr1t=f7?&Hsy}2uau7zO#lT+CHmvb&
z^x2<7;i;|IOrt=}45>QMNDU2%+d{<U7s>@9#OTGXqTIokgnRm)BmEBjWRW6skRnG5
zwLzpvpatDtfm_qz;?|m;2YSrCB)~o#=@Hlf=~0w-N9eIlr$+#bks}b&1q^}Os5)E2
zVbI{Uh(h@<P_z6Lx8hCIy;Vs*>%U~;{AZB9jm@!~L0%jDi_v2I7gBw;5+~@Sb5K-<
zgY<hw^tT{y<;s3W7L_$2inD$>^5<Sg%kCr=0MH6B)*$W@XdAExw_z=zEYeh4)sG*(
z4qJ|XFUM^V<*Ve%ZXnr>>)lxBY%iu$D-B|AXcFl>%e}mk^z>S`T&pYZ#ieL5?q@I*
zm|Ph=ks=364}$<&CK=CSvd+N5)CB%2S$fIfT~xBPgZ>TUzheyEg&1$jUt_{~TJ}X~
zBgWOeEFXV#i_XWI4K_wU$K8NrZz2I&!?psrhET;0Ru_r^v24{i=;M;s1ODyMQibqV
zXg@Yh?datM+Z=tjBp-shF1ekTRrU3;M3A}Bj8Jj+DY`u^kLHif<o&Tgm1~1%%(-P@
z@6AF`1&Tk8O~S@&n;cXpjE%Vs;LeL>3OywlpVRk{+XQ>9P+Chkmd^{$)`fj(2f16{
zME1KUvWe8zChQ<FQ4ek+H`6B4YqMeoD(2D6ho{(Z7G7Qzwf}_?HZa3*;DNFo-XTIT
zlvQ#BA>AZlf2i4j(yabIuQR~=y{AOuG>fRrx1y6tYzb^cU|X3jt4FR;pB@nf_7hKF
z5dhmEDkCM#N4${_7XX|~;@~_NfpcYIe8$L<L$S*Fl8&CfV$2OizI(C7M`v|GzL1!Y
zvo;_2oloF*ef<&SJ<0qYxBdV;jNygz#PGzD*zHQ4;a^3XKP?1IYl-9kg<5RK99rI6
zF~E|y7yO&*yVZ~UeZjy&8Pmh5*aLC<IRoSN6NW2t`zu{?dp+ZCmhL#Le%#*MKq0Pb
zLjR5co&%;VJ%%hP1k%?6PYQuzb98?FOWO?ILjTf>_%CqcT>ny&!TU4Dj~2#{==o#c
zDg--HSbi{!BNF1nSK`q=S@CPFW=HOW)@s_cYvA9Dnu)j_COU|5sPuWxB3Vbva#Y_a
z5al|iWGMFwO0lYbYry3#3V%T~-==z)ed+A~ASn5uB)^LD2s+DPAOMpf!z(4<$`VGJ
z7T!~9@GkH@DfsiPrceoCp&~7@P};)LHMyoIYYl}zn^%Md)3is0z~fnhy-`rc5G&OH
z)$`%0W>J3Jitz{neNMl0i(x$;7->KG&awxl^kZ{|uirODZMQGyUtW6BN+P{V-V(Lt
z7XmpS(6TSDqagA?=y+ev`ER6P#gr-JHJin#r=z?rg@v+n>~LU&c&+a$e#LMz?S=*8
zRv}zLKI5xsEjr69!^<S4jB5KkmMz=`izXe<;bD3(1iR4s3ipb1b8gA8`*TaSmhdaQ
zX5)HFwe$BVzChn>1f|u7bxIH8=^S6$j^}gUCtQJ7@o)~F+40;813RY=hOUFAo3Uy3
zn9i3Rz8_wdxK~JKW3>0!yOekkQfdAv?n|_KeN(Kpgqp_qnknn?I4yJz76usVei&+=
ze6Hk3s@xhp)6IXJ3)k|nK2(HKBH#s&oBYRz1y85=k8wRZ66YXytugd2Yv~XmWI1Lq
zhb4k5!!S=3M@-ZxEEQa?c@LiF@hft=m`O+2u_N>|3SQ38=+aO7d~^8^XeC*Cnf1Gc
z)^8@Ga5W+SgS+&7tB7)K1?HMmH4FI<#FI(+-b;A;&N}jX94%t(P*FbQLjMpI_B)8J
zYN3=79#Y+c3_)2(t*Gt`CID3xN;e|S#z!Omz^HwOE7uiPas6mO`;*#yKMS+bbtg^j
zCOW!)cVng@p8s=k#TY91d6cWqQR2*mO~jaZnaTrSKO7nBL|oS628)NMz%M)0@==C3
z59LRIu@BNBj4L!OzcHpxztPquQ^)D=Y4Q4coPJwC-Y6g{hTAZ!4`{A6LLlQ`ueTY5
zS*B9KSQl=}<<{4p<9<>hU^142>ZB<^u4s5He=Y?uMFO70LYc58%AeyJDM17Nel~Q}
z*6&MlVSk3%r8sWQ@JxP1aaas*llSCSoH3PL;EE4x&nGsu2KJF1>hh;k4BBkg<oH}v
zZE7oV>E+g@k1v!Z+xU|9VOVQ|#JSt3U(KNd06oj?aq>*QP;#Vu$);iaiiff5icl)-
z2fD+)@EG-o#K4wgE2c)U@U1llSh*>ZSajWZSHtxgrnVreph?a)@5w80!oo46#U4X0
zs2{3x!6!iDgFyrtaLRz}MjH$%244<Vk83;RJdP{hVj$PH2)RbK(-Cq-@(n#j5fk>Q
ze^Ft%oDq)C$8rVyhI?Ngzt28+75M#=^+)6P|IGbgh2Of+kHT;0C*Kdhj~xAe_^m(o
zeegTCR|0<5#N&5m0pRyYC;T#`T=$C<L+JPPF@ow3uP0Q;>j&S3?}y{@1pD*L<3}6%
zeF)&{v3cS6kHY4S_GD}_G>&ES)RK%%<;$zbrcM`#)UUq+q&}38EHCc<;tKfP(=!gg
zfZJLfxBr+3xTPD%INTy$@0$a7txCXaQ*Xj6Y-Co+9f`OMo-p~t9PC?;QJ~c1#vc1Q
zaPITbmL!`;$DG{3&Oajip*+|R@t1<9VLKG;V7no?wfL|Uc%C*x66b1<5I}@hO1j|Z
zU?|m3<Z}G#384Mx_a}hcV+7Fewg>@qf$cvYzB+6#iN&w`4t!3w#Nm_M5YMhn5}?$a
zgi>xpSd(I??9+>}Xq1T7cEO&(Gp0g6u;-CZIOWz7?_XaCXkFL^T2}$pw{mNTFDR6s
zyX4~5*1G8I0g=j=wjoxF4<JrK1?q%TX1}v`o4hFjrSi7mnbbmmd-vimuO6p^zxw_-
z9Ua4I{@|{eIuB;E3oNfabahz%MIujU0da(;Ch+vC@5KL`neq5vn}GlEfd6Zf@y{?e
zdv+(TzNTkHTF1%jE7OB^M+{wsSBWpJpbI)Fj9VYR54~JH1>ADvM^S+5mdjDV+O8<z
zg9AT^0tOt4P{38|+gf_p^88ETGV=TvPjte(h5MoMJn*ys{qo%2^!+h^Ukvl(2X&44
z`@2B<`u$gj_NNokej88=#RDw-ZhjwkZ5+PkwsS&^-<$IR<=whK`SG6u$}1C4ep5yS
z<%#@$dHl!odhGt}%J}J$*MT%TpMPEjeOx`p?>+dVFg|VI)nk0~-XDbV5&LzFe<!~G
z)FYn1g&2dUxB=Tey1;fjV!Jv4+jm_{*cRjq$@moj!2)0ykD9;ilEp7Pei;@Q0FkQ_
z@h9jAjGkY&79YGEiwj-p_W}?QfYV(768h@u5uX3Wk3#s*Z@PMf@89!-5boL=Ve#*&
zub=52hyOx>duCf9_e91A&VI0F&dB(b{tgKia(#m5xM@M1Hjd>1ZG^i(<{gg#ZG4hI
z8@+l&Xao0$SEP@45kTn6{cikqDFT3Wbou`M=;!JwV)(uvMG+6(c=Z%f|M?H1h`aZ6
zK@s0g54U%_j667(dl`8Un%+qs4D9~H<-v(Z|M$y-dm4Wf_8;zh_1OPx=MTdE@Xvps
zJSaAGB@g~Qg2{vb8quXZ*gfVl^5CXNI?037wEsWK1KaK&MG@{BuAU-3YWP7Ear4fu
z<U!<mnT$#Bo)ISKg6I$T<jU6?=)TuGGiFWl<L#Sb_9QrKr+59|GjIC$l-QLkj{|tE
zg4rxkV9Hqh&pOxwZWa9Py}X0@4=Hcb&L+OK;zGEG!FywY|G1I-f8o82ZY!$bjXd&w
zBc|2B`C|7e*ZD>W$^#Z5P>Qgkslz>(cUzF*9bU1(DEw`vh2v_wv1?V{Y6{70`x#bO
zpmTBL^2A@6mRKuop%X^^WNkNg&x-dk4_@(#<(E%J?pSZVV!0RZ?fQN-jvR6m=4U|S
z{1^@1K1fe6KcR<?5p8Xg&1`16oZkVR<~LgZo8v#U{u-+P>k!sobLILsb*kTs+d$R3
zoeGD!4YAts{v21Xzn1FPoQC>qzpH+~PW3aevfLaFM=0t$%HN3PMIe__3fPPZIF@mF
z(S9j^{FUlso|RBLI=_^LF@=LriwSN^1kSTfz-#94vXAi}fs-0!OY&IseAQQK|0Znz
zci&L^Q2>QF2)|=|1m9Dw|8L>z(S8N^(7a+h<tW=kZ49DoW?|>C)*5P|C&iO3Hk0vE
zXpAYzqvw0pU)nvnemwk><KZ`SKy99xAA+>RL`NidV&;d(+TexRcYPuEOs#H$Sfj2R
znrMQU?0*#B-;_@M<y}R8H=t4w>u~=)SLm=XVSH0N_2(k<$h&B5g&wn_JzC>?j5Cg`
zQ9l`&Y#f=;<7MT$$zTHhEkNP^A*|J972K~W0ZbDAM)f24vq(E!*?+^A4;fyY{$es<
zG~Pd;90kl%xMNj53kzRay>}2^mX{pH+wyu0{fe$eHPMB;pg$}CER_8ev=C=Y9_R&U
zqk2J&;0%&wy>6j!2dC==x3Co-eFa2$SJx}PtVVSY$0_Y>qP};v<LNFa51X%UJS8`N
z@9{jA`6I`3HTbP-ygYuB`E@{yUvVP5nYx`7Fzc`Ohr>zilWVw&`u7UTGBebFpsV@`
z{y&R6Xtj8evY25KGj2_#5E#w3-+~(Wa>3XZZo-Tb?=H-wMC%p|-7z;CRPBvM-5JI0
zI3>wPh1LUN-*1HS7LgNAA~VgDIPvtyV-TksM&rNha`4~v_ZbXH@o};5`Qrno;h?r<
zVT8#!AJ3-OXC(Qwqh6g+oN1tpt)I`Wnr*L^&!8*D9QE@FDF*b1m=F3(hv=_`|2M+_
zH64<y3OyPH`GD`w;{)k7P_DD`Fg;*a&ajDrc{y1U=MD+}CAOJ{=leVAbB1xR1yQri
z5_;50fuSj)zxq;*E9KH1xQ&<*`VUkh1M_S%+>WpiNULkR#ZZ_G|5=xO#D4_#5WQ1G
z?!B)~c`K&mOb5C(;r77a&J};*DgVm1Cv;zA&Zuc2FvIp3=Iag2y+k9%)NJ+Y(>T?b
z*kJeE>e;+~qYG91)9SJDDHvo$@K<$U%FG_BD4+Cggu3C9#bMkjXde3++$;={<ax0D
zK_{1zCAOZxSO*bE^moC;ax6`PM{ZWXuGjYqi{gxdbjVz`$8=jxl%K7zG1~<i_5(ON
zb0KKiY}XRivWxfQ0C!7)Ibl$<0T`8lh(N^PC|`s*6{bWcGfrP>cFBiJ4tFo9ABG*I
z=B<!u`ci57+PW7Xz}6c*#!J+y*m@|w)tkdO46>yg20uN<r4~_HXvIm2`S7$Y97{&A
z=-#1DzowS~idjP)7$#tQ++N4+!p-Dvc@riBPMDZb&Bkz8B>TaGsLLi;4w9Ag349Uy
zPiT_o)?d_x&9EBS@x0#A#eJ8~e{&?HY_c1ad)t5m&BTEtu5BR>d|5Cy!yZ`Vp4nK)
zJ)80Nt+@An0`|T``uv%G&!~jojj$JPguO8Qwa>6wu=pV;wiiC{gU_Iv_Nju;dK%@N
z1F4wU3=?g#t@9u50)8Hp!jfWHB-m=rM%sK*->=5gCyW$GbW@Q|qI(iZbgTdzN%Ywk
zq0f+_v(IcdrW8(-zqy6Nj70gx!@YMA`DOSlF?fb@EXMK6qsA^^>H?nox`yW;<2u2U
z$S<dn8HXWJ4Z$=U7N962P!u{eYK3~AF58njCqxhkeMa~Jp(lP2=>`w^q2u!WFeK8W
z-p_9gX!TDH449_wGG1=n%RyoiM!o0MKX%vGulbRAO_E12+$cXGfXGiYy{R<4as2cR
zK_#{xjDxBS@9PAmw+)1anS@0PZj)=Pbzw0lPFN)HPHu#E*kM6jxzI0zk>dj9Xqddx
zqN}a;w$3(qP|#ipl44co_|U?vfkOB*!MT(3<7r>XvUC6#)4aKqNhTL&N%gmPESto)
zHi*s!Zu#4|GzSlx#w)JOW>Ibu<(Bom3_Z|BTaasE(Rb_+<t>sN92=gJ*;ZEJEu!Sg
zVFD^dDbUO77tME^a)CnPf@R9Y`!95GD{&jmx9$*~JBoQRcm&(OzF7iNF(vkZ&2MJS
zUysfAj<kIk+jfCSHfgzz3azk)HyVUmo`S<`Zoae~n6U)&B9`#n*kEg;Y_frt!^^=$
zKwd2lqgAK~Lw~@Wd(E@yxhtMBa%;wAtl(2Hx`SXm2v3<SjDq}}C9>U)b0+J;o_UV$
z^8f-iSE#LM8t^{aVN=%Mk@$}pIl_#;1Yqa078Vn_0AqGcBVi7o=isZE_)8G{7s4z!
z2u0+_RTgC25cF~#hSBh;3Wl%liD|}-2eq4Px(yb?pnb>Zm#a;Y<ZmVCd9Lh43I#b5
z?O%W{xPI{e$J)EVH&tbe!#Qo*rcl@c5rZ;NBx>UWn-P!*NKz6w2Tq_Wql}_*FUr8^
zC_(~^FA8a($74pv(HV8F^Y)H+Mh9lDR!|3%7Mm6Y`WSgC0xFykfr8o>rTNxc`{dOY
zb^hP=C+Ru+?C08Ruf5jZ>tW!Ai(NMk<z8Bs=kOTR$~MU1n~#Qr#j<cOEGs_@LCaWH
zhgMpMB|M1bXBlxx-D`<oj{K1v`Uzm_NfE;)18V*NQ1vGk{&p07p#Q)mh1LkNqn!ml
zBtL8nAQ5dH3r|L&GQ4^&tQ=#ofmOXp4r<-jVK}Xe;bEkqu*z*6m52ZgjPTElELAa{
zZJD+8CIg0H3Jyli{>PwXYJaTgyv#ozkNt`fFtEAdDWGyF^O#Ct8_-}!0t(4DD75C-
zPo^9a&`&b&;40;z3onA6(wEpDQHi-%|3L5=bpi4jAq;C9f_`cr+;5;bYzW}bsE$;p
zn+kZR7ouHdy@4Y`#uUry3W~}oIZm=lG|s{>P_XxVmCrGJQF24xo`diQj*Q293Dgxs
z0pD`i@V)BeCa-V|7zq~|DGifCD>=}#Td8S(b9^3b{l53H_<Upx0q-iUgvGX2*!Nex
zfFoHV+IC}DBoW44o`Is6#5ZsJ5D!*N270od*rf%4|0*GUu3l~LYE*<FW|kZWee=*#
zwb(2C2<B&%1$UfGTpO0gwSxjOA3w6hFZG62;W?tDP9w9M+mdc4IGSO?`5LCa%|pXj
zT8p{JLBqm)SOazpSFHa++(XuGLoj59qzX*E=rqX6{()*)M@UR4vpV7fC}e6Yi<ET)
z!)xksT1D+IZ{{1~@5F~<l&Com@GyHb;IAH!5Bi}+i#Q^fwC~mClgjrSzZ`7n?O$N+
z7xRgpw20j3-G@X4$U>4*%;&@-gm4aY0;OoC9e)R*5n@mYTC*diDB_f&fmMEpjEeAa
z+(MLMrsZkC7oZPcijFv|+)M=E6vpRF(T6T={|!2QSdgO|HAf+b?{*pKgI9PA=FD%A
zv*<%dnm%-CR~m569<#(tDBgSMUYNI|5>bRBE}#cq<z5Sa?V*`N3h}rgI!>_w+8l8T
z@$wfb3gHC`QG^r%on4%lLKO9)5MLGY#a4tA;twRuRV3*{IiVkbqYwIV>d;8k;ciYG
zrs?P<DR(2jB?&`M90|j1oQLg~E{JGqrPGBX?e!%|y5PGgqnlp6oA*O4_7gnncJ_42
z>U}y@IKe8zL=_$Zs?g?Dy5rXpRiF!r*L#KnRq$EMd+|3QpcPZmAiQ{mue_=sXhe_K
zcGOkz7+#7<A-_%}B1BaEJ7OzH*^rk<#{zF-#Uie+a-<jYlk}pMZFq!&R?Y+5<ZEsc
ztT|@}vSN~cJ^&wL4?uPx8yM&>?i3v#`z8^o_5wZXOR52{U>{#umPV~z=Y|?EuO*&~
z=NP<0y&5N@jrrMY*$c4d)MJV@X|<QKI85Rpq{Uy255VQS;l~-vcaml*G|-|o{9-Wq
zYmxwC)B;(Z3p5AjMl`wFB7!g9t2)hbqZA06rKT82B}4RLBf9Z;!+#M*A61>27@Cr+
z`f`f{JB?b;paBN%@-)-_!>dFjvUfx?GUY6_wG7Hl*a$PEZ9j|E`37c$%OK;=HZh9c
z-4ohUBuIyKeDANmOirZ$s-2J3uIRT~?Tf8YSzHe^cQ?GCNpAbkQ}IYpEGy1#0O%Yn
z10FOE9xR-GO&DrQ5<wGhY6waZ7-e01^MhQ2Vu=sb{ss?G!*D$A!l6J%itngJ!fg@%
z2N$pJgr-uKOHk@K!0&hX8R(aIx_D9$*>s>-J#=wJ99XI=p$We$zzI2~RdrGOW3Xb1
zOV5Z;u7$FDU3JD$dcfVgYPC^)`eWfHZvET0p`Uws(KsowLsVy)WrwDVBkF^uipPs|
zmric=abQ8;u~L+SK%!^O3|IRejEK4JIpV;N8DWlQsgF)=6+=%_t|XsqZ!SyBn~J>g
z1ANBaDzC;9OsrmIKj2nZ0>2Ar?F#e&<NXU_ym!lvRp#YWp+hDK!=x$QP<Lr7QY8z>
z(&>szvEmE4n3$~CjcYRQwTEMO<r;XTOBY3e#DLMne>+@j6Pf&X6!`B-D*L~{f=9Ev
z^s}Fk2?EqI;I1N8J!3E(U;(+mMzBKdmDVc4nMy0hg`nW}p+8Ywc&c`0Ts}_X&#xbA
zAdk10))N~D5c}LH3n!S_V_-J7bs3VVDxJHspqx>{hQJRZLU9g9gjIP&!{0QZZ(BZ6
za&6-xZ~NMk4qC96iz*+9zG{u)+9<xNuN%<=Kd#>!2MoaaCOgKaD&pRF?}d)B>MuFI
zPogk*<VWRJEtyX%gDjjU39U}@A}okOXxgBsf^Ptlv=Z&@S|iP`Ia$!H^k~(s10k_(
zwGA4-)7!goO&e%P=Wf%gAor$eBJ86}DmsU*8VCUQ9Oe6K6)r73EAB`ZUc-M=4HHiM
zc9cPPu^iQ&p)@?zhkVPlMSp|o000pq8w}HtfX|NhmYWG=Pg-fSa)goj0*T;eO=dI0
zlC7TVu(xUd*#MMfs2F<Ps_A^PMY|E$Bix)VUUij*ThAS`I@T-r`rRE`S6;~7m(c##
zj#~p_Ysoh<_S`y;(l}ko1pe;`{lfG2{S5|SqTq1KlR64W8X#!V^E^lWp1&deG$YPZ
zAs99vMXEOceOMFQn4J$mjbT8v&kOVD1^s4gC8GwQLxZ*3I)vUV=(9(W1)ZRZ9if{N
zN_j_oJS486L{~b|35h?ZL~lA#-l8+BVh3<fPyLyqfBUQjTIZ|zhS>A)nw=px!80t=
z_F{&wdU|KLTF+q7-oy;wOUInXshhqzKZSJK%69IQZ>Kt#=g`yd($lMx>9{-!p=3Od
zs^XY`DaZUs*qE--s+WAUSB*t_`aSAkLoa(Kv%F{`9^w!wZe{DMX`=4dN%5;h-ev$P
zh9&3<bo8v5?rLuYd}ZrGM28RINkuLZN>h?h(#d0#$Ym~)%f*C!$K1G#J;Ctm`|Kyw
z878Q)2r6VxA<xy`C^}}Emrs#_0At)pNu6h)N{g~8-D7VCq%>fqLozDG0Ag{MJse*y
zZZSY!oDkZI;-YJ9M<(G7w`2Go6P<j7Gdl4zWYJ(W#m)f_6ggS-hmj*Dxv+*+&lwas
zY!(Zfa95CpFIn}<!D8V~y8fK3)Sz1*^0v1i`}{-q$1a07CL;5UsvXlZR6A0vLsWD9
zM?>OibTYx6UjE^&d^#UbzF&HHAiT%o3k;e58DqcBe#aOn%GZ6k77S%2hbB}FzZ~h*
ztdB<+B<5~Yjt7ningbeAG;0og$m<wO9~w1Q-H2%NJ^sxI-@acmlD>tt9Q~t#e*}U&
z;nG{j>K}9UkDqSIH#jRk2QoZCx`LN<hEEs~qWF2+mVDym&<DQGE!p4T+)_i;V8i0R
z{6e`)`9M^l@L7=YgAE=w=a>hiEk~Qorndny$xH-Nbw~zIn@#WV1RH!eB1OFFeEz*w
z6Q4|{o_{_wl)Kz=9A)cJ=%xc}d<)DW3FB(3EIa~32_!vUiOPHA@35Qv9sbI|{T+&q
z4z#<eL@U0O%fn}yqiL6i0X-)j0ZmT(0py33BE3_)zauY(kM#Aj<yBA^S$S>B%T{it
zm#xd7v6PoB41c7%GhD8_Go0|P?hHY0x!QU@e{8xx!*`pa-{#LSZp3;roftlWg@i>G
zI+8{<?|c(;L3&~apB`$6{hVNi=Ho{ROxd>M9A@zq-|R%o`HlXwPBljVE&qp@9nhtp
zL(gpfcD2BD;gqunUbSw5mwn*_?^qWiO0jn<txI_Pr`4CU>gj^(^{e)UU&-+of4tZA
zdNDj2{TF_`mo^xW{j+`H_>g_!eTQ7HUxP^xxvTE6E<2#@Yd8P`7keT&5bNG|cwgSa
zecv<eYxpGg@!sW2;oH@$dZ1Eo?VM5w{M%>3#pqvl&wm#~`|g^G&I0_ys>PhDIXUc2
z!(w!ei+7$N9tP@i)!9ZjtDY@j$R${pE~2B_eHf81vPr0HIB-8yAN=_M;P9rKf??OY
z`37=h*a4hl3Bp=eYjA7VZ_9<f<9@3fQusB|8<64({Ul6T-myB-yg%|}jzM|VT29BF
z*D0q1hkNYdK%^tkna?(q3?LS?=_9<kDtbZ`ni7Z6F@Tf8<-Tr3pRx!P5pVCx@m^;>
z-a9OG1<pCylTYHY4*O?apmiE~c==gAz3&nOr>Di%=aU-*?uOCJJg214V+mGLNp-W5
zCwY%-venFNMk~z-f~iDn97cx`l_)sC##0guvnmW9EIHm|>t91vniF^~^s<q6kvKm*
zx(N--7Xvjp7%NPZZvtu)Fk(aB+91ZiUO;X7#<ootOe}ax;H+aKRqaYt{4_C6WS&Uu
zAbf!NnS}5q(MMbKJ+wVWSL`ZpNQQFfgPM9DZ1L|o?P2t*UI>)bwf0<27?utGxS0Im
z;`Dh(!|KcRuk2^fW0(N;r-<Mc!mh*)UfO@aV{h=-!(IjbVo!mJyZHw<b8DE}h|B{z
z+!=xDL(MK)XkJ^7%*xJ4(ON`15d2274XrR!3SeEC?geEFiqy7F*y=Ek)DpL!P-N?*
zwusZKd?Yi^=Q4Bem6aNK%zl)jmW1YZZ^qb|_Jqh@j*2aZykkCq%pw{&GtYana#*x?
z;vQpvPb}QQg1OM1NBNf&=qdI&HZznQ?VpicAhDOX*_)vTC=LxBg5uCh80wSRYlozk
zFDTu8$W`$fbG2;~R9Y(--#cc8O4pu4pYd${3k68pUbo_gQCCTS#%;j`;<m-4w|9KN
z{|lU}@UH*>#_|NtI^%TX!roqSq_d){kUduuK9X0l-2*F{Rd0XGgP%Q3(9aSvv`i3{
z*QrF68J&u7R4EgX#l~l4XXGUCfo;x;x~r7>_PtDuIIF%Ndyx(^J0$j6E3zOh8q6Ud
zD{QpxdYE?K!{Xa7@c%|+-VfGG?Vn0YGfZ{v?2r)z7Gs51*(KScGeg!jvJ!^RB7B2S
z@Wo{dPY)Rv%539VN!YWraR+w&&F0AQfpbE}8-(W2uxCmdi%MNpGZMg>N`cNouhO*Y
zMKSbWR@CT$v_AKf*$tpmcU#0&(NOBC8cbDm6iQ0tsy(i{{8CxPGdE?ww(@#FxX=v2
zRdHh}P=LBv7?yFMqnoWestafJ1o9zOHwl3bARzyf6dsjGFMW;lLQkNR9(;zD5)q}&
zzB^G9=t=lL3WSY;j@;!-_!$Yz2`{ibfipz~a!UVCk^|vxN5ub9O6&}Y2^7%it6^L+
zxz12(KM~JS-b0$=zcGnmVxpc^n*yDs{!v-_D80V=P6Rr~`Ax}mSjLq`qTspcf3~xt
z6VNjfKAcz4;F$v08QH?Ivp&^Ks9Zp2G=!n13}TkX(BqNgqYcd!HCHJb;^%u+L(<u9
zN)--t+_U_LN{zVm%;;eJCNXmIGC=84XO(>mt|O6c+%869W5uOSF9N~>f)o>WDLZYu
zofSJv(@W!F0p|^$VI2q!p(4drA0Nr8!yG#SH5DoWHA4+W&y>^`mG;-4Dj_v1Dqn!G
zue#OgM%q(ZHE?pLwR0B(MVJN1Myoymv<SE(H=yi$NPmH@q91V<3g#l6sLY}h$u)pG
z+!~J(6I+gnTaqLrL;s~iY(Jb{4@!@%4twvaS_UhsUJN7#fH1XUZ|r@9bPVWX4^(7t
z0D%GNVmojMyU^{>qtce-Vwc`ZwnF-rty23Ds6vdK%7wK)4cEJ*d@0##XNJb#AtE_A
zl5XA>DGM1N^0JNlB%x(#Jzwrk0Ml8aqKh+@yOVdWr%+USR{dJsnrspEEyebu8ROYy
zi#jWIL6OzGNGFV^X~kY-D$%Z?4#{=77;Nwl#)FmlZDoMt=o?V9)r!LVzz+EeK_*g+
z#HzqPSYvOHl)XUhwBL`1x%nHCTt}lk;uw<f6}O`Jn6(SQ9$;_I*adL25ZUw^5JHZy
zUqmD!>>cs}kW2P_82v22P*YrE+U_zmyDGZOEbtbEbUADf>xa=$>m-rAR>OCtMyb8U
zJ7%xg-Yku2LPyy>3~0U52-~F?8Z_l!c#t(kAlg44&;tFdl~z4#9V3t*%w|?S>;`zf
zRKR7qI?oeK_(#Hnnb!GG#GkR~Qs06*WZ`z7hAHT?7plS!<Mi}N_GZ|+_48{f5}P6k
zkup|2rO;V5<pS8hYiR!#6E(6Dl?(R(f%fkcg_d|uvd3Y`w#Q>{3!Xrq@-nb{<f_tk
zHhd_rsJzN;UFOF4CZi2u<5lqXkXt#`{)vl;=aBPRu60>+0QZ62#RJTbjUcHhRz6vD
z2Fb5Fynu#EL_7I?RC?KW@?*T9T%CP7^!J>SCNF!fUTTSXXvTohM>f-*0p!T_Pvl^L
zdMS^zClaxzdVtyC8}V^Gd=RzTO8``Vq-PN7-h*`;e-75D(e)33vp2Epp-gX<d-1P}
zk>$QJ=VC*w>Z?TJ=`Y#s;rM{_oQIdB<b}l|dpr!X!D6<i(uxkdS6_ibg7b~57PANI
zK}@*9`9?848vP?tt*#tnm_Jw_AAy=&?FQ7|I#us{gY*n<a#r1MEr+U}BtKe^Bcctf
z&c)CXBQiU?<wff3V<0BPZIFw*g46!z4a&MWGwTaqkHD-?zSu{Ua8=DES;B=^CG)K1
zF!xd*+FO`FH771lT+*79Cs^>>!v16lx}8M~fFYFdJ|QZU!3f@+fWkyQJhAEvl%_0+
z0eM}#@j4^3tHbWlocFy-%^9{J?++u!02X&mJ0r5IJLEBY<ie;N%6qnPtU+2-R3!_M
z#9@S&8ChZrvc$#65|;#eCa@<rCtXBdn@0jfR0N44c10c+Al}ghh+`5AJb|cEj_2t`
zZe^$TnS=QD$MAp(<%D}kPT0oQdr(eDpqwyOmlIy;PfoC+wep3SBePn(<a@%ADG?mf
zC4x=8C4yai<~cU$GQopr=K59v?sR<z3|o~cP&W{U`*`Wvo*WSSHscSI>oWNr{)PQ)
zDN0mA0_bWmvF5m>bOHZ2EwK}p1|+zdXD590;J|-~JhlD6X1rvQZ5==+_lnUvoyTWv
zgEx;tFr%+JV6NKsi7h83rAHdm781K%|3vOxYWdvjILU&iji~a=D4*1FR2tJGLEgYw
zGtj>6E@-kXBCy~N$QAn<v##yrO!ook!4^au+iBb#TeLd2_2F?Ccrwr#f&PS1Iq#=Z
zdN1w6UmninFKb-38dt@3;4g<~@|QS8k06sNh3*mpJzujYZw0^uOEOS74LdBUls*XE
z+B$%0jilloLHb6czHuLgdV$+XL{OtFvCDrrHqFRIfKA_31Sm?10Gm=Gz@`ilVAFX;
zfHW3yo@Uek36HfYgU8zRZ}V8a`%@*veu~iy+F+~lD%-qDhxXU2a7R6ahA~T$O#ES;
ziGL-ViT_gu6Q9Yyzmmbfzw%x9_g6Al?^n_s`Ty_a4F3I<4F3I<H2?mJ&c7#se~+g5
z_f6l(zh`~T;NLMlnDAYh<lXJf#J$%<j^qWl1NXj_W7Qd=>)LXL(9-*@a{S8RaGk9B
z9CEmqz(SABgPGWj+o`P%NXptC&ei@1??^)ntPj%yqy-b`ajucvN<%g?o7MmR`B`Vx
ziUi(DXYsT4Hmpi#X~QngRJD`14=nBK^b(ieN;0>^&mP9Bd9=I@84G*!vmIH>-xdXa
zb`|im`;ni`5MO77rlk4Vs_DFM$j<Iu^<Nnyd-}VM2Pj1BcToGvYj`jdB6;>Ok~@i&
z)d8mol*7fI2c|a4UI@F3_nPWmh8nSbH?}aQRaO$Q!<^DU#-Emp#Q7M|7|ju7!S(uf
z0aFee279(fv^BD=W@YzURIjW+m&Zl%O90bYbvg8_zM^ZK?<-b)CeY*X#d>P0%qTfa
z%ySS1NCujCRTvC&rn@-BbW65+V2FWnNSwPY#dMoN0!I$2A%^@9_99-CUXO^U<^VMJ
zb)d`Pe-^qBj{_?g5nE2Vw&30a%p7hk%Ae5;PU(QXrJ{?u*mJdRWnbhl-dtSJFc$cS
z@q+=)N=segPxD+A@6UHvEwI`>z$MQFHu?MRs(IG$17Q4vXb}}4T3#0)fPcnAvFpa!
z6R3(b_Gw9}!9y%b*ggZw4R==!n=BId8^z%s7KO9WI<dUaF}#-GJny5{(hP>T+>Id*
zlML@oZe<rSyq(DK-mDc~oI?!G>CPc3Uf0~0*Uc$0@LSN5Y(Dob+S<+_pJ2APX#<A<
zr@BXfb1U1m0k9zBbxHWf9{D<v$Xs86#1$)Z?cv(&KvBB?$#PjWsiIj7-D(q+TNlE=
z`KW1z2cTTz90i@qS8-iuZJ$}^Lt^&+S?{uiT^02}182;aL*)q>Ds`g(80dtZv}x52
z`~b8{gm2g&I<IYS7ISZ1SOw$|zSTK}aW3Tt23)kZPPX0+&BsQ;J{joT#sVYhsB@VK
z`-!Yipwr1V;DeXFyi;m9oRS4jdzrflV<8r{vdRyTJ=>fj4{z%aAG}?NgH+lVr^j<z
zW`Am$CN-Uslm@TRDFvGNA=n`pWDZb|XCzxhwlzqBPcWV@kc#(7C_W?$+u@}{686Ae
zB?=J{c0sq&Y}*cdzNpRtSV#biIrFP-O302D9&BjDX$d#Fp5;~lCQvpECZOPk*jdQ}
z7@!LzmI=W6weQo9Sf!RvQQTCvOD)H}s5Sk3P9_YJ_8LkfADTXYZl%RmTk*a=d&{85
zE9Y0uhso=L$!lKKi0Ptw>q21u4VkkmL%It)=^e9AbkwlQYw(D^y-^fuc()rxTL*B*
zxfrVmuqrlF;C+qqz8>=`AAmIX73yZT#6`3qKx;IZN}xig$Zci&hf@0<c={9w{$5mt
zDBQ~`V`Pbviejc*Z598Sn&!>PX?DGf^DHSJ!+PHjBJL5G-xFS?#Vf?6Knnl?Wb)6`
z^IPk+?Uw={8!!jk2yHdOXIa=UvyCSt;X|App$6FbXFSRgm#x`FGkhz+>vn+0T>y`p
z6JE!$w`l#1*e@yDWF@{l_^qJh@yf<@QoJx}%t?Y{X>JmZvU;^O6PADHuq-^yo{Nx=
z=rhXB7@DK#XAha^@`-_ni)|09G^41abcul@xjqa(-)lXqa~67mBZJN@bkzx^QX(un
zYW$jP1KFsvn{8+^qDfxH`RJU5oP)b{A!PseUIWo?|JK+Vs1dNn74=Y!_An8h{RXoC
z^$HDhVId{zy^eh=&$tv1_tn;Ch^Py*3qXLZV@zwi5?04$#?+Wc8q;Gg!7+dL@gC0o
zzaH;XxhOF;Amwb)j5_9&0Xoc>UsZ;SeIY+Xg)#<OPI%4}LjekK1JELd=Rq(m5-o6}
zceX_Ze;(|WajOn4UN@Ab>K8)wFu)lLs{p@eCSXetd^hRq9}3J44O8&IujQ0HX1}u{
zS_%jWFcF~$bYEzefnk@G?PAMuSJfn_v!VtneH<#C$t%4GZJGSlSv5H;68Vqj<M`v_
zHwo~T$AZ7g;oy^l`~9O?^-T$2I{d&}-qgdkHm^NGd`TBbcn{`qt^olfIvQ7uj)^%b
z{bk@6C_PaRpV+!9@eA_3<9uHPIvu`4v7tFQsjyOXbi&ANN<C}>K8Ncql+F6=UsC%K
zfLZmN(D+%dL_KW9k^>f#CXZ-cao7V07tf~yp*F0By#}1u82|<Gp6*711yV{UpTF|H
z^M_N0Q#d3>_7M8K?M=-a$ky?)w+1BlQs|2j`%(rS>C+sqjW-Gt;N%lvmP5DEtg=dE
z#NQo2ODAK0KE~@Tf;ww~$i9!!T3a+}OiUirL0^j$9DVN=VFRs|)w>pA%dUzrNWRly
zSTh!Ss&b(h(3d_PkpeY6{wFgA19WLNv<<Yf4Ea{}S|bS4&^EtL13sZ6i6-CQB*0sq
z-zSerh+~e6g<Y8JzvR4#;-8g?BtzntXQ9UO3v{$-MYQ;=CsJjKUjzb|P-n2i80IgI
z2qss;1N`Wmg>>(q8Tqh({no%2OVB8xL{bv!Ortv2MAyM{wO|9+33W5+^nq7N&+WjY
z#AZ4#W7Vq!u3diJM~MWt%K;u#^8$(2@Pmug8;)yV?HX#3gwLhGdoFS9S+0&Z8_#_K
zjjtScrR-wW1!ACM=&C_tXwcbzlJ=r0o&!=)mB;9+^W>4?WHIuEqqm~&sH~i_H)|gU
z^9{Z3v!FBT%#L7q^&rTiU0s#W)6j_g!2Q<obc2t2<S~!ZY7c9d{Mc-8DN#J?c@~$G
z(v7N)#j<0OwrZ%9*hW@=N1>@Rzsfhnf2U5zsu>^it_}HQ98>H8G4zLMKvCiq?(N5b
zBFpF{wi8tu@3q9Q@P_<cZ5^#8&Y-CT3L+)4vdki4R2s6dDyPKaOx442&>jd)y$le=
zz*NsxR1&nhpa9ymxG+p~d<=ZJnm*Xm+JmLs)WyXjkQE01)QTRi{WqHQ_bT%Z6xJbA
zLvW2k-?bO;<HM+<W<oWv8zwg-bX~t<?R!t__AiTc`xj9yTZm{WDzg?kt4cFpgNfC7
zb%v|r@N-T3Cz)RYiF=kWQaZ(@r?Zc3N;m7rHW4wRjTM*H^JAM>F&)V$b+(=S*k%?i
zSr;tXvW0jc6DGMAFI}=bGpQCm)+{|uCpaeuD(#pBl7%){(It_J20cF>M=f7iWvcDt
zF92rweM$M3q@dum`XRT1AvXo2FM<6D`w5UqMK&F1f#6@z7BTzp7K0~z_b3z>_8#Qu
zd>~5-_W^nP-?YwDJ4j+YzTnE~JSJ_AuS{3v>C(P_74@Yse(fWc_&ECsG)(xD$9^LA
zN8<lZz|#w~Dd5vnl=cPcQ!Rvwy|z=yAXL4Ts9cM`QGaR;w#pqloi`qAhUQfHt6X!6
zdV#k0W+V(05Enf&IWQcouA3%fEM7+k#?XDFR}9^*R1DomEUv0)PzXazvdTtkB?&*d
zKlpLoDh&I{;Wt_jrP!st@z)Ia4fJy0Ec#~P^or-04Ihf<c=unw6MT{pFH8R#)dPJd
zLGz7@e<RaYK!4lL75@N{{NrM1F!fEA#He^CBFIpD;)vEK1SUo1EY_9tQt?rbXixqn
zt(X@dC{akx`0f9X@p`BI<=@g*Gyf%e-gvz{@|J8hh1Q`7W#|bE*9`Pas*iN$g^Wtb
z=n|h7mxg}?lZJ9?q!VMFO~b=F6B=Cs4Dw6^upK<{QE+3xJx`fuEfwkm;Wbb=q7~pC
z8|W~ux*j&88E=kFJKz&T6aG@bwb{+uLcBu=Y!iX@O?WnyI;$X^`gkh!^^CkrQmF?s
zQg2SBipkV${k*^zt0m<F7pjy(k9ptKn_zd4%wn+FM|UsrA*|XZSWQ!ex99*Supe($
zueLfX&Iw4ARF@HVx(edd8dpBTswDyGlMm<<3pS#pg4*6>CqYJn^)y{5ufaZNA+Ita
zH67k{r)2Aql=r;0ui5%n=(Y#7N;^fR$jT~zYfNc+p3x@15={l%jaA_#QWy`^;5QNW
za%VyjNgeI1JmI@Bi$FjTM=R`;p%ukx{5eB7K(R^5GJge-h;c|Fpb9dK+-}hO&2Nc>
z*_qM5QMnZRy#xBavRLGizf)A=jP}%@qZz@0B{ac27r&EAoy^qY6lsN@Bjmr4`@fdf
zzL&y(F-ae${W)9zG^;ene=$WLj%#MjF5E})UM(^S%YjF&CWD_zXwlT>6ij}jJsiIQ
z2iq4^!+U{BSKW5i<?9gAZPv|5MVH_)nHgV~xk8@1T_Nw|$<>rH4K5W!dD{jV4BYOW
zm=O%jOuPyizhk`U@<3#bxG0jbdf0}a(<$vB%j?-Is6;oHE!FUV$E#kU8)}99%i^Qp
zyD9a(r`Pv#S)F2~5Kt0eXlw{cQWN$LOy-}{D}Ql(Cw$+W`u;%nci$#iIVTD5;tjoO
zB@antoPsv9$kWKSvn$7vaUl}NnW<gm!Iz^6Z!YCTV?{eT<msXP7S+d7&8^AF?#|C+
zQ_v}ka>{FK*G&_%%oTw%CR~zmm>i$PwY3@aw4LMAsXsyc7=4^f+4X78s)mrNHg1%u
z6<!P#$KHUFlCS{L>RujlZ3hX-kM;tAtaO|Q3S&~d$kIP$L17?=Lj1?yKE9b5{CcnP
z(SE_c<M@&VaAXJmsE@3d4<CC25~J8J&*E_#QXF~&nuTk6DN(TVuIX8_I^Nnl-gox;
zrvBdj$L#(8JnOqyU*DyF<m;O#Gw&3wa-zDi_O46^Iou!U+Aj=r4)`TrEi1>~;sQ{@
z-ll!_hiKxh3aS{D6cQ~WFeo{Az)o&9pH7uGW|cQ4%l`?>8-(og#(v7@XO+)SmcNJE
z?^Qm(pYo=x@}^{YE481KUEb7B`2ktw2c*XTdu+c~`2l^)BZ$<w#j-jVIIi0)Vp8WD
z_tH{y889j28VwtV6j5p-U3v1N{h^-|gYg0}7|l%D?+r~CB4_hL!+sqac8j>ESzOx8
zxr`Pu5}$^*$C0iaVLyIB2V#Lkhinlq;8)90k39fiK%l?D&+OYb6_)_3(*lf1OWey|
zYnq{q|II6?i}k+5Jf8sPCl}WHF3rHV8A{Q5DG`>~tNV(fnPUG*Z?M51^Wxt8DB|Om
zTW<gL@2=hKHt740((F|L>67KlRQGSX#mM1eu`q(VXc4WDUkDB?Q|A4qTMA82z&H%s
zUz{x3nj|t{_rEWNoQbl)qwBj3c!(i|Zcdab@-MrgQU7mcbguwi7#6=<E&3&f)K!}G
zG@qBtXBgHo6)#{Xh-<AN!i{x@j1y;~3a!%M;To=}&RXIPl?zzD1bc3)@l?&S1Ud_q
z)2rSi-*<CO+_?j~MI$E@XlQ9>X5`+`iVWExa$P|YotL16XgOwf;>3z5u)<R`(FACL
zD4?UodCosXX3l5kIZ*wr#aNS>+2&!e^%<qK;h~CqF~2Ij3MqQ1D2yz8DTWrNK&{x}
zW$>pQsC}D%09_**?QIy_w@wsJyIFOKix{ze3Ag&6Mo;iFR)yv;lI;Vwo;ydFMeNvI
z6c=wn{kzIf=}=?71q23Y@vmvt>x6^`J?IT&<y15`5rH^QNzs@OeuFFw@DM<R;w5-3
z7ejRB)X-CTf(6mME{4JsR3a(e@jIbPukCZ9g(uTiE7ICTHh&Y%px4KA`Uj0=$Ft8U
zo#gM2r8bUI?3?h2g<Hp}=(D&)@0k5F=$mgU4!9pFaX88;eT4{5)wRgjB&#E^g}(#X
zij!a)onpP7dnp5K19iwO`ew-Vk`J@t!}-6Lz7u?s?1lLy4j<GZv;C7VsRe+H2!E6m
zrzS@#t4l02mUge;@8{U5b!BPVf_C{kc<ki2aBgHWVDa*qF*Hff+TZ&3=RrN;Y23V)
zpH%T`R@}nRRM0^O>VvArwH|w0GM-BW*8dLFvIz|<3=Mn6)>u?3g>DsajY8-4%eFIB
zWh4ogD)myJr*Qd>n1$3-_z=awYG8Z^h^lCAa|tGp4SJ)-cVc=|)v2Nhp_Y;nB*ANz
zLN9T~=P|&Kk4P-uNn)`#^cdjB*%W>p(fq$gp66Z*0tF?5ohTOH3#C9T=I}YH!^f*U
zmJ*EJnfQ?{9}|9zhFT@%PI8-)#O;ha2t(?Uxp6K}z6jmW=Q4>1qH45~$o3`;%L5GE
z%gJFOBByw{Vmx+~9Nj5tzf1cK)|ZR<9!oQFcX8CxeYxldlwQT3V&kTwK6QWm+gz+p
zcLS4V-%^E><4H4bqh3Vj?M@4iww!67mNxe-QD+vrL*=7`VI|^X;&zu(?}~Kfc^8EP
zhY#86W%X|J--}CN$2|x;E?w`aYb-!e_|E&4tej2mx@Te6T~E920oZjvqFr~d@7h@*
z<9aa=?#@~dZp8w7?*ZC-@uL_#;E#LZ=O|ii4sr#$rmYxEmtFCh9(&l{5Wg3%qytBK
zDDi2xx?p_={OcA&BYzD$#t#)4o+Gj1x$r)Vzju(cJV>MKg&pK=<U+SPZ+-V%STT_4
zreq=5lz-NZDw`4AK}nUYA8U}yUR+e<cm@w<U9jl|wv{Bqr1$Y3haklr3l|uxEX>2T
z^Z=~j2TVYZZ$y6*vT8;@8}S)l#OlOWhmL*Ao=5tG*as{=y3&+68sc6p$TnbT1-#<5
zxRg)4jz&qTVS&Hk$pT)|{~jJZl?i_#9ZdZK$#U?7Z-f{)C-}#TO3Z#Bes3oH?I-L9
zU=m~Fg`_`pO$;3B0S?=K0N-7z{9HGxB8Z{!vt5c0ULq#}2D5rRs{6T)xxjGD3XPoM
zQWiYdL35~Vr|Y~ZS{VC=yHt0m8&#%YdZt4rc!5l=z@x8qgAC_Mh|H})^A%?cS@7?K
ztXlkvtosH$W)D0X>_)xf82pP+UbGCC65CM5^rO=ue}Smfz}O@_lL{P${?{e@Kktoh
zylR(2MYnhq`HgM~=2;Bgiv53s`ae4~(gj_6L+}4?43OZDz9RSn8G|1=8;3}}k1Zhw
z9(=#{f)FpjEFg<zMoclW06B0#@roE0pd1MgkkcS1r+y-*m&rgQ#Ej*Op5JhmX})RV
zVJ*8VqNSdy8=<^~Hr-D2LBQ)IM{~(K9|O#+k!@XoN0MzfTmLHLlhO8g8>_rp;Div7
zOH%e|7yJ@ssU9&Goz(d)F(zc)Pgk7HV^3X3*3OM=Ls1T;aBK?p2>h)Wk4G<Yv8~a|
z=q{~8V3kKGcJyZ~xQ`T$Veu@qa1U~!N)mg$<bVQ(ZsVeEZ^<)z^dyJs!zT}YI`*Ub
zSLFgB1z#qrOD&>+@C_wlAt@i=ZlToS9#bOYX&La9tnw*C8WOnI6h4Q%2yDK%*Q|#8
zvAy)=s0`Z@o%udSOc46yOYJpm-Ob&Z@?-D)1}oP#K8rBE*OD>88PyPZj>ZObqnP{w
zHb!T@$;~ahz2!6M(r@uMwm0oNw3kU>*t2N@!vT9go>-(PO;jM#5Ka@Ab-x9nK0cF>
zkMjpGIrd&W!o_`g1dhooEQH0#Cd@R62~(18rmjmf<ng~(xJnxOSJQMyQCA}vcCzQ9
zAS?N1<MN-uZ{<_)A>$(nr~nxvfvg6kKooi^nz`b%lt5cWtU(H#6?_0AeD~L5edAnP
zk{A4G`UCvnC0q$Kt$SSuwfH}WPpgd}^VMeRPS&yK!cJ4i6v2NbX)a#a%N`LgnX^<F
zeJA2&-=b-GVf=-~8RgHXa*18Z_V+82uRcln8a+CxuUadJX`g9!tL12YG0hWf=AIML
zha#&&>#^CP@g=gb(^ZiGG3sDKvYiph!!!Jt+4_6QlFuo;BCsHut-oSs!4pU<LW?c5
z{S+18N`Ktq6>fu-zmfAtYk<-m7m+-DDA_*5)i{Z*{~{kgp_4fDS#T^r<sf06)uKK4
zbKvKZUP!sCU^%a{#2WHxTl0Cn>f&s=!q3eed;OP@-<lL%LEaZTtrHh`A|E#Hs>wu8
z5YbD$ur*HR-F>hhSBe^2zlBImJ9!@h`9)T0wI?<W1wy(Pidekr0~R_dsMje{u@^{@
z6nZVm7m7+;w4L>mhfucu4WyC8^1_gh<Kcbs*zobEfj`Ry1{IjpSPLHBpYYh5<2m*d
zQlJjF#;<UDf#$BZA`qrZ32Y_ETe*`)KS~PSS)Aerc{CIk(SXxfDGl30HE_YgQ7<a*
zi>z!f`tQ0!Qg#7**hj*FidPO#4j=pZvyG@_aHl1HdEcvbWIpj#R1VTX0&l(3i!=t{
zJO@w1oe}`r8~Sq+FTBd<ATH7^*-65Sl@k#sfO%$>sIZih8}EDy8EAmG@}Py>VA70|
zqFZbrSxKEluPW)pe;IW2>c<BmNSS&MZ!>W`(C0BYsRxxTeAW_lN)c>A9m)1wGV;JV
zR1&dY(c6cyyL#}P`E#ymXZu*MG@})rde5dVE$)B6K(CP`pRD;A^7B6;|A_kZWmLrJ
zcRY`ePA`LGT*P9+DvHwNBsimZC^>eZ&O|9&XGSR7cKF7L!jAJ`_{yIooogJ|{{9*Y
zu!z+-V+UBJK&->(l5jW7*~avo@te(qB*O9OI_JARCBpq9gj4k+3l1ng1M<PdNXi$n
zU!QMAsJBT79w*<Vya)buvB&BB1RDG(%U3Bu29k9sPyZJ9j>awl=6n-;GXZ<*Ne);q
zG2k2>u$LC!HIUp799vh8(w9jw#Xo!%A-T$eW4Jzs%l^Cr=lIx0YVqWS6#*YWLZMo%
zc;4Rs)ydxTT^fvkvfoRCd%ykCpse5f5Rx}PQUCq>g1@TzeL?IEN{K^{b@GrUeRn4t
zPtM=AzViFsSeNpX^T_Yrz2)~K+Bod6a4!*Pnm}^SOj-cvJINW7_A>LzU-XllY-t%O
zEY0C#hNR<F{Y*hpJtls^kzFKl2&lOIMC`^cq!#F^C_W$En)abd`hCdc#ZPD7e|(~!
z|2=`@KM($%OXF{`PA#u}0*C*g#RGyS^?(RN>`k<Y2u<Dn7TRh~cmw}n@PU{;tX=p<
zA=f98)v|>^?nGOMsFW?Nm^9(>>0)RZ?8Xnz7act-M#dTp+4`)BosiDfVTcu0oge5x
zMam8b3!+X$U4AJRjPGZ`V+ITx*5>~Q>ifu{xe4<A(Uk*S!{gJXz~OFSI;2Dmdcw4I
zN`Z(m>3_50r{_xjE8tI0sed{ANtF5@a#c7={SQcq?U+#tbO~$r%1TtUwUcV<Nche1
z4Tj%b|IHOQmimF?s>8n}{I8^(_S@r=#Lx_(F5fOH%jYkS7)-$LBxWtF?Fm=q!-_c_
zXHfUKcp?1u#B-%YgVzyZ!P7wYS@kjumrWXl%X*w_Yg>v_W0mOoHjAIl)@Kp}U019u
zu!mzY6Yg0JxH)%8A(u^3TnpjfeAsrXipVNqAX`5_2Onmy+GS73?BzXD%aNo)dzZ{S
zji^>$*ug4qK;odZh$;Ud($<vT`a4{2Jv07AXVN}FRCdZjj~LjEM*AW;$sql8(N-tg
zPNRJS<dE3LHnOq*R20tWZaMneCrGL^Ukp72Ncs@kCwLwIBKrh!L?;LjurQZbNvdl;
zaJ?wbOA2I$D%zW*Txnrdc>=$Y{yLzwf{~+8=X!%5ci(lny4l8IftxC<dlw*_X`^62
z;8p%5vDZG5xXwR6j*8Ra6KedopvFH*&olCLl?A#!l2U5^;y-(<`5(-*FFOeEItuVQ
ziATKxpx7P*S$%z;h8Lh-j}$maoFdzJj>Lt}MWM^fHhwJ$yVLsqZsjO9eU#Lj0ALRT
zEPguQS+%^6y8oBU*JBod%tBWE{mh(_`q2Ek8E7Z5AER7=lwRpalF;5P3XLuWT}@K>
z6@VdKda?~7se9L;=lkF%kTv#p9vaOaA%@*SoNH6sqe375DUDhF72L`muIq=BCWq$3
zI{qQ_Yjw)PV`plnmk~Ok_|?8!%6%wvrh)Fb6g)e}nO={kd9n3EAKMdI*)6u5L=PC1
zQ;5ggBfgt9KS|CHpzg5@d$}*k{Dk*z8T9TUG(X{{cDq+KeLGMIqAv;A5S48Sw*EL-
zmIBm3dgNyXNkiq-P&R}O+-BemtIW^ikPRHp^;uKr^<HQkujIVSO$%Kl4AzN`(|*{C
z&H%ycW*c@Hv*;_Vtc9?$1OO$P0Q_68VxR`?1s=oGmofWYQ3IFiao&T-AIFZ+7$STO
z`odc|6gAahTZm|_uwTT`3LQtZomGxErbl!sj>!ET#*@hXzaGzPxtsyW7?1Cg)cuOk
zjEA~t@39~4Jq+<&*Z~oX(N+TI87+Bn-qD2+bRPF3s^37fA8hsy;~wUeE`8Bdu7lUM
z8Zwb+L=y>WfmaDdsMdvOpbxb!tjZTdWq@y8f^QD_Zx@<pLvE2!nd~F#ApcJn%Awl`
zW@I0MwKa<^$DLKzLxmMJ*)<MN+DBy61RGHPqxlFQZXeN;$AZu0aPWSceZ)_6`v{^z
zWFIjz%RYkAb^8cgANvT@3F5RTK0xG0MnGkflhMWv=0N07_PjkHNk2XXfT2yo&5508
zFX;eAk<25G(8}pT1Bqr2FH80VZ7@P^vCzul<(iLCRrzXN*3Yzg(L@4f>Tr6dcE`P2
zlN|uU0W=KVW_HaEO{tbc;~&R;sdrnvBE3auVKu=YwW`q!8(~+8FzRI=(MT2$IKE*w
zOG?zsUfUzXZrl?0jyW!)vljgN430k4rfwf0G5054zy&e{sV$X4GX>-WTvemJXdb~4
z0Xs4u(to(H$}9%zdi<fcQgA&2#5HXm(Te5~+<b-)sDoS45SDzOThaJe$YT!5XdZC}
zlfTJ4LdwJuZXS`wjQ-3chU?}L$j5N=2!oW6`m>HWuYLgDvY5ZgKH?1eqPEnzt;H$R
z2$N>{D>scWWt&Ef(M==v{U&J|F(zdiF&9lE>O47DF6IUjS>_QRJ(*=5kqa4(WFBEc
z^N4~B^N6kU@_WaZ11ZgvVINU+8@G=zp?w5uZWNPY#2M1C*d%D(lln7{F!eQ$Xjz<Z
zi2pvrJi?@Hx|N$pm{R5u=I>x0vHhiQHjgm(XC7hd-#kLhHjlVGbRP4FL7{Imk9bfw
zk0?OvhF{&1Z;0L5uX#j)_V6uP<`I_+NSQ~Nw4S@TdBiWjKUmk-$&BX&OUBX8Do+vH
zP%GNLWR>J}8fBf+qOB8_Q6W-25>~`Or)l}cz~2oP9UW}_3%K`%j7&sN$WIzM<DqmZ
z?KWVCn*zsjeWR#7H><|zktTOlp}Wd}r^Sh|nAqh%MjK*R_o@f&&6)VZs;3Nr{6@38
z$~eSXHO0)TA02`<xXpsQ$~{DIRy}GKFfoS`b1*Rn6LT;zmlAU^F&7ha#n6-?Vjyay
z=**6G|8GU*O9WJHJQtk+Cxa8Dh1$)B67=61Q8+98vsHhQlv>I5zU<h?LZ}5Fzrx<^
zYX4GcLQB_RgYV7seMCCr|8l4Sm2{#SXz;+}{{avMIqGaN0&;u-LO<}efc{*@j}{$g
zSU?ldmI4Hf9%8b9huY<_AIOAH8LPf})C^WV{^A)`<42WMU45~XsFfX`_>aoMK^#*L
za@U31Q9aDZ#23W&PTa$X#)jY}U32?s+82!EH@{xAHHjGhF4^TLz2uU6d;#7Cu*!wx
z<FMUp`vk`L_?<8o<BGd6tQH0fK}QCGqq(f|XE@CEgC2VV_xG8sTAq@C-+4DCW>(FE
z$13?ojMOeWdi+N)FrTdl<An&_z(OGcth|#%X!O58u?+x1Vq&}K*t6<6crJivN!cyg
zKp3u*9J^Ol0MJ$pniU#0T6T1?bq`P!g-$aIoW<?7IX0R2_uYEss~!?<JM9gb_bJe`
zqJ#%}IXK~|l8X|qs(FJGl-fh7J(${qsXdf>j#AHI>N!k3N2%SE+Ks8*nA$A{BHf~6
zC*oH`F5HKg=d5xM-cP<DwF92%n8JbwAT3sT4i7*MddJks!Wo$T>j6d0Xg2>eGtX>g
zX2#6(82lZ{*pS;=*^tpd=HY!v5rd4yQXqQBzuW8hk_A7++6GX3nR2r@W;<$<j5#Uc
zbbLnZZ#odxD_YB#S-!k=IvXP6^APvttx{lHtJiVV|B2{mVwE#VP%QE-mXr^nrjb-r
zn`GNf9-RLrwSO!sJESe$`f8BJ>=4^Orut{9^RDflp~~aBXDTv0Df7m4OX$JWal-#8
z)SX^JEZBgZ{Rle?M8dW^_P^vp{?-Jmejp**x_rYRkz#GMqw}TPSK}pKyR+)r*bmT!
zQuVcXvF#fnhH#$)*$GuMquO<pt%GvjUyz8|x(OqSSLAu@;rMI`wR{d8vWInkj+u=G
z0E_}NGY`vW<^}m?He^@<8?pdWh8Xh!LiuJ4g(^A1{ubF0VU_QnMc7z;QzWH93LNg3
z1tbvgk8yfBM;%r$M;)0zM;Tc#M;Vqc1;Qq;BjP_MJ7BU;bis(9fC^+GDha^pgkyWM
z)NOTrQBpJ&)oB=UOLDZ!Y<dsHu<X*V{uS;{H+pUGLAcA@N1u?S!RHN`fqq+X>Xbx$
z5Z(7HS6lI%Z<#Bw#$@m>)qee>Tv*iG)RL$!e=r_`2t8h%(Oz<!(GJ6Bk%XCMQ2@eF
z=L$@*8vJj^-=OijRHGHX4-9k|eSdZ-GfnYNBz2m0?*=paK>N8XIuoPY7~%~nPw(0B
zZvzekQ}#fX*gx_yJ~TPj2TBYA>8h!)g@gwEcV(9L{yZytS0GkeE1r!Z0Ypok)3QWd
z+d-U5B@QFjN`hO4L-$-x+0A#<Vhu&_=I|O0&f+yJjyf&(-=C@jy^hCcW6pwPTd&Vb
zwe^sm&v$o>;($Q5!O03k85J%`cFH#~>eR#4P}Gq+=f#HjrC4rIvicvSt50^r4>H2Q
ztZo-3b6=6p{cy64=5!kZwK2jF--@LMCQF@`Ql;c%ssD=CW1a!YJUh~Pew+e_51EPI
zky>ps-^=NIzEnOLV`2FdS^iNn_zN%4A|(oR11%QG<v!pcF@byhMnJd-@RJRqG8=fQ
z>1I?)XSapf5O|DEFXp1eDb90g8*)&w4}IYIhB;aF*MzKHvT|Dc3FI3uROR;G#g#fz
zPg5tMrT7R@eZ+(hqo8UNuex1ZXB%wLUc1X^(7*bQXz$`%MwYuFORw{vEdG2xkXzu;
zN0ReByw58pJ#T~=jfKZqbb<ge4PQi2y&J^C2Q4y2OB=<HaIkD~{KB+<nc8CdjC#5i
zlMTL;>U0Z6leoUU5koLglq@_Ta<#dmsA%%8ftx3qNt<6*jv-fAM3KU@rv{?Gz+t_M
zKbcXy;v0&W4@7=!`X~|vK$;nJ-CA7`7?|RB>|u4bSzOeBA=6~X=~dTB>ixSq*wzkh
zIcm@cHQ$)?Reu^X#4w(k{R9CJl}<~!YBkK&#JC&i_W%k5$l>c~#W-Ki0ry)+W@YtV
zlI3sXdTs9lBTgTXJ%6iii#^X;B1Vqn0w#}L9!=2X<kBb9OU%>$8%m&}*S7hY41Cha
z_<8OTP%FP;aBqD!yoM%qnq)jpknYgR<z^~^dIplvhVG3>rPUO_dMk$m?0Xjue0;1y
z`=W^ZNG}v9wpxy?oRA$~vr0yHjbDnkI9hUCX5g1dKYM=&H<LR^tmb=on22F*6X<jE
z_j*-mKp=(g6fkCI;P1p!V~CzVJeCT9H!B$=^A|)w056ik=7v!Syy2-JnI=6nQi4|E
zK5fS!9$)SzBoXu3XpDcyDz8ZJn01-efJ{340`5l<q%0oHGJzK^uuY7{@DRYJ+V-bw
zUZK~FVWDB-hw;!rcw2g0ivl9Xb4YM5$x_#J>h>xWK*TJnYs`J|VVYKdJK{sa3s}{P
zVI9<4Ogb_QUq;B_Vng!rL!h=4)o%yTE*twf6w~+H^nOhe(>*zcRG_fXOo5EsKwt*Q
zF=O47cDC-1WIcl$F%E-KY(Csx59R?O%dLPUD+@kO{yR{>ghg4oj837-Nl_UpLrqIo
z(dlGQ)gdA1EM0T67@BbKk+BByFq0uKb%Mxry-VqERUA6xs^|#&uX9!$8|^eb0_*V%
ztK39B!_cANqgd|%tQQ0|sPXaIiq0FB502f-8(>c!GH^q(bbrS|e=BAe6)Whojyg1s
z1u;ejCZ_xTy3n`pp@$ls6|kv~&aUwzSS8AI6V(=r8?faofhoqB!ruOvY7%ouyBjrY
z(lDJX^zPl$Mhu4owdnx8M#u!{XkL||S4EwQKT6F_z_5WZ0&23IMqQSi#hi4DANPUB
zD7{6a-s0Pa%oblW^ldTL0QjtLDXcmIMD*f^aUG5~O<C#BuXv=$;Qy(!vTgN6bav>h
zS}_>Kay>4bJzT4_TEkN+{69#x;+yTPI65r@*pu)Uag4JfvBZB#-Sk1Q>d*MDfbTi_
z_tgUO!B@dt<oHKGw)_1TK(<`S=HG`Q?s!Yk@F2|MV$X){=v81Pt6T|Cg59<qIy)E|
zVO95HLPcT`doJv%Xcb&0Sgx~lP{v#o<k3LuV``2eD{vCVG}hM%%>4DvDxb9gS_9;c
zkk8Ma(ltv_-3~Q@-PQs*H0bNqV-3mkgM%PVjvVM#K6X}oe#lvIF6^J>s`zxY+jM)8
z=-A6Du@3YBB__g>QsY+YU=@@;UPrCDVKxhR(hbYU#*i$#lvaAXFy<y2J5SGr-FS2%
zNfp4a?81pJ&~=;lYnRcvFYmV1e}yYB&A@_NsC*~dEkp~D^vQInr0oTUKQ@X!9&uH`
z##rovz8E2Ed;*le(tmBmELc9+_mzaC=<&gapeZHLs6uG9pg8bmFJX%+4;%4%l?Bmu
zf(p|46PBJtEX2+v&ZQ~{Jq~LxQMhVsdJuS71mn0<;CBVUxYKarPU_HgB1r$0F(UP+
zp+7l#f0hYUpG(b$9=VhoQ(ZE}2Sm$sKIt?dNu3y)>RL4x=fOA$Fnd77!$klg4E*DP
z4d?r$G3Bl*8>|Y6up%fqcwCej4=OzmfUTbc;=7eFVg7B&;rhHl;ijd4g@;N|wf|CA
zMduR#$hxvYg6KHtD@pYpGKd0djg`Q3=lF+1zWe=V$d?QG{Cn-;7)G*!J`KX}fcQ0b
zK<iFG{6&xs@_odEgMl_!6>fL%jbr{9!2B8(9EX?>(-FH2H@y@+-dYd{H;U?DlB@4W
zaFc70d{$jp#oQqmqGB6chnN^LR)mbMjO<g-n|*A5*$1CD`&Wj3vZK$k{<FW=U-nJs
z&Hl^&vadZ)_T~5W%Idql-)!#Q*{<t1+xL2BE8-5phEulMr$aN}4Rl=3HmoCBJm|TV
z8N%dd1Bgnsn~~+M-CRt+hGO~^=of@F_%+jW1^$|O9w+@8@i&K3OgtTuYBwACa}NEQ
zc)AIGotRFf^h%(q{lt4O=R%RZ=yKp&OyqyBLyTy}z7g<jZx-9zam}i^vs7aTT1i^s
zOWgROz1@|W?z>r5OFfepoBURLbL>)~m%gsjiX~)6m;Xwa<161sUUecK2YgRjw9<rY
zP;Yauh#5u7>D&FTnfT2e+QA<gF=VsI&k9_s2dL)^kk`;EZh8qhC{<UOfT03TEv6lM
zw$Sj3;JaEx_rjm>uxuLNB4_gf)>C7b>jOMZ0~`ng>BNCtCaTa_KEBFIX?z|Z?P*tL
zCjS93gkDRgn<1yHtRSoU%SnP;<TTOIXBQoP7SL$oMjE{`z6q;P#&@F9^*;csT6+nM
zXsQGP-*3u|#OW`-Bzaz*nlA2lUL>s+;;@x}VKotL3Jacw_c@`fzt*Kz?azx5Y*7sD
z*M>JP8}CK^-4!U=a+w_uZC)e{oo&YL*_z>B89I<Jsm47r3<j?QVLxg_uJ$LQdZV~#
z1`bj#JVS#VYHya>+b}bNW?S66_-Q<sPNn<<Ed-Q&QL#%((H=2yqrtavcE}iw|F;}^
zq!fBn%A3sYS#UAg!%YUU9N6Iw5RW#@MFx5W%;Dq|%xbko&qXOXdBZI*T9mex=_T3+
z|A`Q+)vWV4Bu8F6n4*1Fo~}=1`!gyhDBPjD^hZT_Jdcmkxz`zOeC1GsoQqAuKXt74
zD%``!pCjq!J5Koqx+)$!WZ==Iyp!*@7W+zEbskiY^qZuphsV!$MLi=8g^)h#0x96O
zT8d-GX^v10Sxg`GJ8D@aUH(VT=81u`0v*FN!t`8?h%H89H;7w!-bAj*JTXz&E3&c}
z>hTs!D1Dt0BggWzjrWkC0aG6@f^KNB$8i6%C&b97d9FI+Xy}`7G<42AI@vq-XzHGO
z^r#DDpan22n~Y%SNbM(P_+K=$A+yaWvIfG%{DeUBe~u4`7<t+;uhD?|ja;Q$jC`Ia
z3+E)%zwQ%)4fbirvm*@JSeU%N{-q>bvtQzffFy~^PVKdILk-^CRVJ?j|I{mJ8Yu4c
z>;mLC7%^EiC434l$0-nS3UpIJ$RjBp=$Q8+eFBinpqcD<7C!oan}v%qX2G^7H4C{J
zz!wPkncZ@ahJMMTFVZ1@Er)#edCzx(|BvKvguf*l{#%{_`2X=29RB6n?c;K2h5ToS
z!7x8IvLiEG<>IH6sW*Q-(U6YktxP@hPUgF_YH9=%()1$_-&;lY_o<sGXZCp1yqw<k
zeKZkE1t2pL)4{N7UO~F<^}d|Mp}ys7Aiq+eOn8fzo1IbaRBpPQe%@ZL7ASd7@vOxe
zS+}LKHqNK$o{LT(fq?plzLVX*oOh`3r*EeVZ^-?I{x!eN`?vjVD)-lna&ynqzu)q#
z6&YErz57@D1@#ZIEqyx!-kHm%n2vs4rp=+}U1SopmlhH^#J#2Lw{&*nn}9n*h|Y~*
zd(dW&&&QJ-IkeCs1rmaPtcz9WyQ+*<Y3(^Wvb~1<lS<KT_$C21#V?_t+GrT94O%nQ
zpl4*kP9kk%<qenBy)_ZTkN6%Oi$OH}kBZ9oat};2Q2g^00T)9PZhc^^L65<VCvv}C
zup<Gfx9F*6I(^p^O4S23o3+18&)5A%{mz+>r|wJc-$>h5XhJC!l&zL`0eXhFo`9c3
zBcyw>o0-I$c`>`0OS7Aqo@&O?yP1ZcWHs|NH3O8Mb}+B<m|=RId#c3{YsIT39y|3t
zk&Xnl&;^4H@yp^l@iF*;s^342H)PQor||%*OE8l`&tTEE=*c%-z_&6<|LcOk{QgE(
zr@p>#BKo)S-H4|?Jz_L!`p4f$cm6(0LqZl>#Vt#(nG`o2|Kuff?`>~X_KQLzJ=RE$
zJ-{LIlP0_VH--NgAGddvmT#?6R4yF5kLKIdE55uK&C7!?_#d60vFg0Fn<pBqLM`Wa
zfSx?GnO4K{&FR&E5$jV6F6%xg>ov(Q5p%m+LTUJ{^iHamYrBw%UVdZddezm}6WVk<
z;|~K#m)bu=7bo^w-E;vx9H2(;+8$J$TeXvn_8A=<wrPW?RQx7LG%mNe)QhI8?(4f<
zk)ye;in>E?3?*_XUWy#=4Jg?*#b9*}W7Ao+`+5wR7df0Owj9CiJS%)<$fXuGW_Bb)
zOMu_L^?%=yx_L_u^oMfjvU%qwfLL_R*Y^R+{xb=QzT*cT^$0pzK8KEGgbuO&bKs37
zdsH_+Ku{n}UVD~cu$_+{1p4gVJvPqJ+aE8+1nr)HqR?{aLhPjhncEA{vs;L%?HaQD
zD(E#CbO!!R#qwU{#U^9VaVCkIzZ1&GAAkad%g3Mq7KscLH>W08s1=2M;&ls#cL2!Z
z^B|jX`335Ys(W~M<VbEs%^{@;=i@4LA2$s(C!1odddgs!jo}F~v7Kh)804gEta>m_
zMF(#4S*V_zlsn+(lRIKR?a7e8fkC&dS`NQOY{N@A^loGu{wG&wy3gd2h^|BerwchR
ze~eOY6PAW=y5=_@2#xj#r01~8T|7M}D?OK0zRA;b)9JB4LDDTt>+oHbukT*kgin#<
zLzXreDqb00*tE3a7ZWyIqRzX%!@aZyzqumXkfqJ|(Op=xv>Cs;0dK!>L-AG*FYkg1
zJiG=^VUvf~;f6}S@+{rYGsGc7GtaQ!!>jQu-JAXv=HK?h6MnOwjzk89ij=jHd+wWe
z)NOCbe6`m^Y6gXdJ+roke{6<Vcc|zY7ys-M!mdbo5c$(t8^#ngbVvodBduc$V`o$g
z-0E${rL6>llS6nP3R`&()Kw<;(u2tkE^XrwIJmTp#wP4^t8<GyOZTNmpbvjvYWR1X
z?U6`iaA>5mwibKg5gM^yuBG+VVBO%*`0BNF{7aL|zRv|?blVTIo$ipa+9T|n2?I_J
zi8Tl?r_o`6c`WG06P`%qLf6s=)uat^Ep4K{*QDlbVC3k9p<&fHXJ?Y*Bls7d5$d5A
z0GvFmITB_<qu!&~1ptELzr0sipYfIB4x%rTBm~(^Bg{SPR*M*-$v2^Z%YGUMl`#;{
z(#CXdea;*8IrrG>d(E4B>2{twmO{bpkj67duxjW*_w>+sg~M@aCynD&5}P}DH?ooG
zJo9bOgbHsr)okH*-YCu|<WVS3><_SnLq*l<MZy_3QF5Wa>15!jQ8iv42p9GNJ4br^
zcEsJHXY_gH-~ed2mbPNH_;7o83o0cn-JM*Rgn5O#m+tOcJXKmBN@G7mQ6iBTAmY-<
zecR(fd>I5U4HN$Mj~a|yVz$@UX6S>p0^KNH^&@ffT<6o*PX6)X7o|XlnQa(H7k(Wk
zw(ejqYJe3v#oU5f>b!yuB(;&cOGLKuv?$bxk?<9`ucH%UdmSa((ZAKT$u~NLfVWmU
z&ra`0P`Q(Bz{{F+(_W<xTawj_WVW#pTRSvIl?ybeXr@_I??$amiyRu+Hb-?Abj(tH
z*SBIDUZKVd`+219LK$eW5|srCQv=VD+Dm1O5;^jKEPN^1o9BkcU*Hw?ONknZ!aFoc
zY`YkV4wr>pb3#QEr9{LlG(mcU#2O@_!z<LoOGIMzGSr7d6n5j7Q)A+39kGq5WvxUA
zOj}o+d4B7I)z7>RAFmhH+f3A1tY?<`D8nKha;Rvy1gja%Od>Vo&{RjLks{$sz1Z^(
z$=-<BW#GM_ndBRAAMhsIsUx-0JE>;gPHsLjfDhW*J4f{uw9W#+)g$y8=Y))QZ)l`l
zhLxjv?JZE-0a<C5?fa!j9IB@Tukx`JIdQGm{xQ78Wp%;zVM+LMR%oO}7UBTMt7M@;
z7WSc%Q6w@<6aY~BBw-(BJmiIq75)OaK9xgLEMDOgDH6TPE1UsP^NAS-;Pwg!CAM)J
zppjSTLGm0p8pf0GRuF<S;<3a<0iiudT`&zGch594&S@lk34jI=Vj4N8>yU&-0M~Hw
ztqfS#!0_SE8T7wu|9X~s|FjZOh@pa&&?*ZpFow~{DPcyoaXTQ-G|QaaqG?`XyM#Uc
z)GNF%EBmBKEsX9ojjqlsY@3ton^ugOCwYahB;hNsa9oPiTqQ-e!2p}Y-21H^vhcN}
z9EVE8$a^r*lV0Jd6o@)y$D`I(7Q7NKUhGZcyD1idZQLc<G1A(#m=15Kt4J#box`<b
zh$s3Mkv1oX2Y>^h#IR%b)6o50Ui(f7GU;y^t|4+9ifo4p_8?a274v42Z{+U|-s<5k
znyHQw=rAsyh{&s6gg4J}VNDs}Q8#kxuttD)$J&!`N+YkOF}4EL1o686fpe$;$M8t7
z={Rt(7nQMUUqK>r#3UAOj~vaB3vp%|#VuFZ-~ZKu`j>0rZ724M_gkcX*VJ-;uSNUO
z*+fFz^7nTiY~1$TsCxk)M0+NSMWm*dcVaKSLAz89k)b;><q4EeMD$9&TN{FUZnoBc
ztFDxU(wCo>ltyM@@^u2xPZwMFIvq*Zi>ibUwany4MsWjjs0)j|=-vVlol6|dGS`WY
zIba%qIN+R7+ypcURHvI|yCz>Z+ak3eM$-$W$!p&y**oD&v8dis0wh6J?<ke8n?6Yl
zJ>nGY8WpaE@p<i^$_fYthrISC=$qHxD%tl+7-B36{}Rqsm0oO7wszoUS1Tk9SursF
z5cCNjmoJf_=ibn5r(A6{X8$GV62@LHUpLbPHDU}0yo-&Rp)x4hWnS(`#yf<3kO}f)
zSRud=btVj<UcBx$3-l~ikaR+!9W%;DiNfUrpd7B|j`$>aH!d$!3(DZNJ8nZEwU|{G
zL=KtJq=%yuAW~rs2tV#=36OnI&)*K@3mW^WNwjw$2<$yLW9>)bH`8?C>DX-Rh1v03
z^8Vv5`uS7&U;3Uu!S|bz-<|z`cO}1<_VfJ*AP%2Z^S(Yl(J&S7=lyfVMIfgS`V11(
z``4P(y#1+9GaMhU87Zn$_u{t+n4Z+q@fT{-@ffi-USL0<bsPmDl8bnBK=(Z4RKC_u
zUk=G9<G+QJ^^l?+hIgoOd;C>hGsvjjRl+rcCgvvZ3qVwgRb7>~hY^)MS?}fAEFp*F
zYGa*qm@vQZ`0yO|Ej-Ggkk^_@mDJWbO9VBqE;iBdir~Km<d+7amHmCt8$6**y(+Oo
zxk{bzGQ0<l=4_boU--~tS}`$r0)rQRqRkyk5oy1;!a#nNO{lNKkNoj~lE%FR%4o-K
zizecm;O%yN8~DR$0&1v>ztf*TFH(InOUl1QWxN#y$t?|kzk1$ZYo4B#3fl)0GKBib
zg6I?^)$wkPC;l(;CrfJzjLB}PdB3lph<Ev-lJ_fonkqak7}&Ze_~AuG{X|`^ozT7j
zkAVga|Ie`)f55fb0QpES^R2~bnHbg%y$FyFUGqaIBEdwC#q$a&norwcX#6#JK<5=s
zN`d!G(%N&AiVX%|iKISy4aOMtv-pSH{+slMeD$)r#*|?GR;}RD5r#PIdLPSIp#jW4
zAG!O6R{V#j;@pTg_yOs1_{#v?A4ew|W~oLEC)`c`#4tRZeV^!vvC3x%-<>ABsyP<F
zOpjlYuEw`j3^w{tkVg4oToD8Phjg!da%k#Dq02Bba|a%t9DQO4jC6IW_P@|ONvY#{
zr=mSBD)Y_o!A2TyP77cW`qtA{&PJta)V7^M9UKM&y45sC86S)1Bw(%FbxcR29~|Ro
zba~%n>>G|DSa)mHKft=q#3qu(%G9xtj2A#nx8m*4-gsR$emkqCZmG*SKP7y+rJPmg
z{h@9mc^A6dDxd=vJU&V<1ACjc4z<PcD0Q_(R+bg3d0UPW?%$BYsaJS{Ex8z;KdO)7
zsiS-p-wU4b+4L<(AB7J-X<yC*oNs`)#rSs7t%UP?@D4MTH^z!b;CV@3dc~Cbz#%XC
z9}kj$aCG>#U4*R)XY3*t>=wAP*xJJeRFSFNPXYIaNT_?1M;c4F7Rzdm2Yu)|4PN#3
zV(;W!|0;Ec#WlIi;(tI?%S>MN4#W~)xi@&gH(ONao2AKjnEf}S^C@_;_{A^TgN83%
z?7@MHnXi5^+Y_0ZNC2HHl^n}W{)a_%24UF%NzD-*trBxbB&Ez0{}0)**Y{DDKT&86
zTbe1W^G(>ARaROuzbkdH3(CqJ)F)Z_5`7aM$I8%qpQGMCB3|6fUYdXK72=44Bhi}K
zamF`<j3IslImrBjcJ|?-0y$6n?!)X4%Br*2tD0qX764?3|8BQhZgEe(+2a3!7uJjy
zcT;4IunG!rhUzh1wcPBTe3RL4hbId>S^QTZR0uSM1R6KM#<jMCpffPO#NGh#5Sgc5
z<b)wQV<b&$u)#N;uh#;lCU9gZn$!fg8^x%L+&I^{E}%W?BLBhoCE56Zhf9Zt;z#B`
zjl7K)pz?beXA$6<FDp({{25UxH^rZ%`-GXmcmO*yr&xqhj#F>5Oup6Pzntg-j1lKz
zB=+Vaa`TI0gT1}n0#6p-0DHI=V1@bxH2=vlCZ``i^sB#|Qp-|jj6`>J!80_qJwR4|
z{pmzQ{F;pWXkd(@PBRbXOV6bCqfX}qw<PnZtIgVPt*FE4|5Vq5Iz*-zlMTMN>?h)*
z`2MK9-wrjsr{~z3%<;UMcj>3eecRzyFDr&OHE(b#&E;}@u_g+e`9S<IVbG_vnN#R<
z-(T(jA9e2n-BgtY4Ckgv8=&Q;P#|D|B0*ao+8~7nC^R%}Z{UVjih!cxOdSN@LPBA9
zw4F4<ooj^gF^;d9QE|o@=YgUi>Oe!GEuc_95kYwf!i}*|aO?wU^X<LQO`5bgGwWOb
zzy9^J7R`O^dmj7j_c>>uMrGVdjVAaPl!X(AYBW&5$#1ZLPrp$MaP7c%L*N}0#IL9Q
za_<P9m1!DWg_ojn^$RaMk6D%kYG%V6QZwJqz(Z2?@*Mn0dJlfs>;q<+1YP5LPODMP
zf<&b-jhO{QuO@X}KVCw4afZZFn*yb2D4@Ba>v(mSHwkYIbn}$fagTvf8CN4GDW}J4
zLjGVvXpg6jTZ881TgmQ}w+!wJXmES>8W^>n3Lb_oJ#g=EjpdMKPvGIgx=^?BWA5Kd
zb@ykLaYCgZ7s{|Y&m(FI!{wN<9M%455Twh1sJMF(ZCPgc@q)LX-vp)PTdD)SG%@?%
zWB0q-rQHtc6AGlW9Bm1LH{PWO2R4`|1w5xYxPtzv$u#yrtJ;NOen&5-!4c;)f?Rv2
zw|fw!4EmUa%E?fP(YBStb;Wp0k+Q#qW9z4PYa+QX?q&y5P>Oa&01}=v0e5V5L|yf|
z&1~igjkZujkmoIk5p>f|rD2HrU@M(efd`anr0+a?wb%mt=a_ahhZf)A>=7C|&=gEB
zmMnNyf$in)p*B#evxB)5yL%KsgMskJ(&x&o0+s?U9m|>kY=aeX!9OZ54*?NsVN1~L
zG5np|IUymngytA?-v>mvcv|P48=-IqP>KO8m6dlRVUG~;hqs?n-e^`)^;bfb*^I{@
zF?1nrOkqr=b*8qD#*{m`3zopJXizbg37E<TadVcf{#KUdv%aMvi_S+clAeEv{H3f!
zqv3r{pc6@W?-aJo(gyv(QN5M+|6L8ak}Zva8{tNg2LnDt+Q*pn`7C1Hkpi)9MhUU5
zwIs~CQ{strw{6gBBJwWufbpm1ccjnNH9&wdqiYD@Z0LNT|2+<CJpa7kH_oYJG^e!U
zbd_9?CU};oX<R)kmZxa=syLkI@s0WZF0@ud!JgrKKA}2M9zM;d`xfs!O=<RFr`}5E
zy|+{Hf_Tw;pNVBywl(jv^Hq&-MT`*31t*2!LYnA3%~y@$2sD@X{sE2PJ(zZuf6mV#
z)HZS0Y51{=(kZegdGAV&ZOW)TuOYnRQhh0)Ou)kvaO@A@LU;dJz0Gqr&1t=b9kR>k
zpLX=v74c8wB!A^;T;&BuDwM8chU)o15=ZM7x;M5Ro6$=!2yucj(v&JJffj_v$|Fl>
zt6ob`TZLIzBR%saI<aiK^v$rnf^WJGWStohzzMwlAT$|N`$3_{PPLxCu3yr?)a4SV
z2iL?R=wpT;Tewy3dmWW$5i^cTq;crb1{f?+0-)2|Q6xqH6^FdWK-2#}AQ8<a;#4&1
zzPe`R*=cnlhrBEe$zuf=AD&N9lyxH#v<GFq>8r5Tdkhp=|F2My=_1co=3B4v>vvJ=
z+nn~}s0~BMqg>l0Wl>Wo1auX6qa9EG4k@OifZE@}ja@p`((qOfzRHYCrlnJ!Q)W+V
z8t;7;H)c}i8_@qymeM?cbSPfSdg*vrhkD`tN_>9=-cvJj@Jrk;)~zeKj1Y~Wt72Cm
zS*l@J_~)yA<MQ<kL0u*>DaWKQ%Tz?n`-q*G_s_+|yvE`%^A0u;^Im%jeY~vTOajhj
zz=IgDIRgA;0s$Xjz}p#cUk2P*M8GK#U;``pbq4$!2Ap^Y0e@5!hI$(_drGGPa0LTg
z!~lQJ0H28f{v!fd%mAk{z~}M^a6hYlLInO}*4E(+xDNw<fC0b8fO|%OhqJae%Mt5C
zr|cQP#L#P(lQbKcy<m*C7tkuiM5W2dUaEl@WuL$YJ={0M7#K;G=FOZk3}p}4D71yi
za$HGP?|*84T;=yBJz14q!vfNe7#N6n{a1yI8d)Da$^rskM@I>c9PJDpfV^E#D-%*F
zN9QQvgRtuzYro7eik3@))$d9Y$ZI<84qA?b_KB0T)*e+I!Zk<9A>=);W5G~b&x)1l
zK(r`-z$!?jl_A?vtI_@^r5XBOTV=*Y+nR-SRpw&2NXx~=w>D|_ztGpF?eA#+l<pRM
zlXXI69m3c?uEvAXGj>gv#cM{~>E!E|Q-XVVl)lZp##_BS8IQ;PWLZycw<A>Nw6?pq
z+hs5z9sct=!Izf-Z3Cq|;p;3-k!-)&Ao}`!yPDko2GRElH3Mkm!VIF3UAIHQp$~Uq
zvP9{UrP@|vo27guY009+PWH%?bvJuXX~{%#n}elb3iwY!JxNEt%F;CJ3|bctw!8@q
zop?cBnHFl0^(9}BQ~hXUOs261_k_Ldv0tc2&G>?O*$;(7PG1=ZYJ|#NNCmN>gU}I>
zA!|_U14nI%j4AI;?*MT!lLZovA<&%w6nq};KEb=yXape~f&@w!+`IUuw19l}-vrlQ
z$6ii#kEE^Z%n}AWc4yd*9pJhFT&qO%@KQs5T$XSgIU|8_#wM<21M<VRtLQECpz#g)
zT^VmBx?8VPmix?RZadO~(t`FGaE9ghcCum4tM}yZB@k;}N|g3`zA<@D#|zfIOPM`?
z`irnVZ)pzvY;ql2Zx(BhqjT90^r<^l$YEzR!G~XJ&^E`^AoTrl{C*hwzStqP`E>0O
z<D&kpbhmb1jYDd(OZBJ>TqErmz(7UdJ`cq7nuCbx<>F}h1@!vtT9QY<Vz1j{<RJP#
z@cMe|Nn0ol?ZR}*I7gct>k7$Q#7&=Bw|oxHX7A|!g?2mSL^GaA)1O6BIE<u#VV`2=
ztJZ2zJ+^%oR)sU{@|c#-P)B_mc~)YxHkNM#)%Xp*$U6HOsYZ%)y89^30D7Onmpk{b
zHY#lmU<pWQSBH$K_Qq_aBA*Et>H0gqJ7YxGv5{YY7ZSrC9O$>Bz5^qQR`4vRRR2<~
z;Q8j7tA`+urN!Gv1S!5QHx=cE=d{+*t0>KZr-PxYcFJXGq&0!tjH0y_7c{Ry%{dQW
zN^8;_bp_;VFSOMa7&(np-=LT|+q!~2&3+y4{i6nD>*ulV$ujBFP=ge3NV^;duQ{y?
zGezmU)hnb=l{eqT(Q}zoXgfTvUi$%_pfR<X$&kMm(zwpSaitjQdvUl`sv3s&MXwfY
zPACbbhQ%q3cSv*6ZM6k`aqmw6kHF(CxM#|LHVy2;&Wcy9MWJ)RCKs6G5|g!I&9I7<
zeKl;G5!Coi5iU-g;O^zX%mjQD?Xs0`!^0?Unp9v~r9xA3dvLf3nvX!|)4K8TqI4Tb
z{B(yjGo9Zuqpxk<%)S*Xjo2{0>OD$JbjiAt_x?r8q7)8!P8tjiE(Nn@^4@2(Y5-QA
zWgyG)7&Z+Pq#PvC@wgEoCoKVy@Bo26ZekBiymt;fP=hW#!$B8#$>J{FY<L^^9W!r&
z(fd&aX$i>2mPv&se*NF*zD<w^2r@qX0>hu*3e1vpfw$4HaDxNt!z}>I4Y(xRDb-_e
z`n%u<vfZ3$lL}0V9N;vU`8)L`w+`1_7WmQC4sMrIT9_FgF`!Qrmid^;8N1!UdtWB2
zf2kobnHESQ5}ooCcA%N^P-7^ByNH*P8d+lq(3VWOuONNtkot>~MewY^0q_!rZU=Nu
zB*S*n6nCE0W^zv<WXj77C{6Fh9^EO(zcdPy))?J4!j%cGOl}jPO$+~ftEf9zc?A*Y
z8ViImG@nS(HIYo7Z$&bBMmWO)Cm2TpC(Z*DZN2Q?FIc~HEv#5!)ZpN{?i1uE(r~B5
zq>1j?*q$P4i~LIit^fKL4KSGLIGrfU1x9gFq0v1Gu1s)cau0(x#lwGIZP%sB4vG}^
z2;io9tid7ohAvYr(B<MuP{j-k(F*b$3f5V%-{X*WkZ|0$BGDklxJPuQ78arH4YUhm
z|7FksW8=CESHSM6EG5T2w(>A0@NVtkz01j2d%_TSjQP2Zd4#cPR>GK(VJt%oW6ao-
zFm|w#BzQFg?#F=BD6EzAfjtcTIz#Wq%7{g2RLYW=MOmbDi)WF!=;CT{9ig%yjyAw%
z&;&)&BsW<qd!SB{)!C~sT+8Mj$i7FRqDfFuw7+*~8v+CljqAEUp_sOb0Ht}>U?89s
z$<nh1tTyi;Ei)rQOwuk)`DSpm-=2YHmPoFKr`}-qp5m+eaZK;zY}pTb=O!#)nRJHY
zk@9e);;tW@RUL0vI{MV^dF1+aI?(RIz<K7e#`vq>Y{TH5a;cSeyYp3P<ZYd1UNWAG
z2VQcg<NE_CHS_+k0<(kTb>n{2K*q>3k%E?YPz*Mw2fobewZGHn<EyeLje>H^UO-(Y
zQAbFz^du+l$fsD=u1~|->^*$fucsOa<xrdbRh<>HsqsjR&c^y=@Ar-l6d<Z1-Rv3e
zW;M~Qzbk#jNjodQVLhi1I{D#XYINO~l6A9<h-B4xBFs6{h%jG?5av@oh%kGV6BS>{
zCEy|k+(hnCQd|Uh2?IW{hJZh1z&A4BIP&|F21bBg4EP-e{6_}-V-^7)un};-2=EIG
zxN1$5$2GSn<Bwavy)J(k!u&B+6U`qtEQ#>PXjbR;yhv0z!XG!RiQx~n-r~A5t*S$X
zJD4+SW&KP0$WH%7#Bi6`gV|to7raf=l1(VEZWOkK9VxOmi;aTi7#OAKKe4&Vprx8k
z3l{EEP5mkRI;RC`{RY_KBjK6y7b_X{=l&Wg-~Gp6HM~vS$EF28oJiAx;qNxwQBq7N
zM^k<f<@cv)j*m@tf4P_1J3i8ZdiG#M*z@>cuiBh{?q$sx=xub3h?>XWi?eyqqTr`+
z_iMbHG?Dy-<Kd{oJ%I_jf!*WLY<`4=`$%AT;p3nl@DtiC$i2`!?H6U9B1Q965;5}p
zy<w(x0`uLu7n!dx^6U<r#`p-B*p4r<3iftRW4HicK%l=<lz*Ne>oj_OI572{wah*Z
zDGTC>qjgm1<vn4Jew)_M$EzGo_UWrQq2@Vt%{2o|(inP_E(`K_(c0|N3)Wh96I{77
z9P)TU8f$45tzbdqUlwsj%wF3?DB!9Puwm(3&t9>UB;k3Fq6EeVH-D3)x!!sKftCue
z{blhKb=DUkdu1KTr>Jw2D1*M#XRpKED>*61dQwNI!PdN6i;06ml)zMZ@nR^X=uWBO
zY1#x$q3N)h&!YL#-R#)tbUctd^M8&_vnam0@BgH7{FXX88ZceXO|>*){;?Z^(_;CX
zy~H!OMu3D=UhYA2VCU6feMtFhI|$6WU8tFI-{*q+b1S~(*iqILE}I_?MncD@uBDFO
zmD{c3IBTN(@d9!O#uHU7sr+qBU5MiO(NhP?IvBTrLf&!Kp-CiJZnls#tDQ>H?8MZt
zoGD_a!Il-;==_i%Vq~6<EF3|3Y={T4D(ip;ZtNo8l&i;)W`QXP9=E_EcO-Y=4wqZj
z+v=hw_;RM!ArX(Mi<;oOSiS`~V<f)F8eP|^-dryM7nIZh3H}Z}u{-0C3vxPYv4HPu
zqbB%TlpOS0tQYz9i`fL9$^~FxX9BsqQrIN3P1<h*!GWhi^a|dBj+wL{i5k5zdAUhh
z+k%Q#zsXC(acBzefH)Cqz-=T0@LU1p*QlidhDMx(=v-A0Rtvd0#tx>FNt)}-Cy4S?
zIuZMtrW415p*z7L(fED&7_(0%5o`k)Bz1t`eCe9ab5<)#txY2T&TvHVsol{CKCv6|
z^U3ZQ1iudm-h(f)_U(>B@QZ-p%YH!c3y4HCt)PHcsQ`I*41&MnR0J;~1Uo$Eueq#F
zc|s)Lw0w(0MI*+&bDBdTr?tZ=U2ubAqrbO`F#2>(1fyrW#fK5WNf87`ERZ*Xp-=>~
z=d=v7+rLiIbc<gi<+=)K>+?>*b2(8u;yGvXd=oENk1QQP&%U8ROR~F%P=}!&4X(t$
zDo6(`&B}KpQ9qsReBsMlpG_=ub_}u5naRXLmnMf<=v~G_OP65)L?hG{lG6^dEt$r(
z&?rcAK^#q}QRhcn!I3kC(!%p6o$#kAM1}BWCb;cGpC@#Q&+=OmV$M@QPq7arR>PHn
z!lVMDx+<Ur!@TeeoR0#NE6zeo1QMcLu9zhPQTlIAI3?e<mCx?{g{2xaFORcb{VLH&
zfx*FETlOf=9Op2A;JqCvLV5lGr}4CESLFyFtm~`MT%oq>=hlqJHCwZ5*qW_6{Vcf3
zeMO`B010YsT+SiG8+yJ<3nc`4a<slHO@&o%+fIv3q|cQXzW{k}-i{^e%$O!bpzV*+
zcS_MN6q^P#Q=~*QE+2D9=eFya1*`bgx5e-_>9d`*Bl1)Dk@_9Ln>wAD8U<fzdgN#<
z&6QU;_|4^?t+gCNVfKfey!}YkA<z^KK7YS_yFu#rTl`S&0p(Ri6@i~(uX6ck)K7nh
zpJK`QxatsmUn>g+DQOOUkEpT3RWugdNr+l9f_fa|)I|vQ-cwWTnX18n9nj&)iA0BY
zk0Lr$$URQtCWYy+TtjpiT*|f+_kEZ4t9IR=w~32+((V0!yC*yL1z^8A51yky81#th
zRjmgj(!e!Q{3z>x<7Ywq<mkx$D)k`=KY8#k{NpJO55Bc$9_bwYEI*2=*?!f=o8c!L
zZ%HD^kEw92Jf2CxVE2?A3!pj5wyP#G$SZ3?SY+iH4YAWn1&=BC4~?zOOVQNj(R4OT
z3s;+G)bPo;(uJi*sLLbsr#7#zW?@}kGE!+?He+2+Zlu(oEFYlesZU@Gb2LnFd5>^x
z!3Xr_iE8W(85)D{sU|$|-hX4zrX6)SjAh{_9LowO-*5uDJezGi|7Dv=qXeKVSwE_p
zjAJ2!;X&-d1Q5FkSgNEVc5vGcMC{caDq=71=tS(f9cVG%S{I^*9mTsZz{CiCgst%Z
zvp%$e#((V*GQM2E2){!V%&$>WsHy5*lsqX`?ur1*75Mtj8s$7qUaEJo@{Rm}Cf>gu
z5h}lc$mF-IMNE1Rxso#uhWwtkoK*%h$5$a_jo_)v4Ls19ufMJ^7k@hU!{ht&T;x3(
zH{c;DyFTZLT%cih%QSjm!Fd`q5{+MY>|`2Y1d3}4X>dh2Dm4Q|#ANnr55DT5e$YAk
zVFyRKdX4l}@TIVQMe;R`t#2V|=D8AbWmCRxOx6Fe@?soYSz)B?f*@nibhI27eeh_<
zUJ`E2A4<qff#401*InM^TdMOddq5ss9oUbdUwJJ#PGdPf%0%8*8c7%B>zKN_R)QF#
z<B+znLfjt(cXnG(7EWJl+4HYT115=ykA4p|C;Eypv-vyy-Is%7F}$l+;>l=l!A#f3
zlmL*9ueg`zO0TkncR2oy&zF4UX?@1soAyHAQ?rSqA7GyOOaR_LF)Z@#(1c^uKR&8u
z@~QX(m4FhUxkCi0gF5qJWtg-8HejO8EC;Eo_>6I2>S*%4)oU)<T8=^`%~q-;WDQsH
z0Q>4$szFnH-6DS*Rpi8OMZUp`{9D%|bD_v$W#VBDNPH90kGzhkeghIwZgVZ??wxTE
z$vvUA0$+3UYBmIp|6X^Ucz|PjD4d%a9J)ksckl)&%PdGO(h<e{4JvJDqrex{3)~*`
z@feVRr#nk=oqNS&#y6Z_@uw>o%PJ_{%Tk?qt3|%3RT&4(bY#?uT&vUCBKSlN7pblQ
zt5dhRtND*V3KvcXM7M@q(?In*4qgEHmF)0za1PHApqD20k#h7^DjRA8i`>Z<btp%+
zAQ^utWcZ;%hxGtdaumgD_x;)>;Tn>W`ws@8hQ7)R@Ody<_#oU0kY_HaL&&JHRD(1I
zl-10y>C6Xoo%T+Nv^S}<y*~tRRz`Pg>&WZ1b=&6Wj@+d5x+NK7BP{{82WYC`zcL8-
z{w=Q8?0spHkg?B~_^O6!5WyeH5x6>Nop0Q$n)HV*@QzC?ZRN3j(ObO34eV1A)!#qA
zPyLMyX|Rt{^$P26GwbgU^VuG}9>TVgyI%g|tsmGmwDbB4!GE#W;yP?jMy>yxHt_Ji
z*!X8yz6tVBT9?&Z`mwo&a}QT;!#alvJ9Ml4m`qQz{n~<k`@(`KFanBEG_SC1Q<(oj
zx~M#HZ$C0HH)1yq2E~jYFk`Ec4nkF)tEFHgH0Z+^)P2_#bqx%4hwVO{in|knzas~C
z83OK72zNH#(LfgDDl#sWvTcaCZ2576rP|w!DG~SJq`~j~yuH4njdLehLfg@CQXbu_
z(L{tPaQaQ-iPN_YBNJ^T#T%2Rjt}$wn~d*;2eq0Q{)I7O=RDC+&4|!ag3`Vju%=he
zy+l-mXZtie_@Y{2+YXjjy<D)?mkkp1Q>XD7VcYR>TfX?!i5v3NP4fO=pQuoqx;}GT
zC+Q9#)$=G~?4W|Wrzd7u$CNw42`b<3gSIG(Ug}E23paPA;ldiCK4IH|mXb4XzPu|f
zhKdt#%iQ9<3Td1An*YX+37fm|<JlLl&yQ%&M$;c4Q=h(-GFOPce*e(ZdbNg-pXoze
z=+K?r;aj(a;XC5P@C1qS9@s!mIzkY800QUi0OFu;I%jE?c19P=^belcC)Lwee~f&E
z2jWG26$LLyIV-kA?T09Kf{6C%^RXIeKYeF!fG1~Y{ovrcsfG5V0*-|JSjZpt;ccPA
zc!>%Lv-^h2zeA9|jS4wP`!M!_2SQ(SNR7&gD=8YGv>vhA$WEBWqfDND4e7MmQXL$!
zLHM0Rn!GDiO|zmj2PS=Px3=;=v<)2cYMQEiz$xeB_FQL1VA&Kpx6M)6_QxkVP1#t7
zr@f`DpTqj;GNZ%O+ESLuUR&#z4X`y=Cje4vML?ssxjZrWEa2O62(H&iw$Oe&w&Iy!
zDm^H_7+6ZP8Z-x;6euSH1#etsIN$cDC8VCeWs{mL%`hbJQ7-@cS{rzAcCJ>GwN5<c
z;_$KpN99#&Sq>0?OPNuy?p@Z4S~eORbu%`~Jq%asr{=Fan4huV?knP;g_R*p6k(SR
zEO|Akg)zLXOVlDF|GMDY+2EAw2<M+Uq;^3HDi5|r<NQSqaekJ6dIQe4Vu<J8BqS&$
z9MT8i-?dw#4nR3s@Q3ZzQ@n2}S)ohWyk;p*hs$%9JLR>1Bq8^Om{BKGhF*iN!oY~U
zxL3696y!-xUaWUm+uS$fxZT0d*t4E=Ey``KOK@pHe@j;o-#-gJ$?A7Vt&WVN%O<F!
z+Df>a2%^2E>=VJdZ&{t-3AL0Zss$Y=+Zr6qMr<f$gr&n>qWKM8@lRvEXg0#UcMMzy
z{v07V?C+{bf7fd|`|BZX#!|H}6y-QN8uQDp^hPb~hb{ZRp|@v)Y0>nCXJ*U4peR+p
zz~|JK@B_AloEi!GoQ>R0Vu`ZOL1^h51U!$E7du32t%Da^L2N|m^%BzSp-y_Ov2*)H
zxu<A7;O^rD_u_7c^`QIK;2jIq{b>6@nJp_6R5G3tL&j|_Wn&!HJ<HN<&He=UjrjTC
z{B_6jGmhl@ih+#x+A3R-j`O94C0?Xs8*bd|vOW`7Da!t1?W>OACv2Y+bOSVGdzhcz
z@7j=!*pNR^Ltey&JeR+&AwQ$m?kmKGg!!p%$*X}f+!u8{{=p?gz(UnF>3|@)>jh~w
zsOcackb|tVk(&1z48hZHY3SUX;J^*G&;gnjc##I6Cf|CF_xZ>lTWQd^T%tS*4>@-@
ztY5qAb}2w7)q74Sxcgw<Mt%at?&I<;jiRK0C@kNEsVkkO&4PSK!*nU}vS2-0*3Yu1
zGhaVqCR8p3zmWVHUjkJ9G%4|2Tc{Qr;l%{Ast#UVt#S9IMFinnzG{tz`Id|Ew70XO
z<Zf8F!7iPKYbevk|9+Q^`$UlO)MQtYV6AaYmyUW)CAjkh>5h8nEdl*uH-;1DjK_w%
zM&z%%ke|_l%>YdU6;)nAEK7Su+1;>YW3UGl9n|5CAm>-xr8GMw!i-*D@c$|P*Ju6z
z6#qxY{Xd0&imxP$M^Tsa_&>%|eAlQfYcXPQbpAio&9Bg+6g(V)$I2ZulQCX44PMT#
ziCKU90jUd@IUV!kzh~Y=_`-wRa>15^wpbd$;?)Ho5~b539``jaQSj8}(uPYRBY>MN
zGtPi075Ka_X~Whr0k_PE(vME*f<xM^tk3KN0!eXVFyjI{`<*)>a9=yPujISUI>FPP
zyY%i@`R}w|Tcvkccde2?ydQ3HHtPaZuYC3`?TTK`yKWM>Q%>o;y8l)QYRH|o(FV&n
z+SrTxC$`cLk|I>Xdl%uUnx2o%nB5a@af(QgpEBd2q;`Jmd*%yBtNwHGbXJ1{1eot{
z=H-+=`F?Y*r7^fjlrH@g3Vw*7;9@5V8lBR&4r!P2)UAkuQ+Ou3)TpB1YeK<^2ntrk
z^uGi9U%Tq*NdM2_K_;J_4fo$6a!pRDCDQ+pHr#*kJE-p;fv1r%k}V=1iQ7q<>6n%e
zgKXP#;2y0eFjuQ$is2_8BV=2jGJlVF*h1ODO*CP5tCnGE1CfeoHd?@5-Dsu*b&yaf
zued|n?*Qb9aV~Qj@MiF?>tIXlhOP62t=-DvTlzrJ3Ka*G;fNr|ab5aQ@$-s`A3B5l
zlJee}DEf%T&%O?ACw)xqLLUz5yg>6=tW#p#{g`m@6>}yUUeK4B*CBrB3-~?GjB^g_
zev!|+#12QozPvi7vo9j|gOmFavzA~#W;6X9q3^e-{ot_b1V-VPzhON{a+y^MKMeMV
z(kr_CTQuF;Z{we-;XN$la4il^Cfl<Ee4{*&gp*Zvb0$uCXQOwVE_lj~YEoSEqcg*U
zDN5gj=9)l8m0^ks10KXT31~o+ns6j|FUD_yFz}e7tWR$y+R9D`zcre$Hq6%|v7yka
z+=a3wcKyz8*=HPlW;q`7;avF8CY=cGR^H8J8xF6(Utk?A>O4p}ldjm7+zf@<SfS$0
zv~7x&x`t?5;h@w&9PUt(Iz+&NAR==UX^Xy(&DDg0yUoRj$+IxjB<&J|kBCx0%s8zM
zcyXB3X}~Y215O*zE+eZOMXB9^R9K_DHVVi7s3=`^fFxk2OSXte0YBPhJk<ut;GTtD
z>G@lvhuy0rq6fQr>|{VWbBd8eZ`TNs0}=Xt@H1MEcJ->ZySzKg=;3UHpYcp|ly_H{
zyldAmE>@Vl``Fw;^6oszJ7Bs4Nbv&6yN3ZGB=6dO3JD!usQzJ$4u365K@|C~j3klo
zkiG^>fRF%eKuBnbAc6N_(uy!YoX7sxsq)T_i%fwX+LSXV!~MS-gM`wxaR0A#k#}cF
z-dRTw9c&yCMF%Q%wao+SsyNT#Cd$fP>tgAWN?<q}tja((-!9_WK_CDpXxY9@z}|hT
z3`|EE2za7MlO6N=;?rzgkLf=XFT~vqD3w|Oi?amj%j;rsw<F_g@Oc4?0V1XEFpToE
z3`AWMp~=Zz6uCx`3$luka!QzeZ#}b055~r-jZyf*^Kmwxh|mk>rj))?@wKllie9F5
zp%>Qi1+-Lhl{pOr!#hMNz#{TM>_|FtiiVa&24~0i2BFe^sy7!<7;Z=>VTkrXY<Dmf
zG<9=nNu)oocj?cWufzQr8PlJut)1h)OdWqqBMn8cFYA<--SX?6q|VHSW?DbTZ8Jvq
za6#=4LI}vUGYo8VsR<YS90fmQ9(F8S6@Zx_Uh8=80FZvc+kmjtGYPZy-bmz@HN2ZF
zljmUjpe{--ZA&{DsA$Lem*97sxnR?V5?R0JPc-qC6`6_qfITqR>0jT-3^+M!<Db;&
zx0m5!Gl#3!da^Ae>a3s#o-0rFt)q=2G4rX5|I}rsZytM)BkK#Gd~fxdM+ILZx~IVI
zItQ3Y&=GiHIRyH~x~iwqHBj*EG~s!g4epCU8>^E24b@wl)?`Svg8y6`5W=zzpj3LM
z3le<A8|^(!e6p@5ek@pzxX((pQr2g0;AG;FH`U&J`li~OC2vC?cEFud-$(5On?IKI
ze}ShT;XxwM=7o_?Jo_ef;truyUjb!)q=rL#l;0{3egInUo54v*_in^l{KQ<r*RS*q
zoYS1V7wp@;2I=m-#!$7SFQC>4;nqxjldTKXsW`nA+mjvBp6L9o))s!PkyOwpBpP%q
z+M@2Emi4V0DNg7fN;@Q!<aPME&QeXuijKoemtJ{F!bN~bHnQ36e`=zpy#4A!O#CnF
zUx221S`E4UE4x=O7Nk@&E*=|_pG>oop&CKXlCV0k@9#NoA~$6<9r#tJo{86Y1TbHz
zz8H$}34oeH#E1Ws9tK;0OHrB(R;tTj5ablIAk8*_B74|ilCvglRFN}wBb)aHYbfU?
zxK@TH*M)*w(2`1*h=B4%5|5MD?++!WINp;j%s+7>Mz?io;pq0GY&-RXC0b3F`6F4s
z`wiCjHRLl^+dTDLlbwG@|95)seo)r0eVs`6eo^KzF;~m6%^XznJUq31g!~sA%HmPh
z8Zd|)p6awB-?%||C~T+(XIxxkobuy})4IRxYp1-tNwiKW`%IK3h|&~?oZBi$S_dw>
z;DYhMsr@a-<*eJ@Q1LMG4MrrrD$a1>DI-8hUwEt}8UZEef6`u2bT}=|uWRfB!~A)K
zP8wd1p_70&noc&qPIPkrTHHe^tR1}hb++;W9N_oJU%_L_Rs=lI=N&`v^AGo?&@Qi>
zq4PAFvZN322hYWj>Vg=r3)KnyKihy@?t+38%a^nYVj+LAdLdt~5!6E>@pwuO#_of(
zOc*FlIwjN@7>9{_B9*c;=Rk@2l{mZ9<`49+OIQ5g@s_=G*U#d&9Q2$n7koNN+UfsB
z2YlF9sPtorqV?mx`0E-hT2~lcH^5(`D;55lcrV7^XeWQrXgL&2r2UjZJ+1lufq%@F
zyO3YDXCZ&Z{{vrc%f;P@+|jzK4foN~3*4gdUPEpswy)W>6oU@KlaPSG{Q8*MEh5f4
zFcW&7whq@<=2fhk62b-XiFgQJA&QVVs$SryHO%l$o+5+}2pL}hHP76Xrcpi})(5kN
z!zXNb2Af|Sui?E7@O5A@?t1X$4MGb$w>EDO+soadtms2w1F(zk=BsK+UhKl9oVd_b
z;Ma{sg95azInLeJfu{{PP~8evKmX)W+FL>M?Kae|qHlBBXspCD2r5Jy1ODHK?-$`}
z*2gtzXhvPE2He=q%WeEtm-&7N=(}QEEpVUct1_R0o^3;1I>ARW4#p@1E{4tItFSKl
zZ)RGn;QuxrJ%n^e9B5}$%=h8(@QZL2>f>0O3C~JjE<kx3G;BRUng|H4(1e?7utTB6
zqO{SBC!hu&M3*Mxg2<htV{Vv7kx}o&mFHkW*Mg<cgf*m*pK@7wAPo<({Wm)y6M;qU
zlE|#)VqBt$KBnMl%N1o-0q?n2tFAW^t&OYnqP2b1Q-Tk0pkjmB5$90%)5$Zx{hS#S
z!}uyQ9a>$7X6teXm?aYH2YBbf&FF8v+!SRmd9^fYjeg*7(Q-g^Dh@N6OYBDDnh}03
z_?{#5APGEq6UBRO1@cs%wJ1NInoMcSax{t9gI>Ib4!X~!MBO`;(xH7cAEHtN3r5zz
z`FoOwRn7z;G?M}2#*@t$0ato`hQ1Pv0FH~dnwM_TvA007ahU@($}^$b5FG)DJByLN
zDznS;#RA^@Z`ys6bK=&46iZk9hqa(#fUl3^@#9j5Q^x5{-+R=X4>6y(P1-HhDQ)`z
zc{zB`dyh~@Kkfv<-WphqEZ0x;_jc)`@=?^+xZ%y=+e)d*qYF`LJFo=z%5Gn;j(qLD
z7r!)g{qiaHrLEhSd7WRHF-3ghbsApO!BEwh$i8_DzHv$|fxTL05F3EvfM=0Z(?uEC
z#`_wL<~TDt&%|LgyuPQXU_59ONG=y?*r?o|N{fbEPXt0_DD1>T$MMiT<n2Xx@VobL
zFB~Hgc#HEp;+|rKS=;z0-@`ob(ka1Hy(sWPFIpNl*F@TNr>TqAJxJ7Qx-|1AB|$G$
z62uQ=M}hvHixC1U|38fU?~3LB`~MsNKa8u{fnS4<5c8iCx#lj+-|on01Wy;3UlCb0
zmlizy=)qKE{tNhVnE3<XEMPOzW0@aHU+V7SKa1!;BmYZX`2QmERfPW!s{GGR*XYLk
z-v_s<>%Wwjzwh)f?qy-n;7c*Y00?$3`X6b)If&6fHmDi*ZDD>_7WM`yi5&Z@{xqnK
z{ksfm{`9CpH9~pWvi>(OF_~Zmb`9us6as$acPs>a199}l12M8;MgPD^+{Yz%N{e*^
zd$J7>>CvNUz-YB4WN8FJXNL++=>OxnxZu2Hw1S<l6Dn)5b2Oq(z-@-&l>Y6=_}*dN
z1><=N^@D-VWBx{YX%LR*x0F4}$(<LuZ>dNee@}>Tn8tfB(5}kwb{xMSBmV#SFel@<
zojAb8ZJ=umE_&cDIHZfgPh$2L1i$MXuO!xw;9qgBAp_7mydR<W>3-d#pl1ZF#!<JM
zNn92Pe7?H!W5Nl^%jf+DKfkrg{73u<!El}(_hm@MW?bYkMx?_=s#B<n&5;p&LJugX
zRTNOmYN#df2>I95>4a)Ra&Xc0QHw}R`%lQt8Q6(jY)qQSoeE<Z&3{j8?$SlE{PCag
zyJr7?#jhOb#P83d@T(%t{V<6gkT`bpebB#Rl&6ytP^>*{7U=Q4f>cFn+u=jQ1#TK5
zf+JJ#F{x*%4$LC8ko8z!Lg=x+U07mlp_c8YVR#o9*sOkGurfW{{|8`UJxUxT>*u||
zoC~Zr;%()r4{_(ACuj8Y;CS;-|CY$R9R&m9<&6|Flb&M%Z>T*N+uw>ebyXBdV2Z^<
zb{f1QQ3|inPb4+t%Q^krcnvm2#e1y$a$vrPDzk|#c(jG)wmL$)z;Am6K5}^KOc*LY
z4jd<EJ@Z@DA(4KoCMV(bstHjs6)f7H(Yn-uxc7vt_2u#ZgS9UD%#vL?1$MRQ8yDxO
ztVJ^&jGH+8)kG2j!F#zX4vlUH?XIPrvT%u^<UZ`uqzO9+r~RjO@>9L;&!ntN;0cK6
z2}tdhW~*PS;|tqx3B4dc*LM*>EEM=hcUrI5=;TDc@QTP!t6j)HUVq0ze$8HZ{x7u6
zo%}RqA^#}&0gpB;<bQr}A^$M^E&~_lO2ZE}zI;wDhIUOe<c|aB3@DyYOqwET@&y5O
zdN3;)?L7zhL2}ld=f~4wG9y1RvE5<wC<9F`j;v|AZ?qy*?#2>uHVfo@E;<f-`(aql
ztqJ@E$+S`R15%$yKcF5S1rYHzxgZz$y1(sT<iPZ{QP!7WJnH~7a!rA-(8fPH)Be+)
zU`=jUvZI^)#&fL6W&6}7zo}zQMm=@`8<+tNWMc%r(M;(*1$zM8cel-dR_EZp%B!pT
zTi9O$7s>neW!wv__G2~_&yr-?w$B5g>GG=E6lEGzhF48WwtCg7+(K8AZ&OCVg~L-@
z?5OOR2fn8J6Uxvy&9*&FL)LO|P&9pq>VT>!v^;4N_<wS#afZBV+$rVcUXvzIo;=PQ
zT7Fz<_G>l4&xAU}m8LdtATH!EDj)APQGnw;_?2L2cA-BVJ*NPj%nl0>A?|M^Wbhp1
zQ1v8`M10lTc=``5UPeGPBq9p#f$jo0`+pI@ANT!l0yul=L)VkP>#rw&JL<#o*YZ>H
zx7XPyf8;a5Fv;LQMPzU`J0IJ_bQeeRnD?IS2!-S-^K%+Jk@_t?@7<3X9>6Hcba>k0
z__a7c<9NuQ?Fjir3U<p+u_+PxIg-zSE^Q`w;LJ*Zi>F8v!o_nmQ4ChrY;79+6}3kA
ztJ4M^!6_n{fsu9lBgwa?2wXLA>zRSOY!Mo_dW57Yevs$OlSrPQN$Mi@C)r}e{_PBG
z1s?|cl^!SWz}5=*S}EVpgTEQCQI>*bA2@Y|HRvd7kb99sodQuCgW?+-(~BB|P{CUe
z9%VPeXCpjr&R5~HRrqv*H*(ClH438yqYx(;XnHh|*Axn2>RQ}P;iOY9b!h0ln8*^4
zMY?xbkE*5(dU$6p*a(SD7|vW}&eXU?`plQLkbQElcleXn;gi6?wor%w>U6ZQ4>yf4
zz+XoIUty|HldBq$EZo3X`7VY+ftN30qBkWUDIJ`hup4>)M=W=oS$XL+5*#>!S>N_z
zyUvr)dOAx*JEf)%A7G`wK2=q;vc6?KvrPX0BM^8H8mR1U>y0gYgO#wS8AE~k!+R+r
zc)3?NA~=H$@w}<Dv3?l?euV+gN~FcHixb1Z7g)8U7_fr@KgNJ-dJ%9#q~ux#+%bi1
zcDiYGJ#Ca3qW<=W->CK4vOa(P_2Z9Y)`#Pd2~S@y{@Cy7|F`0go1a$I{a>HHZv64t
zr!oG2we~0DkHr<`sFP1{>;P3<;;{p*l#23!8utJYvYZ;PvTB(#m`MbU`*dA`AeR`?
zLfao4*d<>9C?%;?ur@6nEchnJ3kNTXi|bIl&$PO<#$~4jsRLdvIfJR5dj!*=3~Rk>
z7#1fiZXz{cb&WOhPtH>>4g8ZM)O|8G+s90UGzLwb=i`KSJ1TcE{V~clM35gcf;t*;
zO8LVslV%!RX+VJ-Q{Mjw6v*Ky1yZpRJAazpg?n1WQCMbr_g?n>zv&+zys0+Ngjph~
zmjk=@a@jKK;j%)kZ07%>A2T}j<Bpmr{dnX<(vOR)1(HS$!KA3J;sFn_@%X~#-qHJ+
z*!~+9FZtUL7MVi5+Atck!WVOR9vzsCWrJ9}Wa%K5eOX-?9=P;<Z78x`>H8mhYknf$
z?fHH=9%dn3Q?|aFf(Og(Gay%jTfe=SRBMam2cDexXFe+aPrH2J={T?eq#E#9t;)c!
zNdVbAZ93N}OCvD*-3i3(&r*4ybD5OO)Uo)-BoLo_b?Ux;vfk<NSn$}<S2xm$uA;Tc
zH4bUXx|?774`x9*Gr)YhNI3&A2sx{OoxeH831$_B!h-Ypp)6L!a&!($V39+RmQT;n
z;n@H!!EBo17SJ}hfQ9T1)`pzE$+xf&Q^sXRcjx0NBFsOXf;Dq>4g`i8oEa_9f3*cy
zl!kn?`*v^QKxH^FnEf5@R;M$ItrwQMX<fple9R!z6wFk|m*0LFBM$!aI=io+!E=uH
z)b^;jVzcqnn#9r$M~@JO97B6th5QzyZ%IRLMMuvi`}i%FJ+(VL9V5za5_VwH5lTG5
zztOT}Q!u4Vd_}_JfkdmaEIF_&4(}DX;nzNhX}zjyKy*}OkKw%-uZNo8)lytPA!PV5
zZZc}&25R5=pJ?AXM~`d&xqZXCwJ*8LdSP&^pm8aIFDW7%X&;90_^O%IzBIPJ2}xbF
ze#d)CDe)IJk~Y-Flvgo1GtD(f2-OPKOYX}c8UQfZJNmrD#7x1{q33^v%LPO{rXd9@
znYe`a`r1RGisf<3d9Md&iNUb42A19jEfO;7L8y(P^E9_#X6F!h$A?gQLFmzr6VIV~
z*BE|F@^$brup2%SpyW6t4QR^R&u9t96CBdZNTKDR$OSCb!G6*C^Qu87A;JgQDyF2l
znmn!Cnnuun>rl_R`UgHDC4WKI-?olvL`?4-ahivy4>6a%tpE3uq!RC@11Y|Imy>3j
zb%asi{cG?pIBekt!CITkKU0V62nEm1G?1wl6tU0-Pl$762=Xssyh3G1MR{72)4Hqd
zfFM8ED#~LWQphRo3L3)O7v!wh*QyHf#kHLqQhji(Jo)e1P&4jraQB6d^Hut5VE0u_
zna@{UrDV~Vw+w7|Ft|nZ^Axo7F#qn?@HT*J1k`=nAZadZNz#nhg-t19bg2pC%)8@3
z2G8#Vtz)3QBA~M)plcB{vlH|c2FgW1?~8!mji7pBd638#-qUL2(Po-qT^=pb-A%nU
zL1VCYFfrIOXh0LD#8r=n*TP4OwQPdn;44X*4YBzZot^p8JDhSh#RXWRvV5as@d45%
zzR@5jpEJ~Bt~cwkWn-Yd-*YUrZd^Fo-=`!ok5byu(EA^tp+76|5{E2?IZqwd%WjZ_
z-fG<BJIdQYdwnnAS`pBaLk0O?AJCI=W)!2B&w)AtLlb@3CnzvJ&g`7D+JNHQ;GQ|t
zH+l6~Y~tb&HBZiZ%?o3^{A2V5cROUa5wjT#bS%EZK<~lDPmk||TTP6L3_uR)5u;OD
zZE(t~H9?(2e#A&Q$sN8z&LQP%oQu!nXZ+miX?(JMgpvMgrq|g=q@gYA@J${qc<RzW
zM6=)0tn`D%B5vOtL894#nM|^bUUbPXDrY}ZUGmKu(hNA+=t~{#^o<)0{&5=3#eb*#
zT95IANq8{Jbjdz~yhbBlG0lWmCR<&B4y(7-#p6$KhN$Aq`aa^+9X`%>%eOdT;Tnzc
zFAa^+6)rqRN212aHn&94j$@f!yB{$wy^4b!JO`y{St;p3GNZ@tAOrn&O&0@w>uuVw
zJy8tyh+ZjpSF2&iUVrjLeds6bPk_7^x0!hlEuRC1fz%Ejt3&$Anep#swj$r?31ly;
zn)4gw*>}hlUNJ-&_<6+Rb)BNqLZa;@+?QAF-s-TPST;(zw~^e8$)Ovu7k`Ey#$UTx
zyF+6!##>8C-)JRuw3XC#eFyN%JlraSxrCk4Ck`|u!0qI>b~t@*lf!4zQNWV)uV~JN
z|0%R7T5{nM&Q<1Yn*IRe5yJ}pQ}N80vN215pVlDKW^M{PQLqpEGKc?syo39KV(nn}
z+ev?Q2pP4GI5!zD25ff5Q8A-ku<jOc;sjUCey5C&1B&Oq7q}o!V_1Knxe?w|&RE-o
z>*;y{>8CB+;ILj?^)^tujZcoZ0ZRY_865H*MqFZ7@d1lI+~9HmYXQ@k=vewk(nP5h
zidbC}tlgl<hoj;To5K}A*$DAkaAVheX5Qocx_9BCxn?Tw#XN;V<<+S;`?r=7h)YKW
zzY>pWi{<;xxiTVAM%<yB>Kab_3o!%BAzGl7xp0HEH(&KKmg}j_6+(O67imrh-s!-O
zvRPaBr+$sJ+`n_ZfB5;54vfGD)-n-1u$@Sxs{O{;@WNM_fP?Vn%J0$Zy?Bivp9f;H
zG%{G6Ge*^6#P|vLG$qQLnPKJ%X7I*>YrJu0B5$0N${X(;P0<QId0r-;T%5)y3r0R!
zvx&=npUX`{xjrv;Rcr;TZc$WqW7O&lSY4W>`oY|wPg(jM+VoxQZ3;Hh={7pz{zG8u
zJLNmm9P$%Djz@(axJNe)*Nz;u91>cZMc|r#fuppu2A<FZer-M3b(9KgHqP~Jq==2^
zTWZ2dp+lg8Q<$mMh?FnTno**7b#1ZB{CF^uuLjyZ4>#7rD9RY$x9;RUKX5FvR*aN>
zADRmp2L(^t$PY%69g|0se2WC1?o*~Pb-6Uh=#*DvBa6)w`F~z<#;q`csZ-o_{*U-Y
zh+Aq<=M;fo6lX?zc%l&(7<{M1YcOi}y~s7<N<{0A2>UqW7ffhP{36N^0lzq-_(h&X
z`{%%`LvES%KI4|bxB+*!D6KR(IS>&Kg}G&SupZYB%x{R|mvWX@)`VsM6u&g`>&hry
zks@q+`>*UDW$deui#+Iwr}%h^5zPOcPM9>?yeK?Oz*nUIPvPi$+D%9^0>-6sBaC$)
z1~7}44ht**mVma|0l6u*t)LHo+#q<WO^(oBzABHxgX~PF?-qKN$7@_?_$`m?ax2d9
zV1>rJKF6G;4sM^*r@PHzy;`PsSX;|_!j=0YxN>j7v{SCvKsmc#0q4d2r{MGWgea7+
z`UNeqzaP0B=`8L(6Uk9r0s?I_q38>b=Q$x`KaS@%^hw2xHZkKA^d6|hPa7<D;>yzT
z9iWc6Mi71=1s#<k1YP=sAkToI{A868Q~9d&i1R1c8_(0quQrFr6Ii7bL?8I}c`%r#
zp@`M>!F}p^MDqU5`7aS`pgh3<@@DWYu&37C3)OS9qGOAOO~;rl&FIZ(vy(Lx{6~F7
zbLpmOwf5|ghRqDj0p71_CEmZ-+C?Z8jz+yzheF9NgK<xbJLWRrr>};A3y^J@gi!jy
z7li6=rXzegn0>jfYc;1vX*J3X=SYRNwGhnEGh_(dca;o*O00_vf$1#k>pw<mV~&T<
zrTzSvQPOj+)s?T@`zd9;l+$<ghWFc<;=OFyWBb5BvRUzco}$6+-0n0v&ePi4rT4V<
zcLQ#F^UqgHqiCDFn$`o_H0LU{N&be~w1Bl~L!?c2vLXkKqJUrq1HP95uV%n6Mu6{P
zz>Ood8fg?7E^quMNxgazt`^3uM~p1$R9>Yq)t{Jv>q?VOqL#4MyNt{n6QpAljtiZF
z`hUmjKXIDsKgsHEjMV=jtN)Ra+E{-R3SWVRSGInf`HIGs2<GKtxDU9rYA&T45C}II
z)XooJBBQSPHz=I~ke7aJR5AVG{>ILGcDhk;w6cAlR#Qjc?HC4slr^omc2M6k9@9?g
zo5n}Ja6bgj)x%eAWGjVU_@}y32v_(>H5AiP`HPO=WATxLe@30yYILX2V)9|`Gc1jv
zq<;Yl21mvC7KZZmQfD=M)vp;2+~dbHQ~G&!|BFr-ObnED2iyk@N^jb9TZ`K^=%|#L
z<iKPdZbRJnI|e@v3E21~EqPON<0;maPZoDDU#Qdf93MU%QeQ%N)$8C11<)2zn$kM`
z`K<BbfjO1M8s&Y6(kScG*e3_G2wOYxNBu53e`d!HJX0Hwy#njw)k7(<;~jWgA9KD{
ziBQ==y}U_~2S0{IN?D8GN7>Ap`7oVosK1Ba&?@DuTd225u9HM*nQcUA3);ez_AH~c
zxOB=#6WA9YQy=CtFk)etCl3bqP^barlMYaXIRQ36m2NEGTFZMg3Er3WBC9ZtRrm_4
z@UM{y?_d=^b2E_k2Fj6D2&PXVm_CJI`XmT-g}G#2p>aJPV<l6{c`w>H6>GSB-aDMG
zv?A{vNLO(MyqBjdotF3N=}OP>-m6@UwJuHIx6aI_b=WBQ?EKb(@px3Cz+J|<n=Cb*
z3~rsa>~Tu_n*AKJB%S;}8)o`a`%IG)`v9bCg{Mu+S5+c|tg=b_Y@Rb6dA?Ll=l2fj
z2ow?QLun{-9iE+92Y140J?#36O}@p`u66bEv~%vhB-WA~asfD;g}K2vaK!TD(ed!k
zwHu(^wMD+f_+a%6*&fdz-ls3X8qcG9Xrn+(c7bfV<9rn!`Gn2@DlB>OSn}Q}@jQ1~
z@a#0=R?U8Y1G#P4!_rLTTaH_f<I<PDqVxc`4rfGpA_C$8r7J}F!Pc2R^DUsRE`~yn
zl@E4!>aICFq4=^di%KVd=;Xezg}_#NAk8VA3)TWu6F|Afz{R!j1(4!n?zcthv1|;A
zy$%;({3*c~;j46~bSAg~F2MIb9b5|+CZ}{NfE#RaY3>kQ!8{O6ixk}I&13$Ao){I^
zBk>LTX`<=ouhDskc+i@htE;h421B|Z0Qc6WHT~(dU$7tjr{aXTLIZ$Uo65gKDn8sy
zRGjk_QE>}R93>fA!c_coM#Z0)wVGJ@%*yY>%1_4fxoRld$cny*MK5PXe{-BM2rK&U
z%{RuTb9w@b-r#LsK3I?w_^m>=_0qCF@H<|*Ovif1<pS+C)L?n(th{Gfd1b7;dm`mM
z%*q>v<$=9xEzDe|hZd#Nx8MIr-_Bv*-p9UuDDv$R_U*UB)qGgMHt~9#2<5j{=iqOd
z9uEVpp%Xzz73MC}32_Nj@UyJo_G47=7*?<?Qt(Pv@KeKM@mCBTo=A<%UNTmYi%k61
z+jZ8<OH)<-A=`|A-QH3)zjZdJ6F9&1@~R+U7I0$s--+Vx23D_^)qD0ws<-&ZaJ`kR
z-jw0&d=bG{kP@9grW<}f`8O3eo)wqNiktCc7wNhCMioCX{#LeA+AV#`&YpEh*E$ab
z#Eq5Gd0@Y0<!vonc1u(fC(qM~*89!r?szMxEZ0Nm1!X#<Z==r7oNUG^g0BwKI@U}y
zAPuNZ_pt{<$#CSi<mx=9c&p-?*v<dB$g)D-M&W3z>Tg(;`%k3RvZEMi6NhdA?rL*=
z%NuoO-YA-Z*BtPl!@Z^zOdm;C>k8Fwm8C<6jxo1=epG(anQ2%^FWI4!1kl5er`K5a
zgs-~gH!n;VCKaUf&-;OsCKaTCp=YS?JkK4<i^(sF^|KEBJY4T}_Jh)B03N?!Q(N5z
zq7mACBd4CSN8_*v#=!;1>1ll!Y?rD(lZ*|y?sG_IyR;YAi&&4Ajig<0LYxinmZkDr
zY&vsO1a06>6ycwQ$wt>B;AFBU<8~fa%?DVG``zF)hjjk><@b&*zbpfjI8zx9MauY$
z%Ggiim>Ef?y@?B6jHd6oX*f<bKZVZ-{+|ou|GDb4DEw1CF1aXOkU5akJ;(;5xGG@n
z7NK-*npk?m!5y|s3)1K`5APvYk~~XivmRcZ=qx=R<S{kL@#O|+2bt|Nd@1t<|2H6f
zZ#Pi(lXME=-f5&$H*di8#$!eK_DnqN_eqQhiLxVI<o1L9o)*6_A8K_K@LN;o+bYk5
z$`KQHX7j(A!pZ>I@sMtz-TL)XbEN%td8siUTHYsLYM#b#efTz=$o+sYOTNXw?uk(F
z{CJzErhTE!bG4m+awvJC^HZGGWBil2AKb}(8N30^39x+r(q{x_<Tc=V9l>mn3%{cW
z6GW-VV5_V~@o3|>HdS_zpo}N5WICH=)DyY<lS627wke#`H|)mT)kG3!*XJa0?z%)0
zX9|?eB+hK+jFk)_H)ae2et`kcV!+7}-~|l$CI+lwzz;HDR}%r3H+7NqZG#E;@I|Ko
z81O3$*wEBPj();`|HOce4EQVqPP-HacClvsfdQ{zz-K-q;Kqvt+<LK#NL|8!MFzZu
z0iR>QS1xu@Bl&|>`HNClV0qUt>l?1;rko%eO^CL(kH(EKY@UTOJJR$MJWr*BnMxxU
zy|w|*k1rL?W`0YGp$cd-j@*ZF2EjL(6FhZVFr$J4y38+D?P1cQfZvh`bkueW?|qit
zit(JSqHTdI)mCx(q^-ig1MUVc>y5VJw5at9)iLG4ce4{h@YGguWr6EbzH~6^>p@FS
z+1`OduiWBZi-1_c&IY*e!LP-9L+}~an-Bu{1}dYi=aNSFB!EYM<l~vt6<2cI1+<Q6
zMY_P%3!!RCu@p7GX@oA%;@r&)L6b+*lDYIrsAXR91N;90<O6Ds8m2(H<X>g}apdp=
zu#!&=*@UZ`O@fpVKB_?QiFk+<&g>sj_P!sdfd(aN-05ug+(qZOmLw*t8>Vpg%a8Bs
zX_e#O-!*E2{c*<Sw(xt}9rHQ7XSwQ(Yy}LhfIO+>{6kN3U!PYdF?zxE4su}%7#hA}
zPMVwIdxDe7OqSz0nDw{(zRI>xh|`qM^F6MW%2Mn;o7OHBnsRVEeEF2hwhnwbUX*#U
zv@kWVVlubDot{^*isSBbr`bH!2%HMv`D}6URb^W{fUg;dxlNA;$3bP5<5FQtXGT5D
zBRiQbIZ52iVKXr+V6Z1%ZPb$|Ew$L>f)t++vPm;jJk=e+?KV$AN(Y7|w9uu68$9Ld
zn&n(g#T1QefTbG!vtq7dRXirAZE#->tR9K3W?<RK@P2x^C`F!Y^4U0OiEkSGHCd{m
z)7ZaJc!m=6Z#ZW5gZ|n1Ejq1zV!XRQkeZg8IEQm5LLZ@vn>eW`1;!u$cFpHX=|r)X
zLX+=y!Z705WNB1u8JVM20;7Y|)X@1PJf9bC@vOsOPrUjQE~?lanvtUJCB3HxuCdce
z6-k;d`aY6xT%JpnPRGXi9;ab#gf0OPzy8-?{ZPgHdW^aHrfa1cDLBYWO_f(V2;?s?
z5;+|N@_U*lUz#c}HPguu^3qhCg_Ivk_brK&mZtcY$4M*U!*=@cPW-T)KAcGkD^4se
zLFzEh<h?k)4&N_1X=N(ZXp;iA%G05crot}GNVoe09sHW;<5j((U{AGP$}<JtM#bfu
zjxT`*=jrXze5eic4wRd6t^u$s*;X+*dx^WJ4ZO{KslQ$N!tN`MCwQqO4BJ2F3Zfc_
z^$Tpx9JfAHXOpG?WI{K{Hi8sNzkq^`GgL_IYOw*pa$4~<P(_^$h(hCOorRIPqA(ba
z%}M1F59Bo?MP7<&LcsC+5c@g2Bz*+P;_@ClrIK_cySx<N8V<3?$YCfRkVR$7eTCAz
z)QZX4e0R@KwUn0{co=X8WlJ3>m~9d`9J0>rkm4m6hXN=G%0PKuevewl9lS9wmCw+b
z)q3V=v4>&e?&wg7dy)XdQ!#nKUGDxNXjLkL7Q|t39mKFtV1Im2QaTuO$(qm}xDS^M
z{RGo-tAXg2vM0UWi_Vv>s&?NL^%3DCF^0N-)r-zRX#^Bekwn@oNjtv2tsT!zbM?h*
zJg-?UN%2h&0bFn(K6;LedW0Gak7<!gQsg`mWZ{1D>!-qVmD0!2c~23v^4{U-G9zl$
z5i6QVBZkHG!dKWVXl>wboMY}8ZfGzrd_{kd4WC?<q>-cUm#s?D#N?+YevB5gw=*G-
z!y1WO*qNy1*FTM&&7<u5f}EF%>tVrYOSel+BQSTTl$VZ8z2Afq0T5K!#eaZzf{D_8
z{o7V~4mB92{VX4zmu~OT1Rt-!$?!$*4${z;VFX_c1R3m)gN3`vBmt^Tgn>2KrKRa|
zUP`DQ2qJ25RLS$~$|Q|?xo&0jc^sYnEu;R<q5j%b(b~Z}e4oCv!?X3>I*gKKjaFI-
z-)V^uN#We4Dx6UuQiRf_U`I^Oob4Vg`et&#zo`UHbW4hce>wqmMo9`uE)h9qCUwmr
z^+t{Xxd<XpfWIat70cH!QCx=09f?M`+3p8Xo0YmtQP2aOln|Y)&1F_nla67qESHE8
zMq>)<kUXNo=#tH><iQAh*A;dkV1}N3d<>6#-lL<YUWc)%nIJ<{4rk@rRSus_+`AN-
zI-$^gYsIPw+#GkhrxwI`xT)U*k|qBp4$Ly|xj1SjHf}l>jKlg|SRbC}HxB9>5A}7$
z$wRE=_Y3lE3@7ok-E$ewunJaAWrd=Y<Ey@aDi{i2P&!K)p|+P0aAzAsz{xm<fG@8B
z0&q_C`Uqg9**bgAuSdrrOg(+bQiaCNfX4Nn&3id`P_e2vm&bdX0ovo&B5kn7-qMdX
zb_O*THwMNQygP~y=@fLR-8W534M0K!bc60=8nS$VN{*mU_D`#r%s&d^zt$#=w*xpl
z0?RXn58I<<k2-uhD_ECcL>SN-#YJVRJqm+mry4qGw|uHlx*v*M;2s~UWrJB!I;tGI
z@K6e)y<X7xFlSd{<g=oO0_?qsqusNJ%I+k;ghLG$J-qj`;k}1AY9(@1_H1{N=qq9z
zh0t2m$kfpZd7$hJp4I|XcGH2->a?iF8EOyr#dU9t&{lI{G((k)(7KH)mTik6>9#16
z#=+!?q<L-@)D%6416w*tx-S<Y>2OWmy4|(UHrD5fQGG6SkG55;%I0itv)ZXh&xshG
z>c?=pjnil~|6_;lS37h!bqHA}fl!+ZsLi7ao*;8eHKM11zm(u<TL!poTjahuM&1mV
zOq#PF>DM2_y?5z@1FqW=OSQZ-CA1%^hzM;MxkQ7<|AD8iH@{W^3A7__9uWK+2YAmh
zxQh`PJ^F-4(!G`8Hn0s~q)UN&fm7j0;Et<sTOW9-ot+4>?nhG9<MBEXIt^+8$Z&c1
zybzK=@L6atRKSJ}6)I3iAn6)|sbw&LlR2RX&;%9eHysS<weAH~?SqB|aF$DLXaY1T
zs10hmY3Q@ASPlJ|E2;B*Wm@|OHo6_{WpV{<s+E2`Y({*HStu%7nP~VYn#{LrL9gWl
zmDr^s97P=SSpY)A=@8`sVrdaty**3ZlfWnH3BJ*7HXvjGPlXybbLgt@QYo#p&3gaY
zq3mpQbb`JZOe+)vg_uskC&cl_LbA4?!p_S0^>}OoRLD$iJc*SmU4WGiD&f6vlRI5w
zmlmY5mg?|h_~06Sfa@9y`7M(N<yVDR?oOw4!pR*0-^>){&+}VW4dH}P4M4dD+I){S
z<W{uzT%y=2>c9gJ4P15trz-M9?gx9u4|eW&q%wU}Wv=03X$`bWyTCm#RD&Q<{fABm
zuHs?}UpZNe7$t-vY|KOo_w@tnt16n`ra&E7=W~Ipl1o?$AQ5CW`J06){1$sM=V^8E
zUfhe7Th+{tx)yy|pFWVK!FpE=zzF>lX)Kir&KsAek~VV4_ZliDY51yI)E(5qkI6&N
zdVazU%x1z7%1UMXPwBu^39F}%SWt-hoN=np8GHg;q;?FD>-JRt!PDBO?0dnN)c@p-
z8lhBIDRA|nQ_#EuXdYRcaQ!Y`7qjbo@!HO=C*pN>)br8o`a!%-qa4v}KZ3I126dBc
z!e%a1loCGsHa5RD(Z1@UMjYWKs<)^Te*)^;D-8En(L5zT(8&BiFd@KPlP*-ABlC1=
zI>|LCLzQk+0%qz5wMivVDqA$eQONgn@Lt@881kcl&m#e}E|bJv8O=|?{qjs^&w??E
zDh17ZGN8c^BS||$m9%-CrRIa;R7<>$k_4N6g$0K6?|}Y@8T|7>U<TiSO<<O=kt|_M
zrXU$msKz=frcNJRdOTtYuX()t`Dy>%7=AO#>UdFYjczOoVL2=de}#ZyZ|=G#W--%h
zj!xsX#61~}SC>00qD(w1f%Kt+SzAs(&-H3uiw3ga4VJLr2i0OkZP4k!flg5cFX@zU
z-+hlo`u?lOF#hr%;wh<WJS9bqr{rdj)4F?sEqR>)N(6tZ(?qgBb(Ypgp$n6k`--&`
zxY7d6vdGj8s#5JM$_YYg8953|&^nXKQhiUv0dzEIdsomo5l~$;=%C6r6lUdpsQpDq
zW*8XoGkIPU<?sEcfDgak&qZP{ThM&TOZQf<7|Z}QK+3;W=V-vVScRiA^0pf~>2mJ?
z_B)ogow<ia&NZ`<9ql&a%jesfO?`lz$8=w!#^08_ys!VXvC@x0-Vqpk=mDNwI!KCr
zV{gy|lhycF7<k2DXvM&AD~#dlacWIaTd;{@bM8+fE!fdYE%*pu_N5lM|A`Tg5|bKn
zKuR@j;=(<z(1hhk`Es(^G49ac>3)dC9hei|Gmh;x_&M<HCN4Oudw~&(x=k%?RHs+(
zbf-pp^#5Xe^}Gr#ZVl>z#Gtqt>E1mn(zrd9ZPeNR@{BZ3n|4)ikH15jktWC`hFV=u
z7R7M&r+n1pv$-f1HwcPSV{y^`u;<|jCoJ#0eB|LS@wxxNAJf#{OjP*;{0D8-A=eOa
z8RGNF{0r4?uxIad^}#1_0}tI78Ph~@(e>6lne13E=wr2F7JWEw3lGeyD2M8CoV8)r
z4dW@BYTOj5TvZswDzn{IFq|{Nwy~fMSr)C?Z)S^)j{iE!vT09YmQ62uSC(oAuP4U3
zDGXP~uRl(F&a9gQWZfjF){P0=JhXS5z7kORb5nhH>ZAoG#-9B8H?Z5jJL9AUDZV@P
z@B&K2$Yl9I2H{G^=-;ClEUW=*Y)HOz461gP?geWo6`Zpg@Yt^QC|ls<{Em>n>v;?O
zmVpEk+6gZKu;-HRu?ZB@i6?`Ff{eo)rF#KEh6U~c07?*H%&bTbe2X;1tO7nc-f}!z
zJOA|jEt4zu2>sZ6vtlL7G+aO*R@7OPO=D%MT*3}{luJNar%)^jN4Eq%k5SQh?xZcO
zqwVBXPZCS#r-Exc^bX!T7M@J2ST&RbtLi442K41=$&ty!g5sc{?dTjq32ekrsiCZ0
zim!DNu8rQKj>C;AkZT~6o$#oehk=O8mxkKj;qs-Um<MzZG|yRj6kX_{Hs6D2bM`2k
z<Mf#)IYPVgEyp|YQ|L>58OG!g{N4q{G{AL=89%Y%&aGW!tRBa9+NG~szRs`OW8>{X
zXme#d$gA=-J%jhb&A(_biFApO@&q`^Ce_p|pXw~FpGJ;&78I!VH{aX5VhB+7#?L{C
z_EyF8aPXQ?z4GgD*DOX2(Mv!@y$b!aas#eha7a_pcA3Khlnn2W0~iaB@ayl_Mw>=}
z^%7jp1-`?>yjRdhf*E-!U7~?=bSx-vv$ku#6nvYlWA+n%gf`GNvWRA+_W%nCBYbwW
zs?e5TMt4bA(H`NVZ0<co5q&X~4+!a#&wIC0C?8`Aj0jeM<80c&h@g#;(L@08Eyq9}
zyv8|#d`oo>>$aa6^aNM+9yV+8*hhIUP93r!{s7x1VD2LUOoHawt;IRA;b>dW2E((o
zU0B@m0QA!#H96==q>dZyT&>-w8(-+tRoFA?ax3aGbJt<SMX(-RmgL#pEQI!W+8d=G
zm-uPYehjA`Hz#EHg_fhBi_)Mk@=Bw%gZH6$0>?*Z7UevHv^34OZnBX!8deLqSng2Z
zB8mc1CSvIkoa*e8@4J)94Tsa0+6Vlud<zg|$}>Qad*JtW=oAuXFPm?11MPAr()^l&
zKc6FIRs&^z7fqS>geenaaz$k7g@`C^6ddZgz@5#4Luj&Q-E{ay8tkiQ!JP+mNhhTX
z%A-sK?=Blm?@pd&XJ(s_EGcYIsD=#^FxcD0#O+)|5vr3`rh$S@o0Ml<ZNMWWYIPh@
zJ6h6vp@veZ;X_WPHxmz*^n0oXeCQVuWq2Q4sshXwtNX(K-IY%NuEg$ha2Rz%IX6v<
zz=uEs$c3q@IvS!1tMYzAX@iX<dJj^A?{Yz{<q)`^Fg8a)rl&w{cQt@e!O<ypaz}BF
zxl?{5N=$wvP6zKChsc-@;3z$+NxXkeniV(E^|woVTE4701Ov54>J2>!?ZHFb=cCpQ
zm#5A@BDG#+)T+d;KPuhtT<k~EbxJ!O{_mzb{H-_Ua}7Wu8X}jBgSHBPrszxI?CV6`
zRUuUGupV00%TwFz>1eb|wM+hmQ^HvSFf92;rE`&P?Q)^fZmnHC8cYMb?wTkU8Kknb
z{B^qID6%~aRz=#RLL={^35^tzXoYE!rv)@WQbdDW6FF~wPL%HXNe^*lk4_Kqu^w!;
zFygPosF@EUHX!fA!@tl1pztT@5KG90aaWD1DQ;$pqI{@`UJXV3ElU^#cn%nBWtqc3
z!(bUy4Skqad4+6slZeukJ{&v8-IG3{HT}LN`q(ehE3aI|FVZM1Sdz--{rZGw!~(d%
z5q^V-D1EI5crPYz0+|QGTy^f_LCi(udihi}<UK(x4+u+Vw0WxkW%IQ1Wy5USk~g6>
z@rHkCzi=JMJ5S*`wHR^m&Cy=B++20yF1s`6ZFi5tfcN8Wb3{L2QML}^b~Jy#NI**;
z?dV_}ybTx3gg#9%sIK$^)drm#rG?znqn+~`*j%5L<Vm|)gKK2KmB5&PUwfq1pTVPW
zRhGuUtOUYf_z7!|+62@hVYPEdRJ6gt6o}|c$~tMnHS71!%)))ro$I-9-nLehryDVi
zHf`;yK~Yk%0_=-f@T1kZPup?wWF-LRsjl1}b#VMDdBEVLj?JGq(7g$+W{>6aC*IDv
zHwGSv@3wycivpM)(Z%uWmjMlib@+oAj!}!vP8`d7??ehEK|O;Ua9)~*`3>Z;6;nX<
zjgIdO8AX;U42(wt;Ml;kCTFQl9@9A!<94S-`#P2J;n_=XrWV8EIM_2H_?C`@?G9SL
zx_(5I-GM8~ZM-p_&#;@*$OcI970}F^%HOzvi4h*Zei0*loNi;&#EdX+VbjIsHvzAT
z&_G-cVt1QpImlyfBU=taQHTKAkG=w3xJD!PGg8j|l^xgAxOpdm7a@TcxrLaCfQlZS
zvpKG@-6x9B;3u3VcNUe;S3RSlSia=v)9th}G5$KA{!;yPNpvfIfvqTW-y744W9od~
zlj>yPUb=VxTb%&uUi474=mAl!0@37WMS_4SN$G6a^bjuHz*QMEwI80Z>2!Dt+{IBu
zupKw~C}kH|#Jv18YuXSt)3&_`U*5%DZpR}L73T$vvE$5T5-I+`U*m|UumNerr6sHj
z;k5<ns(_&FB<sJXufy}?NO_Oo9Alm-sHcZ2DX|`?r1YoG@W;zsC)pX*upwHD5oLjy
z2h=qvpK4;3lGs=#LMI3>J3|~>ghKYGy7~mevSfC`I~|oulAf(EAurJIXk^Jq{{La_
zTi~OpuEuwgP1rzSf(8g0WudDkJ}|3*EYD1`ff<-3AXKzswT;E1RuOi2Xb6d$MW)Mu
z4_dXg+OPfEuU1=M6(J(*Zea63AtB1sBA~)<RuH1*g=GKdoIA6R5Ul;a|BIhyX7Aj`
zx#ymH?m6e4d#=(9%}Zqss6m)w`*wH89IT&yev=I(N>D2BM`2~O|B_Ss2HA=<sCqK3
z9oI``pb}0p-0d0#Iqh*8*+hmC-Xo<jihV4HHj#Q0;Bq$7L?uf#Vef&sK~He~IC1Bd
z=DWU~OYS=f#m7w6xrJW(Zk=1O(m&8Z+QjMmx4l4`5hX6b#kj!g$21nSG(Khm?Tu=z
zf~M~@ZGD;&Z`t9pCbs-?2cya-HF5Fz4%)sU8f?_rLn0`U+N|-ozoly4CG0L2=6*8%
z1nbIK16$?#vJnqwww_gkv6hpk$(%C`<kH9wa8Vx(R2(*)CpaQcuv(9QPCHqUk1T90
zA=U^*V%1nGrvH}ea;*R%`0sU01pmuH)<HuT%`~Vh{Tr5Yx|7YlyK(L{w^GR|;RBtq
z9XPf^thBJz!FfsVl>sGNY~pReLzE_6Z;}1SchzcpVegy+A#Wt)(!}p$chDACWN18T
z_Z<V1x5~8iO?QycuKoJU9WfF9ck$P!<F8NLF;I_ppb3e+r2Ede(6`|WLxPuxIz3l6
z|Dc$-JT~*+HpDj!UM5pQ3X>G4XWP{xe1a~C3W42Qnj07TXa&k~lr=LG&j6Z+CIM7}
zRLHI@hY5ZV7kf|%9$;35(pebDGa9rWCVMC|Cma^k+&h^y;Y!R2)j$@~*pATt9oZ80
zqA6i{Hkvn<=P-e@Vo1zhuJ65~b|9901Tf81$7Fd<Im<vsA5>D^;QY|Rp;xM`-Wo-l
zhIYTtA?Kx%dMAfwE`y{TcAXM!ElXZ@pU+%!EmFh4pX?lEup^Hu8Q<&zJ$zFpMiPSh
zTw#`6z1Mj;?r1&5CJ6U%E)0s>-}5>b{yC5|nV?!RmIYK)GXxM9X-+;*@EtbFAsYK1
zNc#o*<Lp1SBk<V#frj4uAGrAe70x10#G>TQk9`TGfg74SIe?&r?xWdE_hTMF{DzGQ
zWP#g8qW2awm4Yy2cReP9Fo~m+NF*9b++75y8RTv>yStsPTbb7;0E1|nz|h22!3nI_
zXuF@ywjZh6X2wm2YnEAZ%F85W6DoO~i)3M4NXz=*15S1WX(a8H{N%QQh9}9#zs8{N
zE#isv$|;jvpud?tzKY4-(kxs3s&TS+IxIouhUg^MwRY&0U~5<f-6}N;L8C!e*jDkn
zvKFCT2(y<ZUk2obe%1pjk9|_<-(J}@e0e`*x@Dm<AH&O)m6~B9fx=jtRRT?2XGcG6
z**o8as$j|5%>HCD3Apy@tz^YiLYhpa=Gs2|P0jye&m)=<TlBxq(DvKHF-75+mh?$~
zX030|i0^hKG4w}bYC@ubrfVu?D4_M{9*hZSOk+X$8<{T}L!Ko6xTq$fU8L#+0WH3t
z$ON?Tf0#&#A^kR4i@Ghra)zgLb=jJ3#f-UWmAM{4H?764`!$ZwVBDz*ksoPm;?Iub
z6|Q#n<GG$Vyi0Q~XfDxbRBs01MU^9bHd*N+2U^@GFV;aFlAvv6FkdRo#y4~!@98j*
z)psbjnD;~s<ho1lF~wL7%JVs_Z21k4<PLxYk%OU$Qw-s^w8eO7PIwQ7R@Jq=@FRFi
zpWG&9YO_?=%5vDuc4k#hn!<c}Q*~e7BIf%W%Q{Tc?|Heb4nR$h`|{qJru*{7a-K`f
z8S~|(E~K+Abd$dzo_|IoC>eTTg;>EQpbdpQhOtYy1XqwW-7Gp2QPv+&_7y`}e@^B-
zCkbVbr06D65^lA!<wLM7w~r98op6S>5#3x$(k$!3aLua(5pxqstbRbuAUm)a;4Ec5
zIE5#mQ<+fNm9acm<o1ivI!NSoN3%NZ;Da)bY`i24Ypxlqr^{tQfIMZfYjVt*2sBrH
zT$f#De32ltTyZ=$X;E>-QGE<YHOZ_HvsY>edkSYml;O)`NVIU5xmF;imbo5Dnz2uu
zVzYs4#Ja2*gW-A7YMi(c8d`OZO^ujBQ_fT#&$k#tM;9P5=iGC;t>U3DhMb3{>M-;%
z9aVQy^`X@!y6ip6)4;zJFgH!&Tt)7#)Ft%oQfkR*#qYRTNQpgcUoclIv|iT%Pq69i
zS!Rq2i`wjE+-6qX<Wj87-ih(qyVNxrnS|4IO%jt>{6!4;uNf0W-DKn^%e_}>ylg1U
zYuo`U>xRj7ud82W`4rCSv_fel&$-z#<~Lp2<(mrfI~8cFoMc_>DyS^C0zmnoEX9pg
z(Jm%OlYAV}@oNeXHeO)q=}RUr(O{b#Cy0Boq5j-bXef~&ex1<JFT3Im{U!B+hWcWV
z7f12pUMRkyD~4h@RkxY-Mc-twiurF}ks4>BgHzd<GX-gJ+!uyT=24o}`m(qRf1hh$
zWqAs8IvoTPK}pwiojLtux(-Hr|5w;7(y%!pj?Ja68xWgITvsPyGo+aXjxxz7)Ok1>
z4WH%u8neaZF`CfIPqkKl6hAkx)a9rw9|o;Vli8YZfpg;xxX(8Wpuhz}hvKIi6m1$5
zOAw0Gl#5eN!U{b~gW|IIfD#gKAtVL?iQ|&Vn%{6AZE-Wn@lGz02`%M4GdQ-*wuD`I
zn}n@vzta4*H8>j&G2_Z5T6&|lWWRX`W5mIl(l2?b%F(tpocap%Q2dw(q_A^xG3G6C
zXFw$=(Y=K0;-}WA090>cOI9cKWIn2xW&2^Vz8iXhzL#}udBzRMUuux8_?npHC5)f<
z-_PK_M02Zb?Z@^GQ!p;rtrw%N>oko2AW<e7nrImQ1J&b9iwvRx)L5_elzxOjKfPp*
z9q~B&RU%wV_GwzP2G^Ts+3z!&m+7qs+4DDN<GvVEAT81wWB#iTvm)<lMR=`ie?u30
zC;6k+0T`kEGX@&iEB<Oo`t@$oufN59h5itKeK!8OF8*2-e_a-TePBkCKBPOF&d>HP
z*Ux56(=;N@3H@CzE<C<QC$E;rm1NY0vNhdEJF0~iQ<`QA5)R_Yu36eaylJt6c+<&X
zJ6${1!*3|$nCoMG14G+q8oh`g5c*=rYr>y0!*?n+9dFjI8GI+jwIbPdqplTU#oIr}
zilHi0NMXF08B%jGGlkKl2RUPt{Q~_#*B+iV#Iy&xaXz8F)rsxhSf{u5z{M)77#)!j
zmU+GU2o!aTGXLLJ{01h#Z}q{bMjN3P-IGI94qf1ge5aV~h&)qFqK^cB<oV1WnP@~%
z3zLb2PxMDlNzr_NnZvPxg*_psV|d3y4M;<RcbW-rcaXg4bhD24;XFo8P<cvhSosYv
z7^rH-DmPF?AgS@5YQ4^7u5t-|Uo~ImQkd7CQ!6hM)v<5AJ<3p%VPIr6_$)(laUOY}
zDbw>X^_5R?jAW&Uuf~Id=#?2=y%{q=-X9d_X{Q({`VB@puS>`6y6|Omf;x=%zCeRs
zycJBj&4j@XO_DNHc{mTZi*e64Y51IM_<kYd@Xg0Py-Sw4?v~XbapV<Unq9(gvtL5x
z?3yPxJL)hIk2+jtY?_p@yZ}X>`9xx#c4t4BO-*(MFnA7d5E^(2BX;$~sX8sP6yZbe
zM?U#@Um>jM59ewA%24fKyIS~?P}w<rIUY_P%qfkP$3LkIY_IGdzI=?R4q5RJJmWp~
zm*d77A|}auTaM%o7EDNSrA?T@Imb!fp%_$P03>`039ciNYc3!>7PS;j8fXVZ^$V&9
zA^7P)1X%#RI@Z`cf<|fA4!p-;nMvR`r5j(GG<-Ra?xCO2?Tn$n@1P+>C%`|lS9fu4
z3ef#}-T$-XLjN|T+Bm&xQ`nWLG~o`?59h{>e|Aeqos%Mfu%w&+{wt9N$&UX>s<Ip?
zbum10U^o-Ze#12%_|;jCvV-XR{*Wu3+5O0^>mUqe?q!v=O}PDk>r8dbrD8M~kB5L3
zKJw@CL$dDARhmm4=!=cy{>BugVU99?F)@IFtoGNr@b4I7<Z!tQ@q-PT3!7#NU!jSe
zi^+3sel7x%Rejibk3(s3aJ6{weITSQ7{EzUKco+3Hp%`=S}SW`syvsr>^KJhxyivD
zEXhAu!ZmAf;W^IvIU3K;mdcuOs~Qx39jZuw9UQCg&bydPV4vrMzr$X0CeCp`*H(p5
zWUh8*X~#EfoAKD1A=yyVmwq!v!@{_@toE=gA7!<NT%!_&Z;%0)KIOVIS+z+tw)7H9
zrf6cxxI`5qADI+Zo+!qBMdF1sPXpfw-~;!Li<;I`(F@L?PStf9*QX4=-5(HqACdeQ
zW)82B_q4fCRTMLbFDuf|f6mnoVwW<Tc-;4!ZPSd`;4g@IW{>Wd;QPBf!UUPC0|Y!B
zu)QC?z0O6^<VuAGir!)q^xYh^n|dy~|Ivp{YpK5JSezaCGyJjoq6v1~w*<85qyM#?
z97iP%nIof)1BL|0uw4kNTADDGDOLb;A=Nj?Uo^zMy~rM*PYEDhkX$JcFL^WOmZ*26
z+BK(51o%F?dOId$!v`aNm`s!YGVME^{La$0@$AZAyMk7J&|1+jUJ#S3N6K6fr~Q-Y
zIxAHAnxX-k?wxr4ZZNuUYjcJpSMH0Rr(doQBigbP&eK~GHq&!b5`6X9!TMP#<fu<v
z;XZBV-W~UVp5eMR(FbI0f_*aPA(7yuag}C-zam~ki7QL50VV$@wFCQ!z8;C5eRwaD
zK7M$`5Sjs)rus-sQ)P~{`j|ayNIYgK^B#-?ukTqS(5Y+_uKHVzbZgJk_8HkPVb(A+
z4jmW|9e|eKK)ts5h#^78j`i{lP6KnRA+A=xt^>gO%U5SY{b5`hXsb};4h(_Q5686l
zH5xe8Ob2?jPwx|I)!M+YJ43^6QGBM{?z%Zq(=pM^cMgu}9sTxD<yQbh=SkfOV+2HN
zL!!;#1O5EOg-5ByDKW+|c}lPKH17VJqn#qT*hWf8f(^o!s_%`y`i-{1&wDVIAakR~
zo-aw<lYc(}(Y^$puI<S`8sC#&Jz29~jE$euEOzC|xTU}}f4e#()y~Kr>s$8&6xo($
zy8}j`Kkaypwok&MBd9CU(M5Mo(H#5PnsHr%GnO4sde4ZR^sXS7m`lp~utD=$h({>E
zfqMAUSm$lD%^mY)pjIB%M*2PgzE_VET-H`k(0Y7Rocv_hRf!X}-=~cB$EPr2tHV=?
z+YMyONa(HxRsP->R5-&xs{JL$;^p)MezgbqRVx3)b4g~1vZWRb@yowcoENzpM20aY
z(cLqKf5L=1?RFv*!!Wwxf_HxnsMD-;(4KdxNruwwkjY3<O?zVWh?u9Qgy+P9p`U+F
zLM+xUbM5>)O=K_qJifWd+&E%~(Bo1a+CFr)w+;Eo1^xj1hW{|cU59=}sz_Nbh_}y=
zGUH{B<Ni9TSNuTTYoN$=zwR|4P#iHB9a`|R^n*(n2kzC+*a}(AjKcG@9Gsq`J@m`Z
z^wXhz9Qp4@LQaK32TIxWY-Z%6-2s5HbF?`OBF<b`BqIliK#b&TL5g(s)xhh}#3k{b
z%i%RXZtB>%FEgJ2<8DSGJ=%%ajmI^Q06hG@u}8yoc=!1@)?+GS-h^b8F=s+N-onM?
z?HWUZy!|(QAxn_B&#)sN0<G3Msb8<3U;P1@66mnS@SnSeu!9y^nukA0+ZA`?ig`v8
zdVw$!1mByq>3c1m6uBFxZ_Y9ojQUKrKMNA9Jto5P>jMU6t3Sg;R&CE5#cxf*|CQFJ
za~%i=cq)rDfi!~qTTL41q+K3#>KPn6+L41tJMIP@;1G)5!<i1iKT(V;lR9Pqou`S(
z|A7Sgf4(OFr!)DVwud(0g5xL)P?#g$(}S0K;K`0G&;vx;)4DB{dez0k;9N^Sfy}@C
zO8P!0)y`y?Z1o|d@~{s4FwNnOXAVgw0A0xul!H*2=B_X%N2m;fAkzcDx8PA(u2zh)
z_<{ic&GZrVms$a@zxjggfrC*0V?6y*)pL$%QK$x%9mKH!@X^myQ19SC4YsSx((Q=L
z^F%GxkH9DOp?(Nw9LU_N9tw$*Etefe*95i=1voa@m0j4FT()a^qURL<L_XBR&d@*?
z24i}(md?y{qtJCXQ)Ns<2h5n+iDtX97J<oxttdd$Dmj4O@Oj(~tt5I+8#QX2Ve&uW
z)nx*9_P%+X0pnCo9xw`n^bW~2&^;t?<B>J@4$Sda%&{=;kDy-hoOztKIu6R`3@knx
zV;E__8#&If{YqTZpAjk4^F~Mz>(ZWrhZ(cfrLBk8LU^r9TQ^b*eO#9&nPY*Hi?H^w
z_xsD=g5r~@sVk<yqb|*^Wuow{ln)*=*<&7i+{GRX+2djMSiv4u?D0$Xc!oV*V2?ks
z$KToG9ro~H<LVV%vF?t@;}BTmC<X`X=wGK(N6)d2cE&sUO{}9|#XI_XyrVBCcJx14
zNB=|}eI==*FEeP~WRG{*V+VVDz#jY9;}iA>vBz2V=w^@9k@U!9k0I=FC3{>mk~(_(
zNWG)uuF=PpX;Nu-jnc>U-D%X_d84Sib4JCwJ8P8QU3pZjyBQ;6-Ax&p(B1Q_yFJuh
z<H*GBrZAWWutzp~T)`e!v&W6>F`hjH_L#vQbJ=47d;E+&9%7H>>`@7iJN5IXb7w2x
zfMf`r7Ov(Db#C-i$A8Kzco#A2b6pAc*-fD(>)aUIkM-G&H*`{;-Gy2)5LZlMU9pMY
zwccX9<vVlgit}QfEG~fm3*rCS@c%vV|6+cy8|NoHo@9^Tv&ZY~;bV^`_BhHOXV`<>
zkq5i!eoz+NEZJT@8|2=!>#x*j{q^m&DK4SCmU9jFrVY6gM}F*3{j0Mud?P#a@>cFR
zL*yo43~g5sV@QRC7LfG9rFhj!igUX+?I3*^J8FbhmiK&(lLDi8hHP_lv`d4bOb9S3
z)UDAmD=06<QTw1h8#1mz)Jk=0bkxGDj#?<F<5p6qnWVaD3AmM%X;}_s8Qy24BNqgX
zX$APF5dX}^Klk9D#qehhq8Oh~YR}(m&)2o5PkT0L&!gJ&jP_&^IR~#nT*q$s`7vIP
z`F<{8>7O9EN=iF)dg&#Yr9J!waPi*yaMc$ySQuY>327QIK;GOK8ZSwu31ht+s<hSe
z)w6IXHSPX*h8&jRo?I=%4e)y*UH>I2FVL;T?QTRdo?>#2#*4tQ!x#qelpAkfm}fCr
z>3*jp*QFRdK7OO!!inCk>^|duf8ktr=r^$O@I&^#f<xyy<y;xdbPL{$b_?E$mKIw6
zL@-)eZo#GR8KNDh#Y9&`S@(uku?DIi#V8d=Au%*;O)#og=z1-3b+7XQ+XoQCX|(!6
z%}cYfEM0mHa(Drmw2#w|L85nB9!#tP3L9-bBThzY;62!B(e~pk-ZP!HDBq<itJI4b
zopdqHNO;GKX*$pZ{DUx_H0;$rey7j8$4X_-=w*k%d#voRFcKv{!hmU7{?S|v@4Sa%
zrJ;JTI}~R9sK%HRp;zyx>pjrh^+gIy`q1z7P^5n%6Md+r9(ZqGc;?q=cy<m?!twBH
z3CEr)C?7Oh$UJwpG{;am$pS+%g)q%;^odnFkm~d(u{W~jUtCRbQJ;U2;-Y@|q7ID8
zfVlyIQOBmR%#X0lO)T@tSmq5Zvw>y)=y#Oa&N6?-GIzx?KgBY))KTWYu*}0)<|xa2
z^GmT<t}OGPDf8s}hSMZl(Lt<eFi*3fe-4`k9*lz(xeBrsvTSo$w$?$E?dIWHwieVN
zp#QAl7b~dYF~6gRUB8Qkr`7t;piE(zA7Pn)`VwXSNes%Xwf?irAH6`CN5($mQAt7Z
zL5?Fqj;__Cc$;bU(TEX)?chK;>5{#Q8wO$x&#)R&SaV-7q_n-*tGTCw=+s;n+G3>3
zg|+zSh1F4K%I!G94pz(7RaDF0SS_#iu4SfH%TlNX=$WynP6La)?XEj2dc}}v?GmfH
zel^7{1D0uuEk470zU7!1(z|{<on#dcSob<?^~;7@_a@x`7?7Gnkh;8G^oLXJUSj5n
z=fM~GelaU32vt5?0p=DukOvn!PudmADwgdPZOwd9Gt98{cw*MweZ`h5kPFI<3W%q-
zfqFhIuSD@XJidyl4rQ05>=oMmc>l3_2h6~hUh`X04$bf`*k#73J87cr+>+C?lzH!W
z3hqwM<q&N3t1JSZS&!wPp=9rn(4lQso>*o=KW1Bfc`F{1qKhgU@myf3wIPhT@jT%y
zCHrI1eJ-WqEm=7X_;e`y9Nu|{%no20X_Bpb$!S?}e%vXmclI!UWu>ju>pYT&w-(e&
zww@)YBU_by?h`%M2Kp|0jqf|Wa($kx$n_>kDTg<&{e2Ur6<}HxrWN499?`bj)zlu~
zoR^B;?Ds{lvk_RNa}WF}$2S<lvrHZlL!mT0ZRVY10j7Xsjo0qBrPI1U>^DR;YaS!2
zdG-aOn&1mM)tqKjGh_#mdh7F)`3{zO2g|%KmiY|J9IB<v@3G9+v&<i{%m-tc(KQ(|
zzYCfBzVEl{i|6!JlkT~qQ0xoQ2@QYz!-5B$+t+C8UI(swTP?q*buSwFrkt&NIk@ii
zgicuWb#E}T+UK-&kN2b-<F}9UnD7n2Cb@e);h*TnMb}HxpQK)&F1mM)z*`q(+c*5<
zNAO$60deF`S^e1o$^S*FtUd<RSwb<RO;8M{2%WnWZ9A7`TN^~BmBts;&gNFp7Fga6
zZ)IJQ?OTB_`WE`Q9#5USqZ+Y0y1X;<Y<nsedvC@S;bvSBOvvcFSL5xLOf>Z$HB!JG
zSslYkw$uFMql^TWG%^@lm+;6at^E|ZY0D@SY&NrtM;byK9?Uj`@#H|_dA;dThtd@p
zuHSFv9VaSn4&|(v-^#lWVR73^GrukasslpyBO&wEw_)&TFU(DAn^@J&*5+^Vq5@i*
z`=z3v{vPLB4%=>i%^>`hn&GgWUGj(U(9~Y{<BHm?rrU8>d`l{Ui$LR@S8Y<AA3+DI
z`O^a^M($)6n!JhfQYuI;1NEUC@E6WW=z4xt5W3^SYkS49$j~IE1ZLG;S(1CFneO{K
z66!+hqXc3bdL*J`2<*g_BPsPjNI2bp6#h?ST-NsR?`fMrNR;m&kHcHO$Be=L(;T*r
zC8tGY>-%&DABv8MJlKmL%}}=PKq8ggT`3jQ97^wa8IsaH1M3s9J{jwqrEH}79IDW>
z@JU(OU+SF~$V2`D_-q6I@hV+XGn@n<HUmWO>O3gR&fE&#3aahu5{&OW%e#)+FSWtg
zxh{daf_bINJbxY@tgzL&KJheE<R^}YyL?xk!8KG=S5kb}JXxI%5=WN=40QQ%kqhyU
zvlZgZ^6MnkI9gJ&N9&ljj|NmP7!4e2w4_cN4XcY8@vU^R>oT=mAmbC2;4$MUsbjGz
znkWr%t4JCetVu&Tx->LkB$I~lYGRt7P;=Fe=ScF2T}^>EOn30rXDMvjz_rg2M_LAt
z8r(7oUyCZtLyrZcH1pS_Gl}8+M&e%&E~DJfP@#dpdQRtGZ!>0xw@J`_ppfS`EYE+!
zBXVm^BTIaZC7!^<$u+xJ;#Vxu1S~R=SMvc&9Qr&ZUXF>E)-<t1GfVshG1IY&7)%FT
z8WaG)quYqvma;F~Tm<cX&$4@2p6$hL9W3)GmiZ}`c{9sg^K7rKnISWz|A9WIJq-`~
z0_BfCL*?frfbrFPRC7K1ato`ugw_1U8y5Y3ffULdgv_C*?$$-)XILRq3;-L;_7bbp
z$v*pjb)kT@>OC&u-r`6)6R_}#xN=KY=#zG4JRW9=owvee1+_cbJ3S9?3CcuICDk}g
zw)vbHKsfmAPQ3LeOG*Vbei+j*3xT(bChy`rV0P<Q(KKz7l!n6gAm_Bm>TRF{YWMj$
zl!FfMg0IYY7ZLD-T3r9-uRGm6oNG{I2FyPt^Fs;cg$WL&h3;eBRqB-wn$dFs^81&Z
zo}n!GxYMD|W%7cg90d8LB@gA7S{dt$Y{ly+WN)U$;g#~Bh;wjwV=6MJ2Kd2y*5bQY
zq#8$;P;~x;`8>;;`(dfg-U4%frguS8-b@85m!biOt=aV{_U@)sn)GM#49;<$c7cD%
z$FIlpu!8ax84&>PL(uieU97*dIxULX&Crt|?>UAGHFS3Q$>?rnaUQT7YrCi2C4^6;
zQ1~Gjj$OU@9ro{Vl6)qAjQHX`D0|@Q@>g=#V*QnDUA*T{DR{?5DRuEW>S9v=X4=ZJ
ze^BrK<o;n)sOy#Xg~|Nw4DvVZ2Z8KRMGm?G{2BP0>|HyaD1ONS=!$G>Ty`09(L{So
z)CUVXd|CdD=s%t6eX^IlyJ#<pyHx>{b|G&^fTZ29LirqJP-oE27X?dzg{{XM$Urc?
zq6S3(ftQ=`@|Cj1c>=IBPkTiHM!--Sgmxe29N|!BBhftx^j7L!P|N5|((t!~=<Ub0
zeXFh!dfg8pDw$u4(V$%^%)?L^2)=D!c^FSw;Z}>%<n9K{(`|wc6t$(-`V^zzKlDMr
zFgV{yzcjv)t$o$UuSfq{#|85Hzf=EPto~P(fcv;EPmA6$?}Grn8{}y_iN?G0KvI6+
zglPqsR)A@mJl*JO0vWLSn{yb~!w4evym}}ykIKQD&K(eWb|t9Ijt$4ZMQO?hl<K+d
zJPB4vq}6wxr&Z*g^~AicUQ7%z<!NGw=}+sdY%AlQZ*L|}_e++!>tV|Lho>m>pP%Z*
z#MeURM0=m4>=Tu9HIF?L_?guQ($6sGWgxGqLuNliduiLSY^dx?4%SK6RYG*%X0$3j
zkve&=>5pkHIt5SGd}iDV_lJzSp=;rj{HC;(nd1x=PP3l|(-y%`E`A@7C+gyA#X4W!
z%GUtdCT%CNlWZZu@CW1gWcd#Ld$yxRFO+hBssXR+RdN7mk$+?0aH!aoLRS!e{xsns
z97EG0)^pSdd*A<*c5J{nLku2(_xT-T<M0-)ovgs`*mrMQ1^$fb&&uS7l72(^AN49f
zBe6W<V?Y8vl+HD2KW7R0eKI*@t+7T!1%G7*EjoC)2n2OQ<8LO4sj?+&#SLhr@`p0S
znz=vv?eA~gYzMjhxTrKi+JHq(m@mKCe=J35#C_FTvEyK$`TeZ}#6<zBH6IYUTkJT3
z1}uN)WHG<Vx)<a^HS=vl-UFw3d!t^JI=1U6Lhi<25Rs)bio7O<>cI@vKiGssmeikn
zUdH~oE)^Hq^}gUaBdyv$uxcl>YF}ft+w@egYTtjGOWMCqy8kSXR6M$l2jit$Pe~Nd
z3Bzy6YPlsxR`0c#BBPS|!%0wXltZCf4Bv+F*}V%aS*Ts7t?n0@^dzu_TO6Pp+5agk
z9Uy#88e*XPdvfsNXEVyvq#(XM0i{Ui8=-G+OEI{|8=WU3e}azXefNFtP{|p0H)tRN
z<J|Ce3#qIPE-PK=dmUaT>OXA~t9r`)SEcYzT!Eh#)g$thCVwbJ<m%nWQz?KAmYOJ3
zb)qkl>n3sAybm{S$HTrLTJukkQ{f_C<*%PJD9z%ch7q2~9MK=X2FfpLz!H&1_42>x
zS@|E%Y<jHBq?P{@D_>Z|v+^yDpJqY%JSvYRA``HD36wWvOg6YCiQC#|{P|D6-C-ut
zei4)n;n^W9>ppUMF_axcWifYtBd|OrLr~_J!lfzHlZu;QMRVPNk;B%`B$=R#a~?!K
z6%aETfpE=y^-2`-_KF>6MWtD3i%^`V3{dJM|EZ~X{QMNuQ^;=&7V^*Sv=^L$3I%>+
zfbfl{2<_&5pkx|!#9v7!db~PqJ5v0+_$R*w0gw)1tN!k(qBXD$lX0GPoItM0)k^Mt
zhLZd`XsU#lI%$@5LdJT^@S()jN$w8~?0zWpj*yjZyxTc=I@2I+)@f6ui-?KwjogPU
z%^#jBW;7S_zp9f!nkcM3B?AC_Ni!@Bh1FOWZ*P)$`)-+k?YKz629+kM<D|?Tckr)u
zN!)%h9{@XIaOC&6=Cdp92Z&pKweRZCfYE~uczHJrgg=}Sc|hPd?G(4f0O9H-g%j!o
z6Fa6SVB2`nA)S=OPcTGQUl>hUQdN&(<Jjd(=Rn8As*{G!XtV~A1D(YCOoI+(Pw10V
znIO=1Ie@1q{zZPnfsKQ?+7hS|{mIE!+gS_~Y=YR)Oo+`tqI?yxN>%Mxvz+l2ztLws
zEL87|=XYHS5Pu+Z{&x|=NE&c9>tRvpul&d)W%&7D`3tK*a1M|;pFGkhb~Hs&@u|6%
z=(=3HvcKbyIJ_P2Wk+*;J(=qVYUX;Rrih8m^k)G}9S0a+RJuJ;027e0J3RY527SiQ
zN?W-2eA0dmEM4AG({{q2t;_ifAUEf9(K}vNjkm}ONWo3Q7VN4c-!Iu3R%eJ&Llr|z
zGsQnPiF5;}t!vdyG%SoZaBw1*Q$i#gK2{9TJ{s7+N>M3*;&?wUweRkVI+tV9lb~ry
z>6G%%K;yRNrO=)U+Cy9?w09F$IlYFe+@e<*DZmw=oqs-%NFdEMF(6hA(MrU=Dkf#N
zsjqmNaejAB^xo*5Zo;c-?-I5mAVU5Q(R0eqOGojFd73>TLJ`oZr0kct9g=%LZLIi1
zQzhja$$x&TWc^0sb~-?I7%wX!IpZh}q3dCw{x2NL>F^O+D@5xz{Bu6BCJuZ+AZ$`>
zF^A_AU;QSISe?(Oz5u+xK=gv1hW0m#=S^o+gR;_UZ3qpGWP+psDYES-(V;xNd&#AE
zseQ-i63{yT+Ig6DGKekKZ&<jv$w<Py8;^5n(*orgsA^X$RHX!9*@ZzDxFGbMS1?;-
zj!b>*HB<eq8HssU-WSO)L1Wgx%4+>)<s`g#&?<K9-HZ^}^UnxMFmer6G7%Oy*Ej~G
z3zWQeu_iX`>0-wrOi?biD@#qH9w#+^VLPzbM5MNc|J;M_BFXUy7V>%ZxKH`8$$cKU
z>s-`o_&k3bKN#eg(6TuxhBmyY(gc6g#=npQA4mIn_w|%*^uRSg&o%IFWXUN13`NsS
zY#x9{-6rzarnd2S_>~a8Ho<E%)QpU<4whz`hq&H{rX;lU<AHxsM!~P!{UWmgvrJi`
z;gso)GzC6~UMQs!^DH@#6SxjF3m^@d`Su6^3C*FBTERh<fj@!#@THM=V-Rrw<obI2
z6X56XC8)%jw>GlT!DXSNm5FClVI|20Qq;N;fMx<vOIqX~BMeJt!(07Q2aT7=zt)8H
z`NaHY^$oV}>=FIZsUnBV4KJOISQd(WMZL8_yg8MB&M$6{56T{b8`vL`-Ne{9va^7F
z_`BkzX|i`JZJFZrf!<;ht%?}NpVq_tI=tRl>O>lcIVxK_^*M^*xc350pQUw+<j1MF
z$BK)|*CMUiK=&;tGjWICVLgfap=Fp})y*c!`h-aWIbS}RJVT)2l~+XOTYZwXqwfiw
zM5`v<jqqR25v+Iz&JnTK9C?kJ#5s~9vSrT2Cr=Vp@_(5y3uLaF;w-SK6Mirn^PjrN
zd?-$y4-04Mbh;4e0*Szt&U^nA{r@;l|3AJ6{m)9G|22Kn|16FE*C74N7o-0-FQET5
z|6A$*jsGX~KNnVHBwbvXZt>0sHAPYmhHm>BiR!?ewNJWxqIm1<URMr?x7nh#8z^Y1
zsHSc7ATG0vO|`hzj>WFjDQECe56MF&<7fDB2oM`k5HHsrMbyJjNV@%F7>?RnKtZi`
z_)q{0Da``Avr^YzWK~AJNmP#5m9|jet7ud}aAwh_4X#G`Yc}>Qzup?P+u95HXX^y@
z*R-ng)Aot^o%wBmsui<D+kpz6t=5}kB7=5lk|oE(VUym6tA1QQ<(gO~{g|cgz$(91
zTP%<EEg^n(mhyq9v<P?=b&s?)E~!kSOARIE80{<Bm2OcvC@7)Ou{P{rl;ovM3#ww+
zKN+Vn>t7G+-?Li(_Q(2Xmu+V%=Jx7eq=*urxWjhBIhBm`7w=mn8|qla_v#g-xpJVm
z>k1)Sr_SIU$_c@?XGu=@pCk_lR}Tuez?<FH&99+z=^)MCwDP9S$#N0Rc$_1!)YGX>
z+4d=4O<H}&VXH4vVLeP*2{H`G>%7U<ik%*QK>a0l)z-=vgZiD{3bn7e3A_5!-d&vo
zbHH<$f8L+iv3l0AvDmSKULA{!5Ib6En&pQ8{i3o<*$FVXDs`N(GZR`o;=bdf|GVSM
zosExgc5Hk}>d9|P7~c)r`0l~+JqvShg@m2HeM_%SPv4@!N-(oQCMSgkbg$`!i!BL*
zyye0{z6=L>r1}U4;|znWGy*hBa>M)CFe{DaSz$bPh3Q>9dDr1kk6t;N4RvfGprPJC
zL+z@dVSYR|%qy&iDIYS73LNL68S0pul|4#GpplUBed<%VG{H(|>*PzD`4@d6cZQ>J
zzZ@Z-*?SZxz`Ugat|;hD5=jFL8f=TQQ*Yh%_yq$T*I%l7q7A>9xIDvuA_a5_rL9)n
z5@+LQ#Ex*Bjb8?AJZ3)%s>ZjO0t9kE*JRKXK$uXonfXX+5>=xO)_dgQ?gLTvP3$N8
z%@@%e9wyp4SMl4DJBZEOIx9N2C3g;z6X2a%#2c3PU$hU+5O}?~xaIJeP5U25D?=}U
zFJS<q6$6#OML{g0t|jCvJ_+O&iEBa`NUE1q<M^ts7`!wt>^EQ3?C|(j3?X=X4G2No
z-D@b4)*DoXd(gSUA0Fu%Bre*G*kgvAT3iT_=V#(prU9iUVYAVI{-mcE^9B7*X`}M!
zVs;%!CyREINv26$<YOk8P~L?#VLjN>(CSz{ad_hOjivg?OoR0?Gfikr-}Ry0CUoP4
z^`X1PbH3<qcTW%hwBPLKH~B@bGj1P+rf}BZf`*mn{DA6T1<Z~7rbdzTi#5tx_Af3k
zaP_)9#NU}lkg)P&`YfMT{?+}*?`Rg|<;l*0h5KV+euM!Fk4#>z??~IQiU~&e{tUc>
zj`Jlh@~^F8i+lq7eU>kcmH%<toeAY1{+{Legz`T~D1YPkDxWoEPdVnhBcRn0(93^W
z{{7nDP#$mpmGXrCf6wxz3FVh2lz;fb^4j<f0J?)obd|p~r8d4$f{5+$q1j2~B@i%x
z4~e|EuU4Ir%BJ3ufnwBG6-b4-hy|5K{M-Bf1*(52)-L!@rvNuv)Xb(v>(vQOB{Z}J
z8`^df!w5-dlk=;ypylW_51d|hZB>w(J)MF+BcfW!sq3kTeYdhZxsb9Oa#eNRn*#t3
zLx6)PZ9m(QoCnfyo+YKR{Q%?-XdM~G6snOfOD`r7?*hW_X~!;HoOP@VYg1IyM`*sI
zWoRU`s9fh7eNiUzJz9#f7K`3aZ~xd{?Tw}O`eriUvpr%x{|NQn9uEGni!h<y4MeGd
z3(JpZ<&n8i;RccG`hLvmq75X~e^ame5jb&6jCrvYE17fkT{G~rB>S4Ee8jH3m$t{U
zgDhrN=2`N@I^WSNUpI(uUyi8sbEx-mGKf4wK~A|u*ftD>Qg!m46{8H{0`#x)w6Eyr
zu=O}^k2pnjZ1-(B@!KX^Z%(6&P@^cqTngp0Wu*(Hui;Y15fF2D_!$`}b?nom4;i&9
z8Gx``@|2yDvK#7kT?vI<!}01Z%Lx5Wz)wOOpz83N6l$MekH)zY>nR+3^OmeZ1_Mz5
z?$)%HSbd>4PoUc3C(%Gwofbjbdf!6*Ujjd<mpZ<PivTc(0;=&6byB5LpWkULC|Ya3
zzEE`gGo<JT(cPlE>k`2H@&-Y5a2R!N9uTeiprt^}-#JU2bOUP568EKD0RcU_tpF$3
zGjcFm#BZ|SkTt2mX^o6$zUwFl(zUF>1(l95$OY5pC^-f?DGoJVFS+Z4Nd>M9Nu3S@
zamIO-thCAb-P$S3H8-W<cJ9Xc33y+EX&^P5y)c?Fyi77^ctMoB^m!a5+I;^X_J6c;
z1~<(Lr2HMF4C<`J&i{I5Fj@?qzaBe3C^Dqao;mV+Sht{yp;xWcv!0$S<2`#0)4X=*
znQX~J>39^bEIy_-(*k$emAt@3vZy=iz=6xy3gZVnSGA8ZL~gD+kNk*tD^Pix#9td^
zHWFH={>v3#=U;K*c4OKX-;6QvStdSfb`}~?;7=x<na3M)L~p7<TiY--e)i&JFn3mj
z49-gd{P5fyf_(H9X}F^~DBizsuYtahGA$<9Oc@Nms`F9PWW(}oTqkd4?XQFO!;fjR
zi9U>CAD+Pvcqbc@&a%0=n6?_zW<~MHNRZ;UUYACvG?qs*4KaID;(jRZhL$a`EOwvc
z-vg`|csbI`_>(({j6ZhEiqL;dNFghZY{_bq`Rj2rOU~%ztLx}o!veN_nnj!i7V3B7
zldac$6FVXo(wnhTQ0j$zpHS&5u&=d`;gROV=<etqo#uAR$g0$798PA=-I-E8Qt3qI
zk?)t)>#dS|=OCCO%9o7ta;0E2VuBB2;6s)p{|nJuZZXRW2=eD;<#@<`W10aimet?j
zl=YSvWbZv8DY`?Rc+Z*T{k(;p9$&=(s7+Q*gr2)Tjk2KYdeCSZP4B80605q9W%3>j
z-w^!(Jwgm<|LnVecBLmjSXdb>C|v8z<Y5*-_Zp%fNbcw*lCpn!5I3=MM0Yp88An3o
z<p3~tbvEbj#-75QY8UhO$?Bv*P;`(Ih|RH^MAp+unK=7kGD+@WmZ;h-Jo=AI(cP8f
z3qT%;I=`mw5EV`vjkC;dxkvP7iQdH~_!7Da(~`HO>k84C8~Suls3>SO8^Xh)xS4g)
z{hQm#nR-Gxx-p~+7&pz}?!3;K>+Zb41)^C{jP8-@YDxR?L|xh8EOZg4WGcwvPj@uc
zIRyT4u4^i%6u3rNeI?et;Ty5echbi$dI;;DmEu0TaAAg@ul_U*MsKUWm`U%w&;Dh;
zN17Se0cEW|+_N#WM~<~2*}qEWw;2bOsA5p4>}p?fyKD>b8&;;FFIi@uRON5lzj3h0
z`D7ZudP(s+tj8R-dVa$XA&*QS21!w$h<^N?t~X1pQPI`|D1fi;GWOLI#&GFEW#?$u
zJtDUoy9?{)1Mf1P9E}X^H9y$*1prri46Hd0V7Ibu*Q#R@7m})c2vw<?xxGa30oN5p
z?y#ul{x(vJ&7-gGyXdFQ?WQ&&H)yFIjDZpUJw-(A5y@KVKF9IZUSpzvHmaWaXK6eA
zW~%E!44JxVke%P=7u=n{a6SZoUC#ON_aRqyWd*m?H3+R<TTq&e+ygoJZ4D(ThSBJE
z{oFaq-L=$tsk`eJyvJ-r2gVb$C`C%}jUb$eZ@7R*tW@E9R3Ui{@RaZ>C7@h~!HiML
zTNwAxuv=!M5QBbJ7WAgFj7QlWBnr_fI+Twk{<T{CWwI-o7CUa>BV#ks*4;;;Ri7fW
zY!%S9b&bFbMariR<!d4!yEoGkMxS&&fkNcb1|JJM8)b9`GuP~V2p8WR(SO3M>=iTG
zM0E@-h5L2WO?`>_OSBP`SPuiG2>gq+C46b4#C;_zM`Yy_P>9Ufft(VhQQ#V(2LJ}i
zW+d3H7zGfZQO33pVJgqpj9Uy=Oo|Lmu-w}AX{i-va!qJ8BVKZ79tcWfBE1n0+(L+)
zXDO7GT#JK$?HqPdq^-_4#!&8<bsX=~aRT~0hxzJXLotl3Mms^cp2l{9+G!`~4BH7h
zBX)cq+XOnuHh~VXO`roLBWpWA%^%<nP@QBwLP6OvhDdA+XezBS`?Ou4DCGVl<PIOD
z;lLsH;@|^h1>xV2b1~EcBDBmM6=*@~l}YyIT4YEn6v(hTp4@9dCaO-MGf2QEB>zzq
zH_UQ|zeH&&QMzQMMW|sr^Nn`Z%f_<ZVGG##(p@l~L5bTfaX|-NfM-Us#IY>lx?wD7
z<zmMo__ZyB?4y!xH@^=3Z^B_p=<LG@qlsLylAvBx&o-y_0FtRw)Qy!7m*6<QhUn;M
z+QPP~x&&np_RqN>JOXJ23nW&x5)T!)F4u7Ex<rBnfkT#*!$6Hpl>DcsI=B-Ig*cwE
z1_^JTdJI~?tjO2I$q#x~k;60}GtN9lcO^=I?ng^?!h8iD=~>bZ#TJSk2cSs;^X>48
z9&~Sv+VP~=j@uLWl;fsaB+7W8Xrjv_qS6w2>l2i157FeblRt=(Vpnc83GZ-`zvGSw
zOwD6vlp@89`p9ve{=*ZylKeB!e=t<nrfu(_zeF3}Y2d90g$F~<C+Yit#lN%jZGR!o
zc`gA=?;vl5NwoQ0*8p9)Mu|!)pO<#`gQE=m;9^r<an3|4fuU&9?ts+D4HV|z@3LX`
zF)VvlJi8&Dy+2E}1dGR@%y%dJ4BP1Z65WkGk4@LvxV&f4(Ogpbf}uD2<2g_nz5oH-
zE-C{G`E5a^*rc5ChfMsoPUW#oe9hvw`IO=;c<rR<K%|wM=tmAltQ6~tb4hV8wg52y
zydQwUz{>D`OnW!O`{&ww0Sr|khKEV`zBu;1+EU3rozQ;bvEsUFI%9(CiC8mW{~s4m
z?!W(!no<p%F(z4=n6VZWCJC12e4o`<SlN@xzu-e}sQiGaK7LOI2IP1L9e7fZvHDw6
zN*3*XEE{IKzjd(S4;xDs9h}l1e@3!k#oaxl%(-r{T-G6R?GEk;0Czx$zp`+#Du}hn
zAbN4_V$D_3(-!=XEXT1O%jRx`MKyjz!vsxpZC?AvJau+7>T`FelOn?xHCcVi+&t*5
zDFJDj2}sLIMA|ImNtIox<wZ)P`*^BrqPRJK!G^#$c?&j({A=}M&E_jTkvW^MOhcsj
z8&hb#6}M<v(Ajvo$?9|9sWczgS(IvDm!%Y65A=VJQd|HkndRQK#ba=`{2b_NJaXi!
z9Z1IP#@ht{^)GTzC7?s{q#D2~O!F>eJ%W7I<ehE8(P1_umOo)fp!4E80(GkKJzeC`
zcLbtp_Ivt{0MfHg&ZcemqO807Fg96$O>Q=1Jhb*KG69_<=t_$z^el#ird4{L=0Cdd
z``Xu&`%1bUfYIA(cH2Huq{V1`e9vFBq4$?xbOQtiG{1oOB=V*HUhRKx`}}u660@r9
z{^;L?<H_%D&;J+gla+1Ozui7=z$D4LeHpIYJ@6>0LwZu$VA3XMDgjZR<s-|i#EbP>
z0cf|mm%Yxqm*mFqyrXFHC}i}hZ=f?taGOp^*1e&B9*7axcXuDzPN?)lT!X}DV&|Ix
zi27LP>rocvXZf}1QD_Li`&rU@6Tb8Fq~FR}e>f$<g+(oj_cu_}3H=p#u}SMMU(zft
z+M8e?hW>f^3;ingiLj8f>9<c@6x1BL)k!Lwe)Z(h&7DDi?rfD!zx|p&GM?<aY~^LM
z0gpuala5l<Zm80|!xTxeMgbJwGwt&vKfeSMWWs%=aTgWY*5(?E8;u2ZMhmWlH6us{
z>e!a4p%)E~!WR4#x_=<Tm?|oBO_3Za8pOiaV&SV~<z@_x!jWh0(k!;s3d>Zm*o-Tq
z@H0FS$NXQ>mO+c5@<Hh3RE}Lm!4FP_@-(>0134%f;0g<@(XzJKjQj&bLgX=P4ZFz;
z)_W}+bb+M#Vq{y`!b>eE$3tGMono?N!~e#*VmfZh#N?FaDbNx0yphnYoK*3dY-Kkp
zb2IUaSxX+nlCzY#IhdTMC10V*0m@uU94_JRIDbi0#|wHJdu3FS$h5263v!URpA1T?
zOH@vxu#hJyA2C@x^aO~(7?s*)w5;k+!y4WJb-U~WziFCjJWP!8u<I85kpVw4%0G5p
zi$D6qkN)L*Tvy<a0q|o$dBBy02+gEQgbC9!%PT~0DmhKcwxh1AwYJS#!-G;#Mlo6>
zTe`Ll?@&%gW`b4_ndX{`HJOC*(@f=`xo*NA8So>ce81}|{LvqN^e=C8<=~G2@MA#v
zd#(WpO6CNBp!{{&I}ut{I_acBK}@<#w!dq{x(ju$JUlG?W<O#9L}fv!$3O-$Ej33=
z&7~+Mc{u*NAPK|rvKWJ@8le?uQJb|-{*UW_<-6-ovd63dZYz5?S~eRr{Z6XkHs5;?
zV`R#<edRDCN^|18CSsOqqSJqSH73C4)wd>p7NY@CnV(ZP-OLm!;4bqsy>l?AGyNFm
zl}t*hscyQ3$qjXR!G0V-wIWfDhqZb<t?6X}m^GPVS+gCNZ>g*v6-}d~%rBR%vrueN
zrp}XMPf-!yG_sQwX8a>+3hg`;bjvNb<ME9`v_Fb8QI3a<1`a3P?T|McbKD~<CuF5N
z^zpZ-@b3gths2+2iFK41R9Y}`v6lEIp3?Qw)Voo67}SjAnabTD4^Kx<k*&-(<9tq4
zrdxv3^QgOIq82BD{DyDidC#{!O!3U&w>3@#HJbOdLW<Jt4}-kj04bTg=YW=y#ZpYX
zC&*H|a^R<t_q>CZ_*+f>?wpAm2{XLsk9aBZe_$Y>ClmZ_3W*<~a$Yt)+gqBY&f%=>
z7*#g98jm@M>ehk>fvh%vjZT6k0kQ0iSO!d|Y^F&rD>lky145;#48>UtyTp$0Yz|^K
zi=9pgz0$*^ES)2H&mr!1FoYIpiObG0<!rq6dm;RGKV~*ae8~>J<RhSp!UX4`zT&G^
zeX&;4sS>uTWQ)jHtC=XiuDF0m&DP@@g9e-%wbcala#~ROT1|54TI4!(;x81Vby$|i
zvi+gZ7MyL7e8k~wZN+c`rNOc>JLEi%mIh2iRnpFHa#}3x%oOQHsY*SmNJe;SDwGLd
zO?G&<E5(`oHb36Fk+qqmgsLcvL}hvQ=4U#gUscq-)#>UJ8#`g_F-UD%^<8ltVeMUU
z9bw&F7b;fz_t^>G?}7IxwfDt|dK3uct#wTCA{C44zKBZICFT3AJ`8?}8dYOlqvGE|
zl`ut6+L%Ihh$&Q&!T!_6MeV3g`A?%Z)jX@LeB*3K*-;1gt;Btuq)i=>xfB1UHYK_{
z)0Ynv)gixtZh4K5!$J>z+`1r+C*OiNo^~wgrAtv)K$+@tAM345b&6Z!$`oh@4Vp4l
z6IZ61nKIP?%2bh8-k2qDz9QAg;gIIqm8E8;Kdm*er~nkCG-1DG?raCBq)LnA?wYv#
z7RlW`k$+-0G0CoB{1ca<@=nK`I|uMjlu#_LV*HiMyKhOQfV8_XYRGndhgrrwyDufB
z$-&jjijU4c_&d`i&L=(Kn*_rqsEa0H=o<gIsWP7YfxP=1T&;uKCu_$f{5_C8C@Tlx
zqs$$OlK@~KFiV|ulk`9kY6^%C1mFQBTcGnm^*c*IsFSw6@>lwIt?2H_bWNjq7I`qf
z1uo+Os8$K1>bJ;rya-x62QAi057bh%P>%QfjML_5_-PgzOX@hCOa$D1(SJMzXyI1$
z$MUqV?uUB??qH_CZ>xR4r{DxL98dzj)_%UuG(!`=$@f6hBq6UwQ0Go6sXko7Z`uV=
z?**tqDcR<exH`et)z1OU)&V1pcsvbYO8yA#)ks_mj4JwW8dPIpzMl|%I%zYfNzL9#
z-?MKO@|y*&LFNtsFbxkhT*trDz;6du&ih;Y8_?%S&Hg~on%69-b8<?m@iyZI07w9U
zV2T_BlpsJ7)F5*Q1!NpX3-F9U39K36=W!x#jv*VN2?4koK!8$!xORpHF<_|>k7*KW
zFO8vg9HO=+UdM$q?czvQ@1NxGAgryDzk8~KJ0!iE1WW{IP|{E%aZP}`oe8)D!i!uS
zcY6h{QRaNm<;H)7yS;*XE8q@BaZ`Zdt_j(T#03OjC*rPN=9-}*zlJ;b|AWXq3=xg`
zIuPzKXfzi3p50f49P%Ugi~g>uY;>AI+((X%qf^Ll1L^uuh}}0;M-ps{=#Q9~Yetr&
z?3MhjAn7+tXb5HIQIwoUHi1wIS&o|p|M46tBOqn$<v02LN3;B&n)r8ii5Y$wPxo!w
zhesL77HZNj5&3TpWDGa{1jwxo;i<Tv7h8K#e~inIc67#o_M4^c39AS2iwl+vdC?)Z
zWORz}p89EL{nqpcY{UX0j{F1htbBZRnWch6yJ+tl6H+jsm6X3v>^S7`w9iui)36wi
z>GRU34t3)t^qrUX_1-k*<BdAFPoYlCi2J}?bH!+}s_RYo$-CddfvM`kYesoD#`#0V
zU_9{LD|odMcy5?tC02D|v}b<ZpHWs|7R2BAU{Z_G`kG%r(Z8g+7Kk+ot3@Eu^cFzV
zn-p6pWZPc;*??5@x|RV*RPr|(#myQ54U#RuKkYLCqiPbX0$9Hk-G!Df4bI1JM`QYU
zsj3z`Csz4Ocb<>NK2F4sm%~Ry5`3g?>mM<uF$gi(1A+ftuvE>ynK6Hv+Z#h&tBDJ+
zArSHdg8DeVmCzIqprtS{nL?lNzY7Q^oNjxis>WB>qqfjoF}dbL3~!U)EV*m%os1{3
zgc>x;*?GraJJ%%WrTO30+D$FMbz9<vSJ#V5<CeG6@Vtt%I8olCidGk>VpJ|`mKHVA
z!DCR5h$DAh#T|U0;a&j`01NK!d-xapVpYRGaL*SeSAJu~4*(XUDjFxRgId%|Cyt~H
ztY@#*mh1PCkK#+c6dO2cyFOyl*4S9Rrw>wONJ9LOC@3u;{2Z#70#jk8ntkQFIBM;I
zRM%&C0%eApdx_}Z1tWisf3{ZUjsrm$Wm_x%bij0o-*iZ<s>S?~cVL|3^tTR~5o$a;
z1SJg8%EEadt>g`Sm>xq`z#~p_2~cl~LA^Z&^;R9~_fTee5@nuxK3}#R;PdBMLLmKg
zjv$fvl+a$A>M8{CNO4V&mBRr1Ay_&t75()o0+p3*XO^2~?i_T-i2g&iPX+$zoxS}x
z_-#S4%w7%pS_F?bD<4St|E##OuqQ~9XCO=-;9Tvz;~Q9-WF<^DFW8k2>>xJpAOy(y
zbu#w}tkk0as2MpSFhMaR0Ht;U3luY&{KtR`HUJllv%th-@(Jw9&f-&uUfwHodVDJe
z;O5LPqehBa@0}9@RybI6cbk^165Yo;E0&|Fd|RdVPuxCL`zLL_O8X~mF>C)~`^(<J
z4iFGVel=6gy&U9(esca{NjdBo*&=qd$Rk^1HG3l7Snja40k=<ajBJ#wha4G)WCdFG
zn?Q10vQ@PCdG{a^aROp~BSM4+j`oB<AsMjSytJRSJ^UE0Bl|@6iKEu&LjK{j|F{*;
zPdz;FW%eBM20WkqihnrQ27m6gWkFhGA^&X%o?pZB3_QCQ^7o!!$RF;8_b|MlhWFNm
z{Fmq8|1ZAcS5JbXs~@ywQK&3XecljlZO-NGfgI<fxRkq(cFs^IaoG4gt?>m~<M+Z7
z*N3n8id-usd<rcdg%*x2<UctMwZrdy7Aq_^Cdqcjbx^hioFgzlzlm4pOs(wx4gW&G
zcRa12aqTctyXst@$D-YGXTzs^wELAW9M78b-*-GmX#b?mY1+U4ug23lhoSV~Y=+Wf
zv;QxS=ML8Bz;#;V8)yFy#&g8KF`n`BquM@d=ne{D;bRdmal>EvQ1;#|c&BMY{z<6r
zoDl}<X7o*1k9*n<?xeLrRMYs`qk6{+0tS+8;Wv#*DXctUD)gOBEi|765nIaNEvy|X
zMT1gwhjP|o`*z7b(VOZOJ3S4oiF?l>Ri#QGC}BWSrBTjr;~)PsjoBv@qafj^XgIx#
zazlCeE2=9(o`#C6KyOF)FPAmRbv89J1e7dlY2~jYFX@>^CZ0SM-IF8Mu?B-{1msia
zM3vc{kt;Q4E3vLHgwG%>8oS5@dWQF7ZL6O{b40(;{hdZbWSyu^9z8DyT_q1}ztSKp
zZB}2X&|xyn#=R}B19wFIohcZ^bSdr59sO3Mn@mOZwp3XixO3JhgMMGZt>=r|jr~o0
z^?C#Q-J|`k)_zCnx3dD?FG<KMMWNn+5hL}j-b_IReE9Af99e*Jb}Yf^fWIluD@3Im
zUQ%5@<Tqu>YFZJ1P}FWrF*&ovsE?(M*3(==VQxjPgZj@$u7bZkkr86FF>+Zfr%}%d
z`JAaxwV2;V+rUly;}mTcbzN9uI#YnuDi+%nKj{5HnYhia4hcF&Y4?FapGu=byKyjd
z>hG+-r9Im34chPX+HVaXrQgzTX9di<Z*l7j5%3NkK4p$mu0fIF1UIT%;4k(547{Ye
zO8HIGqoO*n7(i$@noQ1#Af#()H|lBE#M3U<(nP+bC&EK|q(8LV6EVWy^Qax<pOI`n
zi7)brO4}V6I{d_JqKlpI0HU~VrYXU_>&c|}r<;k~L7xQF^^oschcid0oN@yQb9HFC
z<J#N(M(5!0i)28?AH3&jD%1q+LdR41b$EcSa!LX3d7MP-X`H*>?CxCQT85{)-N6*H
z3o0Lk_AW6PnCk%^B0qvo(B&3jD4rIMnbr!(32-t<=H#ryzqiMI*5~$TZr*(^8qIG4
zrd#UAFlGZ&(XDVbzveQEO6Ln_7%`?MfJT>*DknqlJjA@T@`%mgCNp!_;@A%u52hGO
z$`0nVg%F{+hM8~`KO4K%!Zy4JP3GmZqV0@xpl0E03%zt@Fj^F}k0~HaXhCQ>pJFJf
zjyn7C^V1%?GY8#!!uN9wmcx(4VR4St;BeXqhR$RdT$Mq)MX&P*tWMXfkvD3F68g`C
z$M-W}8t*~REA;!VxF**SHW2>CSg04rXpOtqlH>4v##f_3(~kaHLRHUSNzFNwj`z^?
zj6p$t!>j4oer<{R_uEjMUv&EZTT>1G^I1T4I~*9>>&%P}OITEb?wx)Zk8aW3F_r55
z5o%7@+#fJ168~OMa-W$R{;iQgwf09jhR81nYWI1-xg}Kt8-o||^L=3oVuaCxJyGY)
z<W3eF>>3*EHd`}aN+Fv63+bdA2Kyfz8|+`R%3NtsQG~)nbjj$oJvi06H#{s|Yw0en
zrMnUk@G>G`{lPRsz*x+nzCx-*Ei~VQeUp?nrAul#9>;`+8bHWf&<f~Nh!9*_6;L*t
zc=vr6DNylUh0%E?;~(BLkIZ=kKfNcOp97t#2}801WMip>zv>v~uIgfC%ou?X>U;cg
zRI!*zPZcwymXNFj!k4Eoyk-Fi4&?-_YOK3R5?7^RfZ_IoV#`UuPP@NQ=IwQ4>(GMP
zDt@Wu7^qi54f8lX?BM^@0(}Hk5pp~Dl0)$SKH%1h-@*Uw%wI5Rx75)LkDxTN%VBGj
zm4l-DAn4Ff64UpEpVz3ba%K$i7!_V=?hQsO7YCym!I<$qz-UG=+5_JK$KxD>!;AXA
zwGpH<R|YY7PU7nIZD`)WHHqpRPQQ-JY@on-oxs}s5?|6JaDLIVck@qH_Cy7~#BYrX
zRbB6=lH+yvswtCSTEiKfw@k**P6_GM4(f27<Ucw!?PlDF@*f?8Ci0OD*1e)_kH}98
zpf_+vJqiG0kUsk(h8~(R$`HxLw*~liNiyLU&S3bf8AW^mgSLc!sLw0~$&P<-x9C1Q
zHC#no+&WpHe^W~<TBED)MemJpepi)$DneBTQp*`m%=arz?xUOt7$Eo0aUhg(fIC=E
zp5i*ubkLmw5B~8>agVDxB>Iny(Kq^dgE*36XvN)0GnxQyk+%n+b4Yau!mp)#H|E=9
zRpRvMLx}mkAVs2u07kQ3;PwLS+ceC#A?CXg^Aaz2@oEm;+=%Gst25~xGxF6VQ`q6r
zYRsUIMOBau#))2o(I#_2Ib*k|+#ELI#mt)viGv<sN56mN7kGQ8|5&=aAw9oK<o~u0
z&}oeV9l|2pCQ!$LegoVG!WP_OiIi>8%42DJm*DQnU3x_cRVH9<P?g|r7$D?#6~4m(
zcZl4iH$;ta|EiJx@V<o@Us$j;2z+S+_W?+l17QhTHW>qk;JvOmxlXX@0_EBZk<Gn9
z3*K=IJ$D)wlF;e?$PHlm0TDP%*Lo7ElvqCl@`8C4q{1a_VqJhXaa)c<f`n79<b8>y
zNxXfp*s-^#q4!LMxfq|RA4((7$|D2XtQ_9FG!3{?<SJQdkgd(2^~lyEV#aRXgUeB2
z`+mEr1C;qaL?^rBbRw#caJuh|*<g)Iwta;ldBF5+=gz|{*iJ)Va=z+3(ntC5*t{A#
z9cGgS-;DTnSydEsx^76GUq`1U%rCKO2jV=zk`N=JIz~h%fr!p(M6?@-s9Wah<cvL{
zGBFZ>e7At;gAq)dL69U-VjoPQ@M_#Tb_d}9mZ-zpEL#uB8I2fc%(REE{t52W4otGK
zCdps*|F`6?LXf|1UBu+CpA&ltGx=*aEIvmx`Kyqom&D{RF}5V<Z$=YNg8Vf?m%pyp
z<gd$h`3toIc5G<u&zRIRo+PkZCV`m=ZMC`t))be1@(89ingmwxof23f`N0ff5?CR%
zR~Y(XMqC0r`1MGVz?_^8&HSIop>f(YNSu=iifAt=JdZ+eK@QVvK4)Tb*q<Y>#N@C}
zUCh9h@GGFS)+;~`Gja^US=5=&G(jwn1SX><hvdWrvF8&7u?N!G#=EI6QOsulE>TR@
z7mNoJMX{e58DKvIz#<RDMX{l}C^khCkfw0@zP2Wd<-`ZRh6X+^i~UWP#cDKJY)O(V
zhV6NZM?t$J611dgO_ga)mBn!2?%B?-e+~sPch5Dv`inHJ_Yy_zn@VQJe=U)XEbdDp
zyETQDN_pe~*>-^U6f<e;hx7ZE#w?WE&lW#wcw{r)58@f1OJt8FN@Q1S5?Oi*L+`JP
zbcyV%m_&Bi`2R*CLwM4QV(8EBQzG;IpOMIJ*Ceu^^d*sTO|bk|p{~P$1OVb#CHjGM
zaseQ@&5XkbtPSq&MId_ZSyjkHFB=oRW{RE$=QM%e6!o7R;XgVIm*bguQn2c1G`iYg
z-CNa#_3=dkuG603iwR#u`)wmZ_`<j8_;yJ$r5-M1s7e&R%=%m^OBBBDOccJZP7uDV
zG2shk%szy#$p*YTM3cLsOzy&k@A0c))$ku1)*QMDdy!EO`T#ERl{jDQ^~wNPg3x_A
zyrC~Sivy8K!zZqm!WP5;3Rc{H0BZ}w=pJjkJGux&s<XU05XGo2CQ@<q&P1xADOz_i
zgO1~4!>arY$!Fq7?qNu7<htw`eq}(ogVTj7g7e=Os}SjtpKXcN@STEH-hW%Lx&{R+
z;$jyHR#Q>1+I11Z>MdHy=AqY<CR*XmQU70wRtNhKt#G3CXcKLVHqmx-ABmc{&6j-R
zKEFtlqi_=3^d(FT3%*(K?J_28C(2Ry?e)nCQw8Lx`eZpur<@bRs)84ro^4!@JtL^x
z9Pu&f4_U3`spmaglSHaPT_7;M{9Pi|eJD~5i6+F)OO&VR7)*<xd@U(ayrvFCfSP$U
ze><%0p?(8{QHuC>q{aYqH?(~wfU90V75!p!W~jM%Am1RUvL%Wxy%<{<BckKIKTfJ6
zsssfk7|NS%FtDh(X0-hY@8Ow5!TnE=Ay1j@%7Yd&iVoM;;LU~5>QkA)XbG%i3oI7+
zmRDjs!K+`OMD(D=WY7PIU;hH0B~_gkOV#<x{<xKk_fHG{&r=9$S!oT;f-36l7BluZ
zjLRjgmYGVh;|Tfag@(<6lm)PcL;KJ~wjHWA^VOHq=I*H#;{^Blx$n+3P|*K>qBEZv
zgBE0=Js&z{S5Avc>lW&Sav=2Rd|2gcqf0)=Q&gEHw&T2tqN{fSLfgWx|16yZM03?S
z2JBCvpl5FdIn!Iv0Rg)F;(!Er-+}`6>*iTZ{Cf1^^ll_<g3`yz-@{S)OGQBQ3go-2
ziaW82YRXErEH}n#`Dyxvwfs7z&sv7`s^uCeN~c~&;BGmFcpa*}tVcOrIUt~z<oU*k
zj)Sm@T2V+*z7+glrj>B#;p4o`^B5j?qARKrb{`wTSAT;16L4Ik;rJs#X)4L@<kw8c
z6=FYyIP0N%6)wlq7y0|_Ui&}HUgtk7cK%O6#ktiYs>`G3tYO>loMBgucrUks`CsPO
zCGB_Ey~cO!Uilqk3I8X*U6G**ul=2G?cU6H^b{b<V2^0qx4H$!%n}ZwzO3vM{HN3G
zT${U_^?;WH3d4&Xryq0z1t)j++--B|Ynz~)Ey+L2uYVf_p|YSISI9cL2@P0LotWQY
z_paND<-J?CBEq33dy15;)%Y%{E22`g9&~=bdIj3MwAf#c{JIjaaeIkZ-mbyFj>?vJ
z?c2XC@n&w<6G?P;*Fi5jR(}vilbN6#>7xfY1P2NFclw5YQ)+MMb9LzDt!8ieRttl>
zyxI~6S_Z}s(`Qv`BIE(KUjXpe0Q@yN{<m5H_!<PhMo%&8khg><pn$CGNAj_A-51Bb
ztq<tC`1LpH(D(fJaNm}M`ykGDfPWjnzpXd^w_z8y^^N~mQqZT%gYKe5YNmE(OWXN0
zYKC)n;9F6hWTcJA{QY<r=%f9D(a3$`b7H*c+r5jD#s_?wW~^RCRUI{-5A&uaGzMxB
zltYobVG^}`sw~)O!AZE32VtmuoyFixkNS`b+~>_pZWsI~b(Yy3DS<KfGG5SfQrY^C
z6{Nh(TQyWHt9Nf*hd&L@3@FV;LU4DRmkiaphu}YvLN|hiK1>fry(|mrjkbEFkuPnE
z&qvgYZookE?PO=PHLV(GYhIOY>sXo_&O=pt>qabVYcBu7>)dFzb?}c5##JiXXzN%O
z2%p5BekY2ClCp!|#>prST?UYaX{#%-`~{;!_jY|Jiks62#dI5sUHP)=WDkbg0`7<O
z0^DVt#p_&`C-blQB(BM>z;8U^Eb_0NkvU*q>+<l7ES@o^J5Khv-WS?;a?asU$O4&y
zAP8fb*g^Cla!P)~i(Tl~ej4W4MtCby=DlhW)DjK{GyHfL`i!)LT55r@EB}WD2QCW-
zE@{lqnV0;CR-M>z;i&ig4@UhYRnr|hV(e?w5g)L|2=TEV3}c;xV;z~Q--jL>?+_dB
zC0DVr4w6r?$G6fH$+h}Cz7<1X=Umw+{N`A=$N)OL1YcXNc(E!9GJX2IB=6rnM`OK9
zQb0}Xkd$vl1!mp}>)z0>zc3mc-qC`$g!a@i2F%irDG9`#Yv_`J(+=Bt*GTQv^I64E
zc;!bJDkm&(UQb6o_KCLEC1>EzQVT|RG0#+UuMwlWWc8|_FBk<%WNpFZ7Yq@rmhod*
z359ck2!rXSUhyoTVyw{C%DX!;BHE^uNef)_W%W@`vVFooF~Epx=C*#Sc*Nax8~?<3
z+><HGTqkqKqQ~66Cdjn3fZsGDMcGqWd9t&xGFspQS_`E3kEXi)O`wm|i?%~chD4^|
z_^eGQWf<GE9a?%Fl;aZ0U9Oj@>O#8@{{&v`2f(cz6j``7J@Qio$el?MFN#ux%1NmP
zUcpXTeS{r5ewe|*hXIC_!=ar2s8L;+QQ0+tFY0oi<TE-El8-0T4chJ$D7ZGgxBpZ$
zNX`+#^#0+a^qd+#K-b3InkFHNUQ2F0KaKXBi&Bf(@4Php{HPH=PlTT%(nxdbPayFM
z>c=Ijm?2blPAK7v>IL^PUJ3Y*8|~`jXe*dB!49f26lk(%G%B3{zFn=v4}cx~<WmLK
z8$T{gop_AVY;a~)bsa!#Ri~w)^2pvZ`xy-W<0h!9KBL)vl*g?PpurA|tHJJvb|@zt
z%Ex%_C@+k=cfs_G@Tv3I<x%0!>3L1~pLB^)Q3jfS@<dyRcYm3h)PFOf<Iz;DzxY#7
zd;&l&sB2l51n8(bJp;SI7u6*oXNHmCE=|K-Ar<Zdt<qScKBadX@YF1*D+p&$RVS2~
zkzUO3d5cy<Kdpuv2$}}!uKy@@zA?j(1HZ?A(qvcaksb&tfv{N5Z}Mk!3fh1moG>0l
ze9<f*zRy`#O<Grv(k*E9*f#)Y5|r<Rs_hwdcs>O4KWx;tlK&Tb?*iXcl`V|tBx#$L
z!Y){OC`!RNHu7o|2LcotNZ=ei;UVA)bacSZbZ|y(6N-wEnpS#@(T=0eo$KS?nYr`2
zbLZ;JI2CZjq@_=wv_+x7$V-6}B2bF<1>}5d?R}CaX^YO>`R?5R_rLn1Ip^%x+Iz3P
z9(%35Hh`p2A$k`I1x~|Y<VD)>BXr%ltjK&QQgR$!02Al(qP}k~^XLZLK(i<B{v|$Q
zlo8Pzx%NBEb2M5}cF=ekr!hS^lKu_}4x_(AgUR$aB^bVhzpI0tcu2^bESk=#-ZngX
z+w4tZidlpF%a8S%cevnoJ==`TqC3(5j&Hs@zW3k+&2|icAp3!Y1z*ue`a(*}am&-x
zi^M=ZuOk}AVVshY?RvbinSXEs+X1E)7ElKkA3;AJ1D+(x;p?i=Ge`6ljTWUGXy|4&
zch2^q*xH1X(3(>h3(;r>Q5r%t2GxlIg`E*&$vyPw#vMtRjMv8p7h$pr>tA#XR-lA&
zpsqVlL4EUq1W<qe$yGpo>VY^=i$4QU8&IqOi9d_RX8AsYWkjS;bTdPK>(VX-XzeKa
ziH0td-#-~`=OMl>z#N$Zqj|}ID(OSa8%ln)UQZ*5`Ht#U{{#;_nf<{OUEg%{Xf=_>
zL?fYl9N0tY9PQz#2+Z5Q!Fm|L>Aa2WE5B{v@&YR#UY$_B1j~0Y;Zqy@rTP%M2L9@T
zKW48w^pmO53sP&O5j4*`U>>6F&?9QC@~3BMD^Dc0ay_>40;^3Qnh$@ILb-TG^Px#p
zcui`=5)#HyfR8!2K^goLleLmVneaCyG;C`!e*H76gvRK|j(}4`_ut`zm;jS}7Xv6I
z5uoP}$4(eU4BmGqP8d%o4AD_OS*xd{;vsZa<AJM{J<dgpEBJ+ZrIFGF6w=%WhTMT}
z2<uVaiFl+13*l`mP<c%#X{$lgH%%k33|BSa!h7>`3iRIl6R`Q?Ls!A(J6A=pc|2m|
zZ;tnMkY<SXiuCIha`Aq>DhsP$Gh)6v9}Ln^+c7hju_|`vQYpIOnMI$I9sPR<7flYL
zedW_C8Njt5)#&@x?lMui4F$5;<F1}uT^joN&Fu5@v%tr5srd2nzK@T^Ir_bejc3Ru
z&3aAf*Rd(&rJ3mXPgB=GYH%XHdUD^Q^;!Gs%Y%;+{pjfXD8^THr^2ct@@TATHoV4X
z__uH*L)Tu&@M<_Q!%w0a_G5<U>1*zfCyu74?|*!w1{DLT*6f#mX*6g;PlYz%#qekT
zGo4-#e*%6(`S{d^Pa{LO<MVEOP7B?F&wiS-n$eqU4(nBGUMfCGN9CXPC1=QA9AY0|
zP-`#6dJOpVRBSDK)NGHa*&cx3fzF>U#hZoL34hhO)5pUSBYat>bEHkW;5nWmc*2IF
z;Z$D;zD%(^_%21EF5Yvx8@~IJ-d>4Tr{1{z8xYnOlFD>W;4YBLLT(<ZoR*AEmRk6l
zsTH^m2iFJ*x=6wzeN6VG1*CFpvV+^@;P%05GQ6fI!$S(qEpkmFcZ8A{PhGd`6||ig
z%^+GPePd;ezhnALTBC@;=<0Y&k1HfvI$hWF#i+~%E*Z?k9Zzo-p3{_$f=V&}Si}W3
z;zB#VnSP-cbf3bWbH~t2_u6eM=vBgREklo&yz&{m8XvETlzvF}$0}zN07E~@if*BE
ztmq=zR;yWUmAb8dIoay2&#{%~aqJZYzhf!tCoRbFDS7U_IeFz9biBu}5B;hlkL*xv
zzJ*;-%Z<gEi`LA3j_10R)A@Cp)lSHw4V8M7)uap~XyUik_$~N-_3ak=_AT|TkiIQb
z-+n;f=BsZL=-VAi<R*-$E3X=9)78fK<Iw*|?|&cVHn!XEmuX-}8aHZ?`>*gYd?t;!
z78i||8fo&;MFz3*3#ig=?lk*R-<eM;CryVz*yCH)<>|e#cq)wizb=IdSd;!5y1V-B
znEuv{8s#|3H}DXAL!*hiAJNmZ+LaE8H((;#+Ve`!5()ha-5ZUWK<&Mhmg+?BcV$7T
z5odk3FFYp2m~--z2Pqz)WS3Vy$$-B4J}VH$Zc27%)mhabk_EEJ1<n3iP7}(87Ju>P
zjhavf-p-5<De&+bJZ#s}F*+*${4mNFf>P_Sd_l@^$3M6h((*{<9vX1N=Q!r>d9e6K
zyij#D&P$yi6;gWliF>vIMB@eU6*>W8a4EVPL~4eH9s&%N=N)Eb+z^oUAo%1w{RRl*
zlenw*)z_BLS6y5n(5F;xZt$ESeRU4MN`<o%D}=#YCcne+CB2M8_X1UoA3_k6x5CFr
zcwFdDA@-;6P_#eEU%Nja9Jp$Ks_5jyhz5c>AbEUUm0E4uRq8CbdY#P6gN{+k*BhhJ
zi512o7%ANkI%M!Q_!A9R`dtiHnvG?GKL`)}{Ts@_-@mOy?y-q-@sLJc<P{&WMV|fZ
zbWQB~jzqhZr(TZ4h3mim)hy|eEYbMO-Mnw;bJW`w!(4=hT_wJ1wjk}sW8_k&ASo;|
z8y@$}^PJLwN@hOGO9yDoNFdj*P;3~&&e2Sw@u3^pD568oG%a3cAJ$Q?i{i27vq1LI
zp(CWD-}Q8bk!SZ)2cN?NTUtPJ6pW&(Hv$PyL06h@!^08|+04E0bdMHq?ph4`g<c;x
zHUfUr(*wuTQv>)VGjJ?9wI1{9>}1E-bZct$hMNRW?PbAJr^k>lK<acDJR^%dheBy^
zsR2)TX&k=0F9VjqEJE83jNRLjc>cqML?H|hlV$_)dh$+QX#_;FcIsys*cLctKn;R|
zJEFScJ;5Vdjizru#y=n3>q+U2s02r{X~}cLa39K-ISeXxrf|Tpnt;~MPR}b<HZ%rK
zCZ}GZmv`1_`<+LbE&yghc6ijMm-?R^3jkSJ8$+;8+5lJlaqtSLlUP&DfaPnEQR<<&
zC$C3qD0w*mm1v+6+#oA$aD5z{n#9Uqu}UF_v_F0nw~!Rv&OMkP2pI4_9TAstzEu*3
za~SQ;UOsj>8rt!KWW5n_fo!=M1vq#EOt49xz(^w$px8<VXefw|(})}7*+UqV;H&_|
zU_h)`9K{M-6f0(aC04-er1aF94H*%nfcAqK=uhHX5EgukuLyt%hys@!(wA}Lbvv7z
z9kbKRlqXjR${s<fR*$I^)9pP!o>Wm95HCDebj7=a58=j(y8h_=W8Pn4Tzd@WrRMC`
zI;48?+)FyzNE8KVGaKsF$*;iqf`nR3(8I(52n&EZ;gK0FRQewjfJQtB0z+Ng5`0}3
z&wu&o)MEC#^f<Mobdi2QOxVzZm&$tdMjeZ0Y_R^GV-639*<{O8XdK5NE+7zGf!Spf
z>5$GxCUP#M1v7BhgsyisZ+u-HPNXFB(td~U9zE~7J8Y*Rc5Qel6vQ?pU?4M&B>>1S
zTxjXI&@u&(>Xa(zUZ<WI03ZJavf+f*SbaR_keY<9{hl7ZYpKX}F7ag&%<D}D6b%51
ziio0*()}L9O?3W}4vJE>wfxZxZTZ@3xPY8tE!Ss=(k_gDCZ!v3?hgc4p_LW|Bn&vt
z`yNz8sXlHzE!Ctnz)=_B)hQeTY)63Y2rxy3D8L^DF>*O9AZzMbfLM#(pQZpnjJqhK
zU1J1KAnfpEf}mfem1LU)M6xM3Q*B@Ltq;SDQmOW4J!_6=p}E62K4bG(bJ6h`hs|B5
zr)K?R8?=Y()YOERIJ4F=c~9*X2ab}bN@tVgU<+04dO^C;v+D0xpk{PhP1oB?8=f2<
zsXE2rIuLBvsXYneVJU<bq@?}97ciDkjev2m8-h)^n7F-yvR5==9BTL`)qsj-bzho7
z${LX9rfKQLsO*l@4)fV4js(YZ6sr`(d(axXnnkXiu{26Wsv;PMp(uj?$wjLH47KCT
z0V6*X$%EmBgXrTxc676V&UkULnur2w@cR)^>i~C9)wW80I!?hH^rPtqLue^{<4xG5
zNN$YV3I$l_(A^?9Ino8C%DPp@S{0>M*6@?JFk719XAlA0*e@DVHPX3q4A-0I4o@Ma
zhf#Fy&LyR-SPw4Q%FD>1P@thiu@4_RoOi*bjm2<jmvHuG<LnKA@$b}I46dW0ITR!I
zSQWnrt3&WTsY9#~iEXcl5vz&KPi!(wA?@;hp6f7ohJGV(2N1&6&?=g;mp66r&@CVb
z&|m5>R}J7fbAzdBr};>yu^5}0$cWzxLyEm}recrEY#cR-K&1c&5S5Yahzp(xLPyj!
z`VyY2SB~L{qtF`4b9|3;>NEmdTFTFI;@ZZo;=ozP+L85u<i>%D&+=<k)Pek2G=K40
zNk(A?>4SHp(NJz9T;OaP6e7qzoG=%RN}2sMVtRDFQ{9rcG&--tu_abdPp&frf2TN4
z&ZDdRSSS^E((N{j-#I1m2<M#Wj!^^M8j3r{IYkvYBfHfXnYe9kkh^!_Zgq%6OaH5e
z;(L7Xd=(Ws^&AHE0`WBDR+$D878OlZs*-gDv3f6^;ucWb`tTSs006-pHG`*4hlC<%
zVm?wxr-3RmBu_!=&$At&7rLftG_DDKn?K|GA1@6G{kD91)E%8svL5;vJi~T$YR1qV
zoyW>zc62@(VL&B6i$`65=*{r+A!66|A5jV-+rP=N^QBC_{pI|Kd>fqjW#WC<AYQt?
zZ>Z^1R;G8n<VVUwdUG@#=vV<uRQdni>}+wIz8tL)#Nk7<MtPc6qlv2S4@T7X9qP9B
z-EX9;?G096bF@A{0BW`GSJ@M4WvQ&PMEQLwHPe34zjCQdXu*paKx#kIqz4)6vbJbM
z%r-;hxPtjJ(KmTDtU*`-(eayCJ}FC3b~-Glox4Fk)#uLx_LH6GKdHxiSMs@e+DX~b
zZJSmE^Lsm}9uTUD>NQ*I7~o4^PpA7|%b7vBAEZ3j2{6uVO56w<y+hpyQb_5~HO%<x
zIiYi!`MTPrpx%knh3I&YN(*^!_NIJk2CiF=Ukg0Ubw=<g`l2DB0?3Jvg%3G67!I{~
zoO}(E&~R44?4_h~<8Y3>Y+S0vH*Mrik8irjTQcvPJ)B2H!&9XfEnTi{sDj1r-~6eT
z4T0mI(>1XXCZhLQI;2{9on^$(-X%53k4sDe2dr$BZ`y-{aE*6f^b|Yy0sX>z7s)of
zl%9tCbV%)TIhMnS1_C24RfX58)igw+;ssyXj@zBNi$>D3ykC^y(yM}nwVK2p=gqI6
z@$gdW7SbrDG+sGsg<0q(i`PeiJWlsLh^<8$B^B$Xg$BNEVLHuB@g4P3P$6#<Fm8Rf
zHm*8e!kY{?Iq{}3&+*GV*Fq1FKc$P`&s=iF>JBtp-94#f%d48m5$fnCpC)q3I{K-M
zeIk8dP!^}>$?Mp8@?T>_CDUHK2gErE{%V~g@n#U08Sp31UDurFR#J<f0u+jUp9Sww
zE$~2pGcWD6y1UbgZpCx8Q$zRA)6(!bE+kUNCV0#YS?SFqovyUdbUeOY*6EyzkqmC7
zvw;CgsROZ$wmcXI+#!`}R|UsVYbh<*vMMniNz8ih!<VpkR9WjLBKS7xRlme%PShyY
zIy4Ju(7)k2z(>*44ftkt&&_cSK}Mj|yE+7vn|koR&!faM7Cn&LY^H8r*@ezIZnhq7
z_k?p?H=<dwNZ~C9dFf)|8N43mQdz6Z20Hyo6jj1gTxQ@<mV?CeF=bW}pxsX^IixJ0
za?)LpqwsSm8>CkWDAmAw|IABAM7*M@iw`JT3?@*fY?{k^PF+S^<LYq}+4qD_g~z?=
z$`t2f_oguYtKi=`Q=F?=ASyl1=jOi%7%l6lXj16(-a)5#IJClM*ga#4(*SZ9{9+V<
z+R!-Uc%d=q)fl>lSDHe@SSqC9$^RqRuOq}(mG>Tp9V|r_gbtlvEfw+1ohZdd#tZOc
zjMZ}qs<ytv1<^G)UVpdymNzSVTw_Jwljxq}yaqDg;Y^0VIj$6|ySl|L9kPR(;{KGg
zb{@8q9fxgPn{QerJhfVV(+aIh0HlvpQr4qk&S7sNlag9Ml6M*G=EHW7+3vARyR9Xk
zp_>)^64U-d@5Z<E3%!rNWe^G!4Ad-g2j)xg4Q~i>6kNei0;ep5PX>q7D+JDD37%@L
z!}1r`PU<0eJ*~mP3Ol$1m{YIj1SN5Eh5!{g(-ulAUetq3D2)WHztfI)7qRhyb;CJ#
z=&j`CDyydjBw2fDt25PBz8|`!FFc0*v$WXA;zoQ&gFOa-YP3tk%$+u=F{H)eZlE&R
zL8k$x;UzQ+q3<i6Rj}i+iHme(oJR5@#+%2GufCxx^Cm#o(@U&UGmaF2LBX3S?lHFp
zJvb}U&gg()LhN`w`WlSa>embo@^;X{U0Eo>2O)4a3*HYpxX?lg)1;%=ZPer(mXBPG
z)E9R&7SpqAmoS@N&87}hhz`@n=c2=u3y5Tw0`ocNi#R?o(am&x8gP85E{Egew_2KE
ze5&xBj*pdy%}@bdd>E4q4;au`6L?*PsS%|LTv)KG9s;&`8H3tHmQ)^FPY=`e^e|md
z594}zEN(sF(lPDlJz>r{8UAXW!{D#Zwa`72uB0mXbxj3=7Mg+VCYsr`4-(+B>&5|>
zSQSg9OU%^7wI_%pD!y#}2IV_3`;~Vu_k`2P3mD(hJIWItN}j!<!MOXO5!fFef6>!D
zMye+-1}PeBI>*+=D7IY@T9p{zMcQR8`IOB(W?0}|@sfU?clApKM?uG{MOD0mt6d;D
zUxFz=mn9bLW1l(}NGl)*jZO%&9)MZj<=RP?2d%(S(8@AaVMe{05%*AD!VLyoE2MN8
zja+4W3Fbd&NAJ8&^5Rgmkf+c+RJ<w%k3;rq=tZ5rYk!zKLE}w-9@rNt>!7axxTQK(
zi^+iZFaCm2gi@pk<VAE)09xuBdL1oR!VuqJr}tfj7F&VFMEZ?iqVk@1^%ngCueim)
z1LBI@zIhUS-~m}h@^*v39b6zmnnP-2l)(=@uXZ*58n7J;=`oXoYr#x<H4|d{Pz+J%
zOtDETwm@%7!Z@{sCYYV;c;7<3)Jo$DVszm;^xHUGqX7M`L)QQe4T~;a41|)nL!Mqe
zy&eJmn^Vw6I?lNcYG-<<4Zd0}ZLH&tHT71h4FGVMsup<1{un0Z$LNuKh)oCRERe9N
zC?P5HB}fTl%6<I`T@Km%{9t|QZ!-BM;s)zn$orP)srxI}&6}F>-aDyI`jQ7JuJurj
zBAo-_FEjyQvU!*2t^1DC0fK_h45MDBFX=T-z2cWrJmD<ztby7H>hyt6f!e_$#xV%~
z7OJsI0c*)|>OPBe&-`asyr+kM1{nDkz&9A;_w+dIFnui|*9xx&7DW@?_O*iLf@?R-
z)<`VIvQ*I$Du#kW{*uHZLIZ|w4pR)>LP4W5QGx3Z<G5cONa{#A6qP!7Z_#LK%;vqz
zv+$5pP_}j{if(>7tp{~qc7u-~Ezr}mA+FSI%!Adbvr5Cf^9?j3%8#ra-uHB*oqsu4
zqtxjrdi0l%?p}@yDH|8kC>7Igf%2mf)8g>#zJp&I&w%Nplmoc7jqY)5S23;?X4Gmq
zwCNs5g4agJnuf1Jx=Di~-H853mxwJ(qu8<lrzDhjHJrR@aGaders5>vTTv35kwk=>
z33=%KLrZ~{lhWOk-XeWLqaDsHN*|S!^de=MLQyhQgkN!wEi&BZ!>nN#aQQ$D9*?4C
zU=UeiQ8}u=F?<#&J~t=eGlpT6M8xO%IDGD`LWCA6LPMSa<k72nkoa7SXyzn<$UoM5
z$0^kyLmZaIMU?A-<ZGs)Gfjt=rWtMC>CV~qvd#^Ytibp_&@rZaPLNK6K6I2G{^(WD
zH_7r-semapO5w?vxT?rH+o1wy2>x9I51UR%?N;QGx1b|@==*lW*<aCNdm6fXN^3sL
z&Ii1^A7*M|=#Mt3tIu&h?!1o8tM@v+hCcs!uRhLy9zC5B{pV|`|GZZp^`D2w82|Y&
zP=Ps0#D9L8LjC9esJHrlz)2H>Mzockg@^0mA)>!prB0jomia#YG`u<UHmaE@p6;X%
zXbf>t_SA&gem|ZEI|VpqlP=(Bi3T=Wr~Bfy$Hj|X?gg4S^qIRDi+hCe#8Mi5=f!(a
zVL^|O>E8qvm-)ODpu7=d08^&cK#$DF^LyXoi=OZpscF+YpmBB360RXsfDbLj_N-E)
zwd91#7tO5|l&dWOrU>%#LFDOt3`=wr?7~kGu82|0qg=5nDi0tlENEaE8D~^8Qfj-7
z$^$_d=ZA6YA1DQ`?BEJ`iGziT(0LjJ1>_Uw7M$=y4sO>11O|mkn9B~4J2Fp#G&D6J
zZB-#@L`X(sDLu>8gt_!;E&yXQ!Knr@QxaMGtEvaO&vi7tgAA!O^9=w+o?c-SQTf@O
zjN$9a3p1&!<$OJj_793v==#X{g^k8^>$)#a+PJVMd>wg_(6d)vcoTWU;XA)O71yd&
z`oe13ZEgA7%I&rWKG$14mov9!Qi?nOSYBrx%<(Ufybqb@%X}EGFa1vmYMt+!X0-ck
zM#WCv-s$O0+Db9c(d?-TD-EDr`jXt!CTJG>^zP8uK76RN{YX!{;5oyQXCH)7w=`O%
z1|;U7Ol&x2m0InlMysXcnU5W7I+pmxz9T5LHfayl6B_a>M5!4_)^GK8??jOF&p5a}
z4(SY)jkqei6yyQ7i!ub?0uCd|3YM@S)o$EH4Zts<nZkht6)#=DFvTzhHg3g_3`MzC
zrPh^e^WCrG%UU;opB?9A`-hG-hZk@wUf1W5musw^eHi*Cuk@@_u$G?z9a6vXXlM@7
znK{<?lW4Dcxy`eoB5m|OMlA1qUDdy^JX65zsDNR4D-g&uEWz6I>a3P(D_K$v+J;qC
zHyl-x&L%zjBRxH(UWMYq8Xa$`A}>_Z4c&R1qznF*MrhPnaYn2#BOr-tZpY2sX(jW0
zlZ-HRCz+gp-gVDi$k0d=%}Vh26-DvtaK$fWEB;&Riob`h_+^n5Z@(>e#bd}1vx3qv
zr!M&Z>-`Tg>)outa$m;wW2J@&AA*nh6+lnl*Tamy5AuH-TeJIY((3o=5_1$(F|oc4
z$n5(DQ6-tU<!<Rw*E_AiQQ&7~ksiOVS2M<}cR9M=y|~_V>U!^kg^G7J$`9WM`u;vH
z_g2Oa-;eM^SjhV&ND|nckP$d`BOD{4jJnu?2S5>)CvL6VSletXc=W*Mfy{njduf*G
zo06q=FGzy@;^W4Uhb)xU7G&U(CmG4aq&Et6J8^&4;d2^Ci_&zj-iR6vTFZnF_NaI1
z#?xoK>?>gJvu^<}%<|e^xGbdBiWpq|Bn+fZTJZu1HLW1}yo>=hl?Jqb7k@;n-(-rv
z?|ycv#x)Wz(NgNs7L5_RFkWRZSNs`uUD_a{6>!#u1h1g5to@^2V|6#>sAd{l`Lu|u
zk!U&Y8p`_el1M{lM?HNupr_9ajhZ-B!Rt(K7d)F}jcYpmv}>FO7Kn7y&>gCOmHd-G
zMBR^S^@bcQ;9C%JKXPr14O}|xS2S>`)w>w4KaK2<cmFb40q@H+2$ucMJLtw)y=ZA)
ze=88IIDdx43aQMnmfx+EgYsT4_!e`5rB;xd3O{9-kkxl}k+p6C?U+!vK&DPcwF@{+
zG?*%pzKd>iKfob~?Dg+{n{9Nj^`uk&?M;cp7%CRV;#XO#a}LNGn{SHvORVWM`#F&L
z$jbrGehnrW%Il@7QorjnrPiBbsU?fsJ>iIeUMnTkuQb^#wLqfUL7*x}!fKQJrglp`
z@uB5lIf!a&+Qc;tf>KSdZU*|jkBXf0yy8D!7RcL;JQomD?Up-)m{O}0r3=1Q9H{t$
zba-Qv)wh&G&r<S|KSIFYqXeAA;a}5XL-32{Ta|!ozSZ}*&R*u<Tx_MvO@0OR&&Gj#
ziu4!yhno&Se($xHw?L;h9uF-R*7)mSond#Xfde_MJCKm06YJ)gP@6XKyw`yB86x#5
zwIMy0vU!Qk(qtn`ns8ffhq`TaL7FbCX-9Dx{c2KdmXys}X;iFERY7GzD$ip_e?(EX
zh2Ffnrj`S3zQ_XIwD=ZiL73gVighv$zJKCC;6dP;HRc8YZ8|{Kt>1V$GzB_0g)(VR
zSi3n}sg>FhKN9n&sQDFtNRN5E1SWGyJ@i6Ffj}Gz&}a<i&fvyfHS|6{Cd^-?I!L1B
zVk@&;Km|ZL(<9*&=0Qn8dQd-*f{@oo@1oW=5pOe*z7zsiv})tB(uj&qyQA#vrd6VJ
z45Q<U7#+6;7Mm_V!QQm&io2@W-J4qcBs_=J=MC_zsL#cua(E<*pzHxLUN3mAaGQ6E
z7z8#zgTQ9fAh4M<0_?4%(%=p>yL(cLpP}(=BX2WUbX%wkbZ>WWTG6eJvd>&oL*Ifb
zui)dj&<Y-%Qs6N&BmiB-r?k*q$PQ1==^}8K+t`U6)Oc>i7#9;Y)Oc|{GhRd}M=+Bb
zF|e4cA?7Nyimz$E_@Lo`?HB)RzxeOBUo8JG*)LWk*e_OWU!nQ?*e_na<$sj@V)@@@
zzgUrAzhL9@|F-?Yr2Bu!ezE+&V!voH_Sr9P)<*0X-});1#r?*AwEbdvfBQw+RqPjB
z^`QI8eeqc$`^x{Up^;gvTbFB?4Fid%=`eY*ny&q3YQ|`>c2;xFvGCw91r~V6z67wo
zguBGpn;+{PzD0_lG&(>7r!nOh_{Nq|&MEaeOo!s}WubTM^YgurKCictUwkr8dh{hE
z4$ohn@168K`!eYz0Chl$zv`E232gr8Z#H=x4GeDbSTUf<<KyrECXcOwekPBKzqh>u
zF#5izy<^E=Y3~>nxSG9V_}|Um@wWdf?HzYV>>X)?+B*vTe+6C!RJ`0qLr!g1u~W5o
zkQYl>GP8LA&))|)`&Zzp)0Tjve-nNtBG%u_I+FF_S6fHMe%Pm9{JrcW^*jCn_L1d(
zZ~Msd57a1S|1I{BS3dYh*hiNCz3d|^KUk^xzi%HIb;JKh?IX+oXV^!Ue_i{Cm3p<-
zrO>Utm_3Da+ky1f&Bx(pMiQ$>xt_dmdz_V|k_(Nj@H&m@_I1ihJ9i%PTn7>r4X<~_
z2D*NXg~YVi+H&5??X?EZ>mgs%Jkp&9xJ$}@88MGMiRO{FB_}nH%(eR#qIIOs)4Osj
z#k*MR$hWUots^(a;=|w1K5`Ri5+@woZijRtY9Bd1sD0$FuW29g^e)}}C^L|J4g1K7
z82iXd+N<7We~o=)#ntR1E3B$I!|Wq#zova;A(}@(pBZ|5Ow>Fw7pCqC6D!a>@|`wn
z9_b98pym;n@S)Ev2aLca|Dd|$@1{$BX=KS8$HXpqyeWYhNHkph`7o<*$wjDdj8)o8
zm;8CQ<PGLdSn*<h1q-&y_z>Dhyc_?hw|T`s8pMJFY{|CTkoM6jE$G2dppi=(|7gHF
zlPFb1F4XR-#Wgkti}M8vBNUiTuV$lb{V_^Y&%;`OB-S=^Z-3iJEI<7F+DDfE-?ERC
zeEtx1>%WANBGTzrq5R_h3{AX^<aV#kn2u^wNE2ry`3n1pA<;f!7|1?CtKM{LoPA_t
zX}ZQWN;Qx`hFA;9iK|;kj{W3n7Ls9VPhP@fAfd7SOeAXR#8?~2tify~uAf}RMncMp
z5tC!=B&U1>*-4sx{p=)@`|KnW&`whEmG+U6oj8qO-$a73Ac94)CX(O0#!MvE@1<)h
zzMg$#`QY}E<pbJBA_DzC&OUP2*S3#9=B1n0GXu$0?ISA&wvVi&{Iq-7Uu_>*F^GL+
z#SV2_>TB6YmVaIQ$g;0*A6XH#k6`CK;k&-VKC)r}`$z-@;_V~q`I}C`6sCu=U!c1!
zJBZou3B2d&xw*JN^d+4J<{_*}F9%&gIWFL-q)T+m?T#zuY6J~AGnL+d`)yI`vDPib
zbJTcv+fbMV0y>a@JIo(kui1{q9r=s_SA7risNIz1Rs%)7FZ&&i9gv}_^#Rm@XbXRM
zYl7Os9}HAEHkkdZ)P=S%0}}+_dYvE@Lj}C$NYQrpoNU*hKofw^di?MkXbZJ_QyWNk
zdfeYuLPL0EFCHegbUUA4Kq@nbp~C9^^r+Qc{h`%;>AFIA>iw4Upxt+WGrXs+-wW?1
zQg%O$$MVEz9=G?O$l_^4sw7@omaW3>sWt?s#@)Z-P2;8RvIf^JcreY<<s1jUvGeVo
zk>eVI0Rw;~UZmF;;-O&CmzOGddeTH#v7*IaG|3?a;4{p(4QNpWtm12Z>5|o#zQ_}3
zrbmq%T*vU@084w(c-~Yi`t&&!klzqF_EJn6Qkq<6AeWS8>W;U+z^uj{$05TPj^^tY
zW>d7Z>?ft)!sya_1nDDsSgVU3Sve$c2N|T)Ps*%1dJ@ZFIbC#}C>;|`Kx%s{+%swa
zs?a=hQIt-ImJ`m&Xah4f)9a!RB&<&~=VZXti<Z+k9(5rdJ;wz3yFo#}hWB)53Pjuu
zdKvL-LBLEsAR`ep&`^2^{Y|m^c-G%hR?jg4T+c1wUG-=qYH%F^$f5G06(XorrZ5cB
zbdXD9&leH9ZyA*DO)VY?wdCN%05(GdE#Bk;Mpx%P&he%LCCcXZUhSqEf;>Hf2z3_z
zhq)n|KwiqBk*vD}ZvT#Jpk`AT<P;Fik=WXNkDaxHmglgXA|4DDV|CA&Ldr0ly?_Bs
zyXcPTR6La|9dnr4#WhWL`Z9+(EcF6e{1Gs!qDi8u!{O79w3EtVQFupT{7tpLR;UQi
zx*c&ywa`q_B39E9UwSggZGH9|QaLh;Ptf09>~EFL&`R$zt#=)DNI(WF1D#bI3oAlw
z^*}3ZmQLtLr?n)^`ih5mg*E#@hO?T!6lho{(bP*yCvnW_$dzVw&z(X_(I!{g-~`q0
zX%KFTKz-KL&8NO%o|8Jy6)h>nGtYEb_R!WUlZ{7b+esO{@xr$}-QnBBA&NbL(H~|{
zc0B<fv~@NkWdNZf?CDs*7?=j0>xF@&=0S!}g@8{7q+Xk;qokKXjrRvxO&=q?meZuP
z0xd7}YNO}iiG~6?<vQn(P6gM)`#TsbSRcyxJtv7qJ%|C?*%L)#>j4cNPzhFroPn`c
z*3^q!k9#8k<Vpi_m2B-AYYc&8<AOe4@Lb`XW9#PA<z>^YOUFaJv!Ivu8fiWV$aiM<
zKZZH@d9SZruLT3H*R)=?Uhn*GSg!=uYesavmd37EU@JM96X<%Q;lb>s4I4)Afn$1+
znMh%&eyT3jyJMHC=o{L7%>+%%dL1?2Jv&XaAqII{)Wv!tX0eX@^9~Ix)|Ju4`tRyu
z#RT$FZr@@heTy|iU91<Pi}h%9v3?xCSZ84TG8ivY2Q1blKK(G!(&!+IcVbvjfY)KE
zExKJ@e{uFxTz|lVMt~R+>3_4j_CAHRhX{SALpts-U04DX09Bp*gz`69-LtQu{lA3$
zueKZ7Xax<f6QCuN$`-WV(Zx$_jd5$2b$#9-YxmZKwR;^$gVFNz(!sB>YM1`qS1p70
z<@i;*CAw;#Nm#Yt|5~f|{_d}{YO~Z;i`Qg)&6Uf}lY_wipt&JLqVZp7^ng1tARU2!
z!>lv>&NINVKD7ImW&yv!xB`Co*Jvm6>utWg4{h{&_jT-Zm5t2z!zczYo6Y2R{%5t>
zA44R9t19%GxbyDq>}YAQ>P1MXSjt-txJIKef&`%n66E`6ByjSI|30YdzG@6p_>DX2
zl>GSnv@HjU^k#o(T5SApLD?;0V5lRw^Ex6@jWYxELji9!aag_(q}@e_<L;t{>g%S}
zMeb9HRE+H+K=Q6|6dKI>24w9QFHzlI%V1_07%L3MHW%Z1=?#2cZO$BgOdmF*-Zha%
z3oNBFZ3k6TJLI2m8T3BzR|C8W=B!&Gullp<Lu<=L<Ir-OaagU*NNDKCq4JSa1aAyC
z`yFM9bG`#NitOgIqHnEns0#l)vSZprO7eQ;JXW!b2uh8^a?bUsP*+3m;qhF-HbPn&
zvmv8TR|I)(Dd4=?e=e*JLH(7uA^6GdbTU-^UTUT>5xPNm#Y>pYozMeA;XTp$_Rco*
zx6i)KwU+m7GJrOg!COGf3>Ti_y&~7m-!5vqoj{iT-4}WC=Y~K~2O4j6to-wy-kfi{
zU4I)Ca!rIvw7jKmy^Po4wUNr%x0(HUGiRFtIG$^-#yaW(vJRgCM>*be06NhfQy*{X
z6{K#F%&T(1x|)j@3HmbUh^9K8>jKpg$ULQJG5$}5O5RMfYYav)VsW%AepiskxbgmK
zR6*nQS7v<JSBIK_M*h#g98-8-x|RpcIuO?KWu2Syr8>`P0Pp}0G?4`sONfstC~8Em
ze^KAV>bqNgze3-gPvY}s_FTk!0+)fspkKh|_wn{^SWBu;!F1|Va03mU6s8w&KcT46
zL^}1;=>^;kiQjJN|BWa1M!bN#0WaVV&<nT&R|Kg^FzpvD?J%P4h>v64Gbg&Pqw!Ok
zoWwnIvTG>CGHR=_n>&G_(J1|BsG?_;<TE~0VgkV4dPh1x7A+TC&F^rY-U+UTizGuw
zrX+D^vNY@Ibxoe%U9SmU3r|DKh62l-QosHe`1x`8jQ2A|O+vBjlg$UOPRI?1`%TCr
z15L>PkLTmivxCh?2h2x4Oo;zWoDjTWH2hnbkdg2-^e>+AntYs*pX2xEj*g-?kM=jx
zMeK998<9)*8zbTTd_#XaV!VdB@XM!q6eaIZ9EydfD9avt;y*!OXA!X#3_`rKhe?ff
zEP2BpM``GxH#PYeYVxmHa@Xn!aiyPAlO>is<X7Y4lD|WfT|a=N?9WEAeF8N}WJ${)
z>6^iu;!2rW(l;ULynj5~B~X(_vZU)F>5U=rr7m@2lJi>g*}U?J&}T`Gu{%Qk^e@N6
z<=@qf);lP%Kh%W#5!cfIG`BzxFyJn{fk67+^^tHiMH(88rt*B`d<HPub^h=00XeOp
zz7rC;p1^SfSD%!V139GRYHIzFdOgb8qAa|WFpc~uupA^{-`M0@eKJhf5qX<djpEAk
z_LTIHTQr*W#*&`7^N42sB#%E?YUB%AJx8ve&j-%jR??$6{$-NXQuuc0qmmvO;G(ux
z&p{>hi;|vyeU8&?)2r{VRs>gJbekA|`);Wx5FE#I7rKrTzMGDORq96gZZ&sWJ>6+}
z<VUs3xekDEc&&ao-Y}xCwJMVlQWAlb7L&pyVG8LtO2QP<DW0litJLl&@FS=~K)$Uc
zjG)@2+QOfQT1&zR>kbO*5he6`Nf=?JzRCFRrQ=zqJedkSq^lW5XR_4Y)kgR_sV?{`
z7ujFm%C?Amc?9_;TzfdC{^eHAzX%3(USw4FMPOwmgl&hXRUUX2hY*N|I>a~g>KIS9
z!XWcfz0h?WMtB6zhM0#jek;_<vq7fb!=5%J^a{^LnffE+2Ty*id=@|6Jnl|)!&uA}
zxOTqlC{Oqvw)Gk5!{pdL1n%^WHO#No8$i%#crwXao5w~zDcT!aR@mOxn=r3V1N0^w
z=}jOR_nNv+u-=4OZ}u0yg1rgH_2zk=%|oO&!S!+bTYTJvpj_G227Ral!6isTz)S5O
zC5=3bCv{2`teHHUOrPDa{gbBXA*pxUeWTuM;c+K95S(1lk^!Ka4ip^d1U)uzCUafK
z8(cVWDkF9Oy8Yh?oJlJ=K{P~D(A%jf8m=pF+Q9XeROP^b($dQy)m)bLdV11`2RE;S
z2kCO*3mT+Zr&dDkmVy@SC@2{P2j1W6ONP#87j)1DyZFHAEIt)euwh8a<mpww_>UjI
zpI^8C4Ny(^z=;eVaDQC~Ea`J;{D%k({?Cu^;&*hid!{we8IW!E^MO+aetVAkAC`ua
z($a1ez9^W5v&egU13_&;!_%42+2HVXEo)5&$a@E%dZ@i1ObNz;Ja-*NpjPtSP4N48
z7|MsGy&#YdiKKwC9<e`zT#Up0Z5;Z@c>kHb;DD27>D8%Qqfl*&04;2b^hMYn?f6!W
zyY}BU`E(lL{VPommkux9{acU*3!Nx`c6|z?bRAz%MUe*tx`H}3sB(5e8y(c6Y)~<U
z4XT_ej&J7IwZTwc;sc+;P*(Hnsws68$Jb*B9`be%&tW-(nCeGQ9BBcJS8X>9g_Y2z
zAYBqn)j~mae6v>5VIlBomXL}`G3|=$n%{76hXj~HfvXbMRYluno-#ZTX4+_dw9&x%
zAuw*A3=4w%a-e8D0s$+r=rMc%y-pqfO$rJgQv0fEse8MM%*_Dj<bo<X40Wvg0L8lc
zH<12kqz2Xnz5|WlOmVrJ;xgXo!gVK6R9*n6Tzgq<uJDKCJ&>`r1<e#o&J15ywboPz
z-+-^guoZV8r+l%Jo>RUcOz-2PAd)gv?r6ku6+fhIe|Jh=PF-GhU7lM>qtpU80X(lQ
zN+vt}=K5+XmaxbC3e3cgakjBcTr~}^P#vu=zpE`D7JR;^drk4R@Hbi~`LHg~O`sO?
zo<A2UP;q)L<wjUObc9}Y-<Ky6ValVdDIN-cqpd>mI#zrbEl!)q@ARxlb;5oW@UPyk
zLxexTpy*v&G)>xXZbcW{A60QJf$nk8SV=FXgEN2(f>2n{$vEe^+e&&V=j<qKD(R&y
z?l0-ZCaGxQIi&QJM~X;Ar;r@qK7$&@X{yv4;pd=Wl_<2u+mTlTMQVxiYK69Vpm1M_
zqPD2Sa%@^OmSv-|mLJbQ_^yLMarZLYsHbOb(I{SOj4}-l1aD=oxeK&1VQZ8tL}Um)
zDn!&W{&p;Zzr7dQm&o6K7t7y5X9ws%<y(Zu5#Xak!1r-j*4OpfygDpqsg|}6%;PwE
zks$;MgWy2n`=Pyjzd_;qjY>4W_5Y4X?0Ce-^X8>X`NU*1X2_-G99q*d>U2MN_y=rF
z1(OUYwcg{;C)tl0GeEnLUEg@hn9q|<LEPN}fg^?Y&F5-$lk@8|IU3wOQT)NZDOhSs
z4SDV)@)_Scnt|Li`FQInOqhJIX1s=MImpp$ljke&<~a^;sK)GpH}u|^vWL9phY#28
zgby9$zK;QhnhsJG;PT0e=6tfUCZF706*y+_l_vo)8(J1t6fFOy!qgxv`V&?Za%Z<e
z(SulYA6XE9(m<i^KIG%Eg`}rgk!mcyo)y^zMfO3FW-QVO`S(Ho7P6q;XFY~R?qNl$
zu*h;&1af5`f+B5LWEX4Y5R^LT<J+;ww3t?MzOt2WEb^OhUn@yp*~(?ic8V3*h21|v
zpR=LG`>NpgQz&*Ei|vFmpF%58?3m5>a2WD`1bKEto}G}V3iCkX%AGc{;5cLo&~arI
z*OTXP-mJ=Q{8#}WgY*I+=@Xnv%}$ug=WfA>_jXOe5Ap#cKH)tzI$n~4NZqkhtFNdN
zEW_HP<9CJjY!5VDlMFDxbgh8dUKxl?FrPFOJ%KUr)GHJUfT*gT=7oaSPM{yN4?;PZ
z)|HK99u~zRNFpqMy^qgB+=*1*0>y@2x{PV888QzMW@!86`085_*C21wQAqGD%Yy9n
zWFCCIyAf+|xvbVcFQZ@WAH>y8r|=Jh)&5hgoj0)B>($z?{SnLF=(FmfL<^RHX<QM&
z+BdV>5t3%;E&}6Z*_&|&F>gKM6b{cCNU-@H(n9_!8<}?uXB0OPmc#c#VpVn`Y>O|`
zNx;gJs_>a7ll;5{@2itK<QqX`>Y3Xil1Z{Kevgn^V<qp^@JXB-ee%1x;zxwQS$h3)
zI<8XLRL0TS+6Dz_rD|og60$mg6}1cFn}pO_2iLj4H~afYm;}#W&g!|GywPa&IgOV<
z+m>^N<NhY74$bD)&_to6M&m|@rn4ELI|TB<-mVs5-)VaK)n+<{4l^2>zt-$`Sh@-c
z*+MUuvNRJ<F2&gzbE~!FN*)l@tw<Yjub#Y8wL_KAfUKUIY%8d3Z&MV|4cCRg6F8q%
zu$Kx`7eEvg3jE{BLd!r#yx9hFo1F`YAaH@AmS!(###~me${ILf5Y}Cwx<ElKezb9T
zPoK><Hpg00jXJ)aYqpm7@d*aeFGv9)a6E_WDGA`Gk~;eLxJE%K^>~(;+5l=wc0Mep
zoGEr+dL}4pdU`x=%lA-cs>STQ@7jfz#%mU@Nq=78TCB?PTDvxfS8C#a^2(pl=1UG;
zAed3^NXoZK4<y6VOogQhWIOJD$a?oP;T+!geZ_gP)(%`iL94SROv*k$=R`{tDSMY5
zgOEMPI2$KhrJCT+;R7_Ffd;g+0X;U51PvIV0aD3_p;}K*j`NG)PoWJpD@U{HFsr`S
z4qCXUCK)LPPzx`Yn9C-$1!RL1NWI|h$suKzDHpBL2k%vLmOD7;=@h8Ut{bfJ&@GWV
zYwfxz<&O*srKe{KDdT7y>iS?0o!gHF=^v@IL$N)cZY<V4#ifH67`8|3WuK9^{2IT0
zqD?y9b<j%q-Q{);q>sWiQa#^?OQ3{sE&7~tyA~;BXi<Ex^U7U%==sfv5V^o&HLiOh
zTT<u|n{=qwuAc(wNhK#R6+~4`w&Ng%7QkOnQDmu+U)KuQcqXl&gCcShsGz>|kqq0Q
z84Zk?hF()N#wH!CwI@v}|9)~vS8hk-NP!w^HI%K#N0yHB|J5?Bzmt@<pt>o5d{U-t
zn#lX~a|9NF8a~C@Co|@E>W3Sg20`%)7JuPc_2wKk-oGz>j>A$<Jm?E#BbDMDyqA0)
zZtA)|wUSDjK~Mso?#a$1PxnMuI#fdoypEzyPlj`8SpzA<^CzM&a}F9&lv;<WO7Jb>
z@C@|Er>*W8fIxV|5LCx=o`x(>&jwQV0;NId?_FQCd>h*Kf>?>!UmahMQbiL5bevv;
zb-5mZdNy#Ly;&Y*gKMc;N8!TIP~Q__Pk2Ick|;HWW|;k}s_AWXj<QzQt>|_{0eLlm
z=Q;(h+n4UZSUDj=Glg(;w&4dsy5KMcq`k8zyOzJhp~vux^x9qD&}FddZQk^4Xam3Y
z-+IPVe}5R?(F@6rvDervM>lP<SsFHOCU5VxNry{zK`FQ8;Ks*nrh|0o+Y4JmchM?0
zErII3-5XQgN?M&w6JOsHsBiO3wZ4lWcWt&D+<dEz>#I*|ZjjPeRjYsf>@PZMyVXZ5
zgpW~r6N5n1@#XFa3T4NmkSf3a!|~@ChClz5h(9m(#~;sE;m;!!f4&uqKX*m&M~KIt
znbghgzluTMQ!(gI41<osl#AZX9$_2X^ug0HqVI-#yT)r^h}ixq%>O)?|LZMB$&2W|
zC|X*`3!AX~n!~_0_X^SxM{1L3xv=q3K8jckp?mufOXwM}m5xr3SkRw#^dhXEw_JMW
zn^5`Yo3U2By~A__YTZ1NkD}K;L@yq&2L=LfMDBZ5AILZjdcc^p6rDbcQ+LqkPr87J
zH5CzyXSc_|r+)qu!vR}HQ2YuAmOui2p|w(gA@JbE3#4)dMXyeMhQW0by24>HuT;fi
zSAb^!xr$x)Aa+R<yT;Bz%m9RNn05)iJ1KgR7ZCHTZVRB;>kP$&D2n}%;!Qvc6&Bsi
zPz*1#GIvVt)d|%p)hd=<qF82OSoQ?xY0C11DVEV{VzEq+S^>*CgTDj5r=r<mmkEzc
zQE*-jfUpDtMt>{|P%Lwp8uKc-*^^1xzcCagFWy0K(P$LjkIcKY3-!jpF+IpEpI$<&
zn3f@WH)a^{qBRUKPw`<m@5}x83!pzcGH1fjz4#@?x^{<j(lO==dEpGct~n!0Cjn7H
zeAlPw(8PUilg{{iQ+TqYm6tvi&7X)C89hkGoF^~f4K<=k7RG!8z&fDU{~QcNV8k&6
z7!jB1Rmgg}$7^`+Sb)rlkcqzBg#ZmeN6$9_e2dABNi$h{BH3|Bu<Q|~L%ipZ<{1ZX
zsYZ91F()=I5y{)fL0=cS6QXpU?>fML5E%v$gd9s9Kj!0&w~CxB4Bv-fNq<4e{uO>h
zx8P}|&q7(|PQ0oezQDsZ=1#yv>OJu1NIin2aYzrvxR?MQ#E?_GCsn1TlM>kR-@uP|
z4nR+#uz@Zn#Sc>HWDN7r!ze0LL_9xKaehHrgX`&msi~7u(-#w|X{kz0p`IcKMdi@O
z!RhG3l#Z^7rK5`@rAcUh1j8{H#y5c=M~SG(>^C<sBI+lv1O%?$mu?@BhMN6WH*|0(
zqosN8G2$lGi@u@X14Ooa(@PLjuDzjSye5&JMEK{y^*7lp^~EE|+W{NbR+y$zwNFAR
zW@Rf*sHBy;tIh0ZApUq~--Q0x<*V>t%OCfsv$+UnbMwHn>0+~4kvN;r_3=jHL1muJ
z=u?Bw=(p&M-WNNgVuUl!582fj%|*^Q?Qh|UzzcPN3FuI0s(XjSA$3T5fmzL_EHS-@
zN<mB7*=#1v=MtPx!E&i+vS?{2z8?9N$Q>*kp-$*ufE!g)MpaEO<WZ=Xcp76<iTl&}
z<h(zhY-St_L(QlTR(<R$X8?BfH}I>y++W47{*`01eJ}E>7ZRkQ#>kA57oLr>t2Ywa
z)ysYCig@tg*`QKUW1>`~@~bCfq#~7H1@Y`8n|`w860Qtsf9Up@75#Pj6>zH3_i6cd
z(NvHAUoYZSqp^(Op&n!evw;z;V2t2~Ip>fObjIJ8hx}mnbvCJ&@gLv^dwIqWitYwF
zFG{WAn2y3c;0G5dKj?5sVWDfkApJ$?`UsB>jrpi>0{UW6Mga1ZV7XBEtB~G&7}%l&
zbAGSk9WIoaPuBbMtz@$%ltKyr<MiYMbE1nmuN59jUO**Vp!c%jK{}vafJstM=o)&S
z@QI7?41{_NeBHDWPc6$?QWHIr!lHWc1>NkYlb+TqXrbr$@OU(NyB_a!4V=$H-{0YT
z={Y(}mjJ?$^OpkopjF!M>71L_c?8<qCwH|9(j}=y*!QW(wc(fZ_;Nzz4p5u1*-x^Q
z9ykMh-efb@!}G)Ha~nKAqCU%YHe>g)MZRI4Q^YI2TaRu-a+X!<ra<6`0yTw^4NyxV
zcIHGDZu#Tp2^XN}&$$kMcs*tpEq>l}K;xXslMlMAcz(QnuC=qxCI$F?XK+3O(gk53
zOi&~JBqPYD(dJm@ciseL+Ii?4#&Eb6Q;u~WM4Q^a^N<7IPgL*7V}#muEOfE&exSH`
zU<2G~<GoGLO*gm7Yrca=(r&VPp~I15YIE<Q-yGhlj<T~(B6y1p)V1)8?0PFhBX~!m
z)e%0gH#oS@Aw_-=KGUmZA|8d&LuD%-Vu#8;zdb$9-!1NbpeB0K=F5SBbZK~<835g$
z-yhJ|?xx=a@AqK<D5U5pdzuGGcfARaa-R>-hu^<BU?2YZ%?wR{=h<jSyx(FSx#{-w
zzWZ?~{0^yBkU$^#h#$BMJnMp>%Yj~e@d!dZ(dxBFJJGU|eiEf=M$zlip!XKxX-CeZ
zo2VAxa&TWdywi-Blp%PX#z@+!H`KISFb<m9Nk};%?}ik12U!N~DDQn7I(iaP<=?+?
z)sFt`LDtckx5ZuwWNr;gYxRBiJ7GK!8Kdj6dtWQ)`}Cpl@3#z#fA30oPe~}>mGFLg
zNc{VOg!C;W{(V$N^gS96f`!<-z>INCA4H9D%i@f2H5gtgaBeP#;Wc2I-dv*x9Qmf`
z-6X5WH*rXAS;4-dhwM@5OrOJ6@R?75*X~F(<7G$8c(>ygBhdG*Q}Jdz^6Zm%0&{PI
zDKGdavhG-G-kGTXGj>R^ss~Uzcu#n3(VfwLSh-r}E(TpV^lb!oy6DaC>w+S$UCzGJ
z>&<OgLDVHWC?8fLHTQKzIvDAVDbky1R%VqPpgV=wou<U@Jd)5I{6_B^@8=&#r%P%_
zcdA-CSDx;*MUPUi#2z+L(viTqagk~2e0ZQ~a^Dr1ri58qct}xlX&0u#gaENEXkZ5L
z;BC3o{#{@A8Z+@9%#Aaxmgn|O#rZgY^qA?8F5qMc5m002V)4TR%|+X?$XxWBinDEz
zsgT+zMC)&2fKS1(9}w~_q5W|{2l4Lr+_*6>=<~n$FRqVg9vW!iQ<e?3J{~yqKW=?&
z|JFcrVp}@+`lxUFhp&&nb-wmIIM96Evt+RO`d!=qxcN$ZaG?2mW%1ziHTu9mc)lX?
z4G1@#1KfZ3u@E?^NA7&1;9IEhk!?!CkH_Gt`l4YNN~k?lWbO=7hh-%o)q9TVsJ{<S
z?9IHXMO7LwimUJLET+_*Zvgq^B6;ktWANwx_I&c_zI^gg6}*hV4;ku*M&47Ehwkbw
ze5=nVj|a}dLje6OYVY)=Pl@;M(d7W#8N8+5^#$Gr+A81rK!15G*}(+IGR1j^`E2N#
z*!!MqG6c(6=Zy~U>?xRj4&<0A2KB_sjjx~_b2)VIDsoBM-Apd|nF-{Qiun5_85Z&0
zgh5@b@Z0+amB!b?K?NKLZGu64g$`<!)Z#g=+o2BX1-wxfPs$(H^V~t+R}>x8c>Nbf
z@@^d82V=)~Bz}k)-`YG3<TcRvF7jngOc-A?%ms{Z3yiP#yE5Q5jPb}-dJPD7(J@Ah
z|Jj}N8_I%a5O6Wv=8*gf!Bdyvuv~H8xY#>w7N(tB<aN$s<J%$ccp1m{3mD(Q4s}xU
zqEZ)c3I^BUz25`~Ub!FF*BtM{DAAa3C;fsqJi;gs=e<P+ky9w$2;L3tsHfti?mnuc
z|7BY3cV#NmW6d+~$9~K<T3OxcD1+B7V&5Fxd58BKs!Y4yKxx1Ux%-D18nxNc*sOzt
z&MAGdecOJR5fcC-e!k+)tFn`0UkK6_0E&+QHO<Hrji26!Ks=-A1MIv!c@g_2AYhY>
zs8U1(aRqgX2Y!eHJP^?H`+&Zo59s)L2;PX95~gNQ_^H115!II%{P)Uzijs)8+EY#A
z(7m`8`?|qHH}VDcP2i3u=u8UgOh2y37_^5^R}9v}hb!V#jT@M%F+eY8RP^s<0)HEb
zP!7cHR>pHXJjX)09V1OI-HQQLZja%1NI(jB_LU1`9K<tnLksSYwZ$I0_**!hYe0_o
z-F_TTC1dlKF*0`87^_}YMEK!A17Q6ymOCzq;f{4I;th29jeFEC=f`$={X(_N=%-=>
zLYvea(`UAaqt+hnx(LHP0Ees_r29V@kV8H^0Ecv-5rGZDoTY3K_TLn_e>ful_t&6R
zZGbUyR0o`W>Hx?G(mBuvY+NUs`B(2AXyzYV5Se-DJje+0+@{2tXTo*Ppu+WwOf6`O
zR}0*+YJu9dHA`66E=`D=-@*GAt2~G?9b@s#p-+L81NG^3dwieX-<{YewPN{e>JO!f
z`oo5P`a^!-3~pS^x|unF-KT(^yGVxHjQV~Z+>t@|59FQ|2=OeHm0%?YZ1l@Tk^$u|
zlKcJg#~(v4;;slD9l0V{esZ2Z_V#Jsmuq}$6y6ftlp47u_?tgY(L@D?gANAb6XVl0
z^uDkTG90MXVBp=~54;%+ybh9~H_EfF0@+b(B4p3MNg<mSh3t*jVj!EVLUtev2hSZ(
z-}#cy>FG5|G-mPAM&oGF`#pnbxs{YIp<($Ja2S?v2D{8Y!)`vzOHN}BFRd_UhbH!&
z&#kj}D>Q@^e0M+%f~Tg<A$`x_z?$%Yl;E{@^HM-G9V8yKs{=!51BO6KF`$45lz+5f
zI#>9f!*ZnX55W44;gNY>*+WXvP%9{P4(TuDHX{iQrR$g8#r;Kb`MeqWZ@4;m5Ljj`
z^3Bc?QCT@7N{8jwzlYZs9Oj|ooH9SDgrcs-&{KWqg;zjNO@|6+@s>uO%xe_5i#P;%
zqO{t`TS<mpM(o;vf#<UDs`fnIx5BtVex(bi1?t4^&@OPm4Mk&y62Rgaf>e#2D#LJI
z0I@i0wQ)4rawLpzk95b3&Siy^w!vpn3JMd`_&|@2-x`T>h9@(S`YH9K^v^U@Ub+PT
z_Po=lPYd1=qF0}0R>WDhwCp_c<2unRre)d9esPwV1|4|WZzHxkJe=&x7k&CP!Q;>7
zxkkaefzI+n&_xaW<1>g!G%m$G=se#0RF)uZ$RZh9lCdbmN`~|JhX&t!h?kzqBH56O
zWMlr}i!#V?Er^h92xS>Y_riV!hti(@r2^-Ll;RDJY^K(q3m&|pD0bZJr-&qSM<R1T
z$5_5@31UB_@FhDDA>$$nsPdxc^PIl@Wf*P{39x_<u$K41tBm(y#Vt3T8l!Eti1&PB
zdsM#zkzDS<uq9qB3hF_UeC95#x~OvEt}NFs(raR}RYNvhOWqsO<Ic0uTfsIO4Y)ce
zMDVm<W|vRx99_+z&!+6Qhxd-;y@fL7%8)xWYIs9_7Bu2~A`X0;(I9w}LBgS#4YG?0
z!{6kAHe+uxSg)r-PXO<HRC?-?m)^!k(!l#btS(XL{W%j@8?+C~GOb2Zz1<$Hh810=
zxXy&m@}As3ub-yTxQ2N7Zr?IRTG|~-qgrA+3E(yKo8QMaQsgDMdQGG{*Y88`hG5{T
z8Gs-0eM!*LtIM=BZruZ82fXiHr9b7A{=m{;ab5Vxz3ATi4E)w<x6}W0yrr6wC*rB5
zhyJecWrs=W&yccUu$NBWr~ibO^38V3-~SG_i?{*OC-1czcuSpg3SFqY)Qj=MyoFg9
z%Sy#{GF*Uv9H>v(fYaH$rONdQ>%qRIP!lWXfGQp62=F@mgXM0|aCjXC8r<@F0K?&Z
zL?Z-_Cpoy|IQrRmj2}Q)Dgs6TVS<SY-JIV?e;!3jiz!e!(1V>>4$E#*+KMi`$N+Ff
z=7^9hNATGd(b8UYm{K{1>6|D%YUFLCat7XlBH@xOWe1GE%b5?W^pRJpMa#wFf1;4s
zX3QS#I*X4>VRQhk&Y^_;<Rdjoncwv>1%(H)cQ5a`q)?cU!ey{Xv-~VqhEuR2%gn$U
zcwS1z-#lJgU?9U6z_>gJeXtvlz=)FF5Sng2oL>=b*ZB(u%KEdxp-2sUbSTdw_U4E_
zoAF+GJVua#3g|%aUWZ0x(WwKy@g%VsgD5EVbjg#_MoJemUk19^0#o)*V!S)=a8SHw
zEkn{+%X^n)nV~1k_&oA*9kGS;+zLm^w$Lh;WiwoO*NB8Qf)79xAIB+pi1$7LiG_eD
z9LYc=VT8~73eC<-%P3WR2&v-ZQ7lraVlf^<8;`9>unu>Y$5S<6+rn$3H1e@mYt*2K
zFlL}=&R~dl|6)dHCX9*Se_)gbhf2x>9cUabiVV^F7%YACapt#mt8O#A1=xp$#?sn}
zBs0*h<G01J7*7uiaoG&GGs(bjzdgFtKIX~7Gk7GB%sT_fem1(WGS_MusDPmvjLMJ<
zpiz3GDD^m`FL={IU>W*h@JAd5+|V{G%Q*|bOKl1B!vn7YkppT$E`<4w_!lH5KqOcX
z*`lS})rJqa&tOTIU%|T&%G-=tfSD=qZ%J$of~PK<6+G|S4`jk=KpK?lP*<`jf!g{o
zF67@)P&ire>4DZ;GZNyP!VInW5zNq>S89}4>Se?DEmAuY-xL;QMowR@*W8;Je;_(v
zLgbDg-aA$FJ|d$^y8>hY&b3CAdPUP2@*Mhck{vG4hd;p$fY0A2G+0aNyBgIsxf=uq
zjQkD5Lbjj>1)BaV8}KYC%%OBBi1F4PWsnQ)`?%r5D^<bYvgcV2(`oYTTbRRgo;>?1
zMcquJfVUD-Itk<i^m(NQ4?0n{6S_8jyfL)PmEu(kW=xyN<ShfpTiHNLkc(%?lOCqT
zqz#eKn`sP<5xGmq=?{gb&>z(AlkjyM1vr38Wsf2f+cBQl_leT6P%@UIF(VSDVABt&
zZ2JKI;Dtp!Al`o9O-YC!DIGuyxTR_R0u1TCO*4mG&T00C(otU!6u)Sxb!N{amFX!g
zPO`A?gu7>M@kz({M&~h+t26rr78C~{IzXcf^^5O;kqUWJ{rZ_?$8_8V<XU)XFHV2%
zcA{auDr<0>Xe6l%*g@wA-g2<`2K2kCgkji4W8rXzB9c2~3;`PDzFtAQ_!R!&)hh>~
zi-(?1iD8+E`1Z!q!SD_DYZ$VL-dh|%+hrVk^CI7*Sq@9r`sqyn#rQq9s|ITKHi~Pm
zn`jWJE{s1G3Jt+c(_|5(Vg<$`Gzw=i6aumBB92p-jg##Y>H(6t#e)1tnvOwFxN6`y
zcN{!89^G)ytfj#t+79B+(6v9kNev#s{Lkelf2ZlQ_rgp9?P-EFIvnTK)WmxU(j)x5
zusI<bj!ktO!&t%tY`k@0_?*!A`1=rhjHGNNJ^E0^BW`pT&9S;?CmUVo*emg1I9pIc
z(vy8pH0Qa)sl~g1us4gA0P&!pLAPvmnL}9i!YUeSWG5wUbmMW6Z`!Sb<;x<1dy#k+
zSKbOLbZ98wbqKzI7B^-ZYGub9UZc?pWC`S}4Ul&yhCZ6|P2B!78Xer{0QqQ?f6LR2
zAW8F54K7ki7A;qb?x)bXdyKB*$ot_<Oy+#c=nZL80Xot9A44=CbmRPAi@VF--y5!=
z#zAL&-UBrX)E|1AjvtJN>u1(ly%Adpy`DIy6{=)b*6FnKzJ*ih5lnQ}dYbv=Ram79
z7=&>FK$K=H=Q$xD>wyPi*e_3*h*E9wCwO>r11}L?T4;cEo%G_e@$BGc<Xd9AtL4b>
z1F}K%73Y{6FlG+4CgPs)1!%9s>N$ZS^fEJS<;xXb*(C&m`e=Ji#h;MM4&1{sHEtRY
zg?Q6Nn4wL>No6~3-2*>(cr{)#ftwhiWRb3G!Bi^(-b&wMTN>4g@wX^Wwa~lnHs_Ga
z9%w49&?-cQ6o(X!i9f~;(dvBq5k9>e$Hx?~x*Kxr<%>Zl!iYU<04<951L2d<RZ5h)
zc~iH$F$Y5~cLg*WMdKW4tz8hFEO=@$I2~_79NU}`;-Pr-ebY>-9>$0j0G2R2Cy%^R
zo0o;rD^EGNQ-WzfbeZl;tg2D0Zs0ivs8yK^l{idYqBKjCiVU$EbZk9s`|ZE8|JZR{
zoQf9EInwj^z%eav+UvX#kGgpj&Xvr28nhS|s6hv;Tc20j34|fgZ$BKS)2By=d~~rB
zL`(Df6zc2$0J_LwtRh{ZOYjw5!ImuH^^eAvw|U1|$u668I1n<}r6bnBx$EYW%1JqS
z<=N~t)9N`jSN#NQArKm7^?W)P@MG*~Tlu|Oc($w06iVJx2VzcF;jcoVAvO!9Ucu9=
zBU>gQMF6U93IN&SKgQ!`nXd_4hgCU2{Q#fEAl{^My3`douZ0CSdq!UQjKC?q=Tr{7
zO~W`97}1fG?xBj`@h~k_dJP)u>hiR?xk0+u;_1<mXTuoz{=Mn>fm#E3uM=xbi`0lO
zde7;(>iY)HbBbX7??C-pyhv;vt)ldOsG>Gcmm6A%20ZdC4W?g7$a}?HOtr}vG(Hg2
zV!TO%t=!-_uESsq7Xra_q#y=ZuB@%}8Rfhdh7lig%6U3a81>1o!|C<Iv^TR`V0?F6
z{)m!v4u*&kag5>WkbpAFzyB4D2fevCl^z1mE1zC1wHxQAyGz1Kibhj>P5DADa4tE|
z-NbI5q!~H_XOi6~=DHi*62b*p708-dzEE3!59e+;Mo(%>O_;ZQp|1QMt^4>~cZ0ip
z2~;%#s%od3hL{}TKe<1>G)>dzU+hh~@7-ydcAoq`mxqT$dxzPNx7WPl=loI%?l*Xo
zz6Zr~k<h!0-k}e}OI&_$%C9+R8YsyiLrX22+p7V)lcqy1cFmA1QW|h{RVV_FDa;4L
zDLi&e8HaAr<9H(029D{<{LUesZi6dnD=NL!ThVE=x<cyq9P36?t6CoYjkZ1gqpC;D
z{&w<v;=GRcUHj{O<FSn$I5fadgmfB;db+$6`CGSkD?KYu<6k=JrJ-;2PSb3~{%q0Z
zwi<q(<Qj%$F?m(+$dLFemGUbR`Kvc6zc(@-Dc+=&@Pe#8cPTu`^b$y*Al{_hUOMJ^
zkbh=0e<~i_{qzrNi3wQZ6SV}UG+@ey+vy|(Us-Yu-QQih);;^?QWz%AmAMwQjhmSU
zQtpONUhcj~et9kAhxBwcUBdLWlKy7;TdQYPV1b1B9&kKc<HoZmjgIFn@<U&wYNVuZ
z_Y6LMZ>7=k>t{csyBisLM1{E4ZiLpp7vGwfwnoZacwwk7_i;$wq0tzyk9oIp8Y=#y
z0x8vqK2XlLYxEeZtIOOe|72y2Qn6jZptt8Sa@P|;#6X;TGF|SnL%|t(=ZVlFCr@{q
z=pNB_^bnS}JBMoA@JZvGtm>WyQi-t<l04mMt}&p4ltV=w0=acRJzw22UK9M29vhJ#
zg9Q1Eo}NO+u;_K5K+y4rhtYWO7$Zey#Emx<I!?*gnrQfiG<mfO+G+V`*b!522TyKo
z6;18<>&Nriz0G)5`@v>Jkxu%2A3a}w=ngdk+;y1pnVLf5#od7c7l!Nc5dH8>qs$Ki
zp}X|P2!x67xw2LG{%niDr)BVwds-tPf-Dq;azzZ3OZ%WqH&PHWWL=WA55xf3QmBi7
z_Z!{7;Av8GqXU=--^aJ8@Qsba_if$P;Cpv(AAIlZ9T2{s?u~`7RU3gXbujowJT)kM
zcSPXZI6nekmG)}zWyZjlF)(~w9DKJ$;VaM%0-y1VLE(G#8!CK%nHPa?!d2mOHub^x
zc+-IJJ=_!v-^*MCz6Nd(_;{Hc48AXKR^gi+h3{GJYVduurw_j7Jp;lQ*b@sMZZ|Xd
zOoPE!(X6BJsW3epf$7)Q2u$ZRSA!`p2Bz8lU>bp+C&$24{B0RGCI$p0>!&HPpzJrQ
zpxh7zWzAJV`P1$QD8sLP_&*W|_|OOemyaNcF4>8cy6=9m!TcfQW*Q2lnwZhkDsVbW
zNUf9qOb4?@FnuEbo+j5|@_xLQMo6ud-=xVq1=Hsa%jXW_I0?-E6Zq|tJ$<>Ol|2@z
z?5x9b5^{a6<_^m%2dLXRXx+CAQ1>;1*4?A&U-wDPV0G`(^soCp&0uxEIY8agpmjgS
z>WQm+6{|rsofR!71*lty)NN(RgSkHv0-r(do$_Rg745u5hHOV5+iAQxTRJhQKN7Vq
zA$QFB5CutjcEvTw{4@Cin=uQoNal68rH{s;YWZL0a2hY<UXA<aN9Fd`BMOMbH|`p*
zQ4K$bWOlXTwVvd0nm)!W|MImj6u!>?-ACUBffRRq{@93RL}LaMqQ8JYN;9(yJwH{?
zs*~O7(`b1;J~2~EhFkzIsJ*C`m;0l+meO2DWm%gZ$vs-0rGDI}rRND${W=m971YBs
zFW?r|QF@&qsCM%6lhBf55I{Mv3owgR0J>`cJ#|&WVVr1vAnd4jJ4w)8Z_>Q>hzz(y
z^u24WpoFeV9=CERP-y7Ghb(p}-is)wT>&XG*U&zVhN--KNuyCy(cR?iWwt=+l|wX~
zwlDYO`Dr-BBj`wrMgv>Qc<Ey3<%*>k0MeJc4f4npy&6qz((mDsyEhUaDp4LJl}SH@
z48P{+c{y*c8(xB4y_$%<T)i)5FLnOAv^^@zjdET`FZG?>&?n8w82%lQ=Np1|u2tC|
zM{`C*g+}T^_DJL@QQi)||3z%L$%<Hib$Q%u4g<z`vp;NP<F_4Qln&xmgnoIM?HY|$
zni}Jof%Yz`yQ~wP6E`!Bz}`s9@=`6`exoIW|A)DE0gs}{7J$1m37L>U4T>_#YtTV6
zf|y9q3`t;yOp<QtKvYD0?cxSe7Ijf(5G6q3B${@Zm0fkO?z-!~*L7XReMDe2WCD4i
zLW0UeRt>1o!|({8c>u}$=bY+!Bmu8`|9ijx_mfO_b=9e=Q&p$VsXC8Qu8Rlj2bAC`
zS|1*-t)_*x2R(DOCn)~O4z%7KuKP<bFJnf*qd0vxU;skFnUlrb*T9rXlkFdPPCCQe
zNF(T=x=+hQ4W5DV6r8?!EYW_-{kGcC;bd=J>Zu96t`3YPP5M}ReZCt=s|w&@G_-I7
zcR&_*zc8%j7|f524;?!C8QsF7@szhNRZ^2Szz1*GvdMyon6)zyG=MOXAbfbxe^You
zb4u%0-M=<;dkgMG+UGYW&_Yt1kiS0J1aD1^FE+k`Ctw}VtfqDKUQt3s-NKa3Z*Cq4
zrwZ}s$5D9C_JbGbHJk_Dsu;Yw8#z4lh2YKX2k$N3zGfYskHec3gSSkF*W7mjcqeX%
zhnLxBI1jx2g;97G9p1_d!F#12ypxU8z6~7S1|6O+2Cwx74ln&e@aFb|_Xx+|0C+hu
zc;!00y}cKJ7oHXm?<c%{?HpdlIu0*X5QUea!>hg!yf^#78^PN*0NyWR@Y<(wc-a?%
z_x=9xc>B6Jyk$DP*)e$Qb$Hsj3&3Oj`+LrC9(ZS6QFsm=-isH4w<W6|yasBYsfmw=
z4(~59cpX_Bo^&C2Kk5f>1aIE}cz4C%{aT0Def9$I#`lAl$=jFC;VtuXc&RaXB|5xU
zF9dJr)OdLJ^7ajY_pkgYJVA%I;6m`$_JjA<Hfo<k@2?JTX$;<msT`j1Lh!EZ2k*dH
z!+GG1j=@`~!`pb~0`NY+z90U0`xbC`9Xh=CX2s~A4)1{r!F#qJynA{32EbbtgI9OG
zPXFTIm2AOtGOYk1H3c?=-w;ThUBx&UFNO)y`rIc4Jc`Q%NbB|dm+<_}wek5k)KdQT
zJIW}(i21p`j+xm=gAcv`A5<;E76$@Zm@Nt{J<W=K0@DM_lL|6BL-%b#rxjWOd^#QH
z2ktbxJE<TrK{y@r1-Ei22q>pzc1>ewG+sNjX)cU4E=nl@`~Z?m;51uM$E*70MqU-b
z!MX;5K2kS<s%u4SgOqwny;wiYH=idyL0o@O1pC3yBK_&OK}64jTs~W#0*@G3GxQ)l
zBwBgDK7cIo&hi>w8Yhr{J8TK>*J7DHykjx@!LYzu^nZExuon7F4=iSvK$!&rUYR#i
z8GvbC%xqXIR5QSNUeY40;KDuA$47#`?0?X@aDSQAx=-7mYvpxp0jxo?b${^FeSCNx
z$8Xe=-@&(iNpEc-1NVI``-4vQT;smu`|Cgb<g)|&%B<tq+b-+4VL}=@4s%(r*!Q6I
ziqFfe+3-6KB$t_)b;?w?H5-+B9PGuq&mTn1z+v|RyuFDP(H7+CEdY>71zXS+Bv!?q
ztBb2?40~I#j;UzjRVh{rRAGUtGT?U%uvjytsV-EsH0V8-xa*(T`K5%KVe>)UXr${n
z%_!*Rr~~z@R*KPpSe<CnbCb8*NNOYQOTFC=&lUf=1Ub8R1^!=o$nq~1pI{2He_gC6
zXlmk>P0w(VqWcAdpzEwSw2H58nk5LE{`qb=e5I0@krGtlZ?XM2#>DdO6_yVz$PD8h
z@~5H8VAd;{nv&8EZ=Q)<9~@o5bV|Ovt)^o83A$O@C$J~~3%&$Vip5AYUn=SWnYnhb
z7wQ7-L%hv1CH8JhX25%Lrp(@Lumz|ztNsF^?NZnujwtGJ>BB>rb)5l+#0qx9zYdHU
zOY!Oz_WN!TV_4a`iq&@cvR0S|7+a`iu0Qv2h2?h@v;206y}nzN+Kz-<JUio><wf-g
z(zMt>o?lUC7P#`@?I{s-NLt0Bw2Uxbw)z%ov&!GGqHryEa_9Kou^L6a^g{{AH?PeW
zJfqRjCS?ig_9eq(Epn#ek_>`2tFe+wi}-+d(iy=F5jplSI)IGf3Il{IYLAi`1WMu=
zN<s!2>pYRUORB=91-RSEUZ@Wo9OB*1ao5Ii_pz;wRZm7&1%x*F!>=+s0cSER_*h{D
z$I(L;MujN0osiYKI8@30tVa|!D=f48I+?xxv5u;b=q~=>q+Es5q;39r@$vxTWirRh
zj5)sFPv&^}l2zg%2gnmvKnzC5(mL)(#Gr=J;enW$9Kp<F!VFGCNqsOeJvu1!VwLy*
z)T!C=6Nu#u_n65exz417UJ$NUP}2@|g&gQi!FRFbyG2u2QJrjSCJ|Z7yN<5%q4Wb-
zdYmm0)lL`edjmygsERbS%v^cfm1c%-&3kamsWYK+jRk9ZAYME31}x3qjLQM7T%gTg
zmO%4snf7vJG77*e#r`T}-n^m3->R|sC+ea0%Zs7CztFCJxFMoYKWTjAxZvLJ8EAXm
zbSjm0TuM~*#NVGvrTduZeTMg_i3|+CCIXa<X!Sjq4E;T<2DPWoqDn1A7FK-jRFl-?
zO4U_4)2xUM*|vi{h4CHLBjpD-l%FxV(<{Eh@Vnk#i|1y2v0Qloi?~<KVl|alwj&8R
z0e^tNz<R0ZHNs!dRmCai+!OlcXO$@;>a|45$fQ;n4=^?QF?1g+#49@@%h)UG3(<X*
zlhqX65t`QT^P=eIeE#_sT&{QCH*mSms^-vPI#P{dW~YnQ!qPho3rjtzrH_I^n1*G?
z{r6>AZL5Tbo}F67l{huC0Dto}9J$}jPT~0UKOUJs+>uly$QDhFem(fD5a~fO@4+~1
z#fysu6C6HFgIYt;Nl;&qJ#9m!P=B8JAyQd7_uwe*CO)%HOJ59g)SI{RCO#u??)E<#
zRv&>Gxmll)H+NU<V$a@20BGH9)e=XLDMQeKdvo<t)Py9?@UZsG7=B=NMMtU-+3(Hg
zwb#Nuuxi)JB-wXEXcDyP!~9V^lnoX?JqkNH--ue%Rl6Qfg*~Y2GwHHcbfSVsP<-qB
zpqsbJMEvXch$ed63QdiMKmQ&syXWL@U3R<pvb)LzBi<Mqt1l~)_RrD0Q-2-JEiwvD
zq(->hpX*82pGX~~?|I%87mtKQtE00)f@M(^UOBm|K>z?qK)1hEz&#RB@$x-*EOnT$
zp=p;U3eJCuAp^#8Qx7TXna~xG=l8Ql#qw-}JUCkq0hW}@&Omlr&rqdeF!MhA22CK;
z!-OvF%dvxT#j1XX8rm141InaFH1<?ULL3puh!O!-g`SoMEbP-l{K9?(cfZPGd{+CM
zy0PJ5t;du|@L7$RJIQ^y4`<s-hF?C9`*N-4VT$J7uYw`{D97^yDF>_i1N`l`q9#Z7
zZdUcWKtYo<`QCxcDfqL2bZZXKEvVitOK9;bey%;gBw1j!u&W%d<)@vew6}m(2Q$S1
z75*zqgjUfK4pJ200X>N)aZ~ygFN+pmPQ}kdtAei&>|{~2&>fs?Jc#|gcj13Pyta*l
z6>vWmyJk?a;A6zHgf%wk6OPtkBE-!xAJ<^S-V)HQTO4tHZ$y78xvFpwmGoE#Dwlfm
z-YdX$Y>BPo@sL<UiIZa#Y*PH<X3tLO)hU=(kOpIQ5xmBexV10pq-3i$F^$Mu=qc^>
z#SKU{58O{=v*CW7L}j)B;XJW0SqM!CjSr2D9`3Ijg#{05m7_Sp7!yj35XMLJq!dV6
z++QBJ0o^hgwG&1<*~LtWmPFk}%|QM5WKu8QW~7)Vx_&E(6jgPeR9W4v{h0!mpF;Cm
zOjbV+mzd(L&IX*{4lciBaC!5$m!~#)M(}G1%|_)hU>qzKBd2^8y>z&J;Q8_3^1<Z6
z<<l=z{?=IIle9OJ5kawLXGAf0{`_kP<j)?QKe)=+FaA|<c5=UWB=Z)$v!H8F93cPQ
zd^ftqAP}2MS54D!WCw3e#Nc|jS?<Cq-978OY)!tDL?OOhWa3?X37=hm(NcxM`j2FM
z;Lm$$!vsOI7Y;)`6Oew_!YfEu&6)el?bF%wTP5*5nB!#|=t@MhO-0pkw*#N69wk*{
z_novO&O>$PCSa$3oScYPfr@{nS@!mc9*NZ$oYl#4#X0PtyCnE)!bsj!tT#}g*E{wS
zUhiJwXE|igALXVdEF^oI%%M@SFs+krF$p?6&ut1>YDKS_>C%q2vyX=egH5MKaE$A;
zg9p6N`>Asv;c!Oa6{}g+{6<%nSqS~CAL`%c=2Ipk(8Rw)FYbPGF~_+5aNK&1^4r`+
zf`8hqH=*l=iHUgsoeS?bz&o-FQ+blD*mr~MU87y(87*xrT(a`MMc3UnPo6pi==L0=
z<UN@WLZN$PW?d*5g>b_LG0G@{B)2%l={-koP0vm8?01&0Nt^EZ2!7af&j+%9%~0)o
zxH)%+-CNWKcps+C(cj;6s!g)D(M0~c^t4|r{UFyV?sP8QnJYHumESB1Ypc~j*FI<Y
zxocsLNTmVt6m*{Ti!p6$Z-il9^2P*Vb1JeUUp>R;%M8Gllhv*e75}u^k*`?mwr5E3
z-eo&2?)Q)Uh0AtIBt!ik@v^#<)(EX3x1*7lcz;TIa2QE<&nEewT>C~}Sjy|WyEpt;
z7Ma-5%`D8(BZ(+5N#?~(4)bmE8XcGCOBLOm-3id8XKL^@{4G5dI5J+?RbD?yTCzi}
zuC7LxgW^fl(j6b@NfHA~dvetdTX$9G<7WS|ZJDq(9PE`QHm5_}+4XtXXKIhy!M2=S
z(y3O5!-3-_aR+<5k8SA+oM3^zB(ZO4U#_i3+7cOKI>%{*b(~*4&w81I)$U%p>wfn3
znZOZa-I)X^<Pi2qtTv1{rGK4(u22(4xvE{(%N?vHEQbBLTO8?qkfD>+WL@g0c3VdS
zurbqF?a8H`0H-f-+~}z5<AAy#Ul*&%g?we!u>hb`?DS{VIMPqThZa_oHlkXwj)U^!
zp?vew7ASu*5H!~HBm|B_@g0zB2UIfxtFf?}7O};jrlvPTave0w1g)9?g|FZ@=Gq+(
z^Rb_z(+b9E#SaYqX~h_4V{&1HQly9G#;^a&XjPNR=PAuLCq@Bmikc&-QHTGyrkfnP
z-id$%-sl)D1k*9Z_IXxyJ;@`u-)aBo<r1%VrFIdkx)LV9<`gb@WOin@Xwz`ga7GyB
z<Pi2Gs$Y;bNNep7JztB)`sFgPCoveQp34x;6*N#TACeMoFrGYwQp#5*Ww0u=4T}2~
zO47d#fp0$A@d<hod-Bi3Mg`8IZZgSk5}VaV0Y-R5<%25vRRowJ!!s)`{i#TLVut4$
zy@G@llQ2STf8eoRTxsZMyH3GWLrI&5Z~|ZdJz|d@+&&fs%00Iy^Ps4qFLfcwGn@-a
z!w#nQw<pE%U^Pj-JF|q!I&?pnbOavbEabm{SFQ1y1SFOR_%(!dt$xMOq&-Bu#<UtN
z<Ij5=^FA{vK?uDKbO-DE;8Hw@$@>+4$ehG&TGa!bCG+P!jmekm$&Vh;<yCCYL$UVU
z*}pxvVwoHIwP)kxXnQ^--euZVyggTA-ZR(4wI`3aXE=WN%{9E@p7uz4x^`gu_2h%?
zgXGC<S^b6rh$nrp1KY<ct;l5fuC0Mr+!izVw&=EIU}eiFsw~Kp-ZJ>&Nt4xw1jj$c
z;PM30n|MiwF##13eR)qJ3~%0}(_w#f<J!~KZ{Vt}5>+zR4jG*P5T&a9lKP-E-Ccyc
zv6)=_Jf>|<Uc#ERH?B#bH4fiRif@%sN$Ex(r|#<%wLNo}+|?zkAH%%6$(N|%o_}5N
z=QO4BdhJ;#tx*)rKca+y*_~Zo&iL%^Ws(o7n<DvUn?oa`@za_Kuwp;rDN*bPJXcG;
z+cb2bBjwE3JeQGm&wmk}KcUUM200p5`82-!Mx%w{7=#8u^p<+wM0ieu=iY#3yyyVl
zYQ}zh^X6kS-A3~N7C>S4OICRmz~a;3E$V!eemj;w5@$SYUQI?k&s>BqEq!-e(-CPv
zLz6~-z_EXdgx0*o4+#5TXGgJr(VHCmmyt}K_pkS}FnFnF+Lmmr%tf=LN%GcZ;899b
zk&)Cx(AuZS)KmoGSoutNgiSK90!q^TByqb&sj9^@4vqhSCx5~SK=!%QaPC+*I@=`G
zD5J@=-Rxj5G(ejcW=DHHr;hi+f~dPrf)PfW*CD{8hf9Dj%Qtcn#SqVh-GY<3;Nk?q
zQT`Q=UYs2-%K7q5gl1VS5V-lZJ>P^i7i4}(sD~DOb|X!XN+9b&GX4em@5XOsmVKOA
z{$8I!2$u1Kub;mMi)-~&xNuoz^SN-CkJ{Pv$f#)+Qq9g=@*XYTA7cKzs}qFaFU}DF
zOxJRC0Pi7ybOf*&01)0CCiJ<`<j@hBl*!>-kHx-$V!{7HbN?porn^a^yd2YyP2}Lt
z^hUrfy%4yA+X>tk@T2_^!8P_0xU+WwI3gd-_-Xc4{OH-DiHZCq?WKQ5=*yol!!=iN
z`tl@C#$o-_2%<_W@pG#FxinhpUQGUaB2QKzIdqB616#CT8h9Pk^xWRO>u-q87E7(5
zH)VyMZFsECQX{PoZPEx1`1JnhC$pZ^PDxFg^!LW_`R#LI9evos*U=rcrpLb1LhI=D
zX|#?I%J#qTb%cT8kiNBKMb4a|v_~&pN~>_<e0VKJ8~S39$FD9%b|#3Xf${S9aJ+o>
z7G)TLb4LeiSHj}F3d+g;6(-47lp*=%qPx6qbb;5VO@<{A`WQf;Z3fT?5KTKxXxjI%
z)YO101nmM?OrQ8fF?!tc%>_}$sY!Otlcpt`5(FsWIT)G_J!sAPwsYFGZNypXROlYO
zqer(6q0O={*DAxZH%ftn2H?jopV$zFiRMJ}KyTivEE+cQfAtRcebL{VcPX@An{g$d
zuFv&Frt3QsFECxFHq&&?!eU)eEcku8SjsbCLgy76j*4*5>_u}=q-DrKIpALg{If*B
z5(A0)xv)GpHxb}}!H@PU1nlagb#QtC-I3q~+A|!sTm!M6dCy_K8z5ika-Q&8Oqh5j
zS4~*GkDudu^PZTBSS3Fk59~{&`M2<2Tvl1IufIM73LYo}M<k5uZo~N{49`fAE+qdd
zBbWbmCSowd8rrL~Npq4on{;SzYD8a7=U2ZThEfdBTlF)|90yD<c!^%{uY1qKU!mcn
z??#-f*U7#$@g!SrDkPGPzDnXq_9z7P(_yG`VW6f)*dK4+t=E4m-EHKO@*%)TXmjlT
z>9&~5GW4exI66f3o*O~|ab=dj4cCPT7&J&KPW#*jJW0{+y%Na)aM!bq3P?`g1AU4=
zw|cgJ@?i{YR;>0S{4D}(k2JoxfynSdwjX;msHm&bWnZ$S=9?vdwLp$XW?N?a(+<P0
zG}}kN*^>V!{L`%t$Z0}L#GCwyC*e6`fCeLyp#!)I?Y%3;_V;HnQ+psS0mT+$vHirO
zC$#P3i5t|e7{RC5YbJDGkfY5?(^rZ?`_p*RqtU`9PUyOJb3*t1HyXqEd;1%W;S0q>
zB@JCEp6RkrprxbumIA+}5x+G?QM-{X`Ubs?69d(b{MMM@GsIkVBa8EmGya=<x#G*<
zCn!F^+#GXg1kFFr4t=B84|;A^>^+>lLZ^Ol?A6sed)02??A0i|5az^jEP^8TiZ^V7
z&aWXr_nYXv#Jt5q>wg00p_@3B_2a=GYF?ik3Q}WJp^4K*baCQeWdWukUH1|Le4g)C
zGwH@^3+E&YuZr&JlHWx~aJtDo-x+430<@IUOwAZZ_>sC!0)9e62_ao40UyQc8nfg}
z1)Ll}oB;a|jT(ZlikcCcA^De^kYRx|MTJMmauqQ_ba7lSrJRuhM=b7S1l<)%1fX4t
zn$?C7)vN<jIN!_<T{;E?tiv()4(HQl^w0!BdulA7AfFBA6J+;Ce1gn)ollS(=vUVe
z*X362Ey%Q9@~x!>ZlN3B=r*F$qg3sklmvd?h>Q8DDc`!2?9y-h$T0HaZwy#V=-qho
z;)stQKsS77jagZX3q$<~I~ve(S=C8+pW~nWjlRKYPmhoAT&T5vM0<7|urNMAXj48X
zji`t~qJe+5sUWj1WR3H`1FaY$`x5t{w;2_f-#%Gw#U4LIi=q$*LP<GA191^fwNA{8
zvwvI2w0J$v=4i^_B%g?Ganwv%P1_@RX9(^$XZsVILVr~Jt1_T9T%H=xvMO|M2P<0g
z1DUXQyOXs0jW~A8VTR?z{EBM%a~f!{{*2@S{a&j1>Dud~`N$>?<0E@+7a!S0uQi4v
z{_zl%z9I=VL?+EmmwdOwgnukUn)Fz<6zBuqI&FtE>2?$O*%7x(n`RPX1e0Xn4oHA8
zn3PQ8j(%fo=pk5qjOl)p(e>e-@WiR6Fb*lxY^cZyQ#e0E=DdwBUjkZeL_!G@8-DY%
zV>HweBaS2vzyF{`&~`&l&!d0-u|6k!w*#Oe0Q^`w>N44212|`x>(9-S!%cE{8&Kt$
zz$~q>E4FUQ+ulcp>IOq*i=*<G%nEiW{;X!nTMvZ2lSk)~Y^PYIpC2R!u~x<2f!-)t
zQM2Noj2`R~(47fQJv=kH$)8J(a5Od+$0-QA3C=#W^7bcI_pisd91wo1g!Mr+ZsG@8
zN8|L&(aMKl@f<~6Y7C9QuW7UWxrZd%9_@|M=#pT0I_{&m<s@-z<-?AXcnD;)Zg_@W
z$91Tiuo?O67_iG|CZ)f_8i&A_F)|!@<oxis$T2rMNZZR7a{u#K-QSu;$Gv~p=Pyp+
zhcOaaolZJ#z@v*%bXJEf;^uLYs|nQ*x`(`$(RolJdkXDV(cZ&M<#i8iJYbOaMGDtL
zF`;z3;`SJf*zr8wQpB+p!+4V|cSX+Phg|cm%tR{};$G?iW?~!6wR;pgWO^HZs6m-^
z+Cv4&LX;4i&Jl^yUfmhv*9O^(r1r;e|NT`V6&~~lsLr#d;Z|!_{6!9!y$%I^x%qx%
zk?cQ8N9Vb$5(C&c-?0f?U2E!M-M?WI<??~(ZG$=3ofzklfxQ`!z1uQmJ8ag8R`+UI
z?VZJH?w$zbK|cZnik)lK4xcpWo^l2Bx<hW+fbSEI8t}GTnFzhy4r6Fg)Kjv$`=(OY
z#641u3$>$8u&O7}(%NNBo0aXF7-m(dUMAaju&N)BQ_dY&Ginlq<%%$R+F?JflPmi8
z(^kvY^0OkVs;AL=jCw(qUSBKf0V&XvC`bDuvo~90`%WGjP4PpIbBZ$DnZ)1-oNael
zKpZgs4e!f<<rPJEGwW{_c=HyeXM`BJoIRm^H5=uxL@Sql@KjuNO%$*j`PHt8u&x9p
zXPM?1uc!?QEL{}Qv<bZiL8ogcfUaF6Bnm~<?uj-mZ*f&;s{`Z0;&^Wm9of6xB@R}z
z19}JCL>k~Ea43=0z-~A47IjbHaH20OBPT1{W79vlGtw#9G2NY=?zuQ{0MZnrEpRY#
zx?-}i=j+ht(0Sz3ilb&|U1QM#=uuG#o-~8pIgHHsdL?gD$pD9e8RQa<4)3)2cMEYs
zt=pQ7hEn8qjVaXGf?hn@W0lz=UuO;-e2u`3svKBK!UDsg09O$ip_fU7H*cA>1O_^X
zWa2XG0)bUsr#~+g_<1-yJ^+u{2dSdWy6hpGB2_7Rh1t?1RJt>ut4+ErVpYe99WF4j
znq_-g%{;1ETZh6~18-uSrb#7fh#H0pbRhZbXi14mGDysBb1#In*a!_A9>;ly=b8b-
z<6zGZs@**{r~=cJd2CR#svb$<-OK2gx-13#<4P6V%>C8)WdCZT?DLr9Ngmj4`x2#%
zaZ9~Js%WI+S@j(&5>jo#44@Z{1q(#%s^lwaWi^hy=$QqYEE|fUr|(#QO?37+I#sl2
z<<uCSD66X%X6|=V&@4x1lfg3|{kv?k-TiF+H|cjjOIA{wHjb+b-Mn#Jl7yk9S`wTa
zL}|00AwjaYJ$8k(X+ty%aKg<%oc8=~S>Dh+zY|~wM(3m0S|d5*thA!l9!8n2#Xp;I
z>2AU&m)f9BoFQ<XL!Mjv1NKb~x%?|dZ}$)v%Rh?%e$6=(0ll~mudcL`4;4s9ogoAV
zkJupu+E{6QN6<gl#XdL3KEEG<!~jyeo>hxw?TBUlIs&OX_E`|4pK$>Q@BRc=qT!*1
ziu$^hm<XR@wJ84QsnrrBqSa&Q`vc?I!610sL0BEu_>&33O{HlSvbY1@>fo)=kXs>_
z?o^iaJZF`EDhEzjoZ?QGdM0pWyfY9^aEg0o`A7EBE^XTbpFm<=h`t>QSj|>%cLJ-N
zi_5MX7-+ml!ZWKreYGu+yxqC%<$z25q;r>XJFD4_h6lE0Xz~N-sHO_VCW+N5)<;10
zz{{fN>lJmYOKtQX5+NOyuOyxU$+{E%tyTO<4bWUgY?Q=4wq@jer$1|yRN5yk>B5Ff
zf#Vjj4+D_l&1YYNOKf!c6N!0u*&4+@sdN{Ce3UAxS_5sg_4(%vVOv_3v`my?sq74#
z7$4{vA@=xl(VvcB>k&_S14FvnB*-I)ZNX>7h&>?nF4B!kJM2-wue$9R)o%iIUV)~2
zd!Y06F7-1<=Wd5_HxTdL-h<HpHc}QHpdSMTg4f63vs#z+j?5N7ARq-0SdS%Hts8JE
zo|ODqK=!j%0CVy8^%Dfdk$8%2NxRAEAIYTBQ__;%93w|8;whjq(5*8G;u(ML$JDJe
z;wh=Lg`nL@6;xrzY^VIQhP=3>j!@AUI6gkmJwoj8XEjin4zbl+H>9f-P*DeqFgk)s
z=yTHEr(dwg`L~JY_yUi=NAVo7?=2z8*5!XJnQiG@(uq|@2X4f`f%7&dL#;RkXjCNI
zPD$JY1Zalj4FE^HS6Whslw4ZULO;HF)`bf6P^_0G%>#n3>PrJgY^5T0AO)d4K&`ay
z#dLeU<kuh7tuj+SDFzXcDec8MX;$X1z*{EuAJ!L%)<0w__Ib=oPU`9m#r_SeL^hq7
z49qm!#7wtZ*ofQUUokKd1<}lsw;@ATA2LyXJj^9`tMG@sN1A|O_ABKrFl7YK0iSK#
z?Vk_W*|lUB4G15^5&Z_yTaSprnb5!y0}BIP*j*2Mb59iirLcd}8NTGJB#JKivSsy{
zZ0nUawnswV+8bEquh0QUpf_$iP}rNA?Clj%Eb+FYW5;x9lm0D%99b8&DWZl~u2R)5
z<U-Tkxpa<OpniskZzZg@^1zR|4z0kHzzJ4?dRn1d6Jip5JSTc9yvd*T5OzipgXr<D
zA9Cjz;g4bjL?s%Ld$yl&Uqec2J?kUxQcX8Q7R(D}Mi^j%fY7%U#N8nI*HwI+X1XW3
z)KAH@8hCzfVUNhA0Q94Xje;G48i_@L*coN@9ur7ex5%(@%VJ}(3Ztri8lky3uvJ(0
z^}}zm`psbc&Pe!g@jIp;e%}N9?&J8~Cspltsdrn)xTkOjtcdGq)MvnKh>lzuTt3JX
z!z^I**iHUK9itlNKF{=<mxOpt0*twmV0%2O*t^^}!Y^#qQJI6gO=YGMixUc<AJljU
zsu?IBfH>>f6OUz6vD&C5bc;f<+CdE?DMEe7SghV>f_ZuuwO-T!$L4<9nBwCLPV({X
z3^<R4l3jDVrEuM=2KGY0X?)MwxfM7;YY!?12c*q$9L08NbBv?dE(NwHIR7q6wK0z3
z6npvvDqwGpaTRUAcqB@jV_ZcWa1~pF&5+H3I>`h1z-K$@I`7=*^Qdzkro`)FiBtNk
zbKZ(&{r{kzYReBAgrE~r`sXQ#&odYEOr?~(sd=LWZS0JOaA-&<F_aK>g`J`G+`!M%
z?hT~!cpKb*K$|X6Z$jN5{14Y-S8$F$aj2r!Ndax99OzDx#X5OuU9M~kY(d6@<P%+C
zR5R`G103%uE@h~XqxJ-XMtEq$2NNpdIMr^T+~#6dTUWfK4XeQbrUl~m0`)^@AOuXr
znWO^olj71{#bPTDFj^ZfSh_2>z}8k=+9HcRc#`zmCs>O?Qg1aneaU#N&1#C$tMf<V
zuT3@-I_QW3qi{yU-(0}|ZMyEU9R(%d?df<qYzvSaSQ{q??f}Z~HlyCiqgT^?G`x<(
z!!Aj!4_$)iwOmTG?a+Qa6X)Ws>DaJYt&5vxb>n-!5$}B6iFgK2It9r7n&@I)uMR8m
z_M|>`?-mChTotA2&W!QsHQ$6j!mq&tAoa}ph#zRvEwB`khDH2?XAljG`3L{|*P?!A
zx7;LGG$LGh1aW`4G4oh(yr}zg;89?-DkmOkPnoMO$`kS%U3o_I02((HXdYZ~zIm{1
z&^#zs4`@mIXew~G#-(!W|K)^uX>VV6w(80=%~t2-nIX$5wGC=gu%<S>CfpXykkW*#
z4*YJH!!2}$xJ$cJFK)r&>3H=bd3zVS7fAl3&!56z)Qge?eh!ZZ<4v-yOUlVNv&wq(
zX&AW~#H&2K9W?0&0A@N4u;_2;cpQ)q`}Irc7coDZ+(20{Kr4oq(4<eoVa317K?hKW
zG~0*Ve9_WRM*F>}W0^<9O6<T)`6WO+@CUP2wX7Kz&HfC@IB^1aeo1Ip^y_a?P{>~(
z$Q!TV|0N6<MdzkuzNT~c&_JT5f~mN4?*HjPw(jl=%WBbHS-rho-uT(4^k46w`6V|6
z(3QCMo83CO`M+(|blxi1d~WXmRGVS+P5j)n9acMtpabqYym{=>^AP(pmtbOkEOAzU
zLT>5fy8FX5_1{3nN5E^7qnitQ4ip20MnMP`^$pwrM)gH>{%^)|#sU0uzw?@nBxrZ(
zD&kPcwRtk1QK&-i?Vil4<^YZ>%B-$=cP?4XsvPhJOL!4$fvT#nr+YAvKU}^=)(4#I
z{er45S@jsYwq9gi3H<bfY<tx%R!xT}D)&V1LnrjjAnaA2CLWKoJ}~d^W;?1nSv7fF
zRJjixm}Cps&Z;o0CV3A;b==%ttj2AX3MxC@YcSx*Tz}#sVE&xA7h|{s5ZJ^<Zlw_}
zF{4!Z3~>U<13Q>`47=!gB+@<4{pDp=NpLSDOGe7AJv0Olrrfh()nkkm-dN|m6v2Fm
z^Ideolz9xjq))>8m8&oZHXLutk`#Np=OW3sj&mecE$-2Z{eb(@%wu%4g1C>HCW;EJ
z`9MS=WSQjSKK^lAfEoPek=g!{i=b~MD1uPf4)GgFY>1qnP`D6DJ+7Iq$K8eR{Tu<3
zdIUO(>S@`)2C=GLiJUj$#a0<n6Uiw1JqePUYt@!b#;>_n1z@?ZN86fXtnyJ(94UZ*
zw~2vvQ{bR6rJmIkCrBx6`jIVsG2m!SVKtsajPxBiXbv1QrR<hccCfdLlNJX8M)r1#
zlyVY28X;3Md<cz&XDMa7gm-5GsXeFcM(4mnxx`$j@TSXvt@f5#jUuZ=_wdrDNY>4i
z4ev{(@D7Yslg(;Y<Gd&k1BXq{K)cbI(hW%oN=g%^QuC(5Q!%vfumv)hoq+?Uf|P)q
z(!<_f4NYu<CWe)io$%d=MUv%|?$E{X0w83yTTW?~?0Xb83$_RcFsuUeKZOFG_%U$+
z;T^2%aZ=re<_d0S<S^S?XDrA(Mz^&%ve<dSQJo>%zh+Mr;#pa^!BN>+z-o@Um@CLZ
zZTIZsmT&&$78xdC0+N=bOuGHS?cm6@y8eP>Lq}mqh<zS`?NA@tQ_)!dMqjw1PrRo$
z%%1!Tw)pbZi2{4U8HS3J9MzeUy^B5d0ba&n*fwMkpt=C=Kzhp;ILp5h-M5slOc!8{
zk(Ff%tC5YBE$&NLO&gv`1`Z~cmzm)EkiHgAD6<8UW&20yDs<#6QuJe5Ux0t`91a<(
zXJ<oi9J)csvZ2_cTfZX1-Kb;!)1Se+e|ZUhd;1H6Kx>gz{wB6|&6~ykYZusf1NIR(
zsG+Q?TRd-0%2%UU&7@n;Tmjr`&ED>?=i=a2$VSQJwe+8K8a33N$!f_Dbs%U!fDu@L
zdmWtTJv^2p7(0V&>C`4)q62Bq)zkuR(;Y6s%X<mcoyd;+-uJkv@*M{aoPo$$ZgLO7
zTiBIj=^A9=<j5q4|GFg=rpxT?YKfGTp4a$cHu){X3tI1*R^jn6tmfgpRMt9~G;C02
zbW}fJq%3HP?t{tN$tpWh6syUHVX!)!fiDvkL#c)47&JBWSP14pgF-wF6jM9UBi(s!
zavFf21ab5=fHm7Ua!SNz<$%_7IufA>gR=0`_vfHNz(!3$Hfl<GK45H$F~0Wx5UKzI
zhHf$EgDg44MDeyTRA8}qTwhB!`Llo-Yi!k(<hM<s8-uERbO&%Oa%wE0HQ+DL05h;H
zC<?*n&Y%JRa$x3{rpxx@?)mZ-J?!aPngzxFABo6yVH?h%abDjky%`{%78)a;j^L*+
z;y<BY1FYiXo&aJD1wH$6U;#aJQ4XWA`$pKC???Y(!$WDIp&?_u&=qSdu;pW*ojAT<
z{+-*e`wA_%J3fxy-6S>HS7?oUEi(EF)8pSwzQQr_?`B`2IsV<^D;ydBp1wgGY|q9O
zt+~B&)Y6E|5xTUo?~_XPh^Wo+`+$bOi=jt>ms}X}4mj+7GiL-c;Ca;*{5f5>R-#Z=
zo#9rl>q<%{6b4J}Bb9pmfONd7(>(^^-`zzaqI_5u5HytQZG{pt_tW)OHeJKVWw>6~
z#YKDbzj4)qlxMiI$OS7z{d_&|r)p#Py!Xj?2fbw_PUP*qB0u_1YJYVqs>g68!a^fW
z1pJd8$5_j1p#%O&@UH~FJ)o#l5v|4uT8UG9>SQD+p(zr>s|jd2d?LMKQbI$;z8!C+
z3X2D~kMnH2d6S~ebN&yTNBc^jc8adcJSM&RSaTwh^99;?&0Fy*c(Hh$`uPE?aRQsM
z#u8cklJ9Yo;=9AFOiGbi?P-^~7b7RI+E#i(KE0WqP&%uVHb*2*1%qrJQN-;$*1}8)
zcy&pvm&H~&5V8QItr9TmvaL-P11QBkzdd>?knc;p8YFEbL099s06oMX4D^fo$?>}b
zHTR;#0=Q#fCFP2~U90?)%7!cIDwxx&V1cYMh7@UI`5g;8$S9h<2^&W@QcvG()YCEn
z(Skj<S!PNXu&CEd_Evb@DWRVnbv8--c$;ExE`|&!jmJ(Y2FG(atN36w%rPoCDa^l#
z=y_qb;#&cj%>~RJPK=4?gslJOq()Z1?sr&I+CtLP+|sle|A*33@CT&bUucqS&Bf|=
zWzsycb@dOWEzym}H~#_BvD-tUNgXsi5zyMC*z1{hD=i_;W$?lyTG={`jU<WNm7Jl>
z{~JQftiAov;(MZ9@%=yx9!0Kk%>rO5NSfGmc)<x*;fZN)D0Hr+h`VA_Yl7m>N|3{i
zFt&euh4rE)0eiDiLG~LrqahM7USwx1FX>y4JF+1Mdb=DEc54d!nLQL{Z+<HLnVqJk
zG)Jdm@W&zv2kggq(I<5smI6nTB(+&qTlIKoidtV>Rky|>w`p_zBONkybxuy2sqC=a
z)e4hc0n`GQ7}_hT^`zX$YUYWN?%u+?TP8w(7l|5-)cY>AoiDGw^rSDZ_VX;SR$5-W
z&a=FZ;_}+Ym)9;C64kF2b%&yUQmnQGe@b%7b`0%Aq0kb6RoEk`^B=&wZM|JGZ`aCp
z^Z}qul3Jl<AAR?hU3lTgw+t6PwQM)EOnad*e)-SPm;a2&@}B|ApF+b8TK@yj19#KH
zTLY{4VH1Y4v2~;3Bla_%Ick%AGvu7LCbsS@dQZ3&IQk-UL3W{$tviAVvoPT@NJwGp
z_F+OMCR`2)L)p4!Ot4_WXh=w9>)yr$1_^~}1=EYhuyudLMU%6-o%s*bA$Q?2m?Q2n
zvb}ZrD3A>uv>^P}QF2b%D9F?{M4x1+sES~W@Mlhnlhw>0T0IXB-)rWl!h;bX(yGzA
zx$6MV#A1v9)EctJ>-!?t*VQVCt;Kk*Ur%t!BWs(c_{YEm{UUL$fAW~wIb~x^WuJL=
z7EO1JF_(SpX)KzqjJd4reb2itRB<pBO`kXB^0Ie5Z_uj|Uq_d{;dzB#lks&-*(<yz
ztTVJ;R*!ntpeUwsL?)3w&r#10F)he(d9shE&BwGO9G#!)X|pgb#4*~Ur%fTG!jo%y
z!BMvEZ;%|ioPv4*-G<)d@FL@j+65|L*?x{2JjwQ>ta2M(bKz|Rnt<7Rn7<69=_Uix
z&tjM%Xy=fQI=3*bi`AeE^i!=5oH4u99f3Zx?UYn{L^e#eI)S(ru-XRL@!+RL`^7}m
zFhC*;Z!Yyn;0QeIvbEtwt3T0!M;gvR806JnbAj!IT)I;NB8~?E^rK<yA~oMwOk(>g
zlkC$iF3hrTxa@lvT5?<t95+IjVY$G7*M8%I%Hel6)c(FUmTC|3+AmOfuNnS#+K$Pk
zALw;Ep+nBVIcU(=a_Re!xGnevZYi(`d~+>?n-O9RH;bWps6^KOt*E&U8ufKNW-6@M
zwgcaenR7a3j`D__4>MOQYAGOQE#T!xgV1t94xAW>mYv!V>;D`rVQ5VkAE#}KcmQ=%
z)Y<0X#$+T6PF#)7?4oqG4rA?lW?@1KB-q%x4=^DU6NW;<HEbP*)b&^}Ar%rPv2_?W
z$AbZOiY7a!7pAdwKc_f4h1tLtfUG&v0d#;Ok>!+)Ft0Z2#ta*yY)rT=I1!scXJy`i
znbq73jhSzR<vInPp&j#6%33^Ez%w*q{!m!1m%=mDK0meWEzeM*7t?P}EBgZus#GdS
zOPZsW;{kPh;0Rfcw<)Co=hEg}TeDIMTU&VW%}{3@o}un8R=<)1$AB05Sb`tGd?Sp)
z2RIMl-^U~!2DB%x=r;{cU2q!o#pWX)jlm-nw2<F~)g7q%Yv0NI<p~j<;0dw{U9(Vu
z+56*%aH+o&!JFK*M;3QVn^W~$K3wFuC7p?FNg&!z28N+QUedb^4`9Weurn1J;m>?z
zbLR|&Ew3;Y{>(`uwzyF{y`_&L8q(#Dg${J+7!QM+qXUwS>sO2z=0XZ=Z({4#B_V52
zYR0Jy|BS&Ukl<OMPbUy`*t$p0!sIB_=ab6{6KWx*Wa$&iWrZ0v2UD)lXOzndQz{oz
za7S=i^*MD7q{tvUbx8JZ=Km=Lj9p<w!q;95)J5Z3?y!P-2CZYI^hmMcL2E0FUMGxZ
zQ)DH-ZNVWt85zPe=N-bx+Ub)^cf_q^Mbv^nOvKI>U?cU-U~CU|mQwVsAQe-xC`I20
zdb+W*l%j6~hcU&ZZ>%mW>;NA_3htV)bF(wBma4Wv0*<V=9z#veGV<z9_u#iz;TtBV
z@ESj(#OL(Hp}f)-N?fBSrt*6KL5WKsk?M9$pOwb^cfxD%=h*5wG>q8=-E7@5;59un
zXb`gtdSD3geF_a>cEK68t_0u5(Ew%_oMr1A_&yvqx^sN+GT^<*K<4bef>s{D+V@a5
z(O^#NbTUk_Gm-AW0BwWcJ+Shcwc+FA=$=bGcmcx4Y5!O8lrL<?yFFu|2NvAUxLpc1
zbOY&0=Ytfux|Q!yGm3!(OTOZE$@h>JbkYg)ZF@m1u;>Sjl3g(wng3_BiS#F8!O{eM
z=FfqduUG+TclYWuA9x%{0kqxJtIzy7Loo#qm))z+{5h$Z0;s#HSD*Qc6_7UvkT)`l
zJe=*Vq!*2QX*b_72z`<olu$Clz_xMQ2BNP8BW9~jTFcn~+2-*bP>2gK9*49lWs05o
z?fd++|6!XV`}`q&Q7U3j@EV-6w@D<45DRI{E`c?2Yo9)K=ci<s!1BoN)2HtIq1h#{
zGN$(FQ+Ix9b_pzsEBpA=b)@mBdof02M?))L0SF4KHFU`oID&??AWRz7-PjfsLA%W^
zTcc8XNHN?OM`(6IcXv{d(|{(8`F}%h+VvSnvOzwfT^giX-B0L;rnW0KEl%jSaiRZf
z5c;p-LjU{yh5iq?(0^1>mzqPr9_X*h+bC(LKQhEQ#2RouRdI9~=~Z`9j7L)I32P%}
zqFLrN>4y`9&B^-V%-AzVn9M6o@}w1{u`6$hQ)KAk{!8|W=wEc2`G-6#h-ou<p#GwV
zN~S|e3zdxK|1-~ja!DjVR;K-(=Px0@X59ZCq(Hv<!f_EVhfSKF(sW;@3%3|_W$uVC
z(+pez*%$C-`p72+-IwV?@;8MD8sy8=6!B$h8sN*+j5RHcH_yl#;LDWU29{{gjOGUA
z4`{8|C6fz~ifzlpXgm*Zo}+u}w^?!gncu#CSPQNFrEadec)LM&7V~lnzXbUDmr*CC
zChciG@$+Bm$9?hoooGlj*F-_G@h*-VxPB-RO7WhcAhS-g108$0ZZ1r2XP`Y%7VFRi
z(N<Rs6;#!&xfLC*ZH|hoT?e_W*NC#-sDbs7h_}W<;$0eucLx$@=VT2pJFE+V;to9e
z4(&w~i^{#cffmWzlpVT=+k?=-IDA9xX4yY~Z?U~mVy-=`<|0`7D~yipQ||pp<(+Dq
z6C>05vsPe?R3Q3=zBFTDPMXOxS^rjuitXu<uhSJ%x@QDDfxu|81r8-npO;~CKMR$)
zZ<T#(fQ2edmso9w8i<@+1)?Wcb&-=Rw1!k*r<210?U9<8;t(?xn%IbZ6J6hvtrtaj
z)}P{no+vaPMJCx^$13lSjK`+fV6@0~0QYiWwm%J#rvUp86BwmtGB|*dJI`Ryfn#fE
z=;HPL@Sh0yZ%>?U&l<8iivPwq{C^sce{R2uCl>bYtg@b?zg70Hc$E|`U0tl^24p|>
zy0RPHdpX`uBARj96sYz6hG2^RjSoTOD-FTLx)p*Ar`oLPZo%e$CNc=XR~L5wM}u(m
zAN>ZQ{aXfs`qxi?p_(GA?Z&{x{$We*)9t=^w85zx4IpU%-k%Rh{xPb429DmC6!jgt
zUMKTfWV~}0Xzroqx#sIwC0*6~^KJxKn%JF27x|`gRM45mAWdNf9ie1+Nw|-DHM_^k
z1iXjm@H)}__6)9dUnNiSEz{(1qmr|%<FRC)qZ>xn6qj9_(;Ul-W@wFx#_OW*ehElb
z4_DARiE@ixkS^KKTcB>4wyDKHW)r;7v=z^f6SP14m3+^+Gl0f$gJZ*2B3{*0uAeGU
zG=V@#TQxjMu)!`fp{WwWLPc7cjyTup;No2OF3^vas`ijDQifL<R;%2UXytbs!w#2D
z5HgQ(+dE)XEHDaxt%)0jL{&HWx!YP2%2hB5B*sj7sdE@PM|goEO2W7P@#aow((i`}
zx*nF9RnmE@Kk4kVQ?ZsL?6UVc=<?rQ=Ux6-RvWmmX(oF1IkE&3-$W4IX3v{wfUwE^
z#G-pMo6)cRyo!_Vdj%mS;CTVQ+|8QNA0_G+M065hLt4mMWc7VH<s+_lU~f~{tOHeb
z5|cYv^<8*NsUDJToowCQFtPn**1NdX(w1+iXH_?1dUY9k<L{6*HOx7>4gaTT#UDz6
zP@=SSYnEc~U{$?%PUY>(Vo#n%$$q>;7n`#LA#R!lwfS#Qcd}U3dyvn^Elps|&@(D)
zMq|%t7vz*ZwY=FK(CqGF@i6vghnxa*;v}S;L@)O#-K-iTzBY15y1JP!TQZd4cyV<U
z&3JGd*}Km|2{-&6tNK3b@XMsZ409%8%0BG#d-atltDkZ2IkbQO<{xo$VWi4TNpJpm
zs=#ch5M)YvPJb?eu|0X^l>$zcW#~6nJzbkf1KGy)VRA||_m!C~q)$<vYr2lT5I_U?
zWi)kw&LL@&rEp{5kO6hW$mNLaFCd$<Y`pf(KpmQuQGZJ4Jl&U-T8uW>E#yMxQ(W0z
z3nSM***K@}idb(;ey+u&RsPd}q2DC`0<(<4rANW;Hl*4R8arq|{alY5c8h>+-Fo?2
zYD4VswxLr1j2p-uJD%Ha&@D?*pFmPW?va}rjrw8a?EtgdON|CW*A=u779xaTLj!ky
zk^woFt%oJ?%Abev75lCbXXd5YPoNVt-8m<|Ws(bd$r~Ui1S=&ppCs#xOzuNw&I#mr
zZj5m}H$bAD5@*E{ozA8L-2>ffQW`Z2L8L1ExTB||v*~Yu!JsERP=D=_FjruvJU_-f
z-=~A$CfVCyMolIuh91RdwX({OY1WnDjWc3!a|^M-*DmDjY5L|ggtQ286Ct3GFP(F_
zc|S?ey)eb=R%R#g<%a5Z+U64?s({@Wqtgyx^<Pe0MprreS!E5LA+5?5+@n}cetzg`
zY*mCR27kxrfc8-`cb%txUW-v}!zCH$dpNE^l6G&G7;U0v-8)3!9%pX)TqG+WNouO+
zG`j={@5(66mi(7I?L(ptOsr(#)O(;oU!EATSB_83MH#}IYZW}kNPF>gpkf>Dt8u~(
zg*d=9Hed3Oz0Cq^6IK~-++ROK^@RrF$H$TzM3P}y<;%4Ex8b4IGVadimcJRu2?F^;
zJSU<xg3)sqt1(n3hrSQ<DR^`$X-PV}{Uu@b=I+pVUEdKlC~a0_Vulbr(;W_P)MpF&
z(_T9iF;}A9|91oTIDm5<ZK{Izkb3`Tih5A{<Q#)_r+4{lftyUhnyKT+EC6Ia1nbWO
z?0?b@6%kng|B5X%jOt`-P~#rBWNP2E*nH1|#4JjbVu?kNIGz&kiY49|KgDU%KKpQA
z+%*3apeA_t098(&@9y|~YcbzV=gn8FyLuk4-HDlI&}-f;!$%2P_OOPqv#Cg5npeZh
zyc$+!CxFqmq>(Qz++@Fac^El0@ilUVlv{tI`=>ggHPffhH3uX`?FQ1dpS%ka&Zy8u
zl%P-Bhdv$>i}fgJ55H?5G4v^b5Spp`1biG{l5{|Nxq^4ODf_4EQzI3av<yA5IhL5A
zjea*GN{!Gz|9O3!KiaBYZlm{%=pKp+FaBwNt;PYpk+?^q_atBYlU6^C>B*9BtqHYA
z4B=aiQI{9$=XV7^PUrIKyY~;!57Eo#eQSB`XX!eeyatirc<x7c7cMH_LHf2J()k`U
zOZMFoo3*<(A|J2*BcR%rZ@w$iUM}vDZ(XQMMt>jn4k)r0W;a)~y7L$^8E#|LLz3-#
z=BV%L^=LI49~P4hI8TWATS#hqO7Bxqyr#KlGJKjtpA3?3)p@)7r>ljSla&d<ZxxT<
z;^Of?-h|2X2ki2liyOn|ZIAQ(?a6{qwN>BRo>5ox-z{6kSi4m1yNK;$uwB2zcGcep
z?OLy&$5^z|t>-<DiEFQTVf+pM_V(U?RUG~f9R4o&bH5S6-{tpR0Dq5ET@Zh3D!;Wo
zdnWSVwe@lMlfS)PI{yCs*9iWeT+|PLSJp@HcYc35QRB7*$==Ake-fhSTfVDN;8twy
zgLD#`frVYZf*e6nuupE$cG+HvI*J}^$ke9EeXW8gvuCir?_e)eZ2OAq=9LG~WG1Ir
z>_rzSv;B!Hunt8;rzWPD;~Su}wiKYVb;gG9`k21XdlIQY$!Zs#8_Vjy^@CZAwSqpP
z_t3%Y%gJ$PmFg!KII0YsH9Kve#ZD^ujW8a}9*#RGj#FcZ(nFS>B#RS>vu=jxV*Pn9
zJm0K8YfUa|cM{JV`Cc9O{Y7}bO@DqB@@^z{+{a=UViM_SNbx!vMl_>cQcuE~Eg-Sl
zA|qOAcN^Ht^%C^Y|C5C&P~+Qp#+$%RcoPbi)U6r`Brl+i2pmsb(m4Y-rND8MRO+g%
z1_*0YB(Vu^E-M09RuX#@fGnPrHcym)YQ_KccIb_0JA-ZTCz9E#WUGhv`CQMp_m2l0
zaT{fdcN=vnI^mC7GNYr5!1X0(QlcKD(3ImkN}Li~8Q1o6EA=-r<Ivqoz4ID(EA`8M
zi{}--cwWJe+{aDq{Etb#+l|;KTQe>IIo=4gj+AxlR$y$k-~>R*@{y80P4V8@z8#Is
z<{GySJU_-&H4~2(VS*Oh`lOs96RRW>RFFa|pG8JN>|!QID>F&$%v93BMwGx>k;pkA
zTA}%iGU#C3e|xK9JL683Y<p0L@Mj-xi}+ZSf#V=^Cty9yq6mL4$NKSg9LhdLmdMw1
z`g%>|>l6W41*o1Rr#|g0OoGsLWLSkqbcN82AyQMJZdg@FhE;{SVO1eFtTJXOhN(ai
z1_vy52)D}WE?L#p4qfU#Sa>d6c4j%EcwLTai7?&v;;EIwYU_*b+da2SQOhXQqYH#A
z#jN%{*&9g4Alg^|wlDmh?aTt)&g`z>$=^V!&5!B-=^9wJ{u)@VdTj$WwNT+v5qF`M
zWgtj-6>+<=bbD?wDMCS`?h5_{;B$LUsj743Le#}XETZ#VqV#w;)QJ(bwOz=h80PqM
zGw^Py5$zJ{<nRvnc->>!Decp?ZQ;<xXc?_<6X*iSfL{32RmNzf>nR2xgPRQTKArx9
z`TI!fcbvcf%lk#J?SE;%DEZfS-7k6)08#4`V84)jbAbFjfoGofp0e4VB33iU%xa!6
zJF<Jqay{AbdKtW4hOgIpZ18$Hyk3s4<2>*<XEeNy##iP^Wi^Fkrq3F~UapItm&Wk}
z6Urj|KuJ7tQ@8`PSV9RT#2YPp=E0J;@Gd^ISrj5}kdw6UZ|1VX)BmKX1v>xt`FZ4|
zG)i>F5*?7(^%*7>#}bwPM**c_F4GLtp85mGH1h_X72Fz**vQ?78C-)h<cA~1a4yV{
z6%O}vH^%w#v)UdMvXEW>@g`BYkiRTheb1@xlKvIj^tz?4kkn5L1U4LH$r;-8a4QNa
zw(x~^MLdJEH7e>!#kNlod;EndPW802Vry?0!$LaB`wT9o?4{jukN@dM`nYj}-1H*f
zB-MIUw&}h^Y?WS=mb7xElQYgGr(c4Gdm9tTJ;wcuA!8Rhfan{6eoXpY{yPnet9H4V
z{E1w8s(@|z&<WdbG1~%3TRtgRvcD=64!hJ(1INZY17|OGilO4t{RRG&DK534q5+#$
zkol#vyxZVpFK=@)<wUXVP=Ws`Y+Z3xX91HN0cM@Pj~A#-PN>@ntt=3`i%aW@mvm!0
zfwnI>M$K%1W*&p*m%?GEdfbVwLwZNJ#BYjATMGP-85S2*g#l(4!0ZGrD8bqF89W{?
zSn?$Y|CN*4dG6u@@n~`BmrCg|=t(E+N79mA=)DOji?pQft?3ECE3_&iP?{Z**r$lc
z6>+yBekO^Hig-w>YFTp$5Xi?(QbpqrJc$CZ7wzZ5;gA`=Jbp2JSu-5I{OXyrVfbP(
zM27Z!<I1b*h&wuo^JfpsYCM|RNxmNexzi-uUTIUr%>&);-6V2r%)wO4+aqG7-c|wq
z{Yjf6o*rcT#|kR~#;aLjvyPAtK%J&t@&Q=|0Kq54#;>6^bh$7D{<wyi=&wa?at$%+
zn=mAbA|{xl2^LXwPsgI_-gtj<-^rgtw`UK3=ygvYaDUBA$?$J3`jEJNFbLV(l)+ub
zoxu2<`?-hau78R=BAc42sP`HNIHr(c9Mwlm13lRK^Bm_c6|`%5x5cgb^|Ac}&wI-f
zV!OtV=w2^|c|~_;hq|Elj^+1C8zX2}CQU+j9I$@{B{iVff{OhldvZEzO4+}G6)m%(
z59au-Hrc)nhNoQ-gD^bp6f*P^{fsR#P7l3DdruJkusAy#MbB{9nJ8RHeh_21ab~JO
zz(0tg0vNS|$e<O_m=#2ZtN=z#_7{dxeHKBu@BdFrW0nm3<G?>9@HIQ~)j^r1$ZH9_
zdK(tPi1&G3#@&vNih(J($v;vbn<HE+dGaWjmw*)PojX@=ktNz9-~?TxqO))mpM|5M
zvv3skX--)77w|qk01*25H~eni_jCu_=xDnHzGUlP9F$Me-%5~stb<Mk`aFM%V+W>0
z*a4UDUHAdMH|GDHn1KivAd3w;Q?TelOu;9kErPb{O#F0R{QnjG__+Ce^dm|-h?XF^
zFh$9QnbQwTG$H-}KlJ16xBf@;L+A$jaishF^h5F8$OWjTVp|tZ5cJ#eZk%?_2hm%8
z^hLLP84?+LhkH7nhpuQs^lp>=MXhqzSEvC119OWU_$pEM-v&%Lg(RGChzT%XCL>xD
z-_%eN?7f+F#UgyXlJx0-SO2?+UZ=^XY}W=+K=Yxv8TG3!=ztA6fRg7$Kt#3G@F#PB
zXb<`KzNInz|2KMgPvdu@ho&eI0s2u8nS=#22MZ!oups>c^zb{Ej*&v5jPTVF`6^N7
zlE~|V|5bVzT~(v_su~qtRio1XTYC7N+>b<PA<{+o;?TcHl&?g8TkyY052wEIpVGta
zmjXRp`b~d&sGncpfjEz6GHDx^-uy`imZAM)vgDuknuAC5+wubX{&lkFi;TtUjM$05
zdE*62eBv+0&@!SfA~zO|L|udA6BYrjYZc!W=-I+pz6MR@<HGTE9v?xCsH$@>kW1H&
zlq#AYM1zRZ$4pYVQ7*kbO)i~lEG{idEG}hQ_fO(H78RwV%OZk!i|i}P2;CY7cTE(o
z=T%rQD+`+vtvM)FM@<tqkB8S<yyDDkac&%iJ=%mhwEUm-g+mje@o&wXK+23x?^=t%
zUdbOBx^y!-hLko&4m|X>a4knE?g(+9zKteu1taw=wKq$qz>=)`rwA^fB}jSuMZv<J
zd?ikAH(E)!IXDi<%a%wAt4SJn9}h?JGXq5@xmtgHpDb-=NI7}O7G()+-DrU4xd$>F
zf>$SLWTO{O&rOi@5l>2C>(KF^=SE1X=Sf4^x`UWxg`^EUDV43;iAf_+gF0<`($5Jz
zsj7u{O7^^;(K~8Ucy8uO*-1W1LUARcm!0%DB|U{nlelVj(*2NB_Lyf3*UV13179ET
z41=2IV$IVF)5`83BO$d9)pXGa2z7He;YxFE<Q{hDHfP;Q6u@+IpaC{Ov7=r*6P8PN
zC`-F@WpQW37I&3Vw@Nh!>k#*OOOu82$1WK-5<&Duix;yN^qjkrt4sYpfgGJ=b1MY&
zs0-<IEv2da(^%j0x^Fd?)si#My3n({YL}aC<IN#w47^-11AA3A#bYBS?aG!lSC;pP
zp3$VB4R4p=+c22&Lxq(otnzW3JmKc3)~!+3x;1mvOPq84;wNFedV8}v&pH`3Co)!#
zLKO}RDR81YlLsUKLqNR0^#j<2La9o`&k0^n<BhNXZq)yHhrF?(9*8kCoPR)_me=&2
zK{iR0>_Jxf9F+~?>9x8Yw&<BC@$oZdmE1$p@#MK9Be;^7uDSX^y5}`$LFhH|*M;!H
zb);*Lk!?l-o(813ub|z&Py4$L=re+`SND4EvYJ9k5``C2JA$|1aR$D4%dC?H_b6RW
z2QlIURB(H%&?VdvIXNQa$q5n6a+l?Z-r45h%NRAVd`+srs@I~nQPm2bkOm2OJsn)k
zBiKBCZ<e5Cy(5y6)_jZu#qD{>&(9fcDEW3z%7<K%dWq{^idIvAWjdfta3T*TrC`E|
ze{modNR$1y#{tr|(V0ooB^=779Lgvx^cq4rel{G|=@FUdJ0$fzphO#=?+%9z$*OZC
zUND54Ri|k&d$=fNF<V%-nB5Eimeq}3%pPqwpJr=C^%0mRJGDQbMxr_dy*8i=k6BTx
z{EQ$Uf+;>}WX|l7o~wM4DQC9HGtMWa<;+g=T<VjIIkSzP;XWxbXLh1zh)>8dxD&{s
zk9V5`HkW%yS+u`D)2##afxi7dHs1Wyq!U^o;z#WhV9s9KhCj@uZN$amti?ze@Y+F9
zC;2))y510pI!T@~j^pX=p8YHuQF3H7qGa4|d%ob2d-~m1`-eTb1dk6HY_GHJ6X>#f
z;g4~9WzXju?~3{ZC%gYsGOIo1Qd^@2zO7LM-`4-g!1o9m_}0f;_J0!G{7hfC|9!lc
z{2TrJZpR-6pWhL?Ao*Zp7!EspRSRF)-k#~KvJpML^yGT3SNto0@u|lhbzr<#Rx<>q
z#E;MzJY4VXp5ZwLJ9=o5w2`a)h7GzVb~bU&q0xiO&k><;Ws7_K7P{sC@Njw0%*TxA
zRA@r0XDGgWB28#=e~bnXwo{V#jA1pf`kf&XUH<)F=oTm6n0buGmvkEGj8nTvHzlu3
zAp03~(KAExuQHWGhw>EvvVI+kZ_jYV!F#mlQJ;Edc!EHYLU*HU@_%9zH%I$c8|zzR
zh+%xCSbr>h<B~sYrw$dX0eQkn-l2WaHTOr<p?d64+4s@p%>;efXu`mN2BPw2XZeiD
z?$OXa^T5tc6Lf#u%PqJvcazJat=Sj>Q2k76O5iTGQp&Rhba)=3HAw4^JiuVMiT;7p
z6m_dp{lKYyEvsR5q}9c0ZghJ4D3oyDB+sQTRqNX8EbqIvfYm%E7W>zVE?8xFSqoGs
zeR?FyZ}=jHUepokScMBnaT=-b!SYCeT<FuF*V~=Keq15q(l566vdX>aLfrlpa31iG
zGug_XZRDZ>)Hj_~HIrxGT8{`d)!HL9y>JoZgZm<W=ISB-vA=@vP%wTxZF`}<wFS<K
z@cZw-pT?ej0AY*ae1F;&wZ7sMvWWIJ_Uz3FMs0G6JM&qsdm4@)RYY;Gd0n1=WY)<P
z&IT=>3()J@SS;lY=dfon9PC`bbxP)bXL+s_ntds6wj1ME<qe6p`_mD6yW8Pywm)qO
zP`Lz2O|v@RB{xd`X`f_I014D(>%exqD$ep|zXcz~{r<FH#5Wps$keUkd#GJH3+hS_
z%i)G-MCC_E#5KEDbT6;kzw$@kvpH*jSS%h5Jx=;RV;{uYj#2C^j<1SdtZ=PMJmy#a
zD#U7Ad%fBqegMPo0o<V7RA&@FDUm)+g8dNjJ+y37a6CMdc6xl+xXk^<>d~bQxh}CA
z_%v}Zd(#CI<VEs&DXAhFnt$+Z{zuI;dw0`T2og@XeCA|Ub+v(3ZIS5hzKK-^$VpW(
zt6G{s1MpY^;Qy%`Bly3^#9)SWQgf$3!FS0-$v<(?jW~0TEne@kwIkvSog5MDS)&0b
z%(49b=wQ#Hag$SRaEfS;>%LBuqNqQtbuo_mzhPD0-UL=zpMX>582j-iEavS6z;B}b
z@3&ru6J`pl`ddQWg!%Y}NP}Nzu?DYB;GP4GvOn!QK5_6|=N&$C@_u~-j-|`iO&y4|
zUxGpd2a`Q}J*47*632sc#{zR_o8E!2c0*hTP#KX`ickRC--Gz=O@jW5T#MbPh=<E(
zLI*lgsBu{nX%`PSA&;C0Gz$X)Ylk>3c8>#Ljk8;>>ZL|U_0klyK25C79~xXpi@r1X
zq8J;u9n&Ic_`~oR8dhMA$iV$&8g@E1U-a>d4j(#%AKd+^BJX}a4V@e}bh*QM&)=q=
z<Ip9GyyszB9TfHAS#-@<ES}&zdGHn7OKXA4$Qv7N@Ylm)4W`2yeSJ?nlSK`_P<v63
z8r)v5aH00D8`iJAqWi9@V=Hgx?OZ#T+K3ec2ZsD@Q@+VE1{za7^EwaApsgl3+yvuY
zdk0js8Lx;*$dZZuiCehA#vWAS@8glm;#YLBdN}lFSc#$EpD#Y0SytayKX#HgCLR&~
z+|&qyK1_=s$o)9(6F9L=z`}h3Ib`+Ugd!K>M??JBb-FZX5M9beyzqq+o53eEcN)jb
z7Q~DF-|kCX_TDm64pg*uC{21by;waoxI^cO5A+}Lr?(=P=6%8>xJO8^y`xe~BbuwD
zW|y|@t8D}CSJAOo4k0a~$Ec<J7Kfn8mrndpElqR;wJ)<y%X{r2pgPy-`it1$3)9Pr
zqpzkRr1#Yif%8&((Y5(P1xUsNAg$)1w$d_Y<8~~}_B{FJWVV+{CS<nXlNiWsuT%65
zX8Q*@l4rJec&H6Od50l2>Pl;Snn30V>C#3Ee9RE|s|CMx=r1N94QU%wk!B>-rDai2
z8WYB&Nej1<vs^saI3bXy)3mD2m5*Wu3$f@2wZlzhC-PFjH_w`8Z*{O=H99OiGF#L=
z-V>LzSv`)*PFB!uJ3~R5N}D7R>T{I$iKtt6N$a?ATp<?am^8p41<?UH7n`QNb7DBn
zlc^yO<Q;zVWoV%BcIJfsMXri3qVghc7swIX-M>Z@H=wPQ*@+6(XI;K*w1U8_@dJ1O
zz^r}sBB4NC4Fx`Tp`U&z<Lx!LF9I<hhbrFPDWDFM09(IJMQm|^u&-ksJ>gdE){SYX
zpQSsji?hE=DeyTp=)~>}AT)KsP%pB$ar!1nG63w5*jsto@Gx-xz;}D(d;0mm_YBp)
zYeNTr=hnA-sjZ4tf|+(BS*<V|+6md_;hcL}pL4(0=iKZ1oco79=iZ??r;sfa0LexV
zkV+(enTwxgnBpgwQQByZPCV4_pDC5zAgKqmHyUu_tYl8#a9g0v=v0TRb&_ZRd}9ky
z1Gq$OmDQ6l^sirsLfcLSBgUdJ9t>9okeChP9b4niSGNvWzl(f{6F-6x_J%EP!|AQ-
zU&?H?wdNF>Jg2>DjAuN@7Wqa_L>3}6meaG&dXs0b+S;**y_H5E?Dg)8)q1tf+mdGA
z?rA@*pDQksni3~w4B<9P-h&D5-<5PM^7104MUpRfB1Vf{yk48VLJ-!+8Wn5Lgjjp*
zvG&0DIS;{v@+~t-J`Ac^V)h9vi6EM&Ja4bsrnY(yY>98D=ZmJN$3Tmsj!LA8CVXG-
z+=vd3YAbL%Q|nlg<h$h4uV9XNe`pa|)nnxJG3h->;idd5E$b;C2*pCJnFDHvHg80y
zIFP(Ju0OZcI&dKgsL-f>jB^V;gK4)tpDHX;ps(2Gjd)8U`!}{?9Q!1vTHZ>$SvlfC
z_LrLsh)xyqCc#5v;>3%v6VN2#Xcqr~UQeJrwn1(x*Wd>)4ykF>CRyFMmu`M23wAK+
z=;o=s?2A;kybeXKrldbVn<Y5DeiOl9ivHNFKT2xS^UvY|PEr;8u$rXr&4m_JCr%tO
zgq!xIXVz^p3EbetlDUh*u$TW}6|&h)-1H3DtJBh7xXt4CpN?kTG69QWepBfxA(q*s
zO@CTH+$^VKRI=-lQh-_meDyOTQ5%QjbWYl0xe3j!4rzZneG%OUO5PsEo<<D7Y@`Da
z=;HA&py|jem^eB3`IlJ&g1R>NArh(wacR25u+(*uyNODA95QHM4!>B~VtoE(L3^T+
z%tj@3E34wcVUAPaWbNcL7r|oPEC?3CGoGB@f@mD(v0$W%GvS%gPyuFx#0p!X-Ydps
z3AJ@gR|#88*zBgHOCX{B(N*|(ODIdITaI`ONQPnEUl7hK@TVdmV6<ek_?^{;pZ)Vp
z(AIs@gzb`g$-`e@U$m|dFA|!PUVs;FcaZcH72SqY?=BuUPVzg$@Zqb2SwgUjY!Uf<
zrRE3kf$0OXH>(^E4~U%OB$;DSl$@3{G9pJF1hZ6~!&5~2R#u57jp*C2ilK$hR|J&k
z@mQ$bkaRt^Aqf!>M}yX%rq;v~P7l!M^lrf=8kW^=_he^NIld5?_LbwJe%0jpo?7qS
z?&xr`x7K5d=d06t|ES<*Xhp=N=&ezncb%JPsU!X7bgCe87v*uO&9L<B>#>mgNa*=U
z8(wvI-q7of(hXQ@L^on&gJ?lHHEf=&p1V!*UAsRq3z(^j-VNkM^&X?gOrbrcinBZ=
z-{@X0sh`3$@)ek>>ee2D88~wtQnuUBMFyFH(X$GY#JlJR2AEA>)m{Tl;t}hz_;zMX
zx&|J#Y2V<C|0jL*z1wO)`@7%Zbo5-T*e51KmdC27zjxi^ynCy*dqY|zo|N|}RB?t*
zATsL!Nz=CbvM_qy7+ji9*73vNKl-p?e`_Y^j?eJKM~smab$Iz^q)FJYl|J6E|A)0N
zfsdj}8t+MF$N+&JAV5Hrpo0cMO_r!cjAUR!dLT#;5EK+O7>{MW=rMSa#LgJnb~IkA
zd$_B6D7)^i;;{x$$N@<}g%A%wL^%|C7>;lyAsq9ss@G=@_4~fRzn`S1U%z_w>eZ`P
zuU@^X;38yBX@f(M``k^n`&7rnpZX`U3Xwq80Qmp`*Wa*EaovKS#y^Qd34o2(fC*VJ
z`(d}}x(;3xUC<osGm?<}$9Z(G!d(lbk+-U8C;D^IJ!|n>Rm9M5Ul&&RX62;+5RjW@
z3-U>JSK**1w86)}ye>GSIp)fOX7j=l3S7Jyy&bgFRUDtiQJ6ueckOLOk8x_{y8axC
zAkCp4+z-La7sBF((v?w-Y^_LFlZx*r_rUCemjHs%S78`aVPc3w1SOaz6s*S9DnBK*
z$>N%0v7%8eIqo>|pF+X=*J8)n7ee^Oaqz3M!u;^za#+~mD=c0J3mz^It5A{(1+mHl
z^qpU>Nv~@C##h>g75Lnm$gRlyu|6~7Kr~d9OUSuW+d1(<G<}@IYh?9Rufit_6%VSn
zoYbDk=hQ?}aYx0LyVaeTJ!<-|&&GX{TMeE-W|P+kml6$-kDioqi2Os5WzPT5fdc6C
z>oD%Y<mkOtee68#y*NuyR_`JPejoXm!j1@|&I$3WiJ#;Cj7^A}41DnyGzonhOii^7
zVca0AB;$1W=LcBZ$aBG@XrrE|?L6(BxaOzZefm#bwHtj(hvSl$W#C#qjMj2gtS4h&
zQ)$<^<qmNal&|El{UvVfBwscX&pu^XRkP_up6vP^lt+gIlzewUp=pngFzxdc*HS17
zl(w;&yNOAo1F79<idld+Ri}lQp^TW8`KkDWPk9kJ!&je8Hh-U-pA=9kNH#bIo-WUT
z{c~kLE?MHrKzK?1DztTGx735Kvxq&#@uBP4lamjTsbx!bB)+A_2`jhQt3H7UE7dz&
zYU0FRXd<eQE0l}QNqZb(d|d+Pt1BV!)4~<wU>fGh8>6@D<H4Xm#p%$=26z;pXSdXK
z1P`we{ssnr`Z;Nz4L*7yxbrfbVBbaly<74|RR@%3dTvYLC>_JDmTHhbo7Z6X#Bu=Q
zsB>_IYhn(>K`de8$Dm7xsR2T%>^Eps*YRc8NQa$>5FOCz<9_Ata~PqZ&jI{XdWwm(
z2Jt*ru8jeZ9z$qn5%Wcb(sRV=qlNm(Zng}#{(6oDY)}TiK~EFm(e)HPx}JkSfv}_r
z;So;(Gbjqm&w%nGdpX6ey%FSoATZlQn!v1g<w9L-47D)Vue2ZVxH-f$Jb3(AdtCT*
z66us>P3$Ilpq`q<3h>yVJpu-;X9+D8{?xn9!M_gHmZUXX?~=8rT8(Z87~MVw*37~C
zK|tyQafN<)&bi2+;GM57J0E(uWJcktm?QEeyjg=yMgC4P2L?We?Ug=Cq(a-92WQQ@
zY}PD>GMFLr;ZI~co;S)>kuCU_A<r~d$)dS_Q$||Ur|>6ooiUEKrEhZ?%8|_jX<El&
z<5?uJ21dtO^R?4Uab#w`C)g~6D{$U{5PE?sufWQ3qecF>Zo-DM5Q|_^MS4^83(`*%
z?VWgt;6(qc@y#3!A7%xCW$P?SSVS+4TDWf@?vh6qoWZfUEMq(F0W{%LpM#459t9GH
z7lQs3fL%W#C}f@%UFv^YFb0>`t9=pN4S-fjC}YkLE-4lE@0Xh26aKsN!od{ZT3l*;
zpWuSv`?!P@H5`g9r^j*_ABTx05VbS$Jjt=e6jh=Rb{Y(Nt*H8xd_mfiEq)s)c)(*U
zXCv5h=9k-eS6UNWA6GTUa#G%NMBgi{fOdKk!fk}m;OHWaZhAY^k2(L>b}ac(oBZg{
z)#{h`@h)X{N~kFq&B1h@y<(Vrz_p`&ET?Ier9^wy(;1pRXhGyxJ|$aNo-JOAIXl;)
z#+ok#qo7>QkGCtA_`8A>Qj>JS|3X{*lNlY_qTWuUasI!zLlpflC@HYDegc)xWY9x3
z)kCf$z3bnl$b!8FXe(_qsy*5nGwcc23b_W=?bdG=%AV-wpnqxnJR7wy<l=h?#J>JG
zH!gea6wdIoM6v*z7cZtbk-`6(im^JF<|~X|o$aIrIvM^1Mt!ON=-@fLxwHq*sZ(BC
z2h!p<I-uZc0Q^G<F1lxlJ_7ASei7WT6>h^H4Y)*_)j)uMl_2)H{WVS6+CS`E*eHhK
zs%jf+&P|;$9%SboWdFD9Mxy--JFM$sE)0=A6@iH>FbpDSkvl<(4)e>qpt&o8jktfI
z^9b6%NR{|eoEWh%&Pu@K>tbWdh!1pwKtD_S^kIkgOQ`*-|4I8qwUt1%hl`Oc)BEXE
zv&5g4+bjb3dirj1KOB>RrLD*t?V2#TN?&*TYwtv_5PlEw%gd|_s%VEE04*gFgo_Y@
z+>H0*71#Eqy8IQBD}?a7S{-qVA%laF^p<E1(+8>+KJ6Uo>A~`qV*+C`NK=R!638Tt
z(F%j#fD{xycn2@d81}0v%CH~NP=n6NHwaR#J5N63BXb8*7*Dx9g0$Wfkd8Poxy5+&
zo;&~>zBVCqQk#}`A-EkTABS6p##ocJMsQO=TIUFqu1B3FAe~7GK4(Q(yfGjh1~m@1
z@4$G>x+H`v(Sl^r@;)&1usTBz!?gGEmh>t^&kNoM+Ffui=ybvBSK|ojc0J|VoveQ`
zvA_E7;=W|+qgPCCs|CI6bV~4RgGOZRH{`_eTF~I4|HfStYIV7!HU24jz^+v;i+*R<
zAa0|ZUX}fzCv{{I<4|RwUX)#fMv4u(ashfA?OqCv`(HxoK}y<%5lQ%Tp?XgW?4o+s
zEEMD<GM$0k8b{z?sq8_fHjg?okZ9d4@nsWf>pRQqHmzzxcoj3JwLF;wp8*jg^cL;z
z^?vVMril5yx8Z|2;LnM;L#hpqM;ow*Y;Rn==9E@aIRGiehfc%46=cj55S3Wc$m|}P
z^$(4y>Mg*#>fC1rfk^ICdSWcczf@IbiT?wD`Y}M1d`+3}bvH{2*<96{N6<vDx&q3>
z4}iM7ODJd&Mzsm8UkfAZKr=<lOi>#1OB-L3igu7|TFA<h&4<3mDH^N1mLv0F={lrm
zTGhPT3Ze8cR$PViLoI$DHsGJIc`8>o^Q)F)br=5vAQ`L@l$GyNh_M)RFQC&`^|2$c
zQU6<dOugZQM6?IbyIqSVE!W7~SPzWt^soEC)-tBBA5Zkb?8mBdyVmu{It-Onk`INw
zT_YdM;9Ax>__8+AB(YCY<=sS@vUd>Gmkz~Zksag!N5&k@23*3Hd|dR&5DXPH8U$6-
z`V={;CE@d=SFOaU&8(7WC~H0bHrXnfFA!SHG~;As?^z8KZCl;hh7|b&ZO2RB)tXVK
zKi-#%e5LoGz62w*^(43@w^5*L*OiZEXz_03QtTd{YxGHhmwed}jQ92}TXk2xV;P8n
zg0fZ{h+uDWt7-*e%&QgZC8Oo99_!0R_oDtb$52F1&RqR^0M88%&IM^J@HyYHfL$=H
zQs^XKT~LH9wm2o6AH$^Tc;jFUFh<KHx0??wbfdjraSiQ>did5n<+8gs!Bgwjm4k4e
z?{fI$I$!H|K53s*YI9)r&72`kK55UHys$UUC)FebMx4pZ+{Kquoc`9Y0wYdNbNt9Z
z`5{dr*B1yZTo#As(LBd4VMH6|R(|r8c#WOd0&{2yE)Tb}bG)>pW3{arU-qGk-Ffb>
z#|_hWZDNihctRVB4-3jN+(HL3KQGz?|7Z&dUxqDAL%)uDuyp)$WV=$hJbvOiZQr*B
z=ty7WLnBkd&VSRwmsyTq^5x@QsEn0Y(T<%CC@AWaT+PlWW!I=BxbJ&~?fc5vz7LHA
zudsbz99{isfUT}8RzyZLp&7P~_2v4;Eg)-^Fw<C{(NG9mw#Fj1Q3HsC@F>?Fcmq=9
z(;}qMt-Xw*ob(pJ%N@@+1K_sB8IN~s{6eRv@I49_beI~4UaZ-9^2r>QOIrwFSWOnC
zHNRPqYonLxbe7gTN*+t*g2@!DM2f}4zUrJu`f{3+D}0UXU*>_LuUG~$sm77sf>$kA
z@HPe7@ynujoI3Qybusk)=(V#yN3mx8m^cuSdL2(VGS~6tqvM$jPsO|Aa$Vl2143pa
zUoN}QFY>MBbP!U$i;Y8a52KU%c?vu>>s^=2*?|guj`8A0yKeXl8L)y*dT_c<lZ!pm
z<O#}SZul&_2Yc(0&q@3K3@=E$>r1q<ED=zXcHh?XXnKpZ-x1(*T7B|!iDWAJD3$8I
zi-HY)<+ERN*{`|m*KO<<{!!jV8=_KzwnLx%(Y5rae4O4~Dq)|SN<ZkpF?0xir-{9l
zN$%yK5;ST{NlKnPu7W8S{g^fsx{ad6J(kM6EXW~5EcPvX2iGn<w?iI*wvvbmzQeIt
zdH_|%;FRpLLt;*|FZLW0-NW6?@Um{M++f*3p#G1tLQt;!`$iODn@@v~&IJi#>Wgx9
zv>v|;$gPpNu-#Xty3-FyyFm+BjJLxL#3BnRs$6SCf{&Kp#+RW=uspj0BoYj_GSvz6
zMcOP+;X{coyo^+i<W31D2f`mAwP3Y-j-;|rqJc<RNe<%$k2z7(#VC^SSos3`M0pOY
zWFF<il_Y9><>i{@5FDcIw$^qM_eh{8R6rW#U*s@5FYzhmYy~S2Gq~j?e3^1i>z1#s
zd;lH%G16WXLDI_Apw6LNcYQgs0<J>S<h9!3kPIMz)o5MF<5y(4;dgMqD({QM%&~Y6
z`??`=KLE*WD6HV0LEA{A{VdD)C!{y!p_>WJMYU8$LnuzIWWKB@&L&r1UW`&B)B`7j
zYsuoD5m@!E8H<_t0fBQfRlNt%Xu*!%`)z*;fl7($1vR>?KWCU;-MI1IfWDVaAgm)V
zogvFhGC`OO5DL*ptxP4)b;{OqI46CBUv5f|`REX6<%OUH`(f2eR`-_o#}J#8qd`DX
zku1K7Ev8a&Uijm2Tq|-A$uy7)9-546Q6f^r6D9>n6INUoH)L@2w70Hz^=)9sZWdv#
zA8Nzo_%e=psAYW9A8p0dFkhC4+h&uRxesB7UP8GPey)mY=pugDLnPwwJkXVh&!cd!
zeS`xf;txG&(75G61b7DkY;pb00r*V=CNA669*gC`A|2Y=jwvCSpj1A>E|L)(DUpV5
z5aaNlWMNcYAYK#k_3GksgB!3DX?)r9?Z#n39$uD!;euw+8Mz2cj3LE48EO(#N4-Tl
zMP4-=?{A1iPcuzNfDt2>n-ab@MeSua#D`?Gam#NZrV#<4R!j-|FLf~I9l0*jmvkjp
zeO(4evr2HW)6zQr$!7`pq~uj7p!32dIJ%fU?IPFi^}w#9s$kZ(Q~_b?^W=Kb^-tJd
zxXDoL!cE27xJwe9up4>XY72L~jhhuHE`d#q<DUkbXnZj#8H6%%OkFu0+UuMnjB3_6
z3$Tr>H<@S4dd55*IL5+D$ULoE`!kQ#y=QEE!#{w-{CisF2JX2(L)R-bP9dA9{0f_p
z6Y<n-&Hc3IZ@nMul|nrV!KlP*D@Mc(L@U`1`u|rzYmkV~GjS)E)3U+@V>T=tkq_JH
z7Ra;rqt)dguI%a!H{xmMI(&}2x0j0Vw-oQS6p#A>i&vvS(u<QU#jB_|E8SB2<ZQF}
zwI8XtzoqyoOYI0NK7OBB{E?-0{{vL~rKMP~)J|i?A6kkZvD9A7ihpY<?q#XH^&k}&
zS&GM7YM*Asb1lW6S&Dyuh>9~U#b;-ADjsSne%4a^g~L>Q`Zs3rT1)Leu;Onm#rc-n
zYYulBl2S|UhmUnC?r*8RkczX4Ex;#PYL}d#;@d36Us{T#lX!h-trhr(mg1V$PQ|~q
z6kl<QfX7>a*UvPI=d<D;7MaC!Ewz`h;`Nr|Oe@t`@tc<7do94Hv1w3lDL!o}E@s7d
zTZ+e6igVdjs(_{V6HD=JP+XBem+Vi1d@UISy6~w|PvvuFyiBDW4~s)pOR_;kz~*o*
zYLmec3Mur`E>EyWt>FitZa%6xy}L0odnSFm3gsy8uc@UwNww)shSrMU2D92$|2fS{
zMn~-_dh`6UL{uIb$VviPhIax2@=1U<hTv7?h2O&BHSaD%&zJq^Ir+pioR2fGYSaf?
z@-p-<7BXMM@A$G}jwD}zUopnZhY+5kP<tEXjp9(?Pde9cnTBUzRj7IKE@=W6Jm!b>
zYvv3rf@ajrX_N}Rp1c51#EQKIMM@);8vQW7haHgmK{F8FPwuuUy2^_FUo8?6@>)J5
zLPaG+D)5?%IHc`Lsm;xo%_rxQdUbEU-rj~hj*Gre<cz-STZ6=i?lk>x8I8oNfG$bQ
zfS0*-H9{1Vh0Ik{#w&lOZtf6MR^u1woU84pRu8iOW~2TJjrv|RlJ*jm@-$k*d#K-|
z?WM*RFHc}*H{<-uI-04<bBwzDvH|93vcPhHZK8(l=1Ri$ULkWOVS9T({!$1N3JjZG
z!J7n3y?k;_#nX>*>hGpv{O0L&9YK*8zXWsr@)7l&={n6`o=Q6vV`Nwm-|yA)k7yj5
z$_AwtABn%T-+|J{z3$kC-;aOzN`UD57>m?72HY%!TQ8;R`&g*$mv?D(nI91`5hiAT
zFdtQ-BR+YZI>-QUW(r=6_#wE8e5PnnBY1#p*n{=iqWMMQylUlNGUC-ncHGq8GJPr(
zSIs9GoatW?icxQtxaF*WKtWoS-9gGWK5k>SJzGn2>qJ2Qs*_L3dpJ!bT)EQ^El&|I
zU!E=A0F=F-woQh0?QM>n?hVtej<2Hmro4~(fx2cc>Shd@=wF_l{h=fHKJ}A*r|z6f
zt~0WP3WNAZNg<6PbSU_|BC)Nh)2m2qubRU}ODd#>6q&%$29DA5;aI1|=HxVs!0%lA
z)b(cZRkomDCbc{|wU!q6Fp5b>N(Ju&USoE$s^Co4A3w0cfjQJAF~cwamA2YBup40=
zyG^F9XhaNRC_mjbh)wrq)7d7vUE#*(a7*7rhhKS5^iLhSFu>Bo#hrWjH?uhUs)c{_
z-X$BoyGcGNXL!@AbjKXlx!WzBo1zUWbnf#TS?5Nx4yDLryy;Ey+tyx9qFyD>yG85M
zF-xCzC|u_HC*FlFMc?j#@T5EwVW~seR!i9%9pX7cch-!9A1$?x;0>sd2j`<M9=uOJ
zN~aaw`;C|<44U7Fy7msxn_tBX(&<(6v~@51n4>P9%l_}xr0oAqb5cNmkU8WJBECZ3
z+5AAFk{Q1f{pXb8RQ0cgeK~FIwE9~sxo&BfL++u+>%*8Hy+bX*zS3RpbMR7{?smW*
zn&h=~PMPZw=yUD7OD^)TAKH4Jpcm@=4AYzjT`6{|n`XnV>M^IhUj5r_Ht}kLeGGAk
z@TIdc@vu)x^wQhRjgRlk{JeON+*_LJPD!hZZc}od8nO(&bS{p*e7FbmtCWkJfO2-4
zjvw@Ii)!`|`)B(ex|#@GJ!|xTx;rk-+Mir^wHl`bD6D`LDhXh$TEOXg0;nDc_b&Ho
z_@DylliYzm$pF)>!>4G-n7hO8y1fz&%{^@CeJX^~bL5DNpo`*;*FyaiD?S1yIK?(F
zD^(9c?q#c9SfM-en)T<T2##Zj0z4+CRdtMid?Wf5w$S85S&iPIbip0Z<v;K;Vf!#{
z@su(zlY>3*5hcsC%)fb4>D6Q>zDp$g+GJ2F@Hi%*JmV$Xgz}PiInCq^0r^G`yRL;V
zapNg909s!MMt|VNEwkX*2%jV)jDY-bN>2JAQXitD?D?V4z_eeDn~w&pLBZKVDPGR!
zit+;TA;GaDPd<WobftxTnH%)_;HU7)_X(w8c&(r>*X)Zuqjl^PvKX$*_M=aprZll}
z3su2tAAB$%-<KMYZ%vDC)YccN!GY*SE<lS&%1eLb)_T$D`oqb6bf@dGadgTidefNO
z^`p0te_p;WhWtt@Y6i!%`oIqLdbb-*LZQ3SsFg@|^&@KA9ewc*<HdYv2AOpyqfrz#
z$&=9@%H^aTie!?{|7FF^=+SZrqj9xv6E1Rnq>SZCdvhfm`I8g5>iu4-EjZS<#C!M<
z83{4}1bUM8B7*K$ug)Xvmp%eIx|c2n;f;Qn*K0Dcb8T1m0ZPXO*9eMh7N&X_kM~2A
zS>BX~Tta5!LoQgxqi-M<@qTX_kSsZG)FH%cR3q&3zc~UmTE7uSGzyt&K%SiPuoFH>
z!KT!{&{MK3vipY70~R7hFhMQ4`&cFMYm?1Y=ialO%P-3{%Q3-U1uiv}yE1;q(UFk9
zSs5fZj)c-Q@%$|K;}HjyVvv^XN}SMQPh2^eUZq9g(ezFD>DK-xYkyNnJoFd|tjEi_
z9%WE#4FVF~QiF$n%Ueo!V@su{sG-^PHzjzP)R2wkJx0Qk#Z|W@!V1@48Mt`sSWaq>
ziPxo9g_`(4P4%t;a)QFJs}d7Rr+ctd73|KhDGyK|!N#Ir>+(j#BQK!sleYqT1BY!L
zOV&y^(mVRsii(z8k0;nqnUh$F{R=gTE);|ubQiZ4=^f>RQsfE9ZF2L-V&Liu`Ixll
zaX$1qM>_CrifhCB8OYqDTI+CY7aUQ#3C%;WCdkJE;Rgog$@QgsXfXVR3|{Fz{JB<B
zWkAM^<3nBtGbpiZCE0GDl%42+p4Mg|F!2MqRoY*SNp5nDuf}J)#S0lMxlsdy$vS-X
z*-nHVeJ9cqS{L&v*-r9|mXTCdFm<z?xTwYA`Ot6iRn`FL0BjNNgucs-WC}-U9yDIv
z1MhtN+Uz6}j^RA6SLH&ib7~<!y&<hBJ1r*FIKmTSnbk|j9<PwwuwojJCF0{h5|Y*+
zzwm3TN7cxUziU0`XeflnlOjo|HKIYW)~7t+(dfWBLfr`FN2{#8<U<>QjcLbH8wiin
z`F#B(lh3PZo)|^{v=kk(7d>Ydfl|i&(#-wvLfGeGv&tL~%#mWc=zUS~eNtNrAI1x^
z7(D&CG4wi)4}VHLP{D@|z#GL?wIYK;tDx^jOI<uu&`UNs<T)Nqk6Anj#a?0|-V2l0
zg{p}EZt?RuyI@D7%iap9Z4&?7E7V#xAN~$oQ`4~Ja*X}slN)`~E|1tx2v15ui!*s1
z;Hj4qKN2WAA#*)n_C&m<CXYshra~d!aLMLFnAe`}ed)(!zK>~n83z2HUbRZoKL=o~
z*$%yQ-Yq72@Ex%vUv?QZmgS(w<Ma{RxmiEe=BMfb?2En=!o?|M6(M8?q_^nzG2}0O
zr9UwI@B&fk9_q$dd|4CT5^HANkZZ)=tP^G9p}h1lHw<hs>ncjKY@lfH1KP{sfuA7l
zIw#0W+RPX7q!iQP#-+VVCWLl%q>B7&w=^lyQ9p@hQsneG>;6P)bMT=)fW!D-!#bZq
zF5gzlh3epQfS}dRN&f+1MgDtEi=U$bhxd`cpnM*GzgtP*%UsCr<d_%rvwO+%VZYp}
z9=eJ4i=jtpb9112&j7kOx4{9;_0DYM%RWbht5MLl#W3&SO>r2R_i(j30M>8yR?rcA
zpz*KpN#|m0i1@Ng&uKn@*uXQ;KqQ&4qwzrSB(_U>M)WpbLy=Y!nSuD`fV7)$&_5KX
z?VyRG;h8Cn^7%hYc|qFfApf53s1F3v2jEe3P7YO(KneCyCV568rWwnGf@X3BfoWB#
z8IRgd278k`Bws!NYPH5Qp2@{47Nr-#ziTz1^^@Fqzx#iMd)IjTK7JCB{rn7Gr;L}{
z<Cu4vbO89}zBB0WW%*c{#KiK24id}IS$UE(@;s~S`<U!g2%#9?v;%})&>K+wsnQ`P
z%X89xkaL}p`S3}1o%%mb1Fb`6PGfNBb&(UN4X!z&-Z%$JzJ)iL>!EG@I@p(dbDCql
z`4FDVb^wL)GqM6I!0<`Cilw&xVusY#j}Hy)nlxf>=poYN32gpjTreV-V7&uaBvj<)
z(?kJ|(_Dkr&;=2LDIzSR*?4^sxb!-6eYmkhKyu87BFM+=Mp6NFieym9ytF)2DAPT1
zgT6lS&wWEu0oI5k99tU7-bJsoXIDAcl2O((P8WlG`7k{D3Ez*Ra18ZBC>Wf+f%$6V
z)x76Hmy<WijsBkdVD^m_3L5e4WAN6Pa}#^uNYj9K80ouz$w-gsJkox-faY8Uh988T
zw|U~Ptw)0$+IsYGoVgy&AZ?}Lr`IE2<~qJCDS;LwKfmH4Tw5N*h$k?gd)VjmQ!t<N
z@VHe=R;-U7o6k?ZkM{7k7sQ+8n$~U7p6{jhoqXsIoVL|Sk5&G_v8%HfKTnAhlpEZ_
zXmrpSO~K;)-V}b>pV66Eo(0N(sA@?+y4i~P7go@ICwQdtK3ol_X!{>Nl!_~R*1mth
z$_~>G;kT@Zm3;?F$Il(|R8KUqf~|)v!CQE7Qt9pzhP*oS7TQ_~9sDPhEB}J<TKKY;
zIP2Om7%8(D<?!0vqz<}PPI^^(i{}3eidHjQYQ&3usL_S9K>;gPmBp}KA$3YqruY@(
z`B0M!bG%GV;@58RjcW9T^AmC~9%rDjx;@^pu~43w1ba)i-i*Hs*0XPc$gB$*FnJRL
z^bZ%2q-@Js$~0i@6{`>HVsN5=d;tJ)bO)r20SV#NQ(d^1oMm}7NtqDWAZ&|ySR<Q;
zpK>){hBu%-K{3SUO!Z+{=UQNXCaDk2#<i}Ff9ChNRw|EsljI|Q`JDRC8(6F8LE)?3
zKfo`a^~-J2=eUH9_Gh;7We)(j9QmA2+7uV{S@Kejqu`pP-!1m!!HzJ^FCX(`sFUwo
zzh-2{3w>?K*<%UP#i&NB^jofx>u~eZ7V~9p<wK$aqfoVpjm&SVbO{-~`SL}YODZO7
zefK~8$XPIzG4VYclJUR^czHAiC5WFw9$IO<Oun`hmOxS+$N8lcsSvaN4T7ga{!3Tu
z(G;$bFNTk4r;PN?!O<%}XVINdtM4R7{=Y2Yk+)A9`UG2o#ghMj%WwDXR?>o1e#R=(
zl||m9$k%5Le2_2b42IS+HJp#9F_D>PbbsX4_h}zRzhiv8JDxTl(kT$^V{kb>1<UcH
zmgRV194*JNSizPp((??Xx4yzpHcFxJAkalR3vUNPeR+|FiF_n-zj<%1<G9YUjO*}b
zZCq0#*ZlONXQvCTzW1Nj_EC{L&AR5IozRJzR4el|ZVXAs=0l`x0_QWyenPyL<aMC*
zQH`0e!~0#*H5|WeMLXVwSTaoh8q~>6C@^t3<3kuLk17cTU;8N390<2HJspHQOf3-L
z?5dAniN}OMC9ncU_M*?jVvn@1SUQJ#!?}LJr|dezOefvs-;M)S<B(@MD<UO;0jw9n
zk0K-6JLnCJ3Jc&hF16UV5?F70*1=91kj!ihKK+vl)&F*xW$dY*LI;kB7sGDsjwiNS
zfX@+NtF3Ka>xrR1p4E2Ek$;?G$_&v^(`eKTQ={qI-nqQNQhs$8<;yMQ^V@C8(pgK<
zcW2R_B)2QY9=XjYw~-12%m3rSTv$EFl<vo`LM`<Z$x;*?D4%PN_2NSpIOrCWZePAP
z(GmTTR?T3t4Ak7p1ZiY1x+ln6BeNe}7X$H(I-(;uP&Wl+PISY1NAV7$?}PdwK5r=r
z?n9mnJqBc~h<+p8>vZsC_i1u38nVYPP>MXz1-aR$nRE#M;eh{04R1tHTS8;Kg2jY6
z89*YdA6XY;i1*fTzG60RQ9I$9>lR07xK<;sf47tXt`oT6i_!0;`vJ}2oVYCdnh?H5
zr+0X)N$+}cVmFE&vJ@2>@`9P?%>0@i3|O3!P^}KP*yGXOUwR30wQ(L0>{*KOHcE_R
z4%_)i!pK-3j@OP4vf=x9+xdYqIMh;D$;I(GxY{+xntL|N36}E-A=DC(PgQa+{SmX)
zHv3wt9llCDFACmChebu~dP|5yHME*ejC?Is9Z!tlmF>g`MvWaArB_MU#qlpy`D9<3
zwAASsQq|f>>Lk1vhUXE1@FNaiorCke%MOq#bUM*Fl21~NgCxET8HlwB@7cAMyE|+U
z&;V(pPsKEly~e@h)xn#T++^UU`BHHbCtfQRr*Yy{v0RV%fHKG39OHuzk;ENaGz`GI
zHDN7CN8DBzb7Rvz(T~!bV!2N7a;!8QZ>%as!_-Y_z*Da+9M9M(_~t5<WYKT2Xl6P*
zZH-NLQi!r>1HfQUYq0c6EG<*0SxzlSFu!N^uUWp?0r^ZoK54;#522f^4>c9koal!H
zYa$0Kg!T;mDh`xB;pR4i;FnOW`(l2thc8=AHDT3i_QevteCQ(%Z$do*{al8w%WGu(
zbgbwdHcdXjR)7G;Th~b;*XVfo_!SvYA1#-@SRMsyd4Uhzg>er^Pw$!DgiSidY-%ZZ
zDG<qrr)b#Uzh42f1WiRct@zOOSd-|r*{4AJc!qKT5~3c#Yh?R?nqtq(jn7&U8YYo9
z-sIpLG@1(aH80@V#bks|j>7lZSf+daa1v)EiHnpui8#pjSvVun<cvgX?OCzuNzqTz
zn{<I9=O)|u<3E?%_~Ug8e~i6?@kf%zANX!KzFUS*L9F-}^jGMbAKtU_!+RPJIBh&|
zhGRUC#Nu!u4<u?lu)^eljotG=Vz)dXX*`g`cwn)?1H4HJA3CIV!3lr3493J~;{>4#
zPDr|3=Y%Ak6ZE1}2qDWl`nmY#*Ot-GGe-YW+vsEd-*#;mq&zeXXn9R=j`C1)s6`wE
zzkOr_#&zaqwm^bBostyV5FDaRafW@4P?bE<DV_%^5`2sSp`m<Y8mk3NbRfD-p5pY8
zVi4VFSt{NdW7@f&x4ggNGV}ejy1v;FzZ_*sa%e*b`~(BPiB7$Ju{UD1yU>VJMjSaY
zIVY_u`lF@QAr@@@YI*;L<^AhA#jM;uPbyC4f-aD0LH*o`w##|pIf*D=gS=Gi;lweR
z?XwtOx_z-YoDNr$13%0pVyHZMEAKMaKP>M9zmPRbMnlVgz^6fgN;HB`iTJeE96`1o
z)aN?2#kJG=+UY#rQPe{&a(1zpvh(;3{sH>=eUVeX8l8t=y|gtcUZ?c19KLC1a*P;T
z+VEUHHx<69-Zep}Zkr&;xheIzV@U9@^}RkfRjcA=J?ID|`l;PtX-;~TZzYaN0F*r4
z4ki_+#N=8ZpR?W1=QLChzxZKW&kmkQ#4FkEKxVdQ@dflg=H^4V66o7_Vj0-WSL7&5
zQZY&dZQ-Su<KYJa%90czoEsCQwzEY;K|iD6WEvK`kC9!{Qp&rgg&#=OgBlQ%972B7
zS_>|sKmhG57J&R6?#uVfs*YpuZfqCZE83)^1pQoKJyLpTl&N1`9<!YrwOWcUwHJMB
zDSE_SG{P*3mKgd_c%gS&1re0)yP|E;gIP9<QfvZufp!7Ylis2(JAqe8fS~%NOd*!*
z2IWA?O^stAa+T>GWzHD71ppgHr!vP0e9niia^QK`B`_<UUUaggR>Q^4HN;t0<SDts
zd`h-Q+Lb1?r38nrQQ);<O6Po_SBXhd+c!a;-MdVy(hBkD`u$5ZWNc{fLP0WT40>oF
zQsV)cpeJuU;Pvo5fz0ZM7Xs?Z(*1z9RP2rgFIRF?VNVsj7}mU0c-6*Y8j<eIZsGWw
z&80AvIz=9)NSU0ns$g$*{8UEN)LQlRJPN>bGzYJSvx}ver(Vt@W(Gn|IL_X=Bi~>t
zl7rG_Q1|$pX7xVkR3y}O*)c5pPuFEvVVN`5W!Wk$n@YExYN&DOg*dp251+pTg;gUl
zpXu+yF6G(j+-3FmE+*0w$p>O;EX*qWZ~_qA1H7Ws9j|pE<;QB2AFVS*>Q7RBC38OP
z8u4uxqtj{dLe!X{cvy^PaF?KPK$Kja<C1ZA5sOV&n5ii&3F@~~V79o_I|FQxlhvu7
z-rNbRe;|mY8+~)o-L(Q^&!F<b9Fe3bd9&DNRzUuWO|G1@n2k}tw#={8qilX*B&A<8
zzetw})YswK&o9IDHGbtTHsyYgQ|@Xnn{x62N)bUgiPK=ZrC6rhIGS$hRjs*bXXaLs
zA=zKkvks$M03~e`v0fa96LBnzg>#KelQCwm%Jir%00iVZoUifTuI4KSpYAwcC$ahJ
zg85o>Z9qErf_Pz0S&T1BrrRy`YGwePYt>^%^vM*%Nx|66w}$jG_q6nuXafB6f1mE9
z=5&t*hp2hE<P#a-{dMRJ>|5Zwl~g_TuL91V=4hk~27Tosw2X8;b<YF3M5c6IwgBtx
z?7D0(mQjXW;usiiR4uxi9xE@x9yq-u1b+E^-gDtEna|VGe_*uD&}cj6mrZE4hITij
zdtAf<>HUA1(miu&O23e!O=%3roQlDT(=cDqxIAT{H(Onp2-6(**S3Hoz@g7`%mffn
z1b1M(;CcAbfRycVNC}RBv?L|A2IE?=o+3WtVE8V@uiWJENqf_L(&-fOf;DJd@X<Gv
z<jILfMn`ijws<(`NNb+qaCvBe_0g~Jyelu9dxjN1<Y7vPw8^3Ml{5{k)CI}LjsSj`
z$)-pb#UDU%bbVn(g{^aMX`O?)=gb>FJ&}J3vB{ICC&K?p(;OT8G9SxL#f7>#HvJ4A
z!q^A_GAv`PP+w~{c}4M|Rrt%0E#k#%%5;jbe$(*j{pKYmd05}O`|6?ZqIVTmV6)wI
zIXgw$7(o}#bWvUf<<WImh$!33{+5D0KXQhtT2S0AgAq|X#C!WGdzay>s{8XY{kk`n
zoa@<))~VxGe_f_UoAxccf2@+=XpwfE?OB&zC0|`zSkbXPob<gd`v36?X#!UqiMDF^
zQIFC$z;N@V1M~iBoBgOh!C~u9s7bsT_5jRf5B>Ep`^}|jU!0U)rR@piIc_=EBhN{M
zH|#cu39%BPbo*Tw_C2zPYFj{1w9!ugs55whGBFV?tMRy1ddNcsu_?~raOy;@5PsCD
ztGU-)V5+$rtOeDUf(A1mlkVqU<P1I%o9-4TD1(8?oO}qqo&X(~h}y_!4i--mV=B3c
z&3yG7x1>5UYpx6SV&6Z>2p3Br)*-OHi#%H0uIlx`dcomRL#!6N4fC$Fg)l8TpP11Z
zS%jB_Y(;0FDEhhmovMF+eW%YqhoZ<`mir|?&#xW#gAUt%a8>pP?*RWqlZ|)`)fiXN
zBb1)P@XO*Af)cmf5mfWS*>QQ9Rg1re2M69Jj|+Z@fhRDrr~EDkL6Uj2hce$g6NS=P
zEFM}LDaVBB{Z2u71>0+>afk!tMybX@my_@naYE-EEhoi>7lFve9I4orc_}J9E6yV*
z6EVA+I8=xJ9D))udj)$RH}2ci3Yz5|9yM$Z$Zc}Fv}<_v0Sp|T^c9O|)Fd`hcN{g*
zH%<Tg*~ZN#=CN@cJ^m4^TcJ@v3~MMA*e+o&e}xf~`dKc{=y7)I(+I~<ixBo_dc>Z3
zd?W`3SDp(id>U5L-6J$q*;uWR+gZem7qA`qE4*#|nom9>?H}%|KIrnvXBSRUoLbna
zDlyS7Q!-M)(HQ+5-uW872JvSxw^xs6(f|7|oFcO-(Z=*D(j6+%g_~?y7JqO|Qx<BG
z+r%pcIxr*WiBR9*r9wd)3wxslxRI;Vn_9OsZ;IS4c=1JUtgQe&?Q1-LUPf_pj{jXi
zH4@X&QT&``!iYTYvgikv^Aqig+0tvmH}0a|OYM$_Gxe~2Lc!NU!O@i%fKVuiu}BOx
zAUe0SZZB<TO;@vfDH=a_j3+%CL$IT(qke^se->jIg|F8dJLP!z5efpXM>59)Qqc5)
z%a0rv-bS6j9yBcLt$y_VP(MiO&*DSDFE9Ck=qQ6C;tarm6vPPm<EuxZyW6&|Fb8Rd
zs2Nvlj)43$u5_VR&aQ1@#OuV&M)7KSi?n;SbgGw_X$?p$D1Clgp25{S=!ns^w47Zj
z2a)&+MaW)dl?MpRX%zigDER0nf(x@C#8s`^w9B9{KlQjD?7E{Ecf2;=7W%)d3#xMm
z;aF($D5kH6#y!+z17^&Dr`1SRF&FvxQ5Mzz94x4r8|5Bisx=V-e441h|Cu$+V#G+p
zvcYLy-FUwSz|7Np9Ca|ey9OhEBG*K}H2fB!-OP>RhuwVpJbb$Y;A0{LfGUQ&L5+Dr
z*F?8=MVJW#$q{mpMZW*f>9a+ZcAx!O3e{LB^t?%-3WGiXW<%UBp->a^I|cfjg?@k3
z&6h7)=o1IuJ=Yz5?$YS<vs~0aiHOzHejLKqLt3%BjL)tlERPd$t%)=*SQjg-sC0W?
zU_uk7P0^G=T%`S>{@hA@8^!&CagDBTYh&2C9(~GaL1h!5uwpi4b$~(P(*^kpxvKg|
zyimP2Md(=@iiy`42eb9!<&`D(KSnLhraJ`clmEbQ`Bma%Vf3pMg^q3!$lIa=P)^aQ
zKfNAR3op}~gw__i^m<PXS|s$}ZY@XIEw%d1j(QH+g`%BAe<-W~d~neMWUjOzGs-|_
zjM~1O;c=lL6CQXq&XSKqkcW-bUw6^Qybkg;)U;$U=ooUNASW1yrE;#D)?sUH)RM?A
zyyJb=wRgYtN4D0M9;}Sh{O{CRDHP3~7fK)ZroA*I&cT<VSI3%XD_`Z-UW>PAF1(_@
zb|Hx`!`z9!k9&}w@DgQZS;?^*j(Gp4LI1K=OU|Io^sJo)F!JQxg8cRIH^spv*DMaM
zD|ys$cW_O~qjA3pR+c;(&jsHTl*il*pLN3tpVtk1f-mPOzjkBlrcukZn^Co5sSsY$
zLtSzyy$Hzb1liU5$qY`sN|3+FqofMzdH?Q<m##`4ja?xoV05cG?uz=j#drSZ^16vm
znC>;syit1udEkyxyv=q*-Enz;)OwLJ#?4%m3-vCH&3ZGQgV($M36Fg^uEU3nSOFx~
z$;%94g}%U0`Tx@MUkUP$81pS4x8OnDS<>5mvwV1k`{itM&)o+M^(kg&LUm%;1^vnU
z?ORSeTfsOa?~lfKBHvPAv&q*9^6qKjrRaavjJM0^7(XVA+9Jpsqo8LV<UA<Wp7FM!
zmw=G@WiX0&emIzs;rupX6m0MklPKR3pC=zfs!6+>h43ROf*i)Mjq3J79)^&f1to+y
zt}5C17`G;wvVl0@oj`_>&6sLHRRYv=@eV=p<S7%ArHLMg0BXR?HF=q}{L57%YMNtx
zj$Mi!xCWIYUen*`lbrObvL<n$Af1kh{2E#u<?mVi8kZ0NO+d20zH?iiTxCsyB*)ap
zQ?;?L7w2P0&^rtH`w7QDxHtv+<Ezj0AlU-)f@J91aUWltpeA6Cu#FLBPY~GJ9EN+Z
z07?YS8W2-c$MiMvqYZOT`i2~N7a3Jop`apE(_`x4>i~dU8!0mV!Ia5v0X<5345^YD
z9JPYdL&!`B9uuTG7_s`4$nl(YF>5{>gFnu#tvK-xr>E*dy+!_TF2G&msmJgQv)>iu
zX_e|T6#D1<fyEh!VlXlCWIWCDfK=ze+^g4KA)Y{UI{HIl*2jZo82WACA&l87RXJ$J
zhVn^W^m{H~JOp~uZpK5K1o>z*iSCni;-k+jd?aXmlt`JsctQRSpb}R|f5$(~g7S$#
z{(Aqw=3mYy%C_MAd~6}lDIx6G$SQ!Fh5v|46zZy03ojUb96K8;-4q8>MjbK)-Bn{g
zxt<S&p<69fJ6r6d3qWaHoOo6G4rCb2t7b9`#b2-rNs#XFku^PbILA{TLI+LCJ0#P^
zMtJ!;JffSalJl+{nokdv=v*2jGxWeeJ%Pd_r$mtV*XN*7hO5t6hVxyh&#B<p-&g5x
zc;d*8M22~DDmqx-AO1o*=YbB*3(A$lpk?33zd{a|er!hZc<FK!c(u_ic3%1Ne4^kQ
zR7kLR$6%9s|02wEqV)@2>XQzF;2#E^s+>C)bI{L)|LP|7;0onQPOSaJNSYzR<((*J
z#C7}-2RD6#T!ZY^2ctsCwKUl-_DLAe@lL$cRlq_Iuvu*%r1TxpU6%ckfu1wCL<k2<
zNM-iJtnANo6ktsJRzSn$JeZT|u^hRr!>m+q9<K)?s};uqdIIs@5w&In-D|y97c=T^
z_>l2ZNzlSe{lweT@lvk31u8^-#h9lzF;9dJsXA~}WUuYz#q8xv6!48`BgotRaywGz
z$SI;u^bG|65P-*iwfDta8!S}K#*t>InmZEBlS&s0bn~{Q__(F`t#-p-R!|avKi|X;
zGxL*0_i^K1x2qIh*3Psir@3h)3TBq3K5N^f8QdCfGi6N5AE{+NkO$&7svpI?l9h#k
zLHU`b<a*L~g!5yeCV7rW><2QwFBAnIV4+g7IaAQ8D<}1*`2SGOXs;|uRu^7F@D6!1
zIJs8+@5Oz&=xU9Kt79g4qi;gDKk%B}&g*S<J3w<a>t##vPD?S~BdM6JiO(PPEQs=H
zlC$chlNeTQ<Y$j$kmbC01n-3uR$#nk{=e}cMo*#`eOKd^zZa7jee)5F0Jt8dXgDu!
zIIWy=gD{d!>^ebijt<i3-DzI03r0(K>l51t6Z<om*iM+(A}+-H0@A)_<dJ!Q>kF&=
zYzN8IdNpqWPjcK(`q7d;Fn@MwlLvLw8pgEOID-2Y*2kfW65VO?Vw|D5HrN@Iy?meI
zBP7`TAt*B#+am~$gxU%tVS=*2t@1s|dl|FgHOb$t-blnbg2qPNf6KKPmuD(`Bb`1e
zCN3Q&ojy|`I$@O>Ou_B9&1>Ce$PMZA3t~k5Q*I(>_xGI55I_#quJep*7WnFfHQ8HW
z80jVf89U^578qJ~de!Alc3=Z?>U<n5obghdQ=BBV-6virDDkM6IlbauA)J(oAEK3P
zKyVl?8SF&yDJNb27za4&`X9#J_z&=dMq)Y6MwxhG(&$>cuMITRS{Mu}R*d2}fo4YE
zi+u$-$*YcxY4-`)uF#sVhwA#hs+fe8@w$OZ5Q6(DK7%oCz4dXk$4}@uURqw{78ozS
z4DSpJ(sdl&lzF7LwzZ-4UB7o-dK|sG)Qkje$0V;e{JddPq+IKzU0*;xCKMd!UFkdI
zBif<Fq;2Yg1UA;5r71Ah)IVdqle-%4|K#X-vPzDZ(5-LWRA{UOY(=i|7^eDKFM5R3
zgJ?M21AQMY@i|NevE-miV@%TA^cWZTxJxFH;tVE9q5Ny#tBvOvpG-wQnQZdOt|{T9
zlrH(?R&pv|mxg@8;(rjIylq{-eu`f{st`(-lJkAhRX@u)iNra*V=V8RZg1(lWwi4H
zhN>xY17Or!iwX8rfbG!xGdQ>pSj-74;XtyvTU~ZAHKt+O(eKY55D!Xi$He{W(MgG%
zg&(IHa%7XmUO@Y7io-7F3iP9mHj26VbZZeyZ224o1wYebw?oNK)YmgnHcGqVf_VSx
z<tqNaRdViJ6EY^wM2ps0Tb{}YRf&Gi@?luoQ|8PKHHp8{A!C64k<6AAX9F<qe`A%y
z6yI`9^d0+tUXZUA<T-9@&)9uV{6YB@=r=12wFDE6>v34-;Ghcf*4Qq)zhW2gx}%iG
zZ0V;dWg8z8A7zdw)D%nxv`oFif|r$!JG!FdRdzZC|NHY)eB41)T%qHWKX=sysOnW=
zD3dr6ZwK9UXve$M>Apm+WBj~1#(fXdJMLgI1<50NDX&u4(D+v=yvsgMKt9aQ+C{Gr
zIuyJIgOSa_DPg~8Y2??%_@;SYH)gj}kNnt+%cJP=qqgOw|Bwe$E}+av6RJ1%TPTc8
zV)3CzeIsNx`uG>uMgL5SSf0FDz45w4ZklpWK0!<Ls&5jYL~mZ^A-)V<R1u4*096>Z
zlcJK;^H1VVCE6FGn2g#M$gF?pJit7l+?R|10?JaiFE%KUc?h8dzo82**xd*Q0_gt3
zAERG&pkMx6l%f<OQO^jAL-v3c;EjGPfgiiJg1YC~_88`F#X|M32YPYpnh71(cNT9^
zP>KchjhGRCQJtNojU1g1Y2&4ZVxsStvr$@3=~YJ^q(dYczt9Fj{#2YN$QyxG(*p8Y
zp}GO7twrM=bwC)U3Yj$zWkjd3`Tv+ZHb7A3C8PDgE6Cpjl$<pD%w7%aEKUeye)-Vn
z={v}1*T!VOehdYzM)!lfGU9aC`lL_ee3`Z4;O2#Xe#J0)9o+Ae_OA9xr+bNxT1Lj7
zVR(#BZSkLKtw$ygUSex!?^$aT2mSIkX;&hyWR6+}h|}Bz(220L9=~D-`7Rwybdw&>
z;f5QgX(?yulg!4TyFxpYl^e@pc?ve)?7P{FUub^Mj!?U=K=1|W8g9u1-;99V#Po{N
z7SuNg090i@<n)Vol@A7K+!rqmyI|P~{vg-1ej_*fZmK2qg~`DiZ(tT_GDDkwB)se9
zTS>3c%S&6j{J`QbPbYEmepuC2u^$UDzgESCr*(fod4dZlLANmaS}&;ekMt5s>(ELp
z#5Tj`XUSElxsU?oQ<A)Zb5cOwgTc1<>pox;ICL_=Gdps267XW%i|o4c0sDHeV4;%1
zPQ8v{il-!cuDpi8%t70fd!fue&|E=Q5AAI|(v`A~E`ps}FiDevy2r>%_!&*Dn{g)!
z(n<dSLng^J>R;(KhMsflb#AkRX8ssi&uj2G8~h9de)|~>K4*hJsWW`8OZe#;{CFGu
zFNf&xf3L%jx53|grW5?vhjfOI_9?e?t|uNLZmaium$O4izxQ1%X~3sSaVVy4DTq}H
z8VYoyF`eQJVPL6O>A2VYfR&E~j`<_9sPwq^)i?~Rrs;mI+fe({?D5ujOk1<dL+IiX
zOkG~Wv9r;9O4+R8n2I=N(=B4f)$7+7u_pK+bVeM}1;Q-i4A5hVj<=^vyw3-`lQg_N
zh__b7roWo_M*l6HO9(zKKkn7^QHuMW<OOY=-C-@jn;<sIrK08z%V9Rgk8pbFQdURW
zkg?TBaYotA@O5-uC;sSnFXNBVHvafvu+ATkwrl(`+QuKX?Vb3eWN=sfx8fcK|56+L
zSqA)}I{Zs*@C!P_Pw4`_;=17;8n?^PhMZoNSFi;K<T5M09Gy95_RQ6nG44nO?P3^m
zhKD4Mj6SyIcqbKJ%j+3XmK>YTyI?e6=LN0k&;_}+sGod9eg70i0!S5TkE_#t$3i(-
zkUouJz}ylhPu{p2=`lDUZ#1xE-SZ97Ns@4ik;L+iMwMx&I#Hz;Rx|x&vV3<ldS77!
z{=+~W_&?h;dS79Ke7vm_<aY;lMejX#bwTejKTq#5-P3z;+y9*2liGeEz0>bv^tjwE
z|B?*(*Q(Lua=ZL%?JWP2y5jFGg~oV}u{H6a(ZtoQ=6H^=wem#gR<231kLQDh4F4%M
z;7JDXZ(20`r`RB0)EV-w0bSwWPlNBa&;J3&{MX^T?eo8-^Zf4;{)#&p{Gs;wZ@?d_
z!yjs&|DEBdbP0ck2LB=({1g3k_^VE8@Gr8#kM9h>s()ATk1k~J<Lv9d0sm$lew=;%
zKiPTx?-Ks=8vG0G>%RfN{e%YpLi_sP89vt~{PcwefA+IAv8A8h#49IE{_JOKW#@@b
zt^B^9oj<n}81Vbs`QLzlwFQ2EJO6ive~k^kUvWJM4dj5txtz4kH9cpsHP`bqA_q4%
z9$Z${%Hy#ZIY+^oYJ~x1<dJ2_6%QI%4;&}K;z3J$C$aJ!;IsP<Je)d*D2-tOx9aP0
zC9ll-35?`6h7euFP%lP|vN+Qw$Aq1<Io1V2H+6@Qd^-BQU+FXB4y4b9;H8+cxS$DX
z^HZ3Zw3&q}M~0U$dg+)ABcT8b6)0>#I=MR`weHwYQOT-5uejadkI6Rvn8EA(G5DCt
zACqnTam%qz{4tcb^WO{;evS?P(Y`wTkB*w~b8PU>9_<8wRbMN7=0d5t;JNnQMo|sv
z5;h*w+)hSF&BrhyI42;V@{z}Jw6C`QFc-A*^n`o3i`h)M`lPlqa<yD9ekV7yZYzz^
zNI7NP)fi576sIPAL-b#Ql8_h1E8m!(Pe8Sic_fa2pV4O-OMTI-UA^$h)ri^xJ8G~g
zYx{&S>qByZ`S95htEYG)a*bRqwVx4p%AdFH%rfvg<d-+An=rGk8o7ztucQAV#QfbL
zRzd#auJ;y@zHl+ctD~47KgF43wWSWl!535qIFdSMuR9QxVAy-8*T659FmYXSZ5JBv
zR?yZ>e(VAZjEdY54P*QlDv7i^#BC(q=Y{#O6?O;JZNt;6<;|n&D>dKFp9W{NADLH|
zXpNsQD6e2T0vMfzd79sD-uNkQakzPi_$y#;rG&mxD)0}cO_C-$fqLfU;g|6Ck>*^!
zr89g0?$m%!bc?@A-@sB<HXwMpnq6StfOc0wDQ8V&yS31%T3ifhkHxblco<X!4|SQR
zGTw;Bx+XdwTF}{Nix1Jk{sqIu(_onA^_0;K!(=qFoAZKlqZ{2kKwiBL&%|uY1m!9G
z9$zkpm&y3>E<B{*LnS<<;sY?wjcNGM01xBvp%EUkX|oCs0zT}5hkSfc;bAU5G{eJf
z_|OIqcjK-M{yxBxM=Cci(Ue!eH(7aV8Fj($eKr5!W8}f)#CYv~Zv|+^Fk@4vg{sgK
zXc^2ZHq!!p&KC5kE{F+yPW4K1dXnp`Qon{T-+;r>^hj@@AQGdN@-bG4&6Er<AXBX6
z>;UB`n~?&4J@6Oa=O?2z6#k~b-*NCa75?IPY4BHozvJL<KK#vwzjNWQ0Do_TzxnX@
zZumPF{yqSIZ-c)};P2f5<@plg&in`9kuhri5_qhj#|jz(%%<g&i8BRCVJKHn`dSTn
z>x9IODF$0H$3L9AOKNjG?25#9I{L?ngXbaJ@RbnnB(qy5`vc2`yHHTLT9#+886#O0
z2jne*(l$DxDOigWxAHTh{^VxeE!fq%4bKB!%>$VMi$oxNtwR`9lis41j##H>l_7u0
zAKAe+nn~qdKY9MFC+>xpNDYo%9QS>UP5V}{YXI}Td|ts3LE77_or8XpCvVEb&}_T#
zZeo@2s;{(-><zEf_@uT2Y_Tb8;>*zBHZ`2rlgALB`<Pdm?}9+<F{l-&-sQyXVAhlJ
zZv2b@PhaUSc2FJ&XSd~%2aJ<>8U-91$ekvf<Q6i&fYm;a&)E=}6EplDfDMP0H3eb5
zxwhPd2_)}S)0q#Mo`2*{wRM~ELO)~%mUX>>-$VT(A+ve$#U<CqVOEE*Kh7b96Mq%;
z==Tn)93@L)TyV0G*$_M`6i}*%)fin^^FfEzlGd)Gq3A?Dj${AfbGG)(EQ8EX0-sm_
zy;@~0%NjvBU^Bexh;x+e@e4q$2cibr4tc~!=EqEbW;~x4<gNNeiaaF;=QLmT1abT9
zG$Hfr#h3a@u1({D{y^BD<_LrnJ<$P{d<$BCE~ftE$#v>>sV`McKLjK$x`58^RpVS7
zetkmt%IYo1pQFCO#4Yu}C#rhEx|s2`ARnWUZRv;9MtC2s)Z#bK5<*QZXutdgU-k);
zrGk8t<u8K14xP(};Rzvg{lk}(TpP~??|@;5$6*+aQ58#Uc(ZW`WG?c86nWg6Dh?Oq
z!|IhTbc(8{8yKi<fco_~il#-F0rmjK+drPgbL>cm#$nzqGz##`$jhze60M}fE0`J)
z24gcI_{f|LF0vrT;#E<bYD;`yE})05$A>gF&IG<we5VU6`5lb-PHQ{HcgpTEz7vK+
zr?){C2fehILY@VWnIUG}w)_^k9zeV2anoPRJg;N-<tVy*b=xq)sKU%oQLDwjsNOdW
zy%#p?SL!;($FPTmpZ^F83(sp|;q`tpy$Suae~(xV%y>kL^KSW$MT+krKk+=<)dQin
z#l-Z?y2q!CzjFVQv0U*)xtaXrGV6j@BbJHyE5@+Yj<C^>Uc^nrwO$o>*NW>CsHxy9
zj4uBk^)%Yl;r!f9KDz3ANBeQI>v5>Se%BbkN%ZRHCpY@!b0~m)cvb~mGmKrQ0+B*@
zt5{ALkdE&=aI<)+PdXFh%g%8WdwaC&G6eT3aQ2hr^{PDRl+HmpM&Og`9De!7oXj8P
z2c15C+93=HEv6~1_M)*+_vol<p<sg$&Uji`>I_ehg*M37JA?glG7mGSC1ZbzCy1{&
ztbtmzyhYz5vs|jYh*>al(tl{FN#V=B!*=&%^JRbMSQ@5rESXT|df1&5&-7=iPh70L
zPg#1j6gPX+OPl+F)P1C{nF=9=?pbPyk6wwRuIh<<^tj}H`4ENXkjHqV|AyZ=nfv%>
zr^5?h_`X=Cy0m{}BCf*~(jiBt%0G7{ej1@ZD|t^lK^NQ?8G+}AT3)2}NBWt0ku>_T
z+(?ltZR@!`-_rF*`catFr#Qp&kP!rX5jh3|*sokBKRg!GTfne9N344f{3dGpM;(xA
z9Jr+oU;DBXdE`GNc4{=S1EcQ39zh@c@}(356WJlscGi^NNEh>Dxwe8eFKtYb=^=98
zIVNW;)QuFJGwU<n>~REnvoWai>LBB{PhL-ca^`-~%A;<UYD(I5o78q2U$&O(f=^Cz
zo%35^)|;U6q9u(HA3Df-<CYue-C~hHHhO<|sGlvr75Q@oSD;*E<9POvWgNx++89D}
z!RMJ=UPWgTPuucInE9;=D;U4BbK2StX^}j84W&O4ceYass5dOdQ#uzn?J<iFp6gUx
zV5xo5jL#18I$P|8Qhxxu=h8u<8~Nb%oMTuaID|ekPn*rSx-kD2kLBc(0r@MsR-OUF
zm8lkQ9)DRAyf20=G82mHgC8q1J;oK4Np8LjwRXP}56Trrxy_O5V4v@kHaWC#xK*$*
z7xQ!Eb-uOajU{~+7adcPlUXeeQ5JhBT+bfA+}0tOE(;S4wME$QHq#G)Gm^#8trDwz
z)sX?|O*!&s(?W+tXO4U)M=t*f6mL3#tNw97&-L<XXrRj|LeLn7KQOOx8gZGWJ;f}}
zYx_jL3~yXW?LIzqehg>qMe<=^^}zvtdB1uK#x-R|HNFhv{Y2hkd7;$-P@=g0{m@u0
z^08$;QAQy_Ze_k@(!mt<pR>uon#`MmbeexSQO{XO_w{r=0W+ePJ&O>Om%K>xH4oz5
z5qW=lmAbVt5ie4cy9yvR;{f`dVU+gZ;ApT=-zR7(nWa<Cpbyk30W%8hSG~w~1r369
zDkgp-gf=Xh3F>v`cK+p>aMBBbf;0NDDBy%MkFdgZZ)0>1(g{{o`S4oQC)A^3>1s(C
zMF7y7W3iJgDaZcRA-?)7>Nu%uNDe`2=Zkt76sRzxsb<!b7KhgZl~+0t;OosmfEL7M
zzdAEw^uAy8aeKdKnEifccZYs20wu6dtYlm-ah{O*=_<rZOsMn24mGXmm(XD?VyPbd
z6(hnmb|Q?{{WI&(*c5%oLXf}O^|wC#FB%Kbl!2Q985l*U5C7jj(ODT>$v!u1m}OTq
zF9SsH?b9;YevkjCM?h{X3{@>136GNMD3p6>Sybe&S*)w2Hhrzn#0Nl%qm&D6C>{{~
zLX#uQ<3z6%aa4#ka$9{HNxrsNFyd2i$FrucEf(EP_%C<xYx|15s@3GI7*eRe;yQHy
zSPo{f%zsn`jYmrr*H(HHJREr_W{ZF|{5w;Iu}kqBs*3H<1dlcpk9jYicYK9c&`gVp
zWY&#tv*y2=1sgkq2q^{;%vj?@ghw<#H)Y_&`}O`eLI1Z|`+orXU*ARlYwi6X)S>_P
zL2qlsXSM!61^uTt(ElQ>{|eetw2n;KX(xhxKGe0Hg)U%M&bM^Mhzf7$*>rYpAS$LT
zj|*-C%oNuGhRvrMHs(D_=tnj7V}*_1BJ(!&v*okwoZl!o29G<nL`89&B~j6Qhdogd
zM#G4Faj_m2_dH7-BP-D)2bt82Fu7xO0ONCE4fzwN2duZ(!nj68E~95K-#`ejvq@P6
zQz&22tue}16vvst^D!0=2G1w4*eP34x}L14;R*jQPF92|p;(x2u_p%c&ZV$^X7(aR
z982~hKJ+vq{I<1^q4$ggM%sOBERl*mBVcPK>i(EguG3+SM)$)vCfCUJEJhnFMSrmu
z{l`-DiM{AWOVK>jzM%`IZtYEB*ARGabq&wK3mk4Pm;kRXcIp08h5R+WtDL61LCbpN
zm47Dc_xlS4ekq9Q>OwxXL8v~JQMx;Zp5dhtjGh3(cx>@qD2&Gmq=;c2JK>81La0W(
z=omk@&#f<}Z~{fE!={DSCgF?2f}>d&Q3G)At2tg<fnSZouU4_IxDqHtAs^hy9HwDp
zCI~%iqMNjc8NrQE#k`+T$j{kO$Y0*D*cF*E6B%siug7vR@ff_TerzBV9_Me}fXJ^+
zN6Nj15F-4XrsKS)PutAl929S)V%(uemO8DrUedF*e#MFnbc&HC)xwC4K#%K$^cp;m
zY27CDY{UqTt&JlZZ21r?_4-(=20LfK!TfU7>IB<<UZ=N7Yes6M^jIKtaYsT2vrN(*
z<NGBDBN~ymdi)$lG%OIuSZT~YI$n!o!bSt=+K)fR&#$hv_8XcBHHz!e50vp+M;HxQ
z&Ey|O8w_01mN631&%%F1KaLYgMI4xH{`Ymf|7+0uKvab*;?Bfk;>9|pc!1nMu`uAj
zT`=|ygsMEa78c@D$M~CEp665ac3=$JGfMXmoepF`PotIHjvpw~jJhKl^|wcgh0I1A
z{vr<`*aWz3e6$bzu7+8{?5X%e&BZL?tE>ar2}n^Q0N4QlY9C!6v|PnzTB2zmp!xOI
zo96riSR-}xKocu2Mr`^3GKfn*L?zK$AJN%1(^8M>6!n6}vF$H|O<lBY;l~||yl&<Z
zxxH$~<6f0tJImXw<arM&qF0q0N5+bA$lxDwPS2y;t9n+8({^qPRjrJxf{ob)+xq<R
zxfE_?HLS;4^^g4CW_~TJhc8O^aDb<yp>*T934kS@PRI$+sH*Yf&h5u-{63TAF^4bG
z0OGaY9T@R(|4cO8!aL9QD)IcC+qNIxzF|jX=k`Z0+Flhrf9LjSZ-d`<ZYSN-kOw=r
z0TB6n^@EwzLk-|>4S-^z0jw^#t`n_NI^MTuvsP|2`1vxLjcsF#M+(&kCWNYv@t(x5
zxR?J3b8K!kPM;;itUb&knRQ5$S-_7g4SuZNGeKje1`r->(xSadD2=sqG-v(Z6!<sK
zo647q=fUdQ7W1xu_0>PJxIG2+ey@jabcKHVM{a3S<umZ7G*%C9Rz2}s4A(xrrjVcI
zy7`S15R37JW4Smw1S;fjblnK=2!0x0HZz5z3??3xyB?_o9fJ44ixpSnonuKi9(s|n
z&ags_UYfmHs5S8+|Jo~8{Q>b=YvQv~!-t(hxr!LzP}@-KrYCD_WH_SpxHpX<QZ$Wa
ztGPXe%Av*RE4qJ_rQbi>4zIQItMdrXmG`rDM7<qeYv(zmoyZu?j;pnUR-DRzG5Wq|
zw)1zb9VzSWg*sgY-OS6EZ5^VM^xt``g?EP=Eo`*sqhsyF|MWOYS(C6GfN=f}&rlXr
z6gn~=$M036v23le`DSCc=y~h3b}-sr<%)cw+mkOF?JRv+Z)ZnA7yU^vn%FtjWD!0T
z!!#;={sC2B<1<E3uKe%)W3{lK8Cw!DP|n}s#VU+nL}sM50bpMBo-Y%-WT(ix0M1H}
z-!ppr*`&uy_VK-<fQ|3cWX4D3`|W&m#Z*R+g%=nE$vbNsU*gwwFH<`WCOy`^Y-^|f
z4%W_l$?Wu$$ikZVY>Jg2hhZgC2EK})HwDkb{)2YEYKYPQcVEH&f6=-BBdGspjQ-O&
z{hIavKC}OK8T>HzjxNS&!C)P&D{W}aIfG^p7YB973kXIk@jiW|p59C&b^14*M`~?T
zHzU=<$hTv~cM+rG{U#mnHuy@qy$gKb8KmPI3Rv-d>onrqC;#@b<S2yr&i{>$?>CzW
z->F^T%Xf$Gji<Z9_clh~0+YV;4f=j@TNn7o2I}~JC0OxoZAW|uzJ43x+eG;OYmtuc
zr3~LcEb5H!f-T+P`(}Fwd`S*XXZX%G@f9p`{-HmhoIlUNTbJ)6hU!SC2y8lphZ@r%
ztGx^P@GxuV5wo3#47#jd&;?!gC+SUml53^Q_vn{=r3_U<Eku>y{#vI>(&t2#(62jF
zCD7OnRVq%|=SLCaw?|EWTWs*#fUfYIVBk5>hUe9YXV&gp0nZrWdH7x(&qbdRo;&aD
zjOQDhyTMa!v&NS)<yrUZh$d$i+{)z4M}ug9Mt-!1<k>=9o-LTn25^!&fRDFzUaz{B
zn^M;4Te_gjB?EN2oXue^e3)#sFtn|U_3D?&&F7#o#)g<zG1PZ30d+OPzAIAOO7^5*
zrpLhgcMDtpMoL+OjP-9J^7qF6#`>3I9n?EoQ5GlOg0h$|TRKGVkg4;L&>e5XBmU>+
z*_;hh)<^TrIp!HSrRPw9T+`sduI;>b5UA#}wiNQS8$i+8Na`CP88Rf@AN-8MM+O-b
zu59VVFGP>=3=f})M}~&SG5%Ip`$gx&d>=i(<9tsrno9Fq>2X5~3aRr?&qE=#gI1@6
zyMe3w8(e)Aa`mU5b+bD4Z=v%y3x0oL<Nu~P{;zcy|9Om`<s|CsWk<dzeqN;WGv;$P
z5nOSSr0C7_m=r|>3-1C1JqCh#xO`sP9fA)+eH(tyGW=dP@q5aS-;tXcegy*vzw>h$
ze)Dzwj!d-T*N^Z!f7Q(<0qa1kUNykLZye(H^rzk6x8;P1U;Hn^Z@PxxoeaM#-}=t3
zzfPaXc<Hr)1}`l-(OJLgUf<K&*?$vj=c4{h?&N-Fmpl7?Ryy=NfhQ&JQyrp06{y*(
z`WaNX7^zUUu^TFUdfYnSewiG})$l{VzYh9Wo(;A8jw5QxCTb%QwG;!j2av-f8@fR)
z?YObN{4%`Wnal8UcgE|3Y%5-0A45gCWG*Snh*x-FXT5MncX+*etdo3j{xp7Q%+NM_
zmp8&l&H^OLFHS=HSo<6h7<}0UhScnp&6w!H0R|IYa?G$VTKV;7>G9_|j2^G?WSDEh
zIdy!;a8APlw=3oIj5YZA39R9?{zk+9Iod(*`I&K0t{ekR+LyCX3m^I|W!b|<#%PUP
zm}E2(IBJPUZIu`Av34rWcHXx4Z|#k&fBX8dc`|&5eV(kn&N}G3n@Q__`bMU8<FNns
z4x7Mz0EhkN`fi5(jb>9`IDV159j@V*#PG{1{>Hu^8g9eSNBH$QFq>)Fh+oU?HvDcu
z{8rU<gP)@#em_gU;@J$p+ZldWe!tx=&x*6G_`PuiwX&(RNh?F_<|1}U26hr+H>^AC
z3XXJ=Grie*I?!BCIdfgFlCr*^Wv->SR_W_$3a>Nlu4}F6#UXmGf6X#v%}P+cS0x+h
z9Y^$@Sl<nL>kfC8(<d4I+D-Z$vD0tDEJnXxy*2ZYMz>rWV)q<I#0Hp%rQBwt+jofA
z59_)?Z1mwybo+tf6*2Mp&W_hxGZ|h&uTFCCU*oN)Z90UgEtzSc7Fu9iKsO?4f$mVN
zIApgEe8KSAX5#g^9WNdlLX{11d$Sj3sA&Ul-8!5!QT*FkU1OLZyM{@QC4CIZ!5``<
z7ac#Xr!l@Nzo9F>`Y=(a(Xwl-H2UX3q|vM!3>w{jt8Ms3;2Jivwi_BPI@p=7E@Ajx
zX5yD(!*BnLuJHR^Zyi51(~4g&!ta9_27cAI*zik4{6aO|;P+XyGk)FM4fOSY2IH?4
zy_np6>npq5&9xzTPn7uIL@?zRn|=~U{9oN2|3|I-PwVUghF^h+-_6E8^X+_~9g@+e
zgFn#A;Qw)qi*8LcxM;(H&g)P7Pq(Ab|9nP=bv>ATf8|TNe4n5-wyn3(*!%-FdQ&^8
zj2|vH`C){8AG&oqYv)5Z)7!83(yq5}y_&W27qguck^hC>dB4`qHW%y9<}d91x&LbG
zxIQ1jaUDP17*}ClXT3AAs+)108R;a~y0;%__-($P;Wx~s(cud_9X4NO#qX$!`2FE}
z1Ha`r+we<5{1&b42EX^!PW#Yl48NHsev|F^U7_LkL;_n+%bV=$=@nP8apHQK_D|Iq
zClYokIyH!OQ!6uBn-k17e`WCc+G%VL?i$`SoU`%!%?Ucce|)8tB;W1FJ@~R|hCTG<
zn{2Y;5b&LP)0%Eb^7?+eK7I+qZH$TAhz|PCG)9jZ+WaWm(n0^RA?HKn`b6^#rMzvf
zZ86%8$bI}tH^{~B@5E1o7=GuO_<1_$KY0wl(HcK(ZM5@KafVI**@xD%sd;2QBmKvY
z-+IJvSa<jp?E9bd`}b2Be)l`set1HoeLwvDSSx-G#LxBiRD<6u=XB=x$3N}{zuF%=
z;rFxazyuAyV;tl6KX114`ve<)xBrOv^)~TKp3`|9_;z(S_+7;C)27Y9AN6>B>|2!h
zy1DPv4^;PjU+WM~YKzl0I-y7Q8y;miXD)(Ly+*xO<D*LlS!=|8u+{h-l<L^L%xYvk
zVbpjWYq(-YoME%xO_qAMuzFYiy+y}O#CqBLyQo*%Vq!Rw)pPYR+9Q&#|G|3ciM~9&
zm$k5W)F4X>WtfR2@^w4wXZ<K^Kg%!(YGkNZ*1N?@HCFHPQ;fp&-q1)w|2%1Jo%;90
z-Y&oV@kFODXEHp`pJc-&wD*{e<|9X$v>U-{T-MX5v53q-_8QUDK?c>1>|r&wrdn!<
zO_9ivF0s7kNGB}+O%OCKwfV#l(o&Z(a9!9HLo-a0pr?Y4NFhTc>&8?oyOa$;;y!<j
zkipIQ$Y-GiZF7#c)bbK1o^8kRp_`knowV4t6SXd$xWr17vM0_0<jsdz*|-x!tYxid
zplp1E%0><|$`%^+o;%3OUN>M;*(fZNPBZp;<`OG={Xg2i1ip!CdpPL=DNrWt0Sc{J
zp&(mjv4sFl7nndQ6{w(y_^jdrDoR381cFH{^Pd-~PjPwA^`XywmkKDQrO<+FDIl9j
z*=LBdDs-XEch0>tlbIx45I=rDrkT0hx#ymH?m6e4dynV)I?W(F+&?gE4<4o^KEI$Q
zd3P7AZR{nQHcC^QdvGJ9q1cExdqOEkaCQKp_fiN4x6$?*Z(<YQtfl4BwdK}eIY$jG
zSKd!kZVIMZ{v>{{j9V0BW5x0zbiKx_86?K@N_7a0aG{?TRfo*WywFcM)nSPxH8f|x
z>L!LiHni=!Lm{6|9tx>(*P$kA{JN=x|2CDtHI=ZSse~C#C5#J`KzeX}Qzbeym2lzL
zCKC2Hl~CGL!n<J-2vn<@DzT`kgxO6cWHyy>!>{<|w%Fl^Q8i8~C7i|}+;OrDGr~`F
z;CiAB<Nl1!m+Qano**e>;%mMp0RI_%X!+O|r)UJ2nW!nw`mzIIa*=0y>cqQF(8i0Z
zHH{xSp=mtA-Vqyq^t$d+!+iAh8N+pAdOa<@SX=td;L?>?I<F#L$4CF3K3oPqid<wB
zdjVwX4LuYXUqT__t1p@m5*mLYWj5U$+AkNB5zBv}(zeQ{sOxrg@nO1_P%j_m_U+8=
zCDhA@di*d2du3mr1#i5f3*-0FyuZ(bOK~5#OS;<MXYSH~zt8amSynd=B<#lX#C7DJ
zBn$QSslGmFr)(|&C{YKVhx-fuJ_WRD&kX8^)92(?tz20!fbzYc66B__P2Y1t`-3gE
z6EC%MyX5b)e5+PIjF;LeyGGrPnB)&{UvJLu=Zmy3`=~>et@gD^w53JbmWmsL?AtB+
z{Y*}i_C1gO)>FIhc}8){VWr0UX&bwxF<_r<(eLNz_;CItN)yNXQ&QP|EgnhuYP{m{
zvt_cpQ=a}2*(v{Ga_CNZ{-;6nM@3TN`wdO`L$&PxGoFt34|KP>PeGZMu7*;m-9_;l
z#H2KYjCbqydp3=u?Ujc50d46=5%j_}cxK^+af-&fW>V-*&wZbS#|Pmlc)wu?K3en#
zx^7&U@q1nI2fAJYPe>qF6kQw}@C1sOB#)r;12Tf=tf3>g_Ty$oP^b^VXN&$o3&)0m
z_l&Z2?YN%8JAl9&J7H|V6KJYchPU#40<R?uywT0Uo6-cl&G`eBnZx;$DDZAgr0_l%
zkMMST!5r`e`Y$WPn?T`xmJNkB_oHUuU0D~NKQ-?Ubay_k1MSVh{sGGrCS{~RyT|m_
zOpl&*q4voZ{esqv34@<_#b4^}>nMJ{=nK<hWd0b%Bgj2b#!ke01Um~ShGOTY51YZx
zgSAb~m*)I~E{qNX?<30I<e%44c>m}F@Q$q*t#}6QnjphF^<4sQ*@RGd3qEKD-VNdW
zX<FwWG=8+ie<Xj37mKy_qwy4K_tajR0cAt|ky`W<+L;;#KT{Mxq21TemS*(SwDjwx
zE8D-7`gLEb#!u)Uz_u=cNI3J_c%8^!nV(SaRJvXcp4BtpCq$I4bIOjli30Db?Tx(p
zR0{PF%8XNYB}k)*zNGb&Ytc_=Nc8QxJ`@1v>C1G7J2w7!PtvjW@YgkVK?(ttItV?e
zu<9ogC~8;s(4f|JF~nZh(!LXu5^i5-u)?&Av?b5^o<#n;Nime2$q3zX`r_SY)~pkM
zh8y>m_MINNDI9!d3e#8+PvLu&z?U9?Z%Rh!j#HQB;F}N(U+esrei}vR+ax;Q`V9SA
zD_{K7mjd{liE#ZlMg=^VK1>hwTw3r>Ga#<{BZSUd^bZ;;!51O<2Ni4xvj0o)y+h#Z
zqZ<|QT<VY>>bX?;zh>Zz{3B$4qDA;tjg<VeCBLGR>$UrKtNKt<|D~IT)L*&~UOsDa
zKPg^nZ+|Dr|6zTQ{hzky+0`8h>f8v0pc>Occak>0-3&JVJg?;kt%Gm*2nye|6u!ZS
z)&<%B<0L7Kz;{akzB|LfcWra<<%WZ=W&8hd3g5U+lKp>Oko~_mg>N8%@3Y|we8uBK
zE&orw)eL-V&;1qn#!K)$Wt8myUj^C!CHRhaMff@e;OiR(z9Vazfv;OQ_*&ebc>P8S
z-#~`ayT3?F@2~fw@YQue_#VAcfp6Kk(4C3&=HPRj{VVYKlcoK!j&y#^Dbmgle@_bE
zZ3KTik`?%V9UBVYfB)MIe7nzR;cIapJuf+oyb)uRmx6mKWbSJ^X*k8hXTs^zE$*XV
z8b<NZm*QdYl(pJ<c*#Ut``xH%O?O7?f70SU`YNfN$PSX-<4f&)S|znpt8M3{)8YNc
zTig$hm)aXB`B&wC8D#&E+N)u-_781)SG+I$&QR%WQrj=%wP%y=>?jZ5TRkXgt?q;}
z*P@|{e(V|(x+6UCjb=#eiQoUSKe~U2BtM7xDMd-}@d#h^&qEZ_KRP<pgY=!(n}Kit
zZ+{uSITCzlVnX1%r@KyJeSGYwA<Cw8#^_M{Lfhux8yyb5zv552t0Vf8zCW1wlWtVJ
znKpEzM0P4xLu6&X5c#1+d`uZk@i8Yx@h2U;<}<~g6vg_2wF-~0NDWta&@?>B*VK5l
z=uhy|AliN>>IXBj|7Y6y^ix+lD04gFpu9Oq8I+GxLOlr{d$pNCdHYlte%_M5;?P0i
z<mdH@@6j*`ykQ7lbi^Qqrcp5n_Eg;YN;BZKITcR6Z_!_I)eRJX54F+yE56u;0(P_m
z0`|ZS3Sf(F3iVVR-5g*KiDB^8qQBy$ffTNCL&!WsRSlEc$0BGy4pcxpFe=nj@%8^S
z16q}!Ixo>Wf5kZxTn$n5VguX+{^H|!#cwhC<Byy6S4^jnyWfe?kpE;MM6YQ6T*-gW
z#lf`RIUv|>WHiV)+S`fZsA~tJR=hVLpjNCM8G54R@qagir4LVD$$3nEq<KI%fA1g9
z$Xlpp3Y&YhmiuI#3_~X^`YZpGM8~5{@`oAvQIP&;q=>k;Jz9z0Oj10RKOPb4sr=Z>
z&CUN4Vc=`gpJ=EA-;roZ|NAgV|C8YRDh91?`Xt4ZsN;xGPok=qnt?Am2)@?&%dhHB
z;p->Ccjf~ve5)7=-`z39Dt%Y~fT#TY;h~=L!<vIIFVvr?Mg9IvKMEg4aVB!$2U<Ds
zOh*de{RU!%F6kHWl>h$5P*3^77n^~v?3l`*h|uI`@I{WFsB$OzH+8+a{(P0%Q^GSa
z;7)`lq-|9JXPx_{68E=J`%ie@IHoC4bxpkDBQZ*HCwitz?X%!XJ{f$k3>KWNYN~<y
z#EktjTH}ZGs<x@2suJHFrQdp25oeazuc4&qr~VY(Ix6j>MB$D@e~M&WubCmyy?&3=
zF;9O$UHM{<?VzT!${lhE;{T$r5Aig(J-kcMQ?)ARhpzIlQ2Cd3s#}uMDTKy@*D|U)
z^{<2g{w_-XH5a2aXgG06Q{paFi7iJY|Cb#a|CiP1d2;3g^-6goO5@`~B7OvF+g}+#
z>Y^iI`<VP^lYPvT+Ru#A_}CDP52Zdf-JF#;MA&)hGL%ZD;Q6+aN6<?bgZB2-HtiGC
z=cdoEks9Z!|D6j*Pn~E-sJ{~}IQZ>It;f{&XDLd&kt&qfH;B7V(}o=ChV1_p<LLLX
z8-LO`;fzA3pR<zl&YM4J+>&}>nw`2VjrC~DHKK#gw(}H*2Y%8x5*@*`UFT@I-y<{*
zR^1Vu3(inf?}*T#x(<i>OA6=pYqe?JFzsE*0qJFJowW$(_jMAS+O$=eW~>WK41+E;
zNenktORh&RD6U6Q?IZ;|TC;A(RySG6`9r};*UCwILXwnH-!xt7&8AB|9Y|7fN|nD4
z($(6x1Jf<H>1IZUIw$oHcIr{ncDv>he-Cz}Q72Y5kx2c$n=AQ3bBT{Pmv~2WiQ}6~
zytcW-=;jiIgUuv<*IeSq%_TnDT%x^+M1tEH&6OP8Tw<St)P-o|HyRhBJ2$Ibh_<2k
zQzT^ogTFr~iwxq~vy={#zoRSNj>c{}F{f7DjJWX^&Fjb7*VnbLh1%B@+SkXluX)<n
z>Dt#U?dvG*Yk%#lN&6b3eXTp7dG%>uf6>1FpnWaYzJ8*8eM9^DtoHRO?dwAA>pj}n
zT<z-w?dwh2*Cg$0Pwi_v?Q8x1W(e=s{lp*alcZ38u!Y_ZM1Wzo_tc569i?RU<9ZF5
zUD~7}vk1ElNo@Ta=&6<wH(VyP`8Bk3p|<q;;L_+NH+b^pZc;fu+TVM)P8?E0U~C@-
z#-IM#K_}{HAAJ2o{op?NXEOrsk$tG|()+ybIxs(R!2xrk(8oYRFx-ak`wkzB{^)eP
z4zJ%@)c@dK^6mJc>VtbPZUF(~bI>Uc-hp0lP;-)RgnVC^d|ww+P@>2Cy?h-|Up%;%
zreh_6QU^XvL}`O8fktfq)wars03+i*18Gtg1SUZOhIzV3M{W+2k^(S|3&3PcOj=QY
zP=_~LZ`Gk~;PYP6rga)>qLH*&TOx~!X$mT=xSTow<b9`6V!5uOCjoZfb|SRo91;)i
zWeUbd5b?_1UAZ3>R^ws9q6h@r(NVij9n4J3VO?A9Qr}Ug#!sa#41Q>zDCmK%Fzzu>
z?}~c7;N3A9A(T5371|N}k%Ns<_$lOgFQ{wmhdt5y=b3<V58l>Z$Q=?=zd-W95jcoZ
zmMFjqywRUePtXx~pH2a(M@t0mdJt$1?mZa28ZwEe@g@2xB|rM<g^ZE=jz(JKZY(lI
zzVC`4z1yN!;{!;aE+PHtml~CN_QuYFVu6d|W=E4=8fh<)(O2oHZaDl^oP`@r(k#po
zv(T5X5L>SF#j7Y+%x_Tn&tUqefpkE<xK^F6z_D|h8jjsj!Eh8dQps_aPuf$;5tpj_
z@tmgoYHfMS3r3Ew=|=VM96tI&58wqWG`@HAUSw^2ioiXP^sc(pN|q~Mo~pW5(NhV-
zrpNp3OPG}%i0Ark(GQJJ&{@`fhu1Dav2qMACf%pKPLF|l*U{2=bz(VFumg*4k{e>V
zbM%(Ud*;OG*lTL#3p0&6wzP2stN%7rU#`AKb3B_|iPu1~G28U#$(59>*8-yOz$53G
zJ7V)<p%d5CurSN=uLZ^!yZKkpEC25p5eJjDFrNMJ>w<EBAX?e(pDN!+`n0bWUFAjE
z)-CJW=<t?50D&EVclLp}EntE1Pyn*+hMw<+zx&}Y{x5^f(Kk#**IW9#zv}mO^!H{Y
z(|G!OCw%YLTlKp~;P>Wb4$S%L7dZO2?V$f>Lh0MKLND<S%guQCAR6%Ayah|$QH|Xz
zL)NqMmIP^?Fm}6xR<IBL<86gIDG0RS{py0s{gg@P;M-aFTP`(5@|x9o@dizJ*@n32
zLK5yQEhASR!q*a1N&@$_()&#}2kz};+%F^FTTw?}o<eTr|J3aFKY7Ore@>ZBw|o>v
zpVIGPSNIzt%kuuL$Im>2VM7$+bh4!<N8pv5F%?JvKVfePRCAf>vA5-5_iv3omqV}_
zyWO0i^Bt5^$4IGVQtAir*SCrGXy!KGTGa%=D{wuP_WvS*|I?fhrZ24P)F^SBA43iL
zzkBi()>Sd8Nf@!Q2|38K{3?Dhmsz%%tGr&Pb1pBf=>bdUB6@H2TnQ%`5>68IHDfVq
z$a2WDY)NT#4*<Zw+!+Iu@bEV5Jpc>68w?FV=SIPw3(#I0?A&3R)R`vLPoYUC;jgb8
zk}hDkH)3^uyo=QSIiyB!ostj)noH<O0y(>CgeO0CmGq?T10WOxtnw8oBrfo)Sq!;<
zbl+vw{pPSl#Oj=osiahhFDvApOuT#`6aHhqhJ*XU+-LkaRI7?lU9zqCV+{XeWVyED
zNB`4a;7j5m343rvxHIII=-FcJ8;E8pi*k=W-<e!pj}d!_br3J7Kg?D{C6ZRwQ3gcQ
zNWdJlGU7*n&M=JTmz7-Ns&3<|Y2%26Y7#9Zx;o26VjOwXJ?ss%W=9O(F`CJh%qkPE
zZRn(%TbNv8O|4{}FY#tN^)x<siD6TqKTFp)*B>M4&j59QEYl&!?rAK)+`w|*vHT(f
zn|jIKDJ%JybNoR2HG+F>8OAL#vD^)oZwQPP8Ahz9BE!%|M?$kmm*q?K<yyH0Qt6*G
zq!?B#)!GHBv~s(+@9aH=L9||6?hT~xG(JO_t3ERSI+oAU*|;M%?leHn@@YwdNEZHT
zIgVB!sDt{xT1&2l+l}EcY#fcX$UkDR@%JRMwlN^E*wa}4QGn&Ny|Z(vZlJv{)GxgG
zB>|<gm5WQv;((4UvPBrf00kN$?OLVsH<9w!AbcD-?*f&uJp6(w*qb);r{hiE2W;vC
z2FF*vH8OzMKnHETn)TGxn3I2(%^PdVh6Ry3J2@|Eg-yQ=V=YPa>#2fHc(&WeWbzY}
zGRI6Dv^3e8S7LFM=-JZhXf|?U0$Y)WLKzIr#3XJQ%jE!NuqFw9DDT*s9N@3q4t_?`
zm>GkXj$`vSV>FteO1K$GtmmRV!Lxl?99uz(RHTuhh%C3j7^s(2iS_eSOiYp9{4kB@
z=FO>e*2ORdFJjk|t6ah`)>Wzp;<v0P{Gzy|_=oSm|K4|vf`j6cOzvCEG+;B!eDX6}
zdg{8&)Xh)!&+vA2vfLC?rZ*}F8i1P2F^hJ<)VQ=a%TtxfWI?%-vO)`y6!53iU+*n?
zmYV@ES@d4E(pejm-;w2ZSjgSdBAy<_K%ZNb`QW+e=*sdFP0kdZ{W{j0LkkxVb2Z*?
zzs}XT$k9>giL;4hnPWF7{l)>{CYpr$MkUp8ME*)BoZjaPNlcN^SvS?*!C5!O-j?Og
zl6Xe^6xOmX0cVic8i~n$urN1;Wx4ao+p&^Nu3S9WAjzwcE5foa9`gJ4%+<uhq)qpc
zVRtUp&w+V-4}fLiN|H;mJSB_U1>h+Q#6yc9@Q)!;;}-XF)x<2@%kndTP@SXaIQFne
z98jOHOe69EaWHPYd^?x*#=bKd1R<_L4kpKE7+f{_<s<pk7-eQf9bRp`yg&5HH71A4
zFyzPaku1<RtD$dxmXY-waFod*c=%Z+-)Yr;yk|btr4PiP;};qUWM??iiZG9i&O#H;
z>^ZpJe1xC%QgwwS|F~$!cP<j$K=0dJHdlSWG_Y}x-x23aQ1G(csIzwhHfF-H^!V-3
zuJJ?dLYXq3{EptfzAE~Gd4icw2QvFq^UZMqM#vag&m?|n#pqvjX#sYb4*wrCvfj)#
zdNx(aAH!#ufI$IUTw(yW$VQF<&L}+g6NcG~wCSta$P7cdPG{5S83K$_f{&kSf*CKc
zp5N_*2>t1Q$0}=BehkLB%YGr21k3A#OAj~C=zCu3_eK(I28G}sd^;htFl{yDtcav*
zXof-hOO~{X3=`6m?<t^Trl_r#UF)pvzbMw6X}=~}nTPB2PzI}JcM7g*y>dT!(G0ye
zoipp17fM`54#AXQp5Gi($rMTRDi_xg8rg{D3oz^iO9h;Ml)#_EPiZR$MW(I%z@S$m
zH>v33MFg(A01N4g@#%ljNHV(8kN^lH02c721SemRK$R1FCd=P!gw@9Y{D@C8dA2X^
z2cI3?eDN4}ugcyPzq(H8F|W~;LdO}t8F4<#{i`S#hOOx2_z5Id6N$NaNuDOc%HQcA
zEVOc4S>A)Wt@?w${$#u`dM6N`s|-3zk}_A`(+wVPV{fgg2km1snWF0`QXD&2el_W?
zC(vD(2>#Wy#~#vSGWnCMd>=^namxfF(KF2FuXIu%Bbd~KyIT`b>bc+=W6K|aGd9x$
zR3zY(CHP7+BJ9zKfCwcZBAJ&q?xgS`PDjAnNu0<yvDf+b)3}H3L>bXzSbnk=(H~)v
zuD(y_76P7MQQ`SDf@j~0f%#M6PLwh1dkW{Tc0N;nINfod!pn<t^v=3D_B)+*58H1M
zY<Nd3;5V;wai+{W$H;7(pOQ3Y%Aln;uz97hAcZWAQ<5rl(FDUeM&-W#z<LmYaZD$g
zeCy|G<P+{Z>mB)9RXi2F8c<3~(TI{sC`uk>xkJLCxgB))_dXvbkjJzH(hu?c|C>HQ
z9!(0!qwRrSQY3m23eR`a3GHkAer_{HVO%z!<?}({nqmM^f*o*<O)Y(L0Y>itBwU<m
zjIu{NQxferyXs<=rLybhOtei&x7g;escjqsnW6~>myl>4lONBn*AwjO3@o#zbRpwh
z7IU*bSs8C(GHz3G6VqhAA`KPPy8M0LVHkf5<ddf3Cqhd10hJ)#a1&V+aE>EX-q^Sw
z;&m!H2j!a}v4%BPq?x)QJpe&KzQ4VQ^aD%i=xL5eSZ_LMh$%|fyGtDRf!F|@GFX_^
zC63;%6MB1h%*qsXcAd&_)={>S$xMJIyCprItXpr#y1k#T)MJQpmCRSvE@d0z{)lkf
z%_(f^dB<-wF8To*w-?qcZ#r3*nc{Rk6{hm<Fwe2y1+q+X6-qNBDIUBXs=T(9m8sw6
zZzXUPN4QJui~@9V1Qg2PzNI42q8(m#le4yG{>!x3c3*`Ik9iK`83QmTZ%>_)!aVJu
zvd%CYAGeLb1M|Rl9O%x*PfCL6!RHUk24VE3On&OH)E}8=YOx<p&ldC{vjKuLxf~M?
zViwvwF>b4kPdD-D3Hpg_>N&>y0e;Eb2envBk4D=f=OkDwGUQq;6_Hp?HkV<va2X~#
zY10|c4<NXJ9y2FRE04_riOI(8FSe1fEfxOrhu?1n-GCOe?_s$)Y1y6w_I~`tlra;{
zOZx))hOv3upuCNX`*s#LF$FuW$nVJqX5l*kY~a(4;v^zL9uN^x$t5KCvo~jxv#uxe
z^li9FyBjTL>iK`GCD)dB%Bug9C@HC@8J9>PgB9U|FQrhL-gLe)?$v~9kaMk;=619^
zw{gnD{AQkhk04bb(|o{QShFLSt+zNY&vAU=T%w=j_{g~=BG>Vb&ATu%JN3^+uO)By
z4N}FYPTypX&VSsSzMTcpn=L&YWp$P7S$!$wW!w)#cPva%cW-*7IVOK6X7L@6_<qZb
zL|R(K@&16nuquY9leYglwBNy-{vK8?E`hAr^3#8y7`>vFV4>h7ya3N;Jiij*nqUZ&
zRVoPdQQ>Fh9nrd#uOfDA+y!wz<dy)Gzzq*4@QkmO^+Xd*(TE&P!<-GsoG%I8E|GA)
z4@kI~lz$VjmV}H1n9n7OOv}%+Rb<$xVt+{Z@3jE*Je!r<f|gHD=P06|Lv^S%0*CED
z+F(5Yiy=~sI@&4Xn>&Ha$su9PKz!MX%K;EE&_8#`nKHqCpO8+J{4BCiyvG~7w;XoW
z>5(6INMw1U0~%4UX1S<Dmdn+l)d2w^my+<)QpQX(Gv0^Ebe|0Lf1U`{QRld6DdO#_
z@e?Ma<1RFV5jN1j>(oD3Z}ihoChPdgNic*}Z0V6`R=;`7<Ux#A+yqK-UMUL{rEr9d
z07rlVuyXQK4Hdfn@UEW*y3RtA=xbEjx3J4AJLw46WIaNVD;fhJf87`iGWHC?UV|x6
zycSmsex3=d0Il8X_?n-V<Edgi-nP^V?ao)#H!q~V<n2%!Q<SB130AW{-^jYQ!uNS5
zVZjZArLcV0#NsFkRx^olAC)LhL!=c=Ad2cxrU0+tV>kFQ3VZ?lV%BVCTo}w1gI^yK
z$o;eYGz#KqE8{tdzC@(`Lo7GV<a-WrNM072gqe_-yuJ83+9XH-Lirh~)q@DVD(hgH
z_1Zwz|HxTC56T)rvnB?zE|9Yp1ZCZGnPlx3$eJZ*y+cBJVmmr!;$#x)bOMykFgcg$
z@stLMjXEI$zfcTKFb`u2&ZC{*+pVodo<vWv`bvMby4^Xn-RlGG{%~4q_gI4##CtB$
z1e|U#OPncI#=Rh#j*;myE(wQ=uL;!Sk?VOSsGhh>q)9scHw&}ne0E$`pj$Sn6R>W&
z4NyO^OE3jw)529AQ3%>Q)`L|tMG@3$;j<0cY~#uil%=O}H6k3reXbs=1XzLLl4bZX
zyj#gKb_iP${(<S-k>Y_e*rfvAk4nHfepw6l$ofFNFW1u{xrY2LCEq+!T{lQ%>yayZ
z1tXGZ_|~aDgl_>7GAI)8W3H5+RF+atsn<CgM)wAM@lFCrCc}p;#?uQvh&N-k8A)R@
zfGZ6C2DySjELO*XBg_MikVQE{25^Kyi4|G8K}0l~KoJJ2AyC9zF3XhP0ULh_8|Mcl
z;%{3W;d(~G&RmO)0Kt28w7-v%Y&bkdca^<8T_&bc>&rsS51J-ZR5h2&=_Tf4G}mcK
zW2OOo4`6vBD}GX@k`*%&xM|^KMLf+dj#SmqU#TIjI<7S}VDH5XwSgL5-B2dg@ZA&1
z>KYX0IW38DO{~F{!A6N+s*3+lDL$xm#bZQ=s(Af+x%lAL6>lewQWYPqw0?8ziW|gB
zHG$$=mDX21-b&!tL2>7@2$+MTBXl~M(B6Qrw!CUOg{-B=K$6S@Nis80CN@h&RAM?V
zY7_7xqL-{3?mrW50n_hp^n0LXky8mrF3~A7I57RDoRVhETvhK)3iySs1HY4qE0kRP
z*>!U9bBkM5ysfz55+(RF%Bv;^*xJXU1mIQ`em5vB{M5P@4B|}XoIbWw6GM4Bnfw?J
z!<AxUJo9SMHB>(Lo|Sw|9A7VE5YU&Ah*DT!r9}KOqQa!bJe)J$EPW=wFe#Itmx6^d
z`8-x=M+zc$vD$m$x{FgclY?B`yp&8Xj}-+R8Tgou@O*GFu$I4mQM;A{9|iG%D<v?%
zqHY5e@q&b+|6U?2G*ZL;2s0H-8p&-xI#Fgq)xxTyopf`x_WRs`wQ8aXL~>)6yNYpt
ztcdY5@MDf19y(0%yn@nm7Rt$0HgD`}^OJQH&)m5IJGgD7LcD(4jv9R>Ml$wxuv)$5
z?JUn^rhvM+Y&usC+Tzb3K~kF+DVLdYi{5dJ4)xMwYMXx0_})l5xY(!^mh^!fz3)Ac
zOF_LQ5zzta2nA}3vu2SaFUxy-rNvnft6T<T5bE$=bI_u>QqZy)??ZmV`<mKH*v_~o
zqsqh-9{^4`JirMvxtV02g2a=yIO`TMo?~dUcGlzp%27a@VM{LIA3@3O`4Vnoj&KXc
zl~|aA#_`Rbi}oJHBc&B<-3h;+o0lW?taya<8Sh8+oeUi>vP(20RLqz5@?hCEXQeUE
zm%B@t=S$NJKRO;U4<Y*6QFwQ6x2OB=4AcqpZwS>fgya)QS&=A@k7fB>6YHG`ix24K
zSeZFXs%)Hjh<&tqsy)g)#nHz3gg(nY2n*XUVByVZ2m26pggc0i5J#;rV{rqC44N#)
z+Yi9vXVN)-Mp552y1(NGmY-^LJrNh<C<6g|KrRcTK#aA%FND3-ophT0zXq9Lohg&-
zvjLZ>2*SDZvJ7E2<NJ<AS$+Tz0k>$1=FSukfLcIR5z~*Oe+ztpsV}^(<aO+#TXnKs
zP}0kNuTnb4>2h&m=O{-%e#-O}wK|}M{6riMuSL&IoQ|6h6YRaX$<t@a`%7q#nP6|5
zTr!K)M=Tt`vY*i3<}iTB9D!?mu`ImwAxaTU<8tAt6S9<&W$&3>axnuMeV<=A-Fvg&
z_j*9zAdCVe?n4wl&3uOG?45)L6y|B%RPauE9gQevXWb)=yGsOZvA&+#7XV8!u9O=Y
z_k*Zu5;4T!tW9U!oh2)^joS-D=$*9DS*r(q7rr{{Y>fLk@*|h=e5gm-Lu2K9#=ScN
zzuFnk3;F;jVTxG2vlc$aN05&Zl6^A*b!GQ;QCQ?*#+`@TBKI64c21xu(hmc(@&Gne
z3kzM9K42~ZC5~urFGXtYI05DXeFMd<LdPPq@-_pjwQ?C`)g&zU41%JtTpJg6jwnwC
zQAd<Wo$#GcvA;+d@th_q*Ss`pj}EN3Z}_yPo9ZJ{(F|g`*#(P1S^$%C6?-&4nJB!x
z&O5zRTW%WbOqtJk9!DF(V*LY*=MnNN0#xmLC1vF%siB*shVp4c#APe6KSu3I?S0Dl
z#tP3ILo)#5i6aWq76Y}~srMhC$%h%wQKD7Q9X9c2wLcfj=cnNYYkR(<XS+SwRco>j
za@J)q?k~vjFV=gf0Kr8w1tnw&8T;V~RFAf^c^y`<`da^C{#Fy{&45YnTW2j4dy<T5
zrhN+<rT*CvfS;?xFHgXi^<;8*7e~M<!E#GXL?|din@Qe&7&B^en-ws*O-mx10?(s8
zxgrvowME(hvT&1)R#+i{5TR=|VjR|v7IEJj>#?lw<@LB><onlp+)eWF+zy1{;$?OJ
zHM9)lG|eACm2f8!<+n=HhxPo<xDz4WSqpkaZ@M~3GCeWsGw!i^iRd4ehIam8O84bb
z9n8w3IQ&TW`x^t|iL_vjXc7fL=a!1d31kAyGg_e2NbdjagcvTuaTnvUTZK$9LSnTq
z_D=fASsTR^9G8aP`(UN2p)uiCW}I9E-S%FvI<^h0j@<pQI4&@WU({2b1{%ak^#R^Y
z2FQn3#Q!Tq_gbJwsRaOupfKc*hV~-?84?JBi6}-3)5J$8t|RG2h3Kd9S_Il8GEAb-
zNGjKp%FhyMZf>DvhGZd=wl0!FmQGW02`-trj2mri%kMPb%(&YC8JMRro*_6qPw4H8
z`%APjUld*y=o&-T9#GL|>SezjjUNo-c_WH&%_JN3H$lUgWlq`LLi6p6XD^|nfO+0L
zk#R=>#hIrw?#r~D-O-5LE!m!9jQdf-qOzbtprU&sWE#wssAwVM-a}aDJ&gOANV=4_
z@heMTM;>(i39jk}#?u2TwYbcQk&HVxDiq}3Bhd_bgv6&8KbGW;;7r>hX}<!U61iH9
z{p*adxK=_^7D1Ay8U}{+<Q?c7pPMo!7Z~q<$TE|yFy6#-TrM(R?=4>?Z+F(|^Se-5
zKLgsbNx*o0#B`;FX0!w{k<kGv$gTqHu7kuVMV1-iXbnLLpOrKw3;0JAA|S64r&?AL
zu>pFcGqU>V*vMR<ZbX5uB3)8>(~TABCS(lKG7b2Jnq66Jq`H@N4N@;lb%9>4)iv2m
z=p*yA3C-}^#YBHVUpXVZO9x+UY#?q>LQ)Olvn1Q&w|6HX*tk*~SBFVUe<4ZE`e{HX
zdP*luk;z$~#kjA5_iPk?C@@PC1At_66{uPeSWNB%j@ioiStThF^`Ru$sOPnVo(V`K
z26Ewnt^_<Ju6;Q5&Io%BA{1Mt#@z?(>#fE9NCV!#1r_<7^_liZypt=r{mB=zxf*Bf
z^~}@H=!h+rY&;+m(%csr4}-iCyYe)yMD;Mge!vM>5A%XUfdYFqjr7XTxTliL*^I~P
zm-%9rNr`XF6r~~YxT+7Cr#l`Lb_+5J8P9s$=h)du^R35?vkh4UsQ_FByYsZ`gkJoI
zU(ySeAzyPWP(!|IorOL_G4V^OK4Hm4lF#?N?9YQ@PHsTV`Ap{c|8AtC`@{jt@ynQ%
z#BNFG3E2G;je%}qz8eFA8e`!j<w;$Db4ns=J5m7I3SvtS1EbCcQnt_)AuFjuKM{Z2
zX0ma&8O1-KHevbhPV)V`*_=6%pf!?A*5B<NajqF{-26mXGSOZoF(64a(4&)@k)T{(
zubTf>oT09i0gUHWa&(mn@nT`Ugiq4Oiw$zu=<MDD6h-DRAWn?e_-xaqm1e6vK%^J<
zT^N>G>hcPm++{M4592(J8kV4=o!66jY?0=%#aLmX#;=P?{MqCxvEOAf5Y#Vj{sF)2
z7bo59{%xJK=o}!ueN-B@Y1L$$#rKFAT70XHejY?&^gMt>_SI$0W*X9mv=VU_gu82r
zrvc+`uP5`#bHM(@#Vn)VVP}iuN&a5CP1peos7zk=n5%X~KEuMa-+6@foM$`{dUCYF
zF^Zs^)P$TTs4#ExP7WzrK*(KogjDDlbbNP-{e(HoegslU@jz|7!3E-h8}<ME2VJ!h
z=m(mH%{q<~zk0$5?mVxoJ1L$6j`q0PL{R^XS(5q{DXCv&dx(6E@~@SXI^emP>`oq=
zH5=Ne`j<<LL+Ia7ptrBaBEF|(x<xV+_bK-d6G_@rW$({NxM~df!(26Om;&NgCFor>
zdO!m|)r3xklD<Udx0t5z-{gy~nvrSD>T<$K<`xoC#$<(*hie>urSasauwF}7ZX&Dr
z%K^_CMyC2i#>1+VAP}&1jC+(`qXFqjegTDvX9ki|x58+WACEDf7*vR+?Ll8;J@ZVx
zPSz@+p3^vz-l?#%;0NFucnl`fI}@<D-9nUi#{DgPGAA+~5m0X-@&<6&`B7x=+-;7c
ziEkqtBzr0RY!gf_n|E3SnPAhR<OybR`69yd6$}2j1$afSDH{zYd&#Q&ZE>2!I`{6z
zsY0m2lI1zTth$@5dYENAVssUm8(R4q(PZxuKvA0BC0NWO7v;~ARdY#Ssk7LZIP0c5
zP70j}=iMT61`MKN%iBxY43&^)2PEVy+?OY|)Vkf&mYM+_*oVSIccfM*gH+mQw;UJ6
z+pV_0cBhAY2goAK6YY!5)9rSU+xie*vN?HsF&-`Rtt%9k{7H<QT?j5V`~D}<Em7#)
zKT>HflJ+>_VW=(AZiD&^APagvjiC5@sX?yPis-t_A1rUtbRS3TU<bqzs{K!tE!Ru3
z<!2E@wtT!^u5J=m*9nbcYY!7BJ5VUa2AEI6oAg^p>6?h(yoU*!12hYpcM(pva-Mq8
zx>L1i33nYPQc^VTUA32L!A(x#zCTFKU8QfU@Y}SG#27V9`nCkV6)(c^>9w13{Yc4C
z6?dDUQ(N@3Q{Pa5net!k6wXr7jK%NA;s+?0?kx?P;;W_NURwNKr8tAd8<44A6keCg
zuB5Mp((B{esveZ8x|>$jOQ{MkloLOP%)+7zq{H2$&b<cTT%`;*g%!-zBqc^lag&sG
zm~t&mX(y#Ti1l=&-(sb2x8gU9PXXULOW)Fo4y~gO`o69iOi@&X6($wB*O(LS?X6s8
zCRdh~TDJU{jr*C~52I-ra6ovg3T@K4AZe6l>o?<6CJcEHu7KR-06kf`?P7}ReFIt#
z#ftg>|3r%HUQ2KwS{vl=8-`-O*Oh$Of;fz>yuw!$W#Tw#ZGA_2e@J?Nu`W;@z86UE
zc+f3qeWjey270-kDp|xHMii|{dQ_v`lZeIPcKbs@$**JyN4_-8mC~Pae?s`*LX&0v
zSgfw7I}y}G!e&79bdxG4=zZ6y<P&u1;Yxw!BiWN|$gbU0j^kO$B{r@^vICN)e^MCS
zG{Vx5dfH3W6RDRs*Y{nbV9~8WnP1dpIX;%Pe^RZ=ev}gjD_$Eu$1q?TEI`B76I$?&
zZ4V6V!vB~TOX6T%XFS(Rp2nnK0Oz~7e371FH%ao`LhPSq{Wz&-Owp~-U^(FjbESO}
z?3Bu1mH2yM&Z!{Z-cE1aKx6!5YCq$?9dI5ym05`<tIe6*k7%$e|4H3NG2XAT`y3M9
zt<j|F{qkP%LX-GDK$2YL`!LA=g=qK0pDn^{1HLLD^&<WS1sTu3n&;ZnsXG}{fU7<d
z(vPPC+s<yitY(AW;fWv;OSSCN60nawp<lqbUywL&@rgkBOccaHBD;}suOgz^2*&+C
zbebs`NM46C9@NMzC|2W*BknG^+^>q&(>r*^L?Zvg^=A~VTtq8rAz7~<W88_z!xuRI
zPtj*1{i@BgGdLU0=+U2E_P;Aik3bCE6G_+k53xKD^J~Zx+XDJIG?p?epHZX<;NC=-
zmi*>d)Z&2$`=cO#^SMc5atAG)Ys)*rzC_GTxHWmNYHKo=Y)!Ty`~kWrmcl5RAAnWN
z&UkjA{ptz*e8%%_Bh|-2!b6n^65WGQtsAYgw}Tw$OQa{7rzHQW{jOxSUhGYnkIwvv
z<25J)bZc)6X!&A)`FyOB|ASp5zm=bkd!@bjbfZg%&}XqsQ6y4E6nd%g4|cV<8uTDe
z5eaNB4wI_^hUno4@+*?@%mr+iA7wm^2=EfUgYis9{c{PLWhc?&O2UE$X>r^t+$;Yq
z7jAC|xG^O7aTc5}Hp}$$J-(kR9;2g%+>gJfd$yzLyDz>_ttNfiR%PwLZ>35v9pB4x
ziem5Br>xY%Nku&e;<nGXaUxbDX|}!%$Ty)+FjnUq<vs}#>wRS(h3F=wP2c}vezFIM
z8RkhQm}Dh`I9DZqsNp}`2D6@0!7pt5j#f`$DHU(<2l^2yoiT%9eWF2aA2DFpV68$M
z$)*PBel-w{J*Cq6aFTkCsNfc>B>g-KZL-hfs`h*Xv3~*?EU-Ude#m}rR`T!8F$*2p
zfQlT)L_~wbg0-c#A+SM7`$sIutf^AZ_1}?Jd@s>`fX$KUY6rmna5+dmn@Pd(Z3H?T
zouPNUAc;#3GP=+#V#nu_&TEl9eYC^pG47?fR*jj<xc@CNtXN_MC<mxrHIP1naF%-*
z&;RLlbO_zMq(+a{kwGV8eO`e%`&)|d6bav7%ja_x3GN$7f|CcBjNH?DnjN{X8Nfli
zC~y-`4o=3R481uY=K4QCQG)m4IZ|7<P?&K#+`5N=O_fX|S$*P(cC&z9THvgEfbm3L
zCOaO$C~E8JIL4E8zEs?PStiSCrKyJT3Iim~c)BSzAPTT2DumRgZYM>=Q-sE`ncWJt
ze~03tOwlhBHnx>8F%a>*InOxj^o!cNggmpJDUf9n*UzL&iap?qYWn_<M%2@wUzkyR
zOy)<Jr4X`+2kPa0oi393T7&60X<&Yqd=YTBILkx?Eag0gh5JJ`XNT?rgItQ<_>vhf
zEoGQvnD2?O`@NQJ%6{)4-0MYTW~L<A&6)f|wu&s9Z25Y*1`nt`WRtdcHwL?aIwsTY
zUE*Y~SgiP{MBkpdh4MZWT9XU`zkCxpQn)?2ia<llil0`1IP2T2@lmkMuyX!@lj{X5
z_X~F0Ri{T+*Q}lwx#@`pi|Yg)P|0M9I$B)ieIYTc=kFHR@dk@)Yae*)`8)h}ZH*H;
zeorO%i#nZ7w$Dw_TLC_cvldp_|6z;HT2Q{b>dCLkjJp>S>N3zq?dSw(C2Q*hy?HU+
zFW@#yr+_@Y$f_}sjWNSZE?Mbk*en$jZPa4x2S7Ur+2}a~KVXP0+zcBz%48**30aP=
zWZF$3)Hl(DrzNOg3ZhE8jezn!w#1!A6hhsCqa3M^ZmoZB1<csIcNry=2&V6-P09$9
z<RT1%-ti%HZGzqCd#lh@)01&m5Jp{Qw5I-If0pHY^T1ttG43~X$X$9n4pc<;MP=d_
zx!p``*ykbkEO>8|$z4p|E<T3$W8ixyAhK*(Q<c_lb3Wr4hMp3bA0ZxoD6lN{fCLE(
zjHjJ6m5XyEOo%;I>j_ki7!so;J8wl~AAB7ruNxJSID?2&hO+-oghKnh%ezpA*y+mA
zz`N%bnrAvPr;!inJq;iEIW}p`SnkP0gYX}`bB=!!4@J)~adT|W(OHgb<r;|JGdY(i
zF03MQhPZ@W?vE$5j!=6a9!r`=eX}1)3pZV{*X}3rn|vCZJL(%GpU>G|Je1JSN#WTo
z%6#pM^Oe~Bps@W0Ozq-V95B8MnW0l;2W>Jxt=#;?G-`CiS-LZ@j~y~kyJJBzPlrnL
zRBQ)e2w9st(S0xN{@RM)1jwf9q&pEeyYP@=m3>4e{|TDJU?Fwf$hWg{yIi$7`OuY-
z`8^UqQDF0;USRcS{naeDF-hK6tMJIDrC6R;rrQ4b8ssQ;#TG#&AClQY#(fpmkzB=k
zaY5y5`0ykV8Q+sY9PaN)G=Tt{pp!-;iNz=>bJ6R*lf?O$aVQ+x6BDv<L-~sVbk9t#
zh=>w%3EE%98j0UI%Woo$pqcwDsiuaWYs@ivsvNyoP}2C$-p5Y58Y7qjGaxl}2jl)=
zDAtU=-HtsXUd$2Te<-(_C_sEcQaHGcQV$Dg=jd@j?2nK$7QxR%@L`hm9-;+b`~c&p
zW#gAjep3ozSkNcGqXS4Ju9|4Zy<jBH|LYic8&cFu8sL7iq(&t&?);&c2tO8#Qo}0&
z^JL5DCK9<=D9L41J_jmkM>;D!4?}BpJ(+0IG46;)v`u_Oj*+csXuzQ__#8p<_W9z2
zo;pi0df(c-OCo%O3T>QVMSpi!ncl{IM9-ku@eImZdcN!s<JKkNNvERWP!~C5_I-0_
zE-V`f?FCL=ye*%r2YBhYc>9b#(*rV&CQvMl5cZBC-Nwd!H!6B<=()G~c<${Z3fHfU
zdvhNG*A3Fyw;!(L?AtqPdO?RO#<Lv{UVys8&x~``w_yriz+iC)7|$EY3Uu<Ro#9A-
zUKSwp>QwY!o*Au6D)%6ONkZh9kYb*pI`v^6%szl-AApAcag2NR2q2Pr15nV=uoE~x
zRibcd7UKp%C(UdY`O!hhjx;3zvJ)t>+Y0kW2ar7&{kbTfo4|3OI0?r%4u1vD0Khol
zR?^vC%f|aC9C5y6SwCs2eOu}U#{Kf&(Ef+rRqfwH+mC5w`;T6C_3amTQ?>sXZNF>F
z?GyYjzvk-OPgJ)*owjdkW&fx3x%&3KT|?XN*2@0>9phiyC6xX;x3c{u*Is@552)LJ
zkhb5kmF>5Wzxwun?5t`(kG9{lmF+kD4eguN?JuJ38(Z7|o>$-gx=yP0AHK5r*W+)X
z|NiRs?X-QSwe#O}_3b}z3~j$tE8AcDH;jLqFzt6}W&1mNUw!-cGokd~qm}&c^S@#I
z4|P<vf2*_(x3c}L?pNQwqhsj&Yu8HrdwX1M`~2$*^lFL3#=V0dZ2Tug+N~gBIQ|oM
zfS~2vh)tUrcU}Jw@u_2fjrgRNy3ACJG85TISgBM5BGtS7LMpnqUx*wwj#e-ZWMC?_
zzluPL>(E7>za!CT<G%_5mj&6-{mgkhB{)BESaMZXvfn~IZ~3pN054eA$<81w2jYE&
z#Z{q~ydwB6EH~5OopcPnK8d?YHus%%=h19W8RMynLkNgA;HrxNBIt)dqCmN%$^!8&
z^H9Czjzp76<pCXx9|oDnL^(Rhx(nvZLiK8W99}Cl$Is&4zTU?#G<q)D`^xgRH=`O)
zo4cPQjhB&BhZuyp#sM14vHUcHdKeNY788VW0K)g7MhqS6jR*3ZMaeH(I5spOh7M`s
zo{Jz_e74h7$op1MOO08{7lrx_#Er-iBUTN>^ZMM+u9TsSXGL!;M9vp3!k>Ja$>O~g
z?<8^jLVRX20qq?iH*{seYdv+oE_D7_KzYha{gd%}&!W}uBeR~G_vPWZ40=~)>ionG
z%XZ7S^u`W`3M`vY3&Xxs{LB3>4fOv>>_4GnHuXFEYUq2aa?b~cr@l4%mxKpx|M7Hq
zauwa%UZc5S2W0zeLZ-noI)KZ<s2=SHx2Sp;hv4ACY(V8TMY1S-P3J@bofBlzTX9p<
zhS@~aY*`z37Bt;7ggzUH?sieUK_~m!W%4;jjG;N!RUgR|^gV-DYCodm_9LB?9*Jf;
zWp*6~UsyC*bRA~(+PVQ`MDu1k*}A5|bffK)WAh!UIl*<RC(NrwZ)qpa)WO)AEiui;
zt)=FQ?TqKE(|$j<7u~q6`mL^dJz5`g1-XpNr?<L(PZ0JDMzu}vI4UXqY63Vg7H_7<
zW5BY;ez#<qkl10X%@dyu(ous%CUB$##i#-*YA2|^I6-Rg{UWrggp6NbJj||uCy!o;
zHAtL1icHscVnT)H-o8OC>5I>GyUO)quEq6aVlROAvp8whV7<|8$0oxRNH;R>8+xnE
zO>dAcQBJg?juQ10!rRkj0LwGGDO`zEZGx&3NW|+t4;w%+{$>v8+q^cuVVd=@$@_K~
z_nO~erU&laxl%qv{5?|{&(z;!n&8s|J6Qj`Hi&<)bh~>9$&Fj#c;@IXvZ$pQ>4XI0
z=BFB+DS3`=xF6(T&{@h6;~E{wxHtA!A<REP#wl%*DKfZfAAkksdZ6FhJV!gSo#cN1
zdR3VvX_Aww`~~KaNmx5U+ImB9JkR3sS^x+5r=Ib+=$pZrGLG>q@`a_w(g6zX$!E+|
zG<fn0#SSi!z$=NLl4WG%a~!!-1Ml1DLoZJn_}^IEej<i(18GgUKxsh0zR}Eh?mTrB
z;~A!J-Xs}p+QDEpDJH4qAz^=#E}W_7uA~<E?HiCKJ8wQp03f1dqj|M0o>->S77>ut
zLjP^4KIp&r_xAsl{#wXG`cLGzK5e2y)#BI?`(G1sacsM*mP={Nh&g#dOzovv5CfOZ
zh@T36e>O@GQn75bZ?7fM;rq;pLN>BQW+Opzbu)DLSr^iWtKuVL7*9KaOgDHjGoFT%
zbibNVR!OE5&-*0h9j0vlNfc%8$IIAEHhuy8z6*$FB4Ix%kHR8<9XZkFU_AQkB%e#q
zrEBTdu*?uPq~m*?@_xHHz%6XtdEwvbWTL(u6Hk(TpN3@sw_UF=0M&A&qLOLp^uBS>
zUn5k6a=-41><96NtE3Zt6<YeyOZRR%-0k!#X#OFIv%cX0|AiLi*xJrlA;$s)FQ_4q
z>=~`K=lt2>>h;N9>h>jlzP0weld)Ide&6Nsf%cckjH7k!KhXB-+ka1&5Ym1t^m)?$
zXID#)(EfOJ{~w|48(P`^rK|0KHa{QN<32_IiBo_mra&xdo5kO243eW{IPBdtdrHSC
z9)|yAILHEuikV5Z3AXB*5M6&}w@{-2WjLtsETN*|5+OIV<mu=T^=K*0zEphU2p+`j
zW737rgg(BZ>U%w#7zfW)(?KXpeK@{(x#Ke`+3S{uBcE2TyBU#x2mO$7v+!Be`|~-5
zdVhMp>Z{WQ>8MlV=pZP<XJ9booi<R&jKb>pkn#JicgXn3yKP~R7uC0g^{8x2h_LnV
zYK^dUL#ys{W!!nySE)Z3ZF%<_Sl&c{=%xiC#GcSJ90v|v1sq}a+hMWq*f(StJh36e
zFq;m;Z1J{3RID;tT;nD(?i0qalJHx7R6}z<%+S2lCv3Uv`e^4vn38vfFZobhizO4o
zmps$E#geDu!j>En*8%}PH7snohg)uOarhRyw_I{u_>!NtTrw&yRCn96MAF?{oAts`
zhN^G#o~P;?r5Zd*IUnhGU~B34YVW_LWa{aRu9H`A=jDmouwrdNua?KZS6H0>(X+*p
zpN21aqUDl{!k7H4XNx+fxfkBajxw-bWzGdg?CtZR11-7(bdncGXUzE#$tfFlo6x^C
zYoR?=B@18K_*n?(0s6{+Tt#25SV~{*{}n`EjN8x%`VghD*6_)F4OhjlXB(KJ_TF1w
zCr7tmi@{aow{+)|H~14AhAi*=M1OYP?*y#L`!&XkL9NguiT>VY|KF>>NA_rup8A=>
z(o<~9C4cJ?wq#n%B|i^e^4;z&^S|&V*R@=7T#uj?4#>Xqg?OU#QJ)&2cMoOB`~OYv
zVfrwyTZ?^oqI=lhZ*RF|TKJM*wOq1I_>z-bF8RHjC17vp79vv&H#8~QiP3u`v#M&y
zmYpL*7G>Fpm-`9#2Wo6qUed_EfA6^Ec5RXKZtfZuhaY!o5r-?omwct=k~eqNTAv%?
zT}=6zVpL@Teib_?Bw#zK<TvB-?)Lj_sl<bj@i_4Wv+MT=$)!+SfM<qj<PXMuZ)e0&
zNrJ`Yk7C^8F^Q`a_Z>l5@Sa2?@g2pl7ViW<mzmf><c^_Hi)_k>{UE_r-<I(_uvao_
z@x!2i=XQ8?EjH;HPY(X79m{wo?xj{~Ja#&aarcGpo0A#Ou)Sed?z+y3`~^$NqHp?Y
z_}y#Dc^YZC$t2hOM=zAE(Ouip<>nPWSe$u4(hZun4{7C@)W0mx$kSs}sK~8ot|xX9
z&Gm<`O*+drRArqPMS^R#5<bSgX6IF{hgzAi>`~R4{ZlkW;*9?bnDj^P)U1kEpx@M2
zUCp}a?UQ>t{x9thxvr*N8+SsO`5)OeopBGU!s|DOGVUquaZ(e<>A*aUl=k<9)u=j2
zZq<=cB>8~I?p6>d>W^QUbUTIkJ!BazeAh%!G|BO)e=zRs7<5EPW!!h;kD7&!2gzZk
z+d<dT<9VtGont0;;6>7b3Sretem|aK3ROKAoof3>HPJS{qHJ^N9UTbQag82eV=}AN
zCg_vb<7s1n={|<IyE~WY7c!oHXXWEbac9F$@x>imP_d>kfi-4X`;bW_ZzPJNF9xja
z2+tk{qkHebnKiQWZ}B?e;>&)&IPNGyL0t2*xh-O67#4F5;~7p5{34|G-s1JrxeN^O
zMa&}PN~CfFy?JUV<N4YkA96!-_z2!yDU%(QEWf~rO%M7vp6^9B1(UBgxqopnjc1f*
z!ZR0g<QBoAuk^j1mHfNN@4)j`fUZlY$+<2&<N5uxjJTt?k(?y;>K`v@dzsuZ?6UH5
ztge}@yttRb4#lq>T3m}ZL%r$cnS*h#Xq-4gzm#C{5TNYhP(f%M|B1bJ;E5T)n}l~*
z^eSOl0qj3td1W);O>(Jxld*-gnK%4;1({zvPUz%QA)ZPnlobkPF9PWN1kh(jelj1E
z4gv8cmk3|$C{N7r$UM>hh>9P!UQfP?b;Uc<NTC(_yojsxBBMC{^p)ZB$y2S%PlzJ9
zgm_YkIC#agB=W0T9VCVbZ?q3fklF1t1UXwvR{ZML1&t`r(mLl$WTq!g%&b&+YY>kZ
zOv?-wM_wVpJwguYYMmL1h@2bNnL!-7@5<^gCt}Ym6W_&EH<5AYv_Toh@11mvdabE_
z)oLu9A6;H-phee?U<#c3a1MQI-FYP2vzc)}3a>7IBvVlM9r4DQc@`cy)fH)H2~xc|
z)hsttAmW~@LeF$kPPTx|$8?%`mgO+Vg1tl-v_Tzw7Yl&|8e8<D*f|U$+BSoTgL{x9
zGtr=&f|rfu{D|`3IK~}gK-RH2;H(oNJdEpBeH2r0=v$nG-5xs%WStlFZyJdpl$09U
zs!0jv!PoCyqb8<~&xhr1lMF${&JIaX7u)k(*kZqFS}UHfCETiig)MY67{pzr-POhB
zg>NfM17fj5+t%EF$?`59=w+XA)&>sr-gyuvr91^^_XWC>Pv;N&mn4#_Tt$pRU0WjP
zbv#Zv$bm4KOv3KAVW)Cso95P*l4pT-R^gSBp6$#tm&p~4FXq6j*MjsL#d<R%jK0qD
z`FJCn3e<~{v~6P|9H&`+ExBikJIi`5I{J!JBS}25)N*^YE%mUy8@jNNH8&NnaO4fP
z)KbS`64v1itUkgQ&&rpfFz$kF$h$!zg7vz7I{>v7-2g!?S@}pUuAvpe+EszvecRy0
z7h=_Rvi{!VV2I!p<Eo2f+&a8%9V9GI?4=+zR!F}tEQ&slRtYty!mOhkh$S}1C|--_
zm!%oy8CTyrHmF`*+tptg%lR24P(@$b3`DT|URhr{R@<H|Yx9={MEyw>8d1N0D{Nmq
zDy~A-=D(7MY0V#0VD0#fB6)jO!8h@v^44`Zxk`L`A33PLnDLbCmoFeL+D{I<lQm4}
zv`V6U#rX~?{{YY<S)*`_Pec3STl-rZ)=2DrUTVpG8x#^J?hhuK*lWTPO=Dyb(^%n)
zQ`5|-RoLwuqw5KD==vAo$Wsl@(c>78XP-($9QTYQu8R-vQ)&45Tal@YuMit~x`9p_
z>0}^PVPw7Kp=XqN;n{FGa5Qw}*4E(w&8vWiX@9gDWg<xBl8`2eY++<I$oKS7BBtG5
zP1#l=0_s`{vUQ(;v&$*rBUm+y6J-A9rMH#H$k#=p1psfP-4d1umq)aukC0u>bi5zZ
z-cEh8cWPjSZ-6{ve^}g8y%_M6d8V$+Pl7V>YY~(5hVLjg(u0hV^UkCTF^oxC4Y~HY
z4(rKVeLv1F-aDU+%?`HoNR%%bgy_3)qVcyHpc>ALc`)ueuu>a0!@zPWEI$gw1yaxF
zILTADKl!crcv-9GO#CIaOeg$=06&?SrUR}c``I(@cXk134}nSr|B6n!R@VF@iJ3tU
z?h2cMWCu(5;(1A25UVi@jn*P2)<N}eK=s0Z@bLmZp2f#M@lk+}r|_{9AB*v^5FZcY
z;{kZc+NogcfpY6%sBJ2yW#fazM+QE|;Ug6vBk(a49|Q4mJw6if(HkCkQrdG4FI^c7
zpbG~49*K`eCp>EL@drN6;NuiNj^m>m9|!R9Gd_0U<9mEm;A1mBHsWI)KEA-m$M|>;
zA8$E3g)$09a=;?Cd`UMoX?6uP3XfpP2k~()KJLQDET`r^3gsT@kZ9_jD*I!6dKAm;
z#2~`=@h_@^2;T;5AJkWg$m0^Zj3|~bz~!1F*;u@X4Fj)pAW4$%!kQAKI`WO&AL*JG
zrI%s@`??0;QO_bxB=)xSmgX|y-^)9x&S%rp`c`fiy|yyKB}BSvvhzVr>t@|Ygh%;u
zLz*8Z@+^5K%a;w+G^+0R@%CBrOTYo+8{{1}@4P1ccY<t7t0E+y!K?5eivDZull7MQ
z8`^*7Kxq4|^qV9w@cOIpn}qh0Rqe~?qML0$$ae>?zW?j~d;E(U&E{CNtl1EN%A<ND
zlowFN#;GImzP0(?O8!tysDMzl#((DeP$woiJK?+Hlm^v(0-_~wZ<My4w?pgcN9*Yq
z6vvR3vw5#)Zj0A_jUnW+z4H?ze1kOjwYs**U08WXH_6R5JM}mFXBMU?E>S{l)s>+3
zL&-kh=eB)+oxX?qC3*5H==<p2(Ds`=Zx=MbKWV(m_MMxEQxxNQE+S|n4IrDo7x%&D
zMOwbWyBCDJ>J)jq*?Sj)U~J!bb$0cgdqU@5E6(GSx#!Sdz5itQJ)z^%q(5;m|7*B<
z`gr%}(Eb~IgIm#myCtaaSMKjZHy!cjmP{14rRiNxRwm^_3$=TluU+u{9Uw&Ys|nb@
zq$=qBp*i|lVK!w093q&nEY&y3pTu#1>%yS?PlV<lNb?UA7uJ*ft+O$jWE*3QU%FSj
zmFC;e>spsz!n!z(=5JEvD9_R*ki2q1@%cJU{Fv73+bbHcOg|r5cLiqa+Z(SS^K9k*
zQz|`u57N_aCDIal(@)1z+_$VZcJz*T9sigSH*v@7iN0gN5F9;SHJzD)KKMnBw@c#`
zJVy>h@-7^IXI%p084wYmk1rMacn;I)1))f_<x!DIHvR*8xc5-Gi_kV(;ZjZ?uZd7<
zl`GRlXexs$2GD{7l;wD<PF{{(G)tExxo*517-Zb8(xf>goI@jnwuNz8a7hHaBZMxo
zF$y?sQHYE{;gWWM1U@6z#{s=}#@X!IAl(Zj^%1JUoA3^)dPwz?ZwT_9Q_B>dG2|Ym
z=g82y)O2&m{~RIFNKL0)F3B?Fk`3Yng04^tA!Ko&>i#ilytqnNb%Pm}rHsa4BzSC%
z%{MPMC=*wLCVuc06nvpE!12iaVVbc`V7W@#%>?lyl^oP`{p$uK$>WnWmy1N?tc%bE
z+LbUAA!Fz~1{REMr2N3;SAidlZ<!;|dc=W&I8Vy`VW?E4Xq2iXqEs<%A_ijox}6s8
z2dfg0z;{2=2cKc|lsIzn<Tf9HH;Z+YLM61ZGHZT(%*^tWO%)mB(5#Jro0@98#E?)k
zz&_1YGthpYt0uy}ByheJkHB*@C*Pa(9I&_JSEG&vwEr*Ev6564kIfN;dQ()lkFk7v
zrLLdqmAZUe)Cn&T;-?88*m!zIUu6YR*$XV>GFZWV4yz&=ZQjA#-|8WI{A7EVMv%o`
z<L^N3zzRL9ke%9KADzV%IV57meb?46xbGvDZTy2K3!klX)lRgt>;`!>$PKPiu!i<%
zgWg%qdMX`p>TT|lvkE#$H0NyoAtP4hs{kqD(eLA-uk`rIk`4i5X=o>GsrAH3cKBZw
z94vemxg^s&vTKfNYck;&wc);dKiY6B6rUHr{U28SA>Vc3WJ%3A5V9vZ{4efF_IdI<
z#K2ODfynUY;=ijo8TI05yn8?Y5hV_cWd_S_!zpRycGHzkwanT36_R`G7&nb;L~gA6
zJ+LSt@@}{svMO{4S$7g7#-yw}FNLf-vuKuCcpO5z?mT`vq=i7dQn`iMwD|16+CpY$
zA?|{>QU)@fFLctXqSX5+*$&VyCHJ?ulxW~=VkxmGOUaDDy_Buz^ZnHKDSHR6UK1~`
z>=t6HwIK@#lDEnHcTu7l(Is=`7nEks*vDn6rvHxCfT5AMwI~}`7mPA{zIGTD2}4>O
z|7d6)q3aT6$!pLoSc4F&&8|Twa1GJ}5jVd84bUz?4=d}TN{|aO>4Bt<cc!3&LN5>$
z>C!>$aa|KxG;h;S0HAAhlzpOtll^#R+x0b;)!EyVc&D6;X4M8SJ4HnwG}5W=PYkRA
zhlEv4RptDeTn{5rf&DS%J`?RckSl`uV5T^QA{fgl$0Q7gx@k4z7&pBIUNxocQ?%1*
z94$Uhyh-x!kz4$xS-ImLe{1B9AbR($B>ISEBD((>!XRWGB2M!EMfvIH7Re?^Zh12h
z_v?zveTq!B^Mjpqa|_k62o0{$H`@Cmhf-~ni2oKf@vr!FJRSvOHq(IKmyf8<M)hma
z-yd}Rt36K=kj>@!avWtgE7wR>p+E4}R|APuvs$3mgz>70l(j9n#Nza0+>J<`ZoPpF
z<JkAh<1yZv6r3XYfV;#o%EA;)Ft~(7^O*dB?0P*3ETA*6%$m}Ly)Z4toXNPeF`R*w
zac4zJ_ruz_OG3?EvG8~8S!mtr?a+qv3?g@Odu!l>w}Y<2ql0&PP;xDvmEgP>|Fptm
zf+sct!j|+4<gQ_XpDBT#Y0^&`@s}yc#SZ74!?;1m+0qlytT$>aMvh?z{K2}a&)U41
ziEY^dTWnmp)m2@?g3yC^m~tK?LRNY@(p9f#+&NH*H=_}+t}mD#fuh{9_7>-|_H%69
zMugLWZyj!D+&sBsAG)-*vVl~yw*h-`48y<F&xzIX<fn}%-&vmILKlJ<+!n2f`jg@k
zJBnS#;q{a-&-kE8NR-laT-2W?f+O>vMzW}EJWImfxauRIZ5y{4qhcj*ca>)fZRcZa
z1V$@YPVS!uD6IMl32+#$wit25p_i@}z->5?{O%&*4=#dWg_L6RzMVs`auN`n<EIEN
z_sqm!K+9z5t?(@HD}%6D`I+UE{;rh%7D|6#lK#FS{e4&Z`>FJI9sU(AJ>>VVSnBq-
z)#;YEt;ixXjm^vbkk9&tUU|hGl@8VdXjvtg%zU!hQ^hhjldVK9>l=2!F2Lc<rDP?@
zeFG2jy+k%92W(-vdp{L+5f9b1IpliaU$7#6HTJ07JrX;u^RGr^@VU<95)vTX#{K4t
zCih0O{OoN?=xoMAg{OP>&XQ%A+2p=y=W_k+<SHV@^A2vT{c&0HyM(!Bp8!nsW7)r(
z45P3sU%G+cW1!dCi?dMeEKEKCG}dko$U~RW%NFL=>M~bZg!tBFjAgz|f4k!gt9L?#
zL=7-3()dn@z~D7=^fb=O480Ud4QZk0vr<!QX;W=3k_iX|F9h^H^AN_fj|8Kgp!ep`
z!$iAvG*-zE@Yf{_Gsi$#rr-<G?s=u0!-g?YNP0eoGmBuolOnu1mCm{tmispUSJ}@8
z)(Y2VJ&pLX=&Y|CBiGPgi2c=ZhF2R15&GEy=Y`iEpgZ0-lax}S?*n8MB|-;q#7w-Z
z+&dvQ6d|$ZiS~5!bo;pEi-?6Tg)~0k*Ca&31c36^2ro+laCd=m4#0<>7M(TEvHwQm
z;9%Kzs4tGV{4#xikz!PQ57&`z^Ev@+72?{P$}qm|bd>~?pp{@S1YR=p^!DJzT?s!Y
zui9D3$IzZ6ss4Oc6tbjM7`2aoF0hNqtim91nw`u;TvilRO*S&0qZ^s00vnkw>W?%i
zQTTa{vYAOfx*m$syFMVBnOUA=jyYP{V_tY8l`jR?yA2tHTSe$B-;k-wtl7-CFl@R6
z_A?j`w8ACtibD1FH-olD=fR?uKyE{yTX-e%!UHWR1Ht)U!{O?Ew`TvC-c*zZ{|(O6
zxr`@KPi-Js$rt4q2U7U<bd!x=Y{J`3EUxip#(g7hRq|`l#izoBPd|!cMHanzKI6VV
z0>@_}PDh*FV4li&;`AY-j{Y0L(jkc>ivnU2Xcm*V#px`YhUgS4knm~)4NxOXq+>4y
zbT4nVT1i#u8)ncqh-As8{$Rfu1cIekq;E*~yRqKb;)*z(?=2cvtfWj@?*qVmdQt74
za!5EEs(OB;C3F=vWpV_SDBqCgG#ALH>CBHg4hGfrtiA>G9oZN!BhKb^L<x6Y)*?>_
z@LDzw2~0=T{bOqU4FddqK*hH|8TT~0h4+vyus_p!o$Z}$KHrqhFE@&%G%g%~IclRy
ze<aMpn;q3E{gF)-?Gvt8e+-Og$v5%xc&hOt{DF9?6Ng`+;k5r1=Fhmo{JU@sR6>t@
z2h(y`sDaWC%NlwA)5`6_Na!)dXi3BH9AUj9znzP6j1<|S0(hYOgIt^me@#RtL6<#r
z8vG8qE_}4{gA&m<-a^(@a-jBmEQmi|B$RhX@aKZmH6|)?;p2FufRN@Hq1~vCm}upG
z7p7e9fcJXZ+f+nS-lMf%x^#s8huJtm+4Q#Itx(XK;{_}jXLU8|9o7mAHs;St{@wSD
zR9%Dg{voy~)OXNjb0ZRc&&@5&26leI_kSvV%$z7x)KfTqsK6kOSWrZ<4n8^F@~snU
z?&uVV|LO7Ddm|dVBNr6B7f968o+UU>UDb_c>#${&zAVmzx&yC;qE8c^wNN~ueP_MV
z7NEkifITJpHqCoQN#UlC(WT7Da&5)2(dys^IDaZi)~V9_gh|KpsNzX^gxV;gWEJDU
z&lYC|!9(j)=ijc$e}guEV1cOE>MUM@^kDA_8r7FIH|m5lFE^4vFaDurK<Lri;2Y~*
zau!V(`8Iy?*-73J44Zm3|3SPrl5wLjZ1YCHiP=0=j^4f@xE@Y2*t}_UQ)@XP;!51t
zO8xn<V~+MLf2+Y3*^%XP3|73Q&&YZ^7}?aH>@3>VY~19tESFJ(N!((CuOrb<GeG?r
zJC?LTL5)FByM91H?T4Te9aG}(`fpjzh%rfI`T<y!b{sGHB>B!339`hr8rtO8UoYLL
z^S!RbTbV`?R7MeWfVBD?WD$ORiMCodq|9%1T|R5|+7gZHh`PgH|1#uYnT&0$tCV3~
zhtC2j+tbjO6e~9>_sT9XU_yT@-!;+3RpS{a1Dm=d{{+kJVF&!gy8KN3jnD-f*N?>D
zk(%#{&Bwn_n|BVOoyMp>B$h4c+1{@3dN=g74a<#YIp|$?Uonoy*cgNhrbQf?5ld=d
zE>%RIy?7(V4^)Hu&~lu-T-N)ElMLG#A?=S2#C$b^^)5C@o`E*6lO(%N*02?6i%As&
zYP>6*gyofrkr&txY+T9gGOPf-H_*hpNm$)c(zk)E9*3q`SA~;Jtyq-6Mn*r1@2M3F
zyAt?jk=Wh<6dfn=yGxq+iFr0HK!*3<3lzHHAn95GKpR(@Tw<+|dUdkKT9I}?1+Ugs
zx<G-9)J<zJHp<Snj$+|LES-OR^u9j{Jc|+mw%zpiLKA^)(`6a90ROll2tIydjViei
zr<+hfbg;>vvKw@}cYX8C`=702BfHpu%3XE(MX}k?ehQ2jiOR_@*-MrW?&krG-WhsW
z9@w9`X?tDw8}!!HZT7Y{E~66j@)<R=Fp#D&CRP`WAK?;_-BNJSlhkd_$iWu#Z{TMn
zd8!t7b)C}NZ*tZ7?Gv~eNwi;uAe%eRvHX+-Xv8M~{m2Nd$iW<9hix%(oYVyJku#F-
ze^kWigiktXxfwZU0Pv6)^Jy3oeRW9?{z&?LG(9MZln;IfewR}c;GYLI+>OX5(T{zl
z<<F0*-;q%Y@6af45{HaY`xlV(7d7c(ttvej9+Lm0Cja^?%+EEKKbU`qr1uV54*;KY
z=guW^hCIL7=#{wWDdW*xI^lmTcM0J96KHoQ2A<LeonrY279)l6ZTvY#cZp<IMwT6w
zXeB1*Ba#v1w2eFI&q;thZCN}x%XJ9~D;1-Jl@dneb|Q3T<<42TZ7lb5n$w?SzlEzI
zcFt<X+<__hVL%xkQW{(o9~wuS<-4=q2?ny$!_~SDFL2fxZA|8mupXqj{fiT<lupZ7
zZ+cr6O=`F%0LgKkWIw&mau%xpe}(l$_&%2SBB?&g_d1(Lf4m?7TR^10^K)hs&FGQk
z-?Pb8$=j9j1ZmfV0&zCC-{Ly5+`99KtF)~xrYg&QVDV8gJ7C|Y<qDh4@2VZo6!auf
z(2k}tZU$`$6`N7Ef_#ukj0l<zXn+091a(eK3XU9Ran^w7=|K>=5?6IwbA)}~A`2`d
zYe}~*?Kej{Cb4|J5!i-_<ql_Z6~Y`M0OM$DhH)ZBn3MRmyTmaTD*02Y1Y=ebJei~H
zg4ijkOtG7IyN<&2SLHZmRla`-L#K7piNEzPQ}w};%U;?+j1+%Lk_$+-j{rc^6G6^^
zwbQEq0sEPJF?l;#znP+39o@aIbX6~BcUA-b*qCy6)#76)7G94E!%1SXIl|&O+6o~C
zRve(wjhZNgTTIC%(u;<_09pF&kI7`Yz&y;Jo8QHp-~dJT5@CeBHz0%5nbRDD<WJky
z$0+hCQ_u<e=Q?>8<1xSwUwaupIga?`k^ue5WxrWZ`7P+L;+}qGeoHP49h%MQCIFeB
z24wWn!apD@%S8eP%!%k@sz+EI%RquMz_%=&)tjqdnUQ4n(<r{lejw9Arszf*jP9%o
zTNP>Ui;Iur(FSe_M!&Op)Afkpl^Fw|CZm<?s|Ta^xJ_S<>npb~L1pv@+B*q&&g4!C
zr3CAzU?DWXE6bG&%w-Z%GYC4*-NbU6LG&7*Q%lb(e~%Tvp#X~4(BtjznxJuLwoNVp
z-N;604SrxSK%L94XFUJLFYDw*(Z+2BCc=V_KrS0+UdT*r?`mwr6y1^7o_W3`VeiV!
z#018@T8ARu;~>)k_Kd_eDk?FPzyBAIF9l*O!!rsiABs@oLIT61vCMmY6{EA}?Uuvk
z3hm(C#x>&4Rq%6NTkK`5+{bmOX|en(qzfuD?h7c?uh@b;R#_V67UE&LnP0_7TaKsz
z{vR<jWF{_P@g_Nz#CE0^rk4<V={JclQSOYPeFvko<+Uf;NIrKW(xR}pC<c$6*g%Wl
z3mMC7sc$8sft-2z|FQQj@J$w3!+6rBB|tIZCRr~~G-4~DErPUiOK3}<V5)Ty#TQsn
zw6Y@VN&+aC7SjTcAzE)MxVtR7x{9s>qH@3VLKCi9a8(3_f(jGErJ_Q)HQzaBo@<&G
z*!TUv@BjOLuRm$#d7hawXU?2C=giERGaINRMzjyiu#a*>!EqSieuActR=#h?3s5sp
zq5ldkU>tIbXApXj?qgLmK>d*CpK_j`c%E}-n&z2HdGOL<p64sbgX{}mfp<FDx%ae|
zAwx9YVZJ&_NJLU(@3G984G>S|+Ea}D{_VU>3_Cyv=V#ch#?{F*I=Ro_HFkj?Ov_=I
zD9jZneuFa+$^<4@om-q<A0A0p-D2UXchNlcL}%z){|x&C!4EV7Uhz6sqmB>vRQ&%C
zopFH9)UOn(&fS7Hy*|YKE)hYq=Uw)2BIkE^;tcyV7~kG8=tuHlE&xt(`hGBa-wrRN
z%^K|Ez&+4JpwoeKx(;S{>7SJj?te~dq?l75{_O>R7z=T62XeEb#N)V54Th=b1!#VX
zug(k%lwm3RfmS)N#g;jg4prE|8pF|&ihPk(Al5*qxWyUvRB4_i9?Qe7Qu$+~L5LC0
zF6yoyK)X%t=sV=_T*23SKCcr_?}2ZE_+uUy@3b!8L|(aC2T5M>@`q!~2a#|SiYNK+
zv1ia$Nhu6*Pis7gR<@D4^DH7LoZc-YzG|N*$(feqBETC?+fth#^PPdm`x(NWWxovC
zQ;8hJ8$Z)vl(QKPbdnM$Dp%sXFNB>{h(SSKK1FJ0Wr4_$U4V2Kkato!i<T8Zw*c)k
zU~-TmlY9a68_F4R5hU1$Mw)K`IH|TX2zGk|g0+<4Izcm_uL01JH>Li;_mru0pQQ|!
zYr`&Nh){(YIyQWrJRAZ!sizW+9+TkDS&q^K>U5NcaXE%Pa|hp07?fHaEmzmOP*>~k
zE6vKRU`J0Pz?^!)KfS{3pUC_;urP$DfBY8qB4rGPFLYDw1W<3$ufl%@*!bne)an>}
zACKEbJys!9RXAyxL71CREzc8DyUjF2j>MTiU_QS=wTC5pJj7m%F`shf`q>wX-;G*d
zYD|5GcJb>=ZMMF@Hmz?Y=%}f^>U~cvHhQlY{KHlYfhSTaYzgkO!_@D@*zoFl)t?7!
z75}U)><jsxXe4|npOa3US}ut9Enw5Ax}3!<O8eS5OF;eg?3t4@^3HsCs)H%g9G-(g
zH<ygo7(D22AUSf8!NE5COgbDG4I>CR%tq$N?Go;)6qqm$rI2eyYf^N^pMW|3+^B70
zQTa&r?9a#nSy&h;c}vp?>XcM@)){!R5FxEv%^@y>hO^-S@$>^}cs(x3gH~X2W~$3t
zzCnieeGCRqkIag-h*rJj!!F+2HOutXy8VEXAqH>9l42vM*g;*ZqrrTmF|wQD#%wmD
z1z0UsZZH^)2HzQ@Co=mCLiDx;m_66vTkj2^LNa#?;{HwB$mC$(oUt0znmdY>p3+D)
zSQnn9Fpzggz6boqSph$9GE`-#F3+r(+v;81YV!Onh>dH2n8niaF+mK^2Y6cgLHSfH
z@41qiBNg`A<n<eb8f;}$=fClQ_6MNy_zG3jY39>-YmaVxQLlfco3DQTqt;(WSH8Mj
zSo2zV*XUQ?c`FE_6DD(lWm%=mcd)@_JR@Y*y0bs?^p@lfOv6HEH+*)3eNy@3E$+-J
z$h=E{AF-B-WuNix@f~jE$?zRF0+GjmiuXrbR`zWzR33tk4jTpI$+E4_9K|B5m1-@^
zsss)ZDiqenf3KlWElvyU!kUkeLa5V>joAN|ja@KY2f_ecgzVGaqt%kUnVS^+u8%yP
z{Yh*11BW*Pc$#1FW63*!bB%L#e3>d?bT#{o7OlZXyKr@NG+G-uP{h}3LQ!d52}PXc
z8m)*6|Fh}*e(lwe+C(mFfqupBbThCX+Z&@Slg@kK_pX}n)A4&Ues53TK^|4A{r!Q^
zQh(d1zr#$^-(-J_U!qv}Rr2q2i`D4;=Jpqx@m47_&JM?+UYg*_KJ9Vj!4L(YFyFk%
z^Lz3_!4o%lp|TtPm~-cu?CgrhD%_(o+1)s^EUQ2eRs>=5-X@4w<%&<E^O9vA&Rg8Z
z2uzf+zXnYn$SpC7LvhxgCePO7`_1u&s9Od9Osh-WgPR+`Zcy(83{wZSj&qBkq8(Y>
zeNHYHtt%>b`Tt->v~MPSH%j=@1<+<UOf%T{3sq6KKZVbM5mWf;{UczQ687Lk+;^eT
zQuY`M#i8Ui9{!!K12q%bG*@=5ryD3jtH2TTI~*J#Ktx@?E(U`B!3+%O=~Xi1CeLSX
zvh?|d)G!HVyU$le5euTbwG6Z>eD^LvNMx?++yhCT@01Vl%9xnh55v%E@ODRRxTUS&
zl%dY%qIKo5{#>!^Q6N`!{1p34{1uY;%S!wu9@hEaVSA@=VU3OMnpuI(?m}oDK39bc
z;IGOPWk<aA!8#3p@62n7ztgDx)`xZc?GnFo-di9BB}(a59xz}E&L4CA<2#`>_d9gV
zsXSs5jOS!|>d&z*N$?CHQFGSpt24p`GR4zQ@Ljmzxxs}L?F5`X-CQ8nyNze*$}c2z
zw9w%cD|`)!#Wx7P2u!h$8oeJmB{#s$wp=lWzkOSbB{S?PhFnWtMdVwpe*otfC-prN
z5XqN|aU(6IK#VB+``M}}{|Zv+&2Xk(zBunI5JTvmcM98oK{{A50VfEH;X80#2J&92
zJVnJZoJJO$&eR)~S#c_-lhu>#&$o&>om~D&X7>OvVlAb91K&sl2u}f5ANO2UGShIA
zrSwe$pB^Wkr7kXe#X$R*8E$cam}5qBd*1a)$X|B_I`wyF!>9}9+WQ$~DUf58=iN}b
zW{+}F650rm6R0>rM?#ricyl{P#ZsCKxe1-JS4}dS*%Qo`(x+9wYp9vLz^M8H@htrI
zhu_og^pk)kJl$p#EH0XI+noMMop8ssY#mAhbVQ~N-_w}L{>oDNDZSb4HJ5I+l=_IV
zCR>3CEHBK1o?l}0v;it6SjzC2-)ioTaw^x7Tc20<J^a+=i9h9u-{p#RxtUw2)P5t!
z(Bbr*hsP5DK2JR8^c_rqrU-)Ak&p&@=8EI3bfMb~CXB52J<N%(HevNSFuQCpSxP^q
zx$QA{pFqBuVgK|_Alx&QwG=_VqE4thXma^;+gV}KcMphHcrW04+?J_qFhe6!3jA$+
zpBlxJclk|5nz0rbN$YlSX9t~@mn(C#-1gfnrM1}R1aCW+FWLwsM?arK7hL`s?aV@e
z?xDjqKd});%iU3&_WJS8Jou9pEzHXGKWrZ-Rs#NQbM0et#X};rM6CFo@6fpi+$bIC
z=Ez0R78o}DfJg&~PL|S%v_}=Sl<~xFOX)d0&nxxAi__qNlNsZ%zA(v1E<u(T=c3n^
zuQ72}XXmM)k^2`rPvu#mlGz5S6L2CeGCX%o4O&K>1Jf;RNES52O<@e70cp9YUbqy%
zEBDNZah6lu>=dij-hB}#V|m@bcKXgF&gw7lJ^4@$u0|0v8pF}^ieFkTOkC@YRBV`$
z7Nw;1XrPc<)Tk6qmd?xhjwD*j%H+;3OO)pomX$N?w>eU0*!$yX>W^%0z-i`HIAffv
z){A`BI>#JdDV?Lo(P0d)Q2ga3J_HuTrFv%`$e@8pH{(3Fy`QD57{O(oSLZj#$g`Zz
zQ=5(6zCa4OO+7GQUl^2FjApD-{nS^#AjgMocwUzJ#8U%ZG3_3=F)Cz}5XzRj@fRpE
zJYc$A$i~G#@<-$j6FdrBuDC_2@r7#Y@Pi2eJ-ks%=P`CO@87?oIK-<6sec9Wtgee)
z{zSKUfI4`L(!oKeSQ&o*f=>Uzu)@)a4HLvfq!$n?Y(FRY&4Y-n`vpa$XN*>iTFN$^
z1(IxoKQzW&zDBS^j>DtW&EZ35aq-}L%L}+;1f=BclnELH_~Gv^X!|ik5*8`pcVwvH
zzd*{l29<|%W3oXa;&d!q2lP=XSyn~lI+cuLq`0kf9cB&>xqzjSU!CjeMG>xJWDjU>
z(Ak%g@{!CGN%;cT%s?l+nDvBSg8`&ijjVV#cAh^k1$EsLK%spCC#TInsuP7_Vn&oo
zdt8-uraJ=zX^}LQR9B?GQoqYT(jW}D$DV2_`_@Rp*;0y!=1@&ITjxPnp8$I^0wewn
zga+!(j|<T9jg|0=*crqcL97%#_FniU1K;?5Far1BO0_r1ci8AznYkM+h|U7YNJr^0
zkJ&}BWlagLKqru=#oU~8i>KWFZqDe43~HpO1eby`tlrj8#8P&Etb>7e!p@rl9XYF&
zukHda_F}YJiXzoB%3UY%R!~6FCFWV3miBo_DKi%6x&%bl+Y;y5PB}2ZRhOvh-wJQD
zH2U;gZjcDM;vVffw8s8G3&Gc5_4I+Myw%f7@IPzjJbKzvx)Qhot+^|6=UroGwv%M_
zUt`B9(VviELV0)+zz`8N{gH3RKFSDpL_?)~2~d85)Fi|fkiVbIZmC<!e$UU7V)M!>
zoR-(B!`a&N9bleO3~gj}S16D3oK$TXH`LgBS-N;P+yJu1Zl9G5+WJKwBnSow3MQ?G
z2P3=1(Aq%ryG2Ba36KvpmkCV@-~$tRT)tY7xjXZeV64HR{O#A#=-LcYr`2iCEaOhl
zLST^hjc&lIc;=J+$Huk>AgW35-wG15KbAVZwk?2fyB3j_OFZ)CH3oJw=7ox|<Fl`*
zj)r?(Q5}`mVUMs1C>9A7$#yc<x3;$iMAjSV|6pcpLt8`mSi9<|oatIkrVkhLOx2Ky
zU2&$3LBBuaJ2J=@9Z2zjdcQ&OfY$2b0m<twLLh1P<Zgy)_&u{wzh8ee=DFd$Yjn>)
zCFsA0UcXxR{Ka4O`Co~FS03{`CFc2onCGXu=={5Izs3;EHygO$jc<s-@>+%RogZpB
zk5cPrnzHQUj%uF&7-;m|%O)LY1ls}(<{G}jg&RLK&U`ZsCT|~HFnHsWwqTiikLQY$
zpx5eL;x%?>5Z(SXQ!ka~m`h%(YO-6IEAg**PW*~J#GP?G1?YDDD{lTcqBQ9n=oSwH
zQ(d<LPp>9omYae(W}{2|rtFyay3DP_X1JFXVmDW|MVz?rGr`Zx{9b+$Qy-r0Mqr@D
z4!Fc$pvmmBMyl|7?i#?xtx{@)$=V*QR08BMjLxjUWVzrU5*`(8tNQo(Tj|y($-ibQ
z!S&o)GTm(OwgXU-g)<t<4`36PLOuKq5Ej3Wu2%U`zup<U-XhO}RCfq7_L+gb`E6s=
zmu2#HMMuheX+pUd+66>9v!*eMW7pRZ_3V+|w4~0F*Ha0eTZ|Bk*l<T*+>Cp{1|hxL
zV<+LTSK2lm4&V@$_j`5=uhVnLmHsUU%w)hZ^H=TU)h$*R1p0R4IyA+O>j&m0dh}J=
zoP8XOmjGU92Ubm*6E|{xj@bBk1-x)l>rOxW%xJ*Rl^!C#a1)Za_hZFf9~&F6(`q1e
zce0XiIJ#fD()a82i1$I%A#Sl=t3#Ci2s8Swy3)UL8NYCg7a}P%&eCf<b{Ep+M_wiC
zvs$4`mv0ohoN%X~gX$tLvO|67yxcubzSKdKUMe}4<<k0w7=qfv+cq}p&dUu6+g7Oj
z#<$t|R&)F<W)o&(_s~Wvi0O@2-vjDD1SD<0!;1XYS{P3f`I-Nq_~aKTK6wCINfH%1
zgJyO`sFv8yZCGYjZ(2W>Kw39Z#vse6B!E`b_BR;n4TeDmkR2X7p81(CZx~BH8U2*a
zV%eYIgaC%8gZ5kbV(=;8)tws}$puc_<4&)LtY#l%w%7ZkI`7NeEuGeLiNAt5A}K^6
zmV>ZKx3CKZNjSl}#o!(0@+WUJ5k;plxAAn_si|z)RY^?@igF$Tp(!)S`ajQ*xfPGZ
zU|?Lvjsh_NvVhmBQ=6V*!s;_o`frHa2-eapD;WE3%bg9v>|iZ+&6$pTWug0bNkj%D
zIpg<nCFAzJ%m3$Oa=`}MKp2o?v-oft4Tec-=CN{^f53$OeIvJoz>*O%oR*cFPvts|
zU?LXL`^jM8=h)DdKmA7`y<W(!6)bmE33Qr-;%XS{-GL&bJG*Xb`|!O+qAPA$!;2{?
zw1Isp_ikgVC*n%~g|@;^u+E<u2_Lud2e+{fW&jdqe>QN;T-hfqbMXWiw1K0zgjxWt
z3FRh}XL$H!7}DiPKkNY^aF>xRXufhdK&YSE%I|0ZUTcRlaw}Gvy2EJT`3qU@JiC?B
zfkGzCK3msyxdD&a03QAkHrl|=uAO`xkFbzKk%Z?yOlDaky2BR=AUx=>y8NOLMyjRk
zj|PeAg=`~A4?y-xj_jAT3k{RAkfVXdp*W4U-fh9$gx?q<Wl|}n0IjMlheE_-;n#6y
zK?i!m82JTr`z{!Na|+A&4x4<z1huM(7h>@2Oq-m%X|x{3-oBZ(GzGCX+&zhQ9x-_(
zC97dl624$k-X<jJ{FUx=qWp~+FyiNH`AS}#xQ{Syy0DtzG;X>Wyo0Gh)LdoUOzo1?
z<n;ILeB7kz$4z<ccv%lbv8=3yx=aeYzb~;n%n%0T0aI-;Qe11NW#ea{&T%OsGET9V
zaY0|)i>JsQbl@@BMmKqsfF1z7Em-nEP3>hxJB$R+W&B1k?h!;8auwFIra>B>P=_mf
zhh;8~N@Ryp9^YuJ&F!CQg=wRSAKeqyD&sl*oICxHkiA#1+__i4Gp{c`j&uH8y9L|n
z1`4?X4;Y03qZDp#D~S7%m+#ridD*hkW49nB9P|3dGPI>^kxU2wNE<nk08>xmObsuy
zYc0<WCLYeCQ_h8g+7@icoc`)O36=fO0oaDJ0jNr$MLbRzj`IOCZIitPfqbJIz)}R<
zF6i=+-l&0%1H?OtMn$+$orf#KVH6u0%*`?y!fu^`g6Ac+(NsLVg~tbzaSiv<fv0L0
z<FW}Z#<0yj+bb;(ci{Wc$j$F3D2%;DO)i9_6u%1WizrRe-E@Lm{DL@J(hALR_mO90
z?siDr-HLN}6uCRxwJCQ$p>TJDe%%|Gn6vk3V(&p=BZo$O-Ad2b80Eol1D1|VR`iKm
z4CSIH3@s&^>}<w%3-A%TG}4>X=<bwWjS-qF&m|Ct=MsmPo>4hGU|OKEINtQ)w+VEv
z1lhrrz1cDsjeFlY;P6L?!$$&#!?YWN1=1Ou)s0eScRKD8B)HS-K!SqOsKxDX%ZvAM
z!4ArX2^g>#tTwI0P7(Zl?Raqgfm23VoQl_!OPp=!hMc`#q6Bd@A^I|oW|$;bm=Jm2
zS-=iYXd-5A$S`@V+6JfJhRv9RGiPcB#&<yU%LWl|=UG+#O#F@T-=wDslfvWek;ku>
z))iI06syCZHfq)vWCj(h!jEd#9a8KH?+YwsqLbR;ba@?~50sCTbwwNp5k3wU>DSXV
z_5O6B$%uFyN5m`~5i8OZnGf?lne)4-$qWPfw`k){p|`=y^_i&0YWk*vhU|`)_y!7%
zPH`meu5^!y9s~SKwqCu{QkjRQ+yR(jXQ6vYV9-Bz_Q7)*PwkY>WrUI@Ny#8aEvd+W
zi8#C*r+yzRCEfm1_&&-)-wW061#&Vl0Sx-y9pI6*yO}#}{kjzE{Ax!Z7!WsPVbx;q
zm*6RsbPGHn69|D(R>Tgg6|enb2VwX04o#IwkMB_G`n{SgQj_D=<TxqG{JoXM2f*Oh
z?S#R-I|zei_ynNEYm*3<oE;J_p`-=d6;Q9K$(PmSi)wPdniQoZ>qOPoq?(pvbB6J1
zi??GfGq=kvo@r(SuTO&B49&Y@8BTfOO_BJC6!Cf2cBDaBoq_-73gm+^g^sKF4tQNJ
zy@q6ink2^<o;1rzG0)5%>4Md4b|fu_@?iC_&DSL%Sy&>}yVVscwKEAwkyD&+ujd$?
z*w%+<#|%m>fkN~cci=m@I!v22X{($TJK0^h;^~qP60&_)V#U>l#N~L_%ghD<BG@#X
zq)Z3ZpGfTs^y|0{Tkn%wUnIUlWC{7yhWpfp`_zW})Q0Dn+2dDY!-I83Z1^lQ+tED<
zV-^JZeY6$Y7Mi2LcZzeEL}kqA5|a@T$RXDU$p$s4wtSA#aB-NKo$pL^#nChSj#NV`
ztzmTwLS5qfc7E{kpI9d!M0@xk+FqkD&=xgWQ==PCf3Kk-u}aPGv6}o)O0qxSMC`tR
z54d49#CPx15W5>{ko^|b#2awA9Qwh{+5xw3vr@qxHTi{_+^r@*lalPJo3sP&;mw3W
z&1S-&>t=btc{U?1D>f?wu9XVPq$Z7Ovawo8o>P+zQj)!yP6KXnl$!HNHC21O8f!UP
ztr>9JyU~DSFyMk^M>&1_4cn|6YM3!pCXa~!)WAD`4Gp{sgFNu==tc}8n3kzSORmWo
zEVch4p)>-JcEUHMI?b?C`S9Nwf)lQxAz0G5j1R%pUHK3U`eb@cslx7(h9ZngbsUC#
zGP0LF6o0y!hT^yj%lJ@qO4UMr$yK_+C=Wi!<qXYHsWay&Z{1~%$!SorJQ#h0?hc~@
z)sIH6&FRYnwHK>C9iTe#L-<W{tE~wiYpBAtws6v!Dtf+F`t2|M-gSn5e^h!dmVOt)
zujG$8sFr0SajHmzTl@(DAu6`PppNaUi^^9cqt;t06X1pS1V0xVLM_4`+LsKaLMS-d
zy*!OljSc5%WPG+iN@?s_wwtGs+$@M`+2N}<;G(YIsn!KZgK9JmVz(YJ9+RUaYV;)K
zm45HNnbsvVrn8-!&emLc)zSGo?fy*QaeFIV4Y`$WdmytRn23_$CX_fRgT!l(!0=;-
z+K{aLh$IEc2lg3%<>0SS7O?egNV<^V3=9fZC@_4GWQ%x#yDF%F6<_)Jt8X^ZtG~bx
zn+C7eAU6OvqM%-DB}4};MlST<#-@!lp@oH#k+Q9oqCk~Y;&-os-3J+@4HTY10`LIV
z>%W!tr|%V{`~&@5IG6&{%*@c5hCV7`c-^OxURzn%Os}~{?00pAlzTUSjeQKSP4eq?
z@EVZR)f?IXty(e4MA+$2{$M?PSpZ)EEnSgU*TIM4QG_SS%s{`{8>A|hbfB71X2I*n
z)=PN4#9wo<(Qm{$DfhGdHS!s}9w@&a-+@-YSX(rBajM8FuWgTeOyM=Bs+vE4$fJ$X
z;^{%jOA&pLonyjP6;T>m&tq|wze2(5*8iCpJ$X6Cd%l{P_2*Lujr$=J{a1OEk|AvP
zBs|ni_f43q%d0mbrI;7*ObJyzb#4YioQ5an!3fu#oo5ezF3(zV#_mmGCA%=5)$^_O
z=W&w(&a`AS`&tPD63`QC(EjfM1Fs1rV|6|L(dHNX>;0d}-ggI{w95NBzN5Baz7;w!
z*)858_$Pp3&gU^1Xl8+ngt!Ix3Jt@VW`m_PBSBi%hFNpwK575WS8c?wSpFH`;-U&m
z`2qx!?_3+p+_OgV%-X-P#K5=h-py}C{CMI63YqColOp7tU_&~!qktQ$qw=amPyB+5
zanF(04sEl1J*pKjBDyKyJU1}W=*q6Kl-?@G!xyr@u*^+Lz~CmfL72rQK5jP$b8XVx
z(veD4o?yE=Hd~unt!*OIwvG<H;3T*_Xi6J^Knuhf2sF(oucP+Dqe*OL^Dvhf6_{P9
z1&{L<xC1kJ3%VPn7Pzv%vdqQlCsZ~_UzySZUfmVVSJzvuZpnSEuzz57cW#`e^d(eV
zO)7uYps9S$mAHe$W2S6HcW?re=|rqecHMm^O>(uBa}A;WZQQv{poN<;*vALh=njbT
z*SKfw5-YI8{ROSaC(x}5cv6nYFNU=kMUE!YoX`04UN!#sYA^>4<lKTF*_h$243Q5t
z>z5k*_EUd4B>cX`X>~b=w}rMQ1`V0n&A`%eDKs$XR!m>Z(>G$eJx^ba=_Fb%tqDJI
zvMT0$s-o>C2>vVeE`;cQnq6xtJxF6~R4U3L{{V8JBR^pOW2r9j7ZkB{;nMRcH)?iq
z??H@$EBL14=zEz2><siIJj{CI34S#5@OV@z9xKBuwgnylpH6L|^GB9v8g9I#y0ZV}
zxe|zg3yy5}I_wq5feug>{O*9E<3YZn?<>~fVJk=}aoF7Ci70KzxKsy3TE`;MP&Qs(
z&mgi#wwH5{PxLx@mKNoRM?$rd+iUm{T%9)CaHRrlhcCjn{!}F|PYi`*QMuSq7WH&r
zGQ@kOj~RUpNmH*B0-amU=w|Snp2K?I1*skNepg)xU9(_1bWKKLwcfvcP{jd|jw3ub
zfZ#2>eI|<XF(5wK(6UA}7*MQ(7#dwI`w>+0H@J=K4YTuf$64a&YV~{p>VxVS`-XPa
z(8&dR^Ev7)yi06K=010z_dI|R=_LDe&NNeS%IvY$DZh35?FZ0n<`|&)8${Dm){(q^
zU=#-mqfT7b^EDW~TWPFf&^(9Poy{y|{fu}&J6%3_gqha@{I@0ebaeL0wTSgh8$K0t
zR3;ND7r@Spw5PZb@HH+TFYPBhQ2tyT4~&4u7Bp}?O4h{U@xmHfUQ5l~hiC65(t77W
z!m2fUTKXnSChzx{Cx5h?wlV2qrMuQB>u20<by_L`qj0z}{`>pY^)}6|HS`><rJEqi
z;rAIjH53Y;KTf<B?r@@tqRAaR&VNrIuhPX&XyCSMh?K7X3c=q+$lgVIx9D5cyB?p>
zh$@8!57__ovYUUTAuv2D78rbIjh<9I&QHhjt<wJGTFDL{iQm0-w2wzy6DB)bLV@&7
zu#DCGK%|+UQP)B+)KjHhB6FJhizA*R1^+F=fHXp=;u}QhN?OT_icn#L(bHwD#P9Na
zAP--A!&q%PuYPQJ`6@ZylX5=WKg=q25!OoT#v+LMxUHaA4556R^qb0!^MN(eprQG(
zCBK24+lh_xT5<L&h?RIQyzG?c{>+MqnXjuBm|fiazf+YUcB(|T$_~(qv-^lGJE0ft
zP_vOXHL`<KKT~uch_HeDn0|IpTjBFqAr1kk5rkW%XE4;2qOPYF*!Z0(G4(yq>%(<t
zwZ1&-)K52!L!R%8P%(^*h}_M?$4CaFV-)?SHw1)natImC{xA7B@<A||6|`*!g5R6!
z4oom&kSgPTws!~Gp`hmTQt@;-WR=SF#Q|$(w?{yM;&}O3!{fjYh$PT8d`Ndfjoya`
z^9_;kZ;!_6D^yA#=+dCY3-+QN+d~Ldjsgy%Z4h9L_IPS^{O)?e@?jUu3}TqhqlBt3
zmp=jMA|?n6&>F>0B<hbOs23S1E{_-h;Ak41uLIRd`;$;W04d^2p<RU>Ge(KKGr&Wz
za-&e`T$j?RF3YeAXp2h>v1Qwlm+r9A1*2O%*9!j0FrSpqs|Q`;Jv9d2aa+8{-Pu1)
z2IY6s6_~LT*Fw{`36+Nu*{$2~xCw4|N6B}R{RaV^Y(?e-&cp*PHUuj3OQ#UA34yKm
zo^WNKn$iu!odyQ}gnQ98A^jvkN6>q=B4~W&1N#kZ-^o_DI1yOp4x6V9ZVsE-q>s7l
zANn?W%;=Id`eStDqgYmWM5yd%)CWGGg^^RJFDvj5rX$UJ_{b`$S}Fy{;hW|_7`lv0
z=C@)q!`(R~bm>MiF^jD(U&u-Y@=%XpTwwU@{hYgLPBgQ_WDh-#)SHQ+{<>1Rsb-Y&
z&kj!HokQsLmz+|~c>dAtpUIK_f|OW3*B$qv>adjlp!gh!c?N0&WZY$FnsFDmb*zR0
zv4?!VBFC0_%pDjs_#|kUt2p20*oKEp<ci9-?<ZQPJOp}-0f~;`ThwPiVC1%eP1IPG
zPK`D2eN(pUC$7fUtbj`X8b`lGFg~X4gcZ#1q<m6?=z=k&Og=TJ>=xSoY6XVNte<#j
zRSXUUreGPKUS#+4m&^(Eh7+TFf2p4LdAOCd-z4iVmwyQL5Z&&i^pK~-<?oNU@BG}L
z>72I=O*_Zyj-hwiqm43p2kN!xd7oh$`3v^;hk)9UMqSgwJ@n6!6@X)|0_zn$tRC!X
z3D$ogte=6w>Jck4y?F{xcmoKG*$h9sE^v|c=@G7_zc|8Ix(?7UUP*gGNf{YWnZvJ0
zxi?F{zevBeN2K*JDIU;QQk2-A*}1b^h6sVXVGvY3eGOjfLCOFWfn_weSaE&ex^px~
znD_@UGPgHW$@35L5B!{8)8k1c;J?zjN-ReLTcj=bj(9F6%smaY^YMEnk36nozliIc
zYgw7}*1A4;KB4ryftHmhl3QTVQd|uY2igljP_<)*J9s#?w<wZ9H5Uvx!SJSqKbGV@
zYkO9b1#~ei9@g_!b6J2BLw1zx-RWkM2W&q+iIpzA7O3)vL?K|hN$_QXK=?u$U}<~~
z-uWNLdEjc9v2g^l68@4+Scb6|PI=l>P>Gwya4c&NS4Csj`o1vmwLV3&m4h}ywg^8X
zjSFb>!nJ)2>|a$pJY+r11W#1J``K%0i(%zjzG81lPkIrO@Us95yiyHNs?@j@{sGKD
ztqUVpT_w+3TmcUbo>Sg_d;q#dFi_6`b?_1;eBV=kZ{HTaQMEULV=<6Xy)W5F)B;LH
zs^zE1E@p3wbDWy6^)P2+1N?^VhpS@G%RBD_YQDa+k6}%QL9=>FM+Qde_(I665c`9r
zWhHlO@hd?Dz72HVhr4>>2pbq3@RFdw+hd>hF-ULP!W&EmhBgRdPO1<{TJk9tNveb&
zcFoVxs4|<jtU`Lbw)Qa;iAm4l=VK>~xPX<`4VUgZ-?Ft21uSg^69Czt+P?*|z5R_D
zvstgBY}2;zY<1ESZE&dpWO;{*KIGX0WnSNc+bBu!f_oKJSc6IU8L^7s!fL2O_<kvN
zZg`U%=C1-w@}xtXl#QArYVvzEc~DL6my$(dy91C6CfTrtP*T?|Qng}|Wee`=46<Pp
zKEI6?|K{<Q{u<&<xRy7e#EkoD!7ZuuaSQ(#N~#X2EdX%K;gLm7QHcg#qJo#0BbS)1
zFYyGHSi?)~`EDs-w^*McfEm($!VJNuIBL&wSn#m~KThYRx6~|!E_4U_{c{75`BahE
zxe61zf!gl|`w+NL(kmO3rk8FYGCO`CGC#LLN9O6$V=!qJrr^yp8x*=uQInI^<Wp*L
zlA3%>O+G3mLrIS)&?#pqDJ7_&b%8b*`z6C0=Co0dEaA=mu7>xB|5s}7k{V>H-h-%-
z#8ii9H!@>`mZ^qp;7oNTW~%_E?#-LMhjUk3eX~s}wyo7<vYJd(lLj?;VZD+(t0qsc
zm)ra6dbz!nGn6#2Mrm(vYH#n`YOuW>sJ)AMdpk<){nIbh-sOi8<KP1RF}PXcr^?Mb
zc3FyB8o%cy>UfEAUZPYkQLHcVIF{(oON?s0j86lEK)=mvaNT{-wY06eZjDqXl(c${
zhGb&WU)GQees7J^?swGWTWa!eYI2d9{F9nopeA2alP{~u7uDo^H7TmeIcn0UCQH=h
zOf~tenw+X8J!<j~YVrv+IZ;hcP?L|S$%oYB18Q=Nn!I04-m4}@sL4V#S)e9|tI2#d
znX4w9YI3le9H1t%)MP(3*+)&@q9%K($#gZ@Lrq@4M&@Wcrr7BvxMdSu&4pdKl5_4s
z5?dA4BgBU#oDbJmN_@DgQpbmH!6RG7OO&LL>|D;lJu8>+>PtL?C1(DlYNAYh@lAaK
z?YQvTx=N_rtI4(vcdC9kOnNPqXIr(7XS+p{ts`c;^GnieX0F!^QZ_S3a~kQj8*cxk
z54qY5>b{Qrk3P`~pn;!o0o3^uk~`*~NbYp}L??GrK2a#!UQJ%1Cflk>vzko$MDB&g
zPe`u3wN{ZUudOA2g+*uyogon(G;?xJU&|YjQ%{YUa3#@tUU&L<=UR!@uC+Q^--dA7
z^AdHuL<ujEB9~~TFYya720L(qN-U^H&DKMop(BF4^GDKb^}HJlYh}%rj358TOPhn}
zdeZxq6^f)sUWW0$LQ81;j17N$1rgeCk_i3S3LT-xuTY5hu$p{CO+KV1A5fEH)a3nY
z@?JGLVudX0?_MGI$+Ih{Ps&#-eKLDB`K&w-Kdf_C>XS6yCy%b?eX{I0wV07Er>0I?
zjZGb(YpNhMwL5R>0?t$2^i8$Nk780fLJuUJ{E$R-TNUjTHQ8ECCacLrHEB?j7d}+=
z-G_3+8$Og9-kmpm)heaot5=~t-i2D6%3J)}D&FD^$Ed|m{Y)~##y<+HB%aDyrDK^4
zgyZKW7V{ETULsj8Vbqs6z7k5@&r3MEsM_uArKH{dx)Q1Tm!*n!dt<3iyA>}blFeVL
zG+0!VbJV0yO_r$1nQHP`H91vHder0})Z`Ota-y1?pe7$tlMkuM2h`*kHF>|9yjM+*
zP?LpfvOrA^SCjc_GFMGH)#P9`IY3QjsmXq7vX7d)MNRfnlj&-*hnl=zO{S{JYt`gc
zYO;%(?4%~!tH~?WWLq_9R+C9fWmZnc6gyMgic|_0coRS7oSPUSuBzpHXyAM}_+yC=
zvp?4HVGnp@yME*n_bQT~PjPVPKaxtE{zzBidw67j{ZZ9NAK{Cx*P(+&uz}0V#k?$=
z#sQDp!BM%EK8}|G|4tA14ums|msrh9G+aX^y2~Z5(U)kAB|7mE)}2(Mo|ibVLMpL$
zg|0+s1^VBFd2@LQ#!LJ~F0nvgq6|wc#}a`g*9SN_J-Ekt0MF!E-J-{C<A?jihcQ|U
zot?_HXR$?IfPe>jLLr*CQ9z;JAQ;+G2!(L+;1&l~x&6~^%s?20(7-Mb`-a^9$u@SB
z(K|F<3dCMPw|}CI?ZJ0}ew8%(L#Q`hqNm0{-`4Z|X_WtAd^z66-r+A(DQB<E0%m-L
zfV7+OJ^>--@sGySOEm^Im48cp4~dadjjJMpdbZFa_%@HytU0nhXRY#nY3DC-If0Tl
zs>yL`@>VtZxSC8+lX+^=CMRpdJHAl-$&Q*g^3Yp@Qqj3-G}pqk85Zc*ZW9U4!y6Iv
z43ymDnL;s^!X@A0&dVT2749qC%ze#*g=1+8b^>m}ZhEv)f#u6Gc&^jL3)Z~8S{Gj(
z0Bii}WABfUS4;S@W;T<YKWhjp$!&(bS`yK9W`t#Bl4m2Xt9c4tq0M~B{d>Bez`GIo
zuRmX@dKP_Ipcwk(Kj||Vp}3r{0P~G<@qBj3Cmr}jqWlKG^;(YWRG!7s8dcIp(ja{{
za*<+5Pini7)~GsR<`a-P{B%^me*^VF-I3?R4gad*@zB^ijWjTDjvW(YzFgjPInPh{
z#tT_V5d~HzJ-dOgDDEXGS1qk5&On&xZh~jL+p!OB<4t=P>Xy4CR7vE-z!HAo_jDn<
z%45NR6lEs>lrI5ep}P5aJuZkwJlHX3AB~_*$F8Oe3iBPU@W#Eecd%+aB*#NnWQROS
zY`~xR`SK2YgXDZZN1!(#;O5=~>HGMeiT2bb-*VsV(D;zZ=kf==gg$C-E#>Ql9iqy5
z;WO*0FWz3S^hNP{>Wg_;VEi)Zi|;k-h0vf)cpigo9ni)Q&Xd>avAxhg;Wp^WF!;2U
zR{1{oTwWiRmL}x;OiGHMM8_>pmf$b8@;&m$-k`nuH2yS(KV|W!JNc8qpB!&U8?!fl
zt=<=|`m?>H_h&n~ko?(jNB77=z7V_Y;nq#=GvG@_E#S9pp%%aO3$^$yU8u!x@j?l|
zxqB`Fzu&6(<xBWk;^N1&_-*1h8tPHJk)x5ppMJxi9Q>&*e=6ip7Zyk;e*cwpKVY-?
ztyrMo_s#;2-;?9x;fE8FmhqdrK#Siq3$*x6T%g5otc+joMe*yP;@3*T@3V)R;HRAL
z(ZuN!e8pCSrPOIM@avN#Z?{be29tqJFKlDL{g6$G@C0uyE3NbH?#>>@*J8-BlA<In
zrM<in)_Fs(!;RdMY29HA?n=bteYE)<bacNNA({|kIu$*>DG44hOv7)a=VW>gvDVVF
zfhsiFS;JlYMQ6$oWDK97wp`1~w3279gQ|+?0+OUN$5WvLhLX<#?cWZy28X5^f<v$C
zrCcb*evG70=n<46#pJm-9pp{Y1}ZDLth>bgtOD^-M;=C@S!g8SofceaaE0;<c~pSY
zkVTNMtzv)Fz<iHqp9JvS;#tU+<`y5yK>V%P`kqo_+QS2$bY@pcFFNrT8LTzDK%|_O
zjpr>J@#hrl_lub_b%0DxF@FsE{!U)1qYUPAeBmFB*}t%C%)r7d`m@;}=8TKkqvUa6
zF(hoMK*!z2legH*FadMU%e7w@&er(z(Y}13^Iwmp@=k=upaaN>uf;<A2liHB7W@Nh
zRBb(nuCWg40Dp&|14-)Od$J*iL;9ugY7%3Jg<}wuSU3(%K?)?Cft%|F%gU5w;wX2*
z!~DXvhPK`xo3w=ApVj3@mHa(9`HvsPx_S3tS3z$UqN+I>R<f4fi>(h#LqApK`6u16
zhPST*3m)FujyMcBC@nmwQFGo7H?=TeCVLYAQLsEbM2XvSUJq0|^(e9%RE=RfWtO8|
zEzXZNHc^AXY}!_L7|Fv8PwgLnPcls@fWGwd{;lmelOh=8%<zMn`#I?_FXgncWm0h)
z#V-z#G(Z=IE>d%V5v}1TboPYOekzK`F3%D;7<LD@$n~PnY`zd)O^#B>H?=}O9`ELI
z0XS5=dsMiqbiXRUdFab`$-NmhUC6;*fqYd!5C^A+XwBR$vq_Oym<k+)jFBcWh|Dlq
zF^nT<8A$f42|31b34@9%#~Qx<9N#A%zk~1eZj*jLmwqEVs`T+7o0W&{WqG*AsF8;g
z@8Ipm7bp@Xd3cZXnjSSma9}e+(0+$r2zI(dF9c1}vr!g;KM&_Gu8@S_cf(_appy&1
zU&5Cl1b;ZJj+o!6LU47sIU(rb!^-kX^Fr_?4a_p0eL}d25NwUD?;$m&jV!%7OE22V
zLeMn4sSwOK!G&O3SqL6*@lq)=m``0zh2Yua@r9sHzHMUvf0l3ke^4oV2dC^6EWUh8
zQL~m#*T}b5-`2{v<Qk29dnm4atNuPlzFErf1_g{ab>w0)ZtnLg5`T}Cac$m?BjdcA
zV`bcP(tVuJy=G*YpYwI{<|9eo=;hx(nvs8-HS+Jb@#Wt?n##ZG82PsV2*u^wskcbJ
zZTTONZ;wgxt@jo#&t8>&|04Z<vPCc7?vb`L`QZ-#lUC_?iQt=QGk7{;2x&Am+pv=X
zbk)J&NWPg4{w0fl*`xVV$iE0BL()9s*+$Km44kh^^Mc>7x0Eks$2>i?@rUSmIyr{S
zZm1tO)8OsJj-2EUu6IG9(UN=3h#l1bV5g*eUoQbe&GV<oi$&$pS~)|X9sG#g*CAS^
z2nRz|@_o<TJ~qb8f9CV^JZnQ*0ug<1m;0jh**(8G`mCPc9DNqeZ;n2t^Dl)y<qr~l
z9+l{G%Y2nSw{E`(eL8IC^!Xvk>9af7GJSUYIemh`Dt)|{SpC>EG!oaBAIkdDM)QXg
z%v!+3b5BWSW#qPzq|Wh8z2KcV)XuJfcNm}vgrvXFo+~=i%641I?oCt}Kjg5}jli<v
zjO1t)XNc{~Q57eb0$X#m^M_n}DqEGKP9XSILI21>^)jBcC%OZsp=izE3iP8xsRoQl
zmr839HsvrY4QD4t!0biiQ$F6h@Bl@?2VGC)2ld<06))d$i8JgDHm1yCKnMb9(M2S@
z2mSMoZW`e|!(PbxK{mSO1oMt!!(@;bP&Wq#9opX2fQNoEP*k<XywY^SMa!ID4OQn9
zFeAf=^P7k2W))fNBY0uiIM9x*<_h&RJ8(ohtH`xK%mPDWrWG@WHr1$0j-d1EX)$L4
z>rG~le(mMfL|S_hnu(uD`nEkZNLYg%OSBXV!8Ry#z`sIS%Zh?s2(-KLU@9nDc(BUy
zR4ja0(z~+wl*Oi2Tymv5K~cJ3uc6{CDz|Lxlq}ve`*B6*9uE(U>f&k40EP*EE7AX2
z-eC`I>#Fat@Nmfw6FX!9=Ef@nvBWyAB%i30nTYsDz1Wys_a(Nnv9VG`rJLze8Yz~l
zJ21|u1X1bc%HBLYFz_F|m8u_m)gtMVw-CnQ%y8ka2SDB)un=nlX2>#*@HAb#5ZQiz
z)1lF)<HCQI^eI-2O9u}xlCG_4<i6EhO@F$+9l=Jx)^JAja&f*wk24VskWOV~^DRUg
zJ{b)maSFqS&tES5rGMe@2{-^wlN`f)%(p0bXM|U2;xBJnj6=A`Ur3*`X7#zueG=>0
z{~b*(C=!kCZ4H)4OGBX4YtBZato?VmSQrYAtmK+}l=Qnq`h5?6<IPttSss_<>*ev{
z!A<4y{K1zgk4F#I%i}u+$I9dE!P=<|%Htact8*DHk2?=;ULIfn?d8ei)_e8x_#Z)y
zJl;_pM;>22ELI->qgW@8SAMOR$G;6~<nc4bTpqVp<Z=EWb$TPo<GzD*6Pzq|{h+4u
z_^w0R2@cBR3j<?jI7bIImB+S2iah>H-oGc0XV+YsJbr!O|A;)kZI50a@7~;!JT~uX
zDv$T?y(D?O^Q(Vb9`{)oUmm|V_hRyx<~JP&v?!1NwIH569=z&5Cy!?>Xht6YI_JMc
z9(P?3UmpK)PRsK6kFS$F#+CH{Ie9$$TP}|uUC-t3W76+h>398ll*c0_7aM7lt%V81
zOC{=LK;T~-{L56$mr(}K^=|*9LLtzv)Y;8|vHpZ7EO=r*1y5@{psf4N%rbbo%ex3R
zc58`dLUB`Ud@yM~k?|1CCsrNi^N9n+(dby<E|d%5LmTn@GuFq7B~X!tFrQE|RBoi(
zOvA?YRrLGQI&8l>pZKX!H=lT}n9nB;t*g@Ccgwx6E>5opi<_fYesNrS-Q(c&vQ4@K
zdL<TL0=;TEy>67~wQQD#UMn`p^jbYDF1=pb!0B~nEvHv_ZHx5!?JQ2Oy=$A9e_a55
zi5GCi(fI6(+u9iD+5(JvHUyVVf&lC1w=J(%T!VKOk6L5mA1mnN@ztsDh@Y!U_8Lle
zTT1afh@5A!l;_5nJh=W-GSl$2w@t}R<NKD<R3okz9flH5LkZ@b)f$9rO=gA5cOmL2
zLMjHv@T*j9%(FYifSbT+6khXdvJBj~%PTEPLGns;+(@IV2DoDw-nC6P<e;c~b2eTp
zdji93r}<h#e_n`sZ^BdPV@TP__sIUq&_vlu`@a3Y9o&uLO)Q*=x9!zX{OXNd$k8dZ
zuMuOkE3kHXtqgC^0o=L}CJJt>^K81Y59ZbEjpq;>j3S6D>v%%GOSnjhPf#*50ZcKB
zpB>(Xmr3^eT7TbNj4fxDY&TjzMcZw?q$BX^Hg=+~v=?WDCwVVUV0-$idvV?;_&%JA
zFG0J2BxiW9e)D;%vUVwm)2t{ugANy8>I@9>7`u`LHSy1BxcC2gCroCcAWh<QHOI!|
z#(gBue0dM)P7G5!FW2shlxXgY!bmk(IaI2Z+d+pQt+xUap^8!J>S(S(yFNNxvJLFs
zAJL0R&Q=tg?+Gd2Ro)+^lQ_BZx;@bDqg#ncxYo`-OCbiJg=!VYb-Pm)!U*C7Tlg@p
z_aW1><d;YvjcQgOsq1}`Mrv`buShHuf+h15b<=?sYU#u;i<GN3P=?spWf&c!k}pRK
z*6_p9!QGmb%K0@}o&as?TP>5L$Ixc8uNWliwQhgD6_3()!n>4Ho~7+&60xmmeYsV%
z(5w+d`&M%?^cvOB!hZALpWzv2tklc*xcr<a^K+@h&xzP4-TJ5#5EHx*hYGB%^iCY=
z#{SvC&9`p5Qk6{&c}F8O)ZL4JZ94$%_n{K+4h7y#O2Jp+P~hF6vAiq!Z;ZeVk5H|&
zj=fs7eTND%H%b-KVz<0*zcD3QbU#<9@Z@nFPnOg7`Ono+l@dEf!lM*<pz!1MnF>FS
z+Ntv6T!VsJPYE}^*8Ug|W4oykPv}m0f%tLSrP@cAwDKG*5sWfN7HT;1{ui_yx&3`*
z>%dCkI*=XbeXKeEsPf~U&KKp!8B;I9k9Vx(Y<Azr7vaYaQ+dY0AM4{a(fKmfA43{-
ztvolW{urmHXkA*uQ?xEE`=&@97*(G{_3Nj9)7Ss<6vh8y?iB8SahEfmf5<c)J`&A!
z_&ln^=YAbNcgXnkxd=W9Dn6&Z9G^{&rv4z8qko>fIj;U0b@Qd@pD{aI)IYzRy*5_=
zoZoS|`sdSA&FG&4JN~Ej&#k?c@jhW|T>Ud(N3;58&h!6m`e)+v+R^^)lKA>3yj;;g
z(qT-B2jccWDx32zADDdxPd69&^8xF2X62L7+vE`|9Tb-OM|1KX?Cru*u(z*a`R6&m
z4uJxrC3enPLHixiTKPqv6@0w^X*u8Dn72G;f8)WJ{hy~LeYO1G)>lvVY^twD_l&2n
zp4`@wz8c-PiM|@s_mcEgmu>%3`fBn`3jZz%#?@ETw>GP<f^+{H_0_v`wH$o)+wt_(
zQdM6`$F44ce`}w*82{FB{_S#>^KbD}D*yVH#qjUb%Q!z~FXjB(V`<C$+vh2s|Ei@r
z{pQct`TI(xV?qX?BX(%1s*Cf@LSPybW=HAXi|h5r?!EbV<eqfQ@4N~h_y)~;72^hV
z^%pi^AS0onY<F=G7j;^(8%G-rk+r%wMuiQL18m3+YplMZ`)TRo41)h;G&cTBsA7SN
zX}EVZ+Wh^tW5ZqJm9Nm0Ki1e{`TbACDbF<JKWMr9qIl)4Th#KCS}y;)Cgq#$zpO3)
zM*l6Etm(fkFE`hJkKP}@|BAO=r2iI8iqrmaTQ0f(eiyI&ye*g9e_i91U%us%`)~i_
zvE`-l7brGMHmo{s@*CKq$BiVJ(WxKD;-dFr<0sL5U8|z}T%%G{jTcAXU+3Q|n)^PL
ze`n2ozmI=c8BP7(1b>xp0RR0H_4pruw<Y|?#euKIe_nF{TtK70-zEH)$N7%_b(zs7
z*Jy}`*@`NwLHNDNZrJw503nfLXx>A2W_03QorKO&)hrUS>f@~*O{4px;(>hN(m*Z%
zkV<?c(YhLMQj_t$*nQutQHN_@#g@O^XMeuUS7-7y7=KgYtGnQ<NUqlR&&Be$x@i8?
z%gnEV-{`9_U1t7^<DYt&`7gJ<|F!g?JLB&&JJ;aOhmc<7aa&fJOSe9AmvaqD&XO~g
zQ*JLgb71Oybkj-cOe0Pa@WPB*r?0NUS<+DAy{htHa&BOL`;yN<p^x7sWS^Yc3WiAn
z$g5m&iyU_njImtH%B|{4X})vj#MH@B?Y^@KQ+5(`s#{yf%91m6-lUSVf1UC^Kyf7S
z9C>1u({~7RoGtObT6r*~@=&sI+pxg=gpvb4NvK%nP9xA2i6}lFSJyGm{9>6q7Hg5~
zPPEJ^pasu3^;^pN5Hae#txL|nXqjWDr(e7liAwNpt`!pTakG^D(n#M56Z6E+oxbnj
z?Kyb6AKq3TN~t{9!MMv=S(iLC(8&nccPKf~|GbR-T3S@cJ78Lcmp01ihToL$dH&!2
z`@g*ZLKTMX8vEj{82yfFb*K7$XRQ5!=bJv&*avaG*M6pc55)OCN>l#_Z#MmI`?Tfy
zQ$K6D{<PYb>tC*If1LWwJJj#(V!xC9v#L?Hf5ykNKh^IWFY<lSMZV9v$oJn}<on=@
zeD8XZ?~M<&{C)pLzHe;u9W6pl{}#MtHZ-NLVqeaRSALqN|J$`(esH|<B^v(NS>9s#
z#s`~}7aPDt`x5VQx90i_ZGODW;4|l`sszssZgDS#XLhG=gBM26bd-Tp#;=WH5I<jK
zLXlIvyHUt)^awE0jgkHc&$22xFwc+{jfz#X&qP6!P8pkB{q+4sl@;c^vfY;4S^@7S
zR12T>v~}ZUoLhul%v%L!TJ~wnYZYXdxx@^&*k-h}-hov!@-L7|I~yauqH;OsYJLKt
z&FC2Y>}xEZdObzf&No|1g9co0DKrXV7stE|YMdmWXE#P$84Ob$g5QGr01!#vMk0UC
zt5n7bWm<{#l`PrE9P^9-(RX-=FIW-_4d6tf(GxN&Fl9AN9VJ2J@Dis88dx2C%!;tO
z2!WyUyA)sD5MM>fyafI0WchWZl<-yVmDb~%FokL0r}$XvJY(b&jeRV&GYg^n@1k<M
z1m78GCz?BAJ+uld3zlFr6955JW7IUqyr+%T<x=}bDeZGhkT{&gDFc;;C1{&7)To6m
zy+imW4g5sBzgUM?!jz**LlWXZFam@`4TOZ)`y5>28JD=*DQ*|U(=PwrW|tp`vr9;?
z6tb(l4~7GBKBw=T(KCZ;oMBnzNC=c0K*`NMi!40#;mX5poWx;)k24JR#plI(cXsX6
z0)|(wl~#Cu3s4dG@PNqy&|RXDSK!ICtjY-d5r+eZG-W|x4#FKo5ADQy9)2ExP5Fr6
zSIhk>@n-o*yv`UVHCej(Od4)<=h_Pev6Ed2ec-lZm~Zq@Ig+^*<F=1-)6J*k#&n7z
z>_c9$BR|6-;^FKu_B3UuobIE@8a=j}y|Gq1p>m1<td$E*frCaqi134Yzq|o2$IPy<
z%>6s!hT*S=0WaWih9(26Ol^npgGb5j!CPXdoD^$|W*>?sR<brlvwt+$i+VfK^2)Y)
zhohJ%s;n{>0R{2WTLHN5iXyQvLGUFfP;_Ck1P~8z8BV>*0TPLptsq*8#P*mk@+HVU
z9fZhw1z%2OwSCQ8<A`)clH$IUTM)l+1xA4cJyKM@5oyeVzhWOk%JRo5JlPHs%NH@0
zR(b3ECVM)gpuTD-d<#FuL-+Y)Rzwc6{%df8Swi$3>Aa^v+>G74JuW8DlZ9^VP6a0+
zdz)thAQR~c?d15}hC%N9DRy5&qh}-`HuYY?S8Wn=&I{R4#FHgtf9w4mvrtF4#1y+r
z9BYV~|E8<wjnw&WWH;i?<MoHiiGGny%(L1m-Dg1eds7qE@c<nykkf^|KPK}SVt+O9
z`5@#G!7}Vyyr=_EPH<&^Gv#*Ps&T(aRG#uRxn&?>b@=vZiZ2xR?gsE15iaWr5F*tq
zv`V4(2$#4W1OiEyqp3})jb0t-LgL0dC~>LHoxRsmN?TTd^N4bk5SBT3EwR(GYN$?3
zSmxsWk|-+HXha2j{w&G}OX+)v-S|qk__biHa2c!I>AMQDKlj`NaQbi=A=XP$;thCK
zz)pD>beLssG0F+(KR5Mfnk#U(5kUcEo%4*;D+)~S`<M}Wu2m7gU!g#>y2ZBGE}J^w
zdjauMm30^_!TWZ%bT7HYDiKi1k&Uc$rPbi1z@OopwEmcQHR_knkp*=7x?8Nl;gl-)
zr`np5b__D|!x~0Dm7i+jF^++@?(Cnu-NUODc`V|6w|(s{UyaF~?XiR0`7=q%h^3Tn
zx%SmZqrmQ#(%q=Hs)Xz>Ezcb=NDMWl0`Krm{}D8zX=-0CV?{4UY_aRdrlo8R@hnh6
zxjTyL7psbHh$c!Hm@9v5Q`8&e)a)M}X_i$LmQ|op^3FTOkqsQTGTa9PI=xXYh+Bko
zFmf7zOL`!oX5W5dou%w*oFzS*u*p)^o-CMPqFd~151W+v7}k_o5x!U6C&XvMJDj64
z`RP5~1=<tdvtu9YS7edDcV8lBgB+3WbwTZTByv6Zmntka$VG;P3HU41<*PCwvp(qb
z_mTAeFyP85yV(1uk-NS7Reous>aVzbmwr*c147ooze;BLxXF5RTz-qoYn;uF5T|jz
z%iiWqjf~~=F48bqg2Z62%M6AIE`q*2A#vHOoV7rX%w4E(*;<9m5~kkV0+)HG>NpJP
ztm7|}mcJ0QM)))Gyu@3-=e+fnhEF1|>-d4_UaIm9@y8#KKX$H&;Sb-z1ee(00ux9)
z?H%g!gTQo{z1KzVllp^g|AkDN{_qL4txKdFp8kIFA<V9v{4H0Z%6|HlT;mhZPqj&U
zUa3;CXHKk(MuS5WHWi7e%o8J}^18^;tOBvBiFJdW2Q2I0){Xx@E6z{^>P-J#Hk22t
zb(0q5){RT-K-P^5tsD;-H+|KG-K=W1>BA=c)NK7|B@qJRVW{4wRB!X&l}b12DC3AN
zY2?RDt%LyL(M<hAn%0kQuc(klN`mtN-04Y?P=VUemP0JS0uYoMPvzSZEM=9%Z@_@N
z3$pim$Ak|WX#M-F$uj3ll+6C2rlwZx8l4p@z}&0=h{?V<$(7Ux@b#`hr{`t3pYwZ$
zVAzA<nkE~rZ^T-$q!<9$<d1OtI@c%2gTKI_zv<dL8b^Y3RUe*bhM6C~#~#^d%64KC
zXV96j31)eTILo_$tqylm<zk8*Z@B)OMt*Prkr&v3WliXNdGgTnlq3tUl7X;wKhby?
zB8$LbiU^$Yog%#A3c55d=!#<W>E~KG7leOR?8aq^eWKX==oJM>_mz+acFH`(ZGN3G
zs15^U3a`Trs*q0zU>d+0Px6uB_EWBoyhC($f3{@z%k%`(U99A{GT~%sTihN2Xpz_0
zQ%kKJU*~GF;^NLyJh2$V^v+5U#4WSWP&o?MW*J&REf}n60kIX!zIY=trA8E$yVF0F
zkZ(+wvb$O2-(VkofHXJwlb4vhZK^f?-kRC0amwK$-|dZ_t3ZoK8@*o(zN!S@7M$;k
z$;!GeysB&Dued+j2!Txb40IldrH3D{8}-;zxC9|J#fbyb19GI$m}eNj%#Efl(bYNo
zJdp_{Os*xT&MnrWxZTAprRZ(ppJ7k&9Wl!HOk{88uPv(*#LA+|N^@D%l3R&uGWf2(
z2x#7FY9`$&0<v9NHfcgo9Htr47$vyQ>|dVVhK&Uxg5g<<i!g`<$;n;JI~SL3K6i;$
zm<u61V@2eBzCR*W#I@sC1Mp4O`|AE$6ZvPmB>9*6UoHQR{XZf9-fOx)|8LE2d;IX9
zn%~~{o;tsUsbQ67G&GTC4oS002!V3fh_uQC&y7eS;+|8LM$af(Ke$D|1W5(xSP>T+
zEdPW?VmQSL(8~oVo^y%CO{#d#$Q3K3czg)=EB*Q+7Zq=_dGBiZRc(*0`Sx&Dm8=DR
zeI*POY)_9k?YTL&Jz#_5DXhaJCfKy&l6^s)eJRax@b-Ke+ny9VG-u5ctGa&kU$g#j
z>d=4p`ok~p@b!lgXv$J|JYZ`oY*STX%Ow?d3CdY!I*ZqJz=+=`iO@W8uPg8rzibH)
zfY|cHeIQmN<7GL2#%L-1k_4-eAZ{<JtR~62-Lh(HU?EAFb0lSERUT>+c(pys7m_vN
z=kDx%Q(FrGlR&{ooY}iAui(v5me+ufjvGsNdB(fN%C&s|u~OI-_IzVmWfeb{Yxo>y
zn}IiI4UuZF%y|m32A-!n`4W2@l0T7Gp+Cr9C-R0ypFy2m&cxWHT}Z?$_h{0#+5<Re
zSopSvKQ#1hS((Mq_pOHirEfFz&HjgmzTDKi4^-r?i<4Ki5b{pb-AZU2&?+m~1+|0<
z3iMo8K#1o0F*BZIb^7Xzn)9V+h4d<6*N>jANQEzpDud=c=%?H-Evrrz&8{+}6#>Ln
zQ@c@vW>A9$@&?^RlNiMwIQjH9w98$#6)8=JXnkR0>2B|zBh_r=TUK>`QxA<JJ!HoA
zn4keBR(c9eoCm-f?C%!$2<i1?&s+g?&IOrZa{2LowGAY`{G-gYzw|VhYbu}Incx(6
z6gew5<JOYXlDh+VB{%Rl>^QWUXh{y|?Ui+H0;NWUW1QmVg6xA&KQ09N-YJOv!Ki^*
zu2md*UO@z^mTu_;gMX4`RWcOO)U(;Lsv<YA7+FTHXAUj^fsv*1OjjsFYy)*oeifap
zNOZ}1-<2Jn@*^~!F31W`Q~hf(qfyRC_lcP^E2L6HPrmBGP0Z$|&4rq2Gp)GAn>Ifv
zZwhd`dL&8ZvI=ioA$#vy#MP2l6=N2*R?I>+`R`;uUnV{_Ek3DweCS56e;c3g{wCqW
zFBEKU6;f7W;;*>+=q*IU2ha5#!GUvCQ90}RO*Bd-PgQn}<rUfPVSE9)F2?f7l-G6C
z_+iqv)jPEC=Ut48e%?3uE|tk1DQ5%zrt??R<7;gZUt2tUr|<j!7GMA3=J3_yD!_bI
z#kPj9eTbIHNKQ!xrX`1o#}V~z@_N&{y_bQ1-)8ZDjpP3U;Xh9Z{5BDh2~S6XyXCJM
z`;G5cfZ$Lp<4#f|@J{62AS_LIV;bGIYAM70L6`4>amu~9;^E9=e1`)}pRO{zCi@re
z?8xLk?1!&GHe_#}T*u=H=o;~a#>ydp<adVlku=levuW`NPWGT$wg7-dR?7bO^+I|B
zUtb<i>&ruMeHk6}ONw!Q`A+iY2_<49!cJ`d)<s%<j+fDipW-B2Jdl@Jv4-q7JXs>7
z?-^ZP4&Ohe`|5C#UX_bFNIbxT7y15nobNXNJr%#tQNH^QnnvJ8p7^sMeu+ER-aH|@
z7VJrX$4EMiU-r*EwBqWy4%hTgPQ6d?w-o|+L!WfS9X;Cm^V}|Ek1%`x#pR^556(Ar
zkrkE|&CUW=SW+?#SmE!I>r-T5k+g3<n(SjPjH_GNUu_~vrI~s>QQ9MV>HDj<|3y2X
zF1>!6w*DB=`SxY(@2>r`Zh!Y)x4*x0q}%_bneG^bUKyDS0$tn=J!L8Tl@!=<OX+?C
zzyICr`_352(wsNI$pFkr5CA{|Em>hM+XqUr!X0oX6o3pV5{(7fzw+%H*MLrTenUB{
z{!&_5$NeAbYs=iv<VsvHQQ%ALe|3qquJkP~TwK0-H1+scx7gn~#w`NI>V6HNfD7tQ
z+)~Dsbmwg5NGsdtZA}>A9<hvJu4n|*OdK^p5pbjJo6(sSn)`CyB6EW+K;!HjI*mJL
z55|FZ0)5a*X5mQtzER%E=^x%B`=gBx<QcW={G*A{l)WX+Z+RG#=d!l+`2s`CuD;_k
zdVTX7e7@9T{g=V=zJtlWtwy%t!lk3&1Qg1p^+IW<_)<tfH7g3{2vn@n0Z<UDR3#&T
z70hnB43w5G)GwGgn%&QAs+r^MXWIV#{mhR(|KI)0D7$t+%zl;Nzb%~A*JM!jm;W|F
zJm=eH1|?@@*TN?ZNa|1YbQTgvu}m<H4vY@pHrr&7^d-FXPevs)+V`m`d@X*^?U%~%
zVD=I+vz@obg?G558F)KO;===AHddknvuS`W<iI5PsfRZ+79O_0VNA2_|8`7VeCIsh
z48D_|Z@K+}`0#FP4&JrRz@zp%#>8!ZSZu!iJH;4y(s<++8=cF<-A1Uuf2TF`lshmH
zWK<zTpCB=%i*nDre;N~v2iS=@CLX}WKhj3ALJ|eP12T6?WcElRyauj4E@!TS%(>zr
zm;W}%3iM@_nOGWx$g}tzFW~Nwd5Z0uWiqH^tK2^|74T*?+P5xob0kR+Ly@+4{P1iK
z6GhSW=fPxmq*a525X#{Z%K9g^R@O`J1C1P5g?HVcsrsvQUx}M;N4J5En!?1FOyt&U
zScdn=g?t!}npz$5F*R8)C&@F^hXC<LOJALloTisF;59qG205310w_m35A8D~$glDM
z%bsp=pn|C2pGl;8y^Ju}(tsD*VI->~LZHwFH91h|^2%6MI1!`4U=ZR*AwP)X6qnzN
zq(I_6oDoahYk|14W|~lV*>urbh%OSH$2QI25^ExD@J~DZb2Xl`oO^>QF8Z8kL`#Jz
z?Dkho6eVbdu{GVd9G~BS)68_#4w%J13|J4b7F)6TrOmQfC5vUT2TFA;W@W#-C6)?Z
zfC|%QXqYLc{WF^7vzP77@frKd5X)Z;2EO!*w@SzISNe;3{;E}(sxA(zaZ(~c;;%iN
zzb2ens^vnr%3m_exqzA6VozwdTO7i2eN^c@EJmb0p=T+C&z?MjSIZwqmg?k_S*kB6
zUm|Avn`4Q26%e!M^f)Z#km=d3=~tv`8v$6!ihr&I;BN5;*7tf7V4Q~-bC!x>CBpAS
zImRzM!5)p86?)(66hD<Fophuaxd&%I{yS~BVbF~1I>Byz4qKCxib6BbN?jS4kpzjH
zG~~NZ{4;d*hzxh&5gWznMmEGQzb6U5W$}W*1|uA?-vs=|x*bj==EbAYQnl-6V>`XT
zrYCVEZRmy7paF$MJ%L2+3`G6%86Ah_D*U<O86AJhBNLhQ8iaSOJ5fjoOg6Lb3;4jx
zZZz|d2Y4};4$n{?mycZ<%`yCICi&<js%rR`X6<akeB`B?`m;-Qd|apS;v;mZ+wGre
z(+Wz_XO@K|GPes%QKl7<8qpZ?nWdy#yk09}@N_s0bx#S&1?s*Wx%(0!kw@J(l7GgL
z3f(u}#*d6kTA{*m4o3m7Kd^qFZ~`9%ubAoDfgCHF@Vz2g+Yy{xyEzvRxC4v~)~09d
zFt{3e%sws7Fi`s~sp)6zxFq~z#*XWo3K;@kGu^Rvj6L#4Q&Vw@2(n0kkAd;$F?MAQ
z3aFaMzlfMIw2Ex}&+7MX^O_aDZ(%4=o$x(5H%7nzZA3i%e#h*1`n})mX65c);iCHe
zzH_ns+me2NS0vh|0d0f6?~(g-YF;CSRV{|1^ZZhsTvjD+y~@F=z9;Rd;pupKe$yPn
zWXbuK^!)8ng&SX-(?rh?{B1lvf4KM}dcLM<hB$iuf&Aw5d|FdI|64y7H`~sbb?YCO
zr|;h{YnJ6Q8)Nl-aaoMMzxnQX`hL%>X7&As=IzRdhBd42k2J*cTTA*rd#;AxzESwC
zR^hijO;tSxdAYFEpp&W!zs0daWo577K(6=4lv3prF0`cgzdEnz{a&R_^#0d(#nbz~
zc&4PH_aBL8N5<3p=W}EAep*w#e|jF5c~71;H}zNjH}!vxuSNZD_x%^>|Kf8^^#6|M
zbozhhopJSlj~UJA|8_H4*8d;msQTaex}^V4T~z;{x;*_)JXKTMxK!rrX7#^@S-Jj_
z6;;r8)Tn3SOE3lE*a0(Uw`d29o!ychkQ!~#4yZVzNZ!t~o7e$W?s#^<<IlEe2NX2@
zthWP>I(2ry%-2j!#Vy$Z-<9z(G5VK_+W~RzUy=ot5E%5eyAPczkpddJ{e#{9DIjZ}
z0I3{G+T>O*hINaB)?;Qd=^t*qpYweTJ5fV7SC$>Kl%*yc48Ek7umJEHUiVs?DqjNI
zX|i++jSy%zfncOm;n_;4FqAait-E{{zq9H|c&0Mxam<UrKO*4wXn-$JfUkO50*-fd
zw@Y`^ov2lJD76^c0E_MpC4F><wk`dZQ;wvC@WV_2Gp}a=)ieJNwVryVp1XAQJa`Ay
z^Q>CWg4VpAiMo1vPvG_3jrGi*E7en-g!SZV>S0PfNB*D?tKZdBxG#cFO+jMqAFd<T
z_TdtN9!kP%zANC7u8ZX`>lB!;s4&~TK3qY$kYGNmhxw=sv(bbw$LL}1QD6?y;CbtC
z1<zW7d8Hm^q73s5g4y8G!Ca!ij69{{`59!A?^}M;#c^g=-IBxs;r)req?cVP1s5w&
z{-HwY_j?!hQwJAE5Qj)Aa(0r7Bj~~vUODU!g;2z$?*czwZA`egJ0egA)(UvvIWj#~
zzakN<uNKtm%e(XHZLEh>y$u@ihM*9ebwa{?Am|8#-`N+B5w|ZABqHSz@HrabqZHs<
zpHzVN8!J%TPUS1aXI+-jW%Z$?AM$ne?8ZDi@@~?XkY=<0D6!&}1gvaLzFOIGrLr+{
zWyJC?<WqI;<f{X?3upNS`C690;Wf&UGz;qy%cXh>sh&S*>RF=H^UD)zqXe}z=Btom
zZS^f_7$#Bagb`Wk*f1R{EmmMIR$;c=JWN43i(tMpOb7E-8K$3Lih7s}6qs%ep5ulo
zc&;XxIeM5GGRzwZ<_&t76BL*YlT<v<=cz1Tn<ugS>DH|{pid1*!A*Hc!BA)%U1B{E
z<R1bE^jn-qcUyCz>!~r&z1M%jZ(NAE#TnAeIs7G~mvYWO@R!KNZt-#H<ru;Zcco;m
za7$l?(ie|i=|{Rw8-TI2Nf?gJULEfq%z9taQ%I%o-ZK=R4W8?B@wr!2el}q9!e2J(
zpP!C-zCw9UrRVo9=;8HIo*nf4lk@Vkm7WFVxsaaMoRgo&(ewD2=jd7e^PiOG5_;}`
zRu6BJ(!Ry?oPQ=t*F&9qpo)H5jpM%^rQdGSZ%^sBzx10U{oXZ>$72QkT_6UvDtwd8
zz&HCy^pWt2-S%Uj^hZapzIL!P<bZ%&+q*(}R&HFKK(2LxeaQB_rPu315}x1AGaDu5
za{H&7S<b|0lxi*zdxbFOcq%LGkNu9Z*D*?;Q?f4U3KB`xD^+|Vm<=v8pAr5Z1-@Rf
z+t~icq>({2xy4>pEOHxfN#<@{TTsQvYfG;(N%)M9sia=1<e8?G%!ywK>i2k+tSXi&
zId0Nd!jwunDV12|O1eWO5^ShN((f`%0{0?<12P($Ds&sG`h63KpY@A@SQrbjcT<Ra
z6o^kXg*Y=7Vr?wM?TJkwE>R$MRUoFy5PSBM4|5@Xw^E498ur?al2U&>QBT3e3as4|
znsn2FzHzu3HF&&E+WnTKxX&c$t5DVUlTE9b(YGa@Muo0aa4=89)1?XOm_gM|W5zN;
zGiF$K0(}zcifUPgjX3)=Buy?iM5$!Q3lgh!)Ksusu3+h-+6pReZMlMycopoMCspuw
zqgufdssQGc1z3TVR}f?m+#16jsIGO~QDD??2iMI6CrJmVODvqMSUBh>qk*$PhO?na
z3+J;wF>qGL!ug9H&IB2b7vZGJaOU=j$D@@Aq=mh1nJQfWjyALYMM&sg)%qg?ma;ZR
z@)gL^D8YIv9A0r&+PCM=kq_kwn)H2KRQEk>j(J|*sDB<6^L*rj{&`BwvoYrRh4cF7
zJ~7X==k(7{#5||OJio4QU-&w_;AQbt^tGu8FSwtpv?bE-YU#H^`mL3I>!ja$>9+xX
z)%ojraxk>HLNyqa(-p|G(RyOC;GdAnZxumX7hUA(J}%!(v%ykYW5o4|8F=UEsmy(J
zE~OgpBZYV0!oX-`|GEY0@||mAnfo$ig-QMXjU_Z@j<CBs8cEZf_yBqx{!fz*o}6H<
zo=oBEXGa9FioM&}NMULL5heu28ifI)>Zi8yI~vL=X0;W>{Rk_mqnxLZ1x?mLlnxX!
zclM8#vJzS+frdCzsg@J$?I*Mq2vET~<nr)q27~N3K$g9~mkqN|)n)&Ugpb=ljky9(
z0zMP8_+U2X?a%@~6$TAHyoS!Y8di0}FqhS4Alx`h=?sJ6qV*-|>l>i0uN3c93OO3M
zpq;>m26MBFhVWJB*HVr#kRKzztT9OY1I#}OG1)I+GPW%R+_bs*2{83u-=^>=%tE=#
zKhoe_eG`0I!&he6UJwqEbxQtGESQ@H*(Ww~`^|r!?!H&SUu+8>@h8aZXBbNs1Is`5
zOw?mf!+-3VKP4C_@Fn-Jm%jfW>fQt{s;Ye)pAnETwV7O}a>1m8TmrRZQVRs+jt)jC
zO0QW|X116ch^D57B)4&lH?3^9x8AhPY%|SL7G=@gQ&CgVRL(dixZ?uzKhHVm?stYk
z?frj$eLgwdxp&Te_VYZ?d7g8|iT5AXy`LrCx9Q#=E#ALX_kM<W|I&N%`}m%_<h@2x
z|5&1VWmzgITg^Th3%51L+c{qh9}AUO6G{@o+rf{XH^3P!5h?I*w-o%6spuR40ka|;
zW(QSS1~1tZYZwlqI~8GD8i5709~4e;P4?yFXLi~DVt82G{(j-g)6+6r;YVT}yik#E
zz=qrNCmJ)^Vi5b;34R#pMDyCR=M5s7XFg(Rs_J`Yg}HxzSK<$p&uoWpIp=WXcD>a|
zT@Qr$+2wVA{CxC1|NOM+-k11!tL}Y?pO@bC&(FQ@s`(lE?hWT>?+^Y-e!e|Xho3TD
zjuCj7NB9@I*cboCEo!9MkL?)EVP`IhOHG6_Lp%QmD*{gA_?e3x&Y2d-rSh41eDZv3
z^JOLKsim;7e<Bz>1G*&vY*Z-p)tFZ%&rjstoHH}e&X+^)AW0%8F5_Gw8{xP=J`s~O
zaWUtdYKa^EJSHgm^utEvOm1glzMbDi2!&^p5d3EEHvDC&M55N5>lr*|g@ZpaQZQMg
ziqND9Fk2S6?;a{QI7<BNd@UYOjv|NgA}I37ixT+cJc^&d|HM+vegVI@mLh(3`~!>_
zMsrbuc`f{kV(83VOwnPuKF)AOIqzR5c8kVS?4Ei=j@_6%c1#%{;(W!b5nb1d^ejQT
zQ9XYO&3_FfWd{BtBaY@!oKV>6a)g^<p4n_Q8t7I803M#XyxUX)3T<Q@h7aTu&f+TX
zU_dL=3ccveOBO)Uz58M1`PB`BuiZSq@Xh2J2%iDqYXk5-!r&Y7utq)rMsjXhva<;W
zQ{G9Ehycn&kb(+=k9Q&#<YG8jtKi=N>dXp5+P^aTbI#OK%zpfA@;U%?Zd(8}v4X*Q
zh_D$+U|KPot6|oSdu$ZInYIVR`4XNh(U;>WoNH5Hzy0fh?@d4O^-gLSe5-b2__hqk
z@ZH4V>rLPTmr}JCJXR69`MaUx3PWZG)#mR5z}=ATZ;;)8TW`(2@0;kp?_2N2uEjd-
zzVGv1w8-WgpYJD|&)5I{6rb;}x@^#Wf2i#Ju8=PbQ7}vs7=~<aPEHdF%M5oWnOrGe
zeuOEz#+ccdog4()UY7hFEc|{I8#l@1*-PdpSIB8P-s)Zfk5{>|v7hnwdhdbpo>Puz
z$?UB=9!rAIL;x&*j&hGpmd?MFjbFybpT_VHbo_1V@lF26w^R7P=&7PdHy`vsV^5N$
zzESRvo5R3rx@?!*Pdxs^bbNcy0O2RWwj6%W;TQgbIx@aHI>7Nw>haOwK<L8<I{qs4
z___Yaf0Du<867D7(@Gmt`gd#=2>qMXlJU!;0)#(IEkC7${KJ1d3XhxJe=NK}7(Xct
zJXhgZm&`Dqy0vK`$xF+|J)nYr8il_}pzy2YA2k`ocEhc{i8N8G;h%Gr%KtsrCO_y4
zI~zYwe|-K5mH$A;SJ5BYh4G{G$N%?Vl>Vs4wa|af8}-rOPU*w<xHkDmJjdXl&_oyh
zcP~@<4|IH${X~(%_!j-~x6|><x?h|9L1js7{1qnM@t<V$AKTqG{Udzo^6z<U@S!F(
zA9e}$=PzpimGE0L`}u&MB!OKsEg}NT?lDn&;T@=FFA7xrjyp{8S={X!@Ojb2@W~GK
zg-_&Rf{(3RfcTJw8aY1YJs3Xs1cXnMBjkN$T~+T(2$X(f>HAQABExNIW4-sT7Wh>`
z-uGyr@6+H{)1AIAMR;Eyzwaw!{6cs8<d?70+5Omsg^-_A+6DH$CKdF3Q~kbAIJzsA
zeWuj&zO&<fy)XI@eV^%uzAyVFU+=qx;kP*QM$)s_bYJg#_#k~>gx~k+<L6TkKO4t%
z<Vui64^{eMWA9%UaRc8U{t|ot^m^a_iGaV~_v_Q!=lj=B6Yy_T-}`w1|1LN1{li`s
z@b~}z)I@Sf$T49ZfhEeu!VKkbj<c$hC9cFJC5f=fiNWE_3`^no9CF@=D{;~Dh7@n6
zMa-rI@sKdvgMT&~5+jfik)_RM<~mbzA#s+th-<PF$EZnhq!JScy7&SI!N0+<s@#b=
z=RE*~=1(|&pDceOi}z;c8!}#YxMnVNxW+BUVev8?7B6w|m!R~sLyQsX1|9q<^r?je
z$ctsMta<KqvYA2u4tGJs7%qz#&2PX86fB6`-p*)n4;A}PWpU$Pv~`pP>Qr7V!LjtK
zNrmLNyr4Kme*7P!cXrPIL3%&lSfqF73WJ>95W9=?ULNk7-h({`pY(p>F+%UF8!)|F
z45ak_=0W9p1djj7=y%CACBr1`CmZTbH%UK`>B%0_pUwD0YpMCO+C9tg2oBfiaEmtu
z&b-Tw=U}nTn*yb^#o4*|DI>?9%8j>^HMo*^y1HBvAHhC}UVBr**hW<oklpo)5k1q|
z>y0jR@Mk!_7!L%?t&<MYRV_<=al*Z@0{4Q2t@Qy(9sFdg!&YU^*+h^^B&GWNDQ`*y
z8yMD}W*Jd4Ht=O(;9_*EG;r_(_;-^d=z!Cs$bes}28>cdx~7!^QVv5}dVmc$fI!Oe
zFT^kqW66lQ272ErleBF_mbCRzn16Y9M8gxXKaxU1+7Ly^2sfiHZY(3AWc><1pAOGw
zPEkDDSA6yg!q0Y-?SIriiadXx;`veH^PAxLAv*F$Hc`rx$zut~i|l$HTK6bf;PnK1
zE_p6OR<6T21M#d@mY7(+zoGKQE9DDLAO-p2;~fo>uaK4+`D*c}M!saa3i4&nf&H@R
zS~9F!%7u#~TmRwzIwrfajCNbGd0r7L+ZG&e1oh%?wNQ!O2K4<+G}UXtZ;FU7Nx1ha
zKx!{322(6a;6-yzsX_VHDBZV?$8X(Wo)<&jdaMzcpN`76f^7B^-U?DVpd_I?c`JKe
zEO{NTBc9u};wj2cbw_>q+*v2c(7fYVhSt|H`ONRAmCyE~ysc@C=a-x1@|o9BE1!>v
z&pYAy<ZF}9jw7giHiLiKc`l(Q*ocChPB~5G^yUpF13H&TzkIlpk$ib+y-C(j5BAd{
zKMz)UP5ULza(tcsuE?QuiGZ)d5)JJqvV1jv3f8l~y2QkibKP6zhK24FB$G>yhi3kv
zCYlGfD)Yd?)=iX-TnGI;uo+bz)z1TaQ%NcukRDx4iyp2P$y;v7dAZkz-<k-ch~FDX
zfge$X!0{W~-WPt)w$#tFca-qU=x8MPwNvBQ;Q6l;vrpvW4tfy_#wvb1wNz>TEEWFb
zbS>7<n>7|IeUHjwO}1k5A<c*{ScpE`jDBat%gr^WDO5Iae_{$F6b7lSYQ!kzh|9Di
z{<K>?VvNG(oL5b<G0G8#Ye#%qGa|=EOd%ug6pbbpJ&w#Ak5Oi%@bT$t`_{_n+rC+D
zC-&`#+P*Cl?c37B*uK3h*td$?^zGqB@%b!xevR<_ircjIuv&a}Fg$y>PG%2h-=?*P
zEkt{GJ3JqBP4-ZE?Y82-(A9^jiEIp0xaT~m$fGBzaXh`wWca_MAHAAt^dt6<8=)Wj
zZqmqJ<<9HUk6i7DZ)rwskbc~!9Wh=r;y<My)ott3k9h~>`jOwZKK&SRP_7?&ZT;y-
z*Mn;PNN?*;Kdv0Oq5ARX5RHD=+*Cid|9TDj!N-S7`oYIXNcsWuB~uE*Afh8ID-<8g
zK1o)nID0XKT^bd!m^3QVetZ2+@4F3gdM7lJoZcm&8mauvYY?5@DADPa&G%S7W6U|j
zRj<_dc-bo($zIuA`^rJGSH}8yC1=iQsd{CMzgK=FbM1d=ta;_0I_Z@uK3<u|Vm_q`
zjuusLtXc(c(W)S+SM5Kc715_cwLWp8j)d;VGH(;~DYliq{yD|x``{qKJwtfj;^X-(
z()jTFI&uDM3Hmos@oZ~R|MoY*&o&M~|J*Suef(LafABndY_P?E9=X5Ji<0jrRl%MP
z@J|!;0KW88dHx2CTzZUZ<b$hC#L1i2ntJm0tk(9A{~yxV^k9v?j@$eX>T7k7Mv|Lf
z{b%)cruLQZUHNDA^(O5ryIlES>TABGK7AdrN3O4VmiqK{USqkwru%qa($^7<<@y?B
z@u#m{8{bfU{W=Nj>woUU`ugF03VmI0pQNuB4^w@8<0q=Gdv2lnI_oFB{T@j5|L<g_
zPiKcq2gV}IfrHSFBoXUI8><CZ>WBk&cCG?Nb`A><<6JL`RaIfo;}{|BA?$#*4f#H!
zm~J&U)4b}S8rMWGKdC0CY!())Q)D~-w{~IT<3E51vjN!Ej1GfpJbTd6fy8M5X>7(&
z{p?2*+Yhs$_*|~KLHI=Y!DquC{_xq8DB{zvg5vYX4-6k_PoeHMj{ifjst$e&;Fdr(
z*vGI=fQCUUR6(|Z<_kbk)3Vrt;hD@|O5ojOyZr<>v;(#&(IgiLB@UsN5LIkUi{{^#
zv*ZFlIE<(^58YlxBpk3E%Dj*0FS&uQQq-+GvuOe>Mkha8-3;h9T%LFM0d%J=dILMz
zo~6QbrOh<?iFYxa=s9@m4dL7ZS$;z0e=bGi6R5LE_I5A<xi=q#Nx+LX9He9)^}Xsm
z>KjM@Bkhe1rvJe<Mv4Brb?Hx%Jl9442~B;`f4tEsqd(VFpZ<1uDj@n-4N%j+e{&<D
z|Gmwrg*vdpr0yRG^`?iZ@`LJYKl#I<=9LMc@2z`%-N8Uk4JW6bWuwvNmHGCkgI{$R
zw|OfRzvp=TfCK+y8Ob?gBfJ%~FF^IZ)yMZyKE4n0@qLW^?PKypc=vzx{{+11^+>3k
zr`6nv*l$V=bHG+l&QY*Y&SLf2Bpy0vM@D~#b5!YQ2ixn|oMR>1#o%9pa*V<+h5=$N
zu#6}zAOdhi-h?Hr?2{&kD>FZCxZRa%#VVSbkAENc2=OZumvH<ZJ71z%)LiCFU1smJ
z-Wg<X@<&d7W?#-Zb1_*u$9mWZ7BfdJW{UXCUk19`>1zJvPMIEJ9rTzeo#5tF<gis`
zc2!pF527oeH5ee-3aD70+`l>$^vWvNtF@dfa~;atf(_dbG7UP0zIl+8`Ge}T*avhv
zgueVnt}_1z_(3evKg^E}w-^O}ytn-Z^CP{n4}PRy)$pVJ10p{rnT&)Vw|%YPhaJKX
z%nm!hN9?p5N=_f)96$+YV%Yw1@{`6gOQSE4Hp_qG%LC<H_S7(gc`i+frI<Kpl*2U+
zdoh{o9Q<hqUzNZoFTy-ojCxkWSv2^<nY!4#auewQ1THuemtbc-E*09l9Q<zL>{}n@
zoXPo*bFOKkhcku)wsRueKOr8xoX4y`N>0j|5X|8h?4Kz#kU8L#1g&()>*)<4G`}>l
zCc!n(o507_<Xo6FhcFf-BXt>iXA{x3B~T6EhONCNdah;EpIGB5J5Y{3>_=Ac@Bh4m
z0j1mp4sj7I++EmBbz{MoCe?oFH;Nyj_44Bk4w8WvzzEC_;00w5<A**kNKeF5Dqg&$
z#|y#!%lR=*!4Dt25a#o#LBNL|N<QSs`7r*Hj1Oah4|y{BZ^!g+-<Qz;m(MW$w}p%J
z9}_}#;pQ*Y^p8vBN(vypRHO*7BU6ZW!uDsyF@?(w=q@8P&F5#_;&6t+i9%xgX%RQ)
z3T&BSo*M)Vm~&+@xtP+3Tr49OtLdEza`7X*Q%)`}(hEc`?hhgt)#T#NU~;j9T$n=0
z1?*#Bp4*pRq>+oC=+I-y#Z`J|3Au=GOu-=+uhWZV<YGI$SV1ldLdgYmx|?%Cn-~o1
zfNyBb**Y)mxK?84*P};^8UuUw8l$1@{>AVxbIvrA!9beiT_I<;+=IUj4tF0V@#nfc
z`2Ah*`!X_?qF+C)c)4;%f|5ily_;x=D^3i9n-SD(Cq}W)81@-UCipl$nTsnXB^L&?
z?hJs5VN~vUl8k{Qn{ASv0fNI(<rAbVr>%g2HFGM1{=Yv(k;lVe*GayLJUz|P$lz{6
z8t!8aWVZ!09KT3JWId~ihmmNJX?Fi#4P<DnSvl*1McSAJ+LYD`@pd)Y4j_l@MS#4g
zRl`dAO<*`a2_sNHNrxuKfMU?iIpLw=3tm|nMPKl&(C<$N{#-q<v^fhNn4<%m)B}GP
zBo4gmM>g=ywQ@QPQI8v@qQj5gD1i=5B|7Zc#ORQJRiFbMudZ4(UW#hG(b9NkX}q6>
z@g_*)O@Q&1<ME<*XytC%hUFkSsbNg$EP~Jp0*Hn0j(UX;e{$?Ig?*B$#ki8hbT-I%
z1G<~Qpb|^iSw<t4={6Ht|Er5)VrkClA|d(u4_eWD{2?rw)2|SusSTreudJ%`YOyZe
z;9J|G^WmKIup5YX&ng|fVcQ-J-c$P%ymM<Myn9M`U;bW;_mmWjclKqkH;>w<;!`sF
z<gN%N_3y%P*gpL&N%ER9CMyY-iG50e%@toerAM!+*K3^wLSX|1g-iz2;grTe!S*#8
zinMv0XylZu5=DATD5U66WV9VqWa1?}_mTZK>{r>wFzBnlRVoGTBXX6x<*KMsM;nRn
z_)#EJdvVOZSA;P~sK+#^#{BJyIOcoOm{UvHm}ND>m{sDKLFzGMRAW9TjhP~iIZPNc
zQykL+V=jR)zdfnPR^&$w1h$4>i~QRK`7cQv%h(Qye*@}rQb!eFHy#b+ljDdg%)Bfy
zew<OVn=7=8pAIHq>O}$hog(tzd-RYu1t8Nm7Wun9I>;kE<SP=X{ktR}pZN+ye4q~E
zcRY*{pLIb%e2z$h(ksGW&94f76^noE7UiT(t?*a6_}7=>U#>dguNfp)-haUR*oT~d
z8{L{Ft`+@!n0-FUJ}0uzne5ZWK9{o3AK2$+_PLdP9%7%B?DGQqtYM#q*7VcTT3-E2
z@=qfyd^Oj1glS56cAYol9`njU-U~^wmdudYnA4fqxt@f7m}QA6$Y_!~z*|J>e`Q-{
zaM>q}a8lI>3(L1TlPq!MA+B$dX-W$i^LA&-RWjrqwlf(W68L<@?@=%uf5j(R;6@(j
z;;zPFfcS?j_~D)WgsaNu$sV-XCoQU;XFNIWS<d!Rgzf-N-U8hVJVo=j>~@f<A=-`|
zaE#{kn33-Bw~2i`SdL;YMyd0GD`{W!p5Jhw{H3;Dtg46Ryl<cIF59mMFA0wT-ts`;
zU3aS--rNhm;GK6;AKnMG@M1ohGVZ`q5y8P(f;l@fnsK(mDWRCdR*v7sbxpF+IJqRB
zNCJ8OZq@VKCd;4a3Thfj@f`b|a7}*S6aO}X9H~bV#I|i&7IL~69;mH(rGc!A@o=(X
zp{G*bXH_&N4}PC{(<(M5#P6z+ZWcz`?=-;qt!x}O8;32UG>AWa1^&2Z#)wT}y{ulZ
zic?91Q_y76W?P+9e^PNy!>8qxPlrxmKK)0_r+2!E{q{cL^&|g%1^Ji5o88tAykoY?
z;EnPL@77=R;jQdiKfF`-vc0s)CfZ490t$Rv3SyE8qmd#<<1q=1ScZlP{n`eMYsjvz
zqu~2AvR^qp2ZKG5hTM0vy|^Vz6GcpCY^n3I^)2qK22U5ovvM`YbB<2^>)lv?RQVTu
ze4U|O&{(8FJ5fSARR9=2oLE2J>su4N4}9et@6(Zf@SeL_#5?7TFTAT(>Ej)Gcm4cL
zJD}k&Q7K*i6193vQY#71KU-1$E?3|gA;+_cKRiG9UBq+jX<v9gTd9v{$H)frSBZ9_
zgtjh!edB$!CFSoozVW^#!Vlh`Z4&XGQ0)uv@yGS??h+yL*XR7zaQ+Sx@tn@^j5ndH
zEeM|HL4Wxm1&UDUsbim9)6+(}TXzXIi1q(f8vNd(_`Puq<Hu|9OX^Y|e!$N(EkENW
zG+PQNaL#xInyGqdwx(#_90;16gl3Ps#B=_#`!74C!E+JCb1Bs4=W6kM;;z8`k%rsj
zVWM4<A=>R0f@tDW0Z~&x{7k%4;%ENfzWDjXkNW(~x-(#YD$$IW(A486K{Hhk%|r`9
z^YPCEKvTxg$HQg(EI;XspIJZX^Ye}H!1=lOPX#~IHTnrIR+_#Yn$9s)Ea)*aLG-O<
zQ3mliAGH9d``~N(NcXtT5?_(W=lptD-wu7;Sz~|e<F69!_;iiF!ig;kv`6Wo{mjh-
z?T?l=0Bue}d&(U$K3AX6;60zsuN4^Y*;>4p-ci5(T~)5(uTo#-{8jl8GDK%Ir}OK7
z)QFk_;;*Zd#9xyZPsZP+EA;uhu2X~gt3*3KU8BEp{t~oD>7kv|jG%q+lLnwI<L}#H
zGX7fJzWDp?xBC1o39H|KYB+yKOMW6lG|_@SXiDeTCB%<N7mo1J`itqPprgj0NEZEx
zVMU@p5r(2j9heN?9E$I{<pzU$ief!ehW8${wPS<*DJ2;aB{GQq6r9~tKOGj`MCkDM
z$Mw@;bq7Cwm7`FkgSAq_cSeVwzY*w=r{Me64jTLIlm893-=ifzQpW!#l74IPj!^Kw
zy+8gJNc=zUi~k+}tcU;Y8_a(t84@Kj=<?q;9Tu4g9X5YbKOI)L^T+>uiT}rZ@xSeU
zAN+3@`21}-B%C!hqFOp^DpbUOM4B%@`$atmbWte5KbhM38o}VXLY(joA7Aa?CmkmF
zFz?+iKN1@3-%+(ZnBSPj>Vrd3(|wp0&+F6&V|iG2yTy>F5QsqN(N-b{RsxY8V;Mc*
zVES|)^hjaoS<&3agdY7B69Aq(Tp=%iqT{2F^+AuZBi*mxrlN=8FMss7Qtq1`-`>{X
z`A{N@>`1bBi7Z3M3Mk`wQ9+hx^vE(UgplQ~B^t6ky(9p#BuiwOd~2|Q*0Wb1*4T@=
z%>RKp_DtXQ;^SKb*O#dMzVwC87rOdF=8G5g9Q@J2R6gEU>&x`_MSbz(^UL(*d8<l3
zDk}WR$MmJX<>L)&;QAubL#;229(wwsriUaL!-5Dsy1%CpjOX9eiGlp+%fH&H=&|jP
zKYG0Ixo>*RYTICak;tOf7fKdgeIaCdMvpB08xgX!c~?W0q3;Gj7MZ@pw-NLu|DZ2@
zdE&qR^<{jU!2OFGAs;gtArh^qw~-K{`C>A^j+M=?K#YO#wZ_#Ni-xq;Otpi=srK-y
zIxp#eKHyJ227l&TKAvc;<8QdeS2H0|ZJY~RU0;V8$<#9=?G1!17v2W4OixpqlBjod
zO$mx=rJ)Mw4|I@?9Od5lbDdYAKY4#@=`%s3PuEW|eV){(&x5TR?2k$GNi|6HNtEO!
zb*vy0*e_GaO@^M_T&=4k{^?t~a&z<B`f}5zrG`R}h;sAA$~v#S9&^HeEqx|R{>gtZ
zeV)>%Psf&l>(h<!Ph@mCT1)8ip}s!tmh>q?PM5k{{OHraf1>)7zR#aNjojv2pUf>9
ztWVeO#%Aidv74_Fvb^?=o<8NjqwC5dWbvm@FaN00r`Wyz^r`Pw-}+Q#X|O&?^wH=O
zi*xk!i4Z75Pj0@xLJ0KC+q!b|(cAiRQ*8F5Pmlhf)Tgj=fBJO$7T@}`)vVDcW)tYq
zva@2ilB8|)H5jszq;d*-QYrqsg8W^QgxF^_`y>K@euVWfYJ*DRW39pvWCErQ6#1CO
z@!ZHF6@TD}arSOfr%O$g0EPep1*bv=jy@ROB{29GV)a3Qg5Qy&isbuSIb1Krkb>d!
zOqF6d=Wvs<#R}_(2^x#Tp#2K;2}{v%Jp4ctS>fhK;6Qjd{(hi^ti;3myK{ILzP6GU
z1AaspzK+1xVPuV*hZXzbQTQ50#-AhL?<mfd6hpdROE|t5J#e}XPBU{r6W5Gz6Z)tI
zu8%wTDrg9^patZ*65V&Hjy~i?P4Q32F^|wQ0QH#U2=+SY`hvd08E~TxrPi<?RHA+4
z8R$=B&58IAsIl(J#@<IhFQOgf(~CCZPiK6rGc}eU8p|ifDm%e4Z-*{0&XvhQzEA1~
za~I`7y=ik<gH{-fK7);(!A5@(e?p^H@98Fk=eTgb1S{jVXbc<?`Kj+i-AjA~)Etbk
zJ6nZ2oZvnV#)N(Z*=_lg?zTskMqhx}xmFs~iq;DhjTL|w<#FsuJD-oz@xz|&EYIkg
z%)tQtAeH(X%4x<rDl5^6&jFk&^y<qd*e?@!i{Y?vwj}H1n@D*@Q<!yx{W!qV!n}mP
z@_5GNL3_$<j?W4s0$?kc5yrU|!S-6Sgy(m2kz2SqZukn{pLvRVx{NcP=J<!;KpA4+
z?0o4^qCC!I{CdogN0Gy6ujWg#D=gWSCeC=)j(=b~oq_+{2}dOE&GBY*;EZQD9uBTf
zwLsrZPClUoXa?vdM&UF$^1Z;pZ$!gM|I8@-@F?=I_#pKBnZ)O?HSebIj>qKjS+UV&
z*~fz%&Ll1)*zV*|^bQAK>`w5~I%N6zU|9W<u~^6G?NkLFwI<L!3tAoC7_%cY286Wz
zDG-}F(yxU7B*$2>hI0#3i098!32SiyKC948_|u8S7K^AIzm1E-FNj6q3qUY3x#+U!
z9i-p4j+ST0cC@+$`ibbt9<0L=y>gS-So_0yI{a7XsQ^!&YLfML4kL%3MX0fYsx0%|
zT%*CjpU<xIn&-Mm+eZ?|Il&xUaX80T6N$2IGr!si?ybJ$CI3BWw{14h9Rgp$y%0Dj
z4R$>MyI>|1sYL0E4Tiz4jP7JtnpMINIa@JjPO4sIAk7MO<ik9m8r=bM?3^6N<y^=x
zbIzer@T<r(=$DTT265kmWY<eZN8hp4=GTf0(Ai2X2>LI30@|cvbGupCeqkwis=Q1#
z(#-h{aK;7!8!xnaK6w$waWFQ6hw!T`Tvx2DU5A=b_gYGJ`K}2WJ@BO0b$b+as<;e_
zrukVd!I+i4gLSeA)tA`Z2rfH5!pI}&sJ2QS)z4^p{bz%Ol4H)yZ}h~JAr11RlF1|O
z9~zzSSqXB=&KGmg^T?u%26uN=e$hP+|Ak&OiH2eOf2d)2Zi;L_I_V@l?PhG4@F85z
zj%l6MTNSJzQy>vO;anynB>Z^-KK%Vk5206@b?6S{T=7=u2H@a8M8YRH6wvdjV9z*A
z-%EtP2Zh7aN@B^ZT8zoLQL1ZOu@(G{&Q6Z>olk(i^G`|tE<L(?(A&UH{FlciG@Wxb
zo_*-4P>Xav5Pu#F6j~nE*ubV|rf5R(DAq`#h<GOA2-L!)?V5n+(o7DuyaFZF>rLcb
z9ZKK{d&vIZ$dn1H#`@vNfm7J!E8*b4DRlJ%%)_z^iLpVT-5J50a|pt}iQX~FT>$mx
z!u&rzh91z%?*b3Nfvr6~tgr;!5v^aHL`!mA5MU(HVq9>llh|&^Nnz|Wf_+9&;i*FN
zn~4qz99D@fhp^d*%Ml(*92N{Vc3M#3w+8TGu=P9^0E$3$zXa++VF#ieLX9tLipR|0
zQOo2T9SKo4L&q+mAj5&8_yxw()KZmAmdPicKkR%pzk6sLUl5ml*p!e{W`3)%Q)vMT
zj^lU6bt=lPGsfX>5<BgT<2M$#gR)N>;|fj$XCF4kWuGy2DoDoaw5TW{Y)3{ocudgQ
zma`5IJa@l2=Vzc9EkJbe`O!N@!g*n&{W3Fn?*5FU38uXnhaAok5y?3_GTJ)&j<8O-
zB{8Qg6GJ}&{>PAyuwnqrb8`qeF))oX#>JU-W`y9^PV39Y=5qE={djI!#`~lYF|v@e
z?VIriv8Ya%XZNCcHD0fsFL!5orTR_!sKZt`V>SNU<S-V3OXvB4-A`z;mw4592>e{J
z-B^uZ@0p9?&$8Gf3kSQ}HKJb=GoU<wss;-d+eg`i>C2aND#g=sr%M_4+o8jcseMN9
zGHYg3^p5C!d&zo&2EQEyo-c&mjSCKkjf{JYYqF8~5%`y3p7mq$lARo;R$0c)$$dHN
z6ce7<yC?IU6%RV~N4s+>hIJ2TyEtPRregRqOJ)>b&J}nt5%zhOka6(CCj7s}Qznj!
zy@WG%KE>kMitP*@KMa3|C!^C2zQn<AL4z)0E3!&<ewEl{hqks8)mx}@#GWGY5wY9N
zCvrYKahbnRq>4}2UO(rlRz7W^eh&EDLoCr3XkTt9$2V&$=p+X_%oq=$pmRZVGZ<&8
zl`K6&Auk*P*D6R1GUBaLa1l>cmgFMEE$xKufP}5>h^C@alPuOrF%eNbE-rs7P)x(#
zw*b+^vq1)mG3hk4QzQ1(4iGA+N=s#mDS=57nkZs|WZ$Sa;c(sg>8nvB_)jMh3;3UP
zL3p-u@SUSCjN!9mVMiS}BoJ(DNjB^{OK~7u^0Gfuq(9T7KhuRj$?`sf;m0#U62V|1
zcfDW{mWKt}3Cn~6{b+drAvG%x5GYEitfcCsP?4&%OMubV2Vv127$U*mVPY10+Sp;k
zpepp}b}%oU#e6W!T?r?a#HXVXhG5wC8*P0_yI)PJuo1`kxa{9eRP0^|T<qqb{>Q}b
z;l?6?68NW6fJpVqTy3>V=GFs+`fQWST&14O{WwnA@5bTke(&rk1Bl(T=`3Ie(Y0Kq
z64zBGafuNy;0+MC_-duVWp6gA<PA^Kmg|(cx?r!De<6iLyp;;erIokut7P&9b7~vr
z`MbA(ymeK{8*7Xq@>W?JL_EPKUi7)2Ssd9>=)B;3I3T%(0|w$^srNSnF`R<^1da+}
zZ!?xil^BLp31XORg~KyT3Mok#qniaK@D<smCV{|s++fZ%fZ@$#vOak%2%@KMo4|Ex
zi$g8RCQ?v(N+m(q6Fc)c*`g>ox-2gHD0nn!pjdo-is0CQWOhI8r3s5u0w#S=1sPO<
zm|5k@ql;I~&~)ax3I2(Ke|o`SDVysR^Ucqj$o?>Qz9Xi>fLubE(!t6)ujg02{f4P3
z>|&}wS(Tw?RdhZ&SpzykQVL8*I9EvJ47xUzogZ-{RK@zYq$;BDsC0$DNG)~&T>;Q)
z4Ua$`_?A=@;sjC9XMHiOHsScnBpPh5$n|JKJrD_z^%p-ASWkV~G!@tTRC$GLl;dRm
z>^5C7OP;Nb><6%kEc3iEU9X%>u8E^AQ%&48mh!#(Te^Hdehl+{IShXU{#mIwuk*Zq
zx*d)(hu#l3h86OFtwI$BMO!Z>tKXFh<6b;gM`e}?D{QAC6Ih+P7^}jAg8GL-U-i2m
z=jzw*{(Q+So=42GG3PL%Sh~U1U}W*EC!h12sV2yOI^e)`Y-H@lTF4DxM%ay~V8^Dc
zOF?)l_-UJg#yqCu_|o|rWOD5#<ikMz%t6ARaL}rq&w*QU=AU1yAcC9;naDA5d`^Xd
z9Z*grm?qSft`bUZp$IHxymTg}U}+;YO0?Wq7FDL9-%b*H1LHXOuY&*}nT;>;+)QkI
z6$&XMp{5<k571iljLGaVCIda|_ui0cc)o<NGF|4rf(L@V<h|$Uv<Ws!oHqwX(27UQ
zd6`8Z<<N;fEQ7<Dj`XdA-FOlbE!7vXu)BVUGEz3oISOo;8(vPRJJVt>p?|Av4@nji
z5HKs|hErZVZIKx;!L+cY4Y4|`B~h`B78NVJfw7{e2aLd{9Nm`DBvW`$!S?b{wi0EQ
zz{9;XbFSp$O};=i-7{J~=jO@tjgV~Q{A?l$NpvFOjXC@QQjW(ro`++C|9ep(;dlK7
zlqQ$(&bEI6rHMF0iV^G1TjXz^e3)0hRY4wP^1hM?cw8>|7T-LKKXU1J_}*c9?=VsR
zp(fCQT=FH6MY4N8Hl23x6UYkP`{u?ZSq*S_%f;;IxpD~hNka6|3Yri#9;WgCr3y&s
zr{Eu@0kmn5he<&#r;#jO8s%XXTIkj!L|cGi7Pn5Jw)w^LX663;sfu+K6WKt9&=ka%
z($sD|2jcqh1qDra9EQsu!|8P;Dm*L_mBY5d?pzd3|DJAPgvI1qMC8@ZQ^{7*mfWZG
zq;jpHZ>kAy(Z8|k!47!PFeHkjd-E}`s(;s&WGRx%R{-l3rLU6lW8~`<5u9^y6s%V`
zZ24Kzdc}bc8?aun;zPxHMH&n+{~fYkvFof^NK4+ofC}l3Ct<w;LP!f`PDvVN(0ydi
zF5*ezEIx%y*er2Ill{><Mvii4SCVtPRPnh<43uCh#B-f<AjC_?L--m^II4(^Vs&F9
zv9n!t{=o>=<CCI$FV#uzCucFpLvoYSlTVR_M+g7X3(2iTzCv>JVY+(%Mj;;GIhn@e
zX+k`H=9D}hk5R_sQIgS)4cPsID5Tq8K@ycP4Y55CyNASRN%Zc*gx_gmBEj!7X-IkE
zVx2k;Cj|9DP4wOoRUCdZi^I1UusB>5f2W~6IJN@|^w1Oa#NQScfBO}yTaWx>Vs-FB
zoh;<$q>$T>Ouc?sFXUdI?<*ET_Q&Px12o>wnaJYpG+Dg8<fJ^_j#0$h*DO%`E0hA2
zz1gCYCmd3ku2ZJoK3|99Y)&uE*2vSK3RRqaGmEq5tYdMu%BxR9^G?yZ-uqa9@ikT(
zC?fP7U+ak3_lE)rsV(B3;!;R0hS~MX+e_!_e1y~-c}@(eO~gij{EjN5P61uv<2iY7
zwePSxq(%qpkFh@cTNYABz&~AKu-e~zit(!>X-Ktio=!+*LJP42;#n_`pVI<~pTBm?
z<L4L}KR^4DJbu1r(XTiliM}WlD%mG-vq>8_i&_A2vqc#<n|$(j!I?U3+{{?3h?^;Y
z*S)2Tn^RP*^&S%A=2i#l=jk?&EN+g50ebvO;^wyF<h8PL&Fb!<n)TmDDRXOcbeX$y
zH)ih28yhcc3Op0^3OxJm){mE!K2v`oPA2Cce6NX*|4SXSS=i_GysNYS!wE%vY{zrc
zFnN4TA~C>apv7*y3d@<Cvk@jEIVr%n8$#mICzRgox!w9P@!W7JC{DFXj;t6In`lr>
z9auZm?O?A<rHV;GKB8fhGm)bw^retlOA&&lpl=VzqT$bcMZ=Zo;%XKRC*oi@RUQkY
z86&jkbK!XSr{`HboTiP3%Z@4H;TS0%W+x5lX*dghb+jA@zcNLKzycu>2S>0tc-k&S
z9Bfj>!QvZ892}*JgH19+r0!;JNmOQ|(MSAS5Al2cN#fsF{rI=FD*j!?;$KzVn}()W
zQjI;EDyu)S^R;oql3g=nQ|k+N)1`3tDo7O#cUK~%^xpS}BHrx+mn_Bwf->UTc^aZ=
z0$vt<<<e+P9rDg)F&d54faWyd1&<!WU9`$TLflw*b-RsXh<nRMF~ps+orbs_cF+*F
z%?=20IsBs(3}8wepU9z}&yxT*g)*rUeZS9FfQ#ft)Op;j$R|*1AQW|w%2FX`kcMa5
zTJU>~XF2{LnpmkI+L;|hD(U4R^cP$TIfG0*&O#x5fGrHm8!V(`%%)d_UP9JjAt7Nl
zy&&YGF>P)(iDsn;w&@<P;`~`xlBuEbt0{xTuTk>&HH=jAXyVuQZ!{o&tzMvrUsGU!
z-*ZX)+WMFnzrH++(yzr(A$~Qn_%%fyzXnaG@he9rPHp^JR4$KSrHx{pP`^3E>SvL!
z3N76QyowKlEeoOl5!*i3j1UW{LByV7F1>AnA}S~jcDSCglB!=~B!`92;Gg^w12;5Q
zeUIZx5}AKN3Xy3DL$@lVu680@(n_>)Y<oA3ZSTgh?cGr46H-K+m}WJ|B4YTJ%;!!_
zr*199ZPOo$@CD3%2#$+AcVNIUz(ZA-up}Uw`!GEU<j)_-)PUJ%LMfggVsOVkEL*>(
z(eh8v&}exqi<Zemkbg)XF>}g@Io7{FCtDgR$sQ|td1J-w?3taQZy}!1Q3l{!6<M7C
z4-!9wcI^z3tz%EeEPL82bXy3{9N2krF;U&UL}LNgy(BD`Ko^sAmJsEO6UoBs<0QOJ
zlgg#zm8^+RM}2pyQxu+-@K1M4C$c4=k5%rmXyRc?e)mI^HF4jQ_2Y_tP}Y73&pRfx
z9DCQE_3C_`>>!GORbtT&zbcWrL#-0y{`V?jsgy<Y&!mabykC7-vt3Ug*4L*G8AD8j
z_`k1^^dS}n5k{m9k?RAF_Ln{d(S95(x~Np*n?L0tKgUA;8>A5x+lWT&eNs;&inggW
z;)Q=mBc>gz^Cs|5r_pSaGCQDAhi=={*%eTS^`7n|&!S$0m#f252PyUUIVfj(eydT3
zkB=+WK~}#@^9SOQV?-xN&K;`+o+X>HS<-=n)-q5QEc8HAt)jfJ)vuyBwn~bEy?spf
zndu}5{r^E<D*h7nMaW06%|fM?7!t@uks0?E9QcD?3E7Cuba|{glpLdwXb|%dRVaN+
z{V{9112hjobgmr?^zt{7Mx8oJdD?g|4No7>(uSvrR@Al>ho_rh1RS20_*dLDgLKx5
zu#N^jL3Q*Gm5z#e3xx=vbLIb_;&$0g6gTW~J;l9gv!u8V@S<GP(^ZN~vl`YLq`#{V
zYsDm9CMNMpF*z|8#N=sFOeQPDq}x`K(f|i9?)Un|qjnz^k5=%H9sYR+{z-y=Zin$4
zUum>_HROx6_F=$2Doej`RF+y~>ZCfXXwwEPOW(*$jpql&c{PFMJ7P(`!#R+X_x$?k
z_no2F_?)moo%e{Md5^>xT6U2bMnB0t$a4n4mlo-HYan$6r2qF5ZNJ%bQvdH*gTehT
zAN{|3&6<3yaB2*-ro@b%B?eRSE$k!%$_fl%;a@5+NH!jaY)YHGilxG(8)V58sj5Jh
zS5ej$Btr+6thfN|F<4l838n%i$Iu9}^201Nwh$K4eQA&xhP_W#oet4W$0S<gFxk`i
z#57pTO=sJy2uT4uwkzqV-S5<FvI>O|MNS5!yeV5?czT&+7WW*YqFj}zdmf(y8!$y0
z1`Yg!S}VDAVrC258PmU{bSvqhCq)V=l4TN#6m(1&%hL#Ej8!HK-$P>G7?zQ#ERttr
zGOenNj9Bmh9clzVc}B)cGcp{_$WSvUt4xsFHEhhF#wMa#pC9p7XJQ)7I;FEhLRp3;
z9p!B#85#gbu|RRBGB>mLbB)Ovcu+Js4w=c>x{Ky&k`hc}eo<AQkaBJH2_btF3i4W^
zBK43}sHjh{-q`vCtKa&BE2lz8a8K$XSBc4+VXMUC&FXbDdGlmGP2N1356PP}{G)V$
zHXZ5{($M5IlD<h7>J!eE22`K$`yba_pYYu-1x<SvD05<W6v*ontg`w9>;JAkq5B4H
zeS)>2`JITT$oR4H{0^SG2ghjhJN;)iAiraosmSl7!vH6zko?ZQJH`CYd*i5(_KXwq
zJ64w8Ntfq$IzLDAJ83c(LZ09GtC-|>SdaE~_c#AhPMjR*3D@*D(*wx@?Qbr>p8n=!
z2@FMlvmAu~hx(fz|54fBympPUzj^r@+Jij&SFyjj>yNVj<_<sl=x@$kBlb66{z1RL
z`4Kku<u%mYoLNIVkWZ|+rvB!$ufqE6HrWar>2LmkjlPJDK7S20YQr7~yuZ1|1@mZp
zL^9ULXF(r1S${KEaHJ7eaJdoI%Sk<D+Ga1PX@pLFp;6D?a`haOCulNxd>wuqx_;#S
z&Y$A1enoF>74`GPyHr2l?0-Z0o!fK2T*WS<k?D)j>1^B$&CaKx+1VAm0RK9oNZkKJ
z)$i<Z+L6%fJjm5<0rWl(aWz{29nVcTSG$Em%X4SW)#`0k&vPHKm6_@+M&)m*?|DeT
zeb3>npZOo?cfPeMMC^C&{+&2u-tnD&zw^thsKni|nl>cgwpy>>IbpWp8v30VY-VC`
z5f!bX!>?II1v<NL!2QnP46=S_I2=XM@0>36I~(ENYIat**>3yYJhumY1^12--w%8X
zI0Tz%^tRWb-x-=JtHd+L&A!^5JHKlX+nrm|cIPTC@(idF%6iivG&FO_;hJW2^qpF5
zer*Yv>FeNC#}>0E>?P}o?Zwdx-z^V%o*lL$=9~?5=7)+QwD%Qw7FI`wTEHP>z0RZs
zy5JH~UUa9t@7ZCi%zOe8LY|;JJ_4KdU~JYS)E&*{ocUztPz1zzte-g*`k6<H{mdKW
z{miS_{)y!aA+CEsz7GC61Xp``x@#)&N5#J9sc1k+FgZ-q-I>U;X8)^oX#6H79#v@l
zThvOtXj82R|C9aCgcH8|pYyf-&+rRP|8og})l<UgwBk*_{m)<K8ua_0H<~s5&vhqA
z<N?!n0R7Jt9oGLGr0stWd!O|`$N27l{`w7{{m<V8)c;(5gZrPiiVjRY{m(5v_1*t`
z;Zgwo&!w`tn0O0O3zhxPKeGPk`*ixBrS|7Iq5nCN_CH@X;xFPl?G(D7Y4fwx`<xHG
z&k+vi2vc&-4s*^XJm}nfa}Mm6!1|M6M#yLLBYrLnKbILiH$S5S`k(iM{Tm8XYFn;v
zlF$GxpGHXo^k)XK0eXhm06jp~03AHHEb}JTWli<P>WJJ1XTfl`@)^hF?a*UsJG5uJ
z@;U5L%vcUy;UHJ=Y<Rh6>6kp|gZ`IH|7FkHjrkZN_e+ZYXXuX>#*5sIr)L9KP}d0h
zqz97y6aFvsM;CY-L67ujn9yO%EScS;9_bJAbo--St-dD>(mTlbs{ZKPpg;Oo-Tr9r
zaZ&w!_DAb^^8ZAC^x1X(8db}$r%`p;CRwbc(;qEEQQoWi<T|}#?7nZ;+aGP}rPCk%
zv|ZI7{S=AUu`f>+m=#?%RZ`ZgI6J{eaJj}_ybspu_DPd%l>PTfmj~FhI%uOvU0;3D
zass29*81p^KD<cXCmo^clfI{j)@d(|mhw~A*&jXQw|`9RqRT|WX#1mm$lTw*>J@93
zEUdS2bWxO|Kl=PYo&M<RwLz>xyQ@Or@Vy%+a9w}Z>ywtto1Z@EKxJ-sNu8okTC!kT
zd3$e-k3Q*%Z>syGBUIg)>+)$nw9h@7eCQ4Ck3Rp4x|qBChWAH*QmifJW;T(6qU?{p
z<Gld-qid_x#oS$gsehGh&pO@y=!(30#r&J@bTRBaZxB*x@;=$MUtVv2^zUoPQsz&X
zhD;M+MU$*GC^r&lNO89hRWYpA?UPpMir6Pzek1y%KUy!<dsBn$w@<p`V*h>8-cw?|
zckfm8v%TUsb)WR91*G0PX@K6bDsoM{_cyAE-*jdCpQq3NWvV{uK-WKodT+^)XwOrS
zomVCGM?02XcYk!nTwndshhEn2kACM@|MlNK`=irYfAm$ld|Ao*qeuLzTsj!>eS?a@
zon#SHr~!{NuYB#OL2Q_Y1%jgnu{2!PFs&#N&-hajiTZ1pmW82dXvWFFO2p^R_f;Y;
zs^i0vCWBZX{-E!E=`Vf`A_d{JLflWAw6Z$f@5HJp5|`NwwCWc{-}LGg4egtDQqBl#
zl`APnSQm9JflIVI`c2fk_Nmz8yNO!Co&zTu&_rGFy1I!vLe)gwV>LAcpLa1C#whx!
zuCssonO_uZX~Vx&tWPF=>#u*>saT$L(iJpbSe*n)^Wy3xT*c**FQx8jsvf$lli%zO
z5xb`g-WPMNE8iDaCvX3hrdNwTrP+fupXzl_AEU+PV)t}nVBOO_Rw)Z6Vhs&gpS)$Y
zf~Jj@D~-&VZ|d!zcB+;q6|^O*lSh??M@e70I!XW5U7Z}S>YgTfxQ6#nqYSbh5+h#^
z5&Nfw^$@!)KTES7axkw!>mlFf$=5?jKXtd)$$Ci6N^w18-)t(huZH{Wr|vw%e?N8S
zhWArPt?<|QT7Er^ugBKNLU^5iYMI9`?|uE~TfGo|>T5pxsgpbV>ZgACepNs9f4)=2
z?_yUF#P7mfP@LV5S^b9f0v=ti+gDAFpY-2XT^?W$?3=%6;&ydkwVbNxk>x)6sv~oR
zzUl~7U-hgXXuN*0laF{kpnmGT-~3}@wP3Y8L|64w`;e(Y-{^(t;d6a9qFxHq_EWcx
z(dnm7`BoX9M~O3e<@F2H!msuEs^#+Jr>{CtnR;NAvaebemuuvy(bqous`tJs^i@Zw
zx<Bvvj!yqeJJu7AUrRsrq^|-A!LP5My2H=DLU8?l>emD4r+!(}PrdBR`eU(SD|Gv*
zN6qmm#yvaG(Cg)wbwV!_ihuu_`l%oLn#9{7_d@9~d!w?A`uatG@fW&%)e6}c`>M-t
zL|^rNKk3BTzWb_w&h_6{{f^XE{rj@|c{_Evy07}RStQQ>xR?CQF1cpy`i5#&ay!c8
zx2Ebc`SEvEebv_yUuzEdNZ@o1_&B+^!Tr>EnZEj|-*`d4pE~KA>+Yv+^^MZIZT0Dm
z3878e5L(?`ZQJZ4bk;Wb%3`w=6c=E3wSA_~?&=P=nbh$Cji2w0_T69o+%i@CtZu6Y
za{JSI8Z1k3?s0wHN3*|D^jXjOq@jJ*V%!{~iknR&Zth3pX62FKwCVc4n|#E}_3-4I
z{S9ckUNK#0x{gpaT{r%cs`D#WJ^oyO|Mh)eDW(0cCCdHAmiX<zRt3yV=6SLES`ji+
znnU-sKzkZ6i{00+ZwwK;uRoeEhR6%&iy?B&LK-43SwutR#f!Av*Xu_b6y4Y1fpuRu
z|H7<_7Xt6UKK+G)Xh%L$^k47%sJ{Mdr@Z}|hQ>nHVId)*(0vUTG$zi?Ceg4I0gv0Q
zt<P<6|22As#J^GU_*d+|_8<SwX;}O_M;`x@e(Y}3Y5coXihn1v__wv+e(cWU{P$yb
zzK(wEE}!`AsWW|YWBakouceu8;nz|`t=Eq&`RdC4)4@xwsUQ1XOWO2%b&Av$Qt=~g
z2rh4_>BkP~rqhod^&eHlExLgaadYB);b8N{wKcOn|1t4Mdv(=oW=sB9w=bKV+7(b2
zYI&etY-hieh3EQx*|Kmd9sTf8pncg9sz$TDpHenF+=8;`(M-}Wl7CR@7rE~TXhaqA
zf7jBF-RdL1Dsle98{3b4O)4?_3t2Wm-H+`{ANqcHP5szMEwt<R<YY-7wtYw2q)IKS
ze(Z}8zWTA-f2>Ry{39BX_5sm|P7!(<(f0%0zU+TMBMvWB^<~Sl3mSF!?EOIdveoLa
zaS7$Z05j##ph+5a=(2*UgJwUs8_<vKdC#w+{QllQ(vN*j`jYaws4s!^V{f14uOIt|
zZJK`Uig)Xeb?1Mq?#F&_f}~NeET_Dj(wv61YoF7GwTV_V@Abg@vAZ_c@5df`XM_5&
zN5B6+P~49f6U7}HuBW)KF4pbKmMd;Rec1u)Z>P_+;^L<-`#)L!`m*P45&N=Nzf-@M
zJo8~aec7X5(r9@c$(U;F!<QdWnYyDXm8s{S)k&3DQLkK0Up71c^IH0`WqA|Ld9gD%
zorBwdocBNL#||6quOIvNfBEjm-unJO)Q|nz`--K<dH)WuADgCOpxZi53_wXHM(EIv
zqrs=9LHouvXTPvUKbxc9oGl~|Xmj@XO#wD%PkBMIk^lOF%JU;8h?n&Hu~)uL49WPg
zD8VMNbu(oPwq(SF0*Hog6ECx5u!Ow!T}5B^x;Glymn~*+I8_G6N-{VOn!%wq&wrEl
z&ecA$Y}zJmSw<%v?Jo<cN&Dz?8v9eQRJ1?xChfZy)7;K~8k=PGZP(eK{mi?{`iBL|
z`iBMn`m?XE{=w?M{$Z8Won7#<RR8d@RR8cQtABWv)jzzd*PVULZcub*CkED?-Q%6>
zsef3ktbcH+>L2FU+n@c9*FUV+tAA*4e>NIQ@;|Zi{Eyh5?LYrBzG3;F@$&o+>DTV|
z9L@i{CFOsfVELaQ|NYt{{r78kX8qcF$C$H?P;OU&{vgbXLZ4}Nf72+s4v}PWrFi)f
zmYn=qTPVSncE&&#lIK>j`7p`iIfT|N(#(gfNqa&G%>Tuhc_k+12h^baJ~Wr7<QF`K
zdB(YBnNWuqkhKcZqQ>eCg|T3aP`bX6q}=m*pnO2(cnjKU#-s4Xl<L42Rxf<7^wEKj
zj&)7&oob^VPq2+cbsR1wDRM5D=Po7pE@J&glbucRpGDC4G?H@-3n$@P37QcG`nZ8}
zaaJz-iZSCMj^E1h`@n`i`9d@Nivs(cS|S~Zb{-Z0l_HWLb%hlP=bh6%Jvggp3zj$Y
z%0#TdiB``lR^L{VNY*Xw{3t_QaYB2m!Lt;-^Cp&dSAQ<3g8>biQGo5<2KUIU0+3e_
zbrk9)lgVNcyP%Q6`Lg7GWgVSteBCdh_mQvrOX+<}srJ5qddpd>qIb~iy7X?=(I>r6
zKli_)cb9(?dY2n9z4yIL>3t<rL+^AQddTUW>+3$F_X?f+%v`y{KM0}y=yFX6Ey{DR
z>1B||qq_DAS{YHJ`!%*UgcvNu<(Um~eMZmr5)_x(f3&-opjUcvOQ?Kzs1B-k3=oW>
zSnpgtLbE=*iLK9ez;<z+c71l~8{+ybi<0D2Xsns9(D4=mysY0<r}rC10)K;S!eE6h
z97x3jS&x4&#GpR)IrC1HzhGzn0-2}e_1qRMe(M20Gy1kY#&4Atzmf$cI(7d%xj;Q1
zv$eXoU%|Jfj)&`UFL23Y0(r1!uQv{I_3Mm^?wjMCo1a-l95nP3zOrL2@|MK1ik~!0
zDI6}Rn83Z{F{(#U9z2BQT$#Rf#{m=q5bhW7Lo)ihM=Gz0yzC+JUy@h&ieW8DSin5$
zN<r=(iie5(s@9h@>rJqJ#<}i2nA_1H@=n{D%^!m)zT;)D_ZL#LMvEiX-8+YDq45ss
z#w@`&Lccq-?8DRlhW&e#JiH0IxGCmnfQvHWu}N|!2=ELE1fDl8DdD+?z*9x^n|M7N
z(A7FQXdM`67uNX&ZRvap+V+VW`5^Qs_L%rCCGHpM6#FSd7)|-ZSB-Li)LX+3qVKZb
zH&y;##D87@_|H<~-<$FyRDpD4Ek(M(KhobjDbgn==<#FiYXQJhRilLG<6e{>eQHI1
zyjUv-ZNXIv+FkxZYs)};a)LfT+SW?++<(;%KW^@&=7%W%IRW5zj|#taJ(>JpRmlGp
zCjV>w%m3>XsSn2M%6}m6e0)*G|DH_#uSoKLMIrwTv<tuamw%pucFTAl@_$7p|5yCU
zf3z=pzce=h{0?1E;`dNArFRzvQufOfsVDs-wIi1z<#<Vt-UqV-faf6<JnNz;y+>RY
z={^6l9JJ+^C}_pM`UR~I1Fc}3KE3-~mgs%uk{^2ai1J16x>p0Sr{|UU9lD3o`{zq?
zr1sWOq@w*J_0&9y)YTXD=>1Y4@OaOu_<s+jcV&%8?{*5%9$=uoy~ZzSC9hG?Ccdao
z?~)pc-p(37^j_P;7rhtE2>`zbRrrnXLFqlBMvl~T7b#Lk|45z5p-6rGf*!r=W(NSz
zw`W!S?@sBRby1}EuNUQ@ZMi@}8}o}_&_*!OI=!Gz?`JPc^uGO~A9@ezt~;N0k^O$n
z1>O0yZdM@nRE>W(%8!x@3i&_J<ljHiPtB!B_j_Jf{sV!>tb*sEZcP5qi~Q)O0PO(=
z+S{xB%YQZn?Yrmn`LXA`O#aXNlmD(h<^PpH?CBYm{C8#Ye_kQ~=a~HaN9xS0%zqiH
zEB`YCfM?xl760#M@_$Z}|8olYKg;BQm4EqXpglR(hy0(D$^SWj@_)B4dUpr}KX0`X
zKW`+ZcjZ|*QkTw9q_+R;7pYh0F#qLQJ$f&g5db{nRq%|Dr1TCwE7IGc0PS%G+I{{(
ztDMdJmuL0qeesM$@2}4Iq4&WEjlFS(D)wXH_&yw8EsM8tbe@f@MY3z<^Z0&HERyc?
z)f~T@bGGH2gAivcm}D$^gmd+8e!4xrRT!O*_CFn@$TzIIL^n2jkTVv;U|lERpY6s!
zOX2vf=!55#7!!D4%`38+vu)$dNrgokeBxG-7}8dq)f7O(f5e&J%unF+={|RtjTtSt
zoE@1VMew}aGoqP+<Z&A3hLZJ2)%~-5NS;QxZ^!s$*BLX~ayb_=8x`f5*Pe0kh3>z}
zQ<xvQZHtufMxG%<nqf%%ynDLped_xo>$%^zp8L0}?_XR+HXxh>M4mOv46D8d!)&r|
zp*gukz5fo&jL7q;ihNOh`IGwZ*CRj9HXL8W1wDc|zAeB{ui<YB-}V0<<VP;g%4<;`
zi)7DNE1u7uiVWsO`9)0LIHO8mV5Ql%dvY+`NP#@-srCje`G?bk^zn!1T?rO1$fq5E
zy~y!fu(5HP9L^_^!*)EYw>|Ql-S&sWoOC2P=V-<)oN<di`>HYH7D&THrZy9k)|Bro
z)y8AdJdABuGxB~6$h^PX8_>Vf<qC-3?@X!5*)c6t*fh@B#yO}arwo5FfPTTZ1s)3d
zS&|<s_JTnZ^J8eGc&&q<%D&Vnt`++$S{=@N?9N2Q<&>G{zG)CQ7{jVQWwM>$Vs|-0
zU<I)?R;z7L31hO`inAX5jVvffp6861>4h2g1oPSl?EJX|z7EY?AZCTTI)EO>At{{H
zyTFUT8BFU%T+@wQWDSgDq9bH(5Z;@;-s<4<<@*tW)hQ_=H_h?;V3)Cdbl<Z`4_s^}
z`PLyw+&>fMk6naFn5~e1L;srG6tn9DogzkYd;wWXJ6Fe^AI5eAW7XdsIcGeUrozc#
zfU>J!%UJW;3m8W9sS7YG<RbTB<Q(S2BQOELx|brINcMwfBhrF$fyB0gtOvNrQjXsQ
zoB4q)9k|WT|H0+#&$w%_YsQ@hmL<Qv7ok-PD4g|z@U_P?5q>IjpYTE<J5J<-y~}e%
zo`1&l$nZ&zL6h|8A?z<o^kEN2`C)fj$h4AEmT^1hio<eIgQozpuVHLV??xGo@l<7;
zd`@9+@U!9)_c{E+%|kH-IDTicGZT4k&x<p!&48)t1o21bW18mVXWqtT7a8rggIR}1
zvNsDW?^u4zrDb?}PbKdZ-?_f|KT!|gVeENeulr&xTu^-zbVFnuX2v7HHH_FGz*oUO
zPji6}*(Z&Y+Qeh*7$>XHL?^*6<EWBx!g}L+6XV@TVUJY0&t84}dwqgG{t<lo)Jga-
zZO7OE2OPFDlM^swV7EMeGsY>??CDJ7pdzEgb~dAnf<en)rwlqQX9Iy>%_zyf)yI#G
z<Nfi2*k=x_%f?B~J-2~>P-w&#8D=bSmW<OJzfD{hBC_C9-!S3t71)Kjr%<?d3O<$b
zluwO;hm#K}xh3GU$R|FRU(&;8bUpgiS*A}Oi+nu-87DO++I0@(LFh_(kO1-o;+!ub
zfZKKe<FgC4HEe=V4=@>-*kXB@?{P)&J+8=nk0Q->fXeal;8+ERbCG8qPE7Ni7_@zM
zsFhH>&deDvI{0EVxnVEGlOxCP#gk*BN;Ww@e;iMa{T~f7_=jgKhk=3e7aPjT!mu&G
z9FZFww#{~Pl3NL03%fC&LAbs9wLzGEoIzN63`6*S8kFz2vD1lfB?`B`fm^fjEy2(U
zvWKMtp%<GP?9Ne`a2q&VIlzZSkI;_pO^*6B2r_0GSbQX!R;<!}?9Rstk<x)M{8l?w
zX-Xb68pFU|j-g=hw+wdmy9?r=mE8gZKvn_8h!cN|QQ)him;$ei2vXJCX!!RC$P*BP
zvW+iv*orVbI|W(7t{3VOAUJAHtvt$r=>Wi-9uEE<-$yw=sQhbZlBEE3ERyZlYRSnr
zf1EGOrzJ@iVpoLwY<F78zOmKCP-e%)-D~?4C-kuziq!Qul7Bmtvz27M1eGnei&J7b
zSF8It+aAt5U?1liYUAcyHsFEq_qMZB`f_uM;A+khuNe;=xswBuC6!~(=~mB8!v4dv
zZbe(WLJd`#i7gtA1pk}I2CU@PX@8+%BMZEkG|T?Nq}lLT0juZaa=e)>8BrXrSa7$B
zs2`NdpO3ykmbW=DRs4FmP1f+SCs%^!6>LZMp^Uo=yig4^=PDsX7@oZHN6G3pVspn@
zJ%?rSd`Ut$TcB?j9#@>u&T8;%lF?@<Vdj<S3(;PbPQvCO`4I?tv@rW34*NKMBYHr5
zLVO?0cU`>VeCK|lRh=S#H^R=B#tpYeZUf7`nR7MksVE53sk<XRloP5Sa`g+dNB(ZN
zUCe4hcg0??$G`%P3Dr1&pc?}4&BDPggq3w<hIO-?zd2{KaM)|Z#aT1DaL!&1QVdaR
zG|#OA#~BJDPQdTbA+DK$K3sr3z0AQ-Xj-y?);qv1)K%u3bL1CI?Y2|qoFxW>s&Lwz
z6GJ;s<;ByK&p}NGxn^|7;ougB@gf8-=DCZ>SVtW2>e2Ys4*Y75Q`kq?49@1AcH6Fu
zFo*GPyQ_B-yQ^O${pIKMmuPrIf!E<|%79FEO+*0L+-D{F$Cbp9C?=VohT@BZZ3g!s
z#eTjxUW&^dXvOa`&utEyj1MKh#orrqL)};Egt}ucyZ_Waur5DDQKx*GY%@<zZ@@?Z
zy#WdLKJj;Wd<Gp3%bZOCMEANn-TlVDMc$XR^;=LKf#btDmtl;I*rAy9SW<HGXSK%M
z!7&^0*d+Ob0>$VH=q<AUy3Tz~ypQ8Q5T<F3DWBX<ukt)yAwFdHi9!N>@#vu6RCH+}
zBYALYQ+OhgK0%UFMkG6rKzF>h(s;y`VFNa%1Kte9gLoRFv<@Qe^Lnw4hz}i~qy>n+
zqMzw6N0P5p`9|OGn?rvEKl1s`JXx16hw$$?*K=Nh2(fh<A{gZK5)uXNWQ1#`{tY&n
zrh_DZ@JUJ#sefZ0DPJli!SG~i+mdC$h(wp6_pgYdIJRW2{tFM#IqBZ&!dne!REpZa
zi7xvE!e_A_wQC=6B2%x(<wt@h5Au7FXEIH~{FDm2(brOpx`uLmF^;xT+bgt=T=DaA
zTJJB;Kh$sdoilC|XlUlT#$g3spEcCMAGY(g7?1=!TG?eU2|TU#pm7G0_PE2m7SG{F
zz*)`+FYr>%AVoZrOUqKEuQ4eSF)7fX;RP!Bj^np+{ORZmiRQKWz!G<wSH2&3Xo7id
z0gVB+WZlH^+oN~5@54`|Q2O@zlhJo$YD)vE9ipZ${&nGMvJdDE6^)rZYiO*_cRJwE
z206DK7?36at$TSLg~P#@VF+HupkRnT*-yk}5`Y5vL4sG;K5mfbJc10oAJ7<Ir>)<`
z^caR8D#p^Znr&Z-X@U~!1hLZQ>tQbdem%t24!%I#9K6LPk!_=(CY^9DjIiw#${f&4
z#UCb5P*0Z|q~fUZJi^m<%&@g$+Bo~9h3S&rR&Aa~YM`;~*h;h7a<1MM%(Y236BGB!
z?Sjr_uZOCw=nJFV{RyiH-VYLus<GShrwoGd>rQ)ijWJ_96eZsV-Zq}N$fSCt6P7sV
zOguy3E2uxh#<_+#A4BNCNDeU><Zc*bmwb@SIGAbKAf8|3^AVnR;Ew0N?2IG_pM(Y!
z2ZtIwOE7bP+=pfOwV?%GMLzC$os@sO&w=AZA}`o1lwx@)b=Wp$HH8ys_>JygL1L)5
zJhzW|s}uI(G2<OUWd8wKC`s7(ReDo)I1Gy?3*#PhPZ8%gb-j@0_b=%E{yy>d@cee{
z5)m6<5!Vg2nCIPRlxJhP$WqK1^So9@!d^fLd+Xcnwz8~H=K$btYsOZL928*Vx1^IY
zodT%X-$cmHb?wOUy~9x!EHYvmb8un<aKPbe))D*u54l<y?Y7HVcLUeVbF;y3z?^Fe
zQ34JN@*gBZ3oK^GcHns0c4?B8FnKIIT0tJ&jo!kKdUkS=2O+ls>jeW~+y6F1Rj~*J
zhoi|4g2RKS6<7=^9OUX9>M&M1B9D-4eiw*F7NLh=6jvOP2~Q6D+>SpRVc%pDh%RJ%
z-DAOgxcb{4#s=txhoQU_4AXmim|=>B??(>`qU$5r5ai1I4@`Y57IvqRTA4B~a=XJ;
zfa6#qHP|8*x*wH9=6Fg=Dl+}?;K(v4NZPN0G+c4~9`y3#O{rH$x@`FZ+A7ehPROUU
z01mr@>ty*A=uw^E<!r@S&DeD0{^J~eDV|%hH)7Q8?fvVmVA)D`6U(;P9%S$p|6o6D
zTX*o&+Q{qXkGM0=(f7&f<ty2G`}NkNrg!&MkLo?^_3G85wtYsdM@{wB%ooazf(d=4
zx6%jCba1XjE9tXS0QQ{FQ^(>l$!XlJIuE9pb`Q*E@Gt46f&W7a|APSkzqRm>7%kP)
z3iPLeCiL^AkntL4Cs~XhcQyGqBGL<sOSRPdl0_nO;~uO5=&947lr5nP0|Gs)09K+4
z-Ep+Xxh7jtTtBdxEpfERv6AgO={%7y^DoUS<E`v=F7yw#%-GK=vhi~qpK2&hXl*q}
z=Uxf)kHCOvR(1PkRc8$0oY=yHM!gu`77ky+a%~>4jmxgGa*>6oo0mfEdRdg1Zj3jw
z#oSaH5@Gr{lfYJ0aL&G-&)IoAVO?qe;~;V#&m=gH=QmPo3lqh!r`gFco-YU=gd=$d
zk^aZ0bmIkQ3icFI(4-*3kCP@G542_;1{CO`n49Xn=u`ZU=VYF|-rhvIkjA3qoWC<T
z7zjEi$08hkaec>DPf1{_+GTZ+IqVmXBS|i37P8|=G6UO(6KKi(%?!{^DU-d-j>_~U
zJ<n;@PoA~P^O!h(EGiC;FnG3!egL*?p6~L=p-=MpWjM=tVu)$a6r4{r?`<$;k$>3v
zI=k(6hdJpmcpfQo9F74FSyZcDX-ZJJi0Wzql?NO_T`4BmL+Qbm=6BivnZ|NlI*)Yl
z)l!0)&cDQA3HAKp1E1gN65O%%#5HTYgBY+q2|)&(eg_i>{S*u|Mv(hOocUnipU8bU
z5H`<SM}|J{FnYMYY1QV}7QnR)Wi=yijj@ok?V6Iz@drtNaV=w$z@wowD~vA1XxWse
zS`!cnPWB2r$VF~IJFc?vjJ3j$ncpz%S4jCQLf?593HQ?&`aF>yX_y{XgXbOSgDAq2
zN8uo{u1-U2KmJ44G#&q;Sn@yC)bo4K2%X=*Cix#q`d`SvM!?MPgrW}_2jVaXFmZQh
zP2^nN8gqT014)XLB&ibpctu6+9wbINfp)en@T#eOn|kRi){xuLvll+q^0Nz4W`&qu
zZ`ujHxYZI=bmqjtz@0F4wx;?XSq%|cp?l%qG>@@%2NzlFZcPFfSO3?y;h~bqP%K}t
z!~KQVE7j|h)fr8DVzTQQqoZ%Sq(5XK^$=QnnQZ}=f?{*Kk;Y^hnk{wm#p3yE>DZ}F
zh%g!y&%{dn5cY;4@3*_g8MXRbi5|G@rNqSm<hHY@>D)p~XBmB^_si{5l7(}D&oH&M
zV9(o;sg3C?rkCxKj9xJR-zm*^e^h5TGJ3Yi{C_gtVb}YL-Dx2CfvE_``c`4^j;aJ>
z^bS^!N?Lfx{9s_?$JQ7<+c_6kQ=M%zdP>HK`4eqtCCz29cXboq)l2I%+z<Y&{QYF&
z$3P6jKzO#2`FwV`^#0$(_y2$%e#~r;@-=v_?VxEKvUSXea>iporehCpDCXSMB%w6K
zR$|VX2LytCPnbPzC7A;tDXWCgobw8yGAzWC+>79MFgU*^^_xX(RL^(d|8=JR%zzpf
z=j8{%e6y7LGviNSq~2HbO%A~R45Ra6^1CM4@ij*G7`TgB=^lmuK+ld8{T+8xz4_?8
z%<SyaYoS7;hc=}!lRB_sw8$-NS5nEr)&s^1Xd<afJ;OHY{EHL<lRwjH^iPMA&ax~*
z>;EM-utu_?$%4{QgLq!wuA%-qa2qS3;j)X3=m-vy%xib9rQQ0KXvbv{ppuIkfSSqM
zZqa=bH1D%&$6gp3vsgn%sANJ9)QV$HW;L&@BZ~cc6#Mo0l2GQ~*y=I{OIxZ%U*ICI
zfF%mARIU;90k4r(Ff{3j=R0YMpu4n0Ak{kwOAmRppAS24tWQ{Py<n|&J%FhAM)bI5
zJ%F=a%or)ao8!&MkOMvbxDx0)B%p^yD}as=ffnIAstdm!ypa2PtPC6e#|LQY2MPSx
z1Hw)&i9v0JSr+V&12S;}GB}3DF3jkS#D$43BQ8v<el(sO3I%aMf-N9jc4v%Qz+hw;
zAaXlrJI$Gsw&19pbM-dEn<5>qgz!-2|L-78K57Hijv6Qm!r?LkLVhX6WnteS1KKh|
z(_cS~xP`F@#=jYIBd~V}&5h7O77u6%gG?_acsTk7DbDk>^QS3Gx7eLFhw~v86RTn0
zNT>v0-(DwD2_obND2VOp=%?;iuSY87<zQ`t<mJJmKIJ9+o*OGK-AXWxd&KI?3x=O$
zlh}E}a`<6=tBe(SP!}wUbM{f5%niMhL$JZ$Y@YY4BFSUtf44`TWQA^AWU0egL6SbN
z8v(vrhi%K0KFZ^(%{kA}1*a&QSak4Jqc9`HQ>;gMg#4cIG~|j3oC9G#_yzkFgI&#x
zoU2s?XWMRmtrm|p$TjRv{9K{kwtdo6dt^bfu^^e>k{o#)<c17QLIa4(?gK_RGx6lb
zQh3;YbH*x~HYzaCw2=wKV}AE$1~tel4FbqWzDh>s7dR)pBW$%1Mw3ns{u1n>MBX}^
zEHA;^2(GX}bQmn(Pdx!*u>oEaCQDsp%)^sfQ9GE_`YIN!UL+b(htmJ@dfiXZ^)8I5
z9s7y52>DQ&SsH*ZWs!d&8a0e`GFywWbQm6lRMQD8^i7J1&_`^*-(KkxWMCVyFF8ex
zcT8cZl&^6%abS1a{YR~k|7l|9cL1)=M^Q3gZjaoSY%5JRClxqs`ygw%-NEm0e_l&c
zP_V}S;Rcqq`~`<p$kiuEecpnd-z`qbztg1DRx;Tf9^909dxz;X3!4%XEdds|2h_s(
zolsBPwU7JWS}`x&gnmV!?ojL1saN03X8)~p&u5nZo&>LhvL!dnsyKk_+K#LtLH>e2
z$ac`!d{w=FYUCMvWGR5~{Z$4JyZ(>r`c2jKt5;?4XI^FS3#qyDTnQ9ydWrtx_`W$X
zX6qp0l!O@AV#=&5RGmjjewI?-AHSm3ccndhKyx4Jfo-8sEi2UDs;_B(`e!3pe>%Hf
zBwk;CeLAVH4bG$fw0?d1xI&>mz3;uM`gHN&ZN2*Rt9`GhKHV&UCaY1`)c33E(FdPt
z4)1X`=0kPs+50N*lf!>We!4ZbNz%F<6s?EhM|quk^@7Wd$gnM8SYcgw=V@tNIemOR
z|7ioCpWMLb<9$8f;Cgr1Zb@G6F6{#;uXmTe)vtH=dA}Zcr1j|_jILI%b1HU-_x;wt
zU*~xB)WZw%A9y{yD|m%+Ji5#sLT*47qR%?w9c_ya@{LbI-qj)!FOYm#Db4g9&a#mb
z7_kz*HP{|k?_83)YY8PGU8|al)$kZzkPpH8J4}n_YS*$EWGemx4USgo`~R_e_%5)q
z6)lK=*Ptkf&#=4N&E+Du*<Jk>*`bE#F&y{X3bGzsL(EI$CeBz6<?xOKI6?h<0)GKL
z@pp5w847kz?s4#!Ns_q)-5NqFyi<wiZFkKK<|1pz`Pa4*SO9`SG7EfG#0&8_)WsK&
zN6hgXF~cAungDjj?T9?g6<lfr-{p(-(XG6`>Q`?&(Ojo~^=N?g@e83gKI>$2p*9|D
zN8t7G{3f9i0aAXpqO3SBvRqMM?QnJbH<au~P`?}8uf0Kper-sFygmExU=Yl<tV+II
zm0uF-<59r%@i)2k=uuyN{B5fGcw6sRS$X_<rTppD$M+%i@h>6It$A_I-XF2z>rS5L
zr1-iWt&TsC^_RBj+Hn2#@wXv8e1&>!_mx^zKkRkX$G47mX8czuyB=_YpqFt>x3A&a
z>*EJi`s1IwZ=EKeMC;@G00$hl6Po(?PEvimC!>puL9^YIL4PT$;|cuNULXJZaew^q
zSs!ofotJS2%HzibTp!=tSAG2Laz4F>n#;=LD^&Vbe|`Kf$Mo>2uRi_`fA#Sppk3#S
zRQ1L_>*JSs^RK%;K9npA*$!rnsHZ;Of{o$|C_nGnu(ygu&4+(x)1@8%f!f`z%$I23
zc^)Dr=X0b!ep>zY@vVlqg69YzzEO8=AU+^~`1wi<;<QLvg?wk>mJ@D09;wd9=+(<F
z{;RqFdil!QhQN7E_42JS47&C5pTpwhm;eFL*2}kC$>=ftCrpna5x(l>MSc$TQ!h_s
z3kv3UU%fWQ<^05;`TIu<O@0?(oTgr0;h*1tdU>+xv9?~mB;jXrl$R<V($voj{xH<f
zo9DeoeoSiUhbe04`+e9BZn;K;3AOaYpqBn2T13ANzTqPGa0OM3IO7$upq~E9bBh$;
zy88VFU!loYYgM)NLjC--zfetAQd{o;Dn8d;*}pE#k5FmfiILOcO1G+~Ir=;l-9sHJ
z_-An3C3z6?=~xnJqW%PE$DCRiCS#3ayStKv4+#Z5pGoiM$67tx8(v>e(+Ll1A8>b7
zuD`gO9;;Q>*Fy$q3pV?ayY=epmHFuiS$%!7@i>VsE{Nsz2BTPB4{5nBuxBqconqG+
zovUS~_0WXM=bLk!WHKeS_2B=-IE;TgT&)(^T{D(hY0-Kl*@bvFNg_I6vpC4<%{bDW
z{LBg8kapCP4RrtCS7^a~kdYPKBXiEr27@M<m_+lRF$$MF)}Sc!|JWdv`8!}AYS`!y
zzutms50lpe8di9{1pqO*@AnGp<2rTtJdQZNP}boW<6&qWKER&rf-+uYo}1#;sl%U$
z;!A?RBfN}~?mHXD@v&BSL7kAdayH^a-Bt4X`<hT%e?PDW>biyli{3aw3Looa1oc4C
zpGZwMU@RVA1{@yw>pEpU*g&YipY@=h`g<bqf!5z={;%rq{nW3=c^gzOFB?Bp8sA5K
z|1nvax+{3uNXbtY#=BXTmJr7MR;a@lZjJF<KR;XZ62JI9TqhPIz~Cypg?c-k`up}i
z>hI}0p>KXU$ybDR3NqANe?MJSf8TOBE5n?y@Kysl5EfAVJy%fI2u1s-!Pn&L_-Y7q
zGlPrhc$#{AGTL94ebwYE^F!kN=BGaY5urZ+Yy!Ul@nU^GY#s0Fx0objI$*niJ(XV%
zG*=aRQ+?*|(Uj+Z{tceJzPd|3dySFT=abs}#}w+p?w6{{^ZR(k^87_#GxB%6t0ngT
zI%@nKJi2aqJ|WtvdQ0?u)#rz}zgN`eAOD&xk%SO%(C!XF?EHC}uP12={6hE4I`w)0
z)Z@qT)v9v*RNZoX7_Vy|pa+nF4A`wsNiW~^`h_)=jkhY;*pU_N|FK`6kN8<W)K|Ga
z?RTN|`eGVgRj<F>ps3f+YiPYb%~a)283-|9B*}EY0IP2u<mL8v0rbLJov=?i)a?^r
zFixu5&y(u)56B1DwNEyHr%*!CY2-sa-^)w&OM>SSC+JJ4_xlQqba`jleyD-g>o>!+
zcpD1#*GSdZtG;C3^13geAgmqqcWCO}_U~?fUG@6!>-}C<ub)cm^@R+jykh?`qdZ?M
zRP5g`RqW$<A^3H>tw1Q*hdMZ`yks8-;v>n*n?bj3zoTy5e!=lZLtNc*h&GZM{z$0d
z??D%1p~p~O!{2N#LC?ym<XEcXe;FPCRY0o0|C816A1H5b@NDHG4`MBWG)%#jM#LQ+
z0%?i%*e7-{3E}vD;pp4)=2SvBXTNZJWceUh?|U4^N-}JB7&Zr%gn9gwdnzVT90-s5
zCE+j6X6p1n$q}TjNsa|`dtxVSxfXU3>iP?pGK=;od_Vs-Wjs!d3D)~zbwWPFUwwZQ
z9J1uOBP0<E>BI{BAH#1!_uLkwIbTIn@BjQC&2{SirS)A}@4voQmM_w&_fJsN`zOpN
z_5OQ4C)RS=t%`boMf`^S!iw5^wDtZ+&o;c?pA1}oz5fLAKD~PX@jmMPyWHE*dVd-M
zG`!xQIH~G-{}KW@07mNER$Tr6*!vRrsH*G#nPfsHY;RPQsHlSs8Wd|{ttNssBQx+u
zCnYUJP(f2c8Y^Im89)UI%#7r998DDzTW#~JOQ|bb1l%AjNx&6R6h$Cz_#R=CB?)Ai
z|2gO0x6Mq#qW0h4ulV^$=Dl~{efOSo?z!iC?m71+w4cZOzqBuTy#MbmHOBih`s?xj
z#Z+Gh@%|_(ds(MV(f*6~>e2qi6zzX1&wPpAiD#?G<2ItkJw;?lGjO&VTc+X#3iHQD
zk~g#LD=o&q9%KCLJo5>N-Z(ZPU+u?@_ot>EYrKDU%f%hX`w#3a-hbOA#})4{e%=<7
z{{{ba67TO%jQ97O;{9zD?@zY%;7W>c9*N=2Z+_In7)(wC=@;)>@bI|sSuZp!NsN=P
zvn?d~Tt_(VG^uyPD+auOZ7j||PVpV_@&B|ohVlPxhWP(cM~MI5BkyJ~4fOOPvU;@c
zf#uU5f$f$JJuJ)~(!1B^Mm=z6HMQ5Uzd(|Ht!F6!U(F*6F!k@G(?0H%YVbcA;{Wea
z<NvjJ)DZu_%91?(zXxl1uS!e+@bd(KliKv)XpL#V;Yk3t4T*dkk%Vu0{Qs&}Lv_{~
zwZ_1Uks=GwV95lX&(H<oLG-9M1P$^3b+!dWkH>%t8y|-0WyKjQV@Hht@AiHYd*m46
z|KE8p$@}-2?3p&*Mb=pMJB<I|h;zMx16ut53^CfLi#X_dWBmVCl%%I9{y$EHE@2pG
z+4@8wIw!%H=Kiva8#bBZ)OEVO2XuSlA)wpb)Ajg$@io1bT0X$JN%8@{-pS6R8BnX(
zV=Nh9W))O+#p$Me=!AR#IyQ6!jieTWS<%}PLh&&+@ku=uz$3XTjeYIL^f2?cCX5gD
zp}{_;1OyJVqt{ze)(xK{;l9)m`7aGLeXhGcRV1UMb~X@`S5v${8{bEW_b)wo@o~lb
zbG{!j-rvFN{~_`I^sVEJ_pdx~angAI-wr&^cz-fxe)M>Mtd-*Z>-S&WLA?JqrL%bd
zh4fysc>ie^{@{53k?VSx;{9z$iud1tZ1MgdUyu;*|KWmkS`Syxk7rHmAmYDFPK@}k
z2YBU?c4!g*^?JmAO=84<4<7N)_oyABH)sJ5+Ruju9cR3M+JbcBd5)lf^4iOWkfX1S
z!l8ZA7T?OY6jZ&psZsQ$nKZ=>274wj%s0E02Enh4NqgFQ5^4Z^!95n9;sXuOdo6h4
zTV}%w?*Ha1#ZB^tw*d<NQ;U}_kOsQoq7Pf~_;UyGklF%<dHoOj(^PglBB*do2t7#L
z*&pAr%5TjbyATbvo_dS&-^P^~*3HY!xrur|wrcC|$@*Q{L4RI`>0!WQFg;v&ve_Ru
zf``|G$yAOZ_PwybFyCQsooa7cp#9JPOa{-%kCDOibvN2yU<7(?m<kgkmw{{!=CU~h
zWHaWE4AqhaR*C>pG5$B&{Q>;aMJ!n$I`|R7+^gi5lO_zDZA=(g^cXea!3ETWVrYW=
zm-7YF`MXEV7brQI@&&GCb@b_G#@i!sogc%~ex+p!=ne1n0D|n^j6{!cm%`z;m@#3X
z2W#TaN2&U^y2km3&GNK7Az$EF<SGB_&gE%u-A^h{pFINdv{{IgCv*;C7vF|nf>7Nj
zUl7x#L(ehi6RbA5ppxVh`17iTIe+RTpP;nUe1f-jsQ$;O?E&;;RkMVG*ThI~e{}E*
z*r{uyw%ON2yI&#ZtrhNTwP0d_r$4?h2VR&m)i>Zn-^xQN!=sm4ljas&fm~8ujX;s5
zert^RvZ^hH#DXEUJrdRe7h94f7H~b*NnXM94)O}tD+zf8<X@<O$@BJ|IC)-S$}5-@
zV|fK7U&UfdF?nhMlzoV)1?ZB(+=5DSY+>+|!NIUv?&6}ff|c_@LjKuPO)Ge1J`Ifz
z0XWG|rE6&gc|5J)%Ri;#`dEBEftBSGpz-LF*6R5LBJ-+tuf&9cr`yN`{>5<iiOKV5
z^j(#n=<n({pWqKGdmL>(f#%=8sI8-Tf3*l6RH<}n)7CwcKHuKj`SaQ%Jb%XYd}Vz~
ze1UMQ=4a0^cY&xqq1A|=lIK7Crn*Nb`43p#jbpJwau=SOEMEccne!E5E6At{tN9AC
z!-@F{3Hs#o!$y4)r%w;Z>(e9UD`4({k$>^ms2A&Bw2+(x>m2+n%e`{1on0*DGczq^
zJ;lh(Y|QLRlS|jMv2FQBrM9c<;CKw6`hIkl{{F`eUGUlHQw@iSdo5#?KB?{I^{~3?
z`g-k<MCFB8oV?L_0Hb33Jb?FCx5eeN(DP~P^B0ppe^h<`K*Dq4pP07~9qx4?IdY`A
zn=u|+e~!Zlp5Gq#oXuvyq}e;OKouJ_eaMvwH_(8c=yIsvtnj2^XRYFu7_AZ5iwoX$
zHRYGj0*&`%9tCjZi+&8AxCSov3wOZu1pk7DgMUZ5vf<w`u6+1+ysHrYo#-kSP73C+
zqGhg9;iQO<UA*Z+{=kors}lQq(!<xY2lu<G*n@elMfBh=x3LG0yQ=B>$-CI~Q*?B%
zaME)UyMCTd-4#yy*JJE@v1>0~zwuA?i`XS-&TI51vX1^d{2BfEi$Z^%JVbw<%SfS`
zPNzR_41hni!94ia`nrYUN4Dc|Dg2b8wE7TCC#nR73rm0?6&{yRKEowg1L^Fw6fwf6
zt=m<<6lbr=(hi|sEk@_L99Ep>>(Re}E`ZqjhCkxTn<t^6Ca`<7W(g1eNA7pF!18}p
z?mFVRYiHb*zNP&T68Y+nj?05~=ZdqNtAM{k_!LGbn~NCgAci`Lq1nXHd}3&!aMF-G
z;$|`YI|F%ot&jLvPUIeOJu$ITWnvZGz412UAmiw`yNG?&oP8F~zV)1a7S6tU&OQrg
zA7f|mH49@OlbX+%j3`Vr4zVgTtc-nD#y<E{J0#b{yLlUtcV#xXPt38Kn9~=S<KWC8
z*049f)EKi!ezFgze@-=1PUP+q=2x@haf@}OA+NRJHm+V=bFKBV&2n%%t(6%TI)&sf
zDTejTBIH;bne$)*%!i9Imp!3M5v&ipoc~=H3suMtyO&Ed$Xsz4myCIIB<N?-GzF+>
zj4BPx(DK2qA%Wg*5Lhb!<2e7>Yh6&9qF1&?&qC7ee@1w;x{oDPUG}LzI>~`n%^$aS
zvEb4oMRFFv1!^*ygzD|AgP&Us{xzJ+mZswIEcqp>M_rWGD>YPz=;<cAV591q0Tazk
z2unO6F2}E8@L1t=Vg5=y9^TUzcs0TacS<X+&4iy>IO*LjM(=TBpyb1DHa3FaHH*Qo
znnmgM>;Z>B6fCn>qOM|t*0NGb73+rNv1ufj!%wr{FFr>R&7{@TXDRIGfRCaPd==ir
zVu+mBTncKlq@<yILM41Oybhg!A48witowv+$@5cyLgCHGR$=}sPv5U9iZZc#qEtkk
zg1=d~WIA1p&U8x(3eDJT>P~b%_N~^NYk?kxsUNIUVx5<FC9HOZHxqjk)_W6HdxP~2
zXp2Vm9^I(t`A0^VG|WNn_OTcdh!`2>%omn4Mkr?q*Gt!9NYL5ZoVMgNEQ0=#h^?|>
zXv~+lH?RX!r&ar4Sk{r>&+7R7y6Wj)>htwmP08kK?fjmz-%OZqizwEE22D;QmG-gI
zfc0wCF>?wZGu;gSeRaIN`^UKPvRNH3H+*dvFK5Ap7y;E_<SmX2<get-W;G+3Yuc-E
zd`y_#Zm|oYE%23TKgSEeF}Nr>?cNE&_7ows6RnnDyDji5F@o^{SC0AlIToe1u_up@
z!B-qYXd@JxdM92ug%ED>h(Gg%@D^ery=WhGhDC|Oi|oB%yHyA;*B{>p9aJWp>V?lg
z&8xBr;fM6HZY+B>maW8x-G$J6R?gNvFqxOh#xiGX_3^tCFNV8zYJ@6ZbpLA!?(aR=
zQ@wr<uj}>ejd;CYzdpSXs89{pIn}F;_5Tl+TX-;`{>SltCEWK(%~F#uQtD7HIoOlO
zhkT6gflu!2N7!XQ_j?Z#BLOfkSKH(aC@2kS_2qprO))sfRe!cx-$MtEvcB66bW$Js
zCpWT11ym+En^D0|$Xoi14L1>KD8#%LG1$_*>@ts3KcQb}?BnpDOc5hRAajeiRKt}A
z<j@Ok22;j2!ISqC6$#X`cA%0p1l<FDM!}0qW&U0ddJomJu@w4;QJplbj?2FjrIDCa
z_sN~NiqWe93&SWph*8A@_KGXz6oAw26m^|ovp44(#Jli4Uu5w%Y$$+u`SAnz!Lp1A
z-fmCbj15&g7}z+$E8S}G1#42oV2!OH?_l5!b{>s(;y8ov@$nZb2XF$<d;87{aH&Ch
zPguIUp*wy*xCZL_cIqi$Fu5bWT+9F{bc8xM_v85M3nZ<NbYW=e;}(j!XYnUMzjHt@
z=2ZIz>=l;u>JpjvC_a~Z%|;8)mscGCIa#aXgCcR<?h(>Q!M0h`x|Gk##P#*aEQkEB
z>2?d^>oxLSOM6(DxA<>xFW457Hr*(AYe>v0!JfVNbY=#zdAi_mbz*$@C+e}-G;<#u
z;g?pkB@Ot{HBhM=p&I$i%kK5(9lUd-FFG_P4v-nwXQWyi&eHdP^IUm4V``19VhHH>
zZDsw%aWgH!*sQ5v%I_}eVF@<J+=6F~xlmxU7(rWL^E5kO?$~>y$!WtHj9>r6^!16U
zR`kb#Y?UUh+n?7E__E>ey!$sDs*V|cR&qz0I`XK;qoD~v*oI7~x59H4>&@&IGLJ+5
zKu&FwZR}ftZD_#dY}VH+x5>9H27ZK|c-+E;dv*(%?BC|BqfFF>^H2^}Znwh>HsNY%
z@uWY)C=ix5%3mIe#jcS;yO!A~O;p<IkKSheXuB9Zls<L+%63zEd9k6eFWA;S@E()C
z?|9hQys37yEv*VmDxeO}X|6W@ROf4luq3~)9<NN-=Nhjg`J)Z_ad<r@?z-4?{iD_g
z#_qSeJy39ddo13+Aa2*6_c$;9Is3jC*B;+$-M>)zjsE^c`El>(RLA)<z`Cd=i-ym0
z!t&F^mDTBJ(1=#Bb-oYmL_KS$f03bmGxxP6w7=f)d~A~Ej_>s6S03T{S;^}ER`tIy
z+ce|6c4j@*ztR@t^fNwR=i<+++4Dtl&tLnVyJ@P}^ZK~wkEzeg*>j|?ss3N``it3f
zY`^jO_3Hci$)D$`&z<b~rmvIuhZcXvfQ-`ZdviX_NDb}PRWAg}_#?l|RBOJtsSQ-o
znz9}kErWwe-tsbhB0AF{kH`8bYy!cN^6K6;Hh##${D<cMc{$!5g|Ac__%k!!|HPl0
z`mffO54ExR*BGOWGgFDl;XfLEKr>tpJoCaSVwgYWvb=m_ngws=b2l~=$!4qL@K3h<
z5Ipur%HXxgL_Anyj4Rt88Sl#VTMzoIUo`Yq<3PV)>nA=Ga8zd)<JpL|@1Fp^x}`cW
zJ1#^w^h0UgXj^k@tvnZhT33Uv4y=F*%DUmNSKTWpXgq?=7zC=mEKR;?Q5)TGh=T^Z
z;QCi|4LvfiUzK>I=D2(w_X^UbFUy;|(>klM7W*O+5PALG>6VV<W8SA+J{oqL<fEhV
z<5_w6&D~u1o_wh-#`u@C{H477{c8C;S$SN)X;PCO*+Q`N_6YJzV6OdW6JteW>@bH|
zH_T4DL`tt6=CB|moy20~ZZ<m?1^#i$E3QYDPK2kp5F!p}5Urd2c!b|J7EJeG4K}8x
z;at7LSJ&FIEij*2eOLk`NUpB+WLw!f?`O0W6O%vvwhQeakhgl;g<^EH6+5>2MXYO^
zJP7Jk3)j+tD>d>zc==^)-6?jJ??M#2yj8+nO4(v7-hD;fXlIXneQGz0&syWpn+P&-
za{-<n0#=|E8->D5Q7w7U+p?egA|s*GdA(f1eYj-8HjcpzBa%q4e{#|&h)X$7%h!5c
zKrwko_h-Wg?JqK^bD|h#g1~(G0uwvYEOw(cV~)fQV8zcSpJkCV4_3$I@m*2u>Kf9J
zo>}t2mzl`D05!?Y)$q@VSK>Z01s>6ksCgi%aDB@Q?3D|qr=tKjyvP5klNUl|4X;fw
zuJ?=4I~>WPWQRKZfJH><;(~Ca5PFmVN-K^=TMCXwpdJj3V6!l782oDu<bip1n!5t1
zNbIilq_G4#!+P;8agi13JO)PlI}K-7iqdu@_jmG;fk120H8A$@J1CF1YzJVzQGWVM
z_&nZ@40JU-OnIYM=FI@&HS7c8ou8q_lN@jVT-Kksf8#FftbaB2iT%6&9_U{;?B6i^
zG4(GiN&h^SpSXX)3p(rHx7!l?ch}t*|L{HZ?|13P)W6&${Tm<a`qTFB$pM}9FD*&`
z9=i*-zu61@o7?4>`X?soU#R^j?%(RH&idDXYhwRin-2ZEeGl~SA89|he^0gj#QppF
z{LcF4-ICb9&!$2DBD<k~b+#Wo{?@eq#QjU{w12mLk=VaOQ!yWK7xeGD)E_+lzG?Z1
z``7Qh&iWVLoY=q9v48LEg#M);TmO>Ie?N8qhV<`r{`)-1{1?FauL0-3lpidguERfZ
z|HipGo&P>dGXIs~{D=J;X8pnP={fWh_b=G5)A?^xlKJmWod0&<{Abbor^b66C>kMs
zB+lN6&Ug$X%EughF;rc4xiG-vDij9zUB$wHk*-o<z~e4_RT%ITTR9)_JX>QOu$V2c
z4tSGRRui&uB3H@F$J<#3!k6N>{n+woh%asKsI$488eI_x)_GiD+Os<jdCdnIX#2X+
zUkH`N<>#Cv&R&BJ_h{ZrIT-7iWPMcR`-2Gct1+*iEqvwc4jTD+p*_YINO9Q%4P5C<
zL<rx>?n$)&wz0kqqBPCXVO_<EbzRBpIyg~{hc(r=&d|QZ`W%V%?W$+>J+0QqvIZRD
z>}KcCS(bn!-k%k#PuRZ_%4b6PY-9OzJ1Wm%Uy`BF1?q7^J=G&;;rSCVG{m}93^A8D
z2nI^&TI5gvMi?H^k!dQHs<}2TejuE#4+Mh?E4IGjQ~4ilJvI65v^`mv5<DWYJz4SX
znSapSo?jeOdwL&jd$RFpu_W!ujc-p{Tzj6r=2+S@xAiF7gRvLR-z2t2jBiiifVn-V
z9#eaoTD0~sdCQ0I=4<k1^rt45PZ7!&8p@A3Lis`{Uu-B}++q2n(GQz+2dg}zOTrku
zZ3`QNeQ!Go{a~ysJF%{_cwHMyj#57u>#I*osPDZmSbgD=1pQEYjQXMcN74^fzd8#2
zkhU*Q{)Zit{2w|7{ZKyqDD*?%`#AYOruH;7AA^1<E<6hT@a<l6d%{DHr9Hnp+V-G+
z$p7_G=!c@X_8jycOM5<TN}?Ysk5NBV9ix6&baeVb+eou5S@I2r(`-1RQ86mLJ!V=6
zQX@D9@Cc5+akLsiVN}NbD%H4-10`{B9W_4bTP>X9S1Y^FW(qkQkSX<`U+``T+--P5
z{zGF=S{6*hf6!KxS9EVD?eM$t>Eu}a+a{(hMvYH5o@b?Y-XA&dIQ!q_$Ls&^I_-b8
zssCxb|JAJj2NU|=jrV^X@BgQ~|Km*kKQ8_o74tAld(5=Z_XGMrq0|1aF!q0atc~@5
z1?&HT`2PPbgZKXy-v3W{|8M!>{5SPK*7l?I|JF|XzueUScHaNxtpEEH`fum`|1IzT
zM&AG5YW>F!>QR-3rBHppZLhFo9nPt-dbYn0zs{s<^ZWJ5-iP8|VL7kDbPZMDddmmy
z>k6VTuP1H*wqye7m)>K5%}znlAy+=_%QDh6-7m3FSY%NtJ`o9F-S4Wfu)thQn>9u1
zHd9AEP~Im0<*8JQSXWntIi9$LBR{*Xjb)95*OPwE&%7pTliB)BgijXXY9Z9M2gkBv
zR2(k`r-QBq1eq;_CA-B^8*)8L>Ky<df<(Bkw(vHV;LU1&k&o?JWKpZC3%QnA*nj2I
zot82Imn2G-JK<W+IV+9otEYP3r0`vOf^Ti&Z($-@G20ptDqhb%jc-`w@B8pM3hvCO
zvH&@qtd-)eFe#|1PqfJ%y!|}y0RF9GVdLs+xfWLQBWkBc(=s3}pp*~JwFz@WCt>iQ
z4QBElea4?<5y#nPi`KO$BP3_i7A%{YFDyU!dRJ`S!>QdYMAus|$f#~r$)uMo;)S?g
z7I~a{hdZ%EZ?}4cB?D8$$UN%XGF&YZ2aSZ@3SLf`yc%Kdb_|!Q7<dLs1C|Ry&#a>K
zJXKWd$+TK<TXKhQ5TI%y_!NaTRnwB1;|-khgDo+)Ft4T{{7t?vzsBR-C4}EdL%6*w
zIKyR&3G=E8!cby<t=m~Egsb5F{M;HL^nnc%oW2o4XG0y{&@Lf_`&bx1^+H#qN|qAS
z_6dB8b~}e^ovA`N&B}h~T4A_*`pO}o#|_;;7T)BPrv0D7v$~LA=8~tuP5G|s9G;}*
zFu3DdUS@}i!&ayzr^Y|1%#|wy*Fd3sZ1EfE)CXyk_I_SEehrv)b*}AlA>0KcSPWgd
zJKaD%Ty-W2DtEH{DQOeFDhf-g#mK1aM$gq&rx4l}SH=11$r(_qb>pBAKA9MB(9jKG
z{wn9Hijl5DA^aAxKo&wF#)7iB-cV!N9OFl(bjNO#VOzl3yAIlNjnx^b@JKTI;$Ev#
zfRQ~+K9e-yPhI0101{B+cGd{ttKgA0XBV{~yPfSrmH{mg!Vke$bs9h!0~xxsn}uUR
zk9aaL=}@+`Y5Pp_5IfK|Lb%eVUl+o4c{&Og(>!je#vMFpRqjqz?Z6P}!^Zs6Qvx?2
z9h{n=g&XrhWb*M;Z;Uz(4a`vG5<^_Wm#4C7UxFKhZDnT-20<N^N<v9GP6%C;YOxsG
z=fz##@@b{J&_qv@T%MFLqL^F`u&HucC_Gf1?*y9O*M)I40|!+&*T!gChGzS9Ss<2|
z2;mWNGBu=2Qn6I`Ij45!=a%$E9(uYyPZ|-%YYKM34})xp+liwu#fpM;+qpv6Yo{)g
z<^+zz6@Cph)`NC@>2cEBsF@Zq`fJK5pOh16d{AJdpu$#NL6P<c-Gr~JDmY$8%^B0e
z_KSe&I#yVyT-T!Iw}HOb7uH2-tL!^D&7vwurSUM|M=LTbGpE{@H_IW+DWtm6{SxL7
z2Ag9v<E$X-NAT481y2mMS@;qtR;lWzH`xp$g!@?&nAvw1QnNH@x1k0JKLVTxvUDR8
zUtb1}cyi@{otIAWy@gdGTm1bdx~7W}HmCVAw%{6kR#}?7JBo|)Z!!|Wy?nU$Io)HE
zxFL761%{wFdySpu{(8T(!xVr*w9NEjSb`9=fZ*lqQgVPal{CMa>6dX*n#M+Dl)C?F
z{%G7%_w5YEc0Pq#ReniqdQ_f1#Q6eh1vCm~qDFsh4IWMv9(2LykPLk=XAdSMr&U?o
ztc`15WH|9>IPmA^M*av(X1EGfCJCN8;uG>n>5lv{_DkqO{lbJnLq4FUALcX7pp-Nj
zp8F!h;PqkfRouYAC>6rIRXIEK5AT3)HY@KR(&P?6C{91hj6=o{sU&){I=w@^c_^K!
z?eLT|vnqQv#iZ&&{h_bi+_2_UbG7(a(w}Pk-)Tu~|3<a_)cAk4nDuROI-3#fY(@Y@
z()|)4R0pL<S5QB3og>_xwpr2@C<;H=xXM}W2L9=M=*RdFY3BS<zc-)@Q!bfT3ro7^
z<l2SM8YtqHb}`kov^9>OxvZYehfVy_bihZfe(ky(ui11S{%tD?85^`#VQ#Hew;{^T
zQ>~)%-0ZT`xdOQe2LON>N_dk$>5W5xsU-Ay+)HV8s`m3oC!ra(m_%M3DIUSImy{h-
zd#c9sp|-mgHGRdU7pU6K&$XQx8R;rvr`WPx2TL=>$aIJN>33ZK>S&6>mY{FcmXw`L
zFJe?&Ug>BdTt-{YmVpHfN(0S)xwU^9vul3OnV$)BFr)9BQAVArDMIMTE)bV`CAY;)
z-=&8*eZk)NwoRLyGh5^2Kc6+VEQ7S+Cn-1?>`o^AKTBhFWB3=TW@*1%-9UwphV$WC
zX=CT3A-i%mEXS21S-3Eb+00Jb=XD;llTr4W6`i+=ii^Uq^*N35>>g<_AGE3SL43cl
z&w^K0&Nyi7kEz^SG%UQbR$jUM03RnSO0hu?{FMUM>hdZ6jpDp8Y_sM?%!cCFVh{YJ
zO%)IrPQV--fXB7obFoMk-LLaz^S`<LZ$AGk^1p@r?`Zs6=Pjlw(|d<Sp7czrX6mqw
zA;icsly!N;rz~bn198e#`+%Qhr4Kx094+_ZN#V-F?JWP_pqH;o(2&*2g>X+Zgu?BO
zbcKK^RS4~6S1(en;rD>@%9chP@HNVFz)=`N%<NE}XvT`C(TAqNhh9Et{?O}K`!YU3
z*8t%UD-Rr0`KarQD^f{c+z5|A$dzHu$;4Y_^Wp={Or45`@*j+9>iSe}1BsDe=Ynd?
z?J9)sNj2%`Q1M|tni%@fhSaHT9eoo=h0>_y-J|`+KamSIrsc3I@#qW%_T(B{<VZEx
zayivZUCwM}9k>BIP-HCruM}n%L1m+0{_F~xHvB{@3uT3S!wV7M=4ut{^NP{tb_4a8
z;ZD_HBd>4O8(A3F$SI3-P0{c|2jgcsC&qT=yM3MU=GXC0U*k`|RPNlz`eCwJcFRR}
zgU#}%!<|)r{{izXINYk^qBoeon}Z`EH2!-a^lke&uT}HON@6w;l~nZV80O7}9-)Z>
zG|?k49+Y5<VO~ty|Ems|CBCWYh!X!X716EORfmuG%HIyNd7B(L1}8}^5NTI4Srjyl
zD5o9ljAC8)nQZS{I_2G|O>s|O=TE;<8o%%G(Vo^0AKlf)<}{GHd-Kt~ldJ4)H8p4l
zT*|?1Jt-`;4@S8T!(ZpoFU?vi#cj5@iLKh#56nrlukW72;#{vTNVmxE-PabAH_eBC
zR^Qh~8*ag)SfRaP2gVJbGnW<ZU7-6<|K0w(&6VW8Td4W(cD(Z+>c9I##t-w~<z)PS
z^52yf9)<tzqdi?u`0q~m?@svdPWbOm`0sv@|4wSR{a^9l{p{{U`{Inde`5cgug!MC
ze|N%v_uuTlJI(h0)qmIf;~&j`H~8fL!~VPBy^qCzxAKtfr}p2y|HowhyS4v5|6SW-
z9r^DbUVXxUXJqpU|K0y3|K0op2Ak!C|L(ugf4BOb<M7|TKRMC9etj}?%FO}XFZZ~!
zEhcBqfqzo(O!VK~d?zb9Do^v@6^YWfxQB&5TC~VrR3Lro9ytOJZx8Mqjr*qgBe!DU
zbT96TD_RS4L}ZfFFBMgZQTV^kyO8PfMHX*poe;uP&3@y<J)%E%kCe~Zgga%_iqiTU
zu7_EpBI2#^!3;yRBFXLhkthYq#f;Um?O)j3nNVxN0`+t*?*jRWc^L3Gv&x@`8_<3*
ziTbow52U<MjNZD*FYSfz-KfF`+DA)o#0?D~;ZyOLgu=HeKvJ)7)+81WIV?Ah9zH3i
z9o*xS4&as^0C&bZ;p3U26fL2Rqr;^!JbxgHN2B>81rAYqf;RJsj$MSE^+jJp)&cb{
z<<twT&1v*Y1?6(@8L5`Y{OPoh$k-~MRD<+`D$2#Ew<@$jrK&$dpAaMTK_P^bWFbX@
z?!!?OsF0U`0)q9XMovcRg1!fkcK%3Up-*ax6fFSS2P%CTAA@ZixEZ=oh0TM%6=L3|
zGCS^QFm+-aVZnw*HABR027VZb%jN@fI~o=4K>~Z{EhGY&67sed)N)~>3eMtT>N0PD
z-wIswmb--|-rT{~vg<<CWmmHkX|yd<1Ah=B0cd5QTnKsSRk(`0MFf}j$@Nv31juSr
z2FCa~e0yZ^*;uS$u^NA>R?v+q&|ZGh__E>L-bj=+vZx%Y!nb4Vm9_9#K6x!lPaO$q
z-ZqdP_w6V>F*)P1bc?=U9P@|!4gPQ+ZXj1Q!Y{oe&fY1LBwXr3Pk1JJv|XMGkLx!k
zcQ>lNoND>|yG)U)cG>bOdb-#6B6AI%?s_qj#hl$?u#8?vL$T>6Mn(Wg@{V`s+FU{i
z&HjjY4Agu-z2_xIWH$VusoUYVe&x^mYU)KaR~AUy#fX^QAn^TVg0)sZZhs7X>eA?O
zTkV0J1p~GR?(nH6kw;jA4Wjb};U=34;JwW3Iuo|1aTf6wtL+JID0>CkBKm@BtZKt(
zx^^hHX#0eqUz^}dbTMUP;`Fe9PY<|tDS+ELTm_IA%DFar>19MTm@=@qMgIDGki~ID
zqy5r;aR8{D^<sGQy=CDII16J%K0(|n24`l1v6O}2HroA6Z%%a%?WD7`5#_ib6L<A1
zh<5K&Ak_=Y1LvY9#*fK!pFk`2eyRueRk?5;Yir)y!ra%fGKqbo7W<8Ui3h!@cx3dj
zOxz8|;ZJ>@9!qtzzeCNAb4KGDFkn7SLGZ@XPPIh{!;-_b(Xxvybjr73VM1NHkiXw+
zLpPEG-G&Y^`Z!VBAMO8i?pYQ9+rGRuoSm|ShpPPp_VisPEC)HnJEJQ`x<){aBg+Tb
zgt_<N9=}UcedBB)zqMXl4?t(6187BOXoB2i`&IbKts26X!V-%w8n7aRN<hqu%~(^+
zs}<&+fj(S7tHoDW*e<}DO0Xl#xMX2XR}<n?_F3pW*v4U}rwE~M>3I=|N+3($#zwr5
zznQm6xbJl$+LdQ!on?{JUaIDDR6fHs!lJfS2#-zCTde#4e9@U!y_K{=lUFCqeKnOe
z^*3r$i<39C;TqkZr0<pGd7$)2w4g_$W^588i|IXiEZBh!XHr}}6A^q;NrR?IuCk=D
z9qI;+!BvDw?J<ss@N|W_Z}ZaZ`?!FVw^z7t40dS1-kc4{b*BfJ3c6-xSqe&Wle}xc
zjS6Sto5ZGZ6J1%-YC!K!JOmUEGKi$d3ZcU_WU#8`1n(w9|Cu<h0j#(ywq!#`&<lvG
zc)pB{A^`1toK2eKtO?9YspM9QD1_bz3sZK$ePvAx)6=PwvK6PnPmU)bl)>0fWM*)O
zm3D8#?TJRFFw%r$fQ{P`@-6Z9MRqRWqF2dzD1x|U5l2Y?k(pIoRpgS~t+6s@W~t1~
zRhJ%-nUxwdK}`r1*(l|pJbckh`<Pp}fQuWsY}gKoN;|aeoK}YS%#5dFOK#f-&t2S4
z$#D44dyF_dc@zz%Rj5cD5O_}Y1j+0Cv2b|*U@GW}6*RA4E5DLYS*+pjEajhvG(8Li
z%u-&{&wIcw`y?<EzRYQqe+l9Y8csPK{W?vXLHxY8QVBpkAV^F<ekT78b#Ve2eaM!l
zssCVCY*$`vH*X<D#2fRS0XVH`;ULjeOwQ$H$ithNtd`S^wG3#bV{7;I14Z%0v(@-}
zJN{lzzkgA38lCOhl1)c$y!&K|MNY5oiMOh;)U(ghrj5AKR9!<a`TpM-&2Bk56-@Ez
zaIfJ2n)qG0onO<?L*DQ^W{kgmQMx7Grr&-`+z5hu8*X9c{|w~~`;Y&4_Qvc#m{!*9
za^>?U?2Y5LH||u9-`*IuyK{S^_x%4vdt<ho+}`kI|2Nqi&z%EGVg57!q4vhEhED8_
z>}K1KZEwtM_&3-a%f=?RH>$?|X!gdbP5-&}#$An_+Z%_J1bgF?DT($*yx0FHwKvk{
z#M>KBK6f1U#`_INWp6ae$8B%y+<IhtW9`->*&EMnO|&=WoC%6z;@`>Mn2NuP>Gv<1
zdyu^m$s&7W%wNFXcyuY*8--ZviocuejXpP<?2WS~gS}zDIhnn2%gxMwxS@Zdy)pHM
zM0?|w8~Fa0{f+j9>MsOKBRZ)PorSY^vba6&S=l2>ucFt=7hS}-J0G1_Qgl4?nT=*X
zGjs_VY!L5S=<0`$v2^A`C8>CfNg+9jqT^kHFZj(~zx1_S|5p%$K&C%Ba{=%RX3JQ>
zfjgQ;dmJ8cmgV()R@DNis>_mC?53N8%~##)^F)iSzHw_noO_GG`n}?SHF&BV)VUq%
z+%MnH>V!I$Kph_GE4A82+AEc6TlQ)!cEk1larORaph}E-7x8@TCiGvy|5fsY&ukX3
zjr#e~IV6P(nVYLZSdx#fEecHe7malEyBR%PLijlv&`;nic(&nJbY5^wwms0zQvMba
z%>q(QF0=yadodCnO?AJ@9D_t#?$j#t%d>XH$cgHcYJJkD;-H!3z{fw2W@LS+D&Bc|
zEq9*!rNasSJ^9Ilu~@?^l~7%U-1JB+rd$<c>zVUe?`Br`r9;rz*m`9oI#>5EHe{a*
z<RxR@KZAe&<SOQD{rp^${VKifmsWc5L`uKQ?iH3-dqW$_GL*$TnZ8oaG%asdcCw!h
zPs|q$iTTUFY>VG9<}Z)1W{fyDJ#qgmZ9khNbxldEYdEhf{aigBHm<(-{cMaiIumPb
zo6l-|wQs_HHkM(A{b|G_?`PvMmiPUD{jLg*Vn3T-JZIh?WuxU-_D5Oz$}#L`Q&n^n
z``JAGthqhjV`|U&N829U&!+skqu9^p)VTJ%8nYckdmeqc=ke~>kwlRHxmDZt-Mm{x
zKfYVVnQ<+<R^P3nQr)M*-!E>Tig%3rR6KJJ+ouA%e#KTc{#U`hhNtCs7RB#UaXsJT
zZROc)mx@CVvFn%5X6Hj6)BYSu`up0JAECcv&h4zfOYYYDd(9Ts-wk(De>cAr-{0G|
zvHpE{7VB>Y@9)a9u)oIr#}Ckc@(jq6X<AoTf#@6z#=S&?k**Tl%aFDgFII!>$U-&&
zd|XY+siw1GB)`icFMXVc%m<Aj^Zp1$fI4Zb$B!{^?%K>Z&_E1+c}?(8ewib9$o>Wr
zdKm_QgMkhvza7K2Fob%3wR62xD}*11XVNF|Bojk`*1!P3@ENc3TOs^g47!!R_2ljr
zLSZ|GYGI(^1|d8=15M+JU{>W$o(#Bus#BQfaot?j6|V0P!iVe_>f9)V(K>-!B3r)p
zfoAhXMrDe5>xG~bgM}$TV3;GPk#41QQ&FSVf+gLw7KC50Q}m{tLJ07ifHG=5uF)7G
zNJek4#UX@aM0Jl#Jk3JIv+=KT(4xi9LVJ8dc!K6PP~S!?5o*L^Y8}vc>WfbZy^yMQ
z;Ys#uiV%_jV^CO2CA(Ehh5sOg7i6$j%&QKs12Ws!3!zmR`X``zVuy(k_opyI<TN5F
z2$=peg^uCHbIzP!3E|IEFud=p{M=83@a`108K#3Mppt{gfFBN7QJsxjEsbH@*o){C
zz;4&_>;k+wU2~OS_^_xZchs?<9{i7(2csXs>CJ#^TG$FO{8z47<+A`Xt-{!d8LnLB
zUT7jWLl(5`KCB4v)lC?VInGA)jJ7~4$AbMdp{qqtj6i?|z0bzN!20a2`NHxV;lbh1
z&HVDVi-iZ$DDHfs>n7oW!$9qzoK2?(i+O%mmJl43qEi#Aw-QP3O)<#UE+Xm8cFiL(
zf3?T?wGb{#MXG+CpW7gWOHy>v!Z>4WK2&#;6-{g+4q&|SEf{E4-ewg-7;=Uf8F&<a
zn+H;sigiRGg8g+Cn}vFPlckJ;?20iOS6lZ5oNV{^8}BOdWqgd*dm&g|PyLET-Qv(U
zxXLP7)GaC#zOZZblwp2D@F1|hE6AM3E(@VaZ5Z2c$7nv1LAQOQ5Snfv6DbH)B9UBk
z?rk&2qotF8flUjl#~v#zRNu^LM2n9G2m#vb>HOh@@*<VMqQ=<Je2Q6BWjZua!-qal
zX1=_9hY)-gqlP!2n1@c+aX*E`q2@V>+A(NYrVuQpIQ%Rc11s=3MXe8|_&q%5of?FL
z!a@fb(|4jp>&p*k2=~1XRY!~dR(?25m|IDZ9K<Ook75!v=fyTH{&plD```z`ULXoD
zjRYwluu{zXP<UviXkCx=u=`zON&jNQf<RG{zBzN+^spI?c1l^B7VjDpLg}fTA=I6V
zyRe*<#uPj+1Lc8vnlP3f{Sr7<J;IXlFm33;p00CHT1Ysh=UFBew0Js?YoD6wi`?sw
zFMbx|JcZD3_#QfE!W#moq6n7>7>!56T?k!5(e+HwX`l+>3!$~}6NYPOXNsx@B4r@t
zTJn_mx~>R3t3;`bLGYCnoqt3ajL7T4{5sraFdh0b9hm+N<|1rX0$SW!aF-iKe%dr4
zC||BPTD5v`JX+MjsWw*`r@hBpj?=#{I&=yt8|Exlbq$EiP(XI7X2-)_-B(N&%bupA
zT9A4oW=r829RGNoa;3`tC=Q?qHD|Q&aIjerhOffICO}N?!$t@%q3+`%g2Hi#grgY+
zgUN#`9bDVrSrVs~a?|3~lGn=B(w0C`yh_q~J&8!kF#%}Mo3MURp=0q|@SQ0O5(Kaz
z%IQe*7qb}U@1s;Ef4eOxfBYlB?M&^%(qS|)9!O)(h9u&dUxD#cD4i2iSexvsj;XMn
z5ihB=wk(VC4U7Mz@vZh$X+C818%<|<d7ph~vnYQ!#PB6B_GSx>{G46!7J$;M$NR_0
z+1yl;v!}GU5%YKJ4gM;eUZk~R(<UbNf@dY(D-|WHa=~F!{i?YCPpi%kYM=5<Q!JKD
zbKOtW$uik7%3T!ErWU!(#<)?{Nc34j3kaXwga%-(8uz;nPwK9H(c-Qh>I6poYduX5
zO=vCq>V}eS?UTB|Pa+Ha&EkKv`QKdrHy{5_a7(`u-L*7pTjb}8ajoJFR%N4K+9AL8
zDD(6=!QfODXmPO?(D$SLQXTT%iCc)H+O<<g1zw<uu4OkYfg<SR6uj%zDWO`qpo!v-
zyuczau;}#^GLe+~<Km<Bz(}0#a~hT52Tl1GASdSh66I~?yrZ#F%Hy$dUSNTGhS_0l
zBl8c&Rj`mM;DZf=Ju5Kva@=b6zBa><g@vY;GQTlN!VjPJYLs9TJ25U|F+7E#!>e#G
z5_vZ%cd#H$oJUzz$!1Yy(*g6xq#Clx1dkRr-mE;=dgL;(*5qF^#Gf}SzftF{&gXg4
zJL8+xbqH<vMXijtmmD}sQnVa4H%?Pz_(A3E{c(Zfs02-&dj?1963Up>?77i~gj~*D
zv^$lv8(Fj`$naRebtuoH;loZ6W%x}Nf+opONbv5Z3!mU!<CE%?<rFjQwLk@<0U*+V
zz!YCb(@c_nV+Er<D!riVHEbpGk$t?uG;^`m@}^@WHA__Ofl_ji4F8+(@o43SgDSl;
zHD+dZ!1$s2R3>0cGdVk1QeGLo#q%`uMymW#{s8aF%c^?n<0D2aCD(ObLtp&oVy&^<
zwp}}fd8R9Srd#AQMLf2t3#cpde~&`{x5)k9@??>foX|6!pL?sG*LE--UoW(n@O8a~
z;p;*TUyFE~EvM4~Xa;<Zs|iMYJt~Uowa$#Mn@#w7WO97H43+I0gs(kDd<_t`&h7kE
z2>0rWKGRQ)02{Ek$61fyds_z1_S@aLO<<1@!rsLY_IvhZ2>T8dVNX*L_5&6bp3Wm(
z>4h;;#DL`^-Bc9hb$D}PbZ>H3-QJ)!tO8rF8^KF=E;M#PBF07;8)(MZEnE(BO&I%o
z3!T5m@O4QC_&OGkuV-rb`c4gBUr+cN%#`9dd~Hv}*B6`cb&TU{0~y8`@U@rW>$}YO
z`dI_MUfvPD9?0-@ni*f`;=vH5wamJ)FsDvb-z*`Y?U(@7OvmTMv0h-H!jQCB9&2jB
zy$TF)c{0M~OBq}qh$>(b7_?_}W%g9AH)q2H4~VRj!R5&YxLl~g<*lg<E>9L7_=v$}
zVJT>@2>@<Ngy85Doj6!MgUffP=z;=w?QC`YaJnigEYI*;A?zc_{B8af6LGb9906ZS
zE1dx}fEHObgB4_)p1aFq0GHn}z~vPjE|1PxH$ft3ENWnRG6&0IQm|ae!7?s?O}mPL
zWw!Bz29~oKSYAkzyc`df`T9k$NyE#{Lg)z%FV}Ir{HYKsG|(v#FTWUvm%SD~G49a-
zGkY~2FjuruzFU0xq<~qD1I#z-^RSASZ_x3wF99#_LaP&+F~|!hWo9B?jtSwZ33z#+
zMLDf44lloEz{@4LB)*j4WhPQ{UQo-^{nt^j2doladPi9LecmU+-&R@I+DE!3AvGp2
zFyu8r<@*RKBR%#Q$fitdGuU?p7`0TVGK9MGK^n7=m#BD|r$k1_GC)#p(ed(XVQvHM
zRpGjrd1+wiPDiX)OpEs#Qcn8|L&`l;8T1J^22MulE$fbhU^)QdO?;PzQW~8?_%eo(
zVT^{BsX|Sdc!K0G$hFdsD5T=xI^`x44i=$}A~5qg8|C~|CC9;+w;FJVamZPeN*+hR
zTXjFjzuug6q(BG)gWdq<#Nppm75~0Ks28dw44jM8??0Yn`1c`kfGjLE;@=5?e@mv^
zExgq78u5Ciu(T=fec^8_t$P9XPNH6FoaRdS&fmtV7f?FA(-PFn6;@rn1VkPDs{K`-
z#(YuKg_E&j(1DZiBZznZmMBFH4^QC!mR%~|Rpn=~8Sg^XXe_Z00n%M3gzn%-mkCw{
z=Fvq9bm5}?Tg1GT!rWh}XqWcy&>`;yT-ZQ#YHhg|Wp@X-^YX(+yj#rhuCfa7?j{}Y
z-l5}N^K7h?9O?+~-oa88U+Unydo{c(EFA;J>Lx<FcYqPI8oeQ-CrGKv?+>%}V_lTL
zZl$^K4vTVLvxaX?n&#eQ`1TON8nsAYj&ILxGT__B;YNJR(XBUU^N$2@z0yrOz<vAI
zW`KKG-c(@#xV;;BUMk|-fyah#2b%Ehvu1qzB15l&TEC8K#}M+3DW4u>aJ1N*dwBYr
zHgfKjDu2@TJmJ|DMm!7JdvsIM3O2oAW2#Fzz`*Q41hXp=z-%so*{mjmRyLwp8EsIz
zvi<1btgL**D`FsSPa>X`aoSaGKN$DDM9cz^zV#>yoz>RC2MzF4R&GAR{M`|-m6bOV
zfo(bFYHm=LA04ihm9tyony4u(0=6R#7`rJf@q?YG?GUjNIA_;e^A?A=1HC!b#C}~>
zPQbunCt8V0sSa*In7`w=79lN)@jwIEYc^oo8s*yk8m4t}OzYs77Ny<6@uh}oohm5S
zA#MNtyn&>)CRrv(czQ235?iLuVIa2eGAKJ4jo^XG@`D<QGBqwH$Fj2W1>jMnr6{cg
z;#Xh*qVxeDqnSo=Q%9x|%-W%Wa>Ji`^1(6wpaIFAjsFa!2ddR+{RIQ3>tbCj^2j_R
zjJ*zUtL)BGVeCKhSjoRZNn`lNzYEXKz4wTC)^nVA*47!G{lI`{Q;m4`t<Lf6?~Ve`
z-j@W={x%7oJ=1_^Pyf%xv(5GdJbTXnHau%%cos8AoAxIIwEf}$ZH5YHRZmuDc=mlA
z&#q>87Bv?`vo|C~vt>!q?9N0qJII7)i;jS1i!?O*mI2MatQ!9M+VAne*@f9j;cVYd
z;OvBB!L#}QEAZ?!M~!FgKN6lD4U;!t{xzam`Yta2N-LW_6khs>7JYHew+PpKCne(8
z`;+6?nMj``_;tfifM31$8}KVz={*8|^(4Wsbu2C2VDew8(oe&$lTG-w6xvv-<JT9H
z<JVyw<JZ5M@oPk1zvbYygXLSB3SVDLgs<}B48A@L@YS?>OW-vC;1xMb%eAyx%V29f
zY8{t|TKguVR*w<2UXuj1zQyR36t_N+1h@XlfLqh8M!8wRacd(`!?gZY$`)%mer=4$
zuO{ruR%$f>TX2*B_G@)NO*4)hmJGiRSPb}8J{tTwJpsR}^2G7$(;eW~JsN(EB!jPj
zUhg@q??ae~UoYzbzs^pEUo)DM;nz!y`1LaPzioZC+mLwpdivc4_?p#dT%Y|x`1N%&
zetm)A*K-o_>x~@0ewQ4-UjKrMUmrRGel1CkUo&4g7W|rf1pIn{@asz2;NpWLz_qPM
z2Vtil4TP;b8VGyFQ9;--IvtM%zrLg6S9P3m{QCaU;@4iC<JWO<__fT4Uu(_y^<OG}
zCCx<wpfAq?vkAV=I!^dH=7+=A%l5~$Z&G6WnAm=9!msZh3x3_Xk8J}(qcyXF5L^=<
zqjpmxli=4(#IF|yRs1^T2>8`~9z&%W-vfS~cYzVVJ_3MMo_&FeU%$J6mE5*B34ZM$
z-nldU>Nq<5+RKF#lU-hWM<?OVnFL?GM-%Qm*cBh`+*6Hqb|geQf0Us|J2#~pqMfS=
zyAE_EhprP<=o+!8$nQ^<xENnagRWYzb16rzc0Jhn97C|P6M?JE6&LGVqHTvtxb=|5
zj9aq^x9+hRaO>?x+)8go2D^Bev)uq&r)scuq6S-UP{W+BkAtlzB`(8Wo}qssX_#|S
zVwm$3Gi-g*09%)G*lK66l@WpnK&UlcL#<iIiCWvyKpNKq(=>yw6udlxfnaAmg6+!?
zY>A3sn==^QGnw*$2Ivqri$mBeH3<8T4q>bH2<A+TH+2d@uQ`I5gV^6EMld(0s{*5j
z3SMD|V7`tl_%SB<%BV)6%cHc=<rOK~w#wmusb;@;4Dhv=D;~Y>=$jP1_A#Q@gvjOi
zxaG%_#Vw0T;+9#uE26F!jPb`9B_wrsnZuR4yGYIntUjde%V{o8v!xx1b`q_8YnvY5
zmvsHLu=9B3B<rucgz!v;R|mVOJt*B4@?cLe;njEJ)?e9V!s3;k!klVjymBTFRnA89
zrs>1@Xyr+yK6$jVgF)9vl13|6=>4I1(WNRQs5_fDetjk$zuq2)UmX+?df2AMD-)ua
zsNq**q;hyB!>?%!zd9IxZ8PB44-NRW1mx>#9ltI#2y#4ty@d0fx{Ptix9a%SuKV$q
zvN+_IlH=EFjQDko3BNwB<5z6e+<5$&rD=)|*I%*9ECR1;{PFn@XzQ;Of1GKGKXy*J
zn_`c%f!&<ZdgSpWeiQ@ev>JJQlTn?3hB-McUY%U1Mjkf=u2pr1)>q|Kbw6~DV@Giu
z%i@jyo)~ZZs8N3QSd8-XCdaW`E!z5P8QP>{H2gX-4!_=R&9AuBrLVuDSdAm7W^<`J
zf#Qr+38M((RsfHc3^%g=C^s78cQw3v*VBMkcPGWG=2=&{*Nj&U@-vgg7cY;)tNgpx
zcEfwL)?9{>f;`Ch4i;oAby33R_+nLt8_e;=fM0*soIJib%<-$ibWl>7jp4=TaQOPO
zCceJ_;n%5`{M+#BwU@@n7hiun!>^f$U(Yw;*Ak9j$ujm!HkWD|`vDUe(JR7_5)*p;
zR}&xSDt=wa<BQK|>?pq2%Mk9C`1s=Z{r~@};@KGnJUiH>hZl2gK0Fzm-75S3s>0cC
z8JsQAV~hE0prY9<#TmD8t2wlIM~7>%RE1rOr~QP77Q>Xt!b1}$JZ0j+BL@w?auk8Z
zUD}d;%M>DfqapvN<N4V1%5rVbZf(%b;!(xxIz+E=R5+)_)G|G&xVwu(S9479WK+N1
z<$$$>R28vUQ|>xqjp&GV5|1V>F(A*9c;q=LKAQL@9lDlq=!!AA4hAG0rWjqUpd=xh
z*sft$t*MieG?fYIW&?OFQQp(yh#guSv7-Y%H<;px9gKZIN&?u)qlg(l7;v3ZrUKV#
zM*yxBy%`)W{0e~U<};1JbqgR>dF`1haQ#^yR`NV3IiYjBijDfQ@^gFt_C$W}iTvCX
z`MLjx^K)&doXF2TkpO}~eZQakBj@KnIQc|=?(yX3rq4Q&pZlMapPTo{e|>)LW&Qqr
z>%aZu@$>0p{&(f)`X2m&`MLH7PvqyG$j?2IpW9J>Zsx7WmY<ttXQ+Aa2Ef<%bT{Jb
znE<WjlI|+Le!n{_S-atg`1(g&4_@}`6YIez)`L&12mkL_5B@y$#Cq_F_23`49vry&
z#Cov49^AY1#Cq_*Z$0?7x&QU+!4rD@+wkn5)8g^0ui$^zdhlK4KWsfXul&S%@QL+c
zCb|E`>%q5NceLxl(+{;03e8^wc=esORs&vr4*;sX3~n*JdUiW2dD<EkuhIt8+V1WP
zyT7DvJH1+e-l#oyeD`A9b3FZ|*rDqSy3UNdcE(+2#a(B|UFRClhXOFI9b{VMmuf~(
zI<6SpnX4bXO+L`>E-|`{o!J1ko;)Qz)#B%FH9wFYYyn^Ja0*NZ!NayUWSEdh>mU$r
zi@D!;@7;Ib1@pSvOL;jBf8cs6zhd!#JSZpa1!OWfLzw#szO%e~NOa^27Eg3wp|r^@
zyi_v?(39{WE<0K`!S7Px0X&6U+RP3<7GBycu59SX4?zCRs-hQs7Ob<nm(y$%Z0B$s
zld1BZ8-?&oSjWbK@Vc@LFCwiKC@?uS1$mze!TnYXJ7|7~6|IPG7#QziB|~brM`{$u
z?Gl!RsPXvjm1MA3>AdUN&83&&*$wDd&o6JkKnR}-PmwM{IEXn`!B~nAz6<LL?ix?N
zRF9NpIQO>SNc7v(i@`OyH~KU7>ByzhIA0XAgPRA(4D*FA;)cg=hcM?d{A9%HmpF^0
z5AbBKiz$MDO=n!+;fR52#v&LuH0C@wd@ok{D}-e*ApkOYbJi(a+D+f{XeUo+(-AgV
z(r%?*KQ9%&0%m2SD1Gqy1=I{yBeuoiCtuTg^(#1dSu5!44m$Eds#RWVH{u^WCRy#$
zcT|nY+=2wZ)Vf#=tTvG?RDzP-ZSd=}m5QL<rUVW3Bkx1MhZ{;kJHvMg-(w`Cwpa9G
z76G7A{DwwCrg3ySYBPyCUIb6Q5@PwRo%V;=Bbw?~X~W);YRl}x5?PrHm64dgg+k}e
z`G%5qCRDmd6-ae#3xN0V)Hil^bG~Vx{A^G{QIBh&AI!q(b(ms8O?`?!Q0V^k?`<W*
z`4-FXE&izARVc5+Q*K_<WEBrN8|f0ozVF~6W?=p1Lvu$;8$fuo#f;B=k{n(aD1oY-
z(R;^7AD9R8C}=$K12^=t7fy8ZR<opj=O(wbCUCDi2;7)gjhS+`P<7y!xvK*<cd%y)
zohfAi_<tlVwI<guRU4o^l(aSc(`aAKq!Y$xI;Je4(}N`v{XN{66C=7Y2On*C2<^3;
z&1A97nG%cfvvbfhh?zBR&e&d9-Ys~(@WYg+Tm$9gQws462JQSCpY%Q+mtBKu^<z9A
z8m2-opscaL-J(i7<r$B!i96y(lnNGzkpd^3p8XnAwSh&lJq1nHf=oQJI%<pdrjGNY
zYCL#UP5oYXu$6ffgEJRdfa9uHYkVr(od8s@FweUXeV0qT3x)YBohyZKF#(~1g}EOF
zuEwKhU@Yi5$P>A>O6&(s&G;(r<mU*YqlkAAo(^L;7luBKiu4;HJUNv{Aanyyuq*q!
zUz)iLWYQ;X^X4=bNbh;1j~dS6_7~6Ia^!9*I}MNA^XJ`~S$6KV5!-jd^6dQFt${D#
zW6Oq0u0?qEpIRcY)i1U9BQuwYbzWw^1lz5`eSNIt?kT`i4r|elFBo^;HIczz%ZrD0
zwY<*k<6EnI(ng=OhQ5F8INOV2WbkVFVJP6sTjLjo)%$`q)`GmYDPN0`z@h@_TR)Nl
z&+iyC6tr9lcaDh?+zEP@S+RNkJXr`<Ss7tqiqm)6x{`{|TmV3K)wx9rh42leC5sli
zb2kd1N%Tt5B495NXjj9jzTh6~kce&h5XtspLEfIJmkl51dhwcw?Q0+>Sdz@8wxR4K
zF>*Du=W1xr6;z+aox3KminV;tw6{UXfLt-FFt-KNSe>_uz}nn)UvRfo2n%#_TLFC4
z4VAc|k|$EtPPrYvap}<GWn!eyYROy0PC?uz-|6jY!6`m(jS##S;}xV$ejpE!XaO`_
zSTc5D!*KMgN!xHMj1cZrH3Sr+)4hV>#6}^Ug)Y|I!$LTR{5eBm-avx>T=O=<9r&6r
z?_D9}VMQ`?Hu&;}0vR!-9V{ibFUYns7$!r3!1$z;WrH?UaJ}wbpcDT=3;M{A(&0zg
z`Z6bl(!EX1*G+*@S0zfHBFSKgzs5WdMT<})cvil~Y)8+BK(8w0QNualGZ)dxbcIS&
z8>xv!`e)yz&nov3SQ(m$J-G8Om^mMARZ~GLU}*4-V~VPh<lI3gB<})cQ(K3*quxd6
ztb|gFlqcHa*%@LpphKBKP3TfFe^v~S*J`RLSOB_b8GRUjg4F4zJe3i=YgIH*OHJ6;
zqPKY=zN@u+q3Lx)+ZR!*Dq8T^`@kZ6M>Uv5{)$^#MWXBxJnN00Tco_xqT+8R9(Rtq
z!XbpVv|;N5i&XCYihxuX;M_twW(&XKg<gUEU$78Itslmu@)CawI0yVG=Pyfk<uvW}
z1?+XG#k;7YXc^52sDlFwp_Nd{BIxHbE!z{O?Y+tsL~VLml$zkhg%vP<r2u<5ungW<
zq+#2LcOh2j6})XCzFgm$yy2qSaKoF+@N;0XDmMC}CU0ZV9TPeq>F_gnB0uKqspseO
z`A7Pc&G{Q~{&{zVUs{b*kUvu7plL`VR>CxdV(48EKMh5^VD2NQVSF=_Uk<gTK${AH
zu=vU<a%)6wHKw_UADhM|o0VWz<Jywj`JNCSj4KZ<I73y_a@cB*bF~njPLtE>+|PvY
z9yDb)!xRC!#Dn@9%!8G5{#5V~t1Jfk)A_a#?uKCDZP2L8*d{#HxUTjL%DYrc&hVuc
zb@6PS5XMMPuk;SCLWDB#8`U|D4G#3n;0cbX@bXqqy~GzCS!40%ojX<WMZ4c8j?42!
z1|J@p+vof;Q4BU%-I2k6mEfL#3lOL)yfN*4F>h<xuXV3hqeWjZK^5jEEkZ}4Y3Gwx
zTN@t2{q4NVbPvM2<nf_3Cm#+6X>EaY$PJh_*kWaHq#*BBOW;P|xSk*!m7=s(di%nn
zOmR>_rZ8lc)TKd$Hh_K^26cU#LQ3bWcAhV<wrxNP>4HpJiD^~$RnR{L3ez<4!=%5^
zpK&;D(qD!X1RV#r)_4{iTmLAk0<i9>@Gc?)yr>F32Sa&3&N9K4l)&TI2_bYj&I5V3
z+5`711Jy-{S+weQ2<)Ov(F!~YGbfoSjfGkC8^83CN19n)AngH3hLK$5mfi=st?*QY
z@kG0ZGbdE)_Jb#PFB%YaR{x-xi^|T0IkN=}2v2TfU^DckYN#}r<}$TJV5?9193;BJ
z6Pa0_vl*I9b%MsKf(D?JhVCRs5=@AsQ?JpcDYxUAsO{U{WK0w+0&5Wl0QA1XCvAZi
z(@>a!L*cu<VE0r_Fxwdy{<5p(TFJJDP1QRC+gUR}4>TazD*Ta2Rcy|5zlrvWvWrxP
zJ2Ph;!*z>WIj$=z2TWH{PywU4im6u65Hy>BZijk`%7yUUR+K6QU>iEB?$Xy0j5zX4
z8hlEb>RT(SVC<~&K=-KTq6%zV6>09(OmoB6Kznb}-7yQ`_56xJ6-zJoOY`XnLaB)}
z3+gJbD5|KS8igf+Drh9lu}g|7n5QOEP;SVI_b$^}!m9$6eumn{`Rp`FY-TxBT>%rS
zT6K|HwOTDTzFhOpM%cU9=2u&c9Db0dK|5h7rizr(7UoUUKKLDekQ3dnl1C#vpGmbZ
zZZdum9c<KzZY?SYD+rZ)c};~Hp|MKk(KaKaQNZFpiY!Lo*h)T^g7gTUwH%^ANw`q{
z4g`~@4bjhs8-==+=7u&O!x-+71=1Rdq(E@UGZnO4gi8V1F6QY99y|pt(w$Eg_p`i&
zb#n75fKMc)K&r>%JtO%J6+?=VN)}j-Yl4x=1^jm|{I24^^WpbG{u?I2%0>J)%;c5J
z`0vs1yPE$l79)kDDRBaR6yuLl_)&sCro)d?QBr*gh12mj3zV#6x5`=cB0rT^`dm9<
z7twE_d(`jK@t0VL>myDCyQ2Jjvk~m#CU?{U0=s@(vIns1C$Q@Tuv;KC1K7PC?q$(A
zu+s2MhHz>AB7|Ebgs~L}*kCpkIm#7vl$#jyZL#Pv-_@pNY@8nf@BYQ;-zxyTE9MnA
zraUjIcvtKY?^fXak+Yd*kU1sfF-k|c%bc(AaCb|A;H^{K2zOoXp6q<cBg>QB%H&D3
z>hhFtO(svxOr92=6emx>z$~jSN7+_gj&iNK9OYYeITEe992Hu1IT~%%<fyWk{{~U2
zEaAUFnkq~AZxE=;=~gB&<y?;VB^Rr;MtO=<uIHBv*ySdES;a2v`Q<`(iJ?f^K#}+%
z<&nz0{F05r%4U99%`Pqc`)k>yonNvzrAi0C+{7+3iSXr4ez#s1df6!S-4ld<>A_<c
z`pE{NcO((|V4~0uF$#UNS?D87=<U`-p=Wvw<$eL$Q<}WLd=&B?HOl*>qm%ccDDRj4
zQk8cWd{z+spY_b#K1kN}?48q7n3yl(!9$tY6bA}>bqW)9ia=YIqB+!OxUyhEp|l%Q
zI2z`kP`Xz>dIEFh1wB(Oyx?fLWlsvNg`(e1-ujEKFuRPz)9%N(a_d5_Z>$!k25@ZQ
zS>O567*|Pwv@vIMfwZka+UKU8@qILzk4U1G_pgF8TqXFZ7LDf&FNP`2#V0xYBCK9^
z?0YZ;9o`#+&|&xthVitaH4*K82FyPhfcQf_@`z{e1A|@UaWi_vXOdUFv8?Biip4#c
z-+yrbvP<CI9Fz*?Jt`)nu-ctlD}=s)GQs=l`!+m#UKvC-H9Fz_XITBwYprhen<9NP
zE8&|box-B7Lg;^RYu^QG$(&k)y+Y_O@O$uZA@ne{{+*!g9-KQZEJm-~`cfa5(yPUB
zwz;CUIabf?xo~wLod}{uDH%*?uT+gLe1|_{6|x-pX%Ow-_9oFLd6DEeeXg$;|M_IH
z=Wo^Qd1mL&ncU7zAdn9<fN-g{0z`l>O=lz5a|yjd0U>-9I_~#balfof@#t}3`S<v0
zF`iAj2Vc%dY0O1Q%SKl`JR-S4hc;z1WJ|S*ubuBp`N+x0npIw5Nqxb%Z;;*n*#b!5
z`~<o`cM21fE8*oK74xW|w0>}g5WdhDkKlEPw9(nQC#x<fuft6ijnd6fF1R`cINkjW
z1H0eGb(azCZ2KeAr=K~AeR>s`Q0|I(jN|K-^OJpd3U=v=Y#}@!3M+TVnEwGpfE@IG
znsb6X?Z8vNbV!dx!!R@$;=3`_ZznDhWvnUmOJBvxT-mz6JVJwhhHJDxdcP|Z7%t!c
zjoEq5B2|5T-xZ}AX}vFF4Qgss&u&z;<6ZfYd9GfBJl15>NDpri!u!FfgZn7H(QC#>
z=a5f*gCJ67LZRgDrF_`RR;x!-`%xaH-R8DC@OW;RTcO?B^g7SAm!=Fp!_IRxv&&q5
zX(1KI=h=BKJG&J5rGs4-^2<ziIhtQO*<~@m%wm@%{4$$emh#J7cBxLj`E*%cPDAr6
zBpQb1A>~mo6avk&a25+uiwcqIxkz;psgAeg2{NPgdaAI7=1BahF+y4o^ad^f1CZ+3
zFlud#>P|*=khGa#wnv!K;B<B<x3wG-ozZkviHz2(N?|l$Rq`?$meH2ku$-{v79(NH
z*~%<Y!<j&h^v<X;`a3RpIyK~Drp6tI<EfEJ@lD4yU{ZeH{rA=+qvfVA<3|h1Puyrh
z8B#}!$1q&H;SJPUA-wufd|U0xONWlTt%H(|>{sgJ+nS%)R?*Pb$eVE^J0^rrPiU!4
zNjpTLRNmadRv~n0H(G8EUDT7Uoq%ZN;-Tl4gW3!A#z61rseS+1$KsDJcHKm#23T%f
z(`Wmo@5Shp!%WTRqMFZEQoFH2$3cg|N$K$Hws<-?6X}p;q{IDjbXW&-cC&#FGk^~1
zN_&%m46k-&WJv3ggbWM15*hj}?34^mCNkWI@5Bvcq(~BSu)&OED0KoQDA>EzN<+<$
z^QJo9<n;%24X=(f3*XnS<H4qlGNpS{qH;NMn;f0CX)tfoUcF6dc`FlR2I>y8GwR|V
z=n2%lz)sX%^2{+%H`9LHLe@K}ka@Sn3t4HRkWDuTnI>JH$m66Zz32{o_F$Zt4YMnc
z96WBta86Ps_ShHkZC#Yu)@8}tx|p{Wa|RB?tA_5%jswgt3)NUKS>hWZ^rp$S+0u<X
zTE0k8cBAJSt5XOy+jT2T>m^Q6(r)*g)WdGrL*6~DZ`R*uB<<T<o8$Xd#U>T#p4PX8
z*j?T?GBB}&p2$<YZ(#AC3;j^eff_2o?#I@G!QJS&8XG*!Zs^b)H(!!xO{Wb(*;vWe
z?6x0q`q}n*eD4YqIX5~v=kDjd17+sfZ<ey4Y?X#Nl#BKg^UC@F<H~yLOsnon4tpnH
zvWE1dHMYmunZ>()pUK$nDugi`O_|RGrOb)nI#d7FS+qO8rJ<YZKQhxFbiu5Bd^j-u
z12jeQAO%&6Bf;JQjf2(>0u!JxGe~;Ieqn9;nZ=-qHf)6^t<bdKhrYh8Na1Rxn0y)U
zs(ubmTvCj|!!b6e&s!;mtMi5VwQgx$zVm&zv|k82*rp_S*W-i{Q<e@4$o*ajt^S@E
zfQ{|OxG#iXf_rZ16K@FA!1fHxPnnqu+U=Ki3h?qy0Q6ZlK%@gDfQ6r`CEyhyRG7gE
zjYo(YzV&-mVKDMYU-_1+-NMf27xX=#D>K~Pbu?<_QYLWH9(npETqs$SMQ)2j_=YIe
zO6&0*kg?yVK#fp^W_Hla@{mnTB00T495sntOO~Ng9F>)OwLFcZ2L+WD6DU|<F@b_A
ziwP7gw3tA_B8v$WEHm4#)yHkSKK=!tzjWIb+oN1{@Ob9R>`v!O$8KF+^KYS=R`Q#V
z4P31?({a6-j+@MMtT)q9Hq&vhiH@3gkb^7LJIKM6>K)|ZO7#wMaFuBWSI*-GR~ehR
zB<f^Zi)8vMXpYL-kZVE;a+{k9;<EmeF77}6;{JExE2{CJYU~6;X1cFqL!y|mtV3Rn
z->I7cyb(D4EAx0f|MCJuBkI_f`-@lfpCB!E-SVTgVrzqL@$y!nrK|L8RO3dH&;wdg
za7F(SKQ28+@|IZimY_H&A)c?F=msKRqd(pagr-KWpSyvU>@@mMsHO1Qo(^45eDw?c
zP+EA1M^+wc(Bmzs4rq+l4x=Y3-@`hDUtgtMxSQ<{kU06jw+ok(!TR~_E;0}J<kmA)
zn@E*k?J`?+iIl}5+ksWrHHmGodV_KLLQ+?%mQSmui5D0wA6*$+n{*>4m(vevNB%=H
zn8|d;P+Y;YLpiVmo4$uiQ&D+tMl5EquCG53Utof{z~}qo3wX^1Ug1+%uCRO`6wKMc
znq)BHf&SS$kD}0Yws}RSH>Z)gEAMIM?#g*QmOSQBx0u2u77X1lt?;`hdMd_%$W{2c
z6qVup$X)?!mHXwPyeFb2_<0&}2^Y^Sn+QzCm+^PD(zV%`UxTq0-kfz5ZZT&Y5nhWy
z2GY|i4=($#CcyjHpkinOtButREuimE)(!S_x*ixEX+nSRXBgGKS-H1KBXlWJXCf^%
zVYTu{>C8__)r#u)n&^*+*}mC_iou9mb`c*fr9ucRT29x}9(U|RzxrWnLNV*;4aX)%
zPajBL+*DEs;bbMPf_~R4XYA<U12kqdu2Z1gs@M7O-l4pC@TflYi2k9o4{Bs9X7c%T
z7e+1Z9bEU#7H1zOLS2ZI58+<@%P(X!ifzzTR<<$$9>_sgPYWO#cudXB*`-{o=*r>F
zi{QiAN_wN=*3B3&hsQCRUz=^9TPg33&R1HBSD8cc5w)7I7NfRfy!xwwCdJ8UQj81v
zt8^XtAlK8l-$6`WSiR0CHS(z90_k0Ci8Z)0OD;Q*f;k)Z0_jUpQfSds`n&*-acac1
zE%H=M$N%LkzD0EfpY=(gqdvr#ZR8WK<>@g%eLoj7R#E8HYQBHLroea>*rhGsxpG$r
zwB5|me)UWB<|CuX-VD(CT);79y>Wd`U7O?Ua*MTm6say}vmTr>C4$ixJZSqn!%IXd
zx8T`Eq4c-J)cN&j>E+qqIlUYjy}Ew$f1O@UNT_y|Xhr7r`{2&eYIeOp^1QZDpabq9
z0)U@=c*p`@&e!t_#GGnc>6C|klwxt$dD(=I+ozOI&xI0oLTDF`<R$qxm18P!g~#O)
z!mnFcmT#Y0k83F2^CF*sNq(svm#?E9m)|cn6-f1Hn>yV^a>-YWLxn!67C6K<C1Y$^
zP3!*JQnkvVM!qgxCxja;rgdpMt||Qk?g6vX+`$41<sFEI<-2_r@>PQIzc<Nw-?Y~i
zw0sz~ocaMjhAO$5f5Ojpjd02<tt>s$>1Rvl=|&aTpH$qp?Wh=mV9W6ul^pz5J}~5~
z=<*`W@x|19g=8|LTo9vtlcBW!Jrv5P#dt6(NlQ})(z2Hle&nB@L-`FTFZ*GL8N*A9
zczmfQC?XdW^j|IH!eG}0rk7btsORL$D88)R!t$cHF#74>C<)jsr+%11vXhBR-A*n{
znjF<|IYJSlrR!c+#*1DiDe_BS`lTH(z)6ZQgk9Q-Qj}RF_p8^1$S6a;zBMd%1SH6p
z@m}ySu94R<5%M^jrIkV$JwU-0mbCH>lb}=4DU@3muqBfqS_5Me1g$aeOF{DCm&Rax
z01RsR@mM<v3F~&pl9C!TN(xqx$;Aa<%;X1Z<ujUiz{c^aLOPU(jH>cfMs2;6w{<c8
zyL_ap7e26iDU*vcS7OZN0WQ!J5$-I|M#omYW3*_l=HozXFd=7*3ncKfb~U{2JD&9l
za=ONxUp5r%w-^)HN84F6yI+-8oLn_|1(Wa)$!jUfYp@TOSDydmMq#CJ4RQ8P7QPc=
zo|4E@+=)UPu#7|kKh7d*B-$`4MDa9!=FaltjzZ(vj=c_$<H1~xXSk;4sPhixZ{ZAI
zg7=GM@qJW(HW$%%5OzFt5JM4y6kCJQ7|I$8Ul;I2Mr8|2QknBJj0lFuMSxH_x**ke
zgEfsAbrk&Q!ELFW!t$TP6__4Aj1YHXB<x^(O`u#cC%rr<J?`aLp~L(hM$ii3!gQkp
z`MoZ>yBNbS+?4e%68A#ceBX=A2nB-lr9QP$l(!mQvI_J$MR~8%b{neoI=2hqcT+Ji
zd%GuhpAg!{a9X!v!ji=Tj~;<RjG-LqCMV|ysXUV76ACF{h21d6m$&y9!YeUIAv%O@
zvnWz%YiLdvs(OeO>V7;Oix)^My`jxiw?8sE-#5F3)%}qTJ?QI%&>8S!SjGKR*eku`
zE^qM)q4~6fP0Mg06v1D@^8IM@Zw8wm36PE8MMU_JkEt3)W%flXv&Bn1Fg`FB-}ja_
zJ83$`-)|yFT|X4CjA~!TM!$sDpi@!i<cxPyEQCh#35|%9^9)pHyXKV7Lbqib3-X?J
z6AtY%a%yhCThOEc4D_jF>wvx^7v&Drelt+-l_10=f1;>{Zxza?Zzgvn`dVSo0HUP~
zJ=~4P`MD6j$7bO>ckpPPD{y}msXliTGj1}`xItZo;=%+a{HeZAfjP-F%b&3WUz%>v
zj{n5;ve|1`sHPmhzpY4nbx_q?1Kk=<;Xli|s)Hu5%LArD1W#F|eN+y`aB~5+(^jn;
z-NOGvW>aH<8UYo!-6MSkf>?GBj+rzNu)qLmEgOhz6{7678c3L>js}YGZ>Z9T$}6dS
ztz{HjYY7k=?QFy->sr;k7B5(87~ivs;`QOXfeO<5SXO#ZscMbeH-h%T%4t;mXtPza
z`5j#!6sl4Q0-s_O_&>3+G$aLNbTcj)s6tQq%~sm*03Pi%jjLaza@oHa7^TX-a&DVx
zKgKX_F|xrtj6->?2EVdlYlJgWsnIyR!+m)y3J5HWMvHQ&&7j{|JQBz@I)J!BTTjj`
zrn{tCrE9C9JdU&giuF_w>uDCn#q+rE{vCK<M4g*2k8fu4W<HG^kw(rP%+koF!HG+m
zA7FGm4qciwY5d04vq8oN9H>U+*;b=J0Y-dIBOv`W&d)e`Hh6^k&A{QjgJu+;v>}3V
zrWv1N*d*?e?UR~ETnD4EgFzTuPZld67ipvNf?@v^V4Yi9sodA1(Os3lKD75rwzB1r
zvAsBL<s-w1zV6sZ=*r5+DufnQo>(*@?et*h&KJ9JlS7XlmJi5uO=~Rf{9a_ApYL;s
zndRyxDW;7Mk)?(WQe@?it?c_CPndEv93*ErrZ-STO}cIlJlPWO&%yj$bms)9C~j1d
zFY*Hb;irB8;OErd;c@S4<7eO@?oSl8qYPK@mfD%qWRKFANat@XjLxq#qs4_Nhe_@j
z6drOEk_6=wr@mL7(xsm^)4`oA*{&5R?D=?LAaA*oBtAb0)%Be#-fd<kKD`U=?)Y_+
z$90zBH7BDL8(!#jsO4L07<l|xlZqtNvm=ufdKn7IeNO3VII?d-rFp-Ll7#&%j`Z9;
zGN&4>v^K(ghMh4Meyf#~n-AkI8(xQeRSW&dgt20Wd15so^gZ&X1Fe{;Ay<}n0XUme
zO*z<DDdu5kis5x)-7wlj2x^C)v@40>D-!Nq%s;i|Fja*)Ez)W^{hbxDaCM-cD2>e&
zqae8Qm0Qv*%r;t+$)+ma5Bz?9*RB?Sw8RQyL;m<3tO%gTc3{3dbO$EWdNUhd<4x|*
zo4jR~`2<8u{Qe&r>N+4w?_-~Qk-;vx@$Pi)k!N4n15H7nhI=fS-iGS(E%<6HkilWX
zV4%6X#0oP>iEC4Fpeyvs;g{-xvht-TvH0i2{YJX1Hu7JLj&cA^X&)z1Y8Iv5wLojb
z`Qb&p@t>#+vCDQe-0G^UK^XjzNtulHUW;6Os1*$VnlhmGYTOP0^Y-O#i;?GBkyz8$
z5j!R#JKW`iT|)w=yUS;|td_t@C=n)p;6~sUF?!|VIemai+xI^sJX+ny5~?oS=#Ngq
z!%XF?H>X)}C~wD$G`KL<VbG`F$^VbNZ-H;3%KlIKfRu+56*a7=MWYr)wpCo)1+{?$
zCYowhs#U?o<zao-rG>777L!0{L$oSrU0<xOF1sq$p9&}lEzlMem4`?H6-1O73i1$W
zftLKwIrq+FW|BTY*5B^`ho6r$lbM`*@44rmd%kDRJ*U7Ho!92&`gwgoX7j30XgQnO
zYpir`NKSaP6Y?kYJEh5hw|=MC8jnQu^Sc|k;~JI|N<|jQ7j1#A)KxWgQB%iwENrkn
z_+Y!m8|RA2rg3gi$9dZZ-8j#J3-)u~+Xb7GX^g`rb>i|8e?8WJA6<_Hjch%dmf;P1
zm`tZk>J&YndJ|?jIE(_w^Z>247?NypZC;OyYcSHa-`+|-oMV;e(I>^1XVOouJm{I4
zV74W8z!MJe0oPU8x6U?A%V~UCx--6VyH}l;{-vgQS+CB^;(Fb@1nYJ4(vXb**pa87
z9XUcg{os*KsGQ}UyBLpOf25Nos$Y5k^L(KT;`V>;{$uWc(PORkKSAIBnsxE}-<|h=
z|HG{Rm+=1o@G$THO(-38b%p0tTI6)p^PyA4&^0zOYmj~X`2e@8#bBhUmsq#hwgoy~
zSDU$bHXa$;zdD&R7IwaUiM)OPqKMr4@FKF$I6X`YEN?#82E9xJz1Ma0{)+Tg9Wv0H
ziS)|bqE}#`m#3q54bq!zq&ExcWw%9drh#6vj^3etKrh2cuN>*^Zfb*G{`Y!%AFPVf
z`xnyt?x2BQ1=5?@7QJi(y)im^w;{c!jPy#8UT$0T3Jvs5)6wgK^jt=IB}mWG7QK1{
z|7uo7>3#Gw(A(2wphxmo*+}#}=wAhLeZ<g>pjZYjjxU0LVkBMY7nG`0eWjPbk?qhk
zir~3z(Ia`Ww?oe;GONF6gC5CC)q%F@8Aaytw&;<(6t+XpC^DC}MUUhqwH<m!k=gQj
z8}vwCR_<?`o>63;j!Vx6kkVgg_hvN}b@NGeito*4k|R}bn(y~D-4{cTIh4lAmgqSb
z*cn5Q+3)!?2HxQRa#l?Xg@>{8LF)bcwfjBe-k+e|Ke#mB{n6U}^>ObPY4<-g+=qM0
z)TLT~UBf)WoaI_xDZFjii8B$~-RCUug+@CI>)g&>_@jI1@L^gmJAz1W+1|%NP<<4s
zO7{YX+_Alv0C-M=y?h{ljRQvCg&Xg4rn)u`bmAVL8QtT1z$4lG#31_9VOwkXS{~o&
zB%Y5?9UpYsBP?8gk3}2ijm!8jP4@R=smg>U(fN^9;a6hlW*eGrA1`c)n4fnjSG?2K
zeD;jX@92CUT+;S@u8(^^I-eiLy&s*==a-o0vu^QmpU<Ly>wLbE6lXqlb9uTtm*q5n
zb=9rS-)A42=1;|n`)}fAs?n|_^QtHXE#Uyt^Y+={lblYkzgd{z7DEHzgSGfFVUEXA
z*4Y<w!e|Egq*1m(wMiFROx9>FnYC<K*_2^$Z9}heQQ9O*KW40!U%Ma)noJ~D0lv{4
zY^UhFpX4rI<C#w)-S8S%WUr3zWs!&NggvZ0@gz$gP9M)fhFFVFWC`-f7b<p`Q@w;S
z*}#}ovCdP49LUAPzTx0Rn5%m%xshUf9eu`I^2v*FO4o@}a3rCd8k#-b+<uG)$U`#<
z*qhf7{ZdR>1KVtt3kyPds&LCq#&-`ZP3c9FDV`Y9i^!t1!I)L7$|3}|ld3G9DTeZ9
z`NG8jGbfe$q~cQ1x>u&di6KuZB4M~+=F8e$RN@U&PUoC*F{`oY8ZUZ{y;73Xi|;zU
zn7<E|e6}b}DitLlSLdPZz_kdYfpS)(5I}#cJn8l3h%zXm%Rgu!f?dGw_@u^$`Ai-`
zJWdz=hpa{C`=kT%hz$S;p-<R1`dMw#8Pr6>w6Q#&wWqwSv-(KGM)_0gNoZ#m+zYe%
zXu~2zk;*^iMbY)yws0OOPC;N5#3B%4pY0&b-s<KAlu_tZw+SP;j1~<Afh)e0i<Ye}
zX)4={3=%qAlTbbWB_W*gYBviC;6il&b#9m&%~!0-Z{oAbCi!ic0^`~@4#xGyc97OB
z7FfgO|3-P;Q}yqY*JexG^7@@7uO6ekhI>qrGvf&Cg9d^1#ur#2a2IvlD71B*X<|@j
zMU>g)uY$~8#p4Z(G?WV?+@I-_cB82NhD7xu6xGEuyJ@0Iy~AJCB|XPxwXUI@eg_?t
zgof{BXQVrdX>|ci=Q^2*spH2*k^d0+-2X~@@;U06xbivdAsA367?3>ZNOzP^E}Opa
zq?umnh%3*7c{HKhVmPmo$32MT9F~eJq@3wuC|wL?+jMV+CoRi}u*5A9oPAYt<<*oP
zX@^ailQSJ_5O^fTbql7`6T`{1m<Cy@zXykN4~l-3Jh-}rJW3#yUTH0fa(v+|K8*?H
zW{fR}3a0$07ML+<iBh(8QN-jw$z$1mA9Wb!D-B&WKSXOJ0b3t<1NYU5@I}#3Z<tCt
z^>?xy3(__eHPpu+^6+@pL3AOnH0JIsK7-}$+>BEPJfAogc>Xj9kNkOacMD3=q3;**
z_$1;#_VFg($5g#WkTa@Wk%w%c6{>PVDd?rG^K53FT_RV{!Ol+FY{|c^$isVE4Ax8D
zGF@l8G0*sB-q%gUOgY+B2QYIt25Py6kHEgJ90Ps*@dxPZxxBAqzdv?<9(i5kr>OB$
z?H#>QLw#X8bd(Ie7(400PEI<^I=ODkqR21h=N=tDhiLrNdh1z6oxT0w(J}O~(a_f!
zTgk=3`Z{>aqUig+JZ*0vzqgvnPQ*-hs86LyWxmj*zR(|SQW*8OTMDy8O$TCkj!K{P
zM|JtZmotk}sFu@SQX69`(1;VJzKNSWXdtGdT*92wap{-kRl*~)$O{@O2HjW>CS59M
zz~sYwFx5G=O(8I_X@opwZebzyLkyMJUANo=7P7o|en%H@VcZ2gme&j2TAYVHq7$2A
z%kiTaF0P=LQ1S!4l4xWi%j<?26+wfbcK>n}T8(2WFcq4Tfjt8o<33>hZ$NzIn-8LH
zs6%26pQDmkyP3-ijPS!JF99?AN^f;PnvNFq&w>eE><kUHg>xg)EjE9XwYU?#w8OBo
z5y~ywkEr$vy*An{R1dW^tS7t?PPUd4y@OR9rZ=I#R<Ah@y<4B`hxGnwq-QVgAD3QT
z)ykjoCC@I^>p4Q1wV_$F?{xH+bNbQ~Z2TRizxhWKeX(u&w=(+5A`?IQw!#m&Nj?%G
zzHItya~wXeGQN*Veu~kTI!xbo8O6qrP#)_L{mEhCf1gDi<PRme*YhWBeVhDQKaKjo
zd|?OaSDN|1tiDb9t}xNRyQB1Hn&qdUZTj!B{-<=5exaGZt!?^uO8tPY|H@e(_rrN(
z^oORRCqk^trnj5LsjaT9!%oD;db;13=J(bRlmCy8jsLQDT{9Ec^or(4oc=$>=qn43
zjX$#T6{o-Qxw!Pd`wPjZ)KU5-`IIG<eqnt2R@VPM9i?xQAGwc8-yWa-sxmge%jO@;
z{BAtIz4`6Q_;dICW7D7V-D`RObDxddf3L*kzoYa``cqC(>F=Hqm;S-2O#gpmpzkOi
z*b4oM-9SG)$*wgZew@to-78<l(|6S-e(ede`N;gJ_4!C^O}9?#-NFWQ-i&6`ysTB_
zbqb?j|KTyv-*FzNzhruA^#2?re*O8w4)TlM9P0VySit%9;F^x`D}}X}Vs6jf(e`G|
zr}kva8ZHRio{87)hkSerYw!7a9c(W~9x{1*<*Rvn6WVO=&H$UQw0W)07yM1<f3x}D
z+;-M&Vsgy7RqX}d-n_ZTv%U9PZ7++<yVz!Xnf$NF|K_*X-YKoMr}DFY&hc#T)RS9l
zFU8N=D`>O5`21{j9ga@o>u|tRG3(H@J|5!j%O4#5cw24XY3J?FFK@5?Th;L&&-TAm
z+aJ(w`@JXg@xOl@`M=bvj{nIv+gJULEE-Ar8BwtjwF6DBv^A28@e5^x(br>%<T?QM
z*80)?W(6EyHrPwia&?1QdC<DSY5Xs7Es~pxrB!U+@S|4w)7P6L8OwdrUO?A`oonQ#
zi?ATuK<D6E_vHvh@3s5F_n~unoWqy3t0-A+e4?439^8f@qq%85jGFX@AG696Ik`hB
zxmx+38o8va;3wnKe9|N7jL>Woq4a3KE;IHEt67cYga%Q+MCsm4pq9-jjV4M4Cxk%d
zilXt_vZVo0WlckB!$CZPj($b*8f4W0f%BeVrLr3GJ5eJ*ws?EP&N%ZS8ec%ceE7nn
zu^t)Dh-91*%&&zrA`SL+U`8A?@~pqd%*fb2tVEt&of4RdFs4Vvxyfq8@rRpvgyc_j
zc!j3KA%1iuLjRrP4G*OXr&Bj#v(=ju5R#)4RQ}{O(~Q-~cfFXb22fALdB2yY%vI-3
zMnAKKwYYbhvBh-O;yks*obZEIZ&uBO0&n#X2^fQOr?DZN(IYP;vvJ{M4ytos!sttn
zWV1G&n8s!`(>SZ5epWA1*sNY6pIN^sBA*Wb;AKL?c1Af&!RR=}+0)n*+ivN^T7^c6
zm4+RL^&hXknJK=j313J4?2~F^Di>vDRCz-dj25#~xYyuRz1s=bP>8Y_JpuzBAWE{&
zx*1>I?GysfSy+w~8@;-_mEPN3OYiLl!w{0s-;C}Y?Zq8&42Va^HaZl;shjXsrTU%{
z-{;M3I0y6_EHJFQxJh2sCHh8>0(!MqdRJ7Tb7nNo|A2<cV))9>Z|h}|OIHDV7i=SL
zn_2tAUl?oO&NIb}=3!vD#;r`V0}{D~!ei!DcrbJ2qIWzo>Ur#kc@x9QS8PI0)<CDq
z1HObu{v}2SbY?nWiJYYN+py^S@opa&7Om%gbo#e9U+r{pF1yIar9b#Vw(j%WTKDi*
zjM2zhGh^5P`9_V*mcKo^{KrVGYUJ&&#H{Z#qU5e51<zG7QaV$LQOPQ$nX!~UbDAh+
zMi=j@G9#tTD5aZYDf!KmM4*(*C`~O>RSlgXMJ+p=u{u{8JhDBtpYj7!5Gf4@8yfM$
z=}f;P<x9$#0PMe!X?;~TihpR3|5N0l&&x6LaPxWX$V1-LR^?&COEJ9fd|vDF&~<97
z@=zX2>Em--mxt;pt;)lYSW4r}lyveiVahL&hl5*Mmxr^aFnRbPx8w5Ajy>RvN`y2x
zEh-V15Q>Wdb(*AtTa|;kRXLcf%3433VznBKgdQ)(2!*S6dq%?5!44V;6RjpA;q@0{
zCTP%flaY`P6O?H(5<UyWH4<W5Og6W8S!|0dpE0!vY<xsCwRpR!#mv@PoMtwJs{b0(
z;vMD|bD_n2Q;Ui}MjA(J(pb=*`Eu`OCXEhx_!o;J4g2Ig_#@|j!K|2`4d1Jl3bgc?
zpGoJ?>$m}<?!d)c8@9E&fBmn>XVLR9^7*&3+mp{%9zRz3OnyFQ?p}SW1M+#v<HstW
z&s4;;m~L({o_x-qe5~@>JGRAz<sFbu@8n-1pPzoC%IAU=B%dF^AGvZxJo(&I%H;DO
z*S0R7d7^bM%hJHl+r-+0(hp*II1Xo*DD`s62kX^bHCucjlT=&@b+b!aDrRkhW(!JV
z?7ovw>ATf@CQIbxZ=&WO{iZ+fYV$Rn4Clp;p?|lw*S}?twcEcjUz_?j{V~?R;pYC`
z;-UNjSkBYMPF^*0IPy8hDH%FjfWeWhk_Q&j09*M!%!m60)ry62Vs+G1`T2D$>48UT
za!Y%ta4aI2Y&RVvim}b{EOR!Z1CiqxAIC9xfI09#9LG2a$2>$hW|S)mWQMOX0hw&o
zh|gsv`3sLWvn(Vc;reNhGTs$Ld3Oi!uEcx}8}ZFdj&B?c-|T5g)ZrTk$2TxV@-6Q%
zd;=pJpxnh?J~!k5#Cd5c$oBdT^xnVW40=0`J&g9QWs;$HKTTrCMdpZ6{NPdZJACFE
z=2Fl3sq<4{n4f%{AC`s$=f}>~A)g-rJU$7mI=O-i7)_9(O;Ea<&{`|tsR)xtsOTw^
z(9`Y>gq{wrVtHQDRnBL#vGwL-<BR!}NsROPM&(eTR}Qn+Gv$zs|MXx)qXbt@G!U$w
z$V6Hisylxbw_dpUx(z&j6CE4%g-^TqhF%s-En>&R{tmx9T9{Mi9hLOB&$?27<`9ou
zV=@xVNMgTT3}vT9HuG~=#_t`ie4pOR_o=OXpQ&$sY`NCoHM##4{WZr!s?~#ip%H0R
zmyt?1j)334#A>6RG1?bm$y$6;@iI@w0Tj$EUue>@(Y}iZ@^Hl`DK+5;Sd)3o=io{8
zVgXr01z+qS<%ysm%kce`wVq1M0Db?=o5VT~rh2j52tRg3ZUj1>Qc+rm`IbyEm6OUa
zgs}J0P@*^GOX$hfVrbG#<}%E9nD#||7-b`JoPu3;17%~di#i`4vpAZewBi!buM=e7
zjF<_doF#@!Kq+R5QoYaGRD@Lyi%$jhGR+I><*F(zZq_GFs_^<F!h}1pEN(I8SP?_S
zLe!I-WcaL0K1X#~g6i^W;8=btRaYl}PNb-w@-%=s@U0x2jd8uaJl&)UF_hWx5kH^E
z`b!}>^0!S`xtT=*p;=*NQ8_Mq!(4gGT8hVu^5^6~<9gjBuOF;iudT>~sLDdj?4xXe
ztbkx3zhL7iMnO>1`TT6@kRa&RgH9fDq)oBnQ0Kwz&cdalycMaa2<27iq#`Ri>N87B
zQc-+kT#3-?77k6tNJ=IPV7y@v8pc+7@vVVp7Af8dYf15zuD~eDp{Wf|$;DrqnEm$&
zjM?`MGVb?k{nRg9H+yi;_e%RUrsv~8kntPu$H>-Rd|w%{EMp_)M+u-+{!P8;FG;ls
zfm#yYbTO0*{KFWn5m@TAjI4l3z@`y1<?=63dh&qeq;elmR~+(`!S4NqM_Bl|H-wp=
zZ}Ca%Xv@L))1_W%ZT@Y{V%aj@%(xrch#NCLc|MS<;74FUBW;{yrwn)|Dfp&dzH$wP
z`ED2pt7-QF4D+qUp0FN_9FMzkqnzf#!<(jfy`yE`GkWHI9A%zQV;+`}oCfpztdHaj
z7`SUC6~?V#sl9%3hjOL?1IvMdpQCVxI=gO(%esFQn^|{FT-LEXEV{>fbH267vy|1u
zvo{6+&lb#IMD^1&p7kw8o<-z+SM&4Ld14(VE{Yf+q)n__EU(c{pUJ0Ju;Yp+`$DOB
z%38}DxI~<M7|#|8fkagClMfft#rOoeD5Z-J*_{fyc%R)Vr;A2*F_SKSpGX(8=;Hh&
zx+tLw8)f7<Y)i$90qkNo-T8o#w$PnscE>>%gFDfMoi6^uE>h`Y6}w2Ii|WpF(S+23
zol`89MaXCQ=Dz^+IshsY=1opHV4?W0ihg+f0xW1D_-C8N;`i9Bu*l!L>k<lbSGHo>
zu<}KinoK?&f4`h))n!vI0u2AJtIDsPZSmH5m@m*@WrxoWcGqKZ)p}C#COHV<Z#w^*
z$^Q}rAM28GL{}}9aJ0zpNZ3v2BX0y+5Vy{@<Vf`PZX2}#U6XHV0eSOZ*;yTdqqv0k
z{`FD)=<!sBWa#PT<60uh={#TCBJ7_$1RBx?vXsXtAte^H;J@;%=lZd;DMD~jlE#~D
zWBM`PENfBoJ?_R^4Z%gJNOo75i7bUesJ(t_F7^5bM%s<%5uocr(AimQ;L*{%fxBAx
zxdKM`Su<hv^f?jEWQ3cZH4%O{Q6s$ekDTyHEqXp&Wu}X<W_mvS{aK9<U88(>ZZwyX
zs%DiBjNVUEP4qUK=nad~6QcAcsPqb>^a_#Q%Rnz<b*$XYs+o<Vlb6bc&aMibDu5t-
z=e8?+@K@x2bNOF-3-7A)jO0Wfw8+1qKA6O^KAu=s*3&!`&QQft2woT+<X`TL70rGn
zAexUH*5zYj<9=gGb0l`u%W7I*Z5dU-4^QfG9QV0X;*2}{hdAS2_BD;WWO{Vmmqy2Z
zXk_fTZ+;lY?LQQWlr#M_C#cg;-VgC0$CZ7iNA=Urs3bq~M=mSwL!_Uuf`~jm7>{2i
zzf?P^i~<FPFTySINx>KeW!n>nBXbTDN5(!A<w*bN5OU*iB=8V$<e`I+2q_fB3k!iQ
zsTTsKC57RF`Xyz3Mq5%_6SOv_-^myJSsKj&hgF(G%`^*5G~a$&qxsh;&CEMF>z6mF
zG<Rt<fA*Vb&NR`yHA*u#O0$Pbvsk0qfHY?!%~$;Krd4iZ8K~3hJQn%)s`6jwDd5wN
zCa6U|!yjiURK%P3Z#L7!-~Uu};_tU=gI#w=?8M)TO98XIv%#;?2LI~g@dj_}fJ`6X
z!T;v*ID@zBjWhVdADI3t*S6(H`M`(78Th%AVBnZ@oDF=k#)4&s)lc1<)laqBr>`_Q
zIlV>wG*bKYFYQzKi27+FbC6wnDcFw_-zC4VGU6Tf_kR9&68{_Kf1l@n|H=O@;eWs2
ze--|>f&V?s|0Y(lzo+oOJ^0^V{BPgNMdtJEL+zn#=aMKs$LloH^+?n8Xw!9p>H0X*
zgN3|T%XFjUY;QL8A4Kx!==~Pie4prvCi*@-{oFm#-%n~X{XV10ls`aPh3O@}8h19w
zVWUnLtE)PT{@Ntbx>C&AGhycvLp}%|-_GfGpB3BxnY#Ns{}FqCrSAS`?c9Gm&VA$`
zOZmjI1*Irz{Ch!jg!4~-|HEx+{5QK_Xu9wHhZ_IS?$0#c@1x$gv-`+j{r#SeYW(+I
zbbqDk_sSb;{D1uW%hmgp>^>T~bU*wUkNF+CTXsLmW13%hL(h?N2Fn;Et18%w8OrW*
zsFWAIg$c@*7Imk*&*+%GADakIvdjCPU<t%nE;hyUMzePQu0{R_IYpqcv+pvpKO6a9
zx=$xxkx0z^;C=o0ZdIwR9NQdG&&svvvbe`{gNL=ZMR<4*jd1zhU^3-#$YxPV<nm_8
zw5TM*(?Ry`%i*IGtfAq~bZ@xt6moa_!cKp~X>{H=>uVNV<wXhiFG&)m4U|)Vm;BI6
z$(XJ_SXF!pdJPip?1ratbHe?n$OlHk=Ws8-FKd7C$3UW}D}H*<wTRqD<mMhQ(P;zx
zykiXaaf<^6I^p{3F)?0qCwk4@Qj<Qnel(s8bD&xp-jqiz)&*8ETIFMy!#qDd>d*L(
z$p`Vw*67<6Lq3Q@&l~eWJl!Am4fmUiB64YUcS~#XK5QD7_cvcN$a`zgJK6K{#Mk&@
z8a0~YYFm4LUx+>LQ=h+#J+Hnk4?k$fWQ^vlZA0w7PytZ*Exp`&o(zR%6rO$aQY<2!
zWv><eO~QnsA_n|sxr8}+7FXFY#E_JDAAJx;zTSwr8QIxblm^uw7OW~-(QtM-F&9_v
zW#1=~VMj87?O-4Z)+E`BZ?I-mpuZQs4)t|5OqVaHA{WnvmjSES|I={(_ZY|5<KI2L
zo3^wyz7L)=jBm&y8sAVfK@QG39^>mj_uo9eao@EyzO~O9#y55$jqk1u7++80_=bsf
zi@|t{@MGLGCNWfyE267e>WnF(yQ5$a9*!z&Sda%6$m2?x!sn;3+oP9hruXyhMtbKR
z9lbO&z1K|i);xAp^s>$LZZgsHA053I{w12|U3PTz(#`bVyUj@N`$vD-ct@G&J#%#Q
zV)}QgiQeE==&^b%blhE(K5-2L=_S%^BhNP%Sixp^Hd|~>&Ab|($O=f%9#6ZtgB2ZF
zF$s5ZOwW!1623k=z0yuGoaFbeYGF%wUNZ}fxmwJs5vERs-SV37z_*d8Y)7}bRMT)4
z=y7lOI_sdiBzpIQsYPsq>fDt{tQ)Z5D>TZ8{Pqmo1{Pyn`e0m*;R37dy#vT-Ve4LO
zrnA18e->dgj7TlM>yc{YF^rBlkNqklcrV7zW-S(`en4#!Pj}sePi>O_k<ZKtOh0cc
z8lDrPjJ`{fyx}2MQbM?cV!rgEbZ=-F1|0Tq3RC)^7aj{dS~8ZSPC0-ihu@TJ!N--Z
z>^&e>Gq5y#uFEH~OD-9q1}T7%;s8Tp=m=(%M2mhDpUsM5=nMXU0($u@P(WpWhrRmC
z59tJcL$X{0`bZvgXLCd@EM)xdL5C>hw`L(Gt83^d&%M*s;8(-J5T#faux8-8b~v+S
zp180RD7ZV>#VYu+;a^B=p<dq^^1JFXBO``psY5MMKqU{v!>WEmp4YoyU_lwZp|Nr!
zz15;L!QLvZ-D_iLoyBRby@2NfHPX{(ZjPllGnU?Ge`WN7Dm|70-Y!mVDlad!6x+@C
z)0{7vJ@3Hk*ShD^T76#2{}Hn_cETV4ptJH>pp#E(qHZy>Z(+wYX^Z5_6x0^Us$>`Q
z@}|0dv1fE&)Y-R@l@06UsdKwqw0u!*^(PI-^@6TH&8$B$+AA;5sJ()JPB!n;ZS<#c
zP6zu#srmmJ+n*TiTr<qrpZz6A)1SLK+8?ZXUKyu9F}vC2rv8jMs{X9|K<iJm7*eH9
z-bS_~pCUY8rF(vKJJ08$9O|AgXhWXc*AEp@hlo6FMa&xXKF8Le^}G(~2R*IqSXwR5
zGFl&;+d=)Hr?>ml7<zAWdSlLw(GQ!CQa|iIPWqwpxen-uAKo<ThrB&UqaW^i?<n+x
zr6c;`@*7O@Uwl;Z|362eA9CaLCq_TKo@?yS+M=WB&(Mzc2lYeY^BvF+r<wZWIja85
zeK(GNusn5i`oaFx(dmcOr#hq`^0YkZ@w_ACA8FU9*!CH73~FDgxybwQT;#n?yuzb)
z_PF`UzdYBJpS;E^{h*~K@An9@y}uI!R(HvTpW)))C5!NF!%OlFl`IZ5nyp;;l4*yb
zXR~bOk3G$<uQ<DtCLej4hY+Ce1;;r46~}M<z1tlB!-ny%;NyRojsKmP@vq_I0GL2$
zzdwtQ|0zEHvkc=uruo+^=38nt$MP>8e`=fK|FeGln``*^|IEfe+dTeFEBW|)@$r}Q
z@%Q@W^KTe`&G8%mIc<)=#4!G)eEcPB{BOsM{|i3;Gx_+R<l{e68$acA)OK6ltBYv8
z28v*WJ(b0mYS$D%Yx@1nc)y3oBO~om{YTdhmH)TosKs6ZD&|m_J_+Pa(i(B{4y<{O
zA>Y{)06WZC;?s&xyRqI<z$sF_xoK2s8moBYOGMo)2AoZ7lu|dRo808r3{0|!b#)lb
zL>OF_o^QtNqTbLHD*gu}yDr>crox)IQDAV}9o@NGOAHs@C;Cf73)a0z7lLows3bf~
zvKbE0(E+%wvhXez;FneWA{)C?X;Del1)LOOX~8;}sg@!EAz{J7RJfK;TbD@mHWS?i
zRL+p@;IHcWuc$g9J5vdSSF)z@7Z!Q#SBb0@_+|z@tEDXrmlVQ=0GB;f8V>mNTYLcc
z7n&$nn}Fx&buQ3(RvlC>QqC2r5bQu(k}!4R$(RT?3AoceaA7ZtI4WtfXkA9~;rbW>
zIps)96oQ?s>~p3S#M|9l4ghaI>IUOqz^P-Gh2Sex!w_~!^m{Omzq)7n4`Y48nw;R)
zY+*)?J9VcJR8p{j-A+FqBFEB&{((*lD;8HP1l=$}K0w)-f**s<vNL5NP-tW4A5uI4
z_<0v-Osc0EorAKH774*ClQB#c!<q&_^Me1@F7)a<iG@1(>#Xz9s#E@iuXf6%4fsoO
zp(T}MJCbY1F&#0H=%gn>KWF2p)yA=32xd@u$o=MV)VWgYgy7f7yz{Rmv(8WP1P&BU
z);BU1gfwKAR;m@Gs8aA95f*>t$zboV;_z>IVjKL!`iImmhGRvU_Bzm)z9FW4)CE8P
zBtPx#W}(F*VN_z>;)46%v4|I=_o})n0ZVe$(*&O)hVQkyg*kl_@Td(6?K}Z*48Y9d
zf`^MdI+aqeUuAuNgR2~$^MlA*v3e;Is&zZ81{T*Om|3jY(XFR@q!a`tlqSi*pd7)y
zO}R3{jc!`eLNHr(Uc+@hT$kEVtly&5?UHu7{QIrSMM<ii6(E&!AiHNm@oji~B$Wwv
zw(wjHXvFDN*|wTum;Z=W2%G^NV(Y+vBtZynqe6oL=R5Glz@(zH2ExMFkw}Yx^oS7n
zHqjEb7ok5ed1S2OyFdPYoOwLCvwj{I>*nz*7W9YfAYXX8Dr0SSYK;)MwX=Rk=VQbu
zI@)k8+?)<e;UgjVZIV%r@8}$NDLfd_>O;nn>++Pia$VzsP6V@4uqNM560xriM<TpK
z2jEUu5UZHg<&tV}fxUUyIJLKSi<$j0ULOzmmsQ}z2HjoWB4sE9`X%te3Uh{}BE8FC
zcCsEw6M}!W(L|8W6oS*?3JCN-vEF6F-@HgVTRkNPz0ssMo1~X?JxDl7@GI7+1e4we
z;l-b;%GWH!j}K_k)zi&YF4xuF#M+}#?<SsM$XJnRQP+^NMypR5WlA9^l#oSL2PpD_
zM^<_?8|&#|wrBu51BSvcuA^U|g`q1VUF#LxjiS`wiIWs;qKbN&USGg=BO%z;stG0X
zywGn;(hKM57@)U+wr))bq{Xb*a(yQ(w!D_rAB7(#L~E>KWz`Zf#5O>0$~WjRO)E;4
zUmuDd)CG*I@Le{1_Y{4{HhkR~l?|wSCoi>;ov_(hu$k2_EHLtQ{U?dq1S?naI9|YL
zAOug$N?`)Qw^ge;lM>r9m3!2BgSZg)TQTXczsl-wN)(<<Iv9y$<4QY>DT_gwrCOEu
zn$-AHG1Lv_!3Fc+f_Vt3Gq;fDNbvM`s<TmtGokD`$lKA+_h`d>qx#4Be(RudzBT<e
zgV`;LyU|duIZDsn8R<!j{fAgTfZ~tJnkHV~6hJ0!&&u#7J$(>?Y^Imk65q)x61!U4
zU)G}1Lb;k_Qof0a(Q8o7fpLc-5pIN7Gj=lZQ(iox^3Ndmyx+9Kq4SG)=eKE!EpVYa
zPdUK|7zr(rh+d(i5ToQO1CPX?pKh(sPc6<5vp61qqETDF?3>_sSWS{I8mlmMN<!53
zDY`)2=t?uwi+b_}e+ddEfQ}DYJm_i^O{PT9H}NQy16TExFML1ltnZU3suJuL+`CCV
zF-4{7D0*#El#KeR|3#{P@^Sry8Nmx`-Dy_!uymmV6CumOtH}UKv~`-q*Sp$&(JAye
zaJ@%X;YcC4kLr6CfsG0)7435Qs?CWOomL2JH>vS4Dqmfs0o1bKJIR#!7#=RyKRqKU
zp1kkdZ>(<`eSTit=T|hft`8@uzxYV&4sb9Db`$qkw437FC~Zd#&TcZycfJsO2_%cl
z>TcSPblM#|s=xl5>H0;WRvu?P`I6dLPdG+ePxT4L^>bNc)Y!rGbsk(RZ#GBe8^kSR
z^+Jr{l&4~>3hsF$X<<xfrW@9C4IIE_nYEZ67lolKGY-fHYZEQX?^@LTN3900_*s2c
z<R_McRbD@+A0I|1jys_7i^ZUxolkGfc-*H?I>N(mMKuDIrxoQvs0g$%236!Ss3MO+
z6?qJ*$YW4N9)l|K7*vtRpo%;Om4~3J5va2UBx&{?<plpp49&xZDSumz@97vYR2ufc
zc+hqVplXk<>M0jBBWsUvJ*n3l;}f|&fqkZ=z^^o$FL>$!x<dSwC<Kz()odad{0Nw<
z>;>@vdqXJ$v2deVifc}JnDXCa68|C4#t>*DJy9>SAg(<$-Bcq=J)BDTfN{~Clo)SW
z<iJy4m?=G*c<v}Ri3JCB7K*4md61cG7sAd~bgrK2d5PNQ@e!xHr6B>0OMICdx;Z-w
zOyRDFRG~y4CuZBwldvS}jJk}S%&eQ;+**s96IyE#4}gbm$i)_w=4gxgF)co(2NBWT
zhFa#!xKERw0n%b6yw|{>ZAJ#&aoF_uJ54Mi&R}%>B#&OKGdc<m8Awhv(4e?_eWzcr
zn&;1r6F9BO_?X8U2Ohq(&-hSAd|KtG$-{#pSo$MCo)**&gJ7r>k&p2N`Z4-rgi^M&
zDwMS(lue|b^lN2Jdp|ktFx$1sYol|E)B*?p(L~k)ZA(h-egiuvH5=IZ#6iQ|CC0ly
zG#f1Pzx`~Q&e=x{k1sxAAl5ZvxSMahn;J0@TWM_U5hEHn)NFeERJbqS{(N_fW)Dr<
zPY0DTzd&6>4|!9zE|ZB(-h6#?ME(@MYuJZT1YPi-Q}CbO^7$?nV{ley%tXS>ZPnJ!
z8W?M9pFfa2zq6Amf8DR|&wDtH{CR1bKkviff1W?jv*efg^OBeRFZuJ9oqEEb_kYu$
zxA^iC{=5_Zyc7PsU(KI)=e+;B{=Bu9#o8FvmmME}Udr4P{=5_Zy#Gjl-c<|#SN(Zc
zKk*Cwc@L~O;m`Xo@aN54c{KjKKJOhjf8KTOSbrX#DF1c+c_qJX&7XJDq!a$U6aKt^
zhd*!n>=XXH6aKto@aKhst^4zYOAP)z`@rUie7J8se_q}t%s-d&b8?J7@9wl%TRSg}
z`~Tp1V?7G3esW%=D=$Y{r<M4|#Qb(&Xbc8c_u$^Syk!}yeWCkPeNx^`F%19nM1z=#
z(i2!N1cGpJqgSdHr46oOa%3G24`zSmZMTB%FAI6fywU-Y1cV~zd#|A)u_;UBrT1Z{
zF_m0Sg_=0nQz4JI4#$T{0V6PqCoeSTg}a#NA~Y8HhH*tZaZLkA{dj0iwg)JHGD`32
z3t7Bm=e@})evk5_xH5W9KU($Nlj;jiazL-kL@8Vtp@OzlTQ-zqS1Xw_2dSyPtxw7+
zm1m!tWC_h+wP=fH!f#5&5K%z}20*a{sn~hgqj9$A(OfZ9T$Uqk#?jn@;h_Kg%D~l%
zkf*{c?K5+=9Jope7lT#k@4z8r(pldHW)>Fl)OuzXG7*Vs{jd^=G?Z%i!xwrR$Bas`
z)+^QF6CbAGoKf+1mizILH<Uwx>(;%I+<fvr$brXo2_Laz@14&QK0dNrFQMhosLtQ)
zWmyZ?x`yT5<dZ%XC-0Dn!I<zsLWdNdbVRpte}hXIHBCm9oPLTfGPFj1=t1-&FV*>x
zuL&n@_J!DSOe#GL_A`v|JTWxb<_bM}pDSyivuKhx^k}v#bn|F*#lmj%s3=W$QgU**
zPW6Vn1$gr7g%+EIE#)*{pUuD=Z*?T0_yO)r&SnNui1ki~e;0IOhM*llu*@tP9Rh}i
z3%sH6xiGEX&~^E|X>WL#GYQ#{=@UF#kPE5Y--$kAgcsL_`(KSpw}LBOG5jLsS?1Z)
z9e6BT8t#Nm{Y84dj-_EH`zr06WQ%vy%_Du%VIP1QBq8<z8Cxj^H$M7saJ5$uH+lV!
zI>2f@3sGUX+nF8|`0bd2YnR-|iAOZAb9h5H+jGL*UIb}!g~q3$ilStIefp#MHjU8*
z6nOD;28gN;CEy|3tWSigA0k;8D?U<3opObSAi#fehiW$a67O@S!W>G~lfOgF2Rz6<
zuoNtaj}j1RadoJA_jSJfYr{pCSm+q5&f{Ol-w9Cv&gN%9z=F@UBjaec!<Wo#KGOn*
zp)WMjo|Cmhc&@7VV)R(_k;{fTZz1Pj>3}3*>fKiKA0~>U+(C<Im3f|Fswyr7d{)-~
zOdp4dbbvJkGg@rL2`vCJBQ<~205`d<rn5n0eI-oog@}hB8<;4Ar2ex+X#vq0ROg;W
z=Y16g{uyiVCm?1P0;^DPLN|j5k57*t+!ZfotiiLpQ{JF~UisXXGcEGuyBC2xl}>ct
zVp01l1alIY3|Fc>r!G?GwQfq-J?v{0nwUOke*z<eq;9c&ZOA72MOkj>W`8sU^QmyQ
z7<!)`l)venY-u=?>~tm#c&D6JNklI1hex)TSn*h~LkK>0L@mqiZvyOoqm@04bi7&n
zgegJtFnyP?nl;vE56*9DQ9{N6BsQ)$oAosO4GzycYKOE0&~$HJZfZMO1u(K2G7Qzn
z1W!G}@ibb(V351YzDb86pj!-Ifq7HbiUW#ZPqv9tqr5PcZPn#`s}_a8H(({nZ@~AI
zx~n`V@qtX`%BWuv<lae)_J;4bvUfWH{&P31USv8g>#ViH)U*WRcP?W!TeuplVeJZK
zFC$N)XSQLDd&B)-6#K|@a(i?F!<i2Gcb6nv)TOV4n|1ytk-2R$;|P#{yOq)?A*t>O
zY>IaFO*Txz)JM=BllCc3alf5$;^~aK0_sO`s`)l?bn;i1qw21Wi6imW4Y9Lt8d);4
zAv~E`Cs*wd%w;x&a3}obxy**}TxLVE`Cp#PYzWU~HiYLg8#0oZUpIv3GMmDX=N&zh
zxc0%*=v!3S`P>8Se7OTQ6J>$Pp9lQ(O0eO6M+#Ej2y%wXOk?i_hYin5>ph_%h4eGn
zWE<Bb_*jP;$-wXm;%A*O)lZ{8<dc3>T)?t&{egMn=EXgdwH2!@KCJgAI1CTVR{kV8
zO5f-Hf*5)mPu0;o8$?6?=fjk|<B#8h((sL01m?`;TUVZeUrlH@6Zc{94l7={@PUiz
zfh#Y^&*zL`MKsQ!93e&ncKTVSl>*<Dp2dt>QBJmKR`jXz^4<jcK?cx>{xlto=sCT)
z5iR#Rm;I)PoXpP09Y_0OWs2@ib&Y)TT_@~|4%rvWPX9&r#qu-Twl9`n{GV-KEI+Lk
z`(oI>|0DLr6&qmn_rCK#z`mH&vkm(q{et6YU!2<WSFkVcaKyJShB*GS?2E6Q$H~43
zJCEMJkj{v)FUDUIYhSQTslTp$@v<YXeR0Luj@uWH^gMd|V#4XiZeM)bwWIdM-@10h
zzIddo*}m}piR_DnuRv++7*6&@U>VsLXM9igg`7wB#dmArflujyE7#)ZMZ;USFZ!Pr
zYhR?E#%u+7lfk~YyQkj1xHk>#i<^6@_Qisp>^JXkV)jLzt~Q7-Jf{36uqjyR8`UA9
zx^f>BlGmt`%mir$I!>hUXu2EBXD%l6v6vi6@}0w&_v%(_5|#nU#iB1*F-h?Hf83oT
z?UxI01$GrX#PEm;kRRAGBgJ;iR~YX8m#t@7KFVgKDuC3pg-0TH{K4OJ^`l;QxX|hy
zRSV*MhUnkCTkNyc7oLbTw*k!-xtB__`w*bvmi98TxI{1$B2g28+HJRrqv~002u~%w
zr>8B@QwIOfluz$OZoN`5lrs}-i?b}~??ZK$U-~f)9F{4$(sHDOVkn$Xo+RRu7@EQS
zO2oY)ul)5+DlswBi|(g&;($qIFmZRC$~g0f+s)3dbF|tehm8J0`RDzSNW%y6jt9|4
zSc8YGYZ?UdNHUtIa++OlXNR)ae3MM^kkThUsoEngqcT*U!0MvzintSHnXND71;gvj
z@;36d@Pp?z-NEyPuf$|TdEo}ukDGY=@$<FBq4lR&TGw-0oxe$r=F>3JGv{m3Q%sGe
z*pkchzkHo+&eu|?%U2<GAYV(V?s?xY$k$R{(Sdv|myb2(YkB?6qsiAY_x_{E*J6*8
zuP7!vV6dw(AIS&5J(_$Z7k0Ein6ITOPJWb_?1%fi82fYnQT6A!`??=%K8iSk{LdG)
zG{nYi4CnD|3}>2pc5O5pL%EuV!3TiTkcZ(@eIAB4e#i1K;Lv~nB3tl_;k$;{<xlT5
zXJP31GL!l0^(>|8!5nt|E?k!%ZT^Wk<Nff3<1pUg-?TN}IhRMrd(8`MysIy#@ov1w
zJl;MpvGJ{{XX8!b<E^g8@$&q}`|-WW3Z9r3fi#(Hb#+*z2DkIw#DihZ0v}1Eib9$=
zYYGkc8sCIuRKe4!2tDoc+*{B*tMjTa6B)E_GC=E%DQL|4!01?jMx6h<Yy1bZi%#($
zw7C`_x94FPtXuGGMxaFTm%*JZdUu@=d=?`>rFC%22Dd1xd?SYL*f0`?LPy+P5Om$=
zw7D}|guon%P~KT&3#=A`12E<cz@jT__GXlLVb1teB=U!%?(o%CoakV8cqSX8CSSxS
zvK|1#{8couLLR#}l;^;Lr~ZF*RbOs<?1Yv+>tcG@E4zg0b%^xrAUjLW9geZs1G{3!
z;G-*ZlMwu-3q~zE9aidvCnJ)v5d+KV{kXr`E(BB1LWi%!(=8O|n2vuHi`AmmZ_IkY
zCj@VcsCFD?H6$|7`=Ty%H&BwOj^P3NG#e*Z2>cCf^1wzRa4Y)~eGSBc9mIhU&JT8B
zdR1^au-~>)2+XG7QXtNz$iR(f5=`9qSAv-v*~0W%l^cuC9fsT(L9x5=F+1}sA^2nh
zjgbu>8NyhDy$CcSP#Cq;EsbXRI7P(rsIqE#bUl7qqPja+SiO3-p^n9#;D0o!Pr{;u
zrTGWIbSv0<Iry(sv#1{f7_}H}BA+vpc?BBx(6IpM(-b@(Q3lW+11<lMM06ZDg-+nv
z8WzncdNQ{9tJ2W{0HaOsB0Sj%3t+VTR(PU2{37c<XTI=6A_j2oO!sAtcBTpbBi1N8
zkr<WK^{1M7I^1UFDGF{XV=Br1x%VMk?@Z*<pZ$BPr_xWySd4c=Za_2nRy3)JMZuk{
zOh@Tqs}NWLA3PYyw}g9F3Pt91!OtV>EC?WB-1(Lw3SAqCA*KsxH-Y~E{HFTO8|^Ic
zrhJK(dM+4e<5O5DDJlw`tE&R|B~D(7gTbP#(iTINRN9aHKjZv&0V%ZA3xT{AS{F89
z`VuCTYlOf(2~pO8a58m*?0fuvdf)FsS5T@C{cySJb9mH(aOv$WTHL4ZIXa4=xZqy-
z$2cTZ9lhwc13V7FKN901)BG*^bq>P12p@$76`b50wJ*^ph*E5!;N!97Vb4l`Q;INk
z1>UP+v;TMk_f%w}=O9}gwbLuSvsCP}9lGcXk4~oH2~RJ!4RboN_bz`O$;acH`2dZB
zQ&zP^+h@)SEdZ~@5V8kyPFbGeAG#JiE0uB0yk6r@A#i;nXDtmoxsw*|uMJ$uNMv?i
z*z=0NDOs4>3&WOo-l8};UL*-%p_0rgq^?hlTFR;wrv6TgQ-!gYxXT9q7MCqSun=G1
z7&z$-jdyrMkJ{y~V<={_t4<U_REv9n;1&rOG)6032>h1LyfEpeH7W!zg+9SYSgC>T
ziChEVR2PccxgqhRs19&1rh=1NGfE0cU!7H2qF5<b#)qs`<7+D0VXdq@2&@fz76G3o
z*!(-MP%LnbtI(n@NwvSq{aPF$@A|iR046+TH(R$((861(s(_0H+^d?tA8_9_-~q8{
z7UH%0KvM!!v4pl<lt`yZik?L0PIXg4IQNjhNf54I%tdfIH9rhR&<7$|0TTG7*r!^|
zTICBnLHMd|KBp50uT%QtN}|dMv{kJ+9JCeX<hH8HDHD`aagJFrX<WDqL!n?-&&T#a
z=Q^=%XzEX8afJTQk*M6BVb#m+9f@(|_Mk<@Gh6|xjZ246^99~bvgl;jT{aPm;7*DP
zFgaVUPQZ~s_sfzlQl-@=F%cY8o0N&0rSj<!J-{S=qK;Vk=AhpHQo_!vJwGkcqKr7m
z)(_0~ADD@fu@k7#hM2KYk$KdcZfReU*q;1NgPs`M|5&SQhXE$E6dLQ<&M3G6Fj|$<
z4(a-#yxd3%hcmV)9%J927*q?Z)Ae~zy`N4k(G`B59Y1K-S(j$9wC}8Q)lOl>x_UPz
z!mP7cEAq!3l4swjbHqKdpW<hMX`twx*=0poPrGv&Y*$R<JB2y$6<Q;y%7#OHUl2os
zfxm-cv;z}N{9R(??lb$@`4|vU;?54M>G>M3RKp{%JxxmXejd*X^KJ}XTpwhii?jw_
z;(8SKk@;4({9!YZ53u<+{q$w}DPKNsz!+fFIKXP6UrIcuxkxsYvfzLwLKHnW=&)`x
z5tZi}O`9j%6wltTe@d!RemZFSVn%a}yqosVN37=k(_r)|nfv244Wy+e765OL211@;
z=CVoZ>y_#I+Oh(aLHmqsnBQz*!zEk?Ido=|gVZl)Gund6#|K!&a}XxPXwZ}cevG2z
zM2Mptpt$cuxa|<7O^A{BZR~?x`9}+HMAhxoh}t5ypiSyc2ei>RG~PIXHxty&1gBi-
zt4=PCnvIM`yXHtMtbKq?5Z*`%{91l|IIET31-+`h@t@yn%95LPuS5=$Gxe@dk}dMy
zM7`T}-zm)zc~he5cJ(ANx9gRkB%9AGw}MA!Sqyk|vxVW&T*RYx1_0n|_WGB~*XZyl
zdcz5icB5CJ@`c{^@#uT4;?a4irCbXb9(5xg?Z)w_FrzAUrBo{f$HPtOD>^|ykT1BA
z9m!}Bf){te!%HpMnfrynlX@81i^0%tW*GXQ4u<|@<A~)YiwfahvzUNanHh$@7Xw4-
z^dh})oUz26dRPda(-k{)ICBG-_+1DZbkmk!#zqjMG(3q#+L^)7lQ|5{G{8_i1E%_o
z2#4OP;ZXJGAcNfuVDxqkjNYIJqeUEy4vY&%ABY1+pGb+e5*Lx)ZAMR}ts+w7%wl)y
zA%N#}c=u3t=3XIKm|$WJF^0j>T_!l1iG?BxYncsTVg8bE^k{uHJ6{jfO7K3->D^#Y
z1LU+=o_94i!|lF0cv*n(GM~ZAG}Ji{02jVy@G{erv3jf<q}#zjW&sD8C#xXS#z1C)
z@Whcs0-3^Gup-B1O?37Z{3!_rr1=0tnwJ=O1z-FjF4FAAn57B#HHlofL5_uBCZR<-
zU^o$Y0X?&->?3?RQpJ~FB+x+Y!Kx_4%+FXpRw6hlY5=o<15D8jFuNhZ%;f+RUk{yj
z_%H!XmaRYom~$DxoMnjvFqxbh@#W)j@a1hfhG~l;3NruN!sGQxsdkImVY(5{44QCe
zH%<9=Q|@iiy-$s|U*@-iH(xg5&2A{B7G+or-Xt-QYM3BA-iTeA3sOWf*av97^QAEN
zldNjtl`0zuMmXsr9Ku-Ckk}VLjGe*GHSuBR(iU!CrM8JT$p%T)@aEGxym_?&ZzjaU
zo4rkVGl}EPo;tkAj^_EoW0<*KN{V|9C}(fhQeo=lbVv_iCi*peuzpJr_lz{6%-3&@
zqD(H2Xm<n;6rYShlh#2AhHrFcrh6f+Qw?ImY7Lyi4_xLGq#P^Rb+nXoRCyq-0-zkk
z0cC0wP_Af)cd`;_*5U#<uCybr?B1-$|N8Z4;qX4&!uyLn=D5<6v7Gb_;Y!dixD^`F
zWx9$k|D{8hnYgW=zP~G>%clTcl9U-BCKtG;XqS7Z`9qSoYGH0;*5|@2)z;krEgv90
zXtJgP%n3&SYFvOBqm!&rom8BwDIkpxN};~~GMZfl9A7@5;!7!xbU&=am**Jp<-PG>
zkkzW<OK6fg3Md5R5a^Y_=Nw!zK`lci5zdJUD>>0cScp@v;{dZ8`5IL1LueDX6L_wq
zHpymDmTBi|ReVQ-R<;=M<w%AvvmOO}>5t;e2UUD&+WD1J4#vpj?_)uxSti*zJ!3!K
z({QFR7ciEzn^5M17Cd?c>neY&)Jf?^^_{6d%0dIqoDz@0HF}&mw(GBmGe4ALaOM!V
z4rk8UuaA#GeF*cEro)@vnC4H@@MgDoc=M{bcr(iAf0^*+)>iSR;MuK=+|Tu+Iq$(w
z^4${>$@NpHJQa;I!hJ-=o3NR5Ze)1E^wWOyQ(RR4Vqh~(2R6HrUBtlVw;YdfEJ8sp
zI+Qg%3O4mSW2PBw?lFVSvS!Y=c>CtF@o;9;np5)k$7>a+KE-inY7}SoiN%=)!LL`|
z*=M3=umY4j_Zc}b&xkWG;5akQlTk%1k1DLO7|@FPsX+N4iZdSoy^AuHrURP~phTq+
z;@qbpPUz+)5<VU5OeN7H?D+!6o@wM<dcZOk6BtqB*rK{~fCywok*8hbmL0e?h9S=a
zv|H1ZQ`DKpqJ+o`HePJiPK=m$q!q5;bcFq~P}u<!BPU#^!=Gp4KYi)0YVw`Chk?)S
z^8tJo??0>qpA!IW%728f82DVapFLRxPyQ-+bMEik$D7am61;hH>v*%P4sSlF$D7Tz
z_VMQD9l)CfX1w`K`*<_bMZ=q~{Wsvv>*C<e2mUR1v;VJ$H@ysR;$c8n<Gy%+bEpY$
z&gX!$4&6~Gr19})Q=*DDe`0tOV+q?rn@%&@bae=Ax(#Ua(st11Z7SMau0xw2t7tR&
zKJ!@M<{LZW!p({{;AY(Snep)EjsNR-GxIp$&82KD0^E$EO*D|C?TxDe1T2M4KE2o~
z+lHalo#%)JnP0~TnV+>p?HC=-{GnZ(`BxpzywHF%w<pIjFH>5<nY}xVGtcS>&b(5L
z#hI{C23MPKW`7gT%#7m9Ls5}tKqrba)1vmAiZic?#hLH7i!=WcgEQ&<<!Q}&T*dI^
zWFx-ZV|Z`L!KJEBOz^U|3NPO@!^^opGI;qkz{`*sT{8I!SQxmJsvB2j9Tc9fwl-<7
z(u^t}GHB_#4xvi79#viw2UV7_ybW>j<dbm(x%597Pk!DCo=i9t2Tv*w0-k)W19<Y%
zW5JVuiH9c_Yj_eZD1wmEG7VE!1Dd?#kgh+<x9#J}AM|+g^p?ZF9-h2=LkylgaJddo
zesv6Za&Ii2ys{lU`H2Zne%~gZENvZ6_Po1&Jb7V!Jo#;biYFJhjVF(o@Z?oSJo!KI
z@npUkPo^9?o_MmPH9Yz5vEa!s+QyTU+s2c9RXj<0f|#zVU1Bi7$uBz$C--+0PQKV;
zYWIQIc9{s=(lI=lejM;*7kr=jKUcSnCs%J_DDkgv1D-s8n;uVIc;IkEK4qJVCrh@m
zCkx*`COnzs>?oXc(0Nw5pl@4n(oS&lzM}}Ib(q6xFXZ901D$XOx`)BENlq=6wmt=S
zjlNC_rM*^<DOWN~>1Yd6zN%u%=PfD{d&OdcPW{c8@(-<s(%LALwwF@~enKI>y_^(C
zdmjs=wHpIz9nnDAP9{W|Mu@TnyBLk59ifk-b(rI5b2TVAL=Pn&;!rXpE|fek4wM|+
zMjY+EW)%5&t0>Y&akM>v6~Ci+&mK;Kk#{o~>CnSSJBN{nqA)V;7-8h4_{w0^3fL4G
zmZacVA48?7W<+^8LzH%$n_j>TNqdF4H3}xv08A#SV6s62liww35wfX*zu6ce+lwK|
zUS=eDMqDK6VC-T+XnlcU*@;Y~(Vla#_}Ex1>Cmv`%_^2$sz%1nSFLXGsF0+?j3kGD
z8y86qZ4*hxytfRtgCmV`u`lW3Lk+Pc`W?nWIMQ#zk-C@@<?hzvV;$|_$A22}BTlE?
zqTJp}d~B-lcoL6~O&3S)6s7GH9ox7%HafPKAv$(zd<40+#e5#q7R8Yt$6_Hm{9w~?
z<nuZlDHw3%;&?c6Pl6FgHd`2uydVZgYVomb@%497cx)q@_94*8h#gsUEQYzGxo$*~
zKWD`tNsNm%!pI*xMPZ~J#O(JBM#9PrY}5&~8Ao2EJAcgLU%ebg+M=d>xE<EX%9Ez}
z*K_0G$8Z!sVh86L@MAAE?lsK>9WPL!V<m%*X&Q8#SkIv2bMfL{LA2;7KRlc+R)|tH
zMZGqzGDN-hGDp4s$)KKR#f6VC3g@?0ox&;hYT6|VAfKUprh5F?OT~{*#1Z4ibojBe
z0Y6?F58fyi9ez}?BSpGCV*rmB>FUrTU2)1O()Dr<933iF^ufX{(PCV`iNT9BI^~>r
zc=5wK0WW?O2QRYtRy)SGUU!h$Zn~xU+gPY*lCPP%_*T~bT0?v*2Z%nff=JSRQmS&j
z0Vj59(&NOD@fdk>qYfwj^wY116J0A}aN_3|GMs2foY<nqx7t8a_d*-p&hVjwY3yET
zrQ0d$Q2EW_7<||-E<TKM_lOA}e%p3@>pRi-RujlOc$<n3|7F034iz85W^i46e7Nv7
z6(7nBAKG>J(4pbOH0At8O@0U+jWOcGuN&h<QBt}`102jS<HK2P;ll^x;lrpIrp($O
zuT`MBisM6D6d!ht#fJuIuUC@I)C{|~^1(hM2bLJ|;k6te+EtupXF;thG)!*PpkXf-
z(W-*IUWD`5mW+VV&LUcEI#6a)KHxCWu4!$(p0|^IsQj%p1Q^mGK)doVM}R2S4lS0|
zp=>(R3OgUxfZuHh{65TR8~CmNlEJyZy#m0m?|MD(>n8*7>$zS9evhqZPfmCxdLH}N
zI8S-k*(c6Zo;Xi=;ymSv^OQXB{(_Z<Pn@Sbah~#coTr?B@rm=4$8es~`AOFk=PCa?
z&Qp4C`v2xU<)fQ_MZCG{;~2boN6-Jl^OTbBn9oyQ=R0wp^2B+{<8z+!((~FqPkDVU
z!<T0~1xWPOPxMIi?*KjJCqGe<=>AXGlRL|Q`FYBtejiycoOmC3;(g?a_mTfUzK>i{
zed2xOiT9Dm;eF(&vrfE^jPpKn$NUrTBmcwRNA~gjfAc=_j@7>+K799`7<_nD*Z;!z
zk#}Ep%<m)nU3KDpB%6;D?;|_>KC;hgZNHE7&STi_WIv$57Z>PJ;LD!^3X~S8C~(&T
z_T;w5wfB*fuvW_kUH+SQ)HJm`-v!=3pxs~j^K8?79M4F*-X4K#hv_=ibe(3pPB&d=
zMy~;%O6w4!=14Ux)9_965eka_9aJ)*1VO3IM<*7-^H|39Zch2Mzb8`3jKTyMchRZz
zF=@UG3X#?$$e#=3+$}ZbNZW9~>*dKf;K|tOm3FwLMyV!8`pG4=pk9Ti0J$y62}WQq
ztaYb;D+IIXXveoy_m{m$>m>v!Uj|ASzDNrk!1Xhr$XO`(8!S}hx+ukirsE`B>OWx>
z$&W4~HMlL3JJK(w4+N7D&$9>%s|JUMy=`%a`{qjZF5#V;0U$@hlgV(;S`VK`3QwTx
zblztxR;-XVio!efUff}-8_x66F0<640*aw_ufNtx>s<Mrh70j&_T)XdLer()y4|5k
z`C~-WtNL1?Cz)3>`T&xgs!>TV4>7QPY`I&KbEM`RX}?R_<&tWB1MYJc7T-!b-Yum!
z6hzy9+F~+1n(&;!8%NYS#+`jq1j}wx-!*wK(PtA|oaObmBotpp&A7tXy(rnD<r6*9
zLEJpg8-}Hqm!|nrKG9*3a@B3@w<R@vO6TM{yUT_<&xXcv2RaK@r5j%tpN*T(SxQcn
zKLefk;5qoz*=(QE9zF*jJ{!g1ET!%UKYz!@BTBXWh>9xTIZ_>S!F+~QidbRFY(rk@
zbXbG{bNl*0#g>3d?n?{{{hd0V>$>5dqyphWi{&1RFYI&X%FEF#{ZJh~73#s45WPRe
z3Ov$%&TLRK!=%-~jC3(&gIAJ+%Zm%~v_bgM(cveigD!^^FMi>IHPwSkB`@JeiR)d`
z(&Di$e+0{3OVzl0B!S63FmruzlFNTm0+m0}fk1kv;a{5Rld59!=)m(y4S&OW+-&z5
z_d8yfxw@f}*?DZA9(NUeKc9F-lHwBFUxNu$ql}ACJ!_AJtAJhTngR~v-fZ*15^I=E
z`@IFL)lyw0xYfhiP${nywEX32J%?zeD9|xC!4wq0FG0hM09}_??vp(8u;3>aJTR4Q
zz!IXOR6I+{tJD-wPK7-E72N5IXJOgWkjEj0lY(auJ9r5OH<n=7yxYa}OARPlkOMm8
zyIly@(!tg3{z>zIA)cA&Ae-Zvi3%tiYmBcV@LxO=mR+$6sF#88M&;cdy1!C95Bi+4
z-B2q*2wqFYmZ&(Wu2=#Vb56lB+QB+(HU#7FPjXm_-tb9dW_i%6g|4meNt5PzrA=;W
zO+zn3o$>Un`l23Qe~s0bb-$x1_1aL<u26c`x5eK=<MW0{eJfE5srQRFQ%$HbvwWdR
z^Taw2O{mv@#41d=fvW3_sq~>vZUm#0$w|(re%FKsHpuR`x>`Q6lFGavnEEByYIOhF
zQAuyWT3jNZ2M>6&YJ9>_+3R0w&B<#1)AwR1r!q&{;S1eAE2_(G<1QCbf^Ynuc~<PG
zFKe^lUr7~ziYud5%o}E#(o+euwG<dsfzw}!>OXI$5PXBsQQk~f=9fZ1A~K$NBCrxI
zhj4$aqHAgBNqqC~vJMU<EgUQ*y^)i(ZTz6?NA-Q<nov@MJJdIQ9&^~NE&_!z2)Zx`
zy5J|(D^>dsMm}VnaIbP@)fCTRque%OAqXfiIbs#2egTT5&Qpn0fJHe|k9hq*S%u*G
z7Gsg={`$J!-cg->p<?K4uO*Ua7ETscZC(4Xu2?q13lQEPKu3)94KTApm@{IgC@pTt
z)XtZ=09^%Nz**EakghM|P4l1imEg}xFh2E!*)h189D~8-%&)r%1QKB}2wmopq5(rg
z6F*?b(NSQ_^n{$O@OZ8NNMs==^`kP1;Y$#<O3o5x72);bis<}STFmoXfi+JwXGz~9
zQT&&Ht6Y@UA-hSHz!l7}RIS{p)8}GnQYG1Vxymc_(m`$Nf7GU2<WJ*c_WX#=oJzLs
z5E#!8$GE$q9r6mET3vs3D_v*=lPb#cW~s-T@@6Rm35fG{MJ2~D-Q(_ZhhXb9mL2~M
zHQ1>vuL2Ck?6Trnpxov$axlkm8OoVQHI_wqXvSl-jWohDGm!`M9DNCo%|t#Z=SS4i
z*g5l9d2FQM0!b<3dRAS3<8IOO+r5mi)|tGBH)zgEs-Tkxoyo=33ml%Oe1rp%*5+jG
z7lP?z8+%HjRX(j!x)Py!?I5^$(7`WYJe49F5Bz*4j0ec%%xfr%X+l(+fK7Q(OPoGv
z4=8!YTHv)<xTrj(ySjfc8<p=LD{k^hOK=PEh4SpQjX=kMHDx{t=1uaH$K67pAqmzY
z+e74G&nH@thd^Q$)y$$jq{gs^@X|oIhrqs>Lkp+ImHL?wd=OpFhjH_m2df1(k9oq3
zC8<k<;A6CPjF^|XUI<>4fQczUL!pvKt@{PO4}!_TWe6s#Frzv<b&n9ln)K2h(0P?)
z?&i%Cf^*2)&6}6GN(gLH4P5fB_l1W&u;&Fg3ITL6To>;3I>Q+m2O0#}k5R$+tE^&H
z{kTiL;bAovU)H(f6>qrP6me9RH#G3jkgRU!6p5n0!RiVPd|86;eBS`0y1*~~^tqVz
zbJ0Ul8}fHny|ug4>LLZ9ToKW5IkwgCv>spJI#GQxRk8XV)w;U=VR*sb5h`2ck?KVM
zVN|9#+^jK{;zzurPQqf^qO?r<<l;PsI3UL%3|=gCYA7IkPwnGNW;F+P?lR?V&CXSy
zJ2e4!Uz=N6rhgV08Jv4W8xQYF$Ww0E^kKuF=}S3e+VIaxR5$!(hU!R!13IHLG8-F(
zOj&>{%YQhb_*ER95I745o;Ai+{Iqfkn$c(>;9Cwi)^Hl(5Unu7XV5j(ZX!!zE7ok1
zMgZA0KB>6EC4G)oQ^UDY{;PIyx;txk(P?BC47h(*QE%J=L-6H+V%TUr6<|2b#0ga&
zDBk3iHeh{qH>(ttu@N?{3TP9>J8%^(P8To|H~8-~p>Wx+2`Bw<23ZX`vobc~%7L8>
zdZ#ag1*T1fwx5ALF`Mj(HLrEGTq`B*!XD&g?I`|{bpVFe;G#DHU{zGO7NAL@ENs@d
zKY(`ZjOA#~2FEvJy)VU+u^c+96f_%m;w^^#2h{yio%q!&H`C)dQJ|-RjAs^U*1QUL
z$TQ0YJJ0GCrulu+3|6~7SVBs>b6H*~sKJV|9QF%#H$-<~-Ijt*1U;WKOR=`_7G|*O
zW!Q-EmnHN|PxL338kkKe&SsF=WeVovV0uM)?Xaph^GZQ?mgT?(i(;2k$%X=S;VY0o
z;BBR{mo@?`8}JwW$$5Ox{Hb}$-waRT)G`^a!1+;9w7aE@Mg@C<S`+zGz`JW;VDe{)
z-OcaAK@T!r-s0tzWQXNQOF_?nM&OJ`YHP9B{hhwh`#fBms`iBXbJhMni_1PBS5yKP
zkdzz=tlwQ&Jxj%KVyK)2<DvgPR9?Y9XTs;1{Bt&Zp2a`IZd6{$Kf~@=K97IShtE~~
z^GGq2n@@q`@L?o=D1;9M_@M+o6k=7>QffN41V6KYuX6TPDT~13^;D$|>dSmWpSiAE
z?&*x5#9TU?j$l)io164t(~H$%aR3B1(Z`++VADrnGZnyQj?@HT^Il9oz&v8tI~c;G
z?S>F$O>vRS-^>uE$Pwl>nV+f%GbV=hWs5F`wH2KCf?oe~Tp7iiuj=)1T)g>Bj^L?N
z#ze?J&GDufA8*29Lb%DWKEcg*<pL|h%_!b)N4{)UCST|^SLG|)8c)8On0#f<Hpv%E
zXqq)DSLxQMTxD9La+Ph3%9Uu1%2lp4Dp&bdO|HsE^3Nbz<pumRNLP6w{|o|FUSeeu
zRLbRwUve>9rkAf!`AU9S!7l6h<xF<DnP1Lgml&6zEgbl|l6}3KU$RwM-o!7f*rkQH
zzl>el_$3QNDYx^>dUoj`#+Rn@Z#PF5fvjHy-C`C&<Nl*x1Y>oJz#h8@9*kK89{nO{
zGA@GW*&?u6&5NL%<bP(H^8b$x%KtsbEdNKk>EvH?=H`U|hVwu%M<n?9yf|<<7Jm&b
zaL!C%a+Qi_VA8apqYA1GOA#9rotb2-yPes{XS*Q`NlYO3HH9FZ_GThFTfNc_I+-Bv
z592ky`;xc6(A9z_v@{$`V#Bsv7jS-QwXh9gy4yKEV>zr%|3qgJd1}z$;BFcRIfA#d
zSEUGA-RDkpju(Qs_9(H__z)xI&O9UpZbPvefZ-bc>)|727h7j#@2u@&xYyg*9u{zG
z^o0jH0Gzo(S44704m`iuN00DZldPd4M-tqId(hE(-qC@cq7ehHFS^w)y9Q=Xct{Li
zdHBy~f{9)wj!K#;TAQ$lG}(`y(A80g&s|oEW=TR2ANUPMj!&chg6Xu&8-CELbc#gr
zudWXX&<7jq12s7QN%e;f%Xm9_E2l{?1APR&HAmR{IKykBokCl$jSwvASQ>mgY8Qk4
z3&8~Xq#uG+#ht|gKBq$qVbR&iQaw6?VHGYW4Vz$CMTbwORYYPa$%cp(!*~kpdiRF3
z3$#)a;f`g|{_xK5u;^^V@2{|vzhbff5Oe7ON4`@^n4cJ@18a5qq#wokYOlrfhJ*a4
zEWyyGuVL`Hpq3&<&TP%`i*JrHeH8tGb-jJzX-*rALSFbI{CJ@@_*G)>pK)c-+g)j?
znDVKn{XqJ2VX5^8t|XE7W@$P~C<ac3rjwY3uNfVFoV>%U1+kjK)FoFB<;xcSp45%8
zfu>HU8g?U4sU+}xLz?cC*<~ib+|4et`DGKk6#1ovv;*IqrqlSe{b{<>&MrstO9#6w
z;FqcFvXEb<u}gKYB6n4&l<idkXC}-4m&6(VWt8EWsQUxdF_u9ISuP^W^O5EFz5J$v
z&XRz$O5J(zuWkw?JVXM#hnYb34|is}L(`o52(v6r^#qr*^D7~?wmF;abRyyCWFz68
zGg=pn*SE4>s{AU5?PY&MFLOa3Yk~o|2Fs2c`)E^^A3pj%cDu*gS|6>vkLrx$R4cbc
zj=qfnt@Gif@8d2I6wv4bVe+XikZDmqz+A08WadMXQcZ8&JBi`9n81fmi`;W2g;9k6
zbO;nxw9}E?d>RZb6&O(-3<)}&i{k*x1BQZ8?73Kr*er1J|1>f7s78##G=*&LRB=N=
zLjhBqhgfV>>x;GAVpyyd7Q<qlX)!F;Sr)@$t+W^x>pY8ov6fcxo!Q>T3hUhN3iJNR
z2EJLZMcP?m({(FswGce#pn29DO4ozTwam6g3g9hr;!aDu9&W`cLa@g{BY^+0i*74W
zem=-~3l>pp5{f)dS%af3w9{0#Imw?L;A2%M0sbndA36Fpa8B#%?D@_5HGr+nM2{a^
z3t)aDlSq*Ib3w{=>vjnbZWCWLn)%sHnct}AXN`?ARU$tZT2d*fD3WUrR0)AoZANP$
zkfLKL4skwpt1Ao*2g`>BBg>_sS?@_{eP|0eu>qBHQK>)`VzpV0a+_^aP2IN1z`ou;
z1LvU0Y=a6B4JzdQs0ukC1fM=&WS(EPqQ-yZfS!N<>KrSNU4&o&9-;)TZ7yl_2&n5B
zodW7&M!$f%l9_9OEo0^y;A^<lxQ5G)%Nh=DVH2}bMPN8FS2VY$nwA+=(@LXisyC{p
z%|_KE8&%V8!>}~m$n6LfH*z~d#f{vKP*pCsBOFFMBK5e~5u?6i9IE8RF>Xb9uhG1-
zyfRwdSsIVq&XT`3);Li9cJSzx&cN0;Ugy_wH(tA8)i?~RW_onhfC?Y}vq|Mx74Oex
z?v#)EMcffpjGj+?A{NQN-vd2gq*s?HN;rbUByFgn{Y^);5u_S6g1D_N-ED4lrM^`Z
zeWiPoUSsr2)M;F+UgKWBmrW%W3kP0(NxXWCsa4~$LpPOz0t<|}=Opaw<xA#VVlfNM
z+;8Kmz)Azmn8#s832n)^N#k}57zj{xl^CqT@CJ`m?Zya)+vyE8J0Vhit`9-=sr2Rw
zKDsiO3xPZK(ClN^yE3s8g4gUpL87-%Ur=CsCxHGV7hYmvA*|@Qa+kTCg^}D`=>N#9
z>Y^)vTj;$gC=%Ql?N{i*Gam=}kB2!67hY`PjKi5M%vvl2x8g*w8TIN#%9R(jx_zP1
z=p>6uK68L!QT4v-k+m-}hZu$<N!wg`qEsubWSq`MPA34TjaI9?uioflS{!BRO0oB+
z66^`gC6*(731S6%XMb8bxLlO<-BFy}aj8si-#qE}Q`BHkZ3Sh5KL0HG{>z48tnxM<
zV41J%-DNx<Z!05TV`uGw=3U2P;B;wC*UVeTdZ{@h@vpX)Xbma9X*3#kc#b|~H@!B0
z*Yx_PXS|2ZlrVJ96lb?txxC5v5H6mWhf4Pw-Z?+LOLr+si<JetVuH-~TiOo0U8a0Y
zo2&@Wi;i)VLRJrdQH2K=T+$v-#@37jN@=s9<?#m$m)*=AS$D+nMXhpq#Pq}l^AkVO
zdwdH|akC8<=12^sE94Hv0$PwGF_5lM$&VN!8XgYW{0DV>I;C0V13ID0e9j3XM)CRB
zdN+_QK@~E=jsF^2_yoEmS1H|emgu;wkR7yBv>ExZ8X+*uIg<BTr8|=852>0WDD^{c
zm~VQ&<dq_-<NxLy7In7Y_zJ+kBTXLtEC#Udu;oa5aOZ+$nImlmY4=G#p>LJ8j1v4`
z{?~TY2er)QEUg4_*1TOlsmPg*S~f@8E%x3ZrhKA0nh%hpx!4=yWj-hK(_$^D2vbm1
z#(2pX|M6$&-*VykP9DKBAdU-pQ;y)NZ7A=6|F{$LA2+K0<M)q=f6f_g^UtpF?;hp<
z7XLWc%q#<)IgMV#g!mg5JdwZ|joCu%zR+9zy`ax&bEA764UisAkFYRe2v-#|s^l5t
z6D_Vf54F1Re7aEw%N_U89!@%V<qHi*n!}t}%OM>P<GyP_cltzUe>~+%>Wj@En>c*w
zlIfGa^-1e;Z-6Ov<;j)XjC*3O8sj<)*63=Syli#yQZ^W84%l5hF=p~^%v@ib?DFSW
zD3n#yxrS%4?K<B$o0z|U;cD!2CR(V_?}6AGWw0*(BzC_4%KX86vg5sPp~+T8bnJbL
zdA{G3o3`rTw|J$!6k_a^zQS4e(kbs23~|jjP8%pqKKI&Ghh8L+a0?3qG~L3&z0epi
zwim3ZY;kha=EBLqoeR-wXQJYRzS^k(m5*M$Oe<<b5YVOoQKI}1n5~-$LZHe*z^NCK
z$yAw277f`0-{nY6K4~ur1aal7+?zleUi|@gc{=oy4U2f5CKtVH*-K6k1+P@^P5B(O
zdN#$}ZUkA#PL-u<A^0`&ibpmtMkCsWrr;a!ZFc6`R)penO(^!p$OZOY6J!zy^*u@v
z(df@<{KY~w33?HYuiO&jvnVmf!$_rRY)Yi>d=j4(XfoOuzS(i>Jt*Ubb4gpQxb$+!
z&Pk2CfbM=Al{dky_yo@q<p^$pA8+Yq;r&c3>jukc6B%XQoDH9-=Lc|WQ@1ygLS1y#
z*m54v?v)OB!|#%k2AOk7U*_E;PTrwr6=H8=-(oLmSy~KC768(=k_%%lK2}fTcB9|N
zhgo#)W2q(Z9r!>lwiBHt85o<0hdz+yZd6tI^67s{v~Zyl2VmN_z+DM!epzfWPQQYc
zs&M^;PBnU@f+Y#skqy96hmue&{iq(Q$qroxe_c`yz5mLFJFcvnqEz*Ey5V-ZJ4+UV
z%aZlyE}l-dXfbP|e@T*S0a>=Jn;)xh1Vi+KaJH2W-}4ub5%tC6+(iE3kxrmgXQwI*
zGD!*s<V|7tC1W*ph29|w!5+Ash3`%BWnm7Wz~$7XPN8v0sy7MN_%c`NL5~nvk7vX)
zsxp?t<@G|~6MnEZwG3amhAf7ae}5vq>T<iKErbZ7hsC1{5RZ&I#PeVtafY(-@Oa7+
ztQR^EtK2vcrhvUun5feazyS4FI)>7sxt8vRWik*C_@lze4lEaf^%Q;PbB?aVvsQe=
zfF<sej`*NIpdSj*M>rDxPoq2=sBfr5UAA0=?iG9=FD*d`iUH+ylvQFQE1Cu>;X?wU
zz+wz-1VO-hV3M4<nC<U&JQ^P!k;Eo0IF!fp<w!^LQF(Y`K4l9XRMIJqTk**1<fRM~
z?$*bwl>0*W;W?EhN#3k)in}(P#XlDHh!xc0?~!#dCB2*tcWHPkxX~qj27;1}g7PdX
z&h75Z?Ly!^3lnM^a&8W7wOeAHv0;l|ROecvqRPaSZJE_Th{u{1JrRApFecK`EqG*N
zDRn3CP^>-@{J$~$O7N@{1$RAmIhaG9j$U9dz%Z2!nAfH}+S(rzV!&6Ea#2J(@2{R8
zBHbH3KZH^Y3&F-0Lf-_w5Nx`I0Q(Rw2RE4W30nQAfzBw*N;Sug8qPy4!?@9hxib^&
z&Lee}PPhwvPmyzK|7)zVaiJ@fG=6>@m&#}q?g9|*`)Ct6o9ZPSg-dtN=REWpN$X%E
zb^B7bi7Bf@cBb?Y8f<Xqb62ic+6`;Nb%VMn_<EoeHLxfmE7=}d2g^Z8RqKYS{mqNw
zSOA7VdA}h*-tAU2BB;DT_rv<3-Wm&mo0LxuvG@OazB*K%z&1>kp389`f^`oY(f?!b
zOW>O-y1o<I(y~aZpj1VzTCoT!^>Lvh+R~QZXo^)pR2~#XvF-?oplro7&})oV5yc%9
z1O-J!3y74mHQ<V<SOlRU!i2I^kP0o3@0>Gp*W9#a@qM4?`@Y`~n%vC2bI+VP+sygT
zOmVvu@<nikTZM$aI?UxE9{d!Co1mWxjZyN^ihLokg6bsBWiIAE?+5UC^`Wy4Y3t$?
zc`2yV%Zs*dYia0(!}>0zodps(LbJFp2$i4#zJ@x|==PcvB)ynGSn(R|c*7DxNQOi2
z9TfOWu{7*0u`HF)Et|wMT|?J~MSZ%uu$nbTjE}#DKK$UXt!?W3i*bEt>R;ydn~jxc
z_Dw6tco9vjekEwZUiD5^xfGX`<|MLnmeH3a5TgVzYRf2Jw1>_AvObJ+Uqhuh2nW*2
zF$n!h2||-3-zq7XODoNxcKAxG%yn;}tqR4f7A>W!Bpk0TW7}US3;W7F=S%XyBq=Z&
z!p*a$$0Dd69P9EVZdaEn>*u$#<TVL4SD?V|0-8RXgca?;*(Ev1I)2&$A4{rUAV`iA
zBrnP}?U!U;@2V{t0}aDAIiZ`_+MdlZ^0z5(*aM{C7&LQWxJq9gjQilxL%@baLo5y+
z22?4D_GMK4hNmU8D$ylZ0cTmeb*;sI2<G**&6nxpF)7eL5qQei_sa()xxL`E(!c!#
z@oSY1Nni;mgu(Jc5C)h3;Uv!c92?76QXh6gumk*FMq4N$BdbSYpKnBF-TFLr$3xg1
znT6M+WO+`{EF7I;w|P!Ri7@oX0<?%ypvQ~X;|%?_eeXG5F7IF~DtG_v3OtOfso8n&
z#u6TC8(#eJPOME|huT7Xue4h0*A36>`?dGSykA2P(*TjW_SLpw>e?+iamXM4m7xQM
z^*dLF<}W-P*7t7>a0iCV{$ykkd-{V|+$o_dNm(kLW8;l&CmP$@s-3f)rgr|SwDanB
zbnQI+cC3v*E~xGBek`@|@|-v!FV^}vrAE_7X))JFlNzQi;4&S`j??TzA4JI2qX2R{
zK-v~jC0DNUw^6yWu-?Q0QPzJSt2}3~wU%eHPnrFIGQRp7njYEU{$--U!SdDW&q}wP
zD!Sz)&Q}qCDE-n-GWE+krC;8es_U0~r|SBpIu8FNB2UjcnG4h8tT-E9e>;!!*q0S&
z)9kCDzn{zB(USg`7acSGeRHGHzvV3*{nOvFrhi}}r~l`koc@yp{VRG3`um`C1cNo_
zd~9QhXy^THCI9saQhLwC$1ebvv_yiKvV#;{x^g!V9<1oL^dno^D)#fMv9xVX{D5Wb
zt3_pDW?xoDagC@Cx0Pe%OB$%}fT2F0uD&O+zE74K>PyD@hBj1R>K=W4SLo`y2<yAc
zSYImEm)uZ&gADck@rqX8uU|raCmZWa#QIj3H&9<vjlRCgy852R`j#v))R%<y6*g3#
z%}`&CuD+|WzQ>I9*|5H@4b|7xP~ZM3T75efLVf2N>pOt*Qnk2&`lcB8H(giXt61L;
z<%ar5{z`a#FgB&?I!XSU!LVGj)LH~@=2gNtr94|MSL~Hu{xTY=&nSY;8mf=vrKYUm
z`ivs;>B|k&NAfbYk@}1xb9Y1ak-X$LQlC*|PHCt<k{4Se^%+HG=}QgNNAmLVqK4};
zip(&}`oM(V>OjvN?8eP#?#fW=!g|fW^Kx>bfpO|REOsGnjWRG)KdfFC{+Gc0mFD^?
zzcAESX;t56Ux@l<8SA6=`p0Fk!LP^L<Sc2xGGjcbmS;h^<R6|fKn{kk8W^waSAgZ-
zBVo@u{#*&hH11ZCe?$gEI_=<=V3vd<!2vk`DF2NQv%~*3{EYr}Tt+Cjw^|=vU!`65
z$)SM2x5nKDzIp5H$lpv{u<0L_ku5J}quz?QWy<AZ`@|g3+16=mux=%O8kNCjOpUkk
z9~-Z)a}(<8ud7etPun{z`9}+DGW+JFZ54Z&{>USxHJ-NBDe!zxIeWSdR~EX`e|Mkf
z^pDA4tAKUDO3&6j-&T(Uo}@*j)h$V$dit}cAIg+-aQZj_H%?H4I}txA^mqqq{S~~U
z(f*othh={S?lAQi#^?R|h&H&p;{Ze653K?+t6SsvTr>r&tS2MOKYF^2rQa#qV<Z`$
z*j3`hF~Hwtb{g7B8KKsF;%)lz0&<N?`|z+36!69jj12nR6mO%=*+J*V#=-D2E-d$v
zcucPA1E^pA+vy*g;SGn~EkobF8ZYLPu`2m*_RS6PII{_XCOqjVE&sdH(1GUXAHKu%
z{4<R_-%r8?D2HLNl`M@vV3Wt&JeOntq^)5~UN=ix%d|BE)i@R;Vb2>VXBcDQ2hOaU
z>dV*H_gJI#y%kv>+&#bkBf(uB{k`wQNN!XCD|x9ttk|2tC}B%t280Sq(Ut^RIhYdG
zd3b%edbKKlG$ffp6J=m*u6;yrY)IdszQ2v{dt!iiUowB+t>*U~_?*8lAK$ldSOf3-
z?qT!$@I`F<Ib;}<YL!?vW`Gj6s$1P;@?gG?{G%)2DPW(SL(`D*uh}qi(?1I1PU%Gq
zO8;h4Va#4s?rE(|n3CQM97#E#52xC2zw-+);vOIcb7*V2A+qm%vLQYKF$Z&!`7k&q
zfue1ksR-uK=5<PqVyHA^03TVFU1c2pXK3_0jr9L@w#|mw<!uNxGSPqF1x|m}3yslV
zmU3d~fA4lq|B)-r^oJInYqRP7n>SbxnlY(fTQ6_C7FM*LJGY$)io67KS9AB5Tge|Q
z$7zNtPG9ay_|8Omjrc@hoQ=Ky9m!nMew^5OFhkfnAte#kgzV8_c>g|{m>9RYnN4|E
zFjw+tWk|uS48fQTf0iWb6gJybAB|7d3ddrFx*8C3tg9lE(xSqO!YCE<=eM{5Bf4ew
za|Ish29{Z)E>ZH|l3*V6<|a7ht&-dyzTN`l_Toq#xj){V1lM?c0DSg`k?}3ba1Eci
z@Yz2Zu2bO}K6Bx-e=1yeg=_fCh0p$7X%4IxeAKdwK0xW(jRN-EC-{{Hd_|w|fn1kQ
zF{aANko<kXjQ7j%gUyz+GW<Dk0beB3ko+VX+bhz<KB{PKk{=)-W0@(QVg1ud-=`df
zzNe%c^nHq6Uv4eo`ttE}jp@sgYfp^6TsfZW%Xj~3s=nXT&7kiF`V*ex^w&Jw82#6t
zAo?FK<n*_Rpg+{Td!)Y4d(Noux@!x4uRI=opZyi-`;=qS_f1<#-=~}~ec!nCzhB?4
zeoxi+w?0(${lyQtzF+gv@#uTm(#G^%%<lyYpthfp6|ChmB<1ZSxl(GuJZC$D9K(P?
zq=-Is6-d7I?vUi$HFm30U>xusr#zdUG2W}2AJ@I_RsTQxzJ7gbb4Mn)he&}(3s4b&
zxfjwa-F+ngLWC~3{DYHRod+l4xKyHaOscPZWJkR7w`Y<43;8;Q6;zfX4PGh9OnOE7
z`=HalTp>|eCmUQ&qYcL1{h%z2@@nz^8Bbfj-?`*aGo&HgNW*PML4*4Ko$P#izvKtu
zOYfgNydw|(<I6Z+zJMp?w5VI%Khzk1AMf+nc1IDezXMKyDJoq20ax{UhY!Io*^bf~
z<zyo%XPDraKs#Or^24ZRj?(-vj4}_0-2>#+={wy0a*DP(d}y%>7nV~!{;WjLza-hq
zcMr%)k^+-vQ~iBFFTDh)4tQtLFIfpV*<Inq2kjMJw9NL5;#9sec$qqW*0<0-RPuYd
z?aoT&b})-<IFS8rxvp0D54JpuY<Y#3H_;!n08?MI%bg@|l7bby;$#{)o(APSB`7Z?
zz%C*>hLrFPk8o+ecV&3lkP^<nE03Okhme2%{6oY(M-lF~jV$E*I}sayXqb&3N3d~r
zR5r>A7fb&4_}5nBAGaAaZli0RNb>y(#27ruXz$a?Ikz|9VP-0yJua0=xrrR$1;&^k
zj)BQ%M=9a@(FnH|c#!4<2~ska0z#(lhpXq$3c(-c6(%+{z#c~t?dO&bH~1&br{Adx
z97_BBQ;4u~DaNboM*j5%UL&4JkV&q4AzIF6i<%L2+{`$#X5o*nz`bD!_hi31RzP>U
zBA#kxGwn`csT|M#h)YrivpmO~oi4CU{<&3DJPX4JgmQM;@9eZ&N@oHv(7UE^;rpB+
zUesrI8_9nIF!cuD|4;-xrLS;27seOic^7z|h|9l_Z}Z_rPC5gZU+R(<(o5vId@Yz4
zH_t~zsP72vIB`QlPTDS)+&aaTe&q3joU~f9XTp$faRnw7(YHTc0Wa3$lGj3WZoVPV
z?%bPQavca-ro7_T+cUj~V;n{82*`DLiqv^H@NYl-*vwIc8*KBWU3QBa<jh98i^$0=
z<8r%S>O6~pl=l5n_gUCf$8*0n<0E#LyqArdfP?c233ynv2cIB3#yC4-wra5r&~9pF
zjA$i&h*mi!b|DZCQaFb6y4F!NiogYyYG*A^)DKXJ-Qn9zn%?8e9%tIv=1<BHuc7sG
zhBU<$cqr}&xEtEykH-_79wO9B4ee9`t#-n{^uLC61@?H-pbuR#@i=o)43|-07=iRT
zn?h|BoR3TXBTxRrC09_=_j~s57h2dv#d&sC{W-Gxxk9C>Wn3VRvZ>t0<{sjB73fdu
ziY=_BsGhdh^_9Cn7<UeP`|i3h@Z#=k&b0ZvvcgZw2!{gV`0PS@?Ie6{ZPrM5O&|Q9
z=<X>6F26{UhbKi4V<5opC~X#6S<i7TfgaCy2WGoJ=J^p+)#`G6K70?W99B=8(D-(F
zhD$;VAWVp3*ZmuV#DyHEOR^REP2i1iuP&MJE&P6Y2TOmfEF3C5gj>JW^6lVs=Mf-e
z`eKkc(7Ul;!%N{S8zkN<bQwD&%)TyZVWX`iQA3}-?-1r2_pmGYt%PxgCXKxsn)LRZ
zvM{@5erp?>@^+beUI*b5ej=l;A{6|&BPIW0l(U(Mj+~|PGVkwpvO66~pW;E7xalE0
z8=h^1JFpfmqTck3mi+x7u+Hf!by{7xh>WABt>h0(C0Tw9EZjl6<jAd%dLYJU0sfI3
zc}tw>%SUHQeh<X!KO!VOFb0GmBz4*+$-g@78`uk8L`N)l_rUEMJN+u9FB9M}*HRsF
zfsZb>KmZS+8viYn00vUC_mc^Pp9jOlejp|NaR1??+9ipei@lreo>XP1s16RrfUv@c
z4Y5~0rN$+^J<yiNzlJJs56WaI(6=Q>Y`?D6tJ&pKNj{H`zgL?1`-b4}WR1TLABXv>
zJjP>7j*`z#<g=d1dvPLvNqsZH>yA%xUS~GQYtj!3epjwIVf+q_3M+Qan%_?!68v8N
zCg*n(;)w!7JmK(VG}8rM7*jmeOp7U=`hph4Ho+-}4NiHMl~djr(~wgRl2hKJbIJ#z
zJLULT;gr9M5l%TX7VZ9Aqf@@bB@1g|bjlE*wTLx2<=V#|N!z8$cN6^b+u)b?8vQaI
zxP^<jI%mOHy~4TVNHgx6hg0l;nS~Y%`QvS-x#q=Y*L+xY&9B5LuDOm?jn!N;-);h3
z^K9IPY8Q8Syr~wRxz;i9BGohFmd_bQyWEAx>Xk2~6}>&CUIAA1h7Y(OGLFQGCfHO@
zcr3Bx*u!*m8by;7C#uopQV~r`f!GoeX_`YxSwzFVaC4!EV7N~+i(uHM_q!v<(5W@Z
zXP?V{EFN9+m)y6H)UD63h)-}egFZfin9&@cv|ynMI!}zklQ!zU(RuPVLwxeh&8<xF
zN%^=Gf|p;(UE$n+L8rYmvrKs&;+JQ4Xr0C52i`FE1J?)IeN5~WP4`EOAVM#x@t1Xc
zmMG$YaWAuVw^1DP>c1$CnLm@u4=}NM%8(Lt-Xk9n{NLrd&JbU0>VxscTzz~&YcnBM
z7?6{O5y05%C{_rw%S9c!SmAH>R&fhk^@qp}8mxp49a8b)7@rg!GQ=mZ6hM43t6oGF
z@6_|iV*UM8G41~itw^~H*qJ*6B8x3^AhNjjl`=!Z%BG%vsX$T-7jr=_`c#-($=^Q#
z_rUjU9oquMwg}JPkkUcU1AO1Y$uyes3HdLlVU&*xd>-_Z_?knGMe;5pLp{G4x6nSk
zlDy0g-fV0~$-ihNXC_202!$Rvk{fLA?+JWC(jsE5aA(Z1q?yfWuNdHxYm_NG;Wykj
zng)*Jv`OVu&d=J0=9js9vxQtroDKJfuEUE`o720~E(Lnqi<=XByybSmGf770gc~H|
zj5!a~TZNVQvNqJ01{$73+CI3`K2Meu7+6r9$nn?q3TLO~?sJ{?6-xUyvFDxugUY7`
zeC3`En4iD2!p8+VKFs%bm-kRi@SD@Vk=;3=h0WP%gJd6=SpBY|&xU3<+-9;3v^6vP
z=@wFg6<tXQ=1vCzYW8wj7==M=T&>|KK8~mDA0bf~QK?e(C5a492<IB5YLZ<@6_*z-
zT&h$pb(F3laU!canOoIkl&p6xC2NvFvV4n4vUv2QU!kJNSAVlZ*=LJjb`xc+XIQsi
z0Ln>PSdYhr2T*3xE8Lgh^1e>{obo2;l5jKkDd2Na<DbZD#g|#yEAbT|3wib<d7TcC
zbhT6FS-E_jpBH$@XVWC?;t@i^#-fD%iW1gCk+3kxL5V*R#og&$5zG5rK1~Yb$A)e`
zqSK4D2K?|*%iGH+Z};>idFyux$y?UDAa5_c2;*rXIG(Fe*D5CBg<X;-av8x~!bCpV
zHj&R+<|d#L!X=-3%S~Ell21_|j8Z@VrF5lEJ`MCT-$eB}bvB5<N4!qHkykGFPtx!&
znYTED6_^nQp%3&*#1u*3(QcGMlH*;0!38S#T;R?XfIoaDi%-F++^(Ecd)SDN>p>#+
zlw;N-Fg!zG7{H|sB2rJz%D{9GeCA7X40~cYrkJuuil?QZmwKG)^cIV+L2rrn;}q>H
zY6&iZ3VLU1KYpxzoiDzM_y&GisTHo)zE)~qtF*67d}UXRvE%8MC+kvyLSCS`srT41
zM#72*Xo<ZQn9dpF25$y@#dbkc?;s?^9@eovLAbM(F`Gzl-MO@x0{B4ofuIS7VLpgQ
zWyH6fe343n-pMKu@>$?0%^F&fHPlv|GZX?hB+s7(qardyxCiQF3bXx_FhG}cz<y+n
zh9CI>l#`H;Y9CC-E62P^d>wht=ppjtnIuw^KCtWnRIDMgf2K{1FpDRDz#ky74rV3r
zA7}BGeawGM6mR3oz(Y-4=gDLyp^kE6R~An$=MSvZ^{YIYheeZC^SYD7uY9yJsnXQp
z@?^ee@T4kJ_sf&3cmazl3~&!Gw4U<;N#Nrd8VM;WO-<ka)AErY$Z9^)@w}RkjD4Qx
zBWFKP`N#qot`>ls0wL=&6k<vE%o$qTZ>Yb|$l|P_{+y9=KM<%sqh*jde-6l1ztKVl
z;b!>i<6re6sPM_}<5!9#PSG(>7-M<z6irH@j9>YtYQhRXlFXL+grLqOL7Az^M6s7&
z_*O>>hV126zRF11kiGoMR~0E9d<+3)OcM)u_xrqzUy+k2p8UQ|)t_Q7zaaO?6-DSo
zv6o+nz<?`;lBDs?*Qtq7H+aSdYAjdPqu9%pq@iqa$+XrSKM?<jiXSLkOm@`M9>Si*
zQ@A|WyH8f}AX?sRF*2NWxuZT@L9Dflju~Lc-}ey}VlC&xL)3LN*cg_JW?wZWyb_yX
zJaQwyrO9S`z_JqMJTRQ25fDg8%!QdxZNXTor!pZ11H_+bX2tV}lBEqS<nl=)Eivp0
zc;>qTIpxye)p(N54T07j@yK46oHJDl^lUFqc7aD=T$bXv#U&qcdjF_#*>~j0AwHLp
zc*mXI1NO%uW{Gj|9_52#)WnaW8}J~j7r~Ve#B)G8h#~dcbl<&|hC@Kad@-Ie6BrIv
z?3Qz01SO`kzVfEzb=rwT?SYTbM4M-(Kkr4jb&AWMGu6A<?w+EKBX39rDkXova%`w)
zX68*mDv){mZQcXT+-JD__s-|WK~&fpDx^(ZA=sI60gTON!HA5_@WY?XcUs#@RQw5L
zj~A<BRp2aQT(c58XC(=nDB^pO6321=Zt!wdn#v*{J7*<?^Sen?q!<!|&eYdx1sUpm
z96!l}+tcwoP2F82c9#cRn4X(F{1jvCo9URmT+DAeig=f6!S;H!0rD~sj)I(`t?t26
zAg90;_?+7`&@k-nR6LKQt1B=~Y-~?e<l))rn<>t%rCO4Zt7oDF^uqOpL<JpfM?v`H
zWhI&N2Ei9jw5GhbN#mDeo!JT^nBsZdOeEFSsZR2(8T%n^qJ-Tk^W8W)uz?Su`R1ph
zc7WlD=PmC+yQ2uF?P=<h?UJGACQfZ_)8^~NdPuRi4D}?N3^6V=zf;<pv~nj0%u4bP
z*bnkjms~C_*_=FJpw!|kZQd5dI-Az<G3UcLqA$lV-IItFR4+HI50hu%*CDc(W2d~r
zgLCJ~&8TW=m5HKcUZ_nF$xK?ZD_QfwJ3{}a{BYEH+LIkcxL0K1;`fDllJ~nGKQYm@
z6qw6h+9tM(rab(3spho@*RYr9tR5V8Jwpa)I5_G)Ae?I*UO(K00Eo63#TS9Tq*7rZ
zAFM0ffb-~^SW-Q920x!kI82K4cvcGMlV&D*9-nFV42u?{$P8bRW1hNeL6e?1b*IZ;
zlVb&9?IW@>iXTdeM|gp6vP}u~?9iX{^y^pE`yU@K1+trkiEz0Oge6&Bt0yS*-e8~?
z=j$KF`TBzBnKXJClKm{Qg@7EAH!Iby9F8j9A8@C{E39U_4<e`B7m2537HXl)_eYTS
zhK3&q{f<Mr$KC*YChQC9gf3W1igYO?S7b5{a+8tCH&n!l`D}-?#_=YUu6G5-6rjCv
z$>Gd%m$PSw)Q7LJd*aZl<QR2JUW!TuDrNNH4&NZrN#-qUM0`mT$TU0b6X(?m+vYx5
zv1^Jw9*m({+Io@q!3_``zOA|kz<>`-l{ybhCVr;XVmfg2{i-rMie_L>#-`9NmG;U|
zFQA-`=fy#_gU|02E>blLM$qXwiP}V)G7rM1O7zoiy4g1|IRb>{4X$-L=Iql^>u!#%
z#i<P3JZ1;lSX_^bGm3J#yjohaBRTY`m^Ve{hNkPz8&JZ|Z8S8CO<_H8^XI{pd><Xp
zYppGA!EL9dDNcJu^)r#{$N8$>U;$fj523xT5KZ^ETylu7B2QbxUat#>q1RLbGY3jb
zw%~aN(4Bmpfhq)4f*q`ul3zFuHim|U!{G?LoZ_)z0MPpp9Om-#kCB(X``HPDhN}&>
z45ns{6DcD{(RiEczDe#^*oADRl5pUmlHy+X6Z-q!uxm2NZ^H@ZNBK@!dw39by5x^Z
zs|72esImeBlE7Uk18wA2;X>}XeZxp?^kvk~qTIa_%>iz6jdNw+qd4!<->vPpuq)KY
zU{93z<Xv)0+_F=&qJ%2(7`=%wWiZ5g+u&Z2AHo})o&MtcxR^bg>cn``%U-4UI@QSu
zSEkE?(2!j}ybSG9^8!uIp@bF~=DP%(U<+$;Q&~843kC(1<JJ5<rjq5oeClk;l28m7
zY0N2CNd9^FK5rE`rV;Rp5xD+*Y^S1C?h7RQTDVTqO$;TAPkOzOW4yz+#<LE$43PX2
zr`m+mSP7Q7IrQWRu*@UCGUs+R;(>1wJ05U6sUL>KxPYrS?vl-LrMuj^Jw&q!IB0hH
z3m8h3(|*|H9}1D!9;bab2HG=T#@yxSyy1ITw<26jHG#%?0Z*bcI6)a^ID<ZAY~jSM
z?wm3W5i=e0CSa!x$&_hWNSkT}9!!*iIW*BhliD$oKLaRg7sHZv)21MJ?UHB5Fq>|k
zNWy&s!N6nniMofBITKbNtA~V_;QYZA6R*11hEoW0Y#b*jG#K0BnuIZxOa2#JKuA?Z
zJG;TSU-r_L*l0aq6lLdaBI!W2gCUgiQ_x!@zPkK_7+fCEN^t9K;)Q)D26ls9B8^yW
z=WP7*DdYs-_KWk8e-{s{Z;<Kzz(c+*zAG>|(Isye#7e>Pl?QOHkaH3uAKbqpLz3Hy
zCa|w|Vxs6>tWL+p71eDdoO1h@!Z@fX!8V7wf}rR8;fp78!!|uetdFN$zG2J~&&8%W
zHXkJirRFbe?)aAsQqv5Z8~7}RUvFo7$7Az-YU};tWR}3FL?@q8$aIwQQ>mOX=M4Nn
z@{?Ii(+X6+nXWl&u$*5{CZHC`H5T#jSptWYlb}H+LT~Ic8hChpZsIcI`hk(5_IK#l
z4~z`OYu9S_L$6;X37}iJ=b`<O6I`L>Zw75ft#aDeqDu9B(a4Rhg?gPzFz6INkBci+
zza)(rs#5XR<I&(C90@d6rD@YwJ9OGK%|e@UK$-gKb&1Wh$Eo8R)Svh(g#O?f2c!P9
zE-~m&rKUdzi0h;*t2LFVGAfIO8iBItv<L+$brR{#N})Fk#u@Y`!K61;n%=B7=}iLH
zn@X-X#Roq!=?jv~UJa4HRGIaqxuP#7J)wu<Uf_B%#%9_-N6n2L602JMAQq%AlK)mF
z*$-o^WZx&r8`(|N%+L9J+a9)NEVmXm9-1#3Yg1<2oB`aDZ4&=V+W?cgI7;<1a6(nM
zra%!YL9v%#kdkm6DfW_fXd2<)5jLy`59B78^kHZyet=#dhKByW-JlP;R3IL71tS1|
z?<AeSLEEi59P|a6!^wki0JP)E=MAPKI7U?tCyZB;^lnC{DAvvfG(XuDco-f6w?QPs
z(2+b21bHO!ed7|zJox)`<#_`BBR<)U-xb4`ml(?=+5_sr?Q}r1O?ay~gMRVlN>X5W
z0?V4h6@9>wSc88;wMsC%C7MI{<QcA7dvrn#(o2Uw1me7xU2LNzMdhe$37WI2QRQEC
zRu(Qv=wE`-LzO*8GFK@y?Z(jtO-nLqn)W85Pp@f7T+<lWw2XR_hXQR2<QH(oo5T;B
z$Vz0%+eq_j?0SJD-8&6~>R@?I-A6Pd5Ez=k_Pu1`v#=`m#Isz1{yY?m{B5$o`r$c)
z(A_-BXrX(K()+6<oxe)@pYvC{wnh4@B%^-rDGc4$U#FjN-M_zXzPcPg8qcqagsPHX
z<wK+B`PB@Z0YZe7ItK(nDn3LAspm9=6rUBM*&n4+HN~1O@~f36IKSF{k~zORzdm|?
z_4Hfn!#K^hM@_OGQ-&49Uzgwu(&`X#%Zbmo{?R=qdcL*Wc`?!Qtta(2<Xd+?&hxFM
z2V<@Bt=G+_d@C~V|B8I8pRa`y5wJXYHh<UugXz{w{&VxKS3jh!{~WHZ{~RvXf4cvF
zzLl3%Masv2dA>DyqR6+toPVtOR%!kbN?e7{k<x=BPM4N!Z^quwh)lt<IUce9R@D6K
z-cF6?U%&74AD@4H?*!&wyWVud^RK_<pWyuKGx=KnH7Vgt8|yr}EX*!^1h<$gYD)f9
z5(!vb)d7~$n1982Ol@LQXtERTjGBY}|M}Mj^RK`4ZY2Nu@I%mZ@!o$j|GMhN|IqyF
zr#4gm)pNq4Z(Ry@hjj{el1Rb2FV&@AhfA1XY$;zPd6&j&8CPjZT{CtbWnDdwQ-;u-
zIqj=uP8Hm;ng?}Ed>OvU52eIH<(@WL+Vl$=@3>Q9)qG`H9px)uSM!zCFRAvQSP%YR
z&-L1+i4NcM@Vj@5U98(`DC6t!WdrSL<)I$B^%7C?vF>}NK=xCI^eIv;2kR*6K}^U>
zl~Zwpc_>YlS!kO+zs7?HZ=KyS;XV@AET||e8EP##gtdk4hhIxD>HAVNqN@XJ=eX8}
z{mqUcA8Y46rYZT@Bhu05V+)#)kA0TR*?NbMuVajokA2W0AG=fcKx-u*i!14LIazjt
zE+>l+OI=R3r^t7!dD(blUN!?~Sy0o|l%fcSNYetErU}e?<cf%fQnP)Hso8T3so5Eb
z&!)WW8x7@UFA{m#TFlG-HpVJ18?WYNpR>rvcFJuaAN$M+$j2TJ`$CTzQnDq+eC)<9
zF@}8XwQXb6eC*A={_FFxi$y;67u)gYV|nO;$ygD<C}B&qoa_s>NN;yya<U;qezoa&
z*-wtB>!UE#d*WYZ;n3|EBuMw@^Re>MB|Bo|AE+lpIu>N@Wi=h!KY>Q9zS^-D6|Hi2
z1o`_EXSy28$AZ)J)mrCc(GB!ZrE#uRJ~kp>6g3|^NaSM=@#*pHA|KoSN#oRH`=QYj
zvQd&pewrg!Qb(DN(g}!U!P&>HHZ_%`OVAopO51lGZAwW^&;EORtkFMVekpiX)covh
z4^JrZ3{%5tSz~so!n>7puW3mp-PAanKhmbp(=K@AsPeRa&QfJgyp(fPWNnLyC@EMz
z^H76HTVIotwyBXx+mR!<^{e?K_Gt38Ka4cYe=mL5C}f{L+-SbmZ<_w*lM<P-Hv7HR
zD0Dt9bd$G|=JVNa{@rr+`_5ev>(4CnwfAKh^R@jmBJ;IQI-^U`zXBy+OBp$wyKIKr
z)@k|LX^-3V$+_td88TA(e66I%K!Cp&St+h?JSC;5Td_}3HYxC6f@DNNJf-DrB})`U
zWZpLXd#ug8J`eTl!ZV}hZ(YMo`el)}MM=@Lt-`xO=v9?LnV3PDYBZfww2Te%*z|ea
zyB<8MJg%x&l_tGPAidha^{U{oWm5NwMw7a!kxAXIZr<55x5V1?__ZeHbH{rOA~Wm(
zn?9dA_yJoZ`CP*UA6F$=$>wh57KScJh`0`cd9m5_+1!hFMCOYk^SM{`Fy?bF>~Vtg
zxkH8<Ov`=uA5A`&YYvV$GmYw#$@M29!F%G8yGOP)Ex9{kJhzc!t76UjX-3cQ{_qG2
zMBJ-M7lTgWnbQgmDk7z;se<C@juw8TOZB3uU;CI%pXdGMzN5<Xs+!15nwUhIxRYyQ
za=1xJ-`D<VB<Z{Qh?ev{yU@btQPQ_)DA%$>8%^=WQTV^djQ($k$^Q*$H2?dL`@d~g
z{?8)+n{LYgYS(=K_UnSVlu8qmMQp;?<ZIH_43SIttX2t+!ZXCIRz8rD56s3hZSqIM
z@5%i4k|KT^5A#u#_%Ct^M)m`imGA^^0Ux04i99GLt(-0BR!{JJnl*-wmOG@de&6x~
zz%u3KCQ{dbg(a~mFo;CN(NU4B&?)PQWD9^hxTjT$Bv)n@9<qDRG|pCe97<YZ*^rX7
z^6JfO;v+DsmV@k^)9BCxHUes3=UqU%W3eac$L;KeBQ#aY9@wClNQ?c+*WrygLM=?U
z-k<!|+xY(EAD;@ZIrB8b{^WZ3rih(n920T96Vqz-g9;^Y?jH$mY7_hY4&mn^Mlpr=
zNy|tY(2<LqOYbmgXRx}B$RKwP(>@ersiMUE1?%<x(?D;6N-u_A@G@{PK(>7oGA1KB
ziJqlq65B>6vG_<d64|%E#+vb3hKaHS@_69x8sOy~_VPgPh2SQ|?*vAZ-$})Gj2tL5
z8hnr|a4&Dm(Yhk<67GuBChuX%10$N;5}I6nA^y3Dk{7sXlA$_bkl9b`_&Hk-9VRIy
zFE({Jw|w*0>H6yy^k5g~w7!@;7$2euZDx)Fj!^2HR;yxXb5i-5^h(VSSvV_eN2Lt!
z6v4Uf-!=u{D#lM1L!}4Gv3Iu-J^wbk=jvpqT)|I&Y6TDH$$zoYv>{t(6Y5nm4xp}j
zfSdd|l@{?d@ne50g&zlO8b88A^!%ta@WTQF**I%NAbQmRn*vx=0G^Q{?%j)3KEw|&
z@gXUK5AJ%w2UGj``|cO*|0S~hpdYTl1#ut`*!l!b8YreYd@tv~`NRQ69LP=)EU0R-
z9B9#s5(p_G(dBjunyvu;qqgng=d-B+6Kj3DO+lQAfTV%g<I*yfWk20!&?RJ5TU4X2
z%A28081R|-MK6sn;QSi5mXs<_-pSh4(V2pJ#9AhVDAi?H^S0{u4d=(H0Gsa)gq6bu
ze;kinclRkkw0nV5?wg`Q8z64TP8ph6+&5(?VjHqX3S12C=1r&>+~s?;vgH^A8$3ry
zb8UFZkqcs)P0eRx3CAt)M2v=<af(B_9i;-$M2T+<RXAcnObM!KZ@i!56}$r1QmHH9
zXa$}g(~{y&5fed)K(;Vl2}deWzD?Qp3*OFA3Y23Js2=>4BNR9$K|||cEj-WZ6*!*x
zx)P2~AVh)y>|jmhdOj)XJ<~*{HUX-e&~(XF>dYsKlzx6zoY&J&^Dpsyny)zyBXOn=
zB-XxPl6SMr`-}nTlA8_V$xrdp&#@qZ;fYH8?hK4cbjmz7b(C^Ahysi)6@h0lk5i$T
zAi&C?sz`tnUla($J_*GHPo${^+AT0Ef!%PJ4w42V#3Bx-6nN(*w(l-efW7%9L;Kd;
zq;Fr6u6;@WWcwaG)RgvNzNFFd|GkFxG`q<#{@<6cj{nuMKTaeC#+(2=H=AB>ZiP0U
zm)D{Td$d5!`X~d^t`}1vPWcx2ZNX=D%--+CvC##WaA4p`{1)106dQH84D+MevS(z(
zSq?&Bbo&4y@XEBUBy=5D97<7T)>brgpMg<MT5Y!c=NHZRTa?^MTf$+;Ov5;45D`=M
z@y4c=D<%5%wO57`bo(pyfgkXQs;?mO3??#M4hFG5L|*PwrI=e8`jkxrLd{(^fq%pw
zG2acpdcTVe?YhBcj2G4VzzYQv*c;aMmEI7gzBi)O2bCqUe66x1U1j(4%0&B&_2os>
zhb^W05}D1qzSA41@9_1J^(FH964=LwE$dr#ef0W1jHpj(>|m|3wz|qjUoXyOFxGSL
z^;$e8e<zZd<|(QMWA@)~YA|MBe$xqv*}wlhB4&T+CZSWi(d0csSc`t}#FJQxqtMgR
zYS~1mE`H;3;~$X>?Pd=<jTl}Y@SlXCe+R7ajX$+;{)hW`I3M~p*4FS~Aoy*pO=lmD
ziJz158|0@u{{--J+-DK|?2wQ4+rxRfot;%5!O&BIp;t;ew(0qKmeepm^J+AHjvvDL
z`N}tq@pHsC27ay;lg1D?e`||~o7t+{|KXVVKyQkf?Y1Z}b7k+Nh?(m@Rb%F<z4fyE
z4uT5s^i$;gCgglu;QW`p44hZ^KE0QT@4CUsPWH?0h~PQ)UW>sRQUCP6dHB%m>sTAF
z<`*Sa=k2c!8rFjv`lCm<OGJO9-}VppM?oI-$74sjSoepNcNG2c;3sN-B<2}(;p7A6
z4mkxnq;rnmwv>qeI5nrC{>a@G(I4)?(fXrKoW(Y5Rg?OozbnvVdwmyN_#xNw(d7&r
zcJ!m;Z|bq}7@JJ%&pV~NZmJ<S6-!UdRKrg<=%yMT!~>-*rW(R?!eJrp)8Kx>>A;=f
zV%fA>GqcYEW|w8@N0kETM0P>&{f)>QaO%6I#I4YZ>bA80ts39kJz}ZucKxKqQ@8Pu
ztS+b@v?E*B65v$+hR?fckb|^ZT7(^aj&Sky`UyBgcJi-}#01=K<>nWzM{BS}W6AUT
zt>kZ3Pb>MG+|x8;5r-zY6*eB%uVPahm|%<#YW5c8>E(ls%2VHd|ExR}Ih!C)b3Rn%
zsjm~|$?3mRFt6`lR`T>nW+U>H7kPt)JdFr7L7pz_&*kZZ6(>xd9+jfX)3n)UdFm;V
zJZUV++-D_E12U}SDJLVUJUz)8m8W^jjq((Kz$i~RNoJC#*gkrBsx-*c@l5?)ldGHh
zdoUqFj_9WQW~p-2I#+L(5?SlLR&vzwx<=$EF7gJW91$xo-7e(FBtJyd-o9LZ9$3~C
z`Ed~dA~FYXO|PgT^VkPwk#Y1gn4m<~=1+6$+e7P9uQkLZ`gWgmZB)7Gxh<O9u!&2J
z^7706M&;$F{C`GXTIV!DUaopym6r|Kdb^XzHteyIm)dI@k(Zw%Z?KS;@YV+8W$Dda
zUanqpJo3^yJF2{7&NR!*rYwVrNn{&$Tgl6T?os9Cx9(Bp<&>>a<)weQDldJM!TFC{
zX#DGLuAEyQV;b@f>rVSaDueHL8@s=!{{AF3ys`UFq5DOCl7oSHeli`O42&sYRULHs
z$uZs3^FQZbBhG%G^H&`uD&r5<h1oFpQymntD2~`n(1dYf4fi~>)3MzDfbzDlH&Zrr
zC>y4K+o%j)o|V9^$F~LIhVShHzb_=X60lZ;qMAGn2t9^FPN3$A13=AI_)|Rt`GMzK
z*JIn&Eg(ke$l~}Xg{-#fTQ670T7RZBS#!G+SsVUrjI3X8<YaC68_3GzWa;wvoG9Xd
zllb*o74^<g)>BW|7(rN00y~2fmPLdu;)Lbc43zmu0W*m(=tj1ecVh-pI1Bz%zo|P9
zo1YIJQ=sv0jE+p7fq(sMDjEAW2|8ar!<x=vR}-DD)ig%uE4>As8G_C!wLoVK(ODv5
zF2TRVsQjx@_&0#lHIg+m&?O1F64|fmoPT?|=-@1iDA<djj{>KId4j&Fe{%W`><9V=
z1CiA)l^FR)TlWOU=*aZ(DALToL^gM$p!4?At?9gs)A`!&rqX$nLg#@RPG>&Sxo|(y
zIYft7Kq7_yHi4h5h|W<X*{4Z*MG<tufc5EaMCZO;UDRk96o%7jQW*SkK<IrJSC~)0
zy08vN-dmc&81<R+bCixuuYsR!RVwcJO_13t3YouOMP#~~OlC7dW=kZ~^B0ooI7ffJ
zu)sPrm*m_7<O*nwbl>;`3VDKqt2PKzGqk<6sgbUtHO~o(OCj&lPB~o|X_&ANX!sNU
zRF|6aw>o+fHF|3F^wgN>N#7t?Rdt#*tL9&6O^?Dhjjr9GvFtXa>mvo9#OFB-{z2}~
zw3&`vl|AyyByxhPch?IpU4NQ2m(IJAI<OV*zyqQK6~i2e>xl(&R*jX7zVdqBm)9b_
z@57(!7fZzay@B4OrqjFcSEP3#Hk!SBs-EP0L2?p%^a>*R)}02KQ>J>L<XJ2+i(dkX
zpV!Gr_Jh%3weY9<d0NkG&=1;(B`_)}Vm=9KSE%MwOA1NX=*X^WXHE9}%Zco_tD}+q
zOLbJTzmYiEKY<Nm*Adx9yecPJ*z=>{w|5;9zK96FP*3<6L3mCQ3;&A<XFCiglM|kU
zgr7}>o2@5JbG4O(_57lmThCLl1!Le(b@33b35b5HF&F@)7n<6TFDiwg-__Py(9?M<
z&f5`1&~MujP0(5IT&|vUR$QoN2XBeA2U;>0{!~vi`72KO7|{*=Y#Q}BngC7K1PFLs
z|BKcSZ=GV@4<jz477PkS>xY*@QTxH)OZ3BKg8HX-1NHlNV?P+}Z<1#3n6P&lXzy?U
zA?f)q7@zrzCi;JzY%ThW(#)o>E15ojPB)T$e@-(0q_R|aT}&dK-J;%~6vb37+Xc<I
z1e&27)}{D6EBt1!#s7==&4X<s@tdbEiH6^Nt?WeOHxD|F7QY$H=J?G!ch(U^a~{;d
z?yj#R{N@+*qlVx7;8PQRbAEjk{ARg>grw4p-<)zO$8XkvrC<Y~`V)cQ{MWVmfvy1@
zIlt5lj%<Fdet3Sg_|2K092<VKq(@W|PmLgPaF3`YHh|we>5~(I-`tL~7twQ<D|zwp
z<u1>U%moj<CZfqr#&5R!I1;~UyNM?#56p?cZ{EADiv@o3#%no3kr0c91$BG0siy|l
z(KT%{d}4P}99;7j9mm=1Gc}Rb-#n`liQ{xf;5btwah#84@Kn_HkM#Li<j1KhKlJ#`
z>v|aZv0BfM=<A=FJUKV+YMZh~DLRg`PD`-fcy*&V&WBVSXKEyl^U>=>`#;p$&+(fV
zY>UWy(zIlcYecq_(w~N<CwsJ3isdTDlLK|9qmPfv`y)yYv~N1G3Kx+yo&ybPInWO2
z2AygE$C(<Ly1edM&aZj1RUBt)j^orXLU|=mhvSTj-yD4B|Hp4CCI4^YH^=ud;u{~k
z%%;Z!-i?<H<2U^Vc%xW$l_{&}Mp^}^p&R*Pq8G&qB1AWe<)s?BF|R@NX7*9F@9k@h
z?R!4W(7vbA^zF06Z=U$}J=`FAQ)^#S@S97z8`|?}SDPNc`7T~Ih~GTs^_y%)1bS0<
z9$Iw#=Fpg^_|1D`Ies%Q#)#ki@YDY*@tZGoiGsHr)8&}(o4umdcX5>Z8p3ZL>>M2*
z`CI3s$8WyhKz#v=`WnM;-qt{UJtFFB1i#t3vn76W|3$}(-~3lvgE4!%v=b1sKl*+|
z%>HH9Cg3;QUla|$dAL*4@tbKmJe=<|tuee|{Iui8Z~lI1gZx~6=?UQHIWr^iu$MLk
zzgdwQ1;6=WYSZzXo3l7S*S*siKj*y@4ZpeT*GRlzi?sitm^tGTikVOUHA>8!e92M7
z%#+?zV`g@-UZ!8Q#BpX{Xo=&z_`-&8gWvCt2%i7l(_*kj)Gxh^hY?r59Thjo&o9^a
z$G~-w{qe-5|3m%paTn?jxiU(Blyo_Y{)m~b_Q$PV3_8&w0>^m<bjaKb^fpE{$qJtC
zf`<C#s$CKNvOFVNzg(2Y`{kXtnvCcC`{zdScRyXMAYQr~rXHaDgibx6|52wNqT%o+
zzN_J3E;8aepRvSsUYVjFWm@22PK~_50*5yz0@s-uiNpKgQXZ<E_hu~ZmvkKXyKpC4
zG;mDOJ7#dqnocG>=XgszXXo=R@x<px#l?KlIG*#WH;j0y89z2EPeq;oXXNS2)F#N&
zRd1{E^h~M|*LjU4u5;VDjmXoA$Qvx=>COmTr-eM-eleG)HLo4FJk7Z<sytmj)htg>
zU1-8{rdi@S*C$)a(~9J%^7KICc+Tyw8s(||nnv+?mv=JC(`vmuoq(x8cSoBx6&MYt
zx93e&j<P!%ah-ofARAGR-aMxfIT{mrg9T2ny^8Bhjl}7l(V5H73$HXJKhf}cqc4am
zGWIvkB6H&fCOqen8Y_I>%(J87^8#l_m7B|=<2mO|G0MyK?;FSeUii<-OLj^V<Yn>e
zs=TyIG2%LxTjDw&Ija$Q$&0+fLSD9SZ9rajq>A~jmybnWT<1rXmmgj;%gZ_EoA8|9
zS>icIc8Dr313N^OmuAuNoD*M)#B(ld3~#yjOaq>CQe*coJ=1{a9NgIbFPtgxob&6A
zc+O4=o-=V@otCfE;W^nU0?)bWE1pun>ifDdd*^$B=R_Hdj!&eMRdo2og_{NL@14E+
zw`sV)Cr_c|zxNw6?l0AZ`+K{ijc58LLDtmofUH*EH-Jy%yTMuE6FHeWd}3RL&bmLX
z>0EO%(YgNX#^^kFfuM8hDuMs|7V&@IDfmPrDmot4%)e1p0{(Hgo-Q5y<7!S<*4HNB
zX{s62bQjSTWcMREKYeS3hvodT!oza1G(7CqO@geiYplt7H<8Gi{Z(UReU-w=TJsH%
z)#KYpJS@gq(ea0ZUn>6ahD`#kcA0@N4XxIa6V_){6kuPf8Q9lJ5SWGpzWz-^_(R&&
z(-MDZ<X<A2robfqd#uSE?BM)c*;F#0I-isI^w)@g`C8x)1yRxQux9?XQgEhwckA^)
z!<l~7h6roBG8)b_)r2z*ohS66q=M@M1N~)vzP7-_a{gK2VNLo9{P|7Ld3_W*&*OAH
z7;Gw?nF^h3g}^@}owL3&;9;AH=Ol6kM;9n~&Z)bsRb}K!jo~><!IH3ZzdCk2r=Ffp
z3Z64@m$m4z)=kB8o{e<LtBiO~obPA^&&hk!0CSt9;5nb%Y0agZTT_3Y8H@sRyE&-B
z+#+nukYuhKkE{fG*R3?-Id$|#!xvi6`@0Sp8LZZmtf9l+YDFX$R73+tzFE;FQk^+4
za_%{t<b^>Xx#LP}JSXk37!}XSsW##{yXeSHj6ybRNo0SrA{yD-S41WI(Ak{qSS0(=
zpcS4IiEaeXX~FN|Iy`6p9eS15aD<m~!VfHuh9kUWMHdV0r)jRNvxWBWSi-fxCs-@?
zVMP=0oV*vB+K>+vJm>QvYeB!i1-0U`<xvFv{^ijGosAXYI>&P+i<XQ8d&YiWVS(r5
zlt;yLa_WtE&T1W=^Lu994>J;|1w)rb>xcK2MeT=$9YjCeUCychVmVNM!HQ$UbL#D0
znhwu-Dzg^-UGe`Eo^#(aXvQ7O&3H~a|B2_MrSUs?a`|(K&H|X6PalC>38Cj3L?3~I
zFdcbvzN3?GDCR{w<rO+Q^(%378aUO_>E4eWogOZCbn>irbQ)8oLu&fE(Lp9Sj%nF0
z0fuNhq(C4Uehd2WZvyqu$2jRF#kGgOL0<~|+?ATZ&xi`-B)S6kq&T3iR60({mjNG6
z@75alr7O|4oxPdT%(fWM&10W|?BRy>@(T7uaU9>-wt`(E9}0)2G%pLo&?@vEe3pPP
zOr3g$ZJ7>V`Egk7v(RDSn!$dc;b6b;Q-}tJt}QbbXV{!FM9xP}8ZnLz@W37V<HY$s
zareV}9Hs5L%6(JV`s@@Kx~;BstQ(zD>zLO!rM7U}zQXTfhd|-pbq~S+L-4nDU0g~2
z8Mbw+*8k~vY6sMZcW>Ox@Bgkf-uxHb_SdFy33#{U_+nhbbv!@i3@$1B?RDGyPIjCZ
zc%p0dX~N%hS}g^h0L#JbFnSx?UXqteKh#Nq*1t&UX~Q-HP4M%$kTdZ7$QHy6I!-11
z7x&$pE|t93*&M~63OX_?6CCrhfsn2H3cmruvyFuRaw8{vSU-hmy!V^dcq1ozbP6M?
z{m2W)7YD9$${C1<Ab$O}E?O&j`>?#B3PoMjpNhDkGVaxxXV^knVe@{}{@et~{*{!z
z)G>hoK6p5duiR183K+KzOjWy-O<htX-x^18CfSe6Q!4+YUuqr24!mbobsW?~O?~pW
zb-%5H=C(oF+Gvbv31qb-#<W?-HZEBg_eF2ftKQajr7dklTUx_ytv6khf_EcOS+dtk
z={1rgtA@SB(KDdpOG&&CPrN3L&OQ09vbs6(trFkAaa98p#9gDl9go<tdOLBtO<H-{
z8hjnrFL~=)&2MERo;Z50*6~GVN5bLi3spW}HbaqEv=7J;alnQsKLyGSY?RBff(kC5
zME&Ll`GKM$jxNfGdOvRg*ND)+!rFN?dIW!b=-bmwcmjh*h!1^eQI5~+=QHHfgvaRm
z1sU~JQ~CW$c_Nh8<|fBEUMyGb4P8&xuKl^mhVwck?_xr-x!cGilFuK}!PAP%zxO+P
z^{#v=&?7kg3>#Z}Qkgg(s?~_(&`KR%r3HV=zAT^FVQgCh^@DU10fpjyKQM2VUAeZP
z2TO-&*BuP>$s;=W;g$X9m9+MGBEpR{d&;jRc^>^-0@qAmp4r#spTUoMnTH=~wX6jh
z^D2HmO+RJh?83#HIUgLQ6RUKt%|C~N8{aN>@4_+NZ0@rir8&3pjp-_AFFLz&#;7<q
zWe-dJ`;gdGJ-@3ozHZQ!<81SjvF?>+$wbMX@S5r`*;7Xrg>n4>IDGMPAjN%}cz;Im
zEc{T;(ScSV9eKX3?%tV&qf>yA4g|EkP24DmQSS$DHMRCo7`LmBpyL~&18xC2%30mv
zMVh}RXq?vO{A@?*ww{jCq6^Z&AQY8*F2IJ#KgxR{9LSKy9~cUidd`q5yZz{H*|YdX
zx=mg!r~rOA%6`mnlwtNbyjosby_P+LZ`0;K6qK6!#$4pGyw81FhNE;NH1MqS2>!0z
zAHiR_(p`!7Im-4?Y#83c&c_$gd?Le>loiD^oLR}VuQke7zN#Uue2A=oKo4kl*~GN9
zdLE|`t7Q@6XZdfMH~(@Qvdx{3bQi85`XQLbm$A*;sVEPNPW?$KqB!?7Mnz66y8b6E
zOUF4u{$58h+%%c$@_bgJCl`MImj6CaN4i=G(XX6;z>j-~So|WT|LrKc3!d~(C`XYA
zjDQeypG)5FJ&@pd?om5#%l}|%9`svV$=hSduU+T_v}SnDSx!4UNEql_r;{<=|7FTb
ztRVew_i6kv(WgGI3*$!oD+ReIvDd<_{<-+3Jo%xNR6Mds8oXBWM15sY98I`&@Zb<U
z$R@bEYp`Gef<thJ;O;E$7J>vP5JG_91c${ncyL+VZP5i*KHhul*7u{UdS>d>=`%G|
z)7>-YIZqJgV!P2SL)m-j;nI5F;n8J}&i>i#K;MVPbR3FwI<dWFU6-FQs_!<$0ZIN#
z3JP>{9@rY8-8`ca5syBkXT3qVpdV)fZ!_q-JV^_zlnnQsQ;?ZRBFfRuo>Ni`aj}Ry
zjHTq6gP6eX-Jgda3(_lJh8u7>F@IWmOPm^go_6F{&e-q6T!15nD!cU4dY5|(UT`>@
zlFcY11`TVn3F0(P@fwI6gfwz6UJ!JYLiq-!Fof6$>@IuBND08)kE2^BxPH;+()6bl
z<1&e>nWic9R%BFd!#z!s&JCQet%EzZjwF$%q_?Bk$6r(a;&kIzNHx8h@{%uPJX4fV
zc*i)si1w@YT-7q7hf^0QfA@Kc9u}>Kr1EGieMv|-N0(+0b*>GQ#mD}1h_T6MeCFU{
zZA$R^G|`ieO;xl&nd#yyYS}*z@`I1!dooK{O~;|7QOhGzr{lDI=#`JZQ`#xN)R*tf
z;vr4mC)fIzr&Ca_;=6i`DlIWw{w7g!_Lp-K1&9*@ta>ATqBKHCIr!+XgK=coKLVpz
z)!a9)s>#0P8EGX~@cP=)CJQey`IxkSRyvvFF_;RqaErFOA=>zUYbkyhLY~h4m#Q$l
z6&L2kTNTOcm>@RLNI6k%OUO1uTY$wQI;$=8gJzroBP3T$k5EjDpUXkvp>0CeJlQwT
zPBSDy%PKoo>^(UxmW+Rt6!4Wn4tZxi^Haj^so3aGH@CMH#Ic+why3R}RblBOt9W!_
z7aY{RVXyihE~oy~9}&;RL#5Adeb-MiBdb&WN>^V-B%QgrI3s&Wzz7mL%@lw9?NMw#
z^*9z8qepW}O*z(<Os}qu^)VUZ9I3F=W*}dxd*919sVvsylT)>C-gOq7>_400zktYd
z_R*To$%Q&3E<fAyPkwU$F<skzK(iiXV>x={vQ1?dn|*ZdhH@`4wh)DdKW4vr$E6J|
z&1#AAOxo*<yt-b-X@48ZoV9$nFYIGcN=3T<Wz&KX+VRj-X}d<oG|69tHK*KpI~`&7
zxl`{}RUoAE7Dh4g&%X*BG;ssb$KWaPKXGLL%(yZ39gBXanh$orlh}eOB(za!st(bQ
z;M@2_<VNLIz%RkS@yLzv-{Cs`x0BrR>lNr_i~B5tjw|b$>M#BN>ezeFSpQ>bp|zFo
zge}s}uEehEp8!;@A#RO0E&R`H7wN1J^5Dj#w&T7+@ccJi1J$VW9)IO49^IRxLS>0!
z{zz){fav~v7Rl(Y3Q3>%bGD>Ehi%h~N=cAuv!vLuJbB4~-}gm#z8lCt`a9g&(GjXY
z=_JP%#?cY36E`Hq?$2NPA5O~TkrL9z2@K2AB6lIv%fPGWkB@8obb&QvM1<A*kTkdK
zm+`!K+AbMZMc#LbvC5xJ6b=fgw!g3Y&R;4H$-g0xEz*A8K_!!h;BbBXEXaNQii$#t
zc-;1B%Cerc$l+|A)F}?D@^wP&Km-^3HJ7|--Mk$!0UqCw{LVHWWcs7Eq_;tn|Dh-$
zLSU}c37Aw5#~+j*UJ6}fj9klqmw@T|Hw~31du~p2;$4x-XJnPq$<KtTn(anv7ACWF
zg9ORv`uvsnC=BC_4`NNfXQ6MJ*}oY_*5dm(Yt`m2o}X!5llh}eIU-t<YI&M5uFf{D
z3?KfDZ%GW%3Z@$G7{2n8hP_}SKEY5a6kBlPo1K`1zRGOStW=}RcrzOBDQm@BN?R_>
zk$J&S9DoQkx25B9gc0*9?z}f)xllUDY@<B7rHcpLw+i}4s}&|Dk7iN4>d(?0ENLcm
zUv{Fu3?O2w2}I!4t&eVG`hM)aZWI>{R{LJ;kbLlA{dk^{Ep1*ebpzLq*r^J502?Jp
z!gw<I@@La0Z%w4kXJhj$&O<&C(N{^C2MA3Mw%FHi1$baS{tOFA5f075oEtNaFA_=a
z2;%I;gz6`&%XNey>O+`CM|8FjWt(pdf_zJ^T}BHob{&1TBm?{o-6Wejp)UqZ!|7P$
zpXBUczrqyV=zD09&|v}xzTDjH&$%)Wmih>w)H<8YYKeUc14xl1NJ&%(Fp5!rYIXV&
zSXdUv1>4bvOi*dND_SnI8v7)?mTAG=jom|>J^O&JnUG@6@Q&&A%Z54kGV}p5>I3Wd
zn2gL6t{%vkSdH}41h`@p?7kP{?J>dIwv5`9fuXH(Q5DIw%(rD&>*Wb|JH`=aOm}Ih
z-j%mu(><T7V2k6Q5htcz2sPv9GS@h3iM?MK53Wpkch?kvwTxmSqu{E@{MBAChtZ^Z
zOu8=Hk{ajTU-fAJtYO8~%$kZItiAQ|_;WOcTHpJOT@`Pxr^|j#DZmd9>m+}{Y0dLb
za3%8*Qs31#&(Vuaue`ZgWQ(p0ebjP?%fO0pdw2uQUr%My2B33HNNa5E=}9gH<`y1L
z5f!@JH_5gApQO|(Z5t6da4(GW@#$r`xNcV!-axN0g)PfXgmIWbE1H@sJsq9~Ypz*5
zVvVs4n2yXM@T_H|6dZ+1K;2Zbf_%bI$O^B|Kumh)7=RvG$w!H>ibJysZY0e{E;jT_
zHX`;we6y(Zmz+tN*j~}Qw)`vC^3GB0yPoGNR}c*0=m~aH^w+Yf2cs8TO1D&^8hyi&
z3IaayYKV^~s7M<ahYsnG1PUstK^Ooo9g1Q8s|z13N~TgFuC>5)iuHZiVVdc%|5|;4
z;s7mSI@4_4+esS}4uD}&?e-n|O=r&Tg=)HH7c;GUe!dpNX#Xbi7VF)v6t$duQ!tTx
zua<5iUw-Ed+r<{<W?z4`b7etd$5|J5t_%e8E9)OXTo4Ly=pTr$R1l|xi`EQni-3=T
zY7K}30&HQyAsn?TAv7kjpO=br#|a@Y^0h8k@h<bFc8dsqB-_G8ZS5j8=U+Dve^+9R
z-_}%3fot#r)Kj?D?C_q}ZT^T_{;_sT1l40vTME76a@!!v^RRhTyN&{fdq<;eW8bh=
zR7UW8vx)n)S>l|ZZU4=mT9%h;6JgUOA}4<jaEEF0U6;+X9bvQf(C!+6JA*f_;X<H$
zjh5gIbBZ!hth&Kd(1y1>u>8}FpKrkm_~;A#w)JS8IdotVyF2uGnGXNsk-K7kK>frq
zUkTc$A-&zWim3sa#h=#xnS1@?qB~L*Sa1_l0oq0Td0jnVG!+y5uE|W~n7!EGu=pyU
zG2yZ?qpY6~m6K$uaC1+X;M<J;0o1E~8=jEu>VTp-{FDK~J=?gxl4uPg{C2~5_QAFr
z&-!mDf!7h<kju-W&Q0n^XAzCEUtbAj`>Nw><5w0Lec+1v>8eBdL|1&Sd#fX7>rLpN
zj37Cg1BHY$m1CYyG{)$3ga)s7s$<YnR;Rai_8VE}_eehODFLsgM#KrURy6&~{ZafP
z?wk8{PCC-_pIsP5x>-pde<}DlaX)f>Ij2}};k1%m`Vlg0$G5RcxoPNqC-A#>a^Zy*
zehsq2z!(@=6>R^ZOs_kYnN2O&d}X*J2QbqYWF%Fx*V+-V=X<<A;imZeB$_+tPglJe
z-J7A3X%K!PEp}!|OVQ5H!1dCxmh(=ZNCLX~fRjHTYtLCv;*H%?qKaBJHnmPt0!S)1
zz2Zb2XrGLv^k~J^`n$2$jOE4EbrhJI^i;HWw+>|BY|jbO1SF=|zj;EwqJ6-a8{|6_
zu5LV}^gb~oJ1FLmI%&EX!2j5cP_%Yq7TsP>q9N{}aulK_kUp3z=^^RnnIQ7vLca}Z
z`Z`f9Xgcp)eE?h;7FzXbdFb@~v{LgSOt?vAqOFzAAkWmle2lk)x8hjA&Nv?tiY<u|
z@npob8LEF73(%;Ue9tA(eocJwIQ|ZqrH=U=TkUOigcXsAc?pkzW>hU`njkfzWY(7B
zWYz-K5SLA|m_X?G$qa0(zhj1II>lF%y5i_{wVE#TKlaX8=jI*WZvvI07As~gH;JA?
zMt=vsS>GpCFoU44zzdOo+U8o})<ei{V6cl)B*MeHzxU%D%=$?p2?5DAP)9%@1xsh`
zT)f_GIV6i`fNS?(gH`&Wp4z|a&D?r4f9Aq=gF4!ZB!i0EKr`m-dFu-I+3=_ingJs5
z@Q!a^I@Sv9!O7?R%AZQkY{=Itud{=n#PcS0dD}`yZoc*_fWNUd_l$dIX!ML~twp3T
ztBl6uxOw!!4iY8e?m_BDCElfmv`*eRpFm#OjyVdXbaN#Ky#dGK0Qlia2VUq+GC1#4
zY4FZ<EwS>cjf@16P)t*%qb?*i?;+7<1by;d56xD;E0;OthnAKZ;~^Z*vq(gYr@GjX
z3uz(~(v|RI4dGevUu9(X1WS78)lXQ}ACdX32cslzz$Si4ymE=q=b`woWp8HWRWl$#
zUjf$_ypt`LSo60j$C45A{lD)C_<A+~zi@GbYRv)tcyeOzr!7`uC0V`*85}?GS`-pu
zXQ|a|QI`~r7{2Cj2F0g7$nW3nMB+Ee=z$Swvj}_6)hWk1XJF-bxT+LD+S*kH=d&A8
z>O6N_-<XS>wLBb%AM1lS?N%_Q?3ac{mNxO$Q1-dRuL!*UC}+g`*>SU^RcK8Vg<=fb
z@2<by-4NZJgMMf`{#0@(dAzEH@(yirm>T;FMBYCyAe4?0Z{cM>Ms`S$KbO+b;pHHH
z_73MCIv`_%TBYNN1vj$E9|I=@D^^ZER($W1``7c`4@x;4Oo`O5*EG<BlAm&?O~<XA
znVP_N>?w(6)9Gfv!e1F=ZSlk<nw_y48+C=beClGQp#sVRjboLU776uV?`B@`6#YWy
zP7EEM{OPa_I6ILEB@S^B;?}e=xayK!QVL<%PVS~54_i<1cpuSSKtEYLm~*(cr%vj5
zNqo4znsn!%-0SuEIe616L91=a#K55>jQtgy6u|g?2<x0{1^TH%BBE6PRL8(<?sE&e
zl*Av)7R%pUEo5Aru*gq_wmbE`qeJBEJOY2x6dm81^Dl3*ihq&n$UL#RmR|AyHHrwm
z24DgM?g?WMN7wzpN9cnI1N`E*a0=1@S({YEa1VAfBj&+W0zN4*K7E#==n#$J)j_aL
z8Ju_bF<~uNxUG2Le*MouN23i0AXz_^rT}lkxwAlwH<u!)!#YhvbDhHXHwse^WMVj0
znwNEHjERK9m*n>csOfRPHNAbOG*mqOS-#%PR^lkJVL1XvpDL<Kn>vL%%B7Y=uz@df
z3mMC5={7J1CMSuF-RE)X=D=r0Xg9I^q-%^Tnt~Y*4;yHfnlklLxNceZ9d_Sw`y|1|
z8?h3*fjCu*pJg1V7hlQ|FZg1v?O(o?Y<%=e?wm%uMC&*@QEas$UnC05S@#mAX0fK@
z`I(d@ceU7v1&WaX6lqh~`5mbZ9tshv9mvZbz8d4h{WzoIocs5SLM@om$(koI@xWCu
zS1Ad=dyR};B9r2^llp$$9L~si(oikNS)KnJOH4qKV&vvU*vpLNCF~waUoZJ&R}Mtk
z!VR%hnlV-|>m(hidPLQ^&_J>*<%skWQos4#%I2a+nTkDH(SAk%vXA`NuTM#kdW1uN
zjS>1)iaKV*MfSM8m+Qm0ec#UgLh-&WBJW1yn3&GKF?sM{e@7&c8x!4~$^5OtM(cc>
zjeZx7p^U-pu)EIf>S?xKV&7?frM@uj^E#q=Tl}h&J@z|JVBvf>It(m1Q}P_J)Qv+I
z)g0wn*Vc+nj1Y@wqVUo+&~`hFY~C)>a|;1v2o@kko{KMl$}JI~f20U-0__V%FafM(
z87CguO9{hCO4>!-zCX7%E5*{4a&=~xiZwrKdwDL?`Km27pz7Okj`OstMbP?tlGQzI
z@?f9-Nar;hizhVwL3mwjFsgmW_{iNoi@OHs47C}=&28pAxI)^w`n^f$FjTCFfj2_i
z!dum=`42%WzPa-`T^xN|<_g(i-mBC(Poh6!aPuL0<7IpwK8r7PFPwMO6`j_~i3}Ut
z8%K~m{r0(@*X!uaL_6UPhSVa`;y-<GQRlk%rzjSdHEVBOCAO;_%uGkeLIoh)Q!L*|
zs;mj5ry9%#uH$|uXbx}FvtqAXH&MxltbHI|dyz!V$&I;Yk+H~AN9_-7nMn^}Pj~iK
zl?>W>Q_r`t&$^9;5oddEK18%n^Okzu>uXH8ZKTh8FLjboq8muJu)7PXCzmldpyw70
zNDb3!qnWsDN%zx5g|ICc&wOZHua1dC)V_=rz(&)B6Z20L^rk1!<2yQI@b1mflU+mz
ztw@p$v>p>0O=3nv=FRI=-G1bl5!70OK_ANx>^+I?EoX0kA-7BBZ!tsDCD|p{DbyM9
zC4K0KByVrL1C`2O<f!OtH~F<uk)5)A?D-XSR_=QhD;S{PvFohlSTf6yp(FP?aaCWY
zbXRC6y7mJ-z3zFe<l%~jDR_*Tr@Dss<;lNtPQhhDn}+N{EK6E9Js1%=5|!z@LTMIH
zPy)xD9QHS3c5dl(&VA}Z#L9pT)2yx`Ew-UZU7&S!-?54NzO^;Gm2>{yfV<Mn{!2a|
zs7+$D>udF;9vUS_u7d~X-fNo800ITEjw1p;Rn$uPP4W%__(44h{~U*;LG*i_7xWp7
zSn{u9{b<(DU$ua3{K_ue(I0z~myd)}N<`oM5RGBK=Wg85r_kWJV~`YgmIhp$ZiO6P
z!Uy{^>svl^DRAt^qdd8$R~cl-^ndqv>5BiQv~4umbNf!w;RDKiLdi#|ufql=+5&AJ
z!R8{;DgGNd2rejDa5t4?s;=n|?LCd}IC2<cPe<Ldt#3lB>sp*7smF46q?TFZrgWPd
z*i5ta$2mMmeWFS}E)eIgXevxb+07kUid(LWOv=3$;SOh)pV|&})*no)hnDn-Gp<0^
z?umG#yQQ3Y>siP=Ifxc<e=IO_6YNq>0mWsn(eC=2%seDG45$A+gb(iRKcEydCmah}
zm2Iq-|4ONP%dy9vYSQt}(OAk^S{vwVbTSnb?El8Vrd(i3Xr3e{!-mu^v(u=;x2#l;
zjB-Q1T(#fLC&PEbJwxB-XRSMF+snJ0Om?5CWAWd3>+zjz`Kk10Ie>QE!|!H5$u4!_
zIw>&!P%$87_I2lN@-g6{GZEq!I~701pIVJ<%T&)C>*!;ypb;ICJN+^E#y6x8rJ{48
zvXz7!^pffOmJ(i{p=iuFc!ZN^Xlr}Bm$MW|@0gS^&@HaAb|FnWQ0Jyf?s~?y%hPnq
z3&Gw?&GdYD>f;20Pxjn=e8f6xIOPz!$R)<e5J*wNzXF%55I^j^4>ddt?O+M6z9T(g
z%@Flc_^QvVzgV%(+w_O+2ZmRgKM$QJSrgCw$z1K`iefg{>)Gj|2Um+3|E(WhE+lPB
zpI3c2tR~yG()xKMDdiQM^?B1E{fqh8@|M&<?VSaQxx*W22?|;~(Okx}w4vDWq6#$c
zoqK;iW(3AiZ)<fNsaMC+2C0$vRQ49HxAMvH18J0LKeH4Sl|pi4-ckz7t<J2Z=XJxL
z)4vzLlWtr5g>j3{xTsO<S_*gh;hvavrx+d(@0dc{v9Y%__%9Yi8SjL+?KymL#k~9&
zJ<@<e$+&R<s^CeckQ|m}#^j3jm$EFWxgUk>v$>*TYHiGs7OyH-i|W#HX<Bpk`iZ{!
zw6LGY4Nl3cjJV)E3`_RrY_}1J3hJ7Wnv`EFS%pkbF}Hn=l9}^6x*;lmi;op7T|swg
z^oq?xMf+e)LDS31LS)UW0$1br4*^t<wIsjhGKoFf^wRs!llJ+?ze6)m*%LMebU85Y
z<m8ctFS;oW)*H2|@L`g9e`u)KKKyZ)XzcedI-?;L)BiOv%jwUV;k>(F#vq2q(@EYM
zP}nNEv+^?FMBdBg3&B4?ZBd}oYzwU&1y@gi+-8{-MoyCsakrYo9X2%EzSi^cfW$o5
z(hs1$cC!|>Wm?-Ubb9om!+<!W?@g2xUOx(1>Iv&Q#UzOA0oqmb_yIX>lTC9IYHzQz
zzf)XT7UGuv_iC6+!Hs<Fuc{^Q=teVpC}tuuCVjf#z1RKI&RSnJ2-Ck!-z3;ieHSLp
zZ2o(9COro<At2Bg8r%0*W8rUxu3aG@I@Q3j2ID&1)}a9%3)sBB$@LC1$~dT7$iw~j
zaD?K0|HNPXekI>>J;<#gOe`bnT*&j%h0uP5V?8{QCn3?kof_hl{DgZ&A`=@`<PNr6
zFtnJt{Sj>n`CDf;5)fH>$UuX!43|C?^83-Q&Kb>o8XfVLX>9}OxFvte*`^Ck6InU{
z|2nt8{K{F`NmJE1>Ew>Z<XZD(&;U)obKC0Q{Llk_oC9grX^OBE`dty5_FPuK9Ah2c
zTcpeA26$(!U~b_@wLx=)aRZZ)8P6Z6UY{kc`<~|n3gb-Z2i&y8o3W-94D5sx<t$)E
z)~Rxh+28KR6-LGu{8|R(^hxG3%jF{ZAh#$>-j0<@C@Lp+_^Y+=&P)_!wDxp>$sCBX
zxch#nhX;j8#>=J@_w+9b%vWH!uAxvn{o2JAj->X84pHnVUoRIs&wLierULCjiKd_B
zvs+%Ynb74~x5@{KMsSj?kJqT1#^cyP^L307>y*knUbWYR&WZKx8~8r;t1*g?6Zw|;
zN>c48{q6CIHSV%IWz5%A_a*`$x|Ic1P($zaXopXUXE5yXSZ8~2Q;#|HjP`SH8hF!g
z$l`Q7w27U&e_JC}@#^H?uxO%2I}SAS4Y#xV7HhId4d~w)a~f%{csVR~7l89B1idj~
zhl4j@NPl9xsu&Th9agDd_s8p`?^6`AJ#M7o&9@2F*S>+bU&SR~C_WhpzNGn}Rm1%~
z<0qX&R(Igi)Y!YU_b6>&O2Z&U3Ljcct!Rd3MI#L4JjQV6aWh1s-dnmi@WmC>p&HNm
za@)^7a?l^(&MgQE;<2D*Ht1pZO!ChNDj(d&W+(u#j`ooWtNOt2sn_vn_KGpTccd}3
z*ez9L^I?&(!I<HJPsAKZ!qmEK%hS=q2KG?OM2_!_-eogwT)?QOMjjrl@LU$|eG|Gb
z;F1D#Zx}9@ps5TrG^r5u9c9Q#k8XZPkFCo|#-#Nn3-bBfVj}og1LR-Jd~ozQ@_RbY
zhXV=K0$tgFPeDEyLp)3K9QF$5EVoszG8Gp~(O%>g*Vt!F4`I6?ItS6E?fM^aa0S>I
z(yVITqvnVJ0*k=g=40lF++e^y*P+<_oqMmW=2z9Ex4{sfLXpk6OtW)Qw7Y&4kXXBm
zP-%zObqTg+nZ2lQJ#{T2G6H><oH2AA^MkvJk*Gb?bck4YpZMiT<Q;T0d-~>HnVzFa
zF8<LgI`JH<diq$%@vyK8FRbqVL<2m!HY#AaGWzLQF(orVikEl2Rl@7VEn+k@hQ-C`
zLnYbU9m&URY@sKKpGZp>{zk@uboUXf?ets?O?HEeySa=F`mzxwTmU@Kqm@Bwr)B~R
zmj^&f_GrjYoB|NHF*I_#t3HxbBg*gwmfr~%z1tUnxLt4`mgxAtF9srnk$dAL5C&Uq
zfIuIzy??_xte(B&vqn82J+%+8j@wXNOxuaR2SQ4(2JfnEQqItGgfb$zy{OR{TGj(n
z8W>DdODzIkz<gn_lfd7wRire;ZR)8<rfqEi^aB+ab1?V?-e<JZ5Z_Db#O>+}>tIu&
zQP4R?zAdsH9qJd~dgwn2xxP5ZAD#jYST_R&+TeNdcW(8|2>kj6puh|wU>adWrrB>b
z972BQ7FP!}okqkbx|nK&!Ht2>l)iuO+%Q{!0@H}hoHKBj{`1j_jL3>i)pk%F^eKqz
z6x`K^@Ol5l@~ko#^%UH`b6`Hiw+gy%g$EIyfwS$N{8BUjr|aGX)E{Isgsn-D-(ApI
zBDv+BK`|!YsHf(8kZVnGyC;$4Rgj|tl05eeY{Bs)LVE`0Z36lkFaLKE(|8Hg`^@wo
zNZeN(<?bT;nF;aC<ktodqBsLnJTqlKGd*`d{>L;|x8%_h4ewA}0^!d5CyAo)#Z${2
z^uh1sKhX2=u+G4!jc{rkTjYl9(>?3|X_9@u4{3Ek+W$cJ;?JP_Imor!^fRdCnTh%g
zEZGR}m>WZMCEr~T|DUFUXH6Q<n%@17CZc4Z`X@m8lM332d|{y)F1}+0j(PCwHr;o|
zFAcWfi8v|NXFU<A_$Lb5>L&`v(g)9ecsBoyJ>=sf5fhjjK;C!?8PkZTt@sJbznaPr
z#yWYQM!5D<)2#37`C>PnwY87i@g2y`J7n0&>-8rvWR>N!eSBf@Ud3mi<8ZEU^R?sL
z<M9u%7$3TdpFVV5GCL=d?2|f+gf!QWDdo}vn-^UG!GMt1cK%n$N)Cq1KSaR=1)i?5
zO}BK4fIKQElc(?2_PaQQF0uMP(Xo~;th_=iS09}NASV6ogb#4$+NY1kX4dPT&dLl`
z(j+-BHUrV8HhR$XzgvJ8{t3&%U%?wdiVUK0F{se#2a=Ql&c~90V6MHF9J&P*Wed8%
zhf5q;9N@zuOHc(D%jnWWduT+*>`#3#Zs7j#=&|9aGZdM2rspYE2>fP_Omy&*o!Wk5
z<wLyU-nr$9Y5!Og*_*4`<LF$tAQ$>k55#<>fv`1*eNXtQVGz#Hi+W25E%2>s2V}^^
zm{cMH@T=dgvNYTnWca+Dzo^H0Qeqadw<z!<<YN>$xI1`=FtQH^05wfI1G2=-H*Rh*
zjS&)yL2H*OgMq1MJn}R`2nHRRO#ej1;;5;{eclv1;9Vo@dBk8_i($?EVIXd5p|-?3
zihLgK$y4{F6RC5Ao5=;_Ocx%Q`ke=5)i~6_>WL$S3;H;xo1|$89Vu*LN6;i1-2XAT
zs4wO@xM8t>v1*@~=x9%~9+(QsZQt1G)nf_n8qR1bslJE0X2tuVJsENy_8b@$br2&R
z^<e1apd}X1E+tDqI8u@pQuI7co=dgw8jc+cB-C{KB)ip}R@=oZAB-DNTwHxXM0#T2
zngk?S(yn>La<bVjTMqrZHDr~`PjbEKlCj4yADV(SSB=+u-I?jbFfUX09q_H#Vk?i{
z#pPba1HSmi1nHym!$$^Jtz#XpQ)+Z%H6u?<LV^*+Z8Z^BNn0WGs>m2QbDbRL-Sot|
z05lnwV!tBmvJWC7;Ap8XtmwC<4xeK9<AVZO`^s(0wIPy<yyg;w4KI4YfGjD<>I9ko
z?Thb>85XaR2Z<1*qbP!c;-cW^Y7v(wJQnrd`SFo3_QEvJ&?&qMdplB0Qv9;oQ^q;#
zESVhlUEN+vNl|fBS752)b!aGlu7MYWx!C3D=Z*#oxz6G1+&;Ie!frA;0;!roCjDPn
zvG@GH{!QhDIVt8J$w(B!Cx;9^l5SC$*r!vACoY!Wgp%JPTvUbnhmR_Y_n1S=64=e2
zAIuQaSCkq41_M_DB<`kIs62KRFL46c-n#;bx|Z|H3=)2(3k{Mmg_NT(ZMw?2^jX6F
z^*31@3W$>yL-q>QS}~YSq-2lWB>EPUS=SX#WQ%KQ6xCAW`bp)kkD^d0Cv%^!sm!ZO
zS;+`RzkR?}$hfaa)d!B(1Zxr>O$W51xGEMZ7Oj{^r}H2uN}I9<{!B0Wr^w2=g##Ta
z5*-MA-=vx^HYNX|1w%pj`sVk)5ip6lM||}g>Uw^VhzoouhV9D`T*Pv%v>IHeuy=zq
zdg!)WV{-1Pt-}8iij(QHhFwW2ZAUs)HIF(9)*IR*-Sl&3QquI4605i}J3`job8V{Y
zE%&JyI|Kw&mXKlzss7`C)0D7+^BEO8--2F`O;_;{kMIO4r;eVf#1wx+89~d#zH>Mt
zIyquuE?P>atGY5v9;}tf8X-sa&x<v6tn{V;SpDZ-Wm07>BJLh>j{t#Lq*#KAx)#lX
z&Tf~2s{bf03()zqz4Fm|k$=Rq>sNhXexUe3QRG)qiBL}l6ErlHU1jnN*ENlu>=1>a
zxHEu&9Cb~=0S?5S5vyzDtG%hmR=kJ6_k=#>Xlkpy=FRzq16QjR*+Q4acwEsYBdiKc
zgmyKrLNctyFED?k)Mg)FOhE%6WJTUo=6na}I~-QK2}Jmf{tShH;0V}=KryCd8AMZm
zZ_Joy@I!>HT&F({)TH~0{96?6Hksz&cH74iyt(mADw1!kZCqr`mi)lBw|~A$-Cl2V
zMc}WcW;M}IVeoY~w78oaxpe131E-i!Y<voDJtDb=WF}~B4fsQpeuL?QkgrQm^S2Iv
zpRT<CjCJ)GW~Rm!s0q~F1VZtol!p&*3%(G%|JjfJZjlML7yP!n`}%r^%aags3?aAY
zWRV$J)gSsezX9<W*{A=-xfmYL0wk?%Wg$0z<9io*%5nt-&G8~qL4vnWgAj6qUl7*9
zM2TVJmk4`GC5_|_>(@Nz^t>4BZ`K7MlP3*7(UZDHM0=MKZMA@^q&?StA3Tq(csBxZ
zc<{Fa1P%R_;6;0npn>T<h8=MoGwfh?FyURRq>qU`Q!qvrf*OZ3l5UkJWd|Y?!iR_j
zNzSx*!3YD63oRsvHe`k#Pix`_tWD@-qI&4C-;Pk}P4BnSy&t2r2wI{YSE^m0Ogxs>
zDTjtH0|%&!#pue=w(=z@FO07ec?PD>-Ge&)QK5#ykp-N%kOUSB2q&vnXzlQRvTw{g
zB|y*5WKhyM$ydVrgF)-gk2HyYJC5~i?C5ytcI^1R&5_qNZB-MpUSkax&%Pp4Y5eo3
zWFK6JZ}BhNBe)VmeOo&wA_<6`c6%<U|D68F<%UA7$(?Ml24f_>Z$XhOKUPfY9r~fF
z!}IQNtNygC+o0vnj{-tva4Mw-p{lkP=K)o@ql+X<nFYU}XiyFwG6F6P*#AzL+ok)(
z0rD?(#cj02D`gYIxUA0uohpmvK$8+PkPXlzur!4{gHyE!DsKw9Wv5$20J{uDtv?63
zh+#*<6tr(F4dTdeVMhXFQ$s96sQM%8$E(jklF~ae+3ERGo%EP4iCi8Flj6TPr_eeK
z3yEu?JcgYMvqqDM^*;9-In8%VI0)^v>w_VCZ*(ijEd&@4Jj8&~XE4~v2W>xU7k!B>
zXKRH1q}?rP2I(^7G+m@JFFc`4I6p#xvTyP{NNK1952Yy?1`lCmGyZy(%Y7~`y(7zU
zW$A0TLo_cyttHjy@&0(?A9eV_`wycDzaa0Q@Gb^>og#v_NDA(TCsXkk>kd!5WkwgJ
zN#dvcFZp7AXsNJ}6>XjHOYfwRBu=$zyD2fL*)Ke&N!n{Ze8xUJm?}6eC)|4~N|^xq
zsMDlVF>N6ZZd;LJ;u?@Q&%4dix;4|dExn7E*QpA{zZxIL9pekOMao4PEdq~)aFp`3
zv1atM2waZvTn@%-)}w@J>>D<z!zEml-FiDFn7=5H(5Y{pDZdL357IG3z%{lojmicn
z4m?AqKeUvI|6qR*8r%8u7n{!rWGjr(@^_YY1OC3;yG2a#QauLn&XFY8)xXaEycY1i
zycetpTDR(PD=0ne0N~vetRBC-$+)|cAF)=LrpxZ{2zSW{;7Ha#EKiPu0{HT5fkhMW
zsPyW26*~pMDjV+Zh=m+san<875BEaGNx}<~LX?>h-~3MAb1>egK7HACJER>~BY8u<
z_Sb#Pie<hh`b=l%P%p!icXCSsGsS2bX~r&UcDx9_X4)0RyHnAoNVNpoaQ+m6mJ*>r
z-^%dfktwNpEQ#{%)?Xi2j$lG!5i)=Dn}$-9g}*)OYE`-`7cHi4Uc~dBHJQbX3oR>1
z<lYixJxLS1(e>(grQiFvgpt@5`W2>~zajzu*ddnZ^7Ob)!%fqkUJfRCl*|))@DQDO
zV{n~)yEOp4yPa?#r%6#@|8kPs0aEy)T1obM@<80@euVM!xf_!k>YFF=JK~VHwZRHS
zg^}GzAQN519qB-1zPDuhuo@!lK&F%6rhvs7+U&0<2~>s3b(1@r1t@oJ=NNV#R!$<q
z{7eT8Z<BoAG&#a-`8#3Sz_D@-S;-NVVFuIsZ<j4j+?y9$wtP^vHvU2xrr@`JVbRPS
z1_RgS1KTGxr%9mi2K*WLu4u4=Ve?7Xr#)!L(f^Xq&dBwF6A4ie4Uv4%RnceggSDj{
z;W#qMpcCtLMn8kZPHiZo{PH<@4_E_nr8v$r45li7L$~{5=gWqX0yOU&1tx@Lb!p%o
zAPMw@%9*`<Ul(lOxt(3_58o?*+#m1Z*#ey~Ven{><Q!}qVi1J0Evq3;H`<s6krBB9
zu~<ETZ6Q#w+%8am7YIqPw}O<6Z(oAOMUhT&h+%VPkpfhN-~VEc5-^gGQeiO7ggs!+
zGX`}RxcC-19yg4vgSP(_h4Fm723e0Fq2tTL8YoB!49FW6+Eniwts&&O62gFV9Ql4=
z2YCGjX_^S*F@qE;eL*J2^&{WABm77o0KkXsL$*!e|49pof`G(EkaVeg!2TTwNGT0z
z8u=e;+^{p$p9Ue4e+^>zk4ix4|5NP-e1m|V(vT0<58$%r@%4`&-!mW+4J1htDNJ9-
zB2C90z?Qo}nC;b;P7ksfCNjie%9jcO1wBKaZ$q6w%#H2}RP_akpZq_PEIpuL-bp0E
zTjUOpJwO}-R(l8HqdPj3PeQII!=|Xmk)hP7$O%P6cJluSicLepg$a;PTn9k>|Hejv
zZ@NWz-yijA979XSGZ6IgiLP$f@l-Lm==F7BZIDdanO>~tqk<dqVPB<dFlEn4aPK5*
zFsl(UNa;`W<^K4ie!~6}GO2BfMS#?rP_4)|X5f^EPBL{BDR;DNWyET9qfe!1o%{{{
z)gEvz@3bOvo7@b@pLyv1L8Ja4^}MGeblJ9@A>ug3ldMy?$nj}|$LuK=agXeNy3*Xv
zSacXOm(d8|)exKH@fx$t78JrF!S`;{p4`mhEi!j`Fi;B!z~oSZeIAd6bw`^{W{iz_
zS&ao%?BP>ri%o)>gU{H_%=*W0t;a;*DcQAld+L09NZs+o?=-l(ZM3lVU(poDv2I$B
zDmX&p_K9W#_@PanYsz9zsD8&_TxTcyUVEIH+v1GH>3ph0e23bmD3T#SDOAllnEJk`
zl3)UD%oFpRw}LB{&r9|W(@*BFdtOA+fzK&@-5WA74mFjWi0rU&3d`#ad^XPY>Z_04
zufej=K;gd-pMH#b=<Kcebl#(;&Xf7S3Zz;+ax+5r!9{D)G8HxgH=hP`d<IIWd+gh5
zfLP(&(=H4AkAt3Ep>A5n9Kw8$ht);^5$}C-!y33*yKEVdq!dsnp;D8#Fmy4Sv@3S?
zQk2zk)#W%u5XzoG7jxm(A!QPaK;KRy2>q13>@RR0NN|cjp-eVej6t;M>P_fX!Yik#
z+-9wvARGMq&w1zkn`^nk-WIVkqBEcOaH*(QM9#leXO;x-Mdqy?$0^toW~bR#rv-()
zdHO&*v)KWXfZftL@0)o&IK$4b?$i9C`1`AC<Gy^E!75PrBH+h@rp>L9>!k*Z+m80&
zJ6ZBXleCo)^UGeFNJ{T}-neC@^&H8Jt>UDBN!nLqzU$xT+Qe%~sFSI+q9{h@-Li(I
zaOh?HC+Z)=G1~%u`jWIt_-p^UOiCu4D*hT#zDpc&KoE5>NfN_iiaP}Y#NkfO-hB-}
zu)>_m4nircwaX_B#T<?;uRgQc4A{4fu$S!H5w-O9hCZY|?euxwtMtx&?Y*u+z5ES_
z$M=<%9t=P)gVzK3FC_(2H`~y+s66{F<39P*<&#j*9jNqP_nSl<7*TCL%w0S?s@CrZ
zqYompzJ}ZLN3u|D9r^TK9v&X-Loe|p*!(N$=>7K*FE1tYf!a4Z9&RT7g>KSR{xvq2
zFeqA2=?9sL+t7eu|Hnd7N#rGwqz+M`@y+E2OA+pt#96)*#_T2(#t9Y(;Zh@rC^$Qv
zY?&1*J%DwD8+8&K;7Wq3x0kVI_f_C2$hVNois-!25dVZ%#%p;#svRwCs>cg+6E`J7
z)=p{DY?<mC${koM7IN~~I6^4$<kV~6(&JCT`|h&vm1Bp_X9dDUa5$Z1W+nXX)W>q~
z4;rm3RA^<iL+lSr>z59{-R%Ikzhg1iLN1SJPXfsuW5R>3Z9M)3OBNKmSxAd8Pq=YF
z-BtuH)G>YcUFM1cD60H_@=d!`s@R2MMSTX$yo>aj&8U^lGFmLn953}yE@~SR45a+K
zsmnLLNK+?_;ng>rtd2;#WPI?)SPujHk*xHM*^p0dcm1>^T@b<W%#9%FOJCZpB`fq+
zJbq4r{d1{`85;R9YfcxL%$ixfRlD%>F?-jZ&ISe~yh5%n_LeUu^&L1}8dWNo<9vm=
zfP}>rL!rj}HF|*_FTN9v2A8y}xFpN-u$x5$gr#2(o)WG{D!ll2|4Wsq<c94bR+wH^
zH!i%s!FnWAEBCW-Thf!_j_?(_D*reD-&#8CtDVw4?P2?CEpn!Eu|cX%@F9&*xuvUT
z52}OlQtYoCrGUEWA=5a|-O3-jcb2?L<Nznx9(1G{Iy=!<IRa<P<zt1+%C#@1Vt&5_
z3@sEcrNt5-n3u6}^r;SM-ll8X-x{UAdbpY+HtyI}LcVKau_NTiMNogM<dg~3R})pW
zO^qf-O;y*lE`0j-Y+6m}uH;hx0MBQbORsHU!m}}0{PlP#<g=_yh$eJXcX*LRPENJb
zcMF^)>ZAL1nAaT{U+BHsUS|?4<MOW<SJnqkb%lYJv)E$*H|}c?qlE*vvL6|ErEa?z
zkT0(a3{zQcLW+b}LIYX|sh<W+3*h*=at|~QW|bfLrJb5)@C9eiaoc!yRzk@go;Yez
zU1U~s;E}6G8QuNM08i!a-Y*e|mxt)XCN&9)n|y4Zqv{T9Jv#9Akr0zZmhztRV|<1!
z@dmdaF^_4J-Hq5xGDL)Q3>i@FQOv-bXi19i@&o!uL@%sSEcT0!_>|MRjEvX2hDo`~
zKerbBd7J!Xn)s>?C-GxD8Nv;3F%HE)bL>P0Q~Jn_v}*Y4%p1vMSEwVDHCZXr)q0OQ
zrV>KI?^O{PEH2B<WFKRvwxfP2k7-S{(+D-kMRHt$#Gc=*h-$i`RAA*0*go!&#}ACG
zH17hQ{P_EEAYxuN-6(H)q?lI$|9#tqiCs&jnCUbS_P)8o9>z?3ptfpO%{rle)=)hy
zU$FA|0Hx?6xZu|#$YFK$M|iDQke7JNy||lO)(Tx>gDOU@%6j|Krb_ZU0G(QBU)uI}
z5$3J>$|HrZUeWcED7(C-!*CSt!Rp|*CZkfh4~oi!Qwdcv!D~bYKwiHpnHOELPRBA?
z<zRU$1|JspG=ZPLt?%soF3Zq@qkUdOXBjTnX#m}pAoT8AKayatZWJipw_w!EEn)de
za-b106d@(h4fngG=<$<|tlf7Cs};US-;^I(s#8NNq71+I3%xv(xWwHw_NM5~4!<-V
z+O)n&kmO^Kt6hPgL2tO^LK1%>{_Xsm3V#&KeS9!okRe7i(6_(klmTj%3;h;-fETT5
zggq-CJ6c=7?W|sNVHq)RI-?SAIoN*QyI6<^?IJ%Q_zy@S+4JCmJsu>a1A2$-Hh%})
zLM;K!o1?(tCqGGcd9n&T9>%v|P*^P@`%(teoW0L)D845aR%T~!g7EYThQ`2OK^MTi
zP_XbWP^9n;a5Qzw93dqoja+?Fg94tVsqF&A_+Vw1_E*{4MWg2Wg_OWiJqFIz9mR_8
zfqFqEW&4#uB)3>WzL9_2n*x5@zuZW$7ql>`B?u8w5;E!5SWLh7yv+T=n{6QhK*U};
zI}kZko~y>*gxGPxqU=T+@D5pdXOm(Fu=a>9Nnk!?uusSc*urn=n2}ybc74Me3wqPm
z`!Vw7fKDgL9pNcgSyy>@<wLjo<z&wwix?tEV;u@Q^@TBb?||}Bf#}r8zZyHhuvAc1
zDv$;MtagR52q8ZWg^tq3KSr*a^CEcKX_4+{P=l%c9l+#}Oz9l-;1U8H8g@I_L7rw$
zfm~sYn(NROUkQYo&rZ?cFp!NJc_EREl$J)kmJX$}cyLy?f!W9?{`j-+AhAtY<V>L|
z{QbjwG@a|h_ZN>BUfUsr^Jj8wZgTeo>fUakJ-zR6yJKgNk8MY|DT_WATi<Yk=wrMF
zaGPW~jiz9PI-%#^q7!TFmFPdJJQAbs_|`|A{N`8UEkXq?LKa>b2&<LE`JyJS8nfAo
z!O+gZF-?ghP5e(G%97m(8>pNP*yHL^2eRmKTb_5lJ&s%lDIhfMuRxf4pdIvEmN}8<
z3qZ|y9wg|A>8hyLppj}1<R9_)b?c<{aV`h4wR(TXQxE*f_k^|8k<@=LuqR8?cd?h+
zYI)eUWig3wecfwXyL_SjuvwQ&DGmLSMJQc334LR=DF#?=2*wVrLUzE8&+1Lw&vw=j
z4{;v7wKdikKp3mm1W)ibOlHy_>rtcEU&-y<wR6hk73~EuaM>T}gPnX2uc+Ty-#vIh
zO55z{)$HxW-djn57Fy{QAACe*^zz&=HU_`l=YPBJ{B{pJ?C1vl^oK9!ynD%qGQ(!Z
zo|A2>xJTG!Y_*{nc##V}VH%fAhH9YIe~TB1?*Eswn-wczR8f2BK5>+{J&-;470dMg
zcE!-ed|doqDB<46-?}7xd{KR2blQ$l;PT*aEaQqGfPo_2(L}kg6dSPT%*>!rp_;+I
zOJ!e!`y^j@t$5^1(oytD1BI17XIT`iM5Mowk%T4oUee|DGJsl4VffShl?=C<tjGr)
zxcHCujn<;jEN69#rz65tJBE=c;t>GlsO1QwT}yjV>EcJihsnGBI+*Wg+yF7xV?nTg
zfdj$jv2(iGY%8g0rx1@w{nbs)n1Eq`e)-iT#9tTOcbsVYCtGPx?4d-EO5ig^k2x%W
z0Hz)Zy56i+!6T)3b<9$p7~V%8NRzEa%;8qwwQa>7&75dZr&&C|oq0+;Zcwk}(BUr>
zG_b#@kViP^B+XyAo&4p_spQNpvDuu$#XO}MOyme^jhC|PVF;L2{o1(67cKQ^lP^;$
z;qu!Mo!1La5~-BAr%1U>?@}Di7(P_ZEI!oKLCSC?!S|b^e9ukbxuy2$5JlT-kQN4L
z`Qun`iKTRpW_?v@%-1crJ}4xQgSEaukY9qlpx}Vhi&vi<PU~484QWD5h(k=MLQKd)
zOlU()NJ8)w0V3}KP9>?UC8<6$N@9<c>ZTyZ-1blvK_7U!1OF{k#msQiVJX|=H@c9&
zang2*0InG&zQ=DQA%7F4_mu#+C8=H|sn;c`(J*2>)Zh{r2H#cf*Dfm(RhAr`Hr;xa
z%MYL*ORP@TEZB-?^Y2%T=PSBM*q+BuG8KBvnL1~+q0V=4#CJi(cVQIxKodRnuQmuO
zkv%-Jsyu-@ai`qtK#F&#`=EZ8M$T}hKu7kORTCX9AV5my`HSVmFZ1>!Gq9IL`wz#W
zL-p^x)ohz}i!>ic|A;(#P$=E8!kuo`M9iMm4-X4uRjpEhfrY}^*a9K-%J`n?=*M(F
z$6F_{5l!>ncfOfESDK4c28@6SVy#Eg;oX->!sCrH%KV!~?u?d9VG#q-<*gp4)&7n~
zf!gFA1!l_<xnPyhho91wAr$fesoSgS_WTDg!T1eNq82pv?Q_C}S&HMRA0uqE-Ueuo
zqvB}yKPpsfO}vEKPxRYSz-0ct_BixcGo=%}2NJ|ao^H7*9UkJ}VkFa?M#`ODZ8ko9
zytTTHq3rUn67bh#KLSO*!Y9U97GTv1nu*x&);jddV-T<PyPugnnSASPmKkI?jiGS{
zXs(kGqBAT~zCx;&#cP*VLOZl`vggTDCTq!Mu5cqs^e8O4xOl@-b>r~TLjW^K4y&Pu
zGVw`5U@4V7k(nVb&59*O16Lt_S$uFejW*gl>w;aJZ!dprn1=r=iu@-+w_(na8gAc#
zGd2Ioe`P8@{NTA%y(EL4fBPn3^lLQLzgDofF<j3vo;tP#Lx2N23uSE%?w3Q^4!3@v
z)4A@Z#afq!e`@~(aYK(rYj{=%peKpYG9ijvpZSz?$xSu`2#P`M0^_j8xKZ$@$H8^L
zsX4g-k9o!Q)$F^8&cCmJ<xnKMKqu_puW15%oclHTDO2EpOE?1;tj&UGI2yUkq4^r2
z^1Wsg$*qot1kY{v1G!^?Cr@~YP#VP8y%;Qms-|5W4x7gm^C4ZKvrh=eX0y8c_Ai$E
z6<X=|G$s|giQ8a}h=q}^Z6?TaWR1~HN`Uw)XUA8!sx+BSPg6tT6f+9_Ye=wT!D*WK
zz~)NsVMO^4$pEX(0D)tt$sQ-WpCb|zyp-i)6Z$p+d5Q1r(~vKI59XNiWQg)zPY`J<
zb3|*i`l@hoAAM63x5$)6DG^vKpWtqOy2I_hu1|02I~>_ygNDj!n9M4%8g208NpBoh
z-I}msdVXKzBggXEAchg9Tc-wvd`YcT*^B0)2-xt%9DZ&3E$UGZ?O2#;k$U)LnOa4R
z&f~w9(QD)L^dEsJ*a(*5zuQiv!T0_B-%4648WdUKO?AuMP_sy1oIDmB>A%lmZiw9s
zc774Dcc$zsiLO>Jnsh1^wS0GM^2fsF@?9hK1YdnU4et^g%_pz%z}zI{Zlw8UK$J=k
z%eUvMoai9KI;D7FDXik5V%`@R2^J|${igFdzCAuXpG=i|IBMj`-$*59GX$l$p43*f
z^YW_}wvPgg7zG78?8QB`C=@-6d<ZEFK*oxGK>Bd9H1y(>&b-~`dIccs{?r@0n3lw5
zMN&KkN|slR<#ALhq`CR+9Cq|vbh)iDa_`>eKJSIpG!qMkA;aJ*X*13^N9LT+6$WJa
zTbs%Q3vyCbw9sa<m>{ibwqT^#kcBGBf~A42LX~PUJkdH`j6++5;b$oM!W5C}vloF@
zd$wukEz*z(kUv(Sy*F`T{b+OJPl_h(McjL+z_ZY8$JZK@lg(RnwJm%oRkvoMe1d{g
z#vj|l)EgoW%e(2$ci{ak%VkpMcHJCXeF40J3<LTP<?sH&@BX^O;lbUUif)8&A6+iT
zs7iyd)w<t^<0j*41g=})5{!RoHi{PEuv|F6*6hZz9dfypR5HB7WRI3u!VvDulNe}t
z?1fe4*E$H*XDn9`xc!+?rQ)jINU5vqT-yU%6BpJreQU-+h}0)nb0eAkcsh6(p^G~u
zqrbgvfo%SSa}8mGZHsZsrFX45VZ1PS5~-Y553^8$z#T4A_uId{8kgqsHn#t?bSbe6
zmmtQyK=NbiFpAy_p^{oRQQ1qGB$t5uDaK)yybSK`OT68F2}+{BFw{m@uRC#4Q|v*}
zO+h8$qz{)RE*Wj+RMiEVN<BD(3%Ztkrj&rNz0q>zl_bf}==Hzp>Hl``yQjqI#NG$|
zsAEHYttf}d@e7^3>Y4*;`&Y~7p97XQ{HOe)`ArIa(_K`$_feSkA~6IUWi}oCF+&)1
zZ;TrGC$5g@fKk;J^gWh0G9pk@aa&Q`yvm5j*|b9b@k_2{XoFxr%^$7>RHtNp<`f;V
zX}WM+2Wqi45hfML=au2MdpJrXxWgT9(BqMsc<Yf(5l$Q}rven{eJ#87`ltB&OV%aZ
zN45qtbmM|;G>h#&wX}rlslS|z2l1cYS9+GeWNPr_5qxjcO%Oj>*rt?|V9nL6;h{25
z4BR*QAcn8DS~3^P&)bndA&J*Df1uZohIVUv{AM_C2at{vrG^(H^TNv~*K1e3`rUUY
zh9-7BdKscYT<N|zha=ZUjGh8?x!#Vq@~3~+-;N^G3sJqJ2)XmAOqx5{XfV4zt~p0*
z-3>dBj&n?BB977=^Ym6WjT~<KoH+@<%YNC#4XBx@yks=$DrXu9{4FDEf+Lk6|2oy`
zSB@@H)1@1Z;h6JQ=`P|QmMTpKyigg?YWu3hK%x6IO6<)$xm(R}8|Cq}w|1+R7*ah<
z(X6+_1^&NW_efU3A3E3W{^-;hu#@nftyoB~$5l$F2fjUIh|cyYP5nU-s8gD{^rUe6
zr7AX3+7r3=0kCye%_|#3_5T2TK!d;CwYMTk+uqUM(f0OU3hiB>Z?6X1tIO=By^Xr|
z{;p~7Ic)E<%T#@dr7p~6DSD5QmLyRsSq+7WnIU;GCzgOgb8sm5Urj)S+JT_+Q-RG2
zzMYB8iaTR;vcVA?ndHbmBKTYhDB9<nEl>igf&6_H#sh$CBl^V!lSZjzrAO1`hugsd
z4cwfDKFevDn?$J!6CHZ1TEjr+-bd4*(;t9S6^%7<T}VA86#UmlfGJ3)OV(~rWOoGm
zM<Foo9tKDDQNi~kck&;OMYnQLvJjLk;td>>4EaDCfs%osq;gOy<)+G3Z5*h9@Q@hA
zLl)uTKmx-<?@<~&+|GL*fhBd7h*29L1u?@rwa5>%PA$|QC~2T{$^K}U>RGYir!7?I
z63>f^#)`aLJsTGM`O$Jm(O3uhfXjg+Y#OUWdG`Q?1h1cficla!3{E!72Wn`iAfJ`o
z8!0(Q{=A0eS%e9E5P0WZpry>n!f1giFRB<uvATlxC9-!3e%j9sATlwU0DtMpf60ja
zV&=by8jkQH3H}Xv8g@_&!n&sywEG3ZGa;o{M{L{*o{uX3Zr9lRn%`HleUHfd*&Pw0
zJHSXz+KjI80GG0`o#%CDlyHF2fm)uWC~7(Iks4*0Mn2;EUn1{pDk)%teQHq#Yvrxz
zy{0B*n1RQ4=wf7ckUH2Q-?_OptbEG#NvOXP>w9MF>Xz}k*I?bZwfi03Yvxe>i*@zy
z>0t3UBji5##k2^#n&68su|LiGv-)=>57}hfb#w&%`s#rO`OP5|ne$hC{u_IK8lRsX
zLQy*Pcj7sdfKUDLpXvBds(kB@&0%>~V{;gU9Ok0Lr6r%W9qAj^yW9t#Fun|`x%`c|
zDRoT#;X8ccJ5*oM%O3Z8xQ0H4m-^MvRDB6+uYL{2zRdcunOeF1^+ZGcV&z_*Ex0HA
z1Jy8^=5JrMhM{BzFX>HE0H01{?btIL6*L7=6#qUNFU9$92>EaRu<qnT4=w+_s7I9l
zo|6vz_r^<g{Cp#}m)c!>O*($QHA!RtUV`?ozC9V+3k~h2y*wR!eocFiV0&*3>ry@x
zpnTBpzvRWr2h|~1@PCvTVL}%ajlDp_q~=ihpQGg$7LC1-mFIvC-cm^AcTst6YT%|k
zjl-{WbDrSONQ@CZ19~u)`|K4OmRpXD8Pua3+Gj48{}77h_fgT)(b!q^RLdzLjp(^8
zAy)LDgRkH}9O3_SK=gn)zA%ZB<jTDnFg+dF@Z;?XjQ?MOC3Wi=Bo-0^B3Wsw<Z(Af
zC66g01Q)K?NuC<&`A<=ymqkKv9~XMXBeg=WmW!S%X}^hgEs}J{uG1s(r}-$8KiGA8
zMCc_(yH>q&wemJ!q#0Pih5uP2H8U`e_k0!I4^YZ_&Y=wjQk8knIr1Xba}G%=-tz`o
zDvk84`qc{lJzTa0EK{YiQ+cuKMl1NYMvC*LvH6V0{Bb`^id!8jVDfDy6K;LvW1E<8
z0}^=@gxiB4-0mXb1wu}&8hf8kx;>#vu81sK#ecCxeyQpt0r&7<@-*`9x&)GU1u^n2
zIU?_tx5t%t*LETAhQ`RdmF@a>e@BG!W8`0!(%cr6Z?$-(tKFb1ZKLQwkZ&{E^z!cV
z=sTm|1B`mr_AJWf8hI-6^7Kf#s4UZz=kW5BNO_JT>*Vdg7<rrCp@}anG?F|mkCmrW
zxXims9<UK)p4h?TQ*&7T#j*9X>AExw-}|u|>i<@)Z|b7{ZzA>I#rl2K`V9t@zvFau
zjgh(mtb3@vv;3vI2a7fDS^D?-cVpx+)|c<jB6)o7KSA!Ee<8`>)A9LC_S^%Xli73g
zDtK<aU|lpV^BE{N2f#l}H7u@WLO5N1oIjc5`L(KGexQ~K=I3^y_zj~h4$H0`8Yykr
zp^?&;?_g4TIxhN);iWz|(r=%Lh^_w{g78GWLb?G40#~v!<v}KU@e%E~`f5}r`eC|l
zrz)~#0YH(@IiRW%%FV1qzGD}Y{?q@CE>~0+Kg0|9>Ys^<_jBM~xr2QZ`PH5oR{C_3
z_YEjd=a{>Zr^PyXdPRFeM4tZE1oHHE7yV*+ntB|0YC4WQ&FDg&Vt`)v@^t+0Zsh4X
zYrB@GZyby#PuHyJR-R%&UN`dey-T~2r+B$bSMt<+FrGXezD6fcG1RUbd1|?|OL=<M
zny%&PKM%x{r~iIeCr=x?m#3A(x{{}Vez$9RI^sY)d7AyMPM%u2m!~;h%2VqPUCGl|
z%KyJS{hupOGg^ioN1j%PwDQ!z>USegpABi{X-#wd`cZj$M@TDAS7QAx<>{!<DV3*#
zGD)6(@>h_Ro6jM+S%%LQ?D-vhewRJ}6Q5r_r)zm?`AC(gSAL|*(_tT}^7O)wm^_`Z
zO(Rd+w`k;P!xoJ^-MvL4PrummtH{&!UxGaS@P|(Fbig(yPldmnDtWpM<*Di1?)F1_
zYUSzoN2Bs|dm6~o)6dh{yLH%J&7f}DE7Z03w5Gi$u)VT#b?vRe_6oae&!Us}c1?R%
zV|(|XtIB(R4(*aQM=ptB+xU;|!`*0&-1nK$RWLJT3%qS+uAM+dw!mv<^y!mp>%v4i
zDL5m!VN9l)WpGGkf)Bk4g%bO;BAa;-o=5wa&;gCxd~TJ^e4fFHx63%C&Bz)CxumA|
z*jdE^tF%)NI$224tcx)@O{H&#XArxea<7xphJ<tS#q3Ht2($_IhRj-9(IGr~Sw)bm
zjusDyk8N0Eh+NGPIrT;VyrR3!=OQfU0W9Yml>5RFK17ZiazJ27_2>YGJb@o;!OVJV
zF2Ygy(xHCoMFz&GYN?Xa9~bI_mumOxSJV8T)6IOX*3bW8&HSH@^Zy&&{I8<<@2<T%
zU3+#-dskz7_v_nRN&ElZwYO16Pe%_$+uM5<?*HrCBY%myfz+NIb00x-L&U&MfWgt_
z@m(ffVoh3wr$cyaJ@>ECo_7=<r#=0V$4%X}N9P@u<H4uf(n{#AJv#4bNb9~m{gKDN
ze(I(@+P_<Qoc8ovc)#ziJ=(v^IZk`}Exa?jYme*=!*SZvn;hj0-LyyicJ+Yc%!iJo
zALy<<;<x$7X;05`FYK;8;<u^CX;05`YY%qQ9`S?F+1<CNX9<hDYmfNBoa3~oX9<^e
z*B<c$({b9<vxM&s#A^@l13XOrgSj^gB?-`aFehBtvOrjJ3Hi)y7KPFpXYh9*(rcYV
zs=)}z{&LYUrMHpCA2___#tFe;XS15Q2B?F_z}a6eJd4!kxu-dXeCEpjeC`*bx6D}o
zIX2}8J`#3iZxnocNUnX78FCG&RO2IslKzIG{)y<o;mnpj2c5yBM7);%S_ZGZC=L2?
zfiaV3%nbQ9EnLXQ0pA&|MUxCh{8G%`=-KZumf^<^?>^&$8(scd_bA}^?EAjgx`H|E
z`zyQq-W5zr5WNTCd!9)(;y3A%YU;no`{tx=^)I-x%g_n-C`=5hgPEHES&r%r_^b>f
zPt$FrJ!0jO7=PQz4(X6k`V-mo=zZgqK0-&G3};}bnW6z_Ii&rf^cmfwRSSr6&G^J+
zER)A#vb8{evjbh9t3l`w+3OgxQ=CyN`fEJ{ZN>(xlw^)X`9#l;qyzG{j%0%sq_k~_
zT>k~fyK4q|@Tk2&`@2CU9<oi>2;KM1z=f&=sZ<MJu-n-0W*$Z+afaRC3idU~e?@a=
z$TrE&J#{No|2j})oWZx4a~<fZ<S?C!&4Eh8!f4RLTbhJkF*fr^^oh7Zx4khhGbAT&
zLt}~#D)6UN`HV9u!pISz$Oqihm=H{=69egVQ7mQa8-ZH@fy+VHndt~jmaSPm-HQVD
zsZj0)6@qU-1ngx0r#X#>oY{vSN=N%A)g>Jf17b#fFNb#n(B*gTzLZF}(PlNKc<Nn4
zj(BD})UYh5KTl&-ewM_3O93T^c~kAxC^-RpK6MY|Sqfc?lm?K)K_+<`Y2LGA>`T<i
z@~;n$G?Oa>pq}OCvzhbd-eq7H%*f4iO1s4&TW~S@cL>YSAJAXx5X7%V?}9W?jJ6~)
zu=2%V-`@ZW$!v@?708k0k!)v!c3$#rLg_sh5|+`1r`?gjc+BA^eVoYsT+ori;*uI{
z(gB$K^W>LXnYNklkSclIx2f(#8KcmKbcoW2;*djP_NT%URzRB@@(2HF4F~Lbm>=*b
z^pB!@xhI+PrRv9iL_HN$T9ND@G4T-@6<kZ>h6KU?x-n{c2d3hQ_)K#FZZIKQf+K%}
zFc-)N*SCgUfw`$(Xe8Acy!6?(2O5Os<&Nx~VsNV2Ej$~#pd7cR<`qpcPo(h{j!F`i
zJWcv>qGN{5Z*UrA7KaFJq#4``$XbVvgwhOo<%ZU9{au`&G>#vbfR_>HW{3e#IvQO+
z!Nk-%`FbmyZ=PttNRt}`-yGt!nAJ}l>NZ<su>vX%X6;Zt_t{jlemnZ7yUo<vV6a;$
zQQ)Yl=2XE?rWX2!iQXoou;hCpM7Oy>42+W<*;T^h?L>M%+0YYpq&TDuabOaBiReRC
zn@K4JEhVjC{t>KW*NjF`=tG`?WHdN2cU&^4^UxUg>yvR}OhnpXszC$RqWu}QNJ4qc
z*|XPHdBF#&3Hu;CDchp^6ajmNXso6gRK{rhH<6DBrJf7Ws+b6fK<X_Th0_Z(?Ff!M
z4-5W*MtdFlPa(XpaLZ|~_Zl&czg!fGjDrn+Ng^@dDrImaub}h=j`%=1v{TZ7{-@=l
z^eO)I5zLa(7}?KQk3n4W7u(T*t*o}B5R6hI&ow7j+u522YlOnb>^vINZor&#c2kx8
zLafAs%Bt-=qRh@C%Ip^Ymq(P@c|@6=<)5?X<DV+~eFpg*3`-BJXWo}!SbZn|?aUTF
z;emAJlGZ3*=i|N(<`9)v!+a`l(x%Z)Tor)V+*#tWopk>+;E3`NHsaf4SQtuiTbR$)
z9dEH&%U4X1-)@flmIc4bBTblF@sJq2=8QiML@)B-756=KmO=hHk!=R_p=)A)l;^*v
z62JrRvHgnP%Mznm8T-qD>Spd_bugThA}{@-IV{hG-!Ly@rTk4b+d0@8RP#@rD)~|I
z8Oe`^i2SJS`~T$!%8w7<I~DTd$XmZme#|_2a`I#TYrmrWcyp~@e%$rODU~1jrQOPp
zx86TN`H`~j1mwr=wWnNu7*?Nh`EgB&%04bH`T6ogSl5O8nEhUN@<V*@MCHdDA9Ru*
zf%oIck7qvbEI&5>SIUpd-LdjxM!)0Ak2$NmmLD&_r<EUPuhq$qOJ40PKhAtrCqIr1
zROLtQ6I_0bm;>_T`SuQ-{22YVN&uI=&E&_2OLX$%`ZAsTaMpnQxT;K*A1{<K`SJ7;
zE<bYdwy7y7Ko+b)o9kwFfVyBMB|Y}6a0FK~B;^)MuBA@NUTBkCMcTWlHiGb&+}0e%
z?e>Kq!SKBMfYI7lA<GaP-aQS#IOSQ!mT=gU<_z8wa!Nk{dklLp=t&IrTeNhb;XMm$
zDg;dh(%Qn)rhA*NTj;O_^No%f8-Nl9h~ByeamWT|(2Z^W0Bs(YPiJjH8>65NoAjO9
zY$N58rq-^3)^5GUIipSt+TX?KDkvzU;79))-1R*76_~bwCu9wbBcA#R00LqTj933W
z=Iy*nD6wD)W0Nl=_^OBv*jKSbWHpVk;HTfSU%*e?r%_Jgop|7|s3F-<xL_#;RojbP
zk|G9Ng}}X502hOWwqT|EM!D@L7I+!3hcFT-nl4)K|B;qPSRR;&lxg3nk%9lh{(`f%
zIi)%jf2#Dmy`osIKNb$xzpjbTIVi7M#RjQdsL4|vSg=Z--V9_qOm_v07<ifue8DQ<
zZZM8;jglSK`9tRK8rsPpauR*>4&k)<@6hU4zAvryhm?f@np`b(3Ukj}twcCiB(ONP
zc3(_9u~queDV5o!jkHybLFsm1t-F`9p@Frpv^MJQ|FTYT4cUmB2%q9k&QUeR{Z^;+
zA!$V3eQ6*9FGA7hZ8EtFyiKWs?-c`v2;gy$=X~doR#@(y;n4_bzWL7MgM`wfEa|kY
zeELC{)ppl9jo-73Lzvnm`kAueKr&lrF8?OaP&{vX1?!2y`RA%lX=*<UEvoaw(xqPm
z-_yZ02I$sr0C^Q8rbW>fvak`cKFOR?I1i65s@->@d#^QX{A|!i5ZJ8oGX>u!_H?J<
z$4Dp9+iDb+VGI}49cQ#=Ex|Z1!S^DI<arXQE~`xNJ;}m+1fQ9zmLA1}r-W!8a=c>)
z!~1@7tQ9XQCooW@6CZ1)<AzI#P_JOEo|aYSwp$AqWx-E(lXMQVufJ)G|MgJ%dY3`{
z+H(oVOOc)53{Yw0srAR{E`Z~moTlw$UKgEYP$wG+Jv{|~OS_7l26*BPeF?3X&NFCQ
zyZTuultP3(TUH2gjy0)q!T%ms&(l`#^DLhusf<2RUev)`I+Rroe@2y*etg}OUaJ57
z-42?to-ptPKtO_ZeF9;l0~-w&*~4_|UYeo*3g=GRs2pjhKgZw?tcA@^X%mJZ;h~vR
zDtAcR)D0_>bB4<xuLXG|-L7s@#pG9UNX-tZ*6s_r?GB2-!T%^fdIJVtdk-2N$99Wl
zdlNwoeo8cMatzrxRw!{MBozrF@{=z_Z*#A?pE;$C;*h3_*~QXEZ`}lMlf`}IW8WG;
z40xN3;=mBG`{1O6{>36|)LSQrWe1YLMo1`1_Ux@+AKky><;hT<2*|KOSIHi^{)O59
zBjHtjnGUln!Pr5~_;5255{YPr-4GmBN1;3ZkULcq^w0Dw4C0cn{79=`p}N9y33jVr
zRoP9))vZ7W6RZ4`twlcl6Qt}>#0?L~gOl)9M|E$L0E%cOz2$e-fEp44<5hljjaEOY
z--}vF@>-^qgco+oFU9l|9)sK{s%9?o^^XBf$k0VpSH$3g3Y%nK9jlq({Z_WXZJ@^Q
z%K*9Wz{@UjCSc%}V3W2vyx%sk`IPL>TZN~~y-g_?`h5Y0MK0<Mx*bRxhhRHmmueir
zhtqA+S5C>b%Id8%+KO`DwMn<Hk@v!KDNQF;+qKFTxP8r#D#^aVCY0p9E6!+i8b7rb
zE-(QnNdT5)$6(s&oU<0uP#)WDfJyR97Xvq^f}Y~Y{(Sx%kzYb)lUnV*uxEfH(35n_
zV`MLEP~%85Ym2tWC<arFs$$Tf(F#zG0zB8_PQLem5xM~gi_XR_p}z$nRK^Sd9VK@)
zDkTmedn9M+D^R#VZQ5W1-5$(i0Vy)a;r+hBCCM@<pW!^`j9DAN`n*-SJ|Y*ep9#Dl
z>V(+{kx9j(;DQYxP+Sg2AU9210sIH>xC-n<gR15^&}9p!XbJ)}8D|N7t-NIkfc-Uc
zk&KbHt~G??TLShC(*W(Du6&B<_5T$)<*^Dw0!p=izza#S7cgFP!SfdPCDyX~)4ZVs
z05HMo-ED-`KIvR1f;!oVz~2BM&tc3q_XgcSZiQcE=V^Tm+WaA?ktkC%eo&EoZ0JH*
z=<pgmeU+=C<+1rq7=4p7g9F2k9nw*i$S0i$eSh4lrSA^p5;61*G>dc!WR4V!<Qs?F
zfxeNTk+9`~EypG3`DT;B<0fkUoCdAZuCTNZ?Hs7|d)V%4^rSf`)eBzo0R-&KuIq+?
z(<1~dYX~?V{W#4I6kRJE7){@qf-okuYZ9{m&>ab(N*p1f^TS9&VZn#)IYdHp;*ijw
zC<#q6BMr%9gBwm@Y0Zx;tsh}&HOaR$MV3~_t;%Xfi_oZ!7$qde^?mxp@=Kz}SEBT0
zorJ%zOP-`H89Ol5hb{0sKv>;H@2n4p`=!7jC2N}eU^`mvv(iXwp=1r9*wWQam_0=7
z^&#DxSRAEqbahR2o)~?fJpbO;^lS6)?Z^IK<lje*{`c|kjo<zE@$aQ6C(6Gm6lvnG
z&A<CLo^t-(>*)V}{_U^(zn6di>ClPt?{JUf^6w};Qh?fxM2}03M~}p8oxugGnS<oV
zH`|C3=ZVrf+T95*_?sx@7TP4g8(t3yr`uP=5T+P>jP3hX!F!QB>o6b@EW{L{6l}&0
z_^sF}{kR5`8oB)Yoq{OK35OF5R<>il&w~5^!bM3GfV{im8hj9ZYhXU)+x9m@hpF}z
zz=fPrGk~%RcMIRUlo={SS^#DN?j$WrLSIID_BIWZ>@N#XjwV0#1x50i?*awPSnx8~
z7mncg0WPU!La_fR7v^yz3c{Pm&_fgE=36lJJ{fHke9tCQZW7;S3JXZqZQ&U(G633x
zhQ#dc?twOG!3rntVs8eh<afSKHrN8WD@3V`Xz484UuY>EPSEZWC0CJ6%3UG1pUvw9
zTt#4?IV9+96ZPgPb`06(Fm42MU9=V%3KyFA1_#nVu<<X2r7lc`QVoR9Cf;5sRro@l
zb4Yr$kpJj0T7OO5tUv0klK_d*NHE6;*v&^Gm{Bf0T|hfRk^NP9T|HQ0ICpGzXrcnV
z*6s$JD3}lWnopIyBcUw}Go#$W*Gs@&TsRNLM*Bwg%+U2g+jRpXbCO8Q#VZfR#j>hh
z@E@TZDMoAX*03{pr%}57Wmj;b@qKLCT9k~fL5E1QLaFEw1DKO+PAV+DmvgMSE~#Dq
zct<##c>BwQMCXjwTc$w^h|J)>$-92c0HO39q;VJC756Q{!P;Xh_+=U_EngfUFeHcc
zjr`>STEPomzE!!K$BoN>+so+|i53iME#2yf_CsSV(Js3l*6VQ)Z`;ceAA@y{Z58<{
z)@K<R)_-bK@0FB-Y+Bf7M7*#{7VO63f(1a2teCax4A_fe=-+3+-7m?tg0_5VVFg^U
zMq8A=?fU&;b$)HQN#<=y5SC%|gHSToI67N+ayYW4k_QullWPiFdI?L;gZI%Rgk@*L
zU!@_+w_H+l<_=|0G)^LWyWsn48|t74dW+)4Q<0qpJ%h9u?3t7+Tj}4*=H+<&Zb2bu
zc14`ob;sw5<pl>~`P_<FK6lQ66XJ6Z%FXO_0yol|!=6+?EG(+`u4G-W!aRONi1MGp
zt>IfZReGDQfN7l;;d90E(0`p;KG(A|pDT{?xlg_%{#D!sp93BTML`1lj5B!E0KKc+
zu7Yv96>+%TS2}JtE{59`odmb5h|BGeF4%G_P?y`hnB}(h2fp0!P)cfMhaNadFpDrt
zeEsqz2Wr~Uc9^4SdOo*;t%Kj58a@Y06lfI~9Ak7kCimkPIwohm#d@2{=HBCM4!@4_
zIL`FC<8g<TaCkZrf;CU^M9+)m_rH&!TTZb%^+da;tu<`DT}QRI3d<%$7+sf`zwP_3
zG2aR83!xWiIqz1bArk);!{>l_8AMO*Bvw}(%j)<+o}Sya&?&B~Sj+8-k=ylD<GLdA
zJ0UKg8yUmr%$&~+`Wbw#IKt-|TYDS0{k7I<;9B4Xz~YM4$W~1F8Mw~-XiC^3EUy${
zZ9W~cm}JigF>tMSVG7F{6^>+$5-nNv!txN=?qs+}&PSvTm?LC-nwUL4^?`E43wj4p
z>L)j)<nz2PRwpv;|NHvCVpYul1eITlSNU17x+kl=yFP&NBZ2WL2rs}2r9A*9Pv6@r
zwDMzosyJ$V+JilX62om3#pDDbV%@KJx3}r?^Q!#an(GYSvsyi$4%pL0$+H?}aHSZy
z9awAb8Ydn(ORhpxS9LrdDw}wsK6&SBxLQ0b!IEKzu0ZEW{sCB%k*9`}ekvEjtocIj
zOk_^plqC2ARzU6=AQj|6eK`-hD2eeP4FkfH&BM4b(KSdacbD2T!<b6t0+v6mD0c;g
z0;PiSvLdV8eKscLb7n6{bDuXMkkl%aW>~Vm@N69~jef)7tu(5op6|qJJ7q_Ac-xJ_
z<Cu87*frzg34zhO<s(1!G?XGYaY)saZ*fLa37+4JfzcK6mrzJNIlI~^jBi4x4rlg(
z2X?@6S*=cp;Ju&1J;6wk;1{pG*od;e+D;cq0~;2+M<_@TgzQ?<cl=@Z=|~=Sbb=qB
zDtJc`>tC?ayI>VkX_ZQ)4OS2g{-@w0Th^z7?{#P<v$6gh?k~UJI5v><hE+-`abzET
zXrya~xdgDV8y6&Y1{R(<C178J-Sxt(WWG#1Q_R}n*?{AKZ{~hX_*n8&2j&#qZxsC3
zb3o-cPBQ`~dOCqE@PUYdkrg255vLd}4j7WxHbk%kL?J9*2!m4wB&hclu<_{DSEb<h
z5fD2C-!53|0Nxm(WYD$PCz5h6tm^+ORLQCk{Oj5oG*L{yVvJ%MA>pvOvVRnOFEhcv
z+FHtyEch4$Lqs<cq8H!6IT}DuYtgd;5#!InpR4VZ6rX*rToYFHLv`KFhIOZ`i}E8}
z-@MsrgtlZ`k$)k4W-AIVf<Klb>O?5<tbnPYpIFj8swDV_P*AUZC1V0r6bj4l`HKNh
z?1+M=j8gM4;rh=}mbUY*UHA#K?qc7(-mV!Ek)85fj6SOJCt>m39dXf;tAns!vFq|j
zsd%~O>NLTJ!d>atrYq;|<zRct4G6Zso}9Vug`oXNsmh+#xZN7H!^IO=IkmC3*577z
z#NUSa7VtD@z?I7Q8uByL#a%0%Bn-RZX}wpeJPlp4I8Uq8@HA)8hE6kepx9K(uQk)g
z$qG~tM+1!m>1OVr;L=8<x?;-vSI$Yj#tO{DKg1Ya)>dJ8H7m54nygZ};C~;nn$;rs
z-oo`ASg?kO*Be$>!BG6#zeDhiLC?65J+rnx72`y_<vg;a;-SkO!Twdw><b^->j=*G
zgLZoU#K54h#%GNl>;}<LZ?p%dz5p|Kz9TRiw2-UelewQbP>x>9*GhC{ouye>d{v=`
zDLp7ArivKrpU~3}aA!t9BiXugG7Z;Olv@m}nutFai9Z*y<7Dct;7<-m$;vK$sT^bR
z)ku%EthwqA-keL*4j`Y9?Ej~RK5U=}{7L<u55;e!teshiJby(;WF2=Wi@e58vM9Qb
zgcL<|ykIp_fbw+*^LOx=T-g_U{^6M6!sN=*heLDI#8Iv^VQe}2D@n%sr=V7X#}BpK
z+g;hSQw0A*=#BCzP#jTCSnk<`BfUKh+XY*~xWh9{*+=r5)Oi<ZI>!hFsVWLU?45<I
z&yl^$ecttfq-HMlHjkI)|J^_(FmF)m`3~K3`f)mKR3>w7ilfQgA%C1=G^jEPI-d|s
z`d&x+^O5v%U#^4u1I)0!V8CyIn9AhRy*+W4bcI7o+Qkx1f9?5(8nb>t%tmfgr*H)&
zA0@U#t0G;)nUvo!A%O6epgwo;p@=>=g$F7-q;?0-pv`@fKG8%iV+=66a%QC283|XW
z?CXKPeAzE$;mn)lRhSL}6GYdcKU=_(s^%z-T&y$6oDsQNXA=58^SgB>VOm6fxen$i
zRd3gsWX_3PuQSP<2hSn?oX;-*nS{=tc>T{L^Bi{n&m{9ab^(x@s}?T-T2A?q)r)}C
zOMsS}8C2UbB%6T3?5a7|DSt@DCou=LNfYk&it^VjVNEhs2lFz@V#!pU(tLA9z-e|;
zGF6k<Yde_1{!N~{0+b$PzBxsjn8q@wy0o$yp|FCUjS4Z(qAEtSsKx|e3w{Dt4ZsfR
ze84OQ%BT8gE&p((VZ5P>^kbe+RqQgKYLSEFm4o;L+9&9jB=t9=&raubs^7Q-d$nRk
z>*n)=y;*$R@#%>!DS~0Ki-Z_GvHOK$>8Xj)Q(h>Bo+1|(F*?dHM(HTa7^NeNF-k|G
zF-k`{#wZ=-86$MWFD@cd;x`u&HSw#9h@kl0MJi1d7xGt5RvWeSq~7hcoY9nezteK_
zO7>dEUsthLyxu3WP~hj)?B@pl%2px2_i4E~#9j@&|BdW5g}<_h2!03Da`QI!O7}pi
zcR(#S*F}k5))IZ+PDKCXv7b-$_iBhfH4f2xI}`m_EzvjWi9W!HKE>FX=t+JM-LF9T
z6ruOGPJrHnT6(|d#OQq-?Jw+8>78YHa0UO0NC#v1v3&&zjKEjoU+Hag2!Rg1W?rpM
z7R|%+=G6&|=+kJCCor1FN)B|-^_kZgnImN?C5E8%OE$Afmp~#f0hJc{%5`+@f;0Fs
zbw){c<v;!fm(4EFK0&W?@9Ak^DIThQ=Fg498w@m)Hq2MjfF@L{;Kf@5aEI>C@HeoW
zD*9^$|6j0ju<v;w?~PzdEbqY*^oM-4p26&<g9#SLW6dm!I?J%`K66ZwuSevn1Htza
zq4EO)P$)SahD>;fm`#h(94Qxk7s6lfQtCR1-B*B6%l~nZfw=f~K!1RZ!5{J@V?0E<
zJB3{1N%8P86a-W}FC`>tln~)`A|;%qICLbGIL|ZUwG2Xuk6-BUDbQv*%UK~thgmN0
zdl(c0rNw90Iy3-!w{i52whO+c_;;e<^AWeM@XFTFS;CS*bjWqZ!AA!IDnjCnq{l^L
z1I3x(WdIhdP}&f=uprAC{>(|)kzhq-DKDw^%Lja%sy_C6L8DqS<dRmoM(5877)_w2
zp^uU0$qOFlDO_Uh4Z-_5w0Cu?;K#%2`hRHdKcH-~(f0PGh(VwEYv?W~3>+hpd>k=f
zhhzdXA`_&bHt?BgqQCRaS<c{6GkSQ)<`<DzeT?g=><-@X3upje;SIlo&y!f<rwk;`
zuTZsFPB;%vm>FD5`O0erv5aoCkgWZcciUO0OomQ$EGOV1(qlP?kqeOJ98@ktREW74
zS#CDa66ca+ISnBqOqQEd*=s(3O=GVG{ME!>=kV8b_Noe&40`1k<N3^4w1dpZ9r2rn
z?3p1V2Qgg3F}#gqxQ=63<`_;#3}bEiru_`VD|tt&cn@_9!}uz(nS!??WT$K}`9p$#
zZW}E))&t=*l@eNMaawH9;dF&Thtrh?9ZpvnbU0O~oa1zjL5ov<k)n^`RELP<lSG7L
zA45b)%Z{Un*w`f^?rn`lM4EDID@ByVtbv3-oc{;o&szY4pJz}-Gzz0`0TdY{3%~}V
zLtO!OG`_xQiG{1LQr^PhqAY57FW#I~04)RI+=p<|O(Q3SI61AEBg~*tHZ%w`L=c9U
zQpUH$M@iqGi;~novwl^DC0&n_^e9Sz8Af;ln68!0dW3joBNFW!&FpfbCM6su9tdn!
ze$*WfkM1q_B^)GYs`A;bpo?jEsGEOTs{PW6U-lCG6Pq#gAqLqQCyVS?kHx2hIvpKE
zkiESrKC%b=Tn7BNKe2vQh9~NgEo$j+sfPYG3I54VvGkXsjOhZdpG^dPI9w{5&eFq`
zrG?9<feY4aDWH-i{Eh?2sGp0V#VZ&fs#2Y%2P92Hjc-S(u~G0}bu1P=Ny=cH<=|OY
zO&$nLZK?SNQvME#!3SDM<jcADtIOAEw%mBKv^4!F16j2pn)C~|DQ4j=YmASo(LWbe
zQ=X0AZ-cI1LRFNMkdn~bOou9?(tMOKb#`tnrj9X84V`l;Fm=Td2C-_fZPR0FTMVWs
z+F8HgO()y+dxzs|KD_HSF<mQ17%RH`d*oNS8K6Hl+Qt|`XRpQ*KoL%zDk;%?uuyzC
zlbNT5uef^EPz@v)J=zIO2A*vC9=kd~hKJ9riue_J_*UrQlk0cmp_Jga9*L;weHb|j
z{!2ORbN8@pb^w=C@ZHmc(%H?<f;YDr%ctndXR`8{ST6V#Ko^e1qGfa{G0tZ<XwB(N
zu8d6Ob;}XiUq;7MB}yMehSZ=NQWG0ex~4N=8r`-}5XgDUISc0)E7CV#q-#Dy8E{y)
zpC3`Ga9>N+sBmjbB^un_Qgtb|!Ns~}8(dtAQv2pwlnTPB)1nf0bF$^^aE)G0tuc0`
zMWr7CuKZ4;UVl_KPPqQ4E<>(Asv9R<e^fV4xc(^X^~VO?$RisjTqjpIOt?<2ZkTYL
zT;=UtCr{(ATqig2A)Y#&y!2a!#A4pj3Oy26bcw{>4QRI=A=bEWVi&A2^{!LF8qYZx
zUooiDDFzY#<Y-`P{6Fe+{K+KvKaOiIqN?2c=ZTl5Vg`|FUlr&jae+~{zHEFS!;aSC
zt1uX)=1A0jrQBG69)2aCjm&LA7~0%fQk9a{pg+%}^T0nhXtYJSfej2aMnoqa<Lbs}
z{6nvwtM>HgV^pogdHONVGsf@`b~02n$(%*!IPjMaab7)urvS{>!T*%!;D=J?%X&~2
zZU=1mL0y;6+TNRmdg9MbQ{m@jEws;ou@PZ)BNx5c(Br3)!XqMEy54>1^4tH(Xw4;k
zD`FrytZHdHIcYZHUK)wVdHBElA(>yW^ywPe&+ra1+)Tv1!{~*27i<@Mm3y1nuHhcq
zHT2B1dfT<zh32dZ4@uyBZ%P6(YJECV_59dF`+=U+2WqtYf$Cl$-v@j<>VHz5xg&aM
z-va@b9#y><GV;+HwpnD`MOVZ9J{q5Jg81_NvwM7{M)37q{r`4+9i#hO9nt$+wdVzN
ziz}1Kc#A8O+Rzj3uc9EenFsMB5`KK3yTy#I!jzW)My=I$wt<CuCB~zRQnldQk1U|X
zGOcjFImJ+9Gus6Jd-M}DTV*qk!{6-0w9t301GmeApoTc{TG%>T+}2#OC;4@$RhW}+
zO>|l+=$s+4HLlK3Bi{$F7X0-F-9C5<>P{H%50lly>U9|sVsFhlL~L|J9{Ln^j{ir<
zQvmYu1UZcZ9>!5RL)@=+vOMB8z>0AVPg3n<TlLAEv+;gU*G>V#C?zk;$7@nH>+aiD
z=|x!VASTom%_!)ISnLRlqy6@AP`?N5xA)}Ka;yt#X`l-%<p;O+HgJCQtJBMrCBG`Y
zZ2a-ppqFjGHobiI&i^EO8M}qk3%^g(N?FH5>FCYmc+D*<yfu><UUZEc-g_K)o^N#F
z^$L7@3l#$s4oq}PGtH^$N#$rxI`hp1nJUxA3sf<USswnJCHM6sDJ7X{?4zdQ71O6D
z;tW!PBCD``gMuAs?q{70DpMj?na;yZSuo4&x?4*R^u#y-D8TdxfC0>umLASA38k0A
z8<2+suSGZ6vYOnZ@iT$$9!;l@@9G)zF*-ZwzDtGg1i!Z@PLe%U9A!@vyhnQ&_@M$`
z|6XCVt|L0lrh$kF%w9<i7*Hq8PQY=sqYqAqZU`;6naY9w60zfQ(L34<Q}lGT-Sng2
z?~#N~DL;~9&VVFxBpEecC|P<fJ6P(l`!;#fajv!3^BR))i3=vZ7+dr<Rklh$Sqqyl
z68z;zd%;JI&g}UJ-1|MK)v-os_W7Pz(<PPLeLJXGXCTkwc&wE*duI|4oU8yy#}_T9
z%64gswXoIh?hXG=6#Rcjuk_%f3B2)XWRl*NU=>Py=V5h+v>lPWED>i=4|VSz)Vw>z
zUbLL*;(gnBHfb*@e2#UI#s9wg<Q#lA(Ba^zW|OVRX`bfjwbj|H!d5iZoM8h6FC8;(
zrHK+0%Wo_WqpKVI2>(vSiw>)4LTnfyJFS{1it>c`+KhybiPNyjnScku{~7)S4bFn)
zKbsU-jCVtOe=jnvyOCYxhcW#atl|RNkD-K6atfM$z@WS>VJqGaUP;b}A((K}cESH0
z?dQN`Bh~H^{QsGN^Ir%2iIk62P(B>N=|)CF{tr}t=9tTrd+o)_1sXn9o<w{Mj9gj6
z$H>u_@}gz$^z^AelRvt9tBc69-v+EWFwD&K4dAHE^>aVcqSbUv@c)(6m}4$Zvfp{`
zvPs_oWx5~5HPizr&ND>X$QCBEW!%40SIC2l)YY*TVXt2qT{^Ysp;?lG-!<AM03chP
z(l9eyK+1b+T#O@N2hGWzDtIU0QEn~t>nWmhK&UHyqWrNf;_sbCx7>R1erwEigV#9V
zc{fj0k)u3<{1VAz7S8HynAJNB%0=9d5vP4R7EZ&$3}jB}a`;W2tcz$UgJ@_P(av<{
zkd85Z$le8CC5B%k2@+=~It<q^qGJSTmCESCl!!l<3hx*imu~s{jGDY~pe_dHLEU*!
z7q5+lu_0UVE3IscAhp_n9^A@yx*wTXo>eG4hRL#y5eV=Dm}$Ey;0D(1c6;UyWrd1g
zt5mK8+O+aVou6}QelnETTlDtbXfw#Cz(jy(BFG#&bNpmJ;3$>Iu^!J~=aFA0K)v`h
zs$)Q$Feyd|QN@yA+b#+=nOwDI7o#M}VCTEUz(JB)!&@kWG$B460lv3Yi$?<!!3Qlx
zBiZfMBh4s))%I<Iy@~lLU@up;tM}Q{cNtFn4%Tq==4+wE9sQWDo441n%dYYJq-cDB
zN>@oOy8S8oon3alo|@>3-VxCGK}z=*g`4B~djrGs;$}8~biw^$KK!YijGUbMX!xJD
zL}oq-XTFZPv(g>pK)DBr_&Ann{xc%D=0hP=JVD1+z!2GoU4Ny)pdF2uB(pN3Ioc(k
zR7Pp=jZ{S*c%W%S`zmNsRhff~RN_@Cgi7+OANDrr@_|L}2YYNE^Al2cq1~9PbG~_@
zgT-re&!p%1-n0{MTe7j#i=xga1o!$fL-I{@MU@-1%xdK4`PiaGWG)|B^4L$qVa)d^
z`0h-G@2bl%sT;_%@g{baOEnDEz<Wy5t`EHTD0pL<>I8*iFD02ACzfE(fG|u&=f6Aw
zh4p^He`znaTZWZ^Ck@AcMv!`CLj4RNtAX{fZ*(tV$wBHM(HWQ{yMnWg&QbXdbCUy>
zCVyyQf67rwnelev49Qz&A@54Gt~1g{IkKf_SSn^93g*b-C=elne`OE0tCAmeYPiS9
z^cfgk0SOz7B_J2uJuF6GYBKvK$2;Gg$CPXk7*AJPOqGKFNz_!b>I5I{08*yZz)YAF
zbb`Meoib4`_YYz2@Vv(xdXwNaX$SiFfQbET&$>etd}k-)(<_J~cRzS|oFpFJIEF+w
z+}mKZLjS%pBU89crL$;e7$&~DlV@s-b~>!Ls<z?q?#5klFg+rJ4iF(6bV?)5@~Ds5
ze*M;7wE087efcq_5ZhqQ8h@YQ`!L18vVFnpy@LO5Jvj_&_qVFu<JB+2BQPv}n)?fr
z+K?;~$Do_Z@*{BIS?$7(h%>7X9*JaHdZN40_y>qw#NcZx?J%;*AS&g2#usw;1{^vB
z-(`s^HuGqg%}spv$a}pF>>jy<?L9FimEglXv(6z61phE|a83p)#PWX>w1&Mv^G2Ag
zySb(lMd-}q(al$J=mx}HmDN-w_^(Q&h!DYlgOM%pLbA!`$uOP@_Y^QDNAP@#@HiYE
zasJgcBb2(41yvKW_uqlYex3>(fw^gpz@k+2Pm`CwlK{Bz^daky@lBTPH-KCt_$aK2
z`M4(X2+pO%Bs4xzM_`i0$2K4X(iw>nD6seX;Ot_Q9wRI%Zk%ae0&7q3i`cHe)_pn$
z_aNd{z81iZ#-PIwm%<N7(hR@AD@H^K=6N+dVpx1iS=vF$?o6;KpNhnXumy;9aq)4V
z{!0=JjFl<hv~xY6^XhU_wA`fVK)i>HVnCFwrmcc+I>O@L<nF`f#`g|PTy)XFKxWSF
zwCK>Ti!M4`VyNIpDF(j!bR%1A1wFffJZL1yr`$*2+p@kBe9sw(uJ09m#Rhi2(r}6b
zRQ0EcWKW~6@;j1~+Vv({rBG(bN?XBWu@s=8oU@XwT#h+pi&69rPjQ+@2>u1YE`emy
zag8_=k?<PSd3*?%EiFb>Dkxuby)?T1o=S?Wzc2<+0q`7Iz(1>k?kk7NBcK^JfEQH#
ztlH8<x`&i6kEya{7!AsV7=0`{zO`){0?`g_Wt(PbHmN~*GNNDV$nnjYtzqSgj+poy
zm1i=8(WI2O$BDlYyjQB_Q#+V?k|vZ415@9vCgbMIfiIX+6HyCWwii!_j?q=4n4J(l
zR82`YCf+BN1E0lomY7(F7_9FmBPU)ilR>VT+0|+!iaYVW`!T+k@V+g9X5azA|0zBJ
zC-t@Sg9V_mDr0mk*CxbgXKJKeU4oXIStAjhHj|7oHMqWPS&HDl7fndS00GQoG5w=_
zek>9{#TPUwz%lZGlxqLdCN_QfI4~{?<~6bJN&fY=A${&>Vt6-2ISQb5$L~35qI@ta
zeVbH!2g&R&$256^#+wjn)~qRjw3R4zvZesio}p;JEWAl2LZ?f9&lk7c?@L5P>{^z4
zR)X?Wj>^-7#E9~wt__$hX)BvSoG@h*opmOX9s_@cWhf3PlP+V)H}K5tX^e~#RsJq|
zAC-|cgDR?IwD9#3munm|@By+JP<CnUFletpb_VYOb*dnuPW8d0?9whdIF+<0<a<>~
zDH)_ci2xW9ny&(yiLB28xyqIf%kvG@{z;C@q)VWf#ld~huErYyLRi4jMrKTb31HG{
z<H&<dL<z67YZkIq+NwOG@^7LtTyV-GN8_(wr;)GEL)!Q`5HZ88Qe}i5>5xkqbxZ|>
z0l~~EP-NRRl*op0RL69vR(~zMa*1Rhf2V8qJWh9AV(x&z^-aP1!_tFI{!PM@QWI0g
z7g5GCO1%1j3sH~OFJ?kz281eWD<WbSX#l?w{QaPYlHL@D#cv>}{&hsRifEhRFZi2E
zP8vzhN$WjyklK1Iw#gi2<5AV>Ra<{Siy7s~c0DI%b)=@w5O|v6)g0K|xn>VCxyXN_
zoYYUH5s03)RT_k{>zkCfDV2b#-TSt-MW|D(wxAP$p$b4NZKH{}&5uc-FVZD}ezuKI
zg4}pL@Z%zkgc`K2x54`%&j7uh?q41a@@@*tU4GioL__@iMJyk=L;8d+cqC@ej~_7l
zJIxuugc=w@j|n<3V?d#k<t6XW?X=vDc!L<;Ul1GvtKPmwHr~=2woY*dTt!YiJov%M
zk}ecmCyUZ{dCO18rpp}C=XtkAPYi6B+|;#Fyr9A<%~~b)+QO0sP^NE8`XeuW8Pl11
z3Pp^3l<Xlf2>)Y>@k45g@#lOA{6L{X^e!mIO_~i>)7OIkG1Q3`tUzVf#g7ng%-W_#
zXxP{2l7TO$wWv#ev5x&zq^9hS8~5j+^8g2)H~x*K@j4jUYpMSu?Qa!l?hpfW(!}gJ
zz(Ve#fmLCGb2<S~ZFn%<?ZsBX_BF<$D)xwdh4;UEJLdzxk<1{L4_t8oF<8QJ@_~oJ
zc!0%-3BYIOB1P<y+tL#a@#6n~1$y{ta(DDlaqy(*Vg5_UqlXFJ|K;>xd8~VS_-cGt
z^l)%ZgdQf{%;;g?#s6jW@a?4T=;7b{Pl_JyUU@uvXnE{^IXz@7>Yg4p*}I~LT_q8E
zu-(Y$;cK&=9-{ku?7ky4n3j2|z0D=_2WA#w^_J@R#{Bj82_$o2bDHPihTlB8+9u8|
z!t(E44u=Cb1FckgznkD~u?W8PVAWgK;RcAeB}MQRCTg?*kb`ri{${dJ=t>n(K;_{u
zyg+|5ny52+G7}&TD#=ywdzSrPD3U6K<u>zlcdsn_eS&{y3hq#OOn62zE6Xmr3(zSF
z+sChJK4Qvq7PV8&b|y)Gu3C!{z8V$imw6L(b@U#qw>?$x_du%!)C0@e28xMH!M{oy
z{8OA|cX*z`eg4cnQVo0q1P-b~6ypF1z;-*R_&335vu+0s-$4%#F#8D4`LgJTIau$0
z!T(4K9b2XXLD~I#gyrQaH4G|fJ+s!jE|q4CjVh{bCM8mYfI6b6-5*I;;Z^vS&>S$L
z=IJvNNM(W_;j?9R2>yo?7zV7;=j_S=g2va1=|W~y+N8Vja2(^m_<cus>yv76u4F?7
z6QCz;9!)nmW_-fV(%`>Bkv5^>zePa*<>=$aPxCXxV?VJAo^bnEDDm^H+i5uU+vq?P
zGlZnD4M^ykonU)I8ATXpH{YDnTPWQkJb4AcUf4Q9SZ0QAuAT~dS@0Zq^6mvwqOV!Z
zcA5bZxLXR=*)(HkG=9^gOEjuhgZFYB9@*BK@N|W#f|*X%tV+S33tha=c7l0)t@jbs
za2McCP+^;qWjVB?JAR0tS{I1yd=#H^*p8WR2MZ+3@uno8X8^*AP9(G%gO8BGmM{1x
z_hf50CNBH&WJ5GAyH0=YS9CuiX8m#c(yhW(CF&~lJ<>*dUb9SVsG7Patm|k+Y^EeI
z#3#Lnj6gQM0Xs;(nAMJmxeR_xL7M(h@SRSFYmL@*m~>wmqS|q6O29~<QBpW&Ygq6N
zPGVGv`AT1jp6dXS;^E^hs$GUwRDZT##~Q*TChd%(QTPL<peJi;pStf899x4M;ae~v
z*Vq?F_YjtRNLv+s&ECCJ7~ODl5iKNiR-I8R3UA_R%#hE->@wl0GSOI*;xtdAoeey*
z`3t)rN|P_+g*MeIG6fIPH3w*PK8{kPgs#PK^9`gqY>1mFzK!5i@xn)ksPVVAv2pp1
zv}t$x`;b#WnzB=yp9SN7ksht&bU_!cndD1uLetNa20}L#=tTbV#pvd3j=Fiv=om=W
zb2?J6yALC2p9SX@S0`rug(W`?e!CJm`&xCa6CYqY05Ji<M!}E;qGZ(cpy07(F=9_D
zSANqPna}8c+e_T^4K8I%3LSg&8*hbLyh+=XIgx!gZ@sm!wa464@7}AFpIW2mubDfP
zTeSE=4u|wj91dRiUJ5&5a+>qiczJRqXfbMsNzVH~5XjaxLL=*NqJYo9*pD?5Uqdwc
zE=gpdXCOb{L701m3&NG`gK02J_dGyOJwl1yq%u2Sh)WX8f_gPdlIut-m}IsHrH3(x
z)|+MgNa14i+881e&jW!6R%(m4Nf0KMi`hR3OIUC|o(``768?;l^N=zz`?Jne+?hp=
zF>1G!@m@g`soEt**W;0k*1i7<hcQi|;6K98P*XIehJRxz4iQ-kx>w=w{1@N`B5+3E
zD!%KNg2aj*0w#IE#MUro4Ve|@^g(=FnH<%hB5;0gWaMAn8sje=Lq8Et5z8f#0c5^`
z)vqP8Z^yWm{a83mQ)`!gq&zDm7ExiqgzIc3qdTrR*ngu{x3?(@CuWStjR*#W@|GG$
zjrS;T6pw9Vt46a{l>N<kLf|nePafk~me;+-ej-gsnR`r|2N~Fmp2bXJEXIHA7<0ld
z<SUY~!f$bJvKV+3-|_6pc933j(+<*`$dku31;wy50dM|#GJxA7!MDvX8u0#<Q82iN
zn@NdMbp+N7ts~{LV{un5LGxCV9vY7F=b8w^(@;dHD?s@t+r5c858%l*$lcw|`ZknW
z_+brKjmI=mzV<l%OXX4p!SFu7M@odY5n<UbAf5MVGYFHD@_oNn6&gSl0jQ(_RGB+q
z=*nrBeP35YX@#ccaj&9cUP<1H@;~itGsikG(NL`1btL9KuE_a2T`cED$N$$j)RW92
zssXF`5Hct}K<6@=2b{3cnr8IOrEN>1<sdxdSaW6L5$?Fn9JW!Lr;q|Xw8x{lTW?`^
zH~tAX{EL#z)<UzH7_<eMg@`x!<$-!Jh^rUh((%%U0{!`%YBL1qn{(vp7@`;uEr4ip
z-tli@$rwZA^3<zL@ZtG4o)9A05gC%wq&#6T@O(g|Onym>U_$zstfXwvTdQnRgSWwG
zG0CX6o<mM|+w3U~pl9&o1q<b?i?D(LnoNCw77@|n+adUp@#Ho85sO85rqYfbHKW)#
zDD5QDu^?+co%0|InRsP9(bq=G&?oZVGJtflxSJtUs6$qSEQHjYwNda@^HHh|@ojR9
z7qR&Eqnw?Pg<}Jg7QsrP&H<eMNP2j8q~^Y^sw9|{AjQr=W9Su(!c$Iqolf$6PCQ6J
zw_Cc@a&|GOkbQB8g0J34_TT?u?``0tD3br--LOd(2+kq`K@p;^X96mTf@B3WfrQNJ
zMxzj31U&9k#KTwE5L6Iw6Jc)MGm7~Bc6z7y4!$7Bi-C{?5Fy|TC?WwtW?5bWXc7X+
zK2_B{voo_3-V}e{|IyDKo86x2uI{R?`c`#yH@t6A-U@b!tXoRu@K~y}KU=DR;ix#T
zjt=PJ_@$KLmmX{yVa`lf%;M>S=_u!-I62@aI}cskQCuAC&^su`71}P8Qqxrcb3ly0
zDBjz|3^ZMqlr62KL$%ntjJn$M@Eo@AdU7oY#rN^LGqCO~X<2Y|lNJuKyl9Xu!+Kl1
zv57oZE44wb1y@GaFDM8PgDT*l7PQ18WQykz9;l_?Qu%L-Ij<~5tArw4DaJ9Uys@{A
zYTHM#qhs{&U7>hX6F+=^FusDkPAd&v%hoq=JRB6OS2B&U<8+oy@yCstzSDX5RLdE>
z7I4Q^yqs+bUUZcIj8wOxmWyO~C#@8yon2}z4Q-;fL;K`MUvH(0AK>9$?97^xc<C<P
z+Een5&r%Q<{P%v47mozLdx*$t?Rhl$9?XY7p_C$a`*4v-UQvcwUQxp=@J{jpQj{rS
zhII6x7pq|gH=!%KY1r$`gC-KVdy~vAZeH~!Q~<vgl~O``H#?iv4t!D``4*s(0e53L
z9uxFrmh*Z*VFT^~f0>-o2^4GiTlxUedn>Iz(OY8{u}A|QIOI^5>Hhkr8fG|`zl|Vp
zZ>I04Lny|00?iE`Wk@8S>X3!*bxa@NE_e<;)AmxBLD~((aQ*0Qm6bjYVBsC)z>fo5
z_*eGVc%kTB9%9I4zuZgD-X|3Q5>HwC7-T5k%VP|k)fmHK7Guz56TIEr5-pD|jMF8Y
zL`4^h$TO}Jil2{R9hbgVf(t-Jku8kDg%w%StqdHdD!~QKN;av)J7EricD7ia&8$1h
zVg)`PE4U7E<~ugRgt;tWur8hj3;=6y7?XvpVG)C5ygj)Uz{;<M$NG~?-q=I<*Jw<q
zx)SgI4dk<+f$)jPnJ@;tKau6b(wJcN8sl=8$-q?LG2P0k!GiDmIPKV|$vEYhL{<Dx
z7?~@x@D61>e@V$7<0pEtr~&%b8PgiALeV)bc+}ubzDS#qRy#&YrG4Mbjmj?C%Yp{!
zxT^|-1T5s~@!#qkjkg<*6^d;<V8D}Zlz_q6@oLgdRKOq-FVIdTE-AX{^uX)d=~OiD
zDB-y4xwKQ>fFk6S)yKp<f!hI!8yr>Q25wMFD4)yVHzjPK@&RK9i|rN-=6`sECJzPi
zZ-Q}67(s9X8DDf;8Sovb&9BJ95#sCFjf$bhgO-tej6JaAU5oTJg1f8L_A&$66hNrN
z)2{>B6hXk<kR(CA-9woWJ-kSXQ_$}u$kbR$Ri^O%8sU=zt_tDhQaeakz}6OhurV;E
z36T!YYE*&jv<Q$jS@(XRk%rx24f>+ae^uiV<J5SBh{h!s>|X*mu?c8fa(P5TgyGVr
zv|vP{2O9_dcnQU?DY1y>bg_t=*q(}HI=-9s@dQ{ni^U;!;Wm~e`Q=QELrh2%{SP|u
zj_K<ki^L()BXJ0PkKzzGC)7B^zN0)2vGXX!A#&ljM|f;4gPim+l3i0%aKq6^yg@LF
zH;g%IHrU#DLzX_#M-E=D=6U<}W`b6UEj$Aw4j-xaW5WyxcG2X26U9@>LJb(7owkZ}
z7lqw~`2&(bXL)cYDJp(5Hgn}T(Yt^y!}a6F3z%z|RV{xokDPz+i{SW^bg521m%RfB
zZdWfvnFC?_DrK4Q$wAjz;pJuI@#ku!O{e%@wpes&WXz^1al?q#Lnrs4SJA*>7H_fZ
z2=h@Lk#&B2BH=Z90y~Fh5D_JHt@uL4>z868QAy_ba}Rp@)jSJ^&fZmK#NWcEGa`5c
zMF>dyUk4gLH;4^r&x?J~%0=>gZTyF6l;D~=MINHkr;wDNpm)K7!?+)e8!fKg$aaxU
zC!H7Ubyz#!rIqB?gDzxVea0B@>aW%1mtj4@j`e)(<SqZEWAl?Z{s=bKY2uuNow+z|
z*_8F-lpV~bZ1Dtb<^$7mqwCpzgtRd8uZx&_Uv?|G_fK04?){d-N^ZhU-J!2*72lrq
zc8TKJrv?Yrn@$q4fJ93RZEgiqNj3F~-bvs&Hwko1ELg+Y4cfep84Wr&9?#AJXCzx{
zgl>$%U2O@$_2%tkB3n7N-&Q*oWcP)CO+*09cD`KC_LZlFp;iVQplWF{)LdAPt?fm>
z{!Yx4pZ>hYiQmzSIq{QQ>ettTt##=@QFs||0UW)U@bb2we>1$CdJ=ef^-LpPPCgD^
zws8YbK~cN>>`P?eZ5%J3&GE7wpOi0tS;5OT175zeS-fnMub9j5GNs|#RlMBeB^58n
zHjkH+IbL?0M!dYm1TWiu6<!{6Y`p9}VZ2OBX35Rr<&g|8<1t~Gbw8T`=I3>Qc|Hfs
z$w0P^CJf=_Bp}ieg_rX<UQQAM*$gj(PO~wz>}duqk1<Efb`4stI2Kx-%+Ru3D1Nm$
zw7g73%WV|2Y*Wy3WQi@+0GCsnhs%3oP2sZb7;t%vDPFee@G_rH*F3MCPR-%vWEC$v
zP7*I)c@lWpW`>t-$HL2e*U6o<>%`lNKw!})r-qm5Tp5rcfXiC6jI71*nN3<xt<|ju
z__BhQ+#<*YhSC=4*K^S@Infj*PiHXMZVmoZS%1{v;|C-77@#p3TN^jFHU!BUe4J;*
z$5)%<;|~>l{FV+M-=N^*S<U0)M0x5JdVJiYD1whukB5(sD){)22|ljmD>rIA!5<m@
z93OWz!^hree4MDq$2S`Bai%#wUZKOs7aQ?$A;-rmI8N7sN(X{TMPEg*@)`vzzoTH~
zbXxR6to+F93@bklSQ#Zwh009swh~g7mLW{8TTjbkMoH7@`dK=Nj9Co&?M;(e#zdlg
z^V2Fm&QZ3LYKr$itpmqbso=P$0*;IMWOgV^Vu|uUdYZxFyTUAs*1^}9Q2c|V!|HsB
z;NsM9*ff86f`X4PGr`B-9}6ER$`zLaW-Qj=V}}MGCu{I=wt|n53sLYG(DBFyCGQ?^
zaSx7*?Q;23DlSHx5o}){jf*u?Rl&vnXk0wWfQw&XxcKei=D7H06&LqUf<Erl;bMo1
zi<5)nqH$>=!^L(>bj~r;L2-u_ePiRe*rwp(cXhb<WfNR1H7aueHLYykd;}JEGr(d8
zz~ZS9SUi@GyS`eQfWb#2z<4?W<FO?wFiw;|@5X@fEln|q!-Cz9jfe5p;Cm|x4_kjZ
z79QsLYQKH__|qwPqws^6r<Up4bxo!(43PLjgv3i*5#9;|CN9^Ra(%!{nnmg1IH|iR
zv18f!BxR_v^t9`FdfE<}c==!#3vN%(2H?3-v7mC#|C&aOFH!5JBhYd2%EBu_4)~e?
z2NzoPabuR9hFf6}2WPtro(zpQ!6TVVqhohVpHQ3Y6;^RbeiANm@71<JRH$vmSe0%g
zy||>GpQJp55JuVqV#M@&(FUHxaCt0GhwB#0)8X7PEUls_F;<%ocMU=BCYBF}*v7t6
zD7r5`LI$q7FEv5nHyj6nFVo>nJpx}Y6t_|kxGRPaxU`e4X%jU?66M2H;6@O8b0KR4
zK)Yixs{}w?DTCpZ3_|G7=8Pn|5f<+e!QwlF;<!lgI?Q0WBa-Nb*$tHFwz&l*x;ccv
z`WA%2J+8h^!S}tg(aM0ok2bq;l#j|~Cg_`Iw<VHOR3jAk)@HYndSS?WD02+}dA||E
zRy^?>mgg0ap-FH{*C)6gBUU}!9DEOtJ65bZ1Hi^M-vNNeO$3cWV&0|{G=`0v2pg}@
zl-7V8D)3klr_7~#jJ(hgKQ-TH^qLBf-!wcAPlB!+8_8sQvjvwYWHKh8fnWva@N*7$
z9$L>PH4hEX*8oIJY<)N-a<36?TD@fhlX+>qTX?@xtiwz+PoQrMQV*cT2VJrvZecyK
z@eQp3p5_ZuXpV|Q2+CP+4yflZXmIh)qe>bEg^jtL&E*LhLUFks3~vm6q~>AKP+)_U
zxpr|QN5dC1YSHl7HkP{6CW8MxoM_xXDSD(j4-zlm-Cdiwc2Mqee^kI2aD=FcY4Iw|
zUDIIV+bDMp*f6qD#l-*Ah^qpMm5{MV^<QXcaZ}KYBiwH&BwSnw!?WqQxOl#HfTT^q
z*Nu5<c0|PpywWxYpVs0pkQLB(!TS|FPSp3%BvO<9@B|9RBe#?kGBtG!?bwy0MDH95
z8&ld?ojmDzhK6T(QfgEr%;aq^iSS?$HN46jglr=T*?JH%y@2UeFIj10j##o55IY!9
z%zacz5Sw>IlOV=Rw?3*(5X({$#QMM=nAL`WI7i75%TNLF@DvV+l^GqG%VRkzwrf%G
zh_GgSBe*!l5HEJ~e6md4`aRPY!Rlk<;rSN;R;*)qm{|;FRe890uR<vU#UCDy_&*-0
zUgW6QBV^Z;V0xr<I!~YPXVuL?60g4;j)J-E4s$#Q#*zWuD-ILTU49(_UCg-A0o|Dm
z3eX+i9+SHo2pK5kXKEtAw!^04&Ncz+Hr6pxUOKF7=HuB{`*qlMn;zTZmWM3qN4gPo
zN6>%ROoc@fxi%Y6Em+Hc;WllS#r0N$s!yOwCEAPiUVfORaIFZYz+duH#TrC=xGO`n
zj~|M`d@Vhmjl^o%L7LhAza{E2vOp`KB^#C{Rr{(x_N}yMN|}j>!W?*>)iC*-U$B3-
z(W<w@EtTp|-(v?`40a~M987de*_L6$#g^aE?p)Ov7M#Hj&*ZldmC2im@TfV}Ug_{Q
zo}iSmf#qu)GyZ(~_lIPT|JD0L&X{SwKjih9r?Nj}?z5I=_J_Pa<Invef9?<YbAO2W
z{*akPf9?<Ye|mpNe3E{D$R~IGxj*E8aev5TkNv^+hg>)9So=e&r=9fvkWuIUukH_-
z)$w%f4|#Fw>E0jmaQ_q7AJU=apZi0OwLj!9_iIv1q;|~TIB!=>^!^Ydo=*onKlca1
z^O+}t=YRY7`2%BqW&GSd*(83xWAe$x&wmb>#?SXY_`Al>AA0at#?O)7KjY_r#?SwZ
zpZ^&@{~hAzm!74Mpa1Z;KjY^oA3sko`ag@Gw<$PQ{QTvDQ;DB<I`a<~KcATJhmD^<
z-1~U(^G;0-|9^|054l?tKVN8Pc=m?xP2%T9Jd5{KObaqRd(3<gci>Hgtb^!`XhgQm
zYb|oJ8}*d_8A8+Semx~LjW?(ai;hoYBm#i#wyro9m2wh`VW!G8HysY+rB{9*fn|S2
z;x&QJ)gJ%lcp*+vOaey42j1%TJ(R(Ba1_61Cz-t6qQN$q(;iB)D6vp)drb6uMG<(s
zsP3QOEAhwKZ~OrT7t!wT0RLnYBw5afm!NUHI^#AAX)c>H(?4)D^3qO9vdH-ne-S?w
z7Grr5pE+ZAYMr0{fk{5CuiYlhSk?yTt<5e5+I-lQXc2F*O&6^z!_`dRGC4*`X(1H<
z-Nyb-vI<X^o+qQyd7(AMdB?yMnHP`8XWgBS5c*z%KOTORHjC_Xx0p_LzFHBG^sIB?
z)zmn%nD#V#L`&*|vSn7(mkx|y`JGN#z6XBnGt!wP_(s7ieF0zP+ancnaD)Kkaon8!
zXrzU|Bw*h?=UUS3-r2#oVj~apcZ2`6uyYv2%H?D4dfy^;$8%HtXJ!fWFOE@Su6W?7
z7#L+0`wUYLJZ(?+T!_*S3VY=z;*W$QZ{*2Ybbh?T?>xYE4eaQ$Z*2&nD@~%)Q*EXL
zLfU}#ua~K($8Qme544DmQ>#bIKZ$D&WkS)THqAg8W3KzD2C#EW57Dva@}*N)fQj~b
zXQtnL9@W?CPUmefKWua;>_D<bSK^oSo6i@DeXU49Zi9|ZZH4hesCQZ`HkDs#X7Jjn
za{|T>?`Mr;L-&e0bbTGlcbp8G(JQKGiX77^4daK%&Qtfn)9e+B+sD$MdGP036eb<%
zyj|Mj`^6f(*G7IJ&XQrZ8J%JZa+yKoVqaFg3ITIj!4<y4AZKXZXo~m_#|Xte36~W)
zKY<_m+Pv-h!kkIBQU7lT(k`*#1R0o`wpTkbM4B&#DFRk3bQQZ-V@Ptkt(#Enx0p?l
zOX8ZDBITMXa;q~#UU4UgNDYkgola4B0^OA&Yn<sE3E&)=shJ}!>6WNuVZJ>*p_}({
z9=`%tfmVvtfx@F7z!3@}*oqhcwWqkgfYd0{;qp7#fd=TGf$z*TOwmj1%6r`u#AC>H
z`RH1KRyPj(7=w3`fgckSHHjl9GSKb>x`SkXsp!8Um0f#PR2XA6w%b~qz-(jfZxM><
z-f#4tH!~k#5DPge{Z$Np->^PXl_iCO$zkn%F_C!p$fL$8G!Xe}U8q}D_G@ZM2p=&e
zK|Z1<0Vw$TNOb&kJ9jdU7~`jr`qa=Vzd;7$qyB-zU<O~3B~ivQhDdI+2Gi8~qoyW+
zQF_RtwKs}d#48JgVhU8@B+=UwwlHQ><y?`hZ|^|KimaTWcZ0Q=uAnLBMZO(tiLBLW
z3vT89HG&3>e?6Z0*9b~X{p-j$J{QX(S0Hmh62F{DD1Mc#cS#}NAuGaq5Hw$X3*j-$
zPsZD_o}}<Ar43(Gua%F8AJwMu81hl0l@CnK-%9rZF{L*fFiTLZqx<ge7I_2H%;qa1
zNQXMK4~^ySNKsl0SD*z`nMy5M&_IkFV@=!405mQ_lxP`KGnRQ5hS}FdV#)+bPIy2U
zh-WoT*2J|<<iN=P+Z7@!tct=fIvc3t3SWRfgExj%|G-S16OKmK6A@#eA9O#C7sDCF
zQ)%cUQfd`uthT5~=&KlweM1@c_7j!@BEx&6$QCM1f^ieFYvdU=KzII$iEjTxwC|($
zjpU{)5^SS)yq%-_p6z;Qm{5F>^aPKMj#VCz&-<w%9I-9IuZ}W*EuIVlcIb0-7RVqJ
zU(%qA^}WhE>_}Y6TAE5tZIyrC4VB^2QYX@DPx7AE;~}J~wf5f#ru>>PEn2v$L}6f6
z+N!i#*?s^Vq-}In<9<0b1}{|{lAaFs68HarLCjEfFRhfcoTL+h;H_bLQ|0fQtOgNl
zzyofe29<FU;D9xKRv0ZzB%;B8YWW+PKio^Q8x}~IcXY58`2QKsC;6wd(Nid|%pmNI
z3x4|m($6V>&*HAkcF;VM_QRivB(lCz$CykhKMC`DGApvr$A?gh;AblTOy{2&{8Qwg
zdHi!2er8r?kEYLx?0YQovh!I)U>JxD9<T3TfNqQY)}X^-@L7U+c+GnW-fvU%S%Xnp
zAGr~RKG?B|qB^&unu9J+TTH$KnBgJp+kE(D1=EVp4ycRN;m^ZEYo#=dv8JaAMGl$`
zBk`hfW%#$suL9RI7vM!cbf!+)2E0&Wt9;~8gIW(50~*;Xc7}S#WOB99hts**QyRE@
z%kS+2NxHj%o(^6_Pk(MPJbgujW?^ayzTj-YtEYmm)AAW$)!+;0&F&4(K5S|qHygMg
zT+LRmm>yuyWFIm-)AJC2hUOM~D5KW!P>)&`+)>9#KDQ<^8o{|uI?ujGSoamL8IZT!
zOpbS`19*m^?&@E?(l!VC9p#nF$%h;0O7tZ7M8|x=niz{bAPz)UIndZHXSF{ZmV3Z&
zp`W1^c{cooj|SjT?E&<^r$2s!gZ%Lt)gK>y?eF1_H{d9ptUq23FP(mWy!Zb9Nq>CU
z=>G+OJf^<kf8HN|>8}41f4s7`;ZJ|uVm3ui*dOmX>JR3Rzc%tuf86q?KYkkgaraGs
z`s1g`AKy3Z*ZAY3hacY`pZt$s?T@>M{jd4sbw4-g{P8#X{}%rE<KO&-{`jq%Pu(A%
zv`yoWj~IG9fBgQj$M(lN4LwnRyvNwn<c|+&ZRU@!{C)lL>1Uhz<7a36G5ql}x10Lo
z<90ObkIzUvo<H7YYs4QPo_GTO_}(A>*#3B+`sDoa-0M%kAAcsu{PB_?^T(5yfIt3W
zZN1hX|0ovx@t5H@=8wnL)zhPmiw*v`a^F*Cz9(?kg3Q5uUs^ief9~<$mS}dPlgD3>
zB>I+vH=Dm88_z3#3}rUoEiDtJ?=lC=GpoaNhmllu({NGBp5xD+<Cf~!t{p<J=Y1(k
z1+R!L%j9>j!0Vf)EP%#KNz7|KQV{QPk_RNlSPZu?74+BLz*KNMUb%z`8`5{0i<fv_
zb%Y!kkZ|x$#UA+jSvuf-NnJGeB~5(;=9m2M?;FCQ7r7nM+>^9b{v?;*leAy%EH}_S
zNgpkW(cGs8-OC)}mYOiKkt?lWXR%YB)TksFrDsGbFp2Uia*I6vTnF@iraQ0@r?Vz-
zk-ahv#vr#uekR-$_U9Kt1v5bj@mK=92g;qQ!AL^UhRAJK*)xSA8%!$DlKIc%B3h{%
z;*pwU%T`dHi`7wQ9PwOm+cU%!WQjk!)So{GnSpnf!>`Y{TYi;WT<a~w`|W8yZ{CX%
z+ycr<$axc_g=7k-;b*Q1bjItfv(wQjmo0RideK}|X?U4DOE-R{_f!O6_*S1$&j>~H
z==}n^`wNrE7CPhA`b4}FOndLv3f7qR-Ywc%$T$xoqq}k|BWesD-3!dGYl`3t=u-Xn
zYL|kSbGbm?&b{Oa=)o|zk2u^wr1Txms49iP;7v+75b6Ri>l(6`)DswCdCvur&IB(F
zN80uEo7s-;=>nN}#y_AwkQbH)kwQBcYX}s4CMSId%1q$(OJ#~~7*HSDB=@|QL=ak<
zDL=E5$zbZj7z<v{b`<5!K5eSqQqWfPUyU;u(|tw*eFcK(TVV$T3&TX?lSwDXgo26+
zVDg(StwR-{T=zywfaQMs-H8SftzBj<aAyniS7i%JL0*HYo8?bjC|(<JKt*ZFGs1k3
zc-(b5YNh7<|28p<Z90Zo+<}kT`TtYi&ytEU<xC3TdHeF9blL{wr*Bz)DgqbViuit5
za+Y6A&Gk=l<lb^1*Ht(52E{CAN?VFH7j$;}ZBAf_hr$am5*}C00yI)tLbjZ?A$7Ay
z`fnbgj_RzLyG3a>-uMg@2i;-CkI7A`12k771+ZOrAg7~8YVb%eA~CtQzznRe5mQ!p
z0)w4`+qb>OBW;wgj9CoS(&Gw7@YC~dY5DYRI469Ele|-TC5+I%j8Lfg8%`*H#Z@U3
zucv8r+>VUac4RE?$TTHy6$UFE1}h`DmhA`eNVm=P1mOQz<3TzpY_>?+VblWP<hx+$
z4+-~V&jlHti=}=l6;iUN0as@NoxtR|V#_aqX#UCr?3LWPU@qngDFI9%6Xw&Ect92s
zbEq-m-|%EOypB#DEw;kI>dZ6Vhv`viX93cjdicq1d7ogFD8&a?=QJ7i+q3}vaNO5s
z!D~2=*n=SEjbdPGGY`vS;9)S2qk?Th_2Du4`w%g6u~BR>R&6sdg;$ep(N&Xem%AwS
zl<%(R__MN9jwUo&L+I{-=KVX)Yab3&`X`(BPxG++$UsilCA*K=KRLR8$=d#1rPQ-C
zsPxYt2MrL({(*K8<s&}$M(-wdKjmOg;C4HZ_X{YMBNQL+-xLN9SK0?(#z;Oi8p_C4
z`l>mUf<J4NKLdGqvvdahR39nDRRaE}UHMaLCrShCatgGL-g=ox#uFI?O|d>e@dMe^
z2l?QKF?2rx(eKXy`iB7hXT_K4@KN|D{r$O_gJHlx<%<4Evd6kB4D+@cnu?rvcARn;
ziLY@aP-ElJQ^SknWyX3^+T{hUP-%}K{fKs|#W2}FAqjs2tv_OvZ>=?0d}$Mp$EfXT
zDk=_pTT^YRfK$B*DhXLkp>W##g-KAAd?i%Ho}kr;D$yrf3%bg;>_I$fb1r288+t>&
z4xW{VAE^(^S!TsOu=qJB2|enTR)k{lpEj}tKOp0$e*iFbGXLWJfa9k@>PU#PXg%y7
zp5*&6wjdp4(!UUU^C`Bl5EUw(R|lO+0^_u7capT3Mr7IcB+xM<6x;`H2>YFF|A2?o
z2Xx&lf{6|~&Z5#UTKCKMTmtkz&;Z@L&8#>Nix)u&IE22H;ot+LH_Jn@_)i=8-yw#v
zpPdK&e3E~8bY6`9K24Qh)ZN<5q*#QB)YF9yMGBJ9!SJ?bY%%4VO@8=dQ@*{u+k`Ps
z!L#ze4@1WuH7hQ};_Xlp3TXJYem7&)s=3gg75vNMxu?>fq!Z}R2i;BkvpHx&a0NUo
zudj#xEH*2C1B=fz_Q%S*aQJ=b&(A^jWzYLDhWkpi`V3v#_~53?nj-dVaK0G0$4*li
z*n7!UsLb%O{ij8jjk=8MGF-Rh#zxw&>azDTny43l!Ct8Pm=qaPEm8W62nRzUPv}Q#
zI6`I={WTE^RbnIbH&65kO^YRZeHVwijA%n!u~n2>i2fL|J>Y-+4LTzRK4cpUx5@`W
zC`CUD4p$OstU3CHHRr=Wg-?pB8Tt6ZHK#@&8|}{neX-+c5l*r1&_z@Y&5QwcrXBX@
z@vEsnNF%m;zOFx!2DJUD*7XNTI))*ecNH^aDeuNuH2sCi2uc;L`XO3-gF&}8vT^?b
zA8$p&%uqLc^>^2e`sD5rD*dzAmd@EU%=2eeYX*Hj5jk^qH7nYNUl{rGi|Na3_R}`%
zeKmE1`^$}kkTkCKTQCYirWu9uxT|&K?dhf?Z%en|p1g?2WLY?UOjs+xm6HnXO#Rn+
z{4=oX+~QL2#n1uJTHq%;@MX|mBSr-e{snLxxPg`OSlU(Gg7s)CJy@`@BHLnBTGHv8
z9B9BHw&*X{W^_vO_T~drhBU}O?5qzLl@@dq{fkTtdpi{-WLV17ecDs(97A&ZeiP6Y
z`dXEbd?q0<Aw;PO8cEfiK9meIBXB3h+vNi+dg!otFB6ORdPkAUMvn)%1<J+k|Hy_^
z$qR<X;Hq(fV<~Rh3b`oG0&jH3TF&8Hx{@Ptn@fQ1R1gYw{16*=(%%}R(7G^5e&s@-
ze39(x%VJ_}m|Y09mwWH1r&#l6xWNuSFM10IVCLeTA5HAR(@>H8>On9U0j1ccDV~JI
zKSBxH*9}d*h%vME@Jr|!t@g}P=NAYtjb4)R>?Uxhks`cbYg%8Y#d{v>6OPtm8$)?H
z$zq?J)Cs+2f;!1bw&LTpjckxKhcxwtK}u3)j?O<2<{t{@jm1UJ713z!PA81nJ92EF
zRu-~)>X^0okpU8aW0*|Fp*iZ9P1<fUX172^^4$ku%!Zp4XJPUCP!jA*F7ArZi|~*9
z;&%O*m0(Z-B~8&w?9{7fMh(xC)r=a3UiRt7P6=xy<Kv}Aqed;69c@+3kG2|95<NoK
zTmU0fD*xzeWzhkR@!L$gISL+@$JW3o3^FUe3X9)_5{fV4D6~@lX)l*-V?&;Jlnwc`
zHvo7%2tS5`n*DF_WqLf7uW=1L{{O_+kkZ-V&Ci6%m<}{Ide6_qZJ7hG?mJO(Kn;w7
zzGRLJ?meXV{m@?Z*+&@3t%zhg%WL!%Q!U;K3?@_wOKU=l<-X@H*6y!Ls||M2p4T3H
z{!rBUWy%at=mZsRZJf3Qb*aVMW#)_3T&ZgK5Xl$tzsowb*XzohHYMHSZBs!S*&3=)
z;&91Cceak??|6RI{%}=jtvutr#p-%?M^UO5{nsG+Y<XW|nPI*{dEGaWC(biG!QWq)
zK_m14JW}avvU}SvjDa6~O|87G(^k=5_+`tsweSy3^lksR<!WhYV&r}+c>k7KYT!oD
z_TG;6==yc#jxv*cIJfk*GC_QML{aML^aN<jdXq=0(@mE2v{HH4VN%RV7NKaVsx@Jj
z1TMCT6kYZ>?QYi>LSP+~`bQ;B{}H24(n#l7z9UKA2Sw>~PfCdMODMu~iSTq8<XWaM
ze}Cv~+Rr^RowO5G?h9GH{mhiu_)Q=H(mt+^zKou1Te>!d*{@^a*PZ^{q~cXV(G09Y
zT}Z2w>+1QoUrm&^6P+foLR5u_mfpc$E@1?~5J|h4LU8-ff(HJ94Y*z9-v8qAgtQ-<
zzggeB(q`zNntT(J`k;~y(S2#lEAvfuo|U8wxKNA{WPg5A@dlwdIn36{?Ar1D!9wHv
zE+5~$p)PEElOyAcNFBylDB4HtG>q|A+A&@iP1pThn!>>j>UuYekE33t_1w)=6?~gE
z2_{<-P%>$F)=c6yR>dbDk`Qb{(|}trJyKYHtpiTN_{`6e49a6U?b4*_7_Q2cDns);
z{v~WqhrQ!6r%i=sF3T3?-viCOYt~F%llFWh7{g!<*`%=CgSWZF*yhK4_J^^>^3dz@
zg*{tY<mu-w4$G6_ADte5YqN=>o_#JT>Q}%4l>KJK6R~(3lmzc;WC);@`cHd#<z|E%
zb#h)UgBuI}jq7cjQID6vd`+YX1>LNKSrrL#GA(zmNTm3UQm&iD_Ow!bJ|3Tsm+O!4
zUD6=_3Cxbg();pNm$$O$<4-42-<)Ra+jp6<K8^-al>?kj5v4jnhH_l@I17u=iPCa;
z*b!!97-TC`*46b=c<7ua{X<%R#9069-L&=BH=IEIvreY|fx7yiIg$D=Z>D~puguX4
zhkeZfn5Bm}fEi1Hd(b+$)}6WjkLziA)CxtvV3mrgoRBRnEoL+1W0^kU+|sumDflT@
zjJV_e$>rg^#G(ym3TfKe%mG|*$cTf4;u*{aC+pScn3CMcT)mIY)k}bioZ(qgY39sg
zWx8ha`O15sY}qGV5te73$)@Q7Hcj(jnl|7xrSIMa>RjEBB`hrs&5<Xi!esrb6HL~1
z@Q)sr-nofkq@NEmj5P8k6_#$>XfjjRbb^_>@h6zb%gu`4#o|P$Gx%eZ2A0NcLRgCO
z9_-#^+)s{5$)6RU=&QcQSD)c+@2j_iUnhK48w^Lz!w^2HB{dcOd>ee;4n{s$1?5t0
zaFrH6ot*qUbl|kePm;O(WF#{AnRMXyl^@Y@a`KaYDag;09YKB`>u8jpi@#y=^HB|x
zpUy9+^7HSnO$6l8jvydUga0T$Y*u_17H|66C_fcnHzz+R7l}=g^)29k%ckb|e?0b2
z-Ot%St{L{%YS=H#-|W3FS^_dnCBR`W0atZk5-@Rpv;-8JO2Db{f0Um8XPhMeFGl{i
zNB*~u;{R8i|NA)qpNsJSOEdnrNB(a|{+kuwg~gkoB)C(@|1TB(X9)9agBL~e2~KW)
zzqI$X%<p7#?v6f-arc?Mzwi7Wn{aac9o7x_`%ydK@B8hH{Pk>L{QYVV<8R+*RQ@ho
zZ^FQL+5rPUsRsVOYE~S;;`;T*`Tf)S=H~ZF+W*jL;csd)_Ww+7|3kmC{cm-W_CFcz
ze_OQwZKLde6}SJpx&41CV*l5f+5fg^|9?RHZ&v&+7AICk+5f8M`HR7+2#d#v!b4@p
z;PCfB&f$MF!{H-Z4&NWmVPG$CmN*P;-Cd^eINhAbFE|*FzY0e4*l*5bmcMdJe9qVL
z`4#)g@wwzLz~?;z@OhVD<a5zl#^;0}<FofkmCuL2Fk$2l0T{Xed*JhTX2s=LoC<XY
zw`%#^WvxE^IHn|cj-KC#gquo(@e%!<j}ux+fmD;JwA{y>Cozycm%36WZ{7t0FlDaA
zdsj08(4ZB7Nu~l2E=Xj_kOdCSEYBD=+*}5pIird4y{dMh4Cr#<*ggl$g{#)*Rh=6D
zhv@kqcar>fBLCYU|Jy|Ie+{LQ%L%(U|DTBP|8q0`w?Y1Yhx|7yF2~~3HO6_~WzF&U
ze{%YK-_Fyb&qZ@S&rM)+UEcZo>hlG*ljHN8^MTK{1mJVHwUN&+tY-7vxs&nv(Gr!<
zZC9Hx@@Q*dWc;_l=Yy+Einm~~xZ23)D^@q}&za;SUDWv)`AGlh(iB!wpIFF1vvkkb
zd?V}66}~-GV7^3r%(eV~pQFo5N;WL#Zck#|zv(e;M#BGSep0WqezW|f-R(^CLdq&l
z#H9)0-9m5)<^Px!Z^hz<N<)59u#%;MYzxF#<nQ^HuLA$K`AIt}OcIc~BK_ZiFDjRt
z6<e_QoXY0%ldP3&Y94+R^It01mpzZ3uKc9S&NSs)>k1Rb41{N8D|T#8xk>RwSlqwD
zkk6A=!B~}o{c-XyolmJhCz7A^_qL|}>0?IlM1-Mf;F`*v&5DO&@%VB>fBsg^x-i@i
z{Ta-^c>KrDPZB#eo1YZuq$)Q`QaW9_t-OOSPbt}urxe$j<taV%&lqDo`$Y4V$`T`L
zI?@SEVi51nsdr*T8QTwYqWMbm&e5f&e9-p9@|FB#l_ez`WrqdxQ1IWV>=35UjrQu(
zj_N@0zUpmO^pI#WmdwV4Qhy`kf?M6RLnE&`TbIYQ+HqoeOiDjxZ9kFTW7xnSIx!nK
zWTukOcKm#%E6>p-40U(txYF6tOu~>~n=iy^RnmoaL@{V~giUHrh9+O=82L=kpRFVB
zQ9(!E6ydifPc_Y|JwL^Krtt|%K2!Q{md|v?vR|Li^j+)IozGO?^Yr91CAFq}raL+s
z^O<h{OrOs*v{(hr-!C<>9~}`DZvekoUb56ApQ*kT6u0}#n9pSW%q*XYkDoGpQ3*|M
zX(y8Qk&@8V9h<|Ia+8#%8zle+r8ZH@N%l2_*?5JbQ=5A8)F$nCMdQAMEn&2lC~M!+
z^3XeSj}A)C4#PCvXpnl!pDZyMBz#|f7aT&_zLX8`=tefY^*%7LKC^e0;yd3$Nib83
zotDVu@LOmR=4<@n@|jlKDW9obdqY0ctBcM2DR@|Z20UunXI8uvi@#mmOg>ZTVtqc-
z+=pQt-(Gyod?sao35WkReAah?pD8T~H|0zFr3!fhFb9*Ef~ybV1$vE(nE#MgOLuWa
z@{!&)<Rhu}ftv@+L_$4i@t!47CX!xXi_Bj}8j_HPBt}C8=}{{@%U+^4<RqXXI-ltO
z!F(gH)9wjO<_SmPsDz_WA_+&|s%nj8)cCU<Zb@dBQM$^702+9IZX(<8CV8BleTS3S
z24PQ%%sB(rKq&eV(~kTf<6wuJ5fZbcRILihV0ke=QO_w;2U^RL4yws9>wt+_QY~o+
z4PEdQyk4-ZB$5mCYAj3N@qj4iTB|etBIP1Ig>_bD@LZ&@+~;s~E)u$U(YZ*9Jh7RK
zL#Rzi^7#8>Gnh;CN~Zr_(07$cMQ1$~O3R@lZtwirNqGL!KXCf_7noFSo|{x|(<M6j
zCObPP!5Fa1uXuJ+2cDhepzI{#gitgK$J|eOI-&DGKC*NwTqt^nAO-SZBi&{Z;lXZ|
z2cHuU_L=Y?v`91GCTr%KM2IF+s$j`MH2L^z!FH@6<+W=}UMn|w4fjEg(eV3&7ER&c
z<G885UT6gl)!{{9`Fi+ArzEF*Vxk2Xz?<>}a46-Q&5EDJ;*X#txW*(|==o3TDVOOG
zPZsh|0VVm!C#WQK`8$%DE_6pEU8uQyoFVVpHTf**M^7N1<--`$d=}a$=-cDarw?f&
zJ<70Ofj1opOKVX<1DQ4=8dY_c(<aZ4&M;~XjX6e@$$RQxoF6%(m4e?j(N+wYK1#Jv
zr~VxmXTkmL3!1|8UsqHhGoFP9t_k#g7m1a-tc3BGD$+J%zGxadFU#f>mU_>%D0Wn#
zcPP6lCR4J#ga^oZT%m$5Vb;)z0=wkcBVkJ6%AHpq9-%;w%$v(fqQ>n(Ym@E?`J6gM
zW<s6hIY;pecrRaLZQ;2T)D}SjGI6@}V-tC~18S6=D?pqCv*K&8_%<jB-lC7!-0(3o
zx9$f)g0lFRz7HDW8z#~0=91EDl<cJ2n~7$BY@uj2GoN>5`+rSx(&ZNB%7vnmlL|bV
z)OH$U+y@?+@Vzw?K2w?Tr96zy%rp;U{|$E$pPc}+d*Ux3b@#zP`e^hSAF)vzbBH09
zru$W3?fcLS|AZUE^8L$!RkxZIzl_D7LP_v^ZPNRk4+&V4ya&gfM1IlLO}hM|)TU$S
z7lA7qj><1N8U7zQ9sF-5x#;qyM#lfB<f7l2|E-Y!hmik=qWJ#-=l=oD|H26W=b7=p
z5&2(={5LCp8H+!i7sda1&GR4mI!vD*<Zgz4$75ew&2g5VmulFD*+CPcICxUYLH8YH
z989T+;^2)&4o32MPlb=T93|gq2R^=c0QmUk0V5v=&SiXjX+PuR6%$oHE_&aDQME^a
zQS-p<lV30^-iXBqp(NN@%g5^XjSe!;_Zh0m_c@9AHf`VOm~YJ_`;;{>Zaui~G|#uU
z;($+aHNYopjge0;y~p@eyO;6lUtX0@?cOunPYy)OEy1^ze}30&KRFg(^PX|OrN7tw
zd^;KbRPQ+*{Angx=YqqGKb!ZQX8yE_1^$fL2mJZlJ|lmc-eLS1!n3LNjaT_I;T;nO
zyjKqlxMLCUXRulEV_5vwJ4XII^UksOBeG+XblEn|ap)=~pX!cgIJ8L1p=f<~lF2qx
z>llxEM<rAh<VEvn+ON}he{TVNTDk}Lv~Z7+Pea~je0q;(MGd@9<<sYHnJ^*_2$z>F
z1U|iER=legiesS8U>7Z)YTk<0cfk=R`7$}t`7+vU87=p+H>L4YsVG}!3Z_d<DYba-
zY=(iKY8g1*jDaVaEVJmBMoKi9KnYXXn<6aC6$7_bM-pXNocWaaHxl{xsulRxv>W($
zc(;*%Prb>qUG~Y0e~;Xw@~`!qX6v6ov}|2~>z{MX)<3bh|C`2nmip%L`FAq<5c7+E
zdwtkUvP-+4*<Aa4*J;*=4dIp+c}NiWbVJa{r+sg*c{Y$|CH-)h%BNf2Fk!??hky~o
z=i~V&X2nyn__;TXe46>jG5iCJ2i$7mhbS61^^oTsvP1uUyRF^}g~}Q!PUyd^xYWBJ
zhRjA6F~Yd@W#iVCq6lK3-`d%U7P$~bv$3hA{=7eI&)AAkS&v>l2*-k3@YjIHX`9eG
zbSBCZ42JjoLnT6GgVc7yLDs038tus%?aUf2uJy*Hg~Q*3s-gXH*nS-j`4nUOD2rby
z%bC%E2<US025(CW6`;Oxr|j`aPN&;<R4B|6{e9pMYr*Bh{A|liI<FCa@<_MX`&Za5
zqFruwy~cK^=MLZw+OI>MOUPaSDQ$yXmV`~VKvAIB`~W<e6_<6peG_NlRfk@K&Mdzd
zI^*31otfL%@|fd?<3=Mm;fzpwt}l-}erM45r2!so42MJ8<!c+YBUYlWF9v$Gtv<^_
zfuYKHED|eo?D$!k<6y`8ZI!RiwpfZw3$7Jj#TX)<vj@b{-{)WiGth7UtVBy%ZCa_^
z{-1SWDcga^SQZ^3o@YDgz$fF19<*BtFJbN5vaoicSVB%>twnee;PfMz1>UjVgy~0e
zZo9icD8>Wz(^f5rr-!EhXtCHVLJ=PEP3M*guZn?K4ERjPe6$QP(0&}o(1fhzc)nC<
zT8XhbynED8UBSn}3)TEJpzl&nUnbF4FopHm+m%(}wX-S<1Wo{Jx!@`oj-l|Td_Az1
zKbpWE6^hs6Nu4ya1N{~~k*K}}K2{UoXBmjai%F5{V5P>t1A6}Z1fyr(02;5NJL!DC
zUK9Aw&(Y6#_-~)!y-iefKQEd}Mc$pzsuzBeKl&+Z{Xx6l8R)fzUfgfC>?vQyDid(!
zUziVqnCh!<Svb@Ux<1f;%@&X)To@Gt;}6p@&=))9(X_6EQAW9#R_*#aMc00BtX%hE
zy>ZR+a$NIdi&E<S$eQA_u$V<G>7igxs8GJAp(UP55WH{KqDVfTXg#PbQb%>dE$t8k
zbfM=iQR?iJmr@w-Csf%#9#tsZ3KZr?Q`izoVCy(_hg;%`Yf#t~y`JN{+TuMQm63m{
zLtZ+yE?hZ)&8Ny1_|OQxZd9hyOKT=k@zWeT-spRtAt*W-bx;~*#^80NxXvjZT|{fO
zF!(mqhwS#<?@;qpKU5bkE`8`?@fp!tE~b<fY-jpHS7nMut!1&Z?_0@NyjmCbrQ5vo
zKyo&efaE-|1N4;zx=l;K2742wa&Zi<g8mnWC-p|7GuUZcYPr!iO}_hymLNlu&PO`n
z^X!9yBlgOVIzp>SQ`?Ra_Lm+Mx|N3Fp&$6gpn&<F(+BFc3N2quX>v>T;-@`Qu56VA
z{~?$h%rYoeOdBKIbIFxJKYU);A3n9fQbx)iK_)=yxjora?fb$fp2i4&x5;3?#ftcw
zlwT#Ltf<J|Wbp)UbqYe;cky6Cw{J&{(Dt@zZfUS{v^y}_Iab6|5Gyi;l#8A4&#g`e
z{5#T_1pf|proz7-X9oP6<;)Y>jw%t_=D#Ae&7CW>%`TO#RdINnX6Lb#7IWh^lxa)8
z8xybAdjhe8o(C#E`(h3IPt#4Em}9rpV<d9}*CcwRwWMF9m2PQ`=-X!%>voCDcDE1%
zwkJeusXJxG0Aao@X=WTe0S$>bsW-S&4&+K}+^%m6FUd_=?UCSrTit>2iSnp*ah5Ep
zTJ(>S)uT8IVA9`K11NYDJ7P4nP5!2~r5dm2$JoNC^$zC`66VL?k*?XG3_Y%0g70E9
zB+{2|=?j>%p{^yu{1!9OY?N8?P73%|RO)@u<Ju|sV&TcY7Z&^=%pYLwJHh)<-v_*B
z!uPfKZ0K`E9;Q7QQ&8|}Cg><%eGg#<o)Rl9_m$e+E%F_i5*}y#ljuJabzI6m`DIX-
zpi%$z77pDrP*Dq*DAZ=bqkMi!a#l)BMK)W(RYFtPFV;fg)w<fDYU-f3tJ}4w&>qSt
zflqHg(YM@6y}}+raX}E;ieb)^Ki@6}`rF-Tu1dAvf;SN61HAGRt_`%~=d4SOqz3Ec
zm_|CEU204#)#P7`fgFco$weu?BFAAdo(IB^Ql$gcj>kX79yNWXKBE6pQ342B?Ty7m
zmHSo9ltF;08v!OnIOb3(U)3okh?6#joRRYp6udO6V>5WEVNC=ty#)H_iQ7T{Wc>j8
zXWGv#jd+jsBDx1P*a>SDl3(k6KqWtu$nSm}@`tG8k0JUun$iDdhi2%%QbYfXs6WR5
z{Y6`V{?bD&Eq|EtZ`U0C4}7j4|1**P72l)&Kg7oWs9cdqc@WTm#~+V<al7g<@47PB
z`KkJ_F5e2}5fdIeh=G9)(Y4%ri70gx{X^i_p$?X+87Ec_<N`a?UNKN7v4@0v20Dbc
zIgZemk^DUdU<Wu@9@-UnMzMd8U367=$GQPDLo@5VSGlF0PB+*(2kK^cY!Ln7K##8{
z4zYACOq2oCE_4NR*$}I$`MUVF{zV$B(C5m1HXAU%tikF%R~A>tS&#rXzz2G#!q(A(
z!}szS&}Rc2Gvk%gP<2#(hg7f6cVl_nX&aRM62tejQhok~@jGc?%}>Ys{zsz+>K`W1
zLAB{Di!*0s5YNldly5SY&(W9T`~3V`^%=Qnb3Hq0_Q6^8I{d=wi+X;r^8B^>=lN}O
zgMk0Szuq93ZFEb&xTSBh({`|Pyi-O0lw=Vm#2_)H-UE`ltUkt*@}ub5BnsDU5{owj
zhNjdlx$EP0Oh`<2TfY~V{TL%!VQx-I&UO7XH9@;%?6z*voG(M?7>yOD*E?=6vUoRU
z`U?=UhpRB-ah2P*!s_;w+n^5NF$5@~`HW9MUFdDZhg$ll68%T?^goy^`Uj)}>E6pd
z(l3bLQ+A53a#6Tm7Ny;8>mGSnCCIyVoEf2eF|U)6H*E}%w=GkckMwP2^ljkuS@G2;
zL!e)guEkO7n<5_60`C_%GD$$Pq*5+#s61I+?SV{37I-4;&ZPm45%?5)p8kyFF;IOq
zCsd!`!qQcEbtT67_~=nS1&rXkOaesdfLr<+`hsV?gI3E<6jN$&{6eC%j(A@N<F^Ue
z4y=|FD{%ZqIdWY)r+W1VTY)|QoUu4BPn_P6bVm`M+!h%SZ<WgH3e1%f<~vyTvmH3J
zGuw%QYhiGA3Xe@d=D%8kk8c2s0<ivv&@49IkBZi^(6icn3N8;7iagh{-Y|Jiq&~T7
zyw^gfuuILzbDezszfhhF9I8D3AW8+Sn_4kp=W-p=^z&ZqXO@Oh-gRm}%SC^_!yf|}
z3fPj5AqMXU*jK5ACosWAeI1H@eUa-g=x^vd>ZZqfDD<4s-yPx!Oib5gtcfV&wUkYq
zv5swm0XiH&hXn<utB0YjC-GbeHT{KmBMVK(KB6?V5gbCq?dNP{A;2Gp$FTU6=&MLa
zo4I{$J>T!4&u<nexz3#^PCx9x7Gr6A!rR7Z<TnY(Nh0|*>fdm+asLB8pA65Zp2YKb
zFj59S5AdT*c}}_CD^cv8<3OnfvwdSaa4Qd=jN{L3H`WLC-aj-^bX84gr`(2yU#@_e
z3iBQPMQYPrz6)-r`Nq?ibn};rGotK;G}&nnZ=lE}ibknIfPz1G)1i09==(+Qk$?s0
zWtDJFbEsV3v{3YSPMCHGOO$)NCUl6Xq8vv=zZm+OsO?NUrd&enao^o`{ydIPgtl{4
z+6>jx2=Vu8%;<^Z<4x_0xC0ZKq~{A-YsN2{fAQhb8QT4V$i5u=gbo?$_lD8c%L^lN
z6Xs`x*?v8&e;CeTrGD=&T;vXKkK7MO@9W;w*t4kjb@VNzRIcrs=W~)_C@P@N)QM+i
z%uJ<I&kW<O+8;&Vhkl6UgH{;$2mKu#jXx9@3UNkd&L;MEDY{nGOzd)2!rwA`C8vge
z(jJ&#;yw)?@#knWYKcFF?}@tax73Q(LPsP&7dKcSQkJe~=YRQgk__)B8@{JT*O#oV
zFB$%y1a+qJ`k1_&p$J#m@#R)8KW1{<ipi}n$6+N&jqndUr=<^x)8jFQ|0>e87*F&M
z1k0CG1)pF=b2h<eHGEdXC!mrX+`I-ZUrr5t*5iEzLGLQ&hv0s_fp*-mhczO?JBeE4
zm#P$<t=%8u3EZBZF9z;TM-L8NnCRdgMn%DyVSdg)rd*i61EU0f5NcHkl#PD~aAII0
zauvQO!FS-!z$8kAm4+tc{eSR18M%raqsZz&`1nblwG!<N1y}3Wk;y?sxpy7gnlQVH
z#V<8ZVJk|gB$Odvu~Ui9n8xn{gPrm6Wmdc}$?Vj(`W-DTk$j`(?P*P=&YqTN?P=D!
z6SSwFv(Cx0ZZz1_Cn}F?PhUBfJ)L`!_O$dQ?P*o>_S8QVO`^B8m{NscDxyczVeqFn
zR3Fd2;(Q(Gcksk&2PU>(q!zUCYn?g+{*AVuI(tkw%&C3hYJ)x2+fQb90bT+H->4K^
z?6-uzQ13@lb;8H0EsKz@wX%f!O1Op9*&k+K6==@PtGb^{M|+}{cE!F{HE&-#N9?Pv
z`ew}Q7>#}PTOxcz`&x6#_BB(gArslob?;GJzmwHYlKp06K*xq5C`G4l2L}I*_8IK!
zQGdo!R5M2YlYPZEPt3kDdQvC0i|n1y`co=BsuQ|ROHY(N-Slhi>B^seojqOlQw+DM
z8NZ1=W%VU1^)+u#ZD#h=L{3k}p4trdG}5_gn(xW#cO_o(EA6Rs`EOxQuUqwpwWkA?
zsrGcvO4XjexRTk^>{Z9Kr$22uzCAtIU~R^p&e;;Nr=rwbZ_hwp_426S4~OwpUAghQ
zWWZaveXh`6VN10z`NjBbpLpR(WqvPUn<v6oi~g%bS7l*8(Y0}657D{-J||oxx|UDu
zEPiHT|7D0$T=0RXv;i_v>VP-5`6{i!zd=DB2Jj0KE%JoQMeJTYL%ev;R71Sje|2!v
z)X03#SGUh6(zY_u*CZ5PNw?C~;0o#4qOacSb!P}mf5ELRv9lL3K8gN5xC6YxMseLl
z^}GzsfU&1-kk6tN2NwRu$E5*|(EBidGiLTU=KI3Z4MDsVEz(~@ywv#Jf4v<^b*(M5
zmJNZ?c+G>0iQfRRX{GYrpEZUJ_8~I<)(WvZC@a@D<E>?RqO?x#QGuPyv5P4+bX{)F
z@-k*0D6_y-Q`lN;0i~{*OyP-Arm-y)qCQhB-oSBC@c9qp5Jw5~<7UQ_KW-?0Z5FLN
zD&=mV-PdIGb`*<i3u4Mjgrx^P((>Sov-p0>nH>%L1yc@El>$}?&j-63+B257K2CY)
zgJYL}ZY;0E5u7Sc$3dJrRe(Q$vT1l7_cS55(irbn<6maWNUl2XWgdSIPoR(%YUm7%
zUvgdhgreCbszV(f*Y@#)bBlKr^uV>40To#nS`3RZ{7fyrAfv{=M1O$=*K)i!<5k7d
zcDcm|xa`tB^ofG6aGeGKhCq40*L~Q2E`J}lRPJ^)d1K{;lTjDpJ$~I$Y;lF>VU%5(
zKc5O{F>h1X17Tb;XJ%u~bkn5V_uH2G{XRo8hvZ5XTn#%knN*-K6Pzf%Zt07t1iyf-
z0}YZp1weW!;#liS+O+BEbCFQAi;oUYHU}o6ynY0iGAnT{3v~14qOZ{^6g^J$?S?5R
z$IXj_A;MI_u6SGM+3rB!9&QjjzQ2nOQ$HwI&yAyl{<~ZgnB0r)V-#Cl?y-j5P@gy7
zBkh)#%*CacK5o}h7^sp5nbLN6aJgrI!;ltu9qxrT?!Tn*iVxls=Jy_uTv6~y!5=oK
zFy8`?jK?u9VdLEnhj!b>mh65a(Rwg)<OkZWW$u*q-oIe)&l6j81m)$HV8H6!zQb1U
zrL?+UA$Kpq$&CkVv=dWgrh8&c&hVHYgUd++?4fT?XubDD%0Z{$u`iD|;C<zW^}4EG
zxn4*0`LDC<>r7GWyq=>mwNA78=rLZ7b+c#qeUy58^1}Ukd&1T$J5VMP;*QArp|66k
z9|A^+EFj*lE+F=EOE%pC;sE#~i!C5tew+ow3=6%ie@}w9>OyOx*AMOQ#aVE5kX8w`
z>xZu>>xW8ds5;92M}J2npxNJT{N6!qflLHI){*>+=<ob*j$4i2kJsMu>Wjkf`tPd!
zD~rgFE8ZK=fPTpWoNt;J0FO#F`AYI9v$m)gTx%!T>Ea4eTIum$AO^-cFpH#UG0`}P
zR-$i!@fVh2g`zO<AaH-e4XAbzA;>@1a;3Y1CS@ScO1B>bEX2Bk(W0vnG|Z)i92R<{
z3rNGLi319K(5N>k25x}YS9$-ATyM=2&dz)%juL%#PeioYUHdBO|0XQl`!?ybP>E6>
z(>GUX^m}~fOw5Ju6TAa{EXfq++nh52%=~AJZu~A%9L4d>&ZFq3)yhkn*w$Z_e>A?K
zZ%`@EdjQXy0v#IKqW34cI;j9g0DhQiw=ncLO)0n5=;OQk??VyNOo-<N2oP5eNVEVL
z`rG_Q&_5>Sb69yMD?gt6<9RV1#XwdJk5B8rXM&?K)S;YF!cVgKD{ff!1jboWH|3(`
za=X4RbY{%FI1zKQbEP|BPG%)q4Y$ycKSbawZB-hmP`p!De!D(QiQJ)OH2%b|(A>!W
zJl=k$^mBg1NZi8+xQhtzC<I)PHPZ>MN(+xP4w_H4a%;fb=JjdX--o8QJ3Cw_#N~*!
zKTm(3n;cgctq=b=`4shYPCTE2#jmc%312t>H4TQMx)GjbiR38<$c+|V>tT|wmq+re
zVeHI}E}`=?&>y<Y!k(87g2Xjtpu~xRUL*c;mPKCqVPnJ};rrGjhctEXipMh9s9u)v
zELt~d?|=JckmmfulyZjAmwV4eC<`v;>N<8B5{{N=m6iNg=^i^S6YC4uyhWL2WCZRF
z%m1uXr?Ad{;}>v?)+)lcI7TTeX-j;_LV2UOl#5WLR!sTQ9RLfJC6$ZT&%x<q_|}ck
zNpx)*Kkk}<?J_ZCnfF4EYqvMaW33YdJv(}=`$YgSLXkuRvRb}l#-cDX1tD4|55gNj
zWq(D_43XJ5Uh0<cJ{u4aTUSj^ojQYI3gt?2+A5D!E06vqtX8-(^e**}^iyz*s{g=W
zBSDy>?0ZJMro1#OSU|bb{X$oR3tF>a5$F%;faou@X9-J}r){81tPSU*0Ww1sBppbr
z#S6)UZ|nD0z>CWid21y~>!A_}p2%ZzQ*jlSn^6neSmcs<jp2N33B-lAW1!67S&FLE
zT-Rij8V}U%kya`$-oPpkG}MwPIghvFkyb$qy`W3b;$Uh~zHnY6zdt$UAU-U1?;SkQ
zi1uJGb_ci(bW{)#p!GL4D$~CtpE`sY4C|w)o7)&A(<Mls+jU@k$BC`Ap#)8S*#Yda
zM_QY<!IQEoi1&$U^)rmu!mwt)vPNDbC&_rMGI?Z)#EO(Ex2sf`@vj(*B^TZGc(=4x
z3|#NXP1z6qx+c*1O3}4aD0&q$N&VM@#C|J0JPPwm0|}{aX@keQ&z*8GLzrEj3&KBp
z*?C`hTs0F5Gm7?lFS|C-Gv(SqU#lAwk5H6{FTo2E8T16F{B+Txu!qdMKf%e*!7eWK
zCc1s~@OWE#d^w#6u}&WFpEx>9g5<lxmPqQvc)$zHUn}&cqHuaHqKP=D0f~CJ5vLnf
zy2rvRT}Sl}MoMf>xeZVP6nkhN75oT3h4*o+Pv3)m7DErd_Gx;6P5JO@`dsT5*9L5H
zs0@5~U`wv+7h%S7_ycOYiqX;DN_`cI@D3_QkUaXeI7=`w%<p|aK&N5sl0Q8V4hLft
ze<_n3C~NQl-`7C%F<8;0%-4l9e}}2x`SZ{>p*R&P2@YlTBNg5ch=SLfI0ZD$Eucri
zSxp-M7V1A=)d#sLzmVR^W?Be`k)7EAgShfx91LX9GN=#wYK4(Y@uch~yVDs{V2WIL
zz)Rt)(9s_77pE>%#hU4ionrlKOFJ$4t^GSFmZv{jq}m4$_&T}LN;eAaN{^5O%Hj-<
zYjxonqIEq=b6Rb%B}|DtHi;kU!}LYJz?D$X=yw~#ZjJs4Zao?{?k~`le->Si_WWnc
zW|Qh@5zfCX7N$kMok5pvfIQt&>8P~Y%#p!q=oOjio7muON42_U)s>`cWEbh0h3_<m
zb$FtRs~93m?xy-$%K0-odXAJfOHU0&304}^>vu;~^?JLDtJicKuC#Xu4+8!E{_y`+
z^bQaV@4Oy)=W^v88@|){wm#qn{K|xPTQbK%GYnW6(6=f$B2tx{&Z}Aob;=)LRV9&?
zPf^;4#$G-fI*2$4`tU^|Xn-K!wgTPE9GSKub5zidr`<@qp`v?TG_a3R#qwyVk!&`v
zZyg5@U(&!W|4gY@S}lUiy1o;IoG-DFbJ$p7LnG9dpq*D5ly>Z_or_pI^=~z5<P}+W
zz|&m-%i)o#JSi&yoIuT0xvup%0&9cA8%SQ)d!XGwuO;bJ)%U%rs(0Ut8c$7q?v$10
zRmSP6{0FO2VpZOxtMbI^n}1ka-`T7_7pt#T^Yximc89LAFM3mDd#<3$mb_^yKW(8(
zgmWm2P&2rkYPD|Hs>0S(+uESOYQ}0O_U1Ex7E~;cd9zW`hYJ7sq*;gj$80+kfzOuU
z+{v}02id&<bU`WY^kHIKhOMF4wpYbrKQlhTrxBcz2w!*w7vWlLcK@74qy9Lt@g7*O
z9iq3cpdnh-i-zdAIVaD*+B$80H?jKeXZ2m9t54An-Fs_P#3yy?9L?&*JJ=pOc*Y!K
zd>w~&C3pL%8W?G;=^P5~LS^zlG<e)&W#=<v&AWT@niuuLt#ofRh7~;S@!tTGvI=a9
z=x>=TRe|!)b*;<=<?nHAC_EokENFl18;A(&IcnMSu!-Q2T2z<oq2611QMVtacH}{C
z;C^PVfJNS`ez!rPoc>0mX8oaxIwP(2_(fD$V#<1tYnewF2$si=mZziAJ~Vj&;yY;c
z5o#1`{^;E{*k~Kp=nt=J8vT-YxL?iX&}iA~*eK7xCwGB$9qI-rBG9=l_zm9S+-E2&
z?12v5nI7vpvaN2}`8<npY2m*<UREU{q}T<pQCchC7G%&rw2tF?7MJ*MiHh$-AM<$9
z5Oi6Cw}zGbD%tnJ{5#rX_)aDcX2(j<?JIFqT8q|iV9<gWhgD;|?LyvP3-<TR|5AT7
z>oMKQZv*34Pe44-Z!WwbKljce<N1*~d)N9?n6n@mntHOKo~rR@vT2I3Aeg1W*BGD}
ziFFQqN3);NP~W13ru8i^G}JeU)t7+v)xNFPXV#x&-k)kGJiGdBU4Kmb-^lxq&p-FJ
zq5mHL?RH!>lGb`$+Y0-*Q`Wd$UjY)@jtdoMi7k55vPVacv>nd^PIxxXqCKyl;FU!=
z7yTe2gg~!Q8t2Ry_(OL6M}t3bjb;>jBH$2+{tg}rFfa4wfnYk^t}1UKMw+EK(T`E&
z9EV4`&OwK76NZ8gNki-;e?nVYMYglmWnGMm;V!6a0M>FyxM!$CXp6Dyj#!HaD#sL8
zI?-FL5aZT2!()G?(6%Im9#O_0<7N1;_d<9C-UENa2Y+4XU=$3s3vI8b+UQgW@Rum=
zm<NBuQ)A$%+aqoHBT;jO&f~_%4C|B1{UwUOh5JrdasQvCI)SWC9PgIaiGINoxY&x*
zh~lb&zHQyE%EF;b(5dvKG>TRk<kFi1?%x$4vsvK4zq}r0wG8{1;*lCiI4k8l3Kxap
zms~OMpw%PEVoE*MV`uLdR4UDq`&1frJ|@7k$})OD81S82+N7+5bRUUc(WX$PG2e#f
zfAB1>543o#j_}$)=Eqv_I827pL}?kB%pKf+fk!J>U~_|%$P3JY2^Wa|t}qaIo*|4w
zJ6w7Gu!_ygl<%Os9wB?X5-ZdtsImL5S&jLcDwh>zieMI{&prMgxD}g$P`C6Irq}=F
z+Q8%sEqqgN_lY!mXQB!Y<CHoVW7Nf)3%)Z3CrRFTTcPc0e3p%ex7qQy>0`6;$WrvH
zL~aaEgF_{Mo*3vK#xNQx*PLa%os9IJG2S>l`(nb+y7+$aD(_HrQz+AIUl7Le-(wGT
zE^*^w=jc}oOM52DH?NDOle0VFCQr9(OJVg0-m(%o5~WRQ6p0rZ<e&AosCoW>WY%BB
zejtm3b&-2JHTysK9_@VGvH`uy#m*Yp7iy#M!MDdczQX`vsh4wdzdU^{b<VrPaJM<n
zBUxeRyi>PMuz2?I`1jn0$KoILr?>I^vHU?e{2tft2{|4=K_YNEq%WXb1w!b2hI8l)
zOz%aRz?d$KMe=7~F!pTMa)Hrr<WnU6e>{GC_rbCFA#(rMRW-p08Y$#Z^=c^v&jk=X
ztM@>pJuVa4e52_32V6+kun!ojn}D5ld|S1K@huK{I$^7xdrJSFY_@+5^UV5p>xs^<
zP-`w9vUPkM%`)Bm%GWGu+-*mSU0a|hUt>)Ii|xzueW*eTlEjn{&y_f$<VxUeb4sp6
znaKqb7ES%G9}0(vDThS=9q{*;KpV9ME%N5h1Y3`&#h)fmJh>JTa7*8U;g9Xc4gXy!
zVE8j$XbkJyAB&B<U2@?ANC+dslTz++ec={zg8JUKhpu~CSn;L;sY2dy@2OEVA%#=4
zIT<K=?|H<_K}7z6Uc;24QY@PFJj2U)zI)_sY(}|MC;$9D2$5?OiBvfS9Dqaz0$WTw
z8+cOGY4yEwJ`=7k@j)5`W8)@Y5(B4fkYuk}`|aHRDHe>DS$D~0_na6B5$&rCQC>11
zhXohGIQXB_x?m-G{^bK{9%!F)PFn6kH+JBcTJZsIp!W&VVq{juMVyjLkrL~37%z&-
zuhV~5&$q(qn#=N6C<Y_<e=in~XK*@jjlx}-<zy)k{s{m(%5$ZjPSIK+-?a@UtqPgl
z-7!VRRbH5)PI!6IL3A$%!4O=IU*9<x)*TNF#18KS#141`4+btLmx;1|%7(E#c>e|3
z1A75acmnrm)-zeKNQJLC4xq3<=%*fH;9je|wi?|kuM^il%Gqkb2Be~5r;ezO2h{_i
z6}6_2f~(%?oD>U?k~tWh+I-ZL$2fvXI?IVm?S=huWfA<rf;4jDj&tBrhUR1vS|9u-
z)TxARULUeClD((fyuReo$maDo<m*4upBAO8hfDFQJ^a6+|EX`9p}*0urT?)H&FN<s
z9C`e49_w;YX2IU!u-0GvL!5{8;n&S{@oc~TJgg7UL%sEdMPd1s4_cb{@1jWm6#hl<
zJl}Q#vp|)8kanm-eP7<yq!aJ-{YLS2Gx27p6AjO2Ilt#6#V~*V4>6v%eAUc&u9o!U
z`FHfn&w3ulGjCo?C;?wl$?1yofd4MIt)LQnIxvm13yXd%16_IH1zcCgoDc7R{Ul#c
zr0D(-O%>n>7k2QZEWaku6AZ{|(A(=p>%rhxY;kgZS}8Mz-<(gutdGxw%4R+piC3Ly
zeMN@)9&%HCw_$zhn);|B>p>KW8=Ba9C;Wo?yK*^!Jj8P(6Y+QyNE@`hljeZ!3k;5B
z3!BQJQnaK~qN&f?6v>AR{@keggRBQgcXuoW+R0qd_`=ZgK1da!b-BDmU1=35#<%FX
zHn_Y;1O03g^ySW3jbXjN5+}MS9b3tlGJFrjJ}xF&BKS5CJ7Ik%&3CCms?qQNz-bZA
zOU}lG)<Je}n=J6E)#qI;Mr1<m>i!OV=pnn;uHXq*2WnfppW~Ib@3XxdFf3bstk=iG
zF;pdQ42Rj_31{3`ZxVk!YIZai-Ey@Hug>#RmI$VN?vmSdX<(;vQNYnv3Dfh_8={Wp
zYQ-;1!n3(XyvNQ2lb)wMX4Rfc8^N64Nm0wF1bunTe_}1U(#1}SwY)|Jm3YO`b+4mS
zk1K{1qOV>kyaBV#3;GE2^DUV(2RkXT&kmp<)|mBMFp@9-M)^PBIIIf&MYCT16EnfS
zDqQ@+rpiTHqolmm{T_*uM0OU(QR-=~|6*rIk|(~4nzCOZN>Iwv+5lYCc^-k-XUBBI
z)X(6yFv)YQ1m9UiF<$;c;nb~p^~yPPo%r+f`136_&%dZV-;+O2{GOrw+9l7(Z+PFm
zyqiv5Gqv9bNr$F4`QVSj3&lYDrP(mcZ?QcmTC4c^X7cA$_j2?w(T>V*>%V)zeFKlx
z53{NgH|iPp<3-=66CWOJ*X9rM8!YT}--Cnl9i;u?JX)YkE9G|(1|83_{R^2CyjaU&
zz2<g5(Rj;^=#RlWa8fadi91Wed5Lr@Pg*U0544XJI$Gox2cUdAz$2~hGM7#{l?FSL
z-GRZ*L{W0cYhOcO@gQEcxD2O2GRY+fntUsJ(E|uI32X#zxr8^9)HjQ^vsscP1}4cK
z*RFz_Y0fC$CgHbK{!J);Dl)S@(m0se;}Y2nZ(+Q;W~GH<6Jk_c&eyMgd^ZsMhx~c<
zfosB&SYNzhsvnanyUI_y8p6TJVLGqM*RP76o2YqCc<e69GN_gB!Y4<EHTx@k{a&Hx
zuh2bzJxT!rS-B6sk)f{te~L=KMp%|tPYsqtzK1H2f12+z<Q{L)Iewwe>Ma>|+?zTx
z3&(acRQ?eBg_o~P#9sgsoRMg}Z_+4VG#_@U`Y+cwA4pmNMHYv>XJP*3ceUu*oS~i$
zxS#`kNR{%=r<lBHo<CFW+T7Ehz|+ckCjK)ho3H)(V0xg1?rZ3smg+n3_{^sw>jAi?
zQ21a=3mvly>Q7v*%Lg@{$IQ?7{ZW)aDPyK>NMQ4{#f@}iV1a|KQQRuO)(gJZhrK@;
zvhL&XFy0Ym@`rO;vimqOZMU*)+R_It7{&Z6%;!K}SQ=`_1dx`5iPU|Tw2k=Qw~H(V
z!|>Sw{+tAQHUYKrS8R)2qBy-_8a|Q@&)eyJtxj0L`JZDCy@cbdeoqK}%Hl7y=Z@GP
zdJg3kE7-2dcVL%C`tOOP)mP@wolB@aiuZcY*7Rn$Kbv}!PrYe9g6R_$msa;hQ-_A)
z<5&8#sYChHq4iuBX*-n+iYc@}Iadkj&bEjCqwPm_LWu2m-Vl16^#?aozltjCud^40
zOCqN?Q@FnittBYw{FQMGGN1++L3^U8L+;9Q>`-p;-hxTG4s}Dt1dew5pPJZt$4ghC
zunEOen3hN!p@~}>`ir&c`};w2{e4#7-(vIr(w>bH-e1xGpqh;epAKev!`?O^zzOmU
zm>M9J2{09=%vz+wU#Qc~F5vU^>vVTFyx^+GlekYKj*k_l-D38&W)N|a12yy$<aFE#
zSO&&0zQ%W#-HPXV>L$Z5+=8OZ7dMVm4|p-bT2N^+HVHU3@9}vI{C+LM@740)|FR=W
zKQr`?wqIvBHSt*do^1F&+VK5W!}qa<@4sPvm8I#OBKY#f&#Z>?rol>S%I{igET{TJ
zL;W6Y{Yf1(_;sBDzZ%akBNqe{(z|f{eM<*%S!ulJtFQq`5nTrg_v-H#tt_>l9jX7^
zM-262|1{-|#nI(swe*>kS8K|bn3QL9)Qq25{hIct9H)GgN%;azdB5Y7pKDT%{AHkv
zo{<+Wv0BJlR%h3TIe)d~(qdj-%F1zkb?+DPquO3!<>`j<XO;44tQ`5TE&uilUOt+Y
zk2RDJSKiNH<<*9Amr|Yt<z)X0n-u$>9fgP4_-fxj?BnlOXR-DT<=-mhrL25`vHwc>
zE9T|TD&^ByxqOy--kpQ*2d|OOx|0v`IG_H!y9hq6EFBG!<?-L1q}2SFR3CP`R(RWB
zw8D-CpdU8jpF+C=;s{ZLt3M@C{&<{~d)t(p5QmLK@Y2%?Uix7`w7;lnKQEEmPgL3$
zqS{{q6+nXyIZNN*?1$^ak@ntD+PgcdJv@Kr9L@X)hoj^d%XRXh)Rr`W$w#7Qe%=?Y
zzpz}#pZgT~?+@?0>bxUZrw8F6dNC=xR!lj9m}=|A4R{NHCy)U{aK!38ADteyEWDx+
zFTX2wPd|!|L_zWhkHoOX{A_Sl!RUl`DCaklrvX)X=zP0MjA&ahFw@zIrw=DuLKuWz
zBY<nUc4qYX)+tRaO&b?AmNmw>rJvJkky`Lo2gwhOK%89W3EZ1VS-5{gE8iKT^j(3d
zZa`Fx;l2|kFkUC0nPIo^C%xZrlMT;%r0)GIvo1))uO|Biz${7w5<@R&^t-8i_q>A-
zvVWTK{72L0ZR~k@<TO5c24vQU8UIY5|7t9I{$l0%cI^2`ZiVqsgMki@f2;!rNGN*U
z!Z&2>m%pE_rc8{aa{~}!fjiI*2ew=ch>Y{NADkZ|xw;_Eg6`q;M&kTHH*MS11tYR_
zx#(qF&hc@q5YKACJnU@C%<M#E|8ZqD!%WgBOGVbXAQW?C>x&e0_@E7@zdgeDf1hms
zjy`GHzu4ycx7+(W_3ykFsDB$0pnqQ#pJM+yoA>X+lxF+a>i6nj=JV9QgRP-|KNl(e
zBfM+UInh5h1Ci@63U2O~FL2rM@PuNE==#N*MqR_7_Z(qiD+9&nM#5iZir&GQ4f7>2
zv`(J?9FcN6l5$6pR>>TTo;)o*v(ioJ8F@<d{Dsl8u@%tst?xwXN!8NR!knHp4W~lS
zQ_m7TIY^KDgz3@oYeH{RditIcJ#mblPg(*!3m-lue*JibDLwBTJ{5W<K11|eg!H7G
zFg?jydIp)()A^L>`RQq*=V?38^X&8!r6*lWPgyThdLFGm6?%p+dg76umM2V)PM$9}
zr{`$hsnApL6pL5K13mXo)6v6sePMoU=HOgu1<MEX?MaVXAaH#n6kURwyl}B?HQgKV
z4bs(BzMY7w@JL=~67BM)`@K;!KTY@4z%zW)bw5n*M)DbX9zTUoag`pAEb@1Dx&s$K
zBKil&o`BOAYB#3D?fPCQszm*c9-ptwMq0ZTRsH&Vtd>lvvbeP15;~8+C*G;NH8;@n
z5xMqq9K6mxkL#C$B~XR8HU9Ns=4X`DgX?#JNwU~yveRDhkQ$|>??Ul&7Pgp>tckjQ
zZlQQedX`jg+)u{Gnb-(}jhzej(5#p8jshYJevdnvKEqZ2;G{6$uO<5WWsK@Z3l{za
zr$4hE<1shX7ncf;(e=R;zwJG!Axs%q6u))Q^GUjR?6vB%t?}8u@KqCO-2(Pa3D{)T
zhhCNEKgsleEb9M<7Ga|D2>g50LyMT1oa{`J58TXxuFuBASR(Pap>7bANdDj&7J`qG
z7iC-m!(d3dimugsf7jcJK#0;>!fU^T=>leCIqpUp3A{)NiUFGsugf6GSbtPpa8yZx
zb}bWTOtR9I(s(nGMgBauo-SGTFuRNSizp?25k%+?tEbP{n!<R01`Oy!t@+W1okjzS
zhsXSRa;2?=m=ws9@q{)YSSbFKy6_!Qvk!yM&)$X5ayd9UxWjqBCotM7e|-hCs=4TT
zg)rlQMMG6DqKZ{gLF*6Y@(rvW4!1A(djs9^bZr_FRnavPrLQk@W@PUbn)L%bLk9tT
zf5W=lT_}@)(KRwznNiPx`&hYurEL!W9lTT@&#$@(<)@Q&o!|{7JL~cq!lCCig0lkz
zqkjv$|6wxT|L{ahi#%~U-IyKff}6+F<=g3NWvHt>{z`QHP;eHEY@o}z=Z<7u9A=5J
z$UnO3!}30{o?hN4f8}C1ERXi84~KT)Z%dW+&*EAoqAScUg+Iylz;x@%QhUXFmWrGt
z<>)#mgIJg?p2{X$PCEb0;GZJ@%;TTK_~&T+tjrmU9~Cp6!4I0x$8KLPKi%zT4o)jo
zJ#HN(X&cgNITeurlRWaj%+KcQWOTppgn9}FZ)>t*{6JgZ20V_e*}5Fjb!{2X>Y5F8
zalERnZ<U6===w_k6IEY;*O#r-7g<-B_5q#mX^3Z<pYNH7$C+xLPj2>ko}FT1a^v_p
zq*b35Ve$u>;K~YSAI4JLy$#{V8JMf!rGy1$fxp{tYJtzxSzt@JD)fVV{bN!2L&v5E
z&pDmD1n3#9g#;rB|6gK`|IMj!9up5R`qs$r|BKAP=x|4i{P#(V)cr-x(nsf%FV)bO
zq0;C3|JeH$_@;{N|D+8xJoH8ZjZcb(wXCkRifk+BCYs<4CR(ImQNb$6Rs^luYE{re
z66rMts|(7iyRxni+|?CbMRWz*LR;{Gh%Xey3aIx|fr`)<wE3TNX6`FV3#j{h{nyV&
zdT;LBxo2k1ob#PCXU;hzC4GUPL!ZFttL_5&YHvRT`f_nRjr8Sf^ldvmHU8c8Gw8c1
zM)YMOeWx(`7=OBfjwJ^EEIJ53V<^gHhVs)6Qa&H!;Tp;p_rU)LmnRj5IXnBYq&fT9
zjcm?7*l`H*#8_8$a$PZAm#^ax<%zMr#z&LtJCE15uRTegY&cAL()bI>lV$(vNuJCO
zCCZcgnhsf>#P9nF@}#0Vr9AmCE9HE6JT*0kHXp9OkLH78Kg@@tOAk?=RK1x}o}8VU
zz5_dc27PZyL|;h<(09wNhbT`nSEiIFe>g3*{p07*H<;14p&jVkcuRsjX+BJOV)^Ic
z$rHyv4@sU(&`(6B@Wv#6%!7iKXCJqkHyV8wPsM20g=ND$6|-GdOWBZw?i;Vidgbe?
z*Kzw7`f3D>C9Exfd`5Vr`b0~(y0p$OeS;od-{KN+!DUv8UWnVoyX9>7EdII_er@`b
z{L*~#RBP&m|2VL~i%(i9B-pe2m@)aQ>zQ<UWFJZw`YzccdE*1oU;V`PKlaPDzrDxy
zk2AIZG2Z@hto`>Uwf`@?{d;-)i+TI^n%e)9#@{H&k6mOnZzTVW_P6!e{(NKmmn`J%
z&u8tAB)0#FCwTjR<n8}GZ~u=!fBa4DU--+lzqQBqUutUqA9(vOW$h0qwg1n&{d;)(
zr}Osj(b`YzBTYLSw%Yahgg#;UI@H1FL1?&l(!Kfp+*I#F@pzF#k7q~sPUH8xU7wYk
z*N0hD!@<{Q_47rv%20f|?(q^I$W4Rvfjs#ImPNsUNdA5u>$9mpSS?BQX?Q6`T^pZI
zs_SZA*Ren7{FhK)B3?4qSdm=g5xmB_<|MpSWRU;jA>gGFL;1kZz)Q`q_k@=McP8Sc
zE4CgoUV4A-Pryq>ZyEG`mZtCjIyj}ipP8DPL(})e=aRl}`~md+))|M0mzs_A<!bb$
zr>5`SuYU%84^$9+Zlv!5PTyh5{}ha_Jg2#Vn5EyTT>71mK<vf3^s7?k-sn9Ea_=3Z
z+<SN|lY7_$cRt6Cle`SSH9al=>z+iZH|g(ePQ0{}Nj>EncK?^1R(4+eaO8c8_O>tm
z1=<_<p{Mpf<Ja4J-%{4zT0gb-ox2m;d;Q;7`)a;t?QJjO?T7m+vwSwVLh14ugtO^<
zL%c{#xX(|xFHE>M<fkxyuQAp467@;EC^w-#clY#kFVD@IqsXA1b3yIlw()Kls!aLO
zWUE-i)vU+vX|g8EmsIk;`)|E_o$*^|CV%Tn{;dH`Rtwjk>pT;oPVHptN93$xsG7Ht
zD?z8O1T*ncp2Tzjo{*7N%b|1VZ0BH6nw-g!|Hw<9vRVwm(n;?i3DqEm1F;e-+I9;@
zVkLWcNQwFa+(Y+eHmyW1>x%~ALGm>&X5#(h6xM=qJFFJ@i&M!#DO1ebU)mQPY<kJk
z;I_E@(OGTiTGO;H>AV1*N6U9$UIWxS(inSUyjgsn$)0C*_dJ_D&rN!sd_IB7yIFa$
zyZQ?0d43Uw8-c&Y@E3nBfxk}pTMmCS#b{Lpb^XLFF<L=U=%q2)s}uDp)>l<UPoc`H
z#q1TRwQ32w#OF)dCDdKDj9p^&EA;BCQ&q3Er)sTM{|3GOO?v%}di}Cqf3sG9RU5m^
zhD!@={Y}h;OFO%C!=-~=ig4*<m!Q)tGU;+mp~)W<iey<;da|t=J-Jqm9=BDaN3?46
z<Xbg*3auJFMLIpjIz1&iJ>@z*6^Zopj3?b}I%OKB)1hL@?ri=dH~Pch68^WG{hdz}
zja^pimsR@ZV*PT7ez{b?T&7>H&@Zd?%eDID2K{oAe%YvB%KBxqe%Yp9A|voiyMF1=
zFP-{jrhb{FUuNr<x%#DBzZCV$eEqUezbw)(i}lMA{jyxYtl*dR^D8;rcPHqd;-vM6
zS6GFylA{@3jG0V#cD%IH5{13LQG35C>HR}_u77_;s`XH^zI7(tXC~ZdCERBx+~=D0
zuTG!+gr4b7ex9ITwUYU|6Q;a)3MvAhL;i|gI1^M{c_C8}+1ssvFLSDOrACJ&Ojcp@
z{G_k2v^4BfbEX(|+p}kqZaWopn-jMt?edpy#5_KS;cx`cV*uZ8oQ3+W*ox?>bU0SD
zgX_0%gQVY_O|Ns3>n>*`&)Jsb|85>HE&j+}QCg2}!gJ2@!&}nmq=EVc^pQn~<C&at
z{gjNfVL1@bcc#jS#E)TqRN6<+cV^;`-U<1|YnlH-n;5EfQl5ZR_C8ViL>&;jY)AKM
z=7$@I&T^`tR<=w=ci_5G=<n4S{?(2h`S)XS%qcXx^EWgcGjTW=0zQr-;G+zIG<cj^
zj(ZEfO~Ab$2V%4EV5YqFe5*wRz)zoViq39|XD!=j>f`$OZ;a!5WPpvUg6H4((Dwb1
zouzs5Yb)vdkrZ!E@4t~s`Q;sPeSD4mBL~M=RTpD3)<2fFRL~m9-dEc>^P7ZreyX;!
z<2*w<SHg{YWS*$~!plrHdmF75HQr4#P~#~GMl*?|H+<cYG?0_jKUKefu|0vF&sBP6
z80q;<B0T|4&oq^uZsY?x@v4)y{0b%?62!ta1#FHT2UThPH6BmDv0M`*muU7URmmoM
z^JtvxJS#*u^7N<9uhN@S&o7dfo(YK0)pc@mgXd4;4Te?Wpu}Mr#E0dGl=eRFwuEu{
zOdXevqYUG+Xp~`G3~RqR?=$AE+rrj<otLpbesv4C2N~&~01Muf^fwg#WctHfyQBYT
zBmEzro0|TW>lyvMIQ{2w`uBaw>8JCW4Gozf(`5H#Tx$#vqhsx2-UW`^hKkYAHMr(D
z5v1ORul@nkqCU6wAC{bTa<7qAIvSpF<!ZU3@LzE`XNr2>*pH`$Uq`frZcm?ZgTTJ=
z6zd{45S{5Np@4i|JgF9dD~EhLo~9i&(^W2nt1T8<exJ<yA-q`#BM9?{>TH2LD)J}1
zjoMr}8$Ho7oILUTqR~UkKK93aHu9Cr^Sa7Q@5CZdz(&W_p$K4+YEMO*PY5p|zJu#a
zh44bE>{w6b7UsPah+g5yhlQFaKM)PLGQD&N8Lph3_=m{p+34;iedwwD1kW$$7G4pE
zp5fAoi;xpqXiY9vC|?ORCHTKZeOXAhILeoO>t$-fN?%r}D=sWttqfBA+@LXbZ>1Og
zzSI^i<t?(SE%Hb;!YU}@6IRvmm?{?SJb1BG-}E<%mneOTE{j2_j>lR0S6^f;Oqd0Y
zD;HVJcFdX)Tfr7P{ax}m7)n1h+f|YV?ZreFaB2IOoNlpD{tm&n$rI{~d!@FZ^qsKK
z>pIbw)8fn7>6gCuO05`PXqQLo#P&id4>T+oiMxeG_1?@aLL|?MX|1<V{w!fp?I{JW
z6NSjTSnG1Qbmx8|gj-M(jVg7O2q8@V0B@J}@c}E)K}~5FcElUMX4(q+AtYyy?jy_}
zV#RcK)fdJJUa)v$XXHzpJi?20qr9$S;elT8%(@A#i-ZO3@ZyU1-hKC7X|pK2xXF(z
zteU1%{i7~&3ZXUBH`O-3bdkd!s<*C03#&3xJFktUS;-ktWi(rA4z<N;?GO;WZOXNp
zpJEif;yn&=ln2TliDfNnNm1}&L=>Bg?gZZkY;&YP`73%QIVc?nO8Y$0ZjV%tv!bMI
z5@iMRO4&`t`u88Q80*BZ3%+LM86F4HAI$)6j_2ny+BJEbP(K^kvOIsNGp+1w`iv)b
z$>Wk;r1RC-c%Re`GF&{hfO3#z1^T>gaGwKxA9mqH4cTo??_eB!K>n3ixlV?UyDLjw
zC&lwcudp0`5SGK864d)=v<nLk#!@GPR;Vn{3lGM^CnGzYq%?G~`1-s(fK-+H4EVxx
zc~ENLsYB@G1Bn^8Njqg@_!6({4D_BYZ-5Kxu;^1nc)n-c3|p~qn#D2$Ku^GxFR#P=
zb+4<<r}<vs62&3!U@SjrrppcDpg_XF#Mxq>&;61dSyxtqj=8bBr^Oa5Y>UT1Z;S7H
zU``E$;Q{VP*WN|dnVUS)nzHGh5KzCcTB<?FXA4)Cjn4h7%;pIlnU?59yO4MhJr<2&
zMfo}+bfm56FVn01Q6KPw&w1-e;ss%0P17<iXMp$M_w(uZe^Fl%r+5VK7XiUnr`(F?
zkNqSsNCfQ0qyx~y6wn0o4mAA(@f<!M=pvZ{j|RG$mdVdv-$&hF;rhdV3g{2Z<vr++
ztP@`}=#RSLy8d|MGSDACTyBUT(9lpg1nOHhv4{FBM;q%aGt@T&>-&qjzACJ*sHggh
zP4x{m)OS4AH|}yho(4Z-g8{fP#&IEHDl;AubE@TeoOz-a!^Vve*_>u!gTpp&0?{JM
zh}a*s@&iS^K=6;SVH^%O{1A{j<j2;cr*Z%l4{09^Wg9J*Md>c593O%W8t<gj|2gYm
zZuq5oxldDj98ZAX<+POc$BYmm**bcT@NjkIg_-=gwz_X4M9$#k1fs=RbT+6w-9nq5
z+j`l7mePpDpSMp4f63jD&!qiOPEsyK4ndNfM3Uy;3&dq(TAumKpfa)MyEJ(Mqcj^S
zb#hAU<eQG`P!q1JJ2gV&bE`^GQ7-h15dJ)kElb7`MI*xgyuCtr8YgHt?e`%;K#Q9?
zE{PU5(GpW>S(iz)xQPr9DgZa+Z=5P6`3`Yz2kz|&5i*HICpZinc+ty5X}l;zN;#2H
z7^VvY*eZwoQVSb!Sn16IUW#3uPY2+$sovN`m|BHsai(X{M&cC1<Kyvh6x$%(3i$4Z
ztbjB%7oC~wLuk~oiVdr2;hFc95cw^A9s3@go$;3m{FiL*{)}g>gveJG_N!<RD)X%*
zR0_NC%MVpMl}zLM&G7plyR>oN#YSCvA45+7A<BLpZ;G?(E}qMdKhIV~{+x{vK`r*k
ztpvJ^`E@|fY{bCyJ_~fTq34D0{p^%-d;?`L(&B-fm;D<IbP$<``q1d(pGGlSy5w~~
zw#SuyTrWa-%Wsn7x%{Jxod*~$??0s@t~{aTYeE0-Gm_)ERCTes-^0=&Lw_0Kxs)F?
zp3BwKnE%(u=>K&I9V@Wmb?-}<&-k_Yj|2Z1@5|YazV)#)S*RDM96D1C`XY6;liT=9
z{o3M~jg(@-Ov}I<Zd16NZupVov2Y_VI=(FqRW_}Je*m{Ny^2Qy29lq;yyi0Y^%JQD
z^4tB`wnXg*R!h@&P+qwUQ31WDl)z=vS}3hdA#t}F!_qV~9myU8C{!?ik9-W&(R81J
zxp|r%#nQjQU$2A@HT{qx-b_P71<C*X9^~~hv-}@skpBUc|Km*ZzmnvCPxUP}%YQ?C
z$76lt%=InB`W!vg*Ji5k<1D?tw=ahJtmC@XC&j2w%-h+83HpSD6gq4Qk$yHNq@tI(
zr135uZ=;bOHKwbNvZV1@v`aI$qnRGPsy!+)xM51;i-gFX>D?=+U6XVLmCqGaM@^zO
zaA*o@$_cuHa*(`bu|}qE*HzR&vKnBHTCXcJwW>mwOd(REsj8CfAfBnJvY}#Vm2=}6
zNY%amJoxd3G^QBN!6#juHaBSpq%AW^JLHmfm}%qM;qS*2$+<{!rlwQtjy7p3^uZJ&
zOLX1oCf)fX*PYLHWf*j4J6BaB@zG39kw`EBDauNsNF<8>s8Vzsqew)GvNYX!woZ}i
zbtyzH(I_g)C*65RI@6tlh$5~#3pqi*#V4DqneNP|F-@YSkZ2KAT4Ki$Ermwi`P@+&
zC8{5#5P3>dkkh0Kr}4+C+oTX#q&+T{E-Ype?Pd&fDK+4>0@I%}NjqkMa_q;IBM7it
zvq3q!)%3`~gj4hDL%7kSX-HKkUc+^wsQq#e|HZBS@+XrfRrTg;{MSN*-aI;u^k#7n
zdh?-9vh!;9Pj{K`ZCx5S?qa;C>PNS7ok4%9`qg33ug@J&<85pDQMup%Q;6#Qu?hEh
z)|vC#F2-qUeWEhIQ?GA>GD+8WbYHC9Gp;b`>wINXr%_*r&RaH=^zYV0{ae9x>Tl&|
zPXH}>a~D64SHa3ZnOOc>u2b*8(i3!josZ?qrkl!&ylfE5j_NX<*UF^wzcQ6Slb2r!
z*q9O%ChO~_PZRX>Bj$V3WCndsndRiiuOby5d=J$2rDI5id+_=~c6|<B|8@*1RE2G6
zuU4Y)SDtb))3SZ>pCg*S;tKxxUoo|wB|pipGUdhm$|3)`g{k`b^fofj*e#`f83-ti
zx9ZCO_jJRR{}pt@m46U!<i$s~#We-p^q7A6D58KHki;8F*)%ARaFWC9Z__PJ?MfcD
z`-!oP{IsTa4h6>O0AO{K9dW|>I!-tbHUDyaa-2L3URCzO7&N^g&q`<D;<|Ncboa6t
z)jD|S&1z6~Kxs-Lz^lV-7jjKnTbz!LDr5EYqg+2PL;YML_Mo4$2N?D9IYV^){A(}h
z=WF~wTR&HHub->B*UwA3(a(77>Y)1hlFO3y^A&G&ub)>9NUfjizc?)YyliEU`gw6{
zclvqC8;7l*`wd8?pNIA{>1RB1)q{S{Xzf-%zx(=O>*qU;PNkp!(AT7&H>~PWKbN(1
zr=Lf?emMGh=TXV}xldn{eqQ!+kNUa#<?i(J2jBfiKmTvk&yJH1rk^tg8ufGINj>Z5
z&jy(F^Rkn=*Uv8uNY>94Cv~r%Pul(q>*oUnq@Q1?13moW`J|Kog4cg#*NgD_k@HjN
z=T#S`)X)6~tNJ-@u&STiPFD4E*Dj`?e|4ZWK|g=gYS7OOtp@%4Myo+TzW_IKTi>6r
zpW_$&Wc|G60$o49x4)J2b6w5h>*pcxZg={5G3w_H?jH1W?m(k{UUZzUpYIzD`nkqq
zT8}Tm`YL*=FVj??&rsjFSl`X&`pU7s?4IgtG_CLVIraK>jDq@xcvSoll-@@O5r{oU
zd!hva%pkj$?NrSDJ{QDRbfK#p{&=IWxJux!RN(6G6IQht5JuRQm4<tka&Rlolie5|
z;WFsdRYRG{jDm3cEb;vOD7=iJxWgNTNG0v}l)47Oz>yOWMPJ6(LFhPwQrjC9w1?K>
zk-n7wd54vhb<^$)i#SydZ!SC0Pl5YcI%3>s6Z7h5_s=W%<eZJ(${o1*gM{f@{yE~@
zHMwN3H7Am`2&*<CDNbk{l5--Gqs&B3y<(j4&;jrN60-lC-$VcBo5r*3ScCoNT(tlE
z&NQCIWdG@@z6w))Lk;yEkM)f+*H=XLpPuR~HsQ;Uk1^PP^3eWcu8;QLtIwnQDDXX0
zH%yFPW``<kQ*Xh~V^w;DMb#7`f4Xr$pY~%)4pN_aOXjSe>ZARb%!AZt-jdlmsE7J!
zKW4+|p6fGj$vo6kePl1JI7oeFli>wD)kpTi?1R*2HW}_2*h77^9%&rabA9F|$&)?R
zNAk1kAoZC==w&_CNAlBskowFbG_9xlNPae-+jD(p5&H6g9_k}`u;d{1nMK02J=I6@
zApaosnMK0UJ=I6@z;clK%p#%o=v4J-=Vzo(#|MN}M+c<01H)>?nvS$U-bP`;1y+=;
z8v?OwK-F%}Sx4)!+s;&eZB_HFhgMt1#!ei}-h&zj@OSSX>WN(zujrU_`-x*?Hq4i4
z@eivB=6!MdyJD!u+Vr-HC$EVIW8>q&ytP7jFZy0c@8whnht;X)>7oNcLG>aZi9nuQ
zwmT5>VtToCr9MW#lr0LY`uStUHuOAuTdesy4Rq0hFt_i+`&N%sV6l<oOWxYDU4Cl~
z)j`?ms)Lcur5E72DJgrbu&V#D!C0ZOqPu^q(~(?HFlI~lhjv(Rt>NKBb$_a$v<V}M
zTKtmSv?!QYgHD(G{VeB7&N}Ezo@7tyPo9mkGK~FgdNt9%(=Y9j)??_ecP9j-y74Tl
zFz&oXuX3^DWqxTV`P6<8kTyckQP|O`b-`Hw3i%`eMxZgIhQP2!@30+WO<S5cbtA0O
z$d9b-D6h3qN;f!WR$;8vrA--@Xu5Zp+|*blPEDtZzr(t*#&<Ad%dkeQ$@C^~HzOBb
z86S||fp;)J4<(P7>B<UFyrii<3sp1^S4YD(QAIxP9J;#7b9q2@<^uT3y>k(~yaV8c
zoxPx(V+FWc;$B@N(4EL>f-eX~0KP2v3|CyVdx8+={gHHtMT~~X@hIwc0_!#gqGyx&
zfEL&of7}zjduAY-iMg6(Pu^&k5Wbf<VB$1?^b)r}dbcPobTI@>i!)fP`eXgW%wc%z
zDvO;hoAR@upZrpTzb2kmb~`Os#RfM!`V(a&8rGAQJV%NH5Y1wONjuC=7>p<U(cAKY
zl46+2*b}*MU&yJ!+!i*n6=8Z+<$Ch((c+uUbd_8j8}U0tV-yC>>nf37gmsvI>cpY|
z$dq9pqPt0Cv#<aUDMU8<1@S9?=x(P)2<P&SDG_7+PXK9y89Ff1x-2i~hoQR0kUgiw
zA3Ni5iY?}+WWunD^+d;Hp;;q(5e7_?$Z8NJ3rB&=?U$6G)EF&wiSq5ZFvTihka$@e
zmAzEPrRuOQv8F3c<oUtZ3-hmmhdJwTG4o!pjyQa!2;;Hck;cfhWA!EEM2FkC>0@Oa
zC%4ov_d9GF442rlCQXQt9fmK*VJ^8v=%aFx_fKrZ3D|^kIXa+&0)5$Gc_lgmv7wi2
zJJupBtPMoV9f7?4V(fA1eBq($A+=(R4QpkA>r(28icvOUKDyNi%hUZ+ZQ+2mk>_o}
z)tb{%dKWV`NV}ui@;GNlylIAZt{Ohs;yx~|w9p@&h{K#s@mU5znK2+&DrUPbg`s&B
z9lZ*026Q3ir<c0ivT_WRIfd6l<w^%OeXgAoqa$RmVyi%Oi=(b`WeJf2I@SxUkNJCq
z`K?4iDfC8kjO@>A5bhO7544NJYOotJg>V5n)xjGh@B}@@7wXdy=kLHQ4^EAHq%~nY
zw}uPVfYd?3u8W{Dg7j1paD5|=RVFOq80*LGmVK4qWN!>eGhK!LJ|FYIYGjWRBAIC#
zA8Ikzgz#U{$`Ly6(Id!;@T;^0D?*rzAiLy0q<6%X+Yjh|bz^cxYYlOR(xT_DMZ$6^
z3LNmk4lBm7mz@K(rm^mr|3eoF>juT4`RRG0x4DoZ?}yIESyXufG!y5RKQ`iVeDEP!
zCMI{P<)OL}6psYTE4S$W1vr>I^xhB{Yvnm^_jqdw8VSzqYQ;c~4Q@Ld%Pt=C%-=AE
z$AfM~XJ5Fb^_O4j?WrG=iH}`$-!LYd|IOup-Tbe}|K{_*h5T<3DZhp>bSBDEe=i+z
zl9zwY_{C0ZwXI^5JUQjvc<3;Cwz9lK?@tV}M=rxJ1A{2}2ULGNX$y$45)>q@TjY@g
zF(O?DFS+z+D0vo@B=c#mjoCX&lpXsuI~4q$sr~-UeuMu+RX?=%43CbXSd9}YR%2Z!
zvpwA;N3Br#@=jy?Mdc&7RpT#?X=_?9kGv4GL+lY_=M8-2SW5eL&dq-uV3D`{s#CRT
z)HU^^Q=wnV*B{YA2YRnLg2iL(^Ah?#H!#nH0rGu2S}~j<3{5=WF5lnY8kcW}pPKff
zM*4CGvv+*FOpUkn%j&<4r2m$w`fvDu^q)!p9r1JZpY4~?e|vwj{_AT0ck93Y3HtBa
zFaBNn@2Er2e@7mI{u2&C|MmaH^<Ub5v;OOS5dC+c{U__cBMw9V3Ek<x{;Bn!(7paU
zGFkt%ChI?pIr?9%|0Zrtt^bDir2o=-(0@mm^k2UO{ny!^TK{RkoAsZqNB!5)ehB(+
zw5I=FQ1#zKsQ(71(to|V{_D;4-`~voZ<|T~?LqywP1Aqdxc+<2s^y3K2KT@Nv9c9t
zn;6eFz~?NX+<#?@{jp{2(8z=;DR_TC@>O`HV5LF#`PPEod-&uwig3H&9h@8A=flrS
z1F>l?!5`Y*9F)G3pFXuM9xrnSVza8D(?O=k%N%5=KH{x^9BX;Q&8n(~s@^%bBR=Ko
zP}}eB_IqPRR{zvBz+uOVp~hx$*cvf*l}ivq+nW8-SMoSkC)9Bl)Zvx3vTEsY<!)Zv
z9H{MzN#fK^V$Am%o~zl7sSPkAT!fq-SGM7h2CJhU(gF);M$TF4j}06Q+#ZN#c;fkm
z6?5(f+2gAWN(z*%5Tj*_#pr}8D7d8bQu&SMI8_0P9>9YbyF&|4d?j|tV?)ts<XdY{
zy|eKvvFkPkq(;=bs?w#rWbzHI@p#jV)AjS3z@HtANadQi(J$7S#`f86Zu7>*#Jv(U
zq2-?Y#ptWlvH{RC^5kTEx{9;g&23Ge$qjji7$~$!HOR(76z_EL^KZ|p_(*y?Al3M!
zwRl|0?h9`$JwjQ#Ti?G^{?!sU<>$FPIBczlg~VQu48=mIe;knBMhgWVV2)no9EyrD
z)CO{WG>ENBVrN7w^n;^xc+NW9IFD?{HV%6Srn3;~p!TW<l+E}=oZGO0x(TS0g>~`x
zs^1VVHK3n{G};x<&-di@7Q!ytQXcJEbvg}k2K${-x#DpMA)HPHGU%+ts%)x5dpq)b
z)K{VXRxB?ppaeV7j8zz?fJ%(987g|;!Ydl+T2*K)F%W>=%ZL-Pg{7yfa%HQR=~6tF
zwd%7BcCv`IJdFEq0qaf{oCwvP-UZ4nP<DD%FtV=fbmm6iMJLnnVE3PRwT9BupfuZW
zCRu+D+|pZ5;XdG6eE=mNk1StjqkQbjjTodIgNWDJ;enk}hDyFR06_;N-vQ;)uDB_m
z8;te)0cjoXeg&jjzqCoUMr8)31}*ZJAo--ps`ZKNb?ts>qc2=tI>Aqew(vhuYS;b6
zo5?FjvH4pY#hM-IV$AlCXss59HF%=lHyo0cN_+x9qR;Ixzt@Vx)}o0^wU0?_LycoY
zZSK;%xnEmA%!JzEg?90{jbdnPvlyx!sOgPn{79%#z%*(#yKJ7QZJuN;`>yHlP~LD}
zTrHOYh0=k9c|by$f=K`?m<s&A)gIM1>PMFHif!z)p2F8P>A0qW>Dx%hj3U*g4wHov
z`1>skQz3u53)M~?#}O!hS!_B{OAE7`g%k1d=sZ44y)P3Vv+yDfJ|0`d$7755-25+#
zR~MnU81nDl#fdqJCnEpgG@vr7nmUOjO-=Tdr+xv7@x~_jXA)fLX?B}-pq_m73#KPu
zcrqcL0n?X$Jag%X85w(N1Mj4u^e(L$L*I+2KE>Fa)n3WBEKyTF5A($vz0wJ*%Vi|D
zzQw)WP<1|@O%tHd3a_-uANsnP4YTBX+#@Wi4Yk?v1oDttn6vlv1q1_v*e`hZ`lJp1
z*n|LVK$E|Guk=|!3WC;peF;(%YP5PQC%opBCa;hm2Uzn4em@WmF7-wyuNYSAshE>#
z@e0c)ye9e9pmjPn;z1#@AId<jLih@+g+xQ;2UyqKZMeL|_-f-FfvJuDypLv=s0l2+
z(tck!UUn>@jjaSY0C2BSPmtzpto%Gd^A%WC&DU&Fd$?~fp&(QZ_;;5LJ_CedFr4uY
z_}-i<m?DdgrMdM3>fC7AGJ*rrXM_lRYjCkCAb;ljL*D@0kmcI|pA`nCUbhC8A6F=W
zxZylubV5G=4t+#9l^$B~x7eIDo@g-Ok4|uki$Qcj2QGzg*BwjxhX4p3$D@(D94VQI
z1BL!zp&HPl!4>k2GCJ%9S5WUxiu%?}fi7Pfkk(_*M)2&Wr**X@4fA&X9d1YhKM5D1
zIgh(bhk9z7jto_&0d00qXq)xIXu+Qfk;sWKc_$PBt+$gbo={|J0J`nS`*Qj)eXU&C
zY0}4fe8LSwBbG9|GK$t77?;q1|9p7H(#O(BzemT2`9aHaZ`9*V;9*ZowYBUbj6&v<
z+Ojvx3axlPg@?<4^H)IASBQOJ<R|0EpU6i(kj6&dH0+3<*$jfdZ}4(VCc)tO!Y$q?
z-3sBkxE73xS>jYNI~Xl<c%;w$dF$`F&d-HMcyn1Eb7cUivL4Wjw{lSlIm5)T0(5MM
z(iMyfdyuzQ^>f&evoU*fK)S91u$Z@UBf#8Bpk4W$hMWAu)`KF28u8%w*qH6rV`<jz
z0b-}YFTtrT$Qc1CR*V$`KT0wDL;!)RAAo8Ab7B99+V%AZ82}^cHI?*0lpX<n_>yOC
zBgup)Rfg2!M?Hj-?x*f&b+dK>OO*w%-4u3g3v=NJu$J-){dx5)e}}1ilKKVu1BDFl
ziYl!u7Gqb8VCQpT0CHgf+{&H&o;3=I@Fdn=qSa31@;2tJExRC*Tp-Z!<t5sem*SV-
z08Xv)yg?|0rQk+9O7~6g$?3!U=<=9+a3~moU)rY%<$@IQctxT-#{5cN^pIupSd5kA
zQ$|CW;$9H0G{4KLKp1o3igK38WhR!r(u8Fg#Nz`Io7FX>Mp|1Le9J3+;E}3P5X&dD
zngsBKWhj7WyD}}h@GZNgV$NF@6*;PMR=A&{iD|O-N0<|3PCqmH1yENN1@anu5Vogk
z!d5oTI@0T!ybHJjh|(4ZqgS~cet@t}FZRD#>?Mdi7(XuZmdST*BaycZo4_UB1eAC}
zBnO$dwU&uH7fzN4%;po~T-@CZOPVTA%?@4UZM9wyEqKtbio60B%Dg7VZ%H~}MWPOv
zt?7X8KnJwRx9rn&K-U$@D<nFhN|WqdfU@)TGy3T9RFuD)<tOddzlYK=dozYb@kXzK
z4r(0w>Ra*n5q9+E@;K$&;T^AZos$+1!g4wp`8fr4z(^}%pSO8RWfpIRJA6A%?_M7N
zbbJwL`LD$n{rCO<h%b)$@xKRO9NGBagfA8i>k(hzA%W~OyXWVhE}v)r_-~fa7w`GM
zEuS}k`9D-XZ`^%|^7**adXUeI|L{!6vTWkNXe$0AVH$|dS;mvJjrS7gm5b6!!X~jf
ze+AT00iX_@oc9Pv`Kl5aQH;%HcF=mbuav)OhVF{a1ZltOL)r`REe1rh0)sjQBRd0v
zD9dLJw1PCCJ&y0)WVjq^qqF(jn$N=vAzTGLFGr7TgAY1<RUlVz$0IgpDOyk8U}mf>
zZ1+N1iHJ~saVTyK&~>Qo49WMD@W27$$vKtsfaTDRsS}<e<7R_89HRAe)pQ!opfSMi
z4`9fbIaTp|=>J(y1tf(|&m0AxT6Ly{=Rp3-E6u8uXXW;?M1z%nsT!DfaWGOXEH42x
zdK)|EQsp1E>5`bO0-r_QqDQj0!!1JOGwcOq*I?e4!u=S!z^`U?hLRQ1>Tq@0@g&rD
zpplj2dLU2kVXEY(btl(j`Bvy1goonPT4@oXaNS-k|K<ox!UlcMdY3vn%1do)#*T*m
zq_=rj%NM&k;?T3ovt4SurNtHHnJ`+vCinMhSOe_Do)wl4;2#O?I32^!2zWbpYbQ;D
zIwA59J7QB6n-mYmf;MULQ~$ybL_xln+dR?)sv3s-si+tbqa_$F*Lk@ICNZ&OP}(h*
zd=`&KgHKUcPPy9pSzxLn!7X%Z45fSY)lw=5V~L6NfUrN&kh2Oji@EP9ZZ(Iw$4uv&
z(0V@pdzyZ;p1MMrVmOZ>@9)R?5t$Kq$;gi;W<2H8L}pxYE6lxv49MgC_<$sg1|J1=
zP}I>_c?uhi<2pJ1M+OT&0e7MHG-1I_Ncr*$t)ugV2kyfn%Wq8!?aFpnboCMD-vK|2
z9xg1n8U89hHExnrle1ZwOXmwu>0_z#<*ZXS?bq9XFnKYjf(wgEE-ZSI6IJrc?++>`
z`Z^9tPE75~cRS{Q^lp!rIo=qFl}Iv8c;8ZVqFl+=&qF%mS8y%}wVeaqH%WMas*KL5
zlAB)oxpLyTL^<&SefEM8AS!4*nJ6tvdXyHMP10gwg0!go3DRP0N@>CL0b|c%l|9Q7
z*t65l*%LRbr1mHkz)d9>4eV>i@0>*eo}84~5uY>#IrND{d69LP^5VY3k{1|^vBW|0
zVon7Liwi&2g@tF5=L(a!_#5sGKtY4Z(BuV3kAumI)8u&kYGeUVp>j2Ar~F|?Dt=62
z#sepJ#64G<xY0A2&B=od#Vr}#4@J^AEIOIwMBx?6u}uGyoOoK56So`WL{*}kxQELL
zT*WCtlbpanH1Z!$HsBA>>j6X|AMaP~5&YyZ2H=eTE_9bY?iLo-iGZXQRl76gveU%q
z`Jub*7!izqtj(+~8|BWe!+TsDvV;?`K0$N(MGkS)Mb2BVj9PMbhT7s~tHp+N1}?u*
z^Qdcuj)~fHszcE6FN+N*PAt-fre~)U9>Nfyl>=F*uTor)4s=O1O&@6MPiX{uHp12P
z$oS|*cBCI@hY$7w8q4}$x!M>XSNk5u87teyNixO{%@@)2+AKfuK-8>d>V9(6mjy6=
znJ5L9h|$Ro5T7doxJAq?QHZEaVid|}@@R$fs232Ql`WxTRnSL1U^!dFfPF<;*aGVH
zOYh6GV8FuFr8y`$LUtScStdp&tN<vB0-`?`5PQ>;jFGqr+DtoWbDS2bwsaLgk~dV{
z*NNI((uBoiw#tr9Se#c|I?x}gvj*~JIZIC*8?`k>v-3VF+jNn1#%mZ?P<>XmU2O1C
z$Z~(E%PQRaD=YIe4^BO8Y;^QC`KmWEEUT<s1|Z)}wY`S>?qYQGYWa6>;C5iyVt-y;
zK)6U2q254V%PpH>Dlbz9MhN-oWGsf6gkM6wDl1Bn1|K;XfS?pYyV>kt=3)AqPAh0{
z4?_nQ3kWKVE*G|wsGhSVG-oMiSq$sw&a7v6#*<qugqKitzN#G1kT%-5Z8}-^7Yprz
zg{AE^k7RqzpVxBR@ZeO}YtTL0kbp5!mnG_3ffV$i&mDtx=B+7PhfRaxw|_vrG=B^F
zyFg7s<ZMp69Lj~Cre*}9v$VEFU8~XE4SQPpPCoke3_KzUeRa!h<pcG+gt;-oqMFPa
zAu@%UQZIx*hA9sOT@)ShJbnZjybl(OTuX#OtN+=_zOQ%K4OYFo@!OmlKgik86->)6
z^Q_`MErjnPbfdmJ&dPeb1)Cqa8lN@zC`vthh1(L``n<a&YLOZ+q+sO3F1@r;-<44A
zrf4pVA(p$Gm0LnWp;-}4JG7|YC0_-y7|h!Mz;R?SsiEm{!+g$HUg<PYMr@-{$WWT?
z%6fL`t}LtYR{F3aVL4n1%Y9IjQf6rJt>qe7Q6pJvmDyc}QX(|69z&!?<{KM%XBYou
zzVZ+rAkJ$NBB$VP1KS$#O1aAM2Q;dlQA-2(YI+$%P6ioiL8R(7)JE%_<^)J?qyNh?
z)&Hds7S4!LvS8ipU~&uPRd6xNuK?+s9t75XOI3l@%8qS1lNRe<gjbCKDAvetw$t)_
zaTq4naGZ+16*-$(uvKKFD&P~3u&{wC6mMpmR4YUZt;u{1dPRu5g`<_*AcWC-0*!IR
zi=q80S6_-RMm7uKEf(~;82u{tLQZu~ylIere!BtI->?SH+jQ&M{#ZesC6IU4Z3@ON
z2uwZZ(&)esF3LOc+)_XXO;%rY;NxED7=N_%OX!8O;FVk6!#pO}n<q>k!-P>M3ru&q
zP)=0&9lqIgAI~R3uZ_Uo$Oh&?w)hnklQyXAgKdnQ$bB+cvx9kM+(M)BaZd^$ZcVWp
zRbkY3LMY6qYMiF({RY1DNS_k>8t0!7x{*8-onC1Zy|B>8$n*8{{W$-SFY~dJaO4%4
z)Xx4iA#xFdGiXR@U-;K9L@?&Be`<f1D6N&=K7E2y92Im57uKQ^l4MmfX)mZ1C<K0y
z&u&BRpX|gcrCQOtxhzLHf}|kVUuc&K!m4gJs4=F)plB87u>pP<^8k$72^U9g?WD#&
zxJVlP3jXXTm9xL>n_#4+><G@BJC$p=RK%v_Y?i+}D<0Q`a&R#q%Y7z(=gWzp)L8}k
z?Qwj|A01sIU;WPvG`lVKOSZ4jJJg@IrECjT!=+(6o83rw<pd_Mf>pxu35%6!UFsA5
z^J0&*TAA0?O?jzad6~(2B>zdMR<0cgvY<*kzwMVg{oE6r`z*c3k8o2~nP}L>Qof9E
z1){IGSSA>Xh8`Wk#lR~r%sc`^u^3~3k+(7VExR3ROj<3mO#vP!<Ed>5T)A3qn*xk(
z$&=e)Oj<R&O#wy*;puG(T!nC5&994C@|^-#F-yNgp2(PgrvTkYF#*p)R|S0<lkhAg
zcVRUVkD7#Mp^H)VIeM}aQ5a1(-*fql47?Ka5k_XBjZu`}?Jx$<1@+4sK*4hZ(ri~Y
z8Z0SzZl>7h^PtogSyy%g^TD3&vP+jbS;X8R$uo?YTUS=<2_0Y&b44C8cWmxEYQ)?y
zb*f=;_h+PU?wS>}a_J^+?qf!M$K&Mc@pGSK@snAc<&^PrzYGe#2IV?vAdioWv5`~9
z&-F7;FBZF)!sosu7axtra=u<TIDe5D85+tG`!N1u`F;}ltBvtj?pq1`r6mwze3fn0
z`6}0{^Of7G^Ob1T`6}P4^Hrf$<13y>h**nf5+d&6sf38ZcrGE8$Eqs$EoZZ}M*dQB
zEiGg`rsi8(=vu;V8~N>0c8lqDw21>hFJnJ9^IJA6c^;;Pu4;B`;oo1&ZteV*9lzi?
znHIV>v0KW^q~>H==xWp_foz-v{gWm^L+jyBg6W1y;7FbXHziF1pK%hjnJ2*?*(9)A
z6DL6x@&A$@`TyBN<o_8zng0bN|9d8adLlP6KMRpD9(Z0%V?1Ax#yEQ!AA=P%B#*nQ
z(is0|(#aLNx!<*fnhO%a${ao&cofD?zLVaB^EkOIoW_xFQbZm)8zKMjXT13egExKq
zJT9!>q|Y{lU2CjFEBeI3=a2^I64N@~BLU(d=7zVBj?kM#h8cf7V5MLmSRF3$!*K#8
z-wGj&cOTg(L|P5Fi)rNDV`FEGik4YejsrjbctNyu6lFEo?T_7Pg$F?4T2A3;U+JvT
zmzG{1l0BnyZ@*iN9dY^Jj<pEOtHr6dxuSI~p7!84hP5s_%fg$auexx)=K*=h_@VoW
zTpKSGkoEx*wkij@)I0^8AiGLX8U^HsuirK=;a!ez*ms*&FnNs44?jx;VR$h_WMMYi
zQGK*?S&R|YS7?QUxEpySNxtiN>tzA)85v51$aRFaSk3sKSL#&8brJun<sZWG%w{4)
zCi3!2czJ1qav{Y>!ciKBz_ftv+sgfZjVNm$p^^sH&^Rq{SUZ*XRJ))0ot;FNR2%Am
zu0BuDyF{rZp!dBUkL|n*Kjg<jqG-YC#pwO64dm(+c5R}LdBxSpJ4&X%vt7A?*!`|H
z^r*BEGl!Y%RD~wo;~QLQq8wukxt9?5nrv*`mAG?oKQUD7=4r79DW3g0I=v)_pGe~d
zDtV@O%`8ENLB}j4Dm68;kQ2)_%|cEyS2il?T;D8oHM84%e%r=w3;C^u!~$153th|_
z!FA6<mxJAw@LMOlRW%Sht-~|gvA8wZ(Q9}|J5i3a9?8e9uI636mUs0A-qo9US7%{Y
zV`+KVPS({`{6mZR7dEi2##@OEnHNTSJL~IAA1=6d0nmgx**BnvrEw1B^8=~4AZ^C6
zhsy%i#~EGfIOJMQERbu}SilSQsyyI}tONE>qRY;rnWdns{|xKl(RKY}j4oBLW|`^A
zGSU?`&{Zu&R_%wG$5N~$6Ef;>JE-wdMu-Xu>}EpjIw4SvHb+`u-L*fldu+<7@EeKj
z80VGPpyOs^?w;LZ?3Rvz^aF;-1FAg}f!r*l{R^ZWk4<DB62HkGv@vp393)#zd?s5o
zK12Re9_nCcqWJ8@Re(A*aUr1AjB5dPQnKX$>nOGy;M1|fVw{eASrBH^(KLrLe&QVZ
zM&aU$55-dR99pW+A$VP#LMX1DZ%-Twr?R-+)N&1Fa=E0UOfHvHl*#3i*1J{>Wg0r7
z+0+ply5w?6W27__y5w?6MVDMIIn8n@^B0#(56Y}hHOy`9(@LXUdc`1@fWarW;XK>V
z=NXG`;&#MK96yzJ2emL-mKo8xPRoh}-u(mtbd0G*`Ht`6@l}>gI_o6W`YFztBMj1D
z03K{kAqWP~=zDmA;M0d0b*k1WGz)@4T@auI@Nx*pVT}*jaA<2H8}?U@YW;--W-cdB
zV<0nmPJ^6!Q<qbqULI)Cb@{lsreVrk48428xA8b(H>sX=ZPDnyLd4UeLl`-02tST!
zz&Fa-#!5c<CaID>Lgc`{c)aQLR9!Ioa7Fbwi&D$JMw9HLF3?pOYO?$HB@E0_${qWX
zBz5_1s-$lHB_#D}KQd~oIkjue+`cw}+vUAU6D{+ne){=6sd1kwNE1FiYcKkuv-K68
z?>k~U&NXY&TnlF-ja)3@sJu%&=yl~X8Fgg*oHy1DGte{}rEem^j8I&f<;y>ABkLpy
zC{Amonbt}(ts;<#>Op>PEAHV5k*A@Tql}_{jJ<@&gFjNOvTqwd=@-B>R}HKotRFpj
z4W++<GDt?Yd?FS+T`gE|E?6%_+&{9hfmXUPe^jPtBEw<<<WHSx6PcMYF(#CQ&lJgJ
z5Aib)YHRC7=}l@O6frPzrNt;}vhb_)!BP0Z09svAe@GrkAHcKdWOz|)^t#Fol1sT|
zkA5!M#BbR@mET4;Gk#M+cez=~lv~aG*7-wfnK<}xWuoiB)ZcA1eV2jA#|<EIvk<uh
zXizRSqa$v2)iA<hGe%Hn6UPWk%@{#dY8)f1FoUJ)UmPs0XynS2w|#}V&sXSu4%KR4
z354N2Fj&g^mL%~v<K|yf{AKM*z3|}l<tFfivfH$tq`f*{vz8|gGs9)mJ{|m(YLqLQ
zP5YIGMSV_O@$EL~t&-yzvq6z+uC~m4XPwdKaQW`}1*~oA613RNcg0o{R8TgwYI}~g
zN?)K{zTtq~Vmc4)m*T47cVdtovD#-g0f)ZNlBYe#+7gt05b>C~+Yyu+DVPC;ekO%c
zj{nPl`yNe>^~~fbZIC|DQ~3p?QW!(%^Pto$4*6W{^R{YeY#~EqnLo+OI5_v6G7=O;
zA$uC-|1;YYQ`isRWBw`)7<R=!YK-&NQ7KG_Uj+qUeN)vT*bjR%`(dkUKYYb>-ttiU
z&$YDY{&Q&kH>2tQum0n`me^&5I4@8PMpY0&VTE32tEW<zBM^O_?+anrBQ$%W?i%Rw
z39F1wk1QG9BIsjJgO9$-gBIfnd<<AT(1pMZ2)+vIEC7fGS_zLUyhL`o*{%@{05fQ=
zv+-jCher2YIw<yO{x}#?&jfjyVm7<it2rABT%xoQ2hXhzUZ2m+BM04GHaltXF3bI_
ztd}Pgw4^0wQKKFSttm8*rW)rM1O|K)=^l;LC>O>J@m!L|`%z|Z=YyTf-cEz9Og=Pw
zd*XP%B)7HN4fgh=`Eu})2W90IRxwa%9Cim1k~r30ph|vvez)UYfZSrEK~FW_-k!%B
z=HMslcvpY-i;wp^KWV(Z|Fg#1-eNcHFE+3gCLZY{O2jPA{hn>Vv6To8Xf>bUx%eq3
zZZK|82Na8KBAn{Q*x><8P&m`&P&Xe(^P!*ZD$j{yj0%5DV(-3>{Zc3r*nc>pvjgV!
zwF}`XX}B4S!?x2eHDC_mk;=0cgFixsCwdHD_Q&~x|E4r@i!QZeD&TW_A-jC5CWdu;
zq9fr#TJ1-5>xL(Jt4jx~PqR%=v-36yk)wOl?geE}6++uF+!^Kl^<my$o99gu_>9&U
z2?lswj;IB#khltAyaW8S(=9Bjb7y`jMCRH+{(WgkYdlhjoMdBZjYqn3cL-shjT(lD
zt49)9MWcrbk)x1#V^eHm-c|UqJA3ig-$t7}SW2oH?GwV*bc<#5r9!wJW5o-rs(sS8
z(V4g@iy0tRsMA0^)r&`fU`_@4G}Fcxx<#5EXNrAfws}VTUhN?*kbDERvOz~;`503x
z8;TWSmD7O3DezK&kTXWUm3HZM`-iOY51~}M#Q|w+exT1De;*liY9RtizI>q!FSA{R
za{6`(N0J%BAVqb4sSeoFBP^^Jp@-3vsTn<)wxA;>c4%q8irKD_n71SyI~173lUvUe
zs{<5kAa<*bja8&TJ%7AY*V~x9*cs@vl@eYXX7!^O)NSq>w(gXTdr5}<Q5Y0th(O+t
zW&N5?=9i^|QZQ)Q)&QO&fyM@<P9L7EZ14)pr@2Np-C)Sa0j-ff78b4cW^NNAi%8~e
zbLW03gljA;)3qIi;Yajf4+3@7_QhA?k6Mgbs6Vo(e0!0@LqU8zluEpoW!whN{J1o#
z7ymLXIcc=aS(YdY-x%lnRmS|)_nKZy%wN3;$&YyAxIY$<+Psy}<e;?MC+&q{#YJ<L
z^3Ma>exXXrJgn0pZ7}7}?jP66srjqXwM!q5%77~iCX1a<mSCDXS!e??4!sWZMOX#P
z5S$x0O%kRC%nEnqY}ao=VqHZJ!<0V-k5?qk5iiTQt4)**6+KK8Jl6YLZMKBh3E{VK
z6UFPg3acrGnKKg$<1A8E9x&(!V?U#0=`m0E4k7Zd{cPpx02Xhspli2sv>q=`muNm~
z!cfaF)XL=jYJPCFT)?X3F&Dy^S+*OA3NkZ{-aY!8WA!(+Zz%V5q~M>UR9ZmY(niws
zME?UJ^s$AP@vI`nwG#jJ3f?^d!M9Us*{}N3jdsC;a3ot)k!V$>b?WDH{Ip(V(v?3x
z(wGm2@2VqX4eFr$*J@tzTIH5bW6#>KXIH4ZI+Xrep)|3Kf-IeaEM;sLp5@r7+|+I?
zF4fa1F;wC70{zHd7!+p}@#XH;u7vk6%%1GtWjE#@<MBp8AFCL=NQ}*P-R<WgGMFdM
z<IH;n)oy?(U_vs<u}Cji5vLGz`RJblGP_75z=X~!fM?_j-;c+oIutm4`rtCV9#b!Q
zgyk1yvK%kK&@A?jG{U8hcWj(f_4Pq@{em6Q%<}oTw~NWc@V9Acct&fd5b^e7<`67g
z?{%Gt{|sk79kl+5&2()Db@mbF_a)_<9;(X@L`&pgY`Qfts;K$)jHtUUQhoOz@*4<9
z-(p~MoW}B<5=KKy_pG#1Z{^GG$}=1oiYS&Zi=zg*gh*xvTh$looAQ+J3dATXI1&Nq
zE3ZAhy$^Hs+)i`E&tK0EfgaPn;6c>Z36V93N^%>8@Dr5LWtxkUXB81#h@6Hsqto}v
zCa3Qi{jq4KS860*1uJ=d!+_8<Q2XKDHu694<^5h1!p8tXzPx8~tF-h8xNwv46LWc^
zZag#8Z1n&!;S+d(%FI>Q(Ma(gDvq%@g@*RK`djof0w6ha$=0d$MwB>XH|jR0JnTJY
ze|-l>Q2p^E_|YS+@#M`%-(rvyeF6BR0TzB~WXjggiP7k2yr0wIt(@sPQzK^Ht;T#&
zNC!W(;v}zFD6i3ln;e*l%JU`;wlZChTS+|DXvZkD^P5!`Lz5ThH^yq&#L&oZ;p)=9
z(6<30e3lLS7JHdCBcU_0-{?!)_*;zlbVD=)BUyoX$IcxlWALq5aW*hmAX*IUd7X(p
z9gH(sA2r@foSBj*p8`Q1f+=MM#4wX#B*XCZPV0$1UpBGloxOWt&+}}IJtJfmjB;yq
zs9c8bSY0{^K-O>=D$FVcmuJEy#g*aHR9J-uK_(!a@+nbl&ExdMAHCh_kKW_JrHNBs
zy9wuiSwC7tF+oZe5PVuJ#_ob9kA^1q>%$D^Jn*pUdwp470%a)cOiL}!4>8q(4m32)
zuR^su+#W#o;SXRGgh(qg8>|#2;Pb2ij0ymU;fW(dy8t*cV<OlV-pb{ruHkHqMmV%u
zwSnrS*$;zVB>Q1*TE$VtdYzQWjgR)8FpV}6kcrhH0rfV=nZ{uc4+M^FaJMl*S}b2s
z@6EI($fkMeW`CQEK(|vt>7=kg(_EQK2hSg87D3$4A7vA9zS2uQH=8U?w$M4a0=;KL
zd#qwqls%ar3*mLBDkJL%mIKFx2c;ciuY3{G<^XiYb*4GcoSr0?>(Y&K38fHOW3ei=
z<?<ibGI=yABT?e==Av!Z6MX~)6Sdl#w^az^u~KL&$)@mnoZl#fl)d{C{q`S9N1U2d
zjs9AZAstLMQ&?I_R*vf6{fAt0rrQpzBSdcLO*=1HC?(Fek?zY<JF(jy(s=QWd1hYB
zBGIL(+wK@MybgV1mZ{@ukY~MAd3HSXR!$4FUL6fQyA>-PdAdAtetVp?Kg8S5nKB?1
zAyZ~sEy~+%6u(>RmtXfX^vlxy=6+eMo_{2np|x!nNI;5itMjv_=$HuqYg=OfKi|uw
z9lf0f?Wm0G)b<I~@(-BHr*|34?<0t3bD@xRVnVVk7JXdpO!jwGriFog5_H4n0?{K{
zRl0!x<ZtUS8U^DhX-!@&=sT;f>cVeXIj3>h<c6+wvIBz*E*bUBEIbEH<CC3EEZIzA
z@Kn43B^I8M#%F~mRBzRr`S%`G!pwB063F{8d~ABMO5iT3_oFDt1<mlGl_iVIBElJZ
zqJNYjEr#(j^96_uWlXzyKZbWTmqWL-tNo_QE#>S3x_(a*eoDuF^LexY*Z%>0SyXOo
z;p+<%E<pG`3979^{4=~S%oriExrM>`OgfCNp^h0Kmo>m?Resz@^)c?hcb^tN8+$<?
zBs^xw25DHAK8dvXb4-{c8TmlGE3OMFO-Aio4QRR+(e%+c77aDX7V4aaVUj*({37*t
zDKAm<`E(Kus6ZC{Ks$%!Ty5HEFfn!%GH$x6g2m8XGDgBc&z%Kr8V*V+5I<EVAsc4p
zCS$zubkv}M*et*?x`gUSaoWF<Pr93nZxO_|J)6Y02!!<q0d#q%rpp2_oQyjz=+wqP
zrONWdb56w-ohE<WS1bm9+)15A`LaRrtMi^%mS(eZ$B(A>r_<hVCPUsw8ZotEG1zA{
z`NN3#nCEc?nSG{5s#CV_WB24Epp4#UXkrmG@z=*$lwH~$pAu!~k#M!AF7>1uB{$Ab
z9cipu-(mViaU-jS&YQk;7*2f@BGHT6VmHU7TiYV*ga<xpVN11pC}tR1gXO(9wv!+u
zW3cinvAT+kR%;*$d4jkedJu{zWmL{Qqd<TuVf1oP8OeySI9HvBFXtw|oUgq9quO|^
z=YcL$yYQ!rI+A{x20y)y9MCM(T->G{Pu+uJ^?@2%L@3qxj;7d-*ZE3paHFe_r5?s2
zy_5RvtY@Lm%7&U^?0<QH_m}+MERfyn@i^CyTkMw5+dOsb=ai@$lNtx^Xs1A~+XL2w
z^PY27=+Q1oA@J>yVmh)Z&8b4qjfPsB$bl$EEB7rHC0|8A3Ra4-3-Gu>f4<}nuEliB
zz7_IUceckpmj|N3%7COG{=|q4(K%I~iK6tmd=$A-)cB>33a`+OQC<vI8(bm|SsjqB
zTPpVX5bml(7F`i8E9DvW7@oGQ0xDX8QO(5|{4do6q&=b(!2pYL`7@fmS`5vpf~mh~
zjVJSqvRgxQ7SjeuZIEw(_;Wv0&y@I97*Z~ml_!MISVN-1S1Gcv3rS}s4fdt`ESl}7
zw&@9=6z1p{n4@Eyw_a<qb@{5;E{Nd$0uRtCQ)vGqbYA|`!;<m^&mx|Am71sA0AqX=
zKPQ@)FBrR*#~@h9?Ov)e2NROWUwmQ58H1^PJ-4&uy`PP>>hT=@t^DwQc~AUc-Sw0B
z;fgf}<A<!L|5x*a`>#Fo!)Mq341Rd`bB!Nz${0Va6aTCD;jP<x;)fraeiA>7tvwh&
zZ2If}YJSN6OV9kU?)N`~AKu)g@xzc?89%%}#=sAneKvsm=lWq_<|zIO*Qjs0@K~y5
zs8wAZy?DG*Jvbb2m7u}49Dgo08Eom;aJBs4lNjo74)E4$Pw2a`o>1H^gx^FP>q@jw
z!Mz>UAw~@jDzJo>F_c3F!SAfs*;;u5HxfDJ6QD=(LI^peI^2c5y0m{@h-`QS6NTj$
zXNK3673bXm*!OK}+?!OneDpqsbaSbm24+_#uxp2p0DhW`aCbhhgF+T;_k=nfLS%-O
z;V$<v7CORd$G^%oR?H8OcSE4;4^7jiC)s<jEuNJQ3tyONEqZJPwJ3aMoNOOcGgmk)
zhUz^lsq(U3YI{$A9qrmWNgM};*Om5xZwujm0I#XBX?XE>T8xEp|H~KNE`)cc;g5(x
zpqu{wJ$2JC90F|E!fHI!v#{2_K?qN<Bd(`5GopF78LW0`bhc3KHQmag7PupW4zR7G
zCESVJ=v)FzxN`Fn?rW$hw?>EzNh8bVWGgm~2ns)p`wCO*ywXf`Ab>6r8>(@>;&qX_
z@?ApB7a|Y$Cad4o7XQ?JZ0{8Qs}RZa8~(coreJN(Mv)fHv@_P)f`7>s0I+U|oB5|8
zfBoJ@bxnruvD(QR;>Jh`)wnt4geKVg3J-h@<wKprg#|0HrvbqW3;qFDp`F=*yxA^?
z5c<qY4Vq$2?z~8^gLGcM4C4ZLdhg`k(`=%+yz=JCLIgb;`K|#!bR4=9(Jvm@@KhYI
z3Sr#6paT+Da?5(LsO|y6TxO<DcX($hZA|Cm#&q;4q8yzpXwJv(1XK%)AR&_0n@Ng<
z^XuDtTlDkmjpnRt=&u#pYlX4x3vKY)8-*|~-GJ*n!ooH1vmLn4WB*79ACX4v=UIsf
z6_k67>pRw!Dm`@QvlF@~-Nq*>usNMeW9wjKD2wusPD6YOTF0?kj6;B{x!*xKmKG$R
zulr)Y4WYI^!u&T$z_5XxcUqU`e2XX2r|$F%FE)t7c8Gbkf!OR`7U7{<G<MhvTvHTF
z;`zy2Y=*cWHoh(_!M4G=aId=0thSF6icO4!JNfp@U7g157Z)0`vLu<zMMa(L;AaKr
zf8|mZFD&MJBGlGPn2#xuLpv{5Ch_(KV$Tz+c!X7$g${jVGUbd?T%6tN6r*>6-rpg=
zR-+rl^Hqa5V=>^SvZIi>O8YTxqo8Db>O9IWr@*g)bUryz<Q6maPt)^teR_IpM5(vo
z8_Lc4xMP3f(yBDczS&^3Z({%H{V6Nk)&7k6-h%eu?g;JttuonQzscE2%PW0<6{HPH
zVUjj*!!2N9Y@(CxSn~7y#AbbQ7U>N@r%PZ8lrd|8@1U(r!We`L>6DAonZC>>iyH5%
z@^q#wuyPa{Fft^(eL3V8Zx@zdi1r*N<Z+916bkwC2qzS{+-QK^Eibs4Z|)35=O4bg
zliv|)6NF1^k$FX79#ev}0gN8ei-C7P6^GS`c^?E~qaDISHTHmO3bWNEO0Ao$Mr$@@
z1_V83oJ6RiXb)6g{Sx1QjoipL{OyLP*S*ZN7`90WW29beSA=2;V(!Sf+-PV=zC`b=
zO!=0Z+c6Lfg{{!-Yb0M4JkgwZe)<R8v(KW5vweTUr1)^ZK_1Y-3=7+l&g?-rT-~9W
zdP+JpI~$Ww{?>S$hMa~JJxC^l>Lk78fu%YhSEF4vQ+^QFeHW|tMFV+E0<Guv>Qd~u
z43#(~tojGFv6<AmiRnDS3)S{k&hIeTt3>7QHj^Lvl*)i>GPmqZ!JVDSQoVBXev>_0
zr-L^()NXiA@|4@U3){$oQSvZZeK5CJ^n$jS7?;LUj<~Pz7$fxU6BazrJsBGNUONL;
zFt1n@G|Q-$lv60aPvT&pv1!PGluwke+NjT`SXhK0#oDg<s@EyDE<FX^1#QaAc<S2g
z$drZlx5;W%Ok=#>#z+PE@Q*fLLVNf){32ib9wKWp!(_^Jzh`Ec$)ghT=_rrwO~@an
z`9n}5Iy#o~JSVEaC8EM*POC6E5l`ou{8I}tJ&DI@ExVnpiNu>RxXAZRkaPC3BQ)9E
z^&5W1WSHbcf!mi?Ok&w6A4KbZrOoB3aJj7b#Es%WL~&4P*vCvm=d#e6Vzd5M*8s8E
zu6+3|JlGe_cVo^u3{oB0$bw2#dk~`ZsTIPrtOTCKoQ*8v5rzCzq880h(uWdaKF#)<
zv+`^YqYIr^Y7RA9)u<H5<B^0dUOPyI!TdObTMX42wi29%0D;geBKAsnvk<29t9j$x
zZsFlNABJLWN2RdaBW)tiaED=1pQTor6o{-IW;}nG4X`UWF<xM;g$E;3EUb-cHQY#j
znU%0qSzl;bF0>3*r$|&k6mi(-W8gyRt@?|3>TNI>G4#)eu63icDXKtu_Va9cfNp{0
z*-O4UIzxpwm-fdt3gIKuaQ%VxSk$+bleM^9(mp7a?U7nM!o$^GsbR=&rPUli0#`L!
zFuPN^y_wQdNzD|H%!%t&5AF@&R|WhkHg%&A!P6?x!Sq`;{|)Ci5#xhy4r8npq>9|V
zDh>WlhV_KS7>_K%x4qmXh@@7fG!aMbq4GSe-XDy`l}MKXFJ`zaOI;`9oN$n<Kl!@h
zFH!sjUH6p+9cLh)gkQtjpeaJ+1-ydhP#!rNqnv7G1+lNTpN;ho_JXi5eMH2M4EExF
zj`34kJh;PqPimk%1r+}@`IV&7^~$#@;Z2>4a9Dw}a~VF1l5v3lhJ)6ZS{hyp<#MWV
zuohKYtD8Qh#y0Jg?^<g*?}Mgr=D&RvevC3NRooY`l=W6#+70{>knk7;n)oqPi#y4_
za0o77DD+gXZL=SkJCz^Uxeui<EBJ6t`=)MIs3Vz$i$?Sq<127l20G;9o<pmBJ<iFA
zb~fQ1@|x#Vvx0}&6)x573K(5bwJUgOt<B;u;r`j1+nH5?LLoV{{j*n>s^19z!9qrZ
z{uW+K&Q4G0fJ2CsaH~Q#w<<Vk;s1Lpi{t1;!@@&NGxSDy-ZU5!cvCLXKXXo;wBx1R
zda*NSr?GPSy7rMYtJ>`Mr~=izkh8NYysosbmoVok08m+Lopi-b3s-W7II=f*xozPH
zuWDRam_fEVvvJ{H8ML~Cma{gPeI_RLxHEi$(W<Z@g|85|Dhx<xR)tY%tebJ8tv^#j
zL{GSiYzu3=(liE2vsK%IVM86w3Vq=lpf4<zKYCgZn9=+t$TR2K2o(iMbVM%6AZ3uP
zSqri-F?C<zfgj1~9?b<-^kK@I>B<row4~#YJF};I37dy@@PR183Jn^rPmf*lH2P~G
z4Gs$na+{)8Ji?+n^r?%C!hV6G%--VB>;>3dZZ9ZLqc-%%vjX)vycL~RA^avc8Mt#=
zrc2qBXPYh4e5%197mtXcfq)rR1JP-&qCj+}t5}FU(Th!c?klAl3x3ax1uQ>%V^WHC
z&|9H>Rv0cc7r5=R5PpoA3lL_&&uA`i+dme<6ICArv>BjDQP&gmUg|XO$EV)MeN0>V
zKc7$@{rj*HXlm%|AzQ<1>5QkyNe|=Q=;evc5RE><*4-Y}fPnc|VP^4>o_7r9Nt8N>
zvDo&u@Zv|_VY2Yr+hby*f1Ot&JW(BjF|gW!6ZFQkc4|1bLdUTw+JoLt$Prd$PeOY%
zeVcBuLu@=?-k+{j*UhZyZ2ujXQfI0*h@mDM#C6Ei(JU{wLfB1CE**yTwnsHYY@>;|
z^K!*vqAw6*1}F5p=^v233&8Zuly94AG)QcffAx}Xkl<VhB=%SNI1(>A3Yk{3NubjW
zP0vxxA`yh&9#Z+47Vy(0yP+~AOWmKxg)poVChgbOQEHP18SM^#Gxi_!g7Qbc5AWfI
z2f>4uhk=@13cal(2RKz1(Aq!5{XB!}n%~LS{9FKI+7U0T`b$@PVYLtA;w1AEuKORp
zhSvS1&n2$;Rd(A)WOclb?1r2+tVVckk2f|tEpNT>L=9uK05Y0M5>s3=gZCO!YN|<F
z7e=_6{qQfOImmB%KeGflj9c-U^36|j-J&o0sbS<+47K;ih5y(z-Dd8lwLf1i-+B#q
zQBk#*J}D-}Q%(xSk5~(k(Ip_NgA`8I=>IjJ{426JTOTkoY^Hv`fk_jkx>X(j6fRbo
za{ZOCy8W~r@w8eA6DC);tLH(urs3L{6b?C|Q(H(;D|cb8KB<jX^p|4x#x~;5=@<w4
z5q(_`>-Zq7<NNb<d=S_1{Q>gj93VVT>;5mab-zjv69(U?^pKn);g7;<2V2QMb1&{h
z-D6tCkLgf-5j;U?<ZnBWMpUIzJ+x`1x{A-H)+sC6QVj*J;y*l)@`>WpR_*Ana-(_K
zj={x!(muYxpU|GN3ViS0{Zvq$Jy`m*b~@7lbSjtxQGR))VZA=6kgeBWI6ZN_e(}D<
z{7WXhi<#}RA0@myWZy4_ce7IC-P}}ockFz`yJZaTehYZF3-E5lfOoshcy}h^-CdeD
z;OT$HS=fN{bgf<8RQlx4hlF;oO+>rvKkHI$e!DcRyY5fw7s88}n6OzaW~^Jvv95!|
zQITLMMxG~}ySS-D-#=3uq2gV=DMk8+Qlnk9diuWh8JksY_E&#0pxt=RP8k26i+62y
z1Kw@ncy~B$rp12}-i;dZ?)rn^-L*!%JKJSrt96EV@7M9J$o9Qb<K3|g?_xkCSXcfN
zp{}QOFTBv7X;21tFQIjPB#mv3;X()Hq=jK#2aqQM=H0Df-p+J}c^$%nJsk6*VKWZ|
zi4gkMfO;=6px*QzJEnhzA=N;*v?t8_+jN!>A#!q>nus6)@|I~Zw~m2d8-m~0IYh|S
zH_5V8%-g~+Z&vr1w_op+n3qoPbccDXQsUi~9`J7bzX0#H_JntV&47xOco&Bl<`<3f
zyyLs*IHBDu?VyjeZUi8LzQ+&Mdabg(z;%g4djuCb0FKzKtTCO3ig&knYC+Zanf$Xg
zemTW<D0tV@ej$7|R!azBm<jKm)XRi-`<w7?SC4qt)-B$(X?XYELNneS`HYTtIR{1q
zE}MpT*CpWHiwN%mVdpcvdx?d~E6&Vpt46CzIn%h$*3b>!eZ`1(|B;Ay|CAE%It_TY
zMX5Z%sp>G{-AfpNFoH!lf<#rO=m_`+3rD~&aRi)AHZMfL3nwxJ{0Jam+A=YsV8(z$
z(2%@GszLnQ`a#|Y!b3II4S;$tA%2ti29-fDziH`7{%lU;t8S64y01^`K?3~-zI`s*
z4#FY68|F6bhF$)M2^k-!A!C6dV;dslFM0iLx3(pA^+X*L+f3X(&l^{dz3F>L$+L!>
zPAW@XqH+PZOXA%n%8y;i`)TWqczM@;Bf~fDPsGa=J>%tv^8rdek^(OeZcpMnjPt1R
z-HNURzI#^9XT>#}0be@^UsJy@eBG~|debg7bBHZ?>uCp5>aCn^!q;}d*EWu?DdDjV
zP-M-19beB(!q;5*l=J;Ol8YQ)$CW!7z8-TI?UX%aN!Tg-q+P|>UwWWp8fYDW>RW0s
zVr&PsQ1P}I`kswmIHi~rl`Y-E@ev1%u=_MK>@H4b9+3`dC;kW(O~sQ1QkObev9(K5
ze-%Hpz9X?T2>@kQ8-n!~58AnLbFJ6Q2C!ZnU|`*X$14){(-QGHX6oJWG~x4`_Z|X1
zXTkW@z>Mf`7JJi$TbUf9BNi`au17phBM(rA(I9Y(%>>a=sRKlR_AbpN?UUL(p+-RI
zZGh5$i{Nk-L+NdR(yvZu0Jj7Ozlg^hA$x8%v*+GTwr%)1T<ww82$3<WeVWS3ga4qy
zb}E$Q0C%+=_4fG8@W!&=1ClMBK|Vz6-2v;Fp*mYNR8#snx&K4t!j59-*Zgf-PXTc6
z0^r`41NU5$k=kn2_VW<FF9aOGUh)Ca+&^t2cU`zu^-r5&@K0Nw#t#ckNKf`pJBlE6
z7lYK>g@rZtwX7>SVXIV3U7`z(S9R!Eo-Dc_F=Fb^IdUulxm|3=)R%J`@*`=iC)lPn
z(GqSUI9-oxVJF+NFvIC8YP1j;k6~J-u7{@#Q;V%XAoFB#rw)_X+0_hN7c%dXH<&3o
z7a=ae>TGUG#&Gh4ss}^)QJ@8d*dQBsJi{0wp=_=yO0Y5mpw92HSK<j~<hdz2Msqrw
zmQD%{SmN3=gVz~FR$`F)Z{&4`kh+b$&Omza=6E{a;C1Fs@H%rR1L_h~_2ok37!Ig$
zmKgx`E@nhtYDod8s}iOcXBN{WJMIC~Bnv-wfctXbkfT3GT;q5aH-IsHf7*}p5Mb|O
z{%io)e@B3QyN3XK7xQNWz&=zR5d`e3%z(YXj8|2>UZRasvS*qZua{u==$>$Qr1N=;
zXg$nvnJ;I%av>(A<nSE*z|fx!`DNaQPSu}n>P|M1q#b_Y#d@)IBe}Gd_9Al0t*rsw
z+6o!v%XGC<r3?BL)IXwGqyMg*r&8H&tI-a<z-Wg9Tz<Fa4~I=84@iU`KOW##=p6@)
zsQh7@!4vL%qbrzFb3payV{jbf&LA3poBxhD1>4{eR<&v{B_7aWI3mqV`GrSyAnw*Z
z;qXl#TAe*c6n+$;@a@bT4uGQ&etX_91ymT$D^l8UTNXMP73CR8es1MP{5{vyPqK1z
zf}fim(Kmv$oSn)vqkkLGQ)$BAg%&#3i5?8R6O6`ZCbcoiH3IKt(k_fBKry^>Q74~x
zF~{9vlD8SL)+^LQ=xw$begB0QKM`9$AYZc)+}ErSo17rNAGKIaj%H5MR2oZ>ZJ9=B
za#Zy)yPF%G)yW`)M?q2Imb2nUCi!!kfk}>y8=0g}T*I+wH=aWERg(XVI$5W4Xyi2d
zWKGiFGw`+Ue|DpZ6^l&cfs~%YrGt}kA7Y;HSoC&_E894}WkN$)Z^YGANx1raAHc^2
z?Q!$@<PsfU576z=Om#6CM+%IoQ<8kjaJ5`OYF1s$0)nrZST`VLD*=v|@qI;T<AWl{
z?n9IN_)LyRlzke#fU5(5t3h@Ut`4B`gB!rr)&q(1PgIJG__~Bccn}{mRl3MAotiX@
zVe1_?q3wE(30J?*J<uM2a`L>9&^IgF3Err!_h{HUR~fCM*88>ifP{OSQvVLnw?xCx
z(9!`W2;EfSmA+yA^UC&aDyUNm_9M{$MxBFL__a26NYTj;De{u&#f!G=HOj*XkH3A!
z0FV7129LiUXth)+Cz$QmI@V=@M19d~oF<PlXHIp1LQP4Hp~hE3YwaG%<3z3Lz!<ZI
z@;iHx#_I^<I56|I9%gFDY90@zz~#ii8GgxUDV!ws`JAS#rlHG@G{p^FEoVJrH~P<*
z@Ow7k_vU4U-^U#ae*ZU~SNZy;pMPFu<-LjLRc@I76VIz$Tie}vmBM@f3(u=GMGo)0
z%3b&V=e){)&a3?Ayvl#htNi=Ut6c6epI6Cv;6LY8{#Tq=*>e8>nDZ(F?&;~g%B%Mr
z_IZ`s^Z$>XSNS^k|HgTh>ZyltUZvpI|JTl|y!@!q|K%L+|6)JLd6h(bo{Ro3D-Yei
z{>%G&kDZnRmJdpR<vsa(54%hA_x_dU@BPtTW>}uu0p@x_svlS^s{hOKl-}MAcWQ3f
z+yh3mSX5ljLHVo%cW(yDr&)QPQSR<tW$^blf^puIDR-v!_r_Vh-B>$)U;9dzMQ!$%
zcbd_8m4?etP;vRu23$Tx#pRtTaQXEaDRB9N8Hu>uw8c8PM;DLXy$y)`+U|W{GPs@o
zcLrZ?QT6pkT>ggyT;83p_ZEy@4rp9A*0<2q!?;BWZr=k;Zr{#Cw{Hgr-P={r{UHP0
z4q?GM6?Bhw3862#@%Zkv_S7+Dy^UylQ?KNn(a`n@={!K%(MCHx=}CsRuV4-@sD>j;
zHRSzg)jQSzxN{Q#cMtyFC8_<rM;_GQI}vX`k{WNHV|4glX||_7pW2>o-uZq+L(WT+
z{a;k~7lzcObOTcV;()rp3oM3G{4o`;n(gW^w)0#Zc4u<4dJ!|LH>hUy*_v5B1pSZj
zJE%v@OxQq89WZl;9(`<oX98}2$Y@vJlHl*M-e6Z}?%f1DE>aQu`6k3J8tv+*ntWXb
zY3mM#*T1kZyneC)uVWj~zeVJL-6=nFjv25|3?=(>2hhr_`?r`d`?ab+_axn)d!B(~
zRm-~S&h6LMQ{Ch83?nXo+tgpO@<uBA`nd<lzW%(~z7ABKm9867NJjL8jWLG>n$};X
z#TmoJ^=C7y`d^YUF*4S776yqkRipZ+s!^Q)G2^CWcW%<fiEube50cES>P|VMRK>y@
zj98dIeXi7qg*_@3&SkzTBEn&>3Wrr+6{q~qvvpq;(PEmgs=I-T8!0f`m1I-5=>FTo
z6a2R&9WPHYd2i<%$AjbD=AQgfoO16o0qv!CB>SU8b$dC}9!$HE4gsB}wuSkZJll>b
zmfA$_T@p|oxC2tI(val8EgJo|F=qNWga5X@-C+MNGJxBG9R~TsKq*S0LG1)>zbQ<1
z;4ae~xGM%jE2nb@Zjl_g4Y)R&;o7aq&Ko@F-`B|=+!Xw;%!p%WCOdF@H3#l_$qw93
z_S%zV2{-v~qqjG6-^MkE{Nn=}e09nbf6d_Qu1<>yzPc^ST|N76yV1Vf!0gLC`fvMV
z&mlw|PZ7f30VKPYBUzRtS8YLpX_=+WRZYv7Zl*BVzPy3~S<hhP+J>b=n0+u?u9)2#
zr<4vM=3(u2j*Xqz7>J&YS%1QB_eYENn3?|2-6C@b0<mr<-uu19fM+}vcV}8uJ7eh}
zbTC|^GJHV#PCov0=sQ-N{l*KZScp7gV*IbV_WK4p96pW?1=le#W^;L>V~R!9lLuaW
zg}?X;gPO#(_}s~7$aD*b`t(o0Wv>`*w+Zv#I}+8a%`V1{xb*a6E#g$$T+zBV-uVC6
zdlUF5itKTGCYdC|*~1+#2s$bOk3=~#0-Aw@bVCQD5WoXPLBtzjLJ$RllY#Wkj>cUN
z+|^xl*OgrrP*((0$N`z)!4XbDxkRX8<W!RYA@h6hRd-MKBpkZm|9AKM`7fVOnC^Pj
zuc}_XdiCC`s#jcIbBzU+sd&NnfsH>WTZLE3x-%3%kG3X1%|uWx_9kH<?;)93H&yk}
zOk;KMylBz)shrh2`A2AuOy1GCxIaFlQYbF78~k|120tDuUyo1}@ZQcrF54o(m!Hs_
z>-m)yQNe4l(k1U2D~%O?x07CrZ-wHqrX|b$tw|5wN%QZZh}k)ygh@22?TTr5=<n*d
z5Q7zy9$Rb?d!YjvW)#uiK1*17O`PTt#h|HTV60W_KgM`B!854)?$TI<?dri}JM%B{
zSQdqW*LWrmG{IBISAy@Y1iqEDDJ_O2G)s%->EQdwc8;!^AJ6-zI^NJfuNnI1H1y9q
zgkgY_V&E&g*dy0)my_=hp6GVn<0Nz~A9X$;6tA~YT-hNsu@$1??7F9i;B&Mh9(w@V
z)w-3sWZR|{mj(;YLc0$7u)-_e4zj;q%_+A)r`!OC_KxGpK)m9hF{t_&H4yCw+>b(|
zU+^WMq2ir22A!4(IDYN`SwN=0c0Q<l>;2gpLS2pYK(L`}GcSrO$fdES4Vy~eTA-r6
zvY@Z`B&hkrTc|_Kdom7MM?UFd=f{vRz~<>N0LGkyuPi(W^-8eO0Lw@}tZ8-Xt^vBX
zHH%-ixj;?M4ByP-(Tz%T+5RE;{$govWW1i(EH{WSGDtZ=jS<X>Oy+q6Qu{yZ6ouba
zdXHICpxd8JY{KpseIbB-UlJ|iG~F(sRFGcxSj^zjs#koUy8l)59Tt3VSS?Wk;@*4V
zrOMDzim#xz9M{LNcG}R`^e|r+`y?Knw5r4^9)6nc_%#j5SK+^jru{nx=GJ!%|0Rwy
z_tZGL$j;QtQ(BCPMXH{arb~HCifZ%FT}yrAnj<>1UBD3J6#-Fnr%4oDYBz|YTVkl0
z1+u7DB*qT;+!$v)*X-|x2Kok>&J(B>swz_OVh8nPJTjS)?Ruz7J~o|Cw4RV2!k&n(
z35n`GfX%KAann`seU%tpBQOEJSC@@&(l%JKjr<e`Dh16f8yW42eKrHd(oQ!K-j~J1
z3)jA@!0(ck?eyJEu^!=6-F`{Z8g6g}hu+lU`oknW4y4_4SxNk?#yIX2e83vI4}HR=
zP2|iFe*cjY_Wo!^#ot?I_14D=&llHIP!-=Z<U|F4HFQJ0kuy3a8v1#Vah(YFX{R^Y
z_jM{kzduXx^^08wx=PK@h1^S^<Ajpy=)R*Nc{ss`F0SW(<(TnE&M}=8ZhjC<l}a25
z@5iYEvtTwCp~cmw$YD0on!b~32N+|!)W}F>4|1z0O{p-9D}JfaMWhU?OY^}u8zY8+
z6q4(r>wnGgZ4AG@I#H|S5MD{FT~EBJiVOH|@EE#15=%egD~;Ym>rCT{D=_nJiPnRs
z_&%a)M@N@cm^a9(Yfz8I8zwazd!B*9$}BvazOs%cK&{R&qY2r^*zPMqEA&rGmi)8m
zn9B20$&A-Vo{hfoT-uZd*{)gRfT<g}-Iszyo}^`9PbHm<MCX*yr47xGkGgn+T%S=J
z!#@wzo^yO8M9;T03m;W$fa3&2Ch19S4)Se*N6t0d8&r9Bw=*TZW@Q>RaW~uC3L1ec
zTW^prN4<#@cpdMq&{PBe?VvXdjnGP>YlA2Z*^s_Ay_T_dV5dFQh{ohm*8c&#T5D9M
zD~_LDhXEk!BAtv^X@QyhCPe5<oxe^_APjkk;ZGdH7!5;IOF>MLKbtU718InaPBcp|
zv<k1#?n^VKhuWMae`V-ef>>5j)fV+fi)T$R)6Rv^5im^Hnne~VnC&30g#qm?bHFPZ
z5xBv~U6q}Ja3>`Mv(wby4D~lt{T0>UJoR^s`a2GP-NEch^jqaar-+61>BjvWV}OnE
zssR5oG{M;8p1KIwU!h|C-g!Fu`NYZCQ8X7FM4>wFjRIZCw;33y=u@(VKn<wkZ%g6L
zD)=fPTj;~uC=P!f2K`mW<4DX%6N;zf&3mXu3d&Wge>lax3~!@KuSu^Z&xGE)pLC3>
z<RHw612P)O8?a5Jg|3^dF$-NCjSF3m2*7M{+<ovj{=q3r%m)qi>Of@!G56tmbO41$
zsq0J+gyed1gk^Krfsqe3)x{<O%WOZ{OybW?5<{(iY$ji;)6FE-tD8Slbh2!AKt(In
zaQ=J%W5&9lV>7<vh|(`K%j~_dL`<(`jWlCC0OA3f#qOI;9*J;gu#&^Q^rt@QJ41W5
z`mlE|IvFAT|03?O7;qTpi>vCQ*X7w+b)UKj`w-H?KLHkY(baX7wcTN3ytx1G{SoiC
zC4a;c-5+u6k^c>U#BVPC75<3)i~l$L5t}aluRr2H+8;4I`Tx8>V&^6Q7Jo#?F8}pM
z{44&5{dfL{`y&S5`Cos;e}+F|`I!IuBmV1;AXZp3>R<6kq>a8ne?-6E{VV>67Nh>J
z`Xg@bWcEiy?*E_gM}%tY|L^-FvQF3kYJbEStHB@f&dBrmBbGmZZhyo>BQMk+@x=50
z%l?S2y_)(X>{b5;e?)fYX8jSn#{b9rBYN4+>W|3DxB!2|&c=G(AJIAEeEx{{F!%oj
ze?*q$0{sz}SbnWPV&mf%;E%Yp1@}jEY{C5z?|y^xMQ4*gBIC-s2)m-Q=8sT1bAQAf
z$Xcr1ALh=N1CK3pk5tbUf&rcFko^zf*}{&hV<EpfdVN@m=&b;2K7Uzu@mir6&tu}{
zW96c<!#$Ff?85zxRid)t&O1aUd!avjp`_IDBT=M%ci$u`1q;L$m2BWBybNsSGAO)^
zhDNQdgz#1{wy7U7rukN{L8e>13LeC3yl{h#vcqthm%1-3S{>yGu<WDS{N^24+6On)
zbT!=1HT!KClPn$BF#NhYpBe7u+RbtvQ!m{D`X=#9x3YFx4EHliO2j=XTUm#m9ZC5q
zdh=R-vh2@wh)QmetYnwS{>Q-F%`cS#%W?P{oHp6j>Cpb%`K+O#5hOzHeE76frVGn*
zi$ujomzG6+Fxkbma-g6L2?eSLQhyX(A0D|KFJ`lU3qtr)o!Y!7up@wcWm5NVpfmjW
z3-6#l@Q-0qi_M~Mr>75|8`*_zEE#x`*oQ>KQ;&)M&!~8RL7C*wwa|v2j$I>pV-TIO
zdq$YMXS&)w(66Su)`-5Q3LpFddT1!^2gC9wU2`%LR@Czm-hq2=Y|>vZi-CewtmqVU
zn4jk}_17zpsQp#P8WMPaz4*22r%?J;MrZqprJ_=3uQcy3GQ$Ho4ih}~T`6?Le2*xD
zwk7ylN%_V8Nnm_c^7d%Qbp+9$D7vZ(-7qsxyI!=`!0*(nMc3!kE)`c<_`gh1X&buJ
zS!dKw6c7R%#J~U_ZG;>Mz&tT9@bUOA7Itg?3gDe2(HnF~u6j>vSqX-|Y*R;kU#a`0
zZV4@;G>$J{*#g{p8n~6t7l9q$7+-i3<Pw!*xMMLH@0jpNAlqPstZ$WMQFjma7nQ-#
z%6Wv-yE^%<v1<E3PqwGmu#Uue@#x^A50t@<@M6^auMe*=(wBCWndn&`(?2oq{#)%>
zHP^aAYvm|t`R{jh2BK_*3Z|E_d%*rP?;q2TUkakNO6*l=7hPMYSSvwTuV>vxu0Z?3
zE~XwM^(dzT`pe&C8JUQ#6NPOF7_dDnx{e9IE8}*T_mtJsUi8%zB+z^4k1dnXAL36`
zlJI<C6S&_Dmy~15Rtag^Dc1+8tky3wo<E1IN|#F0`3*7kgjjwmj?i{Mw27R~p(_k{
zjr2QP{vTWXviz05F#qq*mcI^rU^d7I{FyDl1Ed$BxmzUU22HI+xgEVt#bG+vZci^0
zU3H#5vj2KHPzZC=L_6}W@^h~1h*11GvG!<(?AkZw?p)vgf_}0x-aa^(^%fsB$b$y!
zTH##l(2VLzgTJHzOr!>@=N{VJypMfiPl5@rS9q~1kMP=V5L`|tODFT9Kj@c|tI?Cd
z?rVv2nawFHy^!6Z7DDkfXmt1;pv#JQ9Iohg<#_ywbaMlkW)a3FM$gY{bMX@n_sCpj
zHB2u*tK+i=UdD~=FDdI{Py7Rub|xZ8sa3L4CZ=u>t<~him-}BY6dzQngM-t7(r_B+
z4-yPb-(eWw{u@OvhV^-s@Ew97%c_!KpnC^6EuL=B49~?<V8CLeictJp3wK8&X%=8E
zfB#%xt>-GD@bEy^m6lrrws~Tp_dLnlX!U@;8<dq3tbk{gTxWn#87=Ba83vmU#fT#&
zyuc6)FJN+asPsyrKxR?;S;C7;k>FsZC55JPzYwQ$2PEqY57<e+*&<p`s5G?Gi1rJT
zQYNKt@LY)m09CE^3m{P6r%`!53`AL3$2KQog<FaK!FG&<Lc(s2D(vhe?9~49w^O==
zzcHM*2YDaNQSFVSU=G<CmA?!Q&6%L?3wDo`0}~z4iZdwIp&37l%1o$PqU2ibxdA41
z3*AntWIM2`vT}tO9IPVGwg(3jcBG{yXI9uq*c@QrB_vtGUzD0Kd#fBoBr0JD2*oPT
z^}Gn6f^s9Gghz*=2!~pPN|lMFgrCh#Na7zEDkJ*i)uShBULKDmX1=;K$vj`7KGnbu
zoJNy#4>W_`sj`8=yt4kjI9vHgfMh@BnVgG}E=2z@kOV=`pj<x%x#;bba7VDD$N=+2
zJQ<?WUsj?G0o1`Hy=qWOR4B!KOfy<IXqb<EHJ;8S4X<RSwj_(>AK;|Q_-~}og0@#U
z0qVjpV7pL0hQBw(bB&qbV&6y8Hu`|ARQ3DCz7L0Y82t61l>J7GnLaKAPB2VY?djO}
z^VR2<;?IfEw_@J)`C8K_U_7{zJW1%70sg{R2NuHz?vbDk<g3Hm!L<WaV_fT|+UYtS
zQK?34CGZHKIU^KP3{d|Fc&YH*2K^Sl5)q2RkQ2Z@({4lYjv5RbS*r^7)x^hvJS%xy
z0=&x$#)%}!9=CBxMgtESN}W>-;~DaW#K3Lv`C8BY$SrL}r4h}q`{PI?vYv<orVPWU
zG|x1mSvQbp3YTj5xO}@gDhHF?=&gJ#qMiRqLQU%*W_beiyP6zZt{nT61XYju!Jb~r
zK0^x@m|mA>MBngMoCJ=;P-J)8!EF52#IKt8;-fjXzrC|zG9zubNXs9vEvYnqZ+;(*
zD%n)K20(4LZbN5Wz%Cu!5NQ^^jl(As`~t^MR%rw2XEE>Yd@(TEK~g0jr&^LI_u9z=
z@Q4-ELQgKvoRVuxp;NhLelDJ=2xiT<Y0?5jhZ+V)wL3|BOkb-SQwLeEdi03doZ)hA
zrx1OYM9;IR<-3)i@}rZ~6TAYCQ3YhJ0#{@y&V{n_2vlI9UIDdq9iO56BRJK+Lmra&
zuv$M}{`=ALNxsglZ7N^2$p9yUsDORKBw*dDfVIU4*nZ~~uu=JH`W7ddx^Q*#@-;1z
zh-25zWo#4q`a6=ZgB>7X_ec334I7jSU@#0pN#s2h@$@A99L<(WG4(i}X9D;}5CR+7
zmv!0!DTE^bbm8{g2Ws`<6XgW(;3eyj2gN|2=^wVYu<tV)`1s3T!O!2E;WPyL_38$k
zAeJ}AvB`uxn}{G<x6^!y3LZ$XXxD>XI2%-suf#y><=BPrAsB_8ZenT$3MbILSr6W&
zL`%`i=>Bq1nQAvpuiE%il^$NLz~l%!RI3kplry@#MZHr}z7nk)NdHEfrB+L>HT(>q
ztc1z5{aFO%TTI;qT#~I+iPkUBHY$FZMlt|gyQVw_%3n_)tEZ>zIs__Kp!Y&KV0(FJ
zV89}g)`aH}fj*a&D)#u9L<<fMywCk2(7_f;pox0!l9fYQN-Z0wLM7#H?CAL_C+SK%
z_IIwr@Ur?NIMm91;zJFweGy(l?IZC{F6)WvJsJJT4t4t-N*B!dW*D^9fi1u4Y+=F>
zum_dn&=9*@*^pin+HJa;kB@IKzEOlI$J1*=tD1vXYwXriR5k*VKR~8D&NBzUP<dun
zc54fJ|K^5BX+9!U&XCU)Sq8?fnQ887Y{E1~`%s3$WGGWLVTWvxq2z?nm1?1~vKESy
zz62XNFmMtT&s<P$bbNq4*Q+0ybWmF8@ELQ9aDIj6LT|g3V^m3)H1KLUE-fZv{i{)h
zR5mtS``6E$tM;V-fkERsKBddFwlS^~Z5})h6atMry+%%58_JEX9}swX#CSe9%Fm-Y
zM{fZY+RDhH>_J_Zx<PW43G>S0EWkZMC>0DUF>tFRH}xpAb7<hwn?zT&P`rXX<F^7&
ze=R&)U`3aB>m`y>BU_J1sV8t(M=lJGm&&_;C4=Trh^MG;7#8UL_hEqnb0iR0Lh&U0
z2tFV?40RDU>r^7N7+-PE1o1EWSkUqiic=|j1^GbNv%#mDGCz;Iw#OU~)mAFGstSv8
zQ9Zd7P++Z|?O?@~KExWYVO>v%M>>-Y^*M4f5my|jHfp^fgJ)ip#O4;&T4G!D?nz^d
zux#%Tp#IQ6Yajo7z~7~St*z(^3SNwsC%fu|d8;_$mAr-+OPy-ph8C8vsw^AOhR)Cu
z)p3vpIJ);8i$p?)8ufK&FaWKg9ojqU)uF}Fdm@+9xX;w%p7Z>4;X!J|u--{V-v?Cu
zbB${8ME_0oP=lu%qxL4?zbv{BN=~hlknPV%<!9nZYK=i@at+b>5aGZumpG|$LV4>s
zp^|aCj7qIkCIx!80OLB9s?n9Ik;JRP24MwG;el|fdUzvMAp{A$>AP`g1qS~1C`hh+
z_lk&SPoX}Zn5$Gv$mi9vkW((ZJ}(qtJ|SfY#1<|o=5fi8UCkxZKsg9#y4}<eE6*gO
zy!&%Q6M1KX&u$7Qe>fSLN*&4ucF9jTiRat7^0XH;VKBzWrq{af4#6B6Ih#CdFv_#1
zf+Wx8SCKq>$YqdcSl$LzWKpHqA>DT5_H;~r{6C(xK1;|;(nOx0*5!GZDpj5{cwl=o
z8Y1MMl>LL?uO)p06^3snM!)%Pjrz?$@tgND%oK<IbHleSxFKU810sX^tqolgMKxbT
z^$?=EA5oRk98OA{sH|7LN1LdjZ=OJbLKe~I6f10pDCBGsU0)Sm!rLB#X%wd3gJXdJ
zC}2WM@T9SF2nw)Q5y7vf0$F{(hUk45T*6X$+ps)#lU@#>PUdKJtm!p?cZ`mA$r{4D
zel_7;0C;89zYB8`C_FHQAT!|Xgp{a&8mkO}=cc0!F^S`u$MK9Y)bB#^tv+eQm(20?
z<M`|*e7t`EC1Tdm5>B<l2(8{>51)+A|CMToEd#{t{l362dVi@*xgPsVPW_I$?C3G%
z&0IipK<rgu!E!KSr?NwgZ3LFqN$<v^e1-@e#RXF;`7y2Jo3Z46eH(N+rqf4Ct)_;g
zR!HUbXCu?=^+qxsuOu=#2szu^2io%s@#UKEy}|L7RS>=x5Fd^|ATnYlO;{g>9qM(m
zmR6{ZyAQr+clI$3sb5&1&+3fzX~*l6#_MDK743V>gs;4U@a-uleDC*0c>(<_`)>oB
zpyX7D{ua5)29VsjuIgNp+%<()k$;kk{T#KmXoouyEA)8?40RB38=-`Ic?q+43AaKC
zYX6sO{a=Co-&^m0TudUD-{-Plgqg#FI8!&uu5wuzLNmuDB+_v9fFiFVc}9i)j%-G3
z){>iAW1%g0p*wEW3au|w3tbBkR&gWBr+lyl(1~IhfmGw#BJW->Ez};qm>m1i$?Uq?
z7)ysE{<DU7G9rHH##s4JCM*&5Ry3rgz@_cb%0^@QUh;#xHWl_o&8st5B_%ZXj>ai>
z{jp|sE;91f`2*(^(0|sUMv})=(|&!F-?)AKC%r!Y&Ptc?Vx#|L6uK-!BlZ1O{5?y3
z$N8J)Kj`6V5d1LvBw{bL20N-0dMR{CM4!ATf1pm@&#yxHe*@Cju-?@x2SjiMFd-vj
zATTf!^0S_<6{dK?vGd{6KY+{uPBh@jCOqvqB@Tdi0qGK=8@dAne|R5oZp~N`G5Bju
z_<CI+zQG*dYlv@d6kl`gNmko48S~zmVQNpa?LVWoAM^Ljh-ts<e-M;~YT327aG;d>
zrR3TSI@3N}_PB&>gX2K?5?T`KKsyxHvxP?zEt>s9x)^@}?E!~ypwBZa)qbh_3<~@_
z%_xub^B-i7G+D=S)p<m6{X79G;#GWsOAbtPfF16En$C9Qx_%OhgQSLEP0=dR`H$gW
z(7`?e=sDAYixr}hZ#OTi2);Bcw;)XSlL0=@jk15DLtPj+f{W(C!#M9`ld}a~-hf<I
z3IICZ5q?8km&emG{vmeHSkYHjFe&=^K~_SaV<pJzuQ`FZdm<)&qP8A^>;8H4T|BNh
z$V#se24gHm<ikMRU#;ou%7N%7b?h?u#8`Bj=sSiJWoLe%mJn?y_PVjWJsJ=RhRqFT
z8!P%LWM}d)<8|rH`4^MUvtA8c=vylkzhlAeVHAf9<d87;U1A1FS#RJ6unoG&0jC#7
zKZ+nRFyQy1tGw{ePsn?d`URNKFqS++v;5ZqV`M2u*rQ<(SxOZy)n6+sr}%Y>?5g+`
z5lFdR3e2(rbBd|;cqT(~1q<yQMM0%j7w_t1J(Ra0ZWpSZ!E(wW4E`L)hk`y`Al-4X
z7b<t<CqWmf4zG&Q_xXB2-;ho1FQa}~NBZH#3`fr)RVx&ga#B?`YjN>MO2O4w><E3i
z&Q&q>3Lp#;1?d5Dy6_N}DXBYX&h?eaLiRp`ppJ=`u42qLpe!%U5n=vTzQAcm)v$4}
zZ<Yhsl;Uof9;9Va@TRY=M9j`oAj=t%yoYTl8@k}ifNy8PcC!<>R4psabpJP}hv%&H
zXnC+XdT8?j%!6cKslDZ^@uY}>K@oII;{1?PuHDnq`&mz-=w;TaKb!f_x7Gt9M^YNq
zy-83e1&^2gPuRnkluG_Yk?d=K@A<4-C=t)D6kIHNE3K02+rqtfsRe5;H{kE>y8lgu
z#qc|CZ}Hjt|3Gu?)#gKrdlnn-KH7265Bb<@(5hT)t?a)(+Jn%2;WjEgB<~N_DV+xU
zJ#Sg4Cy%m0j2h?p-rQrlpLDfd?K`l6_GqvR=)a-gpR4~u{Tt2gQAazHUv?dunj`!B
zL9d{ZrhEm>DiFfm`8rCaRd$6vSG)ba|HONU6&>W=^PRC1)cVJER8-$MUw`~&|GD}@
zRPB4$hN(``FN7UBy~=2DLU8q-<2hki?^1apY9BT?{-7KB8M+TTRPR9?e3uye?KcN_
zza?UqPTdnT-n90;c-Hp)<GbeCH{n9ZSGbir-!bcy1RQ1N@s)2_GJ4#ORd#&~E!l#Y
z1im)S=AT&(0;C{CObx4hVNPp%VNP43dtoZIg>j=lz<}Sit8lcK`lIN72%a}V-KZ=m
zQ7x_mt!oWfBKp(WmA|Y=RI8P*L3P>uk*c~3_y`^1J(~D~%=LK;D<ipB;cToJuaum+
zMs|HA2{|D%H7*wY*5LtLky=Z1|Icptb+x=stL4l8ME(D2G&n+B_v)a5o<`8{t7G?r
zA%FbLm;0hE0Y##CFL0S_JMr8anhv1K4qR!%t)W{_|B{Lt<q99~60Pp3M0*fuMZUxJ
z=y>KtW47kX@5ndt)`FF?fZcw9b%=^*ja-orRhm2q5A3F^j5IO#=P0O}4CSjmsZ_|W
zN~p{x6MHG^Sk<Xt*Kq|}O}<4_WXYA-ak2X`&F>ohXgKHc{Y&K2Vl}%HEx8KrL^>#G
zr-ViSRM6$uxbd!Ndbd`w9lK#%>sEo(3wKGm))c1dGJ#beM=O)|Y~bti<Ayl^=@=N8
z_!d<6ST9^2T7x{nH+)UrUrQUQGZtH-`?u7+TiSXucfRR6e$X?hT(9o>5d)L0tp9E_
zBI#mX#ur#>uo4sYo9cAsalU95m3(?la38{f?|4lXEsBkw=N>7hp2$bJ3bm2S8{*WR
z60v*ha7UZyJ=MDK9*|gM?PTLNx-{HhW!&m%+DKP0Oy9Mj`&*QKKvm{LcJ}uVmjMGS
zN#W(u`9V1Vc75&U=<ZO$?+E+Z-dpT^e=Y8R(&o>9Q~lTMIcNR*Hdp`dhWevrB>NMk
zK*u5wbfLcb`XkK!(Jg&VcR0d0Ye5k=Um%755HuVct+#F*?n%Mc<zVY>ICtyrj_xVB
zE~b6o@8<1W$=mm_p?$k~6Gv=n(!{wi60*>SuDyCigxzqnUELquw7s46_G<kZwFmgv
z5Mh+)qeHpg{5{*+XyX2>kHm7n#JOK|9R==Zdur(@(~@`oW9aMKbw2w3xUpIK?q3Y_
zefcV&Z_NO^rcY}$P840A7dprjl)6z2bbKy^OJ;c>Sl?bme!sczkqd5giow5Ejcc2t
zA|NK2qv!&kONhl)4syPlFjaD=N}sVD(*TaCO-juA#0BG<s^Ux7Lim1om+*boEfycP
zEzt30<Plu0gYgb2DDQ)Khj)bbM-Y!BLBDz0;9R}^Yani5q>ryEbG^=ecgWg^{sIHO
zW3)oX`EUOjU7p~I4iFXUeI1sAl$;GEA~%(T#s=7UBYMA#4PpP#SG%D#{jVZdXII{u
zqg|WmN7PBQ-G5@U?~-y%RJP)7@89jOkI;N4Dx;(OuV}NJQJ)4y)IW$B_fOGjuBX&}
z*U0JY<1gybO?p@5#L_7KXFHz!pTfWGl#X8vBplz_*-~lH_ZMEW7|j79^O=3M=Ke)j
zAlrtjwQ`iMyc-*mzO6N^*9Q_li^0bX_};q!d?&v#;8X2IzGK?#UZay*na3n+z387_
zF9vN+Dv+*%aj2O<<Fn{7M?}~3`hv0CFM!sWvhQ{Ym!tQtNVK2>8!eY3k-QALwET{H
z&{P8Xat%gSR!(~NCVEdMdQ$wdvo%id-Pd^!BzhYYJ#D>v6TByF9-A-X=?)^ve>ZvQ
zF6A=i_Na%hQjHfdy@P1oBD%r_H8lP<gukS724@;Q<=k1lU0-C2<YiK<`aOx>`ow}a
zMSn+U_$yYD5#3)t0=H*ff}PqPq$V_e%jQo%{m1*u#Q1nT=`l@Ue>hxgIuHAFHM<&;
z4Eu@LgU~CYpRBU>qTgPdnP(LPx0T`rSD0+vPe}O>9<SwFjzHRloL3tiu$n6FzZa(J
z*%_kiw5Koki}%9K*<duxw6nsk@xUlE9jx(kesryN2O_KlMec5AM!_Zt4^d;o+9Bma
z+jrFJ>vb{Wnf%?GjZ=i^Z`Wj&P!6!w?l=ny<{yQ2*{GO%5{fb`p7dZguQf1_t?7g?
zyy^Z=;ktyw^@3$amx504E$YbHx8Vx9Z}GZ>jR^m!;6o0N=<qk$`o4BcjC{G!`fq-K
z*Z+jM{^GeCaAy;JXd+ZF11s3I;8M|_@L5+pZIi8kA6}{Q1?F4QtF>judj;=6zCdig
zmsuP(=7Q;;rSSTHUAA*3)xRy(|J&{1B%;H&+rK^nkh8R7q~4CN6CSS<EMKqP8T$6?
z85b8Mf4hC>wF|d*wiv#}j<9^4FqHD`4t=|Q#`^_}cV7Fum|U;1%szIKhpRH-oxS;j
z)q)c^41&13&`7vw8%*6Vq!_sy<fZo(i|2BZqPJa!n}z#}uAryIU7^9RT2Y?erOpe+
z^H~dDv09Ad<EMNYMK3@ymX;#oCY1xL_(sDu?4lQVdPf{$V`-imxMnNVB_U-6jh5~6
ztvG3gFzt9ZbN%=psWaLJ)L>=N%BL;pgK5KFnDTQ31KE6d#R{-cW@bqK$I?XQ6z&}W
zNmpJEO|O~VC7j0RIrPpxWJfm%)MeHs=$_qpN({(bph@XjuB)E;mgHmE?C()&Ya#m!
zEZMHBJl(J?2WoF8yu3IGiqmb_QprCH#(zz`MGDM<@!z#Bf^PrXt+i04{0uQr02BEM
zkAMrKfa9tkmP2|$hTEUrL-Za2Td*JlYLw;L<GBh8dK(K;)Pml-+)$84k!<CG9^uUf
z`IJu@<(UzDH>VU_g9O5@K5f|KCpn^&EAZT1Hp~Mv)6ff%ddfhc&f#lGo*{jn(&=-N
zMxWN(fIP0Q&+JyIa}ZBL+$8(2rfJFTy3{EP*?X`&2R87lXL*scq3+H4F|*V6hc_DJ
zov<`vPD84txC~UMK*B6|RQG+NP8AsV03@(Up<1-&J3@xB@NSad6NRH_uMfoZV8Wg7
zL!u}(;YN6bp8*^osQ`E!5`7#TeauuJSr`fvgTW2m<^oT4>T{?S{Pa0+8mi%L5r^u)
zj?;P-vP|n`pXe)l-XD@>f1w?Zf+@%Nl?w47BZT54T;lSTNy;{D8!pUA8`9UJht;|P
z6d&Pt<udTEZ>`{a(_-O)n#$oJeW&D4%7w{2kk!tfo4Qw2Z0&9h46x_Ae(-oi+|zZ0
zwsFad&B@9_%Okn2pJY7i#W&QHd-}<^qxFD{0nJ)FSwRcD3#2t}MFqL3<bqu=6Y`C9
z@UxQ9{d*Kr1U_(X#woS6GhD;v0pKrqH(XXKep1g{J)10tj!ri85a#R%CPTSstyB$V
z@*N2|F!V3QtCB2XP-+L}UEJEjZo0(0-l^`2{F&HVJNwx~3RWRsH(8Iwt<iYCs}1u$
z&N=T^5Gq;zr+c{hfj*&l2l8nk$0`RVpmXMkGPnoYY&UkOi>$(^3hY(r@hl~STDnFK
zJmz4pTxnC+;BbkM**nzH8TOP*KtOtD+AW?tMCDQ3Wj-}S>_0Wr^RTE~Cwi-ZfKxNF
z{0~^LM(yc73ij!2UafGq6_J>8WHPE!S*GohbiUaADb}2Qa52{<{!vpK3BMQBN1sl^
zvu$|SVfgnTA1QM<zy@DWXNp53yO9?tw7lDjh#ChAj0ccl_SmB-s=n{w>AHMBcYfNw
zZ%B-N$GsU!nT&?kkaE)Z&G^&H%>H98z0ktpeyFm{OEv8}=NP-^BpoYX&=S&kC=5F8
z#pjXG0tdwl4DIT=BD&v;<HPyr4ZeJ6R~PW_-&jkzH*_`YcQNJ9H<rJvp2{ytZnpds
zwfyHUsQi5!c=<&!<)@cvU!dXtQkjxtCPNZi)(JTw+o8>$h-E01nQ0k;gMce4z8d(N
zP8T&nftR4!Stf0_QcnSC=RwX={(M9E8O@Y`=(6*cKR>qovbtu<ADxR!%#yNI_k4eu
zFDq-%?K=iEZVD2|ud&9{rLQ^XtE1oSI}y>2#c(;S6=)l{8Gs~&tn|-y9T2=jaFcO=
zx^%WbZJX}sOs|EBT2@aB<4Fxx{w4ZE;E5#kYN4248CRiY!hNy13L{G<BB!2Y3$`Xw
zNE^QISoG&x&`JRlYmn^PH+3K=U+Qfqbce{4QY(!v(Xi#g!nZt(F-rm3XQMoT+MC?p
z=@h)^+#y#xkg<mx@HjyPoPz38i{1X-PL@zZ{v3%PXLpFH^|Gse>gDQ1gijmx1^b=O
zP`cqA5!JE>;uENHJtR6#2}Q;Cmjjb+GM<wu0NV9-3eT=+j70Fx@M|K``$1(_fn{0`
zD4Oa9@(3LirzCHcjXk+BkqAOgB+OU1kBV@A8fW3LY(o2R3xm?r9*qZwTMo9lN9AIy
z3gQQT$oQ)fJm|-4I*dCRjne5&xuA#21t~1yd8;KCT_&6hZj@X{1+Rs;z=K@yGktLg
znE<--6lZ`918fEcs1%BKYYcEo>wLbg121v0%c;k4lL5Q41~*RQZU|z9PpHFNNjL)r
zY;%wu2FtD;Q*Vx8hw;yGcIaVX2b`*a9Wr9s0q0xgQfN%P<O)w6Aoj=Lr`|V+EAlP5
zfv2t5SG>I=ohi^>zC{FE{cKCqeirP%rw#olDdA8z!#nk)$C(oDp!tVxl&nE9Fv}+5
zVdz7&-@Oqi!uEYd+<#`;H+1J1mTu_TE}B1;bD$k(v;{rv`g+c62fHs|CHvs(Vk=2k
zrIHPYBoHXx(^iZI*mSuu)A)UN_4`+&-?zmi_zc&dIo-7QF_KctUAte7kd;cnA!2kG
zVkjkdi7C<vF;R9IEB`G>693F)@Pfw}UhhJ^v*(zYx*EfC3HY4rYH(8|6Uek++HBO}
zXNZAp{ARwo-~F*A#AUguXYl5+M{lwLfhy>*<`N>-8i0uYg887GFUUpj*w?f{KYt;!
zY(UP+U&tAY^g(~_GTN=<qffu0PxF^#TYo@z;f;Wzl(qaVGL|9GiQs#e6o&`4XVLbP
zXrvReiz+?Ul0Q)nJY{uzS6fAI*b2HJHlR#$ZJYWoG)eH``at*%zW*<ONhsGSKk}E!
z%EnNEwm%TQ1qKlVW6N-58U#QA;DSH+4w{x80ZWLz{RQrisUq&#g;83v;vZO+o!THN
zi6Ok!i%q+VL;~q2_1wJ*!fvbN&vUTPQxYsnMfs_&K*E=ZNra_kEjCm}^HW|?`CRgg
zj*!1+g26{o+7w^UZxVkAzVP>n=fU^O>K9HuPyK$g^B2``n7MwMuQ9oa6C;>oPo&rH
zMRmO|n3Ejmz?7q`PcNAA1E262@CchGa9y;kLp@I%)nb#>=qjwjN&b^ja$qTb7TxH8
z-V~T)NGJL%2~}y@#CJKzNw;RQf-4#{d(jZ`0@_!blafHDrYK|uL7$9$hp|mt)cAa{
zh0H3=XQ%v#+c%rr#;7fK!kpEGy_(s8QOmkm3hoDUXx6n=V9aCqQcJ-#%WNcLL6rMv
zFxh&rRZfah#WLD7M8Xc0{&W`8SLWFqyPeS<-`s&Hx3IK|0%72yia(P{{&#JR=H&vg
z8M8s}K9TD>CU~6~3Xzswg{2u{V2Bk@IzESbj9XZ_9!$N~E~sL`ln`#c!?-3MXKOO<
zD#!#(=nEDM7J+hR83~JEZfcN=0>X<5ooqcVTN@=**<>tqF;?7A+%~EhRSHWJiigu-
zEs#zi1W(ARz>SBjwBdVr1*#r+T<ZBLsP+a1TQf`gW1~nV$#zH-GLuT7I3Bn?2Wx-{
z+j+56Em=7odd8?<png(?2Zbw6;p~i2zkpKKdcI~^O8X))j2P$`yj@Uv+|ce~LZBT~
z*9*9c*Qpc^T^CW$V_|zd)3CpDp}(o0LmjlEjEFCf;&O^~_UrI0o4YEB(`^|}ai}T#
zaLLA7Z3}&4y#JHuA&1-!?kA4c58E~-f@g>@8b*FH-!Dq*{Tl@DYxp&gMFz4!k-~F-
z1H3vf3dNH#YThenwEF>--J$UjLw!Xm8Hml>5B)c*6SUp)h=H?0Wmsjv;KQS9AT+2k
zR9Mf5p)g7oeDRQb8On&z$p#~3kRVqWYPJ<)|DA#V05E$6eM|@6Xl#Ub1Ax7iV%Iw_
zlthICuWkrcwOgS*E{i^9wAUZ|w2$!zj@EZva4#*)<fh@BK@mYcqqQ-vY(gOb1HB)~
z2KLSXkTlSMR#_OkuU~fY;exv;B)ehgenhtfuNLK|dRT1M->6xm`9deh7~&h_I4?ov
z5XO40|DQD0CI1kI)PG2_;B7}22-9Vyb~=-kogRVFc#XlHc6}v0hk*)72iOV^=toLK
zw)797z@vClDfM%Ts#8y6@zxD^9$k3u4vc#U$ncO~ihA5{B)UM*7Tce0BSq9si$gdW
z`!N?C08DKJu^|fCTSe<O(YjGmW;yWmJFscJFn1Wro25xuujeO4^#E~YMDqi=einRl
zt!j-M)Eaxy(phfd|BABl6dPbvPb_8`_R+)lYxsTI*~Jl0f)o{&(@_HZ3sb!7;@C$?
z4Uteb^3jUucU!nYh2Lf9am;2@K~NXZa;S%|9q}bP#S8_Od)h_UgUYSEv3e(I@=8*M
zI6@n>IKFy5SN*iRL~qbaWP+D#fjU$ItrtUOgyI1a!xo>})Fj$Hj`6lY^-}6+_~IvR
zsCsG=EedOIB#(->5PX&cJ0AnK=-=msFoZB0c$ppBFZdcDBZV2Fw<GvguU5ym2j3c^
zgK$S%ga2Z5dX4ULmz1Aivd(XIkl~QJo{e?U+<85jr+j`8{gas(c+{C@ps;dOwjPoF
z(?GD*%EItt;+!gqFS;ng_XTZThdZr+CxYygBpw@*PmZr8Fj9L5JH-BjG5j_S7&}ft
z=&7d5ZHpg{!;s_Jd|a3&EG@6i8e&Zme6P{RPlNm$jPj3`2I_Ir!nw;hR<_^-VXcq?
znN~Xc5lXOX@j`GPX~ndbP-<<~aBGU^u&9*FspWXu3Ei||BFSKfWZf)UzY<}HcstP$
zv16!QyYSnGfdcL-o71AVDwvf(`c}BFAw3V%JMn#2zQYBVsN-rSUp+$JKiaA=g?(yk
zh{VdE53QQGVomnR<EC({y99kFBa$hsyh8CY2IFZXe&m_Y#cG0$*BwKKIzl%^)Jv;L
zbaHz}IY{%dtV$Es>ql-hbDVxm2ZD>%4M-5g%8Bx9xRD=~Qg-89Sk8$PSdWtJB=BSw
zohpVx!|k<Pd<NcWQJs<)1ni>PD((sK9<X_<;!IQvZ8eu*<PlFc6|(J&p(|FB_G`lM
zV)T5rj)*9sl!t}^EdYsURTP1(34#%glu7WlYBZJ<*Cb<4bbORvWaq36T|=Q))$#aY
zE1do+C1rDHeJgz?{4+f2`mUsG<*IIUyC_U^<RmeBM9j+W)$H8|X~14>DR_V+4h+ay
zz1-@mEAH>UVx>);wp59WT=#No(0E($_5QV<Z)5!y5k3iKG&5hu>ba-{i2bu+DBq5O
z{T*C?4v3&|t`nZS$4b%t1)m>@<c>prTQ4d*vM|~ZEpN~)b~o@{hvjG-)9S|8q~)UX
zL{6>dQy8Az12bPK7km{KO-m1Sq?3J;b&G8MoX(l#J4hJIt_s16`TXs%DzfXi5ZGkl
zRVj``o!hldD8A21+HkTAb_E7aO|1kq7nrtEPW?hGKOIL)9K*Mh_u_e6_HZltF#g8c
zXr9P*RSR=>Vex_6Y;M053n!8O2NP8=mI+Wr`IakBdfX%mNV1MrB=EHUnq}DfTnE;N
z?zaeCq^`3>_00;7qNmCKLrv<hHR(BxHpm7eH8vm)2%SW=wv?byot0cutes_#GE14@
z+l&h3I$P*VO)rgViJ`7ga4F#mZ!+xXG1O0M<-F*)BU)+XnED{UrU4b=TH(1O9KKOj
z6^d^|mH3G>=J@DQ{GmUeL7lXA))>8IaazSM0T4-mP`fim-BueE!gK9oOZyJhT<aNC
zuZ29b7ZSeE2^`FoopAkyMyk)Q58A@$<H_h_tvz}k@n6+vcaA^5KKtQ?>$4?I_1Wcl
zG5T!ty6lxWo-LXdYtmoe*7Vn1sy5i!q`xu|hAm&0MnAi8UVgxem)0Q9_rS5Af^&{h
zjcxN$qBi?HLv}b0{}db%JtSqLr;U2DjF_!_Xu$S7>9a#LeYQ-PdlzcSRL$q_KsC**
z$NpB+V>?=T&G8m^aivL*C1d({s6Dqw&3f#&=h0&aq8^*uXz;(9_1Q+t+4b4?f2BVA
z3ZL_BXV+&R5d%3ke;3R^@&XSxYTr-2R_)|acihiN`mM7W{npW}etY<gQNLYp)NhrF
z@b9A9tP8c-C)%spY$Ix{oiuIs7`~m-v{_t32sK7$&o>i{7Nb8WSqu!fRwZ6pyV~xt
zR}HcDg7>)E)izI3mGug2wi29k5Y?VJ5&Yki>t1$UPn<5FjGLIHSc_{428n@DR&T`S
zf%#<4UP~rsMMJ|gNd07(_oVfrGVh)gZ&^-BVpW_mUZ%3HxW;pBNoUbpWmWMMEUQYK
zh`E41(J!<4m%vI_Vi6dV&s(nn-6d8+TPk`(Ryi;{A}OaN*IHS~S({##3v+UzDo=!^
z16sO;rM=@YBWiY;8Fg;qr83!7JvAY_xXiN)5`-7a21A~fIGJAoi3MGw`@xplTH>dk
zgv^X%p5yQzWQOvJPR=Z}XJ*_W{Hdb*hDzglLK!UqhZjwZ?%RNA)IXH5JaqxIQtg>1
zZ7U*fkaFAfwf!HP^Gr(0ewP15Lu6H3lIN2h?7>ITrQIK_RQBo9RtpP$i@l8-3MFL?
zd+0~paBw3Xem=@R*^P?iK{o&<pRSGdR<=cNWtOHVSF$z^ieVo*7{5Y|kEZ<0CINco
z$XMJAICE!gyeVB;%Y0F)$sTTB&GeQM%<p)ANI{x<gk#GG^)XcueBaYJT<tK13@Zhi
zxRovJ`)?wVEPht@;&1TWSDEJ{+>!*kHHf-NcINcpGG{FrO>5YwXRH>!e}T2~Sm_d{
zV!wsEavx5z;l=<&0gOD-nUr3OXs5nbk5^BCzLSg^i>I$hnihI{#~j2j%B4AHC~W#Q
zlG55qAstb_P=ma~XW@hJE-cNqxJ$B=!yDE0T=nJ(Nf~Q#S7lw6YzddKx7*rrgV&hZ
zcpkofx%vF$1@Xh0zcw29Vf4c~KfL=C@WaPDjr?%OaU(yx^R3Pg<4&HJAI`K<`N693
zgMR-&t{S%nJAIOA!6>HBd#h)?H}1hcH!Z{*vGRo&Ic6aS<S+L7R(5y?_B(aZ<vV!4
zzb^)+<F<oRR`!?1h#1T+<Mgc(1KAj1e?C8iRVTy50`fDGmx+slav*z&7?`<C9Dht!
zvWp~Pah<5}IQfAg$=WiOe-M)cvQx-~z7Mp17Cs*>c@G{#Y}UqH<>V+_n2O}#@%?48
ze{5+LPTRxm$c3_!Tf+YIBrcKVmf(sH)DVLYeDM?}jV-14_Pg0LkVA6qz5^81qI-nm
zy(Fi1%ebVbwuG&<*#K)-$We-G+JW8_Iv(m15Aw2$=-mfZ1ygc|9C*|zL_WecNZ#*{
zfo0pLAy)}u74zJY5iskIT{h-UJd}E;oEjDb`HRzQC1tl%9*L8c2&<?@hOa`-mAnx;
ze-kN4mgY2Cx&f2BiOF;Icv`fl>J(mug0~)wdXEC#%nxq>{>S{p|6fv^KHz_4NOE|o
zJ2-?mKUcZg9n9)V7q*1|&faNd+#}m`f9ctefS^2=Qh&g+ACk90D9lpNeiYn@gRUeA
zm-2DBRvB*}RAsw5c8_VEVXrL4aog|N627!FdcNb@#+dUR>d}xpzq46X)ZxFts68<g
zM(tmJS{`A0TG}laI9^{`W0c=-Pt?b2LjjD}r0vG>`uD@e@p}4eeY`ID`Ml#bw<RC1
zIgQJs@_XSnU4DPIC02eL;+NAIxGf{_dQ)hI<iE|{M3x_(o`A79UAf9NPJY-&w4Px7
z8Y4}lc|Dir$uaToB&C)mQ+;qu58uki^phyV>DDNJe|E>?w0;d^2-uVPr=cjXLs6dj
zIBsHqf>E5mu8Q+NT2VOTwt8GY6$*#rs!Ktpurwd!@JJ^&XhHHOfMGHw>YwEezyKTv
zF`zm$VhS2heRca1YPCAtwUn3xrProjjS(LFbd5;6_$j2`QS_n#ll0kZqwUYR{%f4!
z-?Az@3HadCz$#CjFben!<d^UNWR&lP6Lfz0aw_o4wk<|}c`9t=moK*I{8IGedHLls
zJLi|H8<v~pJI3r+XLgk##+YQh<agUa$|vCY_WpRRQ{{$0$GNP!Iua}BUp<SUx1hU5
z*~SvKpqy_+p15gqgx{1U(KjUPOW5YuVR)jb)#ZIqmG=uJe-g+ukV^|d){FiQ22n2x
ziwhQza8+g&nFRe{I|+J{^4`720LN(Ax(=^&0bD5N7e>W=35of;fI(+Mmycb*K7NG6
z{Ct2dfF2-6#BR2Cs;YEkFJLb{f<2bM0CS<NFO^&y@A1rlzK7b(7nS@4y13ub7|*jR
zxDYl!D({DbtltZ@{Sqn}hm9n8Ur@w_y@!OoTGJHlfiWPR?*vTCkX^Haz|Dn?27bpb
z8m#d<c2jrEG7@d|E{S&S9^A9U!(|<>Ym5yHs`1Ou(O|eqV(J<(o??J_E~7o(N7xP&
ztmf#qG@m?Suj1ij41i2amawuMBTP}uux@=Do1E85-H5Tgnnd~gYeu6MUMzi@8f_}B
z5Qg7rcG{?4<wF4#XA9uU7WIj3C66E14#NsTb1<@2FF{nQ<<x35uoqYzg{@>|BQQaz
z8&*PAK8LdBs+Ab{mjbB7G^~WW{{=%G9!D&xCuC(q6j82gBL<*b7y7y%VcEzL4V*^j
z@$N356KvO-T0`-$&k>Jqc0;@|9$hpR9Y#H?JbN6v(fu0LkYL|?R9Y^@W-LB<x@mu$
z$QD+XL7#-4?A?g*)(q{F(2vnv6Kne#n|NmdHSsAbiw!jua$)%XX2RE!<4fiEP96B=
z_(qxVt?&@Oucs2efBXu3i6(pxb9@TNcc%&8x#CgpdF_8D9`*d!enC9yUi~OyFpMz@
zIQ-085%YN&(|E*yhv;64j>}6I>S6z0oucy6!_aUx{`=EtKb<$8a;vw_6Hob<#&`V9
z+j@<Xv>I)P2extlX=A*=bH|^|dfON%aQ+nP(T|^`9xd5_+7xf|tmAXlpZ>LYk*ofu
z#fu#Hq}r0U*peiw0PjC@yy(yV5~Kh9()f>mGsS;=lE;6X%;P_PclsB{TRiiY5#Mbb
z-(-%@{VVXjXToRY_)<8&<NJO&zOg2J?@uOt8=fG1Zy-KC=!T+?hfO|g_V4Ti&2I$7
z!!9}%FBIec)Y<)tPQ?{GoLLkhPgY!JF&H)(R=h`&hdQG;$P_-zEo5!T3S`EGC7c(F
zPT30jWukMjC*`iid!->yc6DY^qt#8DOfIVN?u++USi@bSU0huA)JVKtAbn?cdRcmz
zu(YOpZ*o>iS@}Lk$v1ZiAD6Y*(4yKfq@W1T(}13~?0iD|UU(5Y@)hd6m$jZ=*bKhx
zMrRr>TI=20=q<NV>vnp-i}O~-Y4^Qhnwkp`HF_&dxkC4AdN&qDjd4>AAag}L5=pHD
z&u<Ogpyw}+e1aKQaB^gAN0QM(zji-oEtN`eV|$8fBJ{H<68hfYZ`RK*88343&URRY
zVz<r0JxTUB+6A~O&SJB$onuhb8|GLQZ$U%kh_KXAa$9${8k3cvu+&mqCioW7K7bL9
zl0lc_0%y_m?w}KIjK>=~=^oOm%<k7AMjK*O=+h&s5-hkib~SrSeNUwKAbUuCw^+F4
z!^WryohU;U6RAog99hEB9z`=QhoUB8jROgH)OE3l!9iq-lgd2EQ8g&VQZ?xEYeX#s
z3mf`VyoG|L;juMbaYPqeAmK9lRy}DgDLEOr%7dBN7@wQ#_6eQ^Z7fnSCohhW*FhFh
zJG0Gde~jY%2haXhZ5Q0k2HASZ%KhjUT;;&l`$zM}w1XFDKnk0oCUoQpY3!lVR;rX+
zSlJ+~#GhLBQUh5;tJ*^*w~})=%TmAUprN@D6a05!_ASE7H2j#|3tuUN$2E6<RncrK
zbh(JD@c!|5Op2Z8Ru^%XWH~Pnxs2-*xLzIT6#2Oe??ia5$^>#^vXX~?J>V|`{(u@4
zYfrxhM9icP@VBqZOu;w0u@-(a)nB@yR%Hw&?`}k;<c$-9Ws@FT4CST4C`LbH>qO!x
zIc@@NSn$@jDmc`nC6IrBlNFwblD`)x|L~u&J9+nDS3z&);Vx7;nzeWowmvZ3ir%8l
zA7adoQ!@9(4XLpahXDum2n}pB?Ds?ag7!hgpNLmiqI_j!*cN!8*lj-noq*+#^>mg~
zZ{$IKOlDskk5*s~1%$}7l01bxZ1{(0(T>F2je6qpjW*7td}%f(BXr-H=)MKo%n{`G
z84K#?$rQ#kh{d28&k8s4<^Ur)LXVr)hxPV<fS+RYqEmzphMik47u^9lVrW?-XTl`p
z<I0g-E&zurw~YyPZQ$!ltMEo{))%n_D;BO<WYO+A_ErEvGC4gI2dF_Rn@m*lQh=k7
zF?y&BqA^TH4C9DK1`<^c3TBSu66OiomJ_0z<CS12|A*!D`>Fc7M*aQvhviMrA2urw
z+iCJ}yVW2MzZk*WjR`0cReAVNHJM%wLU6!YgkbRqvk>%*Fbly6>bq4Ff+N&~wyF>u
zJR(*Iy15V>dEx?uVD{1Ih`A>!1d~skO$d7UuzKQ;XBUFUk3@0$c=qb!O@v?zZ2jEZ
zd1G2?(yKsCXrl?i3AZ;Df~9qw|5|B6@D}x})*71YZf`0C@2qQH2%6+ux8wiG^6izw
zQOXYElzseI^YZP{Xx8GV4f5@$MMn8H@hgLTyT4iacE#Zs`6l>i^H?C^$D`+yaR+~h
zR^rWA8Tas_W@Ox!FJoogvuF7F6LhZ~S!P6@N#1<epsiyY<=>*S$iFWQ^6&QM<==Zv
z<=>Yv@^3y6ip#fA?~#0~{x`_ChgJF3jd6K4SN(ln{e7F6<(qy!6;Eikh@Q~IlThB-
z$rev1*`MRU;Ny6nfXOc-9cCgdlfyD}SXva8XYq6fnCLFb=;0ZLzz$Jhn#Gd>z#jNv
z7lhTlq{4g=Piy@izet|la9p->GX_bqxQnJ+QwtWsPn^Z`VfZaN?|X20bLVZlo6p-$
zd5NF5Ejzfp>3Lt?eoM>qxBsPcwEv}Zwg07awEx8mX#b|Ow!iVf1-1W0-u^uYOzm$v
zzct<3%jdiIwE#arz`yw}IgT$qEXn8MwU;{OY>=(0)Ht&08c0(HIoYR>hBiG2Ie(rr
zOUdlvs}X#o;&sLiW;(C4@cEM_KEG_7_=4<dIXdz2QT&i>)c^5x=V&=<0Ps`4*)mQK
z<7xJD<L*QhjcI%W91-q<OVQ30e)5u5GB6?|4Mz;c*y9=+U+Of+Tr8gN5gS0?58Sf3
zlO;PHX!(pYlQjeq>CA>mv*4dd_zoO4va><>KI6<|TLOtxS`W-Sh8;MlqCA6hYhd8B
zfHD^{rlF|$JLXl*0nDDk3Wr5)0<fq`K=@1;X0i%0*a%1vRt|7ttNDaj$7UZhS_N6o
z3GCWoF=oM~!<x>B;xSx8sZ$0|VqcB0HrWz(V|?tEFyncDK3~4Ssgp%qjvY(1RPtbM
z&&!0rJZ+X#M5h>N6AX31O_qx2(Bz?#H$j~@HSwp3J)^keljbCS(gb}AC(enb!pe?`
z%E&p7>T~9i(13{XzAfm46gKgIO8?7vhs9xajU5&m+NhmhjIa#Mt?<KBzEAih*EXav
z5%Etn1{ZDVQrRk*o%x;@RJ<CeImnd8CzWwl5w&If*G+P*9vT?%7H=gF>nr5cv-{u1
z8F?ShHUZh0MhiY3K)K_kL}G0`Ly9aInr=LAr0d^<CBu9;F7%o@A7atCK4Rn8`5Y^0
z)9mAGY=j#TJ3?uZUs~rye>2sYh=!+!*_AIP5^1<G8ARgbg$^|QQvAbJ{Dd43_u!Rh
zRWBy$^-c?Y+z_=-S1rIHT=f>s$Ly^0vBrHW>p6eTOf2dWZ4#j>;`edjq`c--B*NYg
zC!tFu^u%616HifpE7afB@Y|fdal!I9CC@C6Gjp2C<7;w$p*%i4#4L})Lt^Fe*F%h^
z2+HH&kf<%f<?%;D&MuEDzyD?O`0xA7@;H0FK^{L^(u_R*WO%GR&Mq;@<5By}^7zC$
zgFL>dgv;X=x;#FZ9W_r>dAvE>WT0fQ%Iv1{_~;>{fr9e*_3Ri6<+s^Q<?*sZx;!2@
z{MX6j?&~g09{1b-Z;{7a_n77Jl&{Vuj~DJ~DvxJ<cR}*_u|2<99@o6lygVLSdOmqf
z_Q{8X&nb^RZ!{;5cdh!@<Z;(G&LWRrdj5Yz9<N-`ygcsv{JG_E-vuO(?N$FydEET~
zm&bFy;qtdw{oSnoZv6)3aXz%SsLNvY5V`1o!l79R-kD$>bkOwnmMmStAa584$~#l!
zkW3EgVt|aXc&?EBk71};=g`i$VS=$~i59dWF!<K3y5DYQhQ-qzL$o1|WVWe9!{IyZ
z>Cp82gncaTdcjq(SA(@id;KVzuYDT+JMMM45!yAe8GE6f*<Kh_!tI5Q-^A?S36`-7
zqDS|Vv(Y1|q*;1&lsG-M7hC{6D(77&J(Q{#dX&sF(PQw=3!=vj^Ef@6J5BW9kwhrA
z0ma>;YlZ#yCRfE-Mb|FDTZuAyX<~Nze!OzPd)hiHgYGcdK^xo0iPmg~WL+(~wm<Vg
z^sEYQ=f6wzk4+Z+1rGJQ+0~MNR1c~DsI;j)OX4K&kRDcoLM{mdb+~p-y@@uJE0E~=
zaoYP(YS=F<J*I7<p9EM7zI0b*TP$}qiK}2b=kD39VGe&3y%!ytpjNF+t6J#FNR$20
z26~VJ1J*OrqJK`Z;5`nRviuly#*LL39QuPr+eblbkaZL#9&dO-(gZrvovcV6D`+t;
z_RK^2F+8_YhA2FD(>X@}R0qZ*Og#qGv(5fc@(%$*4N04NTb9C)HUNPnWk?Uanf(F4
z@2#?l%2YgWg_maW!=zLH0yPW&Lpz5POD63+l0Pv^snY4`*+ykU9e5vXoub`0r5#!f
z|A9<-tS|)?kJ&#$+Z-rbhpd##csfDZ&AMEjL>H&TSH)w%&6xW&c>E4h0x7zdPz>3j
znf&lQt_Je(TKBz+I|uMIivJPEs#HrH%D!aQb0AJcki6<TO2XI!k2qKdJ-H`OPNw9B
z0a|i8Pfnra@Ac#!Jh=xYuhWy$cybygf2=28#gj8Ad4ZmMHBZi@WJOQz#gj!!o}wow
z@#H*8zDrNG^W-s<oTVqX;K}1C`C2`>B~PA2$({A&Ry=t!B}e*e$*p<vbV_D=avMta
z7102}_UjM}hm>fLf9en`hm>lNKj@G+4w<h(igZXkhb+(_6LpA<Ll$ZfS%)NW$Px{5
zgAPgLkYySqS%+NAA!Qn*@g@y&35Qf`ko`L3QV!XmK|a?ZmvP8;4YEXsbmfpe8sudi
z(v3ry26;w@q;SYF4RXH@>CPeb8bs6~mvab(RYS;iI^+rtv1^cyI>gB#4h?e3r9rOb
zkYo+AM~AfKkQ5D4r9%V`>7ha1)gcZJNz)*|(;@9RBtwHt*CFjWBvXUjqeD7yh^Rrb
zbVx@I$<rV`bx0=;8KXfQI;1m)jME^s85*PuhfLBS-{_EJ4w<Y$Dl`b1GpjD*(CGkW
z3lXAti}*41WYd-=wsSS8hJiMd=HOP7PDy#4Now)+7BLebw;@CkMR=6>;~03%=8rIG
zv~lytN$_|xf1C`D1Nq~0c<fJ)w0M&YWqfcezLwA+4z#(B15;>aC(!AtZCwz^mp0m5
z#DQt*k`E{?oqjH&uNUwP7Rpdc!#>dI0EaE%upj8HbUugGa9A0KeZyf3Icz0|ZQ!u=
z9JY+Z{=s2;IP5bHtLCsjbJ#Hs`x}RC=dkBFte(U8TPY1QrG&;upv@ef#m?Vm@+`zr
zfljY-n1jO};;=jpQ@=~*uu&W~hQoNyk`xXb%wgj=>^2VT!C}2PY!ZjLI4q6BI&j!z
z4(rZg860+cHo>NISPKrL5u%hDSWKP2SCt|MF8w{(A7ff9K9BtYzbWePuUehaY!Fd3
zLg06@`a7Nf7E!hMV@dR}H2OF{`nVwaxG?&-B>K24`dAiytd2fzh(2zQKJJM=vgqTn
z=wp5K5t&7Ov_~Hu(Z}TIV@mX~NAxi*`j`=Y%#1#Y(Z{^#<Cy5<xai}g=;P$*<Milb
zk@{FwRKmBGg8jF?R@)!dtp2qvlj~oJLEJTEQo-~v@CNm(he7@NR9C<Dy{W2StHx@o
z*Ww#hha4r}N6CX6Y`!V^9-f@c=9rQv@Z=QsuqpX&p4@|tFeQ)Y$!TnWDfv#GoWZU%
zCEvx9Gg(_x^1VD+WOX+fll$}JJhsP_Jb)*UVQWpv19|c|_JJw+W}ZBW{n3<s3s0WR
zicQIxJb5~M%#`e=<Y$YZU)Tr}q&J7)fMPBaqz{MS_+s5mkiHy(!;K}FApJOG0Ybv*
zMo0#S;9z7MO%NA{;Mimzn;<uF2o6>Dx(PCzLvZ9WuL*K1hu}bF51Al&975r9ZZ$z}
z;}9I?td9wDJBQ$?XP1~DBRB+w0JEAPBRK?R0y~&ygyeGwiU{_V2{MX9P-3tTO_0$X
zf&zrSYJ!a65R@luwh3|vhoE?2511f>I0U5)8)kwG<`5J<EZqdj;t-TYtcwYf%^@h7
z*qQ5%kRcp`l8Sw2g5+=r3NE(R1Q9s|<rrIRf=C>KVvW6If(+#llydB86J!{NpwMIY
znIJNUpbTU=CP*%akm_~q^}73CR*KZ=kq2K^^{=}=A^od#2I*gGrZ>^Qo}HoVU)~wI
z{`KMvUH{rUUDv;Ar|bGxho^M?t9XV{;kujvC0u3FV5+_~m%nk9sZGfYqpI~A{>D|N
zHou)=RJEStZ(L>KZP8V&9aN_ht}?axVY*S(n#OZ-m8nh943nO?x6r70`Dd8)#ImKG
z45}BWkx5S+Hp8fY70hTx|0<bo)W6=GZq&H`Io+sZt($Jts<LJn^{62;jGB`;!>B6_
zoe|ZJ0&Qge#<jRM!}%N6+uG#uH?FC*xt+gp-K@<>{x(_F_xKyvzuJtM5!D)@i**Lm
z{lBDt_5BU$UzuJ0tAG9fQvX_48@+EY;oWPD_h|(ZTrc*p;9XkXyEo$fXbGwC&JT|y
zu{PcDWY*EKp}#&^%lCH$%a&Xgy?-mWoB70?>He*;p~s&zU(bd29b4;+`=M|bP}eBF
zYfH{?pV!z>*CzNVQl6;P>F2uHoq`3gGif_k^4gp!+C9zuaJ5XXW%t<7&+C6y&)o*g
zwnKZ=O9)cbn+Nu=k!_K5P-H8U53%%Y`JFsJ`=(K?>eR`6|BxCBH*hcH>!t+}s>*R#
zyr-<5?(Su6s1w>O#`AkM>9uT_r7@zOVa9s9m$l^?W@{OG8Zw|ez2oZU_7`Cof9?K`
zIY02A{k@%rmF;3D_m#zgtQ?K>^=GDF1UlazXq7k1IS%8HPp-;xPPWkEm<-DII9#rx
zf$eRy3dIrfJ%IAfn}OAXn(oJ=d&QA6kzD@(XRdz&d>VMvnI|icIx}UZUbgP>w8-^E
zgyLH%zSsn3G9IrN<~?b}0IUsG!FQ__&sHo=D#^mn80HZNRoPOaQ7Uf{d*P)681Qy(
zM_NOk;LKb>(WL@?T3z1>_f4`TcA%7BhEg%?|1yEvJJLCc&fG&|a$O-&$bQC|Ck0wN
zMAyk_?PXUjq+o!1SGh13$0FjHgm|EUG%=9pz{;eEe!J+}C=_=ku`6SO=)i|Gc(Buw
zA070UafJ?rEAMp>w+zqG&?2ntI_ODY^5eJ_?HQ;eT~#?yeH|ye>frS{d<~W@XovS-
zJd(`0EnW*4fLAkMCmPnKF-(#;XEpY>dEaWTZ@=KfyLW+}p?3^%_Ha!V4XDiY8g}pD
zGZF0TOp)JXkc=;Re3_J0yoqb06EMCY<On@TI8^?mp2tPcHrw&6-MlkrBB4f#U-qN$
zM5aSX&2pxN_R{@}$S$(7mRR{-$k!}keQ!fv_*8^XfvBOsMdLyQWal`#-R21KCxv4Z
zmGzMgp#be{9au2{YT)^BIX*vrEj*9;=kf^q>)Iq-iwa#&qGV0DC;rzt{8Jd0Kn(ry
z>7%Cpc<)hDfBflD9xroZKZ_b4U09m%#_#p}laB1}VZJ}f2Qb#7NWVYnE68BJ|1L1_
zKFsq|5vqZmvggo!M}Na?fr0npvgyzTR+Q4e*S?IszgJRz(oSPCJWC)edx7^>a@k+O
z!l&s9m8j6>=P*gSaC`i?{{~t&y4}uJHpzTfOnK(~!!K<-Pkzxqitb<kYrlH+eoa+$
z+SNUvlY@)2`(EnVI&}$9yXEB5vgMH`<)3CB)53h&eErk-yEK0j!C&F<va`VpIh>sh
zKAOWF)lK0|>Yq_<sDIm-`nNu3{l_(f-&p^Wv%%H+FKMoRhIn=(nvFXTlG}5K9+Z;D
zXovBi#KYOO{_b={^zBr`*(G5(ySrmUZG==WpE=Zqwhm{``<d<$)Z^Jn$4^I^#ItJ}
zpK^*7M;8xJnVnuMt>S8prHGf~s+=_f1M|%i{RJSB@*Nn562rpQiK*K_n2W-#>qYNL
ztMD9M<%<C)tM!1BqHC)#w;U_Dv^`*&y)?R>Z3yF5Dfr^86tdAX9d}mPvy~&Frg0X9
zp2GNwru?4UvWsg4T7+sEYVO%Zrz4^F8?|^J6wsKea$@Skpp8>NN~jmcFK*AnGA2{N
zwOY@IF|pmkZ#Exqk$;8p*rISA4DNCLe4;tNdhtM-`JrHp3qC7ijAyP?go-d&!^5kS
zELaO6rWR0T!M7KKm^dPO@V8!{EpIN~%dh9hXWBQMmmk0X1^l?YDL-C>cNm|aA0M~s
z@ls9fIMKw9Lh-Zo)lA^YTn8R1PpzU$5kKd#6;A+PZsoBRi7x}KU!a@kay7<WFU&>r
z#orG3a#3jvKSnHS2+`kKES6??vLMn-Jnu@+eZ-fg&GO|<OMx%{-V9%!oH_+VYL(lt
zcDVNbjvf~@RV73yK`ReA<S(&&`a9G804jghG{c`0o8iy!Z%w@DMPA%hehyyz9(nQ7
zC@;47WI5S0#~(4@A3WJ$Z@gFe^Lg(NUOvHiAF)5jI0cugyH{euNTG1<YB<}F1G>O;
zCeDdaK({Mmg5>0&$xcSYu7_$hI(P@#6@V6W_2<<GhDH>z-d8ib3e~kF_V%sy5%pX&
zg{wR!l;_olce7PxNwN3AQhP>g_S3HMvG$W%Q{%K&h8M5HWcJ4Rdb<CzlFsdH3SF^+
z_Gi&Pljbh<z?fNWQHNI==t`8I*%Qlf;~<5;n~kCG+VaqM({s(C@1{mW-;JG5q3^`t
z8l;ruIxP5pW8tTupyi}uJD3>Z;h!8tRM*jhL9us#&=@pclx$Hkih<nZ@cYKNc`xep
zo<9%ieY26?Z)2$f>o*+e{l~M!*9+Zi++S(vk5%mYRY|DE?YSPb(0vP+Q~U`~@~Tl$
zZI*5PNq9f9YePZixjD!c!$GpnL9aci+Ue+ugbclThF+LqY-CR<v~$T^Z0A+Rb}r$3
zbt`mC_^)jG$|OrO?b*ih0*eHz^5S0SR}YGy7hjTIR&+~Gyk8bn&<=&m@xn!ZeN<&>
z?EQswzxYY994t8H1bi$Me?Zhk_L+Wz;M<Qlg?Eoxy?bFu|II=-jIKQ)I1(z_cD8`@
z>{)$6xT8Eep6hmr!e@=5x9%1+DRBdnIKFO`+wkFSlR8_()H*0tcyEKa=~QNIFmrh(
zm6KhOdQ#f72QORoes0aBTNf&*5YZdS^t=TB-%>CEk-Yn5dy85y=~;O1DQ48~arahR
zL$^hAy9&p{TFiuZ2DPZdtX1%R!s-V}7(v;e)r#KQTg36Tq2cfu5mPxy*QsvWLzpS5
zfP~>nFw%WNC&_hen#k{Gm+FqC*YLQ7uH(~Mfib1mL-?#*^d7s#tyF-?Apv+w3j|B9
z`oeYTHT=3r@`sc|a|_x~LV67#gkhIngP|(wj^lL{P!2wvQ1L3|BR<KbIj2(Gv`-vg
zO%aN|P`;Kng_UxkAw0F%By9@8;Dt{&9l&d}J{LDJvBfc|?ng=42uP*6J(6qVluNSU
zZPP)~6`Yy?@19mrYI@CGygh*-5&q2kw<_U|xv3U=Rl*4Vlgoc{_>Y_a^yfc)_|NtH
zCzbzP!GA8}KVA4wJO0y(|0M9Ah>w0w;*aru@?=RlDJjQl=VH8?OizoVm3S|mrJ$AM
zot|M4ihrc;mIIxZz?b2x)qe2Rc-p#)2E^F~U&2SY!Sx1pOLjY<81EBt7kz5o&NYsX
z<&wX5nc({t3{^<BP;$X%Fd{OAmx6S!V|ixrde2I{%6Pe3SlT+yd(uADSzB%se2XBj
zZ>{G|Vd>48B{$WU$9Y~6KK8V2oTzwOHirG8|7Lz9^CmE3+XC-A)3RO+%m6WeuwG0(
zW!)&IZY>YR|0upiRr5U%;rpc1%iOhdc!OKIi<a{iCrRF?GAy23QGu!~8dy~fl#=}9
zyA^!h{<)l-2X=RD5&zKct}3Dr(Vb+Ml+29KW|+nOH!C;!J#8DHf(@aA6hApLL;na$
zTgFRs6b+n!B?!LNXwCaAQm;9r!o-tTH#80P?-7}xqzc7vLk>4y-c~OuYcb-Tch6*Z
zQGJ?F{4_9lp$nc<3dYNR+VKIO<au1mG4CE>Kx<*%BjhXSbi;(sFe{Xa<89A^Mi$wl
z##1e-&ny@UA1+frEC`B$oFvh^r(X2K1e6KwYG+u_5$0VA=rU`o#tFXm@RXfiLtniR
zuGaA7c@Bl@K3J~BYwrU1?8q)l0p^f}tZlNjCbPKqslSQ-_Jo}7f&Uou#f7(Oew*?5
zZVOjw@4_mc;UiveKL@`J6oKKt)(~GfnX7m^-QMqJOPjv)mM6(Ab`<ZN{=N6)EyBF1
zKveH{nL;sMn;``&QT#(L$PyY$_RfXl3t`x5pd7mELv`wT0>gdHbAI3lX<$mniNL!z
z9w&mIBxM`LqY(qwZo0p-MGjnBG7*3JY=NIrVQD`(kYf!DIis8ya7385?0q04_F9$?
zj64?Eqsd>WBwpPm5%br3_sj;d3Uw1(RAd%MrtgQw7Pj{u%=EO;_SeHS(4xY7WU{xh
zo$&nKfEGk^uD^AiyLKMu%vLZq`|+`fuAGWFsg|MvX~3S>L*`t63(2}s*(EE%a0ede
z$O_88H`s#rhqv(-;rT?!7`Vp@h-F3o$sxHKgn7N7Y~N0y_|TH&5pNh^J7I4B#v#sG
zjnrvk&v=jIQ3XF)a^4Dd*DLtk5~?88E;PmD(9Q}B-vFt~uF##BUW%6|Ja-S|4@_-@
z>Ua-bERL^&O38kCHC`|BjicyPM`50O36i}=8lUx&MdoDZ_^>J6=yRxE6@687>I&#5
zG^7tD7M;3Gm}k>Iw!JJ{k45$X@8(#+=1YnXg&H|EzFEwv5f~jWj;|EG&#cB1Sc|R1
z=(DY&bz5j9-t~dCT>^OnBO-ypjd%gu_!@CO)N?Z~#-dK-*^FA_YDeff$R8LC1&;=_
zx5hy(SA`Im3LlH98!*QGda7;cb`9?s#5=f=s3y+mz&>jI2JreJJ^QLjsgylp%ASZP
z{>Q7FkPxZ^#V^aRzcP50g;nZ%d}up@g^%_3YJ#s+-{V5d2)<N*Ux=4KoQ@NoTeJv@
z9tK2c3=BRaj$f-1!Skg<=9G8_qg=~hV$lB04!WieXcKw{kMu7sL@LLjUlrp8uy;;H
z$Z2jzk_1Cpkf-R>i-K=LJP!68$~?d(6qn&mK=W>a)B&KV{Xh2JH885`Y9F7;OvrHa
z3>q*h$XEwWDoUbYGm=0CGI&O3GzutQUo01C6-Af<lv{9SAg8BO(+VwZwdJ+i;#;k>
zRs<DDxMaX97X=iR01D?Ya#1h|x6E%nYo9YS31IE}_QU_f|3fn8oW0LJ`?A*B&)R#f
zwXdXKpR}waiC#X?A<G|UyPkhKD}If#L3g2DO2SvNv1FsP>_QygMEY8qMg1M?qg$r$
zBa%#<;*9#%Q&}&Van{fM9t$#+-ihoXLG~nj*_b>|ne<7bxRR!ljkRYfhu|8@LHw$-
zru#eAAzet2J#8ciB@xv#gI@gdzhcnt)w95$KnMq4Vg?Ob>#5b7Po}Fk{yXX?kJ-i_
z`uj^~en?7xNQ(UvJ5ur73;1JB`dIZ#hBVM0q%R?gy^`=sf2gPN+o+Godi0EV<i#WF
zMy7RKZrzQ`tN2pKrHe0*<FY$0OE_<*tdbUplA2Fs9z81_eUbI(kK)m0Ji3g_XaF%P
z8$hwYm758L)$6Y!wTM%fh*ZSOO%PZmjHxfgBk2`RR*<tJU(U|@%0ls#hv<<{Wr7`z
z)aK2|IFc_v#^p_!Z`ZdB_LtQAi|X|O^pN@v=|4OnhG`=aN|usyPI{ri)tio|Qe`<|
zmrr_~zq}9kj&S#&sK|D@)%X3+ij=+^|30OE;_Tek^puGW<fGD~dGvRylm6Z5qJRHY
z49hrNJy=2i9<7qPRl0FCZ8ZIxGfC<ea97dQe6SAvKE;Tw+X(k)soTBoN%Z75i$%&G
zmvYMU?rQ#h$t`mJ)4iB~-*SuesJo7Tf9~GIzYE-r{QHbsn2XP^6UF_-_<d!Q_<g;R
zp~@SLgYXUPtm7L_tM~?X&!=>%e#_k(^MAMtZ2YE^*gsC9#%scF0+sUwsKiMl{=_i0
zOHg?`9g&#tm&FMrwZ*)2OAPY67r`J~hzF!6if~l)hZRjxcb*lcomc%<KJVX4F@?SY
z24M$Ul6NnHOD^Hk0=7li&QIP=^J7bn6niem_&j)2R+nQ?&MlWrevOZCSIE}Zl8st(
z6BN6(RHIps7g@x~*#wa*2<tpd4}!|4IAGhw!BT?pUmsw-OY_J72A0M?tRtv=8;F+=
zyuSw}{Gpc9w+VbO!;w2}vO3g3v+MkTwZ+7-vO4fz$U6~S#!8duZa(HoyR8W`0bO~k
zOC3{t=(jJydYWnrSR3(#Kma{x@L8;UW;u>Fi>!6}BkLW&Tz=0XDfTD>KsHII=J?fL
z*YOOni74R6;OaN0pyNXh@jx5wSLSj0+;!;BcIUDGFY5oxZw-S`ZiGQUQWV;D(v?}y
zvxz*`#&iyxuMT%4{ql@HFRK^GW7br^WoK#$y9`VF%5@d#*S;k|n@kw_netqJf!;D=
zU54J^Hl@GRCZ1c!U07Y#f#mWxe@5;cJ<cWsL=*ZPOups+HI3D*c|y&4_s>GjDovN^
zXow1q0S%QRZMyy*&Pw_-vL@!HjZy%ziydanZC^<WVYdgIcW;l(F=ihQmqj%8%zF3&
z=5<+B*~X~;z+k^^ftw8qJe#KkaTI0zPOH)o*;hx3PDSWa`d=NIK>zDPL(2L|^ZQUO
zh#2QF)T@m&4wj`?B5dcRZ09|h2nr5(4o`j>5xd)+%b?WL8<E|EtB-e^Hb$;*w9{LO
zN*iw$B;Ouii<OG)l!dTCWZ&SDjg_bn5lBE;6WK!qvWErmW?!^!`WG}Ys4%Lbx^<iO
z3ogvMBT>OtJpsj`^XUvEh9~jw)1bnVRLRCf1hR!gIbz-LTCrJkB#ZtMq^?c>5}<Sd
zC}!EKldQ&?WpIOb_t#=YTJ@Q2)g{hFSjy}PLUWm}&~d(w^m?0QTUPRB=+JFabF)%k
zZN-^eq!QoN0d;5zs;fZ&D~g!)2>E>uU0;c~#0c=Zx~xXB^6Zk82FepqmK%BeG~3-v
z+0Yr^)&5AT+qCoL`u%n}ZXZbfYUARZcr8m`{LcRSmX}7iBZ8>8zy2e^??>9IaFm|`
z+F8<RzBTGYJUIVPD6xJI>U06sNd!u>=s(YV==*&qUH@}_4}j1a*;he4YERDxL~{`~
z@#D($Xj>VpQJK^!qjSHTzLYmHr%{!&*YMAsUjWp7?Nr=^AZL~r(kpLr-IO;A4QdFV
z`p@-$+ooS~N;KWyyrW&~ty$l!{f~X`uP57dwcYsGf|LK|xPSL}tLWc(Z4>}Klrl%N
z^1JE1J-_7s`}_jO`tO_Hue{~nWT<3u<GtGNrXOiObW+fC^n=scY82(sR~jq?J>|Rb
zuQ@+MTbZAK0>iS;o~XQzWw>rTkuHVTxz721a#cE8<-h*UOUE<c;bR7We>`j8EB+Jw
zuDjA~Tk$XW)?}|9$Bp6oKK%Rd@_Xhx85Y-{Z!zomeZSZC{jv1^+P3sv1Qwe6l`vzj
zbW1qnLVxDCxxTjo2E!$F>1}^mX%-uXN9Diz6H&Kmk&Ela=Cx`-ir5w@`V*`JszSw(
zm2ds=f4bS|yj~kD$7klGv{3`FP`IAsihO8f#`0`19=01knf@_8yT7QxAHTmN9E|q;
z-e&Pu&+a&mDr~b#(I#PFINMQCow7;u=jQT3YC_*G7VG8TWWk3`LcRzGO`-5*_OI*D
z{mPzf5xhop;T}p02q#c331O+FXxwV-kA3&|Vf@<=gP|nhhYPAtJRwC92$Y~)lsax3
ze4!$1tys$`NcI<Tg-_frMSo+(MU@m?#uvk-=(Bt=M2g+Y2RdJX*P>fOmsXz$gx{5x
zIk_0BN6o^=*bHYleIUGtamB^Z#t<_=XT!jhKOX8}*A{#WNW<Q!Wt6E8RVC7xSC%71
zJ7F@M7o~(Zuya~wlVbk`cw{|Ly%IJ)h{MB8lA`ks#P!|tU?ATA25&XaCdPW8myHBO
zU7D#bxpvJ#b%9|?yV#vP9}^XHnjpneeCVi?=%X_=lT?s}u%PA@Idk4KJKFHRrB3q4
zy*cRf*w0(D=Ib-YOYXRx>)8-P^Q_c))<C?hRF2<l#VFM=ynlz+89{GO(a-2PeRA5)
zu^|TS$f}Pv*3I#qc$JmIf#LvK`~H*&ttpE$co%{l^=s4bm)WJ*(%-E}y#cd+{i*cx
zXkF+l{Wrf`k%?Elu5dXfo_6|{U)jce9DRnDkBFd%Uyi^U_GkN2e2y2CD!(FlSf6Uz
zj}TS_mBc<d&6aS591K0H>^4OW-X}KlGv!>9E{Av;5}~?OmSSwb@J6Bz7Q9lf?5VO!
zv7y+QpiIKAzjiU}KTC0!h@}Beg5ACISdd_+E8%0*!FFO{<YyabB`#b!<U-1V111pB
zBfeA^O~<RbWVtw<=AyJ}ktW<`<kEB+4br4Zlpv}jSELgvC}9F62!|P2PA61R!gNZg
z6A4u!A>k_!2Apx>DI<^KhwN04@Rf=mS^SI=KNG|Y;n4{;K;wrT+dy0`Nnb5bUu{TV
z?MPo~#ua_KQG9x|oXhgJXcOwdZvP?!`}q^2De)uxsw30ws0_H>B;!X<8RPm!7YuXi
zq)Cr&00roW=^jf8v5nApi4~>TY9^q%9DNLy<VXXl!8^6yktKC2E(If-XI$Wb3z)cL
zVNCujOwFBqn%5ziM=$3IO@w$bt)wc9hznX3%~=R(75@$C$&vC!;|d{!e#WgH5ZTSv
z#P2>>WYI3{{4ET4r&O13eULXK@1Zwfuk2`wiB+k*hFE5&lTWQXOw(JH*&&F)LH89V
zG19f^38G#6739IQT*bNT7NwUyjJWXSchM&;;b=o{)q}i0eUtd96hDK+PpSC1R{Zo8
zKUat!m-x9@{N#(D^Tdxs{N#wAQ{(xkN&FnakM6*>P+R|kKzzV@N~8H5)}0nJ5RY=y
z7zP9^cEGONnUv&2#PsL!N7h?85b!RVue7ZQ9<4r&f$+jXF2cN2e_$}^%;O^&u^{2C
z-=E{d2>qFvJnCkBH&z$wgR{HTktA()knE4VpR*bjNo|U><Vn%rTCfu62#0(SL<=nd
z{`ji46ye~g6n33b)<8Rm%*-$7AVu%Mu4hX(>8be(i4+#eYW~`$h_N4C{gzEE*<(8&
z>ojAK2SMAOM$6iT<l(a<+Ki*Qd1tQo@IFgXa;JXD!gTz>^da)xp~KC7RBv<!)M<R)
zvO|vF3&OU$vAsz0S@5<H;p=Js`5cj!W;fx~^91!!$4E=A6oYAkU(I)WBdJ^|DuRjF
z-9hE+AiOGeuj)ikjIKjBuWQ%MSK-|=v(gv1qnC<~rumR*oNEx!&(+5_nSETi0DbIN
zN36GaP5!~oNN##(r0e*x*sQQp(I=ng&h{${xwD;V`^GlyxH!8Vp-a50vqqs(X~~{{
z_#}FzFu6N(UM_E={N`!iMxk<>&0UmEZFXz6j6t2Qr8+&#brRP2vN|7xn{6*5$_p6f
z#dCj4FG|bo#b*|Kv8;A!E~65ABeT*?*!LTDQu)o|w!J<5{6%fPC)V1rMG<MVDjm*9
zS6*+Qe{s9}<?ZTUC`S$xLG9Cy6fqgFM~oAbInF;;=Pzyd{*vtbkvLEAI7{f^{z$zQ
z$3@NkYI+WkL8BZO8w3Gk9qO-i5m0{aZZDn%_Scpk74jJ$h`i-S_)5Z)zvEVYTvC_3
znC<#1*Skc;VO>*C^=vsm^h5PFN6muVe_DWYt)W~Tg7cBAcH<1ni1jYR7U%r%HV~_@
zL-4UfjVlK+!i_LKQTHfu`w!z*=+B7N6m?G!Z#jt0rt_tC&wXo+o07VF#QJ6X@yncd
zxN`I<Ol+-kJnZz2#A$r-mn#VVct-@{FI3U&H(ZYQy6=G^%k5RvgA>?oXrx0s*}|SN
zF}zK`@k!!$VYT>uwpRSUuvq-Qyc9EUw-^ef+t=#E<CUBEaeTCR9BVX6JHn3_PQs3D
zw`Z$G>Ozb7eb&j3U#JzgFSz*j<;CLm<zl{lZK?643cg)g$3L-6{1b2FpM^(6`Ic5L
z&&fY8yZGm|;x_id##z2Ed=24|8=3-o5OT~{3lVjtU+oc88UxDL?D3MG2T0)j-4suY
zGUdGd1)I1pF-6l`-Erhfhj6J#C*%SZfam3F#V5mYS-o#ZKpoc@P$y~uHGCwX&T83c
z>Ju!{#yurwjRot`%}ucjsZ8ec+(Nptgu7Ok*{B|ao-!tmh4_e$c;U5-kCV@&=Ld`p
zhE`S=qFemNp|&)GVVIV3O01DL(3`1ujbU9miC5PS48|B5L%eX4K@p9D0x(Q8x6(_-
zpszGY=7l4?AASI1XpHo07-_#UtblS)GIAS)6%)f8Un+*zAd!`e1>uO%UTILsN<ksd
ziot(D4F1bv@Lv;yzfuf-%q1MY;(}`8AOb#L0uxQ_37AnR`(U2%FpjQOU(;BBTiM7<
zQ1#lcPqC8Hl_Yy8*TGBe>c~xJ8#q~=NSyj^MqZ`)@ii32Q!#TSreo@3pi5@J7OTO4
zPkd{z3=hJ7<{FbvS`9wI8oWY4lvsLGtHCU-2A6PK4*8XP-381h;`z!d(GQzg-CDTA
z;7eBjh;5ACnba!Sr`6#3R>4LogY^w|N*NNsV5^iN2n_a08G=A`e?>}&hm;TpDZ&2y
zb6>U8ZCtI?ZQ^37TX?B<yBLj7kF)awGf=bk?lvBu32dUha&$_JPt%G2>-b<yXpGQ3
zI6nAg9xO3NhljTvppTDc4^Y#&2FU1TF@$Y~#~6k)N5>oo9+r0Fkr@XbmUE1UKQhzp
zwEX8rB|KXD=`n*#zW5oGk|v<AVIQ#sX*&uCyMr;%Ch$_|i0?NL+TBF&$v?Co5A&?v
zOxGhoPxun;5)^(`3c=tQBgdmjN}3o@?aFWPXyqos8Y{{m2VY2!PZI?9hh{5nnO2Ve
z@NBg9vzC9C*2ZW1cf-=2CS}A!6_ZIL<1tg-o9$<tjI^x4jNQsJ_Oqi|B<(Ul4-=&P
zb!NZUP(?mE&=#l*Erry^UEb6-%yGyqP<wUet;3)3?6o{IdyV4R>wKEGT8w!s`K+)5
zz`XQnjX5uk=6UJL^t@Ec^Ae!;$x$ZM{#%VXJ)tadE=#R<wM{^2v<6T*dwZ5~_)QMO
z5#Scbw496T+5#TZ7XxE9`jwRTj-l~DN2_<FPgyT~_1PN?PU)4N`kCXCvjy%A#zS^T
zr4n#=;RBviG`$1rW6dkIiFKzjltw+|*Zq?G`K|H(?_z5np_P&OdME&oUyGQg>ILz@
z)mFdKLso2F&wI0b1;)H5kExIU#46V}+WhgJ_DavenNKP2!IP$)Pgq7@6LZ64XO@n}
zZuO|UI>Z6*7PfgNM7uc|Nm{30YS_zv>{D6-ILMK42W$f<b&6KW?(zh%{bP2Kemc8<
z+P+}KXE^`a=~Z^Xeu~kEGSbQCeOFQvy{)~%riOF2wy$g!{rZ)!aX6~7t)e<r6}nAn
zVTD8(I&YcBhR(ao+8R0=<Jd!v4`VyzeC2p#_oV9Mutk19V0|0*vM#^k6#7nlNVf4a
zDJ>=)oNs0k>!+`yyqx6UjP`Ny_T(SsG2-Ia8M|eXF=pyLN7~pIR~iP!LFE%~WX~Kw
zudoI>Zt+ETPT#8sGk#;@z1r{0&pTQd(K}u?ahBM`d5th}-b0!6oVJS{hCdjhH((n9
zgRcEPVx!&*I(R3c`nXM+|1q?TSskAUUEt$Y=YmS5E`44#>QX&DWtrY&)^knz(b4MT
zR<Yic<<FVUFURleMEX|xURpM?lN^88?WjI+d-(F?u<^$FegNvtkZ=U+%;vH^WeN4E
zK2a5Jl$MoZ-B?!ik|v}^_RrCFu-)ecC}$`2mqGhfYv_0JAvyZojNMChsl&S*f<=k}
zuZp#~3sc70T<#hDm1W;enxxtT8#=F94X3c9zLF+iNh%#IzGP$aX47tJ-o;kK+Xy=Z
z-&%x)RRPYQjcp2DAV=sOtKVaHPqq6MaJ#PB<oLZdyK2KeP&uZcF+=SnQTGSpL+zEy
zX@5~&P+9NyYzU3Tp+8s~CpInT#zgIuUs+#f_-jTQCzZLR=q|3vf7Ac6;_$ej8ge_m
z((9FOm$GL3+&wLM<L92hx(5{g@%5UGn5fdz66)Zs4!B)*UfGu8!yR5}8D=Q$F#@F(
zgpWfr6iw`f#ClNk-hiCedmDZhWmQrPVcw}{l223rVcnir!USEW?dEyizDFdzZtrbM
zjFw`#^dPwo=@rtlkH+`OYpLI3>$qt=4m)t^FySxRqW?4dJTWxNp<j{V8;nKDaHw;%
z+cQZIRC2feyC+wq^o8`V-FS~kufayXa!Rk?=n_5CQkDu$fDO*1>JzTe<5M53K2aRL
zon~OC8OPxc5+1v0V$=L5VeT@^g}!6wUy}0U>kr$gNhz%_HXGG@-R30I(~U`nV;sRX
zu@*#rnXlxF<ljWOOQ=_l&81#Rn&+R7b0mMI@1AS;TZk>m_-wmz;0IS*9y81?7bP@_
z)rgS}uD%p~)&jpLmW4zdZ!mEz08bn*4$tv}I*4DC-C7OMEzzDFpTWg!K%J>Eq8Dz;
z6fvJ(o;nV%7xU|wchFjG*op6KCFQF=UKPHRXygNvFX?_rNs~U)pd+-~n$>RHe_c)Y
z?~FJ0Q!wtgq{p4_lXLa=D389OIzv|(dsD2h8$DEL4lKImCxir)HPSLo46YQFv4=SC
zZQfEWmSQhrcTauPDg01KD5f9;{vzl_@TlktZ__ZBU7S-Kh~I4Y7u5$n$ED~m8Ss1%
z;C-%{ra5|9ihu)sHj49H4SszP`*QPkGry92vVy!HaR!wSVh5$zT~?eIUUE>5%y3vj
z7qjCtNr!H-T1CS9CK8D<QQ*CsoY`_Dc5h1TTeUx*HFhxc&oqY<WuB%fT6?MmBIN*>
zT#Eh|uQhIo?8&P>kt0PFjP+&grd)l(7ValsPSQ+@!9hD2&pt0%iuHx;5?k!a9p?C+
zu!oX*|2Zp+@uJC$M$}FB)I49wL7YPa9Rk(idZA7wP1>nuu2QBVF$9ZP&N2r93(BfO
ztMt!ir^g%H!o1i;W$L$P;=+J_mQl9kegl`Ok2plfMqe~{1hcxLvStJg)|_T`P@qfw
z8$)iTGnO>1PVvA7;6Hy*8{TXTYzax}5A@H>^G4K19eN^jo+@QsiTCtZPh(S8e~t3#
zy{KY(0sR|a+lF2ND)|)qHuSopJ-sga9`qV}1|My(nsHvT33Nd=f$nT>PoT#$1o{Ui
zP;B*pK%H#~6p`6T-x%sZ=s==VK1W5tmM)R0gfK2e^$3RZBsMhKOm_XUCOg4IOt(a%
zOVQuXY#L3H`lcM_VSxAbn#g`h+x~49-TsB?c9XGNk1c?yLyUPie4B8yj%|{nGg2b7
z4DUIMibWnYm_=50wC5L`LOsHop2w2QjPWe9(>(U$nQ8jN{C7S2B~8@_Fv0`Ob$&tj
zCG<k_Q*kaiy<oAPm0ml~%+RZtWy>@3990vGvhD2wvgrCTgRY%t(Dh%Ao!N&^A4}8v
zs%(2+vw-&WKISZC+<MI9fi2*Hr}*?|qW@`Uq5m<bc`|<pz4L<^ME||;uV6--2^stV
z_iCj%jlx)dk5X?hlvS@YpjrvwcakHm{iOMR*4k4SN%O9>S~BN7(PS#Uep|tK2<=s(
zqZzhs@s;e9<6S=DSz@)=M&B&Q^EVKR>yyS8b6cyv42>0LDUsG3S*qMXNU>D*tO=E=
z#gSHP_%m6ZL>1{Aur~NTUr#2AnouZPzx8|cfHdSF{WS%pA={0Y!ta>lgzEGYHSRan
zE33Ir-c*FBR-qqoNGU#~#81Ro7*P5=coVGZ@8rX#=)N(aRFEPyinLAH6;O%;$^=Ic
zE?dBRLEBKLx4P6CP}WP)`}qUwM)5R!_Vb;P3W`3%KK(YAJh1z>3k&J;u|g^Odt_F+
ze}M<_?%laY0~-AF6aPoGHEka%Cx&b?etAzwR&FPiZB4Q4*%sbQFTO-?;4G6wZjYOb
zL=BYg^XXw?s1cyi7&iSzwkPo`Yjri79;v=(qkGviz(b`-u~BTJ-@U)TNc8cs(^$Lw
zkOqjx8~cBZ6yUbqmG>PzUrSG}$I3>>Z=~ogK=$Z#Hr%RUKHf`mxXpVXCEw1rUz=qO
z#w+Yf3n{21eQ-jFa>A6%Jy>3TVKF50JFEpvak9Vq8fGo+5-g@H8<|smA{FXXJ<B#w
zit3yVaugvV;xpYY^oq;uo(emsUm*M}IIwC+*vS`bD|snwsEcjMa##RNx65NH7{^(#
zETzsMV0x#4<u1=)IgrTI&cJeapo+;(kU&pQTaiKxJYsTf@)5(h1@T<<KeHbl$u28)
zhnjTw7~qWu=#Avz?EMZxf%*&rqJ;25uj<}uD~xy!Qyi=eD4V5aC(KGbY&A6}stA>B
z75yb9U1g1S=rHOaZsgcTDcYOY_3ONmMpCjipuJ<@S|M9C+0!D;x3JNLZVklUZ~Mm(
zVB+Uf2apmaMT#)kal1p_tWo+J|Cs)ien|GTO7s835U#>1kEvYaFkX5mIObuu-ETd}
zws`Sb+@&v5r(jP0%7E5+)yHYl`H-PCP8MVH5NOpgZ1Y7LB{anqupTIBA{DMTH7AH_
zvFndj3s~!9k8O%Qpgcr;O}$(p`b~=c+QPkj6w5A{Ku(0In-9rKy<Wn)4s|A<Hm~do
zVulM6_AUr|_DIn$;I*c**y!UL2By8SFi4Yfq5k$s<HbL;;v+QYzCeYtO`ATP3XN_I
zeWU*>Z0H$!1c}%**RO}t$7U`Vbp26E(0^*?Gxz^bn|PaqwY2O`SJN7+6ul5abdTMy
z-bcuB4cjcf?sJWQ5lSfRYJ{q_LFwW~pUO7i9Fvtcc0ivFw;8PT1GbY4lHh%aWFO6T
ze-ix*bv*tsBK}bia10VSk@%JO14@!3@&%Pseww!cPLdaqzGFjpKq80vatEx|jU%1>
z(<yf`q2Cg>U#^ysYTo4Etby#DH>nTT5!_i1rAm9?U@9e|{~hNUP^&s9IHVMLT~z4Q
z|E8}}d6So>=Mx{6E!K?+C`a1HGptmnxxDp<I#(i`JS-zfp2r@|L4W1Q>Z1ix^bTf*
zutknFg?s5wTFw3QFlo8#iAdLSz?$i~;*6?Fa0<>y`dp6ZHW&4<_!B-?OCA<3d<A-C
z8V3?qbI^q6&dm4rPGAT%wASfYr;@-sCPfm4@q_2>X}k0r+SrE#)EN#oqr9A#t9!bs
zfryOhfJ+j}NB{ag>!c?Kp=R;0HAoB=`Ifyj?CzW6eSaixJ{V9R)|}aVHIlm0Po1o+
zHFQ^d283S3Lc(T%(7hJ1vf{urjP;&?yEL*_($*#g`l(QMiP8B-(ik1oCNh>|ksRho
zVhGfee@HkfVZWU|mq7iR`RwsVx_yvDu6OP@SIUUg@1%)l3np97IEyqNo1$Kl;V!>A
zu>gb~yAW39dq@(zXUiV6R0ap7#|?wFpZ5j!VBAg}r4JJh-sM*s^evhEz?Efo76KP#
z$LDEU3&r>`k_KO9;)79F2#rOcOT4yG-*SrQQ`=N0#`MXlylo*{^($J1<bDZ-Y&YT%
z^<D4esrj(BvzyH#VrXJYLG)NN{3lXZ8mThs>@ZV;YPi7L<a1F6oPec-+JooQn;u&s
zm{Xj)PR;d48XVePM^Y(~C9HESP7c7tCxNo&z?>(0WQP=Ua0yrE5pkn@d-$U9-e%A>
zJshI3U+_Q-q~s$Cp6QmEG8g3tGo=DTj1Cc(2u=Bn<HCBK<~fmp_<+L|MI6AD6o9os
zL~dxP6?Qpe6HZ|jOS0NS1%xKhm+C3E-_sBZP}byC=J{SlpZe=h+59ARa)PQm;ZN8T
zg0FIa$@$lXdNN-TqM!~)eH5#k{tmh!xzNzd`uqg>@Fc=<7pOXL_#*&bvV~8gEU8Og
zlI4#c*zRP@Vs=uj3tj4u%uG1Z;Dj^0+ph$gojBDkxhoStt|CAXM;5&-oJ)B|t#bI4
zX;iTx4%tQ>HIN8_CZ0#JJ+(y)m$quZ;2~MCidrGMvW^8o2qV|mEh6Bm_dB=;KTpSH
zl~ZEj7UsPe(STaEISA^%n&;trJJ5H&g$<18N44@Rgpm7`cM5Pu-vGaINRCfTiM^2%
z1joL@o*Onu=4=+nX9Sg*pE|Lji(qYWqrLZXe7odlOxZzYpAqx5!r`|Lb7VJ$*jhV%
zzD;zIUmZzZLP$F3va-nR#ulFzA-s*)%UMD9D*32v65RTF%(%)Sy*uv_bBy3`0+?|Q
zX^)ar(=P&KQG*WMd)zd67M=URKGG|ngx9B6^||WzbnXLj({Ynm@wxPQCjny*>8tUQ
z(b%#NrRWtYfryA_N425?4(iu>{VU$FKLMK23!q}XKapnXjT74~chdX;4#DD8rJCnM
zTr+dYftY!H^{N?!I6Lris)F^+TL^2;E|3$$cq+lDbdlrbqXrjQwBdh0Mit484hF{P
zHH&|S7OJ^p=!(kihs@{maftEqE9u!i_vuI09OLMsVsk;%$;9)C+$$&(Yh|&6;RJ$p
z2|7Z3e`7&F7>JZOU7b;5uA-=QVwezBhS^E`n*U)C)%>?hx#n*V;+n4=WY+w}L0t0z
z$XsC5eBvOk`Sn!uv>twr`i~!!segUC{%T&VF5D@TAFIu);bEdp?gCMI7!EzM(r};t
zW7dDZ=Wv|JYShMZYSg+{xKZDhbE6KGn~nOgoEufhr(PP3T2#)BdZ7MTs<wT561jgU
z7wt&C%l2OXUT0_5s|5AxE9!NhsMj6odX<TK6(jQ{M!hVeUK{I<WyRk(qkgSrM*Y?q
z_GqF%hja9{UY*gY6AIF`T`MOnsq9J2JTo9s(WbIdDpi~FH?Hi`GOp~4WoBicD&xvt
zj?6ub$__8%%J!tnGGB>$)+TcAH|w|Ah!;GZX?QCWgRGo{0BztJh$<Qtu%QC2FLMR@
z;mh>F+vRxI%jr6qIj__oM@()?yIxkS3J}>)ttgZ|Tf_Tg#cG!I`amk{$<@cwan`f(
zTc3>s#lph~nxj_Ib@D>Uxq-byV=#*qBI0==();@{`*@pZ#;}HW$)1zpT|!q@oS3{!
zeEY>c_t9s}c+6%M`lAY|RmW1=6UEl7{Xw$?Ez;Fy(QiIu|4o0VwaugU{KKP+=-T3>
z)r3Bf%4uicZN{769g@gbrE2c`H(&sz*leCb_fh>890UX-4KRK1bAr*IxF|3$TugJ+
zD;QDjgIFGlsd<7|TuDzSyb-#@Fv;~<1eStDrBIuF*iSAEw6Wjyi%}06-PDyTra4~1
zsP`(l0i(V%e335p8VuZcPa$-J=+hXyf!9r@siO(D6p?S(tpKDj0}4^>pv724;F=8O
ziZl(y+A7u~q}OM-uqmaqU|T8}ztI7djmQicm8%m2?e{H)%JreeT)p6Z-`xQM)%P_D
z9FNB7mtyH9-sf>oktNGMyw_tMZif_IENWCJYAh?ccT$S>_SX!4QFk@B+#@LcVp;8+
z6#Ge4g-p`)Fjw|CrW^tb%F4y)>gV+H>64`L>3`y-j`H_QA<y4Bmg1dn|Ck#|p_s!8
zg?%@cSz7o7pxw3Ov9iJIvILSt$Mk=U=XjQ^OX?!>dNoSB8KvzwZRpCmZImC%k5!-0
zWYa8RQdx0m<g^RQT;VGbGL%SC|La!94P_PKzUHG*TQlof()>a6;mCff(g3<hc248{
zaPN}3jQxT6ZeXh!&u*=5rx(7<K0+VI_7T>e|G$02_qLB{v)?~~(Q1HDKe2p1azs+r
zusgCZC;TI$J<A<pQku|y{gfWH_Z1WSL0C{oX_cEXiE}8~w@T_j%p9$%e6vtPi=|~3
z1mX`_s}UO+OLNL5YUwvjVN$e^RF`Sz6P3ATDo&I6rH15{Wff9vAukiq({DD3r`@Fa
zUyfNJmW@6g1F8=w2Utz6RGPK7cmZv_7x82Lq@CAPx<^40jI|oBi_3b5L!q<%k`wHg
zY;Bem(y^pv9Rl(3R%E7^?=tsYrDgrye5Uc49*=tiRt|rgkN2y%vbj`QLbds%#_Yf>
z9T+&)T_r`ZG!=-`tb?-=T=0b|Ovj~p*nL+?6T#*uP8rJcae(Xw?ErwfNTunJGTdcm
z_*!Jxc#3yA#v+HTtglq|YuDqEvLD77)Hjsp1pqrh#J{#>Uq|{fHNjgw)19(RKPJSu
zjYdcI?2zVLA#-fdpFBIJ`2rr)cs|w@^!-_SK0=%5&$eQxQi{ToQor-ZS?7ggQsI+_
z*sK9xC}frD`O~8CQa{%5f6elzryJ^mqlD%CnD?=NVjPRGOB?Y%+Zy8XW4c@pw=8`u
zzee5L;{&DzJ*PF*{=AtxmKR4~A!VWgt9I{sM+B93IWQ9&ZN%y@L<LI7-32>&PAR&F
zKB#v6_0xqUfnpn_1$9d93c8WURKmgydWacdB|fvB#6|Z%U4zqj%3qR;guW3;IONEj
z7EAbB?a1Uji`xAOdYx4NzS;vdVm1xq6Wt#gO;hw1DRwuAKleVmEAQPQ$0Ge=06kbf
zDu;?Hud-KIrVNUdU*By-s*kK*eI@-$F&tv@CNd<Y@wJf|4obO7VrRb8a5w@N@QgV3
zB;KC9OIEu(scyX1PE&Xn?WdD5`*z=ZHFiF7itEOb)-OUDlV;2}fR_M7U2y0Jtl_5d
z+1K4S+?ZX?bJQHtZ_QlI+HI6e&HWRV3+V9{7XlEjc7H1SMQ`dOUh~(ieXNu-`~=5T
zw%7zMP2jth9C0@ZtD7#a6lYMoS7sN*1e@BVB(&}Wt(Mg@9nV^{&J{V9)pfYC(v@e8
zH1By3<!|ZV>P2{bU~mqNt?q^)>v@r5sUxYbKYF6jA}v@`QWxD4{zpkl+kUizMLRzi
z`*V6Jtp2m{mgy>=4(}!QfN`pf^xWK&H;#KG45D%nQRO4BQK6DMaCng=oIm&YBcX8*
zhr7%@@smf!`K2h1znOc|8xBnnj@~rSlOhjT2Dut3x6@l4W?#mnPJ-$=B{z?rD7|v=
zzpD-ZyIbkMI$;0pMV4k@Y=;!R%F4N|n}BmVL{4;&qKC1zSpFJi>LUH3Gu^D>(|<N9
zN2KR~Ti_uYSvv=z_AQaUb@0*4T}Qc*z9dJA?hu%;*uaMUfpfT`rPRZgM3jS!;h~pj
z1bP5R9w-Iu*X4cl5U^Z)0XzK%;?Hw3mJa$u;*}-`(Y(Y55-G=}=OU>buVTM8bg5Uh
z_qSCJutav}ggQj(21gokqP@$j(6i8mUUmp-utySBuk@#rlUE}gKyr;5b;CNt7InWw
z<%KSr+ck9?w&CoSNZlMNfm(Ke9%SL|O03lIMiU<kL_?|M&cCgQy@%lAtwN4t8N5;%
z@E3YssgysDWSTU!Kb}mb<{ls84OU9AK}1h;PmFsc^b;ut(>30bl%De{4NC4{dZAvk
zd+QIu@KovgBf9rS_DSBzeyRG)9HrL}Zo^=@>3=9M()CvQb)c`RK@1$o=(%#-O7r%e
z7A04M92|J7R|ov>YUdJi=)b;(@-Q_xQ5YUosNFYJ6<M0rxI&%gc0EX!mM#`cpGL}4
zj(-9Q&)o+XVB~m*azMH_<^GMXtWtCp6*;%-Kk*`E)L)@nb-;^so7Kwh<LI86hgK?U
zy!D6e^#{73l}dBu0|%NqcMqJ&ypdK(=~Y~XT3>_zxi0)KznlI`(U(Pz4rn=-9Xm=>
zmDjr68%gz(*msStu8|^xt$fv6nty?~x>Sl>C9W=(qL+!Qo>C0-9(liuGT_9m==9WJ
z;gKfIe@_%uCPn`s=$gN$N9l9TYtT+%+AwzyVo9mFZ{CXCR~Ua*zw1<TU!q(6ZA!1#
z@~L*|>MpCRj8BsEL8x>j6%4tgd4Ccgx;vCl|L+T(r!>#~z(Hlw-JRh_=Y9Y`Ii>s_
z6bP#j0=H&qkrtaY|0sy8PZvr~HK$VPdVUHQ?01Wm+#ldYc0`Nc_$Ch6nh)oM<hxY-
z6;jm7=rGkcbUyv>6Y4S-)>kyoVf8%n{y=5G-dpJPFIqX*kEG~Ck^iRfHvPwtd~)-S
zu_S#LvE|5y)LOuAf<kpXF>8nR9ZTV)i4x-hn;B?3jHkoRryyZ%jq%haaCf2(WsZ%M
zb_}nfTqKiI+7Ip~4dI{JNn1y)LickCy6x^2sqDnXB8|Vf|1Ns<sqwXK@NI#tcHMg?
zG_H-IJ4pL_WfZpa^Vc&lsc-B6*JbMl*;7BcTk?8yy{o>I9!$A1;>intBdd262h_(&
zIQ+yFP#<v0p3nWtX8~#GAzq?@U7qr7$xdI%7cjcOQpQVRLJnI3*29G8I;3un+Xu<b
zgwq-V(ko2?YqR!Ma|g>!@jxMg8BI>)-bLIw2(@Y6AzxNcT4d-Ef4s7H3NbR9<>sTZ
z^vYUN?_}!->{4*RI6kY~$08_qP`@He1B(}{w&i-e@K#=(Lu|YpM151de+gEtCf&4@
za$heiQ=L*Sw9nO+jx-ZCmgZRKGdSa|C`F%0{(gLIb)S`27g<hGO=P9l2iIV~puCQM
z`n-4zzIpZk;3turxW-uiOXMD-%L;M%SXKJzFGdtu>I#?Q@+30QED?IZXdGImcCQW<
zBGqTUgSN&;I0sY1g7oroE;F*HPM*8Q(h>gXrz`x@(DekmhT%;mw>RZ#XIoE=dDWVH
zE=xbpy-0lKmP{?*xiwu&ZFsttAJHYgLzioY8+mgFiwFO0zJWO;mvbq(byI*6vAda>
zPgdcz)ySYfMpCktsBzVzk6*U<=N_u19|EEEtv0{%k=Q;~P7g2H2@vJV*b^L}kyZ|;
z@;^g<n1Ba7N5h(T)#zO>TS|6PIb0l-qSfWENa5v6*xn-j-lFXH%&tkFNA>0;Do381
zL~(NcNgHVH!c6_?{ZUAXB(342_vjNlb+)v(uQ&W@nv895W;Ct;2ph51C>!BU%p%hK
zTY%T%Lobz;y$Cpj?Nt(`*hMJXDl4BPdl>vS_bcR=BR_Yy@PU7x55vhmDZ0dZQB{jv
zv`&t6$+y6rUh=*r#$fLeQon*U1fTHy6Wth^E~^6`@705byZlM|0dpyz_)4}U`=#w~
z|0{G&W!(RvxB7U_RCo398$!LSkN1<JHb6}R6VfsVm2+7@T2()!$v(^xdT)r@Wxnt`
zUSqAfDa9GWyS$MTR&RWWbxwis+Y#vvLsI?Xaw>A%I{RQlj-`4=jwO7Rw|W*egOr-C
zhkD}F*B#V<2&&+hR*i%`zE#ctWpqnTRVu6lKYx9@jnL5qn}6<U(S_@I<H$!{xW9cD
zZkLr49Jl=Y_8+uNNyLBfNA{!t&I>3f%<g-fy6=Xb+<ilPB1Y*EN<{Y+qu;KNdp|78
znc5GX_CxNpLtIQ9K`-vLzFF(7(yEQrf44Y7>xZcJr~GFB4M~Z-;m^|@cp>zqv-h93
zdJc8q553icMF0Km5{zjJ_g@40?~Zo;C&x$D!40Ps3gV6&oNsiHKuKu2FZxAjj4#$C
z#lB=|;Hx_$XeHB!mnuOuvq{l%nhP6p`k_|(-gJDSOgh5qo9QjBnf01o+T!LMOY&*M
z{#1cKY>q`2c9@5?Kb1oJtCeCuY!wfFd^86Ns9#BhI>9*dC%hkm`gSpli}`#K6nrBJ
zK7gzHxD+Y&+$oXLOB5n2YeR3-ETn(IxZ@C2wbeRpxj9)TEIp`+$tA}64=cmz16a)n
zqHJ%}hgW(%GFAyM<LilH$uOU9Y$Rrawhn$<zT1yu3qQuL--=F@bQR^Z_H|>Sr$gYX
zfkEpa_UQ(kn>_|@sMo`_ySI7PPr70qnW5Je7)?I&Jg_!RID1Z}qn6z8Rhi6r-;udm
z%nNpRyQ!ny_eOl@_pm6t4J#V4ozxSdUUFn0X(d6Wg}MjP4scxNV$1@-kQ}RwAI0%#
zdmDSdR0_LqUpX{yXA8!5A+L%OkZj(uwrxKtEo*Dr`g0yz)z2cff+onytVIZmMcI{L
ztyU?mNby3;dmSK$r&~EE3|oIFQW8FxMHAc?E<%c(=B|Dgae!)`$U?0$U(}ABCmtEu
z=XGFaT2x)yPl`eHqsRS(8CUi69E%ZRBvDt$6ufsV!f&WVKueeMCz>_;EtoIl%jC%J
zBRDXp&D`KTt5lo2+Z1cJkyv}zm=*$ViPziL$VzaL92vLhh^)?9q^+B5qxST}A+9-=
z@k+6`y3E}#+yzTrRMDsh-jN7NKzZeOa4E@;#Wa7C{;mD)LJWiABUWv;S_Ji5I5z9V
znv$K#E+&5`{mOcO1QH(G^xByDJbJMxY>-qR3<tuW5c@2>DQ-U~X7;39zn3s4ft(pm
zZOmbV{Trm{5Vqj(E%wJ}JE{F8O+n=vzcS3B4eJUQ&yh<-oITVgKE9%4r=0L{Fqwcl
zs|I^mEijxt!p0!1&cW_8GN-^IEEj0dlReV=Q8fPqJ&zVh^WeqgS8sH_G5VrsEjOwC
zHPnDK-GTz`FI{jZRCp^T7t^=um{4i(FQB?CmgBSPWHofL3ziAtAFsyJk+$#<w?>No
zoh?l7botdTZdq~CWg!U`Hoj2rEKMI*j#J~+k##sZJ}l{>Ec;qzGn?kdwuFxn7I(>t
zHK@*E6Ra2$6M7>)Bqa~@5xI{fl{iY2tNIqeg{l!vP)8Ju_{rOiy{UV~9ETV_e$eRY
zO7|uy3hgOiZIL6sMR32HfX6$i)M|fZ9U=dbi=-!C;FZeQbe7!3ppv#z28akW{-y}A
zc}^O4-TWV+aYSa4h`?c|7x{t%vF&@*W?7M;ZikK_5B|iuMO@`WW4&;}^(`RkUJR1H
z^Fr>Tgs&FsGh@Aq-K}3D`~&pgw`Sf{CoVEy1%irbR;=KSZl^NAmZc&)9ygIeXY(8-
znx%2JazLH#!h{mr$}4#ZEqWw}SSc0WC95+w5xOkZCesst<e)YD7W!%|-N|ZrsV?&-
z+axRXD12$J8cF;)q_@C7^)jii+=cIuj6GWyzMBPpWCQ$k!CEc#pc-DpV08bH2K$8;
z?YSa5MoCtDi?peJj8qkjjQ$g!f<U6rXoKk!VDM#@vcBOifGz}rI+XPd9gEfl<Fl>d
z0{t4p&ateoKYpiGiXP+0JKJ%ZcC;?66YmnjH)ORGz57He#r(Qz>$GQ?#!fl-__o;d
zrl`6d1<al0S{$2i5nfF+XD7R-$7}9%P6|zi$b>BvjUGXZ#<MkXT{uZoOO+f6xMk9G
zR`6aBPS}$p`>2mdiTf*zAu33jq+byMFENbEmzBwItjwc^JB2*LLLKhWcqv+Y90rhg
zT9e(4_=kPr<0VCB@`CEy(y|<C{s9(g<Br4Dr<Hm|xA1o8L8CwPn_(=(Mpt_SMSK23
zbOJ@&q><TIVgT3a-SDA=uZF*RB|HC3$1?k()Mm_r`o*UO_f)F0z&ZZ<FFSZ69|*_w
zqV+c_Gp}*!|HJX{#OMv^C`NBk9*-Wo(DCTOBAg})Y?GSyZ);`sI+?V*?))m=au{#D
z#BypV58?LjGlV>VC3QI2fQE1n_0)C_>U6EF40q`FQE{~dzNz~;$~g5hFT40S0Ot2D
zJ%B0MPa-d%d=OOL<0!ITrV;vO8lhjN5j~mNNAfo0f$sIrr~i*13o0f0)29V6qiGls
z{D(Sl<ySt_A4IGP#a9EoeNPL=OSqGFI5X}yIGDQ>sEkj8m!chczcG&wy80-neBg(%
zFzTgQd19+{yQJt;&eTy@8@69y+94|>5S5Ao9;-;H1s*h^u5$f*-Nwq-^)<I!M0~cO
z+TTrTvy-hCiS@%j)ZtE+b>3~hJK*^yG)z`+cF1G=vTWV#_q;dxdcU#_2CL8fB#+9U
z;ULIqT6!4vpFxFYL&ROh_DMnNqezQA^mjha0Myk-j*za^n@?7k<6TY*+B+fF@9BWE
zaMckPP?cZ{RNB_A8{aJCZ?d7~42K+_;-pWVr57U8omR6>7u7K)Zr)U~B~q6|^AQY1
zrPxHCN<Zdc=7#-~*Dbmm7NA&~8{u|MIiOdX{$?c`^?BL;(pmQTf%t<mF9SLP>NNTr
z%yLM**WCiEla9&Dc)yNN8H`8NhhU5wzKiuoJ%_E@_QDouhc$dT41+enW2vk57Nr@F
zy8tnme$0S?i}4;|cV1I#%`%?cE`dB|6r?sK|JeR~P4#+N9jwP~hJS&fk@4~HB29bD
z#%QcNn^dER+4M@k+XjEi_V!{UaUvvCgrJguruRPRnpM2HUvco%7-8jEHL_Hh0Qtse
zEv3s(WF=fn$^#<StZMAL)bfV2D@1sF0)qtMbEL#Y#FqP(5(h0$!@`6Q;k_){b-8&0
z0d8SbKnUQcL<jvC5lt_+Ic}d5R0aj(50cck&nF16eo^uf?GK8v2}^qQYYc*`3IggR
z7hA+6h87Dd99|eurj!yNSNQAS?>07YU4MgTnnIUD9xfT5XAzNDXef(`r^FVfTwm9X
zUMeQEF~J}C%Ic4tN`+iB*fe7hz#r}mf63hmXgQhT&y>>Svn3n7%6kBOm5P>y`Q*q-
zbOwE=F?@-hvZVbB&LO5MAf~|TG44Y^IDj{TLLwT%3qY4zYlY3?HEl1%G0sY(*R;&?
zo0eIA(=rPe>_&EO`Iz}IAB%xyGc1_#Q4%&SUIBYS5<~H!g^8j3*~C!83~Z=j1vb=W
z{1%E@-3tRYj%^fBUq-cc5kK-fgmk(RaZw3G9ak7o%Mot*5gZ|`J}XY}=uDznJ382?
znX<#E7=f|Ee^EK3ULs5dDMfTWC*fO+pMVmshTqA+S&Qe~Bt>WEvaMFHL2RoPDh;aR
zEXmG@k9bcp9$d-cYxZk)i<n#CPW(8D%6nW87JIVdF-$Dvnfk|AWKw74C!d80MdTr;
zm1uk{5qA{CZAtp!rbQydgQW0v0rerG-uFPgro=xO>ISKCV2nY%AJH3HSq)le6YVGM
zgvt(j_D}l<Z_eruq}QVY>KKwU6PG}*y;_QGHsuK`xTKrZaRIYx2?PGr&f4XYO7)@q
zO4|(L%yG4qwh2!2{O)R@hK4WFQ#olpET~Q`Wb5@LJ2+gAzR_BjLlAx8RfpwQdRnBX
zo=0eLPlE6Z)M?MG#nMx+;A-H+MYAp?RgBUqB_F{e$=6b;%vxNjOkC97&ab0YGzK-~
z##E})^QCD2lo9w(4cE}OQEyTI2~KS^*F%a{a2}FeBnX_S;EhHC4zfgb=5(p_Ok6bk
zX<Ucn0rj=%S@9ION!^V%Cg!A@9RA|_kTwi<2rBOP6A}(8S7`mqZ5F8PsIy<Wzrd%=
z&i5&gIQ@xX1{)0{sV2BcDMsu4@nI%ku`^UNdlOGwVp3S_4-6{9)jSO2?5OiFwiCR-
ztKOgQ8I>>nyr&&nfrDwA1r3M)tQ4$I@RZ&Vu9Dx{*}eeuUf}{3$7FXDQrRCbn=jYz
zw`p5GH<uEn=(}ue!2+KkIHYz!@kr4XR0`gqNni=Ycp(1p+C>57WKe1LEAJ;KVtrP<
z(dGACiql^eUqR?GIc~p4R)b6EH$oVpzJMOPC{qCr<`!VkH(C(H^n&Wa{iNsthQNok
z=L)b|ac}}bqo6v+g>?>621e!}buWQ(dLI5Iuk{posP8?O;)CI*{4`_c(Szi#eV#|0
z(l5rH7PN52z|eq5zqk#lM3taUeS(2K&%Unyox?w1U}pF;U%0<O47;xy(ul4L^=+qw
zeWP#S?EINdDRzwReFLeY@dKw!ieEXMowvl>X@0qp;|vh#-04y$IaN8Iv^Rcqq41Nt
z-DR8Pw51=14=U60m0Jnf%psylg;yDzE=A|khg4!lQe2W<J=;T-ru}JO(%cE8PI9TY
zIc<03tNwi3El$q~r7E8Q?5vNF&8uuswxje9nVm`XxlZ_vcs&~`rCaNhueOskHQ-qN
z*QEQ<=e!;tHFO2(Px_=2q93&1&$S5L@HfWL4jfMASAq`Ig?<a^m*D`>NwHw0U@7IP
zkd+N`{f2It*&b!Q%OglLoo})BtNZhS%CICPq9xl{lKI*K1S+anU&wZ3F~&FQeM<r=
zSQVhBgaCd4hb|Ri>y%)%;4ohefRt4E+N6|-u8)O;@FMMMqCCLA_;f1``4X)c-LvOX
zd}f}DtM$;%9E%z>WG+DsDf(11yD_`4KoKCwt(0mV?uVPsNFv(s60Dvy6+jQYA4Kb5
zY!+0;7cf#|{L|8bn;-KvbDUA_!d*EQy|kHYrtdkKZXEAauiyZ2?6hSunrYmz@vzzQ
zo$SSK<{F*JC1#@it)j0=HU{GlyRAkRukyjo@evcT4(5-KSV(N*-s<<Pmm>ees!N$0
zGvaMt*wMvrOU1T$VRRR+K#-#|vEBI`pYmRe;(o$*cwOr?H(edSq1WJBk#!TWu$g?i
zmPDh|Gs+o|0!MU>56!_!eeaV1318@au-K*SQtDB45^JsIoGm9R*H&;JTrKuoNFXdJ
z*{QwvS&sQV5@Kz-1ieHETHH&~FJWc2`Lv+wtoQ?J?u!G8vg0r3{xbW1WCrXHM(30=
zT)39>k%~47BK!;xCtrK>9)=47Eu2@Kg%(&57`c4Xdia5uN`$bsgvHCMBUj9~tlmU4
zliDP+hZl66mnLJ`I_wnNA%&SZXz`hD=NlFxwN*8@z<S_ew^O_II1^gvJYMRY<X|4~
z9XccLy_ENIBX2LxI~_2a_~j%vj21U7H)8gzr79%9ij=QEzX+y2ILuu8q>IH8>G~=?
z$<aro+V>~v>u8|&4qw`$GqaDCY4Go@Z5zyXC?$1~^0n0YmXPy^^!EYQ{;=q|n0hbS
zm2SVe4!50cm|ynzumh?aeN;LHrZ_pu8Ul0WPjUg$kyO`uegTJFCcC7%zRGt%OUkA*
z0uqsYj+8IH4vmbiv7DoKzit+69Ni|UI)Gj~Ti0$dGrnMEta5lG`>axo%T^8q6`f-&
zlfu6Z4cPxRiLNz~@`nCq-E+CN_ZoF?z7}`4&|PecvPp`SK>*bGBV}%jw4nXLEXKLk
z<&UQeTh6avV-)s3e21{yyt}L)<_)kdd|owpu?RL!<y)OR;$vZjsdd7L*E=!d!+Eg@
z-5x*`eJykh04?+YTsj>=Sn~&H0wN;1hZFd5Xeh4}+8A54reF1lSFbQ%m7=?O>vcP2
z(t2iImtq@X3{}45I<rChOV9)?MWR6;^W7t`BioSD5qLJ+9`p_bP#3X9naHq;6e+*=
zx-^;nj$cRQ4JI>{Z(+T5bG&jQ(b_>mHZeGeHY`fsR%>Vt6|AO`goK((%EK5EkMBY}
zy3^LV-8eq>ord!8A;dvyMwU1@Xocd7b&S6nv3?gnj&ZBM)@-JQs{%(YH1nHc++op1
z40cJK_x`nVy!;b-PG|@yM4P?xSW2F|4%duiDEZB-WNB3<xk)5Hla+iV>+Pq73(Bml
z<jq;h^&<KHtmJ=WB~KCVFoUy__r8@$eoiF2vXVntZ}&`P_Fuhsc+-|FBUjcEj}1q#
z01Na(LnZwBYo?=OIsTA~bh2Uq0DqEZ5cXc$Mp{_f31V%n@y<$qC)^EAHGXxLLwiXS
z;-o?f4c#ZaHMzEy#u=z+rYqFlM|0jXlticnh3Qq>2`UWDr}X?;q>2tD0I>`38LJ$?
zE$}s>-@@z~=$Ft-S@cOQ+thZ;*pQR5v}~}f4yZiQ-6Bh?5>1uEtgg@nwJ;o#mJLil
z3LmP7k`~gdFY+m$gwIR%X8sq6MP8L)y|C|~SFmQk@9g#!f%p^Fh8&Bu>~?EVIZb)j
zh%a7Z`a{$7jTi%#bW-@M=$4?;8t#&OnZ`prx(wfA6A)yt8J6-(t9%yvYGbm-(CgyE
ztlowW2=u>P>^pF|K9swusqzjkm-zm^<>3pGSCBqrJ{FN){M39=_Rti+MrD5*j6XzW
z+AIm*V&-sZ*)S{iFaVdz`tdmk0jaVMTV_}JmdlYA8+0$}7tL(HGwakF2xzk^)ahA^
z5?m5cd`q>dhnJ@!E!KeQTS~AZc+pOO^Hy(UuZ^DhE^6{NZzFMT!&Vw$mEiMo(GGfx
z-o(-yK}}z+7Ni2?_@v%&QzO7l?O7`JWWGu7GH#ZYx7FbD*!nq_oz>iZ<{ro$EppK@
zV@G`^?>5TH=k#fO7rP<&c7r|7qCI?`-GUw9>^aF-rw#a;rzF$^^`Y-dv7^|NEc%S?
zGpXS>$3umsXnnx?xi;VvV^4Oy6n%$zeR?SY-dY)_*c1L8&iHpZQMZFddLmGCLOXK1
zjiB>l^cr+MuM%{k_hNN)l^;4UfGyH}fXj*7`SnEvpO@qQb-D+4<s~Xo*GzfT!h#xW
zFRg?N^_x#;tsl$ra2>{)L%~oMqYu!2&Dqsz33w)Ew=#4kH;*RcTM~rsK`HvD2zCA@
zq_B4t{_EHAW(w0z@-rTdEdDf*NfwWCB-TjzMOUY%kas#lG*@*rrjWPz)(a!VNcr7Y
zAzNvrT<>ej^=CM}qN9-Ozu>!Tk-I%-^7>D&%dRr~7q80^c1#oc+QbQ3%DzB+^!e?#
zuL)9o^KWfmKWq||Kl0@fbo-UJ(Fa!a3s0Hc@8O^P7&~|kmK$V6w#v(|@89piF^@hn
z6;41y91TO9unWF(Js3K{l=jY5u#%f@1%t1;!5GIozFM9#jVYd_R=mlb+LX+z#ilv&
z3`qrle72Qe@Ov7hg>}-hI_p}kmv}L}BR(`0A8rkdIVvxb$87OSuOtw$J7E3hrg+&8
zWNSiu^*v*G#J5z6_JF9M^5jJB2SrAhFPsZ%O|Z}?yCIz4R<7Y$=qQ5h;Uqt4nY|AZ
zgUVr2DSRad18R7wxsqP8llO!B`ISMTd@un~ah-PTRvVk~G+6p!apd5E<*DlFseaV2
zp*$#<ut-zZ_^;|A4;;C{uiW97+F4e*Uta{1-H{tes(GtV-5?4eYS_UaKW*3}X4fx@
z7+%5nEGtY#cs=pd4Ps{+rtf}byH8qnr7!wLcpr&jr#>?EFShGkST8BC$ji;q7NO|8
zZ*}8I0i==eu?RJH6hI_=LV21NybV4lmXjQM=d`^Y_6w;h4_Z+T;oYZf*Be@~oYP26
zLst*rCF@yB<uN<u`n@!mCrxma7%F_A)mbF9%L@vN2tRy4I`c9DE!_C@{%fYiQWO!W
z%>D@P%hZ6k>wOmedZe#*o&PIK@&!Uq%-L_aAOZfFUbh|Dj?pKWCSIyV@kO=rF)U1?
zAMgTP?(8dz1kx|$CB9N9QOc}ZDcT?RB!&a(fG5A{P8z_~D*eDNNW`_7wIsc6RN+{S
zXNbDst07Y9D>pa8qLk0(Zf8+?cCJ2`IW7@r4X?lQ{=zP;Do8ZCnuqM_iI2WPT9YMF
z;TRi!cpS;}@k&(}%CyS0;2Ddy@9$P)t&ys{G<)=^>GWT<RKHuj#HrY%*eezhhZZX#
z*sW4NX3?zeecfu9Pf9hag#!mKU3Ixd7_be~n5|{V11!`N(I-0!d;ot(X<5D-IKwMY
zMKa*o7pjPE36%wv{mE`ZE=sHFjpQzd?Sd5D7}nTWzEQ>@0MS~GJ_s|%L2wkZEpbZG
z5xj&lYpM1$<OOxgLrbh|DJR=<m-d0VIt@|QNXG8rW#4g2-dz01D;BKJ+A>os$CM|T
zw_P_Bz7P3}YfI(1Co3L%#S-59W;LM-_LpX-$@}*&PeC}sAupv>;ZE&SM4yF44NbPt
z8(e;DF;nJ?_A?}XRI0fX#v|%jcQMvf8)0@+^obmQ!bzfIiT1_@W2#<9<GmzQ;fG2J
zVO~Vv>wtAByE|ZQ;ac++mRWVpxlb$s<OT-1;QqT`oBb|qduPG7<{%H%QGF<bamyPx
z^mo;Y*M7%u-m!1FI7x~+NA0>H2kuxSYp6{ix474;<o=VMX}!OtWSbt%vZs6lXJfAV
z>GQuuIZAM`)|rbU*dWF3hFXvw*HA&0U5b=7-d{yG29y)wt~xArjb{_RDk*7gk?t3I
z$4op^Qs&B1)uo-pvOUq84xiTXwdhtC*HE1mHF;erZ8sH*(VKJ>v2s!7vdLCCKE%q#
z7{0~yy=`6wsR(HTQ}yD^qwv9sXcH08;&8tHc$PhdNW9pqj#$V<j~Bf)BiyLHGrA@G
zdB8Jnu@oH!u+m_6!?)6MIi$^&P^Gaw=~q4kH*k3-c?j|Wb$#-M*gCOO36D2&I|ccu
z;^p`Vx0O(vpd+?R)gEogkP<(Uq786F21P+Bm+W?4_5?|pRD>d|n=;g;y|GtNRY#&K
zDLRjxpZ9C-w@FvB>5tQ`wxkI>nCtyPQMSyCy~_cMe3-(Qz^LbELPLGTlF<_X@VAVX
zxVVXvZ_P^X_ev)Dl_n7{2@AGIR*&lVtYw7|z1xodS&H5V=f?@{9^!b()lcH#`I(0|
z<KcpK4~OC5vUaa~@vx!Y!!kVF*Y4qu@UW@f!)x*ILJ}7%x@8_BHr49Fb`KH!WA!jR
zyfE|da(ZaqufC5G>EW;HrQfV6dRtnxC33<lU$jw<)OV5VcjwB9ic%reD=Ne!^vjy_
zo=q=08=+|u6{Gl8sVbD?zpO<DRpB2+E|yl^<WOXy)tfpha)5q1Nvm$}tjJYL)d<*~
zlx##ymI|>No%~rEzpr4ErD^GXK3?tCAI#iC7t`;|+(TaIH)ihn@bMpI?%C1&%FI0n
zhP*Iy55sIdFLTc!B%9MXr9xV^jTn?e&`SO_YrS{M@f#<k{bxQhBQZ1$b6VM#o}g+e
zOpgizA{cJKEvwJC7js7;cAV*m8}1`V=1i~{=NWQLh0ytJcSP_EJBz<&7nhmtLPCDC
zcoXDO_2+y>w_hFRNE<QzT|9894(090o;(rH#IMe>1UQHnp<>SoX<iR5?1XLFy@B|R
zB&8;kKJOz$JGi1|rqhn>ob4-~saox!0h}$eCMT1vn6iZ_+c(m@4OUTF_&m}<X@(j}
zS$fn|<w?t`2-dE(*9<>JmmO+`pQfMOn&GYVLl09CSBtriJJDje?jm?W(Z_O;CVT2-
z>DCQ$+-rl4izIK5>yPKKf5T1ij;<s6QAflq(%VXYggtyb_2ENAxH*BiyR&T7WlsQS
z90zHd>cTpFrQ43Uc&>};sH^fLW8L|!5xU4Td-WooKxY@j{h`FD*Bp*<e6iN4G7onJ
zL8Xzvi(egy*nr;Doeu13!X)-XZ)8}$)e8!cVt>T<JfBW|1cBX(aV`!b$yB<lv^7KX
zENYa84aQwYP(NzAj4<CMZL4GsQK!yymqJjcw!*@zH(Z*l0-ilm48H1^R4-=}?MwA~
ztYji6MQ-Sbx_}F&KFmi@0+7NPK|gpNfUyd*kd=|Y?pHq5-{UpgZ!nJ1{2^FN-QCi0
zv*KXS_2lca2+!(5;mH?82ne-+CoA5c7E*x#GkPFggFt)5SgzbWB;8<+yIIGL<@jN3
z8tP4L({D`~$4w2x)Pp0&X}AieR#ILdAN3ZOUkT%o@S4hQc1+{xJkvf$s%niiwshR2
zSVdq7*qLIa*)g_cOY&2H(TBmJaTfh8jyrdS{%)%o@7&<$^m#)ca$EqITB&z9Md(O_
zqg~+WQgC!d(;6!=b)CVaRsS2NzSl08x|GQ8zwLq%VCGn|6HhBF#NmAIA{9N_V!T)g
zOPtZNRJm3#{U|B=E)#>#rIsqKk$uGUZ}Nkl?f}uBOCHnY_w1DBU1wu%rr~`YpN-#a
z4M3w-y11ofoofPM=$>xQc_XR<!n+|rx#ajQ#P?m?m6UB*O~8`L_XUfQ<F@emD9tQM
z&O-*4(bd!K)zbW(HfYO`1?%lKBZVv&DP+M&Aqz&P)Ka_@+25j+dexCm{WQ1s6Js9>
z27`Vj-z`OXeJ_3^b8;bba!=yqp5Wx3d1hAzn3KcB*nsTE_6)NPJ|0p5KAuf{+yc5+
zNrg~8_onV3KA!4=-3alq4}9zcA76`)c@9hS{><Cj%*#0Vo|$=)_U&M%?G0xzb438Q
zlOx=dK;u=QaXHP*B7Qd*dQyO7Y-~`DU}!l<3_n`$=O`*L>g1Tq%3-<akX*Dw_B6=S
zEe*sBHr~MYACc=@b2vEb=2j8QHTK`&!j0&NQRu(Wy=soMAyzltE%vYKtzLz?X^ovA
zGxg#7G(P~<a-PQ<MgO6riQsy6U`@`9_(C*aN<TgImn~`gBBN~A*~*o(%B2>V1?r<(
zMQq4Xme6!I5vB1}?N1}4RP!o8uad`wz*tnoW6yszLjW;^r$u2bzdADqTd266q{^+t
zC&hT6M;8cL*pt8>I63=>9p#gfjhH`j#An6%BkkJ|Zqy@eitsgPT$<kx@pAXKbo@Xm
z6+-dPnf+j5Lpfrx>cdjvOqmKi8XZ(-S!Am%Q>W;|DGnjjlZ4y@EaXJ2R+lsnDzYi)
zg4EXj?lywX$Ol0e%m_N(1qmuA{6$-WMfq-gVfks6dObO`E`&msXl9~5$hxW_p06!W
zlW;~nSD4~CL%I;pX-bgQLj8`Dd@=$e6Eocn0S+&Ee>uijwjT9UX>5NUQ0hhReT`Mx
zl|0FOts~%fn|LhW6HgUF`nvujcxr}$r(7g2e$2dg%^7&A;5+aXM!Asil<YYv%{yuR
zS9prEZT^>dO7<L;=DmDwJY~<w&|D!yI|vz?M=~^xrx50^kT<_zIx_+=v;{}G7B$L6
z2V~D00#=(yH6<ysg@Dy2IkM-JKW@**f}K`1&}In^oMmAXGDPK&<3m~67Mu+?q4#=x
z2X5MOgTPJV%y{4?s>eBT(=+&-=d&qO(E#8kEEX_s`q>TV!cFjBJrg&1Q`<3rUBSRf
z_Ix76`WwKhH&2b%=sU938w7sR+u^4_|7-koJR3CK*B&&j5%%;-0fVN08rJoN`hv5A
zrl-?f`HbiLgQmMp&~#fCXe#_3psDbzpsBM7nhqPFNiN#zFS^g7*Rj>jrR?|muklhv
z8@yBujxBAAmt@&AgFcgK3(vx|h1qzi_^f!T^sIQP>Rfn<<Y)=vzMX-W7BRRPz;LO>
zHtolO_)sfW-Gho9Ajno(Q)$hBpiZ1G#b9YDR%mjv@_91(zRVHj0W1x*Vs(VF)OZ;z
zRX?6bIB75AB(LCcAMv<1x5h_2?(I<HBOdqW)%a3s3FD-FElLUFq+E8j+F{1c4q=+a
zT+tv!^F&YtV%~-fP|5*N$~F7&wk)7@eRjN46EB_rqyH0LDr|$7)?a@Pyi}Tvmt>H4
z#s3N~vHn=ac<FOiA<v1IHnzb_TTHyPBQ!!K*+1QF#*tY=m_R}&3QVv~iY@}kpgfQ7
z5uNB4ffo(5^olV@7Mo}Z(|RqJS(tsE&6(v^q|41lOT#&yKpHRA8F(o_LISGhHAYJp
z3bX_TxFP(d9JjyPh74lIvjLNh%lr57(vFfXz)Ms=6D_rGL3ocoi_ubx%n^@@fR^^P
zbZlU`qLd_;WZTot1YXLsvI`IhrS$*%c&QMQIj8?w@KUKMnKPuDjhBkg#7oNswfqX^
zhQ+50Ewl|DQjQ4m$}wi%O^a8YqEjHpr%lMHp=p_l@5d*Vsuj*O9>T+_CDycreZAIr
z$gt>rNZ9^{gbfK;RA|d+q%&+nq!h^NH31R{I28n1DOh!MM#f5&+ZehiBiy3`o_&7h
z8z~AytE};k-)HxGc1cg>6Vooqp~gwE8mssa*bV_L!@cxTR@0v<KAiGzm!3Sp((Pke
z*(xn_Mv3H$jX*C-H@|0H7!kYr+AU^{fnTK9`&I$S;e*72?PlXhm199=o4MX(9A4E^
zE4en0Z`&Z0CT|MXX69=6CPd>GYg3Vmd}~t$$l?RWDoJVH4>R8jVXTEeGUVMyCFjx)
z4bU>_43NzN?>&nl@EEwvFo27X=cuspEzdrpD(Y$)ZNg0qv>Rn5$&o5*Wt^Mm`9ON|
ze}on-EAMdJ7O93EA<=)Gxc~Gwv*e2ueV)ha4r{twl|yi_vnc2JJs(QZU$aHl&4R-`
zA56ZL4Lzvnn~3c<MK?aaT`;zC6a}y*Ks=sY3whI*<jo)$;8M!j1k4fm@bM_(U99Kw
zXhyG1D;-Kfa!oqEz=7oX9C!I<d%$yiT0>SFrx#_~w@cs2BIzBoKKfR{?S1tSuY7Gy
zC%nPd<9s><pEogDwsznJDR}zFha<ugO(0w4`V%?+qLCK;r>!D?0ZI@uEe+@dm_0w0
zrDwg}?|bW6T)mHs;z=%E!=K^Psj}rmiyy(3>sV{rX8OItL2!8n_W**;bhE6eV5N!i
zk2=h$zT`e);3Qt-Ut)!}<5kw4iN#9Kg2hVV+48$w!FLtJbD!seHv5&ZW-kMVwJ<3~
z-59T+`lv%rh-*V)Bm@>4EzYb9st>xnYJa!#4XaoWFr}X-D=!HZkCZHIO(;Kiqf%aJ
zS*6=vLku?chkQ+F=0pzNKQ{GZzV84yPWO|icH;Xyx}E}0gQ86W4y~1*yqL&4;5oP)
zgeFB^<Wp82=j}RKd5b?o0FGwVlZ4^&Cru475F8eWdvoOY6FC7TYUc41;!6?I3)m+~
z^JgN$2o*nX3dd{l+GHamfj87}%5rcOjrF7exIdsQ;M7QJjx>KgugUqWcm=JlsF}s#
zD|sB^Rd!exiR=N-7AZQ5(eHU)-UcSV6J6z1Z*+1e8p9bV+D>yY>;mF;k6-D)n*?5(
zE0Ydhm1c#6w75!TM*uN&4gQKW=9t}J4g$_vN94K|Of6_d@{VlzE>pL@BRx5s0pLf{
zyc_5OCl6A?_;^3=ShHc*rrU+#FuDjKd3m%wYs0UQMj=Rx>MX^!XC&-&)-s2}gqr5#
zlN`?;`|UHtS%lh;`?BY>Sf?jx-Xoy2riMFA7r<>oYi}#bAAmQK=SwM4o|FF0OmLos
z)lX4t&C!=RxaACCE>`Z1$`h-OLXTEuDWO-JP2&ap-7L<D&+s9?I*7zLnAAmrT<kDY
z|3+GJL%U*ip`G+%i$&=31yD(Mp(p09Ti#ZB)*s57+iK|vL~*S#tB$sabN%=%o`Cvb
zG5e-}!UMX4U9Y~9mG#N4M#o6e7rFKWwacy&Zs4P3bvVt5dLS-_2mC0Y00|UvK2bbs
ztiagasS6@49YX)0dPCb|cWm)mK>1RNU1lu#A+Y%K{0@dST4ad!3bCzFtpC9D2dCi&
znendPF^>Js_pG3P!GgLS&EVLyFMUJ-eNeyApeww<Q;<ntfSZ5hy>+vE7W@l%hWNQb
z>>Ko%xc9t6s_xV)uqMc-yBq1m#$uh2go3d^`EhuUP@KmZW2g59jx72RKKk{0XtL;`
zcjbnXU^Ir)uOx!Xm1qRGO}6I6w%|=EijHDkzMxf{Hs#qW&3nqiE4uL~2-Qv_pgTxf
zc7Dx>^Xy1R{XAQz?Lms#BeJKZ<J(FP{S#haxG@{a-UvcpbJ_&k@P{Z$)3eg|j5US~
z5vR85KRay<6o702{BbrW<A5ZO@rOG2{vUVm0^dZHJ&tFRv<(POkcZ%+bhT)!2rUn3
zq^u21U;-0Bd8(*rkuR>ORT5y8M<EGx9A{+}lwHMTcl9gluF9@b9ztmgv;|ilMG*z0
zqQVRjS|0XA+x*WtcP2?oQFr(I`TRbgzaKwzGWX7XopaAUuX~RC5DERs+WWxemQ*J#
zi7;$@Fb*39qVo@>Qw~s+x<qcjzKxIQglHJL{HLpLq{gA3fqyu<WI#f6B)u{UqLDM*
zpKNURzw6tb(ams1O#aY`8y1U>&wZ%|Db?wy_5o(VmMUvukDC2Y6T7Yj8+GWA)eI?*
zlafj_N+lp(h-sC9uakhK=&)Z%``E+X0PSLo9)8(TCKf?+B3C8iAq4Cb1)X21W7X)0
zvp`I-Aj@(>dskoW>8Oe}>Y#F&jiRL?5@AmmQ`VzAYjt5BMXgIC^`gDeK>8V!AKGCI
zT=IN7lOfO{7uPXR)`~wsW(0%?XKgtb$0X?Yv;i-EuCfLggx72_2H_i<PFnFI5reji
za`F<tfL-J<z|5jth<U&wl*u15E&}-kl-XCtj)Cd0^qo>*z4_oG{cSSthuqylpdq@j
z2JO~42DaVi4l<aA1~a@`g0GSdzM;VauQ0aV+|D}d5KIYBO90f0DEIIl3Pz6EDaktj
z@B#4;=<ef$&Og+ldZ*yHkX^8~6ZXn4d&9=mKm78QHmYrg-D{53ewJg^tu)9RaV+zC
zqmp*BHI9n$g(J-Rm~`?XDt~8x;h-jFq8`rNKPKtQAmrw8IdB;Y60gKhoaTcQlaPC`
zrif{$1z31Sq(75NF{=i^JsEfkPugc*OMkD_AJLisf!Gwbc;)_XmakHVC87Kg`dFgO
zL*QGO>1k0?k>MonVI0d-uJa9Jh;R6uU)BNn23w#3=8)HhZz$;aQ*6U}6hV{QXB?)J
z-_vNMIKYs9LlRwFd|88kxH082{^4v}{vo{;|3EGAp@W>xL}Z(zn7#mM4}lH=q?X+T
z6!*g);UMTVkSW^)Mx6JhP;%X=k^R6$05j*iRg_sJufa&TVN47ZUX&A3UGj9hwg~-a
zk<2>-mlAwmLml5yog;Tk$1$E4I#9Tz`pY>9<sYWhNMuP1=5*tiU5BbR5E`$6zjY<1
zdUW;ry_KF#`24#5jL9ee2+z{qB`2Z1ra%kVD-t->6sWesqtFX>d0C>USO<C?<<H!j
zU2vzsF$@EqJaCpP(GmkycLgf)1*lzM9XL<5b=2%po`Hahc$08B<A7_=xQ9%we<UuS
zh5iYh%wamw59%j+seYmxw08v4WfizOS=n*=rE#Jk(`7J0Up(jtd(CqZcgQ88D@q}Y
zxebTH-|5IsMEbDoWsY=Hj9(g?OiC*04qZQmm56oNG4Gg;C_<cuYK8$lVk8)BrT(H+
z-F8#q<fjAINYqqP1F#h4u%PQtrog^B_{?1%N9o)<<!b|tu%Ad%tO&%+(0;PV$iaLo
zKC`1#KN=mE{F^*dv*6eT-SeTB^i!#4U{*Iy3pO+8;K9Dqq-%*pd2%{l?puhdRg>M)
zcf@2K6QzU5SXLze$BZQ(+D;pp?ZJPxW-ko_;Fi7@k^Z=W(G5Mp#UTM5mM5A14YPDB
z&l8e2FeJyoOsGu7=v{TCh~&P77&;#QK8Am*BECt|0gAZZ1ZPXH+Q7-Cz*#FEGvq6W
zh;8#aO8KRGq3!H~bb({*D;>h5&LyW411Ika?9Io6DZ5~>ZQd!HU0VuOi)sL2iMWTi
z7FFRhdbx$y7h$AQ@_-A!NnHC}L)9S4Po`tUkv#I}g6U<tkesPc^hq)qi-sv7J<=Db
z^0LJ*F_COznVpeIa84v5nx!MllnL-PQCO5@Xy3m!#vidpp-M7dz5JfQUT*aStSM1J
zneIzt+Xma6*_!Q6<g|x~b4nmfZY$s!K;uJ$DIVL0I^f~J(FU`ReBIlQMw?DCHU8fE
z<pg-S9ha_%oCg(v_jX)Wc6(<L{=@|@A~pC^m-HnS;>~bOZ*#JdamlI3C0}#H&*qZf
zYm9QqjK$G<)<wtxdS#=rk>&n)WNM!PmMJR;3mX|07Me)OSMVPE{VSuiuhJtC+I;p1
zsQ83bin$B`6&tx;y8~Z01vD$UZB_zJNo0Y)fV1Nc363A0xubv=xR_v?jHdY0T#1?(
z`1-EE?tE0L6m;qV<Tg<|f#D0J676mHOH7S+9Qer1xMFniE&S$YT+A(mqN_LKI&UEq
zeZe3D&e&NyKAkS=V)A3JGOaTlHApZKRlS(L2q^LQqI3+2!Uw(oW1`@{)gTCkL<Okz
zCWF@}8m-~!&f;pYw;n`3VgSB_y2$s0Y;`(QkCqmvoFqzLA`2uPBBmZVOl0Txdbm5h
zj<8co;+IunAVcnwM{#rBw6KBZhI2MwIKBlPv@Kr8QQ+l2Xh1RIv@>wZQ2D=D8{I7N
z+&yd(f33mT&!{IU^)h>a2Lpi_?h!G2fL&xR67y!c;5Z<gK+G7R8wU)7fU_181Ot=*
zZ+J?45$B|KV*-ORoE@nd`T-4#TS4d1d>b>h##si+LzT?t8j{Sq`WjWe09w4j73^qc
z_d*Q&z-Jf=r_kn>cA$G@;2SeEm13oH`T!ha^9C7qIZPv5CiUQhyG?QCf}UpjoYc|>
z*(Y-kE;)@C>I03}^UHEDS^J*AiJJVzDn4{`BK{((8#uv>N;e?mhxnyv_oeGi;ocZG
z53d$T2V9tl=Pp-=J%XcwU$($Px<6~CTPkq|zAkp=H{|;&spw&gVb<V-1s3Aa_~2rE
z$<@bc$5RaLI4(nIm>wY^-i*;%-%oafcLgrdmy&Aa2G;EuhMo4;y_lW0jh{uFomMpb
z$?P%B7a4dQ$N0b&Q?#=gx((wLvte}U_3zp+K1H3^qcQshE-+HT_pCA0K}1E<FwCC$
z*^rfzO<yEifB|@B1-KAr1%N*(`u%07pOWBvC(edhVI~`9%H<{oY>)`st9n~@#70q`
z3Zi6JOdOZQ9Db&ug<!u^9%JPTD@*Ea!fL*7QwzVwlwGg@W`q$VfvM^&?F*c`E3hvg
z-dgj3g9Xu!oA<S-JZiOxDS1Rfy^d4-(m4p)!e5afqm1S7&JldlEstOREIA49<(EB8
zmkAefqB7cyzLuUqLn1Zndj`tqJ^^KB^43wtTJWaQh=K*3^7vqNqW*mb``!ZITcM6M
z_WeNo{&v1_tQ9?dl#vM|3Pkuc^kE{qK)LLH67kcK2~P5uFL0&!`9c^zU)Vr8X&0q`
zKtL+@aneG}xTVq-BK8D#OyEQx+%$oYn^+K65BykmlD471!Onn<!G{iETrTMxFrQ}H
zSe~>J+*X3LM|AA-T?0GGOj<Qe4wYY@?>m95gbFD-K5Z6a$B#F~_<NAueO(n%YJ#ol
zJgB*m6~{{?tyw!CT`SqI9k>*2iRkMp%9~fB*>yb*U}T)KjOofgA|7J_o)r<bQ;(l(
zz4=^Q+8pzeBQ(=KHI9EBtqBXeG_k(p>`h5=cJIt)vU{h%!E`$**%q4g)Zphu5EuAD
zkj5L`QWw5(e~i8@FEgX=z7GL&iwS<PJJQN1&g-ZlSF^xN6q@)_NmU|{F1|1a<c_;K
zRCqux5FO{3xBMdnt{on!B7B(i$CRqg<7n{!3dm#ad=ULSM55UT`Q?4F)2~6khx74Y
zVcpNPoO4MQQ91%&@xfY@jg|YYB9Mcn8euCBKnK!U5A@l&M8yff512ug1x*bVgkOLU
zeFSAN?{U=9iNP=3V@wIY?ljab?QsT90LnB1j`cxWE0wxYq%7l{K)K=byWDVkJI>A9
zA43?Z<2-oUjr_@E41A{)#A8g3Sy!2B!<ipciiYXI@XV;sZ>;h60@SzCd6A@j3}-u`
zv*vAPRhse}>-o^H*bYgcY8LHHsHQCc6-7{lo#f#Tz(lcSe)(G{Gw*W}BNaH+XSCA$
z8js@(e(7$D9(Dz0X?9AxjU$E+VF0<3Q;Bp9Ollw+<m#{wq`Y~bdIF7RpFKwrUxH21
z$mZy~MtL!AddnS6hVLyORLr!(W<D4o?Nx6xd9k9*X6PDG{Tv*J^<;~Xb`ZEGppqE+
zo~StY6*`tV*=1ZL=-MxVZz1p?Sqjxr3&#*?_|T;WeX9kY0`c(-vPEfif+7y(lujOQ
zx2r?t!78WJ#VI+hT2><kx}j6re{G<O-`t7t89HLT{cX*x0)m7O4dM{#lj!Ev785KG
z<M<OPAi+3}NaUx)SB#5Nq@84J8)v4%cUhs?C|tt|EmXLS6<UnKxvbDig%7bpYep?A
z&gNH^VLm%!jhiuQ4vKIW@yy}sn9P98-nUJ0qpP6Xg7dh*$>Qw%7U*OnT~Ig=8`sR%
zGp!M^T9isebQQuxov;HsQ1TXo{rHMP=t_G7Cu^XQDt|U^BMaL`y!IjX=QzhNM=u)f
zOcPr`L|FfzK$T^4Pg*>{StcLtzQmfUho)-$7%+~|9-2zh9&5t%X58i*=m1ebuD=t&
zlOiH$ujrpN!6)_p>G(+k`^2JQ=29oSr1g3OlZh~JGvN_o&Z!>^-Z!V7?WLCd#wP!r
zu#XaHA932WT5N;4kT<ZdTA-^YKGXv_cjzvWb;oJtm!gN!+_}J!b3i44NcevZFU|OJ
z3cNJyFUP=33%<;RmlpkHKh%)o%U<Ynn-O8J0leiX{%XH~v23S>>Vi*%Z%Oz>=-K>(
zK^QLlfKg-b0qT2zU$&n%v@7LlIOekQ_28b$eP-I}jHCU+BYioyixXAHfgN1n6re*S
z-}eoE9&#ZBb4eRi;Yr&sO68PNtOZYr>v1Q#B@4fN4<1n!MM(SE%2oB*&dvZD#oR@}
z7>m*YApcIOR44zg4*NyrZYbX4yGM{dhT`yXASwKEJU6vB5v~=1s+z1S|8+>Mh+jU%
zYu-zGend)mhgIscYW#z+3X#ZDN!qQKaG&o1!gnX^^Lx162di8i%A8V;)hP{PO125L
z?AxZSdjCNDmgwdwi*~j#*6%=^67)-i0MMDObE@8LOIDNr4*ZlRe2OFEjXoYe^rF5Z
zFeV}qfWi!58hNvffMqY?mzB2x&PD>x2s0I~)eE1|3z^PrgoO%U)eGn7h09qXU{496
zlq<zY1^#|atX|j{ov&2k{~u%T72)1vD0MgHon%jqhQ8u&mkdS5pDr01j#n?~)RuG|
zo9JDiMgu0@@rk~;sxh`-i*Ubgr-7VqZtYLfzI-W<xBs}y8Ci>JOSx7qXYE*tt|(n*
zCd8!6f`q8<JSJVf@MF>?d65Xdo-swL0}e(fT82XFC>-pgC{TE%6O??Q9N0lGNQz`j
ziucDX21u9lOCO=55E+}V_@!yc*r1Q7UpHe4K+;E3ircfeNe0Bln?bq)0%$6IKZZ_+
zrPZW_L=P!UW+3h7H+E6Bm{OtRC6P!HzwCQ5dX!5&{M!v_Ctd)oXluL}We9*?>C>5Q
z<-e<bw)_|8`Ow>t|9WuIg`Z9GA6^__^50cINB)abgndRXY)qguM8JN!2$*e&!51)#
zBtWSY03u?*I?{8ZCBI(#p55y)7X4|?Saf5d(3YERl6oN2f@QRmbr4WEJqChj^4c!{
z^KAKn9h$d;xb`;Ec=-L8T*(LTCTG!>IPtRc6~#*$`2MH|TT0A>EwiocTFUB11)C%~
z{+(85pn*e~6kVJ6;2p##I}@C=v(ddNqgdc-P;6V8!7(%?l0u4;$4Sft(a>eh<2Ry_
zLdmDOI+xTVuAyTNj7D|{(lLF5cyo6%bU0NnrtKA#nP#u_s7Z1FV6@#NdugIn8BQbp
zOdc$59lul{HWsxlhxnyDi}MdB3IztL;WrLcisJB_yzBwLGyL1NUyu#_f*@5yr7(MQ
zw2#{jxz6aPswJ+Uw_AR^pBZuee9)v5Kqos^*@6Z3p>f7h>xE--ZZawu(rU!CGLb7r
z7HR}vI5825i$@ep<ShR0*}>GSB_^PG(dpna8SO$$MpK*F-3!rC!v{Vx=|Ti^PZs2H
z@mDa&Bc2>6%jQ+JWB*yx9MQ822_>iR61Xpg1C8i$h&>iJ5kit&GP9YDuV*{L>jTYk
zu7~52eoT0c_f|Tjr8JY3<k3iL8MdePBzYIWPTC)Z-}p-r-QCaE704vU6UAE{cnj`N
z%?3Mnu!-g8_z8bSmws)eJ)cD<-W$<f5m1%r20SqQ7XJ-*#Vv8}isnS-uDDxwKe)1=
zVu|6(NKOd5`QU_jcg1t$fsjq^ialcPimjXw+H+TIXydNf(2l!eD~E$&By}t_>l?nA
zU-}A(;3LT8AkH1Jqv+V-LM2bkWpT6_-4;dNg$e51$9bU0RWJ=*7Oy9l#gF-A-4Yp7
z)5_Dpa9MPr-BVPiq0i#$Y+689A}CXKPCzL-AH~e!Oo&F7Wu^;*KS|9Ph|WhI9Ux2~
z<bY>Q+b1a2JFn!8D8{@IqvtF6Bfikur2zdA&oX*KzRKZQ?f4_+(|NqeOiPxF#M{24
zk&SyD+Q5~iIBuemIPwXcDe7}MQ|duJGFur?<6RCMJN#=r(#1GO19w{wMW^m)z&sRV
z{spC$pY~5oZ*xk|HT)Bg{g{8^EX)6mf8r8zEC0l+$v;tK{)s;3<JRwr{)rdc^-p9b
zB3}nLCh2H48T$~H&~U#dv;Ie|{Q>)hHyH3NIi0kmk-3!pGU`(1+l<HpYw<91ZahNR
z(XMkNxxvfBRG0a`c5dv~#<?-LgFw#=m)h6lta#CIVb{Kh{iZ`@cht8_N9UNMyop2a
z!?mrv8x3=)?%fET(GrPKQ)|E0rdE#A9>RRZ@&1fs|3mMGA$nI=a$4lbX|W$4>|{7C
zTH>4*G4sa1=d`%1nc<eUxH;-S$yK8J<dau$XM8!{o$)c#&o<QF-%K8i`B9g~i>Qv$
zJyW%tn_{jFwMb}cOU-=ndy`4W90U~5Ghe*BpdgjgS)g45XQH!2O#+I-(6y;C*4jE#
zoCoAdB2ywT$UrEP(Fc;NAX5n7sY{xe(ocOglGwf*WY3>;gY@5nsP6*)yI<4|GTA^Y
zCmz<_qgWJ=J#0XZ3jaOq^v)m!da>3_+B@9}Pj#q4$38xU?h}|9wjZ*`TvHo=(Az0m
z6Hx!K<d&xZ!{0;O*}|aKlll1po0C?`{3u(ST&W)qcLzC};Q{q1@r#GiYQR;|;rOF&
zly_iEEPxSWoDL=&0)x}98`|DK|9>X`igEI9|9JVg_NV3Fvi9ZQdeqZ_WNo>!{QG+Q
z^6&Y0`FAsuf0^LLhsvW;uz!fQqRss-UHIA*FaIt!Unc*~EZJjgB?I@zE3X?XnHapO
zz3W_e#}2(XJ7_W!gN^u{Q91aLro^8i2e-Y;)x(g3-?*Y2+yNT?59HtxT)Z57vn~hU
z`J;01lQB6stjod1`c5Um?>Q@)RhIT4sknrec)uWBYHxk<GF)tZDNkrruJ-p2&o}Y}
z=<TyxJ39Qfo7#t8Oo--}En)4GAP(&hYct+;vG$&s^HaERWBgdRYSpngc>4XZ-7Rh9
z@x>g;<L%xkYbB4z-6(s%xs^QLFHRn3hxDRmLmsb>lgHPYba{O9<?{GnOjnl2J282D
zW=Vz3g~le5$!YE0qxlxc#B$oV-rVAtSYFmzEFahuCq=V+YX@{YB5E?|iUUSfXA<z{
zcnKI2o?j*b?-jWU4;;rR0bdQpB_IKJh)Te3x5Tc*#U$XwI0<-33rWEJl9=))DgomK
z#>@O4+m(Qiv?BrE)^cSDxGX9G_oJI3t)<k8#w)vZeGxAc535i7*)s83CKFGH7~<~C
z6_*LTqgo7s_Zj5B{(mIz-gCLUd)NO9dH0R~BYC&CA@6qm59QrX?aRAP*x!cG>j4Ta
zrX4pV-k&Y*_Wzmk?qHI4XaD!|?)~xdE|6oAd3AvoHhdeI_xG)3UQb(@*WKz?9`n01
z<la3O6aVddc~2U0?`J<I_vT$p{6CR<fAb@9?`$Ub4!)w?`~6SLy+4>*%e{l6a_`30
za_`{qhW6#%lGgI>LDLoG-9MX{ygTti;(sge4*pSj_q(WkJDB9%W3k_KgnZIg-ZkXh
zzyG+Ld$5h1JNPm=_wiQo{^R7`d;UXtclghecL(#qZic*j)qf@Le!}G4!P@e+^6uO#
z$h)t_%e%ihm-ut#-P|9QcW;f8cM(UKyc;&f$-5pU$J(yAdu>~B*L<n9xa*O}rBldG
zbe|V7i89KK$OJM;S44_|;_hH|UCn<i?qbxQRKM4dc?Tm!`SZ_}c}2%z{}^_5->Hkc
zE%D+mHX{N{7g9`2(!CWKPrj|BJCH669uBWE<lK)9IhP5yU+R|xzobiohYYV`(Q$-b
z5}e1RTXa9hOM-`gLb?@xOuEg7@yBN<X7K_ro`@GyZIN(GoOvJ<<x0AL3}enDNmr!U
zOz<Yv*V$9D57QN8G0vjA7%lEIL>YuB&MD`Uu@mF7)7@1QaRvG5WOQAhNq<%dX2wcn
zLrJ#&%x*VP<QT^;ekq!;@%Wn_WpcdI=UyZ_$k|z-?Tj<*tUNHA32qesDp~HdNvd$l
z-Ih^v;Z!_t0=qb6VrP?ANqGfIQqak34abzX9=w<H2>fsWz{-4|DXz|@&>5(?jM;ZR
z7<g?WiW7-W2LNQLpdW9^G(QX`lgTgrAIhLd>wvU>x>q`;uLp}GD(6pU$4CY|j>jAp
ziHubatv1Ew|AwQ2VtXBqKP-@m_s9ja@YIv9Ww*zaDX{Sd;*I*HuTVpa-bM#h#g%Ol
zl&mG;+nD?|>}l(~uF{2!%CsHQ;ku`7IPqUoq?D3Q=#?DAuro5}D4X+Hn{fr7rl>mW
zrs|GwsmO2S)6V5w^4jqPvw8zqfz^1i>4@m4=2z`drrmGV2I5LMW~ZcnL|)oKyu$qv
z(bJxB`I*={Vu&L0RG0CZ^gFOWLY4kX3fV*um1d_*!+R@vbh8Pi{8=u!-zKCH^Ieka
zlFoRgW`OH*5%y+P{Cb8eJ&G>`-M?+3K))d?%fEq1LtyCg_$E9BptrLg^zc80w=VPJ
zP89XF?-PN0*xe@CdXx&G@2YV<Pd_&8<mjB}AEC^?o|9B3h9X8z0M}E<g_#gqdZlWV
zIcDLE@{ml;7nH&4v=`}^tj##0QGBC%s|+9b`XGDJ)wru5=#vzrYo#69o@PVL%iSfE
z0DH(KA#GFjBQ>KqT#mo1XtWXi)*(%8e3+&-S`pteU15IhP406_iGY`CP>&Is8DZzO
z(V-#wSTl;X(Ym!z@B~U>;YG<FUsL0oFN<$P^68FN`4zwTb80M~qI2T*1p68j5h|L*
zFMh9+ngqvA4Ap!UU9iij%_!b(hl;B2zKgKxsst=ob41tHN++Z;@_kZ=PfMiBHM{gV
zrVD`<p53{DmC1-WrNbmEZy|wM8ZsQlq82Pl#QVBHloRkbJHiC1nw)C*1VJ8tGrV4M
zSBeGGPGRy2e&ZA?%p~%sRA84&=R60$69vcqxzF$$$Ju6vcKaR^ly1+%n`fp&QAaGA
z0uP<=&De}$APP8FBndzahF3r{YS+ijKz9>1{V7!^<p#fF48zD@PM=bIa{69Qcnm%P
zPW6}Sejo(p36u2}ps~mGN2(o`1bK)TyAoi&;VMz?dl&q|VEoHx>bY_fhQk}5EJ{`G
zjBhbHlV!+lSSJlw`BGp-#@-E!4=cq7-AGKhov;XvYg2)w?tEr{dBPERB$uS^vAi#O
z?i7mh3H0E0tb=EcO~0Ft*LX2MHwK4s@f-bCe&Yj)qZQW>V8p^mMC_{YJS(zgR63=d
z&bnHsGPlJgRXL^4GAiq8`HgO?eES?|H*J?od4xkB1AtJOW7piSg2jhE-_V`<Wq{IW
zjCFJ0A&E(=aXZes_>n+tR8h$aIQfl3XNGG1Wznr+Q{RS9NN$s0+X;c4nU}|hgwIBq
zVOmz47Rm_GIn0Ey_g7z#XzUAN>{8iSWj0OASy$&&7Pm+>PU%yaK^+LYI8io{cm9YI
z38%C5WAo_3f_rdh)oyGSx40}bQtYq>uC#i$;}p!J3Vw*nV4TMtG!JbMCV1sHPB!x!
z#gzVO2T(bgEOl%%55f(tj}eb!5>tA$$$B#%;C$mB5pbB%#SfS=X|*7EF{AKGmSkxi
zCUyx@z~GJ9RwrS-R0n?_0`a$GrZg#E<Qg!ekL2B?&MScJ$Zwoyb4t51Dggjdn5t|=
zYN5YBzk&U^3tY;t;V>!1g|<ou(n=(6MR;KJJizsFSHJ>U{F^X6ka}SWEzn(V?t5Au
z0Q1S{^2ESguItQ{M-RKCip%rgF}O-0%6LzQFp^?aXtHG8vU?p&v?H2whPeyo{R4Ir
zhXa-uu7{cVQg8{Tr6j5^ET^f?P9X#sr(_Klxo@0xKRA_zEts=(VX<4P_DIL11BeJt
zX)oe}y8`FG2IpUjOW;Jkq7|0LnYJ@Lz`zTqV<*kKnDW<L%4gX#T^4_ZOR6EfsDp{u
zzz>fy4UWu>gBV_zG21%7G1rWFzMWDDzwz#lV-(j6Hbt&f7&fVZUw)K4k2m`BMT>u3
zt$QVi2Cl@5A_3oB!G}iERWV9^4YPK`AQW5}QJHPK2#1J;l3wz`Rm2;+D`p1f+kmp7
z<MMWNk9A4jVwHbH&o5HulD)v8%p_&Gd$rLnWnOo$jpppV%R+#0<BBd!gyC=Ul#fh4
z(_xLtSw2$FPCjxv5kIcN!|n4(BYQgY?}9G}TL=tK*x<;7t^tX^@o=B0{kNMb=QJkm
zxp6zD4xUsjD%pT<r(i_uJ&I`OSvs`}p)bq3RE|uNV<(6h?Pbu4B~)|j3DvA7N{Dv~
zCrr5nzx)RJl-=t^)bW&yQmI<;h6NyfO3h9*vE_i{_)o+e&H^rYd{356dnBFb@HgEQ
zH&L(jWTr=&oa({k!=j#i*c&<nQ_p6L`mCAdTpRdJBF3w8Mm~dG=aEOY&a3UFPtpbH
zD18;WmAFLjT0zFlZN-eE;|Qb`=u*BzSPjJ$aLi>3igg9Q@o6*WKJzMBW&B1?;0}4p
zNA+Zo8KpyJln$Bw9%)o^{;vQkK}Pc*11YVJLB$WV|JK8Ormoy(K&C=1*hY}4h=UB~
zSi2H*u8`cUJ<u??REP-w5hn;P#WA>~uVHXmXVu}7#PYYahRY}&E~9j~jMCxq6u@Ol
zJ8&6=aH-&fr%enlfA|{V5;5R1svWqDN*ASX>8lW9Y+z3yzx6AS!O>23HExQIGg0`!
zbZ|4BfrVCB-d?Pj4`Dz#EkyoVz{CwjCwjUs0OzFEh>6`d{>BPeiYO{r7H(2MUyXqY
zyv5;FPCU9qsWw`)RWH(xqgc9)u~A1+(S8qXX1Anie{GBxNuiLkslfy&0x0_geua+s
zcH?J%3j%AhU35?qB0lt2)H7_RGif@h_`N`9@9rcj3(OJGGJMVIRHOh&IM-k|{9@z&
zz-bQS#wp$Ifs%<+%%bCj?^;00Y_GCllv%IsKcsy}o`!(0G9FxjLrT^Pz-gi6ltm3a
zfGFl&%?`7CLNSTsgP&3;<T4^UM&>h%dlP)V5(zWeTTfDcBzFOPU+f`mN3MH4_U}=w
zqxg;E;rz|B;_&#5-F}Be%L&Z6z9$R=FSl3V_IQvPf{g*EYk_Y*zj10JrKzV(_JZ{2
zI)VFGU9g4Hl<CKi`otDQTAlJ{bCf>_^+NOw5Oo_b)SVNguiIvi!(^j^<5ORD+pQAT
z_>J=uiS+|$?|lV?0{40j7ZH=TJKXE}7w|3}EYM1AdwnF*POdo-n#RlDY=q&jaD?p8
zM5`d}tV6$NJB#A|;?4pwJh+NbdurU)(q$NrVQ`PGmj?vJOkA#1q2yz<i1gNzt{*`F
zWc%(zy_xeX+*qd~2R#@n3MzHecU5T@>~bPneIH%N2Y;c@$17cglQf@BrqDxX6QTL~
zrntgK*M*PaznU85Z-u~c+bh6j`x3Rg;hPl~cEqb=P%nOmAm61u@S9DHzY4TiCJ1sL
z|4?Dr^;N5Y+5VNBV^hYP1C8c+zXX9lP~R-&*!(>N`8hl4(>tqsU>ZVs4no#+|Bg_t
zZ`b{CeFPr2aq+*MleVP4y4+NhefxTo&UN=>?6!g&?eORH%yi$<V)rB+GU`8I6oLAd
z1*t;dIlIYcR|JkkB&a&>fHc7dOd~X-D=~IZe!pR;&dFDQaXgX94mox{*aDvv4Y6ZN
zsB(45S4K%sK6sJ(d(K`o428IvUy+T#4rR$jBk|2dcvGHZBYGlF=-G+}wgMe|k}60O
za5PXcxlP%GWE^R9nAsFMg;Lq&Y&2u^lMIivOMUfTUEbLxNIQHYyiWHhlQ_V7HS1N(
z8*FPPbak6(F@<tBtv)R(2xRK1xoj0f<c^N{Oo4nD_^`8Q#*x@kfq2(pWh#7%?MT<3
zc{$aTaYUWGIMJl7qxh}T@Go9QzH#`8m-T8|CX~kfRfr2Gs_C2vQrRSWoPc4_zfTQB
z5&^cIC^Ue-t5#-;=IfwaMZ37br9|IF$F!7A><*+TXB{hk`h7fa)PaR&)SB>xfeHYC
zSD9fod%25n-uQ0R?{24~gLd%Oq_vB<GtQ{5&P5*6$*<fMXzuKP-HmeFW)oBT*o(M7
z{hm+?w%(I-S*|(Evsh%?^E#5OZCI{OWF;Yr@D<nzpj6{?)vt&jw?2$+hcWCW?AM;^
zq7Ct5rhEtO4qR}Y*X=3N=Q!}M{P6>S4F?_?6=9j^o}XeM10TGNlwJW?QXswM&aHGa
zGe~M>TK0@1;j0Ze@8F#JKralV1vV3FkU|U07k=;=j&MntsS9BDSs$i<#$>L;5y_6j
zPbZ9oy&C5KC*~hKOYwPGKica?z9L#Rtul_@V81(AzcgLFD^c!u*ywI?e0OKnJnF6~
z+TBOt7o+l%-rsjde;(yY4l&v{nO4Qun*j+3_vsj%U~ROnD=nssGn#Sb!7j>~+FQ-h
zAIX$30sX<56zP<jfEeW-hx5ippug0KU!H`9>rkyA{ouP}Q}*AVqaKsCPls(5*)Pb0
zX(@3uH~1($`@l_k@3*aFWtEof#AYv-&$o|9Fz8w^)H~BoRyQm&v806g=!`YWOtzOm
zQ{ol|@!JWMgO9E4vWCpED~Nfk<%7*;rdI+a%SsUx-S8}(P+bP^4p>x<-c<9`BbdKB
zJraqtFf556IDI|T?(21=(=F1$m&u&_q2Asp)rz(n9V;<vDMq)x7H2yhVJ-DLhWSKs
z2Ik0qH1IGzBHP^_N0YCI(N}`Hc`CBf3@?Gs-1_M)zz{d10Atj6bt*Cyx7(p4kl^`8
zs)=i7p|eudr?8%GXVD}*o^&x6DCN+Mcrnn}S&(M$O!l8H8b+*Nwfe*}l-QLI1<j~|
z`_{RwGcp-nqWC9D3yvl`r8BT4oyrrDMe_p9iN0zf_gLI2i${~C)9MMUt{4m+WlPqD
zYqQLv>^qw5S<*tY`df_F)nTs6BTtij{37z4ufC_RzUyeRe<|TTP=o^9{kSci$^)E#
zp*y1%&bjs%V&)VxDb60GzcmyN-|(*zG27}1%3O`7;IRL-pmuJ7(GVXTkKv23F}08V
zVgwlSyW;QXAx*(84$E-Cle<fh7wk+nAjJ#AvUcH|0A}C71`S;5?B7f7DslD(SWm3X
zhtlBv3T-WMy|9*>aYS2cu31Bz*S9n*K7{u_G*k2CIGUg?K@w2TppE}&r^s+s4Fpvi
z*vwi@-j3D<b#g-_n$LR+bZ8JuTWfkA$f6yEI7Bc6jFzknlXc9FV)X2z$uV?pjz{Oy
zlgzXMun4L78o=qv2X29CE%7+LgQ^Y5I)FIse-Ch4OV>~9)qgkAn)1OSIwW=!4JU9N
zSGPW;XC{YzH;>9nF}ZG_(Z&al)4AH%(f2>_ZxSEElsQGW5s5giPI!tPd3YCo3z|iW
z1ii$emsG;b%g_n2sOKbHXqIZW+|&b?u9z;=7A5OV)IQ0YK=T!)Q!X;;B}es=tD`03
z^^#I5@he*}<E2Mg$myGM!KcaUp(ok4q=;^1h_zEWtsWzlU8R2=q_2IcTaW`Ux=Vli
zB<qbbb#Gybv8Y1$j~SKW*I1aSm9RKh@gWSdw&g1PxSRfQ25a(Z_I8l|_7{4SC!lw_
z5v+~Z11Kbu?I3Iq)OY5CJ776b2N5W>p=I`>;JDR)QhOJjv5X~sR9{k9Jd8R(x0f}G
z5!Q+&@Ikl*A7D=%`QRS*)X6`n=ze`X@)K-4_uzOaIVh&Xp>shiG`iDXXrK?T_V+28
zrGI#j{vqBbqbX|3S?gW+Py#OPJiTI?Ua<!D&=$PrtUcHg^?x+-jeDdPI5zd15K$|x
z+$$;$u0e?^f0&8IMPkesG=6b5!-uEiI4||M{&E_}kbEd^fZ-7mq{{i_>71TtbxSf)
zhcc|w^$!-t<6eU%(?G<`2T^Y~w|oAu{(KN)V2;RNFsyk1AN+#Icw^B3eG5ItvIg^^
zwH%#Wm>`S~eMhxUx?uka9Zif9W^qgd8>fEVZi6AHJr?V<p5#Vf0-VzRCp@{w_`;7E
zTUAbcPW7V8tBu^wV+)_QQ*@gL_yESGT94&Jt?<$nIGYfL?8twPgQvl0D7lI91n(fP
zNStH~6rhlZ&k=a$nQ6H7e#I|ggyGj{zfQ)bU_x(T8~)MZ1d=)aLTkcq0Ak(w_b|0P
z2+Vbrf->R;Ay8F=O6DbBGckRiAT<b%fAPUJM48)&>fd?rEP8%&tC>y`6zT#O`nZiP
zbcg~Wm4^^>kpFQO;W3~+Oc*qP4-LRW01=)o!cFvK9>8!}>k?__V@kWix}<EoQ9Xd5
z>j65MP~sda1WwhcrzDF>RJ_Haf{GFET0xn#LQwqqcs_nS4Sg*lP9(+~n6h{UtfPoZ
z8oux~Vr`Xf$BHq#wCv6o<W)EjVC0fb#43GFHX?x(cb|(=tthRUj-XhwgONz|A|Y+-
zG<0}aGnF=vHAOu*S!dYFMVY=3Wh!JLZ=Ctxa(w7I3Y@YS71t4t_!m!Lv0YDwE(8{?
zhsRln!@1qoWYeOIvJ+rs-~Mcjx{L6wJ0K{|WYobBa9itO+S65j>JPW0RS}eFxSHS8
zAbwr<H#AK7*T>`0kM@JQo++2>dR(aMB*>~0NcT?9f{b|{aiXDx#1ie~ytx<0DAqbE
zL9eYxk@tdy@qZrvs67>sG9zWEC-7|z9&b;)gM;n-ho`%v6B}ug`J(X=x!do8l?CG?
z{xg`*<np&5bl}%V@>mp+-;*28L$JQXOukWqyl@4oM>4le@3qEMbZ{PQ`9J*+QaP;S
zPb$yBByc8qLOOIAXl&+}ufzkSl#?c;YtkjwRJh6`-$i6g?OsCKfk@aY1gg3G#gPI2
zS|P0-Xra30O=ONO;TK$ZJ0hZ@W?VZ*9Mi&Lb(+^~(hfH>yd|WSzK+9FKuAPYrt>5W
z{5*=UQQRba%$aE5BOgMybRa2TH=+&?SABf4N1Bo>!s>g`!EgyHFTrpRPo{JJ5rIWL
z&A!`(To{G58Mlhy$g}%8lb$BKC;sr)>RG&n@@x`;0BJM|YQxT*3p?7_YX#{uR36#r
z$Xu3)@QzrVQnMgkkb7*p)}D~;yGCl*l$_KddC9r%T`b8kFn5V#KOe%>11|YFt2g&M
zx70Fr*x>Jqd#*9@OEL7*XvMn0Mp(X!U-l1rk@Z71Lck)hQzQ5yleGkCs!fn)*<rk?
z`nYMw1Fz5i3}*X(ex~nkd5+B~)rgK=&)kdpa%FM^ME#PC-Qg}PWS`uL<@=;^hY)BO
zIXA%_-0i=5w4C*wsp}e3AnU~h-<=-ruqe4IvIWNh{~i!}ZE><>MsfHI(yFJ%T+XP4
z4+c(J{9lid2U{dxMRs^QYMo;GxJgI`;%uqXB_nT3`6vbl`7UWgCWb3DnQSI?mE&SW
z%vFILdQl|#C)Q9_Wn=sk-NoU)Va&y0AL4fiNmgG|jmb3Jl#N0Wn$h(k>Sqo4J-DSR
zvg;BbGs7iksxLploF0g0$NYy*YM$vl#HiN+%AM(e%-E8=Et8?NdZ?NBecye$X%4{9
z6E%Q_2Cwy*PFa#d_^o>TXp|u78NT;l-Fh`WxlMYv;jPZV_nf~_p92bQFTsGrZy6s1
zGH>QX`Q*5zFx@hol?sZ1>SniLRW#0AdhdaAHMDzCHr^_e_PX%cRmi(b|LnQ+ixFY9
z$ST7(scek=Z!tcYkXGX1@cYHZ`Uv1KnBkH#-5C*WFXd#ao(W?|Z;?TaDtn|8F~WRz
zM95V#$?#gZ8Fg1qzOY<ST;>!;t;>Zar;u8E(i)LOfB=8}<<uJbf?l<UTH=n|`8v(b
zLihK-veR-#3LmAt<z|y-$u2qymH7!CWeO)sXUk0kCfqxrEZh2!DlWC4B%4vp(67hP
zi>N4r!?<85368B$?|3Fdy@_}`C--{|uVu!g4T#KINpq|Fb`vOO0bo57?BtxD@Nj3K
zp7UKFs5kp;=)2rgAe+Yh8V?VK{!*S}N1t-_wfhrI@KyMLk@pbZof>7PciU#JnAB=_
zG3Ao94UN~^Zy+kSfdWj(H>l@R6M=&ma%52|k{AE=VUfkJZ@~j~+ruQAbn(h}AjW5S
z<wZ7+<G8;{%zgJLH4v&IC})n5U1#lW5FF@iQGcELeePirt$ZD8v$^ej=oRwK8$Nh(
zD(=ozbjT(o!7s+Lp&@|}jxw`v|G1VgS1R%K5|qKPqrP0h7nw_TUyClHfPRki{_4<f
zslr)A>JHvr1LMLbGAdp2e48xTozk9wX7+I9qEzFlJ1?S(!M6Q0a@Zn=GAf0-bE5JH
zH%{q2W319|4K1}|ojY3TcC)BtEe~I(ufLb8_BbkmT;IqqD`s-AQ=Vr<9oX-YCy<jw
zM~(jr!LmUmsrtAet*W7ZR-qiJ&Yq473anK<tsa&6-*L*LY)IoL)5hJVQULVMRsacL
znu&~9-I55QfUsUoexAh~#*Yk?+EK-HPROnBD4q7mPg`Y=&81i~+>Q!<c@j3qMiPj0
z7NpT|at!qE+&&+X_8q6L><QJ=VpC=u22KI!p!_;gB!z~FwVWX6?;tH-!ukcNI#m>;
z&VN~entQYtDj_z~JX^T)3Z{=O=RAQjJ1RM<J@VXokK6+ngc?=fq3~z14qRW@(Leca
zTX{AHu{9YwLdoug!TaBfVw@8;$2J<Klr&m)X?86{hSZZt4TDn?fm}um->|s*A&(x;
zD8AgEMNF%N*7j3thqMkYGy$$Cn}~g#`q@hs6WtlD^GLhAX{0ghGG6CMcKZGb@*U89
zJOdy9qZz$kugb~K$^wioqy|oT(!Nr^UPC5(XhuDRk4iQN+{;i9a6F33bVFOV6d0k#
ze~0}QQ+Q$t0jWbZBw3^7f1k0;fl}<f5iOT60Dmc29T`R%_WbD!Em2To@Uv6u8#%ze
zJ<x>Q6w$x!>Ag@}oUrt{RMYtW>rHCnKt>PC`GP;ATwi?qdXqs74-85)kuMy^N)Y9~
z2cAte>4$B7?65_B|1Fc_&f1Z9!z9~|mT0Fu(guH5z~2-!7z;|LVkh2bQ>+D)yII^1
zKYKbYBfHU0Z>h(zlV6GfbYrj=r6C)kXP4A>>$B+2N83Pqmja>gQ@4&VqjWmvlCIyE
z8aJK3=M7Uyqdm}===)`$vD3WX{6;vPDwm*?YV!3E<Zg$CJ)1cPPBK?xw!s$)a_|r$
zQY-VO%M^7LM?X~AB<HVdU1!B4%qFW-Xv!c=x(wnbv!!h!fnrrAZOjIk&tJ2v&<o%s
z@qlOe;4!vY$;vPsS$#gJ!K)?o<@P>EQ^}HvMCAxEMAW20`)2d?OyZ`mrEQpYHB@{-
zc#98RfP(GlwyM4`+-$Jj!S68c9DM`lvAhB6Lv4?oB*+55=6B@xE=`#QKd0hPimy5)
z4_ItLNMOH4&BqNWO7(F&&?RpZ(B-1;b61GQ%?GbGn+$tl8+NkI$pUgWjvkj%UWMOo
z!bJ#G`aXB&FEr)w!Gm<ZY@<qiXb4@VqsbRxMSV8g^r`5^kkEL&NqC&DKdOIuBHki`
z$JQ2|4qwIMytdNwi_+hB<snHwMOsDlV_ABiu2an5*oy<dN119o221aQT8?&f8}04?
zf5q+p*2)APw=(JzUj2>5R2~xap##N=Asi`kvG)u2ZesLy2T=ZWT6MfHE2f2`yh^y+
z%oS)CV|f=m7)%yKU1y*r(RUvBvt?vsbR6~{fggpWcapwDpCsMN_VB%=VBH3E729`7
z=SX3Bu!@$%le@PA4Uxq^-uekHm-@iH`XZq&y$t=bXK@;a+PcjAB`O>63ud1K&M)Ig
z*opT$0+B>tKiCoo($VtPdfb$T*1Mznz-nCcX%;jfz`U*_-Ca3ZDq(&$wmn?@U+U)|
zYdxLLnQh~VN}h8`jV_6%qRtJ|nU&4XEEn*^*qdZ+@TFiLJJy~5cj4c=q<t=l>Z#A1
z!^51OodJz=Dozf$=bfCfE1}zpIp2D6O9c7DU5KKAMd=a$w(tSOukw(wqcsbL5Y1o6
zVGMdQGqm0jiZY#Xra0`VndQ?LEbLC7!e*t=tYS6~^@2hMkKoNrc3w$QSwA8gP~eEs
z0E)L}?5ALVQc&h&Ew9w#&Nvf(GRmJSnFN8s8cxI4!-dXjglOul8e$m9+`txOwEW?j
zJo?*B6PSU@BlYmz<B^u->l65RGGGQpd2R0G8|^UwrsylDJ)@9K=wz%#4L@z&qW?Yo
z+*3}i5{v-MG#T}SEVC(QgSzFCZi9;K*M4#7$0#O{4Q=P8n3|mr7PUmb)lU}ZX0+;Q
z3AFH=R6^J@dj4ty^y-{6V-@uAVkirS#?n?52dtJ)Vs>jb`{vI65*iR)b1=xUHZ&6N
zUuK*v&APLT4Um(a6FCG)+*wb*Z~BOiV&0_!2$P7f+`%b15hQ0n2&+Bv)?KalQTJ82
zk7g%uXkt4Et3!zL(9oD<iFYzZHrdPeu2;G!N@3c$;S9D8UTJFzbs>L{&!(h)F>zA_
zCMm*%eK|Daoi<=6ZGq+_A29Y^<<aRLsar~*p?O|npoEh~rwdCyiURgM_|&7{=%yFj
zJhFS1M;bW`{^r5oJoq~w{?3mYNQ9`(siuvBBR)RJP8;x#@i$v{+UU@Udj}1G?8Wp&
z6ZHl6pn>1_&}D03m;yV;{1*&+phq5jlr~Qi$UcM4L~u3yUtMM*yZ-@T)tu9`bFfY6
z%0q0lGgk=ZB_ywhkOk?&2WQ4ZUEtm2Gk|5^Ofw7Z_VG}?xbHoHWO+TIAcOgUL%~&0
z!1x%b&BfKuCSz1ya;w@{z~Uq3*{GnM_U%_HNWD@)=9LPvuT&shsbKt-3Z`DEU^*5E
za^5U>wVo{m{>+1)>!Lq}`M|EMWj|q~HPRZF7nAtHyGxm0SVFH4Zh^ODOpP)h7^fFa
zBtUkag$43_;GJGIk;L2mL3(4bPcwuizoI6k1TPf$EEjeFe9QFVTn$6f`{tlieN^_g
z{&wZX>*-z=v84P)>-<2Kjo(;o$U&Ev&+KcmVudI_cG>slpZebRW8Xu$`6tTrf1*75
z$H!;=sqrQMMEl%Nl-pzF%Bw`ha?6)AVnmjCy@c{oT>!X-{=a9c99)Xfyg>eUKV4sF
zRbTIahG4Pw#rf=LbDu1VfLAVG_Y>tYdBrZsqqAW^G~*>Dh^By29a(_@1#9&Jvrzya
zji0LbAuK7?3+y{)#-B&PTIwqFW_Bc@#RNAUT}4=LoERVuF*29mpQy6jw_HhOw<i9V
zj)-r<U03i0f1p$27v!n=TYOgL^h7U)j^l{^{EFnH?&PpE$41HHYSpu2Nu4zmeirS&
z4!ECV^a9=g={FzhPGJlp_`{c=zA_kv=Q*}O!WgBs_YWHz9s)r0Te(-U`BLxS5f4+X
z9#_bU(hJ=Q)Pd<SuIea_8+F8AVzwVPrUOq{O!S28dKL}Pe=khmE6uZcbnUqBVUI%B
z#H!WnsK#%4g~zgdl57>M^mb7vk95={_fEn4;NN<rK3*v+h0+A#qG<g{&0DSh@p<F?
z_GQCzPkkZP6#lJOx<!<Ri}0*9GexdC@A=p{PpSs_IU8wt*~qn{OrfSeG{|hyFyJgI
zKFgWE8)+il8Q%iX2?1CJT!Q@SD?nb5um40wjo=agHCliOnQ8ta26NwBW2V=6X@ySG
zieqR+QO>oa_dic6p=z~3B%r6@^9IRqaq)FSM_cv7fe7JTdm!O4xjhKuAzQ_uOZ$*|
zd0&TX(hG5Ly{~_4aemthu4?3Q3u%DLN7@L&17f3iN|bL`pHGFUkF;ZAJHey)X<9in
z>fc-!zC-t)Vzcch8gM=4ksmPWaJ>P88fj#OfXQojL@-29e^DBuK+{?>Q_It3Hi{D#
z#qYulGpV`WgTI<7-d~EjoRk$N8uGZ*La#C++CSjs3VkF0K$aWW%d!P^*AD)-ubI$p
zZT3yZM6aQDO-wb7tFW7_{`Fk1;=28TVl!TpnYM#{=r1=ay@_4`yOEz>S%SMukScVK
z;h3Hq>n$MX^js?lxge_YzK7u7tNoABr@k`gLw#1A9Bpk?Nq9ZN4=|;-oMROv4eGst
zU3V7bF}Co_QU74z^LAsG&@=f;>+~^HOl%Ij2ONGw@4*@P-lEo!XxG$Hkjmz59}!9U
zPJq?T*p1i4SC$Yk*pHV>w6y4tS4y<r(I2mtXngd?OC@v_O_VettwgIsK|tx0N`A1S
zq@t?2R*(*8U$y#OLi^CezyE_EozqHNjK)@#Xy`q#f)QN|kcFnpMad@L1A;O)QwS`C
z#}R_EFjGC?p^bElAP*Acg(kIx{l1o&92VNu_3TBW?6%#OV`Hpx^n8^UW`?)M-)Eki
z8U9n8y-$c!crk4kOWw8(eGKHq0MrfS;3Q32At}s6Oh!C7BYu0F%mY*HMC+FlC;QxV
zlbn+(xmUvpLJr&uS0Lr_7a&4M04pSSfqKh05VXcj#p|)<E;(mb-8tpy7ME1-l=kZP
zDP59E_ga)^IYFK<-7Q^mr?oiKKGtM|Z<2G;<>z{$ja%tf6N)%xv(L;|WYi9G7d$gA
z1SHVH2Qf^XQ+~$E@5LKIYi83t$TTQ$WiI`)B#cmfQrHAo%PKJ2A!-q*922Kx2W$Bd
z#*NQWti5xT!C7v{MSet?Q`+g0s@zz$-%_8&$$x@Q-3y(8Gn~uu#A<%|6!L3PZ*#BC
zs1;;yKHX}u<OqVpHurC>2NWGmo=tl!66aqD!`G0h4-B8R9Pe%LHIdGJX5vlrV_iX9
z>lEqSg?{bpN_6-#jhv1LE_vZ<w{+I)XyF4GzF!^#(yRs6HWOo@v~XzI?sQ(h+sf~e
zDg|yoa|ZwztdO}-C12rEW^sIQ1KB}B<8@PG@G%1MbUQHt)8NOZ<aZdI?jR^6`yrq3
z+<f!`2-Z;M=bXGTO1H&=^gzC#xb_2-OT%^;H`EZ62`V2<AX~<ra7K6n)tn$5R1b_K
z^gagP6bSMI`O&i=)(32t0ywa)p>N#<LSViPIwUg-s;+UUqgaw_%wCC;m8~`OdMWua
z3pNpBDtT9E2X*|C-K*UhIRAV&4dU+ajsxf;%6JZ(&5?aS066^x>Hr$y{QI%NZ;;7Q
z7IBzjEr9V7<vF<0qWpL|ItjQ7d|TVLf#^x?oO09IvI(KIY#<sfrHiO;LV4U##|Qeb
zSK7Qt)c+1GW@+_0VvPrp$CwENAjW+d!|Z`mY44_@-^XPrk`2)Bc3vKBrBJT`b2Gv_
z{1M2jQn_mDPEbdJpmlCy`2b;K=WFj#I3Q~Z#jQv<keg~!n{K7B08i&eFZEB>9|ObR
z4jKsjU@oHUur3UN$J4LdyO<2&Ov@w(6+n@4H&P>$X2XR{h&+-C9rslqNhQ@-Co{XW
z8(P*JjeVjk_C<Lu@~ztJ<~UVl9KOgo^V!w80zSAef&2;)HAU%N+J($p(Tm<AC5QuK
z6zgI^nOFkodNACD>6gPjiRWNjVi@7;8BR@c5wcbxvWhZmO{Ugj3aNWZOQ;V;8`G>O
zO9>2L7Qh9v*YN)slJy9#NhUCr;m+{$cKVrSC;VO^$la}vpz#J5sX&zct6`99L6mKI
zI2ASDK(yWK!;j!NDQ4B1NJs+Z9IRbG_|Ey*=QTW;!NlD2<bpP21AM63Z`EB|Qt`-A
zCd0vy(1b0*{(x5DT<xwrOqbl(gLM27_0^a(_jOcrTQD{6b2d?N+3V4DPEhbh;(0;w
zuT|@_A`!eN2_pd(8n}=Ifc7Qkf&}BkvGXC!)UzFj1t@b9G>wny8!7sT{z?eZ{mF-8
z7S4o+X)N|FDvybm@bk6E#63SL-Y|fPE@9dmrl*?96F!=*$9pKFh>P*i!JBkMI`q5q
z7IG_vv+7c6Of0Cfm{|JBoIKUCIOddHVbST1OlPI2;PrAkKr?o4LGzVIaV4pkq`N%Z
z#*C-XGKTGA6v@-5(^HI1RP_FJ>^@pa=L9zS8!2hwcpIv3YD<sv!RxHBil;l|H*$C=
zndV&^zR{ph`3=dw?g6bsegikRGn(P~LeXvu?)IM)lo9_IW(_oJGE1fhjhWtjb@N+h
zU_a3-8;&^O%EMhLj%zWO-#CC@S;`l}dGa}5Xb)EUHHyq}5(?AWnpY12w)}kas)sM?
zmV!|bc~9V*nqVa#>_taW!ndC80HVVfT37Byw>>aDS;6>-z!&wv5eR_@$1f}4$d4SD
zG^rxoLmzK;e#-zl?)k!6fjiF^ro+MS{|=)+;<^?8l8w1cSaOn$xemDR_QrfMZp?Z5
zm<O9+1Rd}W0<7Q3njoCIPZH@Ep5Z}9!y38Mi<D{$_Gy6t9Agm=P&<v8kojdOK9w;X
z+sur#$6+;W>ezJVY<Pgv5zug!3*^k_wC8D$C1?-eeZ5KRiB`x!E7D4Zz-gcnz&%c|
zkCv?GsWffBU`cov>tZryigpc~>~(y>?SZZTXLt$>|7MXv!~gIAlB5k+F&h2?{d)T<
zI^ykkylQVDej5aQ6#l?Kk%0KK7NNC$K8K9q*5s(j#S5|@h*=}z{-Y0~WY)K38i+}h
zUMy5uW*XqXp)8vlfFYrY>jse(Uit>&vT6OvbOjHe(s7rQhjbe+e%(x=(++DEvJuo!
zbSGi^#Cx1$Cy1VjdV?S%%&(`!Q!z6AR6~?Zt9_4MfYvJ_+8eb|YJGTNlv@9G8qU6=
zqfV_C)6dNvquhwy<jaHeZ(;QOqY4{4>gON*`m0eL!#dtmN7n~@H@3s<pd-Mlo5)OV
zr<BbEccLp=9g7HShdBeoXL&BW2)!58o73pJcmeYmvGbuqoLjlmP9HrI$8WavPa@Yp
zWL$`xfiS?%$5p6KmK4TQ5I^XWlxalbUrNHmrlAv$QF`zxk+Fs!G1l;i?`ozeKgcBc
zgF0s+$O<)W+**f`@~(s@-na$u(F+@pRYKl`jtZ$9WDND{w-b?60`{m~7sOj{Pqrm<
zdqMmPUjzKi6$u?5x*o6hF}v+avfCcNAMX?#fzFdz=WBf(x0?p6H>tZm1AI^xuGq4+
zY`LjuJidDAS2&hXcHB|#OQPDyZ_s;ubq%^5bYAsrs>vbr<byM<rkMZZ^>g9%3>o{B
z$hDsj_OK#ZdkZHY?v8PS3U0K<^lSANrh!0|cxM>XuL17c@-qkM&hC8BMat}Q=T@^F
zuTLU<P)|OKJ1~!%xnhjs8hiti!LL1aKeTu29($!YPCwJ{MW0LDGI}I*7r_72vt9Lz
z$g(NsN)X7r(Qike>H{iXj!o8P#V=tucJ=JdFD^s~Vbnjslm4l^0T*e8lrFC#k+jm6
zECjY8Hgf0}5@I%w*5+7Q50TT_<5SMXNGln@3eoKc)qkgPBXs~e#LUH?xr|5I1jn<B
zFI<ZTcJ+EM+4DV1c9P2?k`0UskE}-!BMi#h@EdjJn~Cr)hnR?ol*6_<DxcHFQYZd~
zZs=iHI4OjTtU3bTU<{j^qS*YO9+nuKpMb$!=Y_yq_@@TCCQo|Ku_?kX!^o@1i4^8N
z6C>Gdppkt^Zc>qQQ~xKPGO2%`Z#J<l_Fvu)h`N31b~(N<DeF!?Xob}Y7K_peKJ*s)
z?Uh+ma-3zZ6wc(#UjYB|!4r5L5pN1n7D<@ah5zM)ESf8mS><ia!S)M;+yc6?i}&Mv
zuS13Tj6KU|rZI}|pf;S<xv$lnNsp^m!UvzDtl!&k+d`-RBFS<C{*t>No{I-+qBI`%
z9Y$73g!2=Q8X*-QrSa*PVJB0V0NQsoo8pYx-Eb#MMD}#kA;a)Zhb~0Pp;V#WiQ!lo
z9^LTgL=;tse-+AUgOh@HIy$!IFXl{M-rcON!$aUme0erCp{s2|sib_*OO1_WDJGVW
zAHonE0(l12wDM($ae`VU#!XofEcSI}0YQOn84+P%^lNhGOYU1tWoA=ox34!L7m_G`
zsD8Wl>XvA{HNMcAl9dCp4SIp~jK0VA=mKXnkHSKBlj9)y6uy;7y3<-9jkrwVUa|YA
zWt=Cs%p)(@h4p=dqR_@Dw$fMXRc8#Y`}da^MgEsJ7xq)hIC=JG$;{JGrslO-Bqijf
zVtNNyPdPi;VDRNxc8|Ob&qh@~4YJZON|}m&<NS!jUhZNz*%%Mz$_R66-#ZvR5m74;
zB;MtS{~M3gqRm5@UVg%^H;tNjh7u_M8lBu6>m-U8z<+-t@*}DQ?&EN`j9O3NdrmDH
z!nzS0$LDkd(bx~NN`v-1b0IlTabPu#Fk9ZnS|Mk2^^gzU54R<=bC|Y|GL>`6*8&)<
z%F;+nOG{nlFZcJ&hyQ%4R4U3FQe&T&oVNcpAE3m$N<GRHv&g#|O~szTaf^5xH91CE
zF!WA=JFf2QVK94oFMM!6B?(|$g)%==kiJwOLq9A=d<1C+8UHbu({ZAWrRwO37SmXz
z(;%pVjWZYVed?fz=n-1NxC6a;yvgU4M9fV-8{?b1QfzX<b#qXwFQ%kAS)^ao@VHXa
zqgsOQ#+EdWZu%8F=t%&icj}9S@W|i6_K^-3XyNMCpCZrGK^%4yAN=MLg>W!F-`~q@
ze5O@UQH|zpV4L1e%;)eS_oU*{OFU?o2<*uvJMme&=6fpc5m$V^C06|5St_o(J63#C
zT=AxADn1-n{9#=2ofoNib6oLv&9UOtAE@{bam91vzRvt1-rr>s(+C=uL@C{XN4ltA
zEGf`AJ+>g|LBSSII_}(ti>eNPhH-W1r@Gs?M2GQLDO|e|9zif7?;u6jV<&81i%i*?
zK6(_Za-WSFcSb%VWh6$$cFOZ?q1r_Y=#rc$)dO#KnV-BzUQBf4JJ^^RN5a>8WY_Uz
z;^_VT(EHAldlYERajNqRd7Le@d+|{npVj?9cEWp&d-iSJEDgH})kRV0Pf%T>T|s{S
zr_|}!>t|QF?@>Ic(x1k~5c&|Ci%dbQP-3t-YW|&2VtCsTZxbM+TRR>%&(8MlJmNq;
zzbSU-@vNz}1CaqR^`$(W0oN~<(XBG+tJrli0Gdnsn&5JUJ7v|^6SOeMO-E{3eRtml
z+CNvz6KtW%MY$~8PcLWSTh0#>>|t#*NqY;6)d0|z@EJjVjzIAhoDJyycKvAC71rUk
z2hRp??%C1uf-qIuOy2!5cp-9y_Zrj)rbO3RUI5bhZ8ToOq#1(Tt*@PMt?f0bOynPi
zb$5<K8JY;BZ*UQFN(~Hu=c%Z)*mE4pd&7I^(qaet*}n&Qm{{S5+`Vxu{5!^`jNn4M
zrG)R{mv3ySQtEyJp8NxZ@`NwO8cNlBo-%~WlCjuMLJuZXen7wKx|`bGZZhz0Sa}Z9
zMd`7c=yd%A1IpB96sy}T7b6D9|4Ckjt!~zY66j`4h-uvQi^KH;NNE<L_{z)bIFsq}
zyIktWw-~<VzzaXe#b2Uw%1Oh&y2iSSUsXDMmGzphoYJR!=+@3AQ+X%_d3xN{m={G|
zZZ}7RmylzClmh}prkgLkC{tB;sMam{dwR;<L@=C^8<32~<&oTWr##Av#-icaCcpd~
z###*3I^`)gcIBMk<CMpBb4rs^;aw+wH=0C5uF)e+N{1JAr{tZgzX~*%;cX_rYy*nA
z@|2#Ef+97RYUq+YbA_|qolX2pxm(cxjyKU3`s;J}BTs)hUl)3PS9z3e`NTNj0YX?L
zDxvh4E)fxP<hN1PA-ZuZtB^DBC>uyx2TE~rAc!6bABw4_fXeBY+(N}t!k<M97rYg)
zSv$#8pgkkZg<vpms5yO3IB3H?4f!Ordr`WF+v`aHXF!<0`-Bf}zY6#9X^O9RN^NX_
zy_s7f1R5g#!!cpb>N^?(shltXy42=IqWqq|s<^_ifNZ_uSC%bwW=18fEx+6gBcF-G
znlv2%I*Skfop`58KKMANLv2(F9~_Aq(h8U%3F<6tCzSMtMw9sp07nQ>U8<DnFVIft
zMNq7}=*m@zYGs0N8*M>1()0gJ#VBi8MD?f#=rYC6AWvc&LC(2l&h;-LFhnI~7e%0W
zQ1>?-VU-8M5cf*OB3F;sm0rSaeU{75N{9U$!c{Cx&(3cd&j%5@@Z>2%!1!(X^Es1;
zcb)f0gF6U;5*x;v5FKCh!F$=#`2RwUL$l$xWBxvXq%e7k6+n5a2>=;@uIQ|9*R6M5
zbR<+i*?B>avjqIN+NX=z#5NetuY|bK4L$Ya>(42P<Qdb5n^UJL+B_q|c1A4>_Z~hp
z4r=GmH+%RHMr7s-=UcM#BQu=*%3}EY7{4-P#qAp`_TQYp4IfSZ>!IK&-?i|s-`B+{
zU2+D#IquBAG?foosD(T$tVt#xT#`tulfegfv!_9P=!PVa#pfps<b%Jl;TW|2Eyj2v
z+U@W;8K(spvF4<M*A&B{5lt~1V)&zNYbMgd2VccZJMyShzJkC8H19COxPJN@QF^zE
zE{naz5RPv4$RS*7uk;CsX843FR8E((7+15cp4{>`Sm~2B^d&{{4Y7Mrbal?10qt0I
z5MX{EvhXao5glgEKLk>_TLGDJEp($z9%17vkYKDT4#IbZRzyu~CF6*wJYz*tJ`~=C
z`?wrceBcc$0(`+PJQIAA)lIX^CUou=xE)Tphf^MD6}W@Yn7?x7iqX>R&2(Fp?vzE$
zeCR>qzuA>pj)okdIdbS?9(ySSXbm{FC=Ryh%Wr^x1KVgxypjeY3A>I*YXQ`%ita_M
zYs9rQF<D<FcMF;_S4{huD_3WBjK4!CvK8TjLz`nCDy-x!cG+;7jUclRmK_5Sm52Tn
zy{zF)24JplAy`1;C89DIBqMiEU|KQK3P^jRv;kw|No+y!3WrQE%-D^%g0eN**!Lzy
zK_pvOBc2ErLMwT^jo%Y!1lW`YD}8-2EdYEM!kaQ-ASPL#n^+19H0;Uatx(gi1xh%e
zkN!W(G|(72!T5Dtp^JDWZ{Z)SOI}0U3RQ-;TF@C_m7RVA9j#7`$DI8%x&jzoiC|H1
zbS^m!9UG)G@;3ZNw7kn;v4N0PM@78bxdB&0w9x%kH~Q{vV3$STMm3mIN59ZT3;wdw
z^ks$J#RU27F`JGK0qO<N2z7S>njIhxn^a&2=UBt=<Tct(Sn6Q68|7^}imWHF5<uWP
z1STJvLEF_m6)4*rXJFwhK<-J?`Orp0b7ibuaO@G3(e`Zq<uc4J_;N|MZ7(03o`6hm
zBEM`3JV@mkwI$VNrPDTs6g6m7@&H0O>Mo4npR$@S<nW8FiSxd5l=$q@UI34r^-o8I
zQ_3owS0fsC_}18&gfB{ApaMWrZEEj+2#%bo8I@AGv#!Ri2rW`Q2G@4hol~CWTvDl2
zpVsI~D|Sl7Vf)M#BNQvA40bpU@FU8k5~;$YSeMD^K<rP-6H+~aU3RB3u^ZhBat(V6
zS4Oh?Ujg{y06fw$SP~k8^k}wM@=piuWEPu{TYyT%RLMPFd$7(puZbR@+niKvPy{}h
z4Wv>1^NhAsf!_mQt<-5lnf5h^v@4`a9fN<x>@$eLgzf(Cw4p>!p*`kD)P{QLlq>M8
z4XKvqrW=8#j3X2dL#GTnNze&|Hl=}xaB6Fktjz{`fjjViYy1w>cOSWmtSZ%(z?=fV
zf#=Yd9HFQ-t(h(ev7G{+zi+v0r*tZa?Go)s6CP~|aB9EYKxY^q`UG{s>>T4mg=RdK
zB2V$bV)o?cgR9xod?3l}X)3E%RNnh_lXhc0wRi^~ayH;oBD6BpXxnFrYx@C<(YD88
zv^~UPwEatq(e{1Ow#({hJ>i^$=8;C>37s&Q54~GwboG}yy{miUyBZPgs(-Yr>!MvH
zM!TxUh)&<3_VNBYIuVFcD^FX2oNgkbJKYw(EpQ1=80iQil2`6`92p1?Mp;M2&nZDF
z6{WKt?x;EmdUeW)PWeF~9sI}4mv93%<CJ!xBZG9>%YCo*hiW26&4=I8=?hvGZgYaL
z$Z4xDU2!1kMm|p%PZ^E`M}(vK=;6ypQ|^q82K9&SjpR*dY$ShU%el~4PPE8GmlH!b
zvgPc>8Oxc#8OwRjWGv@elL5I-wRp71gP-U3I;FwC#b_apih0%ADwrKw!uOshm72kq
zb^Jx5NvpnK#LK))+H&%%b~5iaCT0=ewi4PXlDEEQ(%$$1p3V<~eplkt)S>Y7JU%_$
z=OvStk59rWs5cj$)UVQLiyUsXku@KKf19_xoAhbKP2!xkztL#0?+?Zhei7}iOLQ<v
z(ZMudj6_IW<b%WXDbGs;hOX&+e6RX;)x@UD-dYQ^P7Ow{?_V@}ee0sp>uVQ{UVnGd
z=ymzUXgfelwA<@j{alN|@Ej|l-b47s3ETyf@JYp|G5FNC5K5i+wESM^Z74j!UKAN5
zXfL|?&@V62UUc%IYw0Oz0w3y3PqvA`|6U~iw*&IOPU!+4oJ`vom}6jq&r?*WON02}
z3+xHDdF2KCv?FZt3VON<@UQ5Cj+OVv(<)b#R;5R2RqrURvPEfCN4(QWn|$sCgPx3J
z?!`0*82JO#RU(Xh0zD<c$UPTm<hJO@@3qE8{)5FB`HL1~<UQ%r4lweo*&JYuR%7H3
z#*?Q}QSvk>N}l>e$<tL)@`O<>*~qt^r=|D$A2){l&UqR#?mBu(GWiAS39olYdnz*-
zJ^j;U^z??w=qW$Cb5AxIJ>3JXfe<o=bvT|6{rUpFfKFjehOkaSM!L=DG?O}A5$n{y
zkc6QpNEmtmJM#5qoh*rVa^@U$a`K#kf=8oImFEm(tT<;NW6?PS89zK{AmcmHdTXQg
zUWwLwAzE)~wB`BHFP@BkF(dlLebFz*pCjlE<U=FR85o##PKV=+c)I9~(nUv<F7}Pm
z#s7`2ZUJsJqKg-6sBOTO(=|rhRW*9sRq>G99fjP6DCGX6L(VsqwVNJo_jT5;$^R_M
zrH>n+m`b1!2o#z0Wh(o!w$b?Vks5=nOpQK`jXt?*3{rDvjX`SCYYb9zbB#f2de;y@
zyGN^E6|K%itJhT<)z4HL^}eY#>U~jd)Y})Wx2xI!-bd92@cvP40PpQ;19)qy4dA_8
zO`8yaCsiApaB=m21H6wL46Gf>+6Lg=9&P)k>i-mYbE54YKTGZYY~VQ>4B)+W)>xm{
zqEEj&YXEQgS!0zKo;6l^&RJuXA3JNT@<V3{cvH_BOFZ_hvBa*k#uDFo)>z{7XuX@G
z^?FC^T@$TmV+NkRnK2v8h;L&ym=826em}1GU|jKOEoxU~@%||)oo4T~DKbgOJtQb2
z`jK`UE&R^OF~ykS6m*z$t|xUp*}vgDI1OW>v=~tV^A`eZRWxAsQ@Ib%ezgCVImm)!
z+a8|%*u#R9K2sXssVI3R3kcfdgkcF`!h&p)O7r*Tud_R)Yx&SFWXwSZ)<t&R-a@y*
zG0x`-7_GYUPL7$nJDQ_~MHntsRNkU+0CRe7!gwe8eLlW$6~3iAg@t=+T>_WvyO#3y
zVZ;T#uv?1p+J7d$@g_d_CUk<#*XtbFv?r!;9+)i`tn~NR@YY@IzVZ%^FYJm{HK<za
z8V@a>F0(*46F63QzSfloFMCAqA4C0UZ`JtaP*hT5ePs^x;Ooa1HrBf4;}EreX6C<c
ze87T2qO{5vqW|M5K~C6oM=Fb&%HovB39sS{OvP?7GedpZWZjlSagr!Vzz6tBre{&U
zUV$$}Mc_s&*6Z{z0wTJOllKa1^bx($<sHb~pu72A^qLrQVJiA?zl%MOQL?TRC8a09
zX;m@`pC#W}J=_oIxRHAY2EW<H`lCXOrXy2rkWqoT{#=yys98`A?e*-f4Yf*4WkADV
zX-X5055Yh)eT#=sC@tUJ&e|k9AEdPFz%8bIPJv7U+X#X9P|oF1UgP5x#ZX7Rs|Wcr
z_}_1fZ8v8Uw)qc)SL*vLqf)yO@B4U_Ze5B@<kWS0%@iEg8WYWJ6}q^4mNZhCz9{^N
zLwG%n1G(dnzC!BbO*$f@!qVf|1xvaX+hJ>@FAxCAM!%?WKD3qei{1APM!+Y`pMn<f
zQq2!#`HdaRP&mPK$z>zCj@nT@RNf#_>1Ps3suB>W^6)J9My<Z2_q~gToNx<G;P$D|
zthVd_WA9zSn<%sY@k}p}YGHyDsDfHFLL;KBg4<#X2_!hdDWVI4E316Bh`7rtY67TS
zib;Sm1iGv4;;t9mU9YRcx{8PbEzqV#g;MTRp&*x;hC;dZ-sXSKd1sPITU@{Xzu)Ki
z{hsH?^U%!9JM&)8d){;2^Lfufc?u&!*)~qc{q3)zV)qWCND&5j?TfUArG^azK07#=
zlmzVUPLB7&@?ZBFIy;3@okGy&!!X(%Efy_`Q)<H_8Uc-RF7OL|X@nq|Rdj)WGI`_-
zeoxs2eo^vB!4ouz*=OB~Qjh6+e{Y)@5~u|!;Izq;8#ggxr(1gmn$QMts-5mFy6r(w
z+di&4uq*KZXC<il#7O&8xCg_$yTV)UdSpfvk3B+=D%=YY!$9@~X$xJh6T*<>0zSAO
z-p6pN96EY1zzq+12+}@8)xaz6S|PhZkj_6n%3JRKmmu}|EtHa3>B)WYmzv?vNELg@
zzzl!Qx2LOy1HrS+1cg7eRgi+AR|RSKZSbjJX_xzHc=NkyE40tMw?`Y}y@Q?&zh_dq
z!L}Yp?F(k@JSCg1H?ZM1(JK>-WY>XpX6fzGb>_?Oqw5SoaRa$Cb;;u4Xfh%-qVX2K
znZ$yG%){_686skZUFHcGM?=8CzgeOrnysS$Q!|+W&G%zuji6ns_EaZ8@-$aZj5%nP
zue?8w+=JuEtjt<ZbsQv4clAPd@dzxHL-)mz7aK^&WDI0DlO+?<=9~NQbCz7`sWw9L
zES8KWHu<Cb7-J+CkrT~R<k#>4#<#}c9#h5z#OyeM`&#5e0{6YZ)d+!{IQhT@j_pQo
zW!p0%MN9Ql>w>^D<hhygh7BWVj*@r3cR`667qH)jj(N>lDh^S8u-E!9M)pMrR|#&a
zy3EsYqxe<47R@t#<-G6rcs<cP3#rmZE1imAtk0~K*Y;XZ;Vv>ne>$FNy_xV03uu?W
z4`QPp>&5(T*8+{tOBSWtJpb?Ul#BbI-)pWgu&}(}(gbi}3+9_A$X`0*F`$H9I!ZHX
z@v#p+2!|IRoixc{*wxJKlD02CddD63{F`sW;o{~vZo9OrxG90#zW5jq5(3^Bxm~+Y
z3i<T{zoryAtOQNl^54&M5gTv+IDL_Vlqx%*R6Mh)#=rOm>*TAoNt29DHTVth-OfPq
zsjx1jiqh{>Mfw=Cu}deA)fm)F_?L_Lbw!pEe%TJRkTvYdtg=hf%~SHERxy6MSqSyj
z#V@MmD30rg*c-FVQ`~1TsJK95I>B|cFc12&3LU_}x-BodSA#@&iF`0-IFK*}8U`Ad
zlo)UX4L;!_yk=&|C2WM3=$7yiJ3-0I%Wic__U}{qB^b{a5vyT2$gdA0pdQlrrO)9`
z=%lb_=c-cibV2*~Y0S(d17Db@I~wo6DAq^h(U&;n81uxK2sZ*uxFUl_NLG1I&-G#D
zoi?5P_$jL_rQa%lis{eArmxkdzl`bQ_319Nl_fqR&&9->aNCv5zIZ&V{PGrMAT4Pk
z2EgLjXj%yGpIM}2s89{>MGgV+1DO?1=Wk~sIeJ0fE}%80p31!Tqkes$O1F%};N$C=
z$EtEiX61}Rew_(Lr-XZquAZKn3>z9+ny+y1V~A}F*|Ph42Q2LKY=LJvAwMj)o>j@T
z$Tg9jOCA1TKRkkR3Qg!%gFj`36TKwi2^4g!m3`Kg&adl7;@Lf1g8K+ud6W!KQ_|cc
z_=0Vj$w>vBbsw;mG9FG&WVAS+p5g>&eiQOWqr8X}j(uo!?S=LQ4Ua$bBziK8cWr@I
z2K)8_K61+-1<yurMvwWS(hmOcbkT0p1Pla&qBM30P>g~7(48QS<kxk7Z!_;b2KPCS
z@Lt>|&$*SExncbbT}Sy@z4fkv)`E7cws+ZntLiV51lc>_!6WWNLN>^i2YBzFNGHUX
z_n?eai>aHj60UpMmn8=61%itCIf6(?HJ)QFh_SZUIQ=FdXkR5fR6Ix93P!*~JfNPY
z(XfhlDUGKZ2-4O3y4f5a==I*m3cuBTlQNcz__vEx6H330qXzNbL25nS)f*Ftn8$FK
zp%f>{o-$*>^PGWq$jYyg7PF7AbH|$8SIhi`p(pCV^Z1oh%Hr2O!&&P~H#0{QK%nTe
zjtz=a`VQ0wm#RMCOYYN<rzj<xd2fgY;;=}-MZ`72Vvfs@QSL)%j$|`)bl}8LfThH6
z=*?26AC^yGAWN=fUQQFtxLg@=PMKUYJm1E%GL=6>@VCfVkQYHIMnOt3!}9T8SK{)K
zV#alBT?T$@#QaUlL+#P?BNShSI!PHp)@<M{ElM^C#|^PrLYn+-9cN%=Q_j&myR(m#
zFdoT4n36J>Bsc2cM^JFs7)RZ!yxrc}zZOw6bAUiH;~P*be|OFOf$IkJiSRsgV{jzO
z?37VZn+RWeG8I-7*C4+G-6rtfS#)wSp7;KWE}(<+QSFq@%1Q8*;QyT|=Jj85>g)G#
z>g&&Q?Da!u>2)JTkw&B$`^0q*z5Wf$-SvBXbq%~qtUTI2Ck9rQ`=acR(a_~&^~xwS
z-vp=R=inpJ|0ucI7;J-~ruy6&r`G4jIJG{LR9$Zzd*6ufzo@>CJrwWijTLd?JA<$y
zzeT(REB{XfTApPl*BDTU+UWIKAHAdX(VBSX-SEU2&VU~n@q>>dAAD|5KX}`qez3>D
zKKK+qz>+_NU!|^Hw_YqrmHUxy)3J$Y-lNQf1U0i?Ca@+xb|%t9=yEa(s^7e;Rp4c<
z0yJ&ln>*ke9D^ZP0WmT!oLK&!+pzg=6DpH~Z2oSP)tB0czpst>CmeHDE7xM<-A0PY
zbv@Fq`bnBLC_S}7=@-X7`3yc$F1E9=O_c|=b=lv`v?AwdMJ`f(S-NYZ{mpxCp)%Ev
zp3w^ZFRjqusu6dsSg3)mpsd`FTe~c`PV2S9TCbf_hpp|jzTDT_bmcyzmFv{Xy<aW2
z3_enxBAI}V?=Q$mv%n<Z+DZe>2ClF*GH^Qjya5Mm3Fa`nHA0{DE!zAz-J;EpV+?#P
z{|eu=w`%q<|H4!`NG~lk$(z`PQT_}r6f5;V)aPA#4E1?~T^MDwwJBGI)%2xW`a&(;
zjp@%YGEJr0Ki;Y%J2aqEUks%Sj`xjL&($lpwW|FO^}0=~*C33H3-u!C@^{p$#LaHT
zZWw^wU_m)>Q3#rbASFG&Sd=QCYQ}sPndHOl!YJ>Bi_kYr{)hHAtM%X1OoYuS)!wR6
zD(mhPEN386XFn|GCW_BX^<3Jl)^lOA+JA1$e~*^`V_N<X>+_e|E|>r3HOOw-BKZ&2
z^1n{YzfVm5-L?GNn{@fVb=mwUWBxBh^A9#@<KLu>e^VrXq^Eb9G<tfiiOmQ`;BU4>
z2;4OY%SgpCZX$oK3Y4*^C5CT2(xle&fhLts5bhtUp!3JE4i5G5>qQjL78(t%5rSu=
z!8J^3*^HvRTyTQKKi7>IFxD8vZAODMB|(rTn4GjuPcW*YqZQ?lH1Z<}l^lbWyalD^
z@e0cPwMN0yR_Drb`lsGvM6~s3bp8|P-c6pEm_P96jq+P?5h{=H;pbE3mH6ZkweO){
zXBI(Gg?fKt8-f1Azx)#Qbwo!aL@hAUJWULIXs)BhaK1SWG@xXrmfT`?N_(8rej$+1
ze}+REW_AW#-P@hn7x@>q!3%koR_Cr(VQ~vT7#(cPGIRXWUI?kmHNk@~@sGfdJpf<-
zRS3*CbeDf~T-~e+bwjru(}yzcI_NAu5id%|<hUE?z=+@<hQ6%(=LJ$8By6jQ5);OR
zl=jPq2jV+h@BrO3RNhjZ*+Ewym}(-(FS1GINTmbK5@i?o28tQjes5sb&5h20ooh$$
z*B%5|;p=(QPMfDa2^JuDke6R-<2S9ZzW#NCCtUBcdD_|`A&%nutw42maT|s(S&u_H
z_X;7ugkM)+O?%zI1wG+A=UxSx2fyj_Y4CM+DKp1{5Vh8jMkf>N38IKDqtPjFe|X5R
zYg`7kBSpv32!d=6^dV|5G0dG7HeWLI$4EevptC9|YAJANs39Y<YkyER41Df;AGh9b
z_p}2CJCsPVfqCzzbOGG_1fH~G;bKzdOD8#svYN`TgIOa4hP4sVaABe0h|q9Y<jy#`
zRzVtT#41|SFbc#IaQ*o(vqv@wtN6|Bc79XAerTYbHMuV|c?LXNijAIO$7bWA2T#_v
zz!RruTb!~5W;Dh^jd%A~sts%(98_Z0Lr%}>xIBJyg4qeQ4*gz0{oYvbI*MMR8}FQZ
zP*_#49&_g0JD>;Gu7*qKMOQIOr0Jj$Bbg#>!s#ginNcu?R=7V`{iL>%uT~-v7;hH^
z@2$s~xp*6rycStkjTh_myX&05F>L+?ji|&~(IbErJ57-B)VA_9$vTFdB;NNfr|sN#
z^A@>lu|LxUDI>E8q}~hI);0sb!Uc1TCYo|1%4bmf&(+#%VGHc$bnF$5-ttT|Cx@{W
zxQDKkMC2Nlxj%!-a=o0B=JMqvxfbWl7X#xtev`~E1qIs>HkZuqPeewAC_Y*t-3C&v
z&#78E)bS}J9k)lS%JVy*!R~6HE)@R-B(Vw9a^9<u1D7Ivl!b{Iymw!mdfwcHgjg1*
z5#r0$>TLdu_JZ&O+{r@KH#KO$p$S?O*hVED%d~=;G25stBnLID$2XH{szaB*4l9Q;
zMgLaMF5a4pZ{1FBIT{rUyD(;k@r+5mavR*|q=7!!t`1+pLN0eBA~xLv1l$`zkt!?<
zgmHk*j1xRSQpwiO;;73-$*34%+*vC>KB8@~!y~4DL$mNl`FG?cNqcFv{w0nUdl(9A
z_Yz9sSV|o06(b2qPU##h1>O$z+L%bB1{I4}Fv2FkX)Kpr!W4IEiGsN8%YKwd+c4N{
z-Z!Z8i;-6M*oZNQDaIka?4@O(L$2{!u1U%voD1vbZ~;e!u*x2Ipu$$roHTc!(^Jd|
zfs_I(zX`bLx=fFpA*=!(J^|i<7v>znQA^*53{;^=a+j-jf-<jNtIDz;tBO&%w~Krd
zwB+tAROjWAyD7bBBiwGbO0#fvnF@p}l~CM1PjkF$l&6_<-G=M&rlTBjl5|>>vrAl~
z1plwmy_!q$_x3c$xhrT%?sraIl6%5MsFc>?_;bWJLWhwf;gBnjgYe<U^88R<W|8s~
z3SUxdW|eX;;ozR5buNQNs@_IEz$fC{G_9U9=@Q@Vm}t}`z8I6JG@*bbeM3x9IoV8`
zbPY`ixEmj*B(+_hIIg7bRuC<7xmT`WuWW7A`A1{t30e3r()iPHJA2xuy9d5*kQbIF
z7&hHIkm6WkAoVBU9wjCl>N7d~Iw462OiA*VyD}nn-(6_)C9|x%M<~0HU)RJ;tGBY9
zp)0-R?hwj_!36U(%sA*ExeLQiN5Z%RKlLaX1x-nF4^T)>w3Wl?PP-b<hYc{hw&3AA
z6L8_~7_(gjqA<x@>k-oLewS8Fr<7n0eMoX!5#!JNx_;hD*I>e+<31u+AxK*mAA`*6
zTt5hz6+&@MD*VuE?t>S$M$aEB<<rSoq<S7R>Kal;V3B`}6-vE|_U`fI-4Wh#N$y7r
z+A~6CC2hvZgV6-`9o0kh-<=`)?==ek$yv_gvR>0gHSoQ&xEybi)!_EqdqpDM7YhFC
zMgL<a(f=e!N^{dh|Dtq^^RrEqzAX$Ni}i=RzUUx3f&wIVQfV)~5RP$}YzRya+oVQM
z^QgHC1W$X|H5VjH0S~Pesb(sa=3KbJ)BqV=5dJCcS_{nLW%FuG-Cb=*yAtlJ-<UY?
z7wHD(_Yyttnk26o_Za1C_FV{r$j3a9fk?zVz3k(~+pwUh-(g)G4E1eT-)$6M7KD}c
zxRCIPLM{R)=EhyvDg?LS7YzrdOL6E*hS3RaPhki-0e86;;Swzb?^X}y-A(>k1gSe*
zBAgQs7X<H4QxntG-wgFPOZ~N~zk>QZLH(Vg{!UYWXR5!m)!%v4gs5L;UHjInNmj#z
zDbWLvi%+Ms6OU{9rW<re9XH<@F`)+fqA?P;9LR*akZz|lXWGxgjX&{u`0GiW34b{l
zby7{{l8(GW+hn+oHa8MLHsF}^FmH%s(0p<h=xOZEd)qj5Kl@^+EkX*XVEECs$w@l1
z7)(s=%iMqA5n)<Mk*WI=oBE{VeuP`f3<ncsxFMQ<>0u6P_dTV>@xG@~b{bj?w_GrB
zYae#{l8$12+($c#862)zWdGC$+xb_HS!9>dU4T<}N98FM7sAnAysOXbJ~7=_Fg((I
z<LS$%H4F48y3Hrusm}<kTH<Y3BMih|Kwp2+8-FT;iD~ehwyLED=miXmy-a1PR0knA
zmeE#lY^wUJlGRw1tj4NjHC837u_{@ORmp0sN>*c4vKp(B)mW9R#;RmBb{_ks5D$1M
ze^Ge>dfk(fPNV9(84s`|&W2m`V=GrBW4}L2sfoO=PrF*<U}7FTqy9_Xi5ZNhSGw`O
z7Fbj+ZeB$1Sl}UfJTik`A_Q`Kq(n{612;!a&kM)}U+$US(d18b$rG93dZ#Y=hfUGs
zh0*;;+hj*(SUuV9l)kl1%#*f}H6@kQsT?y|YTUg;BN*RsjTHmWb9vbf&sgpW3>ZlP
z<9CGw>3b)?rdEibg`De*ExgB9^eiaDhvCJi_ruzf8WZDy?H9oEEyr#d*kj{i3cG55
z=|o4Wy9G-Ks+1-2Yr2D~&!Og>iWN)4B|Lq6U|6>~P;QO935Uwl!p$+Efijii$JEQ@
zJe({Eej~>8ME4hL7vC?yGb?<WY$ii0?P&5Z6fs9Caco~#AdkZoI~flkO(F@uR`gFd
zr=jVE081dcc0)%Qh`M)rf}ow;-H2jO25zbkLEC`Se<y|ywuSfliWcpnaK4^eib0`!
zALJuYpnbTlj3P<8TI>1HP|G2~KRZp}*Pz|Qvn@-v?cdl7F+@-u>{lrCODuF9erv>%
z$wT6)yg+hy+#E1b4N&bjEgZoN7I+#6s?P1m%ij4+f6b0m1Rqam#LDGmH#w!rjdMeJ
z($3Hun!ZI}R#PLmZ$jHNzKdHBC((dRHI=7A-AKBo3Q`ANjl+SvPYi~kRgmgMW}SsM
z(~~fH9_jx;oI#Ao713Aal!ERO<zTzcpR`&Sx~@Ej5$NNmo1rs<p;zE_Hbm*ldpi4$
zEiz6CHmN(h2cbIo+SNMEZ|_v6MPJ*Zqm>XU!!G`1gaU33-A%YU-S|_!M#^`nman<1
zeDzciDx>_Ame_cX%%7Q4+Np*pS7Um?l<=IMDR`P;2Dl6OrRc>IW=D;4aa$OaNq!0L
zmG~3edFE;KC8XK>y39(no;TDBcO~wD6n-iC%~e-Q@?`H=HQnw{lTYmeF+NyKj<Dzy
zBDr|*W2!U|v|3`|4)TNIX@MI2dNqiV?<LT1ELaQKtml_}&Cm-4LLeE9pavikXCNWj
znZ1p?mU`yX=6SU!osZI+G@()84hh+gWpmF8@p(}44suNtbgU++1PY0#35h-hQwSci
zV6|LM8{_U(kX*>5ETT{J;_&-bdH$SjdD&-OuwE@#Mxp5r$z?ssZMxuh7ozXp0!Bv|
zxQ;^dHD*>irJReRr4BdTVEK^_q3r!f`0AcO%4xwLC*0*&<^Gnr`x`-#9uLXS^h67-
zqYy;fU$3HuXFCdcpNnXmoYlyy_i!D7d4&uyxK|sur2?V;O0GkPW}XvuI9{rMjAC^4
z*tLHQ+u{=pt?CRo8b!-#a*#m|s)Qho9Ss15D1Ed@5%lv18c`rhO~ff1<TDR;>sZ6c
zygnc%)x8(*PJ<y&V1{kDGBQsj?{#+@adb$Nz!9SnqI1A7Ldb*7&Cz~XwVN|27jR*m
zL_P0VC70lGhpwwOgxSCAk=$Io5SS28uJoLsAvDL~yC6FB>yd7taHDbnzQZ@A#NO~s
zNhPOO3kpEWKwpT;3ur5=FYV6zenpG8<2_RA9wd4{sl3_79%2I(dl>iA9iZ+l)9Ys)
z?XmK2Z$ZS=(5gNdL7<i$o<QgP>*DcbGP<fod%AlpXugJmZ*q~V_d{@jhMz4l3e3U2
zD{01E@rb|K8plkz2fB#&VCO%-5mwwd{3b8(L_21e8rnIdtNgy0VZZA}cdY=g(@t=^
zeCtpO9(ibVLCzhy?%m@8Q}5tHe<Z!ED)b`$PSQmSY$MKcfpk#Gy;hJWl}UL;^0Pzm
zFme@niv2xJ{Uh?DL&%L9ti+D>5y5Zikci;-_LV5<&FQ8Jet)9d$8aavKm4r}g0TYs
zhY$1oBgrU)n+=&&GYUoNn8@OOKYdFi@a5oK-uoqyFrKm-iJB~YgmI#VeNQr|zlZrs
zgaD#L*CN?isbX461%Dol$!W%l%4pLG^AQ8Ld{0wCN;oX|hnrBy%0B11l6tK{e(#ES
z#2XzpGR82x><Wa54p(}k1JS?T9Pw9j1vctmiK@R6y8C-#7eNIX?s}ww_udmmb9oUc
z3hRJO%iu|=S~sWEE%Y~xYm4p4tRjd0EIx~aHWSFd0ofNF>&FGeG)`FDgp7b+N`gti
zcHQON?EUxrAByPsFz6_v?Ksb=y2yB-7fY?*<R#;A4oq4P++!^RKjq#VFyAUakrZ#(
zu*zgLY?_j>mV$2OoK9pL@OfpfU!!kp9G3*M+u@&7glNqT#9MIO%H-K!b6PsR{|j=s
zx*Z9*4`htuQ#5nAQclEyACd&~9%CmvRmVx8w>`OS>DnL-NWx(mlE4P3C*56}plXE5
zF9`?CO25H`E@7}>-uI#I`JwHc=2>JqbPQvfd1cBm#1Mdh46UR+M;w{)f%$2ib8(oB
z492!|2JXJ@GQI|32wYP;N1gWMj*8U&VI$UedA#apmF^ZIY{Qd#JKV5Vzzc)~Z;%{i
za?TD=KOAMsvu(Pd)p}QoQ_Z}Mc@OmbppGs~Xgjuat=MT)<=49FM--?2Z)<2o?Knav
zHln}<pwouaap-ciXouy0l&hP(PpZgw<`*}wJHn2(#^z`|1vyH;E>kYFGDQ2Idou4l
zo7>s_<nky06@AD%GRrl87q*EQ_yw7>YgoZ318zfJqL`F6X^;HKsm}@Dehr-iIAfQN
zB8SbaRJuj%nqBM@s5VFa{#@&%XkeilgBo7us6h>XDL0(_ocRUZVPN2kv4i3a#1=tt
zK+gF4K@raA?}meTKvRk5(``9%fuT!zT2r7ADn}ng9EmpH@&^+;><+AaNUlrJ@qPCp
zPj2!cjbw&UhJRL7_iO1+B7G(rXik3~KvL9wF`E&cu!xeaF%QZ)tIVVIu){tP2B*{d
z2=gh#Ziy@aOKyrZ^B;*=@NHT%U!mJHYG&^0p3uy@a-V`{u2DiTad}T|2f}fa){N=&
zK~J?A573=~V+S3!8Kd@P+${Y{9*dkKnAks&Wfb}Vl;0Z?qss5eHBsgFIp&!zUY9&~
zZ8UjgGbJBSh$c_bC2ynPjkzVd<ZNAXK83l=eMgu4TV2_yOfO%mOK#C6Pf_vay5w7Q
z$;B+$sY~9dOFoL{GyI98FAPFL>898k;6Ae`cK?xK)%Q?{9VXC#l#EWxT$5Bgzr%=(
zs`ywUGQEJ<r_Ob=;E@rx3a^5yf?HaDqSc`>!8O~7(1CG+M@hqpwhv8Ej3J=!dU(s>
zJ?=_dUv}vYgOFPRf1l|sNG0J(Om11+hL4`E1M(gQD<{LBVi@kHOfX?_cUDk$XTufb
z<r(OW(w{X+hdZW^j;41=NoVSfoCecO=@E|6uO>_(2=*r7=`{ut@2X<pc!iTx;?~4J
zPwrbcM2P$>&8||7$gAo0b0YE~Bpd!fEI<Z+6~(hyjkrBL61Xz(#a%-2(L|?bzR_fG
zkHOO_(Bp=RP=B3#2R$2j8l>81(+qA4h9vM+x)rA%Bor(283?)kE>9|UN=2c!VCXdc
zy*bTwpCDD>F$~IBnqYJWTn3X6?8exC;v)mo4V)*pVqhdL3pJpRI_Y}RU3Zmt2pEoR
zYo1h=haMuGf!QXk0Ol0>Xp;$6ROVQ1{<jf4F?<4YWPE6MW_{?@SUiYk?T~iLe{E;y
zb#4YGCrZ;yf;2M~1}{h5hY$7=q<NrQ&}JaxUt5U-g)XY`Fm?HD#!-}=KRZX5Tmy7$
zVeLPolj~+S_u6!G&-P(7nJj(kdV;$h(?!2QK}TuoeP%g58EMeR##7_(Mc%JY==lDQ
zgpTibjK7-hD<_hYhM9Svg6HSUGiy=%@@~OR=4La$6jyr(zs?P^_Pm*S(rG7}9qa9P
z;~Bj|JYfcj!_3jA?vMj9!|&3u`}U!{cL}>1611CBs2<+eIeL=8dw+qL50K-Yq0+7>
z<h_r>RbX6uW)-mN{Bp?3hT#bOIo}#?KqQA$H1Ku9GSO^g4yMKIYTi2vF9P?#x?bhL
zJ&L1Zelr1C?1AwWwt}XlIZs6SeHHJWhRBI5H&7=c1YmX{R-L7fg|;M(&2sgC#0-?b
zJjI+d`=I-j5D)nwKK?0A3^)-%?Yc+IE@LW<D3w!DQazS7_b*W8bJ_bA3>CBY^Di94
zX`9{5dyC*Ak6*JN^MF1p&*Qd3Hkh0HGsuB_m$_*6Cm@j76)#9e^jYNFZ=e${Dd>e|
z6BSn>P~-~~C4`0p&g{xLgQ6?#4M<Tz#;-fYE05Ue*zpEDH1jve@(bhzWUM2l*TFE@
zFu1fA9Hk-q2<-YL!^0}Q+L)p9ghsz&_Sd|(g5a^jOrVFSI8gR)2-E#Mhd=pWHjnZP
z3dpDWf17AdQS0cdRO?QrApEz8_ljZ79ExpKa>*W4OnZ0@Th5a7iYM=Y`mnx!>pV}+
z+9|Hz;Q61A;5qroCX<x%&o-@DNQX>6f#$gpS}L6uJUM2A3xn#378&<)7n&f?iRLiN
zvv7)Qut1T1(m}!hT<f8@FM6_k;^=6fayR**o^Ni?aPPv`(J8SgrNJj&c3fit*~zu$
zIkUIS>8sksrU&C_+#XW(G#DosX8lm%2Ac|eH_GM#s)w(wgmGuSKlpVE*v6_otHC`s
zvoh495GZk2iZ#pC$KW1LtUP;*JEZg^eM6YQugeb1MPCdH_@(g#I-MyLEWjCh2?3lJ
zTkrsSJxGwQVKx<9aGf=4r2AgTJK4^!8_?IDH5IZR70DX$I*@QDeCGa!Hgiv5t&MX2
zOT<NnnWL13H8(2#pxiO__PJbwYp2scVcuv@&L`G|pNF<Ec|s}!VSQ{w-u_YkCF%Ls
zCmR2H|L5_qha>zeH_E>TF#Z*Y@UJr*<6rp^{)OHL1EbrC6$z`N{HuiVuL9y<cI02^
z(K9dm81Jp;BK#|}D9XM}5%%@uj2QkkA;Q1L{uuvC>&U-M9r#yX_IBQD{t^BqWC!^d
z(BXiP-N+)LI{7t0jem(;SttHAg!osE8Rcr=Up(=z#kiR~-#h>X!-hjX3O?L{5$WQ+
z{zrZ#A~G<_ul^Xzucmj!uN)ot)ukAIRo#JK-QJO3ohC(cmx7E;V>{@>y(_j;k0&;w
zZ0Dk$?F@*polQT3?bJos&iYukQ+Qdnvyri#b;x#N)(0)p*lVO-pN*bOk+=8La~2ct
zozjuBh%ozmYxch``O8gR@R$4;{xS)%eiK_S!(Z<2z+XoHXZ{kuQspmBX$#Q>Q3zu(
z?kJ1-Cdy(y4Q-xL$oR`UdVQYcDZy`4tlgvXR3$yRwR>lI$|>zf+sY268C{%|S*yzW
zsp>(p%yQ8`%RE8DvBU>vR|x#33h0%jIai_P)Xg@+VQ@_nxv$}QZy{j+$Y6sJ#BEB4
z@3;_{HM$~T;}*{MH1>9Nmx@DQlD)7m9lib(3djI)`8FpL%QI`?g}>;|1M%w|9BwRQ
z#HXw=ocmS6)P}B##1$>#>{%1z!|np;y@`pSa8<f%1a2!<g}iZV_-zxEx3Kr7tKcKc
z4m_=zeV$*jmsFCz7&A4w#A?P6AW$ip)E2Eu%v5`zgZ=gkMDiuv7<^Hb+R1oA_P_+Q
z{Nf_avY*r66VGX(q0uOCdxh*8$Z^gDXJE21biHo>!LtSQx#t>%z+8@SlTSCghk(+<
zxlfQ{CU6z58(4p3);gtx{h38hPd5%kh^Og1RVD^|bRR`bDLi{PiU(b#p8pg0HMi`g
zmT_C4k#wnczL&We!|Ka>7HYMQR`w36>@})B)w!O%b@dDx)pKW9AKqI==+T}+;66~C
z`$D~UQn*w?FjFmK?F(di$89FkV`vBd;Cz_7pTh*6ag!l=My>(a8V(D;WIO5*xdx+a
zD*R2hZ89Wd?4Kg)%a#`w+%GI{!IMsWpghWseYGmv;JqHG!Uf)x*!@%r{63i2ax%rx
ziI-a`FUT9_;QWsvN2E1=#baFO9NpJqZcU%|#@srx`x%9pcz`7)?t$M9FBCd5>u2CL
zA)+(nN4|^V63EGfx(#kuop0NvVkrIvWKO$}36=wbr-l=KHT)|Wq|KJJ3m7m+Qgm*d
ztoiS9s)6{FRIFx@Y|iuFVwT^Yi^Dz4Y{xT)!Qf)Z(sINm)!97Nz<Fh<N!TsJr8~{x
zD|h#2ln6z#@?05F`o;FGKY?+BND9P0P$j_&d@mS1NQb|^S{wgLPzY|tf<j|}p7Fba
z6R};7A5-_+S>=4S&|s(yev7!T-7?e=YK4`AdQq+1DfELCJ{Ii`d}(nz_Mq#Dg}2}(
z45aHByZ~yE4)eZ3ph4ok@}XsD{L<D_#9jOF;Ez3N3$Pu>7Mm1wc*Cx1ka0KQ;W8j-
zl+_rvv}LhtsB}2=Swz0Uch4ljSNlU{6u;3Mb{`I%iKH(+32Fd**v?&D?>V!Ob{Scm
z$8u;aRNc87S}o%sK_ghdsZHU%_ajPbMKO{GYZC7r#<3fk1Ye>i5iG(^rY&yj8mHv|
zqX9dxsAOVM@49hiNr2IZCqxEPP#t`wot@*t3IMCof-xYX5Kqj!Qse+uQ*TQuR`$~Q
z8)Wj)vRFa#-H^X?ak813y0~RAO*}+>N{5xDOh2H0z7n!P-j0wYXfza`RDt&hS^6pM
zIO0MBgM*8-<$W9<-ixz_H4Djykq(lC+C&$MG+q#aP|pi3$4l~vLg%-hi`^enu?MON
zbn)qVBrnr0n}jDL5QM|~?oY#I62n;F9t(!lwW2VRj-4?AJ+re=B`_15{>d}xPy#}_
z)~b4;5SS7<9|`>_@|%W$6jf4hAC3NrYz1vY>9lo050u*5P>xS$a(vI8OoB1fDd%@m
z;4bSD@7sxCiij)s#Px9mERVcz13P7sl7LYZ`E?2L9yuc?iC_9R(hk}(pk}jq?>9YA
zAg@HH2pRDD%UgKgW9T+SnrhCnOJ{8u6c3{}me~CRUa$om6*)<B9<l|-ylL|^nXLRP
zB{_-wlFdEXLGmHitajdaDH#P}l(_8bdOac`p7$M2CV|JEz@cZaQ$jYB;5K14y!VBk
zk@MWr_jnwM3gVZj5$WI!I~_fMHLNc=H7S?sc;AE9BVIPoSC2s;g@(i4B3F7AZp1#u
zYS2rK6FEXeC$IM>Q-6pFoVVO96VeE?76TweKm+4MX)o_vbu|+8InlB!G)S#~d)VDO
zCqs~AXl+omR9L;J57Y^s5)Nb)LttKo7`Vk^EeI#gsRSXU(Vw%y9=Q8WTR~&uoMJ3N
zYGU5fXG8C%ZCN%EWmJrn#c#^v3YtJ)EA4@PXNK_J${wg!IZ*P>!T}H1uosr1iz1Mg
zP0)zJ@CN#$$O}B2>nm~(M7y%j(2LcR_wK{$2Ob_ArRO}*XO>OoVGK7sHiP{Wr320e
zV1);S;>J-<snS{89Otxb!3U9dH1{h)<VA!dU?j>w!XHKHkiZqe4azCm&HVC5`y+8q
z=ua?eA-^16+Du*%0y#E8VmaCPO-5?ZoNw%S9E6-%e?dhY(cV#TKC61ON&)v%@T0`f
z_NEv{`xD;Fd7P1K&J(=%&YlMK7z{3`rzjkw3p#f)=mHtS;%zu}JK^n+l>G@Wc;x>A
z!d?17Bu<DE*ged{-*Y&wK=@=(g!bV%tb(RT-8_+@Ptev4C-Cg-OLGPnEC^?~2Lg3O
z=CjO=3#6nAmYRZj;SASVr?gj)O7gPLxRa5g`i3R3eJ-`)u6R)*PV2o28-T;Ph+4w9
zMIod99aqx6H@|FcZx+$Pavrn`fxoxH$?X#?6&nU47lMb9>U|`;f?rvD4ao(2_~py5
zF%Sa5_dJ?jrBWfl{F@*Hvy#YPiySKppEKtrcJl<hS*_j(cvGR?uybj`h6g6Ge}bh>
z2qYH>TscO!DQ+4CM6>?S_=;tFVBFQx`Nd6m$B!@O>O@HqR*9B#LUx&5I=9dWtAHIo
zUnO#NrC#%!SQlq@$-*n0Qi*yGgCRRI!_qACOiP)F5uT@-r`e<usK`{}ur|wH+oo!e
za&2E>y&Te6wS{DT1K|?hOoRMFw~?F|m<dZoH-tk4Qfe799#%4Q(CY^IEhWz2;En?&
zq&j?I*Mkn<Dc4y?<|)Bf>-3K`y0)PS1HOf!$7WziSM|%uPoe<x02(?#`{@JB_e7HF
zxuuqiW{Lj1rLFA9fXRt~ENBX-S~Hz^c4tUmM$Q=`QZer3v!jYQ6zH%Bo=!!tGNN=|
zzVkc=(z-h=@*DrLjkOa`A$Ts10tIa0?S!DTOGn8F-7c@1g*h`wJw2^Q)W-|67)|+h
zCbNRAPEVNAD2Vq??uD}=9LIZaypp|;s%7E~JkpN!NyCCnqW>S?VI4&Or&JeFYQ*5Q
zfnlZc;op%Dq7|8aqBRf#qd8a%_f%+$p~UD+%x>fZPxr<ndTmZi2~fFEe5@OuuUvp%
z$4@j{1y6G-zcL$dgN%alA6%|dFYQtde8cVa6-it86(}nOW`~iwWFdbCXfgh;zF}1S
z)wT+1WG}Y)C31?8Ux#RjuP&-De8XPAqw|5$Z6bF@$S<Q8v>Yz77k1JMt(VW?V|t<G
z@;L<Ph33oU;F=v6-E_IHUB3*BZoKT5cLv5a(3i!&a!A}3^X1i^nk%SdK)QK(4@-KP
zUIBJAFNKB{I9V-jOJvr|UzdI!_Ozvr3wm401rq!l=U?7RO;{O+l1N}t8_*<Y3(Rc?
zQE4jNw<1|uZ9u5x8Z5sap3j8mErP@V@WfhH!P9B*v{_J(bifCf;MpvA)<mhZ;i?f+
z3k?jJC$+#+7d&l%-+Ay`pC>gqrBb+?KSSLoYjOrlaLdRwiP5gK9hmAijfrJA8{mTy
zLE0rs)y{?!p*|5mD%sUm{*R>?`5L+G_PNRK-sA4_Qm4&H!l3aY*YwPOMDAK?5+F06
zv*v}*Bj@#g$GVrE;ah2fbPzwosd(*7bt=JgLGUl9`XKOpIeo>ixP|s3S?}N?%-raB
z)p7Mwe<Mr4CC|XNDW?kg`+cxTdeuQ>FY_x9uK~$3h5R5Uf2y|q(>*MC3rn7+e*LNX
zHG7R;@pqOy>oQ+^S@P^Izh3w_B)Pi$a^ZMLn%DJLcR<qouD?pfKB3X~zkE?otG-%f
z1sX5meJ&$YT)h7_;$pwC1lbO)X`Z@KFiSu;u$<q7iyj7GV@aO&RDQ*O0p|%=Q@=n-
z+bJEfG)auDAQ#^)Bk>`>apv!|1AFtZ2?ph%mt2gAunf0KZGn5kLjE~OzNjX9Kt}O2
zfn@evPfBi&O`fhLKg5#TVv`+Oat=#wjZGe;CBJkPCAY*Tch{2Jdr)$7Y_i-#O+Lbs
zn_`p8wd5j}+!&kuftLIhOKylw_V-Z1MZgW}vx|90shwZ9oECK3`ccTKhp_H#s32=U
zjC@wHd_A54fawJ4W?p`g&2yBKzo`v}mD@0Ewui}x23{(HTat%`fCFmK!japInW5n%
zS1qU4oSrirO}fB+3EDXG-X)k(am^@n%K98-DuWPj0<nF2z5QO!<T_K(oZ<RXdAL5Z
zug3JVnJAN|({9%M^ZNbz(f*td@}x^jZ}bQ61-j#VFqH*#k`h}%%cJfjdThRci1PX9
zNp2#Z#5|0faN&7a0IbypS3hTVkoPwBWI`;kjBcvE5sJmVlUvU9CWx5%5(uD^i<AME
zRJ^2CKjrv2($D!#V>nOF3-fsIbxEC6yB3qG+A+OOxid+Vx3QAGENGhY9Q*-2DcNj8
zUjSSvDbf#FSGpTP`*B@w&3c}5*Mf$1WudBXa_+<EMK>W1l+DxZEQ;m`FOY(MpQ%qk
zZ`$XyTmorvBuWUHu*!X{^tq(r2~@=+I)0P6==hahjE>)ii;?kz;ZuFGspIzsq@kKL
zJ}}_3R}3VB_|8MS2!{JQh%@WcaB5rX#J~U_LhO}2=e094{HBC>d%#)&3LNMkv(90J
z099XD@-W;f*TtU4keOJg6knoH#c`n4#i0U6#4_T1>_hxSxe3eSH}yuMjgX%Erbs{2
zu6l$dYth+Q<T<wQ0;J(RYcs#(ws@QX_s;gG{J~Q*85VT^uvgM<eBJOxDzdqA!tP^%
z@gRIwU_T-g+d$_<^UE#g#|2#fY8ALrwmf~R_OfJTt`Ac~nS~%bc$(w*6)zbP<<RD-
zNf35dqdV86V)oH;%98g^G?MWX>KG6I%UGMbGaErXJcw3!&OfQL35z}QWMNfk^%v;O
zdIOHarje&s5km6TO`lWz<!jHgS(Aot8q<Zq@8a3Zc=Bx1>;3<P-C{(qPi-6V1A(`P
zoYHODoS7KxL8n3L&f!L-DN%rX<p;RYm6$O8k5uAU8(E3}L^t=($5UDOjo7z0H175*
z^{OU1*%zdAWfeNY&#ZK0Rw<k77>8O7d2*uvLo*YI|3N&1U+JM9{fgEpbo#g?^$O-X
z<T=RLwgJZ}PinVWYS4T(A9r4Msr$DRQ59&H_f8}EnleE3+2kp)f>s0q8NYJQ737vF
zvz(SSP^Xz6jg#yoCa4P_kUJYL0*yM+EwL;#{1D||V)psDS5O#TxN@8DOb=Q14jJ;e
zlg}J=N;{pFp!4c|sJb>9RC_L(U<H2TR&8ySF5&7b=9gJYY*LYE*$(xJOxhJ3!Zp&F
z<mL!WNVQvvbt@|Ar57>o+gD8g<9#Q)laUz4+{V9B%+?EBB^;Itc1R3*2-XJ>tK^SP
z!GtuStMe~W1<tcvP_DpWxe;As9BMSGn6aFmDJEdWLjEpgA3Dq8+If!+?b?<z(AGTe
ztkbg(N5<O+<7@@DhSmLAPuoF0u#>WRjp_{pK+X!ZI5ces7d#_MA4bxi$EdrW52+8V
znYGj->`Q*dBkin;wCB+hWB-l)M9UE5!b|82;z;DHXBt?&)~BlSiY#qaB^K8q>LJwx
zfYkHnhhYS)j9Xa_V&^BZ&JV3&#0Qkedw)wt(5|R&^1~|CQ6?~qcFQhZE_B{4vk1g4
zP}=xciqvky-6E+``3s9?{ai@%394-}1U^;Ah|LS)IJmzmIHe-C1HpD&lg$F^vF8Z3
zT`!OL0cYP<ZGFLMMcJU9*_~z`)*3Qrdht|rRWb{-kgsr$U?b}i7w!mL0`*vwc8A8{
zkuB8Y^FXr0h54+!<PpdxK9aF0u}jw@QTMI~>1$v&-*UB1v>3twQ$Vc09C}2^|5or7
zyK0^2;Zw*g)0Q|q_$CGxhMn2_7yd!pHXx47vN<cKJc6NXoq@^Fwu6zjQT{lSu=LQM
zoYEojE>tM|*eXA?$|>!4_hFhwAZ0IGkoL*@55$3vJ~s@aYH@Wpn5nAF>^VQmQjv@F
zDwXgn-!kH1Y!H2IzzGBMWU0w>3MO%|xTzaDdCA|!`wk?~913e1qHXOcZ4p6krwV%~
zy0O~>>^8AGyRBxor`1%M-R@Rz>)7oE^|q1S7OJ;&?wj|`Rd0>#)}!9yK^pGr%7#kM
zmZZGwOAOyXw+F0zz&1c-v+=JLgCIyUI&ut<5|GNM+WB?zJfI+@Dn!hiNk>9pOdLp2
zzl)=7FeWRZGa%e2ci&9iomp<9W9l9D?ePuQdE7AEFQZZ8Y|P8b78xzB=Y@ttLUx6~
z=T#{8U?gzWJu?ccNTr!!+j=X_<1L~D%3!0=a1MiDSGwoXf`hC<<ToDBob%eH5~t_F
zC})0^-SWL)IZVujB`utxvf8bV!0&+79&}23Vz}*b#!r#6+OJ>|xdR#g84l%b<*&^V
zez#zZ_7(E8{BUP}=2e*!xh2QtWe@r$Rx25LiSPy+Q(1K&(PpW2_-Yp(R+)?v;ZF?@
zs{Dyqi=t;x|00gB4jwuEEy^sH*Bylsyt)QfaylO=1(6?}6{IE*OEi%rFfJEF6(=2^
zE_U5qa90L9CIDhfTxMk`MU(Hha0NNNAr1X~irF>pS|~+dDC;kI3>Nv05@p<uOpVbg
z*P#!U>`T0_6}OY7grx(;jn@~;*921HJ;z1?8_eG#cpCfh-ivgWrLix+au{Bz+pxrx
zzCfYOvWvFtO4)9#B#V|tA&^r_``YrZDe%dV4^^gAyD(Y52^Luxh5QSVZdzFll{*h4
zD3y`gf)d05LsS$2`d79zpdXWkL!>PTiol&m^#H3-d@NoF*o=612e<Qbx(VD4`5&Kt
z9@cBzUF`?yHsq9(wFvcTna%r7q11~;AKusRB-Cp^>KQb1m8%;gmk8!$whWFyvI9Qz
z;N#(^m_u62es%r@1T?$chG4T4P*z?j#nAG~{j#RF<z%>eV?MYu|8lWtsqmI-RvQpV
z9fr^*Cvt`Cef)}Vkiv^WYFkb`PRu_@v^d`XGVRG&nw*y1z*U9aC#5FmZbeMmk>{(z
z`NoJpjoixaQbKf)Lfu%$jvN<AVP4dj3zIC_x;u`9zL9ty>uO>~msDbc8Hhftl<#EZ
zO7+Tb+8LL?u~v=&q1#AYWm1lE-$}Mor$vh>m5)`%8I&)HK-s1V+Q`o!<X)|+;)EK~
za&M`Tb^#m5LE^n-HR`e-nT|6bU<L>({C!Neuv+Q|_SKr`Q~&{Zc)fmR)GE6v;LY<1
z+Csd+f|KasJeD&)Daf*ruXWyDqpYUrY(#uxP>qI%rOE{q>o)YDW)l(o>O{1M1LG9k
zR3VE*%w+lW0o{%>a9`YG^X{P$Te*$=wzV>a&kBM!tpl=ETdkG9L3MCpGAM7r%qDF^
zdAW(gE(h>IcYNT%E5y_*&*Bwnkx$|kIdggxuZW@_YKqpHi62-&(b5(fyg-i32;}-*
zadgIZ1^Q7{u0>y?%$}CLi(m2XaW*qtZdmxUI>J(1V_@A$_f@%`K&|DPZ4B(v6Mi-O
zRuRU*F^~~>&bg>Ev->#CEQ9j(ag2%yc{m`GUtlJ^{>We~J>WOA+3ufiPUj~VIef=m
zpJ4J|s^Rf_c=g^^Dy=B=7rZ<C2L_D^EoWyA<Ii9L`;^~<94K8<27w^U?BT2d<yr%*
z`0;<StP&@|uaX5-g1(BpTCcr22w#1gm6P}c{3<<;GZpVzwJJ*M5A4ANwKhr!9;`=e
zJ=^*qhyG5fieER1mhjtgW8*PvR?z)RW=X#icQza&?D1i@nOxU7_;m>eG+m#h<3Zfk
zJP;T-C&&SINe*pLCCw^jXEiN`ndR`9NdcihQX-zUuTs`l6SR>IU~HgQXeVY?1c8_t
zcpzNRyntW&*CY67woovVB-RX2%;AZ$5+CQ6L>%?w7Q6EJaYoG<FvN(cz;FlFtVZ6q
zt6D{2VR&@a9&a5nKQYYv)>X5K58vc;hvvI~z=jE2iE`l>vTC3*-t$^D^A?uD78g8J
zD4MOZV+L+@mw=>>I1H<6rjQK;%zJ0ims{tKhLzk#v3H*t%CF0C1}1TV@fE<WMSg4z
z)<MjMj?9zJ0IxfDEZQTBnTx)|$5?Y1i8h{QBwBYGVIGrb105%rmAGo!@50!-%GkqE
zy!HRXH~!D!8$Wp9|3-Y{#Yz9?;~P=u;g=jTsQAX|dVC|P2a8+cU=3LCE4cU;!zl;$
z;nPkKN5qGm2VQ3ylLEgFCK|?cf;dL;_$*Hq>i7=a64Y$PtgfJrH(;(G9O{j^c7!^r
z^onm3us7)Ua(GAFB9Nc_cSpSA)m`8nv3{4uI}T_5$Qj;o&1Lb9pN)^fJ94c*7w?Ge
zTWgEp9nVMcj^_#Qcs>^Ihy@Ye5x<*fiyepa{~LJ6IZ?dh^IhT{ubBq@JnBE;9nFY$
z)DAAC0oy2Lu*YPMXa?Kmx=}hD`lmX6_)Q(dJr-%W$Li3TLM;oEK^R!dV2_K>w1aS@
zJi+{p{1n{dZwdFf%b>$OihA7RzZvckEA^vz!8PLLagX&~;vR<?I^iC_ZHwKX>k9t}
z<wP6qOiD0gmr+yRV<^a{V)`G?{cE^KJq|KG9BCJ2|HWn6wf`Q(U`*1DSEQAKZwv43
z_2YQRi5eb~qFs9l5BZUXhkW|S@sKkU^ms@k^ZV<&tG|YaB%q>(hfKrHxfxwcvp7k1
zvr)rCrlAs9z^ea~@sRNmJY<@II3Kz!iQ*xj?e+g35BZvro#L4fE#Y6LeaH;nH{lvw
zKo49F5c#W)fXEd_28g_w0Ff8t2#$Cav)3UWG6nIFafFAQh<M0K_bF%g0ryo5?KLq;
z7k~0c@Q`fpiuW23=!FN3glljwi2)*mLc<ZP!XPUhyqeDH&{KzpjO&PpG%-A+o$!$G
z#^3rdFr-u>T8blh$gmC%St?qJpb*fk8zXqg*(x5go#7$t{KG!62OfCSR?w{BA<q*Y
zvVArv=4r+3XzbfY9Uc-7A`u?4lw8oeISps4;vrMx2oGt5DmHW{6KO_X;EkDx)Gcyf
zM+SujJy=zF@4MKDz?;K4)xS96A@9E8zl(<y{ft`wBOWp@dkeq(v%W~2tNUtr$a?|_
z1;}5;K!Qz_SWf(=o(vB8EoxmEc<#(Q8n>q!4rs3^w{wyG#twMMw?B;HA-^&*JmjDx
z6<fmakOrpYfE<H>$Sh&;Hk`XLEBMdAL+b6}Y0Mtp8fy<9#_Zwksy)1K@2>6PZA`C7
zrychoo#&FzKFEkV)!^z!hq;{D(2_BISW7@??OupV0j{kHmCPP~6G_Bq5NG~TKtuU?
zxXb|w5nN`fdYCx_m4OxL1jYAt0^7Ktkt02WX5ol#%<!=6Hoj|ICX$_s%OvtaT;_xQ
z;35}Ky79}?`l%MMZOH}=nMp7g4VekQsf-V(_{;+JW(xY9p4|zlY5XbR%wgCX%XaCU
zXUm<7oAHhxzXidWH3-gxCREs^^ReJeyZK2%W*QNh2{)+pGAQO|w5wPuXluifdE6$I
z5~>TCy$u5n2dUQNLbin=ucVUD?GgK9U>Yn{-9_mvjLr$R7^tYqUPW;Rw5<eF(Y5~+
zo9~RP&X##5&v)GEzuV|4VQ|dudFWIx298<gK>2Di!ZGs#(^Fvh?o42odeGt`IjU&P
z_r$x<i6=rad9S}0n?mVmbT+COOcRpg6pZgh2CNAb*pPsj&2j)u!TiP#zoQ0vE{*cl
zE*z=`3lybexSMv(7y~)CoQ+RNH!+T3RO35gG-$}nR!*Z4-g_|_=U;0a?|VOyO^DfK
zQ>HTDcNx0iT=_O1HGYZNZTynYOa#eF1$tePinDIRa1@D$Of;wFN$p)&mW^1w=SMTk
zGG>D|KBEUHj%>@2)o_00z+U(qk*InTb3~tTW}o4`=$M1qnT3W+F?Qy{%iEWo+!>vH
z*@5fV^+wgee6KNTU?zfR=4EDFwn^t~=pB$H!9*O+uecdL_~J@~W@8>6wJ{eO)EV|}
zPg*segjM6Uo<C+_PSYEhZ$U^*Q8Tmd6DQ%N11*F<GOGBahtPcNzdMRQ!q+<DkJ!j!
zJR%Lh^2e4K{E-dAKbu^&2=LgTU_7E&{E?E<&;j2wxJyyx$=)QYsM|^zMwMR?zUOhs
zLiwN}itllCf$ynDe9tpKj_+}?sFyS}ffU;3QSm+dot8FWIKNQwJ@f|mweoFq1mDxC
zf4FG>U_2tNf1Yl>Jih0FX2SPmAin4J1cvXqp;5*6l*9B{Z{T9_Jqe9$N6Dn(dnQn9
z0)EMB^?H2I3b<3oH+6~cc?!?m7UD^GSYryB9~C5!Gz;NfwiGOZD<!)D_j=tL+$Vz;
z$gv$BVzx?VLsuA}frUQ@|MNvcXZ%kA;(u`dcfkMPbl8AePM7!}HVQXf!L0En9scL_
zq|4%e3hATTr2k3$&tDiCXJ`Y%|D^s${Libg_#cuHrv07af4Bxz+)asf`;rXG#rm%C
zKd-V9zpRhqfAE`a@D1<1Cs{9A{i~kgf8MW;;D2^rV&cqf;{BpjofnvIZU?5#76wbj
zc>kxZbQu^HB(Y51l4BtMd!l*v!fP<|*+M`-Wc;?(npy-Z)NJ%p5O{=+6P&={DT3u&
zkZOeD>TW>mE1p1LQoJ3Z@r}T&Z^hdnV|uFeFb#ht8Q$lh{=Ralj4e<`A%7PIJWkn9
z_Ffqzy&8B}hK6${O^h@8aJO4SgByh?8hqob&)EVoF6cd85XVXz=U;vtzvNdYUx^B;
z-OQ1EVuP!&6hxs#DuSBFt7aQP$Y*^)&rnctbvFuJBZUJIrMf(f|Kvgo%~>`FVIGLt
zO@fN+&Ku|d@HDIGcIXmkLxVtoZdd|@h7;<3cV@kieE{*?xSbS(=f*GRBnf&vH$@u;
z)ka|>RFns8%Jx#57@pfmTj3)5H)MG3yb)x2odQj#s`x6$NvsnVUMDb&w~HBONg+1L
z)BpTANf9QZrXUmC@E;Q2D9*rqtS)2#s}lYCC*(Imw^^Du;}UEMYE07;9xgTVD<-4m
zdF*gn11;w;z_y?Qmv?Eapfi7u9UWMIwTH@d-{9~ae>OSPpT)mu47++E5#(1y-f-2}
zK|eG<sUdbD(}w5*Su9^K1fGJ4poi<W)c_a#!v(}+4d)mh>&5fh)KI}#t2NSA3=Is4
zCAO$YtY36QVxd^zU5io>GqvM+sCqt7N?E){&9Zrlt%|!rU0;wW>lge+kUpeD5@wWO
z8^bPOe}QOIjxvMxIlqFKw%XCkt_BTPtG=FD1T#y^ZqXP#XQRwTml?=hp-WPwtrX7O
z(h+oZLv{qz5CvT^2s>K>mEWPaUJ}wAmhCLIXxB2@{w!5C>x{p`43&{ThQC6bvnD2p
z8qOsuFI<(R!d!-EpcPTt8oS>Wi*qrYC7g?hCN34_QhSCVUhke^5U=!zo)W+l0xHgn
zRutScnxNvlrjV<BhVKFmsmU(YBPSklGJ@|aFtFh3vkBbQZeZXpBO)^j$ep$tohK^>
z+(m}HHWl1u?+osGKO4baELRavmoQitRk%x7*VHJiYkmaQMM4b0x)u?v>(5=nx^lD8
z{HKF;QIk|y7tD#!t16}|L)1e5WJNGtMm?r0{@;k{x)-{>z4#<zy1a}_181<5vW-*P
zi(A=@u&#EHi3_2N0uOvG?e`o5;dx7On8CV&yzfzhbqR<tpv8t@T`F;^AXaogsqQBj
z(K=pajQYt(-zJ`UjRx2G9|K=uF32oE(8B?v%=7EzD#U&~dA1`g>YKVK;DIIx?pLAp
zH#Gu{V&{4y_$W}|DtX_01Jk7_-n531qOoBBDF<}B<*;4aYPVEr5{{<@ddC{o7`8eB
zkAucgjv*MLN(08H*FmL#59)DJdoHLrsrGt?lOk?YYE>Qz>v&COJ&c5w%C8v3a8gi?
zij%^ZLVsd7so|_HkZ7}9>KZ4tb68h6Da<?cugf5zFfkShl}<>gFQZ5(bzf4$LA@1=
zgG$o|PsKs?KLO*nrWT}TU0MWj)OH;Ce{GbZ>QGWs&#Ne@S8=U+I4m71Zoa;_=9)l4
zZ%_3o&=+v&X&wghCz7Y9`3`<12aWmyrPT;<!U&3;x<|rX?8ZW+g7QD_K$O%hoZTu!
zN)v`6E0-Q3C1QoEPa_avp@j+nVIsenz)vKpoJ0ImU_NJLXBxZ7e_P2AP^;B!yOMx3
zxl3uNXQ-?93{hnrQCA<-X|O0P+nId;7;z2i7fQwH2o@?IHy3CV^Pe1Hp*F^&%`7_<
zd1EU1WCq2%G|$53M?k2^3*2(Mii=7?T$ItE<XwoxMIjm15iY8Ta8Zq9{oyxt3vG_<
zKw)2Wf-o)kI1W}KSoIvpkx$@2<->}*{!Z*)wyeQ808_OpAJ?L1f5cc7FS;L3A7a}j
zMxDiY;+vMP<t+^Gbc)tO^l{H52W3GGg9I5#qSiKt<kpYk49bJB(0GCzgEae>Q_f=k
z5z8*bY~hX5vQ?D!3%gHAy9lwhlMq{9snf6@ZAKL<rWXA&ZpRIv-51q0ShtWrm}wwi
zQnQuMFxA4Ccw~s*zZj)<&;$z4Vnb$7Luj}@B}f+Qo6K5ePJI*@g=E8kQG3(X{l&Og
zVAN6=xPb5ttBXeWmS)y5ft(7O12{0-GSywCDA<V_yRsRfL|hwdmNAO23M%i_#Ndl2
zD~#G)Pb1VPLp272j2HpvzzUV-t9AVr^`d{6nXUO{_+|Wq;$AX%(fO#Z<ilL03}pfQ
z!s3?Zt8!)G_u^N~W{kg~Eq2U$2BC{;U7upQ8J~ZESGTj0ibAj9-2nDoQD}wM9Z}ZM
zC8p}@f2x?OHuMm9x}{6h7mkf$ti?rXKZTdH;~DRWfP-C^t^*6*X+@J6t~dx7n$rm|
z^dO2U=?EB#yDVU6T?G3RTCKSro6LYepAeX5o=`A~q?vTyyBfLFJIC<|zySmi%|Ahx
z3{mvti70;NRocB&K|r4yR1naS6B-DJ*WrK4PcWiL?}Yz}mysvQyl2gc$S(aEQ3|33
zk_G;h?V||*1ezRyqi}~X3ph8fD!6CwIz>1jerYpXtr!-F_Z-E)>#_(Bbgv!{BxKhy
zJWyD9R*tlXjK+3mE>y`ef)^W&<Z$f`j0}6guX6P%e0ieo<;n<R3|~I*1*19qRZgE|
zn*zHBGV)TY)CU{bTSdzDlZ5z7B_)MUzpKY`332tZOorV7jWMt?Wfz`yAddFQDeXiV
z&I9`?HV<-6MKDam%*wsTnG~V-PmXw|CCC0Bp6P!J&vYpB|3*BMIa2HYbMZ_VIGkVd
zfkDMHP1NI=a8*X^5lrg^<KSY;X2dhSW6+_Fs)mMNO)+SwCLcP#I#AXTPo(Cd;+NJT
ze#we!x}A&3>FwE(oLn2KhQ2eqBO>Z>IkSIi_#}*mC+}R*5ufDj3ZGQ;BlsjM?|nRi
zPuj^va3ZG=ig7Z6PwI0s4rfXPpH#%~Nflk=lQuDY(n-`lMBf?L%~ATS8oGT|iWa<T
zdXU2wA1JGW!Ks>MHhq5}icEqcLbk%Hp&zX3qA#NM9H>-RxTK0GE{SU6?z2h5C27?{
zJb(_E^!tT(M9@3y3=#AWf|Fi~fRi@frA7&e_*2vHNx)Mm{$78n&Yn~hO4s<w;udTP
z@4bV=yh7{M=Sg)AZ`cN6jkm}plZ%n;3Jk3B%#JP*JFlci5j%zg4Y6aTy0#HxpUUjX
zl&|XpcyP~8$1mMV_@%!YboeEc9>4UGieD=F5BR0CgJbYZDGa|vM565L62F8hS`@!j
ziTI_DV)0AGjiVYW0&9_oDVj2Mc%15(?XeDkq{-o*R?)G8QJZWFM=Hy|kVhD#l+G9=
zR{h^<7^I7cLHYw>kQBUJ61yJi;!$alW0K8=AGw~1CV9Wjh%&J1ur1Xo?c{xdt}#j(
zNDfPi8Ad5B#%EhbXN=NM#V3)GCxTB(F{43iJKAKk_VT`p2t3JD$mB5>0+haBfSh3o
zR&Txgln$Y^T16=35kl!NMy6HMhMtXoxrp~o>yPVUm0da$g(o@u!*u@I#>T*tRzeou
zO4lt`5XF7<3>g$T4~6x~QSnLW0w94y+3=JzyGp|+{pKg)lk$+Ux;1dppRbMuCqV^n
z&YA?X;qkZ*{^CYV)ZvpRCU77z5I!lb13t;tS2a7Ah?XrOa}=M{i||SOD|-D_MJLg*
zp_@@X-iu}`n?L!*z*BF6tduxs8-bIyLys0TMX*WGlrQwyq#YVI=};7#r1#a95*P8+
z_E~q$SKAw&-h@rMfeg`71e=u0ut|>I(f%ZS(uDtIe9}|>kT|FI`>FUO&0X7w4)~;-
zJL8ikGJI0vvM4@jmx@oyjKL=zF)+Q#bnuLdPP(%LI*IZ{Qnp0_O7FL6{?}shNoTsk
zCuMYjPa5M-CVY}f!zaCUl^&ne-Zehyh$w;XD&IR?k57UpPEc{YS9HK9WuPf%O`^eY
z@Qh;C<cFV)OB#F`T+*Kim$bWUT+;m-F6m=a2VBzlK+5e1OhTH|G+)tDNx-E3*pS>0
zP9resWD4`Q=zEcXNyVLjNsi3poiIrgBA6sWk4ft6Fs@7p3@Z>g5L4@f;&#F$jk2Ph
z^nBoHo3wp#JKpi*OSv-DVcafq7`IEsBvl|LsiI3v5-=mXG~GPKQkExO)cJ~=8Sxdj
zIbtesU??yKPwF3mC#51h>5dsc0iX2LUw<Y(DSco^eA37t!6#A0^Q4mmQNpd6DdaBh
zoF1yAxr<ASaThmJLn(cJ4&B9#C8W|e)>d5Wba16q1Sg%x-LBtV*AcGt;B_io>2MUT
z)UJaoH4$8?J&r{K)WMbdt8gXs4!N?VX9u_v`XU7NlV9;M!ge<xQQ@YH<=EwXVC=d!
z7O7;idA1=?$>wRb@+&cyJShZg5p4@P8>&R<+>AmYTj9OklgLOM!6%W|FNRM-gD}G<
z!Bq@CN#GR3Cp9=NLE-9MSX1948a}DL13t+i?Lb3}P1+{r7uhVOupZeOzO#ASty08L
z%ddEkT%_#4&3ox6h(q?kWNQpWX+spEv?d0kgy1B${~kGt<v@VV!Myw;`9XvzeHjZ;
z`nDy;Mbat_qICO@<CFfR!zaD?WB8=s|0q7m#sEssUC~KWNjH(CqHdOWu86E3gio6J
zKZj3B`|shCN}&4=o;g^pJku2Q9F%KiX8D;KvS<!^wL)Q2k1QJ37$aZ*D8A`V9lq)2
zAHg^EY}U@dAzCRguL9l6g4|XQT@yts6(Cy4+C=MK6sPofi@rX~C{98IuQV@$S9${R
zN;kzqlbFw<+dDkOY?N#N2k}b(>H@D+gm@*KxP(_C)Pf3DLaMi%M=N4}{kVW@U1z*f
z6@wlT10>ds^rGUHzSrZH#H1qjrD~A#zC~Xa{S?sB$1$L#zjpyzde+S#M5zQ?av^A`
z{zpMef;$RYx>XY#zPb_whs0MG_An@?x`rzCQp;JZgDQb+mW<!M{_Ryd8S5PtsPsk@
zs8o7Mqb%g{&cMU%#QuRZe~0`U_%<yN7$cqRT|wsBuutkw1S_560~ZJldMOH2A}-&g
zLn;Bg7CR%A1pFnWl8xI&K&4xlXA>Pz>8Ie7OgfxWAJ^x!K8y=`FJim!-#Gtr0{`$U
z8&J*;jO9eBR`palmf@6U#^98usW>H57dWK}=v)b-ZMqQ8uoc&v7{8Ngs^3XX7D|T|
z$f?1UV*E~C2B*}DUoyXwxFSXUPNqiuPNrH2r$mj?`JIFp&S`!p-|k~j9ayR6GPs`U
zD;g)Uu3%uLX_)N<{C)~~GnYSqnt_$lp$iRqn<wvUHK=|T(M^L>2UW6tg|k=%EZHpE
z2(yGk5M2ikq5aotZ2-Z#Rzj?jAa=$o?Xv?3MzBiPfk5=EG1RZ{r{R<Y!YO539;b9u
z2)N%;!YQF7j5wtiE{{{{uHuv?wnX*^`4t$H?MrMcw&H-@Qf(vB5mfO-JCSH<!T#?9
z{g0p!xhotHAJ*@G!Cbir7aK8a-1e7hP$s&)Ynf<ciYg1CgxLWW6u~sDZiwcOShwdz
zivog;YM0OB&I+DgSg`vA6zbVil&#pPX)viz>e1%3BlMoS9!KC*$3y${cled4;-&Z%
zrzym3t=dMbp-Y$&sI1B}#H%z&*EXv%8cpYFKJ?(N*8c=AN)w@9QgPo$=R?Y+`H*55
zqkYIi--*Q-3I18YyKu@7(5TIzp_LG5MB?&P#P8KGn2~L>hBHb<1X30#4tWT8|28x}
z3N`{_#yG=r4xOQ@LHEV8DM}Iix|49@m@cEhBN#tezQ1;GVGVX<b>{Cx*wN{(VMkAf
zo!NUA24Y}G3Kj*WmI7IXmO0`6F7hFbwFLFSnundR*L{5lk5M~B+$ED&uZT0SUI^rc
zr88Z^jI0=G_#(gZY&S$1S@{*uqVuQ+in>4<&HhO!qw%UzVPYtwj`*Uz{|R4|(E(p{
z4|;_A=qxUH5zyO14D`lC(AI96U#BSGt!l>Q@NQ?6HK%b;^bEWd!MnY7n(%H9p4MZQ
zJ|$8Cb%g039q>x^$U+IR^rAsUEaCZ9L@a50HxB6=4YXwW&MqBvS`M(eq$*k~(5XYi
zLBcELTZv!p)q#~F>Olmr#8`%<+KEoEf%~Yu&w>an{~0zP7cR6Br(wt=(ypt0MWDzm
zOz((;xX*-)hw+)CIzFS-Uzw|iKB=4_3Vu4@9tA%g4{g`>Kh$)Z;XB(q!ou>-63{54
z6VPZn!jMX9FY5v7a=53NahJnAjgO1LJ!N#jJzYQ({G{5h;XIym1RxrM*r9TEJfiq$
zyxxNnu-m|}o+wjsLHUv2b%GFel1?;%NO=hLAv`VV!_uAERlIL0qHOQ3ML5-7-nY`w
zC7jCBIEwc^3PR@>1Y-M2gGrd82r2=&1w;0TQndhjFCwTOM@@ambo1;y-|<ces*Fwu
zszc~aEhmavnsAQ!yU{>ICe6{l%A8ds(H$?w;hIDIhF{TuE|F|FZ}MB!WeW(A0g0Mw
zH5k-E4F&}it5lL#q*}DA&>F6UY9fFmex;vEzYOSTfeJdZ5xt!gB~aLlnH(0FfE&b_
z7}+hwrUIx;2IZ^ss=gb8pW1@^%ayVCse_3}p9a}|NED>CrmZttNkFuc=zopSN&=#l
zj_A-zf*!5(mw1L&Dr;tNjnr|0luK;tl*+Zs;ta|q=pX_~LYJWg!h6?s0b}}OvIb*X
zbuk8!RH#QJ_16$d7qp$l{;`OpH!fTrLG$DpR;)=6Gdfxm1Daw)eQhjgs{IUsrn(Vm
z3J3RkrIWXwbXXwyb-y6SoJ;4u&&DCXrIhy_j2Kk(_?Go?>W3ZiExLVUIkbj|npuvk
zhAwzM#Sle}+*vhrK0G*Fu1r<PYf<z?`~C1@1dGz6YUr5z>BT$X#RFx^ElLcw>aVhf
zt?JTu(?~o4Ts72yg;%-8RSoS%rT!SM>T8+dNw&(&Z4-R{ulrIA=)CEQs-f%d!|y{|
z4wQv95t{4Z8S>k7usZZHL7Sp$*;|MN$PV$IX(#nqpCjbw2e-Ym<SExhu|60U2tEGr
z-laHOasNAAW<G!NqdtGe|0j&kP(^ch6hS>r>x6n5k1TiMaSc$@B<le+FR2~imofGw
z0cujr%3n_qW@lRidzB%fT=!YC>UiIr2ny<IJ-&nNZ%8i>MDb9=x}yy)f`@wP6q!ZU
zU8^VCqIj#L&{N85Em4lA<Fii7X^r)b3*=NYwwL3JLnn;<inTDEl{ev!Gk=>l85y!@
z2coYe-~b`z4uX7Dp&A-e1|5&$qV8;q*cA{jv@e1eqCocyACw;I#^QA$CP=`6m~&1l
z_8dLpQEUZGSI;?~^N6cDtHPCvezK--yb6T~SArn@T7?H}1w9wUvhvJI+j`uEkTWEx
zz+F?#Cik~Dg~OvLrrRy>T@QnyXwm!O@FIijD`-J7#eho=tws9%IrSlY;9E)mu|BJp
zMe4)CONYbV4Z<e2Ry8gHhCgr%=4HUVlFkcB+bICOlD7CL^qwK9*!4OJ;YRY|Vhk1j
z%=-2{m^kRG&b=3{s34t`FD}Kp4luhb4<<H#c@>#dpe6{^z}kdIp`8SSOD{eKl`l%#
z4i!sD+T!{<!Z<>IkI1LL^k2Uz34Yg)q*bJaPsA`+)<_&$Pga5(MCr_W&;qO@E`(8E
z{(+zxnMI!5y?+}F?8a2b|7-XiO9zAWEdiGg^?+M5-987mo}q)`nseWfS-Gib*jmG8
z6tLt^truWoZJIV59w5L={yRMI<a#MXzAoJ3hb5T76wEI<++#1@jYEe6h{lS}w@DzC
zOKrq@s8(8xH6idaxu(>7OJW*aPT|;S3ex@y!aqH^DbWTzO+|Fm8jw%74NzHs;$v_P
z>y@ua>N6EC-6L^n!(2B+>;J>33%HB6Yzq~xCP&-5O-<el$)4QT-_n}d>ce8z#It6e
zp}V)@Sr%0Pz(n(e%&@R{Idg{#4Utzp9;Uq3LSF0Z_B{_P9<s1kfOozW$JAI*QIBm(
z`)HX#4h_BleC=3f{pMZ<lVLsXzVeAeuAvS{cBzQb=ZmBSGw;Q9T?#(i50BC#A5f!m
zdqyO<`(Zp|m@65Xm2yrNWVcE{GWbr&PcegF?J}Zm6xj$Y7Rgk4X1%-{%8k&;N2?><
zd?hvU`#80mTfKO@BM#{#>_s|xG=?mek3>3=w(3adS$LFmz?G|&>d76yTI<e_D7!b}
zSa-fjcX)0EcS9o~ya>++?U|5S$qKo9CU&T6ot9(hL(kBsu`-_A3vX&!-%pwSM$Otz
zcN62(uoR)c3Bj${VV<Gc_~CT_keFta<X#9*mxhEsj&#Xi-i&lfqX+XEtaXV(x2e=6
zr{S98eJ<35SONN31f|HogPcPz=?kMUg6W6=#NGBZyg-N5f+j4<S-BTtvXKYFgP0Dv
z^D$hy`ut+qVCtxh%{M|W!Nhw!gNX)%iT9~j@__3T4VxF?)hE{_YE;v3AeexbYG`tt
za)g#Q;6_M}f;8Qns?2JO?0ZoV^HhwM-N&D}^o_v?YcL}M^PyiWX|3V#<{?nB+_#k|
z9@Oo1MJ#bExeJnOeTmE~iL_Nd2g{~(L@JT9mLwWL65A&Pa$kR8FoJlnD0!d-TDf=|
zNtTb%5}UhFm;8w?`Ohr*5nb{R>CxmGmTc7}yL4Y$TPb;<F8OWU*S*^)IZl^+r|#?f
zSn>~xqsjer$pMzUO_wa_GB1xoXU!<g%PbQ8eMSE@FpfJKftzfHKl69iNo7LAK~HtO
zix;?JPh;HtzOJjCyX4R>;ZL4aktZD#0?vfc?f7h3<XLEJUav!<G}$PX^(vw`x1!&^
zLl*twc9~Kp?u46(JL*8N+g_K~t4x&aJL~YBMtrAHeFtt*c8LA~+v$yjoj<%!h5eiC
zJT=_2DWQz0JXHgtb#vHto#0Q{FZh%93E5>X1$45ji#*kFAW$*fWo8lkg~siN7P|H|
zBE&G>eI2#_;YR2N{_P6UKekQ?EJ}r36BLX{1TB9iUG(>)<T7|1_w-ew{{g7r!|>u9
z$Z3%&^ptZq$YuOi_wAy;o9G|UG6O=aiGR8$yp3;Sw#Lw1dH)}CZvr1hl{}75ClfM2
zu!lp9CqV<75z$0ZGvbjUiRlg<K?8!zva$;zibsSQ5=BVj%s_hE!MMum?s~h2-&I#!
zS437Z2PA-sfL!8{aQ83<LVzS3$^5G7^)*R2{2u?$-;ZHtUU$EKuU=KXs(N)mFOr-{
z4~%WEolz+%FoHYS6WifgyjR87&-T!G;elElqCA)$g^@~fUORl>h+~CLn&JBnco2l_
ziSS@uBfO{)JD9VIp4A?NhuBM-Ypn&kZ43%mFeo^181EqzK%<)LfSzb5R3_01iT6xM
zIN&k78U9L}BgLpsA|x^yBv^+gB=F8;xU)Snx&V41NWcSQ9Y%e71`qZe!ULa3iGjy^
zwX^^@FX#bom-8I(72)B4uAJ~4;o$^$z&h5Y!0S?Uc)VAuKL-!7S36_jF+r4%3-Vrc
z1Jr!rMR{|fB-a8Pnk4$$2Me-q4gc(W#HGpM>>k|EmEMB?IL9xXLO*=ae?gVn7?1NQ
zfa#y)?hIW`-W+3O`_6*U6Apgy<rEQD=fHYkp-aClkdKOTU1Yd!r=m_;&>uqFoPdvA
zEBfmlqJNb`bT{yUMjP5?lTz`u#hb{p)VD)WCafX*0{Kx4!Q6m#T7Lz22DD$S-fI{A
zt1qWgfsM_ATqA(|hoO+JZGwCv(!bL1ZhR)SoyT#wH~S((L3*{});+FWaIF&jNrP<Y
zdBaP}e0bm26n+XrEm$MSxyuFr{mX%*bC<&~)DE)A+J9h6Td<};-VH+&UEc{@z2pX+
zBe$|3G>8-A;|m@^SG3^wXma6pi%QP7KwS54pR7A*O=0xwy%OE_FVt<x8Lb5AS0{ZO
zMM!5<g`Y*UAKY?OfY*WWrwpnV<w4af2W+G75Zv-Gs-XV8F#Y`qh@lJs^@7|Uadw~o
zDqqA?zL!Bj4CS^<pl11#><j{eGQSdLBgyxdNwRNg0iMj|0(IQKrWrjil-xB1p{s9(
zF;>v|UG7U{bCz@8Mk6iU+}0q<s|0!e>n8pK1eFO(abO5tG)e(<Tj7~16~#d4vkKQ4
z<9pGzRj0biP&45rNj@Zo3LJtmK;SkA?ix|fg}W!ftF{+EA-FeU&c$|a!R1mYE1FSd
z;MvF;K^|GH=g2*TfyD9iUoYVH6>xj=L-tV^R<rniiVQd`$|pqm8-R3$q`-_7-_r0M
zothsU#skc57yQ)@GEQMkz~k+{MX1yIcH$`xy$_2)D!%0f@^(Q6US9wcol+&qh_`KO
zDIVUixe-EbmE>*eFEO7rfEf`R@mqoWm4c-LcU<I72ug+!y2~Mk@*M)#EV%1LIj(p-
z+Ca#!S_I1D7r#s2B3wol=vOiG-R?USUfd<$BF<y9HjgTf&QLt<zIU+$-_G#VF8gO;
zLB=LQ=_SbD2yHt-b(R41{!KRj?s)HY{*!UudrL=)(Jy?k=854wHq^|$KRWV5Pc^iQ
zZQsGO8Q+O=b-rT%QIt1CX5@!P{)iWw*+n{3`X(|3A8N;T71}A^(Wb~`Y;4BHM!LBQ
zd#cG-a(+w}<&BZ48ock62Q`Qsdqe*X9#UIjq<6|vgG1!1g#O>)BMxfHX>bZ$t=NAP
zHaVdwU;b4?vS&G4w_1^7-51E!V*iaeU4N~;<W=nrQvVw2RN?@>8z$@ilv+MVQEt_E
zDJZ-hDANIy`!Jp<Q}-v-4*-+$<(v*!gVheK4GKJyg6lAL*j73;GKTz4P7pO5Qm^|u
zflg20krDKW<UZ+51D^Oj@x-l+C;lMG$H~*|AU<<m8?eN6%+9sS(Nn%!@8t!-=mK7k
z>jOn)^!ShQ@a4D6KOe6i21K&NFVuljzuLwSs@-=G?!7T;#&wWCIdEUkcs6tS3z)pn
zTFq(M2*#&6y-!M^#{ok-2lI=+k7Mp|P8MM(A68c&=_wCmTCnM<jypq79b-<&(J_jI
zU-zkL>l0YhL1-1Kci9Cw=X~23CFv;A7<WWXgd3pk2b{GK8@D9NUsC;7N<b!VJOva_
z`;^GliCjIaD;~0cMQDS8c)-R)|0x*gKuU<Pliu5@S=m$6eo-xoR+4w&9#qhZf;rsB
zSNuzxnS<^>l$#M%G5?lc=Z<Bm$EVuV3+XAcz3~;JsV>7)2@EV$Ocvf6Er8vnA(0Z7
z4d$Qyh@+ZRY(TKsYM=vssP^QCZn<*7aQqjOsDuy%E|6Tk9Y$Rh1ytcdYltnon|&aD
zAp&Bp1AGAXM;7kgsbZwADA%Kr4|n}%aHB^ybwDd`TZm(E)wAK;!NsoPPRz}47{z|;
zBW2K~#I<{~@vclkxq$I)LGCp-U67kGpBoG-a*>wD6DXz#_QX4ZC#@A^q21RPg<s!Z
zO}@p`lR=fDg1BfRWTUT1^Ucue@JiePH4&}hIE$aOINcOMxsV01z}pk~g`2S*>rTS!
zFE{cq2uevi)yKnFhjHzE@IA_NLVWSf4tBoR9VJd+9IUF_4-unPY;kG+(^P?2Up4?!
z0s7mkt1*f=7mrIwGiNKmQ-kKA0!~%m!aLqG<J+u&{lyVjE3Q8Lm{~82-1s#dYoYg1
z4#+h1&k4Bc!nYhW0vE`2VJ#`8?q5f*JOLQX&f(RE5*X6r)$ko`7MA#tZmdo@5BbsD
z1?tA*#NYO6{Oyz>6UOqlT^fJ8dtEpFwww6dk6rlNPLsb~)1vb?oyv7S4EhlWMZ76D
zsSk}MzV?uo#}cjrU#slG&l-uJ-C^ZtMt)vVKB}>_Z-Av`w$^ao$EDCiz{om)KRi$T
z;eh%DJbPzoq;?_)E3|KH=$4Tp2W#CXD!e*tZGzSg4F>aqE5y4Z>X@}A@5=1KUtiuT
zZtMiEbxdbb4k>hXFW^~Q^oA7TS;$<s5z*E&UP+$f>eW#_PaCp2y0Q<6^@YQXaUJF>
z?xmURk{F0*#gq3j5P3E69EP@0HNKNMZ7#0k$o_skJR8GsG(0^Wzd`RQjo+jpznO+Y
zsgcH5%kUC<7=eXkqVA?VUl=_^Q+t_Xr)??v6o9iFSMTi9Sk4LUseagNJUr#SL(3Fp
zVLI0n(`g~9ztoJU)#!fgY57j;f=jIXVZ8-^ntcZ~o`0B)K;llQ6^AtT<LcCo7`w2a
z{wSc!ov0n@{%ZJL^xx6W@xdcH*NG5Y(dj>CS$(Ih%NkBK_ynTlBxD^kP5zT&tfCl7
zN>nd`E8&|_7zx?0H<l)pgM779Um~^k;F;Gao72`uf3LPI>JH?74|E#*5K$iyYXD}U
zc(W@%nIO2gVkT92uXj3#?}HcIC{*vXi<l9t+9}Fw#PUW|UkY5+1@aony$a~Oiv|-3
zBR^2l-)U`aW%*9jWcXl!@kG#IK$-(pP%Uhu>%dz;#a&mLs9tvx8;~MJ+=yzNc$iVX
z6W=Df)=3~^4n+8M)0e*VMap;S3S&MfjGIASN&<CB!k5(u{+-S0GU}W5i;xFy`7$3h
zs_?9+Rk&vQ{{Oap>Y~%yr!MMdpSq}<ed?kv_Nj}y+NTO92%(DwkkZlqaUoipfW${`
z1!<XIvD-E~RSE&Jqre@y3fh3b$MG^bwS)i_?LSJPJ`st|faKrBw8G7nM<b%KKeg>F
zaMft{74-iChSz|@YrtpxTiEp-`lDihRRVDxrr3bpi2jYZ#l)3-!n&d7C${5rFnD-Q
z!22&mg+@{)Iw%MXV7Fc9zhTN`rjPsUN(Cjcde`7Aepzevz6*!qv0U$#-ZdcDo}z=f
zQ?*uo32vTIUKd4QmD|hrMX_{W^}dmEHJ+EzNgAG%2}7Fk@T_+YipTAAT-IKz=NrgL
zJzTwuI=OuY^ib+=EbYCa0$MRTym`h@TUqbs89<oL@GAIFg=#egK7ab|;Z(J@68En*
zBgB(T%WKi;(!mGlWCnwBwh8hUb@w99hL)Cv|F*HH93eC>S`eBTmE7O(i~a!j=J3l3
zY-2<AUqmi3XD9+|M5hqZeS!}Z!CkqTLKO4AW7Yz%%X4#9r|&x<lp80>HIaccD*0uz
zJ4nxj=dv;n`#$HFIWRvuyaiS&m0!dPwC9izBC)I^n<Rc^nulMx8lQU!n5K7pfxK-&
z!r0JLR{_sG$v-_FgJInb=<>^F*E5T_v2$X;9;V8`a5d3Yg%NL<LnGKiW}@v3&INLf
zhhKIF4%(r`zNxu^rh?GuXvt(xSx2dNf`px*>u3SDD>tyVK(6HjRORjF{3stJhnP?<
zhm67kAAZ^6oov2gm~V^k0e+bi<1NE8m>dF~7T>};^bW_Ke2?h8oR9R{_4%>d^EjA=
zR2L8?E6MHM@{YrXfomhdk_LZ?;BmDVxL42LASt(`ivB}fxR&xK(Av>`^?dLtJh}O&
z1X?)uz5#c5*Y?O7sy~rY75SX;KRkB}RG~VThWMH;=vhm$FbRa<y@`iyU>xs~Qm68+
z@u@|;>*ZA3TY1-Cn9Gfe)!5@*T0vx&Ryr~ipqiGr>x3{3opS4fe-6`X8vyH00V&jh
ze&_I+l&%Ro$?A?;5SYqW;izh7R9eROzdWiCCbEbbOLDidJo+n}ITp50o8$Sv02RS0
zW>C&<gZkuRb5NE4KN!zi>v$;bg}iM7rM-Z?744_NR&Q3>ZMM$_{^!p&?~Q`IZv{51
z)#VsO9ws9ZY)kuB?tbf4kjGRvNB!YFNCgc4KRa;ut8jOORZp?#E64`P{Qv}+TQ7Kb
zn0~UaJc|>Vt~i5hy-px1*#3XS?!rhs0IMXmdOW4^1o1A(`)j$L+TOb)0oy$CDr(MK
zIe*2=Htkw93lbIN)pYG9=n$kfwGZ^ynrln(_7RkXCGQNg`5h_jeTV3M{~)91t@GeY
z*h~2W_EUE){1FiGZk-10*k5=O<x9ZHsCic;*n(BwRPDHtPGG0|Z$95Q0G*XZy2>xX
z!@{=hle^ge(fB_>lsi1*3oW>@B#Tn%g#@yL2FKAy2w&+P#=C-;&4YJ^is)lP8Sk1>
z$-C}<op(L5ly~{6c-Q<51;Hj@WH75E5}z~Ty?-Df2UD=uP!JE5>w}nmg|H)twFMY{
z1hGVmM+xFupsV;4N+s4N%6rt&xctZo<^4h^DM-RV=&k{Re^;|0Zxzb-F|&3Xu#d<^
zmU>KG<+Y<$d2O~PuZ?6YwT};=IwNp9L2-;1++Xm|R}1dV{PQ)AjeMXPFZtVfe&Ifj
z;+kgghrSc5RXcow>QsX)!kH0eBINNI{A0UCkX;3TJ#g>ptRtiO$CCQa;HU3|D~D(B
zQ;*KzXMPFa8{u#34F3Lo@EL}`&KdlJn`iL90db=AE_lad8{o?mOW}@<(0Tx_u7idL
zu~lpo-R;G{$LQifKMWRMnKV#N`U6E+xYzItkK-b*d}<&k-?A7Q<EU|u))>bc<Eim$
ztudZ8+Np7c)@Wyq3Do#ktucW$_M*m0t+5wtOoYa{rPz?j8XVa0C^k4)LvL)Df(^Y{
zLmzCAu%QoY=!*@bu%Rz&NWzAzupx;x^uvaWu%RDoI1d{f{K}kx=gD?xSi%zg98wof
z?FE|09wBtUN(U@cjPp0kP0xJ>8;N;`p3g^<!!*dE@4S11uQ~FDmOl#k3CO+j$=13Q
zc_Zi<=r*zegfg4WcaNm_F^So9Nl6-tm|ieSaCqJ1^5DPqzZRgwL%(JZ|3Nw*Y=y>1
zANKtKi9qzI)`K!ok_CsypJnIdjq;Z2y%$$^3@+Q3!Us`YD%)G;yHHS`$2<KG**TUV
zMbpESw~(e+tT_hku>8R5O|RO}6?p`H0ZEEqh#h2LVpvafe5zCN>y-Bvz5Ok$M{4+J
zw9YqtG)6v!P8pb*pL{fi(oZZRg~1epy5x?|sHiX(TeSjy_;3AWzV12FJ`Zocjbol8
z2j~|HXTqq<mi%p)&6@&W0{G=Z_%a8-oL3)Div`^5ohv!pWLag59_@tl1e<p?UK#Q{
zbod`lk5@koA=u=N;YVZZzr&3c^RYm;(w9UaUGJ|SjiLptOMe<?-{xo^KKO|ZGdtn8
z_igBD4EL)y-v{5;!MC<}TxCJ7^NrMiuZ*?>#|*BO^X<MAv&YY$GJAX)d$dRU_?`l`
zrry@l0Xlf5?zr%5qUpGBlKC}!`K0OBP-MBhq?0bcXSvKd%*!9p<(u_O`z%l17>&8~
zh2_$N-Str;Ka6&Y!7uA|%WOU{6!`Kj#e5(EKY!zO>F#m$whL@jpcc;?Bw39;a=`vp
z+Sv{N!Tov#@@CJcb|(tTcW}21=L3HRM7ZS<K5!+LZ_0>*JTAedIK1T7F12&GNqI*?
zdpx$!(%RGGsQprCw_|%DwUbL~4xiJm*>6@NDgn8_*_*ug_`sdG!PoeA#q&W-ft-s`
zcW5Td&1emN=k49P%FYM=3Y~nO8Hf2<FXPx=0n+~<0%chvJq6n((W<vM_7J?1{N9vi
zlsT5C90EyY6OoxH|Da9;8ESb-3koRy?HW=}D<*uMRaCy~L(Bl(8&rZ;c_1J77iR7(
z--9snl%FC{1z#mY(mVL<a-wWT&+-9{#BoE=D4WXV!V98HaEZ}TjSt?}NuI8nL*r!t
z0%)L<%}W0Xjt|B~S>7VlKZ3{b+NDN)wG0q;Hs@j)(I%n?BcGSHt{LBDY=RX<bV73%
zCa?L7f<>tvzlHl-@=+Ne!eLuLH1ai=+Uw1)+QQpo=$9F#!<;@I?f193y}j&9JB>s>
zB-em!_*tU1$Pad4QZu@DWT(a6tv!!!Lh97X8fBZWtJI}M2c`oFV0}m>k#YC2g7Tuq
z-R;EPrBS0D-WxRT{zVDWd=jwA>-Zoljgj8;HEc6@yT&vmIm_W6ZRgIio^xm7B2Ji^
zu?c0lnzkK`{rGMaln;sVKWgWEK!<l|OeeoYV>;)t2o_*t@GYp*HPWZNfqefM|D*H4
zZ~?G=b<!{4_UBCYmfiz<yVPWFjm7w;L||{e9Aa&^A#0n~)L~^a|Bf@+%qe0{x9OL}
zc=OWKSmtz%c`5P_8h2}+7bL)TZ+dH@!#kV_?JE#Zf@?n^NbzGg3i69YRmzL66Yl>m
z3)bWa(+hx?$y*FtK9Mx>H8uMpj)jf=iLkP=kv=M#sfSv`%X&t~f?SEf$k?P-zD$%Q
z)DsaSJ*%(Gp%^YIO+@jDpO%mk;2qPN?d4$9@i^+|anyv}!A&c)QP=3aK=HFtS7vc+
zS&ZC^cz&7jT_l42ZeB?5&iGFK)1{m(vdz?QVy31(oUBdj`E#DuCx7lXt-9G-u|#uX
zyNlVxM*lY_#wJw@^Ery$*^T+Ey9DObXv}AVagcn3)@hWF1JQex63?jcZe7L_ltDy=
z;;3;B?@byN=K8EM*2NYX>%49<mLQK~5|$wY5#7|&uP7Z#6M=rhM5!<nrBq#%s-EjL
zfa8fy$Q0eHSb@=dG(yd=5^AbRsBd^pLVeyKRM}?IsJ8Y*r^L*#hU5xzvwcf_=N@<@
zc+SLny|*V~T^5d!LlUDc21Ra*CDxZMmwpvXtmWn<BvyU>M3df*3H<v9m@@=!vS>V0
zIC4Py!dT7n)30Xn9P4VLAHTkuTWzOZO#u%a)+37T1YuN%Q_X4l=72foa{S3yj!J`X
zy0^fhdx0o7WNZ@Kj+%ZIwFY0!sM1=_c~xGS-P5Y1s4=VZc!vpkJ{q$sy*kZH6Jl2-
z(qUPZ8I^jz(bKI7)}zHW={(0Z+5Nb6O=ejr?7p*8nD<`voBwr2YsMyxNRqW%J^q=f
z$NbZ#>oJ1+01Ju2$h6=Bo6Z_x6(&!Cb?ACdY9-tMblF$&c-!1piwHxQ1~f4f1tdU^
zEdGVM@Jwc2HP+MG|LNpgu|7*%)3rqi8Ar1x>hL`tNx+YX!Z%<V)b_gpO7b})M_Ex%
z$PvFU206x`G%;Wy9w(ZY!j?<(Vv%G0$(Anrt1j<jGFrrnGyw%$Z>m!spL!`DzyJvW
zQ}twH5J7)H5_yA1-o`LxqK+v&>bsvjX2p~z<4jC>H0})gt_LIELD9XQ+(&Oo1=?f>
zo&HRl?@Idmc?m8^y$wIqdHrd_6Df#;l{Co!N<g*0c1X$`XMwAZ&a1JK4@j|*Cm3FF
zn?wxfz<B8F4QNQhh$Z#>3z(FTXSsafChf4<iM?Wfg4{npbW0{3a@MJ9?u@fZ+#Cnx
zlZ)7xJYN{pnDq|J7)1FH3`6mzUMgwlw>j{#_6lvttI;vT;q8O<zg*Q)=y6UUTORyZ
zD!JN4cO4(vY14d%#)PiE36Bc!NE^icMb}Y6P<twQZkhHkmMq0nzMqyT(_$v@4L5P@
z(nn1d^@L4VdYf%V{wNH(5_-aScw?PC&6cB#iu?)ZJvl)0_G#zX(5?+3TtdWXEJnE4
z)IzjdH1#p^d#%}g7_N*#{2dv!>fL7{oV-VRBAj)*VhHDwc9S}aJ7TC~spZnKScQ5?
zyOpb2&ifecd}#@Db11jV?H;+^ppi4!gqA#PrIC#mZo0a=O=y&bM%qzt3v9zqPQ<Z%
zz`;%4yH~KaZ#<&_lJc;*<2}LYJKkel7XgH=XZijP1X8dG-YJjb19Yz5O>>cAHBt1Z
zw+cs-GByFe=P2>~3!unQNf#Z0<@=+Uxi(`@Mw9>RIC)g$P4-^@{tkGfr+kf#I8alL
z9Pe9{u_-(_s@Id6mkG+MGkR9Vc<x+Mq-F-IN-l>XfL2=G7^RW~@!^eV;JLQ|*1Lev
zFW$c{8veBNXW-m74;eT&hHx$yaqgbRj;P8(zY)I$^<F<_;#W$nm~}&|d1-De>RoJJ
zio8|nhxL`)`2eUQwnFsFJ;LxTPf-34gJ;sHe1~_0hG!!lVtW&)q`sMv1pN3-SFKba
zt<=LWYeur3{+up6dE_dPmn>|=GW#tL8nbuN?61s`t0+QIZm+e>;crLHIV`fY-)2H2
zvRbpRQWgYJ-b}cRbhQ#kLBv)56Vqe%V^m{>js2${Urg?Cc-&H7Lm6<`4TuztsLf>l
z#YD&b>Yx73TrJZCEE6Ty&gowlhv!MywXUSJ;*CQ}VO0CN+Q)EwuvuoTg`sVsF`}wM
zV?53H?p;i2vY{D6SYt-^>RUFJG~!3Ps{ZrMUiwgIATufpl|-2NxmX~?nHCE~t<A7N
zEVrHB0>Lyi5X|z>ZwutSIk(|qfHFXk9h!vZvT~72O)j$I0d48e^Lb(E&+|QsUeSm;
zpY#Sm)<ix(XBv9;fu8vGfFEKE3e#Fl3K<bA4Yyk^6~_uZKeWUMJXy90rfRA5>P9*i
zu<E4KGQ%XDCm89>?irjct2_X}aih&fnBm^yO=8+J<*TYW3rH8uFhF`0fi%^y+E}La
z%fseu=fncyka;Pxit$n45grW1IAWks4{Sn5p<XjADD<U?Le)K>kf5Q^^9+SHc?$$3
zKSdaopEf632zl&+JUS&u=5o$D>*ww_W?f9PejE`g2V?Xb)Q(<+OP`)IE@j`}6E4;5
zh{2@`n@td=#)9x&%O!6tE<M-WlfFxVRGp||9n+m+w~!z$0e4ms3lzaAxxNyrJL1SJ
zGnH&15mR29CO8EJ_Ngxfe(bk!i?2ykipGgb2`0!ATsttOud7|CZjTe(HN}%exn6W_
z!=$MdbPkRwg^``)hmt5&1U|$a7iB>Z;r&3_{TUv(#?fn_|6`cPDW(Vn?WZC8l1dsI
zWx}J<f^@cDk4bOU^LuF`Yds$rN$>rR`8`rvFU+3DSD>j=42}Gw5L%8ssUIZSL0rTb
zosukdPjBczNlL{AbT;LVOEOMT7*_x-pWp-H@NrI>clC+5@J-r2ug{A*=Dx<vW9lU6
zxPbLTU0R=uQXvioKuR_n6|19hsOrk!lCx-p!NY)8XymJcyhCW)A-Wp$7bMci=d%|S
z!~9CK1T5}*%jfhCrc|-#*j(XpDu|*^fhSoB6iNjo$?Mg8^!&rD{3P0k%h2j>&2Oq1
zEt`emqv1^xr_xdbJtb>-H}jns@#J0u_)!h*zNRC!G0!i;=gWT)r6YoI4$J}qiuXA9
zj^M@Lu$1sWAb>1nF{?%Q=Xo0moOnMzTSQC4o`pW~`Jx`5w+Oz;T3<Ozwinhs9fO*C
zd0ML+-m3(8W;%3~3DSYTvCZRO;|Q+x@Htg7+{wb3&G8gvVi^QM9+WD$I)(B&Ji6CT
z`_<bnNzm<z_!g{;ASi=UBd^V{(xYD4M~lRPalOW#xJdv-Q<()5*)F*c6i@TC)#0@H
z;8J>Xb{3JSNRSu<v!CPel&{A-a%3MYQ8qp($b|r#F#wY}<ET(>U)V8E!G4(||MnEs
zgN<=U(_VqGi(?)9N>9|?>>UNdYnF}0I0~VUY5hZ`Q`My>Dat#5*|4x1LYS^}>JM{*
zJk}9;QBWp1Bv(YJJ{c#3ZlMT7_0c$uOzXTWg;3Hfj3ewom)+1U4uRF|iK-X&w!;jA
z^kSvNspcVd6V|duqE66uY02S<62Z9J8SWR2&CmM^gDn6^8Hg|pS6R<nK1cao-O6cJ
z>7gW^0iY8|u9vd`hS`GFiQYk}<-DlSAdr)S@+8Bl)@-i>{kyZLQle=sUjwtlXiTn|
zofG$mXR_3p3Gnv%Y=J?eVRCrUW2T;~%+BnNXIqmI&)C*hKbkW3!Y37>h%AcrU$&?n
z#?g`T{&tNOn_9?l(n3<0T(H4AQ14!W)e~U1?4vl1-CnKBf)}l)I+ldVh03BT1_YS!
z$g?RtgVCC=<R<6H`w)AgjWA-`;nhb+K)+S$16juWBj3dOOBv^1%8U3$*j_5oG|kQv
zl)f7AwXSyX!Ov*;>BMy0TluGdq6?fiy=-qMknuP~EuapA7Zm{l0+&XA?{Q9k(UY{>
zI5Cf;f8JDh14$X74;eYko2tIi&d33cItD%wO)w)Y(F2>;AFf6t1n1jn+Vatb$&kqA
zUfpHzfoxJ7$AQ2yE}371b+2IPd|)+WK>}lU$o$gE_O`)CvNltg5X{xjPJ-`&b#uZt
zs}CoK=qU@4R6<Bx36OvXOpfft(hPD5krgxnP`0V-kY+VWygn<7;ab)>?UNzxSr)t)
zRy&Q^M;j(jq4h>#9ww5G6X6$T5ZR4$gwvvWo+I@6ksV4L9qL-?xeSkMRx&-RAv!LZ
zj9Nk3U1*R9$8jm)uTXWq{5HU#r)N~20e?y+c&EkUjobxqmNUHJ$q7uug{CgJu%wmY
z!U)cCo~iLi3mz=KstX?Y0tODuzN#w@6vyDe6*>+aKSvxuUpdR->+ma~?USv%zUppx
zyu`seOlJ#!f?w#Q4kDkKel2&=0M^*h$EQ=HpP2o;Buhgb9GUv8?SG6qGXZr{ET|*6
zEqLSa=+yA$sDA!_8vJ;q8-9GC#Z3b}gbUFM-ZBd9WszsQ)+5TOigj1tM1m(Dc#}g{
z5ga$2P8<{DZ^ZJSaNO8KfwGcq3kOAIY>KGlrC}8e5}m3*@ZuMLidWsW{L_7y7vCUJ
zUd=zttX$E)QfOk7UpR;}_W|@>bXSAs;^d#N5!|c!=c^nweBdy>q!Wuj3DpPVq)^gF
zc>59lF^sqK*KkMpQc#2ZRq*uIVl_Wx58?F!*E%6I9`4}Qi0<Rw!OC@Vx+HJK%3dV{
zl-YLCe}a>X?A~6=-3}D6s`tY-;Jp>@|5}twQ*d9$x(I(j2q_DRFhY;obChe42+&6h
z=8x-&B^YQ`MfWOx;fFR9RWS0*6P<_)<DG<oM3e{Au<M>2#9S^)A4a#G;CJ5NBS4^m
zV6x~4+?&yA@LMJ4Bb#jhfI{BgZNBF4T~Q;h$U!CBV#J-wmF(2GO^pXVEPM~zr~&SS
zZ4`e5BJtPi&72*h#NUHu%}WUnK-AdghI_NgztuBQ2$2*i%2Cv;wpui+&)7+96WePM
zSwJ-rLU~guEKXFOWgBXSpxg^XJ3^8XKymRV?9Tn8$dCRJr_Vq80D8()5rh$B{*!%k
zLWNPefnT@;)0q+~)Cr+G5EVoN6`sHXO7eE916HlZ-Jv<90xH;hAtHGAQo@NUr^mga
zSj~~w<pLH|?}`&cIp@R5w&b|K<^#h~oK)g+<!?N&G&!=3uSlk*(RL3YMUI?h=L5JO
z0cQ9Qaflot`)BClf_eJ6)g*#ui0p795F`ZAS?!a2;CpIFY+VJ6wjZZ~<1WT%iSe!C
zydwnV3E(G>XO->g^vH>Vd>8z>i*czZfDt?n%q0U_kxLanD*8*2BcCMLj!dO&Lu$fd
z#*c5a@MBOL8yPA{u4X;{T9OZe0IKFj<89gkVYc>=or$I#$g<nR*IMksN-y$Qx)w{9
zy@UDb4{_m>7I{#^uc-P~Dr5BvJxn$NUf<8SxG<HVpuG`+5ja8|>MmgRcLB3c;0P29
zUH}RKXI-`j0MH*Mo(6x(0GaSgBd!jh0Q~uGdZr!u^B&;OPdE{Lif0^wQ1$@l^Z?MF
zfIknwkW&wyz!Q^2XJXKz@){Esx9gq-tNDemv3W!bQ^HM*k0L6xOCfs@F~Jg_uMFzt
zk;fC-*(tw8_^a4_4{lg|<?(c!AMd}Ixb|I+aDPJ%P|6K{j&IcX`3O>@33>oWgd1)6
z7~k|n7THYHD{e%7PRGxcUHt8}8KWRjl5X?%WwuP_&yyJE9j;9DN}<<pA&<GYu}Fr0
zodZ=wNuHW17kV|Xe#WoZeiI!x6Azh|>3d8eX_&E{pxCvnwZ`H50F}t@LOs{dP#)p=
zh+^1t*Lp~j_ylu@veFQ?6it%Jh^iMSCD_<0@oH~|Cbh$h(H=#LE>lYEZ#%q~fNm?u
z55Y8kn+cjNIU;IvIgOt2Xp*64Kwpv1(ZAmWo+g?UXDfX{F7RD#-J9pwabG66gd`Lc
zPvpKCRg?8N6itAMd_SYxzRecdyIB_<;60I-HFz_7GjfRufZ~YVi?n-~WkEsV)nZ*B
ziG)cbT)XXT(#YgmqrZ}@$X6JTAUB)l1E%RIeS}f@&bbNh$4_~)H2KBq&y2a<nLCc)
zUN`p_WGIYINXIF~`>#A?7!<VqE{w`mWG5!lR3E*bQsE_G40#uM)fgDs!JVK(F|A%1
zeag}?N_sjx-#?>V)z6TSCZtC`Q;%Jz@yW>kF7=70tploFEV=9ET;cJToa!Tngj2o&
zk-?Vn``vxKyx?9xyCr15SwDw$tr0=m@r1IXwK4Ly#dk`%K#+Yfv4zA0>m0tD%l2_F
zLEja^a9FbH197NB%M)Pra$)$hrdsqWxWj>WnD|qaEVzqOif?PJL;o2?05n9?r2sf8
zIOf_B8_M<pIs#4zfQ~}4JTUSs@C!lEZ;Uh`|L8$}M7^Kz#`k9U-e?#5SRU5(^4`#9
zV-~71ZIyiI<0O<knulwHvEDFlvytdJ20nsv57Qe2_X%H~FzrsK5*J)sG6^w08!;YW
z^0bNZMNIZa-4!uj(KQ0Jhh+(&LBE5a8C6Hj{3_<t&PW5`H}vZpRrV!k>9<I;u_5K4
zmRzLS*h*O6MOl%*S;uRP21RF-dtf^Tob@_{`n;(OMNoD4r4o;GxDV$LZ&LPIsdmiK
zbD&!5c>D(aB44xA6D2wll*G5~eDH4xhG|hdS>m7GNp2q#9m1%IPD%MYO0oRYms0do
z9%#j|Xfmv|oX7GJ&$5$!2(T<0uqiu5e=+VTd|;>@k0;~e&@%A}bunV}++j9l0z7j_
zkH`3xpe*Tju)_yt+ch!5f9v@LmIDty**Ng9Cu5gEcHpsuecZa!H_SNeQ7$asRRM1=
zKT$?wn1ZEBNj@zAjime_vVpc-8xDgHEXCTLMl+U{3q72gp3$U!{u>KG$E6#nh1ftW
zJq6ji7T56~ChzO6Op?2W_p^jqbAY<gDA^#mT0rnGqM{o|sMF^uYdn|jq#S~MuqL+5
z+Vq2)CPB%cB*^(w1!W!}%NTh5yktIjU%W9i45LpGLgO3~nukM0li10Ck_C%)LX!8R
z6pq0p$&{Y~bP7xi#(J0MIB0`(KMCUKkT}Y+#|MazgH68cC1qZ+<nAnfQb41u>zLs0
z;Q2-5@q#{DhtyvWkAo@CbHbk^d>k$3g1km@slF1p)ye!Gu#?CR13%Fxr<7h$#Ruo2
zY|+=L8;ykSeqEB1?WBxt&5~RrQM_XRzF4IvI~kpGk|h^feX||md73`!0ttLQNwo*m
z{e3=;hG)mvLzTFm--8nmuCeHwMgYZlyxKR#`WTH@tGiBNo65LJxC&@Gm}-#KSUfJk
zMM)PzCA2V-?2wSxVro!apV-AIbl^b^^ih}`vp%@pI(R?EJt|yyi>|jXF~W<2w^IsJ
z!~a_}eTP~H>Apih4MML5BVPs12>lDuCpLDj>=@+HPIkV-h$j5QDMKEOQ@W>d!aN2a
zBmT47O?MNlt7XPEy`k?cp6ETv;n}AUUo?AMU-h?#fLyPnV-mSR9e)f4vBIoB1lTXI
z`)-c8@B3+ZEjyE0|IrgHJ2^ZZ^Peh(0RMR))U~J$4#JpBO#cvHi1#H6!wVhk{z7MX
zINmQG3fI7=df+MmR341Yvz+{aLQjoA3xnuVL4L=)Cj1>$1};u{gwsitp(6%E=EI`r
z!-CJAByp=5b;@MCzdMtvG7L%u0I@~KCAeR!^OJ&Z4eKP=34s?|g!nm*@C3NxUy}k-
zp0Pr`jTQQmE=I$v;8SB|c>bEHVTSemHPu9p+B_3Ejt<a~<G=uXxJ|w7vyP}5b`d-M
zebF#m_|DF*`9Sn!;cOo{pX<JlykRr<5fH;@AMwAe?+ui3j1T;q@l+xkCnFn;&lVDw
zI}_OmNZt0-=!9e~#R@E={xpqY_K=>)H*GQjj>%8N2hvPARK3!JC)sp|yT-eVje|N3
z=UDV#6JP)JlNAsD(qb6cNd4+z*<i6EzoYoz#M_xqUL4BXniqb<WKHyf8Ky)VyPlU#
z&>U=#$bxJ6Kx(`Jc#pgp&2I_-%MEgbf_6|L#d`yqkK7yQ-ipJ^J%TY+G&?M8ybPaa
zA>UokuiWc=bsj1gOZ46rkM-Pr|IzmKCOi59p8_R&43)k<1zhvE&Dj1tE6E<nHd2f2
ztBzk-?7*E0Yq?={;jNzNi@439B=JW!e|4kRa9uO}_$7BU??0JHhQu6n5o+*gfm5JX
zu-X6u^d7jDOvQzns0IMbkw0YRUVxLzg+$}<2OD-FP-0=aakP^U%r+k`^}(8Y@CR4(
z;fegTaD#471q7Qk)YfdX-Ab}T5KW~*{KKh5xfy#1UW%U;ctWlGu{e_Ul5NUB?=Y0Z
zhX5*P;(j|EWB{&Ca33r^4-E*<T$iB1*S`y>XunNkVk9Pnac-`ySj>9JLBVwx7I8rW
z%s*r8*`a)-7lw=o%s&8N^&-KFIR;QZc5<7=`s9JDn3pdzZq#V}T6Aya7cS{VQFnld
zMIgMu_}BRoX=tt%z31o#&Hr{aKI^XL7dLV`6a<tEUDaA;2>Gk<V2gbyX6)evGcS_z
z;Y+meZLl|_pn&uyVYoso^%B|0hWDo;-~9XVav=HP!0}yM1a7ru4ZN?xZ&;eJPustA
z=ETtVHtMq^85A0KNeU277XRXEPxVhpIr4u0elDxxsZ^(z3StM*@CfP{ANVD~35hFn
z_7q8(nI$PD<3L>0f^mW4BP&m#hi;2w!MYdQ(ZqZR$34qI4i3X-IVJx6cFENdgE0lz
zIj8dSqo>ReK<0I;>2+EGj5|;1^I<&ZVePjv5HTpQ5_3kq-f0BIoZk2IiUeyEqQ?wF
z^u8d-G%`cmqrfnYKVmh_Cd5%m`SVNkEbO5u`g7GJ{i7xT!mG~B3Y}QtM;_zAiYiVf
zJde|KGlwoXqY&+h0!@-I2lr|G0gGm`jtb-rR7FYeWm3#eF$Op^P&n)o5;{VV<ZDP)
z4NS5s1pPIRbxxI+0=P8(cFy~X{tE68sbMmV_&<zmsK7<SKb+9dN1Tk`*X*<M`{|Pn
zxg*U00E3BxWD%>{U{2Qph48=O4V4n8my(hOIOU+ke~3Mo$C>g!V9-M;!tjTZ$wP^M
zUu9K}mFzU{bfAC~EZ6dn4okg57GEB-{=2N}e>{%XpVQZ$)g)rr_$*@4BeC{Lq%wHN
z9a?_HjHd9Y*!+Y{2a(%gs#7J!CJoQR=}j_M3ALYOG=|^`0d=R-s=XwHl7K9bGvhik
zI_EZ^Jsgebk2}IcDPQGRjE{tOU>aUo1^i~{HzpY?lgeWNq+<XIYv3c@A_<@da3-vq
zKs@F;PLnu>!-%Fe>%)*Y2!9mXI)&=SIDsRpG5l#;3Wr-vu(jm6vqBm(S0FDofh?=x
zh3$r%fJGAlIt4HdLSt`g7D5R{NF{43E6^H6?P8jW6r!)hrza_fhI&wnlSSpR6bV(c
zy{9mXTT&yl;A7rFQOTPshLWz4xF#%k2*9{HwLlJQnhH``NJ~D4?<Qp=C)I)Pbf9u}
zApz%MyyKAMYEr9rV<|Dp*a`G{8dCk4RC<U}=>$fln2UBM66ZVGN`%Yt6noNOjK6PV
z`R<Zcaj?zC>LTG56uz4f!;7WX;HNsAu6p&WhXCH{h1fwU)$3OKQfDaM(@q4Up}rZF
zzzy&-Tm+x$p37}?jv3x?0{u;>NIYQxMNu;ed<B-L*5xyDD`cXv5ZokbaxeLTOUl?Z
z$vrk*l#gmv5JPj)B1zi5HzrM#zcjGco9ciidzZvwO8R(+AcnqA3{n8NIlwVdnrZOJ
z^{C#weKU!Z-uu|*F0-uNHMCi}w&Vi$8szauK~F3tO0S9sYVS4Ihbn#<W+*34!>l!@
zk%_z{6?Jn<Bz-VHGlE`tDWdx@AGm^!Dc0er256&Ni&G5uj_UPLQRi7w)wVsdko<iO
ze}u%h9o`|Q({^;*Ze{B#hkVTUsBVk)KbZ_bro5V<C!-A?NAY)ZU74K*4HmKPI%smD
z(-^4L06m1_9DwSabh6OM)SfKYm9IyM_rDMt^7UBZC_l~L0nG7fn<<Ydo)lq}CzB6g
z9)2M-4(_@uMNU($&uXoU^NupJc5I=$A5Uh+A6yZ29hS!fZu>%2pvpV5tDi*qK6Jd2
zRX%_a^LK!9hEa2oceQ<3QL2~*u=q`r`;tFVQ8FD!5TLYog@0}6`@njZqkV>j1cMH+
z_-pIXnl*e;ueOYi5B{3OYGclHET!9<4J^dP9-7Ibt6r!I59{K8rroEzFu>j6wwo;e
zU1Kw8-Q=-w9Ze>PfP{QuHxmCCs#3-_L;t*#t{Ccd;nPZdIEl^=V+K`ulQF1knK@g1
zuTYn?H3N&jTla~4Y~+tI@=@tWD=Eyn-ZJ-E{VbDTj2`^@lD09&z$G<-O|+JvaO>PJ
zO&C7Y!Mux`d>0G#Bw^t_<mKy}tmjSXB2D5O-eCK`d=R$%=Cfv(z}!Iku5J<PZntR0
zxCtt3!ekX=@?<g0Zekk3YwC?OwIwwa)}_mzdYz@q_+UPAz05A_OWliDWN$x;05N+%
zTC&DC*}hM9vN^Qz59&n<5vpcfU3f^8F>r_a*hP$YJHprL=bthDCzR;dfj-rNq3Dn-
zp8`J1*72A}8HCQuX`(VerF@sI588h5Uq0YMZs2Oq#Y|A`%*(qKpK)&&_`F)?dQ!(P
zx*Khg?R`T<QGVeJI<-VMgL)y97wd77PyVKd(aoSb9G9axlrV=A&EF&uoebO?ix1?;
zHS%F}G04Fpr1lF1?m(`)*?UEf66cZEdi-H@Fen*_&ISJC<Xd2PoP_KjF{grh*z`qt
zeu^mnP~bY|^B_Nmnd)VD4dnFlu!gt@h>`cxrnp^lsa+DyqaO+Sc^rg0)xqCm9>Ud;
zcP;rNmE25(l<v}A%P(3-@lHvv3hwp1|1<dEf8tahA#~R%U*E_~tZd@Hxex3;?k%%h
z;K}fxyX5yd2&^SP^zcVEweiPzShL)ea7NV7E9B;kwSW+GY)<-2PCuJ$=LLVY9rRvb
zbNGmE*FB)sp~hV;G@1)v9~*|X`*SleVCVjrOC?q2rQ-);E={pqI{6dXBPXK4J-F7_
zPZ=$Y8ZGg;)oAC{PpYVnPmF(d9!N5h;a}#tr$DYlpO~*qPLeJu4+xSxb{tAAKp@3M
zXas{@DQ^-*(25{rrFr`a)nE0WE?j^0P?mb_kh)<~0_J(dy7wWxKQw0?X7Iz;)Z0^S
zBuGdoChU)HL2v&Qf4g0jFTk%e$w6A~<IP@htG_+L3zrgE{gMj+A=0r_s5M1*mW^6D
zYb&GwV3lt@UNd8^W9P5e7SLrMN%=dIlV4<FI`jFFKSn3QGfsB*!~{|@s}LW^7GRkx
z*JZBH<8_+t1e-T&!Ob|u%V3H#DrtUcmig)D!Psif&sZ;QerZOIfG+;?r&&*$q$EE}
zlVqz(Q`8ogc}SgUx<~KnvbJ5Pe75CP7<~J9Jqt$R^e?9s{$F3;3Hc#=Z~(n(uV*3_
z?a>MoQHnyWO+*r}JfX@`%tziyC7{>+%z8e~0%g7+%Dy6C664^#W$+0UaytO=K7!#F
z2*XP?7&fR&CnVU!kgq#Y6s)0)*%Q!Q4?vE7Lq%(_nh!|E)`C9hzpaNMqy$^p?#@?W
zqAJvYM&oBIAGn$1%hwpg&2~tkX)`664oHRi>`9Ex#gmRk2cepS$bO+dYbst;ABeYu
z;EQ=baf3f1yhGl3^?sx9qkoO|4f-p3{W2LpOR6r#Pe1ae4VS=I*-wE7iaixt(ZpYQ
z3EhCGxRiaxA-#S%eZ?_UvBy~SMDTTb6FRf8cRICiuvtwqa>AfmCHtGT@32Sv+s&t;
zTg(eL^;fUx52bMCMa_IIQ@j)5nyk4DuSy{~2XO5O8o^adJ}2cSQEr!;hcfHxV(Lc^
zqBJAmSX{GqC~Ujdawt3>npo7|Tu~{*2StSv=Xex6G;rWCND(K`w#)0Q4<`8cahRMh
zJy<1=wquqN{aEDPYmBfok;2ll<z~VU_7MHRg}`GK))W#rIo}@n$g-JC{lwf%9*d1l
zJ7!*r{M8zt-j;~IOkSswR}`!&>3yWO+xerR1JQVXR=nWW5f(_**o@=zj|t2@#|wh=
zJgP8#P7dY6m$TDyD&jo+vJGbm5`1`s5hPebL4va}NKg+}F3zSX!T+3dl;C9}dWsT!
z{mqyt!NVV$;Jzj{N^s%wt}&R#Q?r)G<X-_k)?%ulMuwF|T85RYwG1mW%?vB$S6g!e
z{KsbI1bE*BtC3-4Cd&wbJ`gr^Fa~JIgA&m$M4E}2H|%tf9dNY)*+&Sn4;W!6=M2vE
z!wqnH2%Mu3oOitulX&6HWhTsSj0NXSCZr?f7FZ6pw7;jvvz}`_w0pP(Iaip-X@O$5
zcxX^wMrAueYsc#Bpg!=+oM!>wH&>l54Enn4pBV;SaaB)9+4uDrr2N%Kr-kC-k4_r~
zz4fCW(^sHB(a)jxeXjqn==~|zndp7d?LU*=N4R<d?b26cK+FC6wDkUmf1j4#=lwf|
z-Z9_YG2HY+@8c$Cco(`K%k&NhVLnX?{T=r>kU~*M+EoW#II?jPvp}w!1)Jk6*jJ{(
z#yAV4o>}R-dWGfE(LTkpIeo<(;xU6WB~lHxS~Ct{y{)+*C3Oh$ZYJ=`4HS1qSqjv(
z1<azOCnBI^aA8&>q%If7GmUOwr90GzW?;VcTH3PRze>&YIw*SrOPYXhkC6jCD{m*h
zv|9+hn~KkbpN!Gx!^3Z|iogF2{`i|;{15r#gZ$6ok1fOg=lt=X!+PS688651$EQCy
zEoEQ$ub%m1^n?Eaf4pdzg_zMFUL)ocr{#|sYsmmaIXl%W&r8H}UFLPDxtA#)R@qRZ
zUGQM*sxsdo3q-v)8UC!~hsG-C<(P7a;sBLc1#u*SmTiOK$80RbgF}sl@X<m%7Wo(Y
zla3LD;bSHV+`7o`&VBzM+T;HJr`Y}feRDw~vFTbCF14g<>9YSXjotsXVykFjLUL7Y
zTEg{ovPy+A$)Fv~q7O>H?sf4lieBVhA(nT23Cp`arHpsoU&*^3d7XFpmh!IoRcJ!`
zyl4s*xDK|{2r1)weXzMxPqmJLTUx4h8yQ>a8vJt5urXmfOQORbg<qH+TRj%-#1cl{
z-es6&XAZ^7tc(Lu@pC`CPJIo896Hgv7p_RtRMxA%{aSwE-6XLuVZ#~i&_||Rj7an7
zm6*)2PLLZT7Z~*ty4NE`9a!*7scBjfQYz(|ETI=}eU_8Z2zuzbmMLml_-wMxvwRRD
zZ)kcdFZ%a1i}IzZ1!xA0^hJ9QRe+y+(Fztaf;F*n<SIS^*up76uJtwuN<!m3!)zEG
z06Im6B|4x0>u<Gf7l*8t<b&$T@9bm=73F&GH6rFj5HU(7RASGO)6`e;I1J<fE-x&)
zwJ7cv6r_--+@yNHw_{8asMDb(xD+d=e(-`;jePC5cANSFV4UYORI|gcbyB|KDu)oi
z1lLd|V2A&U;xW47mm?AJOaAO9JO}(gz_NBLmbDvL)~;jOM~(F2pzSzAHulSL+(fqH
zF~|nL)QS!(vbA+Zw(FJ=vdKXeI@1qhg7_YmmN<uB23u!sZeR}|Xw>78$eCw*<a}5N
zZskw}>zn7t*{GO`w{O{rp}u`(CEOfeqo?fDQ13(NHs|_QkatBc)cI6Tb_FY5j!)%t
zLkl=oj^JWEDv;!doH!O3i1*%Hxl@$4z_7abhnCHQw^k}k5HS7|>AW9LLFElXJVDG~
z<B;i+q@<t$^|ll&fl)1lvg0IqHzm$0m{u<!x>gC*jdqGVv=ljp{jH@Zy6D*^!boG<
z){H7v!eBj;iNx&^L*CTpNPjKg+Z0=Y;&T)zk2ob6kGn1w{0E#OIvce}a<lJ8Y1(_Z
zFrH74+9JFTKSo~{k|!ght~Dlg?NmaDpuqAUl-x&rBS@Q%WYyCW6VhKyOhdyrJX~Lb
zU&DK-nIRbv4uFi&%#y8W0a2DvubcQFxdX<QR|bOS3yGjJqFn=iVo5q}yIqU;32rBp
z!#Ws1%@|_^_+}EhT<`I(=0yK0r~2<~&X()$cnSqNLHP`y1BzeJIm||hq%T0{+MCn`
z&~q3If&{93eF(nlJNrAMej-<HL6Z>rECuGYG7IPQn;}?hBu=hfuq8+N3?Z}PGH74<
z3=l<*991uVr-dj99th2W@twdka8-e)*nR)d?rZr+OEjbP^VAn!#_B11K$h^xtAx-;
zDJP*v%*vhvm^K1Co3>pDez)LK_A>1bjNV%cJzycG?cO!wv{TCwVthjQ7L3#wH;FhG
zpb)$tWH?qsve$9_d}nz|#dDNlD(*<_xX;%hJ+F;g{5wEc@OsAkJ2^6wd1oncg8YsD
zAm<^J_@s{w{SR098yn;}VcJ$IP}kt`?@3Xgw<lu1%0S;BU;({>+Esa=Sr4YQCdJ!N
zsIO*+OYXkD9d$Vg=zD|-4|0&h)YhQ@(;oREwmwStd=AM*J_j@IXwBSf&2z9|RY|hu
z+oS~_S?u@Bzbdj1Yq|*X$W-+JpfDD6!C=bB3Z=9t+#kSe=DUzjsvqA<y?O_09zf|9
zFCfzcNZvlVw$d7V;b1<qq9x9Pe|j?c&6NUYrE*>W#bPEV5EC77UhX-@Of+$Zd2Ht;
z7P;}oVTRoJ%rIN`n2GmtP9HOIuMyx~Anz4fSg+=2>`S)#p9dOj#(Az50uE20Jh31h
z-|`MKEutr(s-Ls#XP9*Io-Vmn{ZO9wv*NXSz(jOH5zxAgU;Gay@OBND*r2bhlI`G^
zS?Vg+YW3RUEKQ)F(S#@}Qai^k)%?nLRayPJ0-y#d@!>~|xOzi2Ex*|Gpe`J$dr*t;
zO>=S}I4JSH@%}YVIo@)>Z_OJmF`Q+?F&&3239M`Qg&1D0`O8m8ro4ld{xvC>+zL@5
zoY#2<_wXZ>|AAb~=VXT8?ff}T;;&w0PEkqKr&yk9BPa2Tp6!ULtH{Ov)<;GUvr$Oc
z>HL+^WR2dY53@KTr{K;@)*Y57rl7*j;&sVcxrX<jvN79!&Na*g{{lWoxg_Z}=6j6!
zUzzXm`Elpsd;B(fq{61D`NZmu$IChPu1Uga9FK3aYl6x_tK)IC;doq)-Uph~@ftx^
z&ggVpz6xQ{&3^_a9YmyKKG&7Z-<oGaIm@9*nt(DdnW5>Zl~y$U;X1<nOoYqnToL);
z21|Yc-E&s+XX922{!Z8c|BbNVj`0;d)%n=N+?eC}0PL3(iLIrRDa^z&oWsXB1@5rm
z{)&I*ZzRAR<3q2|<PZ594-p7lUz@W(jsO5s;5MQqL>}Wf2k*JgxE{RcJ~sS?v0}2-
zFB^+UpkH>D;g`+khm#AU_lFXXy!R^x0`jyL<)5sc)}rgE=-$jfi#~y8M=6gvyci$r
zJt(aN_vrEXJ-Ju6a53)HFmH={HF{Rd)uQ`LelY>ue;hP|z03!a58R2~cP`x}GOI)P
zV$)sNt}*M;vMpr_P3D0#Y19KL{EJm>i8fZR#D-c3A1t8D(;U+9Y0enGWK35jagDs3
z+i_;U<e{2hD9{MHUDxXTlFV9wEfRN}$b-=aw?X7KGYY{CQkCRs4l9v_x9V|5FuK5R
z3GvSu$ICB7SB@U5ssxZN!Q|4k4Fcwv629Ez`)Bc|dBJA&lePBC;k+A6|ME&=Uwgte
z=zcx?0jJg!#zHab%dK$p@{`PW(V>P~qf{5z5kAqOd%ZkCZRqv#4pu#R2%os~q&7}<
zGF@e^hd%*y)O@`DTYVntDExWSpbKKVN@*tfwz)dhcfYdZVPY1Ob+Rc{mNKtsa`=`v
zP^ht?d?WnbD&Hu@4(wx8vD15<FuXVu?#S4rrouhsJ2xD*ad)%t7wouGbBbk*2BX{Y
ziO6nKzVi1?VY{DRZ^)7}q)WmO+AnCOl)p1x+-OO;@HjE+eHuexEZpbB^GcHqcpua%
zUSN@o;HDK+N8@xAFEkEhd5g;XF`h}U<4hH}vVd<_+HBqGnX^#6V5>J|jXvm&!6?t5
zaX&}NE+SQi%5)GKsYPGtrifL1;O;0}^>kPbfbXimwy>W7TrY-^sV#W7=`TiZQetS3
zJ!35;t8GvpzuFLpK(!*jK%l2&6pREuw`RrEgRdeDGpFdB)O3+srIA8#?eeLIk)r|C
zpAJ0X?-6}}I0A1DTH-g<FR<lX1K&WQRf>yP(H<x4vqmigmaZP1wHC}_*?}VGksnVj
z?m3{wOz^bkq<Z5#%2TODn5j`d=(|(>;guFNH9WE1<4;1zV^wf%7ZtYN&{auafvXW^
z?YBj)Gw_W)68R#dDpIe$guT5K`KLAiMQptV4eQAD4iR5@%!$s_?k&6@%h3YAM1w`}
z7vyc$CMh2xpsZ+X32+1?O}8NFA2b{t6pN#L;3AT5=Mjl|R#Mq1Ak_GEb{q2>?Mklj
znXG*}v`@0J1*@n~jKq&^Hr$74d_p~)#M4D{c!1p)-&)|>uh;yBLEe)kaqW?0i~pD0
zhMtO8!WO-V%U8V=E3}C2CX9iUTSfkkCX52+j;WJIq7`J812(`&J*(b;2<)Ne2GP|7
z7u12N2x5$9orNHVe&+rm{0`#S6Ndq#>NI|eC5F=}bq?Z~+V2B9gVjs8D~87RiVAJt
zqLw*ioe2AJ+g2eS_#9U!3|TL@TV|K?i_o$la-EV4?V7BE)g<EC9^k6O@M)kijS}X2
z1g@PZ5Xl4{a;i7KiIfQ2@o<oJ+#9^5`lx}Gv4Qgoacus+PRdUX57C1eO_ALKw+-Y8
z^`<p!)S}!e#lw7Hs5l;~FP>3F96>$ulU>_SnmaHFQytw2qsXL!s`d21&9sHF*X!Gu
z>lkJ3S4TGk*skdspQ+WCCMIiYp2?axfGVOM27gpj=?K{9r>y(+I<#nS$-S5NQ~n){
z*~WSgAe<68u*iThnG{F1iD)M~OLVO%aIfN@z6xo@-(E@~8kC3=W7f4e4S7sDzi<O%
zyI8NK8QHIE14>Amny3rlnAd6HO~j5nDNTo_22wo-#`Q$5UPMz_tRjfgSMUaXe<V>B
zQy(=?o?>zSsWth<E=)+Y<R=bz<upg+Ys3GdXQG48H0?7*`%KsR3A;5X<Fp~b41G~n
zPg;hi1ET9E^|}lo2ac#D{Go+^HmJ+5V1CL$5Aykf7<;7eTEsKA#qV0zSFih*RT0<>
z+I@IPCyQX{Lj%FO8J8WzT?W2|KVq2T86R9rSiuL-zu12Q)P`d$PnG{foUbovWPtg3
znZ%@<_=-1d=MYnbG=~&)&?>G6t4bCCl4LQRVLej{wt}j#AX`TZk_`P?&=uK+Dk-1H
z@VsP<biq8nleGrt6d|6(D!tAmcR<&&BFke1RNbWWPyNeZ)eD*cuoysJ*_!8#^EpuJ
z+4N#dbR2w9@yjoTmukEE8*7Q8lgZy0s~geL9Y`)i(XaSc=3M*}q2t7KSeG=xeS%;3
z1va=&<Yu(ObD&~)uMpe^P@drPwutg(b@;W&6;V@D3%I?2k{}I?3E79CJ?Y7_>m3*y
zrYC37lF0Fa7a2Xm!i~wqlhfm+a~(urLfhd2dB5n|#!6WMX?QOfgL&*I-F}1m<50|0
zvx@8qD)Rf-Y;n*IGk~cO>~#D~W6H`2+$9$!k*9RhHG+HnoS|h;MEeLKPt<oocqGUC
zc?G}9m1Xwf16Y4ia;v_B*j?Dbe_$!3ksKvBqFy>D1x27+1Vv%|V4YQWx|Mvn>kP5{
zxiXtBmfuW3(QH9I>0M1krYD$e7adoEUf&;+d)*8?+(14U#Gndo7Y4M&RE6EOd5~uS
z00pk21(=Yn5E$BD@VsXQo%i7E;w|!$<l3vDApjr5ven_2V*R5n5?(HHdzZ?}BBF~+
z_>&G3PG}hP$>B1%DO3{8At6;Q0OsSb;%3M+k1#S2)pY>++TNk792XzZRSw20Fb#IE
z1A4FoLL6Gcf7kY3YksTxMS8(Gi$tNWNMpv&p=ULIGW|%)(n~9XQm0V=H1>tkDcVPW
zo)&Q5xo82C|EF3&JTnYYB!)%)XL-Ujx&O~rxjzBq{-@-gWd5f<x5)g{V`csgf9xvr
zcYYo#^IzXp=AWPPe=74IM42nRAKv_;h7am@`0J2Cucl>>5gIV(QF+ce$!L1DK*~5j
z&{i>4WVWv8w>_<BH<>wPv&hV!>N4}!EC2g4bE6?Mztv4<wvI2`f(zk`qGr7Mbd*!~
z@PYf0=I;Mntek2;M>+KrtVfm>f$GFHj(<KzPHoZB0nN`AxD$Xi%=M_y0oe2V7rV%*
znB@W`UQB!fyYkZyG9i_jgYP3rbsG6DMZ%h#`s`=AoO()%pRUQN(_-b+F}rj*^(o9b
zD6gVBt#ax#CZ`&_7xS)UJD8CA%3gT)Wmf%B!IpOne43yYl+uq#%K0QRGry00sVlK8
z$E+et-m^2`zqs4|p79w~x$-K8v~pW(wl_}RDzD>%f5-bD1sKY!QO-egkJ2|s-ldiH
zE#H;oq`t~`9yt_^_Fkve`jrQIF+Z!CdOp5&yET66Ofu5kJZsFo8FTIX&{Fr;`#1TJ
z`j=;00QQl;>2dc}kw2>&{(!>_k4K1(*#i>Izs!94*7GHQX;IWSUrE%64nT!nW4uZI
zBAuuB8;`)q{A;qb!A;Lm9<j-ZRznyJ7q&5S$ui@_$EOO!>Mod`BR|r;4(fFOeA{K-
z-IX!*7S&gG!(jhy&F|*92O~f?83LB?Jd0%|hcs>{?LHVR8~o9xof=@2n!A|~Tt+P0
zl4?lQc}k11)o<Y!I%CBIP{zxcJfH=Wg2qsxQI<q8<!lcy4S+SgzlNSLH022;m?+nj
z7ZM6UO@92Wvcm1`B&#qzqe^l&;avG8Rh}tr+ckeY26uCL*b-3XZ|lDQS>$6zFSPZO
z-{0M7F<U<i=(8dqO9OhzE}%Cvo=@$&%iQ{@mUEYU&wx!zUJ)z+(flzaiwi-CD&OUB
zP)Hq~P6RGzOfjQLz4Tg}4Tvg*>4AFS>w;gJ>EN<#Se>&$9sM3Kl})fcl6%_pSIn@^
z`q7$d6~{hCYb<+oiuS3o^3kMuVUZ@*N6|$+FnV;HJhQ5%rtvVwCRweIPfC67WPNrK
z0p8qpJ$%k8bH6`xe(w9oIE-g$K%gDwIg6h2cfl|tj8qHI)nZ0#tFcnpDqSzL#$j$h
z#V-8`cjL*8Ktg{q=zRj7<nOgqg{1f!BK&Iv`5S)O0N`?ECuZ}3r|mXd*@<HBh_VyE
z;RC<IBQPzNvp$a0q*(V0y>2+AGA0Ss^GO!w_yO(FD}}OqVFp~lH-4F;?D#Z3@I0^w
z{#necS9W|jANUJ>`E4a1_#J!;to8QQ_DOe@Z%t0`_5NLP7$0R@v5YJTh42=&`8jlT
zsKd(U6&;wMPZ^Y&D|=Im%6A>1lIsUN<$GD3^$z-w2c`Nv1<JdrXHIbvZ#RwvD4y10
zyPqFVZR-7)<TW&pTiJmg4{a3~n7A4?ek>Uo*adJe2+dDec{L%_ZZr_s4|A|9w_{XK
zNEjgacQ%t|qWSe~6XX+-K_u_?<l9re6P<hb;NW;-LS)g{uMQc)+3N6wIw@6@_XXDS
zfpj_~O<1~mAbi~L34CB40MO8P<z{S(jKu!Sj^F3KG4#adtg>j_+!1BRZ}z5@9lsXV
z7ZYQ{@_6`VLKMJ%m4435uUtF2)h;-^t4AwIi}4oBie8Z))$a8DfN8Bgp?t3N0?cDv
zP1oy2N3R7%&fm^0XsU~|dCC^V*?ge*^-G08WmH-0h5X9#2?@%e=R6gIdLe!UHu)k#
zX#P@3ZdDJhkEcUiEPbs<tgd|hSFhM86pGTW)Msh&Q!H_nJTAouZPlWujNhSgGtu<R
z;@-9i%7o=dgum98eQ9I=)tBkvR3Oc=NT~@+>&w=djZ3MwPqp65RO3O+Gta&m(NSea
zbW~{KBzTqy%M;eXR~8(F0dJM<u{|2WQS2EEjxqyvNxl?i=G5(}52RKZBl{j{5wmk!
z$x-u1JN}4wPTBDi@2|^_-_Hl%!=!KPvOMK$ZNP~=GSFuDkEbmDI{tNWtkr*t@fEo?
zTyn~CK3~3<ZLqZ~$&c$-S{@-!+1fI^SJHm_*Kw?$QLG;iAO#>wJRfKR&9W};TEvp@
z?+pDE_=eNu8$f{J+LM$o{xf9D=m)qq{J}}{ED^*VK7bhjbI{R$A<8`Ahwysnu6Duo
zCHcRFH=IJDb-((+@veuE$OXR-yXjnQ7YVB2(Rg_Fw-B+E@Y}}u*(Kk>{&(=CA#Yk`
zCGU7Wo`1o8r(x5Vej1Io#%KAiI@?B&Zfpcvs)LNy$y3531{-!&lfSpO0!#mgTD~J1
zt&FVczW>4qmD{sg>m7U$&u`o6anqHLc?)UZMsw{9<|4xqQ_y*WyD*CnP)Y|ajw7q$
zDkc8yI6nA08y?`td3$3riNI6vD~n&Y+SuPPrve{fdHm)$;9bO@N73)>EE2lb*qB()
z^i5Rx<@T~K9h$6@Y^2kWTY_ulc>dWLuukRsnIqFLNi&#}Zq_A;Nzu@BjHR0hVr^%p
zsr)v^{%NMt_`S`dt~PXCC+`X~Zw00yFH8%!uzaNW9-M8s{20Y|qZ<->9kqn7jv8p?
z|2jn;72`kiowhH7oKe!BfRm|=BF`n}!Q>2Yp#JI5ULAT&e|`8VcI@n=qmQHNB}rtP
zOU8%S2*b0n5WUFXu}W}NlU0-%$-~cTl9*|+M`R(fw`J~)X4;8o2ns!->f@iVEEJTv
zqui$1@`ulHdT%`&^8U7m%n>)}xgso*5!we)y0_$0hDA&}s=YW8thA~#b(SJowd|}r
zv`stfj)W{e`M)SL-SzMNHpX55Q_H27cf?$J!*Xf*cZPj3VeO7#WT0}lF<-R|fklK;
zaa4<!)AFOk3@<0FO31vNCc`)Xh_|5+&UdX)pYR%dWA|6k{d{w@-y&$^gAzWI6z%r}
z{kjc)9jUEk^#)t@6K*ZGI89Q<!dm4`EpV-;1Qh9XuyI6?tMz?)ng@2k-jcgk<i~Co
zf@^(Eg5sMbDDwq8s&Rdfb(mZyMEB-mNpkHHg5QbqHogMmLg>H)%c+PQ9?U`il01K$
z*U9P%7M;1Spa=rSbgYe+OjX6Ho*-HcS1qxziePq%U;2(pTw~?DWWEB!$)r%pbTKsY
zA~GaXuA-<q?i-G>pgM8Xm><=thW^MBqdL**s^m@;hU3v<t{}zdV5zg*Np#$Sc4p{H
z;I=_`YH#dDJ}AY{7w~p`Ec^?yoE1;P;}2Fg5Y4qR9&`X0iB5M2+>a6$720;FhyJw;
z?#4GoQ8aWl2-ugaCGwUOnmV1`3ioLP-(LV*%nKKCR2VRs;;g7JVEHC(I>acnluzBy
z+n6K{Dw1~Ktz1?yXqZhIarbsa!|(XO+gulAH8R<9Ud@h_jdNN$_L>=E<iCefu%90X
z{qcckpfmRtz{`eh3@^PNc;f}|MtKVsi@A;2J_Y%*8n^-T{EX&IzNrYwf?G%_mZ5`J
zwGIG4%H)~!w66yGS~pM|H_ACN<2K^G&~Id5YYl8JSZoJWLnoddIrzZetQ?!_;NUq3
z3-!U8i8;ckhv2qS3L*G}`Kx9eMzZSF%zw})5)c2Nz_^U@dObu;`&yrc$Y?9Ob?a7m
z#McM*H;xbd!)D38-EM*6)%X^sDte+5Cwcsxag0t7@9Sxl1Y?*z&Nt{{49=0Gmr1ea
zhX!T{tT;Q3UzCr={!ev3C)Cp(w&u6=*Kum%Lc5J#7r+RPnEELGH5hZ5iRl6oY%mR2
zsN-Ak<9UkG*JJ!)=fzV|Kk7`H(~`z-4Pf#Cj2dAHpeY>EU~CPCOvYAsh0fSMg>T^m
z-L8NRzsy7F#6}q6;tpM2ir~-Hon7UnwAREjK2QQ6UEaKPo((G#Rb}x@R`Y>l1m>0F
zCS$IF{puxiTcUs{g9uTCQRh#C*?C8jV3<+mzcri2=7iP0!LtSVW)=>xAN;(Ier8;O
zP&j`C{7|m<C#1k9h%=WR+YAWKvIHPgeE#%dbGr@>Gu@x#t}xu6+lH7ZWroecI{*+`
z&w_IPSI%LCs5c1iZ!~#I$p`dU>%CHNf8jen%<1P^#&vn4pxiYRD}P3^%J!88tK{o(
z%Xz-1EhqP&xiaNL^pz<df?LiFn{lf33B5LJgnenS$=ipOx*q0hiN@wDh8q($>pRoI
zCVgjW`UZjM8Nzm^2Kse9{`%0s<HDK#gpa-<u%7=TKg<@sBWlg(=&znBDD!6GRQw4c
zybmo~ZuxpXh+!6C%<v|J@@GcA73%G&wCZ~Pjj&y(ik|aDm+?V#?@cPpXp$2NjSM7u
zFBXZm&WS~$%fE?1qRyWTBs#STr}$WkhD1&Db7~49k-7<yNa^?eCZe+sHX#myf=i1n
z_gf9Wy`?~h+s_+j^C!HqiJ{uM^YHHMnOMlPKA~h212Raq{a%3YBoio`bjW*u(jh;G
z-kgxaAb&soY8#A(CVdfqGsjp&YyO}fa9Izfz2GMcF0UPI;PT4BU2$2t9<dqbl7w>s
zl=dfV+z9h2-^X0OFFV?g&B`|lb4{rnWx!DSRd2*`_K#s7uSZNIeQdCfr1!%&rQdUK
ze;Dl}-4|cd>JLqvO2u-qOvEPdz_ZuKMeFXwNm_wic_LPs01BUo;*tQr1*$k9=Q;Fz
zgP2qt?-(m+MRDbc?0%|H0b&+=M!VlqKPE3t7?qbY_lC2ThPlTq4MTN!(lOgA?00n>
z(6t*6OfjePm}D&RlkKFMDkLc5p-756ki;xYy-Cc&G$uK+O?~c5Q2XBMLLX*5p8_gb
zHE|Nw^ud|vkSGO6WW$W+3Hkx6dQ+v%ESRcipsCLuho5@fE(l7Ityr(f|C7_Gz}2UI
zk-6=?)(rqmK(oIJJ1kJ>OAelxqAuD9l3|h{-;%1X{~{Vy@P~3sYUIb*{EhlM=9}-p
z;A4kYH<I$HgWlzCF$$ge9@45w-lRF=e@=>oFYBz%xxXfvCZ;f=QO5yI`!PusHNH0n
zU|A?2kmWg(FcTf@!S0RBJBgH7fhn}>`Gt6-X9SMu@T5cuDRXZ>>)_A>Bo>AEz(WKL
z>;&h19jgffXoLrRW0L14vNMCNRN;)YYAgehBFBfnH2jRI;IWf%X}gtvs4fC1>2M>W
zQ7X-Fo`Vt+O`^F{f<r`|dC64GSFTr&g-(w_;rS>Q>|P7Z9(@(mZ}HpkXsmvEru9ze
zx~z917rWjs+Sq!3-ExlWJ)Nz0+W+o)7tf~g=*u2_kjO%VCmJNq9iD%E<_z$>%qqVz
z^NhnpuNkrUHR^1-`u$yTtFzOJTi2XBZcU|NO$%OquQt`gTL0d9Ui%%iM4mCvA7bi>
zmuA9?sk$2H9g3B=<r)xh{kuAYYXx~$CZDrG9@wScmog{o^!39#U$xtmc%y9idowCo
z-O<uaJQDQwG2;h8oQU)N_H3{!B`{HGx>b14Ers3+&?3C!$4%21yBo!F7%(1Y%kkFw
zcKSI^=?hZm@9f$4@!7~%Mjq6x?(?{j<`MZX^_4n+XR&4dwLF49zdrR4R-YR2ohQqT
zkpf3^gsxT7;boESJ=JeD-9dGKwu?=rR6eCwZzU}+j4G0`-UR@m$4{3E6YCa;{wU8c
z#CVY-{A0QJ(|Lq1P4s5)%W|C+c}~>H{OW*`A@I9DTpdu6*WWt`ehh#ggDUa{_!8mA
zz>2(qpu9_5hbTXlnkKnUqB1)ht>;}mxwh~N(Hn$c=EIX5DKwwc>gDBNEmcYG5Eba5
z0RBmr+|fB7i>|2TJ}L2coWvLM3$G&TIf$NMT!;E{B4#|uNlnx04Wc66t!gUhyHwJV
z;t9tm*eV8LhEGm%xBCu}*A}yxEM290THR-yw-#D)6H_1P<s`qg#H#isg%8uDMH|s?
zQ@6!nCC|yLm<MMvSzxHTXJkXH{XvVU*y0(l)#GI`m=;oXV0C*zDRx$3eq=voEq1M!
z+^r&?*DCls2Z?eUzepuhPb(illd-=OmUS+Ms-C9uF4jeWCFeY_;wyPt|I%EW*TXOK
zI4g3UIdVHJJ6|yw&A`h%{XMw!x&8S-K5H1@!R5~#zz5x|Vc^Pv&`Cw^Kv)4hrQ)h7
z5&RfOfvb~zl-JoT#s#X+U@Gz2&a;wner@MD%s<^v<Km!@6;8rjBwhA{b&NTV(e{6I
zOWn#Z+Qx$KaH~41ZB?m1(N-mPw=}Hc7nbQhLKBHTQ>{brV^W9kVqG&Lj(w+QX^@!L
zt67kh@}<B&FeYVgdXI0yK!h&tpWcs<`HxAX(x<O5QA=a#g~`P9$=Nm?{jY)P@73+v
zEmTHlz4|9Rx<1c?dsc^^GyRhFeX#G(+6P|=o?#!XVkw%P<Pq#XjN{`MvI7F#l-Gyv
zj2h?Xo=|Z#qe^ZQ{Pi4iG=AA2u7cH3<piR;Egf{e1o!<v_TD|biE0ZRP1*#~LYWFw
ztH7ZgQ)~s4^3aA-Y-n00Fa?xX1s^DgC<urNE%FeUgfhlxeWAyrNA&o>qsR9_-n2kT
zLB#?JC@KX7XQ)5{DWTBjuC?~eWKzI$?stFp`|cl?@1vPL`!Rd3z4qQ~t-T(~jwZdH
z+@lh}JyRct+zHd$qxx%X!$sc@1XY6>h;ipNSdw!~IX1nKF%xO_Fy2j|Ly`YisfKBR
zJcdV$SRDt)3NA`19*!A2Bk**wiigdf$KiN^qXoEzX>hz~dI-9Hg0$bDqM)fRXliRr
zyTNGHte&Ir$=aqO^ARat|IPsQI|6;DZaKSexy<>r{3Se}ln0{lzI?eERIYAibic`}
zAlHWS)=i8aRDNlWi3j;V?ROk;G_c=EyC!7q2L58Sy|ZD<o4ScC@H-oJyq(eevHuni
zHgUP;9iqyU!4CZum>)guJBhW;(bL`-1~%^saG0{3;1ELpzl(R8O#i+R8sfq3Op(eK
z5%kC*mUJs08lvhS4#`u0*#!D4;8C5^A?h3tQRjS!s-`kTMT;R*)n9cP4H>Eas>^A}
zMEv!nga{%bylutTdDOgt!wZ$IG_ilt`<nm1|Nk%d|4gj^-2cz_*S}jL61VgL%~^BE
zskZA>yXI8CZ&s6Px16ftl~e7OQ|*>h9f?!zj+440NEFE0IH@ciL@c~?`&Hc28sg2K
zK^OxUuk%t=yJOaE^-`-|iwl?}|MdyO(E~i9;#Amu@8$Nt=PtF1#qBarGalK}Qhu4L
zdhAG@(<(1}cEoe*Wdk2aoj1&}UpDG-IWHbF=W(mH@zOY3-ESyZk>{>uLKPNo*&we%
z)#}taU4YU@!5C2bd68(CV}0NLb79ssQEn0Y;@zk*3-N1-4!|I|Mt(t<wApR0$8g8j
zI~SEkFx+v(+o3KkDj!zNi&(tlQ{LEk#}w-r=us)6yMPdX&-O<`E<0hI$D_%7)u39z
z`SxU0=qvwv_h~AKIA)am+Bd{Vel7cS$#2{S6kRHbs^s^~dQAS1h?AdkVm(T9e_4+b
z-9VRcI34eyT!CI2*Q<A1F0-nWK3NFZ*|*fYxob80r%NSNbJD#S=R*yl0zbg9%QR@h
zGa?Yr?jj1cyM&zkqgN33?lp*QA57H6ws&FYT3kU)WUg2As2smiX3TBfoUBXiS<v)m
zX`H!boMt)}U7V{PV+7=?juZPE?;<jyV%|01Ma8^7C1_&aJqfBG{*>p|b;nzVl66eh
z?SxPIk2V|b%YKIhekeigH5Uq*J^8@<SYV~LWi#6#&%BEy-q|j+zH1pbM!QeziuCa?
z?OqDL*lV38UBCJ}O}d`44rllF1SVZ?O{siLJ;hkB{$FUU*D(@KyX?uDbUGE0PFbn?
zDPWe$W21UY;|M7cV+*p5Ye)+?>ZE&#w3c`}a6;_Ogl}yOeop>Y$ItuMVkc4kiSTn2
zB|o$geh!C3!0Lj(fM<6$q?=rU{(prO61V;XlJ!O`?CYx`Df9OLs5&qPRUd-&t4{Kj
zE}XvI6P@JSZQ3N`!4j~3vW6yj`5JA4x2f@L0$sM9MbzI$sE>;BKs!lY9)*Go>s>n5
zKW_8%bxB9X+-ZA^*KW4xwOi{;alVw{e0;hs4h=lw$bSdP-Y$pck|_qw$+*!d|5ULN
zy*&i1r&a?H>2||<bhUb0^V4b#pSJDR@TqDw&W5)&!>2DO^<ZoA%MnH2kMCsYYrtKG
zZK2OKY?~BmiEa2L<%cGNy$tGr1X^Ltcgbr5Hr3k~`9t8Tq-t+kkNi}rAeqiMHOPCc
z{Y;PiWE8Z+IL88CI5usLLkPU{r<Mleqx|7$JE;!Dd!E*$gT48jQThc2FYUs(@S~D1
z6%F2_uSfO%0?O9ymv?>^iPXJ5rDgng4Ey5W?dilj_IcaYUCr)CL!J&~)*DCX^qDPi
zj7>!TmgA+w==cIdl6w>;8{@OHc=BmlJo%9}Z<`(?Q=wdD4e-Y-ro0|HzC0#gd@et!
zFgcLuuPEgks?46gi;gt&f!W1UA|JqjK^XmMHb$}n_J1g_tFw6u3}voFZNj0pGfdxm
zXlmW>(eXh$-X2gbdC}K!lswK;Tfq9xE>_!ub{|j0w(3?f{$XgcF`mlh;=!vVi@<!d
zX3)LQsA8SDPG&NR{Nk3(b>5sSGuOI*4OJh-8N=1iv<ZQksjk4Sg5!9}WaqhUOv~>L
z>J2oGNAh74V|)YCP;j2?1iF>@-f77$sV}>F8irRS#eA?Jf+B3!vIkI!cx#IYGipEB
zH@v&KRRs}8z2|0t18-vbhrDz`{`Lpb8S_6&T^MF_1^Tit=ks-oNH6iYnU`kT>RuB9
zk0lpno){J!c#C|~qbAkUj%UKqV9(x~tB#Xy^9gy^hZu`_UaFkx#a(7zsz7>v(?%*o
zqkQfr{3{=wMeU$>&+<j;xTR5m=-(+OUDpTAC(2vWgDvH^E%RH_vn|V?*%C`{@d4|d
z_35T7)`#^lHRirl3U4v4KjT>x{w(G!+W)nF7VZ5EH@LUs)Uzl=$>ni$7H$3vX{9gV
zuNhhvd;R+}P4(@q&$Nv*__eliK1Ed@k7FC>LP||XNuWCKA?p;iR>(S0eS)U$R3En(
z^!E-GNA>rf+>crXxi>*EEqk*e`=9$`H2>Z;WM%$DHUIcDT66!nX!gfH#njwj$T|_5
zb%&wR89!5_uNxZeYsmhPWiK*hPc}5X_#kE9XUINl$Ub&3=DRl<vTmr2$=YPdT0~j7
zZ4HgqkBw%xJ{wc>J42QfoAt1v(e@40=og<v8y#lI{s+r`*^oWo&~V>#F%4g3tQnhC
zXsC69vU2kcjqWpKKTfVKbM1y~n<0Bx6J=Ws*?%)+dt-u^(tbW9gAa^IMzK?CrXo;@
zjt)(2$(jlNdOFgX<EVb@dTx~|%2$o+z4(R*1)YRkX<SC#k7TdaVm)7GzlD9awb%?>
z;|o>Jh6<afvr{~ab{SRYE_1Kok}A@%7rE%@Q`5s9ks+X(a$s5>8kzJMm4>y^FO6A7
z)3hZRJl!eQnmK<Gncus5P39dG^V7zak$-SFE#jtYdnM;PYQmeG2G3uZcNWb4=X<DS
zc}}jI8D)XVQ-nJ>@aC)rKJ%DdEv;hCBS=$^`QZ@EjdJ)G)Vd7A7Mmty*7N3k<}C)F
zZ2A)dnvWlr!9rJ}`;YwI1-|26jt@H3Km*-K*zFhw2TUy|);6nx;Fd5_=L0V=hQP5@
zjoR=o2_|zy2F?xXVNZ$KZ<QBxd2d5&o5u>X;ccZH0?aCJIe$iZLt;a`*=v=*pJ9Lq
z>G3O5PDc3!m~XmGqli$^E0%2kcJJ&!>xQis&KEJ^eYcJCp`SH!zvg%_S>W>FPmc#v
zono_@`9l~QbfuG`AkVpEa<|b1?UNiwxM%v&<}CB^WLJ+D-`Tu&TVR9>w4MyDXJG39
z>mjM`%&iTTX0OvJ9*I*ACm?FQPqrXrqxz?;K65{4Yz4dNnKd*xTJPd9>LTv_(8VXb
ze6VANV6LSPF?ViAMAkh^a9Rm?ulnCfz2wu3|I48G#j$ziq&JYcnKyrj4dq44nX8l^
z(1uxc-X}mA;0~U~yH%JrA%J1shoy1;1GFLvCZnT+G=W{FjkafyI<l_ad~|AbZT!ou
zsVK8sHmFtvq(MK5q9C9%^pHH~9kZs!9Fo`I!op%yfhj!4ETGICuvXTn8uj?$REms?
zOJ_qZ4uRf;Dc&tD$a$$*4MJuGteP}hKlqfPKlRq1Y(NBEBV_JoYbrlk?!I&tMdMXw
zY4=M)U|O~in3PwP`8(p#)2o|Q_&_s(d1)*l1Hva3Am2Tx0t9%#ztLuKoCfB(o*d+y
zKp;H&HtrZF<u%h(fW?fuC^Jku%Rw4=k+fAXpO$wX#GRrZ1_?dyj?oBdv#4iJHvK7C
zf65Rt52MO(ex5)kCHcK&r+-yMsn_D4t9}Q2sr<Yan$39E>EG=wMwPph@^Gl?mbRk%
z1l5bDoO2LeaU3_s^Y9E7q-g-}NdW0-XzoyJV*g^UT~zwZeA*q_${3El0yp?@-J7Z(
z9~KXU?CaMX<Kxkeb4e%tyE*q}{$=EiMzg-Y>AR$_&-{F8UkCj!eFZp~>-BzagMQYc
zMS079R-k@`pT#VN?u<e21!tj4*hy~@>sA}qExl7&+vPA4PKG`i+cfk@Y-5Y+Yh2o&
zf2;cd`Gn2jxqSH3V@T>2<MEwm%4-O5oPQ3k(cqAJC><`6Dg_Kydo12vskDJp#+kK?
z7Y~KW-qX40yxGOMcA(+Y_mB>xZ2CRjwCk97+Kd-ub|H}R3cM&n{|Mc%(fE|>&O$oa
z*;eG(!-;gBis!p>OVJ0&N*m`#Kb{RPE^KBB@u+c5*S%t8>jG}oc6YF&jaxM!k6RTI
z9Mv8-u~H#gV<TZ;yB@PEYfJ`x3d(<1&)>n7y@H9%%Gidy`*^A5+&<plkhd(G^D(cu
ztpuqedLCL2LB|D>4TptpHM|&3_S{Lb;>C^4T>%u_atv;o#=W@N>D%KO1kZV%Y(5vO
zdwTP^$ewvJc#^+((s&|3JgM+&L#_dSfvfP?h#z5kmtkNk4#)H8CTcDmne{jenT@>p
z8$O{?fHgN6Wy1)QA{dI3jb)zzL-a{B@ZFxleDHA?^!dlGQ5LH6i?9FA2L~g8R`ML5
zxyv22035Q_y556I19`5fP{(~n*Oz*tp5X>wAfvne%rG>S#OGMo97{KGOY%veG}4CZ
zn1{o>V;|?^p`|lh1gS=OQ>PDF@?*}?0NJuX(oJLdV9#68dlA35De?pm3fxjM{9N1w
ze=S_u8JdLLp6_-iC%Wfq_-<85L`*{uFuS!I$~?TBgz~ayu68TA1=yj}@2EQ7x$i--
zcyA_MW2&qE+Q%)V;c(u>*l%2B<(jVvY7KYeJ<uS1D(Wp?{g_Q|Jy-MD;U`Q(i>!El
z@h_0L=$3wj!`(ZM53XZP<vs+Rp=O25qw;*Hs?3P;%NtPOr*zQuS@^|B+*mdc5SF54
zLso_Ajg;Xf+Rhx6`(qE-7f|IjPw%Q!VF1d#r8-bNs|gaE?=;g-P{(;tt}DgJ0pz=g
z_IuUt9jI+|=&_IPnEl&57SV07Nc+WFs~EO&zPEAJZZUh)#9v@1_?YdFY0=o1QGOcT
zLT7DXi!AguIMYn>&_?K#qn4Md=A@$lOA2kI&>5MBh2Si-^_D+g2&Zn)WseZ0TLlQy
zs-nAT?bA)qvpC3yHfBtGO}(Mwxq=$#LskV0rT*`v_K{}rcwvG(*jhK<*!EQu?5!2@
zS5QVls}Z?RSu^T4jO7EZRBst@cm#@3$@{lc=`fyO!hCSpK_0k@%=3J=%7tCr(zjW#
zSMQ9ZjIB>6b>8?fXxEP3VYrw8pLt07^XCpmQhH*^fc5M@$!5;mD=QL7NriXiC?5IJ
zomu7C#s>;aLS|i2W=}gWehIXDv5m!p_%Kp~{_<k<nPL5ixl7;bPSKfJpF>;l$et{q
zH)+HhT|jZ`23<h$z*{It=qafJim{aJBH<ECalFNBGP?7DC9`Zun^f?jC8ajadfJ)_
z1w1ylxRTz9xd+#4(u#J}&L7K|w8BKGqs!Q4)W2Ns$cO6<!s{c;bm8?6%TU0AVGCe4
z*8D+O6Bw*G|3S77Uwbs2rJ0><igY9$?UNlT;Ul;a{oQ1Q5A7&$`iRGg(@Xi_&F;*Y
zXE_Pmc2S?uzG|>VthIQ%iMdy;*X*PEpnX&yJV0KjFD1>y%7N#m;-v!Ym0u!7?7N@L
z%xg3~nm`^kWEC7$-oZtIMOfJFsPP`n+RYq<JozGRH&5g3Y-Mdc|FTLaSi4c{DQkaC
zH<6MXy)ReqxaQ#{jUMIetFma6uZl9{6*uF2>i{lVr_c1fH*peHm8mm5os#dC(X>V<
z5e7GyAhX@m4dXy3D=#s)0RQWmfUIR;G2#N^?C-p|M4kB~Yqgp0NbSxjV>921QWGHs
z48{@!fi|ty9&eywM2$|TEUu(>1B>WKGS|HU`*j=?N_+ex(^~wajG<ew7qJ=Am4)hS
zCf@q7sct(I{cS~eQ!+z@MZct*R^zkMilQwIg|$;NSsa*7mjoVjJ<olTGyw|X0_^}5
zM*KpHaV0dN>_I_Cp#NL&${k#9uYixq_o5v<Qt5yKL7e8`$TW8_uXGKZPcY|jQse<a
zmY0lSXW%UMo&-_=d(5!QDf0F>cYp_CdmBERd2`YR_>_2*bB7katga__aM8zzBGR&z
z>}Lhi1FiW?)XD=MrqV6tm7?*oxE+SW+sX^FcEen^L4d9!^Z!s@8jjB;)kr^!xp%D5
zr+(rJoQ3m#b?R@Y<S{=jqWN_&PHE9Hc0V=)Qey5kYqZ(yPDOwAv)N3gR1Ku0pW!QF
z?upg<H#$?^9_<@Rl-%k^^xBT-^`43;>sD)RAA22(RH$wLNU2Z#hHa{RwPAPo!msZR
zANXk_;ru^ch(zkTz+{~}ly2HYGxeWy`b_!9HlsbXVb&u_Q=lNMzqiOCg4GA##KlTZ
zx?1d~ywvEH>dWES#fkKc6m!k1qgQ$^zjmcJz}VxTztG{a9=^o+Z`I)OZ%StP(K{Zr
zx20Un{p1S`66KV6qY8;7l<JJ_Vo~6Hm9CAK^v`hB5B#w8?L&ycT?%nF7l%s;_Z}iQ
z7<smpao(%&Kt*y)Z0yRFp??f9H%tG1GJSEok9|LmQtKcU=v7z?_>go4{#qniJLBJg
z>Uj-SX6BDpJOT%OrP%<5{i}2+tg6Mfp7yCwc$bn-KoXC;Oa)PID;)Sv@mJ2f0I=~U
zC;*3R1U<Q>!BL+AG~OP*TQz#Gmf+NEkkc8vT*dkNvyJ?-SJ^2Q7uhZJ=+z$@5X?vL
zVyV}&@a#7KBxL@A$EP6mT8Xu#yKOCK0ot!=zhGWLDUv1f8|bB}!Fu*!x+%`v746mF
ziI2D5C*wCZQv`|s=y6J*O~X-NZlrHu3K@y>;3*<;;2T#WalZCONgVVc7_eRs(<GfF
zBBw~IT@!!LYo?ZD&Tl~G$Zehn0;W`_ub~PRMFNKvIQASA7}sp{=+V}s3GUD_sGPm9
zIVPTnTWZ#kY$}i!;{eovS6cw^#&so*u$cMakdbsBOVX_1h+-i)&PE~*98Dgd30W*Y
z!2x&Kb#!t3Ph5Fp%(|bB0$Y(8j+ELkpX0LP21Ox89!Z9rRCmrJsjxy&HkUIsne&r+
zz~TkANIY(p1*w8GHF-`FStcPt@Fl(u6i#(7zQ{`4GZm<()H%rpeNR%FA|cB#78OC<
zVJ<>VlTo(elKpzlx0doRP~h>vykwX(xA<%0&|uH&p;xe@9SN^Adx1)f2jrxw%D1uJ
zTjGKAVSYSN<u;YiDTdCU#Lwo8ht3}%c4i)Ro|n-1&S2{Ns5IKu3bDtI8O5H?gBx7E
zY=DO(p%ovnHIq3$n_qyHTl@-pjNS!dgvFeHxWV4REpE2CgM)zqL*caFPfcu{YP?d1
zSyJ6kR8J`vH=B*8*y2W96<)=?xS969Zq7iVMXZh!tIcj{c(GF|w6tt4WbO9~+fM`5
z%|E7_>h_4aUw_KBaA%|)=YMArZsGL!_eCTZcLloqdLZ58u{y=!7K<y&Mw9_h>;yi7
z^Up$8Sj0^1GLo>KPjxcr7S8|RB9#n+=LyI+p_#atJHq(&d!k<-1&^*kuZIqxgq1$5
z?`<EVJ1pAU4$y~>#Ch-1KN|VO_|Xi*M?2$3(J2ob6nEJ{Es1A?@(!Z``F=#lIa?oZ
zCjQD5uzvr8-k%Ds&M5*!1@tG;LU#{P@3)KSzots%3t^ubsqQl*^%PKeI@+G*lJ2sn
z!nQNgB-j6LF`?5)T#2s0T_`&pjZ#!7>ULDj8BY=CQQ=HbHzaH&8(Zm(tz?i$mk)Nd
zkxUi0sqT-W{FC0g?6)z&Y5?m5uucH$WLCS)6|jFzf=O^m2WbOalcw!nLR3oJVjs(Y
z8YQ)(S%YcH7Z^z?XKDtVPZYjuOa`CxFp5*j@74nJq4T7cA&tynzk}11COqPE#zQ@e
zg>Jf`-kngdf#MpKV!f((RU9r2&S1YI)08Fnz5fBGuh#vahUxB^|1(UvPYf{4{qHb6
z`BV%{S4GFj!#R<x_KwwM!`pBSPAcGFad^?1yrXJPA&ra=7Qt3|QXd(E4^RF~U{E-o
zICVU!>Ugja!U#sen0NQbD)a7=P6Ge_zYL^%>_F}(KUOE#=Ej_K(du$TAf|jDDt~Zo
z+Lg+0i!DE(k(Iw<`^#g?-;GG;sPc@4Gbs)2CgC>&PbD~?@E4#o6?zTaL?E|rFHjNE
zDPB6ZaaPQj<!8xvd;uX7yX#Qe<JKZQk^%qIl)s*DiJ~WsDC*MY@VsmxDFj1NS1gKF
z%^9hpXc3@jbRv6WD;d~I>}>XXq~&b(#^y4x;WR=_oYFZTB4UPAYDNBE*88X@V?dY~
zMv#ZDJVn>Xmj3|>e#aiqJ-B+AgDczxFsu=->QQVr_#liRFa3_BGXQlR<Qm=rbmVJ~
zBiu)&8Bi6WrhHA_&hnt8Jea(&YL81EhNLs9%5X8smzh)gQX9HmJ5Yc`=y{Zo4-L4g
zNV%$;QNLs))XPg2w_&K%up7u+V5t@K6X+JhiQX@TU{SGP{@%G3c}(ZWW-ZQNz?tfH
zRC>DV@@Q%&)kzKpfx<WMf^4ts7Auq8;xV&#CveP*Q139mv-vTb%bag9*O-T;nLA`w
zyUY_(`Nd6mz)Sg^f!Aaz$^mQWTOj*?3rq9tQhr;WrOD{X`ZYau)RdX`o+VT*R$4_a
z9}h#PAB%;+tx*5%pMfS1%qd1m0$qd!holV;PIjbW03QnXLXHiHECEF8jfA63S!&Yb
z95Mms@W~caL%z-I9m)6T6ia#aiEBxDy>HeiFXUYQg!1amtnSj>;@4)Rs06%YactrI
z=V+DvjD}l*nE>uF(C_i}(7`Syv6iFII(5{MVL*vhyP+@QA@lIybW^f7UWo5Ov2kj6
zjNok%9JRCaRp$%I?#!h)HGF2uzstLufM+Np>8ry!yd1e<ia#B)=9V*|HK|BN?~jMu
zNVT!a4HyP1BqvGPoeqoctJ!}Mq#e9?tXpXhw`1R9-G$6XAuu0S`niMdZu`8qz}yvI
z=AIwkM){ZM`yxrHdky1h03}|O2_I|fx^Pdx+O#Vjg;&dDR3b&sXG4SYdqJ1~4e7NO
z+Dn>c`F;!hK9XEslzFizb0ZE_$jsgROm`EKuB(}H!z5da4vD!htu)YWKhDwVwq0|O
zZcF-Pmrf^DYjhIw5zdB6Gh-{9;-NV21f6ahveHPmy)!3Dx4kk4qenJl*r=rOmuYsh
z-fXg&HOu*4N3t#H(PowJBO2qeI3tbmK%7ov^ozR;jq!35+raapG=>ZJTG+PpO!DAg
zbjkvbeRz%Z1f9AzBRzpNdNSfcBPDR3e(FI36>&3B5!gsiop#u>61V7YTF?$HcjXN}
zU<%hEV4!I1@h885d9OGB*%%fc{(mxt>M8$a44iQcX;&J<c@g?~>H-@>?0F*pgn8dx
zz);!ITcbWI-sat_UE>@jN0^VKD*c;K%lS4hV!dRI>`XU#@7Rd0KsT*`FU#)^I34j<
zlsXV1y@{!kLUg}>qR;6_)^2|V#(G$on6-P+e0%Rc+zXqfly%SsKk2+0G&o>=e<!V|
z7b}#HF0vzS=${^Gqb}f)_V&)0BaIzoBagC!j2&OIn+(TS7tKGXsy~Is%Z8&Yn-3J)
z7^fS?o9A;s@Q%G)Sz0TU_-x}i|JALK?7rBQTl$w)?4B0i2s!BkpMo8$Y_AEGYdUu4
z1A}dNG0H97WyQ6Cn{yeie@?8xXv6)R0^LnQa9A?N{t#QWkS9D~X?9lrZgGmg$GN0h
zflkk$r^+V4UhEqbPuk*Z>F)f+%DVO{AB1^-C1$?@CED$L+dYZSK%T8qwgg8u3li!&
zRJ0HR{{_&}TZP4wpm>7IahUUeM;&gVIFo0>i|sTD(OFS|zKVU!Ge+_7V883>+aE%`
zh5`$05M5f6^udNAq<;7;h1_tOGI;c9jo{kAV3FP$VR7oo?k0po9=3po+LeR~Z?tN8
zv~96!N81|fpB`;ftf)NXE#`bbK*#eNT!T=saE=58Q*6yJlBs-fOfjD`66Gvbj3<1N
zHAQOCml2)t(%mFf!Ke-7#UY>MCRi_GGR?UOU;$qc>BMbf!te}&*@9v|(7)g-z}v;>
z$Kay8>l~>{F(HMR`?ojQ?jI?F^Q7aWxck#%!lRd&7$y-w20r(`H`y-Fed0wIP_uBC
zXU}!Bh=L+dNxFOlCI}(x&at%O{3#ZClk5(RO%-xx0SwRuw~#X%AbSgPnu`~<fGm_`
zko^TcL7FcrYczl2w~&`q>pCPhGtUX;qjdEoHS!6kdH-h4|7je09h>xJy2;FE_MZ;F
z@)Hv*Er$jz?D`UAx_K%BSQEd*Tdh5G2a;=r#M%{0J~C}YS+6|&7mRj^?z1tng+3uL
zN5#s+bW?ItzVUY`Gm9?uzXU9Hu9soMC`gb!e-U%j-!Q;@|4bd`U!#(u|F|pAf8dUE
zlgA<!;qh3n9gleN=0yKYw>ib5ut3liJ*|#)fCT#STfM?KG0SI0C+10bR-VB<7A-$;
z^GrjQ^q_VtoMw{y{RlLKBg{)%=G=%ktHC@pu>hJzm7MP5C5v5NK9Pw{IlhO*&YKZ>
zb#LGqaZbG*-hY|fVLAxDT>wzwBjgWRyAWnMYcU5M{K;t#HAes!;GADgm@_;>$axgb
zd5VmU=e%bDAP=4K>=({>r3ss~*u~uKuNz?d`3xPl@4;gr_t$FNz!gC{y%CRD`Gr~o
z<eq-r2)P$#L?O3q29iP+yRsOA*g5uk?qDvw$I@Xz$Vt5!%MObPO~n6Hr&GWNNzo4r
z8}?D|3Lm99ctBIL=@H|h(Zph%{rtwNh*H}~tJTw&7q=uk*RQzmHIuRq3qX?4YCH@>
zdCU0b8GQ3xlR7Y3te^kGII_KuL`Syc5!@u$@iFJ`4EO!GT|V}-n7iN~23W3tM2F=k
z@Tk0V9)tFbwgX{4FPX;m#67DbG@Q2^qi8=Hdt*`i=UktR12}t8ttv?0$nJYk^Quyr
zN_={LNS`32A*kJxKSx-*)fcp8O0k&_FKR-k)g~iBXh4)ph`}k18ltRt%`mtN)AhmC
zPe(*qw=JESOZ>nPW!ldMM0wyfBRCICkAm}?=_;Z$pJ!CX9e+wy?58o0*v8ZtE<u!r
zpQ4n-Wf0{Rs(n?or#i$o{G>u`;CZGV#CX*jjIFlho3IAO-U!91I#5Sq@=iTj0ew-1
zUSRvIKjN8(YH571q<&?b_vV$BO(dyqi(c^3@nGQt*?g!1bs(~KPv*t!2+&=M<(%f%
zYg|1cmvjy{5pxY6NU_ym$ItT#m1r%@`*(ReiM`fV(ME0EQiYk@ls#iCcprXd3)ED;
z`p2qBto@IHnBs*%|Nnf07gh~L!5J7S4bMME?(NVLx3m)^wpr{L2D%uX=GcfvSbTvU
zm0j@AA)S_@On7?;$Kw_&(u9CJxd^oeI@4Kd9fR$|`GR!uxf*x3iXwBhdojAlw{T@)
zLc+OtM7teft_=0(1j(6PE=b!1bES~ElQ;M8y96k)%tPpxB>s8gM(Ki?9^DwUjCVYb
zx5KmVrfCZnr7^v(9o&+7WNtE#!IrId`^8E=*e`<z_L;9d6o)q|e8ShvWyw@HjK<pV
zY5@*9{xbZhL|>_UMf3k;E!>)Ja##n#UoN<ZB125RsWr0FIL@u8WV_@XInFu2`GOV#
zrdjz=zmE&_KePoe6Bp#M&})DHo^FOY-yLyGjTiua5;%-fVE2Ek=cQD<RObVHGH*`m
zx)^m6<`ttAfCdyL4FTg8BVASCK=}-Ja73~@*sm=gDkPZ&S7s-5l4_nVO7QwiYR5}q
z3ZSm~IohV`oFQm4n|bp$<OQ0!ZC*YKbwa3joF9Wvs&1Y0i&Y=V&QxW9>hIBNhVcbb
z#%)2azs`Mb4;+BjG`F;^D6?5S94BxE^+o0rMcsZb0{oLsbI;5*lc}@scBGOQ<CQX0
z+*{Jt35-m#$+;H)3XZd!xRvN!)!Rpw!QTf3m>rD{q&wT?>+aAZtN~D;MWQBY$L4es
znjH#(&UO@_**ITm9Qk$<%oTau3)|H2gaC(OA=g0LRYZS&W937w@WfxsG??e(2Po>=
zxHA;2hM)~FP#%r?o1u7bE&Y+82Ap`i#=IS-L+?UmIvHw;JK|u+vjxYQb5c&iJ1ON5
z{N<iGL)xh6zhbeR^dnR{eJ^G$#i;L)*aZoSa-ix#8!k_?DpZAN)1rZPShmGYu^q0s
zsK+fsH|z*EK{^*nxoHPpeOHvn!YYG>Avv@_)pI%<r{8$-V(y*L4fw=+w1{`}@hRVL
zPd5z<wjJnpRP$2Gmyq&y%kwpOIv1H6p_%8Pyc;hyamJKeR6XtnYdX9KTCI(loQwg(
z3H7-ps4U>C@FbH)XEkr$3{949M__Cg4|BkFnbkXTKC{Lh9B4wfl!7_zHg7I6*A$tn
zgv^SfZa=x<K{{C^ort6i+s?GJeE*?cD5cE;rf}ttr}dZ82^)tK0V)dSV}fKoT!Gi>
z^|*4NUv6}(Dy5tyk_B3s1KU0>SX`{++N_$^BCRnUm+&F=Dq4q2nRdW`s!6kFDYUKh
zy<o6cky4Irf_HJ+x-7^#UXaxQ;A1``1vs=&N5NlBqkxvC!IS56>@h2<<j2@Uj|g_W
zxyXFFsM`<9ii@P2+3^B4WBn(7W>~Y@WQ7ufM;{F6pTz8Z@S>)K5!i&f5d$A!N*D_$
zb<+cQnLZr_As&10s5XI^G!gPGKq2=w$?bO`g)FyJDiAV{X-Wm9V;FVZRaYw5xm>+^
zL6w5)`&0qSCJL0M6UaaVubOQjGE6V(dL2J+#O{4KS=H<KhLW#OCXf#f5y(5>xGUha
zU(4itN9lN$eJ6pcp46<mZj0=O3Ri^~CNRtH-)Yg2$%nerL~8Uk!ra2k0N_B%J@8T3
z=aftq?_``?I^`TI1m|26J%(9;aktpqm0Q{awPD1g^^n@cy;M=;*vT!)AfyMzp3V{A
zTfRs_uCM>hdEHGV-U6xKSt(nbq8#Uva8qVt2sl&VAoFkcjE1unnB(deLWPBJVph7P
zD(}roy;YZ6y8}fqBDqD`M3^|vw;lOysR~_M?RPJ3Mn;n>Lpf%FblO>Y%#t5;wQq(A
ztb$WuYAX6z_o1&-ikTE9VZ#{US|0{p^*ZSPFj44lGpkIu#;|&<Zn4N_30QrPqx7{Z
z8TXflwk&S@CBeoq?##wCns$Vfxc?HZk*o>~pn`e`(rI_)u~u%eu{XCgrIq#~0bX?E
z%92{4)O7O%6b5*&Q!lE3l<a7i|Nax6ZkP&mv;$9xj*Xe}$bw>kdXe;%M4<}m`AWGJ
z-4%!xz42O#y-FZamsl|Ye(da3TYQxvR?L8(Z1#%7SG~oG68IU&UbV+pd1A$U_?d{S
zViuoiu{$>;V^oPdqWi-xCkd!46-&^S(Cn19JNMK&E6-c`m-*oQs$z8NS2SsRVS+DM
zY{NmK*)*Drqv`WK@Oy7E=Nm#>-QBYU#|5DNC@~6fco@bFP3D%CqC6*uZfCf%X_&y9
zAcg=X2}O?cOvwq@J3%U%RV2-YCa2>W0f#r@$kK5{eAf_!#Bgt}Y&rBe$oCGqO!u(v
z^DncW1C1C*y$1xI$_EOQDZtFzwB8q{5~Y?i&h}Urpz+k0vd9pOhu`81r6Z~I=K<9Z
z6p~}d>@!IH`NlIh0c!DWtVXfQN<d9$mn_G$c-u8JYht)#Nq&%@5cHWoXZ@poIw|TQ
z^%6R3?4*AJ4RQiBIw1{d?xl?Wq4wHBdx>1xM>Omi(B=>DRQE5E!xT*99s4=|MvR^r
z9G-@KUit~{!<nZA^BF<<O$8%h8k1$+Jq!L%bW7*ao(7}4UMloLQnyJZb=~4lB6Hmd
zJJA<C5Ql;^%SK-Rf_!qodR++;ksUkWO1srcRH5?h#aMW7(0?G*OU&5+66inPAS%C+
zjAvFdNp!URL)#Zn`wF9m<p(Y8rEmD)=&It%lU6Al_}q_(NYLC<i#ojkyrmemJvhWH
zhT}_erOkoQU&JyfY<wjSGveU$9(zp2Vx;6EW>34oe<rK1l87!DQ%qna)*SdIAR5FH
z3&}jqoIle-_t0_`P}yo%T}0F@eG_?NalSpdH@-;YmOiV#NbQI(?A+2t>Whp-e38v9
zovFU)ZNV1<xuy50FY@A@Ytewk#SI>9pQsEm#Mk1*&B^8p|29v95O_Ehy_NcZ0#Hbm
zEaTj+Zaby((&w~Tm7kjpb`v$UDTv`XuIx6NhxsrM4LA??!cjC-6#DABX_0iuW97wR
zxRK^~VS0fr#p!*Qrgy*cDG=4pKmp2}5tAKo%s&aQHm2PVjH}&h)ZdKm>9B^9QJ2uy
z9g#C<wv8+6jO>nd2u6}om#FG{1s=(OeID>@4_Y9&9Y2@+E;y#9az3#&J6+J7Vb1M9
zM&8nzsjXz5b30sCqSQG52;7<j4<x$-1*t_j)9tC8e>cj6Nu92m1iqR&9a%|EBpIiw
zPj`m)rh)dZT-jHocO!JsVZ!;}ghO7zKV&C@l8-#LoL3_Qsz`7?!x_+9Id>jMg{MPX
zI2{t_+{zLhBw!5;rwg{tB}xqxlQv7C%EPV1W57hh|KRBFrV?T+otmk!8Opy<*n>KQ
z(ji1gU=DGlTZGIr?i>q@_Z5=p79_K?5#Z!cv*2*?l)Ty!9j;NLJBCSgF@Pg4Ug%nK
z0}Rw|80eZX3>5#YMOVF>aEQu8+8f7A9Ts%;N54Gqp^xMB<tj*}7+VkKrT{jW!Koz{
zc$x_8GG^lTlBaGjd2D;xt#2=z+4gc6wwJvqiXlSYYeN=>mpZ2^eZnNwjh?5&_M(KP
zqn*xF<^3=jfU@O+2p$|cA938p74BAMgpu^j3K+yqaT9cL)4B1ucDoGw9LTGp7zMUo
zahg`1!>noLEwUK(pPw{}p>~XqilH`+XNRA1?RnJ;@Hs)U+vTbg#Fb+_Ch|=du>SIB
zcc2E_+L3kG4vVK>1h2EDZ=`MV$3s^|l;I@60rIxqxET)(_Uof<$izWNhj3pGqMI0R
zu^`O`s1@1*RzI|kEzg9O>)xVsB4+L$r~8V5_RCG)rSpaE_^&u;jj?mq2<tFenMa--
zKDXoEgJMdZrWfqRE+BYEqH-9&%|``H@-0>RJ?bn}0poE)9Enq0j5n%x@<2AXR5F{2
z?M%jYic!cgQd2VHkrjBv&8}8QVv{qGoaV8$so3sh{6evQ$@;G+4N7Kj85Ma(;urXq
zlJqC1AOenN4USZPYht=nZ(X9u!>Y^UW6OVm^5I#qQHr@QEi+)|ieeozUo1vJ=%=5c
zWyTno7Db-2-N2trTxP^RUvU)sN{fkA?{HQ}r-Oh__wfJ=*tIYI0gdqR<vO1rwY7`6
z*BHNF9Q}R~eZS8qszCS{6T}{_HuT}gGGiaI4SncYY$Ci?-k^)y-#^w{K_MxASbn)0
zNn$9HkE~<P!x^0a7sfhd2ssa>asKZ#IWp&ai!ut-ONRm`OD-gq6V|_&JF3huhOfry
zW2hX5W0>)A>=^!H97Af%7(N&m9m9%oCKKCVPLQPchL(dsLEG+-O4ut;K_S6$OuL&H
zqux!7QST;HP0eQ;v8f+FN~dtLs>qp|qN^P-gd6=B(#o<SzAKH*29fh9s4YJ+qB)Y)
zKzj;+@zG=2o`S&S{H=gYP?`|E>QSEjYLkiuf^-tFU_#+4NXSaVX`-dw(${#NDC=+o
z&6%3v9fuu-$w>1Sxq$>pGkLlghQfwWOPle2WoZ~MW2!uEJVevnqyPvkiJLS4C(=B@
zZ<_KksiP?$>d@1NEWfag&NVjNx?qts*`9%a(v*4O82@V`i^b0Q(C>&ocX#=99(}+^
z$do6HReAItlx!RWyGq5^sP|CeuPD8W4?bpQjQP5Hw3de^uJvmoiSUP5<>(kDk~l`G
z{bQKL*gSVIuig#hRi#Y!;Lfbd)doZGYIh(n?BrIR*9=dBL+jxvx2=p@jdrX&=h}f*
z%e>>u$9k#s@D4un2PDZUdq@o*oQ=N4pyXcXGSmy%1%+qtFId(VsFR8b(RfU;Y^m;#
zYm8fJQgzROU~L9=Yc83OH+Nl!d-$Bc@WDbr6X1fZq^{GP=4pfHf%yOrv=wyt;cIxY
z2`HXKGq$?{E1{j=lJ=_5Ad!^SDh?t6khvfIvzL*cSkTiY4c#?7d@_2p{T<ubEd(dl
z^XJZx*<l$KbzK|5!#(h57*#FMm|RXqh?%!wtU<A{D?nmDUT7c%P#eaVnKg9P+7=l@
z?P9$P37xm`;!Z0?$rOcnn|Y&!PAF$stZmIF)C))~9OV-L!+%uO{+(g@>`#bpz-X_G
z^Cs~@SeiuJ*OWYn0Sc2Z<NsPb0u$MUA{6Dg;XXZf9%7==YxXhd<DI=yhM&;+piDVy
zw>x@*2K)7-+iN&Qp~ui&wXcOX>L!gvCaIt7fW9kZBC1?A{&o}{#?iHR5S11>7&^~@
zV~zp`U0o1lltavvx;=53XVg$yE%ZCZ2%yh(gg%k3s|gdhLK$!-!udKFO`m>RtS`TH
z@8fc*zC&GpA5d})BxUCgZTWTNgQK8RC)f&fH>oS|rN!C`oI|zVyo0U4sg!!*4z>d4
z{vTU`J;*Qp|E=|>#ZWQqN73NB6E9pwT=aDddw;`i8JUs;D1|r!D4$!TgL2lt$Rh1_
z6_oc;@`KwkyfN~ew{K7v+7`~2M#}zZ^TzqFB3C|DfU#lp&5OEBd$_V^TcL$I$N85L
zQv)k}=~JpIlaJ&vy&iqAyNO#mjESj*f1$Gndk=~`w*u>0e|--H=)P1`g+d;;VY8X@
zT_hRacW4&GggZYGch#%kr_fokhLoOc4>Coc53K0V!dt}Dd`KDIsOGZ@HLA#6e}1Yv
z=N_O+Z=sGA1MAYWRaDK#EfvC4%u43UW|Oi?`U>b6=bIf*3O+q;K&KC<0N{8H#Z+A^
zKv57Q=&>i`dte2pK>PQR4%b9ze;f{K@qBxW58Q(vFdql1P<Rg&cS=*q#L#~WX&p7`
znnIy`%D9}iP?z>tQz}kHe?_`}O3xlxohb}i11r-_0Lm{3^48reW7J>TtVBSj$Eo*6
zV(z00wN)|_v;1pEuvIdcQXh;knJ#DNC+0fzdZ|?M4Ygh(rJf%_S2sXu^hG@${C4I!
z-n<Puq!8gpdOWDngStEuEvU=$(z{HTX9fJqpWSL{;qySfk974=RpPQOno6AY>W^_y
zH&_rmj!j0DxO`HHyWY}5B`$p?wB1~J+#(*21Na5nR%M`cH`tN=I=<w5*;??@I*#nM
zVKt=F3aCV3bwa>Ns&KQKS<r`;QtRt@N2PZMl;nJGz!vB@%lZCBmlj(#kix`aGxHnb
z7AM<n&B|%I=*lPYfDdO7&=YNRX!&78rSWK^gM7BQkZg3c45oCz$R>A_Q6CHK2(Yym
z@B$!bBDA*K!d4iNU-v_ETcXW9qvbF%j2@uDJEQl5d?5GG+c7#)H*UlLn@!02-ZEeJ
zZ~P8U`i3IazcHmgf)wz-Z=>mJ_-!<O)j42vDT5YV1IU02DM>lLpqcnlSRF>h?$QC;
zQo2G3wz+?R0g1Y+ioeNG!y9H8I{b?(`@Wb;cQ~Kt=!T&(GoMLZ(A}i6XJ|b${z_`F
zr;AYy7HD87JU&(nb{}T#y~w5+)xpHvPV+R-G`@wvs1z7zey7xD0?G!`Z+;75^CSGV
zxTIPQIOui6iOy~ZI>ldM|HYG4-_Ex@u5agWP*Y`sx}85q$x;E`FkUpk=b!;TH?30P
zv*k*Lvo8!V`UXJ-uw(O(fBj8U07K5=a^TrBPNgECEE?lPp|b{aa*!?vjv<{Q`Q`!S
z_RFRWYGgVo8%QN(TeF%XeU;TDy&Y;p%MaeX!|nK%Tk`FBwFD`+EZ54D($F$3MT%38
zYbjEin%>MbuO`o56;XPriZB~U=j!%m)-m*q_L2iNmMWC(S_x8Wx|wbmhtAa|H1nTy
zr#OsFXeUag4MTSD-Z#@tYuI&>s$G<{)-ZRi=jwBJ<V|8KhN*M6my(S`VeaM=N0?%4
z33)<!%Nq0=b{@O3sZ{IAKd9cJp{y(Al-e^CyYlTDY6GZ@M_pO6#?Y1drFvJ!Q?2zw
z)vgSq<iD{icTiWJG`2)t$;PgjNDpd@XE2;@X{dz-zo?A`H2W;l%7WiC<wN4ohP+`I
z4f1I6+0|^{Q|uQ|m^lY{vpH$XBI5hDdJ3^k+{vg>+S0I9dPB{wre^C`7<xv{{$n*G
z!_$;b#&)G}G%n9L%>$3>-G!93=cuerQXAay%9zg1cNDs>5uM%#?@ECeJIT49MBcg>
zapJ=A7-A;}9*R)sV?F66-CNB0K1C8EXlc`sXES@-6$R%fL5XH==}>ZfG3S&Z{U$$s
zSaq`y;(XU6&^-_kn0fVd>bR+ayOZ6)F=0Uh{QX(}aIBduyxme2Qb>YIj(x|KeUe1Z
z1b`lUHwm|Qq{r-S89mmyEs;=%?nc$}VX);74Y+!#hbZPTqQ+-u%G8N%@f3aQZboCh
zlo)%0I^o<xwesT@Cmf+JNrqEntIZu0fNVwYEeCDd>3Nl^PhQ3Oc95FSW^^x*5E!hV
zpD253=}#n+cWlP<bGINhalQ>GDaAANb2@>4*hpuni2c;)<s2B`UXC0Gs+8W{K#3)`
z(<nVtJ0qnRHF0NWuK&Fxgu2&O1fOI2B{J@OVi@3;idQ&CTe}xuL?jy;ysJMPnK?+H
ziaRZ9kS%m40Oh<{K;a}QY3(34<ir`_{?=lefNEZns8Y>y6SY|iB(hl&6KR%m?n0^=
z?_7}f{z*NcQ9qv1&THD>>EN=XhWwLlFn27YoM&J{+Q(Gn5jlq=PUfsvr!}t)PV3hb
z*tB+TV<es3ElKCY6zRdJAwM18kcRyIiKa_5<biay;Kw|6K>U4HT{GU_6yH)se6_8m
ziuf*@rXn7)U8*9^m94_2%}uzjr=oJHs$Kt8B6042u3hhz?y{@u^>S3bzGn}&N-a+y
zPy+P!&|StwCI?_-(R@2<*#GisRKtE|HQ;pyqnnSm&Z^KVyjUS5oZu^K<M@Pa=p=ur
zDD(mh5UY}}==XGJl#YGJ)^Z8HfOdxcyN!?9c3f=rUzTA}z=g{Y)*@MV?1B-jp=D^a
z>mWjs*>&hP9sCt+I<7;Tj_s%;>FW#aI2~Vez8guS=SwFeW#>R^<%pzj#p_7w=|#dF
z-=KsjmI?_5EbWs(-ks34k74Pg)`&RT$j6W+#|?KfEX`<54h#Jx<Ovi2ol-@pT3|Ey
zxA>g)?7PXo1)nnwFry#7p$oYi@kzg-LKpDG$#Vv({w+LxnL+$FgzTC@d?lvDc}N|X
zYZ(TEcooMB7<1SPtv@Qws`W=p3~ilYz|aD~&@qIe1uBLXs2DmOF?4DaLkj>yr}r|c
zD2n^w(*MAthN*|+445j$MKRU!3W|Q4G-Tae1*i1<Cf%>f;V|xVZu57BEv^jhn3Uc|
z{vlYHCYTlAVz?z^k=j5!SH1TTo;L`YrwG+iy)|LmP`vXYOqaZ23ivGXHpQyPk08J(
zdHQ`l?3h{Gl~7|ePG4VU=dtIXs-4G)7Iq$2Tah=M_cz8H`ruc7Dbr$7Uc0F3P@@=d
zvF@heuQ6^4I$Cr||1XzwQ{dL@xMDY{47v-x2R13-+;bj-xm-!CJ@D}Uf3z}gQYua*
zK}mL?q#-_=tCW*Xsx1I^FPAPN(DLDg#c26Z8|~gl%ycH!`oVf33MXsA-(nc~!7rm7
z%S#u?jwScy7#?lu$2j+Ni}9O07s<6WD(5wk?X7jnn^ypK|9Av;yO$ZTuX&j;O1>cj
z;GKmOmAT2Vk>ciBtbBqre84)5l{IwmjhC>4jg+1H>Ps;lJn|9r>0l$aSY<$bTnxoZ
zTodbf1yFO!RglO!u6)+0Zas{>TK|Y@iW<S2iNEBLDJng;&qLO#|F_H03RSSj*x9^l
zW_C85A05y!Tbqzk?)U&T+YT*U`$1cWZ-aK*sEO|&p=97_fDU0aon=s)UDJSDptu#6
z;$FPCrntL%ad+21ad#>1ZpGc57K*!5++9NQrq6uek0g_s>ppw!ZiZp*oSf}$qbbGb
zYL)Q)dCyHfAjKq=@hM3UXhq)r`{$OnIcUVUb>_QP<rL%x^Ynab2eZ;N<MK_uzNfF!
zMg{_n*3d8aA2S1)hd00Us|wzEqoy@om-#y7OU%W>p4$*uArKv<;HyaZ$$vqA=l~MK
zuQ~ht`u2OIAIy$8@ky%(Vb{;}gJ0<dO#{i7hB%asKk>fOw^pbtDcR@!cCsgfXCz<T
z!?$x({kX9bdG2k&WK6=N*<uGfjri)((_$)XsL#0=s2+q9ctwNXYt?Q0Q8<e-aiiBy
zVfQDdD)`|PTtKKta<;Q5Z628)EtW8%2B05#HwdA9)CRD}u?ynIi{}s=<23m}yxR8L
zr*qf%K7>4hGBL4y=d-Slgl90bw@rzaA1ImGS3)y~(f5)8?PE6)3Oy>*Mf=e<q}Su;
zcY?B0-D77ZVc?2xbrD#YSYYm1iHV5+0rZ@7hQInn@8|Vl2QFX3W3En9h(pQJqpt+s
zKJ_bEHgAE_-v`tQ<G}Xb!lGThl3-1YH7++|6xsiA+k~~JzqZt{Dl8vJuZa5W0WOHm
z>*LjGEHxg83TJJ?)I9r}wqCbHZas|I4KIV+z{<AWp!4TeI%P)ZchPs&N~D*mhDkq5
z30TIjM&4I2YOl@E{US<SF!gVJ^zZc0#NP$n*fGIuKIXm;#4a6qS1&yJuFuFN1J*rj
zHi#NdEiYCF2lazM*Jw41-Gn91M^pJ5Nuo9G^)XkAeibjW85YwW`fN0*opRosi<hd*
zf<hdzl2l^_-j3g9IB`h~6t3Tzq$k;sr8;vZ&3sNosF>jYiW|?+AsAnKcr$&8)v*p7
zjzBQ|HnW0=!XkA@mKvo-kF|11IIzC>E;0xXzrA)`%V23g`ILwW1Y&?Qs5|nM3A~=`
ztkkFGz`9pg3mL6kDwP);Uf)Hf(NIy<9HVRHl{dnf8@8VC8aQ*zQz2et8Fp68_0qbH
z2)=c>Unv(YHvv@b{T^bF)J7x03|+{7k66_{Q;MYd<C5r``&$ZuwmB+WU*+68G)K+1
zApbKGd-^CIgw2_&19*MF?DN;!^B>Tk+S-xqGk!8`5NKhSX0u@c1WU68!pXr>cQw79
zdFhT$(NlL_ZeOUCiw-QA1rFJxNxr??AXVrdVzOvWWu<H>beF(Bbfuz*c;BN%aJf<I
z`!&5jG*2=ybFe^m8Ao>WC||%qV8i*+AGVIEHLAT=aZ%h?uYCR<op$vVqeS(Sm-#c}
zVJCmCf$&Pmc9(jq7iSFjr}fz!=khS$Tnt5y&S9~8hwuUB3aX2J5N+*QLgMTX9-Yh0
zocRZ^U9+zkL%Wb(_caXs^dor%{ow;VRvjW5>J@Shj@<V>%E4d~g~8z4Jv&hQhQxv6
z`o;q;--EXW%v+j9|8A{W7@KBy6AzJ$s3BJdA%3C<{2^ncX@p2_YSK@)gM-3f{-S;t
z(IQQgYai+M_k|JS2ZKGx^~Q239-XD9t<f-CgUiP_Ng`;}_b){h`HXUk`<)Fj!(HvU
zgZHRXY?5O+Jl1dF$e7Bdy4gBjQrCDJKhIZfu^GN;_UZOlZCwF-U(QMHJ$?SZZkZP)
z%dfuG+5V`Cj&$HR$!<xRoZB4jGbzDnAXK1Wq`3=FpB6}2+3?C3Pf~Qts0<?)I>Gd;
zQb*WJKfxICDPowmNoXZ2%zB~uXaRwzHeb9BGy78h@sIGxQ5;-CvNz@P9#=8nDQj~a
zU(H5!41|%2#}V&~xdqAXHT42NyuuHgrR?6>-xHIq63<FqQNr{}&mZxgDUyCEaon1y
z5ovh{AyX`ppH{ES79;l9g<II(DXQF~!E^_BVX<mVz_9mdCT?2xXx4>(-c974c6nYQ
z&Z7F;cNz9U>fWxed~ZUtD}w)lRKi2gBjW;9J?A@>QHAH8Mz*8COp)p7LOtaY-*3B;
zHrThba&*V8Q#+r6VS}>Py5-X%Izr!OqJY1wb&d7q%CqCmho*I@cxW*6^IRMjN8K`2
zP64S+r5Rp--=CsKe##Z}Cn{*o!sC6x2{5Ou4HVbkW(;@ZS!fOmUkcA(EEQ-XjP(}s
zr|TSkU!U$@xtPJPvW0bkD$*-+{kFioBO(i)nI8HiEnsbcZ>FIPD$6;tU~e524^B2N
z$-6LnIt-xQ80K+3ID13hzIo@CiJ>z(sI*Cl)a?#Yjo9p{fkj~`x5NXf`$-bo?l?CH
zVDhYxM42X1)Ue{3jI~N!Ev<h6i}ZDP5C)IBddY3r!r<+KaHPl+TripyTYe>bBat{O
zg!9<0EQB;$5bEf+|4cA@Ys&AmmTk}QeeG5O4hy|lgQGeP_-h@9*YA9r?aPcPzMq{0
z*sUEaGU)Zn?Qy|XN7?`Z`7E?GjDI=_8ffvpq-*@qxy$OU2-J@fJDk<gf~b5outx*r
za{F2RyigYwH@6l!r&St%0q>Vv7&i$qbg3%}4~Rv}GOT`1p5eea^<zP^#%C=NL`Ms)
z#ztu>_o|tv<HqU(;8Ui0Dv!P33RV~y>8CkVE(cLa)TnKr7djp}!*taMNyd9$WwfZx
z?xluSqZrskbQ3@<Gc8cidp&=gl!G~5BKTv2)Hi{BrYQSGd0x|qrIWKji4akZ`Uo5z
zyU_*TcVUMl;h_S9&z`OPRrb6P4u31no$)QHxxR`YeY=0kFLpyax$Z6|pUEx<{}7W}
z?(S`k#q|ulYVt)j6l1%bwpyR&ABpSjKUT6gw@*zEM&|Gb3~VH>W;{jnqN<BfulY<1
zsX(SZk58|ygom+@ifTvwQ|y)yd>@Vth$b{<*KA+dQeI<Jk$A~bX~FFsfSYL7?u201
zy<@hZ^h|4@TJ=KZC;3|6XnWw_Wj=$dYw3swz_g$+Z$p4u$bMR969M;BwE=s-?G;{C
zpq|FKoUeDj!qc`BFSpY2&>%sGZJCGJLsxaruCO5MhfxcDR(JP`OM}VPQpM#YiI*sL
zaHo{LD9`1Mr-I5x2@zG!EeMVzBL3z2te0Qz!|q#(9hwaHkiaGd-y-0xjbm5<1#U?f
zN8`G{FDrC|zMk!--*}}wZ;)1LZem=i>a;ZOaE2|qIx`fHqf7e-YH(J^K2`E)oUyj|
zsNrRh6}?Z>8QX$CKDLr;EXFh{du&Wz4d2(F(kAe7sFph2I#HGtc2Qw|br_R>e`f1x
zqbu>PN&F%lcL94Lhtny}YjtVMhw`i4SKMXGPS5FtqE|EEsrO|Lsg|hMa@Pr@m`bi{
z&P3`Zw#AfiN2u3km-KwANZ0wCT=IvtH^cWp5zXH-nwM<S(c-8xRdv!~gyn+gm*7a%
znA&;A^)_WFPn49nFq33HM)WC~FjJ*F8J<q3w{;n%U+pXsLu(&CsI!~rns0IO3eik~
zB_)ROSQLR*xw-yluJ(5Wg%t$AUw3X@Kt`l6>mQ41vRv{dipZ!ht#f{&MIIAnk=-q<
z#$_OfCyltK){J>CA;AQsMBVbbvz+?RSl#h)BSs;TudFJq9cNzLBltX2(bu99x@ZX}
z&L?dcNnuM7^_bZ@@#xqk=U#Q97x!Z<27+cgpw1m**iM?QUwN-0PM`MD>}XJMx|l~o
zPtlPdY%>ZzkHlrp#f>TCb8gHkez_K!V0Ip6x8DeI#)%5N^&d%SzE!hw6Raae5T;z_
z_O){I;jV|_`u@zcRU_M{SJW;(m^;4`gg6|t7U{7rujTufnTY4xPuCt53k^QfC^U?R
zUwB`LBVortnemr@jbh*-rgnacbu`h=4n9Kg0R11hHCMqX^iPH4p{(7Gll-;%A<XsJ
zJ>{3^o6eHB{!(@2Q2}*^%g1Ukn-{s{JGsLwj{FgJy3)UXlUUXxKgqFfe9jkRb%Fo-
z@bv3>h_mC1tu0+k<0qtc;%SakxQ@pyU26ZqXJicwTyB>*!p}(ot_V_Lf1~t%m7mLR
zrRPE5BKlbp%gI7aLA!&f&5r6FglA&DLQRO67sVZ0Mb3@T-2m0z#;tCcB*RP_lUA}s
zb6bNmIoRjg6_*5`IpF-u(-Ahm&z~pM3n+iDoMs=gUrkP@zj+IesLfGgo8Nkbn_3ik
z=0Uewf6eG-*i%Ao;KY+~<{^HzZ=aKx(0C~ap~};<=0q!&yPSPubkg8h0W!_!?33T4
z65ed3!4^*?n2=;H4TbE*%p)IBKj#bfcxi~QRBXgGN95gKh@L%?nIf_%6!8Ml=X4Yg
z(gKF3>`H4$C4~<7Za3m;^mV$Pqd3P+p_`uP<^peh-e?MC3*X;>Rf;~+W&@GVEf9FO
zUd5e3Z2YqMXT2&^${w2$YWk)Ta`=_YaCy|tKFDqP&z|OPlPE=KZj%T+CvKC(SLI&$
zye%P%eXN}2ckdne4WmBA4(u1XOjSiNhI5&GrY3u(T|H!<hd}{wNSrEF8^y0t*-=_y
zQ8rKg3}k28_8zeQ!h+cruXq*ro8Dw+!fSOV2^oL;p*82$GsYH4V@fO1j6)>t7DC5A
z|0qcq_F`HpJa6!$7+zl=C&NSx7*m-{qV(A()`B$X$;-1c!F%HTNp>5a3~PBkdy~NY
zxg%NGc&z*=g=u=ebiYC#+ttU3Oh#rTgqVBOTM}ONg6t2;#?aFiWf4q!C@Ev+N_I+K
zfQpeH*kqMK(d@ko&)8;c#D4F<C_5+vMQQB;wquT&1v68Ix-~FW{<>V5I!IS0RaVe$
z6-j@^rX^ADNjXT?6mNOnNOC~>ORF2dVvtu4ZkM_>p$F@4=I-FX)K)z6S8G`=pp|{;
zR&qW6tnl86dv>q@!D@B_bKM^+M0?R20b=#+id~R&<Y%Lk0KZS+8|w*<sd`+mu)Op{
z`yS_75`ny_tg)W(1osRK@IK18XJ%&jswJbCZS_=?=VSxO6H8h(Q3>)FR9(XB3Kwxi
zUQ!viZ$-zdB|gadMT-CiK(srJ4q?>c2b3|wYt)afr;Z;U!Z6~h9(ma_$#n$>-6EQu
zH&2Q5mqI9PtuhXgKPLu7jI5!e*J>HnyGE#kTM?aXsJ!Jh=dS(!Msn+{N#CWkmapiC
zaBHmbX?0`ESX?VFGjnG?+cFO6#=w}wIaP%$-g~c<buG=uVt$`8Yb`3I{xMyBpxGQ7
zyp;RC=X`Ukp#}fFd-ATn+n6Z7ORo4^mvjgX!PuLdLx=U=<YTWzQkk$E3<du0&TRRP
zOnyk{*-~-dN7S#TQ|6mddF-moI#lk+S-#oQZ5N+I?F*@O``M8@Nu3Jys~aK}0*kHS
zv3`<~J@?rbW8^gZUWelTF&WQyfxLG~fJHqoX717sS{ncApaVhPrlU&hP;_GHlf1eU
z9^zT3Et#Z0A|5H4^fwKWRACv=0$*$pO7LZ=R%{T4mwoZF@voTFD>*Lh_^mealS~}G
z_A`bKUwI)ngmJ&Iu6JZNBDA_p_I^E9xAu$Cu<6(q?r)>o!>y8oR}7}J;>Wiis&_Hs
zH*GEzatF*OUsJP+Uiq3@we6KoZZbCYlkk@0F9OFA7Sy%~dNp`9k=>9sY!a9S4U(qV
z=7Hb7kQH8i%QdV&oNpe*!((Q{b?))BqFaG+_wB<w6w=&>EF^F5bL*b<AhTX^EH1r#
zWWI=uo)4*pm79Mrg%&mu+-SpX@bxf0uK>RyWgUyULrCNO>Ft}c-L^Gx!^<oCNbf~a
zg2qW%G$wrN5oO5f>oH}>JeEPoAI|Vd%%e|wO?_wkAgW^q#cfdN9S(*P?D6=Q@3)Ty
zbhg5W(Ean8k1*Gg{r2&D<Qpa$wo~CZA`TiNws*{Cp@%{3*>#b2S?}<FuUF12F7|9>
zUlMfb&S#to!85|=guRoz4A%PSyMWwx)Le6=p9%V8$n);E`hubdO$|(o?zX;EN_>Ko
z%)~KjLLfGJ4cwxOcGtGyXBHzl2|hAK@=3y?1MyYWILODO7?w8LDr0-fS^3rnyEr?T
zCrRke0=A}Eag3TE@T)*cGSLD#2o7(Z_p7~C>S{s`*Sw+akvN9ck)SO-I&qZabxGaN
zuOYa+Asu4B_?A&Ysv);Pl!|7gr;>}4bhrnattwuEiQ}4sJC)b^?<vpt`X&Cm#vt(w
ze-ny;U8JT!bZzV%;t$%!v;lA!O|c{kr2)3V3f>ncj-BO>p3TN&ZL$93I<H@00`e36
z1Ml*{vxNvZvC7+&j7~p4#u~DYv|tXv{I2eM&vaE(yM<GaewAQ#i-e(P2#%WNo?sqz
zfBEz*;P#t#OX)@KcBa(IwsQ8m?c~u|Uvs$RlQH?<rP1;Q`DP6-yE6Z8JgwCUyrKlB
zIoB}}e$E`5*z6wHe%Z3xnbNQ}1ohE#EXMfEM4fGiU(R+v<`@WG_0~rNoy;-H&vrM6
zI;9nDU>5gKz>J+w>p)ZdLkohH;bY(kOPs&FCBBr9<XPb<yBWToL81YiFuSnHl_TCH
zD_&bH$i!fYzSpb%)ck4K(xU=olC;*xy6Cp>JX~4J{5%}ax`R&~Z!o}$r=M%YG|hGu
zoeW0uT6snWnPes!x%~>8I}Gu088b>URXIJ3ADDbB^!Pd?<>1&a<-m58SQIDmJO<2S
z*`b28?M(RXgT2$Q66sO#eVP4Jt`nyPC!WTZe)mb;u!D9>KxUG5J#LuZ1D~}GWd-oM
zP%J<^uz=^Nfv0hw)p5fdcO<~EA-uaM@v}@y`6k-085;eP4??zGYi50Uf%hXiO)gTu
zzMLUUDh*#CkY-N=d3bweB(`whMToo(xH0KC>??^a&U7zR$gGKxd%nuA`lY|cOoT+c
zD!YtR7QR~R@uoWt2I7<PxK6K|bmiyjmCxDlSx{JWc0|jzUZ*e}%?@}#4@c_aK?zcE
zQso|TomPfhPH<<qgXarswh}?8;!e!(iN}bWK-Y0(H7^n#>?Lcsv7t00sTSsAfX>tK
ziO!^L_T#<O(7skZRr*z>f=nC>Ak8459RPc~<j)a|3cWG0A09gHO*oKWIKNXum$IPg
zR3<XYm_V>7xp<B(h8~sy+8U2ewIFY=Ig;Qq-UiC1`@uO0#9Lh$^dm@LAvbX(Wb;f9
zEyKt^ebxam^b6qA`lVLuStx(bD&hY6`RlCK_zTJ8j?UC;3P+NQgDKxI(_sPDuOG5}
zbt)CdcOV|ksA0!u;c3+pCftyDQHrY-%7qej_Gcf$rQoigPg~#EB8|ML=IJfDUK(Cl
z8`W9Ubo*870N;&eE!#Q2dk>*zKUwDx^q&>aZ{&=TyhHx<^zJ#${DLtk3f94_UNYx3
zA7$eCD1ZWPw~5zFl>C?!WLKULqZ>_4YJ`>*1lG(^E(DSu>}Dru>1EJz6K3ZPzQG?p
z{XmE~Y&49ean;eD5>SWKRAQJNgq*qbnBOGn;9ipcWu5V7t^ae7HgF-^o~noX$bx*+
zeW?F8ZK{(o6|U8*$5f^OI@)8~<6UT)1Xj#@(Qgq736)P1dtWcP?pek^bkw%46?|o6
z8j7iu9DuL6`<CdZoort)K9qD?Fiz-xS@p`^lJbt(o$2^JvqJf6_A!N;H~NI0?2G6#
zRtaZVuf_eUX!lT3R{kccxr4m0k#|G4E1C}@)_1XkTNCQq2*zs7m)W1+HTcSH7=kdg
zQt5*eo@!Fo9Q$r0`Xg`O<2XCiUU^1Uf0B+ebE6}2r<u73|B~@_FO}Ae4Bg@=<ppKV
zP1fHbOtE4*qg3srsI(&GrF+Ovk4|B(f<U;a^C5%S|8>cFRZ*q#fYGBXtM?c+kZ<7#
zIM2ubttJ3^0}|;Cx2VlrD1ub_(R+@IFDF4~Qozh%oI>*ZnU^+hO>29@&;^C3Q-D&+
zG6{ZB84+R4f!?p9$fJC}H?;`dH-SCRKU)(b-b+5sXBN}vCKv8g<@NLe8rXOnDXXFZ
zWyo~_(;SF(XB8b+C%S%qSkLPBHrK)C5vHTkQC>I_jM$5(o>@wZ-Fg9$WEc-Lb8yu-
zM-W8JSe=hvW%|9jS8BpevbduO332+eZzJOFzaXQ_f$k?_$9+;SjOqZ`^@bm)Bi5wq
zUCt|1RNvpuM4dVo#Dz<$+}f6sdE#$TFFXZ{2ZRnMobphddXaW646s69AK9IN5Sj0<
zdg4<g&|M#nQTe9vuCLDyS$}s<?-&Re4|?46+>lRd7fZMQEWF?l>^q+b%J=+c!|1GA
zJfwh&mqm(_*btdkuwG8=O-uYm&yU@?DEXmCDgXF)Rr=B15Zq6rp_Vf6*7OM9k9;%<
z=03^dUq)54=KiO~xfAo=6XcbrA&c6@9uwww3qxBRFpC(Z;=I3G%L>;IXp>4|HX`nX
zKpsOx?!o#<o+|=aD-;KcM8yNuB!_@pQMTYRBh~scxuVSX#e*omPU@H;8{c1+FuoiG
zg{Zm-CEPQVv%BOQ*AMUdhb@ynV-~uQABRiL^qmOaPDFsUOHO20L`8ll4B>u{mkik!
z;}J8bBhnfuaE`-JWcJ8gle!jmrCm$LZ*qyk|Gg;#9kZssd7a!UX5gG+m=RbfD8>oP
z(@!zY$IZ!GkMJ4j8GY5qlJE)|?ZNH{W!T5V(9e0)7t}C^LvCr8xeupupc!O2+>Jhq
z$;78vdH3S;jh2s|!<p7jWwU=!?q$N@Ss<GY-#5L<)dYv`6Mm$;4qi4FzCfDWU^P;T
z`Cu%*1$;y=Dy-gs>>#@fyR#x)S|G=6VM#HECUZfhQIQfr`gi_3t*TMw=JJ3u36B}8
z%{BvLCgI}`BCd(AT9)HC^`T?-gV>Q~fA6JvwWOxqE%>6x76iVLT)#_32oURR8J_ZR
z%;5CXmh$@kGp2b-T*iT|ih;jmvIJW?nsl1oP|Ym@`sh0*Cp+-X6%pF3;hUj(^Fgqe
z>5UkM0a{M*Qg1x=$gyltFA#rmrBHGv;u?~rL5M8|OB$BG+wT5Qp}EHTmzm(;Z`c^k
z4d>p=1iE(U_}HHZeqlli74o+!X5Y}-_to~>XhGzsZOOx@h$%k$s#I5{v(gy#v6W=8
zpKoarTxHPG2hg14VKXy2jRW5s=Cv&C+&lP^7()Cq&m8=cXBB3D#$v3$5;c*xb}rf=
zyTN7bD~3N3TmEd_QTGy9-6S-O?_a|5^+z=9-1S{GfF7-#Gpzp@NPjfiy7U#$;4k-w
z<Cuu)49?1y*@2xCq~Iu8b+c4pakdcoI%k|R+Jv6cm%e=-;Nz?P3ie;FN$I05)^=SI
z+Z<ulhF2O^!)wguVJ{2&yDrYRXjxwnqB?E9t2FN3SN7TS*zKF)V9R2co6Y^g*#3|`
zbRa4yPNjVHdqev6UVX{sEwwyv(T3x5tFPi9o!{e}^}+do+}2ouk@O&f)$T&uq_4-d
zYWOBD_KC-zQbZa`uJU(on12^PK2$7PwhWDQeq~)NHQP5^U45U@d&xs(4g?AB`w=@O
zYUt2A^_7~^Zz9*WE*YAC8Sid+Cm1a3yZlR;MoG_&ifeyoCHMqsMtq8W$GsvAAm^J=
zDI`Bn8g(pkv!XTN=v41r6nR%R-JjKpNcA^XORwk^V(=ii3~5Bm;1kptl~>RG2*awZ
z=6A&)u%SZX*pqYo@#d>R@>-H(WO$Z&utSv8;9v0`Q)T<Wd%`<L%UY2IqKhK?E;rwX
zHT`h}6r}<bmX5fJ5c5wBBDIZpo8#Y2(;rFncfDcmya_)Jvo0&($nG!**zopOB)RJ&
z9vmNr3b1|gM)q`h#Bs1tbx}dscP-^@rwd!$+j__y-H0QKUm_u}b49RN!vBD^5maC-
ztZh>(_h+Ah!sVQ}EtvmsdBjyL5Vdl@y?;SD9Rr=+7lV8-&p%A>sKK(xcHHj5=B5cv
z=_$4UUU$)t3uS9$N9rST<i($DpB5^dVWUGlp0ewM&ph>t5^*Dx$5MEg-{F79*-R}-
z3#c0YEJaq!j!9JXUcP8__An|nO|rNQ(krwD1$(R#0kLzJ`3Sx#@Bf}VAMPSlmOu>n
zR;THTnfu+l!T<BYuSz-9b3oNM#g>d{7zujBJGZ@I6nnua0cG_|^q52*%`He~1-&vR
zd=rdc=FCjgS_B-kcU4HAnn%`Wz#Z8i{&9rmUj>$`GMgDZk;<y(3PH^@?$oy^As5Su
zs-*YB-d}}I_&#7H=>5E8yJ8!j#Bk#^b4<}GBJjea5xMC>S6=r^&lwGhACkz38X+Qc
zw9$NTubxTWdnCU{ARL7fI-qq$QPxqA)vPhr)Jsnt_U?+~;{iaz*1O0W>qMsaTOFM>
z{lEeGQHV=!+<D5y*9Ah~cDakCAdenu>c?M4#W>&?v-C>}?%~zS(lxyj1r9MRm+$<z
z2Ew9+1O}N?tINJ$0(_hNDfzySstPJenFXFxc6qp@H7qy2KaK31Ba|VizX+0o-{)DS
zN@%_4osfPU;AT=1g3)8kOup$~&&}!Ba|r)E(M+r)kq;xxsCTIBkwo!2qcC%Zk|OkV
z(q~k;Q2_~=p|QC-kb<#0g~-6)plRkf?Cd?$t7F(1t=NM}n$Tu~e=^1Ey8grzyP4w`
zGoyQ6a|}+iCC3O0PvaE>)RkzoX2$?Qi>@kEE|Q-*(3@$Sma%D@skJ=(Tgt9zlRa|@
zIcDVs!wm=o4N3$yo_SI$IjAcJXe*D?gVqGa=Kc<2L@(m<X$``e_hxpBqGC0NCXK=z
z^Q)v;!^Af3DJBhg1U6{NN19TXZyI4X2)S{;8QJCqwkR)s#WuPA{`8g!>$+yX*<{=Q
zD@dI6xY1#?X~2B5NN`i@%fekZ_Qzri&s!&~3!u9%^v#OnuXpBh|6URH+P5+A8SX?6
zG`V03->WTCJwwYe0kEds=6Ex_n~wmu66ZYewS(Ozewfdk-aZ<~yl;iXCU%%lmEOKP
z+k9t$x!oqFm=ONozpIxq=zzh5w>94sdoHs&b~A|4dN-OM&cXtqr;&AK!z_8_EBTH@
z1ou_KB7R}MjyHQEoP{~8w#d((nZgQP6#7m$+z;zaW*rU+d3bWbg|w~Pro|Rb>&gf`
z<K%>pKv6`>_e^lr8Rod(tq?Jjw)i|R&ZaJ=&X_1<AbEg1jFk;viz%T)->Gg_qp56L
zFbYLp1{rOhAFDj+Baf&<LPB2Zx&dW^QF_8w!n)A4g6ILwK0{I`odfm$D9yeK)(umT
zpql7KB3tiI*`qp|eNCk27a-zWb4WG|1%Ng|X#<-U5+9=f#!YdVnDA(y7Wg@VM|KQD
z?n2QwJOM~SQJ1_fv_o<RLwgv}q(5HsdyUc>L;Aw>EwPCMOV<O(J|={lA?hJFq=hHy
zVWHDl*B8gWdA}#VlFIs0`ZBt3h34_RF0xpNuDy;UDvhQ6Qre!nM%#s~Q7FknS+pvu
zute7Cwa5yhCF)zllGFlBF7~XWI;hFS=f0#xdfxC61($>fiVZxA1)ZfNq|04Q*^uvh
zV>RfwJkr6myD2~Y^sCyxsPm8%^p%p69x?b>+)7h?9>PguFyNLG;+K#>7g=mc4V_yp
zk+A7QC$B3ht=3W;{zFrC>=o{&3hQP8YlIobdvTo&bt`?{--?G~i<|;TO935kzG7q{
zYjw#jH4FY+aBd%`EcMy(0F0=*v6e*2n{<bd#ITo)IBTy;h-5v1?HQ_}P1$~nfPmC4
zE^0yT$wL}5Z&J9gDP~JuqasSIV5P?2LuTQ-LuP!#IEwTf7;*;f8Tb;>z4)f*RRZof
z9;=j0GRYxzy#zx%0Z;CNNJ6?GD9O+z{lP4RagEyZZ*I&tURlx4FJHdjVIWy6QdiV`
zmd||AfIH?JH#nt~(Mak9AG*O=hwax|TT%|HZ5U;)f^Eam>Aqb|k@_K}_FPHqRrrVL
zw_Ri#KWMaFn=Nd!l)ax0t`xG=MmBE~J>wKzi3QBr*f7eiNOban{TMp)6J3EbEKDR!
zR&JLU4CeU6aw{~kL@fAY(R#dFvbGGT)nSnEha7t7-->>SffmsJp77RCi`$S{|7V*-
zmu%Na*V4*_gSCh5GIMNp9ev|Q%TmSf+vIyDms!IDK}o9lE-Rjiq`H-3;gQv6MLJ8*
z*4^1*lYD_JxDkZy4%qWomb23bH(semy%V9|id3C{ZS{P0kVf4kdw_@59)I_CVXoTT
z3uHQ(v|db$?+_T@3eYb6WHBf;SN(m|YH)ygJ3mo}9`6v}8!b7}pU|7-AE_~Ym#IhD
z8CEm4kz;)3@RHv7xyI{xYJYLNH|gN&8OPe$oI)}*04XRr`?Es(<jMo$J1=WHXEGP?
z42<&C${T{yt+qs9!RS1#$?kj)&a;vd>y9tp6$EVWJDA%qO#L(;5$!p~Ute`aCmUUL
zB_`>iz)&En{?YyCrg5bwW`7`e&x|I+Ae*)#n#LXXCj!x94%0e5{lvz&PpOGJ+5+!d
zD+-wxtifgID|6pBXZR}W^AGwe?pk^ab#{eX@DMC`?F4)0QgXV@);pLl%P2fN1^EKd
zEjz^G`-HKN%0Z!8z9c=q1g|H1LQEDN{E<~j1#dK+og))HcP=Tk(eYwJ;e@(6PI*Z~
zMFSoFQQ4YP$7uNaDwyqXS0A!uE5K8_c07kR9Xq=CwSS*0(1Qe|IdLi+tx?2IkgMMr
zmZV-^%c=D_8g`%t=)MQovtG^3PNZ-FOf*K7awdIjDWBYjN0sDGkmXw{_tGl^w=k<v
z1Nh$q44~i)6oime#pUs*KifgUkx?b76J)oNiakq}K1X0CYJkssfIk$RgMvUd1rmTe
zi;i{V_7W)>K&XPTo<@VD7pDZwssRrO4usz4d?K_mcYf(rcL&Y4H)&(_*Kr94z^iI~
z3zZ=0H7fy6QwAF)1sbWcUda`v4j)5Q=daZc8-!^-f<Vw5DBVBMmX+^WYMww;&8|3*
zp9p<}@)9-i${=!@|55?%i(l#Ck^!hH82^|<&r&a*hx{<V;y`-(;S-b>`H$nM+AEu)
znaoBE$b5SGA#D)EOzRGck$uaPfd@1O=C$KL{ji4m0h0LxPV{wSkam_x@BtjqJO;|+
zjFMC#mMQ(LI(@8Aj%IFR_YNp?@>Joflb3=SVBmZ$M+^0%gH}fQ1d?QSCHL`4?)XCh
zLsJ9qTb{_j!rY=k7bL{*#ZlGDm#d4*GpvBjO>SF$ylT9I0ie_{DMHG$pn1rp2~&Vp
z_jWBQ+&{D&&0o(k+ynUuL8>1>s=h%+pa0|3pd89Lq#(}7Rv)A)V-SR^>kevyCZY-7
z%lW>y$#6Sek}-M?!v3G&G<8TGfF;1XxVFzsk^~@G0WmeZGW`HrHryVa{g($3v>$D4
z7Z}E^ZFIE2Ft}cg>no~-rutN;H<m<5`@yViXWiKP)H5wH-&RPIN&ME2ks2Yo{&dq;
z&c-Yzu@!}vU+W~zZn&KCmOLdtvtqs$oZ8=<hFh)-Gl9s692c%0=C3LX?)-$?@5S~_
zt2{Odbj5HC$h*?o9INZoA{K_L=|0!e^f*Ks%I!bpB!XMCF}OB5lmTwMhp#>EE9Dtj
za#sm(WRG)Wvxm|S2#7i!YLdDRYBec&H$FRv{99@|jN(Xj=`W`f0^&cG3x9cpO^np8
zNFNw;X}bK@ezr9%UV`J9xrH5is3%}4I`wL0x!XDs&eMFz>idPW<JK(gpR#yqQ7V2+
z)$37K7|%^@Yuk_{ykpx!U3FB1doT0BKUX1bPRd#ctuF45Q~)#D9R(Ji49$Ef^(U4E
zN<DBUdSkgn42WMPKyKv{7Q#6>Ue}a+ujHBny0O*y{O~8dINMaSLFy^f_BZrh^h<G|
z(05usXwdZUrS$&$OKIwN>>*|}1+fh;A$9Fr#f9-A^K^uFgcMcrvp&-iR#3!8{Z0nC
z6<G97%aF73D4F`ibmYM?1#0zXUdk>@_S}q*>mRf8kXKx+^pwdg^ZA89!e4$FoV<Uh
zqKo0p&F~Mw#Pye_(5Z=nhIyXNFN~L&A4PltEs&SR&%VGJk`%;)RzsqM4-%?Bz|;5-
zEXAnLjWV4i!@Yc3oIEaSGIY`=D~Si`21N;vQ|P20rQRVK?ft1bN@hASedn)gcCV7z
zTPA)=1@P3Gp`)Qbh0pnCt9b-f|9C$WES&7-@<RW+jPAJbE-_E8>c|vne6?6(md@`t
zu`aGZQ=u^bpF=ubXk89k0W*@vRDf2E89FZNDoK^RE3UjRpI?fjUaUm&w!ZvZh6gwa
z?H6E4eTI&i`qWEO2Fl=Z`Ok{`6Z}CiGKyJ{vIe)xVMBe_l_bd0COXb`5?HoUOYlDm
zwMb6j7hy1-6fwM_b*u4jY4eAgdTj3K_3z$MV3%TuIVX*Pc;qRI8@aK61%-HJPG;9R
z3lDa;+HxJDj-Z$-vr!1c8U5h5Ty_aSjl`hX;jvU=BOn{Nwp<^L`2_6e+g%s&Y(BP>
z`3pv7*6aD;eLwFi#3dA4oBZ%wXk!2{l?9i~pPW<2VqB^7=!z&}=pNa=x~X>V6Sdd;
zE{Oqpo8&Q^wN35eyUY&C$fO~gpx=8r*8FxNF5Fd@URTTr9cP8--W-dk0gYCjVEa#7
zG6`5}?|!U;iS_a>Rp665v!7tSr&svoBMkTluIbp(OvU;<vvW^l;rvcTzcf?*E$~~l
z7qHzt?&nEolenKu*;=@NVaj~>`o~|iXA}XZWiRPI9CPc>YrgkyZ<5=KUDg(%NV9Jy
zm`M_CWhuv_yG`x_-tRm9_}a(a+Dr*tODVrNQ2_1H509M!!T~SBVd^`~?|*%1LjyL`
z6bN?h;I(l+QOs_R7Thl8vDMkMJOl3p6u$j(=gh0+1hR}?_C^PCP0cm>ofI=<*%J~i
zdg2W0dIjDpF6SA51$K(j?Yu*1b{0LhbzK(Q?n3nn1~f{V23lILv3mName!tGSJ{9G
zId#y%detE@CsQ-tvD6&uhW0`|8aaBC%w5ZxLOOLn*Lo<AqxsLy?%uq3-vyGqV-340
zS)zQo&pbW5;D-msH+2$+C3wEZFT2L`yC|*NBW$<8+Gpu;?YBi054;rG`bHGrDQJ8!
zjwNT3o@giby#YOW;K<6rfnF4PLL(4$1DDs^yS<yyw@ih+W555Z!1~dPX?F4T2VERR
zUCW09N$RY=$A=pb$oui<n$rikC9SZX*{J$_=lt=xGoP@*`}D<!ZH+sWKOwLt?dvua
zs23-72A;?$>}ABE^euDYa)WPWjeWA-3c+Oh+_f`(@yA!DQ(iF^!DJp!?7i;-&i4F1
ze8{ypM3<jJHozF=lo)A@{M$oWgUgV#wW88Hn!F`E$Ts_&;x9n^>9zF?K^H9+e}8Qz
z{!+A`4=h-UQ*g>jP2_Z~n84KdryF}-$f)hIO{n#w1WQN9ihDDa=VQZ1r*TwUUe1Ig
z>;3hzYV*7$eiz~hWPDyd>`}!kikofc?^}aRSQjX$dI1J_{JT9z8Z7eGs+w-zDlS|<
zp4^a3;?{l{j!f44I#TFbzgOO1$}`pWjkL#q9XONEWVhoF*zp{fn3WJTS}5H2K*zm*
zv9KykbY~5}xSsR<&WbV(nT)K<;!*eN2~YL4q1U+hSs>mHM|oMes1<s@wN%Kd#OdO2
zim6i9LZQOg@A(+ERfySpj};K)JK)VIN40m|aDEYe*03|Hv4ix{K-S7XXXMb`yu7ZC
zvF7r8I${KJiW&tZr@{k1FZ53K842Au*n~wa6%n31Rox13Y44|}7K8!QBY?W1PjgQ_
zxWNn8TDtMsJiH?iglI5;_uq9B|E_a!Jk3vlNJ$k=Y}ZXWszhwPh}b-NMm?3$hV&AU
zWqkFkH1Yf969XxW2IrAR_kwIr&A01FpLw{1_94gr1v5u`26hmE&ndxaAy;MBp^R7&
zjvBg<9Lv~iVAT<1Q5*DEE1VS;ct6%(V>bpVqB1tW(mHIVA956`3IkR}0A>Fv4vFuY
zrY=?uKWRro$|Avec>iKO{EOwy%f-A8nMrK=@-MYiq8kV&7wC-=JdU)Zv`4H(jcHWX
z)FaHwH3CtSfGEWd8wK3IeYw(#*I&0mdhV4V0lEi7i-H#Q=C6!sb{!QFf$YLxf}T`|
zpT<%MAW9$K05s5IY<&N(h|V^${|vqV8G3%^+lMgNJlTqa6#j)`)S|B1t7`(Xv+|8V
zlA)pEprJhX{)Nh3w?Tgfx=~l5f=@uu341j>Rl8dX*F3Z#fY|9XS@IqY>t6F-h7pKD
zAtcM>I(;j)9Tl`d#afmr3ML~#Vhrx(?^PQ~fMls(Ulu;m(LgV|l&2Qfv<6DY#HT*>
zs@wrhnZP%lQt3gxKKloY#s4}s`+prX5|^(L1n1xY#YCT?uM6PaLAZNjXzXA|%(pE}
zXcZln{_7au0_F|mNLrr|wD6oW8xGpaj{*t|8|7hwIeXkf4M~6{Z>`=h1dyd@a9#Yr
z%r5?A_GzOM<zHr%|DV}X#qO5u_0m5@rSp#OPxEi91Q7gqDnu(&XkH3k|MF5Qvk?Q=
zX^a}>K&PbaLv%GjZ#Y2ve_dY0)xzB3kB__tO5Oo!|J8l^U){m(RZtH4Kb;1ZaUPae
zH{}j)n-Y7j7w&ML3><_pGQRonLN5)g{g`M~DRIS-<UwfN@$J6s<7>^6aL=CFc)+Q`
z=vaWQ(Z0ag?QLF$XJ;)#Z1U~9Iww*FlU7c=q(Rh8;@AeAWeg`r1Xpsns%RHtl*eXV
z1B2jDcvWpZoe3E@YF`@aa@dk#h0iz`Jko8A;<^ogcSnoo*JNJ#kQTeX_UufJvg2v&
zXXJdP|F)zaJPl74bt83MsfyI=pYtuf;0zCtt~XfwjB;bj&u4+K(o3<PpJ^0UDY6;Q
zR#+xAzChDd;9D(9ET9}5dKfYg-cWEwj<aa8vn09`KPtAvz8$k>yq0)niE7Nd<U}le
zs!yrDR1jHn-22z&W_&?i1Z6ZjRGXO3I{cHnC+XEy@&>(yWr^}urm}wsV24gxmw7(S
zFMCvWg=!m7D*u|~8MOrei61iFu7n?90*}Nf(lM8bc%0oh8ci9%qOTDvd4)?j8a{36
zx?~1`cr{&c<_fDm8d*WV^>hAU)tASEQj;~W6I<L%6$!^H{v@T~VP;PNh)2KLx(lds
z>a``^)MG%*-ePG{0{wQAU9J1tDtmk-p!XusYN6AUFjn*xB!sR~FZx>2+j!;a@zg5w
zwW0|tG~rG%^$>MVFT}7fG*Y>CHbI=8$K=NdHMJC<RcP*eVH7@QKa(thvVzxS0No+>
zfydgjMdzz1_o?kL`jbAIgF9c{_qd3S6zAv-|0Lr{pxA}=H<v8!X}JN7Hj2GZ13k88
zTQpkMIn#Z(x_a1dU57Sf7H8k;X5_4V4uikW!Ja$h@2G~k(jRiUz%1-Dkw+Q_`Ju$V
zEp5SUCp&OWv$`ElS)ZllWKRz?WD&$fV`TOxiH{TzY?#=(7@8j17PvMy>UlUX9J=e@
zvy-&eC2#B>J{WxC;TqIPeV3QBWogN>t61Ne>K+$aq2x!f<DK~6%Ix{1Nl>%i?&Amg
z`4<Bzc0u+XmLrEr9sTBmf#ead?30+s<F#h^`Mc9OBv11_gVu@7``CAN8fji%smzZN
z(x!zNe0Q?0+d!f}j&y6qy%3Q+);=uB8T;pUN?c4t$}&ktF%g}&<FDLUcKG@PYJDRi
z9fSpUV{f@`XE<<LZ_@_RYc}bHWOi|V{N0xJ#RD7(LnZ3hxV~^Y7ES5Ww~a)af~zMi
z?uA7AP<c65WfqCO_px#JBdbUFXV03{mtVOKA4G^c_v(Fvv4TRYGPiU5WcqwjbAvQ>
zc=5^J`O&5Oh80V<y0mnkp$zbS$JdTA-|aPcATV^jAcuGOd$BJV>j5@B9P7%Zte>AR
zMD`bcfX%j#KgBuh^!R*8{6h&npXSgYXW-ZR2NHM5IKV`jr!5<q1~VI-)Q3I|FC5gy
zJky7Mj7R5f2<uT|z6wUzY0mLkX}g*<tD3VChNe@dt7GeI%4Jipg)qhUm)hU@4>+TF
z2TzR`tTA4)fn^B8T}0E*@C+`jF70^<w~+<6t0})$&^5HfI;Nc3(+3(zMRWvgMCRwF
z$XYiH@o6kBgjqZRxXFNlG**f-n5Mynhjm)PPtlN$rlcFsWt-1TKl%W=n=L6e6WoDi
zIGQaRbcG*5%}!I^3bzDkTX4YwH5SNV=L0u_G?5=3jrSFK*4b3+qs>`7FWs4sqjk3f
zS3k?c1bMjeIlIgG^rD|LpK5psn1c1BTlw*#*xcv%1_zZxOeGJuUBjNANJz2Gs-Mby
zcVxcq(L^mv+;3x)44=UOK+hClon0wMdiu_f;DO{T2;yd<e@ldc^$>t9iBXPUZoe;&
zqgvFMQ8>@95oOGst?z2ima3Kl&=5+dus`ax6HW$eUH@_Ifgi&2$q0@U9)hDgzGZjg
zDTsQA!n>xZb-J>uity^^E~Sumni)sbZEGckwl}X?Pr{|!0y4Cl>>6A(m~8B#YOG4z
z>mMfhk#xv)(tJnQg(SIejms1%W7kLZeQw!vPIkw~vl}nZrf=Q)x-=0+NO*$ZMt;g|
zDr+Q>5?i>pZ%dQRQHsisZfGm(;7Sp}(v$>*ijB&|yY&T2Y5(Pu7$T#LS20KW?Qexk
zHw5|Av(jQ@Qzb6_;XaL+Q@1-WkNXd(uAdqA9yJkAr#=Y9X7eD~I(b>@kZg7~@@__O
z@jb0*A^<UBsM5?~i|h`6M;adci1FvSk&*rO0ZU9(lK&X}v{{9&J7RU#;*ahzLV*DM
za{;c#j_39unsNa$)wu1G?mDq{myM>rN0Z_OsI{fX06!THcJG5}+j>X(wFbqOF&^oD
z{sq!hH0AK+po1f`JrE#Hio^$B9o?0VM|M#4E~MTfiLxL26Nu0+gICZUk9osAXS~8a
zb%e9-Z#4)sbMIXNwcb~MyvUFlj<?AsJgxwwhuiq^o>%72`EKv&4f@hBOtFk>2jUd`
zE8d+d`XfmoveT92z;7;m3up!>ZasgcjQOzB0Jnn$H{yyQqlMw&<ke4!4xLUKtvOM%
z<FtguB(&}i;$FOU&>EAY2Fs%Na5wyA&LlWZx^`S7Li=cgHZd~HYaR1`S+^*-=0mHw
zt%yqtp17s0h(`-v2=v9L1#jq4k@X$-r}`hTb_cLoANmedzBR%vGa+zuASYmi`yG(y
zJ&#$wzwyR-W)cye<l8FMFvIIX186HD)vkA~5Pk@KeUe>ld@juI;RH3jJG|un0t8$c
z%Xi&HlgaLtbb^7TtQ*vVtznqFWk;-Nv-|G#@X+%$Q6cwgUTg*kMsfPVZM>d4jZvkf
z^4?f^4uEwo+H4=p=@HCV?8L1#1FQgmWWaV$*l8JM@9WM1ObBV!6H*1Gf$s1Njkd(2
zq6{v4K@^N2nN61yW?E{lT$xa-4WIr9Ch+MPdo@BU!&u&9qq|>(mo?`}Y{xaKo8Mqh
z7?5kA7x`vQ=cglAn#SIrCvmoG18O9OaPH+%T^;W5gXSWD4|{oHSAoL%vA~D^=|Qxo
z!>`s9#Op!8%)QWrO(%C=Cv|<Jj_juy;;%(**G17Bud+y={miIO^a(cTNF7(TlEy^a
z{oUlNZF(1Z(iiawK6VE%;9st46^_*qT@un%6Vc%i%Pj?uesMYNPkLGi7-q3m-`914
zd1imr$c?I^KAj2g#GZ<O4)C-K_@yLOSqCY*uL9T+Gwfl={_Jpm6Twnit9#0lq&>iZ
zrJ26@82Kb-*E5X>%)jm<L)Ur?pAWbXZw;G#3RXRH(g!9CJw7mka|W?)!-J9zXN>>R
z;MsrlxLyNRq|${F@X0?d20%ajW%M3Frpvi^cPs5j1^_ih@RkGnI(*r$`Xl)3Uda|g
zrgWDZ@MTa=%p4@b(86B}klxLE#f79%L_QCG9UnxK86q>eos@injok{M33~KQdR-vX
zv>1bWRD1sOFnweMi}v`q0}1H8ZxHBqF@8R~P=SI*l6!gS6TNQ0cj3b>I+v*?(|a$$
z)WTgx*IU`S|9R}q{__C!{_|MF_U<j6)?_hz+o7oXXFc$rwNLLZgg@&)8hY9h7&B{{
zcYw^Q>kS*J>(ca03z)&2u3^N$4frR02$jCC_)pqYR$+|H<c32EDh=rc1cB~k-cB%D
z$IaWde6+~_!OyRrZ*(;5|D5@gv2VgN{N|t<TT)KcSHf`xMsGV|W`saxA5RJ>yvcgB
zbx-DM0%lXbY5IW$g+VL-;P{N}zE_bKXj^7nbna3&OCnA&k{(H3Jl{q${!?a_L3$SR
z)d%KZ+UjS0750J7^n_(hUobr0h-(9rdqWC=OF-2Bgd4^35&%sj_XscGu`#&Kt(k`^
zz}=Yn4=tZ1>VF0Z$4~=<{|xLFY4<U}ZP56ZKcTW8=jy;t{MXf&pP?%PN}wxd41tXE
z_q`3069CmwhZqHqwv^NxWz@$zZAqk`V}0bLZhB_T_ZtuW!~!Nz7rmGPw<kuJn`;#~
zn@jH}3{<1`!B5vzOB)}t0beY%sUnHnFKl*P3!fi31K{2bJ|#9-4jy0Q=ShiU#taKw
zPlHt-c39xx*nOYGKy#>wpGKah2EUaLZbbZYxC#<N{I%&dLkT1!jl)YEl6&~l3!Wtr
zJ(I3b4e)mv#I2$t=4r6hc3Ve0IK$aG?3d4uW=6EIEPoh@SbZy4eVka@3~c5x;h(ah
zD1#Ke4J{F65E4TAJ4Op#W^ZA5jcoiM$z!#8SF^68*ULdZoI?c|foZ1#a>s^wFGz5S
zmnZ>+NIIf|M)??trb}It9)GMJ7U*6YOUIi^`#eLu+ISBs>TQ1$;Jr*2WYWJD-)H%s
zgiEeSU5kf4J<L3?+sKHep3N<Bb$<~b7T&ofDfgE|jcie}>0PlrOQ3%p5~BF-e=MD1
z;N~B*Scn>Fko~5UEG%Y%e|)R+3_|u`4u0_VaBA{rdb7ym3NAXMA{)(L4Y>1<F?=I0
zd4R6F0gx_v3z^=_KR<NxY4TTn`7KO0TXa_BRVd~6O7KF^{PS4$;rKMOMO)(xTi7UM
z)iQ}|Rd^h_-0>p)D}Amq)|Rl0f6OY8=D4uG!JM?_KTFke|9~t!dotJFmBZ$ye^?t7
z8xfW~7q3k6f9WX2t@!+alm`(#cb&nqCsXTPp=02h5RRf78)}WOh*!ySP-##yTDr52
zit-;gTv2{qPlsZrkl(;UB_=h&k90l$zx;(DGMfJ=PClJ~F};VL<M~#FW!`uok;47*
z*CBaN4>A|0&+$6{i80dRzEX!z5n~+!O0A%YIfAkMzyH{cl(;@mo*gYuCHk+*?lcw4
zbbbL?%@}+dOfR5fa3(}N?^~%CjGEu8_KOeLRQX>-w_cHd5%ZxDg;#|;z*&%^|0<^L
z_gegL50a`g%j>DNj#m5!)j%PZRpC`A^xsONno#H-3RV3F6+`P~U2xkm^o)URPgV*!
z0L;*3FyubrZVB5NO#?aqtG%X`I<)pc`Ff?iMI+tzJA|9VbmyLVjy#N6FOGnng}ONY
zUreE&ENDB89^Y?LL7#h7Wd~l}rwz#3jkG)it}{l#+|salOEq}HbepHNukPj;dxjfg
z?)Z3(S3s+cAK{%RxqfZ67eB)RA&}QoJ1OE8`~%VrJxc+7qjcY=<c`PhvF<>0?xh^S
zd7Z#zb*;eOx{hb5tJKExRoeP=xVYUoF2ngKMSR2?ZvrDWSngr3=a$D9fL@h!Ho7BG
z?9oMGoG77^mv+&?WifWv@!m*C)`U>kle7(hww?!fp)}$82>Up4o+rfY0K_$1IbYrW
zyl9a5vD4_`#!~jx+&!oSe|abfk@s=&1Ao>#M47r>vT6~1Y`*l)FWG?Pa^!(zgUZeF
zU$uln+Ozh*PGQ43hZnZIcgJtkJ-#96pH8vb8(-;m^qN!MUW#PW3(nPIPSXSzUa1S?
z>%UjBzntGnt_`tdB^1u9jVjX|;z-^7kwhA6d4jw9BZoA!Y@&AVRK@DVrwn9M1^3(c
zC2+^f7A~`D?3Ry6DJP;V)W8=-2l%b%x=EiRSHTV^H>y)y7F=;j@{Xro7Q7-CCN-=6
zrpCJaL-g&I&U(hH6pB^N{)=8_@Loyma{hmmy=7FJT@x-`+#QNTad-FP?gd&LN|EA4
zi>0_b#UW^+c!A;sZGoc2-66#ZZb`oIyk~vu{5?M)cgW1XX0935f<1fB$mLc&qr;?)
z$aKSF90Y%PDSZ?!95IOj-_5d1f1Qjq=@t6!ci3a6-`|vlTVeVJqD2f5Hk9@&SK4s`
zDM*_c{<oMVlJ5Jn*&ZHctVv5j>8~|$75alSN{}E?gqbsB+wXE{A}h9eqlpW@t$znB
z*Zc=Lfsj%koKb^36(Xc|5K`7j{f3?<3Rt>cXS48b_2;$nKN$R);oi<sf=Ih0{1!UE
zhPa5SY<+KwFN$#ZbT$igee-NrXF9^Jmk?n+>2CGE{!|Ex@znMGIqM#{wsNMWt^;v3
z{BP2>^3aW>4V9#?Nhj5#9Hp-jKGG;67^}Y0@HY*pfSCobNC%Fb%Xf1Yz9iD6{UuZx
z|J%?n(%-g!4pW-UWbW&^)=9ww!9m9PG0T8(0cYWN#zNCLu=~%y{vYcJCli<15mJ2!
zsiT628slf<SN~LQ=df;%=t(;W{`D6`03x$u>;5uwW|3Z6|K6ir8sSh+!5bK7t==fA
z`U?;Ru~U{7K`!k6u10J{<<R~4x^UFWop-6Uc|B-`Zt2=y0B|4%NZaM>W{clflo83?
zg;=tx8%ug&vvPHN<!H#x%BkH$IS`)(dq`e*ai{Mp24}wMQ>%8&NifR)^lLKuW69A@
zf_L!KoK|fVjR53?BGF?|=^pLQ9(=3ppx%A(Ve2GQy&s%$CN015sn2DHS+mLmG}P;$
zPAjS+9pU(tef}xX{i570@Ln#D&qpCig+zAsKvm+(qax62cuVIZ=M4rs@Sq;V6xMYl
zRowauy=;H0IQOhf1S4VkvJG7lc&NF68JJ|F*zJcWGW*-vR(C6HLyA3dHM#3vF4x`X
za*naTqCP1^2tqavFlf|g7}-~6#u4@&%^#ZQDO4R*Da5#mc3Zk!bd;TcY?|A!I@t)S
zY5kyznAxy23w&ue^pO6vuC4$R*1OlIr{ys{xh*BRtO!kWxn<WE9B>o?91=r0co+aB
z_vSpMv(WE=%l1ML=Q1!Vu>@vEOLnAt5vYoFKl6IeWV}P8dHJ}S_*wh-KDET|EaA;%
zh0b4~0m%iM0R1th58x0S)WB2%{qBi+%?6Ko3qW|HISfSSlsih=Dwzw2V%yh6VOhFn
z7@?!A+t)oQk$Xpc!IrCg6Kit_o9(%`b0CPnsi=t72bc<S&jWXF@kuT!LjRm~NNYAP
zo4t!gn4#{=Y?$GqmYFN}GY*!KmLm5zsF_J<?%D3YH@Jy66{}i@x=T4fV9Y&!xhZmZ
zZ$cJ56_u-HgoOnFRO}=Ch1w}KZZWxX_sRebonfG(><R(Nu={Gyz01a*n45}l%2{Bp
zpe<BA<V>6aKvntF$P=zy{e$v9Xi*X79Os5yxmsfANPdc3?7aucaPsQpy$6Q!BZ*wh
z!%UU@f4GJJ;V#E{|NXdPE66eW_-ytcP7P63i*cZEi5%kZMTFD0rqvyC*Y2_w^He9g
zqFmQ(xRvoYZ1;<y5l>D<7c2WsC37!_>})e{pXv5<DzST<c?12P_mD2|94vo1ZKK-?
z*!WN<kH|6*`TH!;)bKr2UDlWJKeO9hU;h1A`d(1tKX6el=A5CDLtTqmVA?bG<n1p~
zM6fo3K=Fnp&;v1!Ss<q&!f9Dw=Kr)ij?$H@Pt<kBfan^HZcXe<gLX!M!!nqi+Awf1
zsMr3#K=<xD0vhwa%h?o}H_MF-O)&53qI?Br3B?+lIcfZ-DVA7b2c$NFelK`Pmwh%m
zqUR|YOtPL%dZG(Xuax`A_Uj=%=veQ+<P4U=E17ds`=2I;Vp^?G<%1!D6$=HJ(j`$(
ziOI9Ks$B;3C%S-nL%?!T@->32@Bfj7(o;uL>nqIa^`lD;FT>7>VI<C{3btDTE7N`s
z@%tfwG!TNf><H*E(S$lBi6T<#{SfhUYVk<}iE3{QwD#YBeol{;k4ht;xypwb&O==-
zM%Wd+JZSi4HF&g<S>FB9Dj7E*{Q_sGr@QU~^wUN9-3X;h44YTt%bk%zN*;1u(fy`h
z3iG=~=MtV)0*P#oIZ?mUYoqv3(k1S7iyOYwmX;CO#hp2`rO4eMZ^O-DyC){<JHtAb
z%ALvYO-2S&Q`u)Q;U~$`!=ncwzm1^A1A4_#noPy&>%>U}@7Ls4ODETU)k(+--Y8$B
z$*FXyCEXlM290h|Q?9jUC6xW<pyCkGS=AatOY^rYCO^S6tFvlk)}?0<O)*i8P>fm1
zDm()R_(k6g3{3@~aB$w+JAv$@PhK4rVz#D}ub34l<3Eu<RdJsz1dR(ttFGKu415o!
zr=xS)5YNe<J6TzHm#G;YD-Pi2E)0I`ST`&#xZJkES~lVOan{A%?9Tb~EP?yu25j{9
zDZR$=@u9IYc(jS}r20Y!CZ<1p;}f!P73m8L&oPLv`v(qCjXJc*<@n)v^@vpd_r5q*
zMn>^(;Y;5W&t``uy^oWyQ3B{n_F^bOltCa!MtHg~P6CP8sXn-1?z5pIy{wO8*Uj?6
zwGQ4~r<+>Xi4otAGkT#Z5Jz)2Ofr1A6@H-!7qaJrTWwpyhA2~S64O7Mu7QFJ$R5(C
zKzBZrkmHqwYgvk_+k!r<<%L&2+}B<;y9@q2>kO|9e&mz8-pcO2*4$oy5DRBKp=R^?
z*%ACGS?#Urh|z7QC;fQi(>)n|xCSgN3QlLffv(2gh!{T7H5feJScM$L3k0s2lp8+U
zm#Hp`>FhiEAjFLii;Kl0fTlZ3t@TGx3r9AnnW+3D70ZoCgQFG6&$D*nXWEiw!V+7~
zNHdrHkg1<3Z~Bk&T6g?kXm``w&#G&=RB>P}%_$ITZ17N7NpRvUDCheu2%2RTXrSfN
zhhpo}w>qo#_<N+Q)@=hc5f|*|2!y$3`rn)!1tgb6Ahxm*-g5tN_rzWni(S6WBz=aR
z47M7xgnMmU_6V^|gFFTOs#jX;n?Ca4ocsf1&`g4YE!_QkLM%Up-Dqbn-VzBdFT6ep
zOwM^GIZ%$e=@wSib_?V3DhuARgBiEFTRH57NHh<?zH<DRB>Kex7T-`$@)!%?RDVGM
zA2$S<e!9c=FyOTU_AqBsaL?~&dui&P?LF+~;1Gt3{BCl$T96WXbJkIYdg7cq0l;&#
zDiDW@=soib0Z`fQ_n>>ioMW2Z^T&1$5x&)I0{<yqS}Fb)8G@+8U{zpIuwnV76)hq+
zCjdUr3;~}Sc<o`;B;cNoXF&7+06Eu-@x}o@|H}sYD!(2?RKBT$dvKSth!EeO4HfGd
z9vlPwdiw>}_1QyNlV=ZE=&6<=a1N4Za?Z|#Qy=fK7PIh{{J!Tff4}$hqi0i39@g!?
zVhB8~`|wBIrR5Df^AB}Kbr-waOD<00#YwBTfAgSE;G1da)8~Of=o39|{L<u5&0#ng
z^W9tzTaeCdB3WY<Uw_SE^0kxk^@3uj%1UGZ%C$+h)tXF2&t>(_X!cfA4Y^nnuRZ7S
zACllY?$8GUwCs5YOO8_R2bc^$wlwS7q|I8o-~sF*G3UqQk=5stn}tV4xyO!T1y~J#
z_E}t~s5`#4Ke@#+z1#GaI_yTK_$2kmG|H#5Bb50G!Xu0A2~CC@7mfSX$m=c!Z@3gS
zNlw84G!rxombFt8hPC1r-&x5qZ&{rB-`xtzJRai`l`RNnoS(5AxhqI92?=d)*MHqS
zqtv>sz=C}U=YW~y!h_c~Dd6<n5Ae;=<;Zoa$Ur`lc6titFt6?_)bPmQ-T>v8Ymhwg
z>etKhgEE+0%qg1#5nQ+8&dLdN#}ID&WVPzk5u(@M`5W@olXbA+5Z&TuscCWnw`_#5
zHkS$r$<)D*%3<#1kKJK#vu8xBkOD+a`Ip$Mjb_%aYH9+w<+u0^lI0LeXQTd}teOIb
z`Od|*JL)pn<TUhcF<iG40VVsu;F183?-X5V!aD2tJ%B*kLm+*y)HHn7>A^bb8q<o8
z2c*ry4G%)TZ^FNm!nww+dU&6aEWU~vlB|;@Mg#a}{+?mE<|SzV|47`P5HStthQh57
z8eA7ao)hSiA(H~$8Uu4z_g@gCgLP|J$w@T_Uzx@c!@BLD+KxkZ_8R6-+6HjlZ;y##
za5lrIdSN+O$1bAg{SqoCv1Re=nfo<p;ndB<q8-aq;K(wiZTBb*IiP74KJG22cMc%=
z1=qMdAP^Y3>uKZi?ndbJAaq1GLL49WMAH9<^KX1O=Udwyn<jKa?e+*2E@pthfx{%<
z|3`y670LS7_-BU>5Dq0Lh;VLgX#STW>YfnY)CU0Znl8!H#%oB=bP!ZA4H2cF@T-Ti
z2*2^|t&P#E$0o&kGmyRB|KToSOnC6u2IDnAX6=ml$x0WY^#nV*5`gi6Jnz5BZduem
zyJP_`oH~jn!uYqofbn0Hyb(}eA9~v8S?+o=w*lo~B;3Eh5H1~g2XA-kK+exT1i+Vy
zPYM>AHSTWHuEmOJ6LXf^?kd!wR;zr(Pe26S2lq%v*@$jGN^l3_b+R~wLzCo-&$%$l
zzO~Vrj{fiQec+%)f$gtL>P14Bw;WqVRy025(b>mGk<4FNJytV~?4i(H0C(C(y{Fai
z{@q0R2U?K?A+)+W>-NHcx{Bgbl_Q!#P@eIhru<IJ(RS+Qw)J)WQa{r!r!qZ)$cH4V
zbfLt{Z=PktsLJ2whE_tGyo4qAdY`K%Vn}m+ll<+vrV<;1cRkaG4^P~M&3_=u5(Q6`
zw*sYJ$l$!Z^#lBD#y#CC{+l-g7Pzaw+H^=rSuW~9Uxu18zCr@4QP9C*g(?$y5h9XZ
zO*QyuYwu{>2XkqkT&lx+*l;NRuj&bB^5dQ31P)_Up~aevjDs`ndNtMA*xyChN1EdV
zMSNJ%8uT5T3GI{wo<qA_rm^HF0?+K~Rzv}1OV+LI7Nm5l97JOoUa-1>db=Qg_p!5c
z?tcXoG@#%4#B=dPNhdEHAYSox=WNo+Q&+-gj^g#V)#L{f5%IHd1`(Qdj3(OkX;1vK
z5(xfTW02?(xVnful0fd}sw;Kp|D}X-t2G2WvLNhf1n&CDreMC8Z{wD4Lk)$jA~kwh
zHiQr0yhMyZ6}4<OaKnp!$JsYMur}mgnhASPZfd$+|76)vm&)V*cknGaG<4jwltH0Z
zeyNRuEm7cwnX`Ap&&?JW9<_=2uzxN*!-$u2#JkD)u)FmGwB9HbQLiuKLDo$#7NxOW
zGGFBF_1dc-U2LUH((DS+-*dl~O=bkL3_D1GSDLYZp1YbU-*{;@Yy>q4VPoGyzP^Dj
z@Tyc<jX<<djo<6)tW~L6%~?NUP`B$kc%B*>Pe|d&IyckEF>y815riqig{7!tcE0fA
zha^XD>}>hTUWuUT%_9y4<St$ml!;aIy-u1U|Lh=NAvA!xV73(yD#4ErQor@_Bzb_R
zVC%gw^k{9{2uur=9c?F;YTA_J#A-)}0jUVG_AnOWz+YY`gX;ud-;1-;)B9&jzs5%O
z6`2w${1bKI8Cs$zVObykX$s=)`--h3KlIZ-NnJA({2%!a>hQP2t>L3%T&Po`<koO6
zEt9uv*g-np>qZ$zU=MNQkc`R@OK=wnOmKpzDF4zo+K&`$5n--fscGGfE~H-+f`6vh
z&=Y&Tc`x&Z{-6I%u<@XY)ZNQRP&&RBNptigT_qZ{en^yg*nb&23xd%XT5}UTwE59(
z!^GF?#R{&KMgJLE-MfrUx8eO8w3Get*Geb{1@&R1Oa4ppn;hn7B44v_CH-G6p*PU|
zkbbLhDvSo8>klM-<ID(Su>MMRg&6gBRNE(~xk7%;*RyGbzj4Jn(OE;1*arbaLNLz!
z{3Xt-*qV?C&WIh4d>u__?ncr#*)+BO>FU{YLc(y?`tJ*Gn)d2bLUltoPA!lN)<384
zSZ$)L-!c2|5dY&i-cbVeEht`m;RwN1xceIz^UA+T?k%~b?!I@Zb^5!43A3&K@jjCn
zXz<L61pRAOI}D87+r`gv8my^*F54P>j3O*Xj)NQ>zxEd6;YB{hgr^-MzaNC)O_`~O
zliVG0Kn?t|*Te8N&KC3^La>4{B&ExRGD7sr$R|joMf+{QalD!`^Ao@vKXS7=o5~ef
zOq(md?ViWo={MxCK60PsdtQtlxrQ8nPA6bR6IxeqCw&CnK7X+ql>8}4sMY#?&sk{y
zBMv=bVH2pc*uA5$BaBQL1Jp|^BiIXZK%4aPr{~8CG3%H5q}4ko)fFK(cp}BnRz2{9
zB`HMFduo<Cb6DeXxBoM&^HNo#E7<{y@r9w=2FI?OEKYJNcMZevXA5JUS7$hqW6>w)
z%&q8FmAgUl%d{Z+@B(*U$a;JVvLqYr6S=(DugBBO&9i=(g}?5WJ+4B-CC2*DWPj&L
zkl&WH6x?;oJaE95-)mAj3C>;*;dQ&t+R-Y$8Na_e$gg!<@;d=x<+L{Cu_p730bT6Y
zNIY)(OnUgvuXaALwAXrkSYlIXMk(GE`Gj{p+-b0z?tH5aLR+*W7IijYT70u(bh9cn
zy#JzE@Av8Ygt!Y^p$6xc-{QTyIBc0_!XyJ_r`l@IE{~sQ=<*@o;06oufuoby<rr~_
zf^}g@S`K_4cPTS9kO|&YBszYJS^B|WkAC-4aWX_Gzcz7)mfoQglzou*VxV;gA2if=
z<h7jtxN!=3{WuG5C}hnaygQvd*t(lBSJY36Rr1^w-4y}*j9ne5dOhvZyv~>Mn@xT6
zNE#`8B)cJfilgzj72bR?_eUTwY-!tT!0FTC6HQ>JZ1nrX%iNO|_a*Wh=LYQ2@mGZ*
z6w;3^4qkLU)k`)gp{5ePrilYt0_&$u6q?!f5@w^*L2c)qX!q?kVD5wF!!|GYcJ`M7
z3Cc0TWundlQ&)M|Pu!y=%?_;DpL^e1-hmSIdk5Sevn^&~PcRCbjN8N|=pQcmhGTyG
zD$dJGCmUl9>YZKa_s=^*vQ#m_9y)t%*SD3YcJy<u!MPg3`>pWOez%DC6l)sl!QXdy
z@=sO4j5Da=oME~!zv=iXI*jYn>BlGv+4CdKVrj~W1DYPQ^CJFWv+Rk3e2H(pa-E7$
zay5fO&asQ^-WtuVivpK+V{U-#n+b^PVA&Z?i;K^qslx+na!XUIJKuz}?=GF{U<}K(
zg!K-bbE~HTC?z>sF-d+3Jm`G+O*g6f#p|JH>l&4XPv=F>G+NPXHwV*4){Gehh-ndZ
z(KK3q9%^k+vc4{^TJa6rPh_Q*`6ru(RuebxqO$lMj!)xdCeFU_Twq_gduoq6<9^FB
zZp_PfApqm^N4DzlcYcysv0TV{6}b7+ZA-%4A@^i#f_NolKG9Pzl-#LZF)NkCg(UBd
zH8w7jqFm+xfj8I3UXfOxoip0dvjMgRJ;WT@bEB+Yj0c?JX!d-mGhTfAi&MTKPw^%=
zOUv68O2@?GW#&dyPdcjp5Z{w{(|n&bOxN$OH$Qu)c3LleT<$$>!{ZT0WHGaNKOJ2@
zH3c&bNxDQY{gf&y^Kf=?51n+FwwmRAqyw7?=!es)$iuM1qkI+wr|C*9{|QKLPB%jJ
zX?4SU<79O?dYoxNB^<f7|L|&*@4Z5|a?gYWEv7!(-3j>0^D~Ch!C^Ec4pJulI#MWj
zZIAdsFUD0bq(B##w^^TM@#L5Ix03<0#1H;ox|OG$n$vlaEyh}Hv2(gj|B`}D<1U|W
zRtKgqD1Pv3X0#5@V|z<UjRT@5k@1L>eE5-Ot&u%5sNYTUPy5Y#fs;I@B={Y|4!%%#
zIw2dT$jOfe@bcSU*7M-JCjZ2>N?`uZ4_|=PFx%Zu=3Rs;TZPx_(MiHnF;9?$OyoTY
zh0BfhltcSw`*te|*WCo@oJ=(ESf)sd<HyPSH9zFBsnxZWA@$`BFU|z%k`>Q);=r$$
z_AX#Eri0)71<f14xD&ssvTne5rkCwK+m<ihTsR{!79$$A`SD<;N97=R*hVAB%PXL$
zR#CBF!i|#(#XNcPLc*}vXMo@zj_m#ftvCOp#D);RUMN^18*ka^)aH1#b_F#)ME;x+
zGn}12)xqlD3xRmIxfhl#7Nc(4L7L6S-;iHOVwvU~Nlg2oVc=XS02*wA{Pbbih*<>1
zj^EOog3>X*@>iUk;>b)?7pwB`lRKOHf$zh)uQ1U65iB>z@ppXlY|;5g@LI96-cikt
zp6ia_W{>rX=NqesSd05U^3d$+){LUb+{^4pFa5TDswd7_sVA*vqabE)vQXwWA68=`
z3d&T=nu~m!s*nU$YEXyZ1SRjki1)7wHl?Df`zk(ek=#lvUSxbaE?GPG=l(!0ybZuz
z;`xvzYzr3v9UnFw+m@yz9e&wBL76p)jij!jP@v9N@sRz!oop}?`6ww9g1C(w4}3m)
zsXF*T7CV?Y#zv;!XU9+irK=`{gcPCUxD#R1|B31k*LxcuDTW;>M@JAj<Z*}@aiWH4
zEdr);Q*^f^9ETew;=)m=C}HEx9$jx^d|rjJeGJ+nH?G43^e3<K4IA=!3_bpL%#!CE
zF8&0^{Xlvre&kX0DrT<{C#~%?Lv1Tx#**-t2#IVpk&acWXOOF17f26rQnHYov&hnn
zO8I{WC7;H(9&8t>_$^CMJvu1I57+Td#I2f0=5{|#mVSKH`64bQy7K^eyaOK!)ybD1
z*UII)ifkc%otmZ$n|>Z=e#~GRBe1|(+w~R-VGAOXxDwv&Y(sPZHbu+m^L#~ezq?m1
z?~U%ic(Xz0eiL!CC7wX}>am;UKmG0b6(}lW8|!=dy%6&FOBhcQU($BbPghOBmT!jn
zXCbr$d-DUUBmrse7PYrBFUG6RVWw>i{>IaV=T47UvaUGy?jEo3Cs*TLKlBc61(HVf
zWl{K!0}*$%cfLI&p3+f#TDdP9Z>u#y&ZK6#c~N|0Y;F_A%lb>Fqr&uCTi0I+B%HXV
zT11D@Aq!PaRu-PlQjfU{x<oHi8<~TYGLz0+v|tTstM<2@ejitYsf*{Mn5SFM<su;k
zWg6yiU%)Ta1@(1zLf$>9xC0M<?{-A92$Nv|ZigkZ#bk#;_y);-eX@WunaRK)Ca`8L
z(f!t=eJV#Bmnx|6;WS*fA)P}iW|i?NHo;gN_T|M^^q?S3PrYl{yDx;lS6*y4D&sfA
zPL#_ho}wiVv$Gro5B|Lm)-g%&%Go3|m;2t(n1>$!B|}WAJ{oZtXujZA%lo<=%ylKC
zt|OwZ7)^^uPv{q<gj}@pd)6>wCk)gIvDcOqR#@R&eA0J(qGMAecHNpd=aeW-&~^#x
zdvpq-pn=a7i920>?;!HChX-3-LfTzIU_2V0yU@(UtQPUj1$zwh(3#wPR_0R=f8cmD
zj<rhAf<Hw}bGrROpHY85&s#GOY+ls|i4~}X)Z(YYguTMyr9SHed~*S}Fo}&bhzVCK
z|M;!&fNrF`3pOsYOu*_CN@fuxjs`%0A8cw4Aeh+8HqC##OAZ$4r#SRI+r|E?5ClHt
z+bk~qema(GTulGrR{Q-oNP6gFTz=wtQC{Bc07!(q*>rKWcyhKsJeQ|_D3#O-$1CF#
zg`e?^`l$WHElQMGW&QcxeN=@NxJze>l4`O4d%k;S=$f#_*}*%Q_~KWdjUmETPyxpu
zpqt0uo)4;O!~(|JTGpSa7e1$nuP27Raz?Bt=Php}o)AZT6X)((`R^QkTMzSlhGH$<
zP=>r!XRoeC%UES9(Ys#CAM9vZs@lLzCTcdX2Z6r=Xx=8Xd@C%tbMf`_lLBBa{B!60
zvjG0OhL<jj9#y$q@+7&Xj#ffIwv0!5<W9Os20rt^BWe%c%I8kw7DM`Q;A1V#<84eu
zD#uSof0sc2)w=4tPGypN7>^zvBVmrkK>6fk0J=X}@$7@NgVftMG_BT@3Bb$axgn3p
z6pjg3&UgR#kU%XD6-jZtuTSWwe9~>u>InL|Z4LBwG?%<@B2@$jor?pBHfy!Tf4gnn
zE%%yI%y^2nxh-)k^vVm@CEdP)crpwA4DH#fa1SByG<<4Od}~UcU1Tya`K`B1bC8!K
zG<~gq`!R{|2Z?lj0l=7me#1k$C5^G`x(@Qh?5!b}@$Lt1o17HB=H|Q;>s=}jrK`Nz
zBkSF5WmPzJ1H27GrPP+BqL$jsH~v=CrD3zx>$jp13`KNR6vn96A%1q@Svas5Beug*
z>wh1>KK7fBdQ0<Vh*KD!@zeG#uU|tU8$Vs-1`36bEm<UdFt^CbH|<+HD4J)Zj*My|
z0M&=d3}nUk<R<?k^d$d&RYAekW(`R31r0EWbi8tjPrg4d^%^3YpR6!xY$r9EDVDl4
zt?r>SaV!4bs?thx*@mlSV0;Q+5ymt_=RSJ_lJOmE87lpA0!c}lZ61CB2tmbb6o-2`
z*q=)ZCM9gpiKSGcJ0>T;4;<tA!<Sq6`B2^^WlD4HZ3dvEs2^*s+@T$@7cv#ZQ)PjV
z*E-6<Fs+0qI+n*swXgKUhAz=HJFheLRyMy0MdWT;<n7zmQ`gR#^cKyJx|9CqD81ia
zc~7qP%iIwzViF*ozitD)cnF?a?GJdGv>Nvt_=@(~e_gDJ8t8}Przq2+^C|R56Gp>J
zSQ8<NA-k#^giB2&XGK8IZ-}03b-LL!bvEzy^yC?aa&g(D{yviLT|Y`J(EaPgPPSxY
zNVrZr%I-h`qg;ns`euH9k=z-d`C1(3V(=)1|DOzh$;At9bLfiF^5fC5nX&|6DpY0l
z0l!;kG*fpd3hC)CT{$Sc;OqsE7h|K(&*E=A?dAp@fZ+`A02r94_2kwf?yg<ju>yT*
zTLDtm>|<!b!qFGR&*S9VtdK)Qv)8=giCQqV*sNgrE|<?4V(_It`rn@TUd(Cm8EQ<p
zR3yebr+<)(^38GO<~8>D^j~`JAmEy?U_C!P#A9DdVnfY4BctRg`R!y@|I9CqLTZIe
zu89rmt)6}+G_`*{fmxOqVMhuuDebF`0Rwm>(Mp6(DC>ju{q!$mMmc>A@WQXp<KEKD
z!ju^kmcjXLt~RHAX_1L6V>;d|#!@~jX{)&hmcbuhg^ztWDp8>fJv#rq`HP6i`;&G}
zXAF^)#6QY~^ok(`H=WHu4@wW*<Cn4=S@x;-ox^AWd*ArEu71#dKs&}!9VWqX<gc63
z8$wdWZBEJg^pDO_u6RYE@aLHBDeiSgZ8HEUL>Ckcn;tp0V@jriElG&~8mcIx2L@A*
zhG?~=<u+IcZwge_rMP1(Y6yq+Sdcce?sO-Hy-+wRpT@e?8q9(A%Y-^_k{pZcl4QT8
zkLDqpY3sFN-@iqL{x#A*ByMvbJ0ijc;h=4Yvw9er3_gzWZ^F!JX3}_2ZNIE+rC!T(
zQ6hECgmvfK{taW49sZ2(^;G?j&gGsGcjs~fxO2|CNwdCp89Jq2me=#;@})Gk+{y^F
zkoNrV%`gi^Q=pt9gYr*Tza8C48!4;F%pEL&vY)FFRzdV{M;b|EgPK>8JkB<h;GTGe
zEQ`9mJx!}tBb)^e5<FiH;`lWjDi#KAu}zKDWnKA6IV^SKMW-eg4!|l8?KvS22Vi``
zL(BA7Q&E4d=E8vFq^lOZ!WOq;=1Jhf*bnzwXU2}6@N9`}<2GxW?(#mbp1WHA_}<m@
z4W_5?`ki0(Pf}>iQ(rcD{>nR|7U6^hSh+G`c8K;ijU2koDYA_OUQJ&c++rxbZRtW*
zx}~un)$OZT2(Nqzrgb~F({rM+WQ-c<bd$b6Ph^^V<ewcwk-e7Bd^JIH=b?lBWX5zn
zl(AUE0HrFvkwIx%!pYD2GH@>_>V@-D8N{MR1YkOiqwwU|)uvhQWg0y_J@$0<TcpaW
z?V@#biaa*+(ZXp3H7M3ENCFJ{&+wBt$!_`L-0T?-US`{_1p6uWw6q>q4z$dCcE%z|
zyfVjv|18*`_BZVSAo(;n`=+d-iy*evx<hg0Q7#o8i(6DG(6CNFvU*T^idesNBe2{c
zw#6$6@wCJM2cKRu!i<#0`*30)r~<mB;cVFu)D`q(Ayk)<fau#$jc7khG;l#H_7_W?
zBJVz-bc&(R&YNC%Ya84@Xi3kxA=*bAeXxkl&(V{Oac0AJnL=H7z-g8IZr8yNevO^J
zpdq8P29YM`!WqKhD@7)vz_C7h%%oQkmb|!cDgz^sK=BQiFJ2Dsss~yYB)&&%ID@55
zo|L6}gwC~+z57yTFBBO#8zS5r#onmyEFCw$Ldx<X((RkOpbBN1w;JpT?>$E~#vqtF
ze}N}gk340rW1h&<L%z6!x!YNG_Bnb$J!c_0#j6nCkpdIb491v**L^g#)P0nXTvBf+
zS5845n2WRIBT@q<UnK52igDmQ4n_RemiGjs1to~|RsXxhvG&HG_}6@Iwrcu&=I+Us
zf*m>-82{b|iaWUSLr)5&yG^`jxxHSz)wH3pNJU^tH#Ee14x>zpecSH`otW`KU|FPl
zyDkl~jGmb(M=#Oc%UsuDS3WaK>>g~dTl9^_6AvA3UU%OlzTIjZFY53f9F$hgt7X@<
zFu?qjc4}{U))WUdN_>FAR~+YSc7=N{)C>Z`o|b69!WxNx*d52w=eQR~If{g6y~(Lt
zWLoKJVyrc`foiRweGwYfK&w49Cc@#T>X`S48FkIetZpHl7~j0Yi(g1Nz={eATJlC~
zL%)sGt@$Bo1V89cQP%W}%W%y$-ejSYL#s=Nl@3wCZm!_h#dAX<C%sa)BuQ{d$4Cr<
zST3KQ?3s}?*~j-L9=Iy`VXY7Q-k;i6BwAS%y`pvD_%^#<y9qDb+mnfsx{@(@KH$16
zUg+xIv%~r(C15XxNHCl_Z)1$ZW$5mI1=y3!5j5jH;Jvd)CKcZXY!tGs(Ik9P$04Ib
z!yTFoq@}6G&L;BDQPgV`@WABd4N6`-evuT~eRli`#h3mwJ2ruY$Ffdiy5D*qJ>NEB
zN9}7kFlDCYN$a0M0NyG?Gw^a-xu3_C#bNLzo40wWSO;-U;;c8+<d2B@M}ZJBqtPo~
zmy-IlmOG>t<uj?fjLV4?gJTI??S{hZO~Uyf=Ojb@ibBEZLdAih#RO()D-pGvIHqJr
z5|QJC%deUTsa#^)-echDpF!$f!sdT;wRM#?Pv4hK$(EfYvwekJwxAXwOW3WVzQ<GX
zI$hQuRF-un&#$}lp%G3XS}iTyS&>-rb+AuxMlA|O<1zuTHWr|}$f30$=15D&d^vFl
z1Jh!(C^T*7DNX!*i{k++#09S&_G&L8ElxD;ss7L$mZ5J$$By{-vF60L@?^)ub#u<f
zVMb3z6unS}?Fwab`!zA$#nH#&yf3jctapc#wRqf-pL}OJ?#tGE)gQfVx*Wjr+g`;#
zou%M-Nl?z=nWG;y3htgrh)JN^<F4-cEKDMf)^++Ui_{B^h4!^mbDl)O1&HZ(o`v?E
zw@4H?X~k3-WAdI`UP%1}Kz?3s%gN08DciEqoiQ!oj{B7OB#uSohC)Z2PrvwY0)7C|
zn#JqV?iaPo63l<;Q1tCiP9^Q^{QyZf0U39G)L<A>h%@=gd@rQnlgwXVlLn7#FtS5u
zecMdx<A-5cmvDzVan!wdF^^MK(PpVT@aERODcU6o4F+Npxc4&T^~Xqo*XJs^Y~WD5
zpvOZJnf~RfwcFtR8*J#N(^G`ifQ4lK6xA^MzM<3x?#!|X1@y(GDF}9OlHa=P!`o`Q
z*~FiGxrRkDrqEsS{+^^P5Z*JwT!>mX*+ahIOvN<sJYmI2jXX>C^4lxGC&3A6ff^f(
zy3%9oQTje|g5Z~~j@?n*TB#DJeK8${FtYE?8iF}Evi5|WW6s=T@GLL8^L?eGPNj7f
z=?xxKhsHcsHu8O49UCiuqF|!kFH){(_o_IYg)74WI@tmWuVRik^kkQC(@Pj}3^O)1
z{}8u_Y?)(EKG>Oes)uSOyf%M`S#z*a5ZXA~GQ8n`XWxd_vELt1%IYEWE|c4u=4k;R
zhWeXyX<5QIz;J~L0O(}1W{J-VLBjf`B5BrwOCTLSIj&9Mg0SrmK}S^7_EVK7bT0%)
zD?h!!0kLIOZktc=D%9}OF3_hMi;wHi8cH~+)Xd0I6;Sfykk8`w_08(dN;ioynk<Of
zoA*3Bv~L&vyvT@#(!3<S*6d4gxMe)St!ku`0veN+z+lc_S`gV+3x0{YaDXwf3jJ7C
zQr42ThY;?YrPesHfyGeVkYFys;tBBl&K=k%+gA8T;rB)BZU7U?I~xyVlpPIo`Wx9s
zq>S*J-E)|Cuv7V?_&_E-Au`lDL~kJT(vGn;+@dKC_s_nOWDpYoeLVZLlc(#iSo~J{
zh%MR|uismvYMeiU8(k!$UoLCdewCE?ChN$&5SShx<eSYVRzencXScdkxfvjC)_Jr+
z@g3Yi`w8FgT)S`KUx>_1%&#X}HP3?0mlIQu;!!}nk01UmYFiEX@2Paw7Fr15ePDIg
zRjFwV{Km&LGZ929j1$z=bPZyQ3~;6ZY3Uwzqdb*S9+IK|>en#{520$9M=81#m0~69
zNy=kZ6h6iQrl!8MH5h_O<xjp~9yQOO;#=MFsyR`3O)CpECCZZSC1sTflI(Qq*G4=3
z<|gI!eb6_~Lh&X`hJq<esm}?MHF}@#095gM%swJ|5=9-|WDGIi5XGMm{YCi41$s@F
zjj(7V?w_v{^FoCaq3%$;d}{OPCNlSy$9;k0T<3EZ^^gL7PmXoMML=xQZ7jCS-=x=6
zIY^G#_4iks^!=0M_I%cwNDS4tn<$}?c0mv|mg^$ve<2psk#7aDX*YP1M*jj-jw0d~
zFYpFG`!+d;Xy;=P_NVly8p~4yMkf5e8h^q`@8gxOn>jQ@+z|`Ib(3$GGHK)sRw@b5
z$d0p>!}|!)wr*FiOVq3f8W;D-vvWZ{G}u0(hP3HK>03pTDToa(QT<ttqu|-pwd1vs
zC6+#Ea~5&@`3L0TmbC7NVK^-H>56^GI;FJWZkmzj>w5`M2*z+2%?hdjx7eq24N=~4
zWq}qfgSUd0PZ5-Q@?i;A{c*S|DMg@TB>}^X(pI4j?5(0P7HrxtjeWck=7%<{*`7G0
zH5KdN09tIpC32WjFac1`<ukc2M|#krU&HB4mZRZK+TXB&tjn~RaNIh+_%@h4zDZ~8
z`z5@;4RO$|y)CLXa2nwx`T|<WI<4i#UDG!bjGfPtPgQ;O8|0vtX#-HmHC9{Q=-N0b
zfiti70>$P^gUam>-gCg6sbCG!K1@A-a*ywwe`U!aaKX`GBI-dA1nLkP3EmdHJvE9X
zBQa282D&RWR=nQ>3k7Gc?%K-nLcBy5RP+igE+t}OshaZQs%=c`3XJu=QN+)!^d7W-
ziRhILF!GE+B1=r!r{AY0@$iwywJ4?{#b3GHrz_~wlCs#OhVlUP*sF$s>Y);(<jeSe
z7#(UzeNJ4P5pC1+el+Z)yqXksMWUz+=&to!9k7dY<jGea<vyeRb2K;$EpOY_V<L~l
zet6WzesTUx5e^Vwz?HRDpvWc+Kb#xFL<b{<|5ot(i3GxP_N6~V_KT=r<#&|9`y!8J
z-Oy@VC`a&KJQ5aGuL4b8+jm2S@`Urh>7H^>zZI@~qWKmnMhGqbzM_E&XfNl&eE~it
zLYnf%dht3Hv)6<i?M0Cq>Sl@_D#{8S(HHdMO8hvb7waH)v=>&xp{hDX)NEzUD#tQG
zK{z>c$h2*oP+8Xdfck=rZ9=vw4Gl=xt*JVPCE=p_%dtGAGmU|RhQ~19cj&6*ZEERt
zM3!To=kk1%R67(u4!GZC^|D#4M1xKXds~{?60E4jZ}IL2A^2Doq*2mCAcoPkj@R<h
z`QD34sE`fSgBGH#mz#DPm`uvoEkq~wzM}`Je(LzKL|KD4>q8wasa0u^c98?xS-0<B
zFF~A@ly=BVWjib%$>+%_ZS42+Hb~T1N%~~?jl)y*N1{Z>-E3@%?NIOo-|F7HO9d65
zoM4+10$W3s@^Qk&bafpsb_TL<KT|JWxcB@nS4K^XxOElhDj3Cr_M*|EhdtQeVh)uq
z-*?{}ei4039A}b0L7Md#&xzglJqeTAVCJVnY*JlP+Y!PdTJP$45^N?^o5f<0rajTE
zZ_HbCzpv4wnHWI1qmg~4`k!>Mmi^JbKO{g`*A;FBS_WH6BMLwRr>8W7btC0`<bff-
ztu@9~FnH(lJ$FwBbF@Xg@1BtA9&lv-ops?8{LbI=%C=z)ReUd1SZO+3$L-R(;+q-#
zOJMEBoPw3!dQ_kidr|0mh7!*VX10~p64LQ9<UYcx<KaN^?x(?Bc|EXhLEPeeTu*MT
z$P<PNVwuy`ofZdRZX{gKBvOH8&d1-#t(AFZ_KJByy_<eZ;DJ~cbam&&UC(*SLjvM{
ze?|#vn$>M}%zwXW_7QsZCeaHuNV6JP_>Bmi=X&NHZb<|rVd8@fby6z|VS&laxHYnP
zxCQ#F(+BBAh4o|^l)EoPXXo0YE1q4Tyrj-^qK)6PY<(HcD|1PnErsJ(KMjh2<&byQ
z)UKPw9@4x|^Jw;(A(x#fX#IILgSdTGst@VHJX|XN>rn?L?mQnbeju*Ka7cN#V8K>h
z<NRnoQjeUo+8KSFtoT^%n}oM#fCtv=uH`D&)k~B(6MjR^<z;#heqcw#F%l9d7BR7b
z2gKv%JMm!Tk!UyB`{P^f@!^~gGU;be)+o@UsLK>54tOU!;5c|c$^}gQ6U9ce@#pk?
zMp@SY)pT@zYS*WWy;axLRoWn=9hqO3@tvWkjT*YVyeCA0v=x87gtF-Dk<H#-U)Il%
zp1&LVv&jTRdP7TJn-;b4fuvUza>_T8aefe&oct2<7u{0baEQ$aiQXg^SN4KZat`vB
z!znvI^M!1jA0WFbLf0WE$U7#Pw}H`!mOdU?_R`?P`CsQ<LC30{Qj_WPG8UvD(zB3(
zk_g?vprEUmWLXbHhZG<wTF|*x5k=6hka^Y4d%bB72My#q_I0Rj9I<RI1S0TCHmY}*
z)F&v7?3^-<F+4d4T?6qZL-<Ma(|>YGjl{CByE|qES@qD=k;A)evh(|SZiHNvnom%I
z1{G{9|JgvPF^#(#gdao@0rU<ngc#}hl6zX8s%&_vq%1279=#aLm*nlWh1`tuzk@?V
z5qH_hK&m;20B0f~LGW(a;q9BDp&D_R0PC~V%Th+!HBX2Dlk9$PCiAm7zva}QrCz@o
zVteQLl%DY)Cr)~U6<oZsBQd(4Hp#*zWzowa$@1v*_qdUVcV+BJ09>riQvciN0OcUb
zo$d6nyE0Vce+W{!5&>7wixDCqOT=M+|1-?}A1TBsIX)Q;@&omB;rmXhAr<_e-FfQd
zc}0?L)%Klg-ZNxRrO{x82(Rq-7~PN7jmC&TPT#3=J(DKu6EsaaB&YQsXQ-ty$#T51
zcVG`wYv$4<f>L4F-(f`P8FXpse;Gvqorrr?x7-%;2}PYX4jwBQf{cF+fcZ7?g%qUy
zVx=cVvJl-TmG^y}EIWkVP9zQ<JB~B$1w;x`5_u1yhH1(8?8VpFGvmyB1fN+b2L0?i
z{1CMe@CaAIxCubp@}-5E)k~jPzWDjg(USfELhCaSf9J8iwDxe$xB$>&3@Q4o%86}8
z<R&uHN-{fKW@s_P1FAyEU=DxRaQV*mY{q)~X^d(<SWHLaPN-kQsQc@v%)s91R(8Q^
zJGwBhnOi?w{~?aQTxUyMHrNj7gJ6cBx-LT(L}p{g&&-K|wflF!3-{Q!NDRj<e{LFG
z9I<p8XykE)n~DKa8aDeu*42Z=Tk+_Zk|Wn_P3r3`e!-&ZiIF1>O5&`jjGMh4(pvNl
zH>R|I(F`FC&O+*rt0P9pyaqmQx|#Y83Hg$&5<bZG#rz7X1@@H6Fby1X>n&u{J4PP!
zut-hEtz=KTo({UmJ!7#Hg4;;s`R;5NH)L;;5^w)??$QB*asA%dF9*vdFQj5Alz%)G
z(u@i>;c`1@2{s7l*;(I5tD|RH<=9z!BEE8%NMQkAr`jxE%Ay788?dk#MX8e~AUmP3
zxMHT?=uN9=EK{&Ttu!tS)8w>FHPp2;W=UDe3=OzgenzS1WX$TQpV%0@ip|d3O)y=1
z6@;lh<=Ugfjo)ImTyFhHo*)<%Fj#3FxD$)Hq6s9xuivts^b=+Y`WftQhSfA+Q_W!(
zbt1P4oC+X6i#Q{&i6rO;Zt~t;zxR$cxFdNY4B=6+dW#AOqc46vR})B0`B9;orS{gY
zZ@S0pG}nXL^5S!uW<S|imw8h;#S65D9IhI~M9&*|VkPtlpz2epw4o<=N3cwgse<gT
zgT1GVi2^U@_egeO2z0bj!dY@8eC(V4=eu3LpxT_yhRX@v{F!R{CQ7nDuZ(tU(L<G@
zJbC<8>7<%OaKM$|L-TY$rgqh}VD1wEPl6-F&6MKrHY7#AJ;@{0K=t4BsBqMMK;&<a
zE&q(Qc*e{6v=9O8^1cAd3`uW6cG}sIqAQRNdilnoot|lNy8HoB0j|cqLa}*IwuZVO
zblcMglY4;=q=|TD)P4Rza0c@XpQS3|(Kh+T5A&Y3Ed670cf9L(97U*YMls#OABrla
z>P_qlvr_ZW-Fnw9!U{R=uUBg2L^1|WO380H7nr)sV^`>T9gU6%>Wgm5Ntiyu43);&
zl2mROQ|~`|%&HaB3@W{x3*#xRTgHbLm$7@iVfw-R!+BG&xUwK<c1Lwnrnu6Gy+66v
zSwTNtFM>YQ3R^j(7*h_pId74jbW7C(>uLSf)9>U><U0$F=U18^W<-)XuSyzG?JS5R
z<oyPa?^<5@^8|&Ds6g{KMQnl8W5hmj_g52+;I5`+2{VzSz8D+!f4lsp%rDLJ66*iP
zJ}#_NZoJr|R-i;BJ*(k8OW=L_Kvox@Z}qxIG?4nKJ<x1UbR-*wVxuJ*NRW2(<|H)*
z7M+&Fc;GmvkL6UGgXuwqDz1%s7pdogk3EqZW@MjlF!s+zY;7%l<xTv(l0!b);X4Ir
zs)WW*sc|K{*dBie^Q(!DnC5;p<1NVGaV`7Od{r&+2#7f9Q<EQ)li!>hRxCcJ1HJro
zY84albSEq0Bu5IEG_}H%{oj``e1ireAr+8RX<o3Ou^$Y7{*vg4E?j72Zs?pZM@;z!
zzD{X1ux6Fs2^3U5cvLj30g-n#@e*>Y88vnMkgPdW6*MAC0ncKbJIrGk(W_lo?6fDR
zT<OoL8bHyeYXA&TD<gQ?p*!<MFxo{h%RfHSARM#}><4Q7L0%8Rr^pJR(w<>-^<?jy
z!|)s*Md?-WG)48<=d+qi)OgH!zrS4akD6clS-1zje(XcBzm8EWB{tJ5;4v~Qdtk$2
zrWqN3XgE~-4$HXWNRzF7cvB_E5*%B`R}IQYu~bhJt@TTDoMBXhk(}K-%*nB2!QX5O
z;|zVhJ+4}2VF(7M;WHh0%-LWaywt#E<akS#k)pz?EH7b9h{Ok==L7T{27ia4hms_H
zI$L`8(-5&Xt-^G1m7)QZ<A6C$$G9Nl&^@M#URS#Kx+glT$K<;34Ip$zCQ;43=3~a8
zt~y4lcf(=P8-ND(D-J!fltX$8_@W0i4^lX8lvn;R!?229c2>E}Fb7OCO_?>AV?;bG
zr_379vCaYQNJ2aG(Mx({-@rTlCp(SKG_EW1sZ!SU=3XJB@LwIgo<n-}8Z8Y}`JhnM
zBU|P0i$s@^O0g0E{E7A1rD~bE9cm>R>LoLMRDH-&My2t9st$Y;%*X(ZP1AXGpfrbt
zb)anVX7a9)cU1^oG=+%C71*>cPj~jFo2k7!;!~YsfQ3;(gf|n*38Ec#6_nV3l_fZ-
zY_eK5E2X1ZU&bg+XSu+dk!{*=tH7NpxwU#dQx@Kg3_elYu>5K9@KjosoO<OsH#7~V
zXMs|y!|NVeBd#Ju50|>MxK3W@o5o7RU(>-WAEI|}j@TWxt$rH)B%Xeyu^e3nA6m~F
zQq?cRd-9^s8JR^@AU>_sC#lEdtya<}L7gsDe39IM=zc)$<7cI(X6=LMypAk9;JE7J
zvleWzHfOZzw}4_IJ^x<e6%8YL$_i5vCQ97aA7!<WNkgNxnKdu;@uRcb$2-+&T_2-`
z%h}e#y1LVV4u{bTp12xO-*~A#oUsSndvZiOr`F1@n~?H_d_A-4AT2|So`!FGZ^0LP
zqhxbv?ccs;_k6n7P@dN+{7Km)%C}K7oZH`YV>`dT7fAN5^g7ph&%ZWUF5Y>g`YpJ6
z)XJz3&h4xrv%kPsZ&C=Cb|$fRH3g}EhF#XkWdC%yr`x-)?{1N)pIMAftrR%PBkn&`
z7*+h_)5N-S%DTGN+{MxOD7d<o(3zJdrs@kU&n7TV)MKyx6F-JB5||hHMMx7fyHS8m
z8`HnZMZwyo1<ydVST>()mVUUF-PG*EcSHkgf;QFK+Cy>~pg48KMuV#AZEsMmBgwl4
z$8vd?P77w-ihV~6yifj0C1BfSpcumwX9fmz8J`-bltf~M9qU+!g*e38!w3?a&cRFK
zE7vj3kzx2j{^kw(m}R<;``iV3&Ff5b4Dlg;ymjcu3}3w%N?!`T4t1u+^T*Y~m87k)
zuXJ}Y#;LsAzQvYjs|_L`QVC)vJvViYGwr;1S34*dRakrgZpuw|pPS|G$?_#!z%V~{
zE6bhYkn9YVHdd(e@%nR)|7rg-Gn^*PYM=FfubmlS%D^F>MXKeU9>&pLwmGlRrJUxT
zRhGvL9r91lxDV9jZvsqO!ggP`1@)#|g}3(|eO!dnvYX7|s#I3nC)=onC<}}LWn*_I
zL5aJQoyl-QG>*2;Y|^o8CG7oG73`|B9XTz5BjpB3W>i3QY&&@=KFp;G*X%RzllGwf
z&e}#oqk=H4?-riT^`L?glZyLaVMefxFW}w-uhXaHT*G0LDUs3<o`C&EIGFe;FPQo%
zJ@G4$-N>vRY3`1{j7pBuG+4}(9|gav5Cy|XHJ5l+^jC>X+?$yMNY%Ft&fKtD=)j$4
zGvRvp-k+iA&Y*KH?;ph^qSbk3Lr|0n?G2k*u^*8kvQ`HSmWK@FDNhidsnqeQRPCu$
z1_QliWZETM+9gz4N?X}aZ4`3vv2#I-W!L!o$yo&cn?=9nX0L6JX30kBF0lQFg*F*{
zHW@?|JbdxmhPXEACcgyEh6eV64s+kZ4UlQokFsJ!Xa4-i8E@;sx{aK2T-}IxR9t=P
zV!yn9Fqjyi&`E^J_c-Bxy^M3nc<+O7InHECzEB?HyCMdn8rP-RQWSuF*hQ8Xbj$UR
zZn7wFwm7iioAg6Lo<cX1iDX)bsu0Xyeb@29nXs=|&NXhyiX?2iebH6<s5m*m-jrcY
zeuJ``cQA_b=2es|(H}mxsnCJq(hy`?AF_Xvq48N(N01>Oy$6M4xZf6^%-<_kwaLX8
zn%+D&*W4U@DAt;6X`~Sz)>JrH4nJX*GKZY+L2c((DntS;&<Vbm1sHWHypdRZBwBow
zeM_lOJ%3c5axgl~b_JJ}xnmMPh~7-IHV`pADs&2$PooatT~^0KJ?f|a$?W5Ke5CVx
z2JHq9<&hWpu`c5?m0cnFpP5&e!ufQQnquF63$=9TgKZ`*g&O>r79R`8W?n_UMbUi#
z0E@+>flvHKg%xQKEsV#guwe4AV3T3#L_uAqJtxFEy2)S|-giiXD<AkC4}8zD_{gyM
zST{Dq9%=WV{tq!}8ES*QrLPGUB*)aqH+{cs9vpKj)c2iAq_qWgXAU4i+u^hRzgw~{
zpK=lNosZXE+<=%ah1D5Wd(&YX4u^P?N!Q;mq;nD~P>!i_Zwd%*EO;-4N2SLzD&Flo
z$;uR#9~tgYu2@c75`x>QkD)J)p~+)2+>t^5!MBS^TbXBZPEOcK&-8-it?9MgE38;A
zn}?-&GAfk!og`!mU7i1r{wr`h&T(Y_%tq#C(=tNOO?CKL(^V8=^yT-9W3}Hi_&0c{
zkJ!B+#+(YHeW!BiT0z|-g!MMsAEn=~jDC)im@Ke9lWe%<L41zQfl-KvinF`_@&fbz
z=N1>Mz>HwdT+s$zjG9r5Bb5<hS3zy+a;J2s<ym2&IpOkKI3fF&Id{WPXifFbZ}P@_
zsOxtrUF*ZZNE2QdZ@XS{hZycVr7KK@vO#+$=cx<bYjx)2R?_Y({y)0j1RAP8{2#A`
z$dY|0``F7`wn?&QUn5H)3CX^j?6PEO5MgX%7eYczvhQV&LiVu_gBfP#{zjkg`G5cC
zch2ve_qq4E@B6%-=k+Y(I5YRY-%LA0Wap!#=aLz3=A4WCbtfemnqc`5Ys<2ASpDvr
z@~Kb$eCL9k!#;<!VH@Ko8f7F9cCv8rHNd=5+2$Rp@pafE2cF-ZhKL92*+NGTi<Kvw
z@?FdNj*?^lrzi<WzsXMIBiqG@^Ct012PMEM{5W>wTdY}7J~1m)C)AhDN6F5^g^qmt
zmARm0>g&imD)|Am50hQoL+*}+<!)Hi1<1{ww+>J6#&rKHO0k0S%v9OnQJ{3bP@NRR
z&JfAD=Ad$(w4v}C5*nmvnBw9e_Fq!N2ZF+>PCi}<0VIxmb$QVjEwQmfJw|??*b<pZ
zWpq2+v?qC_CwQ~<Y{{dCWy%xI`N*<9pON$bX-U$J7SbJ$OCk2}f=cyxPcQIU3mo~R
z`$YH8rSr+^YI$Y@gk}TkhbIJ&e2w!Zv&**8fuliEa{2$V=bitdb0NcF-#fcZkMifg
zqFQ<e?u9Ct=WC^-CZodG92SY=TDEXn5dGl0e&qoqO8NB9f4TeJ74-5-$ad#~rE~rR
zO5{KEI7j}n5=9_4zf3Pehb6f^0;Tjd;?pzFOAt0ccFAvzJp5DeR2vnq8cXp%f0=~k
zLwZEWzb@BEMBb^->mx~`Rr^`G*)@dx%M1F&7>0)W-_3s#`gqE#NpwZ(X_Y~>IU9l_
z%sqGIg;kKpFQ;R%q25Zv!Nf3SH@y<&!{8{%PwGR>QF5@TSiI3t^N;k;_kviwLrB`(
zsc+8GtcTIOI8{Ghyx%a_En-V;j88!sJM)Nae>V@Xn>n|d(Haacu(PAxN5~Zfhvat6
zyq?~zPsyBTF!T$psU#$tw3mDp&YbQs4QAhZnwczVS-1%%E^L41^e)3fG`u!<UFUqe
zfW{m@OJI`KzHI%8y84_-Hk`ESsgZ>kdHt310=l_IYIi)9JBHGiD^}6Q@kF>cF2m!Y
z(PD_zVz1e@o|83S)hgi+YhO}weagg%r}z}Aak@vG!`9#zV(XLfvB=?5&atD_L#Bws
zJxVX#=1=(Ai2~Z^0~U3Ara!*WzUV1vVBqZD*7lZbbQPOD6Pc}}^$jEO%a8ws*cYnW
z|FbZaRbF|usekwU)@VIXud2a3qTZ};!kVSQ-S@6DP&uSIRo0*Ar9Ad-NFB(pyas*3
z1FO6t?B5p;VFf(d%}6B9S*!6^#WD1ap~-2tIfoJT5aRDGV6u7e<qsWK|JX;pUAcW8
z*L&^}Z#tu7H4{5~e1N)}CPGo2dajVag|RlrbLjag*ZAEY(#$eFscm&P3rqOQ+IOVf
zqTF8@>JGTcf+(y%kyg)Bvm;(x)Bfz|QymDRRw}&A-b9-8hgviA@*s^Gyl=C~hKp93
z0G2h8wzDNJRizsLh!*B4C@a{(^a&iAx`~<1VfyOGlVepi&hwOu<LHhmcsx_z0`bY+
zH_XKD>k7%5Fp2Zh72%#Yw)FdJvYXefJJ_lhNtt&^CCFV@nd3flp1TX)nx*piMJm5X
z`iESt@23?WkWV&Cww#%_nmK!a{3?V#hklW=1z4$kTV?L2+Gmz$RaFT%auS_Y0CLXn
zrfP|0gF#vLG53OmcL4(p0HGVTRj~Hq+gYB&PwpS|rD<NAzpG|lj=woDG&&2<ej)db
zQ|n73`eCM~e``5oV>Q$IfBTsNZkr2FS8f5UeZ9&CTM+$!9{|l6;k6zmRig#9a|Hi5
zfWh?WdzOmzhlg4$F-Ibb5%xE^QH;KU3GySlEL*3n2i%ZOvgtnNou{X_lddSm8awpe
zqTFHCjNs}5)j8G|eLJ!FOY7Kt;>b7~o^)kC#n|EeHl;gQGh#R8K?MF06DhMge@HK#
zxv=V1L7Js(LGsthJ!+cv4OmVFcML*vdEPg6!ktZ|PLu?*9J7g6`&E><+^B7u)hhP`
zT1K!u5?E(VHordl@-J8XWw*{P<`!}#Wm2s=^4<I*Kc~(R9F<4m?TT{tD2uWu_uP8K
zX8T?0(yS_kG~K{tTDyHeD)FqvO+1c`Cyq(e;YmN|Qf^zH2PI8URI=7s&CN!^Hbqf7
zv|-v0LOihGr!`|5%Ok!Rrm=-)4USS48K*rRXAa7hCSK9ylzG}-Sm5o!KvkYDjLkN~
z9A@4p9_Ua;mm7qVBx7!2SSzzXB46f%-3oSY=mBuai14*e!}q$VFI)_iTkWLV?Ptk>
ziWAzuz~f$gcx@HxV!;j^XQew~h%H^uakZLprz(7r>TSsNl=((-T3htwy;+SY5fK5;
zx<=A4n#n+|&{c_9ZG`vG)O3S9o-dz$Fe<ELX8ot<p<RBs*mFMB+e*^$llA*hGlq2g
zw=Qo!tQvO72xhHXE@fM49}X=E<iyiz{iVv4ra1g7{`FYCA3=M#zrv*BQpcz|#O*(7
zuM?o_ejTU?tFsb^9bug%cG#Tn`a@*O)mWZik=r!pO$T$eCy+ib3Rp8F-_J27pJ$()
z?tf-xx|n<XY4COA?)}TE0ePsWlkZ023EUo`yaO<mG~&PJe&Pc>U=l)x`H_W15`R`&
z(^<X4K^T*xnq8DP(gRc8WJ7BJrhqft91(eTIl<v6?{%Z--qlYxHA2aTA{lkm<jJ){
zF$^{@0+m0V%z_&~PY~8(AwyTLvwe4kHC$3B`?So@{Jj5_0mPp2&V%v>``*bXD(Xu6
zt`D0E|BN{l^HhK$e3d?z(~Q$vuAJJ|?H)I_TW@wNsJnf=+Hp)ef~*P!J{;{&_wq*u
zIXg_s$~r3^!pfFCjSdtZU^tuzWZ4L{b<b2RQH+IR#u5&>-hkP|-;?rr6JYhPAB;ly
zuRmPHExx<LC<0`GAS4?A%i!Wo6y!ZhK^wO*fTM0-1)pPAafYrdES+B|93~~64?_5X
zI5S)_C875kq<DA{bfhqdOP0P6-{$~`8!2FR0`=Nh7h_qNE|%jiKq~^_-vA`nJXdjm
z#>GS#2vXb)?#FNl5@-i-$?eC$M*7kIc&}1qkln4VXR>QE{g96d2%XMF#=oBF*bhzw
zp=^ZC`h{q61Z=FJw7L+bxFD;QMne#UxFkcwp@J7---sYI3c#R<H%9=^;GzJ^eh~9P
zfZ*dyC|x)M8V0bi$zH9<pqWTxg+dX;eFAa27zHuR2Y%d$G^Am8QT#|@=tA^)K>!{r
z6P{yu2Vrq)2J`yZ55x#S5Sfh&tHW48YRz*U2Ry`n5F}jgT@*(FHN%U)Z2-W{n~*mb
zsC#Rl{ni%C^FgUJAWD?LObXG9Mrf>ireSTI2+Y|RqRt2aOYY;LCN3*=R5#$-27+AQ
zK;$1bzan^=5|~E;9w;K_2w+(AOv6Y$!AZ~q<j#alVhAz=*nsCNQk}}Qta42HEi71Y
z!Lq0ML9-^t#+hJ|jWA#L%)k=G=}8<=i^3HDeL{@jk-@wU*5)qY2SsEYK@ty}y$Mn#
z1dCBXXK+yz#li-u>IN=nBbu5CK-Ma5zKQOGL;fXAJg0sOITq0DSu9=hOgv~Fz<EeR
zJ`67k9bJeOSU~2&J~;@&oq5-Te9dzOH)BGO9|iOW7kjZ%#W;^#fJX%Kp&N30#q%8o
z&|LT2t^vRqxsVU?9Sp-_q{XELA_4rsT~UHRDI_EsVY}{`g`IaM_-9{;h9dw#Pi&$N
z*x|;L+=<Vo1b^Zp9&4T(#0BedySc!1C?f9&5_#CHhhw=-@P7kvW+U2(0c@<|Y?@F7
z4hw;|DmnEl?hzWyaTAQV2|nC}6Twv)kj;kV41@L8VVOAqnCYTRnTTDgTINxVo45mL
z4uX@9?A5SkUW74If@?0Y0)^ysLwHwULMWKTks&bxK;$k!{JUv<%afDUk3Z+oz8|66
zvsk#aAAb<gkK>Yt#0@X<9$kpU6u~aq^wgN3{LpvKVsNn&TU(0b$_2Keh^Qk#X>ETA
z2i(Id2@sl+5bDeJf=2=9X#jX14en3~dd%^P@+4v|NTEO?;0d`|rQ)}W%}XvNB)Q(?
zch+cL4RS3(mA;7tyf*!H8Idq^S*A&~JD+FWv<*>0{7@hpQ$!%b8;FF%0B-_Nip$Fd
ze4vPTN06k$09_nD31PZyFLD%cG7Z4A_kg}eRD}a^9pTC2=Yx6ikW5NQ>lH}wRY+?R
z*tQoYxnh`wDjUK~m>vP(-Xn-C?mDrj3JvD(W6OL9)KG}x2Ee`s8^wb4E+!CVxCudm
zYA@J!8LYPsTOfWa)V&E>O{i*z1=d?zin41ot6<ZfMflQw!a=|Q&Q=<dHM~d+ohVi$
z1BTrzDX|l^pxTWmRTJ{21j$i|;M)E&F6%-BJfVohBY<mdKOH0GfU~6svZW!Go_L^s
z6_@gS#lG_^{jC?$Io?W#2>Tuw2=ne5gzrdL`u{r+E5fsUQ4u48^042W&>-v;;TQ`3
zi?fI0C^i7gi|Z5<!h>Zn3?)ntoI4Xrh%MC?i1TVUvVOsbslSR<3Wz|T+bQd@Jd!C9
zGq{c_L>M)Ozcs$0@RwY9Jz#uM(LNq#gNol)J`PD*C^~MCzzn3)Z3|ov5^m7A`<vC&
z?gPIRmv&HvaT8fx^w&wr;r)UH7G;B)C6!jY&n~>c^iyiNL`aYqT`3<d&7h|r3Vu`A
zn2I@wi1kn7J2+>x=Q7TfYRvWaBFl;`NSs}!LeI@hIn-86Q?PXKl+EPp)z4rk|A@5S
zw~TdjS^MHIPdzg#`YPt7;>RB&y-ck^eto@>#3yhUg_d)c7#}lyWtzFV-|P3C?aS~T
z@+`Kh?IrXd`@zhkS9vchK8<ZHquFev9>*`1y&ip9LENtt{pf|z_>}q1ZQS(LIm_e|
z^Ww0n=k{_<wboA-LyvzoQ5)Ra`~+5|hp3!^T-ofS>M7+wQ-x-6<1!$XsBtk+d!$Kx
zFRXYn+Jr%O1SD5H8EKN}kLU4bUjA|^JMmSb;D+M>7Nn9eUJSxB!4XAhQR+)-75TmP
z1&tJNeb8<M#Mx|$J83(9T=?o>%8y!(H>Ph7Hcvny&%7@NvxDDtqcbjDggVj_gr|nD
z$=;-ZXUKA2gO7kbG+k@m#})!lIM+@%lU>HdUlK<OZPigBIs_V?GTs1ENgQ{Ry+;El
zV~53#GebWYpkv&}SWr86dw1_LkLByWG!$&^OPRtN2UEfOjDl(48%Ade$=@EhGEu*N
zfOLeaY9jT1<x8#n@=-RLCSB+3yGDm@k1>A?VVbc|jGHM!lS2uw#}|#ylyqw+;_aap
z6PIkDpNkrq;9;K#VJI}r;molA%*6-a&_aj_#N3B+YazX$`C7;zsKt+XZz#L*iwCY8
zy7NY7y3>HUGQQ>^q^cT1GXsv>wvUdJx{suQ=HEk-LhbG$sn24s=(=rQzXI~ma#bR(
zwTVApL3%o#%{$={e~GVy982|fu@s}VpoI8wX=r94S}3f76yAj9Vu1P=G?KtcJ`qSz
z=&FUjdwAMc7lV&mvIs4pYgmNl)0HYhGgBYlcjZcMx$i2ht7J?$bk=qI*lp#V5fJtG
zV$dsxQs_eNBMm`#5;&v)El(}|z*Qv~tM1C8+h(K)+6J>~Arw_<j)BZ=Kw^gHTNeok
z&jtq<qY)sylrB)H_7N0zZ$;mDE_wVVlxE<Jw&!Q<+p!0DpB6&PW57f?R74ku8V3r{
zhET#Ada{RE9Z}<CQ27Ehg)XcB-Bb;1-#ME?b(RCXABh7TA4hH+ObIVDI%ClV?o&h^
z=`Cs?)uE~nkfu;o4J5}SK;ibWa3WYMWZmmxaQAL;Ya*pUcv5(lQ80yIC|e0y1u9?E
zNCzJ?I-`PjeNu^YoKs&gLhQdjt7;*<_z2J`<LIFInn+iuohH&5dO%t{erkMn4W43j
z#t9!YKC_qxJlyeOv)APYv7KR7I92FNb)-C0s8E&y{uG*EEc&402K+J9+t|B!m5ida
zV#-3XBdNAGYzj1T&y`HKxyV;cm%%tEe%u^n8#8WbbVi}uWz7DTJ^~{7kPf58hl*db
z;9ZL3?GcTSMt+EcuNTU4!I2<+bys#>XHZ6=ub{4FkuRMtOQ9?k{0XQ<AWSk@_4<TM
z+ObMBoclf!VSMHZeW`|Ih6)wPUWSVqwO)Z=H*UQFF9cC*h}e#2ef;V2>}>c`M~l@9
zNnL~{at8D#X?z3}WPDg8%MSkuvVA>H3ZhnXy{2oR12Zii>qcigg&}%O5E@8J5S|kL
z!Kjr2?q=M|3?DLX<%Ay@EAqfQLDZT9yhxwtXtr$C;_7`h@#CAihzH0l5dI3>zQC7S
zcc#FXO*gC1ms@wEQ1%*J4FuOY8<#z!dI(dSKE0F~d<h<6+{yy40O@NCM5U9%`Jf3#
zqW3B;!6QJ_4+bQW4Q^;;wrYFzzJk@30_acFxC#i*35OL66bKZ^Qo@ZvYsJtM6B^yS
zpkD%E@=YD$YQq-EwJRGA6?Z{@lE?pm^wnG`b>X0lB3}{RtRi1Y-Hjq>vWdK|g$~TT
zg0@v^DRPv7g5y!$s=K%x2b>ZrY9y*v!3jr!lC_ZZP)Ri;Cv;Rz<T_j&DxR*IXbro3
z%mzKHtTSWM1!Be_g}(f{3PrLsa4!&^3JxpumDhDCmc0bO49XS^d)B0?vNa)gZ2q)D
z7rJ*JDG7af4@m~?Es|x1r-70mh|t27q0+{K4+aE~G8JfNwSCvUnP*Qb9)bS68P5aR
zri>qhY?H^QKzK$ttjL#H*QIch2TlO735IFHRljg=iCvNWauq2i0OY=bKP&Pj*9|D}
z<<gxglqG}T2H7T!_ki-=jAw(6)hl>($#h_96)9iS%nOgl&g&=fpg(WNcR~7^uF|@K
zpo{|9D{wkcUc@*X$hiPY+(vf1%o1sn*2Frgu?};)AM@%_yWX`g*nM8sxfkJ%KmP9D
z-_+h!5cX3<UF&V$YtcQBTTx(=`i*rU`>2I;r=7Q}f0=Hxu?-SPJcxK*%N4D0Egj8&
zkY%p+Noa1#zJ+>k%4Ko|k&N+_A)HeY{xq=zHC+%J)Z)hkFQ)(%!u*wiKW+z$Ckgc4
z&m{<5W4v+8c<3MV7EGyXh^i0-!VGctfDFxBJ^dY@>Pd@|dslQe=(BF6*IlX=qv5eo
za8H?Z`)lWA862Abvz`!{%!F?6$)`m~7sgU&Eoo=Jitab2-s!xxpO)}Pj#DX`@B<d-
zVbru0M$zMW6lR}ET=*4rD-T`u8W29)TR!_9)yeS=XSaOnqFZfmiwgz8s|iyY${b%i
zMS_oOCGU?dNeQKEeL`2}r-jQIFE$TT#tnv{DH>Lu{Gol)_lcKI>3dwO99|gD?G!M%
zuTr~jfwL>+hA^7&?6FttorPq7?AQf5Z=WrGJ6rtGMo>U|0kj77!1?T3=O_~-@Ua{3
z`Hi3u-9{#~51@&v5k%Ggv&C7W>IqTx;eV=kE6|XTWrD&}fTPRy*TDJWuVy@qs~FI)
z2K3vvA*MX15dQ@HVxPbGkS-jsp+7}XoG&u&v8R3oxWeWElBZ}y_A#O*0PnfCLf}b#
z3Y^w+4N03Kfpwz)UV=hg+nMk_&`9)8Ao~A)wm9BKXeLrUHT=&%o=DYbnb7P2*nGET
zBl=$;`ll-fYN~-6qJKA{f6f2=`;?6Xa&OKT6Y!qY0copvpj|~L{tqCa3Cvpo^T9K~
zBCN3f99A+5gt_-gTZ-aq^?n2LI}n>MVk$uZ1hU8308BWd5qZam_5eJ9r#7oU2dnfD
z_8pZn@0xA_d(n8$K0<R`8|T0|aNd^NvjfpeA{aX2Vbg5{fFLAVf4-RZUwq>xTfoO?
zJS-LuW8V8jjBnplk)r|FB}UkJw)pcx{iWH{Q^fyR|3y?kiN^1LBLqaZRsXY|m;4Ku
zX2tJ2;rDlJiR5TSiRyCyk$FT^&m^jM69Qt}hA-4Za+w-{k=tkBykki4{uyz?h^-A6
z5jlbI%-0V?O#lVq9l&=7K)=emeGzI(gX0O}wkFVK1+-lxX7Rqp4nd*xzs#uX;(2su
z0gPv}*l)Pu0`ac5#V}!}ZxizU42J#)oCl6H8o~Yx)R(xGt9}t-QU3>pcHZ2$1WNo*
z-j8wHf@6|_!OtVQki)Beb2iaS&#P{5BH1lDDt##u=NPe9f?Q-C{T=2Ld-&`At8Zl~
z&o-}&3SORwjBKLjzfbMw6q8u}I*MEt<ny%0bT&{q#*WPpg_N8%Z_CDvxbQa^sG!R7
zlJ^7Me`-D&&KWEc4<Gt$`5Vi??TixUO8FFMcG~se5##D#!%IBg?_zp_79|#zE0rL#
zfr<4lNMGXL!*7`s8a%0_GQ4ty{#>ZV#7K<Vj&>4I92mbb3cb0ndIZSRuP8q{+I{RZ
zOUW(KqlJg{IVy*dais8bHSJL?7#GSs*Mi@u;O(=l_d3kw5wI&3vE*|jel_C_W)4~1
zb4>gQm8cvvPx?FG#)Pj)SnNN>7^MG-f)-;CUW_xn!UHHypE%$LinEz!<}Bq-?z!Q}
z!E@jZ7cwmeKzrqC{JB-pJWZwd6LL0Nv{#s}0p`dYhO`O*Uhq}0GPe`@2ah7R6UL|p
z2#oaxM7Y^^!S(zaCPy&Uw-fJWA8gfVsGFc+s-HL8JJU6U$%Kz!{sWM4(?cGSe5W6@
z+=kNH+u)PV-w@xZV!W__iOvhcM4uP;o|=hg2954Nr$HowiFQ2ihauKPr==H8*Ya|S
zPS=pR<ygbFvcSNb6WDB;Xa&}gr|*rd^Ux72ml0o<BGGE{xm;8!8<5o_tY{BF0+ok;
zSMw<5uT57IahXJ1!Uaz9A1-^6I&}kVoMz~SBO<p(p&MY5bgZHFA*>OKi|gx38pRc^
zJc)JD9Dzu~v4+nYf$q0Zoe{{{9Rp_*NDzU6=`K^>MT$<(2999i1GqBHL!J;_0)Nj$
z$qmD)K9nq*F>!tzS7v_!ZTtrv?aAXEgB0=AE@KRNY-GnI#vs23a9YCH6bV7#FY3;I
z$&Hk$X4D<ScjZ{xv~{q+9OS9iR>?Xzj8k}GHT{CG%|E^ukq%}|LRwn@D`IN7$7B>@
z0zY;nZ?wp%ydb=j9D$7g%dX+S?8^HY1QAvq{!8x5IAy>~=olus2hO|*lqA`Jm%G|?
zB_dX-XdO)BN?3`%NYed(NkTr<eYXL26*(iaMd#b*1GDeW43$oKd@kZ-_!WK-$Y(Q&
z>m$0``AJ|<8VAV%$dx-h&H6;me@*Z_pZJi66%lm(l*d$;(6y4bP>=h8(l)dqI%9Sv
zIR2}o?muS~a@lLx6hRFD`Cki53m?Ot?SXqQSjvpZ;eVhWHs=swLPXfVLK^&ou}!h9
zVGYezO*t=st<;COzW0-m`@bPnB3Rm#ICc+A;YwjF2N6g{1pW)o<N~NA|8ShxIpzHo
zcZeOx++IeEw6%m_+J)DGB>*^tNdBN{owNU2zVa8S+9@^j%0=>w<*GfL-!Mk>mV0pV
z&CgL4%`r=hyO{ls8@(n>V=b%%k|D5hW?oBQZ~6-{0>_6x(tY05msb*RJ=%Jv^g*rR
zMy}PvA&L$aUONl(SRwC6MQ?;CAMpunDv>TOq#89=9R8w=37ZO3waEH{1RkFuZnS>3
z0$JNng;p1S*IS=z{y1Er*x(1R5UuiqcZ}D)Z~Q2G12DtAZrt<>P>6qkeik5ijgRi0
z5zg-OO>VmG(HuT56gUSyF{NBUj-(J}yBD0GtC^Y)Pp2qhsc<4gI*UHK7o4YSk?K!-
zZ-8vP$`{5}qEHSc8*el7em!|lP*{7r97;33Vdfp-8>t&TBYbr~!0{$)YlVWtX~HWR
zOIH+`vV3h|GIcIUfYF`tg?foRmtLa&{R7224xWidKLi*juP<A7&OD5kOP=J%(M}ND
zn@2<=fZ%1%G8a#!OKtIQTX!{=5sAGwn?J+@hG^Y|mqG*~#i8fTHxQ)jReuNkt9QoG
z(`A1Qa340eWp-V=J>gO&O-k_q<r!<qA01r7CV$R}?~)czO;cMzJDbr+0Rdy~r8EHB
z5h9(f%V<>V{Pl9KXh`Pv`8r){cF=8b2!D&Z>z?g<rK>)c72YAwr|gDD+TJI#CHz*A
zJtZ6Vv*Uy}7ee^jA$^aH-aL;gxYTY7vJzvgzB<UuzR)v<z)__mvQ`(jg|MbRI)vNl
zz`ZA=znYi`s&QaWO8<LP)IXei?*A~QnzB6RCk=?!?v(nV-8uZs<iKI5P+{$J;fW7Y
zY$~J5i<~(o?>SqAUwx8hCTd9NE(uSZqjPGD<_qmFYys;b!IxCh<_r%5jF}{ZHJ%_c
zf6-D>^<CMt*m+JX>!Kp@#jua^<s19dDa>0*o#e*JmBB5C{a0Iqo8PEj{qVVZvv_KJ
z|H(t4d;WI>L(UDg!&&M&D8CVZ6EZ!Rp?)!^*2A6-NeJh(rw!h0Mje+-N0M9(=dw@P
zZ1KbLTyDL;l%q!({<rkmW6RJ@l%rE@8F?^^RDYlLv7E|Z7ikdUWnCvz7A&I4-^wH$
zb^QgVN349^#Q_(qfl?a8_zmG6fAeHr37}gEaOMjqdjnJJ9J_fWBd|O}jeDGHAApfp
zSPP(Z*G?H4>$g^t6+vJ~<#5YPW=As8;p)X0E=Qcf0B$^D(WrO-e(!$516&e4xHuAK
zyzcU_d!O+@Zv$r#<3q7V&MvI9awt<jO`|g?6|P2&2qc}tJxp3m1%>yqAtbY53>fMs
zI7tVbrtq>$IwqSD_fQ&a$`@|?ZEOJR7xQ641o6%xieC~e<F>n0f?H;pJV>-O8W|hL
zP`_Och(sxg9Qj;AbS5oglNQ(BV6p|npOJzahR1T_7j>34mT(5KFfWtvJO_2_$KlM=
zb80%+9;x!bEVTtWuox5vV^3`cY8#4$Uq+}UEe0hmI={g@5(sA|1t$)V(Wme{{C(xr
z#$iurwDFSWV;15L7)yFmJ%js#8zG9{ghC$YTTGut=mhl=EwT|UmSvzgS$i6iQ9G$Y
z-_2fb-Ro_5jS|=Go)ASfiUwLc=TAppJfp%ExUA?ro539AqBQH2I5g2~4SNT5!9}v?
zqbMtb=2*vaLHWB$E^WgTWXe9QW1+o1W_<bbZ_4yLCy0-!2rf~ux_){6p4raXQJ^zj
zzOIu!3zpX;uk^naYLE&4WsFl~MaXCK1pb(G@7;ggyFdN_w?hwZi-g&(yQGYz7|^<Y
zeS58;ixfTLR#(F0Ue~>r)ocAB18Pqs5>6z7h2IW;M6|+&u*l{~dT!dlitu4Y=+UF}
z-eKS(7&x)`^aowY!Wh&xO-lW%aN%!cK99p`rsppI|56-<;<(YXFR&7Df1TWNvVw#a
z(ZGg)2`+D>V(v2HIHkc_SHkb8$jXG5eJ7LI2;g+T)w8zYR5SAMe|sf2$^IE5Lb7-N
z%P{RTUsD-2gmSN^6JNN&8<=V57_s`jD+-x!A*_<B%zfZuWkSUAK<^ja_#?M-;WZXS
zL9G4P$QR+rBzpi9UdD=Wlm>q(em@68DJ7!LUHQV1^ax*4gm1QeaA>$MPR8W*9Rk}I
zfQyua$_v|K<#sOkzcwU$YwZ~kFMIdPhiUhomz_A`MxAhy2Hj(VC?63_i&OZ=tGHJ<
znOotv2*|q#eupSkN$_{;4{86KQMz6!{sep4m4FB9W#r*(NsGi0{{R=?odUwpW%KBK
zqwNE$tOV!=Lo6U>KX_1aqC;6oon5^;m+XkikKbzE)Ub$01<|Xr+O7*Vad>^ud(r&&
z^ZUv0(uq;wnAdhUs3Wy`c-7CXE!CRbd_k<UsG6#R<r=fsIpD%8W_VJjf;|J#duwbC
zFSu%@jGi)d-<GeotnqvkPF!b)_&Wy486`YC)6V3nm2&JJ^`?e-&_gMa+Y;Q4MSYV`
zTKSBgR^Ir<{g7NYX_=LO$mQg!?(j0J%wF0!vsaQv_U8o0>cPfj8>wdUx6kCdSIL<u
zzxLk28YxW_ydP56QBz)~`*5}1=SpBP#8L9&Y2$qV_qNd=$W2omZLGE->Xa%if4P~O
zcqpUI$X|xZnFS}<%MuS@uW~da;C}YPpzVV=#^WPe8FFZZ3?lqdhi_nMsWb97fbep(
zGSE{veuO)X(;Yi%rdd12j`0Yn`~s8MpV27<hms%sRYh&um;{fetPOk@L*XTrdB=EI
zkGt&`L04T)hXKmescTI&=A{&!PXj2oFEz83_`UWxRD3-nUPDsdsJ(ru*nM2_o8GG#
zCdqFftbhgsS1yMFJ!|s7XyUzfDp#(hW;_wXkB9rcZX>@Z7t*j?LsG{aLXKi)S?dmx
z9vfWKS(El&uBNW@#yGoMOXhO9WW3Hew-U94ak;b;r82X<ft~0REZqClrO!tF{SD5l
zHbXn@Zw<Jj2|L3}@E)hX9Z$?$lQLqmzTKrXuez?(FuQfdsqsP0t*>3u9Q@e{=CNfB
zd{tB?ms`i{Qn`CRk{fSRQ|SSJIfpVts+H^1bK+3yoM)?UH+E7XI&nMNpV>PH!2%if
znd7a|T0Gy$L}%;~6KCC@_wu=?Bl_ZG@FLY_;>mUubyP+NGaoJMGCSnWhQOVJq)H{v
z$}=I6a#a5P(S_Co6wQ;hIGU+L!!I8@F#%OrNZfJqH9#uPi!flRn5kLoE51{^RBOBM
zAkiKkPsC-=`fKmqkN~c_-P}p_By+>|DMe>M0_rj$-~H%%0cZ{oV8!$100;zaz(V0p
zu4vsia9AY5zdgDMJ$sXg6BFJ^{c$0<fp$`th(cgo-C;A;_yvRSn1G541{v1?bM-sG
zs+fdcv86S0D-*71TcR3{;3;2&IjqHSdC%XwFmP)p^*Z^Be+<AG#cQxvwy`L1#X7(>
z?ZSrxRNfyMc9=BC2E%*rGZGERRl~s}KMxJ-yt`<Au06*JTXj8&3w>X+#<PFJf>7Zu
z0Yq;rCPB(BB3OKL0C{=iA_5oJ>I`m3D^6Lbt)t8OOe6Cm2i*SsVvno|6w{%YP$9h`
z@B%L`I1f%Fz!i_$H#!1nw$<neDb%aDcePX!$xYHu-h)H}YN0r`0%8Ep#FxHE8gUHO
zbSRX|>rBX3bqwZR1rhxx9_49yf!3lU5I9G{Slw}xW8Lv|*<-xkWH3DsM7oKH5=Wtg
zO^KysXW)UH{mXv}7*D+MQRz0p;{{>y30~woLiz(Sc={%@HhSl-d+paCyTOcZ$jope
zXN%HV-ZAt9F%OzOG}wLO)I|%_ZkAmTNI-d-Ul6dQBLp~Kw7{p#7nYxxZOn=EA63H}
zq%UZ@*Q+PUTnJwE>f=OVh3oquWNVsOz`Y&}>|glybOZ&eC1Uu|5>p?ee~F6{=8kU>
zaGf<5;U|G1H!qUck2xYQy2yTbyAbhuW`q@3`Nv=UJH%axn0!HxieN#HH##x|x0wl|
za@Ixe<%nj8sdh+C9&>qoLH_R;5AjSf^M@61{0Eo#4sn89Wbe1hu5Ru~`5`fSP6#3O
z<Aw9LV2Jk2Meuzv@SUa$?*GmVALnlqw5D)~t~1+ch#mL>zCeU8JZ(=v_^YIVA+Ihv
z=GV#?59bAU43SRUzta6XfA<6T0`V7}10)`d4PQilRWjL{!Ym2QZQn0ZOR*5)773BA
zlj~d~`z-Wj;oJ1pQ})>$hq8zoiW8Yna-By>tybF+4nhx;Ya>YPqpzoYC1}o&HzbFK
z9q{qn^KiPXZbvC_V9%DsiC2%G60aa~z1BP>LmHiKOY!uRU2{GUuDu;Tyeix@6>9G2
zhHj?p6kmow<ylz#7cMc*PG%vm+kE-fU_Hi;mz;MLAV>sH<7j8O8BqH_Wo{__;+8={
zs$8^B8dR8<!El#X26ZYH%K@ycLj3Msu%9fo3FbJjH~mkSoDAw$#^Vu)2pQet{Y%S5
z#vdal2A{R%c0&pye1;s`#@_(aB*J$hcfIK#6%h?z(|7s0AyE;g?aaHu+&e`t@se`4
zN+ES?tu2!z^B&!cv?W_=RMe6M<}7@JEfb;}=~~<~I%JYDWFzgbbL!D-%KLcF6+lZh
zGgSglp3g)u#{g+#zF)C=DHH9I*7EkZ?GBFZH~m!5iZ|Mrzuw0ZG8?(61gVU!Tw-Qr
zB9uMii8av#IY$!;k0(*bPiH+N@!!r;)yxqu@T|Joh0yHDkMc%bJ&Gg2($Knl6xS=l
zrf(8olaNxE{M}(sqHxkQj><WH2D+?pXXabYSl&+H$eGM)*Hs+*`yBh4(T(k&sk98;
zZVp?4nTm@-FqK;oExiLc(^1Q6OLdAb-F74__Glos{P;zGoZdINS6=0oYkJ#LskG{o
za<>BUOh+8D+X0C(?2`zv<g@aHnJDz~Ky3fHYf-84vk&Z0Bqd$IgYjjj;=^-f&KYU-
zx6)96TC7eEM4YP<wV#BtbPueP`OOvS*vKKZ@n0DAv-S`U!kKM{rvAaUizH<;**oa(
z`;L|=CHzz4v<Fnjo;^TH=;+&si5)~i_wP{uoIi<GC4@(T!=e5OKTlQgA)B}3W^cbr
zK)T)~$I-g{{6c@Gf~EWLD`U@~b$kAX!h5o>@!O<}c6^NPhnpX)I+wH6#SUT~oT>7K
zaiw)6_s=|X3A@~-wf9@O<(kv#_*PcV^W&*6!5cKN68RX1Q-wbXf9#jb1>`Hv5|gv$
zTZ4nGZhViGT;K%kT4}rJ{OiJQJ>@Pvzjf>HkR*k<@SiwdN(pzKr0h)7FSJoit+T4E
zvgbd;SU)?Eh-h+>t@TKPn1l<(HEn)-r*qR-LLYre?6v(pbkZpY&)Ms`mL&R__DufX
z=@aqZ(9g6V#SDLhv1ZUYoi7a@ivNj2u^D~}d*u<7z1O9kjDSJ)uTDS-wj7nM?77wN
z!JgaEs(r_9LD;Zce~yMq`?;0=$TYB>E>-${X(v&NsfkxtU`mhspjfi4!7-BXHAr~o
zP^zLIW|h{j6zH8MXp(lfx}V+RK_RxtfA{#1HQRXHC&?@&joH_glo`a5Pc=35BwS%#
z?>g~IHZh|c+`MbB@1d@0N$Uzv!(*X~G1&1);=VH6M=6a*xOeZRBtSoKG4Bx+M={^7
zy?^=0A)hpArH7T`8+YKlIi<Q`#GKrWrNsi(+K6|Mk_6;-CPdrD?pQo+%b?3!;qy`d
zwUGu%>*af5P>e{G&XIWRdTkGm;N5Zf=<<i{r-XX>oZ8kbc#Gbx05^`A+LoCj!M#rU
zTAjYCJ<{hLud#@%qYNMO99Rmr!Ado+C600<*_2dFTUG9yPekal(8_p++8y3ZQ-fSS
zJsP2_o?qTO)KSn~Ipv9HXtTZH!W|*=)t2=q`*fjhhN`QVUGdltjxfo|jVobVEgi+_
z9jz8Ms;;-Ki^pa;!jR=sTxhP9v$r~D-o<F0#9H>S(uGZ*B30o{C2kP%ieI0`oveHF
zhYYXMXDW_$5|i1()`|BERLM7$I?;JcXT9A&ge5+@q8|kpOHm)gBRVYJZ}>%hw|Kwp
zSKM2=Vx2$!G+h(cq;R%VK1Opkm-(9}t1H_haeq_IBY-pIC9E;9=%>qevMR?`gRwo^
z&xDWkFTtgu5St1^Yw;hO4X2tgrsGE$XUu(5!YZ6In|egm>st+=<F#($1l9DW4_Xt(
zcATAYmdTY|W*CgA__?u@tje$@^S9+z5tBj8fwNY|;=a-LJMI%#G@NLT?wF1LY?|jy
ztzqyN_|J{4WL1(anIAr$S5=O`gTeGEW$0U4#VJIq+{Z}NZ;qdoWp)^c#7|)&5UCY8
zYzUj@z~WG#J;APbnssq#RsbU9h`_ZcnI4`>pSkFvnn-_{gzlPO9Fl*5!=+aG_MLH<
z_9Pxe7HZ{GIvi)$o3c2BL4~jpZ>ndNXv!gox9GtBCL>2g)$TV5W=A;U-P>6F{|oic
zB;+uJ4Smk~@+6Fk3ixhF?eN30S#tDLI?}P4I&I&1X9i_e`;sf=fW2VD%a&y`NOoo_
zn7ixvx=PCLR&eiyUc91eY_A?E_1wPm)xJ%RA|eY;#~-~LKLX2_SRF|=3gaP^Z*R+$
zBVfe&w|>eg0hDj+Wy=v|#LJ0H%N_;NzS)(v2~6qI`^G@5yk-}jlKopx%C}zf&!<<+
zQTm;?kzR+7IJI9T=^d-leCGZ^vk;oGwB0XwodO@*Z7ER~SLeA6X`@k|CgpC^ne{d*
z|MTz#=@}_*5EWP|`%|TXT6Vk>8Oh;XG;M!C2QaGQ>6Hc$ooli84Um`J8Nyfdrt2RW
z^4yzn$1N+LkGAFF*+)7OpV9K-P_G2eZ|Cg7e+5N@&)+&({@nS}I>fNuVP?p4nTj_u
z(CnH;>npD-qlDu7o&M=C4OoC-oR>3u$byR0^wFM#k?~Yhq^ExUlACz!;9hK@#C1d!
z?O~Eo^`(^Wx(<E0&&nx2Pf2`L^f1q;J$ieYGJ~h6{-F6S`-j*nj;3wxUAAE4-@rAk
zO8Vlut3fUdpgSy0j#V40k+v}o_Js;}8f$*l9Q{V(+J!fL(K~7iuSa7#@{IQ~2k!fX
z$8gs7!MSF1@)_g<jxdyJKw80KynTCIFwA0V=m<Vcn)7fE+@V>}-aB&rPm#z2L|KX-
z#-cSQ^4MtE+x(4U`0rm^?Unl|Q<`*c&^#&#nz6NiI`n(#=C{v6EHu_|MQu8%zzQL|
zTdC%}&$O0NqE|jrrite}E}<Spi1(Y%vb>VWccj-@4Y~I*;ojYy@*8FE>(*b38NFnD
zbEl_YlZH1{5VXxwcZJoBqSn5EX^E!1Gj@f;?2;qN<ZJ$~Z%aL7Jyu+Kjb4`WEWn<Y
zuJL+2aZQAN{?yoXc_mr=Td!y`!Xy~Qsc_zYS=;jJ;E%OxrsW6C{$IOr_t-k!z4)FS
zqn53#-`Ob(H}Hxs4Dwwae0B3mu~6&NDXCYaS6;;D?XP2R@0zYl<-aRVICaFn%D+13
zZIvzZ^0~{~bn<ob!B22^uc9IZANFn<j?+&yKOXu1I>c0Vr5(DTerQ{N^ag79bfXO(
z+N`+9FaPsk%=`h1-!8^u*)7gxWRR-5&;cJ^B=qT(%*QXwuh1oj-jN8^`wb8&=UPiU
zo2{kb<)5|s;W{V`4P$ytSBY*fypLn)(ep(LeyKa%tozbklrK{$!=J<lbUq=4Wl-)(
zcekPIB58F=fvtz`D^3+lo>X2^S`3ll3TKZ7vjk84V`Dlf8e6t{_cyNeh=yf!oHw)_
zLRRc5<9#a>g%{vk-`{76nmyh`#l)8t=v*5e;ie;y;Elht&WNPcsziz7@*<k{nb(-E
ze;U1c9n#YvnO19Sm|xV{6N-b@8V2m>`i2$N`qf2hw52}=o6U&zeJtN*l4rIKVDijU
z#gT;#+Z2DbGiEi~6#i<Yi3z~u`{!+)J$Ry4`1k7%w!c8BT*c_=R+>O41-G6=44PCR
z^sRKB*7rw)=o|E(K@$e_FPrpS-GR}oyDs}K{XUUJ88YB#b>{E9GYd#Gs;cbpY?xB_
zYXQ#GsN=D@o$({;nc9A*yH1^4uRKXxqRd<TCW-5UK0*B+z6F|W<^QN+5@d0pZm#y#
z?kS;m6$jB+TX{?t8hds<vpqX|&C<<mm}j<%f9lozaYAy3Z{hO5I>XLd+KVszHVMwq
zeSYnu>nH2lO=*)0Zl+)DBaf(04z=Ze_h!_K+fL%5+V7fp2sLfYPwr=d*7+}RkA>4E
zl7|gvhxn%~OhUft`ecJAu#_R#O7=Y-1*@r(p(B=)XF5%JlO4~^XKVAv>SpvRC$wu|
zOyeRO3Oj4*FUTuu>U2*;Hk5YO=nppLP=ld8xVZMmCV2)gj`)tn*3~bRSSsWy4&hk3
zkd~`2(_SDN>q1?_yX~%5#d2&Mzb|fCn7}eH4!q`LD>)&xbE=knp-LKardAkU;(wXB
z(sZosW;1y8M7SwH1g*7hnhK-9W|#Q84~M?@R7<;T<aFt`y#w8D==DzxH<c16*`4r%
zSmsq1^>F!$KW-MQLq{V0V-Yw`lQ!vRs>96%{r5o9sgtT6>z=%VFi59b)KY<3$w}5T
ziN#GUE0miGPX2E0=d&hoZ$3;7%WD*Vt-`MtRGVL`_N&myA5`HXuK^qTd87aWQw`Ea
z9f8%b{h>62v~h=BIv)CwhiO<Y=vd5QONqZp(%~FBy}IYu7D{j{{FzS6<+xlCvS0|k
zAGqOaTw)J;&w0o7&zN}O#`aSzVHLoIKcn#J>lw%QpS}V&lqj1j_LMqlp4-?jjzQb9
z9^iuNPr_G#u~QjuLi(r2E&a=HT1?K17J#AY4j`+h6<{bsmrvvzK9z6nkk(hRM}>2n
z6$CFz*&Gq<<%2tlLj6g7Jnklk+Z5_n4Vm^?mhtZc#3cqo*rB1{PR$9|EXjBG*}gyI
zEHxPSH6J0jA9%O$lOZU^mtMes#nLAxQa+_aBV1<8Isz;g4;+kqH3_{550%-!(sE7J
zzf*VPZRHZvcY&?q6zDrp?#~gf^8Ro^Q4W6smVY<2Zp+%x=yh9xiUfMC9v)(dM%Rhl
zZG6(%CoUKD2P$DTlI}C>7J1#G&dIM(8NpU>(E7%ywusbVNzdsP>U`b{Yu+eC{K~NP
zXPcI&^vV~Us5Jv*Ng#twETaYY1t)3E5b~BKSMT@EXQQ06g|OVw+dc}F>+jt|;r7WE
zeQ`qy=vYQ>GJEdhTNt}F>hqK_2mr?5PNS&9j&K3fu~)|+LkcAaxPb0hr!mMttkoDq
zNmUz<-H+qR?LArqhu_%8*4}88f4-r2zs}5VjQBWB-O%g(d6%ER`_Gu#fJj@Rla7w3
z9aoi#XKGim46EZ<s!`az&x5BjJK>c6zc$a02C)n~jczk3e8g5vt`BF*wpR;JIu=_C
zy{`M9#$IH@K9#2_9G;t^7CyWUkz2p9hG+aO)hQVe<sVL_B-40Q)sLg{KG&Gx$*xrk
z2OeNwL9S{@bNrj9{zTsWesSPPp?@qPO=@iMCRoW>^*4`NS}vJiI2uPyNevCuAWjDu
zMTJ7xR3K5f&a}{D9Q9%BgRy-+B8-PUkB9h{2BB^f*H4^|(>m0OR_3F+8>jE|7yoM8
z+$ZBLMndyOC90=1OC0n!Q6DI!@0dl)hgFf&29nX1_gdy!{CFJNgX9wZD`p^85nX$y
zCL<*<g*!q@sivp}^JyYj^zV>?zS;Mzyw3w#q4!h1&E(5ZJPzG;CC@l$DjO@0u2uPa
zbV<>Ya$GgG5YCp<#ItUGOJDKvL*}ztKZ`!iL(iG1m&}npFHO#GbF86i%Ju6Y4UGWT
zXCA4c4^M!Xu7Hm_gvL(0B+L&T1DcdJE7TawtN3wq_d{v9?OcF<QjS!b+shwXGr0`K
z&rFkYY<z#pL5kkJ=uprc*+&++5#l6U*ZUkNzrHqzvY_l}x1>1p_(8|Jb{tvhKBXfn
zM*3C2AoACXwXy52i%Ej>0n1>V2YQzWI;)V}u+QnTc-4=^a=J_7aM-J<txCEt!bz<r
z?$gaO=jt!m8@YFTMjU%=;~X5MUeZ%epD9?{O|_cXn@59VZQEE7VvXYuUUZq&U1k=2
z-Q!{QS_$(~l<}Rl%<sYT`_p9h{nK;hwJ+Q}qS^C1e`}WiB^A9#EoFT9MPMGKQJ0e0
zYj*aeYO>uUO|<d*PLM5Ky_(O<OY*m5{=hfQ@_pEbC`1$!Hda67ZWO1~2WsF1ePjPF
z^n7@6k~)|eK~|yCOx&rOo&tF%O-?bqRpJY&XseQydr~NZ0{gXaC3IoJOSS43o&2Yz
zQ2*!*u%S(8(KDV3@hi_uPME}#mo`z!%Hd=*KIx>GcAh)pTfthc9R(}0_TyeTwGAYH
zY5szD?ggn#2h84MRvz=;`Ww8f<SuZX+r^bc|HD9JjJQXU>(DT{+PY=9wv7vcew_KP
z2Ml{%dw$h-ZrJUnN7lsK>?}1!eS@+wW!iCrySq7euZ<(UbA}&A$wCf^du;}(USa_p
zF}rk}!6Y{^t;gM96RG6RjfmB4`5VBsc3D=KUI5!0fUjLvbRz;Sbf@Mdh<kdhcQYJ)
zvz++aDSP!BGrvqb_NF|ODg5#Hfk$7Zhay2ab2^Uyi(2K_$E?^xZm!y~qO4xDB=KCH
zMRrOvdt7R2&hvI(%kQh|unP&k*(9t+(X|_}uH1ibz<$<c1^Y0waUE$M8pazX<S|*I
zpVRp0-RI}y7W#9gI`eW!S^c>}9VI!Wul^idhhfeA%g4xvi=cQerq$1WuUfhk!WD{l
z=C3I<$t+m_9e#?1mp-}dd@Ebo*(>&*$*jGlO&d2RV?BDunxm4Pn!i_DIWi-sUR_iq
zqoKCiy)-Jce6Z$lk*<*JPATbLBJSnpQ%L#YOyc&Fx{9-3%Qd$c&B9{6yywxr0u^)7
zo!&~We9bSIG>60PGxV5y{t)rk;L`l_NBtC8mEZHD&HiU};g(kt;)4N0sc4!ZD$y_e
z@mS1d4;1(0-E10g$>%F^can<EjmF}j9Gm%%Pr?)wKPMH2e2exAR_$k8{=_gE#k5<D
z3Whgcy(Sq<WhG}Y7Wet%%ioU6sNg%jTsx&r2WixSf%W<+NGpNAz$WqFqsXj-G2}`V
zz%{?spnqy6==~_heXWfqS;bdbLuNBDY0h#x5Vu6emBRD8XayD3=Bph3inc1fybo4j
z{w`KY%x|thheOWwosh?Li9}AL{=3g^<E}Z4>hJttj3aXzrSI1o+)$u+TDG(e%FTFl
z+H#ii-LsyjD|Mr<3#sxJ?S2WzWAC32sVgH#3?B7S<r(aB*E%H6N;0}Lpg(jMr}7aN
zO*a<Tw;M-9kNv*iik{%M7f!M_^>Wyety_F|==a^qPhpf)@kuW1?L>ls49YUwxb6n<
z_<eIM%THQ?E*g%<m)+kx3KJH88Ef+sgeQz%-2h~07<0RUNQM~S_pq|!B|gH8t&x6w
zhxFoYoom54&ysmAZ|qWqj=eWKAg6t`ao^wbJCft0<vlSUxP|K8Gei2<qp-rx!D9-C
zC^>U$Qu{lW=B5nuQ4=d{Zht+MM<jC**SDkZW3GMj)-5cl@+MI#RX<IIlRt|)ZjrT%
zCP<T2sk>!JK4l_=Gb8dpoxIU+c=_6K@KxPhbVP@wisx42<C9o<0Z$E?fWw#O=J<ew
zO5?FAh#et}W<fWUGk~q$LC~UQ)b(Y{IM>%*o51<9pAIXoF~JqbGQBLz`KXp)-79`8
z^-#^VkZLlyH{oanQLAKY9~)G|wa#DZEgk~&V>hzm)JD2eQ~P)}16bIpA9t<@$kRr}
z#__Vzsx#86S1MC|#3*;@mMIJPoVJ-PJuy4FCA4a+htU4{e3g>9_36>A7lEwrP`5Nu
zw@L?B%4JkjJPZcar2|5ODU~0-;4Y0;uFQ289bg(ZNEzuW`TIn-w~Mi-3o4q@{uZNr
z0C&{ZTmR@)`mL*a{fR;U3SzTakA38^T8xZ5Z9{C_T{c=DMp~arW%;t6je5T1!_?uh
zuCyz(i8*nCyeS+=OIvn{$7(J7^0bMuae{2LdW^JsmC6=#D@TC~20_~E9jTdDXsdGK
z<akrO{0F-RnUV|>N4hHiKGE;(V(;n75lvb9j8W!pHs(%mF`PABdSZH1C%B4|IeV9#
zEdOzdKE$0{o|@K1n)@?|`?FaPZiF4ycVBFcH@mH$Xt*sWPK7t6p#~b4Cw8Zg`9qv-
zS66;goJvBRia9r;p?l-@{Cy&c(fZPF{Q4vO61*vw(Gi}G?3Ss{$s_#wUHlSkDUBd*
z*NQ_chqq(J-yaf{7d&(#;?zgF(o*BH!yi=r>}0YMuMfH-tIRnNc&8}vj>+2X2}YP!
z%Nt@U@}3$*#F>tCWv7xSOP$IownSQ(x^o*))4E7=kAk>I&4PYENg8wfnnu)>kb{5Y
zw;kap5)PC7RB$^_3^U03L8~=ZD_EKvX{<bMy5^O~tD2%m1&wpsgZDB9ewkE$OkB<h
zzAca}`O)D6uRLv5Y@8SyttBI^Wu@}w`4_K1hp(z7f<9w%CEudTgHofFXOFO&-<f2$
z9FK0Ya|^K1()UD_^cHWW&x%(b%(tdzcOBy-?NPWV;=k<drGZPCHNN+LF^A6Gv3M-9
z$$|gyh6e`w+wffv#rBsqRQ^t(AG~I31Jj5y2pzn`1(Q_0X94}3#<b=^s-Ls5lKS%s
zn}n>RxIRw=noi>kRFWb(-gh(XVVWupawP#xp$#+oKLCJ0f4`(#A>AsaF-jX}7PzY9
zYi%@CJ>1%8s(P}u(N^_bYoojB<<`dBs<&Gki>p=#O54uHC+dOnw)uNefI8}Y9kyB5
z0$Jj}8J{k7=!yRr6%54xCw$D*VI=+ne9Y8gBL4GemYMkLsbC@gd!S6XCvyJzI^0;F
zjrd#eu~mni_!rT#Y3%Ecz77ZRucm^N_}`;t(uw~@TE<2EUHEene^%C)gY~(I-%rbC
z5dUCWwjc4Yq(Xn<zn#{XN&MH*G6RS|Ooc4sufzH-Ro0h__2m$M4lOc}_+O^NAmT5l
z^$jNeQ&bp2{9n-{h7$inw9GK#$KS~aZ!sw9%g6e1ndkUA&LIA)Y1uQ0{~#64BK{|7
zeR-Ahd>v;K{{XuC9OB0%;qWYj>iHPdSLyL}6cB$iO`Qk)X!-Mr|4LfT1(kz+9TyV+
za+-e;dp;P>G_W_t1En7a%04by3-d476DZvgDBFQ4KTUlSDEkCcvuUb1P}Yp8duZy*
zK-rg=`UOoL2$UVbl$WNy4wQY3sVix!B~aFasY04M9w<AGsWWM+Jy6z;sZ5&c3Y2wW
z3V)wuM2N-{mu?A^ZNYs<^;lwiplmy)zND$$fwJA0+D22K2g*Lj)LNSQB2e}PrrxHh
z{eiOmnEEG89SW2k!qi`A>f1osx0tG<sbhh%W0+b%Q*D8=HcVC0)X6~ENlaDf>6z7Y
z+4vr|C;-Ot_diQF2g){MnKAT;ZGp0Fm>Nk_y8>mqFm(=1eHJMD3{yEYwKq_<7gK38
z^;MwkD@@_~RiN}>pzI)~4%5`(K-pnTHPh75K-p1DZKkQ#Kv^rMR?$>vpsW*9`27I#
zMrk*BqpW)rq;U}w_rIp2rYqySOE(3|HqrLe)Yd@R)}pmlzX_D?43zBzX?mda(?Hp$
zAl(%x-4iI=1JW-7rTYS9`#_o$C=Cb7!XS+glztN^`v#=Zfzl&^vLhf}94I{zC_4dC
zexS4?P}Tv`FtF<s*mY{u+NyIQeHQ0hH3*s3!QPAt*zK%8;I0q5A!#UDJ22$i(Zj|w
zETnuNes#yUq17GJHwwX#*@D=<YVZBJkl^cdlLddpOVa#K9k|vVM;{V$n#iJhz6*%Y
z9CgQ$xk5%Z{Xa#|HU_pa(oK06+ni#XZno)ZsOhYkIVAdEWr5<EE=2*lD|cqv>h9`n
z_$zO2SlwA|g}?DFkYR(2j%`->8{girx?^5_O{Zz5MI>Tb7vvgd+A1*AtE?Lm`k98s
zq(KOzU;6Jebwbg4vS<@;5RAWb?n~C7DJHftvyFvqtjxxCw&`G-PPRFj5QH%QFp{K6
zx8U0!!e~iM6;LAzm=Oich=M6bVg4E{FBG-S+({40Vl{Do%+_*a15{N5WpVgqb<_Wo
z^r#Oz^T<QO{%ramHQ>g;Hb%BFv5lE+ENo*%?FOd(UGh?U0t48F!7694${DP3YlBd<
zi7c1{L#{M`65EBKGs_!vW^-pFi*BKlL-4_c^o2?8a5Jz9H?7EBMpe3*O7}FX(tSJS
z?7o+BcHd7qyC3MGnprPRRCVjE#yd8_1`fjw9EKY>3^xxjKfN?s=VVszR875j&}4S(
zROZ43tGj1d;IAwf{!I?Szp2gOzE=2~n7gWeUiIV<{-4@Ry*rba_Runz;Xyx#eVsEr
zE$Hy8>L0B3Fpnof;1VI=X&1yxJ))<*0bSl1xFq1|5-%+gJ<Rdl6@g1C0-o*)@zM&|
z$xZ;%5*M5T-hg@Jt7qykR@#?il1~A$2*+TOlSOjMi%HJo*g>!fv5k)AJzmT<HEa{2
zn@4pR{+jb>G27IzO^9uDJuHuICfC4UC|OTdQ0H+^r_SS^%}UO*-f=%{O4{kh(?K_r
zJLzWXNxFfqyq|f%{mcXIPwD}<xtsaw4CbqIn6Fk_@0bi5P=^~(hZ|6b8&EfydCp|!
zIg^>^OlF<~=LlJZ5o4bDVS2`$rro{niPPjN%x|P8-sz}24X%77@fLkV7F+{fL9yu>
zX11AZV3>^zvx#9gGt3r-8HN&84}~?JIY*g=ZeY~G%`_9;R2b=Ix`A$H>*?l7^h4&4
z+%+Xf4XK=%yEHmDrB%W<9ySV0W@F7%HuBtlk_|weYyj$D15mrbyx=qx;%HLBHXb&%
zOlG6hR5oUTLOOJHvZ1Sk4PEWr?L0*tWKk&sh6ZPpvdu*5Tp3fSt7Y6u9WUc<>V_FJ
zs8eRlp)Q(H-Oe0&1HX>A&tcA^_lPGw_!$KGD&r|=_ZBpI^()a?49r>BriN`oY@;)>
zJhrJ}n~)K!?-piQ=zsKE*r4CSW*WOBS?T|Ys;kwla6LRouZQ5hbi=NW>}o+4-G^}D
zI)zBiqW^!T4?o|*yYY6`fA{uG5Z8Kqduk>Wto0Vudka=h(62@MU92zIriN`oY@<8H
z^4O+^Z9=E8Vz9WRi*7up=mswquz`!kCNLTDa07X`!K(#qruN9~2<!Nmp=`%=MLTX|
zPH<08_*3ckgi5A(#7>X69cS&jlJb%pOK!MP5Kjne8sWH}>jm+H5$lBcU;iAR=dT%?
zXVdH0eT)z^We7zLvoG=lM`x22qc1HPHQGvi58)+Vtf#dJ;u>12piL0x=Gmb1oXsU~
zVGhlPde^M!>5<-h;Pst1A!xd499c2MJ#N$xD_Q7OROk`wv6!cz1MAu*1jp-P%A*&G
z)(GO*Jon5rujmCmpv*0ZH|OOD!LfOhgy3U&lWZ9HF>h>MP6hdOh&^#2)i6g0xrL&p
zs$(NULhWuLIIE{}U<p}~X~ma%3hE&n>fRxU-j63$?H2;jdLeK_p4%(-c*Ps?ay-G2
z)&u{%^tGPakQesnu-|ROa&B+%S3QUe-yG3-!Ju4f(6|w;<3@Zb6hMX`ek%m;>k-7t
zynL^|dxE&#gI@=!%qtee&xG?Uu^p9pg@V{9w0-8$(=5R&esE|wyYHD$`(>p=xEyUF
zW5(tcdi0H0HPj0Fb4Ij!f)`i>@t{!9>DBifIOow*?5CQt=*uqOuuwo~>)4<4zyYf!
z;jaq(lbS9BD)VwZMXNmI>Q&bSGYbVhoSB{8q64!oCM(iLxkzo8_ifwf7;LTYJmkjT
zZCc?pjB;8??FaNpR7ej;%shxS<^v}SG|_wcU3qTeo52|slNDDMj~Yd4r|}*6f)Sc{
zD2sm=ZiTZ@2u|u5<uq0~1hL6m)LeDQD>i$A-aP1)da?-bZoP1b%^SEYuP{u1?QXcP
zvO*9y%AP9t>h;uh!roKtm&Pim3F1f03nQ7;kO@98e-*m<O}CWXTyjgvw31ud`>&OG
zqkwE#aL6SSf+LOLC)qD(3YXuIXCwZ{=u~s1KKykTtKSQ^1^)Y`z2}^ge|Hb+0k7Oq
z@*X=izV!z0>_Mln2?Z@eQ491Ubl^AC=S1osEkba1kEftfV17}E?lvJfga~arJYpLb
z%EkRT9{n1x_$gG4ewIH${C0x4^-zEL`w{vz%yY%hJ;5PX{Dqob)G59_knsq23PcAd
z0P%N1+t4Y7Mx5e(>J*+}rq!!I2%Ru%1hyoHx<b{xg7F5hBH+!-KjfDBZM30y)M$NG
zIdg*MncrXy)OxS}u;6R&sXT|Qu#6g~tGaqb=+FQ@k0&c`F!u<)1NzG{Emh}vi(0C_
znIIm#HfXvmd>01Tp%ut?V$gKugy3jh_#D>XUgO-nQQ?8u0zOKFUp=Wv+;EZ~99{{1
z0rg!P&g@ovucTy(Jm{UeUhsYWbFv~EpEKfH?_`C`zmE9dqC?MdxMr2mIuAKPFJN-!
z`PWqr_dqi}zE%2B>tUChJQgZBW2Jv{)#oKOqw{oC_lyJiw_foJA^4D9C^$ymyX3%&
zKYb0kd&D)B9>I4~UpY?Df9fgtq~u-Z8V9@u?Vh4<y=43W$R0lX2En)L=YqJ?EAB<#
z^ooaJ1Y#Z<zM_+lpWwbwO69x!`7$1RK#{@viTR;C5I3@cI5Msmz_>mVIx`!_brbRJ
z(<_JJMm7w$;xN3OK~WFs%J{s<xIP-jbtjDLP7_)9Z&igWS%sZ!T*o*qI<B`(AXguS
zGo$<3;K-2})`!;-uekrfB^R?%7fv7k3%<dtdvM@{6F-NJxdpA>0vK`OjFL{2La)Br
z3q{0wFN~6HpLs<Xk34YZ=#O|Idz42!jAirbAnXx0FizJ5Z@y3$Ics_j><;j=W=S_c
zYkb^4ZS)-X6g9%o34}89+0f}JT0MIdS#eqMs4GeBr`oYI;{Wu#fdTYwK7hh;bHZ3}
zt`Mv=>*xpyqaE?hr2{6Mb94kPBDM6BJTMX#AL>^pjhiJvnGc*TRR_Id%Y<M#oQ_Ro
z!Cz?UU+0bT2IvLm^Kg#h_h>51Vf^HSlsrD}r-LW8v$71w&$re2+1+wJ9Ub602RGy}
zHMl^3=r8;`H$_K@f3h?#J}!@o-Xb{J#!LG*!u|=t>-BJ+4lgAuOhYCVZKWMZ7SMNY
z#2w%Xnan(I0gQOx;+5Fu#jEs*3F0Xa8PhPK;4^wvMTQf^HZP2^qp%Kv`A9v=#gwZ@
zzric+6xw!95WgBHu7V3a@X&vF$OY#&jseSHO!taA;I#Gzf37bX^>J0$d;ZOEobQlc
zxEy?Mb`e=INe|a?1HFKaa+6w*o?Xps*dc|72#jl%?olwdk=mc?S;wN2AE1}O3BgR`
z1pPreC|(4^N52uFl2KWe!w!v$j89~R*FpzIoS7I#ZK^8p7PVI$xHdR;s4i^lQVew^
z%7h;h*oH4*{PP-b&J#e_VCWW{hIqxzh|SHf19p*n^qW`~XE+luy89nAg~j3UQC@NT
z1pT4#H<GW1|9OhSxi&cZCs1v{0Xiibi}NsWKRxQP9e8;$)GV&V>D6XZdlRodXDpo}
z;mHe^s_?n^<FMj!=2PL-FrayYrk{i_<O8=2TQLk06Z9uN`iAgG)$me>mlA8GePGD9
z7T*x%Pq8BfFk-sqda;H4O>7(yn%{%ZX{)apv3Y*a`*_wpwQ~MJsJpu8=$xO4P2_L$
zd+<^1yb<%i#lUP~4gOS9kFUozC%Y%_RBq){P=9M<OQoHxSjqhNCO)3}))>W2ht}3X
z{_2*>Fj-N56J2={o9YiZea)mNZ}mNJIL}`vuB|^{IU8;hj5o38s<?xfI{@Vr@9Uwy
zCt-Z-chlKAU3)dxhvi*Rfl<fw)Q8<<#ise4xNZausl5yA4w`~k#Z9zW1AS%UriM3j
z*`|hVZeyEbwkc#A8{I%PE7p(L3|hOc(udlP+$4q?#I++flNIYE<Jry;p_}CQhxpa>
zdhr-sOx?AuWbtx3!fyyZg13?$aqHXVH{N)ocnTWOF}&?y!TQ?PvB8noRm}<G*AD8g
zzy=UMzW?KE_f*tX4J+|=+pBVXS6q0<SvpHqweN~t5J=T*-#5mR6_%1Wi}x<oy@eLP
zJr?`Brs^peC-yHk<sHzCI*E>5IRMU5BeZ2~(GlXu`Dsn3rE+}zAzSV4O1O7v@U<6L
zEkZRVjix+()mO-qUQgZ9Wi#^rWXXH@LlTD;%jw2(I{l&7<os7mBi5BH+ClyX|HPHP
zy~8VChe>~J>-#3!F8mU334Nbs0h283l^KwnY#c;8h(A+W8HH=1*e)KCs$4d_>YMOw
zit&2>H#j{RTX3Sv7AQ7_k+JWTp7=}Yib=5{{4?C6u7uh}{5WZ<KVbGXTYc^Ns@=X$
zebqKzofv`|iT@*z&+Z{?*urXS_u~w){y<hquvj17)g7<u_qsJz8!G>P=;Nri5dR+(
z1r1f7h3885gE7k9t0-%PvXh`}U5s)iigG3>m*1n9?~N5#g86Xen!gtt2JI@r6K|!y
zWPUSUCVhEj3G5^<*O!o&L*X{O@~wcj9_IHCFkgH>a;sc|ON6=`+0-!~yhqmvL!0hU
zW#s!IK^$nsJz}Hy?Sap`_zxmKtjzfga#pjPs^3U^$BKtx_e*^D?UCKBu=@$V`<ih@
z`%B;^S3f(yL|pYIei|Go_`38Z;<gg;!>R>i$%^*EP<T#{e0`q(&HHpz@trcyaljQe
z4{j&uywA5PUp-0W>r>_jr=10-qP}tf^iZXZj<3)^;b-a0Qy0eH8&|%6QPfuXQz3BO
zeRvh6@ds=4<NTq@;W(=UbF5@V8Qx=r0;UD$o0e35eoS6hV&&oZ%khH^_<;JpLxdf_
zuJT;LcTit>2Cs#{-*~L1K46+Z=6uuq%I(KuuTQ}cPG9pWYP(Aa=qg7Efl2or>aToX
zu9x<y>nlc6FBbyBeTOm??LB>a#TKy>-x*!JdhsS-^HsjRSJmtx#6OO{TH+=P?DS<5
zm=9e~Uo9yl3kKoa+xwtQh84$5C_`7y+o8;@Sf(AyoFm5z1zbgh)Q)%RbhU76QwG~W
znW<=^iPT=q_gzN!*@`B@)Or}-cMjd>ESl&fwP}1`KPP>gW}=&a=VEp}{H?Db?Q8L^
zR4Fj!lQdQ;7fa>FE0yJ7r3$fBVZ2hsEC{<8*SW$!g<hb|{)N=+`)$102W-6ASJ|WD
zOL+Soy!{SE`}w}h9E$eyedjn7?dSXYIZ|rBJ*D=iVf}?g6AMZ0KhjwJ%jv$6MH5Go
z+Q<36ztDZ7iYAUCwF~&ZC3N5DqKTtP?R36xcAA2eT{-?yWTi%qY?_H9GfSR=-)pT<
zy$>|o8nA+`Yw;5)(}3*d_`O2ZS!%j`JaFr@qinl;Jn%Y9W#{GNfzw{ra*75fOSADE
zqIUeK%4Vt6AsZ`^E0xIAmgwds3Z)W-+7cJo{~zMs1wN|kS{$B}OvnJi6D2^jAQ4BK
zQP4y|GbU&TX2KabBT+%=-$&_<Qf;k9nE_P5gqeYydptE&X=$siw@>eFZ=t9GQD7#4
zOo9qYcm<G$_?p8I2(P>dnQyJN&zVOEXz%^L|Hn@==j^@DeyrDCYwxw!P8jJ-efEg=
zpT@h+sEzlQbZxv(q-*1SGc9?%j6QB0%;0#-;5dC;rKMdnI8GnfKTI1mI8GnOw6xPE
zOv|*+#Pg6^+968Ivd+xn{k2-!HcHF3&dlch|IpHEC~dTL=4jsk8!hb*rtd;Y7!UH>
zIjJN4vh=Y|r;p#IY4Cbqr;qW227(vXhkfizkHhPzmUb*X4zKN6+Me_{yf$cQwdvo5
zpI#Y+U*=e6=J5Us?aL~v&1{`%=KW7=X>Ll(wa(1t{d2Umxs*2EI&(blw`*zQcY;^_
zpi9AP9{((_eRW0uuPVr+_*rzYTL3fag2#{p=+vQJViPOzETVHO{QnGcKp0Bw)=TuV
z5;OI#-J93Hm75a#_A|CBmK5(~q{cj>`tuIPQ`F=5sKaRi^RneJp5o;>`UI<yg8ZmK
zFs!OCSKr)kt?zfnZ<7$8u@)&3lRESKMf?vR4T{UJ-=#A7RgxB$Uw5U&<<~7~arrea
zO`}I0@|pc1Z!l^csh7y<U*c}9#HF$KwDI!t>&#{7D<?G(e^DKOmn`3&@@*qx_dDzO
z>tp!4WPNXcYkh}Oz70a7QxoymH{kd+8XAx@N2esfU~K2V{5_sWKZ869f9C0o`dNQI
z9hs5<mk&A;`2XALU;Lfwui?InY;WfhV0C*(4BwY)zt`|xq$&$Lqm8e->t7h(n}!7V
zpX~k@;qRFn`_@Z4lEj_wKyNT+{u(Ymo8U$Z%Ii0|_-s<4rB!k9+2rY%bD+L{;%jl=
zRB@DdkC4-`@)=xmJZ4P_puZrl994YHyT7N4gR$I2@ilbmVARSd);}$?uq2c1kHzCf
zPs=JSf!ThSA*ufC!V;M7HyZ}1e{^BVXcjNvqWW_ROJLfQlIu4YmY6+@^!0wMf2cey
zx3DDFQ-<-;rj0Kw8Sj~+=O@*dS6GtgnVb|4K%O?Suw<eqw_kk)g(U@^;Z$EyVM&q4
zr01_k1Nh~X&Q?7>OOin|uiA@IPH<n;OF>D-&=ZCext^ZretUY#gr{5SDGQz^(Ni`&
z71Gmac(SGFA)nCyd?tl_0+KTHkMM;4wvc{NgeMzI&+H%J$->f;Vj7KLX@<lYNnAp`
zdRm(yUZ<Y6&v0>lTMZZ2_fNyc^}RJfebPnsd0xOMOKiU_7yc76`P|YRKDQjEm;JzI
z`}e^A0FwnfWAzlfcf<RffL@6+595C<*cW?m_n5K3k%WZdkZ>sBJvH(Rj4vbv!zn;S
zBUp@~Ym?VoSv;Vt1&qVO))fND@g*=IOTTy`N%1H`=oyp{uRMg#A4%`2{oalJ-qZTM
z59;@xp7<WQj?u04PPb@XXmroCE;PCCw=T?Z&t{?Lj~NATPwK+Mw21A#8OoU<0Ze-=
z4fcIc3ecj-eHDBs@b+L`+%NGA?H{v1ge(pQ`^`v<SJ9bvqw9JDdcAl|f|7P{3iPcr
z?J7(&m<(=Ad+HWQgWq2i;cxJ0iu%nReX;!(e2<QNH}(#lg|-*`SaO@s3d)PU7*F*X
z5uSr5Q|9sIL0X}Rcfg5PvjsV4@Q6{ccAuHT1Dkq|3Bk{e-lM4k7sNql;ee%lcLr82
zJ!ka5ACtCzAxPbk1BvTD*q>=HUC{euo2C2;AJ*eS`s@d!^MZFvMP<*+faC?k1@G|+
zTy#nRh&AL^J3|#vSn6^g25jN#9WJ#9a;_*pk?Zn*$@`EKow5-SQ2^;r=DCLn!B4Mz
zT)2Jw4Y-2s^e#4=I8V0VZ*vb9q?6$lFLDOH=8RJ=GDmkuB=idzi(7?H62(4Z9t+R2
z@ELyRuuWLIIS-5FKuRg4z(ct~%PPh!Gi@s2)06l#H{PK+x!9qPu|uP&LxOZToC<xQ
zop9YZ!I2*b8O>OwsEFnQT;YQzaqkhjDJTLL-RTdwGreJ>w~Jd~g3odghPZL1*5Nix
z<%PMgzh!V=i6eaC2B-$Wqke@8v>zQ=_?Cf|XRB?qZPEo?kQXYCS3z4|m}PyVaDgcL
zvedOOQ>fg6$!zHlI8js{hi=3Ms{^S&fSd|B!aQy+jsZxTh0vIV(3oYOD}-t_%v~kO
z*9h`YbII)lLxds7GVRjSxS)x<o3bPGGI0BN5rZ3)Tat+|)4-PiyIgEGhhPVAGa}qP
z-^V?9(Fz^(jOS|*o5=%>o#$ZSZH~zYR*cA1D=So<*8zPv+<QIl@BK7ay#oqtBsh;x
zv<Gbuu3vTM8iVdf^?<-AUhqe;e>wf(crkhL_CtcdQQ#fGdbD{xm+cw|%2Xrzixe}m
zi!+8O=eXpj&A=ILEH;+F9TNb$c}{5$zw81cOLiC#!lFDEAnXi&a^>UV?Ph{7Zl*uA
zkTdjyD!`fOktkD?PHA+x#9)i=Qc8P494xp6i1Q|ISGxNN=*ueXOUN+G5Zg1;S(|oG
zQ0`fw>u!@gJU;*u<#XZ$DkE6J@nSGvNM~pxaO1K2e`iqBqcQ&(C<|5h#n1xfot3?W
zm|I{JNOalZ$Ho~91PpZ4%2rR~)}nWNRJ5Ms{T=W^dj>X!w%xdJU2U7S{%ydQ=Kg_*
zY5~~S0=__ij=m(i5HB&DvAAp+N)YtLOkicouf3z=1DQk47UeP~!FZBjxLG<d<wMqJ
zTK5N%YxHnXcCi_$Kff`*B>`7loC5$s(VhPZ25{8<lD8|3_jwsI5>dlosFOB>H!$O9
zXoXlY{Fp~$Hod*?!fn*3M@CnMV&>X~JHR;P;(E>3D*@A*o(L6>CVE$ZQq=&-vjjF<
znS=7IELYtdmuH`#JOkcX{|+FG7$g+LwfM(Hyt6T=Rzer6Z4a$qgZ!s$LxR);`C)MR
z15Vz7qp@q~6m&F}(!>ra#X29(#Uh@OAPMl(B$pZ--!15Ur92;XN*4s_V-&st{@tjk
zxYM}g=?Vl}F7EdDuo~b}r?<!qhy?2FH(wFwzDrWo{ucR$A^VaWSoo9q9C9P@;6SJl
zr5;2?9xy<3w;(@a&Xa<oB_agRr!cIHwaNCkdV!LLIz#D9KZtN3UZhsu_dVPqw)LX;
zvv|AHL9ZEzk=3(F8$9r(dbBUT|LBy{ML=PB{sB#xqsygCkj*4PPcRk~pShf4058z=
z1~$rY<avF7L{|e7oIXS;$OMN}D_THF0o{w+>FrK)|FaVpo1(n`I^6AC)XNFp0|qrK
z+HaP;=USvkN3Qw|j9@(x)#FK{n}_tX{{LJ0xz;J2WAp>E;!`Acw4s20yv8K@$rj|P
zjDCJh^fNb8BcMmj{iTJ=50m;I5L_J4<Y9CK%tJX;5LTWe=neqYa)7uf9gD$sr%eiI
zz}+fZF4#H)L_nh|7DWx7E1e++L%+9;Bm6o10YM7$zL6+UVG^|g8S%?a2=M`_=tLje
zKgGF-5lq{^KrlEj9A@<LVL7KyPXiK*He2-{6A=uz8@ie1epeeD@5f0T1_<PG(4bnP
z{e)2FXe5`Zx$4U?a`7aQ3*BGU!9=ZH9_#QQaK9vY`#ATDcKIQr117rX;5CIdX5CNc
zw?rJ(@Qyd-rn*aH@mCrCM)%zqh*eOg8{I{+@l}{qCt(eE)vo(`yDYv6)ik0#)rZ&g
z4s!E?w9PIXR{;Dy@8bH8Zg)!!b@_pL)pcZ$*PYSr5Z%AgDeam~{*Ch35QZnfFVNiy
zNCmy6j3NNqB<%wQ!!F1_%=I^-FLi++KLm5uv&EvkFb|cFOvpp17qbe`$6Ed&Ia`CY
z`=JRR0HZ%F0Am}ybER{UBIZ<VwVShf-)pqY^t3sfBQIq}07`~eDC3lJurSc8El)O9
z;ug6J?SAAc0krwdsAruBQ&O%Iogdp=(uGK&?g!&kW^<LF1MUpLu56doH>Jux!7xS2
z_#3EwBcl9jyV)qLvUM1ZDZKCBaoUx3+vGbCZD#V-0$ahQEH#FgxjBPBAO&CeJ9eX>
zvsG9nC=)B?D@3KlB$Pd9^fxY=hK@|WT7;`yVzic+JlE$3BE!%hR4!U!vldl&1~V70
z+J$ZKhxh%G#QMbQ#A;snK#=wd-jkf$tXBhOFm9L^Lp>9ro{1HBzaG}p^?V!jVkIeM
z@*{b@HhJ-#y*BIlmq&u7m1-+ooY}iH3mV8&A3$BH8XlWe0UkT|*)4~iT&GahEXc2z
zs}W&kA%Sa>Gb+{kKJ>FI`jxs7Ctm9;b1uJpnWn_&pbX0-9ZqUeAH|Z=NvG5X*hHu2
z+=bWi%g{+gwDxHFJbpyZ$N0f`3Wqr*s`*_an$b5-%O?kOv|!R$z3>H9-2=5drBLK8
zA`HzHlZxW3RxHgi%1D_~X|^bp=SkU^3UoIo7axF-=H%c5G%zO<AE4nmrhX2wP$|@D
zkNg*NN=HJ{yA=6lf<G`=&oSu_{GxG-C@;zeKFJc~@?2z^Joz5vkX)wON$9UHm*@DS
zqGUA7Z<<%ZCs4|6m&--+(uUkjQ5N#>C5QK~#ASc!Q=OGu(x)+6H-Ri4mZEzRGRAo!
zmA&U7xdKN%IY%g?+%Dcbg{pcQ9a#HNcFSh7#5xe+=YhQ0%Axw}O~Xk<ihx*jDL*sH
zw})SQj_5t~!e>}%E~9tj3K=ZXQXtfFqd$uD4t#=_fygtAR>9;k$LUn`8>|`2bb7Bx
zdavhw<o~D`*Ctkj^nOb4s+{`<yZo@xZk=QDOk))RQQQ3nyVbbNGl^By@ceO6$wL1x
z!xY(mRqr(UkrBOiYwOD+gy7ey_QFSQ>s>k=TDVQUAN_ye=`^GF!!}Eu0H9}-zSmh+
zhhqnVcX7J`0&<a;Uv{3{7XelpiYmWBxuF>&D3<`Vd3I$X=RY8nMdeu=4NGCfcIi}%
zKDcJ=Wm&T~$XQ$ESt|{mHk-5^r9vT5v<mcKrwSA3R+JV2-3obj31(fQUDHLhn?tml
zOtLQJ>Gut)wGaI!A2;V{Xho$D@eSCtgDMKc5$y8cDa$2&6Pe27Viy~mQ+bF(xd`@5
zAB!Qu*91@~X4$#0u&TqJW&pYPB8Q$)ouc%GP3mw;d*$2X^0CM)DrLrS*|QqC{Q29+
zrOwcwT<j<>Gki(pa)QX^SB7sPmj{4cN)zOx1M0D3MR(}r($=3`vWQ$p#>pisMlSOh
zy-XXJUR>NRl#fMTbrZ=)^Ly(12>Zgtz_Q+<oX&%&cF<DHqEdASdMr!505d9Pmlz_5
z$ehwajm{Pp^UE;eugm%k@B5oU12&*keU;p3KZh#pQUuVa)zYa|@G0SA*Mb20Rp-Iy
zf?NWs%`+fJO6JVZbt==McnAo-SWrsBcHs<?uT(iEnA8c>!eS<ea~PTH&9f3ip#-F;
zXM3YjT_ULkkZ6<oB8~JJ5O%@`qc1SuT$pZE2Rg@NVmc*)2~ssxP=9qn+X({0`YT-r
zL2Wvhpg0A{e&Z2jM(O=l__51R7Q^`Q6qfW>6RL{7Qy39TUR6c1cdj7H>j_cPTV2G%
zs~D6k-e!sIRF}U2e!`&mL4l2}lvEdf@f-5fcS=BRx1+ZRs?;}8K){VS&E*F^z~JOg
z>mgyo?b<&f<j3=W2#7Pn-@xX9ghg6{5OR=a<>X81;kimntEOLT6FjcclHS&S-_d^8
zXus>V-+=bpK)U4ep*Z4@-=wuu?@uM+6!M4rSPGc`EdsxKWfMW*eT1LL9f1P5+9x5p
z9hIIOAF;~)1yS}79`p1^>3uvw3RMt{;$v9F3OcHZy59;D1U+x_HO5Tu5hDl=$#2xp
ziFh|sM|mH5Ip8sfuW|3(j}Ud_9|-xgw4R7EbwQL@=FyKrizKpwi<w|U$Q!d+S8!#<
zeV6)~ft@eJJFR`MlJfK-m`Xi@On?!Tto1@!iXGHNyL6ik6k*gA@%{jtw~ljqyP}@0
zqP20sqAAenD{TDgtz4_7{kb1^N!uf1HN6<}?RRj=1u~q{9;fmkNR{S=hehi)_iZkz
zL6kaO(rKsEtiFKr4OGrAZ%9E=TPsRCoSJ#_sJ?R#`R)wNfC+-+Onv|=N!VXg$_WEB
zY~&qz$vbxGErgaRF-S=SDb&CTRuaK9<afsa>RKhrk5-HF>?%Q?T>$`IL?HC6foc&*
zZmas0LGyfbS@$t1>r$qIpsLg0I9<u8K&^WbCs{!>uR!OBf0FlcJwUNL>Ivb&jO9xi
zq>Lkz0reA6+8Y_Io%gce-5-pCv_nv40vNX~JR(|~-Gwfx*(r6=x!-N-i_t_AikkTm
zn%L6EE>H$TL4xP(I6Pb28JK~`L+(McByi+6LY+t_cIkZtj6`4+B>;^Cppj-*0W=p8
ziLn4YxKDf&$)5L7TY!lQxBwx+`(95)>rFw*w#zFK6Y@$ogXlXNeQGcUQ_RM%4D$Y8
zknmYa6j>H^m4P{0v|+lEwLCILk2_S)!3^dNbJCsO6wcqc^jUvk=}+Z5#j^Toa@Gp5
zEM*#6an@S*Zil6o;g}7=fy%^NAc`wCk^rzvJ9)pK=E)~orPhaa?ch;%zZHF{p2KA_
zJW7L+@NJfs$bVZK+>_7|HP0s1+AP~5Z^i-lu}-y{`xt%JYR9(J$1WgIwx~}>W6iU3
z8Q2NmO9YgS2*2=qM|-2{Pl!(0jW<A8rBUYI?E4ZOscS$JC(*?wYCnnf<^M^V>|2Bb
ziDgS~Asp3lV3LO~>;f><saHY*3S?=Ylb^a>u+(DMj}?d6*^p~N2vp$t=1e@_{5sPh
z-ny11g0JZwAQ({PQA0b_ZP_D8rz4p#@lbGa?<?jmp5*i{PlP<%fm)T)F2S-z@MdHg
zrYpwxsUk%*kJW4Qeoi$?3UxZMVyK4qp$AF-`XgVVg(ne#g#U9KYEBxt@cx-J^u6JK
zJJ^fR0w@SXhFlMcw^fjU1)2Eg1Znm=Kv-*`G6FBRA5zw+Uv~qVHxSNt<NPka-#}WT
zLK7jI*nntpt`wziQ96qL<d5Ltxryd*_L*2wtqgp@_@`Sh#6AhPoz^*y2`=^Tz2C7l
zYH8`oOShEJ%0nmnwNlbcyvSIRrV@E0vZVYzPH^(<kAO*l6YF^Ym1x$KZ5PXGXDCIl
zx-1QLc~l7qG>3H?@2AT{fD3^aYmpZPZwSoqrAB|?<yPR21rFZ<_j8Ot5;;(!R;1Y<
zspZg*0my`HAbRVrB@+3foe`bm9aI!<VB}Gc2Y9Vp+@mfc4bYfcBGr{&=+#bzYCnT&
zjjURjfS}qh808&>Y8hKeO?u6B*b3Bq%K$Z7wvk`71BcXO1MAR-N`g8T(%5+iY;X!R
zxGUZu5O$p24BAlEsJ>1n3KpDa#~fGIfusQSz6KrxmOAwr^tG#5IS0|jd<RMHF@4V|
zb)w2gOXQuj_=L9flcM}wwoNW62DJ>@Xb2xZNOc2ud9HQ&zeE+yKO==nI#Fs*5Oq$u
zL=gNfPWg9C3v{e<%FC<R<9c{p#U9tdBhv^S@9@5FXkGPrZibRkBUE-Xd4Vp#xJeCg
z062fsUta9RW2V+!?h)TrWFQQAr?(y}bK-T5k^|-+z}*wo?K;Xrg48vT5ZdC2*ebtf
zbvl)jF41x}h8I3Q<3p7Js4vi-57Oe%w?*mCI2qYsGLb#iPHBrEKN=9FpH)T1&#Tt$
zKCt<wR2i?IDi!_3i6=yCvd4hNSrJXOC+Vvt>s`vT#<27w&9VdKV9A=x7<PCok4>IQ
zmR)?^Yv6T&ZI?If98irN>v=i04)6%B1B_ng`5CJyxbPC|0Is-UHzQ`)fhI-!YIw-o
zrma=0@1sSc6muYDM5zxCi&~Eed`VMy@3W}}GEp>pFjKb&UEFRk1yLu%<pZ<@SE&C*
zwjdhfZ<F5b2_VghV5-SK11;l;3IPAxqD(lcHx9xLhH6y$xkMvCS-iei@P>^<ql%*!
zG&NG%Bu5np3W}cqA1+x1>b;`@6%SEy--!oCjDy|*#k-03PrwCL*|7$ye_LQ$k|-~!
za^yF%^HN7S(3fd_wHx&1TF}c$yK0>O5@J;ZZB-flDvY=6HsxMU8X`}87i>T!E8S(?
zwP3n{8whoDj@s@w%upu&Dw3g{7a0QRFe)!_LRq6=ZI|wnGi1r+38Q0-Xx;A~BT7w?
z|BCB#+$qeFremh(3ujreQ4u(sBpBr^FKXAu+nm-d{Bj4yp#Yki0s6oUW!6e)xoAaX
zaJ5YqjDok;s65A7?6FDZMr?D4=SywaFrEOa*G}jdD5qIG0Bv@ISm;`hM`TCx%V<^t
zFz~+LkzofK`$|&SmXOlylmgQg_p7}G7bW9WwtikVQkl+4SIAkf!_3WfK`$3PKw$Zg
z6zZWLG-%^8q<NBa@)guef{SRamF{MJ4C89PXx;AqKC}XGsU~#r_C~dYG+G1Kj3uOd
zv5@D$ylNy#dG<T=M*-3sKrH|Z&)UhqR%?@>MY_obC`quw_`u}hm)}gw>YlfO3Ib{a
zP%yVmgNjWmHL9P}S=w6lF`95)L@X@U1v}vn0$tZnkzRgJ^wJk~FBGkN=0DE}Wt*rJ
zt&5*u1A1A?Nq5<0<GXgLo^Upo<mw}NoXh&zf*YO6Vn3Ls60gB=h`<FA7~%?}E)tH(
zciAyYMJx41x{DD{kLM50vipp7WeVqzY({zF>!4Ag@|#0zh>J5hr?nRY2iUQGn`EN>
zqcW$FHDHs(3ZuT*9(Kq!qn(3Uw~N}aNzWOzF*9<h1#$@zxs1}tWwuT(r-)qo0M*ap
zQ=zAV_dY?az61cc68RL!WSzFpauGb-Pm9VdgvG7}H^pF)0Kdz?qbUg<+dO|z+w^r4
zG#__s9RvC~P3JiA&Y&O{X=1<H_|)%_J{3?aX`!b{qX%_&FFHT;r7RdmB7-6d)Vr^h
zX<G3IJcFIy6P)^sE*fZc_=`Qg(a3R_QQmf0&py9zYRLXR`VJc++tHkpX1^^+u0Z(U
zD5lH0;Q!fg^ZvE?Ipqh!zi0u4R-TRGk=(#gxmAiX1!)PG1WK1~!_qPD+jLLi2XMCu
zbO84qLTFkpTZfpIL%;I;Y(ai0GyLn`Zm72q-c4ZzpQXbOs}rHSNDmM9^Phb{kapts
zp!ax=er7V<(A|v#o+!u@&A7R?;2K=Q%nTP}W!^10iRYIE>2|hb1?dmteTx0^XRj~*
z`%4B?a%e#dy?c)1F0DI#^V|t*4ACaR`%<of_lq#hO*jrZEgE(l=w&fKw(vf5QI=nV
z-pIHh<V78SyX)#kr}y(NpwXe2aCHlCs?gcuJ!(R?3OkGMQP0^bx^Cs)2spV~J6|)%
z;R|@a5iHxC(ib4N^RH#POubO~HL4v>%NbERq{q{_Sot`cpw5(Q>dZug$Zr~q`?H|Z
zeAVv2@Fzbf<8IQ;@R>^rPmzs3$B-xJG-#_Tj$(Nz<^kQO2jo*4u`W=DGP}uEkFx3n
zU}JOJ;I|B6TNk2%_uotv!ZeDgcovASDO}S7Qj!AAXj{1m(ea{GmMes&<`{Am!}{{o
zFBy{HtUM7W1(Dgo<TU4xx`#Mrx7iea0xCq`reV7P?xCr<xOp4-kmC6`nw+#<gV->d
zdEcK5@h(GOH(_5vR|vn>$-4VXLqd16sk`Y=J6@!VVP)=TeCcGHJdUPFSc}ip0^`5c
z%_Fc>wNLkBveg%Jw?bM9NxEi8_ea;GuhXWT3$fjhz}wrygYLfoay+2^6Xm%E5`vHV
z1?@6~RfSA<by2k6d7s%DO_~PuMR89SWMGNmf-IN>?_EI0GfeOdNi)D&FU}UEso8F$
zcS<HF$WzHT3Eqm~&AY|)FnYo<XNoJ(nc_4aLWXK1f2XbS$e-DIFEStVdn2q9d+3aK
zPX`0(UkRidGmc@*_%2X~5JKNx=2OlNB-b%!l;)erR8Dm-pvtI`&k0r7m2b`wga0&E
zr-jw|L#lIXrY25csD<GfkVXwe-eUe3)He_{{uV)cAk)29YgqTEWnIEV`igRppR{Tt
ze@%1;D2~Sy!o}`Y<mHtugnVYIjO2?OSJC(29%6RLZhoBgZE7xhT52w4bD3|6XfCJK
zlsjoNFjw#{!QV$Oa+35yP0VYH_qoVbB$I8g`#UsW3L{MGZ?KIHNSMR>_L3E_S5*E)
zsi16{1?2kD$mCcY7j4fN;8QAEyLtaHoK`Dd#wFjql;Jkd!DWzOUkYgjxGOG7(eT=1
zYe8RLoX(*O#ju$J`JcGZ^`x8B@)Ll+=uY$_RJ>hAcNJ?-)_RNkVj_|&Zj@Q}JEaz9
zut#%kx_XK{>-AoLi-+y_I=#m@4Ou|v<1{bDYp~`KnoEi^REsmC?wL}#Wfkp-HYM!1
zRlB4f4DJB@ye(3J@ulRPICN0yN1xYliRA*0(MWy_<vJKqX3KHkVe;TAM^Bb&&68yg
z%qQr_G7Dp{JZ>%xpK!&TS&A<KBL*N1Ecl`2C^|klxfXO~S%U!=&cjHZ-u(s@E%^0m
ztS4$uf=}J|$ir`zIX7I?ja)l57txoi{`rFL*z#K~z5!0$?9SqznG46^ea;+^$(YIa
zWrFIJ@w&+Ei+;`zO*-Fm1^hn>zG<Gv7mTXqy?7ZE8G2w0<LMsDDZ#Qs07bPkgfkEC
zGvP)@We?IBzhW(s@Udd8l95^^SF+R9cqH&7o?D{Cv+OWAo&r3H$D}B6ua=mHiFsP$
zdO85zlk@x?m{p8f#ah<uTKQ5;EY%X-RQ?zpfYJ^^71Oai9RNk8NdSn&8Xli&h{swS
zMN5IlDi~Z6hcji!0K>Uqpy8MX8ji}&QYQ~&+u#8P@;5DUE+)>^5?|30%Q3NBOZ+iz
zfmPO55Gzm|P5@Xj?<FM|K{v7A7?utmU<^MR+z)U%z=qE32QUg!*{{l*2deUl!2^Kh
zlxYC4w3r3}%e$rl!19J^0I+yW1Av9aihPz1EkOD&*)PMFmQ}4~RmZb>*fHW?y{%=v
z9nadKWv$V&*2J^^L(2+iS%G-gd@ZX<%W8^eIkc=JTGo+x)+jBjUCU~ZXQ_h>7l%3}
z7W6tV5XJ%b^LsCW`(^0^AnJ+qOW>Y&B}<Eh^F5-RW_@TJNVlM~Iqc#Zz;<4^0Qp~=
zcjE0nyX_1+JAD$*O-DY4w;v-(%!5CXPvGrYq=jeTPvleVP>}a-X16F6GwwZBJpZ3y
zq{n%9k(f-9P@<a8Ucq8e({1bjtJZD(TmNHH>pe4)TG!`UT@Jph$-#NafFDdZLG=Ut
zads#?nL~DHiAfx?CQX-v^ZN6Ntd&pVlc&?ZMGj6(9z}Ib5Z<0B2ycuF!hYkirVTKj
z(F2VqY8+rZN3_JGkpztcjN}hmViL!DwZtTj#~>I33BqSCB?vvn0hnQq@e<6CGQA((
zlg`I#a<Lzjh8qWfQb+0lP}-L|0F*YQ4gjU!rVaq5#i;{8>Cw~ypj5yT2a=1!w5$Q-
z;?WeAHGo`Pr)3Qw7bPug0J-?EmNkG}oS<b5AQz(y!~@C2X6}-5@vfL$EQ`s-eu(->
z$^eLRrCfp(I;Zs`g<_P4misRw59cLFq<KjaX<m{<nm3R{T5Y(jJbZH6x5>l*MeFk?
zCAIw5q?S*VBukN`cubk7HEN)|ic3za16=kiwFTs1LXvvekbp_TtNIB`YNwxi{82w(
zNk>=`{-}RpNlh#Xf7I7mQh+7lkE)4@H7p5#BIWS@HhagP$Xs}@X7BhDDb>Xa6EYEm
zN;&kkJaPv-;Su<`k@4_U3Qwhxak|WnWb0$P=vSWBF39(`V;p31l!k;ZNa&)3qLhUD
zaUka`<ea4(x&r9l-olx^yx+n~p&a`N{@nY~+K&=+_=9XRd<bW{dp}wGNkUewmh~BC
zeYW<qgsi`6S;sN!_}b$MS+8*MrvJgk<7r{Z_4v*Dwd)g#KdRN#fcXt;8xpdnXj!e8
z)w;GdA?y2ERv5FwYr_dy8MNpG5JE^HEJkwr`0srWzj<%%dx_&`s>nlIFn`P1Es5jT
zvUXwCuC==o$FF65iCJH+{W5X<hJLufWhEUTc<P$~QcRx*@bkdhK<xAR_hE7qCO55Z
ziYMQN$wx5x$l4?E<m(gY!;_yt8|aUz(*?f?jMa>hf@~axIYR_l9BBe`c9aR;cp<3f
z2*Gd;Jg34pwDhq!wX?OZuHX57w$R(c`-Y=_DK*oUMR(r(QQ8%6y~gBtLD1Q;@IT(_
z+p1k;mnkR<GWB>8PeOUA$9t3)^7rEE0@o~^hBx>3h5S9<9)o+Vx5vnKBE3B(-gg1n
z+eFug>GFf!r#HU@Z?S(?zf>@Oi+wX5iNEMRZB$-Zhi4d*?)!po2VqU_bnPa+cuh^(
zop~+Vop~jcou}WJ=bn~>CG+&Q+@G*-l5Y)sgxxCHGSIDo#qnOfpQ`zD{l9d-w|1YT
zeqr{5m$*;z|K|PP-{C$<y}N(?F83$?OZOFP_ets(0GC|iKFR-^_Z5GK`y}=5{)+n!
z@c5VRU)AoD)Gsu>gZuyc{?*IgC#iQ6{YC$U`y?qA$}JcR<!TU^g(dC0e*%ZmVUpsZ
zoGmOl%lk1PYeM{%uELTo-jAxtMe$pD3rj$xf61~8cz@&f=>A6Zh)_3D4-?AceT?6u
z`xt+N`O3xl+4F}&A@?(p$FU{69}(WO-S<Z9>^&FXbKJK?%-XwqcvAm&6_)Js%#o+H
z7M8T)eQ}=^mVD-cN#RIg$q`SnJnhTEk}o|4^0aVaN!XJoPdi>%avblALx6a4*!Vr!
zY{;HWHa<@*4k(NNGB_6hrLG_R`^UG86li`0ygUddmr{AA5syFxJtgu?lU#z6Pmw$`
zLoUgHr`zI+j~0fbfra77#ISSj9RBwKz9yj94bj+nH<(&uiFFjH<4YDo$kT$cI^28Y
z2Tj(8Or9;V_!Xz~JJgZi*Xeu1k(p}@kYfD4cF&1)nxc)XXKtkaQ$9=i{6;!&{K4P;
z>%VT&yq)wz|IE)_PPfUPOk8&@m0vbGWQWOB=E}fBNH*D#gC`rM_D)r54|a`}nwz^V
zK_$y6HAtsmO0_gQ%VuXu+k+>@TH1wG0@s8=^3l&eKVb77P4!G+$AdNu-TTM#$wT)3
zksT`OJciC;!LEDIPcYas2t6ki<7=Wax`Ghp41SR!S`YBP2{2nLS$A-Il&pUWN`?U=
zeU!npXsm*!_;o%*@r!R6&|_|u$Th@Hap?y&@!9SV@Kv`A!mxmabYiT~K${m&;xGU6
ziGy&h=Mn7hhOz$0efqfqJj6K{qpk<LQ!vc<8vz)0<pJm%)Qg8@jGf1%R)9#bC)H95
zeOHVXmO4lYkG0fFP0}7bY!>WFv7D0X;0v>}EZ~#^EO38W2t(`R^1BF7@P<nSB`W}9
zY9fcx)LG_i#eQ|)hZqlrKnhvKPQ?gCviu}FgGT^jO#;`|FGZeZ7CQGMfFL(jJEJ;B
zkl3~k`cmOae`FH!dxYbC4;j&;_!TqR4VaZ55amBnVNv_Y;cw(u23RbS_snEHD2vVI
z(cQGq736*MQ`jC$xl?Kv%bZyn91*6uc4<d2no=1;u-Q6-sR+f8)Mb-;0C-)=z_VFu
z?NSqN9pn)Vg)*DbChZOOq}VJ`d9m5(q%@PAi(2+VDYMg32jC;zaXmK!v|W~uUDCdp
z%IE_CftgCiKC$cvqv2O_S@wykBHlpKJOfBqgLER`M6Q2|P<ACAugt_pCCdcgj6{F2
z-vx!>v3m-dJ>zjNsj36#H;Tal|6Uf92cyE~3)<V73xc(8O;q4#);g^L-q(YBS=KGQ
zzmm@CFz^EW;7xvmP~dM_bfX={Q{eC);H&<P+`VU+3xN7o2GQGkWo<z-@0&tCGeDi_
zxrrDTVDNL0uSx|DcyBn=hIq2hGTYq?0W(kLH~Kq35;l5!iugBzc+l%+(fp)PwiC-+
zYo*p={;hfddT~KL@0*JFEDIvpS!?;<)dtnE1>1Pvc)H(+bvjN7AJIDz1MeG5l%N&S
zI^mRN)AKv**@Vw)*mEX6uV>HMf(8P3&cWvf_MD5)P3$>OUCqVyXFO$F?!t47eY|gM
z3T`E}MTW&ixJx>R=g)#Y_Xyr?oX8z>TKDq4<+PvJCraVi7@E7B&3#1EPOcs@#Ou1e
zM>u+RYjo~e>%zkoCldX~1Uei8|0)DLiLp6Fds~x|7XZ8qyhvF057Ew(<6Qy;0Gt5z
z9kAyBkiAide`>29G0!d7&--rfqjLaN*CR<R2E<4Cs!`;5-fsJ-eEeV%N(B)M)yJK;
zc~5Yj+ePUsyZpGh*jBj(i`XiA4O@m~@;(X4NBUx#Qe?K{USQ_|+olwP<Z-|}2sXk!
zVO|ByZ+HK<pzpl`XpU&;#dlkD7vZ-Ot#Y3kS1PF6cg@0>FGJaDRjPLEtX%z36wf<q
z;Z-WP<n|9PK=YpqgT@3s*(5pye<Mf_-v810XjJ`UFZnwH*uT(`gySyP<qmxy1@&*L
z@SA6Qb-x9ebI=8)hXYxo)^^AIeR20P#;EE~W95mh_?i~rmSX<ZuX~`f-}h4gF+jRD
zRp76>r#mUWL|Lmu5tSY>XR05@+Y!p%GoK}WLKA~@7?uGNP=%;3fSI#9r80<8vACn2
zq+$@}(~m(YHe5WT(1Br1B>K##uQ@FNd<<iA%*~o6Rm&Ms$v7}wnfS4^6U3(FV~}4)
zvFsIdFClYc4Y$wIjFMBdY{y$avbk+2HgUS(PJ@uUe?Y-_(X3PU2BQvriczu(1mG={
zjNy9<f}RQJjaapWB;$pcWSkilHpJwlH3U+zS<`D~A!-MlT4;rfNGj`m>>d{R?*vPV
zMe+>Zht&oscsep97SHS;MvKt+UO>Lz?VgTFjOULqo)?;Xbn+&l32Yw*wilGqDT4H7
z0@-{1fmiQHk;q>(yTacFz<!$doz`RIt8|^o-!H{FYGW^x*9GdmJ?wyNIeMsn$@}hx
zcZ^5U5J?rKGoo}f-t7QQK(fF6PU|lBT$l7UVs}7Mg%@dEcjO{bRpY`Npbka;A*|O$
z5}k3{5EEAje6d;e>emAOrcWElFG$opauGVzMR;iEp}6XZdLzbe4|jeK9jzS(R3Djo
zDKF9V$JwYq7HRrpUVr`3=#)MME;y262|CLhn*MlBC~FhAFy5Xg8O^9aexB+n7BE~{
zg8Dex{N1(3Xxewz9-Fk2{An#G$FbmPKzT(d*|@m!XwsC&IZSy>C*?8AtTVerz8B3*
zXKVz%&TmW58ne+m<lD8z(Q&P@Ag(p$#I?p;be<eQYs~zgYmLQ;TBC_Y?m~S~QyJ%~
zw;1$$K2UGGRnr@BCeLpplBQx9oTD5x#$tZuRwSZojfm!kA3YO|>TLZZO=FyUvBsG5
zKhqd<6Ewy>q%rnk{DGLp*hv~=fvz!*Hj~0Q`r8!7%>RMHXu7<@_|?ClFsi!3SVamW
zfR^_yVcO!F1Z^>ov_-q7E#~#p7DY{4EY-BdV$>D|l6fP-$Hy5o4<?xYirmkktJFox
zVi72db1tDQ-Z-$b$fqz-sN<igqdYw4ly>g!q^>InTJyS^xGF(Sd^<r+d?!IoT$7+C
zu1`=C1G<`s-cr?gY1mwszeAKdSbr|k4=;$)=_LJd5ARz*`eCQ0A6Dx^H%dfI7Z}1s
z(N01)glE;~hJEeqij&o#R=T8<k-zHm(09}izn7pN=7Dy#M$->Vll8+=)DNwiewfen
z!#td4Z|JWd=0$Rtet5>)#(Bo|R||c*S~$_X5&P76U|?-<GXkK=5Lfb1JH+4cYbP}<
zYWg5<Q|bC(>BaisT=ltReK7l5^})HiZg&WEyDiE3U`(cvg&sCyZ|Ix2O88g&Okr{2
zlk~y%OX-8JT&xcs<6p_ddN#9qNcwB~;2hEiQ+qDf2j|dDnQAy$AN(>|9|US0Z$`b0
zwgY7bUc`Cc#fqU|IcEt9io4CAD~RxN&H#cC6*>}znl_i2tTE=qG{#+Vjj=VRF~&8-
zY)vaHAZ>8;|3DjTife<Wi?qR8NgMQi7j2NiD-p#Mp)-74TYT==VbH1S*7NLMP0$A`
z67@kxeiU%<NMta>rxX1ckHz`CN7n~MsVhd}F@3Ot>4T7$tPc|5|N1y%^}jn&$2=eT
z6P^F}M*-T8^w$UbF^?#*-|%dxLk(#fVV?Sv9v0_iE-n|s0RB&+M)-x0sL1XYpyOp|
zy)lh2CY*XT;j{%asMqj}Zkuz%-$YoC-v!IVDSa0C+qWr&OLe7im97-N+Q&wdfD^D*
z!wS@_&QFN1M;Em5X~JZ5>0g*~rcMaeqAzP_>*G?2;BAQ3_47Yok1CWmS_qRnKP~V<
zHoo;_^CjCh6v5+DjhR;%3|xb^uMo1^`PHYn_N4Xh1pj67BhMD)J3$N1u<<p6(AV^^
z_n57s=jw&u2Ys0Q?!8;+W<ql;Yr%1}$3W}!UPxK^h|^oo6&0a5-5yCte#gtTYBHr}
z@8^fTs;#0M$}7{GD!K<R__CtsX7}NWo(b;#6+L&muN1snvhxE8B8?)`QN0Vk5S6){
zC{H-})i@+k&(O#uoi4XJK~Wa0TNhp<Si%AlWT#76oR%p{ec`^1YeCYxofHuj5ZEjz
zORfyJ{=QegkX06y;!GjLM33~OiN1%)E)<@B@In+?venyf%`~`gcS%d2t&mXmv^hgi
z>_0=sHHy;u;(|3mmDgk6^`4XN4BZ!{$+tjvG0as%Jl@o7p{xT$!U8-c+l!UV7L<3e
zmIr`fy~pPW@~Dct#>12)a69>$)S~IU4-Hg)Q<L{tp0{W4!Y4uw6XS5Vxp>16>iFUC
z8=v(=nO<Vu@4i)-{4?mp!tZ;Rm^c=Xa-QVK<ZFghbl(a}WxWp<Ba3s|-E%9t$Ghhy
zUM8!p>le9rABH~l1w5Y%l^3vs&@SCL=EI|ow)I1CG<2ZJk>4`UE;%ybkLwCS+7G|8
zGb6vCdZ0n~jF2NMXEX*W!4nEmr<7&Z+hedwh|dd+a5UVhoZzkFyx}}=*I<4*AJv0I
z)J*5_l*$ZvuIQd1V$9}EUNAoZV)>2wsxx0xH;=;IDWbVpRGv=Zh+(0hdf36dc@+AL
zom2pI(<wEgwIoU>^8?|B7M_m^Ww?^D4km=n$VmJ;(VPS7O~rZc>HxobhxbUzQys`#
zVD@m^F*lDp#jg%Zjx35p8Jo|L`7xfL`l~*6{uDr@%+3&5&m5Wg0S&I3+%LXGsNA>U
zeAL^O%KPz98o$nw0Zq*Fb`9lM%wh>wummH&Vk*|@U6MJ7Ur~Sp2Kx*mPQ5CA{^Ub+
zk++eKk{<xfjHy35&H%p?0!Pt4+dofATMtj_VR8sJBv_~6(jGkEHRdTQxE17?Cj-~K
z+594XEXXr}?><GoQ;Ba*ipt|df$zQ!FW*3XcfTMH1!cn1LTvY=H#N4aci#u>d=cB7
zzymzJ`|xto1Hg8-0NafbC6FXX;@2`(Kl~`XYj2`7>C?~00s9?^9Lx_y_K`fCy#Z-e
z3-XiSp@nsOlFnZU(q0Vjqu^sG?I3)MCvo8M587k64JHmB=wy>f>v{w)zD~vW|AzOX
zo87~UCb;<+EAlITiOCZ{XM?<<z7}U_3lg~d3MAc%9?o_3mrm~|oIqy@;7@UWM}AbK
zqXHPtavt7NJP$fnjK^D^#y||?%}xn`sS-((6aOQ0Y@`$+72fPVkBaNhXW|0xI;a8Z
zGml>fHH6P}GyIoI0VltD3rG(^O8ffAI2N|CqR`+m3-aWRl#td3KlzP9XR9Dh-cL#A
zBTun)83YdPcZEOiCRq5pwJ9q*zau>PJf^v?PAGQM`6T^KPJ513UYNEDYnCTF>1WLI
z@B=0lG%5}I`Y^UR`PQ4MHx2YQ#sY8Q&pLafH14h8W_*-K9PNZ$>+XeP1Z&fRbSU18
z3EnMFCdn&7n(zUpOUEL6**TvPDplJA4MK0MBZjcve0Z38^W|acjanYn&OwCI-iIWE
zfrVX)d=fhs!-(M9v7FzM-ze&mMMtpsopJlc^9;AL;bPp5>WW6CAfWXV3<C%z=&;E+
z3a*Z-AQE+7RWzRW&j!A)c!@Lc{uy+jb;MVPaI}*;=x6d~_zCa-9^Uf!M#nh1bLDy}
zH`#+ZO~|03v?mTRIFQ5weEtW1tW=?})9&j`Jb#AUpWfppdBiv<=5KME@C-FxY`Xb?
z@}?n_mJZ28C(9apnEF}A`{@1|)Q@l@fw7qXE@HU}k%Qw5AFf0Q`P<xC)dC)fIUIhp
zW-W#GX(NGg5_);^AnPSOW@#M`^KTOIggZfr1ax!|kkft*CBu*7jecprJ4d7Tqw62A
zg!{V9hoF-m&;d#5(3!uu@f@fL51c-#u0^`8#;I}gWAIrD$rX|+AVxxIW3~2CpoG%6
zcyE@&V<*%Kk2B(r)$mA$TPSUI{PCvTSb^_rj|+#v%dxZL3@EqhJSv{Vi_MRq-TG?*
zFCSvZHQ|KOJ&W!F*scByi24oO4oBJm_+5=a_OI8=(-lwp`s;!9m?ZG_Rtk9lpO?eu
ztlY2r65_C%h|lu_-pLD~TLyP#JO9r~yRa$$jKKy&WEi||rPrdtD01_o;jdvb@lKvb
z#rgK=u)oBzBN@?QtLP2y+5_rJJxknd((kFCZIgDQ(6-C>X4w=8?{}l4{kIP?7z&5o
zfS>wS(>g?;vU@G$E}d>u?%Uu{DxXP5lf2=n7Sw&xeu{6rGhhpLrIaYXlq?t$nT}xm
zH3fUpgI#GhOTeMnGkI58!1Yw1;yw;2<WC32;q9lq4{w?0mkpx}@ltsIh%~yJIhg9X
zTWX+sY|^&QW42(=Sg5Wm&2DLu>el1wK7Ms8X*Je;p5f3=e!y;Nd8!4Egjt)>5-n@8
z^Xo<wA3&xuUL|l%Hh$fHcwDvtSANB^h_`OAliMn_PUF}8X~NyW3D69`?s)St;i)$4
zq++}uSA6S4ZYzu$#|d(1p3U2nVxx}P`DsDB6tHz3gTG+m+N72Z*fHp98e8k*SJ!U%
z@w|ES008T+VO{n{Ql!@4`LUhH(4gIqt0wEl{C@v9gAE|W*_6^$J1^93c-`!L4Iygd
z0ybqzDuv~7*4jGvLz<lnlqkkhXjE_6&edXVwTf{!(ypb+F4e-@lyrX!FEm+p0vzsw
zCX}h^K&C<~ohW|KXfVLY-<W`F%8=u*9JN_%`JcauYo%I6HcQhKWmal;WLULbDNc7-
zYnP@&i`FJjyBNczlMAaqjQP3o>(ZL{0qv}7!gGUQoIlmV3N?WyRmd-&1SN5u)Q<<e
z`eXP*1fPy(es!G{Ea)>(&RIz<i8rS$fx3mVwCCYR8dd>+om@ba(w>1Q)_&oz-(d5;
zhk$e$-SR&V!}I@wcICA1LzVp~m}nP6Sn$iPOx0+2E4scOz|oC0c&z;gw-E>TE*Br(
zR%?(^?tvuAtwXZ?pcTit(^eV8K7v_)m2KlSWbE$*8m$$Stlx-bN1WU)BIc?5y1$!|
zg86j^g{KY>thhQr*<d1)=3|VMVJvtDb214x0yv0-8wMm{2lO*W#@;a0K{O9#iGuBx
zS`6N%*slcIy$@-3n?}3cK)b;KXt#lA7lych?>NJEreT|<1wQ%nUgVQ0=};xK)I@ZA
zh9f$D#f)@}nKp}Rw>I#~elCfSrz*2jy74k$Cf^x7H!K;5o?C&??0XRbBdmLo(5CH0
zLTds-n*>i7j(jT2`Q3YPvL7}MOIo+_uRcef&w{mQ>1~3XwYAv0+8~wW2-1U~q+}Uz
z%^5EPk}KxG{3b{xxk-8ze%Q_bJ`mXw<0A>{*ZUNJK2_|YK6&<FpS*jhPhLEapZ3fi
zl=KFe4dk>J;TeQB5~%-&Xl$%Ydv?!dI1)`h;>bZ5oJ%L#MkLzqv9^yAShB$e3a>Tj
zo~rSqx~ng7eNw%#CvJ~HtKGX3`>*~rDa1R_z1^}cM)iIPaud&dQ+}K){Dxk<G67Tt
zsa35wk8xF-RDptQchfAuzgk5n_W}I;?*i&eef{*Or1^DZTWo%H??%X>(>~3wPtfZ%
z@JfYQkco;8gzL8BsMB~x!(4iJ7wOZjW03&TxZU*D0&m{QA0F4|;%lg?6C9h1GwAII
zxx>OFTumNrbiH{FMZ=kew!U;$kaos;S$;g$%k8`H>maA~ax=ZIMS6=0l|AS>$NTUc
zIkOa+&S8JAInH#jWn`a$1&Sy7S6Wgj@l#AZ5O*42XQRE7dn0=HAEq{brgh&%Z$D(}
zr2Bq{|4a9yf;>N0xY><{J=JZcy4{mxqnS&^#XSu55xWmXUczo>cR~i<xBhkb*H=N^
zuf+UoDIN$b4)l-VDM-(on)l}UH*o-=sT9Tpzd(M8LLZ9xl_3>_tbzUp_1mSRpk0Qq
z>jYA{E@p4&w<e4vu&NlyQBWo?-Z>6qcVOFL!-5mI(2vjRpF1e~(S+<@BxJwKvhPmF
zuJy#TLlhZn^4Nsz2NJ&KXmN6~AtBqB@b#@M`}3A~_K1Y9m-QvyhxCx`L8r6_7ZJ|s
ztBRG!3kX3`yL`jwW8-KKfQ+6{+TdeMZ{~e<DLCiV+~e>?J$Hc$Ikg(CzsXMnwS@1i
zCd1^B<C>CPxuqa^^CQ9kHSMYou0wR+Xsd|c%KIjgzt!PQf12@{AsqDpE7D5t+p+#a
zDfhI^|Ezw~5I*uz58IJB2)brPfnmcMG(&iMEn2%^b?p<R+D*TQwERHW*T9i&SnBOU
zlY=ctA^F`RC~VISP|n!&*DvEvj%Nh0<YNdztB>~KcwfaJj2ZLBo3!dv2lk&HG3HqW
zmlO)`*Z^r-by7X6?YC4L@1IKM(qs`B<3l56T=gmf%*WaerQI6QfF-4MHIE~QvUk|)
zKJB#&hhLdtHdIjZT1ZxL+l=|^zCxRb@_Xht@P}<L${(5WTnpdGZx_pgP=q4#m38pj
z_#J{YsTeB;L0%T+8wF{^ea&R#?{6As5X+jOG(udo?%^B7vVHurW%PFF`6b@-M&6Hc
zfGZZ8-2j$mcyw{(ia@bQUEEG5m@|rTfm1O~6_klxxKMQahiET*?s?ZlJENlXIThYC
z9$`__ngX2L#d&fla{~fs(+h~><9}s_<Y<i#v8we?0+?k$vAX<%Zue|Jn{X2vL*Wm!
zPcXdPhT)jJMq8=-J<IXCAV>Wr#g_vTV5XV>EWN92W6~geP(C{J9R6pcTQ^KFHA{AL
zmWZJd+nrLBU-2AC0C!8e;QhJ_11fYj3qjS0r-zo!rr>cwyr)m#PGJP5&b^{F#4jtt
zU{G98@OF3cD{jS7-XK))c^4}q1Wy`8Ym{Hc0uD!o;5SB_x7#EtMl0`IX2LBM+JP0A
z({JZqM}AbaMCmpsTo^47ttT;tNuG$8eqbnz9DZ2{#xz4I$`!e2Sgz8-nx+NAsNnvM
zY)SkYBbd|G8t7V(LyoM1Qq&}%&&?#`j&bBhB2B&qpJZB{8}_^H@C;oPxIQS;1aJ8r
zctwJV_f1OIHa90d1<7t6s~3de*9Z@%bOn{dKIQ-=P{a-1?;irV8f;*^^v69w5`}3W
zZN~{?5bfq;bPbBckJx=}5b@J1+iAhXgT-n_2|%sO_mS{?h!eO_1lQ07Z!ITSxAV&b
zm|^YlM6hwtphj%|293ImTHg2IApQJ~oC4)d0^cA=Q@Q}@o;F8*o1ll=w@G0a28TI_
zUC$P!2uA%eIVnhuwTbsGHKCR*a86vK#+ZTDZMLcazkDmDKgUsMBff?cfi|qCtF}6&
z27dV>%3KPWi!pPMt@21TYKZbRf#8u$hqTo;cq{HLdiRhDKU1$fJ$NMBR{0f1lcW;O
z4k^rge?x_A97aFFmQa6NQBSdehTZciEg=iRqsA)xl_u8rLYTXG@1N59b-b)Wu&VqD
z+#wcHN2KAGV73a@F+<?d#((N6Ypa?vSd?z!S5RD8c2`2gC7lMW)PI7@yq`l`q)BLa
z#v9;1*#&5|*75$^>B#QnpF&AP9JRdf8Fb8l+H9h@^%U%u0R4qaIt!2&%i7fcG?0;~
zuV3O#Z}NyNs0WZXT>=wbo@x^08Gw)m-uoGi3$HtSK*L8BUfJh;gVLYpFmw@LlOkA8
zLHdvQ<szj&sFfeY%KsbhH6ghvQy_gRmWRYLY?<9+c*9>lMk*ZfD*OQ9teP&_uQKt=
zS?FWhJKQHq$Cy&}@y-+wqha3PoQ6IZN1cES?*)*kw?*mlNF2<xSUtw8)Cm|g1|^t!
z1I30(+xIb>lyKtU{Xb=if6@}WDDgo`1PK{Rd+4aPp7#e}eD%35+|T)pVGF${0bluT
zE`N)Aic8w<k`5s$15M0AnmDA5StF$s+Lt|Q1aj!uMmpijDMQ%(C2gLNOF9D-*0v41
zp)ME?qiDuwX}b{o%1C^#*l!vFs@rWtP>$oxbKU?ljpr<O;D8`)b5D0k2Q@t|u^+{k
z?8h^DKZeHo0S!M%ojA7OR_Kt3&(wpX*aOQ@=)si<@o^IS0p$2mBkHYriJajY#3;xK
z^ou0q?Ha=S)}+v+{qK!z(uP?nzb%~eZ|9Mu!&FDUzRn${YfjK)OHJF<h+=BdU?Fw#
zAK@{4_tz+qCai<!g}ViL!uCegw$kc`vubTbGLW!AOA!2Ro~zW~C!VMDx4Gv4{(bl*
zUj9{M%+(sZ50XGbn`?5F9iQ$kYC}WP;MuOVe?7Lp38V)Q8D-g}cDv<>uuAY2k<Dpv
z{}Jjff|l8h40I9v<lC_)yswRX*+v{{Ak+0Et#0o`yjEb)vL^S93HJ$epqhC)G4P#b
z56IyKLtswWNNfG4h%>D_7dE2*VFR^<2V&EH3D2Tzl4-&nHV5CNVLyT&XXidCZBB^Z
zZSbRxyg&=H`3<r4+&i>KM}CVar-{_V$xk$(G24i1{*ejTPrk;T9!0Vgx%vu_+Me%;
z@)iH&eA{^c`_%0)$NSLZ!{6xM>2L9j?f-!rm}ul$4o}mQ{(+c^1hkoD(pMpzw$Klo
zqAZqzW%fSt<ggi^kHd3Hvhf$l;eupr7SNvd_C!4q^%vdDt4ClBoe;R~>N;Rqe+!PE
zhCO0BRsEM#q`F~~;RT^Yap&>_F6%Z(EWi>g15ox_ctWj3-GYJYlxI;x-(OF%nUR)s
zEPU4vl*n6o|9H9}ByB@I;bBU>y#Qm0T?eUvK;EB?N|T9#nSVr19u#fMZZ6O+Ds!W{
z5tH-ptvereT0(r)j1K%_*x7oLke|ZO48_<8iUm5_EE2d@C#pp^bYMV4VBWNcvEb&}
z?B58yL1~4FjHRMt&@@t<s2p{k)6@Z{1(hThOpeRGz%<KV)XaQ)&#?&!w8@vFqV+Jp
zY%8R=EQg)mlYrLslx@cwdP1N<VU;WXbS_Ft6kU2Ih|)H?>x@O=dK251(yW<4Z*+?a
zixHL+e)Syg{8CqPct3hSfoxTOaE`WUYPSM|J$jTr?cm|lP3Zn2ePgGaJZHhDcDiZn
z;Vw!JPhpkuzN_JTC%ROUTA_~YO1h7MRY3Pz<%F*|cb=5D9IPr=oz|7m!s)YApPdDs
z+j2Ik(#JdX`x~Th0DU>(ElH(+Nu?L-rGMHPTc3$l|9a8~PtXT${ev-`vHb`gR%K@s
zVCCCITIT~aPpiM`O4xtb%io?<{!dhXJ}W<Spz^6n<=u((r)v;Caz=yjx-&q^HQg+A
zo0jSy0}0jYZy|4!QBy*%{e+azJGUUqRh}WdUb98hZED$s-t#e)8BS#$J)=<`k*9k9
zIgKmXS+Xp(=sat5HZ-cP#Y+Mna!PwOmmXTkfoT*&GD;cdaK(Pw9z$1}up6E+#4xRW
zZ2mK-12dKJH;U4U@Llb=O5@(o_6N&oWoYu_bujDm%O5ABb1_~8eN=$5_eP->(9qDK
z`cSxd!v$o`AJmQ0!Yqc;EbyE{YSrYc>d<uu4a2TlG!)1hlqZ^9(s>YYS#>C(M=bda
zer}#rQ%h@w;>}||f+yTTg}E|v9iGR1VTi#q$;C~q)%T|Y985|!lW1*l-^$ly3}QA?
zH(zs~sVZww#S23X9^B6GY;|#?Yq2<#q%S<p*h>>R#>>NAqDA}NqI8caO)ja$so`+_
zw84h@X(mA3v`pZ-97wfS{rKwoY1yE+O?WPYwymGfK>STk4U!zb%zRZRSau55k8!>l
zGYt0&q<uJFiPmG!H?km<vGt5lT6?QD0VQWt$M1Li1n|2X7wWPx?jvgYzOx*HbXaQ;
z1I*L|__qy>O=BVL5gqD%FJSN@c@mGCP~>cFy@G%BaY&plFW%mTE56EmI6qr<2pc>X
z_J4I^+%;8B<p)4LU3hAM>k)#{dxT)mD8bU>#H%{c9~)y$gJ$z0%)sXtTn*BAxX>IH
z3Nz|?WhAY_)Ir9=Zv<s(6kTmVHjhP^)!4J6nuc*Qz|<K)&yyz5DR#hn_$LQR;3Ir>
z)dITyWq{=WM)(n}A3uMk>NT+YIl-uag!v0Wak-YN<(i<nMJBA*RdzD2xa@`op1}qN
zAB-z4EEK6c$qyNJOIL#S!u!1xk$u>U0nK!gN8F>e{(6%C!w-gND$Zl1)MS`}Dz6}_
zR7MX$zl6=qKVn4FX3ZmFKNOdSHE%+i7_ng!az`KIyR0Fk9yQT6`Bak)7w%;v^~foe
zz<iPlKe<q;do%J++M}D9&x3w_E6QAif=!RJix<%<c0+q)tnNP-#B~L4IMZbT6Vi&V
z^h;mFfTiBPsOR%UzcyTFs}`jO^ih>+1*JHO$c2d%g9jLvcm!|P-~~g4Lh<f3{3~?#
z4m@_@e!pT$*iVjdkbbCZ@j3N0&3&~L*E|kCn@Nxy@U4~iFO9OBdmznI0x()?vuT%L
zt7ZB+s<(D9P#`c>Va6U_SwdCTC9banrV29-E$L9bkXJoZ5l!t**=fRM6=e)-K(Cee
zWk7;U9*p7UMe7dU-%ByUf*gf#If*ZzNPR%({}g*(SHvR7i^8aidP7iVQI`kM^H@86
z01y?Fmmu+O&v??v{4F-A!L!2#l34vSd7G!*X@Y6oOslK^=UjdZ`A9o}HB>+I%Gj|H
z>3=_!O~tauNTnJPf^_vYre2*%r&azh;fF4lgU^JGNPsXeW#ZwYWB5H-ji&q#5Y^$E
zucDQ9aw;V9*uX66jxeqgK;<`WBuW~Nl}LMWHAdt@LgC~o8*xJVJv0&CyAMl_$)h4^
zPf-sJhp)rf%gW+ZF1(KNM;!Tx^6yKh3Txp_ol89&HgY3zZxjolJo;~3{d>^_2>2t-
zlzZ|6c+TK^^QxU->^QBT&M(EtsI=O%hqUElRPB%QHA~U<_$$;Co<fZd`;ayI*&u4+
zEqIH32z}jxtyj`)`LX)Kd3MPuj?JpNZ=1r`EWQgXdJHS-Zl#rkUqcO8)4#*7dz1*X
zRO*;}u@-ADc}HUh>!HEvkcK@x2+iFB&(oFBcU8Ou7Qk)TcfH$Sr<x*zV&mbxXYigC
z<@qik;LM5_+YRooV5;V8UK&g-P2Tk(^yFFWN$Qx^4{1n)X-H{3Y0!uF&ujV?&iCh?
z(rGp;xL{Vmi0DG)aXR@czmN&clZP60w#d}H#pWFO1v;9P=Z$8-YZm`=TyOS1ZO+Qz
zYf@oY=u<L<E*?1Ol6FS!Wb35+@kV9Z+RWydotRz)e2U{igH&qeYl_Kd6F<i|Jw-Qo
zwA<@7^9eKgnxPfldG73&Z>;FP-ec90hz23u6Sni4nj?GS{9Doe81G+Upz{Lc85;RO
z^DCX;-pOwY+BTyr4RaG+I0euWxq<CdZc25RO;s{B+m*#alhzEB*GgvFDx;r#@=3<h
zy;Q-=5q+JYqTAtq0922P?wRfx72Pi`e2%XPM$KD~;4U`WquoFBRADF8TWEi$=+33T
z)~fgo=7X+Mxdmb0?;ddYB&hWw@(#>X{^)viCE^_+(&O+HAzw2iisG@N`v$fi?vxIZ
zf302W$q!hz@y=SVK`iUSvsacdm^t%bLoB@HZ&_L-metz4J+w%R$S%hFKj<oL#^=&W
zicKH>x_Yf<sen$2Gk>wjZN;?-ln8XmSsB>SB?<O{4OJ>s!WYR||6VmKjVxIK@7?=K
z;LZWoUEBpWu3|*IKV3VA<C69}rHIRaz<oQe2Hj$-PX!tZtB16F)B<R5P86PD4n$_f
zBJKuHyLtt!REO2~n7?dUBgiIn`I5Hb=*T)Wg?F#M5GBn82Lfr^)n{mh{NyGKksa=P
zRU0P_5yuMSRELw(6{P;)<2PgRbMVLpohHer3bS3HinEIru(@J8M)L^&67Q#ydZ4f9
z&T|@TECzJgIgHi8P7?|YEqDR|4?Xf;n%(d)f@?G$hjB_Lm)>fpu+C*YST#tr9>f{%
zdmu}@I{^Cc<W7c*srOidopRB7g*`<B5|B%MD|MB1gnMz%nE;Xcv{{&`WZg+$Vz>!k
z>2SOa<ru$w+VEJsAiiccMV4QLj4K<fs~k}%;(<A=RV{>35>AjJ9Qhso7Mvh*2<!w0
z8}F#cH8ZxejThJ0&DnqtK`u3Udxqkk0gJ{0TJJ4_Toeiq+uln<DX>{WPATBvot-v3
zXWI&WCnB!ry^XyZpynDePDT_r4`4*XQYV4SRYs!~ke-WaM?#0&%&a(Ri`<2<>E~<N
zHKh#WvYqNFfX*Q_(ub2b1CGesli@1s;@_fvy8Q6b#1LMs%KPri($?*DvM=vX_Frq~
zr@0I2npC_%v1=ypy9KWy@^(3R-?R~I4H@)+iYnU11A3#qA?g_nk08vPQTUlV<l=0*
zQa%Vv*`;=LI%y}TlhesgCpJqxUe$>EOC7v4Hj{3YwM!kg^`C+m3!WU?dB`8N@%9c3
zUcLb2i`0(Seb_pW1dpXE#@D!jrQTbg2RcaA9nv1p=l-aBu&ur%I)O@gd&rS~0b8MR
zNvA*;v~i6<L`xS!<_~$F^-7!$T9F%(#)G_f_<6j_z&!#Fe4rRI)jJFmVzYt2%~jUz
zo(O+*o}@d!bu=P16(GuHzrskJVT;0afItB;?y|I#*t1(|iO~Xyf{*vE?9piEMeIh)
z(z}JSZ7~5zO@O?h{VU%0gUkd8_@%rys%=W?tqR<yx(GbM!|=-jE`PuY>Miffy;Aod
zyNnz}(Q>9oCxGkEYp7;NBM>Vyci83fY}MAs7SXdwun?jM4uYH>iwGi5GvRX;d(OmX
z78rk8Ha@dUaHr+q^V{q>7oXo@&w24fhU^4nSP5$ThT(fy43vNrBI)IMP}9fPqX!lK
zLrM@jRRI)yJQ5D{hv&g1JiGRqz_kdLW&&x@Tbl>Em#u1~r;diGuDOt~|Nm|E0WAt#
zKmc0<(xv9kR&O8=RpY8bo-L8pcv$@;XXBkAwA0Jlb&P|Q_+uAg+<iBIbm>hX6m)c(
zfU<bs@Zrg_pjTpqg=9Gx$x=TbNt2dZ+R3nlY>MYx!9)i+zW!6%@OOk5*B<HCk$P{p
zhE$t3nnLQojd$%JCYH-b-&~&UtxqTJRVLmR>>Fzf_NCY?9qP<pssIGUuvk^;SH%TH
zbxc5bV)<X-;u4B{Y-%&M5NppS+p;xT0gas`NpX>&knbC9X;<8t*q@XA`m^~wUI?m=
z!P9Y<hP1U)<1M_wb6{w1zA_owKd*{Io3?P&H~RDeUDc&C1dRhmg=3M6GfCzt<(!&(
zUN8G~C(dSWb5>GWlux`bg-Z40t^XmaM7*O(ZI3bCKRO3$1Gvr<sbwWziIqrYB~n>0
zM#p;bhgfZMFI8Ixoxx>=3NKw~PLGcEk)3++Q+yol6*06g?L_Itrc*mky8Zy|N%;?U
zBuWvvG!v#*o7A-M9%b1Th7?0=UM>XzBG_r-T^C@&WO1lC{L6Ya?Uv$lD)6kG=2XZA
zv|Dx{)=`s8M7sT)hV%oy4C!|#AYGq!!7R8c8SyKZCrr6C+u8xMcBvL6s#w;&$@bMM
zGB<mN(Ofxn;qZhJK%YUO2^GT>%%<O#jQGrZk)ZurU7?ebEabqHUNwzyAmsWRZPIqW
z3fr(t-T48p%JI%15q5(<MwqhZo@FBBF__oxhp9{--W(CeS88X`8n)SEt`EF#NdldR
z|I?o^b<9B?W#A>?!XyH;e>2j)i~DrFR8>{=0j~PmI#1Bc6yQW)!?D4>G`pn($i;}{
z(s@EL-X;MHj}3OES(-MWCmFxG7T7jVMZRIQ)27i5i3Hmwbc7_L+e|L8A3Uy!2e~{;
zYKQhnE(CkhVCG!C*Rsc3|9CvvChdV<q=7o&;8&l*o=6?)J25Jq2M~(UGch7otggVj
zLDA8r<ZLp%vir>NyfR@WkxZ}o4rF?=?q4O-w@zzhI<e<+WI84@nM_Z3FF~f*VvJ7d
zCgyiC;)Ht5B?;9s<g$c%=$r<y5oazBuxxM7APr#Y-vMBoYX4P$J$*_8SZep>09JcN
zGQc)28vtP01Mu}jLkV1i5M1e(1Xqvgvfx^MRs+|NQ%H#?IT!$#3LzMT14J{}3N)6t
z+qJRW*~P|kOTUSU6is)UZcE`n&Q`7k!+I!9PE{^iu28#la$a~!GYF@HL8zWOrL)1c
zLp6qrsq5r?42m4FoLroxtigjR+Dv>b&T)9QB4nw@Fg&M$*HqV8z0RSh2A(hSR7<SP
zH|<&(rdce?vdcoYv=}F-b=aP~XtdO4w`{MhUy7k{pyjyuNU=02S+o)hz32iJz@C{(
zvq>>u^>sQ%fvHbj|2oXd9w$i<v^GvKYXb!z#(RPOYbRKm*1tv<jPLP`4)&$r>_%E_
zf2srZ6-&Ffi@Q270X=ZJ5Op-EPnOP0^-6J%O2ybMBZgv#6*t&~mGwVM$0e6(yze%8
z_%Q*8_xBFcM3B_JiGdzKC3Wf@PU@;<uQ&9#)CB^rD@njnzMWs)Znt#Wq&~Iww1)M{
zlN#2ypcBk_{p|syfwq%6E*?I4iTT~AE;_9jy5mxXOzHzr$lJqF_!7s}9caCQctIJU
zvp=fQ?!mMd-eA-SPADtR!KfdH(%9;3ZpA$YFe-=ONe<4&b|;{-dB}eJ&;Le;k{p&0
zaz5EeiPPP4Z5q2&F+(JY^#z>nip7`!NH--5fRC1fMptInS5Hs^py}ybV8ksX%{)4S
zw<w{TUqVcROWMsYuspa6Fgc?B-4xM5SZC6WXtiws%L#amX=uc7>V<X<i66CHPOu7P
zG0A!tNhG1HHd(C3W$I5h_R_&wn$}BErs{M0C57s!;~HfDaprPDHPR2JPc9iqs5;A<
z`U}<T(lntuL{k~vO>tTJkJQV`(z28695;g0zgLUul4HkUJlfhI8J*!XdANuhAgeI8
zO2+&Cj9;KjD8fS2fJMq`*!Gcjemh7@Yj%B|hTz8getHtE3I~Ijy+6plJf?x{rPCV7
z63lgIp7;Gd1#RzW3}CokU}viYw=RyY5>QWZVGrhQoUU)CuNqzcMyFx}=v1d@aWMcy
zhJo#Mm$XBjd_r442WuZ^3XJ(c6jFeVn!=vnUZ4d;w!VlK{*@8t#|uM}cB`4H_I+&0
zQGO|=9qL>II-&Z9lem!B>WnX(>{po<>L7DkA1r8;cGN<#c_FTXh9|z1sC42=AFT?;
zluo<U<%GYM28VTrZL@(y-pnp_BaDywr7bD8y{IiIs_#U|EzktA=cUBuut01%EWnn-
zkil6@^2GJ9izyEHT0L<bw?qQ!sS|98BQLggS`Z$xp*Q;f@b)e6Q4~qzyU8Xj5SRsn
zL`99ToQa@j1vN25v&k;Z!UpgFLGgi?fOx)8b^&=N&Mq)FuIA3?cgm@EzP>xXLr*b)
zd6AF>pBNvYs6<4VVF`(XNyuyeRn;@I4+3)c-T(Og$o5S4bXQkbS65e8R}q!Di))DR
z6;~H4l@5}6X9~1igt{HHiH7#k+bFb;7dKk}r-$t-l}Dg{v<5*AbZ1f&2f8&`<v{WL
zr;nMj0#AL4Pq@Vf8gWubnPo|DB=bl_gN#(S`9XEM#*V5q-K@M8!m7g2x-Ix%{e!x8
zU7JwKOy){Q`2bzWs3*59VxRzM0@nXwFQJaOI=UcG#?bCDoFKNUN<!Es#3>eVF;RXB
zsoGkVQ!3wu*ycIA0@r3(T<=nseeaY$R{ZSv6(0>{amBxYt@zpTD}MW~q<jCZHD5W8
z?PU7i`{8)waNt;kpVG!+!{La2W}~K`!Sf9N6geDL{&<*bOkP?WVUVG>VJ_Gj(a_Gd
zOV|c`zn|El6?!BSN)Bp!znay*hILZk`|<kT&#mtL+-&bR&=j@zdwuDfq?KXQkdNK_
zxoPirDck$~3|moq`?t!8A0s`eiRpoO2zt=k63N~Xll@!F{;HXEkX!dP&_^GlHCf=<
z$t%bfDsj?YMfr1YEIlhrR3(if$5Hyndd`HSu{m!q(fX~+0?P4rby3lknM{~q)BXJn
zT31|R15J8|K5sbR|Kk2zT9mG`w|2Dg%a#wnjaEsuG<Z}na|aBd@jW^wVdJ-(6J9)^
zt{>tL=)4Wv&t5%=(9aG7Fh&G$7+v;f?3`Cm!*Kmlyz2CHNlVfhgH}(#91_#La6Sh)
z;@iplck;BHU}P$8(*%vBY>8zlF7YF`@n@y&!08aO<>JUf8;y-2gvR^~rU~-=KpZY#
zIeHxRe-vEU!}fwvmAS=s`M0O2@2eJCSQ$%@mZXy2dCVd+h`@{T9f=^f?mWZ}wdgP>
zOD+pC63n1Aj+`Dg7>v3Ys{HO})~zgH&k>H9?WO~`nUD7nVXy^K8QB&~H>*4`yb~7#
zCh91b_Slj$`YMTAb7gaL)QR3$kGc-hkkj0Av&9hSBP_J5<0!XlabFN%y*WR|mi(lz
zk_5rGEsS}Sa!iBd&x_S55rKr)ApusPw4#+k@sAo;L!*mdJ*F|X576Kh$TUkQ(<lm^
zv^a`F`IxiI8)+SBQy#|e@u*Lke1OhJg(GPgOiXNQFj)<9^FFj)s85T;FL#NbV)Syl
zme<RIn3o+flLqqbbo9m~-LKjR1T1vu>8I-#V!%uXs&AvK3h90`FZx^Iz0jK?zD;+h
z9{CL#4ZM!&6uXqj2mR>W37f=uR7B<jdqdaq(i7MUKjw)Hx}1de19*R+$lvDaXBU%Q
z7?eh!Z_$Q8%7>>q6IL-G0XIFPy_L2`r)@7YA23M+g%eqxbJwH`Cq{Y4us38p0I$6Y
z%Dv)yp)V*7$F1HK_N`<w&_K_ZdcF_Xcd7OQ9sQT)p|QYuQlh5>%>=M2G8K>pLMhBY
zUo#Q-nw{^n##rW(?*+6I5Kc_<Ocg(}?G$>KFTG!E4O_QotYLNn!in3w<p7K_k$FrJ
zI<8**lxisOHauex;Q4#zYBmCT{Ap=1At3a+`s{C0?F1S`KjK;`N2isGyLlmG5_(5-
z{<DmDhW@p^l3mYrX0|Z-TUJk|{W2Xp`PnECqIo<)TY;8NC{L|YcZZj&dl-kfp@}E}
zb}&68+_V!@ofa5hB?oRq8G{Nq{d<dwfgx`pN>;!5-Yva^gi|E8FuAcnTDi3wT|yN;
zX)qLuj;e07nfA&&s{|_jI{-&88X0hSK^HKck3`__>e1wMpqB-_P>J0zcy6`_lj*cc
zqHmOq=+Sehy>flevj&exwJ+#qI6>dLf^4$G>MSfXjrO)EUqt!aBM*iLk+1$?4pek^
zn2<%4&ZQo;(^RF-m(S5Vuk_;bTe%V1)BI`EgmFvi^f}B+G@n#k0$Ui+x~CVd2%f-W
z6}d#SD5%FX&i!=8iI*i%IPG)D@IAK73AH`y$kk!58;itt01E3~eU(F^+S!V@W;m{h
zo$3Yy_J5r!4ATM=s^q%a)R{eW*Xk6oOK-DL)qpQ5J}@m{eMNqyOaC@@@X!Up=%SqC
zxW2xQb(Y(uYu(~eoaM6palG#~u^aN2qP;<pcu+~vOb(p3X4=fdo(}B_{Mf#ebAAIb
zAO}*>rotfx5H8i|;0bJ>nH>l<HvtNzl@0l_X9l1FZ4T<4oU6rd+#ZWhpj=nZc24ki
ztGN7@%>s#Plc;_Tt8NvmFhA6}AqHeNLl~luoE<ky?zn*vgMCoxMWQcMON9PV-c?+$
zcFm>FQf)f~-9V#+r`=LX18j_&&*@`=Y4oelugCt-*ZhLgGMi>EyN$1_^GkUWwiv*>
zINulDm~e8w-NR`z8HfyC%}6vDluLT_PT&rsQa4+0a?@JKY++t9gWDlCq2WRk87}OP
zH(aQ<3-w0*eAwwfz=`{Y;z7+p_@tW57mi-ozQ^C@;G9i-z`uyD!SZw1yn-^kpqSbZ
zX?6^(!YqHIL%hf?e&+oa7{kDzz57yR2T)S2!5x@4$Cdd3J36eSyqY;qQ3is5*UU#e
zY^8Rg)c42+Qr@ARLoFU7$1GVyDW7w~6u=oYHIf%<O~{M}0t>=6V-~Q?9Z)~y78T1L
zJN(hu2h1szba_U*4o0@f{^XpQQL{;<Jjzu^46Px=ADp%WDha!4dlG=n16?0dso7~f
z0#nnKQx9_T36-EXsBAqimaX$T?Q*`2L*wZ7A2W1<<r&3lOn%r9)ivw~XCbevBz_?h
zZ55#_RkiN-%Yh#M(v7Y+XOt5?z6|tu1n5yE#3;7!Hom0MV{(T|h7&t=nqve9JwS4E
zNb}N^S|Z4|i8BQ%vxqBfh(abWCBsC@BE~fl1(s}<v_LYSCDS0uvt&9Xr?Vu8;Ql!*
z31X0c9wg<N&yyaE8BS33Vgug1BI43;1XSv|)n0)ke6sxm5o3D`n#}iM{}9CY;%;&#
z!~4VH5bt)@V+F5GMaM_^m+E8I6r#}^3~h|eXN={G@df-f6-}!*7~GsgR;HXd$q1k+
zmPZmj&1_fcsYo>jxJXxZ0tMYPj3@|+hwYQ^xgJI?nA~5T7z&16p^?42BWh$dWx10p
z!l5-O2fNf_&QljlS8C7#pwa>omJ-k?Cbc8Fq(gdX1T7pzEy^FXI)7|Gb<<|$F0I&m
zkz&N=U=uI`&tDwU!c>PCbYy<)47`L&=&~SbJvvb5agEq{lFq{+)?{|5$1lVmx%J-<
zK}}4(dH_>Y&D1eX?JbOJvXvc!G@X0|^O^U8+Hk)ym5k7v?hKPkrXz9)V>i|?cnL-g
zID6(P;j;%;0&D<Pzf_oDftT<MM(CZy`I;>183thqF(mZf!TJA}tj(I(K@6QXqZ+Bn
zAs*6>V(i>MK8Zhu`OIG1odnEUJBDd;WFE4M-AdO9CaP5cA#%R$uy0hRx9OOd7Nz46
z5xbDLFvIC@c8W*1^{)c{oMI2sYcta8cB0psczUe?{&$?{)pG}Yx_UP7E=H^VlcWb?
z$xL?e<qnHsgnyS`o=W1-u80&6!<d1>$EXzUW`Yl$@!KoeiT@Gp#D65<fSvds#1ntS
z=qXS9tyxNwM%2x;3Nebs@pzX|Ul}>`C!}I^>Y4wMzR&!RsAvA#SU71I4%)@ziU)6j
z?&SQRMNagq@%RB2;XT?|&>4#O$<kqghsKk3iR2a1FM)_91`s{s6HKa&X2f#43&oo4
z(Yukpxl7wmDtBoCs*tEEr#~VyQ3JbH7piDy0+_md(YlI*tDg6&Y)B5dqh&9Wy7)A4
z2L^ZW-DE+*>u2Favb_>J3)@>PuryWeS`u~>`sbGJZh)<KB{hl{DZWU-23~4n%N<6t
zkv8BGSSYQ0w;Qj%%@<>&FSi(i1&;|}uVXFBfD>eTHSA|~h@Z6Jo^@I|=lk`szSlfF
z`C{T#;CVXxs%=xHw)A6aC2w)jQd<^EZJuLlp{}3QLhixQh0?Lmv}4g{lg+p_LeFJ1
z^0>>#gUKYkwRW`%n073=CI#zy8@CCi*P<iFA#^Yan}7U_9ZI^X484FUL|TMEfL7(e
z+qihz8g20lx5$LPAT8bql>E{Xq@Y?@-uxqJe|boy0d46Onp*J^QrUj=lg?-E=EcsC
zg)ci|K+6x|VQUBZ^aSo18XbnDCxs78@8C0GE0~gMa0g1PT%W+X(aJo4bm$Tew5rqw
zU^0$zNFKC=wo8oWJ8X>(QdT-hTNx`ilGgI<R+YZ1NiU)j<mz8TXPWeVnjHrSPj1^)
z<)sEftjH!0nXHRt8VC#-MS<~;IMFevZ6Hz)5c-<~kkD(%FAH0Od>>f!U4%-!FhduV
z0|mcE6#SR9M8SUt3T}?xKfJEVscvJXCa>LaRHNe7(=4q__8xdV-fZuLM!s`esV5qn
zBV)(N+M`)J68vXu?`UPmB;6p}A6FjLS~}Vifiq@->&t{QrV95l#wTBEISrpgvnR$U
zr~XTP@?*yt^2v{yRXPeD|4;GBx=APVNsG!S%>$8qdV~`LH9lDx%O|Ivf=~Xv-!JgV
zJYNi-R6gxw=q);WM$1s{zl7dJg=dJ~`;MsSU3lz2h2D~hr(TBE^#6rrDEAcTotFFy
z=>7JgSoC^MF!b&XF}o_Y?|_Vt)&4sIw;Q#+<HC@NhTGLM`ccuce(yl_mWtNJGADFu
zoL#(%B>hXZ^``#-U3iJ;4N!o=MJ>*LN}JoKw4nM-c|S7okSMS>=|^<j60t;2z=D5?
zLZ;f!kV1+MtEidy<9~`m3LK}NfOjPS!UQZh1%+H{`UMJkw=|YQe%-DP+xv%4!OGE6
zTa`oR8R>wK%0F}XR2whT$>!yKp|n$0QF^SUkDcY&{o;0(XBCp%JwV%8R<@{s3_TU#
zum+_lOHZi9Ldxli&2LtV)khc8OvM=*Mns|E%4Xf)#bI9j2=&LmE&wraREzo^WiWpl
zSv08%%tLXs_vT>r94}g~;d}?^Y&IBC7c&unnwI}`ZJ3$h)Tn}hDoCiC6wdeZ5oUxF
zu?UmnQNNuN)*Mn%FNYZFr|78n$0(^Z8s>agCdBEA1Ut!hF<Pq)y2_}D^F2zZJO_X#
zlXR6)L{X$Fk0Sb_QL9g*FH&+tI=-V6^5J}4BGUBoQ<~#d=S9Ubb^3P)+0M{Sy70r)
z6GzO(kPaha^mFote5^WpBN(fq10hh=(m66~oH@ZL6CC~sp7eF9`ae{^liqzwzFw6g
z$b>G=x7wg;gewh%rG}F=!gvoJHNwGs&bK%5WLd7A=}YyA{^`otiH`J7UOR|bU%C#O
zKd7K`v01tIh}x3IIME{K02G5}@sp={$<vT8-;dwCsl*+Mthg?+d5<0mG?U@t3s1dH
zCleKqDhVkKc&JgVu(KE#9yt+P^ZgucHN*BM(%bk`L6JKEC!DiE%~96E>MeGVNJnzq
zHML<?j_XDpv{I_XZLySl;Z2;J{9;mHa<Z<E)8*w+D`Mnj<$bha4!ndmH_ZN~tv=Dq
zYnmRX_(OY(y|(8<+PRaa$B}tBVs`VH_x##$Kh&yZw#2A-RI8hRPsyW<CVMPx@5k$E
zK+f;}0XL;Ga=n2?#m!`Th|5c5^zxz_=wL`Cd2t?m;5Zyz-<(9WG;kWoAhYWL<UjtS
zx-W{d!r33cFZzrVdiS%rxWHetdbYc`MpaPLG8%~Ddt}9-4oomH!hz(ZJR%*H-geO<
zyeGmBf!NkY>E~5dvr{}`Z~t1EPD@y_)@yFvxupB8j269^1&uKrgCA}kBf!dN8JLya
z-5XbDL$A*IHLU{8BIWhoXcW$i8j{W50|qZe16SJtW%9wesdLr@$bI2(+}oa9c>4n?
zP1y#LnH9Vjw{zT`8_y@z4J7Uym0A>ONQ6*+4(U)sH!a~fotefJ51FEuu9(v@&X?6f
zy1Q&e*?&fr{n4Zv4Au8t-$tej%+g7sMSkjPoRu}v3*BjtPB|gaq^@|6ey2%pbhhVG
z35G5i`=ca8{c!JDW8A{`yKB%z$lcZ~m32iQhr_aWy|(N<j0y1&FpSD>Km&3T`P!w?
zO!)vF%PBogbWEonxEfA@CR9EwN<0nPKL|z1+fJ#(no0*JW9Fd&(7b#{;yjbG{(!!y
zL$yfE^2)yuzB(f7H&l-~WD2A!f0VN|gHla=6>?DeS9*@cP~_j`yK?l!F$O|aovPGC
zk+6JiPSiAhqA6+`)11a>tc)i&XZtBWRJ(j68$((4vW07YOWbrgnyrqFPUdWNxviJY
zDyf%wABge49&JDK;n#8YGxi%Q@?TqlXxCk8dHPk)yL6)=yvr@!lR<}KON}&(E&dws
zB@XHBUCh44Tj)aP;{LE_knFv(JM2=O^4Nn;bj)I?SoDt-%u$dO<;|Ma-K57?&Gniw
zdY#8IB{05?PNWVd%57J6Gf&my$RXG3d&r)ru1JK!A~0mzfzTS&ZkOycV0F(O!#z<G
za2Ud3VLl&Nm2PW8U!%NG$MfQfJ#y-_H^Y2jnGwCDu4s~zq8>YWbo{X`k#BDl_9ybj
z-B3c7k2SzXE3nK&AGFE`;ISy@ARkz0;?^>T>I9Gyc?`}cq61Z@1%55?n+CsWQekRN
zp_vQZ946TVpnF_{PPru<Ip3BF({c(^R({RVX`WO#BB#*8JvtWBp&dAq)kH_hS*jCa
zXNKzAO$=^MCTf)_K#w!Md`G~51E$RAMWd%x2Kl>jG$!PoL>n8T6g}J+ccDQIi)f)^
zLd5tp2o!I@b9{<LFXfx1DX9)=ip3$#O)0`6?8dgm))umsbH2aAQ|{!{HCL+Rv5ly%
z0Z_k<cjq*C=1a=~L%VWLto{^=t-Q>0^XjGuede54Il{ZkkvlnMWh(a9Tkpud$+D&@
zLcjHvxzYa5pG4~OH+t7l<T-{)2P<c*nOo<Oex2sb`DA6#<Ak3z&vT@D4Hf9|09-($
zzbBw2?$O0z&0iBoN2k~(_wZGaQsz*N2COGkxu6_!MsSZTVP!^e50At$lSqgq`%bgG
zg?t5j@MZ=>p??QX$-7uRGh)!|Nhj2L&f$x@cnRn$HB8}Csgukvxz@kI=m2PsttPZz
zwZm7Nn-bTY_pQ)Z5%iSXZ?KEKcA>YJ1-<0feNTh6wt~#4e#YB4K6FN@&3b*Z7fJIo
zh_9nDfgQ~zA=Bm}Ye`7mI$0Xg8ky1Wp(2ZY$cuZT;@7#P*Rd&k5GtVCJpN|SmTJ_>
z+xE)WU8>%&z)Hn!-r;Ja-luJQLw{!ex+L-`Irdx|IYklb%<_#>V6K*RVI462jNY#`
zQ2n>!(ALv;3<TJg-&)6}%%@}3wwxKB7b4T838srnoi139GDOw+X0!3a_)I-&P(8C<
z=qcvbZDSamPMeZrk_E42{Jk#}x}{=<!VM}4$HMU3#7lp}PZ1+yHH<h3Bl6{Ab$q0I
zRs%)=4FebGcu0@M!|mIEBk6cBdB1j%eKi132!kVQgX5VK85kB_i^82?Qj0#SqG;n7
zm8%qHcumlBWh|QbV4=!YiZjToGE|6mdjMU0d{r$N0xUM<?E$^AkqbP+8bcY9!>Orm
zm{F%XcA*QGxingR_9KIDw(YgQ8xHG!HH#$AH@H?a|Li%kOAIbKhnL1%c@(MJ<pW}O
z7(@xq@x6<4w2+rHp{vBZL&uT^fnDehd+1h`nKx$O+USS`WVGK_*9Sp!zS~eWrxNvV
zFNqMfcTngOZTyJF$EHQb@Av$v=oqCCTQlpQaucd%SQ35yu%Sx2Btp%fpN5(@_eL96
z5Pz3$%fQ$nSMk9~6vzX9)9F{rm8)<<N-NUjw^<@xe(h57p*dIi3nbwCxpDD$=~xW?
zRn4&N++r~IH^}c@fJZ-K-Lgg1Suiy6O_>Dh77V-K$r96o`6g;koNnfW`4$F3ewzAA
zpak;?GH9#3It$*&XKQu9gZEuEL@@Bojfo}F6<m_7rbN7AZXNRbNSqNC0kkfTKIwkp
zQw&~S>?M$^pG8@9s0Q~k2KS#cqTtT{7va|1WANXQ5e5HS{}=e}GwtH>SuA3WCEwTP
zO(}!<fS%+YB4XT0z;7j>FXSbAHV->T&aiYgz2fueFITvS53I<Nt1l+7Jj=xly?1kd
zsduzE>G5HJ94*is{0VJj{=isR3UY!<mh*o->nL4dK)?9nToQjmTNlLOXDi}GwlQcp
zKa#oAcfj+7j;Nk!L@CRo<Ruh0&zd1!C?^8*LOOK}J<8&)N5`9?i0ySOUaA_`ClUhM
z><ZRXS*JACD&&><(Ea$JR_=|(CeHsN6b=nwY37Y)3a~Vg>jHOWh0-y;?aYB$+&d3g
zFieGT4dg!ntPaYEi_^W=@Hw>)e1m>;rCf9$`zWEW!?1b?iH71~+s=?0cglN3iBlYF
zMW3R?&xE`a0>WW#4Noz7^Fm4Za}|r$xJ%{QC3azgHNn$hYYgpz@ib|{YAOatg4MX`
ztT&S9=JdSK8x;SRFAi5sHBcl%Ldh{b8uu)BU~HmGY;fm<7UyaHwBDh<4+SRX;5L;c
zhUIewbc49!EEXl;sQl}~H^W%UvA%dHZ>)3We6#dD2C!Rfh2>Ze@a+;l3YUlpq5To+
zUQj*@jrYlF9|p!PjXv<uNVdHcqQsCxyfo~6$O!O87^cY?-Y;Nx6ydXGr0E1)@R~xy
zHNR&k9hKL6LlpH%a9h(17$TX&Lw2{AUL;vz)u?le3(e57hikQmp;?!>J@n@V<-p+Y
ze5)&5QQ9KXvXLbJ@uKc<i9<>m{aFIVw8O~dCVD7wOQz8{m28bgf%07m82_nyh#}or
zk!^?sJ?GZljuKvtUEI#%Jn>ReTN$}j^_Y0UU@C!H@MEo7&c@g7PZw+W{@Y4;F?Do0
z9-ahBo5<(vu=mR_1b6A41eEXSWkpRfTjI<Z=X=Z(&EbmtA2sNo9oZe0XaBP+>=Nrk
zgV5jUA$cKtl&9lwPQ51=UlzlIWN51|^?r?yGyjR6vrBPhW?_vr1`^Dt4Mu1a8xQ$?
zEa=~h@rU2Kh)vmG(zZylI+Co9Bx}`VFzFRY;fzHW!xUfSEM6)g5i|)#7@y{vg9YkR
zyw|%gn6&-3suSSAeAyw&bm!of2-(?%50UItx+rmoY~(7+TQ!{QNe7&K`X<5c*=&Co
zh1-a~)`7rPEqeO{Tf?pl*vt89Jm*Sw5b!)_5d)MS%qXuaGms@2j5Gj=(ACDmgnX)a
zw~Ik$-+Ty3yaJ<dht7%k=icoQYxF63-f?=dLwm7gpV-j;ZHZmHBJ{bQ+8ZVRSL8;K
z+R}t$5j+46cwt94Zas&YRl9JcL8%X`ehZ~xZ{V{@&8PV}+a-pX15TW#b6`#NOasPI
zb-4kF?lbw7>)vGB^{J#x!f0S_F)TBq7si)`Y_n$^UI`)AeDb}J*mW@Uc?2JOfZe6&
z>xV=9i5F_j4h%&iEbB0Mk2(UsO+X{&+8+{KWj#3Qxpl`ecxAwO0WW?RZ%Kn*zC!0j
z{CS<BNexD$=P<I3aIh7&S4KXVJj%KOI=kA;Vm-Ku8~EC$M060_3X4Qy2OmgDwg)Em
z(%a0S?vD{h;joz(6kzOjGlthW!s8u+{jy!v{$*Ob!^$VBCZ~FaWrIQf)%BffXmQRL
zq<J4?iZJ=%Rdl-$Lm!DnJLFaPC>8B+2l9=sK&p9iz;p@F0@=nmU**>IL*Y|$zRHV-
z_`sqIus6Ke%8zEaK_lDHFgEY{;-6&)HN;E=#2g32m<$;Ao8yB{<O~Lv@Ix!9A#;!&
z1y&9+y2W0%xJ^#Fr3V&`MF6C;rXfFkIUgu&ZE(H<!|p6+!|dG%=?a#1K3#Q<fmCtw
z&G+{JPig>e?3Py5cwjAFwUI>pHh1PveCBTXZ#Vbg6@v)Xb#_OnPBI7`X3@Dr+~&Dg
z=uBO6z0i5qs-Z$>f@hG>If(P$)e{Z_7)E>PD%es4yhiWZ(p9e*JcA?TIEV&qRk{3!
zk%-z=>tzuVimiu@kI;Fqr&j3naQ+J^9#-fr)$g3-tU#u50WW3qlD7f}cwRJQ7Sa&#
z;#VLZ4T{W32aJZW&5Rzqcwsrxw@{P7Kh3KLA2fD>2?=~zm{B^pSPK*Yr5}u^^e=ev
zr!%)1V=JNvPz&=bT7iZt7?~RxnLlV|dLLJD8*1nP9vgfyu7gkXK5Y+71uFjzsQjaH
zUIN;d%|zqkWT5X>q;IGd&>%J_KLc4;V~xsy9x|1~XvzyQQZmqRU}1tX4$sK~o?%8?
zm<+|7HAvU4z!IaqA^93PuRp4!;3d$w@=T9f86sHuqdI*C{DuXP>+WLD?~PEmPTK(h
z&VL;Sv|QZ9tl!0171)IQ#qIbFO&qFxRt4w(oD?mqUeyY*`K4FJ`7WbMoa>`MQ+n|$
zan=r5P^+A^gY(ZNjoohfx)GWhublI}Law|4Gh(gs`(8~SRU)O*@+5Q`#9ga_e|tGi
z9)M0=Xz(^~zSw{fe7PilBXr37O^G<3vYC8dv4Hr0<bI@jITH8iJ=Md64F+~Y^64m^
z>yWZ!&#XxF@?A6ugL2k`-6$6z5=Ub);5MC0w|RinzH3DXhbrG_03LE$zVV$#Z+4)!
z4;bH|2@8BkRyF`uwp>1a+6>p6+iu_k%LbrRY0<Lfs@p(9gzc9rFxx2C%|Q<G1YL9x
z53*Q+7ovTrx@UNrZVd=KjIhFAanjvGgZ<r918zJ30m_)D{RGOuVpl*Qm7Z`UOXwKP
ztsRb6Kf6Y9z8lal{iEn<(!W>JHxHo9#Oeu973W`Rppf7-Jg`BF+@5k2V`JFGdhc1G
z5*7!umaTs|Chs|0E+otzbwIDjCV^mHybA-_c)oHKcUL5`h1=h_dQ5{O)dJ-XZW%!3
zTjT|^VRWQaE1z@NGl<(Xw6t@8XTGn|b9;GNR~vq}E}UdAgstB!L!c1Ovaa93`;|>)
zT@w6O+-XTPtR7d^^#nY4-^azwLMW{Gfm+Qo;y9jDGy1ns4)1?2h|<4isk=W~zr=m=
z=D~D^z+SVe5O%qCIAm`F7M_6m%LW!AL&O+=z^*!R(+V5WT2+HY_^KYr@FA}qP9Y@8
z9gHO;!FW|)gd>Gl{N*oUSIR%FJOF5{NQV!Ug{T&p5Bc&17-Q!~%z*!Elxdi8BW5IF
z2GR=kTtUrlMKOMhn)M0*#h{GT-=$$nM#JI3R29B6>8*A4YG2T~e0U9{4(jjFeF1Bu
zQBUpAQ&oEEEj{&DJ@vevdQwk4+^cm4!;Z3EW)sW847xybr=Ge^PtC$qKBlG+Xdu3k
zKUP-h)q1&0^>?H6)H!;J(^E-$3U8>g)Q@`Vke>QRPkq{>;a=>*BP=~*3#M@Lkt0>s
zx0ib~fS$z^Dk;d{Kl@@m`rt1v#fiSHBAJM=GnsqjethkQ*UBB*=L^b}xq4OC>lIAW
zQ+ax7oSw?mQ@CWyUtLe+brt~vTMwl_zV)0<Z+igs6}Y8Sj<Lm?^m2zFE&m!Or}9m=
z)}>Fowc!#wvH#r~I+o+(+ud55f9uxZeL;Wsl%5K7YojOVsRt<qpD6crYeYF8Qz)Y=
zbM<o9QwoScnWVRor`J4APi5+<3-#16JvC5I8L^k$(+CegYySA<F-7#^Ko^sL<Q3DQ
znJ>Du^@}|>bg5`5SGHmj^*zcPn0gmhDh2P?GUzvSX^=jqr$jxqMo)RWG^p;<-`%di
zo2|bq(o=<cDhE@zNmVY#)EZ2U?xN8w#nC)R16JYKTPRSfBz9>t>O`l8^_EVJ8h+^1
zh<b0Q#uPs3)M^iQMrz-x=fA<;8jylt>eLv`Go7sUu=4v(tv~D7JIGyyDO^yM#hn_<
zxwBJ)_clE>t1}{6G8LFctGS)g8sTz`taF^jP!NvHD+}Lj!Zodd);XlHvTzIf-}3oP
zZ2!kSN`4T+Nu2Km$SCI?ot%iz37oIigwKy)&~71|$ocN13=`)^JDh5~b}#>loEq0~
zk4#0Yql!5NGp@YN<(^)>n)trS%2$lL;<jlMCyu*<C%07hYUSUC@(r*S45%CjMK@o8
zOVud&Q;l2wEkp2g<9?T3p=&d%r@+OdfmMPVM9+o-%cKU=gaN#<mES@I-P5l^v0~y?
zsJ$?chYvuyNNLC)Jift{VhA~~zh&Wj2qSOdy7<UJ17c(`zIo)KL`<)sbT6e>LAr7%
z6sejn!Ls}4^aRpLaK7gZs*S{xBmsTHt$Ujeun(gqrE?kxG8pBsejcr$Y~GZGucvlj
z!*(BCLiJC>H;;~_^i)g-{zUM&A?-Q4EL?=|{9hTP^~KfAi1%NSi{qMQ_X9YUNeE#U
zLg>FE9Enp?KM$bL<Aj%mi>bA-L<7Hp^s4b?;oGRU(+Prk1mEKcn7*A_o(E;Ck79e9
z+Niw;%gbq3T1AeYenk66G}>KH6k_E3m*WTIx7**Q4s<bYNGnv?@2cuI3=|2&!bk!M
z1cw&~mk~&j_T9~iL?EdHDz8HVxfTfo@2pi{f&?;5C6Fyz#jdT9dVoNNy2YE!!2%0X
zOhZ9xgif^b%1uU9KN6ThwkeLOJz;x;V?;Oxa|_DL!gmqge9+ml@B$j84oYLVDUYQr
zJRg3&+1mK9(U=0Gp?rezddk8_XuhS=46LFrQ54|<Z}yV^llVC5^|bLcRHA5Dbr04f
zM*AmM$Ny&)O|KfG(0erv*6GlD^tk%nISFTiUcF-1<{0$S{5uVLuZC$@jnk0df|C+w
zA|A6W5SLjR@`uuFRQ}n``ib4Hx)S?|>m}gp0mAX)J&37AM2F8CG&;OYg@3&lvMcfA
ztf~}0UC^!3eI;Jqty+pNalI_BL=m*=H~4I4_0J?apNaaHhcBa6X3?91UKa0~;lC`r
zgy2Y_5*{j%PNV0gbSl~aT-U3gS8|UwcGLHJyVdV+HKF{%Jv<quyX`10P#5kxrVath
z^_7V3&6$XO#6vYA-qxs;qG*UbRL;{%BMvH&Ic`QpY6Ws7bYhOB8({^Yi6wJd>9wb>
zd%KEv%-D<vKoyu#ok|@0pn|<PRo*ZFs}h^vjH_h@HeYQ~^Bw>oD)C`6M|6zueuMAu
z<IQL3@0N6*{H``CepbaJ2BzP{9SbL1I`l-eMsq=V#iKF#gHFmXkI8Qy5}*J3nEVe<
z%1?{QfBmHVKg8q*PRf5QCjXxJd^|$0PG(4x?;Ak-TU^IsYtA`f11Qv|@#3yJeZG_W
zI8xvFP+!dXuYhicT9>Agw&M#Dx^(UE@MCr5eVv<~MrB+M^+9##@aQt@i;AS^>e7zY
z#q+B(sxKP8<o_#t6=Ll8TjKFQBX<0`xO}_#9$(yuXJkg>FDTN9pP)i~QQJ21W;w^3
zBkpqA8b=!pc0(Ti@nlFzBNt+%N$(APReL#%=c2iEE)ZZ5GJrd$BZ;B&tvNh}v<f(w
zhtjOjoAEG&s<&c&;!NuZv<|X}<ezOOaB{~q7AD+m7i-Y_>j<<Nvhc-FK-{CX&x>_S
zIfodOmq2N84~sFx5Z=DGL`>s__rsxmG4w<;K8pSa$Ky9Wmi|x5zbKaePs%?#Cco&U
z{OPgtKRzGND%zvtgO(k^5Z}DN&3iM(jPsudQ$St|a&#4n)ubBdidy;NHr2w)BL9zB
z)zXo-U3lXi8)<>!Utx`L@vrb)x{?{bV9>dWX;FmCt$Q$u)OYLeCG|UuO6fJ1bG}#c
zDOgA9D}OWhxWjr4UUGupT+a8mL{tVQmaeqs8r)EC27ohxnW><;5XgO0*WK`(csEkX
zOzXU=I^Qz}((CX6XSl%`CZCJ>GVU+2`G3+U7&DzpkACYhR@x2KEW|)nP}(Bjsh0NZ
zr2*oFt{lpqj-g6<5dP8lrP*GErW6QXmTjj)Y~O-fo~jL1|6`E<NwwI;25$Y2Wbpzm
ziVaL}_f8jUp*@kALs?MAHL{6b`ft*jb>M)Y6%9Nr#MB&l@GA)h8k+6iv5F1%BW?LZ
zyS%?DU3S)GoDbtppdG;sG(NEKIc{s3cal3N!&6{?myja1l%SP8K=8vpS_!>1fMRTP
zX99i7`EDjby~SxeARAv!FofRM;`j!Zoy7;-)_Hc?iaW$MhB>iQz7c=|S^EWyIyKtR
zibRzUBH!;xnZ@TqPrQD2E?}7RFDGn;<u8i6!z?xr1q~LryD~f6IW_1d&+@?CH0GS|
zQoIl#l~^;}IZbY^u&Ky+039KHH9#d#a#L*KeC-s5(}R^EbtF<4JPdjY_{$9PnXQup
z<Be|PAv_x}ek?C9>;V``tmK$6pLyZKok_1dQ{lyr<(mq7D5OpxKipssU#^w{?DIJe
z9QmpQHa=-cHN>JUO1MXpuS%Dt0_f=4V}Y<N^)k+X7YafT>H2Lqde4PXpc`uM(lupU
zGY<c#Z_x;(*)zaZ+^gwAg_YKHs4d4x=eDD4HGr9G;KhU8>UF?-Nk@<VuStAu!I_Il
zP-b^)cA;#3l?b_3*p8`@xcpbC-<joi;S=TJZe310N!}jB<RNMfqen3$`<r>rxt&}g
zs{Lk=P1Y+ehKhl>s*M)%+dV-pFh$r3=j)GjMmA*@mO#E~P{wF*1Bws;1<mT&ECW21
zIHXZ@6@xnQKv->yFK(6VvFqY?vMnYY+r@h2g<cJs&-+0)D|)p&+NFgyqT?qO7sTsk
z(rRM~<4ET-GcT2}u$9c8G5mS)MQ?_QK)tgi;z%>C=_P0fO=xKZv}{wp>{J`VvGo(!
zobN&;grU9KJ+~-0zK-<&91UXB3b*#dK0#LK39LS!4i3>dDUzh}8?C2=l}$a`Q!sHP
z(H8zyo}+O0b=snts2tNGm0=&JbN(yn6sCnfm7m*-EXd16*s8K$HN`Je&tofYh+Y5s
z#jj5{#;$)S<<E{?|4z!E8N2?)=L>nC+y*`KrdITeDQLxlXhS1Up2T!3S^;SS+C<8a
z(d%7gQKWv;ntUSG901RcZjY(<!{oU3*`f;V@Y4C|H=xzZUe7owY5rpup^%fw3q1x;
z>S`C-JR0{sFs59d`xoMl7co<&J#%kia+57A+bIX?*)waT;lb@NOkp~Ni7AJglJ-4(
zPTd3h_`rlQp})t&Yl)SA<KdN({(LLRUl*(LS8B9`X*^k~!)W5s@|0OV;RG;HghEkD
zlcLPA6%BW=D2Zly%tVbx2=y6tz;ac2>Z=mbLL%GeG4hm@bolod8S0|WTR{HrXHeyT
zAi6CEvKHc8O!!CHKSsXKtGxy3VYo|tuVQ!%E`}s&ByqKqkwjD(l`2*_Poj#iOo&3Q
zi5YlCyO~+{b;;LWibM8bVnZStW}v+$y5$N?GopKvG@Kv#>+cU!bmdxO>9w%x-(d7i
z;5J>6U)p=K_j?DoslaG2?a1<E!QY!bH^E<<_k+^q3FEvCrOOk?duw3HxtR|<kQl0D
zeDzqJ=AV6eLVjs@yyq(TYx6!0&xx4w<iX!7yzAk+0rZ`pl~?OA(y<Z7Enl9P#SF$F
zCml<Yr9V9Mr-v!3{flbLY^U(!J!-63vq_IH$)j7PgBT9@&1<{JnDX8#c1pKTetra*
z!FZev^c?C(@w$UXZqsmHJmKJ~FjiN(=Lr1m?>Si7Im+{fuhH{*Xf~8nD>)?3WtDiV
zprtC*>*LFbtS#@Cp;tisL~wLdZY{2BXMayBVx8MG#Mj9AJ~ZOHbnhWPaHFxoXpm>n
zvauJh&v3p9BZDxhoWaMzFmhF&2%YJkqXN{V_;z|ODLs+Cpxkp+>52Z{vqG2a?WB7~
zVPh9y<ach9#n<Q!$!$G&Va;iF1)Ubu{e|x319Oak2KnnAty#0@J8W`*rhio1?Zlw9
z9oTM1q+L%owmJ;(61t3)pOEgcPUsKtK)c)E%LHEyw7Z(MYk_vtw03VYHY6D261`nZ
zAMIWZ?dEe;9|_P@vv8unN6z=Pc`|@X(>+t+Z-4KQ&_p#3Z@Om!0OPruwL8GK6WUE?
z?WWm-PFlC%*GkmE28YfaG`o8hpijFsfYLlWT!A91D=;hFR#UZ6+Caop_jxC*J)YNv
z4x?vdAN9z8=%zODDvz1;tB<07mCpBPy2Ngf_RyG9UU4IuXYxb!Q~LK}4MNUdaEf#K
z&!W%iuUF6MQw=CJvU7U->hAEC;`uPQ@)M9fEf6iJ89lt8EC)QvWoA6b;{)?s=h|<+
zMV+^}FFKEy&=p^GvI7}pHoAQRy@_IJWUEkx43I1quxp>q5<kSQVJ)Jf8Tz!ysK4{+
z*O3-msw*V4RQd7P%bed&yP6egp>tKbts0ABe{UL_p?88fZv;WSsv16#cO2+tl3CC*
z-JKKmB$uuUkM(}YZJLzqtMQm8<ataJ#(FDxws+uzg=Y0vHJdI}&87>P41;{dwpZg9
z+Hw}NTa5H~))vNFRU-{F&LAV@3~6GzTe{XQEit>Ldo6BhL7M2?Ax*T}+C=9E@~|;o
zv{}M)1v|H?AHeCJkk0u~pbAWHFGV-hZ$Ns&&7ALl@#;@twlOpc=2L)gFFgU7k7H&!
zyTyr=jRkT4#Aeo)ZgEu&)SIl;`*}j7Ufe5T@mjL+x*@h+jB<h>yqFNF_vr+^-XhqX
zbDNw7t=<o#;H_2R-AwS#immrW72ao~;4L>s)q51`HCdtFnWu+$rqvj_B!YjveiiO#
zqu?%&hWk6o`2jD@swom%-QtO=1~zSR$(NivU~RS4$Tj1QDC$^oI$OWN>C8PrZm_vc
zH8IvGWdAUK51Zc685oB=ELY6JDQxmHYmq~J`T{$(owH`%#reOdeYeAUAzIz>!u*<6
zUUJri#?w8H&i<TlX#z6z0i5qwiI{*c=Rsn<1zEcb7^NL10<0D&GXr*q<9ZToFx=db
zZ_I)sriT39@gS3Dg+7ho6DMZJ%>NAhLvaHf@K`T&2?qh`t)VLxloQ;$jVj!O6I8fg
zN{GO{9nJX=?!yf3S+o!~^aXfhIocTV{~>s<M;{`Al?d-4fVV@3cajG0YNHD855@?*
z4FK<Igm-^8!F%>;@J#mFPtW+zz>D+89dIMO-vPWkLYEV~o+$+DPX-m%8>3*Y2Uu5H
z5!hx1Y^oKZ-PsqkpCFyZX4oLZ7OH@G-N$=6$m;8TW^Y9Q-&g+T)8=2HC_SgofAAN+
zPYRzt|C8?c{F@;^LD}4`^@lwV>5YB9z9;s11Bz%-CYfa46Z7IvJ#jD4{v_r_3Y{`V
z-yZ@A;b&S@fYNWh9u*{W)6n?;JmN#NE~2sD_e0pycr8k9JR0EblmGDzEsUO#e9j(N
z6_>%P_;CS@d3tGQo@WrquKi0p$9mtzaaIqK;n!Bf4z*ePLf%E!<GmKHH9Tn7H6wxQ
z?(Pp;{*>^bZS-_2Jk>?RJ4?HKiIPJ<Ud;O|l=C-=SH20q9&`J)e$YeDB64vg<@E>`
z83c3>@Hjpu{plLo>lLV5{w??7%3qqZ(SSMvxxA?vt@AklY*HvmW2C%F_+CtU2mZ=G
zebXGa3q5mD)8t8ux;aUB5{Eqmg+l9XHA3D~kV*j74l_b%Hi}8>;hFQ_r*2+j<?^<q
z6FDOdX1XK5S6p5)f63){-*?9Xao7xa&5KD>@h6xxB}cu(5KQ7DNoOQk5J_GaNlu6)
zb0W#BBFS-)WL6}3X(V}xnhYjos431zAu+Ce^P!6jwnox&mVJbJU3vOt=nXS02E`=*
zL)c|>H$Zl8k?{*AoelMn-3?C5au93S-2s>Qp(@P%j7oWm=&f#zg9fs#GBFVv&!;hg
zW~rQiCXBN*tgY-KgG1~Pn)-2n*~SSM<IAKU;U$?LqW8@H9rpHMM<V(ra&*WOC#ZVj
zI?i_uS}c%g>JU4t-Y<U)$sJbfp_dxr^Oe>#*<7AL70qLhUtWW%q!k$;Q)byK=ADBJ
zeeIUyhe5c^?8WtY;WHqK8)3h{&n>RVkayb9C0kxXHeSRD^5jpI?h1b^-+EmFP(b_D
zfDz7b$CpChmsjI_xPq4oGx*%XEKb-?%QRl5nvv09xF(WO6_b&!qD$xr1BqsFz9Hl=
z1_fd^TR)k>wxK&eLSs>rwJm8iG?nhTiPYhf1F6|O3rzH$JF}D2_@yh&;Q>UNuy+K!
zPj6fOKQsVy@ZFmUsPIll%;eklR+F5XvxDcHd*qkN?~cjJl*8}=k0Ykuv=j0!E5a^X
zTDdo_{Q4@K<xeHSoF4>_AJXIcBpSb~Mp7)5Of)dcD=57PkmQ@lv>kr85$8@N6iMLx
z*P#JP-X6EcNY+s;w<j@1@*q9Upoo$atSIoL^Ep9JlHBxD7v6nCQj3zm*}eowp$SB|
z>QMx;z3fmJFJwQ0)@gy*c<=XlJ?Zx?NWX_Pk$lDcd+vMS!SuOwvXUVeH6s7@Snn2V
ztI?5pxwwNDjvCur#2w`Dk6d~F!B~@7E7WHB8`lpOKk<HzXCZeZtzFIsZnma7ZLnzn
zB=29;4XeQ|uo|E*e<Po{hZjc>hAntM{W4ml4APZ<y>cXy+hg!!YZN{*%R4dJL0-Zd
zz@L=#?3IWN44K6X@TCzE{1z!y(Hd78Z{3WC6H;FNYG8TOfaRe*fcPAGCK)#GO60Vh
z4{cebygy@!Z}v0;E4Z39nNCdxlYEeasyg5vS2CV~U=#otQqqVk*`Vh4(dKllaqrh^
zn`3$r?9lj;$a02Ilb2(G-$IkYq;$QFhViTor5WvI<h{GX;i}1RK5oE$={}gplYxGe
z7d5>(i+6(4V5A7&9MRs}8msW6wAupG7(R0DYYyY(UvB-2J>(3BPfWFn!K(9F_Su&h
z(b9R}?&h!}#QLk3@?KbV5pHW?Y2pAh&UYRfa14e&bZG^fo;|NCOnzNdhqwD=C%(z0
z#d;-9!8-YSG<AcVXR13;agWKY)-KdV%j@A))cvGA@Z+n&37f^U*qdr(Q{Hnmmx)^J
zOt*C&mpRkAh|7G|ipvg{`J$B!9Wr0DK2N`ISvS(}yVe@4HQ=*0(J!47{ZvJoS0Xi>
zJ}{xp$b;cGg?U_Z0AIABjbT|mf>XDk5BUDSfEEo>+DRb&=|l`jq%ZzN>yJ_jxpwiV
z87|nbX{_lnUT01AD{!h@V^mqw74$fU4)?xriyzDPw}-=XZDA#cB6`)?!t&+qY|IW-
zc4+5CGxVBsA~hefVO40}Nj2}G$5xV1x@|Z=JQqrN1uKBqSACAeK5m6Z>|fd#u|vDC
zIRDM2EzTD~31q;^Yi$}Ze{N&I+yuZx=+h5#aL4kC44z~$uLgdP)$xJ6*-(#mAvpKb
zX8p3TfK>$YvZJ!^Zj5B#*h$&vL}m9xWk15QJF_C$mqlf7BH=Y}Z&WrHmHlI{8gI0N
z4&J|jWvNKqRwVAAsA~}|_LQR?;TZi8Og)q*icp?lYFZL+Jy#YLx4Mfvi$n#s=tae!
zQQ$>f7%R}^OV`v-iBZKE+P0ZI4Q)w(p8!iVtH4ufM^IYHL)LrwwlIBPRNSanaV|y2
zdnfexN#+=TiGHKpk9P<L8lrXbtC~CF&U*&L<lk~q{)m|Ty!d>?!DkEy!WuIw={+~2
z%ZYvA&v|JD3DJY>sPw=CwU23*?{kRziE62cCAP?GVf3A~U%k)2Pc?Lm_-lezECv)z
z4Bn?h-=e(*Q(L*j?pdmmE{&J&Gn1Q)fw&=-?lF@akDZ7`$!kWxcw=4CYJx3E-Wo=C
zMXL!6Gs;YVr5D$RKgF&2`Jt{bd}P6oRu#cVMNsT=m$b&LmtRih*F-9~lU`hh6@=xl
z4`T(ZEhm3h5dWPm`nwn5I~|Ir=wX!spIT%Qo}gD2>eac%NUu%-;FrB|4ejWSYAE-V
z0KO3aU3v6(iO~SIDZhxO8S%9hMA!DVaw;g!i~nvw^mnV2C@2;w(P;XOf;YzT3D>ll
zly^69bHv(9(S&gZD15Rf4hVlw6c8Qqser#V{=1^+?`q^I;QuNAA_^_>wS~K*YJ1?6
zQ0(cB`z{#$-8IorTq;MS@IpC?(u#i>P4~q&bZc}&pBy?BfLF(V_p9jd{^w8>fDa$i
z(ZpPR^$p1nU2!#j))iIbq$o%{G2gvT#U{~x`yyUiMma<200IwJAL-I<6_#0Ivld6P
zvgr-b9kZ4S%DWGCMH+waU{rT14@Tqr9|xmJ_65qDV1*~4KFuv2imV)pAM!}vh_*LF
zwM7Q{Y-RqBW}<P<Yh*2xOt<4vpIkaGt(TWBaN3$}%}(0^r>%|M6BIr+=C5CtRysA!
zSo)i^UKsH8{pnM5o(6pt3!q~K@Qab39<aE?RI92-o?+&NI*WfN&$*z-=h6j)_i?2Z
zn~TKb;)g|IuS?ubum3>;>^Np%fyP7OT_6P4a=x{wa+iiv3xN5*l2;R;vlrU((~O>H
z+9tx^CrT#+Yy^G*dE7AJ1JS`!;+)Ccre$gQZ9&+@EkKLaW*3P5cJ8@4r@t9~wmGvu
z<@~8wR5V%fTkI@$bRIdum<}Dg0Xn$ItXv${?Qw8_+gZ)TXh0~4mLuejrY?3~)4=)M
zMrKh5A12UvW2LT~-F$GOdO9<aoz{rSyx0nR8$!WQkTFJJZ?R8$Ut&52^a39^xJ|Ru
z>}}hOo~i!kBIx3Cb^e{$Cr9>PRvE|$M#p+6RLZMEx072Rq*kCd5lESaZMoSc=9}GO
z0Sw*Qc;#NG&xqZWYU^u#M(lZ!cAtDX)B^JXYG5^E+^+}B%1?9@d2Q((X}tu3f9JA0
zd1*E@H{IeECz(S}sNYYA@;AVDi!4g8N5`*iud*m+zYFbaXUo()1Amg4HM$(Y&xd*o
z%*uE&Kbj3MrbE9bS(MB$>U(Aa-JmeQi=WT%jtXV!eh<dM3<`e^=!Gr%Vn(wyK(ohS
zHlVAFZ&l5qe$GxfsGFq+cl|;=9YYZVX85WKbobK7^>+00Qg&pzk-g-ZH6**+4tw+Y
zJ6dTfq@eCw$|bWd19`3JfH@g-)}vW_C^v!+$+=@{z>2pju>53kM7q<z*A<v#aRqKO
z1N?jNz=4+%X@+m2FS3A#RG>57@E2$SS;yWxa__14ZnOuSsZ#@{X59KzF<&vFv)&cR
zzkqLV!!z63Ceulm_|J{nf1crW{-VJ1^TKSq$?=kRheNz&BTvT?`{iZl^@JS~JOf75
zxkl$vwwjaua=4|lT;g6Au%RO9x5#q2$7^so@)suHu8-+vip0+`?xDXQIibld%K6;W
z51o3t!~}brGtJ2Pac74`d}IL&jC(-aBz%9qk)haC`~fd{c69L4*+ghL9h`3n9q%!g
z;<-#X)Qe88kx3%+r->^fb40pM<^zk+_2v#<9KVAqkaz%gr)OcC9az_Iw3Q?oTlM}1
zX7%JWZqtKlcHuiCRP5;gasK)Tq232+roykvbnWnaJ^T*FiH$2n09g;93dkk)e!14d
z)!2f^1}*$L4gT=Z#C{_*)9dX2iDNyVh85vlCFckX_Rz~{p8`|YE*ybA?dJS@BlkwI
zY{(z2e<-k=3Mpn4DHifsMo2M7Aq5b`1B^R4-#S#T0b)4cD#AZoOVuGM!yWJ`5kx$I
zAqtt19e%Gjs|ZrQiolId5y<1aqZS6$;LceHi{U~tJ6UE{zS8YQeKnpGKrB#@vKjR|
zMa9Qmfyov-*>$;U4<@4JiGvXdb`>UI7Lb<NB{Z06%Kgnir^Nun`{d%`6G!g+dhaef
zO!-t>Bg`n8UTdqcSbJ-q)9Wl8ztfzPJx?q|ok(u+C%5Q)-YwqpDw|KUU>+4!$fMFQ
z1h(^eoK$Y<mRH>pWJpC73hpx^;|IcqMfo_&-jpGq^Wi;f8UP>Ovpy60(S}(mjz1Ne
zM*F;F7UcmlItg?BxA8uFE}n<Zjy8^G$1L8Vk#h@eUrb`mG0#B^OT7l&&HZx#IywNk
z2t*}mzL~B!rY51w7Z4^4q(p|<O@)xre~SJanS6gcas^=(6iT2%wQ8XjEJX4wGlz8v
ztDy{;{`$UA%d}$|CScy~LO{0A4HjQd3d;|NKh@;NL0ggxOzSSUl9e?TWgFd3HCZ%L
zs16FT5(pL5L~U0wvu@U~<)nrWoUY;f&ZObVr)oGsYnbq)!oiSa=@Ut5zksA=r-QYw
z<qTl`Q_H`Fq<sTV)9~aoX?XOh8jeF!f`%mKg^+=zQlF(y>Ps~LGW9)YK0RWq2b`vV
zzdd>e{c|4uw-EcQ(>45K^BFY!LGyo#`floXdL&)b|1_{V&ji-=Q^9(AB)wohO~W4?
zIfI5@Ir48&UxG$`c-TNyF=lD$n^|6zbOy}Qll05vTAqCRk=U4g8iZ^OodH6g4E<Xp
zG5mB57o17M=bx(Kf0<mTB%K~fQ%(o#lZVd$*830tTS$5{=`;<We<lrgDF45h<yDEl
zOnr@sr$_9YrqlE<PdS7BrJbsOr$_8Lr)#)gK7)pzlmAoH7f3igl8O>f18druz<TV^
zzlEf?5>C_bbBE5L;pL}l_{^Cl9X2pSS>TxwK{VV{jvUhhGB^fOq+<vACiI>zPpkQB
ze~!*q(CLn9@2#CzaQ-|f6M9PZ8!N2B&wgsxKLf~=@txYfM9nYjjLEO-j>{kab4>n{
z_PG4&?wEXIIFi2_^V1^V1EQ3Kwz&LfI%4wuC*tyNXphOy?}*F)Cbs@yeEkc1V)B38
z8<#(-J0^cnPh9?AJ7e-6?~2Qxe<CJ-S`>cQVE(s}e4ra8JwD$Vo4@WvT)w?0CST}@
z%YU^yCjW4ET>jTxG5Ht7=NHE2`@7=vJ7e?X;s0wa{72&9pV=Oh|73ey{?@jb{GPVB
z{EnYu@~=4-m;dq4G5JH{zrQLrf7#D*`9qGy<j;t&|Lo&2`E!oP<*$nUzWP{vd>Ygj
zhRHLxr-TOv<PwjwbHTrSkLty{@Vv-l<E2&Xi~ujdij=d;qQ6+iUKs4*&rol#e1uy3
zTzcAv%tYD!QJ1#gW^P-e{2|SDiMvs~*hV*S)UEM{6w1IYUBpZ0iYu)tZqZ~d5`TdD
zT$$fs^tP7@=rX5UGFd%VGL04c*=qQlTMRts#8?YyaTfpXoMWD(qMUk9KUctE4Ts*R
zz>44E8N?9z4dAk^e4^7JL0hgd{pgN^(@-Q{%}ZVb8VB{h)l4_0UqDnA%kIQ`*o`5#
zc#pv)U5J%seudTmDFv!ib#(Pplyijh|Bi|^xiee&fGM93Oh;8E&+*&%+KvR5u|ds)
z9)>PkP|i!YU;}F9hq21d_U>>);s9(Dy9_OQtx&T!6Fm}2gdJEwyaxG30`kFkZ8hXH
z58zr*uI%e&p*p1tm4q-QDO11yFhke8q*x6xX&8a3^v9otMW&~E<ii^bXd#GJ67sT*
zny*UFMD@~%YCISkj(Qpkx((Tnr`h-ZxigFxYFzZ17r&}9q#F!!yO~|5YQ*mS@fBt+
zM~C`@)dT#JV8X9(Q7WrXOGl#7@2kjDb|A5hwTiWYQnVTK@8tL$wI>GPMaANs{QvOn
zCkU4>vUxBI{g_5w?huaf^3!+V{h1)T0p+En1j|SRpA%%xldB27NrPC}aq&>mIR{*2
z2MqfGn`QNwhty;F_alRoCcFx*IjhSNrK0m`UYP%MtF6YJIR9z4IRAP0zfrz?OEdFh
z31D?2B?Rty-W~961af@3NNf^=w!LI%^`rbQX_(L<s^@m*FUec8g%MASyw8NForQjj
z@v5=!S7`oz&805!bI%%hztNF-EO2w85%LyW`C!dPL_9B<u^ty!<utT8?8bD@Yp7v|
zGTxA@IILa`_wQYOhj@PVV6;mEEQ(3*Vlps)j~MOuQ%c&PzK(jS@u%&^7+A+?up*%7
zybPdJX5&?!8iubdGyv5QG<dUyAkSRD1)v5|6uPjy`VK;C!)Ao@*vsCFxvKm`LCz97
z1_+-TRQv(r+<1>LEU)Tfeh79%x~5p^{*b~&wVex<%73iT+T6-EkX<m3vLcOJ3IAe4
zwF^pb?oaJ=Pt|aL*p|7AtEvHl>I;IdP6j~(K(H|pntv(Ap4UFJdInTSXPXxJ@6U#{
znfIWrnYFi1e)>=J)-$7Y*-(?WnGY;Fi_oCq06?5~w(86DAYNbyCIGIXE1p`Mc<6Gz
zqBI-GeV_2TL7vQN^S-ItbM2GO@P-_wu{abmF6yCHHjdSIK|{(WeO<0ziO(<V&(g5>
zMvXL3R7!s%=iC;5-<cP}7Eb~EJ=f#lrD6As8c8m?q5UCr|A-g1S=b9tD$G)E3!W}S
zRdP%}pGz{PjWpE3uQGh3p)QKQv72jnoC@pMWw@SYlIL_>t15HxD#vsqv1G^Ryg00I
z)<p(9P7;&sm?Fh&RC_Q@4u_di*O#@k0}`;?xEK?{QQ!+xL59AT7k9f=Q>vL(vle^+
z7KMj<cL36jb+%@{J&3+8y`wQ<R2}Ph`&C>_W%YmtBJ(^v=Qa$k5R|WbAvU@U&Li=?
zigOInCQ5(Y(Ghij81py8<S&oOugHwayk$q6eN%f7y(oGX@=~%?z5`wf+XnK|%w73n
zhcw_*S**3y<W4p%&KGKvq?F(JcY3Z8KawV!?P7=hQ`sTbj+zYoFXa&_WdP)zD|Xb%
zNuvrZuo9MuCnQtCr?SvwL^_U)<HUtxn0v>xOlUH5@0=8mr4M)#{yXq27;P{yfbvfd
zkNLlaA7fpg<J14Y)qcX6jZfnLPk4luEL)8b?$15RMy8MUjsG?JNH`<<==WcPr}T{A
zN&c_FlYd6=4ES%+uj$O_H|f8IpY$`pPanV(>cHfj2AK0t1x#t|IvNF!@r=gH^k2h|
z<z#pWj$M7sbAUqZSbV7t$0&m1(-!eW3<xP=!>9+K{ggKnO#{&1omSs}pfd7jLAEo!
zxcP9}4(QT|Jo6m%K$VNGr=;i59v@G^vA=<v#~4d<4W5a3+K$rKB~a3pvmJeI?T>6)
zeP6zTu5xxc6JNnmm?Ak2<)3tl>|koW7<-~P`2n_SAQ-u%!D8p9hjVW*Exr~AUP^t^
z-{=`HO^q72snE~V-$|)wLk^6acmhXmB97cck|{ZQ++yO}z<$Cs`sri<q*hMYf-(<z
z5XwXE%1h6Q&o$AlG0wRQ_wt?GV>NXce8G(28^t=i@P2|lr_M9HwZy@_F@j!u57~w9
zx7vlS0U%Z(VoP8vIywt#M1iWcL`b1x7HDX~Xaim`8uLPP_;@ruqw>>xaZEek_e3{w
z#3Akxno@)g6STo9Lcs~66cyPT`LZCEsw!oYn_5liBXwTcXWC%<r8zS>#?GZclo#^E
z;re}rbw<3P;L>hFEHi2sBP!-yvk^9be3sKz6FQsdiLL?HX4!>~EY64ii0x8;|4#3r
zDS?!HzV<tlJK!*z?ZJGC&;-9@nH0Ft>=Ngotyo%-I4?bV{tWx^Y`i!J!t1UQVZvzg
zrQk8Py16%!cAt$~<89urguK0HYnQ*iG9YwY4eavQ2lVthwn6da*)9RlrTR6-D66Or
zxf+I}$_$$#<{poHB$jSt9$YTsr9m%3J@yJFmM1-B7|Go9@uFE7MZULclx1P^$14r9
zBUIw>ICy#Pjl7FBc<I)K%@DcyFzkiM&4*Xm#fYI%*)K<BkB_kzp{;}X6EEg94jXB(
z?WBMy7o&In?CBesD~-5#j~Hz>SeMQA(zy}`gOeQWhuV5+w#nb<?H8P6LYixvWHx%U
z`QRjTO@i65Kv?52c!!hes(dvK45Su_lN?wJVwFf|uF`c^0{JbPWbxOm-bpWI+%;ga
z(B^XHZ|E6z6&BfL+<e!<@D*1d$D4lPWohcRSNKZ@yyy-J_#P*ZR0u7I+qg$i0g>-(
z<NW04L)e;z(0kJP;;m-97YM6Cs#*tp5)|+yeh=iZ`UWVTt`|?~t9XiDJYn_4P&|W*
zpAW??YVjdz@t|N)%SQR_#;~1<1lPME23QVX{O;d0$Sf2NEa>~21{E){a&qAoAikiF
zeT0KE!xAVm^1^mw&U<U#&@`9LsnmCGOGsLv;g6>B$@qJT;m@z*Z<YmPredzYarF#n
z_#12swWhh!;~NOVPIS&v+^GV&Aqq$;EB|RT0r`y%<Sa{|5QAzPbGEH{eJ<=^5lBAO
zV2J1o5I%Mb<T_rOWPa7?8S}r8k>DN1OS8~LoF_$^oXzL#;C$#TUvmkQ#{6lcAD&C4
z;XtPv(M~eKI-?OSk*P+roUZ{%gWJ?5&%aakGKPV#vyq{TPV~T)M%72fFTr=Vn#lM`
z1ru`maefT&EEVMEOfqr)-=an2rgiJ_T51!QTj1dQv&o=pf>mxN^F`pO^?29R^9F|h
zcIPyCZk484{5w|<VDn*k4^v2^a{9c%WGCrMCA_XOizcf)JPCD9^UadUN=HI4pG1!}
zg<9B3?)WBHC3u0;PZ>dN2j%@HU=AO#TT?Oj`?V>*i%oe{@8bRSe2Y<6nZ)Q1kTq1J
znQMt#N|*okPt}-uyT|Jm54pv3xx>Wphn3mdcr~1RgA<JlTS|Cw3}mLu=*kc8V9LHm
z?~}YVJ)IA3Cs(Fu35f>yB@Ssmum$lf`C_b4Gsd6%P8VKao{!EIS$I%oX2jn6|J<Lw
zZ|eP7ruHWzsy}Q2JVlqT>xp#fvD0^HW@1#AmTro4X%6es^{PKHoDBpV8QaNu8gzA@
z%Xl#ZRY1R^yW)jr=*cefzgx&)D@;S43X+4E#)~u3qy6IbeSUIn>6$cyrynoeXEAzh
zI_NXfwVI_BdIv1>V+l;Tw)Jflc0z2qdYda)k6+B1QR0$DSW8^m-F*LE&y_A#afws%
z8bXP@7~-Y7(y4BjIMyoXs`VDXjXiBHaf)7p_e(uOc;vohe=Z__m~avQqeYWH=utv_
zwsigq6LT_{Ob+MDtL7NgHC(RU!j|uYuwu``Qeqt+REZ*Ab<xBk+lHe3QT%?eCP`SR
zodOG!BogRpyd~Bj#jL7-JiLK5sE5rG_scK6h@K)nS4Rb!lZ`^h#oW3&EU_igl7{CJ
z2A=#C;Ju5@Lk-NI`JrR{-{hZrHAO1t`#r6;3)4|E$f=%I3o|$$da{Pa{;L}_pSPZ0
zV~A!l)#ZiDjhyct`qBd*z+yd5B}W(xaWPQViY&}ph*^t(zNTY#7Gz~ZRzAGodBJHg
z%AsDmLd!ZP&(-~Qu~#U%t8x@N0?sMS;`|H4?552^c+BSfH>!_|;4z=`PY!GMaB>Q#
zbN*cQF$*4f&X3`jLTiD7<-&jBnVdnHfVT#s<}+Tb?)2P-vqdMBZ&P$qxjBL4y}>G}
z6w%|K1|ws?#OSdJd2gm@!)v3w7Y4K89Ys%%4Q5-CW089XyX6X)l%ehF`l`iB)8d(<
zn8f+EAi?GLF!%Wsq=Vmbd+9&;TRUI<m22D+SxEG`7ETDzh~!(`l69B8t={Ne;}T3(
zqk3O$rqxnZ?6p)dfuS>z=O%7*<urJU?A$wkyx+S3mb!b$fCK}~y8`!&uxW9}-f?zd
z?rlZt+PuInTsOdb7K?u?rR-TC<P6|^ACgaqL-O0b6nEKNE)T>wdo^(<l2P`^(ELZC
zC-nKT0OTNVrHh1LDfO!bxe4BXNDr8DyxrV8MV;I`1qt5g7Ua}=|HwkBZ@0K|zU9{4
zN*91`;pu9{BZ&yQpU6L_j`QD*$9_PH=`Ly3bn4tRy2`c^1ElX`qWJa!6m}frqPwK4
z<*Dz#LGI1yN~X|j<kpT*@A;qr!TCxP*~mSDpW$1VwA9Q8?oLAcdD)_VeXN(hPT<yl
zi#?TYnM3eRNMs!9diWT=vrxP6sl4Ys_T5(YT_U&kW%k`X`mRUiZ0E4=()911SHBb3
zccvu|z&8u&n{DbhKlG<>()DldR==6XzDZhgtxH<9h}8Ov&<IOfnj!OQnK7(P@{)6*
z%rcz+Lm)p(&QS9Q_A=tiqRYfUSObu-?A)d&P=={FY~nUG@;SRW|9*{tCs7kKtr^la
z_MA%e0mu2bL#DLc1kdDGjZDUQ5Td!Y7z{*OZibx4Dd!m~nF7yG)3d}%0-jrpSkeMH
z&r;6)R5BHwpQq>BSxLa`b}E?$IWJPqBq})qo?oTst651CxAqw-nGQLxQO@~P(hAQT
z>3I+<nZ&KVpGsyx&Rdj&A-kmIW8t}ip1<#=lF8iKNmMcma^9t!om6r>JlD|kW>&Hv
zxAuH0nGHGhl=B>woB+=|==o7r(#)+rhQjLde8~BLa=cX10nfYWc|I%IpIeJJp``-e
zp5y<Fa;8v8H<a8%H<6k+pBsHjj3a*$_nTdTHRdfWkOl@=@4w>>J;1u3!>a`E*b^4m
zb0#Hle)Oax*#WJS(xCqsh;1fb<z$Yu{rlmCy|j`TA2#Fv1WPnwq${%K5_+<^b#L~l
zSn|D!mj?c>#p((*5#I`ZS%HFhsF5UVv}0&e{?rwb-)8HVA<2(nHqUNz@~VGa&UcKi
zH5Qs}&3s^d2gVBx%(4I{837zDf#)2DF}^Rx4L#t7)s8M`1?jqQahlWCHZ3r=o6d(p
zM0Noqm!;%xv~ws5c#@4?#hr-D9<oGq3^Y05$nMVvR&F=AjqUR9!$yNUFs~nSoD7$6
zpaTSVSHNxMxph+!CgH>+Zmk1TIqz`~p&V1>KY%Dt=X{sq6eyg4W(4V5P`0STKPVTG
zngbntONIIPn=ch+<8QW9=)hkGMvr%q9}8)UMSix|XmC+v0dYIzq{r7tPG+Pj>GEPI
zh?g%`SPZD7Lw6V65(TfZsCv4kiM(*Io6l+I0~1GZ>*mshw~q6;wbx@R*8q?}Z@*#9
z;MPr~3pZ4y5ibNuc%f;cnIc+?6D>d~;zZzMp3lkWA)hnDvg9@#8|G78O4)^D0-|tW
z5;WEXjRo<d6}K*#8tdh_wYWLwb3NGDk3^v!{P01j!NzU~fym*ARKN5Es6LB2P5mXq
zLF^oi+LSDLb&nBUd1kpN@P)q(RWmCxY>m<SqLkgdn6isi_>;E<FqCfaOhyOZ>3F5K
z4c+eMlP4yrFiq_Uzz3_DEPspjGau~fL<U8iqqj(0*=)d#H=lD?`qBniDzky8<KsJ^
zuXY2;Bepi>RozZ5^1cnE{+`Hts3k`4X=_%-_Mj%IO_?3#kM5*+6(DlRyN^etLkvge
zmKLVj+qQ!oQc2s6Y}Y5vZV<NJ;!#&l4=3DfVp7NCfJufe18f)4++wy%=x4O!2Y`&D
za^lb7aOq1T3|w!6pG{S1(gau}W;^(xA6<Xqzli!E=<iV9iB2q<FYM=_V3Yb1lCqv}
zg8XdQQ!#<cY34Th+3vZu|1MkOdU{wOK4G9$2iO6u0B&xgY};GpZ}t`_Pa7io0~Z<u
z(26cjOm&GjjEGi0M5`!3{BQ{k7I#j_GZ!i~gT%E5WTFYy1kYAmO*OjBSYU@b<o90e
zVvC-UnoqUD?uW@Y7+RKH9iDEnLn2L_4wHd37kW&MR}grK1ew4FM3F<h2Lzt4xpmu-
zJJ5Rm?N+2?6l*9R8i10;OdW!bZ`dY8=)m=O7YQys)Wt~|ut*yvvlzgoSK>`#fYw}+
zQ}B|W(3v0x9;dt%F+i*A+HI6)LAg;3JWF}0Vu03Fl2areHp!h()r*ujLJZJKy7qUJ
z2m8m)Br)(B<ypl5uANIBka&b7Sq!{I@5hP(<myXqlK3om-%kv@OYg^v0bCcC6i9qF
zya%}J>HP#TfUDq=OC&xY-uD*+AJBV;7{E1e$xw+0vUH09T<1hTu5K!6)b2M4O<ez7
zj5hcRO_t`zp;IwG%G0`HC|YhU&)N&<!^`+EpZCavJJtF81?NjJ62o?jCExI#!Av~u
z0;wQ@cvYQQxgGt{;a2h-r|rOG>D?dF$lAT$D8KV^R~UxXdsx2ZN8GNAxAM7Juu;N0
z(}58`@lq~cxAb1jOIP!O8^RdoKpf8bz9)VJg{A3f?!etw0gFA$EiO!xpZbyXpJ}lN
zAL@A$d15Cfixx0r_#Bg!^Sz;0RcJw{=~UB%R;?K4zZ`>cUiV{kl*bg}M#`7HvHIdV
zvrc--y%Bp@5YyM<uG1yfs}3`X2~@Gm&xhn=Fx@FM>Pdhz{|b-2)TPGO=#MsdzBX8%
z+GycI`SvAv^woIILv@Wb1G>ON7Y0HXwqX~PY^Hv&$VFI-?l@WZr%dje&c~e~FC~e`
z(Z5!W$D^^ttvYp}4bqktsB7E?w&hA&d<Bk@J7E0^B?1~I;P)IKxLzG5&y_eleBkEu
zjOa9h7w4n_@5)j+il$Lg4z&C~>fSs)s`7dmpUF(ZBm{2MpixnR4K^ualU7<rKr%3a
zJ9vXp*1A;MAZoRm!VKU7B;Fa4+v~+t8>Ouawe>62qPPG72}}Ycfw}|)WN`^7a4*9W
z7PFIi&pFS%Gk3D6eZRloAFrQ}WbU&+=Q+>Wp7WfC*=r)_el+Qq|EW(pw2@cFHl80E
zvDmw%sKtK988YZso3i(svRAY0S54UortAr4DO)sUzhKIqayI7uPJF`P8;dEPQEx9(
znab1s`RK)Y2VXcN1<k&{<mCj9)F~)8G^m*mx8fUz7+hTa_d~5=Sir#UC71AWf4&fq
zf6Q6l`Q+JFZw6YafbEW+nkr3A@eb3E_7G2^{*j>OJAC`h__)nM!lhmg#{=U?$Lpnw
z8~M6Cl?Z!Y6QY3RyRhU&Uhy?<DZgX6MNRR+Sn`_CkbfyJPjBQ4>v{3Xovl`Jzh%c(
zbk}Sv&k646_Wn~u{wz6}h9>f6;Pc7ca*Rc!OblZ@;Q|y*6?dH@pS>`Yq9OS+_9t3W
zQ0PR`S3C}HzLF5NDT9_~aA!wYH>vnD$}D8C;QafrNS&Von<>hR^c%Sv35WFLAU3cP
zzc%5Pslou~YC{Lcd-G>dEKGbo$i-ee#@A5d^&e>{AklpaJce=BaZlmPlzdiQWe^<=
zfsRt-%A6h0P%3e%I)5sT3#*XQAW)z}_b-|LoJNlr;mbjpd{#BpH!8{`6g^F~>7I0*
z-;Nol>oF*#-(IFqNQcvCK?*{*P*Crt%cxLK&bq7ujlBA(UETT%i-kE0pXHVJ379Yd
zPxUu;Hy$ecZ=e+E=^M&)DmJ-}y@)n=(_bw38`E*us#)lSIQs646z|Ol69wbqF&L;*
zu4d6Ae*pxJi9YO&A$n&95ApKC#=Ve|ZHOH`>2p>qs4A7)(2MZpF2i<3hlt*(eJ?Si
zgSdp7aA~V>9bJ{iBBtAo)udISKyD+LCErzLr%_@C#k6(l?_%rk&0u6LAY(f*Y^n^Z
zOUE#@EBfvb<WdC491wekA^7u0&vtl!NftA4>|1R^Ef(*9CKvZkHW$Ey;!qO%y_ptT
z#Hxb+N1E+$iMe)b;M5Ykc&pbgU@W$;)UN?y0;i-}d8&6wf_S7un(7sggj#IaJ^V)R
z@8__-_&dAR2U6O2;yB{ipHbian!-uGM?-e__rbgFk(yk0Zxsu@dUal^^=0eT<?(if
z4+nNglkMhKPPRr`aZ@X|VEE!kA88GHlu-tm42n@Q`C|%pakG&%-5<?*GB)exXjbTr
z@`71gK16gy<2=F<zK<H;I27VQA1uH493|oTZ@dOG#K$=<qG6b>F3A{H0aVxj<OJ12
zd)vdI0}*>#@z~!q55@O-czICfISg1k9ynwCHRmWapBz6J)8s(|=+A%~n}@RCpU#Gb
zd4g<3=kZ!Tt4na!&bx}2Jr2QIhhZ%;1k~sBocYIivDV60AF~5>%yC$}3D`tvJMXNS
z|F_!s!{0*xp;9BB#MoW<?G*$$J_x^Zg86{iW1{|=@+dSgT_;G@IlIaK^|3S<bdi<k
z@@h%x601{qXS?rMzMSiTy1tKS9>Uq778VC1{;@#_pMLP`wr}xQLQH(;X}mo4myiww
zTE1oq75!3u{_n=24d=HbeN$dcv$WvjH$Xd^x1t{k7uW#Rfx*Xdfjaif&IQokD(%V%
zR%^EA8vA+vP2b$+nmC_FJYw~Yfu7bj4P{|g1m%7Zf$OeQ<yUoe03$~83I@pmsyEem
zq`|NY*Y>l7w!nPQbXpfTSDMrXO?p>{j_dh#xXtl35j*tfEf0MblP;dHW0v-t$bBzf
zdBR$2v&`KXcF-LBW7xSLP*7-JJON$Y*2S<`I-_3yVh6f_KVVR+Ztr6l!KTv4TK*(j
zRhE-|6vOn)YGMLr{Dw0_$pHJ*WhmmwBX)s=0qSR74)*Jjr$gWL++a2D+{KAOXneAA
zlaqJWa;3Edn_mIk51>znM|pUFBXlL{)k^XZH2d<-YOeGZMyjp6oNqz2oX^X7t-Smv
z-cE*Pfg9gM9L5H6R~_E|2-m^}=jD=IyM;wI1~q5_NN|5jCoT8ybW+EnQ@w+n&y%$W
zSe;sj&Pvh|3_nq)#;tuPjH8Dces&sX_$iE%d#Vsk#nw+e&bs;i^X1<=w5xP~4LhjG
z*~W`ZX)%$FFj{cYb-eOGI@>*GQq(8^*1_&GZ1awXO^#h=;?){)YaCzwwVg5CF=^_P
z@4pj9yMjZ%kb!Co8dl;bz?ih<%>2Hb$iwC|g@VfFG{#xB;E}i5GT(IG89Bd0e2qV?
z<14Q`%JB8jD>}aJBo+huS}=u<3v~~H5POdpHk0*Iq#<Juo@IM#{L9fjwcOIjo?0E*
zQ?kCNe7}#`Pu`?hOizm45H{E+(C3s>-M3i=8@Bge(-zbCusQD3%_#53?w69teu>=|
zg^_f8c?z}??jvmi+bubV)aDf(VeJIP8^_&&FF0Wgs+?0(1$iMT`4gK2={#PLAUjX-
z6KNLTWfc1oeKZo)^(!#a+r%aeO2s?3&pYTT=_;DM#^O!%C`+2u6_B0hKjphDa*Ans
z?_&5cDP<_g5guhz211sV(B`b@2(xpuQrry)ihJgO&N_@F1v!ZyJ>Zg)Lva`=Y00T^
z2-o&7KA*RhA3eTl{!e*%<d7y@$~r+#5S+nz9FLE|WZ|dB*}C8?K4rvLAGh<PlW&<{
znZrC2&1YADj&D=v@-=&b7KAQ^`3rKPgU{Lyin8}6LHZi?HRtyE8X)ddp`j$H@z#(a
zJ(NalNCIut9MV45vZV=~*cLpe<5mr#qW5}UnU}KRNs=Z&rjNUY#GUba;5FEvEr3a(
zzilYMjj((3JovLEnUE^JKlEx<=kAV+$loImWDK>C^%&)y7QW>xerO#(IzB0wZt)F~
z2i*yO)$MQ4OMO@9I;1$@IjCg4Yb$$FWvi|v-!(_Jbn^#v&CCfJ6qI`vWCE1uN;)Rp
z_lQr5FFXb-l3LRCi1)sSeaR*54?c3Ahx7j>4okRv-Um3pVzn?DddjuMMv}^nP$yx@
zP<m}IX9xGH6rTer(ltNDe+P`fe+LbRf8~*vz`rd>S%F;Ru>zE~Hb^z%kp!_l0rodq
z%*K9obf^Wi6|@s=9zab>P28(^lym~S+q!fEiFjWJ@v3zEX()~PtKxL}0K}*a<jgW+
zMedBJSF*q5xpDN@f!{gJ7(^KbR~K3IiAcFNp0=>pKtOqa7{qjCmR(S0J3_f^T`F-f
zQXBWG7>;vE_8jjuvU{Y(WwZZWJRIju5QF2y#vnd#2AMZ`uS7RNkV@?Mhz$3S_Ibe^
z&=o>k=a$R<3|tJGJHzh1x@15OOaR?3#o$t?4>KAJ3Aj#fX++{t4EjGZf&Pr$`VH#G
z+i<x|G`zf|t<aV4<^uQQ+w1N3J>q?k3*3e7aipod>XNog@#RppTD7~XPdQvttu&wv
zzFp!`&Ltk>ijT%g*UbM0SIGzedi#k3R>EILCCW-J0uA@-Sp49YaeBMOxXO27oojxD
z{|=Z*^{2zXIyuf|3!Q?^-44mQ@}ME`r@1EGn^ZDj4E#jv&9Fu&GZz10QcuY-yu*hj
zu7VOsCY$3geobNVzs6_g2iUM86x8-a>^kzub5O!G+d*%^H%t>}E7iEFPur_cB;#zQ
z7V#4YPPya=hN5<f7dh#g$G*n#FT{W2AH;vh{saEy{4cQ*2`=({-~y=_I?B4wrOY@c
zwoh0%Dx9&m7<RGLQu2udw6c;<(4ZoXor`^oUE{ouaiy!MiLNo;rK}OHp%dnCn80#K
z{CKo9auk#fHHaT4OCv|%&+R~;T552HoWBXz^9X8ua(oJ8`lb|rm?Fi;!%uAw<W;Mw
zI38-*&8<^i;&x8M=U~M~j-}!;W9i-4=df3f47G%T_2~nd1c}8TW=rwwAzfRBx}q}i
z13c<1MYo;M$7X*7Btm0noFbDHv){UA3i34%LrPAwAdelM4(KTldh&yG*sHD?Zh624
z%-ZdiM;5>j5VJjy<(duxSSApB*EB&M)&f7K^YVyK4kM+LuUUV1XykoCQMK`6>$M9n
z4`*y&`OHg}NF2U<>0Trd{S+J%5WhWQJ10nE-xxyM<ZEbCkVb3^;h$j@Cy{fEc;qnt
zxn|~JOuVM@B$gbsYhyb68E`3%PKtkXBa+oXb6xyJ$fnh<2nKd=6*Y+s+`6C?|0)!S
z?zpI5{JjqC(I`I`K=#z`jefi3nGP4xs*PmabL;+4Zs5n-FT<wzXOG6j`~3Mrhq%+B
z4KgHO`nKy&@Zk4t@Exap8+}Lieus9v%QOyX@3ZJPmA7i!qve-6wDr;as4UIpfN+;C
z1^L7pUK~61+M&q120eTNaBrYG{b>+2Rsek(1L<2%{^=!)`fOEOcq2Z<7jYRcz8PT$
zm8ZZWz=pc}1a2h(IPhjHmzT3656K{V3kKBLlsBTUlw41Idh8%vK3OiHr=LaMhK?T#
zM`4h3+oW`g$tJEu=MU+<HSouKC$FS_OJJ-%mcVE2%h??otlvv&1FG>hzKJ2$i~?Rh
zig%v#4woHbTb%D}ijHWcOSfWRKoHb5JCvC#$?rnTzP-HkK`tIP4Ij<p>j+a*Jl0l^
zwT+iX3la@XkZ71>Wu2O$yE@2myfQzRw#u^zUA$NLsOy99Mfi79xGVgqr^?bEUP@M>
zs+DKiFW1H#{C5KYttd1^KX;LKpnXcJ=cUwI(<RJtusMb<I05P@W{Yjyg1t(zWmlWn
z*2yiqKOT>08nU`o^8F{qzlig%BxPyBY#Qej@)qslZ5S*u#Z_5E!pnr&jn}?yshkZT
z8**uM*)-C0TDw8tu7f@O0ZP0Z3n*n|2vT@?{w%tX`87It%GZ08H?fs`=^yyVBXtP2
zUpoZp9`w?h1%)4=!mrZHB{$|Pe`TfKV1L>L+YCoOh|Pj@*8@<vhzif4maolM{={1T
zi>YP!QsGOGrWQf@MO6NJDu214NR5<5)p)6mw@q<)Bo8!x>mpv3TM0BfIDd!~u|!^Z
zmzDn`D-RfeVIDDl?0ZyJehyE5=uB%3q3+LkrHqwb!~OuuV#HWHah9p9EUt)SlJJjs
z+adrq=uYKq_+{)*rAjrQqjK_d*{la|Cf>PS6(@=NZD<sN0znwUDm(o|Ubf1?1wwQ(
zDi&E;7uPk%r>MYqc{$f1iF+VZssSYjh6-v67kG`{;`x9sDR}$ybz-H3{fDM6{<SzV
zlF{=!Q!|U@RQP4D6F;;ub6;JqgKc5JFL8~9btv%iR9L3pIe6Ox4%Fe#9YyPI9cYs3
zq%vKH%SPx@XaW-J9~z~e+};_M2hBY`)Pm-Bn5-QoYKq{m7T`GQ;_o@m=rR!U%i-r1
z+p{lOK0tz^avR#nHMr$*9B_OZ=3e$J-an7efZytw$~NqG%MeWC+*^xBS-3w3iK=e`
zsY?As&mV5euVDEPgRrW;t>=%X{Ji}@;znZ&QvB_hUCy$hx66+qrNc8!Y=Yv8sz1Bb
z2E2RD`|0@J#pn-$<;cqjzOy#Bh1m?3yark{zBg9Vfi!jA;hg3z`OukKu{cbwO?iX~
z@tcpbBcT*%-UrJS|1Xjop_dyjgu`1N!YXmbXtsJit||(xixIYSc2E>h>@9a2lo;Cu
zISYS`u`77zr`~HlVkc<7NJQO|#(&z#CvHba%mit~UyhPKJ)Zgwdz01lZ*WE9AEfm7
zJHKIL8qdoEuBS3PyuT<Jb^B589M1nB9XbX_0YSb}KToQ~?~+CJtiUuXfIbX6fgVQ;
z6I*$4v<1nt&&Esrc^jW8IIHI+!4^W2>yhf4bL~Lbe~b^TJ9ltTU5mH(B{RS9NINt~
zdxXD<V-LTZZn0h&Y-tc16Z!ZR<%Ayhp{)8VWP|vkt@p9wwi~$sMjQYj&?|r9DF*^W
zxzh>&0T|i1z`OX`SEFv17Ni4=0QX;zAxMYW?<5eQa6m2ldBt8kSxU{+T<xs9p2lO^
zh<20zL(AvmmE@yj@*v=AOJdJ6^(`%lB>3{idp@x9DIpPkq@>!2{ZgK2m*Pt=A8I-|
zW_s&Ah$CNq&=%JIO%bz$+Cv@mmzNr}5s{y~v{O6TZu$a7q`lQGAz#|1{jO(PzI0H#
z9+F+eHY$-ZY((C{SjUERVjwuvyqrT?Lt8j3)s`H)yak`HyB`LyrTAI06aDK$5PF|O
zlBE@3GTD$W{E6~TePq~>-un$ZKbTQzdHxCG*=qI*hj<b>u(#iqmEzl$a03XK$3Os-
zN2n+b1`heMwC63xd6yua*qlqm<+v-n2g6m@`j+4mfp}0pkEdtQuHfZo$c}*Lry$qi
zNyaEfECqBaCSTDPR+6hD2EAYZ!WxoM@U%%D^!SmXl%CFKoj@}=y4`ro)UQvo7l%e^
zkA+R~$3eNSY<T?%OUwksZMkl#DQbNw?`{u`nLH1hv*Iw@oOi$g-f0{PgK?v`>2b(9
zfmx=<=IAkH8n`^DwsENLFO}7R&j>NdxHB>dHe6sYt}DX38+?~Fq7pE&l&T*^7!T7>
z{=xS;4fvkX;ak@Wd=0?%0m=x#4VYekScj>Qb&dcEm6(}nH@y=D@D)$>0pD;B__~2t
zi`)2K{exXI8Gh-Hyj(E+`Z9^slJks^kp@jQ>Ps~i!3{hhg;DN@ztS})Ji8-1WhIG~
z&JOOWMsieJK~k>xDSR{+4}#yhzG>Y0a-6qE+Aj<T9-O?F$+$;A#@)$_Cq{*mqvy*f
z&?TiF<V_+IyLej}f=_f>eP0Vebcg>Tg&+Ng%=!E9g#iy5%h3%0MRotLXov+xyjZz{
z!qLfh0`v<Wphp+va=LDY72NR6`6r<NkG$$+97Zxf#rc!SDRB*+aORxKX*To;Ir%M=
zqnJ~FCEmr9cJj)Y7tk%u%|24^@F=ODy1Dg}6XxaxcKG`7;^PjBcN*xi<Lxd~V2fK5
zym^9r2Z(eHg3Tg0x6b<o7WF0y^5m3!sFMh3-emf+*2C}lm!rE}f-ri9V?lrS=$m<N
z(m7pUw2Rf&=1HAauZYG^m-7@?I)nT%?#9<x4taso*zhAw|M)oxj%SdVUQUr_cpLd+
z(PM5P0oqdVcbW-}jJ4mE+2f^akiXLC0;Ua3;)g;z0Kl_JY}`c<y2BygVP_y2^Jz}A
z$JsION;)>t;pq{#ra>Yn=7;IM*{ODES5UKynzgviy6~`ggez`O@E(}!5}!!0c;s6h
z-s$+{xh(~l`@EWbc|r=FQ6(a)PsT67S_8l5uOeviqo+6)yp%V3w1=B?KJ;gg@$@AA
zpnIJ(eeF^TxB`nxPkb7!&wtab@8&dXZ_;rw;0s;hY%WHr5!mKm=`z@$sc)iwa4906
zRvLYOfm>fnJAC*r0SMa}nl~mO`4QDoq4;wA11e9w_j)w8+K4oWH(PzjdFd=ad@|tn
z<jna8*(>S@@0{2hmmq=t<cpywfhDl}*i+TVuZ^=vTh&hi$j+_o@y8@-(55#)%LmG;
zKEbl*z@MDm&aGTUP3W-M{{%E8c}#}(&xSY)!>_T~pW}hz<wnjQAtxq2PK^DP$VXju
z7rF4A1cZtozYWEynJMx@haeAl`g5eD@ryqns{2WeQ~$CL!(~lKBVV2F@e-!;%1j{a
z9eH?Qa55V`wCX0Y_t-(x7wB*Xmvs~HR`@%Z<ab!zz$b-?yu6$)5+D=68YZTYPQv97
zg?dICc(&fNslPll+2a&qx-_>&hr`NpR3y|-pN_Nzvxv}RZS>hVOL@$FU*03NZpdD+
z+=8wRDd^h39A>fQY#LX;D!lFJyP6lDgcJ~nfqLt9nKf4Sw;01>dXFJKW&;;URzF?Z
z5tiWxD{Jm=)`mvka-wwE=)OA&fkqw`>3Y<(BT<Mbo2ch3o;=EZL-AaVgbf?|NXXMN
zc+&dBZL{?86pzWU_~_6Gl8F98MRg(!CUk<~&&fp_(y@PZfT2N9|2UAy{0k!UFR<tw
zIaiHiLs@`BDX{n+!3KD&TM!-lh9a67O<>ke)MAX8U>gPM<`1ZiJN4<@LARVhUtkkT
zVYi%Y1r9II*Tv=f-?oIt8RzH-U*9D(u|;Nh!u$%<xl3SvU(-A5Fn@0nn{~kw<~ziz
zmw#lX3G=LWdAIc_`oZgQapV6d>#=UJX+2E+_uloW7)Yv*u`!I)$1sA%5DP?}fY?t5
zqTV-yBf{r28$~vZf(_N=zlMHX`^hEXNm%rkuEf50Wm5*a!?N>#G^z!;&A(J;G!(Zd
zF1(xDJk!c6w^_y0*~;S$xy9kch3S#~rrflS2Y#q{=QVJfFVXWCXw{7lI<in6vnDnb
zx8LYXafz)q-@ov2Npcg~ir?NQ3TdV%y0faQ58Lkgw9y=&3*ErC>_=VW$nV$_ql<pI
zkqLmuKvN%4cq)u{p0=xEA-;opYRQ$A<7nA0jzjU3o3g#uZntQeKp!b4m-cu}IDm53
zw90Hh+Di5SeCgdksl%Hj$G@LQRK9>)KlTgwSr`9FqOKw1^J>yHH+)70;SryadHCba
zpuQgl4Mgpv0MlrZ00sHB_t@QbtvRnvKVPVeUzW(s521~S9|g0>HRisT+jKpwE|`t9
zyb!PI0yg<uaap7EP3EL?Il)g)jGk$qe<OwVcp<Rcn<3xka7j&iXph_U&>mMnPSTGS
zVoZ;BWqUuoqet}#5Y)sxM<ni&(bVZao7xj?DmosQw2O?eIlHxznQh_n15ajjaqHa~
zU2{v0kK^VJ3pORz%>~r&I`D8t7wk-48p2EJ9RBC_Vf5^1b?_2=4M~vhPZ6X?(*$W@
zx*#phL{jB|QmJ~W8Yne08=VizyVo71IV@3s_ncs$nNI%)0b}7Qx<l5BZD{*ohMEbv
zIl;SP-@lX^OfHVINb092$8u4P;QSBSNQQ{x#V$LK&wp(rHGo?-hb&}+Gw^|8+;F*3
zf{NskesFJ}=cWA~=?lJEwR>8=z;;uZMug|oS<D$2j~Qq4)-GPU8&nUVQ9S;W#<P1I
z_#!v#`7|H_*jrW;-*O&NY?lhnZ$&>;>sET85(AnJ>Ze=8zQiG=vBY_3lEo$jY)r7-
zlrcpald0>gM_2?JEcsZnb~c{L75UaPkcCc&tmQ?g^POFs=)<7<_*j#()}u^J;hwAU
zIP19Qf{q#xK*>5jCWGUa)zVLl&CmJYh^I>)yU)A0N9_q{qrqRv{ovoF$qD$cy&pMY
zj0XK{-T~&WBDI1@e~Vyk<(<%=e-7C@g^WyY-OspnAi%X*bIWedEz9Qo9&&=8XXVx{
zvO;=XZrS6IS7hb<KV>;_kOPa?W`i8aEsEp(gIJCYa%_-ehaAW)vT^<n3+31$#|}C1
zkOR3zcFup8<-|iyJme%m4&)ZabN)J(gU_|W^xFDC4&)XkaQ@XSryu0N6x$q-1Gz>0
zIRA4j#{oIOP1+J62Xc!X-o=ob2&su^{()4;DN6L-52;CznuG=-NQIoDB=7Bz+8<Iu
zUTI5)RLCjn?;Q=P$&d<?N!tKOg`A>f?=VOm0I35Ybs(fdPSF4_$E}+@kXu&-Df0%F
z@dE|tdCotEyp6u{aPBV=RR9xk>6h)Mhn-vb;V1$+aR)qAYBTUkLc9XZ#PoUTx|8Ru
zCXlvM5UBxyXE_);OQ;x;Q~_nPxzfQGnNuiFJ0Ua-m;vrVvtJSJFYfJgv_ZUx98IWR
z<sveV@>stVoJ|5Zu_<3_@c`D_24~>lr7yUrt|GOcdLNu&oM&NdT|{j}>U@s>)?@u5
z-+5;Kakhg|hx5Q}{a@nU6Too1q9wHgo+F9^*6X;Qm1JS}3+U3;)%aC?+Ky<BdPMbM
zy9wJ($R5FU=e~tskiQi2_I$-Y5RU|`^{9?JKjHj%^97VMKo7h(Vs({emx0DSnWgf8
z>qY4573TsxFN05iww?pHUKEEnS|BH`3_ksr>p6hyMK-+80y(xa_@p?rm;<<8WXIbq
zkYg`{PyZ1;2XMV89`Cb2PJ9`B`s?)^!1ba8ywL(V31#p}_p31naJ{G>-f4lHer51U
zeu0<+lPSWRIEj$sDB~U8C724hUX+MeY#}wVj8F7FfT@7%MS$z={UJ4}j8F33fvJG&
zMS$z=$&lK=jPLKo>sCDAdJ*7y`v6EyF5{EE*JCQ+dJ*7y`#?w?P{t4Nra)=|;5rW}
z{J^q;f#k`iJZVGosz=&xoSy>zpfj|CE1gGn%`b)FH)VwS8~h^QdYb5BbA&EZ$W`U0
zgnVUiKi>JJ*CRL&3DQ>!UHMYm+;YMBv71|Wg&@^)rAdU3ZJ|W6+gAhQ;nt;;T{2lo
z%>;y4aFQ3#SUsSLyUS7pXV|wbU;0XWSU>0G0t-9CVWi5iC1bat_*f@<8$J!KSI%je
zRDlH3*+3hSTfUmeC!n@~R|rK&OQ9XhOKDmWRK_;7a~Mm#9GVuSbG)3Kp_RAO{Sox{
zJLgfx^n<Lq<=na?LP~T;L2G*}P>ygJANCzX+7Z~+fkdK1+lp~`kryD<P7{<Tps#ut
z_d>1UY|}Rrx>B;uR15n(&)>}X(RbTm8%U#xZNNUV8T$zSS(<FaZDftIj4vYZZ>I5#
zVSvmsn)BaI<|uDQrnc9@*awI&6VTHV#?oUDMfM2yy3aI>SL6QsVWh+i;}LwA9(kAc
zTeNV20Fb6pkYKbDvIU3LhBfB`pWp@Igf3=FN<%kGeXZzf|15{LwVe^mG@?DyL2lj6
zfL(ZX6p#j(+bGU|7xA{ot&pAzqw9)umyO2<?SM+;vaC4FLUG0hSx{*akcnX|%Z6Dt
zlyo2qSmGj}6G<$~j#)q_y5b=Vc;X^EvuQzAJZ1r*=t_VrV2X=?QtV+_377?xqN^Wd
z0asiEq+$ch>W5iCD!Lqy1#EFqKNkNCvK*KNh}xA1S-=+;0r3-ARw8Br!RShYEMSg{
z61@*YauOy3#pvn}$-o^KC3&Yqa(_$)lF^k6$-o{L_4nQa$;p@uG^1+(Bm;k3l<fU6
zBoDx3AR1i*AsHCtBA^<;Hi2j?LY4{t7Y#&ti6k;z;FA8?%$66nY+G-5g`oimxo?S!
zV%2Z|*H|^8*}$sn;usT7!A(mz(OpD3`7NGH^(G?iW;wlxNR=$77ZK@YmeY%f<Yzg(
zh)BO<IlYKT1uUl*5$P8!r-z8d`3JL{9%2&bk7GGKL?zCzUZ9*F;u7conC0{knK=LZ
zET@Oq#QFb9IWeM>whS*BW88b9#0spdw4Ye`&kSlQID=3<Ts9e~rS{&%XmOxRV|o@R
z;%XGnybx17nHA3l0uU`;4=5W(dh9!@4Y<H4Mc-HvI^P#o>^k2UR;)kY7goG<zAvm0
z&-aBD51#J}D{edA7gmfs-xpR~eZDWOu%7P=D~_M*3oAZ4*B4g2cdjq2_{+JTSP?kK
z)*%<fkIP|w>1_+VUgF&9Dw`56E5OD2LrcVdJ#{*-T*bE>;^hQE#@81<YvPrg_VF!;
zxs6|2=7GclwBP+DsEj{>G<2iqBs^FV6d(fjF9jtjB;XYSPWod^Dik(V4S6E=v6jR6
z)*8KB{w4nrq-kHZ3UcaKSV!E;@(&tSJ(sA01bOnbudo@9xC`$q#4XyunxXnLTd^Jt
z9_sN}{t8~)4c{{z9_UD#>5%sGmo(g?+kXQ)T$SmCFIy@bfBUjU;M_qF1-*}p?J3@o
zcrkjHcZzX;v=yT_fF{s#7C@P*$G|AN+;<f80n>ZWz*Vcy*s-M8$ngO@<FH%G5`4$-
zN=dGsZ)5rWV)EBh{)Ue}WdB9_WxXEet54W?#r`aB4f0uad|)@$9K}nYLFEHD24>GT
zO~(VO0A9`9q0fu+<8?8Z8|PQ(2h5L*f!<%4$KU5X6*L<-Yv*6XD-*4}a(Bj1LHdMj
z2nW>*uXcj4TJ5nO;Kgm}Aa3gLrS?hQ>^bjL3p9Hy^g4TI!d$L5_|d(ua%Q}Y0IB>3
z!bcmY%duo=k-pVWJprq3&E)0zpfPS~wBP~dN1m*2^8%;5GX?qe{g6^w|Lw~be#FXC
zfF06dzC^=cK<XCUlV5mBkWRS5An#)MKqVKWtXy1p3&!-q$278zOjd6Cv1)q?FP7Yz
zDP$eyCFsm~YxaU)@QMqa@iTMFvU0g~+fBX=WE%^eW^p^i|G+maaCGn$T8_nl??a7m
zS!r$aXYJkI-(l}->u=z6MQ#e0oLm)8#yvf{nH0zb30W=;TG$0k4Bt~nU)X=1e7&oA
zn}Z81A&0<2phRIP+vaU?T;NSqOyz!?hY_-T#Y=&e=xl*km88Hb_7kL&z#90eKC-qm
z>}uJ@E(r$GQ7D%Jxg8jd;)V_k*^4$`BoviR`<`Iu%J-6&R#lJ$`E#2sC!esW_fI;7
zV`7!)f@aA#?AoM9eqO&enM&6th0%97yrbyaq+4nf$9jW!mX+MZz4J3JFmjs30?H5m
z{K+(&#WJj`Hz7y`4spEQnlHb#pG;_hQP3H!e#vV5$xuLLxWGFpn_KoAof^N!riOMb
zPuAxkqq)M<M|qsv>H^svVfv5rA7rhj>GRIZ`G%LP@Jn^f?ZErmss;YKS`uhx1N33x
zbxiM_GR+(pY6;q4snu@Jpcwu^t<cq&F5TK3Iw*i%&mufudb_3j(<!*$B3Cp$TM$(J
zo5D$4;QFZmDF^-<JQe%Xd-p#@S1)OCa+=lbiKoK4&#=W)0(x9{Dfi6Nr0dZlyQSA~
zpyWapM+bys{kR@n;5rUv(XmU|S1S9;t){O8_^J)`Lok`ZRTucC-S}nE(;&O4oq-p_
zm+1L;4-J4TD8H|-3sgob1&wT}0>_5h$;R0$mqSitq|BzsuN9GB??-;Eiu~HI|0)Z#
z!Y@%xuM4cvlg8Xx7ifqStk;KE7x=TDRvSow-qROe&22U+^DDS@#lhbJQpu^?gAcxJ
z2_K1xhlyL(C4QKmCtW|M4zDD!*F7|RVLBQ;;_^s3-YrnKz0w|L4@pN#+zKVM$0;d*
zD~MZ5kk-~?%&0dzsbnS{hy$T|4X4OX04#DbU1%4B92$|kzqq}Nmv;W}_ljKT9P=82
z1%uS+>nOHobK;wmEEcK3W1EyB);L_!6>>Ig4=SisU_tfV@4D!b8K58tIL?o^wcYY+
zgtjYdyI4i*=$i=Cdx^_a_|fKc+SM(1z%MCSN`3nucuYsXK@0cYiSSxFoOYAjx*Gqu
zoZGq5oJm9+hz#INPp}<d!FK$KiHP78t)vRC#Sx<Qx?mKL1U9bGRDd9;+2}ml1lQvK
zf8fd&(yo9Gieh04&{~8k4+VMN7D&Mv_}}jb>4mufV8wxzplA6eD}cMm1a9#`25vM>
z5vb)r8DzV&RIzFrLRzA4pC=GplE)X;$AbF-1b6PM1nviPaL+J-TUM~LRl(nQ^K?wV
z?*e%!fjwR(uPusz+XE}*PbS@yfU03s9kGhGCKt%YH`jIC5KmbR<d}@ek=Fw`aNX2r
z|4yTAWuxT+yp?UJUJ&FiycZ~6L3q2!8jH7}6nW%{nV!)TA#+&*qemWT2Jrf9M!3fk
zq4eW*bbVY3Z}r}RL(9)E+-?j_kU&}`l#&#jm3nri6<7_Wc$~lrUdJ8ZWdbRda$7YT
zVx@zk=Wu}ojtD&_o-Gl~1!cCCqUpYd8EWn7&alDw7=xBsF#vkEwU`I(30aMTbd0sc
z<1ky0-@&Gc*5svqLe?>4a?U1iW|R*WR}p3B{9!UnRUt;I{qF4uYp3yPOax8V$9!Qk
zRO6mG4_INXFTNRY4eNVrM8a|_x_Az1*QE{x-N0r#G>q1`0qaZk3?Pz1_`Cu!rSy;;
zhy`0h9e=$O8Ab#Cj=>l5B49tEmcC-OV6DJPj7><*45wMK8qRvI6g|(aj1M#XLk2$X
z*Bu5JdrAs}$*rF4Mp;QA=(d2s8Wfa_YLD#ANW<V&>3r5X5+3lkXE><x1j7a{fJ?oR
z@Uens!9bypp^ySXK7*ksbW%Xo0xQYTN1bxZin}6RW51x+RdeemCQCKJ6E<m=R3jd?
z22a=}r2uix_>O0rIr5z#Dbvi~{UikqwcNU$QjMgzF{`@a1Y}7{E|uff%@{zRv*;80
zYS8GLr?NpUj=m7c@)YPDAuJD+lwvB*7tXkW^2bmoQ!v;~netmI?2wc>@S{vAgnzw5
zBIN9dT~56uu$wDO#Y=26>{11`$rnz{#0X8-n#rEsiszG`;T}$q0@x*6Vwt)JGLT<A
zwjTW%m%onWC73Q0HiD>wG?^<sYGv>DU5lh$Y;5{pkZ*j(kM)TSISB}y;>C;pg{v{y
zBW_RkShthZ7(Z^k?u3c)#RQNf5CD_KF+tc@|G^}A1}Hv<CoA^7*Ak2Q-;Hfr2FHs>
zn)31LhFku1w!i?G6V3^`lw=#)fAFCQ>keK@ZkOsj&h~}qnERJ?=$p_oKAaj9Tf4j?
z5z-jK(uBkedjWHoRdx0dRq7zCoLd*bHQspN{^b^smB!r3m449-u-Qz>J*1~Xl%7!Z
z13+oJ0pIHqnEX|&OJdq!NNhPM)`QH3c#N6?phy{P1Huw*FCH@%t}fGIu9bGt-sYvX
z*+_(+{9BlUb<!6XxOg!p_r@6=7?4Y*?wo{4deOy~nHDnNdQ=<P71K{Bq+aqoh-?R$
zjzs*^@;s`4^jo_K)RD2A`PavaN!o<g9-vcOV~JyEKWYHwJKDprSX{u{1}$Q<OuS98
zL^vmO!TB-j4)M0pIkCJAgqEm~oR_oPELD?uERw`#;mUrKhNAo%S0H{>tzta+#VfEI
zlE?vbufh-P9n{QSSK&s=3%hFb!r9Oi4n-G~a{$)F*n}(%4=5#N1(CFBy5Pfeo@$+k
zLN)ALB1xPJ%z*(gNzX<#hASjX>VxrKtq;U|DH}wJ;_Bl5T;t!(<<-kHD|cc;f0`@4
zv$zZR77d5<w_Sz)!n-;DtCyq5VsQFXS4TO0tz|?>mCo>%GEOHFqFW>V&olaeQ19P2
zJK9$EPt9#*o7;Mi7S<^E<&AhIv6e)ZsFcCVcTssU(s!IqLC6GlEV)%E+_gE|;C8zO
zse%a^BqBe(0)>nUCS=rbf$^<Om5c}(4JNs5;q<;`Hs@8y?$+*S0-Go6TVSlZ*cLd|
zVu%UUbXGk`EsReu=UaLp^A<=_FFZ?oAu3>K3tMRGF)2jd20KsB7>G@<q7;)Ps_;eh
zwJ~=td{S4y7(&wp<6c#<?`?@Iodr^!-kOfJOsVX<(P*c|RjnkM-Vv+GX*-*-vF=(h
zP__R;5tbTzqw?E)AxKO~WQh(6W`^ts$yi;WAgVWzoFKl2f11=e)6ti&in`(a1L%sQ
z*`Py8zLPE|uBM7o9eUL6u0(|uv`iv}(o0NIszP}L=HiiRdFem-(q~b9H{W`OSCj&h
zj*g-6LfmRq7nXoLCf^1Oa2pT+>dpz>ImnIhrbB%7F`LKP?2%fyQuIQ<RZ0B?U((K)
z^l=JJ^Ek(DcjoN&Ag?~&#4D4o^|YLi)w(=cy98j3m!Vzczv0{-^bCoC7XXJot*wC7
z0+-jKi@LmYPQc58#6Z>KzkkONh;^aFH^fuY#Rk60ZUW{f+Se?;7(Q*ge=7Q&Qu$Cr
z<eqdz0hN4dC4rdg2{MDb%-}8)-1D7#^0^6nJSFYZr%#XPO4opRbDNTJho|}*n=abq
zOGmlV-`I&L_bJ>A(&MiE7jOa~IT(=ePm>@uOjc4WaQH5HftS|8MkRnI;fSk`T~pmP
z1mt5hD3<9$_U?z@36raK70%QE5zHTJaQ@GTu&rIh@C~KPe5n>t?t%75v-#2)0134x
zuf|3~Bck!L3MXZ|<e4|Qq*TBDJ6B2-@yNs@*75ny)84xw{RWgI9j-dNU$2xIn;<V7
zg*OuF@nqclrl)XbHk5G)67+b@?QdaVmLqYzl6;w9J>m+dZVkN>i9f^U0V~H81)2e@
z+yk^@PJs*tDj<Sr1EMqMA9#V;wQnu7|66R0U;0xFlb|dkOQ4l|<~0l1ccqt@X>e{i
z7eN2fEyW-xsl`frcr5yYdVj?&#|OB^;-wz1FxCP~@BRJQet7a8z&Is<&Z}tQf*j$3
zQUEJbfk}rlU57@Y{SV)C7K17I&b?d!ZGxH?-<B_zE6_ZQVoRRX0IQ2;VGt%HN(Ont
zBUwV^7aA$|K+kfr#RbJ)WcN?lNI<aBM-bY8>0)cYr4!_ee|BKl5WK@Xf0n786p3=q
zaVeH_F76VGmQNREdNlQXIhnmDQSP8M{~k&=q64o2AP$^{iBcScUh4f1P;U%|q+51)
zna4o61%S0pq_zM#Rgf%?S?YE8L3Kv~Lnqp}=-L`u-QAG1G9q1_(w21g!cerGZ4nL$
zB-CJ%f5nX{eFlOkQ~8*RBUO-oU02S8R{GK@hah!vfv?;3S_-RG!E(qDr2ghsBr_GP
zp@2@*q4r89)nXZsv`@>@HCdge-BpegR*<L#f^?5X-=UnlzKoLf0ch7##p43&RlSY|
zDX<Q?KuIJQH>$d4vL2y`c%k<<Iw^tTB(=Xo*!g4)YCw08noIP8t_n{sw66lpy_Rn|
z+ug{v51(Rl?(tsLos5MvR3P%sgu}hkvL}&URunNvFCxl9B0sOJCA<a(<B>+)TA2E8
z(1RX)W2hxOtpTRS%E+vSO!c*`oj*icc{C!eRDP#mp$o&X0Ejk~DCGg%_4dms@w+6M
zM?iGaeyf@L(e7*sn>hcOxQIFFJBI6v40px<R=C;`7ZI+Q75%%UDx){;wdN>PVZD`H
zt1hQ->n2-^+kOJVgB@k(UCc&LR_GJiVte9(rLbFL25=`+H+wbK-~R(A@r}(iiB)|~
zVlK6&RFO&U?N#rDnM#8y8~Klvkak7ph-HK0(IVSGY9^*~%ab65mG}}x|I&3ANWrYv
z6--abMJ88#p!4+&Odi5r0UW*;>oaT&&VSC<lgEdS_M9^ODb{B$s@e1`#*Nm9mGr6C
zi77@EQW?0CM8kjVik6oedXt<>sv075IdL9mkKc7P`wV6nY3M#TxAni7+ZIc2bCVi?
z@1V{L3NO86_QPrWPyIpfa1c#(-87F%=moXfPBR8;whOT=;B|T&q>60s@BPm^VLHe=
zcaELAtz{&wm;~(%F7O&&-5-3R59)-H7I0~gb-TV!-BG&qeBUVj09jB#%6#^Z?8Nck
zWB@s%-jQcSQsn$MoIqdDqoG&6pA<Y1!TUA()T1Y9JvzVd2kobYxsf*a_qCViFoMvt
zPwkKA%oVjK&_PBSAE(m?_`~pcd>q5$1w6yyc|VKAUo<r%d_46MnHIEPcbYf1_9JN5
zj7p&ojn&=zPknV$&(fn~uS8eY_nbD7#=~g9n^1Br?f|w`xY8p{vHJl16?@wU?6s*M
zwhz2xdosTthF03H_WuF{@gBv4Fyk0Zya*%F{&10DSb7=5xbb23-8epqaT|{_jC&h1
zT1r{LksYkydQ-tav4X}BZ*2bo?3F8>n`R==!SCcUuI7neyEjp+B0b!j6SbUqXQTX@
zA7h?lhao^V3IW_H+Jnc~>s>qWb*yu5kpsoYe9Jy{PkbDaL~Qi2e{U&3`Mj~DJ=Ti%
zj#x$K%$)yqn{J|0Y&}eLtj{us)_D{}=c-Ja`dWMyXrqcZSO4`=M>u+h?U8Eo(VTUu
z%`iqx<@|VkK5~{O<6Ak56Cu{#PF}>H@r9tjRbZ+*``&j@oT+ETF1j%-Omo15=s7Lp
zX<XS0*2wXfZx(voOzri|7W%;DP%i|`N4H$yjiWJkDg9^%MuDa21Z>?YG?n#bo;pVz
z?Stm2NoMhiImm^!XwwD8L07I1urIf?pLNHtFiv|*Z##vvV}r0UD6v_&rE2ekFfq6E
z5~jM@9`?@YF->;RMgvd>uxU~sIL)o!Q0ol@LTX1h&gEroouDLV<~hIMN<Tb_owC*P
z_xlE0`%E{Bt)37ui=F<OmM6%7O2)odmXc8|7@e)Ac7^*o!diG4)T5Kg`=K6G*l&j1
zKI0Tn2TZ^L1CiG<qahBQnfjWnXQRMdb|;KU8*tLt6EN;`Z<%n1wg#_EG|)<W3(w;M
z?99EQ2;ruzM$&0I@WxYy>4WeXtcf>FDb1;91De>EDT9Q8`Ki4L1I(ZuzjO}!5%%6?
z8eSa@ip&=jI8Ng(b~}@#0EW!u>$?q!!<b(8s^riLj>PO5)-*+(-*{irix%zu&Tba{
z8ruG?SM;&{=R%vEhq3of3@`q4rP*A4^Oa^3^Kebjq89fZj10_@E8eFCrtu5XX}45C
zw)H<(tF`+gI)O#E*Slqw8+gNFSoV{=5A%ikYMtPRGkn2g$}BZ%is$@St2j*kTwox5
z=;s1fmDD9V4seCDc~JubPM_Mb;|Q;MgWICUE>@9~jaP;tGqdvvHfq!g)W(<J!7;Ma
z0~#@fdl0Kuu#P>X*^?v(INiji3<|GN|G}4f)V~~6aHO5btY+BW7T4!dz=g)hQGiGU
zF?u4f$T$&r)Ho5C8*MVv*5`@9-y6**0!L6=TBn##1j-!d1A%#w5yY_(#K|Ni1%gW^
zqZdcErMq9m<HfOl5!sC~l$U3_JL<}Di~3!3H{aU#vB18sfY5GagtoyTw3zeEiQ~BM
z=^TgF+#rcIqWW$|mR#0gULfd}G;VnuwB+gTlfsJ9#!_Ef8cS#I`id}^A##8b*b@^J
zA>NXQr<3o35T@OC+_arO9%Nqf*9OIICkM&Qs|ibfeiW;%(H9wLz<sgqBHweQrmX@x
zx_Jbfi2BiL{Rr=W@T$&hUq(2t`srgt%ZW_>t*aZc_)Fvv4sX*C<-j<5F_OynjU)XV
zIz4()C_E7Ll{hF!q`kosAk$-_usUf89wJeO2VV@m_(iuvB({cB1yQE|F#~~ec4)7B
z6P;AoqUfaFK1$ie-=O%mR%h4hrhn@I!8f|KKSM_b3afuNvOdDc7a#kg8*T0%CVL|%
z&Q0y+!L$DRKr!g+=#uE?W;e0Un1sRwI+3v@d|{l~a^laEVmlG!6wTjk-n!Q%nQ>^C
zd5>3pj_wO|++!RhGM^4@*%y(V-aNe&M-NXgk&JtQ!M`TQAiEVE38Yc@(XzjePSul$
z?XVDqfg+M<im6UnF5b=#NOV6<Zzu2s#$c=}V2%EkKISm;J>4FAtcwmHwE^_qV8^=n
z9XZzJ+q)m@PSd#yIf4Y-1lLvy+QdB3Yyqs}9?q<4`gpw8=wtDwvT>xilw5YS>*n%;
z>@=OucF}7^Y_+<?hH!Be4T|&o6ZFH~`(h~ih4?-x`gMoQhr4VDe=vsdfIbA@z0tNt
z$M;Ff_Z>9j!wY1fBHxzYN%`vsBcvQ)f$#zHw`8iPI~6BjF)*sDA1At3W)SnjgRx>X
zGf}#kUxv#W<Vx@V5(l-Mk@Na)K23Hy2V6TVhMM2bsJY`{ZxXtG%=<B9YRO+BYLzq0
z>9m<4zTFl}P^B)N)$WT~n7Mr~jC8=nYRlTq>$AvMpGS@LF|pdY_CD9=7YEGilm30{
z)9-+Z)s`_<>+XxylEs~Sj8><}Se@<ryR+Kj7*_kA&%cY+X4!jL9G%rZw7;9PoX%(;
z`y3f9PmH#hF+)Nhws>rqjL&k*lVE=NF^+R?c1ovCTBQ5W+4sl#&qbQk@vEL&whfAC
zai5zoVSdaKPqxNlLK<VOvxp^hL<tH=t+*5*way_Cu8O&eqWp)`L8&$6!x*V`7Gpw`
zt4pm!{YYwM2h}LG&T7}C*2x`FGQ;`DATc(`-cRX6Cwteir6Ot<m0D@Qc>KY9ks?xS
za{xWttR%Ivr8*HEwfd7kzhjJ1AF(dAy4$}~YE?Hr+oK}B$G3U7&K&)(>CCYnnd9C2
zu+0Zpn|nIVX#T#%4F7a(MJMs!LWWhwijQQ?>Fdh{rlH1}urJ!7Q82k%L6nQMFZP<c
zU)vt-e*QFb*Z%e>cQ@MG^v~G#{*CP^(4K*o>R<n<&-6<i(>zm_(Z-@~Z4AaXJbR-&
z-Y9rmw}R)<k1BmHodQvTDMcu+&~FVbIZ;5Vml?x2fWrvwF$pTI|Io9Z!K{WoM98`2
zC3LdfO^9X0ykeS(rXTRe()4Hc^h(oZszfyXx&4tnh>xfxwGomK33~cblDOz-YKxwK
zqSYjU-WnM!7WvVhNY$w905X%dqXn0gCo=nUp4)7<YR^#;Z69(oo5XBb^MBG!fz^IT
z1!pnwf+9N?LiK4a-Gtgb(H{F0fxPp37k|7zM$xB^gn)>c_dt6@%%l0oN9Vx#t#l3j
zd+Y3Kj-BMoak{+ikL$&k?mL@W*4#~Et^Zc{;l_2?`geUDKK&LY{@nmaK)Aog0-(iL
zJJ}T#3m<CY4Y=6W5=?-;P0Z$%irF3P<TmPe0R=HpUB^Qs!ak!-ydk8m=rXN}6QJ?^
z0NnO%#6pu3+<>p=$!l|ITU0RWeCGU{3_F35V$0$YYxR*hW`bv%OgwD0?vMih4mz>G
z%>;W9Sy7YNXicn#dPsutX@iOfSn=w^HfV;j5aFwj*eSQ%$c;C0-ISY<*ie1AUt)b(
z;At`p6FG*qs~c^B=CXjoI{qznT#nFtfY!w134v>KDDzNN5gA$o?2iuI)3k9JP=7NC
zpx6Q%hFkx=ko)5WR2^p8nJ)t;{>!ATrMRS-c5-FlE}`B+QUpu?VbRe|>Zabo7PM%W
zT<C^T3on{5{I5pcVoUcc4c~{Vht9*Cxh=3u-#Xu|i>cvm3G>1cJn}8X{XZvWoQ1Ie
zySMR#smjAx<yYM`*Y6zN*lz8G{)%nf84I2*77b6^V#>XS<#K!IhTqv)L-$7h8S}L{
zdc2@n_V;>xBA~;y$v`h2X+k#zWi1&zrOyOOGc4~P*H|sOu8bGEbt60%Sf;{AN<YR8
z4d_S8vRd<q?zzm&vnNl)<a)F8Ba|A>KjmZd37K9)TNI9<ch2sdFdGG#^w5is2#k6Q
zj>mjQ%l2_NVkySs7v`0x8*jPNAc^_ouf>4wWSFhyOAa%`?8g|$$oV1XzrEKJ=<a0Y
zeMVOHN6AV(BP*+Vkd=lWWTmwivQlY~m0%CD(r6+pn|hFy6)|K5X^2i((7MWK2<Jzs
z>i?FG9B?x$_v;@TzOWm~w7%0?jkc-;NY*y&iJBh%+MN`z*H3?~TQh2D`ilseSF{_h
zrH1=Q)I(ewvfE6P=FjYt9%;9P4Oejc(j;c3jklODPP#S*2ft|1o<7=bqyMHGu?VgD
ze`TE`tNiDl?8ChD-aG$qm;E{ybLC6Kv;Q}Dc7vQvjb#|`eka3tAwqU|o$Ms{N_LnR
zVl2(Mb2E8})0y|R-{}5h>|E&H-|2p4`-#L{*J<QZ#Y=`oNla)*EQz5Kp=V;IG&yXx
z^yzlC4_Cz4*;01FC|=$X6{huKuf-PI(0~r(JIwme3SE4<2TA4KI}l-mj1NAjn)RRJ
zZu-v%HQI{a*{ImgEZAAnj&2JS{J2{}Mab0W*Pob_p5f;H-u=X+%Y6KTKI+$xLm&TB
zAI;K-vigOXq4=P(wzU2S9f6lxOh@3x%CPO<>tXm0^wkjhXw%YXo1r&)>tEa5(0d~q
zE^Y*N51LG<j5wCGG3(8uIv7&5RXbK2IW5IA`vu733wzSX$9_TfP&&sl+e66!ocfVT
z5_djNF!z;fgX&0xUe#{gtTD8qZ$9is*ZyXl2u#H8f8Ik<dm?OZLi_cH#wUs5w{>ss
zKN0(WHKz-4d%78%QLq{o{tmT(^Z$i3sqaw@?z#mAkhAkU&CY+c_b@vfmS+DbYeZJ6
zC3&849(RQE6hu}yqRu?2{lB9}L>RtVY2f@X*#7SszB&eAu({r_!xK*}j_}l?7@o?k
zU{l#Emk}HN)8xW|b;yO|4zmjf32rZqB^M4_NoH1vHq09a1Ttch3kR0t%F4)vgUs}O
zxo|M2eFCYPGbh$gaeQkZE*w~zTsT5?-(}zY+G4nHuuBfiao%v@U|#eU%uw^>)*j|g
zy$DyjtPXJmXT&Tb#`WNPVMffk*E_ApwQPM}WPkZpA>GTyB)XT)ZAG~ZE9yqi$i#|i
zVjpp(m)1oObl4ghmvsH_ZzYDSo*&u~)?VKlHf{qNj?kfdB9{UU=jWF1@!6ny@7>dG
zREU7e<g-Dr2u!PqH8@A1G`ltyO0m0N>#FJI!x2FqvkwQ|(_c+K9BcsJ;loj2jrHO1
zTfX0i12Lkfs$j^$r+Ui4+JhajV$*EvcZf~e%uYjRqJ=N|jjmBK;QcxrlY8CZsJPP^
zM5wQg?kmPjdMI_Y7u(*q8pmF`Qb(8(@S>&m-QaiWj0V(EcniG}BW?`rO?_h?>=E^C
z>H87&ja{a32P2N^y{T{P8S3v+-@HHS>0B5ytQWgX^XVasn&;D97^M+^^d1SLgoD#M
z3~`eznY-`Rh0!90+F>J?h>`!Q=<57>OU$w`0u*{C!YNIh?HOAS&L+sIR`j3?l(ZWZ
zI-Yw5r789i_AW7P2S&LWy(XWbm)lL7>2ObO%F9Kg^xIFoV*j?U``m>8m-MPC_vqc^
zR+Nqui5waS=njpXe|^92FsO2Vd(Y@01`U((Ewhg>=0zc0??#WuZ#GA092YpdG0I0M
zEC*vAeT3y8y47({EZ2CasyD7d>|#^(cS<Fqwa37@bvId~qP}1{YKq*WWy0g=s_1DV
z8#L!n+Kh(!Q`~avX7o1cZSc2r8~lY$eGPuuCg?$H4;m^x^MlcCFK(&9&0O}f>X9bb
za-|r+&3aaMHT32q0QnwVik;b!edqnViAiA!F{!&YU{BOI^ZavV?aXuTT{sG_;_AU`
zHhn;VB*nrzlh_XV2zFI=Q)LP&!`(0Kc2u%skHNC8vAl(9>xB=ZW{I5mz5}N`<?CYA
zzxbnG{ZXvG_JeL6|M=Tzdz0dOdRWZq?88ABs0*?ypprubwmwod^y9L5vN4tcZ`1Ej
zVLSug*|qRs6iYscaqk+Y-!#I2uB#lJ|JgY6;pH1KWq+iXbyd+b)KJ48d@M6s`uUin
z=N}uT#qCyVJ(u$zjX4_K6niw<y?na&8k5^WtWz2m(#wmBQnERJIt$x{3C+0!9OkM&
zis{B<sw(H&(G7b{T%@izD$F8oN2}XndcM(Ba#4?evmtC;(*ib#BJ)Pnb#iu42Zf{5
z-@FxOmv=~>)_GDW2V;#!T3<Ig%!!ZF0E?i91({`zNC%}G7%=$JB<{?sHAY?FKu-d1
z%rR#dwZTIhQ!>j^B5h32+t4POO3(kP$w7c}YXCbpdvtv;t4zmPj6b1SH<(WP2C^*Q
zPVGdc$r#a6s@HI0jZYwJRSM9YF7p8MW5AfM4eaXGx%<OMJ4~WGus3aX8)6)((8@)V
z+WM5y>CNalg|V<U|47fe-^jWZv&L1Lj{gKBYa?c5R3he|C8Ec;?hPzI!ge3Q8C_ft
zE!?QLkYu!Q4qG^~K6d%}!q%J}>fC?#w)9u`vdFKlk6C0+oR0y{x}nIt+SoysE;A3(
z_pWyLdYs2O9Nt6A^x?JQ@FuK}9%H&d*V8@gxysm6z7`8R${ZD|aaS15|G)=7UvD}-
zL+|s5>u=5aZrXfpk0>8>JaPY-Zq#pQd-o_Gy<RPNY_BzPwSbeZYlUgOXf`T67SLz>
z0m`_yuj|$eS{*k3STCDzl)V?r4qF$6&Nv+O4Y35>xcmSR`(hoQdqrH6Kkn8`Xt!~`
zGZfny*O#00^Xu3p;n<GW8y#WO^Sd{_CAOp3c$ucBSD4t8oMGwq8%d-5Opqk@j=&Bs
zkRB5(lUMv1>H334>Adt}2HvQy^Jg^b`S`Aqy?Av;Ud}0eVuIe8$fZg{Q6lqatg^8G
z@Hf82yz>0Z>^UoWf>-iqAT?Eo!G>^2+l(-oF0NubNatiqIY==wdFi;Cd*NhQwhhDh
zk(~ci5@o&kro_Y0Y1X$OA>1s;@AU|3dM=_@H*m{rBqQww<Z*>(jB;+Lh=Oh|ud&63
z&3buM^ONwg-{WcybjO!$!)dss#^`IF6c>Ohg2?0l0*|6usYnrer|LN)yru8WXb{S6
z4@ZMgZn79bDAAZ53h3|DKc@%$wCe#s$2+_uDd49#cG<(GXrCCfPLKAf5G=$pOQgOa
z<x;dy?EnrBABrOw-ksslHbROTn1bRCKu<f31(cfs4~lUi2Di|p@wfKDn=x7Mn6h^K
zJ0|OSQ`XPJF<Jj<j%LjYo8N|_`A(lINT1>pO)hzSb|C2O?-C!sVJ=AFcmq<tH9a5S
zF|4DBO-=JScP+vAvnf@`a5fM<mAceLd+8-*Zz`7ImC06Kx)meertp$|7cXveNa|hp
zY&GHy?}7##P%=f3Z8^>An=j&9)Kk-;Jk*)*Ky?FOCAELd%Qy1U)HLr;u}5eYFJOPx
zYVls7(d#n$dlrfZA7c2#;#*9Q#qRW-;_D`)k)j1Xi`%pBlGJ-l@sn|g&>kDSa`$Jg
z_zt0X0*Li+_3b_QKDNzV5x|m3vsDVh_!{dSncVVkaLJ5m8RLMFLLKcmzD8W$JzlQy
z9O@p53tVzClbk*77y!C_0dC<u-0YUR!0a&Nt5QQyjT0NK`1bg^R;lW4JgOj!<K+d8
zJZ{~?8Ogl7Bsb3wd%h|Ka^)qnq^fi*Cb5Sy7ZhO7C_3V}Me52etIEYgv(whx;;zM9
zDZbp}me<}*Hw>BqgF(3U?*;*;fO?vO(OcwPSf*UG;yS{50G7)WDJ)EwToA)rsc9YL
z1+aum3W~>B^bz?k=jEyb@*i6Y4K2+zM!FdzDF(u9xV}_VDS4?r2{uER9aq+6WADJ$
z1+v423D**i=$j7xr>hyIMqnIMq5L^6#W9!5tUkwGqTsaE%db8~7y7QXQf7b>tFNL&
z|LqjHxMmHW4HgO+j%sy?Yx4~cy=-x9agTr2BGIbM;pI!Y^{JCL2#_%sG-K<=TaK^5
zh~8)6|8_tPS;(;a5?~w!UYn>{Ma||CkEU~hb_+%U=a!!%kiUc=7Ya2=DWF@3Cx}e~
zJ<JOn0wo4TtOswi0z;x~r^*HXYDe2Dj=?2;gp<ItU62*r86>h_ZNp|2wvw<{e?(rH
z;!124XO~0Y1?l|gf=rOLNd=f^=cS_bx;T^%wZB`;?_-();o3a-p_l14K6bvv3G+oT
z@YU)#1{4Cwm<T}ZQ=W|gL_5La$pBZvQ3zpD1n)L(w2Y059cA25^C&N*n@5SFA&Ou!
zZG!+P0Gu^a+a>>k8rYR?ZeS}l@VH&<g8jTGUHTdK=OD(#m|`<kTwte~>tbrI>Z4|A
zOic&XyfLO`dLK0p#?kO?u4Y)Vbho5>#|3sQ8O=7IP<U9PwWD{+z6vxGI&cAe-$tFC
zkBC6I&PFcqCu~S@59k?XnfTU(On&r)Y(R`FIB~&sOk?4t`Jio3o|E!sTDfJz(tBjG
ziZkOlaYRg}HUU=|+dq_fAb4m@#vvjj>Vioq@*P^8OVk46B$;#7inwU5e<N(KFZOra
zU<`lQHb<Olc2BliIsZT?Yu<a>KPh^}g4sGP)6fw%X1<&_Xb4kWfC8iDsqMOGW^$<L
zY^7kW0fv0AZe`uJNXxb6b=0mkBOfk@wj}!gt~$KHSQKq8a`LMSjNPi`!(b0BE;dg!
zIzu_HtXk!OrqfjQ{S&CbxaXV4(1daOXzz8fcsodps~9ns2=!(<<ax8DwH9)HAOdKj
zeq5jvgj>Ki|F7H8P;MfT646bah--V>d%$n@wPyGY*Z$OrMx6q~nHR89y&}Fn%;t!)
zIia=xcb&Aq5f@1oi$Ta-NY5)5l+{Hfj3_u+gYJ?n1s!Gz(is@mD8!iS{}N|$p`AEy
zm8<$#f=fJolUvTK1S!xh)l|0+k@mTBYP0r<wd1P062w|N25?o9nXyvZ$&&}uKEC7_
zvsZ#1))l&ZZXfZZF8D$vM+}?IyjDJI4+!EnQ9B@E5AjG}8|`5jFTG7^@k&qDc|rQ}
zzi(HWmNA4E4>yq!8ylX!0{b$Di0LC(X31frx!a++4<n|fA$(ol8d_Xv&n33TL7U~=
z@|S@*Pf$`5nrp^!fyzrjWSKV(C8=u8a}L0Ue&UNR738NsDk8$OPq6M1q~uQkmTsvU
z-$S-G;R1;5<Ccu%1I_F}T3)=8=Wg4V(=12|MVYQXVv`tC{nyZU04wmPAXA>JD((80
zfIa6LJb6p91<$9U?oM8M35$dZjCZ=_dmJ7)4?9@FE2&>FS?;Fov!MmGpQ|&>kG^LW
z_w)!9lyrJOeT@s>lPbB`nDLT@TlNO3P5G4`@l={i&P#Dyn?%*>tY3N%#7FN+XdBwk
zhiblZ)<^P34?x=j3|M`kwhdIc=?>mDeGRYN3BufoI1K*7xeta)+4?fx$C#dWZEIxz
z!$wS(-(88vIJ6hFNA-Qsn|z|pZ3*k|qJks^@=@+AV<WC^X8Sz44@<5x@56L0k=`qF
zZ5C)8C~RoYx0uG^TS1E>9aJCKN)LdRk*>kg%OfzA?pdR*9|!OR`0;XHInPzO8(O7Z
z)rS+@$~#MuFH3E_*fh?SRZHQNK5a~-71WkPbLEHdL8k6oxwkEBd%pV?9;c1!jEt8F
z5wJ8KQ~(GUq`XRQc`_|6j90#bLSc<g!|(i+yyyg~HY5$-c$ws&frYN5IAB2s$otg<
zDlRa5AWpHtBc}+3ssQ+deF-oOe9v_<S0#MX%8O@#;ku-H&Yw1rHGZDwHtm)gCd<h=
zpfq@s@VnYs!%eAiZOKKH&8kDgdtlyWAX_<Gxu<`81-i;_2RtTQP*x4VEWhv+#`M6s
z{}L8}7DJxC3ZXf?f_6pL@7GLLZu+H~M%mL>(Y&Mvet3Xop8$oXy43<`SA$?<cqh9v
z?0KM4JEXwpq&o&z5i{9~@nK|p`I!5pz#f#X{E`DBD&TL>*ES|&U3*3#DAjRg55hzV
zW?WvK6xffZyu2W?I<$d_i!1HiGgtHnOwHRgmk_qKiy^GM7R$P-FjZ<APU%vB_I+V3
zF9zc=*i0947?NfjZ2nvx6_Em+EQ|~>9PBM)0IE6owu0V1@Q|`V8f4SpirW`+%Xqw&
zXr)$x<I$hWPC6C|kK>(nTxt51bX-J(fbXYLt|V(PmV^Zlpkg11X=tZFuM?vOhOwcz
zLYI{PH}M34&Iancj7{Cp72&8VDS)rxAB@DP(ol*V1Y>WKOS}jRQkjf$c@;tsWZ*my
zTbKX%QVJbN8$o(0jikPiUPh4DQZw@EQ87w-zH~yJ)r7LY`(+0Pt8_WPT6#iWtJk5n
zWNJ%llGZk&54~#jDDGu;wnDxX&^bEkcH1Ft`Tr!~8l#3KD2wcjQd5NDY?&4huZ6sy
zK+)l(02^RqU0_z&u=ai~NF9078IQDGrtDA(`x|Y^<*buxpG<K(t8l@V{FWCNud*(=
zU63nqUM{iD3X`y_fip1R37ukVwy(;~Xak65zIR0G%*sY1SK)_9OK-KdvJr(|(&=d)
z(1=kM-)n-T=1CVl(pQ4?wMW|Kl4o{~t{_d=Ka=8xQqR&_LQ&e7YQHn+s4`NfFPU<@
z{b4Mw4LAkgQ~@@tM{Eay^mD{caq$|9o;3;sBubxoe<DEtw~9|Tv|7Arq3fdS<q@B3
zZ3W6Tl-?XUWA&W|&I)wvz~W+V{o>-eCC4qvb4$V&JLhk8V2B+X2&0(b;Qaq_u%F3X
z-~$JO^4q0@LRabhNIYfrh-d7O=<Vkcmv&}*PXdkdU8OJcr7|hbF6Yutk20wfR4^cX
zRm76Kx5)uS3@2@8x4atvcyG`*YIJi_6eqG0sMayCGq((&_b;%jycP?gq2RK9fI)ei
z#8yCYRR87tAet;^q~cTA{lvvVK)!{JD}!QVmlz!3k|x>Z#g$?>kz1Z|iEc8Y`6$Vf
zb%(QUNsFuU{<(AK;+vtwC#27$`sy|im}>2=7FBAkZjZ~_Ded}8OPd(XmL_(BREWRZ
zlBDUCOLvPk*@CjfE?urG$lSVV8OeZ0@y#^_-hSe0q@Y%eib*mdFI6Eb$W=sGtGnW|
zTErviQWeu;{z|HyHzP&t%I5q}qt*_47FU(&t*Ex<4#ap!!1KPsF#hRos|8hb|5F@p
zs|E%lzeZ2fRpEA4m9BREUG_=mnD$Y&lEk#+1bW!uv>N(AXAWdH%h#ENeOFx`T~*dX
zZDu`sH5mhFIPewjAFId=y3DM|^t-Hw7EM+IWMQk)een0m3_O|}$(h;=j77`?oEqQ&
z>X)hSYVQ@gX(;-vh|U&dvgxQJXJRbJDhE?F7z2O}m<yy<y%O`JI-c!cAmwB~<KC|0
z<qEwGs=&QnLF8YVc10X-tpW5U;>!gVUuL+09A{L$HdfT{MS8wqBI-ptQNKwi>JpoY
z_!|CcGR#lb_IxKE;NXb3W#i(|=)8IsnJreQGm4FW<d-Z&7GJ|Z`BG=T)DpTD*2noN
z=f4UlXW11z&^V7+XU}(ba?6ge7<F#v3EvkmU7Dx7mOysh69ksfr?emD0=NR(@pgOb
zP26&8Ck6Lvw7L`PQQ10+C-&k+3%7ha@%e?FGLg8PFm86|KHt@$YZ;xWv(VG=qH343
zVIa<Z-gvRg=~YKpAw~6F!DwnAoXfpZms=dRiWT@BcCKX<^JBm$vDPYOvjll<Cy5&G
zL9e#8vq<SB1r^3HvsGK!9+B@nh4u`$^!rVC5JYv#ZbjroX^n{tjHE{yMIDJH@ZVA<
zeh?cXoYFS5kg+I}n8NNQR}v55o|%Bx2<7QO_HPEH7}<v5LF=Lo!VU@bFOPn^N3X^f
z7Uwe-^os}!+D^-(#%ah^ClL?Y;bw|VUSNl>N@qBs%}hSm`Am?(mq8@T6Sb$?2t{Tw
zMog?#Cgfn7hzqnKCt%vMZvI17?4Lka+i6HB6N)u9zPc6PwoZUqaiyQyX-|7^!!H^K
zZF3LOMR`FdZTGF5dAqO0FJ&^bKk-rfQ(=cOY2Zec(Ou={*hVLt6z6}P;!GJ(;FiB|
z3YA0>Fm&4q9@-#%1S%#-=QzJF8P6-mp)*+xW8rSADmc$^EFR&EQ>4E{43+)+nMv2A
z#8}exbc%T{OHz86DJe30UZs=JX35=R(5g$X5}}Xg`j#9{q7rCMI5cE#IeNHp>r!AV
zWS#ZzUX)tgzSPV4fs{Xu+;?-f^X$UUl}T2qiipw*?GM-t^#L3=E{d9n+rSrfs<*;~
z*xDJS_k{{J0FV@<c8_w?GCu1Z#+?B6#Y@U461eOEM3`HZF$sdMH;n7JXpB~15cJex
zyjBd6%K%T79yhnyahu{!==4Z6F6A-E{n9O+;1zon$)j1df)o_2wS=E|k^!3^lq_eH
zOHN)c@pfN`Z}}=O>m!e1uXIa`I`g>AldYf!x90hGEJ}41w=MM!gr8owN35~tIkkCz
z6XYr;SklN%@`q}N8Rk1{LDN{~l5*|y)O=;kGg>IBmqO!7p^d8Vs<yCPF`Kc?z|Zia
zE6}x9f<Vu-;kc5dN5XDXwLy6A7O025oKXTY0}*C=5F2<7H%sC4N~W3gMnr(Lr^G4q
ztTEI^S{qehw8Har<_}7t8<oPQad?~q`{Sv2QXx^{^DhA=ou8%U2X;(Wl0R8;8Q_nc
zS_c#z7JFtZ@BGAf2K2mDf|S2T$T|ZoZb>>(B;}^|h+duyoT~=PPlod6puDtrm3BS7
zl3J0*$UkyP^+!G;|JtrLvka!SVpzw0)m=lXPhX`Z|4ckQF6%7WaX5Y-hzr&23HTO|
zGUhXwiu(3@0OkD3@k(kAE5i&uh0W+DYFoUD0vaz~<xK${8pNQyRVcN3BzvnM=daN&
zI~^vi6-__lI1A^Wg*SZ%eoH$@C8-a|nfUukYaI!YqzC0X$k{|$lp+-+YunG$rHL-)
z^rt<47WbVlI1o7Mh}kkphFprp9tXrV<^$rgBosO;m`S{uUKjidm;mU=XI&IrqK*sv
zsTpXL^`b_H@>!qoVmQ?!g_r&V)&u@}q>n)oGVH|k7H!nTJtNGCN0Q7Y?g@%}q$R7K
zsN-&zv|T$$4smC7@l1G^iDzyZux|_6w_KZ(BRI(PL9%9`{N`#o7%RdB8R?i_8IAug
zo=MAd&P?T=nQUbq`yQDC#S=QoTg5wTxaEIkuMUv4iY!;qnnwz%N8XE$gqL=CY_~ah
z<yRobXk@#R^Hu<m4hTxJZuj|$&-x6J-O<YbALhOUys0V+IB5edP<RDFQBbNDq~g*l
zYNMbHr0@c%!hp*-E;v=hQ4}QsRMcYfpwAe@nZa>JS;kQZ7e+><7Nw9DXv%6?WD(J_
z=MgAn>jrK9bI!f*<-H_DX6F09|M&Z(dGFoz+;h)<&&6vFD$M2k+LN6}2E1QmYpAxF
zt8M<@B-^1=Z$8Q?{vk<teE%)HIn3#M_}%=hic&U#69v9x)h+}S0B2;+f-SSfE{LH5
z6dN1bq2~QEx74I*^L5HqPG1W7SYZ<tR*U{LW~1?oW~k`;1;m=W1n*Liw@UAV_ooVk
z<pFzEhyq@5P%xl3``{MM+KR|3m!rk2^50Dn28V|isrpf^*)b#1h^9er*v!)GyfvHH
z0j&?CuX28=^4D52%JKLN{}6ycz`YVD3_vU%X|;E16kbQV>;4p86yb}y$qUF)kMzL3
zP;XCk0PlvKm=9>8Jc8PH;~?QJjN)B3h|oWus6tkGDfyeX)`)U`vGT`O7J)V8G>%JU
ziQ{A45-A3^L`s}n;(AgvRQq8~iqQ`uoYq*Oj|>C(If3vMoFCfYPgbjeA-+pFq;svU
zQ+L~CB1lT>36{{o{~FHh2&i_hPK`)^vbHMEkqsn}6ibq0#Jx6!ylo&JFr`|l0a5<c
z2w}M;N11*U5X{;r_-Dfpn?FC|@YJR{<#lLBL(AH`VpfG}bu0e@U@jdcA(1b#FuMn>
zINI9W3z?4}7Av&<>n5^{mRbn4CoV#Z-^FAIyBlPR3c>$L5;Jx$%Oj*cl2slW{Vx{Q
zkcK3Fglsv2cMv$`iHkfWC7G2^Fcb{XQri9MmDr!dpSCI|pxS%81EzMbq}$7_JCP4O
zyhyo^UH-%@K%_%X&oP^nZvf7ITO?;oL%lhuOr(ov>Y_AP$*HB|3kcUP1nhGv!Ts2P
z0w1<Fx^mJ^;)Qr<A$(HsE<oE)wsJMpC~a?S<sGzdOHbm3AabM6k5u0(o)i7k&H+gY
z;$H`##kIaX5SFd3i<DxM=J)rdz$^Dl!4#%;9JfHpDMvi7EFTYA1D@Y`1>@itJ9(uP
zxJM3@L-RnA-<}I-4;#{*!s8#9nF54JCgchJ=32UT5P5hI=zJk4?T3>bSrPgBte_1T
zz>l@$k&;uCYAi`M0FcGWdc6sdimNQw5_xtP(b|fnR>OY_?O6)mX9whsq<Imen*GG0
z<@_Spxj0KxXyoUN)PNBD0Lf`oMESm1B`Ih#E2|?BkjzQ6pD7{}9l8OY8<4cCXVI&B
z<Ytx{5IeF~3DT<LlxUC!?M6#qa5%A8hkt4s^sDrQ@BU$k91S*eKpA(Aac#LA(WeYX
zr%Y&JuWbGTSo$A9JfvG~-u|qK=}Ullj9A)#Y*e;3>oMllB%{;e$K$H_Yo*2DODA|&
z6V0Av3FcXF1wHiDtT-r+`sbXrIf0xlN;a|1a&q^y+W9u^_!%>fb2A^ak(XoKP~E3Z
z%ubx5L=xISl-dv-`w5cefVM)_am@d811TNKOcLo@^K<I)I*Y67)u)^QKDQi(qP=g>
zpso1Hrij=bG~p!VX{wR59mcm`CKmEJlkEm|rl5Tmt%Vp2FqiK1%v4w_GPCBFnz_-I
z?NlUXXrmXtu}mA^*JK{=X*46EXLthna{hAViWb`R%(WU?eYlAoq$MBkp99L~Uo^KX
znram9K7H}IvBhurMgMt9>}Q9uHFV;h{9UuL%&q&hGQ>{08K1-Jgp!ldF1|8Um)1ZB
zN@OpEwMGlgHWq4!g?`*?@Fy$iN3!{D14^U(<v8yP$M+jnmuszyfvzh~;1NWmrG?=r
zC6oRH58oo;TJg}+^C@if(6JUkTQY#k!z>Q}uv8EfCtm@2es^VWSO<iHLruJs@Lx$&
zd$lLqs#z6KI34x1&@yOD`7BJAZZO|DsX?L5{qTevd&M*(<u@cOlL0C8!I5Uo?Dr1*
zRu<IJ%{uIE-d0`=It?|A_&5B;Y=p{@<Ft&Sr3ck<DPo-tDD$H454Gy%(f2_WSjwhW
z{o#nK5X4W`sOzGR{mgHh@o1*1(Mj#kU>E_pGz4#MjfV6xQLoT;rI`~l<t@wrN#~ky
zBB9R@HuHN@m^qNy%cK%qu9R>LI=uE<13I{%DP{dHy1;@*eydF*1@{!P4e9<SW;{tt
z6}%(K=ChPJTq@J>)>i4ZCT+N$*HW_usUN)XEM|^_Y-PwXcC_QBYnegw=t1^;@_;&W
zM$v}+LQJ))RaGUc`7b5wkZy>*4rnXzINfbs&Tyg*_IeIRGXfpDWT&S83MK79&VmW&
z1d5tpnQ~Ql0G9_q4-rZ(Cb{c-kh{`R?&{>-;<{K^(Z%}x)L-m!0OM9q@i<BUaHRMr
zfa2o^T|D6!vG5nsbF}A-vq%tyS*vKAXL15OMs=SJV^q`Ygn!?Xo_nQ9knk3YaA$Zl
z)8i77iP}9hl&<)64HxC>cEWRS`;{iV^-Au((=&KJwIS3+I&ZuU>%2!YeWdeBdh!#`
z42Yi9J)`lDD==7grHLYj$7ZI6#vbF)ZdU<4*~kX&`bcbNqO71$0>11Va-~U`9^wA;
zxQoWo(_^AEs-l0e9lBOSS{v6#Lt1m#=f1kn@`mVVJe8-9cs1GXcgS^GP&Nf)PQXBd
z_IBU17TKPeE|d)GY?D{p0!Nc<o&)AZW)3pLB^^%Rq&#2V15myvD3ue^obW4K^d;rh
zuQ3Z=w2xD~)bh+ZCN(r_dS*tb&+`}<<@7<}-OprZ2;QHQbi8F$>au7c5a%SLzQr&E
zWGAH<i69F3>zqP<BeYzDtKj=O6O}bvd97gc95O3-UjxUtU?9&h-ci0HjJw1kD`G^$
zS6!&&n>1SZ;e??cIB^tq4}66O8nEEqY>FSOU0CsT=3j6K+NfbLecB#*zEtmSpNBz`
z7Bnfr|H%|3d0huo*^UXbuZAB5g&Xsw0|?X%QFdnb1cAZ{f74a6C`c1K!9wTt!!u`C
z$cKgCpLD0S$}S%hyuYM!KNDdRU;{3)8Xs<ZG#U?#bEnng^ZvXpcHYus(3fvH#mO%-
zeKH^9rOz|*9PfBxM>!7B=Ow_+0C7VwmBYHGfS8)$c|0@2EOrP2;jnq8r2?7+u$$6x
zi{_)pze<!F$*wC`(CzG=V;0Xo0d|b9``hxpCih{g<n%AkMA7(L3Pp$dxuX0`W*&%!
z8N#2-g_5<Q_g_T(|8wSbXiWgo%ZFvGKTNsR>3b+M5AC1Fpz)A7n9m#o)*mWO*;5s<
zVao`=<ud3x2}jVd#o@p1PY&~D;Tvz}J181ejGwWu?zQorX7i<y@i0JndS-4Bw4Kv8
zl7jJOUxRMto1U4CUY_hu=%-$vpMz%+9wISqbw>_=LVf};?SPFFjXOYEjn_BE%@QX_
z`v<Wc;EPBOPYX?iz!?Z+fdCBOKExuQ(>JlaCPVD7Mg_SjALmf#z<O>Pa%5=#TU><|
zxR|V<U_XgK97p6!5z7%~M=YMbupr0Kh}zK|f+3|NAGFp@xea5g)OcCUz6oV3&Do;$
zL@)_~>^?#UovdmxYaIdFo-2s{?tej>2j1u7|AVC%27$0fQqec^8ci!tknT%^xwrtT
z^@21Gegi!7%z5<pAtdkP=XjRWFF?!N$=>g!K|B5L6R2>#Ll%c8Z1zk$m+d-<=6a{R
z)0tJ}X@!OAlZNvP(%}yb=s-o=hu|BVnJ#S+X7A~OKEf4a%@O~Il{QSOSk%-`nDta=
z;723Y`bVuSYKF&Q_&929eMJhf9CvqsXnIaPD!T8AR%kj;SWvl(trpG^{{kII8$TGm
z-q?pQ^Y_pOJOhXSx(oeE6Qqye*BmE^*m<J=>r6D3=d7hOTj;>WlPyjeP#OtAcIcxi
zxRUUT&|LJtnTb)+xVEAL@Oj0?4eY-;AZEf6S;U4zV)>C|(Qo;qXbw2Cf}*r#h|f}n
zDBzHH$Y%F;gr!8iZOIo(rlpak0pO1W29=b3KvF0&1<*b{-~UXH)~rUGc?~*=7ZC9}
zK(;UU?Q}fWo;e9g*90eU!*MupkqtcU_Opb7laOXjaQg7855MAMY*}k;p2Hb-*yBid
z&=bo}Pu>SVanGQxIU*H(&`^St$Z6QmB<yDbKXUaD_UOcuKxkqRyaxe@p~-!bSURyM
z{0<#Yz#&Y+!Azq-^UZWv7xuI|<MdRTmf+oyYP3v^G&pMp8=N&PT03Z_idV!`yuO>h
zVxMmMinw!ZzPwbZ=$~|n;7y9D+sEMT>PpxjA8nmRCscz;w)(uZ40k6Ezs!z&CL2?X
zjXq--&?DW@1m*$?3N2%^(7M+0mmp;#rsw;g!%N*~U(2B*J>Q-miMD5s!?h4`Epl-g
zGH@AshI;1mTmV5QV^sJB79dw->jCv#x2b;AczgA=X?lCL=F0nl`6FROI2z0^jOJB%
z9#tT3D#-fTVcsrUD@5U*Y8vIAaON1ivN2yi?z+7|{+`RFYqb7^5;t_0jX`q$Y0%xv
zcuHLk*|Qq$<`ABdac{QC!2%#ovqLF3=aZ_LL(i&#mV`dO!pND&B4-BC{n^GyB;S8s
zinh*z;QcgaNhWmBFUf;l60dV+Bdx|msAO;P>}&N@T#rBNJ%?I7mDfYta-HCvNKOBV
zHN8df{*Ib{37UQhnl7NGr@}(NkRhkwF}6GaZjv+W2Lf0D0qj_TyuCmUx^8KEeYz7W
zig@aYuMaR?Sf2v9k+6{5t1mX7);oy>mps!zR0Nsl>~VPgA>YoVu)&6{1bPyxxY7*l
zdW|4i8)&N8un5Xc4cxDRA!YS~cd(fw_5rgIiqCe^LvdWE*ewd9q<YS1Jy2(`=G0_f
z(+V|bK9!sp{vXl>h^*f8>>$Nw9rYFGbxd6GX?;a@j^f^q`mql0nAnef6K1}}V-x^V
zgy=Q(JUzk{^y5H5;XzLS_K}EqI~v<A?~NfkHG*^+6y70z`}HQ}_!+%QU{jC2qaH;N
z`8EcUo(}raxjV#prvKfl^C#%eT3jN`{3=b48ZqZEmc@UJp2Mi<p#P{OtA5z1>8`MY
z(cXV8`6tk=a5aVd!BifNnTpK-=$kvnc@z${sPW37p?%CIrMy*pzPS(MAL)Ec!{%0I
zpN_^O>lB0N`3+5rajLq&oumuc*I|H~a?2@QeST;{Oyv>Jygoa1b)DhV6*RC34;kS}
zExA%zM9t{nPw>ezz-NHc5$85%FrFuS?I{$jBJe8<{;I+ia$r0`_1Ahd(t{WRGA)Kk
zfzA&^mGnpH_YHL5Hl2jrdmHqo)SFX{rqsWk!~U+vUR1Fd#fk8{EKUc0wkAg<JLT$n
z?h^n74Jm1Q=<i#b*eP<<YXIIo(FRd;PK_InF00gDzpPW+N0$|Ac^V^f65m6$7=-43
zE=gI_#PJD)b|tMb3cs9sTYYd;DV~1M6XsTC)hV4D67HA%>VEk&<|tQDs(v&tq{i)+
zpBrNL3&ZD*diZ54bq&nlrhY%F`wo0bxwz5zeG965CDW04tA%ovk&SBnLVYk*knRT{
zE4aQ1`tQ`yxSwuoQ1??#1K&@xW2TyH*iUCV#O<e3_3HjXvIWv^GG=tIY|!B=@}&;#
zQF+^e>l*H^`ZF1u7raN?MLYGZvH099_~%i>xxUesMAX)`OgUG_@MXqyrb!61zW{Wb
z0lY3LFN&CosYRtPs2iXigm!@P0_BMYW-YfMv+kpV*NOJV^+4V(`X<BI$?!FcyphA;
z>(Kti7c2AeBSu(Yu6GB>Cvq^{4acRjOAyT(HO63wa;i(#Pjp{Ge&i}uE`o`MZn&7q
z9n-jII~GN35_dt+QZ7ED->*kwoMpq$FgA<QR5d0R*U8vAS)S+G-~xSyDr2ufZX;aA
zXk-Q#>7h6m^Pvfnu_uzV2Ux!{5xVe?T0k0Akr_3rPn1t!d-_K#Af@YZd^h3~WhT5U
z#kCrsBUMO96z5s}bpF}iNPecl%8f_+=iTUqYfcen{~be1sxTd49mW*?@g!4a5Xp*X
zkofq$!#}WtP;zlmvsLhZj0+L0z|#k!u%hDe0^jX6&!AaP2($6BUD0ogFtscj<XT5o
zBzzsiTcM=88JaOe8?Hy7QW8{N2l6CH<%5c!cy&A`@sb;z*2c>A*+ILXtP<|EWDzKW
z%?lm3GIqi{1~D1Ah-c88Cxo}qcZXI8v$E|3Q{}UvJw#9$n!>-u?UiM^Po4^M@x>na
zW>!8pfk_jgIi(N$D)2v=q3o$ccvmY|q5pMMwUPyYLq{%RIFv|3%TR7b^ZsAXG)B0R
zB#k_Q86#4J1%VEA%7^G-f@0EIcUZ}RFLOfgL37H$dM2%+dX*;yTsbz+aZA1wdDU7_
z7^y_FipB>_Cn%0NFO@bR+6k0nb)?f+s325Oe!>?Gzi1V43*-CMb*cfrZDk~EBa?fZ
znus9%?G&cgKdP}Ky<p#YV-u@AmJ0%~{kSZEQC%+NT~uiTRvL$uNNvxh%@W$Qp-JtW
z_DC*OhcejKIBaNwGPa4iL_XM{8Qy!Hi$tP~Q8UdKZ9vbW${nM=qf~T8^g5$WAU$-S
z+AkV-p~273#4_7~8xk;E=NUu4s`F)0UUOX8@XVNk%7YR8Vx)&&$ZL*{LAnWJtsV^<
z+DDcVo)7xft1l<itw3>OtMJbrh@xW+ve^44wJ9aCJY<A^v)%}Mk;7g`qLgpz7`X>p
zuS_@@2Xv*iHEzJl3$0qmx%fH*JMJmcKwrI!Lkbl@AHMc+yK1f=;f7QmIuiA2wLSKC
z)}3$cUP8f1f+QTlbi~J_-kY{tv_p&G&l6zyfOTzQxO4(#qLTUqmEO6tITBu*;KQD^
zZM24XI!=M%dZAT3HWycQ2)4OOC_!_?`DSw2oz1_xu7fTJCe?$RBg))XBiep9SdX?=
zqz#Kg#v<<;irkDvB&|s3rNKO<4_+><JQIp~H`^Y`FdRvz)@U3>+eKflx**gzjR~#i
z9lMYg*A4=}fBx%8`FAL%jBmM+`D_n1MU*>G##-@f%lR1=y{^@OYKco;iTz)DPA{F0
zpF@r<QEnN7IbD1yo{)Jk@>5|}C$epy4R>Yo<zVJLJVR3DDvK{!3b@0*&c}LPY4VS*
zLxwhU0My`4MSow-srY>_^Z~9*;!ec?Jz~x}r|){<nk!8ODCJ>l9Wg5``d>~Dy%cQL
zF3;YCotEUAe4V{ePn3TY{celHKRq)IJ?{>meGSOLmQ26REVuhTl;8(aZ2*JRka<%J
z;MBe7z5KY}l^}y<R@=~%=ows_sroB(XgDL2n7{IBdZJttn69OoIe^&t^mu<Gmf<B<
z;Hkou2%?a$T6JXRK&K9QjUZhWiOTPoMlqti7}5LSd#f#mKc8c}4~E+S;A0EpyKxLo
z!Rbq@rp!7hWZB`3+3A1SOmQp+@^g*>|Nl{qr}l1f_(!L?rr3P8G>{x7TX(wio$}7`
zMQk1IzNCD3eVNT#<-VQ;_oa%S3X6BG`+%>Tw8agSxWZAmLCiWLTGzeWG2i!8s!iVJ
zkShy(9bgFV`T5c@0<){*czcIuyJQEP@@-lsCG4pb|5?UfQAw7BiR*(fr*@a%{Lr83
z>*Kpfn;RaevirtZoc`ZgU{X29U~+TvrI`8Ht<~;f*h4q{d@i+H%iTA^d@Mei4h-}l
zO{W*Ss|q)YSwB*2Jxr-XzVESA`3G1TKBM<lQ#{RRJk97vzOdNQH#8}H!DjRDD$zf<
zv1inQ{O;nY1G!%d`ImR;K4<+a`uW3_82|DZb~ai*n-lO1zV9k++q~ZsQ4tdt(YEo^
zBjp_SwOf?QeDOnlJs!R<!!)BA-RQ1+{UgkBXD7T63)hMALsigVyQ_Hms?JVmz&$>k
z8tFU)e?0`qO?b^P7t?%&Hg8lhcQ|z5{=l;?5?;=+l+c!=YWSZp!E=}B=Kpzgf)6wQ
z`X1fqtSETG#qbgXy1fBp_}NIOa*<+@n?`iqCS-v+DP)0gCuEHUI-K=>Ce{<OJ|v&1
zki{H#Le|%rlpr~ac>>WFQ$v3#QULf09^J|SSvM6;FYq^wk#P`3LQg$P9$p;AsyY83
zjAvOFv+4h*@w_PL#zSOCK0~1oo}(a-`4$oquIx{?jpsp{d@93{b;eQNl7zX~ra688
zjEmUcE6z|@#D0}9b1o?#$3P3VML?4v%o45Dt|t(s$8qz!(@(xNw7&PmYY($3M)(I_
z6S}jiMb-KFNSs;YGVo0P4We%}sQjb*PtFwmLoA|f%aE^?LoDcowz4h{T$tWt+)*w2
zs5}wCOkUH0YxFWVN4tO*qHj`91=A6+`uhA_u}S(cW`OS(huolUY=^w<ai2++CSW9D
z*|8?P<W-RDm;pa|Q7WiUeE}Zm7QZry^G}q5{;U@4g(nMr18ntck_2f!odK|9@}!w~
zb}~R&811;MQWgK5j#+ZCySsm9HrX21V5&S!-cP|}Qqge?L44-8nhNF(TrQr-Pw)=T
zMKmd^p|UKOUuf!wM<Xx>R*7ifjDy&w`!@;G-{r1grvO5p!QRVt8Sn<)uVui?y5H1B
z20U0-%C8@kra@<fMKc!TPeLHwjj#Aln0eXtC`l~FsX6h)?k@#dEd_F|qr5c<bRxR@
zwK6D8I!;mL0OSL#?FWvlS7sf<doB@H-BvZ@%?+WB@Rwy5ba&Qe1$5>6X!;=cJmsSX
zW6~-y{BX+q*f>H-V@>gymrT*rf=~61rWU;AJ~g%Afcr46nRVp)3txzw`q0>a9F2r$
zjh|zbL*Tisd^+?J*MaU)9eXPRnwH)!FU8UOFlfMgf&%3Rzk<soNG)9vnFmj0PsiDl
z^$L303s05O@Z&6zkP5$`l&$^BJFcDK$>s14N(0rG{!tcR9`bdkKfgLCHP))tQq>aj
zT!xux{KdCJhP{Q+|HtX-mY`(f?>&tV2Bn=^{nOg7koGG>8&sY4uBY}cT^rpt?dv)C
zl>xt|3PMTI!WY>6FAJZaZ?aLO8r>{YM2k-I;Dgmh2V)XuP3wo!D%EB~FdGI)Ely;&
z)I@E<e;B4WS3We1IkV7{6->fi?(^ensh7s!l_;KaGYZYpHMePNO7uXcl1~2wixU<9
z#rPrQydPEnuh^9pRF*ZU&$Bs~ZKc4iNKQjext6trl9T)kicOe%6EA7dYK!uAXI3q4
z9@u9XWa)kBM!NfhL$;`l5Jm7VIL88BaVY;@3HrzEa~McU>tpkE&lJ3eZ{-)n^uCSd
z%LejAX;iysvWss7SwZB*%Wn{pbotFPesToc@sy=gU&UG1Bc48R4Pq_pL6AmVgK6&x
z*#vLJb@+gd0NGs%4+Z{7=WM~ebJ+$I$O#l=)j4HCF-LhL&=JBIv0)zlNoG%mtHB9n
zF;cV^aRPBpkUW{Vc!+h$eylOTk6+cHxq9(oxw^3-rTcB{T5uu1%14{R-l3`!AwBQ`
z&t{k>4N&klTG5jN0(0{KqkG|vp?XxBJ~Y;cJEM%R4<OPgjE1H4GHcNCVrY~Gt-qL5
zXr(hAq3^1|s_*J9tG=u3n63`CXoh;KtK{nI?#|V@pJ+SDNvM{1{{_`pGp*Fj{1$b@
zNp>H>*k-Q68^-TZZx|<cIG&#9Ph^g;BlKAk1@z-9N_l^Oi<a^p+k&RBnB7cIHfvz&
zlOj8FXt?2p?U1fRkl7GoIAv6}8G2x9du%^4D%Z)TKq>8yom009^_Nv;H<#nJ)&XJm
zpmUMf1obP=Awg0x+^|I+zm9Ja@wx<CBuW_bbJps~DNRh-qqU2CC;Tz{jWjL%H_^Wo
z(<1OYjD(W88HCvlczY3|tWZKY>mw{s?=Zp|KBA`l4kHV_pp}zS;kVqVUSWioM3)q$
z9*@1k2zQKng^@}9s$F4(5Z2#imqvzaBG>FLJ5QBGiWEzosq1sJ>(a4|cikYAkWd^l
zTx<klFWzjlgebVg{>)v-g6RQL_$xGe3k84|-*Q%6H@fpcy~mKQwi!+dC;l_2Rnjmm
z|Brx&U`mSvlQ8_h2GbD+CK<DbDIMqrnGZQe;rV~W{--PPmJ1~MKxl3>skdB+*brUM
zQOZcnEjQqPN;3zgMYXysOqcKnPg#J<72A=qN~5nrL3ynpiC5vb_gNcnXW_$#jHr9F
z@Ela0M$}=<*j1(U9+J+SfO7yn<Aq64;*OmFai>4Y?8!jf7uGW3K8N5}M8y5OtB|-?
z)gp1n8Uy_J6-I}2{e6|Le;7yCaccGs)tzX<jII}zy~pT!RvtTr>aDrXNNjiCr6-sh
z?>Zk{pVp|+buy|jlK#G)q<@&0q`PeTUdG$bN7B1B8cBM(p>C2*Ptx(I9Vh9#8;m4<
zeS=2Qll=%-Y3-}`I19_8HdiFA2xXa|9Qyej5ny~nB=(I412OkeDKqU|p!KtUVo6xr
zpynUmj$i%7bgX@8X)VL@@}?xlM6eUQx{EC{@s3``?pQ|{#9A)AH7OZ||Kp+cC8$3#
z9VSj&aX^;^PuEhUW%A-tq^`MpI(+wLVEzY?v`}GzC&z$$dy;g8CaY>e`k<Z@qXBcV
zOApD~X2!Gdd@YoD>v)p30a41fF0DaKo%uY)Px-O0k$y|P)8D(?CX@_KlPdy8lI6{E
z1rU$G5sU0c9MPWJ$^Iq!=k~IHq5e5V_9F%hCF|r0nU+p2uRa2wWdDa$4*D3=nVxCe
zY=+LN6?!hF!T}|To)GLd-$)CCx6Rjyt+c$^Q8?y0Dlxs59GoN5J<X9~|9h-_s_aL+
za%E^_WuL{@y({dV;*T%G)KX(C@?1ib!lC^=jS*KL9sTiHFd(yd0ToPU1b`tGLm*hr
zg7U#tc)oeI6AF0(8P39xqx@i!V@3;09JhJ^5}N$BZvSc{L1!Cz;{?_%He@9*2>wek
zxntp6eC_mG<`$tIXU0>CGs<w@WQ>37Im&F;u3Wg1?ZQVdMGPRojPMMqf(>7ADU$h@
zb1}c2zk3V2tO;|9ZZ=$um1wvd^yx`Q@bsi<?5Y}SLyEWt!|t2}z2*DHWarew#zY9`
z1cvz2($R}ozSrUekw;EDDOZZthN*|4#3b5n?K%r+kf$d+ek%VmB+|Xg)7Z*O2;M*S
zWY?}?td<V*8OkF&o)a%ZO+TgS7J_uMnKG6mtHrbaTt>&Mo$B#wr%kF8CMq$8iW*G@
zQSrJ{Mp4ncl*x#d!mPXM5e>U%l34c6fLO6iD9H`oRD!muXfWvmB(0AC8aV=J<OqE7
zKhJ_m%|so`PO8+A5!uBjaXK_?W^lmc0ABM+mV$kDBSs|@Rz{sksu(K!N$~x$foP>B
zjy{5cA+0)E$>iP>IG>rHp>OpMXHXvgk3d$?U<6syi8eu&c18!X+$&>2=F8SI6lCO4
zhB759sujyO;mJ7foD&9MNn24GdHIB{i?XcPE}Xt>3`X`&A&~*cJVx*)_0gnlLBb5d
zOo(&JOP3ty*HiYz?(uHQhETipOVETy^JTEboRTOjXgMWc8K~xz{2xh!)9=DN=TuvU
z!*i$(&rgz2=BEbzG)BBgCP<Pc77KO!7Vr+n?T}$TM#6-Y$Lml?OXUU$Hgl7Ew9%BL
z+*yZ$QmlaoNX~`Zc;uS!C2D+T+$2}K!|*b_1ACd;fs8^x{4ghMP?{4}TaZ;@wl(-u
z7n=S>GwRILncyANolG8R?enE_dj?85bGjq*{fJ~cAJr7)V17;j4=B#7A|gYwB>Ku$
zm~aU4ssc=uWhyWq258PX&hI#Frjziq_9NN6C&OW0<Le5jPTjy3zJ^XN4BRc2A4+yu
z>m70f$QUNf(bWA`eixxI>vc5C_+Jui-=RpHv&A9rqs-9$;a4~sPSM@78cH~_wm9W2
z;mdUS^#2pS;V`$xzzfsv;iCXlK&!vG(P3Tf6!IIm@kNwRI)Mks!~;W-;1bnD!`ULx
zOF@Uj6VMc-0`hxhN2^iX+nA%@ohx%<ZB}|JcKDbkkaFon`JtYr3X4@0N^;s(6=vly
zRRM)sc>+8*8g?<oBYGRMvi_8+jnFN{6SYUWrT7tetRKp*79@-oyieX3qiUbc;i~p8
zIdKGvNqasR;%2-+Y1&a8v3caCHjG!^-ZyEwc#sIjG*wfNnlMq-i`ok5is638P=lO6
zn|*0Epvt!kVSz%gSnxV6jU>pG%C!{L_p7$ab95Cpw@s>~K(%pRkahEtD|FUP(|^;#
z;>&d{sMa=S?=`l?k)z=0deND@lp)7PRPFFG=qPeHL69q;fMz1-DE9zCf3p`pFtm|g
z>xBe8z;r&1px>bq^k8V<nk7IfD@XXdFJ;@0@8U1|n|Kb%|Cx&0k%|XuRVt3Uwvl`X
zowz$mGu0Dv+t-Yci+D_vz6#O-kPDSRAHm9HMO2yOrO;)a{~a0pb0pG7CgXxCM$N*k
zd^5`MRWO;d$6k&zXJz~riR8)|jcm#v_9o@|ikvMlX-7l7kyPof^(^imPp85MRRq9m
z(()`mqzClE({!!ieF0ZU$!4~9((Ri%2r~<zA)m>JBo8-fh)M|Y+yx@nie3qf@6^IG
z7ubR?Q44HKYHgAEUa31AM@g=_EwT9{aC2KUjonTv)AzZ|sGhETdqPJV>!BHr{SOW_
zsaK(^<`{MrIyK5IGo#9ZxCT!rCa#a%8aEJ?o_a64mGT+XGU5~@8;53%d0!(=s+mVA
zMB|0J#csvp@T5I?LS}9)VM@FEE-CQp9nQkKsEm3t)aw|!q$&kz)8QE1y~?1wXS6Yo
z!#BmvLns+!4z2psC~p7rCcU`**PG(R?Yj>f#qB!}YmAD|Lhue?d3vhIG$G9HO;<at
zi^{>wDj^;vAvmC#2~Hn6-^^xiM;>T9rRtm)1hs=<4z+jB+xDy@Clf>MZ}F?|8)(+^
z^u4#}dHU8{;w0`X4jCoxYO?<wN{p{}UI@O{EQb~@Ihl~r{kf$X7+tAKHRXWPty${|
z=~Hxe{6=E3(wyf;;{QY^H(bX`b_9MM>j?EaRyGgqI#xX-@9V3Fq}VrBIuhBst2eY>
z-q&b{v-Z<hAJ9)<{px7-Wx6|CZ`ap<$WZ_8etJ9JHPQN>a_tt^hhs+2&oF_Wef2F2
zh;JbSZ(NJkE;sc5m7#w+Nmy=H8=$kcLo&4%>84jhW1}<mjSbDzH|8)j2H1_4zj|kq
zUO^W6m2?=~KP(%Ba8Jl0HZ=IU&!vnEn94KV9TMT2$m~C1Q9DZ#u-JT)*jbYK21v{y
zNU)Q>d{cDTAN9?)>?4>s@1O=>_(Gi}UO~IwWCXF>(D0K65aY$9YMY<zBk7LeHcbk8
z(B>r;n*QsljWvv5Sp3v(*cYAJRf(tOo0KZmyYdVtwhhhpiEnnt-e|My_foSudWJNt
zpGMJ?&yHv&kW#b>3;EoOajy1)q~7!sMq%PYCDq;+=|q8$UI2LZ0$XV8rfZ>2W1(t@
zf<6}DSKBJ@u4}8Y_P>z4J^ImXi*G?wuy<T(GF?D>L-g(Kys#0$AHv^Iwx<zfzcJUF
zOse|yda$4Bj-qQ($7ZJbD6ucfsY3DceyCF7Z<KI_Srz+?LhZ-h+7@buce_BLcENRt
zgxWctsth?fYAHdh1<TKW<xiA{$SEHV?VOJ$e_{#BGJbx}>ElKPu0+qPA=?C5Aw(au
zN%+WMQDEIzAPn8;n9+3az4x{gX7vRkeUJY-hok&pGPgGu$hE>OZ@=@~m3p*s&(wMB
z2S6Z1W<0<@pbu4n9)#(dOuor39m94qK_@@wSoxvL%Uk;Zl+!uKMIEa8n<Z$Y!5Jc_
zcKS#Na59NV@G@7(Jmz>STS9-r1(*QgqeZn^<4)gV2BM{8wwG6jvk;Ds!r|FA-~9tY
zrS|gQdGLEC+G!k~py;%QUB815*P)R=)fTjn83kVSH@@&q%@u)GRf(Qfv+Gkw;r-cA
zCKWS<_%0vSlwlIf_a!;}X%{=q`)rZ!tHKMo9jidD;S+&XWA-IB1s@F_Kmrmp3>v|-
z425ICJN1z6yy(b6%OX!>yVq{>G$srF*~qdQ&B9xFpC*vYJ|;o_fZl;_*A+I=%A&&g
zrqI-#P3k%4!4%v3TVeJ;=mD6%%Q@I&fj<)mr<l<#`XlGaw2)C}E^Ie^wY$G<_nmYP
z5}psOOb2Weq$d%9s}JINRo`3;AjB(-Uy-X}xiM_eQ;{muYtaYm**=VMYg#$MgI8U|
zm-U%!Q1o3-W6EnIeREgCn;Fd*f;xGsu57wYUrq|?rjs_IYkTF1=s9&Z1K9t3<lz~(
z{`ITz7%qm0`g$yB$ROEXdKakFu3DIw(l^5Rqp_;;T*BAkS;nkfK5?Ar%NvC^QX!ow
zG0A>3We$4Hm5Rr0Fl`{WbK*)Uo-m5+s3m>dI_fQxN(*=IGV++G=bMz^E~;9i=}~L*
zbLy2l@mQKazZ#QG4g@4=_z|c}P+G|8CpxWc#Y5AW<4PHF5OaGbGZQN!Ad#K12T|0a
z5~^cJ*>^A!NfdCVbUnf^`FtZLXU4ULi$8i_q?a*cJ<9!ljOs;;k;du*hCVat0*2<B
zbOA$e#|S*Ty6byf-(BBhtathAT}E@`3`5<?y1Isdp;vYpy~`7KY2IZv@FW&C1nSiY
zF;U1+=(V4X-i!ge49XUK3K_I5>rXV$HvG%mDeH|t8Z8v{E%Rt0eP1hg!g5n*b~(WN
zW1i)$yU8tsmJ|Dcr8ok6GC67N%p}Ppoowc{`BJ@IUTbIV3$wTHK>ufq+Xicd-q}M#
zo1}I=WGA&oaZ@ZHDnF}gs6Q<yADu(9ci?4}yAjD$s~vM9JWz@v=Q5U}48t2J;-#^p
z;5|V%lcWpY0Q~?p=Pf*OUbyr$6Wp+i0=W{U*IJNX>wVqdCdu_;_fam40A<^drXm!y
zSd>Ogp7~}foXlNLj_<p7M#Jg^Z{AK6897ScOb<NbuOC7<IE(^Auv?|aPAxQqSr6mp
z^PxJQ1<8CqQ<C|7h9=W|KCI;yyeg0|JjbJRkuP!MUCU(D(`NK+M>PNg+Dz+cqHOj9
z=2D?T7J8!2YV;n8ClS2j9-IS@;JAYxc(lt6dk817cF@M+T`+YObE+%pl!%k9_pmK^
z@|DTdo3`*fb%(}eC&)G=Ou9-qA5rMKT}Kqi1VLkE^x%CxJ@_y&J$T=cZ)SF<^U;G3
ze=yPmyP@u_o%HlT7i}`}2O~Xr_y-+5z%c_oC~AuyAde3{_akkSC8}Yk*AKDuV2*(v
zJhS(F^q{G;>3s1f*bAcxT7REyYl|i%?L}Thkw+AlWY-&l?97&IGndoNEaUee8CYv1
z16bP5?N`OSXkc2H%fM|!2Cxmg8YM|3?X3NLv|=H8DKFO`Ixb@C-LZ>tiC^lhU#4d|
z>z9~L2Y=SW_Oe`sS2UG}k|~Map%lz&IPl-{O`yffv^SJ*&lyXybbE({Xvy$4whLFF
zZk%8%DwEEse3V>8ozCg$5X-8Vj8wt1FNI}QL}GMUdG>64ISVT%=*tZ=l;fj_CvM6W
zXX!p(MyoDMGeYdR0kQXXii6nWjnuqy&sJS4Z^yv>K|?|;XO~#>jdFS`f+C&E3zUVM
zIlaj_vH&x%FmLxg3tJ4{rg9d#2zW!xD65KTg+ei2HlT(JJSr9vBazm+#u|;KJ(((j
z!wz-dK{(e_<v@YWF?LOCf}tD8-zL7ns<xePgJofENKF07dqSQ|F}d{Yz;1pE-Ppcm
zJE~gUQTS!n#BEWA$^y3egn*;E#xp^~F3(M8^T!6Ifa`9g8}aP*w(Umty1$y*W;~mk
zVD05+t+QLJZT>W~FzeXXXz+@+cQv{7d2`d|H1mK|CAnHX?V~En$|_KbS5TnpCcMeT
zS|_~qcWBF8<+<G?(+magGu2wqm?&2(&uxlp<tysGj_u_27VZU|b!mKL%dZ6-KSN_D
z>Y;eHt7M8$>%GpnKtaMTDiAt0uO-5rTcTVZb(7hd8pz|rvNj3De<Wdm?Bwq8An3Rr
zD~O6VY}JW?vA{I+_F?;rx1rnE&jJQ<{l8BXpW<YJnXqJ7m!ehvzWaQbwi&mkMzx)C
zB@a_%2**h{4^$)!*t-dDuV8prrKjYxa(5$$aGET(iO<pXdlKfTA=iCzQXEsg84TBM
zHIi@lCc-ufH67qLP7^ESTQ>=_%2BFk@wMEjE_es;VETOO?B<A)y+beWMZL7j@;&%L
zHHs;V=~49uEA#0w-r%K3d(;CrRBj4As-`35$vt`%MtNXQyhcMG?%Kn}E#~%obyI5u
z)59`vr*!9j!`Ez?pCn(Sg_ZqwBM?w?h#RPUAj)NeJh3O%zP0lwqfR%8ywcP%DGKe?
zeu?}^?;TV7rLU#Mx_+sIckc#czsByKg6_g^)k_%a2!hLDmL;AUOezSwD8v%TPcd6}
zWci_qbxV*o77^YtZtY_Qd{jVLKuOz+*q)Z?zO#WOw#>~X`dF!TlBoHv$A6{yo6p2W
z;C)cV^j;(hM_)#(PY6lE#vm@IYPnQi+O3lslpaRzHMWPrF5M%Jdvzg7Rm^HPb*J<2
zZHAC5rJJ!dVWA-9_26_ZvqxNX$FGsKx$Ci^ZLHhLr=m;K0K1gwc!cbs?X^pA`_btk
z`0k^(<nQy8?PS%jITgPa@eR#6mZ+idNzM1lLRRikiS^Bv_<*<6w&1d`8n5}OW;81_
zUShd(qz$K`i-GH+X)i(})lYxGPnWKXv=!Yv^-7UN9y+-;y?G5O9T|*;Q>+}3>HbmX
zJUW+uA>zDzEsjY$FykXGoK<H&!C3Un_V8U<vw@}O-&!0an<$SqK&KB;r@Dh~O4eGe
zaGdkf>tv0W2CC?TQ=UiE;-+<MPtRkt<ce*EuLr!%5xT~h0)(0AlNEjC60W+bwrAMq
z%Dvl2qpQ-r4j<<H)%5_H+lI!33kfR#wb#;KW3fW&Q6RuZrRUl>hW$%b?5ps18lqoo
z<~Y&C92b{VXi`3|qJB(lu}~}tWv(W;nb>0CE9KuT!(hna;TZ7dcJ$Y>y0pT_>7sJ_
zt#mt1SFd>1;_96Imnd%%8@7x7VQOJz!*=zoUc1*iupbfk4bdgEEyF81Y%5HY=bMy2
zor#<9o!cY21qZ0uR(w9_eUmcb3{Qv?TKGC2XbC`Hc{Ui=#1q@%UL9-YR?UvdagY*L
znv|D=x?42vQaktwGe&g|>QfOhjq&o=d3G6k6r?K5VRN98Kt=_YR}jeXw{rZ1?%s&~
zGkDuY*!I6G5m>2A8hrDpQUBdx(v!%wCcT<~%vu?IRG+?wjm$H{II<gXWFso$08({U
zM_%z3AA%0%9XCP;sBW9YW#|TMV+m_x|8f23UAgMWC*Ke=>i3W9E;89x#KG}=7{>X*
z8hzFrHlZ(zj1zhok?h4aaT6L7!NJU78{=Q<#`t60#;~_dEGMt0Yrl`P{a{sx_7)B;
zWsQzlUZH-v9zPvjt*gePvd_K7Z{Eou$)Q&ebEmD2Ho=SiU@W${60;GlrUNol@qmm5
z3k>?^IvGl6Ofw6Wtfkm*ruGB`>G!K+w5xQc)TeR1YEn>Dwt(0yjECWgbM$5AnkZgz
zx^bO4P;%8te}xjt=~X)9oxjGg{Ds=`|28J~<s<RkKE*cY<a=XL@0&K4s%mW%Q}__&
zR}Dj~2UsYhSH)4!Phg8KVj2V!>WO-XI<2G)yNKxrI=Nmsi$VZ9TJ4nU;(1{}*UFj|
z#0vvDwLmAwBlTiutfNx=7ZpZZ6Vnztey?f^Txw@ZgYx?N2)}iQEIQ*?Auj{rf;@22
z%{%C8sL!ihFa;uVPldrAGGT`*!jewmp3xGCYGcs|M5XX#l*|WJGVk<Hi73mqs~QE-
zck)=ct<gppc`qgMe)&l)c6Rdhu`-KExn_Gr*E>-9Qlj*SPsA<S<~CiMo|-y`IiPeq
zt&f!?u2s8#NrWBgCi1~0^ogs{T8MAy;Ll9FAAs#3D?8OW8y$751am{*v6^^1S)`3_
z=c#vGkjt6wMUQhi>lBFv<vKOP{h98|z0>1Vj8_AC6+`)OJ5GFv8YM6Cv!_E+nFD^x
zQyl&;jEZ%<qne5*JRMbxnkWZh8~zHM)n0GdP8X3^q|%b&dWQc6;K#02t?apdOVApi
zsbr@s*maiAFrOX82;^o8>^7-S0N>fAk3DwtGzUm$OJ3r1cFB*J5^tq}#0=L+%wXdQ
zMo+m}`6D*tQ0W70mZx6g^nq=bPoRX7vr<ozsn`&GG51$Wmz8>ANJaV>TiS+$JG_G3
z-TA|hMke0dtY_jVr^V32cYee@GB(q~{HTKGEj`Nu*up1rqzYXrvRSzrXxfUaIfVZF
zB8Sk%UGVAmD@awlAm8UOZ@@J~TFVc>=F@jxOxX*X@``H=a~|-bVb1fhyHjOG&*`V6
zwF7)!X#t!ZDABE&@ci6hGlh9z46Ptf29;#xDDr<VYtj*M>SpycLpLvCH*c0jSSCp#
z|IAhtdQUCLob?hD4j#azcnHd`xWUluL}RlO7Q3Y^D%bI1!;HnO*n5|<IDR#;HNk*7
zCLGWQ*wgyuTr?mav3DvjNYR1P4lMBrm0&z%Mro583#QoD5Tl~^Ptkk&tt?o>w4*1=
zTIn(~lw9z+?=(&?Dh2Po%MG@cMeB7N>*1*!ZLFK1wE@fZ=P7{EDo<5t(xK}nr?4W;
zto&h<K_PVwMxx$7P7zgxY|`W~_npo{sF}Sfj-GE<8^0A>xiY2|VMVHPb|cJ4SP9in
zY>cbEM-%i;sgmoCILXynn5ry|tE=?hq_cn~sdD0>xazohNK`6LRb1ajm7#qlQDta{
z0fk5kNuFYmLMCDC>-uk1mB{j1M`n?4XVT}dv8|Yf;RN@@tAF$2Cy*K8s!T9`%EHQ2
zrF?^Kp<Qmi(C;t9Sc7llTI&(f8BQW9H21d+4jJ^TW$5gjUJ(EYKJ>E|xrmJL(1=3I
zBGD7LLToq@%MiDV@=0KbuD)^1P>C7Tz(^aMXgZ!FV~#Vn?bLJq{-qSi;yGOBknbE>
z*nN@cYd7JC3{zxmH8NHf*u%Fb)mOIs6bFl*DrA3d-{$nk<NQlwxt}r+NJYauid9Qw
zOzpeNphMEpXSS=iPS#NaHI_>13QS)4b14f)$AF<YWq?VP<e0R}bLr4FqhTME8PCq&
zU7FzRyxm7toXoR{66d?Cb*jO`E4fjGpCc<}@(Dje_Q)>vE6w2Flhq3pA0Po`KeMKZ
z%)~(C>Wy9O_#$ub3usR$@#DcXDL}~<`5`pHUR6x5)iAs9Yc<<re$Fw~{P^-WG|F#Q
zaABB^!1KmIG{%-fBTKnxJSy6pQ*IR`v5MF7vs!c67gA$G2VcMtzqvemogXlS+EmoH
zbP3t$wkvb1Xgtcv5}kF8gCpq$19?9UgH+a)=*0{ww)=TQv6)!xA0=@p={ls-YImE^
zW74(}^sD6tdw>qhCO)4C%RVbZQ7*pI9Y^>+@Wqh<;hSGGppGrk83o3b8AP_xn#eXh
zMheP+f}roUJ+~d-#SIg0jMZ5SbkluxQljZDM_PQ>(kN%M0}^rypS2>!+*-}dt&?w$
zHLJ~4j|a->BmilvgWfcaMDB`{8p5lY^=jX9oFYF7q+MC^weECbU7WE3514PBYCQ4s
zB}tU(iI)#aqBNX%dFX57363t<(eSS$@fmHHKaMim5Qs{M9QY`hBVk4x3Ut?Jw4peR
zn2a_U7eYB}mej^(v_YbyX0%zPe$_JC6xAlmXd|qk*d3PA#x?Q3OlQ;UO#s3lR~lsP
z$s^7uXYVUD7QX&Gg~PLA7JF&T^A@)F2Pg8ye+W<2eD!4<PIvls9ZZ>jkaS(WvX%6M
zQQ4Zclqp-UZ!s!cFTk@hs3NZ0%bQfCo+K2~?umn`Cv$A2B%!=osYBO$<Iol5zdx>J
zO2B2$8<l`R<mi=vQlOwp{i**PC;uNIqn4WreRpxWsf;K(=D$SI(phLMULLnNAGgM6
zh@H-_A%^Ese)Xq0s@=FQ5}Bh6UlOHzLy@rE5KC#)bI(8xdx3x_e51)bY0Kh>S+z#?
zDpi^B)AP!VRi#l=(B!sLLb&oZ7I8<+!8GX$BU!r*QE1W^@kUIhorPZf0|CIjUKtrz
zDC~==G@6NilQUx3oeC9%gQYaCou7I9wt96i-neNhf*oM}$<;-lH#U3>p2lG)o_t1^
zGB)(5zfb~LGR6o}7EyC=CS8~e(ryObT2?E{?`MioH^|cavg%$f<u5iHv}a~miWZ+0
zgY5QDV#)9uQ$CM7J)bh5LX`|NtJ;%yH12iw+#gSO4t2pVyw5h&vIwtCU#+H#wFz_A
z2;PBIm*t8T<-;NI?xPW3a$iiL%I--MeSA#5Nj*j1gbXq3j9A{1BprM8c5Xm5qzjH_
zrmPlbDp;@Z2W}y?uA$Qxb|Jrp<!E)?fLVt-=G0@yH$umD%r?9lhc8!YX~}i@6`~nk
z-D{%BSbwU_(2}v@h*>h$W%z3Wk55mK==K(#?tVVi=2>nRn6xanf2Ix-Ww})px`o}6
z$zb*nVA?voDQ4axR3f9$Qp{)-^WU!K(!PFlG}ZR<MTSomx=-JJV)*n=-KXn}4gNGL
z`U!EJ<u`W75jDlJd<u$|vU{i5P3ChKwUAU@)WWSvvQ*c?MIUJr{Yt`Llr(}2kki;t
zJTp>6G;0>l5A72zDX>L?^oZ+f^QA1Z2$Bsmb4j}e?-jpCFqE<8?@twdFXf4H*+P1J
zN&FVquIMhbQtimWfra41w+uD6<Oy?wa@q72N-XghB6Zmux{ain<uv}s$fMXD$I?Hh
zpj=t+kavnfDZ7;iA<3umg_3Nb%O=t@w&dp=sFbQ&@bGrK?`R)MrdBN>O3&!e>K5(i
zPX04r{vqF64=)1IZ>7<nOIp-q5dB-#U*}ph33>v}qZ+9^rz`c9MS^snnNByEZAGnp
zp;RheRKM4(0nH|qREoZPCe+()<_tml2CW)rp~w^q9*G&A>bPTgy5M<joQbZ2a>)0m
z3MD-qp4DdDR6ue0!ip0BE``<g_R;1H7rVD9T6=b$zBXPeiVaX%_bz#r-Fixp`aepU
zWIznTAtF!#7C@<S$>pDOcH_N_-mVq|d7a(&QGddhdDwaQrtvZTUG${BzjUFbLNsp?
zeIq9b-*oR<bST4>2?CG%doft?E?JaEPI%ldUj>h?NJ&{4_fI*yDI#qi+WJfCP!1V#
zq$#5KlleW=%+{WPds41wMgb~=Qa{ekCN5HmaZ-U66J1VCpM=?KlR0$hN5~BNc!A$#
zGDnAg@(~kV(&&)yAy9cL%tFb75rmg@l^~_}fPSqf-J1ZF5l+g6R_(q+TN&94zHL?S
zrxQx@%=|3ftRQ>?piWAXgR)cuP;>ajBq*`nKcpH8OdWuChpYEbmzzPo$?;o?{PrQ$
zROp3jPiu!M2U%4>CD3w?T!h{ad=5&D8fw<?Uvf|)(?LYYhYr(mOZ$g?E&4~B2i+jd
zdW4QE1|pej`cIy(;;YAx&0yEhn{n;E)<@_9cTo4t?gydM-wED!$%Fu&nqLMD6{InE
zU_f3<fIuHNRi)1jgT@HnFW@s&n=E)gvapuq?Y0$<(RNu^iho@tc<w2<2GKy?>14?4
zn}^8txXo8!dfXPwCz#+lBf^Gz?$jgNfx#xa*w!JxhO33EQ~+B+ENryZ+g}9iUXNEL
z^7iBcle~%#*L68VDOg5ApwM9?>h#;;Icm0fYWu>-#|X2;UbJrYLn4`H7P=5tIv_(0
zYz#OXpo!=yL*iy~_X^)b>p$pPSMNcN@pIhcXKcdbU<{Xr0EUi;47$c$1K;g~9Ik!x
ziK4YdgRT+mC&EABJO^Flx@?fcot>c8weEdT>pu7z3fHLk;@OlM{s*2@E2);3;u11!
z5oT@cgPD@&oDZLZ$`9K8pxDmal>eNJHoh_fo1E(-D)*h4_<_4CBYK2d9Pb-a7=`{9
zEfgRnl5~&<yKsV@Qy<D5b~I8{Ms!(_=3~}!pM=Z_#m1x#Jw0XArr_QAAkMgKCoA~L
zgNWki=)R7aEbVq$mTcwk&6<@d@qn3^ijPq@cIn;-N`!w=MGZl+BQ4UzjfpFw;>MM4
zs^Z2a@Js1MJeKgt?puryxBCe2HqSv2cFQlqyB-gv3euaf%^KL|#02f$*Ka^0kRQ<p
z!~Uf~Gsx_KF7zgl!tcmMiAYQ)4(usUmHmuCBX>cFsDR-}D|o+x`YY$)HHD!^(fCE5
znLRH+0ziu3oj#6$y@a>~)kBzf##TLzz;IUK$uhY{w5}GsuMSG&?WBFzu8}Q5Y$AIO
z!NfvWR+&!dYIs8vx{khqn|Kyh<n=Y7>#|0oZ_f(S!Lu5am1oYOKncVJK0PCNlQK=F
z8APp2(1CK#S;N=wuhwXpGEnzvg5Z5$`(#lr#V8v3olGT^RCr;lAMQ#Qq*3sbcK|a{
zY5~bSAK_yYduvWdwHoJ3+@v*0Pn22*8+f(n?0^ElGt=zq;5mD}Ahk~>3@4#P@YXy?
ztAlchZz)pg;+{DHsa{wR$ReU0ZFTg6F|B4}t4X#Mm}G+duk6kyAJszx!r~;t{{;b{
z^sF_}>NgSM+!O7#(vq4T?d7B2#>g4vW}lxLT<hw|g$<!(tLV#{<QX()n&5rwDx~az
z(o`b<_JC79VWZ<%xpXPUJlY+MOJiJpEBV)O5Vjfni%5W*$6n6ssq)QyX^ZQ6fUB#&
zrwr?*gS-T?pMPjIanix5_<OUJv2_10bZt2`X=iNSDN|b_o^~q2C~!{`?8;M@(P9<I
z8(af~l2b(cX=Z$MNcKZ}_mZD3J=&NCGW&xR^4>`Mh#&`hJP)7;t2ihP_c49)FU_Mi
zD?~XsV=u|?@Bg(C_a=?$j<P&z&Ho#cw(5yE0Hu)XS;|OnCN#y~!kBk<!9M3Qda*_D
zR?%UUG8FE8OKWH(m*AQG2$#J<CSgC*VG^lK6G%tONJTugW>;5F^Nqr+FE0gHRHVWS
z_i=c^Tac-WFzYB#DS5M)?8mBfc$jt2Re2^&-9C8$N?U11!n&lEcoGa$PNTs@>UK1d
zdxcY9rK$<t0D#0cA{Bx+pXLbEdIkL8G}D5uZ@(S48YPQc3@<g<)C<~r5V7?xO5?k6
zd4_&BjvisaXjNbilEOetyl^YZ4S>=hgO5TPd`J)6MhtV85=QwKFCipdie$Af5_2Yr
z@%ycatQOB((#qHAM;MAupY{8(ubc>Fz;nvAp-&&Dv|+7+l--?=)e2*sdGeMxDWA0(
z{!W{BE-+7D8N*PTJvm`KB<LX^n6L-9(vgE>Zy!B4p19x8g<+c5AD^QRK76`Zj?orO
zwCgzrvh!jRE9Es@4v2$;^g6vIgaIUQ^#kA&hw|mZuWH&Z-Ps*Ne#<48JIPyoi3Tss
zy#@_&pf!Ztg(}b{<K4=D?~Xg}hZ*(9tPuVoFr(oxqsw$aD`9etu|2*Fp?+F(neFv!
z@UH=Ft-&`0&dFW%;OtfuR~keDgiB5UH71pgQ`Jk0a7nHg{u}_FKnK{pX_pX{B+4&6
zKyU(``p|3oKK2+XKPRI(0j30Q(fTlwXP;$`r}0_AyFCL>!#*W=ZT+$LY<Cxxpu=8E
zM=G?tQYwaePx#6j>9pTRxQYexPnFUf+=Z3WyZ8qXgD4o#l2$a*_BEv<T8wI;2Sfl_
z8i&Fsk?E-uoYsAUcMJ&mLyLR&V{oB<>9D(!#gTJbmVTzkAJZ#eFjI-mRP+!nHs=#N
zW3y%bOnJAcj7BMVos<xUrZP0w-VYkT6=Zk**_~M+9l#9J97LytlCok##k@&*w+~t(
zc<<|_@=kULNDA16d#Z}c-es+qcBM;<7BY=J--Ou*Cesmp3Evgvnq1=x@M0mN^YT0s
z!SJwM_G1GD@@WU&XIB|+H-1im++1L70mXJ4>4@zeo=VJ<VIEp+>252!)8ziSKtAN-
zEt~_eVGB;iK%DXsjxK;Gucp`;3u8-UR{pAD+WTGfV7>R1I3)F)?JIc6{7tM71qV}T
z|Bs+v-*8&h2lV{u;Bg)4-JhXqo=C6@@Di1|lhh#XE(3V#2@+zFdvGDvDQBSH^}XY&
z*p-)`6Hu1dYkGuAnhUq8v=})5m2|oIh5~Di;N3C=^%=Tu5acPq1VF8;ZCMpG<zWUH
z>?2#89HV^L!1BH@sRD%gH4R8aKVr~4Ab6KHP>z!jW4AUsv6nC0bCMPuv@7dYK{|zI
z8Ecj6AzN|pPPU>~%qG;S3;a(2To$8_k4*eB!&oxS2CRnGESWeUOyDe(R9V*x(sN{<
z-CQ6agtpxu-s8_Sm7?V7m~jsOIE5iKm_@U=_halG<;@v04iCw%7DV~5!*ig{;ip^0
zqA?pgM7jAt%yJHj18s88NBF0X3pykG-7`k|Ef$A$t5dMUNPt9nNUh*FS>cp_#()N9
zbbOaM3XzFW`r9aS)o}67&WMMoqBPY|zHH_Bct{;DZehU@^oQ`;$#xSoiEV@m@cv!U
z>Q_N)J(=ieVq&GPQ6N*;kRZ)&)r1qe;tk~!Tu-w%;GP1j?DYRWk}uqSGG9Ka{DnAr
zoc^mkeTKcK%ib1^LhbGtW@@n@g`fTNCHlp-IO6u2=plw+R(3bCd_>ldLTq*f40$sb
zSh>V0c!tp7GKmUh)rjVD6o#!1k7CvYR|aFoj%7cYF#7IjQX$I;C%_`3Rcori|4e4Y
zX$?(&3`o3Q@Rc_?RVsB<lvm9G@C?j^Zb%~jetT2IVg1Q{#K|^_IxhKyQ|pUFBp9eC
zV0M_-ILzfBdP5@*gY;H(T9f7wXT2T)34eb<dP&eWywf*sQWSv8^5S-`P_oMA8RP|>
z&>pP?Fu{sIM!W0b-}SCU)y49fBxu6&lpvWCH1X!u`X<f}Yik702vS8C&bed*iGAHD
zWqQtL75E>+Lk7e3+FtH3P3<C$t<sdOyhjJkbh-m54xm18-C>TuF`}#_U#rc`&Buy#
zEJ}<eyl$2~SOo98m!Kj-lo{B2QkKEI@Hl*w*NMq<W6TTP#>+__63xv>pqrJ5s;-3o
zKBhUMjINDDya7Uvbs$%QDy~>tborB*C5^F=h1-CIgpX0|yz)&Lb0bh<=O5}+l?CXd
zRB(x5U=7{c7?>z0DZh_s7(_OdAs3^>w3z8c#{iM~8`)3qHrNlhq2QgeXvtoQXjVva
zbSWwtGf3SKg}Z~Ie~`pY`Y57?{C79&Y$^^JSb^7^6*a1$s_nsayUe13SRi;`pciG#
z>avuCUKvz1S1?_9^0aY6?(W73jkwk@p?<wCY(h6pRBb^&6~qtN7Bk=%`o;|SvA%Hw
zW<HX~2^4(ncq9EBE>El449e!a?pKBBM^p5&d42!3Wb<z|oZWbl!6@b(K|>%V_dio_
z34~@>4^nY&>CIGJ_R<}WS92HlZcEKQdXDRq66S=|uT?h`63YmUfww&MyaA0zUi}}M
z?=q&qk|BIUS<V>qU8!omt9B<a-wEE?6SegdyfY>;0V5XS1X?uRIu^ZTex#DfHO%GN
zi&aIELJVO-j-WV$NL7TSdD0_i=6BZ^eNJE*NPebM;%6fB5(y=yLDvi3CLpPU9u~YO
z1kEHaGHoH80{pJh(%!6Eu~FywDvcG-1Pyi2_3j#><n}yo#I-Z8DDtpti%>G6H7~bm
z>e|Wcxm+lelmiLIR&qN|JsJL5uk}kyV^(NmPyGtL@VsF!U32Ay?WGgXs|zz{M6+&1
z*j_p@$+(x=-x0Hy&fI<hdx@BcwYQ#$%zZwgsUprkv5eGeGCa#aI(>6-XiO=<OJA=<
zquOGo!yN>!UDu-7)#}}Ym`LD&J!vcMhTH9(R2nSP%a>NuEGtCcU7}3(NYUI%mq&(S
z<w4`<;0eP7HySJ~FB*oOj!_m9#KM!9&aU1*$(-Su3A{tz>Xd1qOoSoXV)CXY48=r|
zS@Q1JQ$?6MmUa3km@7e0?dN1*1Zv~(-6>|Zig(aRU7bVUGh*jTcF66W@?xwN<z+hG
zu5$H$6zQ1VWO1C`<e+LdkyghbRJey;*=d(&K&VNXzlKnibe&1wAKK(La!_S7nW7Qb
z+6&&Fo-(3ZuUN9(F`jJe@oSesHtqKZ1AYOwL7f3)2!AKsG&tuOhsoMQzXfSXFWS&-
zIIBT}WpX91tgZOrh&?NmOk;(i&E9gEK^__zCkBTrNJLOJ9{g30&8G(q#=`gDkvj=}
z68Giho0LD*5>4f@)$!+}CT)|>qJ7QtaU)R;C_3AT;N5qzCKn1NTWvHJZWz(5-O{dT
zmzWs-IjzeX<Q;e|qPY!HNlYw$0E!)aP7j%DpG#mdTFP|LdSQ0yvrv)g3pRom8^a{!
zky=$RXL`s*gNbc2yB(?`Yuz{58KUOHez*WzTfZ(U1CS!GcIKUeJl$D8T-TrrqDkI{
zBe*@ub_mlU{ubTnZ>(#IMD3xp-{1ZvX1@p6ezydvjO+TiEic!J<&8<=9TMO9KRBX0
zpKo~}0Ni+~ZTqZWNM~6{%Zj2Z#ya>eiyCgGnN3J$K!9R#;sj7_`eO#i>hAdf|4Pu^
z71G^z3DPGQn<#ast>_h`7b`9yi?{nbADP2MW?Dt8evE=XNPVKsJnvHEZDdLM<E7ds
zv?M)~*pei+=q*W|RCucPq}D+fXipMb^!6mxVPqHXuHyD2Wz<n3lcTsy>Mc2{nHR;v
zQ*7BMp?PNBQH+<{CrB4#3BRSAt&HN|1~aq8&=7__7th4|mRO!#C+5k;`<I;lXPM>V
zV4cICpN>hxW*lOMiw02!rgK{GR^FV*9|?N@xE5|{|GX7%GG;b9X#vq*ial~<wIC;-
zJ--hEc4>%~KP9(4V38obN?O*5aA#0-Z_CTg7Nlp$=n*jED6%#=t+mq+z(0aCmhd<`
zPbg`%o)sk1?aZ4|++Z~^tSQMeqezpd8a8h<V9zXTBJ5$dOcjIH3sN&lGfhB*5Ws{>
z%*5#aOgYpNwU2>JsoZu5P41OJS~Q}LnLo$VQ$}eEYcyXKNouatK?4M-;Q(pAHu-14
z`(<}RnR-ostEmM2Z9omPcQCR9vNn+qc`oxQ*Abws<@ih91Uw9Wm5b&RqJN;D=}jcd
zhi)0h*clV;@t`wK#XF{_CT}?X17Y2H>nVyQgqBP+f}50Vh2#)LZXgWg(KaCJCUN!q
zPw9Fp_2zgZQAM_<I&I{Sm~G>nP5#9$pAwnphC4pk6uB$I>03<Jub_k#HQxtbeZ|R%
zOvIS4hodkkl#ngamOH&2rm{>&8Oe1A8TPzC31}$7K_{De>TJgy_DmS<@}cTz$7ZJ5
zg_2yr2~tzSpL6FU04TsL0-B~}FD}F1p=U>MRm=Mb#(k2R3+iKW3+{-S%#zBbPIcgk
z*??%JdZ2T%gT4B7_77Zx#X`^8`7-kL`~JzOytw%zzILLynyZ@%W^&|wD%w58QW{t|
zpr2hn3v>-6R9qio>A+f<F<)wY1VafvA|IP~?;}ijeN1B$<2ak}(Ru(Ah_Z`AZLo`v
zhbCYbAH}c>7z{DcoMXx<N?A%XFe?LL#B5Iqd$@^xm;nJ_u*I-R=I$+AC6q9Z;vbu7
z&dVJL8r__z^o}_uY0%Uw7vA&bqc(XDV5&pjj+WMTW=$esf(xwj>_d;}dzT-H_73>e
zpLg#lTqBgI5`sB5Eyeu>pCAVC%G5WlLs;}2(QJz>AZkZNG$0BO!cVx1GwyJjUOv_Y
z^>HMq4~$y|E~xiX+wC(%MJIgZV*5urvE3nWi;>))+QIC@`O*Q=Kg?_|zCrLVG{tHy
zsIvIG--Z+%uVY=;s$sM|51Y3$Isj#Wa_0f1-&!EA4qr<4*!{xHO<lEZ<COQ~c9DM$
zy<lTFvq$TL^(g;nXISf-#}xIs+CHdMMzyN>vgJx;Xse3w9Qz5+OV1_4yq*pdS)|BY
z|A<teg!ogj9HSGbB#h1e`{R6_efOlJ0XK<LtOEZNcmZURXsw#uAD151hDUb_vp>MO
z$koJ1fD}O)EdIhy451XhB<r~#9m1A*<lU;rZN7YN99J4J2kY4ZJX~e@0mk6HpV*iy
zk9h^nDE=u~2Q*V5Y!#%?X0HENT2cVStqLCQpz0lMns<)3z@1hgrI342`Ds7GVRRA~
zpp#fQVUqIv4)$IbtCOTWv_oImoS_!B@4#3uJWq-Tc=w=fC{EU=?c2!^NBH=iaVB3D
z-lJT%CswYVL)&08OTgO5#qAu9_#$(kw?Tuhx+{(b#o+oY+Y-f6%+<wGYyt6gr$IfM
zzB5ssk92ho2-5w=IwED0p2xI>-GY?a#h};z(!OoImPn?D_!AK7H-1(r<Cz^C?>Tiy
zqRjX0kl3kOiQw&F)*@K`2jkwf)L%31IR>?1+>?`(bj3LLAzck~Pj7djbDyWpy=lA7
z9-d%N|0SepI|P>J@w_3$_27D5+Qnc;oRQjwIUL45HWZ7F3f@8cKLrH|-bT#!*L>sD
zt}G}>@E&F_rW{9^GrYSE(O}FVqiEoK*eKd*;(;>v1pci_<c;Kaj+)uaR5~9+u1FrZ
zPo7bOS5lc6=KeTU_m^@>7v}z{o=g}o?kRXj<#KUxbgq88_s`XDcQq0pq;Y@}X!>tF
zCP<5JBg7@*v4!FeDzb=_MAiSNp@=FX6AhH=i-*H|$8CnbZcC&<3ni#PCvnTdvx0Qu
zcFj?gBzV`}u2~jr-vO^M6+e*Vw9aFZXi2|~jYQL;&Q1=gwDdI1*jJ=Eg^~nmgZ7Zj
z2P$|m<}&n;)n*>3>St(6?x#EEvLct?N1-X&HZeV5z|z&7+OT#Pm5~VVN*yoU-)<C$
z3nzuHCgllof)7bz=4Z{7^)l?m(Ak$8c?=hxKc5p$+OrcTMuV|3?M3?i_jugdO!38{
z91Qj3Lw9eB9rok*8r>;d#~OycrL7oSb=XO}YIf%;B|5K~bVrhrsCDV2Hwm5^WFQ~D
z+u9%>b{_w*iMYOD%wLW*#Q8~gSq)?E)!|phoC1(8Ig(~N1&|i4tWgP>Gowzw+d})r
z&d39?ufv^;9=PN-NKSE*vUfk>86#<QQ3sK<Fs7vDhIZH2|2s{8FX`84ddsbC&~zB&
zpu~gx;XuOI#}b$B-9%JX1CsZ4!^+~#LTxdIQpOlc8Dl6qqJq8#b9ic~^6qFugT1=6
z(cpNFE6;7vdrhyt$x!=L>V*#H?ZfJDM#FIC==ibJ^*#e0JfGUO3(LU!ye&7=X)NWF
zgZd#(HF}&UbZ)yj{Se(t+3>#n9`C!+a47{dV$l*0$0KSCmxiaKh)H-M5iUu3T<Yp+
zym4y2C!pccad^R7Vc00lG7W@LRRFRR9tBd>PLh=0Vn%7SvMfOa0hosW3F?S)a2<b5
zu1Wkcu_0cARqi~Iz_3kWu;`4x2YUUErApSMu!>DMU#%ggf$`=<K7&xf(x!;Ak1nGf
zt!^ph-u;PWzNI>u4_2dalR@Siy9v38&aSO=+?iMdIhXMDOAQg7z5PL}YCYymNQxlG
zy~fHpZhxzu3r2p0;{peKEmviyIa@FSK91kov4CICZ`TsPy~@Db&ADyx+XBBUQ)Rg0
z1*r;y*y5FgC=d2zXgnCWZ#1laeu}=kpF6kF9q;KW!RzgWst+!0fqXjj>Q_yirz_Vs
zCX6?VafZy>U|7Z38>04=*!7>MTYuo#g~pm=H$+r(w1RoW4fdD<c|RZ?3!i6!o-Bfk
z^i_R4_LMtJCW-(XdOL|Bqd2wnKGcAAhO;1W{H8&rH+$Cuy}_mpZSs!7ixOSh)@=hC
zLzicwiu_FM6a{aeu-dk?p6eT^*5>|$2ZagJh^Pwn9VRe<*2iM`d)Kq%2A$QSu3gIa
zTPdC)y00$Y9EH)9+sQsIGQTA^*^oIr?<56-Gh4uRuIyRKL?B2P!$;+clQ=l04>${%
z$}XRCa%+jNj0wgh3)$p74%E_B<HK3empj65xyxY<xJGcpkHi0fIls8S>a7uGznN_`
zDUQrWG@Jxz=*na!AZ}*HrXBLm@Ir@wnAs_xbXbE9!MVd}ZibP=)W}r(Mz$)*GlSc`
zqcuVPZoehhfhl)VC}+$6Oq=gIA8np`O+vb?niglC;8b}r&zgvJ!ar-AT+~QaO}(aX
zWgyaitTT!-;1dpU9bBh?18=Id=SED*HEYRG&=&3r-q1PK#pRUeX$MFae$j*hiG)9u
z=a}6pkpQv{tu6)fQAJ)&c4zciD2o6ab9U=?Eahtd?<Fgcr|Xzv*Ig%B9alEias3H&
zyKM=eciZWN;?cIB6TUuMuNQG18(<Jp?r19-*j`K$j(?S|&FBc;Xh`^a$xjJKklGO4
zj+mOrL)xmDV>fKi&?nb7GoRZ>SCFDZ@8$NWr7HgKDe_SZP*9#?E<-XM&Slok-X@B0
zC1oh|5NpiIbR*^-7raX^NAvMqotY5IbN$z0u25F~{3|MO23LW5noXKd|J$fKjOj?2
z(OZ<KA@bw*oPaX?M~xrE11u2y9}#HEX@)?(3<xw1W5jRJomWl`Z~UJr!_f0fZ3v3<
zQisQDId%91*evI;nA`h*n*W+zI?ISQ|1WkiIWWBAf1dTQ^UoUf^tNWrBbJowcJPUR
z{C@+#Zr!2bSCr@~FGW-rT3@8Fo<{SfyFL4pqyRf}ZYLTh)4$43xW{#M#a70Mz3*{T
zbj4*zGtO~q80JPG8HQJ%w~C6h5M?K`8*mm4U_!wlbUSMafX&hputQrcMvX-&3sOxv
zohg6VB=7VzT3lV3w6Tf3%{PUQ#E4z}RvCn+OIBU@gu@kVg8%rNCX^)YNGy~Dc+qKp
ziwY&}*0squYEC31fWF-c$>pC;>ahR6MbIJVW!TsL8gh>Nfg|UqdY-+Tz^qi1N7R6F
zP$l0$cXeVsUH0pE8re?tmCiBmHz$r8NN_NV%lpZK_g_7<qga{|ad+_p@a2sjdWrw(
z9>1!}+(}K%RgH&RVwD+-;5GNqnJmjxljU&uvd0k5zM}j2dwUAh`|jsARkjnnr9HGD
z&f?+iG%?cqj$vj~e`RJa5UzWiPf2Spcn|kTprpb3Ck;IfGxTIMil%VQ=|%U;yxA1j
z7|j@(O2*I>rS?dh$Z`QhZSBq|vh3)d2w9kpapg+3J$JpM?c~c&YMPVAXY}r~dnph~
zJzNo5@Q!v`g`Mv3?#1NxhXM0f_MVKXl=R1DLUSr;8k3lM@Br;x{b3p3N=(HhQ`CXy
zxEXKGD;r1j?YU0sq17Neu!rFbMMOq(ThybQC<5(H;Trmu6r^-8!^mqqRzkR^QDo!E
z&pE(4DUdh8Dv+7cE`KCaR}CFW*uX)K@V!}6LymatbEND%XhLsT&K7wd1t!Sf%Ug5m
zJ*&*2cLpzs+%b>2V5gZ!%F_>;+y{NURFhC*<_D}EYi}|Yy@)|sHsHU%Ymcmfw8a~l
zelwLv(wNYvO>XNt>nZn>4o|>rE6Ozq-nw=$tu3yHRcw19h}>gt9^)RP7_hP1Q1V>9
zHhASD!I(b#sI2?F1jmLjSj+oXJIn!7E_mpw=(7>^Jh`!TRJ=lO|D#E5mG=RfTtu|)
zn*1AwybBu4Vf92-ZxoG@4emaw>Su=(*%u#`!*f6m>soiYC|5bN0u+s7Uga=X3MIWT
z$JY0u0fUxMG}B1gevopaI6UV%3K9k}uyqm{G8M=tpp=#3)Y#aCHz#1+mb^HR4TzQ6
z04gfzNW~nh3glLi1zrHAQbAwuAe)0wk__a+h8I}lokvA4<2t^KJ`r?y5nB#-!`L)i
z(OsAi12YuVyKZs#hQU$|1Hw>~tP+O%NR0&$rO<grJStahv;N>J$0cwi;S!vk{D{rd
z5^<$NsWVQwfi$oyK4=0U4+kKx64{_84+KU8McgJTbIcrS{y(&R349bq_W$%`l1xHK
z4-oDvYFv{Q-NZ#D0-A&XJupF(OV?xBh0S`4I3Xx#f-?hY$AP%Qs;hYGy6e4444@$g
zB;Xl9g~ba|p_@SnSMFr~@4c$->6y$#{H=dKhUxCQzg6|#t5>gHJ&T8$zAl2b{a!~#
zD}#`MD{Pe*%vd_Y`K|KRWpAQP!3}N7Xla2dTy%moQ3FA?w1}SXab6OXLV?`EdY%C+
z`Zjj!$miqj>fZrLz^O?aqmwP#@l(hT86rD=NT*Pn00f*J`$W%di>{QCWGWx~#```y
zNk+CF`SJ!@sIuN8yWM)c*^y$vs=q_UaZC1Hd|Qnlt}PoA$NQBTMb3wQ+Zcn@GI7%J
z-;i^SUkRaBCv>n;GnsL{#<X@7jrrM!MNc8KePsHj7ulrW2lP|h+8a+xX3=vK3J}7V
zbofzP(Lq0A-d?gId?AK?LqaWoBd&Ua#>$OoMJTzxZ<2hIY-owL;yY$V_$iPTDf=VQ
zogNd3z#IL|@p1kgbQu#Yb!vGfRhiLp)|>21qIbPS&-0125;d;NltZ0t9E%}?BBnLi
zz)tv)1cGO|a?3^}a|KX@lj47gF#>%@j49kYL1LD_fTby@vQr1Q(+FeIFF!)b3*Nv+
z2tP^bN261`fy!X~*(3pB$!AvoD!Tnb#<zbBkw`q`?-|jpbH0e#5*;;^ZQzQ0T%oz7
z-;K9sZpcI$_kf<emp+J|q|QL3<C^hmTqhnv6FoO~8ps!R7}?td2^upqiqe0irqAtW
zIW@K$)A>INtvqj&)==5cPi=~>CrrAnZt!&G`5~t>jmI)quh(6QIJCnT*QdcKS&uo~
zU0|2L=Clcu*n;zzDAi0z?HEr-l7scbNJSqQ>Y%ZJ8ejq3S4Q`ypeC0k<ee4TK4_TQ
zN@Su_#oY9R!4f|hoCJix36hl0GQjRS*kt#O9c9lxC5ica3-HKvWd|91(ftK;Is)p;
z=(MMyK0r%^7WB|fWs#Oxx%+zN*LwrwhwGR$k=+^4Tthj>VMd+9^@|WZ*HHe4lp**n
z=)W&SOSXIidUb%ZFb}0lPYosD7ty^Nm9VUmrL#K%%s-%@cD6@6R`4ucWK6fNVgG&e
z5El~g&NZS@%R3F$TtUH)jZC7%x$iNvg;q(Z)=i=JOCWKVp)|@*a2LowimR%Sq5A&P
z>mhD*yg#a^<9+VuQ2n7hqTgZGZ`?YI(Qxd+>AsZTI0O)V_uyG>tdsjMbTKkJnk{z&
zOhKWPhVb-R9bsfey{LmQ2m~~D^2YeyKd^o_rVu@Y0>OTk^rPcP@wVaMpjQGzgWad4
zCvxi9(yp&5lmv*S9zj{2XR+N-{Cg3yU;}{}1@bfK8(0Ox8++r``UnYY^X2U%@BWC3
zT(!?>jqq!B#=Z^nyP4q34FA2{(dGseo^yT6(=r`Q!s7zs4DVVJov)N<{|Li#9hRY_
zzKf)O9nv(qZxY7*Og`q7v{bVE#f8CRL4nf2ghSDtO5~hXm@>=SmDTL2cF23~zdEbg
z!Hy5e>zItm%!XOZm5!`8LFk>yMRQIQ9n7@Y!Hx^KYK8GcS&QCr;Fv@S5G%0-jpVX+
z!D=gWwA9jqtT^oE2tI(B-D{+)lr)J~>g~|~HF9r<{`D&R*rETvRXw?g`r-!s$n49J
zLVkK8%Cxy2{UDrh$X|r^mmOpb2YRbtPoQ10j;<SEb!|qQl(co|gpxw*Nvbe(&kXrV
z8aF{{{3{$ReFJnQ&(n6W8*FTDZj6n+;Y~KSZQHiZjm?d1+sVeZH@0=}m*4;W&Y3ga
zr>keCsv2jyy1E|4`F!MgA8e)PGI+<w8S6PY8O)ush}>}H;OvZJ37YB?37Wu85v>%>
ziC?KjSry?qC>3PrE#s%u-IL!f_MG*6>5?9G=GpWlVeZiKXOMT*HKp>L;M9|^J*r*I
zClEKZ70yG6itJr}a?hF)lK<o)Ly2_yN1A;yiS(thM5~0mc8@|7LTBY1&Oxc~I}<eu
z;sV<nj2+g-bin*rdBs*odW7h@swFq%6X1Gj@`%ISdjRf!p0*IeXDTIJV7>VZE(4(a
zqcqR1p<6k$DA*ndeMRe&J=^<FH{jLn8&E@io>u+Rr^|UI394$~rwig)%hyb{<jA|%
z95Q(TPt^10zAOgPF!FUrK&|ix^2(e#F3+U(IU7&ncl7|%qS;x<dWjezer;mEg6@Y)
zaKU|>hgF(&|1<Ipq{%cLLndw(VMLAx0LEkKOA_E8iavIyPo8M6{=)3l98(Ct<{VHH
z;Pdb!RjxEo0s5y~`EOkRsgnht+#f*cE4W%~cKD*=UnBR!IcY3diyt+X1bb6z&<ZAh
ztUTc}uYcs@TLzBFd2_;&JR}p?FgHAfUm;JSEiXxRyD{|n|H3OplSs4t;CuyvX|1by
zFZaqp@UM?PAG9mY(BgH~kxR`-?zcemvE}1Xl?vV2{1>I^gDy5R4vr%Twj;r%ESE~I
zTu+guj5>nrj;vC4)2&@FS~dmYCoXzUx|t@&d?kOSrHsebc4hJutUIlaCvEOW3rxZ>
z$cznC7VRgnEDI8o(|o=veW;GaiFTssJk4Aw=K&+|i*yF%-(F2MV2-oW&xE(ur#qb5
zggtC^oT!C>v%kUgs5=yi2w7!_bp49i%J^w1(-_TpyW~yE?D-Fi<j$=ocuAmHEwKjU
zGCSZ3zoC%G`bzyaR>>B}qQ73o$SkzEZDQfg+v!PweXQ7-f6nVr<`k&Qv<AT3L~Z2j
z6$YAlU5`%~xI%#4H2~*F_rg5nr`e2R5T|D6Wp-PoNEwx>WH+^pQU%wwS3k&ZYvq2t
zfYc)R8RS%OU0`AET#VX}fFu>%4=FGyzJg3$9hcH`%U?-t>vf*wsuPZAkwn9dq?|9V
zxQ8!aei_O72!H=Vhg1WFOv+g{-wgWpX8E|q>AMYHjoJ2mSf$^HEnGVF10B&GoOS(D
zO!}r!zel*EwsFg$ju)`*P~L;W1@`CJXT){$rh*keDY66GoXrw=3#n;1=WfwhhjCWg
zr7Vh`Wom5;E4;oUNbj}_@xp4m%EK*w_oWw}`7Zi1fR}bpwqVv`>ujspf9(-U)rBu}
ze?M6ZT>-l{o8+=vGy9r!iZel30NLk_f|Tc=sgHf?fERcs73K!rz1H=zy%K+#1*=hu
zqn52dO*BN2vB%fWnnp<LgdJcfl6(r#i)3?AN)=0Q_gl%Ee2HL`|8?QNHEXh_%e`Lh
z2_3jNKV6I0=9JEGN90Y^&67)6S3n3q@!N!$ryGnbJ7^(y@;E&W`&QA%1_xB>G*_1l
zjtH9fPPtRSZ+sg@W-m`SM&Ce5M29{2wU$>mp+{?Xn2*2+YFD|a=8$wpwIiJ8H)wTS
zo1*9>6zv|Fea$PPrQX%KibuKmo4ogh@;D~gkl0E${MDEp>vMem;n$War}2#^A{QuO
z&-l`M#YI`vP$@=kj!rzS;=FAcyV0H9*3Qx|AJMm{sn)=bcy=0fbuqj6_jY$Kl~nPh
zF_rYt@jQpR&0TN7DSy-5NHsC=orX1#t(Q|XH;%ejc;^)619AQjSA56%?~aKo*X?a{
z(~-HJRXrwp)dnXnI=}C?Irf~v@4n$#$TDhE>AC;5xE8STZ~GaKa;!o2e7p*@4;mar
zNk=KC^M|UPH|7r$f>^t6Xv)Fg%HU2~TMah1eNE3mfpDW@`k|~j@L%qk2|QYJz|xqL
z;e{o?(9~>c@Q?)!zKK`{bY#3Tm&(7hEi5+A`Et3ASfO<UH3Nt|`bxjRN%5I}(|ROO
z3eWNB3+cY|)#+LxOnFRK&+y8R$nJr!iq81;@r1uES}50#(Ef;4+-@Dgu^7iUgmYl<
zH5aEs=CwAmBW&bL-&|6{uKz_EE^=Bo97^9s`;p(*F=NZCgfXtVSqcnv7;S*l8%2_o
zF0WEyS>%KD)P}+z1fQ67c8=R;PoFks(lx_6bDtW7Ci64sy1**l6-^<{{OP-TVV4D0
z)e;}sZkF}MyhUnXpS%%BL@)||nNnf(;*z<BPEeCR&JNw*C(G3BQa#?{<m<h}0P$ws
z#oUi?I=uO6h1EbY{_jTMzcV#<^^zGm?}uORER$-GhV`e(7>3-=Hu>L0kOGf#!mFFq
zU%s4WPCNu(a(AM7iD3QFn4yO6Sbzn@gzpqwkQ`S0i|hAMnwhn0CSZf1ARK@Uh;gwN
zDmP%>Zns9|!`Pl@^*=;dbAj#B{E~if{KW1nrQ~_Ix6_Tj{-&#e@i%mtIPEp0<k#7!
z?$>{mKYa|$jOX3x!RQIcXjVdZ9DL`V>D~NuQ@{b+e-H?nTaOKLSF=BRa(Nw=qdyON
zl=xc~=$f#95ihVoZvuImBIi6td^+fJb)%;NR`wD-Ysl3=HhF3%9FJ@zRJ5xaxg&1{
zd945J@3ukF0efRFD$TVBZZTGSY7$Q?0{1D$+I~Xq$EARoj6iSFW=Y^Ca0mAjO!Xcn
z!=iH5Y28yHBXog@6ZW*}JcTC*=X@pU#r5mXKAk7;n$jowX<bRi^6E50uBx2tnH8*G
zP`6R70d9x)PH{DdtAAb+zx=G&c9dc`rzHuFD4p^6YGpibRlKj+S%|gYl^XHW*Dj~~
z7SCCBR575JR%sV-23!I@l8iY^hBXoWCwR5@3YhR4`PozbE!Z(>`uBCVSBLDgrgJl&
z)8;e+y3x|dY2cu-Y&4)d#t9tjStY7s<%L0x=`_f$)Oh0KD_vUH)L=CAcXka4wrtE`
zNLa0ekTaxQ33EQZR4L0Zww1k%<{+yj^v3~2(F2Uu`Y3GOFKIghklSS7pxV|Q1L<eV
zj?j?%ZJv%Pu?Gpan)mnQ5sy>l$kKfd*(M(w0;ZR-7QwplAGIUmVtskJ%4K$hu%$2y
z?9irWk#+DJ!7`ovQd5<U;3SmBa%*N`W6e)m=>~tu(+lNWLCb=;Hb&!)mHMy?hHB39
z49kPdF$WmO61$9QvolLcoDBpjDRH-NbR_4uG!M5WO&anq*NmxTS2YN@m)P=lNUp!R
z`L7$IHfT^_3$9=;TiNDpcl;1jByq_4y4yq0tfyzMnrwP`G7DW6j}C`zdi&^Y^4I+f
zj_#jki#A8bfAi*1K(@2%B10ix*49-0>qeOvHEs&8PI|F!u+{9&xtGCM%8-^;8O7v2
zOP@NKtJ+w(o<cPm0EZF~6lBWH4cWHE52I5YEisH2Gzk;f74$j$s!rw8LyNlmdsHQV
zd3;J<fz`F4_BZK^9PiT6h^^>|OwH`^CU>DuRC3eA@2(c=@87y3LQ#f73uv~~Z)BpW
z6nF*vY;0`%j}kY55tkwE;%3k>S^$rU{bsI&cmCl=wy3l62G^wDi#B)~C#`GfCV&bx
znyP`aqHZsi{90!Y(3oP~Ia>Yk=pO}X5=WovtgC^PnIy|_Ry1xZViE2NI*QH)B|Bfr
zO!yP!wH~yPuhG%ZmsW#3_!Kw~hCtplEvFe$cq;OI9ml4JGPm_>O})fp8n_)eWB%KX
zHw+goecw!(t=2;!;;V!~)ak7aJ+A=o+JLoaED^2`+KzYT=we!eXD;Kq0tg?Q!ly>U
z_O?6zKI5lN;_%Bu^RIuS(SyW(CdBLyQmPKd3wBGwyin=;MD12{=R5N%H=*kC@<dt^
zu7W5Kv@ak_s8zFwuWH4<9&)IoOLc2NdOaSw$t4_Q|NWsmXHK^Ypi#;;7M1uH9Nk~g
zR!*ixZ|OW5nN*jGC%BaG-P;d`T^VAxIX7xbj65O-EjlW1yG4oZlCdnpIq)g7BZ$gf
z$uc@9j&k1oe&N!x$zs4m1;ggU#yvDf3BNjA(p9Ir)m6)vlwb|sh`TYrN_P`0+}QQm
zyrfUwq`MbMWr@{C{!fJpKXBHRNfm8VoHc-uB?`Y-=G&}|tY20QP(x@B`}9n130<yd
z)HP<)U5+%pl`4|RiG9hDzv9qv$uy)-s6unz`8$#3LUjgOR`do6Z9iF+c`xlz@_x_7
zOrLDw25u3a&@cfB22FLADY5UZ@<dKo^k>Uox1TDXUTN3Nn<?6zEc`X?wu=;vy3ifw
z@Jkt?aU-(Zmu;I)>)>0UG8dUgZM#}yiT(_@hh$0WyuK!8vC^NHeAfRrV|7MWe_l;H
z2%ln8Vu4dUrqzRkQ@e^do=}_L#8XDi#Z))lr1U#wd1|Jl5!x%3!KJUtAVt=bB`f$6
ze)w!3QSCQgmU*dp^Vt@OXI6F}SBWms3=A<6)^u(lbUYmb7{lQD<KiPc(PZ@vQs=iW
zmf-I#;mG?t`M>J3lh_?4H+z(7d>A3K@g9=o^zFyKv<0Wgy#uli?C^;9`~@QjA|yR7
zb%jXc5XbKdZuS^K((-)P-{xTgI&)n5QjuSLOv$HYg~u+OKb@Kx+*TWUus0tl|Bd6_
z_Syfb6qj<Epu?CcY;Y<YM4xkfiU$vv7klKddD<4H9-?NXHRtF%`fV3Y{G=`^OcO65
zPS!Y@JvVkmW<NDW|K8)ww6u39<MA6W;N}BGQNe2Y_eTdpi}80H^M5h4Ywk~_jp{G*
za5|L>-^`lTJ*W&(>U<&5lh<O&EeXjKpx4G$wl~9~!`NZh3%s^#W+bLRq^Txjmn4RZ
z#(wFn-#}aP46ih3r8Pry7iXip6|&gAwS9+txMn<qNX(dBwSvtv`e_8akUmujEh@5s
z8E5<`S8#dDoZrvJ`gXN#v*Y#=zWrS>m`wY})(=na2v_HuCGG>GaR@&xWyrP_jBxjB
zf6EzP-#_^G2w#R?1l8Lo0CXRO%2p{bhYvlc1{s~QFq55LEOUV)-xjK=D`vLZU$gbq
z{Ctp|9}skghx&I13_^Hd??&x%FzB8KkTvgDoMR0YfhVGfa)}ZAne!vQQS#Rs7w2lk
z02P$xv*vfu^aBIe_XW@R2tFx(Fq2srJ1@fQ-7hVHmWduI8-&tjS60}1pV@%(V?tD|
zD_*2@^Q;qchvH?#ESehYL3w`1-)Ig?f3REXRAPA&H^YYG;KH^x)R8~T|MJa{xm~)b
zZu8$Ur&!$!R@4bB&J_b_^e=S&gtjbyNZU)4#*`9|N%QfzdkV-ER+}$cTw^!q@`X|o
z$qaWIwFc8E^}G5gV0goHbUz8pgFw;}sdz5EOXA%Ba)#*6L}0xsd8xd^e&%;jO_P-E
ztSjq~3g_JEs5y7svHmFKfpRJgO!+hneL8O@6&gEEky`V_O(!YyE6G-LbUfHt3`lF(
zWYJ7&-bx|ki6XD>2zqF2uHsp4PZ{bN(MjJA;zkrw8G`f(&wqn?+}YQ4vfD*|Mm=lB
zg<sb2kfInw`VAb{l1R^ah`2X9d6{<9w^;9!n$p$|sCxfyaVNrnw_5!rci)NWTvn3l
z)hCG&ch%*>ORZT?&;D?xbdJ%rdnD@eR(8yt{Eja3=BzPRlV^OTlbemBk-G_Yk;$F3
zy#4nP5Kb8#w+SfUt$qV{_P7Whd{ps)m!4X>w<at%eDsKo?W`E9Hpf~zZ#M{S5Po~L
z<M8=;F6obY1U5^x$$93CQhxxi>4x^u932Fk0$v=SDnh1nByvAK9n8A|ndmbn$<|)V
z+%{@nJj8f)m)IUtZDRjOa*{TtL$=twq<bZKc(-vVFViiv#nizTRN30;*kTgt@}O2*
zIMZS$X`9ntOzrN5A;SPi9)I{|71>n+pYRV}Z`$=Bugzt1TBDZ5<k_(t4!Z8A{cngc
z!9BjdFHZpydLYOfY_&z<wafFd)2Z0T?DD4^PqQ7r1MyVN=wStzZ!ZHg_GEw<Ny;8f
z&$WahIUd?zvn(v8YeY5ew0lvSob_o=T&lrch!xcQ(j&chEKjaAU$U#i4D+tawp-1o
z8Y0lplzz_*IL?Q4@?m2U?L0Hch?Eoc*kHS|^QTfSaB_y|p(bvAlz87pEoi6rGhPqo
zjn*l;S-|DbPml3z`r*#%5#$>SSc&e};>jJ?O%L5s8}1v+Va;~NAHj<{9c&ALJ*MJ@
zUgLK{D23FS0XU?WW?66LFh)KnNteoJHT|M4?rZvHaMpC0Lq(A54LExEqXaX|ap4Kq
z=R?O~Wi?7+D4NihS?Fp?%pakgv)XjKB5<401GgLa0PzM&0Bt(ek{1}dv@rNtYyQId
z?Z!fh)7iM&MsY9|<p1%OaLpdQc1x#L`WssoZ$hf_&`e2qTBl;HDc^Sz_Q~G7a`1Lh
zVI=*oBHrQA>*En)-v!t#whCi0sq<-jb2r$uq8MflyNuzZlI}5H>5?Ce@9Y*3yG^_e
z7q?|VF;^8m;Va|ZtY~>v+2~9Y!znA>29aI+)&DHVB{T`!F3!=!P*Ctt^;ofgUGVtl
zbmCEB3qD?G?QUhnUuJZ~Zv%C_dD?#nQD&cQvl3^WO@m>f-&UNzpJ!K)1?n_u>Rk!>
zNP-Be_<>vBwWU~nn;5N!cAQ0Z=+7^<(cnzvI}7l0Pu(T2ZY_Qz=90<1R$Rt*6Sh8I
z!UgS_HRpBl$A>kzmU3=~&L6Re$D&8pU-<xyo3L^h<t~xo(UAmgWDAtq?i`Q)P1Q~4
zv^8AZmVN$o-Ox#FA;Ieo<GZ{5#E@(VFs&ggm(SJ;ISYIWTjYb;2FWmYV{XPN9CoWn
zHkgA&P}LanF&J2(i!fl`r?{lMlmv2t<iKPG0P6Gi_-+9OsBvJmYyNTgW-4&>bo6r#
z@{081i?IvK*5%{&4>9ITGQdQ+DhOn0MO=Yj9^2G@8M<-iWH;Ky{1oRBayVo2;^>>f
z-tq%mYbALVc@S|cpQsMmK@#JIGXnwDE<L*KC8cB)(`sAQ(5sN}IHA-RAs{B5niaoY
zT<u7_f!i*unQNYAoD)-I?9WUA<|yz(TPbmjZ8j;Wg<;OLW<xg_nxZz%fzDLd{BJ=N
z$8KGg<e)vPsH#Ix#!Cxg)Jeht%3^8<bm$%JPn`7aQ6-XX*pqFGC#`A~y~7^HJo6BG
zRXarUL)=#{<ohP?1h=Lx1KQsws}|U4b}4NBWD*|xZWoZ-l`H3>4i8Y&TU1SU{n`J@
zx#XXs!IB8Bn9o^0W1i>tb)5EQh)kG#`}S_D><Z6Fj$UpITbjSW8c9|++e!SKu$gGc
zIZUzamP<xIO<E*qhnfpiHSZJ|e^rf4f4*reE1s;H9!i^|6fjM}ie;0cf0!C<AsGbb
zZ!DT%Zw^7QwD;#w<z<&!{n7-^-XTk1)u9NorRv3dC;Q=xoTT)@&R!IftT9~hM!P9B
z5f<274%8`5Dj?`49c0SWEuP0EvfvL!s@&zfw3#?)4)W3MF(Zt>bk{vKgg+P#Nn$%h
z+81lcGUqzvFq>tSgp5>jS@(JSq_incl7!Elo}v#%DiYDE-seTQsj#24$I*za+xthF
zs9d9odZ9lOGR6F1^MeG$O|eZBD`FE+?zC(A^@8EY*}GRigTPi;XQ|l~SsUZr5FW!h
z&0giPCKA(1;mZsVDW%K@gtQ^0H2R7+l3>T`Mqk)1Y*FKiarkUe?@~`$sxtJT4kLKu
zLou!V*-q@pSQ(j?_)57rbUxr@#^ZhWCC{iNBDO7dMG~BaxgDQ6w#3+A;Qx85&}Ouu
zZ-=ezF_(Jcj8;|pYk+&I`s@LB#>uHHs+uhO+5LFYAK6jrZh^{D<Ucl<dXGu6BgIcm
z34HBWy2s$dBzoS)j*2LL%bcX7(`dUiVG}lK{2&od>3$76bXtaSnhQ|XF@GRuEa7BU
z)&sPz0!q<8+hBEyy>Y%I%Ivwpot~mp9qM+*&|{6oB7|4hWCn3d`Xnlf0d>1};zeO>
zftxyU+Y-SS<jU~XqMwx7)YY2!L0=7rwv%#M>U={qO-Ns+QJ6X<OQ?zx2I#wVB)CpJ
zNUn-bKY{lu@Bz2BN?Pp?ZhDeK#vWc+s=S<qDk~J{W7E}GW{tH7vcLJ2qoLOhxKmEP
zk%w2<Qc-zJ^=Qq0%!&ahHuZ$yKRN=>7)Q4Q)t<y}VR_r|%qQfG6zgcX$eWef#vA<4
zy<=t1DK&~hCHC#D+cj|_Z97jTweLpMy|aH*PvwPK2|qPG`!q%9g2~%QG_DOG*BNmw
z`zmLB!pj^XO&jSj4pQTozXp@>SdbfiKfWt>ir}CpDA49@hZev5qdeAxWjf+Zc;yn@
zvY|}O`L7_`D*|lY2|Hp&lT8P1Nq}_ru9wedT#%dEVu)Zpy<ke5<%bkIF|Pa7pQ#?#
zz^uW$qSST29`R+)D`}-C@fMaNB~5EBg|hvs$jCcBY4}!IaPp$y?JKrWs4NFRRd25l
zBw&-=@hpqCL2A;uiGps-SWJ}SCHPfb?HUB37n#M#xwC?3+$iAY`+JjN>UnS`Gkqn~
zdaIH<*x3X2-jqP4(U$B?W^fX6fYl8n<wQS-4dvekECa>-Vn*!&`pXjYJs!V=yTgu`
zbL)<?8S#!3WGg<c&<I9H$9wQrv-e-*UdzQ$tSzB${yt+6>wh8M(k>nTzCwm4ANvyC
zrd&0bqFDLf9-`=%!vDk*T8rDSx!2w0m~HqI)mUT-Cd%M^`o<Y?NtfVs`xg~Ktklyc
z^|D5Dt6KKTFb6@*;803yURdrM?=0%Ht>a^A=jyL6?<ZWE4i)sfJV7YaD~n<f&P0-}
z<MAJ&Gp18A2r(z>*nh;asS_>5h3vs-QZ8EJuV93nAx;?BZEXJM<KZ1GVym{ec8Cv$
z7t@R}KFozpuHF{7-pQm+4MkUsMkH1GG@V!tpBQAagCU3)HY2OWJ8nEt4{p(YQvD<%
zJTi@t^Kkr=SF}1(1xJ|`WV&rRkv_Vi3AUDWXz~?<AJej`@PZ$1V)8X3!J;C08gz2_
zfvhj>1o{jE(ymR|T&&tvQrQ;bI_5s^-;feD!J3Yk;axkt2yig3P4d7YLRwP__GQg1
zp&c?wo6}<CKVYMM=FPLTOaImM-~a)og@@~W4@JGlkkGDFkrG2mb2XzKsuO{et`yC=
zT%=*UZVe-f?fa}BlpVeV=1JIWd$*=bKkF*-*20t#O7oA?W9x2gw|LJhwOB9u%}$HH
zZ<xh^ODkMbK0)`GOY27Sf0!B6sakFt&xQ#tFJ{oT!_E!-ah#oBlKCw`m>vAPXK+vR
z3UhO``m$$m(X)kBMZ2MkpoamSk4N1bbD9>%;9YI)1UjPMZ9mLU9)>f@7E@txkx_A+
zM|c`P1-+(WB=bb(ROezi|L=ju&XbyE!L64VZjYU-O$)@t^wU&B@B8Qjz3tyrf{3HH
zuZEB4aQv!jR-!lV9B~02#a<B}miPWQK6XU4MPBqP0G_lo0gy}w$w>l=1^NT&S9eCo
zd_<;gYG`#tmfkUYyxtHNh#c=r5@<rM)CmY(h!rbJ_HQYdiCYd$0f^Veh|RnEMJRkG
zEVp3&2fk7u+cA$x2J^+K@ZOCyKkC3ikbqmMw|ym#GXHb)f4BSS1L&w_YP<z_ay-Jl
z1VQLT#77nn{R}LEos4HA%^#|Go*FsEiwBS>47J{@EyoE0Z$*3MIDf+jj%4^_gEkK0
zfrs86<c;&3&1`z0lyI$KqI`{?zc-PT>y}73-J|G{x0R#pYzr&0Z*~WwF?|Qcch&F#
zvi2^}1l<U7eEKo^`hBQMdX%R95Jx`ymLK#D!jBR$+<<0M41VBf@EeBd>`Tp%)j?-&
zX2c!QUX~l|ey110M838@9yas@Tzyo;@6}6a9T?AV@1%NLN)~hg5v(xnvo0LRsfOoB
z3s9w}FmZ}kyg@^@K|@Q{jTR+s>zFfMnyqE3gSYv|iRD)YFI~<PsH$kZ>00;wg(O=c
zAMGbi|0`K$B}rDfGNR=d1}Zx8Mvtu!ssbm=UhBDGpaLnFv(sDF*}+C>{23O_u6SYR
z%LZ80-q+sq!0$&IQAwkp%XM~==|rn{%u5?GT+v1Uj81xo>H=wMyjhG&4T8Djh{MAZ
zjE9gB6I0GyzwuwQo6vbCyaw%ktrT%@gkh9Tuc$BV5S8p@Z%2bD6%4+4P=rG$X0U)B
zRa~*9@crXGal?_t@80h@yUz~kq_Kc_*5@6xwA$INDcs{BeCP`?GSi$UwUYs!#qwB7
zu}q(XroDE}^B}$%VRT{d`Gh>5Q`+y+*lonUH<E7}3c@2&Al67ys-Raw8N{|R>d@%Z
zUY&*l^d&3)u|4)OoUl<d3<XZ=>h#fP5KfuECXTh6J3S!p(<8!;v=*d2_2zIPbPfpE
z+wY0G11)zrZ-IGjVg-^H<<|6lt`BW2mKak@XmrKa&>W&zt0cCz>hHAA5BOg!B4_Bj
z*Xfp<&!tMM&O<X635l}p3l1}*MPCLr01MO{-gcD;OWn1+ZjXfegWu;O$;|WrWw*n<
zI#(a~K-(dgZuq{^Bs%x80{ePy4J?KXJjZP@)i@NCkPC<#s<V)S8|>4k*$o8_vZctc
zY%KQ4w-5Z;>bx4q8jWSKeEk66^sFW_T7e|C+8gVvJ8`I_if(-dscaz%J;`?RWxIoL
znhFLR1m(Gj$SQS08H$UXbfngv@eAY+MpEVYW`%Mt>txHM1uR&mXKh4j^G*o6QHQ2s
zoF}c>F!C-dsJ^$GG;ZJ3f{>T3o;1t}Z|lW=?-$160-Ya{RO3^ZO9E~91pU4fX1m=g
zBW;w#lp<=9TVi#=Av55ky>#o5XWoiC!&CQV;WxNoiZTiBv(LC&2;1-Q_bak<l@-yx
zM16p;EF+ggjo`}f!ieccFB+{Fhz(4|9u+%{67CG7vv02Kf!p5T$w@7#C`IzC^@Uy@
zy1+X{A20zK6!G#R-W8<wag(PjCJh3Cy^KwPK2jKsYQZ`N01*2SWA}|52kV9Y`YIa)
z-toztr#N{(Sr+ey1;J_=)^5%yiKKU)3T*f&_BIIRn9|^rupiuXerxPRkGdtP87!Ef
zXcMuZv*WPrnD(S8y?Dg<-KvdH&h&*IKKOVv7Y^nHtfM|9+He-Gayvx;>on#Oc95M!
zX2QlX0w+t{xya1)!#^<kW`{vwFo60c63UyG=IZL7k>j5OtxQ=jaHzwJvk5IAwYqBQ
z%vRvFs`FP)wpq+w&EBh4M<<nAwa(>K_JDG$eA_+LG;*^&v|@Uov3ocxe+#4&%b};5
zVhPkkD`wT}%(orhxn$j3(+4@~QQHxj1f#EefB29+)B@hq4FMBfA<8(L6uVsU(8w?5
zg2N<X*Il>1T3&eq)Q!J5rr^JB@l<}@YHJRR9{8H0LvfWy>i$>cJid(J#G{$C9l(;m
zJHVVz2Xm1~qBH9{{PZY!gmJc(VLOAIvVK^_bfZN6auyg(HuoZs?T>xmhrpp-6}b7J
z;;#~R8iN1EY~yZ=a7B8rF^oB?)c+Z9Zel((E$gs!9zco!Qn}6vEZWWuei);XQoH&V
zk3+uTTL_=yXd|m7(3Nv{RB8F3nWRDhC!*M3$2LwjvwteHDG18uVRVz)52lh4q~~#+
zK~;16QAymvN^(8llb%)RI2dVKrnm!MJrqiK7EL6NlQDua?4Z8t2BWm8h%*Jiud5M?
zD4xjC(Yd|YR3qQ`j$QiLFvj4Apec*F&Tn$sk&*@sw~atK4ez?3SF2{;k@*|L;o$!K
z5l@vnox^ywJ$)A`nv)uxgniEO@6=BRZ)I!zJnmhW0y0P8Tk*U0g{i}0$#tGg7D>+c
zDTyr=YeWW}gHGjJTaVCCcZpbdCJUUb7SD2%1;J@i$_P~N4(GCZeJxsx;@>I~y3eOR
zMPd|j611^(lFbYbl3Qcw&6o*#ZbJG!vNe+AO0)YQOAs<S3{21bQ5k~<wMVK((Ov2)
zdA?Rx*i%cr2V%|xerD*Q;R`64#5wk&rI!FXgxjbIE1$k`_>^A!kkfA+of-w*or6L4
zXlg1Mm_g=eOa7$B)9HMOzd#!@+U4^uU2&%<dkJQOlhEBR*1oBdp1q@+dlP=_l%0X^
z4x0DzC}v+yHbS#+F;)o_;CY>r>SB<EAHSBAY}|AYei-bU!4Puj>FvrPg$OppyX>IW
zTi!kCYZ-_iNeqR#jA6bzyt>Z2Qa~5~C)ulk%gi{=V*k6Kk(kHbp18RLr51YD2{WP!
zE7zCFBJ*pnkfYs~mrsmamWUkS-e3m-$l!yj{phQ_DlHw(GOu*BE%yBZU8c@+7Iw8@
zCl=VwfWr*7|FS9>-x9j-QrXN<?y$KLW}&V!n$<|?frgu)9)lnw*m@MC?<BDL>LS&9
zNl@aD>>>w?H}zLu_kP_hQ1BNuBYKb^2<PFWgTDB-r2jZ7_`b;hSn468M0$!hj}&9a
zj!+)^84tlP{hAX7G`Gu$1XA3!`|^$y(1ZEh(5Huv4tQ?pwKruu9wuU=PG8&yi--LI
zhae-JNQ8Np1Ux3u((Z;WPJoLP1e1(1C_GAv$tduF?DH>Ljxm>(hGZ})QXKmKPUc=}
z9dG&PBqy27R0@rue<e7keo5+ev1;D|Go_UX61fK*LeoOoN&L|5KP$&cdg9m%G;yrO
zCHRKaGdo_^k|x79v4HI}`e*=U!mj5Q^xE7N^LSL3+M;bFDuZJ?V`Qh5OmSsz70NyP
zK^%cw^pjqk^xyibFkI4a72Z9LBfYeZqb^+9QrrGg^hvd{zL44ys8h*Q=#?j~&1(yw
zcZT0DO3}@oUjT%t43pypwTx1`T)V{~%=1ZZq})o&9{hSD|5v|Qm8*?<)Lk->%}BB|
zO^>?^eOkqMaTArG@W{LRNSR(C#UP%lzk?v9V5z!);LXPPwI?K$;qogWq{_6D{<T6o
z+e<txeHDSwgKBTX5=_y#q;|;I`XGxbUv6$n<eWVBI9$4-Xm*mq=eg$};yfx|k0Vix
zy(Z5;iEYL~Zgs($9o7;9vQ5icq3QY?H7jf7N>$t&+M90xTaclI(-OD&D(O|>ewtYF
zq0EJImbsOPR_~=uUv%WwkO++QViFs;LOJagJ$O749MbRDjO_a>mDArrxtPdn+&C3D
zu@+*EuH0ZglpH~D)g4wkySrmkWV?(eB{GPgn1?y25Fz!iIXyFeMPp82w4l!6cq4H{
zpSg_>kWrw`UYMze;gP<aJ*+<V;U;<gj>tIEVIF>v4ezuYtUPb4%Hr0NK-b#5Hc1~%
zd6nE*Q~ba^R<g^)hnZ#+<j`VB%MoE$Z1IV~P}gFv;0pImk^8mz=GS|ikx~xsCboW_
z3auLv?CEvrZ(;~vjhRndO2~}_YR98Q4r5ehCo0ARCjRgbKLVky3jv<o%_+M8fXPL>
ztR<I>)etdIj7B@5gPJufV<KUFmQrTFNrV;uIAUQ|I(SuFMlYX5cKoC`NvFX$3x=n5
zhHIa2^(_i!7qJiv5}<q7>gt}_Z5aDrQC|;_uNib-UEgSl_aite;ZNv_8eLiOhtd|?
z;$-C-uxz98P{v&qRJ#EXpt?o9JlstK=+#V?X*b%WM;NPSWgw-nK}~&7kurM3kFmxR
z&#0%jhm50bIw#H#*2O2^vKd#&978^PBz%?3fcS#K>Xg%TcypJ_W+PoZtLS%2p$;5F
z8mIgNg_IatyEP=$*^HduBuDe+_=I|2`%>t}`%R<PyVVDSfw@H)j3;`1w%_jHU>wvm
zK0KfXG$|*neSud}k>x@z7b;3kCwI7gth79wBV%*So~WZVNTzO&`<6_FWRYgPYsDz^
zGERFei}M4G4(rqK;P5B#qF$4oz4Lt1_eaNQ%+Pc0O0;{$wj1mdJVBCV9!?{oi_H6Y
zRwQM;Tt1#AcKOAtFNEIT@|w)`H!>hWARXK_AwJr)R{SeOKA81gm4Co<Z1t$U()4PO
zJzh;8?BXKo;mqOkvlcsC6k5aC&-B}c)fmq$qv?j}^Bfnz*z`EgpS8_7eNj27!YvEs
z3lqRO*)F{b!Zf<_2dqGOq7mv%r4G8sIO?*>L<60nNR!}pfwgZ1{Z7roNhU{i7IY`Z
z69Q9l@peT_8L65|dBhzj1z0D>?WdSU73QY-(U;0To*NNyd~;>9ULGOd+?_5tV)tn=
z2Rk*Yey<AuYh;A+Fs87I>QGr_S?vWGRl^&_pt6Mzm`w7++TQIV(8If}jNgSNMi#WT
z&A*su#iT#n)Nso!JS2OE*Vqhk0^1%^mDMKA!VZf{;<i+)P!{Ww6Q7o-hvI`Z(tJsc
z`y^JbukGvJI`;g%+P6~^Usgj7Fg;U8bj-3C1xgl_YU*#zkI^9&dV=I?k$v3=(;4Xq
z9JAa11#v<Rd%p}}ZHZARA`8MF64(Vt?wasxKvImv-5J=s3DC3cCChq=Qvb5`Fm>db
z-=`?b*K`iA&#?)psTelly7!*g`h)^#ja?yM#wso-Gq1RyhbgnxJ;lyaMYh|H9aL88
z=6r;EuYCT3o@`hXm8eBwXT1s^Kkq6&nkhT5u-LTiLhy7eX(xE1OT!awV)1w<=1(A}
ze`ZY_uB=yDj^y@RF*%nzT`#pDe>6Ody2WglcckR1ZOa+%2egjX$juGUU51Q|x;p!{
z9{Htfn@U0)^w-k0SP`6f)z|p?3no3rLh5@wBit3sMwzg=>SXN;=1c`khHii`VMk}`
zAhB4#+t)n;t)lbny>hVp^oChty;fG#cgHTr2Z9WdisNcxba{xF*1mF@cx$$anNi0h
zgE6-*nfUrA249BOSed=q`f{!-qy64R+vJ%aE2M3wbj~}$rx)=Aa4bdpdYW}p5{(*>
z3#%eo6_Bkbgo(G$`L5iH;rLjNP9a1q4X#`VmR=JyGz9JgD?7f1s_gXL_b*r1k>)UD
zxwS3lF5!0Pjc>PaUuQT-cA?)iq$A_&t)jwkjF+XKidG`0os6$EKhc?ebDG@0BoU7V
zoy}Of08^H!n+Q|u&$2rda<(bhrJL%}nG+bMSq1&su*S{J3D9Vhb^?UP*U5L!h9s!-
zn2P-$i;>8^3NC5Fq~cV;%P=p|>9ej9w?rGiRc&Le#Fo>b;IT&tZv`pH#Ab{$2nm7v
zL>$ooTwXRu`<WHh+CHV?Mwq8C@46>#eU_#{Y`0j^n8Gr1T<?B^Ep#3j{(O9V@f1ev
z?_5Sc2Ko`SYV)Jk!YE7Zk*m2@X+c=5U!G!F;FmyP!x~d>_9$DHE0;y+uABgzcFk+2
zUasCt#V?;b;=d8EmPlQptwo`^5pK^DyyuBwVp2V$7K3FS$<?&-j=$imE?B(BRsm23
z1#BW;a~AFgiRE*HXsLAx$$6!*5HLR=9BXy;__{0B{*H@$m5GgDtGk!A4BYX+d-=)U
znf)lInj11cs#?+Nc)ltiSua@o;`pWGR?QhuLdD8E6gOCc>)!64LwC&<kz=@fV(J+g
zRKk9bi6VD|To`S$2faVtZ>ReFNEbrcs|3wQ(LXPDzW|#p6y0A!?mk{z(tUj|<|#RB
z)Kci~dwCbO%Zb*V&5oFP2k#6aKM_=*W1iscwrix6?_RmKD`P(z5mLZ9wcDii{g%xt
zzqLejJnwmL9B)A8uk6ly{-4}bZ?*N&M19dh@&&1GiU2HFJQo{=ddz1>>sq*kgNp>K
z9%}XlR=jvsDgUj_HseE?M}+GyMu$<jo{?yqvFe`n;g@SaJtMI;_bcx)soM4An9>)b
z`O{YKB<`67olz*vWU3<kOT^`Tgx#!xo|5RB6R-11ddInt_ep;*?^IEG^Kj-d2Jb7Z
z4PiJsQ}EBV42|f!eR1s^9#Ny+eXxb4+TivULxu?|hR(!punjxWaP6$jJIU#DxN-Nn
zm~`=nE8t_E2IPrqLiZ+z-6e1yD!08fJ4axjG<%vfJ3E+&l#x1yV27ltuk!p_r0|-)
zc6-m09v552XcGK$^8_+~_^0_c$Vm5as7M28inkLrs4w3LLERxeKJq)d)V0Vk!m$Sp
zM*{g=d*eujWitgJ!{OYDp=d4qq3EHvp=htn_nLv7(S_MQ&kr1KD1Pf8f6Di8iTKc8
z2*T4|bhZ4r?ox$B&up$F#)xS6jc~XH)qj*%(3v-h{28#>-v{q~5L2$ioYWa`m@ZBB
zWCi~oqbP_ODHCqdaq_UeL#G_b&`SVvjNR_ZJCoiT$;C6h=tG7WXZCumSui1Y3oZJ0
zgAKF)H2}h58xR&(dL4~EqjCO{iz&`|oxd8qmp$&F%`24c)x&vr5$dawHxEkN3i(Rd
z=e2UP>m_*aJsWfMRtw!yTz~rnzf#uu?<5!MJ$(jPW;hJ6R<5gXdPm8|ylN~2qw{t<
zD$=E6%kRVBUtfiCQ#|!<v;QFUV-+%0R(>~&{Wb#hMAsc3RoHzNlj`3i^FbQg{(B8r
zga%`9gEsS@sh~lHxF8&scg8CuzlPAB)o?IRAs5K>yPuQYvl}#Mj1X+=atHwp(vdIe
z=DP-(8UF+^Bc}gWxUs`Wi}m|Y_$RU8eE>at)D^*J0pft4G0MB#>9bqN-ZsuPVC=fb
ze-~KC`EJDaZWR68!xXs>DBK6k6M%I5{q$n}Qt_9!{ecTR<$s8tmyu9Lw)^Ap(6GR_
zyPy2Z^-HxGxc>yrCe%LTApS?Y2FyZ(mAFCKpNvC-$Z$bMxF8JAf$f4_JLbI}SMrhV
zf_=LaB(Q8RFk*kZthy2J`pTdC;UoYYXt4V{!eSgMHUxB1|9oZQwPJf{=>PZz-^|#*
z8{vTlymtIFM|#LG!TkPU`%v%;BKW3j7f`Vauo~Rv3)}}(>;u*bK;QlS0I_~y_*D4U
zc46EUkG()s^PeCG#B_sCoe+K=*8NW>4?_JnaVfz=JwD?9(ZB|L*LF)cb|^zYv}?fd
zHJE+?T)%Z4H-8<+x_3o5brUy#6BiW<48Pp!*c0$f#TgOgoWVN1?3M;XEm{R}Q{4B0
zFZw<uU^NaE9qMtm|33-7!G!%M!O?Qiz)hUlGs;DPUsSB07Bz@?PLC&PH@EM4`VtB3
z{&|ss5W*bZ_g&uiy@r4(*KuFpF;M-a5@P*m7sl2SL5SZ*w#Vb~(6j%`eRh}_5F+9T
zP!nC&4<>Zq&g2>8B*3pC*3XI>q}uBTHvr7u1y*yuSK)(H$v_QZj_+06pe5aF*cAmX
zXrDa(G~9OIx)y=#J+HakfZb;*CSw?}5+KcgEm|;}n`Hl9NU?iQML`Ju5(?fSdTu#+
zZVBE)*}q@wLj>R9f>Iwt{Q^HPH1IpgXPxih;N$1SXMo&yh`Anil2XQyQ+A>3J<lER
zyTAQA1|CaL!CsHK!2fB45*hA4zOj3*{zn4^dG2gi?{5=E0%uOFV42_j2CjSlaK2-(
zzhlHa$9?~MBe!rPcmCB66TFWL+O*X0h69!4%hvH-=Pm#V!TgBn0SY%Q4=DdPh?YP8
zuTlM~^nQYTa6!;sJKOpDe%zRT@k-U-N3VgYyM7LK&rh@0S4M+C8`P1WxLChj-D|NM
zV9M@xk>>udYv5Ox`uhdoO8<?V;piXX<^OVVIl}Y*OH+dHth9cDBoM(#M9*%g&$-`*
z00;M0O1K~kL~vc#ZtkDmT;oBY3GoO}VgyKo4|)*>J5198PI@S!K|&(cktbz-r~@}w
z6Y+ScI$+|@-pv<L{9nmuPdo!8{71P4%s_(~zJn9<p9i=f);^uTop3=tS4iM)e2`Df
zvzFqgU@q@(q9eJ-euyp*bKtc28$YO1<I6HXapVzTI>|h+9h7hPpR&zg!@B=BsXU<g
z4BW_>K0jRr__f4>Bjn#F{r&tx!K;YiD9-_)#sKhhQYixwf{nj}4?eZ=YG?Wk{eknT
z3}hE{&r?7`{|ycv%SXW{i~nC4<RSlc>t*0)%E<Em_V5V@xbMe{=?8gzHF6D%+Ra@g
z02PGxm=A)(d<p#&M)W>g@DCVjpht?(CJ*SU))d1q@bj|T74%{vc)xRq$CxQ1M-S2z
zp5}l5y1I<m@XsXk7%#M^tbhu|&q;Wio>|mW)OYi50wW{Qsm0KpRlyPE4rkH+m$4>J
z`Q=Wm$Y)w|i>+@amBp~s#?X8M8#Tv}kr8z}&`Eb%p8kQ=^)n#;!z&R#dyja(9Pu}i
zZj1OqV`{2KpAm}f6+zeSzbSJ;MN6J;4F?3|?SNwajbjg-yuRWdL6E1zfLUg*fP1b_
z1lnfDSD2Bo^C%H#01htGk2iGMc4(-e(h#2rj7_ph#L58ES9HeqkxV@6o{>AYTxZq_
zYa_p%6to;L*&oV!=ZFHYfOMlr*vGQCV+MAo`^eQ2^4YGfzYf|H{0~^0nSTjqTUJVp
zXS+uJ)_nx~po=`wu!^n5J-qT{T<<aY<z~-Cv+1rpZrZSsYE>1iBg#<>;Iion{7sM!
zc6^DMI^4_X$!z@Q3dJ@tBF|1FIV2QyY4Lo8Uy?5Lh?;R6Vat|;y-beK`GOKdQE^Og
zv&}C0dXpy)Q#cvj(R@rIeD6Gn3mZ^2LyI}*j!FD2Cm8z66MjMMHLTO5i3ctMYh-{r
zbHNdCSl#oj3+fQtXoM`H+X4a<H0*we3(~JHLW~>ur$MYrHyDY<hahAa@=xt}vI%oM
zi4<FLP%!f6tdqjRZC4w!Bhdm2BeLPZtDk1)ah>p3?j(+#ZDkftREa&w*UGfwK26J1
zE=7>$`%f;E)8DBOH-i1SF!f-kuHm@UyF5yd2vh+1oCR?O!zFun^5hmjDiD5}3X1Q9
zg8%Q6dPEa3yduPOF3g<&<c3rC+08!rQeZbKz<q&jNB1p6cW*?h^6MBX!2Faguh~vC
zTo0!itiDvkVC;)I{_*QN?5V!uugj}%7a=wvh~8!R=@%aG%l2V~VYGYjA)^7z5_b?E
zgsFZNYv+X8P+0JU!41Vr`AYlDQ)}(hbM2Eps5M!(7<QZWm%fwl<Y*rquaO4_8SHUi
zfia!JQW!tEn@8?`k5#vcg+JZ<S3^2EGvi%T?wVj#WC~hbi4`G>?m{--6d3V9ft%Nz
zu?Rsyuc}HNZ9kFRSe3hPWC&sao@(fVq`G+qw)$|cC^76v3Syt6gSG2i<##Hjb*k<+
zFJiZ{iTQhK)Og8NpmF}Wl>O6ev8#M``R<+EX6Q69KDT~29%Ojmg?dFsN)~y><KeV{
zGQ-JMqCVaY8R8e&oo_I-CW}-qbB`oLw`IKTKkO&CJ+rb$_J|bz4*wcziX%z&)Pm14
z6-34p4Tcc%hOc=MIQ#u@k@Veuu;m70_4j*}4|GmzNO!)-7|bKm>#NjjXfp-RD(6mA
z*fD`-y7y!^q*?SyubsKw+;BIf9ihzj%&oD0n63#b1>!v+=LJ<?-o)-}DF-feE1)J5
zLt9MG)&kMDZa#JB?FQkpzhZx_HgN?R=&V)Ty0$d@vMD!-*(kGpwCwa!mMr$-FH*Mb
z_Vz#xFjoML6|mJ(hbCN^!yi3S4e>ZZQw=5X+5}~=q(R**gpqVOB3=#K+dwDx`vvW~
zS?ucIR@+=FxD$rz6@|DNwl+hG?84>;TBcxc1?;ZDz=tdwxdRbXJ2i;;hXXd?zC4h!
zq*H$7zlM&!Q<6&a?%f;t^{&q63pJz{eY1@c2PhyYsxL9<bfM4C(Jj4<HT+`~-Jv0C
z&`$BK#qgPqZ=>`r&;F1t7@QLlRynBwHar%ndarFFOZ;FS9y871H?|SlHNoxHLg5_W
z!t})m?V0Sipis>A03V?4BiKmOx5+ou`45FW+TebBe$_&cd|!h|^lo58pLG{a>U8@a
zwz~CWEGljw+Ag{NbC-{f<qz-V3UMXx9U~3nr%zz$t?c!!tob2(4l<+Mx;6?e<G<9T
zWt@pKgv0EE!|a9e%<V#68&<AL-igl#;3uR4Z)H84c=B77SpHH_UkuWu9USH#T4a_O
z91ejJZeR61eDXTyD?8^qJ7GzaN^G!0lX0G;#-#>t(epb^<Apl%drjj-I_iYi%j|iZ
zChKZ%_xvP0;MH}Zl9q3Ga{c)jY-!${Af&u5ji(<iG6f9|H9qO8bkmYXU*on8n#%WO
zVWwHbQc7%mgOgLQrN*O1ZuepiZGdQ1yfUi*Ro%T$HjyWySX10&7H-)NUDZ8&d?h^U
z)O9QCcn{qhZ`n+2)jcG7{_rBCnDw>AFCr=lc0IX=CsxLP);9U9{rNd&bzSM&&OzPr
z`6L&ELke)h?O*kr^nbe8GJFqp#pdpo<7KtCgL;ZN{)g~CpXxIVPRn|1SemC9I1_&6
zZpT?iQ7pTuiB~r(I}}Al8=!FX;h-H_KCeTv$g+(7<SE(=yFhAk{=>5$1jWnpQ5Yhf
zBQl+6S|67c=-DXRQL!Z2$7s<9$dvdZDG7rnOwMx@EqBrHT9yyvL_3Je?BiOG6qv|H
zAkjIEwVpy#-6=m|rp2<FrZ|ZCn;_j1O^_{Wku)}fgiJm1=dT0BJQC8=T<SduR*gQz
zLAKwSefXr^RU*97XoU-Cr2M5Kyk};o&s6k=cmYt0WVs<z#*G2h!$M(rUf;ZJwP=u{
z1dSg(!#>w_ztg+60AuGaob%Y#<R*{R1zZUgBw~(>M*@$2RiV-lyU^F(W@M%zC(Jz0
z@|}R&;Ozv;9EV`(2KC}8wP$$<@@#-n;*K3GyYOJ*Th4dlns0w4u|fPu5zJ^t;a3;I
z1yci_#2iCR?su?eh9~Jvk0M?$qbn1zW@XLYX%lspxJ*pCmswWxo*~K#v<golF`Y1P
z5F;2UfqfmpuqGB{>N*o2CzAbC@*svVyMxuBM48905^*a&5<XDdU#I66px==eM0gF?
z^Jc<HULm4`Jo?2`S@``|0HK2nCHA={OdPoQZeQ)P@<2I=EY3`*Py{4Ub-p7;4@z(K
z>iLH!I|ihueCmHx<NifVDLy^IpH2`vSC)1!h&A{HJ~0=(y6t;qlvcBK$DuA#3_p=8
z&@XJ~hn)86UhBX1%dw|5SmF2~N-#jm7c+`G){&FEB4R5HpzPIzJv)%xAf+eY-XaCi
z348BMyZ6FfqrlUbC_F7gXw@`C3jRrj5v_{D&K2ooBqyyBBY9Wldk-brWpcGgoPF+V
zU2d?9L850am1|eN9b&aHjUe_ErJSR|3F05)DV2wLG5)b^mXanSX9aaqB&p%<m`|62
zB{ZX4{g*BRjW4%>nv3#^SaR|ql>&RV0Y1ptC!Vvda)opN-|&Z;ZpvU}j+jT1HzMQx
zR0v$iEw4B*`HWU-Pv0l(_juRXRvU9Y^>k2RiQ|W{MCWn(<PV6m0YUUd|0|TFJRujM
z4~j~El>&Tw6BCKRW4zKuy@GH0UrHhW<c_l^QA8A!jIAjFsSHB)C@RqwKG~E@xkuw`
z!tKcFufmLNbMPULc9?e3Y(2;(h{8%Zf+SRG1J(VhIi`uxCK`-0x`9kD(*~<2(0Q7Q
z#sH@GjF8$uXs!8F?7zJ8yd0QdnJKqlsOutf{<+f^W9zCS3Mx6Q1k}pU$=#pFmi!Lh
z4cWpI*W5!mq-9nFhJQhqmhhXs<DQ_Z<h?>fE1Xa>EV&O`A=XPq^nV-?s|HNx9LB<y
z3xJ?wkJ4WnZYCm0P8Tr6p-3&q1aQGO2K#`0sV%&*-~ew5VjdS_VOaQf<M?APe4H{6
zx}E=^CKKG=03012oo9K$P|MBpN?;!<K$Vz6NO<}*H%3ntQK1AmfV@`x2i_0Q>H+fI
zn*bLNGeiT6f2(-_rdfIMFSKn52EB~?(H{{vU92!xvxl?}AjF`R+9^6b<U1h8PrtyM
zurK>YmjfjHl|ca+Ud>@cV!CTMMg!Ztxa&${0@~_@snK6vkoHr;;(B<FD6MYlU`2nu
zE1>!%9k<c{KLBGuoWDwZQHzf~Fbd+2hWMjJ&x9!PZCZTnfzfvKKkF+=6+KB|@g=!6
zWPCh0sEnv%kREb+Y33u(oBZHhGm^-8NFrmx$0MhY7A-wSw_t3dc1Yhs=wDoq^hWv@
zkMx7nJ1ajQh#4ZiDPz<t0zC+&Z;5qb`n3>x)+Zvp3(~Ws$n?fQ&-(VrKa_qYM+!I4
zE3xN%;PlCcA^83vn;vD1+VqScMvwZ3kB1QYGawRuGSHiph~W>;P0>iqJR~s#L+48f
zJsA{Uei;2293k9DFNX9CpKE(CI3LT{Y!98^5$M4%4Zn!<e|R{32%GOCjQk*Mevb_D
z`-t;-RL}5``8&F2c*uNBjS&9ej8r{J*_Ejp{yp~728Zvb4Gx*#^1RUfO*t&SJQ${`
zaX)P^&Q#-m7i17ZKL&^Gr$GiG`(v1aaX)P^jQfyqIV?U-th&(m;C>pke`+9vAC$z0
zju+sR#`=Ibi;Ex>RbknnEf@6iXp2kR^OAXnBy`H%c#2laXt4`T`c79o{7uE3uBo`w
zH8m60gNB{1F?tjTpq;Me;|h6(Ahe2oj6y3)(94G!f}0Y<gW=<siQ)2h(R8~{%E1d9
zY4hcw#is%Rwj6>sJg|_x-N_ck56oe&#cbQ{fhp{@Bojti4#|^QJG4bS+sYY!iur`~
zTy#?3%4wt(mA=q!J;|d4PUu@Xjcfs>$N5Z)^Wh17FQ<_&PM3=|wk+3{8Z9SCrk|e>
zBGdEp;Gz7fP!jL>1UhY(B)1icf8K$AT*;DIEWu0x_?I*ypzw=}+g)UUlu#>r@E&)`
zb*QPZw@62z4F4^-#5G0@iMG34+TDttKhA*$RO1T1FD<#U8^u*$<B$_tC1HE;+`8y#
zU;}LzmKZi)d#Oy(g5CnB^cI-WTVRs^L1X!Q(4m3zJgqGW@bH0@y}fv#<T?f`yw))O
zl~o<$&lmj%%o11nXsYf+M+r5m**`J39-3nDRLherqWd{|v*MdobiZn1x&iN$PRUhg
z!>^sr{^$|FIl&tTuQ5ei(Zd9~7t3gsYFf=wMlIGaS*kf;X0FN}^Slv|e3Lq_3)$cQ
z*5E(D`2*C*Z)NLD=WujazzVdW`v5Am=tuv{<kx90^OxePvxb!Ee~|kVs7ng@POdKs
zaXxM|O??x+`Fw!tCb>H+p#Jr)PR)Ns?z~DX1fxgRFSut%=G|k(k)=$#11W2yhWxbo
z7#)7|Su^s}W=aj!=;I&0NdgPY!QX|F7sQAm<R%VPjdTl>cRozK327!fIx2$!S@U7P
zh0^awoQux<CA<r3GdvV{@54*>?7~sJP4BIxoq+=1@>Le}@h0Dvmgzu`fXW9-S735h
zwL@-m$cOR1B`TZwd2;w1X^UX)V%$T4-RSQm6T3Y_{Z|LM*7?|ZISi(eusC+L3QGp+
z-W0cSZ;E(dw6tO?HC<Lhu6<(tS9)*2RP>&`VKVDY*H41~bzHaFy|+W@w?XOhF=g=0
zoj@;~9t(Qcn2B{y&H4#Zk@3bSA6@%|0X}!yB7uQ9PFo+NV_0ab^8F!dCf-+-8ljcx
z4*7UkLme51CE;^dYpipVT<bc};c6Eo*ViT$EhwZF9rGVqZ*um-aVb608Nl9A3%dh>
z%KgRbP3rZUe<m-mvsM_31G7&Q#ryk}XP<B;lDB>v5cU%%>rRIGzsa2|ZJd{J)hEwv
zpFD*768n6X<h=qf25V9A-<sAdunTJ1`l3sQn`=t15=`XjqWhi;aDJ+Sw4xqAE<Gu&
z=q`bW`$rk(%Zj6vz*Qsg(2^r~mDr}(<tJ}BaP3Y>YB`MWSV~QMA`E<aj#avOmkpJd
z8DB`7<TCajMhZq1(8F6SPFbJj?{x3jT^77|OrB$rHl1t#TN?fklL<W`h9unC&Jul2
zl>=^_QSWIM%eu@UiWCjm@*h~w+Bf&v^ZcTTiF=-xHXr)^C+6EO|9*^GEO38D@^(r7
z#NmV0NsAv}SjFR5uDcw*q|4wJpGzTYEEV{CjdFz@uyY+1?D8pxX#c_vlcc8e3VThv
zxxkl;K82;4!<R#%L9YEVSSw0V3(4(JiqCQpy3wg=wPHz*jQw``^MZ^Yuk_vanu-3g
z*ZgQM$T(UcpDvIO7RX!e0GuzS)L!$`6$Qd+EU7@QhcACC5Dpi}KLUlbAhtC}uaGjD
z>_RQM#_><{jWr{Qsp*b`a;$i-TgK-OxfTkf=HOq=ev3V$-hp634TWuvjDz-?BUtka
z9!_)=FOs^-jBywU(|u!8T?b<zHWpgosdk7G<ol@|Xq^LMpa&33z%HDIN;Wv;PqD6c
z;d7|2L)eKL>M}Q)@W`!|w?jYV0!T&I;@FhC5ucjwE71Q7I!SMZj%dP~Ku45T-ht+c
zHQ$*X*`F3=P@6K4f<pM;wANt#T-|~+v|4IulwvW3lwBkG@X`n0s<mh_;(HW-<jE=0
zW59!*BZDrCrkl{6k49zcnExzjom?=Y=nq)GP5MZJ5$GFx8Q#%S(|!dTjB(h}R8>nU
zIZd(ydXDUdqR}ke%ER@lW;cjytHlbSDJdWX;2104L?$7=cT73=t~ZJAP8kH8_5S|s
zD{vt3UCUhfQgRZet~|#^rNB&-3z7_#Cc5RSk5@Z7ft=uNGGb6Zp2gk#cVtz&CeE!I
zZ8A9%n#8y6wiHeC$I)+|cRaefQg&VCM?ZS0G_f?dYz>oa#C9g7Qy~*mC<kj(V7jH~
zY=12N48N{U@-4GyK4<-s!RM?o-~oFu;3J*?&yu_44(4){x%`*p1IoPFcrD=4s|_yv
zb4;e9v02qsXea_CG}hrKk9@yFN*jYtpfe=-JGnNi83M~L?Fwj~`RjtcokG3s|1s1R
zGkn=?@Sk6K1>q-66mXN!<y+Vs2$5$hZw<w_@}{u&+d|)60Rd^q7saEb1+4`O8YTII
z$~b`)f$rOjhn-}4*Pi!rLe*>WTg%>svRQI%XZBgHBa$Q^RIoAV6b~JvNie3gaj=ng
z3GuGS*=gIW1mLIAf`GhTD-P&TaS?EmMP5hRXTY?!+Z%F-r{y-}jG^E9oJ>=$EG3B*
zj<mhGvJE1Alv^g*(7EY<bLE*9_|RyVrGEI~JNRH-aX^GZ;b|=Vjf0?};=7JCwGeVS
z3v=;9@^iF)XxX<=wz0Ob`jX8Q41$m<ULeV_5Bz5|y0yywqPWjV!}>48|Cojo&su7T
zl^_+#60!{?(Q@L6<n)$HODG*Vyy<rD`o~b57;kc-bJ?t)@D`tZez^f&K%zXi?2SMv
z2qKd28o>!t%s0U4m7-;MPifJAbG@EMnz{M0R=YQUTc|5rk_We1HPT`jK;`J|Y`iyF
zZkJnkA09u~a`z>!+E{PO-+|?i@y@XBJ|?%FGb0Ho#Dm_HLGW>~TyxG08@|U_20?q|
zR=!Wf*ALu_bMAX+p*2VIA}Ur~nBxYa4lQzXO1n};&q<B{x#|S5B4$E@^YnyN=W%)4
zme2l%9w(u7-<^C(bbkf$wtNYnHd?7;zQK>j@Z%5oF(LTT3@n$NT2|#e@)TV^kh!^y
z?mw|(2-?zB&F3M5c*so{f>v}@r97l_6APJxA!ztk^$ZU=z(de(nOz%O%|o{Hkl*R$
z?B^k`^N<mG-Arp)$XXtffFT1hB$bEU%R`z4Ew>yVGM|Thk0D9a9v(7<hcxOTr95N|
z55a>Cxbp+;;UWEb$iD@>Jv^j!BMW&Hd#icdx1#$B;9k&g2}McjM0P>|IxLO%-OJw=
zLBC=DdQ#~=XT!)dy^m#5m%ID%Ohk7)UOGLXo7N+~WpP=}gtXH5XbTWgv1CE6OpepV
ziu2Xw+Py-)WmYZT%M@=^$qb116^}PN7%xGKS4#0>OR^!}ejaZOkC)rPir}9I(wzvD
z+bI6Y%syelSpEs`1<R^t^QmTktQ0#F`nhyzJS=Z=tWGiaEIL+%F}Fd?+ywo#0tIWj
zm#Lu=O$YtemB={!8|m(3|9>j!4yRWtu^ap^RHF5xe|;s6c>muk5kdc&N^Fw9tP)wV
ze?=vBvRd5JKNh<WIk;%U%Zrs&gJ^s`Y1;C}L+edSSx&3&*7k-zL^aap!=ejUbvcZv
z<)<yx9wd5zCCN3oK6#9Pok=%=G`Q1<YVv3F&KyUv-D&0g+jc{Eqv3fke-_>EK+Et(
zba&ba^szhH0#B)Q2f$>jYr6n%LvX$yh4~KY(%@O(mB7WKNx4>TVa}c>B$~+oY`W%$
zdz<LSV>jsVa;b9m^>`7&+B9~dz-?(u>FSpZ^!JQykg{t<_g+E+uPj~5K0<sZ1dOQ_
zE9RKoyPU&H+Y_lP9ljSRj_5&Iz8)5U?^C_-2Jx%WL!6H_enlTsDFe`oKufgf3-S+K
zv*CS8Ig-3jdFlu=$X$(ha^YezN35`wwx8qNTiQO}xqD06hQ~}B8N&5I^E?-#ElS1A
zxYG6nXF_Q^&{d=~FcpjbDfyPhvHfV6qwyMjosj7CxvQPBV$pnh*Nbj4+aQd(|9}{=
zj>OgV(vTiT0VkD^u1>%d!A`~~go&J)D^|q0A<8*0Hlf5ZE+t`tP;B#`!~N_ZhI+zE
z+wQ8zD>MhWcZu#+m>p30qVIF-<4o$|Zliq?;)*_Gw+Re?(fxOdohZ6xdPs171!<jo
z+`t9(?uDM^onY+UZPw_$%Vy`Jcwb7}wQaD{{s|GuQI1^O7GT&MfG3A{A#|YkwzO*s
zJU=*xXMI@?VP6vyQ))3h`}?AwD4fly>}}}7_?Yq%=0ab*?{UzyiKWk_kQtWU;EYuk
zQQ7a&R0+<#-lv>09;-oK+{c+i@0KV0x3nYMGz_8fLiiBM5NHUAp7~v<=3Ep<`V7`z
zaWIfhLAN$dfDXukaO~=F@LQEg-QS}47r#MnhGXj4`x9>j2ii->9tg~J*PPivyVct3
zK-<J7;(PQRM!;zGRet|14kc8Rvsz;<{{|sY`-4#X1MXc#KZFjJ2jap83liZ-gT*0_
ztz~zOK8NLO5r743Obp_AE5kD}i08GW$E{A({CvVlwwAU5j-_p>&SUN!0F5)pcU23_
zi{g>$Iy$Uu!jx_~Mw>9=%KKup#5Sn?{?fKY(Q{9Xey=xOtA}{sde<8a?*{6E+|tW|
z#QvS`SzDWyiK;ibc?+?}@0v+uUwsb*ZW)1Jj$Iw>tM*Rbsas4J(=|(la%Q2t)GT@5
zp=@wq;&qe_Imp7`hb_?LMKIu(+MELcyCHU8u^>V3V0`6)A&jKWl;}RCzjZSI!xHMD
z-Oe}`2s0q5QF7JNrO^`VL)fiPG#LKaiC3Uzs@vOx_L5tY9?@k(!hblCM2Qei0E9&k
zidebwM?es*xuu;Terz(FCxkBm^vif#gZl^3eS14z+uMofFWJ+0(S0p@`klD87JhyM
zYaDB>=s_2un4}EPGlDGtCd%>-uhlMAZOv`Y&lR9#6bL~a_FrP)&y+(g%MUWjmG=~#
zkL5Veh1`~=Lh@6P{4OE2D8&v`Z?ahN7c8f!esWfT?yG0;=OSTLMjd50VeK?wWdixU
zZ$$Tx_@N9^LUO_GyHCKXuKs5XRRG$wK1Q!JR1nr6HmrAZex8u(9O=&psqc8_P(83H
z*;uKP??S7y<|n%7@z#9rT0TbB63-`2n~BqFyEeUM#000;c0RorowL;D%bEGGu*3T2
z%ilTVW6*olbDkL}d{$g3AXoFNIREnHrrb?*$KZBP^*yU`7E~AFt&S7nsT9{^rhIX7
zBfAs}=WES^CrlgTgX3jcD`q(}J~&@*CMC_Hc;d>+`6oeEoeQ6EGKm$*IPu)8VI;bD
zi0+j*h=GHr;>>&a2<wcy;Nuot_T~erOI7}HWpGlx*akz1B*5H_IIZ&KrIx~c*#v)*
zS^cIHuc*WhQSpk)<`}5V-FQ+7Wb*tAL1uF;2c{vq=aFeHBYK)!bw10g5Q=(t8jd`Z
z^2bATWy4}U^g{e<znxL&>tIF*LI2kv492x-^!fDFMq%mth{6(Hp%9s!j;P%-5T>QF
zrGz9iXJ0Ph)GJ>f4^T5^0tI;5#F~L+z-u{wZDg-2Ogcq)kKX{ot~|ky627qeXgF_x
z_g0gEgu}Z@VDEeRyOqCh=kGS8N>9Gf1%Pi;lc9&Reo`-Qh7OYVU>6X93R&H&2V1xp
zuigqz4NPD~(Y=95tY-Fz;%bfAYEq@s!7RKcmm;`Y&nr%mHpSS6n5dTG^R?mw_npF3
zg*vU3Ut+CJX`@-GK24+RJ>H;ily55D2&m7|A;Y7%`2PgnS#`c@W*vu1B&3D;Ks`q&
z^PfZhoDW2Hgy>#t3btN-z>qWW1I3Lw=TRm)fo^MNr`z05Qp)S0C$ya%iC^oBqV6t;
zMmoJMB{;Yo{ox4*zr0O(#z8~Nc{LtMH_?EXZ?Y81wn7-~k{qL6N<QeBfTKJx6YtFk
zE({_q9_YThACQ@`8mP0I*=?kfG6<RggIGn|O=uEs7`?vX4UXuk79)~Jm9-F}o_~sg
zW>faz>*H;qm@LANkA|OL(_GzKm5ZL}(r#?{EneLQqr2qAu7JD^rmO3;pgizoR{+HK
zZ7qBC+Yj@(hRFX@(7*Z|ygKcao~@_ZIn)~utJb0$S|(cnpFq(yxDdi~kPDQme{^9Z
z@#cy`a@&4P>GL9f`ZgEvwn2%L-9I^}XMKtHqa`R?9_a$MJvkpMAn(<bKid7yPh;|r
za6-y;{#SK>`TM)2iPbQAi}w516qawM`c?(&i>piA6|~EplDuaQt$E1zzgS@gq)^gA
z>u;%{2APW_Ry6^4Ng$3UdXgYy!a1TFFD98VMv^;<exu$jgxC*@Rn^2ji-zWwww~i0
z0RN5w0s<0tzE}}68HBvAu;m%ujs+LD{A;u+*VP>(u0btxu5XGU$9@mrlqEoDr^%Mn
zsaL<Lu{pp9Dv}9#K%E+!^XCGmOTqmnS|7o;?alc!pxC26>9f){u~<Sc`MVFa)C$!m
zlk+mMVk(F-z<K0Pe<nS)52p+wfs<~+IZi7)dk!$&h)t4Pb!9oU;rIU<O-jBFYRKwK
zp{h(%w14eW{8pI9c69;QurQvLFRQrOc>o>h|86B-{Iqnq<V{J-3RKO1Yb~sml>epy
ztME=pQ!)$M0=RZ!S0_+`S<UL!ZmonN>$DOsff68N$R2XW3k41-yFHlqJuhTc``<U-
zuQG3w2|&d-dr14n)eWd?NQa(0DZR4gAmppm-P6MFRjAwp@3?DBDhRr80B;*GXL2os
zB@F-r3bDe9L^112Za0^bh7&ur3dy*#uB??2qg&`sDEyAHDU1q-Zy_*Q&p+CcK?miq
zbg=@j!Gf*=X=)Di)o?cM@m^<O<Ce5wP>~<HXbr52y#?|?(LLV6#^^-+9RmY&j)jch
z{~vE}0v|<{Ee`h<(qNz(S&R!LjE$3wsEL52B}h7SLlsnO6i`N7Pz0HAW28GU!`4{c
zglpLvXGC#9nNgq2j0?^v1{g@fk`A~Kf+FIK1XQS^SprHnlJs}Zxz(KxGVh!BzVH9{
zH$%FrZr!@~+;h)%&yvK?D7@z72pT5@jRS(Brr{H|+yqis;A@$km2<xb1lls=d8~<a
zREx|aJMDyxctgD&BwSl$dAzf;vw7c;#-Ty@&#$wZ>XVK?2LT3xr$&rCZV?5~J`=3p
z0js#|7``aFjtL>mQ-NL2HM+h&(e>Q_ZP#-XUEgPP9W=WB@&Tjk;QzMkV4~}KGw-_G
z=z3A2>+=6?*X4<>w<e9N6-k7iwYwvZb$h6GC7=uJx*GNsY>xIP5Uqt3uNdV|99{e7
zk3(7ve$Xtn#`WJ(3)n_GVLw%#L!3TU+MFQyqlu?&(b@^4wRdK|M<&yQCZkC1mgbe*
znED6)BzzULSB5_PW|rwxr5%Q@{psI!HpA$Q{iL(;MrXsRvn=SWx$+Y1Y%1@}f3e86
za&AnwZwA$+@;dxA!f0?svH{+XrmcG;i||^z5}HQS7+mthukE;-Q_KfSZ)|FhJ)`t~
z3w}8C8<0}r`i^VzEQSp>z}R0kX4oS=j6KpQtS`Q(&@6;rM@ncB!cLGp)L&=NTxr%Q
zIX`wkpVmsa?s<&_-TNX-EL7U}M_~4_U(=DAYQ*>xe5H=_m0RJ{LsR2VqUJ>VigUan
zH41!>oBGXj3F5aRi7T#85m#FD-5rJyC9^XiZCy-KSX2+-Jd>+{!>ziH4>uhk)cgeu
z)jH&w=U&e;=@a85z=IrVf@!)duY|YY;s^XF?q7Wm(q7zddK3-BmBV<0dTfCBtglNF
z=aS_3Ui_pZp1@&=?a!~G`pO##Bd-Z^bpG>C(Ybzb0-bXv06Ld-{Iut>7w(zRbMMlB
zyHOS-d;V;^u~E+N`TLI%rj7c-_VeT?s?LRon6ah&&*i4dyb0?}@djngxEJss*SxJn
zd#M%cSPh43%bnZGo6=l=0<`lFO&Ye1>NW++QilZ#eQz)5!qOkMsn`7N^TDR@i6ygT
zbzG*b4w?tA`&5T7BHDf7dYOIc|3n=n!({8Ze~W0#KOGkB{;SaFpj2hJjxCD$SgoW~
z+a>k4En+wx*d2Q@N&kIRV-rhM#X>3Pr1|w*EGE0D5;6J#kD9Idm*A1H8;dexy=B^R
zc;r3vHJqoTQFwo(`}r);-Yx~m#d^c#^>o<_F4b#J?xi^tD`SRJd!aGj`(k?D6Pstm
zd)w&hoDF6DQ`+)ju{b(Soy3C`Yqxqapq)C1VS3oH{1e*S>F9g~8mlkdB!s@g7Bk5S
zsjx__K5Eg97a8hc+KqpNFNEHK7N8S2&`^Ym8lv~k*uXA%5cV7F`5d<^y7-aVZe@wX
z5{StWo3!O}Mq|S|RCe-2U{#_u?YlKuu!n5UC@D*B_4fXt>7zh%Mq4%(K_+AMIu+ho
zFjZ93K7{7jNZDZ)XMS4DrkLzFn%Ii`o#I2MGemXFAE1Rc(2F(V(#qCkks&)<8|i6H
zYF-|e&8~T+ey~Y@2f%}`>*JI8V^ZqQYUQh2<LWhk0*C`FpGE~#R!6@48amr;!+k#&
zo@2eIGW3sBI?PM%gXhX?Sws{jCmudY4=qbP@bFRN;SK!Ze7DkJU2?UkUUN6~dP*C_
zACz8#WjfhOU*v&7#2$y<jU>jOo8nes&^Pu^^oYyd?lT|9hV6F|AAQSRV{<0Sb;<$n
z`RzZsi_@+<QLNuJyZrp;ZyV1C;q$-DE>GEZ%JEEfQ0P@0I1tJ3*MWY#id2eEToFL*
zIxGk3eWf)X{#s-^mOKVvxZ_n0hU;Fz+3pa^dLaKgXI^p}JS;XIUYvNi(~J)-OGd)O
zYmA3yUp5|w=%IB<rl=0eq_G^-_9q^WHFNWT9na%LHAke%rYCrEBKH>5jCCw*hjlZR
zcHl}c&>D}aT#a9eYtOvQSK|ta{Yz$@Qtl4Pd;+KQ{B+KdqlEG87C)@~m}iZ*e);d-
znqj>4EPu=Dzgkv@&ZM`FYFED8wem7MB1ay^l|Q9jO)p_#LYs4<IxG)1m!0PD3@QGn
zv|~UZJ?hYNuMl2>qPOI87|f5a@WFiY5=X=3my>C)`+#=e$rm@?$u)gDne7Nz0IAqh
zXkW|){q-Bb!)s`itBp6%a!)9xzrxRdC3d_U-uR7%GvIOTi&XsU-cB~!U5@SELHz6f
ze3<e48(=E2h!`1j`LkK3gv(CW(5}+bU$&vTKBm3A>+!mj$4A<XbAa3B$cRzA>aY{k
z4>}n=OPUB`bdk33%C5su#2?kfwgx{7u63|}iE5!}_aL_;{}BDSiTf?c=I;?yxG+dW
zo2(AO@W4QN%f8ykj|7ft({s7z@-#1aSLh^rAyt&t1kjNrww+h(9gTVr`6Wjdm~o3`
z2MewVETscN-n?N!bDX=dj-KMo_CJ6L@Q}Rb1#ip_+%CZmQ2bb<&UHjsP9dt1i5C9+
zcjm_fBQedLacQ|GaFx$>TzGz~>}nMLP(AN)JXu3`6xn<N=B4B5UH%Dy@2}cR4TbXH
zO~@Qh1VCKhUX)VCHHAK<n7dkf`@d9LEdF}#=K*hYm3W0WLiK^wXhZ!QV1k@`763~0
zIn|vM&kN&ASxc#F85(j;r9*l);;*=Aeimyf64p0WH`seN3bkGSIModf;iD$HNAFiR
zWG*{`Z}4X2+#i*^QZm)_p>a^|$8-Y5`0omijr&1zwJKVk($aJOJ^4Fn4c!$pE?v!w
zKpxa?T7)am-x<8o6d1FS7w@Z^KODV6ffS;DO~Q`|?FCAMplIeo^ZY+k{n7@qx~z`v
z`Kf;uzHLC~C;qgC7q-OOr^3+LUbMA@>xC6<CSLpR@Ro~#(*mPKuV8%5z*;T8po1hh
zR3m_x0FKXW^e-g|7fVbY9>cA3i}}$s>itGfTJtFKcbh5C9N`o<e)<Xj54|*-4@+#H
zRDCkd^)G)qwCwGS#l0+G^380bjweM%tQV_~ShW!JPKBjYtq*`tTh^cui2vx1$0^?w
zyrnHKY>gW|Zn`oScN^~1Qep$9c4E|7?Y9TP$#yKL*PA-K&V#xHL`QJ!LjN3uP_wA)
zjGuXz+{Ql@o4=4Fv(QCWbG*<RXIt~D!u5fE!g~4YIQvXFa!@(xE(&&DI=^?a<|M8|
z<TrJ2w`b|GVC%h-;N70`kk(s{JZQ!*QBBDSE75w6wIs3L@=+|X`^NLhZ@m><bhUZ0
z7@3Ot?AByQhCFhI#CE%H_p#56O5<)=_sKHbhQ>h!i+4WkECN6^Yrp>)7LxrMR6cbR
zl|WVEaetaNdNePWJA5>r1IM+iN7J75_l|n$gigEjw<c4$%uZuP$&((SP_EJx`^HoR
z*!Kq4=atSs!TqwuWU?E@Mi*Cjn73BDEtgy#nfDVRG|H0P`QH2{cV!Wb=K-VoD!0_C
zivfSyCPw_j?Q-rJEifd;sp6k-<W{Sww2YNljmWH}Ur0*lSmEhiHU#QIJK3|h6s>-h
z*xTJxIC}`<$>;iU4m7OYOXm;^`)<Tjoh{O8v}YO3ZbNBd;T2{f{3vFvRTf@$lMsFp
z-~DJ@W~8KZw$f%6%2v`dOnQg5A82(`fe>C`!&dW(Ji<qv6C<_`!pG{PJ*3<y`pQd@
z{^_#oj8Hbog5&gC?LKp}&($d?`z@#?oE4+qDtssQb6$7mqZ&!sQ6NV8?;xmDH=w(&
zY;Gj79U}>0vB?(r(x=YKmX!9a(oZF2ah|obMp6TI7{FEHXsaAqG~6yMN9(DytQ{$$
zP=@EtQpDpNOrDnc^;jd69U}i;wpCnqm|Pfh_lRs)te-%<63c9g%2Uo3N<ZiNJP;ci
zhoAloF;dbZ<^pPG^oJ=ea%M@&(MBDuxxs~kHDCw*efb|?uPs|>U+R^|3*iZvgmhsB
z0B#MQv4VVHPD~rtTWidUC4}&(_Y)(c!a{6tah3M_0+6=7pNNrJ`==*F$h)_>)v<1M
zf=!A{aW;rb)Jk<Qm80#V($FqOJn0!oaDNT*f@F>oSKN|kphod+BnfXp&kPCraJbd^
z{oU#<nQrxtD-anl&!n2x?+;mYO1A*6kb?;8cM9w4tB=^tr>hUy&3jzc!g9>npx;RG
zGKd2D*v@2qR~$MPJ$<8~HF3;-J+6?*yj3vg{Ce#&kU|LC4}<KbJvBHMmt5P0&@IR;
zaNaMCN~$KC)_|rB>SCV$WrE*Hkvj$>v%yl9Y>&9?5MRH~M0Wb$tluYr*s{Zk1)K;A
z_&F?KhRLJO`ULROnFS~T+P!k55%>CHpx3YuLFB@#Q-g4DQ6c;=o{nA^*>xv+fvCgv
zS#%!8S69Cg?G&^#OAPRDE8)T}rn=M*bPyrfv}V<-rr_dQQ(&y9POVS_pGfShB%ex%
zSKj=p{GA@4Xr^;1U)W@HQ3qYbHUZ=+(3HIsXxkAa<-5e@dNEQw81MoBRox9x02BYv
z^8pppgA03`{Sx+B0DbBYz?_qaFB*uS0qVf43e=agFrE%q`lZL(0AxpDrL}`2k)|%L
z(65DegA4nZ{r6*cbFe$|AY6v$?%6^ZEl>EQ1)pHH(8Pjw8Vg>5EAI_AiGp{(exQ@L
zUXK=_PmPQ07vZ9c&b!A6g;rtZR=+J&6}XgBJ^#<p6%E@R!k1PVFYUw&6)p-b^AC5Y
ziTJqp3qTt$y9F1jVtU>yCg4B&Db%Oi`BsAZPeGf0CaF}w+BRp?A<Bn&@Q1A&Mi-Gr
zl-*bu&*fk<$Sjgc_rnfK)yi$YjiB|{+&vhDVfgiM7=6;JjCJcGP+y9yE#~-7sgoKW
zMrl<Za0=0I2FZqqPhqW-|CE&P8qpQN#=<$Y@4`52jL2Z&7E*rr5VK58X|89oOlDEd
z6v9PRNPKcO))+@!WDWYrsRR1b;KK!R9w8cf6KNftdwKKYK6WxDK|e|>Oc=ji9QFL&
zNwy7&B2YKu0K#!0{3PnU&??-QToMOtylb!tIEWM(Zx)u%LMqN`ij_rwcbfegJboP?
z1Mt+%^kJmu5sw9~OF*;D<NkZ<N}87XAzz!QcJh6cx_0<-zi&#r?`fD9=z6q(zD$+Y
z3?s<Y4>ReE^r$9a97=Vu3M0m?iyy*tuq!br#N9JWqaBU3&<FqE4jp`1EY53Icc<DZ
z@mb1ZhY5C{>UDr#nI}eURWx?BJXo^ML^?y$69WLy_P`Wa1ze0<BK?Pnk(EU>s3Qb5
zU?molR{k>*V8dvMR>RZC%+?itAw0KL*=ja^;)sjcl)pOxa`#OiY=Y4vV2MM&(V1co
z^M>R8%v2@C;_rzmb;Cn(Rtlko-P3b(Mm&inqEcWI!h3-psS&)539gzs5+VM>f`se+
zf~Xc~mHDlSyW*H&)_W!)^cnqLN58icA)rHS0wTEuC*();a`{Yq<QnW@v$3H>mM(-s
zw8xIgsDVVajEC9?_#W1HLHOra@e}V;L=ob8t^w6MUcjQ<+Ufv2JAqRfdD)$VO=tt0
zg9cs>e)btbpG6wrZSB4x2!53=0==8UXvf6tJ<y)**7{|}QrsgD;q{*rr&ws0M{m|B
zgY$dj<2BAvX^1B5&HZG=;Co3;d+(R9v#e>;mJv-5#O7us66c97NEv_*fSmgiihcpg
zkY80f45lgp;eOwbn9r9`<sM`hQZ0{OVCS}bS$&5d0<|~GYVTYe4O@-V<&=a+Ds8T%
z1&Cpwn_2?IVJ;AdW}tOQoV7*oqE{&WhI!R>Vu^TAYPqTOyO>WL9j+x<d<}PMisHbR
zsqcy$7-c0I)PWa!VW|aA3#`vOejHZsSEmg&rBbu)W}oYmc{hlv6)41-9JBwpjE7sB
z@p}X>YuY?`B|#jHz5`^yRTFrk2B7pbg$S!yR@C2%CQtS1MU`giW5-2>NQ}up0SF5I
zLhZH}EKlPd*rfx+n93VD`t-r!F<M<wrNz`gCPNGQ8D1xZ(dZO=5?{E5zwoblFoI80
z&yTrpdZI?X9qsFv#9UqWYIU5Q$9IFuqYg)d*RvuCcHgH27No{cpVIc1p?B?qOXbKM
zvv&0_48d%>e+1lwwK|3#AD=(i7MBu|2P&rSgi%LkGwmr|Z}=6C9B}nyCHnkmm;VaX
zrJwLe*34O?k8PjqVILcZ-|WLH2(p1}KpRA@d_anoCeAC7)M+OkLS2P6n+Kr8F)VC{
zOYO`cuC6y=q^j!8PLNJnU5ljCho+|gA_#>=`U>?D>&Nv*pZZ89HBk`AO<^Rl*#TX0
zh1bBZK!fC3xe9-LscyzGYE$~hkkHVe>_BuR_3i@l=Lz&e415zuAG>&Vxv?HX=x%bZ
z$2CFD(J`LZ<PdrqcV`6#J!|qhY(n@6c&RDv%d#v}5g-Rmj3!$Xz7#P|6*F<OY@og9
z%k}`%kU@7*KjeFsM#m0l1>?y96qZy7oxy@Q27y#3z;2wMBe9TkEqZ-^G$C^~3tvXE
z?1UoWqq^B{c(jf@1~PbnF54?se+!z|$8cx3I9d?Ors2mU50A2gYIYl$dEO-YjWMmt
z)`80o0}(R)L=?~Libwtr<#Dv*jg`$Y5TS@$SHFXQtO@2_eZ(rc{sj+l0}9IEUPwQh
zfb4)&gG`<$#BSmehs4gtO8B}jYrFM({{up3J33Ib-A2DLpQO?TtfSeS^bZDT039eu
z0;2kG56rh`J|nvJ3d-~FhT2bQ>mh{x3h&JSGwQ{m1{3yU3BaOHc1UcB6IlA>9I^VC
z4FLO`^KbA{?5$`~CdHZpZ!+Ol;Y(}QuSOt7#tlY_{{KnV^KgvCVEPH@(fvIrGI8yL
zO8|e_0Wx94wX6EZ$m$*LpMhSQAMsVkIsatg_5R)DT~Qsg;Ugq-lk?=rEpa)#O9<~I
zr}IfL+j(}3dX?BNDff(wnK9n5BdSi%2K67%XXRX6tg<lNoD`Yzh)FVkEU{YAIw{8&
znQ9iB4-ytxiKzO_Ur9q+q#>>1kWLA}D>IACCfa3or$b~DGe!1zc4=>Ubn$*VgY^jB
zR&|nXOVRze&hxP^ltby&hb((Ll_LUsJV(DSRUgHrdCrLnxPD2u`#B`7S}D-^IcJWI
zZsz4<)(pInXT!)@(4peumE#<^i3+I6xNQ8L&41JVOdGkrhMfJ;AHBg^h^2D?A+^Vz
zMCZwnQ?#W(U4OPC_59K3qlEWIn{`^Z=J$7`u7|o1nEz(PcwK@A<v?K2m}2<Prl%vM
z?<(y8I>NWjw*cSOT%0K6mK6}*VH=UypG(5`Y-Kaj1S?MgC|)_H;lsfuwf_zbA>Lr2
z1<lxzjX+n!oPN{W+Myde;^+#ALq^p=2o;hny*VdE=#KO+5U;kKCDAfOfEKNs!3bf5
zp*#4L6KQb~@LL=vEKAc?n;#F6?UL2zB-r2^%0Flg;VbzZRGBh>PIgt51|&5D<l2#a
zVc3`}*IW%sl`pa=4-}gH(vYa++ARwcT79mTdG4mI79sQ+p7F9aBp*>3qvs<U*VAys
z+Qshoa1^ouL6siTdt>oESF2Fg6GxzI%bOIjm2&ZdOKh%f^KPL{0n&u4Mp%9w0l5a}
zK|M~&HbA)HVuUo1gw-w%Lm`Z((wlN#2L1FaYl^+mBYgBBu8yP<dEvAd@%C{TgM`N=
z<~BlDcr1iC7Fi^qr9~(uEOnzG{g``GyaWENjCaN#6F03n9bbwzNB72j{CC3;lWA@&
zJ1J-H#IzHbb)kO^WgS(q;Jtq&jB-dRNZHl+SZNhXzlda*_OvRk?ZR@b;pAa;x#ztU
z_!y)Y|8FIg!sn{|HqpEQqi>zlx?Robb~U%#)q<2O!-F~XMy>h08>=kcZWwO%pnv3v
zYO#H-1sNWeJM!BR715Hi*2aIMxAa;&|BWs_*xOv*y%3s=Rk+fw3uYmn7TK|v&*2uU
zW?O|Yu7q;P>~|zykqqZ*#90)3fM83}kh8+X|5FYFv!89_pIBotK7koA5(tks)wKM-
z4K{&BekJiYEXVbt@ea}(auG?i#~X&+^2$Xq(g|m#(j*GH$0(W5YBP#LHYaAFuyV1W
zDeaD>Ft4PP5N=B|(b?wvg(Rlf0|HKjtWH9>75i=C)6e#&%WUY+mZEkt=5I@~DEm<u
zrLG^`!ctfaBnn|a?+&Ft?PMX!8ngC;be<v-$?PkRR2R*^7Pc%1b~S)VnfhXKt?7T3
zqE|rHjTAb>+<p1=+Ne<-aeeDK+_SCx&0a#;E!Y~~-e79u_-*uK*GE!6A99&!9LPjB
z=ZLOaq3k2Hr{S4IjcA=`7d~2AB&$|Aw?>X+bZ{ZyXb(AeH>MhMbqY_czz>=c|0VVm
zXDESlM6pEnnKyr@oZCs;ExzG;+DLJ&a%5t6e+CUV{R1TD#1>BYUZ^?xdQ-}NcPpJ1
zA^b~dqBOL-SMc@IB~mCzWY&5uN=Wl_&D!0A6Vkj8dWonnmkmj<KcjU{KToO$cF|3+
z*Y7!-lq9w6pS8vfG@9BohCcU2@YD^v2v=M802t8;H*mt6e`3?x7g2!;ZYDvMM0&wX
zva7_t^05Z;Y@rh#bXSRRqtZ$on@UQ6HvC9R*Y%_blbuZXXj&1h+`sq&ph&U}k8Avc
zTDgPk<>Z5jf(_EoK`=pNAqb^lV(aKt6ex0Hlj-Fo!1a<izqjV4S52{F_-hXSYQSFw
z_-h{^@u1&kA<B+xfdN{EHqlN(g&{w#ZCh@*v)B0jBI_Zt@s3Ihz_H?0+!tv?BH5WO
z-0XEiWM6JF^;~Vz{#gd7x_~o8oV}qwaoy?QbX>8tpr7=6v&hl{{w&i^C5C%(88+i9
zn`&XGIx<*Rv+T$~^u7-TF+MH$`_-gRK7dX`9I9-OJ`3@4DjtWjXU-uL`3G@oN&SG>
zu$bGaeLNgw6m^laK%L+KlAWeqmQCTE?%+QNs-{hKu+jo^bn^ERz*<vQYh3RHeAx6F
zOh>=A16|Vcq`{_iQC*xFAMofqgH7DKD>Ml)zXgr8pV2lP`RjMkj1b`_xn>Xo<sngR
z7K{SW1aImu0`%n}Rmv`l!I@#96U=$caP9+@%9{mt9lWt=8uHH7u=34bMDJ`N^diz=
zYoU|qAPO07rP=IdZEoeT*$o1|#5g!aD~T*hL#3x@9qzdSWauP$1lu5}bVm!$|2Zd~
ztVt1|=190*AQha%a!tsK@Suxj<Ie>KjIpg7Lo+N!Om?LIjuzUUOYGW{1@F;&yu;_{
zeUUlzSKE^M-=^>jXqf&^|CGu<P0cots51C6Sr1O#4+GnI8YW+Y0DcQWy#Rl$KF7zj
z&SY?xg>77fm_th~s*l@6>s-6`^eKS%y=}%xi$0s2Nk4juu#O}SH=UXR#mJ$vB>bmx
zEqol^BqWtnL3o<!ARPh-3lbZCAv<BXWM1CDZ`hnL<U$<stF3%5lKFpnd#Zfvp0WiG
zJ*H09wvKwwa6Ad5^UNIE5ERQziF6EKA~|KJv|la2bPRz3!uoOP$mtF$$K1iTONFwx
zuqhqFd}B1di8t*pte@PI)hP`J70q1;Enmh)M~y~bHIQ-9Z$rD17+I8Nq9JMd$pHzW
z-<$Ac&%98KJY?p_L!ir9Dsf0%!NY+b!G-q4{(Do$5Y;x$r!kZV7xr3ANecqu*vd#r
zU9hdEupAA^h4%^}FWNw{Bg$bADXuGohv<_QY`d589th!kaIZ|jcI3Bp3mGyS^u4en
zy2T?%tP!1jO3j8N9{>?u0MJh&Q&`^zv*}?x0gDA&o&J2BkOZ`7#YM1d?4g~3BN!PO
zzRkiz&CwA<WOXS{ZSLR#^Fm)l1mObXue(4Xv(GSo@NP2+B1P$}S~+x3(cQt;ONHeV
z;BG{$3%0_vFv1$=JRDnA;;ZV&)gCgwhVkH+%r;btR1M=nez-}Dh(PyV<(3>IQdajr
z%mfs4E(CF)Ls*U$#u^LvIYxi1NYPK0r#Fn<zSv!f@bjycxIkTzvVp$vv==<3>RzFb
zac+nq8?4=0q(KWxe-Y}W4gQe1#_II3T75Gan7`8>B|29_&J|P8cRItVJvQRKxQt2*
z+d&@qw?u3%{VB9Ix;_)5)tzw?5Kxp5$Xqi{SYLQkQ80d;5JJ0kQ3&p1`VAdR0CtU=
zARZWj(C(Q6?b4rdNS9t#c&~pTpDu8n1ITp%koqUsNpfn&vRxl1zw#nmw`D`lome)9
zfvU*!-Ie(2hGWo4MGQH@0wUXq`Hp%B*K}v`U=z(6r>x(=<Mc3>9P94{xlU_d`d&O#
zh3-Q_xEy!|rBX?pwV`_t`B^v#{0Aw-?6u*>j@%ItQAjxTIEqGd%(#ok4dCuOgVA<L
zv0%r#uom{Ae)zUF%&(G?_lNM=o8NREjX}@AG=GA|c>g;ZgG~?2OVF697p5`TDDclD
zjj1t9T{Py?>k~6FXv|{sLOJqClE!#1Kw}pFl*ZgX&!91j|9_`3<QM%66?ohoM?vQx
z2;odS^R6%ao!GqR=EyLY|2HTokk1Y1f4?Kgo4HJbc4yv&CSt@5Qt_B)AI~zSkzc$h
zj2jSwE77$Ter^>N%_a%&)gV~R+QNQ@;CCA#%vPS*X<FBc>6Zf6(mtO<3iZT@tpFtM
zj?(h{s@O}~7JiqEHxy7^gz|XD{KNVqal`-d4sU)unG)tK`aDiU=R#2=dmeDHA{qU^
zWaMX5ufgya7qvhB#W1_p2%#ISbe@6P1QN&gLU;xpWDYw08%$UFwcjtXf5jYzp6yc~
zLBi(0*XNp*9XKtiflTs<Xx3iJBh&FW6yD*oqRHVAli!)hs{^!IcC`qhKcKkbdU%H^
za2#C}LR60koe=LF2(sDKxRLn=gNd=O=I@L=FLrI$V*pT+Hi2);YVX^|4mM4U^pE7w
z=9fV_h!j(LfxL;4!fesH$eD>vbF|Za4P9dgPoJqmTOqW8%*TZeiYYye9ps5@L8hiW
z*BX~c4}E2JmI*UmK;t|go0VOPDr4DfOch2)A}g!RRdgbR*@mRZ)EuBcSd+B+m_=+p
z0BWo3+9e4S_DD)=525TBrHbe@yO}pf2pLzP)O&{sAsa<~cUs{pPY507&unltLI{1%
zuX?~$fe=Ps0lx}qi%YK4{)fowaav*@OVu&U&5{1AX^GHm05i`6MEo!(ziGDcC`@9u
zFt-{r-I{qS-lY>7W!E>4pOnq@l53ZLh!}YsM(0_X1O1lv!=Nm@8irSC_$!Yu2<5Jk
znAa|Z9wN0(cIF^dGs!JZHXnj-_BLrZ-3<C0^ExDUH>}MyZ#|Y}x|u!PK~X$<pH9O+
zFdM^h_qN58Vf1%&@Z;`-j~IK0v&9y3={4@)q8{<<#7Ifpf4Pp~;)%Sr!9@e{esMhD
z#9gMenFBFQ4I;A<PR?EF;It5UP!8oix!>%ru?@TqpX&oVlJ#Z{2QE3Xz$~+e2blB+
zaWE(&;%!~UcLB>kfNibg`RBx_hm>s;Ev9wPA&a@O=jJ!%*OLzhKezQI0)X^!_zQzR
zbyuemfkcL1iki}gVk)Y7?qi_OBObh!D47%`^}wXB?L^7+71YM^o47u9%gsnG_USKn
z#JlqSiZkmab{>ha!}@($#Pv~HzG-mhjyV$h6d3FKk6@Y22SLKVla7YMBh8e!E^wt7
z_0s9~Pnb@(e8*bO!>yQC#*A=U)W=xDI@+FRh?7ONp>kVtwb6b+Sx<z}8>Hp~535i5
zmq+e22itCx1<zhd*@mHC{X+Et9k%ut<THImpRV)<X=of`t)RWjOyB67`?84wUYj-a
zCC9&UqyWljlmC|@AY{}_Np`!=2Hp3N|3dfqM0+G=oHAcJ@QyvPp`aW1>tsIvRqz=d
zk8YJQ&)ql}Dd`sS^TETf*kv5gaJKKz-4Zh;yQS1G`9%f${NELYn*2@!A|Z+@u0j|D
zjvM#plC}3xY&YB#LJz_ffMhrCSD)6&=h_bjLFl1RkEht{r*0_Ede5|R75tOp2?WxK
zffge-J%mhR%p&-s-GT{)GHF%QesB#oY42tva$UfkYPchW2BZ;__yjIeT!|yYR^LJk
zu8~Xe7gF_!v|A#J-Z4#z6jqAWN7J;K8OFj@ORR?w`a9VKzmBFo<{E4uQrZF>O0>v+
z8l{40k%O;CQRa-*be)|}a_cYf&B)vwk?qI)_|+$Y@P4Blv5Ky5L}9`YqH+!hug}5>
zNYqV<MTO<xkw<NdCF&l=Z;azNtWkF!zfsI@*rM(c{Kl>PMq1Qez;B>kKk6<tC8RCU
zwax!4iG3yIR%3)&wPpb{4b!MWju=X*{UiQmIq2vH{7b1p`a2%zZ`I=`MRS|vYW4pD
znOD^FER7PwM=r%8_HbiZ;)WeAXoQm@o_CO3Rbv`()>n*7%#qmbb}?FP0IZk*hMD7|
z#hG&mX2sc*>9tx17=5K20vLS-F#4Foi07jR7!?~ZT4ym}RBXWLF^d7CVgp8xS_~K!
z8!&prV!)`_fKdi2*u?~+4d=lK^Y&Jsvd9tJX3nmvk}!JWd>DzY7UWUYK36ru$PF-h
zG8IN{fYFnwFnThN_xYU|wQ#&i`}CeH6HZ@>j_1)H>F!{m(-e^5*^p6#Ib}P~@2Q;1
z-Q`-)@g{$#J}#c*6R6!~^ZWIBdS~K3xr2YJ4Sf(LdEDAnS?9Yjek`)DVwWV&@h)_}
zd;zyb6xjsy5mJseYDdSn0pS2SWgCzRA@m6O;Z+lZQBK|{0}2%dJI#_X9;*=&SqU`-
zz6UAi3lxJj&7Oz>y!Hm%!lN)dQvOc#9b*SKSbx9Tw9&Q-1@RhfHJMk(^niAvG8Wom
zd`vX0ZKSbD&-V@BF~2(2D(CRveC=@ZdIRykrX;`R9B^w_dwTx2uJ+VlO|m`dc>4OT
zYkL2`x~_>~KHt?pUEiPV4<yAFkvT53Q_kNe`WEO#`}iVs=S?$><Orf;Y!#7z{ezz}
z;Lp&L0hH$t;d>iqz@yl=B5Ty2IG4hYCq-;K-M8bhn;TQ`d)W?jGx>yP2w^_}Lf`?9
ztX7~`2+Fe{NC&cFw;S;TO=W1^GYg@wZ778=&4kB(7w|>8zt$3nt<4S`m02fpqNi`A
zn3P>IYY~@i$9}to^Lg-0bj+n7&AOYSMMC&@0Q@c2aV}otah9004(EHEeeWVFc0vfn
z%y?F&q4%W&giEK9rlkLA!=ugPoUsJ~<<G_3Q9(iy*;(Qy*6KlLov1c{cbq~Cfcfvk
zc-SdUez+8_7X`1Tbb{jW1+kSh@9@DST+YDkW<la84>%njHq7Z|An$5qmcT=|2>wHP
zCvF7QRPO^L=suI-#!SM$_{jtgYNa!|PT^LLl3tM~gwLiK6YfPMZ8IH&@kAD&{QY?S
zU`%4<rUN!mA~jL)q^+BY7Ktg&5)^{-<j7Ne#FQ71*_<2J5!1zt1?(U|LYw<}0u0Yp
zK`(A$Wz>`1vI2A!{~e+lUW;fD*}Rss9mD;U7K6fiBc2O=2v3v%Is^)W_Cc*De8wZJ
zU*ybTH3VBEw@qn79zg%m&{D+brX?=|A!B~flBWA$LEr}!3jq2D9Zb6)<vEmx<J#Lc
zL!P_RN{7&fJU6wt4HJw2i9@K$PN#mV16`mRJkVDmrd2EoC9p^tvpyf72S5|TpC%Hg
z63$Sh&xYPWdo~WDweCdJa-F3#gyCNC#5~;1D5KkiFsheo?;?OZlIcq=T>e^6W+=AR
zAQM{X;NIW6Df|U`r3&FpQlwK*lZs31_Mi(UXffJ>PmEPToe#9MO=hlF&d_V=5GZZu
zeOY8H&f!`QDu2gN;9kEh;Xh#!Li_2kU|A-u;fBoQ8dh}}S(lC(v8*|WKmQJC$N<%f
z>nM145U$&tnyWs6HeobE>5p{x$4JYC@p)h^3ng|6w@VSmgXhtRL1|^%W4BPAIY6KD
zzBbG$v#$tg$Y4M<O+MK}9}C<oj|RX4qPlx-_o<Z>1cM6xrF5)Ph7<HfUQ5i=|4%$V
ze_3YVY)Hq|6lgU;F1^bsYQOpc*Hc#ExBmmuZD2gCrVCT_dpoGpr1gIQ9S7Vo2O*F!
z{ZG&4AwaEkGO)A&6KE~{5;OTdLj)2?o^Gcj*4<iqkJdOM!5x5eO+mtgfE)0z^IE_|
z|ET|N&j!!iv;U~Wqbq$gW=|xP{X6^ulKvg{f(|0lM#I=2W6$&a-c|Z{?L6;9PAV)q
zwfoQT?3(YwAoVkZ7AIzx3n4F^mH6zk>dgzfxTog$Ymp4XhSn;Bub>6)Fp)2qGg7dM
zwXaYD9&|8$MLM5^-<U;&4+wqU49qDo2>_<2<H6d<=4-f>8XZOT4`7%)oPgwOp2jCf
z`*`qsbYcal?#}{XQUFFkxxcM|EyyRebzP5y@Soc`tX~EKp+9FN0-Zr!tbkiYQu?(~
ze0~A0>BmHbR^OY2dvXgOuy*q9E=p5uGAPXxrc_E38`G8u%y~>?x{n?5GR>1zERPQ&
zoDta$e@So!VuB^O0{5j2XA}+E;b+5$7fsRNaZ4iA=n-uozQr{COFX*6+)Lk7HoQVd
zRI-Ta#pt|;!tMTH1+@xKtI&n?8_xCj-vs*cB7n8O?}h=Zj7Rx#t?DLIB5H1feYJ7_
z0kuGT>!vQd#T{6Rr^yJ$qbU5GP(4N9ubASzTnMATp8BYrhrMHN#(Y4v?`^XAtf*8N
zOsSF^>Shc>DeYX`f43LYyD~H8e<$bQaV=hSg2n?Osrow``Z@c|KT60b&=YX^wM2~O
zW}-J7lHBFXS}ENU=*no1b|;SDy{tX(juC;siZdqo+^ytTT5Ll~YdEpG)!Xfo+Gh(T
z!=^mNAOIUfq3oZ{qOu^{A`0UcWMknAb1i-=@Rb|nGSCO<6UI&zLJrE_dBQKa)$w*x
z3$Uz+xd$laIp@nWsk5jGUU(KlXt|Z<@}B@_{yX^ZrBzDRbt}BkkJlXgE9G78ev{&Q
z;C^(x5&MM74(5It$M1IoNbgj8$^Qf{dayHL7gYzjf5Deq2pz<;n$U^B<Fk$Rp40-Y
zHvuV8y*1kx8P-E$kI=A7hl}cOl0bTSDFMliXN5^Xd1(@Xzv(X~zjr<mJ~rgh)On?$
zyzoDo&o2`F1G9Ehb`@h^Na~B3-SO*5Gwrg=VfmW7Ff7(HQI{?CyC^vr-<_L{Axh_c
z*QYYh!FC3oH+I&7JfMvqArVu@9Q|b$=WcJc(<xF}3S)l`n*c8aykzajdR|M6QwS|U
zN{?gx)@<yB=gsGVs8_P?)BgxggWHqqz+ZBM<nr%Owsd03E&$2p3KU-)+WU(!lmULh
z|F5{vzHqZo0<Y-}-Ti0JU-ud#&syYtl5N=TRIY}fc{0Y?yNnKfe<1PT#V!y%fvjd^
zmme$aLcLFWSA4e^S%-9`O9(`wJ}Smp<@e`|ycQ|cM+ogk2Fg{eA`_u@q=YhQR4uyj
z{`Zef?)~IOArgSQ#TRh``Eh4+V7AcyZ#i%O<Dj2Hxg+us&a9h^qdj?y5B8z9^RVMi
zWV}bZdBYm@LQwUS=|tNute;?08U#^Uil-h(`SR;$D~o$zI8=CYp%C5+uWft~gO^|5
zDkvxii=!XP@n@=wxofO-VYW8*5-uCz;hwC{w4)O-nnKhk^3Zp1G72b#>ZAgX@X;_)
z23;t=6d|8c1T7lqJj7P3PP4m5-{rLX18#tL28eTag})9=o9zvsSa2IEJgH?Mib&?s
z)yW0IM;RsR<Pp%I`tacDwk-D9vLo2LveoK3vvk+&@XiJO)ya90iRN%Uo0Jzw7unUk
z4pR5J5|TQ?i6K}1f$zof&`b;0`=6pLzlA-75W3Cafl`qvR*V03_ZQfkOsYU>3n^Ad
zz0aP=j*91DnWFkOxdh6I{OiDRr{Qtg929%7DH^QdryqVc@Slr(YQCE_N}zdG>pk2`
z!`Rv7l4?5%cr}+3{X~5Qb#9LA>O=>!5+S6cqyukTKnYn+r~RPb;=Sb*#36)hNfdha
zb`pgoREVEP;RL;8-=W^d&*c{S@pE`C7fLk0yd~j!IXewC+MQQE-N?_-YSpKIv~c6=
zUJVHi5R|<jBUOugPl-cX&=s>Ljr?Ay2!yi8IoIsJhv(fz%n;QD4zySfN13?91E0%A
z$=!kb8}w^8+7xhq+fjyhcrd$(5JrYad~t_aavc}SzNICK1(N>i9`4e+N?2cFt2$;2
zwpskY2)6a|KN4&+`>#b`S)5BL8QYCMUc)3Z8+jhD0ez-sAxOe=FqJrt33JwF@`Sc{
zh$OOc_6i<wGg@4>9asGV_56%C=_L$b99D(Wlo$!GLBX91y?GU;=Xnw{OS}%-<^lL~
zWOYWKh&hk$LalHr5kD=zUTXdk!}B{ab_VPEA=KGEjMM*tr#I#`0Do<k*h#7SNSe$}
z``8hQ9hX?M6uDxARDCo}wt{wmF3eb0@G(pW<X<Y8cT28sCPr*m3d^&|z_-n<rpqoZ
z@K0((=eW2aNa=3whZ~;KY6YqZ*M#s3<O6lDLsBPX@}oIcY_F($3ueYHBfROA#?Msq
z;&nXD@Q&2@0+{xsNdHnF`w<{jz>|nzxi;5UVfjcydCm5yCfN$;$iGQRojvSSem$bc
z9K<_R4gf?{e2t*u#{=5m0W{jA>ceSNxvU`#v{AD?b}{0Qxl=aRNv<D-<uzoFF2Eer
zErFvRHm5~q0CSNxGG&Tp#hJQFGJ{FZ{Q-n){jE;4Iv4{e`JWD;FUT)l-@o}n-=|s2
z6wp!ZaCg`FN0<$Gawsbk3e4R58q@sN=`w1yktJqr4v7Di*))L~iPdO19W91RBZU4!
z-gM(Tkz7-m$dF2_aTivAJS1URze8zq#Ca*qmgnOdZ%51dy&km>&iWo$>w6p?wi_la
zH8;_;_aK&@;aT^;0CZ2II)n{rfVb)P7_R^;n)iriO>%u!>ccq)PI;I}^JUZQGMnZQ
zm6~kXbtLc%4keG&S-_0=<RY2P%ahr{95FhsXl@fO5IoWkb{O)CoO?P}F6SQ6FQzm=
zM<{yT*nf99vne{ntuXZWwCk1d3=6(-=xC1iMCv9|MTJnrVjw0`+5(gg-2ccTI8KA_
z7v<6KXc3J=zl$s|w*$7^oR^4r>>NxHkGOfJRW3l4tm=I7HvLAEiPJq=X{2yO>+}bS
zpIa;Gm;gN(uEB`FJv<{v#I};}n&(l$RBe`U74*9x@N;s9B)<!oGVH<yq8c<&lXBif
z2rZ&aSGFQKGR0YR-f+Z7;Wll5GY`M-PICQk>+i#xY!8tk9E7?&*|QKDjJ@*Vh>`wJ
zB;p7$5vy_tI6x=pv}!L_E9YzC9xZUxC|&wxauhi@ifoeUxB=wq3hInXd|GhmtO|!s
zLmb&PL<bHr8;6)9goQSqUDB@hiiHqsrUBbtFObm;9g{JQQmD%RE5K@-Xs(7!3tZmW
zb!mmmNnMw=5b`Iulp}Yf@mpyjtb7c&Bt&o!oLM!QAz@$ZnPPr5Y*Oem@ULZu(9(qN
zTD1tS=ERyw>>}NhFhlBFTNA<C6_hL=Sq#XJLU=kQ>bDwT8fVuhVoTcSu>H~vI!Y?c
zmLH!bXXd%CMAq~hK5aM7A9#GJ#N$i7>{A|Mitdcdj*~mXdXR`V&!GeV2*!b;C^?7d
zf17(t+5mF3r*o#$w4s3-NaoKZa}A#*aQQ}&g=fT#S%}KwOxO}$L+1$3CAVW9U>fxz
zj|2(=QpZ^{X+uJ&5Mwle%0#?DAKM3Sl+dXdf00p;K1Ok>{JwgTsIHvGy~AhF9~wH*
z01uYIO*&2>7er&EJ>g!Y-PVMbMbpxY`S}{=!SktoP$hd+j8YT^*FP2qK@fhEJen^8
zyzyTotaqm&#kKl>Evvp2n2;!y4$G`o2-#4ID*wdFrKn$Ge93@(UzVwPtIduF^0!l<
z(bS;G`ki-%1>eS*Af)vTUHs6kbeM&Zh(%+P;49}spLdl3Mgric6dqOsttfmqGojBW
zrw8h+dJ(2+n3`!oO^$fW4agz9=v)*2W^?Nl!VLCbraIMu7D*naNkG?xvvJHN_&NZo
z9DsBiIa@7W1>+=eS!K3(g~+@?8F&Hc*W}!<@9w7GNvfGf;&K?F32Gn{wg;k?YeZcD
z7zl+SW3kl8)S#?>NONZ^Ia;jbXhEaFf`&yY^AtiwJZORvJ5-@#y&6ctoD?L1UzrT$
z83PCgSoqX!PVMJE;yjnUuAl5c2R_iHA`}PonB52~qt}#{P9JCu6~}IS)#R?c_|;cU
zvfypOb&_7iQ$6pRQTUfltw@ZYEnX$Fz*=~;?pEHU>Op*sEw0sOO0Drqd_iK{wc903
z4ATr706(Nnz-ROZ-)h<o5@qWs>DnYfNwsWj_8@OoLhD7{#F6LQ;3x3k9(K{n0m6>J
zFM88TeZn97*2IV>`zOg%_F>uG|2Sm=rcoIyM*`(?WN{s4PLWxIq~3sjg|JxKpX~3&
zeXh>Had&Vr;@io<K;V?0UozOVB?re&sTD-Q3$Gp8xD4*(!+ftcB@%z-SLqvhxQhN5
ztv4kixCmWut2A4o1xO>(Ab+2(_D@3lrnEmvStfHpr{!F2<I4$Bj}Ur-E}X_fZoxHx
z`?BC^fKA28OJEHy>pEJiS!+pb_pZ{`O`ui6P~|u2=TU_8OA|Px`vHgnng#z3nnLJF
z>rc<)W8aIacLmw|Q>hZ)-MR+1qd_Dyw6#{911vmjlhpZkm=hT*M7uZK<lgY|rd6hm
z#W-HjI$$ch5|;gk2a;t!coXczJMswhza01z&>Iu4Y#_@#1tR=CpWGXS&~n<vBj8@;
zf5A)I#OrZ<Fy<>@08L&8kgYRq=$gHo`&YS}mVM4o!oJ4aYFQOUdz4jJ4a+&<BPNR=
z&Nfzd)%vfXv@&>KsWJoT)c*T0DDg_!wJUIhKK4u-ZgM(E)N1pM5xj&SfIbS`D(3Pd
zy!MauxkS5vmlP>+<X1s=qxo%EmaTT#HL)cSi@k$~H)AkiIX&ZaYS|1Mu`q)LDGfG8
ziy*Gzqo%<6@M&n9RNn^3EK)*nQ{FSh>tvO#Kp{%WTSF%{ILAKtMo-XnGT|z42CgUp
zr2l7$PrK;TLg-ElB|9-LS8i=SkQ4*@v6VBrzNgYfGW|xz15w*htiwfq8f`FGOc<kn
zNRv>B*@v6_>5}?PkO;9i(;#eKJmzSips`NU!(jSI7S}bSlX)uw{(&;ywbEh<T=9UY
z77j%hg^k?5EqX=y7Sznv?Gn<Gu(?v^xsw1yd8r`cH&wa`tW;88AjEJHaib&EbRLpw
zL=33CNSHf=zg@t2G4L&aCl-zVOjJjlK|dL?c8IRVfDYhBP*QLKaH<tTsEp(iUl3W9
zkF^>+>gtx1++C@Z409|*W|d>QGhc)}M;pmfgtTnCUE60xTGk$jb)#kWeixu+r#Jqd
z)3RS*g%N7!FjY$8^KUm}I$<O~pyTMvF{)@YUg>wyp5}9Cr9;XWs;mYy-o$HHo&Qnw
z`fw8?4km;!4nQ1T4CKH}sIb*Ruo)fUkAKraH|@{_R80L}7%-qdi`%nlD{Rm|nke?9
z%lz!WS=nWGGis4vuZK{1QXQiS&xGYyQVJvdEh$xYX|xTN<H^p%J@~9^SLrnN89ZnV
zoYv8c(A`u<v>>q7t(MioFTNQ|f6F<r#EAnt16n|x-Iy$EL>gdeN^2OGWhx3>4C82T
z$DCpK2Gul@)LTFXn2<cZT+x?koTUB+{(oy8&^o&P8@ioWxrX#G?eH+Hl!~egO7CXS
zEef%qqlxc$wvr<x?O^Sy?+neb+St=PQx;$!PIoho#G79gj{AKcm2=a`0uUuA64{s(
zbd^K=)kxSFnG1R@XVWW&wBZimX#n^};8F|k>t-fb+Ytt4Nv*`Lc<w5RJ;QM!?q&o_
zA+(=-F$wzGxEoPMq~DbGt#TSldGsa*IOvzh4Lz|e5d%IMjeV+vy@19*b*|l`7TF><
z$IVUb88Y-mM2A|GA+l%C5Xj1Y<c8b#MOJ1arO#F_qq*R)1?$4IGF0BSiRuIjW&auP
zTLe5Y9$|a_DWd~^o;H;e48u2x68eC)Q@Mty1-$chO7<`GckUINW}L?WmnhCeH-H~O
z<N_J**O`gtN^k|V2DvlsX?GUMP?V2=0!SCZog_IOh&EyR*7UpMKmaLGPOKue-V)~O
z`7)VL^(-0FKc!seA}a*C(Ci_npp|3MAFqPJhiHq-kr`%fU92lL^emeAxEwJOoI?(!
zn^s_gQj7>V=~j+fMW#@IV?>!tY-n78c3)N-h;95@wK=0o&}M{5f_f;dSNN`N_w;OO
zO8c+~gq;<1%TVVc$~4lZ|GJ+{we#}CsDg2qHtIk@7BDGdYwGS+AcSOmH;sZf8TG(T
zp5YS#yUxvoUw|OGpHQeia2ihmc9PU3F5AK1dfQ4LjwnVaE3AC{!g_R}r83@OBJ71u
zZ~k}M^qVl{T#XnhG8Y9qt|R^<u^oYYeGr~6OOe1*jBm|t(%%2FoqJeSn3Ct-KGyz#
zQt-3DAc>ujBJTuEhKJ-yZQS<>qgP-PN@~$4a$D^#*x54U32)i{pCq7%VR5(_vvFxc
zC?DQyf>8mH{Tm0~3@gc*7~vIFlF}L0lf~8kmk>IEhUE|VxdU09lKwOKR9UP?=ezOX
zf;h}J3i4}Yfw{(X9j`S5%to7Ye`~z!+_8=t0u>7UAi2I21y3D@?NL4r5JVRpOiUA4
z8H>g?zz45FYQg7AW8}d}_j7+Mr4kEn0xA0wEy6RH#zh?6d&KB0lTh|F-5Yt`Xaq!B
z(R3i7xsBqOICM}NkkvBE@N$i*Cqj9vXnlc_!no=l|D~K;BbsY~5O7P8@LshDchm{6
z<R29gLXSLfW0t8YNUjorzTAn%mS43kSvTysJwBjx?qK7jCUKvv4Bher0*Oe@;pJ{~
zn0q76p^VSrp&Mxqi|$OF!=wMr9B%s$<}fg24g-ui&}dWrquzgPFgg7LMFBy5L+z{N
z!5P>34nltk)-pLMKLK6id2&|KAg->U&#3Dtfkp0K?cN!fi}?VS_li!}Up)6N#<QeJ
z&_AU=Q$M17Ce~4y)&X>sA<d%o@0c7%98x2?n*Dvn+)fhFw5!gxV?u7r^liqz!7MBr
zX1tCgLx+*lD-w1eab`Up7Xm4*p9};!Vk@Sk&5;jGrq@w7II7jRy&GS44u$6V*Ruo4
zw*sj2_UdD{nj#B4KcpNM^5eq#-#6U<s%eEoSpNt5QDV-o*BtN_b^r)*kLqJrB$|}8
zu>;k|GU2u4opX4nf9jofyyHl{(}8y~Qtx!)9ee7XxPDihpW2?Ee=QlXg6DUbHKnP{
z@ZsV4NhAG9*e}FWvYl=Qx|`pIClB8$-<q4!CcyT{7Q#R8i)NQfOpIa@!n%M&i4szB
zePY5Kc-X>m0uR+FBwq-fg9QnHEreC#0)g`UDkG-0`3Lc@@YVt%!-J?mHl}DP!)*Xs
zRFI7SB6PI4+=pbwx5|Gd8rnDh^)LKCjD)~1!CFwH;P|bewXPA(yI~v+I1c}C=#E#p
zEP<XU;1QKwj@TR$nw!x#3w;X?5NVvc4qmQcch`!M@tN*r7=32(FiPtt8c9(B<J1Y7
zNBy~|-q9kdSrXeOTkmc3qSELkm+uom;APkT$8XTzG#UAc0i8uF$OWD0Lij`m!s(d?
zl4^De;f@SEC%6m{BvW#2D|LcQ0u6@-J_bD$S;7(c2g@Ds=kptIWieaxB%ka1$H#lr
z)i^qD_-lVZePo|RK4hTqKG*U2KX+qX+0ei#G~r<890xv;tm*MOcq}p7;L?BbIs-Jh
zY%${1Kn2SoJXo5JLKxx%vY$x;hJ!uB5k{fZAh7<|_9ZQM8qYl=gcUqSJl}mC&)>>c
zBvaaeJdF@POOpO2geFm&rE2N3CjC$c$6Szg=VE3#X&IrF9C6l(>TdxHHlsf0|2esX
z9K{qeu7-J+qJPX+qE&Q=Bzpmvwu>y|viUlEwl<NhXIBr7l0MhB3AJ{48VSEG-u!xr
z9RxHs8EUc2R&(>*HkqxY>?Kt81J*(57%GIGC*E#knANg<?3~Yfg%h3uBl|-GrBKTN
zMW4pXk03@wW%ePZJqtN6!sY3>N(fzckrBoI4G)GNkER`}1c`$5=)bp+Sn~sKpDu*P
z(jk_&5rapB<@v~so8XDFNO-Qso4-@U@=G0QZsECV@;s0k^?(ELns>T;o|dUdu!^z}
znhzXa*bn3&?hV(=f~U%@-ed^o2@|B1r!P*Xo@U=fZBA}KU5(jrwU9=_{9F>|>6XM`
zlPY#%9IC^HV?^`vCBph!LE-{c#hM4iiYn3nq8H6<s8BW(U{)M=o>;TyRb#&>l_u_l
zw*+*<{I8qRcHV&0Cxi|u8&PRQYfwVvSz_ZVPhbtte~|@z|Ci^w`P-l}JqWE$m<G(Z
zO22|v*aC7ejaR)Xv7@>fz7h$Z`c8jBj0JWtEKm4a%;BhvNxz!1zzng`X_%w#@n=)f
zI-HNO=|c>E8OiF0t;U9T)mPh|DZAc8q!P;BqlB-7S0IeZ>>P+OKGbzf$xrG{#6q9z
zbKwb03hrb3Vtqg}ugSy$C1sOI5gcz<T80LWrQo2%{^he?i)4k+Z$v8k!A6P#X$uPL
zixU{O2vKSD3mn7jNPt+QJ6c9!G7gu~Bg26O5!hCZC?mLm6!VyZorp2&jY))=8ay9c
z040;y(y85fgmRSxCD4oLFysXX(TsXfM^rlw4SkT62B8ozV+!KDI^IEqN@8A~4II`h
zzutq%0S;=DT8w%+0Ke1vYaK~HuFVKmnABfL{wG-KOOkO!hOIssw<4<i2nGp+BOO0l
zPQnP5h*4V2!t#1NnqbvLIz_A74swzNdWaOYu0eX`>`eGarSwD2S?Be$v)2XsvFhJ-
zB;My64zZxFgVP&mS8T^dm0fYCKK#IY)F3Dl7_IsmyhMECM^mmEH{jj!C*kgvlGk1}
z=}!?~rv9wPzD0|av0JVB3_{0u@cTrKN~n7Pz6<k;9+ZUfUI*x%T5aF9<o)^m1O?-L
zl`$RpxGO@J<LBz&bKKuT&i#glB+kUqVAi`(EBbbqzlP?badX^ipN;pxZl!}gpxm$l
z(<)4ZyG%)Su#d|IC1RKW|0@f~jWL|thS$2yIRDM9M&A+NDj_@;FhcL&p5PzPppYn8
zK};JU%z}<1Bg|s+0n95gWVbkE9|(#<Xfhr?CWOV-V<;>N?55Ua9xkLYDdOUUi@W?N
zt(O1>6AO=&WWrAke(KxKCGe^#?c1xeOty{L{%1`aO6EO_Ipg<;ti+-3#5Uz<iB0S1
z^3O9c75*UlQeqziKPd;1&YJnWu#B93Wi!%;Z-HOg<H;QEnZ{3Hc^(#GXOyPM;A22y
zlK!8md~7z-E+8HTt&k0J0vq0EEhK(sa4v3EJ7iCAt}pEd=lZ9qJLke^`y}U@#oMR*
z`y{zm*=J@$w+3bd1R}w(610O;6JS@sf%st+_2uqaO<{E380;&xXb&x3`yqOH#{Y}~
zJ(r$fKyLuRkpb2H@zn(F9>veyQs{Oi9mItBzBy=Qf}$<IxrqojNeZs*!V~W_A>r->
zx{lsAB#%XbejgRe_LBS11cQEe!5-*0hx>J$T9aKkg<wB~?~Q(*1NJc#%o3y*IX{P<
z#GdC2pI&xHmnX<M!tOkXVQzqELp*W3Cb8w5DnI|<P~~hQkQ0C^_b{k3W`EDGLK#GO
zu1e4CI@dMm@`^4$=gpa%E>}|A4@dJ?IY4J5z_`VH0Sa7Zxd7#y02DZ#DDa)<^)c~6
z)c1+B3-pn$59TMSGZK`yPiHsEo33}z!6@|lV=Bo_*T4TM$sHvu-<=@2|Bk}#J2$91
zg?lp-kGHz$y){nbTFxo*j08n4?M9K~Ns4?!Mt6#QGg0J+h7m<}Cn&O!)P&YW&h6}?
z%cF=cU)o{NW!;<7jy3A%65}!$-Z}*L@a80yf<L&X`hJp9n)QkwlI>}EsQo6Cxs*;P
znzI0=>PO|Y0R+){Gf4Bj^d3JTvDznH{gFnfoADdG+jyo6B*>z0f6Z2Y+XFK$okdeL
zsytX7V)I$b(8>#HaMrd@HcAO#s2SbTUpQ;zi9jP%-$rZ;RBg3UhJyszmrs&8Iy0Us
z&o*}9lHS&Ayhcib_7HE+lSgv8V>Cp!G`07)*;%Hh9S-ihN8;jx&td|A*RRH`FF;JI
zY2=++@g*iItn)ryk9i25>u;XLvj!lX_az8t=^b67K5e)(*l^~mo{ggw+~h*|0K!ov
zdMB#}^`mL%i++s9gNKSXmOKossBUfwD?+>=fhhL2p(Z-``dQN@tRv2Bml=9w=|TO#
zX-We33`Vc})c4kqm{~18R8=6OgWC>4IeUsKE~HumXnT-@e$H&8o>Mii=QJXvo>QZU
zu7S|Q7V4o&y3$J#^8pxU!-X<lZx6&^9Z0-Yj^~Mr?92h!4*2=qg8{XC4yxZHM*MwY
zj|Otk#{vySyYX~O91^9_X*3n#Rv0U>QrPJ?Y3B~N^9+L6tFR)7#Y$AKO;TULnJNwG
zkqk;XP=TqX_qHS;0hH0r#ygCX9Kb1CC~x%mO#NcS(632V5kj}X>TIH9DYpYj(2HoN
zOei6OwYHHCywFqulpJ&s?!&13&Ylj8F~1)6#HVC6!wOY3+HId3md~;r<OShhHB$8C
z!sbD!G~2nSRQ4JqLJpuX<N7C@rFyPyhduN=+(Ul^lu&37K?l$Mh+5I<_#XYqAJJ*B
zlDLKtK1PEiDIL@tj!{#C`oteEw0-W1{l9D<>)CGGXISjtZJ%jv$*q20OUf{(v?Och
z&=%+A0c!NZ7Gtm6p4=-k<~v80v^90B)FrmcubMBgRp<bzzB!fbr0bo{2Hl9QcPm>A
zxG0qI@p%rH<@|Nxp*kjUG$8y%>d<Rj5)j^kztq);B<f_IC|w<`Eo~q(Wv-}B&m_af
zUxB#9zS+=1&NE3#lnbF-feCNOK|%YwF7>v&d;KBh_yRzQmdo)JD6j^|jmQ?Sh1FXj
ztlWmeG9{k#2BFOd&}PNm>pa5xn1t>gVa!P?4Qck@nBSCNMQL(q-?G!Freb#Xy)lt}
zr5rNLg7+9dTxw(0(BIy}AYRMiw!r7m?b)lcxYL6-5mv3P;1nacj_b?ts1_JL2`BYf
z97<-7luK;4k9`sAkMjNwGssK@vg?srVfiyCFDheg0ZmlBRp@=~Qy<I`t(lV2o*}Vs
z#K^*o`J-aHQsNcV@mPnzsDpMmQ3uVEA(?BW$dU|nx6IuSvRdg%x3a`;ajOFZA1iIP
zKn-P1*zz(6{o2pJe;12ULsx;GN=q*g-fTu@h1lz|3PV<5$dS9vRQ_N;9VsbQj`MwB
z{_~Xm7(6U^(d_N55S3XKjTno;=Y!b@CSWnJ{GCLxCE@km^RB{UdQ3TmUpCi?Q4>-d
zOzpyrHI3rl1}Q&^$tp0}!N)Q=W!r*_*O~m6i&prE8UVD&gFkCTHrI}&e|X+<{QfyJ
zbokoqyhEays<%Q26_X?0eo>u^<*8xD=PVN=9#bP=S``^y$?EH^1^U|q<bA68MA;)m
zb@2*}gRYgCx7@>gYxg#=)krB=7|XAUfR*WnCm1i=RM-RhS*Ja_qa~SNZ0b6X>RT(T
z-f|)I25!K}q5&8NWRcin7}a9nw_dm%8HWlGqB2iW1-KOiBt>^X?;7{sL%x}<Fn|>(
zioqAe$hc0xZuq$trzom<I3W#JL1N7bJHgai0Mj~AiCMHt^ny|Y6?l4uQMKwLYhw;0
zeoHy&kdzZ<|1}<V*u!+#6*KF_@B#l3NiA)W)PdMQTY|n*(8}l_uot?oLSbOm1Pspo
zI&q&t*RV@zCc=6mt42k1aqkgyufjSB;U<5-aw+Ob<ExGs=&B2x1aPmB)s+ZNw-LYb
zm8eAR34dkX?7=Kf$Mznf`tEh&%qIWvuJas4GmGIGf2OEr;cq!I$t;^E+9`{BxCS;N
z{iq7;6O~i&V`tzUj~emQIDO?rGl3juyA|Eyo4FH+gXG%dzm4)n?Tlq%{o+PULgUNT
zCaQ}}RTHg?Otm6g(kMc+Avn0EYIEQK#qZTP<lIxDx~QPeXb?Ck<?fNtS=n5x23EjM
ztZn`VQ=h>U#Ofn9vOlm^(VCIR_oLW|L3@Fiq<Vqg23BF7X393Mr8=mZoABt<l)%-B
zSWhFq7GQ&p(&`k!4oE%FObKXQ2Lj&$;#q~z2L!HjV}-Jd=_LDk6reYZgMZlm+^@vF
z$H=bOM43%HVBPc+WaXP{M_(?WMMFeh2TF?EW7gi-nm~3Tw2gAc-wo~VULi(`vSoG#
zl`c`WN=8vqs&fO<7sIMyRtn$6oRJ0=YnNbocbG4tQ`Ab|KnSoNdIvgYQ_2^@5A}8j
z(lU`9MY86L%+8b|cMUM(p#`t!0zlj+E<3`BTC>PHFGSRSOs(MZxKY7n1XXYmq=?7X
z0wkgq=vr+f3<_2|P~lcf`vbjWXJDPxKv3+tPrPX50<J`hY~-i`xBvqj@JCQ6=#DLh
zLEc^ELvO?#K6b>-+7oe;_n6TvXv=EF$kINvP4*t~gpc?a04@-A;38Um@Zn2E=C)(;
zQM1o=cK&uy)B(gG`z<avD5M_2%w_-zNxdTzSg%9-WE_HWD)63B#<{h&0d7UTX#O?9
zWz<_vrp2l4s1fTjI_N8pRGDKhY<T_k)Lb^$9_zzbRKslyQs0L`>KzFW3(8bO$D-k#
zAgF8c0YfHZe$;Fr3*@<p#RthjF-Uv*pw<_2y|Yu4_dRVe5A>fDDIBFut1@s2G=F~~
zh5A!+bkjI=;!H&LpXmUI)qu=n#zgRxe8C$&0eIxhbPL|In&tbZI2IHpn>!j2UcCAh
z6TM)H?SYnoIeb_w8XRpRao4?}-=>#M8#3Q`mCOKwXBWukUmqU?Osq)~yq}5c^`sf|
z5H1YK#~c}4Po~n2`?h@fIvMhp_e=<{^6K_DRRH&}QyWnb(_Xr~HC~Ayij`p;cvscm
z1Q?a$_U5$m!C9uIAjJiSfK)Q7KS?G28&h+?de~7U0`Ue>88ZMHm?~npFcoLv-^z2Z
zlecpfjO8VeyJ8zfrc-6CZ?F#Ns4ja49;jxMp9oFI&x1QMDc!Y9NlgHBBDRbVD7h6D
zG%^Ka*f0q``9^$6QAyeW5%ZV_e4=`V6QzM7iU`7Bt89^3<9jenq5$(9Sb4mzQ7f24
z)~?@~7@fOpJC29dP2Ywd76l@?^9{t`MMjNfx)6<sw}HZXBU?x2ih=p{m{i4E7u(Pk
z|H*?tJ20u;kGvW<xh^Orh@B(<c`+t8ET99kYj$6Z`}UMEB6s|AnT?j&$O^pOJ>g%H
z-~6zx`*}4WLdA^R)}eoM!doXzLuVajf!*YHVHoAGXd-z!2uusIiBhS*CyyRbx7UpT
zMVFP>jr!0(Y)j-9i}Tk4QBcNjACzT^ZNV?Y)OL~xO=(|^O?lQmMUK2#buJ#CjIoHl
z^1p^v7P-6ZI?9Q@z6aa<_BkF+^0q0ZUIU&RJsqVVpzA-1m@#v&vdxU63{{EI(188$
zS_aXyHwM(9xi@q<^jtX9y*W<C*52eNbtcw75np7cP!zwtaH!u_*eh@XN%G8(<=iGB
zY_M_I2feXV|3xzV!Y<)^(AbZrJDGUNJ{&RT{J9&2teJbo$cNZYoJo_Y=#SEV+WEQK
z==+63h0ro9%?k$Qcj)(#t;mEEr!<;;e1$^;C-j-za%nEi6GBg667OHgnEkW@)mrx^
zK073qh1YK67a!oookAF^`Jyq|j6yB(;lg=B2qUwFXFkR@Lj!}wncIl#u@BN{=+RIb
zPMUmwx0$8L?Pi^y-9@mNtTy7cc8q(#)dJ;uW(%)P4`grCl#aOUYLHcGSK2S>kD~!`
z&xR*~A8W$9;L(jW;g8`@PXwJlDq+vW3Yj6*!bQzhT=X|af}r4aPW2~~=T7-M3m+Cj
zSuiq~QurETx;>TFJV9y4U0N$y-43PN?q)qj*hR3cEP`I|xU_8L8Y)Oa0~OgnXlb>}
zGlA;Q<d66qU@GJ&-xl|$g9IoF6Sj&hL?}TC!MXiqeX&Kx?6Vbl$<-+Qg%BpMRn@Gt
zz=(c{BibriZ*?eDFd}nuNj&Ohv|@$V3Sk*v2re<hyJhrlU!@J+tt6U5v)Kyo_EkX|
zuCWm8E=%<XD+~Z4FA&0$(0Obpye)*VJU8`m$9a7qME<QE$iu>G&tY)t>Q$7LC_)fP
zT7@deUmF)4DXt(Xhe2c7n&}SS1Y*HHnXN>~37)$Ao!Xyo1B{r-yHQsf5XIg+Dt$s`
z^={={JTOp?nUd!~h%cTMuu<#9+^w?fz@n3|c(l)9PXhD_N7-|H749K}>aAEj%r1cl
zqW_5uByPAN!VSr;$I*b>miPD^ezyef-fCA1^mYU>5eD3~Na+j;Vj>E1hR(fUYtWam
z4(M|~*&X@=9f^<eZgnj1+HI{0D8W#-Hic+N&D~1Ab+fzGqr{w7ROkLjs&PM6jPAhk
zAtS`VE$!ETIR>nZZCh}i$PTj_G9_r<x5?7chq6Ke&63y%C+5GUS3#CJ`=?`Z;9RRn
zw9!)XAb9h4y4ilpTIgZN^5fdV&tPM-9ia1b`nc>krW*j#irLmEO*Qh~0_43#7;Gu}
zM+vzeXNiz2J7);FQ=D^!+*h2qhC=Qe&T{(uwsQ^r{eTK&2)Vqvkr?5b3b3APM0VOq
zv{c9ZO&n}UFu)qJQ7}UN3;t&0QDb1k+JE6u;<D{Hvh(@d|HbhlY}GNA|6sgLE&suI
z|4$4xLIL+@(DacyLdQ==I3;C-v%A+9?Q*47OYPbp_M+{E6jA?mqB<R`bOtVtjY`Jh
zPq$<8^`9HXQXin^0c~R<bukvR=;nX9-JV}Roz)rs(Ho0Ey4_F#|HOLJ`F*6sCc1W^
zid&0*;ngh`G_qBn94nd|#XT(`#XO<riLU1PU!ap3tM=#ocg;HIeP#3*cvrQ+OwX?`
zzKW-&8q*I{qmNXwsi_JT4U6>ulm=XVsE3%l2i;v<wStn-1C5<S)5Zf5a2MJ9CTRoy
zB~_ga1o(d+`&KfyOU+-$`Xuto7eEK|Zjjk7@k)p6+8Q`6swEDI)yw9?qO~N)H{^f}
z|8spQ2@~2x*FI4wK4ZM~_%0DtFD%Aw6*q1>n{(GQThHc1(+YcL5lo|Lf3s(qDARxB
zt{zs=92J$L?V|E+yU50DvS*Q}a&8N{zOl5I@j7BFlJ*=It2K+*d>C`VD{c8g*%~wU
z^*l7d0$XA<JPjyaEhPyHqc1}?g(Wlq2Mtn|@$d=^580zd!|3_&;3JPc8Vw_HL|DKp
zSlF3{7oKbUVpMlR+kXqfaOC@a(G7)#pTk}%=FOV<*rN~3GtFiz-{`=|sx`(-AS2?z
zUQHO2sKWP~Yr=2AuX);i4zwO!^HN{*UWsDWhg%#JN|&C4hQtd*(Z%|f|EDHIndh@@
zl9Z#3c-VDC-MewJQL&S#v-ZZzE!WO{{IS`;dU#e%k=?X$J!vg@&^W(pOR>pf($>9k
z4098@*^a<(4fC`6ABgG?sF@%!V)*Gsl;40}59oucWE%#Iup^|wfu=;9r@IhYzO2mz
z;}@3y&4z1rtOsI%Be7PX7xg#R3eix%rIS3+)?vkLgK=d17cq{D)o?A`HL97zPWE5*
z|1kId@lDm&|9H|Q5TJUa7Ojd<HM(~GY812)(56k`UPxROEBIC>8_?mziICftArQPt
z>1)?3)#-GbPB!O6=NN8E3u<Zk(X{x3QUy_*R1ml!{3xJp`PF>RIj@^E1>D2EKkv`?
z`~CxZbAP;kp4U0&bzbK@PpXA&&_dW9LL>F%FYHUi?o6cV8-Dd|s!5Hs<B_g;5AFk9
z5}tqB2)Oi+J{LX`)pIf&!w?p)KKB*l>=t^|gAhY`bXIZB+9KqmnD17k4B#H&tW);=
zjlOInvc0`Po`r<Z{|Yu#fBB>3sMz5x^m#fYc6}zYkNlT+>WBZhkFv+fLt^)5r2LnS
z#BoZ26?8LV2exc%DepHHpp_*2mmksFe#bu#et@S>)dcRTQeQyEx)MI7ljcpQWauPt
ze)J^0k0FBSuoB*4jF<F#950QARe7(Ss9bxn@JHI+S6L;k2vqdJH`{O#+a9nXKq5I}
zs<h^!o-DpZ%ou@5z4q8uT5rsQhiM^xFB>ka`6VWes^OQgAEu=Rm-%qHlwTHjqD3dU
z?e0CKBp#2#o~2o0)J(s5uYSQQ!zj`S4Xd)Evpj#M(wiJWR2}SxCsEt2R?ex$Y1SN%
zIuO3_!X5YKITnw4z8Gm^gQvmo;GMv9pO&<{pYE2FeLQax&=Hk=qhBlP7L|Qj+FUbY
zs7u=LN7?8-mSHAD>E3GvrssFJ`B{IjP}{G}%f{Nv*tv2e>`hn0JFAc>i+Lv`_ZM^W
zaof+c+#>GEXk05GJ1Vl_5=Cki57C4V(2u_p`*$1`CGwYH5-z$8P#`ISQz+=Rkt{u~
z1|+^sv3rl>659Xg)PYm%&66oND9^jLSN@QslGyY3Kzn-%jq9e>Su~M+4Ebp5hu&XK
zusL*79<O?`K(r1QwYkVXaB5d$EWX~H{+coV@;M&0=%mtZ7Q(~ncoAEt-?rgof;T(T
zBF9nQ#_r<&n<AYs<1rfolwXNyu-P^kfX0}e&Py9zZRoCOh99gk79+O+dfsk_QH*~H
zr6ZC5YyHUtKRKQ93R#{qyAla*d20LB$pjlbDg$P$jZDF)UN>Pl?<pR?k4M-byfte?
z<ZK_i6H|}%$+zWIZ4wmW!vo)=v=9b=W~NAuwPu=UxRv**=#Gj)@iAl}?hc`9Ba-4d
zPnprQGWc_RoppHb7C+WYCGFax2|}%po3s4tId9-ovIaL35X(T(eM|_KoAJnPhP@2E
zST(AaKbTCRQZwv+^|GhoOV##*8L<>EaIY1@sHnMZ<Kc!-^$fAjbMBxf*q(zwbc!9f
zkF@;|e$1(WZigiG?vNeNzxHKJQ$}4ymg%6mLuj=1n1(^mueu#x1?}w{Nz1xR^*g`$
zk>>m}MzS`;#ZsfyewG7E;0jm*Q(y@UOfM)w<*2r9lhH<b5q7-{oo+ud8R59BHT@Hh
z&}e}gyH)t-wk?DYS!4Mx`@RG1`>}}{b`oAYDQcMvX62u7OKC8dF`tRXSIhd9tA!tm
z*~Xf13LGN4Rb;d62E2J06YYIlTLQ23xl`o8oy<`lXT>LA4pL&{ZeWzwJe(nzG?*m0
zo!ps(VN^E^{FcPf<g}8jX>UGIj={zyOs3Pc8n4z^Jx`nJ?j<VRBiKfxII6Hl8Wzq4
zRdJl1(hUjWMiaLif7YK8hMEzG;kwtmQ~9O-NPKgrVIKbYT6`;D26e9D0)*F3J0Eg4
z2m4`^R`4)4I8tl)wk;XQ6dL8cFSrQSb1+w%gqzpUsH_|0i{homb2Oh!ZN-~GFI%Ua
zFv|yM9qPY-E!m>r1$8&jIQvZT-}UZCcx`;=cpub?m9ll(JhM18p-=ApdW$xJP#{18
zPHoez*K+K_zKsR_nj(u}^Ds@d(!>GBI#<8?Z{3L`g5Ek&z3yrn!vjITsFH_@tKvL5
z3}U5d_}yT4HN@KzgFE`;JoB}ADGihg&qQdyzU2*Q7k?!0CZ#+6$2HHxU;VGkj27D(
z;q&162oNQ5Q>CjRHWzz2_&F>XW^M_T!eMo|70#Qq&l;GA*blX~0i$?2g>W^k`!#h&
zvIPU@Mzuz@JIx**)#VV;NDpN1ZmK|FhJ3%~Y(NA|Y0-K#s7i#_gT#Zr!~u1t)8SF)
z+cm2jv&TP<cFss=@NU=kw0N)xR>(dVRcouTvL=gSuN`upveD6L>jC{Q!>c`FuBHbD
z+6eU7dR&O?Fp++ttTVfh&aNeQ3|47BGdB)D_u;rr57~>f$MWnFBA$R)wdnW1+Rfbo
z3G7<Ei6i8TjXN#6c{iSySg2t2Z5$=F(jFVd?U|zavw$jtA~R|LH{op3&*Mb}X9F*w
z^s^+CqWY?@k0k<FAs))5k<CvrP0W5+P^Z=KIU@J9#9kzyLp=Q}$zNmo3rU;X4k2Ix
zz8J&&eNqzL2d1K6mHJ95Gb|qJt=)~J@C2w-@!y;t-<7h_d)PNgLrh_3lSK$)NEd}1
zONc)7KJ>@Oq6FlC{!YC>4&0{-VKsLXOxuYbA@V!pDrmz!^tqT1*Ge9SOL!CQe$5v$
zoK8W&lOMZA!Q!hNC1{18yv)x6b%-S*BFGVYIOJv1tNl!_LG&0Bk8C~$UNz`%?Ew{V
zojy9BTt=}dlPvYZK^YCjWBfCMjQGA@8C^$>i=Y)+jM`qc8d}c;Qs3vJH%xFakL<F`
z{hMqO2q&}t!8s<=S*qckQ8pqMV4FqOb!553K9st)jMGM4FOGbV`$Zo$(P{Tk5wwrf
z_5$$D#_zuuKu8(bz3t;@GJExVb{<QF-Yel=M3kl=3E}e<>_B(uD|aP0Fz#d|st4Dh
ztwpKBC~#9S%Ls4o3=QUR&zKHtRS6Ot=$i-ET!>s&-jxovWpsO0PT!YGuol*{>MxuS
z>E0;1xB19&+_`jZ2Ico0kd;M4PfyCSNo2>)*8j6-W1;>Voe!9I>-T(x+e`9;jeSGw
zhDbtx5|(7FqmMkiM`At3nGNuAwE`1wr63W0+=_m;`L2dF4bTUDQyi_FRUwYd!g+)=
zb&IHsYK2Z*yM-3HHXX(+6~Bjob_dsN#;>31{o1u1*juhzVvn>13k^RJgXiHAPgcKU
zQ?mL8-h2j+DfClmEr1f-lk626444;>vcatXtM@q!t<yeE8I@xSUgBrFCH6_|5nQrg
za7EP;C%%<rj7G|d*#3Qe?X{&wg3LZnVl({e4eD47tpxS!5c93qr#CF;Y%|kJYiTAd
z4qW2Reszi?=mRz4N)yjo=r-iY$d@ry^6bmu0@1PNWOph^Z-w$`%&G%4`ll=DNb`Eb
zxlR5Mi^GANl`ASeJ@OC4Xdyv!xjJ3j;}@swbH3)}D?<3(ew1r_?=IXYOmFt8@_JVb
zrNp6p-#Y?`M(G3PcoAa0I`o6TMJLQ?AVLf}M+jexF$9bDAUhNynfOCp?66QAD>;2=
zqS?ciILM)LIl{iGKBxf??fop_S=4SfnX2{N>G<6elB+GjT-SC)_elvkQLTj5u4$(z
zm2hnaokzLfpZz)Y7g>I;el@Kc-?C^Sv3I>6{)Wdjowhh=dKp3_gaB*4_3Ak<_Y5^*
zG6H*~1^8xg0NhmC%>#VT`&l>aUvOyD!ff<#=is+i^6G_w{u)&BEf>;c!(M25&Dl5-
zf?N&$zD!BNO=LGl8K@<>osaV<aQk>>{Yb(DYuE~?cBh1n_KPby{I{gt3w&{x4F&Y5
zFR6>75;uF*>CeaQbPIloYAr3I7BAbW-?xqn9{H=N4`Y5!KCZ#|P=)D7CWj+lCNK55
zzHai>nF8A1ap(iACqBZpeVJW87p5|oJ7|uuVf@YSdT2m#_vcZ6gGC`0yT|>Bp!|%&
z463jIFLX{F)saMlVNJ@OL4~27f%5ATZ=I<2qXqG2%B!gdR|ApuFRPK<8-jlq@wi2`
zeu@1*C~C!K^d<wMK)eZYq;G{##W;8f&sxu&D`7BJh*4`3-s-e{a|&9C(auzrR!PkL
zTHrh=h%u#ULdTH8m^;Dae-K*_MicmrxkgmQLYR{RcuAd=ug89AGIjaZqqGwuZ)ETv
z4*c<M23A!KRTV~Ux8)Dzk(H58sZOAfzLFHFUVmY6iq>PpPjM<mv|iE(!aGkGX@JnW
z;CdH$2Ky40G;YYy|0T9I6$cfX4|B!3V8t#CUL-2Em%oMD<#S@lG$_xi(gbs|RZy-Z
zC)dS%P7Wj5vQSG?Qg)TyS~eO;?i10N;o!#5tH@(cBnFSZVJI~7Ic#S9t?`<7fP+(g
z_5Y<Dh9$!G;^Gg0S~9)P=Q^OD|ITt?K7kdhxLs*}NMf5LOj*l(OVLEF`sxDi-Q(3E
z2ghmF8A7ey3;H!|XB~6gz@Nvf);%DQ4KOfyaQxDwA6|o9bbl;_e@|Mv1JOm|lCs~7
zvE3W}?)fVM?357RL{CdsU@g$ByyKvMRFYGZxlONJjV+tLG)CkV^{t>y!}fGSTwFmQ
zxl0J+!~K!S0@cBRm~u|28b>6WY2t>Bx2X*D1P(l}U-W`uD}%icJ>WiRNrLuc;+(Yx
zS?jNVb_^zP4H2>%@e!LOMr0k#)c-)?9L9R`Jr57CWwFC2)8b7Mdcjd1XpRQKB<+U1
z1Z2B}1KHlvn@?1olP|JaxiL`Y6P>m<jstB6vk>bIJ*C%Fa=m)bE?yEYiSXc41k6PH
z9U;=6>{SVU-H|hl)f}tjbwmMs^tiFV3b0+{wc$PEwNVEHd2uf*Z5Wr@4Ul`L-d2YO
zTVLIHHUwA--SeuY4Mjq2Rwb@^f1WP7*Op%l^BHsXkb4;{WuR1b^3vE=!gHNmH(txS
z)XT^PZk#rJ9?bGX`dld3tJ1x)F)V8;O|=Hi=LV}~ysP(poitcoUU@PBOP9nOj0cSc
zxsNyKTX#aA24E7ky`;<4&(>ZvaksRGKI7w2-0xJvNQPzwMr#(rh=z-9v+gQfW<unT
z$I+fVeJMVTJ%ea+90oNuj-2KuS0i*MuG84Zee$KE$8~FZzEqCP?^mz(yW3~~!ms|q
zPQgyk&=ylRN#;-B8-HHA-`yc7Crl}KM^UNFHUT$LN8EFGC}plB_Nv`u#;6u?<mj=7
zG5y}7$w<S~e2zH%kjr#OZ&8EJUew8sp}Y`z6};5hF_d!rqA9i;LCXd2RxyuzersNv
zy^npwAu5N=P=UiFUk+NZnD?3J-Z*>D85>yxA7b=V9UMP}syqF80Jhr%>4?xTl6n!I
zVBp|%i0)S5@lWU`=)ABCzu0d+BCKrD(f0&heU9<OrIO`#=)ef5!_^Xqbc*QeEqI%a
zLdbIzQL8WP^=n9L|HWua&O0KyH_zUKphA}UrudL#yFWWL)D-)5Dh_(Y=0g~5JI0Ll
ze4VPJ-KfK6;F0$!e-)L#lgh_rR8T(8bwm^1-8)Ou51n<E?t$AvM8F&v7x8_3sYr*L
z<hG7M2IOIT+8HXs^l~+j5?eI0=kQv*l5UCaj^L0^+l0=cs4`kGdb=-|@T#`w_75eC
zZe$lRwu*e(;<CU}?vwU5cV*uRwDAveOJg#y#SVTxP-tI;=0l{Uy-}OAf2aX*H9f@E
zG2aKGHb+1QezIY6OGLAH6_;heoV()}ru-hx^od#YRZ^sRV9k91BF$=|+Mq-Z@`I4)
zJhj$;TSlT3KsD3ohQxOBg8wf|RejYsCes_RC=Qi*3Fa}Y`GW9SteXi#*HAiRgc5{1
z<={V;C-5ZWbJR$F20zH_p?CiSi`FfFAXE{y;?yQl4K#Q{kJ-o&)+j?wrAwtNYiQy}
zmOd|pov1H1S*>PCtwEvfY4X}kW=}MP%^*J<P{GEcBaf)wg~$=XTMZncr|}JR!n({8
z8kJ>|FN9*Upv4ZAo@nC|?jyn-he_~rdH=qo))^3YLU;nn4Z(+a6_}UW$nTD@Z~jm1
z;?$>-#b3#bA40{eblZJop+%dWFp7gxlm@fc-8_4((fh?2Jlu+d0nf*HYCovnt#g1L
z<quHNHW7Z!cAu*=>Z6mDsBak#Uz4xK<in8O=_``**Vo`<-`=4*J5ab4g+}G0>t5JN
zP;8NNpqyp);G9m|`A10&|Fj=+sIb$)(O80R%)Eg&&`DLY3~>?wN8>(Aq|K}SG9eE{
zR_Y~JJumA{WUcc>5*}@ALOv*|&p5G7IOYQ-)#}7p-9&4ua!=?9CnW$;+8sRbVU!uf
zvNCyD!t2((!WiAl9<C#IHX4%~@fZvf>r7uEM9#&*9bK<en}0`n9Hxf|b9FpI(%Sxr
zPf)b&G;lsVogoAD^&?a-LZhr`7sCUf`aT(H2xd}d2sER->!dv=53UN|Nb!_UIBBo1
zUQFhk+i*~{x10!#Cuw)W4t*QUO8l~Pf0VUAK1JQ0cQ{U6LvR>!0Chl$zpMdD9Y%L2
z<Q>TuL{t)CseI)NL&3XIwrVdpQ4b8b-xtEyl5H<x5f)!TaoO7_@#|`I4RR&o*O&Fi
zAGHN9@UyJ$WK*$R?2S6)JgO?PJ$Q}iJ_;>(hqvHEkqzndcG|1*7T5t1MwFz!%X`kk
z{IC0j5MD^zJp&t^_C)&qI*%-gG!XiTm&0uczUJycjj?Z%*b`1vD-nQ#+M6v!!+fYw
z0fFlV;~MF1n}G&7SgE5W9n8eHw;68$!K4vO?4y+4DXF{?FY`4UsF}d%C(*X;MQ)no
zKpxsC?uKKu|AQKC-Z!>*9PI<tM2_yx3*eBOUf5{~kze-oDrt4E{=rbvnl|;e<1HuO
zOu(vrkB;CMU}mGyN$5gDj&odLWz<%a{0*K|H14#B=B*ya2P2?8LjxqSx9Bfvl(Ao+
z+lsHo9DAMAR1#yDrLR*jYlB5ln9XJBI(;nstWg8YkXLEkXjAQ13mqP{(jG|!=Sr#_
zmMq~KZ|;1Y7NvYi44su~psQ@Fs184DWa|m`W3A|arOL~+tbF&ULU?8dkBj~#!2$y@
z_UE`Bh!wcm_)0$4eLUFT!;Xz(!&{KhK{mKsD?azI%Cv(VAyS@^hF(07kT3PmZ`=oJ
zEpF}HAZ`uR`6k~AlTd}r&rkeu@-lR2f4HuOZKJgvP=`l_$Ut14O1)ujPzY$IOCK<V
zFl%xo^`2}p88Gs!DaocAYM@$q&~8Sq1>&&?-l|7ak-qL}JSeCqU`8d82-@^F`5k28
z`YUkVY5V8^DIq@~4za+lFQGRU6vWR<Tb~Dl*&zGWu@1lbh#iLVfIb6WgZr`$r6H~8
z6M4zps#wMMf>EgPcDU~e)g$*b3Du3XLh7@7TQrP+x2*ThIZq>;WS4G(zi8%~42<+M
zqLzp2U>~zA&8EyDO)2IOn7r-f-9tGhDV=payBjt2JviPYuUiotY6?DtM1-kQgm4Lr
zPqdg@%Dw=~uTe%jcOhpEm*K9%mbJ^smW@36G=C##E_%c1)1K;1#IC1B7O2K_?m(_0
zI<`JU=44+DG@=0NjaRd1Yy-L`pgO}3*FMHjo<t1Mc33xMR1s+#wWb|*RQj*BAW%65
z>QgiYkF;C!hgWGg_Aoxo#8e=q%Rs{Cgyz?n<V&FYU&n`XoAbl8X0e-7(e-TbJ8_Jo
zxNbfCp<Pgbymfv2WpWHsbYP*6ZLs5Ulm0|ack;2kJC;Lj8&RQS;hn*J5QbI!V67g*
z6<lo%x`j0=UzznFWk;3I#eBA3qa%~;lCLpnz6xWnf%<uH8zryIrAjFS0_DnaW6&j`
z8L+j|HNT-4B~`8y-A97cMfIE`dxxTFA?U$l;e2tVuTH4ieUj{*bs{URA(#lhWzB~{
z(qG?_+_27i5M6l(zX=6U+E<vPn&ej^JLk7}|Mx~ov8U;xQM%?yYJf7o4sot)WGg<!
z4#Z{=Le@R`l3H$GW9Renua6NPn98>Ob|3CfK;w7QlnLCINFhjYQ}6=V$Tb|~4*irW
z+$1~1sBOwVPHVA;xEC4EBw`D|?HKxdOfV3iMRr0S!8a8^{nw?KPU=XB?a-$jO*?e4
z-^ZV{W1LQfeO1G&25jc%Eq(I^?#}^%$`eqFY?r8f-2gf@$yPQsTVz>IKTj|0=lQF$
z(XluO!;x}DHq)6eYQ_0H^HHAHS%|K>CFrU<Maa7!{dNEBL~((By4+v)EyG{;UGmp0
z6E5Wf11_F$w(^T-obCML1t;Pr|Mc)FaiP~~p}&5omHyuCw9()Do&D(VG-rSMJJV^W
zzd`2!`umu3;D%!h!%hT9hKnbh4u0{BGlyTi;LPV2e|8q~i#MDl{NgR=6n^opbC!jh
zz10c%qB<v6ROjXRwPJ@}KNV#h3~(_lR2V6Yo#L4kb8#?oaWHamFmiD)a*e^rH3lQs
z7>ry#80&vJH;=b;edF9uI~EbvMQ{+czX6`d&&4i10z(0}p!oGaeH7kzoaOx|oTzUb
z@57M6EojO5pFRlh=bYvJXPkw-@59i-Eok)mpZ)~i&p*riFE~TJ@52<pE$H9+pWX}a
z7oO$)KRX-n{qyL3m@2vzqAuSFpOl>ClQ*2G4;!DrtkSI-`b2_Hrkv%Ix15E&p8x^S
zt)=vd2R@l~mQO%O?EQq(N|G=yNfPEINy5A&Ntl;#!t_&?#<nAKhhiLEHijPL@US}e
z1;yDZ>+_Fz61!l_T_AyeiZLR7w%MQe37%~>#w<t0S48zk@L>gfw=fsp{a93C%`Mtb
zyBRb%n^C3+c^-$5C*=@DFDfw^Yl7i$K#Lc3@V^Wv9hS|aR=%=WJN(@~H-G!wLLl7i
zB;o1<rqbb{lK_&DP#s99IqP@M&3nel%lh;PA0&AYjSNf?4&%;8;RUSZj2E7usi8sR
zmBXM>?K7Q)+mT76jR<-x{agOi{=bX=Y&d1CKe*rv3oiJIfeXGA;DXaQTyV;T3r>%4
z!Kv*3B_F!^f&VZ0kg(y@BgT+?KSqQf7(@5{I1zqe4Dt74Mfia+72l5+oev)vQ}(@?
z5q@LL?)T<K_>Dmb-<uubHz}I=U(Anyv^^#8-+z}8g?{|~8BsqN6E9HC*?7<ZBCr2|
z1J(Rn{?qZli~pQ$y^p!?e{jA3|4dsQrnAx3_aGn7{bwbg?=6LJOc3}zIp>8m*iatN
z(u%HwFxA;O)jZT5X&_%%PSNvo9MA^4K6(;Ogs|N2EW`=O$EnEW`E4=eUF05!SRl4E
z)qrdqEVMgJNb20zTxI@v==Z3<?x2ZV_n&d{20!BzjlU(v-$};bDaPL!#@|`SU-YFA
zmQPFTM)^eQhEcY#eCB_nH{5=d)*n~ff7qY@sQuCO_OHC>f2#dL{Y653zh3?jZWF@j
zMX!x(4ILYxiLJt720!6iSiBN0yjoGKP(RTOPyE_MvtPTz>}Q|C%~1m?@O+_Ivxd+}
z>D9dW;zjhNJSNnSF>AA03qw5v{OqHO%Tx9ibQV{d%$gr+s_*B8Vm(k-x$ePSP3WKH
zWoz>`veuLzG(2<`td(=I5m+kOWuXLUcm(bILVau3=kPuSSi|4EwfKX3wx1UNC$W?0
zy;aa@dwcs(lUaytrgMxD1#M_M=oG>al6|TtA%x$?MXO%cvzd$w{ow^kIc40JH0w~G
zIzJ2jE@4}|aTC0g_i%#;Pvz7=1MR?7+ppm^L(ml8iprn+SdV9Ok2JLjBk??HaKmu-
z;qtp(+v7j<X$ulw_lbpLi!|#<wzhHKFt0W|<Mfy1=JKok=7V@(Gm^4~2;sj#Tjw@<
zv>%({^97Bmd?5{I_wV$mcVtT1sG%a8U&op$AW-vGImA3)of0!6Y>$V1i11TvenaJI
z58LF~oRFqQjV4rOxx32$4DG$%r#%AgjW2u-+Ix-B-ccE+zbrQhRkLxYZ;_j^(TK~5
zjlLYj&fIrB+5_hJYMP^Zhq%JD=2Nt5>|C3mcqxfB3E?mw{{^jR^g7`vpSgMvzJ2^v
z0!-1Ho~NkOIUaRPrk{<dz}E<`+ZwrugkF2MgfLi2L%!%<C$iB#cw_cO6mwJGZyD4U
zrV@lOA(=*Pm&0=;pxC(->GCDo=*&-_#77qzk6aD0KlYHXRet%udP~ALZ{f{}LQ}p#
zYG5OF!=C{AHinSYzDTE+$!`cxK8vR;+K(~boDY?E!|;*5hS|BXa%(akEwVj$oi-;S
zCTAaBar>IfFZQr6*-=Rg+Av>@e)CC6wAtomM;DF0chFFih0d)8|79DR1;?UrhdR{2
z3h~N79pTu!IwkGy4f!IS0^qt52Q>O3ZDQAEA%czraR>TjDQmNVnuH}^!kv+m-&o*M
zi>x9G)Ik$ORtl54f#~081%gAMX}%Qx1?q$do-QrA6`LaeLoKpnyI+TOCBGs@#yRAd
z0{C70dE?22_~bl#GRQmfuFTmsdfwZLh4-hmU<G{QrA(Qn4dunD7F?fdfmelx&|&#%
zqXjGDzX9sNs)VZFqp3b}k3)z&MaFyhy3_XNr^EwxnN580BVIO6=J74v32w}57>2_A
zY>v4Xm!-vbe=iSRjMT>XQc?M;1D)gFdixmV<JsTVeYzWsF9J;P#De=hT16Tiz^d}q
zRa_DGaXNvQg14UeMnm~kFbd5+*6m?kFhX8rM%r+*j<DYm7$sj_aJ`R37mdDh0H+#b
z-3EUVKz;yp5<ky_hfYdErq6vySn@F<D7belxXz;%TK!NQR3cQpM^@kfE^aFRm17A)
z0rdeH;41MfDxg_-3%;^rv;K<H{TKQK-jBZklThWraxX)eKz!qe>E)GDdGdvxMYmx&
z!NI&uP1vRd&Ctr&NCM9oLxu13t8%ksZi-!v3A>S-tkJps^0GCsrZ1+nk1)kMj#FgZ
znu*WRLlZt60G})xJ=kunA$Am&(F0r1En*dih9LK`D@$n^L96?&p|!Mz+T?(H@*DGi
zNZ^S;p+s~O@n|hcsFCg@p$d`PFfx$$O9-P46!BM-rfe9E`E@bGqejBN(I~8rQ$CD&
zzw`o!ck}tgwO0y*9_vXJ8a&S^5Cy|qlwa3a3FUim70B(rk@sZI{ycURI;c*5Bev>9
zFP^%nj?Q}@x#?JB#;3~rC-Hv>A7I3RjYCbk{sb|`QyYzA1fG70e?I}ZcK*8<KRXfw
z25t%6ewTc;t06wfkVD}%bZ2ZZ3oENH1@0-V%<5mTF&GQC1kV+fb$0%l+;ZQ#(DBjo
zf%+SeSL;7ML4hP+HrX0Lhcw5xq~U4Yos2+&9Yj?P1?67vSAS*~Ef^fuUvzH>4nmFC
zh*wG(md_()Efugp+LHy}zAR;8ZcaW;evbY(QA>UZ0g1=V@PML~iAi_h2j*On2*FXy
zYDHZzCj~(s{AFj6%_0Y(d8w2t%W0$w?Lw_pG;&2`g0@$MdlJ89ZN^n&oY+#fhzwDE
zlD2Hx-8_eNIwHA&5^0X=H-r<E-8=^aEhBBg8%2IT0gQ<7yvsekSl&f;F|Qdj!-+;l
z1{)!j@TdGX;ZPssadkcre=^zbyJ+C_m!HA945bs)&nK~>_@8LVJA%FWxM;jndHVQ(
zrbc)W-QdZuCavRsP>T!6DX5lmMzg4x*A%Px)yYK4zrE1jXMYR7r-|2C(d8SFEuboq
zE9HbI7Uhs)&`uFm@@zlH6}y{flh4PQDnR|cQ2!^LPvC9~KSXRVRIam8&Cc<w_<@Qa
za7Zxt02*DA$oY=?v=M`G>i&I=n|uD_8pWR_a(erY<24ORpuUT?c9@=Zun)9vf6S>1
zYy8d*C~m)oTjJ25yPY~~1{nr}*wxy2>|CO{0iY{)Z5z-^s#s(9u)K|3t(Ui^p?8$k
zB+J91s7yqzUpUC?)XgnyZP(`m)(W+apal+CTi25?netj2yB%o-)QHgr#M*~u+GF{8
zXTtdHYNI<t;ZEQFq`x1^>^klJU%;Kd?|UZtS+n6BIROK-l>L?HQJ-$b*xGC15W)o%
zy>Ki;2oK9Ja?HO)PQs5N-8bXnnnB~4*X`Fvtwn!DnxDpYi>S@&CR2!Co7EwzGy8Y@
z)oJ}ZU_WpRRtF21(u0fc4~42HiHN;0liHAM!kLru)=5g-EL6M56?hUJOlFY72%!WZ
zKwW_Crs&c8oninsZ-O7HUxzhL5eZ+>BIbRLOWWKk=7EZO6d#p{+5!iqOxS_los{$o
zc25HywB%b8Z$^Qn9JEWSwI89u;GIIhxr4VhCPvqxf*Tb1u5ly5yLy52y1u3QH~X0`
zcI_hnLszHYtrrSUH=$cDdNyvXu*<^uk=EPF2T*K+IW}jzu@5D%yw6al>MVkpbVJR-
zi;<KaWYPdhj5*BVBfaW|E*gQ{acoFCwgNr5B?TeK>;h#;#iui11yrUvc;e3$W`0Bb
zt>?#5*RfQ5BXvc2%qg0T-egx^jb)Tz)l+Z*=1bb}et2sVZWZ+LPoNtz-j4Re0gUbH
z;k5!wpSiKa=lUA-6IiD6F=e*hui7Qpu~zXIQJUuavrh#g+be^9=r^qO_YrruYkR=`
zuZ8pcYH7Eq9I*S{jll&-QEa2s)j`|>#<p4P+S{v7!hjC+yIac#BZdvRdisG+E1#SE
z=EgZ+jc232M9{;$sCe;aBqs?&KYj-qGDahr_yGA?duogjB--65MtxMe{J3a7Hs?}*
zUJDd5K5G3E=iP7KBr2Ot@fAG(BrFL(+bBHSVBp<|c|e8R2%L_bNbdf;8wbO^S*TiQ
zO7<S(h(K@=HhsX{h-kl+m%+GxMqwUE7s??HEHKti(JFh9!{r3>8UvBG1y@O3pTk$K
zgw(jx;zQ3p;GGS|C*zn^@Vh@n+&;{|S_!>Nr-8hUp0~`ga_onD)0_d&S)uCZ=uwfk
z$$xPphcS-b3pZxxa=1q%OFv6+Tc=i%&{tj8MY<XM7OF)$>+U7d9`x;Ae0vw?)W{q-
zR0i-a%CB=oIM0i&eE1&+Bw{YyF4S{$1;HdX#)czkexshh=&MA3*dfKxyY{sX7(6ym
zWVguIqU*s}QFyOOR61_g#Barq_pCYxO3!PA$K+DM2BzXP4dv5e5(hwy{poQU!;O+7
z7Qc)0nUV)9z0Sj4Xr|tv_ZL<+Ftbn#+`J6hv{0x$tW}vC5($=pY#ta*j(<QyS)>KZ
zmv2KkJ%)P)BkLD0Zw`)w#sW<qz8#YtHU}-@$L-jZ3@E~z*T6E8)x$bm)PsU1cmVw^
z^uCSj(;rZ#S^sDT77=eqmmh31q0q&YNnNOi7|NbQt+01BbsS8rk&98~P$y<D`Up!|
zgFvc&^&BfGr(V_eZOc$2YY4D$+jDQC7dLV}-MSuinPOOA>mB#4Ta92!^);`-#-ZV-
zpmF{NRAaQ+HM%-o3BCHYH2qlFpNpA%f#2KLEM5E*hqSpH6rv;V^uRaJ&5KEv=(9VJ
zec_e<Zcl=<M25O#Zn}Joo%pg3-UX>jtY^)v>ZeTlOHd@Ji_cOdJxp5Hwsky_=R^mO
z)Vy7P0gc40IQu?>?@dT5Tsh<@M3rLRVQ6leFU6iUOR@ahseJiL5yRBajN(<+g9P1n
zAJLI(d;Ckoo_m5Dx_jFo-bZc7fi~2n>Mx}FL2@1y7I-<dt6jLz%Ppn$GGQUC#pENu
z@rdr`^fo{PooG!CgO)zKnp%1}wlx22EiI&$meoKz+tc-zQk0x|-6@DOcVmSUas9Px
z-LNmfnC^{w?q6UpPRO>O6R-j5`L690Z*U;(9?@$GCjjxiBin;NBVf?rO`!#5Q}7D(
zQn}<l?jV_ia0!I-?=$h#!IUI=<pl+;!Mt#rJUGdedDYu^y`nbHEYx@CSyjsu@jA@U
zxGlaC+tUz#kMtcQUYE2TggmaHqpQ7ou^l&r9=2Zg`n8!(5BhW8fC%u~3^TcRA4Fm6
z{+B3>*`nVJ`*pakxLjPczJ{DeQ#{q6BhS0I+T%M?NH+L$TGWKmu<@33JVR;<tO|9s
z<GrCK*z?`3j_8CPpsNj6q}`-{_VURDTZ^vO=Ogu}zzO;KkFMqTOSk?+{wiu~d6(}g
zqqe^rSH^qw=rg$HRal|#tcU;f;ge4$R!_abWCGm@_CYrwG8Yh*waM%3XTkyKCog=b
z0p5%cr~W9X`UPF}8PFcjy97?v2IF%(v<v~E=E2r8OI&o~h1W6X2%5vyYm`$1<c;+<
z`T)5@{KHf^H@VuVBq-t3pQr?0rhJo8&Qd5RD2GOx<U;kKlUPzSd}8CDY)pQFr3OFr
zva6ck8ERtJwY@`OET@kT+9D6>SA~}+Xb5ns3-0I5emSi=`Ki8mRva1~%OiJmqfnqH
z^>K0nzs6Ps1FW8NE$-DZE&IOPQLWqzx(R6X4e;AR8I6U%ZwArjz-J?E!{FsPu;m?m
zHC&V_)*|z|Bq^Q%Qp6Zy^2J|F&e5Y2&?A$?z7g3L5Bo59BaDGbTEU%V^<PgS7t`v$
znsGAfr=T79Qhcy+3gTZ1)lZX}3|hRjdH?FvW076<+B;}sz3OQkFLvEL_~T{QO~YRx
zo^#rtc*+zFlczh1NxYX!Y7AWDCoc+;7lp|SF?msvyqJ`{n3BAhk-V6dyr|?CVJFU2
z^13?hx+d-V`Lye$#<l*%1H89?rnP|J;5Y_<L7CrJS6C#VeEBVnSl2Pk^x)+iZoZ`;
zR=OI;lw?}rM6^e)$7x8-H=?kNE?*535&XK(_+Ky)$G`H1^syJCHgPpyc6#vxgeaO;
z7||C|Q~b9neO0ynaP3f2FCO*jcq#?S1k%X=ll`0KRr9BDkZYm7zoO?W-2*Bn<EnKK
zux>z`ZV4dr8q7Y5;X``qQrJ4Ww^bC7wE+}oq5j6gP|x-9*noR)@Crims<;#bJ3ZB7
z6GDBFS=4@R<|UWclHG={3opxuMNx2CAX%ZQFx)BoME8~;Y!;9C^J4B%8ZN8ZQR72l
z(;yJ#_<877ll(4i3|Ijcb$ZxY<umZf3ciOmb$Vx+bApe@U-^GLJ|kZGpBo<n?kPCS
z_!NlleP@mjZIRF+lMfLqNGpmX^{lA;;~7J;B>s=H;_u`dUjtA7&XKqe;Vvu^Vmj=l
z@gPNk55%>9-~(|BDO_m-F$M?Xay}53eAhsf)ucC`icWE48j2bmhpTBE0(pmuMvi(9
zN1>ucj5gwDtXpUvWOc&VuK0$^f1c6nKgQRmn=g=GySqSS=_Wz>lL>8qey0vwHrNBj
zZ{v1;Vdcd>kn6(Ab(%G#Sv^6UFT6ci$vg5WKB_j$_j(XJTRCoB_<(1H8FRV2@SIer
zADhs`R^=FUP3gW~E`ryCqw&4qEuJQi8LfJRMd0p|H^FVof*jl-^eXV6Z}2I6qxXEV
zuYa4Tl(5yf3ZNu1gzz}{KuHV~B4%RX!!Jy+H8Ba#gY)M=q_!}|JB12v<#A)8y9xH%
z&K#j?uL%W5qiee>VKfoO;m(9dyQ|eF)PEj2K0sLfCk(mLCbaq@Z9?@1_~B`6xB3RO
zdKPt~*Nm|EO_LETB)JdE@1R_|lTLqTIy3z41H$7^nNaa*@Kt-A=0@G_sfG<6Xmk(3
zLsChDb9lxAG`i$%LE`$sV;Hf&598%_z+L^8$GFYFZtN^6aRIq`@KGDwOHWbLPfP~)
zOcU|}w%_mG9ZcKs(BkXW0ZgL#2&Ie=-CO7E;*^0z;)oZPokkx=wc#tZ;T4=d>K647
zfvg|`amh1M1o8(Wkk+7^tnl@-654`RB{86Ur2>m&5#j7n{vUW(2>$}F`VdO197RGA
zp2T=Nf|xRMr+);x#(WaI=P#z{L%Zvx&~aP&MIL3J#{*Xtm%*g9#KstLukhown7cP0
zghx4Xt2`@`kZ;C-uE+rj!fp1mU9p=Hwx)*Xkl8AP@mwlYX}(p6w9t`lYYd}#YW(hx
zgm5jQacf>@hUnfPJpNh_c@@w+yAqB2?9drcb(T|N>!Ik_A1F}%#PvcX)Pt;brqfE~
zF`KI1Nmd$|V*Rd@3Byca7nWdzwyPmlf?u%RvGu7qC(g}0?4-!Lc(w=HcsTTzSAou_
zoP-79Mp{))!U{Qri^9B3G?-m)x^O(R-YJA}3PU4db@Zdvv5h2vP_>;_$2OnqYuKK)
zNHC8;1!BUd-HWSZvnO-{mWM*iV_Yi+L{_7-K;u_d?|_y?$N1tveS;^&ayQ8D;^Ekp
zboMYiBjEm4cpOvqvF7S=xG<_S0+FwSWpF?EsGl7{Y|Ol!Qr;HSO9#(gj;RYNmK5&l
zSIu3XNck-BolmK;7_v{(Pt(_fBena$Ts<I#-|4d+dLP%oa5ceb!3fRy8bLTQ3>elz
zFJ7duQi!y{a%j;qnU;A6E{B%jD(E&Yhc_c_)q*_L14HIfx~&WU_zxhab-^1EkVL2-
zpU@s{ReA=LuU3v-FGnJ6!A1C%5Uzk$HjO2KQ1m`=uaiIWAO^&fKgLC1bwWS+B5);=
zbilLU{i(*I&3&mbl(3aw=uu*@0FK!zhQPG6#HJbND%!Z$Vw2M8|M;!)&m*1k&6uku
za*Bv>9fB84FzA0g;s*+0G*5=+A^m?w^#6WrJEwnGz)`{ho}D4#RIWy}`b{vEP)_3^
zyQ`(J`c{GrkF6!jKMs`t8>~i~ZKb(qJO?Q5Wq(Y^u)>lPoZKI!9F1FJ`+M;TQhJPj
z<Zy!H*5ALHhfE*Dy-H@qa>4-HS$`8F<l{k;2$1+9aq0<5q$Jpgcap||`xCw&Og^2a
z-YD3Vo(tvv)1nzy^BoN-Z+-XU9D*=D2+x1kIrLZWM}zu2J02w-R4r(F;+yP4_f3xd
z3Ld7(uZgL{1G4PwHP#|5MXT}Go?M%Kg_!Od%y%#quyE?nr!MdHxjOX+E&To#iiQJ8
zM_Gq3EKhyRX$`P;AAt$-`X#l{E~zD$5-fP1s2mq6E{ab8x=<P|%2y}Fyp5u{8E=>0
zrrMQbLisK1Bhh_icD}nZQ{L`TCuO@Q+2uB&c9ykF>9GW};eQ9_IxQ4dc6!W*<F(2B
z=PIT^mysULKGy++(A8&6G+;`agzyVyex8E3fY2b|GZavJfQI~(AXM!_W&Z+biBN?g
z@@%u{{&3ES*as&5owC+~*#bdMnm^_r{G<1SSB(#1!r~Y3E{v_aI8%P#gXdlDV!PZZ
z)D}Yrx-G$l@V`TT)5i{}bFxGwmLnn9uU4EBFn5W{F^h-YQhujUJ0}ObTRzq+)HeCu
zjk9knQ|4V^k*|oIFxn&3=F=Nj;Tw{>xnf9}Qkh{1PFI>Ni}svE#PYnu1Y~i{QqhLk
zVFVRa6HuK_T6ss2)*E+Q1Lki%hM`7^`iumDdv&j2b{TR3-(~w*N4iy7tF%hmtdsiW
zH;o}4YYz@mFQ9tx+|Lv3Pl^ybn!<|*x;=F78FY)MC)@Bg=bJ!Zz&am9UQ=$U5`DHZ
zqBhTo6~`lMkXm)EG&#k=_h8y7qOY(1Mrn!o8qU|RKbTy@n0q2x?_kJ*8Bl{h;qH^T
zD%o0N)kfMXuM`pCYA-E!{mMDZ6TRo`z4pu$zV-#UhE4tW8qVjfURQ&fe{=)BGC@=q
z!Ujv7jy42&V0^HFld(fohv{1;VL!IZ9iUoIH}N{?d0%{g;scc;YZtFWubl5leS-2B
zvz*vXYOx(<svt&v)%c#I?Cyv(Akd<Gp)0|GDD>BW6nHQ%E4G(0`I*&b3!-n;6Pt@t
zKsB)nUk!SNm9f&_M13!CJ@*yL)98D?$+r|91pe6Md)X8v+#eIYN;rw}OVh_IX%Djs
z5hOBoq^QX?t`^TKjARDxL9S=|G_Qe1{t>d83z5}ma;U7v&!*Qzeb4g*N%B(Y*fKh>
zi27FW;(c|ztqu4meqJB^b5y&H`r7oTi}o4*c+uczaF;dd!g-WX6Z8puk+M$$jXu%o
zYse8IPvZ(v60qD!e^lq2=*L5}Et1?(;c+yis1tw#cKcb()fvAM`CQbZ>^&*vb&KX>
zlF}`dm#c30uKW>r$=y&fW8|H{=U|%L9=rUpQ0uXx?<aB!A&hDeTxH1bD2XeD#am73
z+J(*F16;#6-6gURx`}BcZ$l#ag6!KZA_(2f!!1I1RS*9HNHqN$gI{Y4bC@;_>B4mv
z$2WZeR(p<-v&)az;RlUuocg9En6ZGzJSy`XCY3&vSfL$y6kwGO4=c<L!p5OE+t1+J
z;_TQwJji0jj`(5n>WG!$n0XuqS#)ii#xi2LiQe;wQde6&fwlC7XdzP^BbZH*vl`+D
z1{FkoZ}C5M22C^=f163L<vxibn)y};)%TM3h`iK8i+nYb73jkT_^5$#QRZc(OZ8n|
zF7<}M7wY^KqE=diAHt%b2>h>&$EPd^67XkHo4<l&CiA_e7o6nIV=_E%p-m$^M2Hl{
zS7+8QNqhR&q_f_6=U^>w1=tZ#0ug_IyCLT!6_cgk<sdg3I-f-0IhPC1*(5yYToZpV
zC4bM5vv=@U$KtD7D+)=@`qW=$d)<|Gd2?rBKZg(*geG&Lc9OLWHV&5HrTE7I`z8~D
zG2)Lb6u~Hdmj=}H1DM7VC!TF%FFuCO4BI{CM$qj@q!90$=EHMk))lv)9<BaB-#r0C
z(7y(L=fh*&sq<GDY?p2OF8tPmIeu+Qj)+2UA~r6E8dpBvC)CFM?t`<7KmcCRUv|bl
zwC@sXhdB8gdH4pXiWT_9W6q5J!C@X{oyD_g7m7)L-j@OM7g%fs=4Xn%k8)8tV1?^|
zS&zMoKY1tK`Icz6i#ij#Igxq*Ge%|_dLV=`A4E(*Va8hc{`|qukPydd!!7z7lMFa#
zU$qdvd=Rpk$H+XkSJbj1T>A2C*$A52s9QN~&VLs;l`;p@S#1FA)EqiPA+Ft#1Wmnj
zCP+5R<mz6&?dQl9B73nUk;FMeGgtsYl><n51>{M70{GwcxZ6`rz}kc=gbMMn#(?`X
zVKK36w$7_Q3{?Cj@b$Qh^r!}l(hmHvNi?sMlpgqKAM#oYeUAvw^!;IBF=lu3x*y7v
zKlG@T+3tCEdA(3O0hB1%oQGEuYdj7#nP;Y}Ecq{9^;sNAwKyxF{Y3X`^Rj)286zeZ
z+-3As?T^_D!+8Ut7I&i%&LZ%piB=<ZZu|=1*Xls!7`$_@9S3)<)#GjvwFPD&JP8>E
z>%oncd#(H#<}CJecn%^9J?qZyMC@GjvFfE|;?1#Z`{2C<*!q+TwhXg<Kg)4Hs3=%S
z;Txc4Rl}a3>(1raj%50D!UjQa_6IwVo;d5b$klPg^TF2QzUdHfL*>?lydU@&Vy-=y
zs3W2pJ~IAUK%3j{<%PpA`L(GzuzU7ulM=#{*CbLXy2dc=x8pFa6T;8i`7jx2zl{PA
zO$G6)_;{UfNsib1qE=xBp3k~ytQzHik%uM~*+gi>yg>*Fq75kk(Evgf)ZSv)_;0|#
zklNxLl7CgT^s7~Je=0owR|33w=g*utQQ&yl-wKJWd;BaS($!v&2zc@#Y4f~(^=~C~
z^9#6{&u<pMWiDO5^8}Y4=!_cw1!c5CtefzcL|2Laa_)G|dk#$2OlQ8I9U|CAUr66k
zjY(u{`(yUy6po7JDr6%-(ULg|6b%g@fy)41<K6gynYw|A0T*A&pDfIfv<j<V8+Wpd
zOo}fdxhzI3cld3V|0*fRoE5LEIgfg~(a!>*G7ozU-Q=h%`owCKyMYi4p|cof(!;#Y
zQ7~}lm*G_*5Daw_4^yxmv5AS)epXcWSwIe)CoC?a8IKeYQ`;!<__?Tl;)8Ak!l&<s
z^?rv<5*DA!sRV~@mC-t=@(E{%t^*<cy~W9vJ>f)f2x?r|iL`IDkDnh&8b4FQYICWs
zf08ADCe47B0nGyE)vMA(tCm;;CEJU^rUD)n@)wOa3W%@GMWmZ@LTB<I)Jm{IsKs;;
z!AD>!&I>*$YIoj`8kNZI%n`zF8|haAg@_a5WHf1-=UvnS>O-WudhQoi7M~}qY(*5(
z*;d5Ag4#EEVXL2@F$03Q@Mp_mm>WI7WuY;?P(bsW&Aw_kH1+~=-S@IfgeOg>&LDd~
zd!YcE9y^KtI1e`QXY;E?i?5oq1PkY8g${A*5%IxJd?C^%YMHk%k7EJM)DySh_X_cB
zbR`2yJAr1F+Tv_ZcL(SfXr?EH$G;+#@6lWR8sk&N$BogrN$g9%b|);3x5*Jrdy}uS
zU9heS>G6jF_JM&~7yE~ycamro!Xq%q5H79q&n0Dkt|@q}WEdEvq-8-$S{731^&ULO
z<jin-E+&z509{0|Vf14ZtcbUv+)*$yRT-q=0HePa-N}a$T_)F@n72;C++fg<s;|-3
zlUj3IPf_1R_YPt4MhsCAY9F9A2Yl=#wil{+nikz~Ty!4HFYy|5ARFlCE`sgZ+uJtQ
zKh>-qX5OrSnvG^fX3~o2M}A-G7?_u_4v#w4dQ}2c&e1*4r{JZY&_ZiMh~RpIg2vjE
zb^*$Y+(^5KF<ERZU!**fA~hoTQ%Us|U<)KZF7UGuF01*a2$wbdvIH*i+|{G{Cczjk
zrD4wCqg`YSe~~fzMaJM48Dn3Xog8~#L8^zpHSr$4Zc6s>SL7$yPh!48>>>OWzoUm!
zdiwUTgnQ-#2k@0p7mIt+_|PHH1xrJsk^o-x3i-9uMgqzwJ~XGf8<tdQD9MZZQ*6?4
z*u@=#303<+p`+-*K|*Oc4&14oT%3tTV$piOl4RGVp;$Ea+A6w=X3#sC>F>OJDp|*~
zR0kVtr7G0axAO@u_r1qyg}~<@KA!gZwAAPK7)^{I<BN#|Df=moc<i-PoGlC#!Zup^
zovEeIy3t<4!nCksotUz<z5gnl#KwJ=yhalD9`?z{?U6PQiwcoP5dV1z<#`1;uSRGy
z#Ijx6V^!Z6Q$`fSXN@T4J0|YclYJ-dxs%C><HUtyuo&F|fhhuOE9gXPsx-y(E}9VQ
zk(^>594DQ^$c&&>Lib7J<E|C<#$np9Y4?B<LE2XQVy`;T17jcj8LACl_a?t~k2&b}
zv#pqIgmhy0i`cVJ6RFm*e;!S#+pg_g18+RaVP#`=U50*9*4fKUfss<Y0;W?vKxSTc
z>w?d|bG+kiUN+2?h)wPy_$PQ8jm<gEuf0sbpVQ!{p84}mx)=WwyA8JZPl;1+H?%$O
zKQI9;_9tk|N;^{YRMTr0(uUJgIhUJ`@i;eSaAi?+>~YZEGi7^~Zzk^r7g{SQ4fjr9
ztF+Oa$DdpT`gj&Aw$k}Q&V8x<yEt`Zy7n3WDjBChzdo)(8xr}UvmN@<4ji{{gGcY{
z^>2ucACqoAu1Q9gep5Pud|=wKj!0+aFp-q^HWRsI;N8?22FIa`t|vP;p6Kw_he+i*
z2y=I>Q-6B|^<oli<e+;VrN<Gx%Eu0S*fuYVtzPl^A58Upi+{+~pyyuFg^BF-rHi@}
z9_7@4;1(~_mG%=#_d~&raAQ(%J^Vi?cr|P$uXV;|(mJ7n#J~0_Xvf7}iTK;DHXuSA
zBN&1guS55g%5dj;d$5u6hn1hT)w-287|pGIXfQ%vezm&0Z#zR!Jf#yc9#{6Q{U`XC
z<V~9Y9``rAosLt~@pi9ToM}ML`_&)iEA19xWk<L{@NE^<IobO4Zu06(n{UrVQTvfS
z&Bk9TvRe$4FLY0wK`B|4_Lr3AoN9hotuoNYh46SDJY(l8#qXSiZmd_vhFjC}7<-+Q
z==^sQM_m=d7s6AX9%zc(j^~A-I+%@AKB6|)j@1?_J6}>Z=I}H=z4+!rxY5$L#wl3i
z<+0Z-Nq+&TZwl2nC0QSa8uY2J@XY#3zN<d>Y4wS`zAMt}6RAEiSzo`?>nl04zWnd1
z@6C+9_2puHLt?+n;8o>PRk_Kk5F)ToRrzODmGfOyU4L3tgnWB->>^aj()?|KrBJ2W
z$x1uTr&XGBW~Gkrs`QWMzLnbfc>c<qHlB7ncbYNk`^D+?IeP2!Yd^7nS5;S1RWo>1
zP|Ibp^UP^<xxp?bVepQbdTZDtF{{%k9S^&|v-sCghHJA@#Se}>hia12WS5N84vW)@
z-HYgYsbc4UN2$Tll)*`xgoxX+5Wl{L2mRfIF7TK0gd9`kIJ)P<ef@TF#=j|`jf&#?
zJB-Q$d50urZ+F0aiZUn6rM(UBZXj>Br0j-A`{_}CRCTVI=5$EP*WG?IT*T%P+9C#9
zU4y=b${x567qO$Kc(_N7cnyZWDD5Eq;38IL+|S4RCCU3Gv0W$m{Sv%in7m&YyU(~^
zi1!PU_X}blpWyck@P4027O}D0l8Rd?)rvC6mP<js_rU)f&>_!LnzVIs`z{^9X}P4)
zq-<Y&caNsBJlKXsob=;AGKTq`0w{=lv-nkqsClxZW}+sBWUra1M32MZz?^GF+N$Z7
z5dKjn;zf)zORR&G7}lXQnI*Nr!;TQ(fYM<9k(PBATsPjKWo_mbbCFfr{j8*KnO^rt
zyioZa)+VZt+Pwy3tY*Cnc3Py#VK|hzSu{ZOF$*lUj`qZ2w9q)L<<51{h{G`5!DY5_
zIZZXOh@BoMPYrlU%{+aap)%rWsZvL9xI*}7|I~d^sTASPdvu34NgV^?L|)3*z5#XU
zTY(<v>LiEyHcgjmVe&HdZJHd=dE_^Q@NcLHYClHSFfBjb9?@+UBAs@WcZ9U)x6H%v
z75&PbMC$Ms&t|>qWp!njnSAIq^XdSe7~+QKy6Gg}Xs}vGXsPH4^>#lKL6QpLm+^|*
zGxfx8x|5)~qB6Sh`JpD;DoQgg6rXd`^9WPfC<;Z*q7t)8!rwm<HSf9KnY-&dan`>J
z75#3aJq`ujBPu&P^cv`52$4Sj3-jTys9*Cf6*U7USPqHW{F+rYZ$5=dMe6i_&P{L=
z1Frk8`;jT3!Qf6pc(jc}y=HpZPE2PbG4B>SbH$)v`~p$)@r8$cpii2;tQ~ga6wPER
z)*idrOu6w23k=)zI@swBpc%pDN{xFgqK30_guLuW>YvK6>p}k`xP=a6+NgE<I=mNJ
zav`(_YJZ6sBDd10j!2t)lkvl#9X?-lhhT+M`lna56U6zgWW_1Oa}GJ~YDu{*stBwv
zU!cB+gdIr)2dHo3)ijo$T-fSjgBkN|tXM^GNNV+2MrH6rA;Ft`szz|>F+xAr9y9T=
z7=BCgV41_B3*lm*V)Z?4pVF`<Jm&idb}N!*ZIaj`%J@`IN&RRgL^_4YO#{foM|~SP
zOFV<M`f)F&uEKY<60@IKqhvKu%N?Pm*ua-i4s2rtK-y_L^z2YX5PyUlfqCyj4M_n;
zmR?#j=JMO24t&nnkf{C!Yfuhlh}vwsU-KRZI=D>)=_0Irj>dtcm*3q~O+V$Y{Mr<|
zYI1GIa$ArevrT?(Rf`Wo9N%?<@^|ETpC!}COKRo^or{S2f?s;nNHgi1&(geVqc-5K
zRqq&KU|T=S)8XZiwu$U;k3j;uHs@F(plaABZH}4k@bjhYQO)iqLAe@+j~!u~(<+k(
zdDw9!Y97!0t#(9pUMufV_L=iO*M{8aVFmCZZ|>uFl7Z`(F+f7qQd?>elY_K^reR`_
zsKFFyk8O1z?mjT_(4Y8JxVz;8>WjpbSQpcH-;z0-Fux5FgT8V0v4m<o%(|2kcE3WL
zP%Cou9^f>Ii}rBt(Iv8;v&pP)()h+KgKrEsQ3`OLj1kJEvEhl&e}C8V1h<&*<cywo
zGC2E3?uKtDx|wOnh8YEz5}PE>#~bU{GCh(us;SJQn9Uw{m#7Y#b9-5hhkf%S?b<yA
zA>5mm=t9iuVeo4sFVU}wsq?%<%0Vn)_ByYdM$5-`2;mqmmuF}6R_JBhT%BI_BJT<{
z#hdpz5Q_(M6@73gCbOZ3D%l}Dco-+a#rI^U#g}qs8Y#xrvS=hQm4!n1Dm!Ml`peS@
zg%aLR@EAR7+W$)M7+=i;=Ckd%k)MR^j9-BMsAuEngubAFGLMoFn<%WT&NAQ%1gu?T
zMRsm>Q@(mhG%Ri+yT_rl<fv~WnN;%+*t2A{Z89^u8xxaxgj@}=2Qf2rQdAAE#)0Ev
z7v@(~j-3)&70EX)z$!i@&rSaJ)io)>7Q5mYjW4m*C((kT)U^}vdjysv{%YmFe$Y+g
zIJV~)-Q`w;NCNF2ZdxWn_(&I;QA7X09R+fRon3}rGLrNS;1H;52vr;LzS1CItRTut
ztz_t;ogE2GO1n9AaQTtQ4ufVUgb{!H^kI(gPMvQ@kQu0^ScI(oQ9oBS41O_sNji89
zN#>*jLfR5LEV7R{(S84g1`GfJY?}BwH)<7?y&Zb&7kH*I9j0a-B9p9s@;_?=R49a9
zwzKycp`1>Mqls7}{%#!8K3dRa7xijE4^#fZ!T*?yT2Px1X|i!GC=VONjJ17+CiJE)
zsR=ECEB&O_jk=F_3Ftl)6`ItCgyO;ZOHc(`3zus}MMo8=2~?ndLzB~*rUGphLGrsl
z5yC&l?Z6ow>)n5@s{1R?8QSAY=))dK9XYMq_C{Lv+F5qp@(9Xca-oSBELY@mR#e|a
zMoom*%XTL`oMO9NfJ;#;1-2U%gsMpu@v{|N6?u=e56~FS<C0##q6%3jUPfBvz-e9w
zi*_a{WE@b)Cq@#|nV5uhcZa0iZG(Y&7KuOjLue2!21bh^R{srx!z;(2S#piwJ0_}u
zkgH91{sL+@_j&V~Z)i`0U2ru-sSo55)9;(qD5Z(}$i3Zo(nZvfq|xLEdD)4SU@``)
zcc6Ya6BIKgVdjG+RDFoqknTLzI}>%M&BWY?@!4f}Jpt4(@<rkVk@;Q8c|ksaZowd4
zfO{})5|@f3@dNDJly0YBGwx7FftGP1c!8uYt~R#FK~=OzT7nNt%6hwhB#AV+Ri$zQ
z>|pEyGQd7-q7H5X@uwEqd8*os;1$Z>QNJ>a>RrA1Qk(pRaW?fn+NF7_Ko2_%Om;l8
zHskm4k0fP{!33AlCV!2=1b=6uT!rW>^^g77Iap~d8XS%CPtr>5MlG%ev`R-2eCo!~
zUwFmpjiOTDfMXuCgW`)V3}G6R_$OZ25NX3Va4%sH_r&V;o!1%~B_9bc7J@ENh#aDJ
zPluPyvXg67fnNFZV~N<m(D4L;-%Wq(&93|9LpV5d?CGmVZ-JZaXso9b&yUz)9|pr}
zb`r10#%sg3g3RR(C0WVLBb*9J6zMmOTb^VaewA)XY%=f}{*B7tRjE8oSy#fTz?;|Y
zUR!<%Ncz}C-MEfuzo(Mo6MN_+$p%9u8X)q?^$4{W8{&Vw7A%F~eJo(o-;$Om%8J?j
z(@lM(f9ywHX_Eg8F1^Rk$&4>$;?l(rVoGH4RfJ7x4PV)YIvG3{1d0CW4c(~)&wVG@
z<dEQPj=gl0^nz9SZx|5!6+fpmv4$3b+b_^((28Zd|5pU6wwz2;JXZ^C+R}Dw`hb}@
z6r~{%nY4)(W4q{HAH4evJ{be4{|Hw~3_b~!AAb;LWke{YH&IFg<v57{Maa}E-pA9i
z5!Ky^*l?2WX{rf7za`zMAF3s=;S*T~KbORWRAU_Q*MS>HjsYUFG4`Ot%f2$Uj31_N
zDnWMh^#Se3C#{($wYk$_Xg{EZgSG=2j-lJAVvYz48|s;rEwV?m>2IVH)0*6oBdX)z
z!J|1Mn+5+o@EiW}hhyMv5#A=t2IIB3NoN(p=aL)pvqTct9Y+1gJ;pAC6}o*G3UuIx
zX`hG)Qq)R}Pl6SX$3F1af!3VZHyvq`vBZu6j+lM<C--3XWd~}6)o+kSxam=-#@T~g
zuQ}B;(KXy%ujaI^IiKj9pJRdZLnLP}!gvKve?s_is8Kgx2Xj<OhO18{w$<>NoL6;*
z`f#S+FoWw2!K=<B8DlgIO){3<@$c42XW9a}qO6Y^b2Re(+rb^K&J^<o$r*e@WSdas
z#YyqIx8j~w5_}s)R^doaHcUw+O!k6o`U|ocW*_l{XTyU9Ko*toZw&l~zx?4?cpHhy
z*#9)gcAYxwRQ~4f)KpI5Q)z{nh!yqxTPBh=IJW6$;T}Tx;}aY+@#britb?3T($2>w
zh^(7+idtqlVN$3QXNc-Ap*uC*v~uo(jpgu-(9~J#9hvykuUVyWTGm=WqW0YFgeI>O
zEkhAOO^6(!PgZagwN9RX9EQ;@)Mnm+I3`Gn!zEFzHel2adq|XGJU_yyHBM7Ad1j*)
zflhnLNU5F=A0W0Ghf!n0oxNdL2(|PnG7N|Q$<4^}8hVo>$ul{mN2Dz{G5})xHVIm6
zDY6SI@3Ja8h0yVV!C$I_cZY|XKmvneX5r_Mh@*yn)4lOc@y|H!PP}ni)OytrxJSUK
zsC&j9AVJg+|BI_(+G73?9iAi8M0M0v<dI8;N+mj^rhXAzt=K5oV(4m`XpKM4<Izeb
zcHDD!fUP$oT-3$6Ndt)pAG1!0Z4p5)Y20lS%^OtT5Y(kGZ?vR7&F5(B49=V?VXmy@
zXuVZSG9|TW7RS5GM1yWKMy5MD3vrq*qmO^Zr>R8<Qyi!&!8B#v33?+(ySodDH>PQ$
zhZ4cBHl}IqG&PHlF^C5QxZ`JkSY+BXWjSeHQgh{JTM+^8x)G;Mli{h6oT^zkRr4e@
z8{zpx%YWJNM1Np#p=ukc48>W!0EC_?>Kj6b@cj@kVX_HbcDOtwEQSXw5)^nrm>tPD
zO)1Lb`7=)?(gQpZkK|?Yw}pAfRL$@^j4Awtm4#NxatT#0FG_q2TqjmRnr_-eL%9NN
zRR8UK55pJINQbs9<fjYYA6<7kURv_R`U472r0B$Kzk1zYA4jO;+Cq{Xqnx6;L?mbH
z1AG$D>pC)x+)%7e(7H3w)ITeMUU42mO#YB6pvPX=`*7QcU%eI+3`S7?EwgiRDX9Uw
z(rous(_LZZc?dy$l4vHf)MSw6izd`2&V8Kn39jU@iNW)c;3SLBL}8f+*^Wf31ezD8
zv!DmQ&n8kUv6Fem;xQ5<2Cr83naO@Uv(=u;o6L*wBrcMas6F65B=7g2od!D-LFeVD
zZOB`fnYc}7efH^jWhLc3J6DlQQFntc<LlFVs#8zpK0Un<d%DBax2JDXPo0aPr*b9s
za!8+E60|sVl_F0i^=*5S{Y7|5efvBn+2@~ApEvlm$6EP8WN(i_x1{4TxEXMtlD~@I
z7H%Uk@yH!0Ch}bkYi{@(0xe_M>-Gmx&*tsLFJh>x_V(U`>mq7<Fl3~8`UL2I88Cs1
z(YUZD+y-Kjiq7g&v>xd#HFkLq|KudbFUBg+j|thvuhA<=eb6p79<cZ@v)ALNQ1Ljv
z5J$>|bmq}YLCTpV=(Jx8w%W0~r*$&m{#K5YgAtEPon;T*#zmqMpa!ie{u{}|Z$Nm(
zU+;?-jtp~>sPvdcCL{jwQjtwxCWL=NI#1Tk&`ODQ3(qu?b9xb|eJ!VJ3ICZblTxR%
zK%Jisjixu~pN?LhP<_p6pbmDE9`=z}yVuNoFL>Cd`0WNA`+z5nl$&9r5nzXfa3f7q
zX*24nXic14=g-?XP8&4~ZHU#Q(S|s=4o!#n!Z^)3OQ^Lgjpj0jr>866#STK#nv{z{
zt}iR^@Dz`~Q%hg)xIbmBb87tX8u1af{zuxi?Ey6aH24&^gSN@%W0Y@*ubH)WOlvs?
z_ko~-9)h>{RvoxH9=~Ca+|k*!eLE1joivx}%TBX5u)y=I5t|6RH`um8$3ngPH5{?h
z>T%leR`^?^FB-L+_Go_f;iZ1H6q+2UhHi({!1H**Gh)2<*a#e?I@o3nHbGI(qie3P
zau^F#>)uf`M$e;@E_{dI7gyhZ6)FC-zk`crN*}$pd=NAmnjcfi18_1S@j`LcEKmcD
znE<0X2Z#OeNSMVy4U}44R>U%=#zH(i*RGxqYg9Q7%<~X>0<t#vId0^Tt#Vvce{BpY
zh))`k8)?aZOHO`k?TBa)k71zF>GTQ$-q!ILA_?h;Jk=~zo5>Br+HiUZ7}?!z)s$b^
z*KlUSHKd^JDy5QaH<8Sy^DuE_U`6>%QJKF2R{uw|6g)%M7%7>%x+on+-$cfritPA*
zk{;O$`!g0;K{)!#^g7Iw3qxDjP3#gqOhJa8mxljJp3FCh?!sL8FanVyVwZI@d!7>h
zt}`nk%-oYoef%jumt<ce+%)3eyV~^rC({zkB?kb*U;jZh$aPvV>|=vXz+t{k*<mLG
zM^`wz56)HEyQ&qw%TpXll;5Sq+NF6U#6}rH%<Wgve@DUmy?)D;r={;5M9|`>x3N#X
zptvQnKA{A@6BF_Q_=xB4Z3qq^)yrZ50SHV^`78AhgSRQpNL=)ALk+FLhnvj;yWEIp
zOIuFq{x9!P5SIXlKzP3pxeGb=3Q=hklC#NO0EYh0%_`Zxvw$y@)*)6J=1G95#kn@7
zH-c?-b-K34evFMab1H}(KgG>DN!}eDOS~Hy9S9Um9jOnWN=7vt``EKRY4LHiJ_0NX
zON4DTG#^|jGdgX5pF7m#kkrB%BBQO1mr>+~U!4I0d<#ZYsEcPLCo_Y74-+ku>}ASG
zvpm%6o&!7W^{AT`JMfLKu>a<D_%yh)$@goMP>ZpYzjn0{f+0oCEr+Jg{U@evj6%<r
z;hG$b_aYT&c5d)~$7wnYYjE)Q9cv!Zs!d*swphP5H5=hu)tj(NbgC)3WqHEy-X-s+
z49GDv`3ylHGGW)N4!8Kt2lXYlP;!LGm5DPbM-4boIPb^ERPw-gHGs15xu5&BB78e^
z^9Rc@FT!-{-pz205rzkwe~S^Rb^7nhyAx~ZE?cK-<+#hf-y+~HGDJVTmSNxJQ*b`$
z<NwV;$b~`R_|mC?aNleUgljt*5|hOBa~~0xpT$;}Kr3AdecL3A-HRQ;FrD`v;}(qF
z#PfN)7}SEjUiLTY=?d(rtBr$eC@ts$vJB6-M}6#PEtqKc$Z}CRZV|gSi(2s9guGkS
z#(bw2#rIxd)L)<LYw9l3$Em}2K|dvBy;;9=1js|>q($BrJ0Ep7(iO%0q;24rUTz!U
zosrn#HB<hE)3*n-qAwpnPwSIsboJWPCK#B7F~#ZKt~;~aw(r$#B=_^rH0}In-TtrP
z)NLDfyANJP-+VBO_E#IbTqcLn;U1T=pEx<NSoI}h01Ta_7f+%~I>IIQi3mTof7NWf
z%qZ9d6)3ZDMSsea0yFH2F=l+b&vhV)PfX9e>MScluIKwLay3b5V6%Re5~v0u33+hr
zeZH>>s0*_(^g8?wZC-kCy%bKNEFfP8SdZ!p;es{d1bE4ncF7z?EMWG9pB<H0Q`}Zo
z1GhXv?N}@3L-wdYvisHIT+tG!_NW(0YI(lWo)Nko7*_+5#^?u%kTh=hs(~=#%dI#L
zTFQV8_<cXZ5BIp&dxfHQk2*FJB<r8OY!^mR^7_@nOdQE2#1!dH3~l5d^%=^=<#Q!~
zZ~TnCh{llkMZNfOm>zxPyY$YSBFtHj#}!`mCFv5iAzTGfhp*L(AE3@}!kpy%MCWsr
z3iGSO9kKmA#<?-ShY2GPCWR&-nS~a<{vqFMS)K8LNxjwFD%6%(xt+rOu~786T7v#L
zdn4PuOqYez*dgc_^=N2dJM<%$8Rr*aN-ZXYYiLjVjI)`dK3{O^8QkI}v1cgNpW*j`
zW{Ejy6q78YoS<G;^L9_Pi{|5Ti)h{`)Xwh54ii$ZSEz0Ay5BF)hrea8$q0GXfuNX4
zLM@uun%Se7>TJ80Np`=vNn|dy!b%s9I@EEQkrw$M>cmW_%_f>ZjsHPZ4NBe~yhBtc
z*s*HKlI7(2!lB;Iq71V-J5$aRYR6gC;Wt7Pxs?segi5JK^b2%}Q4gKytK&d8$m?;8
zV6f7L>5OoC4^Kp%!Sgl8nkjSo%RqPqATeJid5KO<ps|vm*rj{lND9q5WHr-KXqL<(
zp*iMs7V<HIwgL;e^-LB*CqnOR0|rOgr;|Lt{C2KTu+Kmn{Oz6J;Z$+I^CG|YFsMko
zIs*TPy|;mnqpbGFr_h$tQi}>$#o`c_HffVh(|3}lk|x_^X<llQQlW5%&F&-_ve{jB
zW}Ajm#M>g)SVX~>d%f3}3yNOuRgltx2vn?8L<JG4fQb4-n%;__LJPFI|L=L8XWn*a
zchfe|4S(|K>F&-vFXx=+Jm)#*JZGNSnws9U<u~x~C8lqFJZbp<D!-Fv?q*eb|9{!?
zyxM+41)b|*e57v6D|K6bUG?JrX?#6eJN@LJ(;&>LdicO5#+20mHEnsWVaxwDY<Xe0
znWc@conG}Y9R&PCRy6f%I?aYorDZWDH1(3zA9WP~>*$D!p~cNZjrdptr{H6g%vVU5
z5woHC=`^ViolSwQ6ZtvFrvDq<vWE_u{Y9ph+*EsG;w+kL;t^ABZkj2WLo=4e&ytKL
zqNYB$<yoSyrRF|*pF?sszR(*T^t0;@TuW4*KaF|+OqIPfeAnj=GmB%ZM2}MUPp8+f
z?_%fXT*uav!)YEV8R9+iZQkJ4Py5(j;Z~?^lPnP5vgKupUW2%^&bGIjHa}*DTy`>K
zGorQAHn%fp#%(9x034dP?B_|w&Zy$2BuX~8k7G0BVr<=}N5?g6S?b$gOYyLp8D%kg
zDbpe5sy@B{WTF2duS5U(n-dsH@LRTiiczxV65k~AG%%5d1>!hOO<R69+#+MP%w}fS
zzNP#l$X6ORAOfK+mwpYV*6qx~+#0wB2u*0%vhi;62c3aJv1#)$zG-tq)7Fh&x@YI_
zKTAdoxewB?vWnc&UGCuX2lE9Z;RfG85_&!?`>*Yz_gAJL+jlDq={&>eHqL0SxtB@A
zRD2<cnD(z^OWkt~Gb7k}+tXW#hUbP8QL+b{KE$?RD93_co%EBYbNMWPi1KRB+vQ~_
zKuwA1TZifUGfdy{Y*XVyl#EH+8H<`}uP5~-7BM<Fd=ffp-g>_1=np|kS=qAF?C6Ko
zsdq<pAOAh?DY*6g*P5B45IwP1J)x(ct)z_;VzESr@Ju4QCcWo1dQO+JJ`OZ&**jd?
zV*4vWIwJhfrByov)3%@5L=QKQ_d&2uAy(tkPuUAAXin5k+uk$||2??*VdF~NS#<)v
zNr0TRaX$%ce%$D$0w*$aV%%dWb0M7(H{L4nuo2+*e$ukFX#(z@KOwMrr*RHlq?7)F
z<931t^k$Kln|?Svy_q324n<PW(i=dgS^ndeKLo0FvWKIs(`)ZO#ADz;V&?&})0Q9J
zcQbp*5X!$1-0~W65)|DdvljMN?L7SVrrR){-8Xz{5>PAs<SD0os%hMTAEu2N?CS~i
z^*!t>G}X@W_=YQ~$D6h;Kg^!Cb@;P8$A4<ll2cAG&PEILc?PP}=M>b%XX@Fe^iJ{b
z<GTops>dfi+%&D>L3S?8-E_zp<hXVm#(vtSt?zy{?Rp=|-Bqsp{aN?tyY9EpeG1)N
zd*WSt)2o`cF1)UFG9+Z`fy&94e-mzAMITfD7atE$g4y?DC(xeI@U`prrEefRwZnWn
zE!lqCm|9R??q({Y2{r|3<pY~2Kz{-jFJnRT)@|&};ougwFZYY818l>45<QxIVEBQj
z_TiHh?M)57aZN*?X7z{0eQR7w+w$P1pN@NZ+8yu4k4s3^Jb1_6G!Ii;yYuRc(?8k5
zzBdj1fLB_)>4g)nTfFI?ladpL1Mo1exe8doN!>~Z<MR`?huhE}wA%$>G|{k@h0lXq
z{z)%Ddu~3R9C&d5P2h>%!g%sWKjX>8ZHy=JHj^hOa-Li<un)v6T)_)}&bnQ}?5mw9
z(S{QH$*&w*>KlIW_PtDtyz%TS>7faSe=<X=r3|1Hw8Fw~?w%p-yW-Bh>5itY6aIi(
zO<Pa@+c&BFAuQ)r2Zpb`pH*IqvR6{s0LqH>Jh<f_w4~Dk@pKBjI12yThmDKadcJl1
z+UBjkO~D^Nf8qsO$CnHxPQCWP)eD<8Es>1MrlH>Rn|}E7cSoA$m!CVAEk`dJ@25xi
zQlCCd&U5g@ji;u69UNMHYH+A!I-N?`blxM$+sH&j<twKT|9t9eaNq*do3@@tZ#%q!
zisBP%$@;s8Z)Z0*o;rN%)YsU7_RVzQ9j#{jK94Kz^L8zpWGF5-QF#41c3hn*vsL%!
zY#omJWZD4Qyq6y88A{>D0pr3TZAHV7nJ|1i^CqvJOTRue{9o+Xis>ywSC?M1q|*2R
zKNkh}&Y{=S*mvmpo`b_DPNfrW(kby?QZzr8o$M2zNLI7iMT?^gdHBN_U7ShlGv-Cj
zM9Qsl^|6=w`06RIrT0I}+6QHG8D%fHDBJ3wtkdrH$$#42&KUm5Ki%C<Cx0v#U2{(H
zrt5(TPP$T#4oZi6GCDZNaUKfMw`qbmeGg2r=p!MzeF{4?h~d|~<xg0Gr-N+P;_vA&
zq5VxmeRJ7Z|5b8~^~vL$99cWw=E%i1!gRu^iSRkY+yCK4_^fURzTSL!?-Xyo931cD
z%ccKtj(6KXyvO@T<GuOu-N_DqJU9Hc$>fo}$oSE;Wj`IW1rBh2;5y|k(>obl=UiKI
z@|;UfR-fQ0C*L{jl#{O=J_0#8ak4i*7Q6V-a@ZyRhrRi6Vh(<M^<?4)iN@zo7W1Fc
z_BVExh*LmPd-wlF;1TuBrEQWfXcB?MPYzMH8yOPs8~*+wN*lJv`+%{yWy`Cilt6<?
z-%G>iP~U%`Oq%!On?pXp&G=!;W&AS*KBiNLtk$3QKhEMDy#HyNe<9f{|A@_znnN~6
zJ}_Ky$jy<{bMpJfN#6Ya>IqJMKl_H0-;ciG&F{Vwy!l-@iTF)4pF7FoH%Li()BEH|
z=w11Sliu1lMoRC^CwbGWjC0aUPyXBVKKHsey>rHS)BE9*OnMid<fNC*i6}s?Q@(m%
zcgokrua8K+el*dPuX`qD%Gcr?@<sKACK9In6uD^(PgmP}_diXg)QJ{7DA(gv?l)Af
z)>UpwI#;>VUF8n`GgrA6CpgPJlC$3*yUOkGEXSWGWiP84RxyIZJLx>Hq1vxsO7BEU
z8<X!(9M~caS1+RX6wSDiU46#5klsDd$K^4WYP><L?+>zHwhHCzJL%VR+{zVt70UOV
z2~7E#@`rvuUc>u6jnwY_^6+P+wU_Su!NSA*`4awmoEuQ?{g;~MKAx7}^Et_wvhT_9
zuZeS&GxJ%7CR{+x4%LQhSpLrY*gR<(T3C<Y`<6{VEb8sMar|pu`7r!^fsdWaDPFeu
zFf;r1spAEIxrtPJE?T?)<-dMb8lJL{z5Mjl8pq2|9r<pn@8(e${>IB`o9W%kO}lsQ
zJhz>gyzY{-=#7n1)5n+WyyPpAF$Ya|eQXB3cw^7iGbFkOqQ`yx-z4MI;Xj;6$G%Qj
zhWm7d-0E}pH(Kw(tO2{H5C4D)f!*6q<ZIn5HWnLBMKi32Jw({!!>jLomD98TA<hqW
zUNyt;zc_~c;nW#FSZiT;*^U1x8P#{o_g_c&eF*r`6$+b97=HDqucCDA^|)vwJeMP!
zy4ptAw||8>{v6*^1is_5@n!u9e82JiocMl@<I5kGoKbG$`?XbqqtmZu9NoHchD6tF
z1V3{EL-3W2HiGBu54iA)p1|>ooREbdYhU0up&))u96#e?o1g6hzsoi<{C<5EINI*S
z@1=1JzomKb``I{-->z}l{A;)IQ}4;dPs+egNaSxXvL&)Z;P;cO7=E?*plddMZ5+Q_
zuF8#HxxmktjUQ`Y;P>OZM~Gjijh}3e@A(|RyEe>_WY_q9S7P{mFb{s8mN<T!r7Zkp
z$M~K*Qv7y()WYwYH3GleH!%Fp#Rpxp@tel+`}Bs~`29J3km2_{eY){u?F;;_-7!M^
z%5D6lkDBv?<G1z784_Ky@rzTZm>*Z>#;;l6*N}}LYhU2^r|l!e@1`}j{F(S&b0x#?
z)j`Og3%^JI$?&@*4}SmiPmbR$|IET~rvtyhNbx&-p*_AA3H*i!8Ge`IgRa^5RdW1x
z4d%x06oKFPZ2VaJrvAHYg!n~l{G^KoeyccsKVFaVz1XGy{=x7o&x2p|9~{5PKeEU7
zVu$`4DSkg&ZR2OIcz3U7_*D>ot`+a4!wkQh*5}cGhdF+`4rk-%Snt$r8Tg^wcdvIY
zR-1TVuMLR4nEkPDs^mNzhT@kO)~#+Hs<?LkSyEjmjLX#>#%27R{Ed@fYf1O9vr(TJ
zUV!HIPwKvb5{`a6ZquQO#;Z-?AGK_a{1`>))xtw-WD4V)lzyE39zGEjHvMC2>KA0r
z9XNE5PRTVUz>3>{OVg&>=jYQl%kBv$&*x@_(K@v7zWL11`EUBzJ>dayXZYf2%znFh
zKC|CaC)2Uo=aauXM6YTiuAMr(Xd1I?hOa-wxR&~Zbr=<UUwbDv{g$%)-3^oIOoWf8
zANv3n`z;gRi<?;RJE<o4JiPJ{AAovxVa6*RyxZNt?B#Wg!C(E%jZ~wA6{tM~yttwH
z%Q=K-?b96p=LG(A*!$G|AF|`gbl!W@mKk^A{_yYKILMBD-?!F!--CGh;*7sr^!f$8
zObnPAH_KrlefbTJ?~QM8(w{V6#3<gkVaD@#vk$P-&#;!B{hvg`?@m5I&j44w7~HgR
zy_EXU{wBtsO=;@o>{DN*b7#f{H|?4pJg<NKx;f2T{$KFKOB3jN*!KqKSJT!;Iz{~-
z0}l<q8<+M!VC9c(Obn-AKbXGz)c@vrXQu?W-bc5FxBTxua);#M-{W@OP+$_wS{WCl
z;YV@79oM_>^@Ci_gF~rPS(%kn52yD(ZNE>LtpD8=bSPWxdTS_F%w|Sxc)rt!74u}m
z>r2j(9-45%d1p!E2(M;p!ftQq27W-?-R$X$t>2^l50URW{OBn(!V~UZLV|jYNLGUk
z-HHpTA5$-G^PA7hZ&#lMgBfBlasTuitnt6Gn#TV%G5#o)qzgZPjm_GwYL58YABnSx
zH`QL*PVcxo<>hI2EL^`7-9`7GjIaIlHFW=F)wiS2J!i87j)P4@r>B-OA)MFF+xdIb
zZJTPBuokAgoSwRvYBlbkl%85a-)d>%exPIjL>5PSx@qVGO<VR1FBiDIxc2WqYT8<R
zBDMJOKeG|s``dl=?mYUwe-rNQt+DTIc-FpmYxfOxYnbJj`4Tkta?xp<uVXp%;YloN
zbKZ$OJTr;;xWDHSsY%QM+{AudJ&Aei=dy@K+a#7n&7Q&-x?&PbAMIx$-W8MB5!I7f
zAYlC@wzKdbObT{SVy~>H#P3tt3+aY0g%!IQg->UQutT!wt=@D<71eDXn$~jd!}R`~
zk4=}RUHcNt!+4`==l=KE^7r7WO`EQyyT4>-eC-_9eBMv!y%z3{UO8|uo!P<e^ZBD4
z>`ag)G_|XOo7PiPpI~Q@K8TLau=9=0el*b!olk*&b~}2x{s7HNvxBDHEBJFh#Gj#M
z)WO`QO;=MJ=Q2wEh7L{_^TKZbWM}*A0anVBpU;}6bp73R{9sWUf}tvUt_%Dbq?(U1
z`TJ=O{@gLnZ1-hq_tD|szj`no+}+4pqtOixO{0B=1wqd3kFyiRiQDgY?tfYBg{<}%
zzth7vu=ZAn_EKo?U7|fka}{gvZ#mn0x4XTA!{@X10;0VrJ)O|P9>ti)kBYsPVyN_X
zC~taMuDadcOT#a}LhYFk^g!%`L#OztJ%4c1RX(b6J!|lfXz)Fm<DN>HZT*>oLbtp^
zilSbO@1=k#)RM1h(*~3cVj827sr0@ev;IP>KC^#Veg57T?%TOv1ZdNf@dg$qEjItm
zg{8KpjUE@TZN>-IyAQh8yWv;=j_%Hz;itQQ#`<60M!Kl4X{cg<%ULYQvf9+ofhFuw
zEHODqZ@zc`Oj|!=9ml+SjwOC5v~;{U{H4EhO*MSrTK3F;>Vl@B{^_(B-hr;Zjt-<$
z0D3#I@+@}#%y17&I;l;xG9{_D+N%UiqzllRLq3M?qfGVT1-QEZTWDlu3%yo$D*ivO
zX;SLj(6z5O({iw+X$vOYgt;xkY&nrCeCh_&&|29$x{cP=RWCAb@w}L&rTjfGA9TJ4
z=I4Loq`ZuJRaB22Wcm0%UONdS{EWZjX*Y2ECW`(2M+`q$qWl4>QzPOX9i+`Kv(}B}
z&DOe+z;c*sV(W%FpXvQg|Gj<^G3<17x10=)EvMJ8kAF?z`li|m&E}G^fGU*Ik};dU
zoyFFK56!pr{;!^N=zUr*9QS(m*!LdFh)>=7*sEkBANoB$^iyw0zn7hu$A2gPx;Aq?
zwa&SmH2l|^!<bIH=zxMqaOi`+p$<x9dzZcG!QL+zzV{W{;!UqVQ=E&s>E_pP;V???
z-bA<Pv9_uguYJ7kKDvK348|YqpU(1D(nihD=G!Knz+S>^oY@q9tzpaXv<bWUHTJ}u
zC_8-mUuimRW<Tf;t#1vCBkSqB$FBNcns7f_d6>`~@3SP^#?$pY>ClYQ^SQm+YKAI7
zQ{_0L0rOqvG6_5N=9j6*6Z!AjS3gXmEY!j7dY-3n4J$I?*B>^G3GidM?`3A!?!v|W
z-x2XYGLNKp{@(d}=kJ}rcmCe_d*|<+zjyxLj(_8%6I{O&$+!^@S4b5V;Y31-rwsF3
z!jKx(n3@b3s$4&3j@+w;B5G0&#UipEPbI^uA0;mjtqX}t{HwFp1-K&0%H3L&Rp^Tw
zQ7tB_m_MAAR<dhW`NW{n8#l|FKb+-Pv1^&#BnCBB$129F;zN^lBh|&q^qTatZ>~n0
zR%N!BOmz*4;{2<#d^@gWRtW38p`^u8@x#T`b26*MyDkrl3jC|Hcw5)yYS_@$sTK9!
zW06ehhJ_)0bz`U-qO9(Bj{h|of0^<!{Fm>f+h6)l`uvyp=Z^Efo1Rhg-Sp+v-%Wo5
z(7LE69`A{&OPC;arMj1d<NXN`l$<xWKHlFC9GkV68jKlgvO5%3=gk#3#gp}MTwHGi
z`xDWCbfoQ6Eoo8v<H^Ccl#xgo9Y#_O^;0yX`u2&^@8(L<DVLujo&LL%rEOEkOHaHs
zQThw6HT9n&9q!@sKVHx`O?;jtJ||>+n&l>El$$6%tL1^DW~kM&`K`1}PO3&K8B-(j
zm1;8nVcZBu<2n^-33S#~1Y1{Bw$!x-R|Gmb{Vgk`mQYOVR&}G|LN%#t@mRH7<)1sb
z9t0U`q+<CX{a)msE0^-AS~hvI<WF?@`&A=UE!W3W(TE(28*(C))K!_TMnXnN4(alM
zmQ>|<QYI$L-SK39$nXQ1&ZGv^j5tSEHhNWA5A|~?l#Kz6q{&fAi|K08zz4qbBE2C)
zj>J_xHp`IJ^_q@W&p)3dr|{CCLP^9?rPMdK42@Y=Wp-6AkxCfO-SJc`;+HCCOY+H*
z5lZ%`hLSLna&4_VvvfAUP_{M^*Dsal$V8Un*R?B&#dFYRM2#5={g(7(xRQ%cr71p@
zrufhok{$(WMFoCBe*EFE<iAo&NdC)1Ny(2E=u_=a7=uc`s_UU1)z8|J0(7l~Uy>5>
zc+|f<r9~qv(0C~^q)a}$R*t2jQD80wyBR~n@rVjB2!(r99kVs5mdlzUr}R`P8Xd$S
zg<`rKlDkqpa=csaj)r>J@M*Cgki{DC5_!L5k9If6=fi;t5mgT-wFIUVV^UX0=knOu
ztLeN@7*j2TQIIhX>oCH4IXXAwii(J)1Eu(YV&0GkAUP>r#jp^WMg`jMF=wnS$$CN!
zYu%bk`1flutv}T-s}YS2t|SliYT;fPy%LT@2Nw&gWJdka`jOTbC0+Gnaw^sriw|J6
zz+6c|*dgd@jOLJE(hXeF{qeriG6&oGLw%x6Fx=?H5Jf|zQyII0F=!I%9LhQpAAtCa
z!N3YZRTNeQnjYfom*s$ldr9IID};tHPMqCf;UIJ^>Qjs0TT+cDNn>ZVrpNhwq8l_t
zMGLcZIT{a#7*`;_Dh*?jCYqC!1WnI%TGD`2v097@l1nx{S*fI|YY@c&;0j_wu|ZC^
z$;AlJC#iGcR0@PEf@L7_qIgQ~XDbIQKZr4NmE^;v#%QjEbRB&frpTdoYur$6>KxTr
zlU*u}pt?R3hVDwL-P(GZ3sjQNJI={ih={MKFa-gv8}YatN%eQhtV|D$J61j5qGGfL
z_`vFNsp{|X%b_kk9!(i4TPn@LE|WtfD_5knb)hJ9h+L`}U^rH2K14tZqerB~`pW#$
ziVzTCsxY2F7f?#6eySxn-lFM@g=j0q#*oct+`!~gNe@V!z?Xe<imcEv<xGCeqDnF}
z;FngLQf;;)ts&aXk+O@HV~B-}5i%sWOgzBa9?%)1rquNqIxHk|KPoxUwX6B9YjL)g
z$`Py^%+i3RP!E*jG3YE4O|SrZH_U9I+7-d(0B5{V5!4D{=TQ-pgS3EdXw1f;jz}tT
zkL1Ty1!E0Oq~nL`z>{}mb0G^8GJ>>NIGO@?wEjdqY3RH?n)RgmunO@;Ag^5-Ezkl3
zTY*9kG9${_7B`!)bacm$sXdqlA#UzsS|1Z?y=bjhjV2@y1)j|WZ&I=l!i9C*0+F0T
zh94wDNsWX)6jg+>rs9btmQ$rWsj3QeNi?FwFfGwUW)+Sgo5Ax%Z=tB<Efl!i9imDD
zp=1n0txKeYbXD!A8Q2?I2Tek%Cc?A_EzL0KlOz)%E-*rgnA4Q>g)BiEvBePopl|pp
ztb;dHn&v$fio{V0Hfay!SjX4ZU=nm|3}zTgYlgWjVWMjhA(u>jGu?(-{ZyhSPPkBW
z8njm&)43ujIhCgChe-=3gikyewM^{+h0@g!ixPhcQ!C+AGD&*JD&;5BO0cQgQQ1=d
z!Z;%#p?iuoXRv%q5WPVzgIyL&<1ttnGW3<H@B33xLrc(t!dj4>EtIobM1Q{wh7$kb
z?g5u5wFh?4=wjsPJ1HP6oU^KD<v>SSr^Taey;J)29w|%iwb+p&Y}-Vre^kgySTV3j
zB$=%ei^nSXC^1Fvm*j9LMob1WWG>nB)v1?2Z9JP8a?)~ALu!!P<$9CrMlvDHImwo?
z9@DS0TLzMbZOj{(dyLgCbaEq|!EC=2)w;xzE16hGZG^6vV-{+Jj)fbVr?xHg!bOeb
zM%^SVKM9?K32p_jIp8FqD;kRR`CYoo7JY*Zy^uY$R8CDMK_GX8q#oG+{rWoHT5Z`~
z;U=+FHxW(sK<t>_Fr5jz13i@><tp=1SScBC&Os};*@A|du9T%Xvl-b^;x$}qEYuZM
z6{-Y2DMk`zzck2{y3o6rHQgZyxz5J(2xW!W^zJ#cd110kfrembu&q^*EYrm_*GoLB
zaZB9`GcSe+TaPm&OFFU<T}?(4hDTo8wu;cYR9@BI*4d`e`rjc<Ud5bX$0c{8!tNjk
ziDnyX++2>C#Z*06hUvSiuCuA!W$D(^C0Uj`gqop>w!(#F%`IV2qN|}KzCn)ARK7p4
zI77>~ga%!c##UlPvtCo6ArlYsi3T+2HfoDu!95t}d7vA(rWla|jWI5ib01c$Hv{ox
zAFXK)dWDBrpe^1Zck*T7eTdZ=psP;I%L}x{9j7ck<x(Dk_yR3~E#W?JrklBCOut8D
z+v6ajEJMhndPi@3KsIk%VvCj5U^RP5ZpbvtQIq*cEFj~mCT2)&OQ55pt}&o=UbHG8
zs<o>j*gC9E1=mid?_e^MjhSpfQ5GP*I~nhXwS=C@<lz<!p}_+|WZ^)2Yq3yru+V74
z?PmC#Vg{CKVMfR>H?KfLT}&%6dl!8>=WU!h%UaT!CyY&=ZUp;txk#qIfmu!NA-T%T
zK-J0fD>R*)T`)tDO(2N7%b~?Evg?IrIbSWXYQ<yJTsdQS7(QkXnHAw=99Bse#gnML
z0*%3eRYT-uW8nGXY;vW5@bE#+EjLUu3UppTZX7|z;uRjtPRRJ<Y$D&jOT(I*92D%0
zM=hj|g+s(_>eUGKR5I(aKtqX;26g6UsyEwO;{}>>awQ`=;Pj_So(n0DXsE~JV}=&4
z<?WlxBM<IH)Tq|4ku4p?R3e#Ur3&;yAyYG2$(%YC&uXxG>`)E4G*pOx=HPXuy1U6}
zv!%qwom(Ddg%&XqOg9Q_<zRS<dF0@6VZ_#H5oUMubvhak(NCtB*_v3Ofh=age!w!D
z$)y6Vgc1qZ2YQB`!B>42XO!b%zWRp?A!HI_+5;7F;zPM-*)=p7^c+K)IcVG<@N%7a
z)G6PXx&#RL#k)sfT{z=tm}@Mc#Kb)_q~svT9gxaI6uLgDlWoiD7a9}b>2!!q;c}wI
z!_kGbkcy6-VP#xkL2WhKT_G4F#>z9oHA2!Naqb2gxKRM34%T`-bZ?M4Foius3|7(5
z6`qZt1P(cKW5AAeA>F_V9i^Qjw<k&D7h0P+^~{PR6-yRfsEcCB%r8i4aO^_S0*zQ<
zdW;uS3Rq>L=Ei|ze^(9_Qm_Lmk4wO0Ns`ITW2yZth{cC1BY^1m8_nTjX1eHNG{-6d
z>nUbv%%sX5u!1u*WaJqz6JJ(rKrLwG@z|>xim`Q->#yz<W?(8Q*baA}bzm-e*>P{d
zdA7ob?72H=dYR_#oVm4AP#&#NeHV`l`#B2-xY}fHQ!*6OH44oaRstlDj^H`p6%mS!
zyBv;iNbQQY_LjO%QJXZfjkU|Y<z73hsuvOf(Plq)Z)f#{!?Wa4<~j3VK^fU;vnU8N
zt3XSoEgD(M@oq!DP@_#$xx+|Bw79^qj1Q7KZtSezLeU`W29RMz<x(9M3Ph0zt5^e~
zKx!fXI2<k$<HELW+4^ViDu%`0f5BDL=oK+VN)cdwAdh%x-E97uxE7kKaBj@thEVCb
zV)8Hr+0e0Z#a-?Y$>v?L+6Zg6P`{4F*LEaq9~wqUz}$(2;TtR5AQ2LV(j)1oI6lme
z1VuuG*CwzuUFGZ;8E+-P?&vg4!ZeM!)Fwh~Bgk}_M&JTMX(gadG&IJHy#dlHqCd;_
zZncAeYNU{-GRW5Vu28rSN`gE+iayb$1hfnZvF?}n@Ud`WZQ!GU`qiCv%PlqIwyk+7
zh>aRf8ALNlFjQEf8QDtH1^Tz#<b{Y6aqYrlT!jNyBI3z22xy~}Cb+dh9N_`Mg6pP@
zJNJ-<D6vfu+b6NSj(mT0R-Z(fgLOjl2-zk!7vfJ{OQ4oV|16~!4v7tZA?2L)6p=3M
z`uCHi%{G_p1{{N?(r;}f#;ILt7Nlo@_b*2@vXmh@wQZ|Am4;xuOhR=2QksKQU|CjM
z%+WO$%aBMR;d|_CspmWQ<WUq3MX<eedvRelrWwLCeTnEu{Rd~jlB#9}9Y^A)xpvk#
zmAnHIun>3^Hss#;KtX=fE}?UmpPSDdLBGt>)?&uUyb8W?Er`Sd51!jZCgQp#Y{vpk
zIma|)Is!J5<YDvh)JV)Iy_YOah76Bl@)-zOjcS&(7K)-;Ot8r;)%>czoT-Gc75y*J
z&J`&j4P62jMZ%$E1Ycnjh7xp5ByQ0qBkV8esRzjVrX(*^OmY<-VHS_I(P#3jP_S9d
zOPMXoX5v&L#8M}#*&Z_2pYt6FaaKWde_O0wTurjI-I+$!8)E5mT`Jk_i3r<sqzI4L
zRmy0Dna`|8zr2dY03ii^+)WukqkI_HK9#E<M~ebsvthsFo6AYD_H%gNjwimpszL}`
zZ49aumpVcuv1-_)CuJS>5yq01OKx)l^?8+o0h1?pz<TL5jD%iYX{G!5BkH<J6N$?B
zI!cC62P)a}-5*c7d<L6#K7M?;F?Y3m^UAF>G@{sA<7pMo;)_jdD$$b+;Vw)3;&Q?E
z_~@=-w?6;P>3wuKZKvdsH|sz-)TKwOt2+!brPjcBE#+2_Vx<cCNjH_tB^4DVW%A6K
zGOrN849r`cys45hX*pIUYmZl~uol|1+jq%iN%loFy-y*Y`6TPBv^r+mKN{tOk`2Pt
zKTE_S{z_-F%-D#+EmO9KUs`77y`vXOcX$4zM0V%ze!lQ3nb&zrIU7x175iAhVrM+z
zvNsj$vlD?ac!I2m#?$xgj5;gN&D`vc8>WE`((UXsp5V(|I=^J4eTb|@GfYiJhsfr#
zHn+GAK~aehL$w^NY~wzhU*c)Aerq1B;Hi{w0VQX4G0Qi#?`342vaDE37MVN5HeNC#
zbA+B26S<N7TrW{dOywn%$<oUvO>$5q(1ckAv}4;*S|QeAUX|Di$~n8jaO3#G>X}|r
zEuX7Pl_Gv1k=6)TQb4Q{hLzM6(zUR{vxpQ@8`af%stdoRb5T)IuuRLPR%YtCSEkD3
zWw=b4#~Ih9tSsbA4oK@5G1b*divs$hQ7dN}9I$1XjWq@bVkWWha=lXD)(~h6v?`tL
zb@c&PGvr{IjfjO;@J=@()z!SH8FFFijhN*MPo$R0WSU<ZC7wl7{jpkSN|AJK#r%aj
za~G>6`P@jwxe@jeY+d1ET6MMPJrBP~A5|<9+1nXhbGM~*z_*LxR|@7D<yG5RR~aS6
zD4D##nh&+FLQI^Vt#2;+PR3I`y|j#xqbbVqEnqvz*xoOQYF%s-2yzxxSq>XtHiY5q
z?@*H((796WjCU|pN@wckrAV0+8N_S`nqp2?EMr*-D_~!X($2zd36c72C$_NQO^mI~
zP-q6<G$+k)nWVbiYDtYz`g9DFMiSW>(z)wg&u?_FJZL!-ri@DRuDdDGsUIt(|Hz-Y
zm=_?W!2$_tG9XD8XSFa-i!T=UmyqVa5TplN7tnH0HIMQ`=FOeAU~W~_qN@3D?F<EG
zMXv%kDcE6DEzX*V!7wgYg?mFua`QDq4~7GQjyk2aW1&*D#0+L9c~(EHnyR^+!%b*4
z(Au$FS;Bt@t_XC5(8U7USqrX23-}jce+{8kD?63I>L^`N@;^xcc@wFr^z=YNOQ@xo
zVOmU~uk0~^iYn_ebgk<;gsqPyXq(A`c5Vd3P%|_3Oh0e3P^R`eVb<dYgO%CLot>mZ
z>t<vmV%gH7OtF}%mpS_Spl+!Bm{*WR>Q4$o|3(x}kifZx618a)TxLr@X0Av>w^t=g
zmf3ov(oHB<%t+8WfFVn0w2H0bi(fad#=>7bL7$r_zPWz0NFRJ9zF_KF4_Ux;uT|x_
z_G<zk4R&^P(g_e?7k+mJ+FLq;jVvuZnNmM&wjx5Xl&BJ8x|B!+9{leMb59y5554Oz
z-~Y(T|Mvb}{U?3qmCF+gzY*Sd^XDU9nfJ+O-gV2}za2bl->-lF$)_Iw;+*E~C*OC~
z9ao=JarfTO&UoO4$f-MK{7t_7@}?{9`TOtc?%%xeiKjoX|M_S8KXTU-uk60|SDP;U
zQuMt$zttDH^7XEN{P|(^Q*D=wJMF3H#BjKF+8eJ<owW5Qa;)ZGPSu*9ue<Em$t!yP
z>zB`;xU}(!@hksv?bOHn?wb6KH@<b(!swU2xBSV6?|tU{*MIOo|1bKRd8tdD3p_gY
z$=_a7`^($@XYNxotEJz4<eHD{`N<if#~!%rm2GFAv+K?a|LybNe{|Y6?z{Udcb`x?
z>5~(b?>%+OL%w}e?zrx%c;&mBdp~;HjL;8jE4sJeQ1{z)6R&t?+z;f(zcl;QU%#~F
z+B>fJ&|TXne&hKEzB>PjyNCbl;gi-ccwL%y{kKm3!t^h_>ks!%z5HVpwf&R67>#^(
z+$G@`UinC0Usovl!QaePuWgmO{`TVMCq_4XW89fPd}Y$VuGuy1)rX$CU0t<r$9w+o
z?)!(X`s6)_pPTV)SFqyg)Bk?euRg6dKXK@zq3^Z);v;ue8`2MM{^Q(xpQ!uBa~JIS
z{BLUecm48~L$5sftIPLk^@pE|Em-l%p8tL9?#rImE5<kcX~v23mFCI+{qR*&pIv&z
zgjN4tcfzbwPn~lAC*)HeKKHKPHFsVcmrs78`<|~pANs|+UjN;{eCgq*%1XZU*zMcC
zwP*MHYVW-0<5Rc!Yc9EO$NxsZzf<0H_lw)_eBj?t`Q!Ez|NZehjPn|Q{eRybc>F(4
zpZU!AO=tX8f6tWg|Jz&>xoO$u{Zqen@#R-edGuY+|7ZH-8)tn-ntaDsPTJUT<FuC_
zzj@Miy?+~b);}Mds9n0I>)<0j>NQs^ioSpE#J<?NGoSe9@8|q#%f(kded^CHc(y10
z+&!<q{?h%|*WbV6eZRi`_REHEe)7qyZ~W!gcRl!<CGCHEuI;Zq_x`eH%@4l$?8Li1
zymHa^nx39B^*7CDPX6wJ3r<{g*_Gq#e)Q61&#iv0=UXpbAFCR?Ut96%J426rU{m)G
zzV>+h+(m!vZU6khDL*^0amu~-oN+=)<;)4I@2~m(k4vZA_r1?uylu|-%kRA8*7TkS
zs~&yquA#3yRX*c8zgv6zgOM-K{9E|X|8eu>smV9?pYZL8C;!KX7rkr$wLK>#-@8Vd
z@UIs<@cGlOy!(&enRCa6C1-9w<;&MU{<*35|N2imUi$4-XFvDMlqVkl)hCw!@rl2_
zcIUIbu}x2Z=;vqL|M9gm?>X>?f!pH)jXS2laPg#1CN7_r{%Os`?n|bOdw2RP>Swg?
zbiMYgbYCd&X!MNrf1LcazdSy5Pv@rbtq<OL;(4K&J+~e_<FdzE8nxgv1F>ZnT>i`N
z{PyA}pX#3S-1#rp{AO{-cYg5gAAjZE-+k=S?=|jA-!=Dxf4lF#Pd)hkpU%DU&W>;1
zyv;XZ(PQ7gapInzm#z6-=L0=Yo#Vf<`_8*B2<<xI%-&0HniHSB`2H!|zJC2FKRWZd
z2^VjD>4XYqLpq*4TMpMpk7B*x5eL{YP{0(}vM!eROUg;XmiYZ8%zj|O5=v>eBRS?%
zILw;m*(7YiB@F}<R1?OAcw{7KZ_6-0&<=7*m3{`5`PSz7Ewpb>gs|nfJ|2y->iHg`
z#LCF_B0FKr<$c(4iCxa#?`sfGl^uP}c?&Ki1CAL|M}YN$1~_`7f%&`z9V`aq#kGvT
zx%GfR_BHltUcbiu`7(cbiuBsYzWTY_)6ZXjdwS<*Zco1#&<l7OzuRuOJ$>otIQ+|h
z+@9Y1pD2UR$X9Mp{~Yjpz$LgQKh2@(soT?s0G;CVv$(eTncLGZ0Zw|F!}4eN^{1ZU
z<(i(dKLgAtB-4$oezr&2&5cIC6br@j8#-*sOp=jvwz<EpR4jw7robqnjcLW)n1%<D
zS%fULXhs=WcnUXDt#4*JlEdg#*C(P{STmx7et9)>Boj+ls)OVem&+GY;uL*dMvs#k
zz{4-`2TLGWAzji3VGXXAMASlRg=xaBIPz*;_P#k8t%w?>D$f#iYUL6hbt<Wu1-Chw
zbz?r=FyapLOcanrZm3@_ZQ$FS!h2`UiBf(Mf0!q&j`fEO7WgjNSmNg%u6R6->=?08
zXi@@`iTNYtGJCqs3tPVwFt?G#T@e@2C<&h9&fSQJUDAjrDx&H-HEMSu9-u1`PE1Le
zpY$5T)Qk~9X{C4`EX(v_?2W+!q#|M;(SeN_q2Q4Yvn`d(Uvr~cvmT4%0T3R4Dm4Qd
zvo_8G7N+-Rw_IXII-sXZ%mAm**-16Qo}(^tU?O%t86M`NZ_eG&?4sgwBizV@cqEZO
z7D-mIIY{A9LZe;fsA{kW4$P)|Sgo#j1nRxTm5G|UlEh<byj%AR2NpKF8iglqQden`
zR%sGdmeoi+=16wU+Z|7Pu>46BRw+UnR+W^|y+pcP$9yJArMhSmb8V1&rQBI95gYhU
zrfNdd@MVth7lq8{Wmd<?ptpDmcXyV-pXZ9HJ$x@IqlVSC$^Y(9R97A2P9}c|8)kOL
ziH>+CEGIS@1sxZdOKs1Y+)ao_!gVJpt|H*67xOIE=D_!Yj<!}Ioi=wJbJ+1rr<grD
zJN-Ze(98$PLp?o7VytT7n~E_vIgwORRU{F4UgU`b&ZpX2<BmxK#(UK&F>RqXvAxK2
zjbG}t0(!&>@tACv+D$=uN_8;eeGoy;KDN7%WU76HR0^gF63=FO1nUrHNIYpMC~K%}
z=cbfJr8Dox)B)Nsq7`b5Rn)|Y(ul+})XcG^r<pqG7MxvrbU?%)?LPcc&=wmWXPH$o
z3u?H(ixP>&L(f{Qn?x3CFv`dH!-S4vf-_lS=_b@uL7B_DGyY|+{9R=2>e=&^G_i<=
zIrJK#X_3N0w&vDKxs^r+=0`z!5;HGnBbnvoQuYX$wOJ%~B6MeOSQ|Ywbw*R3+T1lu
zyzUd*U7T`HdM=tdJ93oq?8tGyKu7L-xt2n{NatAzZP}o8qrk$-%j8>D`I^F|N4J+F
zKA1G>Y>H;CN^+&WSy?GtD^nK9d68p9MnEVl$AZI@x#wQNaZ62VVaId$uF_6j%b%1k
zfRkA&56co^r+H)a#!ah&@B8R^tQ=O@OvK1&x0zV%uw=~OpuHF9n2>&X`JlP%l(Uo~
zYAHooZDQr;&rFlq6azV_Sd{!yabkw<=SgDLZI<a^SU6agRbCwUAqKgctd*Msjdk@G
zDeZxetPZvZ8cajVv`?vJIU0|V`H+Lg&bZuzB~+MFDoD~Wz#`MYGQuqkgcYf<=YWW@
zwQ@tCIoJ~H3^cINy8T!O;p$<fQoP-9*)X3%g}j+b^HBMHZd28%UqhxMp}hc>&7@kp
z!hHYAFPUgkmM$IEV?LYO9gXAv6jb!01yWZ$9+ep3?8^LklHRSYS0mOJl+ncvUc)w!
zq!M#$OqXYg6~y5)fi28%f-A!}WZ=HhSg0&j#&V33Ds30=XC7H=VmrjqxVfclO*_`U
zs*4>uhi+u2t0Xhh552ld#bPRjP-r8@8+S7QfVvB(fJ;NzPrN{yR<BwWXjkg%Is$%q
z1ucin`Ew={M92k-CkP?2EeaR5(%c=Y;JZV5Wh5TfD|KU#?LKEd61zGEw<z92MuLY2
zCXS9_`J>#)=Bdb59o=%}SbCP}Y+BZ)SPWfsC4g}~E=TLZLYuY~j>Xd|PsV>T>?+52
zP<;$cXywb9!=I-kYviQX(`yJjh#h<qLA@}H8@p?l*&vskt6O>|WFE8NSZSpTzH~==
z`oG<gz6hV20g-4FMj{z<Bm<Hj>Q)tI=s;!^_ME50Hr22qDg4MZ-Mqj~s7i)<`a|5y
zaa`_6g_03|6^aEbB716#oijy70sD_024SHJWk3z}af4Zx9Etbt`=&e0{cojLe3G-R
zg_We*O`$02yVpjT2N2^)UREdFAToL>+l!JT6v|UFbV-ZR$#6MtqFR?00T*-MhtH=1
zyJU1wS%)Q*LM2KxbmgGrI>duLI-tbjvF=nX%vUBe2UqH34{2v{-!xjY)(#k@>{ueK
ziH%&wB)&cF@3p?L1J2k<XTAJ?`$9M@VVW!9Fwg0bm)0`XYCag@cit>;HdrE2X(gIa
zyPb4cmwiBynZ6UETuwMETwj3#lob!<&@Iyw<j?flE_G$))nce&3?#ZViFV5QR;9%D
z=J^`IFVCN+82sC!1qxUHOYob0vO6ieP|7UTn@oXl1KPXK{vMMW+u9nN0}4wWSiX9N
z_&wjgP`A9JS*dRd)UT8p>YG;b-wpf%=T>#K$u7x{@v3AwYZT_7v+RT^#+F4E{xId;
zGBo_oqq^AnSa3$e5DZpbVb#rJyJ(T%OHZuAYS-0(*b_EbB(N)G*lNODWwG#d4I1pA
zEU}`SJLNgrsjY8oZ*U(tW(z1=#~cIcXhMt8^1^13;cSmT*qeoU_y}-zRI86Ch1D@a
z408v@=R?S==G7+>*1?N`<Fs+FkHWsaPMh}Y*3rg&n`7VJi=KH4>MX6!o>;PC{=wFc
zxk}Yy^K{IJ`D_}R_H3!@Ji8^w#=!?(ydymfC<Al?8vc4m`ZItQKngH>{P)tY0nP(N
z01an-FZ~%n3m^qJ?cDFB6~GKY0PxZ?sPo%9(y!t3Ong2E_`tL11D{jynRnFAV*zqH
zOf%TrRTT(SEitoG+F%_-qm<(pyqE}gOU4pwrdaY(wZ!C1gJs(WR&~r%0`q-J6?ora
zEM|EFF(Y_Ehu&c<G1r9Pimr7uKp2|Vjs?oX_E4;EUI3%C4r5dl=+7J5=+8fD^vN=&
z?UPP6AD7CK64cqA+%kzHYTq=CO;>SwnFLz<+0$pP8$3>-suHOyG2JC{j$k^$-b<*$
zn7Sf`-pG=ZnBq#tBv%?XH-@<FPSGjZXPWV>x(^1wk1xMI_lYPzt6`s9UF|d1Tc5qw
zR##hGwj*>)vy#AlCMCY|oDKOLM536F8&!1Cmz`Da<6Q79%f7=%a?&9QA6|joYdMD0
zt|Xi+^N1Z%v(`1nB2=L(lrgGUOM;?BZ2tN@+Hmyl%WBSjGpl9mc46zvK9UpG)fz1t
zHHEuf?ZG0-{kGCX68^kq43=5aq_8X~`zIaux*o<9tS_nuDe_3-FRiXtU}ibSyF)dq
zt2>xy(k?328RUL-!mcgN^&G&44KsaiL};wtxcD}1#5D&(zOr1+eOUI!%fyJLrgbML
zQvA<ssZll9nnohBBA#3WH^bibF3<-3jex*%=3$o=cv`}olo^vj_L;Fj`Yt9yp{B_A
z<FnmVPC0p6Etjr~<NjO^{JcbC6h^>i8B~HflQgEIXoI0V7b|i!=gA;X9(Yj59JN7s
z0zsjgF60;bn#pnN3y?o2^{tMHL~=WE)H$#CY-STHqleL$NF$p>-rO;(+8A4PZKP=i
zdetsGDGN<VvHp!@PL9TW9F@5^O7n0O>B&EMBcO;2Ia`f6QY75AC63jY!W7;^oJ&7A
zCH>fhV3gE>w;Gt~bJ_sj9b`5%Qg+!Doy<7aDL+bUX2G?xz?>YJ{AQzCc*V^9mo-_B
zrLlao;z;Ir7H7R?M5f+92Hub2>gY*M#x(8<U8zPZC@>Y(VyX2N>z6E27A>fVCydH2
zEmrAemntGlQxVSr>GrKWkL~nIn(i=urJC}i>066?cF!COufpOMdgpr{Vc|pS@>N$+
z&c2^*rYQb8-SjR?%jmTUX2ynD-f<4HnE{lb<LwN?OkSm(2=N@U#7}GS>na?9h_xkb
zJtIIB0;pTcPVO+HMEFI$Rm&wjrr86Lkq44-cE~uU0}E9Nhc(MG<L;g#7Rvk$%SS2o
zIou*&S;kSA(&TfrZux9s<CH2b9renEf%Y=uk@ZVnRx4MXH+L@Oe^}R+;!@STtSRDf
zKAGq0%kV*KCZ7Wd&wOG(izqY7s?@i&c60_?gPlIvy;tG$n%`Eny3Wq_;PTa-0fp)+
ztJ;HY?ZM8A=2_D-mwxebbKPDoukZF^k3?H#=$)JnuCt0G2!H`~bF|z&-dQ6&!a!yF
z%CQrw%u7<$LZZoDv_}|&1-kQ;szr9ac1+=9BrrlMmgJ&B?^tX-CnabYF%Juo>KMJT
zGkEB3NmnSM2z@4Y=|(_kgW9bJyy#rekqE_tD`^1dcci+|YuD(r`OWKnuHw#=SLnE%
zL3=I30+Wn5F2+=&(tMyl)fLsk8QJ$YzIbPP>R;|m{|7$*1UPf<o#_h!K0qVj5x~T%
zJJV0#^B|xP-@gek0AB>GoOfsX6M#;@0N~68s1NV~8UgnL4ghum_5#)}yfgg;Km>3d
zVC^#e21EeY0ct*cXL=o=0nh_jdp_<1B7o}vhX9M}?o5vd%mO?EIAi&p>F4oz5<btY
zNB;mHpb=2B672yR06l<b0B1C#JU&mt=WT6wre6ST1MC5;U4{Mt5x{kTLx4peL4SZ*
zfHT*ieSi<p2v~a&$^#;R>i~xUi!Mfaz%0ORfENJU0DAyaF1<6o0&p5&G2k}93xI8a
zJ%BS6v=8tB8Uc?0CSC^q<MSY32;Uz9+yvMG=<C6F01Utv0dxB9Om_no0M-E3_5(ja
z1aKW-Z4AEw5x{kTLk93o0bjr@z|cmt54Z`i19025zz?tuum|v_MCIpG9=;WjpSQq_
zS$0tBN~DRU640KJ6_%e{T)PTKjDL}B>KrltMYgMR#P}cmwoY;2zhI2xzi^D>zvy`4
zf6N55t^^5-!_mMxj?~+Un7MB&YO3B=)XaNZQ8WLzQZoulY;jSKM%8&H0W7Y}@n^Un
zfw#nlZ0;D*bZ-X5MXnCt43djnXTBLEkE&ul3gn4q2d4r@Knc<D*6@9ih5GXUKPZ#Y
zCb!r%$!ODC>}q7R>3!>ThzI6Hpg;;5RF>-F=bnhuCW2zeHK2{P*c78;Mcm4}(8gMD
zDklNO9i3We5x_EVgOqX1PIOC-jqqkw#t4j!pk_|2i&|LbTe`B{dT7lO81Z<-SP4YE
zb9AK57cCsywrv{|dt%$R?TKyMPRF)wPi#!=%+0*N@80j9XLYZqs;kbaU2FB;b?Tf+
z0%CeG{6c<Vtw<gn?~o=m*V88`OYS$O+NP5N7cWW!XYAh+IYdv&lo7Lt;j=-|@0aLE
zmq%m#9Y#anRX@AJdZCn=^+TwC-qzHlRK&kfyUr2ke`d}gG$qo|nqJ(}@JugWWa|R-
zzpLmrjn~-buyotJT#lD-ZcqTikU`<m`_*V!#qHpl7P!Y$f_k;9GFg;fvXFg}Di&3P
zsM`Hz@Lq-eFw~nbSuIt66q3ZA3WL{8E(rhay8nPBd%|Oyz2cU*D3!HZAFaJT%yIVE
zNN|-yL#r#-nur}*NHf(rS}{IWmH009T9aHL#%}C@ZT}sqd$$~(t3i@T7i@w{OYPjs
zf1ttX##PA`&hxxyKcn<nFnJ(Vp&vC|1If?_Hv&83>`0G3*>l`C*Tc|&N2R9I=v?@A
zCRdKqSt-Lm?}6#Pn@$j1YD4X1<*iUK>Q72cO6H0vI%JwFnLp(6#8-h})12ORG)4*n
zLcg-d8(rtpmTJePPql|yp}B2D1P*<SWo~djnKpZLVA6(j#|_OCrm!_ZvHEBbKTEQ@
zT_{)e?gb&Q!`UBkKYIdDz{8r!4UQ8zNXfKNXjEH2q+4Mslx68YqI;(Y))_gb{b>3t
zin666ANNv^;YtN;%Rjxon;E4x`C<8CmGL`eDmh15U@QfNT&yt!`DvLz-?}#0M7k;N
z=fOkDi^=+OkywZXssIn|f_pK%=}D8v?P#u`n*HlWir2KLBBH48irnbSh88K>Rl#V5
z*L#}h*3<$=`v|H{DdfkQtObwf<nIgJDKFp*qmt^dS6tN7f<HRVm(f~0_GUwJNdi-<
z8;&87!eMOD#dxzBv#Ka~`Og6AbkyJ=*y!@E=}xCG3CUDnFwt6`SP_zaXkW16g7CBe
zRymv828Bds^h+nU6xvs-5_K(SMKHl?))Z0DE-!&2qf$QD;Y4{-Z&b5NbHR!G>uQ^I
z)hpK+dRIQx7Sg#fyGG-&HA6e;LYZ1u{u#|AUExV8Bf;AY)i&NtfQ@T2mk}u&mOQpf
zQtm8?W1y1k50mVuM2}wJ$)U$_Tpi20>yN!Y3H9bEr;>*j2-*t2;0&INO)C4fQ!8Th
zq9nwvn#5NiiVJ~GaQBug@srt@TCoXI_V#8uODGqYmR4OCwAYzXrJO2Jnid23<AcUm
zEGg<eGjR_Nqdrfu?epWGF01pJt6GGo4wQiayFibHq=OY!mPaFqwf@AhUooa^Fel}T
zx<@2_4;mW2=5Vz9y~N6SF0e{i%8-W(85mxs$53gh%X2_HboE7}N9Q_Y(Z1M|<hnfS
zO+|dV5=4BY``+J7!mVgUk^QN&^Ig?V>zpbs<<lnqU6BUa?HbNfaXtU96`&*G^^7lL
z7VPW}Z{1t~R#L#Et222~N3BaKQBhk_7-D6p7ERW@q)7$pr)7k^&wWaAN=l5Zy(h`z
zisaI!JH>rF(a|XV0Wt0q6AFLmXs*+(S!8o9t;-L{uOed;^e=~K`2=hJ+^_}$)4Nyt
z*f(E1p}aiW$Ghkm=J1_?q-l``g9R97T!yTKVo+AIV{I<}jWHy1p3ds(sj8zX2}3!d
z2fimd>tpW&<FDI6A*bC$<9yc5$xVo|QPFiZ)0|6ePC|d8<W~BIJ+&9loZ9>#?o6*=
zoHv!bJ!!K)TIggKf!&qaoJRRau}<RM@;v|in&tBk%^eJeYIG*<rU>w~z#s3{)o$?C
z+V1Eeor^byi8me26`4F8qCb`Okp1dNzwS7|@n5}Vwy~+I8W!KW#JiZ?km1Lm_12l(
zexp|&Qdn|)(Q;GhfA7)V4=*8(Gad?JZLvO_hUYmLz<65cbEvF0{;OFo*?_OU-MWIQ
zYTP4ZO~I?^)-qvp=yNseHe7$_Lar@eb9_C0Srkk-adAo^!MOjhV_ZVr*-LuH6ve{7
zRrM66Lt^V@PH>$@9V?5=Y^$z|e{;Q}8hn_FziK{v7W>2ZU!+)jeJ%g@O@b#cfh;LF
zL&#@-9P0a~#ksswQsuY%88(Y~jG8dQqs4y7DGSXxevl!F@DhvqKX}tIO(Oh%swDEs
zz%X(vNno)#r85q$_y<(0)vFTdh^PCX)+x$Z$r;sAGi1j~XaHpEj!V>Wj}d_vX6`S6
z`j-!;xBIGozX>pBASQB%IU;d-NK-C_7xpK``<c}+yi0@^atuk+Q3jb$o<O?oR4{QU
ztZ(m=4J+f71J(np6Jt1<WT*I~lRd1T=^AovQL0_DB@Pa-1WI^u&K-?$-7^fir^mC!
z6N_r-Y5}I*e8xoKxzV2c&Pi#WtEC(VKO?%2)c1Q>S))dxIU-bHGU~BcUo(@(vd6#6
z_d1&CU;?Im=e>_j*iM<(yVDbmE2eaptY2>vUGBGwr)(pN-`*j~r+>bTuW@u{<~$K0
zhOFHpGrMJrL_ax?ZwA((q<Nn<)8ph=(&#-6?L>%Dg1>K@v*KB9jng2WwAOSl#`-wQ
zS|;(+LKv3zoZ-*E0C~3C*>Rt_WW?fjzfB)mnN`8GPC{Ul*1oZn`J726JU@VJ_jeT?
zR@!<Jlm+643h}E69Il<*I%$7)FRbs2S`H)9@{O<}B%9EfSt#`H;4-Z^?z&hA)!O3l
zghixHv~LgcGCQLv$jVW?>a;4M*!byTS={u|NY!25YL3HKC(l+MC&}ovBlG*%7AJ*v
zDrqhG#HdE&J8b0zSR@r<){Ng?Ckn$yqOQm-tvB51rA!4M%V~WgyXuy3t+laaM_+h_
zo;C}!sR}_O#H*^-@KI(<hKo-pX>?&@NefRO?=y5#>op`<U&MvFkeKz@@AOaX%of=m
zW@ovybIMY`q*SG5@W;E~%wuf(wBB<V=DsE6ne?ZIlqP!iAL_ytbl;>Kb0#2AINI=g
zk!E^dYcL{BsRtN`Fw^N!5i(vT7|A&9>25^Byt-8lN9J6#c;vK>Yqv<$4tE^Dcn_DC
zEKZx?Nf@DYP64RL!VBf6c=A-&)r~OkrAeF^&}$8+!UMDusPCaBqMu79kyC7;R8+<i
zxOhDycTkKUDj&=wQhJ|_S@b15$+qypQhgDO$F(L|r<^CF8g-0&>RE$F$w;aUk@4AZ
zZ+9lAnLM`(1SiK_AW<*F<K}ul#LbAPNRy-$akSM}X(K&VqjimayYc3Q`5W4Pl2Iyo
z*?*zn^vrcaOVg~(>A>QmU&>LZyBvq}j%?1K%@?4`AKE`qAxJqN5t|XFjp(f?Fu69U
zvvh+>brpo^^%z7X4v7PTBeD;f@~<u%x1L&)fA4bW>n1#EA?~uhZ5c2NUzikqG<z>o
zc^5?4&U;|9rRo~umzRnbUA&=(X8kNB3Mnekh$}NWrrV2`^>WQ`mO9cI4+Xj<ps(P=
zaS1UwwrJrU(4C1itvUt&E~$6xm%FMRnQ*2|isMpCwSU8;Z>L`t#bRpOVr5cSX>juR
zc4)=JKI2AnS|Ycf>KSQIjZZuJ^NJSG&Adk+>D=>*NKwLY6L>|Pt}TDvmsrA!Pj8wV
zmn-twez7J9h@&8^A*d-IPk5%)Vp5@FzRXFr;jE0k<WgF$25*6t9-~LE)>4~*nVM;c
zP|II_^DtsEPa1U@qI`G0tV}sNZVBB`ddBvC;xRSV%nEw~O!dr^40-N5RAlvs#@^4o
zWu4XL`7Y(fM8bk@5Y^P0f!H(8ik%EwvCQamwBfBdsg147w6pMzAr!4|5lgSj6!QR(
z*hmdyDW4C;m&>EzVSKa|>)7rOh1QT{T}_Ji7$_sUe_yBP;=85}e+TZ->AdGoGW?-4
z?9n<c$3?nOsfD;yAH#D+<N)o0#anJEdpv0o%?Mm*pjbQYs$6*AI!c7FGg;V<3^bu4
z&ay7JW^_bvO$ApMag)fv9*-z)K@e7Bz?>+Iw$hdIdQE8;j|!-HTy)y=m_&I_N1r%!
zyTUbVIhcWT=REIl2cu3eY=BGN;^+P|nIN)@m-R6<&RpzSWrhf@uS#LwlD0jXV3U3#
zHuL6OXJ}>@J)j3%tMMxEnp|bhA?$`A;>UJsZ>HAjne5e*YW9}CSOn$NShyOQQ<>Na
zSy4>Z8HbVw{OgrPLJ*K2rxKQBnfo#ml6KsH+DA*)l+KwTuytz^qr0`WTOK896DH5-
zYD=aeQ%bhrVkN#e-{7{Ir0X(g@dVJ1O8%Jjng6{NEqISN?YMtmgq_!F?h`xv(v&_|
zAl|8N$?V>uALeC$_VfVU$Iz$O*X{fVw;r}0)8V-5>VHJm;Ar9M>;gC^APzX!aw}J$
z$kO}G(<e7%)?Dkh6TbH!0p<KYlC+1kf!Km6Z+GziA7}MACQ0taI{No|wRSuA3xo)y
z4MD*fdII!6hRPuFiZpR>Pv%p5CG7c+Bj%Ul9s$D#5cDbBJUuW1aRL(nP0hEIbppcz
zSp%^vCPT6Tc>&D=&74ZSzwkll=|k{Aw}IE=&S7rmeo^!R`5@1w_1OmizmOPEMST6&
zeW`d(;6L`vUC;js{e#i~sNM;w_uCNQzBJAv!9Mzc?SKM#8+k#ne@s-t8Gi%x-x%h0
z{Vza10pfk60TFo{xqcvdkigbqeT4rJ*_kpSK?7g|_}!fvEc<^B`!W4!K{y9=3cLl&
z1+)gf28;Cu_XqeNAJ*^${R8O&0s*A_<?HPQzRT8U)Hk=PK;VFC0GWS$@xNZxUEq)Z
z%_!R*M6eH}52vrYwb1{+m6&UtBiN<rL+G2ZFA~T{WddruYPmZ5A2FY`8T8l*y&XD{
zdg+4y17d({fM{^!w)Ed{=GQ=i{{#qwqwY4uQ!qH79v{IGNC#L0&ivzVEx`il0SEyY
z<7z9H05Ki>g=JUjKSxjtg7^cK0b_s?ctRaC;~soxNeM`K`TC#R2$}9FHy7)6?|uK@
zaQQceV}$?Q?r<z0DA)&S0e1Np{ai5c?Zt;sz<x9M?LW1k=Xbuqzee>>mSeF00Ptsw
zweP025AoZlzAs;L|E<@=cQVfZG={kwp}&Mb1Pw5DTTbQ)|1;_;Z%*L9ep5YHXMiun
zgWy@qmugSs53qkrrTi821pIH(cA#BAYY=OoSYG%a;NQ-N_b~a0eHen~UHDIbIo9P}
zxB&VGuI`)71cCq7soYcW`adXgo9}TN0Ov#gf!mEnypj}*n@#$&PI)8gk7@wa1C{Rd
z6#D?vXBjXYAOVCbGbbp32+|XMBM)K+d<kLm=SuQ_xaV?SiG2wDC&D-|?gANL8Za7&
zP)~qzfZBmCB?Alo0R1-6jQkw*AFhb|3fp-X4uAnb&XsP({{y(b9*7T6E07!LOttub
zqD<Sf&jaE=Je6z4e*HJ~Z#X{Y|8pEIDDT25C=W0pC>{u%R^Zq75B=ZWP~Ye%@jrnn
zzZCoGKl8pLiX`>nEr5oATWfX_{DA+7E%i?W_-Bkj{}d&2J(!RGD_8jg`@Qf%wb3_{
zeq#1<^f?DK)13b&3^{l76aEKIzrLwl{4@1GuL3>-An9vSPk%g-9I}9Y{!@!^m3SAP
zzfJCe)o3U90CE8lfbck+z&~@h{o(6V3hbLjEC>YpN31WoCZ6y=hZbD87ynN?Du0E0
z`45?;TLE_gi$GDp-};gt#??Q43AE?`bFmBR$iY1p;<tK~p%2sx^iN}(TXpz*(e{nw
zwr90y!GCVgKi)k3Z$Hlc&brJ0<SS`txAoKo6gJVQ-eWX{Kv>H2u5IJQW!w^ZK{9){
z^!S>F^;nU6pPdL}IMvhR%qq`+A9@T!1UI<eGGPa7@xh|)2~mxPLW;RnPdM)N-}0>$
zZ(lIgijkz65?-**!oevy)7$jMbYYG_K8--Wi80=xQQE7b4+}Zjqd1B=wK))<<v^ZY
zDM|Td3BUc|!=7)yY{@O7;%`Vs(d+H8YA75!1^!)Lh@FiqgmOkMy{tpA@Yr3UK`5!y
z6x(~=X521()1oo6b1*+2!u=fqsG+$v@*D_~jsi?xUJ#A}WnmM9c5*AFDa_>GLk$*v
z&GSToFo9d>o^h8}hIRq0HYz%~X{i%=8BlIqSTcqX&O@Q~|9_d#o2q{Hb<cN#0b|On
z2ccVqi%%HTqlQ`LKzX}-&bWW1uKbnAU2)zh&%v0OWcwQrChobfxfZXVO#4SF6yV3X
zQNnTr6qJsDq>&dnzVkQ~EmiKQd$U(nIbYAk8dQ09Yj`;y%=tz$GjY|Zr2f3j8S{er
zgPU4Pg^;#z1d!?T%3`busHtCrdJ@K{6K7>IS~tF+k#wYP$JSmDGnEQBG?kksjbvXs
zW`WW37YvGnj&6@}SwK4+>}d3)f&*7<)hdtlV8iJZE8gfMxOb6IpQCU4iUm@=Nj0j&
zPCA7FaCCGbXA(vhTK%CNPtbSfc5gKs=jyi~q104f-pxedV)peI#rdc7D?w;zz2ljA
zAq{2#47~Wl-&WL;Li3xR;NR^;>i)GmL;r3k*ZqMO4Xs_r1Z})EMualbmLfzJ?Z_G|
zN%dqCjvUW4qHacF7|l2>I)J606%oSR!-WcM?C+Y(`J{g0`TstM_43TRCiDe+8B^A^
z0=<a|Lf#eWKiuUJeljz>i`l0fOZ1-7FMOP0cC%*^eipWh-WU1n)XW(V=Y{&t;_@2)
z{t!`oSaBhE7!}R00{RlO7s)o~-<iXeu0+0&Z1z}qyuK(T3`1T}d^l(rl9LG5@-d0V
zz?WT|!R5_#GZ9gKFnb;wqw>1<HZei##ui{<iQK_!b@o05nqjVLhDl;xNnQzuC_Qyu
z2`|UurK#HSnN1p$#pW$t85`r8N%AF=x19z+OTjH<pndddkBa8SMdV(*)*J}@-INHN
zIOrCQ-H^Psd0I(<1MDlz7RhYfeqYxuzVZ-17LN!q;v6|<bg4-V#KMn5bHq>ABb$_a
zKTT4;MEFWjbmnut&tl>leKx37q%2#5pP`wwxkf7Q<@N@I&efw?jsBoQ)(}hQ9XpbE
z{?^s@vaX3qRnRj3XgCVyTGja;H5mEpJPt4$`|~aLHGDs7GK@!i)(*U19T=bF&VAZ2
z-w|8|wxayJy?VTr8%PU&HQUi|6;gO>yc@HiaI+M~x-;ED89yE4j%^rOb#3lZwA3}l
zy-cAC7CH;!o^H)DyX9_JBne{p%z46gTVR~<2JY&JV)WnY*t0l_-Pq@)iEZIbpVlCT
zdM`ueES9*BTqKUq?WQ||#%33`{>DOo|F!%f7D}Z>5Eo6Hz{}zkskajwoo$5K0uC!K
z{8PfdvXi$`JW}Lzhpr>?wElzB@ibB(VZS`g?(&6Ig4@Mj*;MJFz(M9H>jZ!?YQn>@
z6t$x|6WW=gqX_2gi*}a&?nYc(xz=o-E9I!8I^Tde5M(54f{mUT%Zoosp)S_D9FO~G
zG^;Tl?A2hOI0cy5LpV>S9g-_;Fup+_=v{;F6n??<wkSdR8s+7^$D($?E95**ZAw6K
z+ls&jXXbrF5Bgk|zMe%i^~og_m_^BZ_ES&f0MWx#fPcXZ7*SMqA);JenYaxpctkCf
z=EGJ@ip;Z1PL=Xv(HU=7vvjIiF!@1_rLaDG_8c~-WG|`S!6q_qgzVbw<5sh^ienFR
z);44pN>x8)-}w8JxLZE6^J}YJW~HoHpr<0`6~vo8^*pW06fU8Q_yYV%K#}@l`w7=t
z2ea6YrWEMPkKIhtP?|}Z4UYY<7AbO#RK&Ot9N!tdu2k=Lehm^IGd4X<>USOZHx`%|
z4d<TBsmZSO%M0vJGfbp#liyGg&%S5at+L7R=%T_XM<pW$!ZD$5s+xvH<#W8myh+5<
zbCag}g);Z5>a2PTu9|y?iaD|~6HfnvNzmogQPPpE$T|a-Rco?4SI@2P$@M2iLAB^A
zhgEj?LMZBY6pVRFMJtLxIdmv`)FKSPg7bk-4wdwyb`EHtiCADK`TT$0;U_a>QClal
z1P0Sb_pn=)&+b%RC=_j1HKiN>@F~!svok<LTOPt9y~1lOwkl3!UN_%f_4TXISBZKd
z{?fH-Y^t83>vp`;=4`<h0Wj2xnS3eL8R2J>Vq;LYvX<W&bv^%RtT^K(2zFjVt<#k&
z|3UBUA~mdqM>LwhHsYp2p{Im2yV4D!JU1P4z>f`pJrytR&@zo!j9jU~l9_$Ny6Q2j
z(H>r?Wr!;?N^rtCHbshW$1V~?k<-<kRsvuj$5bjdNgJqul}NBR4i5%%8-yscP3V$<
zxk-E=e?8fn;$x=|)AHSn#gg;J9-pVWv(dWd<XrV1Rq=vKJ3ENwv#y~iq_)=B*?LHf
z+-bm)CPk(u3z3ZRp#F|h<=COAI6bk!N-%*+Z7&%V8<s7rMhn(qqHQd)Pz?YSkgD3)
zJmDuGpD#Nco46ZJc8sxC?%WmgHpwDKd+V~{ASOXSwIBnPA>h&@*SD!CV2H~;&re1h
zjNBq;EHm>jO%tN{NO*~p@N;9OYRAWhxZU5RKgJu(Yf~y$ZEW&vrq<~dG_|mU@t$97
z;D)5*Plj`!w^S*z7kg_nK0L3CQGCYeg%2$Tnwi9o@gUQ2!(1HFr^ObrYl*pzW=~Q=
zj_M0`mmK6xr_8Ggx34sj+*kiDu8+nZ#l@{{1`xxrH`?YKM=om=bj`b$W7~<*$lX9G
z0~>mwX5Y6KmE)&4MCUljAs~BNha9AfaKUZ52XPj$oE}M3zwBgl#r`lG%1sK>L6@RB
z8FLlWE!Mz);v}#3K7<o4P#_~&?HIc&hZiSk;8p!mK4)(iI($n5l3|=#<}qwh?3l+X
zw|$5S7Z%DrP`@`Hsl<Fr$$&tL3vr*dd@DPT0mpf-moTxV-Kc%WJfSE@*l=at$kYn2
z17|j^7&&1xAE|IS%)l@zrVu-V@r03S9F4)PYS2?(lykklwz9H@r%>JJxLcGHxDsoi
zUA2I6dRlG`M};5wv!u3%pm$?~S9%>vtLFAWk^CoQ3l*8pe$Wzz@@9wjnJ@&pO~k#a
z+I<R7Q=LJ_a!8#(aaH52q87Arx?DNLO|`<Cvzd0`WPB}PV|h6_{Q~vVOw3%I45d1r
z9OGK{JIX}424XH2Yw=4V$ei!(#o=9t%)Y5d#uXpGN*hE>80sRarqroM=Nxr?w!^-L
zk#uw2y@F5qDT8{phebLjH)|fTY${8&It~x7q36gXWPgltW)fw7bDghq{RHuxjvnQH
zjv3Ev)n0g1ysi}0y4uQ2E$SCcfkyg}*RgDZ&s9-kg9=+FQ(}7qFVEQ+`)TR^T`{dl
z)F0~cr0v0i5M{(@4KH2kKILE2?S}<GeFS-(#(4`HD^fg@+R0m`EwH$?Nqi0y>53l|
z!~s&fyFe6u2}aJ*q+EBdlf39zS|?7&-8^^^bJ}TLO!%5%+!EsIF?jeHx`%|x0=HD4
z*0ImBpVD0-&oD=*8ZS=J;j`LwCX1J6mr%niWb7jJIpYMq3XSS538yA#7m*SW`~+c4
zqf0p{In-K2aVjzUX-j_73gtCZB^np0GC3frawz2SS<L{Z_0zX2yX;H^04o97cYU;F
zp=vnI?8)VbsB9IIfiX8u+CB9)dFWx1NUAyZ@V`{|nrE?;?QQF0uT!I%cz~f!L-UA)
z2g8)K({*fZI|}(3Eio#qG-CnN@U{U$g^BL$!)i?}3Ie+cJx-^CesW^>GSYY*Z2{KA
zS=gfLLt%}eWs_$by-0POhFU80$&Ti7=_gkHJ@BR!7V5%ZMH4*i6|RUh4~N*j21b<R
z!cw}br<n(ibR)2oGKY5X>Fp+sT0e_BzQc$iI@=r(?>jm+ib0-ysgT35$NNhNo;vH~
z@l^&Qz<h`Z;RwE#i*#yRRxPAl#rW0<SuzU@6(Toq`^1i!@wAmg;<lGqPWqf9tMF^e
zT<BLw-HTDI5?@Q2C8lB%>Wz}u9Gd7H#+&KU?DU5R6Y5N@*H|QoU422|mf(1W%6e*=
zi&+26t6tTnN`!O4R?P>eJQbxeWLIBj+jim_L&E}&kbK+D3k^XR=yg0hzb?Bds>+5_
zRWwt;{1z5$=%(#lG%3a#`IH^e#?EEN|72#1By%4X_~Nl-FRd7+XA5uTEG=n>PI+;9
z4}sQ^VY08Yzs!HCgtp%e)H)RID=^wUo-PPqOV^%8xX%2sfmzV(rE9i<UWhcX)&-0L
zB|^=ls*8yjreJibx&EL&QeDq+Qq0%CA~ek3qdE-JJ0=TL64yb1SqH{>cxh0|lsIO=
zst5UstF9MPs(<-~HVR@`(=MJ^NFZgnAcmI1zg#W4&m7qhZf-0@`(c+;2gXwxPRxgO
z|BDHDZJ@S4C@zV;uNrQ%CwYsZJ2_GjEu7zicfB-h9I|MMot=iZE|qr^XQR^8OsVf@
zCEls(IIT*OMw}}**{BLT$zWx?NJDhwZE}C=6;vvpe~W~%oLAOk_VQ@H%AtmiE}<G~
zEs>0we-|dR&G8TY@-wY82n@uDi|V>ia@!DLHy;HmOq2<)END|C!v3xC1<$U+g}Uc9
z$wFkiJtwLni%LSHfQaD0(*k@N&j?xZvg;*%fg3qxHyK%|XR(|0J%$6rzfOl5q8b>=
z!=b;d-8{>AIhMCpb?+Ifs(gGjcKgG!?^mi8>v;k4GcXIL$g$&City|<@zaCHv=Hps
z(!vyQ>ppzC2w{ba_<ze>R3YwFx49+gUANa2S1Z}T&a*ByK&55!O+EAZwQ~}bjVjPL
z8`5oz$rtfU*Ie5fI8M8i9Zme7V89lAkwgZntxqNn4fk9&M&P3mz#e^mN;AY5|6I!N
zX>!)AxWZK6l%~OU<xjWqW;ALxz^^NG#egFsbz!$sQ4i~IVWTJW$tgt`Gjk@@KG9&n
zsT0t?9@!Y2CvLo|=R~z$7)%_5WhNIo59~J9KMBpal%k^m7Dm5QM{}$UvFo6~c%BCl
z)Fn02ZAd2-#-<CIq8+jLV)az$un25C$yVhpJzv67H2Ta}rW9T6lDo(U_nTK^z|k@Q
z<(d`Ec!+6_z1xirmVT$CUsWQh#g%3wkl*#9Lt$??mQapYGl}9UplDz5dB@Z=l$nj8
zOX5=8f||VBAepCH3HDepFiX3fbULtEoi0l{7`Wa%(NdX7{m!qGfK6eoESE@GLAJl^
zQ&BIlWam~W$)|Q@oY;@Um}IVg?4CLmpSTzb#4_`nWDHis%Q*FojJxR7BX)(J6>Ukf
z;!2|W`qai+k>Rphdk2qda!v=nnk_mKDtg~lp*U?A^#ce~CqlSHcSMC2)>RB55ZVKE
z{y}sM>X}6>ZJuBXjU#JJX%B$JW3O->H4K?8rs<8%pVFZNP3L#yQz~|PRCO!Vg4YoA
zt?tW(t78|{EUaf#m7=>9jjocychT<fFbs9(Y^R#GA)Ne(Y`PxDW^;40m7pA1`=zqx
zr;CX}&g4RrdkITUjheD)<)mH-d5}G?CeKBuKAj{3DLjr<gRd2>pQ(SWgBv*-JjDp$
zrpv%9)M2o*`vcX(8^ycHipy3rBWu+4Zs@c`s9%=axB=doZ8>gcYnQo2B3Wmn9eB|N
zIr~|)j%G(+e-;lK;X^m}BLt+%2DYL_Eq7ez_&g7jqq{<(8XT_>;6AOIwv(#{^E*+q
z4UM<x_~QvY&ZEBSTozH!CV81^DsRf`b*=R_JR{@xtozAmU#!ta1fwGl;^kEGwz>=;
zN%qvf_!Sh6lJ@e<j%T#RAy-(>=s*lCnM$5afh7VPouvzRR%iwa#$4R0v6`Y)>YAfK
z=h+Fo+-!n0MrL{jb$o)+WvXY~32Ce-?Onu|=Jz&wLa9@Ae*IlQ9Y)Lqzm$cx7U=%r
zg*jWFN)v+)v_D6UT>`^fdiJwMLuhgf-dm6fIHWOcA3n1AqUFWXCf5^O9``5Odu{j(
z^SuZq`cWc6+fD6n-Q9S+J7?V$RkbANv^LVBigh12R&3dg)NP_|*&u_;V;^bH=Gx<>
z(dvdsQ_|Hjyc%RnlR#kJVR=}<Mo8l+TU?}@->jF5rwaCwb-BIPnX^Mk&h9ss+)F?{
z)=pcVvh|wche%!WbhW0XJga!(Dfbz)E%9HK3Gn=+U0p%*+*YcL(|CAv)H3nOHc!>c
zu?bAgOvVPgAJV<Bd(7ObL*#{ysnX4AJg-T?8}}+<#g)x4+doYk2_#<QiIq=TXiudG
zAk?c4QF+b_Ny>)u6pNZ`Sb@G{Qh?c9PB9G2QI*~d{MGp~W1v0Rq#h%aA>>Jm_`f97
zdOXR<xaFi&<0MuqX2b_?O_bnq9m01{CQ>sWZ4jDR1PAuzsHv6N!FnsSzi+uCDl$6!
z*6|3At{x8lt5|S32RRP0)n0$@!o}w%d>7_HH+_z*i(N68Fnr50OAl1{BKOp1&qOI1
zF^I@majQ|^?XFcV)=BO>FQ8p};>aIuBpf3$V>w`^V!Fc?gOmX{-jA6-4~(P7aC{rz
zaP^2i!k%^^UsfQ*J=NQY!VD`pzYBo5oAc*8#%babBU%o3UW+x&vo}$laQ@CfTv=1}
z^vLywE$zhN9%7P+kp`Kr4Bcop<q_%onG?fF3F>p5pUr4|L$9A7m2ovUK}?fnP1@%S
zJfJl-m`K-COlXOeRW}@aoeeC{NiuV4UaD3f^ePed0|G&>KozmHZNK{Zoj_<+wiX>q
z^L)=k*j0>{H96ih7El2+4WIjQ5!xNMUc1nh<Snu%P<n5%DP<;_l^KsQNJjh3CCNS|
zEqKx#2&PqK+aHlg2ppbvi_v|b+S2F~G#xEl+3;MQ0@UF-EMZMzJm}lFHyb(SGnc4r
zM9nw(I7ho?Begk5ofpMCm^*(4Th*%mCG@t(#Z^zm5ASXm?d14G@AL2a!V;|b?GSmX
zl#u);A|iEJKvtQxh(aBuGAsN1)J3hvpU6(9mU5vgwO_xkN9K>w528mj9%q0|+4lj>
zA&xOdl6x&4|Di!788G~_@t42p0hmLO7#=A?y;QbMquC7i^ZUiJx0n)rv+n7tQFq7l
zmh)`)zXv~|He^mekqTD=j89Twhu022*&s!03{vab5mzti=*9Kc8r!l87&bzV0bVl=
z_|3?GlXHpH=eDj6F_lok-09ClqkDKoNo;fl0<F!6e$^vjJWZAcKPvleya07tCR=!J
zq+N6dQt_c9s-HN^aR(vY!WXovc)c0yC^88@c?Y&4*4jxb7?si_tXjiq^fc$lSWXSL
z(<QwDnLU*3Zev(m3-1^pv};QI-i<p<X(qx~y~1U-`%_<EKUcS%&$BjBW7+gVRDNvW
zyRQDsI5YQk+yURa^tdixG2AS1^E~Ic!f?WIq+gl+o2&5`Z5!J=y7H*m0|q56D(ibk
zf6@u0f^)QPQ8Af^Vhpz^_!v`H|KNK<J*IUud%BZvA#|`c97C4HEi(L7_C#Mj+`8ud
zNen1?PC$N?bm|fCX>xP_oN?>;JiXPj<zEeS=#EhLr(nv6(|$kL0j?x|Wi|-k@#Mj(
zrFBjzx-7E3HbX7Ch>S>t>gkd-D8Q@O0{LTxs<?^mUdYE<2^@kSQ@b<vAsxeW9B9az
zjOxv<Wv$cs70VW(;y)b|dkUflXlDc|$y$f}iKr(f_jM{E##mrn5^dS!ytVP!d3N0G
zt!=&e#-P4xQ*eCFIzJk9z{6YqV0=a%Ka&hxEUPX0tQ4XF0lpo!C@%b|h5#>;tno1y
zSmwt7J<F2q1eDpE26oP=WL*2p4mEJ$DAULq%AkV<0cveTt2xv3!du*b)Uf`JHDUJ}
z@}iq^+AfS+#XeD`d3!4>TCXt#OHb~&@P)Kp6%WY;eks_@4~cOKmFFH-!{v5;0c*#k
zp5oVbQF_ZBLUvW>G$9@~IoHvyZUuJqk_C_wo3r+(qkYJm#~?JQMk!awJanM+@^Rtt
z+Y}0^K}dII1lDwQfw5gkn;*Tk)`vrd_Hb)gr`!AO=GoiG=VJ`JGw$BOakFm<CLy}5
zXw_JhgRrA^%C@w^?w#xOHe$y1Bz}{3!EI|Ow>RTOARKAVOq*1-316jqn^5}(>A)T2
zdVL;ArI??_NAjpiJ+kzN&DbNS)!xaJY;3$0F35I>Us89R+d^*4eRZex)5e^1Vkhop
zm~7c_i*R?JbPNzynZsTDy~7CvfUM)J+f$#})#4*JvY*AiY6w40u`2{I<vSreH17j|
z6^WR4bxSpf!YSNE^XFwMu7_+{E;T;zgCn`w%`R>V5JL0(sxHm;d<wdi?DhGLkDzr-
z&;bu&na=dZ8251wdzkZ{OEOtP<jNTPxYMF#PM%>#fci`uoM3IE<*?o>3aNIWAs*d2
z#UTJcYri-y?})3wTJ*-#FY=%Xc=0G+HLhcaUlLv~)V3_#t$;Q@sD_OB5g2B+u)yyt
zxXWhCz#Fn%&oP=lUZpqlDabZn44+-M;K~732W_F`W+d1KDonM>!B`E=MEZn!Y#sGa
zEU>!q;iY}dfyNmyYE3nM>tKZynn66f+6fuKLvH>}&CYMFD&0Z`6>dpPg5TQ*=KBWf
z{evIbL;Xqv1_>hZ;IpoXEVc6Ow*@YL9Wy#&@&GIA=@YslWFB~U32PL;u-#%YvRgD&
ze0b_O<J_3M=Jg=4`j}Lo^PhBJ9l#0ABP-C4(}OW{&_m4B`xrnOT~PU#cZ_cngqyF?
zHscZbf>jikD`kYEfrJU1u6z&DO)A@$o|EJ!Qfz3+PQ6;xXEt;~e^s5imQ_mN+f3`W
zhVW->qx7%a?wk(ahTtlL{{CWev9-zzJLHnkn1pF&UPd3neqO)No;qPpK$S{cXkE2|
zqeS@C&6#FsuvNm?XI07^I$wpERYS$y&!o~2+^C8Fy4Hoo(z-)J(*hWG)_krdHlFG$
zA^9r<lYaRy!dL`a8j&5vL<6%vnxYD?a7wEHB@qp}ti<4{b&kpa(Pl0W^C*T!SC~0R
z1@I6g!b6atcr6T45L9G=z*?=PXu$vbYoK7y3END5&QV1R^$rv-`^)X^AVJxla&U3G
zjdKR@1ZVum4covuA?qByq!vo7ONN*k0ZOP<d>}td%6N+XbA{fGJct-Pqwb@m>opnf
zM@c4?(|fr@xVE&wAy!*M07hQ_tnomf4FvAa#!XzO?Etp;0g~!F8=RL<no={%6k7f{
z9V6hmS@T<jT!A;8zhmJ>ihF4}(V7^P&d?9+P)}-qnFwK#fsTJx_4M>h>6-O$5q(J*
z8HqrU9BkRRYSbquZ{B;j+JCSPtc*N6akv)m&sS@dWO4NTF^^UU9aKf?zajLuKNBK(
z)Y^D3W*!eQ0Alh5UTfp@`+(YFF7SsZ@)G;~spaI*{g~d}$ke#33yZOq7+u4fwR*FI
zb#5(A%ib>oa?jE4KUG%}4p2(JE|3AyhMeE&3?WDA`dQWU&uE6HS8BquBhd>ha#`Tj
zrA3FM#-mQIbKF<1yRvFOOV{=XkN@ms?2An>PKr$h4(Lob3SIE0{=S0yE@2tnHkB_B
z^{VXB{R31X4)w)*h_h6kzc#C$)|$LF8AJ+-+&L2oSFfha#@9(v2uM#vF>;%n8s@f>
z{I=6AkYw^SjRqx_zX4tJ9g`8ZVVjw3;7K>frv6XQw6LL*W{3=Nf_o>nX3OevZFSoh
zxz%|ZwzTj1P#w-btR5S26~HV?Po&1D;pf_R#);F|pVmJ+Ib+-?HEt4${&Pg2EofjP
zdu?T~)d>z%<CfY%wtOSLtk+QdsF}I!*<)e%sd7WF8OZnY37+xsbR~f>y3|6b&IApq
zjyN#IV^x}^qk6|xm+}0!#Mt+{A*8Ty@zUmlVASi*akL&e(0_>`Z&BssBod(4JcpQz
zc#V5Ofi#ST^Y`bQyleb;le$++9rf<9n<cH?EyqsKcy29@6f~5lIpe3JTqgB4GYS(1
zQPYX?B|=pkZO(7Igs04B_T62wLJqlQ>-J|<LKV3fo3B$>Qua@#Serh$@*v?W69><I
zM7&CaPGQ5cM54FOl>G+I3W}D#=JOYgDQGi44Xv}|-onmM&A93JEBM+YVYZU>q^l@X
znPj9D->}j-LoRSHHhTzDk~mT&2?ex%`!w}@=8)Ie2!*pP&d4u*0--{;`AY-!s3xu1
z_3Zpf1Vlqw8Vg#t01E0PmAIhv$|Ja0zEWcllFYzQ>M*k#>VnbwPCCwnBHX2vw~aE>
zsX`+$(QiVeEA@@{%Azlehez(}hPEmG$T3#F(YgQH9r80&+UtW}J5L=o#R$j+!$?v5
zb2u`TVi=*U7sudyM@hh7@Vm1?oB#o^4fnHS^Yi^v4d4w4t(&#1o-3#l)0$gQjqlj_
zLK@@o&;gu-pMh{NCMcmN+MkKC?$oFh!TgC%`ZhTkzPsx};4}6Iy2rsy(NnI&i<;Zm
zN{ADnIi)CWSc8QC4t{jSLWDD?0_~gRnTJ)MB~k)uo$VFEu1Ttf{_JE@QVQOIhF8u+
z0a8#{1$apb#7Kp(3^hnX>4^)jUS0?PC|8mm^JsoG=}WV#Zip9m{WW5u>!*R~FWw3B
z^A|J(IwdP|{~gudS+_o_zOx@~(r74Kfe#qB8&3Ez;z68UyGwontg4j_f~`t6EXh;B
zJ7}hk4cmg^l$@T!4=GhTFB^-okR+YcF5BQ>?(slq6W`sfBrH&I28pfBI5y!nYalw*
zrxI<B>o3wa_%Z(%HFEZssINvRs3|%OfmM`ui;B3sI5NkGpE+xow+<S|t6*xnf^X1Y
zhd7YCVY(PL)dCvI&)|9>f8K+owwn=>3Qt-Jm%AoxUmmIoEBzSrE73#j_90B3T!F(l
zQ^+L(*MFJIBm!^3>>sEa^i74(5BWRd%r@c=$3hNyI$tH$uV|NvA`um^6{L8Y+Hj5z
z6=ZQ9Olp5J>s>#)o33%g(Sp81RvKg-HuRk<m!rd}EP`#s;H244m3wo<_Zm3ej7-(r
zi0i;NZlnLj;5&Jmry5*KdVcTbuO1JUmX^fG4{6D4{#`Bg!<7*4Qm&lweR@Z4<=8R2
z0UL&R;0<Zi8b7kyB|~n1k{h&-G)g%D+^;+4X`ot7M`S-gaC)&i#<5K0(JT(!3g-%u
znFBt6`%>gNR&)skf<S8Y9iJNmVV;}=8FzgT2>q188&ftwbC&YS)R3B@Z#Ay-lpl7-
zo_(^&so%t&_snvOjjw0O<RuWC*qLBN1h3>JID~?4+mOhnh_CF6{`!|eJ@i@GcWu4(
z^+DBq3>GB79*;d7V^<)RS$Hyy-3A%5t~?!gJC^o{2plmw`C$jhNW$W|hGEDzXsv_s
zR{M@U*s$VS$}#T?IXB`xu~KK5hbU`El$wGj*CpgcBJVF6d@-m`IT62WcIlKI{Xx!=
zJhWjit7mo2(cEx=8ZaMF;}~!#F8;D0y_jr$uc8WjtAl|t_jYibWT)Un!p$1B=~R)d
ziE9)Qr0Hr^OP&l`5t|Ww+wRb|GUq+u?_#o%;D5t?5<1mtPKREc>OaFc#7;fD*GXPX
zJmmAfu7v)+-SU=ZuGuNA2^t4?xpaa&-qd2Dlnc)1LI<|h$;Vdo^Z2U96ZvExod=**
zH>FyEz1yJ>eP}O6>7y8#^ROM<v;FH=>WX+EM}Twk=P@d!M=kkZvK_m(j|Hy-kuPf>
zR)My-Az!XbJTv6aJc;oL#8GbOA#b!3Ao4DXl7a}$QwcO~?s!E(h+_c)qx>$vpSOPu
zgb|T6NQJBLa*gA1d~*xEjIb2L35YPHY!YA`hkIxT&Qh9Y@-J`+;`b4D0;<FlasQZs
zk5XLgv>Pc&h9}~48kfaJ*G#rL0Q@i-OK77SgQ0bErxL2a+S2%O6~0T3AdF1jn)>{P
zhRvs(+2wy8S5lm(n-zj^W}jgQoE|1fK4~XU9@wng;n$zhop@I_|C4+^a(pvPrx6!c
zu%Lp$;u#}AYSBuI(3a~QfszDvYlEK{u0WVsF(bW@>GPO+OyvosZT*91^DZ|`7(~mk
z&r?sVH{0R|>jJ++XC2s5rtor$5R!HV9TFGQU8p6Q9SY<0=hOpKb))R8b%MYwInNOY
zzj=S9w3qVD0v&)!hC%voA{$F3WzV_^ISC#4Z>GEKVMZaLOfp(U4H-9JJ4%8@wZP}H
z{4(o?XmwM;5N3Q!gwD%OC?|3?(r&PV!bNL@xahQw@(F3rPcL14bWWpnuUb#C#jD+7
zR=nN^Wz#iX-F0^BvK1*hEwbx43`0J0IvP)Du+gc4JjM*B9c=Gkw+p<}ANbP1>O~#S
zSTzOHK`O6JespHZq+D<JN?{NF0vF&%HY=04g$Z@|S;T9R>nIoKk4F<Q(I-r}`CB`+
z)8nmkaf*P&qTLutc7t?6U$lEdYPL9Sk`B?RhI_h(Mi%2Qi-LOBs8h{BQe<iSGFB8n
zwtX|(5)6o01`Ltr-ySt8R}R4U?)3LQ$#L#?isoz-D_df;@p>Gx%?|YQ<ZibVn%y3T
zn&2fC)MyP&;rb;|`}}BMXA}ojuXpO3j_{fO17EpW5q3^b0F-u84kJZ^>2T@!pZAcO
z&oE5C!P9vT%++&s{YiZfnrT1#Eey*Rwa3D0Lc9I^>$2$QasjM6x=35z1?*UK#qvCZ
z^H}8zXU!eP0kZb6RY+DbpBDU>5n0@E^LMthVtnq-WVVPTxdYrAUo(TvY%F)o65?7%
z77q1c@&`gam{K=AW1WxUCh=BvEFY5c40T1~vOn<;9c<oVJp?XAqd7{~vYqgyqTtmr
zVf|eL6G3HY_(n?y%$@W@9_g3S^jIrq1J)!|-S9^9gGMQHalFW)jQNE@*6p)J3k+;V
zq1WS2#-)mv>T~9GKd>ik_edrql0y8+()ztG0UWU^Kt0B80P0>)950@^12K>O51cs5
zRbzlCm_)Yehp;BxY>wy$#yJ*^74mKD>s8X@6PR1-;GkLZoFKG_I4zO=I4Lhqu8a^e
z=MasDQsH?7hB|Gv&@QKrRbCVisY!DB&xB(vR^UAW(6JaU&0F8Hlp{hHadov9UxMAp
z`E3K<0iNb|#Dmb64OMq7--m=pn!C1Oip&Nn6;c)o62C~i4aCGUB6%iI^zJS~*EfQ`
ziZy$7gY!LhS?H&sWN=a4>Y|(6!fg1?>|k65H9=*lHnCfpNk35N6oFBfWa+zGhU-FN
zLWB<$$DDmK&%^}tH>WosRsq-7Kx&?R{N>Ty=qC;4LsjTmHRVe)1u!N{^ZLN1bjD2!
zwqhSH<``sU=%r(i2Qq&&*cx>5h_Q{0P7*Rc!>21m!y`+f5e)ZzT`YJmLqGa0TE*}j
z4F?9;h$@y)QPYcM?1&*GXKiju66SYm;ZBt9kc60WIkYTMTGQC>=Es+Qtt%AUVye}s
znzuv@Qzn#SBI>uu(77U!xWq7#W1}TlPy^t?YVD!5=<w$P9063o99TBVlyknSeriKu
zDy4?hPNblkTcTb$EbQs9z(LscwUCl6k0m9^?jT%vE?{nV9yJqcUHQ1ioC8aGoGeDQ
z#b9vBly{L!6p|dkhArNOw)`p}D77v7qh4NZU&X^=>yJ?Wa{aWl&67c=XCM3mRcF#d
zBYX*=qfx1QWQc=hC#UT7^Y^yrh<`RK43@l%4?jmmvF<J!0CV83JQ5c+GFcX9kv^m3
zqXD<{E4k+3C^kZM<u9(vOXf3%pl>DWoh!0}@Em3vm)d$GM@=b@JK-996XRh<()w{%
zt{4xg5kx9`6Pi(@%u1#LnQ2HFmU3jOWdRJq30)mNsf<I!TN_@#xD&Ao!a-EX80J>y
zh$y#+(rIy*zVkk+is*h;BT+$vl|U7{dK-~d9pp<xR<r{ACY1=L8ocj}a*>q)Dce4*
zX$BAegjnFii5P;0!P~baV;ItblITas2Kh7I6_lQ1ca)BdI8F!J=iwKkeqt5@h{Ot<
zf43h6U?7BzjK=~2y^Bo76)Am-Wh0=sHAr1@DJWWtgW?W3N*2e0q;y^2UO&{>TNC%?
z94zzlMJG9o%yeQBGj#$ZSFaJ%w(^7-FU}kEhezj)drqc0>#}>hega!#4NA`4EZ@#>
zhiH|Je*2QBu2}|~<tJ^ZC4ulc-Qtq^s+GH+o*d}Dka@5em{CAilj2?s=ybV_m5``{
zSl~blmDDEdM}%`d!23RNtrqxz(jzd++ohjphv8v73mupDBZ~g5Se8(KJ$KB6w$@y>
z`Q4LwrZ=R>tswia@UJiD<753TZj#oRtElx@n6T#{H?q7BF6xpJq2wqtcSfK(URZQJ
zvZq^?+gKE~-qWKO?m97AH3u&3X7z@X1NY2;Qfx|(LQzNIKp!u4TD6(KwQLX=4@fAr
zNeY7sEF3EGk<}uw@k+=D(A509drOkkw&uXgAq>E-%*ChkXvFg#O!@iTVp>G9zBNw$
z&`jewW<)-j71q!?0CKm<1#Db7cwbi^3<x~xT11*2P}!*g7u2yOBJyic-8tC?3q50)
zGHp!d1%3I4M7N7qtpo-@pjonv?HVpGnxd$CLeJj)0HR*`S)><uU5MT+W(!%hCLQ|3
zkhAegZyE1J{W<se#7kdij+3_2Xn(~q%VSg~B`Pz5EI#6dGQzkE?MWe~umSc9W`FYi
z_E)yy*Sn-GYGyJ1U?kV>K~SEOAN9+gc7}D%B?V%iyqIt&7wTm|!+n$l#v-0(d_EL@
z<V8(T4Zqf)gY`w#^XhN?&3)@oO8R=S_H*KaNJ~b11ioAn@T4UU+*Km!vJIAbIAMw_
z)UL$!vdl2M3Qtr>C=$vjEawCD9vHk>y#%zAougei%-czwCazIBD7?VDbMCjuahUt|
z^=4d8q4H73s&tX~@nV-VOo7`uaN11w63D`+V*K9*J8eo$rtV?G>TysIq^s1u?B+9>
zUv>&@YKlB$GbUu;!8+*f86`bc7!=;{P&|902z(tMq80VYOSoeyT3dP3JGzlfui=pC
zDnGhd0w=HdlC$AWKZfPk#>>{aC48u;@LKt35N>*3h_MYBW5(r)vCQdgzOR{XC)>WJ
z+Wox>{>f%#BXG4{(3h%}yP;`SY!^D3OsXtQ)VqeQ;&Q>*1lnLpIt-5;#Y8uRBKT21
z2u@N*ty^FuD+X@f&fuWdc8x_tPBL5aQ|(z8ePD|Kl!JGtHIPppHHiGJ0=4NeTBEvJ
zrNb-|)38(C&uDRidD8?o{<p&1?8#hcmJLn2)}X!eS$c`};JKDb2dhMtNKGo>h)!Wg
zu`>C^P>^u@<{9!P{-UIR`{ZE3ob0LylrXxB*%nri<ju)B-Q4|+NhUAm_+aI9ee2M)
ziTAQEm$7=cEeAJmfE-fgFW;Fl!KvNx?c1SQH#MMQY6I67NsK4B{>ZkC9@B$;68Ix~
zdF+Uf9%^E6u?7mJI;+Ge&l4ZK{6No%iH>rEX1A<5ht-&13vMa0fm~prB)FFO7T3T4
zJl3tK;+#-ox7ZsFCeW*IbLa4yRS&Lq^xhOt8Lu}71w<3sDr+oMfmb(N2iXV>6hLq>
zFQc1Hb%oE(TOj0)B&MZ?$ip4GMtc2MHi_cI-1O(T<{obfruk3itVah_35<$mlH{Sn
z_Loja7ihQc1YDilA|h=r#$#n^i-z?$`u-3*>1?jELXwK$sroH-H3w(cTG&BOx&0!0
zDl-%;>kAksBy)M%UMc9>13L-BcdO50R&FbI$z4i?g}$Dg*WhsMlF&T=dN4wcQ%6t5
zS__bM25>D51?veXM$kC>4LUQiJ<=xNl4)N(fNI(4Uv8O_tHB<sOitb&6{)13gc$z1
zxdYIcM0$nUKhh=f^WFDH1ys6nTmg#5mNVKrtZLx<(J;>k&em`~8lmF}<%3w@fA)uH
zC#oz#4A5U<ADL(UT?TI&l$j7CdAuXSY-{<XXkr@em!_(au4f3(y4d$4tVsz7GHti2
zw=LAXu^;;F;bR8`UdHodq)-^Azy%#PRHjb`SHL;`CceJ_unvgb@ulJ5yrD)W`}}QE
zs=)@cp$niC-sopP%TlK@0`E>z5PjRsKe}RV$NFbK=wN3hFAgjBlloAExN$Nib?o`#
z-rHS9qg-s*2xTcTga1H2OLXTV-E^p!y#G+~wy(Y%XF>iygq>4xX5q8$gNZe<F|qA@
zv2A=4+qP{@>||owwl%SB+uHf>U1y(jcdFitRqsNrs&&!btA9^Fw)aFUL{-QI^|<Km
zXlf??iP}m9QzqQR=;*pnc+I;c3J_-|t5Lo^)32^fRhK-I`aEZfKM9t>UMtC0m#iN5
z8%PuIX?*f(L}-u&6c^%KQJssmEEP_kXlVH8$l7hF^7HSZi0Vl2+HuU}L@Y|;AB~um
z;#@F$7Cw7<olv5uQZxw4Mq@Dt;R^EKRRpx)lFOE0Hd*Gg(nd$MigC;Jc#D7Av(~{(
zVjb{W26Hf7YZdYEL~BY2&+<{mmmEo#8qa8Td$B^z&>n4aw(%}a>lFwgXok@;OiwQy
zRv`SdQhe+|;hU&BeV%jE=x%p2qyqoDhKx^9RrmB_=1Ja(8Nx*JELb_V6JRU)l)(e!
zuou3@8Az)kM8A}HhRI@zU~L^z1A6UJ`EQG$!66FO%3uGfg~?0D1^$&;ET+_tJ3$SF
z4iG=hF46iP*ht^6fpmV3{`4-+cI1a~YES7Q6gPiZocXqzaoTg?X&R<36FRBLSq`EM
zk8#NMFI<tYzQ<_aJ&T5hl_)k{9(?jG!-kPgThDV2n*iF1rV->%W)zZ<Pl(cUBoeC6
z%CfA67TMxrL7}SBpxzMm<AC_1xM-8Aw${UN|KBd3?zwS?21~Dm&)ug5@}Qf)ba_+E
zPv235(fR^>Fke_>;N8?(Rj-7$sj1bZy?%TwKS3-zxS~8k@*kL!+<P=>ZyXIWc7iaX
zE3e<Uk#+u+<B%Jzm|<{kFEJes$Ogrnt{E?3RF8h4<ZR`+aHzN(0M*4$&#Dq=R?1>(
z2M?!~WD5`IqKUd2&!r<E>)Ntt-brxLPSY1?V$_GDuZ6+1?k{`}uFPss4h#09qEQaG
z`|IA2kfuMo;$j#~%`g1;0F-yS7vk}A9Me@00DNI6TRD2#C~i^=xIfuplMa(j^XcOd
zg^HCB9mV+$I^I*#1ha(F<+<4>4MTD^x?OQvXS*S~)j+p-y3GZO>DuSWFz(^IG45zN
zx`8lcxO<s{=U?L_(iAjzPSNJu#-h}MT!2lfP=#jQP>onn@$->wlU8x0g`(Hg)KEGl
z+YMwZ41BmG-zr`q^|RfnmDdtB)`N~P;p0iGW8=T8aOGm>Fb}isDI2W);}hixdko*)
zatoX}X!|?9Aon#Hie~QNhCf%_xrBFkhFhJ>ay`31pXpjfuj6fPZ+;S8XxY9&z7l(}
zcdxsJL)Y0lHz8=Xq!qHHdF=snCC#XXTXFQTxVoy=Rr}!4=9Cp$47nnBom)6aSN4Vo
zqP@1<mZf95wd7-IT@FLn!EWXfa&~1?S)}=b<9*3a*wvm@#e3P;-pK0E=BN#S*SM%x
zb3fE?(vEP=4wXOkt73L%wE#yKvn}Zmd1BnP?h=GX7Cwqs@1nqaMj?M8;+Y%=JaG98
z-+=nZswc6G*t`+cDkn1^zrIiO=kEPI8sW_c#S01F*QM{>Td^<L^p^jT?t62$Z`+S)
z+^_p5`L*kJG{6@Hz!&=J)B5@8%b(f$`R&5@<*oRO8-TPkx<i$TqU(zk9k1YA@8fG~
zZf$+?>XL&nb9gORzqVoCgt)l1wftKKfmx?h$^`mph*v4Jn-1e(HsgI7UY73Cq|&DA
z(eBKm&4o@9Gp9!eyYr<0hGKKm>?1?-W%2lxKD5Ti_6P=%|GGT7a%pynkj)cHeMt`o
z;4ev(w_IP-n>bZE5e6Di>R0^?iMYPFnsxCoiIDU{9o&oSQm5rPhxa|jNrzhbJfUXP
z=j8DXYR{j{$03p*Ly36*wR3~G&iqLlMqIQ|koKC$1;m;oD-11M2=nJgdjv<Y9LHqJ
zKjrZUwpwobK&UhCW-y}L-CGYbpwxcvf&j;_%&MI)o&K-Rm@m)%ra1{?yY4+~^o9GW
z!=XiXZUEI8-2rUym0*C@|NKcW#Lm-WO?m-(lm9l78qv{(E8$dzOpgmp1KqW2@JnNn
zAfSva=*dCKm{!_AZ$%`A5F4`QCwW+vA+7c;R3xPMS>&@Q9<nLa{)15P2r3J-=8l=D
z2I?jAyoJelZ2m~JcB#(Y^m1}UZcm=^sjNXyU!$!_?Psktu+2Of#xwLsb(?-4lcv#T
z;bMf&;6H7ozmPE_M8@Gpi5QxSCMoqxX=dI0dFy0GjAQUay1A?owLXk(%}w4%S@%1q
z`IU`{?g+qfONl3JuQ)Eol`KfA#kW$4l09eH+or-%EDDN;=Vy(azLs>;JdLh@pPAvC
zZXXYp)k}u2rjRt#Zbg`6af_j-xC+J>x-mN`$DA7wY9m&F*d*^DTXU!m(L*`vKK&5-
zY>U2uz80`KFDy57CIhDcAU^+|7_Sz&zfSLjrc_j3SFd(oZ-LTvu@ZTA3Ib2N_`T2K
zom^BnW&)c=bc-noqJjbhcCP5|J!b7d%0v;iqjQjmm9IDfE7ZSZ58Gy4G=)*jL;~yN
zRz>k#phSS-MqbdOd>G_CW|&0@?m)NbSX^HXQuwJ}0NPX1P9iUcv_G_?xn(#1Ws~`}
zC9w;;d@x9YH)Ec+Kw*u-{7L{e_a%Gil|IqMjM&%5;pXgQNfoW1h9^szU{^x&N~Vr{
zMOw+K_rDY8W7}icBw%XnjR@W}!$3{=%@?_?|KULK%8#hx`NdHw3u=hr#5dI;U=(u^
zSsP`q8QKEIUM#fTJ;%=1jPdi<L7EvRNqWUVA_W?UgaJLE-r5Oiv&+@nQu5tC>FY+K
z!<}>!fM!c@%du1yVR4<}^(4{dNxH?GcqOvIp@ZtY!|-w$_ure8TQ_Z2<1Sk%7hMc%
z-nvb1T~<%tE0=F|8&AgV|L+M;`KJHxYJUt;59S}p5Z|37xjD>rBe6gbt;{W9Lu(Al
zTU40G8T%bsx0+YcOi4pOmL6Gmnpe?IdPYCmCS7+K|KEo<ZO!hJYaN@`I%n+F^@F}!
zyWO@oTg}f`u`mC3HS^^8$M_L#T7`4O4rUDRPF^IJETA+FWYFCl*1Fwkbhx)qZuJoU
z=N&@!?j9u)vBQ~36io)k0YB{spgEC#WI};WfrB3T``rojxD)L-iKbOyCF#6fki9G|
zNXT<B*jR^i<>7_7U=NZJqi;xd=I7fNJI9WDKe`5#osJr~^0=3CSylJayRfc?P6~bo
zglf7BV{D<-!mTw1BA~?Y(VQ>HH7%Wlr(|D{<3zO~^BC2Uu%M<3`rLP1#30obPwwa^
zvXG`VSOgbri?7~yE{LB|@+_isvfAxZzV31OIK3uu_&U87Utclwb$>wuzPJFsP}#m9
z(=<!p+uClY*H(RZvD+_jZl6p5Ur710Gk)$5ZMU}TcSHbx>wEqjx|<JTHiVlG^fY1b
zo#*vCRyNOnp2`Gx+BxaJOK8po0QjM%!2p=KBtQ>C8eG1U2If-y);7vU5+f0*kl>?S
zBKKeabUkKfx~cz(>tUasl|V5deNZ@W7ZUoHGk8K(b)Mt9T|iv*%sS72Ry-2nUOcTa
zOoJuEqsjFk)&2skS6N$W%cpD(SkBQBS|bt~zkobjxFBxy(Xi6x!z;^KidQ*VvTnBO
ze{Ej6)SCu={^VWM+~Ay{{{Bdi0flLYybBBy*XqlU^-Y(kdP6v!WMEpSI~eO&a1%?|
zii6M4h>xJxHUk`sL>^5W*Gp-^j$F8<nuX<eno>MbWzCkNZQgRd3g;^I8LU+%o0q}C
zEhNcK1d%r_N+<dLG~s#pT8&6Tr!{j^@bel9%&l7B$bHuo`1ij$sb(iNc2uG0?j!IY
z^&f>ElHc1c+(6P`4Mx<A+|e4+tza<Kjqyy~fi-vy`<F+1zd+2MJb`}c!N?etRkZqa
zE0L8X<wD*&PP}BqQP7w{;eHNzzu40Jk*D?SThSQiu-EO8De6EM)~Q;y&L8S70c~iz
zgpQzU%5@&ORLQQ+eWV7e965bz30JO=_PXzEm<Gx4xS<C#XQNgL=rp@o^h5}=!-&NG
zY14*NGNd@hL3_zu@2VCMG%T%!e4onp(o*AQ%trD=h2deirKyywVDQ@6ZQWxMBgk7m
z#GbA_bm69dj5KGt7^NR~0@qFuhVl#0686oQXetZvT+z_JIWJT$Ro1nPk|k42_9)kV
zML2fCPqNi<F)H!&ugRKlhg6Tc5Cf_Mb|K*}e0UFnwkh4oyD1%cB;r8O>RXJtwp5Hn
z;_X2js0XGM)Ko04e(`bED>mLmwI0?^YS;q$y`;Ck7Rw9r#gSua@)@yFx9aHBBVJry
z)IX#0e=`<dnwU6J4qz+8x6Te%E8<|b@yP4S1437%8aMuOzvV1bSPG`|Cfe<4f{LdY
z3^X+nZpm?UH`XR?x|=#18eV*oTD-7Bde7#b6#4IFLTl~pr2ZCu6-v<(KKe_1SB1g0
zpP6Q6bvM(t8~ebVmusF@lHOHUmlS=;=Fib!nUcmx=Hl1dvP4*F&0xtvuemq|{W><5
zZ(q$m<GD;0N4~w*B1?54FM4r`@<EE-b!zvA{r!Kz2b1WB^D$V{S+gL;bXVMdqKXg*
z0UJcqX$W&-D?~b;=+)1cptFz3X3HnFW_5kR%?@nct_`cZov_kyTqAhGBc~kvCy+D!
zjx9X+I-R{b>+Vym#_Wk@Us3rdp309fLS<rmDZT1ZtwOiEByo68M=59_6iyo%$K?|C
zve(0>Sp>YTo}<o&t|bx7R}u}VzJ0z8<7x|0f3~WMV+;C~50Pjmp|9qVgEZ#XQst*x
z793MSN0ic!w27$70;Zaj^<Eyq#gmLow(5D#B}&)}W>6H<3+RZ+M`Dcu#fh8RWYrlR
zGScX~t(s$&%6kUBY~>!bHT<p3>I$=rn6CG#ikeZiJyhc=oyz(=O`Q0tl4nDUV+}~t
zvKf?wLvyz6(O#Fe8xLraJ_1=5s%Uo4*)&cAAB{MSa=JcF#M2BZJT&a=SLD~ugNhD2
zmPkaVI0#62{}kpz$jHYZw(#n8BZSZpG<Ad%vnal-b-_Yctd40$*}sZ>4~Xv7H9cS;
zqKn%?!D5$n%l<Lq8V&TRm~%=z>)cg6`;2|CrC+eKwyxS>vO^V;T2WuzOJ6}(PYsJC
zuNdSXgIu}jDQ}$XlXeJ^)?|i2i1$_$Nh$BMQHte~tN0tuAby0&)uhe_AQ0dZu~(HL
zvr&T)CmVhU|JcXd^`5aayk{<flwgf7JT|Fo5z=WGACL2Cut9*tiVDh8`nv~1<|<-Z
z#kp%@L50K`Czj<Bn5MgQ2to~mjwIfn{)l5ef6CPH6D}zYs?P!}OmWQZg1zFv+98H2
zBp@@lCD*7_AHGEg3;~dA^dRmP#H)9h2P8rcIX|L{sJ=#W3_<(Tf`k)tzy}gf9*LE0
zDH%LCyE#Fw4)NiKUFexbvCrxiM(@X{>j&Flsz}<Nh}ZmM(5_?A5uNd!j@8}zTwe^-
z500Pj@?cWC?bq2HW1pVL*KYUMjQL*dceMEG?d}Hs`t1L@5ikD21$<!xzQ6&#@BAOf
z_cUL3v2tH%pC6*nPf5D3`}ghF^E)d+M}!}z6ve)v)BGVv)7$3W4+(Qy!NqXXS3P%Q
zc!{CKh|}bN?<mGF;p^}^y}hOEM!)ZKjkCJ$VZ(l95R*I=X_c-3dN(~szB99;;M-e)
zOgo{Anac7)p?lVWmp~Tv1ZU!@fOEB^tJJaOCVAs?M>hEOI`76m@}y)H{BhO$8uDTC
zuyz_9HoqS8YBw*><Zc=fr^;<-G)vE}p(NjovFfHLL`2f@E1au!hbqqPuO-C2CGbcn
zSri4+n&QOclYrYqk5(LmOqb`8Gf9zpFoTyne5@xEhjq^R0Q>?{L^M);kPQd=l-woN
z3g}jtj0ZTrzsF5eVpQ+u1vR-#3ou8xJk1v`-&*<Y>pRJ3n(qELUVu)DS_omFdPw^7
z7!@(vdzJb2r&1fUqUy{>=SST23RB97*FCjalGfaD5t7fq=t9umpaLWzwbX{z`UHDu
z)#UkrnNYhR+OPwhh#3gB9+w}5*pYK)(l~ARM3n^gR-xvx67nyr%gxDu-$dH_eat+z
zL1#^p!coHb&7gyj4^YHm!E@T#EV4AD#?rr3yICWVYt@4p9{~iowzLj^zC7NhX194U
z`XdO2*<hndYy~Gy&lU?-)SKJV)X7Az8X}t*N-n&@72Das9q0`HNaA25@NGir>m~Du
z<l~n48RZY8g{zF8P&biY{m9b;S)C^MbRnME9?cAUKp9S2fL>^~L?W!*0B-2C<9c5U
z^5DYPV_Y^8`j}zalqeazp0>k<W_2`seBGq4h>hvKstn-$VPX(&uZrz-YcltY<g3NK
z)2qCy<la3eeBKc=C$eIB00Dk9U9m4^urb|O#Ul#5)Jv-;l#w+_3*P%#he=!I&<%#W
z{#sd|9hltB6xCv>IXmh1-ZdA@QAX7O$CU^jZAD<=q_@mNUoz)M-BXCT^~tlC=Wo}J
z8Kw>uF+BU-T#3EEtOVu*@TVUeZ$+aaY2uSy6n@a;;cCtOz`%F$*aQp*3%PURT7g~1
zKOfSmF=l5S`1WM%*PMj-H7Ma-If;c%_PP@{X!yZ*l`fzxnlZ<ytNmzMaSMm2%kry!
ztYnT?L#cgg5$Be~Q^_SD*!u^8HuXK9{7!R^)*vB939W(3N0#8G2j*l7IhKBRCnguY
z=F#fkMFV$!)!5jdM%!7RiR7mUQ7QyiHKH#f#bYv7N%=mpo5XP8KtbMXIqS9^*4P3F
zyTFe?HOleuO-c$Zc1yNXIOyb&zuX53Oo*0sOl;hro7{u2={)1PeL~4aPrVyAJ3Da{
z9rj^m)K&yd{fU(R4gU0Gr@`|#gc|o$YEKh_XE;f9<x{mbz()*D?w%rjXrZk3tt&zR
z0g)SV@wk2Y<H*3Kzp1q5^Nvi=&rWn*V8j+|UL-Tap@(6<f?16}$*E?~zlqTEkfD8k
z2&-%OBYZAcUY|~r6(K$8m((hJ>1dSF2PwpaDPB~2*7T%QjeNhQXgpL`nsn0)IgK;a
z0FPZ<^GzAQFX<JGkP3dQOJn57c^mN&?_gq=qDn#6%stetsA_up&Q>>T#HWF7^Qt&$
z>kgFB)yDhY#jN|zMsdd*al&uwmJof-*VkR*#l$O{zVgCyu>zSa1}-<806~p}5RBC9
zK%r6UQw;$L%GuN=wcnHlMA3jqsK^|+Qex-DD1}CpTphAm4K6f03^d$VjkQ0fNw0qp
zgJ*g}>Q5|l257TLYq^7&7j{D0H%4MDq(7128`D~h6CR?i@n)SYt-%X68sAPfWFvsD
zZkBWi!E>gBr%XLP(6Hvsj?35w9LBK!zFU<)B?4!T;p~7PkD}YNUKj&|00jqU^zr4@
z(K$S<f0Nc(`e2+x8ho#mVeuu=>vp!w=bP&ojqeg#I-x9mcBzeGiS_K?RLh0iJV#8V
z<E##+l*eexWwU471no3^dpG)!9xq?Eb3s>-C_svD0ALPe;L?Z3p)e#uncH`1;l+Rp
zBL6$6uGSKFpQsSI@~1L`3TiEXLme=gpQiAS(k*`(Ccn2=2b`KiqvW~W%TX9N=~%D5
zHB?N;UF8pa=P}1m=)8*#7z!h&hhS78OZd4G4xu@`Iyx2uH5)e1isX^)gUUBb%cd-k
zXC+ls9@f1GsjOsn@qGRJ1+8Yo7Yl-iS6UkGe81Nhls9(+QpK`RePM>$KhElEde)L_
zlnv+x$tlCclHLx)x}^n105V{&JU|osOB<ba%jVvHBNoaH2u=aOC(}QGz&fek`4h<r
zS@#^?N+Dc%(%T+{Z_e#H@uwP>8}8fS70T!?@pr1L)Fi{euu4dhUG6bfT|m(+YYhE@
z8-R^K0wML=Y%4Gy=c0W|evd%Z@2m%2zwn1YESzYMr`_hclUSULeXK6+UY%?D3(q}x
zzd60bZg^kj+jhCNOe*+X^w-A>-Lr%6rvuF=R<{BA<`~(ZHY!nSCK~}$g2Im^H+#I`
zK5QSl*j$s2FvWjN8AI1FcJ{DhGBERuB$VT2Kaz;yAPZ}<f6_CRnd9$7#E1C|D76F{
z)80T`sRap8y$rPs>xuju56i2oXEmVa$E{RL(~OFsWgxV=_XO_4>>=)_{yci&2BwZ#
zzO0#nbC*sn++Vz9G^<|~pNO?JIDH`A4+JS8^etFI`x7s(=mjz1Sy_7Ke@FmP5qXSW
zB=nOqo1^?+5M7u5S-3)L-9nd&{HQCJzCnh&`=Ez_?6K7=@F(~R4v?NH6}u3*beH4&
zSUjwN-*{i&oiC9jhiPw>ge;QhP2&PBK#43L$2DIFUg6}@k-};kl_Xw$QZ*5~RlrGU
zDBB67k~1>acQbN;A&Hmk`E{P;Gd+j2l1Hsd;QMjW0U^4)WMRFTioAIl=NWCXV;yA9
z&O_8qF4yN$_)Fc~c>V*p@>sxto0QlWi|&8^`P$id@c?CcaxpoK>q-U-V?wCB`d(Sl
z{-z*}UgD5>Wqdk>wLf6%6{yBD^jr7@4?zpcEMp9dFIh*9u@DezYvR)4Cj?5|(&d~D
z^S3un1$r7v6s)nd)JJ+oK)E@wM@n`mAWb9v8N#55Rz(I%IW13&rJ6Op)t0qfkz@jO
zDha1>_*Q1%r%=z|gvL6Q#9FLaUmRS#5j`AH)THVXU`psU2dyp7fuVZPb<|LhEafiD
zvbR_B5DRRESBBOyDaMQP&(^nmZ>M2&Av&9eLPQ*DWl$3Uc9XL6yI!^zEi{|eHJ<cL
znc&O8L9BTO#cw;H4gsZ1#C~Z!1pzA(a}j0HSvI-M4_%|JAR=;|xSeOCOVWR{Myoj@
zQvmjF^5B;cW~ke2Yw2q{vBP<~dABS}gQRI@_%Lp{z|6`JU;#=>4F~#7%q+rwhIlD*
zKgEH7A&*XBUmh|Ii{i3?9F5{(8MHqoFu9kBdCq|>|Bzs=OKJD@&!-NAsxi=x4s8TC
z!~?YtM3bF#^9A$wexnVIv*d;+_aE`6yOeoK!ZwvuQUaDF_dxLSa_C=sD_Efeop8xi
zB_tt_!^iME^JlHd4{-EdUqJ=z36lB-9{9?tL;YQcFYfOctNAmy_{aM}N7Uo)llzXZ
z3SquS)4IgZ?}Pc>ILmO@%hQtcZ{;(zocNx%c-B@$u1nvAqO}i&6@$qo(GbjPwOXE`
zk@L44&|>>Cl2oZc_#<18f}mX7<weBG3~MnIf&KJD$!T0Uku7+$>^4__kn^f1ox^#L
z$=LR7mH%Vk2`XFEt!ewk(XHyUm!cRMP~D>}S?Z>0^hDI3Zvi`6-Zz@Ez>E1c;)?HD
z6u_R+Rppft;>n7+3Xq|Dq4KWs0Va7k$Uce;$@Hv;Q5Tm>^nM1oZL8rHaflp={0MbC
zhG<Wfqw+`mQj*4?OSo>ujZ0=qF|U2e5*l!%&;}}IqmUE^4`If+Z<-vSY~cOc;V2J5
zxen2c2`7XON|KSeA}-VWVTR_14w+4krGh#N_RQ>2Qfo?n>aeV6%7-ahXiw+`X<SHl
zR{Qx)V+x{fFcr7hk~!;2{IC`yKOE8`l9h?4kdj0jyN@Uqbt<U&gQxa;;1OvqT++jl
zIf;J<J^LncGR>xiTnpXZw{w89%(aJvuOwZkyL8%|Syhqt%{hVL)sNzrCfpKR)qG1%
z&~RmHYHuzrGbvT=r7+D*rpa$AHZobd++XNL$%7&m=yDRLGNngyvkwi5d99-slB&wo
z*MOu0X!Io4`#)4v#H!Ik2xg~c0{GrLzmfJ_tP#>HE67#-)POs0dS}mOs=N2weJNG9
z6$K8gjI52ZvxniOgd6hETy;j`m4^O(GkEDgw)N&459dPjcVwSKbXzjTAVK#r+YMj^
zF+gmS`f%_g2C4QnqNvSaji`4^J;h=fSyhd~8G@OySmuXngbIV1fQ1B_4$6P2i4T(M
zGj9Rh+J08`2@t~y3oo3=tnny;G@^1=T?!qvW^4FVaFMWeMZ5+%-TzM3Y+;+&=@M0M
z5ZXvYgG_YXQJ$N!QOf8e#x(b2F}0P|XBJ;de@nn=Nd}{QD+ei?9aD(sEY=?B)$T#}
z$LFA6QwpXBM9+9iB||)?LMX6qs`^&@c8^^1P_;-VLb0f1?tV??A7_T=hJscIpmqKZ
z<2)#;5boQaKp=>bo~jB^oRzPd8^6CRdOjtfB}ec;5BA}jkRq5oE*Ohj0*6W$R|A4!
z)15_?!XifKrbnz|W)3J#3d7l+#n^2MpGPtuGi;`2U;x-n;tH5nZYr*9?!_HC3cY2^
zGG4Ie_T%jpXi{l;J{}c!V;Tbvu|QS;S7Q<IL7IBVMuDmlZG*VjIJc`M*+`JTG0Sm(
zDdK^f2N`AM<DPZQ&^5THvqfbqt$m7NS&odkp1_U}n8uiUi)m5ckidtKn;fO?4JHJT
zlufJl0$xu|iA}=mH6BX<y%Ln@mvEP6ZW96baYN=*+-6*GI}LH&xp01G)~C&Dg4kET
zAe*h<GONe&N{#CmPgb+l54S2}kKKEWY<etf37!}^Ynlra2Xi|?$!v!@ac|12T~sjn
zq0j@bL{RdOd15B8KfNK<NYNRgWHW6^MCS~ug+L?eunos<c}LDTFw91yzYB>&xA{;y
zlXYBR_83m8!q!X4B#_|#T{yp*M7Z7$fr-rwq5eU!q#K7owlo1|uGVfj6U#WOwUvt@
zOKv?S?$D4;FVbqN+9^GVPlvb8xNT#-{tZ<pBb~ndGK(DXZ6P!eEW*uX2l$}t@~!%0
zSd{%zQA|*REmb!bb;V60tVCjLeoxr0{D(AN#LT#S<9xrD#W;Q*%T_yr)IwhSFu^2$
z#7azHnVLOt=l^N<u1E}$2{$A~r-d7d`?a4i7rWC6Cr_CDg_+Ia^FDf#vh#uisQ%oc
zC~m**fShjrtVzG<Z-n};U^M7tIuM3Ky7VyL=bTUOCZTllq%jRjx1}k-tT$vZm~cL&
zek_Y$XHD_6^hN*llJTwj@?vr4;1L?vE=l1mb9Fs%_!;gO_xA@A4hl4aQg~1}{GZ8~
zrtUjCI$1;zv{$<vY{YFLyK_!CmAT9E(`xw(L|(bE<K<c{vS4l~tqR^Fg<_SY3_8_L
zoh+~W2TEjuzq&30P)EYUb?7fz+M9?Ofp<$hx5yP$o|H#)s-g!J!{HRzR5&!Kwr{CE
zf>JY7_qnP=6#;p3s$-P&J6c5?v{|AGibN1VW*pq8kZ_5MBz8Wvj>bd9I@$@#PzQF(
z#b}SHBe%QbNjK6HPy`OggidBcl0p^x>b>Y8(W8=1JJi~$nt$j&e<=th)C4mTg|wvA
zb`!)jFg&$QDmt0+TjB!<E_7lqdl%C*(@VBjM#>`$e%XNXU1Fj!pdWr96oXu{Tp4W$
zvJWuNSKuCmPi589DhVsl=oxnwn`vr6)MUe9hb1%6pY7-uFO3SGRw**l6xHm$SgSEs
z<#X*i0T%2>DPgzk*1NIM6EZsbX#j1){->f3nTQB7bmSt91`zOUh>;FqlEcd>0Pyow
zp$ny>RU~l}`Td`oQY6AGsHPhL8fnnQnUuPmsxD>AT7M`;E!(MDU4{X?dW({O;ZE=r
z3x|dGr{{o>VFFq~=^Ya??0>#QvWRv0_f#E5Rd#bi?qG1Tg20)?hS#`tql8s|cb$qv
z^Qny9R!kLotht%G6MY#IcOV||<&&pp<F*P-n1H;NBIBtIrd#7wsq8_cKgyN>6-<M3
zF|zl?*Yp2|)4QDa`}@-re%|P9cZh5b-_yCdUw|#YVu<OSe#eLE-mB{lu<5y+ulsv`
z|0CPpJ7G8K7x)hPcZ3#=do9Fmx$>o|aK}yVQ5jluE#H!O`hz38>vAzH`>O{p7{kU_
zFX%fhfarM@I%j0Z@hXOEYL~`pf#dPkeOaLey*wK4Nh`f#{%Cn*0HaeIS2yrnRjHO;
zlA@7qlWXEB4+<Mr4z1!!j*z7}mKmcpRyQSYfPbRo4SYE;RiQ5lD)NqoZQ`?KZi3~t
zmoD5muQ;_h&L>ox>+Jkt8S|a6{ZaM<9mWmZQk?38Fbo0rD&I<-00I5gO@Q6YdnoaM
zsW2aDCA=T{0oX!z$B{j@aD+I(GiIhL_CUHp#=(A7WxE0Nc2Zx=9xhp_AnT_XP|+^!
zi*XsHsyNqCU23_=`oYqB+vq1z_{*Hr^Mo7tL4I-;VGLPlEUcdop$@}Apm*<yd@q+J
zkHDLXvvV4QbO5jX)0@egcUX0SW5O=O%(9<yVz9^m5EZW*eHuxi2BA`EhOIg>$|sMi
zXhda9@br-sDg96UPkz(7&jo09Mc^@6u+7Tv8YPr3rBa#T_)n@rgtb3jgu`d;H*@Ef
z{j`uM!yh{9=cRgoff)Q7p?rYR5C!PZK!djr8{7q29&CrR5Qs{#?Vn)127cS3a6LZ0
z@TlO_JHLDyat3R1oOwXpduGqs@9opJ+ba3i!`C*5Mw(>SW)3^M3=eO#?~?67Pd!H?
z_TnLu5adu&d)yCT@Uk^_+%G0nqM_~%EbO=7GNXK&iX{4&N|^&6;ysL1%JpYVznkS@
zjuyhxrmF~++_#1=8&;+rPjZgSQyzYbH0^VQc$JY}yG_}CE6o$b-m}cf=>=dwik*N{
zaB-ukG{y7@ugYdniO|zz9T^8M&@S{OcQxGHR5a6z2;CL(mzEOMo`$T#ZFH&lNL|ce
zI6Y?F?Zyc9=6|z1OM}7YJw>`2Uh6+4l9<X(u)Gk@r8vMCGz6>~QF(7~h;WtGQ4MfN
zHAd0II7DON&uksb)R&_md+}wpC|<=)nRAOfWCxHUz}GTdIa2n%Sr3xTScj-%-(|pv
zK|@ZIK1pQGZb4**)>&fyfS!NPVeO`$>}o3g{;n{)wP6=_A0<0A{d^sB{MOPcr*#iM
zqeLMCgZsyJH1(PLsOG}ARps^(u4BPvv%ueP&9;QWpAp2jRM2u?H|RRtp^~GyJVYV=
zjHVFYiKnH(0gj49P&mtfKS@eD)_fyQ&1O9Ygve%UC^9c7T|brT9R^b|>&fXN%AI}%
zu-74#-$<fZ6EBcUO4v2x=$Ui%@i0U``79<VWA-<2>@C*h9H}$f5|M3{^ar^K(IDo#
z&uO3xA(qU1*6?qx6{Gw|4bid!0cJRM!;Oddd(wW29NqZ-c)znc+910S5^@V1;g2Bc
zsh!<1!4B6B6*N#?WPUJY6!$@KGM8hq=XAjE?r<!^x5nELoU}o|O(|-mYCsgruj{3O
z0zI8v<kAu7+8a`s!FY5trn^(Qno42Hvy-`lrF^r$o0^}TwvD)OuG^V-_h-7)v@5kQ
zR5YsXV#q)e!((e;oQ5VuKT^NI;c1HJihT3b!bz$}UxU-0A|NRHXYTIUnAl^(p`2Y-
z6b7^aV)c^!W#!}Qn1t!3X`vyBZXZyp1^}>zSze@+f7Fk+FcxzGXCu5AM_r&YW&+br
z9sn<v|8qY;xY%E~th|No7cR1-jZkZu2|{fw(Wm6_!{7k8!R=X`stecV9ZslsW%u5l
zn1i;a*6*TS1cSw3yV-h2Ox(swD2Z<4kuGPS!6?6fQYxv!cG++|EHcfk+v}Hu!+;}G
zZy4wZ*7jo}B)B)0gT8^UyI^v<gDb?@Qbv+lfg_qaCemif01G0E>Tv?XW!$u9z|k2~
zw5N$56y6)Oh7PYpb|YCdwF2!Lx*ts;I{e%1y=tUS)bbzuR-FAjEo%0i#T=$Vs2o{%
z%TCDCL_M%dV?2bPx}q@1xiX!BS^wBXAz1TfV-lNSnZ9f;G|OIJ6^?&zu&}2|2O&HL
zVYUI91mX{Uu6J{UJ(WTik2rWi7fxVqG}zN9nE{@8e{~*uQnbQ8K20cE(d5ey(KsO>
zeJkc5A}>~a|H69`hcwhp_=n2e(rVB@@=dPKK^Xhp**mcO?68l77-S%B(>=6f0xvE?
zMtOf{-P5Z-gsD|L!}x-WKmzZ}P<tH60SbE@YIGQ1y`MqR-(XK}2L41P7KypZyvx=^
zo8&>C+feWHfR!J6{H4f##Gveo>5|<Axw&ICt0zKuvhkfFVAgL0RJj}6Tw9z)2L=SP
zLhgKib(x8R^X0$1{dfLET=fCOe?sPGvU>O4B<Pf2KPbtTz|<!9kygu{qo}xGMWIYb
zPa^4J#=Cm-VJN96lpo{iU#im=DR!o(<?Og9QM)8zw~pbB{=r#Hl~>!Qw7$rARd0_k
z^tky^S7-U02~D%32Ky@k8a+=*l1ynOOhu7iX3w2KC(<@v8Z~(CB&t9<KWIGqd^XFf
zdaiy$>Op?dGSsp^_VEGxOCW=zmL6gO`^Clt1@3Dg#Bj6Dt)1iYAd9z6Pz5>5$(8fw
zP3lB}3LQLAK^+)XGF4u!Bf!Bn(K1w1Lt#2k4(UgYzvpGD5^MR41VNi#K>pwhMv!zM
zsUX&iQ}ywJY8PO6VkC5&9YItm>!5k~t5?TrHq57_I}@87c{L5@?RL5b#&H|W469AX
z&5J)f=clfGpWVCdOvu<xm-FK~F~$0AGsZtPe<XSz*bh6!jwUaANsG)37Kx*FK*>KT
z&I#a)3ALtgiW=lHd%0<o`a{VNSfv38%V<3ue3NjXRp#$m6Ceo8Dz%}%<fuE|ntJR(
zxuf{>xQ4SlY?9bqJ9Tg)^D5<Eo;X3d981MGWkq0zZh@KbQF`;KmCG?^i;y>Ths5|p
zYgLis?L|7H79-`B&{5$fa+`E+Bk4>ia+IcW9u;}3!3m#o4W$^+Hj#!?A<~KxMgY7w
zZ(0?%seci=2hLK)Cw`Al_q$Jr-LR&v=Wv<1fXZbbyko4m$ZVcjjO1}LP(sTScMsMy
zr=7*A-2Pi<r3_IeLEWP8pPqlP!_J9`HVt!h-<%r-CpgL@U8+nUT!fMfWX3yO2hipG
z8r_?Exw{^7b)w8<h0pwBbz2$>cy{?34zkVBkli<u-b-VxKN*3Uu95SsuK0&+CiZAB
zWXyq}BtdxLld%w)CAMmT_r>af=L&ue_roUIh`a(ScljKKV7nn+;}~OL=oY`vxMeOs
z>-?AC?~UN3QTU`z9VC4XL17DZadFwui9F%w3_47T@a!>>->fbebH}AKEX@%|R(62V
z`}Fc<1}c_5m9$@)Ngo)#)4eD_;(`^xEz8`w6<}uh-#X2{J)c32<=1<{907o1M{=k2
zuG`Du{{Sq~zPF<%kbrK;X-!`xCW_|_;@^w?`bR(QJmOVl;6IBxP?bTlr6(wwcT%`T
zTh_7|es5Du`)P|nUt(6#%!QU4<m4QF`EXHxE+2G#ORbMdPQRSCpBTKuKcC1RqH{np
zRk&uA(%;8u=S*L_%}2^G%j5O47HCFlra&=Qi7<^co_djtI``?^A2b*eiYyG2tg^^4
z|De4wsFFJy&Z;n3Q6)%j@Itg4Dyn%LN4(51xKXD{&ytV9B@%j{>I3*`YG6zM3FoV^
zqkHI$rm{e7w5#u3)gG_YmQKtaZVx?;d~`(W9ExLY{F)v)P4^7Y1O+E=dpSYaRUk8!
zj?f`5Z{350oX9Rxl;T=}NZa6%wDx|r@og0ebs*qi+)L?<QH5)-tIUpjUq?+Rb9F~*
zYDCPW^L*{?oT{&ot<4rrn^%RgydN{}W{wlHztDHhw0)E^?xuFArb${DweHNERQe^P
z>{f&nbYJE*cg4!20glL1QCFe3e`Z2{W%NE^Z^wd`yosY0tTIiEF=CrvoXRn#NnH}o
zYyxvtmIr@Zq=i*dX8b2dfiJTyDZyfl^tR&>csD{rO8tDhf+dqiJWQj$mj5IKxBUC?
zxkpqoeBfr2x82Fsd8Rl~U53&A{cZ%AUsX3pm;L#+fHT(V+Tx<Kz=r=Q9r@c5h#_Wp
z|0oAdXM)LpCOF%$XcWd4$&-yDGKGY$<7a-hrOERV_btPIPs*M8Zvjy9zh?ueh1nCH
zN-;J!3)DVx?&ambIdbL{t0U~|vgSM;1d#H#T&Nv<Q5?9*Z)x|FrgPclOs1UhNO^~y
zi2`2--cNi6WR*g1OLBN4+bAs2yDQ=4?(M*?S#n&Z3tSHgJ0I+(N~kH($@{W{{-*up
z(O{BM;hj&NSO74&yJU_qtQKT&gE!H>msyA;9!RByx8{}350XcOO!s|PIv;$1rJWa$
zZ2myg&tg8_kM5l<-C*A@P{22LOL6_~dVT-3T3qZ)m~DFf&g<s0SMBTZ$_HTk_RTQ8
zEB?NnW9Nk(Fns;~IPK-}iVg6^&HjSUp2U8}&$jJ%gr8>kJTETZ3OY*JX$77BZp(KE
z9d!pB`34t%(flI-OmDw@qhUkULY~+2+wPdzle*w;*Iu~Ud%ESR>St{Brqed`Ir0`b
z<um0=gWknbxWRB`FT4BEW$VQ$WWN@JUCx82*1VHrv_JA(&Q~!T4XeEsc^+TK=WEMt
z$5@Tp+_ik4Q4Z!a%A^@EDZFBa3>JdW?Gt^g`XW}2G0hBfx(suUoaptZ%pcARn+_Vp
zPq?aNHy%Oun)UI}LI$Z>ngzxUS-F$V@vcmHUpNvIeNn0MZ0?}M%^h1(#5GsKHb&}8
zhu*|s+rn6r&LK>K@3&U-coL0&P{um3>{5o`01}H($~U0kvCKFx96S+;qdEYr)#+UD
z+(}@Xrc_0Sbpi5eF-#9SijkTMv&Y?Y=FRmw>jcW|LH1XFmwZ<vHGh=xD=boZ09=m9
zQ}Cl;oWCaNeEta?GNlcB**dqR^l@!ezIQ&G7q1zgC>#9_{<L}L#Y(-x{=@12^W@5X
zdtNj)WW@&3a8anzu6Ye_A4sw(wwEDi({pA#qLAKC!duz@hs@nl>GjWsJ*J|6P6*fg
zGM+hoGzMc#rqq!ieTKFSjRUG@(2s~f){@~onf#d^1NXLFiY{-%SRzwX(1T9y@=y>v
zsWUZ0Zjj0qg*w^d7>f2{n4ygAdJtEhwIa|-M$rX|YOkF%|Ek5Y>_{yLhPOJ8FU@Z}
zL28NPvf8$SX&oSDtTqBGKi(9bJ(FU0>=P|^;e%wJTU;_ra<Zx;IEcS;^3;yVrnDI(
zjSjN8B749lKQEMm7ssjsZwY1MVDxQ2R%d>;2Oq57_Uvxn7jx=VhUGr*I*h)J6kPFl
z0MEsmmK9@1T{HP3_5A=s;trUYrlf^Wu8DQ08e2Gc>>nfV>F9h4cV9Y%jq1hnaXXcY
zTO>p;oluy~CA;E&2+QLB`%{PlV%$5@nmDk`fl%vm5nbwJVt$zE{b>yq<rYJe4~nD2
zd=4@s1xt$8_03E%JP);!rLMd~Fx;VCK11C79gWm0nO#;N&2e-KjBVmEy`TL+4?OPd
z#3!T=izU6tNoT7cuJGNHss0c?jriJ2Wphx=Vo<f+ho3@e^-gd=OMV}Qj7vHv+fZq}
z-l%)wsNdZPW??WTZ~qUfA-dbZ9H#!0BUxRK2B5jZB=aw6pqxQPlgue(gCrJbPl!Yg
zH5br!BSX=;4m4pQ(ec?t+xk2$b0tkk>`D6x?*M>*|8)E25q|ecD$YR1XgQ2nAqD9$
zHeW`NtgxUlzXx<75DdtlPdqr8`>ct6KdMP1ENK7G=f14HU1#m*2NV6Y#<*cah(=Xq
z6*+^kMjI4K$7>!v9A<`VDpk#u5imjgtEq<g*8p(7AA*`*&6(`@h(|lH5K7fQC)+zB
zP`9k+v3Lg3Np6I#o{y9ur&~NU<?~W!3TFiE5pQ%RydUGZQX@ivlbA;ujUIqGBczR9
zp*lj7Z8Tans(}odef~%8FRU%S1kFW)n0;`8ggZuP0S%2rgW`(ru*OhfF(hPWD%Pmy
zZh<`=;mVDjkN=fOUyS(Dl!GL7jr{S%g~nY;InAL9{}~wt#Vhjq7&nyJ#x)XT7)HMS
z*N6%Ktt;$(-G;8AeQ&35UnFz{Q!fg49H-;76r}s8^p$~#R0CL2>9tt*u(ablNhizU
zRNmCR$`H3fdYX8o!2qYCvR6iNI(Zi?XERu@_GvBl2YH>pTVqrL@gOuMR#z3fWiAT^
zd4;E^K4PL%*=H|OoxYMxLLWUwwrHLL*yOPi$X{r4LVMDABm1p+ZSGYmxt|6iwq+yC
zrSucf@#)RqV=<WE{Hg)27aGrpta=I%t&)6~mq+Hfa&UHuD`)#4iB1203miijAZ3V;
zLPZh|)!(43wc8$Vhw$00UN8ReS=b3RO%X+`<cem_j$v+{5oZ06IWHGGke#LG_;c-$
zZPQG(u1bEn3;_fDfZvcz{hP!zD=d@w1p!)%L)e~w+@faZX0cUVBI|hj0gtOMHlp1S
zF3Ml?D^peZ_lTEG?F?FdD6Qgk-%=PNnSR|bw(iBiBj)12aSlz#;)F67+YAOBsz&LJ
zS-A17hTwRfFq)4l4}IFgVGEsEFBZvFQz_hB-9LxU?5K|2SXK!#_N=(9gQ!m;wWDqd
zTJ>&Gr=vL4>V6Iz09HG*<B1p0AiZ4u+yzfT?zGY<YZk-nqlUqPA2csqu4{7LbqZRS
z;C@NnLH^F%>nhk128p0yd#=oQcoci9!8pxz18H0Hro?+s)OjKU2mLt-`>l<fBC-~+
za&?DWELi;<Bcnr>dhWv14sxwnuRC%`x!MeV!_R&3#^>jFp?`pT-656iB${swq2AR@
z{VAOTk^~OsmYXSDq>EZ=ARVZLg${&ZTvz!E()J)BF3Yh{EI-FDY9Q733P4|0*2ee^
zq%IxolSz7}I>`39aSa8{HoV?S864a3sxMJ%UAt^aOJewAhv|c$Z8G+zM3b@46BswL
zABHO$)y{0}-jsrOmk86Yr1>K)CxE(X5_Xc5vxPr6A2-dR;#vY@HZhQ^9A(<;vIy^p
zRR;%`e@T$q7iKiHeq-};Edy9N!I;d>1{-S%ggyw>MzRjbVKL@Gv_Up$XfQArf*CNC
zKoou`XXGat5a$v?3x4XEc4D{7v_Yq2w^cq5peu;z&ri(PPWwqUuW@n!WK)Tdd!T+X
z_jY^`h0Rjp6z%%suksFM?U~<M@=UE<(=^StIffQ>a2L_1v^49F#@RGtQ1Elr<`O?A
z)uYxivbK-UgSwyi;WrVBsm8RL++30Q()$=24Z660k#%04tZriZn6-|AmxBrvQ6TzK
z?z`DYTW=~yVV#hi0=OI&Uj~%O4B>y$k))iD`+IqJtuVsAJMrsx0swzV@q=Sd_9s0+
z+sy|mTixe#Ztkj2In)$2o8RvU(`RRH&KL44yYEi;`RyBS|IT;d<<Bs4`Tpl}-Pa{P
z-VMK_rEPb(?DwVb<R^CL1v>jXHzM?bIPL!r<^D{AZYZtAu_3i}W+a~zJ6=@0!ypm`
zBj4S{d0Aq5z8-m@?>#itxqL%DwcLuya~Kqx;su(AC9_ePVw=@jG6P?gk-af(@9Bi=
z18j;znfl7!?3@P$@ydU|D{kO+I^po2%<7<-ayUU1pgK+<==!;E<zhnfrrZ6OV4Pk*
zvw#@=J(f#~z~U<@$CizM%hB=F`<GVSR4?+A<5Ty?E>CEPTd(d*2=&GDe37e!ys@wN
z_Sl62nN<?(t&>ccgd#>%?UO8o|F79qTg0Q{GTjbE^xs6P#r|cQrF$+3g&yV9s>i#!
zKuOiQcxKY*cp<6WPDGzEY1;YXQ62_#I4Sz5l`KV%-szX+>tn5%zh_4M@eYE})IY6Z
z+v8|xWa~uj9gbJ}^&-&^LUI)vIKfZ6&X4c@;_TQj`^MY9cC!9(!oHiQN#g3^(n(<$
z+?R<1!xY+95;B5d&I$HH9FM_fzQy?C4fjKnABowK8=f0j{*SiiM=M)?wWI0ZgW%U$
zVWG#iLW(+T57n5y;6ruQaF6VYhk#?C|5+Ev5AV;4$Ahe)quyAy*&Gg3AHE=TtCjvH
z8Xu|Khm+8=D6bFr<iGQQEWZO$qRNhthwEzb8p(ldyTuWQtP*pj6(VdF*}Y0m)E<y@
zV&gN76$_MXzs+Cd40$bLr5e`!VOQ!E7sqp>&BTK+$C;qiNd-AhHtEM+8h^5*vi)}N
z9o)yQ#M3wsSf_jlwVVM{I5Xkn16U!(s%@UQuC4r`EjPNeFGj$>1hEfspHOuKX5iTX
zWp+M^E=}Z_BMviup0dK&&_kE7!1S{g8iYeP0L&0)*w}2G{bTh((4Rw9gI|zOREc5O
zJRo=%K}#DqpBZz)bw)j`A5FwQ2a-;Ps+nZy^^*Q^ECi}`XHAMMd$abo6Z>kU`MW;5
zYhrA0<yF;jEnE!=%xU|PjjV?4wP)N69lCV5xO%_Em*hMR3vb(TD_$38z`1x<!-q_E
z_M5ynaGmGoHEoRAGwu~Gb$6-6Vs2@){f@1s(+Tdb_WgLBouEN|W$mvkLUP&FywPdy
z7XH;~F2+i5i)}BQY#t29c6r~v5oLqmsH(4_u%p;CP7`+PZuzajc24}B`Gjv17`ASn
zTi%?yBXcI^JF5aMJCkdLu)IwFJra0p5s$Y&Q3avk@LVN9mZ=gOeA4ru*?KZRN|%pJ
zYLTo#4U3k}&=_pZA|#U>>p1`;N{r1O+-+nOeu)ahf39p|;@ZK#D*hLJtEA6$uG$rS
z7*3bs1uv-1nt<liT2I}ko2(nPsMT2yO64JRm#&;kiGV{ZA8IXsqbsGe2+oDgOPk>2
z2zrF;I~%H?UsU8zaA>zOVc(cN$`uHG&WESYT-YUlGAKB)^$Z>Mf<LE-Gb&E_hb9Q%
z*m@brIx3H@mN1{=fg~VqXk#~o0ks_+<f#m~X%ae_6gT0t7-q2L6Cx}WBBDX#pOgbr
zk%^C$H#J-nOq|eXL-t;2+MoNQ#zMyqyj>MOdCvm76rXAhe|~Mr9Ud3Awz=`Pir?&O
zUz}P-e608G%(%27RkV6E&#j+5IHtb32j(T68)MO*Fgc+V&z?e)pHI0ZdUNin3~pUL
z-sn!fPfEI_S)&Lb=kbE1hCR<NHJcUxdEPy>x8GbJebfFU?6gnI9x{L6ioppJakW-r
z{V5;8c4KpK=?1b6%>~_SP&`Cg^$?oXi3p9qL4w7h*KF@Z0tqAlzPCWZbJ;$GCK7=>
z(nrCtUhcomK(Q8Nbeux|RSjI}?XF9MaPpAgf(QX-<ni@bm?A6kq2ad{)~Qa3h+QZl
z`~Z<9NV23fG;=HgV|%K<1ThQvVLj5A$w3@n!~q=&ZR$!;`LT%QfeT~!3!dslj%91O
z6fKUf$A!ObE*Kqs!`wyFkkv&XBgd?s!unA`#ORDAfGV?a#xUDCAeoY`R?LXx(`gy+
zXT&`@Ghcc0)w*{3(<9H>me<o~VDw~Y_lue3+l}Ye>!a(Y?PbI2%H^id(Hqo8zmD&<
zX1^D!&+Yxn3=&34m5%4d1IK2^=Yu-t&mrBwqvGus7&jl3Y=+)D<IgAE(4*p=w4Lec
z>nHy4@sFU#EBQN*;#KjExA+I0FR!#E^ev>ie3je!u%gDtja9Z8x`M61QpDYv+uOiH
zzpMZhaOjY<+HF#r0sP<g9?N*p@;}i=e>VuP?|KfXFj^jG_kA!xw9V~Nf%(Zqq7vv@
z9kM{6Fuv%a#KaWn8B1~y%fN)Q6W=O;U%WD}e*)L(u+xu2sOwg3svq=3jk%J*5y1hL
zj06iCxl|=;MX<UB^CG?gYTewL8Yj`6q^LpNJGI<vRSZ$ws7`3^H2$ec7-rOdRm#2s
zM(8ynND*PaG|Mh36M^2#_QEWU$fn<0^xn-0NNtlOz)F`Fjkba51<!702luHB%)5$}
z;5&ida7V5fh3nrGHXC9C&rG*PI#$LZNwDvauu;8*%^VzCUERr23H9QZPu~O;Z&!WR
z=8D&~owMi1<Lk%6#Z>{)cWaUfxlxXJ>(!cD#o-?d1OP@2n`WS;D_k@a@wifJCAiR%
zXlLtpZhZK!r#(G5_@9tl%4SB*df`Qe7ost9v6f^qFX$1g$5i@@7Q5>-rCFGq5xwe8
zZZ|M?m@uded;gA4T}%@xvVLgRPnizR{}%vYK%c*7FP-+-n6S2HBJF6=;J`>4_`vvO
zBZEcI=0A8&iM(dXgJPmiM_h5#A0~{k;-vP%)8~4l2>4y=6e_8f*oVnDHYFG2Do|dm
zOj60aB`h5PO}d!La&)pr<qSWPaH)@*tGVZFrtZaI=H**FQd%m7L}t1HL+>ddCrW?k
z`*74yfwT++QF26e*r1>19n|EsK%&nzR4o}brX!OFTPDz(e0vki-f2?!VUqaB{SkN`
zi_6-Q$p}<m>S}@qfw7+8pSS^piZ!r7wJO5U%pW+q-tC>5wB`-X0~U$a1jHv%C1hh=
z+JQsa4ZWppGTe`up$_8-H`%+Dn!#X<g<j|NR+OHUA;x=VvnDb$MG-;cJaw%uqQns*
zF-mCQnJgvR3L+_rzhKC24psQU=Y_c5X30*_WZOFP1Q4(E>p};^twPe)rO~29jsnoa
zk?=xiC%~^lD_WT6f{=p=fj%c(rkq^U;iOc;Y~QAHcW!PAu&s@nogUw`dRjROY>K|+
zs9M1-!Vpdm*%r)>^4cb0O9h5_OM(M#5hpX+Er~)?Nk>IUst(gvIu{6hE&^*^X7fuC
zMjM3B97ykIug<j9n)D_QGNweAKkbZK`?3F2g!=};X?eCWwX-;z?J~4%$i$?!b_8dB
zmf~m`6;R~XCK#`8%|xxTDmr(=ORAWk+w`UHNcu>)Ib%ocKgou}PMfEi5hq9{?r?f*
z0QD1Q+%!*BCR`nyZx9hE9%3Jf6r(z5u1*z380Nv1U7r@zrA}IPF~uvZ8nMvTuE26h
z9)x{!#5z3F`I|Ru@CkRg3<C1{CwLY#X=+Xn3CNx_zM(_;R#PSNIe>3rCG5l0S^|ve
z&+p!%AR2RqFvfbLPeyJy#NddET7ibq8g++2m`lPB#VF$f;zYsXH{70b-xj3<us6DI
z=KUTE;{gZM#&%yR6?hGI1<=MK^fU+qk!f#|!e)yCs&G{gF$(r4)9XBHKIP{n0XBLC
zGlk4V1k*j|H$;$kU5|vt=sWUapt0T>^778E!WGBV)DBTGd`(IuiZx$6oI=^852ppP
z)PPDj=70u4h49hwaMf#50&pr9bj0dFAr95S=pgh7r_`E$?nv!1K6^`VhRt;b&fYK-
zOh<h2?johOFa@+EhYEC4uB`Q*T3DoW<x?1!6*~8MR@J2CWOf`2l4eFMDAkHo4M&F<
zc^vO}Q}&%Ui!m;wQFD)3>pb1ZYyDacUI1+rg4<0>X>dtP`b0UQu-t6?CZ&9MO&Jh^
zxV5^|AC55Db+dN_r~G!jH|&oG*phIu6T_;kgP7ccKpCirN4a0-o8Kj8__v2gj1V{y
z{%Md{-A?2_Sz#_n@b-jop^M#m2S)pV?)haOF0Mh*7?<gqt%Iyh!7M>)Q{VW{^d6^1
zFB`E7v#ac%1*Jmc*JhK|;cxJXscFMg!6o1?zL0HwwRZJh>5_!9W%1!tIuANiGP<8w
znl#vKbIs>7Gt`8vJ$8%O$q}?J#ak$gb81<11rcs|u%ZK3PWZ43=>BdIas^nG(<AAM
zA;o1`k{wx%1zJ;LD*cK{^1LNtXWW=RUK`n(TnqNCjdQ_eUED}Ki*YE0!HLdj1($Uj
z)C#?goXT57VC2Qd5|fZ+;!;b=y_hXiy+|09lXGq<)E_?};MJ)CY$7`HE)T2W7fdzb
zl`6@mWGwqm^3oLjuihY$V4CKH3~$e1ONeKOBX))qcam0>y8o!<UQ$xP6&5VnRQcBt
z8waXPP4g5-ap<|X_Fb@PDkIt~+qgqu*gwN8%DutHK!=VIS1}AN45NDi>mhplmj8A(
zUgkWEq(CAN84fhy@FN!!?rlEHt~pO7zAktbKJNpy&$NH}J84*>#d;3ORCLwe@r*Ls
zzGwa<ZVlMh!gpY3ke4aCOMr$alydY!CHLLS&fa$U{C8fL2)C;D$J3iQv|&?a+$}q!
zujMhforficV>ar0JAH=DyqGJ-ysEFiVk`FRg3RMq$z8Sjo*wC|CLizI9(Typ+1tQ`
z9YEIB+V!(`XYW^aecQhIt4j;@yUnVdp{{#Ze%)Ng2H$pC^OCZPxyscg5qifmS(#i@
zNcOZ=?COpC6c3kWW@K2he^R&0kz>v!jIzUAl!s7a_f5C-d}r_igH1)o8{sM<FM)N)
z_)iMOQ?9U2+%2-0pGN@+|E;$y#5fwnLu4g6llg7Cn8xn$hUeV%<P|qz>(JdZ5}DkH
zl)gMK+ztNL-a4$eq(;E`@Nk&5`n@)bmDjj~C~x#f8^9w(Ae_te?`4m;QJP&x4ppk0
zm4X|})C@Lqk4yMU<@=Vjq#+GW_u%2gyO@bdxn&hwN?Of9XT&nxr6!L&-(y0kp~?b!
zR9!v~v>lMx{S726fgpV)+ZORH5~WJW`E=he+<i!p?~INR$>tD^iEnpCPdj;raXGu0
z{j+f>sC0a+*81K4cxTGit$7x@|MB1boQXDPJQP(xAV8k;Je8H->h0FF&E7r=aSrY~
z-UOE>Kd_j)<L7W%vG-@~;1U&_T)e+cw+V#~K~o=RO7rg$qSQ5*J%`YbCsT-F*JWL=
zAXa2Wt0vJ+<4~Utx#5V<gx{TgXzVAZ+B3AKW%sGi#5ZGRJkt$pP5XV*jLK9qsC`#h
z>xWARZS#v7n9dR(;}A?^gYPA92}Ase^}N>jrE5*DF~KfBSWoK7cs*A?R=XsAGi~-c
zU8^(Psq|hRlc}loUln0#dayIEv2tg>HzbAt{lXbXk>c`Y9;_0C{<?r3IBY)$CS52Z
zyj1kA+P6|`;o6dn`4QTRd;K0B`Y4!18PB<bq031IHU<tCh;nRm^b;ibJ-<uRbH3d?
z`=w(1(MNvy3LCQJ+u#LcKtdA|okmZt8}|+s9lO<bt}7!0n9JBxUQAs)`B+rO>EiJz
z)+l%}W5PvqZ?)GZb)6xbOmVwcu8}h|AkDaZ4H*It<{==p$#j>7<<6@coaubNN(F(%
z^vZ>j$MXr@eSUg^2|Yd|BJM7>MGjxzVt(m26Yq9|8zF6Kp86E>L00!wnP#hE=U;oL
zdhQAY^VgT}^3&z19?H5KOO<-E&II=9sb9#V3kIeXyDrn-IkhD@x2MhWjJw388DC~o
zT$=HkUR}*>^Kft@n(dBmm{%Nh<1rJ>zVhtqJ^CrZm~{!i2+^-IoY`U$RNWfTdGg$^
z2nZ^-rhgu0JJ=p69tzq#>si{TKDAhlOV;zzG?p;0yzV=?mryujHSZi;_?gd6Kls_t
zPXG4IXQ%%Pp8pHJ{}{f1<L5p*U4Vc8KK%P_c;AJ8|4aC77XJPT`1{|2zdwP$oAB?y
z2j#x^^PinQgXcPb?rHyS!Lw*R_q2cY^8e1?`0Vt*hG*fIKRf*=@O;Ss{SV-I4DY}9
zE1#Xd3(sYEqQAl3|NO78atpt#{@uLv+3BCepPl~tZ+v$8U3ebwfB!>x{!{qvU%~S!
z{QVEV^4aM>=kNcVm-}_?-x5P&l9a_Vg3sUjZFo*ql$rnix4B7CWSG=N#xXeZ9&IU9
zoPK4^uh>BZ({9;a;XkSgN3h7cT8-k5U|TmXg`;@(R{U{fU2jIxa3)f7H}XvFXx#1h
z_GtNGvRfYBr$P)Nh8@O4!!SZtWQ=W~Qe&+LtR3U3J>I@|9Ys*?&{8%o+vVu;Tpcs#
zT39wHN3#7=Rfmdg5(*m+`#I?f)_asW?nu1f$o87v_sxxHx7%-y+?wpQQ<1-hdXMi%
zWP%c@C|{B)k#ZZ1Hku-gV1%|)Fbm>lJb)d&^DOSk-}<{Tl2&^YHOOPK!TotCHfV|w
z`yw77oj~Q|!Jt3nF(KdWk6<Sf0SEiT2uCh!M>0$)ZoT3gMvYT2d;RqLPY%;|-i??o
zdE;PI#JCQqsioIhlN!T%cZ4A<D}<`FBUNr}#&_OXyYuea-7D)GGE-Lk_S(iBj8Fn4
zj5wCWn<*fJ)+qjv$N7GLj0S6aJ&Xm`&VcAG7Lt(%w#;X~fhCu>fQUm_xwXq8mCE|&
z#^pI?i;pg&3IBsES>7EXZQ%36zx&zgAHnl`@cbB_b5F=8sO%W+%Y4EwL|(+QSTDV<
zG9jY!@WsgLSQ>jpbh)_Cp#y~+nBlU(cNOHjES6!~phR;mkks+}l@$uBfk_bP`&?tU
zGt5U<R&u(L#odA4N8exo8=HgCdank}G+5IO(R4!;fP*NAW{>mi_K{pxbVNt7ZF!j-
z!sceaQ2>HU-_5%Zn!|%^D1EM&TQ$5F>4sPY6qf82lRSvmAl=334zt~ZwJwao8r+<3
zhC9cLC@P18W)GJ(cMRr-P~>U(Q4cr}9I+F8B}niPE9U!Idv(xZ4pJgu5DZ(KwuY#E
zu7%s5Tc%Fj!vBk6b9B6%@w6Lg)ohcX)aJCt@O;T(H~6nJkpY|b|Jqz6q*W!I(59~m
zv2f^z#-!^TG-^x5dM^_{Kq@yw-D5`@)FoidCWU9>v<d8)w~F0tX;!Zecy2i>flVlk
z2MR%2z^U=gCx^J*)-GS^$e<fZ3*K~<9FKh6e5G7hDfT!bX;-T4bo;FXMWFOxlr&)E
z8-VbYm6)UO7#cN)59fkiMa(Tl>|XYi&#KzoTmufI-J|$8rX~UYNh6hGuV68m^MJbr
z3NK_W2oSa>J^YfLe)}j<&U-f1w#0mz@exBJ+UgIEE`k*3McEkj%Mn2h`CY!HXYHB@
z?r<x<%%U;z7@M73Zv0uBwsdX&QxIKZNbK-86h_MS@NW)L`?$<&(5ts*)ZE8&H2Qk*
zSviM4$jI|#B#K%sK-_Gw2$yM5@GO!!3OB%S?hSN`+CL*HD&g@BC4fEN;KE;eXLV~E
z2FzlmVxkY&rcCqm=61X+=G|)VXoZlGKBddCZ<CUH`2Ef(yD6t>J>Fh{X}hgE?PHfD
zv_>ZvH<RLC%V-TlPE=}-<K5CiklzQX{O0`1${YgQ#yy2w8Z$Ro!5jCq2tf*gIdx@d
zQtrI>ezggB$7IbjCV<+s!xAFX+RDnzoF5jiqJhNnb;Xlb^ieJgK~cIsaVX||<KUxK
zi^aIfr=GR*IBReB`><X1^j=8}_qB*k`eX?sDEI2KAm!Q3r$ED5;JKIHl~+0sZw2e!
zLevjmM8oo~F2%y&H2co_#@p%kCeP~(T+G~5UGBxMvG7!Xb9;sQcb3HhJ)4PT-?*gw
zJo|J;{C$O$=11>bamml2=QNr=toU&fyZWMxufD=;c0C<KZ8Y2M8pmtRT2t_o!jB|@
ziyn$|>eHY*&R4a}R<didv(J&btHPQ(Uyj$|Y(*?%jWb$|h{hAEb$X1ZxsXycWJ3bN
z3rA^R9}OCm-eAuQLtMC|YXQu9Be{RrbKO{r_FU(=HP30vGx4EhXXcI0u-%=ZZte68
zubt)(vhJ1sc(eeZ#?P)iyZ%P{#%ovlgVDlHr?*h3y83?eNpm56(ix7%&2HN1wYuYW
zmM=)%bP6R8`@IPO?Bb362+vjp$_c+dAi4t892>_H3T{ul6s=iO*Q4&9xkg`(E~6;7
z3&Vr%)Sc13{9!V!S}YV0D)}zsu~h)VXkrn;YW7&PC4#veM|VKh!#jXom{GBL%Y|u5
zh#h##(oK<DmZ%D4cc7VAn6qkKYeH4D!5Vj)!x+Ac#73mxKg>q^eJppUKkmU<@Nz`b
zGW^@^plboV>;SFgfWrDDReX!CBjTMb9_P>+b(H5Qi&r16H=+hor(mRB!{3*#eG~q#
z4HAe{46sBJ3-H@<Xsy+R<_K}T0r*;uzu>h5X(w@1F@wzIdVJU%we~aS&nN~PZBMvY
zqZ2GMr)YPhMjStc6$MRX9U8MCT~x?AF%Uo?fcU4>ygGji>WunvKFC^~-J`e}w>!HO
zO>pEOD<e6x^-q0jl$di=4kjE(5f?=Xj4IHJStuiz)$B5+-GByhjyG`vAR!oD>~^M;
z=fK-B7}d96w)UUq@j@IuXtp-D8s(`Posq0jh^|-}W^3Nu1rj6K5auCpgLId2L)~BB
zUP~W6-oW&NqCL9zi}3;$;2T$Vkr){^Kk<T2TO+vQ6w$6+VYg_oNV?s)*?rnP0zBme
zM}>@BX9NflLa;#XJ`sl6xUa3pdK|&~p}Z>-)KdjvPu}ZbLbH67HDTPgvTPaMxAsS)
zLB71Oum>YC-hqSp;exp1V^@5+nshte{?5W79B|pJLx#{eY~z*PL!<ZaK`oMo6Hzs#
zQGCMQCo_@vee_!6>em~uF;3AK>@<KEH6!ocgb2sRZYMUFO&{vwqeQzOl(HL!L^rZC
zC>uIy8jklCq_;+0G-1$f_VzU0WNZbPC9h@-dJ7aCf-Ix1lUR=H!lS?=sy94hgUG*-
z7w^mkv|_Xn7lDgouS&^__nZPtCPA=1QC**68p3=4vm;H|Zj$!Khs<-@vX!LHO{zvj
zDayU6F^4p7fxI|p#{%|sN#z#E8)gnSp$$}T%;=wbqB|!uUP6;CnWjk{E{ArE4%Gn9
zL)$iepOV79%Gj6|i4FwUe)mZRbL1Wf5M%hde#kd;<_QQ34Gn5~t)rx2QH$d5iC?2?
zQ<QEPO3rJ%aapG<3N40Ish(=Hc6xG6x%j-qm@qFI;(GD%pbfa1CA92>b$vZX@)jiO
zh;d6n;*B<8T)624lxN#;yPxH{848mGmGl;=p0k{(gnEiiNB2+?9qXyVay+$~SQ49N
zA_SeSNEmLwsSxCpZs#EDqIF3V+wJF>fC2(Y+#2Vj{vqFg^Lo7Bf0{kP(93qrL}8P|
zBZiNL%^tG^isek~WI2~tdKkACbI$SY5-aYb0clT4CLlK>A)0{iUL$HB!H&^srK<A{
zc2lAfpL@z&S)n*qXyL?7qv$uxs67|)WThGdo_8T=(ctsBvk{Dy<nJ|c9lgExdUOin
zwBx7Wc+l^6rzKd4op)iL!6su1oM`YjlgV1p6cek=474%Y)guu&C(Z%NJP22SILe)v
z#L&)-DsSddB4X9&7nHrh^!tO!u0fDe99szwY}9=@PLDBJDNcmsvYC>!GAfcg&~ld-
zJy?!>oP*g*tF^?^fAU-C0@lwPI4O1yq{H6T*X52PPki^9D2E*t8QZdh;u~(266YjX
zs=5`9gc0vDAaOPv_J_;yD$MZS6*}>X8)+rY!#t%kE=*P_wChE4nEp*Xh=|=q?lNpM
zkI|r<UL>Z_Flj`LaaVcSRU+*qH74bxBDB?7<A>v^=Z<1;YCPf3Tv@295F>?N00C-A
zsN5C;<eBkrxN^#iSk0tDS>?H?wsCqHhCwFYyH4R?7u}*PaKiL>)d~>P_VpRDWIdea
zIF4+u@945_5ri*%hazfqm(pS%CyB>;A~{Le?$geh5f*$IHd9$IPl7U#({;`=W0r?Q
z&x0qMyQ$%TH@cDC+;i`RjUgRG65Y0=Kz|ue&~Hi^+U^mb^hs#z6rG7m6W^ivO<_%>
zQ@n#4=poF%LOS_K91?2_5RqfPSdZUYDczOlfuukU(6SB(Y(!A|6X%p^lIuAhuiwRV
z2={N0_44C9(-AO?!f?xwW|9r%madA|5-xp_v%V0;MD)c001>a~$gLHQe9-8~q30k>
zb~>X}V;6w4`Nk~m@wZvLF(WTFzQygYYnK^8@K%FYSFCE28?))&Jt}rT%R~ojw_vTn
z8fJ`Aj=p!cNTm>Z;h=(|F4>N+`05Uf18n<ti2u!Awz*50_KvL;s`J^J_`>2RpxlGT
zQmNj{jm_<JYi+x>sGl_1EJEsXS4uf<MchJ`XH$XhqJ-nRawA`upPvDV_#0@0Ad+mO
zYLlll<SJew`3Uux{R0$|8&roYH?~Cqm_z+mhh%S3=3~u0I8XIBG*(L)<<Z1H{stVK
z58_t<DoaOAK42$O?Kp$dw^zGnsl5tWD|Kvh*CvW^1(t2Aq-Qf_)QAu0ko%x{^oRhV
zeVnaGDn!fZw2qia3?*MNhDTWej9IiSoq5eADvK|w5`oEfgR7EQ_5+!oiNY$f3u7(8
z3kqTkV}pWfcInAPicN`+lL;FhEMl{jqQVVDOR-nktjJ8QW3XsqU2gtOPUIUC)QOrR
zaapsDoO6^#tTBCWzPomB_3{1f^#5n?O@kxJ(!;Ri-o(-(Y0_L;E0fvS;xy2ME*y=%
zfa#t=qpN$c-3`DvW_EXGl$)qZ0J&YLtgWnSG<K%NuqYql4O^B)Te4S*uq{~(kw5rD
zv?&Ec<ZjQ9l)XHx5JQwnJLH2V6=Z}+M@Xi^YYG0ocfZW{@~8vH%py8FvohcDz3+YR
zz3+Y3TUp)QT3TJMVPq%1Ep$^~c?4c{zBV;Vt$}dsq;I9%OGRoLg6#65T|SY~1t&e6
z)b$G$;?%R4rsKx!Y=|jyK08K<6I*r@?g2XtwHIkgMjb?UcgR9+nMS+yv?Z}jsDIu4
z4yvq3ePL8xS*ty*2UHDIkd?sAd5ZUv@<D!DbwC9QLeN88epz^C9<g7sLy*}B3wc6-
z*s6!lR8LaD%^c~1rC5Tlo=s%Upe2Hy&gf`1a|uWq;&>{06d608>L56X_}4`i2ZwyR
zaLc_sD<Vh4<g*OHCIxPK1!{{X)R=9y3|b;Xvr|p5)=(rf$)GkFgJzSaY3<CI3ff#&
zNvB+b{}xa_+Tqc|kX$0U98*Szc~OPQA*7bZ^{7d+s)I)i@%5#R&Dus)R!quQPU7qz
z%BhknxFGp<)XkhSR9UL!*(Q@`u&W9H{J!orbVEl`@R{ov1+e#Z2Z*ISbu63;w0XhL
z^e-^1xA;dv$CxNeSrfEbQz8~k*~!k-fZ=xAiDJOkp%s#~5i~JuV9=m-OPBXb9@g&i
zoTu3J0)~7V7;baVGqn^$+DMj9%b}6yWOgXtqO(l^ef2xWc*q(+eae5b_M2R=EH}u?
zKGw8*CZ~kx-I*>UdlRfW*QSZXP?|<B*ht*w7p|guAP-d)nX%piXi<tu%9b#YL9$v#
z0xuJhh|Ia5|5gA}j#oB91MmiQluO$Cskr`%Wn3q^OqZ%OX|s6g+-TyK1~5yxDBHio
zPccf-0#o>u(E(?gsgbZMr28w?d}T4>QDkt^68^WxJN_Xt4jz9tY3_f4aicQLZ<Ecd
zjIzTup+f(8Kj@}Y2^A?5JL?iv`Hmg3$_1$s4NB=IZ)W|dSTd!N9^9aYwQ?F_1Uk+b
zSogqhGn;x^=Yl)#zQ}=G%p=NSD6*kN29<J28b~X(`D6^UY_Ah&HN-0-97BU6ga~I9
zeHVG0(q3^Nbn0=;rfVik#m$Eh)vTx$xG1KvAyPFj+F|~(p#~ly3Q~HQDAiaSjqaOB
zddrn^qHYJp;l@NW$uOiWAgUHi0DHyO&KYHbU`4R7eixJw1l2?X`z<pCR<Vk5s!CSI
zB6Jd8wh9$4!@_(3GrFh=MmtnSUBEP0FyYXFz&Ru&3E}pVgn~J`z}pvJG~y#1Dndx%
zQf9c+2?p*|d-_?TJklsQM~cn|Q$XYJ7U!FAj%asd<eJt|{TOsHS`ZzfDP?f9^Cfxo
z{LYtf5Rvs98=rud;EN;*nYtj_RcDt;ZNeiu@+t!!YayE}RpCJox_4F1XcFP!qgELm
z@}MSd$msYtj3_yBGYvoln52r_<mq6?d=*UV#^i#i>lfMEnT0X2=m}txBIYD?iSL#m
z&}s+;Yf-5blandBb~HN3B3T^R`{L9Sj(<KRc>HW~W+M5@3Qi^<dIw$>P{{l&KVSu@
zW%j0fiF}xZMP6gN1k+#LS5IEa&uGbkH-;8`oN|r$Qfin>)R62)t&$X0XoW&cK!2Du
zou-+99@MMZZjq^vZrT_(oMnAsD1fmrrXClDyQzIJl!No0+zyxD5D#HXJgDf?vY$})
ze58)fk%$PzU6tj=C}W?D8J@XypUfJ4fEY}QdMT$IphkF`1l7c7X#A{KE!G+98A7zV
z0BpBp#4lc4X8nGg4Kr0*_Y0y)wvhtDM&dbu1*+b;A0Sm8!<>>a9gAZLK|#ThOh;B?
zTS-SY;UhBU<f1jed_`XyZ2*+IoSf|?wIf&MNqoP<J~5jEy#oE)!^me*fS5^xc^V`p
znWmhYL!p)@#Q?G8cde7$XJVHrHY092Ycs0*&GbY-UX!TV#%7OKxDybIo@b(TQcV&f
zmEd_Lfl7kbwm?DwEQzPcabrRrb-f%b;+mm%Hj7zCLBy5c3XdFb3M*-EcygR);Ak?t
zL-oNbz%b5$dgF2mCOZnXW0Na4Q?3GvaCB{VniC14VhOtR>pF>NY?lw4B~gldi!SR^
z3$3EnGRk%*#;3>m)c3NU1{fIKP2e8vCP?H5o?#)C0ZPlrW*WviPB0y=n}zTrjZE56
z4CKvTL(;grg8mC@yAv0uFRB7Rk`P51(Ae>D*??-?Lly|V!Z68;?kodVBmbASxWRXp
ziTZ7KsdeOHaAOMo7I#I_x&zW^*2rAY6HDSy=wuw>WEH}OBu3ZpacNO&{Nt`QW(Iju
zt&y6M@eJKaS^`YSbgFq7vu$06M#io$+;Vy`=^kO6O5z7>Z#-n7xvRvWRlG!xdn{!~
z30F%!&EO~6p|<=kFOS!NnJ>oFEuV%di10fW!@_^Fs2<F@4kk#X$v8kOT;eaZ%R*<9
z#OQ0;y4ZE0Pq7G+7t{MqJUQlwn#c~72&Qs|`v62@m^My@I2gW)B1%dOlf#{y_Vd!#
zZCvHQ@)e4iEj|Zxdqw7=Y@Q;8Y{X!yNefjb2g@9!V0cpOo>`p<SS;w&XF&}~vhkbn
z5tA>)=9P#I0MlI32jJQLZvwc8pTUy|qm49!tPTerrw&~8b_)l`Yt*h;WnR<O^jhTj
z1`=wvByDZEy_Ot=R?1Q}sC{h~9ar`wO}mT*!=fbQjmQk8n$BI8RgNi@2z!G7jKN@U
zse?hXG490HqzSW_;u+(>HMpoGhkhh-boKK)@3<FWIMSMURRis>#B4OaMPka(Ss3R?
zKC=tAcM=mvSwsknUmc(1(2imT*a9@h@CijYTa%_?o!A&@N^-K(-{UhS-4dp|`WCB0
znQ{1wXQLkh%Jd=`k`d57Z|m^sUYWAk+r9?@2huVK=w~_z6ufb)o%VnTo|1zKI@*}f
z=vP5if^LULuue*d*gA5EoKr3+3kzGHU$1$OYMYx&_iNaRM88D!oR@ER2}t?g<>_#7
z#huyHdCPgG%Q(Arvxxu^KyX2!>fG9=7bYVNMKCkPiyzc4bOi8osD}k%zQ1ExpT<m2
zDTF0g*E4iKsf2M(k;5A-$VeXv$(_rh*780eCumHlEH3Kx=;+P#x?(hM^t;NlMmc56
zlM?}tO)Vp}k71Qq%w&Lr_m6haS*y-x4xw!Jsi+-KQFNF2#+vQTZO+hQSgCemm0c{J
z&ww5(11i)uDfQk-<}W>k7|gk-kF_w{vVh~r-3PG*%0Y`TDkxzKNmxA^8*n?ORyeHm
zm=ayS1)drgmg>dX8;m?)9^B@komJT&_G(6%e|fXD;rbn_<ZAM^ELA6yQPBBRc`sO}
zw7!OD(dl=a*@@r+Gqq(Cv=G6t8ThFJL?rc!SsQGk*_U)qjVvto8mtjQ3(w2fEHY?;
z1a$S#3`)i_k4%<WZ+L8MYim+AAxY?gbIc=!Nxe>Ck5Sa1BW0z5-xlOsi;MRHfpn)6
z_>Y<S4{_KgZA)4Ta0F?IbPEBifd|Q@E$XGnUQo52`jhU@%%;~-^YduW3@ky^^wir#
zI16s%p+Qh-he184h^)j68((SlkYLJc`Pg=(o36&rsKZBF1u|exw_S_Nk;=|Mv1DU&
zL&jOS@*UcBq*7x_dW27seYF9^F=&Q}vLCxJs=QQx+%iQR!Q|b@lz3)QwlDehom-|%
z*+iKh_f{t1G+iaMqlrY^$XmL=Lhk)#dx^DOM3za#;(^cjQa#KiCJl`AtVl{+_i!JD
zrxO?Oixh5<9`g6ZA<U?nz*DN(R4W-wNF;NKAQcJ^!)oMW5B|qyFGnQf0W02C5|O2l
zPWeQJpiWR$GnXj@d~#ANNC(3OCiT#dQDXx;&pkZ+74s<RpQRxcpD?##F)rSz7#S09
zHS~@R$@+%dzVup$9lx#m%CHra?6aG^^Ar0r0vAh>-ljQnWx;fGA;LqwZ8pt)nk^64
zGWldok5AOLxPRl}6l(KCS63Jt$7V}KaOM2`KmEDmKl4XFcl_&c|It7Exr}qVX;IgO
z6im#I>X8fdd@R@%(o?v}$=f_oi-Tc@yaT`O2wx+|$aXnZWzS0FhNL%BaW{>zF_c5I
zsoyir*6W5%dJ>t#k4B&%8U$El1$UX^g+RqiOcJG|p+XlKN~yQ`iHGJ;pw`_YZmlt5
z=O)Te8tJNqd`N2^ch}$_1?EW{#`Dy69y%kp`Ix}W&I>HiNR(53V2r{q=o1I$gl?Lm
z#QW9bUQQC$hsCwVQ+_z8w9EqWRA+CP#+)g}APu@EnK>#$%8staS0%p9WC7BmP6O!z
zhMzgC7emQJMGch3UNJno+PAkW+p8P3<+b~(D_^MH#i&u2XRRNmT>7!@x1v^9_nX>5
zu+}(Dg3Ky<#)>5-V>-Ij+Z9@d_uA6K?HUG|)B;S=d7k?^s&Hp<b1Theu;(|II(t3r
z2b1Pz*+<(Epc{IAhluM2ybO=QO*)sXY(iV(a9tDNn;IjX78q=862ZkXW7Y+o5D&@d
zu!wJ5V^xnjut#V|EfPkY)B|94j{1mWm#AUHG3^uz>?efXS;N$HRy3g!!SHm+w2;H8
z!SAx-*%h#DPDO?Uh9T{<VB{*)Zs7^|SHtlSc25Z-3`xz@?NlAY(!j3t&1u_&x)(AC
zYw##3Qrn#)rN>ll0{=5eNM$z*&)4K83eC?G@!)f0#@G@9QCfJMcs;?QDGo5(ZbHYU
z-F#DXoD$!f&vQ!T{9(<xBLqeoZY9Hgzs7b!3OnNA5oQ%N#6a<$D=qO)9UhX5YcQO;
znQNG6o};TAQjzQlw+3Zef|SeLEW&xUBD<xMli9?6S`6cy1XzyEFF_fWZ@lFazGM@)
z5{GYcX|<aq3+?iyPRBnoof@MTWzMB|(j~;W<fs7GWo+J*n>^CUv<_OuY&r7+847Y|
zjlZhQ2$A}4Ca^aM-!pEipB+0w4;aG}EYNB?F$Zv{h=n+{ERwSU!=XBBCC4o7%Qq6m
zyrm1FC38y1EGy#hm@!tg$U5a}OSZ#Q2W%!2#b>JX$zI;1%g+-a%pj6i=~=nOt#4+p
zU^d&Xhf6;#2ihl@eimOcos`)wCDStzlQD}ny2#E!h~O)Xso~DKW=Xbd+K=!C!8XL$
zrgW@b0M3J?OmdDgbbfv)kq{NFnC*S+*h$ySwF@O`VF<NVB<o-ag+7V?R+ti2ds>0R
zh3oFiZiVewD(-@!-8s>|VD<&HFHDtiJqA<~XW~A=Y)fi;!tD~V0890`HatdE%bD%L
zeh`U}RZ^jlaS~_I)@?eOY)woy(i6Q@Rl;)T+g0T?lbU*Ebpc6H1iJK$l@HwGu4jPn
zi4U+n?sAPcJ`$uu39pF5ei`+^Hxu;4hm5-Z-691v;-&z*iUJyVho^gr9Ld7toWk*t
zXoU#eVzuyIq-%JQ_P<6CpJwMB!+x$P7Wk+ygbG+V+jvrhp0y}Ww5kdt#$2b4A?18^
zL9Lcv;RI`_EsM&>QnlbjZLLG}#2q%Xt8=%ZYWu9uH8wJah=D&~QV}EbAPq@O85i~P
z`8d6h9;g|0P@X2EB5AM<wG}jECfpyHOwfjz?p-^9U*C73nxINeH`2=>F(Dux!xg?_
zQd0mq0|{FN<DA-!Sau<b_cRqYGKn}(WlhJ_I^m$b;UAjw($xV{Fq3sffuXEhw1i0-
zA4Votmk-qz=QY0r^-|3?7llo^q7cOhO16uB&0EtMjZ{MZ6-`xPdm|V?3JeXtPGhl?
zrb;N}5?rt>9=E(u5PpI_bS{NAq-GM$Jgas|=NjRs;?eK`DOav50a6m@LM)E)R9CO4
zsRW%B<#@`of!JT%J}eG$`Eg^dCHQfII!m32z37DE>5k&XJro3L#zK>*;u6~-&Au?r
zBn+FUMPfH1E^V4FxZacIYl~nzm-iLozx@8tOdty}$i`0VzqdxoIG5?{6K0+Z^)qF#
zEv>NoQ=~0-3=J4`Q8yQm%XyGhvg03ew=K&WYix6}y}X!0r79$5TY7l`Z1FYFU;fIg
zl%cM@C8$xhimzLlWRkJ|7MPAF3)V8!mAMpLS!75m63cle!P;WZnaGsFp9->PBIsfA
z4mqO3VV6u52Xe~Or?iA|6SuQ5mV_xvNJF`8TN!DnkTK^0nxd@RV|Kij1f2GT21=1g
z1DVQKct9v5<5*rV%!*iQ_-%NDKbNBxFe6>=p{W~5q1_z)>Iofj0WEQEE&PwwrfH9*
z{+M<$17U*Oe<!VOb2%K6X;I5lj)&oY(qi{n38vjLI&AD6CQ9+~B{43XZ5eu5XHKPi
zb#iDs0Wwl;lKE=PPLCQc8!U&Hp-$PzDkmWh4bg9PsoH$998~#JNaj|_*t<FEi~cud
znfTGMu&8<*N*&T8e%P0G4w#~DDl=h`DI_>(caPWyqzKI)goXo8w`e71ZlelEe1Qme
zcw91793gmO!6zN~j{{c1a@0Q31pbWUG8H6DqWj&faFZXd^BlqEr2xtnr9=k<ABj$%
zO7CWdu$}Q6jT76sm25nKhK(OltCyP13@T7&3TO+$_R`BD)Cpe{s2K&tLczAF4hR&N
z3tBM+TmS3?bU<P_Cg%XLeYFk3J|G*#L@mo)j+)FjKCbp!2T>#34H0tEB2Ah&kW?x;
ze<Y+-gOB}Djdz<|ZGZtg!a=Iz+b~ko)YJD+6$mLbP79As>)6WplsV|=u2&O&SHrl5
zMX0_^mQU(v*UDH_rB&87S9QlOh+GYS(962Q%8W-Y&d6pYc)7?#2+yMe)7G=G4AoMO
z0;o`<69gj^IcHtF)ZZi^OQH>I2CcpBzSh7E6o(-cSLUz?Ocga75An1vk*?i~_sN?H
zS^%UY{*%<#6W2xb-io(dFwN6+lkRO6)E`6llQN<<{lrV>uHqRY54Hv3W$D7W?G=Q1
zHA44S;s{A6J6nnj)|}wS<Sv-liAiU{q)<?;Lv9k-Hff-e(+am_@nlwk((x2dcD^ur
zYnQ53<Q+%^nTZ81;pA0i$_QEas}rP@kz!|i_=C)Q{Yy?Mc}T!HWC*X5uFSoZ+L=39
zROP1I%JXZYPd?ikMW|T<J~=Fki7sV2lS)-Pj^decYFR=Xb{a6GOSrWucPH5QpM+7T
z8N}4A76b2g0;X~%cJTE4t+0h9?4j{zSdW=M4zuA{YXfx{ovnF-R`cjy)Y*=MJ4eE8
zkodYGkP8d+%qkJ>hJ-F-)-5T7LAIwyXy77u;4BnUM9;Fzfa7l5B-tk>GmM6ss?k(-
zVN{^S?W(47VMZ4ij<hd5IjDa2$-(AP3y|Cm>toWoD8Ew5s1>saVw^nWz$jm~+7lmE
zeY90V*4ES>8Lkp-eTIx9;+Oe^nrn%CcB3TgcAN5#F#OB4x!vr=OK}|TwQNlna_oum
z)wQixS61(PTWj9R>cf@Qn#4@lf}#T#dx8Y09tEZ(tQLd`RF=mB+bf((_apmC_XfgF
ztgdW0#kNG0dpnaptbz%){}_NqGEj7O$)qG!wGJtdESt5X#KA}#k9L$~$FCZHvfY27
z3C1ei)Z_@I(PB5k9PRK@1J;!{@^n~L;yeuUL$^k9^p#cMMf&XWkh`$fjgt+N>!6R1
z^a&oHbRDZVg_AbKvwz{%ijK{k&LKu_jw%pzEc;={A}4pOyI?~j)UwQ9GEBt{<w<)^
zr>golIh@gwaTqbi0y10}qY00AAP0Clkh2*y+^EGky*=*W1KgkAmEnqGn9ib3mmGco
z1yyssjFd1XKp3Q-i#r=#nbUHUXkBHCxXMF>4FbsA6_LAS&e{27hUrU0c7SCO&+Y=}
zKCS~VytUtndVBk*3TPpp?(9TQVO%~Aj_B}%@uoi0Sj^;CybnF5e1r!+R!J(dFM+p;
zR3lIKFpg*PLY8ri@kUC-j2;PO?wAxBg$g8@Xpt0rrBK-(uMODnx)dEG3F5;^NhcYC
z6hzQRbgfr^>$srrh*`CgM*Ox^u6hM)1&P?mYH2*kDS4&-@Y?)5&)89AbnpYvKz@m7
zmV_5@m~U$hf4mxzSk?{Yl>=zyGafHm2KDhACBo;Fn>OmmS92##K@{U$7JtTKq09Cz
zj3_HeOjsD(q^i*%j1Z8B0fiz%NOc8q*Vji4E|!TNuGn=V#ug8;d?>(JMY0Gp5!$T;
z);f$#EQn{3feO~b{}`Qd<GpN<vw*{y?QjS*Awx;@Ll}wim(fkq+&hOBN*0;Z{r&Vj
zDYsPjXVp@q$Fn<|!85ELKY`93Za<Hpi_cK+=67tyF^}ou(rX*Ftj)9Y10<6?ngN*B
zKd!n)DmH!QzzDoNC0W(b>A>40BTZ=LcCM?2tw?@CR0+<cl04w6l49D@NfO+RErDJN
zv-|4PD3b@tSF9#=Jg1B_GfOcHBqdUi$sjkWflZpwFadm4tyQ8B=D%c@RSc|CCFO#n
z7_FITdn}W;hf2A1Xu>o!#mt)c2v$28up+-g%|+`5!o@9-C_*RORK4bykUF(h(hPCM
zI{y3MpcD{jD-7aa1WO__tNi3f0Z<E_U(WVa;!{jJ`3;#$cl2!)`vAq1v6ppA#leQA
zZZ6X2IK@iN&sZHrlQWL=$ZNSYjmT^~#@;O1bWKSaO3Q+D%{);ZEklb&Q;^%zig`{P
zb;N{X_(!pxJk~{??<NlEC~ZU42@awshPrI54->R%a+1N}r%+5#-YVS&g^Tu^q#mGh
zlwy$>*FHP@CN2?Pv5%RWAcOFW)&?rwok?!#V|4Q8{=#E4iQ__ci|t;P$#aoSwq^-z
zAdpH@5H>i~0MJM>=7pu&i0=6H$A^B0>kKFJ+}=wM9sr<#m2fFC(~Jm95=fu)q3#A~
zi@0*EJi<<4q^5bEv7BL=@NzFZR!iWv@1dugu;%Q8Pjl!=v(^(CSq9VIlKik`eD#Ne
zvprVKoZiURu#*@U-yRZ$7n}4(>FkjHaJ&(7wrK=-a%M*#?urAce{57&7H(eigW!nq
z#?OW(QWmWrHlLgy=tRcwwLsmc3+K?(Ru&>F$%AF~?c`z^-`O*zHq*rGHd60XR3(Id
zMe(R?7a@CU#7N%uW!o;{UeqC*1k8>mtC&s6x1hDRoXhjDREK8)$wUBSLUCW=k<B8l
zVtrF;7A&Gl9nw^2-G~&8dz;gM;m(R>q0N~abLgl1s5xUw;<GRWGv+y%-qbNNgjs8F
z_4ipo*=T1i73HVSn;8@%r^|^I2k1P^EvGuIq*3`km_vp$eGCsZCp=e_vLKOK@th;q
zxL%D34it5~b!Vhoc3LK2%kl9%NOC$0JICBy2Z|!-(JIu!Ry+4QRTNs?@-U;OukeE$
z&@4icR?^m~G}&a8ovtoVD$KOIDYiJNHaOZLCq*oQG%Ht|VL=u_R1&}W5!u!p*!p5B
zcSb}^^KP;49Y_PuYp@rd)J_kekhhsWB!S@(wp1g9p()_Yw|FS}_`%!$KGC3`8&x?C
ztHA0%Q`+(~q*tIwV&{vVf7OD$&(D{3fkb%Fa#Y!Zn$9O9=TwO&$R@gt^9hWca*uoy
z@?w)BwBtMPxPdr^PQI71B#T5Gqtn{6A@$DC^&uuE#!9>lsFmHN9rOmwoRSI(%o8lz
zZFfgBoJ3#g6J?8Xh$NZ9fEqC?6)7AuqXn8o?{1z?9i(Vu#;WDLtrROp6UnL>nbE>j
zepKf~wHgJh$-dI!s@<q`)q=k@vaSJT4o^&TmhQImrb9Edz^F|-tFjH@rTM`TaulA3
z4hElrvc(_?7MN`sH6_G3k&c`sPESHZl-Vc7)5Cc9=_h3(;Sk&@e#nS8%@uj@=s5BS
ztvyRb2>?Pnr7IWYGGTP+v@}Me=*UPQy}aNS`7s=Zg*(1d(x?_nX{4luWTArhGqvB!
z@GC6!7-0xA!d?^!0Wzv6DMLeQ9Q1|M#P*{&uGpse%n+5_J10<(Nk3Uze{N<_3?FQt
zb!PCvb}lfF8l&js*K<2>;90ko=$TX;al;8PGc>%Zac3-T&kQ|7+g(;>RWt($<cV=n
z=#oIA`Q>n(lX+*{^?Lwc9=FRB1s3<8XQQimF_kAB6c(z_))1tHVXQ3u7(phYVoS6Z
z`hpz%j`3^)d4l^CjU^t#AlwM{!kBIq`)1F`TB=HfJt0$>(q1uvN**nkP=aw*H@ls%
zwdd|&$W^WRBnT_wa{y%KW3Af8--PZ72rSrb+VL}WR<PE1dr;hmB*yIBpovjpgGMqs
zF0WJxj@zG|t?aK7J(ewWI*){G#meZYSj6*W?W8;t3!Ylh0}vq-y%n)3mV|PhDx$5L
zGNF#W<cF{FD7i&tsM4!{p}2W*QrudWK4d=_MyHg&30mON(wKG{Nho?y{Yv{!eCOTC
zQwSYyKOuHykX_cp=CebU!$U9R%9?1*+!9Nz`Ao9H9hZpCK2VI^yh;<XcTI?XJ?sR~
z$p?P7N@hgt?fiIZ*HjT#GPIcCc(An&S65i%C5p^dXt(*PLtGCz!n0Y^3`$?evzD)z
zu{#&|DUhQ$n>10Ea>N#0P$7FVWC)7L`Z)?I+1qvj8A~x#D5Wx;m9FX39kH@!+D~i(
z6U5@{=_V9>he5$%-=>mH<^~lUf<<Xi(r?T30(ik>Mq%rDDo{?phqxM}=8Y9m$vqpB
ztosuxRdo^o#}Z(!2z9d7c+D(9)4C0I2$bG~T)zX8AeDG4r*tGfDF#UPrdje7=pw?b
z7VRX%l*JL}zVL!v-ucv$dYM6dw9kzLSIpDOHkEg#@zC-oLc*RvSvr66v~Nj%CCpcz
zm7|n_EmssP9d?YbVHUbzvg{F<XoPV)iW6t2$Qeu&{LE^qldX%^$=x<3rzYfnY=(>_
zt8*#kgp}1j6X?Dcl6?H<&8HeWk~jj#HkmX2)Ga!xv(xNGx)PDp1-itBHlsnBN|+YA
zG#lV$fY-x685@xd_e3|au=9YqcX=O*f#+nJFkVIujqSNj!#Ab2k}LT$VR(wdN-=ww
z<c-QON=g?kQx1l-PHVu%R1Fw0FeZr~bWtG6BwuSCT$Ggn;x8+Tr?hZW$us5@pbqWa
zDvG7NA(l14S*AC}zR@k1k$L9pl4Y69J;HntVWfFrFv{XOXOI0}NVZ?H4N??yzZ3P^
za_d@jsA{t(&1I6&WDA4M@}QHd9s9r*0o`yodSwqW<wYHlM%nP^_jXQA{U7s_hASbA
z$b@YKr-G}S{o!vS^Us=h6+<YdmD3J~Pfo7(b@HUPoM*gE*}dZAL!Se>V3jk$E?!UO
z{<K78{q8^2*2$fR#;DT$rlBE=$!$ZTFzZfGFFp%bbO+|@y-;W;mIS7fvXV4+u@Jf@
z_gWNuV3xX}-<(Kn-OOlwR-&awCZNE6F-uY~m=i(~aOp<RNE>OaaBeZN_Z(3@T(}|-
zB$dj;-0=;vi94a`Is>^cykKQYhq3W1v{>Y?7IeKRwql&v9?{kbYPp#k?8HuyXhiJT
zlIXI`Y&LXo<elP9)ZDW}*oayt7~#ETpD?VxTiVXG<ep8;FgcT&Sk*F$=G&=cXIpkj
zP-DM)yp!Ev8N1|!wpW(Ab0?|7TPq7okxLLG-&bV;W;q{$9!<uqrR}{T&*{!6=4IL^
zjkt`wO(Zf`QBp}t=U9FeJ=yLR2%T?1M|t(Ctsu)H!Vdj3s`>hK<0#Y-xtzt&04uOv
zlf7lAj99_*z8p0#l^~u1;1nYu61G7mSyl{DNxXDU`Mk6zQP?PQ{J3B_F65jIpY)iP
zuq<^t{*ekZ*D~?7*K(L1Szrkdmd%9mv)zWMG&VE#{f<1YK{j_!uXPYL!d-F<GwCIX
zom|zkc|I%U+m_Ie%Tuteb+d!2Gj~4)M`N;bmGtxV?jq$t`e*?Sr;8yd;|mO|#W8_#
z-e~EeoRFGWx95p$Lq>#MN8fMz?ArN~E$&~<Z#^aYbUI(2%bbG)NSHR?=(DM3gYL2E
zW$0ePKuNmKM#NBw9UIjrl`HKV0eO#fh$~$=c;kmL#0vyupgxpccGPu}ofSbDiXp<p
zmn`kTj?u5nwYnQ{bn~Ol2{g1KVLn>`Q;?Mv8q2^5iki3pA6T)TR9s2b-+ycuWu-4g
zPt4VfFYuZ8NTeN-NH&8{FDXh;Sox9eBJ$;ec4jNf$|h4#%NxgJr9;>^mfbiG(cXxU
z4Kp@MbMF~ANz<co-X26n00n9Si%ip~Jn}39>3}0A4Y$5vl>^_nWvdpXxGX_Mxk-Ri
z*0anr5QnglJuRCvJLvt(`YR^kzEuiw^2TVT*4va3msO=mge_Fk&S&a`(~4rKoBX7<
zLMwwcF>BRNOnZeEY^6rd(`eO-P!uLjZP8W=Bv~3Oz85v+9Slo`f*D;E@rtYZ%|rhv
z-i|fBSge?^78<_`l1SA~%jOkLU8CCN*`<4Vw4S*PX5teqQ;g<*)b%3M5>WLBpj+4j
z7QQxH5v8n#q}{~#RsCqv``D|{6ixk=U3#~5U~q#__D~1H4U(+HfVr7PxV@AV^SR-R
zFP79yY3w6gdP~(bLgkbRHZs#>D4b{w%n>m|!%0({{SWOjRv4<c-I*ac8)m?ibTk}F
z93RRrahv9WWA^M7io`?OLnpFAp?DZ;Hb!IdSR-NRA69(~ih*qGpdm3z<4B786nk-t
zp?a1uhlP^K4F6$jbi3J$m*P0wYn^lyp7N-Yuv#!CMW^Kv!9+x-LI5({r7>=d5J`!0
zZ)Z}7Rn)~KLxWIB29C}yp_D|c)+2pjD<h;8L&8W~FSIM7)hn&87L+PylCdg<G$DI=
zybLGmP<e!?;e|@a7D8QflF4u=3pX+8NPaHQMgPi-bkV1!B;EA$3b>jqU=7V}%9e72
zZ_M++ah!v#zk7_=Ux4ecvF9IU*OTqPd;I6%`T|`0a6N?UHoNjbm=jg6cQE!#_@p#0
zuBVIW2OIM<DQs9l5>XJS`-&C|K?&JW8HKZl!4@VH91%YxY=xyD8b+iBbtg9*FL<`$
z)FXon%rk@d{v2eBhV&lLFWFH6HVG_kHk6BcR+Y-8r`@f!yK4(B)pwAlz~-R-c+ou!
z+;~6gH5)8Ky~~*7Fo?&JdjYW(=%`x(F~N?h(KQ*RS{y930Gp<XHX|?Db!ipZR#9FN
zE^`Wb*q1U}jUxJ@=IUta2jUmPk<WIm#*_uT9*vaRjhM%yDj1X!1+6sFF%v^~>`PaX
z+DD&=BVP&*^PXP9V!<{k^#T{@*}BBEdzZ82y=LThtGoFBRs?+1ov<6*>Jt^_WEX;;
zY`}6LyBop44XO=t+ln4Wt-X@K*-GdazPMALrd>VFyLy^0x6@ed^e#-{@Qtmolzyu9
zdO`0?r;PihExCyvS6J94A~r!ZWLSt(dxQRpzC%~n{z@-GR6~bYBBOu8J2m&$#4%Sz
z{6*#RI#S*x+keF5?l*G&r3gZ^UFGaPGb!MonHrGDTxjhZiq}QD_z`<lm=`!?44Aec
z-?t(o?L-#Ar>&)u3UMXx?Hsp^B3=$`f6|0J$vqRL45Abz-^*-NvY@8r_Urw?0Vl@N
z<ozSyud#ql9=fuD{RJd?d3G_i5i>P3(Z~TT?uBCXkx;Ig6ulUEmt|j$+D8c!l-$^+
zB>_ZC!Dqi7c8`V!?366CAlM_M6W*3oNaKD0%Rn^0PG{@S`rNdT6x7I9I!wypVbw`n
z+0kyCi&<9>rEyr*#EG?P5Q9=}j#bb4D%j>hj7v@CrKc@Bu}qW&qP^t+W+`~ICN=oO
z!<oVh`BcFfq+!H_x0Y`=n|LN{6`mB}tcsZ)B!(Sz_U*b&64hI)Wy3#w&F{d+D|48W
zq{1zrNYw7ZP6OXe(A+GM--KpEB39&WcYfyPHTPwDTVSt?fJ+OS#w8lZ9dd3M75Z==
zcBW{hfH0tG9!4DBZoy(ffl(CoiPmOgkO(GN%c3@G82&$G92M%P(`lqlD8tMXs0E0u
zS!Kt!R}cxS(U!jlYlOd7A@h?pMFxjPK<wY-CDmwFqrlQ0SxoyecquM+8$x9bzw2)f
zd9#v<3Q^%LZN#~kGEG*5n_-@LPI5Zt8!;pnTGL`*+cVi_LSM3(ygjsa>FSC$Os@J)
zij#B<le#fJxDd}ciT#EnS2%~*J2`6aIK&vtQAfB#+~^#YH_WbaoxLHPboQwgw;gHg
znw_#rf+$Wps>aGm(wxx)E#LpledZ{Ow_}l@!PLuzXpTn&{WFeL+69S)z{{|YCRy0Q
z9d^N_mM<GUcCnr~1*Fh6{7KY=>Y9PVn6B-7DX4cX%B52KaJAL>qPr9XonTjGRw(a<
zFO`Esll3HJeCh8{K*|_4@2HhnTJE}T4&jO#+%yufoSnGZjp*;~?(U5VF0_&Oj@cV*
zE~F0Q*8pJ+npg?Rqo&6f&uA{z@>m${7VWYE1ZVYsK$;s-Pv-TF+BJDoO4L5W$YunU
zA`|ITBb}to{dX2s;@Yt}02QSWEozi?0H&1oCpz9P<n~k1j*6LNZ$xA043hK*i;xGB
zZl${UyjXbj)oejrMF_)&37GB4lT5l26M~S=?uAS`m<gR26GJoWz<05~8;Bgq!iQqY
zk*b9g##q9FBQscahUBKyp$4i1$rb=Ou}>LV)h7E8+N&GEmwRC+;B#fBxXDzC;3)?-
zEUA#aErqHw!4C9thhR@qVS6-MG;YhRW-6mxKa-1fQH?ZNOiUW+_chO3ELLYy1FZAA
zCN7!A7%d;xQkHxQ+{9^;&gt_e{gJ{B@35hBGbg>#9ZBz>7v{YP0XWtn%f4i9m#u?c
zOe7i+#a1G+&#q@^vwaeC$+u^aGqN8Vh1Hm~%w&m-XVqy&55r@e1&Xk!g#f?_pa?Hx
z<7Nw0vJ)3FAIs%#2MN)e!{L?-vYYG^YV=Yz+HSsBTZ?`>MEQ2<sJf==9{OK7qScAW
zquEwyMQ3uN5vfN_S~!-QIiu&=o{ee+$qg?n3p53q9i5??EqaWh$I2S9ok$;^j$K%Z
zMWd(@6;~doBafbvd05%iv1CKlD4S=`R4g@Xf7?hbbHdIs6f43A^+Be?k?vZBw`D_f
zX!6}}hvyg?p41Q>THX&%n2ypYONZ((VD7Ah>*$9diiYga%KqSm?HHJF`atj53*S*1
z3)vw&3Qj^r!+4xt6pzw)87z{=Xsy08d7~4KqgdFC+_rVeFeL9s%2PU+9SL9Er?jVh
zboRJ(Y`lW%P25^<_=iKW+to!vs`YcKnu0rOH6E!kPbyMn7}Fxiz$lhQK~%8}six)y
zahba*$d_g+8%$<Ck-x9FI@eQ?WX!;bV2`gOVmi#C9qsWaDnY9Ov_q*0NwRpuaU&-x
zxd$7(sB=^+;E>;heA5RU^L6LKtA2bpi0hrO4MjW(y8BTho@j_Smv8TeIDn>rB3oT(
z%jMg(7EpDaKmb#vBcO11DHv|h=|r6ccge-dTvi$EFL=5zc6)KqaJvzI8Mv*eby-aw
zS8WH{1Rba+AZv#_j$I9nF1)VTzVRt+fIX2hu8dh#6-m-0yJbaBQ6mMb0hxHUFDa==
ztrD~;^@of*Z80z^)4;6unVP4xN(P$;IQSy2*T_ZxscCiDj{}4PrDYjOs4YO;h33^=
zb6|1$v9cSsVDC$6PQZ|CY~fBz^%U=*{Ei6^+Rfk~XmvC3Yw8-rWgif75~|Ehxi8;7
zVN59zy3Yz`SRRM9J%BZqG&YAEp^E8Cm&V*n?kgOFFvn~o6ZQ%)osZqmz_hhW)@xjm
zC!Z0OC-4z4!Y@saDf->JB0C=$jEb{BpxpJ^E?Mmr*$)qyBI=gsDVvqbyvsA{8e_8R
zY>Xtd4jGB75;}u26;m+9lkUkb_-{+miYPBx9N~rxYD|9GvQ$Ov9FawVx_hm}E3L50
zJiZ|LoW*fLd6&{4y*=J*5m8*w7@u;-cl~A){YrX!`{U10s}yx%(+Q>1v6fQ8H;w?<
zuufM>yCBd=*)$V|aCs6v##Z6asf0|J)#G>eW~Pj<XPNf!FznX%-3eNX(AFa<uGU`n
z9&K+e-FaApef{Rv(&}<;K`6=@L7*l^8LRSqUq_U2XM5%0-P#6bb)Jop*W{J=sJ6Me
zbRP@9x5mCsPh(i1rps_iQ{S&`d3S5~mbM>mB>-VSBtK%`i=69A8=JItGmh6u9LATF
zM%;F3Y(^jrnwc9&@Ynj;2JsP4LMLhwYMM~zJnEw)P-ZBV8zz`bRx@d=0b)H73+@iI
zw_#|@M1rSqQ`nkZ6iFyx03oeaTEOuCl?W_6iKF29QSH&%$`@*Py_HQUer0QA=^_5q
zI?Ff;MUQRfm0}yj6F9^t-3g?4jz{-pcg9_CXH~@-pBu`8&B~uG4r#JNiaqIlwhbH3
zc0208@LnU5Ay}#t$DoZlY|VIkOj{D&hTi#1C7K$DFq~H5J-5n<Vc-X30S@b7w|V3W
zpFuZ{fO&>OC_{~#dzxLOKn^xZIZ$l^5Ss$YIFWTo-1?xCjB1!<0O&ZHO4h|Nl$_k&
zc*~8*L(Er#oFx2=Q9S`nN8{SMGCnmno?3z6B_tz)5+X980<9^7xFdx94vb<4+cplI
z7!d)CyDui+$nz=zFovxa$UBil{uC*4inj#$<OH9g&<h!?Xf&nh4qIVF<RW)^ySp&M
zpxl5)dm|(oTcUhDLF+lL{H9q2(W+!$m<kf0rKxO+f<_L#8MJ{@)}^+VJWT<CGn}z-
zb}=+%JQ1P<(sBf6?<)c+(AIC$iWz^n5W)ocz9I*uP2cWzGoHwl3Nz|TOT<5*Vsx#&
zBGuZ+8$>HFzbu&AFx*Z*X(ZUXwL%JL1SG&p(4f`(tya{fa-lrL-Q_ulM*xO$vwC*8
zEjU9oP#g~<S=LD?lk+^1i#O{1Ikc0^J{OU~ra?cOk#Aqw+sRZ#)p`dNP$E~l8w_P@
zJ%bI!a4VBpGMPj*G81i$B2H2u5%N0*i3mqhRFK0ZEr}MDlLJj;H;f(;8Iu#Hx1dGr
z@T}rmIE5}0jbAw}9Jd-kZ5);0hZqV->IV|^lF$KI)Ix>HxgzVVB$Qd2Mqo%<fPN+3
zq|EYCZ!SNn7Eo3_lbW!UnQE?t8(o{$sEU^ga74|S1!$Jz+%}b*^stPv&^x_)*X_l`
z`%saps8fXy$?KCx+-t+LL12i*=MngIMj+zoT8+F-3M#6kksy-(l9ZAicf1Cf$pntN
z$P5CZl#luq=uM`tm{j#XFz8|Jpkbr7_5+t%XSmTWpf;c|b|beLMUPP*QzdyA?zeaX
zXhBpDiSFny?Cz7Cd*PFy#Y(G=R>P#s&iyEq5baFZwxEkKsqb2W*)-KHkNmbax6;04
zsqP2e*RXy_lpJ|90spF=e5}u8MPW$JE4Nd12wA($%OtmL6RH5;M2h?ypR<(yg61>`
zBzKM^5iqJzi<K%lWk}2JWErGr{~4F%7g`LpCcYMQ!rc&tK&sE!hlGw$0>l$kRn3g0
z1L;zf&Z|xUcB2b3z;8>Z(sI-yN|1kw&^sY(muOfl)9d`uq%dA-ZJ;6EKt0V5t2g&J
zpWHYsWHw`7)-XBwUEtzE#Bf(mcz&zlVr68m+QL(ULOc;DJn%aq>JD1C;=|PC$F2|4
z#gm|k2Cl9jl9>uKz0|(Fy0%qYV7Ylek~tp>YZ3=9oK2}EB9uu0*zG}kgDETmfnaA6
z!KTmM2>=<*5NgE|kl$_usd+Iu<ELctyyc8;=?}hIQ!7T+%i5=j@t4L`Lr1^e1`J@t
z(q-%zdKwe4cAcE$A1}Ugagy}|f2BC?01EeDbabOvgQpB6(R~WkM=<{%RG~$!ZrD9~
zl^@cID?L3YgDMfpNlrip+p8P3<+b~(sEU%l+bYQ8tdDPvPb#h8iy^ZSbxP-Q1gWMn
z0#<H~Co$1V;Oh3p$*SxdU4t)|ZRVsbj|xz<UfL>`$Dzz#=M%VkUR#<?E~C>DFU97P
zuQ(A9eu%~c>;yvkng#Qw7MT{m8B;}qOpuM^HiYTQg(XI^`l{(PF@CmmMeNSRanluK
zYrF%$E#D+g!Ztzvde{kIS9IWatHhuYw?|ddW{;oJBg<?1XiXu1Bg5Kj`W*%^Ri>x3
zT<4>QHd$MS)<Znz=IM5st&8%kUT4MLSKuLQdoWfZW17_BwV@7=*@t+z;<W(h_OpKo
zFSW*X%);%i@;EqR=WW0f>+1Yk7}{SGA=GSO<^r^Z@+1p5nI)G+z*%a0ezP-q!(?%+
zVYODbbM$J&gaZXwJ>b_#9@TWQ!kP|yzW^A)7>0a9DPA+c$tzPyT74;9Fw6%=lLz@n
z@Nx(v(bGn>_L+xpA$U(Gq1};D22G%sqWkY#nn|Vwi8=$~bf4P{jESPCPXT{}Yky%N
z()EuiTNLA=jOH*3L#mN^i&!g820Gx*C24md;cBCtawGhA3~>T-g9}NoysmYKE=Rpq
zI@&}IMn$mlGEgXo#<I1~a&oL`s$jlc@J{#VF9<KM@Ii1iL1&(4VvnSXVvHyvQi?KS
z85vxKND62`chR0HJ{HM(&CVDqe7LV2!g9SaL>Qrf6qvI3WyK-0*E$e!J`m=jf)_};
z)bQI~)n%dp$f_kQ+j}MKBXj6RpF}HiJztJmfL+KtSrY9@7)QFg=hmVv@wOqBODXh?
z!Vlbb4-~Ol4vrO3Hsnf;RM`VB8#|!dh=6@P^gE3S%#QI0Fq@KZL2Kq<-PJd%bBf3%
z3y=x5d<Bvws>*PILA&QSmpXer6ya!gs)hxrSf31ehDxKxIz@3=?_l#(4zl~33eMOj
z=WNabF!)tU8pfC&eAo8A9n&hR2O6`6t-`2yh%+-bPjy(P5q^%x;BbcDz$iK4v8EjW
zQjS62%h-*kRIPn5-9uoxi*1}$zT3!km&25SQOH77wrV;X@+`p8VuVs1Rsw+Witu3(
zp??FER#m3PoK&BUR*;~W(wN(L289XvFdGF5Mo7y9ud~|&<x&a{dSkE*%7v>F97InH
z1((I&AmCFN7%tOIIG1vb0)+H!@j<#n5({)L4ogT7)YbO=A|V(G{!W<5$%&)c?q!9z
zEkd&TiQ#Fivh>57zW`)xo*EFhWbjZZp+E%Ka+ILPgB`GSO0c}qPSB?y*2x+ok{kTC
zd?!<AQ4EP^ZIgMrf}Y|yI|maq0k|l!=1tK3%~ld;Bb<=+cJ@OAgHOwPLkFFk&w%u9
zM4a;bPJ%ZmH~c=8;(d^q+z$wUo9^<H<7Si5_PGuJlQQA<Nh=_+x)?m}sw+W}@cR`&
z%##Bz=HZqr75qu9QwxUQ7ZYu<==*dwA0xr{Wo3n9HV>!SuFFYo!A+FL;#(&Q6)qH}
zMq0<3LeiM~8Edf#+oOtrJ~VvAL0|YvjO;u#oID*!(O{x!nO&YG)a2ryv(-*EEx|fs
zjAox-&+WW1V4Z)V&NGM*HIBQbQJJCKX@lfaPTY20digf4sN@-DPI#<JkDf(SY63V<
zPkv}QcKojd&C5}*I}PpcJ-z(&#x?KS{N<?Ko!$vs(*^yyy(eL(+w+@V*s3>sjUb+;
z5ynIS<hV#Fi9FSP9%wn(BqyMSUm@!mx)YIr$}%J!x`vX_%T>pA$T#$>gA=Lgn`1i;
z!C~Xj_>GaI@tgesfn0Zk8R=@T*zqdf246^(Fc(JG*E>YTc9U?zD+lf7%EO)6T5a~m
z7V}YB>n!`t=8j)~yz+(B2b(iqxq9d3d1pKzV+DswfDRgQZGCgjt6iyhGf!%@&F=Ll
zK6F;AyYku1c(Z#0MjV*}R_^V<=UQ!T%Uj)?_pWaEt;ch<+II6v%{#kIntlH@Y3}{k
zq$}^gCe6S9nsl}ACglci5U`o%OKoSTsNVN|i`G5mFI34E67W1(A(+QE$R>@Vf3FpF
zf`)RSCy6a>Jj-UHlG-q*7I6~$^dM}72e84z;Be?@Ok>KD-Se30r@<Ujjfc7Lvs#I0
zAhS7dLwk0EP5@ih+LvMB54%SgS=!LZXNguG1f4yT?Z<H1shn-Yeazh#Uf>o$@&m2S
z=(U(~ZQ;3T7B#LAO)*&|Z6fiJDEL*v<gNQ14Ef7ME$ZPohTgCo_9=QKc~Yr`bwqws
zEuTBt8;=fD3oj~VEi`_NHZ;cMMJ;Ez%&x#dEN;LvQApBdJz^?Nv39YJd2CyxQFJFW
z$T_NvR(X21=eQSjUh5y&L?M*Mng4xBVVY$QD2r6vRMNMQFWbZ^KjKlbSVs=ul)_f0
zD}Mmi?dN26RKXoS5;Wn!Rtr;PYBph6?C%DmRa*X-<VP`#f_%HwO)H4cWR!Fj1HLo8
zCR)#vw;rXQvnm#7&<QMmmIK(8bx><~!PPK<tn_NgnlPC-y?u<^DV1L(ZT<5suaAnZ
zlsOm^ZKsQ;u{IN+YV;|GeT=(E4Ql9tsWZ6p4B-glA<dB*7*e-Fj#T7PE-3Qz&M@zT
znU_b&FJ?QK3v=^z_C|wGxI6cE$b9(<y9aIcAVa1zgtvKT)Qdq{I53Io<_#6lU{cSL
zC;SX=${(YeQgJ-|aOTUwPmUjaMKGSDJf!ttfCJ-4)vz<sk=W35M<$^+Djclm*}p6f
z;p4+m)%XtiJo~(J?8_~Ja=%C-Tc~r(grP8-a!Q#u%e0wy3e%MFiMKD)AASDKTN=t)
z{K#|Q^K3RK;>xvQ*xo5559z&O?yeI(Tx^@I^yoml+RRy_EC-Yr{-qhAlAsQEFHVbQ
zv^d0#xpB%a%W<0L{k{=xg=r9)FvB<~O=N>Q7$KM;K8d~`E<tBuek254z-+6`LY~<&
zGslo+s+A3XmKjK5Dz?Lwv0T%6ISrQTf|=N|X0r;zu|1=!IG1wuWoK5@x=b$W#mvhX
z?=U9q%LcMGDcw@ZqbqViZb+GKfOSwabE(rX87trBcC!~R#c{aTvNT<8TryiU+HR3n
znMMmJF~5j%Z)f(Kb>3pr$vN%2lE~5UTBvtN+8QAN5Up5gbu}Z!oB?TN8#UhJw5V9M
zSu1U@hR5jIwTuqiR+s>Q{0_s7?K4hfW-BZ~U*_*@B<19_Cdsqbnok~#VzNNUD<pNg
z${Nay`zUFCjz?E60@jEuMGBzgJQ|Y?r&(vspsWnVoWoula`WEjy?5431Bcwavt}kZ
z<mR0<lffZ3uYdDFW0>v=<xrT&6SWF4k1vhp3?gPd+VvSvV8aI*02(*j@ka3FUf2m5
zw_wvwpDL4CS=WI(NAtO5)L;Y+QBs?|zY})j6(~&}*B#R11`hoAvHBW+V^!jW39Vsf
z6=X59ii+ZZmuD}SGHENRfylH^!^6S0*6yw?xI5EVu3Vd+nYl7|-M!2d5kzd^?gJSv
zx`zQjfW@!ZA-l_V?_m&+jnKFTKU<h<?#$7bp-l!y%=f$0SWMbw=#)IPj<*;;SZp-%
z6!_Guyr`OHF-6=>_>`jXk*hgiWYhVKkb|n$=u5w!Zp&HF-xr~mJjuIGKSkAm0=u!m
zZl-#+G$EG;1S^@yfS_*$u}1&rP)%GR!e2tVDXX|rnpzbR#msp=7&_ZgD>keIIArz4
z`4^C%M;U9TeEb6=9zTygH=uO<10ozhhq7_!z<*5b<vn$Ma-M{7NP(b_$_ui*I>oI(
zX;yr6JbnuDYfBHeYmT-jaMZP-pqqI9A!*md9)G<P9)#WSNk5YC`Pp<aeaph<Q{snA
z&_*OSE`*qKC|Mm^!_Jyab!ZJcYtq!AHSEmEQA>^Vb2!$9-oUdq=7!$Dvo`jI-oW?$
z7(8>@jA1vhe|<(;w5pyLo)@J+%WdK=?*O+*%gU6<V6r$VpG`wkT0C2>L6+k&3)eOj
z1gJn{7g$C43i?29cXw}0Xo9%WxlN@oI;i99>1l%0;!W<VnU4PX_#$0Ok(S+$%DL^S
z7K>BiNgq$<#o8z<J?(2~6bgiJYGWoFI@&2i@E^$<2Pfu0Yo|K_XHn8C4K>AN2Iz$}
zq)dn+diyMfAQ<6@N@eK;yTV++gNd_S;i|hl$8yYh%biG;m~f%zF7K?jAk!(0*3)iz
znWYsf7|OCb(4^A$;#ykUo`gBqO@HKZ4+>$izj@EGV8XWW+QLL+nJ6T?wV-w~$zPY6
zU$n3TLub<m3~G=<NWZLo29C>VfBRwg`|J-xwIo`4AHK@N?aF?49!w>kZp#4nEQ8Pz
zv3${iT09-|mlKIzG3-U-?8dPe$r?FWSc}1|c+#|chU|BYebC>gwqG147U6*cIrO;*
zpCuEaAuKq>qbr>L8dPK_KZ0-&!`#`AHV8m}kPbhjLTTf%?0N4*z2fb&+)za*8Ix%r
zB9yZ3@0ygQhztBHEXP{AyV9D-s9~+uJh~Tkw&UQ=kzkGpe}<9u7Z!-CKN^;w9}oJn
z$Wo02wY=xhlfHD@)7F9p6pX~9zMpO?YBs2qeO^852ky&0kTiM^`_iq-HY6-KU{BhZ
zuyiX2G$<^**EIxcaa6A|NB1SmHTAn96yUV2{dm0JNR-jHk>6}eD{lvCL}pd__&A3q
zN5g5=nX@x0PA=!L&xYH&_jli&IRmkww(iVXhYhuLXU;TisI424U09ZH8fj?Kbc<vt
zt<ou0jZJNnFFGe>5Mh(DXU{OFDPVt8^h|-ISr4>vwTFFG$fjo`CQm}y-XegM^SvzJ
zRRxZCAHXh0)S2krk^(yl#$ZM*uW36A*lhG+)}l)}c;g1KZ!wps8@f=k9R&>(Gvgq*
zR_r)X;kOrbvJE)~BICkm02MNEpoPJH9>9^uTI@z0Hq>*QMpcK>IENO*j-Gnit@K)t
zThU>w;x4d{7F-xkt|&Pn4rVk`cvdu8UYO>_e#|Zkhwe5ST9`CPtk-UjWs<$M+(HAU
zylDkIV3l$)G{&eYQp8fjZ^Ik>xg51%;J}ZU6xtSc8g>3vRhZ*x@q^XE|5$DEz+3WX
z8r1TuKB5_b1e?2^=s+*2z*r@j7PUO(h9&=dCZ3;-G_FW)ixm3|z`QikDA%x&7<6z7
zKINDtCug&9S|^T(j-N`;weQ0NNU*t<cAkOrIq;lm4K*;#)M5%X#bhB_>VOV5_6oZ-
zP@W-4&<P%5aLO!dkYZ$E2B4G@)S+M^Q^(D@hQ4V;w5||=7^kw4A9+&5+U48@*-vi(
z2R1$`$wH3G{7BR?%rHd;9=5CmU_g5w0YT3E)R$ObB*r}D1s569;LweDbbOYd<;sse
zr6Cr39((9-4sBNaZ;>WXt0<#~)LOlRe)N*pv=aK&N?y5{5(wJ>8j<!c4-@B5yETk9
zoi&}-Fxqt1G+D!F(^=DB6&}#%aa;|tZD($L4Y6%!Zk!FVZSUvtcGk4T!)#msy5hJ~
zpQeqQ=8c=?U``{L(;<`edHX@L4V6~wbtgLq{^#vN(_ohzQ(2zlI3ITKZ*{J{GduTL
zNO6xPs5xA2N@d;^*JmCuF0nvHwJ6*O2S~RDfa~BOXmw+w$Z#|0JPGS~c({Y_V6PQ4
z)G}~mhQ|}LT2(>2)nxo`5Z60l8#*KA<;zzj7YRba-y{^>yMP*Ys=7>pzgbZ+{WVb`
zyOatOV=$vbs{)`TO!uPB7HqI}&=N4I6_ak?^#PG9;_2-q*0S*53Jy1dU9#7G60nza
zFGAZSi^UGrz(Q?AqQ}M@s>_3<)yhH8-H#fTiF(xPc5px4nQ}4Oeh_!3+(y)*lAt2M
z-f2el$1qkId}B-(A^}e%n4qxpw>fPnP$O;InAY1=5D0U}BhpU0Cxc1?G_8E&QY1}T
zGjFu(%L0F{f=X)+CW9BK&McZueOx(|QQmFZWkOd=0awNc;ON4wB&~8WT6ez_9TIFS
z`&nqmp5I*R?DcS-s6DL*ZJY_Yd}W*!Tvd=f>Fz;yw;0;ohD0RF@eVstYtJ2bU*sjk
zjLK1HRUMz?%G~%c?AG^{CamC)rqDX50(IFSUl?=AzSvC6I2E*e-O6MURBxkL>7`24
z>tdGMaXYAoWZTU9fH#|<S=pE`jyX)}Orc35aw(4S(1fT}>vRC=<I8^QVi$YD-48mn
z-3i*wq8r3EC;zie+LMyBG8Y*^S*Jz333O%?u|mF-o`*riTtH}@n3J?jbmIj{hA(3k
zme-3q9<U7Us1*|n`fh}v4@5<$GVkO!DbbTk*BNJ~etOaXfUS3#LfRB*YcaXZZgzV+
zh!?!udj^N-zTavEs3Roz)apqJ;2+6?ZeZCMk4P#Nngq!@sLZ0y$1p7st)v8iWYT7D
z&?k;QQSexqcCt<vx+q$elOFZ0^f3`<P6FVt=c>*-7#L6bG0AsM5vi{_St`p9Utf$w
zFlDh4;H%Rf*}$aNBwUf`q%4YO2MlZPOjS;%DKE{H0T~H?E0Y{~ssd!G6{wMCnsrV?
z^tSmFDoVv_(JJK{ijfqo!_!CG2BK(t;fpxKP_sbZk&~`Up=nm&1Sl1$hVL)M#*@FO
zuqZ`}0YQ28f-QIDxMab-Q6^0=Rs6jxme%1wRhq%cQ+3Q;l{W7*YjHKn?6q{3Mi~1C
zJK<iB9Kh2F{1{-+?PDEgwd*8JWF0jooMX@=IY5L_mnhUcc}kk|XldQ?9<FR|(f_^m
zrR4{;yAHKqjJs$vLlZ8eEh7vS$86pxzRx(e$XSlr9u*HbTWYy}lZae!|LG#UZWz10
zIB1Xsp8)KRvs0r8sgAolLEVQG3u90K>24GLDr1iG-cNr0_*a$d|4#hIYwD-c@A9ty
zl;!zr?A|Gvf6&W?djImzfBpF0FMR#@m*M)0U;p~?cf)lPu3v=rF}(Y~;Hty#`Y(R{
z_`P5H`tcvK>(}A;AH&s#=dZ&3C*b<^Z+`vw`+nu?$3OO~^s2-2SK;~yJpVC#TZHEq
zJ~KbJ=)nKi@&9Y{@c&*HA8*3z=}VW!9QTsT9WDuL=6<oV+iNySr+snEy)-@M@ZagQ
zZ@)t9sAP_3GzTPng{y=EK3gG)$d^@;3ja2PfC-=$o3|?Hj9j55u(|p5eVA8ZzJULD
zNtD2#JfQBXmUv4fV(;62$3I~9E%Kw=jm&xLc&?Ef?dpZF1WPWSb3rC9KSZN71tzUJ
zvIday=o6HODFeD%V&$|%8|<#%B^fA#P0GkDpSFf%p)K{hxy|<*jdYsWnn=J1SZA{v
z8SAiI5>%v{60~{;E?hx}MwI{vq85SiFzf^*b7oH!&Ts5Yb6=&)jEewe=}!t&MsMac
zL6BKqfA@)$j4m#Y2n!hm#Ede|@5W@Z61`=qAq4~Lj<UEkW!8Wzm>~nrc{#*%O8O%`
z^`??!%(yS%m)q#1QF&>aJg3XxoA8WczDP>=qOC~BtyZh<GiS$-!#c1Ws76{?0G=o&
z>%$kn$a2Cwf15lhGx|%@^ez3HnVFfLnVY#XGe2{6=Gx5lnHw`VXJ=+-XXj?G%+AkV
zoxL`DefGxe&AFMm*}1v7D|7R6SLd$HU7x!#ck{~3mDwwESFT){zjF1;wJX=J+_-Xc
zerA4les2EC{QUgY`D^pn=Wop4ygGAr_Uhc#D_7^QUcGwl>h-HPuHL*hb8Yt8+_fv$
z=C577cJ12rYd5alygqY%_WIoQE7#|*U%h_q`t|EKuHU>db7S_#+>I+Y=5JiRaqY(S
z8#iv;ya^!Qgz9fX(KjL6O?btc<GlXSZyf(TTur#X0#_ZbUxDkl;Q9~Xaz6Hr<G=Zd
zZyf)*@1*x%gZtls`#%`_#_`2Ze&hIu;QsHx{ZGLAo$vX^@!|K#`@aj<Ps8<#aQ#)d
zB6j_P`;BAo!Z(f|!S%nu^J{S5XV1gDzHBJ-F1&M;Kj7<b4gNQ#mUnsZzcHfK`w(2;
z!7fL+e*~_N!u1JueT=>Tcp}|*2<;%v<FI^=A<y@)`wuzhzwc%DKf&(boyhmSiQl$z
zIHo?y?%&1k|5~Da{@Yg0N5($vd>>rzK!g7IcYfGu!u`kKis8Bd?-$|v3p4N@uCKzo
z--R?k0?!?I{<CmBhU@K*N<4ftaZkSgc;fz%oOH=@c=}Hy?jK9sUxb98hU-7M{$Z#6
zp$|JhbM3>92hTqS_sI``*ctmj|K;(`@LwMPtq0#a{^DQ#|BkDW<|jV&9nPPH?|&N7
z{VllvdANUq)p@M^@ps>mc(49_gu%vt6C2p4Rk^W~t|QbU@zyxmeAdUOaKB6BD!0aE
z@_0et6gC5=$~E8jgYIjvlmlPfnV58PU8PWqFVic|OIc1(Y`?z~MX+Opl{H>zZ9qb5
z9#7pPbw4P!PCJU15KneNhG3?D+>gl|EM^0k^6(%4kYmIfU@L3@-uSWxc*MnteV(vM
z`t(BB&%4n9a2(Z2gWSon<&^{fOHqeChAsZs_Ph0c`WW|icf+UjxfwCLSCre(QebE0
zk}__=qUw@gSPcC|ioti}L8PEXlAq%a6)_TD3|O3@NAqnU6w`+bM36#*=|EmTe%aZ9
z?e${^*{iVC3jj<fXu^WM+iPKJM~DOASM0<+D9OPM9^l!J$y2oJ9PS4#hl&I}oSa{I
zg_5fmwwMaeYe!Jh1d|kaQarejnVxMY3a1y)dQ6<Y;CS~|Y7g&vtJ{z6)HWPOqK+iy
zhf!-!`FXDy`CaAr-Kd8r9Lg7WSP9b2nm>|~*fTAL2UntHuwRJ+sJV@^xw5)-WzN~W
zxAM8#U3`Gw*XG%8c)0WVt=gtTORBD~ZLVysyjJs8R`0E>u55jte^{;EUowC2R~-VA
zAuoNO&dT0H&deEuFtSWkNsXw-D>LJh#!N~i=h~xns3Wsv%0e27-U++J(#UaNaQ}>h
z9+RH)X4iRh$9c2myxDQy+;!f(=)5`Zy!oc{X75L4=ASwwy_C-`ENp##z2-ftZEh~z
zuc7Oq)J$EzO_f*<qt?r}BO*maIqreq_J9mKIC{ujH8bhVJe{F`v+{9HKF-U>8{%<x
zMm)~R$9eg9Lp;vTh{rkkI4>V>h(}1uALr!bynMVN9x*9<oRg39^6`dvBuVMxoP3;@
zk2l04O-df;<m0@2ydfT0Qhc0~kMsPI6M>=x1zJ9A?RES{&~Vmz@R_*q6_@}?*n&<F
zM@?9`$TaBh#La~Tpu}amt&AsdyF=uWQ|`s;#YyKux0)hOfIyeXGqWUT-S5CW#D8tV
z@=4{joA95r)NB&s!`umbCTL~YC24(Or@-ceWxu}93cvy8)XCbwW;KVXG@3`w9$Kf#
z$<g6n4lpNE39Pgtb8s}(ySr_N3eKHw$8W_UWOGn&pz(cvr{OgMSZO+xy$As3o!INe
zfd>orq3<z&Nt~CXPB&)Eig?}j>b<xNqmm6As9Afp-4ZYd4VUvez-};IuZyY$@g4*F
zO%ewVfTIdHXp;tcuw#UEF^D}_F82+uW9CMR5IExP0f6D{AU*7bP+|u#6CmCf+->S~
z%y#uCTgb??;1U&d*a<|1_HvRbA@d%`8GI*n*YI{ba661TkDbJCuN!%U07*+dn1kBr
z7E9aRq09>F3RVTM67|Qp(2|_^CXoxflBe-wo-5G+V<Lc^!$QBX@&m4HVKt;OVoU3y
zf1Ld!Q6*^3j?KKB0AY&aG7B`NhC;0A_mcF^h5_aQD(r+v*zo!Qri##uqaL)|W0_DJ
zWi7Z!?kvEx{IpfAsKrfb;T`hAP*l2%J+8cRY5O6?{q;NE+MUlXdz;(q>l?68dUtDZ
zUtZd(-SyViw^r6xH@(-FHda?w?{7NnVIjA7P&Oa5P}SC$BHCMB`0x6yhI<&o@ZUj$
zri17SybG!Lakqyyw^es#*FB1Q?!NydaDBHGFx?U<6$ON0*M->yjX`iL<dPjpOhn)A
zez)6>7pAB8!tQ==rwTJXT{P-Z6V{Dg09-C2BvTB)boa5o4vq&G6<$@@S{o^lMuqVx
znn{a2;dYvaNM0MyM-v5^zgk<mTie+5)>a>WULpPmE9>6MqxFZIu#tFJ<KyO@58yOV
zU>miAmTODy(!F?lC))W^y}HkH^S!xCesdzi_WEr6$Pt>6wk6Fh=+sas4-ppY87Jb&
zVtE-yoT`_%@W5GJb3P9n6}!@Wb_P;X^W^&M%{BhKtf<eO#eemU<0o+4g=-J4-*%oK
z|G;-VKmHxKe;n@Lg6rCco*#b%u8VN}6kNXx*U!N9n{fTXN1q?R@UiE|{|xS*g8NtD
z`X#u29Il^*>!-dG(!=#LaQ!A+-~8nB<BxsU^W)!u`ya#gRe1g-xPBb2pM~r3_dGxT
z8*p{u`b%(qVf8_=_FcILuSCmcg)hXbq?2pwtD7^P;*L=xu2s&!#cz^DW5~tN&G6#y
zH=`ZDIhso5^fmyaj1sAM*wxIZs$oW(wa{AAko{<~dQxBkUlT`})y*5;>~$d)#P_&^
zsBJvJFS2jQmo+*;*EBzxC+J6GcHM(b|B1Q~omSHgo_!ybrW+jpJ}6B$_yvx>>BZZA
z<!0?5>~2I+w}!iW+^%krZD!|aMO$VGS~ebRcCSGpka1=G0Zvu3^H`jeEz~ysmCd^z
zv~BeP4)=Pq_Jp?U?D!C#3Ode~+wy6lpnvaXPc0Sqv5gQo{qE%u%DU{=>#%@2ji?Db
zy~|<ia@YVUi5ls0z*_<P@&+{UAVgj`Q*I}5GmR`X)m_BiPOsHy5*Y$YAe=k&r%R=C
zuHOmJ!-q?PkUK{{pKPREx{((AY}6vGzeEy11iu*<K!0ElPzII$UT52jJ9K+teCaXe
z5ymisjUY|)deCe>z<oB(V3<!r!8cQ0)wY#%>Zo_P4Ev%3zw2}WCXeWVs4-|O@<^C6
zKuXvG?%Q2{wT6bDmseKZ^^LWywL9DQ-21iF<+Zyt=K1PzbbH9Ndrzp=D<MdVQP$Y;
zz4$2Z1_$CLc19w_A&b)H2#wwJw2<93+?^w`<KtU1m+sA6-qTgry}RbFu5G!syDM84
z)G{hs+bY^8f|K2YZpDpuchxVnn-{3rAa%PHpDT$bDxW?R?z;Ea*6u&7c^qqWL-!hN
z30Kxu-Iv@-7WO1`pP~CEVhu<3tcQLq!~_H#xY0cX6tJvl14Oao9`1+recVKcEyNEH
z$PN}DcCDP&TuN+iGu-L;og>!hxT*lrYJ|I5>$1Uz_8FW1Xl0eif7Uio>cfyxrmfIC
zVh}j`#>#FsQLgNuib}&8RoT^wH1VWDFYS)Mci_8(4&6rR@3o>BJtEq@ct1Z?NP`%<
z<CkBT@{-G{m~1@R96roA#B{jX;fUH4+N^f%k&T=e*Q0hYDUz#$t2M@JQfoW#JCEJV
zFrM_uNEuJB=n?`$QneMN+SSMv3q>phMO5n3a9fefMQcEDt*8}n+d2Mvf-Xlc^B*T=
zhAsMX(rpC0VGA%WtC#{x!eWWk36=^@x9*EUa@D1@=DY%gHinKNR0-gre!uC-66F^@
zLkfJn=uW^okXp_!O{VJ7>?EKGTTHHoPA7Csy%=(>QGiWA3ut0wue9Yb>U56ua{QgB
zhvtu+z;C$dV9-4xhz&Ir6e6{wwVM7he;;ETL<T%PJ5($;SQu6QIT;EUg=Tkaced|)
zWX<w6wpX`S9@Y3PvpJCpgDa|e;|&ueE}$r?zeSq#mY%m_?X-$5VQPj@L+UEAYiZqS
zdlg*xkz?9Cf<f?<3EK6SWQv<Jyt`s}S8Ie+k3r_IhUCL2Bf#}7L>s`=UF?U}K-rTC
zc8*Pq$$~LdyWVfETV<7D%v`PB%2X;P0fZz}KuV{JNkcImeX3{)o~fPWEZ_5LpWCW!
zta{7do!b4CRTz|&-9xHpz*XH@-Sn0=H@AV9R@YWnw;w(f=~y{MXEJnzVAWo7Yfsxz
z9K_UIoD+~FOO#x9`BEqbkCLC5{h}<JI?TbO`~<k<ctNHhwzu-9b>46d6UU-b3`|sd
zNn)|}p$_9P2GD(sT3B!P045wtdOKq=h3*{5az%T|T!NYKN6ZTAqBekdwF0{>GF_Tx
zk2nF`TUlLt2+M_V4or20yWncPILk~XV?qv@nJ4ZZ!9!SQu6UDz0@5T>TfNJ>U8OL5
zP3qAoGC@E>j(vIAC1we(x|nM@VJ^N$^<r8YoO#t!NFz8V4^dk|6tb?LDvgb3W?K#m
zCv<18-jy>u?p2bRUJuY&4|Ypf<{S5-h*tO(cgDibBWp?*NJgzeFG(GC@~xAsjW1%b
zG@&&bVC^xiT|HR0Nb``;(%Ym<F0w^?Q6~&y61JfkwjNW}S+e{_@FZxW6CL0^B0v+B
z659Y`@n5_Q$X)&-Eu-V^HvPS-`zXSdvqiU7Az^m3VsT|%5Q?UQpb_>Ch@vTs;>+;w
z>19?iGCI=|THOCqoL#0|E55saBbcAvz0qjw+`Oh$<avI#+X;7iu=n#OCeT-Ia+2eG
zb(0DbF1Zz)I%wEkx->0|`X<nVBe}eaB`SqkVrN3F8}-HSnY9nKzt7P6-Ipp<Syj1h
zOPf_l0p7U6nBK~`wF2w9?hy$GY$?1Qbk&WGpcvR1bwyOx!uXB13=1LqvvU_oC@Q7`
zo-LZ*k_gN(j9w2$BKl)4!tEs&-$c6;Drl4LwCVL5GjB~Ux-Y&MrYVE{nc5AtUXqL3
zEqe#*JeZPQ;lf^r-JA)t3omGZhHu%cDftJZCngi{Mz9+%e7?5%mJzuCzF4>YMnk~3
zAewH?7YEH<m+qXJM;ol;%M_rp4n((YPWdeT(m=yx<CL`-Dzyg!R2Zv(q7U#pS?*2y
zgADK<1s&8FxANg5Ye5>wBK0WfHTG+~@J5C5B0;NuRB=<>(_6OgA{D}4{kxwZzw^D%
zkN@WPJU{*+xPJ=ne*|~`Uw?kQ4)<@u{RrOuM{xf=NP8ciKLgJ{1JD06JpX5K|9MFF
zweNd={Lz2o`SBON|M~Hc!{x%Y2*3Y5xPA?u|9iOq2Bi6Kf8hD?FMR6x@k?-h8Lkh(
zHSvQ016)4=&;JnaV}J7b@gL4SKfW~k{P<tM{nN9kn;u+HZIx5sK*97f^FW{(nGAY$
z^SV^m0A9I9W`jwjsh;&Avxu*e<TqGJ?3_7RlH&oT^vov&{VUL~hx_GxnE7LTjQNg?
zvFj7;{dcl-A4=T$ACpe|ts`m(niN}4qf`;rl7lw=zB}FMF(ETeubMY6wT_Y&&u_k5
zSQ@Sv^AmQA39RXll~(u49DUqYp5gJ@ynM}{sf{{$WESe=8ST^ATfghmCuWpNo>3p~
zz&_u(JoEGhH`i63`QO8b&cx~_mT_rv+<9f(nVi5~EwW+s><#VLUC9bhIB&k<Ouu=_
zx%B3=kPlq~2B-_8w&JqwgM-e4s?b^P)LiOWs4lj0(~%1QD0(&ZMeoGa=R~JFsrXGS
zd+Ng$&*-c!tvbLg?mCx+)xD;a(Cve9gm^gHJL<~IUl1c>{v)f1Sj)}^swjb`NX><p
zDlS2P;)CP-<JX=a|H;>%AO91$e-iG;pMQS5@P+5cpMdK{xPJI8n3Ld|fa?KV1ucW-
zy!#K=?kqj@yj5>@?h28B+~WqZ>==TPgdW$SSRv~bi6h^cy-A8?3Lg4}Mlszv%euuf
zZ8$@rkNa*z{~?ZH2qXzVXRBjNKF*VmXC_xOX!hHcX>$SDMcA?&_(wY^*rUf4*4u3_
zK04TeSzcP06A_~P$>rA_|1d4fuGq>;=+i3d7XeKrRg0=SYsSjaY89n=HIbs*qE?G;
z+wa6^qUeYzf=<&^G{sEcaqmwROehJjM@`_sW7usjxECF^(OhsFy>>IioxH0Q0DTg4
zfN=~kQfs^E*ReFw4wpCtk^S05=OWc$;ll)K!!A0ls2eOOsW~*H<bA*4`f61qx9`Sn
z5|_0#<?cuA0G(5~fG$R%jqe_WF=;WngZkJ4Gxy46FU#xeF6{~;NZJVmpUq?>oG~Yr
z9H6s_+iO#nKajv%E8*F3BLRh?Lm(8304_)M$X|~dX*OO`$^{0@gi11#7JmFQG_gir
z?u?~yT@R}K6%udg<3kS0zT_Qw!&DYhbcuWjXjq1|8)J3URDSgy5on=<=rXa`W=s1P
zEa2qR;x9fwegfBBxc1=s<S#uxz6aO$!*w05Pyh1s<JaJ-z;z$4--hc4{@(NB-+}wb
z;r`A4;ra2${zurS!2OTm`Wig{L%9ArT)zz08{d3>{GY?sfa~9f>&0Jre!L6UJY28C
z^)0xr{p$1MkHB>iu226O)CX4uuKRF(3$AOw4&ULr2-nZS_5Z;29$dc%*W>@``SIU?
zs|(j(g6qNGe}4QQ!?gw1kHYn}e*o~n_1EG0Ww>7aO{gEPdAMGO>$l<hfqw+;f&0hd
z{s;f~`SA<?+w<dp2KP_F{agP#)c=1#{cv4`>(l=P;Df6I*L}FY`uoq1e+jN1hwEp5
ze>i(C`{H+v@%Ykub(Wh~urJ)4`0O3dFjzy*DmzlTA!q2=g~1wfhR#?RtRZLUK!w2?
z(*NlRXRIOD&Pzkmeir9#-nF*i+)TLE7Mz=z*4lz|GsRk4aBk*SYYWcJq-t%!`JYX%
zpZgZvIQK2MdA?gP4=dWKF3Lk_!|DTU#q62);wjN3=bX#HCiKr{aNXob6g?%s*O{(T
zy*{K|YWkuIL*}wgJZRJyN9LGD%n3Y+2)EwB!`{%!08QT7FWtUiEscfv!sy}{FV>^h
zRTGo$JMU;gmS_lY5>**K-ok+6w%RRay77M0Yc||g@FeI^i!V}We1V5<@_4j7@q#31
z^$t9AgEzmWCaN(DosMs0b{48VgwKbMyB;ykx7)`nXTK@Zb5os)dxBDJC7p{mNcki^
z2&5sIV%2Q6vQ$nPA@-I0%$jtKvdK!FqVe*bFvvuyJl8IIXkBNPidvva8EhIeSM(Z;
zW>qRgntW9@SBnY;g`vF?i}93^DpyCltr{WarluC(R1fP@GrinA%grbb8mNkAj%LNO
z(Lhv*R%YgS9flhfCsRK(Pg?4E=<8y58?_yAqJi!P;!rC!56=(4BMH!Of!*nFh#fgY
zKnlOp?X?{`QK)w5<QxNPJj*kB)RfQsmKV-RnrOSIm9S9lI4lR5kerELi1rg+cXEPR
z*3r+3shxucZr(0Ym$OqAXjcdr_}L2t1o9(xP>If_FSMJD8iB}W|AfYaJIbKyU~o;5
zPlm=Oh!OA0O-sh!Ri=@YM~|@-OUElo5X45X%Z-$kVmwY0o@TGed%{)8#(SfZrlpEz
z!&T8KOK~}PX0CNn0?E~8>;NmYTqce)=r@zFkY-la%_HWaqm~i2G-n+Wq{y%DyK!%a
zhVc}Mshz)SgE^@jm8GIXnyjj+mBeNz9GM_#4O&SLxuj2waZn`^B>*CZu*!?HA?X`>
z4q`Q`MaUyF=t3niPR&!j<&O<`)Pya(GG0-~zg_>9{M*(2WENhqILef^VWsF?s4xO8
zm7nBU#<_~;r!!ZnQW)i9l)(iys~JazO%<C3AI^&l6*)&%k{(&woSCFJ`&^hzX_*z1
z$t;s(A{i>9xh|TxrcJspyx@|j1PWF+>G6^i>c}HQZ_0gTe3OnN7x=PX2NvoJ;|X6j
zs+cB|M7nfsFee6*T8zORtzk&`OmWL39*hzxhP7K@gf57?++a-CAS=pcVk9EZ^KlY~
zxg>tO6LApG;BrbhxksD#C&qO)k*^b&vbMVYNTW<@>t+ZnO`4U()h9g9bjPx!|Htau
zR&4>@wmJa@7jWa~Akdt2$Z@5+Fdfr{f<zo+%rZ>=$>I!=0GN9ZMoDXij{{gmb^^4=
z*zGl|R>+DuA7`dCJ0R<ec0Aq(1W`M~hXimyMg}o0*$-Uw)?&_Zc)A81lH?0<NzO6?
z_q<+<oGL}Vt*|6M=x(`hr2W9CcauH{ogyBnM(@drnI~n(51D;M%&TacJHbDlEO*0B
z+$D?-IkP0aof2n6xA3HteIM3e%5GYnRw@}hYRWm&=%MmPa)pP@d9S@jN?4!;6<syR
z!nKfQxoIg1%Z*LDG?}{^5q!Ps$K<?FTpl&_B^RPJnU2%rSjKfcBt`(5EujIki2BE3
zNqbwh&u!gX+jz9Jg+7EEOPh((4V^`H(sFKHfgP=ZVaiw($p#_0^qYIA#_Pgb77R7N
zWnHPtx7WeUu*Af{L1>Z!j8__d*RPCMlyqqh#vv=a!6;cnrRLO%8C;spJ_hLbLC9UN
zFkYY~mgbgh1ArE%41iP{CnwX?{I**qd^~Zc#)rz3TLlE;Z@5+5XH#QN8-wNWDH51#
z9l7S#E(;!t2}T%)o-9irVUFW`@{gV$--GM>;kpjjPr>!OaQzHizxhX_wx60Oladtb
zUgJVtJn0ZcC}&=QpJ>4q5f*Ko9K3<;SZ5n=#gAeL%_0W4WX%DV1qY}QLz2+z20~A>
zZG`zE6ROP*QAy%KzU>xJ8?<<B7aNA2kLeLgvS9#M<F?5#eoe4egfP|Q`}GQ!WlXf9
z7L8hk=D&U;YBi50RiN4NT>@l#?OHg2WjtOpb`OCABm!(2#~F==@x(qFO#shugRXZk
z(kd<*yy)qvucrQ~c%+I-@&r){>4Z6-dx`yKyA}%mD-9}{H8q!}7%3=%c(OzvZ&*r^
ziNxH5iy7ipEsG)>ijnE7lnZg`a9rv#rb3L2idrCPBq^02buvXekRkHfSf-7ztB(cs
zlvJF&*-x_VF|1k&xfN9ob$2-<f$K2ph(c7%0KbH1TRaYqxJpKv#luT?!kI)Del+iv
zyn~BHOu6KQnFV*;8J|L|ha^`1I6HZUM7yUo@<V8FgMEP|^yq=X;(Qub`5x>N$Saqg
z2tvk2ZvBQs9+EIjxfkD@xky1sr`CaDX;qkfa#9iH;ldV)laL3V<4pglcaOgW*A2Md
zfa?$8y7X_od;Blp{%N@X^rd%?e;=;D4cBkO<-Pds@qYu?K3snhuJ69`?(t{g`a!rB
z;rfMZ?;iiZaQ!{F{s6A%=DWu~3D;A&z6RG1-+K4>3vf-q^#Gqo8^{pX(~N+}XMCY8
z2>z)mum^>oL<OBY^Y#P<yW*_c``N%hCnlo>!9S~(90kEY=fu;$r6^%Cglz=*WwIh*
zo`XFayDS+^ETL9Jm{s;g4alfgCmD9OSE#sF04fFc5fuZF>ZYKgN`IwLT+#O7t{T#)
zjG)Sf>ECFq9aUGTI-Ubpj}c3$JTnMT_a;vqrVM_lM$(c;PeZN9`eW=OdL)bARg1-R
z=<Z5GaIj#uTDVO`LMk^0u6t)~?V-k1uEek5A&K-nHLhDFpa~rXb@ZpAQ>uHWIHr*(
z6Jn^Q`cW4pWwW}jYsg}fNKpb6nh3o=3^ofZF*T1Ul$dzTQv${9WDa>JDBDCicA_!q
zalIw7vz$nkbZJu81C>+imW{1w5K0mnKs8Tnl0_ydq+%~lqcNK}u96&}_?OtnSF)(E
zl5BsnW6+N?uqmPwiPOqxqC$p*JRVoLd$dV>PbX-HmsXKV^e)K9@_JTQ5G$mw0<7Xk
zTBIU=<OxbPHc-x#U8tmIp}v4-3T8PqR4UeaC@JzcP=^Q_o*HRvtWgP&M?w{Muof64
zMBm))M6JDv7vxx+a$n%3O}UinCexy?HyAydV?e2@-STQ)I_Kw2_nw!Skq$$2`<^g<
z6sx#N=Ek7<d~H*21q%_dU{1ceW>#j40IEs4&{kRimq2L0_IJr8Epv%35IV|l9dWCV
zi!oKlxp)R}4;eEIe@Pc%=1WhOTecb-iYDtbIj^jDP$l6z`2k2oW9v8Lh?<=)yPWNc
zX(-|DG|KRZj?+Ih6Zs_`vx@+k_KsH<arT!Ilmf#P?X^&vhV)F?MT(DG?&Itf3Hgy_
zsjj5CHvKyRrsA5Jw_9vlHw&w>xr1V=A*D1*w!{P>Tf!z2W((0WODU?wgLarEr16Ys
zV>vbB2&A%a+J@xl(n@liANJlo{sLSRa6RxwE&sV8)Kf;kPn2B7Lz4v+m2wIzf|L<_
z7~{E^Qqm}(r=fD0r8|s#ze{Hr7~DI7OJX@n{#~49;HYKOLxj;NDD&*$bk!J#&ua3{
zCm;;BOZEg%3+@A0R1o_0LaLRWpdFCo<PA+NR3A6Bhxw8m=SPb}LwhuQNenx~tdR(0
ztXVo%ltN%G;Z|pIBC*UbV!NWpGp3+vFV}tSFYVQ4&{b@k*$y<Wdq{b-ISC$KvA-qu
z$Eb#Y8H$|aOUzB8j;?i}rL2Zci5PW7tu~Z{t*aFtPDe=l*$Zuss$xi$X3&jV$Sy)E
z03yYY+JS+c^SGyBTeESf(&L4L2GQ%{N%LR%3Q-!f*VM*E%faec>)h`|y>=pBI(eXB
z^d6v^Dy37%*R$<Pb1zJ9(127MtSbb(qNDV5{On3d#vWC}VE*W&|9<N)zkB@W;o|pW
zxW50tc=!09!+i?wzXSKb0@ts@^Vom+?(si@`?uhV;Q1%vdJ5Oq;QH>by?gvwxPB0>
zMYw(%uHT32Z^QN5aIO87caQ%=xIPEh+i(>O1~X448RZbgV)^D~HVH-bnR^!F_rcX?
z_BlRSlle!iPS>lGhXE!XJ<fb^H*@#RN&A42SOtu>NoJZl-)*uG`UkjC{c8?1HMmtd
z?o{hhC(uLRnb%=GoSn8>urn(v)fQcCO@@IY4PSvanN4uDl6<4A?a43cZIY~8tb6H(
z8#C-P%SX&2tsad@qupKHr{0pzGV~3HC;6K3brn-tL<l3mq#~J2L{avI^H8jHi4|L}
z$S8Y@UiITUVYkH5ak#SvroTpcUdF_dEqn9?7~!zd2wE<%g2XD4MU<qK#COmrWwPoB
z91zeb1tiUaSqrl^%T{xuLkwy;sklxl_2e+V@{fa)R|}C00a2t4aWboNgzb+p@02Uh
zk}wj2H&j3-T>?|=y@O|QY}B^4H{iYsV;-KDR#t0whm7MX1;^<<#uPE;fQ=H+c^4!0
z+q$Im_9Wd)G@kKR5O)<l(JLHhh-27f0bv3tRaX%MjjDH91()54M3W~OM5s=9RNH!W
z?XGuk>Cwu=&*PyfwSpv5(P+dYPD?-+ey8If@fjs^?^w~2RtlnH%B7Sy%8n)72)l4L
zM@PFZRD3`VVUgV_B98hrA|@3X5F;bVLnR8-zrIndx2XZ*>Lv#B4)&l76|;GJWz~1a
zb5cu+qoKx8=RV;Dq;9d<i!b-kR7$+y&dlP4+<=pxFvZ?gcE9TT#HO2nkq*zwtHAG|
zng0{Cx%)!Ui5#-^bd2k6`YlywOSK1G<IuBLdcIA$j%j5~zT{L~d{3|KEtB|2Vo6|w
z{Ux!L#*zNVG4{xBKM0Q0X?1$qeTP!dJNy74baZ-0ku<*}k~;@6^`3KHp-wwRBb8o<
zij!MB#UYOx6Bpfbs!sXkx12XQ@mh*uPD;c%3P!Q!b4(^{<Q+(K-fGb*uK>e+5aM&6
zFkce|^u5)-GRxa-1!jy*XtcX8x%Yx@eV?6n*6|OS;)Fy1!MV+7XL~VL<~=@>Ou506
zpv8-277^0eSy91g1`+IBC}#A4Q)a_#@xT=&T)Aa2Ku#};-Uidn6f}cYkOM5E2{WzI
zs6kEhA*2@Q>9Q4p=#L^@VO17gywEJH5u0sj&hW7|<)*DmoKg4G2&}{t;(PZJ)hcRM
z;#7%;fi>vLx?tF>i8AH6T=#=6n}?u*IB}D@r0qB<MA(j>aDSZ#RHFR52o9$-3nyZR
z&n?Tmd#~U1?$(wcE^X8%*es~5ifo;VQ){B5sn)3m;R&;HNazzBF84->chN=jhG<J4
zD+ZtKO=URF*FO2)@o&L(;bZR||Jc}j$G`t^djI=y{b_jrbKmve@qaf)uOIv*eg9v7
z7fpwG`2GG5ym$N@uKyLT--YW>ed@jAKZN_=f$N*>H@|)Ze*e>j_l~QJ?;Zc%jrWcp
z+<fo&-@Hlh{|c`E3cmdaT%DWry1zi*KVGEiFb}`?b%w~bb$U|iR<uq85kagRBhpWa
zvo|-1!!!-UE{aml3u=e-(3gWA*?25R?IUNIaQY6OXX$wOKT(=E9=lOu@`Reo@!F1i
z$?=4rjI+)lBm}&@S@VFU-&lH7dwp%=fw%GqkLun`A9BM%Nqr%X6_#&w;2rq!V@m>R
zhv?xL37&RsiAbau+aWr@PO?wf9^zhF``mhM8N&jsFD*Yn7t{5P+P#&})iw(xA*YpZ
z)HaEgn@lf0Kib~h^6u2UjoST{&8^x-?XFC;QTw;IS2j%5A)0wjOPef#Qo05N0JmIQ
z-$DT3%hszo#qiP?dE%nqW(4ZcbGsL27F=;a#XUc4QbjZ#dJ(wns9%~bBClyV?3@XD
zJnMq%(DNm<GcaJ=<~PL|7_G=-c^3*)?1+jO0KwCGz?5sO#+T^np+N9Wp7^%Y>ogra
zQIq@!1YbXBIAIH*adwXCI6!ue&>b~u1&96-e2Ke$s~(VD2kzr>908;)e0Ka+!wbIb
zz$Coa@?(0Bb{#)HaQq%n)DEnKtp?s;?}SDgv)8;XdBA1P!6DvshzSSUHPOILEVfiL
zfI-S681!TC6kVXgF3|(S@{I?3;Drz%H;0p}(+P-d9Z<rGq?U6IbFinc$arwNF!Gu>
z70}Q^^yo;3*+i2&*|zptI1BVz*h{d3CL#pq5ZeGPcnVd*g&@S;M%cpt5tVQYIvt0d
z5PIa`7TKW@)#&_DkDAy>+zJE@a?V%kL_GN>UhZ|!!?$?^YpoN;!ipB)iDAW~j~GS9
ziK7m#IwI#vYdgj^5R+yaeav|n?S;_PrADIzYqYbze-x{~?;LdlBFP|6Yh;7%EbYWm
zv)2vq=q!gy7f?p)tN<2i;`KYP1syVDZW2af8Teo4q2Jmg57?-vMIP5SiOL?(P>1R^
z3H+4PaPGmNYph4mh4gU)rgUesd(;fpeLM;TdY1kqEpZT-O@KTgPbe=Y50ESBG@Rw7
zM-NF&%S#>-_6F+EsqGcM0un((LiH`o7npGQ{>lMHMuVSS9C8o+BS;a(A&@?S$n!kt
zpN#<d5^rq@ej~LrLqhtZ5fBqr?<>*4P6+FXr+w|ntbQG_5blJ{uzPebY>~c9yk3d7
zaM-;T28YPR0K`6ENKdo9Qlp_mn0N&+l}HfdStYO$3^9t+()tQ~$GuN{mz@4sYr%#E
zN!#;d+JRd^=Kv;#X0&&N#tus;1GIi+2h@2xA+Z))YWPH6;?@6u_TB|blH@83&D|A}
zXkpAlVBi>|+}_;j>QQ%1|K?XS-Mc;AHM5Oox|{BvT}iVuIayU%-KnXrtgX!Ip5C32
zWW+Q0fGvac438&-pJlLo@B<ro$HzPw`AM+TD=mnx;XFVB*$Dh>5C{2zK%aW|-iXMI
z%#6&+>d$V^qCOLom67qe5pm<jjT`sgsN)bU%xl!MvJXGx&iuB!vs3{T2EOewAU#An
zz%td|Wbe?3uy0f_uJkzjSrnaRk!re0^BuZvR&MO9kh|5MKxFEb=(1I@8$DBT*1+**
z-wZw3BzA*d<>Yfhu()c|QQ903K&OUeMwJrAYth<r){%DQ&CoO5n%laJ*CJ<@JkJmm
zI+A+Vd()GMjgGhGUa^`xbEI3l5Z=rTpMZo##*gSFaZQK-!e5wXGWC{7QkReMD)%{P
z^1~k+kn$ps<O`_JB@h9MXaxtCQXzZ>U5H^APl0p>$x!Tl(QPsxP{2MmcBHTKcBQi(
zDL?pBz7448NfE1bY(<78%=r)<@7b7S1L*CQWP{m3*Q#x`s~dA0P6H@w^I|X%8jugm
z@p*4B#19CHW_BFevCV}JWXIXuac((2-Dhlj7k1XL1kUx+{ekATU6J!q1m<v>Tkb7;
zsd)toU!$cCJ~@rX1t7`I<V=eYjalTo5o1)bsMkfbI{J}_%2IH;7t9~;sSUfi!2BM?
zvcNA78T>W7y1{75MYoFjehW~5Pt?qdWr<Gkly7War+j47*-}p4lxSK`qMyhG*DN0c
z#itcm?Bl@C+toJF>R2>j1G6v-cj)n)FfpjlQ&aF&fK3L~mwBgl0TxJ{vDC$Bi7vYy
zOQKA$;ALf3=kcB(gou8l3*(|uTt8J=RC2Thim;1q)!*U+y3kY(fC62Rf$1R0ipC=8
zBc6+vJ(TH3zH`cpT8_xAL_eygMl?mh>|hl^A~H~kC-gUBF?JhicG;_1aa84>u2{hR
zty!(uM?9Xx<&U#vX+6hCA&~8>P3M`8y$~CJ?hMykbi*O>)Jb}G!<vmZwpr~RK|y1m
zkpjlDDCRVBO$*)?w`MisABdxy1&RnemxfT5fx*O`3=*-YZ0pua;GZ@)%VQ~k<Kqi5
zUwoVEP{i#WP2vSLYumbIUu?UZi%vzWxNd_0T(#=9R`E=<i>SdAf}f7J+yEMgY#tFA
zi1KjVvdcV8wPC)^bDL(s?<3NYtdE%LD!aosr2Z5EOU^8;KtNgBK?Eib-=Gvgv3Qzg
z7$7O#B6HUZtJ!ksew%Z+@Qf{_{ETf@F;+FY<~ZyF#4(@vN8H`v;Td1uJ*_TSVff*A
z8{zs?Z*;s306R#zVR;*{PxVhtg$2hrB2G(EqA%<SXUvYrqoT<eXlw3*aF{LDWXHS6
z^DV9te{7ocd+s7$3kZ8(ezi7_#(iG+(-uD+T0H>Ic?3TjW-pB45HD@06{wCaBBWn(
zMYs!kE9~I;>yyl&2!1mRZ8{7O+4yTrz83Bq+!%}9vRfu<jQdt~1G<5+5G+#SDdG_e
z^+g*y5!$8kz1BrE0F8AapD7Xcgl&)bgRNxjcXUDq{F#K6jPW96=qT?jNQg&Ai%||g
z#?B~`L^%LOg4hzLNWm65#fSJ}p-94~kK&6=-Pq>^HR`jEtG&Ai(I}iqK5Yk9>;@y{
z8%~R;pYJX;?L=$`$P;9`An2S13_>{KC@PSam5yIO6V}7dz8OL?|LDQ2(4IvL;qwB;
zkB{iEGrz(lx>Bkjj%`%gY|E{whN2$2)Sb;YEvStbbX+S71I0i%7#MQ!4?|3$9X%CQ
zxzaxu%}t{_o^wMQd8QF!yCLnI4$BF|b(%H0uoi`Fi2uA`jH<adJ8~qQIh5rwO^@`-
zhKeHpMOJVxsPLE_syfGxIQcg;ziHrP++lV%2)IT9Oh_tPpy>-fU1y65G0ZH55?6L~
ztA@mxn!xX{wd4KA<e>$XsB@vYg$Fx5U>`cC;c+cjDr7GA`1QT~5KeE{zK?c6`fRI3
z_XsmZks6&H?})4bIkX(<kgrdYF_~2*YsH4!TrWZsP$8^mKaS97I)PbZo8)*%uZ#L@
z4M$id)TJ@%H0^vy1fzuFQrJ1S!!G8-eYJ_$kKGN_unCEIyr$y;iLUXRYU!oUWXVDf
zjhb0l77Qh2Dr(CpVrIuH`T`e==)6F-BJ=Eei`fT~d!?e#rwP4xQJbyxb?6OT@_?<i
zFlAIfCVmj|bjqJdKQ=xwId$^X=`&|%FU-xCFHX|m=N@BUe}C@h|NAd=zu`}Qq5G%s
zd=j320MGA+r*-TXDSYD5Wca5L|7CcdIL5-46=_7+8fM|GJY1HZ-vwa<!u%V5vHRV}
z+3(9zkkgMBS@_^63$K-)w;=w{;rTo8^!e}CN<mJaetI_9+Gw4X&K~E)Y!&JV`tlRY
zOtk~2c$`$m2eLSzDaJCB$N~Tu%yj_-c{$@KC1P!}YHr{1wW~}}O#s0solOS7VWQ7;
zC-)8fdE?x`0OL*h`@nMp?7|QR(uv5+B?g-~xI2MnXbjmlTA2w2=AW3C`T_Ese+>Q~
zctjV9_JJlyi_7+b6x4xD2`v+KeSQhuS?lHbg|&wv>*A75o*~NfqYI1r^2*ZM(uJ!R
z^-JZ&xuy9sBw$B-CH)4HN!G>ztwsJO124!9DwhXm0YD+@Rs;P34n)%lwSKxQVF_5L
z0_qlMMhg~d$n-R8_S2%-Pm5+h9X5Lzl9o#AwjVSZW6+Dm09xm>ib|yfMAN$87OD(P
z?c&_PU0yYMx<g7rUY?(3<5((%FrEw21%laHEvWw@bW34C8@z!dcVlos8(~!;W~72c
zNzNTq)A!Qy07}s|AmdzpqA+xWD^1*h#UvfH8=*lV^cTGh4``z^Xh}PCgU*bz3jmZy
zKDJc4am(JhkuN1NXpr^>Qv<ni!v%bA-++qg2ULHff#Q=J{epl8ZOU?~I4GC=Hx?Lr
zP&)~f1FI&)LjIcuaLpBi%umdVg0jWmivl@eXosXhMa>TYlEB{6aI$6&vJwVE&{N<X
z&>Sd`j%S6AvX)-yY;%Xs%hFTe9ukmyv(+OVN8SiEW`5&=%eqm4%tV|yMG8ofY0|kb
zp2QZ&90z9O;?>KSi84KXquyyWR0M&!IxdwG+3_Rk2OifS=lWf2FEfBD-SOICHs7d1
z@eS7PF!oH>isv-Y>%{2H_J&j4VBSQ<Fbv})hNUK@H*m+J_rk_=1DUBJR$V>PqKgS1
z-K7j1M9p|V0&Ff05WWR;_z62H+uF?E5*)%%ho0WUg|^;yH+3=h0_*tm$S}+Z@<~H=
z{shI*@N3csEbazsVcfuyZ#d1`4e<)UwdWo`eiyl<AwPvh3U**jbuKgQI&QQ@Lf`?e
zdbkH!?=-C7PCastLJTzD{Q-;BYSW>MZU|n7b`ETRz~f-H+~CU%(}>4Zk%+8rV-WF9
ztJ(FSv#9S|D1O#&Ak#)v6Fqjc0S5lANmGm_%77dbX1l@c`cP2>`Zj#g?l9dE+@{~j
zpetNu9eKq&Y$|IrcPQ6+_>rD5f}h%0aV*(;=LqCEK|z44lUq)8FdIQ6M(_dugh@qF
zM|l9-$-AvigHBM1`Qwz3dnzslIUgq<5psXRYT73B(}5#+9NM<NZnsU^UKNJo7r4OU
zQAW+B73snj$$OZFTu6evrV+RsqF}PlXBFRwQaxNfmiU^>R~$z46j=|XUdMy|XMxww
z*LnRhJrbdpun1<&A@Kd~Kyq2xN4o`TsEXaNyuB6+S(UxHpDIk;dE*LLa~M))btP37
zuZ^Vn`J2>frj)BfiUf4MM(JvEyKS{v=pCg$G<}M)G3^~#qC<Dx!9pFc*^A)^k~XYV
zQ`V@V<r_1T#l;D@Gt>bPl!-Fu=Ce)Cf#znmSq9)LBOD^~Ih;#WLl+@`eSpYni?x(*
zOn50OPW9YCED!O${bXQ*R-WYsiiN3>7jY{aOUi&`gNExJP(JK~(HU`z?ZbGDtx%j-
z4k>OvId_LfiqWY#qKl%V#AljJAXU+j9Bq+h)I8S{>q2}N=!f9SU}Ye70ArkAJ%{)n
z>k2JSgtQ2S&?ptILn~AeGpXq`EADMrEScd8aSn`CNDx=SHl%O>w9wPHz+8uM9+e%P
zdVpk(z?N`}DCSIwJh=;2j@1+_scHs=>fu~U7CTlY`#ff@gY4Kc9X+9dTeltD4>AsE
z5`DqijCgs0jPxd%6!^?;e(v(pYI*)<k+I!Z1Mw{lSXn6Il8}lVl!Z(i$23G5!R85R
z4)yn%%RLKS8_+zvQHPmX<!6bIe?|{>lvsdT%7Y0CtTZBR<UWy&J1bGH=^A^vP973b
z71rI>oA!2Un+jeF-B;8L1KJR|WPQ{l@p#jvdIQra>~DrZk9xqtnC9H&+0|9k9O3O8
z##we(Oq_JM&ZW1LZIH=MgxYDazMc*%(~J60sWb!+VDx<8#bHkI3`~0Su()iH<sIg7
zv5F`uEQ(56zL2Xdo}ZN#?<LkLayL=GC3=ZUj&zd1gRlbi*Weq>6+!XY)Z!d}u(^)x
zkuvrRG-DLo1<F?}qJy`D0C@YBUv!#PO<d(lr#+5j2gm9_qQGP+l)?+{UD>u9jZu;Y
z4?qz<UDv12yL7aIlk;JiTyHHe&YKs?mlhVy*_BJ?!s5jxv;5|Q)n3O-sm+G#-s-eQ
z^fCH3j$TtKhe%t1SXh~d2Pii3WjK%`@=H~?^AK~kCfQFFnAAZxgpAg}9vOJnZr1qO
z4c+U09Ir%VB4$&RQ$;bY<h?McKr+N)ckCL>VXqb|LK`xw8wMbahOV^pz)H&^Vro>j
zX+B|jBupI)n=uHuD}<IByW-qT?}6|uq>U9GO)Xb3qH1%NLrD4yu1QT~9cC;a?+GCM
z++#u^(fK2RAe{9{`rwA;(U=O-!-iEcs{9(tz{fI!A`5~MU0^GY-3Uj}xjA$B>V?Y-
zbNZbyW_4|LZDB6J;)`WO*@499CxE)*);bLvjRrUl#PL)2H(LxLb$wxRVU1Iv^5WXc
zTMF#kh(0J499#rCs2s1<eqnCgRg(ewi=YyRrhzUttE_O0fx)@@BqWi^8olH*-hNF5
zft-fVY2hv?WkyFPvI6OXk(NZ29Np;p;#8c2@o_dy&U%}&pmSkyt-P{0d)d5rb#V^u
zo6P0emDwxs|LW@66DwDF??}aKS%3jMXN2q=_v+8<J+89>fN?2^sNuJw6_vSMfQ(4e
z3&R90BVwIa#pKqdb^SQr;e;_fE5yOaCfk!-Ace02M;uno=nT%|(V0ze9oCnTz|j-y
z4p=gg8l4NlGXaDG%Q~V%`eX2!(lR$T=G@ZqTg)eCFJCPe_$M`G2>QaipZWq_!=K}{
zoG_CN!pxRX8}$lAAkelJ7PQsEFck7E(A#5>Pq+?8x2UrVm#?mr#db;1duE<1I@*hN
zG?ozS=SUaa4cE<=2Iu${V)gLuFhyTeqQ3iDIhfpDnwKKgWj+<07LY<=LDT?c%a@Sx
zo?Bg8Sy;SOVC6j)sl_BXnd!M+(g&F=qZhN|c-f2&@mOiBPLHyEaTa7E&xR%>7?WL}
zNY#V8Qm(6lHo^`sZADd)*KjSBqGAi`Fw*}-Au+V<u_zC#;PBFl@JI*gkN{DYftVm;
zMIPu;r7H)>ikzKhG;be(A~K;O>>43cFJ#LDjPEAPO9v>EjXG%V38fWTJW~?qIk&VI
zCMl9_bf#*vD;o4W(_u$kTmV)gnUu`qO(t-G3I%mz@#jSQYk*qK4ZH1-b#Or{VkB^7
z9k6Sn>3y?R$|Zz0#`zejkb(nQ#qEfG+}qjotqL?Owokca`^<kcnOerPGdE8_|82g&
z@bYMN!H;}#VWr2{Y-}Z}60*I2zbkixuiU6iGA(XT$y~dmaFhH7;61L}TfyxsQlqF1
zln5F@(y4+iyXzp?hP@@KBCttLWCj-J@T-7__akXn#fm>^8bqW<gW0)~LZv~5$CsBD
zFPRswtm%VA^|T89WcMS{-ij{B@m^z#F*KjyvJxXDcP;k`O0o+RnoQD&BZrZ=wKjbk
z5EC}({o<*Ic#4^`2jZA0f4C<PnuW)y7!0MO{y1903trD=L}Mgq+Dn1g98dEjHWvf-
zLS!y+OvPiI5(+Hl6MJj8w^XAa?u+$nT;P^Vh><9ZdTft{y>gdwO{}=&#97=XAf&yt
zu0)q#m6PPuKj4yKJ`@7tFhbt_4OXwR<KT-nHa0dsHZe9iHZ^u~?9|xlu`^?5$H&IU
z$0x=o$EU_mj-MJoJ$`2V?8Ml__{7A-<iym($%#`Frzg%#oSht-9G{$+oSdARJUMx4
z^7Q1H$+J^qQ{z(;Q<GCuQzxfRO`V=PGj;al*vave6DKE6PMth?^3=)GC(oQbdur^|
z_^F9glc%Omoji5w)ag@aPMtkHc6$8u#OcY?Q>Ra!K6U!^=`*L#o*6qcerDp#<e8~6
zC(oQZbNbAgGiT2Nh-abtvrzO|$aWT@NSFL;yWRJ_<st3s|L+I1U;eHycHgOYyN^Gh
zY2WZa{;E54tlRxRKi%yv!23VB_t)Kj0N*O`yY^$<?h-uT4ezV)`~i5r8J;Kq@Ku@#
z&$mH%2ErW(-wEOSApGd=1KR%r&rvAz+yCVkyC>oK!|=Wd!H4i85PlrOG{islg$K0@
z@cfTI@%irm0dZI0_s?M&P|q*G^IKkcNc-Ir4{HD73$N1bf23(mi0l637rP&W=c|9}
zi(M1aKQi!F-CzIhZueIp?zbWQ9MnHM^nmunGu`h04DVlh!$aC1!t*yj_}AV42G2kK
z<5y|*4|TimMi}7v3y}VAzyCpP<N42bI}j#*>jBM%gzx+hpYPs&%NM)vf;v71<yS54
z6sFohJDr+iYj$<R)$E36J9Q0Emt!vetm8Ev^sue!2L5D8*wt6~YkLD0P|d#W_*%WG
z3DTskH{6QV(41zq(WwD@iuPYzValzuLrskirZldfC7vuP+1qQR#eid8^f#O~Eo!I)
zzEfmp7n4Esr(XSh_b&&Y@BS==dl2R!47~37?mC432Y&xLJfDGQb^Q76`yn(Syc@#L
zl%DVYDTEI}_!NZK&p+Q?gz&8p9)s{REASn{hah|kg0N?Z*U!Py=F6*dD+|kOODh=;
zvQD*jfW|asE&qeR<v3Bv#5fhVVta05%dTC7-9e{qd*v;5zwubLQC@k|A`~$`7P2+v
zm;c7&Lu}XBE45+c_jAL>!-h>oeH-r=8=JPzjyoq#Fqlq=MO?C*F<X@hn9CX+c8Ylp
zIg4>Ma#lp3O|Cm={O;?~l3+8<J(y0%z7+Y@sM-J{m0n@E*lD5kq!3GJnl%S4ictvn
zi2nHF%w`1`5D#r=femb-6>MRX)_l{ex-FaJb(uy!to;!iAGhPTI?zrVm<G+{PyyTl
ze59Fx$GOrWUXgsX&6y$PTP+RHS^^KV!i<KCWIW6z6SHi$BRRw<gqcTlQSop*`<mO5
z@<1uPylD0zgZBgV?ogyW=}WBaRkT&F_EA*sae$Pg$47OhGF;L-etq-|#=JzvNa67<
zLJ}w!EYtAo+yPjL{JYZ^lOYEB<-{)r(_~hB(FO+x!v-WFuh~UN0T{z(1)oR*^0W%3
zQgZ6(uqBg_Y#?7QlZ=F-St)M7XtSFt1oS4$Yh;z{(N^BXQ%5w4pmJkzO1KgffnypK
zz<&>DYJf7kCzgfEi^aj5iNzGj<0`vbhDzgicJQHRJ8q-qZdy*0Un62{T5ogP!Hd%j
zUs@J$ef(v}@L;f=+b}cuJ9AG3STi&*tbk;mDk-vEVe02gOG}q7mrZeWnl;l{zj#RO
zaAeFH%4FhWROG%Qh<ve*WRHeZ0pbk3V|hrOgUBNLWwLo(7-DpKXqe+JUT*^3Nf#^N
z5bzS%`3N)Jr*xcn7-IB}4`_V8kTa`5aD+_*dfVo!p;_n4q3SLVX0l_(S5EbXmNmPs
zn`Gi<nxscIqKmRoh6KF-h<^O|t!>!8d&6mWVgkXhXV!v$C=9tZqHm!lph#W3xKO@4
zzgnd09SW)C)0Wou(NznF@fMw_P=qK8B2#ZrW-Cn|$XHAF1kjeMc0(dEgd#;#>R%%<
zpvn7JBwvsc#gb!NmFdb5zY=z6KpPpT*=W9PH>-~AO<&W*3dL}+D6L+a`~@;Hl{_<^
zKi&qMKr!MOPN3p!t+pBfM=D4Fow5-$U!)rgP#tWVaBe_uAHPv>T3js{T<fGoBE<AA
zu5jr~?6P=qqqyd=b(}5nhWy5_yn+c?<k6m4*`ZI@#1y|i5b2Ox_71;;BHBkI16nkd
zW^!U-nvg!mHlUhgc%LME7f`kBI`;)v3>H$(hoBk^5FRNXa32Me=PdG6Bf}#)a)yNg
zZ5U~woZejZJC%HuVajBMQ~=g0M@lvJz?`BqIs?FXdp^Gn6R|E(%!QYH=-_xJvrt6A
z#k3LrHni}!bl+$jy&+;%1%up7;AJ|H$^iH^I@wRDS;J%D1UQ=9Fs{E4wvI`7rv(xL
zmBrh0cwF$Ct&()J*tEef7}M1gMCX^=AZkrVSnW{e7$g`OAiV=<&vhdSIy877F?j+b
z0WoU?z12h;^pdW`7~u(*m%y<mL{NT^SmfUkT~Iw2ohG9XnOcY`2UmKuaA-no24iDX
zQ+Ozxw3s9@Ycu!`HY13^FG(W|J$V<o1R4)PT#^%|$PiGXJ`}+#zRvD$^@?au(5xYP
zB}<4_0VRa?22jGVVs`e(Qj{=JsO9tvcwn??#xe#}IUXPQ{Fftxb(7v0l<40YMUc)q
zze?B$;tg@5uF&*1<b=SM$w_6403&!Y_?Q)Od0-b%)1jcIZ+S)F_r{9GI5c)*=z3x*
z;Tot~hvZo+9qVKejTmKMRtMAa&Al0PlD_Yif(&cb7B>{dyL%!=dzv7;wB;Mo$)g>E
zTr<%Boq=>TWIKvx!?kK5gq+bF(4wfLJ?a&i1E~O+1|RhXuWLnq{1W1r<WxJz?YDQ3
zeG7Sa1AP^f_K8sx{5U%k)B|6I>_)@%Y@A)kv2%S>s|;zQ<M#L%{AmULLqD#M4Qq91
zqF>M|gW6!RX5&t`Fhtw>p<!*2+z64|wW7uuKUB`qAD*U5)mnaAyJ9uatt0H3<IY;h
zc@$d1@Y$#{yd0egP?gMtf|5d$554I&M@i|Q>8Fv4s)y6MnctA9B{mWTKHq{p2%F%+
zD~yG5f3hD|*oamc`4p`_@<|3I{18$PuTu#iO@hZNHLmgbc0C1NsSrR6X5^Q(KRbv`
z0hJQ1N|i`6I8()HiE$EG7xTPea^a8k7RdHO#<yrn)P*>vX(JwE4D`qc%T**7GF%ZR
zi;B^rDI{PN<CH>96bX~mkuGTsV;L(MfrpVe{OiTd#^`*4d_x5Hu?BJc7mN0GU|?=T
zEc?MCxvd(+@?Sh{4+`HGTNv@z)vJB6{gkSG8C<Q9F$Sv-MohEaR^M=Q%^zaWgTELw
zsj$Q#iNK*|w)fVjNd%O+5Sc}i%_3pKAX28VNyb3Nc&Rq6k?k!jI)&3RqS&A+Kirc^
zHH7y!vEo$>8<njnFR^ULdCmwuj6oTldyy-!`q*&Am@3Q|W2+d`WUxDwb-@Qs8{!v4
zl2@Z?gC0~yf=QY-5>b#ZmL&EW%8@aKA)_7)0)J22AIe<Wv?0Gi#o;cPb|^t66?IYU
z7>$6(Lxo?QK=PSLe~cv_UunVd5m0yws33YEZfG`a+O&qXS*clgI}N+brG-ZFZOid&
z4Xt=3e}hc2j-L04mHxobJ>UIP9)5#AKMvt9AT)nJ8vZR0BcFc0`?U~k2>&0v_dK8<
zpIF{;q(l0+oS)wi>fK6w3E)h8S!Gw*nB!bX9CVvlG=#V~xbM~@Ie+*%pvCj_Dk{J#
zlUcE|lZZs@K(BK60g&*6gM~z+dX|7Dq9&P$GEzfj#3My1Tw)n7BmIy_i{{8KMs7t6
z{FEG=wz6{|_In_CO5AQ$`N?q5Z8-L#r>vG^P5>j+sj&W2e;deC><*3_#PfmRZ+Wsp
z47<659U+M~-WnJL@@~Y^YO~E9N(RpnU85^Qp0rp_@d6ve1@6j>;>8QZUlC3NAe#S%
zSmBz7qJyiCNA#;rajr$b)CVcS`pGX&#50&^)Idr`LU}2d^gf`4FWfVlwECfG5UR=h
z7JZsdP9EZ*P-4X$LGbeh)ASmy?~z;>51`nRRSLWAnh-mMm0b@Gs)M*7Uov&RbN<$j
z6ZPkLwdpap{()aCx>pXyATb|{qCX@-a6%Y|`?0oV;(?nnj0yn3s}|`4ZBS+c2DK6B
zl<@MaQk<d`!+ZVEb95lhk*~ItdlSY9x=*5(0zSaKYms=ohRSLuqJ=Y-Ip{#wb9{Dj
zRp3orotTvsPZ^9EmoX*I<H%iv30*FCNlDj&83DENIdjbr4rvVGkAb~i*MivwscF_+
zqY49SD_+8N<yX&dU)Q7<4aTTgL^Kd5gW9k@Izzjz5`Ga*T%*iqcr?ME!z}TDDlwfb
z6ryoFy#|EJk;F-*j7`{pW>q}&Gb4IDU_nZywzZA-P;Z!<R_pvssbu-w*MucD#7U$H
zre-?p*<-HpgKY9j{;)XJCMU^-VND#`SFI*$&{S-lxlhK8x$hNGmA^2opP$wz;z`Mo
z_@>*YD~-_^u&uL$cb&cq1(Lzh!B}C_)B0pk7<0&`Z+1Ldk+z%~UU>L6w+(a+Pxzs*
z8vLrZUCt!Ky!U+9(TeSgwtT_V4Cd9^2-KOhQi*vfDwTw8L8%nAh$sfWBiKnI(-23e
z0s)skI9%NH)(KAr4y;5ZkBn0G7_xS!vP1txsUyV*r|I0kcj$WDX)@0^ZhKRA>m^Me
znk|(sluC0$)QLD|L$k#T#knC)$aSIWWjAXB+JLlI;(jy-jaZy9I55CH-uBrel&xsh
zYO+Lx1lzGHh6f_YnB*7w5w!4o)`pz}yPTpy9!eV}a)G-)jU|Ob(tuF;)rVpOG$emB
z#EA?psMiLy!RxRQPiNkzaPVZ^+HUJ!_rf#xy03*W2_ZA9=Z{aW!2buUn;TV#R8@0E
zbZvQ=t3F1lU3ukAtKRbB>M3*lRFG+o-6C6FUiHeT5xQr^NOaHY`89gBD*S=}2d;8k
zm9`YkRd+<bQmN&)OC?w&7SU1UGLR|X-3-5OTJ2jlB;X(Do`>LL+xB2zTq>>5GmPh+
z#7k^3)S!SSY#WKI;`fPG$zfEWpJuQm#M&XC=aOlmVD=S$kbwu&ZbPjI&)m=k9^vZh
zXfi?{HVoMw$dFSTQtCK;fn}$-F_@8{%{d2?9X#br3!SV=kJxkq1s1IR$;#siWQ7g9
z10XvwA+v{x0?~8u>%<A&xZ<q~`E>LH65-%W#d_9mjJh5FM8j!zZjatRbILq5H41}#
zqT)19^dQmzlDXxy{SNFYIi%hReur|8eB!3%jlfksYZ&pnz-$4Rr_bnY#bk~+T6jlS
zs&>#L*YNu^^NT}ijlt^~sp(>>LKCGiP3xA87uwpx=^0?}32S|g7=5;!ol8l37+u<?
z3u3ldyL#k~q=oK%n6YE4DC4IKVG8(RL?1jcIIPhP1|o-!A7Jm_Mn;BjLVy=uN8LF*
z-Wn_x2eq5U;!T}Lvb4CarliN@nW+cl!RR#c(i2l?53<3)jz`yUL?}un?0=(FI*z@s
zQCt!wL>7a-Lu#XSYrRy$36UJMjKp{)P+u9Ybo_XFjXvTgG&h`>I00x#5S8?h;tiFJ
zq&A1_5guN$TecY!3H(tYub@E(-icqcO|nIniw2ACK%uzs-fZ&!$0F(YmdXzDuGkhS
zp@|i@fb(TUXKL)j=(=p_O-lC9w>?zCJb|SkyB7k1K1zWoY*(~8!c%~a(BO7u5Vj{;
zo%}o&*qu7kAuNxtva991B9c@zuN`ONTZ&`kg^5#%FOPlE>eSLg@O@0g(8<R&{7-Q8
zqx$%DtbeFDB=;0aUG*AW4U899<4uFXjX*ZLAa#*$BF9;?4%4uyY1#)qey{sU2>%+w
zCm^i;^1bdqhVV3mcR+akCxBmq@U0LYgYf!afp-Ys3gIybABFH`2rokTEWZCLyhC^q
z!e=48>(}mee;&g3LHH>MpZkq_-QsWF>wXcQZ-D1R|LI<L2Ex}sI04~vzYE`g55B|m
z4e<OZgfByQ5yEF7yyuhmy1xwJeGonjq57$N-S<OiKzKI<?+@;Ee-gqS2tNwpU7v>f
zA$%W%pMvnN{|xUCz7N7rLHOt&LirG0gz#Ai)xU=FAT%Jn8^Y_qaksk&;aed*2H~R+
zz6{|-2%m-E{hi(JPeQl@;YT4n@=d$l8xTeyEJ1jr2=5R^AS^-n9E9SD-R>9R`387?
z6vCGwya?g55Z*Jk+x=w-?}PAR2-Wf3?)xD$AiNvG<iu{b3E?~h6T(68rb*UxOfaJ>
zUU_A4^|X0faGENEqkVCnN2CGc_j>~-?)L^v-tP^Vy5Adc@_ui?sr$VFr|<U$oOyZ8
zPWRgaGCw_AZIri;g4y!{x8~(Gc0S<dyu2pP2QgXB-q#J70;cKyX8W)O_cz~%Ex5lK
zKWxGM&G}&q?r+u)TX28#e%OMe#{5l~mo6_|n7wS8i!e#2xEjK8+r91BwT0#ttHrKq
zxG(qD2imx!MuQKuarZxYzP~pm*n*dJS8^aNxbIoTiK9lr`ftHeBUAmi;Hc3ep~zsb
zZFHKqyt(TAxft%T8AlDD_SlTQBh?jey;KTx5%Bd&$Hz<OY^%*a(ofS8-fUT9t?jn>
zFT2uN5Ato=?RA@sIW=Kx;gH5()yAXVhGtc(u#~%Pv)=TCM*^p5ZhGq)>I>q*n1$C=
zpmWbUB;zWmDIdM{&5j=_lj64=d)rG!Ls}2@_FdHYMm~apgkE1m^{v1l1brV;0#6H+
zKPdgC)nW!DJUd-WXF@4d5&;<=|H`@t%tJlu9x$C=Ndo~-hneerrpv*->#{$m3BaLy
zs7l)?l{hQ3fRRC>y92>b1ParJNyz~VFE)|T^YMtC4;HGm(GNL`1WCOqENTj*k-BO(
z>X8IGMU_fTd%GaJYq{G4(q%fXPOX$MuMn!tl=NfQI%lpE3<lF#GS07(qZp|?I<1~j
z!WS<vC#<Zq>YLP2fcNPTLz==d?(YYn1=Ne=zUa0$EyUyVL*@)?hV+%SC<eF@PB){E
zp1p!I@*-;Dr@|Ue+VewRyE;=Ka2fFMUXqKO^-xjbJZHr9Y3k3J;TWt9+t;y-O>%zH
zs242{XJ27Bs_77eP$nM?hD`#XA4Cc~<D@q?7<D#4Q6zfOuAc9lnHh-}r^F?>OG+hZ
zBN86cDjzO}we$o291`1f(1{j@!xQiJNLLqG;=XI2ZPt3s#@LD=qYLU?C?_W>Ui6xp
zhHAa(iR&j$=&Q3A%WH2b$x);FO@jR<YM|U)-Dy^D>J__cp$d-UlZ`*=nqce6Ul_aE
z#(_3NYpjaXaQvO3Tq67}^7}3+H!B}jy_;dOPSdmMHtSNXGllZz0@-fXA|Q8~&NCgm
zv7@`&O%EbS!>VbKwle}0g%#U|8T}1ZJ{cv;J{p}AV4=3mWr7VIpY>|YAd`2Z4nwdo
z&!A<gP^@Ax=d#exq1k3NaCgr=_w|GaIzI<UkSYpM5TOL<k!v-;gDtx-=eBl6^f~m;
zEUnaHL9ao#n&@{TV-=S=Lxu_>g4KM*+7_O4q!eb0Dd|EouC8mGKZXVAh2fczv~J{8
z_2^6)sMG>N=0QrXEF#g{oaf+uoiXO=izzGLoH??Ks$!K%gZThgn<%fI6W(6@T^igG
zK2J)?t_V=UX0T-tSwD_~%j~M&5#3O328^C-Q`TgY5jF!UVLH3j!iH0;+0BT`FHTly
zCxUD8JB3Sn9B}ni&EkFa=XAQdOq#-M2o(DFQllfyrUAem50oUMO&ku@@()?k3gs<^
z{SPc5c1<ohK{*9;1N6h?G`3Wd_fCc5p5V8o9ve=p+fZ-P4ArP-FON9Ry;gOub4*J)
zxi`zPLWdJ!FQ7zLYx2g=mgokmT3ZsczzxcZ>E#8j*z@|WY)XQ_<FM{zk@makc`;dz
z{OJWSra9k|5^gqPOA5^s!FEUH2?vo%9AVkwB#ZDj4-JjLjq{<8B@y7GNwdXh=LRam
zw`U5`iT7mWqm+9am`yvT<~>9tNu*X#fL={95)u$Y`WO*)gtOC#3O$T`Bzlj+kC0)@
zkb>aMc7+$k6}!%I?2|W=YR<tLg{f5q90p@V#ou3iQ3}ZS(Iz~l1wHoSMnsg_vlD~l
zp$H`BB#ZMwY833n24RIJvr8yM+7bMvGD+&>tgQU=HS(9jc103rv0$-Mdyo#82vY0W
zgIK?4g{jQi0kD{Cb4L?5Ddo*#H=pa>IIJEUa~RwvRgOGoA(iv%)jLdHg+K?g_qJV^
zg-U6Cm%xW?TuX)jAo*oA9SVv_=Z`ZEIE-vY8jm&hz(*4^8t|GeyG^F_R&z)9HUN;C
zf_aYTc357<{f>|%%5!yl%Wewu{8rocY}oIi2^t?|xilDsR>Sep4r~OS^i?<7Zqw}m
z-%O3fTvn6Ixu7yMV)Hzw(y;R|^a0)On+cAv0jXKJ^eH=cehxT;b=VIBY^Jck0q4m!
ztR*%d1Q{6K(*{<7gSi=Kb@O}j&r(bISJB@6@X;?<=gfN04f(jqQ1qFK6?hCF@h791
z41ykf)Ppr8B$0a@=-eE#80Ss=nzBv0B7ZyVT~aTOOR)q<t9{yv&Dd&45#<LDb}4=t
z7UHbMH@Qq^@F_uMtU3KIm)s4OVi9L2RjJ2Q`Oc1mV@=@Irsb1v)v;#eFfDPc#m_fU
zIzfJ5im<^h+%fOO*-jNhq9FJoy;9RLwOBTaH#w?Jrzk13L|t$0QI>ffiNzt_A)JLW
z$MbgmDO)<!Lp>E>5vp#Jx%h=iy)%MLioap`oRul*^N{MM-nQ4RcC7&wM#=*oggL7y
z#s~l-{BFyGZ8}zyt}+2%vp0%Np{6g1KHVFNSca~sGLCBDvxF!Lnj{X538hk5)l_Jd
zyi67ggCO+gU{Vk|3T$5xMpo7y3#uB%+}IyEhwr)b@2P(z%jY60Q-Na_k%{@)kyM{V
z1oPo8-h$$|U!K9a!AJ{?Sb2tWPO3ge>XA1k3{3R9hhFl;^<d;yQOchJ4^G4r`clh!
zri1Q-=#FZh6i3wGfV}|+dC1eRKrM9lJKkZ%yERc5cbx@&ug`@!=*m3ERMgktBl%0&
z!kgRlZ41)7iBe#F1l|MpHv|I*4Su2HT>WO~mC35r+NN87xKJz(OZozYEG(0u>>MN5
z*dvw%aGp~jmFP#th*>hzWXTH|IU-@3CO~V`?BJ0cR!eGZ=yYhkjUM`7N4V*D<iZ$e
zLZxk6x1y3EF1WC0NjxqK9qSIzClhZGR}&ot73wL)An0J#PfDi}+!0%Jj^iqAc?>dh
zxXASM3d3m=QtqE<$6%kd?N&RZV*-kh(hrf=MmG~kC;&%*XAFQ%KoyXS=-{$_PhxcU
zGpxa&9w%3geGO^K+3#M5=fH*}ttH7p0hpr0!Ls%k5Wd7L;j$UX?SML^@C3@q=c8LH
zTzK2whSLI4VG@GyOQL90_AtdVR7b_mHf4BHMhAE=<sues46wSlBJlS$J&?<0_eQXt
zwY>?DTg?vgZpdgc0I5is4to2ZQn9lgK8Exyx_ynzxO7@7^#HK~e-o%@?%sf})eXCP
z3z(UPQ@7ERp`wG1UdQaQU!olX_!&ozC}a7OEhBMNFD23|)|p)6eB>9FeAt?esSHmK
zxlw(zDGSr29o9>-Dq_>F;BCcryZnrDF+}xqO5lkTY!}dERX|xm_q&m;Nvu$myt3?(
z34AQ$G-f1EN>|ah%ITBR#N;~hN^PlvIP}|8J`I(ELU|(Ec+I3&5J(BdCgoPirr`f#
za|C-f-12enqvEDFp)Q7pUnKkpE~Y?raQ+jgp2MhPF^1;7nZLV={_KO<_zK~UjqX<n
z_g4t_R|xl!Cfp>j;uCSfD<kPnGT8wsPkeFJ(dQW+;>9tnnpw|ts}9Qe0_oTc^f>%B
zX(APdlZA}sS~7b3ZWi~WRI6Imzg=`ZluHzbHLK!igL8x0cZge&0p_GVtdAzXp=~Kp
z3q@4;Qg7RdJQx?gHSA_Q0Yrr_>$V^Nj#0Q7Q%8ppc$Gmc4Li_MMM|&YYS%<M@ga;t
zO_BCiqKQ13tZvcyF7#jB<%xoKVMz=q!#+tOaQ@CD)BGhEay;NMV7Lqv+FJUy+rDMB
z@!D3JCKkUqQr~daHyRLp9n~?NrvBvWoLjRanlVqf+x8Z!AH1C%E&;8rcRbtEs|~BU
zK3XRwOugWse`EH+cYzVHTPTQ@3xZK^I89r(>UebhcKs#+_}tCmqCW3<fYa!EIZ`MS
zg4=qf;Z|=&fQlq@>*29C7oW4Xhw~TLk>hyEz;V%lh2uE@*zdIIWLr06oQALGWGN6^
zUe@_t8Di1|Y|3TFw~s4qLBg7(Y02w67OgO_WC?Q1hp!SSydlZil~ND3EeW`|TWHy5
z7Ym(_LNk+5xm0&JbBzLn3s&SP6g9hH`{HZ^wWR&?{X=tnrho-2L87VROF#w0!YJ&a
zCU#wwvM2d%$;?sqxdd?)SQ0H!9;$#$8S;9uXCP(r&wGKcqEw?BhyIf77g#D)3$kGk
z=;_M<KL;NLUAXq`r3nG4KP1GMt<}_c5t}vA`f^~9a1iF0Wpo}Oq6^qQNA#Fp^L%+c
z(+Fnog3v5JN<pBYX^hU%s>o7%Xjlq}#C0x|gRsJYC`9Om{zf^Qswqhb!yCu0Sgl1^
zmRF&u1>g$SnAu8<YoL1sCns<kMd9KHu{0+3?N+<Ls)Aa)Yj~;dbGZP<+lQc}C+tQG
zl?O#>=Q)HUdSbnaGP8Ru`_z=_r)b{y{5u4Qa9eRGO{Md9c6ZK!HJ6v8z|0U^Il+@q
z!nv+om5mse8qr(})G5Tbpa5d+WDYK!<!dH&M?xk!d1X-UV?(j?i}8wgr31pSR6NmR
zO5D@Iwhdns+H;tYpJ+hRyt~UqTXB3tDt-IhClbtf#8MazMK|FvoQrjvls~HjBh^r6
z@+L<CpvvW_<VH2x!|VVla;sF>-+>KP4ONqs9q)CR(!H|dc`-EmCQRJ@2HhVTS;e)a
zk10S>_McM^YL_crx>bl@lf|^b?P^4XrrQlK3U0aGE~t#hk`j|pDJgPs7B`&GZ(dng
zTrk&WFI+B@y@OABL3qQiKqsN=6KT7o<AYsmH&L;umf5x2P8-M@OBwIU7-sg5+sa<Y
z&F|XM{8C9@L+z!S<5jJ8jkOWUmcDJXdoQhu3j>MKZQJsIrpP6@b#@V><up2NdjvD_
zTN?fLPO!&ykZT3<W7Wc*;k|;Yuci$HhU%|bgC=W=h4d#KF`0#4v@2yRC{=mAXboc>
z)pD%V@!H>r=_w%hoU>6xrs*T3!Gz09wGBoHP0UG%z!JgMun^Z$!^*NL3USHU1$6ys
zyo(HeFQLImPXrj1fIQxXAz;xj!{-K6L#9Fp;qxm>qoOn^GCy?Dy+uIqrs=txb^%uc
z_m=4j@)9bG4=V;KLt$J&Y~-lX{s%0UJw&Dm;lf+j=&mYcbIIoVCLR-nlq+5go+02;
zR2XI}A(gg)msJa~lV@$(x;SCM!Ng243W&^gCwpyS1h8fk0aOfs93>)P@1I1fisubi
zQcn_;i+06UEpu3(jvEgUwIwalZL6h|qX<4K(3O%VK4X+%gerL9@D_{~u6e9a69sN>
zH~_>ps=RO7HEdsFhxE-y#3!fGz&rndZrgOe*=pNcj@$7PMTv7x5?*dwe2meyCQ1op
zwJdB(fgKbGdxn@T1aw9kEn}-R>#A_QR!yiVzmtdbGkIE^_MfAY!s*EiATxJ<+irqB
z)RU_Z!)Ln5ISZd7#YQ?MYqjVfai#1^M5U|o9xlKb4L)~waD;=dT2!;$2CD4fWBvpC
z@*K#_^y20akwwd+zCg3mc9kxathm5yF*3-VrFq3zcI84S4T}n0q!z@-A8MAYBP3jk
zm4A02?M=OUzq0!p*kilxKdf>kpkS(k4(P%6vcHrOQ71l#Z6NQct4Kk`jg!IRSB7nP
z6E%-l>~#mG)=s>Sc&i!JBx3+9BDHa3IwG&P!-;fz!#%;a;r*l4jn$S_h1K?1yY0f(
ziVltn!&*pM(+_FxN{4Np;)>qn<+%#{&?DlAhz&_10bXGomyC!cBp^{`XEKr~9Ent_
z3x@05-dxhSI3~+1)Q!=P#aD1es=JD~0|X%sK_Q7by<kuPwLnV08u4-}a-N%!=XH4`
z{DkE(9Zi^I@eK#bw3(5f%Fr^`CQwN53s72U>^Ksr9t=lWev+i8NL}{UPuUjF`|PG(
zUfQBY_xz)zXcE+ztrGEyK@oY`nYZm0I{8d&HX?`;`<SM&vj2r9tX7gc#&)}3!PWe@
zDtiV=9~7l>+auSUChA}mtj4yrBl{{t7EBsLSs_nhrx)n}SdVD`2md%|WMGK(;{k>~
zUOY2K3|Pf(xZCs#7F`b=2I5{2cXh3ZB_kB*l5dqxTfefp@+6iFg^a&ZN)x+oomCvM
z{#Q%BBz7gRT?|bWQ$2Uau&>`CP&gy~%22#KLy_Epd}So|ITHAPxRAyM#0cDLFEquO
zd%9h}tk;z4TTJqhBTA%IDk+&tNFaIiDA_?1>(380J#@&_X~M41LO~*q2j3#b6$Oq*
zrBx|g#VB}OicG6uT*EqTKToG>u>x@ERO@~vH&X*y@2M`+LIw1QnpcLOx4<)_VnE^>
z^I$}h19G!2iD9ku&Mzu^KSe7|b^yT?&tttm+{1gEq*Yd^mt?n0s^&5$lpQ=D&p5EC
z3sCmoR!P~d-hTrXW9`|J0b|T=5&cYvE<h@(?13mcJ0;c|(b%nsOh;zhs0=xADgr5{
z^qxDG<#zP*It??+4b0o7gQTFc14Oye0QOapX-hg_h}6lJ3C@upOBu-|&FH<`OOlH;
zCA~C^7||VtkY=kG=UL@E>Efu^zN8;yTTe%}9CNKVro}y}^}9x-A`~0kI9kO=c~59X
zCu<Qc5w!+s*5JlBQ(+gBN~{yqraq}QXHi<nj-T_9gO_CfDtaoSWSK!4&!wTO+~8Kn
z+sN78kzT~@B_wDEN}CWbk>9WzHeP<DRI5$x=eS%q7oiiijpQaxc}Y<Onbm}q4j%fW
zK!_kU+w=QcBKtxIEPY=X!A}_WOwrQTt#q|w8RP_|lEBHvm|P>tm4Elow1kSf$~EQX
zA!sqx=5+EeYbU2Uw`9+wxMj<&Q7Ly*{;gMn>(S%e8Fh+`{g_%UD3%xH1heh7wL?0c
zvKUmPm|NRv*?~r7$|0IUc~blhAKL!T>~n*+=#ILr5}hG#+M8~Bhv{mBLJi@gjCI3N
z*?k2=ls*~bV~P6Mx%XX}LvYl$UA=S<q&~4z{OqSvEM;mZ->LW2Rt4wHoZH;8+jv;*
z&2aI$FqLO_d!SvS>C}OWKGSj9@h*;n8F*mL2Pyt#GbrkOis-#h;ro0il{)u&ZlREl
zWNf2Q$1t*$ilZyq!)0xy@I(x8C~>}Av~RcUs$UokVb^W$oRzByqYHVUdW%;tUoH+R
zUFqi9l3^QCJ;}bT`?8)SQ_c2=y}x36StN8s9~;S<kg@p^-OH)_=*Vs5dZ0cZ|70G{
zDD1W8XJH|3D#&1dDt%z2IE&);psWh8GD_<qxXL98IJoWNzPF002*+`!%%~AvHi0|8
zn{=o_o5-8Y{2}lFBu;uFRw4cB9|nE2nb^uh?IYCSk-ZoUWNC%H5_W_Al2KCAMJ9K;
zUzRjQ4ih2B%yu<>&yE$##;n;CI%^*v|3$7aoF*z*YO-i3j5aAr+eY>AL=qOwk^n!H
z_>Mdhs{-BXt5S#$rgqETF&&TVIBWH~V`7Z2(WXzlqAhJy%}up|zGAhWM8bF8pdw_Y
z6vbR3M>VayTWKg;6g#4;c(NXt6u|^mUa#$PBunqxvcj~%7Md#IyiQySDB7-24i$gu
zFG=;kyGg~$ka5O(dTe_kNo3!f?CT^!=GAz1U?3T_rd~j|1sB~mE|l@P7y(hK`4<2U
zKT_wX5kXx5Rc$KHTT&{mF1)pDE-YSLg8$~rZx*%$J^PY(V#sq+e+6Ad#PwzGEe_q$
z=`P&GL_3PH3$dO`5o6?SHZj%dtsd?RWJY;&4e^K$uMs|oZfW9lZ$u{suoq9Qa>sSB
z*pfvAv0x)?wvkN&GcYTg9QKD~Jqi<Rk&&H_dOz<;%HD}AM;lm1(FdCf+lQ<GDRLnW
zTkw`z$Zr_u<wO?GpStYr16z>G0sxT73OYDFB~B0O;Dmqgor-<6i3~RIS@eucvE^dw
z<f1FZ=vDrcQ5CxSe!x@6l?OrD^&-qTGzAUS{pZy6hgtuncN=$LvFJ8aMqOn_pzEt>
zA=~55p@1lhW_X=V>^B^6{jQ=Z>2rs1vIjtNj|??sExI4DG@R`Fr-8Vi$hq7H2^R1=
z<6Jy_>h3@I%(NUUR`nK|bOIpEv^wl($@rSw0{S}I)B5_5sW$eaGG}$Vzlh9fAv;|J
zkGY3TeZ6DhwG}ou0G4YeJ=jgRMlNS~`ix2t@SE6wH}!g_Sw+&1a^G5~YLliWenOY`
z0T^K`ux9ALw6b-f+X=LqF6?Iadj`$u*$MggQaF~9;^sl`rc~S4EVl13wp0?P!^Z74
zTl4WPzIP(LPOkjXwY?Bq+(Xt;wdxNa#<HJxR^8-nx~b1DFCgMnoLUm=aqRVqO|N)I
zgFt=d5w3)uk%@!|?hmoTt8Tk(R~cs#!{Z*ai77jynLc7KI!dq_4HU#R+$OnlChsU>
zS~=uD++xmA>}D-j;Y@#?*=2JtpfZ%?5Y3~A;CkM6#BoYS*+CAcS#7gp78&3@PF2ia
z6dtKNeu5!JlnxKpN~I`e9?@Z~HD|IX_8o`rZbj~g^~0TT<7UWGryi@L0JrZgs$4g4
zBH5(n4i|3S(T#+xtH=K04&Oc8>2*6JPj?XXNcE-`$*GShddcEYGK!O{Am0Q^sv0Rs
zrPSugNl4>IC2D-wLP2zl-;3}OF>62)K4wFkOs(@{&k|#O;g{OeP)377VcQ<h<GF4P
z%ycGOmalZ0O;dy6`>>K8`1bCnM<hLwHKCv)lvwzk;3$9t`qd#4dQ-l>DRE$ef4HfW
z8v%PeAmMiE?N2FlA};aaI#B^@5$`M9ahy|GmdlBXI0`hjDL3TCsiE*1qgpv%8dRbN
zM^K4bb+U`ZQeaS%lh`HOWICP2ZpVmP7WbEnkqd?t{qdw}8ASgAodfm+JY?6<`@u;b
zTWB3($_ABt&h$5p`=~PU3d{yz#+^GxZ`TUL+K3+56cg4AN8LOKatxyvb*ZSj|M{Gh
zINei2ubgV<*pXb~$dA-7m3d_|B4|h{E%UH4w`7=;nK=;kDoc@ct9zD`uSX;cf~*op
zm@8&};@M~Uk_pP8)Dh9`?|*2LI?DVYUJax;+RtA>OjS3#4-&`Akuue8eoI-qo5-Ez
z(eJEeO}q6Y_qsn0!H4jJ5Z?Iyd)+#ODF{zN_?-{k>;9epaIgDc;Q1POelLXQA-osD
zzk_h@=kIm5Ak0Hphw$GZ9Q*LS?*D-2H^K9*i>H`Z+cUzc?S$i=28xJ|ZO;--UI4ai
z;c{iXTpmBO=C0D|%Tjv|7DL=VExdJcb<8{?E~S{lE$+m`C4T8`x!KvAx9cccgN`e&
zEUun5PXklu1G8RUc@t(GpJIu;YTIeSvQ{on8s^wmxxDJ1-m=;b?5!5Qebrm_&j{(l
z!o>=FE|-_q%*E9y^W=)vyfslSUu|raP3?#_XyRx!XnexFbb0B*>}AtjG{+~#5#q!#
z_<cKE2i&^xS9I%+7-sH&s!i^>LA`I=K|fG<)lLnnEVBJk)$KI#++ao@(;lWMuV`<!
z{2kz@LcYjnEU<Q~>25dKZx6NsKKjqraO2CCIcIW$z42o|x@6sI3C8S^Yk1*s!Eakl
zk8KYEj{%QdtJ%QE+J(7>+k~AvI+YpGm#wz%SdH>CBYOFnAT7Gb;*K{B@=8^Jdc#eK
za81y3n`WogvfFqWh;6Pn+=|r*eJ-%=dfdB~!TUXMh!wlniygRCX<zS`O6YOzJS&80
z+W;id%b-XrjqRi<87-R8RJ7ABjs@=t#}h`RhYb}(e5gvLdG>>e8{(}4czD7>`sHi|
zBQfsM2}R0%XZ$L)O@aV#_(`iDl8B430&5Q`^F?yHP7+*`%NeAvE4GJii<ku!nUhGr
z(`wiSrd;9FcOEYA?jA0ZFp$+*9K+Y9<82grwkV-B09`+m+ANiGAEi1~eCQciy@A1U
zR&A?+RFXOEkHDe=UidCl!i=&eJ-EMYnkP7y(HB_U4mmW5R-8zPrKTlLre=;7Gk}y_
zFmf2>ju&1RLPu|jQgr<|e$4LUgnuW=@mA)bZ&5mL!)?Q`%oO5aY@_>EeTbw6B2@wb
z(m~5@FQ)+S0L|q%mrsVWu!fkT=*Tn*ejcW04-N_KnWLc8m9WH(yV`p;?&3A$%~H{t
z83MM4nG@+=K#*NPySHjE6E3FEBEIA(yG8*Z9ykDeR5h+OnVRms8o*TDdbglY;8?MF
z@hQU$DaQ!M%#bAEK=>tYh$L3|nCm4W#a(EQR!}9x!vn6~c0*at^3yRaCS@x|dx2e5
z6;I>0cW@zh6OMa?5H2hr&HGZ;KxEhx=0Nfs<A8rTrh+_hFUt@yG>-SNmmDFQ**T|R
z$~YVeJCT0oHx?c3n_>ue546X7x_S~Nr4dHI2$*4ju^;mbQWz<!&`8Md6qq!UeT!Gn
z4HAC)+zXu5)UiO~p44mvA{%Z!)vN=vlw6#>QpQ`W`JG-KnKury#Dh^D%<)Xx7#4)u
zEo{e>`e6KK+=p30)VfgYC$lyihGKUaT*1V*Zse(0<rJ9h9JyCLIk6!&X9151yNAwZ
z#cmrZ8k8D&Z_B7jQDc~;|N4S@V_%h<(zW&u?Mu@)EaH#&Yq}|bS@__|b(6*fv4a_t
z&_q$3@Zm9Xo6lfIpZTa8Y?o$m$~?j^?VxJZM_x`nVyq>w6Rr9r%t}-1U%FMGZ7U{G
z`fE<!Z4~~6w<g3JuGT0>tt1f_kBJ?D<r&DFqZpAg1f!7dH$3RAeqrV|GyLjcVI(5G
z$`=|32MXaUH?0aI!t0bJvnnY)>Z`<F!z{3Vs_disu#8gdnGVt<D$9(~$Y}zV=Zx3L
zFnKZ}V`eCQ;YVV6@O_73&J@=<FruhsWT_gSOXZOEXEdaQDRLgTXQ1|Hnxh0PoM@SF
zWrB4y%x{#<lL<#w0|AB@RWL^KSfh+(_sq*`VIo<F#M^c*k#HZzAu6Mgxba7x5eQWP
zqXrgnV~Q*zid5r?=z>IQKGHRs#7QZPB2Y&uV|WkU2x6ZjqZ|!+vE1X7hz(B`X*d+~
zf?iIO55Sz@P|XMq!+c;rW&^$XjXY)oeQ+G1QgQF4XD@8Wky82Zg{=pwrhkCy`G=yG
ze;Dfc`%%MBMg2omyU(p|A81p>(x<A(??E;G4u?Qq1pDy&74@*c7tQvJ&FMZ>+i^#(
z*r_T75=Tg{on1grb<y$uQPySOyB_;t_CTr%wiv*}Qo-hvNVc;r291$<$*>veZ`yC|
z-s^t-3-`Le56_3-X=a2!fbe@CyVrd$JTJlXb-#A6dlAAnKsXKICw}{0_cIWF7Q$~q
z_`;{}bx-~0d)-$-7=rMBedb>GFChE^gg^SsVd+Os3LU2<ygRO!lG90^>L{z+9Ym9k
zn4aB1H0j7H*AcL@bhEVE_Hwoe6OB)ZTyvIZA4ya^lt%6yIq?jR9Z=C}2fZ?eE>!D7
zRXh9kh6UimE+wJUM;c)xx}@4C>HRTfy&ABCCSF@DeIaE*hcwk?)jvAhGNND^i7VF(
z2~g?gOIbOv3K<(rIgt2f>G~qzJMm<@02_7Kr(5k?xNlnCfUa{l@vips$FM%VFbq7y
zv_2N+o~X>Q&%`+i)#b&sA?K1hkfOgx2a@-iS`{+A`@)`z0uxboBzX4RJCT-0r0?lf
z23L5CJ`vV#md=l@SP`Bp_B(7R5-9-Y%ckS|>=t%B%ZI)}--CEz6|}qIRCTN66cf!#
z_7e3|0gaA;8;_i5mGq7{NeQHNv1ZLA&o=d~7(+3JS93F`9<kh|67R+sn{Gt0C3@wm
ziN&E<Op498v5d`Daj(2aSG_V2Hr-mMVQbX#Qi-Kw*vS$Ruobtqqscu*mLe<xKej~e
zHKx;QBuY0Dlhla7qwGLdVo|PzfGNZU^hOA?qK|Sw6AVD=Ebpm@q399@Y>$3PpC95v
z-f#en#PH@&^rkXU(>tuG&5x_ujHVMbS<qsH@nlG3%65*SnN*G@@rnZJv~*egcXX@<
z$<x?nqltcq01-`nobHT?^c0s8L;UEB0$-9!6Ph?|M}lSy)9E`qc291KG)CdCb<SMp
zKT9RkY*pw~(Z`is6A{v$Lc7`wEGB8~A&E>$)SOwPRJTZ!K|Hv6b7nCx66-eVR3vp2
za$qGN9|S_Z@yj#CSP|?}awC8T&mk3E9tyf;JcwRsj<;vyo^R7<i@QlWRmld@aRw#8
zMKIIP6(x<jI1N0+qT6n=pS!R_Hg9RxxCeDfI&^EYb!x4U<ObM$YQw2+5JyNbFA^4|
z8xY5?ir4Fkoo%w_jGoMeRlyn?49{@3Dk6s@7Ne2Iw}$gh8!|Qa_usqSE`~pWfbU<$
z<Hhq;{P_v^j^SfG-Ge;-!B{#jx!kb$rHx*v)j}2SnqI|;or4lvf`1QxAzkL$CQ%~6
zTX^CGOaNeU?559%zgDrHwHu>u$3M|<nw{IDx6hn1Pfd-wE&oKtX`bi@3UkY8`#@L$
zv#O0w&6eQGUB)`wpt$Yg2K3R8w%e^h7=y41;Rhew?fx2se+J>B5H3Bm+x<=m%Md&W
ziA_^<|1){TYLyRUYxSnY-U`b;yU>L71T&}XsA%dO^=;$fw(aE=WgKqXUS63-YTL@U
zQTK5!XWNc20<PhzJy(568ba&_Edz|Nz#|^blUN>u^BeLDCgKsE^tCTqjt8AU#lr$+
zj#{czBZXDZNLNQi)|(aqU`vDMq<93>BM0p41U|Z>8qtk6**o~4Q8dzAjO1`wbr4(;
z{v8}=M17l=JL1WcJQ9Eooma@g`-FeRP03kFM!KLvvY<ufWIR!fj!19UR(GOfEMLf+
z^ly~~cG@?!@0YvxA(H0os4Rryb6CCEID{UgV`x%eAXC8{eaP;SKj5j&&j`bLr%xZ~
zBv$%_3ahVYR<~c8gMWzzW>36S(vsN>qzh0B>}Ya!q_SnJoeHN;2i~Z9uNDxlTdmwc
zhg1~Ufi@bf0D2-MNK|_O6Qj93Qmgv5XLEZcAP^#6qr~Pj%~>}7VMmdYcDNo2ZEI+K
z4>w)9=;M({?b)kVF!LiS;&J*<vG*m7+E<T;a-ui`rjQn;_Oq;3*-v-p?^xccXai^<
zNL=7SGRUBJx!<QW>&8%pKH9S>w_Kb!p|35?FO~GliOG{Er_N4}otn@`^^4AJW*!E-
zc-zv^_D<zPkcsIe92hP}u2#y{q86t3D%4I$ZxSgG`=V=ch7?)>drYrdWUyK@Nob_H
zqAtWz>Qhk_wRTP1xtP_8*Pf^4S+e)6veR0Y(yF}xOMlFwZOe6P$K#-LW4B(i`^X;`
z<R4>_e9ma5&D#{mg;8LnwyQyj93E`470e8)R@b8S5M7O*7Se`GLPA#7wAXygZubI&
zuY)iNVf*jyc7GbeJ0W}k!XN#;-R|JG?RNhRp0EG5p7OEr$%tRK!xELns(GbK%?_!V
zM@@isNX<NIvb1C~?|-pcvQ00ggl)w`C0uzKh=|l8QK4XsM|-i9eTmpY*D=^2l(vz<
zizlr%K};rm8mp1tVgOZ!UI3`CGQKbSZI*=Ja2fB5@GnD3l60_>A{1eL{S}#=a<@sh
zMrOgBTcCG0uQV?r%d@b4l;(+1%4#u_;`JOZUP%ly_Ac*B_vxJ1&wU!lcQnvDv#+uT
z@<614={ft{gYU85W83m%&j-8kuaJ_U5$wiTn7pyZqzbZnQX2g0Pn5L>u~c@BJVL7k
zYUI6ewU6l{Np2z)^$>{Z;iyD~Vp)~F4AburCt!{#xQ`*+`<=P{4Wphz1lI$TGlx9&
zTiQ~mj?W~n`xnmzPNjljPrZYd9~+2k&{>^*T*G*T>2UwEGmUm(7onxqwBAeRm{o!h
zFEi_{q&zqMWF$h3>FN@8??f-jeU2H;o7S<>?7pNQXW}ycAU))I-6@r-Cd#ui4`uN0
z7zd1243xi;EkBNON{N~7r4*~<s_kEZ%|0Pn{Kz~Lwit%zxQ-KH-wWgiM&n;%IzY1e
z<+i;gESvf5Kaz!b%|^S0Di&EJ%V@Uw%_@+5YuD|zr@PyL8QzA|LdyuLeBY%vc9JNr
zb5UPvhJVsrBrSRMWkS8?X$IcqSq2k3|M())6Tj3HfS&-S19uS1j9Mh0QgDA~5cr4o
zQ2`-Q_|6Rf^4kN4-cPeGv5Een%YqdWs(boPG*P*UzK@$+&~Dds#)P+A5{IGL&*Ig~
zm(_@uJP~=xyDQ<SN7WOGqow|^pqHUVKLgO$0otBQS4_i<0T5oGQmRqTx)c&^ppesY
zU<MOeJ#R?zIAcb6?2}Fq_H;Ita!%CO5fwig%h{Hm?RYs)+LXA^SC?l{>|Q;@ooA#r
z^0<1if+Y-{JsoF-q*DHx4GSN?<*c9X(KPLwCU(0k5OfH05Pl27*H7+te;=L?!Se?p
z{2GLR2H~R+o|@Y2{s4rV5Z(phbZNKShVVFqDui#EhVmfj5auA<gYe+YZueK<`8j-l
z9NuT)9iE?iy!ZLx#47L>orcw(bK8e^d>E<a6?=MkD6KqlhlhvK$|HAncqpyh`)xk=
zQ!A(bMzr$e--uS8`Ww;8(?`9PuK>k`{WodvE1_@^Pga^0x7~KP#Tyfmxb00-#7j{q
zHK{SXB1+7eaTNP-!y@)O;QbQn1~ILNzH}Zu-eG1HdJI(_0?6e}0RlxS!Uho7DT!E<
z9M7ybEMccaA9$1|XY&-Q6#PrJYDe&k{GS?;>T=lfv(1cE@fxKPqRTOKaEOBO^qmUd
z%TQOL?+~c2FkIX~EmZRTrf>kD>!ngs+XDxoR9g1iv(4IN8}_-%UO${hu*B@zGSZ&a
zJ$7-o+@?f(g2v})&U0R|X8Cxwrh7${cNB*2s(Oa@Mhp<xgeDQ{aM~ZKl`4hgP3(s7
zgQ~~SHx5=IXi))c8et`<I*LB1n$32zUay9ZL?QK}4X5^z{Ft{f?1O@|=k$i7vPQni
z^i-ZIgado#Y9g`KjD820=G^U4=>kVw)mA)q<9xf*M8ynpvx%NQxlch|6p3=;imhK=
zyEuAAC8UdK&x>sQfU@J)&q&t%h}h(X6EE#nDbUA{h%y^|VaK<<p6w02_sNy#s5`rI
zskfI9r&LuZlJCWcV~<^u2PjH?ATX&qCgJ5rQvjMwqyQPu9^{oO;+Z_Q!X)fIR8kwK
z9xYETLZTxNB*k)dDQiNmY6B`{BzX@*l|kValYu2DWC)jvQ0D?lJ|c~K7$;4DB>v)Q
z38S!BqzcDkj8yVWSna4K*4ru2zA}8Y0I+<?$~t|P6&XkL@Jd#G9cz)@=$6Z0iwfy_
z(w1Hde*uTAzGB9Z_~s-MWM74YL+u6U_W95L)7_u<6jQSUe{zS9MjL_CSzI#WM~12A
zjUIzmeb7js=(I6ORO1afobJJVv=EQ5gTP^hc0sNtpnGB8Q&{+tW((e9rZVpBql;CL
z%Px(Pp`>brLPi1-IW<$@IL6wXNSTT>_qG0G4^57A`g0%?L8<MCnAaz!=hVx{yc|-N
z1H|u3<$dL)ld5d^kUsWx8XCmUwOXq_ABI?`99$*A4luh0tRTiq^*A@i9sapwAt@YE
zzC-8$SVh4q7AIe+az953R`kKaL9J=pdoJ&Ge;LC2Abc2tx3t^+NeFi!{3wJ+mUp{1
zAdEm*g7BUdNDtwC5IziHZgsc&b_katxU0R-^iB#<8wc{xj`iXdy<$)H4y&O@?r`t0
z8hYf;_YSL}NA8I4uo`;gPWcY2p-1kZPtnj<!1>UDv}*74lrQ+?<XX}nqjyjG7GV_>
z)~~7dulu!t4NilEl5Vw%fSG|(Fh9&;T9;|Isr~adVR=g7RBCI(`V>(1>s~`qFtPtB
zfF}Trbw!59ihLS$T!P1L!$uF&{&}g)nL<pZE)Gyk?A)ifiX6ajFx0AVIiN`yH04o<
zK@*Whc%6!=1~NDl2@4efiA-5wDdirW3VPzskQ5%&w*8<t?)%xgqsKz-9;~O4b3*=y
z_a$6(+jt4rh|ciM6Zq5YG#V%qM|%Kfh(wnj!kCTV1q|D^-n8wSqCmVn4v%)|>Mtq<
z?{?#*Vrg7lsXH)3tY+2LH@V3`{3r=aTXcP!-S%KnVQ2`_wyU<Yg<jOr90GvH5}dm2
z`5ul5)5|WEVpk#HAG=0?V@eW1=mHA#kW{Fgm>ip$Jb8L-;%rhVhXvC;0#FJQ9x!ub
z)t%sc$X4+(h3dv?%c|O?(zABk1&pr%>fcft!I58goCth4hx1k^=ZO~^&Y<}85qL27
z#y9G>V2!mKAv#zc-`zw~f+HjiqoN2QhYki-i9YdBR?giX#@0zx&e=KGFR9(oTe2Og
zB>TpS05FM_=q2q|>$nG=_|!d=<=;%XL<fxsZAO_)G>2!*K4gF+0%(PaU;bvM9>Q(n
ziQisaPo@=^du7-J3fPCOc|He;y<9xTi8}&OAIWrCs5(15aD+H0lu%%Vn2a&;uFB3@
zZo&B>GtIKvh_UjC`KWY&h;H-9M2^};s~J0LfdBPc+ikVbfT@m#OMYO7M>cut!nmzn
z+upQ*QtAN*gm?_gDjrEtL9CK($KO!UTV7VwQg6s(nN&I%;+|<Xz4|>M!oNNSTG{&o
zPt_mkBnE)Xd%_Uf+bYWINj(mR4Lo>8urDtbJx+3Z(3Ar?&cVM_2Nr#dCR?!7>JIUk
zlsS4(=CTKCC>x!2S!S}mrlhiWG7(+9Ydf%Uf60b7-&vpPTrunPFIY3^<WIFOdi&+v
z_F&nWMjfKgI9cLz+Clg#&HPJoWSUuw8dR14RrYP>oTgo#+3kMgW4qmV!}CKBDi9{&
z{S9-w-M@t2=C$4K4@201@VyW|aecQtaAUXo+wlCt_1<S-Q$n1$3i}wVeP~Buv3g#y
zCt!!v&b<q4860%`SG`H|n%!t8VXDeG;lapYJ*pf<uu|Fm%T`$%B68KeobdBvByt<0
zO(Mm<gq@jI!f7(ZUV794WYCf<siCMBll3DfWPiPO`2vVu{?U30DU|sS&aqxzI8&+h
zf$yV5p$EfWXKb`n^T|HWPmP~GIX-pfbcx+6%k?5@16RbW1Nb|9a+{5vtRgpT*y^D?
z6PZ4|ukQTlj59f*<Nb9bxM}k?+)e{_aD?fOk7={YbD^BJ-fBCW4ql4vp*M^++x5|X
zx_Z-sNk$Sk5?N-I)w0`lyXr&I0=BH?vfJpmdOaR)Yyk@k^s^UG(4f&7x)zvV7}0^g
zRiU}SRa4um4cCJLF$HZ@eI$oj1)^jY7-j6-z|^8?3r-rzbB!6%d&B8IX4K*nBTneE
zJPhdl>CH;GktIvPzx~bdestIZs-7~PLz<N73WpI^6@dBnS%(2~O5Yv=aXKi{)Tab6
z7ggd^h)7L(DF;Z14vq}TL?~?{_mEZeH=h-=S?r!uJvQaUdH9=qX1Dux2$vza5I*4T
zc0UQ>Uqko=gon0vyE72J2EqvlKLg=UA$$nJr?&dpix8{*66{4N`QL!O$bq)=$SLC;
zQag{FF5V%v^T?^<CENK@>TQLFKe(;f<Gz;w-}k;ZLti?>mOPiWcAp#Eq{TIJZ`jk&
zJddq4E>XhT8h>ZlTOW?$an#y4r?GM3od3Wqh5ND+hBlg+mcro$@rk7BW4&B%>r>p-
zM=eJ(&Y1)(`%!IRe@1k|s<i8lR5K5m1%DY`$M3~%6aV&QyNQ1XiWz$~70leX^|q!w
zuye<~T2v}*D)SuX?7h44*jDb>y0V9T<-RN|_hMt&kCkO6Lf!W&oBOc0Jg}*fazL-N
zy3BX5c_`M62VYs5m19^FurpViUZ>S^+kgoV>!pIeVq2cugfiOngI@sOYg2zpDu&;^
z_wje_c3=HnyWQV_=U+njiSOR+eg?wNLijBRx4vh$`{NLN2tNqnAhsEaUB=|tQ;xr}
z+_pWtS+&Kc$a_V|0$$?AzPti~m$<QemkRW=lSJh<SV>tEa39I;b3;E}BDOHBxh<bt
z__9fBY*^1eD>j8jwPC}`BHqHZeB!dS!nGMo%ijhBb&=EbVd0EfBPC|$WqDYo%nw?$
z+RV+VeCUe36Wfb2n$32NF^E#GIHi&(Y4T>%jBNzf9T)t^_Y~B+J<0rIT@u?G?L)5n
zayIIfx#fAn@=|aANV{KeKVub)7Dw9D)2DRj-{B5CHb-(E+#fPnufSvav@8mIn#2Cf
z!l<;;at>CSHaRR9DMAsZux2&ROAd`vHOnJ8_`N66h3VvB5#N=xCPCT~JUIS!yWMxh
zLRWsi^PRih_e1#pckFh58p0riPs97$|Nd_G*WvdE-_F8YzH_%*KQ*O6D3ul#FD@)D
zti6T3EtW5tK}<gjc|?ps3;E;(2Dt)!i&XGv&4E<#KLGP+r^Eh-n9AUz-k`=2!_%u4
zN)|V)t-y55E9FttLhRbG8!fx-Aw*nP_u*+_N2VcenRpkGX5vw*_<0-tqvJ>@%4}FW
zZU-X9P_^s?Y`hvau|Ow0AAlP_K^kZ4;zsWvwn+0q+;ddi&`dVq9{gZtNbu|G@&)q=
zQ#)~-odjcj`ZmmNUYuRiD?56me5TQi=d(_;1%w5&lm_(U@Q<P47=M{}^``6VcFpni
z(NP`R(AKLPRulVk+i5gVC|h&9s@1MRHFOsXv(y3*91lxq+W{Cwd|zDB=bk9fy{SAu
zy0EA(uPm)CUATHtzf@kFTbeKH$4?9l0FM6Z55r#Pf7|Weh47OQ9)$4d`*yn<5Plba
z|9f~&!t;NJXR%XkRf=s-D^~fB-eU^$g`YTJ7Up}F1{af0n3#qUb@PhVGBpzr%v5|-
zrRQ`=E0s*MRgqm1Mxz*St{r>S)30^TT&ExL1lpq>id6aI{G;BCChZToK^zhkKx7kf
zViSg@fhK`=)#`Y*>C{kq;&>=RF&p-})gbu~MI$rU*4mF~4<q#`(iOD8CD-eYdCT6>
zs;w416Ydwa_^w!kWGG&!U?U4c_Ne6%$MecUX}sd1<k<O#CVOqgyf6hvbo|kP4SMhV
z&+&!@XDH&GpQC8d2wz*a{0&_r<gdG(W(_8aj<%O*W!h>X?&x#!D>8q&hU=<U+i7aB
zDrybaZE3Jv@Dl}%lp-`38Fv%iMc>xkExX-@p#Us$wlEa{P}4M=Fq-s-=OZi72EFRm
z@EfXlY&h#1jUC;-4OGd&drPcFQNP#$=HAx1nwFTLZQHs92_4TzFtLoHe$}&e%V*Qs
z-EQh_$GcV3-{N+VNb0bZjY4yQXtXR359#zFxuQ`H$F$u<qEs8g!<nJcQJMshcc`dc
zv6?lcGdoxos*K%a=AbwAO@~Sx(Oa-i0~B7%t~&J{{U(gUO&uuHO(0Y^i-6|0ng|)o
zr{6TjZuZQh0#f5ZY8C5QyJ6B0ntaT1&<Sc2TVipVA&Jml1!MA65FUW=5FaCaJ_zB}
z5MB#mfQPT<@vq_O9*~|nYPTB}D%6-Qz(%b5;Tqs(alxB++OT{;|H3r8iE%dx|JWg!
z#mFz_8PO|1-2q=Lpwc``QH%XO`4_w0&A;63{vJGE4bOML^F?^R=JUJV5qQqP^P>>=
z55BnD{l{MnpC5tngAhIl;om^G0pT|xd=kQEq~~WLe8ZQ3enWT=!tcJ}h3=gGLhuy7
zH~4dr$Nd-Mh3?-UdZGKKV=r`n1j6x0U+DfZygyZVq5G%s{%_&=JrMVo-}6Fu@E^X=
zEkIa-@Vy^+q5C|9_d@u05Kf%Xr}zIi5cC(6H@g47fdiN3Ou}>+pSoi0RO}0`>jQ<f
zS|qMHZJuTvrB_~FTs>uupSmO%0U_0?EU$X|6U4E3@mlFAem@Y4d!6;A?iX%;soQ$5
zrY%Fp_r6Ed9)sUicz*RwP5XZz`$G3yp8xCadp`L2?&E*`SKY6LG~exixm$tnGm!2*
z@O0mcBk|71OslzLZrZ+u#N5=X7A!0^6A7v2G#d{3bmOP+HDIXGdWmj`(@eK%yLI$x
z0V}n+4J4A!a=f-ZD5lkLe7rIe7H&?Dn5Z3yd#Mz+QimuSIpW)4<5R}<l&_ek_!7ce
z?649!KX=|3n<*IM!&)?&T@Zjgs~P>EEK-pU2!tx7@ZO;S0y50Ii>?oA1TYkcf#xc9
zgf`C_j6Pcyc!`=B?*(9q{I;pp0>L2LL28201Fn6oys|iZ*(|?#d1+-W(reiy5zzaD
z#D_mj!=sH7I{<7qkp8OKKovyqe9i5!J*?BLBlC=OGBe#X9mn>~MQaffDod<4T+8oW
zphzZ{SG3ET>_r8*Yn_dC*!Dy}LO#BCyGy4F$f9}Z^+7k9{FVffAo_`KEVU;AtoqJX
zV7E99@`$yIJYo^`rU{>=wCGJ<N{O#hI)}DBUbSlat_j<jbr)xrU4z{KPMo6MtO4AP
zkLn^-7nr6QeGD4;s3#9H)b2Ldm)RAK=WBMgfjC}x)EhoNq5~6*7zle6t!euV2`1R%
zM2J(Gzu~lNbc(qXB1*6C$mi8<)I<eVT%AIoTC34ncbYN?;U|Ix{>MeOcM7v2NU>Jm
z1}4Jg57@l{?|WPGwjJofEvF&N86I)!O+W};nly8lug;g}QO4S^4fEpC%2Tr|^CoWm
z<b03`XkP#MoMyGrsoDCV!JspWMg&ZwxG_j*xbW0luIjC}wZ3VUko$yvh+GaJfKz8y
zw0(kL1RW9BEkz|S`TGPDM9S``V^o=wy+cEsuTO$r$<--|>NVOwkryV|aw9jr35%PF
zs@u~#?wHNhg}0U&pSNuz`;J?d4Yx_U-N57XognIPSJ{<^o?Zp!688U`H;47#Zn7N%
z>n7UlkP8Bs`Z{ZCz>sqgES9wifK=(?L{ixTP87EJ+C^wocr-*U(5f3&`;6&p07TVp
z(GwDH!5TupNM=%XO>5g?KiEkH{@Nkh!!^P@Ml?@Nnf`OyU42v^hloxP)47ZC8Eezi
zkjPbi8HeVVOmW)%6qIz)ZEsrsWygojqQO!pG))Xvn4zcSTb^B6h0Y%|TDR7VSG@Hi
zlhO?irx?v0aP_O@m4(^MH2z5tazX&LGkR|n(yJ3K&6MAUe}@fB*zSV>h|ifS`B7n-
zkTt|*y<xT2$r%Uii8rm=CKC`Or1wCXkT9)2wQwo^=}`sgr~uta6cG~6WHH(tY-ROO
zb{AZBT(=r9v2o_Z9NltI0@rkPyWNIFVljkSTI|7ALFu7n5IHN7BF47}q?$?c5H5d0
zzgu>jRgg2sWykZEt+t2!L<6RB943;DW~fLgHZEDIC$Zy#9OZDQu4Uvp{Uj5gWR*N|
zDpK+auwOvKY!h3RnQvT~FEh(nEDI6Yvc{I6n!RN=65S{>IxJlx$=j?gE1rh^{n=yL
zatYf<(IE^vAj(Ax;%X>%sCUq~2e(=+-E%vzCX5Ct`8wliTO@!emCP#vyKA*tfchHW
zA;P#!v?}A{bFJ1z4jYVGF($EiAol!$b06!*!`NK-d+7Yfx?hCnKUIX+&V|1xAl>UA
ze7^ay?!V&U$E4>^OTQm>Ki2)b5XwB5((@_l_XdPb2!H-hKGwCr|6|>6fM7s)5W*IO
z?}2a<!lxnp%<{)6{G#;yr1blDAbjFGKHmM(3JXuKhR?S2+lBD>)sJ^y%fr`7&(qTH
zB7{i@A8E7j^V0LC7yiBuzkdnBZJz~SdcH&Y{pWw{#qOQ2f3bT4!YTy!e|oX|L-72z
z*TZjk{scV#9OAz1Z@<|6=U)>(#qU4)diMKiNcUk#_YXTPeA`y|9G89<AdEs-`ra42
zfAD=Tc8^0?hw#6``y2n!i`^fC@Gs!~Q}BE}JWKCp;itbpe11y${huKG4un7ZmoIi7
z{NRh-zk=t`2czM25Hv3Tdo`Es$uf?IxUBE1V=};pxa{Kro<}^p-R>LCe7mN-VNpSo
z#-}7E%5@v#Q)Q&>b8e$SGpVc%yy2U_>otQ9ePl*E{*AAF;Oidz<_GnM3J;7u_>q}c
z!|Oxej0yfINbum-J@CyB=nq1I2QY!g6a4XO244@UrEjmoZ^ystBQp<Dg8%xO!EcNv
zz|8P^91GSz^P0kceT@S83G>qBr3<jrHy6$EiOJdZ^|rkZOKiLm`1jm<K4L$>pTG9n
z4`BCdzsCc{f8Ylm(0+9BOWmj8S%QvR{p1(BPs4K^!W@Jp2p)uIA-wBBMi*Yi>BFnF
z==*E=^KbE|knFuK_WYVyev$91`15y`f2kV}@BfbQ_YD00dl3Fj^_RLIg7ASV`~7<m
zewDvt(6s;fj(`8&U+TugpGd#|0K)SSPXEv^buT~|{~`9<gm9I=V<@kzEUj>AUlb!z
zoF_2{NfZ;`E~3Oj{b>QYYW1h98Q<X3<V1S5v~Nr*q5ek4XDOdxVyM5c*z%j#%8T>m
zvbMCmwy?BlF3w&Fem^;T`D$5PSX{okX0E+u8RD<51-}=rkbJ5<zkq31wWYNu%E_)R
zH#?hLxT^d{K%^!RJFgWyQB6xlvX}Iajns_%C^G%Czu~49yo3VMw2!NHd&{Y&mJCB_
zTS2#|_=!+fgM7p#aY8(A`Bug9fXg18nXT0db`!bN8aqM{^Po$CXYFAPl^`M-1Hhdx
zx`AU@iqhuj*ni#j$>_NRT(e+WFfNi7RbrU97<194z-{g5Z}Z$HX;@$;i*1O}`v4xQ
z)ay2>10X=aXz#!d`!?*%2aU18a{~h!9-Jc!6vjB4#0s}yMmkj<D<V-29gE^`EvtG9
zodz0XR4U?4O)nZ_`f~%CF(zCJ8sqSy%Nu%#L7<H>O}|Fp?hb@Wu!M0|0%`^VH;>M6
z;cW!}!+fyo34R;n@DstI7$|4cYMsZl#`p|G7~{r-ZcL&k&=gcA`gI!X4m%L~LDQep
zi^U>Zp+Gj0!|Mo!#$qv&oJR=I;0c9HK$*tab<Ja#r;DbyTUAI|Fs6#e#4z6)d3wP(
zSu`e5M2m>1LzM$q5ESlqe3KlR;iyPD9Cd!CV%9hcn)-D3RbT@o(l2zJ2JK&TD8bUB
zOEi<YbUfROd=hwF)aj6Q6Hjwd(ra6Ih>wmS^=)fM;3OT(G8Kv@cM#WU*6em;hdj`U
zvb4<(Y=I(ha;_QuDg-(%T<@h~bH$CCjuIH=b`BxlAf&fQp`e0o!^3TDp$Rj>sp$fN
z+n7~PM5}8=hnBSOBe4c-3}73KTJUsiu9rn#JeXXkT{quk!@d>vH&z2XBB()B$);UM
z1ju~>_0pg=Sb_~v!>ZaFZUZ`sZ)l3kmuKh7Pb^)YFRyS~e}x@ClgzxR6>FW%%^hu-
zPcFhx2ai!*z2O285UELMP|_7*ts*OEmMh&bADfOB6lFD_eYG7SP{R%{YUSHi+pc-~
z73;RM379VGpSN57M%Z3PA!;`6kbn?kAvODUI5b2plAl)~#tO7URBBJ$SxQmEwbO=v
z7x9Fb74pbp<6w}0LBa*EYLTvk(~K5{5<k>LfoWSoZ-=6smg|v22*hK19nWpFnA$k&
zL`IEljx;uTn+T~GYe-5~c8*6)7d|Vnkcyowr)TXVN7HSNCTb7X>O8Fs6SH}Pw3cNH
zazzlI<{wXiBgjc{j+%nBd#R{QE_gPXZVAbTQ7Z(MEPV2?!v_~JcfH|OU}Ac(AlgJk
zS;yn?O_3i}>TlFlAIz%TY5GK__&PN@Lmvvxutr=4gMctJQvLr=-dli2b#)D+2PjTk
z3KR;oWe5ZkNQMX+NFYQY5E2?eiVTy?BpEW92_q5QU5dLFmlldU#a%*zyL-^$oV(WE
z`^Zct()WA6|G)RS^JHb8?QUx?k@vfqPA)RBy;Vj=AW6DRsHhr+YGTdF)(i=_Q~D@U
zATAQN<^-(;W)!hYjY=i%;>u3Nm{4yaS4c}99zrCUwR)6sLdvUG$7uD6Q2&-ep(=W)
z^bb{1?gMu}B7_9%Z8z+EeDHv&Y8Mn4>E9|y(YLRnU=dnHgh#h8c<`XG=yo}eocJm&
zJms=e4~}`Yfrx=&BxPdT7!(qzm@vy(M=)V8g#3(Bp9nHnYyt{r6P$^HOeld0NFK#*
z%1E0C3LZ_RZxXckl>$j;q?XXO$S{ny!Gff7kmyR1B?5AUbmIuN6km0rKnzud^NKt-
zh^uHGr3p$)hJ{*Zcb3dEN-LAmnk?HVbCzB~kCIBRi(cJ39Zo>FCU>LcSy=iQfecE=
zs({p>tf^^{Au664i7MaxBAbLgL+Vx`5m_U`T##B`nn2=YWci!r9b^`tq|{=fZnPBg
zg;|!1#Yh%lz0M*?50aM~*A=yiwv-qQH(#?-Aye{@PD$Aa?J7O$s%=vx>Lr9VPa!(f
zhcsO9Pztcg%r<e-fl7`&m`TT3Hu{7fmOrM64Jd_{w*;<K8iKJ$%@+7LrjE6+6`hSd
zfpbYZz)77JlP-)l`r0PE<q^Ctqj(`SmW1HazMSMVDV(s(lpGN2?2;U##1veWgiMp{
z`t+pCP{l&4naD{OQjO6<ZFEMHtk`r(%qK@NOCe#pRftvgRfGn$@(<{&iU|58IwT?}
zFpr$cWMV_be$M5aufPgRZko6P_$mT}LPOexMCF+$UEo-wvuRe)Dhrd1Q5=am=ikOi
zj6+r$v7KzrcmiFda1M7AL0aV51Xk<e=3%DuSZlDEiQ>3pZ?7-|=zi@mSGseEOnAAR
zLvstABiq~pwzFB}>;miT>x(5OQUi08MT}$Xrx3b>#iVn|Q9LrSq$y&bll@9+6SuuT
z62Rw^byAL+itz<6DMl2bx;H_Gk{+fTyRbr|o*1&uV;57wi*(swrz$(Lf>0Rzs)*>Y
zsE~F+!lK0pDA@HIRj@#8Gg)Wx3>IT#$&e0=rSFNlSd|zaMM{#zDTfcf9?^S7TP?XL
zC8?8Tb!Mk|NuFfh;Rpd%JxbRFi+MVsnlOnC#!?89+K44Ynu=A@1Mxr>u|e4>xTl%y
z8-jd2*_uzN58M=1W}2B9r%Tgn8rH|`&BC{^DUge{)}&%vidlx-vZDZW_ltz~f??KM
zD^P&C)Pi$13`|!p+JH3Av1ACTb$VPqQWJ1HFta$)nMQs<kgkv@V~11=dp@9jd-=iC
zM}eg5>LgvPGG1$Oah0P>0>qmZdp5_DqM)t^RtQ!vmF%Pn3FLjU&8Ji$VNu>*KKYd$
zLN%<PZ>Z>kB^E8Dh6fD9N#ZHdjHICgqJ$j3@pQ!%{IFk;Q$9x+i7=$Q9~po27Ukl~
zRW}kU%jz-;OHw>Vty<(9<nD(^2I|JX-TmMUsne&^QmaIiflh0NglNE=HOrrfj-gou
zNk3+|hQ}ER1+B<T0v8Rf33iSS(oq7*)lJ59ExR9B4Qvg?F)UE$MTfNw3-1_4t}qmH
zqjEN@oHd*kCC4^{CO2BtdX>@w`RH-@wbELeAz^Bi5q4RmAgt+8ub!f&CqXgN@n6%k
zX(=w4@p8yfO3WYeYS{bG-PIAXEGj&3am{gyVthYJ&PjfE#j7jX$u%%9AYq+Bqr(*F
zT7oa+?!5#iYI>8#1VpMVp;Xe13l<8aNf)m}0#U1h5KJcHv${qlEE{y=kWEa~_$4jG
za(qav(PX0XeUk|ZhQdm(U<ukBs5Oj9-upEI1`>}UPz+PLvQ)Hz#b>!ddzC_>4opmK
z!5*>rC=^^%1=Nili5OWK*4C_r3p8U?kWrgCaZYZybj2nJaVY+q9(BPN&QDQB1tVlb
zM83!kqSk1r9AGUn5ke7JR3*(HhLcgBLJ|Hsa}i2Lgpd)TIY~z7PtrLU#;jGFkQSV6
z1$gPelRQb(O16DP0JMP)k9xE{rBP5@S=&XY)GFN+PEZzC1tsG%StRB=SjOcU+KdL<
zdjYGAfKHS(Xiitwp1Jr47*j{yE{F<-0R;Vx`vyUW5VVn6!5$!7Wl2QKN2D-|Ak`!p
zjukgQwtuq8tzsQwQV||j;n_x@_mJ-AbTZhTqUmJ^#<3L!T#8mNbT-T$3-ZOnU_{1S
zJou8=6R0P0Lh5x$n5eL%>S9SNBf5f43pfwKi9ti#GL<<~jxQ*Bf?7lAsUT-ZOHQ;O
z-PLeea^M9`1VuH*8<4S!-RPl&^zz_r7VmRrdVXT}HnI)jc`25B*^E~aQ=sIiuhi_h
z-aQmv9$xiHf-%~3qd}w0aS4)V?5pSy64bG8KzKx8-^i$lkg!&L@m+?!R^&i93U5OS
zWM<Q=li7)qjVyOzWU;_rB(S%LFUApqPfBc}(u9-X?xKUqtst99PGqW>B_pmgv*WW<
zO)n>fOHFTAA$gKAd5baGVpJh=o<+zbPupsm>>5L?UjgIi*G#x7F=E{|k>O!%O2r8k
zb~ZzW@jns!%=Ql-DJaZEbvk>A!G(w9S-VSZG8hmkLLIu*hS5ZF;UGDZDGbhhGK7UH
z4(?hOv#41tk4VmDT9+<%_*-9!m|}w%3oGKMw1@*{$S?tIgf$`QNLUt5cJ`O9spNQy
z7elgD**)?)*}Yas3D}^@YkCym$pQKmF9cQ#)|d7kk*bX|$*HEN6T51V7I8LHG^s#X
zO&q}i+;wr}CZ&rv7)@Ftgqw5`rKdA8jFeVP36@;AP$*m=n%a==s#Lgy&;)StWZMv~
z1aOAYsm;<(3F~sajIx_e27GK&!xAIAI1-estNfaj|17l&o9n#GBT*$MVeq8Vn8~(}
zIz@4p#LAhhdekeBq*WW}5ymb&HiKCgqX$njQxl*wG5j96v%nomV}hk0{B#yPTHuKS
zIu87ugfm?XzPjp=4j2bGY<nDy+!H;SlaugFASakNN^csnLk?28!?tB1yOxqxT^e~p
zs2EZTk`^Ap^jb<lNi`kdfMTgrgf+!GkfiMJj%0Z>E5zF&J#evM>E%Rg;#AYysld@C
z{H?HN{zu8g;PR%Fj)rQRt2s+XBphbgUQ9=ACT|pWuW&Xgu@poHgM>9;!;Ut9cmR-%
zc37u!Jn`Y|#(=^xiJTV54FtO$J0nJh#U?Fc`x0891f<O?=Og2PPy+c`54Vs=YkWLm
z%Mdz`t$MgjF&q$?KN>3O0jF94&_RqkC63~d$O%P5kLTpBKo@i}u>^q>tWyxv&bX2-
z;@OQH)7UY`wgW|kmB`5~)?OAzAj<K!8%&IB1B)fKr-Qd;LffJ?lOo9$EjFp8z;rmO
z>E$X;hE~EMEf5Ph49<uZNM0Uv#}t=D%tw5KmZhlhmydV4xiB;pofYKW4sHqdZw|Pf
zz;PG_0l?{!(Yg>0BCK9uP(Y}Egg?GjDyRYo6H)kSNVh34t31t?jX$L#9D}FoP)S6r
zaPJ{}m_)b$qTz)&*pFln5Z6W7{-QS1J6%W|9WUhcLRvuMMz;Ri>_{Nn#@I7f)7pa4
zM3SC-AtaYL19BdyQ`9;=@}0^vg-m1<OkP)Ma0r)A`<`c2DnNAcfhzZ7tUPWFP9R$#
z3oN+@I3ccpJQ+EWV}KKmX1qFE<f+8vJiito?*bfp*sMuXn-U$h0(M?>Scjm9kl>J@
zKq~VE@8oK;6w<})Di(%3kgBn338GbNu%O;cT!=aQLnK+?nV<>-U9@Z`bY2k{wLo4$
zWZOYr!RQuC!-eRH)D#87{^FGTx9DED@rAPkt_)X1U%llX!crw2nn>R|Li{+1F`XP>
zIb1l`|4Vod7c%Q9{#vOBGMLGGR)QdEgyIWjbCzulY#WeJQEW#cg{JOoM-i&cHck2N
z&xk$bi#r~}*!Xc0Db+BN__8JJCgLJR3uLJ+=Y<r|EJz(=Owz^5PLksBMF=Ck=?ET*
z2s;-MJtrIyNn;QUzkrm(tN>p?puYric>#Yy(G$W+fGh@txY*|Q;ihmVW55~KQ5>tz
z!d^_SVL}WkV?svcMln+VCMH|*$gYMjE@If+!_haH+yY8SPZBtWQKsb*+6i|8C+ut|
z@^<7@kVtk};9}rT+EydQaAMD7f>lXRFvz9^H%U>z3Zt9BR#OW%4Ypv|=Gn_?#GV&k
z5pivxpGKSMD-9#Wa^eO^H#mz<dZKnCivy!D*6R{+B*UKAN70PV8NzZGM>r(?6#bmU
zl;R}vDIKoVj?z)a8I4pZIW#LQ*o1|Uz9c0x)GjNqL@|U^mm;E#&~jQ0IGu9HmnjH;
z$G;7qliQ?`bWLwbAJ;sY)RPc#`80WXid-nvFBq@!0&C#^puGRv^|kp81ZV-E04R$N
zl;NciSB{xQY)md!vy`3vt6ahrB3Tv7GcEZK-AZzEhZo`=z~_80?}7OcU><y<jKQJs
zeZPo<e)MW=gI1=!q(T`K?bRkn?4DlUk%Zq6*(5{o{V9}DcRLE(SmZPigZtxQC)Ws#
z<jfZ;wuMAeBy9fS8KpC$wsR2P(?dv7>&V;N+aZUDDo{E=I*Qc@@49waD;2s4xLcB#
zqvAKQkCk5x&n6DK%Tc)cw!P#iNTVE`;~-RhZ>hytyGs26jhJtX*SF<eaTLT$&imph
zfVU0njKf@Pd2bvA@szRdI4p&HC^-tyIA=>Z>QhgLW5`j04ec4092Q%~@#H8w57Kyc
z<H%vTXd@ONq=zFktfPSS#R}vf*xMt=46$h^N9lX9v6Fx5o=qIgK}X>l6eKMNj0X-U
zkZm}!rsU0hC33qU7nVQ^L5{#OJ`3_Nj*<ZB^&*J!WaVUT@$o^HEmw(Oz?_~GW7LzI
zgb&3v*~(KCGFP}*MLHH&q&k75RZPT++DtCO_(F*Bh2t-|tC{7AK)gsPKYGf~`9vY!
z@mSg9NI$#a(ltWH#3ALz$VxdyKXMNAk@z-b+$25@6h3%1&e?Ph2XiD+vuO(!xIwPH
z;&2?>GA-p<igsF4yyJA!RHyk70D?ISpm2}Vd^LdM@ZAK=^<XZJJI$|)lT6_|E}ok1
z@ziZ+V&0(CpXMt7IO3D0bV_W|b-3Et1_@RZS%~D|_X9gdp;>}`qv>$!&{PBsDmZO)
zW;#|Wjgw=>DL09oiCkE<sRF`9bdM%-DhV|lGK9(Q$Z)sI!SyMw{FE0*oU4?<$Wh7d
zpWlfHHSt|tpw~gs-N=$;TU?m5j15*r$#RJ^+=%o#p&sOpu1DG)g&l{O!=OnlABpna
zCcIw4NRiNtQOZH+FeA%Pc;ln13%TG4VWLE26D6&%%0%c=T#pSEGEy1H?X*Zl8MYM9
zWWyhzbR0xZ-Kpg4-zB6QEBLVo2@8sxu}Fm8l8;b7Tf%+YZgCUdk8~D-EYKkpvBnxJ
zPe*+7XEIsjSxEw07@a9uGFda`NRwbj=<`G_r4xI=jd9tqG)!959;lJpnIp~`Eu11_
zsle*o>!Gs^Xtm@lwpt8<xu>d420|k%qqlGvLU>{ju%B9uJSSunFr*80QsyYK;~L6s
zdDMyy5s~Q6me^8gC3^Sf?7M-b8Ygc{yNqes;&N+kJ8wbMmklD#X8788$QC2{yF3dn
z!@&^*i9#V%N5-ZsXq%?A=!l;Xcu5G$H9i8+0hJ=4BN=rz(;zBR4$2c%OQReyp9)I*
zC(cS)S;Hu<Sr%6(u{_Aa)sn5WzP<`3znMs8Z-s|&!4t_eX^-kqt~JdNMQal`B%zc#
zIR_D_9ThGoFAH0b1adnn>PaW=A_6l!eVnq3gcw|b9FUMj_$chwxgNGm7(FN!i)|Q`
z_ni(5G7#O^QX3o+6pE7Tf+B;$0)kYGbkja*acCDXRYLhmiEte!m<tz00h5miY9Hhu
z6%?qVr6<DYL&93+mYE$pOaU`N37SZ~8WKoe+j2|Xo&}|Vsk8BsZ`ld|5ycA@Fl8j-
zL6L;*{G-G~h3!KYoUS8?NS7@}sK-?=+sp|an?1H&^2SujqqeY8Irg<(hQ$E%_l4=P
z_`=}C$}{|oRcH8L0Ac}(0jvSY07wIP4p0|h(&{t(tTku&3IHttc7gpcnC}1#08W3L
z;h%xq2{2dud4_Kc&<)@v*iVD`55Q1>%4^T?RlyXnU%Str=JNvY3#WMnK*@`z`PBe7
z0W<(@FP-KG0#v+2{WgL*6U+~{PV?t)pXQ$dqyRL(bDHl4Q05Nx>jUOOa4-7gG~XYf
z9zb;l_&xRs^_vFJ6X3zqykXiiNFSg__G#XjEtvxWJ^@sIewsfErYo3p!Tk8*H1G0K
zGKT<c1n9`zUVk{v&-i$nHvtR*s12|N;J`=f=LhCv0GH2s!v=sM0A-4t;d=lGX49|E
z@D_k#Us1QI09)bv+JH0s&jX=9!TbVnAHaK{Eo=d|Zp{2@pwx%?;bRlF!kF0x>4I4n
z%u!%=1G6uH6Tl3BRp53H%ym0pya99sSh)QRe;v$kcb?&gf!PeqGvHPSpzf|S{Bf{9
z2ABX43U(tv8Gs1@e}NlYD?Hu(V8e+JwTMtERD4Qzc=i`HaL6@3vZzFk8+r7Dqo<Wf
z@`QCEGF6=%%mhd)T-a+UUaDP%eI3b@U@?rb5qlsdt1!m&gfE4Q_zWr0#X%}I%$oFK
z4mUFT1Q)AUo6Yo5lb*4gN_1D^JDp5`496<vm3yN^QgOrusbRE%T)Q!tR@AMbPcY}6
zxZ~EdP1TfF0=bmVHigz|GZn&235>)uFD&b^33kuqGze)yx=A*r*C>K;6Pndbp00%R
z6TPCiKt*jOrFZe@rl_UxNb|Ik@_OJu7gK(rXbB=w47*qsA+OxZVt-vCikxVbBgp0u
zsy16t{fRnG>yIj6BeaC9kvL;}anQa*z7#Yl`yee&lNEhz9sD&KF({E~#UjIpZDi_W
z>p&yZpwVIm(K+&t&XIYvn7b4@TFfOnM**U9lptCxf)tv_^1?v$Ll$53v2}phVo)k1
z48yQ5S#-(I&IJ;XLZdhl3`0y=Y{A{e4l#vrOhCE#6`>_Um10SvL?XH9MYQ2W%A*L0
z=H_CPn5~zPm|YT3GWLZSR5-WFV~QANc|;Njq6vW+l8I|arR)n<h~Y0V6$x%^5DQjW
zPIigdJ41HDr)*AuYmO|OgcQ`NV(;U$a^iCF5ad?~n}x)^hpR4^it^j#?1V%|ffE)z
zM-C1gIY|^e+=P65g5u(EMNHAsMh`%2jSDFO$&#=+aFClIID#yA(z3#+Fa%yu#6F`~
z+Hg~-(U@pWZl_MB-4zH8ZPAKW_-Ls`8Sn5BWYC~Nma7OY(fvSZQp{$uy%BP3ICcsv
za3ovE5Y^3EN_M5gA~PE@`?)v_k?W-ouRX}gCnk|sV8X=cN(kafSRyeQpScxLSYDe}
zhiT9(%1`0nK7?!?cp#@c2a)aqdoPMzqBjPTmWx0lVTQ!m^*n|WCQE9?2pWr{d?<u2
z%G*n2aTPaYu?7yu6PYOLWW*;U*|(gvMXoIYQuT9*gD(|Qjv>n;;e;g3=&5MdOhFY{
zAnT!$exfKgmEIWd#lgnn?uU4I71i~ms4EXmFOH%&)BmJ!hn+}#(xhcTHmo{+E|46_
z7P*S4juG+{6Kh1FU?>Pqe*Upi25r2d`;<~B=wlZZ=<K7&siaCe82I>bB)l}Ye2CC&
zI^u;C&;@db$|U9LVlzhwVWuuV!6LD_k|P`I6dxjUI!K_@X6XsJvQmVEk=v|_4M5Ij
zAaXV=xSTDkEoaM8D_R4?qg#eb2?d9S`$vhkmf_){oP1`87Rs2Ev&J&s0*y{1J0D3S
zJGYAZ(<wlk5|2T42ODy(vEo547ayWv%H3$S)YIz>)-?CD#tl^s>$@A1E%jn_hI)?9
z<*F2&33F8moJ_JKyIoM^s-+8DLXJ^~i=WMK<Ah}nMwO3`?Jh)@KRO6(50RxfS-T)3
zozx~^6Ou$SKnqEiBw_C?QP7GsZA#AS=uB<%`#1D2Xh%hrV%!RUw7S{b()`5nP~U^@
z8GJ*J41P(y3_cs6Hb6hH9|5QU&<pHw-WhxuFsB2A0?Y>Y`^pUdD17e)vkTZawannp
z0lZ{TE<kcS3E$5Eh6iTw%fRIQseipd>W|?@fISZESiW8kC}i-*#MBn>#%777OBeXy
zl?^vUVpm(!R60!>EL-+Ysu<khsCd96mBDC$l@k^`A()vHFlS_06_!85Ynn80WMY^#
z!9$Q#phS5@NQNpd>`b?%k56J$N{|{Q=EJ^MpwOY<$tCNE^pxtpil|s396p$-n}Q%=
zMuV2i{xyS71DFSJ6<|3)P!|eg*!OlYvtl#&n;HlQup3}T0);p&HH&~b9w0p~ga00&
zA;2N9&jxcFKqr7J0QbOcyDozt+B1WH52hcOy^IvfCsOkSxJ`!dIDH0R7@!8g2C$C=
zb1^^=z&?Pp;C9lK!LKoA@PPmc058FQ49t4~;{d8!U~Gc9&6>gQu}Y@!eMaVX6QD#|
z246o-GKKHS%-jgjJuQQmk2Sf>^q&`G@K%5@fGz;_00sk007w9s1JD9s$&w8I`Qi-z
z^J2*~E}>9{nN^rMXeo^OrIJ}>8HEY#dm1x4gQ;37nU@*FGqW!<VOeRbO_$afBJv~W
z%A(*<7aElUM>be9<+~R`u&AhzkftYHB!p9-;4BkpZ0jn>E0(!NI}RM}IJ6|8IOiIg
zvphKi*k<O?UzTf5|LFV@h|VvCd}<&UFYPdZOvbcBf9X=?(A#F`vf0`q9oAmvWnXW>
z%Tbl(e!0bSR8_&xK`jNZoDC@WIO=`DPihvK(pMja?L|oD#pd|vJsEt&-x>TufaUPr
zd@rnf0MEgWeplf;8_XO;5{+`FpAZS!M8b)D<-Lp4d=5x1^4;%|q{jYDO}KzEF*%O5
zO&M8+k0Q#XqZCU-h%+PB7VfN+=|d*KnLbWhj6V2UO(=R4qO2(y{!=dCz?KF81!0J!
z{;{x!I*{+D<RT>*r6$64i|kiStbt4-g9)~7vjulyNcDgBWGUTQL`8vc#w2$GJPRPh
zmkQMdVw*c42V`x83W;Q7)c=}(yRneBw};KWwY?xl%b)28577lV(w8Dc_p*)N(S)S?
z`9<>fj!+vk#w41DO#(u;dFJW)ucPE!%bx#9E%T0)Z=U-9B+tAf<(p^Hf0Ae3k@C$m
z?mx*h?@0OPsrgUx%sW!PdB*%FdFCBS%Co(NBIoG_R-kF(Z68<2Gt!)Ark)MkvA3E6
zO)XFRY}gX@KPw}u+7&m*AYAI+Wy8Jkc?RDTU^2kZ0N=gH;2Q(%gzp$ITY~xiSq8uI
zWd`pJ@GHPQaL)kqEx=%aYOgZ*(qPsiTU2!vZsl-ulP%Q7WTFDqVkD1Bd2Ev69+-q=
zoDx+HiV(2b`pgQ>g@zG#y&UShWY{ei%D~CZ3Ovh?3qH$t4LZv&0k{kH{@u><PTkM)
zXTW>{FcZKR?41CL1DF9efLq!4v-}l+sQ_C5Y9>(NnCZ>jE&*K7o#hh%#sTnP{{m+9
zo@e>>V73C&2~4h}BWhcZC~caBDvtAP)KYEMqFtsGEYBDX1^%FX(j_B>9Mzcm=6qs!
zc?PS^mIB4HJ5|x?R-k&=#;l(sH#V}#uHEuDwCzdgrxR!SwE!EzUh33YekDL1a8Epa
zmS2~3mLFO^lb>86lV1bob});7PvJKEJ_qi?_{sg4)KB4XfFlPRqg27sO%-<}V__Lv
zC{l33fc0Tk#zZXAlyh?B9#rxRi(%%JN@X*P$!Z`kBYt2LWz2Q(j|d5iQi%58kWN8?
z-d=VN4eLt|f-FDLfubWNI~CN;b!23P0t+41&z;r}itQ4n@KwkJDH5_@@tA3bPNmc?
z_O!qLhIEvZVsIB9Ou<D)c$quzw~Sp@U~WaUy<@UICoTk~(b!5fuo1dY&~)UeY`O3a
ziGdwCc`2vAjqFPmB9d&~#iWU!z$s0Gb21J{iP%?0IwUX++ccgHCvonr80<Kh8udib
z%Y>Ma8?*tHohHenr)0*+ZNTuW5;LkB^e_x*ftfe1fMbBPVlGomY;vZ|LZj6tyHWOP
zoE69-jT$Jl8YXDQ5T}c`nh41<5v&G1NAy_}@=hiWz?`UKPiz9Qn8dUJnIvirPzOOf
zw!}+9n1d-7u#ZBjKIMWHsxE|<m`ep#Ua?V?3erA4Hf>1Rm&xGE(VQX?E78!cmNBoA
zj&PDm<Zu#S{RjoOAc=yC%<!=ni<%>UsTQm_a%oU5QgA^iEe%bb2_bT<E=jFtjU;$G
z3B-6#j2qYCBGM%yD9}G3Dk!iU<eqG$YKW-*5+o!?Bt8*=%PIVXPh~zk9znsHJUyt1
z0;Ijzx4quBJkx2!HW_bkhdUkW8V_RXL<*RaSK~l!j5VHafd6*G6%z6Ew%a!0x2AC>
z-=;|>zX!~EV1Dw+<R8KJfA!j}LcupV!jtK!ilw?t;np3%bhV&XOs;gZOuj2XBY>p<
z7n^4Cr@=hppUEc%Wb&ykGx?1GpTYh#IFldIDwB5x2m-KzT^W|iyR<DhRI>}esZGJ+
zJ%DiEcZ7YvQzq}$A(I~#4P^tfAGr1J4E|A2UOVuHFdHHKItX_k!c76U8{lS!GAwML
z$$t&d4q!oeCSU!ROnwG{7VICvd<<?E!R!d;SpY43Hv-cY{40QY4a~wSXge)@Yclx~
zVD<oWIGC3Jya0|T*un<z|0gz+9}VVlFxNtuMPS~5bc*%J<OhQ}6(9g06zshKPM{l@
z-MUj~1ojR92f@t^%)bG?0dNC*kK|0gsVS3R-z$@U3(yu|0ND2dR0b$%&g3V6+g<oR
z2w{`pdm(%;hVLx+9t>tTu<MPP{Eve&`PBgZ2E$owU?#7D?_xtT`37JgGQ<`J4anqc
z_s`^;fO)+i)C;~#K^&jS6p|-q@{yA=`K@410P_~WGJqQsr7#HIlc@Ow%+=tx9ZU}F
zeWpVj09>Dz$=3mM9+*XDKsy1%f_>*ys2_a$Pov*yU|t4yZ!muZ^J_3yf%(_0OnwVM
z`W&beK(jfL+YW&0v!Nfs?cp5yeHWn19O{qZwt;;O*w-ziP#M4rpawt@fOkuwFTiZJ
zObUabVkY`yI3vIa0B(6EUmBnbfIonCx#Z>sP!Zr3z&!Td7N8OH$8bjhEC6}jG#jxU
zir%8Nbd8LJT~;`gbH_6IqDM3NT>zH=oB&=j@MUIKfEMR6`SA0ZybjD%F!wQ-&&)~S
z?r5<>nb$dv+XN{oZpgBmBs&HOdi0=pBMN8n8v$wpr~tkNC|@Lt?*U+e@5x_a+`;$R
zLiGCsnD4-SDVR;boCxM^F!|3gmbonc4xh<a0<$fcYr(7t{%yegxr8mO1OHo)UVkwE
z1oJk8=?mtDSJ02IBvbefd`-;+FdM#h+!oTg(yX<p613`+bZiq?{9#v>C|3yGh{)|H
z=h2bLWukcQ+NcoQ(q7^Wl=OD9I8CL4@_!r2>v*@Zt)$L?cwRgU+v@U>>3yJzE$jt)
zI5>>j_!CSz4FvnUSs80gs+WsDq@l^-Ul@M&Z<lhg_2sygwX^uV;2?vyE_uTU*DO9A
zpi`^7VE}{so%4q9Utw+lBzDW<GrCEpZ}%)d6`(|S>Nc0b-uNtjhAxXQ1`rOAoRG!e
z1hY<0>SqRXE4cjt@TI3@1{t#WY=Bxu>ed#_zF-ec&l|1*YzHVcFpHlxD2tB<&;yhO
zSO;(&U<g3g99!@MxAzdIHkh}-JPhVBF!cZ>hi36>hGg-V0lo!j1a>XJOZdJ8rZ1R%
z!Mp--YQc9Hd>?@C{qX$<m<q7(8UXo^%;IN{$l~jPd3Sgg-+ELQzX@P4*sF|&wgA6-
zU~dI}jo>>SzKg;4Gx$C<4Dy3;(|^z60~f=(0`L*w#A3;9KDw>3g-zf#axwMCaOIX{
z@x9>t6?|6$v+D}z4}c5HCAS9f{rAc&e&{k-=KyNJcS|rMms5WX$AP^H#7l(l3jpgE
zQ&_cFa=QlcW`cbsn1|W-o|QBV`eV37VBZ3e2cpzVT!vsn@$x|W3ISy)cm#3V&S&ut
z06GFp0%!>kd;!*IfMxJK<}CCjd>3Qi?qJph`}uR=4&QshtO)kE8PI20S^W0^tpWOG
zLi>Q(3jF(k>3hu<Zh?P!fIk6lK)Mwm+!`>2rL-gLNA$Fgk4bVRX8Eqz1R0uFGQ!<0
z&p=f3f<UyGdvWp%VW;RJ*KkbDgSc(T_L2}HS{SwhcVnD;4Bi6GjE<D>QX{LjtBp)Q
z0Rg7u2y-9d-?NCDxbWm@mNRH7xpo4ELnhykygJGSTne}dHyi1p3U1G)bG*;yb9@Pa
zQClcfhwoL}&ha(3pX0v*xVD=@6u3>;V+#}a0{nfB?+NBAu<tnt=^cQ$V6H#>|1U5>
zouBMK$B%^i{|Vp+?QtH=U%;&?n7<$T{}+scIv0Vu9|U*`P!Yz7C$!ORa4!YsspIGP
zy(eI-0GI*ZUpU8aym*d}2Ivi-05|~f1mK5D=XfW8Pw*Xi`5gZnKnlPRfWKdy<NLil
z$NvP-65s*Y$AP&K;0C}Wfc*efUZ3MT12hK+1z7aYIes_5Mu2Sq3^T(Cbm3G<7U$!m
ziqre}BnHQFioOcL){>%QB!>ufD&sbgIU;(5x&AxqKs@*1Vklt0h_0DfwMpZn@JQqQ
zS(+gNe?xnnHdf0;<}5&jHd$^JSP7yq6Rx9Ho!B1MDOrH16r12`o7jZULuL;~>6qSL
zHWj8^Ffx}&2cdEX%HcxUS!51`C&SK81pLSy!;`fJ`+&hzhNpcgZCxTAgvuExhYRDG
zk-4-dM{WC-qOJ~Ff_mg^HR|rD?Wj*~5pr?Q(VEoRzNsYF94$+|9JQ~kZnljh)y<K+
zqZSwI<}gAo?m7D)5(ODYp)x0p*&^SNZFmAX`(MFksMVs=<ID`B(z8WsXxn`ie|v79
z=gZzb&j;T-&wqFSJpa>!^L+a|=lNH+C>#erdHzH`lSrzAw!CPg#3e#F9uTGG7Na5n
z)kPxnjlV%dg#HBMb99W>l8PMI?2VZ4b8{}DQaIFKgDTUK<eIYS(ShjHWSP2hGBP1l
z@(YU*LnvrqnL;KDfk4YvP7hUyF7TVs2S59Wob;R_2#OIZP4VHzIE7cMmIUWsuy7O=
z!bt*KWsfp3+E_JHLzE{en8+leqVhRZf=V{}6d`9LQ4#qYwgIS&jwGXozB9!d4Y5`e
zzSis06&fpfma_@3BpDJ>M1&Dv6_cJ<j*iO2;od}B0>(rvY-LmgH!7mANhwu}LQD)q
z0Js^SR|P@usK7&1dZkvxSmQ;7w#cp!L)aCFK0cj=1V*(~Y9bXNCS6uXR&OSq1s|at
z2&Vc~Ycd8HlhaXHpoYADz&55;ClTCPg~k{7K>*DFhBdmtyMs9zKoxa?KLs!nU=zR#
zfcXG9CiQ>ur=56#-w7}T;5>jYK>JA-_*s)L@YSbW;6H)cAIx{tF7O^xFYu)yP8p8M
zp{l}3QaR;6B&b7qoQ0WxA!efF&EgzN-=xw#OR;ZsFTuhUmYMiNUW!62P5DpmR+yzx
zSQbwxhnznnue+%&f-?`yXcN+<;RN?a`!pwR)b=+}4g>6fZ*B*CH9O!Z$U$iD63ooc
zF4UjOX=ZE`&3qN~xYACYMi>k8!N7{ka->Y*D3?<?Ty#{hdt)k+k4RqU1l<SH1e5eT
z)h25~ZMt{~I%df0CQ(L)rb(U3-USt$Olc&m(hZ)^ZpF+)U_O_bt!R+vyP5cn0nW-g
zB;L5J3;a_%aOC#ig#YdI3!3LR2k!ZmEw}J;GYX*g1qxd-rSJb!@cEo={%dc+x|I(+
z0N8Om|8W1CFvo#gnY$PG6e!o1I~RE4Z3)o+-++Rq^#tI}Yv|iI7x+dWFYteY+4|iD
ze#(1jXRz=8aDl%8-=*OD!g~pdzy0q3rq#2^MSgHm3gf<#zW+~wef}T7{KgL6IB@&_
zIy`sab`RjOog1G|I$ssDb7S_B%)AMZ^X#NEde*n6=8%3h|K*P>RJh1jMT-?LQIa{7
zDqZI5Z@w-2UAgiVzOPv6hssr|{`k|+)fCm8Y81@>|ME|!R2g?jIDS%UC5AH96Fu0(
zC5OIwr6LgaXxwJ;VgOsSQ*)(60F<CjQ)qPYIwqe@i}WvumhEK~bf62moKabZUFfdX
zJR)cbW49~@YT_{}JU!yzN25pEN0%g(+PdSBohd26Gl@y9S8`4sX_8j7I3v?C31@aG
zOC=Y^RLc-ugF1mMPS6rUbdXDmCltn53rSh)IAQ1lqXDlLT$mO~v69tLGT}1HZp(Nx
zkqEz(oWGzO1I{!8RaLSP$w!G+5Sn09_Pj~eurNYB@KJKDp)QytDVeA!$4*xU>Zht#
z#|iaeLe`2Hy)iZsWg#WeYfwwMU9M$^s<S~gWE#ZkQ#B)w(%=+|0QyNAl8hT<5fbm~
zMwGTD(+z7TYT&H~!Y)LVnIJKdqjr;Nz)%wzv$8f)a-yCDqJ9T&e&$%6PJwcTX)8KI
z`N@Me6%kE}$Al$&qy+^N@tIg%dPZ#--cG3?QW~ipxtn5RwaFGH95h)>Ny&AMcJ^qT
z=J1THGuBI{v|D&OHfhZ;2W>RR#@bTQaw$4(svLRKlo8S)o+CyLEzMM!a&W=G_JG4W
zRspH@2uB^(9$#RHwryv#qJ^{B$5~T~6Bh-%@awhiWY{ZG)Np1-Jd)^5-Kj{;KAbhj
zVxkrm4%m3&tB#bKiZpIbP6d%_a&d-Od5z507_&uZA%ZZe1T7}fk8r<=^<;yOT_KQe
z7moQj9ypgekfJM8PgJB!u|V>1M74itv6a<iL^v_QFKqHbO@z|IKqBO#FchImv3et3
z=tWN|2fK%}xd(@8X(_$1=u4!k3Ju}|y(f4OtN_t)CVEphTgqG?R8->vBU9<Daph!T
zon!krYn)?c>N)94nmml!6fa+rn1*c1|Bh;|;-O^>O(p$>LYg?x<DqGpo%I%(Q`li*
z?bzx;hLxKX%S=K#o87SAlBw_;eY&i5WJMH`Lc-Ua%|~5Hvp`)C?Iepz2~Y){#<W{(
zD$~z77Mm}(X-5Q#L)GvCj&sjnx@d}AltjjCPnw_%GluR+g&L!aSGXimjh1SIK!WN@
zm3iw7u_mII6tAk3-q^)R)RAg*W-1IjL2K3u(s|9Us2WbIu*dfhR@o?2&P?7`LNOs1
zSE|&>fdYH`iX|vHdTl0%F@+yWFUzGta0^o*GpVdm2;NITMafYXqL>|ldxj{n!()Vk
zP#fcv!i60MwH4-GI?-l|M+S$9i5O$rwK3Ls2Xwq}uJiJ66y1?PbT|Vx5yIMF&k9(1
z6&49wfD9~XaLRfCL$JEetfHe$<v8C4$n9#AXMuuwd0|-z@ozz*HzfKs@^6J4;k>+M
z`4k|5#v!yt@-LEukX{W~W(7{9NjMEzkPdbb)T<%Ou)xW9)ekTdz8M4A2ntX_AqShJ
z^(ezhpn;=UXoX+FCmR`WB9^QrY;e&iAu$&9eKDQUxQB_-tkp2_2*Y2TRj&wx6A_B*
zBHJ6{<{T7;d6EUdCV5;v=?eoDKgpg7$f||!4>WO-yON^<+*LN)wM?27$;sm9!em%M
zNmvATKPF}cw{B~)iemGr$i-T<7-mnUgrHPxbXas~D5uE38FJK|r9?E=a|-&>L5>S>
zWk7+}3bI_2?CGLSu>B(KVobVJapC1i$V1Uy6hH>9^0L)tXW)1>?sZBBmE`2*B5xJa
zqO8iN3F%mJm$ZK7vhFk%rds}Mhd+vV%0FBq60RU?1V!r>V6rvHSxA44I@vMD1x9G-
zV7BEM!?Ow5BMa0J4N&}I0on_L*;dZcv{s{tLY%(s)afx=K~SN;UKdX^WYhC1?j!8V
zlcY1yF+zITqVe$|%sem>$Z^3ej0GQ`By}1Q-4;nu*hCZ}5+2~qsx_STwI+gtFWApf
z$;}oxbJxQ=8kLw!wteu8hXGGcJ17p9upW}@P<!EB5w(`Xq%t!t2r*2RyIyBNnMZ;T
zYNmxVQG2SU-I}by_cNj~Q?H9LsZHtN$uzu+`7mXfqyQMytkuW4!BI02h2Ar*o9Psf
zfc2-S3i8G(%Fq?EhsDfJq?j2`zpMa;M0Y%C%ZlRCfkm`YFw9slscL2=T%9yZ@|SbO
zGzx&z0hBRso^L@66btMjqNw`Y{l3`!?E8}+X#2CmwVMt&xIqh|%w2G`c9q4t(VRSp
z<83cdI@@3<MW``85?t#L>OCwh4h$8oiAo(~*4HEd^v3vlLUqt0R~l2NP96H-PLd}2
zI4rmbTi{9$r+V-%#VK5f8+9thNx?};!s=rto?fW`%*(^8zK5r0L$E<MViS5mLD@UH
zrzhL)QRZn7=N#+o;iW-P;6ESnpVHZ*A-FZd>j~U?yMX~0gpjb{aIT|&L>LO)3-*ul
z4}}yw;HU8L@PR+um_l3H8XVWH*(Lrq!0!NVeiRn@UgFya5Mgr)MGJ*esU&wJxYFWW
zK$HXBkK%A+F_+?87$Yd&%v&g&>m(}_qLTs&TS{_wZlbYs5kuOBlG~)<rNog?fR?sl
zwf6Lmw7`rrv0>uqz4BklyJHRSqksid0oh7i{7mx)7SG2gM3j038M_cU-NH!#!lasX
z77NmG7!{FGfk6=wrT*>c#fc!$+6G#a_4Jh=%Y!}+gx#P<baM5DA_&2t$dp`yNc(r#
zw2j1e^EW8M+Y&BJt638DDq_K4KwA-aZ7VpNgbp_~i}K5-f;3%b7zuXCADSpBnP58*
zHKj$#kxX|u#TnsJ31=dWUedk+XGM*eE5UG?&9>4F9gd$y5KV|h1yk6Jll;a<w*C^I
zZM?+4F<jzf!K?;mv*b(sNq}Ww@6qcLzY^ROV4g|3#7D#T2=E&M-*v!W2_~kAv;svL
ze8bVVef$>Q`b#oEzY;8b5t%#EAe3Qo1UG@!poA=JX_>t^`xe5YUn%ze4NI>iC(#-R
zP}+f;qj0%_P_D0-DdbgHR(JbvdEUkH$xlunA=I^q%&!Q`&mM$!{Kf$Y?Nm~h_g8jd
z1UisXxwK6Q);|K>2eyBJe^@|JXlPKNDAUzHqE&Reps*+|FvveJG$brY71SvpC@2tu
zgoQ_`g2SW30y+QC2=MI;ULlcDkzD(rh;|{7k*M1wFeoepf<}k=M@O}WWI_T^y$Tl*
z6d4{J5rB!c_K%K4r(pjO$QKpH1cZlC^;MjI%kT*F3y+Rcg$Ju5{KHxWL0Td0+J^>V
zp=in-Af`Wxiw%S=NEI3$87Xmjley?ji1VDYFY(0z9zMIo9|!mwzIOp^2iO8YH&TOe
zbC9DhBJd4_=mJVMY2$Qh^s*-qn3)xL%&l!^uK6u5<b|jnN&>^RMM~NXM=UXEcE}*~
zBJI>^!FshNRBMPwc>+SA1jN6dx^o&#$;U_4PG!)hs<ad@WLBvyDmdO5EP43jwTolF
z7A>gRzJ<f}$s5ZpZg5So;=QR#)`C@A+&XO1p`^(o3esTIh!T!{^Z%9N-1GmH;_zym
z-|ptPm?kaUN#U48j%Zlr2yJppwEOswe(Hez0ON%YVS+nFU-@Mp?e2adW)cmq^VFU|
z9_ScZ5Oi~EVrQO2Oe^{+s6AGltd7+Yb$rx8YtYcBx%i6-2q8!WPOFKxDH_`4MWgl@
zYLk`GS4c*5aaVY9A!d}+9RzV)FrsV0+6VI|2zs+3#SCArTx^04g}{=r%*xL!?M=EA
zI8tzta4gqqT(~e89WHojqGD|E{)EVN_=v;@5Gp_d;!-b)f`?C>LNa$~E&K>dvlwKq
zlxCLPRFq0K389R_oMRnp+i|uPmUSb1DQG~E5|tBwK6|p8eE8B*d2cthpAIO%eDm}q
z6RtHLHSn6`@B|ubiWMVxc?Yv+p8!*AJ8e>Ia(a*fnyo;Q;g)Y7Deu_>k!3T-6pPcP
zC%vQF32ygq85s&&ON4*t$dF%yTu`c@yC0(Vv}Tp7>%WO)(&BYhtCAw;U$F)O5dq#_
z1!)3r2w9MDjUXJ##K6Pafk&75nvXB@;~!F}4)%*+z5-YPkdhBzTp@nvCztsx08Wo7
zYy?OG7y(cppj1AvMHc_^)62a7v&;OZCltPWO3h|qo&|GWK7etB_`hXe=1&0xKcnyh
zU^2i802P2&K5$AF|A!Zs`F;Q=vMHoLzsy$!s1I-r?3?m|ezN!{UtZ?DUtQ)0y`XS~
znPtI!E|@*@0gNle@B13^2k?4D;VQrYfT;j&0e;R0uF2v%{d1Wg3UKi?1&=q>)PVUC
z%)R-*P+9y#Z!hz%?=JIw{-NLk_M>3l0GI+0mk(fEA^y1cm-%dfw(ls+X67jX4M3HA
zAX^r{`NzxrLV#EADJ=MKnQsZu37`zXwfA|$LRtKxpD*+A0Q){tDF2C?t-!nj=A?We
zUKW38$t(QVrLOR|iczQp_KGF0@EZY+7QezDE|xc7Tp|9nGFSLF0CA-#d=K9rz%-Y>
z!tVt0OUb<9jV!*4L8o`+JUVe6o?hPd8#HXxxQTzufWV+&&YA28d_KSZJb##d?&bgH
z`P23Rz6B^<@@xDYDswI_e0;-mg-ewvGqA`oelTD5tM5kgg+>%D#~0&==a=>WkzcG?
zqcd95I>iNRgW_AM{SC<}T;m#7`1bBs_@XtbIfU5_V7J!0!YdkI;lJ~s=5l6_1N*+#
zSNN(SSNLo&i-LI(%olC1@TWts@csa5fbRet<XJ~qCr1xSc6CgwMjOY)_PN6U1EB1C
zg<k^ZBrrDtbOpEua0=YU_i>m$XBl;czbAtk0BZqO+PVKHFtz|;<}q^<zz%>+fRg~j
znfqb~aV7x_1lTKcJIu@*0GHTzZvc9VvZ&*ws|#8L0t<uD;EqR8WdRUR@p@y7T2EwL
z(p2FfWHRbBsMbXVi7Mfom4M_8E?~h2LO2zp;es>*_)d_dO){F&RfLj5rH<_dM|(Xv
z*(L^36{-F-!6<oYQ9l!P4kPbW;0Y%`QhvL)H6zl=C2I*06XI^Fa|RNF%;&Quejhfn
zXY-nY=Hw#E(Ur@e_MGqP)VSp0QTnhaGd?Iwq?SM3_+E9FpnPs9>4w+@xX&@Bn|euB
zi#CmDesK3oRqHItvZFmRn}aiA-b_#$RUDjd^(t~FHgm|NMa7jt(c{&6nUFU)R=2}s
z35^%hRuQgsLS2O@f1}kx=&KA&-=@`IF`@i41A7jn&k6om8jc>)LXEMBk$PilN1Y`h
zP^(5fnbsx2nCgc3I*ps6EmT;mkD_V&_=Mq^4*M)luZ}n8pOuh&-gUAV<+Z{%9A1PI
zY{az~;Err1>}8blO0P3p*hr9j%AKPP_?*Pi#`m>peB$QrXGuT;M4^B34C1)2XckyS
zg1$8x;_y9`WQmV5NEefwti|h*zy!w1>f&0RL**U`cDW|F`z7I9o61U3M$Qh}HnfIx
z5+Ui1L94bTD6D3h3X~7U{YhzYLPJwAfY=%MuEZs$y89VW>>>nB1slQ9rq;%{F}Ma%
zdAm^jL}WXpJe7&<wWcW22$49#!yx^fbZ{7hv^{6WwlGm8X<RC6TA1yqFi}=KQYjyw
zV3?AWa1Fy@`@o0@5Jr_eeu^p;7KhxDz&E^PxNKqy7`=nqL|Y6SP#7L;SkN97bYvw!
z`w?V2qQ+t2G73}7Ihoula|RaQI#30oTH`QUN1S4$=t|o$CL7YE<yox>Ymlh53x*Y$
zqmjCJSZ+w;T9cU#-xQbwox(|08{!43pN{Ac!t&s3LS<F-r4m{A9ITA_EbuW9RsOV)
zs?x(cpjVmkrND})b!7r4SyYS~Orz3hlPw91TtFZZW7KbqMvU{1jkP8r=OPlg^|rD`
z)S%!%rjgXF6rNI%n2d<Ir#y-pD|v2o6L=Gm9!t_sDg_|R3L^RmH7z0C!n&JjUiH{;
z@$m^VU;&BD!cf@Ks1<Q}CY{<~A@1>1Eqx2l*-ZKwyE=kA*G8Grv8gEy3t?Hc^I)&7
z%#}FBuo-USNS9BUD_vp~WJuvKqaRiSiH#|;QG#C55J4N=iCt0@wG=Li?W`Sfki#OQ
zfNz?#E1^uu#ZQJ?@e$W&lgXNF@lnJWVZND2IP(0LN~4p4CTR5-DLF^>SZtC(M-zV2
z%tdQn*@?4+W<zGX!Kh%XEXmC5coCO7(~rD%-efvgRq<L28O}sMpHwgnr==?i<^RpG
z=3?6ItU<l3x)ik@hFV8bJ{OxvaNKcaE4qAHvYND9K6?`9V6C8ZI%H9|U;krp)j~Iz
zEP+~*6O4<FuyPQ3W%;i%GfQx`zmm)p&iy|!yZGM8KFTm_f-G)+?_vM$EF~^JaoBPy
z+VMmYGHFR;vLG;)%`!4VgeQi4QOmhymPigi!pVw}PR1tU@IW`0ST{v2gE5t9(6#jw
zrcXY3YlKw=N|6*}#K&NjRv)L-8Dde(FsT#LV=HPqn`;Zwfr$uX7g#M_o5Gq%1Es=#
zuVAbTlziR=)@TDVkuvc@u1b#4RnxOJM>a2Ea6@AmjJ`0$la-Pp%l1(!LbfK`?x`n-
zlhkUUG`~hl#~&K*9|*;XCl9-XUjT`flNq8{rPgRnVDFvAAx^h0s)8ghD#kb$T6GnQ
z!E@z01V)A{sEbTsF|65GYYqu~V(TI4Og)R*oLJ9UgNpXdq&#930_eJ-kOjs-NE)Lh
zsN!4#5Wi@HnLLIou)su9AL?66M{z99`ZR(fZ|3eN*<?@aBt~w*u!Jy94LMsJeJG_q
z6okF5FlR|RI_WI*r_@1?d<Ehn8bU|{2TYRMkWTnvU?h+wMBZ0eZP<AIe9<6L49468
za|41xgUQZ>UKo+mdyx~SF)j{eRyp^yO7w@$y)`lk<RU>~eko{jOMz;S6<7*jG(!qX
z=rv(1(ov0R#c7ZlMQsri)#JuwP>~Q=Ta809MH+xSAi#W~YD2NKC|x6*rbJR84Qqu`
z5nZGOp6BA~f};g@Af1_Hh~+1@#dI^CPFx~8N2*MieLN1*BpB>&ivAvMWRSTDtGt_{
zF<E`wJ>_$h(a~~bgrRp(uzz%D6mCzF6M06qImn}ze1fU1X(^mam7*~laaoH^wsN5%
zVbPsbUdo35zPcnCMrwlf#6u+>0K}jo${tQ)`nY!5q>v<3bBf}5$a5;HP!LrS)5V>O
zBVyQUAtjB!L4(St+edR~gY{R?CyE_Li?50^sBj;eSK=z42@nU6B!goBT)umggStU$
zsbEo6>5>?=m{2*Jvg3|S__AR7>WIX+W+-tq%$gKQmOC@t-F1Q_IZ+@vbMj+!#X>}F
zg2tqB_tUD96HrVK8{*B75s*^gG8dbqkTy_-Wm93u^dvYnSSVW-$5vdM;2t;!Xoirp
zqq#yn$y7<vnl#!t)LY4sR={`5_H^TczJQTOm`BLoKz2)(AEe8O8dcPV6Rd=DhTH<(
z{ZcflSQ^n2lgc}YR}Qu(rZAIxrMSvhs(zI}1tzbcrW|Ti&*_Fx&(6Ix*!x%wR1pHM
z*EP64dUaBaM(yHSg9}XIT+{}mAw9`xHIvPo@Nl_uGLkdShNMxl!Kuz<;d)9AFj^!F
z*#T{Ac1|jsL!MrZIpRmf*TW1ZGX2q6tJmw2%{th#v>f9lMCU+_U~5>P3yejJo`}Fz
zTP;RcE>O({8aPJHOO_p#g$s-m;&^*;fjZa)xj;xafuor<<mj0U>8%W@h|cNK4I-dM
zZ}^Bca!Gnllfr3@oH~+A4(00la!DbaJNysj>iBY+4qQE7&eV=`_T_5%a>fX*uP>(!
z=eqlH&6;t3ew;oMJ|ILSSbRBOU#_|@7jNOzYOYo-&S>QN_T}o<<zkb#<Rs4BuMXGC
z%9(p}k#MC}bCEGzq#3SCT%?hU)NsxGXx%tZFRqI^M(6V%-iDE*m^`c!qG>s@4+gpD
zCSWts4iiJ}6>Uf`8sSFA{5ZVRQlU-QY^b>dW76;(N`Ay~Pd9rdOgUXFj{bJ|0oN@w
zU{e%S%fm_4Hij!%j%YMCQ^-XDvl0qmmj^8<<Uvb-@u?GA)N&?3C}x~#D0jbPB!NU1
zvH(!L5lw*V7csbF2zNE3E~i|!Wc$sb-`fgyG7eG4Hx|<Mf0hjwYD^8qUL+*$K0dN)
z_`oJ_AlmAsYaq*swXTjR>LsiwkRdWC<G}{`BuTD#J~nB!IfeyC@YKm_!gfvxhG@eI
zw@{eWxb4d`)@$P|Dh@fJ@#cp%1u3M0wgMNI_ki%14TreAM}ogb6J-pBawAd?x-#xx
z4FmhwWQO1#=E>1+B{vlvoOlgJYkUIbuE*<&(V$h3z#P>>PqYLviYTT`mb4~8H71eM
zInkhvjbqNOh-PaN=B>8vW$=VsVv-g%HNr;|hj?loY>Y6>Qjo?40-8BI<;7`JX`u+_
zi89Y{h(!H2(@!4Wag#erxFC(q;$g9&^cWp>1f~*NYOEY{h!E4)@pHj=u5clv)n@sU
z3DiuHYb4ACS13ISLy~9n-?{(W&@#*3mMG!0oRXU|lfsSrR~S05pyC`CbaKWZ3q3`1
z=93>@*<~4GZK+^0a`{&!8_l{jawoUF<OhU?2eeg11o?+Xg|rKTPPUjCG9cLYY6k!G
zlqrKGAQRB8J@M3^e%;u|=#82aqs5;s&=@#04E@)Rf8MqwlCTW(T-lO_dp>}fyt`L}
zhF%`^8#QX&*u%4dmuG_nZ;zzLW*c0NAU_OgT9F=AkVodo4{<#lC(*(RGR2B;lKil*
zIEju`2wx4LDZsA)X#mp!HUeY<yaM<RB6<{(<iZO-j9*;lR)(cjiKU1Bm|s#MDLnfB
z$in?>XWF~DdwAqo|K@hTS$02#-A@Q7lz%4s33efzV6T?TPw;Oc{1RHjuSJfZOIh3B
zQ1QnchLK-U2fu>&x8VM7|3rB-c?g<uu2tK`wN70(cV#{4k>96jGhe^vE$CZ+e1fiL
zqCUxBOzveeTdXOmY3aSYbnVt%)gyQRK7IT3A24vx;2}eY4IeRb)aWr|$Bm!x+r&we
zr%atTea6gLv**m6H-EvxMZYgzvUJ(<6)RV*Uh~JFYuEj?e#6F1o40J;wtdIWUAy=E
zy?5XK0|yTsK63Qf@e?Ocoj#LsHZ$wo`3n~>UA}Vl+VvYZZ{5Cg_ul;n4<9{#^7L8u
z^A|5)y?*o0+js9jeEjtJ3;#c^Kc#(W)jFh2+t7Al;q8Bkh>VKv(6LkJUupew_y2!K
z{poKY#WH6zY;!iQZv)Ze*K<uLor`?^?44FyHEu(vsVTet77e)h$F@l0$<fzm{`zoA
z(Z4s<U2tLI``})S8y*hZw0Xw3c7eTb-8KzKTibJN()jTC)4C4JF7a25Ry)?m)g5y!
zWp%WN;$y`zlPe`Qd$9G&nzXCK+QvMHyqLJs+vwXXb40PJ+_ACaj;v_CZO`ZI=S?${
zEHl1LO<6K@<V3&zO*2m}dDP%!w>G0%p8D(Ng5D>mjv7?0N=W6FA0IDV+GF<oav$Q3
zo^Cw2)$}dg=fSb-#&$O==Edx|TCd@6%MbLao3%Y)L%Fx^O|{W0*Cx(-H)_|T%sIvW
zPH{6hmkMnC;^<{f$KiEOOxsb;?`du8z#WOx$35sZX~E;)`*-pj(Is$l=)6BZCz!t9
zay_VuZ;?|~?yXAnC>Hbg=?T+@?-;S|#s2lpmalSkRc^ZB98!AQ#VftW8mo?XDH}EZ
z&o+zJc~yAW>$0KfpYvCH)*f~A;H*QHz9g^emo{kYT;F!*!X7`LJUICIu<Es*Hm=c0
zzig$^rMR1+)tRF~=|e9sK0dhF^y%7iCkOmqrr+l;)BaW+55KZw*Qa%<{JN42-};_f
zIsd1zMXX;BnR>|C7?^STcJKG82YL>PIr(IER!UIKkA)uW9i7?XX?o#Bug(Q_s6W;}
zXhxZHiT>FWJM5Zp?BI8a4WB%1()`EAg%_=#Qat?jk|CpSY(3)CbwbTGogVC(I`d*f
zeWQu)ANdJ^t%hxU|DIp}{mgr}ntmGa+nQ>p$F=!5|MiU8f$M(yaL99j=hUkapMD&W
z?bmN~T+=(<SB?L1O^Y^j8+Q0B_Ci9K(=BVb--yDuR{k1!`|A}$W<`6tbp7S*#DQ5q
z&%9V}=%yQ^<M;`cmfW7<-hwxGJ2`&9k0S>pd>Ck&U!&*z!c7*2jaVJnDqzGBrxoYF
zuUz5b$Bjppu9>j9*IcK*WoNFhbaH>)*---)%q{fK#~V|^hZg>OW|PXjW1Ry$_l%t1
zX~(n4zRx$tZf;=hTWi{)X3j$<Rb9LN*qCQEQk~{JQdP31jGnr1Qp0ZLDm?uVvU%w1
zik+9I|9Cf}(;tmW9`~G3JbUJ_(#^m8b)+X3fAZwc>pNTa;QSY!8<P~7)?#AF@jqH8
zO#AIkmjRdD3w7_EK6Apzv_Wq!oFA}$<++<)r%tGPWYsz`VBw9XU56R>Tt9N5&HANd
z)^_|f{-++NJD%LsExlZ`!A}R(+*qm7u|)}sk``UP((hQ|(j`lOAJy&4&82s1jf?s)
zZ&um)$!i~OIk+eD;MgB)#=m<P`04z_loqoacKFz?;gqs__t))xGhpkKm%ny-qCfg-
z&U8;x?GigZhVI-M=Go>+v%60kp6UKa`QUG-3?25*%o&x+Z@pW~vZw#mj`zc7v~FyC
zH0`(8UB4D9y=2FRk4Y~MwLAIv=FU6+%z56!d)$+`_4m6q8Mrq7fd8A+Rtv85s2cKq
zrQ4lRO=4zm&T7<c^&y|Z&c}vX&hOCldOPpz^5Ktnw%a(oMC9@~_k}UbkH%;8*s<7m
z#kGM$(jI?3F0!I}afi5Hk{@(QKk?6Xui#!669>MUzI*zKQ^OZL@Av2DJwuis)_1Gw
zyKZsDhuA8f2cIq7H|JB2ovAB-d%dse*45u<ZFuqez^gItMZc>wbJO!@X~9`tci&lE
zr_zj4^|QZO-TRyQ!v{_+*RgU&@bVkm&aa+7yi>-EhsBQ9h)Ny8Pb{(9%{5vxVAIiO
zspg)()$aJcsWUQW_~h~9{%TO?V|?SkJge<{{eIBFYyDrnZ`|y=W@EZ1H*PiN`_g};
zj4f9A*`;w8k5pQGDs%a}5j%bwSESV0e^%7hCJ#M6!jjpv`N53qnTLm#Je7K=QmKzi
zj_-}$I`??`sogWPCf};IdQd&?SmVpJD=lie=X0@)7jurb@z^;sSQ+?P>6h~TlR0hX
zZ98$cO6|a_2VDLhdDCNR)Z49TZ^rsvoigkGIWLd#6@30)IJWtYbu&l4xVw4T_uuw-
zGws@v?=F|y^4E?I-=3RTDen5?sYjf*pPZjK`D4>;-QE$wTRxOZ{A#^xr+ZiK?Y;GF
zmA4ZnFEC%8eB<@{EhF1!Z295k4Rf?<h&g=v*i(<fH0^8b{By{Xn0__&t1p|Dbvrq2
zU)xdP-@O^scf-6@i=s`7W~+yv8)h95ROoa0;rAmRPV@gXW7&dbzkm9r>3}o)Ti^37
zKP-Fjn@g&%JH@T~ef^ouWuG;lcD&lbyHg&X+RmSy{q5%$>a6*P2S@fbY&&|WPi#Wf
zQo5b*-TkWnvQ%Ah&X#eyyWf7Oy06xYeb*+xyY*^wicezK%Skh|6-o~Gju^FTK<6>>
zdzRLHmR)Ici^i=lPkDUxPW#|0<+jCr|MT7R3#L8jal$Kmc+Kt;w+!T0E?={8<Gmic
zv&vPjaeKm?=?7M2zZtiF$N*hHqQB=&(-O_=7TnpP=^K3d>YZ=?+4Z&CqS13Ftyg}x
zxy_ou)E>RFG;=SEY13C<R24JAz1!?V2mkR|kzRjrdfJ9jXOH!G(e_x`hC{z>dHVC0
zDFI9TYOh%8+k48%5nEhG#vT80(DGXK>kQ;$7e;veUB3sv<4Anp7ygZ#yM5a8w4v*e
zWwYmct{D0%c4FZJ{myEi?`RP4k8*MIiqi@`n%QLBso5U~Y4(gv-Z!}SqJGb#Yi*l2
zc39Z7M}N9(%C2>5``ycb{l04LrANji;lYW29G-M+`|V1_F7@8LbLEw}BYx|AchjR4
zd!s&doS@N0y?Xf0ef`e<uE{l1-(PQ-UHM?jqmN^XBrZs;aQDL>`-hF3+IimAOS2=b
zpWhbVFmllHj87Yj++4XRqIlom17~I}nLO0}-q8WW#&5a1W&Y0VOaH1>ZCUX((@)n+
zGas&by!+s$9e(@ZKH#54M-%I(zyEo|u^qz)o!?w*;g^Q5*WUBmQgeQQXSW5-?>#*@
zrJrTwDb<R1eNVRDc=NJucGbeOoi0TL?p?Ikf7NgCSudAVE}6Kk$ARhJ_BdAb;g(H1
z%QyCGRU^LU)6%zxmr2>vaLUQq%O^}u4&1tT?<Dh<u~YAF-P*MEtJIypxh!u}<$2bV
z4PFsf75dUHw^Wg%r_?Ckd0e9htJ9yf{&Q`h(+@LhSG{~C@%wLgzk6O{^nptm&l<Xq
zS)Dp@#LA)X)|`K|ZOWsF?Z<~NdDvu0?MDNaf1?>We%+n<8KeBZfB)>+??dX2|8?`q
zM`IUn^7Pb3JFh+Q-EKcsbfxhF&l$eiTxagO1!GEOXslmdJFFa6Y}ce=-+%P|VgIH+
z=BIN)f3`0E^|Z_W>)J`}dVS^nX4QZ`rw`t0K69FC*3h)e6L$A~yJty<40HCHSu<*<
z#4exO`S1SgBKwxx{%5aia}%nbfB1FrRWa3j)tYqXaP)TF*K0QwZCba^{<2-~-2SS|
ztlp!yj{ouCix!oi#{czuBjrTZgF@F2-rBLPsi%5OYE}J;(fykI5$$v+^68aB7p>N=
zQ57EjI5K0BSvRw0&6OikPw(69z9w@+o0v<}n>`t-zWU+x&bGCeZky61XwA>-PQCsV
z(AI7J$w8i<Ds+FVYPra->8u8C-ew&A`Y1Q#<;D@8Tlc>)aq}6=yi0RCr8pNWckq`3
z&(8iaV%pn?rq;j{6?V<4J$lkqZdTIY>)hUM8^|4b@vP4!OZx>sO@CD7yGfc7cXupN
zPu<k7&CgGYcl&A5_-B(Qhiq8f&}(JtmM%Bj?cX(J>b;Ar*ZREe`_pgVUg%n~!IhdD
z%73$=ZOih?o5x1BH<moUW9*leHIJ3%AOE>4>*>yuU+!I=zGOo~e^v6RPbbwwze_#7
zYDdf7ceAGKKDSY)|Fh`MM#F0iZB@0^>I2K_YAfIBRB7{>rq{#AO*fPqQtJHg$-eOK
zIQt3bS!OO^=3!=jphk;1)NIf0{WV|HSkq<@Q?X+gF<la$5%YcFsU+6sfNf}&U6T0#
z%{upoPQ+NR75DI}y})yY>Nc2P?LJa<JeUWRI~J{jSg_KSzQ%D6MtxP|&}fc}S$*Jf
z+8S<P?@F6%oxi~Sw%Xv8HhcuPp<}7$6%$r)3!ff8S#|H(1w$*eQ2)|-=;0-mf7`mm
zxWwmM#p~J=j-4D@a>~23Cd~)kExonj`Qj56UJHx=>co+kN2WOq3Tn~U_-XFO<hsk(
z9GF}5c4)(Ll^Y#6SoOxf4%dhN)Ac*O&$QCzXRZIf_>n#*r|(f*ZoR$A-kr~1kNkRL
z`<W@zJRi5ewYYhO9iN@=Rv8~&`SGqsr%rD<lRaro(IQ1_A6&J$@}Yo(Yd253YwY@{
z&q=TT6UMx{Q)Te(ZtD#m^A^U`Yj7jzTHz&geXEZ>H#Oj!qT^iu4DFNoOYrkom%cqw
z^HtrH3nL@BXW5%3f3qrK;KNmm8)szsKkxN8F823fzv#o3wrEynnYQ??Q|;THIz2z|
z>7a5G1`R$mHNolp%j&;3*<SeZSmUE(C3^02PA+}-OOVs7O0{Z-&p)?v;N0xzPKU;1
z-56ST&Et2e!^(I!4V^qYYw0OIq*~hE(ZB5*@MG<YuR8c#I@RmK)9FtRpAHxw_HbwI
zkNYz{7sWn(_v6Q!s-W&u8s2I0Y|}aG*1&FuS7<`d-f!dc)1zJA-udn7$i<8QDF4&O
z3ad`Eo7G8k>&fT^$vrmrAGdtX;jxXi*VdN1_~FmtU%tP(>d+_m3cKA$PkY~|$wlSX
z)gRwp8Zn{w{qvtMJ=idF_4DC7zN_K1=ltsBb<eG;v-ax?8JD%Is*EpjXh=l!4hz>E
z-LkmWsZ}Mrf4+AjO<nrnuie)UJlAA=>I>_Y1)+y~WhG56e?;YTvQ0=@r;mN^>^bS)
zw$j{LKlN(){-<vHIqlbzQ?-^i3e|({J$EO}e2{XhXHfRu-HR&BK2UMh`s}+;1~z@x
z=JeERF6yHzx&>~pWqRMNg7y1Ho$gm%>ZWTqNqKY8snmTpHuau4W?%H{8F!vEZ!~M;
zjO*j?e|vzt-GBODHzWVqGrPO*b^Ys^ovL>kK4wI(J%2oW5&y@-amiIQ&k9}otJCn`
zzSQ?0dF|P<`hJ6dSvl>|nZHlmx|=!AtH#VdYrY*8#3%0dm>IdWA|IUHcff;F2G!W_
z{|J9EC?qv|*393N7X28#s?fkPC6C3{saSYH__5FZFSRSQ|GW9~e)?r$p$6xI4{Dc`
zY`J&Lg}18W!Me^J@6T#9YWlu<?hF4On%HkcpR|%My<$(cZ}&K8I{&fI5=C64oqX?>
zCzm(x_T>85hXaqa+BUh;^BOm|UtGTBrziT0b;_Q-H>v!cLscFH{FeH|)%1mTqBczF
z9(Cc!Pd#t`w7q`qc@ek9-g#JPUC{k1YrAP${#0pU^())@hnW8OYU(K6waedJ3i`0B
z$hk?A+Mj=SZtsEFT_z3hGTdwP;Fk>(UM}M`HU11NoPDNRwUnnl)eVN+UwU@=fvtrX
zFZ``U`9=vvPH29;o9I;CY2fFz*NP>ssI$Pg+qA<6A{!hY`+B?2=H)FvoKM?0)U-l3
z=j-#goKKY>y6?=`F4=p3(7rC*cxG05z1=g44CmW)`uJ?u(D>cml-pK5`)k4U4_!CZ
znR<PsZxf5!x~<aVv8~Q*E%)$Qxh=<?HmsVsveLZ)br)9LG-d8}RZ7U5+x_-F{`hc>
z|M(x*-|MZZoU!h<YQfB%^MkKFYx>o|b2Xlfe%Pj{;<($gHH+sKbK&2Xy*S+It8{+W
z$`LMggF5c^pSt3uwW52yNgvK`E~)I>ZFb+G&SRTguD^Ho5@mMra(n+Oe5&7@z_wfe
zR1do1RdL?3s@oP$-aUKR#6>Pg)BY@czrnG;KCN1#UR!8)_S}k<d;hrikHiCA=Fj-u
zH0$6$Gh>@C9ieD8Ye2J86IQq!+cUrPzE@{oetsTszjNCD&GV*JP$y5@s14rHIlas$
zC%)t33&%!Wwel4wpWO8@DsuOg&4ZLR>$qf}y<2u}hbrmT#S@|fpY%9CY25mr(Y2e5
zdz*YCX6lxJEwh5hZr`>vD$c*tpFMS_AMXA|dHI&V)5}V)K8^e}W974}^_s1EF+93w
zR@2hwI#{eR+M<Vs>CcqgzUyG)Wrv2H*BRawJ2Pi}t-?WF77rfUV{OZdrgpzCN$Yxc
z_DRL@lheEpw=C?+`}-+&>K3NYKhrM3ZGXv5hl13D8#O4Se1EL(x|RzM?U?=La<|E&
z-mlvGC8EK*$8S5lx)xcz&#PZ6&N#RHVdu3ks_rUNUX%RevqewukMTQrCUe-7o63`o
zinUp`b>_Ce4~+Qny9Wy@%)FeruGGZCod=X_)4knBACGF&uWVd!t7d=mwH3V<k6Y8N
zY=;Wtzh3u)bxPvQ7wxasJJRenKP_T(pO2-l>~3~{^{*ekIh$R&`h~Qv4{uwSRTwdC
z{q3%iXD%-9yWq$A%Y(|EZFgs)VpQEnLwa=El#saT&f=}FZ?`OV=ckje(oQ}c@<+x%
zk4i1?)cm#h!cTJ|e)_{B<Vdr?Ws5KNo&9mi=m*70DE;S#tyxrJbo#{oi#i<}{p9?{
zH`+?O&%IhYac1+YhU06?{<C}hl+pZ^DX+3G&e>G0l<&K#-v%yT78;tey?pezGpg&6
zkKCf)-I|?fnUvad)8)a#zuWwM(Z!Q$JjlA^K4fXritCC_cvs`Mqg{SF^w&Rb^>_Yt
zC+&KbIW0D2k6$%LvG4Tnt4!1Wc<^ff*bd(|yVUE4kCmp4(vBQ=?fu-3kNdCm?2tC>
z!_uF#t~E%U+||W<Scf9PTg)#9EOi^&acSA?YNu!a^-p}yH{}PnRJ|^A;N^@(<x_jL
zOsUuW*!j$_&qjXy=1Z|94`M5HJ2J2J$y<FpZ|HOI(x9qWj0>y0bMc(`@b2QWvrYZp
z#8x|*`S+<SFPkkZ)aGTOqm_o2@Hb2!ykqXNHfKV1E~-21m$^Z6o&+_06)||#&B>KY
zt-T*p@zR#LW#%mWIJ@lqTO$eu^;7r!?b1X4X;<D4-SCShV|!%dr8ocT9~)i&cJXnl
z?mK!Gx)QSXtu^sLp~$XRwz<Yuy}5qtDA(6bV=gLOR(roVy6sz6uk(A(?aExydBE`G
zvCl#(cvM?HwqDP!l|R+W*xYUJ#R=Uy4RL<sb^4V>x!Cwu^Zg#>d`=8IwXApdwt)lV
z_We@1VfW|-E$T0wzi(sD!|nf`Frt3!un!p*w*Eity$3)PI~O)QbOe!NSJYKNDFVAo
zN0HtX5Gi(qt+2Z6;ua}3>|*bt*WSBWt_AGa8`f)A6jV@9Y=EN9m&{~fcUiF9`@Zk@
z{r?S|d6Jx*lT30Z$?Rk@x3FOgSLpREX)?j(Q2u!~JM5|7rjJL*9xb?B`ZBxwqa9j4
z#hs6*waC_vjC=LwQqw1zQ5jK-zZEQ*^rFq?+;5Y{Skj(EmX5n|rIl>vjrkpdCz$th
z2tM#UdoAbr=etF7@ql5DD-!2WKR<i-SgUKZ&D&J(jOB(w7ti$$t+Y3)IFcUsP?~Pi
zz5Csdf|5Qn{%Eh4KKa>W;lyVlORfHBrEk%`{kJMwv*({G=-*wo_8aD8fAr|Y<}X|_
z)4K0uT;AO|@=}j5ujB1)EsynnVzhgm^UmZBcanBK_nF0&Og+`6Q@`EcnkBt|%(rTP
z)J$_gpM)y<fj%1c!`xktu3zPQSUz>)jxgP*g-sS+fBn{9T5b6G%!}78Oe!N%QwzJc
zyS2Yd?BeVkT2_urY+Sr(e{6?I+nlSiI=?QqxUC^CE8Qq^wd#DqX>YK>WRW26#HwXR
zRu}zWrRbip9x!b90$pwQ_hp~7-Sl<NIwU!r4d^|!szc|(n&EHuWpHio=IXpk7<ANW
zj?Fa7!{Yvh)#<km+}tQ^lbW5iA!P2f$BVviztYaBg<*&BGfz~kz879RY*$5@UL<Q}
z<-P7D7j6vg;;C=WIHvn?TZjSYXtMsE+xIW$b#Jn9&KdoLPkB}m?<)-sy|>-{bk}|(
z{_aoh!prBKUp@O?<QnTgbM@XCKR+*FZw)Pv?wDbm*L+1uiPetMm|3j(ds16l4u5<2
z)5_Z&b_R^Fmg@9jmKpeePArP>-h5?YmG6o!#-=CJ<Wc@3wr)!sk=5K_QuOWqXGdgT
zw%9VG?BLX6$GdO+>jSgJovP8%mvg-DUH)`G312bS*k|AMwVh5KZlZ5uF=I2+x~ajf
z?ZSTE%(+c3v?^MVIR4&duU#ureV-JVURgHjw&@-J{yshus}cNHF4iFhZ*(x8KlA>?
z;d(y3ZXKI9f1P&8rhwGJu9tMyU2EBLq*kwK7XyY2HaazR(RYLNfhCeH9>>C$ir90_
z&f9nPGN@T*xblcI|HYWhh|{l6;+@QC>_7Q?@oww4<g&5V_`5z^_j@Jed#8$Tb`E#n
zZyb9mWOzc*+GyKx$$noi1<39@=ttLlk2RhD<zlzoaob~E(jO0WcAOb|vQI0qMosy)
zJ*ysGJej_=<*=X&9ov>=UHM`-n%^n0Ec5f#c0MmNyFEQP(Pa9(oI_=MueaQ`|KW?x
zou)3o^>kt3{LP7lmdQiA=bbNXBbqL)D*ZBWRo3uG`38^OT1)(*F6d59p48*!rqTM(
z&vOl?&s*NRW6gNo*yU^9ydT;z<kg9gZH^zi-nV>re^HNj1N9I7rSElSl;|S2X`fl6
zVw!v#TM*~CXlvM*IDeNOpKtC?Zr5Am%;?kYo2*^odtkW>yUzu!8yt=N4h3<3oX3Uf
z#eSd6zP22cy>j8+)}x1rd-<&>c+-8E&gSSzlWf!Qvys+ZOPBt~t2Zn==K6GTYWr#4
zqRE3s$3C+z$a?O0|5ZDu&ZFMOoxf4xy)}A-JVUSCc#-v4vq7OHH;3NK+kVG>BzIrI
zwk6@|vyZNs6#I3}or<ym$)77vPi^(__SG(D<kselnG;92E@X1XE@fzGuE67Vef>5`
zbJF-v_eOuS%;!9jTubg)HE7kPU_bpAvWh9k?nTY)v_RO+VP4{a=m+cXn&)C0tZ!Uy
zwxJ~R%3j?}vnyR#6XNx012RXX=k(B#xzdX+t(c)}8u0bOu>kv!ma#Pp-t;yPw{Q8V
zy*!SyCT;L7_6_GT=Ua`;s+qbb+-uhhm$+L^)?OZzFiDox=Yn^N`-baw1&_J~t=Hv@
z_Pf2Ob=dhH?H2Z4)geCjB5lQ+iIUO#$Hn+>v*^2=wW{>iqOxb$7agwlqnopRj!b$S
zcq?R2<aWy?1DgEt$nvk9J^p&0X>ey_*z>SXov(xytRB`WQGn6%gGWgVeX)=C%53Hh
zjKW5mBz@ffhVL`G#l(^HSf7x)Veih486G*f*_xe)%%>DrnCjo##M#s#xmEAE^S)1G
zYDdf&wEUZm_mrpa-ujIBIOoNnH+I*r4s1)WmgP;<*xjk8Yt-<flgqnZ%6}2?@bHQ1
zVV)-2ZC+L!s0_K)Qr3AV*Lg^2dsFAKW7s{TJs15pzwznYFV4%XpRMWojr*H!m*l>h
z^0Fehzp;Rq*tvXA_vrjyCk09Ln&zJ8+W7f){F1HzdDVjJ&pnR!J{VLL_+-+-Im}tP
zGe>ZFOmD}nBHg3kzc(8lZE)T-KEAZOO!ug^+d&I=(~$0Gv^RF2+H!DJO_!Gsq~Y1i
zb6*$UxR%iC<d&|>^mIPYW<;fo4-HCv_swb3+wz&O4tzf`cSNbfM(+0<>Dl!eSHF2h
z=nvi0bnP)+w!w#jzM-O!FPGouuYZs=*t}3aILKy6wZ*{Z@0RY%tL*MDuzc*A;j)M3
z1NKL3IJKpDv5>_M|FEEShx4CvX*sD5W*r{NT3j{A?Qhw9!LkWP0%7^mO8lwGNzTWP
zU%Y2u+&gB^rs}!$qmLiNU8~$TX2*!Fo_-k>S4NzTzHlR3cyj8&Eu;00pBq^s3Ej!P
zV;*c;@W)**qvGt_`KKagn{>c?=X&%TXe)Vg)p|Pb&Hjj`r<kw4+pxQMN#mou2ak2p
z)vxMWkn`}A-o-yFG#@S8m-Y484*y$ev>kayVcRD6S=8sY>62T$Vd<+3Znx@<|Jgby
zJTPL;@#|OnME>=3q~p|6!-~TON91*rj*1gko7}F}8}2#NHP)aiOFPS9@~g|T9f5W$
z7noreW*YVgaBJ<8C%W3CrA`Nv;Rb$}?JdlDPYl|+`t$ZB54&V946f>bWTD--v_XRp
z#P)m;@p`~JixGwky1XbaFAJRGx;?(M#s1fAG%r0cZM(MX>QhIf{)!K+2y#k(+2?_M
z|E4}0Qp8b*M;J$53A?m;b5QdQ7;W5n>!!2#*sVEVn8uEoSeE24e#3K(k6qs_$ESs!
zH>rGf;m$|<u@~<d<rzuR&AlS$+s?nbloPf=p4;weuVcHXUPxjsySj5oNlpG?Z@*=d
zXJ6XgO1!Xo+Led23n%lYm0~eTJ@#%Zwa~EX%-d}sIk4ulpx2Pu&5HG_wVUmwn{_Ze
za4JMR%<lc!Js;W`x*pi&-ZAIt?0nAsvsTS^x(^-~vSL8LyJss_4xVJsn^P?eWE5B9
z1KV>it(w!`+p&w+xFE?h<GkUQJKSwHq;&tO)n>t^*_P~m!FRGPymxx8X=^mTY|ai#
zZF*8cblW@jIz9dJx5S61>s~VZxWMh2Vezq<ck`Z|ZnkpQuB*d`$fE)V51ttK-YoHU
zMa8qf-i%0?vgEJupxCL0y7mlvx^&wXKE2QCdtSF~e7?`o+7k5K>Dp0=c2xFbpMd1K
zQ~14>Z0Wrry*c*sQB<7Kz&0lmVmIwK5p}FMw5=rNqIUBo`!04d`gUgN=mf9fkz)>y
zU4Cem-`<@I<|KSbz1eY)+g|sI*y()7GmnFWBU-NU>d|M1g+)7kBZFZ}%eHs!J#UuF
z(U(hN9PX$3{uMc{^zgOY*A1UP;+6#TIU6x-aW7NDw>{nsK04?2l~*%%?kRiUd&0)@
zHjfkUTuqs_sNhxRY|Zek>65J1(*4&oA6P7E@-=#T8_~*(Gsil|7I4=MOI<m^R_l9j
z*TvdhK219MXp*O&OS)vq@CBzAPHb)5Q|F-Eo%6_S=2^>Vtzj2mxB6OnbMmJno6Pe*
zPJhl6UMnhP*cGhyXFD))&r{QGeL4L7Sd)EQv(l4}IfR)QRQAzuTWP##)`wLmCr^$(
zEY8t=zmaEsGteR6;56^gA$L4lZWPR|Y9Bs*aI*mEpLF`->gfha46iY{u69PJzJ;|H
zXpfr5^fKOa@>J+@?@iGiBu)=A3yimHi12C7%D-9Km7%}Gd@z^%buq<D<@d$^uR9-v
zkq9>+3@3qBL87&gMCLhCYJ5)uO;-0I@YYng1PIFvXwe+vn%H}ASrMkcy&w+a^NVZY
zawVTtUcKJ|yry$yMKZv37TCmMAT^_V=DJ59ubpl*!`m3<e7VcVu7MclJKk<j$`Z`S
zG=9{hraiIq!)pWv(>G!nff?FHujXXl{VO|g-Udlz@YL~k_csMw-b;)>FmK+n<O1KS
zqWvH74V|+xn!T$&ZZzDkZIpf0?s);DR&T2Q_{aX+(ZSbT-)qj}E$Z&azN7JJ+~I>a
zJj4C=KHkimmQ{Ge@%8l8A7d|bYOF?_8#&^5&y2T$9uYxrXYTm(Qc=ZB`O?<wkC~Uh
ziSl~X=M87ew#{L~-^zMzy;w3gz|L$=^tWgGS{+z2a?6ni30D~3gGytwj`$usn$6k1
zeZ+P9@^L+vEIGTbXH3EK4jsQ<>SN;{ztO74u~i?MA8htE)XhIl$P~DUv}2a&jn6+7
zs#`kx!Z4ZB!}TM}z4ENr2%26^GJ3_-KRr()f8GXfgHK-y)9;^6?3(UAsLlLC8Yu&&
ziiiE#RWq!7zs?ZGzzKb0I-lF)wTs0Ol)87k($@2cmc==q&zg|!+M`x@TXT(GvlmV3
z%RG8*V~=!h(YUgJxfd^Wj3{V6bJ@6Yn>y#;E%#p4(d5;Kh|+>HX1yf?ufJQHxAfth
zU4fz*wnrB-+udnm|Ed3q_>`_)dkzv#N^P3sI8z+VU2MFfCfRVuu%lVNM=gT~9Ozy)
zzpQ*<d68S<fkYce*_(;jjl%S!rrXwM>JGYFws_HHT8Ow=$)ktkTg=vJ!f1JG^`MHN
zK1bVK&`a6TW|c7Kk@ndU1<$n1TTVR~H0i-)&hkWF8?M=laVHYI=Z?G7cV&gUvD2_)
zMQ6I}-8}wj=g`Wk^XD9;_oQEzKYIA>Wuo;Vjg~Rro=(`?)vw*wF@w8w8Ysvqot-9k
z+BM0XyXUVcZ21O@qj9qmPZS2ZF3COUQ=NS`zsJ_+kq3@l-9Mvwr|0Y4H1@a(oy2D+
z`^E(XV}^&G&zH3vbi!zp<AbD~ZrSIj)tKgI2Oi6{$@uHT_rH>DJ~rhKjNeqetj*l<
z4pjwlCx%Hoefj7wPZ_l(+C05?sP6CuNu1UzA57Ce;MX&5@{O&5d$$JWF0hzk*s;Z(
zq|_b4IbH8H^<R8Pk9kP1B=qQufbpA}uvZ9at>TSmW#muW^1wA~Y4`gvp`oXQM-Q58
z`{Tj;b32|dS~PKi_;c${xgHj&muf`OEwo43;<>$(+D>Wy>AN8AR6Kv+-f^sqdo|vv
zj&Hx*E%;&_TeHo*VAAJk+uX&ISno&61}}P4{Q1pt(~+MS#U0wF(f^8DhUY$mld*;D
z9ZeF#86&bs4=_Bm=G&BUgUj`#laDo@JFvz1xmLUG?iCHn`>^ZYocN34n1MzihetoQ
z8otY9`Q~>0cWd8Yl-X~sU3)+MxQZJAHS?l-%Xa9s@^mQ~I)7=_AJhFz@8^DZVJ#Lc
zo+lVL>F^i-ypLMLiW5IC`jmDm_f28@4$Rh4f$cpu_xr;FE&1HhV|(4o4~UZ9AG(?Q
zWq9-H`kvRm9SUr-ZH9iJSGNJHVs_5xGc~R9S<DXCN1I#iZ$Es%<lFts*RBgl=2`9A
zv*CGf?&>$49viKW^P2W*bL@59KbvlSKmE3!<-5&I9AD3fPA)fX`ekGCmh(xi<{p_A
zAQ-D5`n+T7;{1mbF1WRBG5TZlv%D#D$}XqLk{2)B+YMWK{d|V|D#nSgI-{5AYIUkU
zT2$64AiwLVo#rLoZp(6R-nDo(az<#x<i!5=(<&dZcp5vZt@lUe9@Dtv>hx6V+?o}n
zd7^BdM%?E+nibtX`tGlqtyRVt8MRhEQaf?n)SHt_&$2P&B>flb(?*|&nmFUh<^Ic4
zHqSp`=rbx|({z^&&8{u1E*S0~Zg%=m<s_ZnDKj&iG9>v!!yE>kXwz3FeUdJ&c+584
zVz(o(|D{JW7Pz*)W7lhOvYYm!%LitEIlr!pfzN{M6&?C)Z+h*(F)gbOe;H5a?h0_Y
z@jUCs_p(<*gX6nT>$Sy7);6`uI>OBHx_I02dnqH1PBe_wFbO{^<V0-Kh$*ZJ?m5z6
zf^*rI9XzA(wZ5A@+Ki7})5Od)<Z(x)cF=Z%^4<%*r?l=LzNJI;9RAAf31(KVZ4>-P
zjIq0OvQxF$)FG8&d%GQ2n)u$S@bRAYV>RCTWVec#`X*tqb*DMcy4fDieZT45gFUiD
z!ETdXHgC5Su1&tU<Ad$Zfd);!wa)pZ_cpB0*GF?cb6cA1KHB@8+p%`H+9j_nKa<=!
zi*<hT{y&QMf9m;-x%O0tE>5$Kc=vYN_{w|tcH?F~o8M0hzhq-(((i34t(UA-jMWIs
zt>N?M#8jO+kaexy9-BX<mOCb|?I>F}&;HKy3k#<6GRACj9Cz^5_w4rb@*eRv_8Q+s
zW*ZydZQ9($(>-syy-WI#YnwG=ioJi1KyGI*{c6*UZPR1L+|m2z=Y9yCBwgOwb!&>b
zrHRJ2NjGO%lyCFt&D3^x{doJ@!(KXP{r4E?ESfX*;G#!eCz-e1|9;HHiuIgMEJyQi
zWwUxFdi3BNX?}M~p_b0E+ifB?-wl{*-)B|l>&^apS^Y@sPrnP#=jC1WXD{s0Nj}``
zmS>tlqS=|IXDny(Gwo`+RhHXlCRBdjBNce8sg|Y<D|u?c9UWr$fPKHa*Yb8(=hv8|
zUG`b)J8GrDrSa#rOScAGIlB5wASY(A&(7fV)?>EDg<QV8eNK6(Y%qSj|NEq&rVLzM
z<}gXReH?x!`WxeX?6C0%w~XnP``RV``Hl8ht@lkBQoy;Mncj)b%s-;@^v>ol-#^#|
z-<#d<@b`+!?7n+$I<4-%{P=azc`Udr({ZZ7mlFfKvGTfIS&_E%koj%*%>4dGUvLb9
z3uQZmg<mfZY;*p#f76bcZpOJUV&+;U=-d?0Y(F?0Ivea8^JPE>r-xxtrPVu&y_*+q
zvPix6$hghGkWsHTziMJUfSSnM-1rE0*s4qq)WoS0zP@p4Otx^tkM;i!6)BWkq>{&}
z&Gpmgg19{@WnHHxog&>;(YqI=zXb9w0laOS>+*lF>k-~|_al7xE|Lrt{QnenQ={`6
zpcD|VpYsS`wwt6j3jTkJOx5Vb0R`qg!aoD*188*KBc<=5|H4*oy#RUFttCdW4KGM0
z`3)~i{=E(5{+ABaz%QP^_y6tZuT42kO+ec9oQ8&`h6XzPs{09{`WgP0-7nv1);2c^
zldaxx`XBNC#}0jw9(|q%Zoy3KhcXoFPkb6d%m?1u9n$G(e13xxY1q&-g>RxNe(#k<
zyh>U7IazF|T<vFJofW<~>k0B58ml&$yGpX!;>C&t#P&_-bA$9W20aKko4SqUl|P0H
zg#~E;b*Wq;5huc(Ich(>3N-|{)9LmBPzg-@bK8y+xxmezs80z|-=s}RfghZN?*zL#
z!|$_-;no}QRe2uVVuIXO8oql3-#3E$?2H98QWL{mnqpWJFATG1Xkbr2>0rDo9f&1f
zkD8Tg_Uk>n*<$Ib5UM?)Jp5Jw)K;Q}VJ6)$Y|T^+%*W4|TrLI`TwLCRO21Oi<jcZy
zyu{GTdrR#tx%?J?EVMB(&bK+!r24e&`wyd?cO6Y^t>e5izWqwqg)JYOTu<1$;9M2H
z>TI*e6Z*&H?%KfB_05p_^c7FONs}61)3tBi9yh<Uwt4GOYu<X<CyhTbZx;TNq2c}g
z@I&uZjnVTr>z!`3a>NPEWh0H3lqK?Y?!L_^ynOh5X3;0<#NM5kzt+jz=W{C~xY-N+
zvE4fEvHmjoPSwpJlgu@4-?OOtaC0K_`T+extCc)KLF;$j^^)&fwr&x=xO`SzFaE)q
z87~H>eY@cr!*!l{&Zo6m%SBbC5^U{oU%Sm`7N*@gJGSVR-A+5<<gXQdcFE-}Mh|2=
zXB?RHpsA^5tmCq(E;)~}vL5R;TsiY;Mql2LLo+|jo^V6pfE~Tm#wGq_4$V<0cYl;0
zSF^}|XP2n0F2`-#F5A@AiM70Zh3(FytdDnMYQ~lvh^siykXH^1-F}j>dWYt-KL^<S
zakJ8Yt=@4nthB?@nNQbk@67gJ#BsG~J;2H@<{sZSy5<e%jQ+D`+!hR@VoNt(j%JJT
z)3uzQPtol9HsIjtO+_>Jrwh71D`O=VdtAELwrK2&B`-aUA{Xdk&kr=~x@2>UkMm{i
z-n>p)_+W@h(@&A9Ee8#)xv^?y^7BfI*>7ISS2K+Na$aj&s&BI+o9TNi*0w@3WAMuC
z$xk1pZ1%~_ozR4)Wxhx2SQ}gOo@={l|5eyb3mci-|Ekrt)9<1$E{wP~smtb9(sr@W
z+;zOX=^JJzJRUf_vnIdUCRRb{$+<eS!`5CuJhtWbK1{*T^Q&gg>UZtXf<HPpn_=`h
zZpzWMgI?{+TCi@m?(NBe#&@IK&I+s!I`!1R!d;Bpejh5Bbne=Q=OqV?51c+S<V~1P
zm%~$x`sP{tc!WF{kkz5ZgK<XF<d-8fR}G6C@nKrnUn5>Db16R@aLbJ@?-u|4xz;Ja
zZg%B+n|F_kdbs@gw-<Bw;Hll^XPRH`vqj%0borD6<1x(RQg+`X51MUqnD*x+e22!y
zH1W9=(y&LlU$RR5GYc{<_MO<&;cMU3d(7`THW|WwU3_XXzBYH#;2EV~)^2Iyy1#?r
z?e959Z`?7udpTpQG55>-GiM*V-5&32zLR~cc$w3Nl8v9+H@6A@H2dV(7}v#481{*N
zb4X&_8>t5;oNjlu>e+~`3xdZ-bq_1C?lNeyP4&f<Ps8@#Z_jAzHP*%<dVh&_@G<7Y
z6)VGE_^v(HI@Rce<(6)SpY&5_w>7T#mKQ1z4%NIl^!Y8jgh>@wzE>Q6)qCoR2~!WR
zD5X_yqdz&Yga3V7-yS{R&A8nH!+a0hB`tlwHEVR-=1Y58`}vf%eZJqW)seLZ^FLL6
z8ay(4K(9}ZvrOL>`3E))b#DE~k?>=<ZP=yquvMikYRvqKTr5`<mF@FP)O*yD@$#j6
z-1Q#iy_%eP^|Cti@|Lt68C|UU=?wC|wARZv)|2}rU?*?;9Sg%dqpnEKvR`qXhU;V4
zBhI@nJM;=HPF30-tE@Ep*f9pre_ZuSR2ZDHVZr@bKKiel8L!NJ+<#uq*#hk+c{BH2
zaq<{@VDu`N6r0rn>_zT*ZXMppCS*Nc8T)}#BN>u%uiNbAX`Tty0cFFax2H8JO3A!=
zc23Oq6<u0XtlrYQ|Cro_%k$&<=U+117%AVmtBD{m%%V9T^mAFEi(5BI9qakrUOU^r
zg~rxX7B2(E-&S`GvYj%}R(tKX=m~EeR^=bq%NsIz_Z?n-rCm)yann+t^LaB~ZNE`H
zaH!{(wnGi(rv#b54-MECxan=#Sij3sub%qN_m2rGHh3zQeBIr1*v8qbH_sV5EN_uc
zsA2nQ6~YNwkE%N?oO9vn(2|Yw)?6O3HhzH6Wc7%6&<X3@rM=PXd1OEY`_&cuPZc*m
z?zdd#Gj&M;yX`F&cmMd3bNzO|N|+he-`eN?<vi;}QCm8BG8P#hU9#=<#EjCH%XZ$H
z#eY9+gVQm=0i$oLUEfSAr<L72I5vF6-HL~gxfgGYN#zZGcFP-MU5*hy4>@<xWSA(*
zXWA}I%39z*RPfQbyP3D-IO`9$y`T0EI__=W{zA88?TXo;zc*bqG|KmN;m5eFy{|u;
zZH&8R^T*hS5srawN9Gw`N^R}DTX2J8lfJn_*ET~9vfC_6o%*DFaO#%m>dTB-(f5~x
zlo)EPIru#MZR^Ljwj0gwuGZ9eIVL;x+xKqbvq2BAw)D6Y*@Do+*}Ocx1Fwhmb_sqy
z&awBC*id1`7e~t_-D>2muMWI?tjEUpuWj#c>y_(f`Y~7BYrr9XNKHs*EXD(rugeQ?
zkD@{o)WrR#sG<C+@$y&a*LCwn6hY1h8y5Hx|9|W-Eb};37vm>8`2O`hZ09&X+9-eV
z4z9KCd4pL7Jr4WZ&l<9F>8t|%+#y!n)y3P-&-9D%+Wax#oAE|wd%*zzL#<Z@J8j-_
z+oCemBl7LDzlz)S2{@8<cj?|6D|%v>&+`@Zb$*_+=+EY)2lj&b@UC3(wf8rF{miu;
z@gDUxGmh`*7Q2F<W=tl+nV=lYiMOf`dxuS27w287+qCC#>G(%|Tgrp!#&caqF7L|h
zK>r+)I&tvTr~NlNwJLV{^x3;qtFL=_i%Yvs`<$BY*;=IY=bwib2IU>SbMMKR2VPia
zp<8;suRqj3`OZ@G-u)mS0;cDaIJ}xf%o1UR&#%tk^0go17Xe)dbQh3^&SQK(pvQn_
z0Ls*TjB^1}bzX1Naur9X(;0Lo-HGl@ccHt|-RSOg4?2s^rgP|AI*-n0&>0K{li|d0
zX1KsFl`-5I9t;+P&EPP&3?75eq%#>zCew-O%yeP8GToT&Ob;fD$!2nxTqcjnccMEn
zoS05dPR>p)POeUFPVP<~PAn(36UT|`#B<_1)14X4OlK!&XJ;2@S7$e8cV`c0mNVO#
z<IHvDIrClUE({l@i<679i;Ih^i<^tPi-!x#h3&#|;kxi#_^xzUhAY$6$<^7_#nsi-
z&DGu2!<FUAcICKoU3sp2H@X|cjp^p(=IrL;=IZ9==I-X<#&To3aoo6WJU6~O-JRji
zba!%hc6V`ib$4@jclU5-xwG9l?p$}CJKuxu!SG;uIC(gGxOljFxOupHczCcp*d81Y
zt_RP9&!V#!EGEl|<;-$nxw70??ko=$i^XPfSX>s5#b?vm3^tSP#CB%8uwB`1Y<IQ?
zo5g0cIczSQ$L4eB90rHUapE|0TsW>AH;y~UgTvymIUEj`!{hL|bS{I-<T`Pkxh`B+
zt{c~#>%nDl*<22n%jI$TJUWlTWAdDM&O8^ME6<JR&hy~0cx)br$K~;Od_HJGK4=C$
zs7gMl4n8;~J}4F+sOAH<sy$f#qO0q#P(&lIng103f9w?cZSQT{w%G#g1Uibgv9Yl&
z7g&axfw1wMBKKyOFJEq&Te8j&q%p`^dACXE0?Q`Tr%%@he7$MYrs<s<X|A_>?Gar*
zpRYTW)kZf?c3r2{-g!Dek50cs9d%AelxaJzJ*sUPx<Gs28-aE}K!CQNerIhUuhpx%
zP%A$_Uu%-*7Of)pIa=!O!+|@|KQ{I@z`{g6|Hbxg+g^zt94LpKip2cfJ7*`S4?(Tt
zK7ur#QrX=q4<<jTOiN9z0{rUqw6toEIYrg|hWUR6{ov<}RWCoUpXu=BRk-*I(DP+?
z@Y63n_cX7$KFqJ?;eq6uEv8Fqj^yRl9IJX<1LVJ+((Clqt7p%zW6uou+Tq;DuML!s
zsz)5v<u+8GII7cSs9vFK3F<Et)h~3$?x2!UJww;DWZg^$RNv4U+y#{m>)nzRgmph1
z)jy8f06IN$&=9aK+FcxBjoJe`-8P_6V7th!2eyW7V>sx%A8H@ybPjc#@*1{N8E7cj
zR%ZA6B*FF~i@891^7B<esNJB`*6%#o1hpS@TGfS<j8Qv6r?mw%CTvggv>I$v#kPg+
zHVVTwh7Ptfbgw{r9!MtJ8@h_~#Ay=k4&8?~am1N@M0!41k79QN|CJ995Q5MapsPai
z&?ca(E+#9!`i0A)JCUS)K=-*Mebr0w|9KW{1z;<mHn|-wCG7>eFCkAe;0XJrMUOqr
z!GFygtNlx_0s9dV#Z0al(~fm`GigWA)l@$o{q`tnPtbkU?=+_3BxzUBeH}RF%mDEJ
zRYEpkqc*0--Y7@e-8L2bqa0<2%T(-<axGDNTdLS6<&05#7OB`P<(keU>nm5qeko@_
znsM!alThUhDZ8GoV&9ab?3{9Xq`BAr>yc(Z^}UMyQ%;w>3~K*%iL0URpaU<8Dc!l9
zRjv=p=@3^*-9d-ETx$Qd$;)PPC3XEMSLXt40lJV>t|!WA6IWH;L0jegwTP>%?m%5{
zl+z+FyV`#(<>va~b=c5#Nx9o9eCj%-9Cf`??iIQosQ+>m`3i|r^VMF@l=~pRuGB&w
zRmubV`cVr1l?RiRGNi71%2lc4PxS+ogX4r^ja9o6-9oz2bLIYla&Rn3SNQ*&r)d44
z-#7+3jf|UrJpQQMe^BlVIZv-Wz;URD!hcOyqFWi=q#X4x50$Djxn}8TvZEQT+}}{H
zW(@3gM%Nx{RL=kFSlA1VsXb8r5#`{RH%8$fj(>_RR@+Yj+Z+!Y1olC&;b7kbO&<0+
zFe&V7U<<-N2A&w~TTFq2eF}82FM;(8`;eyjbYiXnFGJX8z%_fYuYmOc`-q%}H}zrP
z0Iv|(C%}@!zCceNNz6kUGiY=jji(HV>NhEaqxwzilBN1h>XfN|ld?#v-=rFh>Nic1
zqxwzCQT?V1vMZ|Jq{EX2|5U$8bwgCYiIy$a&I7EFT~Pg|{w1&3s9uPElj=dJev@ip
zs^5%+l?DE(e)DHL1eN}1e5{I79gmz;oa*?b(mz_N$agYV>EKnzFXisLwmoXcGo`DE
zv^%Bo%~Zvyj(4g~b^KHA9%|dOc05GQTKlg$J}QhgitSxHUQ+MFQwP=YQ@MK>U2i<S
zNg0N+ebkPxii3@Uz0{7kik*Xk{nU=X$c$?LRmbC>dn80|+(>Lo2zO0Z*x0kLT$Tc2
zs4W_a=UwOt8cOn`?ZT-%0LDvGgaTs6Z1g!{xXGxpJ7f14KV|zEHv*UdsNwCt8r}%4
z?l%ZKN7d`+@9DFT|J6_XDn4ur6T?k1QzT-xkeBRDlV(UI92&V*y^{OUev`G%XRgoU
zzq*zfI+*q%2e7x^Hbdv0`ea?<{agBeGQFcTUFyi?jS_HpQs|fQk{vlIa!7PXnUoXH
zm+(f$k4Vb+rQL^tB7ul6uK#I@y05ob|MdC9laLv&ay{Xma2Hb{)QiOo#vFMvj$>U+
zSYLl~`%5e~#vc+L3lgO9xQ;MbX9bv0z~*?W|6r>VvB@TNQqCNXEQ3L(_Vf(p2NI=n
zda8j<d8PsPfE1}~05C7Y=4^-|(w>~spTMA`fdnTbbTAR#X*-k%KQ$aiApZ?<&Y8;!
zSVZ_r4u=S13y2S-WKNMKLj37MGiwV?e0ZC3@E6ujSPyJ4mWD0G{={x!A23r5x<&*z
z8<N)(8-k@{+1LT>Hue!S(_m=y)evd?e7*`>i!&JRL7?TSQbdd85>7)O75<?vCIfw6
z@1If^B<Cba1uRu{gMY7zox{W|ZeUcOXlbC6Wjq~Nr+|-H$RsS0)C;3oz&*^NN1DRp
zcy+`0pjtdJN4ZquD1~3FcFX{3;N=740z#uOM^*|i4PJE)=;MVBvJCib2g2ZG8IEKK
zb0p%D1yW9}0!Or4Y;6*Bf!EKfHU<1toFI|Zg|fjMQ%0!9pk!27L5+aVbi^c}LxEf2
zJIK;xzhS0f0=9pk;zjz?Dx6hY(8|G9iVd-n(%@FiakMDk0iHC<{%H;l4m9gzo>a<8
z<k4gjxro>l*#@p@@In2LzJi~;21#eqNE&ti#?oXG*CMgiY;C-ccAY;&n@mGfk!?t)
z+A^cnNBRwvfu<(jL?K=u`89vC3`x3m=_7UP;-UY9f*&d%^3tix%U!q5-&4V_ucc5w
z3h}oz>-^U=>(0?smppgqKS327xZto*KmYj1n2@MI-+=h&7+?QB@cZBxFc?hb(>s`z
zFwGtiicf~ysY}VBhA)+|*qAIig%2XY2nw#KWFVOAP#dcMRUkRMjNyAc#4{UMzp#SZ
zpn9zRuoZIDI7h9a3G$8c4f7<HAf=FBU=qV`zQ~d!;#3hZ+7)tade36Fainx4e4dnm
z)pK-zg!wFvSSrNekvQ-%78tdK#F03F2pLPn6p}z5`B+kVidZHjfjsiT+#p2=50Lm+
zI$a0|`~xoocp2ayc!BD4pi`L0N={}85h4K5U_t>8kcbe2E+m0G^05?gst_I^@i9=o
zBq4Dm4j^Kr1QZJ%i31<wCyTj4;z%6$pjS#}!7qbIgmvCJAD^g%B(g%1$Rk+;Nn{Nq
zkw=gdm}9VoB#=iwHXM|8I34^0FF5Dn4Db)U;GBnxz&{_8q0=T20a0^IqUxB$frx--
zP5^l%YJ*8s29qqLCoQ0FxNm3#xyif%(OC83U~8#Hrqk=iFzUtBQ$;qBCoMWOBDgkA
zoTw&3MGm%Gy;O{PWdQAIP47;(Q6DejCD!A>23C!OZR|-?iL7nidesA)S6!Vo6sdR?
zp0t>-zR}TCP^PASpaUhhwS}t@;TV-DVF^`LQ+;NaF$5;iNIcPr#5M?XI+Cd0fy6cD
zB)TKaZja(SlZYWSL2@ZbuG);mc?c^^NsL5zq7{iWgbA%lJk*jzAB5LhkVr?E-5kZY
zMdd=crVT0&!s>P;4n&w^LZUUo6HQUM5hfU-bOuPj5lW9xzX{4mAE7ZiAB1g?Tn<WC
z(u~ARgziZ0njVQs2=D5m^X>94{@;ZEULXHnAOGUN*T?@W*T=jdBp-mv<%7=K3zfGg
z$`4^l52PPqp(m<0gljxdeIQJ5M|#|l9)vlrC_jW1fryXL1eIrtKPsm;YBz+Ly-@zB
zoSA;8e7;Bz!W?uyDK4lUoKd|Zy^$z<jgIsqOmRfzc0lE0pz}nC*(1B?PU3kd64MaU
zkX#N*XM*C_Fj4&?xf6ECUJ#zQRc@Dm@&69|_xkwv`uG?By*~b5xjsl|LSZJR>{P<k
z_s|HZ@GLJfA1wp&e(Uk&yPv}gisus$)$57byHnnewJt5;2A%UBw6Mz}%g`I%3yJj4
zy;q-2yVhiRzW465IUUZ7yzH(0W$ChI%kFs(`cQqUlV~IQDRy2@<*@4SgM<r9@LOke
z@qOq>;CF)l#?A$$t98WZN!cte`H4~Zey4{*sJ@F}(BtDdX=yCBU=)Ml2K+*nR7!lf
zJzjvGO!@A6f`8qsOfXK7dLn|np8I}{puFx6s3E;n-Y|{EzPhqOq-1*{o@!aC@~V<z
ze9wK#=c}4`LppU;%CL6-6a2ga9okRELE3`o{NEr|{f$vIqQ+#i8_DN)%eqz}uWS|i
znev+*e1e;+P|t&8ygedS{;!Za{eMTcA$?SNe>Wdhy=H3SsWAQ6&ymT|hUxMN5*YwL
z9Vh+801qEmpMJ<mQs*4N=b$w10Lwv~7|_rY^<^3>!?m9zb!pY<*>FO=d;y3r&ii#r
z`wh80CrK0oe0%B%J`xb~6dCsc#PvO0UuIW6iQN@=Ij6|{%K^^;(85cgzq$Mb#{n7v
ztOocFP{O?@c-9@jLkQ{pT@u4U++*NhcE66-5KRGTMxb>40DAp|j3T|iS3ho_nz)}K
z8Ib#?SBSg6enQauPr!}<RcI9AUvSXofR0pyI{FCW0p)xE2q@=0KtMU~00PRX00=1O
zEkHmyZvX;H0ea?re}YGr*3sRPh6#H`5*5zWFT_oNyyurEIPLQjd<~FKs3CFsE0PR!
z3-ReXg*XN%Q@apf1LTgwI6yw&+<d-1A>yWEBoETH*CYjl^9u(0&jU>P2FhIy$_?l_
z$PYuhGPQtiK$)6__@OFbJ5^-aHkQ?ub7Y4?TnErq^Fn+nAWz`Wv?;{Tcm3z71W-~p
zfZbI5)`fT*kY@;>HV&ZPVg4{|3(&T{o)9~v&+b1{&Yz{E?x-99lfXGtIMfkFuTL<3
z4ZV&UN(<x2#cnjAK*p1>gcz5{5yE+yHCh;GgN?5H&U>N-HrCS<W65P=Ppp4T4Dp$4
zj3X8SC2|h&WO|g0#TN2NhP^;!k3nT{jz>n-hD5Ano=Oy7L`J{|XQKoXnVco0$&%!v
z5%8<UAeT`riGU>{9(>CsA_dlP)+iRuA5JMr1&MN&gi9lm*OnzFESe?|31l?BTtt?%
zHab-TH_ec!a3nlFPXagapvid2DPjprl1{V0k_22XPefx01uSV@X^90sEK-;wgr5v2
zSn<&;88`;Poj$O5Uk*o}jP<g{M7&f~W(iM9tX84bRy)la8=b<EBwJwQN2Y1Dl`ED=
zX(M>)<TsotE|;f{Ia<g{W^-BA7;Oky8Vu$H+8GpsHcBjH$pk_kMykeW3WblCviN`@
z5|b+p01vJ(z-aOQ;^Y(|FAexY;YY$npfWH|Pg@X<AH{>&TVvF+D$Lr!!2ttgL*6E!
zPmYTv)LnyAz=<b~j*Jn20FRZ7ksK;Su*6C%u_8;L%&QH8mPr(e`OseCS*a}0;20|d
zRIiXH;|+-e70p2b;FV$gFpM9C@r4*)f(Zqf7?=SpYL_mc{W+L45`&)|7xUp6Ne5#+
zy?UVtV6~|jQ8_d$i6x|7h=i6RggdQ(CIt2k*V>BN!$Ad+_E5hDh|iaIrxEec8xI;o
zAd?c&y-<8@1(LC}UP^jUeKo3x)=T-mO`$S>Sx)dPg7NW*B00SA^YjGwd}0x~DviU7
zCzgg1&%zr|Cl{%tRPQ1@YBeyO8_Fs0=j2@*E<qq!5w**3>h6Q<q6i1>hm~TYWeg`Z
z$r`vnc8QM%=EC7|LFTCf5jRkU??Lc+z|QLw24cmbg}AVHA?^$)01yl>lde~y4Iq9f
zpfJQ&cm8w<51hPIFbdw93uLu*mm-(&XjHchY&%KJMW3=aKvxvEA+~b)nZPd<sQU>3
z)>~~vgZ0B?fKDe_jRJ7FC4;UB?yf{+OshQ;VY&fEqopRXWY#vGG+O<XEIzzei3=JI
zhAa^nE2J_O?ES&T-i<0pJvq236<li%1Yi$3idVNr%K%HYV`CCK02mAY!vGt@ig|_j
zB0i{pULBPw_?-doqe3_UYCx600ED#_(p&PC<y-KT<zrOjxhnF1mn>CuwNMGmRKk-%
zSh33k9U9!Cir9#XShURp7kzZRNGwSPeRl>g9xla96ob*W)&p0&@x^jdMoBId^tS-Q
z<0U-M@q){h4-PV7?IB!O2bVrlYZ(<6(?>+hTuB`+gg_wXPw;6dJtYhEP(Px<W$QK=
zb$v73<KvUT(3+kCCk>#?oFrZ-CydPq3~ZE7Z;YS%1Nl@^J~k%E-W_|Exf{?j%s1LU
zG}O^CCdxM=IxIAX3`1K51p7?*S^^K18;(<OVL9BOT&fTc@&nzTNS>@z+PV%?Ek9L>
z&k(}*B2Z5a!c49hF2GXXbwhn<PqcV2tCT16L^2gVlYF_PL3t*)?Bd1zcrbZM<f-91
zN#r78nXozqu)Ks|U3s0wqj(a&P@Jkx0PtPp#8Sb!1RBbGCfsO^GfEZ@--oDQ9;Oo<
zR>%}AHn<W%cR?f#4Ulpephrt)6MMA9%gFY3Ly6V0>$yht3mVt2hW%^$r2%qP4NB#&
z&;G^oH?Cg|8@7i>oj$pY?@pC9kjjs)#0TcBl%Rh3TvYTmD%4>9f*<8C_?`Ug2{n{I
zb;&lEf2#UPQsempp|^R*<svv;5D<Mh7u*-HMCsHtA9Ig+ibwu{XpQjn75o*^b^dvP
zw)}w78sQ}<_(K%@XoE=(nCODBUYaCGCMNK5w8JAc{E&kUaJCV!$B8FLpLm#Fs`3hq
zQ*Gx7xu9=Vs^}lfgYHEL?<~}c|Af4Y!eBzGAjX=&zavlo1$k#e9=;8x?hJlfK1KeU
z@=oYw59x2#ze@Y1{=N1~{rl~g`ZwDz_3yP`>fda?UzJyBKa~npozH>E3QQLG3;Kz<
zLIdXc>+&k)gYyT)IWSw!59Po~h{ByS$TON%@5-)~_o%zwhwr8m_uxORqfTD@yYlXe
z<^M%-wdbFzDx3<1Rj-W3&;Mt2G<5#IAg}KHe<-ee-vjP)YJbfm-n%AlY=~JfN^d3g
z1S4mPSW2@_O%iaDXaXsGvDk*z3*4Iur1rhwuTR!CDqPikSTd+ZR8NOjqe_%@aKtI;
z^`eqfSQ4I^lOl#m)%d!5GL}3|g^4(-<(5hXiK2Q*VR2O=m3~A7?lamaq4vEg<i4Z*
z2dMbSzR{rr$@Zjkh+huK*?P3hg$PpjJhkCeDhxVsGJQJy;ktI7q(OmpQ>-awq782y
zwZUzph9-Prjm8nlBtlFMe_h7l&e9T$B}_?TVQJ(J)hr<xRj@<}D<uhI3t6HO3ihU)
zA1YV9DsIG{zOHzNFIx2s=dON+cL%fpgtz28!+rKX!%g-*!|wv@1;VG#Kf_}HwE(o@
z+%vokAnp1yJm=aoJOxm7!81GrgsmKG!}yq0vZEE((JCFY3h}fGCy$<1(I7wXm?GRc
zp$IpRD#G;#72#|8))60s!()}>KC6Twt?yriYYZsDw+&E^*B?mgeL1wg3`J$bitsxi
z&H4Bu+-z_Wer#|Z55}vezdWP}AKieyuKkq5D^UK>ZpeX5`7RHR4z&Z60t^101;+)|
zdqOarxDh{SF&J)WV$eX(UoSnwnVLz|nns`^-<_JMC@NHxcd4DpC@A=WQ<SII%_M3k
zk&W=_DtvdUo*F8jo5D<mDxu<B<wxaHFVFZ{d5_wO4l%rWpx@WQh!syfA(M$E>c+iB
z)vM7DCPJis@jtBJotlXJgT+_2pW2xYRl9#bA0_>D7gC*lYLGpx&+a08;19^U5uS;H
zzj{}lKO0ca4=A${UXp@8Qo&E1-@o^V|K1<|dw=-9yFdJ2-TzI$TZE@QEW#5WfPM*(
z$^9ZcpbX5DD!_c=Z4qAl2FydsL0_R=j7I`80hFy(jNb+LwP`WF0?<%E#fHVWrBN|n
zF}D~$G!M|UV*LL6Vq846j&5ZY<7qRL;~uJnA!W`i#$y*0<JAk4<0md8^;R#eFGEp>
zS;ctD^kTftl487Yb}>G6P8|=%tETS+%6oRMdR?xwmBZ<?$^2oxshc0EzcVCVWAmfb
zhUQ19KRG{YEMqnDiu0e;AIy(Z8=D_BP(C&Do7BHKKT7?*`B7>^1HYR4;@_Dcr8YD_
z`aAmT=12cr@f)8X{R8<lIzLLSn;$h;zPji840oxFD-g#^(?y(kxB*cEzeOn(<VW&q
z&!ho)CsO`rv;L8Mqgj*p%P6U*XYC_A8hVuB>6y$*izlBnTHC;%LX>}zX;7Z}pc6Y?
zR`;bR5KDt;8<pb_E2)&e097m2upIHokp?V?3zsLzl6a(qO8PV@FgsC0iR<epe?S<;
zlgQ#_;&^JCHyRlScX6VjXQAZ!6$M$f&DOB}!RM>!_d9;Wza2KLpiW-=yYf`|e@9%+
z`KvR#UpoI^QlRGie^p-P{MCxXB}&vH$auKIMM2(89aB?NQ%grjPtOoIBh@#E6dbh$
z6SZ-&4nk_fR6~T63R8s55w=Fy0bwVERtTwe8FmP%4I^C;QXeAoLWnj(!h#WoBJ7JW
z8sQ*>EQE;&lMzxcMNuz$Wg(o2a52J_2sb0#hwvoAa|mxDEJFAWp$6*RTOzbV=z*{w
z!bF7Q5iUb`5aCUPRR}wvhVex>0^wqWXApiy=!P0F72#oodT5WaScF><HbD)|LwFlu
zxGsrT5Dq|wP>yhtK8Y@9U#w3EPokZ3{y+wk)s)29$Z-B>Mq(cN6yi7Zs$RSqiBFJ0
zjc<w08yQynwj^4$Cov8gS{^dAzFkOciwv$a+QU+S4DPi9i3gb^UUwxi5E)*39};8H
zCHl5EiKhKX+>O4>dv6#z5451P1}zlSOC#~z1XR9RDE(3rdu$+a>mCvrCr~*GNW5K$
z%KrhCSC=$^k>(`kIgwZ%MxtF3iHoO@n2ug0tT{)bcR7ixTat#+4;j$-6cVSbC-LTe
z61TP@4Q0px5?L!rY+XvCQ4i8!b}uAx=?4;HhmZy{^Ad@r0i?kMpC@r-f6`zW6(lZO
zLK@Dr-lW0!8j%L``3Z@o`J~}Y$t4XZ`V46}@1B!}<KK}q7^@Vr2ip0FG@K5C7G$~>
ztq6QjL>kWeyQJZatRxL*y-!C1ujkST{E%cppjY3n1P+prJ(b&??gVz5MDCnxF~*s|
z0q5PxdJvI4)#y=v1Ri}!_EgO;g_HViVo3c)LkK)Kkxk&A3x^X}6fPyO^>OmO)gF~o
z2~5>mKwx+^*&~&{+(zKx7l#OZVsM^7sqij=VyjnV{q_4s%A1%G4gX+*HGzjO5T7E#
zW;Yu`pkYQTfyo|A2xN^Vd!EG^4+tDIT$3;e&W!E^PU|q3z~;i41iG9ick4Tt@rA&)
zuiXg)5vPqI@agO`1SYO-K^TbKb~u5r51b`%+8tZMQ0(oN68L9aQ^HVeY-SR;xPJ@6
zP#zuMLSVnhP{LsHbgKybT)CGp9HTzt2!mM|IG8Y)eE$%_U>L_k34@7?Odt$q$e!6m
zPZNLQCSf>7Cpr@b6K=hi=xMT=^(A_mji-$WgPCId4sQ8}HF;Ch4&sHC45FuzuUSm=
zG^Qu*h@K{{T{ZDdnRn(mvG#Q1l0c%TIe7RQ(bK%N+C=m;eJU;yJ<aW%Aw*Bpd8~yG
zM1dKX=xI9ToAn{|FLWn*nmYkch@R#;*Ob_2cIUABL{GDORuHk?)<29x^fdR(yeAU%
zHl>v4X^zg7W<#u+@RsOljO|A5CF<|95ix}AHh*-DD9`q)r$qRC+DC{r=vmw+94CgP
zDiDVF6d-KiI{;yW?gXfV;$g!C12jbPu!7$LgcbM_Ze|W}J3u(b--HkS02Tp+Cj_4Z
z!m;=dfbauiThYTnm>w43HBJ_w948C#2`39sfRhC{hm!?3jFSa;i<1SojgtkqfRhCv
z_>M>)D8Oo*EWm7>EWlWtEWjD`G;%jiX8ar{GaOHD3yxhUA5UWQaZ>RU@-Zfv4^UKt
z9%p_aQG=AnwMag$w_f@AW~X!LIp|9g$DctA3gKSLwafTDJvl-ii&*JMyuXd2e{pJz
z)st^zW(wHEvoPY;BT*twjZYOzxYBwzUJa!~uR;*-=n%U}*XHj|i72hvrC|-P=T!`A
zg999rb0EW~VZqGC*;sV#3T4&$sh$6e8=HVf3mTMnQhME^flAg7dx01Bd4Zn*v<6Tc
z5O$7wfj0$I*6#&=8BhT5)8@Uv4d=hWuT6e|M=p4Qcb!y6F*88g8Om|;naW{EhO<B(
zfLvxP$6uUH>J6MzUxuPfQ(xezQ(oZrvR>e~roF(QE0h7otEPWB{RN(xrCwLAO1yA7
zng39Ym-q^umw1f!OT0UvFwK|vU6Yr1o0c!}Yt3KcTL7ImeTkFxtMC{WwO75ztfZYO
zJYH35A2p9v75Q#}{Tol^l;wZ@p<!M5+~VWm4^!$FctcSIzEar{zy4$2M)}k_cg4rO
z>TR2pZ+QJL=cm>u!}db!uTk|kCI;)Hp~uXP@)_#8LeT&H?qg$R`QL0|P|w7#j=yUl
z(0(ZeN{@Aa)zBJj-`{;Ktx~?<e(YS&Uer8hR<cK6Jmd--6>B7aYmFAG>T^<htxkRa
zEMbYb;^cVpqYIui2^U6CBUwGBl*g-O5*tg)$s`!b!boulB9s8}F%?~&N<nL4%@FzG
z9=VdJtBog3E|SVqQp6G&@e1h(9(m*W>v~8YF`BbRfwIFFaIs|2QXWojD*9*~v0TWd
zzC!|kuB@$37{?Qd<%vl&X$p%&zD~=BZwP_-v=o+z_;J!Y63kzuJepL_P9|RL6$)u=
zc_L5+PlN{2Cdp(eQcp+6L=MLxQ6zT|OA;MH3Tb`&R9K%#+S4yhgVf14@C%#j0<Ol_
z&S6wk-C8&3sP$}#JP}VK;9v>4FY(CVq`xEkyZI#iO;V>@k=Ic8XY*I5qp@@P)jCvH
zo`%lnXUnLlBO+Sn6yKl8a3+4guYIFValB`eUxfJKtF?r)jZpb)1`}Ccd;=N$NS>jX
zdwuah5%J=FvRo(=$dYQGWQb{Uc)7zKhm57t!}Z@}jB9)}9Pojrp&d$aXFx3geKaq@
zg#be=OK=(>3{as(2|f_ux*;X_ilHTV%zzR+mk0R$>uB(x68!xj<+#y<mBWxsfsU>T
zC3s$fa(ozz)O(IqUxuO++!9=SU<rPNQ-Zqz|FB_oJQ%N<-Xb2PjaRQrLnZ&BI5Phe
zw@UEHdnI`Fof7;Spo-fic+cl0_~p_PTvh_g2}t;&1Xq{`r>e~F>OWRj;x{y2rlR?j
z;$wI9^W_F!Jwp0x=g+_PG*wyt*B>g^oxhs-b83V0XVr62nIEVAVE&w{ZvNbO{WLs(
zPW`?4bE9JF=f|l(m_OG$Z3TV5y{tf4{x@4#asK=}2BL2M{9A_BVEg{=vIUj${r0ki
zdiJ7b8A9DE1ZsX#yFUVlC6$rqQ5&k|5&OSzDZO;XD5V$e6y7z6=fsmNavK@d*C^D;
z2|1{Hs+Hu*Q;@H22>cm25ieCqF3dmPKW0#5AoN7Uh6hH4`a>`A0W!$z8y4mpLwLjc
zMg+$AMhznTfzi>v!GY1xAL$zz7)6Ntk}|#l0a1WYs0j=Uj0^#Sq>yiPY*b))U_=ZI
zh6VsnXi%uXZ%k<42*viH>i_$Al`u}VU+w#|YVVU3_-gwBd%LuObsuRWzqwZzCcn<7
zHW9^A_`*|gcnlU29fSGy0f$IH;eh;M1fU4$4~)SA0rducO)cX0Huy9IJ_(6I=Np2N
z&upo%FQ7guagi$FaFwvXN;puBPQ`G98u>tlaHtx6iu~TH`opova4cFb;<D1Qa4`Wf
za-J0803KIF`eKsg62cQC5kQD$$>b8kBNss_C<2qigfI<Efc0jH<Z#EHARb#nc*0o{
zP7>yuA`u9IKOO5W7xBPBn2!0%6XoFIjOL|)=^2|R!TNG!Vu%sqQDj5_k3)KZR;Upw
zgQ}nsr~|5i@=y{=K>^Ax;p0<yf9i<*Tm^r6o%s@B*ruMyAFkk!R!9fyj@sWqiuAD*
zbPYf}7%yrh9n_PAbV(XWgQ2`(oJ=9Dx^%r!oCu|3p|n(*AXFAMR<}okY8om(m@Wn7
z$wT$WMt*AI4%aPkP#Uoseguji)rb!00#F>Mk#z7n2uJ=%1%EU;50RQW2}k*>;{_qz
z0yR8EovM1EQ*3|e6x*BPQ|+pn7p0$SPf9=44jd#)opXwUtWYIARo>nT<>jfw2^G@$
zqPRqaQiU=o+74A_%2rg%s9HAFGN|USnm1Jkl#M~BXiLy3+75JzHUb^>L<0?nvFIIn
zrTfYVg$Fcl@Fy*~gy-i%tY;(!6xI7fhMPd#*sUeG8XIav$}nXYP3(UF_>f(<MUcY2
z#S#fCJsu3@Xz^b?c_zKFWa`eRu7DN(J}XM`3P4GKvH`&`v+sH(S_9&y14={u;+3Vi
zK8T0(a24tAxuz8F4#*r(Q$XKVm*Q_$lW8GouPw!00Nns_#{sPalmVzWps+QiwYpZQ
zp@)bR!>VaItyV7!$pr9bt@__m&;K!TSN?CwVjbDWlh>9i*^T|$I$Qde{<Aa-TxW^k
zT95#m0%#tf_3--Zv!0;cz+bhB3~K_v5ui4JEKnK;fWClY09^;^iUH*UKa{KPz5XAe
z<qhbX3*sj$@L;}Sz^1g<gMJ6l4&ZkNR0izn>xNR?dt)ii12h@XdO-KKmEt1-WdpJU
zG=5VleiFpL12k-VDSi!5cR<=8+y?MU0LeF(;xD(B;?gapcp)Hv;7<j4|0f8Rc{k9H
zgFIo+OwTXH4*|*qG!GCAzY1NiL=_-z3!rSoR~#2iia|V}1VAZ(VE8GJQKV}iZaSbe
z#7E!m9Kn-_ctV;?ET)NtT(pi6@z8cNTpqc<9FIzjR$&`pV0xaG!sEz@J?+5VCym%D
zR3M_kyD|ZX#wK^<Bpw36#~`E+z7kI6gEElvWHc+jlm>?_8jH)7@X(H_<Zq|;#C<K$
zDVBg6dn`0KqHh#As+Bh(*NcTl_qAuxU7cMWWBsF@9Wk%ah?u~r2;VUKUUH7q8S{ci
z`(9Km22$BOhXp#;ODW`$X@xw6)C$^Tg4~s5WPEoZ0gmd^`$sb!35`qzzH**S%r_!B
zG=89ygR?!u!_^%YiY4U;1nMOS78V;3>fbjY&@VLD5$TukV5{&N&ITpG9He#62#MNq
ztXF+R^)wXk7pR8gAKieex^R6S;kRda!iR7_VykK+!+oQJ=yW;*{He>kj_cAWS6$f#
z_=osL#m7KSt<k{7cdTa(#IAR0;$b*63N)#c8Yax#1!N5h(12)d*j_clooEQAYN45A
z`>2brJ5_q4Tt=f@b((8U*U_=Q8KW9-RmW3|a95iGNXLVW973b|Lla=A)k5wus8$#n
zPi(Y0W^A;5gM#WMLjA&>T;0@h{39D;L^qfRRi$($U2PG_Ydb77CMK-jwMMma!yMxJ
zRO%lZb^}rWS>Z5EDP9{mh)IZlf~lTA5%GQ8)$<oo`g^G7A3*$h;i`NMVqNT6#7`JR
z@(WQpHFQb&7gYHYmE|=xNq!~b(?qKJ$@RXi4M={Zud;rSKk<vPHR7iP)+-;u4?_GC
zqtxdghxjIA)#rbru%h~Fuz%l({_&B%F(H_vTq<!C3fQjBj*0MXC-P{YEau9EJgEcm
zcn2fm$Rn{6F7m>yOT+s56M85|JEolPf6D0_=ouIq>gwwmG;L;TNVCIQIAPu)kwcPF
z8<$i59lG}CYQ-O<)%<k*pZ$$m(P^k)L;Sz%V7bG>urS|<V5N9R2ZzQkUkonxhU=5z
zZz^zsw>?I#`-Bb}7`%v@qBvMqV-@*?h3NW<T1DWAXoN#aToXwm4I$++2cYmklpbN`
zAQV3s;ZS8c%Dx@RCl#1aYm|R064$gq;Wi{@qWF{+E0y#NMPVN*9^tj-=z2t$*<4vp
z)oJ`DQR`~8Fl8H1m-ct^*J*_Jv*p)O(DS?H)BF$c{>k*J=c3zypQ?u@jp+Pc-anaM
zzX38(@I#x^L8wU7x$0xe{T8u~9Q!$Y&{puP>Q^PK5#G=0Xoz%FNUwqNQ+0x=K}DyF
zh^hywp7d4n`Pu7V2Wz;kROwfA{w%5Hp`(D5E=<k2D%O{39jfY5JqLBJze4>&N8MRc
z@5eeQlta-`_CvjAYowBny1q>?Wv4QJAh3r|4F#ikDpP6fzc;>}*onrSRR}kbsIhk0
ze+8$WCFgmg5b_bmA&f#8h|nFO9m0+XO%X0Y*f%yNGBze2-U~+u#$a&qg_I}rA|@)a
zU<!t*IHG-|AQja#m{5)h2Vz388WyZi<LQ_pvQ0@Gi%`>yL~DfeOd7{-NY56O{tChf
zgeJ{N^!tbKpVs%^!Vy2<haq%TiT}e)8Cz5OTByjYgtbxlWb=O(|4?aH3zUxx#b>Le
z`(M}l|KISxUGJ2=QclCbP}``PeiO{Vu&GfqV-qcH9bG;BCQaIcgE0!=cvIvf4v=c)
z^)xi~wX}^*nwT|j(Xv(RHb{+0J8&>X0Ss%4e8d4#WhMG`zN)ISvP$2w(x|eEbd~LF
z?9IM6tE{rbb%;T;sUhg)3~C2hBaAEx7$G$^bhHSksiC2TnV6c@xw;e7{DCuo2OZ63
z#;S~_@Syc0ab;(u6w>}R;s1!!(1ev`m?D%*SVAvMM0%uNwbg@>bBi^d(fwfO`uBrB
zb05@@(*W(HrJ<**qYYXK++7=+7#kbw0BU30+Ss_0v8l1@9k;SW%iqSwB8S4>PRMN|
zo$Uh4P~x9@pLV4AIpTjA>DpcoY#k>92c)Lup5{G>e^M&c%oI5!Z%jG&IYsclnaiR(
zk;DAcjV_a}DZObv@n5oTrbBMYI>T0b=S}I(?QDq3W02xyaA!R@+|61E|C?CtUwUnr
z-{>Z&m`(IAdCkswcvF8m>GVzf^gB-m2b8~F#Yw$RW58h=>GUG?<itNZEj`6LqVBgL
zsop1O|A5FhV>2@wZ^OT%|L@Dg0;<?wrUojpJqL4S3q)Yvgz?e@G8(;sb3l*nYS$N)
zpb54K`a;y2sbmg5exyBSF3BbtPd|}U?u*OG9YKl>V~DwT$*2%wV*rzlw@L^Fl8832
zTlC2=`7jtNIJ;roY?#SO@%yQ8FNqm(X@MM&33v0p1BKv{E6LKfI5&eTA2pxXRtZz6
zr&1?Wd^2=zx+?K-R|~jdfxb#S+;o7cP#@HN2He0Jt}9Z#&$tcf21fpNhAHUV2F_#?
zpmr!sUB%HrVWd{wzCPv%H-ZAL(<RqYLg$9CH^?v;5cQRIYOT{Epm-jj5)}RmVK)~H
zvjlVu8N_yk5yOElKmv3^F$n*-1?D)nupc@Dm9XmT;FO)zI?66;9o5ctZo=CgQ-=5^
z+rQDq>N$;0!;f>z-9_a~H{bvG*}GJ$Z<|KTr_pP%Lz87sw7$8wG<GbOS(JS$xT*h8
z`}F;sD@WRnciN=YwNq)tFZ@WPF~%W#$h4csB&+Y;o#xom>}=%Y5h<eH1;%$5-xiJB
z+ck%OcBiFl%MOEY`t@uUgL6(uV=uRU`<eIN`bccmxrdn#%S9irzI_;96|H*b`uChh
zweV}A<bCSHpv7~=OP9ngo#A=tUb~L@&2>%(1rK<!=;WxZ^XY%e1A0iSt&gwmu&wjW
zUMa5%tU7jaY`52;rr(jczE79zC|`ek*MJqw=#gJvF4p~;Z`pS1lwq9s&xLd5?JeH9
zeW9(C-+X9l=%QvrjtO?`_LojLvMeX4!{)${rGj-@(wte%I~mScI%E5+d+s+*-fHR0
zG5>L~|7%X8qOFa@Zpf!0oyUl#u0GXqT7>zs>Fv(6bU9<tqFu+aVQuerzuYX~db2mq
z{Hz+`)3Kc@{X34GbanL#yABrTVtZNKNqESc*}30G=j%hwrw-y=Se<9LfU&4#v!3nh
z)q@4c*r)wW=EyRJXcu)j)^1~$yE9BrJLl^B+2ZcL$KJ<VwL3HS$dW^Q%HAY@`Zl75
z(TDf(Kr7dFCN+!YBfbZ>dzh7ZFLUF@qnQ(}Y0LS>uNm_?&HZZPG<@l}(Ziq3a7}u0
zXiZVit8BkH>-w#iUpSB>oFpF<;LZD!F{7w|{-*8!hrKg_i|PCS|4pGni#@^=k)?g7
zw6EHCS=#qiO^HZ|EK!ndp^!CXDY7JMc4bK@vJ~whYc&7YZSH(N*L)_Q&*%4DAOCMB
zPw(@7zt8*JbMBmb?wy%C_k2^!YER{}Z@Ro=xcS)?7UFt?^%G_gvqyhuGdEc?ve&bH
z>gEntq9&ZH-P?ELo(t&_Lrq)EpWd6H8<O@w$m_7VmZ99$U2UrAvlJin99I5VhX2p^
z<^NLRt5zA{8zA&b*J|OhyK7#WOPR_yI=)J3PK@qVaAwtN^>x`bIZmMu<)h{<`C(9I
zTYqfLNxSWnR5zV{VtegfdD!y)lT;;=%;%+D4E%D>LVlfJ%8!yca*2Cg8tk1$-)dUa
zUM;!&!;4IYrum5h8&&x(s6KNHNzRnrx7X0`jNAvGo3Hp-%!E4mm9NqlT@XtPf48rE
zr0l-qXXa<<4IJdw)Na4oXyl0jmxOAM4BmZq=cpy(?@sviZ)aXVz3yOnNx2%!Y^~ur
z2_s+UJ(tCtW(TNSI;m`2Zho*s>Ri7O<{jF8yX7|RwXDAx*H?V|s^Ba0OtY@I%ZpSb
z8nx{orp*wII(XD2XwPT+M_!eClUT;a=^g@pdJ4NQ%$=o?d%fk6-`my=Cd_5Y28%O-
zzh}oSSocUmyERU~L1o6e&x2gt4~L}u5bXVQZLZAGleIHrXDq(z{IuRAyt$~^y28mp
zLi?G~&f=9(+s+M(agZq8e0SQ#?a#FC#PnNyv?!vv(Mf)u$CroGwuOFdU%sM!sawl{
zD~2h0yH~2{8qT}_ZD!joSCcPtU#2dasXz4Xpz&=pbykmaHwv1c|MW`)k#eJvzhaf@
zg15(v(^B|DR#g>MKf7Myyf9Z};J5n|^aP((FYu54{80GZyOGjGX@#S{CG8g2c4vS1
zrF&x{!gall$mTUW#io{<PpzoD^3D3-ut9HvlW)&mI3-&6gy2`<(dwI$$0>@|%o!)0
zUj9;WM6GPy=RGr<-)k3o4xgCOATD{#EF=5o#5<02KC3Dg6~#&H8e5Y){#Eilrp2>|
z4wd=G-~QcC@VnFh&xx<tf5IB;$OmuccdShvx#i0ceZdw-yJ|<fGe-xEe;aHYd31cc
zwaexj6VE5D_eDYyifV#Rt)D%}_@d<WV$}sB<DZN+TX4s6)QGp)tG7l!KVL3Zr2i`R
z@binu{Db+1EgCI)`(Tj{Qzq!hquS#)5=7(&j$60EQ`~IyB)*MA(vq*!ZYE|9{*tWF
zbH#(&ssPU+1J3po>ci5{Jm@&)*nk*oMaf}tgFB{}%1Ih!)`!?E_H2zkwZpeT|8R+-
zNWb{>M>iU>oi{9eY-Ot`byH~Ru-*@I-%lu6t2<d^$&a%J`!*<BiOLqQ^86rRGi>pR
zoJ*m@=V#pCbnVoj6wQvxtYg;3LWP=18FiP%#BV*G*!T8EWyMB!-=i|U55E-=YHOBQ
z$lny6tQGuz%M{z)>DLX1sOBHrxF`BTp>1y3jGNj$y{cKB8<qDN*w;UQdShwB=R@1x
z1U56YhXe?ZoL?vv@r|j-jM*D9<kPD5xeZ&h8=t*9o!0-P_mS1t)Se}$H0-W>sPQ7p
z=Y-zd+hs}Trlc9Lyi#s|NF6IbxN^48@EzBt&-$@%luop!-S~;ZT0<2ECCEIkkegbO
z_?0Q2H2=t`?HA-6t(r>nzcxnKd!;`Y*1n>eeYmgIgPj_y<iA~uS6(bN?o?bDLvV~-
zwOEnusR!#_3nwZalpZ~Cl#Fg4qi6A6=U0|IiQI5XuwX)bY;5cCXUh-HZw_yZT7M?)
zW8=8^{EE*zf_8qt_f|mX=78tdgO)@pEm*Vtc6G(~eH+s+9eb=Fqj*8<y5!x<f@9B@
zloiAWDeKfq9BFocIbiKXMepW~p&fFrBR0xh)*kVCfmed?mi#pbuW8h8pW7~6cUR&@
z>Lj&S+ikB6P+w9W+hH4)5-T9oYsT)f;U`t|8+H2{Pde_Rd5Q7lZrz?cZCX8&=9rsp
zc)BHfRa4rDeS2~@JPx^SWjlKK-3dqEwkOZ^A9ibUgXYp*a+i(<^>5#&r<-N+aYoY^
z(>rxPm==~5irG<eA{mb_lsD{b2tSy<V9Mz51dsmaQCs5Hu1igxw)yL(d->{b)mYC$
z_bY7`&p7+IU+@~;TUXotWMtngITbl&M@+enDs#_P+wa86x#uf&gT|Ks(9bwL+;OFK
zZ`BRr{QdMC+#dB?YpjxAb4VgZ?Ci?bVvg5$>w8a}QoTqg&Tws0?#2ke@|zb0ohAjI
z74dDAx0!kVlTGULoy#_FuR63t>t4ldWmi|3Ldlv}58kzjZjmc?7WiVFJYZGUg=>62
z2F!`MSKFp~aqq1dzHRSy9+j^Aw%Y2pn2qDH>LC*s&J;dr-m(0LzOKgeGaHPgez?3%
zd^q4fQS?1Sz{vFU?j_f6ybara@vvq@W0FJ;5iv!j`S7IIek_^bAFHN(I>BGLZr-_)
z$EVz^10KkS3}c%0OYe2W+`CfYcDznr_-1C^SO3^tsia1Gi)~eB3Aw7Zy`H(KeVJaO
zU--aT>%EZU-s}qP{s%?H3SLUZO`YPkMt<kE4QX@Tcb(1Q@5^vG@m=lp)q>%&h1Q=P
z`^?gj8gVNrT)@X%&*1RT=wksD87J<oZu54M{8*uSF`_Qu3v1M%uRCAI9d1?;A1D1-
z^o+8(j7;$k;XOXLr->Q!jaT&g^J%O*b*Jw1Kaltm?)r?iSKU$LZSLb>yC!b@fmU;c
zYsQ7KZK8&!f~Tw(miyxVfbWVA^WB-K<1a33=YQKiWo0kEy0!hZJ}0bc(Ulo6;zO`e
z)TFfeH$KjLB_Ub#UU*#QHo1>xO%oelM4q2~k#*TZQ0;E~k}Z7FZu6&WYR3f?g|Y0m
zXe8d-xvfaJZ~fKn3s^~;N;Y4!b1h}~7%qNT-?GRtKQjN`(am2f=J%d)zG`MuPs1rC
z!<N7L@nMBrkzugT0fw?x&oP=c8yMx18GW-oUzBAf&C1zuqgLg5z{@4o+s~{_m|M5q
zK>tBSL3=;j@mJ<J-W@x>s4zh9==E|p@1oxJLkA@;k#fmb<BwW;f*9SPB&SrhwW_>l
zX3iQj8LL<gJ^4vbzNM`RVmxvQ%GK|)L3#Q7R<Bm4+d-u_<lj8sRhzf^x@yY8n9QS6
zJqyZ?Oo%QTyzs5;qZixyu3lB6sL6L#;=)b^=XEyP*Yvj9rF?g_9Uc*T&@}VPA;+8^
zSHfkFi(0mt`i1pAvF+N1-LsE=V`i=vZ9Snqf5FPDC(=sw_@~P58}&i?mf*?empTRh
ztF_~7CKgX@d3Ao^lVYRwmy4F2J+Qs@a>1TecjO0)WqVtlzAN$gbx@>1pX;K%-vl*V
z<fR&1Ik?42r1!-3+r7*`2v7SsN@(K^`xoa8`a}#e92}!4y6KFsQ?P|)azl)EZRVVk
z*M$z2J9WPK^$7RV7RjGy^C~7|+8Ms7cg;4B$u1J@f2e4ArS-RL$<&c$U*ifd@ry*w
zS)0>WW6;K<W-tAHR%~RBemW*TQv2Sm!BSz5{MX(+9QE~n(>c|~gmR^x2MzMFGDPMM
z(VqF8IW+v>9c#v^oDYVsO?^Z36~wE=m-5AKsF+rAbii_v_$kI$GsM2{*lQOv=$P=6
z^6z_9gO=vrD%DYU3sY(`_b@+pR+@j|{_JON2j1UySmUClw13!$>%Kktn{I9@8z*e7
zylU#HS*kLIvTsM9Pc2qGI<w%3aFw0ycH)WWp)Zg2sK>j^E=fF4%Q`3T@GxH_V9kKs
zs>E~IOm~Yif_3X#vV&9d>hwJE1bZ|2FUGGP%@^3tig**&S~RylQ2m0azsz8T+_CA)
zLjnf&@@dnZyrjw7z;vtY@%e5HmqTN8rGhVqAGV%at)n|&;^VEZZb}vx&4=F{t{J6y
zL4UAJ`t`Uc!U1QuoV}ZqxJf=EqF;var~YfcTeb{s3b>Z*F>qG>7Ij7O0rA&NOY(9y
z%N^gUKG{`0m{7A@C0@Hn_jT%=^b@m-b+S+CL_La_bFN>RfBU63kK)D6Cp>z&z0SQ@
z@2O_SjGc2H2RzU+n7(1qFl}k!Woc337b>3KlP-3Tb8a|sC2c-oSG<|HCC+eBYwx$X
zccACuM6EW}WwYOJFZ1-f{8nB&Pk2?#5!H(WbG9U@?PP9rc~Ud|xZmZiZs)W<g!VXS
z<o_f8OpnNo6W?E7rcPAW@NZXhjL5sIWiL1?d#hLU=r2jjWiqS8@^_`2FR{N{I`a6u
zYGdX5Uv{ucG@DO*IW2rwc)Z7F?`4*^W{taXv+Qxt>fEP8-U_E(?P>e!j#qL02+>0G
zY6<3!>C*?#-+9b!#Jbjgt#=msRq?CaNjqt%X)NCOL^{iTaC&0Di!MbiX*F4j8EKv_
zrnelf8`?&R9~!H+uX>tMv9`&Ve04k4U?o4{36oqjTA%m`+&{49{L#-tT^7Y}pDOz1
z?(Ui~W5X}LcH5e~tnKadS4+Nq5*lQ2wcg@bF5}o3#o`HhRaG6gtC&|*D=sa!)ZAPx
z@OVy+S(SU1tub@v@ws!{-!2ZVY&dW<Z>y+d@$Co8p0~|EvfL#xNwcQr#<~g5#h2uK
zy1Z+p^PmHtk|%HKxz}Fd{EpU+H<P?9-kSM3OtCN>Ci^8)aMgoPm7^1<W~Q~8+gb<=
z@7-9Ze(Twg;eB5*2FQLl4w5iX`Fiq*iN-5FKP{tZ#j^B-cm4HO-!JQ@@2MU<ucE?g
z;p0AM>rB_#B_up~nK<Zz=Ih(<#?0D~Jv~G3sIAa&cW)uLqK>1!g^`Y)!o{=f{i_AN
zAG}<tx4Y+?2SRDz4acs&p!_Yz)W|`6+>y!~L)7oJUbb3(Tt2X6aCXqyb<=(ORO<KI
zxWUBHC&TILThUDBuzr=(Mrz*Q>p5Zkl}h&l>x-7A22n?^zHh$%Tw-&!gzzi*J4I{e
zuD-h90RMs3<xj5_-E%x#%{QSirR~+T{l%j_>}3ysni8Y3bNfyG-Bnd4$|p~(o_uN7
zH=}Fs*D4NPCiz2EX8FB04Kh>0!&SVDgH-y~PFmY%&O86N@3Wi58zZ&s`OTjPjBzct
zJ!#oux9`2x%|S1|=_=e9mhbLeHub6`t9(bXn{fH#wa>y!bcCxaF3x&3Vzb7v+!<d7
zgdIv~?x{F<Psx`D31u?Mf}%0Itq7KT(y)nJW0uvw@#|AM(>~F(v0ue3S*<bRjO^ol
zhSzo^v62gJemnIk=t$!8MMvK~7Q7g<!K|%rPkPd%<+l!5)+`m-y=?IMge!apr;OJd
z`7QC$jYZE#j7s!a7JN+l&7IZjwIoki%P`v-Zk22ay;xZITrhadovHGTP6IcI34D4!
z(K_Mm>RsX0eH~Tv?X_znTaG>N;Z~e;EN5pATTK<EjVy-+)1BHzln)zQqk2U?SL<Nk
zvsbmES8En4MCl5Y)Dw@T+S5jETv^PY!#a_o`*nVS!>h>A!<F_Ox$d{*M#k$Ad4r!m
zwd?b(yd`Jd=9P-h=R}K=2fxa86f#bWa~Qp`)In~XzieT$)AF&cOZ$k;y7tX(yz`e0
zPiKw17NCA8E$*IK?McP!n^)yaykb7vHDv$o{mp7&H^a)T=0B`Uu+;6HXti&~erEAq
zR%XMp#Cwt6^9J3n8{+bOU(;M`ZPSA<d<zdv4?M)0?p!=0L9;w;T#qsBeU=SmJg;&u
zOEZ4-W8nwQ{3Y^hCx>fA4gAuS^GRyhYwclbm;3rGv5t<KU3eg4_>vOuHifnW-wZDL
z<`PvRW8(!st}h!R%U{&*y0=AQhG^N>s&xmJHI93C`plC8;hfrKcWmx`95y&8|BZxO
z$n71E%3Ne8exKEP&#E!or(<Z4ROFhu3~6^ki+7RYTk|RoYPL=>8g=*Tf>~oPzsWoL
zWYQWflYq**3-9-QQ&3xW#A2!VB=z3n5fvvl<$j8{5<fI1-KX3xU-<Itt7TQ9{L0za
z67OA~;5X`NbD-XmX{j#yhmM<EyRkU&{*dG`!lRa&Tx)P=zTGGDpT3goPTi?Hb*Jvs
zox0P1I`I)Zgcb(m>xT{hanrjwI=Nm_V%nh$`$xhR>7%zk$sgGykTvvi$Gn-6d9O51
zW&1Y`-1|88q3W;+{T3Ca3|1QvTyMCbX0h{<y>FFATzfJ2&3&TJa#vrS$9pzr4qB=(
zdH`RbbpP_KOHxrE(t?Wa@3*{>6Z5jn+pea#e9-i~3$gR#cK1CjI_>!`ukgl$g5v%7
z2dq*tdGP*PrN_gvp6;K%zL06|vs+-moa9Bt@og)%eB9ycsh+Hu9bj9ZBG$fvweW2(
z{WsGGRUUls;B{Ix--6V^&9$*{ZZ{83ep7uic;HG|jYC%qgKb89H~+En<9Jbrw5a>e
zZp_OUzvsRzxjFOE?ZKr@)!uHo_irs}2{X4pe);^9iF^V&GZsnY@o9(F9nz6`JpS~#
zB8lO_SE6L%X3LCRG;vhCaZrx>was3!x4dUwW!~7izGK<U`r$6ko-%7~OW)<o?XUfD
zbaULP{TjlBHoZm1e*SUAm9;Ux+1cb<;psbHYYn2p7svYFiy1Cka_mQ@ouBcVsv(En
z_kSwPR(U8{-*2#g?lgyiU%ym*ACdb0gYc-;5mS1NU-3NKB|UpWQi|I8GwLFf{PTs%
zR#pT}z8W9tr?}qbL4j7lL9HddWaL{$&F@#FR$yl!?ewXq)45iWbpf*cJ_QDoa@z-O
z5-%TRnyF#Ec$;d)!Y4C!?zTL&eABj9g?u|-EO5JiQ|YksqSEC@Qd*YA%m^-cE^6u;
zwe?}f$`zh=pZn@nUKL&YJwiS3i1XSkq1uH}>s~DR#MDjW7YV(xYSDwc1ar&lo@=%1
z8!Uaqtu>Q%ULTuXEu8;&Y9G<jp2TjAIRkuDCAL@-`g%QUhkHGC+BtsxnRwNi!y9f!
z2dgI5IyH+XI&2I&{YhQ3EpCRbM{Jsf$}H2+AD*U#vkpW@jrDjTcELN;riYl{b$JQP
zt^3=q4=POkk*s2}Prg-XSWV&4l(fSuM!fnaby8>8*sAEnZDxTky)QqQ-&$ubd@cH=
z>e5-gbu7faM-1}WA8A^*DcHS_?FjWs(TB@yM-GhcADyJCnfPXVLacPN{mi5H>gT8T
zh<n;$baJEJzOB_hdrHk$EIUv%dO%^LxPN)PsF~TOS@lZZJL*!GxR&`??X0O2idSJw
zSANcy!@nou;yBIEI%gu>7HDfPP1SGvI&I<BikgIU&+mJ^3tGOJPpt8}eW>96caw~S
z$)6{UvT5=?**<Ng!~34M)Ap40Kk`AbS(+*KMDvWPPm`c?<gokF?~gc!YtMJyviEHN
zH6n3WJWM3p%T>d63^NPQyuPht$<q~IvbLL5d@DYYxOnHY;-$;xZ%lftc)0PbWb#cj
zvk@9))gs^X#7oV8<flJaxW@F&dw-onUI%k0)SeLjxbXW32V?nr(IS14`0`Gghn|lb
z{$o)>e~sQdD(zjThTFb>S!^L+yWTA)!)n=!(hE<=W-pCf*GIyz^n6R;;O8Y(1u`ku
z>%ACzhJ={LzW2Dfl;1=qqi&f<QP1Qjs;m6NRlOL2<LkD5+)`jFF+BUci1gAQspso1
z3~D^Oxm;JZ^;nNmzK8?$F?aJ<%`M*76lM2PFz@8m*Mzl|?kwA3s#Tl&TW^z$4Q#jB
zFx%3!YENdE=2wX))qAR5u2rhs<T%^-iTWvjUCE)ZrF^!;?|1q%WaJsa`Swzk{f8Wi
z93S9(&wzM$sOVNkocWFF%_EmD%URXW_ETQ-lS`K><39)425fAYRpha4!O7UibsOT3
zYozx%G&gz?)8Mi}QSXj>?xFi<C0j1Mn9@)5p@QgWkGp+!dpgfJ$0t6em-&6?aW^`O
zZL@pC>|V3tvSZN}eU)Bi&P@!@lF|A{*F@Jk7sRBDWLg()yeAc2l(EgwOMTpSy{%R*
zWBn$4WvTUC;&fhXOm*N%&441yAB4{hAJME;gQkr-Y|q&4nsZBFd+qFYOP?pMqr%>2
z@TDJJ75w5wk>J<WO}m9;6%HQk^RV`_OW638!of;DYM;MbTI63A9<k+S`Ht`}?ZHa}
z+YF|Rm%6_?c(}OU(UfruoE{q=Ur{!SrCm1Ze%9p1&uO1mYV2MVaq#@^c~%X{JCCom
zy7;*AiRzrG4KI7e*c3k!ub6lItjLs!D&NzS4?3*g$u}#cc!DAE_{O^WMS^*Xp@Qy-
zKIRVL^A-lY{^8%T;)`>LK=oWHv%}&yH{CJmJ3WywY8bV3=kPG`!3wO*sk)z&Z%kJj
zIz3U<q^Z?exo_D?zM$;K>$cC(8#A?8d(UgFq!Ss(C(MZ*uKQ!wQlTAY^OG%3rVU!W
z;CW9C-8CXn??>&C&NvpJaX(XLPa?~(F6Hjxr4?b$R~H$W$)=a6O>e(<cXe|7{))rG
z(W7rvDYpnNKJb;*o^e2{G<(Iz+pmcDH>OW@gKsBnnefJ5%6`jIudF69=OHcGcO&*(
zuHB*1{GnZL%Ew0+$64=A%X@8l>ump>&#y1FDUWuH-+W$TK>p?$){cUbi=*E3bZ)5%
zlv-+CRM2s4MB4cg?dLq!?1+xcYB5o3Y7pt+qjT^^$4<u6Pec2ku9{eIthI$t>D$a_
zDFf1!<nIlX%F#X4oK$sG@VP;ZW=^SUIMc{1<k1lR%a+$yetJE}<I%~TC#u~C&65ms
z(0x!cXJPx)UXR!Ga(CaW7BN@Ox3`ICbck=Z&)T~e)mKMbNv&@&TOYf!=j#tAnHhch
zxQL~k{&w!sw$?kN#!lQ{ASKy*)TxG>Ax-1j%9Evy?uOU+dR$hwZP~W&(CWk=xAwS}
zdG4wl7d>6zgJrbsGFzb^{q`RCsHgUHzKfc*&gp!ckSMhs0qwV!e0$q+qu;@e9~92n
zWp?bH8<N;tY4K`Lo!uMvp0&%E{rzl8^~+K7-hM8YRG7Oh++e|q@P~p2FC`G(dz$-Q
z4SP^~()z~2Z6gAL`$YA6^1iy&BA{(Gzc*9JzQ=uu8(Yo@ojrQk>41t+lg??)dGCE=
zr%inmJYII7_t*GaP9x@<2KRYxKlH`zb2(Laj*AGlt{!$HGBRJ^{??BkdB-=cV0o=b
zx*X~7_W1Z4)6N^WjEY~WRPp}EI7iW*+n;MMdwV)Mx7W;1#NIiXxw8lEI(FLo+4&hV
zF|~1v!%FW5S*mS5DD&n0>^e80+v3k+Z63xS=F7UdZOQR-L(jQw&ukbfaAnt_5T{qK
z4$O1B@1DEPE>~)(^!>+W*X)ufD_zq~7WCO^a-r#<<IyWKqSMwFZ&!6WZSgf^#Y6pL
z6>h@Q_8(Mt^`E?AhxDQSTYCA-QW#>=bMO;C{@rU6F7b~U(noD)YlL6e;&0<l-La{^
z>%QlqbKKx#J0^DA4!+cJ-O_TOsB*^b#AW@bp4!(WB$Ly)F78E1d}WdG**0ap3wu}A
zZY}O}O#b`G=PdW7Ed!^AWL&LSGxzos(FXTHb03VpmNc#0Hb>fJlhO*W)x+GBYKN@#
znZGT5nyk+5iHSFE_;2DL#hlLP7q<V!;Hk#i&vXtuPt9o&ZYY`hK}$DkM0D(z(8b1|
zBmBMA+#7PUEopn|>7ae<Wj|D2cxgFum_g}=iomK*g&*sQGf6R*a$`4m+|cT0KEpEf
z)R)%ysP~~e^tFoP#s>0R*hgOW$O~IPviRvyHL>xIR-2YCI~4VaaW=VnkomDud-%;<
zADx}?BEM>do`KB82g3x0PAZEWkaHsN^f6u8&C(ec#czKouap`6+%b1{&aN>d!d}ds
zp?~{$@v?1&B`tC0uN=keR^RrGIzZUvH*BsI*)vY)`!nY87P0*|R_TbGSlWxweX=qu
zby@WAJ69R3PmUix@BHz}_29kGDKVvkWR8T$c}d8)=*_v5;_bc3<_uA9Wl=8_TDPs%
zy@M|}$CEFkQF*(4o$%N%_3^v-=JuQu7(OS<?a5Kyn@>7C3{p?(?uu66iz%up9&=bo
zbU@|krSdU1*Us#pa&yQ`_u+cg-ooy}&M!=t?{%qsFn2(6P5fHv!t|ZOs#o?LR_Mrc
zTBRhH7I{+e-KVM<?|N)3cy7JQ@V4L67pd8=EnRPZTI;;cy(aK<%&t(O3wvg!zbrAX
zJ3jY%-;f!1HyZ_xIGl7sJXdS!-LPB7&sNKxvYjIqEYPos-^FCQ=OnSg{US@B3hq}a
zn#g<^Q!MQllwr2JrSFIxi=T}+Z$H38tFK0(#jRyI>5G;%^omq)a}7SMJ4*DnxlVgc
zY|Mj|!)MgiF=wPNX<F)Iee&^T{qeWv3&vLto#|ZjUTB!kZOij>>jdtP@RrV5t1;Sh
ztJn}@H`&)Gd*!^Fc9GxJ>r13kfMb;PHSvk7bXQI+TewcZpsCO5z~qhX4x8fUDrH=M
zv9X|MN)LCj#r$?otxl=0oL(vxTqu1xQaQD-tnJ4>qYG9nXT@Rm)tgri^ph0dXCH8V
zzu-rg#pxDW)81KCX04ZROn3ek6gGG1#T0>W3ZKJ=s$D+0V&K>CMf__<Hg4WGZf>+$
z{{lY!g&KEH1z6|g1om_}k(G62!jDXyUQA2d1(qvv-Z@EZ6+XYN&l-j0pK3fESo2cu
z-xq0D`f;^H>BSDStA)!>yl+Seemi%q$i9i2mv1(3-jZY%kW-cH5hm7es)*vW=$M`i
znHdrfk32r0F-uEm)LRiP;cDTX&CiNjJ3cyzKg^FR8y9xBA#!_cUChbTpZy9od)NyJ
zCWb^_X)smUSySn&v9x5W-lMeSj#pLM>l<$<AD+j5PyFq0{RH1={d2>=MIM)t+ApAR
zIkBV0x@uCI%w&fEqm1e)hs;CO6J$GvB}z)9R=<1Up4vYBklpU<rTeF3%0G2}FEM6!
z)*Gq19PKUI(Yw|jT31?fN3ZbQ=9G`|rX?!otJbWZe(du$-;a_bbMKlZ?NB*rk@ZqH
zPx^&M_*rAchK}o52ck2rhiG4z<(egO;*4vh+qsO%O9sj?tme$uZrB(Q7(C@vNUzrm
zcew|fPYIg!Mq|nSewx~L!$hus8~em(sqy>ztNHy+x8Ip}{`<R8%fl8Fo!+}=`k;>y
zYa9l~q|3Y(2tLLNNRnyGk?ftgT{ltOXNt3bihEAZQ7?wnS?7Q!HDyD;y&obs`%ZGN
z%(K}?MaQo_@=k8$wNqk;hB!?<A;g?snsTYP(c*qREDEmg?<jv$UGeq6v4?tFXFs!O
zGJ2wazT7xV`#{q7{&H8Z<qDdPm6sA@jqBgfz@?$XRwirKn*hJ^7d6f!8V6leZs{}f
zaQte4MbdS}t`f`ZC*%&3ag`BxaYj9-Bilb?g#5w=m3w_=8s7ES4$P|``q;De`qb3i
zx0lOT3~3jcks_2ATOl-L_VNDOCtrl<I<k&upIMl)Drk*|##HCGQF=X9cA59C_9?t^
zzTxYEnQP(~T$_@9?pTxDr!Uf%o;lY_D+gQ|JGig^qV0m|3XU2Edg=E}6>Balj5Lx+
z%v~e9`m1r;qPi1D_V)7~wCeM-34#(W0!q)kv<0r{u!Plm-Hu-^{PxWuQIG0di`QCJ
zw>2yleU<d_^8}5!tmG8AaLE_XB&T`ZAA8KbcUY58zc-i$p@$;9t5lIHy(IK1V4;aX
zD1r(C3epJ)QIRISC{?N`Lcl_YM5z|43QCKBk_b{m3nXlQ&vVXs_ndck|Jv)?O|Hq6
zOy-_@=38ez_so0`Mhj{l+|mvzwH`^M)jyXopnPrNJn*_RyH}cUZogY=)4F3Z?eFKY
z=<oJEE~uFu+26r#-E>U&n-bUeCA(3Jr#n{8PWLK~pQCxvM^QX=aYW3Yg-;8@NzSE`
zM&V)!Lst6Izd&{1kJWPqAH1|EcWc(fa`G0#KMi=g86kh)i-oDck8fLEjG)dMUed0K
zS66B_3g5Azz012L?PeP!=@8oeYU!#+`s&0tw(ou3FP%_vw|VZZ{k(5HCOOS#H?tp0
zN}YaYr%(GGZTZ|ICOot7;CrMdJ;_siW4efT-M-`@9$%7n_tPTw$DbTU%bR67s(w%R
zp1u&g>fw^Ru?=4f+ag3~J<yuvcUQX1zhdcJs8e(6dQklD-QT`+f-Qf5P^7F!C-GXQ
zr#|(@8oxr91nW(gylTNc!_r`Zi9g}7sbTfb@fHt)P;Gg08+F+O;#bQ)Un+b3+$RJz
zl^?%ctZ_x-lK;K6!_6AMrjhquu|WYPI`HdF?*)q7U{_NHxGirz6gP8r%3lhqd1kz(
z`&lCr`Zs!1FZa09%;%#Yk45qD=ekp-%q|LPVY9dQrcdPPOQv4?+T7*jdA`x1n=r^G
z(5P3w7-2DRd9u4^?gmfT68DX#5&foRy?=S6-)qm1XBW3%Z$_C3q>w|ctKYJfK5l=#
zaAig$WJx{3k1z*|tAxY01oXnLtt&6y=s4JGbW}Z^eHtQj^uS%acso^JV<6a$G$2DA
zp%%M;S6Om%&mMS=Dhp7u{oyk_qaZKl=A&k&vS=Lqb+Oa$)uOWn`x`xf)kT}dVC7s_
zQs>$F9^}s#k>U?l?!;aee1N(uxSS(E5C7Y~%+Wc-{Ugxt_Bln3j`jZNAIWb5c6)5P
z%k?|l5asJ{Gn~}~RZ@b!8F}24zCwAsY*O}F^VOFY4=eHcNyWWQx=33WE0dF^%2`_M
zy?ev0`)^$C)(^Dx<;`#J^avaLFra>WxnR1|VE;Tcr#)BDsm$e6>8sk9F!#Bm0xtcX
zGzr@wvm%kYq+2{+xZye`x9@&X#ya&JVJ?1aP8i<qX|}+*WUA!*eH{N8^w?&|z{Wql
z>I0|OkVjvFdGk4K)$sMW*18UCWmZ#Hm;PaLmECUxlcW+M=F&OBlDcMhj<8<w>7$~_
z58CGp?ns>aqOlO!qUyacMB(s;Ux`zH4?jKnv19vbT?x!$hr<{0;BEuRq=B1XXqaV#
zW1Dr8Usg6c){@Nqv?OrA-e2|oDWN&wm^Wdm;?>;GtgJB}yTt5gGK!(yDyL*^N_lw5
zqKo!7&(%6ay>@xnc-0E&s`@$;FE9I3ki2q6AGH-y^oRw<;Y+pP6`LK=NFnnJ^>1+c
zR_HhTZEhy8{F&kCz*Onx&PLws!2I+!t6C4Sx3?<{QOXe?d@n4qFj1W`VPYxj9_b!`
zD)Qa8skyPCIeZDOdA#Lr%Xs8nIm+MkmpemBd12=wLQjkR{rqx9{PSwM_@^MH^k)m_
zJmBNnpK_!ZHQWl3jca`yjG$QQKAF}@(v?+0XVYfK+wM(Dia+|fbmokx&~NdRBP@L%
zjU>L_i|LQ}Eu7U&pW?jGlSltdsCzcS1Io~f)xIN9^5WFX(}w)t0A44!Qom&7Z(<tG
zuNBFUHz4$C=)12zv+~KRrVWjm8@W%K%HEvudtmp)?}1Of-3f5_{D=D%N!}}KC5sOy
zyJ=rDy$2(VQVN3PmX}}NGcogPZ2|2*F|m7QqVr=-TtY--FgzdwvH%1BZV@c2SK@VI
z3~XEarBXFUljkkDEhLyv_S5&_XC~c#3(_~P|5l-0T*AC33)Rl{tY?sL^1CN<N)DA%
zUWjGTv;NX=!K1wmpc)48i4~Po>`u)^h_2ryw&u-VW%CyC%P3hG;`tCoaG}MS_Gjv_
zj;W_$rP-3>SC8`}XUYDo#>mj+A9j9a(dPk|eN^?5lw-stQko3lS40kpEgX-e6xYQi
z#QXi0`3J|+Tj#ZoBYlUeULwTRew4`QOTu5CI=@y}_93#{ujfAfvex+C<h43stjCnT
z9&Z@ycEL4OrqF|-h?wRA_G^OV8KX!UcpgjNZOc-l)<9~(-5k&SVmwM^Wm{$H)N$49
z)0cRO+Mbb|CdgqH_(@#Q4cj4~4-yD+buRsWwy8n~yUb_#LnP{Lef26G6r_L{I(wDg
zP{r)@=+zv5ZC7=MsGFOEh#QZCs9Q>2x>CjSEGM?+Qo?R$R<+CQAaCs0;B)3^6;U_V
zMiIBSjiPR8BKzEdvDI05G5l&W@{!_HPLlT1`9u_y>Ora={a8MqL<dk!Nxz=0-#N8X
zYkolp@^kFrEltg4gDX<*((|S$^byMe>lXWx%V5OddZu`$l2x~?^G)!N-aP+M8SRGC
zHD7x_6wUNDe+~9|^QW9^RyMx^#rNV%c{0EEmtI~C%=`&d*#22!%e{FKRFSN6z6D=u
z=)Dov=zx8XC$2FQ7y4f&I~jt1`D-@u`d8M+@}>SvrglDY?VEcx(USb@XVTVgCe~Xr
z<<5I<x#SoNpIDCE9E%yDFB$^B{F+LVALf`EvORNQoxXqxk^1n`^ixc42tr@$U5oIq
zw<l%!Hm5JR2>h8%zP0)w0d{mqgaeL^zvQLpZH+$g%^Z;4mS&f7FcvT=#Tc-=L82wL
zKuhL>A2VGX*LlA1-FtiQq$Jn0*q0GAcOTqe*DsPuf0fNd1-*-GxeFfdDp`6tSDbxe
zjN}V^_T$g+?PpfjhBoaN)f2PN$Um;Ov9@s-Ef2RTt?)Y|(|4|ps$lIH;ck<`eciu$
zH^~3j&Q1Tk-C+MWY+A2+?-jYF#6NL+8(-wcLn8`eyiTCh_WOQH0*(=+qtEr?7v(i-
z9&5&iYkUOX5f6vm=rx(du0gxtl!DVZ8H9^jDW+5C$bR&oydVqj%v@B$aT+Je&br#K
z`N|Wm+bpjyF%7WcBZ9y26}i26RteZ-dZ>cv)bn9S|2s8;0(vJCg?eEYLBLVO(fQsG
z^CRbfK0<qgncnks@N-zM8mlrjX%jelTd*%521psfHd!A!NF63cftpy+h#-&@cM+S=
z!_VNDhcB5~A5NZoFn^-mP2<H>#pAqdto4|)xPk7(p0AKY5xT+trJoLHIFJt6?<1<*
zhr{TX_fHY`(DPsvY~MYdh=udhS@v)Jbh+ongEHSwWfW%oWw<ZA!S}Cs?Yj{6o|8vD
z8!h&xY5X`~#0EiyIpGY|@#dpjgfc(^=!kVAmEe`4^_x(}mH;`5*;pYoLKEtwS2tqu
zjZns=kbk}F82SHP_`@+>Yw2lv^mSi}@0P3Ym7@1gING!R%DZ5}w8IDn@aLHqIDY(H
zgj{9UCC3adpPG}-f;%gx{CR^O?l|7#+=Teta=IY5;Lg)no2<v<l^$h&>r3+f#a<1H
zqufG~ue6{vS5^Oet}TI+T)E1Ku5wMT+XxQ7&z6Ra)$wn^H+k06rmpn%p*^L*O}@rJ
zpYsUag(JLN?^!68Akq6AYt!p~vYYp|G*N#c8*_Tlyk4vI{?y}gp4;pQugv5rYof#g
zCwBs@$&+ZfkdLM#<$Ur8=Dk0#1rJjph6oX#YJz5O;7PiOj|aiMw-02DV{K|Cp78mM
zU|Im-1$$otOpSRKe(`wSa}C_!xb0mIz8y%g3KeR)L=f*CX8!yz6?&2gSs0L_LwwTl
z;9e?Pt5+rwgVgqMB3$d$OPqY@3j&4$Hs5n60Ge_LoW1RsnBLFOcSv?0IrPNCHvk82
zK}ff>7W+eKBlf10a-pWT<s!Ekr>)gJyoNUD{e!vK%h(gzTl3&)97oXD2F6GBwEUw)
zNMBZFc@!7pD?S3@tn-#V{}hUMA&ln?tNQ<zrUjJ{L8p8K0XKTr&4Lm#A577uIGbq3
zB0h)MbG^IJ8xQ{iPx2h|Hf15@7qq3Fx$6=2Qmz<RV;ra{5y|AkL}2Sh83zHLA%Xzh
z#z$9rBczli!v9;+k~nuNLaP-!^&J7&Onw+*s>JtNI-m6i_eaRBhu0FddesSm3|f4A
zco#CytuOiIloreXOa{jFOgibV?4v1DERN}}u>UQkxEf|Axf=c}KgHGE@qeZ?SMyB%
z{?b#zg|)B5q)Mbpq&=i-O^4CNth%D(;^Tbd?BmdJ!EwpyH@;;7LXR>Z2DBnhmi}Z;
zj_Oyk>eVoi;u+a^U}o?h#=FUpc9*#y?yKg?mXA4&<E>{7M6kI+zhOC%r>4@P#Q1oo
zn<SfYu*eDr-O)Xhc^FNK@_ux?ToQ`{QLRb$M@JCwBwAK7jd0yN8qJakxM(ae2<|IC
zaT)83uzG{*1%Ty2hDde;1jvfXtz76b*hJ(SMq&fND#d;RdlQjn5#RibeJYV9lWhy3
zaGl9#@h9}H6sRiEz>)0=W(u;8Ir|V$Ck4w*be7WMnTGO6vFCz(czw`NZZL<<B=~Kv
zA?P&vawgLjLQS6OYdJsnorh44a+V+r^gpj_E;jf8aOVbIG?tKOdWqgfDPp#+U7-6s
zx6`aG2K@msN>k8hHvl|RKqbdp-ZEIbO!nbK_i~;%X#CeJuGt9DPY`y5tPZ=P@u_|L
z{0o-Cs(ea-$3&%Pka<iM^AS?k6`)RVOV2O+wlf}=_X!2J8M0LQ-kg`6nA?>*E}ZLm
zo*bR4v}WRo>T`EU*m)(<TRrl0NyJ9EcIl)||HV5iFOFAtGaQ>=e6dAiN*>UxYzz~*
zPhJBVv+N-^a(25xnYcZ^(UshjT~dZDCN_?Zf(NfnZU7CXx9TvJOx6k(gW)#JYTcLq
z@Z>-)NbD%E{ki+?g$$y9M@n|@qzqiG8tOhNfSjzIxUp_-_xB4E>#RgjM>nAIRk3mH
z2`LW!YANq83Vke#_Cr#3kf~|SzcVP1_qT#Hm(!p6tm-UXDKdX0de5o7oo~LRB3rL_
zH*q9J-fbAW!R@y<nX#&kJ(|J3gtFic`KG@osQHvib<no!XgqR*!F!+&J-AEi56umy
zb|D{n%ra*)suNdHr`ehho9q}reqBD!c@|?+N4qMEpBveOOdYlr|5(p>M)NfOyZ50x
zsO!0kd&0MZ+4%yWpu;n2Z)uuuB>yBe@0ps``fX@Ne1I4+dHF97%+LMwMq%h|7d}~q
zjL3VfkFvDkHdJ?Qf@VHy>;8D}b7R=kP+vMfhRYxTe|zO>a-4vYg6_%>k0&2vY0_)G
z(GkDlTT1TKUES$lud%W5r`OE9;E4l^QpudP?yi%JaCkP#@md8EAFJJOlkZ-QAqp$Q
z3)bRx187_>otiEO`d8bPU5;)yMDaIl4YY;3HSC|ix@p?>A!K2^1J!52bBRU!Wd4-Z
z5+Cd#?4C~9$udnZc}en^tUvem!}Dgq%}mBwv)c-r-#6}Wx(z|hK3*EU$5V3bP(yRj
zxzCh6e=+(2xB3M(^$TWZQJ0ZHr`rJhG->+w`}cABlgjyzmF4&p<rYl`3mx*Co+vHi
zGk+?5x8v}7U32NtT7FM1Z{V^1kIlyHouMGN)+c8p9cdnfuj~7l-->0w%b%2wpZMc7
z*>fhZ#V~Mlgv$JU270rDl{M&b%hB>*E(f2Fk-1$CBJNsun@Zq04=%?Y=LH=^Fu8kH
zEba2c3zlDFFO~XcRDJk<@s7NVXx(mu6}9ciM>$^etE4kyElw3B#1^Hzm%CMPF(Ufr
z@k*nQ?N-3p1nX{$ub)wFel6U+@XKd{pJIsl$DEZ8jc0L?mz}~c(dxqM$dJiqclt#O
ziR1O_13fleI{o=_TT{&`e;VDtjr@v{D1WpUA0%usbmI`^!PxNQ5fr&R(k|gNqG~f&
z@fI$(zWjH$CVbX3XvkqGFNq#Pb1)jrzbQ90p7cD)4WIAK^q*~?x5?{3-8-wY{OX#X
z%>2^vReJ2&NQ~;6vhY3JFA*Df=gRUO-rNM4YXOdbC2hKlig$|ReB-<Lk8U@muLQmO
zGBq~Z|D$(yaHcc@%oa<&ao@`Sa(U0yX925{9^Uk<pJO~1)~Y6E#+}W-&-VA4nIG(R
zVsr!U_C2p%{X2PKOI~K=Li4@sJ%t+<LkJs-OLur=TrS=*lxeweM@1&m(EFolu7ULs
zdv2%oP*QH3{g9pwim_aGR!p}rn?t!nQKt6dI9<(s7<ClZ)|L@H*>S&ly=KXqF~(dn
zx9K;m?1xtuTxx!jy^|YM=?9fz>L87{erTAwf86-t+VMcteVeymDypPqUdoeAtQ~Ba
zFR4GtPE|~32r;Y<sa*23k*Ho0w()$r<Y8k}?RQG1=fcI-l(WzacTUI*T)KEaTQB!q
zb(OeGz~#-gJ%bP3x!Hm8ZCTmha}BJ9a&kKnL({o&W<!FxLFG%9HqG)1X6Z%7xnkx+
z$+?$fcf$@pDa>NBU&)glhIDg}5P8}ap2w28uWOc+8g8p4jbD34Td{r92)|Zvlykf4
zaCMTN@MhI^=;!4_THB9~>_CH>qrSzHovF9C90Ik!Hb~}nKYrnHJE5th_@LIE9yvJl
zWhLL{^LDC&Fk*<+qZ5^IcV_VZLY#8IQgB^J$ju<1;2ZS~f7XzTej(R63fdLD0~e8N
zH+5%cNBigIrbaJVCL`z5UMe+K8M{vFU1<(0DG>L>c$e&`k#;V;$$D$g@50H||7eZ*
z_aiR7XJyihru0(=m5+a-E|`@kxJFf}Nb~jW(<I#(TYknu@AC4l!5{OSpAGo6Ocod7
z9V|`?EWmGA`N?Yd`LI3)JV;Y9?av}~3yTXHU-&8Q_l9<_?nSZV{OIt=m1ltxHF7y0
zVl2%f^{o1|6%`G#Nu4K6G%=(6Q+q$Ns#(r3ip4%|>f@HQzyWWlCR283=jAR564-uv
zOJlsd&6WqAW_4fpNQ+yp{$bYVYQpsi;5mjub!TyGDSP*1ZnX8x0vyWQ7!V6*;{_nb
zo8B`$RP^Ngo=Q%nhDKp`7O6_k;N88J0HJ7&JIk~2xX@sO9rg@ARq)Ap!}uk=$xOff
zD0M?Q4GL$_s<{51F8^}+$%l7dhm({D4}B~wVl^tq?!1#bZSZcd<<NN`y76yrrF`9|
z>WszgN_vIZq<MUT=9=WJQOnWNPDbDH3qO~?)PR<jgOK1PUx$rrwlK-JY2_3p<yaT>
zyi1R=-{yW<OmV3S@As-NIK|ZVA>rxLbdS);Sr3Ie?nU7`JV!b*K(%e3saY`SmrYGn
z<?q$t7wgw|Cpxq=M4^`Pwqfy5U+BB>L67;N!I`X2Lc*dtkLmfh0~(d5>l|9XwWw={
zN2+}*v-sn${GbGW5K8)@^qF&Y=Wp$+7VvEU+{~95s`l4!b5r9M^AAhjNY~y{UqSjW
zCZ6rk%Sp+>HtD-D^R*d0@$-Eaa>LKJIwbh~Z~c{~@fNdhvtyo;%e;YM(1^d^^0`XJ
z=cWk#<KIhG3-rI+juV4@SFQ*9{zd3q`JP=85q|18pk<(UYOdsnKP5$dSZuAoq5lDd
ze0!{=MfP3g<FrutO&h-7U*X`ez*CWdqJmdSmpv<DK7P+wRe4bXj$ew4>#CsXdZ?e%
z&?^2tcc7=EqvIyr;h^!hMeFTq9PQqaz+?9!dw-q#=H`}Wj*$yVQB(~d1JjE5YnA;u
zx17@Ql4TO2eU?bUK6N2~hz+Mz><T03g&)4n&A82v6^8Dy-j)k+-a~I}5aHe0u#6N6
z=jKk@f{58vRmf?~D<=9LM>5OC={OJ#{Mby%9habk3A-kgvynkbW0C4KF?gTIx~}T)
z$HK!S{`<3;t82KtvFiKpch%m1f78Sl5Wm#(WH9#C(0Y^3$`!%oiz~Y8N71u`3wFx!
z^OBQ!OOK!JJUgqiaxviOD84+scVxvf>|2gj<<X<urQCuo>-F4Zth)ZM4WEbvuzd8n
z@W9$nZ@e2X(Jo><lw&kI=3)cBQ}cH}mHqi#`N0zM>X(9zO3jj{P5#B^#O$xRakfLw
zHuP81LvGLu$=M%rFF&nPl=&)OXKy{+9`_{oOU2T;KQ6hfIdwbuzGw8fO3$QI@E&`w
zAe5&{=ZjoKIv=x4YRkn&eHm68|6AU+hBnS2HQ&xupT=hQ6+MfxkqxR^7497H3R&1&
zzcysh_DH&oSF-ll-#`l9c>Fhs?efB+jZy=3Xx38MS}WywS&rY0=>DGMo*a5Tjbe1!
z7k;F_U*v)C*^I=wc3HRoksKg6>^N+x^xnA$P2GQ_*S(PiZ#*d4IaYidwgTVN{<;3;
zIH0MdZlG~JiDdqD#LX)=V~!3_{#Es89+qRCP)kb?_-I|9P)_&ii>RqP#?udST(7|P
z7dI0OU?X0_WgdOwE9)P&Kkgn|D;d(hZ}xrXszs@*p?D_0YSDvf9(}aD_T!s}2~Hs(
zSB`viwG@vM_#-g7mb*<v|KK!WYcga>1vS{QIp}a_Fj81SioYIw18FGL$g73s!0}|h
zIFaMR;tq(uk0_-LX^2Pf&H|eeT2rhMm{}?4DlnE{gp(8lK#i4kAY9l}QZO;50sQSy
z&=M9D%3BP&Pdujs9!?A^XDOB&)bD3m0JX9xV?GkuTG?#ynxWz|0ByqAP|+D+B<oh>
zL&yaS+@w@DY_K|RNHck82Q7(V+YmAUIvC451C8Lr963GF1w{TR&YOs{QKq;_!3OY7
zIq+Pf>?p?-#F;4Q92Qp283!rD2P7WFpEizTnn&pGbD_{&3ws9zujrZqU4dIyZ63+p
zA!e>9<Y)_IOAb?j@vOTdpO)H(m)<-S;+C6QQGo%#1SwUa%oT?m-wTPz#`ks&2X+!I
zr|?#Z@eTd}1u4$KugL@4tB1_}pgY#STQleBW-*{b7FnLv!xKvw5TX0g=|<_H70az3
zS)IYB8-<5f%(t#&b=se7<QY2T8DwgH18i$Gs4+4rAa!2L-GD6paG!%5&Ox`%K9VGO
zhUftxiBgGO%$jX<jk$X6C8*<1$YFPqE;_EqgueBJwZfRA&=%+LWE&r+3jPFng%2Xy
zXGY$nAHJ2e#7#DNTH%&`x9(*l!X=N7Uk$*=XjDPI<M)jTdq?xS$1C8iX+BdVBn`tV
zwXXTIv+ONk0&q}Q#E)av!V63RV-w@yVh0D0_z3i)A*NQ|)x*`9hYice36r}W%g1Ys
zpg;5gNk%L%I5@kgN9ZtMBO3Wlf!=e<b#rq6nmDY3_yJy^+~PII<Z|2=8qxwCW32i;
zzVl}@368RW4NJmQ_9V-a5Sxv3$Qk<nfYXBX-}Mh(hldK?#k-L^jD@Q{9T^GCXB|8P
zvnP>@H?(fC*=H{*hKx8FJ;^UK`{+<z9#YU5EYs-i)b_)8PhoqbE}X~G(^6z2oC@8&
zaH7}@^&4@lSP+&zWL-QWrjy($0IMWxU7cR|_P*`U@;CCWrllWmWhUR6wuT2bY<;^*
zS5+?Qtch40U!Dk;RE`%r3-4g>fSzS6rgEtHMJ|ihp!Y@FXCK0sI=0eRPQvThJHiDI
ztgott&zoH_D$Xxh{;)kx)?z-pPRLuXp14I>EJCH(TnNnuoo%!=o+MwZZat#x(%eoi
zONl?RA6BC*-ZvO7me-fd8ferk_?&a|l{QSY%gFS~T+vq2Hg0TLE8)uAs>%|$^~Z-Z
zA=V$0Mj364j+qX+5v_k^j;^vawD+O^>U3W9>QZbFwbQ-~KG^nX)#17z3VfxsJ0!ki
zaANs9-<7$P{MtR;%zW*NU*w+Y%1H+mhcZFo-t}c+{)LRN)Gd{`Vx2c$y_;KgNAGH>
z?2-Yoe+=So_H5i<IF~Rc;A!;6YyTYT=VDMsPV0c4O3CzZyNR~#-v*S1pqZWa@$j`y
zU0Bx(-yEYF@?wUOC%A2^Gd$Rx<NWe4bZfMu`Szr357)v!-^p531G6$q@_<OZgw%-4
z%<@E?!O@HsHLh{uepzs32-axMe|(GY`T^7HIG0KJnZJb}s>8h4!@MSL9#?R5iRmWg
zEUQopPr^G+FFR={i|Pta3_QOrs3p3v7rUaPbw{5P28xcido+9FToG_{APfzBbIV?R
z@p+MwZCPze+mY;5)SV*AHdk$9cnPXr_`<a6@8+x>`AwX{Hm+_1S2rHC)GfUSjrYp@
zTWHS+oAhfnWG(E8QN|t0Vp;vi<TJyC%@fNozJ=xZTOX>Y!^rkm^&Z!HfkTbpwLPVj
zm9W5tjOExnWsjDd|D(b!T-_$FZX0)F19xK!cViQmb<276-S7)|@w!#i_vjtly3}rk
zyJPTbW$Lpp=J33B(u<3NG$*=wLWfre{KxUMmwvMnjaH;y(D1JM#U1j^tL=IP4TS2z
zJLD@@^_De%zP;U&vwbCWx^?<vG-vCrnZLhRV}nH_4|NZVr~7AN!`(I0gOljE`2kvc
z)Fv)^8+WjQJJ`Y<Y~l{KaZDRHrY#)PCXQ(vcYgzSe+zei6L)_bXTE{^{L?#i$vbty
z+jk3RzK!c+<oxnZ{pDRW@LsDd>3mtzXLM5fVVL8%fA4$$Pw)NTz4!m{-oO97|L}W%
z!h5asq|e!m|KkmAy!!3^>ZkXsU*4}4y%*^mg|BrtaJpMK-A$bCHm+?0*S3W_zw8~h
z=)F=3YhMPB_s4tI^fXrW1QhRwe42o-Jh3Ct=!FILEo!Yt#l3A3<Uj3MlXnG{=T3S?
zcuu-il`wwXSiW0g{v+BWAnU)fzFT-s<|%qmT&h#)&%?*OhG|ZntDV#r<K_uY?W9H<
z29e1XJ<k~h-Y^P8jCp-kroQ-Lo}jx|xY@k@r|~AEz~6rtNViNFYRfTjh#n6zx~dmF
z99cp3%!OzBpUTjs2Ba?)FMqCHnV_gD8$Pjx{Tj!%g>N05KMumD*lPb8@2b<9fM>9;
zy|aItM?bI?Dv<bWTANVD^Pw8bmvGeWYgAA+?cetg?S2ow7x?_O%u#tZX@3z_zJlr<
zDYJfXn>=<kM!sO}b2T*bLg`WP<;Rv{EhPnK_XV%%Mo<G>=RBsOzb7VK$Up2*X-{V?
zQyg$og%$C`iWFe(r>hUcy%&Q8RU{)1PqzBJYo%P5h_7DpGoTg17RM{wD2~d8g|;mx
z={iZRp<f*)|0`!<e28|+p>J${J$t)f?8(~sBZGq5r~rcXQmi=BLdJmZ4cPMYX+|>*
zG&5?T-0+^YrKa=8aoL>>)$^8W>H7y7uIdiQVtGM)IW=LZW8=y9t(4FPRHhbnPr|QL
zut37<==Lz{a`Sgyc!H5bcX#J*&)NI@1?hBQ9bGQ+vg8(xm!>Z%*q}wdFuH?KE{Ww@
za(d7qwydpDY}Ug?bCBEX$*i4sF;3vD8Qr3+$CCC=kFL99R{tVT3f_KwWO4;{?kqe%
zzcyjnY`%cPh*CToV%%e2n~<UTAiv=0ubqc**_blY-s92fX{UG!YIHr2d~-hhs|z*I
zWL=xK^E4r#*6QO#&-~Mo9m=*4EmlnPif2jwWce@68_{R4lo}~BVw=&ap$U?M)|A^-
zmLDe?H{07`iS&}&E_+6W<69Knf#Uqyd9X#9DS3W<bXkhJ=R{ebr++X!O<6A{&F_pg
zz926fQKM7n9>2n`l%hrkIT+RM28?Y{V#i2fXy{o7_}=L9NJDo=&AgmRnHPCE1HdRz
zHoh*yTJx)I<W#X4++l2f(UQ^sZ7tdnq9^$2$Rs5;o3xzK_S%3pV+nVeXlx^Ii_yYh
z)MCryhR)dHR}=H%%d?9)CG@rZRf&*Q%Dn1a`+$)C-3+yeKcy2>WJ%!=k90Mv>mNoe
z>e;5vc`XT&FLAwl&7<qv@vX*?y|{Pwv)iotH2s0;d2!$4KTVWIA^5ECgA)2B-`|pt
zQ(M=WepjtE5$um|`Bokt_1VuZt3>=^-06$q+*Dm`XVay<DBs$(&3^mY#q^T)0a3=S
zwg2}54gJ#zf4Z~Q{?d=TJl4#N1f4UH@WZ^g-)9ceT(-V9ENOTQEw^UxIi5esIDfUQ
zv+-f4%fn*uP;`1RBQ|`E^fK$#l-&BYp9a_z1EV3|M+T1ueX(NeOYwqBVb((dSq)NC
zBN8%Yx;93ExpDpS2SFFM9#<^AGJD0c`^t1E;K7>Q)Ch}A8K;dAUv8X){DGL`)<M})
z7(A7ASHoy1AU1o1a=Pr7wbA>WxCps}Pxf1GB}?17FIacCb%vHhzwt13_GXVvoi2N6
zZFDIo?vbpdq%jM6t{lb<q!Ey+9BF_`^a&wOKYWxFG#A4>%1p(x6oLbhP%#X9DEJi`
zy1|T+;=YGw;b!u|8{hy+pkyS!D|j5wjAIRAnl{#&;@nLH6S)V$1I9pkNB|)^lz)a9
zhQGAI`vv2?Asmh_HB{BY15{6NKr8V=QtYxIrgAn}Y#l;U2+WRT3c`RxnI{NJM5ZHz
z6bn<9lz<W-6@L*2Vmw43=w)(gVeB$F@8D6PLSjsEc<WG+V(`)_#;M=Dp?ot;d&W%9
zKq>^$QI<K3LwOhUu$;tt4*{3rVg|CRf~<hTsz7;wQ#n%&$P~$3k2VZtW*i~50R&1x
z%mA{5PysXq$59VbkP;7Ko+c>cU}B&FV`&{&1G=c3!vN$&<bMV}%NVgUiKD#$1G*$A
z6)TP4wF0|I!7da0%As~>8630$skH$@NwM6+SaE}YW2118(-=P-mmm726#EhyOk~jk
zvKjNVLK-mBM2RSfB7xnJT?BDvpQRfpz)eb?WPXSSBISh`r?Km(vdRPRsxpy)zDQsY
z`cxs8KRARNU}Ai_kX-=XhtzfDyhvciF|7hR2>;LnT8q~W<;g|6mviJ|Ys*Expkqcs
zKkzQ2!2Q^tcY!oSf-1xcq@XHb2T4J2+A+5?I1Bn;B)21Sb)r>R08f!z4}sfw5Drog
z2sGB40yX0$GT9$tE|s%fW!6S0$V2mpGEwYLj79gE2cfBZpm^g1)e~tDUp(Wq*e_^-
zQ6MuO;tB{v!iq7Xg`AyeNfyvgDUnZLc7hLsypTY=UMBEuqEaS!7i&tCAB5f~inRh7
z&?`i(R+t1ffT;Nl`jU9+daXqMoG1n8gX9)sw!kzYfX@J&3}P@?$5sOrB?7MEIT$U*
zz*(68v-V6#wy~lWv<M+P2<jjhWwLMKSshu1G3-ReR@Sw|BqD1RvuENJN7xfW>;~)W
z96_Lo&Rax?6oiUKAx=ER0vWdgoyLc%g3>@2k>@gji+G3>^aO^@5qbq7N&<nA9G~##
zkesXNQ=!0Mq`(GX4iAGQa&vQ?1oC}i+9sG}0`e1oA!V$X8MCe+KoQ;<C+>%xMXKlk
zxG)BxVkgihp#sHFK>~j$=L{qgAshvez{r)eUB<eU3w*&?jDqH{8ASH$P;s<_(4h#0
z`CYjrHyDgZN&!z3<fS<M&`O0YOBh~9CK06iC@==kT?hz6vIa3E8PtGeF61--w(&N@
zSwK&vKxP;rRoFke!^<E#;056dj;jirj%1%=ZpJI)psUa}hA1*`5fnn1PcSH?E)Uek
z-*RMI!)_f9%s$3jURd((@V}E84&wO9mZW2m2$W|1$<3pw4Kd9=|4!kFojRYo>SN&m
z*{g~cW__X;cswp64YQmKoHt#s<vCq;&NA=w<^SiE;p8$F7jn1D(1n+!ff|3v*^?wU
z5pegPSL99teua2;gDVOa2iV0p5SEFy8=U)GM*tLP%aX$fVPFLrD%ZCHb{Q)Q0hlqq
zcx0#;Lm1FOs%&XYa*3?O%bBng{OM2;d2j;YD^jnJX&CUPT;d!+E))pc!1&|1i#hYr
z+XVGcwbm0?fzIeaykaQW6&ws)A>1O`hibP%XP^=g7}k>DMG)9H7sYG<eTyx?+i$Q<
zan3<Pu#p7M4W4~S95WZXk<dbf6Q!;*`Ck?5#XvG4?HGx2K@vL^TZ!fuV}F2tiqshd
z=^{CVp!T3zw1FdwY~m1-?HRxcDN@Mlj}>u*ik0(x0tbf*u%MZcYC3|i(d>A0B5$Z}
zD_cEe67!XqLG;IQ&9JQjMDb+=*$qGxivdUi>X2BApC>SkN)%5gM+9aPFG}=6!lESO
zSd5qt34+8k8zCEp`#eV+b{@Bnu*wLq2Zo6PiATUyxy3lg5qg7w0j!-WZyK{4dXwmv
z$<D@js0pkt7rUHThh)|fFJ=wGbNxoQm9s`+BtJn@@w!9<+=;6!`Ph&6JmSsJv#k;{
zEWw~aLK*%qQ5nZG!@dSh02UE^iL4viIDP~6Qs^;29}g$IAl}^&h=O)PjR1%ET4LCS
z%sz7*6a|0-58lhDNlBbe^cxkgLeEL@a{#b-HKeKz7YFzhLQ9CLKar0B2~`|~nj?92
z7;#SF=$oqIpFja<hN_C7`C8G?eT0T9%P_Mo{s1Z5Ds+{t0dNMdiR5nu)&pD6J4CHe
zxmM8`@ERDFm_(=~HX_-hL=3>C;Aw&_QZ9;Vl{qA_h0uXi*=LCZ8G)hrNuv9PWGMG*
zP*|kcF+;a7!R1gA6E%@elt(fRBuX>vFIO{yO9<SL$-yf~!A>M5Bh?E*iU|HfX8*+R
z<;-7z(Cd(Gv}iFC2nlrM7-l+41cfq;`c<w5&>6yAq~`vqR^fVZOQJrWc_RSFY5<S`
zWuONLIYfnxNE~M;z!Rc^^&o0)Fz*Xaf#;x-i5Udc2Gc&<k!TzY1%ZQem<He^(7925
zSA@eTlmZ45#-uo_upFTVgOF2%>!Bbam_2h_Ip74A*OBdmu}mSGKYD`j7|*<l<SJx;
zf)?B-#Nk+q!NXu%!hNJ}E5}vV2Ik4c6+${u7AJ7TI>WUF5+!sIQ5%9dVFTt;KmypE
z@QN6{0mFfh_&V7<p&^(^d@K=+gT=8KLA??~@R3C5245!J`2={u_@ou{tT7vj;eP<C
zEMj10>>^%O737D#fK<}qu>;g5#yLV{F%t;keekn?ym=_|GbRS~rGsIQLc`8s?-PS?
zkYZRqCY4Z4WW#~3f}Js<c#%+cS6DDOGO>eTNHp4ziV`wlqqDt5*Ag^{x;XJpNJOFw
zK6pbmO0<)GH!%Y*N7M)f#Bp{r9Rs1pXH;v6`%qRX)^M;PLS<Bt0<{F5(GlPPni4`Y
zneO0)RJn>F_Q2?JZaYX0;e;dbIsTj~-zR3xaxNXjsY2)sQHdMCj`s;wz77;br{ZOZ
zcS8AHSsTDF2$F=)Nby$w8K4##jy+EVZg59I47f@m4veEw*2B-n3&v~H0;m#H6^cJq
zje48fNa3SsPy#9Xl%&_4J@W8M5^uZu2d4{08L0d@3%DiRp$8FC+f&t3(NiP2>|keL
z8dB+1er&v6K40-mg=5HpL)>;?Y%?5GVig$9d+TZJs6x0yyWnh*ef8lOjSQq9sPZw~
z@#k(;Pml=VdWQFgD+We=$$TU}@+Jk+o>^+;P+?0FY0rN<b~oIx>rr>koE6+eROMpP
zbq#ULfeDckGr0*5a`5Z>YsR&shUB?$$#%)vG6@8%Dx)IfDWg&fw;oo)KBHWNtfW^Y
zVVzN7IUzT09<FAXRccl+>J+YNm{)4yP#Z9+L3X2%DM3^Ys$KhohU#14;vNpuH=whK
zk*A_J<O~Z+EjviEKhDQqSBV$+TS*H?2iGi5u#@gnPR6LkYsGWLD|g*9%J4L9tZJ-|
z9Mva#ShV>%qW@`-O1zR`ekp=c**~?c*LZ0sa;XlYleH$)!j=B%g$D_um-UTwTJQ0i
zO=M-qgg`sA#AL53cC3qR6z-*$w`RFl3mpZMD@n$bvDbM<4~+69>?X&x+8;I4{(X%N
zE?*u^f1OimJ5uQp&iA**@O6Pv>h2gy51~D=O=hB)#PD<#8WkBO85MY%lv%cnE>GB!
z*-6(Z_bKL-KFS>`FZCi-oqC7LMzx_T#xTWec4c=z=+5tc<Z15Z&{z{v9#VB|)%Y}|
zBBUnd>E!qdX@^oqawkudrpfvweR2nhlQK)OppH-sDP0s<su2}M1yYR}LS#yL&k!UY
z>V^LjrW}d@HH31BGC^^st}{gI6-A4xOO2*7#pu&uRCB6K43wtcl|z^7N=4mA<)PB&
z&i63RFYK}IF+Wa46`_*mOnYp5EPEW*tKsGFDtN`-nB+v+s0Bh$qr}dg<QcALm?>cg
ztF@fqBf-c3Z1=f|?Q|*C)%vD<I#~b4<?;VJj(2Btm!Z(8OgcM_o2J_J7<CVoi%LTk
z)6dW#wA1kd`W5@v;o{{*<b!bbc%!b|ZnUR`mz9^9mz_$j%2SnUl}eS`#&QPpD_llh
zCeDxpNrB`Qk`rZza+AtTwV-BDM5wY<f2u&t*{(;P4#&yedEM#VCEeKWobJ>)#Qb>%
zjqT=5=WRnO)+^U*CCeqNj!ocZaJ!Hi$)}Rll9h}nAvSPhxHa4yem<o7*dA^Qw+*Q*
zt1PSaDsP!MF88YPs)!s_nb0REjCYV+NG{|_(kx|#B1$QuxKn!4xZL21j~QBHIxxOT
zalCTu?WrqytHzh)s`uzoZO15U_{o=J*5T^2d21GtwY8(y!gW22UB<ssF2{%%mN2$z
zR4|leLNomAt;!Wr%ny5g5_5Z2#CRAvI{Zae#vjW^_a8rc>PyzqD_t{@8%=&~AvZP@
z?$RzgTk>|)kaVJ5ZZ>u8{NB^U@w#w$JKPX0VI^q}tH`K%Nl^<IVJJwUeQna{z?d+_
zF-9ofz_3`tIAGi@T+1+f_^IVsC0UK)N`=IT#h)}RHA*f;l-ZS;l-VqgM~54EAO!!H
zKIf1pNEc(+JS++(_$iVkoA#83n%eOR5}CpgBWsvyR8o4r%(%>YMSN#NZOmWq!K3O$
zQdB#82|{lCKTSz^<PVd*@=K)BaFurL*`zhw+Ho3*P65P7#h);IX!PXm_`v85N)rXC
zS0Z5|X&EqTO7^B~QbJ=OCDs9B-ziplNfPE6HUBnaw<*b#DC+4LP`r9PTfAb4?ef?`
zIMBmNaIBAF7Q^dd;!xvIX-ifJ7xu7s8BHiZLso2m^8cniVxSeZ1>=IFA4%-wR8lJW
z7e$6rO}R$-Md7F9QJg4j)SEFf@tpBz<HfsDx=TIJ&m-ooj<Y;X=k4ZA8f!x;Lu%J6
zv_~T+M9HzFSn_#FJcUL9Q?L{-QW7bN{F!o!;!E)&%aP>BXaA+v^W*?h0QnXrjIvE(
zr$kUCDXA1&3K#WSj2z7&Mv%rvQ>2M>6`@K{SX2%wl`crrqH%R4p$bqLsIocR1Vn;W
zg4uc{yaxUhUcEO_HdZ#_H3}uEkQ+&j<PcKA#QgaD*!;xt(}ePbD%d!D3_kJlb(Hyc
zvm&yPUjC!X|Bz&cPxwDG5;j}#UmoY*{^lR&;7k6O&oO#5T%I)kp0r5*Nnz2;8LoIm
z&I;!;Op!RB@pNEZZgi31jdDn=lp%^jxN?c*@&r@3w1?e)<6K@izsGrp>e{ghvM|Li
zMj&3#u*e8&l+*Au@P?>|<>W-f4`c1oFp|X&>yhf^G3EB;hzW@wwq@pr|6x=ppcv_{
zhn{w2=gUmXY*n6)RJxP4$<-7liaOPVdXnlBqZ`i}uMjUBuN%)4FB8w-mDv5n)7s0_
z%ht=Xv7)ioWkP#Ydpx0Pa#VXvd!l7DkbIXCLv^6Mq}-zXrHE5XC>|7MYH-Y{fBARM
z7`}MPcsLC}lcEVyrK#RA8Z;J~JWYtELvx|BQmtdyY1&i;>W!E)v`DHj)h$MpCPp)$
zfx1fQP})fvZx<Hzc+UDbXU@FGq{pVmg5lL_=ga4-<|~fPd(QWmu0Nfxp0Av*-5Zx2
zl^mBGJ0xY09Y_vj8YO_TOcA62skYQJ)Ih2zb)M2fiKOgN5=fFHNivq=Kp6=?bJo*I
z>;J#{Y2#2?JE1{(Oi`kS$7sbf$IE({{(tR`1-&kzlIM(j?AEJ}t=B8Oo_bY#RYp!U
zPK1nxjE9UJSIpPUKiwN$A739^pNJ*H7~V016i*qT$Wdx3D5?fEjLJ?0&}3-*G))>O
zErjaM2<#Y3g;QXZ42m&TjvCOO$8|iYoYREpzM|kYmeZ&^6uHv@{Qk==;(Xrv>K?Gp
zq^kw)_$+eor3uYGB`!`m;n<A+Ejh00?EG>;kIPBPfRC1){UOssg}^Nu>OfR_OZ@oi
z)46Sx6MsAsgd5Ge*HsoX2P5g}^R%qnrb`{i>Jks*j=kvp_tSumXD)w&bvQN|_|0$$
zSH9o(I3*ll+W#eUQ^T*GLs-zXAD`JXCY6x!lu3!{Bi`JkkBu=&R=(Vc=0{dLsxgM-
zUrqWr8Ixs!=Lu^up)VXa!D|rFdnwXVhrfe)pXz{MtY6_S{k)m9JJ-Bs&Jq=#`mhZe
zwN2kkIl~yN%U=${lpqTnH<==^+IV;3t)~kdozPvjuaS|G`;b*=85V5PC(f85p1Hh=
zk-V3}7?>=W+*U2RES4CR2{@M-ba9hKNtQpSyui9o#!9np3c`5GjbyrkR22fLGbS5i
zeu+Uje{2mz(wG+UQ8_8@p=^Up2eSM<<wAC#9OF9cKJ{m+b>0168MANii)x(ySdH_F
z4aVZQqRT;83)RW01<}^?iv1WE#7=RTV1k>f@)1`8o<%Y)G-zc}(yp6=7GTd1*m6=Z
zp=VvMUA)a53<<PT6nJ+9H&?YF&6q!(t1Dy?B^b)`3;slHlw0>%OmRqP*6p)6pc%Bl
zeXa758KjRlXS`k&q@A1sMm+iAE9{oH#vFof!A~PItotrcu^T}S@p4G`{!G<^(xB1T
zd2|S2j|dGNt@2SB#Ljd07#mmtL>AS;!2+3}7>rTc$fzU-1dHacQgeRK-5)5#`~dq8
z8Y<M`tt2!c#Kk8xAT79rHF4ySRjV;okoUcsWaIdGic15pq$*m>dQ*6rFzgCTM=FN`
zwKvq)OaY$)j*|M)fK8Cs=xWBqda!=M_$r&S_KQO9GkBX<DeO%j>U~USt~+l^2Q$#u
zn9wt=;xnvT=yZR64IjSN`T7M51Bh0U(<;mNMjGp@6v@pKQ#YOCXRaOZE)ya)D%^Gg
z=NStxTs|u{^osg_9iiRA4b=PCtujd_#uNEorD$*J>HxYy^My{U$?F6dQEFd!Q0Ig{
zH~WGyXcVDNVpfu3qJZKNiX<3wqA{Lr9FJ6m_^JB$g=Vrg8*?qX{EPRhm?ot=#zyjx
zzO+C!;oL-ZM}m;x*R(J-@F&nK!sE2)3j?i!oN4iD1)C}}X_%kBVrd6RY1dCtLbgJD
zz6!3)%Ak+Jl8bjjWn6*I>dyU&IFT8aZ>qulS8x(DY{3B>>5OITt<WIQ9u`V4MQTKy
zU`+l1?)Xc{Gf~Vz;1TR!qB#z{3hBVVKx#*UJDKK~WAU*Juz`COT!y9*!x)oP{>p{$
zIQDKR9F0{|^iML_EHYMlnBlake=d`w9cWvh@@tHp0<0@fs83l@V{!F$ipwA%t?E;@
z)i^j9#f+Mb?dwwx)dbQ~oi^dJ=u19MVwrJ{LN69D3}N?mx|*r($n#<Wdl`G9Nzr~#
zNmbvukG(G4NzHV%Nio>Uw?0LDA;oFaw6jU^ft8eVACH^R3!mg-z84G0uX~>to@8i0
z10y)++$Y$^TMsxxc+;f#ZSZF3DTeYta=LB#4eL($OB{CP$NK%75ChMnPQx&ti5E7a
z>Ql})GZ`?wO$_jHD$f3g?I)*rUijp%f*KQNiRrHVJxjN63{Ysd|GBH|zop&4xli+e
zEe_nxG(YfMNDfLELG*eb57b4;ZAt;JOFeFK_&48$pw)087G~fX-wF<9Qv|b6|GxZV
zDbXeLSX!PsR~nQLuaH)h4P!G_E9@0gtS;xcjJD~&^qAQn?S|Cyeeoqx4+-T=d!;Ve
ziWZF$4wC`=#@<J&EjIq6<_fO;u1X&n=mUf8i_Hx9Ezt?7>HE4KsEvJtG+cbc&~Jz+
z-l9MFJ7f*YK$V0BeqGqmi2?<A+ZDVd3gb8pBx@HsI$0vnB}kXzl$~bLPT(9UWT389
zWgXK+G{vdd_o2VTjG$1w%WXx8Pc6jQ4X}<-t<U>Giyq<L#Hjw{v42T;n()NGI1gVO
z-~c&iGBa!B+cE!3vHSCefRzMS)kkXn42~m|2Ln1E`=}<X1=tu1FAiT$yxCv+80fD?
z|Ma*#U+wy8Ip+5D-yp$Iu*wDousE&+Nfj>gXT9#7_T(DzWdHNF6IX`|H5qE%-{8jN
ztnuKpNT`PI_j+iHdd=q&B-nR)2CSvl{~1e^?r)DiVK7{%&5-c4_-&4<ej%M{LTcLm
zSA45JcEz(q&i?*r(bZ%ZwL80sutlf(Vh21uieF<Hu&?OZH+&!vC)wyj5@TRk!nOk(
zKEjvefY;MrPH?&k`PK@O-n;742#Effro?mobHX5XA#8xopr2BynCia`xhk+2bVs<X
zHd8G|R?Xf)!FT7fs;7gd@9rn$OzHQu*-MPzoDuySH~hpT|D&sgFoDEAq8RQ!Y#56Y
zv>@>#ArHyK0B^3%lzk;y;FxDV2_aSpFNqPMa#H}U#8|v+C_IXrVY?W>?;?>E_iq8l
zYi$@zad|@Y@%A|OPPTvft+Z3Gp`8O!CJc*}cILHY-0;4M7bXP%Z+5bvn70!D(@ZlE
zF`*>+f7>fxUe14+X$&FlLN4$D=BE^&ANId>@n7}|$y><5VCFMGUb%=J_&=>Q!$)D6
zM_K-hm;V<XRF@skOG|y7-IV35W;C9jmKCnCc=}~PebuzE$_=ou?Ckqi>phK#@&9hE
z78P#&4{Nok)RkB6bM~*b<7WOYBkGLpA@AjxY8tEJ?l=a*pFl2x@MFpU2ri?i>JmAR
z)gJ#pTV~~n(9EGJJ6+_tMU8auqHrboMCM1G^Y_aOo1VyGFZKsM2jr!FKgY>nX3ck^
zU4QU%a72H|O-PvV`ytLw@7u);4NdzM&gJ?p%HEcs-XDI2OZnQ>T810$k7yUD_lc_&
zC5ZG#U19&GF+A~?Xx|_6gJsRTv-XgHO*?okZ1ADgf#H4AXs`JV-tRjwEOQ$04S3a0
z?3oK8xIZz5z4LRFBSSsYSl__nvY#!O#B*_-em>>M@Vk6YanB_21T+3qHgl^Q8uphB
ztdRB3{6^C^D=s2b`qONfXu{ezxpC?dUy!QzHY*uCO_R=JxL(Vf4A<*=@gG|xmj`1L
zzI2nf@Kfu>YvqYe)z1m%`U{>g`D^rFKKsnKxQ=;r(Djls(Z5qcl126R7ZY6J?b>{_
zK!52KW@VqFI$Of8G~+j*dOxw}Y9~)z`ugzc&G1QWpIVXIm(mOCEIKcra(>Pu_jRAP
zsNvvsZkyw1U77v3dTw;!_1c4oq)5t*KFeqRUDV4n^=C@yRqErvXu;$0p3skn)hpVl
z7kV-AB|BRw$HOp+`$6jO!#5MRtAdT}e@*8&9O*Z7t;>$l2c|N{%Dmc-7Y=CTYYAV(
zOH>|T*cM)KXmOiZsV8#<QmZz}m-=g6+$I7l(uGs+6-|rk+CCEe^G3hOafEMa{;qd|
z{yTc<=`Y*hgS}i_&x?08tQmatK;=kh{gwUdgTP);!ZA@~R&uOt+-uZpVtx!hE=oEi
zeP-ZW(bO^q>hh&5H()$qR4Yd6Z+S^LU%bGqol3<>wR>Bs@=@^9L$kB<HnkJ)Nm&$Y
z1|VQF|KZoX@j5cP_z2XJN+0lXlE`>Hr)Jc@_xa_`=xGL!V?>SBGk&&HJs!aoqW0UD
z+N1sUIN+D27(97i`wo48{FedpaKymlGwrn$U{y&B`0L`2k303{8afHVU$#WaVI+Qv
z|8Pr^fL#K!hs}uUR&~mbXiF?#S3vTWxqj9_y<f0act5=Kr3*%K^KgJtdtpAEwkPc2
z&L7>aVbnv}Pyf01v_3O(D;6g~sez6!qh&`&H@8q^YRAUm8rjmh+jJ*9#w`Yn!|E}D
z^=kiddIj@hv#3&eTjR3WNTqCeq4syi=kw+Thxf1j#h#j-Tbx*Vxkcfl>vJBTr>5^Z
zEq)q)*;6^9;?eVX9{%WxgSAt%v-Jhc-6c|!@16SLti_pc3-1yWc~F*!;@_d)UpfuT
zW=yY#rbh4Q2bN9F7|2Z+If%hy((Zm4EH38p9Y~X??oR(8T-ojY*vHTRtx)trvRs<b
zV~vw?`male7?C+%J!iXfr@6-A)6m;TIK5e5(#S1#9mC+Fk8S@40F*#$zgYhR=_<(b
zSR>Xy+*&m+kZGOl@y&6#{nk8}%V8Zi+*)|rh>>GQj<KHRsdKm+ZS&pMY3*f0@FTZy
zJQ8-|FZk=fnz_>}IrQh3?tcrvSIpvhirz=N=*9GMdeyAR@_Fm5Lzmw>IesIZdwOJf
z`=#mcc|>#lcAqUawLNRkX#aSXw@6I1{K&-1J}?9MosZB3AEgQ2QWw0nCU}W0!v^bp
zY8XOP{~Zj56V&_H$o!CfY<dgT&!#We(@&`WHUqfMqlD^rbF@%x(PM<_e{-x*eQ;#k
zbO?}_4H;mlQ2lX^7phOr2%*~USwdaQ%HIW%*Rt|DR$jx(>sNX0Dz97RHLEPZvMqd)
zP<?hz7OLNlynf9U>Nkt>h5C)6LZN<>s931qAd+qB5~2F@$ln-}eR^cuTAoqlZwSf0
zJ@Pk$Wd9!7&X#?A<ZlAWBVPUnknHOt+u5?+eY#M6e&kiM?Dtb6RNo)jwwG=CdZGFN
z$u_+_-OdrJFOXBH{y_4#dSu-%e<wuNN3#7b`v%G143YhV<ZtcBK0@;MLu5Z8`CB@&
zuaNvL5!qkpY@zxL$=?-`{f6ZAa*I&EF|rg~AXFcs3x(=Obg@u<i7pYUKau?X5!t8c
z3ZeQHT_sfCBKdnH@=Em@q52qICsaQp`THcYuaP{uWPc-h6((CkvUJLldW%qfkJbs*
z|L9Lb^+CE#sD4Oy2-O$qE}{A($+&^CPm+uqDElSJ-#3wclkO9$f6@a&^-+>>1Z6)Z
z`I{%QuhJtz^;eSd1ZAHk8Anj|TY6HczDs`-s{hi{LiJ(#yHNd@o)xMu({n=gXL>=X
zK27rXQe?lTmxSuu^s-QGC;9s+vX9d%LiKZ!aS3H#C;59SvcJ=tLiKr)zpWzsJ;`{5
zd%(Lw^?!O_s6J312-OejBcb|2eJoUes85CJ6D5C#MfQvOLa4q`UkcSf>T99;NXg%4
zk^Q8;6RNM&e}w8UCBrMoK2tvl)o;ppU0RsTF|l#+T@n(tq~xyMx?6gr^z7BUPv6vj
z{Ra#@YS7WvW73WtoId2ZjG@DhA3h>8D|=+lsL^A_o-ppj@h43<`IJ+0^YRM{i;5>s
zDw%v*>6Ehaia%6VRZpEZea6gLr_Vm)%$izTUA^7WFsIQucb==s?eU)F^9P#eFIc!}
z@!98`yX3r<^Os(*?81vKUVh1?mtB6vl~=8}dgV3OUbpJ{)i>Pu$2B+Ie9PK(>;H7?
zZMWZX=Up4_-uUNx?%j0X{SQ3&mxmtS{K%t^J^t4xp4{@cr=H&W_h+8n_T2L?Z2!lL
zFYS1F=RbG7^6G25Uw`AxxBm6^JA2-J@BO_WeE8A6k3acz|7V|nap23ZzW(Ol-+uS~
ze}4G!;7>odx}0_O;t-$E_IA7>otwYoj0$*aJk0@bv%5YZh7B8LO?RUeVqM^K25fa`
zRrnoqnjG$c)$Ry5>H`kD71L<O^5yhS_k1)}?AG+M!PaKKqx}gx_&9c7`MbLIQRP3;
zYo1na-Ku;y{U}}Zy7G^&DffR_`F$?$rni*~u2p_{$D!9B{i$7h<!|C=Uu=K)9WN=r
zN}tX2UP`~cM!Dq$<$JDE&Sic*_Plb+Cgm;krz@3LKX>SK{a)MOk^g_+{-gi=>umqw
z)?;k{k*4pr-u`1ZDEt2$c^n-5((k+f{VzqX_qX2u$L{*y-u|ukDnERSvWdeTcPigY
z$8$UT+^yVv&;Q2upLtjN+i#MWJ>BFbPZzU@NfdDj#)lL1$0bb9o;~G-OR^f$TVKC%
z2dKa3)g9xt?gK?qYTq7xl11+U7B#+1sOyU|E~<oo7xTMYsP?~`-<|y1xZNhNZ!&2E
z<984<IIWyVUKb2)ck9sBtGMcS^`c42+vsCTl(Xq;CeWPzk}~BFCM&1&`z2G9U*UAy
z%az}sa_IF(fAWj3`b|7;O8dkAK1O-#Sml46s61x8avnW}wiYm-ij=QpKAlSMr)vw9
zFF5JY>H594za#(uzWo<Y{dKngaO*L)|47sKTW@~>xBuJH$m3wyl;3y%FB%i+-+KFR
zEdAf!{@$!#r_(pkFLQgos#cylP5CxDq4a-a`+H7nfBS#S^Sk^Q=V5u@%_Snw#kj6_
zy47X9xceHFzPLaAzwIBc{AKg4h}yo*QOjxO`00nqhmP_odU=PlG5wM?%Kh&C|I@GE
z5c$1sb^GI^{adAH?)9CU?xSnkAHM(U|8D!Ia{J$2)w%6YyQy>Q*~W6zmF4Tz4$^-{
z)b@X{>d@Pt6=?E`>M0e4C6yvQbC^F%{x?Ja=;J%S>)7%A#LzuQQPo^u@9_IYx!2*-
zA7xtIo`4l!nw)`v!!F7^R)2GSqqV{5a#%e+tKI2y)CWAiMZqy%pGRLpiF_{VYxc_f
zivC6ZfTPJ;Z*#dY+}j+;((hjeteC>%3(jhH%y-u7i?!M9KDm%Q-<)RsUZ%_G4_E^p
zkJaUI&k;on9re}*kFUvQEF#}#S81|4{PjMkH=q_<-{^GNjU+kzqQK^s+k<p?>TLms
zwaL*W(_SIB&+nI;Yj?Pv*iN}TBN6$Sc%G3spX01%Y_nYy1`~^kJk37*UDxbiB#LD!
z91D?NnFs1dYrW6o_mAKbTu%4As7=OKBq}U3OZ<^vxf~m_LsTOtnr!YxR*%==);HWQ
zZvm@(Zf~rpb}S62915jU&rdAVp(n>{lZkUQ1gv^C=;<nPxg2wBF00?+m?tV7Hv0&V
z+qFn7CwgUayO3Ev&pfQu>-1u&NUYC^y)Lt;*@XpTmwOtlKARistTeLCj^*lEY@6?K
z+L5(-;@q|-M`(|iN!QOqw#>IVUGg@!D3&Kmql7w}ye@~#8o6hTeACA`n!EwMbT(mM
z+U7W90#HcgKC}iFA(bWA<pF1d(;@d{lV?7bP|%2S;&55r%}sR}9Fgo&$9#;*(U<LC
z<gRb@dECy$m`RNoWo@*%0%2dV>5hOXMdq}-xC);q;HmextahJsK1S-rGZ3)VH>#tp
zpsK{`5BQqv1I<21*w!1#;M$B5;#gSUs4v$TAj_-69|%7#ia3q6p&7>`)?ssd>}}_$
z4<G1vc>?Mn^SD`#)bVE=2YR|?N*%T)xlFq)U<*rbwG%}Fsq^Z`PPxhfHMKu@0Qtof
zY`4?xusZ$v0<m)gjaarLu)yP+Cn{|9^W+}XcevXhz+o&GRyP;BTh1bPU%;XAy3yvh
z);UlT{m3Y}&OAFDaQYprF{*q`o@TdEe-wC{nws4xt9psjhsm}39d3JQ7pY07pd>pR
zJzlw+WZ}ZHD~qde{5a}Sit58EB$hZ)CX2F6G}eH;l?ygDsW`IEk_T}e=ESxI<Pjpb
z$Eb&_YOmQv6|+qqV_aMCAZ+$Ke17Z`f555wqy*;<R$Nnf90ZT8;P&bJFu2Pi2K$@6
zUXM?1YZVSdM?gPxqQ*p?GeX0I3u>@6IbDmQ#^y17HW#+azDVW(HbRuC43fLm?pfdt
z|K9Azl*kO3$N~=zR8<Y=2b#5R5zbZ)z4EVXZfHQEQx#iiyTWD(pj6uB@ff+B1|+~P
zCVBjU(CR%_AEuMJW^KfXu#F8%I8HQke9@=R1rcMaP--3O0K)FHBRy5YqucFp*s+^k
z4x8Jl*Lm`gno(3%GDEKoRehz;E7PM!_#I6)Z=(mx4%<Zi^btJ^OH)Z!ISWmp(?8F8
zR<j2ODyj{vTh%z2%h}w7!@C(}e>!TnImRHpx(sbvz0F<kkVjx8i<WhsV^LHgIt@eQ
zp=ccW#&`YD^f~6^WT6Hwu*o7iS3QTsPDDA@&p_o1+z#2y(969%Wy|HGen&m+)7QXH
z@N6QFNsrIwlO?U$9ZCs5C2pG+JHzX9%7r;S^#PZx$&3?T*g4BM*&6k=-P2@q8n<4<
zPJ6N<_UqNzqNX~J3pIc`6ROWNo2xnOOv`mOppvtzI#SP6AzLOY>-6@Q+<p2EvHBZr
zGG|@RI&9M-To3ExQ9Lk7y(iefikeD@O#F>ZR7DyE(3UATBRGf1Q<axo5Q?-+v79Pk
zY*oYpouQVKL$<tZQR`z%#kEM!Uv<LJ>#}-}JT1$1maH@D76tV7(gK|1Wo72GVQ2e-
z`=#CHBG%+-MiZ`1w!Ba)>Q#pPup06NOQU|Qxkvc*;UZM&EYM4^It;LKW4uxAv{xtT
zl?dlI_P5b;MBdMF8|O$zsF7&YPj-|oFNW8LDiot`V!9gw3y^u(I$6tvPiL#c+Jof_
z%>%zojuodMugB@u>msAB;atdz_NS9c4NVi4etAN(+8U78)<D}i{f*55y}Ao4->438
z{=|{)A1{x1eIZ_#eyqq()P(}txlY*!!LAp2Yi03>c}|zi#3_19+v=5P9$5ik_uKV+
zP<2u8bIStNFYONcN&0pAW7@P(xfh*D7tzz{dGw4H<t6-n9eoG=0R0^OF8vwZWs!0p
zdI&v+E~f2t3)i=h-!G<D(f81g(J#|`=(U`GKfh~>l?T%&(39zUdRt3mzy1XrzLLI;
z{u})U{W1L=Z8=+c1U-qKPB+pQ&{xwp()XSnnU2T#{bl+C`a3%A9OXgu1iF&0rx($e
z(AU!s&`;5?(EI2E%$INYz5BV!!|BxX+250Hq?gm1={<DnQsn~9KaHNm;SPRZN;h)&
zHT=GT{u})!{WZOu)Av}y_49iMzmKDLbGW#G{W&?jk<Q@o3VI=ZC%u%@T~BYIAEvj_
zAJXDH<rMmOdLr$h7t@!~x6t>}f1`KNU(l^|FYd2w`XqV>)BXJgk>%@R+B<lK?q$bD
zy0(MihAR#;J~wK7b_dg253`*A6*to3j#FO#J9)?8-*<hDhgp9`CzsPvJ{{@y7}Kv9
zu6*I~k#6Z=xMA;M#@9xTujpWU>tUAjzv5bYTc+}+tl!6bhX2m%%RJ2bJGuQG<<pUF
zk1_oUe&0g3M15b;fw%ld_I7f*++S&Z(c6<9wfw_ve`nKC8#TSPgXu&kmv0P@{$&4`
zSpQ4X{qi3*-ikkK?5>7-cTJ<mGfy<TLl<#&T+}vrj7v2m{T0P5pGC?CXk)mbEwr^b
za=hVj^cK!<^r@D2UGzInTwgJ+@m<zAvfH@2)ERHJ`Fu8cyU6ZXXiZ<-tY0{}<h5v^
z(dOn@m%}|L&?rZ19WKXMC7))<YcSsOk~brqiydLJ2S2r+e%aar)`Bfy4-osmY_)=1
zPzzeXCa?n>kmEl4vb6%VfVE%?H~_4lV>oC5o4_7m`2x!UUa%JI0OG)xt=XU!Sb&w^
zb2-clTEJSc32Xs-fcO&Af?QAwTEJSc3G4s|faNPJ3se9vSOGSH9pC`4e2wv-0(ij+
zun8FXk;`$l9N)re)^fTnU<cR(4#@ew!7_mrWP@DbwtE8p@j~8B^fU*?3*H#UpwjY!
zywbw*DS0Jj!tb#8>Klb#KpejL4xjL&pvnhZqOz!}ro5uMq`a(39OmP6I|5_d42@F<
zhaB%6J3`)Q@dteJ9wI;8gnC;`2)Ad1oCGPx1%GgU**75}IDgbgAtU6rwtgpHWoz|$
z^jp(WpLq3hlv;j$qoaP_2z@)l*59K3a@gJe?Do>nH~i$SEtg{ik6Kth!_vE0<hC<D
zeEY0ie@(z;ufbS#A54Apo*E{m593E1YP`?k^4RPV>634@saH^&{f-gy+q?l1AADa<
zR!T1U2qWDdcE3bE8dzj)^7tI;AWyejv45I)PthMepZ>Jd?r=GqoB=))YVhDFU!d+y
zh2M#cn9s4$t8Spydfdm!TWz(ThKA#Yt9!ZD+I0VM!RjDlKIa^_$EV*4^x2#)`Ntfa
zuTI{o3C<HSy?jJb?`dkX1(%xT2-IiE8{?Vv9(RK*(B-AmY9^IeRo4`hmlX@7!x%Va
zYH4+e@ujk;yt1&U()gNJSXfhCSu&+Y9WzzN@bYOzm6auhMUf-h`*?hIN7(HoA+wo(
z>ibu}6REzNWr;%pGv<(C!31}iyv@c3%BXmQwR=%%v9%GSFoXP4pP;<TnwMW<)W)IV
zav+X!zq$ddMm89aUHy&nUZ30JUhMFBtX`YlE_2=KwmNE@@_D2fk29N9RT&r^XgpaY
zCT67jtqnd;lUjbdf2gJg!dC3MMRE~x)XC|7&DfCOqi+3qs=RUTvm4{&Qzqk9u19~0
zW{jzKdHjwx57arb$>z1nWRJjjmwrdjFUl)RCZdk3D9x)bF0Y&-N=xzu&Q)Va3*O8P
z+Y~YWBvDzBS3OBoPA$`|?$OGet9RM_C~5e!pfs<lYLpRnD3q=GO>>94-lON3e(rPz
z0;m!kZoAXwZZmyw7ufZ8qC5_DceKeCKyvDveLnpbzuVE#e21Ase;!^`T~j!-%qkBD
z{8==ks6Zb2@}{+{N%T9g%scxc><9UH0dvW5`VIBwK<EjDvHs)yR&OI#q@Ty-obo|v
z@c5QP)%3;=LxIIkj@X&uyRJ=fP(2^?TjKh&DO;0Kuz4J*MesqD%mE|q##03~UE~_M
z7HqiPB`fZXp}hTUtl#0*Ur`HfwJe14(Z4?`?R;DrJcG!5(KF1bcW^w-aqG`#^c&A8
zg(LJqTw&Yk)s6Zr)I{<*p+1vOK0d&n2%E9Zd|sPhze6q?Rr+(Zi0ujHXLV_nDw@HE
z^?p5boo;8qiI!WSQC2DK=Br#?_=|h`HaDOmmXGf|`r&50(x)H&kw<J~diZ3YdsjZh
zP&+G_kE|c8r>DD`&p63yo#SxpH}G*R=?{UhHod;L8oPVEHG5%t_Au8%E2@3JBkZeQ
z3i*B3LJb3uPpF2%Ch<1feGy;X%}wJmUHY(QO>3w8*2{hm>N!nVebIJ0RvcM+HG*B`
zT@;-UJRU+zQ4MRMMP~q?v*EOA4Ac|WX1eGjx1D)Z{<?$D#lmJ+2|+Gvk?GWX=tP$M
zutFwOtIfib*Tk}^;ye^kvndo6i{Fj#EFw#<b+bfPv)^a@tskfQ!%3tFo8rQyQnOc{
zZ6Y?Z{q1g>Kh_M{LgE#N-GMDY)mp!3sJ=(*u>Hn)C^QF(vGKROX5*t$z3m{Z88`-v
z+E$J54;2$+6UV5UP7%X{Q{bfOYqGhxK~|w3$;J~^ZW4wraAKG1C0aJiLr<|pSlZR2
zCoYJYqJ|-<ew80+IC0r(y7AWbkAEI<vJ)20s;DJpg-|E^EJaM;WSbXyK{xouZiC*7
z%t%-G^zxynY&9CQ$RnE1@AMh;c3D*@H`QZBzg0dSZ*Zx;2bDE5#*M8RJGy36PS{#l
z5RYX3ih{OFh@M~8X?ACWp4$O+73z#C;lt&lNk7iVavMg-eH3<F$mQ{YJF^sJN994-
zo>TqFR1GT|JJt-BZSf+M8sl81w|1J{^W2^V?o)&oHY+;=VwJKa%9$fRy9ZvayJY}9
z=<0~!hO-AnO*f$Z=?)y#{_qaX={M2dBc1;@b_Ua9iOQD=$0(-`ZhyX~j*XnoaP)Nb
z#~xXFPUG~$=+D#s-^eG!8<?I=OkcA**oe~$rRtfGy--Aa!ltSytv=M0(I2B;@_J>v
z2A35oFj3nUL3k~qsvUWH3Ap@iPRU+d9WDw3i}cG<frf70l#&8#X-U~>MU~e4sS}Sm
z<`|*w#i=7o{lgWA$BlMHGul-R^5&I34R2kkNv-PIMgOQScMBS2?JZBQ@*L8p6N*rA
zX5`%p84pIrW|478WUPvxa7z3MXTk3<!B5?VXvG9Sohrm<m_Xj`X>B!$A6sMKF5;)w
z?&3R4@Kful7<V4rDqhC~Keo2Uz+IkgZS9U>NB^s}_0-nZ*7GpDH9ge*A=s;Syk7T&
zjnOZt+8rYsaqW&^E{DePBPY>MWqNN8z2lB-9AN*2u7ZqinBiCU<q>tK%1^dIor`6r
zatXfR6{2HdKsImZxIA^Tr!N{)j^OoflgG|3OKi@w{TkM0P;*$*o5#yjvHGS(H^cNv
z^x~tTOh&W|!q+Qf*m~4$lHh&Ruzqb!NfVQze~gp{Wbdj#Xf}D)37=H{5q5oSG;dVT
zr5ZW5UUmmPIh_qtdHOcm#<H)Q9ErnafzKwp_Z(xjR=6B!4&(UIyU+w0oqqZ1t<dD9
zbJ&X7UqyTEOL@!AvnaYDeuU|eXJ7rQuTHgwCNu^D-tk#k3l=QMoa1iJ^!Vmv`Pl_Y
zHV^Bw>YC^HGaCa<u2V8Kq#g|#m3p^xe5iG+3A;<bClGbLXB-ad{*TL^>Gx#nZTR55
z3;mmZLqZ=rVr1qCnb|_Wk3Ax6`jMF<MdhTT(wd2-CHVz4)l<vz@=J@V)P$K16di1R
zrn-7O*?6b9y^p-N*qInlzgHZmUz)z(E6!8Ik?ysj?c|W1^0H(zDa-AMxC<;l^2!5)
zvzpz`;F-uAJ&{l`z~pq!hMM3l>lhBREzB{(M(eS|<S=*GO}iux^T`6oPpq*#Z|DRV
zXDrVvdl}kXGB0FYG5;dJOnR0BXCS!+DPhBGesw*W$a%w(qJLV|N64sc@*%<0(3x1B
zqSEc`zpWpoVO_T|BEuHht1#VeoZiBhW6X;wy)ral*y9?zdiSCe%RG{FY5&Fgjr12*
zRa=b<o&~CIshV0+m{m2gq|mrblVyz+zkUnF*1Ql62iZYXzci?G=oc4qb^1#gp&Lp8
zb@N$&bHv|V=MOjo&Ah_s<dh<6g`v|_sH<k(qR`z@H9fut9HHv$5R<pL-V0s#s`Fa(
zcwSYq7St!vKgIeg{ZSoG^{drVdG9-~ps1#zvPibBO3EgNDr9*M*Bc07m9*FA2pg<E
z`okB!2FLC*u9@}hH?EC?Ctu@@0AoudZf1mClgr1b@>LJL(HJ}zXN1q*Hh+wngBRXb
zb(1sv32pF_UKWXI4j-<xjXTr}9JYC(<cs6@3`9Q0h+MHTP2}afTAsXh!374}Rh8Aq
z=CYz0)mFXxt<$Z)=VEQ|-mHE@P~Lk<2-OR1KGCrewUKi?o;fZ@mfnH5uDKygc7m1-
zuB^GpJpI3#2DFOg9l}g~q7<{YuD>;Uw$M?irb_!ytd=|(a~E^wl%GvnihMn*eo>8n
zZnoDr+|5m?CaWnUA^%;|a+7JbDR#BVwBD4M5*zR}J5rZ*S&w<*8f-4VBlV*$_nRIw
zCG6{B+1I82{if<h`SzDwn!5XsdId|vLEC7X?^JK5$hGTlL^x3L<X*Pxx4bdLFJD(`
z<_$}|ueSaomHt3OU4mG1vUA2{TCG(Mhm~y-V^cHjj`>-vLYh!?N6cw<V(YWy`m>Ie
z8KxIzy;&Gm7Bf?BF>BqM0}bP9^i!BVFx8B$@0N3PrnfFLJhL*VV!CO;$@2GxXHRlU
zm%^grys4$t$f5g9+w@HNxJ&;h^-PhA84-NDN3PErTA!7>^1scNsZom!W;^@8%X(8j
z0bpxcy-?_~x#u*?r*u)7U?eIttyt?8x#1}Tw7yfTi^tVW%PTD@%#)9tYo?Z+R#rZ}
z%py{fG$SJ{rW8$!pH@^^QasaQ9zQ{gmHQ!OK&C3DnZbR>46bqnQa|p3yidxpMCW~e
zhSn1YLG-NoJ;Eo_`|F3b9ptfP?ZojXr;%|$<$Lw1A~HUy=;ZNRD^$Bow)+}IC}yiM
zjj5B%u`(UT^X>4o9BzI&k8Jzp3e_G>ZD$#BIxW4!`o-&Np5t`0PDzd4QO0DQsA-C|
zF4I)Cn$lH^YqHJt`1D#OPXFq3<Ez>D>XlE$Qe*V5-L!arb3=o3VQMVCC#Icm)_N77
zcAcoMUp&4_b#hHf)hzOaQxovi@Y=?K6~tsDru5JfgN;yqC5b8HG)+%djhrR5J0?rY
z8QiuUVq{@(L-f*=Ql#}&F9qqd)`YgxpW5RH7ITtjF*2`)ryG5PlX8w}GruumCNnT?
zWsKH4Di2hvOJ<&aw$igUF{Qtj5<D{oPY`+*#HRGsx+B}2P0dX;tT&kBa)fPR#E4jZ
zM7|aqmR+MePG`Gm)3c%fd0MP=O0pI!FRPhOtkQ`|d~#(q`fDTHPu;aH@{W%K1G?)2
zPStuEd)Hng&$2bL_D;3vS(nx(NfV7}Ws*uTW!iMD3#*3|i<Vqmlvh2qvZ$u4ysQXy
z6)G}gNJV9Nb@?dvpvfym-F1}K&lp)XwW6ZDvbw6KsIWxuVPi4p`?P`WR7k;0$xp7(
z4<&u~`)3X1baOni!qqRKgU61%C+Fvp=dIgdPMxTxtuU5Zz-5MCV<huf&St%E6u-;s
zHW}MEliy{1Ag>co<@ZUQs7D5}?l?+>emf=n`b<k}Q-659zpO!WFh)x%@Op#okslA$
z9(lV{?UBt!d*t5Ev_}e#KmK=bjv%+%ZH=VN(vsBGNsTNMY=`uh=fbc&%B<2Ssm2uf
zL&Gv8DJ8zDx)Ke3Jxh>1(@Kh_<Ai#@DFzvmQmXZrYp;=qVU2t~Q^QrwcRCj6RY5|2
z#&VN+wJBa-Trf|$G(EG`(mw8zR-|d6WZ-!2sa9Q6J+q=HtTB+F>8Zfcgue>PD+?`V
z*(OjETVlqK*J6+vhi($=Q%!>IQQ06OKS^Qdd+7w0^Y+SjMkkJeO+v+TmdAnYow+vb
z{4US+@(zNG)x1Nfn9jSy&b1vaQ+|w?=kj=p>qI)__6!!0?Gn++wnX?f#o?yk&2=n{
z+D^IcdxVOMy@ku`Xc^(#ez^4+Z7sQdMvQf1+vIYLe9GW*I@*_$m|mII#;|ERyWOeW
zR(bzz2G?ihGUYuxqdir@w8?u-Mtpj6SX#S?P%Qg|POjH_1pDVm_h&8hw=ryg8vE`@
z_ETzDo`|q*?o3-WRfK-S%~<b|wt<a%nZ|ZU|878M%7@%{YegvT`<>j^(ed9mhLt0E
z9+k&Ji%>D?<#DiDM7GPrf1e<QX_LK3yNl586!eTrZ+pLUAk%rc?P%|Qu~GKh%NHZh
zJ5#?Hb&Kf4{*lug^-+e1tdn9ou|JIblyU#ti}SyN+msu&4`y&3v0TTY@=<<_{nMFz
zHS$n&a{BQ7&|dy`b~!URzr4p^!R3VK<B_D_nEyz&yP|_K)Y)?LOX@G99;)CzHR@J5
z-q>!V{2J*w+;+%ij^?r^h|smK5bYlqM{-^YKOc2=`$mUt&ymbmD^$HRNwi;%<>$X`
z(-`Xt&#UnDgx@1L)N(8$@}nKLouAS@s)3g_RqGLXos6blN)E3$O`X589+sTYvj6#3
zljVH*f7(T{TF>^bzay_dahd5=ae#Q;iAHJYW;`0h@-{+0t%tX{&gHDH2^*zhlzz!9
zZ!U+ANYY1))sh*oN44N%^$oGM*^ubuouDP^jdOjbxDK|y2vbDQI8N)rC?~1$`fSIw
znXO8VZ#!qA{?uN-712eXH@%$<cew1)bB@ruc)WUt(9{IIX+E&s9aXNTNjXuo@D57o
z`aMyf@94H^)h9GA-u0V7i`)U*!qjAaHx1Rg7`G_8>DNZ7Z8J%YPrEBl>wf4$Fj|Xi
zkei1ha0DA4k!|ruGUpgA$*n&XQhPb(mlTcIBPbe^wC=%_*64x4ShBJXx6aHWW4=l`
z8}^{)aXUN>DDU+y?DO_Fx?D~YorvsES?SWjK4&Z`qqr1n-F)ihCOcD|sIM^du&J)(
zY%0;cwXVVC=zCorx{3WATDPdJ>#D`+L1B1%GD(ZUG0mHkCxnu(?$!-yoAnV(<5u)P
zUh5i}oI|W7?SmMtce{&8DbRW~yY*j(^ZFdJ=&01Be$=Idf-p6FYPA$x`6tO8XY(0P
zH{`52o!by(a&XT4nB^ujj{bz;oy8nIPY!kUo>HSF&v*FbV-H*Ko@2M1ah+WIw6IzA
z&`smDsb%^Tg_5E|Jw5#!wWP2#$|^&J$YVzL&=O^cI#mQzWshorN1*&>(GrYug5$%K
zk)VcnWv3%Mj&KZ_9GehpiAx);^=OkGoJx`kiwa8fD)r|e7J&qWCDCFUmMHH=wcuk;
zdnHcm)o#@gSuuq+LEWGouf@4+bq<$)Tee%y@tvw}GE3zwsIFppPLZ<?>)fpRJso76
zoKt07ypdI^qnE?TN*rW%M}w`|6_AgPnjQK<o|w{8OHvhv{(`Dr+v|H`t{+tq4@Nm%
zX7rilsP+?R91b||>LW(+IIy`=d&nJ>_K;bN)l-e#q2GckET5WRT4XWF-JuUCE-lZi
zwwQz8OUkOpj<&=EXPBx6#D-5WD#sEh?;5KGl*}k9#1!$7LoiJj9NdZeko@xUQcFT`
znY_)F7+mJW%JQid7A?4hDMeLPc@v8)Nx>=dXI2+gS&}1?g;jJ7uA-=H>J&>iWM)^j
z3L_ESqXr?RmQX^}QhG!Tz!WKI1zMacC@EUE(!Bhl((pUr!C{p}6-9Z~D9$nA!~QU}
zq!Po-Y1LY<b}RqLVjZ@#%^mD)eJR}8X}6lSp6#92B9}T&i&G^}Rck}rJvHh9)DF>%
ziRqvjBj+{BURj&-k~$fW?aawoA9k4YQ=EQ&%F=qYo%T>C50{qO;U;!euc(t-PILye
zeH0a3vawTEn6y3}G$<oiHdc#oas(PZM)RueiF1lR`Vb9<n2s8WYW+r%{$|p8x4*2&
z6rqhTBclgG_tsTKrAHC22|FWXg_01fCt*+rX*Y_-(VC^+<#f0MH7XjZ(>+I>O2(^O
z=yC$}x^~zE@nI9By%4V@g}0e|X~}vg592CDZNWgTmp)Vmk@VH*uQ}@5m!OYL(|YP-
z^|w>KF7?3Duh+D}gbdY=(x)+=sns~nYQ~5fo7-N~X!AFw_R^mNm{UzD=~^FsQa&Zn
z`vld<P6DX|!k1XACCkieaxTUSJwCmz@7B&?7`Anp<(y#(+WF(-sw#?#3gzCJ;|XqW
zlCeeg^(w8n3gdN-Uw`-)T>oILcW8^kr|J<t6_(^()OMPb@M-$#*MNKql-f6Z)FABO
z`Wn@9w8rMcAO6&%^$GOHBJxtvQ#ZF>?UEWSLq5MAtZzdqW|jS2y*0sZ#i{A~80=&J
z0%t?OnEp6pdT*mQa!DD+xmJz|EoP`bc#zgd4#vS|lO4Ll#t%1E<7=*46wKNY`p_e6
z#r+!X(6sSda`>K4Nz~N7$C(Caw}SFQd0v`Tgp)MRkEJEmMKzUE%c@JJ6j@@zT2W|>
z4YM4N|A$zPtL!B=J$kpMePq_UMO{@4(fS$}=6*+@W`WbE7uP16s#Ak|I#WB^?LnEx
z0b%pm!yfn7sGyqcw$MSLi3uNt_D++{Tcf|usJDv}P~#2>O<lw1oO+{3zY?vH@4dU6
z^#Q+r0I1_Id`~6+K6@%Mx6$;)|8bUh{2y=Wg8vgNiTFR!qNV*QNlT7sp`oo>uUDle
zy&gFBknOq50@-F8&&PrC{3HvhL!H?YQcl(4=lb=9#p?@e?|x9&!X{VgOG}(wRZ~`8
zIVG<YwR^05r7N;79;9_|cB@Mgxew&{?w#DDSf0G?6IrDW(30(ry5>1GK8M{_ABe1-
za<xR6uWo%8^w76r#G$uBxzd;knb1YOmf%nAi9Oh@o$KIs=C9Ug(ObmDnuYgFYS>iw
zqn4LtVfdk!#5*a4YNm*C*!%G1ut@99$!pjpCAE(}*J0LbEJDrms}$${lX1--xiMik
zl41^hBT2Tsj0Pqu&i>m?TDPb)j@D9)9LBnR9(!{=N{;C;%MF_=th|{IGuHsEr!lph
zbAin#-$-G@Wu(^KSR{KZ@RG6P+hkc<oPH37J(U;1XZ0po5%a-*MM+Tss^+vYTD&^Y
zWSt#6)G(9!%4L|0u~Vny7gb`msap5wlHFVDQCU=7R2J2LFk-NA0x;n;W(f_hDxX@Z
zr{;3AW@%I6`)WO_^C~A6RY&(mz%s%|6qo2%h(~J!!iN^kz*?&GmFJaBlxL%;<rx=k
zF*2!<%PT4^#1&-J;PSGf@?u;_My*}Hkc&_0ul0!@ivOxBXX3IlYQ<GWmD5VF*$F9q
zw3NscRZl7}v?R7yZ>Ly#rd?senK$gxD&kl+{qE<Kv~NvXQuw76TH*RD0W~(4)8=RG
ze~5ax^QY1Hc2A>S{%@Q{aRN<Sf#Mo{NfouB5v`H%M4Jzv=;%{XM5eV<A;<n-s*uCW
z!Uoi*kr#9kTb*|Jt&YsUW5T!j*G}wPX02=FrQab|UZeGJ+GQa5fP6qyqsMsHx2Ib>
zci<zInpqN>PydaM@jXili>6eRqh>0YX;f$t`E=~>)P}FnEYXRR)l@slLw(y*>t0rl
zHa!~lMa9KM1=UsRhFoy!YKu8Mdv7*tJ=?p1eG;$Z)t!X44XAeJ$&|mBQDO7x{e+#t
zUuWT6N_D#IucdfBew+vA%coMt9ZY#p#L97Q)GJZrWJ5AWUQyXS&GJ%E4V9IQNxz(9
zhq~aM&}4bX(l%#~PcF)sT)$fHKT1moCJ|Q(dapdMy2WEwS8YyzP3TFJ8AB7&o=eoU
zusymI$BwG;yz*9(yWVJaw{!U&oJ$?u6`Ude)UY0eT~iW@W>l1x6qHo!z5ejMWD383
z)FpEKKBHe@UHJ1Ub4LyJ(CTIV7uI(%-srnnP+DG9RA}@zEUzdk(|dF3>p0(}^)+tE
zvyL~SH?jRT@=&X+<gEIZ7jee?5pA|SudI+MKzb_j3QohfU>e+Q-xG=L=%#vT)lsjE
z42|r-D!U;Y>r?MZgx1%jS&S>z;I_tf^Z+2VLSFX<w{l3>8hfR5FD)vYSUpL;9j4zU
z*56gpS2tfvQfE+gQLL`G+TOGaThnArUaU`@f1<vU7-MhtO-U&&nwW>WAit=pS|0o5
zmDNT^-MrG$^6A0NOq;EBjVO?^L8LdNWE!hbp@cW!lC@v~L`{NkM)5=|4V4X78oV<d
zlXe1TV0n|xGQD-xwu`DPZ0cndRS40roTl||x74H@s~v6J4Ob05wAKpB3uO~Iv`j2X
z6(5yKqiA8dB}eu$P1yT0GNF36^_aBS1e3*-R;6{1+Sw@swN$oF+e?+6LlL`QwbKiW
zN=v4cRO{)Rq-ml3Dr@%1RY;Hw$Cg(ewx~o+?MEyCZPB(n8})j;tk*9qgD)$ytdL$&
zX1Tg-a(u!^vUhgc>KH90RGN5UCU3JR1TRxnH;@U3D1^prVS}Qs^hUOQ?cp%jMEWdI
zFGR#0dY1k#n6%UmlW+tVn<r|$WYip=QxE19dW9qQ@Td1t@?5Ym{JoF3!_G8WmL%CY
zHCtjTgN=!__hp+bvM0uPEy0NK!QGN^n9duSrJTP1MJ6r5_<}3SSQ$x6Ur1cOS--}N
z^?PmVxwIOBQ?|>YhwrG75!7TjGoG^hX+4balA%%hi$W>KX#I?t><;zYXQ4@CM~%d&
zu0m_fT8}pGi=^afn*J7Q_@=gPakQB)GcPz(|EEow7W&%G7UOy+?42S$is-7v)j8%k
zjkj|6j7PnRGf7L3ztMz7Og)QY+ow*4N>XMO=T6Je5{$ot6^cmdqQz7d$tqPpu1oT&
zaQxn3*18zQ5;X_ke2J(|x)}pi1z=g$C48X%Moo_8!?puQSw8B5Mo+RaFef`_6sm-%
zL8C1n>zBaBppiAzvVtiuE1ijyhK<Mx8(~g4O6zNkI1!%{!baY7MSS$=abcrxZaezK
zu+g_*H1?b^dP?35i|h>7C4Wi#uO?ce9!L2nnP!bR>}x=wJI>y^?{P9U$4soq-(c<^
z{Z3G&qrnv(L(%A)C;Jb|{;-2MY!7_AP_ZG5euA<;b%6-IFCpVrOy~D~LdA`6i_rT;
z@?DGbMCkpZ3&1LVm;DxHzv{cgmj7q)aM<!60ndcZ{{nb5Z27N)z5FiwBz^?`9rj(u
z=1DcF@AAEj5%_xozsr841^9c4DYX7_{C&D9wEP<U-OTT@5BCN5`wD)SeNnH%-)q8_
zw+?^bV+w8G1Ni%iu<?Jx-~R~v{xbf4Gi?3;!r%MD=KmUho6Mp2ue#vx6muwjz45oz
z9C}~tSp1!B4&~PvbL9R#1>a8#TV6%j`0%*MI}R|e*q4kSMO(gNT(KXNcN|m}KQUey
zy@}ouyHfYsIOPhnvNvX>=*-7E{Sx&@Z{-7t%C%oESKmKZw)RuQEAo}Cn(_{x@`_1x
zUrskh#ZC7Xak^8KTP7&49i_a5!}pxe_0ygGM5ljK!tay*iV43>`fJU<Ed85C{ol#|
zmW$Q&-s70=3pu}w-#NaP-*eqe@5Pbn_nyW17AR-?nLegx2fg<E$muqn|Lf$xWd`Rf
ziA;Y*3-guvc!2qrJ*xfkW0}Q#&iQ@Izmfh;lMkJK@2PZQ2jzc4=hFXcmwzMudqy2P
z{YLrUF}D5k|9j`ZQU14F_`g~HEnLoyE3Q=Y&uc&bqtm})!LOVCU;5c{K-G`l?5o;M
zzfpg#{Z@I?_sct#e(O)mf0y*vp3L7F`IX9#h0FVI%g>fGI3L>)MmxhaAm*fNpEQXt
zPr$VO*R|%xC5ZI{*0m0A?IJe7x$uK<HT(p;73259jiv<gxg6dlK};LCuJs&zcf)J(
z{cYIl#`mMJ98ZF9rLSv!@PPzz^N@9|y&g;uyWrCI62wc#uWOy~Zi4s(ZuuZVT$#15
z)%#h3=$E~&br)LJiDNLlH9-u9&q+uW|AY_pOcZazJ9;MyZS1<%aeWd+HGC_46TG`$
zqF4`G`zMM!;EnJ`_?!WW;vx7OxbB2?t&;{O3KzWfs6=r+ykk(J_&c0%bfS0_&P_`c
zGsdlJtxZo9d*E;287Ho5ojoK`?0}PxOBB1tuWK!Y_rN>g18_w~q7Wxx{-KGY54;u5
zg>M~}D6WM|k4HM-x8R#6tZTh?c%sNSd0p%15s6|eyayh9%DUDWnTetWPR>pg!%kh-
zx&qz>?}HD(*(0%@+;y$X;eqfDcsM*ECsDiz-wAv3*0pAgN)*dsFT5Jw25*8bqZ7pz
zcn|!QoNi2_Fy~`BI0fDY7s8gY$X|E{Y=<YEkSJEcYvKFheehFo?zlwp4ZIq*6kxfq
z6;3`WQDnng;avDY8S)EWR-PzU6s~LC53hw&tB@~nBfK5n1@DCiRws&s@a1qy5r)GV
z@W7dgA|H0avtesZqS#!F{nL^tw!wqXPZYc1txFTdK6u~-*uIJDS`Wf0aOtu{kp}OB
zbKr3oVtMf6a3!345y}a?0`|ds;H9wr;zY3$eh^+S=Ua|^fS1Eh!GkYJ6g%Mn{2u&0
z{1rUuQmlW{y4LM*3Ow*KtRLR|DAo%Pe+=t|8{s;5AMAs-JdX9kyPv>%;oK*&K6o{}
z6W;p{wolHtCsF(i?}vMpV1K=f@&K=e^WlB)EI9i;lnb~8UJmd7G*P@id0p$mF`7s@
z4fzb`!E0eJ{2+YGX|g<M;tO~`d}^sI7n-;V9u2=!D$9o^vZi1<cq+UHz738&K@<Om
zGvJ~!<U4#F{2;s)-jS<`PvFrvX}Flg@e22WW1rN-NH}|oCicVo;Gf~ZQ<~^ifqaF}
zg)8Ec#75W-zX>mdwLf6}@W4OF`Y1_kfWL>ofww0liTRbt_rxTz3Km+DxE-DZKLf9T
zUxjzW-@>^`Nuo~`%2&4}aX-8k9#D<)(H+Z$1MsA&s2||_;2D-A@f5rX-U&DMND}YC
zgHw{kSMXlgJWbYHNg@S)3w|7~?VBVTrsKGU=fel!i{NpoNGIF^-wyAGC(Xcm`Xz}^
z;9KDz;Qg>R6Vvxk68+&8co;nVs3egKrw&RIpTQI0duAb@;U{4G(MjS(c$_s!j5{6q
z0<VYH9Frve3g4NA?Sc2e&%&-_lf=vL_wbu=%ituj2OgK6BtC#Q!k@_RLz2W7ayjrf
z@HY5Au;sWU@iTl*Mv{n`jr}|{NhH7(a98+NI0bGQmL&SZsmEhK%J1+o@HTh|oH0B}
z951Jbv*FqiNn$+w7JTY#S#KtZLbwzzftSH$@Zgb2q6*#&Z-rOnC5f?TVE;atBue3y
zpOD}1weUaA#PJ9Buwi|zNn&a}#>Xa$Ti|QqHFne&aJL4ezh|<jhtGjOl;2a6g|!jo
zyKAzjfCp|di558f9h2AuU;C9w?16`WV-gl8#{b78a^V9Ov+%;PL(F0=ym6FS?0_53
zFbgpk+x17Y$cDE(XBM^a!57S81-#;)X0ZkKzGfB&;MDic!a5J%KQ@aB_}VYcq6KdJ
z$t*U(E#?@p2cDD^BP=e|Up-?)F1&wGjPSyj4~-FP;l|7uu>-EiiV>m-%NZRbvf*)K
zVni)GdR&ZH0mq&kBeuZFxiR9v|Dova<9nU!2aaDlbIx$$qRD9Ksurt`x~i4Y)K%8c
zXmnvTEM4W$s--V2Rt~<^Vr6n+7>3LC-ObtExpsDQc6NImhGDoc3{w{lowD?$VHoe<
z>;2dB@&4R@-k<Axb6wwKF!;Z9hIJwFN$U(33r}8Wq_Ogpbw-GjF7sn@8uR~}eO59*
zc2_Y!=A6U)Sa~k<W64jLKgD(bQ|8Cg3z#2sE@FOc{tfeE(<RK0nah~}B0kSAXMXIv
zlKC;`TISdC8<`*LZ({z7SzinDqjMMY<K`~r$JGJm$BHrL{|(pIF6Kx3e&)wn^f8=c
zesmsYeq5es{yOG+l=-pvG3LjrCz&7To@IV)eVO@xi_6T9^=~sjuD-|o*tAAF>_hVs
z_VoenFlSwkkwPOU#|Uuvqd7*5oAPt`E=c^T9K*)7!W_fH#V_UX9huL^qjQW1SC7px
zvN(G}j$zfa{!?-c7dM}pW2AAlGRFw9_^ccw!973DG0flb{<S&Ba4`30%#Ve?V18`*
zCG%tWd&awr>+dqg!`3w8VcD&Whc$OF9+r$T-WINd3C6?V9>&9^S;oVb2N@3wA7($7
zbKdjp2h&fpA8dYs{b2SV><3dXvmfk!mHDsWeg0p}k7chjKjy#5{J43A`LX;R=D(8b
z`d#M7^7oh@v+pxMHm@;17VNb*H-+qf!`_CClev2v9+vI1x8Y;OVS5`9u6=QDBa4}@
z)BX><zo3mR$I%|c<7uzuH`5-MKDM6k=H%mB>kaFVynmgz-f*$|<n=}x*Z#2H2(kXg
z^+tkaH?23!Kaqz!)*B8MOs+RlSRAc40<3vzy%FQuTk8#@f!A}+2E%U9&#euHhnc($
zhTou{BO8neox?U5S*-lp2E+O@`T6b!!^OU)4MrMQ{0&Bod1zckd_Ch~_05cj&fScM
z!8XRj((R0=?S>ieYSuf$c$hoOcv%1N2JUgV4j<cKBsl-<2E%M5|IcqQ9CTjXV5G3=
z-y4iT%im&tOdpVI7=PiqJ}B3)u_-^-@YKU|4IeANm}^9T(e>vVS*$uf*RcM|IhN%b
zE>_=?Yos*}a*Yt(L-;;=4eysrd=JLb+<gtZNx#4CYh<yW?-};BjQ2V*8uR-Zclewi
z_ekOOjL-YH*UP>zg$d;e2E=|pughI~84*_SKJSfj{i8X_`vF>0<V7E7PxCpN>}9yv
ziUH1}F~j@ii}b?^v?J=#+C_i$9`Zqd_g>ch67>(W4|En-2jw2_CXSybFE2CR3!FQ~
ze`o(_zsU7?FYU2xH}&rlV@kNb(J|Yk^cBWGs7-uK4r!C!7#!XvC9kr-&$Y<{{jDR~
zq>0!$s!bBKj%}0Tf70)}ZPKWgx5+%3KWGzc5A|oXN$V`1e>g^LR<}vczsTpgZBm8N
zPue8!KH8n%Cf&r&m2HwCj&R|A*7*m<d4T<4fWaTzr2IAF#x`le?9FYm^dRHk(k6Y+
z(7%O!WbroEPaNIRCiWuU*(Pbqt-Bc)gN`;SAn#FUo8)W$x>z@+a1G7wHYvM@JYW;X
zTj_^pFY6%>J{D_!v6eXMV}8tHF8g)*86T~IHrcHE#|6yd3Yy#6q>g;p*o+=lv2SCL
z`N@N|y-j8{4_NVU+6}cy1I9Ru-f){_sShz%^EAS`Fv1$NM#&?3SV7)GT+x0zn3vcc
zYm;Tor%E2<ot*PB>z?F%=4gkF#36R0ImP&MdL6TGw6Po=tVS18+7BBrzyPy2rtM}p
z4>azjALr%Zyv{dEeu%C6$k%_E?}0W6iQPHIBMu&7zgj-e{11`GnDcraA8!+n*nEQZ
zp^K9b>Fa=eJj}RHwMiu!Pm>SY`_Hg%V(Zy9i7<;<ZTB4Q=h;6N%<B(K<N+<LKnFcc
z;}#6DMcXa0PIPe&eM~TmtJ?2{HZdQe9E&hQSAWd<dz;jwgFc4XjS0qR{e%9PLi17j
z;TY>ry~H@g!OP?e-B-ykdV9z#TCcJG$Joc~oCmsZaQ^C>tP6v;xSnI?dz<sYEav`~
z@mCp#*nF3M#P)m4M{In^Ixxnf$62q@F4gE`9j5ncmk2{#zzFxCwXR)?pCI15UDB9r
zXqQ>c?$<8nlk_tg2c5ijY1R2Z-Y(t5c7D68V0dV|EK?qSqFtN?*73=9@iBFHyDXvk
z>2@i4ig`ZUF12VM(Jo^ceZF0Co~GTVc5yL#6ysy`rFNM|^DFI=&-;Ogw!Tk%wOzJg
z3R^J5dfq4OV%Ces*IAExH0yYlJYp5vCGC<y4<qz(0Rt?0gYk|b55&>2?336$j(j{v
z9vt%aoW4)e598z8W#jYoD{GfhbWUiOM)Wbj2q)1hZ<mm9ypx!R*!_OH7)!(|_YrPI
zyW|lkC%21-@hR=nhpyW$t7x6dx?W&i=wN`=7-9+ivzQ`IpU!+}R+4{o(D*y!p3yE9
zX#bErp<mT5yD@tf`JlgXHtRzhV_i=*?e&M)&73#-SW9_?0da!Em_EN<%DMmXe#tpu
z^qY2Bqui`(mn^Yy3Hw49owsO*m6*a3?w4Y$LHknFdThV|TPXK_-!6079+xnUS@bdI
zZQ5ZzMp%sAWvmm8E$pBEK4yqxj4;6k%;FwxcRA}t6U}$XGZvzc<rrZ#npbjtqm2dc
zk=H-45A?659FxCrPH6v)e(y8>b*xkS`Q(K-xsmH+m2$MuY$lJoADq>BZ{qr)+(s82
z+>9>PV}z~R?`F;yEsQaB3-d63h&gNQvxWX>-pX}|X^b$y1ueg=U2;DlPiSL;9!9sb
z9<*9{ouP}%n7V^}d`SB{S^t6Dp9Zui4%)arF~Mre-3&2?9rUL>#srNn@+HiRHriWx
zy<&vJ==LxVCRk{2-`mT1Fpk~FJj7l<<6?jjngi?ueO%G@ShyGMw=vH_)Q4PG8e;{T
zgUp8kcB@15Q-@hM?XzQC_xg_urpe#OxZl2){9)<=&IQAVxW4ize}wA_(~q$ZG@j<V
zKA80_aowVwa4wj7jd4Hn5hHn>>*?dn^FPiJ{r5O8G;%XicnI@u%t)<zU`8U^rw>An
z^D>f~Po6)6>zKDNBh|#I&t;?!&7zE~Vf>|xR2)iqaYh2n9-WaDG>*$i1O41@Wu)vd
zbTZP6_IER~8?BQvvMGo8um)o+`2_R*AR}q@)QrUFpPmt`fc>AHkvdF%lo4OspPP|c
zV)rNP<C7mTobxkMkEx$!WRZHWCL?p7)aMx)F%M^+i!-tr!@7)A?aeq?i_vd0GEBL7
zX-4wbGY+m0`<KywKlX#m=x$-0jkL#-kFt-;$p;3QM)Qh{WH60$Xk1A@Org0y^I<t!
z>5Qbf{#~@lcYr0B#WKzFA6OqoIEPuxYWW{oANz9AV%=#h*7f5sx(yjISbu<<Fu`)n
zVzqizM!M0yn!I5O6AW=p>oI==^^J^+DReQ!TFhdj*8hclYCT3;k4svQt6KlpjO67~
zk2Z!_fmy6U`x>qbt;ay?aZ>AX5&dg9&wV(*zh$Hnv)9oM9X}&u>h&4P*_ZxkVH%6k
zx{-6hs5v9^=-teII5(q(b4Lf$7-P|=C=ckzdB(UI?Y4}xU>ZYAwH%#$Jk$OE|1Vcp
zxpW{Y=D1u=mm-FoZAs4Jy7VcO^BhZrkkeL)k+B?N<uIB<a%w1Y%xRLt3^|4?lTE{7
zr?%Pl+xPd+-nZ?&{qert-h02Eujk|bcs>f`7{u9F{AJ`@bSx5gWJhwpIX-4J?0#_7
zf4_0#Vsp{{M;jZrZ;@1*?i^1x(<|T{`6MO!{ovhkl$`^3%7*$U*Q%e{OxP<Q|Abfb
zTC3lt$By&dHhGpitN(FB{WeQB3gTCVrcr^(8fxY5M|7eea%AZ}gDHUCv6Qf$;=IFc
z(Ng9eHB8T6;jA1D0QB$?T7et>D*Pi%|JSp5lkd6rQUi__Pc78jH2l>>K;3sZ+EXg2
z%{{(@J3Yu$p3cN)NJ>oM19S;HC;8&nw^GfA@PIKU&~s;5wS+j3be~0i=A|nPL!i?;
z;E4YPJiJO#o>G;jb3+hFX{`>s2&Dy85H9f_#OY`D$L>yO6$SjnN$!ENp<x?wpT5ph
zgj<qzs%xxJ^D40wLcGIW5cT|zXGP62@G^m)zi@$ZVhOXLDzUUid&X&Qk@U94K2DS;
zjKmnZYC<T1$7*m7qp#KK!*RWO@eUVABNwP4tFv|6HdZ-&ca=b^kZAcbr~R>R>A6?Y
zc8CpN4rKcziaG3Qqf|cp3xHWsUFqD7H4l<LG_G5z)H)=wG-MZt*htCi4ge=n+*Jgb
zbQ_vCD?7Z|#`s@gMe1>$P=a2`yT)=(WLa*i8DF403kekOBEC_DgdKF-lwKXrt{<V$
z!&vQ(82bVbmoF`@_hG~4sJ~EQ0Z*y{^&_YJ7F5H>U)3}FLR8j8Gm*Y<vqw$7uSS{r
zDT|Nw)nTLxvB~nBE3wDs?`o6$@7DFwTHSUMG<XN6s16AZes#U@R@WSyMC$RW0~wP4
z<HLTMz!S>uNR>|Xzyuoq-91%Uvl87vJGW`WzK#D9zkn1A`5UG9!edPMIVpFB?Xmw;
zck^x_ybys7HI(cuw4cvMMQ!oUlbdjaUItLt*G;AGs!;KhA`WqVXiGE!SbU+8X#$e!
zG-<u?xwTzilG`5RlakI|4o5}bL9_+_n3P;h3;789ushiG0=N=Cw{;Rai25}DH#zIu
z9~{f#y<IX>2;GEt*qj3;7I8o+x$)?va%R#v{U}d(p?693%aCIcCo{*yTwVSBG4tRY
zQ)}LXO{?x}F|f=0f6JzGHciZ{|Ep~~zf*Xc>smYh%4<%WLncN#*UpyLV%*A31#nre
zi!t51&DUN|hIZ$=I_iI2(jJz3R(rS10N&jTPk8z-{(<LHi8+6x1?|DG$XX13!2uH0
zaV^jVWw17iL`_h(DTSht8WRO*S<Bw(&p3chgI%)L4(MaA0v=NVj8;g1K2d~U>T=`;
z9IXfSUtFrCQ45c(>#)N4{IV8%D)GKN`;lwi<=Ccc)099HI{=n`mW277^cKKJe3DU+
zN_fhPU9uu-%Lnot_tUh!`~NVU?IPThtR+g0O?j(Jq46QQBaUsDox<x&p~A`D%pUlC
zr(r#`&~_72#=!wvJ#$u_x1GmuQjNtH!?it3r&^tpypH%zU;8q5&r#Fn_|NO|<3fUK
zIA4`I;Dx*=KVemt?=jr@_Owic4ciZyru}u|*B)G+rh^}gcN*1W@=U1e#vWntBG?5(
zux3<V=>0WKLTGDb!)2Oslim(njH77`*+^22pG$CLFLFODY7D;{Z-*BT4M`Z!{UCc6
zH{7-=qH~{0ZReZY3%|t_x0!P}a~iEbMmmE?325<bP=6af(Z`?}v`O#8N!6&Ny3jkv
zVcpId#Lu++o2e@SXPU8$N}rYt>CL+}2X8M#gE&`;jRM|RIB)77+%7)-Gs#ie8J@c0
zFJJ>`B|h$NisBu6l9cEboSh4!w-1!(_TUdvivI`wWi^+!D&aHTP*fm}bPYO?@nk#t
ztXFsuHBKmC1`g2iT|w8(cHF4>PA=!Vs%pF;a$QxnWA&XuCU|u6tJQ@2j)(DIeAcl{
z(giPTlGb?aDN@<IhVc<{LKf4Il_<u!#FpETFY}AfvhVS577ztzIKw|L<LBYW1$Vds
zvUiA1IK4LFe{tb{LxN0F_M%iYqvV2!%~B?NSX<3qi{!s|KAM&0+^L>k=iH_KF(S2C
z2TSj|F#3(JmM;6U7^l~iK#yVN5TE<BJlq3{GG5?)kLVUQH1P$tJlCq%dEAgme{z6L
zQ07n0(!Tk$Jc&0XPg2!-)4P9AH;q~K&8X$BAgK`IhPlbj53a<49P)o<NW?cE?|H!5
zMAF4bT7LfRxs?e{z#9zR7Ot2m%v-fja3t<9)*J<JTMHc<Q3w`F%S=2l`Du6H!*HWo
zc?6fClNc7f)*R;utXWlGOPCU-&Y?ENk!dX7l@{@9ik;OA*Uu*L+3?!l$<AOCJ4BrG
zs1K5z6*=1VjCuOL^Y?V_hZ)_AlnVQvz2QiC{C^#hqbI`HJCSvl$nz_wDiW`^7p~+?
ztV}=Ny44jd&o5h9Z`<nZs+P~O_maX3gRFLj#3RlCSJK))M<T&p*PRTuN#l*vPj<a-
z1xx5g)khHHDp#!gW^aUl{Lg^v_j<nn#-90T^56}5{Pu}k8tvKpitSF)3hh&VJ*o9W
z=-bQZj&=5p-_YI;S#7*ktunZCOG7x%P+UDnU*RUUU2kY?fX?5jvk_4U;{lAHH|i?N
z_CDQktVDdVYD2X<Wv&*C+a%r&sNZ1ZBSOOvlaTkHBbveFg>!cl`ns=w<}Iw<xuv0J
z%b{)`!U`jw-}u~0i+rxrNsD@J`?*Z2-RUZX-bBqC$OZt<>wh#y;-qs*RV0XbFPD2W
z!`pXKQL|8mmAf4{`^VW#GbdC~CKkp1q=ZZTlXQ@=2O+A}7bau2@_NnjBTt|06WE^&
zq92Rl;{J!);1{K?8${3T=D7#b&Re+~eBwS$4l=}Xm@46C-}e#Kt`3PwV&m?kbi(1t
zI#l1HnpyGNHFwsBvglkWe+X2QiH%}9Xhh4ld%v28qJB}<0X4Xi_}zr0pmNiJ>+3&%
zsdy1t!B+0~v`K;Tc+c#9c2bosR7WweM@wG?mqTAtk#Qj%4Z&5Eb7PjE58s8AE~rhQ
z2S$^6P(SikDCJkINFjY|YKriY2WOCO5oObA!$aWB<1?!}dA9@Evnq9e8M|sl4QX$y
z851t88!4z2CR?>!D)q0%Lw52m=HPy^8)%l3Ck}1bteRt}=?fz_T<*!P95aQu2pjCT
z$2_%e_|y=vN$NSEc)uE<AR`_<(5=fYePjQ0>X*j+7g;{rxU{_pT2M6KLeNcGvk~ay
zzm72l2+Ldw4@~!IBH)s$QvQc=1JS-GVFtR<!(c{}KW1rH$|@gzm^yT0NfG`-8ey7#
z(Ss7JzJ%q3F5R*49@LTb9R)Z41@!pAcSLPhiVUFOrdhI$ce@3Eb_B2C`b|f(qlO<@
z1%H_ua9Cl2F?gC4@c7tGm<*|g2}`5q?+wUuWp1^{D4#58MAF6Q($4?_l$R3p^|+?l
z__7Uo<#C=G$$u0LhJ=(2u~s&U7YNUy0<mcT-Q!auW=K%Bt5zaUhGQ*0abZ7Qn*r(v
zwRM?k-L1{tVy8~lKVk+Bx-RA1^Bvm#oBTwzhPXsj%eG)9Tg_+TEfTFvC}c$*{&bTu
zh5Y-x5VI(LGYl2G3#f=bLxM_o%6Pj`pjHY6+sBkkyPRl;7HFnq^I>x$=3DBOW!vuD
zrW)nQfkN~C2ke%p^*`@Sl?JbQP|4anJV3^1m()2c@SJjhyUak6A>{0SC0^~<lxKWw
zcDM`nq9ez$8J-h;s<or*Ux?NM+mC`84g-JwFth5n!ED-V-Oe_Bke68dX>e?#BqkvN
z^<Zcf-Z7a8RVtsREjNg=EK^J9FG6~+HyN($+_-%pHoxe%NI-ap!oLutHV04M0!g#7
zn~3K>%)gavYbKI?d)(7iYC!nN`{3#Gpp1^B99S>IDZBtIMSVUI)=YbT@>+-eSo8@Q
zo$jJUV}{dVu4h6cc!c)+2IHPA)Y~o@<2%Yz<l{<GJ;n8<aHtZZQF68XjA`ADJ|2*O
zP4;g_&qq&sK9;!QT}v4Alp-Z|gxmEA*-!01#Qx1wXGv0@<EacDym?%v1QP-o3UB*s
zljG8?^TQOgb7rs>C>xOZZgvDiJ>xNkqC8K!FRJB~>`0${y{41KKa|5dBywK))(xGG
zB<^4BF{u4+&vd#m7M;I0(adrZoM;fA@EK>v?LV3`NgA&FI-+2dyL$%cqcr$uN!v<$
zk_IszovfB<&9mcwt@0k>sgPZ_4}hFYz%HWcql3Vs9`ArRC)&=_p2r*qrL(enrXP#R
zt_`MyvYf7LlgdMS+`gH2WJSNt<8J6orY~4^dB|p7`{FG(Byp2HE&RPnDiBD`Bpv(U
z8aYiX+dwQhNB5i@K_?jQ=&hSu15L2eAkqCLxz@l|-2j%YJrmwyB+7I8Y-#osh_ley
zOk8(FArM<mKN}B9lQ#Z$_aKX!W;!&?GcE3m0k=nA=-7g>;3wu)af?@0JDTI}U8hCi
zUeNX==JtB5IEti`h<WB`rwT%=$U3#QDvESgQ4A1U(`q$|kxap~z5JlUQK7t=Y3`HL
z*Q<$IPg3&lE-|z3rB&ZD^;oCe5bc?lO%Y<L0vn57LNINkb3NJjz8w9h72!jd#~b2^
zIr5$u$#|}jS=Qr@XIr(G?3?qw|4U(}!p@UNd65f)%x2mkdOg*0Wu$ZJ2RUVGIOqmk
zuL{W7w_j}DjBD^v$ZRdxu1!y@rJ(wc^Fi6i!fd@Ex?I>K)nj>OFfQRdX*}P}2<V@Z
zL;eIw6s0^u0FWW-Z;gmiU}p#8EHxD=klLb2^_;rrD^O`N%<&_cKX}LuUX_~?xHU5Z
z9-j{j868w2^^A7Ja=ZQ@gKGP1-d<>%XF77yxT#%k3R8Y-TFfLX{~12_E7q-uHqRae
zk7DM@imC1v%>+5F`sMi_1+NfZkWH(B2W!-VANJvXL@hiNnQ#+hgryIHwX1!&rC^D`
zxwuG-P8iaQmFItg--uz2s+*IUqY6nSTO$v`j}v<<+|J1p`0~s!LATpEfSw>2V+3wk
zBXFx|j!h%kX!s-U+6>GZ!)7_Q<L9T{n2YRdT&ve^H!;)Hr*RdF%Ua0*f-ODzGwzR^
zUhtlNdJZ7)SBI}&YRj(<f$v0$+gnMUq|5N;T^Y6nzb7jt@JYW6H#rV79&of3?GL8D
z8vsX_&ytH%-C0H)Wewoas^sK1dH&bkf-9-rZcpW22puPn@oTy2_*uhL_n$gcSP?7?
zvZkerlp*QkS`+#jz>Sy$em+l$L}oc(-rk<kOGlP$FYA3NOjhI#+f%W8_X7i-F|S&(
zhrk^BI+lc))jQnvf?dzgUuq;g;s(p^VA#&1=L_dSlXM2}Zl95Kaxu&KP&6_%><fEr
zfX)@n>g}CRg1GSW!8BTNbzdt=H2#tTZ0mZwM|5G2Z9o`iu)gj7|Dqbs2lOiPst@xw
zVT(DFSNSblwx6T6ij$0%J>_aF7T4+<lFyTRhmw+BYe~LmXFEqoGRG`&7LI1oPv#&@
z=CYm`4i$^`XKC~_?-u_<k9F(YpbG9iH!TfLB~aPAb0e@8sa6;R7_g=Qak5~jsKNE#
z5=MB#Ho{TZ=xaBe?|oT$dlK1Gob$6hw2aa{rPoLy>1UWCK*s!Rrn3H7i6n8!OnwxL
zj}u#bJlcQAodElalKP|+{o|QfxTYj%2oMU&_WChlBR-UvV+l)-Z{FhXJk)WIQZhW7
zp8R^`R2%MhWyaL7IpeMLwGM;;k2^H|h6xC_x)5fy+i$d~M~!_cR_8TG;D~uGW7%Ve
z4D3o%LNCP#2Tez$94_7znw(7)5_#TB0Ws4LJDOWD*N&*CZOt4BIx{ijrN{Ym(jOBw
zC3Io2Gr+Z~kf<NDkZn?519jxk^v@bWB))TXmiG^rFGYaD0g)kmKpEuh7{E{eZ1wr=
zzK}~Vr#PI4I*k-s&>?q*Ea@QT(wnI_%Fo*H=jiGSS4%tZUAm!PrtoaPof(U<6nemc
zP=U_g@FDk)=7+vAB<aG8*c5v>Q1KZjfwAT`1#B%o?y&d<w%Up@VZ_-Yjc-(@y^Eqy
zk({`-g$YYMZL68?gEuq8#Bv_CbvLr>OIw@BPAuERb60)A{=TK6WJC|_${T^jpG}6x
z@7=vFwEBZgSKSd>p55%)5O-ev!n?80ZUTprxR(^EqIaH6QZ51KGXS?CrC(qjulY@y
zYfDn+A+t2;LxJ7)oU0o<Ry}UY&n5u=Yy>wMKuvbTq{Wo=)UE*+$cUshC*OBgyNPZz
zKXG+(>JJdm=Iax@a)XRd1pYVW0HLXU#M&qfl*3Y>+M>AkKgK=vRisv04r#jFlPrsG
zvd|q#*$)c_c+j)NzDvJ{1(iwPe=7+s`<9UJ7npGG($o1y!v^W4fbO(|e`&}QnJASI
z{TwJD@G+>#|M7?9MnhzosNAT?Q7H;gD3+f`hgg|Wk+a9=Pka}fgJxb`(hE$<0a?e&
zky?6<jHd`G52NFHJkzCLjsqw1P<%AadQv<GftIrIuJZf&^Py+53>1W?1j_E@Acdwp
zTb?$)@@sz*11B$Y{M|u#lcMg(m65?SNc{vWI(Se(ysW4!+WFM$=ez?1D9A+2!Ll1}
zEt9I=k9aNzOdgrb&TFFSPChrykqp5dDQNcsD$ss*+KSV`pG|48D;2s8#rvlvWkPfA
zwp@<beRnk`HXM;IYJoF|3mDVTlK+JvRYGv`IX&%;?W{on)Z6wB-x$aGmh$%h`U-aj
zjl(}0u>xe}^hZ}T5A#kz<>|rfWldw;hv<^3EI!KJRmuO1re`)wuv{gr9APVGBdSVL
zzc%vkT_3S{7#D3-1)_sC`&TG0mV<H=zaDDOO8kvCe3b$XP$7};${<WXDj@G2)1+Xd
z^+}cKP|AOnNoaosk2c8WOOcfqe?lt2w@orsC_W=O_S!A=c8O6XD!7n`QH{C@|ASNW
z)hs^+db9fLFH7Fp_xG;zpsSB&q0&b@pR(l8a%$rhJljpaDT(w7U$P*y-aa;_Z~7EA
zTiZLHh~-~oT}@Ol1grx(hnIt-?81~T^P==66R*DgV+H#mQh(t0704#+=|N#cK@1Z2
z6ebe))IS0cpzNI4uC*Y{P1La^!2?z>t{fOqP@018PZ3?k_r1DOATCjXIvpQ+4>qLT
zFuQLkFXt2SMO3{Ec{K`EIaATmUSmYl!fp>7%mtexRs?(5jk(&}rcysOe3PMnwdcj<
z9GoH)N$ky}Pe)IgBV)VKDM~d$D^>D+v>@Tha@FCowTJ?WKA(1E5%s=atq)V7avoeM
zRQ}Jnj`u{shHW33>B#glI*Mky@25+5hRsJ6B)LEzdX)}tBp`W?c%c=?MqJLbFZM7W
zV#5cHs(qisd@_ulx&+QrYp|vhylZcwbeDkSFgc%LYME)j!&q|&5b!F|lzuU$i~_fR
zs$#d0=@ns1)+;@hvA|En3(xb3_Vm_mlEQv2crGy0*3aK+-XM1lsvP|zY15usbl1S~
zLpJXHNVlE=t+6{dGiTXUFOVuZiC7rSNpAoux9tY4QT$KTL}$-oQ7oTsaGTP|)bUSh
zogL!W6bxak-McL{%)8s9SY&p37*wFSL{rxr5=#opZ3VgnWJ+9kW!P^9><7R7bHZ^_
ze#R38Izn-YR#}p44ZCVc$ZN9^Z}m)@JkB$9hoHP5N2Ez|c|e^@P`SjARD9~jwRy7<
z>Z2GSJvUH*cwlvM*)u)7VJ0a;XPN+I*;pi((>3BjvoYRRsM4FHlxv<<LLX33psWd&
z{r9{W|C(u5I1=<R_&DyHa{~>uYCo0qbWeZas^2srnw9O<FdOgIiqV^)$*&goHelLQ
zA_E=|QUqz13)@uNIr^DRp&lmG4=P|*MyN{0*kplLO$rB^Tgr1PXQ97{|Ac@RA*Tyi
zHS$iGlaDF^!`ws}CzT}6|21GNX6wb%-Jjw|E<0kgB+Stwp*BFQ=IyD$L7Q;y5t3&c
zF9YWLWWDGuq+#T(exaEW>bQmwz&(@h{%A{2AB-=#tZnv^i}h^Ad%|=Qf1TnJxiNo>
zi3;=}BFCI}ph;3u{v6WgblIyKlj!od3dwXKGd#kUT2i@9>@YfwVTrLsyL5d!s%ewB
zR-s0qTq`BORh!qJa{QhQp5iZio_OH;_r)-h?ENWwDMR$YX;SjqiD2Zy-^Z#;7KZ*p
za6a3-P<JK$mC^AS^l~jwMf4=k+DK!m9-)+7@g+6{2xxC7oxS9Ces358OwbGj&o?9r
zAP9qoy~Yin<$!yZ)UGoAtHgxACknMZKRyVtpkA&`i=B@zLuOlh{2d&OT)WyE24uFN
zqGZ?zcSPOYjWZM0Tp^IEq6us>0i_w+{rHodaUt?Rg*R|Yg#IjHOSL*Z5!&9tmQmt6
zt`#ZB*twVpe)+20J$~Smi&~V_-{xg-=@JU0Qmi0Bun_aOH!9CVSxVUjT0Q56!xS*U
z59gmxrgeeR-xVU*bgp)29~$AMb8epZ`)2LxgJ<(@A6CWRN+RFN%WPi|eYpQvwkQ<?
zlWK+B2h~`nk5LG*Wti7A=WRJ?!$+N@Fz~<!kRRi3epU~<`_<kbbp7)5)-ckmT-130
z_IkgmClX)Ky*h=zeP2IaJK_>hB-w(IplLzJ!_D8D^%zr@FJP1k)E9vNQMK#B@`0Id
zzmp>X|Hp%2;6Y|e%WC^QpUP}6WvN&S8QRMl`7_OSl6E?^FR1q#L+~V)BeqknhCf*k
z8aS=F@MM+VEeZPn&6B%`^8jd*vv1J@<%)D;bI%Nw8vzP;Kp%}V78>}ze+KUu;hjHO
zL?g%0!(Xp0lARl*?lxQzzoVaiOFsvkf$j&4w5^PJBW~u_<f78i{t`F4<k|P}@O1vG
z>@$V6`e%&=qn1mO?G-uTBs4MJG(&8X`peW~w9`*ZDpY^BgaNUk2~G9xdyKMQFp@Ee
zQ^IF_1GmSEGfWtYy6MtGP%QN3C(9?F_-ugV=UL-2bC_xC*MFogRzz@BqjxK+rUo?I
zK$qmSK<OZEhoX)5Fd($vlLk&}k(SXJ&?$QLfmZRq%A9wUz?;HIabqlM&TPof-!caz
z>Oqfm#xlUc|3s{x4q?zzQWF0;m#J2&<+{vh)<oG$If-fjWB<ou3K~e8R0XZLQs@y4
zas)p`p)iFJEpvq8pZPqL%Kwv8*2q>%GjI|9TCiTc9FY?HPmz&8ma1ypH(?41v<&^{
z4Tw8g(e^5CpaQvN`aLcGWQkV(TI{Iva0MW&-12W}E(B2c`|)TJN*nS#?scspu;!e&
z#t_3R&HZxMZ?RTOP%%4^MtlZ6{2B8Mb?ivBA|Deyxg@DbtPg+yNcpV62G*d`Qdi$u
zKggH98H2xLMTZfCzwd-qo3_&#wCsDX5F+oyzH8#qY{Cq|YLfH&`q+_bx1LfMTA-N7
zmEZGW3|5rH{xbXCleR8=yl3}8a<UdC&iVLT@tqg&h<{`!=LynyYhX4&Z@|`P#FV<y
zfKl@f1yqdv+C7~}+^aR~!%$<@_lGT4txBbCvL&75Nh9nNPR@-m-?x6;Ta<dKXrF+6
zeg1uc{pfi+R5bq;=a0lGrsb$WZ<=gdI^T?za@LzAUz+uMO=~VSVb*E*0=WsHg5kIr
z(08FqVT@7nqSj8t*UQ3L_$QMP5GsZmxBrS1@T5*>exiAipx7Wj6E!VW)=oiyH38p_
zE=9#!Reu_@7)R87v97bHrp{qO7s9PVh~C)pIIo2##z!dY>PdhfYZHr6T|;uB!hfgb
zX<g28HFE!tJD}`vBXFlrr(Qs+_}yZzIhTC5_~QCc(sDJ!eF>h_wZP=|#C93I_FKJ>
z+7>&-Era=03283~l|W6ch+?lF1v2f<yHWDwsvUP^UBL@>JGZkE!mW)eKGR0{dO?zI
zd%dj|6DJ#8)|>l2n{e=LaXDC`^~-YbBhF52yYqc{>cL)oG?ONlxIFxIKyashEM!~|
z*%d+DUyCXR>5lwi<=uZ;)_0P#9@3__d_i8M7KKFbI<XQs@uO}tQrS&Y^P}<Fs`1Td
z-2l*byhmiQE%VJz%a+tOPj4J0h}!@TQb%Wi;cJ&w6g=m35`!(NV3w`Yc)>h`nkvKV
zdn#~?EWUleT+I#87%4}(z0@;yfQG@l+NK~wi+u)@;tg~Kygk`%2>;BevMbUdAF@U7
zQw@)pA}8CpyY=ZTjfc_<)d$hr7V5X|f6cKu<=049&Zw%&gNYNR22m$Q-LYUT?3$lx
zpG`)USeXqXNV*kqVpP+|UW|n0jjC=z%YR+7X?Z$Xi>N}TC}5ONNu>>_;+ixt_QxHS
zH36>@)Tv+goAqgH4A_%IP_jAQ*S_oArY(J26_kp%igLiu`W+wr%xoLnR|M1+2}~$!
zjSBheeOqf~3i+c{2F>ooXow$X{<!0%WKz40dt8oSMPshg_p|v_BQW2~=z`)Ytb|@D
zAK>FyuFurM4{l=+RX^?KVwumzx4O~($S;MpQGu35k;?g{A^Q)OpBZ5jc+X73Rzd1?
zz=|X1Y7zvb-bMU?Irv(&R$_)IVe)fRp$8{9c!njXH=Uk*-(ed4^aYBgYOb3EylSBf
zf4ScUpyjCUy*s%2nRoystvMlw!=Ps7l*(*Xes@Af&<Va&#?XmOwtSIG1t9@Zy?di4
zN~OpSi96HU;gs4Ye7lfv4gT@1&X11Gw;QW9geXMyZ!=-ghrxh=GYaC8&J!z17%QFd
zKz2nyIMEdDSwz%TDl$_RFV;`@+F^ePz(tBS+<}=TAbb)d7f=*AzP`Sb1h>*TA9nhL
zbNG2sXISM-4SQyA8W}M9cH4R|*zzud83vW<6s<!D;)t0t`G5Nl!*#lCFtG-17CWxM
zqNf&&)F@BO<I%^yM_=Tq8^eusDmRZoKc|id-oL=9UZs0VDL|Bq)-6WY5;r8u=!jsI
zf@2vP7`g%6?t`Gr5IGelUzC5G9uR9syMqWeN$Pm2{dJ)~iFg@E@6-kcsRYJakS|A!
zpBPi;W)HfzJ&&V>@F_wBGx7_qYrEbCLSB&ST*%ap_!12o`a=$slI%I|itoQX9w_mW
z_DrjdIC$DP{s%j3)0*tV8tu(zQ|1Rd=R9e~`@O=<**hs8Gp|^2!Nz}m=o#9~Jk9tK
zTPBSo4#c$K?0DaEKB+4lRtwD7_*S5{9{96PdbDD%TH0&)SG}5hBfro1FR(e<T5d!?
zolb!cpCz3}Ib2qPMgpn*zZ>;Unor>k?&FT8MpXF8&ZKg^VOKJ;`0m^&EpYgi&A&~0
zA%8iC1;{FoZ`F!g+$WWhxKpj@fvU%Gw~_R)(s3AI-YWIV<>U48p$-r~FS*Xu%r^fR
zdEON3mR-<c-En3AzA!8*7!Y{oW^t=PjDMh%xB35HBV9=9M*z^rW5_7)2{WX$)Z5*F
zCiY#m>C6BJi=1c^e8*FXmulOGw6=;xoPtHPIIlk}ga4YH>!7+5s3T7#tVq|{ii@%?
zCr$ag(9|I@*T5$rO;7VC0*Hd>Kh$6|CQ8;CC&CL;tW5tpHiTDGb2qZ)|4w#Gl(jM{
zSIF!9H`Oo156eydo*D6CYE8?`kNHA6T=~nIvKjEcoc+*3W#9Q+2bG$8iI-`$qXhNd
zE50D!n)G7YX4km0#WCju3N?-D!6R)db9(}=ywo4~O-9L%XVs+U0^K^zpIab^o={48
zDHG=-2mbU(*rHGT>o{{EJN6p4Yw0z5X2{dDv9CGDN#Z5Nl}d}ix<^axRboY|pIgpn
zgQXI?;Sa?z$^SFHW6@wQUNSZKn@vQG&(AZPGx2`P&#&J_D2l{3*%}-`t)ZMaPkueV
zR^JE5`L6$O?{$MTVx*<XYd`sSQaIduT7b3%#{M;TeeyvVG_i`HEH8J>6SbO!Jr#~T
zhQ=Q!Wz@a}GbV%9*tlE;)}u*VY>WL!|HU1ICWnE$S1ed@+Rp&ps7T&>9kE#5r<e2j
zb1IjuWk0Ots^97i_fU8aV!U04@l_1Z<%B^W^a&=7&W-Z937VsXL$iJc=Twpa{!c_S
zj-Q)FqfnWn?h4H+65%yrR<GBh?5cOIQ*#|wRc7IOAHl#`avC-ea)m$idKO&Ocjun(
zk3-`owaqfDtJ`1)cpzJK|Cc_0(~CUF{hCYt7LW=yId_;o<c!U~OiurIH1!Envu!2@
zNoI1UUjOgk@}%N8D<@9!EaVmDP{Xkmc3rLIuV-|1NgQfHW|9x$HZH3sXJSj0-P!6Y
zIGf);r>SY%_k|%AK%hyhI)X&JL;vqot58JYzmXoaXQ!iMzDvHa<#j5zq{oP-x{%QC
z=?M<2qy{-TViydtVcGu+jhZ`wL|nKL@c2a7YKP5D{f}PAXz891ZmSBAPVCGQPyz+l
z3P~ZGxTr<d%1J~QMwGOt?9M0!BUV*4+ME+;&x~r`w?J~Dk1>6Pl3B#BA8d|dYE$A7
zvsnHo$ro^6nsdCvexabe)y5bs8m6^<k}BdWLJ$rA(jf0`K4;DBNk$g|Li18A8`osw
z9Sm`}l7m;Mf+gV@7X3J>r_<(~etL=T6z|R)VpH5ANGzutwD&pz=eQj3P*s-i(?`x3
zRl>y%p&P=iHZM%mK7q9D6vsdV=Hr2CHQD$efK90lna=Q=T_bHZC-Q#hW4^3?+Y&Yi
zB;DZu_mw^e`0?oNV7?X1Wp1ioslbRDGwJ`ekD9uJMhnl{CA6;+avjgxt)hcK4e|vo
z9t_$<3vg-JGb>)1E}}qRC%`Q<SIj3hpe>B2u*qr6LU)SGwuhI;Alj%xNCu6%Q4-E1
zI*V3Um;y<OIr$Fi{?l!aXrQTWWHAzSV+EvHu%yCP=bC+n=?^@XW5&6u_|C4Kz*li?
zdt5!&vbkUp%Z2|S$4odhhX8N(UV-aeN_Z^L+oBy|z#ZZ2Dv0?4H(#*p2sf&spun5?
zgg=iN_02HgUKkmopRj57INxt>4KgY;Xa;)QBtPQQDh1lCK6|)ckWc~31MV{p&_PqF
zaV|GNiBOkwzM-XTy!tDj%rO9VPY<7rq3*<`t{P~j58=h3ExfqY+|Fya-@!0t?)!f0
z-DT5H>e3RN48QM=Bz!()j@T|7fXhH#dN|taIy{TpwX>nj#0}RM_G7`NaBAw1>*7IF
z52`|?b%857E@;OB)=!z&?i7BV4?`UeEA74ZnTWrQe7kqCC#nWgbAAh@dZDLgUW;GM
zT=SX&<``}@a|T7{rCS#cjH#S&u3keM^A^KNHbND;Yh9uZq&?p0H7GI(!FBdB;lhLb
z&|JkG4<_4iv(`s;es+0*Rx+NzbFIU!MyzP7;G#!d<<;Ul<DE=!Gd<Ugd+Yns{zZW<
z^wjmi^G1Xqk<$85HRLrLTh{V)Zot)1=+>N8=Dw#wy|t=cFeKvTN5xCUaZJ^ncM#bo
z3jM*{yH~>9r?DS@qY{nr8fhxIjg(k!^kUAOFRA6Js%)<<T&I859v^IY#1q9b=VB31
z^zcg9_bH%_&g?;8mY|H%vxO4d>}e*@M}|}VFl3bT1dnUM>WJw7lRWon28?X2VUtPu
zLb08xS}-2RW^x1_<Jfn!4)w5YlM9F2+$tO42n7@BTIK4eBqIL!j<*iy66RQrb9HX^
zMSwr!5g4dY{7s6P{H;R={#qD$+uJFfg+Mwh+aX%O3`xaeottwVh4N-!+fmNh+{4@e
z?s?Ms_H*b1ztEMi)B--J7s0ZRL2lgIc(m6@LyC~(gi+wmcuO>H?mJ*Nd>k>k)gV6j
zCfad^0M6z^?;G<b0(yT$*IkDXa6z1{4s^2N<l${#+RJDO5dYYImY^A59bol6j?|LL
z3MRFLAL0u>{`zs9)bjA(nU2%n4R+s=+|yYnNYjXru?_(5ZFAQ`d#()9`QYEB_B;YV
z923xozHdkqYv{wULUIElNZrJvFM!vu<ITH(;vDgoUeJE}oGDYZeA7K;Hcp7RI<z`)
zw)S3;X-;ycjFD7euQtBgGF@W`6!LD(C{dI3R(i*WG4fk1yIT2zjJ;G#F6v*wNzRuT
z9b0xllZ?w-`5aDkcy$?5qy@+8tHuX5@htI)rPOQ7B$d0up^lAh`{cH%eubsO6f8%b
z{8U?~8thr2GUI00GzS^%eFvGWL^xBxBV4J;Z?O;QOAfs1=(<bv!=KH>$uyGtgqgZt
zK76S<9_9QriG(2;WC>K3qG7vzUM4r2qjM>G1zIlpm*^0Zd%4?zIf!({Yjfn+32tgB
z2Ung%hHoEgJ-?B+zoCnV6w*^l_A;S58pdninGO+9ndk#BZ#r6^$d&5omBcFDA`0($
z&*@A1YPA_6CA5WqfD{n_^vypx4b5CBtYwuybJ88T7#PKWvT%4icJN8WjaaR!GdZc6
zL1JoOe>rk@EL6WxXreLMHEhhYs|b=9!)Cb(7!obklcuT8zBZox^GOw2kH04&p+Aaw
z7ThLP_DpI2TL8EQRMW$h*lb0&KTNGi`1Qo-tX%h%Fjz)v>PrEp?4)?wfW#g}E<hQ_
z`yesu&;2B^cscQ5a$Bl2JtZT4;d0{R??ZcXnpM&=5w@i4HlEUs+lyy6jbQq!gN3y#
z5~HtTe>^FK6>(=YtBy>})Xf7(gde==C);*%9z;?9l+mnC17P}7&{hSOmBK*@FV3l*
z$xtglO#-Ck*&lqr*hu5=acv_yO%>6HcX|hsXfK~RA`N5$Vb2r0%)}X7G}&S9U5+L6
z3AE6D*=uB;!4JHA^l2DmG^y`lS7x6BFL_al+gjTEz69zwBz@zw48cu=`|N#s@@ohW
z-AG&LKe$?IXpSDf*|sj>2tC>b>d(i1njw|S9Wf=CZXIUXmk$3!#k_oG+h|XvZinX4
zH6frmX&&LKgEVgM;7P|zlZe@*QtT>UoOIG2a1XYd-5_(w2<5L5@x`)lJkBkGw%KVX
z@`CgO$~*vwl&<FKa!Ve%o^zl@dL@$itjoWCm#8~8%|6WXsiGZX*y}m_LfpDcJ^^nE
zNu7hIGbl|zx!2ZSJ~Nn9&AAQ;Y%CvJ9#8AHXoHqheDEt(H1Un^ipX}mUSdBND?frR
z{LQ9x@WDz|5OFEN{Y_YCWNG2_slbBxq43h-KNPhSq)G~{hNL4!Do&Q8*DK4oUsb1N
zw9xFUERHt*TA#i)3$!6qPvovwG5%GF2vlkm9;H8TQ3-WV`JwiFL9bSbLn6ZOyOkEM
z6qcMRn7&$y&nGR+OKECoN=9e1Mvfn;ZP7dK1}&RieqNAY`tW*zyNBy4;l*kCt!-fa
zR9y(BaG5+UxPt$1&)xD}sQb&h1fEv){xU<cv@qav!N2=95vZ$9yN=@s<0Mi+i%X*Z
zgy~xFn#js<oHqhcoXYwH*=b#<Wp-%>i|+XcmZVifZO)ojZ?QmuFbzBuafuEVA)^V<
z$BJW~WPaPopY=r8Ll(dvm=s&k@)#tWf?`Rv2x(hn<3u~E>V7sDkN)q?`{W1i4MHsN
z2G$UweX)T6E8NREq@<Y(3{`1_Kjv4U?u1!7mY*|4ku|IT5kk}nhLX|UM%rhFCXW@I
zI;E%=3)Z4gBi&<MH%t9q6y8|Zk&OlKsWeGVisH1YbX01a^(L<q$QM~|tF4~vZwbP;
z7moXd0&{zNJ1+ELG0od@Gf{3%$G9|*WDVF~n4|)9{d}O^09`4JI1mFBLA%+7MgbiG
zPJwN)wL#aRZQkptVIxVR%}A_Ypsq=+`czD*g_ocGwR~IlNA2)xFgVO<{{>;JB!2>J
z^}uPmwq-J9348adV}JNY{XHl5u#`wA<TWP!juUGN@-bz7BU5|SA`NDL)$v5q@U@nV
zxxH)arLM?}04yqgu@D*XP&d?IH~d=u$y)vPe5%-v6TdqU0#Wx1b#puuElbWUi}k7%
zz@cv|o(do@@^_v1DpndQqG1)5;X-<CP<|Zx;<ZyPf<I*L!~2usU|*}Kmy6>%-d$@!
zvYNF+%k^zJUWI<+oy2BL{y^&sGG4pRUZ~0HPuVKcUTmbV+bu1&pTaJhYYZ;!=4y}b
zeH!t(=KeT-C^0Y-Z^jt3MB@IG(Xq1k!;GWw7x0y-w~JVi03kctw-B*V#m5!KkObOw
zH-Kl|$P_9n_Ojfqzfqup?X(7ZEd!nzcYOxv41cqhZ5HYRJ@yh6-8;M7(Xa!eS+1j5
z6de~w5c5J276JZVS6fr{V&TEdZVxKkugRlv<Vg}dk8W9<8mO=mY6f9|>_}!y*t9tm
zGj8k`dUzJaq!%&+9_9&zkBd4c7i-hLjLZ0cLs1YKfbNf$6k%Dn{}14`K!e`mX9W7_
z*sW{sS>L*l*j@ssk|{>Uz2F~ZhRM%NzuCR0n-0N3ZUnYP-h2sKNWLix>Vn;DIOgfG
z+qUtA!u}GjZIiqf9zMi?&A3~qzKy>5gD9l5U6K30Q!lXKk1J?@0bz7RY-au7arAh&
zqwuod$V}iJ&Ld=+R|I~eBHU}>7j(wpz<KV)h$%qHT-Wwp1N&`w-J378=7vK#Zm!Os
z9?X54G4QL$U}st~yu4q1ZL85J7T{}Zhlh1!`A>ft&bU7X&-p*RrGEveHZDrx2_Jox
zWhVE7{a?73Bd%Airh50Uxobwct!TmTyl&4vva7SiPWROrch_wto8B)`hLSaXV+Vbe
zy~xyxxZkPx4c<mqE)!#^`z4N>ie~EPX6X*Sx6rMplz#@p>S^a^3^F$5x8<;gqa+PR
z{mY_AB;lnj-F?%lBzAC{vq5#|uZ}%HQb`-t+}?rCwiP`yOcK6PgErgM7YHBv)@<f>
zU+<+XDWO3axM|Nm$Ku@Ce{|ucM}gjF{+$k$Hl^03rYvgKLRZnjGZS9a%z9<CGLLUX
z?R~_|gOKpyULn4<i8o({0auK4-_7z&T7gSE-5K{3`S0yGsW#e13h@rq2e9t>GOo?d
z`SDy&oA3}1R?PZgZP@Z;w?-Z(bm)VIREh0CLxTW=q!4wo+c=#szc}+TvD84V8Xi(Q
z6QWLwS$`wH_&}rlqMF2a7!!F~h6f4kuHPFmbkEK*QCkT+NVL;z4p^-Z2|6=)C#33~
zBPMkGlL3C-aPr;knx)zVQs(`*18L2ZaM$n@HkOQ>^&T-zXw6j&o45Nq{;LO>%{t4E
z3<TPY_oY90VD|%*1I91pc$L~hgY0C91HpGuM|d$)GyDKx26jV&gp=3qe9W>49kP}?
zPaNqy&q!VpnTB5Yi|nT@Zn`6y6NKZO4^Qcxh*Y2IwN`*!qj*TwOMVS5qkBPW(jl<`
z<`$^3A22xs9JHsnsdSHsP%M35C>UApUruF!L+s9_G_{6?sDJ#mC@&(y597PaqlMPJ
z&GT&gNtub_Pg05ZMTU#8ZUZ%ri2<R$R53~TGVf3RJQ{Ui-c0xuxnIJkAq&5bcdiBb
z0E8(1Y6DxkfhN1@6%42Jj0p7k0_5p7eS)}Q;E%Wt5A_RNVAfFAnR(m%X>O^*O^`^i
z-%)myo$1JnuVd!5`Ijn=8Z7Z_*T3SEOzfubiSsyN>N!K<+cr?4Lk4Y%{CnQUY8@>!
zZ%CxvUEK!CJMQ@m`Bkp@aA89!vn8(T&I)j?{HtOlCE#d?kz1xZIdU#8Q2h*=3+69<
z5{~B0zB43f=efK}(BwykLLkU01DmeczeX$IsylzX-Mdc8{!5$Y?<3c$$27?suZx?7
z-gi{5F57Mg=U*D(DO0<Agnfw(*yjTD@`U-!ws=9k_S)wIcz`b>Dzi$lu|%zItN)f4
zW=SDyaSXN_=yzL@gMVF?%EXCg86vi%H>oq^M|n^9<E;hEh#4|G@7FTJ3`n(&)yzNm
zr;l*OJ$uzEPbXrYrj{2WAL!#YRnF{mvvW6Xz>vr1-(X02<1&cmEBPmHHMamK&tJat
zB+(C=!nk1?`WdP;Lw`_0eR8l&yV7D$2zVa5q13>p*b64&x`x#IzO8lz9pliAxAOt~
zuRiWm)$<b<_VgD!ME-;|c=3~$_OZnc`OUMBx`s5}`mMW$C^Li=ANO$qHZ4mWz&?pr
zo+9`yVcDZT`2lNlwF#ptE=LnaYpj1{$2;Es2f{{+>z1(4DR+wt^D+NXeDd+X&_4MD
zfs9C(#dQr?%bdTc=ZWPE{<XiQM1V~-Eod+|2<Fh@**q<}H_OCHhym$kT<i*xE%4J9
zNV2?~&F~AETYfwF)u6fPZx>#uOA^1<5#aGz+19s<b=*}d-AX$%nN#4pWer^@SD5@&
zW6XS#mf(0L^~o``zwCsNESiyUUgVfUN%@@5R5){H=Y83YH`Z-4@$dev%U!zRq;I5Q
zgg#aEa;|OV_D$_;(>HZ$I=@g%0C!L79Le?vb(tlC9W_T6&s3Q&oYKiSV%-75P}%dm
zILI11ZjF9#a+Lb~n294tjVn~lBCB!XiXv~2IMt5)7Z+ZbR90mY<J)PH#RP0AzL3Kc
zHN9AWth!hjMX8GZf|*h~2HT5Qy6jCxfA8d%RJ|sh&Q#+cP8$~|sm|HJ7k_GQ;lrNn
zk7U{8J@D7JE}be1@?ij7Wc0WwqASDdLBai3AJUV;AdVbOJ}j)Dt%5nLS+_QxRKBQw
zw=EWQ2{<3{um`Yi_al)YLx%CaKbz}c2A16|Q6Kn2?$|iHZ|I#Lq_#z}QTP}6*j4Wz
z^VIaX<5NQCQu}eT*$ANTbIK8Bvg+oey^^+h#;ua7+nF$dy(Q7>tV&pq4P<bfWc8z-
z7P|^q6FlTlEQ>OmbLrAN+tlR+oe=9j_M*;3N@W_@IPjt3*2vfB)`%(LAV+r^TL|p+
zI*{g<1-BOF8TZ*FAD=o488`#L=14S6vlgD1buJO4OR7`<M;k+0*zurfDf~jZHvaaZ
zou`GsF0X-CFifl0roKf$tB(6_*{262uGM5nxE*O@!rk^m*2=AL_Q*s&G)ad3AU{c1
z<@duDkUyD>X8*ze+T!&FWG%OIOCGU*dfCyU{ch2pHcEEbgw{gBwA5zR#IlL=cXjGz
zal;0zWnXM-o9hqu8zf@Wr)}i7`F|oKD|%{h24C1BA&Mr3A3hDeukux=wXS#MWUV%f
zS2^KsQO#yftOq=)2aQDP(y%Lqy|joTj&=`iCh}!W17?n`G&k}KkKNV^2aaLZEiLU1
z9JLl0g@WD|uT#1s%&LMNhW!#OM-YNGnG4KaMfUo=ZIb81()WlD(h{*KyDXNc&oo<V
zJ<YY(>*ka_DSRE*?YHD8E}{ubb+`C^en{O0@jFCqs$5hyj4-X|6Sgz0Cy~*SiErWu
z-W9dIxz!SeB5ZwPg{vVj*<t@Eei<4b#dLo7&6?j5ksE(;gRsT#^-};1pZY!r;!lHW
zX+-|CVJ+qkw>mS@rccNJ$$84W<$J#ym596OKpE;&6jm6@<d?9jW=K4Z;jh8v1Pc2+
zfBFCk6Rzpq0S&1jaZ+hOrgNfQSIArr$Bh?!=q0SL(8|8&SQyG~O7DxX5`uJGE@q9L
z;ueeWPFM|?kaT(7#e7I*x*w8hvZW;F*k!^Rdn@qsX_yz*XHV!+*y`g_hjd;g81nDV
zuu(9t)~oR5pfUjSE$}7Wx$m@Z(AN`ucg`t#3c91>;z!fM<+NF~yHafDUw%v9S`zt!
zw77!zc&>&GaI6j3<~K`|&pOXt$dG6nRJtXs?=yVs7q)&d#_b90o9(&WN5H9Y-EfJ%
zeFT~uu$7#p^-@n?>c?UfbIdrd(r@z<>Mi#=zbA(i4yPIH)^jZs$=`!}XfeK14=~Y0
z{K-Sxg8;;qmNhMIU6A!S;(-rjUao5U#O5`hXOCG4m#p7IpPX6VqJ4Zkdv|`V@7Q#U
z4+J3>q-!otR8cFnX{|Xs5k+Bd9`<4>?DXDvrf?r8eF&*7bwjr5`Tbl~bHwQ?Dd_mr
z!4Z0ZujGY))*5v`9i5iIkDniY9tGM39rj8SNXh#NoA<*H<AjLN(^aZkU|;JSSkww2
z{N+Byg{ykE{Q5I5#?*rX7!I|+z5V!q1@Q#!%xvlR*u+TdS0>C@n03ZQAbBb*xCa>p
z)#aN3D8htDJqL-NYzpn}W}KI``RrKMdCuIK!;TKice3=h{yc%iefOC*0RfLEA9e3_
z;JU8=lq5CkeLBY=s;%{PoxNLSxUE_?eAvr=si*y{B52@l*s48*K_)rv0LMO|a648@
zD}K*7w*2lfO9y+;9MD|AV_h1Rc4(ZM%3sCA!7Ju%tzYVw{q4{!08$+{_a4E@bsU_Q
z%C$fJl@Ugq{2PSQSl_>I{R8w-)@XB~ScBi&bk>%+cGznGa0fgTYUYO)AY#)J@!&8n
z=P??X2Yb{}!SQ1qOFa&mW&>IBgT(-k*9cH}Lho70t=~$BNgvJ%BrW9o&mZ<eP1cv%
z^ZS;U7n_w63`E9VRFZbmOITVGdcCw}P2Cr`Jes+-UK+rNw|-N!6BI;i0lPrdBLPR}
zPw+)fEO>_xIX&27C+LC2aR=oL3&~8>WQ*8V|8Zx^1>iFSsFvDd;w1&p;E(U)$;D#f
zBlk>}@}i2R93I{8<URb~c6Y%yc*><4mG4F#HsJqAo&t$i6~%FrB|jx?-rc!)mX5x0
z+(C~INS1PVO4Je$@{-?S$v=CJ_K^IfQ^Pyq@G$zz!-m11*=;s(p;-7AZW!&d6=RA&
z{jj0`w`9-&-p6ai!vV`@iY+?y_QYH&nzcbgIQYs#f!ps30s;@;^vp4yt4wRe`~_nk
z%EzWM9-3l8d?8BD-cibp&f2z>90?je%C(5Q<h^uw;VB;Fg<v7>7KTn7Iu!t0dN>}=
zWr%@9fS}=#DixckOXfs@1l?BXf*=0XAXdlKp_?X)Xk^pSOPB9Y21BL<TMz#S%RQj~
zJ@Tgo=$HKWuy@k-KB6bIAu<jI30;+C;vCHTlcw>Up=-<+;+kkI+j*UyxXGy(3%3@|
zADT|zy}bmD7b8=SZI4A|0bll!5BxKz#9hEM7rO9LHyaD|PAA$Pn$8LN_+i0KNV6oT
zbE-UVR12fZ`AyS8Lqei<sBiIG*J+9PS09RE_N}~GwsVOWzlZq_f&&y<^a{xfuXcn3
z-BUyFM6PDZ$f^B1A1+LdBp$yfVPljK+UuDPnhSh<0{sdh--K71uh{dLLulf|0>o^*
zry1sxUq<AmmZ!Li^LaHOTb}v)TXAOe83j1myE2;!8u6xgdG?K(dS;1M&WzTf{+{w!
z8}lnr_`a|o9Kg`S&m;lz<C7QN8WG3P|2?&m7x$=4<~@wS`gUZ+<*|%q^p110MvDK|
zJLxwbeTbXJ5LH@8p2W0g*5sf3N|XK$z}09UfBiwT<!sZ4>b~3iq2g7CCW<q~m*}OU
z+0*lP8u}g|%zs!l;%k!63<^&;T!uYvrCc~!+~Wmo`uOYadg597gJOEcmhCR&c_G}v
z8+2w4C6G)zMRSIjX0vkBTJm_8a>Jjm+KX4G#VuQ$_<Vb_M6`Js6AzXsD-$0MI8d@6
zp2I@$+41s)I~1Dv-{--O!j4n15$6BUTGQN{!@YARN5nO(V^P+lAS3bW5Fmc=df2X`
z#Z{7m(YYhlPcB4`{B~ka26}kYvyQq{5<Rtu-~?o@yhLTJ(pbuczMG`~?CyhX=`(H3
z0i|cs0+p{Qc)Us%u><G7gX8lh@15BCqpM92dL-DYbD`lo+CNhRc~1qpUG4McJ38F#
zCZ<|RO-K2%*@cQdv$+KQovFdo9(R^r0k6Vg|0wjjaE}#2Gwu*qqyG8pe)ORvQzUpY
z;PIKY3Zb6l|KsS(!;;Lux2K$P`c{%zxyzKPW9EXIyD;UJ`?R^|Ms8&)Y3@K}xuTS5
zqN(JP=49>_YD%U;DT+(sl1f1Vipm%u3IZ>`_a83);sTz}bDneVb1!cDD{#ARlJvdX
zg$5<aJjuj|Kh~}@a+dC9UA$pNRbyo7JF_%AAgu2udvOPqf*hrzT~U=sUiOdl*JSnE
z|7EWdj%6SV;e^<q&pyKo(=xNR>I&H=?}JeZ+L1U%{G?@*)N>wcX7hTLGs8>!*pIl1
z%~~}Gpw>c204SJ+c$(T=AChD;>`ZFEYxOn940)ja-qw%k8=3gQv<WMltSPUcpaZux
z{k-t{o69(tgsUK+a_=P3M=0nY-Eozlb(x10Cyw+#eTmbW7?d$R9LR%$+(1Jy68Vqm
zRqBPT4ph>ewd?jU;!gB9w`S=1UGbI$zbFDY0m*~gR&F*<0V8pe1bB6#k;(gC9FzEF
zhnH#p%$pE{J-q6GC@;Ng1##8c%E=9!f(Crate+vhpQd?MQqId__>%y1AIjJ}5>~<O
z!YGo^eY~oxof<8@C#2R&x!wIHTSxhy_wOCHL#1|g0;7XJ!Wq4v@wuswH;p4D(O1uj
zY^JKR4u@_=&DV8ir?yFce+t4?!Uqq*g?X@py0e9<$I$glM=K3b3B#vo_dq`>r3;YB
zfi+g$*}eordR^L=XSfQ&8BCa^nlHfZEVJ-A+X`UWi4YdH2|20z1$~@Ji4U!4?q=nF
zRJy7+H$KV^#nGw$YzYjlX4wtNun}68q7b)hEvJ0uLJ4$F0Qwg8ZxM`gcTTApARZff
zUCsYL;StxV@oxwVkPz}d^I@8dFi><`a_83tVPEw&3I-hLI&ZzLIu0#zk1jMbewCw>
zq__9^DzF5)Hc8Tx)x-fKkG7&)(2CoS$0zjG#txN1Re;c`$UOFMa;HTQ;o>=4QkyFG
z)q?ToMk_$qsH`~GXGL|d%buYhj=Zhg0FK|3;|?EXeRJcrD>}pus<3;S1Sgo@@VxEE
zoG~-w1Hq9Hbc7b>!upS)$6W$ldadY~K&eaWA|*~jHbd{Lg9fcVl&#(p+1#oP(4d7m
zHOwxlP2PTW@V9~h;9KY~BN1nXX|TC(%xT?#_3e~Qe4xGh{>V(thL)(vno%JIuX()(
z;1H93wcvS`+MFA4e@Y#yZ>S&~ZGUNoA-zA76NB)Urg+Vq`tqcFHfZpNBV4Ldd{_;r
zUYuqQ+h=Hw{AlI(K!H+Qa1e7ESZstEjh2Co4&mlg2+NVlCHQ%Z&>a{dVkfEfc+-v|
zon|w&zU0v1xfpf+I-;Jl-+}h*g7wLM%GZ?h|ErLgi>vE7`y4Lb1yjOs;pgW;A`SN0
zui;uM-=<uJm0HE6mLN{N!Y4J4>p9mH#4@_r@F$Y|sJ75L_WZl^94See4m{{OH&!B3
z&Vp=H&W9%j<eVHlG=@AZzye(NH{hRXW-~jrk}@eZVremKa_cBvTp*mi14@3jeS`68
z+p2MU%^_UyP-@G_(#n=mWULvi-yJ$uj*TCbJuiB1S3*p^yV~w3jMvJ7+INbNw^y)~
zH9d@U5Ev*xoLYr)vFS%y6~CdFwCeVu6+U$Y@+H<MzciZQAL3;7?aVT-b?9zaXHi;l
zaw`<+s^^C|l?(z-ZSoza9Ot(o1P8%hN|u(<KUz)>7m?~4{aJ|*mf<9kMIZSV7(v<s
zm})r#4!TAe(;*)AvW8LxVtUf)*J5F1StO&d6jM_mp;uzR#t4QUI#%HG;C6)@IT-0$
zI`$g=|7wU$dhs^(tYq~euew3demv&n8VM9KrN8-bTry_W$c7gtru8i0XCWR5MZZo$
z`|JCdEP1iARY=r?v|vbXv23=?c3Jiq{<8|I++YlFP0vP92X8lRN2l_*r<hUpu(U#$
zYgDUJ%G6T-;M6%AqR|1!nbR-V!{4b*u{2CitA9e{txx}iObR-~+CjESes3<VYn?eg
zz9?KWJ+1kpk$7;_W-6K9cHpssSM8!bZ^ry|X%tO=@NiiAN?WXh$Xsaajz>PztXOK}
z#i&_M8AWS8*)yg8<n2F*r8W#m+^qUUcZ%?Hu;ZBKYF`=u{$P0JSSBp5D^ZhP>?QG%
z>}6!o+swlkY)_B<`1*Fbs0(h%2leD^+x@MvuK9#tVymtaBFeb4lbEYy5jt;qdXZ&s
zcUmV&OZCaYE_X|X(fq_1=~mnC(crTgzg~?s=X4b=cMI*bj=e11AmlukoTZg1xT`OR
z<|EG7duC2jM}+3UsvMbV<B<0>S;4*i3N~w~{R$btoyjyu{!6x}xx!^!yQUL2-~BDS
zluxRN>2E+}@Cx4D?tEauAnkE7MCHlufKlg@X&50ccgagTTt=udb{TSr-_E_SvTAeU
z0d|>5P@Hp~Hv~S)cTpv4JX-tlG`b7q-8_&$R*WJ3G4p1b=_IV{e>;=gJo77G@lzMr
z=$ZJF;@q>JrP|@*%I#3YhS@uee(kC3W0Y!dYuTW3^{iB#pQy?uuDX+`QPuMQ0N1jj
zr7Ax+a~-4Mw;eAg`IwH=e;{u-`qW*rJYkPN8El1Oyj=zu@_l*CiIytKN{qmkBF<8T
zfvnOUZ9v0u=4jPNDrTe!TUlB|H3D{&!3w*j0dt~iKC<?t?+(yIeazqAlyi_JPH^lo
z`pnt2?8|M>b*1N?u1P%1Ui-7!53N5AK8x48WE=|iBmplqi?q3r2OA)w7s^ZXQ7{id
z0*BvY=m@vN9eu*{zwDFI4Ik-F9e?v^oUHOlVXDO?=(VJrgwA9(D>ltLA`P`KBJ}wa
zgw<8W7)PcCt?+n@1ARep*+JT<-O>Dbqy2x2*l8-3#muDSJt7Mw&19GPuwQ|+f_2Vp
z*>2H)83grEyJm+vsN-%_o5?e(+~JTUqi}GRu=_qY-J0#dz6B5Nz_PB6fWuMhCWA*7
zy(pf&JhHZ__k2&R<48-Wre798jb<@qH*uDIi<bEuQLXxjazWU8k9+1{thaOh{e3<~
ziZicCkJGJ_QEYArTdwcroMl(*_XUp$<oS%1Z51z;Ah+_;)bTj{MZC+ko!3J96Qb<(
z5LK72ue6cH8|`5ivAv|6TOv-7rAipe$C8P<#nq*G+6<TaUVzjhe`P(jme&_c9*Z65
zJ_O=#%4gu}7a{Lg^eI_ad>>QY?IwmA^u^WjjumI%wrs)yXcFgI5UP!)_G{8P#h$tM
zQtS-x>MFVcbe0*%$Wg2~&c;PKQdm|X?hLOFrM|*6oxdRj&qH(fsR=rfNS!!V?dved
zOb^h|w_S{!&8$i}k_qv@<Agxs7M!G%m^8DTcyB8-|7w8bV{U9vBL`SHb6aSQPLx=#
zK+mY5VO|qNuP!ZS`q1wM(U7y&SeIA#t$w9_ChGDmU{%n2x>(!6vC0gvZ}y&bV5S19
zU7>K_rhnB*qs*m(iz{rVMb}o)QE#(&Fz5HcTr=#A4|;j(Sf!3A>v&<>325*;&Q}~t
z@E3rY3hBUVD@23Iw`(|h#_d{5W|h9PkR@f)N~ZXIW+@^~Lj0<l!_3?f=63xTgifS2
z^$**nA&C1ITmpC*m)7MCh28l=!S~)FZ#Y`QAp&rcFMx7oav)QCvw#_VPkr)e%gY>o
z#udsa*T~fQdHuS{sbl1(RN{q=iC~LU{Lck#Vkt!G{CxkbD(49MpWwZA@w<Z>jew;`
z>Z)9xuPS#LtCybQwH=d-eSfGggvHbp4kpc9n9ClItLwPO^eGxsS@YW77TOzdzjYri
zue)d!f{)TH^?&u2`Qq|_JEjoODaGuJ!jWWDJBoR+P4L3JR`BV9K6Cp>=$Qr)YUFy7
zfxkRKR5bE$h#A!z?Y4D8tabbHVG_il_X~;L*(?W7G8u9nd#mC*jg1QO<XE0!#IxS!
z3s)p{G^sOEUcIysa~bWHJ-4fwyPII0db#3r>mio|c$-u96~Wf0tkZK)Zj15dzH2X%
zLJ_PNvSX#fW>~XlK=Crs-%<r3*rTo60Y9USz-SIg!Vy1ST$bG3q^g&ybrpq&fQZ3-
z`MQof<CD#z6T<(aP?a%}2?w~xZ)(_{x?wU5?pnCupWF^^^jCKF%V-C;&c%0mtCTv;
zKh-O8(_8*8r&5Wh=JH?=iqpFQ(2kvCn(W2UZQx+6-KloUV0!h}IsNAS^h+^#SG@d5
zNf}FUXVqZ&Kl2rCCMf~awFU}q>~}H4kMWSY8#*_uh9wUb#v`ezhz7quZ@w<d_naq=
zAQ&5+7huwQ{7j*n`tpCuUD{P)=jJ6k8+w|dV-Z~;o<aZj8+Oz3$K&(ZY9n9gAl1Y<
z;4E@#!)Zuq?GF6IZ*Omab?v;X+?V6eQ#mdXKTTkL72D9ZqO|2ie$Rzv!jXdLtK@fl
z>s$-x**p7MfHjMrLywsMChiyc)QhW7S*~`cUimJIz#GFmV4(vO(c;a!TrI!7S18`k
z2Y$05>>L-03znF9z`d9-)P5HD!|lXZOEY=uGW~^pXwmZ<e32a`YnRb9Grys`)z&*f
zf@>vOjdD*7XS(49bxY=4uUT*NNoRHT<Uk}Zf!_rN<QiwIgx!}hHcm8P!ioy!Il7xM
z+1oM;NxuT49y4Lk_sZ})nr6aYbrBl0InLr{^T%XDBub9;cwKinH(-ivzY6K`yEH{*
z=X%RrUVqq?@T`Ze2UToA14bkhg2w)NZwPnsM)#wzo5QyTPfcjSD`nt_%$jf4ueU70
zGhP9x#VP(_db9!v`wE5TV`|aX$#GxEQI!y(XMT`3Cj95pXrV^$Un#nNdTM5sow7SW
zJv#oU5PlINGq}>O^bPs5s1s#L?jBajiQ;pGFGyiU))lR7Wbb8W3Wb=uFFm?{1o1c?
zY9BevFOg`<GY?%QnVhA^5RiqN(Ri;6PkO)sP<jCNZKb>is2(Xe*dosZ4gQg%Pd0JU
zjtVAE0DZ#m8wJGQGBO!ziQ);o8Cj~jEc|dLxO<_E+90!@oJz+)>aY-NKq84_&$zp5
zGgJZ=)o%k6jHF|@50cQGc91_>bv(Q$*5eJdh|nptWnnJMBuI4CQR2yS@|wREtB5BZ
zff?0bm>{v;OKb?So&n*#Rp(Fq1$=D5lNqbdgx%XGj_5^y>VR7TW^)-tVtv`KKg@2U
zLH?!7)H;;wr3P#cvEF`~jE9;wFZW@Xi6rGJCU4tb_Z4|rPz9a3>$8XJn8*S7drEi3
zoz(okDl>Ul#{5vZY%1aYfU>zlF$0rSCnyKGf~2zW*!Nafnq|Yshu@V*ZM=JuYAao?
zF^k$gQN3Y$`dKH0yWngqGc$B2-FPbL+rQz^Sg{?NTfhRE=<=lz5_!}3B+!RLmZ2z_
zp~Y@-uY95F6&<F6Z`l3Bk|^A&6Ya8@ZfP`htUxIGiRpTF+hk+t&<y?s-nT=G)K<^O
zd)TiD3{VBTjJ}phVAZ##wUpR84CxopvLm2(LOPE*0vcY6)-csww-X~1Jt*UBP6>1>
zC)kj0^4?<<wrkPBA6=AnFgmjU7EGZU6YG8KQCqcHp!wU-j<pCe;_mJKd(=o^$RyR!
zI=+>aagcqEYumj4W~B?zmPLhGDXY+@41^*b@jExEi%C4cw^@2cyjYB@%Q(q5`Ec}W
z6F#3?I45Aqk8!3U>A3s5Dq2B+=5$Zw+mlA9vKsgK7c!*jK~?Lr=*ZfnUBzYqKFniv
z<`eN453Pr2Ws45au+>rMGpx$@)=mI*>IBEyDg{gHx&A|Vc7Mj?fX~ew#h%8FR%>y1
zL<`mIpQ82d&&1!{yAjgyRG9%mIj_K4VLC)O4bm5xvj=p|$JHNSA93JKM9cg<E=du2
zi7k?Qzuv0IdLNnjEd~m#05i{xf(BK-zDBN|<CZ}$N+3dFBx;h#@~zzOfs}Q*A!C`!
zDpE`6#T<nmR@i>$*&@mwlsn#NJp7LRkFWTjk~>C58BddJnSeej`jc9c(KS0BOhu`3
z@Ic}#>HyyZIqnohHedmJCx{Uolh%TAWt*~u{-sH(Jj<mIC6-y|wtfqG_YyxirLbl&
zC!Yk<a#*c{#2eD1@qW_spU%1NC4s($pGKT$`B$TZ$8Hy?8in6F_>*&?NUP^KJKY;E
zA9j_qEWlUF2@512tlz6BgN8A;I01}}YKd5BW?A&v1+XTI*yu;Zlfci=r9c+d76zXD
z;LL0L)k(q^z#V}z(A-x6ob+)$q4dvScT`qsbke0F%E8s?VoCJ?T+J-#^DlL4AkY+i
zY?<7X$77}<!p(Z3FI0z3=Lqc&%)Dv<4evybKt3Q%6#}F*@V(=4Ln_l~9;X?HoCuk6
z05|x>ZP*RoERlbkfIKw6I3nH!4a!M2{#lDe4ujPzEn`1u$eDAVY1zycfG893*)o#*
zC+k0{AJR~5$?}Z52UT7%gP^I(%zdwVt;<xPKZ{UVXQGz|5zlgN^4NqSAT;(Q#0glH
zVGXG0M~gpiMrWdgfCR+EIuvLw{)7GDx3P%NgQv`a5eQbOTm#0msQnT9_nWaZw}J`?
zvTqXoJvm8fUD>w1#j`Tr19oQqX}NNbjPta|T%;=Hb`dR-67qI_^F2Ky2%@2m%XT$6
zAoXvRYb2q3H#IzaEc&3Ld{UbdeD#CI%oN_<V_|~0dt0BuDr#Fd{nfq;8tVW>aqn3h
zT~B)?o_%mDDS1+GjfSRJG0PBrt_<;>l`xt1+${|}ELI$gseU>imu<D?2JtpE=2g=q
zcaFymYA8=;RwVYQa|gYIX4PR!tZx=;K*JI3pge{KQ{(0V88~u4I+k{-QQX-KxEfRl
zZW&N1TO-<-%FcLlX#QdVC#_n$cN*aH()dukdGIyJmoh88XnOIJx^0+n_!Oz_*kal^
zP@L^IA!&b*DT>&18U+pfW@a9Id?{lB@MgURyB`CvQK`#$xs|E(-3}Z0ZVffaL~Gb?
zXNL9>glX86wk!erGTcXsc$BsQK2|d(iYZdypvTpJaD!F83zd1C4^4Pa2p~bWH3qo9
z3(;Y5`>*x8?gUft>P(5?Uxd-KO2M5YU(=Qd@snOyfmA!rF61zZZ{7QzKafZ!SXT#v
z->f7uZwk{~r0bPd{{@|IFBaiM3heLJhiE1-+^dvN;`w2P^{0dr^vq{S%d_uz;G90-
z3e|N2vi#duUVrwLg%H!qpOR2Kd8Zq2-|w5ybAqAK3;ZXf71B&waPcFib(UE%E2+N)
zTKn!(>yZL)RV{;Q7Mov&Bd&B2PaS|ACCt_?qh+n(Y=OQ4w1``AY+S7D3O!iid_ir3
zV37nf6ymfTPKTrRj6Z01xbWuj_~oh1BBv&ka!X2BzF{;Rg_s~7#C+38AI-n`MvuOJ
zxuin8tn6F7`9yix;YQSa4O-S_SicJKDT$ETAW)ul@8`d^w|HccZ0L5!Xfyo2J_DEg
zJ<h3##_hind_-Ak^?hgxVc<yb<_sCyoPiYE`IL+gs*+ESoDRr1s&kx5tl&(9I9+hF
z0l#@<v1#PyWg|QZ+d90>s`d9TiR)?yz?+*IG}J+pnI4nLAE|HuGEfNJ@jm+e=qqpK
zh=Vq>h3omXBq+)NaIN3U!&cBal$CU6R|6JGH6b2&b!v0@4@PG(0<@icVFgetPVuwc
zOEny^H~`zXrd@E+e=t4aXvNEXT3ulkE41thbXOs#9dTe{+eoZ&rQ}eRu=X;LWHoz_
z0LY&zvS=AR<o<boQNz-sA*Raao<*fOh=*4={3WX~kFOLZO`_Dn#QW%v#@nvYXWihu
zaf6ZTv`50B$G83PClye1X$7yWNuW+};_lv5g$DgCc)R-5*N@D}KO9yBXC<`(Ex1Fa
z81db$T3|vortJ0}_F2(LZ3z;6d*?ywKkLDxh=&$ZXNhkUQj>YaZ1sJ80k?h`nb3lF
z?s=MccieLb(DyV?rWf1$3aO~q6|bMqzs;C&?@o8QU{Tv!&AzTfUl_B(gvnP3Ovl~e
zA^Q1ge{3M{B<5^74DB0pnRVe=9F8(XRwn*BNXt>jAZJ5LBBvO?%^X#87;>N1c4`vq
zicv7F3Drh0<8hEN%PSFaJx_0*6|WPgGJY87fei=en3AJdz_qAyW{oiOTF4~)Zdzsm
zUs@(oVi?P?I;KBUppPu&y4j=`N&wo3_%^MsrFx)Ddc45q^^^N4%W#>$4F|sY){FBN
z<qnz5kzsfygy-vDo7qr$$6lxhC<tt1z!Op<f+&}$e*u;0f6YVpL}tkJ0}a+jnvg&H
z$hc<Ro0q4my96;pZOu?X1LnHzLPLv+a&I;N`>8I7nUN<e>?s5J1U9*|fb(-PGmf<h
zXyw3Si0{?P!bTR!=+P4mAu461s2gjRMh98p-~9;f#OJ@PR*>)@N=;vJ+B4D3dhAXv
zEXJ-{g06?~F)-Lwp=}-veH{J^S8|@|Nxz8Pz2>c1_FAP9Y@{lTLb+S=J>rA@_4>>%
z-VRG=;CM|@h3+0{^XKr8dU4v2Too2Qx;uc`DRCxj<Y{Ls7rF1}y0_<V`)Sgr9%!{p
zq=f=(kfB#m!0@_pZY`|biGyDCmJ4=!HzDNW?qh<-(<iUG+tLn)S<~fxLB>-9UrNjn
zw+^zkZ{A-eqy3cQ-Z{3$Z?0XOZ>^J=pT#)<l|e)Kk5%N^Cf!A17kWA^2W%8}haoe$
zy`lpBKNw0iJ$fgLdtbNZta|U{u!_U!%4RHw5Rsv`k()cMPhw-~7rA=EwJ<!WrxfNr
zN%o`{V@J09PEvacxS49=@I5wug+`Q`93!<9GxVACkgyO}kvbtlL2gwSlKv3k8s(Q}
zL$@P=YXyG<dx>4F<?A~OheQV$;vrmD`2AfC4`AiQ17%&A53N##)>*JgHC+Vedu=0D
zd$vr52K_M)&F)h<Mtr{N!GMelC#%0{gqc_ysZY3<TUK0ZmRSclaZdMnD_WAGFgc8}
zS?sa-o2tsds#imbuViC~j8{L{smjzJH&pXZ)B+8B@8l=SG1bP9mk<i#aCK+$#iAwT
ztZ|Yl?Y7Z2SrKrcnps&Z-n}uTVGvMGwxHdm6bz}4rHxxNj1%J!|8kf^`>JO0<TezR
z7@5(M-UUEQXz&Lx)&&kdr_q&M`S8#*+Vec{C*{|^roQ6aC7$Q=GS$mIUwt7pTM4`S
zD|Tkz@`;;k&bCRTdi5QJ8xv=v1p8uQrUi}rRGkHMUe=_R5=~qw8QUkDI+<VWRRzjh
zdHeQFya?S1VTq>iU#@E9xF~g~iQ#%DCwYz0DgFJ*p64HscYI8=Y_R1I4`SfS=dL4M
z;Wy4v!vEXe_o+PP@|okBH}V3{{KTIyn$6wyCcMbL0vvkoO-<ULvJz$f<f@bKPYS#g
z(Q0>m?T7lA&o28#69Xr7{kkiXLn4D!!fks(!obmAm1xrJ?J&LU*$0X(#NU-X+V9I|
z$&D+t++!8W69Au@g4e7txxK8g+?OEP&M4HfK?Rz<hXi|aJ0b-8u;-;d<i7bf#Zvd$
zTzt9SeDvqTdL)JC_I%W!?hr0p$XDt(-!GD5Ot)|nNphWgDGwO!L-K~F!}BBX(4g3Q
zIO4<o=09)lB%G@-)-BSzBypikdss7YKGTh$5D(ciw=G4N&qEZvs;}efUMp?*nrom2
ziOS?>{^}0N!B;=Lolaf<6X7|;0aVJF8&^C`C$;aHF0jr~kssPW2r)(SjKd%keI?xb
zHCw&<AWkE);^B1??5GgQsI19Q{fX3F$GP?0+xYU*D&)G=aRcK)ylDvEM(EqBSG3?w
zkE2PU!rr@LM-gG)T<)YNskeON#Q4zw>5m1O&X?COYTf7m44(UXL7pTt_g>D>-e5{t
zOC$X-BsU(Kxeg68-k^g^m%J*;lT11BvRH=a_g|zMe8OME?&nF};R+rfHRf?1t=i2q
zY?>D1(>A%?mkcLmPU6eB^-L+4@ti3|(8$&nmTe05RKHfHa2KPA`G=By)a>YXf>t=9
z5`C!i1~0>W(`DLkNM-Herh2!RIk1dpXHT%gM`bpDIB;VUUdhdqP2G@z+rKj43b3kY
z<!u~UMns_}@8ue7?txIO20Qx}yLI&i9%zR2_+KS(3>X?Rp>+*^2AFXMnVb47r>Vik
zN}yRk=|i-#WI<mn!)VPhq%W>5WC$xU_FNFJ5!2WJa*mHYSCQ+`6LIcD7xss6Yd?2T
zXC%?wxOQneDC$QbS%x&k>OzQK9*kUr?E$>3R$MxLeY=xK<i|u-M)BHwTW6R!Bhauv
z3LAwzBi*wi&yyk8aoS6m@7Kqq#_Z2K%H8Pe;LRH8VR{XSjF1<?kBMverd<3JSeq;S
zL27vR@@t{^=**Yb!oH(?$%tK>!q|+8AYN!!UUD!RasA>HekDUt-|R=Ud*!-(LNiP~
zhP(gqRE`AkxC13T`=#D|@o!<lXMA3|UvibC#ajR6d6CFF-_z!ta-p%On|y^z?E`xi
zs4c(qx)AS$wLEVF4!xLPL0AirzIXLM2^s!{zl4~mHxJF1G2-TPZ&N%*)TVYN%OWa%
z*oI(BN~Is-Jx4UQj~m5U`y@?jX?DrfFwVRL^+><l_Vh2FZk@s^*L`te3)+9_Red*E
z-sycDF3w7R>8A{HZO<JS<joXz*<Qc6G9lc>9sZBy>W_Ao6F)<))~DJSFMP}t)1ze^
zF%56qB(G<h1ih*CNO50LvWg^kOZph$6}iN+^c)Ewd6k#!?va_zs#q#1Q{t<@`unn@
z4tbj+K7jcX>mIcGbN-JH*JNzglfrL}*JGN=aaAShD1?nZh-*%+>nH4+iP=f0BXFV~
zPq_!#c}x<WUKb|*op~abcw{v0xu#DYKarqAC4vj-#<M9&<i;K8taq~u*<~dPe+@Y)
z=GT|VyaSANpFjTf-|kJh$H|+opTZF2R7}Wuy9rk4)kWdErzIMF1y<6x%bd8b!QYrB
z10BKh^#64kF>Gef+k{G8qi_m|q>li}`AV%isr#G@sm*s3rrlHZ*c1)&S@4qj6%w$s
zmP!Ag3YxpICfvCOu8>AC66M9=nvB`|gow)hNo^tpc>k1w{prv<$GPnk+1=0_(VxQN
z+#%6n@6s<GJMS{nhOM8*d*vhb=%IRQ>{-aGoI<v%wD1<sWa#&o*w7t(qLJ&<t0d(?
zwoE`|Bz{NO?s11S!a^p@Tbx^;ZZAA1CvM6Ws_PEp0<mmf;|4L^T&9IO#%p_G6@_D1
zh{3trGQ$HbyC|)}ua#Sfi?7LJPkvY;@-t2lv~NOPx$!ks<4V4!aVS0})QrKZOEZAs
z0;vENz-*ym`>mofuWd(5hEH5-9z1ZB)PA%ucpVuXo_lQbSs|Pis(6(&F}UYI+i8kG
zas0S$G&K9=L{C*>9%wUKcK^WT#Wgvq&bWI1#Je&?+e)x_@gZ*MCAAC&>GMTe{@AI_
zddc}h9;`GlpHZ?LlhJ%&uA;MCFePQC{`0fEaky~1T-@zVMf*wN!tQcD^v-eT*(}v#
zoM{ddM_u#=`z*EM9j1T*f(fcvXnRt04=hv(ZKM#5P%!&Q%rix^kfelVgt)I5ck@qa
zFfH52BJ9ph%r`ZUc6Bq<YY9BaC7O2H2B&Fnt`(ZujQE>M#Q@V;P*fErOgTUuM~=4F
zaF%Cwff)dnU~jYZtZ>lHqm6M^99(P_o_pgAP}>|>4@pW;ky~isCtMH>{K~<|2VlOr
zk=nInE`l5fAzY99B?&0dM<oP*{eC!dcJsc(XcR1%)Oso63H-;cD_EP$A{~Jt3J8^*
z9xE9|b`%&{6<vci01fR$wfzhe2bYR~3>Euk4wjeYe6A9Bys#9_;`DVP9jOlGQf;A@
zjN_8G7#-HkZ<npLWu0r0mKu6W%RuW3wa}kjC+r2W2U5+%VcClq=*|mCum_SAmJK$t
z`xmdC2#@>B$x_X+(qZZH0>4$(`Cbb-EY`woSWJ44@b4t&rPfJL!WKQm*0eiwvND<{
z@p98RFF)J;fNxJmJl;&udZmm5^4Ox2^ow!$k7;xN;-QCK4!ljgdMWN5!P;fN?+y3?
zP-+%8XDP55|31|(=etz4R@u|yi)wR3F4=ZXr_W~X+6+VKc*s5~WsbRvk!3JBEZimT
ze;^urOk&zs6TMeBnXABUeFaDpp5DIhFTPsD*0k3yjT=!4I-$9S8PQlipuCrt(sg-6
z{u42sG@<^PIvJe<Ca8p-Wq&_Sz-cNaVZ#@yE`qY7bB;O)djn6c{g5BMlsB<pU3$bU
z$Ps_KbfqzmZq$Vgz)M|qQUj2_?$4Fi7FFcs%&Th<)_m+F^~($N#`<TZv$Xn=5EFio
z9%<!1KbOU4Wlmt~G%X${dkQDblZ(eEb=KC(-ISLP%|P$xwaB?+zP;N-yU#0pjZsG4
z+sNUIo?o_5U~^KNcrgg4Q{4>C*gNMJQrG!Mz_rJ21~IM0J4iDrJkKm<|5H~NY^0q>
z|9d-Zgyxr~q-VDiPC4=LPu%E8o~Yz<x`~x}=^0f%AS%R6EV5znHJJ4Cn>QV0HlJed
z4<s7L#!(xWxWZmlG5&A7OJj#x-CoMeWx6%sYjnzPn5s_jY`&J!F@Hb+9fdX^@<m5!
z4=8y}2heQJb&~YV2yBi`66Ab#r~{QAI{?!RfY9vzZ|6{1;`T*dnDHCifpcwBK5^kr
z*riinC%_N5rI!G{HON!2r@C+((VZd}X(e|@uL&~*v3h*VoLmc}t%M$B@0)~H`M94t
zuIsnZz+tZ{Mf!0=7;vMFy8gW50kc^an=zSfFT~$Z5d1*SNWVh;bm<pCCM`?yv+46A
zAe8-10)D?^4nNAwNjlVUann?Mb<}DeAp7%s=e$YrwOZR}9Wz5FIZ;+jm4y%1=}uVh
z%3fcd^-!ATG+sUYov*)Ouvu=+C9hYg!d>v{-7UJed}!lr)P2MpBoVb0ZaTmp>}UEF
zI*+9DG(vMF=4|5cZ)3I(%sg60=A|ufzmGJ3Q%|eQt4jB3+ixE<26o03CZP&s6nQyj
z!ac;qhv*xpZdMRpv+P`VK-D_IkDKXDm#=@3jkcFoouNgzng_B*cGsA+o>nikml?CF
zL=7D^^O(#m+KyH;Xy9e+r4%wOT8xtt4AWI=#3A!B+wM)xGC&1)D?nPEZRNqHPA4pS
zvIPfFwslm4Ly+6H%u@c>_<y|SgU&zia1`2a?xzE+ELAcc!DPLZ9R2pC&-g4%@f%s>
zomNBrFU@&FY_Siijp-@2-MiA~v@mftrA$A@1t4QpRuvynGM5s;>lQleQXWTz<vacJ
z(p16v`lXIFWIFaaeh;Hv{^x!f<-c-c$G)*X{w(M5B~$l#(eHfMoalG%>8<+u$fxF%
z>*?`~oOQj%`ih+cPpK3Uy(IQ;C|3Vdu1irBXN7vk<I{CRqQ}=)nBo)5zppuot0UZe
z3|FYfJzVcppV48<`Y}Udh2W!fH``Z$E#55*2@mFUw#YTq?^BA+2$A+b-8TF>*S4zf
zKlHAMA0v6&SRbJ`mD9Nn$bD(1Gg$u^+HmdXVXj@WTTgPs&X)dM(Z+S5;ULu%Fp`zL
zx$GbgPIX&JnVZX%IN~v_HGOA=`T84^J;iBjJ)PfMpW8?Jg0!|bzg)UV%)EDlg}i`-
z)GuWSMc+$GKtNy>fR_<MxyuM?xb|JH58W0=Ae)>Mw0?Yd5AW$p%4}x8aG4j%vvsPz
z{fo|>mddu?tm<NGR9k?Rz_Ja93A;B?NXptC_WK~S*B;hlaF)*DF;oj3_aC->moB!;
zu|Gr}h-=gmrW`6;j84&mIns^B^%yCM>myCd-g!CS;Ur+4sPQB*Q;xk<1p|gkCsQA8
zMI!;Q>XeglfJ-6pBl-ZXy2_-k@?Yro^}G7Zgv{Jb59d5CvB{FK?a=!%ZSVjyhEtf>
zw|cg3-@Hs!nC4)n<5ht!)n!*#6gzu>{)w_miH<$4r4n}Wtk89wS=~jvqC)ceWOJZh
zS$iQD)PMmyy@L!`c~3*;$tK=1;v|85OKY<>n6O<V{jrBI_}}euwqD-o*RDD{qEXjU
zn3hVPJO1<Nu{;6zb4I+InhD_;A5Oc^kSEDqtt3Y0rCzxxb)XekTOjjqXAap+99s#?
zb{e?~4M4$Ta&BXF5w;%gN0$%To)5J3a<^YTU^^+E?P{JeAFq8K8*pr5AtvDPD|}|a
zo0>ju*H%bWU$2Mz-2dj+Y-9l;HCc?f>BE=S%e>w9%Men~pix(Hl!iybF0p;XbD>#%
zd$^9coK%o>{}qO=)+MNX5_bR$GUQ@t9pou$@N{@h&Ow!bdGyO3qt{98>W}+eFKHo*
z`Omt^U8ES>prJnsY!Eu!b5LrGKkN^B=ojXHmzvdId3%or@Y<E3vCpdC-jhu39H56~
z>)aIhGonCJayvjJR7uybzB(SH6@ZO;7jF`>T5l))&{fY`C#HiwL}2xR>MxY9fV6r-
zuGyIjqJV!{;)m=eiLxme&G7Yhzni`<&PDngP3+0I{U`U?0ysK=WNZTI0uApqzk#vj
zAC5gM4W*#R%jSGXs#+(EvoSSM-lNVViCvp@J1@J4hn|`Y%XSnYPoMk>Ac%!s%|k~5
zKbKBV<xCzQI{Ou#WffZVbyB3e@oYiXpyrqwH@BQn$eGfT)h<rp=fN!#%7&A$iM~^l
zX0<_3c`49a^KgH)nWZIkF)`XEq~rmYx6W@~xazcncY;u%{VJNnJx$6K@6joVFq5``
z$m44ftyn$Nhc6gIN;hP+rdevT*<FtFHG>>*Wk#6*res`I2OH}Gv3Av)w)mB~>Ef46
zkI{eSR5-G&grZR>DnfqBo88r=>1EgYqvyD0i%yYB$ndsUfi4E}T}6J$hq!FUyBfG0
ztj=!ubpVGDGj}I$NOG|{{5}Pri=TIpp7}iJ)fHa@j(mFyZ;j#I<mG^$Aj{KJ+TuuU
z2d8^6$^n87?~t%+^;tdsamFxwaP~ZM$l&j%{BpGCs0|OO*MGY?F)84bf1|CLVPQ{P
zSGjL+#goXZGd{w}?eG8NO%nd*Y7)|ltybPeExRy9N7#<aGylpCg-HYM4#jNMmRrDR
z7#?1wuHrqnk+XUvEVO@Rf2Goa;A{5LV`d8UIh>;n;z8o(70TNxT+Ox`({VaJ!Twp5
z8Mzfiwe(lcj)#Fw5Kq}kmnwa!$NPCV-nn;g;y=O<KuKrBT7vJ|ytEH?cz3a8Wc|h;
zeN^)KI|IbX`rNq=Rey&x+%&45WrTgyp`G`2+^l1_L)WC?(??e-(4G}bx1A}_%V6!V
zAZKXl5;dxR_t;`oy&4@&KL4^oP><vZDjv;qCgV7&%Y<0qJRJMWd+hvv8-vJeDr@BN
z^J5pH9|gY@5LL^GDh|K;#F6#?R`WR!Z8+-+`TQWjk9pUuxF+L2R5Q4OCj+iQpG9i)
zn$BXrxe2)C9Q}}tE%_$w-mU;@<s+Q~*Q4sievC90>h!b3S=1JBS$xeoeez%EJ36o5
zRJ)WoO??|R<OB#b8BQLPDr`6dJL!C|nf8-WVG-t0sY;lA1-0r?<N=w0>!a$jBQt}C
z+`a9hm||X3t;lqoI%szB95<D=;~=!Yn^w1YzEVw<d6LG{W+eU(cCN16s>)H;8Q=N8
z7_R6_=gKY(s3Gy*6MFL#>^S0vwVK|gqNA+zW+jK!vs{v@Kc!v(61qrNRp(^y49CCg
z4{;iK1^VOHdkSw?yCIpK5J<yfYveVB!u=Ruvu%}{jX+9GjK`V9@$SEYWhM?>a|YLz
zQn-&&oA@0SJCP(W#(Hf#4JmdOST{yZguGAtn~fgYqqO=rr&x9QqHR+vUov$2yCM@p
z{utn41Pvll5)g=Uc;ANvp4$ldq)d_ylT(w03P#g30x)%jqvPS#etAZeXF22k!tMLG
zusg4!mf=;~VMzzsH;*G`4ySlX2<ha=9iwq|o5g0P#*`%t@#U#?3Ui7Bu?}HL3&e!q
zMq54v&ZSIE-dt5Cq$sxfQ0|TeNDdWywYjy9f@#h+j{n!%u)`>Mlg^vc#%2L*^I(;p
z6^Gg0e_!m<`u8@Og^YF{`5J9GU^7w9uo24E+WYtFw5WGg|ELt-O9eY*j_Xyc(q9<2
zdtuXYYK6X5zAACpM?E2?67^L%=lH|SkV(W{b`ZQw{NWpXURse1Y)7C{{>p2wfX_9Z
zG-`;@$@5`n#Jb)(kYen*7SBpS7bi)aslM*T*L!MDQufpfYQP&Kg6H6D12<ZbrxdI2
zYAeLuP2W^@3zzy(>28N#iXO)`!f(4~nk$?H(z96dud?)|RsG1)daXfYGjLCc;U~Lv
z9M2Zs8jis073GxFt6xP;N}XNb)WQE^_dL86dsY;v<Bz6<@#>c2%j#>gc;9vWb1XJ%
z(duWUAB#VW@8UF^)aZMsl)uAtmM<(8mxQ47o?PP(r$bJ;-usUJ2w*Wwip}MP!H#&A
zMcK7oH(O7>l)Mn^Ck(SHi?3lSM|+HG;DN6HQ<3KLL)?1zyP2XUIp<RjOZP7;ixp@&
zbHH3cx^h{)`}8jMXPyqpWxDK1{r$-ZohG5uwy$XjsU=dwGbFG$AM#kD4m-z5-#l2T
z?$)ttI`5<t<M=k`cHQKtjnOoDZdIVhfV;R-YCHQ+cB(84Ta|T=XUGz4MY+HLz~M53
z^AOqnakCz8z=P+&i9hzyGIY3qO#m5Lyqs|p_75AB^K8iYm7?VHlD}ZbHN%o$BgP|x
zF=0wSeI6y=-BmI3kIWW-Ai$&jyP8-d_%PtrMsZTKeNgL949iMs2%UtYgzys6U1c0l
zJ|?Ww#=rPb;_AR(5eqlw$oiC;wKlO0p}awJo8aNP+rxcz@U?J>U|nOEQ7qmv5bd1i
zemLaNC3V2FWJ$1fOt*{OMTp=~>cm$9|3&}#AQLRp<~{4^in!1!zENv$tCEXHVvDvX
z{z|bE!E?efvF0TFDoLq;70MmsaV=&J#?Uoau9B_%(7WE$N{yI|bn$}sJCnf<<U{;N
z>&8BT7ED|7n@LPc9+&UElglpInVmhMsEgZmNy8bMV^~~QSSoeN2;w7!{coNAjp1-`
zP8Ab7v&a0i_HD*UIt*!-j0fV(lWQSKuwB|+J$XtN&pI;;x}drCn6UX*RJqtkI)=n-
z^=R~>B}+s<HYYP{Upx<w9nfIj-dSX!lkRNdd2m=kS1tM~hGt>|q@IYdM-|*?0*1Y6
z@T9@&5WqI4d<?C&C`+?MKI7)2-`D;}%Tj$pt*6ShwFG{Y9x2{z({c#%L}c3sNMdMp
z+p`6VaqnEI-sO<JxYH*P(P8<wWfzX&SBw488CdT*+P>mLi*5Ht&X5JozKdw_Rxbh(
zB~js!g;p*X&TL!&ESxwhi-3aB8ey-(q-VzE%_N1w?Tmuoc^sN7{6+;@IlUd)!X3~h
z2=M1@?OXk_K*^7Q$Wpi?mmN6NU6^c;C%7qGm_4xvg&zR(OwsYT`X_{xWBWkF-3>W6
zANhOE+*ITyQ{Y?2V4!3xz*{zR+3@fUVee-b?)epH?$<NG(e-Ec^DC!l*#v<fumY!G
zxay>Cxm3d$u5?I(si)&|!B42JeVk4RhVF(!hvO$(sV8LBOm5SEw4Lh(Z`F;9{%*JN
zM^TuhzHTp}S04RS_~%;X-<1@lMrYdnvr26LRxEpt*~{bFiI<*p@Lj#`)Qr3gQY!Q2
zBWF~Cp$$YPTxq8TQ@(eSWs8e+ye=3MKDYQon!Sm+`hMF*AoxM8<Ghx=kZoH;q8CWT
z4F|}#%&=UiF6l?R^{AlOq5lqVDlWQP`&LjtrA?Yw0NRQm7m!)~oQ_}*W9U+JkZff~
z&=uZpD^6w{4IIk&o0?%Q1+X$sFYEmmFs>ZKZmsN<kI7MRp3Mizh!Hi6R=N=W58kp-
zGaDI2)v65%Doj>p6MriJEQ^dpMHK!J9(}v6U|(|R7GT^Hi;xbyn^;*oK^SZX+%W0C
z%f0ixuo>{`X|B31ZY@l#bwAba99*VylnE6!A=YJ>(AsTjIDX>YgT$S`*tk;o-!IF!
z=#8}!XsW!Z>(Tat>&`^5EXpVG^s}^?W1l8)83oO$D1MmSyx<TJ)n0~67bNyQ_L8;a
z@>T%!W5mN`77qj<0U15REJc}&;sWCV#ks|pFH`z3lz0WO58YpcPjUSd96be<BP=W|
z>#UG?=%!3vR(O0<mS1@)Y)N})9~VT+gFWJwvNHBEuRrdO`lt1MrmhvFUKTe1S^k~<
zTH~qZa)#WDlA8WZ6Gb)@G{_p~F@Hv*cqb<{8s4n>OpKgkjtLj^mY(txcXQ7w+x}&_
z^kXM<^EgZgBFf#m(cR`fKR$cvinv*cEtD}hu4JN~#FrMTaNb>MK1&d7`FwJ<&5(`c
zgJ-gYeVaac6I(;F@W8I{m(A*RJBfi2T4v3fwSBLzR7`Ar@LB%*2L9DW{~_axK<Fyv
zm-wyQ-J~LSr#|G(qbZd;&=)z$gFa0vk(Kl}BiFl%qBMS)m2G<;no%m(Yk*u^dd&NZ
zyP~GY@2lJ>N5iIkKq|yR3n4iHlQcDC!y?;7yyS)5S>q{Td#;#Ht;_NT`G1I?6)0}5
zq>cqXFHK6H_mPQiRRbdwmEvDEt38)^WAp+H19i><qd*__n2#@=`bjdd%1Jf#76nnb
zB}?ARIZ4?^_33X-!P$N}3~!k>bhe0)78qe@qf(QjZbAt2Xy1wXg?w{`ab61f-x|cL
z<px6IKc}`+IKSTqCjQJt7yS9h-m?!^{`}*feofO}<$))mZ6C{CoIT`dd+Pidm78sU
z?5#O#a;m~J`ElPTqpKAwU4_Z+^IZ56(!P}|suWlY#z}pbU|Yt7ug@UcbAhcMFY5yr
zM)LdqGJf6r;T<)O>YtIb)ka=zUBPolx{5Vhpc^d)(-sseJYuEe2bki#s`oW0^L;Ak
zHC3M0Z=}_1McffH_-|7Yu!!p&{If7|;7-eh@qwISzT5Jo!KJ5bXn%6)hKOJdez7Pu
z^Y&RtG+D~3VB%ol=bBva8^q?D!QZ1$dP@i64(AjXJP!;S&u9B*`lPMy|4IU<M9eGl
zt&T0f8lS$u6{loL!N&r5Gd=I$>Cx;NrOWqucLt~C9uUIDe=5Ns{id(%Bk{P<i=rYK
z6PP(QzQ-UAixPF>Ohpy!`_{y{Yk?x6)A*J8a^MB*%c7yghX&JsWvpuDG3R|7%Ku`1
zsDnZ9rfcX;yMbaZx?t3@)#Jgh;+I8)#CXxDZi*8)BX;Arua)*{WZzZGUQ#1!)M-^F
z5~*q#ZAwM5cT^gGq$dx)AbVcGt~I6N4VE+#P;<i!b#YrhA~oNWQ7R1jwEC46FwA_E
zIA+wlnh24vEKDzpCRcXzm4gm%e0zfdrnD2Qq*G)gHdqS_9S7dfaC~PKKQEl~ZQWQj
zxOBDW)0flTvbkUxo#xy37jxgH9|=PiRQXcot`$6;?f$$oM@JkhvkoCNagNR411&AZ
z_Dj$L^&5}`;5(b8r~+)#h6BBQKnaN^Utq2QH{OkkA01_{%ph0$br!!xK7oLOKa0w@
zf}U$BUp-3hTR?s`#ua)}ehOwIH}}sRe_9#wbh~*oXgrb(&(bV%6qYeQ5n3ztHmyS8
zt>Uf5%p%psokCcBZ_wDzTbhu(Rrv-%F~*x7teT(#Ne(@<Y9t|X7u!w|JNj!*Qpa~$
zur{ccV<^6b<UJPdiK>N+4{uc(FL_e@Zs`Xuq@1V*SfyN8N?D)n{lG_f+EEk5?Gj67
zc3&2u`>f<R)2nB2kJJKO){*Q7iG>+<?whfF`glERrb4PXqg_xpPJF!qf1lQ4QLVg!
zy{Z+8AoYBp6T+&t|AtJ{$oZb!za()Q%f&ieBrZ4{;k#_PLe9@hDzjf+|3XWsf=Lal
zNv)mW$QfJt*oALB*97(4%szyq4(YQnMAH?Kw1~4&M}OL>{!C=RPb>*=0Oy@J3m`jQ
zI%9o#X$LD>L;j$K+v^Q;e3&_l^^i>*7Ve`*m+lt+yyGw*F*oq}p%Lys$c8;Dbbhp$
z-keH<Y#{Gt>GxicYD6Y~&58j%4bs}?Dm08)5)waW#bnf{-8mW+kCG}yr#wz;e~I5I
zlD{NwNNq_lxrr%Y?v<YoSiW^WBQnJXqw7!qSGtVOdV!oD=yL6WF|(Sa_*Ab96GNNl
zJ4W);e~41-G5Ou8UN5oTsllO|kNO)o;)|Gagb3~uAtGvEpv&wRC&gr}EhyFGi{!?R
zd<CEvV1s$nz8%UALkI^-)ZgMiZV}WIvbP-o4c(VE?AJppkOj9W{;)Ih8YJ}*ApnB0
zc{^X`qT#Xj6%g^t<vMxgg8a1b2wntexbS3wV3E>3sMTxtesz*IQaPBSGLkQ~#rSma
zF<HwcJ6c>)YS7RwHYq==>3MM0)#Pp;#D*U%qN;R9Nbl;cOO72S1LL(Wp!-;5dUg2c
z<6}3oJJiZLenhU#+r2l6s@>TqKYj1(2=i2=w>iLKE&_e@hPNr_tG_(E*{`GDV_`N7
zJNLNCWh1sD6zxf=4)2d`C+4$<@%+p5g~ObU)oH^GiI;S<hQ<h_cfXaKh+8<ue(}|q
zORoNz30Rg|%TFIWM!p@4Y3(AXbW}5e9&Eq9Z=v%_EjE~JujzFUkygJSausGd`i1i8
zn0LomjcuT^vMKVxc1J*>Ng?cgA@_AgDf=#bythD{Q7G|$H=Y*O*#tK5nJm(qvm3Q}
z{Sq$;oi|?mc6eEr_{Es|&8Gk5c5|Y*ZOm}BZ4jJdmO&rrGG5uZR+6|CN0U**IzO$g
zCY<SA82z=H72^~a%zowGgD8^JcP8?+uf`sNEE~OTOD#yu1ki7J*&v^$xmqr@V0+c2
znww=+DHQ^HzQ~CA<Y%rpoNWiYxWu4^tx=ip7Txhc6QsDL5<1*3oRcqX4PJ9#41>Mf
zw-rSVR|}x0UHGlk)w)gg($4HaS9X@S6=45oQGMdcMJ6f<UciNg&=by#dY4-kaEBjk
zH;!d#8uem#-rVjWf-Jywl}F1KLqz0LQJdC3V-t&BzZy}_2fFx4-`(1@CNh*uAn)z0
zKTwoQ&8U&pjKKensB842VYvG@TSCij%rTu6a1XZ26dE*7<8lsa<!;(3u339)^aOnb
zm)&}Qg@ix7e%eZzI~RwTI+%Q-CD!gAiSHNafFdQWSiFCzs<2>{UN`iey<&gfJ}#ol
zcJ7;&LNc!PG^jNmho31yPD|Q_PZIU<uP@mz)4~OJ<=qp*wr;W`rH2JdjNYJ-*p9lZ
z+nR#!thelU_VbdR_jZHW73T4kM9dkZ$P_epL_!|YA3=sKHL5o<C0i=n8E~WaPIBt1
z<dgL&65DuOQNH;zx%H5|g%$EqT7qWa!q_h2+}6vjXkW;;1sR@}*w-<<Q#0k;vos6&
zk=X&C75k(iND{ZVRs@2K4Xz?>u@~u8$}whM5Op)=BWCjJk~lUS8MsZov4WdLZG(o*
z7<(_V`tSuCnVlF8tz)p+O_C`15y0f~R`F@;55e`rcp4bSS^9TL3R_B@4_{pTif(jL
z#M%}$DkgiYdpDi{YXroKxx`ChTCaLhjXg=#H;A-qdQ3<OHOlUFiKREtTi(w|&3h1S
zvhMI2`EJ`j*6z&nmo7z(S7RZOc4H47z<^EE=k%s)iQB33gS2G=dM8TFTSVw2Oz&kF
z5H3YEZB(08TewIPiPOOppQ1(&#PGc;Cc2SN3NfjUoXz;28X)|A*{m6TCN6A1$=e*S
zT-d1NJw+|2#~9uy+~^X!ZggLJ_kw62+eTI(md=FOR3AHS=4}K;I|$X=LT~a@1Bmyu
zn-dGuU;C;^^ES4hOaCjSFV`cUw!YE&IXu7dIWor`d)g~1&tTNDuyL|68oy*WYwHqJ
zeH}lp=?!hhN7#)8##INs*DW(azC=_<RB?Pldcq6j;tGY#yvASax}p<RuL;xnjl=Lo
zJ3mxWqqrHFWH*NF;py=QHyeL;j#A8Ml4b}43j!wNq^dB8miJNi|D)>5<C09j_NTXB
z`TdTgPUEN*Dl<7{<(8TI!pyW-Svt0uYq&3o3*s6AO-`AbGNrlXLS<&<inx&rnIgG?
zOCh*Xpr8Ueh=7Q|@0s_%_n*h-0YA^@_V(QOea>~RbDfI3Ow0Na)-6mKBE@xWN}4aU
znz5I*zmZ*1V*Cu5irjSkoLkiqKgDYLQ@z@?d+Z-X#E%(2lni<b2dcLk;bTqRK*NI$
z>m!!5b`^M5#|{%(^@#h=x8m(L@(VIz<k`9G!KrilBtx&BqfshDj_Q_6LwH|XJs~`+
z+MH;y(}oHyvH7|nYTY4jV5;3TO0cyD#VD%o>}XX~CFv?w32`uev|v?WxD(?d%<SF7
zeU6%#M%RdlMVIY-@kT48Xo@lK4V3g@yG;E#BOl%AxS{6G_5S*F59r3bn|}B)?r-qi
zQ&A?ajW~m+I@8TA;c7o;n2TM;V+(E_8yy2>d_7686Sd~Z>lM4o=L}XbF%-6wggVaB
zqVC}b(ssF*RsIO&&gn@QVSQJl22h_QN$2L=$4Y`M(T~!T<az8~r>b|b`Do}N*QoiZ
zx0pIP=^DDF@$>fAqt1eskqc6X&67&_F*7^IFZz+p=cfiMZ0fBsL^<3Mc>7*w7$Fqb
zcH=ds{B(>~SBG<vXS3t_9|!%aNweUKihgI~i<;0kkjC(=%k=x&HI+?|d&SRN{cgW^
z9p!>A=KJ!3v}-QYnO(EbPaWX*bjeQ%SgtxX!mmBrHCMl)v}@X|?AB0iQ5@AE^1t9`
zuH`zDZkf$e_Vubp*YZ5=nnFQhuS1*h?V}A3((&Qa6B1uu?@`{+(I^Wx<+{0Xd=Cua
zK2WCo2!)}|iN4+M0>^d*z}(n>te!P2%L!0E%D$r16DcM-VJ;V)MRgXAMX7|LpG7N)
z$IOg_3FDrIv)E}`orH8v9V?M7o{m|FeOXdoyE8Z?FmVnvfgrb^w_blowvMDV>uk)L
zZB{G4IBrJ?iBidDk@JPj7tlsO5H2cva<3h6v27T~3yg-kvQ!tNtRO}2Mu{at?(<VS
zP8@`F9b!PJwLSam%8o_$q<;Iz>6nU!j(~*1b!%hf+$d}y(~k!$LiG6!6CZy@3Y`Ni
z6sbO$YJ==)zM4bT1C{I4q`*2VY10%LTx^dOm`%dapPd$UEL&)NwxV_mA6mY9EqEQY
zjVY95PHjaYYSYgu6JllOVj4r%og2%WV_jFLty0|l;904{d8$Pn*zn@Loeg&`t*;d2
zo3H?(Lt+Cz+)beqpI&Z^8oDfK9&<~p2n&LQZ1&@$DN1h~@=2QSg)~QmXJ&x|&s!Ze
zSQwvV>(LmMSN_6yR)9|@Y|@?(M4CL@;jVg_V5*#hY?k2aNGw15uDMZxZ1wE6PWGfB
zvV!!Ri*HyvD<dkuGHrmDhbmq}#C-}oAW^-Bq;@)Qs0H0UXAOy^m8$2hkAmV0cFaD7
ziJP(~e<gk1r8ripylhyCD6pks0QnQUg#ZqMl5Ut-B*~Jx4pW3vvjWqSo~woh53tF3
z&I}Gv8_PfbnRCS_FlbPQ5QSxxGs4^<^L5%aag)q?hqJEQi!yZ$WM$^_T7uyTOqa;B
zly`1vy7Q(9szFo(G#+n8_wa9`u?jyt`;I9Kh%TfTT)wpo&jXdJDZMRy=IlXhiHE*7
z){MbDn99g3$w<_VwfEC;o->eFMA$`jr-87Veo=jUZ!{0tt{2c;6@zPIjU}&TP<}{u
z|GG6szg|g`2lutX5T}Nj5#k~^^XvEncsyQ50N2v!c&BbD8?c`=d^o`S`n3pWfXmLF
zI#e8pzL{xk>{-X;?A3M{7T9G^+1WAjH)f4J3m;*!`(so{GQS{u>LlRQR?rDlZ|$`t
z2czJ1<G~D^WKNvuPtFDTX@fljn55~i*YJq-{x{NH9GA%*yEp3B{cou3iR>x;cA|HN
zP?SA&bA_&}U5lDDvb;@7^*XgKqli2D-_WE}+O>X5W3^z<JV>-*W2EX~|C{hyw1Y4l
zi+oXm(x<spcs5h(Yg`SQ`wx%$7<!sCYz2kiG-rljyG+!MT=HI1=F&4g9E2@-zO{q*
zEDjvzinVL?1LmmzhIm$H1vUX04wd1mOp&Tt)tS4e9F}OJVfCr1!A84Q`ueujNw78p
zn;K>8Y2!^Le&n&SgX_nXnWw6D&m_=qHn^;ke7cTeD$_GBWlVKLLVE&-Hq3=f9jru$
zh9^{dPC^mM+i8OZ3-Vr{>yHtbh#WH<gb&aQC<kGQ<+*{CFp)gXp)z-yXXJUB`#G}-
zrR>~vm-Meu$mL6>+O_wF#TGLj9d0QOW3%-vu}-bt1|Qe%HQ7Tm^yK@ZREhpJ2WdG1
z88_W6*+FthZ8n&Hd$vuDVW<7M)q;G4*v#3Q`-Ds8g9e{8TJEDAUB5-!QBWIp4tlkG
z88;m(*JLi8ly>H#?EK&+8o<)IA_}2e#?Fo0<=`ID{CK9rR?ZdoI|kO@_P+^^>p*;j
zT|%`x^d5GLs$_jszY#(7a9Q;J9UdLL0`;|5RD?|+ENM5?CG3IK8{Gbdn|x;o+TITw
zOKR)&3IN9nk`53?bZYm;1{y3GhGYl$;&qo4fnaYc%9}cLl=ssxCJH=5@7q(aUT|ya
z*Be!TF+AgF-_8+V-<c6*-0C$a@@<9{?4$Ff4;i6~zqdx#n};mz@f2wkTmBfK^ph73
zhLQDf`7~#awezj+^9YZZwG~jVVOXEi-0!Sw)x+CQI?<l4bYIRDJL2P@#-%$Thyku}
zJAZ?-RxY@d*YBeoePB}_*gpsnn8e;7lHmV%O%L%tt2-okcvcc!RgI%j#K-uG-!oMV
z({>eqJKQeekc81Wa%PxxbU{{i-nnCi*QdMkqeiXQ%YAbBi=5US4-qo>P}~#aW{^D3
zbW&wCxSo}B?W~G(Wb$#G$Sv~F=MJ)Bzl8ZkU+6s7zsu{)?KfzWxwcp7`MT-_UDGS_
zrS$cakIpf<?N$_|zK{WRdvw3|(AYf~-E{I@(*O#2C@xAmnsZ9}Bt1R?aAuH)EPysA
zyqr(rxY-Vh3?=zsaOq_R^g2}zwOM$Z)B5YX{=<S6s^B|u80V~R%+;5)it};YxxOPZ
z_pbXHLC<g{mtRT*iMpVsit|V&=a_cqm)|+Pw+}T$AQ~hs%7co&U0!G9{7?J=<oA5R
zfbz4;C_!;fF`1*N>ujNUnl7YWdO7c{7UY~dup(jCqxls%t(%8d?CWH0=@{!rJ~w|P
zc?^{7PA%){cPS&NQbZi5)Xpqa0rbap`y-RR=MlRCK;%3<4JcNzea64r1kHM&C`e!b
zc}>tfGJ_=N?J<*P<nHFOnyIoCtP!0#_lqYCzxYMTCU-~NtVfuy!XaJtFO0ofcK$|)
zFN-<97lW(L@6iYpjioQxJ))lgRh|bi7%w30v^2}!nxFvm7BS~jluWD}!wnF1!w!v|
zRh4WKu9BeE3ytZ}6OW2fly{wFJx#073>?T8Zlf{RC-@%)wW6>dUa%+Is@+ZBfWn(P
z<4-;^O<0UBg1&Z*HG+rZMtbAW(DL&jX7~9ylF_<Rg$CDIKszj2_^k)1^DLM8y%SqV
z4&ewT14s?t;O$j|t^z+ryRxHd=CD-RH5U;y+RHJ-vmF9hdI?H;FR<S7Xs(>(G1+8J
z@~`j4uDnB(i9f1z#yrr7(RW=UN3LNe%LNT%F}HHI1qkFK!ae}fc2imkJ&wy`Zk6#l
zlUuI5?FXAQp(&q~=*HxBkF=_5#ALw@dSAs-gecQH&?=9YM<?46=C?T)rPaoKk{!g3
z5t-+lMnSkM_DM4CwDnNW0uimos(K;aT<YvqubglU9&(Jtw6GvWv?u1B#ahJzxT!*5
zttO<_BUISdb-vnNlsUP><W_;n;tSJcEE|<C!ItS55NOxygPyDL>Ci9|lf&?J=}5Mu
zuw^w4I}AWYhPg`|mIY#j0DguF?!rnoW^j-BnCIi5$9k<Hbo3$A9}q|muVT0#E{;q+
z58ShG)G4nq#H~ZNjJhLN^0E$y!i4Ko9nDDODDd}3WbH0!-pUpa9+5SV!Bf)@t=cHc
zM2$aSq>*FU^O$#*zKRll)tD|<iBR6;pf@z(I~`lrB)U>%APW41dQb^^0;DxwR%qFw
zjY$Td^LENVhbb|W8(o209{gT%##Y8o0l|$sgt~^VbjBQ@S(#qVyBx2K*g=<Hy8bf3
zxvY5SI2w2P)n`ThdgJPajy1b7eWepR;qt4>4e`Cgl{?9KwJ#QSw<;>PToO+<gy9-`
zHo&LK27T);zbZSAb1S<=n&>UP1oBNR-)^H^el<2ZPw{$%dZhkqsP&7CD}OlD%1PoR
z0oYi8!<W(>|9KZnEKM|YD%{v&?MfBos%o7hqlfz+B~h+Uun6@W9jZpj5Ut9!Y?VIE
zv$VTW8dWcIER0#ZAwtHUe1eZJxKAs;6l8b9^A!_HL7Iu@KqOo}j;T3Xcv)NN1F<Ti
zY2RpZ>fiCJax5G4L*_`iEYush%2H+jGkTJ2cI0ZmOTgR!^&me&bdb+X=nW+2jwwYM
zkTScIm<ETIex*0|bUlfh$y^)<lfTvvwQgcX&Li)buE>*1n3GMC!WgZ9x%YMff+RkU
zjnSsl*cC&`ciRxAQyUNuLf_tLr6aob@~eIA#3h=jD)wXwV=nmSBieyf2LmB1bf;HE
ze83D4dTmLETB~g1L;LLbfiA`@=Z6qumepuULz=%jJri4c3Hc$-FRcg{rKWHccj4MA
zGG$?mg;{*0Fsm>Ia3m@8>`hE*HJxm1zp*M7W{JEMt*Wj6(A6i48WxYzxNhi&;->w>
zy?uLSNoKW<)Y*0+2b$fYK^SsM`zNJhNuzV|{U6fn#dH1h6<-Y1BTE?2@S5U)qCaA8
z<VNE1@N>a@AelxOn|FCnO6u!-F1X#eG!Kb|`X=7jTFXxX!XSiUqUx{P0S!@yRM?-5
z1#laJRjECqDl}jIayxLqspRsY+IBR{j1-M_DHjfH885meh95;P+6lKZ8{K|TPk-^|
zFQHeEm<z<@%7$uD&(Ka8irH(JuMT>hc1o2NqVmR?GQW%$iHM2E7d+k>Gdcb~=8j*E
z#zL*Z`g7#H$cZYAS8U`{Nz2&P39$HLH?T5OB^h7$(8r*Ox@J`8$O_HMrZ5r8W2ZnT
zqN_L3b+QCug+-i4r#?#g=Ph90!qGG*D;p`nxy<L1PJ~A1J=2Uk{j84Ovh;#4-AdOg
zolYoX^NQlA`ghBcHMovKpmwby&8lC6CB9vwX!U7GJ$|U>(Sk*MJwga!tAAqaFF{U0
zxR4~wgUwRK`|GEf>yF1z6}Bq^O5w3`qhWgD;@fo31Y;P&7cDepf4Dmm#gTW5?LaKn
zrag$Z(iWB%z=({pQ)M5DR~ruhkmkWkz^453-#|-JpZ>^swOJLk6te{qGCA>5B393|
zOqqI8s}!;DnM>XSLkxWu&HavYdz4Z&G*QQq|0Okd49*jK4j@B?UIPeCVVTm?nNHk3
z(+x=_X<`!G%vHgd7e-Mp7SKGw({$>3MUXB_QDH?_zjPgeICsDh2F`*Y-Sx^!Y&3-#
z%a-3ySI?pmj<J}1JPbwVBuhzc`Wq9M2}VF8a2B2qXEm18OVsGJ^Id<6hy~Md+--RX
z&;8w(qaa=Cp7ObWL28F}Cvj!Pr9Fzkp`8cHko=_-(au1+0Df|#HgH;Sg5=gaougr9
z+2yuywTl!8W{F45HXM^s-8T~BeOvkkor=Ah#t(L4c$<5Lfcjx$2ss}{^QCBsdM2FW
zAE-6`Gy+^wPG>?tsa~Sh&s}3-EmUtQv0Q##`s8qw366;w4WrA0aULpNTEsv}KE}~N
z&_d>Z=JpxO@TnhAhi0rv-jM0e0!E~AaH}fD2(}a8!d&8lIEq&e&5QdL0(Zrq8E27^
z_A6>9QACLuvvYy?;FNnA>&rHFr;v-d+FhG=(?ktv>@R04ABayFth);|Nc}T`-8y(H
zgot#MljPX(Ph3TLo@|GWM(luxiIL@9jEHsa7N!W*<=CqM%=*r>a-9T7w0cQ954+T0
zq>f_N7P=mzUjbn7>mhEiq+_#zL%Yf!0hp5K5Ko()fcPb%<GToKukcap1^IDlx+M>2
z<#eNEBw|%UTrJ*$ynpm5B12)a@=HM4xXMSu;CigRRyBw)jV3Y0JcN4@;_MZ-<X<Wu
z$HVhC?|`m!+dDqqn4LRj=H>iYUvzcO3}c$z;v7NZ9yg9CXIAD{-^|yd6AQEonuqKN
za`#E<c>+b7!sOi%b}g&hw~72m*TPCtq@DN4^P2`S?aWb0zZ<1mbp;-*_{_yPa{$2?
zJL3I$Lcz<&%4zV0auel!lQ;dwltVa_w!;Xla;teTvnmB2jICqxZfkeu$U)ebaj+yS
zGkSbNWx`2IF#-G1+m4vuCUKv%Y-fa#cf%^ec8+4ik6O31Cj+T=AXpXhm$;A;Bf6d8
z1qCxyZ>7WVg63NE%|J3e0Q>R?D8c!0JK<<$`A1B)$agmV7cHF?*>3i5_hAU&lx3K5
zk`CnQfG@=QsXGw^s@e+dRQ>uCRV$A+3#Io)LrS5+bIy63dxK%hSoV;y!PxZLAyJs3
z6uushreI&X!k`xMvhT4N5Oztj9U+EDOO)kBtgAha@L-`2FVYwNgK2ww+9~0e;Dw1(
zBQrwmE5S`JWludJILnN==wEEk<R0ys8_ex0V||T&nuA_TKV`cX7j)Wv%2?m!y&aFi
z`v<kiT8Z`_etbB<aOsY-32J8IQ&cuVU>)$xHQVtEdk-9Cba|wV(03Q4KOjjt6?gOd
z>FJ5qN{a&gm{O2b>{^wJE@MptY>eHOVQx^8d1qBnd{pXm^~wN>vrQ;a99WNcznX`V
zeh4I)ucJ=I^^k6l0y(hDT$$rjyOzPRdW16wSUCXNR1u`@@Z}$%QD!iX5t*eo?Y`Z+
zN}%c1&wI@ozjn)JhW9--^XnohBeEijfWV%ZZ$xdO%w%njL>MOOiSN<-?}C`Y<w6a^
z%cj*ke@frHf)+F{>bC=~RTnb?x0`wr^Y<41%UumZ>Zyh>SqS^Xw#gzufWn?~17T0P
zmCqT<=cuq8)uFMO6?&ho0I}Pw-PdJ?7*>g7a4%?ghCf0ZhpEgNA(dVI?C7_?Za3wp
z$2d9eQ#;wBp~-sJsf^p583>C!J#N2~7k+V@Jjgi`NwZGS2SSh@LH((9_fnb|`|5(e
zRiZH?RCQiRe6Vy}93}jYbLQ!3>`9yr8EaI~+&i<)h>XigPt>a`0hKH<C$V-3jmYFV
zY^7!-ud~2pY)4&0ViH5pji`t$<RKi#Fmc&>!@d+e3*d7e`U(5I=&a}6<LgMlZt*^z
z6u&`yOwL%v5BX`kJ;PD_)UWv#JIfQ-Fx_yX<4!3mgiQ7jDkAxj(hK6KLWyaqj(s-n
z3U0S0`b9=X0s#Eo3t9`2#_&TcPkWtQ17w`IfT(y#CG%u_8&p6T5r_vPsB$klSW`;O
z-ECKf>2nP3vjfeMAG@|Y9uPV{kXERFT!MZAMn|?R7a(*sU^c8*5Pbo@Zz!5_*6VXY
zij-KqyWoWSv0^`{B7DfP-LX5+S%0(_mTA{nbvZtC$Sz>6&yK?Qs*0xNx>kkbPJ7w7
z8Jtw)s{A<L>Ie4kwQn8*0FGh1w3ZQ90iKp?GhxLmO)wzU@=I*##3HT6@S!$y%S2;`
z&heD@-5k|^IRNJ}^R@x=k76zzla@hFBP~N!wlZ)1K=NK7usJ#lgkP=#gv*RLyp?nw
zlOiPk_3v9!V2Hnh;v;a*j$dwaq0`V--q88=W-RT;>;wn(C}{=p1ZBtADn^Clr`&+C
zm|N*nqGfS#Wbx)<={;uJ9K{z;nUNK|%AnB;G<}mlV^4ubt=i(HorOyg?ER9|t|}kK
z4Q+yAH$PluA`U5cW*Q<2e0LZreY;9rDBYO1m{i$TX0RfPOIzhpK_k#*8Ie0XWz{t|
zz_kkMs8<eW{1+q4bfL+=BmtYEMSOU6oIbKLHq}vgg~h0SGK`5u)dw}Q&LbX6P*k~?
zEKlPO<??-ZZlc;dO@@i~!;Z#FnD1prd3Ozt@=i*nT~NHrR53h*YvA9b&)Zwpkr>(6
zxw0G6TFx2*ojfz4;sE>h_%_qn9^;d}sW_zcbil$cm#>%Ylqe(6`N{nbfghbp2t#c!
zxUTaY)mYXHv?o&s>_A~|fy2f(dL4RMw`jXOxYM~-nyJiS++n~tFgftf2l;>Ua}L`R
z$U<*w{L3Z;B;!rS&Gp_s!CqDg<Ll&SI{eC<pJ-rp3msQ!RmeT0Z~xA#h1~XtwvV2W
z)PwK0BslUOUk3Ju3@d}C@=DY8&I-M0peX_`$EdwbNmJgtycUMFnNSt+*?KdGpUo_z
zIQrs{lJcATSn7uIIBDr&p<mL%K_M^@*zty7EZ>(jcI{yPskAfO?N?(GUOM)NE?o29
zz9{bQx!v@Twd-mOh=2NOjP!}9C-b-k@_MEf?qc0dJrbt&iuk(7`G%{Hz}*RVvF(N#
ziFfTdlO(&giccZEDQe1JuetiBZ|1|BPm#P`SKs7rX1%&1db)*<UZ_WCf#%*H2^fvN
z8e@;F$lu7mR6}mERjpi&aUIF_2W#j|Svg~E*QYNa^gvjfgh*_MXDYE!PuAT2$%(P}
zopVKAs#obn&GH#n`0>w<U%r?NtA6R7R7PBl*^+Q2i*H(ip!`S9(F91!ap7aj5|GzB
z`6;D`eN}wm%C^m`$qOql+@45rdMvBj$-DpfaT`c8gxblC^G&4}V@;HX@L*A(Lb6wg
zvwx!9jGuhBWRJ6=PA+M_x>C|$;8}y(n5}zgHSgMgn}M0Q=JYek>1ss{!61O;q$CY&
zGrrE8CtY)v`hc>RMqW+s*dLF|*DGm}Y`kf;-XJ<oHZ^;;L*Fcvzl7R8@j<-zrr&gZ
z;$%+G4J#rIcGK+C)BaXnffQqR24?=+!7w=eniF}O|2ZI`+x~$D2#^a(Zx>O$69CqF
zMgbz#GZU9$OwHl#r83L&#rnM5!vXa@*VT_`$1}^(R9oz%%ZH9UD?*x68Z4m|0@{?t
z^CLK})QFev10_sk?c{LBG7r_LL$}KTYf@W6g$*05CgWM~xK3WNGL#4W*O%ky@_kER
z0UUFKGehWMW|%ebb*0#OFV7lbJ!-i3q%$i;l)4m1HMZ|{?OlIM(We}mZ@-!9W@5R1
zf<=2*z~CN{G9%@VqWnzincMtp{u|US)m!5LX!63s0hWh^GGnJ0V0%bI!ZNK+sRp;)
zqF78`Z@x$wcl>fv^Sm5c;&AiJyAbj35(a<&dXUKVqa)Hj%>e?->`xbDPDylED%U{k
z-fH%n)+dz-<yKu48D5##3H5_hH~#9{>=$%#_o2PIX;WU)nSLl}1%q_Sg~=4Y%WT>K
zcUm&GAMu?g!{|d)Y-P4=rKHYRbw>S&Ye|<bXZPT8W{<$-_rw&mSH_l^@`NH^x_(35
zK~*X^$a{((K&0}EOpR7`kHXX$Q+hFg5s|&5dUMJ+CKCKf4Q?p8Y#Ejp%UIeA6pb)(
z6|wZr60HKl;!w0YN<p8jic9Uxb6pD~ACM}j%xr<l^a*udsyQRF(wXsPfB76u8`!+N
zb@(NDzN8PR2bUWohaQuml_fe9nGx@+$tvQoB5*`-2VRD-i3QN_Z1;S%{j`lod}#SB
zBceoNMqUSk-MxgYMh&{du%%A3b$k_gN~Z*4-V61!kIkN&W^(2zY(=qRh9W^QdI@8f
z&5zXMw5ZMD?S4HMI4%9!NJGF|^hOUjhL(@0ap(dk4OpUvhqUza0h#W0NTF*%Gux;5
z3A_xf3)H)2*D=1_wj<^oo`u0FrW|>Vyt!W~AcUsQWrXCP4j6c(33xa9H=0NObvra*
z);K#W{ka3e&g{dAi7FdGVu34FU4-@xBi9%v9tKoP{&e&J#(j6z7l1SvVTBsLNyQdb
zq2+S<;L;&!=R;IuDESBoGYtv&m)_#;EM+cTYUKsC@^-w;)Y<9HBU<&H`Q+<dJ-G|n
zSlljwJLdWE{xVt%E(xo5(3Ln)HgIg!0Wtevs^hS62Y#z$yB<++*Z}223LF&N5`|H{
z>CA{cq@U>jjp(jnad|*%>9F#0-<?@Ev?W^S0iVZ~-H|lYGGlivPb|>4f`VNlr*rxA
zE!0nq0UX(%{IZnzNE~p!F`61g&hKT}!1Y%bNP;1q!MUQ{nAXea{H?+_>0zAlgWE3T
zT+QBKmFavM<BNYgFq|}N1y&JOB>p8JaO><+VBcVVqe1appC!d1n9M#R?A=c?3pAar
z&(dUaTjE5D59y-``n)(%*M}5+i7$|vLJi#}{*7u3R$|!wdpihYYb9*iJw?PP&K>zN
z8Plqc0`#XnHrw&Q9yzyvsUz1W_Cm#>u|mV<t=x?58vI>U!TpXmSFn0ICrEKmJn@5>
zT~c69Qm@bKkBN^gob`j-O^V;PZq~5}pNu9zYqX&GvLCPCBBW#=7v`K&08hHxr1#y#
zjl1by-ZhUj*~&9d-U*T*ptQG><M%d*589?aMHTWbAIkP!zlCQ51)$2`pA0g;4jm<V
zJn>1ZFXTIm78);>GZy2E=O}ije(<eWHkmxS=2NpY$_&ou_v)|9M@tT;HIEs0RqXh8
ztLrAe#EOhxTohYQS{Wq1XTR9$i2#=(v|{Jp-?g9<pBzqW=?5Gqurl$;46ElNVxmAy
ziVv#CkJSj^hcyC6W?bK1Yw4SKO^Y)pn$6%TmO5vU)E3&+2_3N!7vrVqs~AZgSRXvz
z5L$WJuJh65_{bq43_oHgYw3rlX52+Zvc9*{M!YA(wE4I=JLcCTsl<HOwNPA7G;Q}I
zjFo8XRi<S`YJ!mYh5M1WkT9tDNxT)=t<wT!<;oz^JlFVOoJFMO!~Tk%1Tqo~XT`YH
z<7wBOIj(=h8J$hru$B&+1x-Iw<fvtV>~}WhZr#5>sd~<H9|S7uvDtdy(P>c8E)DGC
z?iQGsr2^htq)uy90tE@?;0Faia1u*XEPH=h*zL#y0P3H3&coov%w|eZeJ9p$ETiie
zG{rfg9<H(!g4sJQw9AIgV>`*fVE=qg+2tJgkCB8}#5}}%oKnz2jxRz$#M$o(n2R6Q
zS8@C@$Y?sOc?|Gfd8*fx+_r4zj(Qt)mH0!Oz@l9(Kxl~Fqt!j>xEdpn%aFc7szeMl
z2j3F_gPU~;@RZ&2>9nQWA(gd<aGJeMs%oJ@S786Py3Afo>1;F^1LBb{SCl_q_y6E#
z{}(m|987i{1xG=AIde6l%mI1VB^9Rud%3uTtN=7?&8rHdDT7z|@64;PolR?YRNaUD
z`XF=M(Z)xS<!z=!R`bYna4EP1Pq?(h;App3)w9mqsGq~DLNUz9tlja!s%t_9FMUxQ
zz6hB|ZMzS0ZWqrDSf&wZD8t0Za+?ZM{R;a?7t7$G!!QCh*QEaQSYe8ku^9e|cgI3o
z>FaD6p1sG+4sA$F14PgYT86X(=5!^FRAaAm&RobNbh{LiBg>|b*(vHBg5`lS9&R`)
zZ%JG)s}%))l)R%j7)Amp$AH3p+DrjUe4jFkYjW)}j1t~!MCy;CUqLP9el9nDFpzfs
zId+{(6MP5XA;O6jM)5ltE@>wdeCDXzd85uQQ;w=VpvD_^oh6rnbLPM8rIJxxzaY`N
z3pkrW0)&xS!6utntN>DX&0pf_MC@hHmc^g8m%5>=SWRE}e+ebN>sB0jshI5KVMn}Y
zv9=T8VsE34rX8OVUu(s@QK2I;ffJ3-2mx$1f@~RUMOc95X~e?tRLk=En;}Mm2J3{>
zn=w^Lj$=83#;vQoN}qnJ5!(be#)KI+=>g*$Uf@@lq&{8iCw*3#^B#;%JL3dN_5}M*
zujan5BcD0!5f0`o8<VjE{n%MTQUA4x%-FH|C;_rm&C(-$X02;BlN~B0-ftsRVo{>1
z8D*i-8aBxX)@V;+tzbtOPVPIUB&PCS%3AP{b!sQXWg4xj0*%^a=85<Be&&6P1mdUN
z^$sI~IBCA47*Yy0z;8Dr$W(((;Lxz*-)1G;geE~F#fSJ&>RC2<CQYCKH<WuYzWM_c
zILZ1u09OMqRfLFKIjW(Z&K)mN;KfWobuVI+ePvo>mh@>Imp_|U;9K5O0HG-Mi-dJ)
zc?u{*rGYS)C`8>V-=`t@2ydz!Ghr1AOI(4nF|m}%i^YK>`Xe7{*cw*>D@bYf37Tkb
z+xUQ{4ttYw)}>?`(p4L)p6=8EdxT-~6s!1CnGthfAgN3!sM!s3b5~@ET(*5@D7#F{
za2e)WjPSTXNPgIxp}Qaor#I0&WstKCDV7#cBpCC2?7!E_FL#(f_ip+6qmDMR!eU$z
z@lHQZzsWf37^Oo_0p4JwuVLw8IL*Ufiz=^U`l8I+%18p=8QKvq!vend&XG;^Mp(>$
zL4mgWXnoikEyF}jev?CSDgc(~!j%V0$WOy!7G8>c!*C;h$R&L1{loSxl*;<fY-XLn
z6hUqN(rq%x1IP${cGLI~Z)vB+Fw}x7_~%-Y4dhm)Whgmfln&U8q2ocBu8_I7Kfo}m
z-1NncE#-=JO@&r*AjQs|k>23Y9DT5a>9=}A1UbvA&E?4{lkx3zKbkeCcOoMM7iP{1
zhhizp5Ax8c9=Rb_aW}OdXJYw?raQU-gVv5^=P|-6+Yptp?G7Ju1N>OPG}Us@A-K{W
zvfEiCwS1zgtt=e?X(9pTFSd=YOiMAaJzJrh%8a=ARL4X6g|V2F*FPH+1&}TB(n>X)
z=LUBw=_C4-vbf})b5Au@KPxR2{rb}<Fj(<EIWH&nWf?T0DsW&B*-*k%RJe23JJjB)
z-*~BX7q?$ju!47%WdQGL+e`d)6*H**30q@iZV&b_WwOUfY}dc|_l)!fNqfrGwA(7Z
zbyI<TY=FT1le$RM*pB0MxiuEZbcUM>)IbNeGds{T7*n?T&^C}bH)Uf?=oyDp_AiVO
z?VbZ_cfoAVmimE&Ky?Ma`h`t>Yy<qN37ewLgX*eH@Yv}A<bM>2m%FnQs~U6E*ay0r
z#nS`obAk5%UV-v}IXxlKY6ii5nvVGzs0vUtJ%wmmhGo_HwE$tbcBknoG#FsGd7VLN
z2h}ayqmM*V&_N(I#Cokw<TgO;wo|3OP_>C5kHca_KdB7ZPGJf@(2czlOV;KUSXg#?
zqUcR|>U*8wmhf`df*=F6u4D1>_SD=F$tuDq)*w$T5vjkI1*AF{FS+z_J0zH_4EUaa
z5??EE5M?qI@YaTU1c@%Ih~<|X>kkZO18K(gl@Dnb#9{m{HhBlx=$`7ZgWF=|NScQ}
z!w{~>xgXIi)X&|YT>3`>b?lQmP?6-vy9-V#{zOIQclkC`oODj8E7Ms&(l`=Y-#&O)
z>~P9H`3*mH#rAGdsPMMpJwQeIx>L>}zEo)N?Hy?L6vPFdoV!K3n`-WP5a4jEMK9P>
z#OFlHrfvIoO)C2;6Jw8ZW|vX~<kG)#-fZDATo%(0YUOcab}%9ZH{CxeH_Fh<LVxb|
z@m?I*%bB@YbyY<Az<EQ{k797=-fXGRE@Py_y(F+#TL4=j6SaOV-ZH$7%eSRmO|47m
zrEkG(CE(uQ6p4%J{%Pe?Eejcxt5~L@p!Qyes|5&l5^M)acd5+Xq!iTVcQ{*&K+rC6
zk$plK9KtUj3tNcs%d%}J=Aw%09fo&xSgSFVsm6bFxoL{2mV?=TiPp$K3V_;=>`fyK
zp#=Z@zpl}>M1P-n$Esq&)+f=a5BeQ=nl+tju>P9jDDC`Gu&v${wLZMu7*b*~Ix`pn
z5X(COgtA2iFiIExPH7p;)r!Q~Cg{WPeGPy!r7a^+n6K4DPRz0=x9?s(K6q#^(%cWO
z2@1g0_IOisgCc8Jcw##3APAQ9mr=VP+%(V1!2kv?Kv{MYQsBq<P?stn!q8)j_?(@%
z!7%Az3AfzpM$2HExo^uz9Due})g!(~pY7@@h1_Uabkd&{>S$D8ZU}piSB(;jY#YO~
z4{OX(+5f})sr!$vt`(eZDsajaq!9XVz9dB&!;+4c&<@t+)t8X9CCnZMF%+GXzA(R?
z1~hT<5E_(sRnm~JWv8ci6Tn1c#+Otn<zfGVmw@NGq!y&#Y8lEGBmre1X;n=5z0Q;C
zj_UqZ<rS1ZX%alrLm!eRJYjiYO1c_-Ra9cA6sb6<>g%q~B#99TLiMuSd#3<cqFMRe
z0XgOht^rbq0k8CK!<xxQI$9PzQ&lhA2qd85_j~(B-ktJNqwgXA(myDSB{aS1$92Wi
z=}tKz%@-vlnrxVU3d<(c8{roee)d4d_m-Q$(~&e<&}D_UtKLx!Gec9Kq~pgfqyqN;
zhl*5T?;}WjKmQ2Rwms^2U`2No@~dH^H%?Ca9F^bYmk8!pg!BC+;Memh(tN!R#QXR~
z=(<xd72clySO^*r{kDqGn>DSp(O2)&peH0Z#&Y3>e8&m`IyK&{O1oJJnO0^AX~%d)
z`2m6JqY1WNkr(8rUpkH+DQOw`Jle9-`baB2BD>2^^iAHZXDzw5d|miz>Ik<3=ZQ*P
zJ5i}`F^P_Liu-y;4^(@(_KA+|y0cfU5Jtm!ij5=DX=R?Vj4poiDjw0Xa%v}0L9H3x
zSZRH_$G(N!FuERJLFSHFuME1rn%cXv%d}=zR^b`9vi(o;urK^@fUHHEE35JZV$!XB
zGpr~li?H@!rxYNY+P>yo>0i&HWrE-AsOVPnywH{H4=b&A^EDpqcAhg{(Riw%5x8|!
zcxyXM^=0MLf5D-dc3vF?hgTuVPPV=-m*z?#nNGqmoY*+dE$<0|mQwE;>XhHISa6hg
zlZ*XiRbC;(aQn|1y4-TgZ&od@wBnTNa?dtOH1vU)0&5GE0y|pn?`n_QDLbxLsi!F;
z^93rsUh4JK)0uhGu5yDCqYf8`WLE=@H=(vv2UPL(4$`=3{%Y;i_pu}SBgQ4o@>3jZ
z<hzuX{@na1U&<8)rN*2;7$z*6iZM`(Ry|`yU9KIQ%#U);9=%c8wBu%g7aJ<XXWY`9
zo_Hn2I}E#Zz~7?;^*?H~L!YrCR^g>6OYR-BQc|Lmtsm!{{@kcj2O+$~VlASaBlzdc
z=7?a3P79F|OZ7?+@Andb9wZee^>9r-5cd1w;e*Nk|NI!!7%n_ZwE*aQc3t(j7|4sA
z!-L4TD(G7%5J%lno^Pu1L_FfYSempd_pI}68Pd0J85<M8ofU!>_DyXEs$hveR>7Ql
zNDI*q90icrzP;svl*cA8gqc~vS>=sOwZDDhbk~;a0AXRxDE+~107+(lUb7mVcIu#w
zTa{QN$CCZQG3_Qwf8MFdiu_IftEpr3vg!Q(C4oITPwuyhU;M{riSXr4U1?9>mY@OA
zdq{ash^qm(H0<zJ&Vyv(W%|%#1i&3Jcm3j|ALUgmpC|~D5+O4U_SmDmHy@)!uqsYB
zK^n=cbX|*-1xlDR!I&H8NoUpOtXo0m3y}cJ>3wcqRhV(j?RwIDrXM_N3)o?hwW##Q
zl-?0kCE#iE=c#&K=2f*|>Uo28Z?AXche3@GlC%l?;nWuu!lOKGI~t<#5YChl*?z^*
zpoJDu-<i9Fth}1qS(z^@^C}X58s2gZgH|;u6%Bby8Ux2*L}<^i^6Vmle4i*h>RQDi
zb@g@#hck$Io`U&63@fkxsz1F;?3H7}=jG9kE7AV0?X!(j*F}o=#7L2&;)kVx$_|_Q
zb@9|2s?^}&$btd6JS(nIVZ&BPlbwcUN-7lwWLcD=|A_m|A6eD&R*cZ>xV6Z*E_pLG
zBkC<}k09~C$a(_%7T4eb7{IOu@6nBf4*jX_igTGbdX=(?=+(?V$A#J_&^xp9jRvC%
z#W(Af_5uUvK(fl7d{3|ABx_|mB)<?AXzpe;QI*F~wIc?!?VD-(fIpD1hyZt0JWQg(
z-+wL1<ycN100k;1w*YwkJ=>WMsMx{(3F3vcp?i51ErNsDV;(50;FPkBk`<l?RdW_{
z3apKOiTkL=^Pez{IlX~TB_#mwPT9O@nTmN1@o^Pp+}r+l--hOyB9TEFqnJ7f-7>Af
zPoS%|1;jCcye<n=VwB2MWOX8%Sv<8F2ib!lTc)+pTn(FPY%6Jr78Sp^b7N)wTXAGb
z9aN7ctHj<Q%TOG=)L!V9cz?_cc#fqV78oYGF_zBxa0YpIkiO2aDszW~2B|Jp!=o`Y
z>Pk0b$;ZcC0Gwgral`WTeChu&f4C-);pv}m%3<klM_>yDi1)jAJw7{T{Lp+4-)8FG
z8-yVV458ZvBhZWt6V10BBf-_Kb<wm!bH`05A@T1ZeE~vGBapV!snF6)WqdI%HU!Ev
z4+zWb+ju`{cRrT4rZ)%YT~1|i&^`cke}E@7R}zAU^k4*l!P!Ey6O+2sXC1xplzUC~
zmL&wK4l9qj6iILTAx-LscjR~X{D!g&<KwtPJJ9W@Y@}~s99jTRuas9d>%f!&uBjT^
zVM-@ip8YM#-q>lr)uiFqJI;Qj-{uzflllkLm$#RG*Y@o`hQ^l3%Gt8g3<7Q5JmHkK
zv&#Xwq0_7cStyO7tlKIEwe8{WgX+iR=pU9`zL$^ELA*!+XeO;C2oOa~b!I|-=2~cB
z&p$={Q{7}2+SdlEd#S(_C=are;roHYhG3j{0Y)O;k-&~vgp|jc-~xQ-B990|3YABB
zmlj#6N0xZ2*&}`n@kbh>5DS-9o8gMGQ^s<aK7E4L45HM?GO}cZ83v?zt-Ja!9Sosb
z)Z_c_c2&Cq6cQteOdq~@kbBxDX18WL<BN|SvCv{I1gCtRW~ywa5P@34OHb84RNMty
zfZ`1BvnXx#z9+jzE**@Z#?`|OG^Kz<%`%n%+xRhHlm*}e>^pVLo;rE21=_USiqI89
zbK)_+>|6mDH{_ZSw?aF@m=MVMvDer%V*}E>%lglr30T$yd*nz*bHC-krEFDFzR`@%
zEV#Y1cnLLt%~#M~K2KXsd!BBCxr1f^)=$KJK0S)4MtkBeq_i`_aSi`GqElw7BPWOc
zfwOlkIf=?HcG}w%YfN|g8Pyel4cWh5z-pk=j@%%OJZ9>SWoxa4XCobhC2L!#STKWo
zS5|6T(&EcCY$0n201Vr!>VorvE-6dMN3zozmBG9>HZkM}(z*9Dgn{g_C(;!car*NV
zoB;_mhRrtsG+)T;r-ZaTR?I3O%2{uX6kVG6NcG64SW<l9Y9uGED1&5=c6WrV=dnDt
zqX2qDW{vpc<5|X6OYNJkg-6O7DlhETujn|2p7ynm4IJtN0qN(2A4r!)T?4mGQ0?Lo
z6_G7Lb9yeLxa;F;1t;x}JoCK^q%p{>ieE?DHXY!d76mT2H6wZ@Xoo7RSySy)hCw7N
zX~FHqJedlLEh(kAv*mA72$bA0+;MPQyd7h^!Qt%FFaaF%QhlfjoX>kgr?}l{aa`FB
z9<mghNdHWss!MMZsHSG|;VLf$jjF|_SZa7vGr(BI0&D7Eq#D<z_%jbR42GzP^PS!&
zKYklB{=<i#TFpie$3Jjx{QkpFf1UWx&kyxlW>5O~bhXHAo_wA;(KR!lXst+TNWJ&l
ze?rEEp7Zfz!pM6Lq-llC6z+{YISM1-gy7PsjyM^wLhOhW%bllEW3MS(lfbv~zkRMY
zjlC9cwBr0X)KpeNKWc<}JwLL+=!@ce#$NjwSGoTSLBnQCKtcPVdA7&1X{pH<9qWGw
zO2%%THf#JHw0Hc^{^buv&|wwvoZd5JiS1j%psp)At?TXQQl69Fox3-2e~9!#S&9uY
zKgU~(y|!oXgozwk?_D?1#ye<RP%N+=_V>y(?>j-C9#L8hKS!+F-nz1Zcui@F0XvPi
z&<<V~#}Y|r16xD*O-m~JLA`;W3aZ<!gq_&!P&z7!6r11j9He<zdB^sx_vA#jo8X-A
z*Y>QJVRYrdSq=ZV*lQN|b^NPu|KVJk6y1Lz`31S3=dukF`rgy7KW%DvK^3w|Sge+Q
zBOEey^T!+ZL&6kpKglS|JdJR)Z}mycX(#RrpXPH+>-5Eg*DY3jv8w9n*KXeh`%YTR
ze;dSA3h$!L2fuN$erOx*cM<YTw+md9@jz9$8Me{{blj|2HVdqt(@G-2@^AergMVuJ
zZLJ)Cv(=Dv?()Z|R=2-K7>&_ZFIXoYxFuJ--#P<{RQhloho3i;rtbKxUG>&U4*fo*
z;tbf|xL9!`_L|*{r(gB3ad8GbKk2z<>_m3{{`aZhRYNy!G-FPkEI47%zYHr<_?u^|
z9^1a{@Lsd>R<nkbHMYms(@uIddY>f~W;~WWuPzcDku!2E1?TMdPTaOr%&)%z>pxQ)
zvctXsO=MUup{-<v%TcWrUPO0aZKLS^4fjRWKF*%3<<rymHm%-GOrB9%8w446Lt38@
zT)ioSN6Iiv?9)ZJ?`M_X+r+yx?649{$Nn~|+6_Me4l2P{PQV>G-&)*gCaHg0Q~zO{
zV(89$(wcBs(vz!t|C3$te&_KdTh9MfGEA2O1=&t~vUzK@mXYrRPxG?|J}*G?%YA!4
z;k8hm-zxXN|3(`2y=gLWz4cs8Mhwpu25Aj8_Q(Gx&X@Z{apj>wa;U{S{5}-p>l4NG
z0e7W8AkDimjSm{nvi$Ca2I@L2?Nd`!k463Z-t7Z%zJF@h$2?N_7bO6fhoJ9*O>fz^
zWaiCLLNQO0J`cpyprXm&aGx(7S!ErU5nf~J=14D$uV}{}R!6R4ePHgO?TG@{<@bM^
zV+$LSaCxb&gWD%SuBGbIIoS)<@@Z55gb>4LTKtKEcSV!}%3|++<u6OIrBSM*GRkXv
zr-X=%<S?z(<-Tv)U!;PB?q;bT8Q;C&q;mTyIeC83DK?(t_wQjxP<Dg=-NygW=DgoD
zx^HiCXn9fp_2t2DZa0HdDt-mOYTKvLu>ZZwccI?pbChbFw_=a-p=JGPd%Ncvs4K=d
zs)e4bR!gyEP}Ld8^Zz@g_aQ^5-&gb90`H-}dnU1LFCXZ?kds|(>T9L%_OnbcCvRqc
z;H>7mi2|+V0lVa{$2Wt&K{2qqD*j$te-2TNZja}tj-EEvSNbi`o<YX5E%60Hbrcah
zB)w(o#%&)_UMlcd?th$`p}wnp7PLSLHazdRdEOBgS0c08U%On-OFt@q?K-r5f^&gr
zHSCh*r2kCEXql4qU9jz5ym9~QYH94M?B$$Sgz@iYQrBbaDb2X&MuoT+5Nq9_(!44~
zG<fesRtW5@5IxAhx>2RU(QDX$#<>7;cpY_u<Z2;{J<zdy4s^Tu`xNuDb=ks0IO{uZ
zhQ&+9&y3xOBoFoTCHqZ~6Mo2a9o3Bf1P({a7g5^n)6jpf2L1;bH=`*hldCmdeH8{7
zq%8EK4Tj|38`ZC%``)oHG3w*%QRAfLfu!Ux+wDKpb#q>?pulHwe_)Pbb(cT1MlJSe
zt!9OcBF`<%1{?pK4EtTUPg)+esIpOLtuoA(;J(B5c%}1V?@7tZ-!l8xI!^fR(+jL;
zZbloby|a6QFu^;)-zyfy7u)+;uk9nBYsBq;|NE!p_T5g+(u5@N)9v$ajm4Q(lHUwG
zFIGfKJ4m`31aC^_W(fXe$BFfePVHgeASY%nI;(#B-+A3XaIn>FaBDkzjur_iN^<yf
z*XY_yLvFPg`$;#5@xZC^99a570w0C|Ik3#+P{&o@e1DJ->9dwcFr2Y|7=H;}APHVW
zBw;Ghzl{Lht>-&e9f<`mz*U6`wji4}f`ZRvp_8B0Rf-;l2!2yu*v9BBozSfG^46aB
zEs)m6WWNk^em9QY_37p_NanvQZJ)pTL;5*`cjNhO%aqh(+34>=b!OBT72|&nSq&>w
zrDn+?mVoIQoBsy!3HhG?2l75V*GEv4R4VylBxM}3+;{QQL_Qk!;hXIf59g!hAhDf4
z{D-(`(N!IDcb(gRP<%E+O!s;#YF#v*vHsw{bn&0a*M|LWpZY=vsXDf<iB~@p`q9Oh
zfxh2A;lgg7QHuq#jSM}x6~QpF8Z5THL*9SJ^gjOEHiKn@)?i)#iEKMSqDX-9Tkr@~
zE}x6D750Dk$y!6{duLbjGwC6rzXi=^e{D47cJhmYc){OGc#mR=+jpV9#h4tS;@gq1
zBQw@ImCL`{`}7`KKkJRz3^Ut1fqjZgZ*lSbxKS#yDs~6G!|zY2fBy}jCx-i^X|(_E
z%nINv=)IUZin?Cae*!&`8xc*pHAK-)CS6i?F|<qbe=|Qba%+1}|Ld?XdaK8lRA+ZE
zy1eVdA>RZo3qres_jipe6AIj;<vQYjFpC-5!e3`&>(!8r1^uOQ^%2p{LY~tn17)=P
zNWj2Z)79nvZ}#G$8?0BP|NWw?e2Mj()U`y^79V_vbYLwP%i2mIzZmU~&L~-$$T`qd
zh`sl^hvIM=MDMYrVWM^J<27B^r;LZzYg`k?<IT?rcMl$$Y5um-*A)Fxst0*d6$+je
zU*0JdK8UZ+xVoSbrao;HFoCVy|9;JW$#EYgtrhcOyT&C_V^L|%&A;Pf6>9wLNAb^G
z!W|c#P&eS#NUE_Jwh^$18Qf+)=9$-nh0yV)#|1{qA1sr@z_(94bUFfbx(Ye6_k=7i
zqxVDVhZDum=w5-X!CLR|LBk<9^N#yyq<d9$Gv-;u9e9qN`Dwr)bK2HFiuGnpmgqld
zq-=V~zZXAr80fyQU2(?1|2DAfs&)P~1=o!#!`V0P3xz<_gOA80Sgmn}SAp=M&!*%f
z;s94SIoRr5VyAo6)CqO3N7wx~R=3CR?SlP2a(gw~NAMfy{=yU4+H0J{hpkMkG{o^;
z^T9UnZLsV9!JqtDrk<s$v!LQ<nspQTlJyb9&+XHS4L9T2+LEo(c{7=K8MCP_$!zs%
z?s5CcO+V~=vk9p!{1+v1u;gX6^yiga3Fas*$QQEL4*Z8!bkNCXPUBD9o?UT!tk~Xt
zT*D$j=k*KhqMPc@+pY6!vsbmV7~)5B9pFDW%YzTy*w3{ZX0>03CWq|V#_L<mY8^GI
z?EDtR$n)O|AOEu$dqAf&FU0(Jg>?5@L)YbVv)a4g>SmSh{FguSvb%Hk&f9&mgMZ9N
z(+>PGQ~PPR%>YWHh<7zZCx2;4j4nEjT)Xq_i!k-BCkEj?8ZB<&-_)%>o5O<sknDFU
zy<IIF-(~wS^^;rm&1l7?HNMX4-;)=0ULQ{mosUYwp?|dv`NFH$$=ZKL_@9}4dbP$i
zDQ|$hLtE;x-qx!0&7yzUwRGA*`jMv_Ei*_zDLE_K*!B5n<NiMi+2l{iJ805h8@rPr
z_qQ8r0LP=pI-Pvy>95LnyRPepb^*d)e+OzzHvZjhMU#SGqGXdgukFX7SxIOwrN)v=
z#m>)@_~7#kxM$GpMP<&e&$-5efq$lUACEKQ%e0P~&79D&piNmtlV7DIEu46^ZT(P}
zzt|H3s4a`ebByZ`7IQw_Sp^QO=ezs&?^K|nUOje`I?JHi`Q;req46W$v&CwV$3)f>
zla0V4(O+(`{g0Hler?PDh`7>jv)B5Lv}y0P|5Q306OErdPV<O?+|u1W{HMM-_zACe
zQ~lZn5;6BoGbK4pW0i3aEdV`H7N>sPfD(cLO*ET{d&H0oZ0fH}>pO>Eqx!eLCmH=A
zTrPdd8pkq053=R2QSOizdn%Vd+y-35Nm4CtJU8S5rQSLNT!ID_%HS*Zt)VNWqhR1f
z9M89e?Jt!71$@ry+?*|Sq13Pj7nMQn{C{uJVH<`eqUJ}EXDQX)(_KDG&-dhw-;Y@K
zZS`4sT@6+OlKJ0-d~bSK+keo{Ev8}ExP;ded);jYzu##2jH%CaP5z08bxUG)+eO8d
z1<=j9mhnfIT*tAN--T7bOlbE>!5pLI_>qcOnGM78CKpyv-M8ad?eD@IXNv2uOO}5(
za%KGK_T72MiocVN{eOzCGpebr+g|l5pNgPz=_R5<R60n9AR@g9NQWSVF6GjtC3;bc
zH0dBED7_o1bd?gRp?8P^A+!)7%_M}pygwP^BxB_KIQ#6m=3INt`NDd|c8<5fZQsE<
zNhGw4Q&9Gme{}_-Cwl-I`bkL?FJlG29C>6ME502mLn?TW?V4kYtu~HQ!#!fVWPuD~
zhm0=HMI5x%UT4_7<GD)GX6x$D#kS3{4J?UcIz9sA617_cjidX1DeS=R;I&$W`!cX*
zer&CfdF7L}T-+<@;UnWqW5%E~V^C#`1m3X8x)VJbJ^jL3k@oq_F)~0mTK1LjNn}FX
z14t$+U*SI9w8>g*_p5**(v00r*&)1~DF&GBgG7e9{Z;pr)wA>dmWJPs<Yk;{lD@LD
zmkP((o%CvWRi08#){;+lzm;YW9OE&aytt<)P^Gc^kw?1ypE%czN{naWMjMNsMP(tj
z3sn`q=f?FH16lzCOYc79kV`LiPp9YV)_j0Ow5$6@*IT!Ff72sElrPC8_G$X)-#nIM
zi?e%0_M=^u(sHhg+5I|S4Uvft;%n=zM!StdIMhD>#lkEt8@IpK`3CjaA*}ysaVfhP
zJ@rmBDdGOe;DBW4r)$o3i2;(j!gbRLB)&(&12=iwgf>5M>v$uxClWhQ4j66WRoPci
z_N_PD_%WK2S0`gBP&P5O8ao5y`+D7%t`Ly>6xRCbYVvf*U#k~|*_t&ie{|g7EM}W-
z+EvfT$i2$qdoso|sQ!j}RVqK-Mp92uZ92_*_p92R+^cirYndmJ**a|PAK3=@9vMFf
z;;cYVy`JCID8juX!!zJ|{ca%IR8r%eT_B4-Fuq(FSc=O%zw$bKuKl)%XDM6AbV7Km
z$cV}#-u6#|>J>tlwh5LCg=Sj+WTqY6rn$b@w;vDJMF;PDiLPs_Iha>ytW3YvK78zd
zkszvO2GI!6(VR{tEASz!iw!~hcAuqi-z-~;b$exBWo@eZHR0~L=z-Kei#S)8ajMHE
z#(JygLG_fyy*{r+whBtw{byGH2(VyqMkPw9edb<YO4Xig2ciwNSdHANR1Ws%stz*G
z=^t4D$8s!pGKif@awWQ+m?uWu*t*cL`}L73BmUc1e%=&}`#Ai0w9^Fi71U&8yM?t@
zkb0qOk9vgdk9czRVb`|K4dnN51qD`U_;y%`NOdT<l&(+EA}X1(oD52{Mm$0U$Jq=H
zWks^dy$LXx{8XHu1RWpvi^r93Y-;8aWBN5H6!KRrpWcDaxM25GiQfL(T(sQe)NAd~
zt-G|(Zng_?iq(t~#)bbczRf;yDMUb2$91$8o?jQVh<=0n&xXAeZ$TRxRhg!ygdgey
z%}NCoBC4SI$x1Sq>DM{C!yH8ASrO{m_nt3oa5=z0LpCp<3@}B~r*TX9`vLA#fbA{Y
z^d$iK?io72qj_(USA|9WKSb_S4aUC3y?PBhj+9wI>%u;<(Vrq^eVLwGYlVOE)0HIk
z)YYb6Tkj64g_fm>96l26o}vJTqd7<e?4dp1ps#-^F9W6+Jd9?}pbgKpGQqlO0>>(6
z>{4o@NG>|>44QZRs*&Q&yN}OGFX7x>WK^RQSkYT|R^oEa^Vx#!j}$gtpTCO2qoVY@
zfh&3iY#gPa-N!HTp}K%ZJ>;d~xNXSB>+QgDp_R`(#Y=C_WK=;*c1+kFfEY8RqD@gI
zqP6QIGJ_J%bVV!1ybkqkEe$G!OggvUKlmnVQ`&BC&^aAfC;O`RB=YJg;IXEqPA!)(
z-y_XC<*gc<jJxGR-s_^}z8qyGOK+vAF)Be6_L}h4Qb5B}oOIC>{cr;eW-LgfT;RB(
zw?^g|^bLB-5yD|Q-yHn7_GbDcKuPM>ORk+3kZ>JTubV6ia-eY5Y{OeN;vSF2OK_HH
z4#IA<{NVhQ6^io`wU)ws7KytkI-f8JdHjI#znSzZ;a#=+<z3S)MVPBgU@uERDC;<a
z>+cWmjnp%77Q&Vue4(=et?N4K(=aVYX!ba;m9uy$Rhr$17O3-p?!7<DXBnnHb|zpc
z%=$Efed3}|rBlOmUtF#cC$bnIjJ;;OVh%g<-d7i`K)m29EXw^DiDqScf6fXo<6P&9
z5iJ*=BD)#br-=bVraC?Zy>5pgdSdimh~f@drMW)aB}C6tvJ34-gPjcKsZ2H_C;Xq$
zGb8mY9$FQ`to7~@X#z^aFm)Ky?>cuMsdpj%39HvIV{y$?ZNEqK7ozjxeUmT0{uZ3W
zzufFKWK8|%aAWMEod_<FwdjxKw)p6myn&d$q3|^yDbjbi>qhglhJWgg^_<?SIhd6)
z6LytPZ3Lf5ulY=u?mtqGH@gcm`xHyiw*J?$mYggWH#*`a)Bec?loenq_{`ZG?fcYc
zXl_xy`km~bEbaNU65&hMFho%vXYFa0A=0<?2vn`%J)jio%6sYG^8?<hZ!r|UXYE$o
z8pU6#en6G0gY#Ona6>d|%-`*s%Y2WOd8G0PUYno7(AtV=B@FvXZTfWD(S=Jnfp3en
zIBI`hQ4JJ&R#1f~>Cv`M^Aa&)+>5wC{;886>07(-+T#z$zDhjf%Y<v(g9H_&`X_8k
zH<52ap#V^Il!bo8W!zX5%xGI9EA&*+>^(Z|VhqRg(LExs=SOk~?VOZdqLO6JY1yS5
z7WO2QA@*nN3+WszBH4uyXxn0&_nk8@7xuDj%#14KV(|6&KCQ@U?swAf|3o@R<MhuD
z=Go)qsJ+>$$Wi;%zS(7_$*V<!MLVVEm}bmU1|aT%({Pk}QnWOKu0a~8x0W<NyOAHn
zdS8u?#r?kPv2SY0viQotmD8K6)3ozAQM11^y(2SlsSA1DY%8ZkHZ@x-JYid9l6-@y
zSY10s0*rp#QXIxn=MGY}ttI<ZtM{k4OV4&=UOWx^#CCy&OAZ^Jsz9pd+|{-Sdk)Q|
z_yr0dYIop$3>1!gd5#fh)=HA+m?GU^1Y6XS7t`%IS=s1@LVEPKH4gj0xLO_xi<6WV
zpQNFdpqP|Gl#dpC^)s8xu*po^QsRQluFM>*hV9a4=H@dT_Cof+EP|Z{5o}1Ak82LJ
ztBbB;0U~ZfW!wr6EZazNhhBM=zV~(FYDFl6f2|-+<@Z^^pH>0)$*%kkh7k}PX8cZB
zYaXiZ-<xQCIwlzW?Mv@%>*%{C(bQA+%45}6(xLvPFu6orj*u6U4;XVM&_XRjWZ*3B
zV+B*HB&^!n_<n}WsE~GAxRaZV=E;oAGb|zKi$HPy<1RtxU8e8ThR6Q@VW!g<ndw~K
z)DI+QQ_Vit?lQXLz8D<ACY+VR$;+T>GTuP_4I*XVKP;!+jU|ZYgj@^CW4{l)G!>VY
zEsD|6x^x$oEUI`PE{Ank=*GN%@b#8WsZ^N3{Bu6dU9&Ah*x+iofrpI+2x6c*l_t%8
zBwudxF|0#0Cs=bUgd%DkPu8>-LDBCY04GgV(yry3YXB~da2lvxlEYl;#LJa82fQc1
zMXeLgdJ~@Y=MO{$X45avVf8u#9~JFC!zmDtBX1(bH1mSX)n)PGYw+-6>J>j^x15s{
zf&6~7uYgc`A^zEYOv!+Fj9?t!@S&q+n<87Lx$1--=qN?I6{2@d<YD={dl4K9Ti5s=
zaqeUR^lVet()lclcafEjs!i%|f@99EEBw)jukaqZ!&K^oJp#d-zOsYRsTI`_USFz?
zFW>q_;v%jb0-{a7PP?<r5deY+U;2Ext*n|Y9;Y)J#kR$Kxu2l6P{tY7Dk*3QW#_q8
zv+eR!L}5DQ`}+slw#V;%b5K=N@XZs^oam}GeLl;#n^)Sk9Lyo~=cR9O_u#0zW>O>;
zrA3@CuF$EyA?0<g<~nV%QZr&C_T0&I$T`yE)wepej*?zIYZH;fL-h${k$0Li0psPd
z($rIl{ZvtQuv+=M1J>zEdrn_lj+%MCzIU`TlJ5%jMK01L6e8{5Oze&s_GNeDy42_)
zlxUrjMdxE%oW*;0zJ@-L*xwxvn5#{S*1`>*C$4=D?{sNAs9{qJs3@U~ku+CVb<X?`
z;k#doPpUhU(iha@pQ)~V7KmL+g!<(XUD#{DhWcX{29bWmwV`l5;TINlkQf$=n2wUc
zzy?n8Q_aTpad||+uFvNg{Vd$z`zp=u28frF#2oA)+4k7RpGfR{x`y*c-VA+yQ4Mh^
zcK4fX`{+r3rN(N6R{anc;;PJWYqVvXL+DQ<zpvQOyjoxDyPo-<Fa9zRJ2((0_XY?#
z>aB4Q>-sHn_|>!ME6nYij1O<uv7=L}Rww*;SVirhWW?W^yTfMtf`b8}TC(MS*N6%{
zZmjA!CXsr%4V}rnPPI!~NZ>d3My{|lzW=Rq38zniTb1R~!=_|*A4e;!^2hDwq0*-}
z`fo7r=ju~t$C2I)LEN8iC)96#XPM?+xzj6jhL!<dRKyoQ&CyC}URSGGWRpyIjjCbu
zb!kQ$(H2|j_WP7;IBjf)PVJS3tQ1HnB&!^TgeK4^gVAY0RSj0EyH2fU+#0~e#e=yA
zp?-a46`JO!QVaL<zF^em6VK+td=*#P!Bwr+bAk%feZtgTZNPrP!L#da#S8aWug<-|
zhShRQbvIhM26cozpzC&mZk;6u_m^Of*LoLfPSKUVigt17r2uBy2xpaVpzHKNFf*pO
z7TG`nSDk<Pm*+!y=;wbV5SL+ZwNLMOGSiOZxcLUdpYaVlhb+|epsRfK-4t^-AM|jv
z>07qZKVN6Q3Hu_@eQeeGP>uufcf?Xc_)pQLgt2MbJ>+FcWc252j{owxJYEG@wxxf*
z(*ND;bfoWK?ykr?a!$=kja{;>8}CN4PgE_LPwh8+=@kGX15LHxc;-)MEZhg~xJs17
zi}vt@6k4^hO}zyjepL=Sum8DJ%zE`fL~$@gx^Xy5wnEXmTPXP$Onfd#{#ln#wW}px
z%>DRSIAQ}<ypJ4^!=}$&kT~`w{%ZPH2!K3Asx}P?oc_c3BPHH3-Ou)!aeTcViQ)Sy
zA-iQxl*!!$ATGOnyG4eOxoTE6FD##ZVQb&Y;2X9arz<Q@*roP=v;K3}7gyt;%(JOh
zKfo$)VQXws=E2}3v6ttR+^&&-4S2`CBg9G~7ZKMIg7~aB-RN4ywYXI4my+R|Z&i{a
zO4svh6<wvyE_DC)H=$p}Vs^h~$Fc4MByU>elNO)hBtzY}+cz0}-+{6e{>Zb(^kw|_
zd_ty1py-BiaO^l4W>``-<+7{CNlRXm-c^eWH&AsFqk1(9%f7k~-ORQOoI{v_;1jG)
zS;8sogui7fPKh0i4A(X0Cg}ofm{w_H^}PN|4;EMgY=6#K#_8%VlL<Nd=64)E%()-Y
zta0hHNNih*&fJk(Q5lzlOQmprGHr`kmpuRq?J<e15E9SAGhdNQF*@xnk_pAEJ!51s
z-umLD&zCe8TrnA6mRPKfv+foxO~7VhzLm1;nv;-QF;L5{iDZ}HjZYW0@%NSzu;KES
z5ucO@1}WF8O~+n2mVI@uRR&=5(RTYZz|P~$xP<dsoiF?I!Wd9aOlS$H-mhttDnRw_
ze{*VE(Vt)~qZY_#<4Rn-R+lYJ+XL?>k#hzf0EF$<#3(KCIb0X)-hPuwuojL-)EFOC
zHQIvgIcy_FLOzpfZ8d^>uNc$z4y;G}leWN3^?cq=O(zzPonTejKXXymuS@zHYy(1j
zK7$oMjhQ=*z+k=mnMBUTx?5^NLL^io9Ux@aWHhZh9yOghzz6OJtGZ+zjFM`(8G;5d
z(<8^0jevd4Vb+fU?9W+Zh<k6f&z;(<r1BfwPYyP3D8A-s?U|&>vN?MrWph8}YJ76q
z-SB(TW=Pw)^8j;gvpl8RH`Gt{)9LPaFtOqW)^w%74Aj*jVj)8GAB(aW6S8Q3wI(BI
zG5Kl@e;eS;l6%QxSVqmFWA?!L<5xE@dT8xC4}RyS^xxo)GCtx>zlZbh?Bla22pl5~
zC64N9t+13OzQK1Ln9i-l{U>zQ)-B<MxMEGo1ku(K^-u569#n$<v)S&GwSXtrAb)Oe
z_UZQ|>p!DL%b)2zySCCOWWnOG0U9U!H$21w_;a_Umg4)7t}#6R^;NuePeZ0BDfTGb
zom%$dh$;APR{{|nQv`j?X+s$$@NAMs|5Ow$nRaqkBL#_E`@4fb3yDC7jZZL;duNA!
z_Jy{HrIHi=LQpnVI^}9;zj0@}0aB?xIz9ZkL~a>CXZIx>w+ckL@&T&Lu3oT9(4Lb^
zDc)soF3Q%yK{g@cmq3CRy1SeR#<Zr9>YN4rP3ZXGt(B)&t<Jb2p*r-bwE5j9oKc@~
zT#=1B{RY%)DM<5e>SW@Tvb6i~QK(KgD2Fb0=K(+p;ukolG?QkIp>pCLsqe!_34oQ?
z0qmt|qW78C#@OzsbF@M(s!a=LV;|qCmAglAT;iyXHP$L)YeQ87J)z<h=fpU(&{8%D
z*_43R7=2CIMB&V))Y@^>@<y_r^*3zrhI*~hRK~;F4^w&awdXVYhpHbO00GX7V6?|G
z>a+*HHUEpm?uqK=k7+}@I;<o-_1d+}w1z*nCe;53Hj=}#QU4y`^sG5WUKI?6JqKde
z`5rl5+PhF*#*%Q}h=hLfh~7+8Ppt*D9zBj-wB!(67-bMF=2O$+>_CGrzrB0kqbyge
zHkGSf`<M^p_srwkP0DWz3|}^VzN}U#)-LrNu~Z87tnH)Vg+EuwoTDMt7K)-&Z~oh$
zozkl~onS!WnJ%YIDJIdvTH!9<>N;=3MdIxH9w3XMK<|=7GU=ja4-zNK^ydG(U&B`d
z77=G<H8Ku|tyhcf5<!x>NXyM1UhL2LbTXmi)gQ7$CGE_6uPis_$E6O`tjHhg@GfLD
zmZdFh=~?rx$VI#%u?|*Gb){gYtOkR3HC~g`XE=eD0OE78ONbjdphddu>ctl2r!wRE
z*paylad!RMN63^~aA=XXCh~`t*RzK2O^7^|0*_X>N<tYI>Z?uY)?j{5p0=h^b6<$P
zNLc-&ypU(}X(6D<bBqD3c+nuNw3zs+9CAIHB?)f@Yb6Bz5hD$+$zT|lN6Unbr<~24
zLY*GN%Aogyrft5xWXQk~?8SN0oV)s3@lE9=E{Kh~8bDO7eg8|YgQ4FOl3LnptN%|p
zl;#4wqD_88a}()ritwqmvQbkfZEFdxPNf%wS*=I*=MCj(Z6QPE#Vw5BO0wc^R~9by
z$YF(<S_G8e==0Fbk5g)eNnn#(1sQg)&xJzx1gC>2)hDcH)O@N_HmY`?!o9S?_tlME
zOQSZvKZ^jE=?B8{gI;L~YoFkjUSog$z47W|_9DV|G@&NJjVk=T_W%2`cNFRm9X@!X
z<?0_Cs~q0#6#`Dj1<W`{x>|SNGo9tQS|`H(N%6jE^x^N%SKjvvC>U@;>}Ci9wdZXi
z>X)XQ^HsF2N(lODaZ0d7$z~S~p9$Mg3oCqHvwg3<q9E{nRQK%l(re)6-{6#s*%4(B
z!o!Ko7VY_897{vNY!CssaCKQM`kF6a13mC5Su9&C`(*dtQtA0>$p7N>Ev4TE>jyry
z(KtVL%<iYd>lvWkixYfyBPuuGDXzNAMZ+_0e^uU;05I;Hd)UDEa&7cG))w)%7E*66
z4P9Eay_)O)lqGj5#|H_;>I!B{r3M27o=UgE2WiuB+O0fU{nj6L25--qEtjtCK60MP
z3w+Az1xgiTWVsmLStyQ8x4#aipbv2GLk}~9`M&?WG8$;QHfzVpYNnp^(`k5f;yqCM
zl6Fb)^^v-F$6E}nMH^FE_ZrFzSSful6&ElEsAS5$V(k|H!?b?{$R<`P`#-IC$<1oy
zxB2@p%LaATSEgTA>^|Y``pm(ohFn*lCa^6exUzqY#$3wj7d}9mg|<#HcM1Ma-}1NO
zWd?NsJAvsazo*yupt)zd2O)xUce`v6XYi>KR#S6r9u@A<c_&DySVg;w#JtyWfuzIh
z;8LlfW;5GpGK`TR%0zv3j!8X!^Q%LtIz`x?xtgNS4l{$5_QKEf{iUeth>~yDM&pi1
zL_n0Da&>cY5?zd>cMwsYoQ%wtN{+gleqY(4UBK#GD^8`d)p=KW{0Y_!Qp@Mxol>L6
zUd9>QomL}4O>qr9RH~c_uP6#L!F&=6G*O*~4d$Qxz}`X5`4UUp1rIcRO*|lfIr9xV
zgbGbWO*yMnc1;DZ<r}r%WNX+}gPL%cdMxKZXd8tpRPHx4qf_n+$By~1`AQ5w8$FT_
zxSx=lDQ68V(e52;N$h4LX-1nYPe=U9uhlykg7^w)E~eBJX(lCe?{>MGD2`wYlVlb?
z$0+S}SaRSxrp>F@S^oYhZQi|JCJm2)WVgS7+l1cMt*R7WNgb`O-`w>>=AUomF@sIQ
zp8s`$Z}9pGR9EY0h$hFio}a9?GMymC_w`EX%X|IGr0*s~&97vAEuN1IWk~H!O}hj&
zB|}j7krZ8yA&wC#KieHl5!!SGtq4|Y(Gb^!Ipw6EM!z&sCI3>$P42%Vq9*t12%TQj
z6KjvZlcIx2BF1{aM64LQb0cVTvhnbZOaCf5I3VXf|53q>d#L&i{?*6>FD==P%Eh&4
z9en$b;Q{k-`Xu~f>a_?_6Gi?en^tyI1>k&6jqu@(M+;hAbCV%G#$DJfYfC><e@}}2
z{^#3ouU0_Yxy_F+63^PFVRr8p!m@Q@-vsXp2wOozAx+x}Ny*`@LQm*&Y;{xNf$tWi
z&*XLK_;@+%AupCSrj|)#+3?)m`2LTegpeL)ZunWsmPWY95OwhG*8C*(e-60d^#QWo
zD0VxwmcVzSyjm@Ea(11k_$ziox%Q9?(>I`p0i_Z;#00Iun%Hwo>vvEel^;l8JG{#M
zp7Bh=nucx?pYvi38(UK!<Pk(sHiFhQMVzGv1<!CN#MDvB)7o(5v@%XBa3-Bc(E9z$
zvj*kb?Q6m4C$sXcKbSo0J&zrq`P;XKtYrR!`Xt6<h}!H|e4XR#;=cns9(&;s-Ws#s
zl`|@KF}Kq3%4|b~xOKT>Ze^9EX~#yu>A+(fQKss>4*Q2T;>?^Amw;8HwusPW^(<)v
z^Q7UFdX$A<ebC6AbZ|){PNR)g-5-Sav{|+tRr`$KyW6ud>4qo`@%65UnqKx@UL(bY
z>v=KE&F(B7mk+rmI@T%U25lO~w~vcY7m+ZQLWN4c9hNw#BCd(e4_%!ho>uIU)$`^8
z&kkyyH|l13Dx7#d7Rd|Hx&u}dt-yu5EpniUJ{-&($xOK0)cimT9k*EnHSY5BrN*3v
zShZtUbM~$L&4lf@iVGL@4|0h+YdO3YG2CNHzFjNoQ2LeGVmX{~`f8uIx@G3W254&0
zydKNCX8d+TsH3yLdhfO5)RX4alaaden1Qt@ByP2Qb+f@?^Gj082Nh-tph|ZA23OUD
zq#19}JGM~8Y`db4&7llXo8&@k(58^vLX}()58i#D>SkSv-N&}BF8lq^@l${L!8V--
z4bKiG*S}5AIEQ@aX6bIycB4+Rye?xIvLC-EM<O2jFYDN&q`Qog(+rp4kIO5r?eD+x
zcFwKzYF;Z&#v6A%ITNd!_G^x5t_*W3t&85tG42Yjy>(g4im60~<zBYz*xaSLM`vf|
z4$(G@{9-f!O@aiwXL+>i*rEbZHtk7Nz_JNkPVot|!Kc|tW^DeYTW<0=V1`mSub->s
zvvBw=Q(oCVf6&1mJv7Vk>sPqHr%?vV47>v?ia9vM{cBTB!N~`XoS1g0`5&M9OCvm$
z=v9Pvg<`jq!b=4P385sm7P(#UKMMcD%k#gnMBhRPl+4fLEYTi&v`^(B9=fzoyG|AU
zlQD`td!0sUT%FkseADwmmbr+CE2^1bgD$f!zX%-7pzE|dg$SO3oBF}$w%Q)={IJ<n
z(F?O~{|yaw^9!_e@zENyK^$7hZB@O$nEJM{MDyPi27F5&R@Hczgk#y|cSC);bZG4<
zcD<+%DeG2V`}gTy!XC4FW%Q?qP+OI@CPNeWTwv%d;Z<uzdUJ6-b80XRc8rxb8c~`Q
z^|n_D7aWuOE=^zk(imO{(koKb<jgrvzaHtRkG*IZlCfaE!qYP2Yj}0i@WtJRKr;t*
zpWbq*w8{}0qnz~rF<P{yLXoD}Q;3^J`{Yc*R{3h*-2CNaPm*ZX$TJ{R821FYZ1dph
ziHoyli^@m27)Xz_hT=Lx#Uto6_SwqQF|`;MRA8K+PH|63U?|Cg<tL1CR}sMFYH6w-
zuUAsS3Xt0<>x$mSI+_ZELMymD_Q4%a`n6Ob=X`4w&KG6~CPfu>{_ENAyjJ`$LZDSQ
zP1N)xXGIJg2A}&?{&r`kZfBxGCZhjrxNtgX)?5e}bW*mZN3-tBbuwS^G!$nDgdAnh
z3G}-Z>q%1I#X+t%MFG#0K1A0aJY1egp*nyA4}c5kD&*rCxL97QM-lwb50n9+mOilq
zG(SZAx|9Wp8&3_cYYmlXic;7(-7ao(uG)c_-4nkDOUdpRU*Ej-KIjy<o-49$HqB_x
zZVjIau38PE5__KNmcV;(Ubxk;^02J-*?K;f-*2W;MF0C9vlH==!su90(xE7-xy@E8
zN8^%_DN#kyB+8<QxZR+_DaOENgszgNiIOv`23j(iNAGJ)X9xzIS>S(CvqJsu_U03X
zjQzUCahP&-L$u5aN+E<!oyCGJ8%u(@v(??foqJX?Wnf`Tmr-Hi2K>Y{F`!0fkJoIT
zvi5^UH(YFACemhSIysg+XAe+iMLEGkRyZdff33ZWkQooS1aQ6NSE^H0eo?a2MzF=<
z2w!A#{bY0GYV`c9VMuPy<>$W3mE}twWg&Kev3A@~YvY}xEd_#ps0<bPY3cIaW}VT<
z@|-x^`7|);`x?o->2#?)-vRq%r_VCCaBaD6g{Oor?cgp?QEZOE1c1W|>pT25pdu~l
zflmK;sg0yNxm-$`?drCTttg-{+6Ymg;KMODWc|`WU7Gpf(xO-Jp?!>r<*BLxZDc~t
z2)b`=n9Q?ZRUQ`9bwBvji+b3*gSs(%4DT5i3LK}_)`t{@E`nGilVSy^llEUsvbo<z
zc2uqvxGIKvTWUvWPQ>2*crV#a+9jn+x!DAL4iVBI$IL1TDz$A`+ziO-M1JU)NK=%@
zn%%4;eBBiiC{B=aI;6bk=}mR3S14@#%LgkK4tI6QA{bN+2H&Vd?^wfR)sMQ|Wc*Fy
z(-5$x+csyS;I;{I3LZAR-k%y7rA{L}ZCbgl`jO_u-2pP5b-r1bZ`Vr&ldiVdAsEm6
zZjS9%>A86b?^z2cZyhm14iwv;_R^9(R2S+RWmlmHM6hW){KnYu&v6N2?J8F{sB7@>
zEK%r=Z=y9~yv{7s4j3T601ATe1EZMo!#*8@611R|f{_tJ#^tLiR$iN1twna<vd)<4
zI+k!Hw^sPLhK~|2asiw5c6dPr;l$BYYc9D!zB<&*d_%~X?b(-WfxcUhCwVgNBKDJV
zBI9kH^L}>Xmai7Al5f`i86Vv7wvQO)C<0ja-9zAFOYPO&kEBIy{?zYAKDX||weGGt
z8%9kogGo@g5Xys=&Q%qr*g|c~7TksMp7$0?q<8?MA^yaHV%!xK#7YS)uW~d0yL{5d
z#^wap)uno7R}jtlacx_EQKhQpuFbkc)V7oRERH#TDB{l+<kyOi{~I~dc{PR0U!RN$
zxd{L&MT%SOSTjuz?fxK^Pk~$I@pi@7sQILfAU91-H8TMNPB?v_3FuMucan89_%uk~
z5PT<6t2p))d%ixdHG3Hen_0s~&z}tL#I$Vn>rD1K4eodTX5!bzRG6;R6XTx!{l7aH
z{NjR-+)QuQ9nAo|gt&3zXLcEXRB9_@SYzn(*-J4Y*vEtkUpH!FqOg85j&8u|EC*X1
zljqtt&BSK+lv|}{K|1x_N8EaxFs8ezI_Er+8_8x`l&o-7gRzjv`Sm0mz*d@gTApM#
zzj*pP#5sxkw#`Bt*gEHDJIL#`e{siET#xiIT^y6m>7v{l>u0rE6;CXx{X_S>6M1pl
zU$ZW7)v!(+mo`WqkZ)l;T~OApw_eo8FOT=jl!Vgjjc?YNPc{<K*T8Ly^|XK9=bEn!
zTn1Hr@qZnQNV6j;>!B`kC5HVzkBCad)PR3Rd6?C2@g#bzrygJnd-f0ihDa&0+=RL_
z?Q|)VFmY+@_kwNfK7^%as~9qGZniz8rO{*Wb$*ysdVl1F<h$UD$2O$KXAR>mBiO-I
z+x$l4pt=}TBQ_%?&ur6!)bPx4mUBe^x=b+4V7N%5?2FgVa_NA#dE$wp&_Tre6Xg<K
z7z07!1j}_tNFAWOylR;*D}rRSs1w|dlk0ft;<i;o>Xp$BD`-JBEDA~;^UBHFvb=-o
zz7MO-?uT`q_JowzZLUdVV504z`54rD3<}<Rx&~QQB&7KblhMwzGa&mKa2|%!=|)rk
z&SV6)C!rX@NU}BW3A>43wc<*OU_3rnOUk3~8MSF|_U1nAaU9=NP0VO!!!i6SqF!7+
zwi!<Ckkl;thkkxw=lD*%YP`{Sv*tE1)23F}@jBt#7dh+%p<6NuV6~x}5l&CEZ*#5a
zdLMQd4Y{d6?m7W@F6In(%R~o*)+_1;DgaIDUSmHr{;dc~c3JQe>-XI<YQyeq<Ncfa
zmLj36?peafFX-C`^r(s`d-8w<vM0#L<hcT6xi5|I)B$WEM~mP_MD^R(OlJ4J9KO*X
z5VAAiQV<&dcTRq;U!y+Iwl?nz$goc>VBBNxY&$<+KY&ZCQcJaYVl-)Qd@9G7_8V}S
z^sB)$_FmZGt&(V<b6C(VlfHHL`h5h%x}tEravJgByCG$}uPey>7BzX$t<PsB&q{7A
zak-$bPF+>h_^idy1brkY=aLlttv%Z<BOm0J1}LxNRZ<paj?HKyNImWfS+NfsQ0`{8
zi>O@=GID6SB>og({RVM5R8}p`D9Iky+8CZoEg$j&C8gFB%qa+^E}M<dY=x0*R?f?5
z77h)@xL?g`59CRz3Hpt9`B)dL`Wp!ISRgN*txdb9T@lwklF7L~3u|u__vn@Z%TZ!g
zU1o^%;EKYDSeHrOb@9}}>Y)97v1Re9A<Z*c5nklnL5Db_N+xYkNZfPxrnA48oa5%O
zqzPpxAj>T)zfU)VVt?pV{_xb;R((`Ojm&;$Cm2F@Ke{`?KcV&XgfnS7@5j~0xo&0I
z<4JAV$F}>m;Qg?zQ-~s$*-ZV5X;jvh$-6V}{)@rxB8%2KnLdKcB?y9T;RsYHWzuDt
zew`lW>@SK9SS%nq9-fj)Ml{tRXSKIW4tShBaCfl*;$fl4w9eKBlO0^SfpB-CDz#~s
zx~?y#wR>uIWbSb^MwLMh8GCd$NEU?kiOWdoPA&%&hMC^RRs?Tgo_E^hzR1J`+)vUB
zEF`7K?tSS5283_*%nY22Fc;<-&8H`s1q6rgAaL}|c%=V!&yYDaZ83D-t*9y|zXT}G
zjZ(MJP*uXHZ1Lw3J%*vJTdvLwT{1esbmwo_IP@kZ=b0Ynb`3=J_|&wk))=^PNBnpV
z0g;!PcaH|@H^!+YEpIf`U2u<<(ek&#-nih2y)m=luC_twYLw25_3ZevC?0~BI9q3#
zbQf?LCGx(svIQC+rb>LmKI;&S?j65u-Td)FmxCzP#RLQ77P$B+%(vVG6P*#AHB1`f
z{GuhXdh1Eg2t}30SP<}VIRRTFk?ObURP!7**$<k_(Q(^wyBRV`#lcM6qCUxK4j%47
z(sJ{?K8#-rnH&HpCh@0DUSkY~LL2L3Dr6|e?q~0qN9egW_l<LNAyTpTA%RJTJxg?>
zvGEdZqaKII%i(d2B?j`E%zX8JsAss0F70!|%Wq;}5-i!INqq_J#<Hp_@IM&JI2aM)
zc#d;?Id6V<hg$UkrGTI4zopp7wClUSS{IP1BvSHJutPyTo^KI0=-8HS8+)I${OxXu
z!pDIkt4Vvy{8Mqj;(WwSd~p_J)vJhM+UtVw+ej9*!o~~@{(u?Tddv)0nVW5kB<$&E
zX$n}e<}+egXlZ|RVK7w{9}{7omCUA!&QXOHF+-#XwXY62U8K;#JH-PMRe|*)%A}^<
zHk(Q9A{6|mHPU!>!=+>jy4;e)XpYb4_If!ldXs<(f=sT*rx*C^sCq_lH4!D7t{8TU
zfI$cOQm(fLLafK-R(*;F!~iC+B0wbUK9!7_rv8cAIyKqZx^$wMH@Qa7j>uZ!NL%YK
zW^&Bx&f>*KG~55e$g|w7d$R;i-X%&<I<q439q^IEQ6BIYxBIhCg)3mWlJIEhUqu^O
zhn+Nos^dmez*vG4*jjzQQ3We&h#gl=N(#V_>ns5t^we56x`=2Exv$~)TY?%D1tX&M
zjzlRp6bJ%ME7B|J!FWj%2PGd)UAh++^2_R0gZ7aRR^cz3^`q3t4x1U_atiuaF{R|+
zi+eb0LPv6|W}Jp#7|mc3Hkq_aj$FL_V!Y9@jE<-eoWBMZ!`}h|yl3DD?6c&ihn<rr
z`uK|tw>`!EIYx>|IU_M#>Qx&);cM@4Rw4HYw_@Awb;aJD&~cFWF`Rz5*KIR%T8>j#
zkKi@!XWIidCG^Bq5*lSs+~Iq7nl?GX*8CF+J4GioNuE1&$B_iYh6A1$J)fCt=)fpy
zb(-1t?Uloau+Y4LG#o>zd-G7)C!}BbZb-a@!`a7Os1U`8!Hb~hNiGft4=}fahY9An
z2mNDp93_p$m~n#niRBUb!B{=nj-yJ;ppdZ<*}hg^n8m{TZD+)4V}5H=w`Y5C4zs8{
z70n$B4B6|6n7D)Qw;F~<gwlO82spi&Q3G|=k6xOFE+2}u3;{&0u}IV@&NYS^msD3a
z(mfLKUCd0{11LhCj9O%_?e$6CZlY%tP=?E6_<fwy$H7gIt{BD0SW^VU*4!b`>M(!S
z@Sq?^Ja$Ff;Z>`I=OT5b;6n8{sW*Eh>LHCI-eOp<U#3`uz_rb*rPczypGQ`RAtq>H
zl{R4F3%}<HSoO|-48>95b+*Og%roK}DM-54d`q7vckG5iBoKp9&ly3Xq+l;hBDZMi
zCoBG7Qjri+1SI+~+647sJ<H(T+{dhZpZ?#qYBd8=AqVe6$%jUK_(Fro;n=RZUqxJQ
zlh=f%b$&e`|2XA3w@wQgu1ksTR1OJU>q4pX5I+d9#ZE_dzsvs?6}a8C_rI)s1Xi;{
zGL-SzVRId84IEK*t7UB$2+NKslFsmrL3*m~NRW7>v&CbIPThF>;@ok1e$KTFie#pX
z(LK)@#U0T*1TCQ9{2}UM3z=UX;9$54`iSQfi{zyp>GTc;eqc!BD~3Cl4W~nr!%tR^
z{A_~F8j5oRGO)Yy3pQCto}I>b*ALb9QkEcbtSk^G;FxJF+sdD_t&G9K4~~^b7nf7y
zprhk_9i~jjw3fG$WpaT+>MbUr{a-w2YtP6ZjYcs~kM#VznmkK7XI1meah$}YAdnH&
zca-8CLJL2Njx&^*i1vTFLk8udw*R>BwDj$c8dVzU?TlrYE!m#QVudcGr;>v>s2<z+
zcJBbetdhbuJX$_l<b8-6aE!Z=So<qq$;7|Vn`ArLE8(Bq!~E7<F;T=Tt^`mYC(HS`
zB-#x~fy0&#A;a?-9I}1P@gV~=z-#!wInCtO>ppZz`6l{iG4GHKsH-X4s0Zma$)7@D
z8XUxG1jlB4)ohY6Sz$Soe$2AN!A|u0s?;M^OVq5EqNpZA?wzt@Vp_kfBL*Fh{@9N>
z3wJxE72}vs+|S@0Yw!LXD70&hg?)A!UGx9)aEFfLI^O8@c3W=L3Yo}TqVRSoN9P%|
z>nGaba0=*i3S`(!l%Yg=B|n<!Y!nSA);d-plZup|fL~?CF6lupP`y4J4ge=t5<G;>
zMw_7WYDb?A8g5Jdo*TEz`Vv-7${-()3n>xIrXv;f4eNMR0}sk$7_;CoubvZS)0}i7
zM9X6!n<0)+rD?XPIxM_UkEfo=fGebCcGBaL3e57_b1amw?K}B+7XwC}K}2RiOo!{+
zaYe7HsvbWRHL=ryKSzdJawoB2O<igq@g<Ud(nq~@TQkBen7bStt9GBX+7(F#wLa~4
z@*y*}AB#iL0TcV<ooLnq6Rx;`T_0{9v-`Kj@1S8~7X9r#DB#wFxx?0B=YA#?yUp%0
zVZK}oS46=AeK+Jj$#2wQhQr+Ci*I<wUR`(02=2@-TzaDFW0e$o<gehL397y2|L2S6
zR#C+3$e&A{>P__>IUZ6-Wto>TIo9C>n68&1N_8P0tkBC97;RL<eyJY&9l(S9bEXg!
z?CI~wPnVv#VwhzW>fgyuRj3+1tC1(C(p|EHoYsY?4VR>X(UqyKMl(AMGlNqEEwCk`
zYGBaNlM!~g4;9`vQvQG*@$HyMDPpWHos}mzPxw;28L4!wa%;=*BT8$^fy;@;_5?J&
zHKR3ZMx3jVE~BV!Be2*%*xZe6ay)7EaFQw5_Q<gH%FHtdcN>B)N1n^l;Emi8k0fn-
zY~0XlO6@tH)ib}XYI^eD_WTDHn_KkE%p1|$RT>$)Bjc9|lo9qgy$uD6MN-8h!?tq@
zw%anXN+X1<Mc>RteQ=)P#@~?xK_~8q9z|cjY^!a3{2R^PX#dmM6^IypQOE_AS<|6z
zcYlEWrq2#j07=%N5rjF)(|Rkk4nJ_+lomg@b90t(Zi@mibJtj#6`~05$e+CXQOMwE
zNpAff4Sk6=s<$5Wt)~aMRTK@r{6aw{SwEJfH$h)Y?zt4(T_X{YH9}lA8H<J+oYdIA
z`6EV#4)ui`CsP{-UOHrChpx=oWy-5&7py%ga2wrLz`JleR>st(q}<^3u+hq2I=i*F
zrG^<3{9v6l65*AeOjutQ$vxJX6N<bPWZLDS8@k4swV_L!ix5<jJK7Ritm;!Qgvk?@
z0}HEQO<%t-jU7mVUTKhFs+Ny+%cx;@twD&3|Ax6`WrqBE;k}l3@&!bS7{X)JGw-rx
zWek@`runba9Qnn;+|GxdbSrV(hqnh-CIvGWNBR1hj|&{ywT)V}wm;P6KI9w|=60S`
zLHEivXZv;7oD@rjIQ)l|)KXrCryQWIZm&XgdX6b)^~Vu2<E5EFg)K!}_<^KUM^&^`
zMGOFgFN(%LniQ!5{G8~IxV6>s+QYv;xws=0-7nhvA5rI1ERYJF5imF~`M1%&^DE-P
z#5avU2Ajy*^P?RWed-8&uvW`dME-ta4n2X2d{9gbo`LN~h-1{;^6j_=)x=i%>?xnq
z;9c+Ecexjhz637|QP<PUF~dm>$ER_`Pcwhe=v}e!<EGyI&`xB`x@b}l@GNCHdh@1C
zLfE{<PwSjvij>Lb(3##u^@!AqGU)u^3)(eO*2`qBcZ)B0%*o5ro7b4q!CGR}wz$-n
zwz}wn?C3nvlUWgxKtD70^z@tK2iyfi#SlD0x8%Zh{VlT=+hV_-grI*Pqt3NnEV*DX
zF5tGqoUY^HM-^-h7tw_ahZM!-E+pTkKYEqFW&Uzr`q)hXpBc|PLHmy~mb~foc8oqO
zU2wHi<tS>UPH1K)c?X#pP{<J$S@bBaJaDH%B=6{pIQSD!EHgQ*9kgYgFdFjTtO-pu
z9BNvt2s52XTsAjBp?miqY^|3Kx`}io<x|DRVZ|Fix<SS_lYLGyw?oIH+`>Uv>yELO
zN(!gZcJESo^0-T~qT8jUWqei1%@F6ce8T>6UsBXg@nq0}3z$^vS60mBOW*8JI+k`7
zmXlzzZu<j1VIl4hZ;@GZKM9DwCD4+d@7xO}Df9O?eV7ZGJl@q{*>5G<Yn!a{w=yBD
z`W6NXU=i{UyO*<Ub&3qFj{|S2l`+-^yVO|qf^qwYg4rFC;bFInp>2LYjXM$@pReiK
z<RB3nydoMz_F1f7bukSJ_qBCDg^!$)Dr{qOdcGceOn#B?r1+#r)HrI&srMh(j(Nbl
zZiCm0S}Ge)%T;nh1n^onfhv2}P5#_fsp9C~AM%ll;zF^Wg;t|ff8Um4Nf32{r5}jU
zU7U95FXnH`G}voC@Q=Nlu?45%!F>3BE*bxWogWmp0P}krtKu&HvNTzOWILWb7uce*
z`rRFXcIBeK6qD-?-|PYJq#{k-CYJ%s-mmoUGXYw1$cSG8`uo)9k8z-NcV1=Mbg)uT
zbK$(+@+9hR=mzooW2~v!X4q+~eXrQ@kzqA7Jzw)cxsUmz=X-CVwZX=iI?~+_6{!TP
zT&9Ha=#sm)LsUQ_OF{))N2km}uJVQ<?2qV|(|s?fzhW1k^h|x6*oO~Cgmdkyw=_}s
zW0g&M-VGGar_DqF3yAAQ5R>8&O3(S}V=tMlm;XL%q3vy6-1)ZTrK97CdW-4&lE7q*
zZP_~)x+`h1JX9Q<`0>Pvpp)}hTh~o5UZpzM8vKShshE(~ynN0iovi(<^DtrT!~BsY
zwt;KKtY2Z(OkPAV5vz)@7ru3@6tLN&u-Ep|`MT;ES5?;+`&iLcx>Xh=%+E2)OgXT2
z+D4Gqm0xVam$PQoR$LB({PTI4PZ=6`q(LpwX$h8mC$a^BFRE6ed8v#wWEjU5G#ie&
zYTRj-6B~i~M(DGZMh_Rqew6g*^WtYzdU|9*JH<XK#dyhkb#1HlZpEZ^1S-~5Z8}$>
z1*40lS3BS*eGwn#C61duVnL{P(Q3XL%&jLiU0%PiuwjPzXy^S7bGLr}*5c*BOZ<z>
z!3Qw-0dug#ne#*O1p^m$t{0y=mWjRETMX3I-4@Od^E=bglEZX(`LbbQ6q^O@HoW!x
zjC3(f#+9b8m`aCb*A;U$y?aQhf4Hm{Rz4r|d!RkzSP{5+7q(U}lEN>j(0^c|eh^-B
zeD>|_9CmA$5$)B5d9$lD-t!b1_|bkn@26(Rf$5QiVf0v%2fasihZ0d|C~?Q1FbHLO
zG9IH;ZMeo(w3w>yfV~RFbi3}NU@ke+ruZkLnZWzS#pd6P%C-i>LukQVOXi901q9_w
z3K}N9u6dow|IQ42A+meYSBK4~t6Yo>p7ZpK^_nXys;&1|+R!w4?h^Z5GB@Ryo7>yR
z6Z`Z(ke5e&0`GW@c9t$}?#4}IMD&_}m~HYhB^?CqEu0Xu^UyD6UwVB?_LzxR0i<_G
zl@xU5NvygSHNOs<kV9L@ZZLcE57K^lwt0+43n9lDQZpZyfcFVZaNO}3FCsnx0>Ahy
zljpYoK3@KZ+Il%DEB9w0Ps#Iezbw_7Lc9BSrjNPRfy-Vf!>#NVi-7%guTGhg;LBLp
z*$#7$@+$=kleC5Uo#MmTTS`t{l<HO~?+LFNCPz)>Ll1vf7n?Tv%-n{I+qp!y&<e%z
zN_YS^y1E4(y)KA-QJrz{O>Og^{^255C!o;#A9Blw!DC|nI5Ds$iAHH3Tn&I_;R^@P
zY+lJzCmUcbKSDB`IHaA|Co=Gc{%cx0(UvTnr4|TzX=N+L+=wU+!Ty&#KKVA40NZTq
zU9GRbiMP&riJ&ARdAhI~COzP^4kTZ!kn+YF)kD99qH-6keeqaD&tco?clnzY!G|xJ
zgp&7@7Jq1TCCmkOFtB~IVATWXg>rSzSlJ_3iywOBM^90Y9LtvIQVJd2%zXR9JQ`u|
zF@{$yZg(j{^Zjp<)<@iw$sOdc3GVgoVg6fC*(v@BKUU168JIK)fSx#vtcoEBce0{s
z84>guY3!+Y6Hl9bmkf%EQ^p>4g5b?L(H+%IT!jbyi5*~{LV9pyLZ1f>U&Dt+CO4Mt
z1yjM{W1Jx1J}_;5A@jGY#U)^($S4ZLI#dM%_T~|n(e?-zQ8eDq!g10_LR89RMQ-}x
z76Ul*j?>>l-MoWPzX$oZq3FHH#z`DZ-*iFvmJJo<=r-9#tI#a(&0A6zJI3F50$F~b
z%9Qe^enV|-=UeI2o4H-Y0-9<)@zIleb;$;T>UNXRXU5}^&b&Sz<?H!BBiAFZ7A<->
z8N!6uGk-@qi(>rAxix4?i#emug@2EmocjeEHorapUO5c<d@Wt9A!v^ifY%&Eh~)iw
zY2NpaEV3w%7r2#7oWw}&<C9Vg|7cykz7FEH9U;u-0!|AnhsnU)zE8RylPlOR16G_|
z3u;7-Zg4e&3_0!dnw%%<8*V~AWuMd;RU+R&d`-R>0A!N1#P>&xReQyDiY$Oq1+6s{
zvAcR~KCcz9D6!^^uk*oL(6e@SLk7y%qTlr2w9c^C5t%1W!RUIA4a((;K8_QCQMc8n
z(wJf?IsArgmQu{OagbjR)4;(j@>I1swWlxH5t>bD8BX%(CL)tO`s1nHo2)|AynbU0
zT4dL|_~UpVnUoVNh1?qj0CNu<3gE1->l$+yCke>R7ggB@`ArIrbIa3==mmuL&>=o*
z`QGBAPUD?C^*}Ou??HtV0CQAwpBEqPKHT-<{tI-_uYAkK;^44s$6d{r%N<eouw`p=
z=<@7Xi6<++KOQ&D3jAofSUAsia(eVz^CnHI3tgabb)l?ZQS?Bfi~~M)j43;OQi3k%
zvAIrVY@9xzWxZHf-R_(XiyrUR@0HYi|L{PMQIgCuH|KbAVB^TW2iRJ{pMD85{<C7f
zNiyguc9^@F)Zz8mpE33r9XH-rq8gl+`y&j!TOzj@o9SZE=l_5?yA-oU@6YT<*gFTF
z2CN^6qaY9%a}U&lMNFgb9^Bn=w`oNMEECvB1>@BF%GcAC)^7W&M4>tt!Mqb{Oa<Cq
z_{mVW-f9o_R4FeLO^I#kdK35jBsfcnu9P0T;C>>Q+Bb2B@?<4R72%)!AX7<Z`Oc2|
zxD_6L=58^bm!Ent2hF`Y)83SNu<?aHyLRxb1=%<p7P*lsG}<7Qac~-P^IgZ!FsRh=
z_wJ4-jf8Ziq`aSDedETOgM`Cnw-^~^dmM;BSK=LCbIkKsG3-<t<zF0s5s}{MnH%L{
ztsvd(c$;!{Bfa|?SD(u*RMZ2p4RgnA^99O}qa9S#{*Kl`2CcOvMsdtb0IxsTfLfDd
z_AKY;9X~YexzbpmX$j8?Pv<wc!tU4(u>%W_rJXlSov<w||H0E{)<E87N7*|Jj^6&{
zs4&KZp-nM89CS48`T1IE7=70SI??qtP#74wvoZT#?zWs|z)lSIJx`mS+iB!CzW#Jx
zonhzWiIY=xwIirUs`^n1*=jP_JCxZe{gEv5g;_6N0<{Zes?OfsVEzl2j5C}n0SHsn
z2UGKYe^K6nB~e;<!Vo=$C({9!d(%V83?D@T^e0!<lkA5T5iT^fd9{c>P&k<tkJbYE
z(Jtb(d}|E)T&OAB(c2Nt8|XL&dhf#3305Lw^1|tGvWI=&2h2gbzeR8JDT9y;r(P@Q
z-eQ`$S4sBQ>lVw5xpb`-kzKe6f<nVoPK>Qoa#|-Qs6+cZ#B3++)G;agvGF!VnPXXM
z196Wf`RHUI)}1;=DX|W7;Nhir&Xby?!e=^iR|W71hVZr)Kj)z2DDXn(OJxGOG?`Gg
zJL5GV2@eiVRvXAiMHEy0P4nbDL4|t{^DICIN;^m^hZH;y5T;fav)!Sh?#1M(A{xqJ
z2zecR=qyuc*y5WVtF1rCV70Mgk5i77#w5Q&DPEd?kI3d*bAP$BKG&0h%R{R%AE{!F
zXLbai>8;5E@#C|EEi>-p?_#X0UrD4a1jD{@m&ntW+WO+ad4f`a+QBQxYvpxzg1W1R
z{;W@^5{8mmnsR*aW7%74Q+C6gwv{tMMIQ#!;k1N7qDA|5!@@;oT4(k_g%dx9qsTU3
zC(vF1#XNf6SH7k<u`M7^E?G_R#OwWY19*UYd*I>3w3IFkUVJh(v<^2brWhmMhA_WY
z1Tl>3E!~{EpVo6H4H;1{5?0fn%52e_22Z$N>=D~`q=wrnkLfPksaYLvo|?0i>43t^
z8VY=6Ar^vTZT+jYXa89BM<UY&w}iFaMc5HBHpXLzc!tpbadh3$Y`*W?C|a|v+C^LI
zW5!l9)nQh3*ehypMeRh4ma4s}8Z~Rxid7_3Z8a;ls7(-rBt+!r`}^xTC+9iuN%B7T
zy6)?~9#&G#;Ngk4fiOfKgZadbfi4bSV%JAVS^~nZZTztRyq~K&ZLY>`jr30TXGl!-
z$z}-!02MAVIW7}u89Rggxyr;0Gm$@W3V86_vDW$`sH)+7+UqLUB~zHzCEv>tLZ>UT
zet%@AUIJp#CCe%y&@Xt#8`ElE_MllGbP%>?Ft=4@-rU+?ELmV45OVi98M5=g?1ym4
z;b@)CBqgs%%H_*#SeC9&t@X$Y)8Y%fc-HTRw3c`>hx~{{$6Ci3_W_54;U2~uE{&Uw
z49=svrI<?5DeWBcDW+klftQ@rjEO*3s*n){Ec~o#$?W1LMliGb-gtJ1V;sAf5Sx&Y
zFqe>!frOZZyo8?K8$FYBBO@buO^q%(!uM*ki4xs7Nt5dD-(4oxEhWq+?Le;eqZrcH
zP~f|<PCWQP=;HMCuPu!&$R%(~c`SI;FS+@g47Z%WRq{vOsE7Globkk#>>ujMwN)ki
zFsL;)4<#e0Y)%p1P5yiMuwnjTu_pU*j=s2adI0$rcz;b{FKlQSa)V{IBL>6v1lcaH
zYN{HvYQ}_hqw_UF@Qtfv%!{@#;mNa9kbYy;{lFI$7v^1+zB85ej*A>_QMNfM`!JjY
z?bywr=SK<8_s_KbLftrdyJpubNTc3`lVH3p)z;lt!|ci-JrfYbQ~w*mVxJ%iEWsr)
z$c8{B(&f(|s0zd3?k(kpOg1;oJGy{s%9?xCnY_dOzi2z((YMVCeP7-s8X6TG_Dm(o
zusni(VeR05(>*2Q96~aqkKZdUpGjKk(oxwYdjo~lK9Qj)IDcc;477SS>8!An)MXBw
zwE7W}ylh;#;mxSyKNf-}S@2Ib7raIj;9lD%A;9m*L)`a&@Pkt%-v3QX^Z8$kDb>We
zLVQHn!(}%dRn^00lc1_LUYOqaiMIki+~lZu-nAfh+=9zG`nbSG^_HCExOMK5($Oe=
zwew$ESI3iO?V6oM8M>2+R*UAox4{jOU%Su4+3>8+kfAYXH;N`~=dAWWI){ElN0<*H
z8t$)Evy;$!XPkA--C(P&gM1{(gepVNbgzM^#XbBJb{qfOcJBQJFOM0b)@W}mkvU{j
z?TQQjbdj`oG})!Z2q()NEj?Ia3m@~df2TItDb}6E48Q&MfOD00S@?yv4YZ`Hu6yeg
zsxuATC)n}P+Q1>5lU-YW;ieSuS9C!cD-7*(e6>-BNZPG6BLAUKZB@=EcjrZ*t7J&y
z^lY4@X?m)EH+JO`v4W;T>5r~kCwKs?DZi$x?xB~N;ghO+3%)nO(~3cVwcaKb=5@75
z1@VxEDibD?72yN$1o|%1>u~(nrdKi53G?Bs&CBov+AfaZT6NHNak43XzQvJ>K+n74
z7y-Bp3x(hQ)edT8GsCDFpV7g^=z`RfUUzsCL*mu-j@o%g$ezijj?C-)gjIfDX>#|~
zgRutSz)x6yup{%KO4kfA8A4==@Lr^}c}jDVqrG>Q+GR=$FUTbzub*v(*Y?pSA%|Wc
zHWfreavPh@y&IaoZ2AD|=nMT|t!!s}EkmAd{Ru&gYji3-flF(X^BFf7fk={R{F$Kx
zd|dK-wNGV272{6oXtiTTH>%HOr$O5Hh!CR#I%~8DVA;s^bbIoR65(t9{flnplEAUg
ziDhtt&6w<hIxZXa*--oE&~FQWZ*No#sr$U{w%HCDyL4X1;i{TiHWTy8un-s~bE+}&
z=;r_y9?G970C_ufa-O_^h)5&9OW>}u%ntnc>%vHk&2g#+hgD|=FR{#A>$H3f=33!t
z>Mq7fQh{XqvZWN8%n|J))u^)+sg^~X{F8_=B}8V1YP*1c+MZhU0<^#=J%y$z5*0X^
zR)YCk$LbGzKYq^s{Gh+}g1TnYhlrCD>L`!IzTyizG*%PZT)1IDdCb&-{e@<+;39na
z`sbNB`26k<viiq!;Qk{rHR!c5Q>a$`$kg`*kCa_#muRhTAvprz)~=4a_fKIS`%yh%
zr)~kxa=Y8~a^XuXmZG7*Jc2#?2v<|x$yEROwII{M%qqPxRV^<hq@eMr-9lJjmyelB
zU$@2))tC_jtxJzF%5N3hD+hev@L{`~UM`sp2ztxbt6AfS54oFQVE!rlZWx)ytR~Br
zto|fYC_n8W*{TMxf&(!w4#ivGAkKlW`=h317|hO0A2~g2=>5nzSVti7+irX?Cwe)p
zSnhpXm=pdP*sSSu((HVCcaT?g-{4I?2pJGSeP+RzY|FjOSCuO7vEq3kW6KU|%!53_
ze}ku9eJmJka9i5(QK+dT$$Zb!ruv^xi@F4O5>&Y8_?~lRm;&J)D<A8ru&bI`@DaKd
zC{giZsY}edDUazW$U0Sp>%u8bFiQC_+Hb^f`>I9gLDRVu9LwmJ8E$@4tov)}{2%&=
zoOf3jYg8lyzst_O;OfX}ey;c?+Rd8|%0gK9M83gFwhjs7Bhy_d2YNcsyhM3rq|X81
zP)?Cp?7x|1=ESPLi@A=xwi{SUbJb7TSwr)hJrcA|7H0tgLtN{0B0Mv4y_czr+Ppax
zon(fQzoyNNA-jN0UnBgQV*~JMC>b9-pdF7Eb|bUBeQ^=XpE;LU5&yAkILKZVYpWKt
zoRVIzEwNVM;A8gK2sA2X%U&Gsc7d4tWf_vbbra5lXw1ud_cS>`lmpxG9Ou=FgbpHJ
zr8l!QH<rqyG#Y=)*EF`wcCeZ<kBla@RLP{mQ*60C{*LK=jiB<bWTx_SuvJx+HneyV
z-#ACL83jzaS}iWx_s6%2+-Aq`9`_#W9B{<#=iCqOX?x;6CTrW*J6%V-`mHz0G=-D&
zrFDg;%s45WnBEr`Uv*N<(;5U~h7*~t7H8RQ;mdB6Wkol9<s&!y=o(kfWac&f+>fvw
zfSW7EH$M{veKgNmeFH(#Senig%HjXD<cW70JjwpH6ZND^f~e2rzJXEJlkQb|D~ZY~
z<apag4y`GQ$0MafK1+qS+|s4ON;06*wx;WvzWqJ8pNQO(8NAC<J*Q#2nFs1=aDjVf
z*>XE9u%))$N=6Sc4-|h?*khQKRMe9m?rpzuCfm013O|z5^<1a+U*Lk8(nquE9p#@j
z_$H}1g}nX;Ra7r_N)`5k4g#Ic75l@8uzp@zn~4^MT~b8yOL0Vda^r6z^^IUbGWuQ?
z=LvVJF40Nl2+-W2n#PsSnhIdBEB}sdx*P22JJVp;<|RF~JwyC-U=)yW5a@;8)|zh}
zx4`l1wfmGU0#6`~Jv2>**&O>22T5Z5m2SN#%y5M?OUH!iPhHOX{Qh#T$s>7Ea<aTp
zgJJ!M+;NB8620L&_aFtkYNLrWl1{>p({x-4DeT?&;vJ~ta1qXl`KDJkHu`c)>wRZY
zP;J%QeYsM{Yh@3WG%~l-sQK6$DY9dgu4Yp%nZJ7MbIh~|2)R4m8+8_uX7&2mu`Wa5
zsFGy%0^z}n`yTrDJ8gVSlfq)mFYE`tG~%{@t1$CF4ld?@(|Gd=tGTZKBrD$*OSu+g
zk6P6zji$-mAu+83ta_wG)HiRN7ku(<QXYVRlvYn5_&}K~^&q}wjT&cqvPsmCRGN{4
z8U=}zA+FWxuSv7%Q*<M(+U~PSuJKUeiLB7yLEndkdKrKB8-tU{hSPOfPPB8D+_)-?
zP9O8WY1;*zQ=hk+nffVF`}2{c54i-o)vu+w&N6$_N}{6=oE$vWgaqk&2}J^Ez*%nK
zkU6=dlg#dzjDE7_&u{u}b3PXNPsJ%c|30dssIm2tY`4<JMk1N#{Z%YfU0!je$%|RC
z{L3>Mo0J?f5ftTVdg~&$3)NF67CYHrhaa@%R)>7}U$j^-8Wwx*xeb5a61Kh*hIr|1
zDehf{pL}ZR&g8;NYr*4U3_8dzOkv!il|1>blIeU4p&M6Gu|pwZu|q-g;nqYX4%nVZ
z>YmKf=chY*!SE)BTR@tXbAthGhICNA1|oXWf<i5d^-_edw&ei`T?o~G4m}uw$nujf
zDw(bmEe;=BcCEa~Pk*M*o)`KMzaP8}TdA$Kmy=j9<TtHYlKpXe&Q$iI1Uge+{I&N|
z_1-P_3qD7-x}OI>-gpu?7VK(nY_5&0k*NWgzbpHX{68(mp5bkIiS2T#E2Z5YTgqL#
zkdo2mOBVRHHac>M&x=e4k|0n8wu^d-xQH@OGDiUnvN9KH1K+|UP4p2{yW2nV>)vXu
zEpYbz`PW)iKqtX}tUPW0wXN6z_p;Jkyl$vvuEmusr9xM~h2855gM{Xtd&LeYO@upe
z#L=N<xlR)y^o@aUE{e`E>u=0rVI*J;$Hku@aulC(OV}@#<oRY+m|HrT1BrWYzmV_I
z_O&dg{AHVf#eG1s_wNsP^=7x3b2cUynpwN2qGT7hJrbe!bJy12SW;C_H16gs<m6rW
z4*U3M21OIS2DP5^$UPb8pSc5;c-gLf!Ttvl(0P+5xd0kzv*-rQl<nGbZQK&4D!@2~
z!rcyq4(hki=aRjc#x0&R$xg$UN<Pjy{ei{#fL)qrx?$6NSLZCRb`HC7m09_R!hH`n
z0_KJr6c0B7V}0v*V6W+1wYyEdba>7moa4uE8~PL=_rQ1N-K2spC1yDGIoSOp7JvKj
z*`-hrd_4|L15zYhmi#x*brZMgaM32L_MS4ZrFSf@=gFYSUj~~EgMs-Q%MxD%vWG25
zSNDq5sN4^G?ZR`2`r^S_^eoEc+Wd{50eTdkQ<k{>bQ<_U%iX{H;3($9j+Hn}1w%+y
zG7%a9XzAzkW&~>-E_rOWYaWu%dFO{IZMX^NsOBwk3Y2XviBNG3bVS4j@vewpbme<r
z2hZ`(VV`w8J#yN=O7*gU4r5u=aFautP`_9-a0MM0zC{Q6vxNggR(NPpc5<i(>IKKL
zo2ZDDAW^~{I=IJSo>O3d&yt=0htd8J4e80~{b3u*tAA?AVbii=%bgBXz{HmUxe1mb
zf3=xgo395F9t7E_U2+g)5jP#Rq+FDlCo?0)+;uFOEUFAFQj@G#c<4}W35Mf;Og<66
zy*ezr3&X^0n@US{2PWirSL6fOz`V?d$K6@@rl?Cg5KCjNA5pxdC)C*55e^^C9gG8w
z=fv3DC(GCFo5d2;*HsD43+JEB79A%K2#!?tzj@UFtKzhv+<y3Tg*)j%(Sa6gf!8^E
z<o1T|)YF|KZ`lMC=U_rKFC%IR*F!t*9{NX)c`;^0UM0l&{NRely|eSKEK=tR*x}7f
zm2vn=`<2XN_C8+xX(LxHaPo9v1$!O^z;V{r00Tq`sY&&KT7GbDVopeKO!AK<+5(4{
zzpKVk0-cdwcNi?Lxr9JuZpfp2n0Hy=-D~@2dfgn*$QcvRaTMV68XbuRE_-P0y4n7G
zto(v<ZHm(7F5y?vK2e4mTt9&edbT32F_>Tb<uJ?z<!!w(Oji)LzfD&&AS{U@V|wKY
z-yln?-7{Mh09LR}`TW?K-JxTiTasyG)&a*n-cc!IjB@$E3;@!-isxD2V^C~UzrIj^
zQ5z0?wt~%f95bbar!?*@)bfITfQ|h;CC5VZN#E+OvZSXz2mRrhIooWwXR(EBoP^0o
z;xFzvKE=7OvtXK*>^-PZ;Ra^|2dkk8t0~isp?PPvPQ#;RgP96A?xmLR&PndU+@60e
z-<vp8f)@E@E)8p)%XfCOF0`A%w!REO+NHgHySG{@_>VFoyd@^W_?j<MR)go(PNM(}
zV4&QQLAFW|D%eIFnlFH}zT*NHB&xmcQlf|ZJqIf>1g}Q`_O|T!dJ8`at7el|hIN_?
zYL`~TeZ#MIFdxqK-by(5^)p8zQ<+kJEEwncg$BNj{S7;_zQeNM-j1)KC;;}t4Hmj*
zG9GMBOkG(m&QqEe9&l*wyxFcd#(@?2t90cNn7}(L`m#rC*X>&<z-`QjV%;2w*{bDd
zch0;fu>Royzc%&dn*^{p?=}KjM!2#Z-4$_oZ^R`vd}LuC{p#HLv$s1y|6&E*u@p8o
zP6x01wX@Gvgz9=I`o8Wm0^nHFxi~}zLR!$F`3aRX^R@W>6|`Tt(sg*YKQ8o3o!7{i
zKh87vx(1MdoNul<Q(k?vz)opTU?wWma)V=^*#saO6#ydNf$Vjkk%qgoAv~JR2ZT-8
zo;JuH=uYXiofCJ^Z5LzoK2ePhT!ZG_Ca>`Pzmc!!F`qyW9iuQ7a;S_DjSYi%CAuJ=
z6*OYXMr1fBZPi?5oP48J@FD+>==4fl=gjay{dS{n`zSbUvu}f(`yM!FGs6>_wpt#m
zVl``NW_XZiWjN4xn|i)b3M$T<=v&?~)t&pk0J8jXMZC>$r2P)8f%v<rnjY3cx3|#1
z3RY*C$1+6$(6>V21ANuuN%L5tD8T#Nzz4Wz;ognSU&mOsp(}B-oByksChWUUsoknf
z#P|u1{XM5?EQt0vtn)Q+XVP4j&~9xqIcZ_7G#qf`6WXD6$Oh!I+Ij##ModC9L)&I)
z;cpK~i}s=%3C?vQ=J{tfmGfvdZ+r4ldS@6H3w*qscMsaFbo{k5-;@y!-?y<;4P+wN
zx$R;1X+bs#5Ou9?(*p{?Iq%4p79AQ$(CcdH`W;x_dKoo_rl_R?)3pD;)p)k=VR^5i
zx}=EUo{;<4fCaqv0|I@(!kS}LEfYAvIUu)7X_aD(4qjpc5Ld*q?Vg2nn=ZR0UB!)R
z(<p3;20u{>dH=A+=uR5E_)S12XPz<PJPFoWdu6+#gdvsvvx^lTQn5OSpYS<!Z{ble
z3zkg%zwdJlgl!E|fY32Gzq;#S67ykYHwQ6=l)YDU3~@+Odb~j#2z##8$#S+!aTVNR
zNx0KL)Sv)_x{WeH1wV&vil`0h(m+ujPBYG~eZ+kuG0)bj-dL%6SdmXc=4jaPjnEo1
zN_bbxLB+htRM7dP-8t3K0~q3tME(qC-MOJ0(exQO98*5S;DfZ&)TfYKDIP`%P)c&a
zR2{?gX@OX@L|!2bj|w+FTnoYdY*h4Q4#2e1nH2*ooCAl4gqD3C>aOPYVxDM2KLwMg
zLQM9mt&m5<Y^Tg_e02?5DrooPZ#CD*4+(xu8nB2!rOcmC`JHyByh?QSzMIbUDEzy{
zWl_K!X_G8HSH5^jZE>zi48DcEwce}qPGfRys!Qo&v$0Hd{(XUS`Z2IMv*vyQUcIxi
z8iMUTYCugYk*Vq=Qy=cPw~oDK9-0WYlWdPYV29lUSTE45cE;=l-ryT}KNCS*c;Gq7
z;%>ft>pfjh!`HqeEPS1w5+NYR*iqeTfdiILk?!esl2(be2X6%NPk$Maap_@uBIEq@
zOB3fVR^LGpCY>McPJ_%pCrf$wNEWwPt645z6)6A07O7$n=@*mGv`)*D7R?0*+8$TM
z&Ormo{CJdk$x(oOmYo#g?<t8r3YEst?s6RR{K>fvZ2aZeG2Dfb-Mk0+_t_#KGG^ZD
zwQ!GmvWVd0d+%6E*s?{%-RIQY+S>)QqeH{>h486Vc#0=v+P1o%nd&^%Ussn>lUp1E
zZDGDn<b-A8YR5p<&HdZYdwA!@gt8-48^Uan)fJBAQ|c!f4L{>HIt+bTmM|ucNzVK@
zhQR6LmP+-pitNQP9DRa}<{wo)Fr>H1gJnq)CC1aZN)S_deVNGmHgm5ysI+O%^)tt<
z<9vsa&w*)%869t|G%Vv<u8kZ!yUlrCbQa@(%ZM)`&ayU0JYuGQDSF?0cbvHKcQn=4
z|LeVUbghWq`N1_dIsWVnZ)5}FuD<uX6WzXSvl)c`ff9bi#L=Oj;!GfTx&^KnZ~j&#
z3>`Pbd30m_)K-!hy=>F|<aOWi%Wv_(%q1X;F*=W7BoaE^0RCBkFS<4*?UkR_iy7}T
z;E^6?o^Ftq7|+kj%fOb|M`g+FVa$}07P|FZ;Q8m@1i0#kwP@EV8V^74dH|PP$(z)=
z%Fnp!bdH(L?j1Z5mlhbE?Y1FOp0<^I4XZzxd8*?OZh{{txs3hg-MeGKgE`lk)V5Rh
zPOeT6uuyKqPpS5(&f29;6`bl1iQ<Te$i?CHW0veT_kcRfo+#VIPnb%Q@v-8{z^!>w
zzvjR<Ce_(SU@@_s-_qWM!RMhvcV(3*lKs!Hglzz3v0Fo^)0T|-x-Dfo@E#;q%n@`}
zqdIH(H!~qK$VLAs3}Z6)rF;p)OSd_zuR4pCSH$Z{Gx<EcyqD6cZc*TT0l1=Y1lD;r
z>h|rY!Ad^`mpCL8J`}C!s;1oR+Oi3d8f@i2Ob+_}<NF%GvG*#j-F7!uzo%=bC%+-%
z96W5QW$h#zjaS&@Tn3YfcSwiJ%(&}2f6DcDk@pj~#04Sax6H`l%I8PSib;LgimUTQ
zn#y^5Oe|kS@nuuf1-uJ|J4byE<_a7&#onEULm#W0)ii{B3YJRU5&H5~pU6nuic+05
z(@73f+7==w_d1PBSA}!o*)~<0@UrI0y)xvo>dqz^Al1mg5pVS;WKo9fb06?BAVrrl
zPs0CtNK92CNkHCg>DdTKM^TIt0=u0(*odBeVl=uxI;3p-X7sHs`?J3?{7IA##LFLs
zp^^u0dR~-WP_ON`Uft~y1|6OwkUo~6sE^=c;pSmrUQ5jl@Di8P2f={rZzmV|shp;h
zvru@fTHs3!Jf=RM=u_~-=CUsFPjSeygSqe&sYfffRjs${?)fWTVy9}h+AVaOaRXgR
zuudqE&vx^&H8Jn^8lA4g&rjyIosF1xF&=5oeQW%@;rVw#{T+*m_bk(X%Y-;4`xp{;
zj;Y_HYOc_jz4Kjf6QV0#U^U>&Le9@*DUJHXwzG%w>5dwm{i;RKq?Z06bG5pp#HX7A
z<Tw4xWg(ps6{fKd4G*&ZRz1xX3GRxwG3$R(3|Y`Hw~P%L#tVh|HE<;-PB4$upQr@T
zB<#pZ^d}uHO6pA(Uo1-Q6^v5@u?<viM9-c^;R6V&%%}IezwR}Vp%(ALlaOPyY^Ubk
zmL%GVG}kc``jI2U&fU<&a+X|V&=M8M&T5HOKG#M``t!>$J}4%ay74K|Y+z7oiBh=<
z^^h=CX!@0ZrKL&q=YnI4if&&C^xJ>B;{cmtl|A6SA<j-<P^t1IV^YfnO@ci@_0bN9
zG4+zyFQn2?X_A8}bncHl9be{O?Z3*b4o4!v7g<rsp~JhgSuol>v57dQ(5#P&GE?;7
zIUxqTM26n5T+wd%f%s4d90OA$Yc`G2bUmqrr{LZc>e=&W4K~;8u+I`6X`oE{`GiK&
z9J7lUx6|aEnzWlfZc)p*LU@VKKG6tgy)qjYar{du&h^Y)8R$)CVl0Ey`9)vf`}rMR
z_c6HQKN%taJ?H!Ep<;5#OWTbh3S?P=|6Zut@)s`gn`5tY4Qtq6vK~oPg--`Sc~uM6
zM-&Hb#%#-9q@Q$$v-byF%T8f&+XyAJXC)yk*P(9<TAC6O<!k0h?=};4C$lO75ur2l
z#-#u9spG?i2AjU%kZ%$=R)jZ8M`BE!)9vMNN!3UV>%7N`W<MZO)9jo_Z0DE>mCUDR
zwN+-E+dmQx^r?&IddG6RX2?OjRqLU$3u;$`ii2ah;l|eH{WhyO70YUUM>Bb+knb0U
z(??3>YQqxyoMqYZM8_k5!pQ8a_}oer<ns+xV>_Omn=*!J6)(7*Zb>f`)Yu!|-Zafr
z{A%PDpuVYg!>K8Hj%lQ5S4B}rr7!Mwd$Oi?j!1pNwUf+jXt6pEI%v^(%*J^m{>JMU
zeBNiMlQ2hK{LG2R+4v8{lc>``y1Lh(YWu9IkcQ{4ouiiA@*UJ~%+@?0v$XP#f78VQ
zu0T&@XVE=0Uy>5l$R%*5zP(};>w&&|t9rDiYd84H<g@CW^oE={lj;@MWKM44VxTql
z>aZAyzFm1WJAPhC|76O|vo?=uWGD$eOKV}ed=+ok@v)lgN-bncxuY}{oHA5=j?1ZH
zPffSyBwiCrfF%ZB_lvqVHJ<N03v)(t?kk~ZeJhC%oHy<^ik7ovd(xq24djuA$)_m~
z5rC}I6z!!a|AFigLF2<tQ)cso*feYuq<fS_He5-iY?{a$YaK>^TGsZ4dL*5Utp8)w
z_fsRTZEa>O&)mc>#zA@Rwsv^ajZ@yzuv(tFI-%WF-!|3iU%oy(mXpxB%cP*QcIA8~
z>c+ovxTeLSJ|aJgXl)Z9k`bKfsG7ZA=HbVloU36Q9UU~SuvUZLpTBQ`WHy4!h>;lq
z#O%HcKaA>bdAmoS^SRPzS^43rq1FXS83TWf?y}M8uK2I}j{a7r4K-N9$mw8CGjr|W
zIj2g$PbH(#!Iy@)!TGX3{$tY)oeQz>L#2FW<@VTaN<9^^eNs!|qzB8&NR`kKR1Ll3
zcr=lE8nc%VL-28z<GDK}Qg$`8L4o#a!yx@N^FA`i!}8#qxb-nj-8RPaUX9p`8`~U0
zUGdKk8;WmW!>>)%g^e*bgkkX}5jjVG0HQ`h4g{0a7q8h5m6_!e+_XID2XyScosarE
zc>egV9RJ{6orNkpmEXD@z_NcWV`x{x?$XLGMkp`bgWtM~(Q<Xe$3Tq-#W1S@3!0)y
z%S^iKc^L)dyO`m<wGLh&ltntkr!2)IT7K7QSZ^5PO|oX2L&rNoLUnyvp>xVcaC^ZG
zIYPpnYq9)#8$7g5NdNg(!sZf2P0D5I`D-h^V?BUs&gPVjKIr-y-w)H~nBwzHs<AAL
z<JiQ*P>W3wfyCHGhx&jfA0*32hk{LjtIo{=_MV66lmSB5rF8ekYhQ-W3y9K~5XKF?
z%*{9E3O|S!WdI+cJ3N$6QFEysOo}-Msh1414&bhl_Jv{OJJlq)k#bLIHl^K0n(VhQ
z;emOb-+O6iFqdNy)@*9FY)dQTm;M~h8Gfc_r605=|5$C<b<Kz&l64^`W?PnTY3z=f
zsjK#N0jhBho^ij)f9@d!gc=m@A>KT;(pwL(owS(#ujkGJK(krcW#5!?BvQ*WU&Hwa
z)@U71QAcYz9wtv`qC4dL$rEgmJliMZKs;(q&t9q|cWx~%>ze02YB1p;uf%$vHr$?M
zc;Syka?J1bLb^tHjvGF{m-2}$eJ-D;xt}?!JgmU4?-(72CKvdret4RAB`~jWTe*)!
zk`13Z0{}vQu|AdJ-UE=`vBFwR(xEm-4el<>1(%7%O_h^QHQdxrA?1pFn;qD^{wub=
z{|Eh8oeGXs%D@PA+Ihx=J`|L;M!qb6<6)fg`LM0Cf{&cF9`OuUZ!g!y!Q~!*Cc3mx
zQ>VdTWWQrV8F#V7(4;1EqP;Ztv@A&e3RjF&?Iry8V816i+?cVNyZ2QaUjySUJ@l*p
zHkIDJxKH-=dv3Ef>zL_T*}J}hk)f=`o`kS(N?dN4%JTco3j|PCo%El2P(nfQX!fCG
zXRCo1JS;tg<p3>pV(DIubkx{ol0-jjlMG}yfAUyeJb#1Hy|lFY)!J__DrDCfx^1l1
z2U^WwK}!GkM<>6T+Es2WFT~>5m`i)U!_B?G9{}HI-!&H=%-Fiz)nTb^N*Ct{H&|_C
zrpa3%C%zX|mfM|E?@#fP7_8DxUpms(N5*%Z0i<ILtDV_ki9pX-*SnTj!Qq>xmfIKi
z!xZ~wnnRl3`)a&cewz(crm=s|!K$OU@xXfI^(#fT2t{~P*t|^WS@5;G*Oh4Vh{jOv
zES+^LT42(3KhZ1E-i75r9V!s6akKtOg2Jcc_ZLO^BtT8?@KvKRZ%WAB$CjlZ+g_N@
zs~zUWBbdFhx?qiJ{2R(1X%I@jp6$bR>TzR7Y|Pw_dtU@O%2RpvbQ&6-^RpzMM47PD
z_T=@b+l1*!Q<_lWms*$ASL0)R70$qNU#~i=B!gpN>&Zdbr^&fMQRznU-MJ$eA0R~g
zpr8@CSMX$~Jz3+dJ|uvu6nG`#;lFtzSoNgGTJL1-bkA&Zhq?0)I{nAO*zbR#_@5!u
zGtb0WpYoPy;+%3Ur#nAK%zc!_20m!++<%1kozXP{oL<lcK>}wQc^yn2zA({>`tzzt
z<kW?9Tdu$Kq{zDH%)DpeIH0p<@kg6ZLDWexe!5XBb%9RE-omPQETywHxT)#kmbZ}q
z{elyb-8sznuYo%2RkNAxkxh<9*G{VRR#G}NK#|UzYua>NYbDrq>PAd=h>2Eq|IWfM
zmnd`{ta}0~$ZDSyeQ{a0tk`U*LP*tMlv0hYy$KdtX^iuKLj%{N3(8yJp(wDfj(mHV
zpxhOA!G}z{;yI*tUj-v|8!191u)!N4d)TDh<t`LuihvNW(6vew-<TicNm3Z`yf3PD
zfYL^opmKMGEvj~m(uRqkhg+x}Tw37?T?{dh`qk1Pf}ZnkD_8~H9h_p!ZD&_QREA7z
zKpsW922s0r{${@wL@h2nSqekijcNVt(Y#Ui53U)#chwk%Yu=Yuwb-2#aFA0b8C+FP
zxr5#g8-G27uRODRl{0y@VZ(qy^;OI=xqf*vMr4Kj$-t*y|8!S1G)B;0k-&$kZ)?e<
z8#zGDG@g|JAi`*#SLMuEvvXA5u}##CXhZJJ%bqAMABhv8ff6AH_gRsiJN>1=PfI!L
zVF2l2b*4R;-dL~wW!sNh_}JnkKhbYM_m}op5`C!1!t6(}h2<ljwjdY6qO)I~$tTW0
zeOp7lH9@+Ll&<f|JDbr8`%;6nS(_~^X08j>TY>Cwe@vD0LQ+}dkXP(-aCPzw^PuYZ
zbiW%8VA}^VA7f5oZZ?Q?edw;AGLp-;?`bJSfBwfzeL)LbHhO!?r5`9X%X`YW(i`?>
z>|B?nt!d#se1vyK1mDfVwfQeHd`zXKg`&#Ss^^Q6di8zVQfSrNdZn_D83gKT%=4ZQ
zQoH>T7HIqIC(o=uP#D^wBnSzCZF4|UOAM1tWI`jjSW#U8ZwfRdcHTtgy$`zyf*b=9
zd-_Tqev7CnRsrlFFII<^c$N-WsH(m2yRo1)(iH=K)Xg^3<*T(Gc5U=<ywmlBA&a4h
zU~}e5jpt}aiL^sZghswyc9n^2HPRknHz~Az{UxK~Wi$QqkQaLEx5y4rBqGZS8Z!UC
zw!(xlQ?m?EpzcVA26T^^D*<6Pt`f~{mg)~lX#UKv_t^Sfs4-=o1<>2}d0pr=k1yPh
zTl&8zioBcy>sY?8i%>70`lI?N4lET!y1KalMAo5hN1E>?7YukD$owUX{7g>)@Nn+8
z+`)gGr>c9d;3>9y24xRQB~N!bE%Z&0fsJm3Z;dDg-oqkzJ>!llGeS}x``J-&Mv=X2
zL2Xp-S_43<d5zrNqOa?(Rag}2EWG44()viZ$S?F$&X?ax1j$|&Cj{c<D0{NlB{=5*
zxz}5zK~Ug5o}J@9p1b{lqSVlBD34ifqeh6i6GK^3JByhyN-=x2JwAMy;rwWxApB*^
zVZd~}$lqRr9!7BHp3R7~RyYjEVvqXgku`CipW-GBPg@+MF&S!Pnri6ug9@$$MPMtQ
zSg!(7X&>-9F`Dg6GgYfP*e#DI7X`nO+36_EfAYJ}w!_=o7NI^V3rds3=<4UO{Ji-G
zYP+GRR2N#apWoL+wu<#ETCvbY`9bfjzk*jqNHQS<fquw9nex{3FH2LHcD0ocO^S8*
zV<7m<63q1~HnU5VVqG9Ft{)S55_9}yfS5=d5Z8G5Dc22pNCF;j2Q7sqh*5(qlGH)s
zgb<CoEi@fyq8|s&fAdP?ur&AV^(pvhg{PrgKwbR`!?hd<QJKTv0rOn=P=^-0FBQR!
zrv8X{nH=wa4@lNNHyCef*r_?U#Os~3m_IHj>9J4QWp0vbM~=^!JOuX9qnP(FvKpvi
zi+K+i6F!%>+%+J5pgePXN`5nowtnk~m{cz%wA(<76P|`7mVAxoyrZp$dl<oaXQQjy
zY_4nh(|sttb9O)JQKGK<z&&ZU__Sd8W|PhzXM2lk|EhM+ZmsY1(FQ0t;fHH=J?<7Q
zt*e_qr}=}DX2?EcQL3wQwd%b5GKk#C=QJyIvUFa#ysB3DJZ(8r6I|L$tfp6Oz>kXh
zP2IBvx<)>L&)9(N$+n*reOuOHbt3QjQbV|r=uW0emXX`$M6QE-I=IpZ)$18u&kwv_
zLj2jUpq5JkT}`n6cEa*oTNC&~;WAh5*7t+^WTsVyC*%~ct2!?+sV(7R`THs}=e@t)
z>I7t{lK?)=q<`r=_93!|pcw6a-rA%0RsTrv`J@XZ_SzprYf4Q(Kz_EEs-fV;UE5P9
z`G%X;`5y~U!*S}oHFscP<0l%t#)YR`E@4dGnTg1Xe>4Q?j0}zO27tE_UNu7ar<!f?
ztEq&j@)O^Bk6XZKu)?^Vruf8!i=+-!jfZP-4N!-fKx?Yh;Ol(Jq%=5Mc;zO{mP3Vb
z{9ye)o43rpMmJJw80;=eavC6{8<jQD$2`PW0^+O9Z2EI9f1$X61F@Hu@zj8W6RqhO
z?8u8HlKO%1j{^qyEvdsZ>tTN~{80kOGc#A9&o?sn-0NR<p_28F6aBfmkYBojI;?Fo
zzD^7zZiZckieTQNYVv}5UGRu*C3e(+9l=_ESW$6X{{X7{S4iP<f=j9tU7k(%%0VgR
zB<G*k0k^r;eS^deipJGQt>#EnX==4IEdpsT<bD>uiC&~1N!90>6LxGs36n6gA}tIz
z+*Fw&fm^ZzcTz(eh1?O}O_75h;15}xnAf+Z$r|MsEV}d7YVH>ad(|n2ij;<JkHt~L
zFV0`tXk4M-Hil)2VY`AsMWkVpNZVOlmdru<EJA8}sMRgRQLy8|%7(M6XRAYqr;h&t
zmCda2756U#^YBK#CPF`zz)O45zTKAGKgV6x#F#7VL@BMV%)QwSe9n{hp76ppv-<C5
zk2dtCgQ5SUL~F@U`MX{7PeX@(T_vz1H3=SwRR@E2<he?Dm{b$B$nJsG>DO15RUwaf
zI$KhBzgdpaX=1Y!`7#3+S#OW$v+(g%+u1sL=4r4uxpLI?@w+)-l-;LHtCO#btV(1}
zn#+>lgH$izKlndovRKSGy&{WI)&w?wUo#3v+7||Eq7}#I6*|Igew_lxEoLk+>TyS&
z*Vi(aGmb{k*KcF(6OIV??wbz-<XciUUY_T4Pof<44E=oW?yMzW@~9YwK$8Ser*9m5
zY+%@u_=0bUV;*zb!DZ^qY%S%pCv%-Qe^m*0<njbdI2pzXbkNAE@p<13s>nu@%M=${
zonN=SL&$xLe+_@-+@8K2sg?QoY<c596o#fsoA2-!QoiB(FICiyd?H5H`s3kz_zZ6s
z!&SS&<-y6;0{5K4#d9?N#V(rJ1SPRzy!0c(yNXpU_)JGJI3mk>b|B#9@+!)5m=HzF
z1=y{$+DyBYr>{<IN~n(Q>#9H~Z5tjCPwDUAl~npmORC)+0$Is2h?#_(Dv>@$yb=}2
zG2FXMfgeF;fqzitp3bI1b=X;FQ4)V163Ja+62C6vP7ai8d|>&@9KU}&fpDAw|3l?j
zpwuP1-_HgLmitDScAC3mT5M8?<JPXcq1CiI0?qQ3%~kuU$D9X7R>Bp<psF=aX)I=P
zm!L(2Z5ht1W!(lX4&1(uc`FiheAY9@6Tv}iy=wo1zZu;(IUM<Qmjbl4WC7254gejH
zQ`TR*9ZbwSj-Jd56@pHw{7T-3xIe5ZodEV<gcPQbZ0#hi72oRX{%WbD6Q1$a;MW`$
zbBBerc&>Wh@FG)yf^)vprQgnvFroP}^9UP-q@N#Du@Lzm5r*Go$+5`mA>({DrQsRP
zNgF5*rZfJ45%%yZ?8&=rIgA(Oe+g6drh3u;W;3A7@3$Km{kz4=FW2eX{0Wsx+~2vK
z&=jZjIW1hIvOyG_zpvZ${OhdNt*xKwzqdpdQinJgEa+VpSzLNQv?XB6S1kWwi)=D)
zSVS;K?WWLK$hdHo$+B4*N0nDR{xT$5wxjt4DOz?USd4(mHOcGhumXGK&veohKgwT_
zI7+x`JYlDn+f<;FM6G|ME6*6c8@aGeI2#N84xE%yO3D)dfaO0djTl3cS-~4C?V}?i
z9g-G|a19<cZm5D0+_KvLoDs~^VVK9Czh=W&l;$nHvo5OhCh;VNhbO0C5{i3V_b{AB
znBtkLH%&B@^}W#K4I4%KL;X8xm%5Eh?3cO`*?KaF-(lAqLbDI(FkzZ@3mll>ucD3n
zV}DoqDgD-uv=j&IOR|UiS)PjwbFkUHf-~=jy`!rW%l9%OrQ#5_o;?=>%h9@9Pv36Y
zcZPp`0Ni|JP2KQulx6iu9iwbO2RWd5l{C>m&GPDblIF{@Xsl;G;GY+jm$tt^Xx2MZ
znr>_F=y#YF#(!fQ4l0U(<r$v28P>JGkpJp{V?8Yw^E<U{VJi;s*#WQY5&LH=`Nm2c
z<f2wDrf}qWQR|DONF?RFYguq$!o4>|TlP@TE`5p`{Igff<&j8iQR}5s1oCQk^LiBf
zywfZ>ioK$EqV+q4<SIUa6(i>Lev9^iScL~2snepU@q+^e#SAc)@q_7I*dvU)pLSsj
z>^!RFT1SBQr)PjiB&c`A*mcZ!S)}2dJ%9t-Ju@>m5cYPp-5|N2ZG~qCmKC?Z5@+d|
z87DY%d??B7{zp~5WjBB>&3&PIof{9Oi4F`E2>l42z|2e5n|``#@;myZB)!BKi!n@~
z{v_-H1mp5EZ9j(*#A|B*owPnV7y9C#WSIbs?f4wv<{Mnv##HtoYa!eix1eS6RAbjv
zf5`J;RggZrx7ySF;yR<ONnE>DW<UOR`-bm;x*$YJkeai2Kf!JBU`l91wxb&xJA(gP
zJXATrAYA~;g)>R>JbVWAaPWf#>)AI`z#fmk_{!O6YPcslBp=oZ{!Uwit<eqc8G~w~
zgNCb<e2M(<1Pk!mIS}4^D&O#&H`Dk2(3Jfj{six3zNjmTaZ~?2@*^z%Q-c%(EbPfV
zcs!aBc6(fl2}VDjj`%DOaCr-5!@AH(4tC8@TU16UUbl$8zt8E?tD^A*`!=qQpJHF^
zf!VOgMQBc)R>?gBG)TlzW`_JIj!-m#Ecng|)&*V5^1D!{J<I^hked8BANtVM^xL>_
zpPWV6@jQ#l4A3bN3RhGSK1h14`3Bz1_e7bHNoaa#L$9e%u&@H?YsT?$5R2)ryg+95
zya;HXUtK3nSqj&G&xNb7M!E$n3xR&H{&30P0_wlrJtOCZ5E-OJ&9=6Rh*C%%BNCc1
zzNV1?5(4MALjn3o-EsfWe_`ban-up7?#<G3M)z(Wq3{(Nj@&$s#qz`c-Yi%ddqsKW
zCn9{bFKot-H5<9@^9Uvh-sdt%I*W`5MMjI##6A)Pph=7no@%l??4(7Vu8AJqRzQIL
zEH`%-)Of&8RvM@56(efZ`Yn=lyIMv}xy=>A@E%7rQ}({qC!D|jyB5vQ`JR8s&;Mn7
zscgKW?FUT`k9+ZQk#>v!^>ET@@tphyO<DZmPC!F~2Y!c@ss3(Vp<De~R?>cl1-ZGU
z3ssr6Vm?@uu9*62UpjSd)jxw$9LD2&{|mSal6df|L;MI)*e-1Zr?l-0TOP2}F$|fj
z1pl&;d(u2pa@-4|KRX)J!qHBjGU=W%VvLQh1uI4OTT(iqv*s_GCh&Rq+P?)?%xF?&
z%Dw>USgN2Ns49#vC%exVyyo4}(E06{4I;Zb#9Uu9saNBr1m-^};x~*5K&bM%>ffJ2
zVj<O{(7a1R(`lLUD<8Eu8S=fXvUYeGwaDOpBaCC~pJl^>$ljAUO&%=4W4~8nML+xg
z&>zKLa^pWW_2tHC9}QnKKp+#P%7VlnNXk<mPbVvK!yZseQo;;qEyP?l3au-vEZJR*
z%ZZWm%is6)yRtYnNX;0k7tq$W{j>8VZ*>%YZa%6<Do`}I|NI(6gcdgNUqK;8Fp{0s
zv6J0##nLIg^<X_R^IOloV6$r$iY~c-9Q7tdmC#g(H{AS_Faw!C6d7c?(W!Ar!GL(3
z%{_yDhc8{`8@*|+w}mIIC~g=AmkL-<9=#c^y5=gDSYToEx7<@_EAD7+*Oq$aij?<=
zZf&c+Fd-cGA=9KT<BkD+ET`wiZ>esuvJgRKbPU>+<zJ}|x=*O=c6R3fL4`_Y;!Eg%
zahTy?z7WH3ScB*JqtVgerH6Z~htUohYt6jet0>*V0PjH#pb9)sKPh*<;kmYNo+fuc
z>0bH5nKF*KxPw32$~#f6Mv3}|WqjXAL^#tos#facKWFQ5ZO$>jG1jpAi?`PIZ~gG5
z_EY;?em*3BkPX}a@%2Qr43}U=Pr~c)6ThJHmTny~t)PF_X?_z@6GYaKMG)lpll)?E
zr6&=`JJsN6N;w<~Gn{5pJjl-U483l4l-#!1-02WA*vuOuw2t!8z=`1vWll@I_Th`a
zuB*GW<)=X;=~_FJQ`%cG6(s;Bm8nm^<B^(Mz|7_rW~J$GJi$$Q+xCcWDjjdo|1G1<
zQ#-U^G*QUkpB<%2SJHQCVg-rk5v-?A3T&a=l#<6WoBpW_zy@i=J?|e%!@0x48<=%U
z-WKRRgFQ9RycuNs^YPc4752bK!_+mqTdVUHjPoxWlJd$eIfgak)W-Vr<+HjculL}g
zI&XZJ1({Lgh)q?)zdq5L?y80oQN9`aTxy0A?t(5i5GVEWypqf?FmJ-VEZ3C_WVsyy
z_JUE4;t>RP2t3<V!^L%r2Zty;E&FukCTU*_<G(Im(pW%0x3YNB)tu-R)a1F|1Ye5p
z&y?0}jB8)LXnmb)pkK0~9Ug~l5n~5d{;Y%x=0mWN23=665nLj)!$%C12_g2{B%IFE
zCgEgvR(PmDB1eB_2IZDIHCkrg*Cbu>bSBwBjs-FN;Jg*0U!9tw`IbyP%zSu%K}eS8
z)Y_}IKrqVt3Tcxf-2TywX^}nLu=Y%vq1PZ!&xbu(Z+|p4!}7oM15R$IJqP37&XOt1
z#Vs4iJuL?w|BD01v?(Uc7Q13Th*#7WePU>m79HHvLg+v#L{r>cXb66P{Fg}_am;7D
z=uu;1T%S$cg{kT|wA=IsTz>@2KttmAACI!KizB4CGZA$I{(%P)nb*VuJK@>y|J3lS
z^v<$Nt$lw4fb`m(x1A%H>Cx7T%CYm<bMyYhYXQHn_5of<swY7cPn2h$_<-gmH%}sz
zRKs}3S4PBEeg|79)X^GtsXPf3uMO*)uwFq8F8>-o5KQ>-60d4H37Odv%nq9<FE;i~
z+%2fs4R%$Q5;}X%uNrx>8R)Qa2eVk6^0C~XEaw8AH(6)%%S__!M+K*E2<@g9==<wU
z2e60mo`AM>+zCrRog=pqAiXh-sfdZJb$gqiERfg|D}lFmho*zphbhuE<cOR&g+0*y
zc{5mQ3@vJA%5ya~iAs*Dp*Gc{DAbVzNUVs`98EkUA<*9pH(f$Amd3zao%Ay;5ytO2
zksLhb%N(Dh)8Mzye^>6H_u0B)2U$-804@{3$dFJGct&;pmt~D;`MH+3kWe$JA!z$|
zhW>D5yNOltZOu4y!0x_lVQExAc^jj?LrAF1q|pzKQ=IR(%1oTQDU*vjx>pu<1*+Rf
zxGTB127V49Qn=(E+&RU)8do`hAr}O^-igKr#s>FBX8L7)FBXYVw33*d)Z`IoKgHc0
z*NS`A*?AN8i9WQmkshqehC@4u5cI_MPH}Jlhwa8)uxXvz<IXK)38{R3S2IPmzbS3F
z2=jMWnqFTGYI!5V4tv$TlD5o0o{?KS;XEvGMY^Dzl{fiywcav>)cm^sDoW5GEAHoW
zB|?W{kYKsi6)W!d$?4L%+6YR|9iqg5suW`)g2sy~pIO{+$s3D1_o8u8AG1Wahk>yd
zT7Lso2P3wXibl4nYdqS&W0>Crw=AIBQ>s$P0mLv}T98pfXV@18cslnhpd^)Kdmr4e
zs=KA4&jz?p1tL?qlVHhI%IhxY8_WIW)dkHDAdl~nnk!00+EhQE2+g>j@96o3l%I<N
z$(^@Ih{=A9Eg6OCI;|7jD76W0y{kRnvFrG9sNZc{E#%+Y?arq#qRHTU-lWPbW{SoK
zpecP0UFj=*^DkknNVKJVr~K2*nZGBKZnh?O+<uN<_QTU`RIbN=^4DP3#VGFuKQGGS
z6G}(Z{kz?H@}J}-RAbZcV_DW{V>LScbW+w<SW`=q{>CIZ8W&fm4C1G7`Zx8(CggZ+
zYEpmAJ6Z!9kK~}cI!Bb|53k<^t{-^tdNRs`PD^Ya%L?wXkI;?7mF_>86j={mloW$@
z6~urO(=_8Mr$#5Ja3mh8Egp+^FC-y+LBqS?$0J#G<6>xVWYSAz7d92{7U<$*oLQqs
zabpJ~IIhOTpK>hX^I&@h7cH=!QSwrh@TMDjH}ACL)xYiPt&Drl>VKIlTI`_c(|YNw
zAH4rbl^}1{x-fN<fZgpC%Zq&{HH@gwqjEE8eUER$GxiVb*|{0S#Uw^2UcY~E;?GbK
zGnW7p>WY1K*=9rz&OB9GMs>XV;oEJsk=mxWY~{FQ<v3`yG1NBuJpHE^Js?o>dhPp(
z8%xi0*7Jd;y2Z76=T?qqRvX--P&x9M_~njlVq+rNd=y%lt+WmQF$4K?JzQdj)S(lQ
z`+nMLBZT?Ae&KJ|h=On}g+u-`4^Odoq8ooSkXoK+$BJvD@mS7?EFZx@F~C%*U&iyw
z0OaoB*Ry}Y48Itp=*L=-4>7VPqsCrL>tRP$p5(X-S_`m*z?Bph>`%&Gh@wR6o?g^T
z&V$qXYnLzb9PaXr=3nxy@5NqGisnx9qs;?@q_xA%r?%dp(mIVJT|b!yWq2e^j*7nV
z?g8+h&st?EMjQBjds=G<c4K2!E;LN1c9#xU@Cz{`b?u((^n^ec0{e;r;@WwM3t5m6
z1NUv8Bo%Hs?1LzjrWCD{3Bm*}gz5xSn&(-4I>oN(s?y-0l#)mGQDg>}8~lbp6iS@$
zM6i>UJX!dRGOgW3hg->4P~@fXkGJZD8^Y$bY`p|z^f`Y~(<)M1WQJbhU`IbK?iu~e
zMDdIr`TE7fn)tMzfr*8v@<>4U%f#v?H&XRF_&z*gL@rC_RswsJcZ$xH-ryu8N$36R
z7EKM1ys7Bs>s_kU*Jk1Ki{jr>t**Vm7h8!ftDCk_H%QPxyZK+Q`~tA~WmIj7%~_3X
z`o?Db`RFK|^^-tylPY-f*jjMd?z%r)8}Em}HjWSYcPB+{L$7zV@d{Sw)Lt?iN9bT(
zq~A-Wl65zUJE^zO(Gm!QD(1ln;|u3es}1^mMnvsDknZowqp`ww&sbc2H=paa8)%M>
zpTSwOpOGJt)6~?A4s`g!T>Ri;`@le3(pk&cC5huo;KV=^vVApj4h}mMa$QSuc*XBR
zD&$Rks9yh!6LsG}LO<H^6aF3iS{xeK^;x}N4R;3aX(<_lT!ejgCibLh2n-8DoOBXP
zBWo$Z04z2!hWB?VL$J}Lr054z%8m$Xjm$rIkIbOH*(u2Fj=K#XnW?<j3pAQP3<YWx
z^0^4MgyKIm$o{)-v|1$p3M~`Ha-JPC^lqd_1$d9cKWHGyN@a{cOYF&1ij&8+5Sr2)
zQr)X0(Sk*O=`>XZe<6Geh1RaAMswW!MODm+<DZ=WZ2$fC?jWhA2ya^QUrmg4?3Iv~
zni^We1+xS&??r|FqwXyKH%Ca8(HNpmQ!pK?f74wcTbYoS%a@v%2EIyEFk3JL=ps4I
zCsi=k`|D%RY37cOT1a)lvHHRNeS^r`A!+yO(4sylnIoQ-&iH!<>rn9S!ta<c$s|0H
zwPj~KADQ=|eH^$}={ec>(sX8V@Fy+utJfj3sKFkQ)z5wK_oe%FRP>PnLMy@j!i3oQ
z-R`8RJT|ZJifExZOeJZhtxqY*3M<%k$@$-8!11GDr9-wT6SsllyD)m{8d{hebq$j|
zze|XEF^_z0gf|7ugqOcX`_^*&&ajqSPkMWOfxh&x-2X9k-qCEo@Bc4~qIegjs%UG~
zh&`%SRn;o0YHzh??G;j0Rkdob5?hU!u}Re4dk4|lGiD+r^3CUu-#NdWobx)#x&KJc
z^*Y!6y07c`d|VGf-5)r%KFZoz{TB3jYGkJ?y!o@*P5ks>#3PP^+8W4PN3+Kd{7RZ=
zN+KWm5fXe^)g)`V{6du|OcxWi_d3#r1TeNYfh3_Z?UaW;MRP{&Iu*RW>9>Kdy-gqa
zVD>sdt^TG)F5)5Zqc<VJ^H5Ei%8{#=XmSVEc{;VHN2F0N>83=(CV@UO$$um!&dYBo
zSF1L)-D=Zv(Sr(k_brij#|eo;#fB#B=-;#%A{E&Se09wbTe#ogYWw3#bL-S?8L#X-
zg*k(|nwUq!^pzuKbmOgxbV4Xdlp{xxjr%cvCYU4kDVQV{!SsTF-y-2VTce2{<cS&v
zZ5S{t_4rT7FJM0NGBQfP|Ni4n4qRXH@|B}h?O{)o(RjewZB7h<+)DQHp$@l|#qeq7
zs_fO|Nm9tmCG7csq6nX?nU1;qsFDVjx9u!vCs1Dh?MFXS(Rmy3^-iU@h>c%x^O#`^
z>XGw(;=-H5G}rYM%oV=VO|CQ=QhFKY)A%Boaz`;6GsSq+eIwrzt<br?NVIC!N~n<z
zBDF+FEDySP{m;ZUVr-)we|T962Dvty)??A65`Tjs)hsu`rqW+C;wD%OU5xvI0YX)T
zTdr=-jMrQ??4M@*;Yqs<GyaEcgW&pT1<k7&4o7^OR>8Ye*T!GpwSPK>U*%e%bM}Yl
ziT$h<fxYKsd7G;)b6!pg?DLoK0#BNAS6c5S8Rws1b3G|S)b%8iJUN&GV&<I36VbR#
zEokx9>dq?ZG4K9d*ZYa`yHJ6NR_fQGee|Z);d4}`{q9d8^w1;3YrIp&u}Ahu1USya
zpFg_EtVvfA#`70JY3LWMy{ee0F7v6)I9Gn6YwicscA~&n(j$Qk;D7knB>5^l)xR}J
zyCBqi*Wr}j&6ZOA<`C2=&TBiM^{+#vHL7c!@YJ28Z<HncLTx!fyN?Cf^~mbyIbfWb
zD4UD|5}?;4h3rG6O)B?5PcJ3rB)yba#~B%MS%9_RoRGLB&z3b2Wu>#G98}=T2}XVB
z(e=CEnJ&6Cg1x|J4BNVQomy1qLcZDo&sMq6&J<1%3R7VxcFgy);yX}uQb}|hzH6b?
z+FSmfCvBkGqvQ9M3Tts4MkApApts4~??Ua^<G>(=TUdYah57gHCR<=(KxUl%9V$N)
z9f~7Dgl`L5Z##{$py-4q74l^TDa5z%xe_j~comd!u4HZCq4@R+8IggkoeNk{OB}z`
z$CY3|Ce1c37Q%~iXJ3~d%itKDOT3Nq8i=%;BBOJY9&6dth)s5UAVzxD_~3y_Z$^Nm
z2u$2&<L%33+g8PrDv&y7q*$kWY?QPvqEFpN&Q@>(tB@tMP$T<W=rP-C>Ptasr#kD+
zt-QL&qE(cMydUcuEMD?=U$vS1I!m+{fO~O#3i;XxN}n}vH~AH_xOU;e-0w@`1j$xK
zbn;H%h?kf4ti5f_SfD)<%5-D@mixp{H4!H+ilzUY)+v^rJLQ|bHtng-2kkm76WE~-
zCPu;z*>20Zy||oel%%Q+_I??o&?_&pV<racb+0{2*968OpQ2-Q*PD`hEiReypN-SQ
z{()Y)b>9;hC$nV>=J4j{r+_`1NTLOv<k_>Hs*?cbiFFZ3C-GzpASicV(VI?2*oLG=
zFtdH^NO;@VBzgYiP(~gh{bJIQW$@f2iPFB4O<;EJq)l4KnZ5LUMI9L#d{lHQBwY*!
zx*j<t%l}2SFe$}exuu>f!HPYl&f$HYQX*}VVSH!aOzpE~y|6oxuZ|D`@!?Jr?Pk4V
zKW~|qhKt;X(vev)JK?{{pDMG7PiVemlbR54@_ENQ)t(p0>U5Z=nyMYonN^{Xr<z6%
zt{|R>VSgD%*JD3%afaVq)hwXB@-CFzAZ$f0xPH@J3Xc|#cd@<}n-tf4P92-J*K?oe
z^o1Ke*_^s5U>?LOB#<mGh~u7Lwcf<jmoz=q_xgq!3XbldJ=^FYvlJ$Dnqj{;Zx4__
z{@sfp`ZA=Pws)4An4l+W5PLIPSgO&319+Z+!Gk?rtkHu#dee$<PbNutxQH*?TsE~H
zXDo&L!EM)^l9-{G76R$6q?yd^Nj2sS-z*pRLwd3>tCmKz>w`aNl0n1_defBvVROTf
zVAoKjApUe+wn{X~6P6gWUrfPrQgx(<(-S?ydBN5CNCm!N`5l$K<QxMNISpO%&`!S7
zWZ(#e0<<N%|ApkyzMo>&ibwMNZ+}kqUBQ4?il+OeZ_JL)>LhsghM!p5b9&<a4as3~
z)(1Hn{uMqbuXBefgF2ZVsWytudAuECOwoxKT0vT|`iW;7w@&rf)H~!It(x6gvI><9
z*7p@lZ9;u9(3)1x!oabIhQsGI1sqW~?<;KFaYx28;FeASjC8Gn<Wc&{;Z9Csy}c*X
z*WV#g($*y(4><E$0`^w^0k^jUv#KWSejQSoTgE=Yf6_{RXhnGERdZ=VZ~T_h4-X=}
zR)#mgCL%rU!@NfK<}V?3dl`Mz>18&l8J-lTcb%jtOrJW1!Ji3EzdSpH3Y!U^pqPdY
zi%!f^A+Oe1=0Fomv{3(v*1J%SiQs@A_H4HyIODVB?QP`c)(NHEv4yhzr&}T?8aquO
zDX`CE(_Nro3UIi;>30(Zp8C)1Dr5`2ep7uZed@(1=lTx;VMM;j<p$;RraeD7Y>f8A
zU#6YQ_=Iu8`;Q^)$Pyw4Vv~P|aGjN5Hcy$Ew|T&L@mYSNj+U5*>+V9mC&ZPf`^hRv
z04i$hC!m*FoKCi-|0x?&rc;O1ksSBZNtdB)1eUNOsh*djIRwSHD>c(<!R`S*dY_w)
z<Xv;?j*VDVc~@iJplbgf$ll!)tAA$N2YL^yWmd{UO1XH}{`>EE?)%>pUU11}t@eSM
zFWNskUa3fiyHm{`avOOpr(GHMX?*TP`_iYBGOVTNd^k1SN}TT(Lm)mpa~9FF%9lN=
ztbwORfrmIUjwaon^BV};Ppj=I_WL+>%z(Q>BmM4vWhhGMF~3Tig2OBWcrW{@6zk|i
z{;<ShPk7;!ZI%-`LuBZ`;!Sz-#4WL0xriNG6umihMN|_Oc4)CQg*K`#`#0ozjXx&f
zwS_W8J*=v+S(k$%+w+VbIRU!3Ez8QYiz4w2z2MmEVqe4hfe#cGl|>@jwagk(`41E)
z$6qPo+oLUt(gByClEx^_K1{wy)`A8jvYyXQml?JRa>hgcL%xUAqMtnLZ<;COxds6%
zUI*RueRO0oK@oZ}ABK6h2Uxi&hd!r&J4Ftze`GP)dBo$9Gj@`aI;Qu}a6VDd+8|Ey
zL}puIn`IaOo6Z=kH~D}jgl?Z@Y3Dz<;Ct?0%ICNHj0=9}P0Q!urhYaa2m;{$UE>Cf
z${#o{y{V;}&R76N71obi4IL>q^KJSFNK0;7$xvam>Rt+7o0^}UDGTD4f=5MWFUc^9
z%>*tdFNy3$^W<3Y9sP04@0>NF|GN0w@aA0g2<F`#pWE$HYZmrhzSR>*?f77h)Bk{1
zZTu&Bw8W&(L9_JOY5q<KDCt?bctF#q20mqWg1SD3M~6etnpv+g<MsUxkk|eT4bJFV
zhWFg4cShqMwrMxFF_IOIm7bN^X-Js_!Wr8ECZ1|lq$t5If+%=068y2~Uo&up`-vo4
z_xB1b5q#vx;K|i!ZZe%3H_l|Ga<zXS3<^ehhN{;G9ME$14Eotx6_r~Ivk)5RDMy)l
z50`1rIqH3tZ=3pktmc?^ja+y!Q!AmXqfq5DS$5-8n^8BJ(e2WC%`vW?wzoM+7Y*Ho
zXpzy<frsa)DTkY}+TZk1Ku{O0fu8$a{<Xu7x=cXB-a2+J^zH7CpB}&;yO-CT>P`Gj
zi`**ex&G^B{4n;c9?8RT4++olz@-V(^KIJE10H3*y9?nBeH8)Gnvn%n4Q1+xvkC`)
z=p@|rR5*g-xZH+HkCq8Kmqyy19tHCy-&1Xwbg4K5{RYZN*MG=aCYDnr;hFGp_MJA4
ziT5I&4rY~07ao(AGIW+Afftx0F8}6~Il-)mRhbfCQm0H<WIfRPPj<bXI46ui<{p@K
z@hG9UDWx!bk<%$23~DQs4Kw^H6EfX^TjI)Il))Xv+|~y+9pzf1=KM%R2n!BdvRQWD
zcsORF-jN(jXFj5yT~(@zP)u5^%oRCG9d+E^j`?bGt7dgNYcc#zotgTO?9-)J-x5*|
zlqWd38DE5(h*oFj$j0C{?J~YBxBRdY&#&;swcc3~F?kDDF^v!Mpc2UxQ)>6^`*M8B
z%JL-tI<sYH6F0`OVvwKx^a%3H+j;F_v|IvG*JKp+d3gk6OZaHvq^q7EgY*<5w8Rqz
zH|O8aRPZ{>C&yrU-Y|V)C6v9FKCTm?UOv!A-M9S1TD6u!^SrcRk<c#8qo|*J*3YCf
zPN-fje*Kce$EpKghxR|JP}>wFcOZylFUoyw*^{POX;Sm_3|Y{`98UHbi`0}?&-5Kq
zYhX)6J)E`UT|Wa&=0+@wq_F1*$4t8s`*3gbo`hCsWOAIO3jgSVK&#xv)kD5(?EqeQ
zWouTz)?s^;$hJjRzJ+hE(YXP5pW@)hR9BQaO9A<GSHC$;9@gr%C`O_ET4cL$d+KFD
z?=NqvsKH;^uWrGoZZSLEVj+DDXrIx}&3?2KWcjWA*7By|r^WM-cg-JYg}ITVQ7Gyg
zzVUN4_N!r1xH-#O`};<`<v>hrhAxZWWd&j6AE7-f-7tqW20I?3O&D2I5~0O?=-2tG
zJIndd`H?VD%k!t{;^E@8LYAkiuqb1di$kdwyWSW6)qI-W<lgKlQN-unw&qO4uzWw$
z^B?;)T8cd_V|vS9Pg=`O;(U@EAk|FKS3|2uGRS{tO|;IT7|Hs2dubsrPGEb_*WOzB
z(F{0S7N4z*#=+EZFBTN8@$~1-Pm;=2+CLbIB8mIqBCLK&!}eqP?Sw@kIDsmbd*^M|
zUiqF<p8KmCe=(}>0gu{0uDLTG9XgU{s0jO&EvFcn$7n^v+Jc_;-EA-vcM8Ht*IT`i
z1J^<GDaO#6;i;ik5+TEy;NY;jEiuzo_ccyRP(}SUmG1Bn-vl;?va5dW#zE?hp-tcj
z17vJ6FGN|%qC(<?_wyXp!vv`<%P#tBC!x}Cj*gbh6`}Le=V>ZcVi|2rvn4H5&JvB!
zt3w1Y)jF+El}DR@_Noqi`7`OI>tkkH9ffB1ILLz+Ba;2LuR#;-d7FFZ3rw2hxwSAt
zg!h&Oa)hJUua*Znh_7F)3;Dqvk(6k}jDBVSMIv0H`*m|KKC7vZ@spuiQ_1Qnu7CV4
z9H8uDn6@jl6pq&ZuSSoaw0<q#!Jlq6<Rk1v(W?4Jktm008ZJ&@lBx&aBWN-b+JeLO
zq70AIl_rFi<xr%MyOMu#G|(x^kr36eo8puGLv5P{AguvKx&=<28OXI}#x<bTEt|*h
zCfk!`bL<l$Sz`-^HmL>uNhcIJCAd%mbk)`|NM$y5nFKWtLbr^kv&3*g2zR|_(n6ZU
z^B*dD5GhFv$k~to=1<vT&@&6MsS9l}_T6s~_4$*x5;6XQY0^#ee*D6JGV+5Ize+BO
zNL6@-2~#H+mq1j8JS{Xg<VM|y-CgYvOu7)}2pV5RT3FhYdC1c)NPF@7{=WIG)vkc-
zMZsiyqyDk4Kh1ZT(^{Wj$alv0uA^k?ht^<Bf)>nC{l2R*U(XjgrRqbTA>H)hG@&=C
z!v)>R9~QHZzi5?RHfJi>0z%?W52~y&|9*r^L8~)UUv$^4D!Q)2XpBz?VhJHhUXhn+
zC(nI(JTPNE+%nb4iyaMTtV1GfA4TKN=VU83VG(Vku!s*O6D(q2a5qO5T7VKTY_~Ms
z!B=}mf%aV_8V+A0e1u`nrXe~aHLZlz5r(obJ}tY*d?0vfnVyZZqzRUpqv_|7IMZSZ
zRb3Wr88KilsH$akpTL;TV)t#5VD}GSM2ol4HP}cUKc#GFaQYkP?|#`*Nh|ZWU$myc
z@)k1$V#ad;xVHfb88`36ADC~xfz`G~5zI$r9Oh3SXdaQvPf?<?1X}>FR~Rk3WvW<C
z0n8?EYfOBt*hIaXYr($N8QDL}OpKYo8jW>+0*fgv%dP+WM2L-fcN>%H!zer-YV{pO
za~!I?CP%#%Mh@B!sxrDQV#*=&+nnLflc!9y;K2t)9?}v#=o;3AJ8kJFJKPJm+I+~&
z`gk50^y*_0otF=6^X$AEBY~{jX9S*sZ6mR?-MhG6gZS0&Ib4~9^EX07yH`EF!2un5
z%IaF%BZ<A&{&1s;3&LeD(w6crwj;;E;;}YrxgXEjnN4v2WD$u3ky-7*As6~XBJ@5u
zK3wc#9bKQo+iW*_75Ay?R07kBHdAhA$8H?#&8dG#1GAib{z~y(j<0muK2B}7>(z*0
z|B<u@V$i0bH{qFQNQX3Qmp1u70o+&jq4byMH~du96CrO3ax<w-dw#dX1>q<+QmMmQ
z+ctuNQ)fIYJO7zKHA%N(E{1F5hC#SPNv1rhH$X=-r+oN<gmbCz^ZL>>#R-QNcmO|D
zWl)#ecXW(u-i6gf*PFN((6B>E>{Rh5_*cU&LH9|l3WRy};Gh>1{*T#Ue%d$g$wYas
zyN&9YZ`^*wE+9JOv2MAUad=@UXuv!3FtSgFs^$&Y^KZbNlw#cSwzE;-j^z=dHR|7N
z<0EFJ;wRPyq0RtGfn$I}dnVwiEYYUU=eqM~@u4POLOt+-#K!gC%))>6E{-OWybA0)
zO2BQ;`g-%0Bj5ZB{NRTol=79WCPA-iP#TypCixZ@$<9>$W*y1+3v8!Ddr8wt;K2gi
z$Ne^%&VSp1R|<2K;z%Td-_RhsK873HK13`4Ouk%V^_MCplvK<z(tVc@Job_c%OXiR
zco+LhQU`<{;NbNX_ULDd9uy+~xXnrh!yOfF^rBSNf{R7txJL|_8Qku3pMW$K4=FAB
zX4E>Tg8HWT1s;ZT_W``lWceEK*E3=N>C0x3fRWbtFVVg44%*v}MV{TA2z@s5z&?bF
z{<7Kfp>5rA!<PzHmc*fZ$}NzMd=b6R^DX%yRP!b~GcN2#DpeZ-8ZYMG%{bZ1oLGI3
zWoTqM^l_vy>p}LJxqDG?^@!g@&a%FJ*)&FK$ZEHm&|=l}dR}s&U8$}%==yVJQ@*Og
z{G#xmU;l!NrlRp5?P%K0?^-JYI||PR0umCzY77p%qBNRNZ;pV#p<QwZZ%rCAm5-R`
zg9}nUR?B>uRwVFqFYCq?M8Q#6qo!{r|3O(G4l!S2W%3nW)QU25KDMHxnvbMim+oOW
zX7QL=+WVlvTC!l+(fQ~lt0IqyZ@;G6_Jt46srV;LPK;Xmd!RGTu>8|ICC_3SH6CME
zh#1XOfU^ze*Xw{Iz{%UQb=}ERta9To59>yVvkhvpwNA$9n1p({9_iHVsQV&y+i!>H
zZmpp&qtBIqfReosug1i%QE9I3xfHQ(=j-*jc=%?P`(A(SW4yZbp@4O;Ohb*qGO8<)
zL)4A`mGB)A_0&oWc^#j0trJgYn|w+7_~Z?)T&s>}{J|7pf`u;<8Y%VO?2&IHv*kw_
zLii#+Pg>W~_nWhfZeKX7QHhPmbNLKb(3dd6KJ%<hXK-AO_apE_>n-`pRG+c)VGY-n
z2cn2!Gw4FIVCj7>zKd~R(7W#P>my?vj?6fM9N;E}L3E5wD&9mTwWhf?{!z9T$Uu%y
z8!H{XSPy#BdL;ib?#7L)23#3PMx>h2C@Jav6yW|N^>=-%ziDjTtmI(*&2@oI5kO(0
zYq@GLG-E36L}IziG#2fY!@==>Q#uEc_(<!`Qmu$-hV4FPs|lKOh5?69zL*lX4+&(O
z;sKH4F>*`Y{XbVRAi#88)Y%yvZmqx$ZIq+uN+{qnT`-eu)cF|;P^;CSCCM(@lrfF&
z;ERL&+<zOAiF>InLX}`5YvKx{7a+px_{^Z8`tkhkHlIP!t@Nki@H@C%E@x!Qx)bMl
zV^1#Q@%{I!J%NbQ!L-yUH3|n(pEVgkWhQQNPiWYAYSui-o5EL0M3g8Zar0z?@F%sh
zokyB5z*{~mD$tEIjxnQU7oT8c+34#&7fEtB-Pl=wvcD;d?9~r}`Q;STiMvfG{}w7%
z-$s-|GNZVIFPY{?!mQ)<On!4#`SWUVCZDUk9M|aVbY`FE8`d5hVs&f3OX|ZYs<rB2
zL*Q9C{h+pK&hY8>NM6Us;(gwO>#dLJK~E^|A_<VcV;?qJnkB8D!oLu5N0V0~JlRe#
zR2<D$X)h~}hV4_W#%LFhbV=JZ-MCkbDCHZfHW359g1QyMWYV8p+Hi1N7^q;EBHeh-
zXQ)+~QdIw1)I<GS<&YSpqt&lTovFhC^n{@ghaYaLT_s7*9X<V(%hg1ASRdb=7=5n5
z39Wf_6a#;i3mgBHdkt?_Ir(Zf^Sr<};YfToo&Spc2j_A@pJIk*Y+GA6q3aO7R&kRZ
zM4N||{Zi+5QxU1Ew}`H;`32TB9vOdby~TwxtqXzIb|qRZ1M0tA_ueO~AKr8fIFZ|B
z$aKiiG8$NIo181;u#OMLWmRQ-TmV^CAVOQS&jXyx<ZU{Hd0a};(lqv-N497m=8%mH
zaN#N=uP&(e(PNEHD9s`*y4j)A<MZKH?#X!Jy?`{Z0{4zfNzi+tF=~VA->;WyeDDVc
z(PDmQUq_qoBfYO6?k%#H%yPryIwgv$AV_lP*;!pi_l$7ZTHF}Ae#CgG$@E_)abz(o
z7hG!`PmA>7-=qqgJ!+T|QYo>;4Bay99mnmx@UN;Db8m{Dz2&pvrgV1N<~Jq^iNhsl
zeC&Lyq{e1dhn4TeP)#BG!|)(nxq@@{Z69hhw<^L)6|KyXyS=?lf)4QsfZMrN^}$K!
z)+pybO5H`CCgCbSpXWy;)e0=J<)$t6Xq2KTa%G0c55?$)@IUS|{e2zw`O0b&j9$5P
zTf0lbw+7aPl1@<gNt%MB!=-O6Jp#bB8hk1RCaz!3UjwnqF@W<J6z3OavaJ6IjL<;#
zI5_Bz>6|5K0>j;`v>IisJAbtpn(RG%<&l<VByh<%7malcPjk!Lj7W3HOZ}YIq9f!;
z?j)OsANerG#y6yapP_@n{H9TS<7yL>oc|#tsiC$+^%4&Uw1Dzg1I>wJ1bqC7(xwT;
zO%Y`;x{Lx~pvJXqI3dpAYZ<S6e9eA(b_v1@^Vn7(nPR>y$&(<THtE1eV?IyQ{rb<s
zV)&&iu^5bTnGo=g37w`k#d_4{w7#qmpSV&!d+5ZK*Kov)m_Do3+FdxT3?0zrx`z{k
z+(cvi$!}r@{eJa%(*;WWX&aDC>y>$>^@j!j#duC&;-BSz+uy*)=-Xg6?(XY5C<DUZ
zAi}06QTat5MOksnI46Xj-cXMCJSZn`oPV9?N$|Qd#^J53{n|Oq$4)OnME4+K$)738
z)8-6!aIx-;%;u@>_<jWn`r3mo=;bfP38Y_|JcBf8Rn^sG8}46J0StqUIz8KIj2DM-
zZo-H8ES8(k9OkYWRDE7{$M%V6%wL+wU@3*uh$z{0b0OLD-3hcjd8gaxS^Zhr7$7Z!
z7dg(UF=PTc6nhaan}l)%Jy|^IG3espT8n5O{DcDcv#GUCW#bP}DMxb^LKt4DZyi(#
z1RT}I3M4E|dsnz+$gT;ISATYLt-FR{dD-|L`Ri|`Cr~<cnqmZ4*#IVfKCJW%vz?Z)
z0rg)6!odn!o6B33zkJ+>GRa03#Ff~%*=Bqg-m1jL&~QsPx<GzGIu8Oz#^3J(V0eZR
zhDpl9SA&-AJ%vlvDwwvEItQhYA80blwBe6Y!czToo7==T2?|q>(o;YhAN|hlP~OuB
zlQZZXxy}J2l;x2^;8>C(2>$TWG8$E?m#Jjt@kGh{tEhv+Zern2PP4y{m(B#0&Zu5|
zeE?Sjefy)!#AulLtm&c0`gCpq<w9a%7&^8_T6bia)XTJrfza~4*(I+}>DnqiNlswz
zI680hfs=EdeZr5cx6)1~g<*e3mq{lWy8Y|aDt)8kk~7aPINL2^0;pRPIH5XZ5Jo87
z#BDq$)Pp^4pOAMEo@Qg3zFZa_8NKmgqf|1}zfS4)E>ZF81{{)L-xZMP@!t4s_%ZMP
zmo1qIO=Z{d|Ax)TO<A1$uRrS?(|-1By@u6{=OL|NKBlbzNPT8!bc^k_%?YA{B5j-2
z6*=V#6pR!$?we1xKh5}BF-rMGl49s5jDEMCVZgs`WU@`BAIv=|CTaDH#F{y5*OBvQ
z<uAU(R0;xzYC+R&TnIyyx#mS>&OtINx#~%x-#727q#nIO@2$x|GKbSaxy5R(on?#*
zA7<6itnEc?v&s#(*K-c93KZdK^)Csr_(72?fQBW7*%4n-8wZJ*$C8q{=2eTFNyxLD
zYe%g)?t5oU(S)GrZzkj;jgfLDJXm>m-*5aOzxhAQl8zXTj54-V$MBR)_T#iN6Iu!&
zDiH8T`O056Ku$`X_ebYja!sH|pK&DdVG0AJ5Gyq<IbB7k&^*>d`Rtb{5(`eFat0_4
zAP4wojJ)?Vlx3o|1gYZBrM=6nS4H>PuvXPv<c+eR%yA^$M?$-53VbrpAnoV_ik!y&
z88Z@2ZlzZCJ)PXNDV%8V0f!rsE?Jjlc#=DD6{Ef3?7$%Uw{U_y!I%Hu_>avWq=2QD
zF_eHKliEuDJRU_?<eQ+iVQHc#IIXns<T8L5JqP=clfPz@_0!d;XP<0y5&Sy>`Br&E
zjRupO$Yfp|URB74)G1e{S6ZDMKnjgKtu03@T_$w~w8IF>TC<Zx0%#h^5-qQMK;w;$
zo7|-Ul4+QzS&t)X*0Yc=*~lO(?-FVvCS+FcDjo&mjE)UZ4XaJ`w*o{%`Q*?czLrl-
z^l8N<)x7(qAFJ@g;~!Omd`s#FrkJglx`)QR$gVN(tsPXh&XX#Y^lhy~Q}q4Qe+_9|
zsVj*_c`OaiB~@Cb@gS$UjZw}8YNBwD)xofr+pK5Y7m_<VAzv<SPw+~jYMzUOY2V0v
zN{Vv7$!SE{ot#UC7A4bZ9jy+&7%Zt#{o=gP<WI5Klr+YE!E>H??O)zV<YhfVP>BB=
zt9LGSVKYv$cV&A<0y@CUnJ{Aaat|vHEC(NQF8E+b>o=4KUb?LN<TRW#NxMJ7h*YZS
z9@^0i5X*!0-nm2`k*&3%VIjn6yxqu9$7=*E+y*L-!*W>9&A5IH+cMDSIJ;-1Y$@sV
z@ut38V#_Cd7o*&y5Dqlrxj6U_g#|wjTCe%|&4EC&bqw||M}LbLI}rGDKnu;ipHQH5
zBN3`l#rT{G`4(hx_gdyW+4Hr6Fa>n=f0ujET+fkU^A|f7$nUOBbWZpGw(*{eOdV1a
zv`>@*YOy7L4w*+;+uk;Z=TGD4ozM3T<ec2|7IOf1-v@0UFw84WT+u>n2obos$pKy_
zGSmIZHr{_RJ|RD^fC8v)CZH~EwaU3El>gI^&Jxc~nL%FaL#MC_=^XB~Hb$s7d)(ZP
z;zYTvzsa6n;iVzF1YVqv)0^M9^nl^~_uYy2%F_wq<`WcKF&EEBAt0D>g80O@t(Z`A
z+NEbs{3VLQOjpe`KpUFZ?O_uI%-;jK@_N5CE_~g#d~k~!_FL>ggk>QC!gS12@&oJe
zB`rxHzEHkPtARsJ{zd`D0=I+c^ZYZDJ+BMU<+JK7PQuqW!-{eqCnjdmQ*W{;H72j<
zdN+Aw#?c22h*#AAOzOO%tRx+%^}IyfXUG{}L!8+C2N!_dgwlrM5II88XiSrqD6Mn^
zCC}C3R|1QuO2R@f-O1%5acfdIjgoeJqR_eQyCH1gx!62XyUK9IIWoT3wosAc(JNk<
zfNLGpt_t=~x_z@zV{xGWPYIN{nK>-+O@d{p^wusz!cy^`T0fwEHlh3vm?~4#|LJ(X
zAp6B8Ksr>GdW2(Of?j=oRpgK4`DX0nP>sVxG%Z?0X`vTZ6g&#`z^r`p-@ZYsH|+)j
z*i(CzTM7M$>rOv|6~cP@by#-F*AyXs{>8dF)i;|zcz6VeZ(bfA9xcuPy#zF~Bo|NX
z7Yb}u|2JU6IO%Eoy`Px0`v3vWv=1LDe;e!7+Nvh|g^ka*Y{QV4Rg3~EBry!h;f%7x
zTm<J5s?T0j`;6@$V>!KfPUIFGKZvk5+TYog1Itw^7xd+U^P=c~0<OLmSqe$7&eKU-
z3X5WLYa&voTLurs-}+dLryR_l?_Vo1nQx4+XC3<duoH^!MnAFOz$%?@`vlbZ*RdH@
zCn4f`^Zg5-Zq-U#r&!f}>_R7F+V1fDor)fhV(r|$9X}a1MDAW4{sygok9hA@qNk-N
zLesOh#~x0&cuJ1v#O2K{JLUSkP_BSa%FkciTaEj>EgE)1wzDF0Xq`<CcGh*!epkr-
z9lG^J$)->i?>oT&fIfPI;>$k!aL071@Ayo%m<VEcbPN$4OK;k7Oi;a!aP(d8L5x=X
z*4#DpVebz&teZ8@eLXQm3&bffObj))R=2%6#u$GZez}iyX+)O4WLt9agiHNH9M46k
zhunQ`u<39O;C*EvFgzOiiP<TWcI!%m0#NwJJpS%P9RO-RaVi9TIzde<$w9aWO`^bD
z?2v)d$(v}Pi*h4Gx7*f3CvGKDq8~#rF0|tLLeuY?^$!NopuSZO1Wgb@R&JrL&`G#?
z!C<5_OBA(K6m#Axy!wa2Da@p0YS(SZskxp%s8ir8M@t%5+ho_p(u99<KKzWnb2+U(
z!o5`C*CxZ;VQiEUw_<!JmNKFI?iR|r`UErWCZ@7AQ!DBtphTb>S=f(MK(A@eqmA!x
zh)ds*b6(d}lPhDykw?lc1Vw#Ed+YVrHHDIHgW4Y`H62*fzhkfVH|lSaoAG)g8ZzWx
z!#L3AlxkyY8}xj^CnS9Fc$odbxo+EEQxpK3=IXlCp_1@ODu0c4pbYu;ZxEGkZ3=XX
z8n%_7<}@V{jUjxm)%71%FsV973+P$^_?G^mA1Mfq4XraXB@UBIiH)!E70sWfq0>v9
zyn2`Os@dz3`Qn_;P#f>5mFA~VW9;vkwl&l76Y$k7X(FdCP)B7=kOC~`pDfOLwaTlz
zfvBJap{KKQ&x7lVuJ`K}w1b1?{ik86?}JPZN?vb3G<6ALE$u>h(t&GVY}|TsX}!Qn
zV)^?hS>AC69n)$b$Jc!SdA<mY>NK<KZqwTy{h_mV#u=y&78@_!%qy1vm>W}}tmP<2
z>h<dq?>G^hlCvJqrs}S6dvTTTa2qNxM6jwkS`T4q^f4V+8JX@{o*iY{y<ezPRoF0)
znG`hT9d$0b*zqBs?>)UL$UO=l_+lj|(b{yZAm>vZPUzw8jiz;4nDAC?NWD-%^9)}s
zrtuQ1c3c{k50PtUbN73xzD(oNCN@AD_GIpOc+|W2Ux(m@PV!@TsqRO4tf)a5$LgOW
zzQyUfo<&KbZ#3>%oPP-q3$T{3`sYS%o2hhhul;9RCxOp|AoV>&I<E5(2jb6qXwbZt
zC_wRQy8Cj+Z$)369ABv8eZzwM21Depu!Ds)e0~M=^LGGab6%CJFu&-JYLh#PaFepb
zuAJcW>*m_lBT_)eEZVdZDAO^K>ckaxmJk5HUO59xeX@ebME^HgTh-=f>Wzp;Uw|vn
zoTaw$c33rCPh27T`-?|c49LTy<<Y*T+Wte7*u^awD(t_2BWbOJ=jj1Qzu}{=Od|*S
zJ$H_<rU8DKY|erG_?vt`%zvLk7z4g7`&_)K&>Sg~>t6NQ+*dlD<vF~&<HSL@1vSnN
z&J>)|QnD}g$6WA)n9Up=?F(7c=_@MO98`F%>H{dY7M$f8Lh{WH&ulwbGzrJo^!oXn
z+ebLdqwf2pf@obd{uu}IsUG|uv>F#@M<<Rc)aN;>F*oJIkcfE9j!|7lIrMg}l8?Qf
zN04_8j?tkxj}mS}wvF;szm9B^aAv%4%N@sFv3OsE_*1yu+3UB+n+<0^!ci>Ra;=?3
zpa=<P{h4Zcp>qCVBHIZ;^0sTEOKoQ%E$QO7EB|f#f9pu^LW1NN*6A<Sx7@2g96RK<
zUm+~H!Q`ekQF7S#$7tgXLH^M6(=bh>XBsO19DlTt>a31@%1N_SqlG1|$IreGo1iA_
z)!|ZL%DMdn62M=2v_DC4y8o398qS#ns9T=3T<}Y3$$wSJ$lq~PnX{C+(k~8AmuQRV
z9N}LWJSx1_LKvyL5yylCFDEj{z3nmAiSEU<`|*YB1unJyT%6wWp$+w7c<WV_PnuCn
zd|ukMD|Jh+OawT_&?hd$KplJ5!K4yYct?&=sS07L7B#(dGK0a;(0{=#w9gBxb>E7d
zU9zZ^X^z5jctP@3gm4bo)?^FU`2?fvYp)l95^qMYo>M~4Cy%c(hV&?4GoE~gbVHsj
zpMG#XY>9iAgk<}I-8=zzBK!i^zak#{wU%$F%IFX)fu9OWq$#%E2<S>V8Sux2Uq384
z6_T6>@dY9}U6%;Ai07kE7rMKF>mQ0i&V_=Zskc|5_Hn$S=@h0%;sK|TYb&maB8BG`
zLo)BKhDT3B`0<-Z8&Uj32`k2_2=!i(s@*v=?KC1Sd$$hv|F0Dk+AKXcY8Fx|_WW6j
z?F+d(1$yQS)40ETzX7#@No}V$-TFpu`iOC|$+Kop#Wd&y?`iEzw%%0qabA6kB?f*@
zq9FuWvC4{<Pw1#izBmaSA|~>Oe@!Xj9#W#i`MR!y0iVFPr|SYLHRmd?R!>AlDOVQ<
zPcP*->wu=KMoHFtiic3v%M+1}<gsr;i6fA(vtLpM{w&jl*w5vkGtW>tm8nZXXVew+
zzh`#H3c@C-ZmvWET*TVvtM1H;a3o&D{0=nG;8+}N{K<)bt060Nv%CN3$YqO&Z~Ock
zMWoGoSs_2ny|M0l>#^YleC5XKV=_NH^nyAzMTKoqn1jnGNn|)oqqy57D)wXT>YwFl
zHm;=+=ILd6ah~;Zs|9zd&R=r%iJ@;oLQ0#@M9{B?@kG$v0}_W_leh!3p>5}+i}qfa
zyzB@Y^qjs46tADUn$4#e72?=s3AeZPdA_K}+8K?Qd0?xy8J_!LamPtb&#LT}=e<B5
zm8}D_FDetCq*D$?JARgh#~#FP-3o<+Y&W?=o{Ev61N^wm7?WiDigTZ663OL}psc{Q
z4`h6&C(#H)vQFo~WjC|9FKH*=<Pa`%^m@5654E>hla&R7x?y8fN^Hmq<R=-v^l+m^
z&)n&XmoZ3`PMAob7T~la1*R2*O86O8ZK6mAy|fHCbzTEB3^+y@9=?agPJyQ1hiMYD
z(}_35|66;aP5@{T%U7Ubd+Z-Gm&9=j$Wk$owV2RYj7zye2oLM-!rdEpgO#<gaUI%f
zyR;%6cJ%KS1B7X0!0sudjyatJ>YjE{V<jz)nSy3zZy9tuh{x(^aIrvyjC36n2Uv8P
zSNIn)kixF#=<auq;Z3rN>fedQN$z6ZIipx3lS%^{Gbl;@8Tt+SiB0a)KhR(6@=Jf;
zdW=vRD|tBEA^7`_ys1ih37=v%bf~eMzeCSHFXCOb2`?57r0UQRvNt-aTy5cF0hK;R
zAk>Rxat<;F6j|Jo?1J{up2)JSv4HDV^lvy)rtbQ8C4CgYHNUblwexqGv)xK^SIVqy
zwtGO$C`CAHg6y_ior+AenHElWs_M%0=_dC`)VO3FQR{v5DGHmr0gR0|AsK-x#2vWS
zjgF-){A5NP^oTaHf(ee@mK;|cTcEWWTJ2?Fwp%(|j`{wJ4|aOh4!k#!S)q01(D3=d
zcwus=&O}$v<OunAXJQ+#TgWU4pW~LW8lr*?s8D*4^=YLaZ)`x#z?bG3c60A}ZRwHt
zqUHa3avj5|hX!PpD5<Sr&)a~lhd~`@SWbD?H7_XwnDqL;_7W^7R5+a&Xl+x+v~dc+
z#~eAVxF+(cmFjL=3Q}u#JA0FuFM#Qry05R8vCk)3&4)_EWp+)8Q6Fxev&Ry%2=IO}
z>V23<F=$1&9#3Yf+|qONr)g@Q4a;`2YM|9U%BuSQn({$tr+Na<wO5(ls`UOpdir$K
z<k?w5scop#oeqt&iEd(MklzT%h$4<vLI)9z6W9O5h=Jq$mpr1<N^lktl~7|_T#;-F
zU8Ad?`%`*fM$Mox$iG%_uvE&*R@W40s<;^9&_yS3%ONPGgr;M^YpLbE+;5TxwUccN
z!yo4A?XlwN242sT_Y`Q+7~*#-%i}wA^<96|QfWt082z37Cs=HT1sWpC!}Wku!gH_D
zCKcRP%-JX{%Iu&A8Du{GwQRc{mm$Po*)o^ReeHVHG6&_}A@~H;%I#DhxD0aqCO@Ol
z_|CyzPo2R(>@SuoTH1^tQ|SIfHzdoxjvb30?``NDT$ZnG$p8~b#-4qO_5ZJ-19P{M
zC3j)-N>MzgRO8#oe|9OKwxw@4g8ic1GM^4e&m4L$vs6-8t$_IqJp_=qJ_$SwU`39I
z<y;4ic^^d~lpG6ypqxO&CTZz`Cu39L-sj{?w~6=yX(uvBIf&)jm};70{A(l0-?&%)
zZocWVH-qMtB6P0a%ObyMV7HH3GP8aDm{C}+FI(O=jnl$DJPt0+*kt3!^B-+o6XS}z
zLyW89Up{rEAt5Ce=+|fIo0OiJs<1oIhv}zMDK~%9PW7*%+WxmaBy#2xw->%&k>`bg
zO-jI%rT?V^heQ!lNMA9KwpgiQ&<-K>WeYyN+E{pA=N;e-gBWPh4K*3i#8OxnO=5@F
z)0^uKU+{!H4nA1Xv-W6nXSpW9>RX!Ht|Rtjt{Srp*pO)+)5SRuftKPnW3okGPpwnO
z2Dn{gQbsA!RE4gvsEl$;Vr8uo9ryc=dU1Q?oYKFRk?PE!coQ{Uq;i8>Jq4vq3?34m
zxwW#0(+!mflD%;OY;l&uDOXaZ2J>%%!!w&h)0sH~z;Yv>PQ1!0qm>L&$5y&Z<RlJW
zsJcwwC+$YSV(<}1x5PAv4&BP~ZjOCRYeRW>%!*vx(Y(e1Xqe+KfZ@8~!>_|1a+G)!
z#Nt52mtvHwUSTxD@oRLg)^$92=i3|a^hVTkRa?GzBGj~>kX0%W*|doKxTmC+jmj-<
zX3!;{x|>U)`Y^KG<J0Y|AK>v-isk1!n}xSM(wdt-$mvdFk|XIhwyl(7=7Y!~G*G>X
zEmoo_DYaL!wvZNjZ^E`<6gt4P7ViHgPtW9^vK9qo{*7)mU3u|W>yhg<{EXWGT3K3m
zP45ZK9r{)vq*LOu<~{8<hfZ+sg_7Nm$3Epxs^jtuKKobZO@^8CIq5Yic7+M-#Uph!
zn|~UKfe4R~jGnaa62y^i$Zt0EOw-S^+YjDptyYO{Xd^tyK>}NzKTJxiK@z(@vCj#7
zFn!b2&?O9D&mLDrvRS-iKBIK1B=|GEg7oB@;ITV1j1~1}_DkBWtT4~G4Pc%D7}29c
zUpDNjUAuSnC*8;ml;+C@yC{e=OoH3w9zLg&wE|Z6Am2S%#TK2TOQdUk$_ToRh;Fft
z!(_Xrs6zN*av;Z?E=@MHDRebC7U|V~*gc+2CgE<%81ok;Z@;igw$oTixntf$?|nj)
z;ckDZqHPSGxiZxLveB&fWRuGqR=)9Qw&&_HR007EEEmE&E7N)ZWIK-WqV07Oy;e3J
zFk->Y;pwG_<;sG#8AwPJ1yn3`ri0!xx|ZJjODs}|56H#d7?qcwkGR?H`fl6QwVfW&
zOjA-x&}Xdl%haNtfvpyo)ShHSB+2UbpOe&YZ18S9K@N~mm26g_b?s``pY{;DxOw!+
zSqlh`vQhg(ebn$3)20}ax#;)<ZIdJ)Ul{5nFLTT1);jj?UTL=Yqkr6GVD&EUlhb$-
zSF~<66tkVhgOy0fZ2#?hhj_JSvD9-^lL=O*rP$)`E~XZk9(eVG{&THRo4!q1p({^-
zz$Ly^l_*jz+`t<ZNqleBifc59xqU$IV_N5vP{gSJI#^*iYr#>{&`Q+S^j|$;1t=TY
zCz{&9bZS2=MybykG~>ZO<vufx3UYgxay0OMQGY6r-lGmaEcxBHT(3Vt58krUc#zgS
z&a~UtxMPmu;eyl}XuHLp_W&2O`pwf}qT34m35d@o>C;6WcwknAd@hS{LTKlHJL#F?
z1*%%u+YfUtOJyDL0Hm>9q3Q0yD99BGCp^tQF|u*1jyc@YpR$o(eOg0N{RNhPs_3OR
z5d3BN%^#lLC<kt@sJK%o%k$zOZ8z%FGs}K?+JV#8c-bvdgJ`@3W42b%6|c$?SYi6<
zs~3{9LA)Cs`&q`4yPL^w`|@_<+?oYv=NEneQT)6Lkw=Ap8;}w3qNniz`PM=oFPhtC
zEFcQoOy<yMYcL4Yj*aGF81agw3cF#<SRJj=YSw=C2ilHZ=K8~}pp3q_BPuxb&VS0J
z)ZDJ2T88z|b*Q`2ccDK(rgr5+RoT&y!NI#KTkAC3`;`3(8a{JjQ!9TGiPKfyw88b(
zMcZ$&7z}r4wekZTG_1V+oq;&m*%te%T9~){l|ePrG~M<|c<EAjDZPAzO`wx|zWHr@
z9anQ>o}ZJDQ;S?Sw3)_vlB#GnI`>X+b>tWZq+IRfVOz>N_i-^V^)h>5FucVEVD$vR
zptxZRL~hN`nHMMtm9!Sn-8+|dz3DPNMn_<T*;eByEVGhZ|74?$Y8y9qtEho&T}?R0
zL%6E2UTXe!wlQ!Gu^H}Jf9!623b>Da!;SPlcAwc|6H$Wk_}g}{FDp?k2<NiiBZ-JS
zcLxL}Te{hz77&7SvU?8~AE~-a-L0%l&oVA@5`+=J;WrdZK;=To^_PMqhaU}WxiZlJ
z`2_WEn!Fd?^43@@cUuDAUO0GuVDr(k%}e>sHI0L`vv;|Be<WJr(fBDv-MQcer))kw
zn4WcUd!*uKmCn4@+n1|j&RV-Tdq#w^ar!&CkaDg9E-=qZdW>iNs<UmiK>lIn&7ZZ`
zdOcXrV-z_kx6JDH{MYo?8K^tc&C4{bn;pE3Kc|`#ub)CMtMmBarPwD-iSsrS6sL!%
zeWP`=ZO`ln79uAevdE1#&HJ#5eXh5#iVx+(9GaYm!^p@N5-ZMe$5n1b?tAH1`|>2C
z#iEW5IXtktHKPIuVQAlq6x+SjdFc7`u!Hy)Vv%6o<jeoGF)9*U&-PS(Qf4o8%h6!f
zB@p$o<H@7VQ`t=C$<5@MnVlaRGzAsMr4CbFJ1=m~ot&IEmnWq@Q{<B?$-=j#U8cii
zr8FQjV9$Pd5YG8>^9tUlwtW8{;bTkrdB;=_2M^nRCwUe6v7!20FO*Ul?Lj5#*ga?3
zJ-^g=@sWMLTHRNJ_b*WhjZNg8d+mOKekv2VDK5WveUe$z4?^}hcwhTY<||uNds~1x
zC7GT*ibvl_*a>jD+s0toyc>h=oU~Qg;EqxfOsx%ZRQ~sO`v4D1GUQyzv@W&(^vVyO
zzvA8Y8YxV{G{k(RFHW(`r4lNO`4Y4LVc<37C0=2&hl4w_H)f<!M5e&c3<#e^Z`#-e
z;y~6P=A@hhk{yJpR}n)S28ItR>)z&$zdtTjSnL^>4_@qg3@Vcb3sX_wwna(4Dj^k@
zkDo=*L|`(FD94viu1nVTZ*z9U>>Y|8<3~oeJ06@Z>VH9r$yz<VEcb;$(7+;zy3To8
z*tWVS#LDTk*kH#i(o&)<mb%03{?E}6(=&|_Betn#-V6#1;d3=T5S0v(0p$x`hdMsE
z&e;=pDK2M{k*eizT?$sxXnsjZ%qKK|AS9L%2Bttllc0CVAxi)F>S%TqKXJeO7EiCy
z{B3Xjfv$411EpCqu8;u6>m)d)sq@F=e?7(=UnU=meha^cnCm%u92@^%?BAE1m|sj^
z#Ds9kKJ_~{PK-*Z-Hrg|n%ue(JP#!>F(hl@#Xp48|M+6Wsk(2E6KPQvM8u8#Rt2Ti
zeYZiYdr0}51YALImj=*cg$y>cowa}}i<MwmxJp6Fs9vcX%r9JKtc&QSo(hk`PB`G5
zaf%9-4gr(RJ7kup+1iy#=dn7E4YRiY{=Doe!{LUDcThD6?NtX{7d~xn#~5U|J`G~$
z`{#~Y`TzPGZX@?r-EF~wRZ}~u#kDNYsqp#EKecBQJcCfKAyP|CF@eM8>e~Fkz*U3a
z$Mh<jyJn=YxVzuNxGb{1cy<t6Y<08U+N|Zhec1R;{PdpK)hXT!F$#uHQ#7D&7-9Wk
z99bN@SHVE7o3R{#hQA5tCOytXoNbj!OFi^GgXVWcMtwbhu8~CB_bK5YI?b;W2=rH#
z-?u);X+VYk*XY6UmYHMo46K~t1m+men_ON1dUfxt(yId|)pz<7toQJeX0lo$8nhYI
z*Mi>byxS&ztaZT(T#_6cs@sL79c$+X<;FbM+KZ}d%@3O(Yd?bVHl~l4Z9hCsW*_OP
zj>ycDe{K2gLgWBf?_3EFsA99a{L6rdzP_msH=;FzCmoye1g7Dmt<-NhgPx{ev59ht
z`P-J|ax_|dw<*r9iO7TE>%!>fICdu#S>BXdI;<<cwUARATtiFA_-YXP%;PWUrkn~|
z&Ah8-DKuwGDIfG>eQeWiPXc_%l|@*ZnYyJpo1-};YyG=&4t`?n4L@C1?q5naz6giY
zUT&W~|IJTfW>8<4wwr?nzME;go96mD@dWg&y0*fg*d{N!<4w>?5`$v3(YRg}hni)X
zCliSk_ILDTixX;*A066V$Laso&h|-n^c9d#v`Lvbl{?q*YZ`pUSUq2)|FHyHD@r9v
zR&@Ni2k4_C*L0R7Kjpr`Ky1=T$eG*r9Cda8-RTn}f-_^tmkray%{sRYm&Y=$zcpea
zj`KRqVWZ0{TD!_s@dyqFSusv?_2Iz``^iC?LVb}~oz@X~IpZZa^!;*%3lm1UtgHFO
zv*m^CJw9(A{U=IhRH7l_SgPIco?~JVh?ap5@9=Eo<b8oOr~u^q<gQ02vGa<<Cd(?8
zmJ3T&x{AyhL3jJ^17`Q1O^rS9uqEVQ1syy>1ml&m(dw;9|AM4zO_LCAB28UY_$N)Y
z-ijV(h+zx&#6m?=mEF+Ao~nNrVe!V-wECQ(($;C^^Aur8bo=3Nw~Vyi?!{GSZa1GA
z4KsIzsQ@STq%u%^QuWT^vOcPv!Y6+b3mXpp=4)m;Yi9H?o<~cSIft|3x!*mzFVh-_
zZVniVjWB?%{{*h*z)RJIt9LBa65T}X3hC}F`mHC&jrIZ+dF@ydbfp>V6bOuUd@bob
za<*)C$tH|3TaE@{F2`mjt832z=d^T5s4qb7gI~MA&=jFmBh+1m2<=e7o@2TA9jrV|
zT9f%o^uC3AMb+T!L*gil)b~%4x18tZt`m4E=Y@H$mUwCcH}<Pv9nXIu^nd6ZeG>Hb
zbXG#vY1FRl=%dr^H)L0T6;ifLRkE7Cm1y9|))Hi2Z+Pil%D-3Wvn&?4zXk&D{k^nH
zwtR^GE)86q`F7<ce|W>Pq0f~~=D0p+c}NZ*mt2{LYc88TpiltRX0F&-Faku|(?gS6
z1kz$U&UzY*!8uDK+Y}WE(`!iJ0ui&T)Uz^(Cv-j}OM{`skTxHh*g|I;)-J}Kx57wS
z_KQMzjzI1>GQoYQgTI|M&ha+-OTlT)YQM}nf`uyRAv{r<1^SjOZq9o*&;GOYs734y
zVd%)^!!1X{_Y!6<C!l@T^8LFjk1e3XmIFn(bQU`T?&I8<BH%fkn2`zrJUJ4kM&9-k
z8nYlC;vdf3ldvbo3XEn!fUh6C47(Du)X9GyX%_bMM1|93=mTDiq5mX5>+tn%!>GsH
z+yiz;lX-O+vvu}l?J3I4=9N)5n%QC1_>f0IjTfhG^TXBcSMpYEyp|C+lS`Ey8l%IN
z!c%0=rZIPcBI&?VMXS%K!Nbu?lUUB|rX(_0y1=o2c!16wlvFsol1qrvWpHOeq4QhQ
zzBB5xKt=Fd7e>{3y@I(!!tYFrdp*=u)gpH_*<`Gr(L4VX{6CJ)JDRQkapOgmR?&%8
zQ8jC~)Fv%0wd$j4l-jjt?GZ^8)f%PL9x;lly`ok^ZDP*|LJ=$WNFwW(@9&?SlY4V=
za?icF_x*m}&+~eAU7YF{c7<LHo%7k5To?)ql11%#B@R*UC`C*&RVadGTRVAXypS;d
ztrH~S_YHU>^54$2fMXWT#V;XB+$2WalVdgTPH1n93$Q=y!-RBd5)TNPDa1lfjspbz
zpe#8-=cYkFLz}uKF(EHs6W-Vu%@&d&-cCX{k<PdMoaAd>Te}4AmOo?y^Wg!hTQc>4
zf4x4iEMD7G7}vq{n)QR;!E3Z-dR%L^_Wb)}<}KpdPX0bES^x`-nU-#yHNA3gUvF4q
zTn7H;Q`*7nvC`*vE7=-ujh(1yem)l9j@0wizx7XH<@8y}mB+}yFs$qK60PN3xV6a<
zcoL!2o-ALJ!vY+gfmho(GKf<moX&DumCDp}Uj1S;9gZBv$_JSPQtS@NVB6C-3QT*(
zhvW?UInF1;*sQUZ_Se;hFg^xYe_vK(hM6#ISw*}%oe>t*_jh$1_#ZtCc#!KXs}=i6
z%ruP3(I%9bdAxYZ;<n4mQmzP$P7I<6+RW3KI<4tz&C1-~Lv&q1g{lLTjoUQ~!=J<A
zl3pcv!n_sMTkisM*$9|@^ha;}2WMEpjw`%2Gxzr2pvZ@d=K5TjhKm1dA0+BH!&DE}
zXJR&r)EilW0n4qA=lC=>jvO(W+39?~i){Ed(sH>Q^Qbn|3VUgD)ISV0!XB?XXIK5-
z)jXlnmX<IOylc@<R~l2{#PPzt!2p`U-%@Ju`0Zq&<n0VX2V$;Z>*~Ilb5zcNOwMSO
za6?Y-%ZVcs_V}avTGRZDt7yTNqlfT&7=%h9?)8_`Zj#g4<J@N%QV+{}IGYs_NMM!s
zM`Zi2Op_!jl_VE)ZJQez^}k-}c9<=FIW!13>e-rU^m*YU39Jr~M1)^zBS$>?)S&7Q
zp-DfvQQb8y+OI`Iuhz_Q*TP0zoV<<oaqNN_#W9&O-l^UG(rWr`O;-`2KTbV<r%b-$
z3`(lna6S+n_5~)w>D+bQVi=M^9$!yoy7*@_`DAvy+?=xe+2sSim8%_rzCzvtR<rzX
zV#>3#-%6~f=p4B!X+lJln2ONiVhkm|+OjJ7pC7iKN&+(BuV|Sp#QE@WMN01=st(9&
z{}=eum(3A>&6Aw==lVIkER*LMp^Yr3K<osk=T`Hp6kZH&zdejqaf1+F1+-)r&*zf)
zIKo_VJAQvoP*0dG@U*l%K8uj>mXlwNt+D>);UxWf$u!rEH+v!Mx5}#5o61OI@Tw3K
z7r|uMBc6EO@Co62%W1uXNcQNrfH-v{Mx@l-3u2k7$iR72Gh`9#g9&EN=&326pUSuP
z{oA%cCwuC&X*hQ=;Z3jEqMh*P!zU@!mKzyYuuQZSIU}0J;BhiuSMT%}Y@jT<!Lb>+
zk@dDEL%Xs5CX1p-rLpcoJ16>PH%|P;LZa>%nV5ylpI&;hAbAbBS+gL?j9`gEGUfbJ
z$R=c`=^k92?P*a%OfLQuOJGy2??@p&tLG45Q{A?&(lR@SbGkxbC<kwM(z*!zZc=}j
z>{R?c6TgUFNX+$25~JB;KF{Be`u^D)R1saIBcdLxI|ko&#clFF|0jOI#>%-qaKy1b
zV$^q}_y&-?99Mc~<K7*nGp$s{it3n+JDs9ec5hm{B|@&XDFHBx*Kw_SLPWbPR3s+V
zej4un<KJ{pU@^~ZAI2(YrKCgb(cs~IY#I2+y{_5O+cR|ayWw*oa)D;F)nSLi`-pHl
zTDs)+*%3S&>G+H&zj@P~_uawRTv<!%S#?&Ug5>F0A9%8-nS~D~!n-cJcyo_l(yLC|
zCk=w`W0d3ohD+_YsBvSeEdP0K8cv2wSlE`K4<ru#Ck`u>NBX?J7dzB$VfVLUDa;i=
zT_6~3xy0`;w8CJlK;*Jt9g(RcJuFJrW@<MBVBbYEf>M`{OXvFdwzMt63Ya!MAMPio
zboF>7!O~?|@Hz~`SimiaJ!Zh`yx#e<AjUj0xT%pVgV9Fr`0Q{*1$hIFzR7p}q@#pZ
z>$8fRzsrx3SwO&+aUTQ;TY=8?I}Y-77k5&qa`i=<245KJg`kB5Nl1*~&M(kmnjxEv
zb67a`wsKLkZn9yVL901Oy2e}pYX>6ksMd6XK~^v$jc`^c<EJ>=6ZA`W`%MHP`X_d^
z<0sf<2}|#FWUPLc`ruBa6W^9);Fkur#CBto&k-pOrKJ<Q<mDfrOKTH}r-wKpEBr<2
zCOycxn~=|y2!}62ZcU@mK~+AN^D6E-8e@)>2V>#$szhuUoGXK52O~oj#Wb31T%>;)
zLT-3Zd0vE38JB*9^1(It3$fX|$?FvGa{Rk}hnRWd{YnCLaOUdG7C5{4KsJz+lfyzJ
zVSUv5kzCgpn+S7;i|adzD4^u@UfeCZa=O#3ecx9WyuHr*Os4GH;a|n!%_61~OU*x9
zi}pT+A9M1F8)*`A6(fZZ-^(?JuNP2dX>+h;hm=b4Xy~`0Ne}0ik_k|-kjy#cu+~p?
z<s9xD;kMeuPvA}VJ~<2$?CJ;DZ{P})L^&c$J2xDvjqg-3BO_0N9@ZK{ABdcfQM$ly
z>cbibPtp`edrX$O8El@3+T?v7WrsDW<Q!h=O!svTR-XvZK%_oCNT9(A*qTF`fYzYD
z(g8-GgMbKcO;NP6F`<()EZwh}_G!Oa{7~wDpGnHg$48OXEWp{ABP&la0Nx(FS4dhO
zA~eg=s-+v*f`3AoIu$O$0)x&8msOrT+Y(wdI6Utv?ZW{&&DdcEGbaf7Wo1huXI&SY
zs}GSAIN;bR|Kz~Rt&T=@G{^j<kfVR&2Xl7!nrXG&9jg?sgJBq|v}Yq}w(~SF;6Fwr
zegD$6tllRjXG}J`rktyMz(btkagWCf;wSGAQMA2)&0{>YxnqdY1{pp=V_=Inqcf``
z4tN7GG)O91V8s1San1;8Za-j(L4XIk&qZLAzqc`HX2XeD@QHm{eVs6`4c))l$30>e
zTCzFvdF2bXL;8upK?;$_SceySd~a}4RVNSOM^Q&wqJDCUeKeCB?z`k-CAX`X-CEv!
zDdiX-Z~f)nFqI_-&xfB=yXC$Y=O82>{<GX%n)32GbvxZ0oww|O9%jI(K^=QSg-4>A
z_ihb@3cu=-V07A5=4(y)cYh&e`L}_?dvBjF<aAzJ;f3YNy|GHens&{;Rq97+K49gW
z*&!j<Y}DS>%=X?{ZusleP9AlTbyw?FjJ&6ri%YAt=X_PtM)?iJXa(XNpD2~+)bfR)
zh+}9(>)O(V1AE&bv>qXJjAPU-tTg5rHQKIi(qhMQ^|-ZIRug#Tyj8J9ykn$hiriP+
zakoRY-(f1pHM=RPk>qDbvWP-5AXaSfb14mbc@i}BQO~!y%TlDisZ1AD9X_w-BfLdS
z15#eT{u-*T_wlXu%H+~=n2CHIBCILJ@v!!}>V%gqMs3+4CPf|P+I<ykxv5u}L`(p!
za7qvXh|)^+K$9_fma3-uNS3SrJTL55$U9qu_&D3v!G3w-ZE!6rJ(_e){a7jX`2nl)
zvJrTg-loeM9kuFy-ITRPD=%A-Baup1K}ylwP|iyKeIUuZ1J&&Bd$Mo7v*dFCTZ1O;
zmc9W|c#bqx9wq)4J_48tRX?`wBIrkkNq)r@%!Qd0U)pJG3PwaabYa6KnU%imaT3YM
zj+d@Shg|$i4_9O+JRadgZrajR%d@QX9;VYjD}@RGZ#tMDWSOWtLc8#NbN3y>)L~Ss
z0x=2)U-m2F74JU1v#H_LBQ0dk+W5JFy37vQ-fQy<;8$}5r6BzGTewl`0xzEmgt_T?
zpTx~WpVv?M7B?K^I3Fsw`!7+SNi$NL_eQRdBoXp|jm}(fU+x}LAKC!W7$u6WAN@y5
zW$*n9X?NuwjoXIPPWUKsj`JtnCc_S3^R^cm&h~+aDdNs)Y-0HHV}u?wV>1;K3=4a&
z{;FDD%NSHH7En!?Lrp=Tql$9RscP3e+M^mjqhkYw{g{uC0GAIuaY7XJ25EfX%{ZZ(
zkNrxUqPpz|nA$J+ll27>5^s!!!hL318<)8$f8QnsMM#It^+~a<xAyld(8K=PIk(|;
zO}-LGGHGq&&C8be{x%`se4{@|1#h&Kl+(bp{E{O(HU|W@01Wp98>b(%ClomYUGjNj
zl?YfCS6c!NPbD^-6(&|au##VOF>@{v6Lio4$iCPL*vHjo%Bh#4?4`bW$?T`T6GVbt
zGkzu%``U8kR{(j=Iv=fC#2Do%^FxlS5($J>sSh`@z3Uzt8tVNEz!}b*yd^RGeti#B
zxP?9KyZ2)Rb7&J$1l)5F-;7_P(^+a6K7AsLwA|)6U1xA&^Y28FU}xjK=UJFHHgBLt
z{fP#gj_zvb`9o>v_h;Zt`Nw6_9zRltJ=`H8VbZVX=4o9i2Msk>C#HAaXJFKcIvG#s
zkOGk%3!fjgMQyuVzvF7f`&+hVoDJM4e<O5bmH1$A)<1}F_iBptd5p*A_2t0QhMJXp
z2q0LBB=97EyqS6&^!v3EJi7SvW|V!3mmZT18R)!d#0)FUJd<}(g*g@_sv=hT4ASTG
zw*&Zve?h62Lu}r$WE-|@)NWN_7RrS-f=`s1=rUYIXSt`o4S(nb@$G6EUe#3J|HCl@
zzM5N<wC1Wf_@ne@;*XrTxQVm6N#4J}jD^BnHKJR~6U?~n7;NOK@=%XO%dNV%EZvGH
z-8>CeFa1IXyK1znydLFt_Ft@=(V)?fdo{#qz6=f2B^t3@i~RdiL!P^30~f9NB(;b$
z;k`;HC)i4FnN5)9S4y*)|NH9lcPsAAR{xo9OV%(@I1AAz-w?B@o!x+s!RN*91DJs}
zcNEhhvEGde4K*&`r4F4V<bf$_V18IgTqHrz;*N{%hnj^38zV*wG=>9eaha!R?d!Bf
zR~ystDnO%($=p$}v?Pu(Mjn23#qzvTGU8aAO+C-3)%xYR!=AwJ8-A8?PB_b>!0b-m
zpLOe>nwZ!Bdx3me!c0Tk3m*yJT4|sYsq+7)xP*2fGv<7S(QxNE*jC{*J})Yr$mP?W
zU`otH>u@xg36_P*2?(Al8iPn3U_Kc(FW!-60)A*xSxt?Qo@KOF!^c`JpMIo0b?Y_p
z@)-xc9kV+h`})AFy?*aDb6&Xr^s@bti~76j5(-g!{N4bQ=?-&#;rEF%n7m=9KNf<M
z{^q|fP4doY>MD~!c2rnT78353^vs{%{X=20vG8JP&GU#Is11a@nO@dY({DU3j+HgB
z>KL>^{k1NXW7n@g2YP)c0AFrsQJ$IT9$DZmC6~e{KM_piut>ah!v2X<Zc|rmJK{pA
zx^p)M=XoFH)A%cnsZ?jjo*Vz5+SN{bLN#<$u2eQdL3<AIIW&I5+V-^4-43MdXZ+IY
z&7I?yWZ|PkQ80)_C9W?ngJa(Nn>>yigl2xcJ{#*R36<t-qIS{{(5=n8O2es(ir0FB
z^j&HB-`Dpi)O*xD|IvDwiboWT^ZNSx-Z(M?7to3ZY1+qJ!RAh=SbUyR2Ufzvj#kTB
zI&W{W@n^Pc@vwr)`mmQH?RhZqTSIN?RcHGtoJXj(SX0xnTLIv=#oR5GFqH=`-p6Fc
zgEQ5s#|0TaQIjk=$uX9~{(#gzFfrvfBDT?HCx}16V{^2PFKJKZ@ATpial!rWt&PHm
z?S-)%XUbcpFSKbdevao~G0F6{FHE5|460Hq-)EkfgMC<`V((dJr1##)U2xbZOL{Qa
z0sW%Z7k<t2+?y?Pt6Bm7TJ+=923NSQ9Cm5UlWRKgnDC$X+P;E)F~v~Ni{5`%Z#ISX
zih^%;uN*=kAKQI@hI_Qy{d{z!;^~Fki>vL1!IjM&F3*RG)0tbJP=^Sh*YT%0dyTz*
zE!zU0sYczzm?Vfv0;S6V+7sn^Ea;j&OW#F($)YC`pD?5P3!K)dl-k5sCy*F>B*kuH
z{qJj;W{CT9kRdl1R5nug(dd}zJ9=R6SZ}yz6+pRjybjTr6_+y<qOmGq(My@bkA4U(
zTd%7xOZ4OUi~4d996P`0$9D3V4Pwsim0;6=M~CW*tT`1eUst=;%ETQ0cNBn#6#3~T
z^z~?On8mo)PGNB^b*doA1q}3Xd<wgHideld90!Go8@XUTemZ>afWW$P)nmhSO$zTW
zZWYNLh|$ET4b(?tg=hD8sc}a)J*yLS4<$Kvb;I5+ZN<dQSrIOk$6b2KfZzB8|8a(Z
zf34dSKV!n(?o&0begm&z)&6LNPv@8^x%lWR)UJ43UXb$kw4XZpiMo0~`q3wGVD=FL
zcdrMC#j`1)Ok@7bGU@0K)|whR`&DzQK`x?Mw?~;(_LoF0RT3#H6bSq&U%vDqPX5**
zg~7!$;jf{c6#7N)(RY2x;G1L8CCnipDpNx+3(XVp$EwpGPv)a_O%cDg{?X?fc))qh
z>EC3HNY*F(Pd?*k$DabtT$DKGD#5?nWA7V}&-{gE+4~@K>+|fJ)|QEd>b5^l;@S?>
zVG>+aHgt=&rN%$>cN<qObS!1IFn3E~izU?L{x2CRW*7etlyH@k&Wc5>e~|Om>U-xc
zSCA;ZDdJ>t{*LC8RPTF}^LE^uTlt({fX9>{r9q{`B&O7+?`x|;*?S=YpG*@;I`*?s
zIa?Ou1NRgAW<DNXA!+8!Ym*<)db<-HpQ)eDEzYZ#`$623x4PVx{a;;+*><|1NEX35
zp_@^O)UO_Zycu(l?ew09oro_{V!{BseD`ey?}W;u(R={KM<FrdU;Bp7(7nLo0qcJo
ze4UW!Ly{keLq8c*l6}(HPQ9{hVoy3!0K7_BetSkqWTENteN+ags_JMo@w9Fr?Xi`&
z*i8VnmVq1+#1bYMI|9~E>z<OSj)tc#1WlqvN0^*Wk0r5yl!bJ6&kR{sQu{O8lAy+e
zuscfw-#-WOtHNWMvB(K-k8>KY=$X{<G{>2+jiv!~zEt{-!RvXejK-VM!IjawYhm?t
zpuAfbrIz<&-l=N8RnkVvX&cQBe{EK5k@`fxYt5X-{mJLa^%67fh6|OPTM<s2J9ZWX
za*$wJZFTfGED>j?!)?CzQ|%V!)!j;g&mXr??8NxN_K><=OQ~%Ye#2%LO10J|N+BA1
z7gy)+EXiIM?cI0~{Ben(h3r5k6t^wA|H4c(J{{Z{?zD}2$W}Fsl4y`_=EUoGH@SQO
zz?Hh~A@6QQ2~Ydl`A>v)Js0g7?t<X0em}nQjw0-F%-<P^(`H`Q8(Yv*!f$VmFdx0L
z`jVI(iKl$ARkdz7ok;R`p-5^fNAEL-xzbdr@ZK!jdp{B@g?R#8B`FLtg-h;sw-%7C
zYu6NDB`S_E;ZPQVs>^4$Fvk#IbZX-(>E#byjZ)ytx0eEjU$=A6sT@NjD^hA~vTk*c
zu-e=Ft=&?~_plB@{?Mg-+WgB><i}dJ=2liACs;5oj?@T$*@uH+3~@^;I@LGrG%23|
zRdr*wJg+Ug<s90tX7+6@;!jg5pzbdY5)vE)G<hSg?@zy{6TlsF?0W5YrF<egnaA~z
zwPdJkPX8XSCvBY<MtlBj^Qs+ihbmQ1VLX$*a(meU1j$WK$#L>HY|?PCDy5R0OdjIc
zMXVt|1LL^<!C5h_&l2G&S2FXyb3kL!eT~DK{e&!rWc?}TcI(RsO0}i=?P+wMHOhRv
z8r4nO`}9s3i{MLHV6o<WM4F}%EDCdXzjzy^BGJ&Ajgs$@wsA2^9c^GL^nG<(Z#gnL
zx&xsCR6xB9ZSQhlU6nRry@a!F&0zKC%=%wSXPT!ryYJ%~K^8@HkKf_o^}a@GuWd!L
zfxv=to=g9AHq6fT1pm6ep_3fs0LrS(CL7fDJ?1KYVHz(u4%Yj4z3+F3$6M(aKE5+=
zH6Q2pjDn%Rb<b!J=?wsZqF{wJ#fJA@fjM@Ts3n~5tD{t-x_N0m)@skUgoe9YBKo{(
zVF>%zWYa)HZQB_-*;Va+k<)CH=cCG?C-2R`zGZW7v>81&(audr^8R*B6eQcX?e^=6
ztR1y^eY^DGV;ZGrTo=^%o2TV5wG&lh^#{XTXhrB^hqO!mGrfj`;*avEr$y?J%UL+S
zR^*<h#}L;I>NXDQTrXGQW_wzw%6{!n8ys!Fw_k8r;)-R9CAB7K-)&+#X22)<od(7`
zCrhwNHtO-#xQ)0@|GRMeg-GQsXM4S;`;1nAn|j2;+qCYIv>Ptv57eS$W}mU*c~wTO
zl={D6nZN>gg{&D+C@}Clv0TE7|NB0k4Pp4OlHYp?!Kk*iU^@AB$$zY6X<?Y6cd>42
zdiXCrT-8?LkXXGu6e^<12cXi!pgon?8^$Qhy`4O7`O(dU7_YyOr9ox=M=WVOvV==y
z?E;EJ5k=ry3fZ3A=U4@H0YzRF{kf)MfgD=duM8@azmm1DtqH4dNZo(Zd}#OXE~ZLb
zx@Mbd>B$W!yNdo?i^0??27)-trj55b8Wr=G8i|R^*{nRl=JdNo?m+(4W)!gZG~rIN
z+Wde9m1<&gi397D>-=4E5c`OXnOio5h>cTYu8`Rg3;z~9<i4GNqt>ib2yHuMlY;J6
z*Y%3oGK}EJVN+fMXoVOOB9D4ds%w8EFzgB9k!`P9bGAW&Uvr`k=HZYsmF_K8-!A1n
zh4svK((CL&qhonr3)4ZvIP$6d(}(!Dte`k^XD^Qnqo$dxdazZm<>|epVe8VzmFYiR
z=iZd4G%9Fs0p2z|*F<xh%xa~FN?k09Wz-V3$&g+F+YD1-Kcw|02$MQ`1h_lqXY$<i
zHN8Zs7#Bv0<@#GLt4Qihh}0Lav1N*kcJn7{xzjxTI|n**Te<_p*JbfM)#Q9Q1Kfo4
zx_To&{X@6ViFdL!7rm9}Q|Sw$qr*EVTDJx`-J~n?MtiolrY%pXw6Cxpwc>t}-0o}A
z{<&!Fuz3D8EVN!C;K^VQ34N^OSoTV115h=&C5}%#4nThq&hrAsHGYuBRBr^;7Xuds
zxLKSQPj+NBk_beb(K6lBxK^YpC=tmqxoxce&i9Q%%25VuTUEUU@+*n;?pJE>4cXsj
z$$gjX7-j(4xa`1sKvHFkRf!oQ!%r|HR8?p_1YrocO=ugP@s`;GI?>5qK0Yy4HO;;_
zX-~CYc~7PHLxoggFI$M;lkRNjbxB5U{pFLtgup5U)>E%zIC|<pM{l0bd1fpt3<$&X
z#SYtBk@PScHF9Q$<dy?<+Lv!1);C-EAx|>7h!mU?o^&41yzye<o3PclX9f0Gf4kx}
zUzMVlN9jH1tW~t%%4;_#B<9~BQM>RdL*b%IaxOJaQaG<KRR>b>RYy{Pl}|LD+6>-i
z4|-WV5o9iPm*FHe=$Stc1@#f2PCE3X3n=EQ5&jcR@0D`6YBAK8jS=Pk!#4b{i|hQv
zlmh4c&{G%Xd{gP+ve@nC0pe7!FL^V*?(v!%{o8lTp(Ab2WArzaH*Qb_EPtK)dh<RF
z4oRaevWkU1kE8MxpUYY$f0TamXwl^yjvg_px^0s2yuXPnw*9}U`-WR$;S=}q;`nO)
z-CZe$`RWk6`X?oFRh<tR$`#)lcbgrd^$?9A?IS)soB>7!<&o2a?rU!CS`&h?fAvyg
zF`Xx*Ybl8>^9OFwv!JxjqDqWU@<ubWb)9M@(Dj`9{tjhWw&<d85+wRRuT`ObO!KT$
za^rcuQ}cO6U5<m)dbi0rsmS1=!U6mVb%#LO?*U@p{iL>AJDYoDWSJhot7k=o5=QpH
z?LWmHJ=Eab{js_7VY|@RwglLkO-_;Vj`4I~wZS10nLpG_E;Q0qOlr^FbRdJf$FBVj
zDm6N}ISy`h2URRa4kf^nHcLPJNIc45M~FhRcUNF}ROI@&+lFT{GUSIg-+}HAQ<{UD
zAY|E=bUKhI6kT=AnOtaXnkrTyV7OMReT$oFUe*aHfw^yFO_B?d9b%op9`t?6Q)rdU
zhP13c&k=zyBQnpFLp#i6QpgdCEs#w6@fOZm(MC@UgSqUO>>b^ysw9A9Wp1*$Pw$<y
z$#LAVNE`_YeLaAt&%r*d#QM0c65|!;vyq+kQq|E51+xzNCkz6Tx1r4I>*@np<NLxK
zZax(w;U*?6MV6U~`{Up4^tv4+sEmFIsWAOQx}_oS9r0^FbMNS873{K~v<#WW^6icF
z4F?qHy6@g;_~jDb6tybuGoP%Q6{wy}pKI6c3w|f`-$xD5hU(-FtPbbd4)8KYad&oZ
z_D!+f*Zz&QuNx_SfD0ICais@aBe6Wt;qOmN^(&>8cOy*x=${m5_X#h={4&&rRf&0S
zP68>&gUTI347`aE8M|JIy_&4nQ|keV61QZm8GQT#$#xHK-P?CThG@o&aE9|C*1|KY
z&0-HfBwqB(S#{u+DVMrV_A370n<Bo97v;~@oq+&C4ys73cvGBj40XjF{vE%9Amm7Y
z-O&rpS~8Mgaw46WLZkXRlWnt5o3Dm}B{5agA`MI*jt6djqRiZ>z1+`I7$(4>g<Bo9
zy*SOhJDid(kjrr^_j-t}4igKH@*0H0Pxd^}e69{E0?_Vw+Wr+4b*E)KqpI4i0Uhgv
zTcc>2h&eaZrG$8_R4>jsfz#w3HVxnXn4T(me$?U(PlsW{8P4|}kMF-qvHez$c4Y8F
z(b6#9TJUt>41=GHwrwB~kTD3FW1<~rt;r{)k;Ctdh^%);kRhRr)nA53>$5a7@NZMl
zs|l6xDG!!Axcf^r78*JhB+mYg3QtGys(kx<;9GmoTp<-R%=idm2KQTc;oNkF|Lply
z&{AJKh(<|c@>UC8WuQ=p7@VJKA5_wz@k%?5!Z`_-a#&3f-3lf`@D5&C9`uzfy@_wH
zG&k?Z>=`3&Zw<qsso^>fnBr=KKnR6*y9@JQ+dNsJKR`g*?1(E4s(k-vV*CBFu=Yg4
zM`RF9FH`)WUxzAM`imFyaBMpEv#`k~W*n*sk4{|+Yt?wiVR%36mSV9&qg$;nr#X6J
zI`~rOBx9a|R-Q_v>Qsr5ce(Dyj44RO*gY<LOB~K*D6jVbRyqr<+jv2(N26bJ5BGjH
zodNa>L!otv7X$H)zvd-d!<H`O%!OBC|Jw4>6Cv4=I&S;$PeErYl~~h%0YK`sI&W(*
z#YBa=7;}34z`pVKER8y!#x(EGAj#73S$keTY@Lul9qF`SEKN7;yi&edgwKC=HxVp&
z@VDpD@?l~}I><D8mArZVAax`N69;A@^Q)=yB}~d4^t_wv1vzYUa;Sxvxp=JK=<lh#
zl4z)0$N?<d|Gdo%qegqz%Qw`S{1hkw-FEGL1TP<21$+XqI_!n>%3}4*{CWhE3EGgb
zu#d>Z+G(GQm5YKIWG5@MVAxP+5z@IH-9s{-8KgXSKQypuK2)R4eInGfOjDr|{w%oV
z^<g8gHQpV^wRMDkoK)f;o_Pm5f0K)zP13hSoH@0K52QLIa@jO@H9%E$avD}$&#E4i
z!V3_s&v^ZY^;y)S{^W(x^^mB%*s>#2XwK3Z-u$&0E2gF8`3;4#XS9+yMg#&4t-CiL
znd4<?#*f<?O`3-P(R;^)=*}_?RNcaa37vYYZ&09EJbS`-qvaRmf>brlU~%~4VaHI_
z#sthdFRoRHUo#c#;b=6){wn3iu&?zt2-*DJ#1fE3Co5cTV97nI;xk4AN}$=ym-;Ll
zxq!nq^R|w6zp0A`YA-x4gRN4&o|m~hK8mXEf!dhk7>GiX;)#AK>}~hj<GHC}V~&Cq
zTDHa36D5^RoJ#i5R^H<OsrpHKPI_#+QgdqztaQkH8RTEB(QkrwD7#u_@A^g$+?Zl(
ztLF8kfb*wc%~=+c*cN^0{28_`)Oz|V@Xcn{jl&h!RAo{Fm<e}Zyd|^*e1D(oP#XbB
z>)w9AopElt%`}EKjQv2E^Z6ObR1mQwfvPBv{=ynzqi_jSd71PtM4ai>KjTWQa;yN<
z&U}Im)7CE1%(uc>>qGpg6za&`nuxaKVqFD<BWA$5tM~1mnrH<!)Cst@jW!LZ2ax9l
z?(6}{7R+t!29*-uMyB$FAC?M1H_y1fE^c2Z@^xUr*LO5PpC?Ut!Gc2qD?Okuhttuu
zqh$9Rs`XXj{0q5-s>=_ho9e(R1~q}^O_xuI!UnxW;clDD6t7(HhhUJ~M*DJgNO3Cp
z;~;p@CnM0>8#U4ZizhK3hXsjeKj)gPa1C|J-fOm$@-%KO(NzDCFeXs<WJK|V8Q^^x
zarCZ0Rsk43rkrx5$XxLW^0n613iXGJMU_JAs{zbHUBfPy{t<Wh(|(brw))LX7cRlh
zM{)lqH))|q_eyNytspP*M%B#c(ZPSX?L#<I?a~5z(CsCl@<R+EpTUXd&O5C$%nnAn
zVgniKH>_$u=h|f(mP;wB<-jFZY-&W#Es+B!X)Aq@=DJb7q=o27w3{To6V+B+fGpJ6
zfT=YtsqRlhv9wLO&o_h*C3<=)oq7$0Ury$Ze0QYGkNc#ev_~ah+<_ZfBDoTZPm`5v
z8&C#p`@hl{WH<aGl=g|8SO%vxxFzzM-K!5VA*l>b6Q#dj6HUa4X)<WuI`7s?K?IL$
z#A3$|1gRyJoH@Tz#venT2=c(`>CjC1rQ3H4q)X?KusvMHzyDkr(G7Kc6JZ~nQE9S*
zy`I(GeTI*`%Fvt_WXVbLXYL>~v)4fw5d6QHeVx)Kx@y(Bgz&$!&o%A*&owM_Uv1Q<
zj@INo%RLOQ_WoR{Uj2^eK{_PrU8f=DeX?s7T)oBTng1gbWb}A*)7wKo1002(WvsYG
zZEznB)H+N?%~@9w0Ri>Be_lg-^XvStFDV<P2~qb4HC#)<-w0HT?`NDgB!FHv3h=TO
z(;|;qb>@Q0OckAuSXa3PIVbi}&oxYX$2in}P%9ySlr8PROKQOYC8msZ<M}yVSTCj9
z6fTcka43&@r}>7P$e55)FBI|!7ndTm8U=a5b79HHpPR^uHYTT+H@Du8ug(}uQ>_p~
z+0W12RSzN!y@9?ng2FQg(}qyLulXi0dU|j+PB)BpHB8@zdcNRF=y)l1i;GEJMKs>X
zcFOw}7vH^mT7z&C$1~xG!--D2AM{0M@)5Pi%Q9#50xPc~4i7r*o`cH7rh~pdY7n~j
z8F<z4g23LMe4vJ6Ylpq~F0DDFg3bv!B@d0pj-UW(h!sr8Ca+FK0PTkMh#nDD`Ir45
z@4Xjy4By9UFzhcd<kktFU7qm3M$MgLl>wlVgiLuvCb+tPgM~H%iiuEiFX`XV;|rH2
z=yONFLjPOyBjQp<#ca=Vr+O&{89NK>vag+jSP=ZSrnyTcgc>s)8fzep`2H-vL!Zpv
zyI<5|xJ7&zCM4qydN9Aa$_`JLzk3lgcJl$Gls1ylC)_=@j5LQ=(uN9tyB2ha2<Q1Z
z4-m(*Pp;$q-qGXy{-qulGAOwZAn3XIx2uC9WX&+IQ}lnpQu(u+4}OmGz+QsV!P1*$
z`Loy6WTbto^C?ogKK5@Kh#!iQw%pw&{{>3RpuZ;Yyr6`8T95=+81h&xzQGe9;vekz
zy8HJcU(dhj_#Gne4~WA=Uj)W^x;iL~wbf8>mM5s)Yp8AdWs34NU${L=OUPw+Y;plE
zO}p~Q{N_dllN9!ELN1bxZ(DfKYmQmLZX2jqs`tMs;0YZ_3>+1~C?%kN{tYv8&mH$|
z#8b`Jgo+G;Ni$C%FFh?zDc8zViHE-T0j<pmo~0)ncaAC+M*--&W*%2b>hMj&LQi{2
z+~EZajeJij_6ExbFxG!4Y)4Z$Ug4iXU(+LCt1fVIFIS4qqvoa|UGN0;3in8N3db`4
z!j*#`5gU%<>8xRe3S0`ZWrom*pfmKmc_tS2tJ$!siO0SWtj+shYI1)duXk^PBq-%#
z{8>Q#$5fSeH7w{!YU4%VRz-rOY=Y$@r^!zYY4g9?+N@+z24U--`2nA3V}|`pm3@B|
zF3_k}y?p?eJCw0UFO_T4juJz|(?)s?cz<j@uP5gT)<%4euGHF^E&>q<Cn5`5&r6TD
z?l@$yTe~<^PqxqQ-r(+k+$YyNxWPqPx+mk#?l}v*E32;N0=WeCzG9xc-&mVTVxu{(
zs+XKj+>GZBsm7_;uK6ca^Bs{_u6p|nNm2t$rh`8ML8h@g59*~JUfoPaTLgSP6L#WR
zyGcaNdA}*+@kpTa`6EGL*jh7MzI`7+S{!(|;(r9z0E)DD<{j~Di?mo}n`OSYQu-E>
zx?T29CDag_t5%*dlUi_k@-bX3KofQb@x)#j@NR58tO!$3c^{?#q&WOeJ_T`G8k{z)
z70IZV*nCD<ougDjI$Scuw&#zlBY*EG+X{l_dcA(m%|He{H0s%0lG;%Z{5!a0;u1Za
z6OY>UzFOBdps&Q74ZTqvTyiahRP)_418kh}txeja8rv&EpdnWdtJS3kj3ei??_O|1
z7-_`l^QyY=XsqkS9*7EPe?8iz1~07sxpw3S_jE9RC~fJ18lMM1(oYRR)QBU7wtE(Q
z(rG7gcaP8UI!K~Zid>kI>8a?Vr~o*oLty+#ntZUlKKG{IJ3gOs3+%=pU*JxxyYuLH
z-gF=`bTr4Q%Hvzy*oj(k`nQlXez$UGKwVBx%alJy9KJ}Ex2N<Nu!4ZlQ;?Twe9r@t
ze_ky+$z+*5FGONN!|waT*#$}$?hjvMy=Y|RwbfJ6T8?>%G5e=+kH(Up#nF5I?kwrQ
zASqS6C_nN_9oAEtv73CO(_5LUy~XXaMl5HP+^RTx8jpNRRmiJu9bceswK?&v4f5m6
zqh5Ste`>{KYVMzJn)XMB*U{3?1--H(xqLqErF~pK&Ubgzmh@zdRe@1OFrmw+|7w9`
z9U;r7V>rCqSjZ};@0Ff5r57|;)w90O#XQeZ3=IFLBjb^u9vf0{@$o=kQ$3H|NZ#F=
z5th&9BL@7(8gLNxG8cpMmh!vDl)i$lvTz6XL(yiDhI-sDn^8U)LZEE4QrqwvYT7>C
z>8aFFcOZve;PzFNGHWd=F)e=Ob*-5N10s*FsXpkT^rT>hQ+NpYPd!&x$B;^Ku2tVD
zjww{-@XzI5rpFI8=y!*O^v^^amm!9yC{je%(!vHb%x?;J9ATVG`@zX=8w{GcN7ux&
z@MwcnU49ceB46DT=gTTPyX-Jdz>ug+%qvgl9#!>dNvAL00J^^E4bK+%hrUEn6x(wj
z{YEkDXAjO*ryoig-`NTl;A2@&@>FTfH94riP;ly@*bwv~sxdZ2j_14YFYSl09&5DY
zs^x&B)1v8pd_u$PvDm9}N5^kInKI8`rw?kTP;PD(z1X!w8?GN#ca~xsAUM(XinTx}
z)9p>Q<M08i-(3c~2bJ%Kr^5e0&q_~PzE@BF;*oc85RTK{9lQ_a`ge!XkT19&uxwR%
zxG(^>?xkWjD%rb$0e&j2ne*=tpUOz3v{;#ix9v`JC;;PJTGts?y;Rhx3<AGva!n4^
zRCV~879M5`Y$d)AGPZQmKNKYt@6x=_BA8F6M12>_q{W-G<voL4EXUDzb+LiSb*U{k
zWM0!<EI_Rz;UVkUkpAJT&TE?=@?+Y*)_?r>RQ~y0-Z)Ck+gcZ$|6l}SkP&Y&buTcm
zv||O7b7L`~USfH)pl$6_(}vk@gyL?fKFod$br-wej`-W8v36|u&Kc&N#opbX4tZPE
z?$fHm<Qw^hDhCf}<C~C{sFiAcfW7K%vH+$xogJn9wTp>MP4kPLO^ULb=zoHQXZ@x5
z->g^8apC3CGI;0<>rE5~i8Q(LlFGST5jTOpf2S1V7dJa#DCq_&<G1C&HK;6weM$J-
z-yC*t-}2{2?*mrnHq`^6UGG^E$O&em1@l}ULhr}VGQ$wo&M@@@lZeqRo@e`S=KQ1%
zZgiUAN@Q&~@SoBCQr?&GPVn`3GZxqc>;Nd|)zUG08CH6cR?JND*;Kpb9j~nu-uHs$
zsZ&_aNt8HP|KzRt2Uu}=xKF;{q`AZUq749l<?qTy)IWA33c$ZNQH`F!gl=3pkY?!_
z{rE1GLH+P{L^U69NP|E>`YH)V%j~ad?_&Gx)%lT^#+<^}Bv34{tC13^?#vCqu{<`j
zDl`p2J@dVPUwh;<jShz7OXP!J^?kypGHa=ZA7siUgm%mxe3eCW;gd6E(G{*W-rts1
z`_t)Qe;m$gUho5(vQM0@<6kF!=q<lw)6CM=zU=N3LGw5naR%4c@(S5~mbJcuKkD3=
z;yms!qf>VPNL{L2iuPc|hf35XL<NQ7Nk(8SgN-!4SLK@n_yTe3sx#@<fg|J*i1eV}
z<WEQSrT^_K*A5e<IxDXx8c{~?fhilj(WKUnQ97IbXUk?9QchmMz&d_ZhZ*h<Sy_Y+
zeZ`h#>A>Nr2>$SJzbDIM$1gDrkF$TGuUkzT2uusPm%AFGS0|-D5fuVmlln@1IqZ~>
zxo0$}j6%AB_IGys|7%^~vkTt;5D=AMSB19er!!sC+nrbY_2ip*>0pfu`888TyxBZ*
z|MpQF+;dTnZSE0EceYjgGGD04!6@_SD9&<KRrl0=7b`Qk6Va4&)bb|H3`D(d-c{qi
z|G;KXFFCNb`**J3A%jtcg*Av4w>AE;G2L`;Xp)7JgF_)(-|u?|NsJb(49f1f41=;_
zKpTq^4-I>68Hbqi2-i|dT{3z)Jh(lbIqxwb!fzlZ1Q56@f`>r8#Ic!bs}2OfjlKM*
zT45>;OyGJZ)UC6ZYkIG0E9m#ophFD>^(W@^%Lkq%!{1BdA5xAQ-2gQhj@`>`BJST<
z@84sI#Sr7No>5ZOuuN;xfiP)mz#rn#8f1{pdSf`OmnSR-uFZt}Wf1nRN2xR*Pz1lz
z>78J*#D0EZvrn}1oQKYnt6^gyH~ZK3Tsje}+`H`L#s#ElKa&k7zUu0F>r_AO67VjO
z&0_~nD<~eHMtUz_a?TbxGM~a-a&8kmaP;))9lB)mm8I?V!EQi=854}3Nj2+c>*akT
zqEhWebe-X1*9`))(|SPdL;dKG_+iL6s6*nrwdV>iNVs3ccv9SQ%0tZwKrzIF%Ru0|
zn93rRZDS$V^el(6p%JdMSo7^WeRl1&KI}Wittak|>yL<|Ua1Sk`<!7@Pde_sjXld(
z0!3b|?^NxZeTn`2S)fsQF#GGNW`dv1+$Go_kzB&vPP55n#4HnRX>kO&bTRRDOJB3M
z(5GtJlo>W1*Kj3&Cv6gTppzWBBM<4(NgeL|*CtY&ZbQHLA{^s!*(qAdl%lT#DZ5sC
zq!*!tOYcw>d`Hakj2?Bwl|6q)<h2#U?b)$k!{}ZvLC1&Wy?;kw#9;aUQd+?5mKwMV
z8$;*NX7v=Ijqk)BWXTQNa}Ydc{8(;DHq6suuPlx=Z~FKdOz<S($)Jr$%?)ZzOs<Y&
z-ijC2<mCw6rh_y^yQUg)EyII~`}CF>5dp{A@x4|9-KVi?JV9!RW-kzxJELnjZ0_#7
zO0YLPp;E!4;S}_9elE1@Uk?57xMN?}lIv}X>9cZr&+G`T)oR{`lNgOYK0<aqBY<$P
zJsX!z9tO4-uVXms8*9G+H~e0No+fP&qla*)C7$yM-=Ht&Zxq(<7O4DLY#peQ(huAh
z%v{t9`2vYP)g$umhL=?@)eLv(YVvY?4J&?|BtE@<)|!sG)V#!o(BbzbmA#M(E)9v3
z`vm;vXLulbnH)B^QsT#WPN`T4pW4xs=Nd_T)js#_3sT)*`hm$ww8c-e^Fv+^yG=fI
zS|{Kn`s4ax;?wd_^jmb|NAKW{OlivV#AMP6Z`$?2bf+~vmG7kDkzmH<at3s9A$1!F
z&$s&VhcUwMVX8<ncnW)5_P>J3h9o)qN8cKbt7+ThM2FB|ddbsg#E^1&^u!q0rZ}vW
z5BJi4#7>xeP^dr3EBp^kKS@2}J-f0<G(TZC!>RN7|G|9+CTr`2gtLqP45Cj=x69fs
z4SIj5EbJb(jQW^K-Q(5b84AMyDmI?o{j~9HLSrOS?u)F@V#lv;^MeDGQJTNh^U)tl
zb^_&im)H1et=QO=r`f_TKTOqJdh)~b72{PJmjdOk@5#tGk%QP(#*@-;?@yWpl=U4R
zvNgm%<oOn^d>hypqjJ0+>Fx1b)`k&3VXu6z?+ZInXj%5#cd4=8PyOx+&^T(`?_J}c
zQ@GYE8~6kgmJRW??AbRA$RUt!s4U7(y8mDG6_xmj9qy$r==eJ@4W4B$ds}f%U#UZa
zcd_eRQEeO2N?rT!TFUu51{yjk$i-o;ES%|ymexn3V3!zqEof9%4WB^Nci<I_^GV+T
zDIvv&>(0an`HS)W#TZbPpnZF|7gMWhgN?NZHoczaM6dFr4qvp%WNEWMXl(8%FCgV^
z#LwywR7UT3XB=(N)7(~Tqm0&K_`!*H@!*4iVx`34D+dWbGy4K0T^_~dPHxiM$m4S`
zJ2Yvvr6UfqYNX7mvQyZg)X*Wbp~T(L9rw4ia~1Mw)Y7gx=*FR>%J0Z_ncQB3ruUWd
z({g$HYVYbyv&Ck>9atq;<SEVZhH<~4f2^9t-<&>opL9*F1EIzm9!t6wCzL_aMAUjY
z`W^GzlY{Q|hUqf3ri{o-eYeZ<{G#)iEc(wc^+LU0!I)!dTi|~!2=@2}mME#?sIHgE
z+XaP!M}VwTTIabEcMkDA1Kv$RF|o+{Aiz@wH^4u3$=m;xz?pwyvVY34qAs1ynZZbK
z$g;brF9sE;On~H0deSVj!z01r%R_Kv2q|>*K=g@1_Kp}^gFI(l*)n%C(nIfkL|W@G
zNM9Up`js*nE?Ajs^ZjH;)EExZuWMRKyg>wX#5Y$&l5>HEJJtcWRh&}0aZ~v;20X&E
znFs4}cha2}z<9*N?W8|BcZb30Fu<Nv8Gf4IYqOnMV^h6vOXZIbS&<p3?O8qqf4puy
zSFqb|z!Fotz!6C)fEs49gw+qKev^Gx-iB`Wrqy$AKHDG^Tmrhn>-P2T;4!GV&b`Ef
z!1R-1P<^|C35I$*@L}<W<jv3~%^ARODDF;7BZ^rj1%&K;Jiv7N>+0kJz_P3RM?NTt
zauZPvpWdA?>s?I$#pl7G73j#Ml7lK<k&$9Uu}_Q~iQe|afRb1(2CCSg$_?RWS!aNb
z**`<g@Tmyz3S?$AH_){;m!Q?z<k?hTWuVAS@QX-igVipMoY!3g`dJR2)4CaBE6>7J
zFQX@9^3(;wL-O@}(SsGzIGq#6gt7D=*3_FkSU+A%f}>gZ!p2x%Sj5}c=+45IOx4MD
zS+jmkpWlue@fqs(h87#09KMj|`vH@<*t;Mc@yLP1)zGB8Q(9v-2JH>%A&}V5JsOI)
zMu_X@OGlWe*&E~^q*fkbs?{SG#!GikBR%s8du+Q*B(gS8&vnbTKEz{CDy91IwT+c(
zVP_$}!XKk_{lcWKW_Imd2I8;TOm8WC@)CA=U&IpsI3B39JOrM6+m{~U{YQU-dML>f
z0MEpp60LpLak^=9J8L*y&aG7S+0IMBz%S`o;LPt%XL4rcs09rn#Na*?$0HGaPVTBB
zHSgnoz~3Ir0D^*Q?hT?%TS=K`oKAyhoXq9d%u|WVa|uz6o!8x~uEy<Ci#tF_do&>I
z`^XrD4Vp|+I<|g{?iok>4Vnz6f4Jy%$H!r5cWgv-lh_v<$X0j>ZGTuP`d6lxzB(i9
z+m|tL?4v1GP_+T?7U~+T7(RRbPh8ClD-Kof2=9k@tssFm2t_S;NhBRN3)mr>z-Ol~
zQ+`osNK;ZZWieFU#Wl%Bh40A~N-`({E~~1(xSt(fr9FUmW>QJ+B}QJNOeEn2NL4Zb
zZ>G#OTr@)1`ObL^_T!-60DQKfr_hpsJ9vbcR`39pXR3~dcO0^QIWhe33i955q$_k!
zlV7&y?dOvZ0`JAtZ$Nt{HZ$HeJXj3crEljvY19g@z#Q=Yodx6bNYeaGPZwg^HU0Dd
z>fzZ3jV19v5>?E3;H`&+e`4O~;#9Ox1emXHKZ$?{PO@Yscd`ZEY24qHwm9$F?cKXJ
zh7&q|1Sjjw(YFCGOnVuoE0(G-vi0Vxa6tK+*;8DW!})*I{ZH}xvhlYg`lMybwgXg)
z9t_(ZoYb&&<u)QZntr{Rf~=uDfIIbsUbI73)08F&8%jKW&X4<r-H&wJdUHYCyUymA
zc<gU_agT9&)pFq$AWYF*ghg{CW$9*Up8o~k%e9mm+*^ED4vP#Va-S~!k?kI{@i!0K
zX|yXCJ`m?U_y*3=6@JPB#aYEk;;eM~N}g7+k&mvxY>q!w4RKyXN01m_+`j&4zLqIG
z=e8!4g<PLI0Xh6sYgo<hzgE~GEoID}i3MNIWEfQ${Ez2M)9J!v&ZE|%QPgJgT?cF=
zKeyxSoBZb{|1{><A%Qh2!HA6iB#y(S0?d7L<95*YwkGVZ4zzqrh`R(w*LsMjO)DEo
zQ}e;D2@^z~c5*ACMjt_L&ggtIcX%wZtx^_eI|>@_RL_5cQW!<TifR$6!zHiL4?n*{
zt$<ARLjK?wCrS5$y^X#yD`B72B_tVSiM>~7PA~Sm+(pAS2Qg(E60C?hNQ!)S!_mS$
zd(eh2QJVG0CZNX9MGdyCWERvmnuNDIQCV{Ah$lcb!?^JtmijwyM<wfIOXOaKew?M+
z%r!@Cgh)M>Y5Fy~lM>frN)_sLSR;(>JMduNClma=Ujl1AJK64Vbv;b_O0<aylqODp
zyb7pz`dIQ==3TW*G!TUte8(1E1VXncJXVyxWbd~npcp~BgYQS@!M{xe`&XB@q5&Vi
zd{?JOd}am^dF;FzdK#9>s#6xrHjalG#~{3LOjAbFtdr^!F8}xq`qr>K)(76VI|j4Y
zoS&$sMS3n(e7NJ4*5jCezQ<%OfYGo<djq(ku&)58M>Fgh``cgPt8dGBLZYX?=`(_N
z-$zi*gGq1Pzz2O==LBxsrOMGk^r7Xo^KTHZQiN__@IxpV{F@t}It~iFI*rCSR|f7*
zo3@(LncndqNc;jO*LSKf?61%hp3x~odw1I{`bGN)20Pxo)T<{acR(}MnQ!I^>|^$;
z!wqya_PQKxd&4J#GhE%n_6#mSSR{P>M8T}~%3gB&`1^yD+wV4w1`|)~HCYLwjFL0L
zd?c6<Y(0|7=GKaVe}%r9FRbEN*0IP*Z~q@M_Dw`*h}`iTaR4l6H7w_4`pJ=~3!?}T
z86<2u7z(!DZD>{>MF|ofBqrk>0NmGIf7@tj9|h~@_vQU_mJa*7658^H+jatQImuAd
zdbC7#kVx77y;s`5*RAcc`}QK@=S`Bw9YD2n+?^Xk+wRD0XSW(P<Fw!(<Hlr!!=`&?
zeuBA6NIt8jOOKu?uU3*)KnrU_izCQX_u}be&<6+(Jm!$*PJU`+=BvC<&F73%M~y*R
zo{0~gqUH~1nE|5n8Tx^&EuSuIcrYK&MoBU+_~9i6OI^H*vN;i0o!|ZaF`)8vlK$Y#
z>#W}20bmjd8~4Opzr!fBOPg!r9WgEL7b~YUb}m-_lu(3znGreoc3X}X-snJG7mYg?
z1(Zl_%Q-zfIa~w{mx}l}MVN**DYd^J)0JqrIu`psD0l4tL%Ahs?ZsD~%JyEO)wrPl
z&R(#{i-vMGykn{4Y`Dkb$=u+<kbu=;jC{b-&{#;8Ykei5VR|vf`ETK}y=>|rd$VVf
zczsIi$g7d~&Q%-wB2KOaCWu$>9~0;BvsAN(kbq?#hW*vf6O9cSy?Aw+$J+M=+$UXY
z$~W;f<I>{FMDSy|kvDhOZa~i&DF3N6JIYUr52R_xv(|;!y_atKUR>As3>sYShy2xk
zsne2m$*uM5yxA|zh^m8#f}z~@jLY&9xLn?pNQ`}EuTvMh&uz&IQ#YOKe{J1ze<u>F
z`kfO*jXA<u0#xFdxiBG@+Q9|p)yG7DxJ(|OKSqz<MhFiQ#i!}v>pIPLJG8^AZUGyY
zTPG~69pb+WVdztMkDpcT>cIm!k}>F}KOC)3`*wS91-l^L*~hj5OC^?{IX3}Q#h0iL
zPs=jm3i!B5SjD3Mqv%SYq5R&k-A_o86ftD0knGuJvL__T*s^4oWs-fHAw?2HvadxX
z`<``_?EAjY*ms5*%w}f({@?k|ch0@%e(yc!e)qe}d!P4t5N1<(Nd~{4Q8iRl7+ZIY
zpa<$s>3I^`FBc?7<uqVp6_x%Bq-#U;KbHAv(S!P*+D3l-Rht1gv@}dqHAhU%?Yfo-
zu%s&6?y$x30n@5h!QY`cJfSIo$3p6h0&Pz}J-7%pB9PKGtccL?wf?Q-#v3t(hag0|
z-!0vom1=OcXK`e>!D9E6O<0+g2zz%!wBtq&4O6@v=mDnv5_&;+>A`>PKb6RyO{46S
zu%1VIVKXCm<zCS-nY51-zEGBF)_iPG)XaPyXV@7xyD)dFJDM=p_Ad+W6J+EkLYS=8
zfY6i8bjCM}R8wCk+azOy{&gI;qg{OuNZ<Uue)Ucl6<Wtcq`-;5bkfgS>C-!>b_5%g
z-VhV4`y*%__*!V&IX_QiK61B(t&T#)TN*s(`vtpnpSeCA#l9>>oFBQ~TnbPATRznj
zVRjzhB72NOm<NCTJ$5_;n9>6}`L?r{!=H~zAlRpwVQ|j6Xvoq=+^&-}UXIF|BQ+uI
zVxypcJu44$Gnt(fXgIsAGo~-019XkbrEeBk_*@BlBq6}MnX?&bIC@XRfRhZ3vnoU}
zPMrxKxBUcoT+e84#AAx0$8cU9{gf-d`7NP?Fb+N{S#~xJK(I_vEgO=R{FNtZ?+<u`
zs_gHudl>MB+|M!BP5p3IYC9T3;qm0V2s6$^JHnO^f;t~s+pAE6l)HuTe-9Q+bACjO
z#K>3pG}+b24?^{otDaX>gXkadpqk;>+Jc>z)N}rd!^rk~O$A!GN6FeDjCUN9HGv09
zNkRuFs=lg8@k>k@VP$hI1lu28z%s`J_{#pfpHl+PZxZsnihN&@a;uLWr*EuHsmu3y
z*J}SO9bf{7$r7ar+IHc({|d{$wPp64tbsUpUH{~<N9MJ9nk7mr_lyvmP`H~)&I>{k
zd@Jm9()Sn@1y{;zyJ~k|TV~S=pcR#4hSx}Q0K7oIoDc;Ak)*ukHD^rJe|j-S6Xx<<
z4MRn_iNM{<6Ad~YGqx9ACPt{DHhHZyIzO*Q!vLLOAHq(ggaVvYgs_5r`yN$s)<26Z
z>3E(49V?IS=(Cc~f!_i{qYfya=D9;S(#8khmjxz0_APCZ52nVvq+NfGx15YlY<r(3
z8OkCu!IZHoFH}35Gx)%%f4HYPCy(VpFJ2)79wi$oJJfuY>D<Aj$o+8OD}B>>*KL@c
zXW-z4&?|GscRvv6tJ9fRBN~^g@VKO~0Q^zClGeWa<+^L-GYVkIdr_%PrHb1>cIomj
z7mgvTHIvu(uL3FYVuT@G+d~K=WdABCG&#sTBZzgW(2SO#+Y8df6sNB@S_Ch2WaSD4
z6-RIJGeGi&NmCQgZSQG$-rq$0fTkLHRZ-o8%LYk9rupsER2|H~x#7y1Uh>S@wc8DD
z9QQxcr_Uz|ms7RGoSQb8Pmmt{b`>^WCJ4_c!>zYt(n@LvAz|=G_wP=Oe7OTN$ZeR>
zLe$S_>4T!w8#EVMj&e`xWTu0HJBGYIDm;}9PTZMx7E>K~CQvG9`nK9GlpeE&NcS79
zYVT3)X{|0pq)ck<I1}ddz9J1^EI9_~|LTKpSN<g)Uj?aVjW2jVt<?PIefBj2_jP9p
z^hBDyhP(89AMzC$1*=A5Q)}6}67>hqYUSHw$Z1#9UwDjZUC@d<jZ0%asyoaVzV5mB
zHsL7%CtX2bzP>@K!5i4&<`onxD(j<V-09i|@s{(lxv5r;0#D5ES2bF9Zlehu{Pc$^
z6*Ie9o0Zi0LA$9${o&(U&~v2ft``aS)_}TsyeYU9vnVQpdlO#8HuuNyI4EwJkI_!?
z*h}%K{4&OeoW@MXQB82<V}D~D6}?C*x@o47n8eAIZ1f_LlcCXTzR1hX&F#gnZ{IZB
zuJB%5nMR35SDY9$+}sp3+_u}AKwpe>!`?G#TuC)j)VRW>irU(19cjan_ZC}KmjHGg
zCuhO7l{2L5nc$p@8zs@U57%yNHnKzDw!@jbo)Pkg)J94V%I#)dxU|^!X5KLe)W?2{
z{=l!K0lwNzF81ZCK7*j=P5|WPyB2HC)E-i!qTb#{<39`O;;=&7kNB2rK4K|U>=5zH
z+I<G9&+%coq<MBgg@BA0nmA~wUT_@0g_K^Tv+Oss4FHBykB7!W?!``X)vo|Yr`~zf
zqQo2Lkd@_iL<J}Xce`=?#fq~{-EgBztw@nlMIYHPpfPSX&YB^kX(n{eYJLV<qFuCe
znRjmK{)(#Gyio1B*oo0e_vGtX!-@Ho+xp~$I13w_HL#kI?b)ZNhz9af$}}aRQYiuf
zI6wDpKFxA$!v@qtsWjm&ysa6qqt~R&R4>It=23(=HuqHhCI|ikHx$${fE1(@7@nW&
z?jA+w3QO{Z>~<+@*Izp$e@!bFMu9qS3pb0SPWcub#a~D_B_=H%Iy?J`k!!_8ar!sA
z-&e4TEWC3YO2kYtWLQdv)+<rLJNrm~-Pt1pDGJ!LvQSrpz#IMfpO-CIi<I*8%Ut~!
z6YgvFX$g;Fda%s-tB!$rH!|^Mh7BJs9dWnTqq?W{x@>Vs>%8^yX4vl8==(f}ss(xg
zQcLa;A(YY4y`9>p2-{RXtp6hR{3+(Sv<4Np?=1e0g_I73O#_@swRj41Zz&~h<_*Q+
zss;Ch>g>uTYT(^&r4HLK2af!K7^eK|JY!0q1R-x0@k?**>DR{4SHbjUFtz4rUEpud
z*;$^65sy#}C0Xy6I02eeI%F8X;-#|xW~)^^FIjBybf31qm-PzQfd8QLn0X~{m&{mJ
z+M!~n6>=+b@fa3cjqMiSKlt;Ix^%b6A#voc%c?bUq~2fMe}`)<pv28Lf$=ebqd3pW
zuvoc<vrwX!3cX#)s2OP5u@*TpnnsoVTpY<S^*{hlGe83t+WiYHxBlFtp^EwNDn~`r
zx`LI*n3b9flK4<bjjFu+r$^R5*qttw^dpV@!u}dx9lZq2S*`|D9@x@-E$^5}1IMJK
z9XK|4REz7CMwJfskK_kFIUNn_EodHTy+wRvo2Ii%p=-xKb|*Y8O)N|iDxVOGPXoA{
z^{%O^v?<XJuvc<RPBuo?{`Im4mUkYJ0cjq4>~VfXK02@}=Mq(8_F)y1J&TH=4J*v?
z@0W-vqmSyYpTLbf9X0L87+fP;c*7x7$~>ofM2wskQF${gCVeaLG)y|3MEoo(ESraJ
zTP4{ER`P}nPHi;uSj;u*THmxPEr*<o5SM<IFKRZf7j8Fva=p_fQhMu5A+~kCQZ#*Q
zKg8KLz;%8FTkrq#Qkd`t$~GX|Ahuplva3$-^MZD0Qv-12pIG#xET(zZ(^HNzmwT_d
zoYHo=e^T#OgAx`t=8^)#o>z=c%O#A>Ig34zt}5O?|08Sy>p;P1y#_dJ2lzCcc+4Jq
zkTv4E3ImQyy6&g;?SJRMsJId?hQO<eY?4QS0vkh`J!bI!^Zl@oB>S~0)hJA6faoe?
zR}T=rqvc(Nzk)OIxh}4$Que-8EDhdc^=Z#PTu0Xd{7dh<7p+&@!q(4WlEwnfJVAy3
z^M$1%9DQ;}bi@a;+T6xq>Ee@}`#|8~rv{!ei&Q<<lrI1&!%vB6tjJ&LpD8W>&E8qx
z@wdC|NjKXQ4bfg$mnu@!Z-&qslPZAI{HD0WV4v#;()HW9o^R<eSI?@5uXq6>FGiuS
z0IG8L!3%!mu332nzQX2yX4s~2_LLd7TkWIJ%%`rW9rvJD%Ox&O$u413ha=q`W7{oo
zvJ>;?4C}!{Xj2`Zs_89aX^z@GkF%*Np1MX|RnVKzNsc2D?2)Rx0p4>hGgA+72If%l
zAKBSa(MSWb^Fyfl1D500f=7~OKo3T)dhF{~zmOZJE0|ZQB$A_!LrD34(&Nm!^=;j|
zt}7>I^B#7qp;A<B$?g%V+O|jlHAXU^814Kr>g-&)90FGIz+69Cbi;ZP9&>cqTHhfr
zFdIP}bfrIhJHFXh$`nq!K4xipI{t=&4WbajO;6NMGF+b%n^yd0UXnj_Pd*K){Dytw
zKnX%dVZu)XEtE=4fU7e?0x_T*t#eWgqE_+ymVDvN-AsUK;LMManQ`AFWORV0OnJ!9
z)Liis&7B{_lkm?w>$R_wkaby)1NkO)0N?d1w5beP;g4ry6|W~4I$_X3kCItb)htKL
z)?_zzroDTPb0RZ<0eo|vo6P$?bVJ=fQ)6H9zgvD*^4;dt2*Y~xlXR^!T=+sYTpUFz
zX)*IcXu3?e#htzapL62tvg5t~)=$wJj>2J2pWPn$of^{QDV2hNg-Ffsnf$fOIv-?O
zdZ-B#_<H{L3Z55!mT|`Y7$={7zhx^2N1bU(X?G0U*ZflNX+_R<lQ4Mrs^404J)U18
z#Wg|BIQ5|MXc<A{BzivIgKUIb#%Dcx3BD^L3{{^WI0hE|oEW&_Ywdi5yCYO^A_53i
z3ILIxWDnsy{-|P|>J*rre-9P0g;9l_<cCjX;Bq-)eSTKjWNq&A5j8-lRYP&Fn`-0i
zQ>CH26bQ3vu!IoItsRaqleGzUHRxYpyjj5dN^AH`eWUM8{X!IPMvEG!vnWUY?RueG
z7Sj)=vAk;#w$Gb&7E)5tmbwewYq0Xbf)Y&_Zo=x$(8k-OK<RC<N5yCqbHvn0EvV8g
zzU~EHr5(J6Fb|BjV0~0M5!00K&Kyp=J>ed{krXQG3opVxYzT#1*FzSYL*7W-)ZY$u
z%cW34hkQqe##AlAR-1_>9Qkk8HM<9$04P#LyH8~a3ZaQQ@YsTB<XsL4fjkM{v>mWQ
zayK{Kq)=G5v41h>Y+H)p_Q2m0b0cE_g7$#*q|nhnBZKmqUL8SYJn_meR(Ia5#_>*D
z-43K%gxqK}i^2VQ5ix_61EApL0(Vy0dU6~2Tj`g>lY3Y$in$AinhI1M8m*9w{#XYm
z!pR?cKE*R3DG$&#|9?WP6n1g;CP*b-{<JhdYdYj+l+J!#{aE3Gfn>AS&mvrF_&)o0
zgdL`wxg7Pqy$R4NdRMcNFTQo7;nx(>H37l7wsXy-y?%H=@9YablBgB7&v9<(S5TlX
zk?}=t?DTfg>-U5Eo#B$5q8Pb0(9-=l%RBIbM5WXX$IuqX^|3n8k$PVyBX{<u&w}?`
z34PY^)Zj&$qif5=;6)AlzK+Y&uN?p7?a2+sN$_zZ{=z6PV?^n&>$*J$VN{7KHT#v&
z7JN8c$CF61qzX6zpX`tW@-f@K)s|?kkGW2mP0<uUzy&PCt30HD)R3GZ-3sHizd?jQ
z#gdA{!EAH`w)=8}zVWmk>T~UOZrbyMj6h&x2@$ObFSsucF9^}FV+;W%gsgkpA_&dL
zT|Xa#vPmN?UHFY#K<Kv-({S+A@035Mv<LS`O6z^w&VjtkEM~N4-+H&?*RZy#r7NUk
z!Q%Q}o~AV;J5b7(-x&yMaIJMoH_m+aXl(C&z~`@MwWIoX(%X_KuK<GBhWw+1;#r=I
z#&w(tjR)PP@AW*-)UJRRfn13xZzJLA5}2Kkbn}-`e75<j)KLtNHezHAX5UvDzK;xA
zKwCRR-0Gt&Kvy95grqr|iBA+2WeAnU4*N}OSXAN+_|Wlgv*H7WGOpSCD(VUJdo*X?
zYkk!@`c8Ur2*_IrcXQs2EqVjSvjjN;Fe7Z-WJ0VNHQp1DlH)47v#k|N72!8Qb}NpN
zu)woINl20J6e8Iv0h4MLhY!zzqj`K+7e+p>ED(qs>!NmBab+oAU|w{o4EvvF*GiN(
zkFOC@HI7^=amT^8L|wtrd-4Zmn-7n8mv72!DJ?N)Ame8a3kd8d<{NTDGX^~!A8M58
zfRqnqC+zJ2G7}$&dd#O{e9NBW;bIJ|w$PS9+=9sD{_b<NsC~+)c-au)lEdi9HtQLA
zjDti@A+L^31K2L2JflNX?>(BaU32VF#X86QdmUxl`?^Vap2^+Yo5lh=6n&iL4fsmA
zUu%}?^=!R|3-SZoYNfW_0Y}_XZ87tcSlYU=4CzoUNpp3aG>~wL_xdzVJNK5SYJ4Gl
z-#|;*$W?E~0##gmCc}cPK#^uOzJJ#Fz9cf)l+uCLQIpqev5r5IU)ECmU7RpHW3_RO
zE>Cu468Dwf9DP!4cPXsiyFC%Vo0J<=Y-THQ<iz#V_sDjc9mis=k~1>(bm$W<#{BqP
z`6S9S;T+&*jn*@~<5pZUBk@Pz`_0neuW#Zcve)MY^A<84MYz$3rA;s<t4^lzx!|Tr
zn)}NphdjDDgC#FNAgF_~>Iqyki8YWCQ|HhGPjt5TW>R%$e!QHhFqQ{B)Zc;QXF+8R
z$$;t{P^On&ON=Bo;A?SLarxB1{-IFm(lL=4%@73VJhdn)g+T!v<EBcCvlX)Z=|nZi
z=id?gE;lfAc;qXS&^1Cj15l)oIYovgMQI9y+9{@KJ%AtnhW;i;H7?6ILYv6+(xHP^
zm!<#z+3674=9k+kQ724==yL25S4U>#2h_sK9_Q)DJcnL=tq`7Z+{d{7KBj5HZ}@@4
z`ZFLll2M>>6LAfH<w%R6{mJrFhq&RxjbcvxAUH1oc?GW{1{#Y!SqDqlfsO{jW74$J
z3R8Oz$9=83=JU#I^J*$*PEbuL`bX{DrM6W2@{3=H5i-FAROH@>Pq^zn!G0Z5mB4M?
zVSQdWa^zwnUUiRanz_s*=9q+!a7JDq?fyAYnS5^A@KlrRKtu~6jI2Ehu;UGTHWwVv
zB$92olz8S~Pc(O8ftqOd%8LJw-r*-QR6^)H>h81>4`29Z*oqv102wvQ51YuPUdNpH
z3|*@d;YxiYP6TkJUXuLt-kCPb{Vyh>E33-E{ufIrP0{v)b^zDx<aK~Vau=~X=uO7K
z664=)W<iOKn*dVFP%A_E;I@lc>UMcNiaNRsW>N{8S0*T%gd<m*?}U63(;4tpbQ9NT
zDXwkPMD?vcY~CxlUelb5ttMypHR~!;4>N`5g0%fL4gjc<?UU-)t_QDz^gvpt)^B*u
zsRO{G-QCt}7H<RnAeRaC_w1WGp0NCW32EWcY3z_3z4BVZE5DMFOsej=?`!DDGvDVL
z?DIft_S0LX{R`%=KE;OBW`zd3ekQb&VDs6<8kk0rcAt$7bFou`0z|jRqkvFI_C^aw
zKf-`;NCVOA?b&SM?xg%UBBycRUn8e|tu!Gb^9lln(7BhSon75XEwT4k1WphWqb8ta
z#^zrj(rsV&*6jH{nZvb9Nx8Trc==>;9*-Aj-MI9TT*l;(cVmgMz_#|@N$<mf$D%4Y
z&WKwhv`f)AE#@5(Vn1P$J&($e$||W7b2t8ubXB;&#qFw9JKc@rHua8Q5ni|Lzuhs;
z09T&lHs;aF&EZWt%QqQ}@ka0C{iFk08zQ4N=YA#To|JkA<laFXvURF0H8IXGHzSTn
zd4IN)zgxF7(gW<cZK(`M*09Jn4h2$TqsVb>42t@;(z*}$E6c_SW*lh=PH<ucrJ2!L
zk~5ahheVibD0i@4=M>i7=Wvv=bN0Kkey+f$?QhWqxL?f~tA?qbD)52V5oHw9fT!)z
zLZyGOYtAMuj}d^i+NPx>e<liLf$V4Z@==`9);#eIa@s&c$?s_+6lGTi?FksUS-%j_
zTVgpj#JlPT?K-vmSN)81gJ$Tc-`mSG>bn0;%p=FrivYGQ|5{FxT6zz-LVR6If|9c@
zb}^-{1>!?nI|d@9P0HHIvN;}hzp?_0&!-|QuZJ~`Gha8hHg~Q*OMeECV+fAo@vG&I
zZdN+1{9!{IeNgw8S&U3e@h(Uo;GszJTY!xOWu@zqcJ<k$d#5ppNbB*TisU6Phg*n&
zio2VETJoCUnR#z$UhAu}Z*lcfrm8nx`8ajrCUgZ$&zrr^KGiC_&$T+s%-MC*-vBL*
z4(*<j=ex$B@otwMtz9G!Cnvt%bib#OY{Q>b#3G-QPsqvLyeb^eBcGwv=k6vw@Soef
zMs3^>)OXG1Peq7<k}80~ud}+IwBb62ht@HV*-iV^3OiS~_}DI;+I%i`=o{u09H}kI
zLa}@f*zlQp%TxF6-q&%}#9V5Yx0jdi<)s!~l=U@B9PgE#g}db2eGd;f3re1a=FWW%
zVhDq~p`-%T^H)kb_FxM`_u03$ZnKXt0WY<_?8Lf%irp`#!3QnD8<jq(W(s+HugzL=
zIugZT&z!jEm-}GfvhpV2v)aLvVn2t)G)xsnho)6tBJj_@==180D)|Eb;we(WErM-d
zBgLSqm<`WiYP1E8+g}qr=DOs$m?2534|#>y?W{scw^#yq9Cl8c@jtwteN(mtQW=8@
zC_ilD(?YC>lJ%DU&zGmm2S3Tj9ybLr)WoT{uxu|ryR^N(d#2?F*4xS(oQ<*=FD2_u
zx2MzoDf>u_!!KBG=6OYylwV!(p+ny%IEl~F<_rIsDHPF@t_g|p_#V)UE}$`@yijUM
zcN<QP7gn-3(eMHmFdoP3DwWM)@f<-sM~*pjYqT}8&$1v9W$#}g))Yr(V1G=Ra@TZV
zM#21a*X;nKXP(z|aXf}J#wApry^}?%`lq0y{|fH+9$tzlzI8Bjw$xqMa@)FPjpQRJ
z3=wcj-2X7q9XC*{ihXb?Sj*sio-#h`IFxd~&m!4Vd`;$rT1=`}ML2npo_H*5Zczma
zNWaMQ<g(x~xy%<xt3m}KqnenR@k7AJ>fAvz=tJv?9Jy@TUh8kf3CYJW^x;*3nD8jH
zROrHky(Nz{*4KL<5+?#u^V*g@<7<%(>VtV3eX%klGan%Tq;c35-SvypqN}x$$5`WK
zDXSIupaupzQeNe1FMfEhgnj}@E)}8mteu5Cn|!iH56U|5WFxE2-N<yv1^3>QIQ4Lq
zzRT3~NxYmbt(a#=D@|uW%Qr)-Lq+0zJ_MD0#Ls((|NXe5USvFVE$>md&A}E)D}~+4
zT1<@*|B+=2i|9zMJoX61aLZ6x%T9O^uWTD{SiJs`r@mhWBE|oc`BJ9XyX*Cz8?JL;
zuVq$t#`X1(h{x5MBEh|c*_vsUq!g^k>YfLAo*>y&M%i&nLRZF=O)i`hm2%nI?O-|o
z4LM-Q9LvXx+=)x|uf1#eYZNYjNvWDEXAs=8cCC3QYgxzf?Z29P=*thx_iO#~EQ>ro
z9LPt4aJe+4Z{1W&MH{pN)Gk>%<CyBy-_-%S3x)#kd3|gYII5L3v0YP_9#fK>c%)R@
z1(<XFGlHOvV|MX{>^T$3?_Q)nA61MzvkYy^BrVq0kZAA(*WM>V@|isCfFum_{<ZS3
zyJ2M6jg!ZQGV{87S<nE6owxcy$n{rC44cl;EQZ9V7*p>br#_&8@f2nHS(>WbCgRP3
zwx~(z#KhsaM_KiAmGLX?2jNXc1D7t=7l9KSi0c;IRa}fxMnA_V|K47KSS2Cf`;jv>
zd8$liW1u51KvhYh@5xU#*(H~Jqo-Ym!+1Bm*s90{*y``VrIvp?_xv=RTrQMCGwIty
zW~bv%jG7DYiT~<!C@jG--o_<jF!Tnr0g0DO8B;Gys@V;p3+Pgr_QRs2uOvKzMZT-x
z5VyYIO_afFf?h+urN(@f8r>qRrZQ6~eE2U}bo(q7$$Pg|^uJ+*z3?mupTji=$Ir<B
zGF6TsianOiA%)g2*c9##gE=D1g9SVK%T6t>l<4`O-;ZAo^}ej_nT^t8F$})bvFb=F
zhYb2KBB+t;k!g89?5+T<cV-UPw5|5AP|D$N$$&!ZkfA@q^(gQWxNUjsLYMfIbx>Yx
zc?;EH`l<DWN>+@8C|~jsj)VG`<X*P1N(PK)CT#|87w3JhuB;KLd2UU2KCGOj{H!)_
z{}VSZxtv|gw$tu>e$i-ly5jRZFKCM-J}d0@7vdk|&j*crU|einlVLb2-ny#PYLm?>
z$w5#=`F6~JDB7eCbmvBom>oOWEY+Wddd8H!)1xP*D~$_OP7X=g@hKSO#+V!_M55JV
z{N+Kqw^9jg=R7A<2cGOjMh#%&nqNYt>(w+Z-QOy$?)LFaIRcy%fC6vAAoy$BwN~`|
zrmhETl{F#X+V3~gALF=aJJlyIrsL&UW2W1rAh)-QYCX0e>f{Ug@9cjZq0$U6oc*lz
zndr9g0BI#o{Z{TkV|||iNv;>&kpG7|E6JUUFdlX<@Fz#NJGgrdHd?4IwW@BC>tJ7E
zP3PHfDF94R*qULoj5?s5P?sGKxCSUyOHQ0R?TOeluCM>xSjYaZE9ux7<BLb;(arPo
zi-oEfxjwDHcEav{Ttr*`hpcd=^91?w$s8^rr@Z?4y9(Kty`c9y+7)+*5TDgJeXE<z
zkId(8+AEpDR;~WBR>$-F4fo1UPvd18>W!m?HY`M{2RoFf6@lPExE~#GpzssNs3*No
zpvoOY2UH}sZouVD#}@1lYLmUnHG88ADuK9@HqQc^=C_AGJkdbJuS8*lO1sgE%w|zQ
zg)7TAEmb!_V;4pvJkgBrGd}-w?R)ij8XO(S#$<5q>*G5Ybf&g%B=p;$0gG%4trmx{
zEYT+Tm(6v39-TxUY9=b_{+;d;`f!PD2}7BuL3RTle7b9&oKs*&h9{)Cm&9)Fc_D#z
zDt!=fZ;bG)f8<8h-<h0^m|Zb~PNOVKh&$@V{!fqbGngir$k!c)!Er>U(SQ`kK`%L#
zlc(R;%`0VZHFBJ|(?gr2GKfJLGA7XEhT9bAM7rHYT+R{A(f6NHA8=*aoDHJ=p+eh5
zNWWa%e0d#oJq_{0e)814+E1Ov5_tf&fz#$KdROk@@8b(Jwi+@Si4}kNYo}z7{vjOe
zr+Alh1HU))_kcP+Ehi_$Do`?<Z%Q~Fk>Sfy(HtR4-M18$Ub@&y;Fb~Z(;nD<s7!x#
zD7~qT6uD}4)arf+Y&I^WktJ%;QlPE3cN?!+SfYnxu_}V4gpuL!{r|SrVJuaU?78XC
zYEOwZXMC1<nUC%LqZ1(MVI_mRKp}sT_NfVrB&kwW4?x>{4>r{V6nm6+WEC+K*ih7{
z(@@kig7DM|BQ=`=K6GGh8)x(w$3G=qNBZimWm?%gSEBJRV|c<8sExiS4=47(DyTOV
zJ)WaHm-n-ewaU}Zf0)6CI^<9_GmbptZ<A6bPkK=xM(|OpfA%mLuz{2E0mctBe;W9%
zoE((52?Jbn56ccS3d+8PoGT%GG#nMX=wVz_$#Z%i?|!+Ll_C#spfbwt3JSM^UbIft
z7y=5EB8zzBrFAg>(2rnGjn^2BSk8}JgpJ~W2;uyjfO8*$QKx<5{=qC^h~8*VUVbD0
zChbt_V`!YlTh~G(P9u6ZA}U_0I2nV@&5njs?||}?va98Ldf~kePEbG^s{FGThZ`<V
z_iSk>et%#<Cj=RD0mhhggH}vzHL?AFshF1JB4Vh8Dq%Jn(t~<YPqL3xF>%7AgoPx5
zN6nG|^5eWmMCWcu+4P<>oqR5wT=s9pYVT@am-0EKl4c*x1+vZ`fj4;OkIs9@jPoTz
z;|i2+N~fEt1cC|QExRhRZX>|DP#b=N*)0P1=ksQf^SzfXi_dL)64U-@kW>m!GBofp
zfg3wJj{#xExw$bX<FA54ZjS4Lz7)?0wH=!VhwzOjQ|=q1g()NZ6D7!=J7fs7A*Qza
zsIhwUc8%u85y~NT%r!_K%<i;7?S#ZP?K_8a8h}Agq6q}cR!@#1cXpERf{v>UW#=2I
zg}m=#Np<<+j1V&W2TM%B!D(Q50~$9glZLd8@EkRnJpqCg`nIh++Or?EP~t)Qv7Pk!
z0OGTwXFHWSh`2>Nm*I|WE?IAfz|SZ`PG+!!)-c-9;xI0Ia}^1ca&>>&k?TJW6z@RK
z3@CCYobN%ae>!{F2_FbHqU`~>nbb&!#{+iCQ4az1(~-anP|n`l017V20{!sv#TFnC
zs-=8~iI*8jyLij^n4AaugWpF%8=}Ww&PU(9=X&pG<!&|e?QwCb&nL>tkB#wvM(!(}
zDT@-@E3e7x$hZX&G?E*v-xU9=i8^Upic0VYP%o_-kD@=zXwW*{t$mkj(ZCjT{Y{HS
z!*%!I$E<Lc$7rL<QPL-9L%+S<2hO%Yp*Ay?2N02*9;o#8DUdCbPT@+e_aqRHvT>Lw
zj4X2J&1?lWqb;6xqCreXn-#PJ<kOXwnuhel{@YDbUlB_Vu$D9oPgFDx_7yZ*)`(ae
z+mAB!obgH>#Eb?>?Nxd^Zz5^K4TsPQ9`LyAoC%)y=!4A-W;=R3F!d|d(v;8#w(3ZR
z{gksVg0MwEZ=EoHY04ld`pO+wHm9t2zDsS&xVFsL(di*C5AJ6uI+ySGr42nnKe6$i
z=X=IBPvhpQ;|Y}h0{&3<G)w-Tp78iM$A49O!VN~%gN#WZ48{$3++K6MK^lLK1RivB
zJk4+%2#G&rX0zCw#YE1~D2-H`2=pgTf0DQKd@6sMpFuOkt(&P3l6iS_ohqp~B<MEp
zF#1gWX`~n>KcWFAu9jw5KD9<@4p~1y05%xCCV5Q4*R^+}8eyZ8?>3*%551)~Qg*xa
zoNiw!DeP1arSRe(fq68@^dGXW_eQniDo!Oa*XQx0&^$$}hTB?%i_H%E&^5OZ$I-;0
z!q!9ZJ*dFfo`}<7hetItvc0>0vk5y3M)}f)>@{{Oam-g8y66iMQ^;}oq5{t-92@ik
zOMx$L?j(Onn*La)rL$11=1j9k6Og7A{-SGCkK3uMSb0W|Z`)b}79|({@`eE*IZ@%H
z^dnI1Rk%oN<Z&nG8S$~6)%Eeexcy@+tm9t9hVH_%Ag{Y`IaD_g*Zjhn2fX6p)JMq-
zEs)q*^)5@;#{_C3l2^D5jtTszcHt`@Lgqav1l{7NUhY6b?;9KI5w}M+FxW)f;Gb%3
zY&*v#v<G1(B5ilaEA|qR>AWp@5ayv?d3pN$zK0iWE8_O6=$k&2i<lYRO`rMCjsb7|
zwfTl;DRkrsi(6|xA+`jR(3*s+IE`2Pvc%Bd-RTHJv1W3P_HI%?x-iIZxJUNhR9^8_
z+Hqe+y_Ilu$F#>HVDy<9bqM~9g8z51ztVx9;mB@JIy-61iT+n(SqMQj%P}<fR!g5D
zg+jZ2MqPt0G<Ij9z8~kM@waj;S*jYpMO7cSA(#Ve0qiF&b?P=JZJ4Dn&rgS%OQ4=U
z>sj<dcW(YF4&faW4p?^V5`nacz&r0VM|CL+a%~w2%8^`wXA;fSQ~HY|DeAqJ<OCE*
z;Zm^k&b(S{h%skcpb9GMTevjznZXu1!24c}v{uVEwgHhIF&jVc3*Kt7N(VF_T`o}*
zOnnZK=9ryhMb$2`DaY1^hq3)?-pW81B~$=%9hQoFQ3x8??ijEk6%WeW(}w#xg{*IR
zAp<0od+@XEB4|R>SfhY?D}2m`ZO<~FG}J@uyj-p}-Qy^An$R?j^BAd5;LrRcN0aNa
z+B6xx^+aNXCP*y<cxX5ILs6}?T<sX$K^53?EPmFMFq&e}x>eEgCY7Z1E6elfs|z8>
zu=G&QoU++Xx5wlv0Es|wou3=+j%=kL{#IXjBQ1Y=;FWKzO6#wGvat10)icd~p>Xqc
z_uv3WGluJ*&9L>B#Q-d>`ux1TJWvLzHrAtfbwv2p+<Yzsli~ijQj^FwK9b|hhSQ4k
zx%KutT2XBg#vN6;ECMKqqnk4Fy+x=Do3l<@wVAry`{L<obygp$%tx&DHE+hTmRlt@
zZ2!B>4#n41R!?**{x7uQKUohR_dw4Q@wt9^bY7cfz;Fbrkv=#%7#N_qkrcd-o%IYG
zs5J=?d(yg5(i%fl=7d6+oS>~QF~Fb4QX^(HEiGo{FsX<^3iiDX<ZQNmp|xYvrbFe(
zx%?`m*0V+`kMMLtEw*wsF!Qp8?FIpOW?a+eED*=B>7(ZdS?CFf*(G%m+UjsJNJ(6E
z_;v!;(Q9D+(8n5eSAxlIcnS!9;ykbSTx<>4$0h2#iq5Umvh7m<o~idOK!0%spY1Is
z_UuvVKl6B>R9l}Fv}}59SR(JVKh$u*{VlpASW6ZFfW-g#Z`hYRq>3c3;JB@Xe1DGh
z^w8Z?HES)&fG57u`Tfv*dqCkoVnt~9`N4}*$Jks$$4=2NYKfiV89SXv2pnlP;I%}S
zX!9?{-Q8Im(Jjpn6~BaP*IoezkXgv$FFUAN%2g+#xk3hg;@skjBlAS)bv{w(-@3pf
z{aDy79%p0H6-xC)Pe1`KUOJ`sgm=JJxXE{6@A{fouOTa8_ASyl*pQsJQX=^j#YEH`
zm0p#}&Y--dSKkQ!?<6Ik<BLGWm-VLk3o0^^(emp+^)=x}+2ac}5%Cr);cBn7#dFu1
zreF$%WnJ`)fX`4ky#rUyZ8isJ9b=jDA++S{I(RNVR7h!G<9ML%AElFD0UVh`LW$Ut
zjpLaAc+W>>TWoc(HuY0R`=n+bEAeFJ{drGunjH)Ad)0Y-^@gcU!@KrNCxmsFdEb0&
z_5A@6e|@st#;Z%R63p7UX-0WlC!CGrDuS4>$rF{kbm8cTfWWNgmW=klns&@YlhKI`
zjZ;W*`nI{X-#8;te^mN=PzUT&p%JhDYSOLOXP0tB!stj)z3qRH;V3h4fzjf22|rAJ
z2J%<(+tIC7^qNP=F46S+nRlCO{De{zbXiLS5f(y(j?SD9^^EY8^jK~4WbULG3sKRU
zl-!Ad5t{Hm(1-Jpr@3IL%(g0!2NNoJa-DFRpNH4%g^4tT)zC_BZ1Dk9GaXjg#Z_PP
zG|4!;!uZ6(d?g4d!fa(=L4%9Lgqq9eG*9&{Nafc@xjjom6kYOW$rrV0J}f?|5LKop
zz$aMCB^wj4=TiLKvvD3=6dZ5&Hay+6VKq}u^;K8dVpA=KX9y#iv=sKhx-YAI{ar|(
zr!$c1uSlh4&h@99H!JYsw%~vB&~ro4KVd;i3z&qq-w-XQl5Up)Z{@U!|CF^t{cBbA
zhZ}a*J*!eWd#H(~RggwS?-ucez8mX*EgTa+BRYYw>7j-sfUT<p9Q3cSav;zNsQ2%>
zLgJ2kUDkolS%d!ViEB~0(lQS}Y3ReE5-kIrlwd8oZT(MS&21BIU@+MoB2#qUSuTHT
zYUuiL<Bgo{k(_&RjV09kF|Cu1%>+xZ|A^;;&xur#PhAWVbj0o);DOc8%W=x~==eFp
zo#Ba(+lZ|>3O{sAOiEoU@7k!$c9Ij|ok6LeMGd|AXosGRrPcs_C5(C)XKS69NzwsV
zt(z*+%fBA!u4RJwy2|}?K5VK5f`wb{YdtuBx=MU_-0Ir!R*3R2iW=F_;Mwr@GUaJl
z+7Nhp4UTh_Xb41_rh}EOl_3ppfmGb!T))Hp+ZdQPgsV3ct54gGdbU*8Yw{BBs{iBp
z%g3k5s?kK{A6fN@-Vk*Yak=LpO;+jyQ2x+f491N4roL~>Tngg*EJm9YR*!b*ok=hB
zsz-l6ZR||U2zeWkH1fi3Af6x~wIQ^Ux1A@w=K?v@L3`({-zmb!IH|32`$~u=&cU>l
zLZx#3gp=HP;rr4zRp0jr=Oiizcqp|5ag3*EZ&sOX^2v$%4r^`>!kSX>p)GSpP7{H%
z{dKMSzKKrv3vGHOqX!2!y#oaL7Vq>G``FGMeCfNkb*d`pd+RLp8h~DMU6!?u2Tlm%
zpIZ}j>lZ+~I6A=%Bq<ILiA5{bsj-gZdUuCdp$W&+ee=rf{(E$K5GkbF!qd$t&u{-;
z_4ueyty<e0EbWJW;%s>030vIw$#H`xK#3tES=z65HR?|4mtOgJ%RrPJ&_y)I>2pDN
z_HDm$IV!A(iwNdwR|t9?LC$KgN6t0wqw}&T*2i`owwoW{@}D9kc%}>(+szRCWc8_2
zVey9;W*+_3KUJXZ4}%T3mO0(mu2~|oMhBj-4748$iF)-6WW2pDvfy8n1D>hJPg^A5
zr?+bS+jFqxEMcV~k@#t0>H>rt_95t@d6)-*dT8xLAC3oa^(^h{@^U~_kxA@>iL+)c
zM?!bGJ_b^eL#d{oAu-xTC7>`(MYO0B_>s%0wh}2}^GE6vr_6m=tkeCd{k-Y05Ft5o
zi+6x><J4LwSq<J*QZN($j}ZFvEBx-!SIYkxK7%g%r^2m8e4gPy`%q>+D!r{IzgRgH
zXh*-!5i~6MkGkyPHf865Q$jwep2hZL%qYbPFHI)?$XazYkj8VtR$W_0@wn-=Tc>j)
z`rU{Xpz1N-XBZAA$I+)YlQ9?;Yx`I%UigWS?=}s{TE7`MdoflFk#Ecq00PuU$k|A!
z7yJI2oholk&fV&7M-M$W8@)yM>@VV9=0{vEAeax;mAW71T%gl8|E)lw(h<#F7w?}t
zp+3YOo01yq0R1DVZ{Qi~d;rC_+MSZzuXw4w*$=c=5PY`rr6%L-j+$VsM~sf@aIT+3
zc`?zF38g1g%{4Liqt<beOJ8<RsMe(-uT8TWgS#4@;Y4|{3i+jzbt`g^4Idf;d+MLH
zwf&u^GX_^J2HgTj^Dxi8{!Ya^$&qE%)yw&}!t~H_%y`w`zwEN&`nW<R@S%>ka}Kd4
zdCHb$QjViWBG`Iy3qojZzQoJ2rIMclryeV+vWm^%PnQK9-SIttk2qFYBS!c(v%ala
za~7#g{O!5$Fr_v88&SN1V$LvW-?;wPi-JRW|G0Wm$853ms{l0c#Ms}GfoMAlcm$>7
z8tQrZeftM&{eFKz$aIJYx(>Awc**}xR(RiC&TSCHMjVto|6DQp9Nk-Y6U(tT^9c8L
zj*Zy4R&atgq14uscqR?J1{{y$&T!Y=p-CiIZ<)o)3^Eu9mX>Qp=&)tA40XDA!6JFi
zBU7LOs>dU5Qj0TW&Oz}xSBve9U70MT>}u<WlebUmXNe8**Hy1;>dxE)6%c4o|2Xo;
z8#{;hzFB-uig2@t3#G$@sRU>P-+@i@6O7bEdxV4tP`FiEaEJMTGR}-w%hN9E3&@L?
z8R^0CX}QdsK?8X620+v6<`wc~+($SUjf-iSzApgYI26@{4l;ROf8k7F!+fbY_BdXN
z9Nt~G`y$I8_j>>fXng)`!!_;r_uj1AqC!QN4J<zO(@2g<)4dKks7C~9r?machJ9XC
zsaefX<N)g<+ivuSR#j+gt2WaIrQ6YKBry@p=a7-FJ2~?~EbGDB6s>l#WKooO{bIB6
zC(HyL<@mx?V7p4)brbg`Z#@<}4kqPBv~G%lBsQ_UdRdOc#NNe^ds@EHc%<}~q#r+@
zVCXfw`Bm>n^_wx?{J}w(Ly9=o7rfO+fBF&p4cP0^W<JQ;1aBN<9aHMjNXAzMFjqIj
z3n1;{B(eIt#@WC8ma|-aL9TrCmYdHTyVDIsGuRU|Mz7iX>Tfc+$^!CqH}5!ISHEH(
zr@wj6RkqPkSZ;waTq&+5ui3ZXmLp?V`1}6Z+I#-{r2m{YLA>^6>v|crzbWi<3rm_V
zsn%vht9n&~!Zi+4U|zOZo_}ISo#odhw4qB`&4fzV1E*j74mqowda~|0tLK2mrzVtw
znY;MVwO_wp1mNdhO@fsKO8EAU7#XGLOjg+na$KqtK>s0YT*+2!u*0NH|8)Y<-wES-
z-174Y-!|8_bq~NjSGpphLYh3ZKk|6$rLKU}3*eTkk=kX@_&!%@0q~eNjtvtVM&^@c
z5?s6brCNO{8?6@JuCHf1Dh@=u>Y23X={L@dd4u^m(bt03R2k9b!@*5t^sjqb(uBE`
zFtYN}*vkpk8VifhDSLvxCyZlgf!#Yu<rmZFFZW{}=gy2w``QR_PC3iWZ1n%UA6HLG
zb^ZAy)wso1H=Occ=d4PYz)8qN@Uz#B%F9@9Zm)fc<E{GY0oaMvG92RgHBi*njLtR*
zx5U3i)+5H020THwB;t_v5y5xSdtRis21tq9!6Q?c_Qfx_jmMtj7-*&u(!f>148Nv+
zz7?B8h{GeM2ThR@u<!TeNFR`(0X$U~ecpDwbS2Ldiw!lN(i`_AM|<?ID%O#Wm(AM#
zN>>_ZO-n090ed9Eb}@C-{^Ep3y0zx`$xbPhJpRS6tba>pqK<-|=6Yn9vpKmpbaUZV
zOD35bZ)1YobNNecm&QO3si5F35(xLGwc6<On62tyE8M>g3XniRI8L<k(c(m@n7M5D
z>uI!3@Suy;r-o<`T=^rg%zjIZQ+XD68sO0PB>l%d;lxw(FaE!BB*_cf6?&ddI^7?2
z5*0pDPJ{$F_^%fnR5W_Etb1e%72M8WGA{BqRygUKTES*E-V8H(ANXHu!E$)!p2c5l
z*9}p1k%QRd=c6M58=+3mi^obrvzF#!U1T5@be2=$P(|IE)FKtD7{p^mj@{}0X_ky|
zGIY8tJhRXfH<#u`*Gi})5kjr+srogmwA+Du!p^fIg1BpPzgL@$d`svCyFQ+NwX3s_
zq{+AmAriu`@2baSt~Fp!eE1NMt0z;hi2f53#t}fO)WKz_KjGUZWmz7ZJ2~0*;s;qu
zh&nrqxtkzG6HX3=1_<RjR_)H5bZ@vS5;t(kqaZ&;pbx}shg#gwF1RUQhedZVU!cjy
zLL%5_N3YWX=qOzLUKz_u6Vo&R#WBT8P&qHvBTg=_M@L!iF%j@gjOu;-P~9=<XMcLE
zVlW^cWthbhwy2#Yagp0~0p6+Oeupx&W)2(IUXZ-V%IPRJtP8)$Ql)!&;fxJ<eqn~|
zDyMXYn<<yVg>A*7pygPV`7rxf#kwCI$wqHWBShy$6={rR#u_f_F6RmQ6&vvXx_csu
z$rAQKTsCv&Ya`cgkTd=(qhPn2Le~~c{$uzQzb7oOl*8O^dt~!CtXrYAsk!g0H$)&D
z!K)Ta`fxiCfW^@B#boDQ`iy`vd0v_wyKT&8!*itE{nCeOB|V<pL%%Phm0PeUetTwb
z2>8IUgmVRr*k`6PSz2o=@6R~A#PQ~QR0QR5AX$!5t^MC*=3I7bt6@^RX~!^oi*=+v
z$=dC)v{$|a!_tUfGlourpxGK*<Q6_fQ*{oZlbm^@7rV2x#kKaC`@eCAFHNBJa6bEy
z1r(=qE=Lt?!Ev}OY@u@(>$-s@!H(m<hF^q%Lw?_?@0f3gPb=@#uv{P=)e8b$b!V0!
zE0FO|6maR2)g5NzP8gkJc(l54+(NHb!w<1P$Uv6)c`!>otgum-%r}?wNjK-^?Fp9h
zfO!v{MQSv9{ZPP(e%KFzI0zJsKUCy>U-nHsYM!5i^;FRxyv`^>EzLZf%KJ{GIk5E^
zBR-~6OuZsMYo$`9Z@&^)x~(c;zia!am;Z_H=~lb+#|CyJH8S8z9dn%8SdNKPrNT-0
zGMo$AY|`EJij!h)C-Lz=+ke#Ig9~UW>HVxwbJ%4X>^{Hz?D(Avd?z7Q5nSSt+LUyr
z8;}$h@$2imt#==7K6av;=2a)=9;3BG@cgB2?GR4Fw4y*0Sex%=J?_%ck9{sDU@1IE
zF`IVWi)%Xs=L3#u%Rit$NK#Q}qvc!bv4~mg5Q{h{?wq9OM2mb<h5bF{kPJmX(~fDS
zM8=CTv8OZ7GE^NcZJw(sR=p38%H)vWalTMbnb`~DKvVyuv9`aqX;Yxzn>C+|)G+7U
zUn~Jrmv5qGe#V*D%i-j99WGg1t+I+dCc(d$i5^YlZ}5xPO!yU^-aa5$K>ancgV$(4
zX*QRTt@Kg*Ll&)R7Qr*Tob$Wix<H9DDOVgCcl#&w2nLGt<Ofx>_8tW&1$<|lSD4%C
z$TJu-V}0m@Ep7h<itk<XI&iqbUqqZnDr>IVQS0iy(a!;ATub&{%g3VR#udJt7=}6a
zUsv~r(w|RF%9vX7GNLD64bMMc)xdX1zuT9~@t%laC;xQ=&2{KT@=H7*J_T0&>x?RU
zYEniyD*6d3#Jq?MxLOy=yQ^DzW9F)jRv-M{ZJn?duGZkt=vf~kk$F19<rmDJ*51FU
zCGBtM%sa)<nX4SpFrrx^c`2+XLngJq{@?RM`n5ssG$9Q5QihEl!(9GTbF+@u6FF1*
z5^j5sLQ^YRZ914H;{C@tJQ>pU?APJC5!@q}Uwd`E6ra&G$di?}0!_Lko8}uIg_rj(
zl<m<PB-^-5I0Ym71uOl)AM<S3w;FjZ{+MWJl`YVe-I%@038+)N3V+tFl4u)$V(mB$
zCw=_A^KOYSpDT5G#q8LH!5OESxllpozwwF`Q<hXvTxq(?T>41$(meZjTR-x$3i-x2
zM!#Ig&!>wlk{q*FbJS01OBv6aY}8>_%dIik<opAb>D?^?o_fI(Qr-RV!%6PtRvvsF
z8xEZj7SuQuvv89k<=Z8Um1}fe=m(vq-N+vTuAZGz9kLPOs|{YAhk@}1(Tg!0?_Bra
z3+5Hb6ON<;fZ6CC^=m{`PVzTpihKhJWw{WZHBhmHB^e9JaXP=eK304ELh>12H*NZE
zpCQemL>k9=KZ@$j=#|!!QF-G+%cyQ^`$XlErzh@$b@*}?o#KwnyqV^`)j4I2Gl?9V
zA9My8T=k|=Ha1?LeXtr?Dl@NDe{@VlQk7GsEw>ia{4{L^`U~Jb#0Z691p>@oszaAO
z7*3?}8B+4jjaOeCfw1p9Ulk7DW2cC7?VLV_Ej+tkn^V@1&H{9)zB&$JU;nYrV5!>Y
zYg19V*!zR=MWgn@<@wZGt^p4i=E0*BtKtG5dwS(=6?0hRv0j3V*i*V`1=J0$V){7L
z&<(E82=+mx?thFTkaiid`;3YTupY-%mm}x<54!*HcVzPHTNtWc%KgUJogQ>)cAYMn
z47g0PyV16mjLE%Jrml3OiEnH=!2G6E3QCW$-Q<Y>s_>?Nn|(DwHe;w!!}icvbKa(a
z4okOZ;Z#SUwYRkgRl|dAyt)(3Ti}vLW|`NSh0zH|F~aZ1c<7&K5wDEH{m!6~`<DyT
zkG=TY$1-`Gq<f%T)l<$~sIzxU;U%>JGPLt-qqaXM9M7dW?W7duHD#;1e>m7`bE0AN
ztdiW0Vztt(f3{iU9;v27PCsyW#6(iB4CH2Jlm61In~nUZv-yC9j{)o-J$Ao4Vk-Al
z0>}6EBbQ`pk=(C#B~OMk{`9JkH$zWuwLrgC>O~X_s683P@5`3LT2V+)!=qeR%V(k1
zf6K7;FSfK7IOb!WhxhF-)g|ZK6hf$a9jI$J4g|T=iv@S}O6*4HrUOzHpsQ=J!uq`W
zHOlwPVFk-1+3P4s4k=Ek*JDZaTJS;^31+Y0%6Fh?q!*qe)g7uxSq<QWB{Al<ZrrA<
zZ&ZFdNm`e_lw|wiq?5mEvSKE1)aK~ek*7V$`o<)3A!WoAp0QQZ_f+gpR#<|Zs=oSF
zGFEvE7+EE0ud{XIK!n5MZdFzLj%rs2Z-oE++~Gubdh6x7dWn5U47hNryoz{Lx{vt~
zu2A{qP)*D@J)ZK9-$8um0FeINsV+m(UM|wc>7z}74B?fcOz_R1w<D}IS4*Y)lDpQ2
zmP=?y>J`y4yAGJzav4I%LiNKXGg;b<gRbp?$F6C7dm?!wW%pxWj1@E!W^`V?nDja`
z*#-;;x@i5#_o6%KQfULzW~rgvv`#xFS-<<fT{pIhI89@iI|xvGAqqfnL`on06>OP*
z0D;uRBbxaabVH(l`89v`^%k&KPSf^^x@b2-2jwcDba*i<(EkCj7|SM=I0JJ|Jm3sP
z?maVo*?~1Wm8YX@dK6WPe>Zx_dwi<!r`Kl5#47OROOfx_uy*<7Hm+reFnjinr=wGL
zELD_#{ydmFo!xx>M_<P-xatF{EK~6DPlTrpG{tcg_5Z@!_5${)IL-J|S8w}<Q@!>o
z22A%1^Bk=Vxz0MiHg+%bkLt4xPv8%Zx~Tj%TbUXD_~!-KyIlDLzmXP@<DOqn6swN#
z>FqgeWk>(x=)B|Edfzv06m3y$saaH8v}WzrN|mA%pAM^P)ZVFDMG{oe+O(+JyJljS
zkZ8@?J4A`vM8uBB`sMrk>-_P&&UrmaPM&k0=YC(;b+&~H`jOCDklSXbsIP5f*>^@7
z>1pxmoUi@Z7#w+S=DZ9g#=YY|2s*-rksT9TE1mzZ=ze9F&H$Ht@+a%qOe-fC#->9e
zpEj&VMvC?CULh7Lx-m=FT&mCJ=}{~z-n=(M_7Q&%uPnxWgoZN+)u_%GE5SZ{I&myA
z%B=O?sDe!%i;ssEHmh-<8OO9;b#3G-c(th%m1QAb<?boE=FeC0B#QoJcMjnNqMf$A
zymuFB7)I~EzZ5@LzTkkHc<Gf%r)&DL&<pj!f$D<i=mcli@#xBuC{VTc*OSf|U)7p$
zCZP`N_N+qpvttJ7iUkFX#nWRhgxp^4jWE86pEIQTorKWpz!Nc0@i9OLLREMj<L98#
zqK{2EC=y9N<(uUjS&T-v6?>_z0*&_*kIrrwe;Rp%CU#c2fUTrY%OUt7u1gUXtxEmA
z&1avzjv;R^21EhQar%F_U|sqAZMg@Tx%za(U1$|=&sgO(yRThy9dwJ+5obA5zOdA8
zcKFC{iOoqvm?0zFvN6d6;ml)o1(xy;o^k(xy49vk*FT&~z=&aM+~;t;!gg>!g9q=u
zc7rUEO$usQa8h1cawwD&L%<?DF;Mk<HGX%~>f@0Tt4xJoA6DjA&-^YMX4I)itmQtm
z;bK2F|Ds?oe^X~YUZq#er1KrVDTHf`KlU5nLWy5L|El>S0h7o#Y5FMqEwUk0n!!ig
z9S@tCmjHK|N7f!fUXZzD-i8O5r1#M}pHpEg$EtJ;e{XH4B-D6RpZqCw651LXk*?_w
zM~h4cI5gy)*w5IouTBHbYxN|Fy3O_^cP-Vp2U!4>%wiA^!-|_0IUq{h0bRqrp@S@{
zGuLx(6@^MOWt{9Kp=_8>D@A!Jt<{U3IjH&btKuM0<soJhrtHvJEBfg=6z!|d@LoFt
zq(`S|-!JIO>hYsRKG%FN09)fiEot>IJmtm0a`h#Wjtw)qiO$UyL%W`g9XIh~->z3|
za@iDloqHL3w{xm5sQnWAFUxZXTgRr3;}I<E+JP%oqhB$Ah-2cV{j9r0iWFzE5ryM$
zyCt}1!e#F-W13m#AoMWdGUq_6ix2*o-LL9m9V^qk0+u(jjNRD8!q@{!&Ay!g7^)af
z*dzD%0kAX4ZcugWB})TrVjsZ&o(M#-KZuV!<@!9*Mf2`V!4P@SDH#{{%SOo~p-w8|
z8o=ZF{4|p^v#PVKe`|<0iV^*F*wN(0t3E#Kz98&QU(ojJZmyJ;XO`=?9p-$Pl#+24
zdeP`a+{I2CjOz}@I5MzF09$#{N*?xrsrbQIr~`|c&BjCGDW6BQ89O{BNv(;@^`ZGf
zBeH4Urco}4%Do{5q4HA7<e(m%G0psakpC5exoZ>Qx7u1{q(|=inI2}XEj=N>Na5_u
z8*QIdKZP#@X@3dejTl-7e%NXMG!jRAt(mA1lWH+}#hKJ=_d-L<RB_kvj}DER)8OYU
z;%=PJjg#@Fbux_#U^|$sX#URtgE-OIS^seaYOHrgVBVe0eLla>%4qLP{w~W5YjqbI
zG6J*VDMPQ54^xrQM2N~2D<ikY+CO;{5v9x;Q!qZ8*~!pctyatKE!nskBO}AbnH$+c
ze6^z8kz`)EnjICxQT)4gp?MvfF%`-;hsyzhw)!2(j9%x0B20k;Oy(YpLBWkC)})G8
zPS9>tcxNUhjX!w!Gs0HItlF68X2+(uf~EKu(%z+`@Dw%WH!@~?u<^_UpL$XH8^N_@
zc$-R0YmgVm%a-j&Q=@}AC&5BU$JxI2#ZBo`Dsb;oyEnh3K5n_^huKZE;+Tc6|4fFU
zj!o0>eE|Kl1!g~EvvUxhPap-dMjSK4M`~r$4d$<oOSS$82L>!)QfQCI$zOaYbu`YS
zrE8j7rfL)SPq^}Opa~>7sR;4YgfOaSq&Tz2oU_?KEwviMQT<TJ&g_)y<nXI`g`V4g
zu$Suhe<bbne!$P>`u%xbBDJ#6d^jZS9D0Yvtl9pn*=FHIs|t)VmD%DSUsy7a52TXC
z%IHpiTn?_|y?Ha?k)q}Lze7y?xE(TK1h-G&>Rb*>#7Q&L)e&yuq>5mr<B+ekt9!~c
zfx5(oj`8H(G4gj9(GGNr2-P|H8o017Mrq?5H~kM{7dUh2MMeQQBB<0<KC83WUL}zh
zVbbB56D!4JffmJ;8-}lS8l6RH1n5_@XkM^C$LZFs9yxt1wDFT(f1a=f4+y|YG{4d%
z5!p%(EK9QCT0eE&Iz4|)o`k+dD>>jo0;s4TBnH?Uhkt>x^{qM%Tg*BqVQwoKg~Hy7
z=rfE*<peP#CAV_WSR3|1Ezzg!oRtC$c>aFynF>=Jx6rRIREw1K-UM#k$$hw8OFTD`
zG@6p7!M`w?cz;zLd|mM{!2C(ryfwU^$>(goSF0?fQwpOxW1;{Pboh7p<S6%|!!Xbc
zAW{rci)vmK9tQ~QEWguuF|kfZ*vZfv#?xy~JXX^hz1nUUtz==1pR`95aw?wM#hrXS
z5^`)QcQHl3xa)kZV`02=5&*Xi^JIi>*q(-m%)>SvE^E5rSvfa;(~ClcP>pD9KFC}^
zAejPrFkTwzyA!{)b)b`Zx^@(hUN9K+5XI4Ul`Wv7pvwQD+NHK6kIjCOw2_DH7uqm$
zbDI)Q9O=wxGPIkhrGyiGdPpm%`3AF34p0&B$bP7C0S!QpYm1bwt+Dwmpe_w?wOwKh
zc;Z$>zO<=X@B*1-mtR_7%(n0%$R(uPDuZ=wJzRs*0)J?^72$g>VEEFetK5t9MUTxN
zGFb&eY_`R=*1l>pZxq~(C8DYqlTLVV`3Qr<--Tuu^A~eB&S6;QETVvliO@X7q_X#v
zDEU3x9mR>9N6#6zX^L2(t*JiN8@HT{Bk-1%nN%PBsr;;6K1$;L_jIBozTo2A@DgDR
zuls9s&Hgw1rjgm>HomP!jOhX(2VnuX{(=^o=*zzVyWX}D5-ht=5Ag=IoajG!YCSS4
zluEaM*ED@GSN?jDX_4EV5EZ~P2EMLyqF9OnsCJdKkdFK>-Ufc$6ie=%+io^<(_61g
z39n>6mN`9CW7hQjujS(;YVYVl8@?>6_Hsb^As*s+wwr!7>WLTqppEtM!=JJ$X?2_k
z=NgoNW+D+MKB=SrO`z3y{EN_RLrJ0kGCv-Mn3jl~rP!(SIM@b^4n4_7qoVc~+MNHW
zDD`}$tu`niK!DB-!qhDpVm@%jUu3gEn+xXj2{QVYY7}ze4jmYZHUuQ0u#)3PM0B=R
zpkY2)y^|nbksn^vu(H(~>3>tf9N^3Wy5-$R``i=Mo2q?~(F`f@J&kRB>NVtIWL+!8
ziTR{HcS;}B{7Ti0z(08oy;u&vc+{&KP+A}~uj{q3U3t&8wWoJmC-c7akB$rQRqhwm
z85{2*_Or;2sPBowE@ds~+54L>2;=KHQwxB)S*u5d86!SBq$}}>E;qDbz?59Qz@xcO
zxrtd$#PI&z(Nes*u3aAl{q5<3x?=^@wPeE^HPTp>pZI++xS|zADS*zJeFaiJl_Gj8
zKzEBo<b+dabSEBEre)sTenT`I3cVqk!+uuR^`Sa@(@Zdxw8T~utT{>W{AGU}Ul1fY
zp0|!~&Db1#vbK2+ypW1+|9*z+djrp|l0V;6@n($kx~MbhFw7H>G+y?19=H2$gBs34
z-nj5j{cQHR!2`olOl>amxjZHN0bV|9{w2%ipxJrUcwdbAO<UC)T5Cr)ND+f1tJ*=i
zD!C_AhSQGncygZSF#g;G_r2Y=xQP}UGWwlA<i)6Y`u5~w$eck8`G6owC)g}f@O&=;
zT;=wc_rt^u2|1<1tremlCoLbJdZpO4KiWgOt^svIi5Gt%hx<qIfO0$^+nn6XJ{#?K
zV-gD{^$+es7HiK_@We;q+1mA+^4wbk1<fM0zICTLvaXc$2m}RGh>RAs-iEVo(G72!
zG&YiGhISY;G%A>Z+~f5a65O&L{1G8qi`SJUHcbUD8_i-~rD80#8&}o1xALk!?C36v
zXn)-xxRA&e5#eO1RE!3Ftc7uF@ht?{bjoB5VJ-k7jaGvz6p*XT`gf2h);U7E7RbGk
zYh^ZMOfiU;;)xEaR1B=?Kg^ra+_>4n6$1I%5}7<4f*8-)Fd7TCl|CS&VUPO~4dv$x
zaz`y&I0pmC)g4J}zW@!dRtY0-j3JVDDL#cO<{9Ky0XfYV*XC~=z=ytLUYGDqe<F{}
z?~`XfgjedX28Vk=Y*O>Cj{rvvCf9>6AK9whM9u?Xr`1nNEGZVJIeA<%+L9IgltEzh
zXb6=#YP9gcRSdjya)ZQH3ZO=|w`<KDl>JAELT)A90L0eRat#JY!yW8mB*vaD@;Mvq
zL2f*4P<$RESJH=(KX|{(#*0+fBXeEIl_Pc*ynxUG6?!JobC-^1xQ5kb$G4RGuDdzs
zLZy7TqDdbKvS+fI_Vd7ZSAksrj^b~f)#!yzJE5;vocZ0S6n!!S>V+<@-_S?`ot+SJ
zPmdnT<ZE9HnKQd!>m7nAV2_hrmVXE-jHmld<iWsji$jiU?jLVUG6!tGDEf<CY-x-F
zm9XWZMog=`7BT<o+_g@XG@3|?Q(t}`6g!OvmGA|4x*?~Ee{YS~xdSF_=;bJpY@%im
zs$o^8Heo#A`L)~_ga_h3<86OkyP4;^d^X6kz`uF%CxCs@{B7LiIpH<r^#EDMH+-W=
zx4QVyGrNbgJ?jLHpkIT@M>#D`4gV@_8n*UqUT9LM%fpWm;^5c$)H)TdLcL6Cj6yEj
zC&rKlFe1br<2|Qa=9$Ls;Li(a%>Z9+PUg3isclY*wyYQGmK>h0<Qa<WPH()qtZaK#
zfSyD$iLWb@wEba>aW)y9D2Fzb@oi6{tR|(8w+3sr63>pJdjskdO-n{Wmh*?zBBI5)
zT29BvsdBRq;hU6#AQWZy3U!k_W6}nG8K>Hp4oR(Sgxr3w9R_?Qauz#Ei;`af>hP9#
z=|`3_`)|SSIz&6^WJunF(53|wxM&^=;d(1AM=Ajrmz0IIoxE>NX>KaSP%m-kYhaOt
zzmK0BU}wfaEa=7#(BbQWQE^Dgw*iIo)-EeL8Q1UjU9`J&Ak1wjEy_nCa)QTtQdQ0&
zsL$f4+dnVE2O$e{Ir)CpkW<h(XBV?W69kpBjcF_zAH0UYl0I=N+iiz2PfK=P5qjQY
zyqHo%O5Kvdom;(o+AC9-t@&&*i?3>6vqEfUvl;?STVU3!zbIC933J+{WbLPD^KV6=
zzmobWKKG{IB*+KKX;0G&)tVrT&rRHbmC17iKkUA5zY=Qvu03YZsN>v9u6$JWe^a@(
zaAfa9hupoJaaOd5>Nxox>eClta#Q06?>QQa?OEn_3|ozFu9blT#lTm$4qaT7M;Ijy
zcN%i=;Xiry_w-)IlBv=T`}S;eh4rL6Ciq9Ycf*7XW^DylRYtfxHu|Ai>2KR+=btmT
zgYcJ)8-Z>aYH#3<?H7zg1tK)f96xC-RWB@hYe-hPhnU`dksd>N6w~}04`8rkYgc%#
zRtxXK^0OEk&jLzv164^o=DjM(o@2Zb%~MH1(S8_vA$K7ic*{s^SY#8!{9^|YjT`3b
zz!Id$mwf`TEt6ut<Q@`!4t-j38UE_os+XKsf|nebEPZ<Q5=R}T&mB;Ut)WPyLj~He
zEtyOlKNIe(<l@<Q%>IO6?AAkS(mc6U!|37Gdp7fWr6ukURo;LMkniRl@b2A|_sy`~
z56$nsJE1nPmsm}t!GS3qCo4h~?7Ha1g{mf1eWXDoA0yJZj?x@*Y3{^>HSJ3s@BXjk
zuexnNKIUY#(rj!w{t11FPoTyiv=}v=_Gu^c(QB1yIc{WCV%a-7s-1a1-tVf5LUb${
z;CwBQ*D+8vEPG3gqpNO!V=|Wz7sU7R9m{sZ{cbydi+uT6m)L=H_6IMjbayn}*3Qza
zU*C23pG=ZI9W8-cmSr6vF7>stzxL?jh3_}V+PxY?pMSLlN%6SJz}M%W^zt}Awc~LN
zo7+)P9N4pV`LtiTVRSk=krD*0;zjM71Z(;IP89!4p%qlYZ+A=SF_<E%F3vhzf5I8?
ze~*JqE-v4vaC~xo;Zq>m@prcQ2_aJ2gR0yu7s$(2GPul;mj3oyZ}!?I{(2K90aeeR
zf}yck?_0*qTFeQ!y&&)DB(zlC1^T2|h6H}1^gVmJLA`AOQomrmg@v?t92}os>=sJj
zEOu5`N<Sp=`(14b?>GMGD@bB9x#B)i?n5G>o52GF9_LkyH?MWntu$*EW&vhfcoMb>
z8r?`Zt+h!1h1K=$ZNzPb%%5~`INd0A(fuSW<?J2M8ooU-{J8N}$BKTV+M?_G4gB||
ztz8qpI|5BrjALI>A7`0N{h@`n*Rs*q>@(Y0S7L2SRzw<Py;J6{H4TFL1?PAi!~NFH
zd@z=!nktV>&wRv!qLgd^20;LZKZ23f%k#Q)h1gmH5^g$c+pBK=j6M&72liCRhAv{S
zh)AGfqG!!=iQfvUy+K+c^{;k0_JgB7R`*lE1CKtcKW@nP8$<oQ=9v6${(kQKXo@QU
zl|~tRZRRMBws-oJ+vOnw;|f^ts?IdJ0I+4CCXlLEauk<JJ83&(qN;|fxR>$4UGN*g
zBQCKF%^I%Ro*A}1t^ZJ!MoYggYmCp`*RoR$Hm*OoQPuFE`y{{uT3_yQcvs)+V|8UL
zEm%QtZiEN%41IOkpUOK=j2?8<*g_T3LS%NrGW_R>77e-Ce}de}sa)TOBp-P{DEHuC
zPZYU)M@jhd<>UX@5k<pdK?x1SI8n!8OOA&Ykol3+^m;pUBlH!hdex+pvy;dF$b2cv
zi%-J$Yw)wv;)lYxl+?+{=B=U35XT;d7b)haJ0ttLt>$~EQ4NA_dO<$%kvCxK-1puZ
zTCV6aK{Nt+D1IswW^28ehkW(C^Uam;QhTUWjolmCB(}=fmHl?rL8v+xkE5E#7jua(
zkHNkS^_5Wo-=_l`0N_J1(*xa+^+a;rfF*s|?wB~pqHKFU*~AtSlX&|p^V}BVjW%u{
zq*@%jO0j*4&A_wbW-z=Xf@%o1;8<_!({`01Bq21#XASRY>}(-~86`dBoos75{_>=M
zNaTFI-Ydz!SHD8@HQ(f9|G7qLs#lGmncyhA$1?>kvd%sM>nhRiMmm_UJdOrCM%V{h
zCt*q^6kJnUi2pXQg2Of?E8r9Fe1+GsB9RoA*MFV<xaHj%@6BEUUgz;LoM+Y--Yb9I
zWz?@`7PC)yUGX~4vpW;XQ8)PGwT!cUZKzYLDf;mNHQyaY$6)T2ELaxh3Bh(OBa7c|
z<@ndz?rF<-yYbggB}eT{YI$_rcK~XX1y@>9^r)uC49>2LKct53S?9h03bpc^6-}Jd
zCtam$dm640#QYk#*GDUJ;-y|ISN%2Dvbp=chUdl=q{VV_biso^hW^D_uAJ_^Y$m>6
z*DXwSKWCqc#@}Y%o--1m1y>w%zJOr*O)AsYF4f)lbc3Ge?yM|I2*JOAujwq72u_@w
z)7ngK$|tBh-TQGY@G^WjWxUSoQ({VjvCm<*tU3O_{8SmWXrCY^#Y4CASq3}Tvs#7B
zUA$wOCCVT(K2Ug&lg5u(b4R!3g)xc#>YQtie3OVXH9A`8gLS)_|4iOFN!Qgh=#!RC
zGyK`}J_&%b<%CE-*FG^uurZb>rW%jNO4($sYeOxYCBN;IF&^|1CVIb19cEF|)Xsc&
zT3nH<oJeE!^8$a^AIaozuSmNc`^D=8|2s283an(eUk>|B@JZV4I__v!|2gE@|Fm7T
zyZvQfcJA7t_>+z6BO46PWe(M8dcgX{H`0>_5?KAuPeZ??Z{Nr9ns4cP4-lqh8qz(I
z#2{iq+0R6z#h}$1-HW$uMRp7qd99y5dUGB?YrQ~~xa=4!g$7Jzt}+|zaZGRT*mZfi
z0M}B<68)8W9O)9PhlkMYP4e4MIC**<!v>?OJ!%dv<GAI+;6c8mcX*buJ90BktATed
z<W^e-Jxq|^%oe~fq$QO$_xC=(jpV3*#r7z*3H-Z~{wURW6|2I475#+3>C_oW!xS7;
z>hQkv?nl^=RE_8Qzw#*=<^~|ZGVo<77;eRU54&0D?qv3?JM5@nRFtExYA9GERrR+@
zSmZJI$#<c<Y{0I0F<cI~r}}F{w;)7zPkSjAyWMob$}I!@H#@$u?Y~dQqXkyp*<cM-
zT)cah7=|xZ5|Mc#)oU}Alw6<g;d=`{II?|6Vig1O1nO_hO?9<wInMOYZCsojck`i<
zfQ1+}U2ps4dHcb>s|svJ*v1Dpb4UKGRBHa?w1t)Ns%)LHjX(o5MOv@naD$iO$up$P
zr$X`74S^U(?Qg5RI(FDyt<+%lfG{nuzy?@qm#}h16`R?*f)*%eslc9;Y|DE}#Mo?U
zb&CWc?}*k+ComctZT}<Hn-GaoIdpBcmoQrN0M>I4%A2&Wve1_OI)fs-%76GP`w%Nq
z_Ee*9+*gCmG-#4RU|?UX9is#S9PEe4={A*lXcuvTnk0|h5tiGx{#M~ea#MEQ7FlVT
z3theicwXxO;14o%*}GcXxShuEK%o4@oiy;2TJl`YG`o0GIGlD4<dG+GQd4Az+J!dy
zaxWo@2&$p>6$bF|6jEH(&(}smI<Nf8Iz%fBUU8x)aAE&(Af^%cUA2>i%I;*kFh@HI
zu|c`hy<36^vdJ8NUug@-YnvarjP9A=5ooD0+D_F%Q>SF@CiAw|VtP0x-Y9Gu=#SB^
zQYvfjflq6WU7p1xNCzOBPWjrS^FPl1;;9nBh-Vq!>$Pd-({s1+You?h&!sJPtv`n#
zFs=hMBVB3*rQ~lUl~H?>B`z!@SfFnf)GJlp+#z#lr)>5ZBNLh63Hq}8{TW_4{E(?j
zt>Q0dfhbj~8&Qt<_{6(l?mlM!r?brX4ljQAk*n&#!{EzRY`})yh4!gg=yUBfY#|M=
z>y2FSfILh~4sz0_3d(;rS@<qDAf_Z)O&gXstD?D%aqXbHP|Q<ZaMy2S`@jI1y~0*;
zi&!k^oZ|D}m>e~V8h3c?$pc-`VMEP2J*m<#7cQbiuT1XO%708KI~57~zTGYyes`<A
zLihy&eWSt8l?!?6$wK?IrrdV&_Ofq-+*ub<Fg77oE7VFp-KWC`A+wUmEFKAhe~TR;
zc2x4<=ZbS<zqhDV+iO2B)`u9s>{|SJkz(JdIUNBID~zSY_VJ}@X7!pUck^4O*0PE<
zTmo|ebl>}0R=37xJNt9}3BF04t%|LgjYi|*lN{Udjyr*C1Rq`3VS1nwE=g?iKGa51
zqj(sT9oe3fe*z=?&{i{C6<8_Zoy*}oPQSqE4rDumnSgQ#MPm9xe84|Ey#htuAQ9RJ
zc`X6rY@&Ckswl7hz6XcBPKd{cA&aShbzk|A68>U$|E`6q70m>yv&8?D+K}rm4m&#V
z*X?aapkXbo9047YCoqAV61Qw>SuJ2dXtQcZx2MugEZA@T4!4d3hISqjNVCHwUVJRw
z$3XWhvj4=N2F$m*W*1%v7wH*QD)LeUk%QHC@Lxr`5JVn_Yw8KhpPxFcbzVy7=HAdd
z$=F~&Te<0B9I}eYp#j=55my5O3rO8_ZP;}yY%OE|z{9^sUT$7@0sS*|cW4&~W2AH~
z^6SRC`bjS(w#3;3TnZ+WT@EACnT%)N^mIzC>tl0Z7yozpnKw<Hl}`gqI;Bhw(2>*M
zHkmprBZW)4SR<#iV0B@e;Gw*JEk_Uq{>+@IQwEraMs-DB4emmD9NdtWZn6yHYxua0
zNCD0kHa;&gc{1UdvaU6xT_fP3f`pl2AHCZBcj6Icn4RUCuNv71dGhLa$0sDjBR?al
z@wfe4`Pxlc;(1cz)e_G6l4mwGh|J|KJIKg$^(0%L9lIy4lBc~BHHz{3sK~G_@Q}zH
z<lSM8Nfu>13KZPry#H-EQidZf`yh1Ig%z%Vi$;vU%PtQIQ!WtCShKNAir(~Of7i@n
z?Lt9g_1#4ZFxEe+trfeK{BPo`OEAg%{tzy>VWX%z*FVM?#q!J$r)hhH%S_?#4?O%=
z=t{x4egCjI_Bv;Im4o3@zhUM23h1}?e6poHe8^RM7#7Uho2k%uz3%;MGn+ADgC;Sk
zVBO6qd#@v;!`mb0X8wzBSKN|rY4HhN(eA}YR3GHnsm{w7m-7*HB&>g95~Et2AyDeB
zgrvHx8vDv2GJI@DOw-=TN*kufZNWtMwlZhRuIT!KuVCioN<h|qR1MSy;Of89!kfO)
zicS_7+m@9=XK^vX3nlv~o#w&(L$~ye?)zL{ju_688xkot>adyLB3&9xA`Zeo;`cOG
zzap6&?8by$XsQKRPuu%!*w-F8%mKE}PwC#Gs1QwyGJNoJs>P8z;n(-R3~b;RnHbBw
z?$GP+=i@^g33rFu30wV{+pDi@x<(a}Y%6NkwSP!~rNd??Cx^pYck70N3Q~XC*XMFh
zt|!>s&?x;Gi<8*-uq#>8QD@uvC4y$;%2pQGL@33QjB!`p={F6nT!3QvM0vfy?;$Tt
z%z<kTpBortVLFt4Kmv%#lZr%CZwwe3bnNwI{XO+pUXiqIiSlI%sCm;y)bz1F6)~<)
zq`#kZp>Fp;n8g-(UicF)aJ>OFl*M-3Sq0w4o7msiB{3b(Wfcgpnw$<r>?V2OsP?iy
zv^B_Kh@UM;4p4fjRvE!+i1@DQd(Ewtcm9bkZ*v1v+vCG#PhfI#Q(KOZmu|P{&Hoa~
zck<O<dFF2WTvbL_0)pPk<hPYim#2}h?^)<lXMT)~+{0G$DF4YkfuU;DH7v^;)?9N{
zqU0G6(RG0*C6C>_aDl3(2Loj-4J8JblkIuuN9uLHknGXc;_pdv@jh-Q1$R3@eK>Ch
z&;UBu&8<Q<#ZtQ?cP+BEL9;nGJxbyb+1Q}E*K2=ee&kGN@?B5TyfwMFGA(#*q@m$a
zTCh1+m}GT){Cm@;Ff^}TparLTQ;`AOEo)O#6L-C1<kiD3Ou4x{#%>0)Sa1GzmK4mj
z>A9@X+;PFWvu~9NQLct#dqgHw&l}roAFuV`otS+Fr?o(~c7lKo_s<WZP1emzp_MW1
zoho(5dMg-<G4mSi8=nump}F7bKaSyOOj1&EX>k`WutYm)f2nO&-H6%5x>QN{T7>Ev
zTBKPqBPp+C^T+eDV&4A2pS1>IPH6!zE4?gRpV@3PFWlKw6#~!9h1v+RnJ^xGy*}?Y
z+<0icRl|>gCNEGAbd(sr)8ZGX7l(0l(=2myt(k_uy(ff^-1$A2aIp{+0ha7E*L9q+
zug|(rmvegVsDn{epo*$$vpsrj5Z^c{qxZGtVm}bNJC4lt8J^dci&tLuVZ-;EXr&$o
zHLv{es#&=+vCscL3>Yn%Y+frZlW*(Y;%e%jIcN48gPHES^x4)8`pU~NUaYDU6B?X+
zqTdcekQonC6jwB{9Br{Xq6eP%D+(S%3OH1d)2qdqtE%*ZK{Rys4KFG2n>@{ecXL9g
zTyIn>X5+$fupTdVH(&yp`ir3O(x>cDS__T9eIw?&Wnvz|$5oNZm)~h|#f4~t4qh)B
zjxJM^cEXspdJF*r?ct9B!A{^P|7e%zC9@yg@uJOz6y?4dG2$1gF&C9Vrvk^$;Q|4M
zVeYs;y*mV59-}hJ(Tvy7Unr^R@+GL~_V~z<&;fi#ZfKb}z+@)!e!aJu!Wxg`v(lWE
zV!sIr<VK_(zvV)5zg*OoYf|Q-7tZhFJF#kX{1NF@eppVXjFu}bMpoYykLmdOpze}S
z{$mz8pD@uSQM4A9g!C_>hhfJT&*arl++Q#A1M#h{Hg}Hf^zLH=j$GRO$d4BA*Xda8
zm#fVM6hIumY79^nQxTWeif;@Oe{H9*I<2`_oGY2}Cu|O#>D_XH^^_>uKNwOJiwTza
zV(D=uxQV4ONS(#HCPl?;7KVkk6&S@YgzS7lC!KEo5rG8fjiYRVR)b{+>roa9f4d0l
zMuTBr#5FeNdbB}gwvfo&JHYD)p6Jk7a2+WJV<njWPs`WjHh@MoNN}qUyA^zdJ&Tn5
zJs_5EbFr<toW9U)=47titaADKDo%fGJDOZr9`-G)Z&kkO#?AGoXWYHmxjK|`2vH|<
zJEE2+KzH<H4?d(~Z(pm_;L;9UCIBK$!L@yRC$HFH=NvM-VMNZ1yEd}=0<6GG@56;A
zV;wbpYJpc)N;He5IG2!Gsx+cLwe^aq9S8NwUS@AU=~y+SJOnAR=jsyQIxU5}F5A?X
z<hBW>CvRwY$xXH@Pi*Wd1<)f{s;;T$F<5ZOw8wrU8-dv9hU%4$tB2n4YpqY~3MHx-
z>c5L&=_?O>V{j&jNKs2kKP~!3;vwQ0G8lFqMDA07oox|WsIE_ta~^qLLW#MHZ_b`L
zfF<XkC~@t0>fL#5S!NFw$@%g%G1)DiKWCB?G2RnDe5P*H5T~{XT#a<Fr6;dns0&09
zojnf&2hdHS{2anIVb2_#B--vee35ATxbf2Ew_fJOr*obqgG{O}MT5+|z#?hZGGCPm
za|Yvk<I_yp9z|YE8O}vsY#HuF?3xC6X~8X4dY|5S?2VJ^!PgCykTX*8)yPDoH!}S2
zkuB-wE3SQDc3wtruS>x&6Hecg&utrR<!pv|>~}Wj_g$!*;w-yVML2=A6oLG2x_Q~h
z#ZSa4hY2!(kN?!+J|8Htw7nXm%t+vmJj*hOEDg`)5}JWj>J!Q3NUDg>usW){9FB=U
zc+P>ILiJd6r)2h%Owe@mNtY<!x}Cot{gNkQ>$QwPWM=EUND&<Fmd|PwO+M~Of!lD@
zAhi95zc!7+v>f8lM(~hX@kG^Ryiv)_WVVxk--VajKZMGUQKn!jZf;{f7(|&rH;BSk
zfA-9bJk)u%*`a3J>9uiGZ{(kM42Bez#*QkGybsLw<$s4i;>CQak05iK$P=6B6l+3j
z2Rh96-wEv|PF}$=q*LF7-l5M4(XVE*YPe9vqU!Sdd&ISM{<;&srel3AUWSZ&fVfm2
zE;<_1ESKRs!>{s-g0bjF{kgeN!engaaJ&GbaC<Nt!mSPL8Dzo>wZIQ1uKFh)sdR4p
z<F>L>EnxkI7{==GR4p)ILXg*BD}-i1w0G>5h@57e%s<YWV+mtge`_}Lx$X@2sNV=M
zd<V&4B?!Cgc7W<m!(6b|Ef-oNFbZjcH&y{#;^q|tY6E6$7FkID1AF?`rkmgziqTlZ
ze`7WLa{XC`z*;gRmgOW*iP&1V>ej(Q$#?pi&*pvEs<lChR!?#yb~q-csQ9}~wQQa2
z+4Jt+Kc%P@NHgZ{@9;kGsreih2xsfhOp4NeYX|-3E4WK*`9;fVS;0Q<&SqZxXWp?>
zVAbAG-TpP-bB{GHOqQ^!!UPO0j?LZlwqN|!Y}0z!2oAZGGHvILm*;_2zRUq0$$z#B
zP43FmX7&)~)7#Q|32_jp3Y%++QJ=lzT3)1(LT%aIEL^9F6?-?08>lb}+4>CGXu#60
zlG=~OWO0v*6W%z;N_aC_4LsJDS!4re!<-$ScqLe|!dQj%1JjvhR%%3oBD_Uo6oOiR
zHP`ZvN|iyXMCzx4!%oAV9Xya-`6ouDJ~)l*EQk9~qcOQo$~sgFAGHBy#2`H>uyGeK
z#AKiDsP#h6Z}0rU#HFl&1mlk5W?J7Op%bN*OACMJ4;0dKIVZ62(WP6jXVq9$<^Ll+
zDhqW|nlsD3U;P+UM$h!<{^;t=-Oc;Oq((<y-&MFSX7O*hqoQN|pZ@b7626VSh2S?p
zBOUq3jrAA9CzK8d6l2#lOwt_n&pX`kAMqav8S&3K%`wJ3KyM7{*lk6@ziE8ly==Ie
z1+o>%_-j_k&fPSHxzXT2v#tIB>QMXZi`Xcf194e<Bcfg7x4mv|Lsm>dX88CvG-CQQ
zfKpIWD|HIFwVDWSjMp*_49ve30#*$1oifo_RVm858IbAa)6t$Mqw&PfauHRT5ojOp
zT6sC!_4x`W*a@NS%||$X3;bzf#|5=QonNg|F(qTrJr^rPGXJ__<f4;K9$(Bfx*oI@
zcA~{aI{0L}V=FSa)E5-&yY(pM*GdxI^8?Y0-*pV;##8|^GDepz@9uh^M1==^$geT~
zfmx^>%)}HdwWEaUeV!~)Xe>j3CDN2QqU#TKP3lRw>?%d{K=JRR#fmU_D21hsOJcR|
ztRtg*=bdyD>3oO=!Ol)>b?r8LNXt$~J8!?xcd=F3xv-Gp6x1mvfRwT-ykxjosu%)7
z&Ly9bYD3G>9k7uxWHep7Z!!2#?d@MVk@+F;quhmHho2x*xBGX?@Ha=ljrios(d(I^
zQOw66d8F*37W6qh%<gvALe%lUH<hDE(x-VDf>YpzKi_O_?xe_5ZD$T=yd!CX(00b_
zAycM4X7Qo9Fo5rHf-(}_Vilm8rxNZFJd^YOMbUys12)9w=t&r0PjH*Y2+GgIIc`jn
zj}C?}c{6|8YwpUG-w%EAS~4FydX@K>4ChrZ@&4Q6bk>T(c)t*hZo@A3iO;??{3ovZ
zcs2O6pDIQ)IGa9Y8T3`@mcJnwd>I?<6<mip6`ssq^Z(PAQ8?qKq~%9~@+$_Hkf!0^
z@u<hxz$Ce&qAC<mNb1=$=F`6@yrT$Y11C`-H<cU|(Y#v@w~|^A2W?6iBUR2G(0WEj
z=Z-Zr)Z9?u=ElcCcjkPjXu7^GuG~8o6Kf@Z0tEhg+3u!qKJs@H4XF4T&IeE5hFI2U
ziad^_2>5wg;pFW+qe5C{!Q8HZ*iSOboLeshXSN#NjvoDzENV>Cu7S^Ll#CWO9Z-oS
zrQvyQO-z{jhm9>6JikJ*mhjowuYI+$Um7uAf@A|f`{;IfV*dM!IUnNci|M&ku8H#X
zyT{kM`xQ4h5q$kayI(*1i=B^Oyw|K9J8+9A$UaJLxvv!YiFlA@yEEB+U(qW;(JZy+
zPhf?UuDG+SD9%k=iXhn(<iE}mlVvt#DRkN_yyBK^n5pKOTP>dPXK`+w%9>&sn3Hd-
zM>!BP7a<f+E$E8VQWETBV%CY)cN0fjrhD;1pV_RON{h}p`)BH!u7l{2ZY?b})OGy!
zl|RAJ(={E;SDLIv51!aBS+0zKL-J7w>-R)B!ChJMt?8dZ)6h=J0dMQmDx?TNNs2lA
z_$I(cj~qVh7^edpzZz9=;pkR8WyjhV2}}(?<Rvi6W7rCVq)!`co~WZnMVjW}_g_dm
zon1}T0H<HFoFeHaro3Q$AS&HVx?83SH=S`#b4d$zRZ7xKi>JhBSpSjN4R<iOn6Ta#
z;2_ZB817qIBR@aFcg}~={V={KgmN8B1P0j_-AyqKi!m>dWy8&dEl(yY*UPJSW>dyH
zGCKGk&oY4xffcdd@Srj4#xt$k2pVR?;vMj$VIy~;*fg`o%wy+HOto+zzyHqYp-kPK
zX5$2^`_n9+l+0*F^ZV*%#;>o+i;(%9uPyFc(gSudHd^M*W+s>lg1m3((Iw>BNCrrD
z53%qn;$+;j6LT8bB<u0|&m*)dh%Hzo9(b@P_~$hYsxyZY&yH6i#hr$yJg``C8}xVz
zSYnk_ka&$<6O))aWrI3^>!wFB-;~eH?1T@qN+33u+WxX41?A;~<lwh?t7=8Ih=u@E
z8OBburY)q>-dNJTN+&F0m&D0f#Z*SPCUDN;LbXL~BBL>KQWQR_-zMG>cgzEubi}=V
z{8WP~B0nLy+lb0V_Qf9w2NUORl-d`FdZD&@(Ki=>L#)eO2pT6fO&>stF&%Yvcw%;D
z-FC@~&BD0|%Q`dvqgJiR3XslbRp~1u#HdP6!$>qo{<97{)*65uh+cCWY1giF5|_wo
zHG~?3)*IT(fWBOeL^0VrOvYq4{)@p{aiV<+rb!LT3|Qu%c2m5CgX~yXVd4-rK(Rvp
z<U_MiqfMjYL}=PbVr5bE?KZzL7s?#8x8mMZ^m=9|1!<>Ci_}hkwRnQnLtPw<OTqU=
zBALk=J^}W{*{q|JoP%UC8;FJLY)-PiZq|X$(bTm~sSAWAE?bl4>N4tk9j{azV(jY>
z%(>JNpgOEDmK+l{@Ss!bVc+?;6eE5=@oi_rw8uNOSI3AgzmgjEM@=+kbSy*tXaYwb
z;dy^EVax$rU&i(c(1(`CZpF0giEyXR`N(8`wB9^lXeZCtly&S7O2Hnv<A#@t8)thZ
zN;rcwjJ8{XlSSIMz|?Pmiybbyn2ASzCsy%C-X(<jBL!QwuwS$Am+%_)_6Om|hb=oR
zC!;1oaQ<aVCS%J4ivY$?6%S1y_&yeMZn|`89oL|=l>cO<%`ic2f^Id$LtPj}`CU5L
z>tB4hw2>bk1t!GIY*b+AwOn}DHt-8eJO9r<>p9-R0sTYBHRoumM=s%RKF0u!7eI<Y
zukR+J)hm?SOygv~$$g^kJr3vb^tyXyA$6l_1yu=%C(U`OSQ{&=3zmO>sK(g#?v=FG
z`<ey8{p*K<shE~?_LmU*ip%q!gTWcX_7j+WEv+3luaMXGY!FJg)Al7VN@72-=8#<3
zsRpxMZTTAl!7Uks^;U!18puBuV}DsP*qoiKB($i0QY+@$$5UVX(ec5euWAmoh3Y&>
zc$84J-$5K_SBW5vLvs#RvqeoJRd60OeIISJxJ7-njGP|D@3#W$)+_SkU$4!O;lJ{!
zPIZeN0Z|~I&|(UDO6$`;K^0(Qg52=AS7TDe(M<0cv4B;*X}obY;0abqKLPIiuREMC
z9Q0pR&FHxP7=|LYz&6vjNoGyWzXaaXVsj=8x)%oyqzuBO+i5iBlgZ*A%!^QOq6PYd
zo~sU6cjLQ)@oNT2dy@dC66nW}SoKk;Fz7*YJo#$wh8hRrKvEAP>hm_o{w(_xq46^N
z7o|-WBc*{@R@;I^F3qpyKp8<5W}gqV-VD0gXai0!sy~L)erJqM>`rB-w`@}G0Z0jF
z2en293Mcco5ga_Al)mifp(9MZV$O0q$MKRh<W=K%a8AoJwNpXrjRTF&5D53uA^tKE
zhv@Z#Jka%h9HQTd(`W`Y``BpfQD;8jT{b{9OI4d!L$$H5M;Z5g!c13N7Bb8*lIsS<
z=d>*gR@&|DLth(hWAFh*b<brHyMYgG6K#{Cw%RR625ne@xQeg5d;XoWZM|GpRqdZ*
zuf~?+^%uHAoms+%{u;ehSQkK;Za3rmbSP&e%Dv@`{fV)hwA>u&dXCYjG6JfWG34p*
ziSI(D^sNOc&n{Ey)X$uBj$*AMhMs|OgE#zx#zy5f{8y)&H;{o68u<YpjP@@5qjJUS
z9e7Uzgg&V!q~*&z4gZrK)IiyWm-@e#ksP9J^ero)ZgwzjX|hs@&XPGjVDt}&O$yz%
z&Rjtw^`_ns-#RQ502NY>&c7ho^}6lXz09-@x<qltlDr+Z_?tC|%Lz=0!@Om?$!T>c
z?P%6_<M3+ykmgu3_LTUZqngtSv4kR&&kC2ewqd{B#IWvh7Pddm072_l;mnOhO0U*m
zJBJVn@AFnC*xrLg=0PS4?>`%Yy4qyw3f#Ac(AJz^Ic{MUAO*@KZzY7JGkLuSAGEE~
zabaoq%vbIx>p`wp0Qcg3u?qQPCTy7P4$D6EooltPLCQ>W<2Bwnb6%~9MStl(%-_w*
zckP_=^1gY`YL1;ftb(tU(MD9i|Go1w&wR;4WUp^AJsHvW&?C{%3-;s|yiM4ni8&}R
zB>Ihfv3)<PPf?h0=G;(emHZmG5fy<zWc19$D5cIEaXHzza#L)!tvu!?|8ooze2uy~
zW|3%u$bZJ(_WjA`DMfzl8kZ0$h!0luW(DFPdJprhZl|l$sJF5HkYs-wuT;zxJaB%M
zQ7EXnnHuSxXiO<OSKr%5sSC?)(+)_IlY3MRcowD{A<4G(Pl1=H#e*UST!}t=FEp{8
z5(KHPdF}SN@6j@+*g|qZeg*_`R5SRdWE$yq!kvlSPd#DmjU`a*v5Cny_bd`lWr3it
z%ox?><c@uv&}jy&h+i2WlE!&9!A0H?oO|$T92ykujgLCYiKs5)qG+17zFSN9`e<DA
z1t37WqjSR=Eqn5kg|_P!<xAEbx9C058mt8qDVbc;)N36WV=LKv7`NUIvV?<pC!)Ly
z9bwKGzi1<F3y+v)8f@CUER;Qce17vgfEzMj*6@HszAh;nl4bD(L_4ILik)ONi<($n
zf_?RS24os!v$(gb){c43RL$`%GeRla<kn_YibZmxo{kyr8CUhCS;(Wl$3>V%CMe_X
z%o^%Kb?D#wydNXX6G@zPk!+FXNkV-e6dbOt^nw>lo>ij)&i3|!FQ@JEfvT_xKPS>!
zV&%aR&QfM|YaR-EDVvX=ct)rsnJq%*AEHzd8#uM|+JueX6CvgdYHJ-OjT%iop&wnD
zs?Po*DDP5d$gOpVixDbd-)ebLSnp`!vH6ASHGe1Y^o5YKGf#R{2z?wK8OThEEJf5R
zPgw#sSsw<++k$1Mr%`LYXGTQ+6+B<>*#LvZX>=XpUF3AQ*t*O!dzQ{-@Ed!37ejXN
zo9b*&2MG5JLp6!r3EaelrTn(C&wZ4KKs@S<LEf7|-GJ4}OF*F|W)AqB#ly3M572;?
zIz(K=^p5I`r2tGAPM;KKb$AOHtRm*)*iz?<j!4Xg$vHUD2d3GcX3;MJODTs!FF1H`
z(`O{$FD<~mkB#r8z8)K9U9fm&-*(@AuqYP6psE*sh!@o~;qGm#WSmiWQ(dL+P|Ur(
z=+Ri)%xFxVK-9LSW>8A~WOmpxj!Wxm^&?y$9@WxoFOCTEiGk^76;fvQmRX$_5y~^u
z-VQzXrgoO41yu|SxP9!lC)idcQu2s?7CM46+@rcm&OyMQt{dX|Mvx}82|j+cW!c;I
zjwW=7ryq@&Ee_J_YU?A?!7kO(c%*qq-!|-~gUbI-;IN`ten~#$EbwAks41%D!2G+q
z5d1!UU*jkWxGe1i=43E->OB)=vFL7WE<Jk}9&_^M<TyR4QQx&X`?>?Cgp8<_7VNgL
z1yl8io+V>-2GI$~`i{hA#jZ35==>fS;7n>_#GX6J`Jp?n6%18z91@%y)<w{Bf#!_3
zysjKq_bR>Sp%Y?WS3qRZzB7@=P-NU|2cOQOW5W|;M%YMq-Yop`#syL-&wIYN;Dwir
z^NcdD)Ls&fKhOkgKngZi;lZ${1e@^W6hxC<KYvt$a@X0@`NJ$A`mhkOMg3dD(H1rp
zxX<*AZ$ludVfvI-V0?JgJ+d>x9cI-|NzI6E3;>gu2U&QVI!;O9o$n$ZW5i^5+@=FN
z-I$YWLp*v0F@VcQ1{Xl_gMEWW*g|2$K?C%go3hRP&!>RC4@>fIPc-?t*$&CaA|4R<
zPN_PC4<;SJnS2&=&vX;@QC7_T(<HtF)P>ymi1Me{f27FDk!Xcnsg#U3W$5E_FDLb9
zG;bzb-c30kbq_)~%H25LTY(zY%+wgOFKR_pcFGrKv``(M<w{@RN0uG)BgS7kXmi_2
zz^-yH&~J&(Bg{K7n32O7ur;8iGM{Qw%Vfbd^nM+9mLZ!tUT<4wXy-{3lLogvONKZ!
zlxGic$pnWczu9>qaZkh)Unfj*y;(DG`<9T^T7c8SDr42R+G)-|vaG89na7}P#51*t
z3CvN0$x&GPXd9+|<mYZpC!lr7gY+f8X&ka!fjA9YK-mPfZH(-#&mo-NMpMkMAyk37
zc~2G~LASPu+fqLEq2PdkcEzAirrOEO1@c%60>@vo>UZy2TwcD5ir&aS7T+n|plsWg
zb5=bC&Rz4Ie>?XZ!+O-E1qlL-L+xDDEwv1a%`6EESRMQ8dksokyIWU3Bg$G@5keb2
za%m6FXQf{OIFUgUSwnEi5WMt;^sJNon-K{ujI{@35?E1t^J>1S@=JDLrqP}yxob3N
zGLO2OZn|4w{%5z~nO3lF-T~kANg&Y5qtfk4w#`fB<5Gn&wf1GVX>!7QmmCeJ&+NFx
zvJ&w0Ymn_)etcMf@okrTxk9yR9d$Xd*+qDnm`-AN$@{M-dJ3j8Q<*jQRZn&ket<{V
z(Fox2kCX324aC5Ei?6*%m*ljDNp-pZG)DDa2^^H(U)k-m=%)yZG@q&bhmmFszq-DU
znb2yPx42(fynNrS>LntmzxppUwhtUcdlNlFXn!fH9&QTVq!o-B?mok0E&5h5hd(fb
zcKIk`-1be@ZWm~|I)F;4NV<FAD(!9g>doFCDb{RRYiz$&Zvd8TuK)Qc>u~E`<k^h)
zpX(7r%TZyo<42GMR<}^9#eoFNh0>-+&Fqvlm`H{(X5^Ye)^`)O4yLj&pYae6hIVRK
zQ)}FF{m5&=<6RdYhfklK9FI5Wl+V|%Y6^T7DP_`37CQUs`XbM*{w|TsmiPHqs0^?q
zb;06u<8P<1sc-Dx{;R#>|73^Eyd`T$3rc9YoiUTtXpyZfLSyxqPg&m+ZseKcH>jWZ
zD^g0l-z2J$GJW?;4^FgyAg^@pmoo25#z7`t@W%UiX}|n)zGfSJ189!#L)@XW@2jh8
z!wpbjxrW9gy9zsjF%d+w9s2PS6IT0K11FJWPwy<abg$MX<PuBX-^&w|6}*+Sv%=v(
zXCt~thL4>7n!oBQ?|a?!vHI#>Vw4%uz>3j(NAFDodo}O31F#7YA}VTi@JGwLG^4y5
z|Gu#2gBTUEhd=#?T9KUB_7OaFBfzdVC5J*UW50SY=}P1vCP7Po%8#v9d;}Js$~GlN
zzF=ScJz1@o9cc;X%=$|er<f_7L|<{p?L2aG7zjw7@cV96bzbJ0Rpw_k|28QzWbZdl
znL~qKmA7Ja<CMYkosKy<1|ejFrD67-wg^INse-Lns%l)L`%_&J+Ig!d5HlIo{1L=Y
zo$$N~mbRS7{QiNV$Ej2aZ+?0cgc3kkJ5nF_Dwf_Zq%lwCb2>9%Su!fS-hFu)GL9Ht
z0We~beGcriL<OkQ{QNq#kAe~NTJH#xj}H+3Amid^<_(DJJ@TU`_#Ma`ho$2*A5s*&
zM33^t9fAM655Jo{O{1xbTzG!jU|E(K=>IG4Fs-&`X;{09NbVv5-VbDY_!zHUXUss>
z^?5w~ZMG8=AVTxApS?v_0Lycpop<@($d&32E--nV|IJAk{!97NR8;ffy2y!c?H&hy
zdi+p+DXQ~JAO*^871*#ZMBiahd=u3vm7VCc#}A8htz#?x5h{Tz9~i6~_s=yoqf+m>
z3w>|W%J~t_WKX+QQ#W@?`Fio}j=t){Yp`lJJ?qv4W8#iM+K-y=DcYn5U*{wcn#h9E
z2j$d1y${kc!$s=CA9D)%Liy+F2U=fo{PP<?LJd0jt~GfGO%c90wdh7CBseFhDNYpU
z+2#}vERiss8n%&7RuVEk)UpR$2=YT?#!U*08{;Iv*}qU<`QL(EMVY|08lAgw!LH%O
zlq~QB^;BDnaWD(4PUr2)KR2%s>?4StVN+_svIrvGzxh<WVBW%Ohy7aTD=+$vGp|+G
zQN)|;zVrqCDQ06nVmfQHjb06ESjQeSdZEUj<qNZ_!kZ0Rc3*L0M|TCjg?sgA+ttlN
zxfP}-QfC;gV<>omN-}dGo!}7eENWIw{3qV29{Jd*cz)M!+6qMX>oeOVQ|SLOql-U+
zd)7al{_}65JOWIxr$91n?Z+QvjYB&5-Mt=$-BtO$3PfG&4udD1c`P!*Pz1jjvkE&Y
z9sGh?r*_bK*ZwO_(ImNk!Fl-^U_&vbS@gZdyBk4y!#Gj8uR;-!=}<w81zYI6(dHHf
z;W)y4tzl1SlWxW`6^5xe6W#a&3IE(~y<Ll7uvy)y#kY84-KYtV<_WToZ4+)Kr!prT
ze<5=wr+vNpY0l&&V5?K{c@D}<Y!j|St8ZuqtJ}@1>RRka&M5pJMdumM_S?nb+O64A
zyH-_Et9H#$Eu}?KdvA(r?H#J6YQ)~NsM?zn5&rhxdqi!55F;d#JbB*alNWjU%kMtt
z+~0Fu<s<<;5$bE$uH|r!ikZ+mCVLU%zPifyZ#bl++nLqo-&7c)C^uLs*nMlsc9mY(
z{Lp}r3b)ln=fQ<>JC9a8NMAQ!MsW*4I-@bf?7L(T-i(A;w9T?ACm$*HZQf<~s?u?!
zBIiBizD65xuc{OAE>lm&S-tPEIf4B~7kCp*zL@zgU)*Q_-f*>r^DJl4rPHwfJirPD
ze&hoDCcwlrNKLYP{58R=l85w6J!q3}sf^c3#<%GoIMbRL0-GF37p2Ghc`)K3<J4Tu
zkr<oB3=N7!Dhbnm%xMgrmW;yS{w4ydnvYn#v$FHv%I#606rlB`)m8D8I5B0CO!_z9
z$H!aM)<-Uc)<yG*T@V1nDIM`H_gDxdEjgy%sKtzm@_0Xz;HTZUB~v^Jm&{twdEB^h
zA0!dRJums>y!v&5Lq4;{QxK3MYYld2Yk5mOVD$TD1!~~OmG1NCdq?gCrym{EoM&q4
zA(eg7EAGDkxH-;gzhk`|=)j4spm)EER+FhVA@?q-WnbnePxTljC1?ms^nQB8SkLb2
zuLB*9JDDJ0SGK@PRWSj85!usUCeJ+clUj{?<+b|n==uB50T~9ccAW&qhiz_qQ6@ln
z&>d15-Fyyy`Ie)pz{4lDO_Gvfuh-2OfL!|WjxIP7DW~}h^G6R=O&?J#>T4-}p2Jys
z^p}&fpnHtz<6eCG9Zkh`^8JR!AQQSN2xIBU`b&`5D^!;&PK?45nBLy+4gHhi-+XzS
zye$){j0)gEiMOqOnxx?r+g_J#TNR%ScD}5;Gvzrwa>=?qt~gpuJwflapd;FP=i-L{
zZX4B(myoJ#(AUJ^>1{7_RqM>^lYeb=4aLSQLZt1_CLy{$1tOEp3y<w@RQHth27{d=
zsuitpJyW>CV9@?os?ojN_JNiU&@|#n=P+nA?ClpoQ3`lSpq1W7c@mqnf6_7tSru+&
zycpJ0y8RRvoT77b`5PHo!{XDl>s32FWypHauac3^i@xk2n+{X*emalQYqvi-xW+n9
z8s381xpvn*BW`hDzRxM2B}49o!G@Ho5@519TnNRh$KZ353Il*c+-+gB(kprQ0#A8n
zpXxa-YI^L8{YIVRe+ZU#MB`-b%*@PM*{G*&2oYADlf<L*A1+&$y7CjYPToJtv;5z$
zcwGhNoJ#b=N%?kiuh>ueD6dt-pRM`t?ce~BH;CWZ&+=-PGO(#!H2)CmN1uGo$kC_{
zPNUa*Uq|wWLR7rMSo6xxq48+bZ)Xc4X|65)T*;55jVAw2k_M7FU(}J6YzfkHX#0I=
z>D@<Yzj1FcEJ$V=_7Hn!jDEn$=Nm`|&P4CB2htAjP>y_sQcnj_A-#SEEn0r4DI?%8
zTaYOC*zdSB6CuGmI_qqukxTlJG*alBuVBA{7&`0JgfqzB=sa~t#le=ibnm^Kty~3J
z)m@pvM<x;Vc`(C#=d0HOaq;4>ow%xBE~ryE1b!QM&@iMJqGu}@)}54zH@>V>WMgj`
zjYUv7Cj6=hdXeWrVYC#nw;a);J0V}zG`5!R)tEQK)OR`t7%rZ*7C1Tt@9NM)yM07U
ztn|Dg&Z>J}FfmR~T4bd$>a;a^jcRXsw!WQ0Y&VAeSk!n19Y2s0S(PgNa$Yr<e+0v^
z*vgEmqnW+(9IYQTdoymBT?JSf`pDdH$WsY@H@J)=M1Nb4qN}#w1~0CB=%*pz<U`ju
z2N1CssAE^>(rVAA-)$d<EXFt&ZJJkHMD&T#?PC?XjhMe}P72O3<Ku1mp6Bnav^O}2
zJW0-;9wNQQ>K*#`fRoI#7pIuVC#}1Si^|!bZaW?j<i&t*ht7MC@~Yd#KUN-A8TpE&
zTv{$h%Gy~JUj@F`FN>-NTgZ5EiLKyWqK?$Jx2lhAUu$p|P`RI*zOa9;S1|R}ba>iy
zIIS^t+Vm%U)Ku%A@DAIpyj!~0iSUkB{$Ka>hEM6q6XnA%MDH4p>yOLOGkRNKy>Enf
zLUbTeTYIlme~4z5R^^vgfgabu#`Q(FU#VE4K5H(F>5unt#ZPruE+DOIV6P(Va0vRE
z0C7C<9v;uyap%4d(I2tw(hr+}R0^c-YHAlgN?_spt+Db1%Z}Lyo{p!cx>3I-TRis#
zu-|3#@$8(04yh@-vtWi7Wpl@O3((8_Ah}xR=FGh>p93!jf~;PbXz|q2{`gA@^f@~+
zI`5sch|(2tRA#pNZ%MT?6CaornnL$<e8=Y|H^GGY%lu2LTH~S)jVGVa-b;z|M8IPx
zzbN%k9TV^MS;XttfZh1;Jv)ZJzGHhpt3kKM4?6^w_FmPWdAAQA3|aAF1*O8<6@ScX
zf8wmh@ncw+#1w#QUoVuaHJD=wbiR3XKDlU2k;PkWqTq#DcFO`Vjk|m~_(~1PwULZ$
z`VktZJXjI%C%P>_G0+?<Y!5R?xt?<3gzIT>p4ghBif%OYcU6l=OOqw&D6{4gmo5V6
zF!zo#Jp7(|J3q>jGQN80w3A}TX;qprbo}I<yPhT{lh$fZF8)Fbo3C*YN(tBIJU9E5
zF%-69{L6S2T2C!Ok$+;_2vt2x$Q@dBj<R@qnZ=QKKu2la%ike$9uWDd(+4}|)c&MZ
zzcWf(o)#-M+mn3VS!kS7*~{ATso~?B$$^+~QY76V1wP?3T`=f6!xU31u70KGx3=&W
z9#1|f7+N14+J|lC3tjjNTVfYGL2z%EcFy*sPovL@XY#5>tP=aE`2&|s6Bl4T>F;5g
zqEizB2-w-WMg>n`EvnA<!#au&%{o#!IQ;f_kt$G*L`irM^X(aEMO$30P^sIu^y*w`
z#y{Unaef6zh!}q81oNRY`xDZViCbcomh=ZNu#M3LTWzuhpB5Edew^%u_59^$zx4k^
z<mu>22Lz5n;19=Y%3GGDU%{x*odQ_3lo_GM_ttKtSdo+&=g7_n7ndQr?=^sVN)WmW
zdp-2`lo{FZ&V9SNiP6xw1e{qgT6EI?)j^rA4uBFp+x)V?Unl=V!3D#6ydK&zWrq1{
zC*6hrDSBbbv!$$-D3sP6r*4Ip4_XK@S7_z9s4j%2EI{+a@<p)R`vwd5Zm9S(3X+fY
zJ{DgL^p+9OnqvFWQ9*yXegyBiKQR6x0=-eUZ=yR0WKcSy&W<g}Bv=|mdBA)${xo~2
z2Rau5u7py=oHVoFcx@B;>D)h4WImB^W8&StIyUF}528tV1ITNNL_=i!9d`QmKfXRj
zO&_22>cri}m#?=Lwn|cTXLx^BVG`>ti99yF3#kw{PPYNyln~Odd@z(iTQun+>ihU@
zwR+Qx#6M=E_zSy|bJ>iHw^yIx@j2Yv=95GO(B}a{OF#H~I3~itLaUG8qn6C?`1S1&
zzbZ@(sthE$ZVlBAli#bR0GgR~(Z~MizwmgI6C;H?*?Hz|*+<-*BP=ZKcXmGj+=W>P
z=wQ6+IFPHO>twaj?ZcCEHYgN}5h0!jEXcv}BaYYt#DIzs@*mNsV7Wx!)OSobKjT%6
zFr(o?%z3c$c(h19M|0zT5Cb6P4W27*07m%-1*ZwVDi!C__y`V}WDHR#M4KX8z)yC8
z`ahd4cu9`Pwbf@cf@@A{OoYQ3FVCKyeu(5h6zlwOapt$dp+R=7!12`7f8T*|KdhiS
zLxB?aD8*u0?!aL?y8eW+I*-QRU37Y_{vQJPRoMqT#~%U3$0(Xz(bbWOdeG+g_6Gs-
z<I^HL%xLe{ePTODDZCC__ihXASkgKzd&FdO+>7rY+6^sI5ZSXXM35;#>^H+?<oR!&
zugj>nYF}S75?gYhx6fa-VjaMeYzxJ|C0RH<F%LodKXA<4n4^{ykNJFvJbu0Rox&Ex
zxR*)zTh+9WZ=A2Eoatz^<L#?xv_ILj!Xyx{dN3m52(&Qv!zyWAV!2MA7S-lzw;Txa
zE4U7P4M2qtd+S-VMwnDdOxKc|@IKG@mv`UZ;<9wU?(kM&ooKzmp7=1QwO(0B{^<L%
zhHg_&p$Ew^pI;NRYtt=mfKG9EUpyNj0>l%UU?(oTm!4S-eBTWH5mM5sIbA+B5>~hi
z?al&Zg~s`cGx@2^+c<?|M{pjD=O!-rCqI6z-+LeS13mFyz=n&3Z|EofpFYFUxyf53
zM>@&g^Cj|@Y+_G?c^#T3C{G*p`Q&jVLN9o_!gkzmTm75wZ_ThcI8M;iRZ@FryDAGm
z_iMkAY+yEVelsUCqQHnP6)yw^o1QmX)Z{tsM;g8_s3N!C)g?Jxc`0;Ze{&NRNU#hR
zirf)_?3D=5%+$=eoPThLNXR+-bhl$YkZAsJbfQkb#rU25mn-*0)TDjm7=&~!(=ge_
zemlTbkr;R^F)G=DVq?45TECh9qMMhZz|BhrV*}c6KMu95l3G<@xnn81Kfl}*tGgiF
zUdI%Ypshr+g>NR>UAU%pe27snUinKd(3BuZ4E1E#We<iKdWWu91Is8x{Rj2OGn(!j
zO<hqRV!8HrpbA~t56vN?Fm!x_r_!EAopUzH(cTyM9^2c?zf7z=$%f~=?FEw34KEXS
z3Lcxfmi4T60zW#Wy)^23IP@{P>O?SEn#j}@Kvx%x`Y<2D`wHgJxlo*nSHxLze*%Tq
z6pMDX@C)ceH+#WVi2NzkD*5^-SL_#aClV_Mhte;8cSDw1DNG^=B0#lw)M5B92^t4#
z*h9n~VPpZZ2J7~~0K_s#c=*5g`{;hk2xrBI8yLP}`W2<6mE!IPqvmwCS}~a!IoxGI
zl-tz$f!xvS^hIEEFF9cH@L3X8k{Mo`fUg3CC?Vfq)@E;d=v1uMQi2h56C(h+E7%O)
zwBRaeI|+X@d)<UmGrIIP*qh1E+S7aLr$eZ5K|s<#-q!!FzBo<fal5gb#rmlk^*IIO
zuPIA>?JY6SZ(`Q`s*16fynLMmN0Zf4<XZr(Z_+yqoIXpPtGe|F5dE`P!2=e#qw9Yb
zmZ1bI{_9P0WM(F0RWUJgaWz{oc2%+9TTj-IS+{<FTjnunoy*R$g$wy&Rga_1Z<+az
z(m!I;mz!oQALB>1+Fe1WIBU%x-ouSA`+3nJ2QNX>&jDTeCD@GWffqj`z0;(O5|{TB
zc)aaw!?EI#n{@<hMQ?1q?`{rVMeoYABY*WR78U~1H{rB-_@_H`q~6a{_DPt7V&|}*
z<tIYU=kh(R+=`9ZB-rVMu!=TV)@bDiRmolORdphFkGZ$Za5K6T&|v1(rAedi|HFXU
zRtc)yCHn3$6!T6aD9nAu>U<D&!8UX{$9~M!oXR!NfBuKs+~d4))LD3(omna$rRIdB
zNgUd`aQL|Q!f}fC=j(K?nvTWV#Y)E~LiXbG{<7q=t%EusAt9!+>E@?sc=BQ(GZ&sm
zh{WwYekOO}7?a#u{7bogEzvZ<GhA99N~v`?@xmC-vu=^sPI^8hMtq3PY0VuJN`7O2
zBKRA`z<gZ|46m|$VY)?&>5Ct)Lns5=vb!^GRKg)y_sgtVJbsHLdl^p32azIgq14aW
z)K-}twDxLx)kJD|ZY{H`h!-QPiFSVnDT^Ag(Fvcajs!(uWKtu6*TzJbmN_X;cEtNT
zSQ6c>k?19&z!jVGf^LMoX1}357^tvrrG?ZVjP%e6Ry@fY7~IOU^bq8Pc?;hGp2%FD
zKrx;6z3ZNGF#nP-O^*(IL8P;dlhp$u)s62t@%z*u3G};gLsxjsqViAW55*&u9wn#O
zsExPn{U0-uK54$GTz~K$R=DCxzh=SLGSCzPA(OLDJZBjSyxiB^ez-h*M(BsUv~Vmo
z)lc@ii+4Qg2XR>MFkCD3mBOKGX`n|X$T&5iq_lCGMa$pgu-lp(1N6?lJT6U7JIhih
z#h$)2xI>1+kvS}=wTSmuGO6tft_5@<@JvCeRiafhTPHMsPsHbcw;P+1t}~skKP>Qv
zWM#}B(rj?Rrw>*9JDXoZP0Gw*M9a5(z3B1j6Lf1WZ3}$mHlBXx-Qt4DLWpd4r`0E!
zzWIN_of~@XBuAW@mPVNYF3>`1#iG4<=lNBxdjYba55T)m&Fx$tK~<M4_mxsMAuRUa
z2<&Gm+pR8gAC_iwq$y`9*J8xkm6OHq6QRz%kkgYzMjNi5$f*%w?`wmMYm_1m(R>Sw
zZKG1*Tzckn{URC=UCQ~&3;1YI@RGvLvwu`Nuk3*9eQ|v`)&Hv|fpJ+9OX_DS@#3_d
zM5lam3TpMTtq<p}hRhRioYZwv&WQgy1zcZ>T^^7RYK2PP5BApt%pcm@z=3dkn;9z$
zE{BJmtU$2@1U`b$s?RlaI-BuUr3?RebEEs9KckiS=z}vn5c9m@mohs~<>QAoh!>R;
z84ez5-jm!8z81E5k=K~$H}C-ygWgc&j0fyT@YsdOOi&wph-K0p_)^C1nh!r*XkqEf
zttg6A*y4#`sebwjDsu;)_O17(C4S6pM_kaL%z=o!C-uZkCO`5jM7qnWSo%M9Sc^5U
z6bpjTmc_CQeWjYVF!HL=IJngahY9LoUz*cPX>_KOF1&0mLtY~a^I|-cj_x}0alHuS
z@*v8m2w8p3`Ptte-do+?dM;PN6*6?qS?x*OzPrCWC3(@wGt^hd50f}lar;BPp}cYP
zMDfJRCj-mb5b;KdqU!5ta?u?qxLR2J`iVs)hxNE#5gD3SC*jW-f`_+!744w`2i`dd
z+ph06qi{a-xK~kIa{k^LL2Bo@=-O1z0zJR^X?UAN+pt6ss%zv9?Z*1A`Hz=zl|EF7
zbqOid<Vc@6MZr{OsItccycZpfU`#k1V?gXWW01yHYtFjp29B=KjhvvnW7@JTU6jZM
zWtH#sJPQ!((%~^HI8|E_+yw9twhIt~TDj-e#>F>6qn-0VPEnrRm5210db#ruU*&)P
zSHLfSj~7Fd#xQxxr!)~D*vR_lzq7`J7g93c=fzs)>)NfSiL$INcz^ouE58<<@nV!(
zX&%;jio!$hVDSY+mo>}I(L<rxHI2}od^+5AE6L{CX^+okvC;T<v~N~|f@KKT1?=A7
zAkg?aESELD7Ay%0>vmYtlse$!<l9qv00yDh5lmjT51&$Hq)=pE(GjnfnHQTrD&`4p
zq?VEdQ1@<L(pyW{N!dUpPOGI)o5TB+DwfJG*8J}ngy(7AX=rm-Ck&Ppb^+7TK4R0}
zq;yMVJzc{Q(r#Pv*93-Roy5ci?Nb^hCj_OkjzeuYgm4JhT}B`T&JMrrQ#=e#xO(jC
zzK4K*9l(5138i9Ggtv7EtB>loFdYo@o0PE+dm9Nu7!Q^T?gA-3Ta|B>A^mvQP%%bU
zom>=EI0j#Uj$Z46T_h~znRX|d0wTpOs0Yk2(W+g3&nl#()ss0{8;)XNvkJ&&c3pe3
zr8Dz3knP_4JwQo3uL#?gKD<B{>@$Hn{Zd8SG*m!7D=SRBg&-r(Y3A?=EFfFd*gYE{
zWV)_0zoMBAl!;7x3Sz=a4wc2sYMKm9@Chp!LKLo@U&M8@hYejD9778|u#dZNJA|3~
z*1-z7X&?A_r5n_QUb{lm@>IK_wvScNzpqarq0-Wq=ESBeoej0HXC?6=j<ucy2WM6z
z`k2_m_2uVUc*Y8V*-p`mY)&@fj6?s269JHq3D5B@4THZn<DEu|VAK72W)tA0XLLR!
zC*1Z<N_&}z3e=M2+$OqNRXv4&a6IO)_0?Q0`*q=f6;!pPREMg<K3WxO(h;m&@Wk@l
zjlcmMK7iuo;q@peWW!`n>>a-G&p%BP)d<2V8!45K!4r+*rT9aeNSZ7$WJ~<x%OS>u
z2xQfjK-!RM%ah+TzN_>9P=Lf18duvK`6<IeMyDY?AddbNgQ8mwt2KO+vk2=HWlKs|
z>M^zSiIBPM+DHwl9V&e&CgE~pHKacFYMFF;o)sy6^G>u8s`j38J!-ZPcdR3XkYfVA
z^~I8`^PGNa2(v!-l?fSr6K&&*Be9<ER^?Ps$##x;4SUS{E5F;h>P&z!vAJt$UHz9k
z(AhCp2_(O*=k+EL@<7+R_O<oG*wgQ>M~9JBdV|XjKRn%1eMQ)=z7NKp-)&oZZL&!{
zBS`(7tDv~F5<YwsI|ZBmdZb)b7DPA1-W+7tIzImJJ8!5~w*g5$)zurWh3J$&J<uu9
zK~8z$!NW~p@t)Z{@6Yz}_wzxiofq7}1{Y!wn&TjKXW4>sj|RQqov*dHL2iZdF#M#~
zfb@Fatl412;N6Bx2^iaq@~ZU{jw;pO*rUjf^x{Z&E@PiZI=LtGC=K<b^aYj=6JFbw
zhVI7JQvJ>ufvNR~SaA_g^`f^*YNq!u^Tb}YEAX?#W@xwg3)a;TNbhDD<=9J{(8Nk}
zi|qVzDv*79yWppnEA0Qk<OjNJ>k)bgGwQGW_ARr@&kOKrgX8$?z-@WZG@WSyEBa@P
zY-pq)Zk}=tc8epqK1Wbiz@NNUdRs$e6l|90J9r^^%)8Fx8DzC?HCXwIQ>Zsv)M%l;
zXFm7aepxze^;+NWpT@ly&kP$}<R`Ruq`OUZ*DrtGYn*HylMTRYyEVG6c>6SaTUKR$
zv4tD+y(Ymd!uQ4|V`w`kgwg3uCy4C}Acz_nBu3p3xs~hvcfGy_9C#!49b)=G>N<Lt
z=$t6{bu=T%NV|TIi<KC~d`yG(V!Sk$+ZI)54}oqBG)ZNR6kbb+tx1zloHu9vfNCBW
zAC0N+qelTrEqCWsWhR!C(Pw8@Q<5Wk`829m<-cB`D9MLpHg+_!QL_E=g5)ynnYijS
zFPpZm-}i*`(15y*V^y3}o=idS*MrJ4Pt}=D)kQT$#N4X-7OFmJK3b|wyhcOS+LX}&
z>a%MfRC$#96$%Vw?T?J_c8POCEZN1Ikt#ZZx1@)JBy!>qKouid<O@w>5J%TC4}eW9
z2i?TAm~b3bKSY3>H7v#b3One0bnb1QXek!pi!C>Cwl7EE!&~T@ZpVkE4@F4<cp@ue
zCDheu6bv6BTq-|UGaoO$5}sy^fP^GVlbZ_W)H|h&t*Kk@GB}{h-lU@_7uEiN%3r8e
zMpxZxOitu2WwD-(PojA$(NWyyLPEv$1qBak<5(G4U~W^bxpP>6gYN_u&r`|h7&7r*
zJq0l7HZLpRaa~5!(FY=1k{u1oT=)|+!M7-)KNQCLJuVk!cPxO6_PF>&Y+Xu;#|us6
z>ynyQzs0OegiGIw4%$D`fVNuLnCcdR+P7imn`{|7Rk??a^c{>)IxoOu3XgNZ*~zf4
zs?p92i!(!$XDMhK&oii=I|P)o0%$=gFV6<J6{fRbz~pyK@z9+_X<Adjk2wfj+Ul|{
z^%u4{0vRmxr<2N=Z6f0k)nw1U`g$27_JoVD8i?uWZqd$7cbQJu%`Ca(bllKY?MIO^
z{g4gaMQqD>l1~#Npt~N12)!Cqh;ROwS`bYqNPj6*%$`Fe31X-cD63+$m34)%A6GZq
z8zJ(Oyzz!?NnmDNJy$QxZVxC!H)_d&XO%=oFZb5Oz$MPKu_EW+Dq&ttU((3_!OK;*
zr_e#+wF9gEZBno?w_gV6|Mo%qM5^*jQm$!r%<FgSVE19A^2!UL;^yIq)`%Jm&79Z}
z#6oxBQ86#LklKeVvI3fd`H&_W)c->cbx*l=Y-)TeTZJpgV2}{Q6a{#aSWcOL71hhf
zKPN=i2JBs-1vcY&O>dm5u{|!tJQa}1Ee6<+T4%ZeB>n%}Fzmq&bRrqrd|SvBXgs*)
zAeNEA<&%cE*FJ~5jaHRC%NM}YQ|v(di=}|~Z9HB9bFEIW{m4ksEwv=Ps+ZD;$^v=2
z^N&xhzhYajfAGM_CwH)Kw=wCD$66VDihwa8kw2wis*{YN!pP8<`JU6{gX|2*la!GW
za?7c*U)Jt=?ijK;fAM{CWya&satYVqg^12T3#CSHv8j=2nQa(td(p&e9RJdut`D|Q
z2>%$3UCf9c=>PK{`h@Bd_e()f*Po$m3v?30)g+ru$U&|Vb&4H_QM`?AbIMVzTF93M
zX{>w44X!SN*P9cwBzO)Fc?NS!YUEX{&(cn5Ag@b}eR1VQwB#zXoTcEGI(zFsE?1fg
zwft*xMX7xHX2{kKu6#luMD0IIxP#;RFYPaUbkz@xUIDA(jYM~4iK-KD8)s1NO3wmr
zOfvFzztYuC>Hg&yi_C!bF<B_QQ*~bBLJU|sf+_m5n7mJSQv6v2eIBOT!UdYRNNYQZ
z_VER#ouGp5b*duGi?FF)+s(%|iyqr$zBSnkPrT1b8iHeER!Rl8=rc<G>&28RQVeb8
zeFnm{>tqw|He~$KDL{K=J5lIG8-p>t<S+^`Xt4pYGBD_UD3udD<7!9xr0>H}O+J^X
zw*|9b5m#Uu7l*^hHAlRd?{Qd5BG1*=z1Iq`5KG+`{69Yf+h;$5lEds14W~leg`NZ{
zT$Kgy<1sVG5r8}_`&oxkev-skvPGinn+=?V+JbFJC0&D|Pr*U?n%{BTXLayY!AZ;k
zJ=7_V;X-833Uqmd`g+t<JeZIEPZg$f8<<?>ZTyDv_-zQDJ^7Qh6L4*KFX;Vat;M6_
zN$^!1cd!jG+ZmcTZXKgGlpaeKf`d^9`@eo44@Ge_ubNwo%sI}m`To=L=_|~ENDO{@
z(thx?z0pwqV-DM7^VfudW+2{M1GY@@<to>8ZH^*~5kTd|#e>qUZ~4~}ruJ(w7uZ`T
z2UB?~WoBMFJBhvEE^e+02Bi5%n1E*1KgdkKEucnTCI+MSep&2!@gwEF>O8R5zuV-f
zD{ooZ-kErOnKIbKUKbXim75}PsO-a3r(?75LwfTGCTMSIh<QRCsaV0|`Qn-G0|J4}
z&@V>vBBaO4V$?I`>woV9{lf{EbZ5C0G5Pm?qM8lKpT0qESJy{=NxMIA5IjFZ*bBX>
ze3eD_tN!2Y7fgNk!wi(o(4xwhz=M!-b_uF_<+5w5bft~OwzZHoOv9T_m1v<uQyU~x
zli0SRBmW*b2cmB|iWY_^FYxC_*DXf=BV<CH{ENk&u^G`46gD&RRpgnNz-GMAuLQOT
z!7iNbI&UmTdNcfx$5VZGt{tF9IK;O)iR0CJ5|?fXbG4PDyn}J<dds;Z_nL&;6ySDw
zUCFjF!h<BesE3jeiH+?n(hSTXW+(M48&l#~<I9uw^E`h4=+@{om_&6qB@e^~g_CDZ
z@lm<=BHkHbV1!CbE#dqoM!4Ye3$iG%i2lYw<Gp7BvdBf?YLn^h!$L)L(m*dkJhUYY
zny*b6ILcAd!oOAZ``W13?ieT>pQ1s9bP2ry<V0hbMy-MO8i4XETOBy~tRX8hGk|YU
z**ATFBRHF4P5dqosA=Krk@5Iubck@QsG)20MBcx~OY0(qQF^(Ol-lv)?G8={=;z-v
z{1SQYT$0z>^6{$t2-w%E-YgwDyzF85i4iFIRz1=3=v|q!gZz-yo%(oIqP!>A7`W8=
zK%Fjm<WZ2bJcMUvNT%XcF;Hpg@KwtLoNKgBs3-Xi*oD@IZM7J8A?-U19xL{tAzSj#
zJMcLN7U!cqi?Q3>3R77+s1rS4c55_N@FRXUIJM*-w|Pw~Fr1M{XxcWu%Pc&vx~GMR
zot3Gx_9xp)5Jlap|JL<)mXQ~0EpY;G>q~?iObk=~PmVbqcZ2_%a6)!KZF6Kh-<m#&
z4hZz;_T0hZ^Sqp4|Ma5P@raC^0ifDCF3IL7A-!7}#6de==FyNDsuQBNVW50>d0<ab
zZCut{2)#fNoNxW$`q|ZUz~R>A#>!PhJ*@Q(J4uVW&8;$h-G6kEM*%sK`t3r@Yl!&}
zraczLnQ2QDD-$49S3go?2rckuy_m@l^UlV%izzmQ`>WV1X385^XUczemhwRLY`C;#
zpjH=5ip`<Ycc=W04Ed24hY?lPskN$6QBQVwb5@;<jV2ex+%?cH7fx(+??}pdYZX>j
z0vOLg8BCY&^K<fr3J*Fd%($vth3b^*^h^p~xF#CP%^c*kC^#5c=+61uL9nKYP{5u_
znHnDt==X=RRB+w;HQ`EKent=j)zht>EO+!zT>JN~%oHCVH0*I9KtS1<=1JxyU_ECI
z?#fHobA$V`bOvr^4~I|&py|x}UhTLuoa~`1wS4oFsKtrAgNtIkkJ8kl6-qJ=m49DB
zPj+3F1WxfA73xm0o9|QtCr?)zd$T}S)%!~J{{iH()nh&RcRuA^<k~)2UCCwa2Tmj-
zc{Nivr@B0K`Zi*{Yj7`*dBd-4O?&TniM<xU>Mmik){P{A7f-+2)$can;GG_TG^>q+
z_<ip;sTHn0v@W2^-9K-6uvri9&~^cZs(mDYgCWD(Q93DsQAM>ZtEsyagFbm4XpGew
zEY(^8IkF<wyIgW(sOuVbfC@-m-oB4%ar-!IO!$R|K^V=Tn6vs14xTa3iD70j0O4tQ
zjeo)2tN)s7U7bKL5U9(@ji<ZP_~E^?)%78sy~K^#XY9rEUMrv9@Sk{X%Mrx6z)d-i
zU$$hy>IVLIjq4bpj7q$(Fqc)Mgg0;3haN}OFv6(owGO-ZBtv`@-(2504coZQ@1@+>
zE5By>jIcFAZ)56l@}qAiu)v72N1S%da6)dKfL)qDtRuDwv&q<h&Q%we#p74r<w9e5
zuZn!Jd3=6yV0fP5CRo4qF+y+K5>tI2JZ!qIq2su|0~ol)9N)*(H+BG@rv=jSB6fLS
z9;rJA7Q8SFoC$O}5L46&4*CK85{;Wr+*rQ<w(^DyGVsvOzcQ58mEGQT><wITI=_~|
zwGq^SJiBIo1An=k`2tiD=*VJXu0Hs1Wz3FZ)ggCtZ){Mx$Bsg{Ig>9Z?(UB9DlrBQ
z=9%FTdK=anQhi%deRGp!jhw<mkUPp7dVY_vFhMQ|SsTqw8W%${q|`|{=Qa=f*+PKT
zkE%BPk<d~*BvH8ydLclT^`-wov9hjqlCtsQzu7(Pr1MohPmg6EkxkoE_lG74_q+i=
zE+g-~B}sSuuOZwq`?**hHG>hU@Y=UDq8wKOny)mgj@+jFX%(Z%PugN>3x2{{ea!d?
zmuLFu1Y=9St+&$$;a1P^p8?LaWCV~5h^pRo+^78vS~SD$<28YXR^~qge!l@=@HIhN
z=w^+q>#!e|+waN-^ACNBUh%I;>J=GC`W)g5?ynraE2~$U8}j=cTg-sc2p%lH*onFh
zUZT|1WWbqj&*U)qCg|`3>**&yVQhaucPejUvrbqIzQx}sw9~4_Y#c;_hGSqFWE78Q
z`#&7`wAMcRR|uY@smNdo(U++jrpViM3!to5<E#IKc;08Qg@U#OrY6j&xx-u&mNyt<
zoL$HO_{ge?o1#qJhfAx{T@sYyo<bENL1G{To}{2nxTL?3!52m@T>ak0yQv*&+JTYQ
z$aTK&0dQ$lQP9;Bc77t%TrQJ0FMkrPq{ZV>>)SM+)Umjc(gBN=jz2E>-kfAHE9>z(
zu*gcmXUv4~Tvnj|3*9Ce&d{iMklo8gQ4Fl)xjVi=`2#PkzLqSasJ<gYd3Jr8f<bGh
zUbNRVh}AqHGM(~&Pw+SoI7bJ(yBa!AS9IR>T{1f8U|pBwlV57bPv&tsD$J`*@=r~z
zL1OuwVvZ~B>}qeC4XwKty_$Nt5S=Xi@Y18rZ(rfVBRlB?^r3Vz?Jhdw$v<ID<23oA
zn{QS(9xR@sck5@42kvp!eE_^yv{QILO130-RpGm&P;W43U|!1T%VmE*$k2+#PUA&T
ztS(xW^GOVBvoU_19krs|+w%102Eoe$d#mPN!*afF?m?7Z|8)CQv{u-_xb{`(f;T<3
zT-#asP%m4Qw%$o2*iF=2mhst{(~_MT^1++D<UjbW0^0pKeI~n!q2*Z?I)^++Q#R?4
zv3W{jrfo1s7-#a6XA4jM;+~DD7onI&ID3NX6??C|e>Xl6kZLe}{8moQEPG(9W9{Yf
z(We1)+2h{+yijnB@)C3QqWo*?<`?(~EA53Jq4KYltX(N~*YDdI%b!yyy}shCcONZO
z)Cb01uJqprcbjrjL3KC{2a9cHfGv+m28)l{@fLC}AxPyDJvQ0sMG0q2FJib~Zz#LZ
znLSZ+8$uG8vBqNelklE+2EMch%Oo8<Ig~-&14-z!+X4LiPU_r2!_|LK+Sy4O%OX52
zrbfyJtHmo@A$w0eNs&n4BRi0M>Viy6#}bDLY?ae)K_S%`5YrJf2=}~OAN*)I*o8ij
zBr#)&#SS#IowYuHopaGAeVMO0k5JTFTVv@tp10;>3k~`{-!?5a^Y7;mJdxaY?IOV#
z))_L>X4JPu{0nfa_cvi>iaBFsib=s5yB!BD93S)IQWuV*A7t<3YL`PRdq5rxh13DF
z>1BTQa;FkpO1C8PzPIwd`AK6v{r>D2K6A<#YfbVLO5<pcles1WG`Khp|Fl;tFP@b~
z!diOC#MKj5E+fAK_<9??@_a%89BBh23#f5W?xOF*_2&d3zTe&(Q4qHRJR3jR8@?Jn
zIC{-+A42i!)?)(!B>chFacsA|8x#2Bg}n(hMB^Ytu~$@P0rseeqXLjKq8lvMw4g_e
z`^Wz>uAhGAqqH9r2v4U7;q9dbF)$2W{@RI=Ql|5bSipksV<3%kxDQK@JTX5-ms1OX
z%Ex*ky0&AYN6-JCDjzbi6Vv?dJ!!S4bsD6AZ<I&zf_BT)>M<Wn&hOSewSmQzc`sV+
zjRFEv4*|E%zBL-0SRi$u-L?V1m1v&gNThG*n)cYE*I+4H6Yu=;P+_v60bpZ&6~|%1
zrO0k4IKBzQz6+Z8(2%3HQ>Dg9V##yW+31CP-4b>3J$HHUr8}2i^fyA@n}{i1Q_KF}
zHElbB&5lmq9K^@@Ebv3)({8`XVzMlU%o@$Y+e+LIq%t0wfq#M2rTw;8NqcVn{QJ#}
z<w%9IqE;Yj3pli(p-K)fY7S_(O7x&QQ^<=P99Y8?Oz`7P<7CCK&gVSAwH!Cw9dXhT
zYAa`(FIu)p9nvnpFD{L{56o;WCEQrDSmWsJYUP?ZF#LhKE%%Vg);ZZ;w5sW-S_6ae
zqdi5fDLBvkUR|!3Zi9MxL`M-cdXdf%F`Tn*2sJ>a8eUjlS`EU3g?bxu`!>@$qBpkM
z$8H&p@`~=~Xf~wl$Uj}_H~7)7P<W{#w>^iI?9KOg2!4AdAw&;$uiS9Ujh>%$sGBMF
zfyPP<kGH-%ZnHrC2-JSL=^g{I;9Y6^t*m1IMa1Vc^r4+d!noWq$k;{OtKLVuK}%oq
zBkttWD2OY1(a!nCGqEP-Nygo+oe2b<8~>lKntQWo*h_}G7GU&j<{7aYi3~351%}>)
zuxdG>cBI8IPf-P@;+3Hmc6;1g@&7%7-(u2n=#b&_OtHn;stC<|I^;9Ue}X9sw1H~*
zr>Vzn0%8HFv!TCr{*M*mi!O7Ys31c=qsx^4KT;&fCSdp~vjeO+yx48PUrU5UcCzL-
zD7C8&y5-49BVEFVuC_35=yZqH4W%7+I9b=>5Ft(wbwfi!HXB4g_&F!g8F9G@BVgAZ
zzm>VuHE<y16Ye!`4_$HB&h}fMb3Qqcrj?t^vc2+;4muXASNIjQLt#_v_<cz=<-m~9
zx|V#9^=qzAmXgEAfr)M1;0gpl#cCkNwguYLD&4<%5nENLQ7$hyx+@Q7Ha$bXW^^#z
zduJ(!O*B4@EEjbCI9Obg+m70KVyZm&QBkxP<_v0d_RC*#dJbjQ3}*32+=;ew9tdpZ
zIeRg3ez>$Pru67nKpD!!PG66@LA~VWgtEb4h{+D*QcwLlh+^99*8zf^Ftuu=J7A3d
zwpjLX205p3WN(&r%VqSo(>thZjw&n5_5yTqAMD2UQ?DXp2<1MRt*6Ppx@(z3E`F6k
zAbgtJ8Yf$sb2fu6oi1Q#l?MMFSUKVTd8_qa;Q5sfC#aS2OyI`<kH5fb3;}^^fz0p<
z47Tz-)pXP3?o>RTdv&uO(EEVv7@F{E5Gd-t2;^JEK3=B7R=m2PS-3g0ntr#D*99%l
zj$TD5vzy4)so7)S1p7DKadj-SrT!qrK0{G8P2fRR5~Y{)9EKahpP%6Aswho#glj7U
ztRDI|GY|^9E$1!o%dKOh47VgBFE(RA<%Q?_8Y%@M`_j<9hDC+XO#^w;ga9J&p;IYS
z`&-}j_)1@>J?PvkkE$DXR(`3#%klJ&vbefPi9DcLyB8_MEhs3oU#zQ#2_tuyEzEN=
zQ0(SijuU5Ko*sROU1S^?&^dpQ)<!K+F{SfRtQR}wXYj~;j;n!FO7l;O(2w1@;~C-0
zzb~HobJl7gg^q}Ij~A6bvgR*-GLLe}N$>b}DY^~zJ+?TbhoJ0xKU(W!)E@G#Wn1ZE
zdYFH4-UJwM<_XvS!2M8Kee3mdV@P8q(8r5BVuuJ*T2$boTo9|RTtLWG0D@DmW_sd=
zD?3}gn1G(&QNWV6fvV%Tp+4cmu^le8%h(N1pD*06!(?Z+#t+(`Cw?5gHXA&89Tw>q
zdgI^TX+e*zzDnWPs6<AY5|k{oG_RJE#<%WC$-CN5t}ZH8b;Kb@X&Q~P)?6Aum3$;-
zv&y31I!+X4^V|X50sXB;yG9zY07(ZA^G8N7)p}QOtTy89cNG9F8uJ?Cjo~smPOh6<
zn0bz8$~vFeEl77&F7xCD(`~7#n&6{)ggVZ_A@y?5yHe6`dyv;s{f+boVeDf!B8hVW
z>X|p2hXp1s^XUUy<eqyCb!^_+SX^82mBPJWYNh3lUiiLZsa#ek*{N?QX8%!L3X6T%
z>?a-kh2Un8Vi@T;GJZ1ByuPT(0L{4XL17g(IiJhnL}Yps@4fB0wWKSOxT7qaU}?NR
zShdxl&OKuN$SF2&2;ExZiEOM`HCEKxzpV>Of40qhXT_)i<;M%e|J(*Ta5(RS2i3Bf
z?J;e$ej{N@V=r{um=0mWzdQ?(jJ^aX(arWZ>y;%Dr!}4QJliCtMVdfq=5K9W?U+XE
z7`Y9Jb$bEmFJq-)8_Ud4Za3h}@?l2u=<;`t1<F8a0Bxff$8fM>f@1d80Jj)ed33xn
zKeENeZ-*yc<CPgHPzS0Z*nx$g8-ImvCOi-37X?C62{@1g8rv&V3!IaA*df@y1W&fC
zI0OR*(!lv`q6g3`OX6TY64&GX1?Oi!hn_xu`}WvP3d9)xiN%L`an#;egW|4BP|GLU
zO$0Df%<*+*s8Bje?p20_Zb$XpvuS+!5Mgj;0jL)amdWDc+C*@v8c{en_95j#DD!sz
zZhHtWZBsjX32!oNRuOC`E#`DSwU|kfZ*}V4JU<bHZGCfTL9`ra_-`>3BvSL=qJ;&h
z>1^%~z}eX)xl8kq?I#Q$*-;YPBMv1C!_#H5n_R>ZI4!60LBw_T!e}>7&^e05%6O-*
zxEL)!Y)QF~6!FP$EozuH3~nHAlB0E9QBkmBYJtqqQ)yCv48xN(NiKZPT8Q#%j+s{q
zKfBXJCevh`>C&ibzMa@Y+GJR$)Dv~3#o)o=lEX1g;3rWvy-hU%#2iZ>SR#H9MB{3-
zt||DaE69^7G%Ux*q<AJ`o?tj7fcA)9p6E9z#S?w+aub)q^>If=HyJ@^U~JT%C~e0U
z3Vk=&O`X#gh!q*_ci<9%x=SN)3hSKs4!w=)MA;`P3yxx9=LpWyRrP%4fc1H$6b+a@
z<8=dftpyzAz&?}t#kOhd{Mx^;(t=rLHTw9DjM=B&+pecIlg~d+5ZUw?N6oeVq=6YV
zhnZ|PX?g~vCRaW!EA8-7SqV-P$A{PyRZ7PVn-B}T8kod`JQ7U_9>I^Q84~w6K)}20
z<J!S8(9d}0Q<|@yQ8l0XBWUhmzPsplcCI>@8X?6M?C+mD`kKUt`gDF#+J9|U`lOoF
zReSC+Y+v3~Z>A#A$TNi?Nqt=X+w4M`FcUQT9J+X#zfWtE*UG*ChIGk?i!{&fkXtH<
zCd>&z@mRVh{(!56AsrGXV!tNZ5n{qo9#obL)gY^S2%Gtmerv>z6d<vb+yB-!3NK_c
zSq2<0OlQ4ee<3tF&XaT5jX7EmZ~K69JR6ArbE|xMnaALS&}%zs*IhxmyxHI~1{+b;
zquANHXA-2<!>=yqVa|)XZp<)o)-*JoT>Hc{)w*I8iC;=S^FH#t0we6;92fE1F%9j}
zR{K{s_`K{Z^v0k9vSQGEAi3U)+F-aCd0Hk$97?m##fN6_k^gY|*t(k0w6vBC;#E`#
z5KvY+X7sy{&3<mKi#QDNtNjFc*1quG<?gZL`bTa$laDj^28RZ2Ep>e_hagch)%SZG
z+ltZ+L%r8uVyg{M{A;!A3S%#<tZK{Q25|7h3y2=NY;z_>Y3*(hnKx_SpD(b`+Q8bj
z$GcpAC*Acb(U%bb4E@~G&$ZHf{%t$}u_@}nhg|!x-$5n;wO@cB#NSu(%c6~XZ&!pZ
z)Ri4lEtqyaz1l%_`xXr56f9Pdc#pZy5I9fqIr4e%Hy`v7=efLBR@eqVnxk+6@^TW&
zR**kVrmljZz@n69X;F&>RI@Cw?i&@aaRc5?J_Nv)&Z2r*z~Z-RbaPbO&wU}40)|qk
zkg^iMlmCYOKX?8)IAe=^4(i?!tmt)F*_q2jq*>+j)}#(^MEyxUuKTaCHdcJg12i3e
zDR~12>p};b{MjYx2y?1Vef%R<JXcx~-K}72)Y8E0<l85EuZl=7KVm~@%x%2S@-YBt
zBo1q15+5jxwic~x;fj^6b5uM%yyDzjK2buRdk&t$n4HAqSNMZJ7)?mET=P`k@t%=?
zEnX87nAKPIIpWNq&`Y4F0ut0YhRgn^ZMiVeZ+91OlMO&}7n6Cf==42P<KMUkZtQ0}
z-R%lX?f)e;-z}A8EiDba+i)00Zv-O-ElZgw-8Fa8z8Khf4D2+-i_RDOM=i12S^aK*
zM<zolY&jdl<lJ>B<Z+_u-^clj0o!sX1nd9Z^aT$4HTw93`Mu?AB=o4v_A03n+n7i1
zFC>Nn5;kMNJx8tb7)MeQ{<;|-<@dwECS20rvvf5wD1|Zk&sVA%4J9I^Va0@aCU*-U
zIl3u5xYumvz4b!>#~)}-xqW%W1826~FNG?tT@_LZ_f~Nvo|lkpnvr8DYQHo20i4Xp
z^}nca!%PBtbmyt?P3SE2-dhTzkN<gv-@GHNVA9)691=b>QLOcpHXKi@(zm7A>z~>T
zq1fwXZ1Uve<{d3dU=#6hiNjcI7e&|uCk>O$)W7{lw20kP$4GR}_V4(B)T~4d4Ud1;
zV(c*aI$9+YJ8Sxm3G+An`J?M=3e&A>1KtrjQ?ixc>PCkY`x7f=>gjY1{hWP^`|svI
zE1G&F8eRruDk0vbAJvFt5Uy<*pgkrB@8&hm9CkwY_1g348e4PY%@s;eYF+DhOiRH{
z^|H8-4fF@Ut+?@83T~kVE+@C#HM$m%p0@0Ly2QNc@-4r04bDDx>PDg5F<buO-RD+e
zgU@K}bA3N#G$4a-GL`O__7K>I8MmD@)8x;0LuwLrM~u!DYL)YB4QntEeb3KH)pJyG
z&AQ(W3ljNTPMUS!pate@p>&m<9Pn0o<T1C>&+d%drb+vyb$C4uQp@kI67A=j0q$!y
z|GP@-Q2W};K^*h$p7S@(6~yN%4c2QXWuc3|j);rGHZTKnxPT!@*yp!~&-yd$VsX<J
zhK1>z35F*!T5~?m3BgmiLTX(w;un_gBu4c53&FJgnOhF_)BrqB=zp8kFZDb+OLP^7
zX>9;{4{umUX!^;BL3oPJxF0PPuYC<kg|Upb(ZdeSX5(%zJV^qg3kN!0D1WK}ng-6O
zauOq6_$;a3)WqcZgV|<x-hJB!ef@pbr#YUS-!i<1v9{;rgUXI3`#N3{vj+)|ay}oF
zT<NH(-X*(VfbTZH-K#sQ`59P+v5=WRyWwhZf<AH@kWaZp1Z+7SmbpMXKUaBH@H_m6
zCv&wIGsTF2Wbbfz>9zXLn4wZva;x&h(y9-hao4g2dPH(UmgQe{q(EMwW}926yY-p0
z%Sv<0Fc4D|<{cRJ^W#X_?Mm_ADgTj&eH~YA0$N%a%C<rwmb;Cdd`7TrD8i_k`(QIi
zlmt5%?#HANXh_1&`J;dt1iaUN1a%EA`{qkLg3hVaW%RA(B^5?_j{E%TR3Ji!O+tT7
znJ<jq>>l$<i&~vHvp{jQ;9$=X!H2$LolFfKk+v;wFi};`AH8QKEBq$Y<x4p3c;u-q
zmk_YFyNNOsO%Phw&_WLHH|BK9O~6062&d(dcTIVPc{FBFZF6IIcD75j3c;@%9>40Q
z?PZ`Gt#s~`iJemal%{#&KKUCW-DYu^<5;*xv|M(K-nFoYJwZR6WTwuVc+h7S*!d;&
zUHi2vfCwGLegoGI0!7TDCZ2;w)cs1!m8YTMN>{qhUQ{YMm=?)4!$OZ>^IQPye3@Z-
zW1G?BZ>YV$jC1KRnFp_nXX_M-GNqHDkOSz9RNgL?Uq9B%j_x_MtpAH~03@BHq^YUn
z!M1+p9oHl))&8e~c#n;-ARq$C6%p5vq%=_wAjv-o1Y|l?S$J>=-2{>bgmST6Q8af#
z|64|}tJa1*bOJUI0QK>q1wL@{P^$fc<;X7~HK)FYo!_uBA20Wwwn-+X$27@q4MG0v
z9PQiSVDU9_`UsPsG{y^!8kwQ5Z{z`qhV3va>d*rB#rqCYs{QKVpc#eG(U~Jc%XXHg
z;d=ccS18BVvPRoT3gHw<VBkULk9i2Go=_&I5g(H?V;>lC`+l95jixnApj&wJ32mdy
z>mIg<K>oNz85@$W|K!~VjD3KTqsmi5gg4;Ge;*&+i=asg)B3hnTFg!%lYC!%lCS3{
z3jA33@%|r=>4>>@UU%SsKmP!$A_POlQ4b&_(106NgMTqB7Xsu)5=wTb4+I9R`{d&W
z@B`MN;G>0o(>Lt>+0MD+Aisrov6waf^$Zu(KX0JI@Pp9$v~e-(8u6;Nj~1IDsFxYG
zmquID7vt}L3m(rrK2j|5C&w%Q7G&tE5W%KJ1vT62L$4xg?mF%w63oXn+2}96_*=+O
z@U7w>NQ7WsnN*C<OTgMdTgBS2A(m}N1hXDWZwwZ*F3_ek6IlzS|1FreF|$%cP(OG5
z3cGi!$YyeddvNtvwR5)>TR7wiX1ZXMd>n=0)+XdCIcoloaQgqkz9F%KN(QhXaZjsm
z0?%NH`@r>SL8^4uJZW*+cp=@}H!{x6YP4AOn540L53lpYiQT=3!Ora2+2<ZXcuXP`
zPuqSJch{|cSZsD^ArD+87K8g8V%812gOg*z#f!&Z-_Y$Nb>r(mF*RL@x}m9`onNW^
zqSo4!;`8-;723!b<n-YINA6rB?+J*goqm#!^-#*F$gIG$@RD^|0~H~**Yx9Xh2)0$
zo@He?^BvFRi==p&`oAk(Gxzc-m-1A%!gkwQx?eEP={h`WAm9Cod^KXpCgLA<6bI+)
ze&smirEAd7tg#p}eZzK%dl+vU*acCjwr6R^3Lsszf1ZM`PsZl@8^f@HM~ZNW(&5Nb
z;##}sw+XTn@5*MdzqmDDh8Q{))=C!Y;q?t789%=<r!&7H`CD^-<F->|+wsvu+cMqg
z4!*gRxbA`Aqkfw(7?YRZBPLt1DU(jEUl|0hl$KpNhOp5!A;st8@U3|U+cm?7jKc)O
z`F5(ft-n7V9FZ6O&q_P0LyZsl&i_p-f*+bPyruopX)X7z!uP`yVhwqjq0IpUyjxDx
z*;BxOv=6XVZ&qP&@^vc3AWr7IVscU?5U@QQ%@<XYcdN1ah}qv@>pUV@zQ2s`K}*U$
zQ*5ZDz`3{Ag8<w7Yxo9f&B!?O-;m85n$9zY$A`i5zr}4E$5*q9Y3{93faya-`dAv9
z6{KooM4o=~mU;~N*Ks%JcPXHE=Iw`P$y4{T56^k)G4q9ig3lr`_{U0tj=g>&)j9Lm
ze>Ziqf0ww&*Fj%&kT?Rvi#uga?wXc2Kk%#lGopzOsIC@}b{T#23$nymYBVzUKLGVW
z3cn8dMK?!OALx8zxz<O^wKMV}fBy@#X${8liu%PE@Iv7HO|FGvJh@oSd5*Z(OW*#?
zeb9e?5@A18Z0p6mr?}a!D3o6*<fPvjVY!z1t0Fdkk-qhy%LU#3BEKcTy)^#;FT5+F
z-uXAqpXcl6=S8|dF46s_HXeqInT-*4k+c1CZ@e?QoP9Cg|1`qZJB+n(zNEj<_+A59
zl|PH<_sX?-^#S8rkMeE@ed^t?Ih@7NTyJ~Url|AT1Y{N86H$HdD`%uH7xP)_e)#@?
zYj-3riScA3trcnft}qs()TxL+ANUAx>6>n*I=N6%C;UD-WM%(2!Y+*2B;GC5)I>r0
zbs$~YVV!Sj9QPqDXHkURv@gw98|;0~+KoPEZduF;;d4g$RV<IN>u9XFV1wzb@GOH5
z7U?iV`kfo$_wL-M+Uj7g57(3OsYG3GB%^+BMg5WvFK*QAfNE_aO}hF(SBtTg?xMIq
zxyIy=s?*i0j^PcU&pA(B2fAOq#^96bvvsle@iO{JAMl-Y6!>;sBk}EX8|wMG!|V!~
z4>ENRVCMeQl>SW-?my%{rOJHoxmWXxywz+g@goA>{*Y06U4$J)G7hh@uY2QoE(-!y
z6P4Kknb|i)SO>{`UDBSWIpVxHYcLuIlV(g)ns1D-mr3S*8*I-LT_e^5MSlMeyvl76
zb{z4(yg~GZ!Y$<896dhK+i;bjAFYq@Gj;bLV*NKdhUV+X&?S-u3HSem9RHRG+lS;F
zVEztVf7E{nWMhwjejDb(H==zJ$=suw-h~sNSi*+bFV2&G0Oq%w1kcNp^N^j@4W3bq
zp%2k`uw>GC>XvwM+GzYqO@Tf2ly!We|Izr9gY*WB!Te6mS(IMIjVZD{3X#@*cf{}p
zW+|}rridEHKwwqC3V>}C7=7dQz&e3#7x~)x-SPV$pz~s^{gF<dA6PlCQ+3z?uqI&X
zI&3sW9lw|8F!wj6DT6vX(lZTM^}P}GEl`6lXX#x4m+Jmd@Be_W`(9yl%$3+Da|~N>
zsy_z!+M3nz&4I098&Qt$e?!htv)HRyZp?p^&OV|!YXY=s_eUJw*LA%iJ2Ums{C6Pi
zi=Ri>51q+++&+e!*Jb-o#2ht7Y#Z_zM;?zjtE0Q^M3I~^$npI`>t~b5`Ke6K?1L~K
z?4=y~o@yZ{yCq_|6G`Ji3(|6sR;OR5yOu}$T;fp)#x*<HD1G2*cp$>u#8bu3uet3q
z0=({*m>WbsKCu_!PQ`iz_+y4VR>$%<IhMzgSU<}J&&<{cyF8}zD!%+!$NzmU|2Mri
zMd#S1p!I?F(%4$1il;B)|5o`f*DY|)(EW}{GNsD?Jx}<W_9M@dUq#q&ZT20tJ;&>e
z+l^>9KK>ny@!+8d`*y5sXLH#LgngJJ(vOa%m&Vpog-9DiTCOvn?zl0{njvd=TZEn9
zOqTt_LPFLsWQ87%uvLy^ohx&z<FaxNLHU0ZVbh)2;BUyh=eYkjWVN<MWIoT9_vPZ1
zF$7upk4D(T&g#oPzP=cb(+<UW{8&UEXDyx|;wQG29aw#kQ`sI-<3>zgzWR9OYlE!*
z-$vN2hVjO99<|PL9%Z_<quQF|kTvsh^B%RZyEf=1s#Ut*3$;m$WXw*({0bR|BwD{Q
zZmw#3`xAD1`@H=jqw;r{FXQ<;?X+wSV!3XB)blUMs(LbFx{E5xv{qLRtmmS9eE;K{
z7=NFNFeRQ2YpgnKHtE3aAIKVltUR54Q3}l488O^VtpYZ?Q_Rx_dsKf<QM~^O+6vH~
zp_ADOtgTZ!li~4SfQ<vwzf(R4tmyX<cBKv*1J?C>adxAK_y>ngQ<5LG+I&z!=^*`Y
zkFc|;uI?@u@h)I0i~T0Djr&2fqXF|2(QGL<+s0*j+jzFfZ{#Nt9wWuQy4-vRtT0;d
z73OL$RCUS+f9Of|e8hcfRHrkeD)Dw508P`gusiMJ4O{MBrP;>zRc+JE!;#<4$fWl?
z3qjYn(|ATy3aoc$#Bg`DO2~_1)CTpyI@|2m^|?r^N86t3rZxDb_G>Ux9FTY7#B9tF
z`8DlO_x;?bUuszUigSp>wglrr1do3LzM4O&wzm7wOAYbxNN&+g*dHicttf})w?>{T
zQF}Rif$q1e5BP?`ccYbWo{W#`vKxHf?ua4ge?PF<CTs*)t_f4V1^Y^e@%<lQ+1+CA
zRPF1$A8`Laq~$%Yx77+_{sIL^%SYM`qL1kMvo|)5%rSRpFE4u?c$=RW-=v}JMLPGs
zOZ7!p<B@@H=y@^Tn8v(owV_sBkAgPog^2o|{2WtTqmqklVsoW`8{_i}d)_9+;0wK=
zonKPjl><xjTkDR#)jFijMB0;@Zt>>Z3YmdIdG|q917sbmYv*BLZGL0hPXOCy!cvZa
zJz~N#fVG&gTwu-qh~bWU0k9^&@!R(SYxEn>{40-8^*c3I4=eb%Mf43w>oDow3e4MM
z%)b-ZY!em&mTSTWf#viV^&A71-DA`<DSeuf)nn9iCa_Fk-;L?HI_9IDo37@6n4stJ
zZ-C_kTW@GXlYO$rXpQjmZ}2sM?@*nrCSc9LZiy#rqfr*=+zY<39<i3^I<Jhy92h~`
zcvNSeRuoH1I&zvafwUuHY3Ietnt?PW5Q*LU=j9jl`f;P+NLBtJF&Tw18D)ZAU%%Bv
z|7+`bPv2@L(suk&9YfvEuF=KP6Cdk3t=CgoY5XYxk00|L`3$=6TQkl0y>8U|3>WLa
zR~plsz&jgb?{|oI!<uQab<g}6Dg3+%=>=l`bFYo2s}T?RdJE|#J4N2-?pfZcM@>^k
zF@_yUyeCCvFXyuP{dc4*7)!oS>EBsn+P{lkNtqwDm->!Uzt^L5?KKQ+2e1XY`kw$c
zj5b+CK&du|5q;Ws@I3^K{ySN~G6P1rUSN3vO)l9AMZhZFo7`5Y23=Cnm`4LJcToFY
zz4)gUm;y}aXKFrw7H;-+Hn9i1++G@njC#n3`bP7zt`+l2x>_H}85lo8!q4I?tv*PH
zOr({EguOY(sKde;?dduP#5tBTa8b5$$f$#i6LoD+1FR#Y9}73ezR6~!^&{<vv9!wA
z_tA;838bY;d|aAs;#!V?XE-d@^^3&!FJhG>eHZp9(k`O3OSH1{_+Lot9gg3gL{|X1
z{z>SlE-OK&yr}tpXm+yB9VS~BIxBmT-h5Waf5<3-jObkqKK=tM29_-_vJVD<rS^(_
z8iP(}7}goQ{f`EJuXTPVIhjZ+aUh3m`y$Y`fOfY{Uy<Jj=SAasG=ksvlC_<vjO|G4
z{<AjjQhjy<>jE}&Qs3B(w!X0>Bk35-H!s8Hn|v*Me4@=-me2o?vF#OYADPPH1J?11
zbq=L{`)Z`6y&7R>iE?Un8aut+8Oc+T1sWn~@-;-XQ3&!fA@2uTy~pN@D|O!@(T;<5
z_N(^33tIeO(f>0sp1ms0Lk(>oiwVbN7J#k_bcJ>@7Z_z$fwmd6*IQ(|u89hzI&A^n
z*sI#v0p-&HEWKasUAVUBnJ>^+3h6rt+78gZ$7!E5Dz#F#Auif0<yhFeuSM7zqQBz*
z(Dps>bx-I2pWJ)%M-u5Z9WmKt6BCmW6J%uEwl_`Mrkb{?rWzWg1SvtZp+RU=5M-83
zkdbXcP{b6Ob`xumP4wQ}n@u*^gat(qWRvg2KEL;K&iQ;k=kqVU_1pT=O5W#ro^w9u
z?{l8>oaY$x0IhL3NE<-fb+g$CLN+@AU;n|I`np*UYXFu#YRrdh{s&ezD%wS0UBEhl
z-6~<dz%u?OeD<{Vr}Dii^shqG`N@UanoI60%>R}6-x7UA$V~kn^tW-dUYH3iIBwp%
z<^c<go7b&kU<DSe0$9EUs|A*4!J2^80=rLS%<ew`n|XV;dZw^3mN5<4`$8Q1KaaOe
zVG?P(Pwh4U`q7^|$DOW2n*W8}>U#>E!&Mmj)$<Jnis(8(H-LR@7ty^T(Vc0g>jzyf
zbO|r*n_rRWsth{PYbL(O^}(N!yq7D4UUMBQG>d<JH1-Qv!z$Uiq$KBJO-{Y`L#4J-
zliVQqS|fa(@!ik)L{+eSt3>+uDg6#D-*rr%qIsu@(lI77nNMCt3_fz6N8R>YEZz#_
z<)UwYjcgOkT;!Q;!e6+(hfMX7m4o^Gjos|c0N=qCPId{;R?GTMd==o!AKR^NC%%u@
zI`Z9W;bZ<5;OoJ-Ii9uCT2Wu?S$)yC%KAR~drC;%toN;rthR%UqL%$!EY2NDLED9X
z`y1;VA=v=v)}Pe~Kx<zMc*~K`D|$Yj)1||aB9`41>}PTfV)^xfXX+i~rzo?Wb9f%I
zu2<~-8+hyA#T-2A8Hu;XV_~N8mVZow((r-(%!<;=kk*K_MS9wm`u?^SY1=>GeN!L*
zz``F0JzNp{KVTUXyLp|P)`!iKzG1!tLGwl!eB;R>?yv9A{{NBMpZQ}Qi}?uotgzmR
zk@uPJINt#*0B`w+yVa`L&OHC<c795A&<t4(A8{Ki{bA=nzy^Tz#&(`@zuVaX+y6jT
z!KB%Dd<Izlq&UA6m_Ii`83uN?gk=HC{A9QKxrF5dOZ`;nH40yUN`Pg5Dtr<x>%TW%
z50TBrTs>$rKHIG}>V4!YKBouyy5ElU!KvNqX+l1G{{z_c)NaciZChWz&Pg}hL-PK$
zTa8NfI|FRb=lHJJ?r{Fq&6kY%e;o&X=HI*3g4p6|9PVhE74_H#S*>60RuA%6`@Z+z
zaZ-<G{{NtDQg^E#i|-;k;4rXCC8QQR`KotH=OFq>C}bgh^`8~4pJx0ZL8*=lsmo`L
zXXLrly5r1UYDNk%Ug*1OAg|sNQeU=>X}S?*3}j}H0Bwdhq@E@E$939iu)^2iUZhtb
zy_CvEet6nt_jkD%(*KzK3v^As5Wf#7`tB4kB|c=*L6VM7P<AGU)UbqQ0NdjWnQS(>
zz{Y`D=Qei#8*;m$$2?8z>K&_M@jbtEw%BPo$g3V>aS4m9xXREEJeTVZD9a=p5c7Wr
zPu-{dtlf7~OlA1KTN#+YEy<hWbGh%pRSEX>kJk;0f0c*+vR_C|x2}CGa<ir&e`sC%
z`ZOQE7Vvjt{hMw7%;JB8E)#RSXV!dPbIgaeKlmrXZ?b=$fc-zol-nQJo@8@B$vuIu
zFEVcs*qB5|ZC4H~72lFA`iY^7>$mb3XmPaXi8ZwaJjFk;>#zZu|EPTEvxibVk9${|
z;~f^Ijp^|Y%dBhFm>!2?0y3ukA=BKhoS2}rq3p74b1tw}U^Nn!eIl=)atSK{mY*WV
zsK82rH32J=uqt5T6eC}nFYAG2q=wW$Y(4}>y3M`p{0Fl9X(4VaR=EB!0;~mCt)k4b
zzXeooUMKt~B`E#i)7BlP{{frSFpI3q40c9a3R>SBQ5I{yR~f|2{tMax&>HsWa{b;+
zJJK4^R$EMRT;FY}ly4cZ_+Q{3{EGa{{+W;VIUuCl_eo|Bu<irCnoOo|qD<`vh188S
zH+h#!HtnLcRxh_xc=wMpokF#Gxn7r#ymz7vx)s`+m0Eo`FPGO3%Bvdm+YSz~`=`Dm
zmz(@cd0x;-(#(gOlo#=Kfp;=p@OoqCW%f4k=6xfi-WVs!$rSfS?-q~Ys?{iHQ-6s1
zI5ebQ!}gIHZ7b1!BTo8$DpNjaCo)3nk7)cqTk2e<i1YW<fp_v-g7>a{<Lv?ORAxxM
zp31n%h4&z5-U;v)e@F1H+&A9rlc7%?9#S77-eX;O3!HhY!0SIk@Xpyc-cIl~eOK^)
zylkI%N5MONWJrCActb9{#dcom-|44dyzU=TFQ@)}@afk6y;|<yWM3-={WgpT=F|N7
zQs;Hv{C2eG6X$ilQ}grgfXsT#M@N#(XJeE3#a?7iLS~s?lylSne>rJg2^L`eKR}f8
zr2qeNYU@<$k9hl~OIRi_Uv`L}=?N?km>-xHpNiJ|VqmGj9(9=;<?{$lP6K$Fv(36h
zE3hVDTAUox=evN_{wO4$+s|gJ+3e=8IsrKY{{=aDr=tE(4XH!1$?0{I(*QZW|DST$
z{XfVlJuPIq=SBB(MuBG^6;eNP-aj+5zMR2^w2`<op)bu#+Y=W|n~Ylo0`HHUchxk1
z7n}z9$oEFk=F)gI9f~mfFK92xxLbdBgtb4gbAie4le7XWmoVy!UBGH{Lb@;d7K%|W
z^p!rO4I@oH2O0(z&N27nJ-|kR$@b?NU?ad%B+MV+@?`(`EMWfcoAbyA)^Kcy*~}DS
z+bIFoeXNiNjGcb~>jL(5z3eM>J5ht6x4r?u_J2q#$qn)Q0sNcK)||VT{Tu1qkS?FU
z4+1OyLCAJ~#l9bD6-d+KMbVg@0apD3V>}o-dZp~+e}VQ3?NM^)p?<(K+glCPC(A)M
z3OXZRF3+<T_&D$)8^68<#s>Th(>ZY$c<R1k?i0PhBEZsh`Df_1h+(8<Vw^t~o84&B
zY<tii$m;(A-wXH-T%@f_?2?Y@0VFY(63;kzl;Z`@$Hg)6q|Z-K3N)Tq_Rd3VW(j!e
z!9(X~zK3)k?X814gQYc&=o>)at<m4KclvFh9|1kR`{cX8Mt_BseiZacd4j%Z@ARn)
zuz%9%kK8+b0qCnW`oz7{*MPoVqkp$(uk;<DAJFJu-aGvu=%+RMhxSfC1N!U}1pQ5W
zr_TvuJcFLS^LBxa{wgbd1?ZbWzmnCzjs8k2eGBM&PZ0g#NE^MWKd|?2K|c*$_;u1d
z5{qK7t^C++Y>~XwLiES4-_2rl`$7w2IfuE(?Hq>2PzB^=XN6c?6W?764Ido(o~;yj
zM4#2zy-J#ATfy@w%0PBp-=>AazO$B1wNytvNN<Bo_IBO{3oU*<^h%`R%tK`u1N{{A
zXNo)RTe48tta7(d@OjMv=tk+hpT%1T*%<V$)0sZE&~$Di-a7HzVbYodeEfs7{wTgy
z`3_rXZNCk+@eh*rqqq&jrxsf2ua@ZpH2y(f{=JYoMf7hJ+TQ(;Y@h=+8>pD0CLv?)
z(PH2FY@t=JZ<C#uh$j=>>dv`$^Ej(_6-sqseUp~k{AjHy1J4-NY<gqZcSRwqbCOj9
z{3Xa@@7rGNAZvwL7Of?n;MuOpD&n#fv99D`%Bjx}skgi7Qx<>f%Uup6*!$;@weyD|
z^*J|tx#hm}Ph1WRsUx%VU&zbBnzw-pi&5jL=6ZG|tw%^}L>jY%(R%=v%;by~(-Aq{
zg<MLw5q-dWN}TJRN!pVXV`-d$F3aMxdFI(W3KzeGi6`j*A)U)kh_edT<#s}DRv@I#
z`wDW&7r{X+Ys+cK&6pQb|1Y+90RNcnUP^E=^v(Gp^$=%Uo>i9D&6Y=Ft`)Mnf+6;v
zkm9+`?R&lD&Q-?x!Z2i1E)4Nli&rt-@mz8sBAtB_X}+S6`k+VCo4jXw*lfq=yba=}
zE3^MD!FsYNWI8j;1=eK2g1{Pq2~#+$lX74Uz%Frn%W%?fs+1KjmBQj*L00FIkot<-
zxSO17lJ$gJV~O%kL0;z4kZIqMRFa_7oMGOJW&oQmGwj+d9yPG3GGSLW>C6?9&Rk>o
ztY-@USMX&>@@al*0G7T=?Ekd6n7zRyz3Woz`LXs3#dHsVr>-Q#;|V<*h~X_)2y>{7
z!nA<rQkMf+((SvEPs>uFOKb^<b#VoImvcS)m$ywAbp4>aj%;feJC?_)6TIf86VQ5*
zxfJ!gEX41{uMAk%+XdG3wiNVT%R~HqouYt!j(^-d$FuiF!PB`S#QcO95Bs(Y^>eH)
zq&K3C{Uq~vmv1uJ=RLo03y@FprXVk{O33^CwEr)8)R(rOj{SwDuMPm4S!F)I83i^C
z>{tn#1U47EvX7*1S%Q)a%)u8;3K+r9C38XB1X|5cd>N~?rH1`qq}%-#%<n_7{Xb|&
zKx^{<0v23tj5%80yMWcM;d-jJm!x@aC-CB{oPD0Ek+$;;erDmj>r~_HaJ6w@m?QEV
z2i@<8?z&U0_qN()$5U#{KG6HthSVddEgw2HmbQGvtu3iO{iRsn@V&Jp@9<MK8+aUj
zBinByy?-sYefXA1-*J`MC#xKE85JS+W{vM8iO!=>N^E^;ET#A$SR0s)_D8eo{GK=D
z-;B9EZ#mXG<dqlG+PTin?StQcge+fW$SrQUW$rk4)_b{wkhKT0z8;%D%Hy;7qol7$
zP&zIMnPR=?0IR<|#QhNEb645_aiiV;k@{*icn3E+zvn#{X=7)G_<Mi17Fc!UmGZcu
zJ{SajE7d=na|>dLEB3J4+XgJ&EaX*Q98&3w%lCmb{~9@aR^EQl*Mh#9=wB&t@F&#Y
zoMJZcDWXTaoIvIM$0^RSV$8Nkmo=ORdSUkel?h74xgqryb{^y?(-vcA{wy(eXe@R>
zX41vn*6s81?<x^SH(L95BE7x}a}$l7b*DJ))4DDDH0n1~;HzAZIgzbVGN1HL>}MuM
z_D(Fdb#58<pBIJH1L!-ibNNp5d^6%U-;m9@5%Q{PLM&E_Z^<dPJzXsKDX3fnkTVE5
zH_$g77*n}EcPkf--SkzMuTe+eq!_KIo$L^2urp3lf49duc(RjWjQM{;R^JBEj(41F
zYDeb(Dbn9$bN<P(=uo@d<_hNj33-#3gw+2i4rO<?W8CL9k+Jc32K19lL+U@oy<Il8
zycc@4LFGLwP9I;){tx=ex)8q~U6$s*T->u51>SvQNRJ!t-p;j-?M$*WS7Uv;KE!?c
zSF(C!cs}qP2fP$`o&#PDyubl(1Riw2+kuxj;61?09Pk0)6%P0q@G1v<8hDKZ?k|Ua
z?SN+kZ*af^z?&TKa^NivcrEZY2fP`0hXrT;|G>L|Yj*>g{s*jeOGrIQU~K<S{I&M=
zg`IyREpR#a0rS0bl10anTnBPD$?6W%D|)~?4qn=O`0hW+xSNLmZxUmQ=9Ll9<y;Zs
zzTR6-nmtaar^+=(d*&L{C*<6~<|k`e7aQiHTsdwPk2h5T-VyN9`!Bx3B;H1DLzh;v
zM$PWt3Z5#A9g6GjQ%{uiCOrtQr`S-nm>)<#c>Gs})Z2;YjT5bR_l>*GXWQ>Ovo-ci
ztOpwZ6Z_5|1b>glf8D<GH-TT-DEOD{JAXg;OEvz(zQXsf#r&r6e|*Bee?RyqHU8)K
zoxchEflY${j(z9v2Y;)^zi!|8eHGC6H2!11!uNwew_fn8dHeqT;BVCUL;KF(5B{*m
zfB(Mo`_4*GGOrT+m+m`%5d5_o|7l<0`@!F*@z2>eezHmSgFm++q`t;{oQ`+aXUEL?
ztj9&49g8#O^_H^}l=f?lGg>zP1M9lhe3rc(SkJW~(|PCsu)&M$^FQfU<4DVF45<yy
zwr1uvDwnm=#W|bw?moy0UMqZ>ypG>)jl<!YaSy}6%HFgN{b?k`-e^|N5_TqW-?0;E
z+qZ=D*v2gWC$LEu`Y_VkBznTe*YWjI+sjqr?=-L$U@^X@R^}EDc7=;^jortoOi-$!
ze?35%n)h_`rA^f;`3!{0)&{<@8~=A@3()r?kDWJ#*j+EH&8$)~ndvT@DBK$9XKIIn
za}t#7<`BOxy-?gw-o@?q<w&bQ+NYvF8g|mlBs-~eFFx~p>F15o&u8d9!qk_0AlG+u
zNG+P}4&u}HSVfj?Iol`9KvvQ%*q7>KhTpO~Q>15{i|<2viJs0cBCQs>Spm|g+s*#b
zrNE{njK)kAut{KBobDr>B~|L#($De(N}g3xf})U*KrdwG+!Ko7&hJJiU2BaEM87C;
z0wKN*f3wd^P)3oTOI$bWere35>p2Ei1HQ-!r}xi0k#E<%A+<WTIAo478Vl1(Jqz8=
zp=a@{&Zt8Fcs!)XaAEO}fz5qf^qEp4wqP;vg2#pa4h3?p@I$Ty-t=Zj-7)(ek}Xc>
zr)>TMzwhyo>3zlRz$V`csi&CkYFoy@AD!PwoCI(GV<C1XO66p?jxt&Nl}yZ{jArh7
z=(otTQuO=FSg$W<w;h&=zMl`8ZEuIv6GgdL{1af+Jt6%rp40snbl?s0d`EkSCh$#y
z?*_-a=VQ{{bI->P8`UxGUc(^d<Znk^OXG12Sk(^ky$W9sr-1bVd%^W=%Df&v;Bq#_
z-hVtF>*4Q0>a?O*?_x}P^u~D0GW&@4AHkdSd`R7t=u(c>WK%iTCOVgc?SCPw;3Z*8
zUy;@sx0d?`jsdTFN%#hy1su&tzJb$3KM>;aA?-19ZT7eu9qT{~R8PdlSuwR~`32aI
z{xPIJ<#4ys5>MdA_Sksb&d2&c<jj3Fq$Wshx*eF`f(-ym1$MH8jRGs*ZKj(9RwiLo
zN4{$8XMnL7Qdb&r@-u)p?-utq7Mkut>v8g_-v>cA_7?ZwFns!jKYu}-G24j8QM9$J
z0etxwL(Oje&=RM-W|n?909g(1hSaZH=LBX2)h^z8yw;A$;{RQU{pkD9kDTMgS#8P3
zIjV<6{4MNK$SV6H6k|+X?~${`+3$d?>M#F0<=O*TIdNfiTWqp+ILca@R!e7Gc^5&S
zj1RN7qb>8?+p@8o#lHk?RYF+(z)knI%rzkw-J8X~gsi0GusY;6U-WoQvYvLCFKAtw
zhOCYQ!u(9#eO<EOZ4_%z{>7-z1H<Z)+18-HIG=^ofw%P)afY~1i*>Y%rL`h0?`-=%
zhUTmSq}79u#diPIcdh3n%cZ)PgGiq5g0GR+A*z!OlE0DPf%L8YuI(&&qojpV=nq{#
z6Z60*_(!lW?j-)xWPZaBeyPL#`?)pP&kpjtM!sW@VtcAZ(z!z(rEeB;Q(}`#b6E}e
zdanzyILN-wkJyW?{~AXdFuQLEIgQvqX0Z3uj!1B8Z|@@>TZ6OnZ}3-QuXQQKM+hAe
zi;qB=OXx=CHyGT2@?h`sS-dFE-sL^&@~%!P?SI-J&yRlfGRb@XNLxLb*DKE}wu&kQ
zf#-LQu=mb5NBmM}AyJp5P@!@bT!Qr?98y20avr<aa(>{PMW=H)d;dG-r2Wn~%31ki
ztcNUCXO^>lq}9B(^}6}Dc|`orOR=B)DRegKgXhI2^W<4%(tO$inIqVjc@l)o+4YoY
zyvs*3`!{5D+!s<C=$!6&yDaLEhNxfJD;s^0#ha{6P=-50YA=oTBlYhz&KS2+c;Zay
zh9HmMR1Ut3;Sh^C<vZFw)}?;&XQw%x^6r3)`d^0BNs{r(;g08<y_WM$;u{8E?yo|s
zN_<Zp?l?caY?+^!|Mz9sKZB3nG4S1gxMe;+PhLvdIa>kf(;p70o2k7vA0ErNf6;B+
z)4bLKdF|K-u=mQZINW_+3pl^cHVFQa--lQXHs5N!{F*PtM&kpx|MU##ll~e~e@OKA
zI+owMkKXQf?nq;z<Z{gK;~_Pj-YmPxQJ!r~oa6RpnYf?P37Jik{BF7L*28UUpyw|8
zx;G4-o=*kOmc8@PAJU^5uE2bj7FPSkTJPZpN<5&zLc_6$^nz~Cj)L|np;vmJjMLAz
z`jOTHT_(lB79tr!zHri;l{$Ry*TVeGQ#U>49=jgH?jwLVeQucf4mtJtCoJzw)_}en
z^is@myUqE2b6&*P1-{&`hnY{bt!`IJN{MvCE+F!&o)c#A^L+<@$7<(pH1-9Fwhm4Q
zWYlMSAR`NTv-_a`_;w6^)_bj+P9I?VE7bQvVYP(hJ^Jlg<|%JdoWn%L_J5GkdT`j}
zgE|1L1(+PGViZ{Up<y0Rp-kKn5_aNgq}3ozyWdUyGIb;7KVYT0UV1j@7tjyY#K`<#
zK{I}Mn7?zS@H5gNu%2&*9qvR`==YeIKRW1oL6>WzTO-YNMW(w?o#5FH9{KLsc9EZa
zmu&!8OJ-PoM)K1d1(yGvF!M`@VXk@DZLXoYvKO)n&~BaVK6$1&{=z&XR*-kT+?D3(
zbLBMnJJ3F4)AP;AwCe8F@?=l>Wp7GQCO|((^q(E(nxE+@C~>QT-G2vvLwZ<!o%o}N
zS@Ubu@>`IWd7*V5&;{PUL&9ns^Rac$+k1umTS=cE2Y)8|5!uFkcO53q%+J(g$@=OO
zlmOD%x_6V7elAOA@xPEhhV;LXF0tt_r*)Y0CDTGoeQFSV?dY55i1yy%xtdL)rA+cX
z?cW8Ojg$I(D|p(_M|LxP<1lgl-N^h8wSJU!73QC+uzH7EtO`rq^^LRma@Rsu70URI
z+dka#j@B;6nDoZ{)CYN4=ZDqpF_vwv+goo!p8sl$w<E*qNQ~usdY1Chp0yJ4g4JPl
zlqRO7d*A<m?6~pK>}-=JI~%o4ALNf89ag(zv$xzi+dYO<C|1Sa53Bdbc5ia4n=Gow
za>&Zr5N7YaI_f2syD}fTZ1@_5uHFrKCC7x_?lN1ybJ1*er76goJQn>qw(s0HTU@a~
zLxPfboOvxO1C|R+JD;UFr5accum`MjvF*I3)piO)GP}WFadOynXJIF>a$wq7XC?lI
zft3MU7292u9LM2Mm=*}m(ogcP!TNJrSY76JcgY;P<{+1*<?r7>*7o^fbz^L@f^M>C
z&L4!VJ%wTQ5wX5H>T*A^>vHTpj%!iB3&YH}bC$i+-A;Qa8t28}&nXJ4A2^S5YoEH#
zabLoRIir=|eI@zbkiWAetd`TfwD)&q|8JIQBxrqCmfe534)ROGYKG`bEdCj=;!DHo
zNp54<az=2F%Ul>1b88Lc<=0_Nc6*P+B5&m^@>u_eylj;D3Q=ZS&%(gkfc;&JGqg7?
zffosL8o&Pon$qQAQ%tm^#sp;$*h-;4(YZhdu=JH-9-DhH9bEDAu{_`b;Otx=n3j2t
z2p~uQUL<JBLDL}7u+y{5r8*6}{{Wiam0@%Ib70#gjP#{0U_HQUV;Uo#7Uv;dxy)tg
zc<*yrubDmK`UIuxj4=1l*Y>yEpU!)r6pXJi&d^)g`49LyR)^L19M7j)C0}08^9~2p
z%qN@0qk){@nlO8F(sfKv*vB-BM+4sUGsFB{NH^YFoq5x5fIj^dcv<{U@OBnCzhk2y
zZ5ZqI(@Av4{Oitpc8gB%k;}v7<RsoA^6NV>tS%?p*y~@P-S_g!W0docQO?u;yTr*m
zpzs*Q^BkjFdyG<ijQ`@a;(2MMi_!x0o6>NMvYsX4zY7_%_!wmg`&Yz2--7k;$}oSk
z&wYP)hSUCz#iIp(>q6)EH<>*e>6IJ9Ja(r0T)oCDegT`SiGOMf`5%5Ye)j%d6ZkiY
zeH<%aCDW|~_;n1j`yrd|UivPc>uOW-+-C1Pijdz1`L&S$H(fq|`H%U(AT6&RbDo=i
zYF-DHyG)^#EFJ-5RX2oroV#+1U7<uP8IKK4?UHjN=G#K&c46oLNN<L`YmIs}<dsP_
zptXjbg66y?@P)xA$A)PKHrQa+ceVi=u+a4Z>j!p#RE}XG@1KfdJ)gTx+Gnn}-bYK_
ziv80yVKpFRF@I!W{lLDk%W9SQP5W1^9V@^)aDCVokA+$~328OghSjI2pRE3x{e6?w
zMq`mg^1m(s&op?hrhVapuf<~jbiQj@m{#hj-(irG4Wnx-y>}c|ucWfg`I^|D@)N1E
z#6rsSEzmWC?r_>Ce|CVI{dR%nSz)FNB;ADd@rJPKXLo`Qh~-<>y4@S4F<lOM1x;af
zg3A2L0q*vKo9y-inwQ(bKLP$6D$f%!m1l!nd9=P+(VU<pHHS@pnzg`uz~<_GVuc>_
zutm_*JL4uD&pa=kXP%dsQpei^{KeqEZuWU?gPEU?nWUSs-Zcw-#X5HNm<whbBisLg
zZ#(!d7vD(pL>aKmo5SjW{*BO^soT_~B~jbgAw7(A_KxjYd$mhB#^I9RYwo|9-ir^j
zID$MsiYv?eX^zM*aAR2A#rm_~(offzhAz=}-Aw+MVf8|y|7?!cc4UfeMdM|d^1n6A
z?!5Y<bBsF#R~Q4B&9|Uy1|7TGu)`|%DqA^nZoz&A^z03!d#&`FP4rZb3eXp~h;nRp
zFGmyTIzdNot@+Ng%Duu?j_tS5`{9Cq!R++ZkH>GJ_Y%2&?K^yq>l#>RUIOQ9cTTcy
z#rhBat62S~8Q)=CD`fl7ouJzTx+g?G+e<&X!_B@)c_y_aC?&UZo1OXlF46T`7XKJ@
zRiMk%`}WzoEuaKx)ku@?WmgJ%O`oT=r4CpnuzQ^MRc0egyj?M;HtB_ooj(byVOk8m
z-;6V_9^P#U(w?2ly$AFa_lCKT6Caao472;+x1qj~_DG!d+bLS3(YjRjT+q(_d00Kf
z*$2f`_V`45*_r<bWK8}ltg=gvi`jU68{>5s+y5Y~{{hIC=FBc&VPL;B%HFBRe?wZ;
zgJC@uAz{P7DlOO^U=_gR`|&ft%7K~Uzuk`c>_KxIW&!JYFl>6ibO5|Lz$o^wZ(XYC
zUR15N*%bU$;BS0T=m7$&2i5{ii#tqv{1#x{zYVLSj(es?`TpY%;vDq$#yAwf3Ktr8
zohBeZ8+qPq@<TS>x@?X!AJWno%e({o>4(DV+Sp>m&z~(ud<|rEKO9zfIQM&7%$r|2
z8cBFv^+Hy~@BTM+Me@^I6O_^C!|Kr9<!62s`Sp-r@j}=h)5I=+o{RjzZ1P7SfAIIv
zf%h)I&_(`=+2rT{82W2}Sp9tO@{7KT{C3DseaXSz8+-jMn@#>S<afL*=AhZ-FZe3*
z%kQN3B*W?_dzT;lD)M_FfAEi(Kdj@@F8_?LB0v2n(9Z||cjd2#{EXfIoAR^wm?3{K
z6jt9=%yV6(P-#b`sgAAxZJ>W7Y>vfK$@IOKv?Y-F|AVe799Dlsbd_oT<!Suw?PB09
zz#|5~rY}nOR5Lx->e>Wf2O7bbHx$<I@=_jcz%m~dXA0aEg71HU7h7oifcYF~M}SvY
zXeWT}dBjfZ`)Ptw3)&MT+Vr3D`moaG0&lX=27&cB&{hC%2ko&EZ7r}i2ij)f9YdmC
z1#JhgdI#F=lpko9OSA*PDjaCXfRBUrG>LW!Sipfc^=H^$TjXW}%W|O22c8o#%Pj$x
z<Um^mJP<M0Sv|0chwZejz{@POUBJQ?TH5#Q1YQl=^9VmLE%Qp@W3I)J9sL<!Z&{rN
zDJq9KeFo|6;I9(=8!hP>cg@aUfb;?IpU?SoH*&2(Pp=UC3psyoy_8Ph)qwPA?OVlI
z3gE{!;C<lR>Nq#lN>jsS9@`wC@Uw;y$QXre?JX(mURdl2N~{w|u4kQfs>x;X*xR9R
zKPvVbF8i6w987vtmMZXOM*n+d*$#PQkIrtJzTBZKROgf6t%{oKoMa~5ouCwK3-h>h
zvh9Q_T&wQ)E&dLQi2nxOQpo&))Mv|qO*|InaSI@CmFVBKck}#Z+9qIQj|m&zJbuTB
zy+;Rp5AffM@08}$=d@{*^xA&V^*tF@@3PaamFC`Bc^;nzPtLE+V~XP0`0v4dit=6Q
zcGhC?C-AxY6VM9@j<z>;@0G?}1M*7$b67pfEiZEnckh!fd3DB}<(yMz9J`BIhkR;L
zkJ)rS@I1CLj%RP?^Z4y9d4(mvkb-*?l;)AJS{~b({Cu}_blT%JLsrL|VHWFF?D1A<
z`_nF@jUjE3t$jC`Y!CQP34^xkEn!2Or^Q~a&~1IxU#39Q_ZGKr>T7+jHQrfnnf5dF
z+w2bXm-mgccABROfHm)N_<rk|i<1f|#!e$-jK3E)-B)e{Huj$RT(BG1sDv^9Phi!k
z|0U#S{l%Bg?b^AYsS#dvIY95+kLyjHkU94~zGnM2{U_dB-|I~EO=Sp!K5sOv_E6t?
z)};)s<}xgDDMPC$L)Oo+UXF#?Tg$%tzqFL0&Qu2K-({e$MgM3azxd5AW$5vl$`Eil
z80qmD{X646=v%0Z$71uPxXW$tOMPw{Wz0cep|`($$LeJ??ETx!_I_G7I*@<;2VwQF
zRLA^n_kFH)@$KyqXZ#cNJ)ej5yKn4X^Zf}*5LkV(OCDq9dEvxlmpBF<asL_e>f(m<
ze#+KAV70(bpkVb*z6)j>!h!qEV(?}9ALR9=4l&<At*r)tHS9m6Zg!hX&3T;b_Wm4;
z$JPn`(m$krNWv+WZYwkEuX6gA-A4g^?EypTzufE^mNg^W#VMT@1{VJb@-hz|V*Y`~
z-UUP1$2TuE(%yx|V*`Dz6Md31{S@c}PV}kH^jW{a`tC&Uccw1`eWerqTsu9DjV937
zg8u6s3%!VqMiF!6a|degUhq^LGNk_8t<EiedQC32B+`9+zeIa~Ye-#W^)aAcqq#_*
zXmODi{Vo9B{=<gUJhyU~&tngDDF%=K0a?9SL+WY5_((cJC$RA&hSXD%V*Aedj(7fO
zzg+E<FrRkJ%>U(A&~Lv#qy{Db;S6B)Cl9GNI)9sW{!5<C=dK#EwjDF19=Kmj<MZE1
zF7-rfP7tyx6NZ>g()ZctPV>D@clxzU;W|Y;!FI^ZIcbQ!x9khK$h6e;lP)sJ2tj&F
zMHlu*rw(yl+j6FMvDA-9muLp<C}^3D+u`ib@OCy&iahGGxc?3r#itGFx&)2IF<?Pp
zFA5!n$F|ZRboM+gtvS?A{s+*X7YwN_ZoZM`{(Oa-PRHV(Kvq)W5PwVDdZxJC`Am_{
zC)&Ul03XEyq`T>ce&$`{(N=$Y8J_EG=NZsE4vDcd3OVV;L;QVHOP!kavv1h<k*sQ|
zi|gUUPZu%97sw#n|2&BKWAPAw7hSYPIk1e9A+=pvqiTS4FLSM1>v+0ow(-;pSres0
zYC~*3tgGG5s%iadgRDvPJ+giIy#I9S`_{9x+S%?UjYD1|`kX>z>E$Wsv1GCJM_dZn
zDtrg?A4*VamJG2oD&I|xGOhJ@{cQJ8njvox?ZfV&ESriq=6#!=lH)xT+Cvs}V}FV^
z(9ZHt7kk_?;FG{*Kb7ik-d?8nj|9K$JKPFv9GDyfs>?xMuaNg`2^$2Kw0uZCO2Wo~
zl`S{(PIZ(2qnS79VbrgMHv?Gja-)1K{`te?pE$(#Y1T1aXjD<=0%J_Gc+B7%1z(}y
zGxYguO!r+{LFX$QGTnFS0;T|yeSvy`%|PCF<nITT4m$1Zj%-l1z_L(J>@E0vKV|*q
zJaImkA@b|e(r-1VGk+_j_amKz`Zj-R>nEmrot`eIYn^)C)jWdzBFg*^qwZ{W8&A}%
zX0Z3qz!$)G-KoSfZ+PmRx;=gC1myHW&dWj$7J{AZQ-j<llKLptd!!$z7=MT_3wY_O
zA@wHO8+q7+0^Z|2>?#%WIS(SeZ_SW;8%v-4eF@Ky_P~Va63Yt{^F1y~KfC{jJSNT(
z{fC!*f!4SBk(PP(ki(l&*O`1$CqP#Wy2qX8Ow;6XPn`1u0@Tm)wqd?sH)PtM7X#b2
z&OB}_fc09iT44PatZ5s?M>fv`?Z9dzjM`@#u<FVolbww8jDEp?x4?~f`JP%MkQRTl
zeG;_ep#4E?=eZxbts7Lvg2%|;XvlO{UJ9)LT%+8SXBDtMV2_#luf;FxQk!4adaJRK
z<o7^U)_F#r?E8Ub0;Bgmm1_3=Oj-CmPFD*UK>U-S&09aj??@@!_T+m!LGfQOq{p=1
z;yFv#$up5Q_X6`b<_UTkD+ZPdY=yvRUr_<<naA7JJ4C;98t+#+*lAh&gEs^6<ajpQ
zfE5GN-kfLmpMX^XTkNI>m~~c<>aMafJ=FgM<W&!;Cpp@*B-?w1!=YTQxc>qfl@|`_
zz73VsEWl1iU3}^6H)7Q*Z+3Kfo}X6f;<s4I=6~eTyTMo!Xzm&VHVjOAr;qupim}7q
za_&h`rjUNUTMVACIR;ZhT-r$T{Is#;MM%N?;%p>M=Hnl-vulU+Ga|Mg0V@NxR4>nF
zy*zCFLwZv!UyrnQ?*i5dOgkH6@81C%1Xd&DtP*P$%@e~&^KTM!<s$xG0<-@BFWzLV
ztxRuu66@{NW?JUw47>n%Nc3IFrhbQHfUA@3@Fn0G0nd%1Oh(K<5yO6-<aaxd+fEw6
z)6~HAx>)vHXU?+c%7ln8<aIR;>Gogkefn}yKTQ7tP3M*&)0^K(zsC9kzC$G}1K2dM
z{Uj_G*i@rg?+60(Uq7V!B&-}*DzKo0)d0)iVxBh|f#q4SHek6DMs?dQ<h7b&ObOo|
z)XNs#cgL_}QGWGUm+!&PzQp(AEp4(^Y7-v+p2~Lv?`OU%IQ>FVZ}c5If6dn)_V&!n
z@5S5a2h*O)>DWHN;z&OQeFAgv^JKTa>%CZX`2rV{ao`M>`)lmJ5%NjDWJrCJ?7~Hk
z`B>MxBDZ)EbT+h;<kbzam}$Pmn96;b%NbC>;~1QiJ&VEWI(s|j|9Wnd@;$p}FLiyG
zV_lQxSqnMC7?X5H;k!<jW4X)xUCY^CA?0CRlKH;6A2P=_W33~Zr|gNP9#Y-*Vvg|_
zQ9m@tbv%v!h_UuveJoe$_m+#1R?;Zy=e2j^h2QVDG{0Zc3u{1Ak1@mEM0rJ{@mwIe
z=dph8dnQ2%UoX~GM#E>*rQ)1D3+ZFmi!l#;g`O(LKhh_Wo-2=kV5v8l=Z+d+NjI4F
zyhdO?iH_NSfhoYQw$Ht`dj{<M6ZEB^e?c+N4O+aI>n-tONH>`V&jfgGHSq|BGo`bL
z1?F=JcK_vB>_;#^oh5i{M1@jXDbkvdRw~lgN$XM#(t440tVr7+*1RU*;Vp(fO>Nf>
zY!KLTdmZRcp_1;`2RdKVkh9;qe&>Ymza~JN58Cq_XfKquuCi^8wSO=4>n5R#vHr21
zebow~e+QA?iu4Da%Fu2Iqx!1_?c5uOxX%UieO(R>wL}kMOyj=|G?k#qw#@aSJui})
zlV*|~mgZ&kHv$<YTZhz(?Dco9Tz|@M5|p;BV$HtDT=q+}qVL)rV)uVQJH6Gp9+>|#
z($jA;)>UfrN?>z=9WHpz5%E&%f#(3%-UnVQ@K)e?z`rN(YJqnHFR|dv{}*`GP3C>l
zFtAEsiv_Kxn1Aa8@OI!@EZMD|1^Xu~Hs&esnz+=&B=H{oa|y~Q_BQ!m7uu&hpq-bR
z;OBdgV$e_AI;1wrvX@Hqml(3^o+JPGz0)dUymf)T_4XltFNxLrwYr~6AJVoX?N@Gh
zYA4NSgcUC5o|9e?|6m8&>nG6r+~oC{<po{*1p2(ZA67zM+g(HI8FJb2|3Y2s<#f%U
z8wA~RI-O^=MCj3CGWUS4s(nbk#h|O#MA2R|jPzlopAnml)!9b_RMbuxI}?;WcMtLS
zMAmV=O`0$i@g6hi^B<3mp32$)`Vr9Y7u)%=+g_Z-8XthHj-Da4%r@Tjdm`+Pvb=nd
zAExqK>_?s%QrE;}4?r`NV-r@GR_eVwF0CB<u0?63ZlRT#9#aYVb-hFUPX69)S8YzR
zDrx*f&M4%#oW<Mh$#I^v_P7huI^z~0rOwT^Tn(c6x{W#Yci6A(7*cO=yIW~F$4z(h
zArNOu6DV^%`r;!8(mk6uT>LZ4`^(ZfF6UIqTxI}eocqL(dI#yWCppTrm2>GV=gsWC
zEoAmQ!|m9<qq)q*V%=u<ZIRyjJ8n1h9r}jdcVV%+zCd$h)$`cTJny{j>TB(M9#g&*
zv~{3mag14P|7Fb3NPT=8(%O->)!{Ds0@Gb|eOt=o|ATL`&#-F}HVtg1Z^#rcDzy*m
zTc4rVXz|{e{}0j%UKldHOIQFbAK149eT8QK2OfAqoPRIp_jap+)x5yZ7ZuOC*^Q5T
z?8Zm!z8mv@fUL${L;8EG^#1{14ZFnnzkru{6xaZ;WrUr}u}NUQelzBK0p$h8;vAgL
zvGf<nzu%BY^^*gvx8JZiTqEtNi;<T4qS+=|0W9f7LoU@rEwDUb?>Wy0mN>kgUpx2Q
zTK@hcWR1Ki_Ux>^*62F<2+~GhG@o%y0GkFTzon%79`*5(v3DoAbAc%@iT*NA=x7SJ
zkL3#bct`tKrF2v~;jks+?|0TgM))Q3KA;)c;7ev3LI<#cmyGg~-rfUj7}&kWJZOx=
zVrlHrmP;Cm%>EDF{67q_H`^4blN8y8)(_qPc^CAzL7`)bGGqeF8ywPoqNxmdz%oaM
z)M?XPti`btefV9EqpxT!$@|+7f4f6qO~7jZCe{dnwFAo;8&b~|7|kQwfHebqN*@3G
zT)0~w{-O;>Ks)iykUB!l7co8I5iN$>6w-R$9a8@weN$3D*3VCec>J^rZ1xq;n51Oy
z+Wits*y_2RpZ|il@t<PdSHydqz)BJ#>QCc%{>%i8YFQu0MZ6@wvk`Pt`$hO&b%oD!
zZ6xo2i29yKvFPL|$b+U*Wb#so^LFs<85rX4NZ$09cw??LViI2E5QmfUD@DIxF~HXS
z#o}-0X_A!&=5Ivh`y-#veW(4!YFAnz+m)zXQ=sny{Vn7pc<5iG^~11V8S%`xrGfZz
zUPOP~J*4iTd=ee`JTIErSbkOD3xjVP#R>h#h+}@Y#G4uEyE?#EJR<BG?~Z8SrM*3T
zy!`eswecY6>;E#OenjO9aeD4wF{FP#^EU-u;C0L=WH;I|Vp~7SuUcL-nf>Rb1f}AQ
zAvH`kvWG?->_5_6<E`~MO*T{)wUE>H_K<p1GWm0w>!MU-|ImJ>x+tZ&q8ofApK!ad
z@757vJK?G}eft2?8<0LH&XCK${Yz8ZPl7J*vmy0}6zW^%{KbCOdvvmS2TN^{{W8Y?
zf4EPW?~ajp%XoiFTJCe%{eRGBC=vGFfN%3iyz9J_@3C67nEu=j{sLb_y@<YNiF2RH
zh%@&Ys)sQ6>f$5nZ>gS+*6PW_A5$0a$&mbM(4{6u)GMfb2Rh3ywTuC_-V8uL$NZ2^
z{ou3Lr1NKU+)(djUh7E`u`@ko95OQf5q=lw4E|;b&5<*}i-G^qcnf~OBYf}E{{a2y
zYZ3KNiek0phqPfpb8-N5+YgMWH`?zGpC#WNX7(@87F_T?FUR6EKeclsu&zVE@6q{L
z%vusK5oc^&TE&~sJ)pn3`h9+0aVC{{9n%k4JYJ*~e<z|22>qP}nbUp08_|G1{bw4N
zGoat|-H2{GlIFa{PMaoLC;GrsHaDWKruNwUXQ>_8a}B&9H<}x=$HUhc%CGMH_t{yU
z@2)>f^Rvc_3A*1jK@%%myYv5ux=W96+q}qEv(3}Kpd9HF--xJdXwJL%&(3>|uzBx(
zvRiyD;V+!=3id;&AKC9B7g!cBS$7En%LI0~z^I+dffWFouV{Vi99@^LLt3pxMl-M)
zOI{tosx5Rqz^Z`B{w)2#DlOOuunLR331H<GdCDN#Q=+5sG8b4WFzsGA{lT=X<Nz-Q
z{we{O>^!C1hi<W$x0(GDG*h4{6Ex>ab9xQZ@{f$T?S-vzyngJ|I;2Byhn!Bx`BQAZ
z&KJ7H(r4fQD(2^-BRpo0sFS(CI)QBw80DD_EF&kP?upIc>^E+H12pdHAgk~D5w*+N
zzUjToa+XD7ryD#4$D)7F76<GV`(ZleHxAy)+z5;3>XhG2mi(w4(|1E3KQ7|v6Of0r
zFw!ce`Y8sM@q-9^JHotHdE`e`OQfIAmVPeRehz@W4YE2R>rZ>VSJLNruY_cbKt@4c
zME&z#WxU{eHzgy4{nZH(wOi^Nxxng9jPQ5k#CQn;^Pd#q``t?RniRt;fae2e_x~>9
zZ(<Q%2fWsTlk67Y-N5DjStqdVzycDs9oX1O5&b-z?SFx#=127Vu5ABH`CG6_U{w~(
z7fw)GEm%6Rofa$y*d7ZO05<oB5#8^D?f-#Q0@L21V(%XVOFcQl?zAYIjXG)!Q@qXy
z_eb#*vdUoZ9|PZJ!P)!=+;>Vuzdy(3KVZ4QR!Z0ium)gDr9L_VY~VD^$!<0@vk!(_
zsN72Ck2!?#F)yO_Cb-D5*yEPE#IS1>u^gKrub?<$vd44)%Lm5%ndcetvxvSIX*o!n
zBhe26%XXlr^|2mlJ5ite(YpPsP)z>ax4Ffn75?1?5!7c9#;L5k^l^LC%N}Dx%Gw{a
z4T~e(uOmnS!$kW7Zv%dpz&&@0_6MG^B%*F29Ak<?m$Ub;fj0qXF`h60@IVj0c1Xo!
z_n(1JSa7PRG2mq-5tChE3Ro$yZ%SBF6zgS)xnE@fYX&C!i{t`p0@k3FcN5R282Cg<
z#BBcow#S0i0viWbAYo0w{7WPJyhh~H4y<IU8282e{wV2qJ;3XL?^YDkTrT!9o)@I4
zocX_le(vcJ{cfm<{tkNK-cYwFFaI#U5A?@7#4Z$jF5woOVVO6L^TIO7Xj~Ri*NHOH
zeCzR)>wcJZNbhq=Xa3koS4typv5sx;tKR5t-sSO_Ag^<Igx{mJtp$=#m*+9tQb22O
z)}JuHtca+8Fumo*-ni>A-Vk`oW4$0lyp`bXFN>(ZG}+WGz6SxH&C`JNr4I1suZgI?
zaJI*r$EwfSUz5h^IOKGm717_ilJ+P&<UI<}`v07u1lR4Imc2&;+C7yKwRSe0<Qa3V
z(5>zT4nBX>FIpfk>D&mv2Zfxx|Ixe|`1!;(O0SBj8=dda*kg%1UZUY~L)m*Ike9z9
zqAqfiXNl4MtcyG?Mt8|;khd|SzU_Qh3Gxz5^8Vm*$%p3hcF3CewA~hKlD+?nwAz-4
zdXS!0rl*CGme=Z>HbLb>+97({YJELP8o~O5G%ZFGyZ;2N7}yTyyOGxQ@)wTx7KLwO
zHDv9)2W>0Odkw$_fN5_~&{%B+R`zq~st#jS8mQG)hnZX<GYtN=dkh_l*1kGmt=B+5
zARA0*z-4b}?mItr`5215OywMa%#P-Wx`6B%>Oj0(|MzBkY`vYufBXydhg+aOcwNh6
z-BaA+wvVBCz8vy)-p$t#-~9s?8|J09n0C#e9|b-6jQciQ>1#~%RNh|D&w##%=vO<I
z*K(HWa_ATk@jw5H^%m{qC0oFu1ClL3EKKj1&x@&Tw}EHm-iYb0cptD~U`Gp#XorDK
z0-I;VLp&~yMW|h*-&>ppO$Peed(LyK_3Sz7Xetn82)>T>>=zOJUNMXR3~VQ`>x@0B
zVekA<ws(4!IHMc006Cg)vYT~6&QurXSj8^qI!VfU%l>Tyd^rz9`1#K~VJA}f-e?MG
z0i-#-*LkHR(=#poved|c>|^<(&`%zWsBbFPb;9!(*<Mr$y15TU)Ld&^4cYg-*!c~U
z4)7**i@k;WT;Mo=j(|4@yjK~0U=#WPfBzO~tq(`kf5v7%7<IcV&GtWk!+QBx#B`sb
z3|Q?G5tDyyHL#i|%(`F$uxeln1V;7R3akrQA(eX_v!(u0bC4okbC=-l1>Imzg!^0x
zY>?zVY3QpYZwy$~lfn*VYNxAp1)a@De@{?aKzHiwF{=-<+y%qLyU3;kQXQ8=Uc;~d
zJL9VhvNE4FkFQ=}8Ni;{`}jKEG`=>Q$CvU3^xfz7eSGDEZ|8H)<Esp5VWc(eWqgs(
zsnY;s{(q2>x^wU2s}FR;JHOiangQ>?Z@=33${&M%@>}QeRfe?E=l?t7s}r((yUgQj
zJFwgr&EsnTSk8;)@ihu8`$hBkngmw$;@-zs`kNRJFB#*Do&N)Ce$TFxvG)%lw*qrY
z2I&K9Uzq)#ocCq>-U;hC)m<j?$oqXnJ&fcWZI@G&*6Q7xpjNMV{|d6|2e5x|ZU^fa
zyw$B8*m>Mrs9)5_8K&5oVy(VOTC3%EVLi8-7IC)!g`D8a5%oS%uQc~G0c(6EqCOg1
zIe+R_PWr?AA0cmScZA2~lKR60@cfXuk0}2@eTNL4f^@sNz$Qb&&TVT)`OVm8Y_-qk
zfAIH&&2w`#u#zFeMuqB7Qh^PioaArdTl;*x@S(xK3)sI@mR!&b@8)(hU(xffdZuTd
z^LzKT;GY6N^?l#LJda`~eYt*?*#??0zL)y7&nwfE>H9Bs9zBlz9=@x|zBl~3yf-v%
zq;tNiaf<&Ik^PpO`PLhJZ2bpcdo;q|nseJbXWHK&WA;Drjt)n7oMJJ4C#d|x!bY@8
zyoWcB`$QzYjrRGI+5VORtQZ*i6Oc~?i*+pM^N}`)v_mEO5?~|1eoDX^qA%C!tC3dm
zXS4hUVCBG`Az*`e15MDkBW>o-M){fk3oPlih<c&87(;vJK44WN*wYzjn47g-GqZnD
z`d=gJF_N4qV2yu`=rM-b_rHVr4p^~-WdIuhcASLe0-FMMxr7CQRlXkK{%ry)2euQ~
z4H8xZEPph@;#zB1Be1SfGhG|7%)c3QRHkk!AF!ZX91!zf^yt~*XG}p>>)R1EpX#iX
z&HQ2Qp+gGuzl)z?@6moLwEeJH{(--L^e(+WA5oW*%oW1l1&j5o<fyVh{IZC3Zv8%{
zHzCdpSkf1YUn}YRA;0Fmh^lybnP;&DdH$+hF)p;+FrJy+uP${D`qxB69gyNUWCH8|
zFv8;ii?+xE*7|WoT}a=$QW}@~Wb}6)KVpFac^Ae>vlAtX_J^#tPa^6~Ql4$VD*tJm
zXR`axz$*S}w{25eKhjEF(#DV$bV-{*TE0tK`g>UKT+;H8mg$mKinO^dX*Eboa!G4O
z+RT)5S{KqL9nzTohqUo2aqi}(|D9vI+Qjug@YerR_&B(&D`htO9plY^ANu#dux8Je
z?`r3K>%iLz-rvlY?=t6nd%!#Q^RM>36X5Os{HuL$_6JxWroURgRp1?)-uHZItaXBS
z{NEUBvHA1o&K8em0<!je5#e`}EIM3+k+E?gAjW&v1a@9CVvcs*8)EUYZVfHE5zUje
zkQIciCzV*f$J4wo&-0P|FywbZ{%f(xe|%r$2WY%Oe%(jhKIwb+=~?2YSl=08W^ShM
z`aXod^^x$IdiLp9;?3OYW=tb_Wsn!ZeEbf{+Z>a;9d7d2`>!N#hWljtRzDr@+TS<X
z_m%9t1^mjF5%u51f8^8dI_pKwZxLpFl%Vu|$;XTD^X=~WU*?>D75FRv6H!Nr|K(Zu
z*W3Bo`zPR6)QEaN@!z%G>JNI6)gN>i^tGVBo7KOKzDlNN?f)_M2bg!yCfny5PsMV7
z^!V9gA@xIEEAn@_8&Z@uX0dI%1Zt$clYbKHu_wy)&LH<qVE!+_M-!sz^|ATCRJi%S
z&^+XWtk$?F)02Jco-+CAYUh$wCO5EB{@ytF(or^MGd}4l!zVIeeUB=@;$qf-ej4=0
zkd6H?$9iVx)pEh#b-T|c^b@M1yid@-5~KPVOPQ#n65!Rq&x@^&j-4&GNIPV;Bt^L&
zl_LDVfsFv$DCS|eH+iUxBcRRM&s;{@$4>&!1Fqd4+si!RXvAmxpHHFhLXPIk$l`wk
z>jtLXIZ(uWR|UKeIQ4gj_?Oncewt&w$nh^BFPt3ZcSuFu3;@eXiSm1#R{O+eV?ks7
z*r06%?FX~1$FG~`Cg%V08TNyzQQdc+*7g9fCSV^s*!s$3Ti;`5A7>W-8@%~xQGU-^
zG5S{<@J`@K63+I2z}tb#wy-{6UBI-rUPxaY7W~Yg;Bw>LcNYH!X+4*<tH;HpPh9MJ
zhC_K5OeHAI$VZEBPwQJLup2IK=kEy3ll^APCAau8?Pu=)0G?XNk$n~0fsF!_V_9tj
zR-Pu>o$t{qv`4+E-UgB0i*%YRXn$WSd`!lHhk;Z1l+_%kJZ6CJ0iG)5;r}P}Env$<
z9%r+?bgk~&kc;%JIbvM$GL&d#2+;Q<y$b2Sx5kWQw!6M0$?@!wcn8NbYNIyDn4BB6
z`>r{Ump(V0kH*CqWYrxU<u*{uxVTEv^H{ub(3T$*WpQ79DUZkNz8UL{cBk=^_b-Z9
z8kOVvn0<K9w)^n1`|scz0H1dLyjp92;NgR#rWhdYzy>v1McjV_HUjJ%r!l_NS%GEk
z4?cf-RJXlo@@9Z10soPrxa#zluuR<l@pCRuixtQGAA#ind&(rsbzXG|oD<;VAF?{N
za>?T#c=flUdi(%3{(&_~SSJ2gCHSdazIEFy`Utl@HiKqRqgmoiL-|c>G$%RJgh7*a
zh@d&#nPv(!r5eo~XPWeBtS1`H7mqs96o95%qj}evrV=#68co!hrU^94Hw4Y|&NSVi
z$<b&Yb*32vO}R#Mmov>IXqq&dEzUG^{||GrMsuk%O+IKwHJY`~G!>vpI#kdUIny+P
zCQqX|-kGKgG?g07Va_xIplQ))QtUMBJ-&ZKU(1N<_rWEf;NNKa3eh!zt`Bs(?R2|j
zx^1AV{$^C2mg)E#H6LnpZ2bdW0AoUnt+0izqbS_=*NC(r(n`n=^1Me}Vx^n!3H;H;
z@q*%t2etgZ6IHLJGn?Zdak#4_`x|#S#;RfW?Y~G+>a(K!KGmE@EO&l9H%R`{Os^^d
zef|+q^+@`b&mWG(hor>KhlJh#ok4pY6}6pd(ma!mw49?1J%ie#09ZD#9~kW++F#!y
zF}f<y1!ACU0bM!hj<eBKo9MQKu68eU^gW}XYX;rn`u7+<RMSZ7a7bhR|6gJ}9u+m6
z6J-P2CSmNp4P<m5CH657b&K_q-doTVo!pJu5410xq5Az^RK0-qFSmBP-evN9VZX{m
z{M%55;-jPdOxXRr_DpNzlHNmqC%``q{)=t(1_jaBKj`sg*!#c#!F-VuRZq40KFYDd
z)i`T`nNJesmw!xD-9q2{#6y-j!W*#q9=0H_>HH}7tu>dgP~P8AALs?`&VnevAG=uG
zz2jk>cM%g6m+3#CD?2r++ZrXA56CiU9!piB4}x}nY<ky`v&GKXgM0_^?YC3kc=<ug
zx69Qn;;kU>oMQ$3L$lM<*e?cs3+R(54#G_jI*)zRU2<~Cb}Vl#$!mwalDw!|PjlG4
zF7nKC$ysjuSN8po*KlH##ozH=Vf~)X_U~5`m7SocIEB8IR{C=L_k+IVq^SBs>RZP<
zme;CtJvo~VtsU|T(D#m|??24t`^{%egD&4+8KCcnyq1%rJic<`gZms`nZ=`vOH{gl
zWXw^lk5?Fa=uV^$oNCsa!@&B1Y43cJo?8d36>^f;IDEilZwUzX`CgOC9^n3;o<yY?
zvL@W@8Rq(ky6r>Q`6p!M1fpuWC>PCV4ZwOEqk4=*7dz^cPIgop+dILZR1(#FWK8>k
z*UWqVJ)q6FKC0ei%FD9n-(=tOXL=KrI`ADRDw*=l1J-y$l>5|c?V|0GGCdb+-%WK`
z3EDE0aXhy7>Wkgpt7rN@WOXCog^E#@K49a(K6R>tJw_d5(tHfs-Yrq}V|~r@+|2f_
zLO-HB{JumbuRN;99boTY0IO{>>`taUDorjP-2V;qeN9F=sjaJl%`|<rwkDa~;BUDx
zs;-s#^-f^LXGYb&+1j+n+@@4#Q{W4qY3d8c_grJt8C(D2Q6FogYOU8j4{xRA?y+e5
z3h-8+9aXP%e!s@r_GzguZO_g>A*<t}DEH51ZCA?jp}OryT5C;|`&X<qt+AE*8cV0j
znfz2)M+CnwAyFCI5LGwZ`B&|YpV~YK{!+B<0ddlJ@Ko!@E-HUDXi9FB%U`1V%QX={
z(oS=>Uz-p1?Lo5n`!^*2rYOIMz4x{IJh!!*`Tr!MKAWRzmr3Wb&D&c&4xN?xzky%5
z^}kb=PRN>j+gB?K^Zx*U*QTiHJ?SZ6x%I++!P?>i))s86B_%3Bq-k&0IOyv5U4PP(
z`+tC^v_7ie9bosLfi+xZ@2~9rYov8vZBL{9Stin|ux^IPSO4JqV|uG?$fW}5t+rB;
zU*D3b+JR>AeQ=+%Ov~Mo1{axhcZBA|0s6j`;w<7H_ZfS&Ql?uzY*bb$o2#ZlUr`oi
zG3+&ZZ4K69lT=$`lQ6w~Kdk5A`x)`=kog4DW#;*poi~H0^?a<0?4G^M!@LK1kGUky
zlpFaB(pc;S@9@ohp7t%cf41|@cBi?T>U$hA{1->ngDK|5@h<h<7jLTXa+h~|`r^g?
z|75HmbwWQ}a-WDZv7RkolwOYXj4Puo){^fOEqwz^r~N`b(g%^gmC}#CPm0%3tj|+K
z*9p43jY1DUP^K$2(G7rZ=SCs#i=R8nqqSxdbXl8(ynp=MQ6Bwa`=69VWd!p^&|zJ=
zT3TDEje9{m1KMv`?_RO@D#f~#Xn(VbbloZNj<rP9Tis$DcACdmo!h&MBCd8Y731s9
zsP1pc?xO%p{c%+7RP;RN>F*Ci8UKlNPm$e!1$_hPWuM*-VD%QP2Uy*Yjk$*UY(KC@
zV7D6e=Hjop&cRzYz~-c+{n0-lBU_)7&Nt$pBCYgJ``V?oTTrA+Z)qF8=zH{YAEge-
zwV<8b7FB;?eUry|kM(Js=F7E!QVd@%6wmdLY@V5v#h>4Ud`o^7RUeMcCwqgVov1La
zbg|2xkNRv$TB6c^x6sG-nuq5hx3k4I$noD}-q&;kOTEX~*RcH$u%vs;>rNQh+<Rmj
z)|u=Chxz{?EgNa`C~cv$z5f!ky?+;-IntQPo`d}%ct3Pr(~Hu^4lz~Wqb}>m*de^^
z^^iAuueoox02=`&-;wJCHh!=9%x^oeNeearY(~PUUycGx>WH#CTVj1;>l`gmzcgHJ
z*_lI<ANn<DvqZg}E7tZ*;9VU?Td?zQV4WS}tkrWda}cJ#CBV~v9_8;`2&@v=c3^V_
z#^S#M>jU<s(D$~|@%0uj`6+ledy=)Y!NL?FqYLz{o#uM!1=i7N?hk{&+ASFUiMx7*
z5?Ak!JM?Rb{($HwNB=I$V_O{L_cR_@ME|B1rLo`Q=_33={<Ow~{lmYFsu}w?|01e>
zr}#iWC6Z4n$sk{&gqUR9!DPJZAfpq1-~4SXGEQeQ(tc@|F;3$kCK>xP89fd%D9-X-
zG07O*Niudg$f$vg%VUypE0gi72kkQG!uHabWGrSf8XaUzQEY;kWbDUe+~6RC{DQqP
z$r#u{G9Ku*%V>a%zweAi#!XB{vxAI2$oNf6G8Qr!?>NZtVS;IkNk+Wuw-iIhr7_9q
ze~x5SJZzWI0vU^AlCg!!$a0WDahZ;YNydC8Bf&w&T+(@Bk`c#bT(iwCqZ~3`-w}(9
zzTc3H?>WfmfQ)Bil5riA5&yVd#u#M$I3^jVG8r#B$jE|zT@#axFMCPGi#>K3)sRsX
zlZ>5A#wSnOWo(0t@5CfyGn4T*2N{!)@#S-|$T*qF=yi~hm!K#kG0FJ9XGz9A4l?Q?
z<EfZr^fDPKzqZTR2^qJ?Bx4hkG2>7U1^e9#W0G+qld<I~yNn=Y1Y?r%&u2)+T8j)?
zgR9b^&p|JISmA$22dD?O4H%0B2Hm8^6HH6r>MbU{+4GZRefvy00JDFAJ_q{O--$k$
z=J&ji%u;F3*^jhIq^*wAWEGJt79F%GE!R`V<16YCNjI7XPX=@t@=@hF2)lGa5nXOW
z?hBX(vM7a>KkE?42kmo0S!4chhj9Jl7V%BY{|{I?*7=aI)!ac(HQern0(hGbieO7T
z6vC|uL9%F3^x2<6)yZFA-;tzH`PxbTucGQ3di@mBH?e(%Cu}HhMB5MA(ypj_LY$qJ
z-7%GHHItyNdO+-z6t2hkzJdK9us;%i8I^lJmAlwn?s;0dk0aG~7s~w-3O<OEzlx&o
zMiwE8VjaNNL*H=mbK)w<FMTM=@2<?_*Je87yrpr;?55j%YU4~=BS4q^h~ba3#dBUV
zse$u&Q!_oh2Q)#@9G$Gy@qD*BrpV{sMLx$$F4X#!a%iH`gx;^+=|rmswf8zQkk*bg
z<}Y89=3k=u{{Rm^Yv|fEPKtqz0?QX|a66UjHY!((4|#8mXSS1~v{KKXl38iweR(j2
ze?Mf5U}m~P|Nc$*^5T?Y_OICgf+p`bhHoIXUq7(i-xzt{MtQeT`)~EJTRD_%M>5OP
zF!`hefh;s3mnW0`z(5K`|Ifhqea`Hkmk%rznEbv=39zK+%;)Bnz<j{u*o1Y!6ku9B
za;m>=_`a!_=9%xadFI@w9p-<?2*o60;%SnRZIMBHME^I@A5fQj6xX`U^{legB^rnF
zuT52yuf?>6ea`Z)b@+zukntgD9($GX43n|kB7^3`VSK|RzTqBy?wF^~2UPrO%X~=r
z=IpO1-`x>QzR$9Jf8<d1TFCfMOl7}<$vD^|gXXf<Z(;xboZ+7==4C2&rM@#nnJJH*
zpzVFmIEUNf@vOm6Sx94>#_uT7^LL27XV7?KZVGq+xE9}%-G4j``}-YHQ%tZ7V8uJk
z{XQ31aEG}+2M^=&G>pEZT*%Yz+KBaywZXai@)k^C{*R!o+z~aue+jGt*f%6>8?fpf
zh7S(&{{vRFL(E?S8wS=0OpcSX2UvsFHw88Wtl9E?{!H|LOWkB;a(VLpJ0DmJFgaFX
z39$AZ#$KO|e_&m}wD;nupR~_Wly$!ocMPcU=N7y4lPlR+f7?MX8HJ2fVv=zJlX3QT
zyNsDk-aqaa>-FuP5`E4N>T`B5t=98lviUVIG+hy&vjg8wREDuvoWo<vXI{!yEYE%T
z-(t;vQ3aa5-<j*60|~b-Zs+%hsZetkxRl>Nzn%2%Q`_zOKV)R}MPrb08`JN~o^jCs
zv50-~d@M4GnT%5$WK=^&1Txb1D#OcU-1m%q-fjL4`dF}C{lcfrvVM9$@L4R{RKNY;
zZABZj#2NKFgEB36F_!PjXLf+L9p*As;%~;`(C6@7@5awoCeH?}21}UR6fe_)6wjS}
zfhaT<_|+U)q9IT%neSlN*HC}2%Key?^MFE^(q{EjY4d+4mzKTl3ps&(kTbrE<b2yE
zCl8Bq`aa0%Vsa8pa;W|rAZKzgmik}MBrJNtT>o^xt|Kc^=|*Z-k|K1yLI+)s>7_*w
zN2An1)mxC_od->mtg$vF(DSlmLQ#rm2@)3C5*DV=x0PdpYkD=7Z+nq_+nv96*#ASu
z+L&ZCG8q%Ux9_WV9+9Y=yRcpDlJ+HGU~R8N)n7|<@Hnsl+M-Rurh&~2n)SET?<OkK
zgJzp_Ca|eN^BR!{jM_F!!is^Vz8W>XTV4Sy=~Z#2BCuLuS-^HlSQD@@U~-Jkc3`8x
zv>3AN{u8j~-BCRTNeds3p20N#t7x1-XbLT!+q{f_1hhLthAo=-CxDfQqiWE?|B{8D
z+Na<kMR{i^mN{+nOVmDdUb44wBV;@mlZ@k;jQ$txZQOYz>Oai==oBG$1ae1Wl6we~
z`}~XcvSnc5-WHRLp%+O;okQ6Qve93{hEEq^rNHWj__?TtRRNm>=9jQ~U=u@@^ABKq
zhRk|UC$RA$%lU_pC+lDXLY|z*sE~JsRCjan!3(0XjJr}+cTEm;SDsGS2V#+t!epG{
zAfp2^K8eI4<0V%Ag$^>t(kbq3ENyr_li{<-V0W0l2Yq%(_=K@JcB$JOyE)lB9~RNp
z-Lu6E2E{vd^e67>(h_#^lIX4daI4}yG&M1a;vKUyRs79C*-xaqnYrs8Qwq~^$=itB
z2<Y3`dE%d<>fb2+RHPf@6?xrGWxE3(Seoqha@Us-(ss|+Ml#c@NAYb*ubbz%NnpO$
z&Hc`IG<wqO<~c4M*vwze`fbk9T%J6~1&-$Oz9nI0!2Fgxs)1F!ZroX<Z|sC}|IzEh
zH-{R<A9QKI+E=Ol3SM<M|ACBMG08ZJ$)LI1I*xrgiApYHoG5=ku!d1{-Q@tQA2okh
z09f6qc`TLzs~t6u#cE(Rz|N4c24KCT+^0jsT7iuN+axfut91b@{aaN1m*}Ind6wAr
z<m)Y4@}d;%a<dnh%o{XLCLzoBcj2pmEm?gsGr#cl@B3IEkfy~lr!^xJSQoIz36S@r
zJ#n6Ur41?D|A038ji~x_>3b@HZ3jj=F8S6m|0iH$z|y(BEz?uZ3&GxhL)!RQR6RmV
zJ2RPC$k_cCq#cCaz^!^&mhrL#D8T0e{rr3wbm2FnruaU4fQ`Os-V@FM8+p^b=k*_h
z{NFVCGu1&But{L|>G=k^tu)tjjl3tPGM0k2>Mh|v8l*k>W%z(4DJ9H?SEl=!)`M;v
z=;U|aTYwF`W%MuV-~A}urSHdLQ_24e^>3Qntz#q!AG0_n8J~}kj4q1|cK&}X_VXy)
zRl1F>$l3?T;=SL9vvk9SDQDU2ZruJ2c{Trts_(~Xb-G~xgy0?C+kJ(%#V>A2IDJc^
z_q%b)^u{XdTiu|~c{|GAXja5~<iLu7rTDBe%5IBqNq~d^lMqZfn+x*(ko{hq;+e+*
zasG>n`F2e8^D|aIZ@=bn{(Bh3lZi#fDkfv_HTyi&l8g4=6V+p0(K^uyY#5jpFJz0y
zb8fP*-!lJaq<10TZ|e0}ynjN`?cUpbE%Df!4Qk&>@+Uys{=QkiP>zGX3`~ooPcr8M
zYkgnzVY$C&qTbj*Tfl67L>mC@Fle99X_xRZS?al1KSx-Y!tcL=w)}&rdIBFCnYG&e
zSKy7n^Q3aM1Kak2Q7(4>6<9a0*Yv!^nMLke$!UV>$0#G&1INKvIuTW$R}`W5E|Jbh
zN<Eh(vu7(clN2j!`VTN)Oo)5Vr>A9JBJNb>0?+y|s$MC+!LuM)KPM?cTJwkIeL*F#
zt`E)gP93mLU=;$R{F;GH0Aq2*C=k|qK9_X@FZ;;6zHSFr`H?xF0bmUu8S4wP{{b5S
z*34wCV=|flEAYU_hK~@cZ6(?KX|3@ekNl8!oEYbKP+d9eL(o31aNKc{;fM06fUM%l
zsQv~J@+s2Z39m<5!=z|m>D+<R+K^T|DQs|38jF8~w5mz59vN$4P@jirR&KG+IjsMK
zcVtr3Q7yketmL6RKZ){pITUdp6<F;jV&BI7hHmj(?>#ro{{n>lk>5uJO~WU`huEMw
zPorVq51MAsEFqfWH2=+>hP0$V@I2~~w(}EVE9P+mn!sNUetd2}qv-%m?<dARPC>Iq
zqoH}U4>a3BBgH17J>257Y<lNg*9X(+TiE&!`njJ*wfF?ee*X9h?Vfn*35iPnr{eDa
zIcfg$MErm(;EfJ=0q_9}&h#JP{?E9tuU4nkz&bt?KJqjfdP>=%e<>e6OkN9U+NbRK
zbO9f;;PmY~foK0yoU7LB^T8tM1IsW61b3mzUJ_@hBxeHj-JoAh^i^s8^M!ohiCEwN
zX_ub?JpW&@%P#?a@4xKjuL7=oZqK&?c=6|U`ZnOL4)`|UBMx{!@XTpDJ_@|r0iOci
z<AA50g#GNay_{LV1OI2nsZ9%jHv?}ad^4?07>1kaP;(cn6{4vG&6Gyd;7rp5n#zB3
zA8%!opz##yMC|={(2V}uUba5qSznlO>gyxGYk(K%>mqBr#iX}xkX8#C6TW=(@0lon
z@2V~>^J;P4%IrT#o0>77FXRF9e`(zBVfG(jC0`n6e*ye$1k;UQ#<D+s=N-}so_oi^
z{sFnZFQcZnj<y3U1-4AeYXW(7$CTI8EU)_<@=E<7`s0^kPEt(%gDbfMA%=m%=aEal
z6#K<FzD=ER3H~I{rfmOyo=v&_WY4C2e~NcgpW;vTZW>Vh`+GNq6@Qv{(}?1q<J~l-
z_~X5s_9%XzchjWePw;M<R{UP?rp7pboOe@moL}*7YK`-IyqntNuyclVzu&v5JC4sI
zJwN32@eZ|XQQAnHcmFsxk$8TStnEXFK@<Lu`K)ITu+jgR?I<(A_WUPmdf&!>GW367
zrxS1$j~m3^qXeFzq8(&?b<u6!7T=b5@3)v*S(s9Se-&~51^OIiSnX95p|=&GPhXxa
zx?M1tKi|jfsZF5m1FiNh+*Z=9Nr%extd?{r@T4zfdd-5AG94G^mjjev+_3r?$uN9C
zxWB|!{lJYm6VT5^%*tD2@{LG61@!?L^7&dOuyJ6ru8{{!@eG^BL@}@oU~=E70G17G
zj)c_$%L1mwNTND#0u}(q=A#-4q0Duy4&cqenau!G!bWkpN#8sAJw<sqVK@eT`>!8T
ze}C(JyUw0@G~K<5MaJDs#(NGjsvu)sOft%ujKvdn8QqX^a!fJ~W-`8Jk-^@7Do9iY
z(N0J4y7E&Ul3jAFfVW?_e#TemaK^VZE#N&M&dD*un@X_d#Tx9#Ngprx5!OfFFpHNX
z&9O_-Z&&L5b8(7@v~S#ntpi_e{4kHrrSP++W?&7#nsvR?$*)D6bp)0<9$PF-@qF&)
z?LzfDfjqiV&mIRqsbE@Qwd@vv38h8e7HIu0_tZqCE^(OMd*U({O1=ew#j=d~DV{bb
z8SU8ge{H|v7;K*lK4w14AKB;XUX)`7<;ao7)*!I-q+#`!0;9Zq$0*8M!1lf_y!H|0
z^=pT`vQESL2pQTQg!bMQkb645AybpPmvgdY_9dH4(n)qBWLHULCaeuuCS=R;l)Hg7
z0F&3(F_hu@6Jj|-j(mg8kgq-1eukWNtfIV-97|jLi+#b3A32==LPmQ`GM;2I);P%6
z1{s&eB%_AOIMzYNBxEd%Nyd>(Mzci*^Z%KbsQl>Ic6D<0bLcUrbLbNA?m?g2AjLAS
z1QtZQX*M?Y{v)tHVA@)&(Y62|(8h(pI)M!XOO*Jx0}BJ&PvU3s&jf$F1s?}qih5aL
z!DoO|yPaUc=gvp@l8rS_!*hU-0Dsnk2Z1-H4C^tx=?|@g6~L!~-%P;iX@1)4EJ*Pb
zYx}JRq*te!zk~SNfL8)vPr%YN|61n%R;S-p*^cxcq&G=?EFKH+?EQ!NzKiJ`3)6D1
zOBSx2o`5z7>)#LhcF<oc$)R~-?gH$GfJZ3s0(SYH9>YGHi?r>>4Xc0uu0r}(spq#m
zjq)!+T7CJj`fIO|f35edI9`G!DV_(C#gZVtAM{BT!@9jwD_0wE1$eQ?jBf*;fA+9?
zaGV+M2Od~A%;O77_$bM*H2RK)Pm%meLod<r)F9exoxNXX1v$NJH_Hb$16s|8kJ_yy
z$n!f`)c;n`a=pGY@wY~#U#qtdxpmbfvr{8sqi6+9Ri#-6>jG9;Y2-!i&<m`_AurNB
zhmlr`G_vPN{%>rZyGFYA#Lg`X6O}g5UMXmABmF?wb%Vm5Qe|_LJk#a?7&IR?Fq?4&
zWcNb$uN`Cyn{j|FiY88IrHd@Gw0hVEdD-U-tJPB7^Z{!EwnV~)f%TnZj8mrn1FJcA
zShu+`{h!JQtW3iE3$edAZ&<&}$>Q+>s|3c*>=#QmPHqp??Ejt;{g?SEE9l;$kXZ%(
zN$`J9%BLP!YSpm*mMqP^Ex_`DY42```U;wSF9WuN9&Y~w?_iZt5A6OMu%z|F{Op|X
zSwy)n)JwWp>~oWfuzv-u9A6>>SUa$L_3{|Lpha4Ft~VEl?5$<sQ_dIlwZ!b(ev#z+
z=c#9xJ6ZnC;ORKunA6z%7r@dl7}noZme0LJ->mdJ?riHD0q-{O{#_b>6Ts@Lht(j>
zE8ZvKm^FO`=C5VwzDdDd)YksuM5XH@tRZGU=3<M_(`U)%^^e?>*&195eqYV7dR($H
z%lb(jf3scPUdZhs^hdw5$IguD67Sad7T;|wwwzzIZ)Z+Bx4VnH2a)%{mBZ>U%r+0|
zr<dvtzA)uV{bwu+A*lnCO#h-pC2!L(k1=Pmv3s`bq(PzogEpytn8$B5<{9L78AwY+
z_Y_-LZdzyGSGS1bB@A=_Ts9A0$aZ!m;w+N%%XZKVf+j8A_ASfF_9lw#4aVueVdl6t
znXY(h{hH!vjX_S^HN)!l3CiC5<*7HJp7MhZE>xZY#~sJ%EK3Itc0NPjQMnlXY0I$s
zQk-I&i=};eF+a8_5x<<l6AF2Ku=md)C+9|dN4#B*_u@Fcj?tv$yhgYop4R1Y@HXBu
z%-?Qb!Fqiot8l7Hs<v8;L-q~`_QN2Vy9DcL%dq-Ef=eF`vN5ond&^5^fA9Hm7RSG0
zvNu>p$~iW~^O^-(oI>kI2g=cX=dk*=dHxAX<3HfJ**5;Mpk^;Nd-03+uOYAaC&TI~
z`u!AFf4arcY$hFBHptI;^Ggzyf}alaSZ(X6?l47M$*nu6OBR5Q#$+Yv+CcZZK1K{b
zXc|<FW?%F={JPjM*6{mjU67IcGt|SWd+oy%yTDWDvOD%Z<3-9MhtBG)N_9(l#?5!o
zyTRkgQ<CD@<>)+ENcSroGx7Y&g~6Ljd6d{vic`F&#Jlli#X0gI<$AZ2^IQtHulU*j
zWBFch+<!@uYYyuFItMr0^Vt77gU|k3b>yKsDz>F8N%1cCx-18tDz{Equ&)*F4LA=x
zq~uY`5|@tYhP!p-*y*vgyV<Qssjj2(P`AQ*H@NcL=y9z1LZ-V6F30{YG|b-<ll>L~
zwDUClbSjZN4ceCQuzK=-_BAf3uW{#NDOn`tvoysU^(0%BHm}DAtjx4X(3)Mb0{i>F
z46BR0F6$TcXK$g^WoCW~tyS$S$p36uz1ch4oG;GdYdyV=lQh1SWQ{{s-y6f~`wr_~
zA;}8LwpGt_j<V)+e~;Xi<li)`Ug9y;G4XBE>v##zw*s`?<HOvC*|LAo_Lhq*d&^}h
zo+fjBC=ULV_x|R*MCDM;pOW?*v?k9WuiGge=+LTovp-M~`2#K4lIXqA%TH>Q9J|c*
zhRoCizbS%@i2H%RuYbFp*#UeFtC%U0@(z|ID*pF})dw7OJXDPL=s0<iUywrQ8TH_4
z`CwS37|O~SdixeS+q=DfJq}K>`GzT7?sZ%S#hzdc`3!%AJ@a1fWmd9#nU*^~^SCce
z)++4hCWlor`H&s!bnW~fc>3h9DXu)>Wx)Locn$C*3(ow1gnZNeFJLnto3U-craw09
zAZ-5+%r|MajSP$YnXgze^@DOf_Sz)UvK-Rb`PUhViZ`=ek0noiq({(aP%N>Ztc<tp
zMMBcPO4_^Wed>j|dY|I2Ku|r<IQrvZ?dl@xM@v?+>R|o`XOMr&FpC53D_R+^>x<m?
z>Q}m6U+9?EDsx^fdS2aHUh0Z?tu3aJSHUOZyr`6)bCS$X;ANk1JAiL|h4@}iQL=Ow
zy&p8KpK!aWuOBp({AF<(r(<W3KgzIr7Nu=N8r@YF7ns=@#Og$4O5<%sdWFH;g0%80
z+BM%QKl2NnmtwR((x*Q$`VW=2Psm#@+H4DXbMZ|8+dI*`Fb<l)r`S6QxmPhe>^kOo
zvP?MBG5cRR=BrP|xm1w75X$>M@SabFT@ZMQuy+>#?*%T$X(|P_{Zn%vtpe8fsktxL
z1KTNKR5vX`p4Fzu?*9vVYZ}Sw7xLpIStGO1PdU&ht#PN%T4SbX_D?}C-*qloW3P|O
zHM~AFI%fZ0!|U@<QJ>m7B`tzq#%X@-68UR!v90k9&bHj=rG7C2p488Vc`WNy=u3;!
zlGdd87t8l!>5s+E!hFK0Fa9>8-Sk#z_L-13C3FiKjqBOg*-cKSCg*BN4y}o`kkbS?
zTg126?5(ttR@m>VTTP-Y{x4(=KvpBkD!~|L=LAcV{~vAF16OBN{$DP4;|hqRlxUPx
zq-3-xsZdebc7e;rCUb1VjXB)Vp<|Odbj&eDhZ|0Gq?nkfsF+lkRHT@cq?D9YR9v_y
z6+gqIpHx_=sObCqKIfeGz32URxorOS`5^dx{+#EW_xyRzInOzV{FJRMqj{K)@jOlA
z=f9r}+QQyHguLgiA^q;$JE*TQ`6sl4X<lEWxp_Zi2O#?pjkmvFy=dM&+vy0`e{3C#
z<uNv6@ogss`!c$jQod3_AB$6wA6jN}?^vym#ig4t-n}=(`@1dNE~hcCQsL!jO8Z19
z?MivwEm5TL)6<*P4$^<pYJDhU`wd9D{XO3H8O_V@W;E%4A}*+(y&FY+)X7?2USG9H
zYdb9^QA+iD!B`2xI)OC-lg}sj0c(6O*gvuLPhc$?pTMSoHJkJ)o6$ZceQf^=Sf`|q
zeo>oB1Ktgs?wI6##8y_<wEHR8`=6V6`FjP=L3%%3_;3}VdEOt=?{}2fw^{oKJ@b9B
zhRyWz_4hX5mB2e$Ba+A8O)MgYM&B2H<>Lcvi5wXt?zpgNpTrt3^3{4;v-(A;OcE|b
z{*j&>kDLl@?0sIZG%O2P;+)a<C<K-=XYEIs{{vd;oN?cY`9HvufwxOoGq4_D^7()c
zV1YT~x9<fuG-n(~hJXzMTcUr1jnUfq51X=J>wXEMES^hj*568|fArnDs66KQxaeNH
zlGW>c@y*%(D&&6xIjS%2<tud`qht%}+nm+ks{-CQC*oa1-K+=JV!~R0wVTSf6Iho`
z`Ih2m0JLt<zHW>m$+4a1l(LmuYpjSj=4#t+%FAQP(@W9*J`nq5hWXD1Y5H?OtC#%!
zH^_{CAnLWL-fR8r<)&_Sd5qUQ4bsc6OX!ow*?wSS9}F4JCXE3LNEq{ffen3NUq53n
z=ltwlk<HxCXX8I`<wN6l$OIPqp;ZsN{~5G+(B4uMdA=F^4)S_sq3Z^xbynJ|YlW^p
z=-RtDlrAw3ZjEsL%J$>s$3#9I5!W8!jq8lKg8god;CJ;ZTceZ-w_iP^&y7RWnc9fR
zJ0onZU8%K6=5NC0<S4)TS(-Ck<Xa@o3AJ@!)~;fa_MIPZW^n`VFZ;;XPCw{A1kYXc
z|Dbz3el;L{(@tPRz~nP{eZU5RX?29YK>*kQu$%Qdx6Hbic(JL{t&H)R{S4{@Q!p`(
zKf$lRn<D3h_Roapl@}8XCuDLZkn=(AVjH;{IV4fryb$?mf?VkdeuKZ<4y**2c1D`Y
zxd&J=u;5s;nH?6}z&!iqy1ohU)q+p!huD48+bEvM&*MDp{jl`i#@m3HTzVPWKjb!q
zkh{SoN8h6yay^iX)B7gV8ceWFtfc7pJ8i33UJQHx2fAvb{d_(i+*8P7cQE7!<8j8o
zS05cLM|K}GusUG>)!VJ;zXl_u4Zd8q|Iz{8;uxeuXHcKa5k8(*Zy!E$`{PmlHg>PD
z^YI>A6!e2?oqW9MlbhN375A1L_W8&z?-dlE;#XgGk?*J3mE&aBO7!*iW{EW|lU*lD
zc9qIzkxlG85p1G3X!jXGn*y*YE8eft<*V*58f;?sh^;V}m6J^(&W2)`X0&u-a`YjT
z){eYaqP?H&S6`z0+)v4w&-eDmWtTY&X^~%va@gImDVMh*gXNNKS1vuU*G+xikG;%Z
z>f@$i>&$6>_SS^^1>o0WF2)Z-a-RboXZ<P7%%@>;xv-1s>h>t5;B>#bm&)_|-VlB~
zvUj6(>54jJn>>8QkO#@P*Ye<jE!1}0E4{iOo>CsAWGDIc@s{0x5Bsu`cpG$|<(2z*
zYKQVtjon(!cU{t2%^_*6ruk%%{wvG%^xKfWg0!^zhp1eAz+!>Xx`+E|@UCX_<>ln9
zGyfm-6415tlFa`HR-F{=L#f_20;>Xc3AORs<(9gXYa9c;afNW4Z7Z(NuFm`-BACxY
zyE@bTv1aa9p2YLZ;%%-%d7pv4nd*|dY>|2GSe)}}jBrhu1~9Lk4Hrl@G)5d;bjaNh
zd56}=kPRzf1I6aJzrRc`^TexBzR7+b8+a9;$E5+w1jgn7`83{?vPFPmE&dVo^5kHD
zOa8?)@=^wDgz~awnSDKGdkv9!5vC3Gf|%Wwt#X_EZB~N$OSh}jP4Uev#>pMS^T+Og
zgsmN)@v9FLAkG{lyYiz&_rE_{1bVQ$3U)*(>7VuUyS&)^>vEQFdNn5-&=7Q$g8oO!
z<BLlzc?|BSL>`TZHb<CqJITk%hMjarl>6SL`gdqW+7q7>X)D~%_X0~!@vHaKyMH%<
zcco4L=au&IOC$SSwtE`dlDeUr=jT7+Z~pP5W_Ayrd(Tq6+|nze6mP1Zzb$N9i`vGc
zPxSt?1ia<o&Cq#+{!fJzhe!QgB6w@S8$tcu`GzvgF_s}+K^b8atG|rR?`BXYE|lXD
z_Pv+t;|7&q4bn(G+ppdpPxm4(6>WXB^O{X#MCAJ?IqfVdc6%s)_+YWz*6hdhDU@pq
z+4oMiK3A;Y8Koqh=U1sd(fn_(SQBmq?mdt9bJWL`#d$8{w`_>_mO*a<o$d*BKbvjw
zwY3xaqN*t=R+~R1*_^ET-w7grW3Y7#>AogtYsN10$LEXwSgcdhHynd49^gl)9c;)B
z(GDE$R1@c<n@)yLk964@{8>C*`nDZNH#5u6&#JO^$RA>0?@fSK0~*cU+@9=^;}LuR
z5&R7fy4pY+)O7V<G_Nl2HJFcrza*&ZVoldHbfsJ%bk)zVs}Z^~F0j{?1zNSH%NJS~
z#fVmbzaIRHXpQo$i$eHGVlG-5Ibk2|k{jc&E9%wOl6}#1bg7x0;c~xmA^T=z!!&G2
zSmsy#Zh_Bl!>GLt`RrP?P&N#}hPyNyete-mo>o;xDV4c?{;ukeFBIjrGT27i^rG{{
ztThxPukY{;CgS)x3-=ut>ibm#(Cf()KG1;+Lw*nT#=;30@8g7jvo2^~!fyEUnteG7
zw{Iwtj&lq9&IsC90loE_eJ9OtU;7EvoP~X_U$98)H@l#x5_*nOJsP=S{%=?t5qXx&
z_FJvgY>q#X-Xv*e<FEVaU|Px7qCYDTX+8bXq*a5oJ{>30y7vOT+#8Tq_ZrMuG@SWa
z`T9D6>&Gaf95L}+tN)$j(2x4xk@`{1$<q4KY^2Z5+U8%Nf1lVr=+7<@-{;&5=KVhG
z4q)y3d@PucBIrrJMC2o4VfkR~20#5L3j1Ek((UVj-hR!#m$K%yZxX+oPZah&nx)ST
z%c`Q3PUsm5dA2QIn?px_)~OQ``Sn6yc9EaOF}jy$S^Q&t@21t{9<PY89sk~5EcuVZ
zJ=VTkAhwzJxBop~FPA=~udMg;J>GwxZz>mxP!ARi+aE*ydp=f_%S%B$vDZZ@iR(rA
zK5N!v^ZlXch^FW6^Ml|2I&RN<H0~Ze-?==@_d<yAHUV<Ww0v#~+SdWS?HfcsH_V^U
zN!XXB*>_G*&kXeRZV>tW-2C}WkE1uLgr4`$3y%NSb9>mD6(1Xy>f=9XV;jWS`1|wb
zAOFEW<)Et#wB%x;>u6|QRQ^NYPcIhramRTJs*lXyp?)Gpl>hSc^zWLs7xiPKpT8Y;
zk!FW47(ZPkjSI`I<H8jB^M6H)aUtP6{d?3wZ{bGqJ=~%5$L<(73H3Kxe2=knb^8XO
zCv&5ycfUV(!S#;b1i2wv<oofU-jr(iQ=3G-A3b-$`JR9uP^9I%`dmHVHPD+_BJy2+
z?!5W#Mut<hd}p7l&&e|O(fKUDAr8X_Yz{VmlK_1_xs;!6TFKY6D!@|>xs!FC0)36P
z9<&<J<UNKKVD%3C-Jms?_y>SBJMd3})?(tH1J>@qpLhf2$0q(XVBI$SEdQYOl+2TV
z@MLaw$UkUVn@#x#=5yfh2CcxvKLD)QfqxRT5)=O%uyPxIsw?fFRe(ls*1HS7A=j0a
zammGo2P#;dgOXT}s4FSo(EF^?{ZUF8^qeNrIOy7-$F$V!=jq$gn)mbc?Py(~Roc+f
zM0!=4-ECi=*X|Y+NLiGyyXNb<-HA2M>1Wi~r_c6(Yk2y0v<lFwLCYZ;=7IaAee-(I
zIzaOY+Ktj3ByFILgC^fa*bQt9n7rRN04!j_#(@n1TP$HSzy?kFJO`qb0TY%4tlxyC
z1M4$kUSPdiJrY>4jlK$@Pv)yV!0nUynhtRLWWM$TJijtu&jFranQsu-go$tB053n8
zZx+~;i7)oXC}q;bmkeyi#FqhV+QjDrHfQ210XA#ms|4o0%*a;<Ou5X+*9<Hc*t61E
z>JDJtTZ~vQu(HejhIq3fV3j6p5?GB1n*&yF!s2hj{KJH$0Bbd2nZP<sSOKtZ6IKeW
z&xBP08@$}u7u5qByWH9r5v>ihaR*v2XcG>!G0-L*XtSVAInWYn@qHa=>7dOx&<a4C
zb)c1lHs?UA15Md#-*2~q=H6;7t1e*i4*Y|lC7AdpfF(QdD>p|eDJK2|VCgpev>ulZ
zS_Wu;BpSQllHK*68*>%EudWdE8PFF=b+qheI{)hD@6-#d`er(>>Q{d*Fj_Bd09Jj4
zpTDy%$JrKAv|TWMpY?wv58h!(egIhWm40=fQJ&)ex5=+6QtaC-c&EVIL%jC;<AttU
ztnZwVY{o5UU)%lsUa)00=XCQSyVEM04E9RMPCzzKoY6e!S{0Yh)^o`?AG;5z2|V#v
z`PGAZ%yy2x4!l%aLoB2nTk|roc$Xmn9VJ)$)jud&I^>8xq$R`O2mnvw4!?TNyy<+$
znvQrIC;K4kTZLbL2a4)X(Ls8T-LLNEbtK!hJsAI63EGSejn;A-Kr7zqSJxQtXAv<I
z*{;{4=>^^3YA)ro7czCb#JAA%Ssg7-gtB@u0iO74{5*clSg(Rtfr<Mp<Ll7>f%j)d
z-c{hO(Rr8iyk~(owbHMy5_xCq(ZI@pr5euyEY<Fs{DmB=D(<JOgG}k}@bgV}c0;D&
z+WG4`mC*!v$HCjL1odaTz7?$<FeM((t<bl}ufAyDxrg(JHj@UP%&LXA8PZ=4*&fJl
z(Ca-NYxss<?}?`YJhRt1^RW1@Tj_kVpP#3s+;;HCp=h0DfaF12X<Lq|t`AU-xxsQQ
zk^h(Ct%5i8@Nb!P2>Po1>K%&VTk7|QUT2CsX5Sw&Mf(;eQwNz&$ULUYcn#m*@Lo|q
zm+6K~+6@bnnSx9^WV#(>s!cNV&65wKy!ZRncbxh<>K>}CF~aQrOUTYb_6)skZq~=V
zYS88!XicCgHTJYl(A+jOTGtu?%>&v|UN>lLTFu6$9W2N{SBsmT0bga!{NoJqCfCD%
z34^y1<O1*}9`LKXjQwdY^{08kbJO4AN1k$6j3Dc==@MCryONgl_nG#BDN2f@bU=)G
zy+||RMn8{@586lPm&?t0nF4P)cyF@u?lAKv-iG!H-n)#v)DP~Ld1>Fv3*Pjbj(xnM
zf7G8gKu>jTaQ~d`{{gE4wp{<-W$Zrfm12Le7xcCe^l{LK40PJNULB*oWv3iLeY)A0
zW&$wfW@nulpr?nR7lB@SvwfPh#_tBb5%ho1-|?x7q%t$@6S{6SZI>^nOA^dyv?wO1
z7&_B#@vAq|TGXG;lJ^brZDJ+qn@`%VGW%leFIPi4WP2~t@gDT6qh$M`vqITkZ3$j*
zusz{+%m<+JDzZJ_YP)4WztHuHL)cPC+iQ?cpw6%6Q#x~JE^@A`uHRS=c{<oW2%ST>
z`qkf(&R?AwM!7pL?>iY!wr4g(DOra_ow@1EkEG5tKxY6t50UN5!m*v*iLl^0GlO)L
z+eDpt>+>H;o$=iPe+4>slkMG~52w!j?O5teC(>y<BI?YJ&wnI!#(gK|)3^IoKk59M
z)pnaYbM`{(4EaM9NGI_Q__7oy_^%ZEy~JP{t&S^=T({UE9kw6z1(f^Dy=p7v;guA9
ze`^ToR5tlldT-Y~U`Qv&CY^$~%E<c`IoNFz-*n)W#nO2kn;5bp*hId)yCY~*`Ozq4
z?Aw0zR@#$zVBWk_T-zt?<J!E;?;JZ*QCg4=TPNI*qQ}*+^{+-`{DI(_4vhiDz~)-~
z{617K4fSy0Q|Z8SoQJULdFaja(7WfM2SU)<`j?<<HfQ4}_M7n6fCb+q&XMLWrR8zu
zxp9@ban-a*xg)N0n`v6Y@?8iWWhjf!iF8+)(yau&>H*XG7qH3)jB7;Az-mlo+5xQk
z0p~mq%tN1=haP)ZXnI-*I$Qq|bh%7R@8bDAo-%ENj`0Wl+S!=Id{er8f-aY70N9vR
zrWAKo18njEzGmXS|1+jD^0{{`%4t~aJs9QMy(HO{Egp`riShd9$m03W$=AMlFOTcY
z`phCN{W+xXd(f{A5uRp~zK^G0A*Ijm2gXmXrtgDfeLt(<Zj4{hNB4%i|Ct;-FHQ5U
zQo2}AY-laDJum(FU_RnX<rv)Q>3i9^7I%9vt!|_h`;bVhIdod2hvoylnx4HuJxUYW
z2lUWeGVblk!7^CZ5a~PUu2>Skd5N-<XWnM7e)q7U?A<8)NIk})d|H&zr-SKLBE2Rp
zy|~cnv9r1O`MRd(pJ(X%A*uI7DN_%L^#)8#u8j`9^WX)ou+^Sc3R)Lv)F;z9^Fz#6
zE?|9X4QP`Nv}Vwf9u{$6jJAiJHDv3bpp`n%20?2B9G!POTkqS)jiM;Ns--BZindl!
z)Gpd;sVZuZm^EV5o)KG1t=g1Ov$gk3qE&mvj2*R!*n%XIC%@;foY#3JCpjngea?Md
z*XQ%Ts$Q2FZYz{MRHl<3YgtiMwbj+8teObVU@}7rV0Y5PWYPDGnapO2)DtmqV@)9N
zu1>+U%HttS(#-y^gKJe|;j$DtWh42r^k!<gprHL=Nj}eHZCbbf@C+KWRXZatZqjp+
zz~TS;GR5+bK7w-SPT3LJsy=;X?4FlgMt-gYYS81TPL|WggX@<vuL51r8wJQPE49-a
zXP?YW$%m^@-@{X&5?{;ldxe3KEP(20U=&YuJ<nW0W^_Sj#PaP3E5`PYrR-&fAl7X|
zwV=AU2ZC4p+iUhD|Gb?+&>hI#?I}lp_0a35BK^i7bm|XMzoMt7%Gn$tThN$SVb5|Z
zw(_%@#~)nLaL)>)Jrj!B<Gm<Wp?x1Djbg(E{XrVDfZ)Lz+a37SAW?ORQ$e2#!?@f6
zFuCC^*<+Qkj<-A+_+%@t{ha`uK+=GsRSzq4Q(>LtJc&n*L=sf@{Tb$ANy}ubusKVm
z=AZJ)i7;RPxFf0K)Qs89+n#gPT7e_tnW!NX+O`QkhBj3QZ^qpY4;HU{zTaa74fk{*
zyzf*1o`b?Wxe>7EnFyp80aw4Dq(2YAR<NYPa=Rz|3qelBnLEHRm9YkOz{t@~5l)U4
zw4r)laZ7i5Ik+7}kjqnAzU4Nj&3{?U{*@yqg!pHD4%Crc10Jo}FKj-00}PGWGKGd%
znZ8L$!KTFQ5%^Ah&lx~9`F<9-St5!04j61xdEV3|^p>n#^kkc1c76M2Hc;A{(%S7>
zt#32+Fu8(sRTFAu%_a46ELK7TRl+D0ITr8xO^z)Rl%b1m2-$9Iejl68*WmExm?#*B
zmLekVrb5C)ydcR3=2=P$9wGk``y{S*#U6lbgdmK3`%d;M#?ReP60}#(j~A+{ivS{X
zJof3y7<@VanqluRKe&9){>092vPQ`WqIeIzb6%13%D}?!$6aIKXOD%OZc2y0dS*U+
zXIdbI*0g__2o=>kXsF;-Cy^_R|3){1ti{Nh+o5kiRjFhz`&Kx~T>=JsLUeyU-y?;W
z?dpyyi4v)m29p6gnG?A*8P`M&{@9vJs#5wDMhQ}rQzzB-#<aCFg)8|2NoVaJlFshu
z+a4BQYMe}kl`TkMdwlad<aJfHoJ&qM)lW{tg+XaGH8evjvR1Sr&&D1E^ja~Gu;HKJ
zlIqCqI=6CZ^L-8jNH=rJt}6|;0zi}2Cs(w&6?~=V&ooXN!-T!3z8eYXYNy#q1PGBo
zC{39^BMI~4T6dN`4B!oi<1!IS&MVnG49Bx`7T5Eu{~?qNlMwi_%}!O96=z!Aq>_-Y
zO3EwFq0=?5Ui8bhc;-rMDy^+J2a7#T!jC^J@s{fEp2Sh=YA*sa81n1n)K6}O^_`z1
zoDCx!g`!5DlH93uF=-I^?Y@b@f5GlM)xu{B`7|C90ZXJTNajR7l}Aet?BJxaN5waU
zn{Ww_-W;INE#uc&4UEg|aTzBrY+t>0<dr4S=&nFQiJL`97-OrKk<26bT(u!wCInRl
z{Q&O(38tk17d)Q6;)tlB4`I>g>sY;oKk2AvG2jd=oQy77S8P^C{e@rcfnJ`!DeFhy
z)o#K!i>Gt^%s5h+IlnVM)(C(r#`M4`D`-ohmapuz1j%qk9epVK`NGC)Pe${Sj^30h
zhATJJyZ#Q;Df-~;IMI%^HozJzl<S{=*S4zVUUl;P)4UGpsxxU4N6>tsa2$c)@oZc2
z`@f{hrgLME<kOk75IW)t__9qX_X-Of0fHK>Qg39ZajFKdbzQCYtsj>$tfy0(m=d@z
zhPp@&P$kpbwwFICs<;{-{^D){i~gP4-yq~)!%oCrSzR|Lh1|V5G7pu>+<mG@8g^GR
zFNMA|rwF=SScTmbBStJuMpaJ8t@D#ALyaTlcJfx1cyP+M29P^7FY7Mk4g*p2`B29#
zK$rvd$$J=X4YRgy{Nsm;V}f>nObE~Vnqy#R0-hKU55WkiD#l`VhE4rHwK82HQn1y4
z1P8o2Ew_nllx{;|-!iRkaGKP4b?ra(NTy4B4d%Jp?{kOwd1QkgV}ZaC=%T(@KwRYo
z)X|M(JB6IYphZv;F5$3Uc{omX2Y>Pgi}O0gsc-#~@Sf-!RRzmwy}5d_?Y)h9w&ZI9
z6Ui79IO;f6fdEEI8$IM7{hc#Kn!npn+oAaY4`NXS2Y+(_j7)LZa@`FyDnH)7hZl&M
zCd<rCV~?#jaw|qyq%k#gW`iL|^4lkEG1IDg3!#Femz}R$>IQ2s$IgGGJ?bCypS?wq
zd#x9@TiRNSb8!ilP8LbHyLsjHY54D~{x6hy4*`5=7@4#mr}j_2rGak_dGzyO9RI0%
zSN}15a#g*lfwRmng9vIQz3dhx_FpBj<t@ymVr4(5FGEdc5#F}teptS;plKSOBfaij
zy@~Npw$Ctof8U=CF0q!}3W}NI&e+#s#(l-Og3A47=s=UgH!9%G%?-KhSuY<anH|c$
zWT|+R)@=Kb<s=k~`aT#rQIWuD#FESmb|oKY>itH_;WenEOl7qIsHzT&z9E0S<QAg3
z_%knE4RG+Kdsnx-QX;`}{lAuseOz->UJr@lOl)*^w7oz=@m*s>s$I9cqab3MM-Hs0
zO@X?1F*t{N{?!itUtq*#^<jx?zSXrr!B7*o`<LvIok{E7uS03pRox^|*DfcLzMR%1
z)ip{gU-e**HIhA)0!^T~>&AWk=xbIQxH9vNxpVN%v-32YGqG>F3E4HE@pIJOUn=CE
zh3?bq8%WBHZ{8k4o^3c`fd1v!^ocLH(B0bgAv6Xp?~UiuoHzW^tt7s2wEf<{Fr+(#
zV^IG{<v|HDaK1K(Z>L;xyI*FB)4Mv4nVm$zQwO<ahcp9niu&yB#=sgMNc#1>l5pC4
zjOX9=|5m3H7{>JAi|pAD+aGs>yyTP6$3D5X=X{Yh*FyZfD>xBBYPlZn)0D8kx-2Jc
z)AGW1&lg>oaf4%bK05L)Ht;SeWex?hdv3a^s^i1HE4AzrS(kL54j<Uww%h1R+7A6;
z<JS`B?4B+Gy<C6R5_jd9HgO{`(0!Ud&#h~A(FMAdwPn<RNIlE8kqMu-uaD$iTin&c
z%eH+TscN?Y?rp_zJZ<?E{#Mm~cJY_A%W|8czH!>>8_woD^D_<On@+CohPQn!yhVPc
zp1lU%z?tmTqMuaMR$O$?s9=1BcH<R(XL@aZGV!jIJf!VXMBN>_V*ASH$i%&Af=SMc
z6wS2*`5#4WnWQH3g^g;P@-;t;I^fu8Mt9F%dd$jXD-3U$(8T9~RAc3hXx2O6_gtUZ
zd0s~)LAPxelKj;B5Oduji89db)-97k13j%*^R+nso#0V5$oRRp6J3bwZZzzR1XHX`
z-!Dp!lW#U>wptyode>39d^=*~N!kPoG`Zs4dFHS83<e<2&(B~k;-zuSbXD;f&##a(
zvO2V|_ox20_T}yq#q)Jy_CnzIph1OqJ$^;ti(j7KccWminm84FkiQ8?wh3yx{rH(<
zC`y7i#9`~RywR^nDF3EObh7TiolWwT)a0Esd&TBc4AvR0vx>7gybHX3JPBZvRl39Z
zBTv4@;ekpdaT9Hu*d%gHKA8<fX8M<-@Kei`0uM?c=TFs_q!9N2?@Ib&%i!f&oME%a
zE`v;8(Bx00htQmp*y)bfeUsIn=1tAYkIQ3V;gvSNV&(u()4}eKiRoOw^3DtbEuK^o
zvv!9s#kb^*8k+J9mE$jaqkH`_u2-(BkB@%5|Hs`Cnw;DEiRfp<1Z!jLxx1yv%9wBG
ztDz#s4ZA&na!QsPts8C3ghYpQ>!%P)STkg0QFlcegtc}|Wh<9;j{)QBZkr~MCWxJ(
zhRT4*rb!)ZpK{-BEG+!HjZ6Ze%~SBZ{0!_prh@3Gr=@8X;4LZ<U=HdgR1RUZ%H=bV
z&WSH~5;p9JY6@CR3d7!&)9>v5QTSXK#nqv?XQWKFXVXu;hglf@&dOA^b4dA}X~_De
z*XbBioK)U)+wHIbJac>ePkwmIcto{tkP4u9@z->DJ&*9_)~nnH!A2|%c*i9Uem4(`
zke|=^HexKKoJ6sQq9fJ5zwvOItG6i}SRzxcD8Il-!%1&}1JD_IT*zOgg@|ixw7Nii
z%a|D2@iL?Ddh9mw!*7-mWLR*OdWyM1xViUfH~GI|F+U*Gec1wC1jm=)KkN8=+`iKK
zF82(h(elw;*fsY#&hI?_Mwsl*^W1B0gW;P*nqCiXvy9gsuZ9jle4-EGdsV)KMuPsj
z-2z>Z%CD4<-91?B)9{(?=jdxy12Mh(s+3inPcPjGp1;B0qDHP?9phE<x7w7me~2G^
z+yA&j1r~PlOpEQ?GP#;quH?E_#q=}-UgZ5Fv}yt)2Ffq<NK6nSav?sd;alxB1)lix
zBZbkn=KuyGU%j8SaEl|33VnL#G`;y~9{|kU&AEHPyC4i3yTI?^YcKgG9*6M+(~~Cg
z?#>}&llc353dz$(kmS>h8lyBA$BWL*^EN9#;u=jO<d02vhn{cOW5KWMx#5Nscu|R#
z3t!vndHT-L2PnGAX2k4yI&}r5-{%SV>jwC9E{}$tCW^=<S&a0mXWQ^wf3DDr&W9~>
z%ih49M1dutV(s(iZGgZr*`;GAVBq-W5(J1-XjA!Pjz=srlA9KMJb8&)U<zSqy-Z~G
z;}de46yo$FQeRXW3BANNXAea!MSnfQROGn*{N2g?9I(lig8X}UqNRcWhw`6ZomeW@
zFu}j-?;=f3=4m@U6J%=aHTa!$fG_f4c=y@BoCqd47umZ3#$yH|r%cX)^UgJ6;<~2g
z92_pV44RV<IFaEo@w&~QTmkcf*g!2xv8$UYWh{=}qXrVL7dkbyWE*5q{;z_XWAg4T
z%-P(=BNctUL?_&S-t<Y@k!{)pFtsd#V+ZyYuQc)}hEhxy*ga;z=6VtJvD@^w(q*#I
zo>@wnLHF3?wNoZl;Zq%G(bm9Z(q*3+F#lV4W>wSJB!%lkfXML_@!f3TW6fXYGTbi9
z<0olRjq^=PhO_8~Ap^OmAx4uePqWG-w{x2YCU1Ny>4zPBCdu?d?gLTdOxd&dQ;^7I
zX2qJ9+iCDKZ<_^a4|L$!y}StW{)2h)5rEvMRmjt&i{^Y}=r-_C{ig5TfLtA`ff!l@
z`AhORLi6=GL<TEV*<}CHoIIrkrJCidgox}Z8ET*ea$u^^lC7T`a@zo;>B$t0Qg9w9
zUrX(znk`Vl#Us)(f781A=17d2$4(&mF52#U|Nk!l<*!+IP@|+kR@q=C0zSX~llLM^
zCx4bm=d@Pfd|*WOg8$|dw4v^z>RR`Y?0p$jzjvcnjSb>RaW$!+68k>xuVQkSP<UNK
zW$v>K=3!{)>?h+~4ilwX-8bZl{{w4CMlFN&PoYY7lir||n68|#+c_8W;ptgqt;dFt
z>whNc^tlv9jC;~IWf?0SpmjHF!HlFp=(zDa+L=a`?V_7x+}3o|WteZJT!uG&t)Br`
zde{7nH^8i$d<stVK%!WS?hKNDFZJw<0dEh|=;G4B35CmK*>8nS=hj}J3Src#s9Ehx
z9&#REg3V+kXw8DmFF6ac%M-ogA@T0*?Q>bh{)$qO_c&8WeWB9s)s08^3sQ;<AW<WJ
zQAV%*HLww7EJ}d?yrwc@!V+p)M)_y)9tBKu<cUR6?)6Bu9Dr}(97L&2YNE#T(pAW<
z&S;~TlY@h!Z*{qoc-bmQh;%5wN%K=pXSxg;QJw9~t^1iyazP>?DB$b<t?j_mFCc`L
zTg+dSDh=S0R#Hy7YHJ6bS)mil9kSRvtTyGJnm`ljqk2M+{T4!Q36_&w)*-|dMiVxk
z{Yr4mStnjR<Ajr8gy13<JpH0rnmJEeNYOD&C)U~Vn6I_dulYO7x0kP#Kxx+|#$@Uq
zXkVHnCM(89UrS_Z*N;oU%3Ou-Lzu^4R{RnRau3#rqC2lT^!6qM*FZel34%k%B+aj7
zLU^e#hgfI8&t&9i{uA(BGOcpr{h4^5NeJ0bV*wq=u(I~GnU@k=ZwhdgMO_)BP0+ZC
zUGa2oeX*rAavCCoKdD0uRur8!7HnaPzpi&iXENs=EC?(wNlA1FQ*>%%(!$e6=Jnev
z`dj~Y&8+crba-Z=bRAlVLvYXRB_hMzGsa7Xew2NaXX<73KpOw4KX(GiTBtTZp;xky
z!sPsw0g0s&xK{hmJ?61>p3q#7HIGmw4OxV2PmjKZYiwdRi`-?y&GLK|G2QMm!v1X|
zFGjZqa$}~=zrgfV8FMs%T^(mHi$eTL6_=B6jc@+9>UOJA@hc8DVwwM`Al90=OI>A?
zDhUycKphgB5G2kk=*UV3=rZFZqnaaclubYT^kRp&ZR5-I2++M}QvpODK{%qA$g%K(
ztA$-I<xHFD#p}1#&-oNrWA$JKCA(*TM0R^h=ACa6iH|OV?)uzfngsQC6L<{W5)yYF
zPWSQo5$&?}CD?%$LOdhgKB{$h_--f+`tZ1tfLZ%&yqgEtxOa~>+M#Kg12*lt0VdG?
zZ#7joNlrJYw9U0Mn$DrK#-Z#!wVjekBcJTMY-?<ig1?V#@Te6LN>ucHk64Sg`_K^u
zzUf%ALqkiU-H+kR#FKR_xX9t*K*RTE_C!@5Ux3gIrs;sCl4Vx@T34*&5umG7=IyY|
zaG*62d{67hl{Iiyhyb?cH2<nn&p}4HCcW{kykj!Me&ps|enWe<r9{a%+^F^C*OOAv
zq*7g<cS#S%#3sn_!zl@2NMk9yjsN)4b0GM~+N$?Y!CJbd*>DX%5=}t7HU^|R_Hc8p
z#MZSnBGcd|8Pn*9CItTWe|0kZ<zYVfa5{r_K^{-+a@kB7DLr6;DI6NUxO36y@3lh<
z`eyR@&-V6C<Vt9IYh*Kvf`Wt`HZNSS9TJoU7dGPM7~5C9#@@OpWmNAakujLQ&ITyO
zmnRTG^FtQ-7*^NKGk&~7J0#Eq4i3X;Lf@VXn<EJWF<OY6=fS<RR?Z^g#(e(A0Wh<!
z+;%q;W$kStz8`E^9J4&Ves7O}Z9y8NNo{7l9m4k}8L|Oclf!;)>E}jsAhu%o*A|a+
zB69I5ht;D^?zDqbV+2tR{8~aI_o#jLLtr!jKsmQxZ>?M?RY5ajD75-`Z}q{&GgzMw
zk5C6BVs9t9^E}SxEb={e(Z1eMu*H$NK3^o^Og8ie>SXW|9U^pLt5Z*7X90L<THnSH
za<meBKW#)&M>f8FnSM^8Utjgd)S<#GUFG>;0ZOfrf_&qZ>3y1&1hZJswE8&TF_2{H
z80z!gr-Z<HwUPeExV}M-qdmiX&(d+fc9y``uHVd3(e`J?o-jp8c2}jeaCibX2eZ=0
zf1evH{GO~=-ma<h&XyTB3*d&6xRn}KE@Q2TwqLc&VinFf3@&hV0l|X_zI8Mv{_-^o
z`$aYFBWIFHD0s3?+47Ahy^DIgWZllV7M=5r8m{v#1Vm5LEdwv%2{-x!_>neP5kU5E
zDMj9uGJOCL>lqUWgJT~{e%$0dxKllo<t@o5dIRRzj|2D9RM+D?J_sv=UxNK_1Gc2m
zO7~3P-`SFU`0-p-O&0GmPA3I5H%(GQRo!ZoLb#7RS0D`CKF{1`_9H0=(Ed&>1h;5s
zD~*$L%#@g$P<M;6$)M*$i#8Alg_EgbqL?cE+O~w->4fDAC}M%u?0yea>Dhiph{>cG
zU0cnao=HjftvmUD{A5gvicP_<&gxm6GcivS72UeD{29QmnifjtNpv&y1{Xp@U;Xv#
zFUJ_#dBvOF!z8nObTq2n$~-|sSE~I7qboT=@qJV?b<*3^X4ueiumx9Uj<DRP3B&7c
zu)N;0Rw-+!P$id15<QS&#_f+;xbGXRzT*G-lk8cv<u#mJGPe&E`y0;T;I(}Ou{pe4
z!Px?0_JZV+CRIDx8k2>6yp>tEXH0Gl7+j~EWE>bO^LDK&Abm?WUvmaFcp^N;nQOIi
znR=CtHNHGgb_gcxBzFf_DhT*N^eo#S-awvU_SxBYYYKjQs2^zqdA+`?_SXBBy-k=K
z)<;6abfV6go;)4bOg5`+y1A#)yW-xO@YHIt&D^N`9py^_L^(9paG0RP?M#^{(Mt}e
z<HF%*ds5Y=W0Yt)n<F;8L4>%Sd>IAzqJ!wxTWji$uN%e`qP0UNs#<QRhI88$E#pYr
zq8fwk)RP6_Q%(Y)P}hCSfQ?+Pha7WBsLo|XAp<T4LVng99cv4%+_Z|Vw_3xkciv_I
z9V_@{Bl?yP9WYHfmP7dxRd&coVJsK<JQ!=IfP2Wg4mIui!ny+z7xdh^5vaeNStoCu
z5B!RrJpyZj=&;6x{`tOp!FTi3$$sVboEph$q#-eHIrF*)Pshvtv6jRoI@mH$z0xkV
zrlogT*w{)lR3t%Gh{E7;x4FSE`!T0_{!CqbSc&myOCq$pF%iSmmbk>6M<b*d9CrDq
z(ObWN2&m_+uClIxeLVDH(T`_A?hE-j2fJxKZ8L8yvF?C3iy|nYXSK!rKQ2_->8cyY
z55VNDM{MRZaV+8zHFl1aXxiqUpUZlefmP^P!(?u`Ieiva(YNO9QJu0|rOgv8qJHND
z^z7uyNkq-)ps|Zp-#Z-OtK7;}O1ghiAkPBbawU)hmT1Y?_6wK<;_2WZXKrem=1pv^
z`p8+>U0yrB^3L$fSzbE;ghDhhX<YaXO-5s1D=e2rbo_z&b<y8Z>6Gy(yHloL;UyT!
zYCE~k-xxeIWe5-c6|4R*u8kSdasD|lNh4THN(LDs#>-h>XNX15??0NQn-}&m)B8kX
zY>awr*J%^8lDY89BMuGtRRffmL^d&sZoROijP2N-3z&O>t6_mwFEQmupcByZ)Ln5k
zEr8VgYgOyGOJwmH=?iYVK!B-n7u|Em&5C=BzB+*;yapTOX?3Pwlt{jXKg|h*DhRiR
zF5ZA;pmkJK)<lpPhcmtqOJuyS%22ysqK#!RL+2H8p#~UCyj?PEDN#cYM9=3kq33s2
zv}YA7#o0F4ERe9p+G@)iuuA9;2z{`nBGS*YgQ?x6P(<xl<Wd(`*tlY5V_EkyoN|U~
z4;{p7WOn?#UV4T58Y=K_OElgqA1pv3ucBAJg$4eKhL6nD%I#q8vo#j)7U-mHQCa`&
zYTm(2wpT-!zHNmp_+mb8KQ7<g0=msKArE~q8?HPBES)>}J<xAYgg*95;BmU`6`#pJ
z*d_AfTj_W{mJ@j~QMLmrL)81o7T*aG#9!py=oAgvggwr!f^Tq#Fmgq`-4Gz~ZKGR%
zZ<n3FoeX}r?R~v9uEvvvDz}xtQ)XZO@Li5iFMMEQLuUV$^$|V+xR~8lk6ozo<OrW>
zS0%s0?C|5%HDs%^s2i1$iNMU)h?C%E;R0vt5?_Z;^<y)ndq^v`Wd(ob07mA|zWZ{a
zj;34h2rMuZr6jw2!j@oZlHk6)Sj656<=VWhd@UuJ`v4&jzpM`}SzDT}V;fVI<(Mn9
zUR)2}-NR&uxgP8E1}Tw=xuus2&yT_5p>OLsNgKFL^DS{oz~hU?^WGPhPjSd}p<Lrn
zxw-rco~c>*y|uGi>e+Q2HF(snmP9SR^@7{(piYqCK)k6)6=Pk1eZSx|bA>VYMh5qW
z*ON`!jaee<#yq&n^J<=v%<nkG`N{{-x@gn@<ido{HV<cNI({qqHq<4iQ{;A<RstY0
zwJT?6_I|uOrxEuX;!@_~jEV&SKC@8{;f%0Ai`ib`k|d%n;H9v--KvKrYy?b@d2KFo
zPmZ%qskcn=ciX&gQKiIgB<vz`##c!Tc(?HyqFudoqy2AMmR#v<+N>1JD39ourtkkG
zKz9G0a?8V+cE;yG)rSOwSLVOF-xN3PYaKqAnyc}Z3(GL&_}+cj2Q%r6DVUy`+p1$}
zoNrGOPoh6~@n{lp{zkb<I}(k04Ww<9cDll20DP0UbLyG110~QEx3fQwR27+is`Q|@
zjiHXn<hqNHtORSgZz5{{RdJq+2Bmd(?^S+_5u}Qjv2pIYsY5PD-eNPlCVEx-P&GV#
zYyxkorsBs-m&G!xl|mOQgH5mWA7;XJS|*Dq-`&K?1ynGb!v)Prv{ks;ZrpiCxkqdy
zFlldivg13TyRkDc+?Xm8#Unv$#BcNFKGe&m1%EElei=-CTU6(Vuv#hci3j&SAMg~@
zuESH%!Y7L>hjz6yo3HiG<?0mpDw4A*XwL${PL7gO7l+=#7L&4)$QehCB4P_gV<>{?
zdbcQYZ7Hr*&3Ij|imve`$SEx3(v4sxQ*91wfKT2wy<-!k{NX!Ww8d76jZD%YrWEjn
z=-;*t_J3W(NlHxce>6CwxbGl2u+Ied0-}Vmpfn__WOJQVxOWgWL=F+K9O)yZRwLZj
z5Gn|vaqwk_L6`f_U(pFSRW9DU<sbWu<q2NfjXnb2^4TZVV+&8ej|2~l8dt|LFAMDV
zgkfDGlX?EtH!@FC%d@N#e}LmHcB-a*kYno;$H#K-f&7y+oLE|YX`hW9B4etzav_JY
z``7YwPXEV)O=dVn@K1=taE=Dv?FrT}x~r4vkK9cY&RTsofK2U8HUM?)F0I{_JB<<2
zx~i-a_P-E@+8znP|2^+7I!FN$c-tgTe|@$<Jp_PS9u1zmb6n!AAo(>>EGuwz4~G|s
z<`34+{<P<t<$Qxw84P>eL6>x(8irKV2j*qb)DWiH;V0|PUx9QUzw^8n-ykH8TqLgp
z--^XUkAN!a!v{?{(Xb4~9^xSZO_=r@l9~G0p!zp}N?F9GqcZf8ck)K&`Y(QtU>_SV
zR}!7qBh3WgpDZR)wGs?p=UwD$MXk{$xq-`KXTp{F#=BN?$5|_Bad67?2=%~qSv?6D
zNvVS4lqslSk}mJ@za*6d*&6SStb=50kB<v`NtG*(Q4{czha$=Eq;?jLIzzF~Xn2Xw
zCITUcZet6m$YhcIe5s!PTIo>DTO0N|2bW{$vmk~bG<O0pD{fV9_pJ$4?fk1rB1bJ3
zTLw+#eAI2K3aK3tY9r@AWNu5AJ$G1oZmp3u*`Up6;#@QyyTgIAcYQl6T&Cz|2T_bz
z5FQeGbx0Vr3o^TgJg1=_qMfn-CPp>m@@FvIH>;M*dMTloSj}nzD4KP&Uju*2Yo=}t
zr884?qGoQSN6_*(#SInRkVkxb&iD)=rN-S*DEQ^Hm%9ga>uQW%wbTT#;HBZ$o`MJM
zCvL4bfAKsG>JD-h31EXcgT<@q8vlB54SD=$GALK&r-!ei6ubS@ug`1K+ua-P=mKAE
zow<&LyKz4OuK~j*;M(gaPzd+&z_NMq>Hccnz&_mRR6mcGn;x!Sr0P*Tsbb5ut%4XU
zZR=fAZGiv-E-fOLBq#5%2F6a(h%g**lod*syjjfrC}(_Z6WY1N<@UPX*?kIbmnIhL
z+N0bjv_Ly|;lY!;_sqT{QBT%6Me`BteAYgmU(x?-y-u>5n~Ln5T7S@iqU_vk53j@V
z9S2ad+Xc36U`9>$Dm1jObgsn)_B_<0YUu2%gGX2hNxh$04QuP7p&B}~jyLW%Hmh$_
z7rSuW=KziANrT&>;cNtYu?VoHQ>ZNQ<!`t%tLMQF$YW}whc;7mM${D)e!2Y(yu#V<
zDhz%Hzx~|8)EQ}W%&d=NiRx3NTi$#UFn4jF1`6%Usu8vR!opRjZq0e~mBTZQOYr-U
zBJWUz139hm#6h~3*%159me8X6hjK0i4<+dXxg1Jx*?{{P{T)@lr=dj;tW#NHj5AaY
z*_CebdfX0B>|S@H@lXc_pqwbk4E^4a1Ztp^jdU6;Dn)hq?Ij&n9H_aJ5uE6xV#?|^
zTVdlBSxmCw_itQSt@ySmBkPs#l%#+BIeCFKG-xhaJMcsQMsy}`JSl8(s;JlZm%MdD
z60Kd+EK&Ccj*cyZ%60xhF1_o%Ufq^ZZN!~w-EOBFki<<~zI^oNP2C~809e9U3Lg?3
zM`)z83&<Z42v#rS*hy0n^H~NH6n?U}$Bc%f4!xi5FBGPt7(uJ6w+RW&7T6~x9&ZSV
zf^opx(3H)D0l>{M``CL6xSN}G>tz-~1LBHY+1_P}y21Z2`+`T+kI5`&P7JsKuWP5Q
zwcrsuEu!ob`&~vt<;483N}LWd+($NLMZ;9!h?e7v)A67;<P0kz&}5{f(=FvVV`#`h
zCS7~IMj)U$iUhuYlaHm>U7t^eQTa`mkseehcz#OL(rsr_zfgdYaQXK@@&w@gPl6Ua
z(7H`6oS)Oe@|^}e(pm@j9KAKC<i1Cp8t$7Ai!@Gg%)e0mcVraVB6P#b<%DyEhwcFW
z$b(*Y4tv{JliLnIdj(E|7)LLj>bm0N@`U7F0B*@5goWDnqX%YXS8uMv%@>swcv#y8
z-4<Y8O|puNd4eQPBQPsn9{6e?#5?J>=NfBD*#deP>BIg#>M~pE2Qk@)sHl`zHixz-
z+;NS5cko7F_xyDk*Q@2ilMlgpL0}o`yebISzm32N1HLzbxK&BWJ2t<3)|k=2J^M3~
z9dC~}@pB<Wmo~%tk5rf-IeWQvN~tYnBly3Ea0x=#&bMn-hisKIp)b1l#%zNE+`p~;
zby~_B0^kg+X!V!^!t8&f?F#rbSv>o({}ti0aR)u3zazf5%j4O^I<&fbG<he54fz#S
z#oDp<_>t(CP5m2?{=fil$<+^5UkL|wwA`Hexjb3O_RsDQphxliFN%UV_nr0ZX*QqT
zYhK?*`Mtu?ekSpoCZop)YT`h;fJ^vLPAnBL&uirG$e&}gG&87(T=lrGa`?hsp^K*(
zh;vn%lXydc-4D;4t-nJh?pO2C-&hq6d(oTnx@L%<RpC^h66*W9sPWT_s%J}wmXT+(
z!X@Kv52cnitffnqq2;30{(4pxr28gy4~50UP;2oP9I4j#Q=s=GsO9<WX*(1!hzgyY
z4CfpMwZ(rg>~Xsq`Uh0LjOA8hGJ}&2<3f%1dz+TtB(P8gtFu}vsx3KbTE3i`cwe8w
zm&*7k^Tx1HAs@q(Xe0eIn9|pMO=p%>bI%YKdSzC($MZnjI9D$mi?q4JFmr_L=Tq^I
z2*Z!tW{ToSx<aqATLxf)=Tyrv>zOMQ!||-fCUdhd9l&M0lTd;E!8Uu#SnB|>Fs1TL
zwYcMuEsJD%HjXZBo~2yMuh5*5;9Rf`$6SphuvROaen2A(0@vop_Z0;O={sj-X=F={
z3{b(3=kbZGXY|TUkdc7)54vkMj}l5=uQ7-*b$Iqpd*nXrfg|uIOs^LjfG@-p`9DBJ
zkCEK0mwd(+;A=32n=C7iN<Z$DquCdpdfDBl`wV(CdvXo0P}^{J@ZzE(IKj^1{{O}h
zv5gKZNL6%%1Wlw0@p+g1?kfg;eRSv;0a;2R_Oe8g$f1C_-rbdwQp?8}f}HF2GWT8T
z0gt_FGc<b@e>}+46IrQCi{{XruMo*YY^0p_xn!Hj+d|$PzRK^kWQCOHo(_d9^V>u=
zT^d>1y$|7foHw469@Mft0+*4VV<k?C2}dU@y#$O5zsT7IOY!6fW!u>UC+eApHm*=6
z6Y5%8Eqtu*=SEP_9PPQviS4iADqUQnZ<=a<{nfFCZWhcg`=8>3g74tY>p;}?q)Z3T
zn^{^IhTh2_HQi+nQH{rVTkAJ?^-K^`fRv#8ps^I0WHa{7&BMR;$~jQER!HGl(BP%*
zkzX=q#vTkzb|4aUnCsIt$Al$O?Ub;ne9hhXi+1^O1GSp#YUkn0HzTZ=anG*@DQ|o8
zZ(|C|F#e_IkybY&ROo{usq>ad-`Dkmo&#8m@#XxiVl<7;bY`+n|C37JM8xqpO&7>K
zBj*y)z6HJ!vUVCppfO5B4)~Kq(m?wB*tNq8Y5~HiYxoEid9v3*jvxN)YJ{piZn3w1
z)HR#?-ikp(>!Wbc#L1dcl*5>YL|&|wA`4XJTAu6vZJ&`%SHcZSZCb1{6tnT#e>pRw
zFMX@maPwHrU(;eo_QYH-&1kjk2vo4<eSgWY)JIy)BW1z?4d}`V9|-<l(l!6q!HlL-
z=0$$)W}*Lx247CB3R}b|jwJoeQhahsIv_Nu?5#*axA)q0I3w#6Spv)SKMAbJlk<e%
zQYA7!$##RTAYb#&m{!QpdMo5Ej9p&`tMM@nT6fWE(l_`&MI@llb}0B#`<o^5h<<KH
zuv6!e|HDDl(1C+v<f2#-x=xc!k4<vXoI>r$iptE^>NKlWt_}Z=3GKh}jj88kp;l-1
zJstNi8SaTl+0!mslo(?}A-fb?vdxjM0m_qmtK<^bdFqmtBDPt&7rL%^ThOfGpCigf
z7Ga`r9b`zSIpx7d{OkYK-|AL-gpH84+d(n-nQ8z$s4zqrgv17C*ZdP_DNR4)94<>?
z?^*AN7hK4cd4XeY7s>bwsCzLtkRYTy_pqfM^JmlJ+S!zvZpae3WyU{8Q`cp&h2eeU
z-Z8-(<@m@T+JdsXLA=5QOrPss+l2Mly}irIk4YrStHh<Kv7j`y?K$1E)yyQ*8I#NT
z6X|)5f%v)3C=^S`t+n~|Kh<=+lPIG*5h@$WchC%PI6}B|DdW3yX~nw3+41u0bd5Lj
zn&}!1zh*F)#Zr$j&Odc}sZgbkG-WXBwFx$3a+;3C_{v7ktUX6l>HKUdV~W`HEzk)!
z0!X;p)Y1AdFZDU)-?|W{ZMzyb+p}eGI%=7ltXC89Do78T*?V3=>$WEwY@YL6Tg6ra
zNpF_TB=)8l$;_44;fFdY&z%IC1U3ZRKsd^nW(b{xhvX#P!UtXywJ1&o-vfX;5a4P(
z)h3K20<Ttc4_Ee70a|gLHX7f<F!9>yKP5gT+kZCXjtp8fNwr1qo5@t>(f>~Q5$THG
zcccqAVhV)6e>q|~{dEs&QtB91y}0vMf(rWd8kFJGicX<v=oTV1DX~0Zj|UqohMpf1
z-FlOUniaXVlP;TB&Q^RNY_naF@VT?+P2qhkX*2>()LHASqnNFX(nHB6G&+WX5+|04
zwHr)7ZhMwg$G-J!CkGzwrTeSInBci?_Z`<QhSPE6fMf1lpyHwNqVkVkgo>e-i34`+
z{egLt24G%U9kO+CT6e`VIM(vy-8b0JnOfLyV~bH#7zSMY1G+5iL&RM8PFOVERzUCb
z>E)I$0^FOvQ{ME(={JA0xuI!uyp{|>ti$0?0w15ROB9gY)$(UM3agG`uM$VNrs7&h
zuOo}Q1q+L7ZsKxy@92%)2gz4ufNl=)>H(wBfwA{(x8S2O@RNeN<>0Z>044#W8<l^e
z3@Jo1pRgw}SKct;rgT;D56dgIaJ!N)N7|5?3B4Tm$SJ7Ew*wjiF1M!BeOYKgx{%G_
zZ^)JeLj2ul@PSW^hg)%3e*`UH+{ex=Nr&gf@RbJub#)ra4ef1N8p2NeqyLT@(ue{A
zE<yv~!-BvhrB;4@=mS_xusm|2#=%xh>?A%J?DIlL;PN+}PAKp_A&7rJVXoxM2|)u^
z;PwLaG{-iR@79?V>bQBH9oV#fl&@=NF(2|jy=+p*YgKp`49wLV&vyq|85iD^RU7v-
z2f|%vX00PsNpDg_52Ty1{uA`S`mLI^uaGO1NfmuAjgj3STX@vb6<zNo@Hn$og>&fQ
z+q4QQvl5#g@`W6I8HIk?GENk!X2Y$wu6`t!0O!aKETKvc69_#wmFz>CJt7^MTKSFs
zNzZY6W`Qy})Kbg+RNxR!7Kn(@k_940H1mzrRjiGi+-Bcid$2!c_b^A<ei0F;Tsm35
zo)lj0M9*og#JK$QaK7iZaL8Oyv8uBu{DZZrt{LWsir@A2dbJb1g)FFQW$UUOj~`Vz
z7^rSGm-lb%;HPUGzck{};3ncK!(`nB(f8c3uGbjl@#UpEEl8`VMs~v4O-6=?_)Zui
zr`YSCk-MsR5)k6ZX>Se=aILROJ|jB)tKYlw=zpg^Q<k}=rI+{{U-WtG>h`clsFEsx
z>q4q~MT83Ad?!R^rGh20hAAY^=8!2&;y+r{jf=EuM94b8H%#Joi19>L;5djK72c!2
z@#d^u^8T?S|LWLW-VH#{d5B9?Uqrqys<W<OXGJ1dt8wSGG+c(g@fN|Civ-BsN{G}S
zJ$mT2lDSrJGwe+3&Y9THuHLX{wuKMZmiNlK*Q!cRyVo%kHD$q}R)ZQ8owt{ILv$!B
z<ZQHPCo-Qr?v@<{w_LnRLMa}|aZ!;1S{|N6ehfv+c?sxjaQ=o1K2=>HQGt)8Uv+eZ
zJ1E-`UXjzg5c(QX$KMNVLLP(2WTI~On%FfD%R8N9d_`xfs?25uYZl&AVCL11_MHw7
zMsj~ocDmr1mOqJ*D#0sdb@7RN98y*-++Nf<i+}@qMW}PX%+=d|<zQWt9ZAv_`p_Tj
zzL>gCVMJb;j9_StKK_XbOV6<v4mTt$wl=E>pE}=(2eaX<3TEe}_gO(!DrbQzcHe*N
zD>wT^gIqCQ%0woGKGHp(-n;O3%_KZi+89tk$?80>l%@y$zc}_lV7KZ4K38bc;=XZw
zlh+dL0dG3{k4s6U%TYTtxhfd+Lagv&UNcuTaG>r>%~gDNa@Q(YT2GZIb_xv$!S(w;
zj)pb+znbOrIp@}2J`FVc{kyzB=DOAWRRXH*&cQN|<X?2NhAzz$_8R=#$<Cv8%0sy@
zNDq41ZnLEq9hCgBuj2>HqT6N*HXO6U7l53VIHkx9LC(@KQ+dNVtN=1}%g0Xw4aPKZ
zHi!DTkg(;`bIpK7Ot*h5Pfc#rQz4l)YX1f7ZNH=Tm&w39Zao%#(e2WXt)$4j#LtT!
ze2lx3^R9|Mi7)A<v?kgFZ{(4KAR4T~$<sV<gnaIu_l$40nh$-dzxR#)Igtb?NEg6@
z?^j90lu0}0&(6zkyN+BxJYGB+PumjpNfcxAv+^eR)#D&E;L<17+go(uGTG$3ZB^HL
zQ@N?Nn2;!zDrv&?&o_w`oIP1)QAB@22~2)+T%|3(f~9e_)$|?)g*vYz_qr7VJKYt1
z1gn_J@rfc<=UQcl3NykzR-Z3*^q!9}v)16-Z`I_|gra)GaDVRiNLsZ-_n<fHl|F=l
zy|kZ;spJPN4e>N|*<Pbd>HWJw>5FY$^~JCi_B48JkF@p|O=Zwbk%XL_vvxh7SjnkY
zd+M#*;91ZKo`$_L678bZw^PfpFNanYI5z(JuK6F_M=E@aPoN+t_#EzS87S=pbs1;b
zXADR=j5ALyNy6THRck-Dd|WR2)?cvje2()u=+ns$u`npr@<!!%dRM`4?dUG`N}Ofm
zK-iLGHQcNYU8FM;`{eVEr5*dT{~89r|D=|zR!`AS%m5iZ9HW5#6_QpA+oF)5$QJ+)
zE4{XKF@nqWHcbumx?V4E(Nl6m>nDAyl`F_^I1HE<S=BmMoUxlwrdw(tv9$l>VVBSV
z19;vG3*2z~yI)BaUv!o6xyX_WnaHdCcbENHBX@M)F7{r+F*lV<wxkhKoXITrlkXd6
z(Melhq+-vmd)*Sv09##q_Rv2t^4e6lUQB3dS1-h|uDztWuDz+5(}I_+EqfMpvxB{2
zq3!#s&et__zFIT-B3Rp96Y3}I6&-~(%O*=75B<qQcsGBNj0v%XAd8BpX>QcD3wG&;
zN3&I!vn-1q#>8=8D0DsZJQvAR_S)OTX&!PBf<u($aioj2V3$ed{>*~vH<P8xyGg5U
zGS;1>Ygy)hoM1AMjkm2ujn0<@7~`gOVqy3D>rIwWJlS$a{{ImSSN!9q^Jt+vGhzHj
z$UH{y<_y9C!jRAWCh=H?!V=SE(us-IWWQB`4u>^rsAJdux4l3!_pV=|r=2-mg*QTl
zI*4H77^I%BIl!z&{wJiaL9d_A{CD~oL8pPpJ$?x5%O70@Ki8#O5?As2uThF_{+81S
z^V6iHRq&qkqk>2OzYH7tL|%p&xoZ^RJ}{Z}{I;$Xj|X2fVj;c=ufqevWGL;ty`6O<
zFG&SWxfgWdzH^5Sgvc3|`GI!jXoZo~BtoQL&O7s>gM{KR*#PtBK`3YL;Mkxlb`mr0
z>GtuwzGUqqdb=YCS*BGran|K|wBCmpC3i99IsGeu_3<OIY{LYM@Xq^-EM}BW^UAdu
zS=2d7Tb$>9rfpS+4}CTFPV%mqU9sXr47f+l)Q*fOo8P(SR{;G3EIk?^!!T9*;CmHI
z5FPwYCUSEjnuCK;j&pyH=^vIRivW&`-rs%uk0rju0|X8!SMnDUp6%pO<c9{=TCnJu
z2;t_bGIBR?OM7)9lCa_KzUAC#*!;pvNXST)Yt3E(FqXH-=$dj~3!P|iyy)_sMsXd#
zHp6DtQ+jSw?3G$>rzO#d`?Mn>j*MSPSa$gY2ROFjWiR$$r|&$X@fcRP7yLF?Ci*^f
zmA3FCdkr~&g)=H?@%aoM&`(jK-JUc<K3Xf^e1$5bCWDY4LtRajrUqN>ksHU{91bh-
zaDjpeW&eGH-Syc=Qzhur_7|NAD<c#VOOEK!HR~rT@kdrA2eA&3`OOR%mQE7u+10yt
zk0a)G;QPIo_4NgeF<`cl?+TOgw?#>ae=zARFs|CS;$i+Mv7?kR6w4&8a*+~ZtW~2w
z8Mu0cwkM)oF7W<ba3FncS6=Ud8NKWFyEXqRYT1A-0!oH4<fmqj|5B)S|A86vazxQ;
zhm{X`dlxoal*X$JJJ^j(Ebg@?{?rwx%((7aff!nrxQV||8*>v}s>>UzVm*gzRDTNh
z66NLgI!o@*%Vb=JXlZldphpqlecN`_NH{6Z>GFaKPHIlx*JZmx@3vm}{y?2kNj&}6
z$PS?D<hqD{N+*gqYf$Xn*?73bi)6(z@FzS<NdDO&Qm{EcuvjxB8t=(7At4w0Fn5gk
zdGqCdSi48c&C$FJEL$fbt6%f}YMl3~mhs=)5(##mF&A$vBZ=km1@5xTZn+*=iaw_9
z&1Y1m{QMP-caSdI+^rG?5O~Wp5;&1b29O;uvw#dx%;j|5gTeM+zW4OM!}sgdWO0{T
ztm=I;r^YRaV?i`S(2f02Gdi)z5S+jvn}yMWXr1I-wPW7>>$3!ocBy$Pg1GB=*(qg(
z>zduK`?wJ=Yo0Fm0#Lz*T%3wHYPQ<Df4_h7{#&R;=-a}LHvV0MiJ2czCHD6KBx)Uj
zOYMIiwTwSJQSVuC3sfqQ-F4VRl)cF4*i*ReN4%{d1n1rpNqt1>5`qokpF7Yb+^!gp
zu(G!LEA&s8Ib4_+OnJryQu4$+=zhpDS&$y?mzp2D(R(5%al)kP0)O-Jjt87?#d9@=
zKnpP%OqeU%BFpyp?LXd2^{_anpXpYT=SBALQq|*Ur#Kp)BV9G0tD@|-Cfz5vUnH_K
z_Z)MExpuQrp54#<*b(3;tb9Dg+J1H^Y2OgcvkBCtoy{$6J~K$<7x&@uQBZpa^5^$4
zyh={0`j}g@c`}>snLoX55GOLiXuEAbqv6i%Rn~R`BneNw)YJ!bzT1^+*#XxeW**QM
zI&Sw-6896!;|;qQI;eKd(~yf-#{nKesiS8G9sbR)HRXK%5+4*)7h_M4uDpT=<z}3b
z=6(v>WM_cpssZJhu6-ZMqZW?L*nG6q>z;%GS8I~+Y2)y1%9$(j%bja8f;OTgGIe%*
zDQX`oXF}i^!20zOG&FxthEz@E1#6TO;G0?C?L%L>DM&I;naiczlJDy)VvE}`oO11D
z3;FWnI>?xc8Km1Fi8gNQ_xCJU4-}ciGB!Uqx(X>QTFVY=kM`MHa^zF(q^c7669iS<
z0A=iveqLZ{@a(6Ug}8CJDsVVht~SmwA&`&4$eoOlNLL2lmG~Ieq#`mScuU3VDK$5>
zUsN9JPi7gb5dOuZAM5&4=Mb7HxOrbZ>q&qf%W@rr4;3Iu!SfUT1UIwRr5{!&ty6kr
zYwYs`w$LzMlt%ayI{ccl>V)H80%!D!FZ{pvBDcNs<+Kk{c%FRa^i3WJ{a3^(O<Op$
z;O}bpYES6vLGqbd?~V3C!3%e`x$pGLZ2+37^(5=z^2qAnq017Y_QTuZ7DqKn;Nef1
zU8=zY&ptM4_|rX+Yl^K#tDj{{$e(2!AoP^~d$0Yb?>AcgG&^N{Q?>-Ek<Pr36UzOb
z^xTi#a%<5;$pItRdoTA=(GD)jB)aC`tMUiRc}dEv8*`-taMhCdaX>??w>`1?ZJ8ah
zP=JC*RJ^m|@l@7P{$y4P^MX*Q1lGa5%8OSz$L*M9?pV!$7@p3Qa}4I(gh!SV$i|vk
z;{mMhhv+-f_c`W3ihd+UpIao#lc0&CdEPC_H8!l>E3Q2kV$lUwb*Z7igD=c=2J$r!
zLX~kTY`2^)R?c#>cUhG(gD4CH^e-<&Bq|`-4f0`~nksh5-D4*u9r+n+Cq2QyhGY@W
zo9NK8eaT9^o~hvd5n9B;7v7CzWcqv9I4+1`fI}mc`Pe^|FxxbGT(P&2%MVy(Dd!zT
zvhb|`tX!x({s5p#*5zg{XMF%ZHEV;dYuDjEAkDweYwJHEfVKltk3YS9&7<=!RO^wC
z51IMo598<Cv$TSgd;9c{d}raJUX_R?-TKd4sXIq+{ZrJb5ZwYv-Rw+)5weNu*dQ;4
zsLP~+ds}HovGC+~^CIfajyCmH{mkka%N#za=7l!hfc{e-=_YVLd%|yFR=b1%xyQz#
za)W0)lW$doOYe#Mwh_{9p-78y2Quu7=;9!&>#nr3UQkThQOn9-UQNO6M_|8Fxd<!!
zf=P3)3f~~%ZD0QF$O8Z90$q<1yan}MmFzqCS4>^yEk|B6HGfhx{{DWAaeIlBR8lZp
zc3Q1j&$>EYl*plw4rj>IdYuQCbnf?^*jb3dGUqA9oO8v$1JqU#y6Zoq3mRw?q)D3F
zopQyaBpGKD_p;Q{0bLEp=?Y3;<sH$ESBVEqz0S1(KR1+wL~^ZU>P){L_gL)tcx7V1
zX*Mc{Efm3u2+*(JekXUgW<I$cguNS!s=eB<BzZIoTZH3|a%!&<E&0A+HV|{iTmVg9
zju;30WS=em-o#IQN0xbq`n;7}VA;}dY?_F&76JVS3)m-s8=#as!?5Zq#yutX1yfQB
z&xRx?0_CsrdW`u8wPn>AxIiwtKrUjLJtChe2wD6Y9ay6NeX_z<Y2Ya_T!j*s_X7M=
z{erU^*kkbBm8p(dX_9ok{QTzFWDc`uO3aEgo$ektB{5^ONMTGZ+mS*kn|xz4|Lgrh
z7fqY(Xg2H3a<o_Ti4pwEX!Fg(^M?tD?&YKT>XWG<rR)_>d~B_wTl6g6lP4umt4kUW
zrwrvAd8sgF$;A>(qErICMt@wrw2khJeSz08Uk|=Li)UHUy>txgfp*x55*8dn>uv55
zd{;=~NANlgkyJ%{#U<myP?AW29|9$ypj$MY%8>sJ9N+YV!_R304Edf(bvPWcCBGWz
z6<aH&*?`G+!b}5?s)Lv=K%|@AUy2kPy+Ys5%rWGr$x-jd?*(I?Y@M@uhtmCqNb<Y~
zzar#54K>qTQy74Vcgz<x!kiCu`yypeN)OB6tpcv#dAhc6(seK{jfWlFe)qJEyshBX
z7jd=Y*KbTPzL*TJ;MmjE{RSf4CZ4h}AM+D-rg*mDj#R5E#0rheKW^`cJ~TdQ@Y^en
zHO(<oHt19X6@@~94YyOdy^-RIysI75EPk@&b~)cc)RwMrxWAv#@HsIsy+N1II4vw5
z<2uwaZ{cY}E-8<MN))K*)W_C%Vaxbxag%e3<B-nt@ry|&gdq_&4k3#nuw>oGB4d!j
zb=<SLb6A6F<(@j8QB9Xt*<m!BJPyXcH>fHnoK|c`9pvf}Q!Xa0icK%W5tsk4Nq-^a
z;%FQT^)63w1L~K-F$i@73CWKb^}B7yx6>(19{E{MD}9a=>T7<V>%W>Fdc8G+`FHV3
zf;Zk{D$%F({;M`!+!2QFi>?A)-kG>f@X8=bZei%LvX)zM?G;u;_2xoHq4a?AuWF$M
z<5&m0<Ot0-e>-BEQyRXQmEVo!|A;#8aJK&U{~NWcXlvE3Dr!@ErmdE@{XuJ!*tKiV
z2t~C;Y0Xm9Ta6L~wMkNY?-4V#sSztkLh{Y~x_;O7`v*BEuQ)5`+^_q7-jC;EVfEY5
z-WQ$ca0w#XTR>ZFCMn?{vgY!itKC^IQ-0IpPsBGeI}Btb!S}Lw@^xK6sdiB|BuNYs
z-EsXc55$!`wgraMYcv#?9tHyJ-Sz^<-j=P#n;uF4Y~1!FL=T=q?r08zmx^5*wL+D`
z7ScG#qrI<pA0M4PkUBKUp2tsN|L7&%^{A4n$Cjxhr<fv}|N9sdmbZO8^5R#!b>Y_@
zB{$FG3JFsj(Mf=O=IGG<@}sgQ^1v5=OxJW;YBcIb)+AU>6vM>7C*qc5yz4KQTx=P`
zDvA;bQ;S>JGCCxhC4Z@Kh5Vr==FukH<g2AI{Cam|PZkl!^xyL1vH_DFs<FmYbY-;l
zv_~gCcKLN@Z_KiLXQ>_{-Za+;8O@U15F6TfQ$PdQ{r31|k9Lf}JqA1of7DU0B^c)L
zYumK?;*pnPf#^ZF88R@vH?T%Cl|@7Ek>xoD#>lpW@ayos<m)%}9VU3u<pzAi*B1-+
zm9<H~m;S)Xl+%V)cg9Ke^dPCl!B1ac_*8`u&yc8@l}}HPmdcL5`Hsm`7XUpqq$3Nu
zJNP$^Qnn#7O-Ha(nLm0j3N}wgI>^ueflziPN&`B#(54B6*TsdhvkajPx_Y#v;<XMh
zHx^hySaMN3dr_$t@3wUkP<X;0--44onl9AvY>uqBZ8bHZ6FC^uK;?`^2cgZSUi&C1
zaFA};5C(d$LT*NL?XluF<)2WJsRJm&TJ~|2G3B1pfH+~CKZblKtN9bfK#r#d2+x21
zhnbqysstwxn!%=bEgHu>fmkhHU~;@7g_qK<*K*&`=|hG+s@X@!wHFYw^+2)mM)>l4
zd0)CQJu&YL4|_TM`{R#8_qO()k+F63A5*F{b?Dx$UMJr#joCF{h;A6UXVTXhrr4Xs
zyr~lQzEQw}14ta=?o~F|L09r_z<>z1{s{^_^nCak%SNtX=+885blcNB1DYp1>cUn!
zY<aRTaH<KZ!e->iYzBW<v*=q6PXnO-cUHT=X<oePj9)U?&TWaB%*)hWVZSr7V)NLD
z>Aq525Sf%*0f+ui!2j#DX6EmE{WJav)m_GNY11{qze^X)b#cor@9r^jLz@rI_{5QO
zU~y9PVWD>xhF^FE^e|?e$9CQHE^AMy{9k*SKF5oveqxu*pI0iC^VVSYk%|tJ);IIP
zr#n9|uUO!yspMb;O-^5YFjZioo3{ZNnK6~@qe&q-@KF5)PJIM5n@N2nU?ShRcY`d4
zmc+))z@gMjS}j$a{ICVfkeEf$CafnY@PiJRiEbyF-r3fVMk)QZ_ntknl(ou7lM4{{
z7N7zI4n^!sJcqJ0G;tk0>?$z3&XeRsZ<uv(LEnpI+q1eEETr)F(6yL+S&DFoo=1L+
zscnd7@;~0cVuYE2viFpl8($yP-ThTPm3&agY_;vd=#{;krl$^m+2Okqf-}ks`P#MM
zN*$CT`XL0DpVGH1&FI@nwiv$aWe*f?GElyp1SnSUmmsoz6`F?lwnFA<i8@Ew*4XOw
zMOTJPsz1dl{1=Paxr>{@k1>*A^;&#3WfpYio)hSpi}x>O<YPxD2_KRFxKqNW<#lFm
zbvQ&|kDc0n&FW&Sx!bM(VAXn}1}?1G9J~l$@>6vRhI#ugw#EAkHcYX0;;G6Xm$zzn
z#D9JtU@=q^e)d)E*daP`t?=Wr4cyFECsL1N-CPzJrD4l6d~fFZ*%3!<sMPU^s!p{|
zB}J9${NL=)RoL$hF&srT>H4*Hp}X%mUdv&Z|Bzir%kjzPxXu1!_s_uk)T1$X|F}cj
z@xrK(m)E(|eGjR;a7*Q_h8yd*D^j<zU1Kc1I&EA~8sOVCAzZH;?gI8mG1&Vfl4Q-j
z63$u(C;@BDxGz9n$lj@RU?;X*SX~GaCXRg|re>0`zfTLlW6MxO;mrSPm04|CUDHYN
zg-;!NmuOWAv`)s<h6+T?4f*6i<XZy7qNKpgk4MtNQ(gG2Wcswp+xNd}-72r$VNxPr
zkNc-O^<p+tznf&5b6aYVuY;fO={ualygg&|g>~^?(p^$Q?y?pb(SyyI@U;;z`FZ-N
zBMsM4PGYX@8oNiZD%ke;VVR*;Q98abRk`=PAW%vURL$U3K!!+6o<~0&PJ}d%hWijr
z_gbTATnK^$^DoPsHnY5dtguR5F_p#3k;w03p^cYYKpW0k<-&J{oGx}5q@CbV^cCS8
z-Oe5|4W76h=|Dyx9>H-2FHWOR#gEF$QtD294nIBEQ-*ZnM_5^kG@oqM^!oW)*EbQi
zSpTWP8tjBx??3%~stlPU=9S$)m=!L*@{N)I_zkhxHS6bab3Q{Rwc^a}0|DD0=sJSd
zIG5cD1af#K{5$p!?Uu2?CV>YETr9a@wEq68j0eXU%cOc_d7G4-a&0RGs|#`lF5K`w
z8hR>lm`0{kCI-Kq&Gap)z4RLwc{+9YxzrD+cMfsQKyaN73a>40-`Lv^?)4kHLPwm<
z0q;Z?kh6@66oGmnZj_aDAr<99Ow|vTN1cBAm42=kALo8L<s`q`Hp57?^~T?;g4=hk
zH<pa>u9CDvc<UCf!5NqUP#}`OC<@WiTUTRf&>jG{zPj+a)B^Io;t9?xk-MDzqhb==
zE`aYt@)!kQ6)BDeFS!9TdPss*p8}sF8ofr|;uU3FrsSU^&avZl0h7NPUoy^1_rvu<
zDicNtld7e01PLc;xy|@|p^`fOx1*CaU7Vu%5Q*toqlVBJJ6D4>+>qu<4z)pi@;3bm
zDaEvbO!{~&5h#REg?fIN#kf9od(7&S;6k*01ow~z3yJS`oV2|dCQ+02TZ%oIj}bK`
zpNF<Nc7v{-LbpFEE8Bb;j~prfE8H#6Aks|Rhg06ee-8YJ5THQFc)j!~BYbwA?I-X_
zB%j`1Fq?m!{|>qlTyz*R43V}ATP};RqPM<yQT*4|<&<&Z!p;%Om~pjPiV-^ue#tEh
z7~_9c!|pK@yvn`H%#oXTcE75-r1(lIeX-#Lp(2f=KuCz_UM{o#F>p|-DA0?#$Q#tm
z%M=nQ?B=UwfC+}<%5(p@O6APm(xzLcS(B2veyVs}YE8MJv0}<E>XtDy=cJo8SSvJi
z8CqR@7VxJscavFX>)D3Iwfc4vmgC5M+sQ%u%Ea?ZVS4r?nX$w9kHn}pLMLj>`lMr}
zo%3#FqVB+%Bi!Ul#`9`zG%3jP!>|c%gbLzBEYCH*l3}-5&}3Nd9MZFmb_#fvmISPo
zRsCz3e)t?$eXH8_f8f0YX=PYydUYAob>h;6OIx&Sh2Os^V&kfmxUsY=$Dd5~N+J0U
zXG1U0EBaS7#qU&z(x7z_r~oR5frpyok?be=DdfAG-FCC1A=5D<v!$JLfKN_ZEuJs0
zb24<4V9DfK!_foKJo2$Hl-DZZLk+D}L%b;>=N6P1HScZLf|``clKg=9a*?!`^*RE7
z-@HvNXDsNm!-!|m_TkZ4w^C<8Qc8qcQQ2RoqU|?f5g)&o)s2_CXPp2ao$a%jm@uAY
z)X4oEptWe!*=Z5c&}2;$>*y{gJHiYIKO1X2I{N`;J&3F_9lL+VR>dBn6kk?$Gva1a
za>U(Ob~Xl0iLR+BYA&=|ae*0VCHUFci`89!bOOG0rM!$UqHdN^bDKPXBI2>~J*=U&
zNiS{DHuUIB;i*YPZLL%jwSj~ZzA>YK1;z4+#gx+)yhv?<4&i<b?$JTdf|aihoQnPO
z=)J$AR+>g`UxmPZ1Yc`^IoQ|Y{#__~Ne1nQHCZ#;CVAYz7}ic?mz=H1@NN3VN?H40
zUA>@iZ;HoE*(diX_9DJaWcyIn)cL>EjDt_0#NC1CHRtgC+Z%n#A8`v8mQt_b9O(G-
zcD>=b^Y|=9LLE(7e*AvrK6I=iwL9A<VYGFmGy8h20v0td*ni7GBx*j;+f@<{-R4id
zYbzdQ?HKt8sKk1umz`SS^&Wx~ua{|C*dNM@LxA?mTR&f(T8!)sDa9e&7Rwj(;QNEG
z&f(q#R_38Tb@;jmEA>aV_iAc#5Y^@#Ni;RvgQnOfmvy~LNw`<RmVwG;wPu>%3NvZN
zs;>vUhs&+(k81WjI*-ZDcjpy*b7pV*TluB*RXTz_2i)x1Y9ex|Ch(A08IQq7JVn7P
zw;fP{*z$;ySH>6ifi7spY{;B<|H%HIy{$v#TLBww{1b@EY(jPB9}|?=))SI+TGU)b
z!7;m?pZsNA2m=}mHh@dPy#SZ#)py`t8x`T;IqRb_d!eZDM_%foC-zf$pV5N}1GVHf
zHlqV2e6=D{B$N@2MbM1GE732}#MH*h*vcS7!dUp|*RNBF=V1-MDupZUow1YEE6cNu
zZ6m`!jYqzI9lzW8l)hF_M5H@Dq$fTZIvbyL`<V{Cl$0R(-9OErh1Bsp^Y+FRTtJq`
zuA`R5bTzx+rv$~RtC~F`T43z@+TT80zaa8X^q+RVT1;JoMc71(M83>O8WE@NRN1b8
zU^zW4p~`DISduo$46W}Ve0zICJZaPx87c^{l+V}xR?b98!=Qtq^d`o=nbh%LQDc$x
zFIEvSy5gJV<mn0b;)Z?KlVP+v{%;i(ye{Rhia?0s=-k_~Upn7p{ud>z_|4rfRO33M
zAj$9)2wF{28B<<5ez@`x*WFW!li4IWjjjjxnNt-k8IfOx1t|F!K&pe4$q1{EDi0!~
zWM$UrRTtkFTc?YIQ!a^Ws5$<$ee;uOG5cPjfzc`O=m&5x+#$5joT=c~(0~8nXSRO<
z=hE@n14I4%|Hij`I@Q?y)OQg%TqCVK0{NXDrn(*e#)DrCa4W74k}z6)l1-gmeH+6%
zO<~(?*UcR}0`zSqQG1WZ2UF)Ml6(B!45LgzQzG7E;H?-Gqcn^*w7Ll^XBeVT3TQ!b
zZmg6ZG3=oiGtRiytC~l0$)y_dpIu7Jr5kfQ0=4<4T-QS96b9|jZmH8t_QV@e87Mmj
zA|D&&KzJ6)7z~zmh?_4YS*<=WFj6JukmJ=%%l8+5#A9dd93d>#lyx?A*6J?7%ynA*
zfB9TY`?+~tPSX_C`oAn*nWe``ves=$K;2Of8MSBEZdX&)S<qQ)y7(~HDfKV-xct<B
zf0D>(_)>G<<(STzA)IBS@5|NqG?Q;alMkP9)y(5C2jzuIxCaHkN5c+9-+tplIC8?C
zBfj+f(OdC`T-4pI%NTLWFQ?9e&#w}NTqKO}_Q*Q#v!7$!@sd1sz}Nn#nj^oQ<%F!d
zFcUO0UP0c`!ppJ8Opg5pa5ZI@K)qqHid&z+gG?97<@<ELqJ)$7ee`hCW!|@U?d$<t
zCMN??NeDd>pNn6?P}7G1@l%feNM(u8;drc9>6L_(HEvMtyFjZ4_Ato3$QEO!j5R(p
zkq*`#X9DgTH*vSxO9wB0&x^`bUw*nX+dQ40=sR8F8=*e09a?64YdM6oRRLfeUyX3o
z-KVe#^kuX;1SSkO3RdQn+_Oz(=(e0SK5wWE5rUh))Y1jcb!TI`vklNBmK;A|y-<ko
zSkh|)@l&S>cJ?d{j~Bh`T$|TIDqnbT_Uh|IHtSxcdseRNfFSMh<^Dx=9#U*Dk8B8$
zMe<;Q?<1sFclL<bKM!zLJPWMZyq@EzhtB|<)z5?~h}KDa^~V_LWRr1ayodzNtS8b6
zatpd`vtE#~rM>SGsOcH&+Z%isL?~L^G7IHs9k9)sbzLVd-vczg#|_??_3eC%#NWD?
zxvH@C!FLtCGd^PwUCj1I(tFjF$W#x<@+2IJM0VMc1S+$xbf(6~Jnl|)P(Xj_UFpO!
zBVI0VR7(baS3fXoqH1-WYn$?UcbLX#Kd3Db6sP<i$4$#2=QxG*WV)9EPC?ql)Lu-a
zZrGete~Yp?XC<X*EM?gZ!Hd&bMrh(~=ZCxUH?`o<NLkYVy4ahOQb$O4s<%t|-qz$;
zgRYUu#K+)^e~Gy;Hc&??j0;H{LvzdOu;XUo9f{SbKCXo>jWwgCR_)`muu~Z$?95*i
ze_@r!-^Z@R3jAi9@aB>U(P0vPEIh;b*>hQz>%l4~KD~C918^mZe=?@QFWAzrYuu=1
zKHrxqh{t}X4#Q&q(=~C8^SBO(n&nZ4e9WYuD}JYb$k~YP-8cC>DA+P3^J@7)G$9k|
z8OsI6Y*19nIrbncjI30*<((9f;zm|Nu$$)XKHtWgLuZ(vha9zV=A$#N+D9gZALR%F
z-!Km?L;%V&=>}5R3P$|$IH2GR;xvn}8Xrp-eRx*(oussjIS$;K>%H7sd;^^HR#5m+
zV5*2t#m-?uUc=>3I8K-a>ntO*E1ulrOS>fpGDo%=Mw}ueAbps<0Lf!YgaXU{8|o}t
z$*{doR&kU=RI~1#&yWE&q1_xBY8JHKn?7q7P^v5%ZwR#o3l#NZjtV+Vo^V&nI)afE
zeyn>FvM_O0B_`-(ywn>lA&#(d8FEuj5a<qT*7bKq@G4!;S?xuk1~|xJQ~i&7Dc%{|
zl}Y<)Yw<GA3^Nv%7mP{tqF+sKI=FrH#)y)UB5*xXVmtx6)5w>Ee>?cr_)w`<gS<73
zA21GsF|K~=UXFUT^%9hfRL;@O(Lp)2CiubVX8do}Hlw9VZb~I*<ZF{Q4wQoIR^nby
zq0QRt^&58Ut5?|n5f{Qxi_@^fsIU=1Z}YqWku7ynS*aQbyE=1qdqLtXKPrq&c$#k1
zK3Y|z@P_#uW0a`#J+xJ}{3uZ`c>rx-<;d))Fs29IJqH^5tn+OfU6osoQ3CM|r~WT6
z?l$*LI-GUA%Xa#vMiKnD^V8CZFE$#LUlugBYaw|Wy5iB-Z!NNE_piIJx;6wry560Y
zCp94_d{*y+*E0DRIUjxWoBbp7nuSkY0muv-QTA$?ntEU%s&-rVlAmzmM376HlYUV6
zu6^pM@j)HU$)gQA>Eh^Z(R06|<mhJ8t>C(Y;x99v-&~h-AR2$ZmD==|aei)kR&eq?
zFt;l$@jl5(b=iw>Jn7+k8kW?NRHk}V4$O_5Rvp#q{tD0U!_|-szhU18md~~DE(m59
z1Y})k7wq0IYt^C&zj3nOfahuqUvJbuZBu`3%X(_vHnQ~Tc;93D7n}A9{C)e)6GuAL
zQwU89<||(#aYIdTC?t(+5w&|i?=5uXsfgygGnIZb!PATRp*q1K|Fp~}7Mu4g-$Iw4
z&eG4nkAqUzbpsZL@Pb3ZX-3a1e1x3$O#9XDtEbK}Y8C9B*R`XM@1@S}+N;czLHU!L
z#>5*HG9n)c4uM^V{pRwvn(n=P5pyUy9b384!k3%cQn^FybHlX$P#D3oE=ml)a}Yj@
z);Tzgkz8MKC~CBP?Hvl{5AQ6}6^7FuWp-Q^t~zg{|1ct2g+hvlaTZ+H?ltDOHX{Wt
z#=ow5YVpr$eIg#q;O%7=;{2$TZb=&PWS@9Pop2n5g5A~H|Em9<{pn*$rKNYS#>l@F
z>T<Ub8R3zG*mc<j4j~eV4>Lwc-{%ydOS;7XZz7%KIul<pJb*TwD@;3lYDazNe?xfl
zhJlb)52x(H?+dPXmuSWJ<hspCb9}XKBRYt+Kn;u<Izrs#L^V1_x8-}!DCs*u`9XpD
zC}kesor}FIlYhYnsG>`iyWywR_Klywnt*ltp|JYGhlCL|nfg9@Z($g=-Toft0f&fd
zLElN&*hkbwV)Sc6LtR$biQENlFOGQBoP%%#X|I=F{{xa=KRnHzOghP73zv_<iN08|
z1MMOmPPxLY^MREj7wB&m)}*J9Fi%~{38X2DH$BQ=l$SAC$YgcrUGxkAuO99Rp+<_w
zF4tss5Jx#*c^4mxzq(U{VWgK&k$qa_C+XODI<7yilRCY!RSHPJU@!P;1)cFH>?BUF
zuhhvt8ERFZvYsIJy7+1lks~-$LhQQB%_odR`b`1+t3r@r(0V=p`l;QdhFePTYdxlb
zXtVSv!PqiXi1D!7?H;)lmBFo$ZnvfG3DHQu<A+T5-wIwO-~Xcbd{R{X`7>NOrQfAT
z#`d<l(>h65ukrNXG)MlW#^K29>*9_7y;UCS>i9v|VsO^}gYruKm!TF7<)-yNaZ8R7
zf~tn@J0l^lyPyBE5f)E8dPv`8*Z(Xn75}X4w&a%u`<wsjtUc0jn&=M@96^_y*>ACR
ze%VT5D#<kYQ_HsQ!P}5lxbslu+gp2Y!c&JP?Xd=fRWajmaiIcvK`H+)`b#8xfnGFw
z@jm>M<EOpe>}!9$JGpTS4sFg$yO1*j4<boJxnW4{%~&h}!D+u8a43>$HwH%0wXhIw
zQYov1XPYh%+17TFNTd{@Gbqs0kT+#{qv>2m1fo)YmmgEG@`HbjcDUlL9`z;HNd}cL
zq>tGPlxwna|5NP71d6Y1f*bq2WY&QOgmpL!4Du=8hs4NVw-w6?j4Xx_kqUl8h!AUs
z^^<33N3L{qO8k-oP36~0i=-zg+;uogG(-wYQbj0SYVx1kTsZ#ZeM`R>f_&}GNW>&v
zfp!&lpnZf-bB_A`eIXD)hdbZQVYO)ox#ffkI!}g*@PPFj!({_4{|*gYW;Z%Xzj+kV
zNMbphE==xy92V810rv)(9|!S={&|4A>50BDCPcAU;Bs$lA61yHN)7PBie5P_Ng>^0
zI-dC#9!MXmXFZy#1K>(N!tRB#!%oOQACv8-Y#$v`b0p<KOuDa`3VoJxQ;>Jwob#9T
z83lghB2%GkE_nyGs-FA1nt8~I1xTMVM*NDy974C{1k`MXse7{h6>8F(pjWBW0~X!p
z{&iN-_Q*jKj&*5Di_ph1h_s|;`wZY9<0FK=+~F;dW~S4U_WQ_ts4c($75=hX68sp+
zSL(BpcQxwI>aMoNFdZ;z!g9IrZ5lltBOf*LS~9W2O9km((8mD_-~Ss&?OxQR`XwUo
zZT!D+)cb~&JdQ~`y3WDVmOjeyuVz_j6n-)Zo^8_6ZD`y;n0&4DQ&IU}=V5Q%DTy+f
zWiCZLbZF+(*lqnl<)GOd95<oy<U%#$GTEQ~f6q=)Z=YxxSyR<UHeLU~bXXr3x?MU<
zP@ec{4DPE<3M{aErOArEE?=w6SyojyYV*s!{1@oi>@aOYt+fBWklLE=lC*f+T@Lnl
zFF1J~5cT;`KG{>L?$x5oK2hLU+1eFK)K+@?2EAtYYjl7{iDqBv>X6WLQRTPNEhM~o
z#p3wU?;iVM*(kLHwOiC_*5wzVIE~xImd~caN4T|)$4&V23n?9T9^toAUs!*+-~Szt
z{mUracz%L-ej%sh+>wzwf?mg|Xcma*^!4yuA)d<Mbdni<gpOQ<Et?-uPvX4ZqrGme
zUUVr&y0YmCcQW7i1|%&1=rv_GQNQKM`(y4_M}=E;)4W4!11bC3Y|yB<maXgJ-ZNAX
zXjo)eM-jT}<4}T)d>L1^TWY%M;7(2MC$7kEAF=W_rIaTC(?*^(PME<15^UfZS&w%T
z8b9@hnAvPiRRue@<#05jV`SlZy3SQ>TfvISzu_}je2<A|A9%b5{&oA}FsT0Et5^Kl
zEhkNS`}7pKADfZ~EjCZz!pC$Yzj)B6uRP|iyiaWS1L*7rR$IqK9^!6)+3xuGS0+K?
zMf2l$f*{r}vc&fAA2wn3sbV!p`SeajK|7pO@khVu4k%8>a8Nku98aif_y|d){D=vC
z&GIZt@L1|jc(lfEh4<B_=dzv-#|ElRpFFoqUN)v6>tgM{H^^Z}wps=g%?rH5F3?4b
z^!CLEzn_Abnm*mcEQ`j@P!q&4%jTqHBAsJOsLbP7qh;}P;isVb|JJ|Lk1c8Z7?Fvz
z;Fjgyqe9ljXlncYXeZeAwrZSO1M~aZ@~%saLJFR(|CUu*Y)lb9zw^1)ELu5|HjM6Q
zhPOrz4*;{D0(rP*)`R+~e2Qz$4%*6<3X?5^KTVvUKQi2{4034qa^${K>crVOt`#EJ
zsUS3bKhp9S`hn6d+>+=6^!l64S1lyjc;Y#;|4KTuB!%P@8Hzka5kk@Ti0scO97Ja_
z1O@`6s@^;QF`l|&u>#1hTSEXaxH`7+iN{Zh*+@~7p$`V7CAU3x?S?T|gNQ$oM8}tl
zEF~(mcXZDM!gv7$JkIAiuV&~ju0-W=Y%scK9ksXDC&vhfGRu8(1ARrln{Vq^80zrI
zt7{!2%RiS%kxb}y{^Pb+6nh=IGJwC4tg+aou66KZBXD5r;z`<H+Z?ydZ9ZO=bI`7x
z7TTGBpyzBc8P*nq)e*u}HFM4zhQv05&*<_?aRAt7V}C8B_^`4VIf4z(l->MX1+B?O
zbgiE^g+(|*MZk;3!XI%R1x?&r9O-)}SlJ4h+j5qop9%vMrfSyLtVcmvB6eAha41H?
z;bfF|>>!3xYb?SW*oU*i%gzR}1a!FXV^P=2J5~F4x1H~RtdTj(HM-{wqkR=s=&p-*
zz`uXV%f*lpvH2rIw@+*9r*T#sF0qL^?2$%mSKCqRSMIbPKV$jpFD?NDo4wwoS)3Jj
za~#Vl?iC2Q7v-I#A|UZD`l4$vcSX4&HC*eQM^JOz9@k$z(${*s^y-e5fETI{8|BTt
zY9p|ET3dYKuPI<as04aqdhr8-yd!<$hO0Rw+juW<##rC4H;3EKMCDrk`RcJg6#3xf
z9`rVFaaa=50*G|hdm;WrcG}rGdyM=ez#Y&CG6Xvk!q~~=%en24kJM>Qy4DeZ{XAG(
z^15gBN6yrb+v>0L+EV2mls>3I;X)0sUcKc&w=mXmGSgyt{2nMC?)0*jE+s%Kcg#mT
zCR=kg+BaS2TA)+m{_s~DoP7Q2v1ggt@H)>sV}?lOZ-WOGsQI^95a*N52DQ~ktabXe
z2@}kt1EO;7Zc5c0>pyIkeBICO=ShpPC*Z+fBs$4!F@Nb-ERq*uVCfegRt(U6v4VG}
zhzM?x&~Y&D6j2n`Sk|MO0b#@9JUX<@xz&p1sP<{~y9AR;if(%}FXp~`Ak4J+rvR)Y
zK#0?Te{~Ndo?rgO?NOV|3iN=DKgyh@ej^k{LR=50<$jUeU-*8k!CO0sIE#lCXn$RD
z-Q4n%_e5%5e!H~ij%Csi9sT?`77OTGZ}am5f69R5U)TWG>u!smw|Kt`;s6M4ldsY2
zV^O(-2BZb?L-tT(jfM1dZ~ebHKn;L+d!Rc85^G5TNN56|r2OOav4fNV<*Yk>HGk(g
z7rYSBKk0BU1#69`4G9^WMK7#^3p(fGWb<W?uJ2L{q<rW~)1xkyOKpVo_f}%ZKi)fN
z`rlWDr=fp)CQwOtmj$mHUE5W8g-!Wn?2N^JLl~2Jph|Ezhjxoo#q^g^nKcuURgxZX
zH~z5KUfw1jG5damY0S6BpD@_T*ZX#zsiel9#y7WjRhF!nmz3JYR=QG-eb4PTeH6NR
zEY?%Z*IZ9a8GZ?L53S5{j%#dN-O?QsBccQupU#$mIj@ar-ccBGPtNWL<$UvdY}xhK
z@dod*%x-W(Z-OVt9x442VP6tKorZ?I(>OYL?QLg<K!0wN0#5BL@0$;{@|+0vlY7eg
z0$SQ%bi98W`1aA6IIUdtQJ}4}`p8^gf~aIPT{w?EnDH7dQM}N`P*M36xd4=#ebr&u
z&$r_*5}D3c%Io-;<PAiK8GaZ*h|MHs(oYR_T^j2jw|qz%lz#i>x25iUq$C<rxjMT`
z2L6pjyaIN~cIYJoYCd@?mHuQZp{NAUWVrRX&qNf{aW;~umyzS;M_WJGtk%fC`M=-I
z5wL2ftfbzOcN{@J1nKbH=0kEgu-7_(PLau&+wWpVzQV*n^&;N<sNqVdTvqhC!Bovh
z4`XU2Y()-S5|l0?c|+1uAIJr}!)ig}jmpT10BMt{j;QYpdpDGhD&Q;Rj>2toxh>L%
zveab>h4vx$Z2>=tP3J7RNIT3UbfWj&yuNp@A|h1>)V$0(6Ysz&SN&`>qCVS)RkWqh
z12nt$R`sSi`TC-=+1>!b`DtZWJ&yocEiZ&r)l(BSZr}_wqKE9YBP{D?6-dA;sK6Cw
zjUc$c*p_vnp@<QB-*&9%+OZR<@inyyx7Jqk?~h?~qZ_y=QZ4221-zHQJ-fm@M{bdE
z0jF`Hxv>;HH{7BSD)in9<fQ0nhxEIAYK}1bIfLRW6UQscbAHNAJ&!VBoQZ*cWoMMI
z7}-GwFcLGW5rm2iYl-iWF}>(}miCG{RopLm8qWfCwSsoNLgpsoa`mgolGhmadwT#F
z4Jf=9&mu`+`dq_e#Q{sB<e{~|zEf$+Ej{~6Udb*ZdBi{4=J!5uot!QK^)@BUBL@u~
zyO8=uRyW8Q*-Baq?~lclR;b%_GjSFmK~P!!3A1PkUnS}%hIYkmjhBK<GWnOBEK5-B
zT>!uw8``ZjyT0#O_BM7SimpjBlhG$^fU&P9)W>VC6l+5-a?TMaSW)qF)nmMEBUiWL
zk>!dA{{lFB@wr6vHpvq$5^>-5veK%CPVCw*_b&hz#HvImd0|9m5Qz?wj5>&Bko23-
zEu&41l$lV4o4L>V#}>7jH;O)+Zuun+n9MC|i@9_NIYpM=P||!bi&g`f3$5WhxU4{l
zD1Nm^VD;x64*F>3sY^O&1bInmOz^?&y<QENF>98}K{i<l!wm}oeV`@V5ic^=YR1Pj
z<aTCJddWGGkE)Rsxhve9R|?4;`u?DZ)vAlxD{_ZUtHt?cbEO8Aq-UpFOv?W4#key#
zP@liSkL71tf=+0aCY#Xkba{g&48!sjV)zX>O?jH~VRPb^;p5$43fp_^*ofGXJeVLT
zP{jKtYQNkHeoCHA2;Uo2KE{+6B6CRMEh=Kj;Hg;mPagt%y+NwZ5du1!?6g^$y<^;#
zTvs1mXSuH~Jq}khu7nIvb5NX0WSGdd0J#@xk7ic3ckw);M_~Rod7nJuGsRJCFlmqu
z!t)fV)_2Jz*msw-njH~y;EbG%!RC<}JKD%(zZ`9Hsz1UNxn*R<E(?6w{Wq4z(25cE
z5=8Kq<OJlC<F}DJe^hjf`hJV{*7K=NY;r}m$uoXZedB%mT4xu-pF#$qoJ2NSUcMv<
z$oHc!U++sEL~@oBMxU;$<(-&QE`R%Ay2=zG1xsV_qOy1_7+o0x>S4v><FO<pcPyV5
z*<?7ya0i>w0ijY-EP^H`dkN~3sOB(JE(_f5+U<^r*v{%JiqpiVZhSU1x!;wYS^{DK
z9os}c5P{N?X-5yKXX&BS@ePy`;RbeILDUjT<l;qV>96Op35Lg`RE)W6N8tCz<K5X*
zlG{>K<g}zWYZjyAUX|(ZCPxOCAt*9{yqoObFpIg6`tQf!cXl#b<7C+bnu<uPM8_+Z
zUR)cce@YH=%&g5oK3@uhU+xpM`E%L!Mjyid{7_*YHjNhT>4+rh{!_?cK$FGf4WweW
z#D5u1Wg{mgZ&+xEWr4+DFow#jfAk9dm!RuW;yUX(r@H!h6u59ESIW0hpy6GObF`15
z=};%Lpm&G16}Dq$zO?UELKHkxB?-6i18i%}V2#<BBvAeWm{TpUHD$^R>9wpT${k&X
zEi9oxD%+I_4vc3x=+RfSgx?;zp6=-i)xWfB4h~EYM#`g!-Pc{TVt=uJYX+l*N;n<+
zN82#{>{>sB-mtkS$mGXCSsvGgN+&c#E4bL~`J^<3d97ZP`u-VHFV3~6o+VN5-8eU*
zwxES>^TFp*Yv0e4DGyL5NtwMzG6}sJ^+bV)iO@?mv45xQjX}gvEPiAkK)$UF?FkX2
zUH9`$?M$m7FpfE!#pbBOKfoPVF0z@6<hFf><~Zszr6dn32AZ+>ultLhfWoPyhqI*E
z%8QN(E9uXck8oZ$l&%ZHwq|I(M`OsvM9?HUjO#C0&(w^2u<oCq)MVapfj|U6u;X!$
z@~$Kdia0(M<2b)p)qWT7f@pW-_Ed&5VmR@9LVrOUIY{iqeBdtwxstJba*@ep!ZhW4
zugF<x3uuGMG6x;k$f)zgh8*E$)i@uH$4^(pex?z8BlA}bU*eX>HANojf%n>|X^+W0
z88jEDC|{o>mfv%Y9xX!1Iu0Q5hK`n0wiLZ9cM7xFzMpMU3>8?MLz#A`e43nnEPwtm
z*(pO^=%N-p<W_V*nj%mp)RF>Fm#;FzQ5p8@A{_Gl;>G(5wu6Fi5j9?STc7ScCS;YL
zHXQ47|I<ie-AA}eM%)*B!<=1vJvNpG?61DF{$x=w``Oykefs5obPq0A4EC7Sf&t2g
z8e>p-H2~y;;Ss0T&CVHDiqu}z7O#IMF43KPYUYE-4?>HE;DDeqCVw*DQWc*H*|FjV
zLqHy+KYNnBEuWXEt-Y*<T(ryXsxi<;0vti?@@qMql;pmLir5#o$X&inWOu`k-gUdP
zD!tnFo?W)w%f#P`>c!cbnNtd|uUyfg=;^Fa|KmyhaYj8rdfB-bP4lch`jyA_6nUa9
zvl%ymdciGfEATG<x))m-YokfhM%A%&D=1M(T!VHM>TohFHF%~UM3>uEU36E`y0IfI
z4<oZ79Cz97HUdWqcncz<k1_$LVUt_61&>SQ8Lje$f^@>df{8ECt+|Pa=aNmYlCpTX
zs!M{rI02VLf#!EcyF9c?8;`-0ocdwT_%De6byi+icR3t+4z)~(*Sc5}e=EA{lR;_L
zWKXO0)fun=cX3;630S3Ko~@xOG~DU9_B{1X5lhdne}Ml&uEy<c9>ZUDRtA4s(3d8Y
zh=<X&Z#a{0sX`~Oj4Yqjuto%1X#Tdmu}AtY0amDJ-{c4$lOtsA#QACljoqG-!GBVH
z_6;-1`-Xot0#FC2lwIOd)m&NId@k0s4{-!*sdKjt=k~5Ad${ZYb}U9df<a6$ed?^F
z!j~X+BrygJ4wViY*%kjD#9kMazY|2uO4)Y=H5-N3vojCjV>#?-X8Y_FFbtBHB^#-_
z&P}HQa`?wZAjkF2WOO?H1H-Alh>izjDMm_L|I~X~qDeO)(<h_AWC_g#x(0Oq0zWvk
zG@{<SdT!#(oLWPT`tZ_XkGQE=c)fjGR{;yB)Abm_0ioF;az3x<%}>M%=L-K#{*6Wc
z)!K|qbC)1LEF4&88N7++V4}%E4GW4F2K4kmA%}4Hf-fykSUS2@{e9Xgh5=>S3?m<?
zNWD=MRv&sp9or*BrKs!1zcrhrF-pGf)Q{O5{Xk%5M+O*LNx}A2!KB=+4I}b&pYQpT
zw9(5?$z|++xeHRI`OyWm1<|0Mz_sg<&ye(vIMXD)5b^qm{s)0qc5Blz?fP1bUjlaD
z(G+Tw`b&2$e;gZ~#8_-pT!@#;y!TtEfXX8-Xw?6fz+2f=tDf^h);C{!_u=%_-8i`t
zEbPjsKfA>n5ezl*4k@zmUz^YOXtGYYfJ3nQB_<o7rc*Is{rlJo;2(cO^r$ab%_W0>
zy=iC*FW$R<Of5t#4E!{5V!eN*G(30AI8Iz^t@_xZGS*%Knd+Nu(7VHL!lME%-1YJi
zKlKH@inC?Uds;4(+3tIbs<4oC$mcHVThS-ENFk)#c81*8+@(p)sxQrg(FZ4q!luBF
zH8nj#QumiLXn{DuyfX9Yr4CYPs;&QSLSJ)Xu6wjR8DIzqLjBM6x=_^E6K7`vIE7F^
zae;fGj_ATY_t%?XDz8fNS8*2C0&lAO`p#N9FAj<cjNVQhcwnd#&eZRp12`qzc(f>l
zvmeex79&&VI>(U_%^{rWaKC$MVkB~k*Jr#)VtWvLYBVUb8t>`4{S?Q+29)pA&~}YH
z+V1uHeNHPg3)kT{00QfETh|t<ybF7p)&i?Km|{fzqZP8C^K~{p1$2+1yOUWd4<)L&
z9Nq7P<fs&04d>9_EJ6H{FgrwKZbtlY`4PLt3*Q=R_q1n>T>tS-raR;=CD|&sB6j90
zj26@&0%a$==k8Hi_>cwQufD?W{AZ|3Yn8x|9_4S=!eBtlfqT{tXrC-Q;;Q8>R0Q{E
zdEp1a`uJo=uPFWKlu&1G)xwD}10I;0Im#F0BjQbARmPA+wI}CTkHj10_*s8baOpIQ
zd0}Kl3-cfc3*Lu}{`+E-B4Aa|y|EuR9~Z_!?>t8QS3-JDXAN+nq?>=}GQeC%({IM>
zA~rOEfOw!WE>E+zZdc!{3!<|Yc9Gz7VM=pF^_zu9eFcg~vcZQ<+T8#$!fD&lKflr7
zz5wK~+y543TklvbZX|`-2v*|ERNYUQz}{<juG?K|-lyC6grTnJ>KbKw)J!R%Qz8&@
zUB^0G4?$y9lcI$UUQWY44bdF9`5ax4eUDd{Lljq=AtRDwf1^asi^Fk>)Z_DH!(&~h
zE!Fe~E=&O!cvJYBb3K<a+KoPHhO~w*^_lfLr`A56AsK|TU@9#)TLp4r1P*M;nv8%!
zFP@Eqv{ciGgNvI1158ag+4xSKJ4(NfW;#o|d-UXif|8Y~^owVR;_9oC>8GKiCBC9T
z2BZVy&>O8C(!t>4*JE;_tzXBhLVw!QE_-CRGL17CI9Ffw-Y8n6vENb_A!x6+4-NPk
z)?L?UYPd1haYY%OSnaE<5$5Q=$(U$xa^gJqaT&p8dQ=MtKS_(BMR{8ig@IkE^Ds%B
zj8Yud?H>|2BKFSf{=<A``+W>w);5B-5D?59$CzT3WvWd)3=O-ZIPkq~W**3`TlW@8
z)Erh?9Bp<4i(JgxfMSyAWXcn=uEIC!fx@%Ug%V$updky%DueKxw}<05<$&bi+|X*x
z_a5Zh`7O9hdZ&bdQ?^mB-%!qtj~*Wzx}x|`fIxHGy`=(UZ&yezya6$sQ_C#S5t-=X
zJD?8oQ?Wlg{#;<YdP%-$ao?=zRx2?q6kSf)+HmXyxA_lvA`M!mO(siaVwfnMiKY(3
zHdleZff{|GW6`5Gp^U2>*!9WOH=m#L`_>aKId1!I`f4nFI9w~%Xd)w9S>ss`N#y9m
zt=&MD-g|{Sqs)^}$fp(&PGJara7CFg_P&Ic4ZhBFP{iUGM?ZActZ@nd3Aed!9)5=4
z#Sf<rDY}6x1+o>otqZ#syLR2c<Oxn(bmSK+-FLBA;SUFn+*S$$_L2Xr@SP6$HCL{;
zj30#j7e!3M9?O<qI=6%`G_Ig<{sYf=(><F{%Y61y@&&RVbvEovM-!|;2gu}59WW_@
z`2YN^xkx4CZ=@Y)L<D-nDqU>l=BPU~uR$rwNGa-oEJH|SrJAKr#`&v4%6=ADT{llZ
zfxHPVktQhRV5_3-)V?Dqz*~Kr_je#P0BP6A?pSxjX0!zjbTNMBKO=7`@;rj;qE0QA
zDd!9y!$d8Q_vfPJKsg&8tv_ZWvvJ}mZ7GzTI;jTy&Gg7H(LP~5tHXk|i(y(0+AL3G
zCwcN4afj?eLT0LGlJ(sdZDp6swy`t+ot_yHXyGYW?f<{az&(tBC(1o%rq{cxyTySP
zXc@Hpi~#vKdh9ekE5!NF6Es)cmI?kIPr1!5xLL27gQyHBw|Y~D=!4|Hx8(rRXm;Yy
z?+yvUMDd}Z-uj9lPzy3S+K%?N(k=4ti{(B(*8|R{8VId@r7QEtlry2eQ5H8?-$qHw
zZY6CVgi86#Z1t6VI?3+r^0n-0Jzbwnf=T^%a_vs5e=?H~T*g5HPWdeVs(JdE)|ba3
zm;N49O5f@(L-*c|LIru%{V0^ElMkv$dwiH`@;V(<h2Jr(hQTrWZ2e2#TTC1*gvh&d
zON=TU-_++cH;)=soSz;xsrW)ldzqg7a$8mEr`s#DnTbYeyOX;+hETe8*T~c!9q)bX
zZR`D+Fp_SFEEju`283}FmtTu|0UUx1c^HfMTiKUC;r&2Z$Yvejxj$z8e1$T+B<|aS
zv)D#en!r<{?KxzzPNeY^eNx^*%F<9Ao%VCS(hoH@XWkG>>L0p)0U1*r`H<$W?a=&o
zpV>${e@iL#;^G|s@|OZjth_{*>Zn@(kbKy;#O6n$oc^>Iy%B%@w;k{(vEAcNxaJ0!
zIiO<iAZ_d!5uAs&{%2Q8cHtFvpk{Hl`@UCA{U7ep0AqvuipD3`sr4GHCz5oki=>2h
z-T-yr!_2e>m45E~JV9v<+9KB|hgscS|Fjo^m2c8Uv}ga`Hy|?4rZd+W_D2C~vlIT4
zAiVldf>4=AmLSa1&cjlYXKBc4{QABeANsxAn5(7@dZO)XCw;63^J+!38b_P1Sr>cG
zw(!@Wed*-MO4d<U%4m|izz-HX#K!J=X!D$KNxt}{-&fsl^5X<foUJPOZByH`yn3?{
zof-`v+tegffj#|k<5mE?9?mb2Z{HXrV<*e8n0HPAVS>L3iRMuX7~{FR@&ZO-I^}*t
z4CG*UL4h{5O!NC>VV13Q-GSA|yBiliRXC1^yp$T=?gzQ>p8IS3V%+B5V}CLJl0@6B
z@5&4voZ+qWcmUI8i$z~~&3?RtN0{W6tJ3RUslCw`S50;Y8;Fvd#}8|Gl9pTFL(&BT
z-37=GsB1ivb7x+<FDRI&8;7HS>3~e;@ye?@aV8H|qLi}p5~Kg#$r+MbV{v6kbqdbU
zha4szw>&qYTTG?NvhQ3h^&eaKjW!TIGcf25nxmAE@dxtTj|*t&OQuGHv~@qU3nBm2
zZ5b;hwOL`ZKDPfvZW+8-F$BS#dz}bs1kYV%yyu4}kZQw11gkDN$_GWN25Rh?8vajW
z53*yT)B8(VXWAh$=0z;_gKG_3v_i?g!zpl&EB>d7hhd9(gZ{-ufMNS%6K6s#p-*pQ
zyrpYmZip=P%C_4PEqoW8R$P;9qNxLvc{N_B<}7J}502{iwxKfP;(tr%(?ET%(<yLh
zE(!e5#U(SU!==nwGiuaoUw&fFpdbZ&^7coo>q-!z#qH_arNU_#RQ4ys2T$vFEoXJ@
zKbWr;U#vX)n>7G@!W|!^_#<KC)(_qtz0&)YGxrT{roOpbM=tr>kCaH(In!&-eY;Ug
z_+;PtUdvnLvcdeD>un3E-0xnT=?-q$3(wlv`k!h$oidb^ZyKoDfZPBx-=*ni@1tnj
z?%m{+2*N3c2!~bsI2PXe)%_Fput(;_#f6+eySHS>PBp<<RZ*;Npw@vk^bf_aF%q4x
zXLjZv{&JoqBlV6BMV#aO;57`Y{}-vBPH<#UH#`hq6nMrfY<X{;UWQwD-SWMVmoPqi
zWGB+nioj{W3+DGL_@?kjtm_u^kw-VHVeVPR7v+vhAEBa=`?-<O=e(+O$vxr&be(WN
z$p&L*qKex-xPz@i>$c}_YkXTR>SpdbZbf$FIH*uU^pTdO@5}87wnjQfd7E&Qa$>01
zK5wUf(=qI#mBnB)E&P5j!N<8)XrQK7xGO1xS_WgCs_cSUd{BN^KN1^w;sA!0MPNvj
zz2=})BH%JYj4t#r&iO6+*2kJ#sQit3=N)XxX#$2|M2PY@Z>9Y`f7+~)`1Qu@b@RPY
zO>)}qj`-BjQqQ#%p?R*{Kau$v4x8kkP06#%xt<j>LK&HK0){0ui)yZ9?_d9bTC5+^
zxi42bzpX;t0W~1u)iv3_ZcQUBdo=zRRbO+W7Cz-g`m8n|6UL#_bK*s#1Q74dXOs*l
zp9B6(;P{Ir>Axu$ged^cx^7IFby{#QRAx<@rcw9_;T6RCq3^QHkaG4B_U;pnkwX8`
zP=uB!R(bOeuMNkmsE&3bXH7VNTTV^3Qaqmne@d_!s_m8|6WrmoSn$AaN>$F^sg@#5
zt8vskD0yeKJaJVO<D1@#p2vM=3{fQj@dbct&Y|V=7X(q{q+tXf(#$A=+`edtx(#z-
zReG^YDS{$VWYHVKAOZBtr1#>OijBL=M1~`$KX0#D$!V79V5a=B_}EOUN|7hz_k1{i
z_)kNU74@>Qxf%}{fqk+}3tf&67I=1{`S081^jPg3xb90><Xsvi(BOq6EE?1ss16kQ
z%P3ncmB9uwWzC}W=FXWo)RUG4+Pz$)cHBmM4Jv%zEgrL(1G52@{6~sYlr3IP4*?k=
zw-~HCa+cH6t3pgZvbBj${h{yE9SJe9;u&fh-rHc|sE_=D)t*j_FF(<;_!ar32K<_s
zB}BFCwsYv(@2m(@Vx6UcvgRE7I7q;lL82#7fs3myuNOm$LKfJZ2$t02DbFsPq>Kc8
z3muEIekd}OF%q6I($_zh6Gs^^Ts<-#q~aJ~oA!C)a`n#y#39{7=|1z^m#%}3jAx;;
zrqHHLB<+7zD8%maBjZ*sGLLSLVwQ3Ebzo68Il>SGb&(4qpG#wyzQV%u&V>0Zj=0v1
z)L-fq%6)=rS49<Rvuin$>!EM2B}UzUWt&0DzW|FnGB`$?=H_78W(=P`E&uzGtXyz7
z&pjxSe4<sCm(%owV-|o+zKEHOH9F*AN0TU$a$#?>I<s|<ck~6=R-<&FYDtIkA6(HC
z-o5b+RC%;+?edd7xa4y)d^nz?K0BasQ?>T41zsQ-pm*+=U6=hO4#uu`?o+~6_qg9-
z+{MOLwezwdzC$;z`Yff~Nq4|SW|KayBg1$n;d|NQ>HiK&c%@JVT<;v@&OS|?O%s3W
z*Jt0|I5)F6ChSYmn<vTc^DXYlM5LUXO+u1!!Y;8r2PMCHZ6%Gx&`{phBx=*&)w)dN
z6c;(iOO@kk8F#Wo3*|=@**J7AF?UV8WlE>qX?SMRfc@PI08x{7^sjp?6ZN7lLAr1E
z91#5$&-nF_)ZVXDEx9vN;j!kyLTRw9Nj_C#)LB&f2FmAV4^9G&^XQ-?>bXDs<R*{@
z0PO*wj4Y(i>YX<73)8(#ubboofuXbguUfA!IVnU<Rq|lHp;E#VQ`<-})wImkKT?Sf
z5C2>GlhPuOmwmrPfohMUbiu&!f<)dDbM#tUL+mpj*^e-ypHB9#hR$;Y<RexyC<WtV
zPDaU-^Unv!9WB@|Q$6R~sE4qm?ywu`k7k%d{`dE`64+$avZ{OHmZVdsTD1Pfhkt7Y
zSVO2tMDjHhp^c1++`R|x`dK)6%~zl`?HuAXbWm=PC<sW)*G6zYq#2b*J<-!lK3sq9
ztm}0Ui&YkM+xc=KRN3rH-^wL6fwHKQW-G_6YU|LYLP?3fwjWhSl_<Ov9jg*2z&ssV
zFrt7JME@l$dy>WbZVpeRSp7H_?B!v9ehqndepFQsk`ZRL8jmS4{Y;fap>DLk)QvxU
zuo7y1{WHc`G^o{Qt1#<2^Sw7BzZ0Ap6er>1=MUwj$oj8tWOnP`eDF7#tXs+Rs#+6n
z7_!N5K+(ZdYWdqIo*rh$TkMunes&>M7&Q!s^@n;DI;@AEKff(AlqrX2QNl>$%B;~c
z;=6KlXpsM+gs_F}7?}d-Nd41^`x?*}Asb9iB@#*7`e8E;99S7akSda+sUx6t;C%4!
z3!j=_Z|kQsMx{Z*(o<ZUt1~#!nJ#PoXwyZBJxL`mZ=afts|UuOvL!Y5tU89yW=@WJ
z&lHc3JRulRq-*BpXjRHV=A&jc!`(cZ*~7=+pNN;8JU%rpR6NErb1sco>DLV%X0dM=
zOMgvM<%NFDV&-?K3Y@lxh^@LZ4$@ncFdt8Pf(fWxId)r=h_ySb83&^(BH{Dr`piKF
z7atDm4l+ICy%ux@BzV1RUaHJH?CM-v$Jf-Cn!<#;&LKrSOP2eb+cBHmFuSW?8<W><
zuc6xiUSF4S)^`NdrIWWzMGg5h`gc?l;J`bwWPIgZe_ec<E*_GWoiyP#Xwwta0q<WY
zFoNmL^EuePYi?0j>MtttlRTk_+gppY1ux0PSR(Xz=Yr=EPuacj%T~la$J~pgn-@Qa
zVjB)P$s_(3RYees^nni*2K?#>co%n&$sdnd_M4kjijyrtr}ReaI}Wy7*DLP$#mL!)
zZoeUfl5^u^-2)?f(@S%O7!Wf;Z990buX;vB*mIn};<Q>Ln*Ki57m@|Qx)k9_3X2ka
zX$co|7rd_#WEZ*qn4e2s$iP@0pLS#Fp?RQPjSR)m3P2pC!E|H&hh!Z82%)Vgy9H6_
zcG7Y2BYVHVSE)UenU=jp4sHhGD!mksty1W*q?24`1FFFk$e#~A4i0Sj97$pImx#AX
z4f|I^t8uIs&(IUyo&}Lsc8b*y*3>CD(-4M)XavpP-8f;(iww&}w+MaF@6!9sv=2*Y
zL0SnzX;FAO4YY0BD{IlJwR4u(O>S8?(hZb9tzi{Q9Fp#Q8=JT6XL=;|ryglpcSDrM
zc$KK|NDK0R99?x>lV2An1Vp6-$-xv9q#H)7s3-_1Al*pk=niRtAtGHOr2?b7Yoogx
zMt6@fw!Qnk|K8{G+&K5%bIv{SJ&l#e8w>m7wOfL*Gl$t1t;Y$iG2S-(y9TFsM5o%9
zIW~Fy2a!K)oxj~kEbmP}v!VECTa|RT?%}E2(};=rgSGYSWOE$3StHGsZKRM=>W#=W
z?#YKE<Zp;)8bloR$^6Rso>0!~RQJ*Yi21XGw=2NP_r31G_mOagqCu(N&p#@$k;8+?
z?(<*~(}{LvzFq2-ma$u5lE%L)@VZ}aDNTN{2=(kZVAJQ$r#}wr?tXkymGndSDB<7z
zIvBLz*vp&>9XN@c=72uwezPsws_Dyzy!pB)SiShA#^_yh$Bf)~%c`aG4do~AG)xZl
zO(OB{16IOAAOOxM*~c(}ENU=%w!!gzo4<urKmP5weG{pEX)_^J2ydeZvw_m)<)B5f
zn`q2oR#bCW-wH1pd+eJpwh_JcuC*AbIrQT>IwzcwijoegR~bUV_WUR@;=d<8dwWC(
z)5@$CF^h;9MdrwCWUZ^b1;7XoI`@}6zrliB9hg+%?AkQu)T58c7?fRxW-MR5TTnDe
z8!|OH_AKkqgCPStWk}d!ZNp)fvIr)^5s%eechsIoHus79-`&5)(sH)P-uZcx7j*lw
zOmDy%@#)!%1rwTt*`ZSx`8%>xtG2{cQvo?9n-xKIin2zlsOI1z>$6X#fz~B)iTdpp
z$n41V=(CGT??yHwk!-rj2C_+S<_qui8J<mR2C5`mq<#Umg!&jcxAf`WxJNdU)d5%@
zP%5-#Pxi(lk&VIdGo{X-hNWYndTp$imQN1n;K0b}Rr>ofX5WTUncm+FX0YtZGly{F
zyT0n)PbZd?FB#{XI`a&7Kf@Gu;sJoq4#v4T^4TM8g~204I*x9MN3!K4EKBW;AZ`@(
zCrMV_`6t>-fYmw9C3Dl4EKB!RElG`PvBcW=+TMN>10fNA5JUE*lslfUbXx5FSr2>C
zZg(=DLREfVQgvPee<OK+!lX<CNMk<}^Ej`{wHNgQOOP}%tg-CHREH{={)M74dJ}BB
zU8~cxrCMz(0jX2Y^T5+mI8s53nYX}O-gg!|99pqF<+GEP@7Tjz!}@f(>a>jcJmp%}
zsc2vASs=6hK26Ykd|t)Eb1d1^b?Ex+C(~K7;&bogYRT)4qwgOL6Qk@&*5_Y=9es4G
zXe49ml>?dMTHb+|Zpte@!~o_~G0$EZ!zXS=;ZN9nosSmsQ*3uhOCnu=SL8j<F2)7*
z|Ah60wE5+i>lZ5c=`wP4_3QwH`ewcWVhDKq;zWX`?QmPf5^2Sm<TqD=sY5a`6z9Vw
zQt|HIY{zg~w&^W?sk@TFE+z8ssr)GXC}Do84QCD0Z#Yh;#kns-PFv5Y5e2d+O8AY#
zqnz_|H()w^Q^Q9wxmh`<O81KA>)ul6XYHWBi*<{D@vPePBJ_2nr_|Eij9-3YsO*x0
z_dAvu--OzGC-~}y*XJ_wK5+wz89KdYQ`~$*G1k9UsNJ&}G7gh8=9`}5d}I$7nmnZr
z-QJ<E#AOdNnyN+0q=+zP*)@Z<AM7Idh~{i#mZx;PRz|-+GeEnEDhEBP-#hoYq4ku*
zEJ=FjZ`$1`v3=PssvMMmcrJbtXvUQBYVXlsjY~EzOfI<Wp_%@xv1b?~F~u?pUnh)F
z`K4gzMMQUlHQg+MkX0GVdsEhfe%A1LV?HkW=fl|e+&@;wIpwhreUIs;Ziz-)ZT@qX
zne>po;P1Sm`-V(R5B6YqO9CV~Y`0R?r7DkQr(wCHZPxz0EwOz*CRtt-iMxlePe6;h
zNnml`mJQyJ_&w-pFAV-Gf#s&yY$vi$k?(Q}Tkfy9nPWG=5%Zc9=e!g_JLAg$2iBa!
z^pscT|JdM8p8q`7KLrSr=)TqM774~{S%#*Eq_H<h?rveGEetv|D;X<?Qi;Df5cJ8I
zpZ+`K$I>Al?84ft>X^K_!ZAxT8MY()nCxu)a%@(_7mp$Cw%e3LbNmy&#?Ih_sc9+a
zJ8eM08Lbmwe%x^in&a<mcNCcmAyKg96R`iT*g?5Eu{KPSFFQgzKlin2Xr1OhGE~U|
z>+UWl@oT-a@txBc{agPQV<gRuX-)G=gF3?Y&Pe;1f57E@fC{vXwB7A*zgyX`=!0wl
zak)0pbKMEr)XR4$o{=}w>UP{WDH_??qRDFN+}=O5vOgnj&zoFN@<XiePbDfI8{Dv%
z1$qTz(D^lcbvx)u4!PTy(!uNoXDT^7?|vkk4X=R*aY7#q1{F@#%eUyTxVb`JqGhC*
z{WN>@76d2f<(Jymir(&jhC<qW@=g9&UTpi-R5}sNboMou<g|MARURoB8A8t-rY6Mh
zWOIwF>NKcm4y(mqj0=Kh-utF&#K$Gtsjb;c<H?W|xSrtj(TB2GCxeSJl#7V1YzHZ$
zE~BV*aJ6VD4d?zi0{#&nlPEHfSAogw<VCv#&~v0ctiydfu`N3Dt1JP^ysxs>BhjP(
z@&^3Fc4#}G&)Ow@TTXcz%dn0dlBSVxhiJ&(bCyCB919WX%}GfgTUD~G2lNy%8VP7z
zU$<!0teCt=O^++Y9E-$mv*dkUI&nAs%#v5@33F>`HO0~EF2VkkI!^NR?n!?0V&DI-
zjZQa@g6uqqP>=S@U<B4~EO0>jkX}hB_niXN3ZcT^S>vE}<a8~|N^ek5`rYfrutP$t
zS6vUit>A_nOOhX3E5q?sI<j?S!qfXJIh@(k?+<kP*YWMGwLwzLRmRcuO?>+)cw7iH
zlJBvQ<Rw_+l;?G@tcNCi_GjLPk#ze2AC2fk7hOx`2la%TQ=YA>`l7_`&Id$mDEw|n
z|8o6mo9jMKtCD^+c5rE>sBO=o(ltVNJ@H-VY-J67AYiN(zL+i1<{WZ@e6by$FY3W?
zEcxw$=UvyDn=#6zMb#TUrYal>pLJs8%*KAhKs8*~ZqB|Kx5yEI5?$62TPi43%%>e=
zlRT9f<pV0&`+NxJTX>lq@cUs~R>{WeXDwEGr164(3T4XO8{M$G36PHya(GaaCApYx
zg#&7ZCR{H<a=?Zv_faMF7k8(PrW>l5$v20AqhQJ=b~S^$-$w3i>^62y%7rP|_%Z&a
z89Ww<h6&_d-^b$Ck6+x1+uh>qW)AAOvcs+gY0+I`rq5EMw?p*W*;Ax)c#~Zk=HZ_*
z{t#%B9{BQq2w7K-rKh(~5{-Jh6KiO7c>ZVkiz0o?hX%!6nftZ^lY6SEH`(l(L85V}
z{<ffgjD~~F%)tg8?g}WY;3Zw0ui;oX-)D`)sTU%P$8^h*<<BBmwa-4LetbA$!t~Kt
zIoH5bs!fIE{k@XyXWdu$w6Rb=O>rkKZj1)UNiy%X3>AvGmLRGe9YyjA<*8U^=caYK
z3){aWD1Tn=*d5K*jaH5K^jtnlDOmbQ4?7m7!ki@a%W$<$*NbGQErUdi<>H4f`o?W)
z*&x%1w4z_P&{y*{b!9Ov?=O9j701PMh8$Vvz5-TkZ)F$jdhs=JwTqftIz|%SsWd;~
zZ+WNEQ!}Ouy|xk^k>IbYM7F#+kdw-{)b@NgU=sMdD15pw_YA~+d1F)ZLw>R>OwuAe
z9TT_0)AVWi=FzoI!|Qq;un)nf-nfA>BhM`7m>GFi&Sw^Bx36*XUkrTi?w%|?jLRxF
z<WGEcie^N5a4er6#ytJ`OE-47j+?J>#Eyg7A9mN0QJDTolM4G-i>KVuqyURrT%xpd
z3`}5j-ZIyW?~DD7eA(^Sp7C#rnE}f~1JE;Z-?GnbOg*SBV2p<kA^6InsyUix(!r)o
zWLT!zxGlg)K)*!5k9BXP1;<fXuqHOhHUGOJ#_{U*Lhj6e8QQ$;&qcf_3*o#i5$}G9
z8Gf*C(;)Zn8qlL*p6GiVAgQM;xl@UWpE#9sVmL1NLa<+-wKDSZS|xSq`*$ZKP}bQx
zT9zh^snrOe`7Z>Iza?x+(f*sWMcb5vvt*zfK5doh418vk20!tC<JdWp-Z|kvuag_5
zK6xdQmNR?#UUguj&)Xx$?vbzAr8{H=_qrY;^E*9G;~%`IeLh57_aGPGb6EMRmfOg`
zp-o_Tp?B!Fcaz)*SN}ow?;7l{rI{Y1qdHr3^;X06#|jDx_M>ct*B1QAa&xcfy*joY
znb9Mc*?J;knv;K9S*|J&V`i4#)d@SiqcUjrA-Uh!L91?7?KL2GjoOaCa2N8MT>a+$
zI!%EoA*MEBhWi88>C?sTAHNQ|o*Y4e(U(OOhHk7kEOMSWnpAgnt<x6n4N-M|3m?)0
z2Ze`UxY9t|)PXx}m?efKv$LG&8?pmoB5ixm;(Gvpw6T2?LGE?CrmM5qH1xFGGt=2`
z`ZJ%29Xv7O7ys%m$%tJ)2aHyl4aCX)LTB&1#_O0+@8*!IrxN(8ehpnNFxDT@*3{28
zW9N#uYn%ChS3#uUN<g;dqRf8qDU83C{sQ!4n)9{r)vc(eI>Xe|y^|C<>Nq^wSdYI+
z#kluXrSwaUmF@JKi4RBpiVZ1WbF4IF6{Ct+PyJQ=BpDyBH%!5fjh_WlN}hc5$=CX=
z5Gcg#_agaVoBn0jB0GD~!G&@1WkD)$Kw#9cx*LZ1gi4++&Zoucx@CLT3yC6k6}@Bc
zK<Z+wlum=RjEr&%lj>&Oh1KbDPI{oF3=`pgQ5Y>#$5*4a-$wURpGSf#`w&8Elz@_v
zsy~a3!*9{Pvdm3OR#;oxqIYPvD-wneC!PYK`MrG#l1riTd!{XmHYR+COwiw4!GE(9
zvYq8#NpH0SHD8V7zLZmc@UjN{NDe96qJ3rjO!HbfEJx`Y&g~yfEpL9eZCXGU4-0yo
zu5ebB*)_L3bpDUOo3NMp2}e_FXDhQhi}U`=(j^9NBu~Bx{JrMg89NGwvCh)Eh=I5D
zCsi<)@IBUxd;EsEPZsTZ%04{m^iUW;bF~0J9;xkF4a{(kA|4$L=+`ifMwhdWya|_5
z1(siJU;91%Y5Sy&LyV}I;W|O>&@0JhdsU-oPAfeiptLe$g6(JS41*`G;@)|w!l~cQ
zT0ViE!F^%D@%@KtR;*If9%h?>zqaan>2mK3^J>^{dvoZ4#H7?m+=}&g10!ghu6!;w
z&6l$r<}x?Sd0g$5)Ew)F{!#?Ze3$nG9xj5ok#7Q>My^s~9FBZ`>^?1Us#8=ra}~Qv
zs2#p9jnt{C)Rz2xH$^0WMMkG>0C2(*RQ_42N<5p;%V#66hE{EpB|j_j>eNomlVx{&
zp+nq3FMt%g{A<35;uV+3m*)7|cRmb$UIG%H5+S^p8k++;MOJ4rZDe{Ymuk>#Am0h|
zYFomj>*9+|-9JeP=2~?iji99qy6mpZb$TFYlb*c6g8h4W;3ZjQ5ucmxVA;3SPi=5Z
zr^&L!Gb&7D+gU>%LYH3anD?W>eW}^2>UAG-rG@p}u<u=|``vj-+kkNvpTssezs8kS
zs={x(pIj%G;2)UgDZfG;@xXWXwSb+v4{t35ZBPO((3H>1lW%HEnM^pYHI}38<U{!_
z46<|CHh&b;aq)usmstNACSTo%^&jad`;l%m%H7*J?*97ps?E}!+-~HB#?sl6m3%Zz
z!;9tmF2>a+o`76%9q`h{|16pXf@Xv-NdPETy?Y+P(_*`1>^B+jC`Ix@h?(Fes?tP7
z{o__TfC(Ti{Jq5Pb3!;d6m(<-U~vHHx1Vb20E&bmq_kuPUPg>uHEMgFVt;Y~ccxD_
z)HbmVyV)Z=muhIob#Y+2C|csT+=nx-<IVt<r6jKqd2X`+V~I|_$IzhqIkLe^Wi`%j
zZmh3Mja;3kPua6p>n1|-UY+fSc0{QP_rlVAc$u5nUs5EN9o2=`uZ?~7PbzN4g#=y$
z3y})#uSjEIH7`^%>2Aq_L<NT<tFPy7$$XPW{ZuCqNITaN;h$-SPR(%U5W7d6&qiKb
z=-64j>0rNll$P+K$viO!JgaTF-4?}x?6NuFcQkzd3!K~QA860W@O6(=bZX?_o}TYk
z(9-0{7OvpNXEw72GV>MT1qDIA0I*W_tj;ZXOMakd(H1;v+1ZOwMQI^WaUf&YK|1G5
z+cALscU$V`xTl$BYz%3bg&5(SJGjgF*%W6+VjEhd!&GMJI_~aG-;M<iy324_>!0<H
z>N3$IV;~71U253Cn;R!cYE(8-G&gODH2GyxMI9GlkX)_cfCG9jwO#s9#IX|NAsbps
zO1aLn96}~CN1CQ=5h>>d4zJKxv2X!h&Xc*)s?@lFlmnJ)o}@A&e<og-1->?y*VMz^
zeL@q9TknGt+{c^SnjQ5vVK$YqtyBnBjB({xz>Qd|#>wX+eA{`kzh|I=Rt^c<ag$1Z
z8L_{VUpzcpg?fCuH^ssEz7`^b%;Xpew<vh8Egv&Nwc)k$Y@DI-&Us%6xT~RS-5<@@
zF+<e4V}_{6Fic+AS2<A)6|@-gb_gA~kSo6njH8%K`C8^8TRUfY1EXKlTyWt4@lpcg
zjgGX);%qZ7y!T~m7x?sXG$bbQGFXk5wjEBGO!j0_Z8Pg0{5B<5?xhav{l8S|B+~>A
zS_Z}2EDkPa6=EFnPn)T6Ly~~i32z2MrJFHC1$yy-S9>greL-8$+3UGH-Vz7aN`k-x
ze+@0%?~%U_SQ<w2xfiQ5GdKjI_C|AvG}}mqh&6(zh-AJ6KQ4`zs0cS<t4hr-TH@*r
z&o1-glCjpF{?ukJa)l)pQTVcg0JtlL_2;L<k-t2rAJyJW^9wD(DLF?iKTZ_urI9xJ
zSLG1)PuyK+l=U%`vB+(yVlw4u&#u)gis%+C^dFSV_V5<mY3Z|QI=lOKf9=Nr0-qTI
zw;+=qqKI?0x%q;!iHsi}ChrhOb`Q_G@lHBtjBH0NM`|-p?;T)8-9@jK|1F{u>J>Ch
zyR75jA}K1<H4gZs=$b!l$BbLiA-unWj_O^HGq$-{byu6gmOxkqCE1k69D^Ev)|n;=
zbmJUukz?yjf97dmZ1bnsP1$@lfNw|5Bv}4)v4M5&Rk)tGC06~hiO-t%!DEE~@7eax
z1&i&-+TQuh@D})s`hN;Xv8u{HPF0n1ce4)9w@?Y)`ySI<AltKba1VV-KEiC3I|EiD
zY5Xw04B*Xtl2`5gy{KhEw@7mIGkM0(pynp~0f$<XCCEubO1w-?95ed6;W5?0%v`@`
zjggma+gOb<@AidncTi8g`OMGDQ2R@{fxK$Rep!T{^E8$QO1K8SjM~(qF#HFc+50<B
zB~DaE;8a~TPg;Wa1!ljNESFAP#s?K78q?{<kmF7APM!Wbu=hrseE6U^ZpZ^uV$K#r
z(=L3d(QH0>F+SwwLk-u5&5!p7g9;#j8;9B_f>~Bv-3bPS%v#zjRq>9^$K`oaZx6lh
z>C%=5$sDRjA0mAg0?UL#;-b@ZLU4Phvr7`kx%V!bYFL$ZvaIKm)>eQ3BMQXVrF)$$
zAzlQMN9Uh1i5Yq|EEnoyY9@JX3XVKKAnGmUlD%{J9@VdZXN1$v=t+I+I5pA%j5u&W
zRBCml(mPJu78YF$`$5^QWBtNJ5E>nTf;GTe+(1f0vVWWd3Zi%7fOLHTIN-_%FOhZ#
zQ0x3HRQVM5oOwB4H6+Pi>$!Se(cIluwn2tj)DKs#eWyJYo5h`AzSu_alayUQG1r9C
z-(r_KU89bnP=!z9GvyKB4)kwdq^YxB08k0zzV2MU{92wR4xIyY5gbr%yX9S04>CC}
z;$9Z&l>Aj~JPxb<zS~l{2#tMrCcM}ZXO5#?`}h6$6~FU5Rvnryeq*I5URjM2mRu>h
z5WcZ$T5-Z0^)d8~;|0o<Ie_;A;DWz0Fy`Vnt6^19`f@oaVx?#Ua<#)Tn&s=t<p(rv
z;!=|ME&ahG|J|<r&G%_%g-y;<;H8GXiT`-I$x2V<g<cs8gp5(?m)Bw?RbrrOrdD%+
z;ezw8#vc@X4;+-wX|<{s&S)QaSVl}G)sQcXv{LB&n@SS9oqT-TN$aoHvnRb&aI4a6
zr<Je-4_D(Jcgs&yCk<dri{FewY88o3lWsR@9AK$<{J}sN4U0k7g%6vgfZHo&bu}+J
zS84%tJfdQ|#;s(k*0UjIQ>VnU;XYmV-Kn6H3pq(PKeGl!`S6xWS_e^DwG(Z@x&gTn
zgxGqox9y?>ZOrB=d+3{csHcZ|&kVK;jbczlou97@-oVsqt?qISkv8Y_*Cv*T?_I+W
zazd((Yfg2w>}iX8ngZRG-4izd0q>72=d=57T!M!Lvc6FfITN&Y23H}y+xLTUANEb^
zjc&v&<5rs}G0!%XzBfyQ)9C6tfpxM10;_X;huPk{M@>eRej0~IE3^5qL=w!Cony0a
zTo3&3fMj_2RGEKlidOqI(Lo=cjjw@wjzS5`$c#yvCxWZ4f};66+I9;Mv0JKkP0`M?
z)i@PP+ZbL5HKM*Ng5wTE)CgQ+3YbX+rQ+cHU=7O6gm{YLUP`Z&!7KOuCj+m0SCoHX
zmSeq<b}fz+_c`wz&XZ)|9COcGPiI9=p>cl$9zDlC`_~+OwIA7h#|l@@t)>iQjnA@>
zWtqC|->iZ<2VZ&@({4xvtmG1{^}{YPkJ1$;iFjFO7CP1smpcq!<_0cH`la#7iEeJm
zh^vozDQA}l?w3gG-DL4XIGEr=5&-el`u0cgAYsUkfi}e0g|2D+dZ5W6P{MZeyFf}o
zs3BNP7(%vO>w2f7V(}526b5diP$C8`2hLC^Jw$kSMOaV+TA(0fpGZ)nDqwPCXfgP5
zVb=SAn`I?Xc}Pyf!>AV)JIV4%;S;o=IglA1EBe4{Soy-TtP&UM;&Hbw9wbPAXnw`S
z)#2b1m|dULgK7I(e8;CDZTtmNaM+@Zjt=ec{j+SPW(60)+~2#euZ2#aUftNVtu)bg
zzhJ?t_bGPgF*m0hR<UHqX8{ii%Jg&SM$wz&LzV7_eon1DeaB;U^=n4^NCy(7a9#+8
zG19tUn(FY4v}QZ&_>phKq<9BIg#Ew=FXl$6RbAe|fnPf+il^t<{<JqLJJ71JQW|3$
zFgkMdID?ttKqi@JKkFe<kM}>H%3km#%Z1JI%mX~gN`S<<{6L_37~sRaI=Z>dtM#e+
z<rl)!{ANLD7spRrDOiKx+Slt8Dc#~MsJD@=PO+|=%EaJrBSw^wLo-l>&vJ=1mLJ4E
z650(t)s2h8@CF!{%#)pRf{a2OI6E^C`6cl%3rVTXsoqBk#efKyD&<w<VT`HA*BNU~
z8<c-Cd^qSkG*caJL3O~jF&5}>aORs+orAWQhZc6sq{}{Op3@_kCOS~~1j$VX*}9BG
z&*m&9AyAZp?*%+&@8SA4LDBB0tL&((TULh6S^Dk68bPJQR<kYsRNR*sye^!ajJX_0
zSgsPsBlwg@&-xtok71A2?clCI+o~Uh(b~kS+_J)&Og?m9VIks9Dteds;fcPkr?li;
zHCcxNi>-^*ezT8O)#TI!CHJiDLkb8cjt|b{vKCchXWoio)OKcGv`rKQ(%qbow$1%+
z>-(LfvT{{dNhfRD*^_#~|DSO9JQrqZSWF6Ug@WF)cY{MHl&C<hvGr^9X<$Rgt_lK(
zq#+p41JZW{xt1jq2<QM-z5vL8&YOS8;NnnFg!)rRr~`<!9h}Y!VPS$J9YGISENzqU
zmw*u-$Vr(VV|gpDc8^tt#xHE9XsGh`yRS3now)~J;_df;n-@UEeOgwgRi*BH1_p?a
zmdTm1YZp$bwr;2R<QHb9xcn^0uDn#}tbLM%RJj4xV#%`OWU+%`>V)wG$n;?|`rwr8
zr|S+_H-k(q|FhS8Mj2e&8HWPX#hwhdt&C4G6P!OKxk?P1{d|7hj?e%v<2Row1h8L)
zKjj}+u-m560kw!cg$lT!csR|E=SwX4B~12ZD>3bWFUW5C_9^i6YX>s*l$H_F2H3iN
z@HVeC%bw!q>jS#7FABAc$CaPQYU={1`j&&f7N5<~R>arbe5_w^mHNY%ul^A`*Pav0
zT7)+MdmSjv4)WLsL=gcAuvE12WX*?*(YlS~>JD8u1lMMqvaHunPfVCy(u=kTkU5ex
z2G$7cMOaF&TIBApTS#Ju;`=!rJ0;nwZT079W%qN%<$s5~3C+N>e|zMXxUjx5>J81G
zfxUG$XT^8~D$mK0`v;ru3ZkrM^1bR?m)+h}`Op6jwe{62q?a8SrLYeYb*3In6k`|E
zVy&0Os*T{Tr?^EnauBmXrqJRi1sxRz8C*m&@mW_`OR9a#K65}uicirjsk_-%&&hV|
z$9WBCN`bnB>T@rNKcQ$Cb7bpDgX$#1mC2Vw^?~-&bxujl?xR?Q41<BxeEZnZH;YGz
z)VlX@I*@={Qc8GCG{*ubE3fnSf;>a8EDY4@y#7mCB(l#$Z|Jpy_#E_lwGTbCvgpTV
z6>#C79Ar|9^Wd7NTE{qydC}T?x9RRW1pnN&phsOFXh@>Gu^RpG_Gi<Ty^WueNsYjU
z!ywOjm&ss++B?nUjb1araRw+=y)?$sw$StI+}{%)-($(8H-U1-0WkoP=8ARanTQ2M
z{-Vky`1^HX$Y&y!wZkzR(Xx+Ai49Y(+fi|myFu-~*OlZ}D}&|0kG)3<x5kUqrYPs+
z0%wz>!Uwod@YXKNX^{gGINZYtbYu>|O7lj#C-PBDHlQfEgdtB^ARVfeV&SebiLG7B
zEl8Q{^WpTXs#iCy4#eYQTmNK-TQY}=561~1aZr#5BYa8%5K>xMjdhjWtVm2!s)`OB
z4*gwIIT?GLq_TNRTqAqYNT;zs&YOIm@#}9`_04#QI|h4C(nn_dp7KnJgii*cQqBLL
z)h#IoQX=?i*67r8=WuJoW->r~Csi)de5miOI)D5F|NV@|FiYeQBiY8Fz|Cm;sq!w~
z`BiqgCz}>*sQQ1)s(Jt;brfSQcT6U|p7iqnCD@XLfz)1m!sp{cS(CXB00!sU>ADlk
zO0n3pTb4N9C-y%24(xB5$<H2cCc4J(wFDGoG|TxvE3oh8bhcdG0r!9<5Z)^hc@zKx
zsJo^-FB3dxzZ8(<Q7INF-2_Zh|2wKc5{})q)!gSDMHeNtB^IO@733uqAkaGV`NV()
zL-0=_h!!nbRgf=mNhjl@!<`a~{eg@egs6P_vBxXpZ!R<Th*4ih0FScWk3MGYd1i1>
zdZ+3WLttlCUO4Y$r{gadR0OK{sqN+uzhb_Cz@!Z4+s@A=CY9VNzAnw{-w^j;G*xSi
z1WM@7PW@Ngv4~?%h}f-|$rBZ(c3j*_!1nWV@}I|;(}+M&)#v0^a7{+FTBSFnq2CHe
z1_*LXnl@m9_i<8MO{`%-ws&nUYe8Y>z9=V;c}1`)J5<K70C`)?4P9Btm&70|-4l2r
zp-f7V6iOtZZ)Ki|+ep3aI%7+WyxwK17yHPmn3Lh}fSkiUWbUQsHnIDP1N)VNg!4Rq
z?Hl$p2`+mbF{MnhnO9w5<}3#5S1W9>iP~7JR~34&3cRm^G<GS7NSo}y?ht(v&@&hl
zd$f{-#*JouJqn&!vK?dVZ=kf_&@Zanalpjj2TzMy>YWI6mC<N<uDYA`)qjT>VXT=t
zQ>5?6TzUhhaPN8F`WB%-gUx=>gojh0cCV^NJI&uV4+(Llusncir^bc;k~YveqL~Wi
zLP}4P^Nw)Oqm@n!&7T`J{_OVAF21y&mgUXhG=Hy;aq;I;KOSXus4uY!{G`G5Ezt^^
z6D9ZW@G#7AZ(cgdKE_8~AztwD9~?iK&PE}5)ggm+VWa5D*Dy`QrHb|-j=VGO@uG)*
zy~Ty!j1Q?rp8qXlSm4z(d5=K729+xU^-k%Gsn_7Kf&m^(u2%5oDw+!Ze&YK~Dw=gm
z<YSw~`^LG^p$4B<4PE^HRTB@66&i2~I}$G?ZEO_9@fjPKzQu@f0U?2HI&{uxsohvt
z6|xOqr9!SpI626)pzecEkdAE7)afEr<We(4=F2WLa_Pc@1y~rk7q+5@ZhYush(AP1
zv53gFI@jvpyzWPEGAbH)WL-3XU#qY!p@3u~Xvnp(ZCglCEPH0s2d~KZYQ9Ukb|fj%
zKP9@NgJa{AvR!et`7&yIjjDPa<Q}0zm%E6qM5opYwF;EF<Xm3H$J<G6FLu34!+{k;
zuUGN}J_ebJCU*XA5w=6pk*^=l$kuBdr$ue@VG6^C=YFddeHBxpl4s^3Im(JMve<1?
zo35<qe90zpWqDKBLqqP`GMyrv!Caj)Ni^)j1#&#-{us(9iQ4;x$$uHPTOY(;J2H*|
zw!FtBOtcWz#1%Lx`6z&LXOj@RoaJVw#>Dh@B<_63lKGK!t6>`2zPuTb(n8_LGrx~W
z6glr<^|bQqdGMp4Wl(%eQp(+FF24R-6Q_C58d&d$aU!6<_=8~2y;<MIC^~i`v*;J7
zcYY60B*-F_EyPt>64k%+xTs<xe))fw(e|i?ec7ShfxKwm)S<6zJB7cg8eWtDUv3UN
z2`ov|FLPF6kDc_S%NJDJ&Nn$Gk8f{iGO$ztjk=76<-AygH!YbTZj6>ol^tK*=|bTE
zLv}*A!?M!#F_SpTZTxd1aIX-wQuW@;Jd#gt>s#J<LLMVvrlB8A7;AA&vo9;@5ySV4
zIK?J=A$Q2_SQM)0OFbe8^hlg;&!bbXU)Z{30Qkx8ah3{JRXdfh^|mM_V~=>+GMM1G
zoRt5HqE#!k;%;FlO~=9>Kpnp(aE=h+=ks{)GWR50o-Wq8d_V!zZwNjZ20^O^a4nVY
ze~Lu_Ur=p-7H(Q-%TfvgH*li;xSZ<aC8yhE)+p=g&-%FD@tZVNee3qque=a_CCDK9
z%dUhD3PX-at?WA{I?Grd+DDex1Ww%kYGlBOGpd#EmMQwTZ9VKd;%<>BY%t;KoO-<I
zSt@AkXfJ86QTRCm)e+)q+CQw&p}1K(zoD^jWL3m>xQLf;ezls|ZMGUcTqt7q(5e5#
zA9kwF0%3DmT>XZ43=_WkQ?oR+@?7O_{Fx^b+T@wy)5bR?yTyqMkN?yh=~&mN0FtO*
zKM{sV|M!zWPFNBZ6tUSh-u=?THlT{{vwS~tS7CZ@O>WS0QTTKo3!Kth5lw9iM%;14
za<-y>pV~Zge+bNpGTN$|IStedx(_?ZQEWT-OTJ0*XN{7d1@}1S1?&J`rs*_29uW3+
z^-;Sd?RUXtnIxSag~+j6AFa)o{jZ)zKd>o#LL+)tc~b%%%x83(ol&W9CdX43nNur;
z^ZS?#0rw<ygBr6dq;SMag}e}kqS^W}YfK=2fNl^{t^428_ls4%w>2Fq_v(o6FAWx5
zptzE7cgr7`{)=~*YGqk6uvz$a_SGT%D%N6JlwaO@@FM%D0<cb(N<FwQC^W<&&cbgQ
z)a_5Y=~iKtXPI!>pAX+%d(*04B;6soqR?@h_}oX@$PcYRptqjGdB<<+lWCwS-0mi&
z(kb;oal%VK_&?AWwLquoPeJ-WC%2#Q7H?s-d}b2Rd|U7lbsI0w-IAI+c#~0vw}PWA
zaN?*f$A+i3rk}Zx+^ottHLAtQjnm2ZewTmlK}#=t#I#T1>V6QI{ff1yDGet6sX}KQ
z3672Y6n?;O0doUu3=Ame{2OeT*+C0S+M<PvX({2y;e+(n*>*AcL}mk|J{hyW7IsUB
zjVb-j#>6vf6|NH!$>nNsgwUTlT;^@lt&%NqZ<y6S9%K%^FeXH`tf!l0xdx7ICX~^}
z5o@Ma<3*#L4ZHSJm1K|S;oQO~ha$}W!>|P7?Q`!nW32F3;Hv%(DrJ;IPv(MX)K8Pw
z3xlO#8WA$gF!Qisya^c9as0SY<A?$b=mpIl`6pkG<LI~wDAc>1M(5v$Tn{HK(HdAZ
zawg|IZnLazc=Uz)%auZh&L!;ifmKFLi&vV`?5xF=LaqX8CVJK^Ju5~wR8>I#5p?S~
zt?Y`&EAXeh*f*C6i+6R}t@EvW<nzX_6I^kFIN3dGy35gFfy2KMPshXsF#l*(OsLH!
zIPu&}5}wGt@_R`1+e5YSb;E+i1Uo;iWYXleP4mop68*nTtk=my7@&(o=wwfZ4Q#Dq
zO}D`)S->+1BF6~d^Ku-<wS()6-J5G;LCg-I#`c6Y9@ZHV$bchgt9{L*hsGSxA_16-
z?;GC{k@V5)0A*LN{UL$pK|$F_8h9f&uM!ZHZU{E)0|}I`om}>g>kTaaR1!dd7XCAj
zOhG}|P0N*@h&&p=ifd8|7bE=sxi;j9%OGkoA3+3LLwEKk+}8889DL(Q1cy0*lsmwY
zBdW&oKcW$DSs>c~muG~qiirq|hkyd;nJXz`_E06`e1z-EF0~F|H<kn6H4$LIXmitu
z3Y=-)HAW7pYr*TmrhpvmLcj2Rh_Ma;uLb{!4xI~Pj!jJWGR@-P4obyvnU3$gJ}_cI
z3;S$IDZj>+PRtPuh5l<7_c$G%eg8VpU4uYT-Y;*Fpqa*E>d%DHI|OTr;c?ZKvkhH_
zURP+p_l4qlpg$C;9KSXik|o;w6}7eT`ap3&FI;ljLf2LZtuUGu<oBw=8aBYopnE1m
zJD=f+SJHF~3G=*pg2PwRgsySpuyqp_h|-)al&LY`_ygmCabIMy#K^?S1VzIIG%&k~
z$qiPmvR>2m@!x%p(Y}!3SSb_RFM7c_5_Ft&b{4MBb785J>+dk4TU0v(*xhW!)&-Xv
zB@`q$5954$6z!rNSh%|KW9xAo-O5TVlJ8QgSHG)7QGVIwWB-6ZftkIRnoTVhpGU1r
zQO;3aKjn68w`N3gjytu>oFq3|f@zQ1X1&;MAp^}-79ML7LHl;edpz0D@+?0@)JNN>
zdUS}hCXrm`3gxFk9rKgET_{bcS1|^4##}3~OO_%gN`p?ig4XF8I*)xQnW|pC2VTG`
zf;Dc)X!}{LE%axepR4o0-FII9a{GH_bm6w6-*u6J$_Q~nlHDHN!%1w?VHIhL36rnK
zULUCa2WdmB`%eizALXpA;Qae)jH2YeZt1f8y*PQoh$mG3C1v4rXp?Wp7MOztAtfV=
zi?J8ya~o~l?|Xm?S&l&GKUEBOJ)+hrI1KN1Zk~DX$|wb265D&6zy006U)9!>GSXj5
zYsl@kzR)Fa+Sd-5y1wtQ++}n7Ud_s24u!J^kN1yo(Y3uP6fNlY4oFb4?Tc`tYg7>S
zZxa&2DR7CQIR<f4xYH}n(NA;>z>`vAD_`G2uCy<e4<CmRBn&-{Vllr<PEP&!IXe#z
z4;IKHe;WNwe%a5Aiu!RsCCw*7!Z}HrPekm$_}K5fe*LhL@Ef%_zBcbl>0Y+l$Oo!n
zsTHr*%+Rabz3H-I`<Blh`}F3Wz#HjUNZe~arV1(Pw=)v=Xbi$<-6$-jV+EW>oejU5
z1>byZ%a|W!3}nxy^mv$z3d-AU@SPu_s&%15l}TK%4&qqMXUeVzYTg|5Kf<+)Jm}sl
zyN0s{>#~|>lCwn2h7+`oMP=Pz<$YUn({I~`PEUTU9g=F=S<CKuucDRnfWZ7zhh_Nq
zV+m0OU-u6@G?aP4%mtQQOy=3&2Mh4aiM_8bXCT}ubqf$^za(g9|EBAdwLwy?O2#E%
z(>QpRpj)416S`z;7>iRDa$t;j6u!sNgvu)O6$w*5dG%+1CNf;tY2dyY!)x^Xg#{(!
zy-ockirFS12URrbMU7mI)RjwY6BR;0Wc}(M1a0~~QM1;n9Dt~OQ+l}KYq&&~=SiAd
zwDQyNJm}k5-lt_RC;8BI6PI$cNxeh1?To$1#6LgB32`jdxEO$D=laet$dDdz{yh&2
z)^*Ee(o$!QKc9O6(d-3Vz6AlwL?M!VpdUyV7x%ZI#vm?Of@6m;os@P&57<_E^IbKW
z8=n$H*eqax83rC>XJz<q;i3x=6oUBPhg`G(7HQ~}3}E0Gx<TQGQolRbuWgw(SNTA-
z?C_C^t~K305T*XcuE)kK13kPd)*^vK2_{duoWnM~_#G^ZABRn9`EE>JbCfHcfy;p+
z1dAVr9d?>Z61lHJIUmt;%7}PZwc4vh>8A^LAImZG)q>ttOYMFn0{!=AUK0tNeB;_(
zALJt)37+il0K7K=3-R(nu(60(5;*mSw>%#u147rlqvDQ~NZ0zTOt|Y{#VRNgKyC((
zwFEpH>i{?+-9GBjQNmkdEgDJScQ<BLRF>g1X^*}l_P+FkMdVX0XkD9W>ETweioUOi
zd#=s&^l+6}3*T2lN-4yEi~BKotcX;rj!(gW(#~~|$vY{1E>gFHx0D`sAb<)}<kD9~
z>0UhW6j-(o1k-idcmkg<2QiC6Lg)cKy~5mlkYmnIkUV;TW$)>0T|gBRT>3ubS`jp?
zN>N0`+z$F_)d2`i;Nand*uYNlQptSd+D93*a(4N;zoJ-GNJ-q)pN1Z;1v|x)b$$lW
z%u26BiFj_yFenU=GA54+wFZ>wx|AqF<juebsV}5R4O}KUlw!(3*dfqS<!b%85Sb)r
zWEYqW!D!wg%q#^7?>SxY?gy8VC~>=%WCPS#7urF~w!pzB{#`H4@Ov%{A-WGS-0+s>
zgSf*^y(3K_>>E4G^zZ_(L;TQJgpljgu%3ztaAw`=3ESGQRv|vQG%(*W<Dl?esaDFE
zJbuLU^3~@rAxUQ7Td`zUu{OEXJR&Jh{69aynYF9$<oY|lmxHn`0bG2bh$nD4GjP5z
zL?tU!O8beDgD$`t{t+T_A0oYRZK(kQ3^2ka?nBfp0f4(P2qxGmgarP4<JwdM<fsr1
zHXORUH46dY?#Cb^iTY2ANyq?*)!cH>mMDak9-!9?w$}wvi9n?20pY!7R54v$pkX~1
zzzfJ(^qLFc7Pxu6_?6=fL<S7+5l#a?IHDgECXliU>q)@VtztDb5`eoK6DkDJqz4pz
zN3@oM<S~K^d3CGru*sqI<sf5gK)j`XNzh|>0r{HC;xMRD*9CurTJWnr1NK*RenoWF
zUEF$r0L4s7xg<(A<e8FTJ*Rw#s9mQDYzP3;xo*<|+T$OucqFB-dbfz`ADgPwa?Lxq
z$Hr>sx_1t^*}Nm+l$A^&mMRj#4f|yJ-zBPz=t<}VIqCj)htkZzTDKWPEWWxWL75w?
zIf$;b6@f2+0e;X~0*4GABqWwY3T}=emip0olgtSF<eUJZ?LCFpyNrXcDf-8xX3Q}N
zKT1mc+LOSu{Gf=(@Nw{(zltDiZ1JlFxhq{*&zdQ~n*Zzq;3|vX{MH%0IsN>+LvBjx
z$R6Qn@Z?psF75^8NWIH^pcjnLhkhT}3l4Mu0rsBvgPZGmZpd5@04!>AP8NWbs|sD*
zbx5d>8MwI<<f-dI_ZS|7-*r)laRC3c!uLESU4TLh{WnGFp_hmXv)#T}#UtncXru!R
zE8r4^$nb-{B_MWE%VDIj1nl?!y7p(Jho|XqM-F}Ez{?aco}HM(5>Vy;eUfFPhttL)
zZaMxxqnT8feu)IIKRWflZ?Eyp?%+}XX$XmuJ_(ui{m!-LR)G6#b@-J)M(_-D2xMHn
zsv8NY>RK-srbN>I*M+bw9|W&$DP_HpK9cQvi7W@b6@|zt^5G}WA<PGnVT6m_hiGhE
zZw9To+}?<=Y-i&M^Jl}<MEAd)hmt4>{GYW5!Dvv`|IMM9nO?~aChY%5fvgI5Jw%wt
zCRN-@I1lVmrdiPP&<{|Sl=$V>V;S{kI$K-ifx(esqfX|?)i?MJx|rn!J|>os#9F<W
zf$;0msVzunW+DscaKin4`G9ixg;>lXlIpE7^4lCNP+^G}7?SF8RDA<Ig*x0fxWV;@
zSR-u~KQnsK!45fZT6xRX{3o3dY@K{uK_4ZT1}tRO2XRs`{u{lzHsZs@Yme@A!E9|Z
zaL3A_R}jrgv~E^VZsawwx~nEyz!zpSdQAE5pG+wy3e8hq%VqH4S}u3EVl*WTwED_1
zN%>UHQb(<LEFvx&3_A|)d$9|&vUp}E=|O^UZ1dGOvdL6!j5g8`UMmV0IVf+{dMLUL
zd@`ZBqOey<{0FmJghle`p-)*m9EADflu_Kde5ZfN<oEC3m6U7jQ@@5SQTl2(HmCwX
zh^hh?(O5UNQYVzd$fNGw+R<A#Vg#MOSrK09`f)5o?x=M)eQAMbgJrtjP&MB&YseuV
z+IJCvS$ZhP<rN$u$*t40b2+yM6~`{Oi#j$8Zxd0r+CcAB-BMbUWX<dq&h=Xwf?pJE
zxL#s^-N4~#ht^deh6QaFSi(<9i+&c@fnHU&@R=<5rB*rk(Fc5jI2q_gEbf*LOeKGM
z(m!_KW_t%0M&0QWRg2gtrabZFu4@Le@7yxhCX$s<9EfBsVv;GIY1Xmwbt5+{e->x<
zT~*wvSajOl^DD##vYJmtIZB!}(eMuQ=>SKC^#!=7Wx{8{C%g>4MXUEYsXi=X3T47}
zXK7GH#4rS)nOIdxpx8q9OhcW^qsO%^F+IV2%**<$uln{=ptg3yjb`ZaF|+v(v#Xrv
zqIb3{A}=rSSZKNrhc{tijfwpu%du^OKU?ZN(eGT|)t>iIljN@8Aji%N#fGfru?d6O
zJdttFM2BForC6ZPa7x@uPB`k%ny~ZTp?~(2J73)@YGAtKk<;6<xQa0JOUjZ;f4AS_
z5)<EVzCW27uqJ*xGEmy-MYk@ye{bkDUq^~w$3~^VugJyKuHpxq5v#H`p<|pBI51h<
zxvpNiDzl;2i-0!QOR41<>o24$BiAFrwK;$1&b&J6ZK+Iy6n!EZ6M^l`zbs`4PW`))
z%$6A*Rh6uOy=3Or8!Jl|e`Qh4wwb~QD{bDU4O@cuCNBR3LQaU*xv1-60xh9gO@5Gb
z%~%`O_l;}8rSZwd@ys4iBm0r29$y+7AhNd7kCpaSfGwVsVtaQFb0RrbT01rio7~)N
zS^Lh8&+A)WdW3m;5@JjQU;Czi54?u9@Bf=a>G&4~OJloohd*DhY@X{q7Z1xOaYQrh
zsr)Iz-D|xSTA@uFVHK7U9vQ#Ar0M`oF>V)s^en($^&LktZ|h-{pl0ex_7aO!W37d_
z?No*fv-;ZxZLC%fzhZ;O^P*ALR)tu<58pIVg1e7LF>e0nZ2p&o{>Yd9s3-pDnUYtd
zzEj#gH|LemE(>(tW!6$q@b!A2^%UL7Wr%wHkY}r+a5Ehu&GDDg6A4CZc@>XXRNG4j
zV1Hahgn|{WSOa&tY3D~<`=~-7abW6^vf?dqRF+~xQ#1Coco)5W4R8B8%iXP(27AEJ
zTkh}F;91s?vxMf*EppSX8-u59?!S!n)?+NALx?Y$?6cUj%|xUF>Lw*08`HCpeE|v2
zI83BFP8P`*PGA4tjSWFT#iyH3SDZGYGj*V?w@7(<zxv2#dgZY|t_%LZ`q<iMBKbpt
zIze}z=kRs!Z|z^cf|EY+3}`jhxxDV8VW}oK=Wcx>--LU3x=ul{iRe<HHi2Br5MFb3
zPe_{MV3MnYSe8>WgZ?RZTJ4Zo@9r0pY$NSKmr-%E+E98XjJ{wS+IU4YXZL7#V;PAX
z@;=`9GK+oR0Oq<=g;P2Jm|LOGpG5i8r4$G4FgD@ngs<s5-llT~(sxL$ipe*<>t*9Q
z3*R_DAf6+uqKZ4qU8KBP=x!iKa2;Qiji9ObE30zltI#VniJrTc8t^^pfmaUY<h0&Q
zlsYNsB^mnoS;FouF}wD8c8R+@w;LkVEWxwwv!o6L=1fhusE8-iBo)a+%;jTIao<W$
zR7`};GpI$2oXO2m$eT7VUUQ!)M_W6dpl;}ctCZpwC2SQ^<P`X4%f2~g^Xbco&ru#u
zb05{-M^X6Jyb6d&nt1qiLMJoxQS=<bVas)VY}J)H_VoVBpN|W>()@>AN{?$dRvy`@
zeA^stU4J>RGfFdgviTk{oVUwll#4ZpAGif_(Bn)7?Gc$11pkU<O?P<Y%e*5tn<XGR
z7R|A^&wm^#Smjr6fR|8kq%)+6{l`en^coYeWxpgb>eAUToEf3ORer@S9Hvh0u@wQ$
z)V%^tYX(kE$LlwS9R3}7LTTEVtX?vD%XQNatf=g~SCaz~#wkUWDoS;Dy?6sRk|<Gl
zjy5MQ!JlVu?8ZHDmd88t-3%0Qy8F*<TUdk7I6h*PjFxYVvlxionGbBTDP40<w0>zQ
zPE?Vj%#_0mSHyQL`Q!x2VyUXxbn^T~`pbmJ6YV`lMnLBaRTn<80ZRW^(bloJF4f}^
z%grI@Rm*`VVP_ANva5F=*~NiJJbJ|$S}pFfU156NytTviS@yE=IVc{)9Y>jkXH#OB
z7@kR^Z|~*ZNOOu!b|(EYF&;VR?D|yA4<UlZJhMieTQ_6$r)Ks%laYD1r+nQrN!m8&
z1hn#ur?gRCagObCD8cTvg?m$Go%d*(0-Il9lrl(5?o_;7WKwAGh@yBgX!T<uPB*Yg
zG!QdK-hD>BpE(|E^uj^QBuL7oSLk5{8$a{-;Twmg0qa=df$PBT?Ks)IRtAO>OjHp=
z)+ZB3L_AgD88GV;D)=<;>3WYz&Zmrp+f(-L6rfCA@|$af3N`SP+gr@z7lAVC<Kd!v
zoJ|VGZzpgIOyUtpxZvZ~%QL3S-QbJ+B75pb${t~Vo6~UW-H~s!Z#ILZ%@t{yl!CYp
z@v*MFkYX*I&`p;-{bggFr;=|)q=Nm@lS&VPf9T;?t+Dya9_OkUPD|7@XG6og6hz*D
zW4%xbTs4_baVh>q+t~ik+{Xpu^$ID&OXJkMuN)Xz{d~(k5|q*yD#%hJvx;U>6S;%?
zp3V^utfD0NskYlL!o0k;F$Zl+;<%${*TbDwNqc`Ypz25$>(PNQVumhXDZL!c5Wru4
zo~f$UfdNBY^PupOuvi#xO}}tD7e19J@;lt?Dl6HKp?ml+vlJ>Z%@R68NlL=c;>s1O
z^YHQ}-v9iBH3T`s|FW6x^oa1<v%Bo^vJ8QsqHK$0K?R%DWKg%#lh%btA90U<9_#)c
zzQ1$)gL=i+ui!?RK%J{QQAUT^x0Y%|@pgEa;;<)@s^FIX+NOI#n(Tb!RWs;C_O3z{
z13Okh(RoDl;)?C4=jljE5fYz%>Mjd~c}E`q(ZZSSsJ_I4XA&a6vSxg~^P*+8Q;VwY
zHw&dZ51(RBR?=R2#*NZ%!L`7;d0yuH5WT=g%G#U@!=U#ophohQ6o0RR#_8TjHqMp0
z7;;t6A(_A1+aoD{i^>m&nM*-Yvf)Urf2yje5BoKeMCZU$HG1oR{71_*t>z!wa^lY@
z-n4%8<DJ^V0Z%GWz%z=5GL0<Y_aow{9L46Tm9oE;a#=CCbedU$+!_%9X|t`JiyXeY
zoc>x=Oll}so~iTPi)6r9{oHp{n-Z!Mn`FmAev5Bmev;zTDsn-;g^TT1F#Kypw6iZ%
zR{2PyajX3{$Lw1Bf%A#S=s*^>WNZHym)vEs)ZVZ;fsOs&J~pO*!oweiQz8s|B4{-|
zdzSAY8ofC)A}d2lb?o+;uvn3s4CIQ4kT+dF^wpdR#T<YqV|&<p>1lt9ohxW`VfNK-
zE~<Y40_b8Z)~dr{=8Yj}p%KAaW3{1+%Qooq$(igwTAE8(%qO084?!)`U0x&Vl(*Xd
zG*vIZ4+YT(zF73HLke}j<=7H2%cEflPc`rSM#B=Fs!sBIrQuEmO_XJC$03(ZS@~B)
zPUVun36u>Laa*SmCwX0R#TI~qoqDZ=#qS1<&9*UU{~P*%dNEKRjCfL*FY<sT4Tx`g
z-+xfY6MC5QJ<rJu1mI<a;~$(4N4l{1uu5Ub!Zw*3-kwld4$>EfT>amkz{v-hC;6F&
zHwG}dKA?=T;6~Umw0BG^G`nMCFipnVT5>7oUuFXr^oG313^W4cE(sNFF!1v6XbQx(
z>VlrUN2P7WSY(_}>89horOawI`gIw~5C61QB;5aIyT=ZT`?Dk4sSwL|857)MrQ9Te
zMuMfzpb-D}nmjcDogacs`U)|B{t}8F;cGj7WuGft&KTYwH~)lt(^~XD0F6L$zm0vO
z{6Jj~M}VV&o69*qpU=ZE{`P5=>Pi1SsVv=2Axn1|#I8c<raKIzZEG>c8#<#>^9zDf
z+%s;8@@=Jjh*#ObTBqUvEy@82p?q~1Z{(ax?XFkKH$~I6r8pTbApRd~fBN(S2=jdl
zL(MmB_0ad7^N{1*yh^no0)p0s0{WF+?mFhw$)a27?WA>X9&#luuT;y8I%hTZ`tGOT
zmxS84>1ze+{or+c$GjDls?!#tUi;lm#6Mv@yt8En#+Qd3>Y%li>R(O4dahyi-HM&#
z=un$IdcRtNeA3sInjh#aZGVxie;^)-cvN#=UGm*e-A`8}rW4H}rhfl5?dX5?=V9MZ
z`4PWi=&ijh^j7YnfHu<4$-hFZ?r+FTK>gykO7$^gFPskjC9-Y;F<8?yx-lP7qfquj
zeWm&g_+)#q>q7M5ou#h?W$ygFlHGx-rLU*O{Er&i1hir5p3843OY37UAYa<$N;M_a
zJb*6#e-Si0v%I&G&HoZH|NcPT$f92i@;#K#?Yi0i3cLRW`37Av>u;~Iy=|($(fnP7
z;e{B^Y{z=(_gsBWKlpk2zi!U%pBsAH36ynRtyI@H$UaJidI!kTzC>sw!(x<`jJD6#
zH@o}xLtYQK-`SVmE*NjrpOu>bTDB(8%XeL$HvY>z47pYrhOO>xR7x5Dr^Wb>9Cu=9
z!ryXS{F8FL7r?>RKQWzvc*EVdJ%jz>t_d*t(aVL#Pff!4BgP+Zj3vFS>Y-md$u{Zz
zLot3be#6g(4vl(zPhE%Z&FQzA&&2=f^Iw#&xKXJ-2n~M}Uxj$uU;cU)yZ;>VjK3Om
zOCNp;@jC->nx1;Z(-D8p@TaTIEBg8-B3z!Y`_S~?#;AYtRYB_#T@as#xD>!Y0P$kP
z<B5sChc?f-pYflg{8`5RXDDAFR2l2SX1{lN*ztP(?s8!h0rS-^?7ei~`vCH!IjhvI
z22Ymh&Y%Lq|Id#ohiyQZuN~*x6Eo0V?>|$U;P-f{RBzz-BR<apAAtB`3w$`@%PsKn
zh_AE2OAy~`fp0>*)B-<%_&&s2Q2^^Q-GyiUKjIaLM+eAXNBkV(*#Wq>Dc0AhV7x8j
zgDmhY#EYYX(=!<Hc>y?E|3-W<;=bkLWc*i%*mlI&eM!1c#{%+S*=MW6>Oaa9MhCxV
zH+{baeu}=|0<Wj<x4>P=SUv$b^M8%_I>ZOxbl*bPMb>f5(k;{i23!9|zS4x?_ZK0)
z&jMe9_+bltJK`rS@G`_J5bsZcC*6@x>-FFQ;%SNg@~r<)!Ttd8F?!xN*e{GURMQ^L
z$4t+9{l|EP0erNtAAoo<;_N=gSFmsGDI4vSeLsdrHmXuh%l6v$BQ7CM)f!rV2kYrx
zf_O6G4^e!mJM#Z@yOZsR4@10(p6+qnU_ZN)Q+oIT9UFrG>JUp!sxs`<%)a@V53*kF
zbrLrt=rV6+035LPH#!K>>hgeQ*k3lOQWqHcN&D9#K4+Z36=BCmziAZ8TtFGN-Q3e1
z*;l{gr5JIcX_Z<DVAd&e{r&%U_xbwUY^74rwVo5mvkG|z*q~wErl)DGse-A9J)93{
zOE}E_r8(B87FFtN`n%0@0PZQXi5Gj!qM4lmbZvu&_in8UV@~=SN+l`KvMTueJ97Ld
zERN2MWA-h<9CgSsC@hZO+f$Co795?TdFU7x$0o)xqFpe@DCBU5#ql!ZcrJj0?f<9Z
zd^okrZ@*y`V&@S1+R$GuY!$}_UD@$mu;)|lZtdlNaxe_b;!e~9goIC52lj12^{s;N
z&s$G|a(s7m<hPJvK$|LcE=@Fz!OdW8l7<b(uoD<I#RwZ~*vJ-QSYF#IV{ekS@7!w~
z<RbPk?W3|WeOa`Pk7nCWw4DvZ@InlqNW=So>bv6x^)P9$&yJ!3dFxTew`I%vf5eL0
z>1|K{qixUC68nF|*BNckDlb?+|3dKYbe7S-4?v#C_7>wm;_(*vc*K(faJK%7cpBmj
zerHYh;XG_|NDBJ>uP8qX<*$XZ)%LeLJtkOn9-!?(#<!B8ZO1A#!dOec$=df2zKwOY
z=oNCWksBUjl?b#kX&%0R`|VX~zVYo1HV*%kef>|aGs|S}K;s?8cx5!6S+`|#<6OPt
z8>Y{V`Bb87p+itqO2hv6?kaVxJ4D`@_gpi2hVuXUifrDCHBCur+J@sh;(JzU`&|M0
zDffuU%-VDrIrIOD@rGc$QT}Toy{zv@`A<mggN_Sz$Th21m3k7ue~o@#a-Mr$Mo;&;
z3~rL?o?#j%^%k68^sZ9381t8G#n#6(mOM+eIm`h1zZ@245XL#sM;`+-{qHQH-PD)>
z9iI6=#yEHOt@2wpUyN8M6UOvk#L^M-1hk_Adi+5qoZ4JfBVK@bkHBwEe#5Z-r|)vL
z#`ceLW}m+Kh<%4x7t?z>Ar{%MN;R1gX#1at$6Me-5l`+HtOt)qJguLucj;I$VoMMk
zYr>Y$`1yK2pkrGRE6VqedjK)1f0bcB%lbdWM)vpTt4FLZ0F&CtF#LXhED5o5_xryi
z9kHPg_{(J>RuO;=LTvB=e{48nClKpr!U_=cK3JvZ=@{LworPFFV(hG%m3^7NzvG8P
zxUtQ$>R?#^kNm~Re}6zZx!Pj-5YGrGr&PpYV3p=Cc!WEW*?%IIH&7d!=pT(Uq7e^W
zlfv;08%?E@`Hg~o!)`*3*swUhZbUg=x8S&f9EA^sqkpt`i0U6l9t_rDx+L-NbXXkK
z11U$7f&LtHydT^S+f(9MHa-LQJRO`L{#@US9ED-S@x6U5_OSD?e`r{5&Nl8&ScP#4
z@jX8KK3}=*M!aI6F>i=`T)$uG6yjG9XLmXH?g^j{hUxvwxefCXp*_~OhxGm=tKn{{
zB*d>IpH+|P_0US+8XTZpWjVP;{)l$&a~N{D@Evzs-7mDubO|~&t1(^Z#O{B>xRHaZ
z)Oi5Gdig}(zJ5bJEJOJMlz-a)T{tX_kQ>%ExO{Ct)n^h!t<yD4j+RgStvG*pxJvyJ
zg42ti{cxbE1&x!3adIEg=UZXKp=DHnajG%S19}-vq-%3*?)g98bd#-TE=RefNA<oV
zaO^ZG0koekL)i?J9iq#c?S^t2*6Vr(9T?H`@6M(?Bn%Iy?q7VK*8N_O2DhKl$Wi}%
zI2@}P#}EsSQsnqLERNxfWAor(4k4L`m0@wTVI2P(9NdmmJ7D{GM4uP3c7!^Hl<A~>
zR0f7^YI4@N-$J(w%kt^pLoj^SBMtKyst1ikY#n0H80&+*weffz;l49%hUFNCwX&V;
z{y&U&4)ckf|ITwqa*v{h;*Ml(bsvW1VcPGqu$i-1i~lOb))UhOy|-cgc@q1Xzqfa#
zXLC1O-&v6D92r8zW#|9!9j>9MU*FWW#Mpa^;6v;^ajPv~g8j&{kP0^KkFMbRONLcx
zHZ*<x`;@-e|K5*n)pX%ze{3=AqD`j%bj1GU*@iNue{BB;@p*_B8*RC}VJpHtuHDS`
z1pb%GjzZb%C_BI`%VleNWKXsf&i<JF1Ing9hy6-eb{-tx<R)`e+9u+g^RV-UsxW*J
zy!8TY6FY_nx2wU(F)u8RK8)jQ3y#Ie@gj!){XMS|<JcU)LHpd{G7r_*ay|5(*T=Ov
zygpZA`#0QHW3trEcaFNg6OJb@=yPpd(Rb?;ZyN5s9rc}?gm=R5y5YK>+^}BQ)19o_
zzud0zPu9zj*}ouGgxF&yY&2pg5R1_<I@T2<R*hH(f8PySKmV5hy*KRs50tO}CyrC$
zoUhC0Zws|g%<li_jPvIaRmMFV<}v0~)2r!w??l;>m#WkvfFSz<W>eptjWK-#_9lBf
zHJiR(X4}&7$W?({!}WZi?Q<StUH(<2ZqxZK_bPLP?@FL!Y8l2Y{g<xa=KAcwe1^8U
z4g23HcLn8I80!UAcW<)1>*?M{__fxVm+AAPk#`4{=c`rfcQpSVq<oK3zK1DaPve|P
zF6HBvhB#`-LMPga#A(8Geg>ztf8-r9s><+{V4;U)@c**~ZQSyG0?je9om4-lN4~=a
zRcgIab~zUJXlJ=caNoGov-}H?rl-@LIDZ&ZWt_vg$sMh<3G;W55Jm`k9UhN-i^t+z
z!WeIILa*Bl;bS?=o?W|t=rD3^nowof{?hhZjTlVS_ig&Kb#iUnSZ{~IUD&^3xY;%>
z9<jEFH8b(FMJyLF-}%UKTwizc2u(+$;dvN73d5f_g=cV&Faa7q9K-ivc#aX?-<|w&
z!~DAl!>?etXnN;j#Oe|IKMG(Aeub_6J!71|FU9bzN&1|ZT5vze1oC8)--v3IS&T9Q
zVKN1T+bPqg__BU>UAP<Di~FqlO{o0$yWfqUYdseCw4QK+e*YQ1qf69TwW<GIVst|C
zrLo-7PrH+97Ro|l=x?GjTTx~(%1rRd3}vPQ1AO(0>RG2yW*^Fkf%liy@l=B|tSs->
zPPcZac|!YO?>(4bllAv!2KbrDm(41?cK#RT>rmdQmn+?|^Nkm5{R6`*Ci}08u>K$M
zbBNz-!io{|PSNX#9)Ag9`G}d0g=qU<i04kx_kT=ynJ#Z$2cqe`fcU&A`noUkA2P&k
z)-zmPaK4J+ll}dbgz$CY;Ky561jC+xa2IM1Ri*wE@ZBR3FP&ed?$<F|o`r~wUQngo
z{l(hG{n)|3EVGeYzmM*48y;5w5{}OC-(RS{aNpa(I)}F{597n)xQlT}i-I`@A;+U(
zan#pQj&^my93{wcTUZ=x8HZ9AyhpPAUKw^jF<b4W=Ob-rhY|Y|u{(@9pUZ3;9yAs!
zV+qwRsqA%>6`!1~W|{3WP_|dYVsRUet`$@6uJk-}m3l;P6Xr3fyJka@L2rHx7=nhl
z({laR0@(Zqxr(u@n?2zF-t30=*654W!+nMl^qlu9j92(Gj@LIm4};UF<UIGfj6C<@
zOui{~+!Qc`<v0geokD162j2UzeqKV|Jow(j!N!yfXBaPPbG7btoqw3|+|Ah_q}?$&
z6#34Ck<T=5icxk6mi6IQCRyXI=PVSxU(hx#`Kg?4ea_B5W4tc$)oOyNA2@|rE@HlW
zzCf>g@wf6YA)z{qIq@SXm886h96|a&atsNJBY|<e9Kb>IWpsuN65>BYKt88)6U>)G
z((hZ2vIkJsH#Rc+cN!nr%M$;#zv|^)%rnO{mYX#CH>IcZaIkYY-}GK*`b~#A2ItF2
z<X9dS$CHf1*(o?*W_3e-#C29X1K!7MD?1u1+2@!odkh`66lJS#t5#=N?1^Uid_K8J
zz<z$VGw`^N?;gy^Oc_!!O}@L<gKQ2po5-bd;L)7kCLjmf6Rji2wH3L(F#3!DyEAGV
zX--0KlO40EzV7S5!|h?^sm${9h1-M6#dRAGku>ygIljD|atsLIVESKo)X(sHHiK`B
zq6XQTVGGm$Fnk}zW46U?e|M7c9Zdi0PS1yh4lly+<sri9Hyp-qC@HQEW6XG=n0~{p
zcLnEzw<8ZPhsBY`IL=vc3_^}xVR2N=pd2wXf;mc%BPA@3MU3P3>D9sGUzQ99A8#1{
z=-lrxVmyw2H;g`|2llno`MhaDk%$%dtiJwoC5xVQnXUfI!bUH<$d-p4?LazEGW(}&
z)CaL#Ws5dujD4GeEZ=(vn8&bsLg%(4k#7i=^DP5S?;dR0PrORBjl{v)=*K;+b@X&E
zcpb(aP*kmrB_YSaT$giQ0r!AH^|T2b-=73KD%8&h(y~aqorj!eHDQ!RJW3@g7iI^S
z=Wyg`5*EkN6v}aAjz0$-`-*zd^YK{!XF}jOsb|cuHht_HukW~O`yV~%dEFX6dn($O
zokDy$;y>PWo|>hN57^q~gji#w`JR>|LtgV5<1DWA`f7J=t)PPNk6W+7>ANnv|C=0Y
zZ&ah6(ftkT{%^80d(Cuqp02?f6TkXX-n=W+&1XNl8+i)a)u{J{;HeSJJekf1%`90B
z`#`Q-oWFLe(flgtf3#du5nqS+?G}4Cz38I#2mWTIzIs(~2M<>|hf^oM>`d##w%coh
z?Vpk3>##V+GY;q+%pu*$!!pGGex30?#&IDa9n7a%6CN&L9%RsU#^Hvo%?ftP`(fGl
z*_!=tPn>@t(^R7mGW5rn482Cr_aXRiJj$;_`APov4FUc{j5FGwh4L_%9b!60`^t0p
zj#GEksOI_Jb;M2}b`^Z@&Ar*4!I+!b@6&u9aTgD>?g^)?p1FtS^Cx!&m(?cZcs?wS
zWX93z?qH59$dP$ZIOYBQ-IQZo00-@(<9o}n9rGrJmPs!^-IQ)3`n0f~PI`g;=X(ZX
zugg#5wDt%oJS@JmhTXj`yrHd0Td$8Y({4Yb`ApM1qy*D2kEV@;Q9cEPR>qJ8MDyYT
z@{PiL@!5flqw{O5h;-bP@?=<rVL|s}Cv$^*$4=S(w<uSSa+~xzqu*hh<+m<d6ny_J
zU3VOgaYuEjQFHvypY$}{f4i9D4q3Se(9XYO{K9){)Q<k=-`O3wJ>7=|>K@0>QI#IA
z8simr)xSGnuf31Stn&%eRx&&P+y}=Gj8|lQYi96$y$=M8@|n(_7G|-U{TuR~Lq6so
z>mhgKQ}`yDzVV1h-dCe8G<1<3n!caT{o6DT@;eO7?0+%dsEitIU6YmPD49-Yy6NYn
zPSNyZxa^-_+B()y*{{Q9_CI~;{`G9bE|AulWW+{xtI>3C%$-Mcjg;9xW7sGR3-oI+
z0Pzuso6l*m@<+T7@vn^ZYUg{jg+0xWWez*B-AmT*VV3fo1KD0Hvwy(&@tHO1ZCYB=
z=>_4*__!PK48(^SytLZ(mVM`~>35t%nIe?wrNzy_s>eQr=A+OL=ldAeMvsrN`r;VQ
z(#`z;VEADSkMrLb$@1B9J?3xA^_2N+pl`ru<&QkeyX)!H|7balM;x+hjCEndhi>{4
zMu~TKHpp*6`DB!D3x4TgzDpatl4^f!{a2Syv-mz{|B;XLO$-n8KbM4fF5-cHa5_=>
zY-~?${qa1+hrLvz4)FNnLlIv$wniOK8gSa@j7B_de2w}S1vG!g1#Dq@wCtysEI~P#
zP-CoZ&_6c+M_fYO>F-y;`hM_rJav|A(LeSy>{ea<>H55Xy`}p)sfbq~9;xpWO{eWB
zXim)E$_IHZr(JS@<4#k)jP6g@V{81*4`txLtr<N0KBXp%GhchB(DCcVDZyjlb>#Re
zERF)k(Jz35)|;gJF@F(nIHSlt?W<U{{JLOxA%;&d!t<&3jlM?1^OZl!)uCLV-S23`
zuLOKQJO8E22jZ&`KWBmOM!W*?J^}bC#N(&xd4L*BfBif~J>toTuLzKLJs`tY#2*i+
zXQ_xok^Y?_?4aoRfB?JmEdMo^hWCs_zKo(8W8O;tXxl78e9Qf_wR3N*UH7EzI-B*^
zCYx9~4sS)-a+DpX%Le&e$!6;`&js4}(75#&Hxl3fl5v)sjl((S^MHI^;ND>tJ42d2
z0Oy}GYSaf5_&Yn{9Cw|-U$fpL$np8iC_uiUB|&{3_N^}(eIGq<L&uL*C|iiKANZF;
zmU*p<T0{C}drpIX8kxnz|9w~!#yZkHAJR4vzbv?24M2`=VR8Jql5*58_2-~_G9w?v
z@e#k{cjH`dgKn5Z%dUsE|C+(4Su9_7b8^Fi*ROp(iw`5WcM<AH##ycYq4#hqIR4Pz
z?BOI2ltEZhqxr6V(jD0cD-r#MI}uMp{1Mvs_WnB?p<eio5F6f^?h)n<Z~6_hkUJUk
zzKKQtn9iHd4ssy)c#yS$=Km4->X7fh;rKw#f8b{BcbI){r-x)1vZ6*^Z=|mWO<yk~
zeLeO4bN+5xemw${IXD>XW*!%2A%7{>p1!93f$6`9UqSpm|F%N4(0tRD!@qp`Iu)bi
zS2e~Pfps>`B0n4EBGixA8mo<w*R4G5v-97BP(N5zW7uez*9B;zviyA}4Ddh2`XAFT
zZ9FMLzUh5uYwHZg*#&Apl{-%4Q`x>1wfWhEa>e*w-#IPwd^tPFK3db6&S9KW80WHa
zE+X5!-bXi9p3_evv%HRf80SM9YSag9rnH!S6{Rrg-qaU>_Mo-De2iDNwMJVb4l!qV
zF`#Gd?c{n{O?qfL79(HQ$2Dr_Nbp+|>)Eg&r1%bWI33ytu=DR2FYim78~EE7v$AQ}
z!tTawd4xx>etcD<mU4di*~2nFsRcraS>`DE{m4~)phg`Ws;xC}^>b%DXL(wrSBOhR
zx;gm|Lb;4!{;%-e`wroFFZg{&D8GUH8+_;qGyRsNM^QgJQlr|9Z^^yMnHVn9GSOJL
zTP*#)^rj2MmR&D9|AX&tTUMjKZq(O4rhUL%EcOUqbMncz^_}CPWqBCmjr<PhWX8QJ
zJ!qPHTCRB(OWdFkhX>gFcd!h1o~cpm{cTFE{FzX@kha!k)5Gu&G93BN)z+w)q4uh1
zr?EQ7WQpq$q>1SIKjk}Hqb`tw%R9)AQz_vuTPLum&rgBtG5p@T8nv;@zpdq%I*BRz
z!ZVxyqI}x*8bAM6w0|0a_+rEt8vS%n^ZH*8-P3U&V>XXsg&4<mqeeaC-v+JbGSrT5
zU#P2MnEeNG6{|Js7W#g!gk6J_jE@)S_d%_?gW}Zp&0B1_ptr0qJJES^<m1?Xq0D`{
z%sB2<<NRV<47-A1kI=AO-~7EBTZ_oWur8!lvk%B(b_evEd%5$qJQ;@J*D?H9w13|A
zH#*dzoZ(DOFOL$8vpl9&U1K-JF`v6i7k%#E*gFoOd|KmLwU4o07IHq=%UvO9_g_4L
z{cDq2^>w4a4mb~;qn&ZcVf8QDF!-bS*#+YkV%!sYIn#BAbsSgh^Yg;)KcM_gYqhi6
zH{XN6KID~<hH|v~Uxi$Qkjv+$l47NZ4M5CiJIU_<LTnvksYc(?!)ITS%_?%Aadxg=
z+hU@5APhnI)LQLaD$9c$V_hy+%Y#xv??Lf%5Te<nXJA~RMXjcjuszEKMtvDPg!=Qe
z4jYAGZClo=vy8AJ7Dmf)7EKR^`RwRScUol|dQNZsLV@m@4e36Na{=T0)07XV5X)^<
zt8O;eAM+T#l2y4(-&pH<Qic=lYt<Z@!CY@+VTDb=_*KMY56&QJ56=AGV!XQaTGLq`
zvmUfKnVW9jf5~NcDN+BFS$cmz!W2r=J&W>ns8v5PzTdYN`;gg<Ap4_rY&Xgm+*Yez
zzNrncF;10*u$b5G|9MJ=PMvDiKg_l&4SG^<tU0wl=P0!9WT3ooN3H5LbjxfjUH!Mf
zc__{A(HQp}#(mxJ@0jb~zP*ChzIot%4V{k5n=oE_My>k7-;c|5XZHU>3`-##we?`*
za<G^69_(Ca`qMI`X4a}Bj4|RNzdEHmq~uE+TGgU@?NE#}q;IWehr{}bH`s<zw+6Qm
z;9DCZZ`==LR3vGHv5Sd2p1zazuLT(YWr6jrcj7pdtMGhp{&NKjRAL{Bzh$ERW^IV>
zSsu8*R(-`k&ZGWuxa)cp7Ki%xiGQe8y-NJz+(G=~Eb+ymec)F7S3Rg!vz25uzB`Hx
zM~Tl38G0u}#>2I~bzfa(o1YBeJ1?NjHb0q_h79ZfhGKvFNUe5Hq26Xo5gYnwt(s<T
z<7PdHyP#{wD~&ot`=2WqZ}3yKDjNd^yCWaf`&nlH{|vS#4EsN$yto`+QDxBgV)$VU
zFScy&`H!3DIo+M3%s&mA+)>DpG_+PbSNpI#@(DHwcQgC}%){_5817s1WZ#ciE@Gky
zD@E)slN|lFGQ_$f_7Z66%W@Cmo<(LFR)=9TG3;d;mhH~xp4UE{t$+O=j_(-e^FiRl
zQxUI2JSzb2f_U09wd(CAoSlC_JpY+m|NAcx%R?;6gpEdQP=H)9VgpQabbMHX*bv12
zdsDsM=RcS5KZH8u5IC*K(y#L3{xl+F`>(Vd2{l7t-~SIRk7sMul7M^}fcRm=HwWOu
z5g+wjt>N#K{w3qT@raK=e3Vh&=unsEw|}u5We%VW+v}n0Tp3!qG5_}%2G2Lt3o3sC
zvFj+GtjR|X)ay45tJmcdjrR>Q?8zgCVSkQcgN?AB__A!x4mVp%ODB}cK$$?lGc<la
zhGk*ccvJj*YAH$Mch~0DBT;4@$~4>;l%tPtj~Vw2WjS%)($oK*p;Z`f-}6Ra6X2)E
zH!eP8oS@6n{Y6(}yvX6T+Bw`zi#tcz7}d*N%2OpL*j$uGqxsSHS*)+fv&LfnqOSwv
z=Lb3);iH0YT*QceTZCFU79s!g7iu-151{qoi=U<Efp9zy_0C@II>Jv1d_{M5Z)m`R
zw67l4BWLl8wSM+8L-3#LIqY8%j}J$W7{SbCtd3#4VL5zu)8?lm@EutrYE@@=@0b^A
zF^<jukV|^0R{aIS;2J`2^$T@+N8kT^UWTp6w^7d%`i^A8hW@KomHpSs{mPtg9hm*y
zoPmDtX<el2rX!Fq^_5!nyoLQ%j>%VghGx1Pw8}d$7|b;0KQ#TX>2n!#`^cwj6UIj3
zP@f7-brTql?R`|O+Sxx2w#6aF`D1E(orZErDEC`<_sHFCeI~TqP5qu^;J;#g&!#tO
zwKMAtdz;;Tcg$t^AEF*)+G=HG#%y(vqYgRlHaOV$oJ%>LH%T-9{V(A6|GQSb;^&*t
zq=UB9r=>4y=QpX2+zI0x{!gvC*zJqc%YR-`W4IsH?tgoM?)TKHzBOLjPmV&Y3u5mW
z{p17MCX(iMg!Qu}D6<u1;tZJw4gFv%hHWou=<{hmcR-gP;J?nB8F-I#F=tVWbibDL
zz21M~_f6Avqizjr0JQz4V^}?gtu)5s9--?2j>VIOphnljcaP6#<Qnu=t@?!*8s@1(
zP5Jn5modMmdA17WuPm$8?u26L>f=u5f%pbWw*P@L1D4ksK3&c8d857dCINHVEN6c3
z6_+fZlV8O8v9e*#&Cb6e28cDesh@rQzPWt9+0E9)*#1BA9bQ$dt~1v`^E_w*G4g@!
z|D$~VTI{F!5b~*<Z%JCa{|DtWHq@#P!6dJ(2juux6K~gFLG@AZ2pN*M)T;k5%Nsg1
zP67El^rdpXr5-Kcmp~eS0LIVXhVdc9m_^t5`dE3D)pX-o7{37HcQxu?FL&}wT3^Jz
zAHx@8_$c1`d*~#!PQL+(R;_B3uluxCJxKZJyT8!<pj=0M`Dgz67}Nh>LjKQmy{?bD
zkmDvA_7u$i0mGAb)CTQm=OLaJfV1|GczOV?s^mS6?s}wpiaNsJn6tOR2I48d4K5PT
zSGU1R&a?G4ILozKaT^@x<#%s`3f?pSHdrKh#@_}<1kbM>V20SLsssEb%HMZ@LYwDk
z2iR-#eAWT3+dQi}z;=79w>!Xxk}|skY?VCII=~;2=Sn)PaCpwAL#?CL$#gg(D@W3y
zT=smG4)dIzt?6*g*>puZtaEwZO^5R?&x~|<Pw^C>jFR%pt#HKcIe#lmi|~AVD|{B=
z*>@{ki%9wSRyZ9gZ@LxEMSAwMhb11*NA2Ob$FsaW%!x{w-ySAMd#1F9-O-+F?cn!l
z&xLkS>P`8f9c+y89BKy_V>~<B!8@^@b?u-$Hs#%Ruq!U=opw+bces(3PYVbf$JTtD
zM6UNj9Z}x$!rNTbZ_)4-Cm)W6IlQvR3rG3>m%Xq=Scj5jqH}*V{4RRVAY$wDy%&n@
z?s6|2wo4yHL!CWuXEb~#_1O~*TO6<a;Dw#Ch%)7}h=?jbfXF*85oM0K|Ft0+_C|b*
z^=whJxIG%)kH-FXd9=7X8dgW2BU<`yfl_=bCC)k<%;ls>c393IB@^s$O}GPKgZLSJ
zuCsOWmAe~S0<?_&lfYfaiH^Bw#~UBn0n(C8zoR=r8{cnKwwrjm!mZ8p-}wJ#-tN#j
znf;EXopY|djKKZw`2>d9{|hfZu5%|rM}Usb69gWRHxqcwy_~=+_NfF$zsSNH0}lS3
zou>&5ls_Rb#EtsxDEUnSW66uYG-tw8><p#~iPIwBQ=!#QZdfiVGb3P+81rTX?6$wL
zHUh>tny!w3CGr&VVFa9UCeMg~^{#CkO8w+!Q)zW!Ho5n%9l}))nP*Em;30+fB7#4@
zm84%hM3u_vkJIu1%rvKb#zVF{G5>yZO6NUfrt4!71Bov^uGyUDEDy^#diRC8Fow8P
zA}(~1Z|&ktmoCQSI?g9+csM|){!D-0v7Fl_Ksk3s`#pz;&++MV;wWklXNde^JNSus
z54MA1PF~Rt7I4mzcJv;}<LzK3-|_o)P$-HQ+ramBX;B-fvg2ocDfKIB2cJ6RYi(h#
z!+EhS9CJi|)((Dk$ZOidbw@7s;ViFe3y0+BxozQ+EKg|*<DAal+rSoQClvg{B`s(V
zA1Kni_HaTOfMlE8l;D6{-qQw-y9eUH7a{L#1G^)X^=;sr2zu>Jfk)on4rX}XIMNOd
zMJd?6)<i3X?cp1*b7Fg_jB$={55L7a-)Rp=<K)F{U{QRh)$QO&{A`SSHsND(p)H(j
zB-OQn`bN_JHn1V7?UZ(KHA!CD2F5i;J@xy>3I&>cNanYJuaXC#{GybfFs~=4ifh}z
z^wbGRG_!>~w++1ABBrnn9BHBa)f&oML|kqSGg{6k<J!QxX$ilyhHYsHr&_}ox5z8o
zK=myme%_eYEe^JYjjdguw1pk5U5DGi{?;PC;BadfX6mWdRRU;b>V#r!ZpET>&L~n^
zX6p&iR=$oXza~Q^iK$D5KM1{3c@Zz3ONKeN|JEnN=k~~p$xvfILGZ@}r(B&3vz(_$
zZ8ChOC~H$-UqrKwDKIrEae4~;6qQz#0vn>eg(>iL^c+&00&`;HE0W=-SkLBUn3ga`
zs7!{1O%m6qz~&|~Q&QloCgQ{txZcEdAsJ3K6@N^I@}?qkS2q<=@_f_S)5)MVZCjQM
zA11%;YvVES6u?uiUwK$Sj&pT9)bVk?Z))8u;-ZXQT)zu4e93wD%kUSsksOraqTu}!
zXT4%Se4cB&AZYEVgpgvgnY8)F1-}vLs0$YI;sqBh=BX?8jY7g#F8D_1c)|rc#q@nH
zxGqMNy2wX1Wvh#PX^VZ=1?9Ggw_I?;7F*|pnfANuols`aD{#S5DfXfhK9TPJ)d|<7
zyuX|<PNuPn<-}z!I3<ghon)-D*_#R+a>|nwsC2q6y5ORdy5uyh`&gec4@b;-(wpRj
zf<w++On0dw9#`NCCCw+(Cqv$=K)?0e4+@kDNna>XA;_f)ToS(IzEt3xy%PrPlWxK1
z&5m2}dA;0hq8pCN&95u4MG+DIL=kCZ<x!1u;Sxeei#eE*IVAe+cx<`K2l1FK&Y$98
zEicu@!$*AVukldN$DNOdt-^osxm1i?6;J+<pPU^B7o48=;$fr9TO0>_T}e~pph9te
z7Y94t(fi`yx;uJL9IT7H^Q$<R>uFLF2R}ytXF(jSj7>Zn54&SsHSsVpPDEsC9PL#O
z#fwMd;ds3GLp=FD{#7G~@Y^4O0*+n~<E(e%w<{$P^xLu9JZ6tx5CID$&!PxeE5%_y
z`<K-EXE$7SL|t~n0{Qhz*z-Df6Z}!648R{}+#){Lx<!2c$-P6XYYU4B8Bge(AS-gU
z6DE_$<xcpBcs_Q*K0@nb4cGi5CoJXTmN?-TK6RNB>IL~T+TKQPaKd7ngrQZo{)lX{
z-wtrzehUHzq$d$L=oo+^`(&}iNv_EXB85(DrPG`uioE3%5t!=~QKW?4V_~inB?Ni`
z^o%*_g2&@lyWo|?<yfVNJj(^YlbD?@n8MK;iRbWLes#eSUMY6LIo`Fwg`;{8L@o)9
zsEmli+BvZuK7M9vje$GusaTUYNy>Z|d@FTE!Htea_+0O3htKcJ?eO`qyb6i0J4Hms
z;Lz@Zi7pZ2PIZYGTI^b@k1GqGC67Pl!6xx3@nAE+G3J63{^G^W*bIbSDD;IWop8e2
zwv@F__`sgB-U$`<l#Q5^j+CWN_}cL}%_dp?z)5B~UHdU7S+4x%lqa~z4SEj4oF60U
z1T@|Kr3;?B`?L#ok#Xc_{07ds1v7+me&B*P`TMrHV7$;9gJ+2YF!X2f7JS}qi&~1$
zwp%cCj(r%wU-qSBs|zN$M3kB05>aM`OT^GwE)nthE*Hu#b^SwcoAj{g3=&l)pgL7Z
zeiGnwK|C+OJ|WMSHV^DVrDqqPP%pyw{2I=O*ArN81N^5f>IesI^7Y#=8Qzn(L5W@d
z=r$;ml!}h9z!80_Bh)#H`QJK1ffDgcN0^~RR3fBAZRrSO-Afz*%i`oIx54?imS13K
z{1JTHnMTp5)z&wPINSloCGEpB?r)s>Ne8&pxDYGYAI)MGbbuAj<K}gM(&qJ;qD?Jh
zPIrXqt>R{(E}SNw><F{cXseplT2j;D-PVb7P$O;~SJDAaw|)cQL>s9#9V*(4L6I}<
zlym8Du^sI$$J`oIoempsjjK$D>RVHOOos{SSTLK@ofYX&ntqBm`YWK9*PJBz)i}-O
zdR5A>n{WD!3_tO%uVwgyN3{yx5mU}#4=%cDWq8k)U*d!Ud%qhpOqZG-lVP*uIx53X
zsZP(&g(nC(Na(spM#OuKpr5j!5&S3avqrF%$iFAT7GB2Zc|!bqNw8gLv@i*FiA{e_
zgsWn!`AJZ3lRij-)%M#KC&6WVDn4(KI{nm${3wkf_@hM5-QEbQW#wEVOmglZ`y0V=
zSF_qg_)(G0G=g6h)JK=OZK!0gazBTyE`s0F2(Co5_^lDV9Z411A3V;jiSSWW%7H|9
zEBe`Ojo@1JM9hpaaVcLV!q4%|PA9_Z1bIm!oJ?pjHxbl?$$Ucvr+R0ma*l_gN-Ym>
zla#$wTZ{dIhwa=>P4~K$>7CLT0lMA`@b8#80=!T1KNN6C!-{&6YqnOvQLx!+0Xy*R
zK3)5c_%9{6F2tRZV6%A3K?!rY{b>o+>!|$_s`<B8NU+2HiJ>P(0_{?YNYr=^7LnI!
zo-0I%5^pthMEYA6J$}EF#a1RAGMIy6%>kNA_d|OrA3Aqnm;$!~+$v2XaK|%-{z(_E
zJ4pkf%L975qPn<LOrX2;3iKZ2lZzd#s02G|<pzOm#DmZK$<tbTQb-(Z!<^m5^ZNx-
z$t&Lr<SjutDm3UsG|h?bY`<@4EcWvIh86f@1(B->Y$RD!<}T76XhwZPVwMZ!Fe$+2
z!<_u3Ku&T+SV3zA5qpM<f_P0JzX^VQ*TQzB8SKU1dr4HGK)%BmRP7MA3h;>_?h{C<
z5YX2(8yI<shZ98kg@@Ig`*$8b<{SOSLmA%)@k@LYjrSJP1YQ7m!TALtqaFk}NFskA
zP(j3>38^6goUytZn0Jwb3eI(bg9}`o9_H-woiJO3*<y@d7xgl9FXCY#D)l@Z;TkRG
z;b-na7Vd@T0iO3@-%v{$jpJYp7vuX*dMaljac&jJGO`8B;gler5ujQSe-X&}!0(KE
zhl{G<VLkUgorm%+e6Ha2G$`;8z(XSD`QVX8zP#*NE?|>zuM%KC?_7yJGT&&8fHSQ|
z%LG^^By0IX%W57n&Lc`4Pqq>HJ043+`idtf$Y+@Ma|Cgr0E-0iLxH>>P*#oc<6Z-J
zt;JD-I)J>Nke#GegDyhrN}7C!U)^y<C7bF_98m4<YvP?DKs||=Aiy|o4##BY5i*1H
zRCc;y6&Ho7jLOL$xyeHQ-YPdt5bpfd4POaf480+U%iS<jl&_$qn1mY3J~5%jjl)^g
zaW{NoljgeNoGo>N8<yDRaj4_jQ^&YrtMrfgZurt6s|wUQ66+KwkXbG`Bj!fH93^Ro
z8#X8jE8Xy&615QZALV014Q*(nFG9Ba1$aPfqs?2%?>nLEX|l%&zjBRtJ7EUD1eMc`
z_6<Ca;5G8ATHJW3wPO>o*YRIO!kezO!rn+IjZE^@i4FLY4aB{iC#7U6X2pJ9Jj}yU
zUaY_p;REV~lqzPxEv>cZTf}T=uRV8wJ^+2B%K|(R|BC>x$*A3bLK;sHv7Jmuf?Cd5
zEx>d>>3{$$`C?-XcC`{;fgI^6=y#VsuRy-mkym+`O+1*4W#pV8o2NHZ&q^1J6U8Mi
zD6+ZNyWp%u)vg<ogu2rN2bDP>i&I>%-Pvd@>LAWWsG9xibfM1wm(w+c>J;4>Un9V=
z;yK4B0?t(&ALD;H=SKpZ;Vv0#A>ZS>zvrSpm#}RqYb5xSTZG6wF=m+rt3_pr1lz<n
zjWIO^=sBbc67xO}e-g)sJl3rz0jjyEVjeDYy?k<wVFj|R;9|Gh@trNV*kK1Bw+Wy5
zKMXF<uxGFp&EzC(MGLuYMjm)DKXLdc&Tl!WB9lo2z6YQ85V@3t!(@U_2gLe+i<oYz
z|8Baekfz`ebbE<!E|-MO8q>`yZ%a^O^UjyxxZSx>f;0Bvl%qe%g>fi5j@Y+3U<y&T
zJ21n>k_rcG666gIq6*m<a9zB=(gBBUvFjXAYkTe+2b{EfQKnjwG4!G|lbG5m<)juq
zmx(e_#vHn}P=?QV`7a0gp6`OsD+TeG1HKlze~Xl2+-?WdiSc_Ju*>Gf(9^bW2?lJI
z&Y3x%Bm;peziUae%@TY=u(O3Ve99*he9hBc&Kp9rk0n%UaG*XWHv33|B{uneiR`z@
z3nlWaO`a){>$bZAwxAX)!FWmjP$JW%Ouzo;cG9{<0r|iNE6H<XZ15xZBbi}?D}sDg
zBnw3O7m+LxyI^pI_@G}rI_^=Amj}2v$#()w6x`nkWR~!VNylI^2T|rAH;e2Qpipq{
z5Xc;%hgs$s@+cgj6`Uv~F1SX-c`od&A{V%zkRP!br_O>0Rq##1KR3Eivl>fKYd&k2
z-*u63(sY6$yB+ch7dhmJ#b%>Ayclnx?3sfc@=?zGo&rK%Wur*cUKf6=yu(GlAR<10
zz^x{WUGR|*sXAe-=pE;R4PxXCCu(z^Yfe~XQ*f41XY-D6p*AN~JIOb8>6DY4wu>ma
zToMsq?~uxz<WGlmz)Aj+U5KxAx)9&uTt>`kz`TY9n5qR_A(?5%LX@Z4$&b8<&r5|3
zWH~k%TRQ%jXz%8i*Yh}nL;hw&Hj}1hF;GV0PsLzfc~8c`3=Wm&$-H+(ENtcN2)rjK
zU&X)$;rSCWa8dLekAdYjc~=a%W)llzVUm6LlvtQ5MO}@76O!~x3|Z@tx5bbn4tYZi
znJJ4%JWuwnK?Ye_6$4*5#dR@o%o&4tsVf4XFS~A85CdBk`g~Z4n->GcZu-2|{ruz@
zcqbwQpRYu8ofHFyBAxiGM#@WK$aGHx#`?-5Q<*5aB!;YsN<_{-qT~ZHWOZ~5O74k{
z{ml!fqCMxma49-=Yz$2Bdaih3vA0>Z7j}7LPkP~m_xpggjPzGh$2f3`nyO+`;H5vX
z2jkPON-#^fNai@8*p_-tg8jC3Hzc@X`;@Im77?7xK_Rjfl4f5jSRJk+{=U#=uL6gJ
z96-gS*%u0YB;w;=;^?CaEVH}!D`b;>CB``|xj#_IWQY45L>%t93fbkrMt0rN_;Uqz
z%kGa9azw@^S?G-3slXnmd#yssoc#f3crA7)@SDp$Lm^|7e;8vSooC<}PPMd?++)iV
z;RgTW^h9`D9QJ7<P9~+XiKN;VS(FH0*~K3d;A?y2g#<V%Nr-H8C{q$~GA;d@K+0tK
z&jfN>Mh$JhQ$mpyt`2nxFk6u-6UcH!#OED~yeR=LDe{s8vdb;6N+1W^|Hc6*LL7sP
z5#GfKa5z$)lRyjYYCQSIV@Kpq&+vr_bXonq1lSOL`^O1zKKf34-r<#}Cy<}L^27vE
z9P{)=MB>`bOoR(@e{v1q_6!*es85Z|JmP@!L|Kdd9;Y03z$sov<PxvE??BDNj>vg2
za=inV+2o}TveRZq$+`B()eb1L%kv%NlHHDyUr3SfI$*3re$zpU9FLm%%AVvtoWbCv
ziR+AA^fX>R<REi-)by|O(g_C{FVLmvQrjcgqc5<Jp-Q9F>NwULN#29~y)??)PN@!Y
zn4|i(_ZaGu936bl^U3&(!^1&=d?vK@Yo7<G(w47GYXl`kIgtowxl&S{2xDyWx<s<j
z)(xNEw#$bS$;Wo_heTALMwKT*iQ{JuXO$ni<UNVxfJ^=?k(_sl#}l!FDBBX@Tg8LV
z3nK0Kd_7XZx!w`a<J%MAc$B;>kz9?E7bTK$(FrKCCt9A62o=#y=i@9dy33kG_{8fi
zNQA<eCX*6jT};%q1h^IxaWw(f#{LUK55(nRtheJm_`E0Hj)^-M{}<;sH;e`99N_|y
zw{ke3Ip<T2yRY`G9Z-p&>ck}?P84Ac_YT47{|P<{f6Nr*zXVbtB;fN^A=RYobq1{d
z{iVeUjM$A;5ej(kA_e=aKJO_wfu2m3DX>wTLzZAuln!z$75GEm!)foswmO!;9G<Q`
zDHEMIoxi2f2|ox4S7ewVcDydbr=oOOhA%|tcQOux9z@32?m?L^Y_T}0KW~$8`u~f~
zc~HiJkNsAL?e>m;%202YaI$~h?)*lE63K(e2FZ)Dj!E)<43++e&r4+aFPW^7Uo_RT
zd&%uE7t=PEn@mpGU@tG1*>Ku-7d|f*l+8ByNqFHS8(a{h5SeR}R@=xsw)-2}!wcjo
zmKoxH2Rx#DiOK*`zQ&QC^He*ao|AVv$PC_&NGX3eA|DF!#|}~^*imw#c+Wuxc1ZuM
zb-+ryyxu{|?X8feQ1T$YLy}iG$d}S~5;RWlr;9aY;Ax!Daq@AVoaSbez;RleYxdaA
z!zNDN#N)hWrk~8~<R$nCfBr;<tc-wS{*|S4t7#V55dq_E^4k&QBU|Lm2-u0kVg&55
zM^1=<gOY^EMn}Y(5!gk^lOssAEX|G}7i8=%mpLUA8RN>C6al}x<lo$6qaxySjUr!j
zlS|4~^8bGy5^i37h(A9hJy!9sgp-%>WKB?BjR5M^=tuI{_X@npzkZx9p?9sLLyCMz
zA(dj(ZUqk7#4QROu|;iF=#CX48>NU{3f4V&n?lw&B*g!4#BNexyDTqJ$SkL{M<FH7
z_5fcwMTGxy%BvJo=z6oE@iHBs>ek!1rqgXOk?&G$gG0Q6&t-!AhX|(y=Lr$c3)_8p
z+W}{r^XL?SYxaYHlN$Fifz)#&P|4?;9Ti}$;NCBgPlemf-**>Dhl}|0A}J={+TmSZ
z{@PAH<fkFcR#Dk+hs$E@K|AcT$)DTF5!(W@PTPT`!CCxumWWdXeCu6B0-WNa@OdsT
zj}=HYpMcLd_*B0*E!iBo*?a-MAnrE>a+K`G(7Ajwob>+0yC(_cDu26Qy?>TGu8*kG
z$e{=*668G*sC&|Gz1FsnY>R*;lDr{;tdUSDobM13SmeOz<t+J`-4XDPQ{EmyRye7z
z=&?%bnh02?;1u;+rTMxD_)|F_*v4YvG!mcYZka|G3gig_ImY+#*Hhfk51^m2o`b>l
zzIlqX#cq3v1n2EfFrJ4=K2+dzw?c5vQOHk14IP8*?otJ{%~BCykrKH^f%S^GRUuoH
zD1d!R<Ozj*ui*5ZR45X_IVG(aXYy`wv75|u$D8u7P#`Lwp&ZPF$(%GZ3&%F;WEM=b
zM^$D(ffTdzUTmVVpJzaYGxmoJxa^GFmjM@D2`IT#k@sZ6XG-E{nec&ITA2lB-O}<b
zm>m(nA`>n}Bz~L$vm&KU8L&Ar>Vph8<mq0N0dGb{eS06gAC<W8KB$k5S&|7$V-mOA
z2j9d*jqM7*#l$SQ4>ra+3%bH*vC*~n!Z)!4P(zB7kKaqy#tj9S8K3x0CTxwDre(r+
z@lget@M}W%nr^T;F=~A`*qfO6UN_j7lvvyiPA5gZbstP<98;eGUo>_W-v@^qM_=v=
zRgIDHqbBm{d&$lwI7d9+B=Qobv1#HjUEyR?>1<cH)->{mt}rz@W_?#!oSgVJJ~vCe
z&=uA-lPbHyH_akXbcHj`V%Bzr%gquOc7?A}V~V=M#1`_Qdr5H%T8iUa<;~B6?_1fn
zbO*JSb6<Cuk`{TeJ1j`^9O({MZi%k$4x3xcTQbRx);Ns8&NeYqy26b%@}7Iiq_$fT
z+0pKSxmoabds|H=Y;PZZHWR*XAAcbe&bE*KB@;^1<HsR$y1XWnOzuGYrn1}eW@o{N
z9c}wFVSUFbwAbz=p3NXD?r6OIUYOCvwLS~p>yofG3qI-MU6=(+?v4K}1GeA$x!p7#
zyYG<RBk-EEn85!!>sTIqi{amr#2L*&<(f@s4(0qVaba_K*MTZxi5!KGYvh*z+eXBE
ze01Veuh8`hK7OdA7Bq)b$_?An=J1`jE|S)_!-O_bI%EBT$Wy&o>%<SEVLm7R98DH+
zCA5nY<jG#TjyXRXE(_x7XmU-UU%1C6pNNKEZDMT{jJ1o?qRAvX-4(<3I>QTPlK4?H
zoRh>G(d1_d`>7us^6_YxEQ{4qFkcoYAica4#Xon-({LW)6gNkM>J)#ECgWX{=3Pae
z;Dv*VI6E4CP{f7Nq*B?4`0NOIk{5PHh;yUin+Wm!XmUK_kl^2j<vUZ?Vf#I=wcnt%
zIoh{r>wwNep1e=45xVQGY~#shUfjjQ7rc0cCtsOXpeSccc`66#b;Rf=dIR)U)^afD
zM<3Q0=<;s?k*@MEhjU(|tF(P@@NkU{PI_9zd}#qk8h#719BW!9IYI7;A5S&ZN9H$z
zKZ&?B5iWBvQxjn}A61)x>P9T$CwcKq0vs1&$`jysA?k+&oCQ<-lqi0X2q$bY(-Pqi
zThzG(*k)(AJ?i~LxM+{~Jpta48X>YviW=JpODXnBBJ6bZMr5HZUrvOja%_DfOn1tc
z5@DV*>St7sUGlj^nCgnE#TksNghSEo5y~ft@MlEgibVK6vM;K~t35I*s2_QvjwRB0
z<AFq25fz2gqNU!J7`op(-L8M{!=xWG+(~>>hK!UV8D8$bOok)GdBXv_IL{Raj>DcZ
zRHB5q9jGS=DaYvwjC{aB-nGfQ9pn?6XPW~m?9EVT94lS-TRSKr1P6G!HQ+fF2jj>;
zkH*6!&bz`3^Y|EiUd_jT?u99WjL(+^&#^dID=LTL;F{>!8wcBLjqBrJj=jb7IJhWz
z&c~ukBp-~0nX-3dEUcA1lVhPymQTmvw9UIa2F^M?n`2;%;vF9YZ!0Osys+FYf8r(I
zy5)DhWO{_W(M#q<{NQNNj|w^R7Xh45{=>7k6>KIkOIyJQoM%xh_>mLmw}MH0=WDIt
zSKc$X73>x|mbZc>V)FTxu)}um?v_ww_kPzL_S?l>&EcvPv#vRubfnB`4pp+N47&o^
zyS^EG<`my)1{Yj0)0$z^N%<uOmboJ~w1mxW&-*Rm(}<>Hu>**hiMe*k<Ed{3-$i*2
zwSdLZ5$jvf3H`hHUvJdu=5WzF2pf1zT5T#EjrCk;2J_<@?M;QEcu!?B*dMP<O@+Gn
zd;V$;ClXRVYX)Z$<1gW>8p&Ilkz<YIvnk}gBzb#F@=cO_xj89pEN^N_-fCRt^lMMa
z61JVR#hm^-iS6S`IKl2FZ6a{L^Z|hvWYkGsdtPsE82}lyT@O9uYj3eYdy2P-gqq4~
z;yg)UE9qz5<^z6P@h$Wasg3+H87M!0lXylOujFAi=d9*o71y<v$0D53psW4A?qBG8
zqn&B~`)hvvgjN6JNS7B9xcgN-4xJy<E&Kn6xc82(;@Hx~zv^`QRCk~5I;WJ5q$3>#
zL<Soiv5f)SV8Geem|$P9@AdVax#8V6Yv$cIGj|4&a}-eo5k-yyBt#ZTA_$SA0D(v%
z=ghBK5+Hfzy|vzY^IPu^Sfx7M)zwwC_x`?JyLK-i^ps3ik}Uv3K)k<VtRKm0PX)ad
zb%a6&{BqyLL`$Hh^*40<pxXDpi@4iIYA;EM=*Ry-$IY(PaciZPLdQLpGG5rN5ZVB3
z)a?ZAL}4&d#avD&?%&y@`HO4X1MStl1fP8<;2cqx646oj@1@n({D(34|4DDVKF9xY
zh%_!RFi4{L2H7YX6AavttmOt-BwO<hWGnth26id-69cCe{h5JVN?@#sGpc>mAbFbq
zmO-9q&J9B#HLJ|PLvK>PDU5OCEK{(8q&yR)^sU7vwi<M=LAIOL36mT!YxL8#3u$^T
zAvMOZHPBk!O3+pm1`0z!kVV|TXT2E1U(9y|p&uB+p#RC(PRPr7b>sS?t=G}o>O?+s
zeu44-563ezhOh+sM|`FKmi#we4BTIxm-;PL2(jyf=}WAE5@r)CT_Q(_porugdA~**
zjCkKLmJ`zYf4;o;HPSHEo+#lHTi~_-#&=7CvshatvX|JG2}zgiQ4-0P>~#`ZDJ9lu
zOT6>f)_p>HOs$ReML(++v*=J~{cohl8!w;b?gLgY;u#A1O7<EB^Q2bm6hXwSY{d-&
zo26i*qL(P7@E7}lVxInJO?_#<{|jVnpZIwnQ3aDeOse*x^2q1TlSC{hdPSlDdDekM
z43Xp4C*rzHm!u$FN!*%(995kZ#zK#OVhXaTlM%*sOYIxR9m_>?du=)>3FmBQcoObA
z>O?m(kM>JKVIX=y63%dSd>Bt7{i_o(J%;v5!pfM4K1nDFs$;_fmm5>UcoeVpOv0Lk
zq{AsFO^Do`f~N`Q@h}D@n%lz|n`q{QF+I`D3S&{C**}cciAB|Mb)Cr<5G?OCXAc!f
z(#fYNl49<8F-lIlrlUxXx#PtEg<bceNbw!=;-(UJRL5AAt@GlrYLE3ILkr#0-DsG-
zI+^WRFW11t??aHVUps39$RRPy1H!;Na|3uFsZ-q`<~V^C&&YAT1ISh49{BN4iM#C=
zO&^uF1#n%zXjaXClkRlCj*Y|^;}s06`8Y2I%B(^c=*qsLW3UpsspFXvbw(#+)x9;q
zrFgy&!yZ5nx*-mQgwKz|6~d;)VTDA8#|fOl9}0LRv+J?wuh4U`IIOVavB*$qQ7rDM
ze1*VS8k--BV;U7eYMqA*tXJk?4}+MkyEtp0m+uQ=p_dg3yym6LVo*Z)WP$Q18!ynG
zL7zoqhRH8QW1Gp!qcPl~JEL*a;;W)D%okc4g$2IlzN&c$lNk3zTK9mkqJOhS5t2=;
zHH74l8Zzr%<8G)s!wCLj^&=#cSW5_*Q}db(LI#k}Vs>yhsG>Z8Nm7!)RBIGl0P$xE
zI}^Za)hY_$hRT)(uuQZ21#ndho%G{?Ct{l)J9WOFp|6*1@?*W%p5e!RZz#j>?f~@{
z*HHTc6Noc(gyDffpZduhlMeBd0*e<jLFIn}*7|(=ICl6(X|-h0^>w+Mzjj3c1Bm<7
zToT;wN4k_OYF10Zt$wjE*hW8g$#=<s0G_G|bNtw+-H^oZ>GZuT0qmyw>43Y5GD<8W
z%GU=3V{$SAC^Hgfh+oa9GXYXzcM;cban`<Ehna^ZvRkSgUAFv7Od)pWm%@6mj4x3j
z@u6R0n#}rriPJKD_Bl!vUiLYzC@lYT%v0&I&rqgD4gC!HT6q4aIIb-fI%BAp-TNF{
zy>`*(SVq~_&rm`6l+UouU^hNRACr#z6no5Y=_j~hx{S8m#}0mi)pnz?pJS@SPIts%
zhZS_ha>gci#AU{xb-*4!D{7CS0lKn1js)1`_L$6L2e!vU9$xt|7Dln%pWs}Sz48<6
zjb;@cF*t_r>WK3(EW0CS2I;_#xE>5|?SPT7`$Z4S<JsY_FeOBveual2cIqoEN^r)0
zjbVxG(pT7($g;l1oG`on6-vYLSH8xUq;U4v*pWP0p70I1_A1-+6_zwJbHBpK=IrU0
zC~D3xeTmtxh4a6}w%3l<)an07{?I+JCP*$y5jW#7NT&VckuS6Rv8bq&uXRfD{#dM1
zqpru2ER8)0qDbSLgP87NqhnF*;ey#r*ON<v$n;Jl6XHlNcSZCf_s@;P>WJiZaabN1
zbt#S%MV{1ZJhzHJv;bNJ7BP&HI&NpUARA>2a}?tgL!n}AWjLxh3m8VKbOb}5%F-G7
zX|&wIHI46ZFxbNuJ2>c}y&SC2`2`y#dh%8qGrfUzHtA(pb4A%uvu(^ZBB$D9o%yb4
z^O0$dv&jI94!6lDi}trkp+%qh$UbYSQqyiV6%r^IIeGuFfhm%Gz(9#aFHy{uW3CA;
zD<@7iuwBU@w+(V!U0?Iv-2L0eKx1c+jwd8}gN~V!F+j&IiJtc0p`=gMF;w<U)A3N&
z*Lu)Pi3g@CR8$OC-HLIlADF8e;<_9)aKuBdYP7^d?rSG%`BdK}&D_&P4V^g}o|0B;
zH6ahyYz@~W`b0&JZ0yx=Tn^k($rP1dQOO*&u-5&T6>?f>%GdoQAmQty{!TF9@Pwa`
zDg6zua=p+UH{{n>^}rz|T+ki&6#;#&s_Nyx!)c9Y{Dj3Gdh@rKq4N{J#d@9R{}zM1
zbntI+*URtz2BT>B=x=a|QgMB{!B_u)%?2I+1F}ut`v(-5;Tt`0*8IIdyjI}C?{Uov
zo%%gS`S{`Aqtq9%^7oiw^Nio)u1(MWjPnjJ{u#Ylc=^xR<aZYRj4OV2;5S$rc<cJ_
zF`e_}zri_9pZ<uV2!8fQoQnt-{D{qwZ0^rUkK+A*#*rxY_;<J+^ZLO*pe)F*{tokF
zBM$!#_hb3?-(h21WbTjX6(3yrBTmKh^*`WLh_C$}<|H&*`1cr-$d`$G6PphGdmIdh
zFZ_gU$+74DfRU*;&2@jm*=Fx-{RvskgBN>Xb#s6J9@yDD;#qf`ZtlO=9gmyqH@jo;
zYxH_|Jbf*c`A5usqiOD+F!k+@tN(=c?+zma{)AC2{RMx*!j{v?_CKNceHSkkw`wG=
zdfZAd*fXsgi%UngaYGzSKG;XD{sA*Ta@{$FZLQ-y$icQ-L^<<gYt`Q&tGzY82Nt#u
z0Xy1L(Z~HA;^+Q|CmpPeAF;3_8}cJ=bd0_C1CD*duKa-fPwOxJ5feTOp6!9_pVeFT
zN9_9CH{_4#`DOC%A29Z-$gMw+MPFN|ej@o_TZexl+rPH<{6xlg;%okd+ux^-60gzS
z%=#ndcQ<$ZgjL;5G1&#(*9nuD{%7mVpUJR4e^<+AAd!($rOzO6GK67L%H5DyXieuO
z2+3y;gx*o;iFou^`PO*MP}#hAoL1@MIIPilSsV^)q3v<V_9ThxcX_N6Aw2QW%^|V&
z^i>Hstq0bGNKYCoew|9K)gcs9nk(8j^c4v>Yoz8SV3}$43*okzIy(WIEcJE>+bq{v
zblj&dO~4JGXL$m8+H_6=wmIss1nhKNl)lYRMg0-KTYo*^*53)ZEcReTglM56BCsSx
za--<{5H3WiixV&?Ixr(dGGls(o;;4RGDBow&>9^gV}sV<5ZM!?Pvgm&ICDe-w#Q}F
zj6coXOh_(iN~gu+57w%9+?3Q!@wn%P6m68pl1K4E5`QJouiBT0!CI=hOF$?;ab>nn
zC&c4AHBQB&w-H$wk7>r|<)X&tI}(q6_UGs0g@H2m$K#AYa&tV=1D}`1qi;l=;USbq
zS{vfAJjxm>hAdha<;5|<KJnNaV+n(BCnhLrh6f`@#*+=P>cDuiJI>r2kE3zso_L&#
zGk1%A#*LP0<L<ghcf)SwR}VVaFSAt+7AgKg4mK#=fJtho!WJkd-#}GNt(%l&1Tpe-
z6cCoKqqk%n@d!x4iaY{RSa}{4$f3R-Vc_p6FLd*6ano*M4KQ$wuq6gINWoDqk33Jd
z7?_|Yjx#V$iy9<IrRHuE)Zk%h5Q^-d=o3kB68=nbk-zBe=F0M661XFg3NoM6!l6l@
z=??`(lhntufY&aKE0fKqGOo&|sDCIYKF4>Fe@}}g{A<K62_s2hi$rFU4Yj$_-^f4W
zx4>`deK$y#opEr8(A5ssOMI4tGZLHP2n$1pI~b|(hhm%*cFV>ih4!-r1Lik;7^1OD
zJ^`%gCLi)We4!7AJZypwQ*`>sLO(A*XJNWGakhn#G%&>?GwCg@2B!Z#giL<NcAA(-
z=qeNCBs9zv!^d)LLCNSC8%Jf{)5cRFl0NKJ=nNlLsC<|Yr7G+1hCb4>Ztw>$wy?>=
z@+}O~>0}F6bUwfmkUDX{iMig<TJ`&;l6XNLApTKdnQoC#zJ}8hKdX^D(!H8o;|u%@
z{7lCh0$B2N1IGz_Km}E#GpQgmd^mMsNq>qF3O(b+ZG{(lF<xbByf~@S>0WHp_)ss-
zXrWRa>7E?rdAo^~XPB%ZGX9Bel|?`7$uiE0mzL2>a`&>_KE~n?ZeD={GDee#4Kn7C
zK(0*kNnS0VryHx}o~hVGXpw<|5<4jnfE0VqK(-vZVqlswh!mP+zB=1eYtG#<aD{ai
zi5;%tItk6xa7g02G*Tg5l56tv`dBOeSWE1MmF;gbuu-CgZpde7kEl@wkOd|gsm`d~
z{;$X<)y^YU<`am+FV@F+$?9dJR0{RCQ7H2bHrcK7J2u98BZMFhq4stg8>v-f<0cIq
zv2n!kU$IGrv91ONYDHepBJ8qHH0*}TPL@IgZH$!pGMi-SY>}wf{VPSiH<a%ai;bW4
zky&(%T3Z)HxJf}iw=!gmC!q=nE6J@Fa~}CFohISWe3K+(L7yQB98&PY-}t|dFSm&5
z^UZqUzj1voy4sX5wJwR&6KnbHJ_J7WUnS_Y@}*DeBj6+dHG*&dH+Am0tnp+IVFT;C
zp2v~(1*o!?*T(=kkXs*_a^QG<ERsW~>tnhSF}VSm<z)qFxZu@yq#>VLSJJSb25zR|
zJdK`F7tbhLRu^jxe_maTG}(r_C^q@Fy2!SYch|)n-)L!J19BtCme#?7*kE2AjEQ5r
z>!2hq;y@kDiBCRW2Qx#X$*cxsRl-xF*4%$WS_@SJ@sEx036|_^_X*C(#`|zgvQPL#
zC*!921g0KE7T9Ex_R}~4hCOtEj~wvOo<4HYbHMWppG)nt28?JWMBgCQ^l>#JDN`kN
zu}0QQ`YMf_lhkaDEK}5N8abrs#Tx0Y3PAj_jTmA_s-=XqQV$aH2X*&LhnX0AyV4gu
zpPVN`lP6TmOKiwLfuJK@PcWO<s|eXfoRfqcsu@u4UKgxdT+0di5o<mn>xp%okewvD
z_8R;Z+#@vU5*=^3LH`pi<SJKOfz)P_Nft)v>J$s7^z$Uk!cc>bwFEIu8E9dQnYzdl
z<lmlY;e;8QZsCb(ikgAeg%@jBSXNQqL&769u~OoOXjm%!VTp#x^6nRLzHe4;)jJ1F
z%#hTvCgw=9g_!NuoJ}T1>uQFH@%mZWJ?~{MG%>(5$GhjCzINYnh)jCRcm;SRFt-g>
zNb1Hm!Zdyhp%blXZE#0XkF>!<rJw6!)A)oou3>oG8k;@*d~1|@!UtMogqP-a5TwXj
z+W`l?fh`@di)yn!CEHBvVtYI=16SMQilt5Yl$6=5X9vu6{CzuM1Y_em;1J`}I$)Wf
zJ!pevfne_s$Z^gFe}K#gbMgl$k6>#)z=_DH-5-!X(d^&{*c44Ke1JJIF;_l7VGNu5
zAqEC%{)f00jM?xZM#QqmAL3*z?e`J3#KjE$NFWHd<|Aas)2$z2XeegKM_3eMk3Yh#
z5bf6%M-pNNx5dMRP+nV%2y2TzB@<HV#WrMnDlKV4o~6>$ZOEcJw6G1i*tne-m?2Hs
z(GED()GF(M$*;JyeAKJ)f?8)avqpDBK{IE3N9=1B*whgf%~)Ya<TbbVbi|<7!iPE{
z<Mq+f*iT8X)^t~EvZA$lqYXB;HbtYmT3<9?>cl?^CDaAz66h(G1o4UmHCm$gO|nU%
z*G*C?siNkN<Xkn;SB@?;aYT7j)D)>~rio!19c<#f#_t;F?P2E)T=5tu4e~$_7Z`#u
zx&H7;G@}+K{E)m;y}+90F)WwtbGCbC;l7QPG8^Iuo8XLgFhOx9I=G^Q=8ON;vC=U{
zdh4gWHE>To60Y(+jgv8hME8<WM(9I{43p?hiHxt@P<Z~1Zrq?NS57}&C~bDbBkUzx
zr(v1IwtH|{qM06?ka<4=&*ac~H@u6k)W|rMF4D*}^<nL}xnJQY;3qxPbXC+11B)fT
z-M|hhlxN_H#3qPgk-H0KDF<#DNLT&}JW$vw1KZT_97CX7Hw^87hnG;?@Pw984A<wp
zu<b1?<44$85B3qh!h>rhG}hy)ztLWlOZ2vmbuvGx3q->N34fq)LBhwVp^F|YS1aV_
zZ3q(jdn!=FCc+DKoFi<4jztm`uRTNN$3564vqK&?l5d>{eN;ZzgDf@lM8i6DePtWf
zv9oT-(MXB*3kU}7DwhF@|Ck>W75^zeuBra?0J1dSMn6V+%vk|4%In|fM}ar6*pG$O
zJ2@c4@fpbsV5d);?8i}Gv?x!t=@>uRZPO=WJ{>yLPgXg!ub*sm1csZ!k`@L~#OfUh
z;1<iN5nn2FcFX{>qSn5|c2_z6rRC&!EFpYgJZ8!XqFf;JwLugqx+q^)BjyA#O5-Dg
z80K+A%@hxx5yTQbRg@3t^kE!s>cRVQ7$Puc92QWwzJ$`Vakxr@f}ssC_^CK#npD&;
zH|^3m*Kb-JhvOEX5r>{W{vZ}5KDs*=D{Y<=i=#GM9E)iV9UY5w#vcSRnYkzRru*rp
zAjybu+b@bt&5Xyj$UQYNY>CkK;(hx`^g#-)3N)D_)FC^Xf<rRho+2<aU!H<eh0RUD
zY?Y2n!9b1oO2I;n-A~3Pjh;)!NwK7o(OYNRlCfK-E0P6h<(bLY<z*w2F@n-(Nv>D0
zJPE@Mb}R{d3|g4vp0mzL!XcB*OTr|Jj!!}#AMc$cOgMWGMum@_O2lrP??}W=n{7?R
zT8A!7L>A-Y6S0}G(TV8qrw<cw$<NCZ&@WJDcL)mt*I4y?#a2;+eQsboUnil2gr-Vj
zRl5f>#2l_s$Wo;;ZAPF^cfno)Cx4Ag#M$<1VR!=5e=T@}G2qw8lY=GSW1k$_`8|3o
zZ(sZ#2Nh%O_t>Sf72jimM#p}SXBtoc9y2`b-gkK5q2=G<q|Wzzhu&Vc^*e0v(wy%w
zoARmOp@_0E-?=dgy}!e4gJ122@g_Ul4d+a{w;Og^d~G*ex7hM-Sm~qFx?z&dhjhaR
zoAv6345$8xU*nd;?svr!M$dJ{SU)f6iq(F$tt%e+>58s69pG7A-JtfdU9pGLK3%ag
zf?w-`qY<pU3#LTUeO=Heim&T}IZ-U93$8}d>0Pitnh))Q`_Zg-7p#w=H#%chkRR`i
z!XVq*8AD>}hR(Pd%jb8-*f=(=Gfu?O;hj+s&mVq^^YQHZx5CWO(r=NGzze@cZUS5X
zEgmP(h2Nqqk&pit{laY6w<rwL$DOb^iJ$L;eM#&@C!9~_`JFI0g)Qxby(x5RC*-E`
zL7i|smG$g|d3EU3Z!jW_ANdA3X{`7g+)txxzd>nTKIa?ss>h~$gMxZ=$Tyf<pWpix
zcGYKBeua?@=%O!iuK}O%B{CbjUhVRRwD*^o&?vm;Q*3O+c6^GhjoGy?FtiEX_XTb>
z;p@J@@TPUjKSjx#wBS>+=52cVds6W>J@F}--hv+ao|Lqp2R<doT5L?IX-k9-SVw|v
zLOpbF`qXo?_dKjC^qqBGU{i^mtLqxB;{uz?Y;RqRQ>ehH2NkxmE=H-=g1We<vgvgN
zW^%?0M60o3b+N-kAEyca#{|;dt~(dfFwx6O(@^2n_ov~BH+p6ocGBR)G)y;GQ5qJS
zzD;T5q}6;{J?!%PSEu1lz*^7<<GDVfk(hq-X+unk3NA{+)@bW-LtKp3%Nt@^jJdBN
z7RF@p8un}iA^k}eE;<v9-v`!3yXkgjM+=k}NRLK_Odmv%0-2tTA`fMHBZ|yb=<z7B
zMKLZ%VS>sYMWeqK>>Y!_9y%rlvpm+s7%cNdZ;3&XhaHL$cE&y(gS~q2LJXF8*)?$`
zZ80l|M>P3v3<jDbq+79Mg0IYasds-xI=I<>|LW}WVjgkkd(l&3W4$Pp8Wm8?msuaL
zuyc)`da*}gk9B0K4a)_URYN5@ZfUeoCsRFiqfX{}3Tj~hK}8qIm6-?vo8Ln^2~2$t
z6~yWP9<roB*}E7bbl<zK?#q7{8x%hKU7S_e&39bgx8)tAYkdAYV%pg3cTl0xLGNIz
zhhJ}jGEaC@3+&YG$M4~`&c?qctP#E29E&JF-CW3hxVSkUQ#P-K>$x4=0y!qX`!)`n
zY|Go2D0JW3=qq&J+nDQPPv62-A1!+eM{K_9E!?rgQ{TclCqlG*g9YccM6Tai+!8qf
zeMd_&AtE@sB@RdU#<#@gNWGvXSr8N0*b-Y~wDguZ5|b>-GlKN?d!#r>kH1Iy#L~;}
zk=$5%_C2yA_NgQqJrH8snqyjme?@cLOJKd4V|k)|wHf+^!v)PSB`GYfDM(@&Z(&3-
zz4IpSCi7EoVpIw{_$H2|(DiR(eJY>#CXS`D8E;}z9Xjp}^h)Es-oWfMcK>y3tjo8(
zj`F%}?dw=jkB)mCqw4b~uVGRB@RHYXumN4&g7j@j=e$PNG^EQ~kcx&h>owB9QNw*L
zvAod{f6bVPG<*+yZ&m16Kv=$xD}+vVw*q)?9T%mLz%Kpe2WsU!?<ZtCDI;uJ$lc<+
z6fdAw;^BCd$x#zRBv<)yWe77gdr|^6Xc0>ia6n6%l7Lm7fztW}VS8VB5W;?g=7-2-
zGeXp4S<wX{*S&r;go~E8J%r0XUDU63UKuKE52KGlWDJ`}MAdNq%HRZ?=d^bM84?+h
z8;@y``r3Fbisb9#aXeBLPp*iJ*cgwVQTo<+42X)^9*_K}R8c=Nnl6ba8=~o)cycE0
z!;J}ou;$nD2WIY+$OZ|&0)EAJH^5B7W;VcJiJhvCBN81_9~)&}QcobtaArL`mA@2V
zSK(V5V5-V`H9$X&t*ejy!f4mS8V_Gn4~IQrp|=+4Y;7|<(d{|SguzM}*bH-N;+0pC
zWzYk!VuQg}y^0BD)4W%aZm}n?2vbFezJeSdKi3q8eSBwA%(dz4rWoSzNlmcC;m;c5
zsY8!7#%adqHAY`Q8_^h(0{mnn<Ob?oYKXa<uXq(VIGyk+jz{o5ucBupzx4`ABI%>1
z$cf@5qU9*IsVOE!)1^)DESmRkf*CRFVPjm4q3au?B*@1!#+@J=+!#aR`0_?r632vw
zdlW|t8=^Fx=QPB__&TKxuqcrpY(P#V(wlY3`NUFxt?^tVlclc565`(=vY;JC%j{u$
zJk(m<`WSmW*0qmu*5lmx7>_)!>~D|hURBg*d;bQ^r1eDcirMsBTO77x$G1bVt)3SI
zkI~}xnCQ34KgLqOb?Rem_eX8}7$^O9=Er#Ej~M$gCI_sYALA+4C%40y$T#MHj1^Jz
zP&<+n<A{6D#6%aj!-!yDOFJwGYDMkvIH-#H%du*C2MmorNX~RXuY~A@9k4hdu(<<v
zBxuVz;C4c``@_woS28<bTQVKpfvitqx7(p-YO|5;aUnJNK|7qT6TIAxOip9V+v84J
zN^X0csvExZF%H!W&TmhyHPOX$_Pz4TrH?V=ReH7^S@l}oe(iAm4Su&R`n;L6tu6Mv
z86nE$ZzdJC#hQ1&5$`>rrBT!#8(PjK+3k?tCiOuF%xTl`Q3vdA^RxS%?uPd|;K~R5
zP6rJ5Fy>YV%>Izy=zxtM##D5`$q)Ip4tV%s%*75E|53v$;>wRw#r5ObnxcUjZOxPI
zu(+)$>hs&0Q`=!%+oM`7PV@-|x{0YIw#39fiOn@JT&5)k?#X<O;U4c4{O5o|rx?gp
z`9K55Ro2JASdCUtJka<-iZPzV$rLL*6V>N!E+iNsh|vh;)BSO{uILBj@Juld$6=V-
z;Aos6QmUw5skwVgD?Mya9Qx~YW*n~Re0Us2ds*K&9Q4v#u~<iWX)MYp+aHUC2Hg~k
zDJEYSi%lk*9gE%;T@*xx#U}(Y+{ZG4DE84uF<52ub1^t(GhsAmICQ%(my9ouK{gAY
zh{kp{&;yi2n|tGMB6?JH?8;@CoRO<Ta*mTT0wii5uKYE6dh~JMW4Ol|^*v^L-pKtm
z_UNjpKcKtESLYaUo4VqP(P(v7Z1bs;zQ++qfA|BQIlenRu#M3LJ#f_T6E#BvfeSxi
zMIf;G2kZ-I2Y<jkZujbe$r0>ecPxtd3P_JM3cI^XO<cY-Ca!-E+>3Ee^}x7b{RQ2T
zAL|q43$cNNT`?jqu(K-`#c2Y+9*cA92gC=C{TfT+19yIn-SOI~U*lZ-Od@_bm-x!K
z?kEV;Y2TA`b@azSps4OE%YHysJvyleIbF{uYKGMhWc`4Z^#enG!2bH$!ydR?e<l$>
zoNM&TlpnCZF`e0i^ln0TcPDFK(Zx#+Yxc_h?{KCWecF|bYkpi3RkvQRf3FKBwn&-P
z6&G3<gS+BZi=+o#aO%A@0jVdy?-d|>RV#k$I}B*8mk3zjnr{<OzKyZ=J4|S!&;AZq
z+we)>Vdn>L&HWxLKD2v%hsz(*)7^03qnJ(IaQCC+e%<h(?HGAucQWEvBZ+8l<hKn+
z{fM>Sb_K?FP963mws-#L5kF#E7xP#T?CW9<{T?T~m=C(5qKjGD75BPi(;B?Z4>#RG
z9_cNWs8}P<dmfMaTeznW(+OQ-VL#!S7VZ<4VIfbVeJxCr`E?UpWOmU+KZTAo-4tVw
z4S`D8Jp(&cT52Fi<AnweYizTS6Aztlh~>@48knJn_PF_LhE>Z+=5a#ylIk_Lmk3LH
zNp3tigh|TVqC8o<Le_*(sQa(Rk`-P<n74U`e@(n#fBseRxM;93@t9%yAH<=|WG4jI
zwXB74IAEm?j>9}(?A=)0^wD#%WSUJ&W63oqa7-9WrU{dI*56Q=&!T{l8^Rb)hlVhf
zhlYnRF(Ovfr$?rW$M=mk&c|a!bm(F{R>ZiQc^hIv<?$$uaZ`a@3N{pW`$(+1I)u{L
z(E=gf2>JUaklqO&)WF3{2$@YPQ@A+SBk*HjcLWNFZ)F57lR!oUhRP?T!boh=){|3_
zSfJZ0Be7pMaw2g~cLqcXE75pzBo26EhDD;#FiIl@osS(JfpL~TBoa$3dr%|}S-#bg
zLg4iskvMNh?21HBhvi0Mw&O33#1%j7A3-Js=siyM1?V$QdU1M<lU(kcjYKhzEQ>@r
zUsUUSR>wD3KO29hH+;gPxw~68iFL+@tr8pT!()lvv~WabS1b%y*nSJ=l#o~=Jw0r!
zg<OxBZlRYRI&30KzoEHfuz-*(^7&qpA*M!hL%){GZs=FB9J&+4G^NP>AzwQw4TwXQ
z*Sk3uIo=kce8=k*%5ETa%SF_?Ar=?tU&W<;P5+r7_L`xhAbR<JHz*E6Y<*uWR@kAk
zSWI>NJ>$qTf3Dl=1x}X-u{MHF3F1iQS<{J;XWSp2MCrM)WJYv7QQjF{A^+0nuIWyV
zeTyd5d7J1a59UdHp~oGHVJ=dnr!}!+`A$tpLTI6enabKKACwyh=x$;-OFZ~T|1j4h
zW<Ahwhxm`WVIjf88Yam7+@oo;6=S;xCltCzBLh{sK_jbGx?Lj|Rhp}jzFNH_9xT#|
zNDaB|3^!%VI*D)ap-f_VK4i)Cf`$GH-)CXI!ggD@sL&ObkVc+m;kwGi1kKZEFAGCG
z{ECUC9(KVL9Fea#aaK=!V4#n;;)U&M0oQ5xP;wIoPLbIJ>K<df;dO(#j(c%OVTZg}
zuF`d0WNLh_7pt_;6J6ln8CCnim3uXn{KzR`_-kOXn?J)E$MBE@?l{;ku|1ApggnQ=
z899EIgZ)ZeKL;~~RdsMwr59|`SH90iffm|qyQfCi*yO4(k2aa*r8zd)@1>J$GMLf@
zHd#$+hD{FAXwkwg%0}6)k$mLC6N8`gVXPTC<U@h^SMh7UwdfaTWxm8o@#jgxdK;K8
z(X$jwWL`|MQ)Wx3dsw13#TA8L^<tnJD)u5<?Eu_VS&<hDH7fYzY!4TFa+Al6*gWM~
zBv-flPtUi23QZIfI?u#ZiH|XnFNN+J0%X?%ddY02U3m`A765}^_hG%lE(+;VXoe4m
zRQ}L%&t}}QutKB9EsXH+O%`%IY^~*bh-M1Ktn)!)YV}ZwiDBL;+H+s=dzG<HzRN1Q
zIK?U!6JxcC-Nc!!Vx#o&T?I>JdQ~AOWLm0_VG2E`kktx3sF2OdT2gy_n&W{E@lWmJ
zW)b{%;E9(N_>fQOJRg=Ce2fpfj8H!xmYI9W79aZfx>nw2AVYK~L$eoZsLIje=6o^d
zs#r<b14XQZh*NIPqR>VKN2Rkb@~qT@n*nVOq0dwyFYJ_xp%PuL;(^4cs2C%Mo+(0i
zR6Ngp)`yUPt_(;G-1oVuS4Y^$maH8<<VZ1Ve3+%EqGpxCmigRdA-#P#q4JAj_*Ayq
z!eT+aEsXQHwrsg4yxYVy-JP!!I?XdN#Tz}t#7b`ypxhhbHcaVtpIBxz$45@l?X}}#
zo$6FA-a`aKNcZZP?#iSute1*EH#(wXD`B@3^p_frQ*lZP?N_i{raKjKxYF#t)HQ#p
zPF1XqwsA~YW}sA7$Jjzr+^z0eDjR9zN@W_P0~!}f`GLmreaQ3B(LTY!_)|;ZGWNg?
zIiRO3F=2eGg$Xn?(ZVXaLvoLbn&WH?vrN(cL@W2j*pIJ@?NwI?@RN&%uSx3R0B%cX
z#ZwO}EH@w|zUi6(#%p|O0A(7T8bFbU4+`L_hxHC%jZR1UvCzvOGn9DQJ%*{29%Gnb
z@U0AM4YrX9%}wVpL3j9QhJjYN$PxUHRk%L(n2Q0F`}pwymO19p0M<FC=tz<CGIyQ>
z_ZY)<qOO*N7X7YjKm4uA%>uSc$Rn}Fdr>NumyRKlwNJ-kDL79@wqlOaaa5s0b<$6z
zeRVQIU98mJ<99Q^W|P;83=EfS0abQM?4+ys5^stBl`-U^L6)oQYRBLHmUO9(qhQ&7
zVIRYb{n#rdZuaA_%&z;%S|xfN!zqQ$W5`tLL5965TfopqYkc32lUlg19|t{S$d&*(
z;ic0V$)I#1BU9*NZ>{IJu>@5o6rBPKMUv;3MK&sIfr;CSwb4YWO1GN0p*lNE4AguA
zl8w{iu8Oi73PKhOrD>9LI-O*a>-sIFh7I|oH52Q9842ET^^(5Y#7@atXbSBVoMPgZ
z6dqy<d&2q%E~F-06X;IU1(utkS%M2K(Smaf6lr0B=qj{q?WO!y<%o-#rD3t8UsAC_
zvQDUCK!dwgoR`9DR1A=p$uF<33LA<l(y(9BhifR8tX>*!O2JzyhREU5Di+qd-aV&1
zkwi__Fiq0SROCw50To-M;8qnUrErdlo;9v_Fil)Pjc8BY(>H%#wLkx1b#_-aUB_KQ
zd+S0i^2@>kOQBsJJd%C_PRp8DI_Kqg+>9$uu15%5#0(GSYBbYBmTN<#8sqpMpW)W^
z7j^xK_pl&=m234GvA?G|GJcL6Bjew8NLBYn!j<pdQqx`TQT~vyA2;1pIjG7lRiy{Q
z0-D_;?(vZ4_f(}@YWhGzPbqX%!ju>HL{*2iG|iO7tA!p*$dG1}s^8+OH^j7M3dTup
zqMn_ywnV{R`5&wI&8x<i4wrF?@cR-Tlh6?f6KkApV$a*?Ba1eAJ(r>H$gh?Xb}oQh
z#9kH<=!Ol95DZ$M!BHTy;oOZ8x)H!-C1zUyL)Ezc0rb;mNh2c2e7)EO8Z=NGf$2tI
zVFcD2+ITmm&(xYcg~3g}eUE5YBs_VMXUiRns+@dH4@yEnLaQV^B2{Bi8HZ7|PiyaU
zkR`DT4lYUbrsJk0z2^cCmc_78F|rwQ6@3vC>^yP3P)piqsnAa*=__b0Idt`e8?9SN
zXoi6i5}RuX)77llz<N2f#K0D102ynNU22I|+lEHM9ls3Hv{Z6qyVgr$zF*FldpLR!
z@n4W}Nc<)X%{D-)#*d%E-L<?ztS7cun{=BkgwhepzqcHnCv=L;?%HCB(zP~<6*|yH
znc|Fca8rpaw=q_&lVuB$9YeM=lI@vW`(51lCpXgS2(d0{$dnQ{YGS&0o<?TK$7{qt
zx!1XwHa8M|rix1>RG^|n@|UUPjMTqotXNbv-tk|Pg$fRBmBrerevg;&W|qJNH%Mr%
zCNwkOtC7pn)tYT|s@&pcL;XVTKV0EQnQTn+<CqXUKT0)qlph<ZzK7u=jorZn_(&A?
z<h)@CHG12KyesOh<f9C|nVI3oaF%+2A&0FZ|7U%Os&?Y>LzU|(*IiG8$#XfcidoUh
zC1J(?q5Ar&^XUAN<c5(6u^uK3{^c`uVemy`D^+Zk{0CHWu=dzJZ`XT4!k`!JmW$uZ
zE2Z#hr4&w*p7$dj?gw<lQn=wB)^heL$dSEk6|9vDpU>Mrl0Q`E844Wdf?{enI2o>*
zn>h}ubPXp%HJZaoj#f-W)mq)Y&s>MoB0r9Ln{Du8HBBDw$0UR83E+f5rwN;E#`Fzf
zpD7F*GAw$|j}umSZvaoNM_Ntn^1HX#69<2xLe@$MJMG{Zv5q>fOHIgNrfgRTU@!j$
z7^bjuHV!KGE*s^Fs3=s~b{iu#d$ElytsC%IOB7&umCnxka836W`>@d)n(f0$?_AIG
zaX3ZXynk$};vNUMD`U45Ixpk0wEg)wxH_Or{82{eBO4PWHqk+;WGrxSQPP(>SRu1*
z4j#yKx1b$LjOgPdB{7`|+&x-)z{oKDR&87C#(q@A_1QBVp%_`NgFTYD$$d9g=(wNR
z5X5Gc5_7;2kSWxg;fOjy8t5k%J#%Qyae8huygen%tFlXO&K}oIpD#H#b<B}H{k`O@
zYM;=B$)yK$a!8}QbaGp(BWk93v_%5hcwQ#rtHMG8e0OD8R45yJFvU3%D)XX`<i^e}
zmRSiEA{9JMk)wn}Z?aW>gpzzUU#+ngO{4;;S_?EtMs-|oRjwI3*ARMw?Q+Qr-EUyE
z9CO6LF*(%Vji?z$j+o@U`cV7N-m!-5b=z}u0xlx<5W{sTO*61kq5?{clVcVd$dyCK
zM2*m-3r(_4z4xECS7XfFGndmv<#gf<QUsm$-jPu#(<?IBCwHvjgAvcYNFoM#aZGZ~
z>8OyR4(X!XjRtrzOACtnVo%yG0ULE%tdp_&KvMI$QE-p;6)CSS(lA*K35=4jj;fMz
zizqSbTcqZ5;O0+XPZ}&SF;6nH44jeZVgsAym>dJ;a&no0>&i5;*CZpgLalZmtG!?i
zwh7`PnQqo^iEcG;NRHVdMoUf>B)y+Hja)QIwpLX0USWTSOYC+8wo2h=5x63=$wHGU
zbWRjzt1%go*ru|h!d7bZSQH*=F-szm>2Z(!pYhPWk=U-sT#Ld*J^4l?E_)|P7o$mE
z^RiiET|~nDxYd2B=_W-Ca7fVn^YTj@R%PG9&tz8z9+ZU+>?ggDzp6Z3bcrLh5i52C
z?=^&87%J=M9M^~R*bPOeLQ;mSF#{NusEI4Z|H1~(^^*eq>M!N*-JQhR=@W*_f7&M&
zA?s-)U9kq(*r~9|wwNC(NcB@SX0DB?TKJHl)}AS3u0!(l`=0*<v%OqP&qxwx3AH>+
zcBZSym%Z6SUCVBg*1Jm5eHG)?f33b(ugnSCuyghM2`w!CSw}eLt1OG-f@)oIzZ|0<
z6O>3}MFBj~=z;)BJuyQAc;*R}`SDC2E#2p2l<|xAbJsvsvQ=BGmT?j*G+c+-9w8HQ
z%mH^LgnFAeAmr_UNzVK)<gMmACF0+Jf3qrN40ib)W=PIOp(o{7QFGD#bj1HQkH9k$
zsB~dbVN1Hj_LuNKHdosq3vU5$#Y`pm@&~-Q){Psb!z6qZD<-|irWZ1jV*FggmlnWR
zz*oM71pjOZIqFMVR9@GJBsHYP66r)&Nn{YA+a$7r(8UrtPw0AyjFM<}t(aHAuirEd
z5b_)UQ8)XVew>h5M88PLLL%_&bV<z?!yu`mvBi>8dz@TLI+&>L28~d<Rp+R`(9RIj
z>1EK}3mabL_|p$)q(FAcH8NFoPH1GYx~`@_&iUDQ&kcFi?+^?le{=73b0)ikU*{wd
z`hXrHq>wbIb>{sSxfSXP%p~j{F{b(iz9<xHagVBJ`*2ttt^?<-q`5u}^u1k$<$I`t
zG5q)WWQUB&QkJ-Ht!x&$$}e2yuN*?`mAXK^#ugp3Wp$g5`SKkhlvx@T<)@ycLLKvT
zvp~m6y+_sa>#ru+(hyy6pCfMK8!h#b2X{5&fd|7q#yt-zJmwP*?s>ke?r$G5RA#+X
z1p3fdr?`hbSEgXJqK{8;1$u0XpuT$l6g*XEZi*0VJv#*zUbQ3z*S!<PyA87JEh(7K
z)NSHdCSW6`M%V=@xD}<YNx}W7J;GjYPckp0V1JT%Oth9{u1mq?q{zN0=#~7(2g$gW
zJluG(78=1#SbRZJ&ne`J<em{dt+?fL3KP6RQ6DP;-m61Y(nob_%-dh9IgdJ(V=9>?
zn%FF>JGmIgYeKAZb#*Ss2ICyL%rV;<EIPT=sh`bp#c_smjA2pY=LO8Z8$dqupATTG
z-`6(+$NaH9Bd{u9?iTbXU@jM^D`1K%%L49W&Ig_nx6gkeKUba;w?tiQHjWDxK<^91
zLHHRr1ra;q`d;eyjl@2g6$da)seda1Jyo_Pfa7ZYiyZkHTPx~4_4jb})Y%I62ygvW
z9D9uLaX&`+=zhUse2+Xe*M8mIk}c@<QAM4p;iMvFeuHXn&;%@uT&Ll#YR=ZsOZ%d7
z-$EfX6}$($XKnugozx8<ptthQx(~2li5=EX*p<)5w!<7PwDbe))htmysilqk0J}Us
zQSPIM28k>6--_}>Z`8AP7)c{<wZU9dz1kLwOjph}S@dcfH(>2z8;thp$J?UB_lmgk
zpiM=2nNz2zjk`WJwIM5*`@~C3U)Bcqm^!ZwN%y-o;{)NWc38pnfgfWnH}|x|m<YE#
zIl?^D4%aKo_an^0c9<5WFA#l*dF^;RoQa_u+mZ3H`b<$1|JrU*6Hk}6BYhI|Iqi@h
ze(gXz><iPpcI0kKixVFpFIAo1hMY`wpO{fcAJ_)d>Zs{$$l5v~QFArz4@27FXx*ga
zt<bk#WI<bG*5i9yVMD#>b!|~vFCwok?$xt$+G1pVeM>9MtIx&tN9yyvZE>YOKimp~
z8u0CHF{J_D-wL@6B6qdL?gso|D_m&654FYP2K;C%lr&VuT~8YF$E~rYQS8*VSkai@
zY>hrmnhb4=@+SO3YpiM7<nBjqlyzxqTzsX;<_}TyD&OB4vzs*;{UQ1{=S8h?x_Ohb
z53uRA@Qqd&|BhPJifny{iMP1%j-J&9Pv23;w;==Gb>DQ+yXuHGB=_Ce!EG?6l{rt0
zVJmZXJ1lHvPH%_2R_67#*wX5Wr#9F90&Xhv!IFQpu*L3&?Jr9Hr#?KA+#_X!70+WI
zN>u*>AI_-n!v(g>g%#J#MWWjC^I9Kry!JyMioJ=)1nT$Zz1WZVE!^x^%ZY!aAlk$&
z-<SNiDF(@ba*D}rh{`oNa-e~}N*kd!l*GXXE-0M^b5)bhQ1LX;&r52O0KY@DCIVw?
zNkVs=(CPwxJ^rD>)Ov=$h+%GA{Vle{v0lM0Tn0H#wuX3dz~f|iQSNcmDBjo2J_1^M
z)2i=j2+@Nt)q4tlXm&>t@T93Ij*wi3Z;50J{Fp9>@)b;#T}EGd2FFdW*=eGNJQBZ8
z#X)lB#q$G|M~KzF65fqHNAT??^1Qwg&`1@~>b+QDsyn~5uO8J`%f43HX2CJPk1v(*
zFN>t-_3pNSD$IDxSV0`RJa3m*e&i=+l#JiUUzCIqTP{`i(G6_vFigcv5?`WVBe`Gg
zSF7Y2{{s9A%kp3?p#rB5m3Wzkxf09MT*Ny>!&aH!Qw8G)9agbNp?g$vR5?~7CffCD
zx|xdS5n5p5G+|{n#z>*T4EH2<!{v#gaSTHgHoy^x#~xz~#==S+oLB7yHuAL4a0mGw
zOVG6Kp1ha7qRatA*xxGe8xyMa0I8qDkt4A&9DQWko8z*~uLdweVP^wwzDdDiSE*cR
z(qk%H84#$Eu60wo@i~6X_OKa#T=LLCe(ciu9flh^yUwt}OAj$O1NA0`9GZMtkU*23
zb;wb(pI!?;v?8xp=a`}E1Vkn5gpFQOXpV!E61!|;lpI>@h?Sdo%NDFaFhxdsdPdUP
zGL=^87ojIqVW-$a75fPtu40YEA1XL3g^nq>D?P5B<9G2F;4gNbj-Eu2=;MS9*0Dme
z&v>v|5;S{`%t}3CQs@>B_9=Xc2iKIuKElGQh0o{K#k4M<$RheY?y~qoF5pPq?g*R`
zES_Vu96Atz>oPmxek;*F%W+c)Rfzx9QF2}+>Em5%)f$8U>h@eeT-EpXteu8fckHy`
zp0dASAVUsaGcZ-K#~p$psSAFgn*!6VVr^m)=0&F5PQdQS1175c_+1Z>;pC=`3?)@4
zpWbS)kBtSYJ<xUoY{%Q!rSZu&x#}@y+34v_xbDM3??-oh7)G56AC^%|P?7P5|F{q3
zhX0ul8K!m4hiT@)+TXHaDG^T<oFNlr0Y)AxFTUI6d=tA(#$RLR$QVg>NdMP$yCew3
z*O~A95@QKp{3V7+iTgjn0x7il6WoyaqK*Qx@dX_*Npa4$7iuzPOM3w_`J7KNTI1tC
z#X*ht{1nqY`jJm?&g0zbh-^LSbVm&HrWAF=BX7#~j<`jG1s#!Z>N7eb-Aa7)38q;*
z=M(p2LG~w@>f@t6!7w{`rz1u?!8si<ktMF{h}BFV*%6yqRC-5@^rvlTk7s`W;||yp
zNGt1r(cC%F0R=o_o#+qevpZl!1RvJ{yCV3Y4!9MWcCkH<N2RT4k44e`N9{2nAvmog
z_9R5l>xkK5XX2MA3#W|v5?RR+y}!ir6z9Pg*qG{E`vS#voboSlBF#DW1uE(~C12n{
zJ!jh&=-<HU`8mckbS{5}8I7F7pJ8cZXY*&+*tqe+PjRjB&E)5E*CsSY6?Sc;JW0hQ
z^~Kyp;2(g02%eU(ltk>7u$3&S=_?ltV5CeptH_ksJm0g-lE^rzGW}X$YJJzI(!ajo
zc&xl07RyOz>baShPSh0|&)HKK<x2dTx)`Lg)pfC1WpnFdik6gJ7jr%Oy)>-#IG54{
z;EFz&CX`fSP8x1``QkLOBI$@Uu_F1SI><5jjXJn*u=8~=+Kk;-2fZzQc^!<ioY{4d
zZAGk3MWMxWQ!&CvC#B-9kM~c-C_8*O1;q~Eor1B92|#{>r3#S$)UOXo!Ki@qEE&@S
z!7IsF69^wm#y#%cmx75A>|ioBM)E63I1w2>mV^;etRxw$qWRQh?28T;CSgcS+g0_^
zGe|ckk;Or}G>M!G(!3;cJt)-SOI+T*5*pJ|j(?~7xeyv!#PN_g8#tawL4m#Z3%bEE
zQK3S`-%?uN;#i@+BZ#;fH<4qgc0zv0amhQudd}m5l^=?7?z&qkZwMeSSoKwjoRnJC
z(k+(>DI@Ophu;ZQ)D;|(U##n%3qD!b^||k=i$}69=3uzuOsXsNO#Gm_SfhmRr@6U}
z#?=$3!dhI<wMivzNUU+N9?p28`_#uH4<B70r8?_d4_mx-Cf3JBI*n{?Kvw(Ntu!nQ
zM4d~+a;~4OgKgZ|TL*`D;<`FwP-E8A!PSW1d{K_nAEjb&lyfx|nNiV4Q?Wd%o|v@l
zF?@L{HU)#TQ&AGD-$_AvtRpzno!Iz;Vxr>0n^UkbzG?4z7!;ywQb<N<wN-<I_LRvz
zsq#o}VCef;B=N`ZqNn`otoLzJ4xfJ)TNL%m`zTV}+{<N}dhLCj*W7@yEIm@xuhb`q
za<P{Wejk%5z1R|i48Ff5W*gy6Ez!qhms_CNY?jp$i!HvQ1)f^XO5a1NFMRQBl-un7
z8(84HUep4^89(y|N?EgEEwIiXUiStT2O>oKOCsvueIFCVtBbxx#`bK5yr6pMeXI-i
z5nyRkNI&~Fib97(-=>Ax{<m>2+-&xHC`)3y-bPMxvyAsJHHB||8z)ofwzp86%9p)`
zTd92ETUc3#j(iI<()i;yu`P|=dlQ4|(qnI;cRjxKO-!v9e)0xxH&9o;K_)chW$)rh
zLu=Q&Sl5VceHZDCX~jFZ+L#}F2cw#>l6P>p30?6Hwlw8g@8ERP@QoH2_bNU9HW~Vc
zc|-L74fDwRnDvG!-e~C?s_65|H^$V!E8mf?t2Yr?9!I)l<#S|9K|$&k%CyYgK=Yj!
zc2kZX9f6B7n;wB|h0cv|gK(Bapj5SQ22h~Y>Bq6&Gg>N)BzwKj%$l4p7XJ$TE8DCH
ztoi;{1*@b`rXmEO+DF%jBv*gTk3CkAPa2JPkIjbCHT0FEMrdS`Jg?T-2iGU!<~P|w
zXjbLf`Slu(NxW1e*J|busKh>1zS$<DY&<1wpAYM$`b%w0kXgA8hvfPjY%Enmmwi~O
zj*#X$WTWT0{tJKKJ8-{(HG|aO;06z|V-E79Mkg7@%JvlpBUEF*gWali+rcO;aR5W6
zXO`<Z+~B>T*I4InpR4xx=>$z+&CntZJ0*TdBd4TiHTwL^v({^5vP7=@G!i@74c|s=
z>4qZ0^1BIW?_b&tHzk(c4f)FJPkzK)l}+x3>+0(jKcZA)qq`x`W2JY)QxCh>6)W`U
zD_t?&%g%HaYDqoP74vAs?QU341qIJC*rBchHN1D^M+~yquC6Gx_=9h;(Z>q9Vz=$&
zcO`cnwzMk>8K2l0MShmuRoF~tYFBcfvoYfO2sXH@n_efqEAB?6-s^&jXm+Iw1_V>j
zbitD#JJJPtvHs#Nm=VXebiuVaHNOj{$48WP!>afnfC(X%*9A92ba5B#OklIR;6Vb<
z?1CeSY-AT~4Zl9PJ93iPz%Ce)%tv&_@D%o}GY+TFJDqVm#eeTxtW6DG`4*XVSVd<{
zON%(unH;R!yx(`&{i^@Kw>b4G-}5aNHnUcKi%ZR%3E#SWbmX_#(>(fiCyam1In)U&
zUgO1`kn#F^GdrW#8_w!ZnED1^)(J!2Oq<>bkKT0de}kg8`1NnF>g}{s-(YqNXX7`R
z`;95aam6>Lc$JOc?6zuSKBLoPa#q4VDfPL%b`#LjK?)X-&}muB=7AUSFHvy!vwIP`
zLBTc>8mFL~T(8E}p~|oF@PQKkU9>cl@N@~eB-M?|;18;Kl&>;*R*WFPU+*MU>nB4Z
z;+Axwt<n|Wx+WN_#O5_YfuiL!!40L;t|r)|g)^HV-4h<$1RFdlBb(rvhYx9j$vS(|
z5Tm^AVT6IyJkgL$GOW!FQDN})4RO@uvl?Q%WlnBL&iJf84N+{ncb&1_0}iVkYe{2V
zcleaXxW?$%#-wM!de{gD1N=@SWO3(MBOK?vun~$Q=*C9mLZmgT5hg_co#@ZVn76Z<
z;8IMITMoV|$_23rS&eW#b`lxU2zl`dgBzhNeheAd2$=~9eHx)Kp+D)>2zwIS3Zfi#
z@5>9jp2kHf4Mh1!3M&xprOYvE>JV4wY;eElt60lSOjbSHOmfuYIb@QF)KhGdX>?uf
zGs}AAIZWf9QI)@PsrYFradxU?ljH~;m8H-D8kwiKd({=HdR@gWRqd&f`)XqC_25*e
zzO;7{q42um|GofkK#;$^s`!KYw+UAMm$dgE`u8qrUcE2mzp0UOa-6u?hy3{-GE=3?
zJ!FyU?gEbWsF@y2@u>4XWQHfPhVJ`+eE)y`4ZW&w&$BjYmR$4iPtdGU<=;P629LUN
zpgl>_4qF(J$UNIUgC%O#Oa8?+=F9(6l#eM1(`}4a{r?|x-yI*vaisgr%=XOe%+7|{
zIJ=7l2qu9GkdPQfij;MtL|YV<C7%Kz*{1E&`5f+izO(PnHggUDNe~QRP5>haf(eWO
zbIv*E4CV-iSG`!!l;1sFeDB>Kz^}J^x~HeRtLm%n>Z%DYR5OEe`pV`w`mgZxYQ?zg
z#6>0bh7-5cRLU7@H>;hPV&5;<(kwU3{@zj%zuzq+`<t3@h~+Dl@UDxve@;5Vcv7V3
z_Y7fdjm%6TM&bi}xg0KT60}2tut%u#9Da2s)~jQth`-$~Jj>&kBduxyZ>{_GJg)Cs
z8$^74``ez2B>d>`KzKb!xQf^!#BPeXB-F$?r9OHS&VC&u1^hwF<z6i7KTm@eO$`5r
z&|l*N?T5k_b)K8^Zz<zEl!rO-tP!zXh@BR3I1xA<$@3=ex7T-5!msM==0VEMof0uq
z>ozwjDi;5P<G|0JtT7_K+?nL3{7i-S>$jT(lnPp<Kp*>!zWwiY{`IyEyac>t(a>~!
zc77FUXb>1~=D*2JKX`oIiDKlDh-G}=<heEaKAP67VYB8p35_=*`2xOrucnWDZ|oPq
zFWkczHVaWw`Ktx@NgFD~P$l07)XHrFA-fqi;h3bA+Jyc#Z4wVkH}p^ENn`$2_!=Jp
zAMtCi;{<c2ML5ed(L%AP6<ByEdIniIBGt(akpAK6VPO^1t3$$R*>fX=8H#Z}gv(0m
z?hwwXo(Vxru)Bu@QKAJO2e=Q_=>eS5-J=7zsXu(~t}M4#=M(GRuHd*3Emtr^bdObV
zLri@lV~XUyA>*bLIwcck(+<hPQJYpN3xk=qD`Br*E(@2Lwn-KWWUW*dCd#XyKOYN%
zhdnG5eCxT~j1`I4Crl7(d3zLyx|-IkX|7LeeI%?Fd^8cqh1hOx@l~9BHYFKKRa+?G
zvf!I2p^q5rE@7(pC%xNSGcQvGw0(auKaP8&CjVDS8zt{96UBnM$;5WiKik9{$z5r3
zXuZXU9kx32eKee&S$qS^zte}^vS+G~haef}!#RbY(-f($-CjPlYrL3kcTMwRnf;f*
zOiep)VyospWa6lHLaRB4OP)2>U#y@+(5}fG#9ojwTdYrmx=Yj!$`~WXN@OgNhTHzT
z)(`g+TqBoU2UQxa&wx9EXS~X7E$%5Ol6*%MZsLAG;n#OoD!6F#%}~&b#i&!0*<LBh
zU${Amwo$}P!B-}7Oq9<p*m@-AqD}JLxc&o;JK(x+r?T)BJGbsXYsYY@et||`rS0P(
zkb-OND7D23`9<p$N#5(JnWw+QYq4GezI^RZ@*<J{Q@rN=Cw%nU^UwYZJxjXEmmQO9
z_Qyi!#8`RmYs3!%2Q?BA>KqO0L}Q{xs4qNJ!&TAjs-d6F`^1g~w%8FnF4(+V`Spd+
zQakRG46_T<Wo@!uIL0mdg+Yoo#x4{ncc0S>-Vj<xJfjqR8R*I9F?^VmBhj-?<_<*1
za?e7(zI+B_4;cE|csR;3n|6^2D{QC5Ki^+CDd6vbzjK$jBB+_NpR`ROyuB5vW}ebk
z{NN<F72gf&-HH~Z|8`3(w0X|AL>cq%YKeZbXG2SDl>PHs@~!FVEiqZG_c$B9?5<nc
zIA-^ZZHXOPy^Gmcp<BbKmZRSBZ0s_uel4-tS#NJPF1kEVTcFBauOb^yJg!CAIBa@u
zw!k>AZ&Eg%dOa6fV3W@`ARDEA&#@MG?DySng1rIHo)#D%Oc~G=*Ms4UO|T{8Is6h1
zTh84t34J2kxEE0zap%2AI>xk==Vi<@o^ndT5rJFR5>J_<km6LQn6E?kXa%>Vckl5P
zs0~$we5O5=g>_8puLw7pMtEbgtaVp}?Xq@B77ohmpI_sRleWgLSqkx#_Y>DQ2Pu3?
zPRLjw`8La>HOFSjxF#K`y_fNAe5hGn&whq~&=zx3ecxn;Q$nmK;}iXeZ?tPiZJcs8
z*sw;5729x1dd$yqc&s_obBN)Sz*<HMX1I{yo=_y5qE;krI1_G4+CU~elB%EYd(yq#
zArdcwZ!LFo7@NkU*wxb3pUawW{{HXb5y7N--gIojR`?0G6)sA?|7DQS>tgJ8a2Iwv
z9Oy2(H#)FW^jy?=h`R$irr7xXz6ngr<v~c@J#_41qm|mWRS@02=K9O$?ew%W3?s!T
zjnXKo&K!nvX{Gq*>*W8Z?0M!Eagv0dqHmCd31X~D#0s&;v$mQfPnNV{3b*=v!W}4j
zj>{+!>BSf(`G_0Lm10jAwn}HE+V}HqvQa|Q9ulq!F;Yhdhz0+yd44KbiFt65HuP%(
z#LE)iXATLq{o%gJ`*E`q(4X(RizX|u(?x4lo$SID(LKV2M<PGX7$LdtIC=EgTTYy{
z#j2bb$=t`C=p)ye@5FN1J;h0oncwEwplA;aOjmtp46IgTdkuoj+EznYVb>NI!Zo|L
z))2;M+H4*^R9kKc-E?iLAq>zTe)B#|H=)LP<e~t<W8b6zsszu-01c(qJHW4x-thD5
zqv!qTZqxSqsZYLDe)MCWC4OvW+CCpjWM733dt}ctA4V#H1wPzSJac@Qt7_eR)F<B+
zFBaN8=e@XV*S2|aQ1dPE;*OSf&_upop(p!M8)BZ_ka*njT|74Q+aSRoo6iHcj}o5E
zYfb0|?LNa^!FQVBhTvJlLq}=_jC)w@&hH__PV>NNTf|x#=5wR%5^2r&mh<?}v2h}O
zXsvG`fuB>?MB#IHi*x@VHyWWpOyARpDAcp15mrd<@<y0y^OQ6~wXMa7I6rTi)(C54
zcVQz8P||xf!cf&yoq@foaU%n>=zB9TS?eYq%|MmIvpWMb4bP$asC0(6)yFiKXJZD=
zxy(fwC~<pcXJD!)yrVubde5YW=;PH#Hxy?0JpCHtw$F970ebj}<nH;k8}%_N;6GCz
za{>>2f0B8fg%6Vg-c4xXsSw?uV6Nz%sbGK<9jIWb<bEpC{DrQ|sIX}lWZ`P!2IDwJ
z{8!kNxWQP>v;#7iuB&8Wo?Ib(V~u<#Ip!`N2Uqx%Te^GJsF){eg=%8RRc@dASixOM
zJELHq&9_P6XM^Ju<g&iDf0MSqeSZGSw8wqR@ViIey$Zjiv0TAG(M>w=e$n?p#(0TK
zp{ofg)Xx@MCgXrjE0cwuOq(JLOPMxH7A`TZP!?{pyWbp_q~FzE3BRk?HGYVDG2wT0
zkcM88@0K0KlBdd!bCR~#PDAe_7<1O<SxEUz8*4{T+1JC4336<ciWTy?XLbeuA88@s
z>#UX*u4ZvsIGV+2VO18Vg~eH%7N%u!S}4row9vgVr-h+eoEG|Kaay>M$!XzyCZ~m?
znVc4OXC`Q2V<xACm6@CtM!djjq5lh<78Yc3T9};4X<<|*iag<gFQBLC8Ip-XUcFDI
zP~!7ECX(}c_Ge(b-?J-&$iTHQ14RL%i^8Bb`vt5B`X{`A-NA~$|3kXS#P5LLxr$`;
z<*4SM;OR#YQ`C+yKK<(%@y}Qh!%C^I^xr@OVIZuxME!<|-*3L8o!0S+@1#zUq+GbK
zqgsmW(lNuPuht1Zhf8#9xB18EIAik<)bYU92&6F>{dMH2;l4U%s#j{URv5Ip-Zpwl
z_^m-I+7!X)Dq$WE0#;MrRY*J#tk&_P@A8$==8TSW!k55W(N36So7fuYD+N#Rc)Gz;
zI*lnQBu8!fatFq-;1L~FEO<!A7CCrK$7z|goaKr>!+~yUaG#EyYH*K^3o5;%%pN4f
z(o+jQ(6L7g-lGP!2hU`BG^wLmw?yjXYy8^9%abLH6S-+1l^+rkKBQtZBDf#~iXwO-
z{21KGWkVPxk~utzN+~oVN+T6q5GBFd_Hu-DN9$4;Tjj`wFwQ9PrBM{B=8`DpsG*@z
zOtVMMg)u^loCu>pR|iKiUJvC)G0PD-7REV8WL+3bo$9p+N?q(w1UEd9{b39=(|3h&
z(i>S5#!g@42>tgPS0lLNH|UMy1J;f(jt2ac&I?8=!`K&8DP0}3&QLlOITc1>IJ_u|
zg<;2$2r9#aleBw6XlEVB#P<ma{W`Wf6GsKMER(b~^>P+*6gHCxQi+siVuYGDI}=yz
z*48+7YHU#^#u(b3ENn5{yRxv!$%s(PJ(03F_IlFh#<9+{cEvHvXKjdMxSthe;%rd8
zn1v%DR-A>IkqFV|x=7l%OcbVAtK+y3Q;9VkPi3=-9i&I{GjT9IEjJVM>sc$}m{i{?
z%*4|A{HSVE18a09`Zlzd#4+RrqaqVe8#(3^n}|E+5nG8n=4N4X+|fS^bK|@Jw7>sQ
za6OSoOZY=q8!7!3rPoVe|2xX&39dULRtaz16HzSs?{G+%Ec-wEME<{1=89Xy#Q$im
z6);lx@);d{0eoTQ`tX~V`Q3`_jXqo#v$p!NT?(G_VVzCg=*K{&ulFO@ZXNP-ci_Tt
zKY=FW7y&EI<OO=u&3>#hw6%V0GTJSqw9`1@!(OL$#)sq1cBg#U<W|@CaLsL1Qrcs!
z^5L{+=QH{8ZQ~TYDewzA-NZlKmoQDTD7~_FeAUERzw7P9dChm0ibXtR<ad%f-gk`k
z{I;UH*2eFpuD0Qh7_Q)kbmnq?6Fj`sh6%RFN*k8i>LmLSLIjAYB)1!@6Gi-$Npkz2
z4%X0e{e;si;~Md#;0_5xgjQT48rvjX5`tTJ2YWnQFAWk~aNN1+EFqiTc2_W_@i4&J
z5PpNc;dKcIq~9i=H9)+owMlZ}?Vr@v_a+Vw4SI7&&wiStp~C<Ez1~myiPJP9wrkQ9
z4HMOoNt$#;9HfdhOj|CXLw>Rz!F-N4+*@q;T^2A+aIdprA&GTj)$Ua`VovqIF~}Ml
z3PqC^g6Q66qbV?XjCl7Z8&2@#P0>v%Y<G#0!zDLqi&G?vTaUZTZKSiffFqK7g$-AD
zvRZO4vtfXZlA~?z#WoTHEo;Al@AJAot=V7wC*Ys-rQDSNhskemk=VmFN6PpijmHMT
z93c~S`deVL7@Ey31RE}rF;lYkGQvooQhJ>&dA~KW$IG2F*WWE*k)UnnVe1<{zsK7+
z848-^t0WfrQS>P(I84O@X&H&01xjd?iax5NK*caMt5zRv8vaLg`ZOu?`2K$I@9`G@
zUE|B|UF}j!eCj*flCOpnExFH|!!1djwhCIKw-lM(l9YLs(l?|?QA=#IMGm&aVD=v6
zR5NRTOYD;)ds||@64}ubxoTu{OB_{s-C=fX9p!6rN>9+W{MMMEhwi?N0glF$v&msh
zZi&T)I;<tCjD~qFk?-U_?@FD<trnQzQg5`tK3BtQE%4aoyV?RhJ^w<rx|;72YBP=D
zFXN=?9`!PAn6Hg_8E3ueV_Rd8&$<6)Ebv*gUq;W6tFje_g*@w9VUp$E(h8-PXJ;!+
z5C3*zYhu0DzE)TkHCDF9wy3tJHHuSQGg~7!b&z<lHBP0g^kaLy7iYJ|nEKk}*247$
z230F;Xsv36Lk)jI>Ae|U1?tevM%JR1I1>+yYK@0+V`3|G%Zdzcg~BZ3T1%|SGU%CG
zSym|xXyXh@_ibW5Zh?DE>WpcPaoPH?Rw&M{4{Xck58ltV?zh0g7kT=`i&jNTEPW}m
ztR+siaExz_t1Xt>o;#;V?5Dk=kzoB$D~qDDuQW=F&7$8EL~Upaf#z^Q3bsfY3sYz@
z+gC)<)5bZ$QReEIf-B6^F9p|S_ka}cyCydU50pAfQ*c%dosE&8^Q}tZyXKT$uele;
zkn1pyrC^d%T^_?VSG+ie1#WFyim=ITr<|dtx;6zDyz#3knB&v-r3goT{K>OE4ll0z
zRcg5)V6BVdcF-z`;!wz%MR37Vskh55YYqVjs{y5lM;%*IFd^z#pMqJ@ZQncx9V)cd
zMmf>JSKvgc@ZB*^Oc&G7I0?kt*EmV>|31Iz=br53cao>_U=h}CgR~`;9-PChqXvDm
zPU%6ib=bf?IsKFq;}!cvCyErR`cyH-Ix$d<ji+q8wbQ^YyLHgOJdHQ7U9<LcZ|uB*
zIl8siz<RwjxyMl;B#e%O>l`Gwf@>T&DFiDWxX<C#5;3^SK`iJK;#pE~g@g3D;4%kM
ze6ZX>aIQTtkp&k!u$U1&=E=c@R9g;~QEi#ZmMOtf2ZpP`5(j}xLgwS`_B##~+1ml<
z?7<=j7HYvc4)oT8vm6+!(+iL3K|+Cd^x=v9xiV2G65r;L13&T2tcMDr!Gd}iELz3&
zXzc!x$9&8fP@h<zy}TY~GuPvKSjIfv>tmJd?pYr@WKX~PSgBaK^{Era;s!WjH&@rE
zwV+O^k8aNRs0P^R)Rxv4Za5<c8sLe`mrr%wAxa-}+shlE$W)8#W1ug7sy_DkwE6Xg
z9)6Yb2l#&jbPcG~@brMSvL5<`tReMqDr8NshY6NSy<BTqQ|qBe*r4?6ur;|J`bMmY
z^>8&}jjxB9QU1)1s5Q18My3QQy(PsOLthoMM%6?2RI8vKR;BW~mr||#dMHf`Q~F|>
zHLM=i)UopF;a*+G`1<Hk&oR0_hSWRuXE9@930UEnC*iMtk_heclnZpDn?y|fpOepg
z`O0QtfQCNe-|!pBDru<IVr+;;i%`qsyZ^Ca8tzExk2Q?7Ige@BU<;ON=*d({7qeiQ
zhC{MS4Lp{ut#&L`c>0)PZMNf{GDiBh@zA&7w*MRW>&1ji7dC~Vxp9EuuYF4yx(ntk
zhOVM9gJFT_Bh_r9Xij4|EapD*L*Y!Eft$p8nlJg&xg@vMwiXHKFVx<ts?o>PMo5n&
ze)|#_BzRfCAR%~BApPVYk~$){&1ah#KK-DVObVax0>7Vc9%Q72TKgGEb#p7jLg`e^
znQI5|dkl*N-&LKy#$2Kk%I6o`7D*;)MjNH!B4>(LPa;mnwf}0_>P}Rr@X&V`?A9V3
z-L$1*tzJiz{K>C(N!Td-f|?MmNfMEF!GGktz6~qBm^cFr9p&)MKAA@;iF0djYq5kQ
z0^g;$BZekQ$dl~jC5)Cn`L;2B3H&Z^KOr(s!gRrYRz!)=h~MY49*DRl5QteIMox1B
zA^S;@u-(VWdTo&gq#2VHe9XP-|J=MM<Fa7fkx8)lZpkPU%^NaGCH0z&J(6)%#!1OM
zE#sE7`nfs(x5vSm7|Y;65kDVO>))e8@{H48Y2c<1SZ)yh)#ey9(7y4+z(wN$skm}v
zg99gIXE)BkBgB_4EARB?kzXRjf*0Fs;xdtL+y2F;41eT~Qt|{wXlsOEEM%B0+_3$R
zC=cT=fxk3HNti7-c^DuuLS+9m0sm{phx?8C#Q`22)>|X<Gl(($3iy>iK@k2qi#v;Q
zFBY(rS{H;>LdrLJ*uORhxB1CF2^}$G#jDsQ`pRC#IWausRh*T4gI*;VX%2W57i^!D
zzluA|$ZLmOC1csEs8D<Z+u@{Q_GyRx>Rf?}`)fwOS5csueYokXyVt82t(!ewMV`ax
z_A16X%%|;;XBdy$VTNH=x5Hk;tZIiX&iASAM3-@;9p<>qOYJb$?Y__sv)$&oc9`rj
z&a^{`$2`>z<IM;?xxzH(w!>M|tZIwX-tdfeq*EIs+Tnr!Hz%lW(74hTeM5|%oE0*=
zw<BO-9&3l4*559E6*t1hrgkJR%nkJ3=&u*Pit{N(SvwS^hUv*0sm6)6xSICM$8FIw
z-8j}3UF-hrep?KyXB?q6>;LjrTa0gD9BPXh4fVZkv9+PLqb>Hn5Zv4rS6(pJwZ-)e
zy`n9O8nro3eQOk6(iT;5y{s)JX0|!i7DqC}rEPIH^Mr|K>pvApHGYrGpCo?kxT%m%
zqPWJY$=@|+C9aYheeILPIg&|~@F6!cc}TF_LBiW46fr^MR<rjccd@}kK@2pw6UxU9
zbZ2H2u`V7l8cSqzm4VGN-|pI`m@5pNQ0}p3ec>^<^{?=8gBo7jBD`I|dq3c&TfVIV
z)+XZ-N6=RWw=0^fU^Is$$7I(U1y|)C)U;D`PfFd%d5gJSM5QoE_|y91HafxSB7XNQ
zj#6FprDR{hwOK=fFo~Ap5~=k<4FhfA0u9q_bCc)e=F3}cn-#)p{e_JR3X~4X`sqoZ
zF$O7b<zncp4QIvhI<B0BNcF3<wMstcPMYbOt3>P<{*e5ZKLUR=DkScY@03IUEldn+
zsCZWRKiA1fp5OVd+6hp<dB9EpuHF*v5ihdHj;kzOWJe$Q$uqt;Q)p-04xmh6c|lT`
zv?~F^-u@#29us9x0L3<QO#nA-?qvZiVd=91=q+bW3E;dOE)0;!Y52&`4Y!5|utPBi
z2GCOt_Y7dN+GJo5Csp;H9~V{c2|pgGG;NdY>R~@-*rU7s=&A)42Qfk;V7Nz9xA}2I
zi>~vN+7%cT#6q1UGLE<d6@DD_q%8B}uIIY^Z_4|36Lx6oMuxB4WsKhgKf=$2=@q14
z%w;qlo=J@K#Kt!mZi{L@<38Q)G8~hf)r^#AzERwdIjB-T8!y!E6(rX56agPT+bc*-
z+#j?GCH$;C_w8i#k+4iiyFfBYxSp){Dfph{10lVyMtDD^zs3W<jMtDasZ%tP<e_2>
z2c*aqjmW{8qv3?jJj=sNyD!;^DC%CbV+Tv8((W=3MAKh>?*K<%2cPZVd`o;U9zT`(
zOMmQvjADUc_*jvhlQD^hCLJ%a!94zqcc4OxI6YUPMW~*UvB~z2`~s$WO2$UU{mE{U
z9aMdv?4X)OidL=&rHcC-`i&>)|IgYi5mGO&Js(c^4}C34dRk{L8}AF|ttk47{%ui=
z7aOmPVryarm)fGsqokelOO{Jz>wFztmW?f3xzqNfV6hTBlY(n%`kEAsu=}2*V6tZQ
zj$w`FtBj$a?%ET>THR9>!$61YeheENo*}8|Ww=JAqQdZ$q+*cMSd@y<PGdzXs+@J#
zrjlOncvMH|=dSjAQ|{~)YGV5wsDr_RXH*>=7qXYuL5b)osDpWu?^YW2N}kPWm}K(|
zO688#$E4vBGoPlSSdMK=#Sq1FFGk!ddr2M4Ry_|>@kGsDR0o^wo{gy})Up@U!9~rp
zCKcs+_WU~N<M6CZ#Q{h5ygHa_c*;|8*T|k*2kV`l1*z!i%BJq`ba`&ZFv*=gGZoj|
zo~tpe@?=k=&oVt1VmM}IPfW#3ujh0OkG$E1so3cA9OM3QvkOwO$v@GN{I=gE_PSy-
zUHHp3z%W58Ffmr}_cdwNxbAug75dM6a7<{o*MmZlyL;Irv8^6joBqWfjI()4JQ&2n
z(>xd{tCQUH!A8Ct3+0raZXA|9-QC0lv~w;zQhYmI7^&7Nabbyi*IqleS#7P&Hhl6b
zkS`d;M1z9SpAoi=SKEj*`7YaSQD4CbMeKRDmp4%$bPW14hWSw~r~~}8eCmz~V76%V
zAbul$GJ*J$#BV7V+l(q7%5Cl|K3Ym?Yy2cvjPpLOw4C)}7>myIV=i;=^I;`(ulHd)
z%USHhZ22_R%~g%bK1@`NaXyr)X~fBPsm2H&E~sjr5BJpQX+MV9-A}!kYuB%PQEvbI
zq!;<xn%c2-C$XQpO(2l;o&VDQ^M7tndyGf0zeVsy_~6IS*-(U*h^_}VY!J%@8s%b}
z^?*y7uWQQgi>})YeWberalR?cq94oI*U3FpewoTaQt?A|KD|TG=ZM%U@O{~Pf=bHC
zQyz4><{jSwpSz&~+o)lm$aZR^L2>^pgKP%nRN1uKTxT@yYM7wBcVELC&2dS?a?L@d
z8?_G;ZG24R2KrM6TeJ#Xg%&PK#(9g7a>^PDqZPH(LLa@CG||F7w^d*f9sKoV3l&~<
z7*+79`4(3As)XGZx?2uvW3bi#*%;{HCOp+bgPCITca6V}^rD*In}oK;tSHt9j2O%X
z$#)@w{!AMZB`gwp8bKM;?nF?<w0jZUXa1`Z+>}{C6qD`h$`stUt9PR$!rV`yc%%ge
zr(m4kWLOG%I@}{uFx~OO#whkX<TFtmbr@Ho7;SiOL^02JVI#fEP}f9p-Ei)V;)!vL
z1o07%dLn`|p74PP=9}K}DOhLH0FCmhJ0h6q4R46xme)Hr1-*UeNGx8lQdUQ>DB_^*
ztd8U-_3nR3m=CLy?Dzo><oQ5Q%kAjKtzplK>H?DdVlzU~lGfMGBdJuYI4Ff~*-71x
zue4)|O{-F|o~VdN%$C>LQO-yj%#-Cc+*|O^NtP&S^z<6VciE0Ts)O1-p*pD9E9!b7
zc`kR366b_GVZIIbM56bF(%;Op5zDN>YjcI9(^Y<=Q7G);yKJJm){kxyEAk^(3ib1&
zkIg#m!vq^gU#D4%i`=HfI_V?y_7$*Iv5s?cwfgu`u5#<2D!bLok1d*Y)Q7Vg_jXh4
zu!unnFf3vLQw;8{@}|=wMlitjTY9%!CWO+@-4<Bqwz~Oo-2FO%5|8!Nhov5F7eCo6
z_b1Hb?Ok(LJ5ESk#?l{p(MK3T>t?JJ-RmO&NNP}?&Dcsz#rEDcKZda225N%+#ZVs}
zCuHXnIacn+bS1plPpU|GxF1_p>%JE|?CMZIPS_hxrjONTa|<Tjy6eSFU8QzLI;;X>
zMV@p@@9}(x;LtcToxoG2nZAqO;!WS-$2{+M2oBxwmL~Q4dgugn3Z0km<5#)Jw-!lQ
zF0|(^>Ou=7j1o`R%n!Y*imFtJX<b7YDb?*8LX{NC4RM>&ks-{r$rD1vLES|mT(Nz3
zvxPm(DhXkVoJr{`vRW0yZTWi-LRhX`rFLd$o?Af@!`V-Q7~-gZGK4b6S{k(nuE_NO
z#<^4O2T<h>bq(@JDSd;O>ydMV*yeGM4C0FCy923x)0z;(6mMfnS9#UT0o?U=*b~HZ
z-<?{_-ywMwJ?%IFcp-RHK~K?jK*4m;zFWaELKF%PiSOU!=CQFU3PDz$zG>5kD0pmp
zGf%;4b|X1XSqUEw<_#WpaJh2FKsN{Dwo{JqJp(%&#w{M4GE!||B<VZ<j=iPe6T#Kp
zhC$*VdfHGbS>3sTMJ>PXDi}RP3=)iPoQrxWy**JefgQO#)(b?urxHgRFX$Hq%t?rl
zg&e8zXJ!bX_5PJn5X3)+p9ZjAFfRpgQ1BlLkc`$=28eW07jY3-Z*Bk;l0H2^BM=@R
zz+*`(py9W<`vh>(7Jlj{&>kcZevrK}BZ!r<MQf^`l1Axy1lI|LtL`#dcd9YnkNIjO
z-;XhNUV6*k;syy+%_0F@pua>p$8{^ukL3=X1nmaLYwL-SjFEaxe@Xr0A7xAl;Y;&o
zh$Le0IxR23Dhy$ms16Si{*DX@VY_5K3Zbvf|1gBzws3`o2R3!1g>Edm%|fMYP~Gct
zuqs5NS$%AwNNu|(jI*l0dl<d#DMP|IY!4j_W0w}YWnq=>nni*^4@?ZBufsJhj1vx{
z%)$uMS`orM(;5^a4cvd<!d#!VEQCA3&}9pQLcN~pK90m5l>QwwuK(O`_Zw(h|69sy
ze{+9!e`GWG#R@M8m8(MfERnm>T`3BSp7&wJ?<u-i;5nZkAv6RUrV@DgG<~sve-04r
z%H!KxT%N0~)xQ`1qV;q2c^><F;nlX!<$Wx4dR?1mpp$Q?!L2oO4T4L)!L+(X*Fe7S
z#GQ?wA$CuSw&d$=;D&9YG~d8>Rb60UziMtWP-xdK8p1UD=I8wk2Vc=h(|XgllhgpA
zmvmDmrm#dzzVq!@v<n&)k_<m6XzMkc7JO^D{CBO^NY3~wH11hyrH0FrZ@EUeF+?)|
zI8#ZFInSKkbj*^q3A(UQzG-{@j4+(=V;Jje!|S>9s@<Y>fIEhqSBo`1j(V0D_&Bu4
zAWE^u8AK4Ii_I24oM51<^h186_+g=e%eJ3X7}%L`_jg*h&Kh_mFXk*(wdk9-s-z%q
zwrB4!P;DP=tJPI(!UWr|4+^;-@Jr_XKEQD?_~?E5iWxksfUz6zqlg8!ypIvGZ`1pP
z0wQbQ<sp>HKfna_CoA7WzCA|iRd%!dJ??E`<a@ZT@zTZmPkO(H*^btf?qgV^sICzx
zcpv+mZp!KHvhv?2jQ?9oUvyi;-p6#0i_!(AvHBxSF^zd2p}?!n{y;eHRf|5rd2i&v
z2k7oQ$-m7n&H4x>0d4mOC=Y}xK0t0rTkrvHhtyRcVvwb-{Sf(9!%ZJzT=<I(A7N5d
zU-}`oM}z%8L|*LI^yI))*WmXtCN;hH`#6#6>h?aarKUf44`pet+wWm@TKy~UVP+k3
z)w@_*=gk2hU|xC()!LWtI{zNdrl%i&51Z?%)gNMaUE|`1=vj}yeNMf|q4zMg(SD)o
zBjjajT|dN_OkXeRP}U=!HLJ-lM|_02FX|&dM)`~Ch>x-UMRnH4*#2U>(I4aNOFv%m
zF|IfJ;qi~KtGRKPCZc&-^#{mr(UIy7Zy8zn0rs?vQF>4-qtC~f*2<svF_yMc2Y!sv
zFS~AigzK%li@QEXX*-pEjQh@ucRs?U?`Y>f5>EWZFAjZ#ZLb@bKEUDE)2@Ahy!IM3
zw7h-f_6K;}o;SMUjbC>C2-m)wQS=E$e=lRiCm8mw<IG1G|L&YW^GotKJ%vHS4kz+N
zu3|5cVw)V8ZBxfNvCO7UaAJe4@q8zaFl&PY<7Ib&fwjbS9XKX`4+IE|c@C5*@u3bL
zJcMM<dez)XM5`LhiGbBtiVgI3I0iT|)NwrN*C%d`74b)YNou!XjS_K1_(5%7-fJFP
zs1tsUl<Bx31WI-E5xH=_ZHtf6NlpC$4{99mu45)Qx9X+DyXvS=BLzB+sNW^9V7E$i
z!m^P$I)-VxYj8pzA>r*J*xx~lJzGE>7lOxiY!id$2||m(qdJyKdS3^riOxGbrh4$Q
zjzzZMX`KYGI-k2A58l#=+=DlC%uwtr9k`_g&*}u+f`@fHRf89G%(e$l>UeAqUemEy
z<F)o`!K=g`^oA7<?AE&_&H_(}!d~$;tE>&?30Ai@7${n$Z7`LaLEaE!W7}Ye#GSm2
zmaWBYFkdFziF2CkUK<kU=AAZ};Z!L-*c~r_1$*4u<u<}G_iY-TU0!uV8%*@ayS{?+
ze(iJ{p;ypa)du5&9SAH3trcx>$g;+?!Pc<VrwxiC)~Gh9h`a?1h*|}0a4u@)x535~
zYgil1idlJWur@}8LsG3FZSXkN>eU8I)2yehu_tW=b?;JLYhfGos7GoYdc5Ge)dnXr
z%#&?U9#<(nE-U_|4bEg~2ipi$S-g9vveioZ;+Nu&+Th+x+RipYelx4Q4dyhX?%io-
zEo*~EEvz1Gu)n1>s0~V6Sp(W&b1UjW{>xTBdhTWJSaN%7$M!Zj+}g3J4bHcAtZRc?
ztsQIH;A!ip-?U#e68oWzD+K(*SG9Q!Ub1FL==dt%w~Ud3u}83macg)IO4CLCiHOpg
zs|Shw{ZtT$eqG-u;vHJy1%kd*<W7&aiNdjjGv;r+i|;4L1`24~r8X}m={H?1wc)(L
z@@=>ygzicNtjeG52ZWxAu6qoFrJKS7hUv_rAFGl&>$lo5eOuYL;kR$AS0uQuh*%`N
zL2!D4=%@68+OpPfvIR162DV7X2$8!&SRw@|XQxeDDq}8F*UC7<wD~ed%8n&6rppd0
zoi8^_erNjk)C&^Ei|mqwDdH@uze93dk#IzEQ2qretyV@a5L^#L(p}%E7D){HDP8&R
z`sQyd`+sUvm$-Lb;~1Y6@}=b+&0S-r)3Q4trWZ+gC<ew!m@TR6C1HUS{>Hs5!b1V}
zS3>0DZ(^hXVWh|pp2rpaYiw58Efby1V<vt{T6LvhtTzdc$BRrn6f6)xHKv&~lkq7g
zHjBHsmdB)vUYuZBUoS4PXn!xB%FBeyULNRppce;J*I+MJ+Fzoa3%Y-<7lRCSwigSG
z7kYbf->{CDsB&do^J0`c<Ej^x?#iT&K0@dx<O)N$!$^J^s#1zQabv4ZJ!;~xO+9Yn
zyshy~lN%{LaAS$=9%AB*Y~6N~&ShP5qf%ANOzc$Eg(gXihD%Lcvd6Bvu}I@jp3<xf
zZd7YTgllwTw;Mb4c$pj99IinoE;`KX9z1mz$2=Hlyt2iEBDZ6*i8A-Y8f>>p6c&i!
zOKz6%;@KvoBxQq$Bja=vQs%A2O-MoK9!N$oYhe>SV%Etf$d`XZ3_=NAZGuS(KTw#U
zTgRJViB3J}?l6uvA;mDhq6x|!Z;~7`V#}IfoI$N_Gh*dUaK(5JSmunCHNhb#<@R^Q
zN}Hg_Rmi=1daM~uFy6FEn&6>n&1r(YUTanpQWLom_1%DaDI05pMsYS)S?=lC=pIoi
zeI*)ynvK#FZG5({EQKfoi_+A-*%*-?FUiKqbZtnsa5<eHLsiyOyJurogZP|m+-#r~
zWDAcP^rZZ*FR166pzjN@i%l@?1!8L#UkF}qg0308WuSKx$DnKsZQ|&ijd4vJJ+m>R
z$*6DI`?PHyE4SmrZq&&=Qhc%<PbFH9Cv5S7b_`%7g3q#ee>)~Bk%@LJQ;6~QRISB!
zj8(Tj!{5FpL86v7e+5zpgVh4Ia>G%MI}-i?V|P7xn{Tr{5v+0#3dH$|4O{LK{-D&D
zCVC&U)_8D@k*ruK$8LMDM}C<mQi-kbV5Y*4ueRE)WgeWf^AEnH#VS4Ms~@BupLAN>
zYm1W`2|XS2d*Rm!2f@Zd18q5q>GUe85|0Jfb_a%w*Mws{m{`5d26qZU2xzM<ZLNd8
zQKRDivYkrzDF$gB^nFJhv~aaO4&lD4ZY8{KPup$~M9w&2V3fXzI&|95?ij*V!~JKn
zg8MmqX(Y*|=CygQge~9&VULJ090k<mWdIqMxgWLRwRzvl=l-+2^IQ0%mGF^llA8ZB
zlQjNmLV7O|8-(|2`@K*|2Iw<;M=(tI6^|ie_KYB(Z_hmt&F&Elkccr>NoLmwy4n&>
z2$}gLj8a*hAI3VF%?#s!934h_uww2DW2C~*surlBZDCSu%q?LYSJ%+QO?E`{!bIW0
zu3=0z%qk1JjVS5O%bdY#N;}Of7Vf#U+z5KOmHuJ$cZYg~vCaLfO<}C?m`lSLV|Jj@
zQ|4;5rtcZw{qUU3kCLX!+@mK^!W7Y<oSotql_bYlI;G25#h=!1;tbyyD&Y_DTQrJ^
z8w82@tOL}^7%kwfA3xJI|C6$+aXVudkCep@G0Yd)K7N0Xr*}zw6R(^(4lt}^jy;sa
zIwjvlB9$8xv(s<jC;rWEkOXkAc!Su!HNHKTh<qP<z4U3-8$ABh!Z&b-S-ab#zxw{P
z@8XVXEbV~qcF*z-xNcWhb|A>?spx=ix<REwbz^e}%+$R{JD||v8~i5rI#MWqgz?j%
z-^C60$1C5&IZx*U?Q!3<dcA?2UaQ9&nB#L({z0GB?F|eMY!FMnixVMZcn3TTg^D|%
z!m=o5K=_AGI^aRd`=#H-k(g2OCN9Q|b#I~~^@>PY^U{q2Z(>ur_v)J%Sl6PQ!*##D
z)&Zj$T2I^KW<%?7dz8Jv=sl-ju=3htRE9N#@-wXJ_NZ(Wq5S)eq7T~R7-<;oF(s4d
zRA;IW-$akB`rSLAN8?tMbEdI1rah)L;qB~gVr_UG1G25vuVZ6&UCQbGqSn7X_P^-v
z)gI?xeC_({xb%{C<aHD_HTJ)b;->MfucL1>-tyAsv4Zv((Be%>_igDP_$IcrjODk-
zkX9<?5Q-hv9(gavR=kdrFV~}-DXpz@uj6rRYgBt2ZDXB$9SdKv?zKmcw!Bv-+FF-i
z$C7r|9m;u?_oU)g>sEUldiA0D@5hzj$_q*b*If}6!W;LwXL3KKSN>OV<uKuWc1OV{
z{FJSy7(1+DqZnML;JWw<r58!TT?)UKvQ6R9<0)sNExb=54$IS<Y~ekLi`SICWeXor
zFq8$?D44^7TNG?!!Ab?ES#Xm=(mA+6A?Y04!2=NnS1BX|%w;O7WZz&F-IbR>8mNQ%
zu}VqWZIp?hzggBC69u!NIcZrRQTl{v_NN@lxX}!wY+=foZ!@no!wRNSdKY8on-P=^
zt#3xJGZ!~QzT&6+8H%}((rPnGZ&b~)W+<~aq4a6HS=x-GO}<D!W*P1=%`lZje{-yM
znyZ>(hRZ|gbFScurg-c!mo-HXkCSrpJm#XNxSvS(Hq9|j(a&2X@kay3gr?XYG$?%}
zXpU-z)ghkV5i$#!VUfktYb<kUGt3P0^y08Ns2Rpb+>|~P2|jL$8xiwzQ{0R4oS7-X
zi%n6PVxDh`4Ke=w-k5o+DR!p*hSKZOjI~WMt4^^%KStDb_iKu2btgWvk!hK*iDJhT
z{4}&t!5{gKH6eH!-Z^6AghDgS#dWpB)+^|5i<ByuYCE08gP$e+KCrzy#tM<;{0`yQ
z+}0^)KWWP1UlRb4SZ@dJNfA<}huTO)+_7~Y<)HEZ7s638o2BEp%=P()GL;=wa!8Y3
zs@|%-(>1qN?yyw>3>6~t1DMTUFhb0!4B)o-4}<_D)-6cgi(TXvA5_+z<&*{q{Juv0
zklFbFiJ;ig0Cw;f%vZWh4x&J%vI8nR%!8iBb_USXPG#rqKN=pyCXHLm?9$nQ08Z<%
zCw_EuP@|U|ITHfdU=TCTcd`e5Omo(`;>UU?m6f=<3<_X458G8Uo(WsYSt`EoFHrF}
z+&X8l$a<<M6l2#El#6{6(3u@kuv3cAs9uqFC++9-+HfUng`_<Xzjhy-&+j_?$)=C{
zYYu)7uUm=V->(UySE1wYBE>oe@$tDU<W%X{!zW;c#HQ=mB1MMkIL~GDCR^t{I_aSQ
z!X09>Zaj1@H{#gN$EQ@u>7gUHW&)_~Sv7VAY+w*yM{d(V2|ovJ2svAV*v<!kt;DVb
zuuqEZq1oU};;1cWc@Rta;6Gw)R{(?L*zy2o^2P@%UFHOFQ=zi?Dq9*rg&La{Ah}Ov
zmG&Qv4`OO!@Mr7nksmAc*cm^L=+x+1N6zp7p#d8F>jpbcQ{t?%-j7Lq@CUfM&>UTJ
z-FxN>;M1Be4>0g`?3M$4gg+AW71;>~fz8Nf2dVyq`lm~5qXP@1NST9FR1RLpGFIxq
zOcojIAkq7ez;c=OcVLSgxkCddFM1YpE>B4KqGqGKwD4oyyqLj9e3+QC$%`9er^JXq
zHF>aE(uA(^LD^@^S?Wa@m*m}KcHP8KId<AaiA-gql$=>!+*5cY%rZM$Wn!&8Lh8{8
zz9d&`IeSb@<VNPFbVjPvbv-h}!~h3}T8^Ab6I+ata<X50#e|(ATarce5}TNX@w{Js
z#hhu4agO(EzQo37ac>esvv7*{YqKq<pfQShzwR=Yn}t4dtVb56@_r3ga{4yL6@|){
zsH|HSHmP-PXX3I-Wqa&h9%Ny$MrFNpb~6(r^g3rVv53#r1V@)kS?I~<YNx?YXX2Dm
zXJ00I@VUC;>~c5@J6u#Y*3I^0Vvf7c`b=zhQ`urqmn~T+G`SgFg_j+OW0yC!A&%=_
zDm>`RSwQXksbbFnTOCJ!AT~da`GK$b&DossnRpnavh^W0CyoQ5I^*Ja5TdeER+oO6
zSQn=8>l0z4;usl;4UA)9gvM`Fw9BnH9!IHcMGET^$Ci}X!$!E2LS<WHosY&bBXzVZ
zIkw@1{|xJrNOZ_82FHok1rdwH+I@oG*9`qr4-I|jya%KBE+k<ycGiP=Vx6rX>=Jp-
zL5Xel5X-7F--7`*T1LGYn@3s@ixqmXfYHL7A+ymQES6)vJlMze)6ELwah;S{m7A6c
zt;;H6Ty8v8W9!@)W51`?uFD$V5_LQ9v^TM(#fFLaFhub6XG@bdU22C0zr)W{6X}h%
zgfXyr{!9E7SDS~6uH#=~viJ)45yJW}aaS~#e~DvK%F-{1zkWRbE9|iOmwbt{HgoQm
z*vi5)zQlQE7V&`X(cxdAP%)={NvdFjp<iLOY8HNp-FCHrp0TqbU*ds1{b3HqXy)Y{
zl<S8@YA)aT({nj^<TP%4fkIdG{ufy6GH-o>3GP^*&N%J<<-r{EF^#QX;I#QEJ-^S}
zU=Ka-HCKFrA%1nq7ntH_bHAX4(J=oD9P<adeSrZ1^XTU&2}U=5jx9lR&F5GdGB@R5
zi<P?J3tYC$)nDLTxWV=u42+m%UtnZZo$&=`M_KL{SQTw}<#U{mn%h3d^jMH;U5yzl
zKgZ2fMsF`pQ%`+{<!S8bXV{+BaKmS~n`SQg41?3nwK=Fx|3&Usm{`v}GY6yVo8_P5
zQGMTn&ym}}EcqNa8kjRb$Nq-CX`kbALvtea?S*%y<zRfqSz!bXL_Bi$GnB;5^Pk~C
zW*2(d;KpY6&bZ##di(_zHgQkML2>p6lwX}~j?cl#7lWg7FzqFyYYzG~{c7-6xY*RF
z>Wr1m!WTPZKy&}2FR`<Eojsj#v$?spGr?7DRc8!sX)f)IyDhbaozb<GIj=L$v@&LO
z#`u?g(>r7S%jU?=C~0jBqx{ys!JToxwK=defz~*^_u?yN*=N|&HaPb)<h3(qe1@T)
zg=o%ad^V?+{~Qo&81L97_}bsA3I0H$;<AvlvI!xGcS#+T*yF~SA^FcXuDOd@WXmaO
zLIgld`Z4RgBol|^k4W|@>`E2^JOB19>{WgStWrDgYmBjWYT}BWEy%(XyMJUBhG|sx
zMC-huF%IigHp9W0)G~+vOeS_ZNNTP$IuB}$LMOkKQ{u`Ql!?J^dhV#3t&8KD+fSUL
zr-!<6)su5Cj?Mg%+h{K<j$@YBpBE<{L}fF4IVa=j>!-5)eny<*qTheJ5uW&|?0lf}
z<~Y^_Ny+aU%9)&rb0K<cfyK^eVZG&Fl!YS}mtEnU^^Gw(@;&N)gq2YDBPQ|K+$fbj
zh~`XgjQuG@tD|G=Q6`FG=Jrf1jS*WJm)iMW7OGQ^xoYWqqnI$-%vm2t2@ja`RA8lX
z<ca>#aZKajeTbB^Hck?U2K0=r^YIK+FdEQ&nN>H!blHEh5thk6<3~81N7A>e)WmL;
zt#8DSr)M|9L-l7o^l<0laa3wlmZ!53jWAjFKghshod$H8qjPQ?Jq$je1<stk8Mx!5
z=hnDbMF#e{{KXl#?BdeFowFkYr5-BlX0j<67-sqhW}wKVvOI6j<_ui(QrQY0>yv>U
zKL52BaMnj<+x(r^WngB22J~7W=THW=2I;ZF5PQ%Fb3*=&jR+#sW3#NB5pnbn(}3;{
zv$fRyusO03?uDuBL?mZu94n$UpxshfUL)kDm}fFDiSzVcvCf0zI2C(ZYx{OjNczqE
z>{c2E@FjXkWXIBQMf9&rLpSNCzy;~E8)>Mt{SE|aI<HH`NSPixFSD6xcp&@p(nw7H
zEj6Zmx+aYPC6!ILvxlizV)vg&#Wp*Yt<*kUm4=Zzmut%%Irn22W6*P#3|5+oM}~iN
zD)OB4s{78*mZf5si^?XtS$-<!yZw)2*x;sFneX{@Q7Q(SZxS#yb1G6%;-#;DK&zEH
z?lT{yVyusv=;{BgGL6_Eef`7$yHAe=%+0B&3=lq?9Q<@e8Xg7n?1^t*CnTJ$S*y6S
zpx}rQ!S=?JLg*@5^MeE%t!Y6Fm3aO<`X3~;VD$^4+-4Du-fiO-gfFlzkAeh_I&lQU
zHU&s=@|Om%QsIQHc6k`YKsznI6ZV|51m!qV7@)I~019>g$N=VXq%hji<$e%P936;A
z3^sybq+xao;DSMAJDpwb2C=|J!uhU?J@uof+q~q*2scgS1NV<^2XVx+Pky#Xo}i0K
z9-<3+(PM%2@etznUvrZ*qs9hGITN_hrT(n2<xF*>kRzUpj9qo(A@lEbV+cn)_vM^%
zBy%}DEl}BRH+_e>!i{ncPsiGGNI+NHscf0XmbpnyFsHk5M5D5mdS{Z@g^mfVrawQc
z!2-Qp91C1^{s{|Qb`ll{?RFAB{O3gAr=3phmHf+`)Hf3J$8D_KiK{mMR43^$lyQ%-
z$xif={ezttEfZDeDXiMS1jT>OzyjrTGA^a(7tVen`U+|v5xK&kXZu*&gzvxAqaN3Z
z&(-BRF{Mc-K3JFQ#H;FZotSb+Ctgt(qgk0mKW?hVjJh~t-zLzH8M^r-9eEBXrN=wW
zN9pKo@bqxQypT=|U>ARAqT78b9YZ_@r3*b~QC;*fc{<lLr`5&1M7pQfoKhE;y*z#2
zYfh?*<364q?hlTvi<y42cU{a0@SG!oV9&a^6)?Nk#oZv!=@Bx!)<u4(o1^BNn%C%7
z+Z231v_!!#i7+n+Y??v}Pb5zvX84cXg$H{gqd+n*$|#l=KeIRghot$Qy26Q(LTJ2`
zmdlS4z<s}yfO}njL0v6#Vwx1{?<5dUWfN^V8=QD*Bcj~K*hm*?m9efo-XG`xa!$Dm
zYZWRRuCgaoPxYU3lJfdBKbP)2lcrzWU26wsCCu=wwIcEbzGEs_t3?d0fsedA4POFZ
z{_v?p%9V9ULVuB~y#pj}MlvNCFL}F=bOy$%BlH20(-F+)2)|IwSsKMdj_}t@>|_K7
zNF9sduEZ|@<dYH>!8GPy8zC0P&uq@fY;^>8WdFhl`YSw#l(Di1)~NpJ5gb%`PIrw>
zjgW}-kBp#5<9u81GAoKZI=!RP!A3-|+u`pQ!3C}w?=-rMjbee5)2fs8iJ*_md>qCo
z7k%9$SI*!l4sk2Ru^x6Qj9DJ@DBq|hjlaeQm)o?l0y}=>?{3F$|Hy+bvxh2riLtXP
zkuSB;Tl)D7J8ntTewmG(R*4@+wyC6Pp11u+b>veT>ByV3XFBpQt|L>s`4Zcp(Zokq
zXsF;5KgE{QQzt5<vek?&(|8oAQXbcd%GSx9?`W8;^taX0Sq;HgMTp=d`ywdht@jdh
z=0tIt&q|5JXg(^W*!l>LCuZe|jnRAzVgAJtOi9ejR+-U!9FzUU5!{k_PNB+ZK4z=_
z(GgT8X63S-(R@6z`v*jjr}3O}ozX08*8PvdIKg@9Mn{+NQOq`|-&F>C7{*h>ydEYA
zL;b$(%*l<CgrTxwZdMg0;x*5NNzPE&2+xnYMe)G1T|;ub5>RfggP>f21Aq8qg01#U
z+=aTP6EpiwV$iPYn4GxLxqz?H88)_0$6}jVq1WEUU~_crVCE<tr`U-kzs^nS&$m3J
zKl=}Rh(l4&`-@ziy}-w7fy54auuk%C@!&8=ife2+^G!_RT>Bbhn>^?$`<HtN*?i6I
zRCA`7IKsL1Sd}gHV2)~%MzxA_?aB6>e3QtK$|^NB*Ml9JIn{$xoNKSuJNKqG9p%sT
z`u`3Z?Jd>PXg-g`<bT{8vjslmTSQjf97jceRdd`Fc}|{<U1^R<HvjSFSY+cl`xrag
zoHQ!`j^=ojSQS$hwyil9D*lS*qzCex+bUbx9KG!R(&iX#=Q*o2R?-}MH2>u0xR_WK
zLmg~lb4+&lhd0M!2hTZaup#tb!{5C*`Z$Xdh?qTYh6<PeYBR!aJm;yKU1)|}kN-e3
zO!e@bZ6@2@4989X>SnlY@|>|gwxSv4`22I4VKv8Wv;19dwLorwX69&s6*ogwz(1-P
zdIY()AIv$^0-HiqR$#H=%}`|ddp5&zj*6#+bN04C&j{Zoh_I(kaVp}!))e<59K=Pt
ztZRWaDX($N#x6C*h?se_DT+8M9+28)Q43s4rLvMVcAzO%q?wzWVn-U^+pF`Vq81pD
ze$V$mM<;(OeUY>LU6c!<Veev>VD@_#%S8ZlK#aeYa@LBWKJU_cFnhgANPy>TkwQJ*
z#Tm)$_AWNtenL6(m~s3alK<~h`iUGo`VR6HbMrgMRqJnj2i0oo#<yt=n6uu-RxP#g
zZCugJ{I@aIk=pfbQiRM09dXr2J<|~bo#xSwSnf*Q&=E&m=DLn};$AF_c^AjbV8PqC
zW16{dqrWd$-4PRg=IxGH=no#}VUWxNR3V_Re}|t~uY3pngQ>IML2=L=_YNvUTH!mG
zW9bzgQDLdeI^w96Ue*!$;oz)}m=zA5>4Y&+{dgzLiMsc9!menrvJ);wL#sLwHaF*W
z!lc+s1@B@{%$(8*t5f6o@1iQzoYV<>)0T+Txzlx{C*H>RdS-qn^set2^)3qQI}X2%
zqWb2+w=tx_4=LwC1IP4^=+)4i)Dc%2I>vUygcpJ%J7Uob=CF<^&u|Rxh;<oezmC}0
z=wo`mTW0jmTNs;Zo_h=TGNVu5!mup!`dhe^6@B;?dN(#NzlC{Ce$%rf4rd!%-oo-1
zjoePy^rAVq6Xv~S^y`EbFPVKhVQN#OdnX)f8tmE$H=3GNZ{v0|<Ko+x)I50pZ7gYS
zo_!meoA(bV?b{Rk>xXUlX=t4dfBbDi#@)1`w-`BU!$k2+jh$S(q%VFpiGYj{8l<3@
z<CB46&J+cgxR{zLvE2%mkeE`ihl{C2w$A4i3}@%XKf^d|j0?ksw81WvappQ!%o*!K
zHD|6Hh-<rO&DY)Q!XwUH&)Ravxk<_q4DT<q-7bug>uz*mh5Sokw({8!H~Ofgl5JMm
zLaL|MokjIj;)I9opLKO(f!3o||4;6FpCN4K->%?qI7=HKvSkWJiLvPl7A5w*S4wQS
z!XpAdm2puToRp#enhe)5j_<Syu0=xfcQRD*G2vg8@vUo)M+YnTN$7!$KhXG`6mpg-
zSjoq(tHi^550)Z4Y#<-Ifws;Q`Ek^<vHNw6%zNs@*OBwiXItGXUD(bCu25pfo!k-O
zdS}gfSeY%S#D$@J;0`jjmQXy4l{nFt58OTZvxzS3RNhSJ5=Bl-Rb#`PSgm&9D&nU@
zUFfPEWVPS^d*JuMN`Ypq_S^rpyd?HLMB^J-tKjc`$G2BlsX~$}GL}{W$G!t3)?dMB
zDRPIqB>ofj{mUAWTcYzV>yi4iE$fpyAzvDuQi+Ywv091@)NzcDPK7OJ7dOD9vJ;H;
z=f3YEU3K*1`}kMnoYf@Zm3cMzYm<<42*@5=B<*5nEo|n^mx(z9_=ZX}cE=@l+QM}y
zw$H*~enxZ8mUB3ay<DPClGz>$^X1rj3p=?)FIRH5gfUX3va>2%YvHb1XR(C>JC$|S
zx-1Xl4A&>;>1?5eO1)08h0`4SY;km%6GjQgJ~s?D-9mR~Y^;R|9Q*Webr~PVd5(RG
z+-!`6h3;6Mg*_bmEb{y)H;mC{mHIzNZbXwIlB_`ziV{1{6{0mj!XXYvsQjexgH^(k
zOw1P5!c0_(DG%c~F8VIVQEJmEf2~cu7{?)7%8@wwv*^}1sQ~8EI1bB0c(qH4Z(bY+
z)W($VZ4b_k<EDKyqaP(Mb4(l~-M^%CACK>5BV6=2DSgl5yWR)~O`aa&4OTV6G_UVU
zBTVt}oKm0fQX`c3A4v3LzvbG|2us7fU}M-fDvp^Eo?a616~sv-@bu1TuzwsEqQ3i$
za4v=C<i~<{8(~(=ce@c*#Yo|;UGoXvIh3DGK9*~F=T3$5PGT$*xgt%3S*#Fmj1XU0
zCyjfy=0C4Jo2*WpP5v+T-ZMOo<4PBPyL+mqr>A>nx~C@t4GfqgBvO`SQxZXfq->Fr
zY-#PaEfSI}*p_UqS5|V`^@2I)OfVD71POu}B$xx3bIv(|B$zXKPYr+(<@L9_-~IO9
z@43%&e_)<MRdscBg>&Aw>eQ*L-|S63=6jPg6jn;CP~&@WBQ%urQNP`hvt2_W<2Lta
zWj0JBEFSAasMkq}*PR_!YS^aaJN|ZW@=S>DP3{jR_a@JUaEr@~RT5ht#xBX89j4LG
zH!>VKLnBzk_(`vaGMg1fAE!NzU!uV0qmt7tg6n+XFL$vqVQhEB2hf9j;2%_T?}kyz
zcY>a{S-&v)Yj&3~3i(dZ06q6Y7`JqiJEuLYQyAAh_Pr4La{_k5n|m;feZGU0{tjNO
zlp)KxjHX8W^iSOTBpc?$O~LNS`7;;MBPDiK#xyB*P$rR(5Yhitp7qm8o^_M&MIQcU
zFS0;O@~ney&a<|=lRRrEccH)=yhLVO-6)e|Yq)n!PPCjIx@nk{Xz*wDBBzH*Ko1Nj
z1@xnEQb0cmaRE)OUoD`ogh@d2#@;9MUOF$^TSDl{8~ds==U5n9cw>)ru}vY&aK(%1
zLEhN&)!gl2jNpxZ(9McMxa79;L+HU9`?8k1l3vKA%m5D?8NyhP-6e!&T*{2|=FSbH
zvu|+n>~NdJnMO89MTgj9;<ta|HD;Gwcq+v9x-g3KsQ#qYT^K`J-G#+`@pg`b&2(Y8
zBR0%M17=J08p4;AGJKDR%kX8MqzoV8O>R4uc=)zsp(nZR*p&bPm*KY=o9RI}IX1zA
z3A}B)ICJiJaEjBWNeUb1!CWOa)I;q-X>(j1NdNUwC$hwQJBiht=5d@jjeRzbh5Xgy
z#GJu3@R+}P6Up~DaW#8i9QXOFPdRe(YG5Uo?|n(W$1#@VdmPKSe4p&hxsrj-yybV0
ze2?R#VlR&4DPK6b;L16cf%ROz4<`8@M*+$AIFU6<o2}(;&%hwQvv{23dmI&dd{msc
zEu}s1<gU!XF}|}n)5k{8n|$%!aUA74i|dWtxfz&Y(x+ZFS<g5gnfB9kjPlc`KKAEM
z%)m*D(k2Gj<8%^Y_RVx`3sBnJVD5kn3=NIezNHs>5Tg|06$U0I^ulzJT{Tc5#`h6f
zP3VPFME4Ecl;X<_4B>jAKVu~Z#xt9^=W?zW=E-c5fmO2I&%kl67xp+=AL6A>`>qdp
z3Jrm~3OnN?(QI$`q2L+45J|XX42=^BC;pT>VhoKDaV_DQv&u$|`}?t}8ZRg9)BnGn
z5#zp}xL--TmxOTw8z<qY;2*=SkTQxSl!+NLB?70x2@)Z!A6B+gn(;7<pT^FGX_Oly
z!dNe=%lL^+bw(KbC3|8Rx1|~4SONsj$lx$xN_}Jmy<HtTM~KWu21jw#Ef0*ML{ljK
zv=$*rc-!;Q?kG-qqdTK`<TW})an2W^nBhhT!ULQ9_4Y<_(|@;$%jZ9G2-h9mggV_i
zkVx(<oa=xi;sIe$4oV$r#}3%w2;FLr^=vASx-YYf?a|8_TH791oYw00D5de(0T&eS
ziT5zZRdW^nsxMJYp8GdrI-r}TQh2kbZ~g!WG=0ejxT7mGa_~ftZOy?*&jW$4uSoMh
zzzLtaCI^>%;kh~JYSt-fk6C6np|k_eSjvL;@x;<g-be31ofYq6VDQ}?A7D_}UGzQ{
zg+otsa3j*NEC=hNv1RXJP|UlaJto953frSkN^n|xl&1tIwa3&{mGW#%jg4(jB-x_y
zBHKHXzRb=T*d9;pFvToPi!FK&T{BJ!c^@LLrgA$6J!)DHa?rijD-?6J)+b{>z>zxc
z!Vhu2jxy~-bgrvU`4E@u>fJxYiTZisx(_k2u|og!d#=Hd53%Pt_1*`<$>;xh&WEUI
z`it`)VAl)E<s2M(A-y681HRLi3hn=5WKIsYzGzc;%u9Oj53%qif8P(W@g=4IhnV%U
z-j$yHZl1X2LlnQN&_4s4H|Y5x_BU56J`i@a_}!@wu)L*mG6(Bhrt=NrmMRrAGdprT
z2N$z>p)*>2(&Gb6Y|X=`TYqxneT?}*toS_~{Q+-~TR-sjX^+ltWOQkdEpMb!%$+y9
zPpJ{wX54)bo7(c2TW!5J-b3ehwJyDf^X<Ha@8L<i?B3KhZ}QZcZz)&a$Go@n!|&tF
zTfEF}Z^zEQhgI*?%l`$+->KL07r6Cv?dk`}drvF>0Daz@@BEhSucy*pp!iu``S;GL
z1QWKu_D%t>*CFNVUMApA|5Ux7U)TB-Ua9mUI#p=<MsW~pg~+%7$$XW<XT`J!L2l`P
zK8QToy)lU1a`bQz1Duid7S1@;z5(2DvWFIyDazU)p}n8Z2x7MSV&4!BxmiIF$KBj$
z^onMV3!<0DbvB5p9)-f2Jdw>7mU|<+0yKsj4-etCkv=7eA~P}}fUBlL;VJ%lmqOU-
zuQxx05=)yF#CmIyR3)Pl$7zm=c#GiLdV!lr?@TO$;eXq?i6KJbPHOJ&;J1ONF$@yD
zw_=2z)#H32)>t3IQ^`IQ!x+a5aa{@*L@QG;OX)Bp1=Cz6g-cxNdt*d2B2QB>R+As6
zVx3ll;``{49WhMy?i7yN=xrzmQ!&^uj-?{cj8M#C^MfTeruupKxc`G0Hbw>O9k;P2
zI5#Q7b<_lE+5-i&Ov>p08GGQFRr~E_jqq`xs1f!GzL|{(&L!M`ia*=Y2oD@T+Vvdv
zF?~cPPBWu0lc<|cF^^?^Q6`2t{RcCN+*_9#VWkq`@yf@upTk*KAL_{KT8G08(ZdtD
z+YlSPd&Tq5VZ5pDX^bVN|4w7vF(VYS*#B{_=P)|-qesu-X-FT|7=6M<eq&q<mx~m2
zJf=@>jC(PEabuLEL?|XN^^=F0Sdt#O-4Mg$k(<Og;(W_49@*az`!XWe8{%39>A!O|
zA_p7dX$|g8uScy~D;lG)7GDN9Q#-P^As*M}n4?Z)XG7%Gjcjj-gLNaj8{$S?(%O6L
zMXoi()p`VmkJgV|X^1=Z^X31NjeCvnzgv>96Ti>6ojA4ra8ak2wPO2WGR8}Dr0V{Q
z|2sSI!NLz&cPD<#50yO@(#xILAQ}f`oDjcD;R4AzBNMMSPRO_=sTA`>3SE%-b<#Z5
z5jrPx8(9i(a)d6)IOpJ-oA({YF&TZBu}9_(dydE`X2u~I>zHv$<`<~%qSBZ=&WTR4
zNr--k+=OpVXjG3~@*JURJ^HO5ZOSIaZ7$13FY#pxUl6?|*|^KieCA2k;%sb?%<0*f
z?FdcHCf;aH&c-ZePRb^zVou1$WZ4>*%^jPK$tGsruq+$roaW$cf@{8k*%<B8duC&i
zEA4Je>~onHTH>zS-Eou>ybbrYM48uI+5+2szJ)Dt-lxxOfgVQ9fh{o0h&;%`5yQNg
zh0gxqsVt22o4d34X7-krSY!q7w7^!&yxs!y1M#jckr({(a7#=N>6==hARJlO0;OSd
zWeY5gG~C$|=OgA6DnIJ$(*jSU`n@cSkHybtVO7jLkcB5HQ7Usos=g!(Yive!yJ7q0
zXQ5Y`UYv!QY4I^x*pg=U%fhjAb3;pPjDNa58&@-YMJ;iyMlR*=S<B38Nt!a{VGAs(
z?VH^aGwPVrTVinCXhBOHsjK&DiRJaK2$XeR1G8rqMmLOh$-<e2dZ#R0Z`db<|7#!f
zzrj8xPpY~|B<KDMIL$2qibQti1*{SSTVB9E@wc3h=iGe(;}Z8$&1E@Do1nk^4scRt
zg)iWS92oopx^r?^;q0*K1#IOMWt5BEZ;F|&!11P7$;sh#wZr-s(2Z|}?sl_vO>xE@
znAsHfxrxkqEob!$Sf}&jFGoEc<~BhIrzG8dY)li3@CCXyK_RCk!;B8In&75EX)8^3
z@p<et13RC`Ic_4e-QQtq6U?$G?Y_mfJda+1!2IViE<ok?4dzU2g3Cc_$dXXbLMk&%
z)xQ*GGhe{NaNuE64B%~gKhmL$zBo!nOp39)O))<f*w7Rk`R+<_N{6*Cpnoc*9Z6+t
zn&L`oU~p4(vZ?qAJ7?t!*p~JyqQL1&UQ?8%2lh6>(R6+gVO|F7+yrYg%&X6nq$YT?
zx`uM433k^oS2n@f8ncb+ei-4Xw8t3udeTnmUK?(wbfQhtPO1OvL{ZyNp^n_XuVXl)
zZ08s|)`oj3THl5^BVRX=b9=vzLwuQRr_!NME6nB=C7o0@t__B$fv#<+E2vM0xI3(E
zgX?^ZuhiJ(*4U*5wza0NptN0jhm~zGhnp!q@v!-=F~A!b-kQ`mr48_PSk?wt_?Ta2
zum`QM%?KQAh114w`Oa5|#ceQ?n<+i;vo)>I#|lhog$WilQvbk5^V{G?fX|z5p`1>w
zaE99{%?q<LBtOG}E!jB4?UdF;avo=6LX^@fqHIGpI>iEWvN4=@LS9PFy=)vyp|rwO
zHX|D=QUimsu_u+%O6{DR*~m}hMnY+<Z#EvK1#Y**z;sS?({rw7<3OAn8fCDGmROPz
zIM5Q?GAM0PjgKy7V^mG<FtTP&_f}X|i?a2u&BnCBnA(9Wtx;T?vgOywS=|Qr>rh%*
zU3RWD4%H1TY>jJmDeXYLoaJq>us)@AZNTQV#_$G#r>!un0i_LXm{ZaQHyhGCUDk-*
zrsis7mbJo(Mts+~aqhx4D9ogJT9L_?x5Cp*b6_hBe2(urKlf2_8|;66PoN5~-4lc>
zl{X7SZl+?lpcL8sc+2io+!w;LQ?W)ghNWVgWL-<adC5MIf+Y@~XRCwlOTjTmcq3sn
zW^ABe*&36=X>{il40iH7Q=RNd42zxNt1)y^jEnT^vR1^9@3JSyaK***bX3`R0)%RK
zKnzDzqc{D!t&>sQcH0}G*r4$|hc&i3igGPn9K}N2D5PJH)j5jo9{XYhQ@lLSQZG9e
z!8UJrTZE>zv5|faYg`0#4SPTY-AuJdL>OQ$*8b*R>2L0TQ`%(y6<?(!;)e=o4YW2N
z+xSO*0-&p?pS4MH>4YY?B~}&oO6DSJC~2gFhL56;u+dlHF6QpK%t1DKs{AlyUw7zm
zDhk}@l2j~o^Ht;RT4+%!&S~a?RNT}4$nEFNqEvM9ER?v(wXY%-WqiQTGtFT()|u^r
z34U{kjd}j#)pweGuW}7*loK7oU7h&q*CaWFoDKXSLkr-c$Zp8!DaDTRi}R?%yE{4*
zI&sEvuX<l)X0_ie<!k^W1anOQGx)|<UomHL5SO{`E0Ngr0JcbhJ^`HMx^I&sr%RB!
zxdyPADF*^L%FNjTT;ui^yX2f<L`Jyb%~K~U2w<QRxMg7qUq9;a%DEAsj($5~r!_Ey
zZEE0t5T{iRB+K3GZV*r0f#X38)_BZlo$V)1qz6_6u|_{xX&X1AYMt?Jfb{h7K((IU
z6eK-OQgfKZwgfO$3d|2+8L#VPN6yk9I&)mUgRx@z0u~q*z#VQRbX?AzMMZNf`T+_X
z5x@i`kQcy0Ue|H1+%fbVw@z5AvL_bys^&!t=ec#lCU<T>s+dM;*EDwC!eh<cWud>$
zmvr@yo(8bj(?79ak>5oS{*qXkQu-L^BCv8Fh6&*fKAaGYIX+wxt)4z~lZ>NYjC5F|
zy!=wqhaSRsJpW3@?s$k(#LsyMIz}dY2w(8{)lN3vgWXPhfCo#INIwrADtw8mz!mA@
zL4Q^4<`G7!y`9f;E<G`XBSb%PI#kE`+GMWeSK<Z>xi9g|MBMKx*N8WG@Ofa42i^Hv
zVug@%(L*Dh+9_XRg;YH$KowZU+joW|=a2_Ic>C^UY^;YgMPMLRi2a4@2-cs9aGG5`
z7|AsSwek%e;}r9Pj=9RN>b=STv-*@|Lw4q0@Oh<d_(^5eFR4`ZU21jJ^W9W+Dyo;n
zHmTHT<^q*SGv5tx<n(dls)N$zFg8y`DKp2a*v_X;vE1RYivG?i)oc3qt88(urE^=H
z{pm?toaOPPEzaI_Zi`cvp0vf86HnUWtWW2*I7`x#wm9SCIKo?Iy22KvqeKbJNXK^G
zGK*a~1LGLRS9VXUY+5>Qse$}-^yDkMH{3a$;@F`P9iFeVk?Dk>0)5hPNaup@q=)rN
z#|=;5aT>aNc}zbadzglCzQENq%=ht_r3Sm0hAl?mNE%KW^hHNZwm%J5OmkBjo|-f+
z?)cfFG<3Dh8EF`9t<tN$e^(VIf7pN;_jH5m#wBcBJuY@M;NxO(gXFka)+jkH7B=AH
zVr+xzagj5<5lZ>j_fpvC2FO<eT^gW>fBi^T?yyF9?BcvtWt|$}uo}2j9~IoT?w~uD
z0B@<rpVQfe`pDM<JL;o|+rf_X<W>;h_3-DsY;%1a_6FwBbKK7QpfC4mLzHq5*~?_J
z={YknjGp5la-=_ZGd<_$&sp3M`mn|AxGT8L&cQ$~k%>}nv(qcYZq-A6C~%}6inz_r
z$Z+mddM-?ZXL*G2i|Qig>UuaCp~15@nme>1ro|}jVvLp6!`+xUtsZ)&@Gaq#k2*KR
z_SCVygiIPB3dF4wI=&!|oq}>Q&i9$R#BoOmA5SMR9yywhl@gENBeBEjI48xorIV&N
z7N%n@v-+o##JBIIVUEo6tdZHxH0+V%=h8^W8)wq^jiDuJ#C`1XX&B_<d8W8nei~8H
zc<(gyQjKo(>$Z;AnB=xs+oaujo}L;jwJ}PI7uvX@8Pn)j=Z<;1dF(T(IN;%V%029O
zDm8h0dn$H#jZO6Hv&N_5qR;M@ij@Y>v)5n`Q*gnEUrxbN(>O=Jers6@_W13>6im0&
z$tl7-YrXz0-S2wiInslFPO1LCqa)$$IlS&|d}tQEjW2Qt=nCO!Z{wn1PI(&-1&TN*
zhR42*>!LaOZFH9SA+ePXz5CmQhWOguVW!-A3)fl3k+(2dHcQ?jy1tU{T{@M;Z{eXc
zI{qyTRl;N6LZM<ldJ`*@GQN|ens?vCNR^i`)otE*6HDCJC_GJnXY1S8<VjiaCeC@x
z#cyJWFJ<<dDDs&D-lQ)N^?nok4f9Sr^z^5cx5H$=d7&M4S}Dic;fiJMZ-<e=l&$Ts
zAZV^{hcTfapMM*3!zm^0ur+KhXoqtVv*b<eil)qa6Julgpf`!@y-RuSr-ZJz<EHwT
z+F`sMI^7P7Z1YGvY)A|3YKLQK=H_;|njTu!4qfBs3VK(3ia?J|so}le77J>q<!y1k
zM(BK7JgH%xZHtFB7mAeJvu?`aH?gj+dE!kJ*0avOjrH}kef0i%=Gr$=QeUT-?e(>y
zb~s$$oY@X*8fa76;ckP_gm&oH(CpI=gBoew+hIkcP^Wg-*T~FkheM6Ehi!4Lv3aL0
zE@jRVsE9|;r|fKt5lzeuZE>SX%Hg)?*VNq77H6BL>}!jTFPN*_qVPL^IMEinU(`$6
zV%|%M$Bw@|BUCjGo=ceGvkHdagwOHoJ^siY&$I4?s>Ik0h63(mp@;OVQ8KPd+bV5^
zJ^<flpj^9j^cG|5^dz&|qZ6~Dsa@h=gFV<xx?aacZgR1U<xKIQNap4dGIt!=$r-z*
zV~q1FV35MD=oqiWPU~2zbd{^@VfekEY`zD7j!pGosPG%k<vJ|%;0VWTGbKh~qExaw
zc}X*n+$?kCZ1!Rbw}-jH*fkHHF#D_rqq#jyZ|BdKd1+V@<(sLnT^v-{WghJ3_ApCb
zKP&VSquZIVhshrya2xgnpcx+Efab16fF?ki^1fg^_R}n|_V_VQGN$=a?6A(7*yga;
zn;6TCktXK^6$aMI#%Tlloz@HkH=TBG1D6zD+7pHCurR<CUt^(*8tG(Vz1o7}2fNu)
z6O-NcOn$gBGR4FlO&x0rdHNjXTXWd=M&mWy(_yekz|<-{)1ea26l?fAHcCtGdGFzS
z-fwb`wQPijV#)5!PnuHN5=YKDjW{oL!~w>7YPiT^Pu=LkE&LzKtlW)W&e$n8CObE>
z>i7QtWt-%B{kc2=e@M!#D!bsWZhT^2Q3<<IJ#Gm(3*Feo!N_2VomGhj#CE7y!NJHx
zN6u6?^7yx|Vr(0SA+aSY)rKFklsj-sq)IUIG~uf@fkny#e1m&WAi2R!h^l&ndl$cB
z&|VivZg3N#sy<gsykd}SFAOBl)e@q*>*S}|hr1X7yJ;?aY5?n9958HE+2jC@sW!p4
zM=HJcuA2=DpobPC1~N&bo*1RG`xd6_v1=CA>Nl%!*@h|{IUq_6a4(W<fE!V2fHxDa
z>CZ+`B-vYu8uBVGa^#$jVkocTDaJNOaFf~dA{fZ4_(0Ct6U6}z7$z%hZiFCYd}M?s
z1*NTY<*tjOfWxKhDjOa_CwKg5n3Nem&!XinjG}@A$+<dv9L8$hz7WO<4kXuja;HWy
zl^Z%;@UnAZ-0|8w!z9Ql?XK^m5m6lCH}`&9M^8xT=wk^T-I43)z>#$B!}3r%&2JvR
zQ(_0waaxLRPRBxrF)y8Z)8Yt?*|*a$OXhi2%B&&{JLUN4G!!_Elk}@tgt<x;drTS;
zGoELXi;W=6=8E?qET<Zs>DO%?v@zaoudulbVan4@V<k3*Yw;O2E@{SO`qiz6sp#yn
zPo@$?=6No9*pXB`@Wi*IVyoBKK)*g~3=v(Q-8q#Y5zn*BVE0mR)`(w7!D7=mO}~C?
zNeXuQ?HMVUVyP2Tgra|^quYFki1c5Q<DL4OTaT<2lm&H(P=&|T<(C0GtV0l)Us7>N
zQtsD5H%Itn9n5uvR@5OOXcpGNA;)}?AE7o!)WLWscj-MtF^AQ`GNnl3JXF718~5GZ
zmr=gQoL?J-9wOd7y=HN3<a4W?CtkCtHU{`8w%ljltc@o=&hI;!p<}f%(lnRV#!Qp*
z`?da1No^eVn~Q7Xik}q6S<75l8+R>!Kl=5Eew!YRZ1Pmi-Gn^fuaZ0`%1|xO52_^3
zvlByilpAxUSXb^X;MaU@E@zn=1Nq$D#n=rMCs^!)O1$eMekDnVLN}H=t8Jl3V(;aP
z6ap*t<D3vH@}nbHNSDN%6@HX)g*4Q`MiWbS*j;EsafMXKa+X`@&5w{BkQvG1i?V&&
zU%ddEGsnU<z5tu=VmJMm<+9KDvB^bKb)Cx2__0ro9rDxMAnkR|%?|i+%N^V1M}KXj
z^3A$K;)ACL=z~WGk{>)XkW^r!gIs}i2__ZT<sd0Adg)EZu9NbSxeJ1ce6IF(<{Sy)
zBA=@Z6?Q6s4N81(02laN-Ra8R8pHxl`tGP~cYp@9y)i)Qgc_=cmb*NNaz0lJb+#dZ
zrMg`jz(GD&mw7&#6T~?0Iqo+i|4&4Wsnvh2toPxMY>JO$OQ4GnWr9)e#TC(7=|xY;
z7?@!3J3YkW<3ygPGoHPKu^Aq0WcC;jO68Q@gbAE4Q~VYuE7Nh<8C$Ajm6EbVCl;p8
z)rHlr(SPF;)YqoTztd~fehJ04H%N-DG?-Lui4%gAij6ojDYn_cq+%-wkz%8?GmH^O
zzRm1$K?0_f_DIed8p0voep3}j5`D2^4+vr(Z@(3;+-@OE;_Y`vWhBvWt1;@60lfWg
zx^wRav7fi!2%UAJ?$KlS0$9b{ufUUgA&4H{bxL)86SBE5NJ?_(H@+(JLP;e_&y$k8
z6i6z`>p@bI+@OfD3jtIxdq)8Mczy56Ij4fy%j-K)VcWQG={TvDJ-oi9uH4;0OyKoB
zrE<-3Q?<thFp$^xmOGd4we$Lp)Y+H-rs{T&01;YBo96jwK@h#Y{guC~TdQ>Z5z_JY
zT2E57jP@o~%Q6pFEd`#WYU%4G)zTtya%7?h=UJ?;2c5Wi*I7B|38{2$-ql56+#9PB
zyQ32e;0pw<4g}7wxHeYl_{~*%cX$fdyH8_Dy}Lgpsdpd8xZbUZCG~DuN>cA$jd8tu
zGM3c4BxLXMhFhz!<1y@2>|HV3<PCSkl|!PpL?xgx*3EXrFvo4LiD9dotK>ZzTNT4u
z&7L1a=LGZb<zdA!l8}7uc8Q1TIN!@A#jwsB8yUk1FU|bDJ~ljt)4o{W7>UT6m1oMH
zR*i!lacaoL@nl0D&qy}p<T!80zVT#3ZpldM=-zRzqi?1sb@Y;qq>jE$>QAu`rdN-H
zoGBT|=Q{d=%J!$@z8YVVj!|4kch+);XW%?1_49RB%9k|alZobXQor4k+am+>_|8zC
zkBz4{`Qkm&QOtLS@{Qd4aXd9zBzA^6r(>sSUroa`lP`Swb1%iQkQ=MrwfKTZ*MPkz
z4U@RBTDRaw2S_glhiHGJ+Y1xA{Zc}=_vN}hejy#l#mKpIY?OHXQHh;N$2BRwpPzI#
z=mWMgYXnu5*&WldSmt@Q$m~%Xj>_?CX()0USLj!<)}&#hVoy&a3C;7&aj^no<gWOT
zGz?bxRW^g&)>#{~-1cT0Pux7uAdRgjMy|yd+Jvx;x%8`B-EH*u*jG|<(!=xI_OJ`Y
z$i49csW|90cGIuVnx2XqKD&P^HX1z7F@tqU#dRZoD+Oy!;~M??t#v6l>bDoBpx9Dp
zrwGgbGyZ)`NL)N%&Up^+^ELOrqCWgNY!vm&nb;?G6ZqA{=EY1RU3|MRkFkB37|g=U
zGcl8yqcc&;xCgsKvN@dFRdD@W;WP(jqLadxmV3L*zL^-~DkO!!N%LK9j6)i~a`=|V
zJl}{uk2v2+uX(BwZhC*g2eNsz5zhN4cC}#^H^v@=7jo1LjcSZrrg@tl@pG@ZQ?1a=
zMp$l{*BfDn^=B$OV3s$+kpM^0ouc}p#^@jA9wN`h^nHzSGq#!DzdX&ixDmFc-SJg_
z`%e?9hLL{%Q>?&^AzU>+5jre)<1pVRU7tAGw^xcCaHB$^>AJ_!Ay30x#!slsmDyl7
z*2u9ZD&YVsXPvXdP&bLmo0axI{gPN<uEnuHftADp^DM#wU-M(wtTQ2bhke<?6^;e=
zu^fWm^JS{WSSPz^VU9C)+`=Zlq`OLCTP*BQVyi7&R+e*{OO-wGW2tIi_v0X6LR;<5
z8E9d=_HQ)1byn_2k!~OHW1D`e>WuWPDlD)lNLXM-Fo^}01PKe!J9bN~X9#B{n-oH4
z2g!>HM@~ry+qiJ;FSBDojF-8Oqvc$<PH^VV452G`BDG%OK92SfnGNCw7p{9<AB_%S
zvC1*uYBxW*zQ=9f2oScVLXT@X!wGS43s#bC6#<fM@e={U0eofA`w{899=<JAevI-*
z3;e2@1P|`Vl^MGl;0yZ%EKUdp0f}p(H7S7Jl0p1<y2F}pVV%PsYGD@3ru+{X8(^WY
z9M7ZHcSZ<=kusq80ScS%r@pca{OI9|O!VWXOC9AG`m1qDU91{IiB-F;tHi3^#z_;`
zHLK7>U)}C!Vy6C3dB)HF-{Zo)t1!bIKVgPr{v>7?VG(BdI$<bG{c>2cxBHWZ!aXgl
zWWPzAme@+YD#z9ky5nSctCJCqJmQQ^;SQ2`$1iZPE`Drq*>_Ex<(u)_)STf24&Bu8
zGc|VG#4^pkVA51O;QW@&`2R`%tNs=j45<2sUVhSNH_W6yTk22hvr8t|XS>X#KAYuF
z>a!gt*Jq2(q&^$tCw<1r!*zuXGSSHudu))P`iP&d$(dpjE2a+|=VlKL`jXf=17#f8
z%+xvzG0{WcnmjMtN36sRYio1dFspVFHxTKl#tk!SbKEedb`m$7tDVFR`L#K2=vO<5
z8}<`%ajqA*Vr6}5W1Gu<S_|a~zJ60>k87ce+pegEi3zwcU1L{kp+vJ!)*`sYV~$hP
z)}jWschy2a55JS`p_dJ>g}y$!do9f5+I5JLv$7U$aMvWOOxCp)cANI?nz+uF%n$i<
zX4JxBi-yvo0IR5pvVeV}Ce8)uBToj|;hMM+jBTrlz9AZ#UBYZ>O$-jlX4k~*@JUZ~
zo9wCDPbh3meKoXkvakAQCi|*WW8PPn8YTNGFEiO!7aH-t+R-T4SJxXSvB$PXe0^YH
zqvZO)sm96mf%%R2`oQQ$$@PKVjZwj|N2$(6(VO&mr$)HOvBv>V?%Kv!#<53FAA8&o
zqkP<T*HYd(1xD_I#^{l7!ByyIHyU8M-#*j;N4TlaIxA;;L&6$-3<ucW2Iv^HOB-Mu
zcfr*ol(VEE&T$u9^TKR#1FQ|l$2Y)PZU(U}k~^s(in$A}n^BhE09|5sw+5KVU2t_x
z$?e+^7r6_r8L6ye11wIp%j;twch|DS{^)K4j7}R^rL+F;p2FYTQ*dK6q4?1(w6yZ9
zhVoPPOLX9O{qj3ooGvqYXG`LLGwqo>Tw3Ahz|YxA6`%NKswfrA2`UDNk?k%_7t00C
z*!AHmCOR5)Rxyf2cDpc-aRbN0a%86qx8&oM`rgV6ofOdKAAnIp=s0((Q|a%y3Al;O
z5Fu3Rz)T?<xGLCJ9Oxr*s5C%|EOlVIMA79^WQhY^9sgQYuiBX*0!_Vy&`ha%J2Et#
zf_#DTlo*;S;eOKZS_Zw7zgImhVYXmaNLVTSjD(38>FPkS*t^;W;aOYicfMzDR#70j
zAF7xm8jn>Bl-y5M;)g~@H##|DQ`{KiFgm-@nZ>5L`NDEnH}Yf-lzO>h8&ynp{g`H_
zE3!c)q&q`M+DUW~xmQ&8SOxt>W4wY#V&*)BUsg6zL0?B~uEJd{UUg!-{6i82&Pcfv
zi=6|ipZ`gvf9$0ydJB;yDhZ6p4i%S0%DYsG>{5yN>%H8V;xPK~Zcjb$#u8@q<9B1k
zFS@y(^+Gou%Zo(rNHDTU#a7qc>hJ&TJCOq#dJ2(!8YT+dum3vHzf8vg@eLxlQe=;Y
zhx85&`yG)T8lfM4f7v`aa!A8Kr+!2uRA!vi&|OI_*HNGtr!_(k@vAykxgwo(9CA&i
zH+9q^+ccU97b|T~8-Gt<>BQ^S1Sb{>scW6sEm-56{IKF`CqJw>#z}DCuj`#Ca}2Kb
z_xZo7ZyLX>pOVqqS|ek=kjkAu3)U(bE5+0^GLDMY3Ymauq?BK)J*v7csUT)df66om
zjtH!`1DAzxxrEODRsXyH!5vzq0yr?=ESbcck8*^)%3%^&-t8!rxLLtFBT{fmsmE!A
zZ)1%5^Bs}_{Z+O$hCOPd)iHE*n~P(paC5IAQ?%N|nYU=~+=*eeZcU3}xW}9kLr*W8
z5<@?4pdf}xUUOm$<9!h-XN!+}X}RMIb&a8~VRnw8zsYT)mYAWjG3+qS(J>VJ70S86
z&ql>?-5(keBMGGUj1l|nRlUAu;U(ZD<$yr2H1iO@zqoE9J`3Dt{eoa_Q}KX*@KMp+
zq7q)^p57-qOd6T<9emWUW#&Ycpnt-du+to`VwiJlrA+bFV*MoiaIY{x!ep`XUf|c7
z2Mb;JF-?cbf-=g5qe9c8E({fwzAj7=&GQNti~OSPgAV(ig1Ziqf`gcSM?n$WQf==*
z<&uidx+Lu5E|Hs8%Bk<h?lSztyF{)8<qX3TA-bK>V10*PBr01O7Ky>d4E?3pLWUXA
z<LWsTe68s<2mZ`<InYD!&2wOcP+mQD>L+ac_4N|oQRhndjXFodm+52q5h|60+jJp)
zG{4S%keD2636JT5Ud~V`sFxVd2tT24iMUg$9&7J?KX^<>&ZmT;1!Xh8Gs~W*6Kne=
za9UKx>$oF^d+X>Yk@&qLDcyDCIU+YS%wdtM8j<%%xrRG(KQ5zOkqQk5T#=qSuDixm
zt>OOs`#}-_IaJ&lL0zHYun?W9;Wn42+eCGcMsG16yK!42guhQx@4JZ^2hO;0pG8i%
zaYK$AbE7x6NWSBYoN{B65_#yxX=Pk>+f(@ulI5RIl)wF(@=FrsPu7y<PtbVzeKbsv
zBRxp0I3wLO%;V*cRU*AKqFa$k8qJSn`Trf`qj|GnUpIdAF29FRd7$FB(6rQz;i58C
z#Z1vVRHYu_%l1bc`dJk>9O`-%j~wYVq(`%rRsL-}iE9UbJzT)>sypPL3Qd~@FDv*F
z)op^H98hpjXqxZBKv7w!V4~=qs$g!SZo3@z8imB~CdYqYeSVbiv80^U@SZ|)dyHV7
z(P`|d!*zZe5=r&hQs}sb0*5lugA&I{ajFN)oT2+Vjg!z(jnH`Lu!a$8i27`fIw5(!
z+5n%#0}_|3ju1vCd7%k@#p+;Ti_pzMa(-F03=V;tFO&)vN&7>B`<6)XEpbWtQ-0_7
zYEGDim$xVwFTPx;V5*csdi1Ik?XRGR<NZ7Z=N%7{b0O__SA|VnwYtj`bac2k@w-1~
zi}dtu`BGJx!Fp^0$&lH?Bnc<Qx)kmyHL7|(2EM-2O;CGqpJ^%l&X8K9wss0{Rkizb
z!A>+*)zfbLHM)wQ99PGZ>J?v|rV)k@PoeSXa8tM+W5YFEaK=Wu(buhw)G*RLTc{of
zB)9%*o)_p1pH{us4;!%SRtWgoyeg2~_}8ks{zT~{;bV4|H>I_n-(zyQy4^I84E;#|
z3qG@}{^#ebl%JrjU1d}HUEsUkA6AA*rZxBe<Ub16CH+d{NmRNsEEL%#2hNG91S303
zACM%GyaXk0NL6=fDTzBQyzlYwZ^5f{SukgN@mL`8d{eYWdeNO9S$-nDw1!(2lB~ly
zXWBgvx+;C?ErZn1a4)8-A9ELCX%9Ro;%4$=HS-PywO13T&u)3}R3p_fRren7Vxc}u
ztj4wrIOP|-TZF3d!=1es2~mP}2StwcE{k)7>aoRD{R|;`RKhGVR3>3fGR=qXRAP70
zyd)AZ%&q#aCO{MK4=Tg_T%Py+%J6r9?|9oK!nKt5(5ORI8S|)&d7`_ggyrG~m3{W5
zewVud&~FPU77PlnN!}Y2UMhL7$b@fZi`Qg~kt6iaLeA-)<~JhH${E&VK`(O%#X<?+
z5p=NY4%~9Ej!d}k@O^u4CgX?3Qi)KTIzpn>P?tz36Ldl;ouvT9kC0xj$`?u8eQcJB
zc<UFuoy?^KM)+!6b)Aq2WGbXrUkdb*&`!M~;wM|hD%;J(-J;ZFAAMMzzc$(cZCHT=
zKMwVG5N>i);~o=2k0cV>I)VRA;(}`Z)i_sq?7&y-gaciK;2H-`3*m<jl#2RO-dTD_
zhCE4M<v?Gld-XG(gukumQ;r}0S{0{*#>A_E2?E|po{iJd5@;D9=JAio`|Ew+KIw~v
zP_am&>|d(#ad*Z6k~hCi=4;x4`-Ax{>*B<pgXd+?s5&cSwwQWaMlXqnk4dpYC+<u7
z04KURN|I;1xZjBo39NrkwugxZKm)czK>PSM0ss1O@;ms_V)(RxJZ`#E^*r~B5FR9;
z)koiaM;4G3o+99<&&2V35fYfKKl<j|D({r`cN0ll{4o(1PxM`6FC%V{LSW>WU`}T!
z5;I0I;t3<9Z_49!37nwn{qfuH2=o`w;&18_AR_SNWLy9_Ku(B8#3&)KSi~G*UUKZz
z$LqlB+$QNKp&JZ;(XTKXg}zbzE*0|x!)6ws@CjBu{)6u-PeuHaoe~L71*phv+~w&1
zy0nzG%0mh5*$Ij8wz7sqgYbQdm?s_<s^l&oSBwZ+JM)@=oF!GV!Q0fkT|`U0NW|Mi
z#cFv=$RMWw33Y!}IsejrI^2QoLMEx7Q-Xd^!dg*1NH3D=Y>_aZuV+8=occ9t{p#<Q
zQy&>XhDt;1Pnp{#evQ{+LV}_?lGl?|&~~vFP0L&2@2bk{U45QOo!$yNgkBDQOhY#A
zx5iGzcegeAsH~(l_G+G|tue#%Z<M;mn=!Z*Zh76KT4B9!h(J*l=0aB78r>s-ajj4k
zt+lK*PDkr3ZjJu2VDDBq8jDV#CsNW2TVq73dWc?>>O0U1ms92St<ckUUvGsWw)=Q1
zjI)10px$mWyA|@&e>I{N`o!h#tuQz4?%E2=;=azUuq94aFUj~-&sLaSL+aQHJ8QU~
zX5&Z=_v37wuR$YodrkkHY+R`+-^#|QTJ9U!m|V+Uk&U8SCES{#_J>_sV_zM)h^kb_
zy|xve*72`yg+X<9(*Qr)AbL3)iyKBSW}~9f_a9QY@kS@H&KIL+veEyg=qY;1OVOj*
zD0w-0ARB$Z8{M6a!tX`5Wn;_tVvk#6e6#3A%JWKeZ8lcC8eNf%;jcwYvQhq8bU`+T
zwun7!jr^9{h1R&yk{=f8lg*oMVD>1fYMyi73JS@{jEU9b?oW?J_nHWLNDYoeut@T)
zi(s_lpHD_m<kVMCSm`RzKZ{gW8o_zhxhjHHT3~4e$Fy*M1buX0w+JTaz9V5A)#F>k
z7;3sJBIxc9l!Z~?5A+LTyI;Q_!b!irJ%k}vd}Rm=tdYsJVgr1^xrg9AA`#lWo#dsz
z!;8R+`d$yRgJmA>9CoFLl%KlJi(=8U$;<Boc<ezhS()#}Fj-yV#T?nQoK(1zJ@nv?
zOC83|z#{#;d^P)$2L*bqm0pbYX!%}D^Jq^!nD5cbJy_}4RoxaZR1H^8iHqO2(BFmL
zB0pxbiuo72uuEoyx=$$DKz`-A_CUcs<;PqfrV8fsS}tDqwikZy?I8$x!ngDvKi}{#
zRcK8qGe|D-w+t4Q?FQ+1Wh=FSWZd-OreusTu!pg`KAdtI!wf8TvD-eZcdP3SjL}j@
z8Q7qi{S4uj#=058Y!AEcLz$0JnOl7tJ$2BhQU0?&jpAn*=5j+=X1t!<@5t{V2}J!`
z04=O8Ejgbb{R;Ysf$p!6IA9lFAu()hZ-xO<U~4n1mQ0Gd;$TN!!5xQt|0~2XjJwTn
zhXrmoLxF5uX@=8s;BqqzbQ-6dVZSqQvKg*Ajf2fFO9||6h6jpHCFH4U*K8cp*u|DO
zt`V<WuIuMpqS$*tc-j&N%+TsrFh1zs{tEU6*=ULhsRgfKaM;~38?(aJ(-wFXwobIb
zv52v%1(rnh!7XqnntnYC+hRs}7DlI7o3hX`)mV{*O{w~<EcCaH30XL4zr3d<cBWaw
zvM@1S?VN>SaqDVxl*Em5&5@U(?tcvzGOX3Fp-&B?^fm0Rp^kqI%WGP_U&E=IMz_~!
zMynTJ#faM0o>wuycKrG)D6jkT%Pn!Up1R=`VPbvtX)~dyq5I@3IMC3!y(N}5*2|jV
zMB~;IT4L%;wK`{GQ8VpvORQ<e=&7=1gP*m-%>Sj(o<IZWPZ{FESmCS0h#2W2jc6QF
zuuA+4m@8SETsY-m#1P75b&v}s&a`p`r=8w2iqJ)2M-*X^!sz*Bibi?vE8bo%p@*y8
zGrk2{2rs?Gk8!{MPrw$zA`sVAVm)LOvS_i4oy<E!79KH;VtU9g0V`zh4q4bH*L$|E
zZwjs7(r-Hn*Bi6BOTXXny7E<&Jre8V#1W?Mb7GVnEplSH?49BiF3N1IQ^<2_lv?Wa
zZgUD-_(gk3UEC<)TS7g;uuQNvFdPt!X$*rzl>pam(K_eAK*`?Vz#M5yQXc#Sgkw9X
z(+&LEm}+32p!PO!LohlUq{h<5d2v=U#(1&AVa)VlF0*Ks&v$0b@M4@|^zh-Z;=Ss{
za96z8ixX;?in*ums61Pf-$8iyx893R^b!Imog4@scT!~nE1kHIaQnAL;_(k8cHW8p
zj(?!=QwKZEy%zHLO^ls&;&>w5O=jbqLT~w|@U1oOOmO8;A_VTpI4OAV$;9c6`A+N>
z)uGg^lKn_VxfFgNql;smRE=f+4E#B8Ucx59UM}H+Fr=z2@@omHRgS^*fsBf^ix|d=
z)^;Woi<6~q<~z^FooV+K^g9kL73`r5<3wvd6XuCMrDysh72L*jyr2%1a89tEhy;x7
z<NRvXA<ve@vC4WuT_7V*v^U8(FIqQc;h~uK?A_(sN@1cv0Oyn#M&fST^wvINHXj5C
zaQ>S<Q4kgh`g%b)Ea(pe;err-W~}Oh!(^GytnY`a{7EXOB}^0DXF1F`R)u@a+ljjX
zY0?my&lm4i%WyXilWsZe^mbG5w|vNri;TNX_YSGF56=Pj+O=5FCu&$H@QWmmNxr^(
z)rRx@nJm;*!xp9=b(7drm%A}f4osl193AAw0B3)ZpO*4hxN+PSUFpVs*K>Sh-@8b|
zVzp;AM`#LuGtzDczgKKBvuOw&W!4TSt}|ltV`Xm_1%+}AV2A8|K*LC`=6pXRiURs$
zMJ5-hYfP+iv0@V|wE)H3)r{)~N_F*+feX65#=roNG26r;k2>7M46oJ6#CorN)4)ta
zn{Q%~q0v)ojH%D|XC+7v^k7&k*i#v1iq?82tPuM@J2niY0;&8cW<%w#cp-_&e^aH=
z(oO`32=Z$P_KEtj08Pf4D*`BRuqgp_W_m#YC9LMe0D3stf&hj(ePb!V(>E}H3Wbdi
z;DpXP1+dG~DD{}7(NmW!jpFZE8pU@Cd{N!6t;UEaMVu4^iTb}PypUx~aN#TWbQf_9
zyUc~IqIupWoNySY6%1wW%OpjaO<H=gY>spZi{!=9Gh=O*AWRUxGH#_164xK4;HF^Y
zr&0^JXQbk^XfIF2erd4K&lYaGj43IYp}J?M;FM}_O~EdApgcwB;<0AMu*c&Y9>Zd<
zF(8JnKDA>EH+)uk6vGVTY!n?$bAAki&0hl#OyfipWqx%-6h)R*9K{}spUNE(P=`d3
z7qp%d)(YB7A}EY#^w5&XQOCDrh=JWYjU)Xv0y+adrO)<bl`OdJ;Id#yLKe*9vY_YR
z$b$buKJIg{E>PEVRK{!SUKu~++vOJpeo(TL=;`Yu&dw@iY<DP|W$IsL6c>Z;jWV@$
zMlrwrE;z-Bhb)71!5BF>n&iK%-H@?So>w)lGr(<*#t5E#zInmA$XF*%<qHT*>n7tK
zd$Fn>>4|#yiDoq8LSU(&Zk1?~24?f6w_cp{=a&n@DIvu;pH8}DT{<QS>66mAE}4*y
zQKEV~4ckQHavIi2?$c?)1&47k4HKEVA&o$zRh)*|vN0`<X0tjh4ab~T$25N6`mT))
zih9<@9GA7j#%`Cf-o|iMou7)Qsx>YZlibEA8X|7BV=6XlR(T4pX~y{!6zS@=6pZk2
z1MT^q_`VqTKyfV{Q;p!wbX+jF<=sPr$4oMfoiSWB)kQJv^IH>X%=qIpekNNy^}MC_
zhzY|2YF<njAGqv(_I&DgN5bA~p>*;OSmI!3zCu@-6?{$K!vTJQOFi-xD%3#FKVX5o
z;g+v)$6agN*T~nRi@!!!kG20RjP&GF&iRH?^a+anEbnV<4YDPlU}f0a^%dqv*`iM{
zKE>Ml6=tMbM?b;TG`8RqtjJ)qKf#8Y)`3q53b9$AU`Ab|>??Gx=bQ2sHrF#oe}xhC
z)m~Je2G;E_F};Ct`Ab}DpdS1ZM;cmdzeHXmqvT6$ZKO{75+#kT!C&H7W25Jnn4kG#
z`B#|uobmJvR6M6%`2rW8w+?)PzD<m6Utm`gb=enK(bSsy1x`0L#(aUI7t(rvf$rZi
zI(~sY-%+o9j#V#Ohd#&I7mXdCW6n$J^3O5%Wo!E9*!!|E?sH84uHN@^T>Y-m`ExA$
zo__!Ln9$6)_Iq4yW*+@L7QbTb{yn<CYOeY{M)K>>AHQlWqG0n{+de^Ab7RIQSe|7R
z{vMCAtVzGeg%-xh-(z7*wfpZeDcid788&1a7e2$lR_eab@T8Ts>N8AiZ7li><*n7p
zpW#RwYrtp7d)?^v88*GH_V_0hf8V<KDfWHexcVuk{XpIIDMq|um41q4Zy1X|MbEbC
z=udH{t=0Wg3~CoY^$E_u8-DOLru_rk^fmVWIzruk_1D&wuhHdW9v<_tb>eF*|5%&y
zH8y>$J^2dzKGtYZocdU!F1`A(MxFWKV~skn+b0@z_@GZT>c+93XuJbI+2g6gV*Hlb
zHH!C^id_ov{VR(1l8Q$>INaqup<;@QuZ*u&z5CRvaro?-Y7pG{^BK`QSHew^9_lA~
zrzY2+c)k$nnfKaMkKrKr=ITYkb44T=5xc>!5&kl%?<?Ij^1bjaf?X`(lF&^|%CAbI
zsGek4E!cM$ri<1%Stu1RJtOCSAY|bWz#ohqI$^}nSsl9t^^#7oM&;JSqS47i498rh
z<Ah}Q^x&YQk1)|IOxMGmy;!AR6rP=Lsa5*}DoMyAf^|#8J;B~9VwgCn`h5UlK%T$f
z5$a<K{WC>)d8bMu(wL-TwfJ0xiiwh4tdb(^Dipef>8y|Z?KRPKyaBwS-jnd2aZn<G
z=v^sct6<OND?bw}*EB=_5-MTXDb`%Za8!yeXSgdJsgk4WD>crGcz;Ya&d7R6z3D^?
zlc0E!pzd*!j5j&t5LE&jb3}8S6SE|BixUeaa}&P+Q!S%-hq>N~RSD3USRZ&Ec;35R
zKvscJ{e2Bl2dHCEmQU2t5~)k8yM(=heUGC=ekJR2QN1b(Wr;RP>eu9RWfDo}aS})R
zy(E&(_Ct|0HQ#1lC92m&Ve_}2ix79V04w|(yrcd?XdnM?NaKA}c`2pZ*G-VhnCQj|
z@wqZLCP?;lH>Nsz2>mr-4!iI-ee}0&oSxty%2WrY33?9)7Vz_}gT;Sa=D;9ne&ssd
zyDNn&tdkcjT|derO|2S7JvgnJPdvD*>W@6=;%*CUch^1dMQ2Uj??qp&<~lD*HFchs
z=zV;+7Z><m!T|ke$Gy0ycN42|B=4JOFDK#Q_$()3o>TO~&eE$7Wn7Y?)V;-y6yjTh
zW&OU4@$&krapG$DZW$r(_SN6i?jO7h+}!MFx0~owV6_|FMSZOs>llyO#P8c0EBgrS
z&X)CM)LOD$;>Hw(C(cxe8DP3wBe1)`J+bn8|1n|Eq~>`rPB8B4G-K7VIyQ+`7adnc
z<0(HlsNU1i*<oDQu-2ij)i91(Gc>GW#$*lMWwnonOR{y>jc!hRt{Vl;hgJK2#ljaH
zo8<{^QntMXZ|78u67;UAgaeczseBXhUJ5Z9^FazuI*dCh1hCcPDLBK7y(yR=t7}rw
z&uI~GD|Q+MDY)ZQ2c_VcVm;<wRg60^Y;mdgqFAC@r=vKk8pono=r+1Wuv#<r6MWOz
zvM6Th-Z@b$)qhD0$-^PrX%B~NJG>mSm3!l(BN$=^hDR{n<X6Jbc>9s?eeh+Yg_1fV
zj9w07Q5d@%>gF((vB;1J5dfnwjM1{TDva~8u_KIW&d*CDIH;uW595q$q_i<AJl6K;
z&y3;L!YfsKE@np^D+RS%Lb46gsTB-r@Q0##L&Ijto~&b|qo=UkBOKDg(>=JM?Rj>7
zaXDHkuXKW2rv;l}7<JZKSvV$MeHI7C@HOzYy3m21f;!xRZGug7t6Vt#jXdTuqCn8Q
za8hfJlu;&Ht7YNHx6Ao|Bg4XZLTEL^L9ymqMtnZHp5bXC^WVw)Vq!1Dy;($SWuu6H
z&B)`X2@OdeZ51+ZahI~e3nGo}j2rxV=-@Gab#(ixXIm%yK<nc*Ocjig8qNsnIycse
z)=W21eq#!E@XUsikdTbY+<eUF=EiA<dRs*iODCbegI!D7ke(9~o0n`#Q~cK0lS!PO
z4b8+h2OHZIhaJY2Oe~k#;7sgOj3X3Q+3-x_aK^Bv=%Lr`(iCGo#)Bp}>Cr2iV7b>g
z*9852fx}I3*q6F26MGD6Lng{hV@DH=^Xu!H;E~@bq5PIUrwMumQVW{kZonAX1gnE;
zw<hQqG9EsUEus3$n__0zxcNLTgsscZV|~Op{X7Ol^;yqjQ`8v!JbK2=?$4tjrq0U5
zxfEkjCibV+K9h-SjWw#_!^RqYMfXgNYCbq~Yt?+LpTOiQje{nE;}U+!j!O8#BxT)C
z;M)l!guo^Vg~GY&J_`L?sFY!kSaSs<bsJs9@ZkTk?|+V$ftNj3MYL(gU6OlFiRdqw
z+}yxZ&bM+XxJvL`;wDHop%lSGuX!kVxpAF`dU}LN!KtE$(8vM~Lw1Os6C#fBOR*B=
zSBP(#kFxN2WA409@ZHVAV?n=>MNbbC#<akA$#*3SMbaQ)L<{s`X&18i8Hs&a7$~bd
zvyd;FtFv%dHcPY6(`hcv!da)ekYb$X{4DHN^f_5Lp_qkPSmyFh&cbGwIVlT!RO?c6
z%=EHN%`wGLhP6PkVV!M`@uqd6IeJ>GtU1Po*!t!e7U8KABi3Qc8MSsc$K({YwmBx)
z*1qN_NVB#y$G|vS-5mKf*-9$24qHyo)(g>7CH1WN%`v0CGLgddttHJdu^}s_w`8&+
zD&cu+LKYT0Z}z8eX`=Va!q_Hek1RZBqIb?h_oimYEW*~K1bVphi=ju&G3rJ0T5~*l
zaR`rE`<g~|-|?D8H9hj0Mm4?gnnv}y^_oU?$!o4rUHUZFs4gR#YxK^7<{G`TsQIqy
zwW|L}FTW}@No?%#^~paOlR2z2=ExW*s-0v!5v?l>qa=G9Ll1{Kh6#flhsAH}XAi<a
z*t<|bor3E1pJ)A3c`9)#Dav=N@yvgW6B;I**%}We{7&5^VYy(Ha=K{~>Fg%H{+RD=
zsZ%83Nn%|r`CO`CAq_}tJCh$KP$vmOzEJB~9O+H$qjeG|i5MeB{?mH25MD+jppjAT
zz~|~32epee+ks<(J<dVnwb50+E&crp2SM#j3ZIckJ_}c+;r|^t>P?|l<-4yq>D_Cc
z+}fqkiGzaC#fbt@-7llNL}DJ3BzqF~1^WH#PONieUUMR!srj-nnVl4${dQl~+NW|$
zpzmm1wMI9P@(dKc(<*W979nBG;JaTBE$!L$@j)ZLX!*vh`Zz3@r|RLPm^Gt5fi?3)
zJpyZ4)9T~A!#q|GkC}d?9wy15t@UU=vH|tbTQxV=!wz?(cRh6Vu}5{0Z)Ojvj~#xa
zXFaS7um^RqKV)sJhsz;zK|NdwzxtTUjF?mE(Y$;0VLhCVng#W6BGtHE7hB@&W?ihQ
zX<V&~qS~ySe(P%VmSuG{D!Ht#My2hkt5Kd4bu~&YuX``4_u}{?@W+;=PCO8dM=~~w
z%{n_#CfU1XoRi9v``saME0exr^qfTE%fC@ViMUFrP8&!e8d67yB?*BQB0>8VRcTsc
zT~29)TCuA4ai8bv6bBj=2umF_YSjW78-h91fjh#PZ|pt6apNf=Wrc(%LSQ0aLai>-
z!f$}zs0&1V85kjw;$I>B-FN-Zl;KIN!<zF%yxy@|=4*-l$e;WXpT(;Fr=b{klT@g@
zi=pyvJ!^}KU-lJFs-(eFW~ewUazo3@QfLzqE{C~TMTO%rPrfdz3spRn%~>k?IumEP
z5_6MpBtAD)pdqD>6NKT<&dvWUoqsDohjB%Su9pZ+_@_%4mF%By*Y`h~SEM^n3Tl6D
zfSXbwp^s=C;%1@N0d9<A?US%8VIh7|EUlJfA<BPQr2LUBBD#p7QcjeAU72QY7S%2e
z>=h$tIq5d&`7TmugM@r3FDVDp)$gEwrG3?S;rGE^VGI?#T_Wfxrko04v#3#czxW!z
z(&9A=4sm$ThcU^)y_h=mYhm1X@XLx;$^pWs*JNXNh@<HFAq-VgCx@^~QHO=F-Ze+0
z<StsnqahS&+%?ZVJ+w58LXTP=!d;I(DT2}7v}q9x@&ylsaLgAtA3~oHqc;u=F?x1b
zXlZh6*7{(wV*?QqxdFkkF3t(U7B|WiR_w+&R|9@wk85T!Z^m=pfiga|ddi&F^`}WC
zc>D4tMYFd|t$Cr^jy2H8TP&fqS|s65UXtTIgq`2K4=(^OsKXfAs6!Zj=IzRe?OXqY
zz4r`{<G8YhPj#5->6xDC8uaABV2}uaAOTRMWQn9?1(LF@U1e(>6(}m%3bxnlwf(KV
z%sGQ#0yDt?Qp`E$oO8}OgE@iZduuQN$=x;W_3rcj`Q9JEQ&U~t)m`D<bE<CLdqcrZ
z7A4_ZEDfufrwzWgMmf-r1&2G(QnE%m&`19F@eY(LzA+BmSFCb}ph+zq*rlo0H0;-^
z?6my(8e!6J0(&Gv?cQAywz4_Zee|SjDTo7cqmzX1M$a<*wA#)vrOGCwwS<PzV+`+A
zkHv68b$MtI{4Ow7roPTDB~g-CNl0E7_AeHV;-4C0L`WVZVT?7p`nvg^vs74zyfs+t
zvivDo7Y&aWTxAm8$!;g%_tkafBsP&<eT1osN7y$rjRx;Z=IJfWtFp_5h53rd<W%lE
zXquk*{Y_zO)+>NRENzmXCiHRfV~dhD$B!xMHzI9|9`oal?e~-(rlpPYqr~B*^kRo+
zk019OSu6bL;|yQ%<C-&EA>1IImc;WszGd_XbCYnH*wW8S{pjT{Nxp+G;Y!^@im8~T
zEtN2pEq}OQm52?I`yt-0dcRDJ7kfWU>ukd`;n9V-OOviP3{twV?lz23|5)7*1XCMn
zTNr*3*d&bTl6LXYAGqfTTN`VZf|*S3qu`VrA$i<d`C;<DgpF4l8Nbv?D*ww!sT#`&
zS>i5{P<Xd`476ljnEzreOkw^twdg(6%34@1|M*TV%v3xhbBI%9->QWhj>xK7*sn)!
z)WR}nWQB0dVP30+c1G%zT7*8GeR8mehnLktx0KWcwTL_Tmej%?-+GxIaU&95R14>$
zha~zjH=a6=o?T0=sD*j8IzO@pw1*hL9@}>gYUpV{R+Dd_7Env<4b}TobzT%SH0jS<
zECPD<Rm7=C&saO=*#3~bE}q+&x!OyZ&fIMYqcb<%a-MxuCAUIqEyUtT>>bANCh(@S
zH)B8jt~ewkb`mErbuMF5*?+Jx48O>GD|pW_P)Y7}2T1`OXX~oRcV3Hnn`~mFuCrmL
zWUaB`sPqyMn@O^^O873fR@ksz>0cuo+zFdX=Rghb?6+6T)I$BccrI}^sjbZJN)X#=
zW0-CI^Ym6}%b&+)7N7q-Dw#h0c}$hEC%=GW5+B%@U}JVkV{DZ}_ZySq%I?`1N0eBb
z=W$w%-D-?3c27lP47A73HO3yh_xAJXrp4wq#xcz^qcN^%*&`ccf+I}%#~rcZjj>#h
z4Q-76M(jo-^m7~2U%)Q6HuVK`^~BCM!eOs>@e62anG;{YW}mh81swN<*S~=2e&_5L
z*yd0VdFu;kn`&-;0UhJv_Kh$;uC;1JeV<v`5S!CQq4Lb&w=ZC0raJQl%*;|ZzJSX)
zKVM4K<Z1(7z@gl5#~0ALwue4%KyBBlMi^DwceD{s)*c}ZZp1nlnl~F_OrhGp5n30i
z$DhZbBH!Ic*j5yq-3aCNyfYhNUcKxwjc}u0nDQq)6&uwE)9S}AQ%?ObJ#<2YSY=~W
zG!W@APsi>w#)_v0s=%R!L2AF74U5%>>%C<P8>sv)H24GR2lLkZ)B}Nv_i>7aPrr{c
zIXLknEV4&MG!VPl>m&5je3c(!hh}X15O*BB(}!55+pc_ogL-(~hZyFJ_WBULUC|C7
z;;Ioj@G-Tk_fm6AHhrg?V=))$b3FgV$C&2Tr#5HDtXRk9SmFzIYmS9}=ZNN{(lXAs
zz~z9yWpgYF@;x8nTF`ssBlHfLOIu)On4kFw+rs+Fk8m^c$;FSbG&QySGn`8`)_;!q
zF;CfNXc_m8_ze5fHA>IQ%%AcZ9%SkRKVzji+L{(<mzRIP1vcdAJ6f<owO^%Yw#@%?
z-_Nk3j^|Vh^eph6Xn}Ku8m0Hw%b))V%AV2>v|!Wg|C~zBYT)enDQ-4!w)qsr4Wktw
zV0EM5;*T-0v3JMEX#IT7pigo7`QWwYSownYY;z2I(RY%*{Uwp!_fmdkbBughAJ?4S
zdRe>hDY`a^4F42Yn|S+uip|Y@C7)v6_cTh6{6YT6PjT)Cdbdy6yw{@_Kftcne+O)M
z!`kuz&b?vG{{Vg7^iKZ(qu=y>`vEH6d}VHPOnWP|>m%%cOI!UBX1$#<<^$~bVanVV
zSo>2~|Ie`Vr>@N{aPz0GjV;jTXRcK(aPa4msV#8(=b@7yp!fR)dp^L1_ah@d!0GqT
zXe6&c)0cnF_I-9ieH4EYcy3L<TC>b!^{|nJhZl(r%}zz=DW$b4B9#}vU5G=Hez_1c
zWqzhER>|4>>tdV|yH$X5N^EOg>{4Tk3rRuM9$h4Sg4`%Te}_4{5K|ob_(H65n0*Sd
z%Td(25cl=aodSYIO=lEgxG{%yuZO+v@69X1Y%}Fv5pJ8Y6$RMEW6KIK%Ntu#fSxI_
zMFlvM5?fG!rB-ZS0ZM(bIR&WnnVXA9lND?&!d-u@2Spegj?F4S`$%j?0S-lC(+V&n
z>YG@AZBb)%0S-rVXBA;cYV3Ml97zpRx>qcAwJvVPoJWeVIZazsgac`LONy{J-jJ@2
zOOIWyiw+t71w}ZO;h$54bD6E!uDUp%wUL@~Zrvb#$JV-|tKyfD0$of3a<Novc@g@_
z;fY1qAiMh(VV|7Vy$JW^czb%JqTes17UM$;QK@7PF2rs%*1u4Axvr$Pvd78_F-Ci8
zauG^(o!V!Vo_)3u9i5>Qg;?p#rko|N^!-JcW7O*K6vn!ZZuPLx?dwqwEj`}3^l=`e
zPd!p=nFH#f*wiQ2!)Y@xwI14Xb5=d{;YIW7VQ3(BtPqof`q6qg6Z9Rghc=<SGh*p0
zv-MNx7>OMz#K}nP5cO9ycAyZeQ)BxIF*g?5S%`bF*Qw0OwAhwHl*hxAJ{XU!FU0)x
z*s4NI$cQa1#K_E8aUuF-#TFEzeRhn-z?$rLsN}3#vF?SqQ%l@6DJM3q5La?UdQ5I?
zVj<4viuBODSa~59<PE3cd9WZz9de@}NZ;PQa78s{{iLN7niaxqDYQLA?JVptD`f3#
z2*VWb#Sm^NDZ4|cv>EdVw%cP%LfC5$EeMg!*C;*0GUm{KpRqH9OFqxm5LWmzmW9wE
z6g(fo&`^-_XNBH<$j_^`)zW7&aj2_m9rp9-?6?i5CFe;S!Iz2BX&XvxRW`s|*c$=j
z5(AjtllTLRUk+ltWSkGu+ZG)U;;^jE3e($~Gs0-8q|6Cpw&JI6*{EofLb#|z#)Z&H
z)lP)aS2YfYFj7s~7{XHZr}INtXn*ZyNVv(U4B?!nm4<OkGunpH&XF=Qj55bhJB4w=
z9k~_8UQeiR1Xn%U1FFT;?u60NbdQgqulc>U5ll*n&I{vaib*9GS%E`A+_B72^zFXD
z-XMWP?M4{0{Mt3T>MyR2O;;zuPYZh5@UgIqxy-DAHguM>p*HlE>XzBCOo<#;aZtHb
z#b>?0S4Z0jX6%s1+Av%lSdH0If0x!(#WEJYpx_!4=_OM5oI<R1Wev6ngD7UUMjYiC
zm1zH3i657#z=(&~Uts3Iw-SCF>LKAbo02$orGhO2kh0bCuvalueRbl?Xk*J6^fDIN
zB0WT;f!f!bVXkIfe-%eHeaNdgue~(rRV;I8lylIbk7$MphcUPr;pm@tX@&_-y@JX+
zjdRVg%K75{W?1ObcQq5C!L~NTZdZfFlw*8D_ik~A_P&CF9-Y!<p7@Ses0$*LZe@Bm
zzk)@kXG|09GWB(@;D{NY{|ZiX@3>cRhsXQBf|cG-@hj+&qIZ7<15#e<^a?6cd~|P5
zOTYRm23qmsui~QhD&;KjY3-X~h0ocl89^6kWmDYr3Ag`U{rc&qDE9}CHN_IYv85?C
z`s;0KiVcC(#Z6HX40LINZ-bfFUcr`7ctum33&qzp!S=9kUNf8t>oc3-YB)Zn8P-Hn
zZ#G4*Xkd6#jE!b?Yl;D>saKkkqznvgid(6fcblMdT4-idOiR;mG{K5A<8l*hO?&N7
z6Fi8=_clRUdU$P9EKHBDY=V&)=8h(qmJ#3F1nn|Y=h6FQ2HH2l@yyIaui#2nsJIE1
zW&eV{Yice1+h&+wD?X+figQA9sXcQ{%D<Ttn*A!~<%$+wmKSRK3R=|`JvF|zxAiMn
zP&?l86<n<?+Ie8U_twkUo$u-21Qq#u#ml&pA3yRkTGjO)dKtxa;|E^Gp}L{nFJoFk
zXxq!EEYLT;jP`|3t$7*eUkXz1w0${9_YQjbZqjE~B!O>T>xI>IU=j^KW~>)hhPRVr
z?YjxbEq^X`pobJ5;J{hQ)7gQJvUOLSZ1V^+R5^vN?pDJmGz_qLc50YqGnQ&tZo84>
zH2!RrsOF0!rSamdL6~^q7`fVK>~jg%!Fr`#Fz!3_U-Fe`m>}hqY1k}>Z`p})`Fd%X
zqhuFr*s6wzL!3*7i5B<&u%UmA18+7HCbXXE4s2(h+YVw8`cwyQusHGazGAuLo)n|k
zUL}XxJ4iPDNw`PJ>*&BDH8j+LVq1vV{6#HDceZ!*uHiNMbJ<kU`$MX^Lm?`d@bIpS
zx02GX*>P72-LRul4qma7!n3y6QKs?=J7%c6rE0k<j%2P^yd#Cs_{rbY=Kq?End@uC
zv6lrenHZx4FPK=Q<R3FJS=FX;%vKxE;;67`6FF|#8c*g}sD);jxT%GvnV8{-594^?
z(8h6e(DT0KnB>$(bIfw)jpaD%dX=uOGPE+f>efbZ^l)!a+G;$VtlQgKr?&K6b)c6L
zx$MAX<p-x6SfFY{b*xYumg!V?WPyW7%i@}~k#sZ%n#V4S@6w3z4wO=ed`*yI*JZ4$
zve>NBE4L)iH5DD?8|;QkEf%653xwnGzjkeo<hiY2wKSLARZy;k=*Lo}>RMn5^IR9}
zCrxjPjXvLXVUSRLe*N#f_M~%hfw9bUUcxNa^rA43^_>^{O@B*$PdaD+r2Fn9>|8rZ
ze{QK@A~8srMsxDo6WirU_dTJlpLC!9-;4(gotSZtVJ_p8UiYwFp7ae*@FVc|_R-({
z?SJoBdcrgRZ-0Y@Ujo16)R-q(gc`GzFp5pAtyGzKx`zmpXy+iYtQ;98<AU_V<eG*!
zyQ>{wsI|TtYeW*hyS)PxEModZg@$x^iGsOOne?|^H<Pl_ds^57Rju)8QF{|)HmF)V
zs-3b<oYD<$P_a?!lav{y{Uz320u}!QpB%?I#wW&cSyo5HG1x8~3J!IIw#6~q5nLX}
zX2&6_Vv;k|Ed%SFo-P@<>-^#TI6LCfI#Jr?tV~C5BXA)dla1j13|uy>Y3XR=iOq^*
zfT^9$z!_6Joq?|WS-N_ZTT|m$?6sz(6H-(uXHkm&Ej__9%HvpVr7p`rr4_nDY2O=^
zp6Cx%#Ief%4KOpHwaQ@agS;$`qd~KO99M#&PH{{Kh4!Rjb~vS92JVMLyV8hUgm$Fi
zLF8w^zGz0<OcB<!R~!q{T=a!&(p>a~JJOa=WAx3`$7Zr&ndYNh^`)dN_FvbiW&Ptc
zw3kYm@K>rI)-XvnmS|Wle>PP^chx^x!%5XYQNu!;|62{)Z4cMC|CC&da}Tzt$9y9!
z+?LET3#VnRvxWYOI@!Vw#lJ8GL)3gqm)N`=EnK$wZ>C_Fz3%B09MDqdr(mQbx4VUt
zjv$q3=k|9@L8-ePJ$aaEcD1nAOc`yV%<FHTg3Dgt?G&_6SyLnPSF(n^rDb7kmO8Wk
zVd98Z*Dx+9UsBe2RqGr^rK-0MqrJ_#8bU9-emR6vyLBmq<C>os!yR$NYLg?SFBK%M
z7D8J+Ha3Kly49Jef-}4-jAEBLER6Lob3_=&T!FGMP8n8vq8x6kBT*esa0L+wk2x@m
zDW*9njMZjfNElnV)i#8lUX`9a(`$7P;d&xnnqqYg;b_X+^nyDr|CA8UTNP^cSQpNN
z#xm;~!+iExGOvmfTdiemmwujHLl&+NNlxChV<+RQ>@@Mk(U}f%tcM+=<WoxZ8Y9uL
zcddR3K0jE^{lcJu_Kowdj6aHV#;s)MZ5dtVw$<}BJz;|u>8@Y|^L18mgqd9x++tsh
zq_lLTrrq5MH(mjnWM9vyzPH6o<{1NT9g}*yF<pKExFR>`=0<<j+0TuYs(+9heQYY_
z%(eMX8R%>GpD=L5t{*mV&K}=lV7TU5Z(zEn-Z!vU^N%nv$dM}24*xKNsKuSCb%KTs
z^n-SM{JpDoVX3s=j<w9%V8=vBUuP$tXsxk}p}b0jyth`^(OdCT$+61W>Ncog&3a3V
zvd~{Pj%U+LhAw7ev66Bo6Wf%`J()y+{{h4q-<_L<**5<|nq7A1?rf~F2li$Y@$t{k
z#43k>F6Hayh-}=~d0960Ijzyz!lsMv8f*AxXQJ4x&&U#6Rns!D$6bGXCYF2rcQP>C
z^xw)rf37{qLK!z(Wn((eYft}E{5LYt%kp0%S>iv!ZfB!y&^VZdUO|40iiV8SSy&L#
zE@WYGIJi6uyTg1<77j=Ll}av(sZ`m?nEy%!#-@q%rZj&=22P|+tFa{tJZ<(=(bT#u
z&Z@6xy~UC9F*S0w$|r?&SokXZBH72k0e<6OBHS>1QPc1LIj>e?8C`3w;MY27lOfDH
zmM~~NBK9Cdhr}M_uIe!oPxyVQT_NM=`b8O&m}i49!%f{Jwm<I+?kjB3uCh?Mi@H*u
z@4^E~9C=x+cxSjU(56wkm6pH7CG6-YxL60>f6j?RPS<!B&N*kXN9EiH|Dbm95R|fL
z;PsRAVQy@Zaw%uF93ALJTjfhi_f>y<-i=GDx!a8gs<qLLi#9*y6x)sUZW@-JA#Rjw
zukLlDhr>UDp5Ra^z0<KaIcNQCnYC8<q-ZXpO<3zCbeF2)6PLclUd1IEbC+auA%SL@
zFXpIJ{^=0GYx@J%$BXIC{OcTdoca;Y#uysq+;`_+<yh^}&u})CyDk&@7Qx4=HzE?e
z>2=`sA6~X$B-1VlXHDig8^Jznzu0&1Q_gxxyC7UPnR{)*EB0<14#|GXxh|I`v3Ts+
zY3!6rTG2eA;x4mRs#qbXELX8xF01Aw|3#U_i89;d@<+?;N|f1=C^M53v79np#Tt2J
zO_`^svEwSPGX1EEd(2v<VxF9`gp{>BzPd~_8U8G-weaE~&i#y)3Wv(rCB2=vzLquC
zPo(0j{;YLOcuY8!Dr^e3q>_*^Hl<>TY;B;lQq(er<BGK~72DOK`>AMav*xGbysfA*
z6@%>7+*BGkAJY^1JFGjYSnaUJr(%NsbIK`p8s(`N=CsD7;<zi?ClxIXtA8r`82?Ul
z!kyAL6&=kf65Tb&OSH8-MW^J|lxXi%Y_k4Mq<zsgshHsx`KSC*VNMziQMxQ@33Jlu
zcPL#M9aXcxNdlh!tV0SqO2YcROtuavG%iV>_ff2U3Q4O^tLKa0bowqC|7OjVF^yTX
zWmK}zOc^E84wjVZ!lcHWAme#qmfJ>h68Y;c&3uT#guk62p|+VUo$%T*X3mhQOO7Pp
z$6qIPzJzyE=L$2BXBSG?#%lKYP2y>wKa+&UaOIOno|iI9Cd`&TM;4ZD#4|ffhidji
zg^m$Bp<|hQl0>zZ*XWI^_!#CzHx@8{%8izid050t;d|V~-t_|pS}WEv1LGAw-ylh>
z_c5?VweGlZLFFf1m}1jcyU@pOO><$gJ$}WB&Gu;tAGW10v1hQ6D%!}5fhLAXBDmWo
z$urZ$2$?T1X>@y*n*@X7yG@K%yGeUEn`WP=KX#V-fB6|@iD%47JY#X<8LJY{*hq9+
zi61pFfu2EgeXf0${`h`l{e<o|dphtf<DDG1#LPv6!6ZIfLnm49sNuY9ky`7h#Mav}
zT6v)SZ@vGMdDs&<+TY2;I<lnWBW;>+=by6D#0jR4HwkuV1L$oft(Qr{AlTK!N?Gf~
zaa`68nA8CA4jhXV|8Wy7)vQA%k<8SSCMs<zweNL3*1^PDXVx7LE;@x-=vpIVD93rj
zU&7JaT?kBZKh=ffqQ|w_#2wF>nlV}@;b%~5sp3c0eIiawuT%(ViRs!$5)<`+6rwqL
zLmDjob*}$}_WEzv^Y?Q6CtOQO=;M@L5?;u?!tm*0_T>C0eNQA`$blc5Yi0b#9516a
zYdA=p%orv8?_95y@ZY14w3D*QYH7zfIjyZ7B}#5<J5Jall+)5)?dzvj!faX}W~V`v
zb<ak!C9Rc!g1HZDIBJVf&OO`zKg#~?Z5Fu1JXeLu-Jh?^7%7J+JzxIIbM$Cpj$Tj9
z(b0)Hy8Zv&9Q}Xq^Z(xGfAT(0l$TeS=Z1_{(w}e17%hh=z36XQi_1xvdYXG|_${Al
zBY@?dZX>)Jo=ebN?!ac#4`qt<-!E$=&Omudsg7V?lDN~^hlzY6;rGtDkm2iJRDV}6
zVQ=Onfcb%U55xaw>=I1v->b?8bpo6D+P|azzg3t2ha_AGbaN6GbCx*?G&n~%#inbe
zj$4v{qfUUmh|)KdoLf4&*~05}?6dv(zK%WioI5&^U?1JPUjJ8A`JiqqwP(*SF2XJr
znOhI1ByC|4hRA$KA$H2~L50FQ?W#iTP~s~JF+k<Q<Ux%uEJTTo&nd(PTYOd_I@|e-
zB5bh7i;K`p<5LT<Sc^|CL<fgDzK{Ss?<Wi*;w6Pxqx*{sG0N%RT8J(#|K>tmbotBa
znTCH%A*Q?iqYBZ_;~!awtDextLX1dJ=N4f`iZQ<kXDwrQ5f1xXN)<(z8rJAX-)R2+
zBJ7Xq8;jV|n6a}6J>xB<i$yq^snL&(+4*~m(5IHZvWRWZ@vkpLyW0L<g_u>~T3&=@
z1+Jw<*i_I)ejHDE61LiAXNh{EUs8|OO{}xz?o!Z>aZ>UVnR!Ln-RJI5aDvdVu)a4d
zh)l~@YsRdJR!p2-vDPt^uuqd~LBhmxw4^Vz;k*<YE*!83Pkggg&lVe2seO|5?UP>g
zx6BcS#&>HGdwTUm4tmMf;T&v|&22dtqxd)GV2!Hot&MxCw`Crd+AK<!+4VI!Xs!7t
z=U}%M-d`JI9mek3SnqHy&q06P985X7b7*ZG*L`KRaa)g-*A{_&y4J>GLv39fTMey$
zE>0R+aW2NVv%BY_gD0g`E~a_vp3OmDu2Y#|+;<=sGq`ay7q_`{doFr;Gbw+%*E*An
zBVO}jE{gsBMLC!pP)loLVZd0PhckgUyVu5?ptUp)cZ24dJRA*Ki}O$()<k~TSec7`
zVRK0?u7>^dbI~bMcT6r8My-9h7?>K~l#A)9u?@M{o|<|*7nf6G>vGX279Np{iLuz=
zT=Yz{_T-{-+*(L=#jV|W=$z%hQ47bj{Bv_KGFzRIgR$9b)MVdOo#pit2^yVPKPm0Q
zSZ9{l_E#?(__2Q85D`>v7?>`le`}zNtQ|ElRQ3|*nXWY3ZQ#D5-6H0r`X?IbZ%esv
zV3kd8=f*Lc$nR&@D-F!Bi}WtLe#gKAdx+Bgwci3=9pP~XO#|b&!S*?`TN1HyEuvwt
z$Zc$Qv-R%B)_<S0$Mi((|Ac)j{n@vP-gahBCx6!ijn7YwjyC*0r?Xh5(A(Mw+Xk+y
zD3$_8RD3H(+uN{1b<x!$YR&oWC&^d++4ssttnB}B9p%h(LBed-^pb?(l8@3eAJ*~s
zcSI6C7~gBDU@PN?WI|EiBQo`4N9nJ(*I#(nJy|?!f8tpO#k1NapVd5p>jGO`_@&<7
zMOrej)ro7&Sm2~K2()scLeh6RaYq_s1BN@Sc?M=VGKLt~<M8(uj*2q|87S8M9Szcq
zL88pvoWV;j8Wq9gE-Y|%tX^+13iLJ%&jwoHjo0ws%rhZ&3QC!`Em08RwN>oFWU9*~
zyx5wp5dJj#*2t@HLdX4VzeH`~-7DcD(<ps|{h<b%it|(X?Nxju7JaU>=w$_)C2g>Z
zp0ZY|qQ5-wp)X8vJ~@9a!_V4OuT3<2Dt)6vn6|HXP>YJS^E;Ax!hxl-@00^QmFPJK
z<}2DUhcJhwbbGshyaR*mbtX7a><FH5V7#Mx4b#9Uz$Yma8Gc{m8?(xG+xd@p`sw7l
zhB*4Kbr4fWqfT3tTqa4Zb0uv3jRi8^)yK+s-|Qsg>-;+s2C!w--%uyP=|fX&_)7SM
zTO`G%*|1O!O|oH^ERN|MS5sEoa8qr?lDb^1>p0Fbyk>17g>Ecm__CP&)iL~}Im98t
zG9G5m<KpngsA@ac;|klY-~-?TKKBcBU}m3RqmATi^92S;{Nm?WBc+`DoS3M8&*xYx
z^QoU>oWjR`j-v|i`#F}VyzA$rH~5{;h=A~l&xAMpgP)<5W^Mlr%Qe3AGfZ*td7sf3
z<zqj^KHVDmDF!=vhfmSj#an-hH7<Vg6HGL+Z?r%glV5Iu_S`q(3rzKTdwzjoDc0H+
z!hCUd3v9Hsk}t5+qS-vi=Nr-j^L@^)EpW`Iw{C$8KKF%>G1Sk`eT@Bn-<FRtFTneL
zjMhQDqB$M}t)0zL8cLts9A%O0i(leOgirbsi=x`HFL65>oAM>Dr}~b5$>zn<&VGrC
zxH;iV3{THE|0Q;$^R8cFXohy>m)M?>-u+8#%k;JVlAX>hA#H!JmOipM`!+}K-ki<M
z=}BF=GEbe{f>q|J9lv0!YJ0~w$I;q)`{tOG|1_nq=4;nJ!rlCX!rOL1WZEy$uh2XB
zYm^uA#oypip{MK{lonaDzsBAo&#JF6q+V>_*XaG!aJJ`HY}Rw$MPFgfb9~QNc<`L3
z*VmZWkgxg*cN==fe}zSjVh6v%w8q2PmS3^%O?t8;zrv8F;%MXTSAC1VK)>&Wcm5Jn
zzQ<R6fqUQcZ2AIozRxdyfy>|bwfqHk{2<if7g+z=P`2@xY{0wb@n4|)U4G^lIQp*h
z;x91bhrX7-MEQFL4UbFj8LfYfwja4he}$eOxu{bHedO=k98*8aIQtO}e&ia`9A`h;
z?s;r&Oq}bkI@}d#BX(?JTWuI5TX$`2vV8gxKN|*9;%d%gu{oYofAWa$uKa|Lw+#BO
z?##bQtTATnk+7TjR|q*nz<;o0&66-iYVyQ!|BvkD&#X=+0qa0p6O$!RcauP`r`SXX
zIjz5m%km-HU=uxD{+k{gaH*9ZHrb;c^kBV5-RWUlJfqlS-<Qg~i3MA&gt0ecz}IPm
z*<)BR0-CS%r}a~CQv~doEo&tT7Rz5Ex$akGFZpaKi9+VQC#-nB1N4@j?WJI^<Rngh
zLdqe9FF)Hs!FJhsCUFieorUl=@V2&6W<U8*9Edcg$XLZXNROVCC&&l-3-?zsUe+e4
zm?jTM>K;;R;_x*;_AXlJ8{fqW#+Sc~c9K5zU7VJz!S7Oyy!c)0mGxHd5;w8VzayL?
z9DN6qRDJV1=xwv+y@Q!HKII+UvFStK!2!F~`5h7gyyZJsq3IXjCg^DGd7Gdk-}E+m
z>-vJXNljT}-^KtZAM!T#JN2$_W0A|c`4*13_=UGf9O(PrLNB+q@-578^Z9R~(yfns
z3x_;b$y-89ba@L~O#Swon9i-^Z(=v+d*8$juQmHk3{2q@-^6Uo>iQ=3TfFs~7~|6`
z-au!+weJl~^z$um;I?01^al0^tZ{FkWsnbj151K>*EdiWvTnYP)ggZVb@U4BdtS%2
zu(kYk^pEg4uj5!m@AwZ`8MUsyhO<$A@iojy)wjQf{xNIOYnUJ7b6>-bG^^)pxShtk
zyoR3X){!4za(Zmd_wXQxFZ>?X=IXt^hf#Uf(O0n~kKb>G`+552X4q5Pn%NB3Yx6P9
zFehKHXo^8~tSL<~zfNpS6LhJ|r+p9W>Kc`=qO>43^Ht0#_z6&4$OkpUrb2xm6)%dl
zYl>4vyjL@ftf#MRii&!%Jx$R4slyq`F>tjimL(tGm<Spl-WYu)y<cOTm3X(tD3{GP
zjnPTrw;N%Fl6I*PrmOr!BhpA|`x@b-jc;j$;r8gNM(CjN1&y#wi%x5VatAMOgyW9r
z&_-CR^O8nr=Ztn~gmX^bsu3o-qBk3&kHIfA#3mzptfA=2Jq>Z$9o^IryF7eFLku*d
z^BSTh=TjPD8IO)>h;lC<+z=<c(c*^Kmcl#H6D<AUGq`D4Yo0-=k1u})XMFmYXRzLH
z^?n8we%|dF%nIlgPh()v+V?c(24iRIV|VaYCaU(e#b-z7iv`w5v4YD?;FzwmXN!VT
zd2!7g$$&W3Rl*Fh-_0U-#AZu#;GpE0t>8jp$0bqDk$9e`&tLlOOK`sEbs5`OWW7u>
zX;6*b#5+m1iTZh$@QQfYMM#kEabbg`Ulaj`tvybfXMC%09ivZjqKj$`q_ishL|jt!
z(>k`<tZl^3ZIPimitQKGzw{2j27Ya<k+FaYJDuHC-i{L2hOwr6WG;buy-hAo5tz@x
zP${}32c2a;D+ep&=!6_hQ@A+8r9=nh2(KqSsEjSzE(hK0oLJ;)d-QTG%+&a)TDYP`
z57fe82j5l;gY@W{TIlTLw==Q989kAS@h-kRlZbhAawaw#vEdom@8!e_OH!i51Rtct
z*5zQZ^&6mv&oeO>Lwti%lJayjV=GuoiI>;MTq%7@eT<g*%K8|lgg4YjrNVdB$5l0a
zq&_y;___L6WDj4jk5Y|4s80wl+^GRBIe2jc%+`H_8{nSKr#HYLm#=$WOmV$W)fs$A
z5l$QW>LRRgM>iB<wkJHQE<0=T33V}&>$B>jrPrEY7w5d;({<Tki&xaeUQ54I7qfiU
zgSr^t4~#Ehn**U~1vn7&ENsBq<yr0PVtHQH#X4A2JGQ9~4%8;3`RE?*0G8;O=!4og
z&-k_4m?TBd)W%?$AFPeta&%j5tW@~w+Gwpt7t}_D%BR-Gcw2M~F>5;?R2$pv(O$K&
zRO9Vyqn#sqHxE}Gydn=1_2`K_407_ldD!iYZpy<tYWX~LH==X$aLwQ)wJ^&aZCMK?
z9)2<#8$HqO*_dF)CTC%txh9-^zn7A>08`bK9&z4zqlfTZy=@*$b7Zac5Qg)t_TZFm
zQ2K^$O!8o-)3e@#kscS7pX5oN)hjJy;!B$XP1VXER!C}b2p8ncb3sf{_{ktHDxOtA
zOjY@UpcvNUgV<%W`Ua^+-ZhBXcD;2Foiu(cfD>B0R|vx#k;NgD==^E`hjo2d0IQwW
z(g4mo`2uk~ST75pzhU(VV73vP<HtddI>pZhn%P^!SYl>R3uBbuRT9D!|I9~y9}54h
ziT)6g9Vas9xD?@zU`YykNyfGmY?LCWQm|5P$4V?#rt*0{99EsZeduE2gDotx8Q)rH
zX^$+naLe9~ZT7Ky+CJB#&)?4&q4y!AdWXoFof;7_;X@jst(rNi5q&qGBs?9*=a9s;
z^JR@NM~iQ0gi;6J)d=?;@gt4sTlu+0*zSy9Z-kjH{-6;C81YVxao6C*jd95xAKVyQ
zJbX-J%r)av8e<UW^Xuax_t8X|=H&-yig@)?^|3A`dcHmuTH*c;ScQ)dYk+dUKCS^;
z1*}O8a6S;;*MJQP@na3JFQi{+fN5dtN&^gu_=Y^qwnzP=pT>by`@F{Nc<Q0pqu)o^
z%&Ep7!DjCV_$oJkVoY^o9OHKl5`JQ1cZ+1LCYCBi#u?Zu^AQHRC`LC!_|$E0ptGu%
zi%njuj|;tQyoU?>ZTbx-O=;_h6Nl`P8N__;J8a21I<N#=(c6WI=kU8BVk`E`A@q}i
zhe9|m@dF|BmhIa@Brt+YLc;m=q7dmcV@3$)l)(59)~I}V2wiPPzYq@Fc()MEEu#&M
zP&>aJ#AHoh9v~57O$rdl=Hmirt?RvLB<fbBpY&U-s~;nsH{D6hCS<+Q&V?Z?eA`K{
z!b_c)BZ**S?PPvgCwLb<tYfGW8K+~eayS`t^|^#CjegUGv5Z%^2$vdXTto|bR~Iqa
z=v@(DmLGMZMA5f6iE2f<J8@4Lpe5T~_-qnJ<-Hl-Zc-~46()L0d=1A+$+MZGwagE3
z;+Ogv%2#4NI4P2`(lRfbX7B%)-^aQTVU~JJf!@OD-5VeT9Ox<HIf<jR0~BkDilvHY
zjEXHva-I1RzjXSyPF$e*;>0*fU+qMt6xrmY_U_2WyVzZ2_G59>|L*$;rze52xzCH?
zj9=u~#Ei~f(pr3jmwH^^?!{D@S9oz+_T1noSE7Tw7^}{e4y3T7_BO7^*JKMC@Yy!}
z!QWp*I*aTQ$7uLu8(PU~8{vH9sl_(jkt4HJYW%ei{YeNP7-lonuam?IRR?tWRGEnQ
z1WKQftW`2Kyk~_>IQz94+%48F(t9$z?FCw75W;9LLV^9YYd%n4ykV059+J@CbE<Yi
zlj|_zU9`7RpuLG_>Lv2VvxISwa68(G>7CMWmhlHMES5YMV#H_ou^6!pb59IC6uv2j
zC5pKshW;edVmPa+Q(~x8eM4hdNrEkgHg>f*h7!B4Rg7jIe~^lPnsz-E)3rJa(oo{y
zS5vXwp-+lpmTnD<5~t@SQ4DwLw<GB0vW`bc#qvWDRJinI5o|N8i4j~iVr5|h^b2`%
z+=(e1o#VhVQiGaU06L~&x5T$<I4fJ_8agYHd%~Guxmx|*KgSP&9~u{Z#Q69rA3>MY
zGk&a-_+cOJNvUo8I3n{sJ`7j%tv*~)_&OgZs?p^>Aym5fNM1+pSQu^RXDos)7D?@$
zTI6sFE^7~r>N<S*7vNv~XN7O<$Pyx4Y@qb;nlLK%UzD+tMW~n0JaTOatKv}f?H}ta
zB3RD&ya>%JPk978B|bDl;L0qCh&SvK!B|CY6(MQhyA&p6z%P)JQq^N&Y*T$(!WeAh
zo5I*((^iCW$ySFNbu+1lFnVZupAf+<>p>8G9sEuZ`yKkhAQtP^@*s}ud{K}DlRh$t
z&MvEa5aV1i5?iZX%RJRGC(-64b5<r~&Mg)tnX^ygG(mdF(JM||lQ{|8_Nq18iP380
zfllwWt|p$sAFJBGQ;bHV7!<ddL4#tG#LuN-jqKTzN&w~)5JBXdQqfV>SEOP;jj&Yo
zw?(I<3f(>?6%*{y!Kvt}@#0i$)}ozK30d$Z5u9;ECr7Ye7fp4@X<ZHDfird^gu$*>
z-v43W_&~7aPyQ=n?KMI(>cS(}9#q9S=fetx|Ib#1bR)l6fLW5~L;>zfd|v_P%I1~=
z^ilY#0_;`H1qFf`5$3z3YUKr_Me58b#0C1c0?f1PB?SaQt-E!xNaL65qP0UmR2K&v
z){44lrSo}pu}Rm<>tdYK>QPrjk#1KP{axzaI+)<{ov9<7Z=b4zd4|5D4*I&Sd37+?
z&8JYlTOCseojkshI@spn#UeDV-mNz7nbxg54Cnl6o-j4uo`=0&zJYR5^s+p(wX7a_
z7;Ev)dBXYc#awLiiG7VrzF2oc^8UG1zHmNH_=Arw3kWhWCm_fGsXkI6qXL2qlm=+L
zavDj;m1u_mR;m1+A8l;WtA0TXX$D@kTSI*$BKSZbc58YoALco%^A`3wB3&)qa2z$N
z+WM`;x{a~IqW<IaEOeIiDV7+2V=VNOqlBpL$h_F1c@gboVKCL>#SS%k-iygLzRioP
zw&+qXw%Q{nIH~FjuIfH4Ozw^O&xjasyiCVv$zQCC?z`il?(-7{@1sO!J1|MvWc%x5
zDNt=Ae^I!35Toe<Ynxmv+0GJypN#Tsyu*iQqm+4CXNy{IWeLyF7qf6q;>WWvNA_&Z
z!abR<&cbp<U6_TPitpPj3{&~IEF4hPVOcbQeBG%eLEbD}wrQ=i(8XS7VK&a&dCM$J
z)AWm(G|#O)nV9R~n=)zWSQ9dFRp%o!vBatO$|OEx-OLa^|1M;p(xvxJ$9}`AjH9KS
z-;86GTi+MQM31#Hj;$WPB#vIDJ}QoDrqwf!K0J0lhN*mrRsG#f6Mh+^GdwuJ_(TtS
zNYODKT#@)N55~*U0UmTG`06G$YF#(5PURH_j@ztN2HM&qtqcsckJqZ7^;Tj`>HRJ2
zV7!;;Yu^M5Cnes&!caMSF9od?el-OPmFSri3|Bd+_HAl(tylQYp5i4~W(=c#w?~$7
zth1kY;ct=w;_Qn5u!wUTnI%@w9_`aAfB*jL!o#d!<rP&|=^B9&5j2h;kK@n6+c)**
zyf`M1?2Z#;<wN7d%hi%N5dmMDxPb7jsBIPVW}0~K3u!o|n#a<x#3sCeSK72qX#^+h
zv`Ht($~UCZjJU;aQ#UyIvNT+9>K91vxvbr(xaRU~OT`pJpOuQiZfis;7Pw=hq8RTT
z?4TP~NBpHx+=_U5MbRPJU9HAz!oQ?RBb{XU5aAX$+D*p+iC=SIfE+#Mz%4l<_BfPt
zHMZYBOZWrU=6Uf?Mui8HS)7ua86WMX+l>x1$t2#=ODe#)%mq3>%h6lWj&U4PcuS5_
zHG0X!4VCXSG1V4bVWO8ka@~V(?PbotVJ=nK_xf*%HHgS2VS8HD?xpJ)TbgY7mD$wt
zV-oXdFp*Np+a((}CEhAq2;ZAo=%w%rSy)3am4%baQ~R>9LFGrX(8*@*$`TNMLl!35
z^_f&svxaBkj^-SY#RluVM;7TtwOtmGRo~T2EOzqCnYiavPi3Nq%eNyFdt7{5CQ(QI
zQaX_;Yi~M+y7`WDoOJ7R(y_*4m8Ii?hYwB1x28^g+J{>g<CxB4yV9_gms*cw>BRim
z<G^0VOT;PBXj=zvOZ=)vbjK1Q8I{NojR^kO8cg$Cl}x;82*g11sjZ}+F+_*7HH1#S
z>cV-M?<JO?MAx{`L5;L`VT5{C``hNjldg&Q*1`u=R~9)d?EYKTtb_eA;V+XP_T!)R
zC4R!le3l=BB+n>64okxQ(O@}p-H*1U6#RrF)ee4aQ+(HbLS$d{VUMaGvM}Fft+hng
zkhmXg*NG^1(yV?KCTP63g$hl-oq}x+>v#&TIwEaT&|SamO4gr_uYj+jo9tM__)t5#
zO406ilB<yuHnf)yDi7OE?AsY*686Ny+_=Z|0dC=$e+p4bIXcV`fm=ElqU~-Z+HRU?
zyMc~Jc)$!B{^&2U31G0Dn2y9J2=|a`OB;sCPc5+FrW~1}(rl>V0fjH|wKky}#@R?)
zM$V|%CGn*;6qAIoVTSzFRvWr1k+mwuRNeGI#D@F`_$aNFi{wwjLy_bqLOV$Mcc4`E
zop%y=3U6@Yn0%Zru2Q|zoYaQG(!RB3O?P3u<{9V0T#bnLZq2jMg;N^M=P3@)Fc%g(
zA|O5M>FdH-$C(;`Prn6zYaJ8TKh^Ql3<Q9HMbtU}*VW(uUzMx2Wv~bsm5JQHkQd1>
zS|sDA<^mbNbq$fxh537kh~(3x|K4*_lc9=?Vp*JOxFHFzkjEq%bh~QCqm~|ShDKHX
z=A6lRGT#iSvWu<qo9$gGHe0=`g%@@Ia&ZnLW3GhBQr+aYi-jofV=)r{t2`?a<Ig)?
z1kdwMm2fzD7ABB%?;_42u3%{=B|-%QST!#c``F%(@Lue%mh~rNzI#`R?@L=Dkq)Yk
zed@;z8rL@zYom&xs%O1Q%%$3Ppe}^3upun1ze24e&S9>R()ubmEj=d=?pZSw8bQW*
z1v?X#YE}3ARGaC<m)bgE)TNGcl1fqsI5FH28R<kTr)x}ANLI>szEvX=a@2C_Q|A}~
zk$*H^#tP{V59LK7X3!RK+(o0d8I}w$D6XYc*`)T7@SgWN!{-nE#tHjV;koTy{i;Mt
zz)K^v<Y8QABjIORYs*l-rVlb8jxNk(+AfLamv@_l+f3Ub;!%64?)g$dO`R_SFQ(s;
zNO;n4`NOc}xXXlab2o?SH)L_j;+l-9l1AynQpPR8&buVv&CFE0$at}z)J>c<`Tk#g
zA0y#v-s;ED=+}6{d%F^TH{x%hY1P@(w5r%Py=1)Or7Hg5>meeO1}Y@dan=6o{+2TS
zByQ2$P#drek`U_?VR)<d6O(azyNEcwS-^A_KhLneDo$_d57|Fvr7ZE`h$Fq14_$P<
zhYvS({~{m8I<=D)7CF^}7CYng5A$KDOCvcw&!v`G?0{SA=ELR`jb!%u6m^irE~lJe
zkL)G768`BjKgauNiQhj?F3(uwJgAhlIRp(<b*%?`?doa|#^`E44-p%^)Prt@Mkunx
z5Dx9vxUC5$PPtt>J-F(2t@q%8+eP<w@wljbKhLn5`l1=G$u@EJc)AVeRAZ{}7!#Rk
zBUVr~=UylMCgOgFcSNv33a^U@FAqyZy!fz)gQA8fM6lRqjf`NDJv<<SQChe|09`<$
zzXUxT{9YKV9MM~0oO3K!4$)=zSx>S~p7bqSf1a2O5B<`;RHz^3c$rV-0(y-QYi!YR
zoP>Q~AV)tnYad5v+e<`HM%mLBaiT`ixtxgm4p!{NaYt#5?s4J-&G!?Er>B~%uj(7>
zuM=l#9@gh98YSWc?nnf(5c8v!-ciPnESgFEn5V0VTjMz;5n$Ik3k6>jPuhgouG+!W
zD~!-cVRGCGJrvl(@cZ9B9LvJbo|}YLgPK^U?!-Dl;1<L0`mraJ^LAzW7zsm}*-?1W
z?#BK~z7H*c7CMdhwk#l`bFePbliuSmJtvY_8`Db@J|T7rBp(_ej<X+S)z1>~oV_Fn
z-m38(==haNljUEs9@Zx?v3EJc&mNZftxD?o4_SZf@1&o`krICFCw}<NnrhjS<fCa9
z7|F>Gll3(O8hQsa{KKbD`erMUXO>F%mAAd{D>jiO%L+XgSjX_&FCX6jpYx(PN^N>n
zO1rF}l`P~#2PJSx!4T#1<nuYezuG3^ud6f-2eBU{^>CFx;EWLprZEvI?5O1Jrr?^i
zjQxi;n?P;$h|UzgR*Xp!z6kV`NKh?j$$W86tQoyq52k+0Nb6PAqb1J#dwx?j2ShaT
zv&_><O6m(SJ_6fCj9qn>uqVrzBjL;=@sGuNshh^ZcWc^9OW2ut{;?|kFxI!T9n*#g
zzq?sg<=%(Dz5^w5k{1`Ha62zLCg9e2<#S@2+tuD8Hn-**=*0*}_$0@Chxm||PMxmK
zaHi2z-tH8JG?U!Mw{+D_uxppwv(igMq2_Ecf6+NY_$qyBhD<nQ?<4IdmY4$b7+Tcy
zQ(D5lOlvRW4R2c+pLb+5oOenp>B)WKsCU)(h}h1aA6K=fupiW^op-W~o&x8*UM1sy
zkN_asP!r9q&Zh9_JkKK{4IDQyO4e_i*dxa}a^g<bbk26$`E(O~HEpJe)mn_G+<b?3
zzsWW_E<V2I{(bghBx9?F-}<I$n8A1l4Xq^4Av-|=zSmC7#IwYX4RW}|j&kKUdo?Uo
z^=@`{QPtbo*)8?vV}81OvVYY^))6tT@8qMq;;PKYVb$zh2R$`s*E$&H&<@nWVwblg
z<+zQ7^xwQHZK{JdDI%u%G)t%SvVgj{4ps-Y6RRB*Q`^?TaB=tz7qZnG`M8oT!gf{W
zWFM`AE48z?)WMQ`*S0#?kk9AW!NGi2`#LzA@4A(b8~ICX_=7uvA)Ev_UTgVK&Lv_$
zbYghs^XhWGL|<`2bW>OwVUf*=^?oGr9u0B&(-(?;{?ws_gr(I<IZ$JtJy{_v8Y6(V
zO=_}AK|eX?zD$avI?nPkRzGc5lpY@55hdtp&Wz$F^OZ-5`0#5&rFnKosL4fWuXVD%
zHiAJ4Ulu{7;@KER7nLT>C6%uUV}VVd9L6xaRT{>8d#%GEban*xg;3^jt_fka!<-+&
zZU^rZLNDEOHz*7?jt0dTUlzm~XJ%;-4_txHK@2dQmjYN|nCk-AV1(ubQ05NI3Sgnz
zIW|Cg`-cQZJ%P~y%=S3T0$AoLH<EI>Dr|?Rt3)z{u)$Vl-DWt+3KC=L*9519FM@-z
zYqgGxvS*o&_KG%L$7IErs$+p-OxCeh32e}DMDb44=?jHxpn+<5u#TN}tyIThyEZ__
zX*+?k9-3CEv+)kSwT>AMA+e6@+BKb>*MpB>l|l&nj>RlIQiPTajJ2Us(kBSM<|G_3
zL=J7XVU}#{uwi+^2(4;d2-{+7l8isr@V<<KV1Jn)tTs?+ot(ae8d(;lhe?eG$=EOb
zq-IPBALaE%GSY65YCYD6>2rifS972+A5H4i(&tzaNI86{uVU;MB0AM&rru!eHdCia
z>^>ns^pRAeIfEo3gKW4Id~{9)6aLEsTL^B41>Yzni9UrjO3ICgaS9%$#a^vFlJ%Hf
zo$k$kWbZbbjFBaL=TByyZW2~8S4(ju`153WrfQGfuc+R~pO^K6N1o?Sa0b^<v8`37
zstjkE?tPABy6Qc=FOl~=%XB>bFfW}xPy}`N4r1(0M<2#MbaZ9xSFX0~vHI+)`)~eT
z?W@2`B6crJxg<h-=pqt`<fHUjDR@~#7R|4D_XLI@Nby#6e2020w|ap0Q`mau>!`3J
z3HSFa6m_kF4T`!~VOy0)?ClfxRK?aYhRH;k^kSK9W;X@Tm(}$$Hp%LKnQfOJv(a}U
z1xU$x84as^*Eg&Eox3KXf3+vaWZ5&6qpk8WrKj19^Cm7jgp^;Q2PbkI(20e#b~d1l
z3a37q<FM(Xg6GY})$;B4ReEQ!9iOO`cKowG$BsV*=Gkd<w%8%WyGgkfk~PbY-m-s&
z9b;t?c5#_(mDzDZ_K&dRuIwLXM_<JnViz752idVv@ej1)q+<2Aqpj-iYo|Hu?_<YY
z)!ZSX*shn7-zBg|>T@WFC4c(>Uuq*f75xj>|Eu5W&*Q0B^%xN!qZ3kZpigD&C(n&z
zte7=^r2R!15eGykA^(g%k+GjWJ({sz?AiZNMi^V`)JWgaXEXNm=O#1Omwop?lu6Vz
zOVl-q>Uw$%V?D%#`_E<m^7~Z#EZ3hxPR%!ngTVSihG*#|+568;6mbIno^SZ8b$^<`
zWP!^%zTUwe=qQ)f+d3x7zoRj&@S7w?l|Irv9mi~*>pJ>rY8xj8Y3~77v|5zx@1TO+
z^(d9tpu1W*u}62^)p0^suj)9ftCw_K(yRD+>C>z(c2mu}nbt~ShZ6>Hm9k3dR*DxW
zR@D9qN)>gi!iGJZFbTd(YLfm^ZmC$K>NiwuQ@@+M=J-%00rkn#kIZk!<MPMuO?&wJ
zPwbzEOZ-N<*pXSCju|pvm@amhrlw<&!bhizo!5cs!Wg7`y4WFp5XXKSuZUxeogayd
zfa6=^n4|G!addF-DRFFdh`oSeI`0<8Ii254!yM;XTgwde&(iwUV#Bf?u*Yp<)KAoF
z_T&paDE%=(HUa3|J#F}@Hr2*HCN;B$siciM$?Mq?8;&dPMK*dZb(D>DQuVnutXG}g
zZ8)T+(A68NyDKR!n>N_SN^MOaw`s^t?pYbd!efsxE1oIUE*55sdM^cYWV2W-5`BcE
z?{l$O;XERthydvzrtgv1687;HiIoYr8;?GhC)Z<~dnGJMkdbQnDAtdiq#Zt)TrFE%
zVf{DAa(;rspCs=UcwHwf)yVm8X!etuIgp|M5p|qj;X6Nhe2rs_Sb59nDAvWQ);JPz
zFN7XY-$!HZJ=Ub|qvP3IpcBD)*7+G;@lfLJYMTo!JMbekuAjtbG~B#i;>9oNM7~~g
z_GEbP57l$=MZ$l9FY!-xs@o+INTh<{P3<&e%`=ERk6=Q{&Ji#42tKaIa`4Z<Kdb9h
z%$82D!z!jI>N1thQ}iV&t}Bg2j{5qe<KcPMpz5AYHo9lMaD&@h5pHnzE9xp6JE`a^
zguB=0Dd&vpTxP>HwHJG2jz33WCULGy(iXYcDyccd3?An~h0;}7<-%&GI>N=aI`v^L
z?00r%kJ%l%6Fkj*is7F|CH0wzC0Dg@qjqzV0-Vpry3o<4w{oGc%@p1>Y-S%9&3LWC
zi79#}T|KC)?Og1buJ>@Ety68|LMP`2_Gq6N2~p~z=RVh>Ixmp4zqjs))ja135p<+e
z68q*rgb3~=2bQZCCL~c`#dA!>D1~}`yJGE8aaw7|s>kAek`4D2ttA0RwOh>|ikZaO
z);0-q#R_2}Zw@_oj%=NjiKkTMonX28nLJEo#-=>1U?~T3>2=KFe3VMOXD;c!39N0t
z5QX&Pl#+Ho2mMuX`KH|%mxqyB%H~|`(##QgxT<9g%)@X;M*BPz>;0u`L@bQdwfQ*U
ze&%pKN<0>&7kl(MxmaQvLvyj+G%x3%9XBiUFpj4U%*C2SdTom5QZ9O0%~n%2R_e?;
zcn~no=AvKFe<}wR;Y?ylt0EC%NyDRQ=X0<;YL?{UZqy>KG$}RhU_N%Fnv}kmn)RSI
zQKA#>WSfK%dq3tG3GLW#LEmW*t!^*<?qNTPwOOMN!}mX|&hsU<wo?X)s2ianB1YAN
zn)&{xq}{S}lN*y*=5{xsRdcNy<x<)TH`Yt8#cs5h>-X?rm+T(zAqk&0-;FEE_scz4
zrM_D1!7!WF&4anNpY-ye%pRta`|W9S-I%2rB_332yq^c>9U^~#p0?19*}6&T)q0Pb
ze!k8i{Ef|E&ea*%&te-gFkCXbW#WL8R+d4)-lB9L*|Ru<UgEp0GO<ZDx@2Oi-CvS{
zO`6du6Ek#w&kR(!e4{ck#_*iX#9`yL1(`VKe*bhP_IqAGnu%$qaXb@O&ETR;jO5nx
zOmy>RjLgJZuXkl8rda7iGqBSN&CI|IU&i1}boZwY&BP+VZ+Ip;1kwj)U`-%>N(N>H
zo6Mt}P?OS3Yz}GtGI2ii{(wvz3I|Fu(JzwqZ3b>ev@w~O74?^AVsdJj@(-kD&C5Wm
zm`UkgvGLV5k57MNEVHAS#aG*Lj2RQ{XeXt8OYlr`jkDvBRCu2toNTt#2w0|5`m{W&
zhUb#p6Eb=-GnRx&v>H>w7%Zjt38R~ATnpoY9OxFo4x7<2f?KxC-Vw~Tn{6UEqjhET
zBAB2HE2Xn~+JP`;IMZiFaM7vn4&#>7AkJCpvM6V!%XL4D%dX(<Fv^T6%Hjz6`TbqP
znCkbp4daa8Ul~Gq&`<R*5BjP8gP{<Wxfv?1=2u#JunC^4!g*RS<r(BxrC&<M^w9Qd
zC}-J+G@NC|4vlzM+GY*QCD%HQI{u4+4s=x9gB)0_WUSF}MlmSohO()q4Xg}(AE~>@
z9tp1*b0z$!e-$S6{2+}m{nz=U83wR;Rawu=sRJ2W<P8$*M;X=c=Y0Y7tKZKkLU!zl
z`7b5?Wola;#D#NqIq-m`Y;a(X^rI4@v_yf0(_r5+2f8SMfjS|Qj3wf%Viu*_39W*^
zR<GF@^^$3yGavD)^glwl3m?d|T~1P38T-Y_esil6GnJeTPI|s;wG%^C-!dn5sz!+m
zy=`eroWvxuD1F+Y&v)XcL!aeDD}A-}SKlEu@H!gQ|1Z*!xBm}$ZviI9aqW-(s=KSF
zreSDjW|>zECXuBTSh6EIv16^|7;a2)?8HvuIF17jIbvp9X~it9n3<VbD+Y_18Q!UZ
z-C5bbwr}3M|M$K3eLMSApRTU1s;)Xz2T<#O2CoXKPCKg_y<`Ts#2fPP)!xl9T{Cua
zEYw~mV!{1mbqwakz7CZz!U_7dWyAa!YaCHW_%Ym-K^LoClQp{79GBYBk8^Q94$-|o
zv)_jNrM}$m#xdre;U-ij8IUWA@zBM_s^(1>yP}pS_zf+7nwyA#80y9ty$$Q+#(qc2
zbr)I)vCD-c;>!-wB)$u4=f++$euoS9O|i{|`L=9hl|4c!MT1F}E<*%-v@%eM$fGhI
zR>Bw=`7Ag>+L6{-AhrL&Q8Me<j~A(g*!~@PHaV1MDB-YzJ}h`pYNB4dE_0A}3DL%a
zDy$4%0$wtSWBEXwWvm19pO%p%T?E*{%##d<ScMoq`(4N+X4h0Z-^3)%*U!XSt<ew@
z*SI~<q`~?InOLU(NXCS4xckuhahSbKY;w5AnM4WgVI~d=-v|@8MfEWzraRZN2`26u
z33R)cStb0AI+#f4YohKs9*2dxjEu0v8Gj%SyPY!A>nzK=GY<W1@0~b8#RKT>Qcndc
zpYe=Si+R7AKu!Juo)>SimrC(|-iSY2M>bu<K*=pc`5c*x%6*Nvyy+1>CzBY=;Y?=x
zOr<GV&BPJLHp?TCSUxupKJz#uJ)5&PN*&+C;<-u;#Y1|byNZw9T~&NxUzAjJXfzLH
z2bDcgh!vCUSo*$Zn5vyp_PvUUqU@GtG)upu@<k_K){Jd3%TT$e?e6m`rh3da&2h}@
z>ChaTed#-!VSL=rIyJ{K|5Fc}p>;yF!_6=!F@+%e6YWLKFfoPCYKCbkQqOfHm9J}t
zvFX7U&2cvK=_SpuJ<B3UhipE(Ii~0MTQ$ek9Gl9E%D8(q$F(v-mdm<(G{?bmcDLr}
zSzba8mJf7kj@}ijQ@N;uXF)TxsOY)T4Cg9}Yt2wt`R$|Ba+N1<(f_LH^O|AY6XHrU
z%zQHQ0`=#qwEX6n^K{CkX4vyg=2y+Iv07Tc=GaqRoNI>7HLBfdhWuLMOf%fBWt?h;
zrO(<Ynqf#CdrmWS%@ysMV^zIs^xkpxjUuX3-`Gv>eeS7E%`o8kr#8?eHaWohG)Kpm
zCNZkD;pIz=rmlU{H)-mQHT{%8C-UNlG{gP8o2B>IZ_&jhylcL2p2RZCcRdS5mUT7@
zW9+Q^M3P;pRNn4MYe9tBXI{<1N?*psEIbIfZ)f3HeA>WloJvT`&&Hx8_suMHOnKsN
z76zmyU#6PrY5lS>Ff;987UpISj+{4F03llXnFU^Sx6=B1G02rN)QbbICkA_Q)Eyk)
z#VvPH@ml)pHI)+;ysb)~kbVxnf=H-iK9zSFd{q+m8M~=G)y3Bkv6TsDF~G~`C1Hqn
zF*R|($LA#BsBbQjwE^*gB}urHXl+Tty+mtM651zO8<NmF$s)2mG|5_&gu*0iK@#R9
zJsn!7FR(hBRKCx^c2zdkgXb0*wBHjB8N}~r>^9KakwB0g!oAVJ5X0DPu%(7|z`#bM
zMyWZ@&1ZepaR!PsdyIjJJY$G~d|ga7a7@n_WnhCtOf=9}WQ;HfKZpqimOC?s(Ou_1
z5kBV$#YEX7Gv<9H13U+otHjQnisJK{)0wf%O+teCz=cDKy~K@&N`;Zq{IL9RVjHz0
zb*~%CgqZHe4&x(2&I`<?k+`=c-VqL^pIdq)s?W}=Ln6%tHZd1-9I5;3V81gkHdkh<
zn3hZY3h$kZDQ-8F&wF{BT#WS_R9@jXuGPW7cz&Y}&LsLq=h6gsPb4nnnR3JHVA?Y>
zg5&7w2~=KGeL7L<OSLU(|6Xm2T5Dg&qIP=MvFO>Mb(R%>_ov>oXV^3hW3P>c>QJ^e
z6yR`^jbXekJ7lA~<C!fsjyV53&8DTWusHsGjSp6;7o~38d)B}aji0Bf=Jo~yS9$sx
zg6lyl_i-exGw{ISqr2V3^(ar3iZ0Z<E<ApZg^_$BwYf$3&RaMth86Qg9(3_j9lyQF
zj{*LAAy{oJr+zPI$;X|<sRS1}<r(4<Cst_YDkoa=c;Zz0>M6v#9C7@JAnlz`QJuNY
z=OS$eqjm{<q`X&dt_(C1wOQ~&M!aaNBo(O`s%&N@{aB?*MQZ$YjXrSrygGH0Vr=6W
zp}Kc*`u1r%I9l<<EgS{BIOdTT=ctWy%uk&1Betw$Tv?nLm<E&Cdg&AXX+#d~LHB!T
z6))@P!;>%Sn8J5QWXo5FvkIMTbW<t}wJ}_)FjD#^*<Ebh)9m3k&U2%ijaI}X+bGn_
z-m%ci!F$+59K|gQ%Y}V|*e8*F(vnEvxP?j9nD9AhumY!@-gGh>rsAklp2{87icwni
zoM_4LW(LjH-@<X&WDKQt3U)gn&pXEE;E-cCP1j7ry*UTV%=C>p#9=f#kV8w?y*38}
zZLvNF`&@i<4i3AfOM>X*1nDQuaM0PGOywp1CkN$_Y-#k!LC=79VGd3Oj6FG+5-htl
z2d(3ix98wYyjYyWrYHKZXQL>wBGu`Wl+z{$E0bC<x)`3~znhI^DaP;|bW8Q$mO_gE
zW;U**l8kvW&7dlM)5ZO4)+)n)H5;2Vf|s)~KQrq_4i02KdyejAeFC(~4vx%0es-`|
z4(4aO+vQ+$wzZnNpKVdQC$l*X_gpro#x7?ch}C;kXH|}~Cwl6{6a8LBtu{L9tg|Z5
zjJt57rOx_sTDCiR_81vH<JlM<rvk3iL|%8q&-S7~xMq4WUVJ5YgzIT4-*Ne;d(qXs
zxR}p%hGJ@E_h8?0Ekf@7*?$g~rL3I&xhyw_Ox$yc8B-jz((MT{5Ov*g4op$~V;m?_
z6Gl03S<RQK7VhsMFp0a{2`uF9s}5}7lJ(r6duNkerw3;`a7P~=S(E7?p7<Hbh&M}K
zEzKpwT4@NCLgm#;e7H_FWH^!S%s;?^F-po^84=KPTgO_}QQ*K9^=RZwE0C)nQqWLt
zxE{*0XBDiI#&J=eN%EnhK*PJ+qG#EaK!Q(}r?upC{`QdJAtSzOm6Co<!*JDgMZ-=l
z`I3f9S~?KPw=E4>0~0lwV10xpMUZ@r7IWHI4WpD_5%yGrgm#9hPtqpcs!nC4`L8_4
zQ`5D~NA&WH;v3?XQ3@7#u~YrsMlVTqf1+K$1N0#eaDzVHNq&Pq+kTO;)Qbzw)a71G
zH2FySoL+0RmuP0OtyWcxq#=z|#U2AQRQFzk<|K^}>Rioz&A=M%IIV|5BkP9LY3D`x
z^w2qjQ5(rmhpwxH-R24XOk<w?92=Q^kfW#KJ<PFQ@too~q1g91t}5e;@%E>X0%pGQ
z%ib35DNX4UtCfdXgvEk`EZpY&poIs#A#ucd9u*HcjGh)QJCgfb7$!1@S?J_U>TY4Y
zGl|M8oYG(Ykl`m(Gu^cITUcynk-T=q47Rm!(~R1*1wwYSMv+4Da{4@CNn>)6dPC>h
zenK^k#pihC$HnmSS=(j6R^NQd^Y&oh1y2nfSHuz8{IfX2@UNGp(UL`_-SVs<ivPnt
z#0gy#>}8^pf}^ZnF`k#EWG7f^FPYOJ?4K_xB{jthX_5Qkm~^QR7-97?5nYwEb4l&U
z@b|3fJH*pTuj8fYGvWQ0I!Hm6NSogT^POVp`!!5e(+_I23`Q2~twVa?)Q|9XTI78)
z=S(VzR{zc@p-(bm@==!BO`*N;^?rX>AD!={(%k<et)#uMzCLvk!$fJM5`u;4X6j6a
zk;SmE9wBwU%%PSO+rMtqzv6d=W3#6YlJ+(k#W3mGoLV5`W@Qw=S4vmo)Kn7xR;kZL
zbg<HOts$-Nr7V|7?Jy;Kj|{`)BjUS8O`OSbMD0>+TTBw^zf;Fc%b}7sWeR~dER`g#
z;gLS3Ze`{}otQ)4eI3WSc}d4WJ?VmunR>BJsTIogoBA={N&CiY@l4Vic=?;}c_H=A
zo0xB_w3ciaJ!7$%=H#B3Gv7K`BIQmsVF;}})j!OGmRjCy59V+)--8)O!XOWh8~%YF
zv@r8#dho#Z5xl!=SvaP$m+A9ZwHw8!&Jy-9dj}__xsYn~a<R**G_+gAbK1IahV#}k
ze7v}56IbuKZeyxLoV3{@k$%-CHpxBEh3SU>vW)|V(aFW`8BNE#P-Iph_-vQ4*2R{(
zJddC2NRz&WOpwIAl6@e<qq}Yzn5{_j+xu!lXA^z2;SPk(Bq~6fG#zJI8#Stzv0lSo
zg^$zFRgE8`VVTN@Xl%7Qq!{%+DhMzm#puG=bJg0E8slRzcpkBo7dx`O(t++{Vy>0y
zJ5{1E76EpuS>OBqL3#fZd4N%!xWA36MS!9o@cjSD`&KA7w)hjWe-)XZs^a&h&K}b<
zfBxUvB9s%&W9G9sCeZ;IlW1@;esz~`LPEpes;!XOh%0;>te^_Zf{ZP;LJ@m4wn6Df
z<)fiM?bkKllCwKnsdW@OkCmP_;&<#P)WV-U^tszJzL>EtL^f#G@-Y&>@Y#$_W+nDB
zUyH>g*O)X;{fgx*)}*80LJb=gK2XC0B{5$k63csNY;LJFCZCaM2Dh-B2^u;pDYPQz
zD!iRWgg&tiwW9L-DjW5+XLiuV4wf@rla6RpH7rzkHw{;m#4Z{!IlPU=CVuUi|Bb#$
zKlYn+ag&{8r*w?c(oX2utML^&y7IJTIyQ4YPiH&$c=p(tVTA~@mNQ8sNh76Dqou|>
zYBG3ddyV8A{zzqG|I_|SoDsHxmpEgY#2KSQIAcZ#XWR+ljGo#kM|2%U>{HfiY&w&g
zi1Ql%wsrJF+Lm=Aw)|9gv8+2HRCj8q?#)o$Zra#r-7ucB3r(z(btfryOB3@IX<pY>
zOXz1}ur~7lP3?aFx^{>)wrG=oQ7iIYrOlJ`NtWcSRoV{9S)E{YWAH=+$Q%)an0tmp
zdZkQupoQWdFC`2&&GJZ9`bW)FWna!}zJU(hm$~4#@#bqC7^O?6i0`)B3cdFUmLh7F
zg4xb`EM5F4rZ3_({!9EkIf~!@8`}#>cf;opGIYc`<{QCro4E&b>DzZ!lNlcmXw-Y(
z7LxW=v77`6)jdnY!;oew^8Ub^tg6T>ZC{pFvGjFv)tGmNZDf7z6<W^Ld1(*#@%J5n
zjStw1;;qMQ(i*TbqV)H%eXp?cqVfN5PEsJ#zjh1R*Ue$#huYVD?>@OgzVOx*MzUMo
zaJ>MtY~L@b-p^Tmt9j`*bDFW5BGzs%7_!@QpHb11-Dme@g3V5>xKICGALYBHtYmFu
zXwTmGUeA1&UE+7!EoMd3`!W{Cbk<a+CG+i2QK(p}Rm_PfnZ8%wL-RIY&RdfoHr~y0
zy#MvXo;fX_`O^=3W|e#<@Bgu9zI(32Hl4Y97~#HZF>B~2th&|cv9+IFx*ccfZ~9$p
z-QlamGMvvmhNmhMeykSLpG?RsR$~?KK9z7Ht+*blIILorTJE^aYWV5*d*6SCqdkzJ
z7TYV<ECs!lpBB$s-N)wfr5`-Lf>ah4QZxx-%szIGVeD_t$t8@sJR|dl97dd<v&PQW
zjJ@vsN3p$`Jol1<o#@P1eR=a0y7{j4c`TnVpAQR|&UK7UV$N->_<6z^;kJKCZT~jb
zHa9U0U%*&X-wwt;b8cX)C3CL$?q|OZF2@;yca?1pmTmTp9p?{iFA#CAakh}d{-U^F
zG{+%ZO6QmVV>{xnU6*0WZ#ma9_B-ct#{TJ?FL`R`bjAiTYeMW8erUVI`?)Nd-W-dj
zx3)#I`?8$!x1BQ>`@~tu*uR`38SBcdf|7avPsj3uZK^#Hnnv9tYM&dy5nlpda#~ld
ziRR&3U<J>zs#OH>z^_~VHS}Q5E+sC2Ir?horSPsAD^!D>rO=u^NW*cpZE0S*E~{42
zzNg_$>l87;EU^ct{U>^Hk}Vx4G#pd-L5<y0gZnjNN3+jsn5ngAF*@Z$=4r^gDC`s7
zMq&Ak-)AvnvOp40f>9S)VY{(}khx?I$zZ<<E@Aj*a2P``_I!k<hy4T-cSx&pYo^Sb
zT5-059?EN>`#o8NVNUOmj)6+>L>lpkWzMCM_-n3AM}K{QHYFXqEZ6dMjCGyWmZqa;
z+;h{?vDlybFb(_t>BG|T$RDIi0|WIZrDI(%^?n*o2GiT5qf>m4>JN*5u3b7-C#0T9
z!&eFEEz;3GQPv-kSie;|HYKH=O2gTt^t);3n0!!+jIlD>5v$)$UB&vwVS_eMIwOkJ
ztVJ9O4QW|7*L{GU^P!KoU)0Z9x*3_rWpXi@SiZL+JyeTS>$FN=CpA>Z`9wwfzHh!%
zvNpoL-GU^TA?!!r0+W6aeV94g#zEFq8*5{{$%osRY)Z$oE0!2wv#z!^(#AYnth3oN
zyOgbb>KFNJt3V6Rw+qY`)=q)t!rCmbStLj6#7At1;?5{Iz{EM}lRc1y?|p%v06$5X
zW8#;@JRWBDERquxyPqWk?%pwRL2=(QF-vvdFtJhw>Yb`p*l1!Gx38Hv$<0e9?r`@N
z6Js3q1yg2=JZECP!+nPMf8jo5VwKZAVPdz_JZj>M)BTl++s+wEWKT%D0&^C_69p{N
z*DAlVCtCPi9tvDz6_!~TBz>^^s(}?2Ca5QMB5+29A`A13nNj-#DZ`x-pkLsWkKGs7
zoWLbtR?j%}iQ~iL*nqgwx&Xpgx#AFG&yOJBN#-G0_73Ciq|b?`)H!d>P&|t=JuDQk
zEA-|rA~?;$YLU{*!ZB$VKG*r)0t@*D&GZc8y?GXTn~NgznhL4Y7|eVvIi^StzDY^}
z8^^I$y}_dGR}1m$1K0(DDN5OMg5)t*e<!wTzB2;HG-+^ni5Id~PHYk>bo-2W9bw(c
zO;rk6DXpaiZ8WZ_q-8JNXKNMuquJQ1@V!bgUQA`a>5T8<?4-gsan?`ct9T3@4Cz_j
zG(xv$ksE{D(ucd?1y(!VxlCto|9+d!jxaHe{wtiyy;Lz=X9GjtmBX}Tf?Uu9N&IcN
z7_YOfT&&YssrgPq29RO?1(nR-vl@+v$rK$W#Vq|@2)F9oj>Wb7Ju##Nx35&#TqUIX
z6`kYpH{LRyeK~_}PE+iTNwh>0P9<WmYV1nHS1Ns+d0N8UL~PR}`st)6Oh~{8y&|wt
zPdJo-<2u!t?+9#5K#{|kpMaarz~}@lG~$LNVSt&@I|1`d`+huDn{|MemUtADajFgn
z*$68kKLPtJaVjVe(Dww{J<IBrfCAgN9*^y|?@~OD+eyGf+a8?2id>#<iMZzSj7mgb
zcU+r9oN@nnbP_gte$p-xL%imt1WfaaD+xH^<pjCnwa+D>oljgyKsV|BkE8y$!|}N8
ze-aoK@U4%>s(^1+JWdAqq<D5Y;29T>wn4jNJcbAPtspB5W(`ZireGVwXxozPcFF8e
z(vzii81b((J*=UK{rkFxBZ}B6BPkR{^xI*(Skar|`C|KJTFKIoJ-FM8#;d7bS2eiI
zOVaBfq$5Lez88}<nO|YH{$HJZ80hew^WwC_pz?i(Z;lrWge-3nzHVL|6<<-!m8O4;
z2Sw%!v_mZaB@d=q{{kl4!8;zTw6kbe+QEGu+?T~6uHY&UX1b`j+ZCMZ!FgHi<_`As
zV3hk_^sGPr#aBj2-_w*4D$X&{TE^K~9odU-Ms$r?hut`(7_Hoxs7lj{d|vgmOwMZ`
za$%94zQu*}y0O%Sbq?d63%4EbjCW(CGxZKZoW@xfR@hlzQ44m~Q8zkD!?N(Y+{)M*
z777g~_Qm0Me0v=G?0IRXE4IdABjao1*tU>0)dNMe45F>-c@!XwCewr;)vQN;wB*J?
zKRR>wE<anweVhF30q?*L2GGr6^bbg%zd>;{m;9WMwG<5?EkAn6{L%a?AG;;qSW8u$
zKN}N3e=~lDAM;IPxF3@&am|Ny7T@n<JFLL1I2^TQ%hzn*DnA?PdTEiLU3VF?{A{xO
z0vq6G1>SpFX&s;B9}`9^sOKB0;4Py-VXc_mTOpEeUuPt`%koZ{iYIn$rH62OJUv#&
zLzwPWagw18v+pvJrN>9UN7c&7g+#L07c+#k_M0Mzn!YeiTJAnSNni};0|gNeYmmS|
z@k}v(3dd0r`x!d3a4ydHO0UcaCEJ~*$|xDVWZJ4VEV_<m9!^1%{MTYz2~Q;ch&U%t
zZ{C;VlzD205xF16&E*E$&yDQ{YpK^BVXy_dvEE=ubqSy9Fee!75g`hLjS<y*88q$H
z28Nt3ryFdWQ{FA%bBUhUZN=_!_JG;vIGdoDUvYLz;X61Rtjh8P^}TDH9oC-M&)GUI
z;W4sB{NL?ODjUhFty0-#R%4gS&MVaysWI)BVJVjTmcnY*x}>mi%s!>CrL68Fg{@X(
zxr8@(xifp27Ds2L`sx6Y3*I$=8~Xbb1Gp~YI|k6tcv*&qG^=+G;H1Ud2e8lPC;V9E
zx2WbOzeSL}ev2R{{9i=d6zQS@$_2vZGU5qT2}F2CKj0S?k&+paGu+0%ShZ?@j@1>#
z)GsNA{7y)4eZw(~v3Gwd4R1Jo#r2HuVQdR~O#f=U^2HFTH;TrM$qk+H1y&18Wgo8<
z7^>MT1y*S8<wR7uk08tV?|~`$uZfKIbJQln==kWiz+CZa==m349i(1zW2H7tyWqwN
z=QVj%WCv-ZKeFAc-01BJ(v9)1;9fU2xZDfeIN%CWovW_k7B}+U?rCm}b-x|$pBK{T
zb%f$SsbGcTKA;rC5772Hp!rvFJkZ?pc?9kX#o<YAt>C@6Q64A=>38sm{d%>Algfwk
z?EKdYBlcayToLVGuezmSL#SQpqPt%4cU7fUv31mb!3g=f^=2DbbnP#vTgz2<PYv7D
zCXqVwEPEqsr9}G}j+x;qbm1#@usG&iDsB)<b;D^BB5q|&rrJ|2?+Oo=Spy>WMj=1X
za6Deua19+5Yqo~Ivg>yhg8-dXV}Qo`hV-;Ca$_pw(S2v;ohE}H8RJ#9iFsD5#0cMK
zG5Y-QSXR+~iuSV&O<x=CmhNDogfWQ7B7F$nhr3Vc7|EZep>X#>dHO1yZ9;2Q=BY{i
z3trCs#_MRl`3477v{0it=(j48naVvWQ^mg@`99LFU?p?+l)6h|{w^|i`^X%=jIA`!
zTUFjK8M{<kiWp!8+9%_l+ishTQ=SECmt>6apOt1fNmgMph9(8aCSy*L43xSlDL6VA
z7m}=D$+(mBYII!hhy51kIWU1$THwHGCT7X}mtuwkg-XU02R10F6CAj&WDIj)keWKg
zfmN!x$brLZ<`M@wYJ$qWHQyWumTHyvJ8)JHPII7xBRJZDA&%FJ_mXtaN($|z-xcqr
z<(g-?wAqOx$WpnNCWrP?U%8jII6jWqOMhzmNSWZ3S=BmwaZi0`oEQ7GPY7~>PgCh)
zh|_NAMWNGsoup=?m8{#tin}U<;P|P0&*eYs!7#VI-Gk|FKRvM8?LX$hNw>Y;gBxyH
zr=!PDjKL(2z1)NOp0+IVjlLca*n|Ew#r=83jhrw*wf{w!3~1AXS6sz0KLnF}ZBy}=
zQaXeN;<u%)WBFd$MmV;zaZu{;>xcJ!)kkcS%zPUcrL)fg&t=o%{2*P@#im6H?b%vu
z6%;5LOT+S&50|NMS((93(}vKBihWH&E`{0u6{a_5mEbyg{vZx$Y?9`o@*=HVtlwUM
z8Sjbp3j63RdyHQ%&7TvW|9Y?`W1pk|9hql<B(i)wW5d7B=RYByE2VpsvUTDFhPU63
z!j>xinQ<WxYc%6v9y)SkM;`X@z_mP#clfU4VVCHt9L+;NOWerAINRQvhk+h`FAqaK
zQqeKSyTRz(41H7iSM+om-=BvgX?#x}W@YeQ^jPMHboX8+%_zp@y#62$56kc^d1zgh
zP}b?Psdw_wwwye88eU#d#TFI#27*+OW~s|6^JRHhT!pX5!-^^gsexfn@+I`%r}(Wr
z9IM&K)v_6G{y5OH87BS2cP<ZYUiO{IL(89*>E8@9e(LMn3>$x%*u5D}{nXvN86NyJ
z*p>SEN>i$T=@siy9`3zjUCKlIrq-!E^loaMpr)Hzhx1U_)Y_JZIZdri^x~%0x;$)Y
zYOTq`{-$LXQRnikRe9){SB~15n^zKhrTk{a-AczkjgQiCSo;OxH|}1lV>b^jmM*o{
z7#*$jya;UxhbONoO_W04DJWvjzEhb$M6AU7#Mb?beJK9SJ}DKG!HlR<>x@<q(UZzx
z5F($Ez&C@j0wxL>u{H^@_7`?2XsKLBpFdLqm+z8{q}~J-%?9iz;^(Y+DZR(fBYHQ_
zatqs;SZWc`5%(+-q${_yiPIjhJhD*8Wq|ovJmH3gO+4<Tg>HH(!T0ISA6S^~sCdW1
zQO6-h7fYOhJr;I4H%9CQ%b+_AqPuch*==JhKcf`cB*-MJvav(hYit}5{fm8+!ggmh
zJ8Brk`Y1B3QFco$Iu2h4mfA{Tg)H$ZV+WbI%Sy@J0u_J?H9rdP=>|Z9n#42wH9^`&
zH9fB2605aS!B{0D5<?(8B%jr!z5IECB%Mu<Nc)Lega<|{8Ed0;WL&12dldXJLF#>)
z9#(Lc)!L#EUy`xrf4?2$$-K2PcVaX~$oIir=^>nuO#<+*)1^&V)BRGjSZjlVAxg%I
zXdP+Nk-c5Puc%I2)^wkO6RZ|7M1z%#<^Lzzk=rAizSl?TGLA^o12TqRE&6gpm5h}?
zq|W#0&-a<b|F6!^|6T9;u5o>%{y!Ldrd>Ir&vjpxr|yZsV&*=rU=t$}dY#pz-B73y
zbfw~^4;11ZWekDItmaAiF1quOxeqB3`kB(SMv+DXk|M-7)!e7yzM8m|7-#K`7`~bM
z@KnhuRtWE|Q)Eoc=A*(gfk-euLDqYrvb(yE=HTtbB?|r$<(~r~JoCajdCqGtVd%lk
zNm1G3n_~)u_<N~nY^R8If^}0K5q|6H5Mu-e2(e7C@j}cKY?{a@O%K*lht{cCH`EA!
zepm<n-2DVD>cls9bhw8J<U4wW`8e?me;>78kIV%vWYACSRcQ9ab%h;J#Ce4sFC7QS
zgTaJ{2lI;CIo9x~-m;oa&=*|=99>!37LIw$p3O<5bS>bRq`C%h+*ZX<j@FtrlM`7q
zdUAF~D}BZy&pkr%=@v3Hmx-o-U1y;ThY-$(`DG+mR@_Y&_A=*n7v?E-JGx2Uab0$y
zgIbv&OI6ox7kX$-y1HfH{LXH);@uRw=;4UJ>%w+NRRWC>8T8l&;koL<HSvhi#Z@Ez
zs0%aAss!p_{e<4I!;%{OgZAIYy0OO<#iNO#_3Pix@K$gd!xsjzjjdSrg6OwQjm*Di
zEXQ6obs<L!t;S-G+1l7*{@~3>+&i(sL4vnug@Z<8Q2Bu(wm8sL73)aqP!rdXjG=m#
zIj~>#EOg+UnzYJ+zFMPg4xG{wsAdoD+T_4go_N-Qb$mgwPeJ{VXz#hpX-hPG$T3dw
z+>{|BJXbi@DoM9FZYcFyNPGPRx_eo5-RCr8i34<u*E&UHsvnX3NVG-e`<-Z^`}aC=
zUiaUmvLoTTla`O?s`SM1T_%VK+$PaP1n)XgC_Imx*yOYhI<eRJaxv|pC7SVb;!yr!
zjZ_FR*tD$2u=1m2=#Afm>tqw_y+9{H*qE)8X#K}yIu@#u(;J|tQhB!iYPeqfOlFMa
zwBw0`8Ly<Tmm?Y*;UBW-9t~@;G;o-%ygyb)AC(9vzT&A=ZlS*v{YEpGv7BQoGtO}A
zlj&i1DCuXUEqy_;Exng!O&Y%Hg(@a1y<+6uFzzwh$T(c~DJdR!PAFKUycN2i8Or-$
zZ<Hs5$ud9_^A~C|-ryh&ci8FTZ{&f@4S$B&>t%-8k0US{fO))Pw^cD)c|Y>Lh)?$o
z88yl-lA*bLyA|rwTao+W{J5S;Dsc#cdb>iYzFfs^B`iyehWrgQ4%<h&bF7&R^*HUK
zM(rYa$wC^Crhkf@_kKVfdlo}|PBZcRe^N(ei(FI+_bo2Olj)ln{_R~Q(c{nYwK~3J
z?*@j-Bm@6S-@)*^XpBaY?P`dpqIT+%PU+(qe*AeczxM=x0oB6yMOjfFRU_rPM)BOl
zmYr`IEf{_kbEYUgF9%D6h|$U~!#rl(bK>uKU;QKN!_=WNd{XQ=mb_oj{wF?A|HS$+
zb-2t-R_eZtt0GV2W+?V?X)$Wd)7T-!y-Ehpaj%fc*aOQntW=F@8r!TEve;*T#$JXD
zGO$Ja*)1ERIIZ@4y|RqvuJ@!ScZpOgUlpDUHo7_WL&QouIYC+&#wD9|GNcauzS)Wq
z=%JM#tMh3Ziu3R8XP_7Ru!VuvigDkGu1b7Q0}~a`EhknfKb>IUw$^;2feoCvp)Pvx
zp%WwYXA2B0as+QUvBQzw%D_!Wt1$hk8c{bH%bg@w8%v!s3DZg^kzjeQcwBf_JJHse
zMv#%t+(<tvL88+ItX#f<V@w(pw$j!qV-1|sceC*Zwuz?H$KlRUP?<2@3L9gk%u}$F
zsnZm;Ls1VYY`0QMeyJUa<>Gm0pc|Ka@unk4<*~xrZ(xQ9ZZy!sX&g4t$w@SLm(z97
zz*o-VSVPq@k)EHZiM9sjY2Nk*eFC$ijGZu*jWaMympsHCQI3#ek<)5z;JEY6=({sQ
zdY-^$>3<qGPo*6z<;5F{f4B6`dq1+ywn%?T)jLJQ5%mLvb(QiMNGEJl^H{N7^D|?j
zO0t1#fQo#!q!_1sEBsHiys(y~(o#FYda2(D|H4=x?eGF)R6^5Bi`xmuo7Vq=O7DHo
zYe~!XzoPQDT}vI3{wGxUw(IYDUYZ)|e?!&iwbZTZ|3<awwKTiY|AnW&?SAR&q>w+$
zI2jdnpyDTvQE4_nY9*fx?>piFllAOUHXD+z>7SwOdlB3t<HG8+;B!AHsUt(A>Hol!
z(RXG7nff15E`lf1%d}L`R6oY>+ENy!F=3yaoot-U!AlIsVD;}~H1yZXhVGwHLnmJe
zi|XNT{yFuCgo!P6(L+gCUl+%e_-S=<NAXXri?M3iqPjS*io3bEuKJ5|F<P@1*2Qtn
zzn~sganYw9(MFq^xy}7+>tc*vHoqQivUdq`!12z!dRQ&o%j*(GdA1ipobLQwoO7mL
z&c#-<A>AEi$M49+CR?n?MJHD#JvGN2f4dHjxW$z^IOd7(or}(1(K8pbeDT-n;E+#T
zs)L6<AN65Gob1)=xQDEBUGxfOb*GD<cu+_BnD48DOYwnKb#OK*Yj<4?Nfz7cqA1xz
zFPN8-but$hQpE9G^h@<Gt&26OcDs7$ndZNri%DsonYmb)-e3y7I75uc#pDeC>bf|U
z;ptHi6EgiPsh!Mn{pw*zmY~)qXZZ+zJWI5zi!Ryryj)Dn*3ac)U3TIen#yc@R$a8s
zNj#j3AvyNGTpZ0Q-;Lf?#^0qL?v)WUXv)g^JJiG0vUVr>4CTvHo4qRds6X>7$o7|4
z@ZZQq|B5M#b8)hwPfk#!OltpFCI8~Om{B=pLS1aB?8&c-i<QOTTnww?X;~NZpUzrB
z)BW^qGqQ%Ngkng#PjacSCysI@Gq-U(VE*}>I7IJsj$5idm7|SzwiuT`8QL3WD~?>F
z1;?8?13CUBeKqE?r>HnfNx39Vmc$Wh7=1*E@GcEVMseR&3I7}0Rl?WiDV2B^|5lao
zb(>;5K&vwxfL3hq;WG2C@L`K0=J;?%@lNr{E-moUQWKMWn4}To+@6bDUbNNy*NCgq
z#T756>O{oP>i&G6lxXgFF~=cpcyZa`ZXZX8*n7l>m4e9oa;N)|54{aB&xh%T`<M@V
z4EwAP$Bj_dA4y;8*n4%n=f1DY7@7NZ^i{-Nortw${LX7)rH)QqR_V|0M)9~e;(j0q
zt4?C)i|6cV5Kr}%y-dfys;$ta<7HPJ%a}YsxuuAS#2%}u1YfOsTI<-Ywu+wnoMzZc
zgkh^D+GXLSR(5a}x^Nll<dLY^Aq#7qapN;F-mrUR;)G$h$wCX;-y;*FZP6|hJ8f^P
zES#|WQ-ANfgGVxP+Y`Sn6C=H1N+z~@v#9=HpWQMO6MRHM2FJw}W@2g_aZ;P(+|#pg
zJuX1+8{ju4Wn!hjC!>q~LI2oHw1^jjGchRMOOUnkY1GVvcu${9v`X~nXJTxk=$DDR
ziNPJ2*q@X|bqbU1TNyZz?4_DhQmPQ-dWwBN1JhFNs~K3F`Y^_SKWu*{qmVCWe~G}t
zIWojGhH)&6+fserW1$QiE2Ncxw3fZV>{Tl6vdhJD?hesK?-?1N{cc3|_#o5U--UmP
zo-QJj_FNaHGH-hq_Or6RT^O#^BuJ6s?JI+SJwL#OQ>q}yCDq&ACCPGUX=G51AUnCY
ztBZIOZ%1ilAa2?i?htKV81IPqic|^dE8HY-(0cEwV<vO=rLtmlCxJt8_m+Z4t^PV%
zsq13o0%?P`iiw?4;V`Ip9H~)0eYT1|OiHx_6fs<-?oKGKQ`7IIH~&?x&wu|;1`rV4
z9k{9ZZ|W#e#U7al@_p$bB5v!Lp~;&Iv@1%KCLE%64l%J<#YrafeVkUrLKT<8{HUZ&
zR+Un|USVGm4^jBltb<ze?WDGKqiW93ut)tg0t@qKCJD6tSlIs1>CYO>P~-2>=j>44
z7L$aHe@Eipg!IT#&=iXpd+)<o|Dm#>z&4q)WJdU`eo{~}x~arS$lL)t720;}fOM;m
zmHVCk_ck;9=@S&w+H_~dQsWuTY0q-^2Kr8Xc=TN|Cuum4V+W<5ljx**Ly)8_&Iz_n
z%eo`5iJNBxTI<F&L0oeATLOD@gK8et*DA5RVKc}`>-&|Q;fZ*pw4`^n5bw@R#9`rW
zm59sYr@&%og`tT!<@8=mz-^~Ajksrcs7hzkdpiL`Ob^|iY<iC;V2RnmRXpD<sNEKd
zpJc>7(j}c>_3(fe-~)$idH|ip+w>{L(^mtS=Y0EM0Lu)|;sCZ8oekiC-!n6S^ZqKd
zngZ_jL5vH09BH>Iq}E#oYv#1lq<mVay83f`rMd=lbkN?Ta%XN8a6)|P;kjzT*>x@Q
zSe0=vVp+%^sf#9xnxK!CCo@CH;y9kxsfkRYG`0y^IlRl7V3fnVs0rpf#HuFP;0X3<
zf*!)xuZc`r+ocKHAiPtW;DYeZYl801xZO=;a>c?X#6EkMG{G&WcTy7!Fub#xV1eNs
z-vkE@?}{dPWO%1F!En>Npb1u(GSmDCGj3lKJTS$aCKzl5*EGRgD~{eiz>cH0pRnWT
zEt6ew^p-a6IBNfxJC53)?1`iHyLjWM{Z-yL>T?@k9KB_QFOJ?aF)ohYawaa0-ZI@E
zM{gMz2##)oS%JFL{?&k#GbY6+5M-5%xQTv=<*ENm6KhgW9wpi|-qA^MRFfDBs#B0|
z)2PR#%K(;BGyGSZU|oiJy$SARl<)l_3bN8VG{IL{Y3-VzUADEhG0tbFwV^r5u~s+6
zjhwVrO|Ym;S__)nGS<q*SY0;lVPl*rYb|e#E#=bgH^$X+*3!l(DxY?@F@{x0yWJS4
zE2Q0QjLsFU#f@>LV%qh_m{%$7YGWLzWG!rr<(1PeH^z`EHhr}vRf2OGV^<aLBx<v&
zS=bnJpESoe#_Xrev5nE{8FO@FbgX8Mq!y~1!>LXUb7*6Xtoh~O#yD5&%Yw$3QTxjQ
zjd8Eem;D=KMcse&ZHx}}zwF%@TN{X;)T;*4-0Vn0S$@>eq|vQzWYW00K5x=kc0O;?
zC<<OMssG1bFsZlWe`Hb*XZ}b=+Kk=jUi2k8(pPie;uxjvkM84_+4G?T9ZwezA^uJt
zbYx|RdkD{(%RMM!8B0BcNyT!hA(4TshiPJ@hq&Y0)cP<{qtJuhqO*wI&rgu_3i|Oe
zIyxv4UyN5>qjcIIVuDUM_5`DgeBByHe1o1IekKSRW#>9`FHq>obZJuJj^>sMMsxt~
z;|j^bi83xl*wBRTJyRz6kcy^B?KJ!*?uLq1%)F%%WwZ&fRw;W#B{@$JCG4P@RPL?z
z2+OS>vbSsVLI+;SlQBG4rAZESQ=D@h)V_O>L&h20=wJtx$!w<sokNzX`P`cAz&vh^
zbg)%C2{_Efa0lk-mHIevU$<sT`vQxa?Bn<-My~%2E;4B_A&y%(rMOR8Xs<qV%)(C9
zpz=lavm+J`Yb47&(rO*Du#qQF#g4i-U}3JFLgf>B6{<ejAtAFJl6a4C+WV+6r&VNO
zsbNr^^)gRHWL!Uw7(e@tsBA4WCu;0AGf%6mwQ_;rmsL*-jkVVJD2;W{gp7{kyRTt{
z4AMMP^R3p{I*nh~*k+AHrAr#8dyh2Ug|jxiw5@O;6w}Eplxd#4OJ$V04aH-Q3*}JC
zDj?a)cc0<?%`EyI<@xg@C1;aLb75~#ab1b#Au|ajf_`<{g>@IthteA-TvG9?3i50)
z;ev{>l0NQY3Fjm;Q&lR<6Nq=2Aw#3AR}zR_J|>HIl!Oy9BlG7G8D9D!1aHWUB!7v#
zD?Sp|UCdK3kGbYZ`>OVlKKep7GO6=OB(&!+{PMTqdG#{kQ>(H-X6cx8-%RIi)C1}T
z#xOMhs08*j@N{4xL*p2jjGgQ4&QPy7zlsT|a~Y=OM9x1wxJA<NEx&t70PO;eLa>*Q
zvD}q5$q~uJZM0NB8EMl(qE>fnW`T_nj!Mgk-4foRHWoPFqH=#j>b%F9#$W(mK%u`I
z2TcjTW(tDeGY=JiGb@zqCHNWM%ZbdJL<w<y7?JmK#r>t1d=y9h{YSZyF~}otnWN>4
z@+ED_b5z$K@nYD{s9Z#!>!;PUL@};vSf{*rNJB4`_@^6c?KK*vXs?InIg=&KV|=GH
zwB#EV)?IO|l&KKJ!dN>$Cx{Y%>@LpX;l!)JtNsy>U5_le4&`@P`0e+<vHp_(<@QH?
zd;Qmd*Zed8!}^c+XT*2(zxDSWza75r$M8{&=r@Yw)S!L$_qN~ho<aZ9YghPstcs7;
zD8;bQ*hv!lP4CB^+xS>NT1I_iyjVuaZJEd0I)Lq-)y1-wvzj~s`?T0bCq7~$5xl13
zq>_6>$B0M{k&s^<aq#pLYvke;ONxCFLUF7~<bGJ&J>z+FtuxhG0$&&a{oMVNu_3U#
zBnE7m+W)}2kyxo^D*hI)JQJxe(fpK<-g1R9E~fn<g!hKTyNNlT6kmdee|?M{Ve37(
zLsV}i35opoqdn-R)5gB1n?&JvI1IXb*J04j!_LgL9*i~Wul8V|X;XQ+`399cSr4hb
z4lZM)2b)}iAp2a#T4|MTQ2D0o42#Zt29QyK1o{^vcAekkgK3$uXUVU&RgHGi7L}iM
zVVx#}dSB8xL9XkP(KsiJT`t@Z(x~f%DR#JV!8}axjkf!a3)5UyUpE%HEP}6dS$kaA
z<&w_ikG?G*3dxC2`4(|}k$FTO%e7RNagy}PFX7m)4J@9s0m^H>7I8Sj?0r5gR;0qC
zwQ3jnFhRBN`*20|-SlCP=DSXCZr}A`JGZa;Fj}|g`*2RT$M`VAVbAqppToZF!$XIC
z(TAnNciTs7y8Y0HDNcK`4?CRpX&>%7?UOzXH|*U$tTpVNK3p>F?LPD~?X5m6GVRSi
z95?NaK6JM1^*&6u?6p4Zwd~bCw6N`!K8&^P<vwh-?WI24u<gY@4072EeOTeLXZvv0
zWzY1Xr`w+H!(6vL)rZ4wdm=$R_5^}>>~RF~*rR-C=e0-pknati_hGU(`vCRO8yx1t
z8E<w!AG-M3NB53NR7O&o8vXb;UVpP~;@4p!jX#O(Xw0LX)cj7CF;*cCuu0?_W&v3l
zFNNue%p3B|YiLsLYtM##s$5$co}N~+?lQcu#QKIBRa`_&>I_gGx6AYKCrbGiOPc2=
z%G-wJE?2OWm7OdtEzE%mt}ydq3BHrMi<-L_{`vdpvl$_sU%goze|(0fVyEJ7&(TG7
zKhRL1P6^ZUr$Ri9K1Rjcfl(^{Dq{e5Wo7bZ4tpN~j<Dcnc_R7ZN`>g;!Wi02Ja6JJ
z{)xY5e&e+Z#4o4+zPk)xomq?rzYePp8BKNy%iY3pj#WP{BR_pCgYo;%$o#jthjkoK
zQ@ZN7trBy0S<7uL13IN_;#kWISriA#bVmJI?mlS?T;r00j!J75?I*FtN%1e@sY>5+
zEpdeT1}Zg(xo<v;GUXy|OMT#ZR&TnB2}-RslA&u;{N8X}jC#kV-({^k3VJEgvrQvl
z(gw~b&KFqvx*(7J2rX!lw$M^{J26W$W;j_do^aENL)<QOvWdEDn-fDEPcCqxqX>+5
zVx$nmovcvQ1dfTSgAMd>O5ztQO9?yv3FM?bRu0A8A-0ize3*(ciddksZHhsX*aO8H
zCXbtvLec4FsH{+pu?r;n(TAyn6t<TcZKY+?bEWcchWN=3(Y#D_&(Xcz%zcS{?>+dx
zS;vE;(vM3jn{XzQpCJY7bz;+X*9j9vy0oLeVwhCEZ-isSX8$Gq7|~ND{)mp_YJA&J
z+99H|JvHBPY0TR)VrSrO&tBc3pughWCBuy774Kypua06RH1}N)3qU{bKpR^XHQ&Y#
zMVdJE<=)9Q?r?RYjr&~c9X2_<qil>3>IfT!!aLVS3#U5U#zw<?*v4Q}T~9o<=_P)-
zi={5L(cLPFth+ZLW2{b8gKb<WQq@*2>{q28b(gLWqq20lo96J&aiKRg?!rXj&39pd
zQ|;%%OsBUSl?}Cv3xf<Pv5hhH7F5UV9hQG8Kt?J&&b{kQtkcz*CN}DF2b^|zCz@Cz
z)Cnfmi}uAbM>eif`Ksz27l-wl+B*)Lw2Kz7z-tlFS>uh;>7ML>Qgvb?4r+XABKmXZ
z!bI%hH3+g=7n7;1r%`#hL(ELXLPtE6iyYo@iP$I9j)~~te1jm1Og=vmw@l~qL@c!`
z&P~Js7oSegx}1v>G1i?zkX;@=I}z=@&ZPwRzD|$@z6oqXBCf`{+b80r-=Okk|EY-G
z=r7o7kv(dXOfyw8Z&_@qZr-pk%wf*9S)pU6TyK`AyNzBpA7HcoHX)70wr{J=cG!H1
zixt^H6143K{aqO7;$vNGs4JoLo_%k&Vjqvg1a7YL%b>*@{FvqR?eb%v8Mn=kp>Dp%
zk3z5KvLE@r<g0$n@L7BPSmFzA@?)1Tu*8qEKHr%*^o~p3;m72-<Sl-zi%X_9kH-yX
zk-aK&QaV3JL;DvIJ2Gi&Hi_BGRknp?9Z`vt)Rsw1m8_jAi9lu7tC*|SEuB+Ewh<t{
z`KRvB!t*12N@YUPGP`ARHDfbl)0wfFv4y4Mninip*=%*XYIUuTb!z(B`tk&FX?=`w
z_%A$%VZyzz5r#SA=QhGb!{4V7ju`2upTktsKd}*Rn8w})Sn3K=oqKMT?hXrh<~PFR
zpnr5j><#{`TSIhD2&`&^tx5468nN}s{uPaIEY*|W2=mjP>eUD*)A^R?urk9xyAcLv
z`W7`nzZ_?NLyRiJC)Y=>a_>^j@fG-i`j}in?xA*-j9v9Htdg;{K3Z0`wlu)>%89q0
z!-2}a9`yFA@dF#Nb5%W59{Ef{|9V(cy-ZOf+^Jq>cOwj`@%*|*I9`LVX@oO1__9X0
zSR**O5!%$u9MK4)Yx<@%#O9iOW+UvVnJ~Q(&ecqw+6e7xB~ECFp|yN18)90mz>Nkt
zQY+Z65pLGXJoFs;KkNId0VY2yAuFHF-1!_%JnK8u0Qa9wy!sqg*UmZJ0B39aj@C!-
zI=pv7<kzw8KZj9u68F`|qB_2z^|7UnZ+1Q0u4C<NfHt{_1M6dZZv6OqIFsvZQ4cNZ
zCibn50d;+Y>Y=c1;ACCwt7}cHkCSyb>9OBGD{|i8U!meEbB~sOelHQCQZnbMxTv^$
zMsT4AQU(~u0$pVm^$#O3>9M*xbpEk9qVvv*oEc>ns@Tum{pGph$I|dBbDdPdxMvmT
zL6l1@{U*bk#da5V=v*#-J;UcQd1xPph2rCxe~jh1%$Lmq65W|SvRHHv$6=`G?5nWf
zI=d=t1#`AlO34SA>dU3h_$6(r_c?x1E+XfI?Y8PuhsP-+SjlsO$HhGNOavEJnJ0aE
zeh%E#!~#L`kC-Dcj{g}Ltk)hcFwjx4v%pG6?<gNpqrw6e@7^r&8!3?;tkAKF{TY6j
z5aB5^9IF_6>9b9b$5GUH@?&vlvP<!z-}amkiKU)1MeG@jE0hnyeUxPEmL=at@{?{N
z3vV}$)=LY){P!5%e_Hx}%FGBOiSs1(+I=oG&H^t9z|Dc?YPT4A8N?kX(*{Yi-3|)X
zpQpIDD$%~gsR^a}7H7r8_L05|QXyk@R`3s_wZhu60#;g2CM|vsDUEJBFkHP-B41a3
zqA$Y-KZ&`Pd03j3yeH9FDP|7hH#6QxCAL#$1?r$$gH`lVGZEoSZWHh}bBFAq3n~!P
zE8|J5V1o9;1{ttziXy&J*gD17FHMw6$2`=Yj`hze8@4m;sSz*gyC%=yYXP&BvJYh9
zPxoOJ=adG^B74RkvYmT@WQO0@IVwZ&Zeo!!OM4uf#`kLS-|^|QC2Lx)sXFiC_2kHY
zJ;`KL245$c<F`x%Ce^%`nXiwGnOo)u)$@n!ZeG};;IrDqDi^ZN>^tDn4(Ema3jS4(
z1nmWEeJMDxTAw#KEz`S3;DJzF;TL*q_~Mo{k+~ET)BV4@7kU341z*%TFWW2Kudl%a
zVfX_XkNVYKD)zG2_x#W9Mczfs_+LI9BD1G&j?!%DZ|Hs<^{af(YpLJn^-;O(w_HnG
zDP9ki{!d-Yaq{Q!RP<WPrn~{Fd~<)ji<vP&3R^XZpUqbrMdvH7f`2eW-Q*q&zY`?n
z{i$vg7fCzMHzzU-4y8+q;<?nAJ>(AQ+!`&BY3rjgLc)0<g0zCWg^<xSmOu!79kG6h
z$OuwpIg<tFDOk_kBz0e43HkITl@}xZmO25o7Rp4&A^rN)7w~lWI{1lwNU}%v0fx0q
z>|@v(N(Ua64^kTri@|r{m_IdM#ZMC>{bz>xHT$v}Z{f9Xx*y61xQDLxFnzOh60%k+
zY=FY2NS6$f8h0ty8HF8HN}rj8ZS;69Dpm-~ij^VlSX!yPNJD$|Md?Rt-O^Y$%_@>f
zZb$~)uUVHgc1nx!0SLwUlEGkRD%J*7hA5dyYq|89eyD$8V`&*Ue+;wkFt(BLV+`9E
z^{<0sk*wM0vHpov>vdH4aRj$WC*qFGb5AD9`s=sA<h-QC$HbA8eG4ZQ<|Cy+gA6cR
zAj4<J^5KDy-HE?IK~I*jQ^uiP6Qj$NX?&(L|7dBqay<qfcDMHQP%whEj=|kk_@||4
zQx*Q#QZZGsMDJLi&D4oZOw`y+)=iQA;dXxwyH(L$V~1oAmE!khRTM)s{5GkzbaLY@
zHR+QvOv3<GjF1uWBe|%g-2Q+WtvFk*@e3N(XpLgpNUCDcz#5x#7~V22%M&PLos5F?
z>*9HM2Y9C*q1TlxeS?(x^NXL&F7G+OX?fW@I8HNrA15AA?BY1C_^xo=jM&}F@diY-
zQsZ|y-~0A>UNXnhY<hIIDmrRxvD&<ppAG+!7+NZ(+ZZP9D(ti(t}5T&CO!8nvA5(o
zqP@Q~S4y*Mdk$k`WX{~9j1&1f6UujevBVntQ8YiU`31^{`BzaU?q$@f9JwcRUVHwA
zUsR7=OT6Ry5Y3*9@INmDFZ;$byjvWPAbb`fmeG{|z2qG-N0jF?yk7JFm)FUl75D4J
z<tpJ;W0I5sJndxEnDY_59BlZ}H3bux++ho47$q!I8bsHCk!%iBSlN;Q1(AK8SV^p9
z>>0vnZy2*=j1u1@#s;$(pVmy4kWryC!;9&_M>1)_--w8?mNHR%48Hh2brM4hK?ZGm
zP3i;pF>#9Fn4~??cRkChLY_O!W&92&f-{FU_jOw1I>u<crOpa98H{BomyiQQ31i2S
z#~QC;Vz<B+c92PZPGXTjOU>LV&_x@-q~((!$aZe-6FA5T`Ju?cHwt#kA>nOABEbiX
zm_)iEyZ9fALnfM?b<muOe1*y@O}^V?>&%KVV|$bRbRaYD$y^@B9S8cU{ECAOQ-iAo
zcBtkwfkWza8cGkn;w1+*=+&kOJksr60z(`LJp^Vu1U<FFA*h87j@In4aW(1B%!@jP
zD#m#ocNBhHXRX!XJO^!mbCd(iRH^^!#Vb;sO}yF&2U_ZOTL*^e39TKNs|$K+sot^_
zFQ0Hqaa}Uef}0miY~!y{d91#lN54UsCYswdbW+438QRYztT{`Oxj`1m3?ye2<CI21
zX9uM;O-Kppf&~$c=k4JPc{Y{aG3jf6{7O{Dkio;U4$4S8)-J|&u++zBVpuU9JTG%o
zSjQPV7E>dPTZ;20N}oB*Ri*2)@1%wGs#N6N)Z<QD80C}}6^G2=F_~&3iOPMg;1LVc
ztgIr7?Xb!}whw|tdqF?mM(T9<eTCgnvP!=<2}CRZTKSQb#N0<@O1gwYGCyC9Vti_r
zicRXpOih|&m>UF^XdN6S@Yw{Pt(n&ZmT9w#;VzJj`*Y(o!-xG?bU!?a_kj0|^^E;S
z667l(+<S-dX)^9xFl@di9h&%fdB7gaU;K>y81qfgFMVk|8}CY=7tiK;(>uhop}zDs
z@$8mAy<I%p7)*Z<Waol}YNp5Y773UWUz=VN&u_-#PQ1HE0_%`aIu3%A$-?%62BC^h
z(#z-s<7XLhdHgP8S7YeH52;IXd-GotuQ;Fmxp<z!aa~gTNd3vIXq!*5vQLSj3VW7>
zXbe<16^BX=XbN#q3g#$$rNR~}kH^kS3MX*Cs-Srn)>g$*g`ZW}D&^;;>d82xGI<dH
zLut7<l+b6M49Lr;$vB}6V&<9d|AOye>{s<d#wZ&Yn;4_bdnElGLpHK4RlF)i_a#bA
zD&ABgIYmM_26)v{bomKhBbL^CF@o0h2vuy8L71i}rRc8ICj|e7Pu~q)zYn?3TQafL
zLwtG4S`W=!!vh{{R{TXC5_o^s%8UM*JpWyzrL6Seg7)q`4_fP8lzkp77T)C~jEZ)w
zg%_g@y9;q^ro3NZ&0}<br+qYPuN{x}w1(SjVxf-iTJ@niR%%@%wp`&nCt@taZ<-d*
zkuQ|HQwCD_)F7_wZ?zxebIVurUe)BnKBm#amNpS1RDM=tV`aFu{+h8tV@ouPs+7#D
zc-D9ajh+s#v-D6PU{Rp3e~R7;>&FZtb=#S7m*IfSfmDLitFtP##Xc1~89yuq%YPFc
zP>k&=yRKMAr7FT$CSzk79W-`P&5EUi(S+xMu+nH|Y+{(g>XsS@;m(G}6)BVQds00o
z>l3Oxqq26Y^+3fK)m@~bg=UP>SSRf<{Nj4bAX)4)hcv>8=0p$kN{-j?lW0B_Y2U*?
zz$>x575^<>i(X5W5dQ>kRQ{IwGHxdS5KX`BTDryXzu>=~iCoLvS^RyxTsgwm@gJe$
zGZ8tWGZBo={12^k+~ZQF4&_P@`#+CTCQ7XL88DT<IYD5Ct_>7yj!v&@<w(dEnCQ?(
z2sYIbt78h$o^WEge5JsF)|#}^Zp%L!;J^h=h;Wmx^>nZ+dP;W(x;h?{M?|LeBUB0Z
z^Eq6kZd_FS*9}ZpKi*)VK(p5wn5NnD4V=~5FuHM(yGPJ%J)?zz?K&}`Lmep(omk-5
zrk3o*fF7Gq#d!MfGiBzV<nVnN!&4?bJHVQ))(H0)i#4`PX)M)RGL6M3bxvtoUQ$1A
zm4?}hu}EV}W&QSQ$^sc#zjS@Mm*n>;-;Uw)cZy*H2^pSKu|=5{BUedHd=X3Suj0mk
zhAXB1Rw*6xJNEh!YZyX@zF{g}_>1&04Bk>n91YTzI>p@cRALzt=15Q4;3XN`J6I$&
z*it!tMM;<;k4~fZd(I{@64DzDOU4l1UT+<c@m~AJjBN(3vl%=v!HKo}R`FSxHH0N@
zG%<%wFv9%rdwdYbhcY4ABt;gdE03Z&VDq2JGo=n=dW2UtpZsKng28M-@%8T)k<iaV
z##UiHZk6h#^u5ijWeR)eT<PyA<5)|gZT*$~I+pgz7-6f3;H*l`8c~joOY;pZ$2O$#
zUgg-<w0)ukr@TP;Ln6zZYX*)m_X7i$h~i65kBaw2?iB+YomrO*+;V1JFfhW%I%i;m
z;kaS2?MB^_cBsFcTd}d2-mJ1n>QJi8V3<J!EHvL`UhBZ{kBn#?vkS{uCKq#7WdBsi
zd;>pD43$&ctKx)?2ijA2b*$p$_Uo9Zi@iFQ=`R-Jt5?N#hCc}6<-Yhs1Xg2+lF-^l
z7gY?hF;q)vZ(|^zq|?P^)8E!cH%ky`x+SQ*#}ZWauod-j_w`_6p&}h%)+iXq!cHG@
zEY-wU(j!I`$%N?PT$d@Ii>q>_=XH=#+GKgV>L&zyQVr|&d?Pe5U#1lot7y?^9inmT
zUO2Ca4t~s0e>237Nt)>GN4~QgTM~!KhBy|7d8XJBhXIzj8;9kt0=6s;TRaIn<IvgL
ziqRuoeS?a9xI}qT8&8Jg0-8gZXd^W=ABXR~|DqTe#84)_3Q(U#_aJsCvV24lZGzY)
zWci*D7XujW6q5s3>3r=@0H=*}3f<V_8mjIJ$Y`o-0vHyznbE~vznB-mfPkR#@IagB
z+$8h}nbe+PU$oWGMim!ixVLEBxPwfL<5E8wiMjWJIIJL_1p1u{rYXg`Y-d9;J=WLT
z`v-AaBL=C69n_F74_+eh+Jn^&0y`bznga(Mk-TxlXTG$Z@m7KahN+6=3DVmL%-5bG
zNIPDo521cug(RILyb4J=UG*y6=&npAHp5Y+onS{CSyZu=jKDEM{9o*S2Y6IP+xE;k
zJ1LulERaBefD0mE0T!@e4~mKk8q2F#-`GJ>*7k~mx&lgvr8j{U1W}5sRF$%T6sZeH
zks>RIpnxnLssGHGdy<_oAjS9lzwf%->q_o(&pgk}Gxbb4XHLy!DG7DB!dvwwiSIgJ
zEf&mcP7#OnSK$tmtnA|2=t+9-hgQm@bh5~G*;nagQ*z3LbTS}?O;6{Ox)*qloLX~c
zI{DCDer`IM?5;T{oosQ}oRv;Sq?P9))6;5xlTP-gT`(n`^h~e9T_&VgL%0_{+45jA
z@8QIQL(A+7`1S9$n52$kzte-_LGjn6+}mUT?}!GtOKs04pSg2>$tG*vWq!^kbJ9v}
z$R?}Oa@J*&cIjo-W|Oh$Wun<+UV7$IUcMP+=Vg;A89CE<?Z_xQBbyw`$oV>(EGUsZ
zz6{w|B4=zFvLUn7qB7+7%$&((NY9d`J}yH>l+59EYI(^r@ociK<j%sqnDis`im;3K
z?|tO6O68`}v=PZ9Xl0B{<|C0AHYcN#ioOe&l3n&Ha+&%beb(jVVtkvghTHl6T*?r!
z{8wJy`z|OKr=<QORrgA*q-mX8<ZJ6LJ{Ig~7k<~hEXM6=U0q~`b#G@E3EDjh`_-h9
zRkVAHw}kPnn6zAtXK2qFW>ib&1Kg`q-X#t0E9{4AC-c7Irj)`13&gth70D~bHxv2H
z`0oDb<4bO!?nM?K5T|@+kt4M5{o>Tye48nG;~mA_S6#l1k{5cY^rSZM&F15>BKf-Y
zzT<PWHx$pTAdWey^H5hxI@4^pl~3nw)OY^};uu-D$!7{Gy-FUGeOPJdEF||PO76|%
zedrUz)jH1O;!V24cG(_Dd}N-^uX`k2pxV3herXo(3GXk%=OeG>@RWC@Pau48mTB4*
z<bsR;;l=QZya9;e_(FS13i%<a+@KWFH-$|R$Mx1#Wm%Dk_2ll>%fE`H{FEKyo2LUQ
zC%?L~l}zc2#k0@%XRfE@sf-!?4)~6Azqn!jJ;|gmb@M)N7|l48%$wl{F5Xv8Pf9tE
zOrpt^`SqUU!e^^9oU=SK_@L*~gtLC-@Gx_QIFC#|Q<dqgsVuYN7WvgGkGfRL{RXL@
z)|A|QXEA*66SOHFDsTtfe9$9ap!?EJ+m%YbwNqB4l3p%%pHw~tOc|3(mbt`7BG)Im
zkEf8WNohZ(kPnmH^Ha#EWIk=(k?bDDQ<IY1FO`f+*{rQ0UHCa=D_vwF6_2rXw%vTd
zyTW#laghVId#H<?wBJ<qUcA%K9wgV+2Im7#5AX4FDv-oAj`?T5#=+-u72UmDw7U4{
z+!5;DYSU3x<v}ho-xB9l9kAIEn;f@UXBTbjs;RwSdA8$X^)5xmK1$x|uKI=x^W0yT
zB@bpzE=#)6UiOz|$uFKw*2J=8RN3^YWyzOiD@wUWgb&#HU+T#cd^VeXyad1f{YL*N
zL8hd74wWE3rF!<2ARoJPkCx!KrL;X<C@uAXI7}&p%dAXG-CcrgNQ>BV4pEgnOvuBT
zYxtxfbD3C<NSP>hCGy2LBr}gvx{qpScBDJsIL&y2JYRzp%@NaDlgI1J{>FL6^b5LJ
z45-R|E<P2pQl;-1d=vJ@MWxA6n)_X861Fm?l_t}zLCJ)yNzK?&n(RxhdAKy`pPt#X
zG#Qm%rfq35Exl}@G?|!jY46fxXNG%ZY0@dvy{i-%n^|f_DKaCo2T#b7QjGhqC^a`>
z3|rQ|RO|c8+VwPkrLBGcg<WZXpnXH-wEh>-@;8a^@!Y{H+h;VLUrnYd;@~qjUq9Q>
z{qm#y78*`UlDYLUA23B2S(7Yz+9yfugEX=L-Yy%@`wwPRd}CF`opLd&M{Ds4Ug(zS
zUy>IB*Q>>4Zgfi-9+vj!$d#idzo0|7m7U$Je;N(BSy3HMrP|qQ*RckPYet^RPjwcb
zcHs)cDC?}tx~zmfP$L{y;+{~VUp8fri+5ct!bdvJZ*jWitnH-Nt@sLgf>Ha0vWeb&
zm}5EhwPLLc#k*hZ{Um!KWx*tNkXNw5N%lr&A7Qqm;Hb2B<SSFpCGJ+F5o<=8Fmd1u
z!jz#Fs4%aTVSdZ(19YynjM*KS{S~wOF?$)pbbdY+W<_^XlE=fmh3mb_G&|E(n3rED
z&gNwMnSF?Ev3_Ot6lVX(>;=sJH8IQ$X@y}n<6$->xA5?u%GSc1n&zCF=bPtZy)#La
zvB8;SW)d5bNj^_zWB7F%n~+IXrn7G{$-)daCzH%6!MbD$ovIahaM$v`$N1md;+Qy5
ziqplvP2%54=btF6s~fy)oX4x3G1rXK-qu2Ew~NGF@;P5u8qm!u6>(8t?_hV+M~doV
za$CB9ElhG`N-|kz-7m2@7H!R@S~iz@yC`0-)Kh5}ZLMr;w#>HMS!}*-kG8ETHVxa>
zOy@lKx8Eg2KT%iHJ?uJGi#1`5(jEH~1)OjB=8xhx?ZoG-#P{=9DN->Zy@T(e4O?(N
zi?UTI^e53Qzh>-@6#L60wlT$Cn`A9Xp(jKRElFluQ|x2OR=ZR>Foo?-v1g`OT~g`1
z6svctX`r}QTv&<)D7%=A6{mVFq3mHcjk5o+o|N$!w0KCo&Y#SdZG1hiOX7>P)=t~#
z8*ZfyZcpeNUZ%~4(whR6X-AuV@3n{8&H42R7yHd?M_i0w4@zP)ymmNATz5`k2fTJD
zWk50~n?3A1uYK4f6poi<o4od*QbOopX*R)Ycg+&l+q2nduYDr>+Z0Z;a^ihtj+jdp
zIf^#VO0ad5zFU-zi&;bJ^i^Jx*oV2RFmaY3Yg?E)t#7-9=2a-HPbs3pUB=Grn#lWH
z72ogtM$tcs9Z01^lG(0Qx`7v6D(#=bj;GQEDOHTM826<O`OIc8Wyacab)Q&2-^SS7
zRJtdLO;4qxlex^|WHu?4c1U4MQt6}=mbgZIim>>-@?&QUe5!DdQtL-bexPVkWr}NA
zXRjgbz4I$>@4#fX+fCOBOAjTp4rz2r3Onhh<5JlnH{F_Q+M9b@Pv_)nGwpv@SUe>Y
zDLW({^kL$wB-U<9ep4waeTuZ7rG|Lk^s*CTqtwMF6fX74_FmFc*{K@|>;E^~|04OP
z?bk$jGkAC_Y_``v|L{&#b<fW3lJ_${Efk%z-+G6<d78>V&N>Ze9=5=W?2^;*(${f(
zknwqD^PBhx^JkP@Sze>3S)x>@h_mAE{?Zbg(o&-~6Wa}6Q1a+)ytn*bY4oRTtVMXQ
z`H6T*yYX;~{0xoq^_@6Auta@(&my1GhQ}xwZplZ5D}F-Rm*NQ`HqI6&5$v}3;Is*!
z#*Ma5Z{k=!GO);U%4UkS<h#GN$b0tbP2{7biQ)+!@$lC&+W0ez>^w6Q`7G#b@#+_w
zWRoryJ7kf5R+GIJ2_wR*?_}dL`Am$xpGo>#j1T=!TC8s-nZ>w&B#Cv)B>j@v$V|ff
z^&y#LZwi}~$p`*YnPv8ri+N426k`mwAcOZw&pQ*9NQT(1=CdQ49nK&NZSg?EYR2Lj
zq^r2geU-$vXOP`V1zbIu#l%Z7q7|mFwOk-oJRxz!&7v7jB&CPQNRr;#X&-kbRsnX$
z%}Z&~AV4@YSgbju)vnrIEOM~!(z(>>ov*3VPpnvoLoE{nDc;%qOKZwDil+(v8=b+G
zD;wIyJ6FBrMne9RGs{J0QgJ9C%~{|gK}(!>VdczokyRKI`J~)?j8{-wtTpCz5qk&x
za)UM5`hbxkqNIj1CY+hnDRD9PuAecB@?cNpQs<I;2<gZ}OX3yL7Ee#*v`-=<M8FfQ
zoK8vPfVh0$&gquKr{(Ldb62|UlKaKsLpl4Pbd=`&&b@`??^e#qBr?SoLD@OSlgKCH
z)8IcRF)r|H661b{lNfjInw<T22UVgD&xf1suf(Gs>=Z7gZ|C@|z1kwLXDqjP6sL90
ze8Upcna2BynsaeZ%|)xA_HOaW>Dxt4L27T}Qr63k(_q?HggV?}`?AO?s|8Pq&3b2(
zUM@B`n~ZclO2{C_c5pvY<og(#lSRfQiPL3|rmzY8I+d-=B6Cy4V*5TfYsYoc*!nCo
zNwl2VX{<{&Igs`uFRBc-C5ueSV2iRyG(()_a>B#LWRY-5_DvS~uB3Rq@n|VFB8z-l
znjOs|L$lD(N>7x9TXF}r4~Z{R+PqWgk2IFJkmFsq4i-;c!lf?9ruJ+~`m1j?w&pIM
z($18RLEECPr)My+pZhP~mB_#cQnrPXNtE${Nn4f8qQm1ewRKeVxiYLbSby=3DErVN
zi<Q`o9G5zp9h6wBKZ{j(fQh#~*h<lNv!&v7KlYtPPQbfjZ_4)AWTM4(ij%EaH=As-
zSV!LJBdOW<F>yKv>%!{+pFLXS8)%jtB#xNi1<HQ3$XCt-Z$ap=7=27$ETyN)u*^%D
zGpkxcMYz)ZmaK;pU>{37K_|sTzVb=Ma!U3pG5?>%Du^1pfwFmy$1Jf~A#Rets#JEN
z>?fOywb%w*<jngvS!1z)O(v^U-p0h^BkT|HyaGEx$uO15Ue2v-4;5MWsgrew;l);p
z2WrGc_>`&4x}1pz0z#q!v61}lYgLv*vo~495>NIn<aa8I&9%s0gqn2~#|MhhXf1B0
z1E{dzbIY*_8eTDIYRRJFbzioKPk1cG>-l=;S*nqCz9VyCA3j_V=OKza`EpC#)puKL
zv`vm!Y=lkrsBE}jG&Wu+P8=(WZo*}`epH+(#MU`AV3j3qd}mzPr*1@#-8M#i>-Dsa
zXf*9j-*b^3=i7+hWy37e(_$Z6qNbm!5tZbV%|FTgRV(5%l|O7z8~2O1TUcLlG!F~%
zaY<sv@?MuWOrB96S!AKg*x{7@D#k2~ccDuy_PfQ)3>o{Q%Gky9R5?~$D@y1qzCBGV
zYV~KaziLIiulUvJD}L7diW!Nm=u65vh==)ES8=j<QD4FPhYu{a#UeAD9;2H|<#N@E
z#-B2kr)ouI-=l1Scy2&c)v1=KwnzS=8I^5E*?h6f&6YbW&5Mgh&u7$*_!xAiEezws
z%^xf=^gLv-uq|Fc7-N$^5{o<FG!|YbHWkHDmg{fj&Da@BN5w;M<kPb#Zu2kc?tXMD
zO&l@)*+u=OUc_&Hm$OfcJTbpXuffCyK}-4wOIXk0^Bcz8B%5h-G%?+|uEINs;io!o
z)jDaB{v-G|2x5(h&mX;s?=Xs*eMhCPSYGBX85eQ9+WQtCxF+<FIjjb`5?xw%x<ZVT
z_>Ip+ezR+xX}HxnUh93E4@gfLt~dkysKvUv_&ubSR^MC~vKt*NkMxz`_(Z9Ik-k*1
z=3R;wu4{3gRJ0Dts<EY7&ZU-eLg||jilbA7-BD~9sLN?B*?vkF@%~G#tSPzj`kLBR
zY%8VrvUri0E|-wN64&t99}=C58WI)$$@Q~G*>an-VS`;HN?FK7J6qG~Vw-NUSwHcC
zb!I$2SDRhOXU6jSQdXbbTFmts$aosE?<pBaD=ZTe^6c|;8{B|i?Pty|-TZ1~ofXNM
zUX4tzz-CvYGjiGDYIJQb_Z?NSTPk<&Bq~hr>g?0%WMXwzv{&*sgu$nok9HQP?zUHV
z^QW0O5MY}%)J48@$$IbveNbf10K36359!Q)Vjp`*+jPds@N{uKDV-h3q?0q)flRtU
z)aBzDmvPTcC4^_YOd&Wjvl72vn0YC`?(SiOJmd?{6^ZL}{{wOGhV|rBI^0D*wBH!w
zBC{~=NvX-M;o}~8eKEU|G%Tj@Z(<9n_@vNWO4g}DHQkVo2R5bFBV=&;;-vR0k*!&*
zM<p7~W}Pe1&DnJb=~Z?p<?icp_+8^zPIZ2{pj=%-rk1ybba}BC>Rhg`z{i4QMkThe
z5?NJAtJ5Nmu!v(@S}<vMF4<a|{gF$TXR-acbc^^hb=xvSD0g32mWQ^hYz=<-O-_A6
z!sTp!`C~cm`iFD5vb^~A(#VSJi;84g#p2`Gl-4n6Q!ZImn*EwfBU$X{T)HBQr(<t+
zh;sMoB92(u8vJs64$tgRIh$WD6><FPT+S{(R~&3ok$qH=jQw*QLq!}vq@7@Eoj5i-
zacmTEIO!P3>oECN#Idz(b$%Jn;ZYAQXY<R2B91N2<yYm!32WUevOyI^YRowPC(7f$
zoeuFW6LvkhQ&z{c4!q-|M2+k+#j^82dhHHM{!sUrl1_jArg*krsb5ZRf_zo6BK2me
zo|KG2WiG}k{bAA1?xmY3hm%FiSKNJp_@MVHx<GSh4_&S=s-@Muq!$%8&tAr2*(F28
z#y%TrNMG8Ul1`NMHl!~dM#Xl_FikrBJ1R!@<E;AotVD71uWF4O3GwG_6EAP`e4a^j
z_%QL9xa?@<#4HlPDDe`pTJ}l~AAL^7`qbCr7zgonU+dXXwpjM$4lC7KjI$~>Uz~hD
z6#ZriXBa4M^COYtz8d%NqNh1Ao6HqqE~hy^+N6gFbFh`OL5y=neXw%Y*d$~>a?U!=
z+Exdev%^Ie37vy9C+;HCh2VB8XOoM3F4nfz**U9RWT;r%TIXW?@+TMLe!sXF7jBRB
zzrQi43^6roXtx%-*~L3#-^=l3n-@)hZl*ge(igd#C6-2Bu@8x_6kf1btVyF2Zp~ZA
za2mFLFIxHWye1Csq&?{(OH7(%>Ab+i2A<7lo1JmMQ>NHM4N|)|pIhP_^Zzp|WyZK@
zocNUWpT|X4)7t-LeO+R2FX$4}^<y@jW_?44x%eDkkS;FvlX!1icrQsDB>nFlBVA7~
zf0+l&C-Lu9C#$WG%N?smy5+Jp)oAaEY(+IXPV|vuFX)!c-FH-DhpLh8)vrjHYn`Y5
zpT|bx(S_kOA}XuXamYRHJ6jXd&TbeNUz8i>I*>`;Ph*@cO}m<3_f2QxJak9~8||SJ
z#keJwaW(ghmf!;!a-@V13}uSz8JXqz^(N<fN2YKe;o;&D4_oXZYdkC=UH>2AJV{IO
zvC~&J?{NckqD|J?fBWD`Jac{L(bP)`S(~;jd3-L}mBps!(skKvLN48v&E1EW{eW`!
zsp4L}C?|_wPAJFw%OT}U@ylP!i}Oad<+6Rb<V0>_{TAV_6yeTHo0>c{m(0y#qjTw(
z*=$5Eotw??+ilCXqujl(2zPW&7QgHw!aY!~6u+ETUOZ;_eJ+dTk{!i|J27oU@`(y$
zWESg~OM7LrcDZz<2zPUtc9gpx5cmC#Ia&O2M-C5nRk>0^y8L_Mn1oyw$t8>a6z(Ds
z?x?h$$)8jp$4j#>D$w7u*w_m6couj6l84LP=ZbLGmd)aq--vKWmMg_Cca-~?hqSQ*
z`?UhuU%?Fbzm>oL4SWBm$2<h{_fo9B_WV&I=iP8wCZ1s$Ci*H?<WjG8f=gkSeHOB5
zyjNdqkpt=`CT@ZgD2q}OSF62)DC_4eAr7|4JhfV`R);giBH>4r%_!RaE!m5T{oOsz
zF2i`GpjOp0#bO!{ySuaMDiuDYY`7)%dq1)Ggwlv1ZKWl?jrP8sp#LppKT$lp#r20%
zHpW?X4O?P`PwK06w@lF=d`j6oXEUHMNrRmQ%uvy7t#HNCiQ%{-p;kOge(dbehnxk}
z-FggzE7I&M*$<Qs7xZW9{+)`<(%vW1%d(_c&AyMlPM%?JkrB!!vG#i_Yet%~7sYdP
zj$?VbRQe4STLrw&8beuxl5G^52yNKcRAm0Q;>9C2lky>^)GPBE`%;`o!lqHN4>E<4
zo$$$hmu;isDaLsg;r7q6$QsIaQt?2rOjLxL7o(Ihr`@{$i;ewul*KKP*xxO&e!>Sd
z>uKJ{39He6B~Z45v)<0r+20~lXyaa%*!gh0PW9ZvS!<MeSL{OZ4C^86Z`@fN`T&LE
zA9Of71yvUsXzkp`wC4_)k9ACZ4wv(w!8>UDD)xcFyKB6@p<ka3(4O<H%U;p!smtEd
z?5WQN8TvyEK1$;acvDa0H?og4ehr(X@jTw}3i<!Hwp6w~WwV_vuEms06pt|%j=%og
z%=RP5ioAyHrsNZ6JMnvGGj9`R`+1vFt!V}|FFyV|T2mLw4vPcJ*g=b|70>pQEi`Xz
z(I%o02-rg4gd^~k5NI?pVdsKRhj`<f=xmP7q>TqzV*lf`t?BGF{@nh)`-?}L&Q7D)
z_GGr7V%k@S)3&ew`SvvGwC(GB+7lm)RN-Tp`Z?!xowh{e@-FAG!;@kWB>S9#$-I|M
zr=+!b&2JS7I`ujB8flv_6e&)oC2K=ED;Z}!-&NVJLn%poG}zhmN?|P1uHY8kM3JAG
z{NKyo5DPhugQpE!;OvMjq2z!Xzxg=c&Hf|ShNRG|Y^wO;udryV8ie$ttgTh}9D(}#
zQv@a3J7Xu_eXXKm3~`DWT8pknc0;>V3`3n-KhcQ6{T6HQbUu!&`#&r|<s<Aug(qY?
zCGRJy5b++*MOX6HZ$Hk&hZ$bxS0UTI#M#$fVUs!HbjY1zFje$`ebWupnaf{tF?W8=
zK1uDEh=S)3zYJOK<>Kshwpwg0S0&;^mjvZpUH2fhe-yeq#d}9~f6KkVB9ooH+;4>L
zHcdCSo;vnc6<Y)Oy#KYG9()UR_Y|i$ieYC5vC|vYwD@dkJ>smz#Pe15QEEHGOFont
zWyw(<kNG2uOc06@O}mAoTZek<UMAkRw>MEcV7bRTWjlf2%SC)kjQHv!zDuuX;(c;^
ztjl&r65Fhs`Q;LqyFDX2U91x$dt8?gGJ++jA6tj`!~tF%t%uv%_6Xa(+$OVaw%R81
zMRCOS;vfsw$$Ys8=?hcaxos?`?vu{IygeVWiyPNa-O%7VY3Id4ueH5_7l2Tk=Ir6m
z5|@XmyRG=}n;5j~y7wc_s$w_r5ql)H2MUFG)V<$n27id>jVp_HAaq-E6ZP6$vWnXC
zWZiKOcb+)-MC^}OCURhup!f3+NMoI{d<sYHWz?P{6ywxARD4>TjSzNn#p$}@Sfy8s
z>kXjxENV{@dYh>`=*&|3ih+G)=c&#_z1N^uwHkN6-R33V-g%b1llYX+8tUfriG3oR
zfMMr#KcM`C-Urm~N9`%py+a(R#Q4;7y-@FL=%lE)YL*pijnk?9g$Vjb>h5ZZUcsr|
z+{7`4UUcob=?z#b`-*EsAN7&=+&uaL(XQH2dpxzB2hf*M_i^XZ5-zq+6y}F|K>2GE
z+Hwn?PTLv#j}tQpdo6YI;m9FpR(DJ&kJOa2&O>+Ynse9v@H})2&O^8AdFXCmeeSwr
z&qLRL9=eyGhwkB3=dL?#m0YK2D_#&Pd<4z?4j<(e?s=r~`z^27gS30+;0DxpB^w~`
zgNNvy{3>R#IktSz`=nKlJ503QGi(wS-S0-D4{o^X-0z7gtIqwNxcK{XyC?Sf9{p6U
zdk9%6tQGgQan4rJmwaL^bQT*r1>Yy!3)fS78?`%H?#UMU#A4rw?+R8H$F}M^m%+Yj
z;$Fy$F~s;Z<9dEyuqV@XF8hdcGaM}LfMXJGgJl28g!^D$>$-K8ebjP)YLh`W8*h_g
z;y$>*D1(U7sntrXO4&0-vfSOBr|x=Ne1cY)$R(NtovwvCFYr4twZ~C=iPP=vaJs#?
zIQ`b>_DIu}=XUS&uEe-N=zUJ@1Jqt86n8k6eJ%HFX9zN1JkC~GeElOq{pS_Z&dPPf
zR?b{%FQ@ii>JB;2DvlJZS(U}{W?F<{rBh3M+;;)BS5SK&6$71KmKgc;7drZIhqPI7
zZuh;0E6)DD=UH)X_pi0f&rL71JmJ3AT7Iy~vAKFnr|fx=M5+4(CA%qWC%&UpS$r~6
z593iM?%U~=V$Ad!8_w7<TKzL-pA>SFZJS@7u<b$OO<4EvByyawAxWgIcq!!bq*B`3
zv^@RG&%K}fK6>uD1I|PD(eu#to`>$w%g$YQ^m*vEI1gRldFbw6dhWVY&qKG((my?&
zkocD=cFtZJVE1y7ZZ79M3~>&`-R!tc{OqtTUbTwa^dO(l+H`;=uIJgpbDJ%`DF0#6
zj_%3-t^2uu<8GnQX~6Cxk3#=?b_Z!HuElwVPqC4d%H5)`F&W)Z_{P7KKf8S;`GjTB
zzS8+`G@Ts$CT%I|(0|y*6xxf=Bi%MH;4P^(pEqqwv3cLPImPC8thFip=FGOH+P!SH
zJJlX#e?WgrwF5~OR|_RsCsXYSNu{{U`XsB9+x{j+1UEm0b$8n<Q`pWF`(O%NnM!`d
zyRdJ|xI>gjDPmtvS?3J8i?Xd5;-&UjhP~cmi_`5xe0Y{&ceB~7412ZBq8avH9(}sq
z(ZxDu*ijc-o^JDLc8?6ZEqiW3h8;_`csTo#tMEHxinS}<j;2`K)9rYQ^-H?lF0~XF
z8I#7oPqU|_u^-axIccnahP^CJME+3*`yzu(%SbTr|BQ`I=q;i$|76XfKc|snuDRB)
zX=H3lB~G@a+{CXZrLr#Rbh4X$kWLqfQ!aM6-{hX}rSr>S>1<3onVeqKZvXD^PSR3M
zCewp1KE(c*?s1XsVi+jmxrkP{g)OG^Gx3%Hb>87#PuU*qS|#kiUj7gtqfNEG%;;W$
z9LVH;+e$vpFZ+~^i%*M{{grYuL_EJXt6WWf*}J?rT}rg6hbLQmY;qDig{P<0pa0a&
zN6qQ&laG`kOH0?_qnT`*UoObz0e3DVE<2Z%qIIA6D20!}-S)C<@<p1kA$>gK*E338
z%qIk;g>xv2J0Hjrmz%N^wbr@qsoCTsq4gox;@6{u*2dDpxuek9kR>h`6lzW4S~0hM
zB#V43w1%XQWBht_DSkbrv~XTmnqQ8{5|^E`&ml2q9f32Ky83zMoLN7v5+9mwFEgSN
z8Ci~fS&4pDo{g?VXNkwczpL<>#obqm=M=Y9V*4tQ6O|I`+20TbFU9-%&`+IrJ!BUx
z_NxceCDu+CIf{p~QeR<h$UwO_Ta#AIwHw<FIC;@Mz<Dcn2qisfCFgU5+WOagagV*2
zmak*KV0WeNh_gd9SDcbq9cP6U3fFLCdDvC$`)%=-&Fk)v^K9WrvFTb#Jn*N5eR$s4
z$uF2E-|={fwJKa$PV3}Yv-wZ&j)=L~B}{B>O{4Z0XS3JY9oes~zzOHV2%624det$u
z4^w*>6`!+QAQZP#w=>BU8{l0n;j9#W^Drk6FE`}hI)vIYsCy?R8^y#{n8q7(7h`;V
zY_8O)QjdvgPJqo#vVTc(_em!2C$pi+q;oPGm`o-lCu%Klbgrj0Ycgm3YK>(NcHRo=
zZQaPPoelUNwtKow#@lSRO(xjFvnbMz=c(UF>5Fu}@8}OX8~v2?jDNwm=b3(`FE-6O
zh&Odb`L46bVCzPHeMso{x7~A{HzpU_<QrRfCZu2Ki;as;j{b<V(N8%~`xneH_dd?9
zEq9!A=56`WIcL{4FFQ;5W3y>7J2yQkTU)dRRkV9U&Z#{Qn2q*a-5EuSo!F6L4sHM7
zEDkvH`)<y=fxRr@sT2!lpM8723_4XVcgDD5Ty2x=5lQalNn~~sTc1ScC$ZH@B%YM0
zb$FIskE?S%n@8;zE3L%iK(oYKx8gw`?%LLJPqM_OMA#yuM4YoNZF)U%7V4DP+YgA<
z6?=g52J;4bIlp$6ftFbAqt08d0dYXG@Jv|$KTrM3mA)vOwv>;R?Lm|cu=p(Fa(+EY
z=&!Qe?Znpu#aonrSi-YNe}Cls;-7e)`maS2+GKmj{twT_{>znqEqTx2I-#>l|IG7D
z|4jL8n|Q79S;h-v3L1}kHa|rqtUha==%)Ts9<UyE4suDn#{PUIc2&ajBu-ns;jXS!
zyi|&CFME!(me=W3Io4yhl851Ufh`Vadd7(p2g79E%;!|(9@dAF9#kHn?#i&MN|Yky
zui<KUiT51%RBpX39w1rm9Ifd1vI^qlav|=4!|hBS6OvMuJwUFhZ43ZTKcRQN>v6Yu
zRWL}|Y!{hL#Q~1Ih4pdK1(vuzXbazfOZfJ13HJ$NBsJZ|R=fTWywmp2{61lRAE5Mg
zF@5#3;chB!kZyZ8Wz*bZ4!bkep3JBDsrF)vZA`WM@Hwp8o^7)^Za$OkK>NDwV3PG~
ziXBd}xbmVTtGC<Ul2n<yuT5dUr`SKIuze}^yi~R}m26IBCsOS{!~}nln?>C=Ejq()
zETu!8IW+Iyc?07&lU*4$zttVeus2#Po@NJawmr=rWwXyp*t=~uBEuf;V$(A0sV;Ub
z!wxVO&alTb);q(V&6*ugvjZu7E@+2REFRhfaZnkbJ@3d6vuEx(Ce<2~VJ}K!OEc^>
zX>4VNy(NvcO}7uHu@33>zI4_-L%asTr|Ww&*taF@4@xj&KK*~q-h1e6O~m2;JFWTj
zlME7M9bLmS$jsDAoa|2Z^6MdPwm5^1Ok?vi=rr+S$Pa1X3DMc2|Jjtmc4Ux)87%Qx
z>i<HRavk7=O+r>j`iD*WxzOi2>i|o|mtDk{UYxeX^L!sACyaG~E5tg$7uIUeno6Xv
zXh6~I4=BGLS+>866W#@I@<~PBmwsKb48Po2F@S}DN4whz=d_%jR)4;0s+c=}m^`Bl
zSzo#WpAlzQ<d-YN-1%s>%`catYp?Fiowv9<BzMmy>q~Lbc3Bnq<!CXFk7e2Xa%i?L
zIzM?)8L~)(+Bv%dzx-T;x;pz7ez{(S`t)or`jh*;<b~Pf$5M?58J|^wU#=9PcF3;D
zFV|(Cqpd%<e@fbzMaBqQSCy{FFOP`H{TEp_zue`#^OG<y|H{kf<qL8?_mW-Z*$gi|
zSb<IS(r)6h`*6j%7I)v|<=6YX?4*};uFQ&?+n;k7f1cal&BSTBbLl{Shs1j?#ow<R
z+|`2?KKz;DyR^A;(x<pzi+AZSXSb0@62=1v=agr&CY~*uO+6R0C#V?nJj!07FM3aL
z25oU?)Rv@auZXi?KC#$zixj=5F3xnUC&GJzzL-^Xrej5x=NwdevgjrIKOLBN1~M*j
z(@6AB<V4P+a&Nj)d|SYtlWebX-8VJa?vP~vkZkWsvX>?&9L-AdCR69$SF)1(1#&%W
zO>VkcjQz9;L9QcHj;7@;5;dFMyd<e82<Uq%xNj%du!qQvd_eNFKA+eyN$uB)xfJV|
z%!Y}w-r~Brcd|W~*~gRY?n!p<<b<Pb$>>S2tD?IlA4k1Q?&IUE&V_c#^KU1~d0Os`
z*AnuH%O0I<f5I*t!v81P6O!$XN%jmat@lqVOzVq0t#6Z?t|jsahJ^EPC#kf~5oepR
zI*W?Znl<UK(;A;how~-$D*IGtB&1fmkWb9i>!|9Sg!6Dzahxhn)QSIv=YysVrglVp
ztOPar6vs%Oi5P7A-+2~j+9%@iH*wU?>C<^;V(QQ3tM+)}TqutZE5|2^`TVCzWF?<x
zCy|iNzDy$1T<qf{@dhpT9m|CKVP^4mo+O-mB?<AZNf?FR%?45O3hO3bu)aw4(oeDR
z;^R2%Bat%ccG|NroxI>}=*CSvl0)`=hh2qjDEh@;x1q6Lpbg%*&G|sejr)uAgJ+=M
z!jZ`k{b5zxIKS6bGU4oHk+y~OaUxcyj*3II?s448bf@+aoX@mRe0WbBRV2%267_##
z;qf9)J39|0snbN#KD1hNw&f!(;?A_dI!;G0@)KTME;Za5N!Qq<uNajKa<MheOYUjB
zu)isqGNd`@s~0}-n={SY#Ro$DQeD5KkuTih#lA1o8NU{y6P@RmkE-XTUPOI&T#{Y*
zw~C6n$jscLsaaWJOU;F&99fRcY$#}1K52;!H-hG>EJs$h6ids@5}&NxfFrdfZY>pX
z1&Rs^$cC5a_j^C@`v-h(&V9Jgb=Eb$*L7b<3#(upIE_5|Rp_>;fgSqZ{M_=*tDo0a
z#SO`OLUcXzTTK4en^G;jR)Q{=ii<)PgKZ5Lw$1V^?p^T{lqpYHJUih#p0oo$iTM*i
z>ZzS>m=g{}Oc7w_jOyOAcl6JM)HJ>wYUsbrzVQ4?x7n&xB;ku$LMoTYz>uMMH0u8r
zNCg$>-7_M;nZ%vk))Hu9V+Y|^1W=7&D6f|P`SG}e|Mxc2y#nwZC1VSL2@t59p%rdK
z6E}1r!{zjpyVJ`Q?j*ZHZ4~b*eAB)SJ}sxNU{0{_7h22!mD3}_)oID9s{k=!qm8PC
zzd0&g-bUq~+^j2O|820ITu#Q`a_X5b5F6k@*k0(A%gazAnA#}Z1GN3x2(^(@2V8LV
zzw!TW7ySR*Z=rmGij5}wOZxw<M$D@N(SSMWfu_kD*5%dG-NF_1fGOv;qW+`tL5Y@0
zot&PcXZp2ru1*$EU9OX$*U#EH2>9QITXX*Zld&=y|EF6fpQujdU_Av{2klIO|6B3X
ztx|$Q_(nbX?hKM$gw_92NIZ8N{J%}Rq2~erb*W0DLtc<!7QWe=<Z1u^{*YLx`F{s2
zQ487+QkSoA-Q+6z?=~$NWJJ5HmR4S6Y~L@7?=OeiqOtO+Xvcmx;pRz^vpn*`V6Nt4
zdnE**OjTmR1T>a7DKQkvG$lLhhP2y^jsY0<XTDFRsJ8tj$mgVPPKhUYbwB~FmT|XU
zmh3w+mZz8E4=6EMN$#&v!?pKT1&KY6=~F0SCBDgO=!5NW;E6`OlH`k-RKj!7L|eJR
zM9y)dPH2-F|MC8dd`5cd4rWcMH4BY)Z&KxIQ{EsCoLO7o?{jMSxPNkD+TVo!;rH(i
z36p30z3Qv>O->v$F8__zo<!^&d~SQB+slfc@FoMB?YvM(eh3|(RywX6J<V9oyM7C{
zZ_-fd_0+GO3#*SaCSR;)9u(Ge;_|kwk4}QKgq=C!l61T1g8{_|KnvV<?uQu(6t(&D
zxz&<XRj%6IYr4}X4`mCB;XaZFT8xiZKRW%rxe`R%b0rOMee3}J^>27o&O>Zu7Hc!F
z-c<)d95&NL_Z8w*5=Q0TnC180#c85{7NU_)e{$vh7dVSYd&92w!hxuYX;j4HpSc_6
z**Al;L(hw~R>16{6}UTWo`?wX;hyNf;LXZr9Cd{6pJ@|Ipgq=-{Ns=LP0?KeznrxN
z;9&iePcSnKlSVQk3oM6-YDACvcTbRLU?hd3o;;SYgWO)oP$hM4C%-qmnBwBC;zi>@
zgiL=~9@0kz-x4@;9j^r2Bq<)X?W3<GZe0T^D~SdPE+EOP2;%%(|CQ882d6mfdh0zz
zSZ!JDpTw7Bn-09{bm#>(RKtIoboH)!mFmoK5Br9fE>pH=8tT^$??6`#KsZ4Q2Pdfw
z50_^aeU5OBi&iox0R)Tde{cA$w!DP}3a#_etG9Q-b$L;5vEO(t>TBPns|e+PT0Ppf
zwjA5DviItJ-lis|RByG0z3uum*?29MXLWrV9pNl?iCuG~>paT)Rw@i~P7^ULzK3L8
zEy7C<9$d33%CldwUGkZ8|NATD2=~GXb?(?uPuMmoLRwp0HRe@3R$Wz4d`uF8f9jcb
zbnex1+r2gK9Q+wD=0jBhT$=?S=jkQwkTn$OrOl|Q)WiK!A<t<`ZWSC@#C`)me_thQ
zz`+J2u0D$Y=Ji*1WNe1V!&6H9`su~rMi7f@t83>QkSV4cOY}%v2X4$=J?^5(zg0Tu
z{0T@Uiqt3H{1`iJHgE38EEDgcxw$ZFx+uhE80l!WZf2`)g3=dvY26;O>Y99Saa$5m
ztV<KW`jKnK2wdP9uY2?fpLZcW7&h#!{duNj_g<`Ao!k>3TjARlXD2duU#n9WCRfBZ
zFXg*}`vLdN@vl5_AExrxkXucclTV!A4u8dvq;F&Jb@=Ou1(W2n=OxaCsmDqXm2=>d
zmAy2jM<VmvT$3;?#cs}U>2CWTX&VJZTLYNF<@o(Uo7%W$qTHMO?Q<1%)>yfPbflyr
z4#-_G@$%!QvTt935aq;#Q-lP9389@(kZ~a+D4nbjqA-FD4E<BYy$Aqi62`NffN9#6
z%ISN<jjq2uLHuW0$JB|qYX>!Kd(pANHIs7P)BV(V{etVDqp%T(uwwH)?H>v?0ED98
z(l;a#Vwp_4zxqrl*9hVrUOTngflSPCe1}){DvC8dLvr<%g#?};=H1jKKvnL^r&(JF
zG6KsJUw3t$E(w|DPn*d2DT!g(t-&{)G<W@Y^t_8r{>>^oS!Upt{U#(U&dB&IbNh}c
zGr-ml?amK!*J=FCq#z_t$H?8qXpr?mS=4qg_QAURBj_u$va^HE*i)+#3H@~{EoF+V
zCKXLorc!LDpiys*`4?v)H{#`cfyBJqx_SYVpwx`AJ)7EGIcnxc&^ZN}IAUB3L&?v1
zV2^TnF`LXwEj%3;*50)ucW*SY3Ed>#y%e}$lvY*Nm)~E|c8dqw%Z86|>`2uOR->oa
z-b}IAZ<<dArv<La?5&w#C=vB-)*Ay#$dw5g)u?S9ft>xo=_JR=rEr&kNA(8eIncuu
znOJ$tHuuOI3z4)J4LaMN;6g;kg$upX?f%~xkFO_JSP1qFfVwTYa&0mhsCaTAO!)8^
z;;40{?tBsZCgc~6=`)^qqJfAR4tN84i!vKGJpO29HIi55&6Wc&Lsn0rJh8x-aIcNi
z*$g)%LC*$NVA4nZkaD?o`MHYjIv?|3&8+-)EF7uE;cF}~l>WMrSzCDLno%xE@^y8j
zFOR3cZo~-=I^IsWQxzh<`WjaEp{xvemcGCzQHII}lIc<Ls9!hUjsfqZ*oA#J)M1?z
zjs~fh@{WAZCG*j0REDR7)O_qu#a!ENe+W3u%io_FR!RllTuJt)24(^$3<S&S;&lh|
zKg_)hy66|^Ch8opG%9hJzcZ7_sAORs>Bvys(%j}n(W_Vo;$rQM5Kt+@jz@GWg-!%f
zOE`o4J(&fJ53I*&>O#RHvaKDuP{j%n(na0!4*rI3S!1J%ts@`@M7<w1gX4g{k~sjg
zT@)>V<5wmsSr?Sy8;6oHn47S=-@WABo&wY;pP?*GsOf_WzrH0;+*~2Y4s+r6*`hZr
zb6I(AUkhWHKh<(?oz>D;V%RzsTT0d)OP+UjAYWlJVWs$1e`-9Jj>NQEne_9~nv0@l
z4+m%jvo~T^vX<LtXflvI7+4`TY?baUh29LM>iFr2i`sKbhxx^o4c(Ae4&+$o-p76L
zkMXdc*DSFzrsJmM)Pp{(|L7r~0lrZty6_!qV#>kaXNZrK{itP~+jnziXG9l*`Q@nt
zg0goBQqB6R%s6qBn)rA$`RwDq5Cde~mp;s{3YPVcMNwlr{@3269aXH<A9SaxTYZUo
zqP);jd|)8e?&RR17J>?qGTY|B2t7ju1rH>zWIK=}nb(5jNq@JNk^_%Z=ieDFw^P7l
z{rtd8|EAMaEbRQJ65n{-1Z8&55MS+JJgn_;UxOa<^wm=Q%Kq;a`R#Or^^u|Ezw-{{
z%S`<cnp4v2Kqz)!2Nv<Eq(*kkBBi2s?_%d?2lR|Xg)<y6Twr(;CnEtdoXm3SBq=*U
z&od9%Er?2=$D`mLr6G++s5KfS)~QlE+;Qr{{d<zHlrV%Ho6(>A+3~(e4iY*>L+7^I
ze@#jq%}hJMr&;v+<2;H(=r)m$Z`zGT3`73;5hw1c43(ojf4z}Ec(U8kU@e;u;s%Ky
z8ZSL{F@QucKPqz#MCUWdltP3iV+NuvndGa?Ty@FAcK89Fp)#6C2~#JHQ99Kn)$LY#
z$mVvcA+o7`%n(`Ao@ginWlj(mojNHOHDJFfB?cnZOxdcQ&_H3@!TWhPl+nK_A2cMm
z_EbG2r9LIiAcFa?GA5F#uZ%%3-?pP|c$YF6Hat`&*e+@CMoP*)4OkyV*P!)HJ9b|Z
zAX7GiXnhe`84=42(U90S{s~zMXPPK85X=Z=X%_`!h`ie#Wq`!Bm*^w!x7#^amGszV
z_Gn0Q+do`#@ZX>GxZT>I^;vt2VJoiPP*0?pNseNAX-Mw1!}rO02GVOSZco)m*0n=z
zdG?w9w!CAR5F6h0OzeK%mQ2Q#H)CS}W#|T&zSHNXIh}Th5<~;#n6!;|AxD}=S!~MS
z5`JWG<wLkr4DcX-ni}siuT(0n%I?Fa4D{RaLLdvG504%2qX=52*Pu=9N&4exlcD1!
z@Cat@R6Ob&s1$R6_prS0-1=}b2j)OlgxU9<{XO1p+Ha(*w6C)4k8Yq|%}7_feLz!c
zwB3$Vq?ksby2-EYFbL>6pU@h4N2z*~`Q=S%3xyu`ZaSnL9rw+gFraA#Rz@~m6TUvM
zW`0^>wrlKVBD(lItCNe}b{3^*;>tVz{2zXiG(dYd^cKiYR*9{$g#L8rF}SQps}FAm
zPfsc<^e$5bdX^2d%%zv-X6ujpJqJsul>Al3wz=GQx{G!WLBtX{w&)idxgj0+oX+2r
zY_gChzi{~_)pzNLGrZTgH@Ae1T*a}W#SonAs@lozZ{9obqV6h<KZEwbLX<v)`&+l+
zvIwkmbdKfZSz^idB$>_+klLo;UR)Dqz&7eBduFWKRuOeaP$zMrE_j|`ZK7?hDU{=M
z3b<|lXga<=0Fk)kH5+MBdOrcUvT**BV;maf3{G=%28$`HW&Mn7q=F!Ifv=}nAfMKz
z1-4OOv)$|obu;3=Jz#Ov(}G1wQ_SnRXmI1KducI)BkUaKJD@LQ^f9D<kdlDQ6;q(m
zA77<rgR6I7dm`1>F1&#4A+4q~&1LAyWfE*`_DPl&6V=y9L^IGXx$bSItv=qw%At}x
zgpmKpcUmx<PzqnI=?g*)v7D{W5xL=t>wOBqoTvr9i4x=qh<l_LBr~T1SMsJc)fGJQ
zILLyGV#|KOUzxFHCNtK8)_l!C>bsrOaA+ir&94;{+4*@lsZxlUQJLsCcOrFnE*q)&
zaDa8F*#k>1Dy2Abkn1bA#Hnn-@}crE29im0V?zn89!zK@mDQAw7VUgtP9e~WhNvud
zC)!`^l5m<@BkkwkHg`ZI4%4JJ?p?RfXJhQ^1t!^{4@vVfo3=rw6KR$ASPrPM<)!O_
z{5UZo=uu}-Pa*WTpn10LLW&FjyZ-Eug?{ZjEH1JV@OJGRXeAynBGwKa8QYkos0Vm(
zU>yB;Rs%Z-*dhlYY-b*06yJ}1%((G_kyH_!><m`>$VUDodNy4&<Uh&0Ik(8CeRxZ~
zAfNPp(;7qJp<12mwO~z(3ASrve~5m9Tv~8|3xSZWLVZ>LqsLD+gH#97>Dx)0!NUR6
ztFZ(8s}1WTORIku=Qr18i>i0;Rllc@7Eb}G!|x;8lsFsp6mk$AXnFSJ9g$*p2Ch3!
zX1ZSshiNwg+7e&B$dEVv2En~(jpOb(e8@O;jXfVp0tUOlSP#pvmSv-S+f1*r0X`ur
zUh@5h1HS%gUybb;-z*b?gh9qSb?!?fmTlrAXKytOPhiFhL}|wn=%Q08LUY7cGTB`Q
zy1EXYMWCrEWX{$X0nh7W&=_1?!ZPF7#Kaffd)Kc<Jf!D2pw}(iLT~BP=4U|VCiq;G
zik@QkL<in@tsbz}VE7%Nr<jvsib=1u`vbC3ut*EQ$!ujs+Jai5Y^vx$$MgZo*Aic&
zmB@4w=~@2pkJoi%gUg?C10C=}?NYeyS!y+AQKXycFFi(0>!!`0sQ3um)9#a!y5X3o
z#BX%MSKVp-GYN*=&t9Ja77(*gihMP;m!xcc(_#Cv-%(>QlAe%!83MmQ!fGSimqP7e
zklcqm2c4zo=0G;eCy8!A!pM#Omq*^>3AC+kq-0$2>RW302n4jMR8o#CSxmw2Do*+E
zj+Sy)_<-?vT28I!QJ`~Jg&E`cqw6l&x2bn^Qk;t0$HpEp+KvM-fKc^NwR`et`BMwq
ze?&kV+Xm~X?)v`awV%vY*syH2ocJ^AwULebA>yMtu*}u~0AxE-^&Y@EWMKgvasLzK
zdUY9b@AyKC+jrf`a(Wvlb#=b@M$z2A{#uZJJJ@*_nT2AfnUJPz1V|3wxB$A9OQ@if
z{aXn93m73rjcW(3qOPT+_EHOh5138AXT|QshBYs?=+p|gGi)9sI9QV-aMYicGv6O!
zHzV7)DuYT*lmo-Lmz%`{vd=Z<xcVHRL+#fvYk&Bk{c4;m>+o^FA?RF3J@Ho=<%%;j
z_qRCmfG4Upx8*yOQxj;6l>e@#C)QluH9P?~T5;*ke&l5HrX%Bp?h_dplu2MFHj6Kw
zxG5Zgs5*-4tjgndtX-~-jXK@rv8PdQRbB=#74FI~CLm=TCG^z<KQ?+b;mf-Wl+#@q
zkYgRrP@U>CO;Ws`{KM>jpd}j{Ws82U0_zkl;gpXxsgL>fLGCH@&~O^CjpRxA=J0U;
z+)PYBUyK&i=6~?3&ZC;sO2Li1-8M_BAE5hF*UWS$<hb|i)Sdu;0+nscNG6XEiBY=b
ze24b1dHA&dJYz!_`V|kgLxsz{Gb6MlZ)gMeLSJ$L678r_$ULE}*XQB$j{Qp|Glkqj
z<S!F&<3}s72rGCE{=O*opHABD)eO9c@|jO{+uc?1=iqwUBQe@QS5Mffnwf*9LFUxB
z4G~d!*9ZMrl9d+qWpV7BnvLqo*)Ekv1FOHz`MeCR^1F<dP<_lHzbiSswKwmOC2zY^
zF(a9!B|3|jiMx$z$Nh`Ja3AXKJ#x7p(ZE5alSG}lb|@OOhAvpaqWA|RdSI2{Ck-J)
zFd62IUi*+5iIb}!bgZ`Pq(~0bRLcy4Ercm*i6EJP4A-M2pLqp-yEeQ0TzGlaRt|GE
z2%?MLeGdRT;zYo|gJ(0UXLMcdabx8mc3ZwENq1$+QrS_COH06_{To^iPoSQaF6zn?
ziESa*!(m@jKQnQ3b56zQyF}`XKZDLBWdXu>7j5g_(XjJ2N!Uvvr{Lpf&S7%7M*aTv
z_4=aBo&Xdp9D#OjMc+S+KA$xfUugo91%SsqAGVsXOetO|UdKFi(o9^dISlHTF>+Rd
z51ZlPa8=(=PfsZ)bW^7KswqxR)W-GM6|h3s7$E*)xK6e7MWeHC)RRjT+BR`7uM5BX
z{sjJ&zd(?k!L|&tcD$a~fEgZHF7T+O*k+{))4u)z*Qg|#R%bD5+_76kh$32(&Vt-u
z8O&)jljl~JPBlkCZIF--H)r8r;2BKx@CYLcO$Zx-%%i3prou*kT&A-V{%moos@;ow
zo14(AmLSS!uVj^;qmTf6&7Z(6a^mk|?aEY#?^l8B489CqRZur~A!@d@R>T!pOT$u7
zuY(!b`4T~VtHNYF{u59Srzmp26R50t58(6QFsQK6Qu(803gj^j@E=hMUD`^U8f$KT
zonC3$JS}&@@+Dk=+U;y+?i|=FG<<O`WowBWzP7B)+hi`dkpg3eXX34#gMP8!#=*0V
zv0E@@y~pE#-RZcA3=lzlF^jAE9Y~YO5||G8M@q^X1tzC1m&x5)$~AWx?p!4<asrwd
zIW6xBvgr}Tg_T8Wb-^m9XP>CwyGyFUvl!p2Y9!Nj(gVZWs|eQ$g{u6ugM(^pfZ9nX
zRs0~!Qh`f3Fn%x$GG>q?Cg~H7P%q)5wtc_xB^DiNHklD<>gGiHO1*?Gi$Ie$jca*1
zoy%(=H*8)bAisvljcqNPsslce0lXfvPU}jI7lKn#UjlcH*Nk;m6LsLAf{y>0gd6*(
z!o<p<nb$(T<0G4cEFTzbat^leoMg&+dCk-Z05SX5)Np0QA|)ePW{U?HOKw9@T8+_|
zIEY+M`l7Dw5~NXYIusqdPK7H7k<DV4tP<cZIYF?K-HYd9HFY6ND<7*rX96KfS`Gix
zmXr-U@OwLwHLuHNQbpYw-9=6FYk&?LtpYB%24hcj>%u{X?f+3m`V|)fWqcMm{a`69
z$^D1Wz|^KR1x@N>FG7?y)=DjD0JXDQq3Nr(w}DRk!a(>=cYO)wFH{Bd(=&-+A8>!@
z+3p4Gf^iOv6it)wtl=b0)x0iyR`3>HK`*SeUs4jRn;HuP`-B|kAF*jCOMiN|YtqX}
zU?u9v9o(Kx=2%~L$Sr6c<>;NV)C`8N1=pK>tA@vY^POeMsvYb3moo`CQ1<W*3#{&9
z8%AYZqKQbG0H2Z|-?Q+0QR*bq<ZzY2{U`ks+s8Jsax(xdPw#sLK<TOTH#O(lM-ZR1
z3eYQ0zXsWW)_gfhGro5VtZpTV=oCDxz>0<n$f=i?xDqdAwdk%D=Dj}p6BxqRfA^uJ
z;yPJ1@e%fW+ZQbFI%0O{$1={r0bg0$7erq`wzN~>wXDDpnn-L7{D-ge)5EdV;|(#D
znwf%f-qTdISCpZY=&SB*x_8ouugZ3kmTw{cV{SrLi`r7qkln?zPH}1v`CmFd1jfpe
zq0MAQP$!tclnJx2scER@YJRrRzD?vsK8xhb7WMa#dDQaNuO(>e1bZ#{T~QylC5-wz
zktRyagtP=vr@I{(zYkNflNX2aEgXRs&Zjwb%U0-?MZW&;oP>`m5(4dd?^W02uSG;c
zTqvYL>5@}w->$N8*l=cXiqo|A*B)&TC;sK*7kLZEKPSzU_^$j)ceE+996-P95}mW$
zR1Q9!)Hmh(b*$iETnPW&WZUjMEO__X#rYe>aOxolT~ywVM<1cWaqn1^7zgx1e1*vH
zd>QlJF*xmvGk$Ht*9564A@t_;mYmuIaJKN&QGOo1y31zf4%ewZ>3mxN%!8BE>LDAB
zoTLtnS?k^ur=njfQM*JLl5ce}W;3})@&!vnKk%1IW`5u;CxdZ2x!-bHcY+2-w)<xm
zth`~_PQ{mzJ*Xv0@nwTSRH&iTpf44?K1%OdKNo=Z|IVh$R}l1)z29&vcLKiwLQs3=
zTQM>Gy0!v!e0hV5U-h+`Ii<(LvJ@?@ucZS$y*=kR$VrvN#N;LDu?I+lIHKVi|HW@g
zUb^q2$+or0H~y<_nUCTS#$8-@!kF9`04*P@<kxj$4?ysP`maf6;(pDU&}Fz;gRSZO
zaIy%jREhp(D6nrdypEQGM(<fR%x8Vy&^G{AOdauemc}cPeFB|0)}>MUB85!&d8V~`
zSrpSzLz3Q(u}M<P#78i{C^IfG<(0t^%vELScM916`LumZUxo?HDnp~0mDqULAf-te
z8_R4~#*--b)ln+swg56XfI3{mFn-I}_Lc$3`WJhk28&}<pfv2fxezm`TBA`TU%m4;
zsHvE607={qJgt$W#5_6umdiGOei0pBh6qZ^kNexH`B(lC+5_n|8!~6uo+x)z&RPb^
zVwGL)P+2Pg#9sIF7}Q|ceAQyqFxPs`@!JhlnL-FzCqUdk<MkT1Sl~Y9oj3xiUOOQk
zI_xX3lX^0+E{%SF$9}|x%zqI4Ylj~Y{+mef&8|dOA=oJug3mkcL(Yv<xD*DFivz_k
z7Rj;E+n4p!o6w+Q!8>vgIsPAv#k`lhA1AjyobjL`5`THUVAc%k^E-lFve=@zP-rLo
zT77@7qzjeOTJ#>Qh3(SoztPfV)0hGqQA@<QPZk_avz`qWE)8^Na}P#Ibz3Br;km<V
zEB*A>&FHWA5k_YsafF|gSyEQTYEYNdx7+<1<2Nfgz&WLT6>9M&=PFsd^WsVIc`mW`
zlZvy%b0$Seue&w|%#$xpT!Z3$@t6iuZ7zBi>(GGSzZTQb_sygf9mRyD#!Gr#N<*fw
ztT1H^(v`|E8BWgh$Z5-scNwD?OZxfCUN_4UPEvi<NwZJ-7>8nqOSB!}SDArU@uU~(
z!$~mx(sLI%45Xr}NqqlOiP~8G&P4&_<RITtmnPeOR>|>_vlmOpYF@G0l)>lDF+k5q
zdGT3{*HalfoBa96;m8HBLXOOXdh=r~Sfsq>%89wuWq7z1x6lvtjB-giwW@4hP-aU?
ze@c3^=|a85mY)(vmm}e}9s1E>VkpIlMs#jTYE#QA7y~8-uN1({euQ!C(g?wPYpzZl
z;!<Nt>-F--=<H?s(KggP>@{mj850Dj0%}L;7bq^17)?{DW?7hvQX+usiY70xcC^k0
z?k+`7?ph9<e~oGv-cPyU{Fm}{^m#wH-%+*cLewdQr{St#xu<U@6lrDZRSA<%Tl&O*
zxp@D3!8wD)`P#_|yIn4rMX7It-D8VcwML6FL`%Nu3%!8fH{QO4Ax5wRfM(}`xq9n{
z8&?@ho~=a>|Mzkybdh`l+4Q;THSanL`gX#Q=qV|C1=Wl^Ds?J2d}3|yFVgAip1$oE
z2ZPn_?=PZUE|%g@)Tjl{o6*v*+(aU|nmUwsoQ>M4+LCrP053yMQh1W?6aM$<!^EMJ
zU|j*(!=AAqsP}&<H5m=TeogFF9ScftBNwr9op@x`D+;Y3-ui(<1<87%L*?K`UDm>6
z%7YRD&q?F7E<+zH7JC5CxiP}Rf#INV1VxTwQ!a3M^$c1TO?r!Kd4t2g`CAmU#^KLh
zfcvCz+QJUvL*;7!KK=2iR0W;}8he3=%@%rjye`FO*6^zikwfn@W}dP7)R<vGH_~1u
zTU}1vwf)EOUyzs!CW#wYjpZLN@0{N;+CI$nAvaOkto}1Z-;-p{0qSf2&NhXBUqLMq
zWmw#gGiq=D)`X<j@E0{GRcFUqv?U&rLJ2nms(O-~i<IYmeg2h*7)ewcapE3lHe_s>
z8x};^7PmT!9092cKsl&FzCu3W@zgdBo@Vvq^1jI->Nj?p8qOeTdgmEZ3!y+^ihGo;
z;NjnkOpSV_E;XyH-y*^SZRK55c4aa&p&Lk>cw6e6>m1`u<Lu*%;<m<Zh}#_}A7>dS
z(cWZti=k+uFeog<3E7f;hOL|GG?}&(0O2tqF~g1GMOY<ZGk#<M(=Rg9DApPGGl&33
zd7y%qoRtC|5UXsWlp@VWZ5~$`H?ZH-Xpp2pOO+Gb)oC$zP+|zRgb0F7oIW#(5*Yp`
za}z|_R#Boht|~(ZGU_vY)1iQ{<Cd2IX@qWqRR%)=uNbQ|m@C5yVluc2aK!{gO(05X
zQqD>KXR;p0glAu;QKuW{6t^YLJkHK$S?iMr<se}jp(=ej-HdXDqDi?H-dC{+E9ato
z1z@Bs(rh$NQh&mK(q%wUCZwhl<={#Q08Pbw1wX|;#ag*o`FFyZh&cMSJFhc>GvYJu
zr-J~PQxftw3GE=$mJmxg`B3@~vzl;-@Q9#6C?(7i0`FhMUlyNRdq6NCc*^{Aa&^{m
zig8X%Yl=I?fI=hy2*m`p!X2ITkqp>9ZgeJDu2qd^&kPPv4OjUm_z{0ygSU?oO}RvI
zD>uk(8o<L;Th+!ljcfDtWwT*uv*0tFNHHcv{p}U@cTyk#ysMBQ=OSmXWpBtcuVZo_
z;_{6oOV@yz02?sx==seni)kP9?DYYO<pzugm-d-_&VP@4?(LFm#Pk;$!#k#UsB}Sg
z1Y%Oqkg4>g>z@aQIjA#@2^p6VicZS+0FT<v3FzzZ;x&lr83r<s#u-4o%Rhx>cyhyo
zR;3jNM7(X{jzLt7IPA0ZdeX;-<m}bS>h)B|Qx61IrikN3Z@XLKhZ|LAK?ln|+!14b
zQKFq{*8N8fgoJM@4T=Hx;Uo5+cTL`SB)uTu1>C2;BVe3dPXE9V_U|LROB8_S1e)%q
z;N+AN-`ej(z%rSdEqfXG*uak<@eGm1nYt0MsFXlo<!dgkR;Lv^HB!ODvoSVRJf3RV
z$gFka%!bQ7X3jXd$zQx%aUgj$s`SQPEcODG#`$;PL}``G&*7e#cxSP7^?GU4`+ok3
zOz!DwmWUA#yZ)%pP9G_XF2%QbQtjT49OAoC>orKI(mq5Omi17>6Q$Qm_bj!O4yYiC
z`ylrgWcmS=|4ju^-v^m`C6hW*QB<iks-_PsJ+jtuqXU6H0edl%x+`Nn^8kt{bil4<
z^!WfwW$Wg$alDCv%*WM37mX6*VSC=Qv?+_aSN2R*)L(2qPvDu}DI!`ZLrYF4m947F
z-d_EilA8QajtN<3e>`m8e=T90e5oxJ&27m<`nvLLo$iZWKzPkWs&s8;`6@oNfRU}^
zfKPnghn2vn`ZYI&=X26tp7r<1DwS;h#;PwHT%y<4Bnkg64bBSLiKX1}53I3S2XtgX
zpW)I-GAGS5W&J+~7}dCc$S}>#A4|RVwAN<O_@8t(skW-&%p&FdkfX}V-G&?V)+5jQ
zq>pM@hWl>9+OqnbpE^h_gYf8_v$TZ`pB^Qo7S;CpZeqcPhK626uP*4H2rgiV^VmEm
zh{5Xp$J5GMh;r;<si`xr6E`#4(wJ`o|JLjv?W90QhWLpk^!4lr_*{@ap1OY==m@xr
zelyWvflU%3HQ2nJq{<uIUnwG6n|fAx{Y=cxUeviX%<K87%!4H99oW~kpar~q+C2Km
zZ2fH2N3Z1qbSCdO>dkuSByWiapC@{GN{}}nuMfu}6GYgxsInp`tFPZAzO3}Dm(*Gk
zvi_n5_t8p2l*W8OVce>@=IPIrorgyWN%ue4LC+EekTHB?$)a$78S>l65_SuZ$6zOa
z`2*1hpbugkMx4GQ{f=kr=HQy(Ow|6RsBm=n!N2=41}v+X78mrh+sro#H~t=V8V~s{
zWxxLfwLd3&S8K$if>?2~`DDt71MX}?$O85rzve84kwfhpb`b5#3epk!s1Zg)$DDzU
zn^$TcLOVi;^BiHo-%b#d`~pkl4huxKjWrz9L53`60h^H>|MX-Qm!Z6g+KJvJ(tS%c
z%CKB{z*C#sqlCSCLwN+3-h{Zg5>uVF>mb90EPjuVk$y+Q){b%i{h1;lx@`F_M*nsh
zb*dyzN<&q-BLqFB9mPe)LI-CB_L0lt2izlg2X&qfbHa*EeG@DW;GBDeUo08%=P=B+
zj_vrFT)9?Yp~JwAid82Ep(+PBV*Ri58aPekY2RrdCx+@SC;#frqc_s|GT>L`?V7bD
z%Oy65zCF6M`+0RPcJ#99QFD_ErQIN|>t*M%qyCGlZ{d>XPtZ|jCfUCUAA2Fp@TXA+
z#FzSsSk>fmyg?thMUgLO^5G>Ncv5t58pIw}#%3aGm7FoPP&vWBYlVOZcQ>(GH(h8_
zY1p&|WDIQn>!HI`vs5Njof;t5H-Y(YN%es%AN;0GT(X5*I@_4s$8$>Z;~UtxT;$a}
zb_Nw+RYhffZEkbK>~tyn@ys`|-Z)kfr5vgesvsKu2MhUJIDJf+{M&PV$nJed5^!Y^
zwHJuo8>bW3X`YfAvi`w#>Di_6#CNE}U#pga5}r=uORVS3KUAXqg1)slL&Q*}Ju)C)
zAL8ArH?G3lRc9Q>Q%h;d`{dasi-O;K4ngL7J@;`Oc97Obh4_&T<}W@TYI^K@q;fX;
zkqKqvTu%sr6o*h1f#RlEDK5MI$xQK!Olga^lz9cp-}O|Kb+#sL9`)7ovj?Sgvj)CH
zlUNI4j|NG$WVwpVwcA4?*RaVCC0gaxVBXs#aqmR-@}q4z)I(<TEI-<GHHKkaUDCj^
zytDAjScZ5^oAedFSbEUP3~hCL0#W~(rZSyUUx{?-KNcmKA9RkJIQ|U%5@o_>J=3LQ
z(AI3kZW6TrbaSquE*Ra8_5-6)ARf1$qlPaQ?^vU5o~IcXAdRqeAq8A&I_0b#k7hM|
zsrWe-PD_>vf_|?}Vsi^+0-zH!#-8mbKDVA?WvucyW%^opws(>j1UpItu%|r0G`RKN
zFD5G#3HW9jb`W7Um8J@R_=H+QljpWp(#LX9%rli>J*4Kktye20<B}{kg53!xz`}30
z=YNZnZc5R<DO*h-<45zG0e`_IdX_3cr-WBcZ@}p|?7p=PdI05jreTz_ohc%~L&>Qw
z8J-Wod*4e>MGee?ti^%7cHuV<%or9R6}k5ZX5n(;(<hr#ODZN$Z6)cv^^fDe@8?|D
zDFFxixstcd0r~;E#w+RI929crB;MT~ZcfIz;cj{1M>)==fl|R%lX6CMFV`!Lmdg|@
z2o9EG#<r}=wLLN=n@oT5aQQUEVU>dovXIJKCKXe2wmO4fAzg+!&)uOSL>KU0cVM5t
zIT({pDsIMs1*;R&DBw)kE>0WB47yf?Lx$na*=<-iO&TOSg=xE1p_61C22~W(Zgx2W
zR)1zqX=SOIyr`!8XQR42n=^2~22tpJf3*JGxVIn(3`R}KTn<6HYtGXqhnsITOA=^6
z2ZBpDN+WAXDW#M`_8GGZtHj|IzJq8rx8wG>+EXM)n^Br<wc1=48<aU4;f721LJV@!
z`U_eD8H0szOH=rk6-x5!c(G?ccO=K8{~U1P12Fk3eNmwFUGiiXcB9RDaaZeZnis+2
zIY&~X!)^=NiVTOPeX5EH2PILWoh7Dh7R22lBY7lHQsN4B3iTKRYorl1*$sqSQ#1s~
z)R>Z-dQ)iL5Bk-er09+FNP?O|x1?i-Ib-h7HJwR(cN)d8%kKCqkdw;$0)E(#wT0$e
ztAB%!-;w;V9F;=^d!1LEbB})sLM!kuF$?5$U033+(&VdP+y0%EUSK#=D&96rr9QVd
z3QpWtwcqOP`h5`aO5J<It>$#g(JQ8E8*(C#D=5;B?!Ptj>UQ$xc%_q98t+=3pXf12
z+ZEHZM*CyFv)1{P#4*(+syOwDnJ<AV6yjlhbR{dUGqo%=w$w3k<)?dWf;+<W+m)`G
zBhB)EZ{zviy!&kPy4mcqjHC$Kh#N7zY;QmtHcgsB7cPFGf8cL7bRp)zqdMVr)9^n`
z4@BMHs^83DTV#y}`bUm5qO)i6pI<kwHWG6Xb<@OgCh<xV>-l@WoFVF+2A+_EZTPPc
zaW%=4@XY_yw2m#ZLPJ`hAsx*DC)IPB{n~Z(z~{=eOGu|I#8<r?{uJGG6PN)Ck-YGp
zy>}Zy`<6@>mQ;Q}jjU7iNqih#rJ8W-vN!sGkMST-KjS7in^n_oop7s8+d)}SnE!9D
zRpo@Mq`Mt|Wdvh1?XNPpB8~)#!qG`#e^)h5O75)Rx0&!q_Jmg)w7bGPbZad1Wi8-}
z?(|u$TJ34}Nc0mBIH~fg7Jn!sGS2J+P_fTkf6;rgzy=(A8*%d$Yr4;(qVNv+_ju$K
zD)$z!_SBgEr_AlRP&8;_&U|0xLy_LmeGiVDfT~U}s1Qx{BikY@ro7CZwnWgBOv5_0
zOfp!rKAu*lCT#Xo3uAL1!D&Bb8FKhiH~pSFQ3DScD#U0<fKvoMh2n7CeQ_2(SLOOZ
z+ZJ-~xyq&_)%07xX_p5-*(@wdmb0Jj>|G_dewRS)lm=as9C(P>Gl)?V-zYCg((1aQ
zV-DLOa?wTYPM5f6y`*Nr$~RA6=iyb12JJzsL@$@e<*koBU~*!$=_t#NnnKc%I)(@8
zR42Y>BTg};Frrr_a`Op~W=(J7!3~#Pn@y*TVmCm~b*`B8GvpnOBN}99m}<1S^!o4T
z4H!+=-bQZ}#pbb=wcxq%+|E7hutLenu1q%Ku>C&Fj7K#1fx0+h&$X<nM001FKDdZ&
z>^|#rprmqon|{s#<qM(=HppzDw=>yW8uy^R$fAvEPExANt;_4weLJgH;9C?!0aY3S
zwaFOQCq4ffEmg(U24g#&Y8Q0frS2ns=fR8n7n^wr>rs|#O{%E(Cx*ggspNV3&71hz
zvr*@rg*zWU|HVCg%DGBVoUCz;!MP38PgnQwG%KYCN(uwLXO)LRksJ3Z>gU{Z^)&lz
z7|1AesMOxKT3TYjNqKQUZuu;yd1yncAJeW7(Q`1`Ihr0<>X8!b4T+T7r&v9eb^VsQ
zn}fpkTmo*MoXeA>|1m**{x)X22Uvt%?hTPka4(GTUcU6uuF`PdcO>Au{Jy#f@|upD
zh^BlH&cZbGjkz-W9S*|VW3)&rP_xp)SZ{Eo%HZb>M*GyOr#>S1`!<r}^PXV~uB?5Q
zZ(Tfl5dJ85b3$i6Xb_}->z?akLkFT)rIKa)u=A?$F;=bzfBe_jH;62L!Md^G=&uqX
ze6wb|pW;5%YJ}$@cY&#KL#Bto%%g#E4)@7%BhKU37|WJ_c0-vMau9xIEbw%$F<?+>
zAyeJe)3hz|mTZ(bE$h4Cv0Yr!>%VlG^fZ+Yne)Z_{R-*kY+i5A2k(>nZ`>SKJoN?}
zlvYhW&dF-Gr@jQ~H--EnZ+R|ybSq}8hM%`}sTn-~-*eq_%#1;%VctEN-rzwY#U&r?
zZKdEC=)G)4bFTc$RV#wKbkGM(&VUEg*)no73nkG!4gH*96H*V-45v0Iu6tIX4>>z_
zPM5jJiIzk&TmNtkMLFtmyhI)gI4D+=FmAzjSat>Z2!_0spBJgS82}4!+FI%7%w2F4
zsT|+765}?Q!JhJlvaJLM2f3FksX1VIo>n#(H9k;;lAD&xo%T|hOuwRp*Gvv79n&HB
z1LkLM-FtE8rrGEE0L@kt8KZeXg^S^*mRS;cQZD7zO^-E~EIA8?M|f%!{{4z|=(Y~f
zUG~RV_mu5XfO*7o@QV_@&(iZ-X?v_(qKo|WRzF|q%2ao2eq);E&A8T&xhu#Tu4)H+
z&nA7c_GWBgvJQVnWm>(Hn5?SuTf%sB^?-3{<e}dlF5*J@BE;D9MVIGYxE}^QL_K8R
z?4{3Bxv=qu1hA*5S1mP`JD~f1!kJ2)wHvt}0sAVRzVx~EKoN+Fme`5M_JEO*S4{D*
z4%vh7$U;=FY2<Ap{x&l&x{00adzI`kxB++fdhX;^=+L=3?&FlQ2_Lrc94m~@>P8RL
zN^8of6<hdhET{Wo`bDn?(|as3!`hCbOwx4uO~D_Ci}&AhbuWi?q#s-71{Oc6P5Tt{
z{w41YciE*wylZW`F{95BX7+9VRLkBX_{FfBEb3<bFY`}$#>BO8h$d=M*CNVwOR4AD
z%`6tKjsy|Sn|(sN?33>N!GavDxOvJ<Vh};S(N(<KcCOAuX`wTvI04kbjWE7!J=$(U
zXdcNtP5zS;U)@8Hx*u}Z5F5M)x;Mkq#U*w5+?}HXBoW$N+`oI2^DJY1nSOk>iIi8V
zJqTRLRd>rd0}{Xf?Y9)wc6=E!iEflOfnO*6xoBZr=+fIIl#t(Xj5a5<*3EjgnogXl
z7H~!zM#WFCUPxm#*Xz<dcd7fkA(2)4XUMtSlovy~h0sEMdxk@4hl}^2J;5(ubi^zm
z6$fjfE!Rj*I<r;ij2XD+_mr<LV}P-kPg=rV<|Wk$Rw^w|6U!$R>Uyplf7=+Tx36PU
z0^cUQr}1$k?8socdPue4P=5goD5m=;uediSW|A{yET<D167ZRt?X0_GKjwjGdl#~y
zO=an@*?q%u&_WKI6kbY}D>3W?$~I8<hj*xhY>r`(X61joHS1Fh7?~9TQ5UO3vOR;b
z>zbdZ>|=A#b}wI;nHQ4MpOL#b+RHf;5i`z8Ov2Po#?zyd{~np|$%sjOhYWuASqwb!
zVOgpSvt*}Motc0f4O+f|K8<;^o=cfJFG3n{vahST3hc^T?M^ooJZl+QC2Vl)yRYYE
zTKfD!4dZrQR2}>_maKq|_348dFCFRk<4kM>4PJBP8UJIIc$!*F4{6a}UHQ|1da)sO
z;6q&^bWKe^{hke4Zh2jPugTRw`at&DK9gJEkvd>C0zlr@y<>bs!&i=G0=p-iLGGpE
zKl}(wJ#o))d!j~yk$=sseSzVmOYXs{^>53(rN5)%$RjuClDGm5bWgWm&6ZKYg|nyW
z#Lv?;*~TvK0?H(q01333PetaQeJ9?xYevb;7+NzsoO-)wff*PF>L&lpjs%@}UVm@N
zb+ORTTgEE&cUml5O3P|f5vrR0*2E$jw&6ei8FKk-sRCF1#xM-~efAeOVcjuTq*1CM
zH7lj84C(G%;QuKs{aJoi)96wvtjo6*x_#+dTI<*;&JPX8{4<r*+yi|l#VVgGl8USj
zJBCBw?An@IXhfX4Gn1VyHA--H7fknT*@2R|%~5a2YN-)}Eca$u;E=C#;miW}-B|9w
zz<2A>aio^a885uW)1@>c@I<yTctTiMsodfqTVD#7k>!6=kvR^2k)}p%A<HE!!XfYi
z_YOzHs5?aGXyc)|0<X9817ASd{8V+vuly}(!^~-ws;w_9`x3pL;JG%65wI#J`3Q-N
z$CumayDGADOm|c;xy+uPK@o;r{PzNDdQmut+(ph|tli~q0-yt-f4R&2M%%oOHYN1m
zjd#(Flw|H;>O_T-w8n4>4%#A0&8kw3HFbi;F)p)RF62{oua+)rD-pZX1V-&u(%g=y
z4XAI)c3t!5+lkH(*XTN;`k-%^<FA}<c%FZ;SzxFI+sZ2?7h!6Y$k|+y)RLzx>1&|4
zWi_Zu^g7Ji;cidxL_$vt1)(bT*OIt185>DkmqaRkjCs~-9?$O(7@r~Cu{2@4oI9Ng
za2{a<EW7d(jkf(U#DO}<nUo{9M|out%Iv49!U_{5%q@m7!kM-+8$xzpmTrA1HN%Zf
zyTFcfZD?WXWby@)I@xjhX7c2r*7|3ASg`&J!k@x)E>0Sq4c=QILN+{)mOg}zSxfd)
z8OL{Nw}Lx<>qIvL2)Zh1RvjKn;0)&W_8wEGQ_NKr|IJQ@)77^SU5u}#ro5Y3{+mQ6
zv;1|P*am5gnO*I`(sY3i(zfG<qHOSy?GV=%r;t%cocW18yx-W3*k^60rt`|}nq9A2
z#he}F*@lci%_d*8-Xa2tU{lWxFTa>wPc~ui*({JnB&d?~@t_8GcAiem4kU)=RpN$t
zaPHUGJS9X`h`oS(%2B}OcA}K4k(b2RK6e12e*8tVrO^9Kdr=txP6V}JmcUzUtLWv#
z&@;oI>?KNK<Nd?j^)Z$`Gu;6;rHDJq)S!qYj^KuLvMJjxGeiw##iQSvFb?&Dx>SF$
zcJSM8kJS7N1|D#7#_qX>+K$6MAW_&K8?eSb^F6HFqnxT3-Ae_>u9PJ@-{nsesb62q
zH#HEgl1x&1qpulfr*+yx_e{-tM~C^OfZXkiEAfzT{~#XZn|rT`4yp^65@(Xsxk{Z8
zK$%K)-}LgmfaQyDpLK<TAf6c#K?C$YJQ$5qEzCDecxC>6X!ZWdp)+|m$BCU0c4{BN
zbJw=EE%$@!+IG>|?q{M?Ft^!_s2pCfu(oGJFy`;+ECU-}xbCypUU1DZtJptsQ}@Ha
zwctJQvEOx|9TP>mFT_*Isdt1O6FYV>tTOAshn5u-s*2UkUo=8IMR(CPs};Awb4i7@
zeY!gb?K2zmS%JM9lPEV2w)J|v!~f(&(~*t*)GmCnF|<<qL4hhQx!t2s*`fr~aCSEo
z<88MpKF915_<sK5cN$tgova#pI*1Wd(XV#P@dVSzo%TBSJ;QN6?YgIV%AGajc(YTC
zJuZ_SpSzg&Ds&@e!mY#qMZucnaej1a-BsPvaIk>nw`kwQkNAviayF==E?+6l2M<o2
z;Xos2(HaHM`wRYzKavPr%<y4mEpH``Cc$E2$|mH2@5!Ie7Obhz+Z*3IJ&e@pfMwa4
zFL~JCiqq+s&{{V)I+C=%<Fg8Iqo!$SMxE5=!2;!wiq|!qT*Uol(--Y1(<N8?+i}~3
z8Fl$}hSLt?2zHV(M{q!3Tq(Q^gLd=Q9>z;4$Um=p=6mOR=DX*=^5;a?aQ4vq#v`vJ
zw?ZYaLfdlBOw1;1{Je@+UiElo9NbanKa6$S_mV-ogEV`QUpHzzKc<0l9Zd*Ywp>5*
z5*h~$U->+ZGBnxzqTtFWAl^_s{$U+r*XPKx@tdorTF1Glue^9&#+_}|b#n5(hb=fG
zjB&cOjQCrx0_n7`KX#l*NQNdwK7Cdu+)Jmw(QREk6If>J^iOA}ty6Sy?d-Lgd}>$x
zWRBr2R{O${kXL1=%%s*MYa84lw^<Q}Z3bU*S@}Oc$O2ydUnKti&*08up$wh-LJF6|
zB0iLCaE9~=ud>x;wPclzXh*J*{yjS~OD{H@2hY=mvz#$&7U|A}HQDPbHn8)~dS=pR
zd*b@m<DaNW3gY?Xk+RjpLrck8*c0Pw2L@nzt6!iHfl}k1M)SyD8ip%MT-B9^X){9;
zCF0T>6t{g95fiJ@2OO($de-b;0IDU6uQse9KDLMvAAfMbIAt;CEbT*262odCbu%j<
zE3EKO=M#n?xMk8Llx|Z?h-KUU#JprQ_WX%u?}=$KTh~o64z>rUWBNf?KYgJ$fBREA
ztMuvIczj1}BtVpllX}Lq<QslizVtEdAy#{y(p(yu{)4+Wrls5CE$9rcj-HKo8|RR3
ztv(h1xpZ|*YPx2%bgHvfjn8#=h|MM$bT#~Im@FrV>EZwqjG1FfXk)2+lPftb_dcGR
zq1N)Kj-ESZvy{Tfai-<2G<>1A>IynypDb^cx_Mtv6J_A&@-ZzDpXljz&jBrdJXvcQ
zznI0GtA8@{C0n*60O}00rnWZ#htF*m2xe`U)e}C~oNW1AXXq)ZD3mxxfCRPAKP)##
zjBRknNt!SxvFL-pR(wRp{@nObX<hsNYg3z7-#xgetF?Mv(|b>u<e>o(6Y11&n;H|V
zO*C7xnhCblhisi08Ru8$iJU)lThpFIN)9{i{+1-Kh28TlNlT0Pd&f6Hs^|TxM88_6
zsjaY64^|bn!ZJ!R4%x{rM#-L~pcvx2gsnbb03KbegEMyEiB6{ZU5Nl7pg;HZp5FaH
z!u45{DtSEt_0;IuX_1BIOUQexFSo4iJ_xg&$wqY~@%DFvDjC`8Tf=4n4<fv|xfW^t
zEDvSU$)Qy<W8J|4bbGu?ibIc3WqqrKv5HqwzIKXorElddN@JOJZf-WU_rrLBvVNML
zaHPyt??J)N@eO9UoHg~dyY$`P_csRL*Y$L=`o1?EnZqz|Q;B41E#;~ev7vX<ZWOeG
zX_xC58y6}ooR3gSV7Ywt8NONPM4`!&K|!X6@;JD+KW$Os1paf7LG+zOr-!_$4o%hM
zYA<)CDJNyWxeiYH@(E<}a6N`;bmR{Z6up>sOfd1b;Aft<iO&PBU5bBY-34VI?y(20
z_yKZBM=L&%?iE2I)94=meY=<>9N<u{Kky3IHQu$%?wA;;HM2IOKT%6F=8xu@<IN!-
zj}>r?%*#uT?DHC*6+G;@G#+ueii!qGTrYW?^7zjFNGVCQ;cL6KePf>{9?a^?6-u2Y
zy0`1XoP*mneI1=IW8LdVXOV{^h<^TWVya5SCW5IJnr`8tLakvhhmMHeUxmT98QBl{
zaW7r&{YwMR4htyAx-yoY1H%|ybkXHB@nV0n^k3Z_3px~}qIe=#vOtxj9TIRK*)zNx
zr_+AW$dY6|uogK_V(cl^{Ph(@eKaa|d=e@BGNgtpxSqKyU6!9PUb=qm5a>wqy^ky8
z_f#Y0wt-P`=c7nz-4IKnJG(z}TjU7(gD_D?q^j=D*R1=m(v3krg@Ert|IS}t^!eiN
z*fzCf`5V8?PVgP`gs?n5m4Iw&JubQB1b{ymx-pOTs&*x&{WFEnM7HT=3Z8^d;m`Ox
zs&X6$n$h)Tr~}=69}8__5IlfN6{w}c@E=408Y~gvPEud~d6JxoBp{4h<34UTbN*<e
zg%5SFg@!kz5;UkGmSfBG=#76fht#H9GgukdR0^zQ0G~-7&z_Nf)2-R;zh#<Z%GnSt
z`1}H1Ntb|MW0Fwm*Rh-CS0pObz_RHJ>;6qvD1V{sjQ8AgS=O+V+-x5F6AGuR;4eKr
zuVt9FY#B$hS}}x2&n0(xMcZG)Om-#VJZDBwkyB`e+q#8(CCJ85^zUXP<SnaFeHf`8
z9&d}%$5IaUT17j^{~xNZJRYj={U>Y06p6A-C|dbM$Tm}{C`F6NHdCo2*|)(g8A+18
zs4SBrm1WAl3}XusV~MfPSO;UwFqkpxZ@z#2Uh{h0`^>rLJonyn?sLxbyw5q$!=M3+
zXbIF4X^COR%Cr#Ku~RLjf1aZHM-_VO)8BM#(i-=%W>XGssHf!3_9GoG*IQkxoJDJB
za6oK)by!Vq#Wq8Fz+x9CC0c0@XzzAtp76R2(gk36_R96R@p#A^E>Cfy@B(4i0rOpJ
zk00Qo|9Ks<TC6=ZsjX28m0oU^Kk%Un%{!Z$4@d(@kJ-JV<yo?-Q6EGAN~ul`-(yN@
zU@cEW)wUztYzCUQOgRVMfiT^O5nJ?i+^j{#eiBVRG}9384fL~Huhf~R?+!WQeMWCd
zbNcp*-@^LzmPm<vS!3C!xihgMp^dG&f3~mV0ldP6zB?YabftX|qD;-W(r$DScP?!W
zuB};})jn)$tqrkHTdN@cgN@U8|1JqG;_7m)EI70kT``2%wsrGNL>-w&BE{Y?S8K+*
zf39m#Z|2eA0|tj@?u`Dg`)kN+XX?7pU%sL|YjXfCH#UWOW*F%6HPfP^a)O6vK#vuE
z1I}NzKfDCW$;Uxd4ngkeZ%|Sv=tP_R*`v?Fv4>f#%?{R)<<poIo13{)#)lCpg5zmP
zRNI$=`P(awtw~92`?n4O=5q&LRbNh2xr95qe&9Sv2Pq2gi`&0es<(vRC<FeaKL2;g
z{DVawxW@9PKXL?c?j=!cH`i~@v{NxsYnWBEl#hztn%4FEd)Zu{Ew_XYxnO?i%Y>k9
zv+KEsl?sKa<#kBIR^wL8n@>FJl)dyLZ}mxD4c=CO<mXKG`x=LcZda%@CGcz@aNS9X
zZv9c!pwHH_o}0O6W{sWQNgsznv})F>Ld_(msv1%KRi-q-??jj-NS7x`3H%5sH6RW(
z)@*#XvLL3t`Rvh+R6TDQGmc7It7!~f(b-)(hfvGUTwzb21Mx%{!MsnJMyVbv0#+Ih
zq8CO_^3UW3Sgf@+3U^K=UyKxKFw>mPJWy*&l9D&%pk+TtaO5vd85wmmmphJk&7Ym&
zoHysz<01q~k^t?TJ|6}(^bUq%rLY*QwMocxE?U;(sBEYor5qXvRvD~0a8&Di&cy+Q
z>=pXqG|R^In>*_DM?zQi>OuMdKfq#P7)|?hZi6QuHw^3Gm=ysmXH`xMo;&kCCxM5+
zGrR(Z+AXBP<@z_UC(0YgudK5koCyHdsEH5?mn#Ez3o`6fmn=R}Ud&Of#02{C1L5xW
zhFxLXwSZoWRQnzGRa%g?7+d`QrMUaf_?=;z*6f2Lqc1s#eQVfQcWIPg42r0w33hmy
zE7Z-#It>z$E$q0Bn3TNmy?`Z~smqoD;$a9|QjPe0qZm?~e?yrk*EE&23~zxE>JZyg
z<x_w?k%UO_^R32B<c?WHRv1S_Jn!QUbHyrzu5@W~*eYLfeq5b<Rj|rYGVmL>QW<8r
zzbMFo<ST4HFGgPzh9*3Uw4ZbHkL6n|*_|BpY}m7bJ9T9^euI{qUf3!cD;jq2LM|+v
z8$Kr*Ri-o5Hs}3+wHaCsCj>Qo6^$u{dM=nyRH{ZsSmZ$NBr~el#*-`du&#<LhwQMV
zm~MbOcXl3K))AkUd1yTMxQ%tbOJpY04eaOEkA2^4-o9rARa-gXgKskg7OO;CP3El%
zXQ=PWmDV~BrJ-2tqui{?;QOPbm5mFidk`@fF&A!}Xwc9hMQe4kZcqh1ky5?fmo6+o
zJ!P&8HL|oVXbU}PC>O-U4D+LmlDlL2{d0!-S(|6(j8=G2yiD3iY3@UA#o%}kB#l4r
zBpUj@WLC<}b5z<<ozFV|BT7G%!O4~>u1(e#bHiUzJr9?vxcslYyUq>#mtw9dRr0=p
zY(pE5j9-p=1$S%)3sqN~V>c3S&QhWGkXj2Ge$Cq>z4Km8rFluFH|<p{cYhdx@_t8N
z!qDpNW36l<Hb=i5;XCqXsghVV#^#gi(EEE0M1Be{;$D(2c|UR14E+Wc)#L%~XW=;_
zq(?-K-@aj=qMUN@p>DThfbEhrl(n;Pwk}AjT{%0GcvFK?X_R@F(;c~YL{2seK9YE%
z%#yb85VX>+yoAYt=)!i)JBlx%i|_5Sa{d?^v3_>;!uHwTGJS_(rnLbqBQ&B6q8hnc
z{!j3;wyIJ1-WtH_IHPK7N!k;6Gp}$O@$Q=K+K5&^Wb)EtM@lv@qnOeW(E(@6*S|B_
zs)bDS0SMJqgh*s|_`ZZSpSaDse5Gts_x)VoFLWvFUJgi&pCV6eEORl~Z@K2aSfsle
z?)?Dw`tr=5&6zgyV9%vdoSyo5%Q(1j%V&nCdHeHJQ?Nuh%C}tbtX0RvT`0wBh9w^f
zY+!%&rVeSf&9WXSZjZ-rg*^Y56ik_-5ocq@f6Z!4nBqiJ+^0F?g@@<4C(pMrFMzWj
zTCPg(1x}^c=6lnpFOK*xT2vW$r{$QB?7BeOWf5JUaSLwC`f|8|ka`B9bAb0epKg~n
zO|`u|oc?CYc0dvVQvZhkZy;1_(pIh5|C$z}<4k_I_KHK?<n2A6n0(OnO3WXc_*TRC
z5M1r7e?SBNOD+Ye*jX6rfQ_3IAffSG?;TqW!M3Y(*1H<~ixh{B`k&wr0}1C|>K0Lj
zuEAM|IW7kYT8W&F!#vU*&e0Ne$DK#>hn?r)HTO(A=LII~^_cGR9ZN52H4f$Q1t7Id
zrLjQOrHcb=n$9QIKnFJXeaRO{XQlW9H@Lf!i3*F`5$b;&H=n}PUqbpWCwKU$Y_#+R
zw_y5W7x5~oyJ35B?FL5AS7!F_+>UEl1dRo^<SNm6-aQ0&`u#$2&zGfP{RhK!O~Ik`
z2`2B%bMEtlw)I@2@Tg+z^J9~k?LbKIxd&EO<qegHM!@M$z<|5sULwQK=Fm3MIr%kz
z=;o#%6Qi~W!-za!gbSy30D11s=jxCdGut;)2BYUhs?GLZyurSC)*Cke+{i2|Ry}xV
zJsyc&H3;WD-~P<ASA->5|0PILTH^x93T%M)vzO57RtH<t8WqEzE~g5Qk1$(A(@2jz
z34xSc+7;Bctvl+T-kQaYM7HyeC@qGJ-CDz!PQX)c(b7*Za80%msw~$*jm(=ud`1Z?
z!kH5n5o7tY(gu6zMK7LhRAPL2mD7IBN-RmRX&}^IY4(n(B4Jf<a^P;H3CoLP0Mk6S
zDq5DzLx?Xx80I$t(a>kBt<P#8Ubg|{(%z?0vO~r+!8Pu?nKhQQ;<h-2u6<ZxuA6nJ
z-594rXPdSs7xsyqYf=upqP#>N{R86(-dPG(sm8zw49;#1A{h9J05)~ZOCd<&-5(!{
z=7=}Ar+b@|Q1d}$a!a_RhwS}n{fF3|GGJ+!^S3N8`Lh>Z&^=1?)h^aa4ajSG&}8xl
z)z*?Pnu}kN%K2%e4&Qf$Z##sPuLg`HTYg%wKr_!*Saet~N38ni1^<HL-_8jHNjq7r
z|5l{Ce_|hl5jN3))o}Z{LFuJzH2nInT$0p7)bC#el5xzWOlFiZ&rFe3Ta#=gmGV#e
zJes>V3~-B|*iza%|0a?|n*Wfr)^pC>d|;GBi^01oiJ7J(QSF}61sYH5DfFQyPgs6_
ztjRuy$Zs6WRqiKj9#~cSTcl*4+&PEp{@FmVgq3)t7@H1?*%0^Ap89ooQmGm5#Dw;2
zQ+O+18vdh*)Aaw@g2`0pdF(KO&x<1?3oSSX`Plk{sPgN)|7L7HVK<)xwHs%{-IIUU
z6)L%J4YqL%I0?zz9#H8Q2JXl!rYo2|+J?+}ANO@)Pp0GyQfEgmGu#I7CX?Lnw~RX?
z>!-PZ&`0UHYc5Tu_C8{$+=`pyiV3f>$2<8uxYL*6z=veRN?wS4Catt$xEl@GW4YU#
zg<u@*9Y>HX`ysc!!_hNQb7n`K5gJ|M1HbG`^i*c(TRgS326ejYoPW+;QyyyNoBLIy
z=~lgNRN%L-uTM9Ekd0^rvjkfd*0EPXM_>9v(sN6xAjP>|DTU{9<;|qaRD-nUE~T6}
z<ZN9UgWJ3A)Ojiea6#nT=j35v^TNMX6Nidb5vuiN@Bz(Rjt}{pQMplnrd{?phV}}B
zMsX1NDq;X_$gpgsWve-daDRAyW%3gAO`oSQte|7eXW4u0KjCV~<Q-Lq4J%^$cJ>fX
z`YJJ~0vtvg6Gef^{=A0Wc+|ZC&UO$G3@-8B-rewXeJB&_?Qv44(W48#MN5dYXghNz
zF)XrV>HN!qikBUk-cK8itQP6Y!}CB7QS_3;MY}&XeY&}m_cM_p2DBC0{daz$AI*}#
zg#8P$;;%YP7N`PLh}HPV3qU|>uF^#OmTH4zC3QJIurV_fq?2P60{OC~qIvcHr~nsd
zIwiP<H+*oa7yc3@))GDqPkfWSMX7&2=0;!(54Z*#t;WL)>|SWB4Nsof+xx1z{x6LC
zukvD6$i{0vUIOLSE`YwqQ^x}`oxV11N4*QSySlJHLMqbEuFLN6srN<!VSnKM_frc)
z$j5RA%39K9$|Qpq_613!g~|=Tc?)}vV-JbE)2JSp+6Y?N!_6$X;}hz@tEArS;rSL;
zw1Et5{HZ}_1m@1of~&_1oyJCB-hpP}Z-n&W3%<wT0k~|rumsZGv)^v>m=(W{J*G|v
zYBzRVq)v{N3}set)6{=pN_(>VuJk88$w<WC_Cy79CoIpu6IVYqJ5W`cbm|Z5+Sb0P
ztIRIDt6s2P5Av}S7$u8zH%OXAW=%(y^G8$C?bZ0&6>HRgoV!F(7~CPZjLVyg>irv$
zXM`X4)5*UkfVa*FLSNBr?h-vKtlm-6_LU<nlr}Hp{l|W4en$ncaWG-$zFFhSO*=;Q
zC@_QUU#|JhKO_;LSIO+e<n@eopne#SuIn?~Iq_cP{E^z3y9ZR-cNWb5YD}k|I(AYY
z<8jM<^_U6je*M9DNRGFMALrb03M|Xk6z?{;5#*1(DU1jGlH==%_IJ4(BC-TuGU{&!
z%R9L1&5E{6X_ZeTUc8%}Y^SvKRrmy+V@z#RDfDptKucbx4TV@20S9%TEWf|Zr@eYS
zkt;nDN8TzGSQZo<nR9p&I7@7p|GrQs@8PeIbscYzc{`rE_8>HOZsc-gC|PQz_V`fb
zH)=wJ6F4hW6Idzj(aNs-SBH2w(ne{027E04fnTOT{9f_CP%N9(#WtaRLFPVOD07R6
zc<T+)3Cta{VZp412s!3YHW4A$lUENCv1aS0w+FuehQIEn-0O`y&x~pM{iml$+a!`p
zO<|s%tVS)|_fxY7<3u0c)QMWcOy)t;CM@3psuMxL=*zt}2hB+DfnoFQag7g!Zxf;n
zXcAkuz-1WT+qlLM;aDi$D+(?l(5+A9KO~k;8sF*C2?RE-&^3r3BWto2oyn-TK#2Nl
zUeD4}w@{Por&eFqAaStYr#R=*mLbw`_GGmOv(I^Da<j+xi$U_aw8*d}(FMVjrlA#o
zKxoQcYt*dw5DHNlgoYfj#FnQ(fBB2Ipl}hX6|UYBenNlTir@M`s18kqs4h`!=&xRL
z-xTky5n>Jv|EW@Le<YJew@yr6NCj=ML9M0_2=ggM?j9Xv9p2$lB1ZSXbO`8c$Q=Kg
z=aQp*0dpz+PQ#NID;6N_5Ah)_*RK^m*s)5|bE9s9tQ%93wyq2gtSPicKB`jfz-x0?
z{cVS}H5%fV9%_T9W}gk~2tI|tJkE@?g&ddi<fDFk!<;Fj_*_mS$|EqhYJ`xl=}BQf
z5g&h0e6DZpO!3QC5>$9^@7mqWBq;r6Ps;Np(#G8w<zEZZV>sW<`oA`4Tn-D(SMq*f
zesC;nT5*0jYvoc@(WVj`=e@M=6OuRhJ2Y(1=wSBY+J;M6@9kxlU|z2%+B!ENI@FGG
zHfKTQx?Q0Z?U2{kPC|bt;q+7UDc!HPO=b9$!~Ii9I#K5{Y&)Ri6#}Jm=9OmJ;M#8}
z(?9C@O6)T4B}Y~Vr*p}KkhAcOuebhau&YFI>Eg42K$Y*bo?l<Qm!5?^fCRj($<0U?
zVU5ZIfykkXpdvL}iV?wS6KB^qm5~+_Xbv?!mGi8E`pQ-hc5E!TU`*k&s5<u(C3{Y-
zmml1&y`_QGA)Wc<5nMa}J+jxQ6S8=)zck$B*F+y``J(wWH6@uk6f!|FIhE66GqC+;
zbSCoPx!TF%EugUadbaa4M`{0(g#Yieky)<bJl(HK=fOSe-y)N^DGCo~YHcgL=NB$n
ze0#6c-XE8m94DF)7cB~0_x$AH)uTMyJgZu$wY~kZD1PZhzd{wEa+nGF0;$#@nXYkS
z!tU*RjpQ6(@W=kxoE0>Bv*e`4ninqkG?3k%nn&v{beyvwQxNq9%;+%%Z4!}H*l;Bd
z^Y(*g7Us-{uOECgkHwR0M)hZB&E&u;Uns*HmPST-As3Azz>h!#@4^qH>dveEE%jlE
z@khp-eDZudb|#!2Fwe09)8$@MiihGUOVYCu8r)GM%`n{-(ME~Za;0glu@T4Mw`9f>
z-)A3}PJvNCY=Ln?&sW9i*^0-~ZLZY|ppPx3H3*b;wh};EQPA@m43(v20Eq`eriwKB
zES<*ca|-?K|AGCBhnF!*rtl>CHJ*nMHw6!)ixMWC$@Gd5lJP++%(JhdzWbA|1c%Rv
z{lfEiS(sYvlou#?ZxZsWI|QcT-6q80kXbG`H<Jm^p!>r>oqR)>l~tT2&LzPq+os4$
zb0KDVS8my8LG09e+O5p^9?I|(Zj>_DvpE-q%bkHctgZZhl#tNPJbn-bsWJPrH8j$g
z!QrcZY$wEo_C!MM_~osoqEOofo1p)$pP(>ZO!$6JS}Eg`2ib0PhZwJnBq?r_dUmM`
zV-3lc-fVUHH8Qjqr);vcS_|}Z*vLxyOwxFR(39uff7*&98cY!;<hl3DU-JDbGJ>Ah
za#|=IKAu@w{5P!~-kxr4Pfh#jUTuS<1`N$-<fL=?BzGq7C4w%BOJe9((ufZv`RwOf
ze7>1;X2rj!=d=>4`W0VeV3`|+dr|nEdTN3Mvx+A$5qn82rg>jpe8-UQtgu_~xSx2{
z>QU}MY%b5;sOeYFmgkmpFzIrS{#5l%A-~u*jaJw=Ie=6RCEex=KE(6`Xt`9c_9%q#
z;>ZD%KDen&u*@1-X(YVqa13s|%r!A@EAFd#BCxvaGy3<(gs#)usMkH$pBSybrbOCr
ze2jY9^`OA4{wVegVfSB`8;<)7n%93rl9#a7T<ydzI`O^3!pQjFjRSmxD950AuWE+^
zozh?&LCf0iig#DzY0C6I)cEOt(6}dG6Hvd$Dwi6zon0Ro>}H7v3rA}91y6Vkw)&1;
zJ8fKl9DydT!8AR<{tkBrDE!bf_Izbvp=-y<xEuD(hr7T3Lbz;lWBxkjl*GP{K;7uR
z3v#&n!l=?oqo>Hc1E@Vldy=>nJw#CX3%Q9W9d$FR_PK7iNO)B}Sd4#^UFI|X*s5=p
zW1N)!KnVT%VYB>eoEg#W`v>EnU*k5X%JoZjCzft6RQ}D@fyi1c@S6=6-?KK}t>G;W
z4<ESolYUmxs@~a%d3DIpM8<`#lI^&7tgBk}jpbu-H>)k`CeC6$YGLlw(c=V<_s$hf
zM%d!~_b<P<Z#jFtsq!;*_YcBrR;zJ?3J?*vseZZH;=jcB-??dK`?nvM9?Sx;pYf)E
zOtJEUkFz%qpUx%HJxeODgcJCG8^+<EnnA;CSbnc`c04s4UxN(0MVlybfhI=)eXhnJ
zioeU3_AD5`BZf!tUlFkYQ!2LP_gN_J9@3E5*}jlh`sJgE-*;x;wO<BzNhJsq-0+fX
zOx5eq;%ix9PZyZ`%I!ug?ofFJy6eu9`8+c<Zv&TlTK%)TB%JhMu|I^e5L%)0Y~9Sr
z$v3u~7WBP0_`;$}kLNK4>*D5VE`@U&Ot?v{)GO87WUALe{t<%zLM)zQ+fnt1-<zJW
zxc8SdDHd%)N@&Yek85Ss@s3%mdC4PA;$ioHg`bZoHFM8Ad6WXCQoy0EPRo~+S>T!1
zkLvACV)a)r#m{clnt&iHKJN$BfLK%K2auGK&}&9?a1F%$qsz5T7Qe8AYV1YgpBJ(U
z-WMHJQ=0C2yY)+GdZb0LuY7*$ff_hvKzB>n<4V3DOG<rObs}L~YoqA)->?9m3&KB+
z<<5?WTMY6)G7pN(TiUS&e*4Q8f{yPC@4g%Eol1S$E6%H0quw(2UKl^NfCzoPweiJQ
zkxA%XtMW@)x{Pxe;CZSGOy~uV^ZT-O_i&@0W{1DR`Xt8nwvPz)p8LP%qqGH$myGbU
zS5YK&F6yA5(RfQ3!fVjl60Whw;o*;U1z{Zm@cykHYM%tpx76RhjkMtYP*Je;TY!0k
z@2S0QB4RIBNcLxb5cz_}53vldX;b<wN#^<2y;jvvSF8J~`__L{_OI<l*JngT$T5R{
zH7N=$h6Ak%YJXXLC^Ia#A)J~nKT^KXqnk@TwfXm0@p})a6zAncs6_Vz^W3savB6z|
zy>8??Aw2;X`ggbaC9bbCyO_(~OK6t_vr`ZArV+O{0rg=YsLrPzR2F$!Ch3~_ed9KJ
z#Q*2vTxdE1@XMHe(+0CVAwbQ}?(QJGP9_>Dl~kIQI&Jz^Sf4cZOVD_5EU<oQPr`57
z*O<q>qA3D8r)mmjL5{%^7jWy&3EKg^{loLR^p1!e!`8=*c|P$G1!ljm6*D!wnYq^R
zTtaoX5>u`RtlRe%1p4B?C|so%6&#r&>>6bg1k0|jKSm?Z{-s8$Ck;itt}S&&X?%5m
z9opcBD^;n7F6&ZU>}DVRSa9poF)q3NW&XcE>CTOx{uu>F6WwmP=F;Os-;b_cdNFY+
zqTqMz?_er7Is)n*ypdl2ckQ#sN#~mzF@HUuan8?h?k80{A0Cz-sB~nWN|oX_ouqY%
zj_M@mBg5h*`R|!VUz%}k#pG_qt?adR$Z!Dv(5VkpD1UPh2Xb#D5bdg*_hNpRT-#`^
zT8slFav<d+o6YLswfK?&nC0poJb0net2g<tAmZFLVNhbnlENBy;R>58o7l0U@X-vJ
z<r&6&4`L1NAM3H&U4oo?3Q>Y3wyh-3&Jc@6)SZf;rgMDh348?R90Kf6o*F;D$!?~#
zuh=XEYZ?*0%P-K7^<g?)?>emOBb;L*ld;^O+QLJ`Fwggs?4f`OAyNMz3-D^Yhsmfr
z%&+nRDg<hDHiaG<W!nels3rzY!%fE%0`bRYqgvPFb-VOV-2|=vii+~c-+s!El$p0_
z(9azvgMQ<{!L<3v&%xE}-!Ylr=L1}0)~5~MvNq+ry;y?0jPy}K5A3n<4Bf3Luu=C<
z(AB^7x4%y^qCPnn+!Bq?{;Ltjz=|jF>V@rt{v(<qe_Y{5hEoR>sh##;ytf0V8{08Y
zAu9G)=ji5h{=nf>wYN4NG3&PDC6<592(Z7C=|F>jbhR^8xlWI6gO+Q4no^%@R0t~a
zYsZZRb0Y;7Ch18YJ>6C{!vISy6JqH6yNs;hsS(HOGiwtLUn(uiA-8|7_GvF9#6T~q
zR#UdeU^q%0g(807LE~-V)X4^wtQ?uaI_qcf6`SeiH7a5y5($~v&Tgj~t$$F>Om&H?
z7-l@Jb0LUMKU!CqqEqB$epH3WL7dHafifLvo{h}=giw6s_MU!B-yr+8YJGUT!x82}
zuSh0)PO#=o-n)F{d$Bfi7UBcTo4#g;tC=b>kCv0OXDl>Y4_d~Z=H7N{jqtvPx;6tZ
z&b~d%{LyB){M@mKl^&t-hST;@v-OOo5^>|d?i6m1YGQj&#R%@-Ny4u8)c5ow4sDh%
zPp-$D4;7GGaiOe;*q6Nix?g6w$h5oC*X;i4wV2F1qb5JynhwCTLm#pz@J*J+_wVwo
z5ASI@cRnP9`+oJ=q&~L<{oJj){)OY81i*O0|Kqc!;lu3q)e~ptYr~49=y7hF;>^bT
zsyrk90^egDl$VE^0JZKXxQLqw{;UTRZt!RS1M4|<h=s?{;qT?2u|l;Vg}?{p_Sgkf
zOzSAwzxwfJ$*zMym`9_-NveiI*<I`@mmB8eo{js!1u*+RP2NXBJRRr$bSF=$%=hYl
z0E36A-CcG}*@S~TojO@>DLwj(IX(L`N4=NVhq;)6WZyA?UM;DIV`j%^Dd0?&&NyL~
z5q0Iw%xecTsrc}F5S4>TrrzJ3i181X2UWm>jB#ln^#xcfL2dV`HCl|OrQb#}HenTl
zWw%A^fp1pMzD}^~ntkWCAIo%Sp3qvWiTY7UyE2rnlbg&T)tP<%Fws%HzIQo}c;4?N
ze9!uUPSZo+Xr98lLFaIC+D5~9L*SN%vw>qi=bwd1qh*0{r%y57x8%m$DNf{(TxyZ*
zrMlP++3j!XGit5-Z<`;hkiLZyp$_klX!QRQlrLF4OtQRlu-tJ;IW75Izt!vAvL8Nw
zm##G8{)|-q9MFn#*PrrdXw+7*8+_p?eJe-dWC9GyK+yIys(b^!rq54X#LFGx^Q<lf
zzG&7-x!L&`m9nyXR4zz$PNFmY5L2sLD>EMEBm8NPvO*E|1}V+aQo^mL<jnLl8#`D#
zS^(A{soM4ZoZK<|C7jox26iu5U%ejj9;!~N$loZ_x_xx@x7jKG5$obezW+rW`tr;#
zWbCWz{8X4oWiGjH*x+^vC#@DAUUWT@V4_Grl?B7-Em7RGrwEB{K2u%h4dQM`GBrCW
zun&oCYLC*V@(&NH9T~7FN`<W!E#ac18sZLq+!dkw=XpZD!k;+0<BMR?I%o@dUWo0;
zuF305FZ^CiNPztXMB&Btz`=LUC#JCqx?p(kr^lh}t1KJ}9*bnrqZ~&ZY`$gl$ZJ-o
z1>}H48P}k27f&v!1i<I2sX22fPd57Slfh>CTwo>8H`SapQj#-LfoVdc#t6ds{=3}o
zJZL2_urq9?(i@z5NmzjqcE^kZpdD=Umf7>3EVXsP#VOR{Dd*$&iDFMjv|8$c-!ldx
zT~9S^Q`rCihqu^Z{);G`ymsXMF^ctiCT0F_VJZ_8IM%ndY>CB`O&s}GU>bz%EU(hI
z3x41ozCzvItKXPfZ?4}n8M%-?-xe&n4})hOJR*SBI0Wi{hBe0?mhXJI<S}t?;6%4I
z_HaF@b5DNYfjJn;y-qJ}qb&R4EzC-F_m7}}T4{vOK1lVOF%PMh^kl2Bid?hp7wO#P
zR;kDG>ZO1{1x=A&@$g%&S!+7hi}Fqh_@77(eAyL~BObR~U42l~aKsGutsIhNzgyL^
z25TZR2w<g+Daep>z-;3_vp%!xpYDW{M-5mRiJE7Q?mv3>zi!@3)~C;(V>d`U{JsBJ
z5>|o`i+!oBHi;X%H9i=J*bB0!W0;rUyf+SE7f*l5wqE#qAQxjC^;Qox{0;6!f*o-9
zw+Q)CY)Np-fR>)hxlXvV;s0;zj^o*GH^`0UKi$OFuU`jIP99}B&gpkqbbNVqpuvtQ
zw<*^81`;zXw5S#2)1-x$$CLl^xzGG_S*+3CqaupC^@VnzC9LrEWnb%s_RnuKI<8ah
zEV{Il_u6}X-42J!KD^na3#i{u$6IEfd`1emIS}z)gNvWIjftNsD94??&w(ryyy?S)
zh5lmB@H3NBTf(T_X}uk|w3Y{Vb=?MIOX|0Jo&3JX{Rnf4UGk(4G`Ftz45;QBpB#J<
zzpko3P`m!|^56%cK|;$+%leBBoY(bAW&2^L#=>G;#lzECM!t!PRVJE`4||>P->Q|9
zwX@ppwBnjv81bpsze2M7JztPOHG2Av@cYl$EqM3q@sB5;h2l<Mahs22T5VrCQck#O
z`6fKtup-YhmWE|bZTS^=KdKgf#doY)SFZr;(_c)kw5s{q?MHx$&SwHG58IVjS$$`L
z##U*^X2Wzl($m$dug~9HKDIvhuDPPJgopTfWL%g(o>pA=vTFUrNnh`*EI+%X14$MK
zEAP}DoqE=`Bi|)CF;a2sVAvn4QNz`z|As%`QggG}<pz*et2D09KZ~DEDS4w*<{Q#z
zY8F-Y@0y$bed_0S-%%(uZnvgM(B0v_y{(sZBVRtk*BF?gROWxL15F_qR$$98M>?%s
z85rak6N%IMob+;6{Zw3fxtr73>a$o|J9p_v5RdV+a-*V(!v?4@h)b;#)KpK#Emb%1
z&Y3TJLX|KQE(L+@M%)sCl6R-i0@;)ms$dgS>djTXAJr0dWi*N9SZ+2KX(y-h@%Dfe
zQ*solvQlt;^zkEL6o>eAj#Q?pgt(SeAfyqWxQ!NV6HQSx{I)a8<2nZQr_LqvUO`UD
zsO!xuYZDR72KkT4E)aA5^MO&bu?<;iKQq<p_hwO#IscvU(*=FHyFJ>0`p_`Box6Rc
zAR$=JGGc1t0YSUeug*$4%0@2gj<c~J_L<X?S?#6VGQ&pF!4zeDIoUkJb7|Yz)Xxa}
z?{>CI{d<F>%(>oUo3Nk++3v2&i^H>F<*}3Gv4(Ory7if!A40Ix9w+`}R1akIWnuj1
z#Bp_<XM!k?GLzb}dx4BScEIFsSEp=NEhnzk0<HkDjmCer9y;A>y>bx}ThQ=%Jgp-0
ziNl&2>uzqGYZVK;>M#IVF<AFEd3Qe}GztpIc^Ks|GTzY89r%p~NF2|`IPX&<syXf+
z%ftC0w}aEFaP$BC*Hu&~A7eaR&R@BS{2X`O^Oe?sD#K^iyX~^WG=r>V{xYlxB<!VM
zVbkIxG_xpoRX4}pmCRz>X}wcDLwOm#gWpT8RXwX@-&6Pbc=#B>D7N9ipYiS-=;@B^
zx6SS+2ZIx?KAu<p-RnH}(aSI@bN|PpJCDsf5<=insS2CI_d`-wewUuHQP5~PcH>~-
z>oXUkQrlN{I`A^a;m$g#*RGk&$uo`Y@;6tf-j4I`lI$z|Q@^vdp(hU*1sYl6K<SU`
z3KK%8TiTQBivFdh4!Z9vJ2rwYMIJa7l?w5mhS$T#jyyF+z8Ot8^S$J4)Y~v`-O~@>
zry0}^uZ$&}!Q~FDOBR$LG*S9A;gZm8b=BM}K16m)I|pXrJ+gAswe{tw(}(#Hm{UUg
z;In7X-g@3W&u#bBuc!reZo~fd*POz>J3SX({FB8!;XE>~6b^X&r%O3taN)`Q@>a<r
znr}u#m+#ksh_K+P+nQ^1EyBXYVeHSNCiTf4Uu_hwSc-kaFs};HLhm+BE3Nns3CSPJ
z@A)wTvJA5aBd-rUda}8%xx(zy$b=yRU~(PU1Kh2@-sX4K(@&uY_1x&t3A?&y5e*O{
zPr#O))nn$Bx9E2fRTg(f_zxd{2}|Fa_+g;jI~K#2{C$=7Ay^bS&1I_7|DTgJRC>4O
z)K9a2q}i^m8~mBZYH9CaW;d6#z;M{=dF&at&F?ODY(*D7HOsK<;Y~l3o4Pi5YFo^8
zB+Zm)&w(dO`sXcGI$3(i6?!~sc6*w%;Do#L*WtvJtDN5`0%-ej_;IzN?vzt^#T>2T
z`4NBY5bxn{4N>XvKJ5(L7pJvzP3Z7}4N$l%qxYkrcXB^2VWE1?!<QZH`tAs!ZvyDL
z7IOx31bny1EQH11^d8gt)&A^vy|<R#l+~}~i}O}zJZqJ~jz!tOxZGRb3(jIElPcKG
z4*yywoCmLQ?fpz!!gB0gOY#<~^<X*V)~3OZ?{G!fOR^dH1DYUCP~`1oJZpB2p~z_N
zFxUe>0gELQ(9W^~1=u?>G{%2FTm@E1*0}wOC^Mx7uP3{ZE71;;#P%ZI3Y%r3&{u)n
z0I?o2-10D58$c<#0Xt#MAGXo=wfGk4_VU}S9M2bmy=47no9HM>jMS=%rHbVt*fH1*
z#yr_T7V_@u{GJuN`93+zoqSfT06>PyO<5+gfoPz_)WY3&EQj({o7P#V%JTmDSJSLL
zO$}s)X47aY8lQQ2^YdgP$zz8pO1|kYmTQN@B+JeU?i#n&ffcg8ucMli=*P;8B-B__
zPcJVGPh47BcXkbnc7`O8P&+Wl9f4q2hCO_54LzvR!zyG)fm&%^2(zgc`fR_T+S{+)
zSGfo}ruT<br@FJzgOUC*9YGm?h?jvMfssRJG7sSahH(NLw%^0d{c{es?DWx=Ypg>(
z5x@olPz<w+PrHD!m)jUj?i8FLPb5E$6&xJ#)?M~df>AyU^NTXcfWW#ZdhW@<s!u_K
zoM|f*<I>VFEyCNplJKk_WWDr_Rr1tgX)KNH+Dxgs2rl_bw`7DL3#&Mc!etf-PCj`=
zBcwS!sb){L1~Dqh3M<Fv1{P~8LMMQHWTnQ`*z18)9+&7^U&bm+etz*3l4)dv%FjVE
zuY+KP%Jam{FJlIc5-eGPUJci#5<XV>HAGncX25D6?;b+~?S-zFi^sfvqtOH3+ZY#Z
zRnZY$?Or-&CTV$_;Zkx8FP2K$?!%niAV_0$U`N<N%~(m&VYV)#P=X{Y_(j%Yyj4Dq
zl5|%QxsmyWMoA*8$f0Bv*{RR+Yn$kBDbz(q>-as(eYEL9u6iIui+yw?LbU5gLQq83
zi}7;*u?}aXqBEm0+BE=pG}#%ARpwo0l%Pqw1Ru%cO?V}qS%6JJ7plJOM4}p5LxP31
zgdVG|zNg2O9qP3qr%RG{O+BsbLP^r)rsQ!EZvPTQ?xRrqankJHK5NCQI0N=|bn-L1
z*;@})5#Z>KxMO{Iu;7mIb*_fqW6`EX#Ot_oLU%?t)(SeUf+p#*ACVo<%*L%yGGX%5
zvj0wKRME0fe5Ft%9e6GFI2k<kV@#;dlbrKWYX9{wtc__}#8F@*NYeWii1n2ri0Lpx
zRZjS`n@kHS-j!w-FjdnBkx9PY1jadUQVugn5(II25T?tnDTnoai$Dn}iVyE#<Lh!l
zxuZMyrOBy+^W^XtfFfKCc6w{Mcqi(^AmZ|nP-bcWr|h*WSAF%^OJrITDpms}KRPNV
zbgS-QZ<mb$0TL)@#uRz%#MAm^Qf~YBCspUTXlV&b;OvmIBiH38P#LaWvvz!KOC<jK
z3>R{NsL`Tc<ShF9$SFDt#VVoHEO%&%p?30+3;s$J3t?fC#&|s7vKf9S^0)KT`bZVr
zIPtg;&6MozNGAJI|E-_a+pSACfLSoUqk+3Y4vcF7EMVJqxNlqxVEZ=BU<I{?`5}~|
z3Ja=~RM^-jl$#;%6&VJ<ghx*!(S#0JN#+pw9hxN3c$0C6J&Oh}{mf;(%%fYRZ^$)~
zq?1Km4OY^$S6i@$9Znt_Z6ipKe$VelD#Ex5PpZkmO#sR81;q}^Y{kidp6fUuTLf_d
zcY#zU<OGWBs{uL=J;cia;Iqgfm-@`XoJ+jj43*|dGBLRJm*Clu(3SBY+mHbrwFj;J
z2V*96X2!9l$vMp$!LJ;e_zTk-OM+CQ@`-++v^B}&9On)%XRT-~4a0l|Xr~Mno`cq-
z+0H%jl;<|XieTBL{m-LR_Tm+gPED9TmAT~TEzHy|CPnUwP;mq=6}FS8hysN9iTj7;
z?*%Z~Rmu}b_4rw-*us=j!QKLD9G{g36y1ZD(`E49;BYTgju+Eiix!35>8y+sHW##E
zF4e_Fb2D_Hec?gKRIJ=R)X5r8<y6-ZGcn6Z<2Ax3)WLD=PVh_E-Wrzg4B!IlbWO0u
zT7OM|zI6DIA}Knu_<;p*F9sdazrUC6&=x~BK>L6dMUm3*1P*BrN<sja_k&-;sV=SV
z1R$>R3`fF4UV<&+u?y=Gq}N+b#L;vMw`706MH`f!#Uz>Xqc@~Mf&Z;E#y47^FoM}B
z5UZJWC}SGJvh>^HHk~&+&|E~D%5%)r?=eE~C%SC`-8jgi_9g9ka-1+Z2Kp)_B4^r%
zVS8{XIBId=9a}LEbrSaJz><L^USc9*M<9@GMb4D90LDn?39Z=orDu?09Nq~9n`o>!
zUXJ%xyrjEBoWCaSXyH7v2o>jh_kk7R35f#hKBxpgn(Q#Ph?n5IeIl@uG2@HEfJ2ql
z8<>BapU)q7NI5^^vNJdHzOR?oM!8fP@(8<}tQ8=z%C-ie1&7`_t3NE)m*yYZ$ZGE2
z!RFh~l;jCjVKUjo;G|POtAxikS}%}z_k!Ws>ep!$8FDUp?_&5PE*Tudgp-S7mKqOn
zWF}P@mL<<=09{0G+(~f*Y5Fdt9NV1X${;ATN7@BPLfU5?NY?)er75Aa!3tUyD)L$u
zyvpZ1(C~cu-mnSjbPZq^SVHs9jcrtOrC;0RPv!|KP|>j~@3tv>^j%GKAnZ`hm!cnF
zWy^mVXYrG(lHt4fCz|C0N=fxiIcP9oRXGeq2^rtRLRVAmEhjDwg`?Gc@9@<b-}=A+
z%YT<PDdvn%qTY0K_^9+-l*9z_Qb~CE)tPO@Fa^nQIpppdvC<ffWU1K=sA|B85oDAx
zl=wW(RWZDo;7dNACscraYFH)^$jD|3jo0fcVcF!ykQp(3R6wDK{lpP=WI#i~Q;PRO
z3&x>Y1DypVBv%U;o+36qr|e6xvrVluM~hgpR`ZEwaoRslo&1E}21Z;o7)jQ+F`VM^
z;1a+9)kM7|Yx&~_jAMPQP^DQwO?{R*#6z~xg`wAE-O}q|8?H3aBk4b>#AM!Y+ZKHD
zcc8BIJa1Ivgg?iM`y0E@Lt{vQURJpWpd(ZwySrmYvJ5|hjFRD3l6^1l!5@H2v-dYA
zLf(Uu5BJi-G-1uQ_kp+zi(rLS6;5SCaW~C$QTh{D6@JZs2D{6m5H0#LkFi-Ty?k;*
znIqr1DQ;Kem+DH)LhSfIOiIBRSOKneme>tv6um%z*;4l@9t_hLIpF3mE%uwW!^mYs
zfY9*j5KwM)&xCJqgFY=Luq@6z$wOXq9}g6eN%j}1MMC+B#k?f(NyF2nvZ4mihw0Z0
zTWet9<mT0<b*3?Kl7RnZ+BabUi-f)bPu@XsqU$9vQhqWZpgX;kgRe7K2>piL!A=)-
z<%ie~<f;Cb5AX;um19*592@F5V=%u-Q4F9d&G6iHX|`+~Q6pJ1^7yAUWd-Ur4h$oy
zd+O|qn_l9uJ=q-&lyf7(x9n+h_;W7!4h=4;xq~hNdb)>HSj5Rh$ARzgE!*OQlz7O1
z4zJ@Fb5&Lr8YQ!;h<hfpyk<0n@g+AB{snbv%5pJElu)u>vj?UqY~W?y1jxDjzIhFR
zcZw0-WNq=vK#Fdt&UxYw7nX@l@Fhi_>yV2w5WSnUY_UfBk!=GiF->630O`b&B>Cda
zDrlP*NEx1Y9tk8TKwaVBsOyIrtXQxqnrh+52RGwYI1yiN_;u3HFsPUN&2zavt{vSw
zQ9YOOn@=i=uy;WB&y0Ro3e*4DkJ>RI-%A}KwInHtKHU#CE>yx!z%C^J=1->lXkawn
z?+fYi?k=X<44h=XcY>Ap1GT1F2G!veSM>`uEwy37FMsUc{hT!$a~0|acoue5w<bBv
z5d+^;3idIY?2YkuO_lz4_%_K}+>Z>Vo*MtW=S?W-$Cg}sTF$bmxA2Y$tm(2)gOT!+
z)PD|f=?+LF0Bl)?tz)I|#d*O#Tpov+kk}Zk-o>;SLTbUzF%rpRtm8rhk#v;Kra}Xz
zyh2-GZ$(i%^jO$=6Haop1?mP(xO-K2eh3IVISOdZ8)K>al%T|GwsZog3R$`}&WtLh
z8@XtQtaD3JDF#UWs)5VGhybF)aR-cTn7jXvFx~4F!%ziHMV|M_cZ79iy7?bhlzI)*
z>m64&HRoh1w!?QrC;@oRq?;#wcoQZ_=psl1WEvAUsg8mZ)R?FM3^LSYH8|ODW;!Mh
z{7|-?Msnn%Vp#h)dO#caZuWsbC{q1h>(<Y)Qca7bVZfxrK+a|W1M`UvyE8-wzuOS+
z14@CSjxTx1@w4)P(Sn;~;02Q2M!ka$f`9Ce@Qt@B_JzQ8u|5yHlXqm%CKkz@oyPY8
zqb!%a8ow?ZppkROD&ecqjc$u5F$CZHj<8QD0I`=-n7u=Yaq4EuF2=<QP@jM>*Hf4b
zy)-0;`a>|MB;o*7Kv;`}9>G6Q2}edFWBbDE$oM{kko)RN98+sB<BcnbehzQH82&y9
zVMF-Ax&74>qSgM#?vuX^Kd#V?M7IRzaO{Rubu{gZZ%6y@$Nk<tGlT|6W5p<fyE1}b
zeb8Nk1~Tw@p=L=Cvmi7*d>`*2BNvSUfG#pjn>yqKM(o|qg}E2u8DwU&og_*T9#6(Z
zLyxd;>UmCDGmM()N|rK${J$z}A2cvRwhJ1d!e*g?{A+gIVPyw6-#b!}4@f6r1W!i`
zO!kBFQc1qn1!3Rqn+9lL=#R>r?|mY3ETP$J*Q&IEB(WJNg}=&h@Ew@vRyM^q!rrq=
zj;u;cQZ`@6)VMpmLU(UU#M#Z`a>@I$iAwHhW+d7<0OG)?cSOOgw07u=(gx#2c}O8c
z_8MJ-08s+^0*0t`Vek$(!b(f~ELQJ{kz+4)R~;FbdrwA0tRDCQ7O~68%Mi!vEgJo=
zu;<sOh1$~dCbv(;nFkoaWZ<jb-$?1N@G%kH=L<d6&vECti~rTk?h`GU*yTw$R~sF7
zpJKr{c;Acp;ajHqkUg>d2EK4FB{W&O8N4S9=Fx&MUt%^Mf@HGya&Wx??W5m1jBJHY
z3}Vyxn>#e7`Q<$vobWaAbY#*U8YU%S9h|=5FOHIeSNsI`%A<O<`OKSs!07rH2uKGb
z=Q<}yqqTN0Qp0*#RPt^Bq~qJDcSDla<~Guua73Tp(O}`7+k`jmX3gHh5Ut^&Dtc8l
z7-@C!f7vCn>2BLdQb18Q(P5|GkOCI-P(}!??sq6woBN(kly4!86syS~ApU`Jz0^~8
zEJ}!O`5<id3kk|*20CY$dP>Ane#7Ny?ONUW-_FBSsaxP*`lszG2~^d+%@LEW?@NLp
z4l<%@J>}Z?Q6F3V5ANGArM($}XwAWnQ8p7($T&z|)T{1I*$&fTs<MdN37+N<2%COU
zk`lU`s4jXU&linlkd71%4zhPAg&PPV1@zuA!>UP0P(owsu*F1q(F1v&l@+z2>MFK`
zcv|$gh%LJKjx6GMT*UG8XSC=|t9~+T5<yt!8aYvmzJ4XT?{scq5Cjk})2N*c6DySq
z%E?=mqlQXBM<R2YU3?mP_sF_ojrNIN-m4E%3GtHoANAi05Z36Kim27dQA479YXzI;
z*0zgGbL%QmtWGJKv4{cYf0XtA(klN)k$i@!yKm+ZsJrus#l!=K;dik{Pp~4^HL)UI
zs{f-LcZpat{&$d(``@9#uc0?ZzrCQ%yj4w9_+_6%v5^d4npsTG%Ds&8Miq<na3mh<
zyMZUPGW~LL=hnG4Ige9wt}Aug`!nLpi)q<A5a9~6CX75pN>j=}oU&a@Ju{=lIKF6M
zueUl4kH+sn!9b%?ChhXgg*{bU%-xG>S${xuLhVkGA~Z_|w}R*iY_W+bizSo-=qTwU
z!4oMRi1c3^ga2hQxa&N1$}u(m(HcNDy}T|eU~(_#wpES(Sx2t238xw@9m_YJ39IvN
zhi_UH|1)bVmjqf$Z^HCO%?`q~V6a{9C?ZI5;T|vW8-9>Er(Pihe&aKd|NQfyM>YT-
z5(IMmMskAhlmo_6g}I0QhkhcW37Tz-43of004A+DJP>h`3_ORI`=23;Rw=`naADki
zDT1Uc`2;RTUQMJ^3&lCk&oSbSL56`-V3dp4CTqF%AKyDXCax)BiY>c>6SK&CF1&Sa
z9*eSLJ~d_kwJ0W5Dx5rQQTQ-jqY(>~YuuAfOkF@@_i&uiq~jaFov0g&C>cQp`P70-
zrdM3VBE65oB{h<ruWR*g!gjOiB9kAwyK(*O43D~={M^g_4vqI@)}cJu7S-cuj7JcD
z4Fkpb@)z(jJWw-nd}LG>ff#!YJ1c>_yLU}5Hm87$-6e2It>n``34iqwa{Z0`2zq?F
z=&QL@9fQSuU57U5X<)~|-&AQg7+;zwGRXbx3(W>nP_bUFDs(5o^89?<TQVmU{gm>A
z5iUuPBx$jakny`3f3+>}<rb-#H?4wDB0X$Z?<~sAVBzNE5cPKewo))kmO2YH(3fOk
z5BJiwKnhdK7uPXZB0j>K_h<2Yl3h%10X3oeZbRc=a}{RM>M|R@?rzDtlBe0h%-}xT
zIsroHZ<mi1WO!xXnlY7y+<59+xRWC?U-+CL#+#+%_{p!0xi1^THQuSA5Ps5Z#gXX<
z+i^o53+c>h^C+v)E4b=gFSj+jK45)XKha$sIHuDeA6d4%Z6?X?qr7HA^adR*@+l*K
z0c8v$>kfoh9YQLxefub^WX*d*|04(_VJ(6Y6)Wg?WJx;2*FN)B6#8+mpu(WT^67~s
zOd{(*6guvO;0dF%H6OoYJI5)BpKdj@&HT`Zx;%1BJRE!>%>G4=G1)+d&uxxLP7_4*
z0b=ml8+dV)HRG||E4&Unnk?8eN?{dp(5OQjdT5k3+gk)8IzLD0u;0lQkJEG)qcD1?
z8ib!GxOtnuNNM&k*dsy&G~Bs>KqQ{7$DltlJNY6<<qBSJ!>Acyuve%Gw`3c%*lX6X
zlm{qS9f*t|t`EQ09gr?KFLK`j>)L%ss1Y!GXMluey#Y!2>u-D^_Y<#x<>}F1PiarN
zE&_L!HpmMDAIyoickQ2LR$Mv*a(=ZIp}T?TV`)Llo8?~QMA#C=P&H8OPC%oBVB$^S
zEHohinu3gZKyexgm*cXUdYiTJ4i})*OB^1g{RG*i!O;Tv+-vI=ms>=(&l4&QSUKj8
z*R|B~!%LdZZi}Ed=_w#C^Jgo~T{u>k!&2s?-}m}NjxZ7YjT78h#K<Az69rEf{n5x{
z>@nFD)*>wCmY-Uad;r8??5U@)zlP7DW7nhRvF$MCh=;SpeSM+B@jgGBADf$2E9%5I
zD-2x0Z{mS}$jd)A*&-jsGJL0mn*!%Py29TJC`;JsO*uh>CwTX!6yTI@FTsV=k|exZ
zR<5~u_TlMmphh0YNQ~2KoG${|4l_!P5@GKt&XTso`n&w3(VbgBJhg>6^oV?)5%}aN
zwJCY^vcLN}|KDYXkt80#g9qeRTSmiUFE&ErFsr|pVe6V3F&BhtBT&5+p%fC!DEuAK
znMw8_=x|?tV|jw92Pyjf$dHk3r;!6Yrb_F(I-Udez-8HInuD7NOQj3l;$VIYL9&my
zmSte+@2=2zVZ=oaS#HaE%t#@hU-*fM32T(+S?38Y*-$k8Hxl9yRyTcKkV&45`i2~i
z7Wrao+HUg_xeUVHWwbUWUVrPSw}Fi&ue!a0CWqyQf`;oaqRhlNnY*}N(f*2X&6+U1
zQPgf_CnTse`Ll<|PQKo~xQ+v0b`+YlLy$lYj}A9?oCk=YIGhyx2iYG@Q093u3eYHN
zWIA~vPGyD}&^(TgtGcz#h?<a&u4hDnRHo}tXW8R%KWI;7*aUR4BtRr3pbqJhujugp
zJ1Bc;;7PVSV^$I>13AjR#h6D!C6VQ1(`c|Rdp{#wf(3mO6cxQ5`rjB+r%!mrxjRn^
z$Gm@B1kJ4j%Z#M>9HRjKqZy-nLK{Y2OVaiM`E<e_oK6j0xol8{-(bP6y&$v=z>{sF
zNjhvtMy4cKoTt`I5c40rJ)h8=ypLzdn3cfq$K7CzH=U3~?XaxL>6(_A7_r=ibaSXg
zLd8*688YlRv`sTgg=fGJ2RKL6C)`Lzhl_)6G6ZCb4Co;5R&%mA=_pKrt%O#2j@M&f
zU_d3HVpHEUyNGBJW~sz>Y^IARuY8KEl@bq>f%_R$YC@%;S|WU{T1H^Z9z+Yp1o7mO
zKJ4wNB4X<90CBuVJ1N#;=D|extL-M+01w6$5!7E8<1-U^MrA2XMR0N_VY!5ZI=1q{
z=3AJb$f$2r4zpL@!t69q=G|eOxL5~7la8>f$-=!n2N956y}8#v;>DP~f*Ac2JC!_}
zbc1gx%e&TG_}oC`q>51_A(A)N-X9pbCg?u68EgkW_6&f<B}Q8)9O@-ZuI>nr221m8
zn(&I-2u<82;5)o{Y4u@{*#B{K<#9=^PrtIXw8W*f+(@l#ajDxaH-yT}yp_~#u~H$m
zva(z<6_mv_HA^yYTDeeJS-GH@iiY4qVOf%y;?AOmiV6zI4llp=pL2N5=bR5`nP;Av
z@62~bxl7QYc#Bc%gJFV#LL)k_tf1o{%Y5~ip7LUwZz|J4dRS1n60(VOPB6&2{&XkA
zoRrBbOvafg{}JS`q^uzw7JO>c##RQlUWL5Zs0`;RpPXyS@W}e~SrJXeieZ(sny2EZ
zh?i+hv`LKGa4cFN*dWR=B(!y}7wCY4tE5PM#DqPkMfNG4)%+9waiwDWpHpOMlKJEB
z2HC!CgfMX6WWpYN#Ukw~{gkZYyTKXtnpoU7Y-lNAQS_SXRW;SL_f5scVYjIARhZ4H
zA1tqef8DLNehb+w-I0pBa3h#9_)~IFv*i?ySrSU^2*Q;Q4rqaF<=?*w=O#i0kbQmX
zRpq8GKFuTkB>zN{A^i~@2$nSa&sO+|e`+D@ofPRT8YY|(qqlPpyc_cG-wg?<Dtz#r
zTcKS3XX{REE;8>M^9rnTG3p7vY%%zIOaI*AUG}9!z#-2V&D(~2!>+eh^6cAgYf&#*
zX$2P;{A*KuP)AlKR2Q#{nSDx?dB(-IrZJ@B?AVy#^EGREaRK@G<-hs=7TqBvTXXk+
zs9T3}lGYtfaGSlEf|jhiOxY_k(99Y!aP8f8f?GA?pQFgC`wB_n0Ca%OP2i_^YJ&#z
zE4UH^^<{--o5Eq-{nV#Pk+KK-w%Nb$mV1BRwhCc|{r`+AMVj79p#HoTa46NR)Iw-`
z3&K#CTqSB5Y4r%)8@1A|awU!gRUQ|83T%4-$Ofio51osaI8Xx*Xa*<GL@p}&_>PT{
z0KEGUb?(~u*Y0Zq=&8s&zcY~@i1nbq{ha8`K~31#?!yAnhVu@^ue$dR$KA5zE^h<$
z4Cg_@Ef;q43nS`M`>`l#i^G_nXJSSi+3=nVg|ALJ?^}I9k*NZ+#@XfACi!T)Bc)z7
zU4t)qH^gNoz28ubg>Ne(e3MD86s$WfTg6gkfHj!jjcq!t-j!Ttl*j34wd##sn@m!)
za}`vnRccDl6E6DQ6yM$^{I~G3k?!@y*o1fg{MVsPnqH&oYAswtwn0^~B+ti21McT!
z0`>6GJN`f_vbE(VHOoLX1#S{r(#{ur2aL@ZcCSmCx{r!YQ8nz^1G7G){5M*SetV*w
zZhFqdRbBxCfP4kFqiM??!}Z7D(dv>C?Sf(`$FA<C)Rh6wxNBf%n^*}Q{*4EBa+#A&
z2Lwh6{{N2BRjES$`CDdl6LACY%#^Xw=o)R<hhRebv6F+-$4u?~tyuA%meW>vP_ym@
zosxgnUdd*DP5j?KRK8^~+A($PofI8X9She+7feoYCs`#f4l04sSqgpf@A+G>Y8W4;
zg*h<n4VTLqC;M`NB#I#19?`%8q?)f$gQTlcDF93pi<zpo5*mC$iEjIp+PLY(B8Jtm
z5~4feBwZ^oSc%usp21DgDy18O@>SZEq)dBt#LE&=&9j-{PiEsL&Tn0V{N&9)Ddx&8
zZTRI0_t!I431F#M9q<XkddR{*ZJ(00umS-%UiTxe>7SrN;mzu<zf0~t&}j$53nNx?
zc^_Q5<jqR0r@tJc+K<uAz$XkyFK}pR+GVBTj+q?phKRaK73xg1I=FK#6%K%S@5hYo
zQU-mvN*5N3PW4X?BLAz0G_yWw>Gy=Yc)7-R@DoiEq|s<%Z~E_h`pn|b!!xJtZ~RTF
z*?2eOpMU=hgr0wU_v?Qhk2-dLe{np!XZNA95W_3o6>kc>w;elXSk@D|n1qd|j3&rN
zqnO-^F}`}ZzDOZdlOXdr#kd*;0uUO93zb^#7HLVx_!R?lNq@m2Hin!}^$(z)#%4Mf
ziH023n=qKjn*-mF!G>GGx-_R~Q|^iNT-U-Tq`yx5%dx4Gi;`U|i^lC9^E$$lTtECi
zs3_(YM6dL4kmBv%9M|XcEwJlgIk)HbNFJ-MH9so=+6v}w>@weyr8<2XuDBP<`C4OY
z;3-$$kgUpr#LRiOm&VL{pEGeuFA>y+`r<1FKN=w)J0R;<Az!Pq!ynd{Q5>f1swoWj
zCy1v$?c-TVY34=@ro?J^sLACY+iJA`RZA|o{E4)~ZT@>hK?L5E{eiSWbb(s0S-2IB
zZ1f@eTSW+8gxM{%Fh7#!LTgR`iBEJckUjQOef?LkmIHA)QnJZ*$$NM1P=c(XajD4B
z*yiX+{o$E-jO)AM?EyBt7q~5|NWo>!;0;RJBqi0?l+v^knI&a~?*Scg+<*p8*E1_D
zZXz8;%c=FyW42&mB0s!D(RhF}L=oGQ_2X}6Md?UpugO9Ln>pdFW!Z2Ys4XnysUV00
zX1yqJ#I6P1Ls$xSP?J&}jDXE+W&O;vi>?HN>mQv(@=j#%la-z!<(Egq&HGs1zx#UI
zEzg-@Y(PuN0v#fuN@2TdqP$vL{jr20`4e2CFd{g2^Dw)o#R*T7Orzv^0yj>x%~lge
z94Ld>&vxWojEc?XkqjL)X^=z3qxS>M9t5;ZV8;@6J|DjUf5sejkG$}r0HD3ykfwP9
znF&Kxe1Ox8H$4Qh;#&6k&##?nmVLQBu>k=Wyzu+k*eGudcwXuaSqEAS6RojMhv<VB
zOs7K1b%^sWvV_=P*GHOW{(8S4Nl9on4wfw+JeO;kn(~`Gwc9#C^6vIE(oW1y5IHjz
z6S=J#eH9!tir-;Zt=L@}QV>Cz@D5UJ!g87kCR)kL@7&FmnP`tZL~w=zZf>jQT{nyw
zrES;#2<zh(Gknb#E@ojj#*6|s9UlS8QJm&TGh;?vZ)5r7YlS5>&P#vWm>F%(H;C~L
zp?x8*jreOk2dQyPd%V<WN|kt_T49qyr5$7zNgaR0a&~FOHfp&xtxDn0L<OLBN>2P0
z)v0)&$h`b#C)=HxRB2WURgPV*Oo*IWay`=sgchis&{?7=IazR4u*TboNjie4U^rq)
zSD#`@Fy~i7bduB3y8ZvCWX8Pu{@NccRWQOhsWgF{n`1E%M7V0A!Bh#xE^}R_`OoYU
zZhS0d%GWXuvg9M3ed~W~;?BV%z2wDl=QM?j;&U1-WY_6`H7^)^_x}d7;=<GV7z63V
zHh)LNYkJIR;SDh$@(8%K`_fvJ*og=py(V7Qz(KiQ#NI%sU@qnNK?-yst{2cPw`zp1
z`yfr$JVQ}V^ub>n#%-YEi=Bm8(7RK;3#@h*mfzEU@_hcvmP>Q9M>FxX!<1E$5av({
zI_+kJujFj|SO00W8K)V_QM{ZCPOu~RUsR;U+hSV-Q+ecn>;|XtDN6UP@-SAj%c%hx
z((A+<rDX5{c;fE|<2Dn3S)MRJEJ@8Le+E;5K};G$u_MpLoiKiV0;dV+%*0o!8sPTW
zR<Y+X=$yIdS;a-q5^b5q?kw_t;uv9#ZOani9X0TBJDynuX))Z4bzTk6M2eILC+I#E
zz}VI5WS&ACW%C84?3m#K+t72z+Ka{yCAOWqpH$n2#jG7);fcFsbL(q6$cfoAMN#O+
z>BKjL*;s4LxCSbVVn!SPA$~&!Ptny3JbNH!`0)df=Ciy><ECsQf-;42WfGO`TA^9g
zE9N8F^l=Pl#;TYf6_1L8?^15~rUB+bVttqgnPEPdFXWj&&Do2m6&)bX5Kt?Rs*3k%
zC5kUUsBxP2N+YhS;-R{Lhi<8*ipj9QVn!3b*;gx$g4qR-xI;u&S()U7g(*X^4V{&c
zQc_EWufo}bEkKW@A5DL8w`i^_ik%%Y%8e<C_44f;W-8YRj<}f1d+Ao`^+0`3WREq0
z9VQKKBJtsuWe@gtYVH(q_t9TQUP2eIo)_-@^Vv{aZYdL~?<p_-_oU6tcmE2$#Nbbt
z;U{P9$5swq5!X^)mUd`aJ*O8>>HSrSnT&etP*cWSb%MNk!Rq+Jamwa}?B`Od+Ib{X
z8f%{6x^0a0NN|9|X!FkEQyfWvh0g)Io%LpsCC&#*AeY9^u`M_#>dYr)N=ypaM1148
zEe9&svTgTjvli-HTX7fBWp=-7%lh#)SifT7_U<%wJL$QwWwp%-CATQFT(T^J`{hIr
zEl>T+3FL4DMA#_&Px^JZvk^Fpl#R6|CIm_SeskkBwg3L*a#RD`#9m<CYGeGjie4*c
zcCAU69B>ODY#vFI*TOcmVb{Y}W50}^eX|9;XFdLchP_p&B^;9Xfqd{M<e6SRc)tbY
z^G5<JPC|fonv-sBsD&S1;#b(o?S2JR?;Ocge%FmUj*8jGPNBkE0uiehbR}63j7}8<
z%Cwh*Us3eYz+V9Z6ZFdIgcM&>{OMqX)q+}bPj&tS<PWUJ;St$;T~B$Q`m@DL=r&cy
z*h|UFIL)Rg?IH3%Cwe5?(4)^DMZJrx?xnouiOO#j>}Z<rPV}w*w6`@Xl?MHQ;-cF-
zLY=S@3>%j3#GlepP<Js>RS8ZIeVe7yNuf=$YDYUR8IX8VdOcc2zGDDq<4@EptB2ZY
zC+d{G0{>noO=Yg&Sxi6vR9ps7kHIXr;W(f)igwL1egIUuw5dSy-UT(PSCDXhGwAvo
z!8;Z+1@iYXZQCV+rM{%pDG2{*O#M)>80!dU9!1zL;DBbO<}N{4NOMdW+ncMeu~1qN
zH6Zq<HVWdfbSq~MP9F|oF2>{503UA-!iFo&q}~ROOpc3ki!?;=?nF8Pc1<S4835}#
z7c)zZ#`gCt@>plh0&QZ;D#tOu1D3zUeKT$WhgV2;+<vS1tuXkJ>B01!@>cpU>$e8V
zUY1n5)EBJ*R5&ZGs?%n`Yha9-Kv!RMatZQh<E@mq_bGjp#s36r2d-y;Uuk;JLoF|;
zs0Y}mYI=ckKc@^D_=XtR(2n$SByAFP;f?1fqr{%6>E^B7E!!_QQwk5n^eR?YyWa^O
zwBQa?hg`1dKw^Saxta5tzwg(?-+?%!5a+qYcCfY#scSv$)-S`DG{~*#CJQ>Fs-$2p
zgzMJ>U%?+(KK?6+I0i^`IFB$Ps%=z{!t)#&Cli(SR*h$U*~^_OOL|I-8qNB1$FS2U
zFx`g6=y|y97k^l|6i^*Mb0>qmok|VA`8Jwzi2aGhl}B!L`2Z*Db?40TFc){q2Dh!{
zDn42lzU8K8j-vpZnQz30u>=1S!M=I@1~GR_a()8m9)O~*%q5YM5ve@MA#u~>p+zCt
zJcdlqf?-|k4L}>>4U_S6I#`m&V`YmDspps*VW!=*H4eW!`ia+k($A#P{}34cYWlJ8
zN9va|fy2rL)Fz?pQN%RAc_|H2bqi%dP9>)B6ySC64AuT~{281w>el!>MS6KBG{9}~
z!K}z4*)2`7lK+>HxW=jP>%mS}fibH^uLB={PBUaQQFIJpw>Z)FqBHYSQ9u;wuG>d*
zvb8*GwY0Zq2ruxMSu=a5Jyu+n$wqlsVrHVHy?)Zf0bDi}*>Xu7d*l+SS)bm4F1T*L
z$JynAigQX(hZD@R7EZY_3#-)mu145_9)7pergfgL;I6t{gE1Y{<aw#=USD}jws6jY
zWIW3QM=wSfIlPOqRTD0HK8*@Pg<#!?^8nhBi=K*?r)YOONuH^I4Skz3W2U3#TrF`(
z)qAn9XN{XS<P>F^wxHiAoP3v^C0tg)Uo^};CSS^L_0t@3%r&TH#?68^VGKXYQ~2$`
zXf);nKWQWLXa&%H)xxGNN_W!3{dab9KwoBP&@}7l7MJ~r9y8wq&q16F$KB3J9iEu;
zNjTwy203!?Lr9bXK1)iME~8mTiGe?;vfR4y`e?J+<27>n)eh*uCSCGv!^OQ{W*R@+
z8=Bq(x&H7e!O~_Vbe&9VG=EzdxI3Y_4+w2lmTUnTC^Ww2m&QI{P&H+^!3C#S<z}|f
zu||1Cwwp`zXhL(%#`vq}RV7;mLUaV>+79X3PvkQSBTRP<@7QNt4UFEf1Psa*st!oE
zi11^68w;DxX*%`4m$|pQY{t%D@4M0K<mHeyBE61xs`VdgIJpm^*r8mGU9R;GzvryH
zSbomlP<RXEozJEpssPsL#w3?43gG;}t*2UkDgJ7*cVZ~))7}yK6&5?niun=5myY~T
zW-;eORaWXvoSLHu`2AxDeGcXK4D)=Zn`3R<&8fuSTYphnmeYc7jGH~ZhitiD9kJg|
z-8D<HY*~X;yy&Ay+!w>2TGOU}xDjxbYL!#xFkntD?mjng;RKIwE-;P1TjuZYmsUcr
z#I)_72>I}Udw;GobA1I|zV*-bdtOZGohe43>Ynw+!npSG>!ZWjZc#PDzmevghPLir
z++RlcGZBzD*F|L796>}rZ#UWZ-fKuJN=1@(joom-6#C;>SqZ=FvkAN&z>O=K#byvk
z8<6!g5%-VnnU;iE<@n*V<7T2Nn2F1fh6+L|!7EGH5+)u7*lIKl<3#oD#rKEI%b3WO
z+*N8r>6<cv#+mJryNR~jndOmN^x+}kGM4V@2A9grN(%?%P6(d}EHj~V_+G!d|0Y%D
ztR2M^NBQt5W0KjuUvkI$`7uEgU(ZZ<cL0qvbGKW1fs%TcWbV9iHO1kz1e#B~sHloH
zg2H*+WFQ-&o#s`=2TI=E64&{2h_B$$`o*GQe|vhHSO#suTP~P+0i~w7!(WEn6LrVO
zE)rpSbKiW(_4V?O@R*>1?B&dby^FTLX8@(%$`I~@_wAJLX=Hp~xOxRPQ9tTlbK@LH
zM7W@0Q0#zr^%>1_A28>L98C!!wbtVq+}*u9A_JW-+1LWa%~vP+Zu6u4>gt@%T~M}8
zjphwM`*6z%Ny5p(cG?B9&}7#4yy8OPsQ~*~1RAXkt~d8_*IyceH!ip*ZdkAi5jQc6
zT&G%Ub5R<-MdYhKuK6KI`;cbZBiFNg#vt-}X{*0u^)7MClWX@nWRSef&kdAkr_<e%
zUH{dHn^t`&qwk%y<SRkmj$(H?CdO`|hVl?l_8R=%XY?occA3L@^y{LZ%nyp-l*WhL
zfvD@r&A;n6ifbH$^+t7F%v5K8_g%n_C))ZG`=MwsBwyJhiFg_22r=~B^wAmKlqNH%
zrW}i#hJ4(@+<#FOd?iCqTaP3-<Mx$fxt6}PK5jv8w&FiiPfXEGc+W>|C%l0uT{U8r
zwC=OK_uWfDB|XFCNO2lJ6+e6pPdkkmIL9vUfk>*hkdj4VI}M;iR~5}~cebBy4Ad|Q
zJ3&@KyasUj+}^y>uy=ReP}k>BcU(C&qhCV4dbNio45?n9fMt0%3;N{2&t}{Rqe~<*
z*&H)}h?40x`_6WJ;|YunVYwoyvZQOQMhCo1DS0M{CG-_i;6#HUtjlqH0JLnpV4;l&
z^wH)O!JUfDXYYHLG;x;?K*Djuf`bzsYuHz6=6^3`Xt3uMKW>bpTnzAOsvBs3u+o~x
z4U5~Io3TU;=7m~mYJ?S;c)@+%IpA3+0`+1Pi>L#0qSLAkELfz-0U42K%Mmz;^8sym
z%cbV40rpb(WpNY0p04?*u$03NSbRRnG`I%-x(K%jvpHLj^c0+;ZW0StfAL{ba<+OV
z*`$?>{tFnk1IyLH`hCIzb!P{`hhmDX=1;!PL!(_>@}-6YJBak^ge%%?8d7@W0mySc
zZ^Oe9TIqpeTn@y%?et^DOR>i?npit|gl7lV)6gf0U+UWOJAni5a)jvj?z3f@-x4pe
z>LBGjSF-O>Hcw$OO%1F!QrLt~lHR`{JTaJm>;SSE?_=+n2tg;2)9`mS;#-u3#LXN*
zjTdv1(<!>;YIrWvqkO}k97;W2zE&w}RIv*-ze~!v1ABT<KzTM1zH0zJW<jg6kH45o
zYiL8=48?tV<J8SymNL$nE3Ze2!-s6?A>}TMGoeZM6?^v^?n{dqF`MdmLC`oVZ{C_q
zm|Klay=f)#de-^%zeWWA&CI6)$@G?(VPB!M$p}tVt2LA9o;||dF}CfoS+oSLWgLXJ
z|M6ygTYTO)Y)k2idCMrIE+UFE$TFr1+rqNV6O17_o%G&dAIK9<bbZB?SJcH8Fu(b}
zh<W$kSf<Ek^fN{#d25(pjt=|9i+!Rxiq}JLo_3WODc-%J&)Uk3emUID1{aEUguLW?
z%b#!$^Y?w88ONJy?dp!Cdt*NGS}z~q2{{X<MT8(Dmb~%&_!gc7G;?_`TaHQv2MiYF
zD*hORLY~e_5T}${nD3y=J#d~#PP$?-{YhkuwwNxWq$3Xp;g5li$Ipm9EA3jqg-?#j
zKe&XA<*7jk<ApTUN9Pv=?-5ZGHS~k#`>sw+V88$CfIKc0yDaLsvRB<1$mwX$!&C7a
zH;;3?`sBSK%NFxRr8+*q1BuL(PUtUu2KYY_;{|S;YU$v4M)Lp&v}a@7r@EGE+4Zae
z+!h7n?q))#+T7a*2$g$#@6oz0><G6=AdjBAT2w*ADV>#rs^$UcHU$mtJN8Jmwc{|~
z{XunLW{6E5INois7%?q;eVIFWbi#dl7w!Pq6ru||jA}bN5x&RE*F#_Cr+l$}!eN2g
zrjs3o($Nm*dOE#1RkY`T7m9L1u8*1pzG+>lNE`dlP45(H3}cGyTw<E2j{ky4%odA9
z>zGH>MwDfxM?w26&?^R+<_}^VRQF>#ft-->JOGuCPmXa=_pYq;y)zQ=lbeqTyg!xW
zhuxx!JS0!g?#v%9plGSf=?IlyrzwY$qGtkqumLMSUQYaMhdrukyDV~e1qW|J`p94K
zLs8kTNC5H>$q1AyEj)cvZ;D8Jvl)1l61{UVMHEqP2RsT1wOC9+wBDJ}S%9?0W<@>d
zAesUt;4g)UpKC?=6X64E?<<%eOEJlAC$ZAqh@)0jX~50U&Tb~_K{mfMTb({nD|wp1
zTipyyh;OiRy_cJW-oKbRTmIvqjR`KtS8W6+$x+(Q?}O$R`Nv#ajk$+lfhH^mcR+x$
zBcKRy|BhMU4F6cei38+3^5Tl$uJ^o4R%LO|S<+b<L~uK%OpQTHd_o<vXV(U$D_@Q8
z_d5(WCDd$Ou=T7rv&Z}4^|W;;I!q?^E-V}~2F~u9iFJ`3%j3Rcemt)HYL6wu?()6`
z?*~(`T12P(0hH|<TAnqFaP}=_zL4-+y|M{@hww|_xsEL%u!k7A{)E#)DbSvt%}}pY
zhr#z4TG~O9!<E+<gGu1e;9r3DqA>Vm?O9IvX4zo;hCi#U8#y<Epn2-$(acQ+5VD0Z
zcUHP3j5+&KTsLVUVh?CNLe<Cp5iz5Omy)VKqihxR;12TCm7yqTTU_r}_P)FTmnv_(
z-;!@-hjOc;TKtl3i{^{p>b!~~FOPd7vbEezIf{ku{A0gR$9hV2jiM^;z_(2Qm@gE9
zX&}3K$|l)t?U*2k1*Ur5ItVtUMC@98D#ZwlIDBjh$aZYs3C<tQaxZ%RUF8-nGL;2c
zh-Jl4A%nR}TkzDe`vwcT)8}!W`10Po09d@1%3%1Lo0QHIO9drUv7OzoN;bkhBBz{x
z2mZ?BA1ZxFKCAoZ6HXldC-QraA|pc0AGBYp>r_jU9zrf_I$=ElCD+B_5<7sOrVBh_
z$?XUj2)Flipd7L(sFjNdd6`u1oUc|UIuF~JM8z&c9wo^SQp;<p<(5k+u4(1qZ9&XW
zH_@xn#xl)_?Zn=}D8zZu>7&5arH4VH-HXMuzr9jH4jAF;8OR(>*Qx{a7a~dEeBmwk
z&PYJrZkJ9>SJZA?7DHjSlr|d!R~pKImvM?C`)6#e6K?EZd^(#6q@lLhEPDOXJ~d=B
zAX~Gx6pHdOl)pat$wf7Zb8`_KWDWao?)It#E4IiBA`#>jyxD~E)})K7$=)ewy8xsk
zD#SdJ{$1)LF{N*&cU{!%ZOxe?UH!u$?;rI0rqy$v_T8aOoG70jI+jOP(4Uy6%@KWz
zy+;Jf<EKRq-a;xycMyorlpR_MRHrt3{2l^8a3qUR-hcpJ3-m0SnISykU#3KWtD$~O
z2rw>9ltKvsn`lfy&!qhZPh6-pO|Hy`^uvdGEB!}fZDCE+5zLq1cG70g7ll6f19Cyv
z6Zoqr#46Rq7E7+-Dk46Edl}ZIK2EE68*rJzKl@$l+;T1ccm})f(~&%lK>BK7B{U%<
zxag*;cu8+2zVb(AMn-6PvN9+zOMU?3Pt3)n%~QTN<$81oCv|7;7D-AdWs;I|rWE4&
z*z3zo(laSAR=wUvRW_M(FP&CggOb79!=U<*b&6Wo49e|qi_06+8$Fzqr@SI-1#OT)
z$#DhK%qIHFqJ!EDc3f$QxLQ3)n_mrei;&&M-QEgPhIjcsHlB9@9uT_ejMY^Nb|Ty9
zDUFT}%D;#hLfH`{TY)jg*eLf)hlB;1iw6-(LVIi*;Ou&v$5FDopVBi`S7j(Dd%1Z!
za3%1hpY#L=dgd;k5{R)xE%_))7fW}xCk1^#C7xx&3Y`E|+mx1^KE4^4e{YhRCfQlT
zf8oHiCykx00J66#xfSP_4b6hz5$E7)7&}TCB3mxFno&Tnwp9W+Eu@SnvNH;RsCw4U
zYz|?XLiB7z<$Z)EsFX?d9d!YfbuOBL+nK7a#Xwe@s}nQ$7~*qayI65`4PZ3{(>0?2
zZ%3V~oy3sa;mx;XNP(WF0ra{-&`b4Y7?YK`f)<t&Pain7hZzlkumO*2Q4j=pVNjfo
zJ=ed;<rx4kbl+y`wigvNDy_6gQT@6M?5VazR~r*B`Q>EFgY-sn*P<uOrnCU7su8qM
z!}pnis~%0Z0FB3*K18b`Csa6nNoA;PjX*_(pw=!`T(p^YQ4ZcHaJ^<nQjQkj^_a&{
zKgK(UlN@oVLkLfoF8t~PsP_ggRYF!~MWCwmO*@1bfY6nGyxRV$zlPM6|CT$}u1)KW
za8`P9AZadDJ5Ug5vsve`B0W3}ivCA>S`vsJ=xvWO#qKtW8=x%;S-{^PP+`Z|UO=Pj
zxT}YDvB3a+jUkD<w;hZ9IfG71j}p}@LDJ#+X<}7I<GV2AaZC1w8GT0Ft!sf+jnzMf
zw>h(Us&xDcLchQCeqwt)Y%-N{hB<U$6h@5F>GF*?(zf$vtO}?R#I37RS<v-y$j%w;
za{jN*nO+Zlg1BZ9c;`^?3aB36!VYyMjO~(2SV8F<n8}PkQi7x|9tlpzA<qyo<z7J2
zbXWmlZl_Xzq4OlQjk!qsv<5gvwUPWK?Z5?+$)5zVRNtioCD=p6B_G?6cIH|m%rerS
z*v^VK?e!s5eWs+R(JJu$0GDEZemiyrMHd5&We;I7j6kVRw90yTAKidC*uLoJ@*J4-
zZIKJ7qOe1`N#kIF!%wa3*f=>s<c|blEXZ33I)iXyD+qv^?|NcRKaai)Ve6z;k|n#|
z4p&vFvjg_Pht9*AAaW~#OB*1W5EX$8A_^G64gO0u$!;I(#si}^%b}dYHi<S8$5>~g
z_Sa+6+RE1*!EU^X8;)Hqe;8g>GUJ_rg@O!Fk-lAA(l*e?{9u<vpVb75P??Gl=4FR5
zL0t{+Dg>mdoZF$vP%CHBDQy8pboqSV#=`1;e~D|CJ0_DmW;{8ODBDHS#8IMEhR`j+
zbmz=5-p8qqJ^aXBkX_ouc~M?_8OEeES!LH`Q^l^mKg;7A{$1+JuWI#I(nG@?rJPf4
z^X}|jZSeahrOROeT9x3gAQhe-u!?D56Mqn4Ndo+J{qNkQRs3+aIyd6JK(qeWBg$|`
z_a4FhqW05&8-}sD@PbCPDQH9+?}OvQd&P*sh3;{;)$z*aI44;kzNjx|Z8?IxSTI#L
zzX9!{bv|`nrnZtqUXsR)Oo#(&TXz6u7v`S!#$wWclyf~^YFr=@$jkrbqqCz){4xsA
z!dt#YP@GY~<7b+gXe>xGc3t8GD+_IeH|A*Yr6vsUox3(tXa$-k%7aBGfAJD}Xpdl&
zy1$=@<e#?ep^95ZFMsI0TukjH+#BV}!iw(~cAbD(my_P_h0PpUI<|PlvPErC%qosT
zj(^6q>K8dM95!PgrSlZq%tO<;kJSB#*?ufJ`R<=vcAsC6GX<xq24ig?)xeO8c@A=2
zH9ulxWdb@>+&A`_q^8bvQ8I;gD%I)qa!e>)GXKtv@c0}&%HmJYKS^Y8FPmF_PIKOB
zrlY(cSOWiHdL3v2N<*k5F|dkC)tkL137zDA_F~R7@)6*q>%WyHk$X>ZLn!7;!I^FT
z%LaS+O%JwK$6W$0kn6V4b+*$Z=w|bFr3N-fl)dil9oc{!a~mIJc2m37bxEa}GWSCf
zCNV0nApX`nz!37(X+I5W1!wxI8Uqz3oJsx8d>Qf=R_xI@xFX1WZKKjd8kpA}hrgjX
z#D?N(P`~U39BhiWqlS-m?Q;5}{<6IbmkKf68bl%N3tuyv7J+YyZ;DlIYFIB^i1^wl
zJCE~Er2&mF`pXm1n>fhMMMzsm?s>4-`*&kl0Ykc)Ho8Lzt%O^)wUCX;%P=>r4PM7E
z)Zx2hf}sFY&51el92H&cxw9tUH?a!fbF7%>-S@g1T?kwdOit~J{2Jqu#sl5*PYkAT
z3NBPrDjpw3?U;3F`YHr&r#H^Vb?ZF{_ZVcZP*m%AA5&up_XH044*?zN5!Ml(R>WvE
zuKN^Tx-tI9dDUM0rQo!ZLb3bn$8Q_$GkCE<DfrNqWNS41ENxfPQz3CZ`WkYYAC8_F
z;T|@|UVd!ly0ng`$*;)c3hM0Tt%+YdW2fM)%SI@=!YlWq=Ni%dc9DDotd0B=q$9C*
z#D?LpipTmZ+NzP`A$@vN4C5JVwy+biOHqR46X*C(^)(^Bl%!~#k+6!sq??Cq+H*0P
zTEe65bPm{8ot&A9XRZZzeDPI$7fg1mF8`)!#olUi>jgE>?1IaOYb`&S5PevP7$3O-
z?L4iAw$-BHs*ks~#_Q&nl>a)+Kh-xwcx_u6Hi@E#jc5k$5+9h7wLE6{aPC5h9qO;@
z(~+p`g~Zd+5GwYp#|&MsT^NED8%_*6vS}gMKL3FWTTokO38P!Nj}LI`V+)H5%}W^4
zwLRten0Q_JtzQX)PKf{uT0lZsl&wl9=`iq+oF;jWw^gkY?B-M~g<_iC;oZ+b5@tVR
z_>LFC#S(*Uv!-gNg#vg8JhUNtRI+^q|8HM}h4c?0gK2A14@4g&O{$-^`~Ij00hMfI
z0RfbZzQ`#v^dJ~CtH1nP95;HW>JALpan6ImKFS%QeKBV6e*X8kTkM`j?9VKQP9q!Y
z+r0uVR5LdTx54C!cB(i*qHD@v2Kw1mGq(;O52749cOZxW?IJV;QA{^z$EN!-h?s<H
zTER+tyH_V@D>k-Na}-&cH(m_rsTtRwJGUrt5=Fgcmb@7sbKfp>md%T8G#Z_2lsu^1
zIWs!=<d2zp!Y(_s(pK6VsO;gc#4H0KV2F*g*KF=O1bWhKjs&9*iWK6cS3hxERr{wp
z<XLJD;!<4ptEl*u^1{RXRP<=3pS{ZWCrz@U#auMhXtfRfy6ij_-jG=0()0>zD*ugn
ziCvXg;+ye`o;Joi8$r1P34hQ>L9FHZV|xgxFbNXnr}?p`s^cYGuUY{)_$msYv0$+|
zQ8l_r)k4C&(yU0trJN%uj`qC5PFN0P!U#ObO8PQ}M86&a-RucK<-`CT<^N1Y)jPj_
zgxMovd*3P+Crp0uga7dq9V2Ah4C}sTCd}0J&xjTNc~p2x$pB*(bg^v7zEVZ2dx5LL
z6sVmYWKApNQicz3SqrAH?1^Y!u6=jMVS?nbD9IW&p$VGGzZ<A{P02YSPonseeJ*Mo
zx=ql#r<rNsg!Cyf`Za{i;H_t0gy?CKWrsj|BRItQT$t}_U&Wu=Q%yz9=+v2|9;@Hb
z-+|&@g>R*z=<+Codt0H-lA~~aSbcO0-G{k`G`Ei%_hMQ6U-PwbfsBl&>*>j+FC~@p
zBxgr^^zStj?BV@dc3-Bi0bv!!bR^=XAV=CgY~YaB*b{G+km`^^Xb1JF8h>ab_B+1w
z*1Tl!e>v(wOD@d?xIIAGgV&Ohr2rOePdhKQQN2cX0JQ;e{(e=!Som&!Xr&6!dODk_
zOSe;>b5?Gtrg)w_yzn(;EbOi|;bM45xOSJqf&o_p*J6x7W*~s6H&(KLaqkdBwh8%{
zuSl-2#;52}hoxsAdS24N&W^^`anlT*x<d&PS+bfn&lyEeC!p;vZp@~5(zjxotlPAj
zxsbFDget89Twt9NR+hBF*$#+}2z`X}f<kDVDJy{L;8rovVy%H+^4OPqcER;`_=mk_
zBfHubnQa}}l-tXZPcA9a`E4pQ0|q)x-#jLW3dhn$xR0b44q)W)_89YfYPVUsuH<~^
z9HIF>f<u&}YjA`tG+})NmbYOxi5WrIRc>}kn_u#?;w_!3Q{4u2jZ<&wlSML4Mz!1=
zEsZ-d6E9T#+bEVmaR>NFLSKNwTXgCbU$=AxX7xy;5q-xMtywACkKpUHi<{nj*Ppaz
z<fs_6bSy!b*i+0wDLfWq-&HyMh`I!GG$rdOHYQqI{1gA>0I=qw$oC{v)Vw)O#5}-X
zcp7XjYJUDu<fJ|fCYY*>1h`gJ|F9fsI^v_0*-hvWG0?x(fl5VVST>P&YjmSdY3*45
zgQ(V6#&F^QXPa{5(j0c}yd6wtrd)~pg6VOKrc||ywdJesu{CDw{I&q*k&=-cTrEZL
z1@i{u!l(lvD102NH0<WZ_V{i#I-$<b*g8(`7{b1}FG#(^uF``1TCV1aZ}-4!)jY|M
ztI4#~@dZ8HtVZxiVt->mroQ0blZmyJ4@&hC3eC~R)7TwwG8KPif)4+gl-P^@s2>U$
zJK^Q-Bc4F4s?9&s(Vw|<Ls#K<UNY(_Lmo_vXX&(wn|$$~(i^2e7I(2q&C_|Y5!TP#
z8JX)!IXGNnEZWT{hNz3ad4h}ipnWepZ6hU~{JjWmv)ajjvcm6HL55qy5)3GM%6H#>
zrt$bnvO#I$83Y#24*!qeAgnmHfqj8h_t2r4&ho`z)}W=B9>M{1#KjHDgdz>$jOqNU
zYK6eB2I#xwJF-q?8yMc5rm+5?I*v<9_cdm&DqUX9tj7!(#2W^x>;!K+_JeKujJX~C
z_@jbX9SvmFveIMm&CFdR<5`o_EDRM$u+@GjZ-KymiI|Yo0sKWv2{)pw)1LIDFCF4r
zrFPJ=6pyiNC2XSat>9m(6h{l@q~t3p>-}}!SE?c}lQOJit}Bh{`J=6sDaH24f$QcI
z{D{E*oYE=o-u*w(fm6W&KG>sJK((3FsfZ2)C6A9$l`9y0wd~C=Rj*#2HnfeOM4#dk
zhIy$+qj8~0!GeRgzB2=tnlHs$zZ(v@GlJu7E_I!4Mnwfz`nuj!Lzg9}t_zg`f*MFw
zNh#)u3oHC*qtz;$OGAwCElzA4L=j@)IupWM6@cqmZX*qeEjUv@u42YpAbj&<xP^6!
z)zVt@_aRi|5UJ$X(Z#(&a1mZdn|0u={QBiQHk+wg-G718Xww!GH4FkIu1BgHqeu0I
z^-EW&9XQI)u)pSa?J%qYrjd^)m}b)33|eW^iCh2-M*KqYF|G7uX|ojf;BHS5oosxI
zyRvN>W4*w-T5X`D@YWQ&5dW~xN4r=B2n8#Nzy-tQox3>rluxboxaP(k%9V^5;Lw>b
zU36M*fbgoI_XIxnnY?)H$IpP@AJN?}ul~YUDo@KzRl$EuS=?5!jQ!D}Cu$^oZY1$v
zk>|b2lKnq2%*`)&lAY4AnnHm+tFRT)v;$<WEGkc@By=r0LCf$9wdx@3MN!(lIdO2#
z0d`lL*o)dg_mqT9Uc9GT2IOKYvlg9J%BL=NtDbO=G{c!DvXiI21an6dSj!XEa8)hR
z8=ctWorzT^!{<K;BlaWKyYcz5hmb3!2f+bmEwF_9I=HHvbKDdMW4=wga!cv*QiJL^
zMQ#7vinEUJweta=hu#h8#@O5F+4yUb5J!ZoAp6#-!q(nBFeJ-nti9s}gGa!ucO3=X
z--fwTAo!bO9W3Y_&Q%;2)I5tHfhPN=Xfk4~GF6S}%aqfeQ|QA4MJDd0|DSw}r-)5{
z$xwA%oio-9HTYvz+Za}(+k>rJfyUasecM|+Ysle0F!sY&xsY1dneVY5crH2VcfGjj
zhA*|Mx~g%!t%G;blafkHh3WwKD<LXJ`U<F>ja4f0B9u4}j9il!x4XETw@h^EXLzz+
z+}#p+KgI%a1YLoBX`qbSjB@oySR-1?;zvQl8&m*}meWQ!xv=+<va)~O0_v!!=piKR
zu_90r`^g^cHcu0T!vNA=>WphTn{>%nVtE>GisgL8qv?LZKhUk!Y1v*G=0@1^!hu2G
z_&;Kk7Fyal$n(Z%7tV5e86c*vTYZ>!lg_P${eBs@guIY&$fMJ=R32P%`lm1Cl2{Bg
zQYl^m^|cG00jV#iy>O+0X441(CwLN`!NdI7An><#k_1nY4Chg6(4A@Byi3lX2g_XK
z$Kl+#nq<+Og5$x72?Ug<I(XRzNj7~WtyP(J^U8J|N8CQae(^K>AVH#vqx>F^9b(=E
zKYur+m&%ya!?x~XA=}+q)i3tb8%e3kO?KK#@2JFO<MW9dxP2x(ms0y%W5BrSeGwF_
zo5-yihP!W-EccUt);Z<cDh3}~+&qw7Bj@Xek$umr=-wx3utxa}LP!f@w3HCFau!f0
z_a}5frz9zq-D_hkBgOfd9bn>8RI^LTk%jxX!y}~|RAH=A``s}5kl0Hfw1#BYe*q2q
zTt7Gj(LvwPb_tBPTBB*>`>IA(ly10A=TWy;p3ZBqDa}cR*jJ9l{;dRt(0uUu*_$C1
zxPw;B_h4Acbt}Y1X{Z1sSn(?Xn1eLF!RWPSg}m5r2qkC7IsE?OzJ|06bXbKl;P(Ak
z^kXfs_O=p|6>*KU2MEiB*+@m}X;v*O>bW6l<2uz*OD-`cYxwA}>rCv9uI=5xTwkoo
zRb1fJ70R`BjD*ovoh%;zQF*=!>Too8ZajkVE_+YAeU_voOPnF?<*&xs&wKeH>=r6m
zU#Yk+`cQlI;N{r>BdjF&f7@v<?H2GXRrc4fYJ>dNy+;P+SR+uve?Kz+oHo{MXESyK
z1N<L@ZLj7$h<!Fgy9YK_#GQDP0{w{m74D(THm+7g5k9v8f6<eGvbAFyP@mT>aM#P~
zuISGC4h!F_mM`8ap6e)2c4!Gx2%uL(OUc^(*}4fLCUCm>lG&dwgeMdDbe&@S77%Ps
zx<s1m$Z7N1cHYyQySdbK76qz6J$f+Q5}OC$56Gkf&;le&iM?v0yk9Gfk%7K8)_Ck^
zhW;@CIH><!v6Pt&X<nwVrB*nlYjlD+K;qJa@V8MSc$WGbV=2YnJXCY}x#;?>*3)f)
z>rASdI@y6+l=E%v*p<LX+m!*FIdcR0#!%$w)^>A1J!vCK6j7ido<T5HcQrbjjtSz}
ziSV2KneCb_V5z;Ru_K+AQ0w933%M}-g{zu;3Ew;Ng=-`wbW}mU`nfTWc9mDR%5sgW
z6{lQKj;N`lJbDeVSTRw6&%!UnX@6k;!{<Mbn&pl-_&!osKz}BD9!fkPx3!<}wE<eX
z#%AAO6LjgH_45xT66hfyL_5m0#d=`x$<)<z`HiWW6bEJMJf!lF*We{?9KY|po~xVW
zYu6M}C;t@fO%7(OS$F=o(^aZ(5p1sRumeNAR(PkZFZ0dwu{T5N_Zp7@Th**MYxqb7
zymq;Yy{&@&j}L19pwJ0TPVJVA9QjSZ(14qxtcfYQqNwm@Ez}h&27bC!s`lf{{JU#;
zT^527_XeDJbgcqEEKH0y;K-Wh!jd9C%OV@(Yv3%>eoskl*jGC7?<wvu`J>UuDzFXe
z=l=Wl+Ug#Xqcyx!f_N$Z(s+$22-NmPmhBP(X<Mq;)z)Hm9s~E7b*w?pt`(%N(i#?X
zty1TYJjND5O-B5v(sCp!=YcT)Q%z)K{Crscj_wzme!6_1jjn~&bS_m)CfJu|ccX7^
z8w4;PU_LmDlahWyO$aUKsx1qYw%9EEU?%1f;!D7J-z*oEg~V9th>d{E7a3u<n#w4j
z``M3KwSl)<R63yR71qq<db=qNLu8S3`E<C+uPJiPOk)n&RHOrF$9u((aBU8$XKT^Z
z-#S7m4`<7*?_$cub!_8Gd(T^VcRkQe!rWe0Yaj4zJ^D{W*zJ+K!?Q6sD{t7`2Vu|S
z4CH?yitp<Mg0;ipVCg#L_nP=IJsiD8_*ob@A%j^q_A^7QBtx>7lHTA6jlrNG7FXip
zS=R&Xuang&-Q+7dVHBG1C>5?=9%D1LQ&yz-8Z_hJplw|icZ(wG1N@?kWM|}?&^F|M
z43_{}9wl}au;m{jSn@<xCa|e+g2x^rVn0mo_17nS{IbX{Psi&qBofckFDhz%0Yl-3
zXb*3X8$*^J1fJFMrX_n{Vm&{XMy-%Gtmn~-n%d2)P1WlVg>~)lz$hF~KG+2KE&0%~
z1Nsqn&u&Z<J~4bC;42eE4!@4lYjUq%dOCfXB2qX|`{-@MC92{>L3s0ZClWCDJ*m>0
z_1>U0plsrj!?YIQ>$Kv?OBpPe5@wF$7IYNVJ??qML{zSjzMgv_l2f@L8VZ@C=qQ>Z
zXYuxmX-z1FZOC2tXOInoJ*8@kS`ZF)t0(dxkP-!#^vzx&AGy?K$VCYUrf0Fjl5TaT
zF+>zAGlAr=%GEZJ!q|3$tO(4P**o3ziIQ$v)9u1o%p1OTbdz(8?uTBj=pG~VkbZ1!
zS!(q0ED<)%ICD|{TQIX$a+vFQ5p+C>_Cq>@cs+O9hH!|p$}RH0qVdGzb+jrx7Zudf
zE$*&a5;wbS=|EZ~g}dR#S!=lqJ2myOUJJwHR#=D@-E1K(U99G(Y%^s@ywW5+3VR~c
z`tXvtDHTjThNr2&-A3d7%9idN*mNxZ#>5NFoxQLt*GL}3O)gbB3vf@Gd+&*2Xj69h
z@)$I(FAOqitEAr^$6i>(4p5|g@1=bj?<G%eU^|A3>Kf#OpsxG`F!MOaWt;@k^~49b
zdk|!i-4Xh;D~YwIOJ^?=Ys+G`kMM&C%DpA@E+3S=a!tZGbk$;c>jOx5h{M=}l6yhn
z7#TMP7e9_od?O@v+g0<ga7_pc220CFq)2nwpbV~b+@iRc8LU^#_z}%%HvD43XnuC5
z)t$cA(2dRv;#_p_GQ0>rKnXZP+Q2!@+6FFNkI#$blwq1XG1vi#CFdr^WDqZLS>U68
zHi0i&-_FI(+j8B^t!`Ia+GLh+10bAc=ffrpIYb-f&TM#uIDsPAr%C^ss>`NiBJOJ6
z#g%*EEEyKY%=xOm@gs9-@yG;1?)+3@%yrYVj_DTG*mp1BJUGSN(^-()HVk-VccXqu
z6hTwjrMWZOIQT%5hP!B^1bS{|*hl6DKF(Dje*C3Twmd8Aj<Z+1t%JyXOUBKR-`yk6
zW;0Yc$X14Dq>^w%O&i&+z^Q50u}hR>gy;Q$0gtc1(S#Z0u9@h2g6TWt(hJ?P(`wJI
zz=<--=%u+#<z3z<aX)5S=x~`bw`w2-CMir*=AzOx&G_eHTec;aXAIHi=~r*&3}qs)
zJkprhwxv2DEIR^dc_{uPG{;^mk-M@Jh*{iq$~kfYrm;MER%=P+i9R`pFrN_B;5^1j
z?ffgwOgL@h-{i=M@ToU1P*%}DH8k0w(AI2uOCoLsJ1;JSuiNb`<;HCp_v9k)<Pmd|
z4m1dxcjptUDP39Ev&p=Jt}#R|wlZwTV7GYZw+Co~rWW?uDxnnjnM!Ao^k*OeiwS!S
zpNqdqlDLSglWz3F9BLYYBYV1SKjB7DM_lje+au4U^Sxlf{f2h2WOIQsMK*Rp8dMoE
z<a-6p2a&_D(Kc{8&`I;w2pzY#mT5(QJ*5m@N)syAl?l<)9{-=WD@@!ptr$C?^t`9G
zE@pURUqTYrFqgxsSBsm{1cyh;-3;b8>;xGm2Kzo5nK&Ewt->Cw5|SdMWkL^=#j@Da
z^~Ow@d9~}PRGZ}xJNf`JM1NHpz2uNatUi6gp_uFAydV_xj_(VHL@05*sO5tUl@~t0
zTkQ&-p4Fn-CFN*;4@SpPjvq^rRS3fs-zoJ?DcABcw6m1btF9Az3~<A_$iEASFhJxs
zg;whGVTvUZ-VtjM<F6%$2wUiG65&%Vy$yU%G#m|6WbsskH9=jU#yuj17r4An$2szn
z8PH<52a)F9m87LuFKqqkYlOW)(Q>dX+caA^1}5p{rVPH-A0xa0RzI630kkYSGWbBV
zf2~A{Ow4+{Ip~U!@28`lmDfkAW6?qf?8olIMhv8dcM$J5Nc#XWvTosTzByO^)E~5F
zWITW?c9jNjkstqJB5lO>E%P~7AHukd5N+a<Vfj&l(D^@N_orx%2mgx+0cFbjP_$6x
zHy-FR*u>w7ChTS+QD{u84Q-ZLOsi0?az+1H#a&ozVS!*TsQeQJ;N4?CWMjTu-n?Qs
zk!-Bh`$^Z#i^q2hU&fY}!|rr*JIqVQA3}o|g^PvShnT!dbZ082QFvLQjOV+g%7d(m
zoK-wTCos!SE3Ow73ttF62&K9~F}dELnBed<1FdQqSiwbFLxcFID;=Xt6N(Iqxh0IV
zTn`G4h~YM{_i^QT{~&@lTHi@yAV0v7dwspbscPM;?J`uYv<q6~x5c3%dZf(?%$aG$
zxyuyKMTdj}l;7r6C{Kj)CL5T_Q#PNUDh3?HHaCqq-kv8ot0za`lgvBa`9B(qwWS<F
zxo%P0s+qDiv8HrADW;%^KX(lTF!!Vvz8dacaE}{Cl0`D@=CEdNTPfC)ws$61=s}d_
z3Q=FTRHH8$#?0vy6<*C!mJ2)U?oWE)v>-R~%<&+_cIJnI2;ih$^>`Aocv6l|JMTKK
z*v#;D<@0&cyN?@}j`8gSJ_gZT?-FyPbYrZU&p$abP`TTx6|%kA5zG(wiTz*Kb3Ep!
zsrCM5rVKK=vV3x=k!H-mByEbBYm5bz2+NUMxyl{z!P~0b1gjV{bAR6tqT(0vQ<64h
z;??v)NTdbC*ho6g7Sl#4?}bF}xj35y=8b{~&87oE3TVJS?n3a9AOfy^K7KDO!4p>~
z@#-F*<XvgP;JmVlWcnlC)u0=(nphru$>%Fs<1}l~GJliOtsycWomi@ee7CPw#o8|X
zQmp86VyMgtEg?KLPT@4BrD685X1bA2{DK&HMp0dHC3D=lV*DvBAueiLOmKopONnql
z@y%pniRI)rFh(;TH-G5^VZ7)}FB0X-xMQPT)n3yLM#Gz6w5?4Glraq=*c6Sg)9j!g
z!{R!A#PBpY2CjTQ0UWs}rYdtC+L6KY#D#RL|CRy?2`j#mVSMcx$P`d!Gwb>5@H^q}
z*<?n<v*@{`KD;B43!0WB$D)1#KWfbsV#8$1DOynPBr%a09ki!^pR`P}j@j}+HSAUa
zSGmsHA8*t)!x(6EP%UU`v{vQ?74%9vjT|MO{I<qrGrDiFJ$P>=`T8pMJANR#;$FKK
zxJIr{Sc7{OB5v+BtmXv~+EtD?LFLKY@NKT0V};iP{SeC+6gv$h*KWzSYQ1;G`_&SA
z^2hgrWt_xO<N0k-z?UTJ;HpDk(H#!E9JD%~?;cMMM10;^pcu7R`f{+T<!9=ZZwm!}
zeU6%s&4SW|!1;NP?SIDfiJ1Quo@JV^K8B?ie(@my%T&dT6a2((aYKR^7kP$Eo`nB4
z!YWad=HK@bZntF6Alrk4Gyk5DLgk8ibDKXA;%AvfJWoRT!F7%d^!*y$Zr=DMPBY}G
zmKCWa-tAVwR>aJ44YGLR;5P39S3#ce#QR(0KR*>j6NdI15+IvFq})Ci<Vl3tw5v2U
zXyzC3_ZQ;tTKWG`bmj3(|9`wvsgyY?m6$6!Xq8Giwj?2H^;JpODwRsn5@vQJgv1<`
zO14T-Uolb{v7remi+)+IjX8#4n{9S)zt8ud_w4ie?6J+>pZD>4Ui{b{+h0eIrlH<N
zN}2yl*5OZsgTY!=ux50rkWTs&eQlY}kHYe_2K7^C2)^Tq$IRV0uqZosvYe5YYGw?I
zb{wcKAG5GDp7pBlDsDD6rAVFtlpQlb3C5S+sxPejU;0${PQp9T&V~Pgj}Tm{GlYnv
zPGluj=u^0yC3|5@GD1xHb$nU6jOn072M((WLl6y5g{PbxA&be%hhwu9G6LF!e-5`^
zb|fpcfJPYnTbu2@H?AT)92{E_-cEF7RsBm0o*i7oA75HXzCmtw?>i^1R{cKX5?GE8
zwHh~`968Iy0_=TW`3_=Fu!a;-Ih(Kj$7s9@!*kuA+UZZRRjZ3Aw$DsiIN~7!&vo(-
zL!oS@WW*FbxXKN6&{)>gQ}=MIyGR1l8^+|5i8PC_bkJn$Cok;Yvp8(x1A%=Rr+?wd
zm-Z?6;&3bsD1un*q`i**yIdRnS!w1qq~o22eQ;JgXzp(p5~~03U2o-bANQ=0{<_5f
zargNDytu_*URs(6x-6uXMPpiz<DiTnke7!YUe7&8-p&J_Mo3n()8wTMDLzIlT<J;|
zsrdZAWM_<j*t0IbsXV+7_Y*G_w4w@7#SeQHIZ<S<gwMhpb>`|_@?c>ME(OfLmN4$$
z9O&hQWCh6wq8>97gXI&mkLiOTDLrj$cE0x``||bN`W2$J71AEt##%OJ$v#$p;KEMn
z-pY3|4ITmYoNaC5V;4?{3E#^m^j%j#is+i1aIg1Jr;VBbhcd_@IBGl;lnE5ozy1pc
z=5C2Y5&!(f7#?Qb?}1v&wR__$(o|>9(4rSitt^TjJ|GFVp2vFV7kA$NtZcNNXmt(2
zO&n*?Gyk;K-;?J<p^HR<Ytr=;TW#2TXyQ7x15V*9=lq$%9d6VeF9WS#uJbBK@XwD2
zJ`5^8&gtu~6P;W=6{6qKz&?Pp#jmR0DVpwj8_lT6_Qcte_N|p>$>lC5IO%-tjif?l
z&y%STdd+LYL)m$*!UmF{zq#Khcy^7`0B_YWY*KNTV@2{fhMvFDQIl;(yZT@(!!)Ip
z_z8=BAk2+EJ3FgI(=*NxzO+;IN4!Pdxa!g({+|}0IfZ`_)373HGL&*F-Jw3&9r968
zi!+%&wc-YTHq)DgtWg@|pGfmV%D2y{@BM-8SfV<}DyI#f{1Mn4|MVX2rFp0H=H+cX
z%!KYijK^({kx)=I30096c=tK~{K1?U4@vY4wqg33mn!zRu?{w)pqZ!1byt}#!#D=L
zZA$jzfZC6&S;*BD{3$3(m74`O$gVTUk{O<rmJo~+pyh;oHQ7KHou?BI>73>WP_;t?
z6ij_zo)r?eXzF}rx$_o-;~?@U?DvB}f7Gl6`eQUH9pgKYxO2){bWjLoR2RIkG~v{r
zMDG@*Tmm@P1yK6V|9C4brq5e^w&wU$UTeTRe<kkoFXC}ox=ZMG_k_n|Ekir2otVc=
zEcg1zw|G$2G;2nj;PNw6UT8-v-o~AX7CdTp9uH=#1BW}tL)hm|r4j~o@Yt?c(bmzI
zg=pvzk-9lcQyO$?bC>?HYR<x6DvR~ELmS|?|BjXD>}W>#Z_UidL+wNBqtqZP9q5rf
zxWzUe=jSQDlFS=6r+kZDJ9kt=u0Jcm7apP{>@!e?c2k0#P&bFEXs5>Tn}DI-TT!hq
zuT19o?^3r`hdWd@_$s?I!D8hNUcKQl>k7W_R#XF%<P|ErDo*E%ojqqJ@oReu)^RZ$
z>(U0Xa!p@Tg696F3RT_9)!+sJ*-ObY6@H11nsazESBjZ~F)7PjE9RZFOjnNnN_)iK
z^*HqFY8W#Q2CC3R5V&o4kH3&7o9Mq*-;-T=d^fFOvpQC(9sUqe#Eaf8;$PEUs&e)w
z@Gh(x7nC)_yJag4$g!O<y6nfg1#W(V`$eCI-f-ScOt?c{xw$e8be)|EwD-XB+bsTe
zrx;)KT<qSEA45t^*~eimGXyqc!1|dJX;r~|deM|pw|0bYPXRDP%og4Apr+L>I9Lnp
zfBTuLTtur!UA35+mSbVT8SU&GNqizNj(lS%dnug=1gHvcnAZ6g<!Pj_=VI%RnK96m
zcvNTF#P-e+60l;KdBpgXeFM<)qnDxv3Ht&<$*>=QL&IfD6b{r<RyL*_cm@%f@1s0r
z@Ui!B$%DHH-~+fPvZwD$&lg?vkS<_h5r^Y;ookII|E;~p_`@6M_N6fWE}IHKI4BCI
z{Wpi|Le(GR#aAL9QK3PTUiH)0hm$j0;GRXdo#9?rNZS!Qrg(SKbbK0)&asOkH~!i#
zd~eVUDT7&FaPatFf|hj48J?NWSO44h^A?V@wX#sGzHetqGgK{2<?^b9NM6`=7hXca
zfqF@zCqveV|F)`%c-^t6bn-Q%0Reok^oV$#g6|(nhTLEeCLq#`SbRPJ${~oZL<qI#
zAoio-p<D!|wbY2E%<&E7do4wkgL)ZKXfza6Zr;N96eX8bVwZMq`}4DYnGQlvekry|
zndZChc|sj0TnF*g$ity5%16siu}vDa0=b02;$rnIAEL0Ur8|}@=gyxdBsRQ{?D|-d
z#j$d~Ppyb#Uo4gEp8~uQ)*Vs1PPgW2s@?$%CO!}`7bp1wu8sQU!lh%8+G|_q6Yg$`
zQo7mqk$<d=0oItL$ACy4Vf$Q@p@VQJ(GAAZYsK<n&A;R47g)rP9d1BwQQCwapwXA(
zVxI{``)&d&caI{m^Jmc5Fi#kf{&)W()w7zX7k&6~$02o=oRx0<Eu9={_B>}1%{0LP
zH>r{~JQr^zsnyHl^3L(@XlMVN{>!n&ZkC+YnYQ7JAvqvbIX+;+l$zBn{X*SVGfZpu
zETh+1@OMqCUvS#}(llPDVb}C~0s-l!%zlQU9X?S;|7b9O-oau%mL{K%L(sdoM8(Dx
z)B7Cao+U@?%T(VjgIJ$NdF4f2iIwE#4R|Ie64J@v=0?L5aiw=Z#Ta2g_r*fonNr$k
z?L_R+=nuc;+a4r7{sUKU;4k9Vt`}e6<NwDTIgK1!AmJ<{->L78joV}q#OmD$xJg)+
z$o0X8p3{v~$R@A`S2GSd+n}>{cj)~&8`HV}<jX^3_&jWXipU!Pv294Mj>^R!IAc3V
zHFhdx7(bw!lFTMbWEM>^PZ$o#U(%5aLAFq+7oO}w%uZCio%rfUn0zAK%mqywyPets
zHLE@Z_E&P~P4%j8<6boaBlzeet!0z?dPYRd2fAy>v_q~&+L{W`)Wi*cC%ximI)voi
zYnC9II`G~t=IY>nP4cv!*>pbcoTh@h%?C}SIO-N-J>*8he_<;qqECQBD`zPf1YM~H
ztkQ)cLkSKk<lbmSZGJQS;#sYD%Wx~`41WHj@O^S~!_8(E!Gx6Pi{3BfIyW;dJ`W5+
z@6GF3LiWoN5rAn!DUH!l<c$-fYexmxjWxG*_a$!x9>xL#xAW`^KH`|4%rj>H8o-Xw
z!MT2M63lB9vIAa}kL`GY{muWm*+sFJD0YH#-NnxtioNowZ91&QhQrzk+J(g;GTs<g
zJrofxHC1lxE@106u_f+3vb}prMfeuQ-S{QZ1w`$?MStjW^Pb$#&GbWR@|QcVy7zzR
z^KQzt`O}mUw)|2Zv@Sh%eoGf$u;=<h_#)VS+}W9!TW#5VlPPSxGAa+x%9M}_PVj&g
zZX{Im9%`Um(CvUoB1g?dK*!*HYX&IOm+2tnn+39txlI(z9r_CB!cdjsa8PQE=I30;
z(Af4f+GqixR=J<Y8(!EMYn1^w=tP)sFsn4(mkS*@>Lh^Xh&yrGTAA;3TBnMAj|A{$
zv#3Vx=`zak6g6PjhR{MDu*^;)W%kp_eAhF)wUYk#v`agc?A^mLI~tQ}P>B9=8jJHQ
znYc)hpdTyn2YBBnPK=Ml@!=+1Y%X_W@L`Fc-z$Qdc-Dv-`AHbRqv=A&3St;BVTG>n
zaWeE2+CLPmcx+~w6Qx=C*2-N^OI#2gdV<OV3?S+Z@FgL*82HBc(m!b@?~*I4^#)F@
z*G_*>vQMRyHh1<9y*!ngc<~Gly+>Z%@vW9QxDV3p!?tzb`n8AIgxEJ5HEi2dT=o?%
z%osW$vw^DKYqso3QOy`5?w~S6_cWT*V5F%isVJ?B**d5Xb1ujCYAQh$vGz?qXzbc@
z`ll4$LHgQQ`H21yv*xs}B{^N}(wsj`_?IFS=AYJ`x-onn=&$$c|M15GDSzEL!TKWg
zA<3g0vMt|+)W-AtMP9`8HMU$zfHnzU>Zb%YECL5$|NJw2f?=xOdV~z;-_^1)&_B$D
z(nH{5N>wEonm-LgAOT(teTk*Nd$nhaiJRX=-buZ#)_nX?uVFt12jh$0Dl*JUi7=u_
zDus^R*2b6&$Q4I`&eTC%CYv~)(BPArXslZ^K%{DC<6K+L4~D-2S!vc0GC~X|OI4YG
zFfHonj#+?9=k9T3AksY>&`f2t?xf$EuHTGbB$l`hha9g-w1FRN$M=@B>3<-+c=tSL
z^(5R2?5*6}!NBjDblK~r%|URgJ8%8g*&WxJYA$*wSWf;canNrh-`K8RAW95bMvnhE
z=R5?_olp24*lfP`EOhqja6x+f%GES!-PoS9E6BIK<d#BkQ@`e_V(xTv$C_a1==x!#
zF~QMSE}=WpSFjZ&W5|zd5o3?XO#7F?4%T~x49DDeqKuko2X1r_lUVW)D&FVzdADIs
zazqj+5`z6>Q5N0jDd)?VM2wla2B~?12PbHg(yPA?bY!}|=nR?;nycw7_?P(#S!XLA
z)8226CAdA9eke$fO`6_4nIc_XUrvHdGjfZ%1%E)dXVc)u@I??CgcA3_^Ks1zPh3d?
zuWP;ZDHSiXe>nYo`ax{MYXFEKl^R?jX}f~Ib;Xh&6py!m-rn57hJ<oDBF&V{k$$4u
zZ(;?(GG`wdh;m^r0WD?mbI*Jz9x3#yzYPwr9Q%2&3r5ZO+N=|OS%JSuH=F))wy%D}
zz$#vU_xK<G!CYqfd;A%YB<L4lO#r?pzx_e^mX}jgDGuE;>`HtEED4?PZ^yhauiysN
z^PH(AFgF81I`k$w`h8$SIdnW>IJnaEK24HkHl#B+t((o9fSoVhrfjTHy?_ZKr6|bD
zXzU5J*<Tj__t)DrQ`IZbO8{O<4cu&4QP4%sp@qWarZ%mApmg>&p?<w7m2F1a#psI`
zZdE?r5s3scoAY73molpcJbibXM2RD9be-+dP876d_ke-@<o1mklS%3Re4}ptRR`#+
z$3qKjd<pu>9RSYZ+dTN=xA$(iY~{nchyR33b#E8GOHKh%!V}ug4HJ9T;MWaAqzlbs
z%e8j$wXhD@hOOA^9v%Ai_Ud-!W0wa;_$)ac=d+2-osV2Rck^?R*;v|n?OlNOg5Qh%
znNU=;emE3X>`PH)X?&6A_bEd*_%zU;1}M7)adqoChc<Aghu3i&?4r^deJs=k0(duS
zk0F%u<z3p>34EZPGNpKL=X%?lxK$OZ1ppV|ATTS;+n^fglRKZ!o1>5)fF(C<!Urq!
zmB;*0Cg4~1d<owRzD;&dpPq;TYV!OTx8)3JZP7(;(5uSr7lR4cvJYz<2omiG^h2?<
z*STAv4fo>4ww@b&ITE+AOl3Y#Wj18Qip|T2cmw`E`R^fRXijE!nd+M;w=)*KNhD(*
z*7f}EEFg7JY4+N-eW6HGh_fYsgUEDf3F9k>tE!3`AH47^o(yl4HV4MB8_aD7WLJlk
zVFd;DE9i?V1R1+=K63T}K&Y?{ZbJIoJx5T@PK^8V6y`3?33S)klo$&)fIVCG9{}U8
z?GPl83RBdIz`4@sU_L>+j8}JZcXKUNm314+d6C=6>rZ?wRv6k>u=W7PKyH@!;{S-Y
z8y{;6I1MLZroB+~3KUM~@#80|KvTd0L(MbsU*@)LBD7x6y_UpZ^>J<034M9;#H?G{
zF^!vf`_had8r(uIrf8j4C`Wuh)-(;I>)>gk0xHhDf|u}qouzMc&jL(OPjaUSHj1Z<
zNjrPyTG^&<PcKGnLEkIniFUQ)-)sRSf0{$Uc&K#0VcA=|YY8h5p9lJFyf3W4qxdZe
z{z&;${i*?^S^@}w?*Fc2dsxp?Y&rJH`ix~P&3re<`_;&JK)(2UsTgy+P8f=(p<Jiw
z+vc}%>yL2gR;s?BQBxN0MLoMxy?HwE<671FztJpSk=l>raZK%K1IuqTNH@Eac&x@<
zjvKaQn9+!JN|HQgrFs#SwYuXIa>@&TO=k)ZRgqV7`*asgSXzey>b$czLz=La+|`LY
zW`&xGIS9ZxyPi<lf^3J`XGt^zQEv+WQUmm;4Q^84kX;o@h8tQ{&?&<<6|7QYMolAG
z4ww|Zg0`j#TEFGdB(go}d|CK!pr|!@o_h%Z)zTDiWx1+5W_O65B)H<hw4_8CXQ_PK
z{))w0OM13kHKbHy|5NWzAIdATa7N(<eIB;&tKd0GVl^od+yxOg!CN0shw8zAUDCE=
zEw0_GP(87B89lkAClJ4jrBHP{rVCnQ<l(QZd3$`4bDKQ1S%Sd5r_EpQ5+orgg=c>#
z3N+{E9B%C$PrS=eEN3`@1|DsGE(77%w-Fq#beCtzb+UV9qXHdI)>6_>ZTLKmoQJjJ
zeg1;pLgJs7oukhh++>+HOYw(_(ZE22b(^p0|JfqFS}BZ>Xd!5IeltB)(<jcUnMsLH
z*5ZWkx0%$~tURMp43S<5PIY{9zT3GiOq%fumew2wTZpePVy{uCp;XqjVd5_V;G1}9
z2AKklub*IESb%YA)b;~WnKs}LjUx^QoOjHtj)!17!hkrEUPIEJK>7BGNXNTmQFB?7
z_K@&_Sqg`999=b~2T(OX*KJolsOIh2YRvoei^N(ke2Zv~PEK=NN<aYKQQZP3Vmv}7
zJ9-l#)4Kp*MCZ7_Zw@?|y){rcl<+-q8PZcgNzE^s_a7p_BYpS@Lx*@6OV9dtli?2b
zC#(nBaq^R4X)fMH(#s$$fmk8@3CO%@N(-inC_nN%T77*#XWavqo`08%{W7@Mz=ab`
zcy3V!y5hxD;$wJH(ff7((;tm+mt=)sMH;xL$bt3m&R!PJ=5n5P0eY8+?>|P1+0om(
zR5i@#w;?GmmM)t00a7FUa~^~XFLuD2$ZSSzn7<w1!F71!B={@JB_F{F`C$WHJP$Ep
z@m$?Yf6-het1@6K8ZxO+Ru@se;%|oiY;Ay~W1{}^0rCM1aw0GT*-^mz0W#&7*f95x
znt}i;l|Uz1tzDctoq+X5yDHuZ3>J6S`{Rzu&v2Er14g|p*&?Np?u|R($tqjK&7inD
z0^Weoh&(@R|IXnAMzS&a0vGrACHUs==#ykECrsc2$=7bZk|YV*uGX9J!j|@qkiMb5
zMqOxF3ZAo`wH^3SFHxCa^pWK@r}Jr^t5GxlUk9HH8gA2O+3~-{&koM}%fuOc+EKvb
zjPTcG@YW#w?S=@&AJC@G{h4;1ry2_hDXLu-qglyIKQfKraYyK6A#JSB;gB)XP*t(J
zN@qFy^>c8xR`^g@`-{93zDV~FUmCljmj$(su81M$9K;Ojw^>!NSeD}Fsuf5s#=^ok
zlu{f6;0zF%eFMTQvGXP^O1cTStrLJxIa8X0P(8&lKEeESjdR_c1iK2E7x4e)ILtlq
zlj>ulxk@+UcCHdZmti}kvZzG>%PTt-IB$_@jaY*_W&^-DgdK`vR@W9_mG^ybeo?4=
zWKX6trKMSu5#;FL{uu2fbo@YH2Be&@@VCIdUHDyO>U{pG2sc^&LPm8{qA3gd+qP-W
zV-G`nrW=5I+*@xEfX$!nuXsfsPVltZ)R&@(Fq-_NoAwD+{aDBCivVEGzKF}f>#FZi
z=bw&^yo+i)=EdzJ*yqFg2$xM^D`%@3Zw*F^94a)|z}z~Jb1HSd>K)?~(Zkz)?{Ze)
zQ-D}b8|_;&A&y@T%jEMv5>XbS@;_wNVqD9@GWur|maRiMZGP*`zqKnG=KZ(dub%h!
z9;MIwclZkEXXjIQ>G!JgNbS22D1&kYx#Q<1H(L7zhqUP{gt6-MsddvXuVc&mHca#K
ziwq(wI}w#4kz%E$JJ=kK+wO9A8ZeR=DGbm~#MJt|ChYcBZ?PdrY6lt*m65YXE}Ky5
zk4^K8DSES2Pn7@E3&4UBaG9s(Om%EGKpWF-83Zks9a&A%V<$EUvHv-m{a)1^5BaQ~
zJvr?Eco|Ees!b$|Zf%`6*AJ)Xst~To84v(G;M%Jgp9DpIp(?f=7lVWp&5Yo_u5>}o
zm+W)tov5e0#l^1eg)idBUdDj=H4LB|5N&~JAP@2>RQ2sbcO+**oEyVg2Y~<4*8?yO
zNYi7Xs&?R)fPc%uX|w>w+dy>ApT0tVdKfraO_cNz#(_x(_;uI?qO(!8><Hkez`X;t
z1Ph3A09L5B`VbglI~z%DuX*+``Vv%EfV=*IbGdk+G%`RoS#nnecmvMkF7m7-Nv|nY
ze&_|FZXUk<7;?hPm%d@ZJCvvL{t$D+wC8tMMIK#8=6IG+PYq0ObQyGz`QEB<VEc7S
z8Dwgw?3W$S)wHHrf!XWYUTgTn4sYz92DtZ3nNa5U&&I4tDNuW?$1bI^P62vIr*elD
zpnj79Qc$E9H=)WMJhwgPAGSj^5T1Fe;qvw4m$6^99U6V|&&uD}1MM88`^_3BD&5G+
z-B_h_CEjWS4;G}KnSAch#Q-S$0MdxvfSO4QW28krigm_pmY$f<zc9$)?Y|GNfe5kV
zh+s-A{jFCYjFs;=SDLVaJ3dbJn553q+)gS7{#V+`r)5%ml7#RgUO2b3Q@pc?il^JK
zvUCk?gm}Rv+2M`#CYuN!b=Vu`-0B1J4k}VO6&GseSfzBKG2By&=70IT4o6;j_Xqwr
ziDni`FWiZ7$o}$Us&w`)c?dk2aA`=}nRXf$;WD+A%GMQq*2m*7N;73#+TXMuyc+uB
z%h+jMd(asH^n(_n*dPi%FXhjVxEjQ5wS{hTKF<p;({UGY^(yGs8njlD$oF`e^>i^F
zkcG|mmss4>@c~j|iXpfOYKe{);(P!gAtu{8>NWFwGrGJ+JBrf-76aJkchTnw$$!kS
zX`;S!Qbq5&f|F$sXtw-ypJ=PvlJ$}t(hy<Dtvn%zyY9rN0Gnq4Zc&1P8*?Zg@h@qy
zu6IgvtO;Kt%myu!?O&yV>?LVop1RDeh_BA+UlYneKfDKg!8g|`Zgwb5)y~sjj~zTZ
z?8!S<`giK<Tn=oAlANZ#D{8nQ)pXiwYszW22VY|TsDeTTx*IbO+FBKWG2DuKntKVj
z)+x@HJN0$pM01r}CoB9#7lf8B+635yKlsxbyU(e2F16sI=6<ns+j5|qPR9mIGG5ER
z+~sM~Bax%E-})3wl)Jkrz<j?{)Xlg3;5@Z;ey1--y<vV+dI6quZ(6+s&~U_Stp~(=
zIyl=7(aPT_6D$;;d$Lti=5001_fRo>)EsRm&$Ssnb^i}iYmo5hLTi{zmpoaorEbxt
z<>;=~q^OL@CmaEsCn(AQWM?U?0q}|FJ3dBmdNMvk{>3uh&(eg&|8VIx!urx7vM+Fp
z<{VUh>9`MlD#6gL@+G~$fH~i<_RB>qvlq4hID%?M#S_O)E*Zur0M)<k!@;j9BU{`H
zB!gR*6PeYR27>XY9witNtcKX=%ugAU{L~fy0ya3jWS%MP_)%)aVq82>3V||ocgRiT
zU>KS1Bgyj9y(j=+&<FqqrBrMO3^BW8D~ML?x_iPaTqTsoS_klj1_<*d+TXub6?rs|
z(YKPBFHOWdL9Uk-_0O6?CIk_57<@5!Hjys;73~N!K+J@61Syumj$qMF!!fjK_o0Qu
z=X)O`^(pvJ`3a#0v;wAA!CVdzt)XcXJAD4P7An$@qz79J-?%lc>hd14gq@{TR|q{A
zrSj$ETg`LZr77|5S8IcCK!A{=&Qfh9y0j{V>F%W7Eoa<oM(Wz<g22rv<{9?qT;Wn6
zM=v!kRd-NrB%jg|D`SY&wMwndZ~I6e!)X1+6H&=ql2Lv>OOu;W8BIf*Q#br@D6p^H
zIJRr|)q{H;-F~?4*8YR5UXDOtZ+y1P+tuc9Zf;~Q{;Bk=SU$s&X)1Kjd5)2k23a4_
za8wN(hXCza+(T7<yUN9gJ@L9da`$RHN$w~7RGK1Kg8c0(XONF-u@8l5@Ip16Er5ED
zgo*Rh_k1L<&u~MI+;C>D?^=ukgsk<unp=0TnXO|!Bsc-vIgAAQ>W6-+TVLTE*~4xC
z<Y94b1xu6i_Ee85r<M`F`>Xn(X!Pg0AGVDALjT%@A0kc|eAJ_UOCb0Uvwe;#j=vX9
z01qAIzn~TYin<#qW;yjx4l(#BkiNZ>n4=j3e{(;mUWB$3dClw~0*kAMVS7dMJMY)<
z!2k`i6CEPCTUwhUdv<lMX(pB9;*ai%AG7p+{`AINpG6AT0Uz;P=ybIN|0Qw%9Cs+q
z^vAre%vQZW7+urd>>sywmUQ{M%Y7e&s9t#ajPBd*Bp7qonEvfl<Wc9bSofYcC>h#i
z)Or0!n(rO(K^?O)#w%Xle=tzXvTTcZ5wUrmf4jc4yo&8}|4d{9@!^5`*XA?MCnWra
z^g2S}vAN>GHu&ME+7eY=tsU~?F;QUXR4VqKWCH&_bF@r$80s}whxgm0;8=tG=ag87
zv{B-`r`Br@1M|E8bKjKD$dw?ZD1viM6oJ!8ids{MA>nfos`H4D$hqyB)F3gSW>CL8
zG+dKT-~Zy_82TM_0bX7w5$wch(fNIzWP^tx5gv3qO7(orlh_{ZxP65PmWAFhE$RIj
zL%7C^D}K-avKrG|^K@iFctGgXth@IrFxkjuQ3<xC>5173-mwRnbzVCVp9|+2(rlvc
zINXVJgS=82%Fby%c#Xz#F8A$Vte=?Fub3eVtKLOSjck@V=R$}WizTvLfCAo#zlj5R
ztGfJ^v7uxe{H1;4mo`9@13guw&T#h(#j{ZtXsRMx&bQscF(zQ`#@)C_eXNi5$>BB%
zc<YH>*-NkIqh2#b0>W9en0XYzT|YXrFkiP4ZyCzTRO}0uJM<rgUcdi|bIg2|PTe9Y
zo8CF3DB<9p*Wwd9A5w%c`3$6lvlp`#v;E23*VZONrvb!UknHmh>=>A+klmdO>Tq~5
zV9<j%xANfI+iYL+1e5Kq?`9C7`yXy^>r%d=#b14BYfm{mgbB&?)i#RHFrha*=oj<V
zrTLYen-nr+Bi=ydmtRFWST9@sQHKs1j-KydI9fAOaxN^+S3R{-p7XAmy#M;#_TMQo
zZQtll#BllO5V8xmY^)?)qsnS$LaOHb1AliRKaF1YmzK2^<mgzdp+@d;OVw$kftQ;J
z*PhNzR=;Sy`d#oWYv1_pF|Vt?0{b6QT+KwEKW_nxcg<B{O0c(F=MviZnvYj0R`4=N
z{Y2t`_&8+Z1l?nPtGfQ>I~aG*&516Qg$Fop@2)YQ?FX>QmL%k@c36aCiY6<-EvP;l
z2u2-|jJO=9*k7*oVW)VUXx>Abpmz3O5pNWm=BMqdVq5Dty0vrd5dpN}8>49qGkUVS
za6KRO%x|p3>7b?W9FvxbB~oX@!B!rAnZ|Hm+V8}4b4D>P9mJ3h9D`0mJ}pKij}jrC
z^uLU>q}AXkr(Dq&as30%?;!;s1s4^zg9vvtWd`<~4=3d*i}E3=<MJ1o_RKT(^%{Xa
z`C}-$!QUQCO5GRJJL++I8U1$ek2C>t3zoSiAKZ7zq9Cdwg$%o_jOjQvg!_SFMepJI
z!D8y`KQ9&4lJ{3=B8?+Vj%w)2CTqeHWe4^FE_q=IwpF^WG-I4<Nn4mOWEH4w$VyN9
zRm@DS!QH);AE1CiQ+0O1tyx_1GyIuY)4ubSy@nM(E1laPm@g+=&*rM-PL&arTPP@7
z$-CHr^zWacF8h+H@!RGOY=9KkSa%w++?#wbOYzzA{OjN24Xw0xA+1lHUOQZN<C?Uy
z*hzA)`sQN{Fjp~@!HA!3#-2CTUwUGrJfYx0L5;teWgF`G5?FnR-2YO5R$)2Ze(5Of
z8b#Rp{i(Wq<Fs>ui{d?QonTD>G>R@1en}x1ur&t5r5Vv~*F7ru7LD?v%SuHhq^b1D
z2&ONn4UX77=3>F1&aZ&L6QV7p6y?l=qdoY-hIY*0$=K?4;^Hd9BcBm2Ejj8=uQT9W
zb>G*wlq{HCE^MQ#<BU2g>?#i{EJqrU6X@-9=%qpJwp%;d1y5!Y=FA_&1HMV|8$I2F
zuYIp+*CTMIDGNE)vrf)qW>^sIe-DxItH-vN?!&G`Mc2j-#00t(Kn)W={MffvW6NdV
z;_n+*|L6lNO`=T?V%OcUC|H|^Z7@wYFD_?6@Oc!8DR+6hZWYN_&B|{JNf)@L#(fr*
zHH`+9!ZUQc(Z3|*udwh2bxwOt(ORv(=ut!p`O4)vm$_6yrg4R=@~B7T47rc4{}%U+
z<PGclU*xhs{38DzrP%=@p<psPjnIX&9`^fN+Az0m{`{=~#S?K`S-gP`JgU;&leR$v
zwOIz~;X}B0GzB@hwJbN}y~a5i-BpX@7OpTNw861C5Za%I$OL26UOQc<;0Yz86nW4s
z;N}|bIDY*R&4;Nxx!3JPQJQ#2fLMzdIg!u&VpAWW&kfQI5-z+${H}OKxG^osDT=%<
zq3e4f%ssyPG8dYAc#FIC^0i^Up|Y^*46{KO;E#}lKwY*`dZQ=dEQ8l0J{QJKYz$+>
zS_arupmtsRBHe$}1?536I)d3v2=NYOMyI6%R){YD`5~UtvuBA9b}^(LhAyZukf8%$
z4e}bO2)_2u;A?*91JsLFBUFPKe-{czw|&qT$Z^ZIqpi_S*NAwn?PM9EW}X*KdA#)@
z{Ef_NDZ-R=Ftl|N{eib`^tUgqKXw?wRo2@kOD-Z=yazqf4Sv$^PI6hIr{*;wK54+&
z2-<a)uyhg@{yXX#;jdvJ!E!pjcY=^5>2IKyFi}9#VQYRJ@=R-1jNAK>!=j=dl<oP_
z*a6?Zs}?TbOj-3;mWp6qg8ly!%;=0Pt)P6+D2%=mqAus%*iCv5Tm)a_RzBjl9pEoK
zfroNTYk@d~;^z3^);G#8??>_?3t~f${5LlI69*jH%~i6G^lax-Kc-UIBk^~rG~`;~
zBxMC~a#L$mK0h&H7@!lRC>fb-AKMC<9W{er+X@^arL+S>Sol&@gTwhPD31tgCY7Ck
z^MTxgTF_Y4I%*8qGD;Dto4FXu!HuHdm7JrYf)Jq*;6qmb-|<wSSpr6Rv{LU=*=3c$
zdzTsci+lv|o3ndr+4)BPp#nc&EBpeK)un7k()yuCx<i)xf`H`q)ngC?&Ptkr`=&7Y
zO<|k)88Xf0qA^u}z=QdarF!;HTjwJeyX;FRHf|#XQi;G<+Wk~g|4Ifi2FI9+gici#
z9cQn0sh)M_ss{;8TCoi{dHJ{z`df4}e<b01Qb-%PVi`-dSJ3fTRd69DK!bq<=1|!k
zw}DUDak~g;R#y=Lm$Juk9VKym5tF_`0Jg7?EjW}<veo&nu25C@HQcs{pD`Sc5^f*z
zAHQFe@tSvdXD$e42s`v;Ql;wDl&D|0wRF0Fa9(C<$9_qjV9HNP2zTdMi3>ts6A(wM
zV)R59F-ovjByIV+f`wzFKFn@wg!Z>^&!^70_|Xn6ACB6<`g0_`D9Qf<&+l&n+^>tg
zE0-PkOTg<Jg*|<!d+zkVz;C&%pq>oO_ISd(N<st7eb8RlZZoULIiRloM`&v9=5;ZG
zzaug+`%#|OsWO4M@4(np9mF?OoMnW<kq1$Yt{^}AiUi+%s4$;>8GQAcqoF*?KCUYP
z$n{9DPNuSJMu4s`CC{K&t>i>|(;w<ZueR5$`7lYrPEk6~*QnmS|N05R-q)XkBc-0_
z)^ze(qCe3~AdnNA1@e=lVM7$h)_A<NV6o0RK&f&4?v0M4c7&)hDtr#({S^OPWxQFe
zm_x7G+%5Iq+8&*X^?cPv&!nEDJosz+`18C@rPICVG?kekk*Co(ZvOY>#7zhZ3EEqX
zpH+SbxEI>*eL4?hFp;wwV5^RAs^C9+K)L?S4Hd>31tL0r9_7}7x$ajQz$QMSGB2eG
zOL}4}aL&;N@v*`hahs0$bs3zDR?R)3lVX4|OT_gp798)F&kW6RL9@I0Ko9neB(yC%
zEBo?aeRT3el{0Bt{i^;!B;?zq<B!Nk+uEqxE7!Az3%wDV;8tmD9{8l^RN<4$+58)|
zJu}s>@BRgAN*=T>7QWKx{~LXh+UE8w%MoxvNBL>ol{ug2wT8i}Kd-!c@Sh}Rk@UU;
zp{$OA3<BDP`@nzte^U9A`_0J~0qplCQ-69#AK6%OT1KsJ@-APkxpG@b-74&lE2*!D
zh<Qt^)5SfdRz!4Id`6I6Gx)B%pHVBkMlxClZSi>rN4QpUUv3>cz|NztVk6wWYU_9^
zE?qoCIlV^n^tEmuK&L9AIQtTcuh|GTDc%je3#DAUK#ZXOE!NEK>2t`G@G)_Es4(Wz
z3_fP>p-=(HQMPBSOlA|Mj`~cjhzWBfN=piW+ocA$vrEnF@XN;5s_nLALWXKE<dDCV
zl6rP)h)Y2aEB93^*$S^+OJ)By_n*Unqmh89XwHO{$lR5|Z-^*MXZ@RmsyQ*;C7!7r
z>iqT(vZ1sNadeakxcJ{u8w_bnnro(NuiSKzpKIeQH#N@x@2>U>gOrdi4y);Kz5U0f
zMBU(a6S7l;`ehn+LV|u7;aTzC%gas|==7eLj!d;=nO-2QnA+2}WsV(vR8cjQPke%H
zt@$Tvuc*L^{Ln|Wb;veDc8{Lrpfw(?G16^xFOai_6bz|lZ6Sks06Oh<7Lp7oIl!3b
z48gxnb0--5J46Sz$pA2Zee!pxko8?M5iIra&j2l<AH!}$iv&lZ=I+nsUnoa#wi$Fi
zg_6O#+iC>lk=fuEyC=y3ftjy+bs3{!m_aCCMSxms>rZMF(D$;)Hgs1^RP9jH+2#;W
zT95@JtFPHC+~Zbd_TQ&|V-<Hj_A}r;xd{$g<3*xa<LIFKMHu4o1(;BuqaM62!zixX
zNqBr!jEDTC>O28H9P$Zgc>vcWMHHAwjX9WQtbK7l_a3@E{a*g(z-U8M^?)@eQ*Dz+
zsC@ace<9bx+=j0F{yd%*y*Sa(0Hg=*J0m#+wk0fuTSLF>oa#Ra<gO*Y4%zFyQF~g#
z_vnuH`D)4FEg7P_Z&v>H)0OM*BsO-g6rTUN!_p6b&{;mrg0EK+(mgHnBIiCkonyL`
z6oEgj*7UyCi60Afh|92w2dN}>GwUv$y<+CT9J}WVp)K*3miaLWDcv)sU$chP&3Y(M
z?C8_&3}kod$(r&sKl__H59LypdFVG5tCn+C;dQo82*WyoClk=wL~n_1SGJsJ!vT3a
z#F#r1@0MtY)L$gMR6Y&&ZvL&AJbFmgZ_ECtA=?YO!*?_>DH?Z@>$SEeZO$S^l@6L(
z;Ff=gI4k>{?WIa4E~WGs$FcXk63PmPY~9Y2KUdw9_UjeBq`#c#N__6x5>8&BOtZxw
zj`LK3*07gj`r=l_JiL8q^&cdwHn6UlV+AwdGoXXN=<sDMasC?9Ut0Kz=;hvuq4l<@
zY1YtazM-Z#m6@V`WqC#C^M<x$C=Aog1RE)4D`Pz2ldb>4o@gc}o$!VJ+Ukv%&?`K%
zrc7xw6(1mX7t$I|aH{^9)l`;-gWF1%5f;rkDPMt`zV1QdR%+&8!^(luYcK{cA{Dj@
z0gQ_V!jfNN2Wm`xJK^Y|jc&(O2Qw;Tp0%;=VXKlR%qUk08J_D{zmK|o&HIG}9ul>~
zn;l)aKGg#sl21^A4r!NMzql{$fDSv%8-l?!TQFQ-CerIQVj(vkl&UQ~M5NK<me!xE
zs>O3AlaNk3Tf@e8NCZIYhdxw^654V>g5p7?`$CwVLiyENm(;G?kd57QXdad^KX9%u
zX4o$m=7Ue<1+JreFi2%X%!0b&<4}^MG^^3|uEcS}Lc-r|n5D&tpvFN{2I)|n&cj4n
zbnY|H4B%(`HIuzn1o7_Cv~=y|U-Y5%4-F~=fzyPge1i|VeWQUiV}<nB@2%^V4*s<m
zdT>pbuxv}Sl-<!3zGJo#xd808c0OPauXu9Hm9%%4vHO&;zg|ivEEDB3&)InlJ-R<X
zXlb;6{X(>fD6RD+VjUercoE~y{p(om0X7F|90ELwt-#t>6U*-;I-JvPQkW9`)z1Uw
z9aGdc+~A>*bb@mAoIW?i-s%|b$}H?h;bx5bB2#7BMRfi-PgZYKMm`p98q)k@%o$$+
zS+0A4x5SJCOA@_~fV(i}PH{!xP<HR-+J3|xm=W{&N)3Ztw8-su3g2UIzt4HnE2Vva
zH^J$V)<RFGTjoBtsmnA)-4D+sVY{m%pN%^7J|usf=hp5O?LoXZCA^YmnrZiXegC7n
zMk_LO>w+Nf>gHZeWY~JtG)CvaPGXmfb_`yxF&G-AJW)5UWGGU{>n`^OybCh?Q#R~4
zypUUV*_u?p9djF305#Vj;ON*<m?|Rt`G0p3Z73|4ypra$N|UO%vO><?e?~u-MC3JE
z{;+KyqWti#$CxJUk-shIii%#wS;XEMCV|*#^csVV!9|8T=4y|!6Pyo^F5#EwV0l49
zyv!d;(sO-nc6;fiMqvK~1>>ck<hA4C>c-?N%oREGXlscnXWmtk4AX-OkA94(m|!Wm
z$pK-lPt^k<-O$#zH0{at$ej*HXVD>}gA7~tVbbUSJ?JOgNo*o7foToZGhV~+R~B*G
z7a_N+Pqjrf7?3uFGN0CeSf@R#?v(-Yhh#lACv9Ktz{BV-ho<&CpBh8lop;c*B6H^b
zJT85Q6Tma{e?|-L5|s-yw4RNuhR4mFe@d`rpe|Bm3Sj{vas9Nc5cA#9XW-1HP+1y5
zA5^h(jLy7UbdlM)=B=RB9{I^cF}n44XDZmbld?lGda9B<jlH!;ncG*Y+92oolxTjk
z4&sY$HW1#IfTfEdt8`mF8H%?^{bPl<ct_c*-Sg1;0HmjB>Nk-kwtx?woORBDSZU{O
z=f<nA&t1LdAX>uz)yaQDtAp*G2~RLA+#h^-{)(_1Ts)W)&DZ|8FTE0xwmw?S3J>!e
zV=snV1KWSmV|19%i4oo;PItINwq;*g-?{A{x5T}T(Y6fjE^5&CPlrcs;e~Sm`zQl2
z-!e}}E@nC)E))y-jItXk9$jZxjUa)1u{P%3{MYK1V_?yD^0|8Vi{Hewq4j`C<1kdX
z=;mPSP27ELOU$TGQ{<)a(2@NDv^veXmkWE@KAun*RtQvVt}fS(UuIMpmS}g9t)U;y
zpvKC=>&BYwEhSpFnpcQlzgMca-Hdk#)aBiHA{$8o(kGk9BUt0fXp=kc61ybi!uZ&o
zQu07H`Yvx0?x`EMc*XHn7R;n*!U9yk<6eSI12pjIdmdpw=P5Nll0;v6IAlC^akU0C
z+v4s$!nFhVd67etjE?bh&rK+Ao~x_Z12$frL%ej*A_xi2oNR;y)<Tk44hol3%xKBL
zD)+~79^k-1Un(<(6-#XZRn7Dw51)RA0q=T4IhyO#RGl8LM=VwvE`i%Y4YB(~y+iL9
zoP}@)+FJK~`7z-s266f;Isu`s+$OKnv;ieJP%9=zZMIL}U;F&#f{`VdSB(OV2}%#U
zSe^=LAuZ^Q;RQ`Vt}zoE#lAFSfDq%;m}&N;9t0>SjEDRf$OV8C$X5B$tuj5Ku=->4
z0!u%&!KXAiamf7b0N~ujePd`tq538mqeHqmtKE~(`Zqx$?a)XDOpkOJyFqTlHE7f@
z3X%mj+Vw!KIeDl>p<aVN#bq@Xrx&cc(BM_SmYRlk7Ov(NH944qS2J91XY5Dbc27Zx
zNc+L3JRC<lTE#7_bwvLkiU~O@UGL<q0NJr$_-omIeS{hI#`bZGLUEF%D;RARG~Mp0
zeZhITO`J7>T&gK=>c>XoDj-_(=lpxx-8Vg=*ZSkjct1^meSDxL*PBO6=O;{G=VB}q
z)qC>!ii(YSELqfCI)DG$7=X!Cn9bRO{3GZ9l(p9no3I4``WOR^1MoB>F@vADc|CAV
z9+ayboVm_bTC}JBFA5X2HEq<H)+FD=evvx?Yn?y9MzxRr7cl_3<Cc;3UzFm~cw<(K
zttGb|4Qqi*|A_6j*pZ1bs}WpG_62KEWppmgh$UVc@?=DD3)q22J%YQNC^M1v3hm$0
zHyCd(=-ttgM!pGrF>zA`GjfG5Vb|!0A8m3+l|wF-=Hr}4o#mI9uyB35{}bBzVXt^k
z>zl}$fgGIOu+t_At9D2VHXXfIeu-PBTkEZ?xk3ornQ&Z{D&HbhGAPMFUfC_5Ur0NO
zYJrFm3%1Ijnqu;N2`kaN+FO(1_N2umPj~MzKi$fk;P!~Sstn2^j<@>)T8@NwmzRfy
z%C|(h2s;L%5++*9>?sC_NAiY_VGtwSn)4XF2)zh3C_CdVojU-{0BYQ}Pvz*g#EjA;
zh#hSi)<EPM@*44_%@Q^W%2Bfi(X_)@vr&U|-c`52=le@%0_tZMesmU{5q@S^a9$Q=
z_}ocMXX!JGmD$iFUNEEopw?AXdMpF`7i=HzMcXPG9@@@*Hx$L4yaod}9KP1G$?AW&
z=8Y~!%!M3p^*Z1N6!G5BO4H2_Xm^QHIEQF*vOPudMYxRHLic%YhgehZBzh~TB8TTY
zq-};DlOx#0?SHojS^~ZjHe-<ELG_U2*pD=b>GLevr59JUGBomBwu1H}(x+T}4M+TO
zbe{LGX8DKT`%ZCu;?l9M?R?cGpeU4h5m@@;ss;+}S+Xkwgr}i`RO&H|#N+3%9fhOI
zqMpCi5N&;rT481gfH8-nfNjk3=NIWTg7MK%4n5trLV&b0VaXtCO~`laJ@Ti%EKm>(
zfi3pMe9JJO)j9R}wB1u{$CA*5CgA!=U*LKlRXQwH%nM1UqgSiS_KsYd+Za=iy*9#}
zBDY2bt0J15A_<wA{!u0SaT=9Y^XQ<v!Mxi)<ul}i^DeG8Zs_n6%iVKA<%tWwC60un
z@vP%$CwCUwaNu_kdZA?F0%DZC`o`kB46qgF0Qzws$nyFYtm(>CZrQln)6LOC8$ZzC
zyf<;bWEW#LmaVElm7tgB^Hmw8zBJhPSeX47P0w<X%wYw6iB?WTvll8h{-tQ}MH0S>
zIDC<bm=J;f+hgDwz2l$EZD_UegO?gfR<8EYLv>awmQU+o)@uE~lj`MK@oOMB8#=)(
zxh2)~Zr<vmw)=k6$O8kbqy>e1da{LJIN*)BPuq5M&J|(ei(mGARlI-g;Bd5S_7wZ-
zcil?GgVJAy^4Yv>3ObJ^hdq@~1+If=yqU{y;^464QK^UK6ho>dFF*|<kGxjyRj-#y
zeQV>n*z``@+SfjU^<~I`(K_&+=RjUs&f!qOj0iC6*c6ddlv`@7f1TTX^1i<hUL})_
zndRZLYHIh6)J6H_^Y^Vt4JO(~T+LTC_CNj@l}2MoHNSF!s@SXb46vsv1-hd(vr}c@
zhu~=fJ_O1@K>*+4EASCuKLG7knu4*1LiGz3-xuz(XVt&jjv7o0^_G7BBio)q0a5_`
zF%s3dh{1a05r)6Y+;#JPR74c-O|GHLnH!BE^%!_~ZjGN>|A7DVRm5`1$xa_aOULrz
zo^)sbh$A#(8;^$E=uii?p@8rG*amipo#!h(tEinO)cGM~fCZ8I#NSC>$TVc3YLCuu
zlZO%?x&hEib^5p~97zOY9guorlX!MWQ(^`5`J>iA8Y=oJRp!{K_ai?x4UB@A&8Kux
zJ7JlMiZ2pY1BTND`3tgB{DPoq!t}QIRPARv7dN$kJfTI__&eRLvk8=#Nh(NUCFwUw
zRiAO4;jo<PE?HFfI}e}dX<FzjA7&XpaW@_qwjsCD`L*0oE~Y~6DjI>`$D)JhLY|w(
znXtqkfw7G2oGTBbx5qqPO;-#!@LWc-_KMRB#&h$`-t%%Jf90PqcF31J-&)xds9Pj?
zn4cex8*(UXG?+D^nJdJMMT~qvik-tsaC+M3DgL`^EI^wzRaK>P`T#3s&^c-Aw?>3T
zaaQyws?(^QbZ0=XRp?!RrRZ3wcz6-F4o{?ZU@Re4sy&d{hc30_Nyh*=p7(B`W+dBG
zk#Kewz|8^JBW$p_|2*F#O9YfQGcR)MqH{b$#a~x3_J9CYe8SLC?lXPYujS&#eZY%H
ze7P9%VOP{o5c7oU3T@OO;b*}upx}|s`mf22FANoLHbea^zGupE-<m}oKT(z*X}QL(
zf_bVe4;D!>^$Hc|biDSF`P~oNtq|l8tq^Mxyf=!%e~nnv-lYr>Le81O*(K;*ifdJb
zL7A_uX47^X<TD5g&U8>&k^ScCEPvQk@S9dKVncaGoCmk`^52Ad6ySM+Cxna|Jy`&N
z5~TfD93QZTZJ=N?=_9yR&txHC&57?ANLotV6I+aA0Ep9gSbJGDL4}^`!h~|{*rHwI
zMM2&~npw$+YhB(J&isnGS3v;^`ydfwX)k@Xdm;Ky<UTV`tR=8Oxxh;OGX4y^80{$1
z3|V)NDD`C9OgIaGil`7?pLP(tlbZiMi<*?!onD%hW(sI0fK_;5vjq_JL&^8>BP=J{
zE0Tw#8D9Vn#CBj>7|Dnnh&%Nmn{1E)6V{COYnS9jvsf7G*#uv_oFj~pSK~P|dN)}e
zZG=X`B3Tk2x2p~xV6P$WJJNwpBJ&gIKC?!M1q4fd4{7G3$BB(=pYU=msez+<zlu=;
zHn%w}J;<Av?|%U5MJ0i^Bma@4L3T^i3QQC$C%Od33k<h~J>e{kFI3zJdQbfDmR79G
zs7W1>Bov%4{T2ak;dz|D0B0`}*9VHa|Cu%a@>6`wK|6d}r0(jzl4fy%j*kcwe_iwe
zXl@zzB%E7{`l+X3WRg0JWJ#?j_bOKYo%C>w`}WHEHht%#QK=<8i~;f@_Lmfy@}AAO
zzxojSC2Z?;-m~o7-LoGD=iUvx!VPWhNr+yJ`kAOQfhe`RP(Oo!F71(o=dSATb(2Gm
zBpUunTp&pdu%jqu_H&<cTxY8~!}D#+d3zk%2`3M$_Y<n*)#hr)>Dz-wZi#mzH^$^z
z{^XmaM<RIE6(Xlp>MZf6RfQ_tAcL<xvlf*V4JZz4fl3iZ(7Th1p~pi}4YD669?iR)
zBkTtb#)tja>_#=T?#Tu!@>BK|ikl{=pJ_fOEG*hxq`cGu9uQ=}F5czGd|PivVVXK;
zfbVFpS3u?!;`B&b(J{Q+qWKi3y#kLO702e^r*r20N8Id833Nv;G4cAaK-=alRbRX_
zDpikO;$|I>8caNjSgE?ToIy^}-sUosc}A?n4yJK5>cH&In3JXTi+Ikq>3qcx0Gxn2
zXH!Yc02|umi;4As;mD_uLz*|Lk7eon2F^lm9l;#nYT^Ods3E2x1Adp3zQLZQ8oSTh
zRm(Or18RJk{y_D=*$KF)d4CabiUU-WRU9C3D}nWfA+6^(_t~=&hd%(XzZvphW6i}t
z1}*_jXgBV^GrRsf7|e*}sDQbl)v(NKq+#QDQRl8>`Ar2$swNS70A=XDtRlhtWWsPZ
zdN`{ozp1z>mUBjs;O_v_S<WrY6P$f{`z27T1OKxSRg$@dB5NtPQ6%SpJfRlq+%Jc8
zYx4v#W^>|-5_SA9!ky80Pj=T)U{1X9GmV&w4cIq#EsvEr1E3*kIq~*S<|lBs0gRz<
zaKa}KP7j$1$^P~UG*>ZeLy@hXY>3OXLsr?S7tR?pNwsyG^Eifzhn6-lu)EpZ4L^Lq
zCcwJy>J%$xaQSoKUEp&Vwp+%igO9J<|4LE0#tS`g-b6MLP?xmiVJ}=7o!P7SoHjR;
z@#qpM3&#v)U4QGye-?v$%74bOCd21Ir;Qc*hWD}N!mFp=ixUP}xAHZ073+_M%JKs<
z`1o5JP#&PlbSmEAiXQ4Gk75c@lJ=km;f7_Aa}T#pKnmyKZ{`KZf7apd&w4v(>WD6R
zR1#;I5pr1~b|!EIf#}_Y$+jsN^%>BEk*((}1Uvd)PH9U1&(XEVGx@&%r0B$oN)oGx
zN?Gwi4zo&<gi58t))_e`hcR1{kQk{H*@_|&2_dsN8^xUGyu}!X&5WJ5-}C+b<Mnur
zmuL3e_kCUO>wQ3_f7{R2)a9ZXZjsKA7)EHVdXfE-6A65U#)$evljh90JcmX)(|5J8
zh~YM~)KL2)Z7j?E0L;F*C&71IhgxR|qn-3%o2U4Bb90#Nrrf=3{bI^gdZPX3&G-u*
z%M#C~l@GUdmbP?6CHlfWi_=1J^Lje2D$AM4a+r$@_P0fzM09l!h1TLv5@sxRFOB~&
zK)tGfrjv1oX#=Y-pW$A5EH!?M1j}j@D&wEU{}WE~=Dgz-8$w|o{M#+**}qGSW2+V^
zfFMv+DhsreYYv83sx9X^MI%0nt^t`gv`41LV8b)-FGRi_o+)s%UG+Eirad?qk=cRn
zw8)axI(RVCI0rM8>sde(g1bIZl1sG75=9me15Hbd*^zyQ@pD(#NdI8~`6z$;aNl;J
z^((|$9X)u?P7&X~8d)-fjtEk&>ZA?_EM1{hejvvO$082(D=wnlszh&oF(Z0Ha?IwJ
z5+&<`vh$6B>L~ljgeAfY=*Z?7TOq^dKpgc0A+Q|gErHfaYhW<a=G%D>{K$Yo@v`%g
z;OOz)KnPr=K5%PgX-%QB^FS^2zz4W!*DDs^1eOuPFso|OerhX~-8Hq1iadq~zVifr
z_ttfF7V^j8;A~|U;KcLeC~z^>wBk`4U$q$i1#q}9fCOiQfh{uRHW&!S1|}}dUO<A&
zer+$|MPJ8@{su=@t4_y(p0(b!`G$lI_y#vP+QRwSTn7@`rM~<1+-4nT51MWQ;9_6)
z2l(=R^H%u-JSSqJ0(=tXZnTO$S!+CZ8+Y@NWcS<`v8T>2K*HL8<VB%*U360@?C={N
zFJLcsNROmC>f%8%H;?5ViL#r^Iz>2b+vi)+=L;-SsgdoK|AY>@g2w%6RA%^>oMUW)
zt_M3Dy7d67>H}y7oz;?RFQJOp>6@jk6eP9xuT*3SM)j{_NB-u&{|_JV^Sw(bbY`E_
z@Dpw6X@zX-tV{B*ff8C&yS_BiC|YA_Z~Mykw^|E4*@b9?{yA=L=6Nftx0wroa;>({
z!yd2bq5woo+ieavGR14KZ07DCcH<B2*U1s8iakRUSr$FJ0E4Tzh>6^sG}vIdeB(p;
zFVM|O`AD}hd=DgRa%vsVN^x=%h6Q!b1nZ|kMWZ2l!5!}Uz$n`?Ibub*6lYg!8OsW(
zyYMP-3zFny#c;K<_UTo9$h_P`1Bq<SM2&E>l}fGqQf+@vm;32xZG;8rh8U9&(R+yt
z?d7x$tiINd3K;IIocXYC7O<-M)=|XA<Rq{Jp}@vKGzlKdAnU<-V_p-PE&=<1iY>Kj
z`tG*l`jALWYSkjF3i#kJm<LCv%mS}@ZVDbNIcHEzO9Lt-A>1sugY_r@uYmOn;A+3Q
z2mk7V+9Vm$I8Nl4=lQlOlQDPBp%-G+!0oRPKDf6RxS|iolLg4vte;CG#-B+dV2D@9
ziu*e~Abn-$vCIKr27+Ksa5NnCk`;$O;vF!CP1!jh-Ej(-(ib=qMs3OFe#5N}3nqRq
zLO;wx?IvO=XI=bzdRy|cqg6{y-p;>#nte)3%1=XMlhK|U2B~Pzk^}1OxJTNqMSs5A
zPMtLu^B)0yN;c`*Hfr>zqfMdF3w}P@FaYv6QT;*?(PtRs&@#!Uv)&+f7Sm33A@^nQ
zB&(_O@_dg*t!(dvoRCAMuPNrXvRl2l&;lsU$7c)&lo}9tm=4e8dN%v%mEvER3x?@5
zE!|-KOm1ocU4^Uzwcl<Z`52z`(D%_8-|+wv>V|i=-X1G$DZX3+t`9f0Cw4b8ZX7*^
z1_FYViYeR7Qqdil%OmeRC{oezbumS0Vh&^htb_cc6|pT$VpFKL=gCN34X4=wPPugD
z0B&4On3as^&qt4XPrCj2XwZ1p<;d)fu{j#Q)OGkK);G|dg>KtR)L32jz)?O29p6@Z
zz2wVA@EV&f*6Teeuo4AO42y3S@FWU=(WCy<lsCwJxkc<Ks#%d>b`DkV;wof?`PwZE
z{HO@6@dpNi)`$37yQxE00=k6`00uK3@s2AQI6-}Q*GubXSxs{GLzn9K?~^C>fWEzH
zD^+5)c$*bW&4}n0A89fjch(<QT?uurC=PW0#$J~tdMLS2Sx|zlvcZp?1U`T3iAeYo
z;L0_wG0@2n$sDgvWWuNh#loxBK&=M-Uy}orR_2k3u(+_Wk@DrnzD~A09^q*q-TaZ}
zn+wD7<by3Y<%d_|KdEoV1h!zhklzD7+$aWFKac2^?C{d2sU`Z3|NO7ha?u|k{w6ba
ztlz=d>=aq-zWiZH59}8!?9Pkcd0G6yPt0B*CGiU7%$6Ii@4sk&r&6^N<eRKEU;Zow
z{5l?rX)nuk5TOp(=^ZteH~ATbxuK*8;KDJ$o`pWNw|Id)b1xfqK_8hMc+~+u=^j0?
z+x$)<^H;OvelMxSRSu6F{EZ1E?s68D{A!jRn~HJLX^|ZRK%Jo`*gC$t8%)z>>Y<E%
zpjejL-8KwHWfw_r+Zq5v_1Sw+^s?m*v4c%;he1jB&sF@7&H<TgMOlTskL|YrD{V?z
z1kL&_xFu$Pmp%kG5jR&Wcd<Lr!NT7I{qzVR7bF;GRdu=o<51{JiGOAxhc6#80Bp&_
z24oVqPb51_NmcwQile!Iymk9o%o83zXlUN$w9DhXCPS%CdQ02H(u3Luw&RoP!p?)Y
zOsm8nIQvqu(d$^gLDJ5Ql-_eaupQh(>;y?X-O|WoX+Q@1nN@)YVJlY)%OiYAH+KXs
zxCxgA(EY!XD&(JEK_hLB0_U-<ssS`pSqbRjc6Ik#l3oCYZZ`q;j77xGp<H(C=X3&5
zUh|@gXrKn1V>zt}%3UP1!1id+n0cY&>I~Y=Iyjn002EUiL}w3*eYN_9VsUzUB5dL*
zc=%<B^=`z%WKpXdY-VW{UCiP8ShKA@iNu>JiY@_=<v*8tNHtLI3xhLgU45P85$13A
z))6AqdrW$8fTWpY&%e6*R18-q?%}3e-SVKA3vGi_D}C_nHd(9xa6X8)&Y!nO7fKtN
zK`KNxz;;-zd=R38;;A>~pwF<r?wj&AC)(V`jN07Pm)eGQYR8GinW#JVP5o8|J7h9V
zY3RA?WN0rnYxVKsJ%5VDYnBxMI_uKqs?I-&i33af;v)PEnnJXq;CfL?!-FPDk;dPU
zn=uA7L&9}0-k-<aa%%>7#_u~bGRL;%4=cxD&A3vewPK!z4Cp~^HsDT)pk`t4=LC6_
z(D;EB=ls$x1ij!Ug45Lt0si`@98NF&ALM+s);{ok*OCd(A4Y%PLabQ)tlu%pbt}@M
zH*}ofeH^Le<LFM$ON)*Vs<ELJM&Y{{p0Kty$$5GKU5Ar416bt88pMGcV?V@s{tHxR
zIAII~%Bg((PN7McykIUSyKo<=wWZTGPGo5L(@eAleSU@VNK^7(M1lZJ?;O%66=pSE
zrCx~Cxk4_qw1#C)PIL!&gL`@vBdxn~Y0NnUnH?-3nXFuxf8a?Q>>c3$^@hK$=qKb~
zqUHk~!*AVlgc;n~2|J)Y#{1v(>b4m)V@2ua{<<+TyFb7U@rGT~@f!|I4}O-qu3Q<r
zof|J`mwyeUKM9Sd092O`la4I$qq_-#m50o!&*k2Ylm=Mr$dpAVlg>YI{f~LsKO?PT
z^s7_iE1qh{K+oF<xvVseI$$Hpu6V(liP8k_Kz7?^Db_4ZCICTZzj|yh35Dv6NonHB
zMcn~0%s)|MVR<X$cSd3rj(-9`Oyq!xjPHJr0am8>#P4E<y#Ve3xWuCI7YH*Fi(pSu
zV9*U_`l*TExH-p_p3q+4wE&=qL%(wNpt{;j`1^}03sqdo|G5lvj+>!wh9}AchUFIb
zbTK(Kf_x1U;8t87KLdbPflmycTGcN{-O^zju=0ZGcB~oI^6~jZWbaXK?=kt#F|adt
zw*geUND3>9t&j)qgZCsa%L#a;#RED)e}v|=n-=n&n*pki<}9RpvruhVfvRo^JQnq?
zb+DN@{&u(-+pVNWYheh%0L8EulEr7+--~-Ji2-3hbP)f_OIQoBQFa5F%r)WsQ#$LV
z3-y0^6|4BeW)dPX0{dh*<XD8N_$orsc)Ean@3#vCzgm(q@;XW(@`L}q?5jIfq0`3!
zd(=(xO%m&>+-#12m&q@%Xq)6NhgMgM1r%nj1+)j<mY&R^`E@LTrrvn5oWuk**SKSo
zzAg?-HuR50dPMwoADIQp-*V#Oz|yFT^(WYHSxq^`z?-Q}kI`vZ!TFCNRDx>N<k4vB
zv)m3phLt=Xw|y8h6R0bHoYU0ypJZT(dp`#lisO&B2CgU!MC$C>D+A{&;R19?8@TKL
zgBv|%s#7C7K1TZNfe$wh1O41}aoZu_NgUyocY-GpePyW^tOGuFp!-gK_~T^Gdb1uq
zmPfn+{m!b16NF|xN>Wji{<{)j#rg4=^$0ZhI_hOr3M~Zsy_Ma88<1Y^^dEzy1+dVG
zkKFl=?h^&EMI-h8lk$=r?K=h9s!#3JA?=C<qg;mp5xer=C5HqplEbKAi~5|-6lnuS
zIXI7Xt0;-G5&VoWv8HPBEl2bY!P|3p|IkoWLIqSY{+1_LS2Nmjz8mcl=FX2AftRQ3
zdLiu}$T3JG#{X>3!z_;tED4R5hHs=`lA|`>qr`j~SW&5W4uqAKSr|3!n))Amqj&+e
zo^b0Y$Npl;=i7AbW{koDVlnvdAJ@3b7{ywJMa_MZ!^73{>fV)rw|0CsobxoG!8KTp
zN&FXyc8EAI2m@Ka-iO*dPvSc;KtGn(@UV(5?+;j~5S7!;EC^K?iih^gjpk{h?W<o}
zH<Y}5<c2*NZ4bo#klv-y?_L0AZ3zsp_Ij}c8eD~CjJfEtBb_6*%=^i=v}YeAB#qak
ztX#6}uMGWJA-{0_-a@>c*siu{68<Bj0*?pyuhaTVC$yp>M>zFuYONE!9Z2NupMTj@
zAGBP}nync^D&~3r+ZU<xE%?Om$_lB`gy+Y6x~55Sq`f0r_Q{nS5{(I4_MQh{-ZLPf
zIf>-Y2w9B$m!$#tYj-(&6sG2)PErQR*s^~n{(`8xU9!TCFdK!%n@-IAE&FkJ4fzM9
z;@}g-*w8)B`)z!RDxkAws5BKh`FUW)Kg3Hrv1_gDOzmm&&v1CQ#^qx=a$}?$XT}!@
zw3FNjqJ{n|O{fgazdllCy<XgMkCH(@<lBKR5Wz;1&Ph%80973cT)t_v>^Ya=RZ96W
za3p+PRYv>R8k-NiXUVqJbj!W!^}Xlh+~5gH(y!Y4GZvPr=&SCyz8Ud1P_n(1{YENt
zJvb&la|34Ei#g}IkW|YC@oCa@<76Ai{*=vnZpnVtKqbDJ8c~gFUZ<_{4D<wQtKZ<V
z7u$N#j#XiIrFgL{d%vu^34<{A)E8<4sm}fa2Q9S1s?|i3tfbBz7Qd=#h|;J^;r}3(
z<Kj?1a><l9Ie0Dq@irVtI9w2sGI~{T*t+D%FyJEEmI`X<d`{P@*FIRO5wXO)WF%0h
zXTtgnq#IMi`5MCWGc+MR1>R5+EB{I;;f!<SXVWh(-fh6d%9yW7dMLxH>G#L)QE(2K
z8i^=HhMQ%{fmf(mjZ`_|2p5R9>W)lhhzWbemts18f_JPztbumE&+*#B6MO_Xe0$;v
zfxpOZ%@KW)eJ8oe2D#bdM8Y@-Fc79v_Jl{(*(yFOvA1%|Tq``)5PPt42BrH(4De?@
zGJ`p$^u^l^0FWwMz26h!x)O2524o#@n5PFkzVDE(!9bS0kC$>wb4F_TmjsFQejLrj
zY1!pp_$e&T{xE-6cH?{f;1%41R|c;YDKWU9nb{4+;)O&2&>o3bFPXQCMr?&<!lLR-
z@;)N!s82L5XvqGXDxGv7-L)L<Fyxll!YTIJy28cYZXBL2Hl5+;MAZ(Wtzny3UR;ZV
zR14eoTEHbE-qHci-jS$Z%=|f#h_M=*witUnsyJ!R?0o>agV??Nz<T)haFRC#d54KE
zU$!B~OY%@}GM-W8gA59B9Vt?IS!2S#Tc$UJR}|jLBU8>)r<ruI=^$J9<aM*z?ua+`
zs13YzZxe8P{(A=E3iSdjQ?5f5ksGodt5tEo$N$>iq`bDKz42?OC}ADV#0NkGXdCrI
z94fKhv$kuv)9b;FW#)rKSQN~Jts>Z9eMTZU!kg4-a^X4l`B|Iq6W*pPOp9zDVal>;
z@BICl6GI7Z$jbpHQ1Gh<>6DS64zIJ9tKa)Xs2bm#cxUF_9TN6RZmcqylldXP{jA5)
zVVbUR#-dC9vVdly9Q-qHM!02p{^1)Jv#C(&E(d1bf3!juiC4c#OJDBtl`U<)=v^*^
z77x~{pQQ$pytR}B=0Vo+x9lM9;=($ce;fCg=TH0@5cv*r^2|KM=GpU9Lcq4A9I5$)
z9YtM;%5<vMhM$ebzY(RJu6<M&JNeA5F=7^%B3S+wB!zpO|6Pu~n^}$>XBI3>zrXWq
z#2}S_!E`F{sdDXglC7-U?U^|5y|v0H)V4}146VEv(alg{o}wHn8{Hm6^>dXQ&=2|K
z;eNQuYr&w4VphbKAs+jF7W%R351d90V9;_L7?v1}H6;<39X%-fUIN5RyJy=<?)9qP
zq?IcGf)0QI-zzy1m`f^9sZ7FyM#x@6f339r8Dk~wk_vAqR6~)XM_jqu^uEIw{y2JU
zzasljs-%3&dvo>l4q>>vQp+LUeBE!WMN{N><@QIG_`Db~$9;v3agtc12H0e<&A{xm
zZSnw{RrR%(7b|!3ckY$3fkcpzIlS^$aIgPrugEAh?7H1T>U!d90sf$Qxq9%%(b}!-
z1DD|c%4TUUega@z>MC2#NJe#s$Q1@ArJ^;gB^|S_NRKPp-cX}CP<aZdw8<3z66~#Q
zt_HAq!x<-85wFgVD&x$$EIR=M5+p3Cs#84F6pE(oD_)M$0Vw%zU|p6(PXjcSWhNC^
zO6Clg3fG<Z@C!4zm$i!BeQ!**cxqq)_DT?9wkp_*w;=z{cH4#-I!n3JXE<qJKsBM~
z!!wrP4{$HTkK`svj-3>NBNUepG13+-aM6vwM>PX))t;T4(c<h4*0!&XEo$vPG!aT`
zs$Sc(tQL_Fu>qL)bW0pXTK6U-pf=JLoxMPz_wL?;!ML6;tnJ)S9V}6gwG?p#XaM&s
zWl5-iG5Cy02ifyvl(6zMO`JokAYy@(D2#@+<m$gj)$cRaN^hb>M~mzi(VsY#ix8jD
zcc-{V$6E-!=NRl5UAPi9z{rES9$Klc2hC)jc>d0VpVR=jK)gt=BFcA|^)V2HSg~T|
zJLb|iNJC^uVO#4HdjNRMtN8M$(w2CuP$<oK#J+>ru<((uJ||ss<FnT>hRNO%eh*9h
z4glwrxTnbGYaqm3NaxJ}mC|h6==u~YWDhzBBsdZj9cUEaepIF-S;rOCD%N`GVj1fD
z*#16mYjj4bJxAPVq(27GFDOpo^)ioI0Nrc@Jw@#uIKo%Q^D^!hB2!8kYMPLxU674*
z>DvU!xmO4UVO%PEBU+t{)T1p&r@<V!>{!_AeID#3D>*TAk3by#0l+Ewa@1bJ;U!Yt
z=7B6qhQZNhi!Unrq+i=7e`CwDK&binfmMQFpXdvT45|M;-xdFxeH68R)%-EhU7Tq_
zYd#Vy2kjI-8Ss4{TD^P~oj|54g&(ba%dYm|3j6Mr5y3~|akq0?L1?ta1QS)NUV^dE
z`Kt!?`RsLi=deoT;aKqcaHx^Tve3xTkIUKdj)pL&S?%)Hh24oOg8byTPnq~JXg6X+
zZ}FD}?vsBvY6&+R(gWQtkbXyfsX%qSNr-apE}>{d4wFIGgu?xD&7E7=vA|>vX%kTo
zq=MJ1Cc{pTM%fEC&fwR<*Az2DlfFNt5e+5ooEUlvD30>K*kj^lKmh-(a0zw0mJ{&9
zORq}TU0_NsS;G%dlO2wjGVPKBIn(HNmTwdIxxWUc?${&0>vzX+QG4-%STZYG_Jun9
zp%tDaK<wRCrP~sys3m+?aRPD4?QHuw1{3>4d2TaEneCHn;B#~pdH#<$e9leXpOLRI
ze53u}-wbmVm?B1HH9iCHDX2LhxJ-`UD>qan`mF)&1hA&y$_ClR*R&si$wJL1x!t;=
zO;_6;Wm}M*8uAT7{=)<U5rkGnX)S5dVOt@S8tC*0Q_h^J6C6x1U7DsVCbS9zsg;CW
znXvh6bgS_D2x6oo>eBFnO;8C!)P3U;@xqnun2W_4Q)orvu2EM<fp3sEjQ0|<T-=Qt
zk@i3`3bH{bDdh*tfZ(*GMEt7b=xTDB4!@pKlH&nshvqV^skg^JKdKnZDHvP4;WZZE
zPiKyA%0W>6^_8UsmZ~nnJQyp{sj6n&VF;S{$Ch4ui<DdHLsA|c8ssg%v@hJr4Vt(~
zyZ$ZkXEM}fGP-}p{EIXcjS0}6KE*-PeSR2Zwnv9#_Z6;L`R2T$BKH(X>36BRMni+_
z{o;(FLHY6d3rNTLQ6<<=GJ0w3sMJ`EOM4pC;DqixD+i~7u9!|W!p@T1jH}g0L$RE5
z0+%CI`7eSxOrm1N`=15INDjWSug;_q*Dc23{5Z|@LtVMdr)Dt*F|1{g?L&hIy$IsK
zW@{zFV5BwT>%F;>jXGcNb#C^rucaGt>RJ9cw+1kZ0aCAb&3uQltkUur2~llNF4muV
zXnkXia1GDviP&%cMy(E#Y_wEZF{81<d<tvEyPZU*5BK(!hh&K?mK3|#Bf27krx-;c
z%gGz}RPy%jgAdjq;o66ISiNo2AOEdTdk2>ll|e+#BljoD=dfClGCgQ)eWCOg_a5gu
zFqz~V;GRFy_BQvV`l1r@1)OOm7TRMIRHvtG=cv8(XX9DQDYAH9$?|mgFwV_M?BXNd
zO7hOd^z$}YfFJq)`XmpWNmPQxrD#?x2h2i#%8Qd{AQM;XmJ_Lppl#TrjEX&)wN6IM
zcaPfdUXpI)H0I^WACDefg~>98RBO#9Jeta;E${0w^3x?v$!6@v(>52K$47f4LG@=7
z6+hinQ+{j{sWm#a9e$o7e-gE~1Ub7qD89FE`A|e?P{&B+6Z5@9ZOH~6>-R0NKxG0E
zD<<P|%@$HixD~-LC4g2BpUCj%dBdLDXQ9#R3#hW+<$%pgflDg>OqLWbQ)kqs<)K13
z15K>xJIe$$?)p?njM7}fBhM=VV9tzpFAV>q8@~k!n$^TUayK(x_@IO|pLK~x!Cqms
zxQTkCJzVv3XkEeS39EXlI&1^_9Y8|WNW`xPVU3a9maM$LzLDcsC%<P+ESP4kUXiyY
z93LqY<X>K#$$L;89+R(LvQ#j$^bLHvTZ+G#p``-FUCS}pfu!fsKbbWk;&C?kJK9%T
z|GGSv#iOZ{10u!7IQDZ{{wJEF$Uqh^;|vXmOr|$r-tv^s$&<`PUT@Q)l0OvMQ6hsD
zAmA11pM(5q%QD3HNs_<;y)j~q2YcHl#15m$!s@n+Q<xR3lay6Ky2aFg$^TCO4m5d!
zH52wgOf7yLCS731aY>M?$W)eo4h<~qNlTVl?&XR+@`{sDu4Ib*CL<K>qe2w<mW?{o
zl@s{u<!^Y_s&Hc}<B-|v<AS|tV@tq*Kq0axfubN^1K`f){ya#Gq_*_}w6HEqowjAs
z=D{4Lw7Ue&lGpcz?207r)maOZ#umuUwWOGnvOi!aXtVi7ia{|t)QjAQ2u`n%-RyGZ
zelE!07vVoqO80lk6j=?;uvLV!u&hX>Sjc|a7C}BNON6iNMwAf*l+F20Ld`C~orZRn
z5;%2+@(b0Aqkd#sO(fMrm{}sXp&2(AEoz`IT?GouHeH$j)xCUl{>XA+0n>4&8ZY3}
zixEyzp_vF1Pf+G|9EZFf@;iz^mXRw9ZCVdfH`+XjQ0FW)jXV`MKC4MJfGNQ*-UQ&&
z6XPwof>g>AStdQ?Dy(X{mi<Jz&XjgtL1!IoBk|f4kRT2{oK+uf`V6s_R!qp_+@&K1
z2l1PQ3l$x!!fgPpuseLfkM|XShI)L(<2f#%$+Q!8wY3k^>Lp*K^v-2Qp2z4%ju-pR
zbw`MgFCCH}2YihK=StQ}_f3S>1&#*J!Q@~7jP)9`@t?a<=|YOklPUWTGj9*3uSM2^
ztC*N_W|T_NNJxkxYt{OKb@y4)FR#bCuJU6u?6asN0@viPBtIS{j-bJ{-D=)GTrQ7K
z1t@ylNKAJa2d134irNTArnX_f=>RStCc~S+8_?>6H7MA`U#NQ*0=q%Jdlg@?L^(*V
zxwQBnXTbf3jsNXp(lEfqx9jcHNe!<!MkP6<Ld37gzT>8wtP>u&G{~5h<jD4=jG}yA
zjfKf4+NssQ${=NkC`B>i@n#d+c)}ws;=N&#Ize{`xfOMy4XlVi3k0iHI#BTRtb~l=
z!+@pw4vz0<l4?Y=raoo^VQGsiMVG!&55LCdsbDWh!-3LEcT9jO>+FS=)nU~TYtV0a
z1P~mV*Y^Lyr(Y{!^6@Eh^_}7pivOF?@crLwd;`i><w_$zAg9nHVOjHK$d>nPuLCE?
zZMnAl*jcyQv2mzPZKMstu8=$lO3SLG<MH-I@Pi)NzZx^{pI^686^98yBirH>ehi&O
zgBZ|kJDIZHPDE_Y?~QUzcJ7qizIt5uQOUgN>!`M~#D=3tos6NLA}T_@kF6`bjF;D-
zcDA{RKuB1dmE6`Qi=j0_)~E<cblZfX=7x1{P#;$TopB$UndMomI$Z8xdT*qwPSpDI
zwuttKLH95}lO+PmaRg7zYQ-XBG4{*efSNkQQ?yr6f!vf6H1WO*uOQVuW@Ph>u$ikv
zE{P%JVgYHRFhD&b=n03t0@a-fZpvJ4I35IEGU;-ibm-1qVj4%dPlPKy1MSyQwMhi5
zzA6*!V}Ox)v>m9q(oBIRJHMG6q6}_Mu6iO!#Jm!E{KTwT`u^q+AmZD!)D3WG)9bRE
zyq?q~K-Pg?!I~l(n_SMJk27);y`CzcbJ<xH%b>;rAd?9IS?h4tPQ?2U%k6o&?l$-6
zRdFc<9vB#Ryg)Tu3L3+Fg|9|Rb+#l(5Rs4<$*AoNd!4PwX!MvG;P8a=TJ+A%Hvq`f
zJA~g3hF2v^-YrZ7QfiOLp0o1yKnBT_r?RIsJJPthDcCy5L2$E{Uw0O}NP7;10|3nF
z<}lt}!*<Xo4Eo&%LVs|j_UL-3@+Deh*QB?<s4<-W@4J)K;MX4lp8HCO>%Kv@a*(N2
zX@sRHkk$jIrR#(EAjr}S;Jxw}QzO6UifjNXnT{elCL)Tn>5J3&-S|+F-f5dJFUc<J
z!AkHoXvOC?zPYWNkr-&2iyi6jdThX6Nfen>YddW6R^)pi;=c;H8318+>fR>yhK$u~
zH@J_g6;HCFX87LKyVfxG(y|!xC(_&BJ64YnT_d0qmXMd9k)I}<v!pGjp|?{`23t__
zm;*YahaxYZqx8mEkEYoRSI=un@%7HFjdz&pGZ}_H_cv3P=A`y^!To1ljCdzTl5qcv
z>~;K@JA}yJC-;PuMNiXFfj@GG*y79DaSL?AeG4BaS^If{i^VM}WAOxM(VuxWv`b*R
zn?m3z!lIE6^U6c!cumpB?G3zpC$YFjO<!GLSk)*>0(weiPFoXg9Y)=Q?_g8jEkDkP
zw(Yi=d2;J^?Kg|lrUyDB_F+&OxSIRtB-p1gk6+!G&7y4eGo<m#J-@Vq6+LK>LM5HG
zRQ~2gMJ(>12Sw9JOMM^n;DaL5xseES?)8_gwq!~up$4ck`<_ZI7YQG*3%`(*aC7eJ
zz<zL?B2QYM{jWiNX)khn#0(`|MaZmI^i3m$s@t^YjhgSpPw$k9viV=kxafY^7IU?a
zL|~VWjkC|80lN6^;LM)3J^7JF6S5k{y{eQX+ZjNM-0IKM_-?iM8tt$aM$%f=e^a>n
zcQ1O!RHvWcTX#P!=Sx!st@kUfkuQm|`h2On{}bR^=PFl>N;UZVQS8;HLuR4={XA4@
z$SCPgP53k!y(XeLQy<fQmLgxJqfQ%`pq<BKmthnKE9<p3jsJU4Ei<#G=4Ae%04Z!_
zEui+d){+J`;BL7u*S>0Q2W2uVVddRrstf7kE#+Q@f=3gGCv5M#!$QD-aF(1J7Lt}7
z<K~3!IZIjpT1)oh^~gqvew8xnzlfpQ$`!Yu6UVV$F>WKi-$|YDCSgjB7c9b6OE{3q
z4_8BuVP^bvF--Sx2ifTRPKRMK3+=e8&0vU(eFp7dCIR|gP37^}D(YDmONPnYB*~5@
zTReA1L)LA~{4zJZttz5%zO|^9Y+{uad`k+~WDEZrw`E^D=t1)86-8U|PB>5$219&v
z2XmJgR-E1Vch<B#V#YqUz?K2Fi*{t(f{ODwmAAXbECyY!A6e;VU+r%%9iVOH;y`DJ
zGti3w-3LcQ_nmbKCzJZgD3G_e>goZ&+h=$NxpU=3fYCDAQ*RS+vQ%7|?`HQC9^`r*
zZ&$fQI-<zmD&Icp7#6VJWgk)5I+nMtUQtipNPh9N^8k7s7d>JBKM>ae5Gnu#-7CrZ
ztW}}nf=8F#u<)?tTc1tS@k$Q!(#bc`1CbAHZFDa&>~%jOgTMomOL@?2Kb{}l!@1=y
z;YJC(OWhf@wJKeZZYFA-Pv`G6#atF%(GqH0g3$a5GDIWRTEfb`_*eQ|JK^_a$<2Nc
zGMW}rmMk$MTQL&|INJ@wWU!sMsz6GKsY##>#tQ@DUP7R57g3}N8CRUf%uj*_aLCex
zLeIZw<eJf;<|CDds*)JF^<#i=N}KM?IT7SSKsuMiCrcIix)}JOm40gm&<dA+4Qxjh
zl;B_=?&-o5xoA9DymhOIKZ6#JYOzeChR6)-W9f$7L4flG;+te!8bn3N_Gh@9w%MwN
zjK;{rgIYHVU;~IS8d#G118QiwpB3GN`S}{M(!7wIaX4j*XdIDz8s49Fnx^h|namD*
zR(!-PLVOzjH|_f0`y3m@=r1O|sH=K_4sg_r0@`7qDC0Jq+bs}=*5yWK3t=ej6Re>X
z5Q)7?oQf1Wf9d=qtVEV#rkB!<pX$dbt0ti8ec`sm`HU~xJLGA6+9BHa-q3LSAbziO
zGlnH@b`Mw{5i&h)<P(0Mj8J9d_MX9xPY!bp|HZtD1%4oE3XeJvrbKB|ty694?pAK@
zoY^&GVZB*ss{F-+y&ehoxPTW+8hvT-a73E*KO-_2x*_U?%0VFi>U;QxP5fV}T3dDl
zPT^LIJFT#%F<G{ki{)=ezZ&o2+Nvg^yx~8)0}MckP@?V~?DRr1$gy@0h|IUGyaUe)
zzRp`$+1_E32@%%2h9#h*5mlqqoK{Tb`~}tZU|t0|Y7TZyFtVQLIR!aa9Z5Oa=0UcH
z-VoF%MYsfcIm~8U{t@C>TprtdNcagI&)ZB^&iz8eJi~?2PExiHA$ym#Tw?4E06z}x
z2Cx#wP&B5=l~v&|Q48)ffCV{PTSBk=>bBlTIT~Bilh%_`lXNwt$*WDeqnj>GNsw{&
z8N(%XigpYXd;xf~(u%naE!1^F;({Lm6OGZ~k^IK7-4GX^aw#Q`op1f#0FCRh4Y;Y3
zAX*hVOPYjlW)0lFJ(HU#+gYyN?lmq|m0lg)W512&Slzwx@}lRt?Yn`0s{F3k!<Z(O
zY^+f<By!VgyH;37JxgZ?RFmw|9&2v#V(HP1Vf)sx$y7cJV!mZYf?JD}^Sm}=e8(TH
zd@YX+eEZ?^+*%vKu3^lxzQTPxWo#n4m2EsOJ}KMI*gT%PRLB}gfqj(9Q<pc2_RLMZ
zIUgsT@!7v%qCKjDq+PYJzo{UzmMG8i>vjkiIeW<@p5jDf_RmKaYlU}VA2F3L&F8d`
z9=v$M1ZB6mj-^o~%4zI*_WRatVEq@EJJqv-^DBGaMtr5{qGNOdUAlAGhp56!lJ*KG
z$$7l|mvGw@`k+Av5P86^&%OavdKsyt)!aVA$N*{sEmHRV_PP1s`w0hr6VXP`f<?Hd
z<H-hwwwED+#Pa-ctul>KKCaJ^Qt;L~ctrLv<(u0*6tdpa;0(#oiAPh0y$@a+{1H%>
ziVG=+K<Vj$kr?MU_^n=xX=t{}qQqe?tMu%|8zS3e+MwJ;19`f8tt6Tp4^l_glD-Z*
zl+xstgC)$EtnBT=E~=VaDC}t1K}p$39BfW1WVyVM9!hTl_m#|@p<N}%Mlo!5W|NBX
z1nrFW69KYS=YN46@nD;{FlTj8AIeX1=p{}2^5U)Xks{Zb*7rS~mL!xCwA<~$?ggY`
zBr3j%Qn}w55WC1$Q;Hs!WBBqd7><+a+>Wr_Oa7%z!ce-la}p{7yi}=5_jPfM`h7W4
zGjfx&Za~ES&l=f**1Ew~g(;eqh!eWpLsy%@yJIL8x|0Wk{z_zk4Kt@u_YTRXMK0Ph
z%_^KQh=hb^pi0Z==Cl06-b`9uw9OJ&+a82#7Bnme_tRuYxTW&82+}9<6|ZJoSNI+5
zYK{CzOQ28UvdKP-b|k?OXV&h&oFt$$Omm~RuB0C#ovZ0*-}^N(Fd|uv4oEPuB;kd2
z)7tW^JX9kh4U(KH>z96rqjy6#VeLGAuNVUL2gFIBg;!+na1&T<LQNnAS6zfgsHkKL
z^Elfr4Y{DDM_iu@!n2P`z6*o0XvfCGfpgPHEHGaHT;!5Lt(f%HjiL^5?|!4vX?c-L
z$$MIyPnZH)R`@sH5^{m~q^j0!c=;43RO6Oh+ZZ$#ZfK(%PCOh;cjD-3H0dz+lu7^W
zyydZXaW?$*;TU=F1>OwmQstUuL9|+_DMY)FP$cwxb(CIzByra=Aoz!G#~nXJ<b*pu
zMsfDfnVxR%XI?XaGz7YwJ3FR=IT$?q3-Km+egv}QwEQ+KqYG!n*i0D40w+qA{SMgx
zljLrch_<&&lsM6=Od)qiP2Zl#Mf&vIPXpa*eY9Wj?N37B?H<)gF!?^GOEFg^ss*7S
zw`J7anm~XSx17_l*(qYzz6kB5=WoLB0f5)5&|&<9?ZEfaT^!GnJ2t!bn?~=6gg?P?
zu=fdtn8jzPdY^xh<0TWOgCW;Np7_`c1pUbalP{XCCIjAan@_7@9$SxJK|4)vHi-Dc
z`bzz;fIUKQqkfSp_IB_+@;vOT@7_ZrlomS<83u!v^QJ?6OLT2Mys>6(h)9QZu|e-?
z8aRII!jjr-)p(tR2t=EbPqfQCxn7?3R|M+8(_b|MeI<!uti3BQPRl!`>XV%imcDdx
zTp6=pMluripOB(^RTvAHc0qr1!;twgL`fRz<YY^nmL=pI>>+$?UVnH&19>@jX|5n^
z7s)|xD5+JD7zEMQCPwWB-;~7(Bx!<JVm@bQM14S8RH)|<t<exTal1s70j@o;s`20J
zrT*QLYWH0T3YjplPEzR3Q6J4M6f(e-pAna*Gnc-%(7fZ7KTAX5S_+FbmYrXz4>)!1
zJpqxFk!Dg_`1&Rqu=<XaTqKXZxu^Z_Y{MlvzV!Majt?9yIzD8WWECY^sOeb?dXj%?
zykcYzHVZg6rzV6EMrJ`Fd-2Dwiwd=es~fdb5x(Oviy1I{knNI$pMgGFW^aY2Q16ew
zSC9$)g(IsZ!(dzL*qaxLvRg0zYCyZTCcj9;o%BI@ZQ_>fFmxS+;NW?*>7D9Pr&SJs
zsQiloPXYZ(4$?W->WfD!I;6H&=zNH3;UICMijx+%L+j_tUanfJ3h7Q37F%P&++7J5
zZliI(Jm(+#SZ&u3a_m3D`A_0AwnnY>((Cj_U$1;djsl&Jnyb=sKRq8@k#2o21`Sc-
zYQAxjOSA}dgQ5IQ4V}jiTw1hSuAOx_aEW%Xo3_LHy4s5Nel+)((Fra0^StdZGgb>!
zq$7@>5YvfxHzj%5cFCu#m%L1oG!uYGj-aDJa}|3=r7z|K%j2NRjb}*t?_U=R$5l8l
z^-5u?gvO=zhUI2_DA5;wbAF@sLRwf%Y=B{M<ih)h<;?D$A54eRkWCTI#xs!23}&nt
zohlgEt}yXX^AJ@W^D^mLD)y-1XoWq%`oHnzgW&4f(B;u?#i=fY)#vPyMp^5hwum;5
zyVJ?Ne?DbroQs+xO1-8&6BlPoG`Wb=m=+Js?%lAv?Md0)ZEF1AIim#besHwyd^ht<
z|KSAG5BXpNEu_wHbUi8iz>?%ZQ>{yVBPB^r0*<`!dW`-#D~$5^fjtYb%M;a$twz##
zNVU|ud?!>HWKW9!gMw-=c>D_(bU{W<jP=;a#GhMD16-aF3_T`Zio8&dZw$F1T_p=!
z<|^jE!Vy+x-F^$q7p>z~?44p;jr#`QHtno~KyNy?bRYF8Wp#l)w@u|G0_npqOA=1}
z+PS=buA(GI;4<M50x!Jcz^f|7eiEa<*Eb^GqAB$er~)++>#C2r0i&#5n;gFqb<d!_
z7On{~sV_WxPAqPJk)4VE@M5cQW_$wgcpR=%B*9AMj7t{I%d(usH_e@|OD6(%yX9Xa
zj&-J`aJr|f6EY0%N~Tke^ZZJ-V7w2lvWPsdnQ;4)i}pQ|kdPgJ{~S0VAKD-b-_bpJ
z!YKH1Yj;jmlQYxWhXR<@(qe;;UmMWPzO+ag`_@)f<Nn~JRObun8#$hzLB8fm3n_TM
z^iEg2<^a#inExUh=kyaSTi+hN0xxale{O19N6siRLaPz<(62TKas6Mktpgnh{VS8c
z{dU;!SmB2mUviD^U+JnZT~^${zG$U;9PwHm3g^tyQ?^YLr}EA<Igki9iex6gpU;Gw
zy}SRq=ChLIn<kO81s&+rBt+i9j)R8Qj`m*W>7BlmpPArjf52$gW@I$eTh0frA|($x
zjN^nDwC|EFl)By3aqemtf~PSS?zvfne*+BD-??o@|GXM@p8wR#qMOuw-=?2E`ldhy
zhPjGk&)5W|4__{s*{J4XvnJ403vCK-$#rBd4c})Vdoz9pUIcON_ZvD|v0n+oNQ+4W
zEvPfBpCbOJX!!Oh9;#EmX#2s!DA@0Wz>uGqU2MguerE&5NNt)b!;G<ePF08Z#lSLN
zpU9(p%IrVo@o+EYJMRM%7-+R85f<6n1+Fbzi*9Wv_S<OjikdRdBe?pvF(q%seDWa;
zIHWBU%(HdBZ5F$qm&;U%jGAx8<0EaB#U^trhZwGANrYnT9=`4(^x#6?@~uMgm+Z0Q
zYORq^Dv>86&R@JK+Z!>X&?L7`#5;3_SGHEd-aM+HjnNl3_uxdb&bN_2n7W$zzY%Ul
z#J}Mwm4Bm5efwGkE9ds09Yz$auU}a83?(qBtthHnOOg#`?tc;-zg`C})Z93J*UOB8
z!}9kp5y^MKrdzG<E;my`iGv%3uWfM+w3^!&8=reKPn6PPH^CGZMOT5PMA1^YFZ%|&
zFmdwYitV`gE90o0xIei|X7Q>Ly9V=f+XNHdHexEf5Rd8#v;hx|ZV+CG*F0Nm^fbP6
z0~MY4^0c^8P2P68_Vgvr$hIE#FsV^1Nk`7gv8RP!AK0~kIyYTVFOW4yJEel$06kOl
zhAK+apO8&VpEg)1J}6AR$ku)XHTnlN^IUbz&`*=x$;CBQtdE1s%7Ozk8-Jx&<x`N3
zW_GnYsgbkjK0%%_s6}=Q?H2r{9kWl&fjmLPqMYkqDw^h|LB<TX**GvOya%gY=c!9I
zHoJw2EhWXIU$6uT=UsK+HTgcqKIQxHE;i7SoSO)1KRpykT~^c5Ic;@Ij-cH4k3QEP
z+W9KGGKub=wGk5GwtqZ~bCgajFh*>Lx+K<H|2)lDGKJc|nVu=}nAISJ(Y>jAmO{P^
z1+;ZsS~Sws5J`N|A?3`=%hrwC$X35I#p(Z!9y7vaL_2HS$KE_=_3Ys}>u$mn=4fjE
z7~q<q&MQ&|=m64+ja-;5DfdOh=}k(K^0zZ3Q$NS4?5+OZiNdMC_teJ(@DoB=(o4Pp
zCw}z$jPT0vDQ4Q-_pM%+?@Pb1OQL%=EqFLgn`*O3G5M$i%QrR1_LXO47wtutmhpW9
zyQtyk#4|F6eh`T3KjuaQL1SXn;zLoM3gOlV#DT0!CCB|QmaObYC`ww*?r*~TZvXp*
zZB$_=`&EBc;7;p(zX8X6Q<SCC(9$vVi>%z)F8PW^t8o7<-^1H4*EPjoD$yBl0JM~5
zu%b!F0jo&oyh~P1l~-mnnDrWH^%!QjF_AYO+ZWcw-Wl~Dh*znO;rvRK^+Z3(?gD4)
zPI^xMRm9#RE*_QUP!7Q{>%{2z`*5vd;h^qy{=Ssi>Q=FbHy-qv7>SVHHF^p8oBun|
zq&ZIV{q?<z>GirJx!S+l$Pb^Q|9XR9)`pXIG!4NXE-vs4oSBw~ZNP}mNi39!3f8>p
zzxlo#u#wFR3F-;sZsOpY-!+QELi=Upsa(}v2#h1DOWIbgeGH$Hj{N7!vC}?A%=;tA
zd=V@S*u$$#4fB1eaIyOC`v#`{dTj=DTQn)p)&B3K$rRzd!;COTcjE8a(x#2V&8hsN
zv=bctxsh+`(=6BhcvWE<9j8By9%E*=Z(m$)MZo=MFa#43OG}e&X%rUTLTuMeEVKl_
zdD$u|tP<qgRMu)(5B6EZE}Fw7-#>0&G*AfC#3Bt`xFacF-C85&U5fFy1}*l%xyN1J
zTF3YBcQQ}9)E}&NJ43>L*a-cE)$4>jlV#J#-x{A@5uRHz8kGMvrhZTJyoZp=tUA~#
z$um!dMxF!VZXcOWGfN9QFuf;!{MtOxvZvIZ!nXLGLxa736pASIbZh#8xKFUJa~TM0
zj$F73+^uurV|6PS#4v0wBpx?*i>dx9+=n!p@dPbDKY$SJxosWMa&$@AGv3JMB>M8a
zynAIp;hLMvsJusI^ZD~0saNiNdGmYk0X4@>=RD4zzO&JXu~zMs<N2};2Rqh2EqAOe
z?z!w}eq>BALqs&P!xxvMC4sH~Mwj24KtrahL~^wt%8uxgDdr^gl{WU}W9gTkiY|)R
zNRxDIouKQcK+Bh5Fj)Jlwt`n%udaN8vn>BEhg6_yM#EcW1<f|@39zFjyDn!5M0Mev
z;r(lMqHhK*n~1egIdpw{YD|3g8y!dQm0nA-k7aj<B=uitf>%0#FY9bX_n8GJtgt;5
zV84FC76W@J8&3na^MVf1)bn_?R_N;w503p-0HO0B&@J-OuYW}ES3GwjNZ%aczNsUm
z1<xZe>$hmLKlxw2#iLK;NC%<UFi_q@^#y|+s;!xk6O?rS&!D3)q$UahqXwX_;3G(k
zi1>ghRwLeFJKJ4HH^*l6V3LI4HlOdRD6BnRc|aq~$Z_{xY(K-`?>d;ht)$LuqLNAu
zeFLO9JAKKxfQ2g2M(kIi>sO({y3OK##R=(u$sDcpc0{H!;h`=%!{YB-1HYaPn1Zqy
zpH*LLR?|A(UHL}qJ~lVx1>^_f&{XB?$(lLLDT%3_bfd*Q&X~iw(2*_G^S*#)KNk$~
z9Ng%{%pS!D>@WrFVa9N7krO8hqd{B=f8+BM<1D34@Z+5Bk#J7IlTUq}Qd|38g%|eT
z_k95?YXb8to1>#M+l~0iSF?EwlDBz-oBw;&)_jQGJv3$Tj#T;mLOVuy*f%x&ow)c0
zIqt%ouL_u6gkN^#33tr8Bx#(F-iU!`EzFaKGn&SRrkLdlM4_WVkGjDNu%kL1|AY|T
z`QWAj;h8@DhU~MgN#}9=OyClAKSvs`hnRM`_RvUp^w-75Wg_(T5W#}WQrSvxaX?CT
zX0f25lYc_6&qB$HMR=G(8onU$LB4D_de466WaV|)5Ou9ET0hzsJsEyfFZ>^N)LOos
zqkHG-&}h<r#{spdZ41-NHfwbxH<6CLl-ipwRJ-p!hQH;zkGztu>l42aCb$<mKyJWX
zUR>ia9Z53@Bumu@j$wE2^iJ96Cei#A58Bhv^A&kS0%bv7G`72Tn~V6+ozR$pb{JmL
z*8!s?I3Fe6w5a>EJUj5S>{Lw!akkd2h<yXnNq9N#O`XQHLZV0Lpmn^&qkfJ2PM#G@
zKCUEZln<E8FeOLPYootE#}L0auaEQzIK-J=pf5KJV~0vi7d}$Fm$GWH?`I4J$efu#
z(f4^bvfVSraV?s-*X=`;{Sbtuaeh!I>ZYSk!tBDHg>D0r`}RiydyAo~ydvk%M@7{h
z%94KN=<F4Pu#+_S4q7Jsri%4zN!Dz-y>@~xI%w+nU3;EH_C#h#--g)~u)<?$r)5~&
zq)DEsWe<8i=&zplc&>;=eN`V-0-F_lsTxEeUc;LB@I^he&HHN-ABp6r`l_nDcOvBl
z!adtgCscpHXW;#bFXgL9P03Prx}0K@ZkL_byQ>>xB%be$tKxo~ugRXgNI$MVO60+Q
z2N8QiiHb2^Gv_5XH)X$O3*Xi?R#qWbu6h>01};9ZQl$0&&<fK_<n9<?|5u?E+=Z^B
zAZ^XLJ@6&3YmQyd5<B<hkICMv-R_F7Zn_3L4A!^W@p$07`0<uTIp_zwtU*v5)egEY
z5Bju-qMjPk_@f@iDh_R+R0oS@7RhNVrxft(h_C`Qb^fLvt9A4;;_He#aYRv`U&?^)
z5^!_`LQ`olCJT?uRpxRpGi!DrF@1`nk_;P+I}jBELtJH|pRL667*Q}cS<`sU-+o6{
zd`3?=@<#p@h~URpPDfy%K!w&UCR{7IAySF-dnah+mhzw2gI`5U;zLS$vm!Xf94B=C
z8h&%hWY@xR4yW@K<j-Vuw{o=jyP!*O+c*ew>HA%jz>1U5^b-*VKJ0?%ti@)Tdk<?w
z@f&I>rrS`U6-1ftNImxZVO3;1>>LeCxc`7Zer*|DM6-SLPl5OY%zOWdkS=u75be{r
zZCRoZ2qFfsyUu&1^*e|g4c=e<R3>pBRv@oO-g3t*FFy|E?pn?o!Mg^pL7~ske5EF|
zA<K~Fz?S%|80Bc)-$$9@C8`%?_h@=l$_3+#VZz9hG@pW)L0WOU>kS-g<m4RW>g&Mj
zjn=y*KVUr1u#{${`uI_~vAE}U>VR;5E&G!qc!Tx+wEviT^hRX|dBm@W^038a<$BPK
zd$ig*{+9jlnqu@5{3qLgfr;k!ZH<+Yqt^7}p?cvD!d0UUF>LtNs~>0s%}RGMlj2F4
zP3!40WncU_t(>x-E<Zjvqg!2u9{vx_2&nF4E!3o=d6#u6b)fAf(jy7)rskJ5V9W-q
z<^h+V@hiEaM3@tdqO%qN0f|4Oiuf_{HW_g37Ws_vYboq1>fTCIM%~?%M9{+O<4?D{
zELu9klh^4q)lkmLZRHKI>g(hPer_PB5k2<CrZU8jqs>Iy%c_THvvs=5J;IGLBRcU9
zm-Q$I6sUlm(YJg@<BkXM+6*SV{%8rFv~Ka+%I6>7P6O994$np{nB9-rMutcOALQ$&
z)VVkpF8?HS<ZKf-dVYq9)5wm-udD}mPE|(5$QRFXVc1cL%ShThtYGe47(UXJb*77Q
zD{^w_+|qZf*t7-KX8#F<b-=2`;-c(JZTRdW+KE~I;HioGe{8QQFG}5c1m9JS2;Sl7
z?nfLf1}op$i3B2k|C7N(?25D&&@AtPjWf1dO4h&P{@|mY*k66EmvS6-dkgx(RpCCL
zWLnEf=F^`VJ7NOYFZxWjQ~OE<$$zyfEmtUa|H=7w=B%<>kToNZ_o_BTDm=l}%hH2<
z5sdws<aoU`R5h;cyKOCyzH?QU(U*F(>YLaDa!GH*L}v9ca?_t!C&01ONTh{F*~G|H
zL_3_|#LOoidg|KFX&<dYqcy|HkZ;d(`2+1>^0TLZY|=uizi!}JJP+E<A&ZK~y{#RV
z{PLclza^$~+#h{|FTWY8cM$Ar^_1&T?r{ymM~S&E26A@9g1C)*SF=(cvQKcE^(;^}
zr%q3U-b4H)GV!PPbe~!6<SN})!6DE|v&lxT*A0Bay`=Z+?rODP4qt~0JuJECEb8K&
zEG-~YuU2A<4{_+@eFr{`VC!<L<N-3_XYpL&#*L4djtC_fgE+9X7SoB&0jmbhe7L_`
z@&TSkjz))1{5Qoi4g&q*p0>{~1#`dbq~LJR;YZoi8E}_Lk8h5FM<(lt5(RWps`apR
zAhAvtehx#-i}^o_t~{RU|Br{H)4nCC9Q&4}a#bohSE*ErN+{PVAt_684BPlhL|N{N
zS#+pexpK@llKYq=Bz8DAHrwp5d;9J8*XNHt9-qe^@5lS|`Mh7xlfegMesJ4W(k^=h
zEgBvf0zgMKo@`o&vP0Q*pI+ROl{Y&wWC^{8@2iyDUKc}oHS-z&zRiJx(;W81+{xZ;
znK822rZci^<o<s0sJG}JZaq>JsaFaA=H+wvz{yRbPlci42VB#cp5U4AS;9`X%=s4~
zFvz>VV*vh@b!eS*C%bDd6nG}nnxeCHidmKW#&K%ggRHG?_f!+Ucp@x1V8?DNC+arK
zbMU{D4kYV8l`EW6!*>Nb{YJ>J^K`EEX$h5s(XIpb#`@$t6YVm1FWaxIEZj2a8#T^Z
zxQ5un3VM?F?|<R0v<lX%7IUc~c1TTll~Sa24_GeW*=DncU<3{fVx4>JR~Hbq{}$yK
zI0h4Q3grD<#0Y8_t7>-gr6kC%;Y3}YD%~jJxNx_0a1G)~Qn_PXP(*1jw>!!x1Ir8&
zTrK=Ojl=U27wi86{inFFIxzF~18AGZXclPo)dXGr7dY*#RjG-Ynt{h~f5@j>Us$Q%
zm;<_|)q`{G<s*DmX5%MuMuzC;8R>FQHDe4he`_sFmARF-#-JB=6N4lpGI%5|j42zb
zqa^=o5PBy_GGA1Z2He${i_BGifaHa&L<?5Ns_J)D$U;}&OZ|!P{4Z!W=0OwezCQdp
zs5|5>%ud~|7<aO9=VS6+8XjyMB5m9e{p-$(!iIv}p*4OO&`Ep!a04gy;g=f1OiP=<
z89ZT!c5v>ZKHNbpQ#{~o<1L-E0>o{I{zC5W#bUO@sxQmS7hhTAzVk5&t!{FMu<b!j
zLfyQd%5kl#AK~(SGd%iVSuppX=H3>?_XI~Ox)u5DTR378f`8fYHCrgPVc+UqRC_zU
zFpV^KQbgCf_F9(QO3;UXibIWBJgB@N2T6*Z5`ejWS(gnQY0fQ<<Es%g1@jW)=kApf
zl)pNqmHsg=a0O%N`NWT%v+`)ky~jVAyND?ReQZ6nxGaq&vX;N6N?Xj8eIhJ?GE{pT
zU9Y?{&`P*xe5(0Y(*+UwPP?b|Q@LGc95HmLpA*sO=~!>^tNujL=id)#KRo5%+WD3q
zv&Q($^F3YX4aedYiTN6E+&ZYp3I6v0TcKj`(|$eI@k#lpyi{jMUe4t9l3os5R(@10
z!=CLAS<$NKArM|DzC+EZ+TX(U`dJPd2JO<dbc-1ICeF=1R905Beq8mXxVtdP=-6pO
z&9|TlY*7-$X)x%%6cMB!`8|X7kkyaH7=Wxx4?tKuf2=i#bL3Uw<_%gt{Ady*K1~~6
zZDvtp!R5(_pFXk5YG~;)KNK-;g@1r9Tw7fd`<}a=ZTKKX;rSoFf9&g$4mLjM@4s@g
zXZJieQkPw7b<t0{era~gpQMLOSoiB!Gs#;-?SM$uhu-r8pRkiUunp03M@033tm}`?
z01Jnsmet_3l}ipqAB>71@j+8OGPZf{^fDU5weNZK(?vfItpDl*m-tzsk0eh#Q=G@Y
zhItnEvzIkjMmJN8to-x5QwJjP)t!Meo!>H@LLOehCONR<V?vl_e`I@c4R|vH(QawV
z0UZQqN80R1Aj5B|&5V)URI?JER?fZ?*A6=Yx+C_O`RZH&`o3Pu?yVlr)oJ>nEf<|4
zheXs)O@7z8xIM$HR@!%BE}(giZo+1*0qiao%G}r>$rW<`Q{<$8&xiai5qM6dZE49<
z0Z?%{^DCOt4k+xaEW1uVe1NxsZ(Cz1`Y@*;6qsGP4`l>i^HMz4hfI+@fQ!nw0XWFE
z^5V5Y=m*+@I!-(KzAN8pLhrklv;vU}ALlIX`r+uhfSizZvVMH9D#XAxnIuSJnpW*6
zH93G?_e!>L0XAy@W`;6_t`N@<LO=)qJ2Q4z=QnRyQ`&aTv4CY(<3^o#Jp`?{xs6B7
zS>>iwzJ!!8_c<6LLZCmbY=<ll{&u<t{aYEif{i5#qc%Jy>ko<E@K;m;Fw-8E;kE05
zR^mem-Yjpdx4_1p+$di<!8ROgg1-C}o2f9_#KP5uL&#PWiKr`IWj8_66#H&P5K7Qx
zu!^_}XE;T&9$JXM6%35eOzeoAAOues_FD4Rl4H-}L*#wU*e?Fr#fxe5JjOYK-SXTZ
zcPsrY?{%S-#P&82T7D_iA$-;WF3_6S8Y?DeE-N#A=%FOp40ow!3ilN*X$O(iDu{0z
zfq3(`x-8aOgNX50PE3}ueCZ(WP%FULE*@leF)jq!^+aQkFb7&D%@nI~AXyF()PFQ>
zQov{J$7eFaG*(RZ(_{O|>DFDM4w{cCD|_*um2)k2xy{Kf1T)1i-tZbq;qGd1$$M_P
zqc8zeJD|^YO$16yOY3V4o;w`;WZZ9YC~T*U{dSJIU-zAg-4u28TBqJ~0R9OJ5g<iH
zXkJkKX+$V615q($lR+3-RBw1>Bu=oEJ-D?3T_6EaUQEefdmwHjdr~x4gwxO#EVR}&
zYh0^r7BTXt$aVO>5LC)YTDjPEpK*};U!OT|4d}r~U4eeO$CQ3nPW~l^aX-4iA9Cwd
zO^tiJ1lVm+eUerWT5*MsS)aI#@<N<W7Mx4ArywOt=~`u|KKmzlhI+ZiN7MsdYmHs*
z3GO$HW1a2p-A!@ZjDKzm7W8bDx{625Al!EmdygL0Ndo?Py4{94EH5W49cOp77rUwp
z<64gJM$t^zYDeb^uz_%2Ry=~#0_zN4anDCQQI4Vw=QZsF8>GvEDJV?e^*iD6e{rpH
zLLyLho)>&ipy{%A9K8{q31hA^upU>A@cfJW?c2q?J>KYL*A`e(fQ~7yVZGh{JiCNv
zhwmrhZ&9n}x|V!u6bmF7kcpM(QzUOJA5se`$085qaM)HiLH)suCn=nk4s=ATV22JB
zpiWY4z<;(4sv8Lw+NJScV!i8u4N*x4YStwG+qr8QbhO3QJYt>olBokDbq_f1IoIAS
z#!JzM44O{fo9UK6k}1%O8^9WHF^3BML0`4Wz5!Q*_dO=FIGv`h-aI=xdYI+qSL(7^
z7|zFRN<hABWj@TDuNEa#`hTxc5tN)Ur;u~Cllsw>5h`&DUv3ib&8c&??Sh3NDrZ|Z
z`qefyk2MC-eSY~du3`T@lIlNs4p;h$j-1ClLx*4BgouAk8u6y}V34(RvXxM4V(V-h
zJZ}ghIhUL~Mt*WG?EauC3L_G2sXRqM4FiIY>@==yL8HIor0MgJN)D#iNax%`T&p`9
zo#L>dL0Su9ypZ0>2fXI)jxjBoImoqIrz*fbUbGhMmb@&9=%_{u$A|pY=3k7~ICRi?
zbw9%RTpGR0|9JbRx>mHZ(d#hDKJS=Sm)5`&No5ncg#{~yjop=HSam^OW`k~v+Rjmu
z9YzFyZKJ4=e|22vlD&0r=jIPWYZ!GC9|o+3KvW`YceERxE+Ju!ZFQoLMO@|r#>v^T
zCGRd2f<Lz(J|3`Aw21Ak|Bf`OMe9?jxL1XWA?3Cpl0}=NkA?3qkNwDev}}C0R#I`d
zcXBB_C1!!7@itajapG$d`#?nMEt{Q%SBR!vL$!1)GJS3Wqo-}>Hn1=PW*h5^g)GKH
z;Lz1%Tc%}#y$7A8VCF<MO|XzF%%92EdhX9Bh32;+cN<Cq;xg%l($&i=Jgi53d6X;l
z=#saUiv=)EkDv1qcn)EX43HtG9I*VBHr-x=l|)#eoXZ=+e|r=25IGIyHkgOzce^#p
z+=lw8_0V{E!M_gmCu4rAtxk|oCb97mXMm}SW&8iK0o|L_`?R`v|JW$@+ujxYqN@SG
zA7yV0bVdI_FII-Ts>wqs4ot&02wm3J7|wT2ebHQHlbx8n(q8QJ%hq^Gq&p5=)EhCo
zDh&{nRNDoju4g{YNB-R!-F18gNyG?1=UHZBVh;;%b-SY!T=-w(VKx2g2AT3b^4(%Q
z2Urt@+HHT1H6(f{N?2`iTy2tdqrywvea5c9Q$+rb=(|8g<nlslN!R#gnes$5+Y|KX
zxH50Q#o4aYkM&fthH4iC;{Wc9)<y((htm+Al3HOHNI3oJS2C;&v02(x`!~pnorb4O
zwVmtsZgEl*7~kk%Eywv%uC2fZ9Jsh=g?MhLCfR-N(^BJB*zaV2nO#H+VDigJu^v0J
z<-_Oop>dN6BdMEbT*&GQyLV2(C7rGCtd6=i?~57aYOl-!GM(~us)X8{n-f@z$8_!0
z(i5C6xL<SefVT@ZRuvH_4jEX<*=y08r3W*UZ`SMr*+E}nCl7#rY)!aZZPnEteCway
z#L<|<Lg3e!<n|mh@^|#Q;{17#l`6n*Uq1v^I3X|696l$#y>cM~@jYtt42rxg1U$_z
zZ5UnJPEF_xeN2s9(7aR>=X^d2{;(Y}9R^pIwd@Da#!E_qsYYy!i=uu25&kg<^R#!j
zYj~(*Zm=RZIate;9xXA!XKM=i3bx_{^_&P2iL;yyA)!F;3GB0R<-oT+%Z5GKr|7W@
z7yT#oi02hQ6*c*%CwwpyK<S00ttY75)2hpz3M4H!qW;UXpMdg`hDGf-_X8QLi~i^Z
zSMjzgbX!mIA6S!C%ZK7$=-fQ>jGK76_ZKZI8G6r)0h2?8`QZNCv%=HK=LpM;An3Mo
z;L)?x&^Y)iK0-dK@D=xl%GKi@U7yxK6bt_j$gW=>GCR>izVPlcPvD``Zr4Ir6C^ns
zlmos)kCp=q9pM@CmWG+Zib7p6@fWSFwObufI6v^}ZO$2b^61m~yWow}owy;vU)Uej
zgM7@^q$zQ%2}Pb!;q!706WdnsNRzXUO_QhUK^+c!xpHXPSo(>PJu2D%@vbcX<jT!M
zD;E#L7Ef5r=&@U%VHVd{d_y8|dj`XAJXoE$^yGnDl>WPm7*TF#AT0=9i@Z?WT+dfz
zUsfZp<`HXS&yS8=sL&;Q%14Bc%gV!j=$6W0zFWJMNno!yxvR|ctGAaeX)i69tPV!d
z?eB1_Z<x99IbIj<rEt2hJZU;`Z5#EicISk(=H=3ey{Zckq#CmoQqOvqyF=C?wV_AZ
zy!D_vK?4L)cY)p?M+EDRR1UMLA7?S!4lobnX%}p|gZtbC`sjx&HnutWZp`~rf|sdL
zG`DKjA%W(T8)-Pxxni;{+wl!Ed_tBDBx%EM#M_agbs7!vK@oFL7N@CpsUzh$YZL6)
z3Ypz0dlU}%kqDf;A|9Oi`gGSbVE%8cmF(g=Ubl*s>&cA`EVt3ta`J5pHqB%>Yw;?N
z^s-A*{};J9%2#e7F7Q9lHq?iBjewu&+pnWm)>B&7A(BPGgWL^l8fzYW%i;UOKw;x+
zVUgiegRHl*&D%lEFvQ`SRV_J67me#K*lX^h$DhJlWZ7&I*Sy4)nvrdfZjvyj2Z~_X
z>agLl5(Ge+CU}p450Piy?O}aN$&cc_ggWJtCpW_HZHRKY@UyI7Q~2h~AYSiAm|uMa
zjqB~P3Oo#0K15%Oijd3{2CYw@<(@Wtc~o5Kabj^7;qo|QXT}zrXS7(0J%93QPHQl`
zaXEPmw(?|9fUXWf4gQ@$C?m);;FtFdiB7V2SP!Dzq+tlpdik{8!5QfsB_7vlWW8_v
z4o~z(K9T1rRn{YPv{ydql1KK;bquN7ADo$~*7D5>s}^08+5HXrqf&2itVa#Dv5A$r
zcK$5stuBP0{n^@D&@@~>MrhWK9t;$r+g_(xJPDR{2|fZ}BAze&gg~b{MWi5#25^Uc
zIjgi!QU*MX{4y^om_2=KV`+$V<CKmo|16hkJh$NUrDie;yUyU4+haO`w~#TF^eBQ=
zbgb_~_{xq5en+hx4IA|l@`xG2X=c=<Ntg8xdpJ?9X=t<dsUV<!jNhk4fD@3K7>8DW
zmnENv75>Z8^RD%XvJklN2Yw9F**K*RI*ODg*tNuJpRx!;upa@>s4!e~1*q&Kb#~g%
zbJT&jJb_xb|1VfQvyr97xV8pOmY!OzXtNCkap?e|FSGoQPxf!%=ahWUT@!2K)_&zB
zcd>wCzkG0$%uyElv_-Gbsl~rkG%NohZ+fm?g>?3jH8%gdYJ#*4I*QmMs+U{!ktvAn
zCeQS?c*we#I#RFowvu{||Jx!(+nM4v9I>Lg#G+ttMdkaar@*IiKZOtr?XSwrx%{7h
z^u>dh$)V;i(a_QUSm_q{RpWVtsY~O{vvGxpPo<tC&nbB9m`!ednOO10gtYf8-N`f;
z{#}y43p6Y^PYxfi<Yln2<)t<f=mxunSCswW-qbS$K8N~<Nw=mH+GmDv$=kL&`fY4n
zfh^x;a4k?6ewCitbKnJZ<EZ|CDssl}<zljBp4&mf;SN}`3_H_B+`rhi+|^6`*;K!6
z;#a?$yU9RfSswTf6nV$!yKU55@*6~SC#B?LD`}OUdwFa2G#E0p(6n3e+v0`ax22Bb
zvzL~9KC{9I0q~0hu&+vX4`ci!KcblAjxHzWOTKL90oca*d3Vv30mwe&D^-KV3_tOX
z#xGtr=dR`|*s+HYcUdLJ4!n|iQE=W?<;Uc0?x?hG{yGZo%(s%h0GVU(aq=He*Ojz(
za4X@sr}b*}Bw>}*S&cu9?lS*lrw9XnP-K~qL!iCAEigwS?k>TYE!wTbf~F@aM+<tL
zM~C_lH~r49614^eoaUEvyt&Q_`)}8G#G?LU>nBT0MbCb5M#}K?C$|=tVM$Zr1YZ}r
zM3p3yR_pP~K62l!vA0k~Zl=}r+$toSRkG?Nzvar{7@G#@&u&Wc7;QO@mB<-vY~ms3
zN1feIp%q4wyYL}9%GL;COzZT<1z;1O*5@aTtYDWD@F*Re*(ce<8Q{KeU4s1?r0BKq
zkyKh1<X)#vB4UH|H6pv{INrqBhyn3J<?)?=s~ULsy+W>Y-wW{=!ImhBuPamDCSDIz
zV85^r@;<`<?h?vf>j>;xrcVmeq=pb`1IAeCyYIp?3+7~d*v;-I$&XU;W#sq9Y>JVX
zxV8*mohoc3obAq-kmXY(ko%zV4S!;81jtzTE?z;SR17kldE|SN%IDa^Pr{WAYrOz=
z57MP;V}aABkI!Ui*+iAL;oMNo8wEmB@XA*9YY?&V&hdogoUOQiHI|>g4I_gbBByee
zIF|M*5iQ=ME8ZO#))DL-*%xA_PN`*}a5J`Z>TvA%R}*%MN#?I+>Er5*xnwnF82GSM
zKy13xx?2dyAzDMozi)%gK0%PTi1>BT#;AGEH+Jb_J!`Q?VLZPouly_DaWS^)q%7~9
z7l>xHJi-{reOK*ftdzXnHV(ODeg^(j_5~lZ$7!lYSKaQ*iIr<AE6e9vz-q|5@{)-p
zew`6`YZ5VbV^phv<MO&3jn#~l!bHnsV4|`*Za$2xrFUHeHadz0NKAwztseBGWK+B2
zkS8QtAkh}4ULB}v;Psi!?UnUCoe3hj)^hv(JR=`5_7aVc<BR=#2aKvDextOeUpgQR
zoRicv_y{A_;szZZ_eZO&jHkq~)mFPmr=vGd+1@O?tisW~LicxtR{mPGE_IMbdg4Q3
zAXaROe=&X@L_J2C8cEYMYz2gNMLimi@>Ri~cU;Z771PFB_MsdxZYP{@qQyBfydH_n
z7Ai?{9XS~TBG`pG*qt`ytk&PaA4ZsV>-;k8^#PTbKPIazQYQ)|qZWf|=hW*ZiN3qj
zATlFgobT_OlFbNDs7tAWdA~2}T$-Ysu<wc%@19qE=&)*Z*?4(A0>X}O{G6ZvoiLZF
zGg41z1z;@fZ;R>y`Tr@-tl;`%-%f3pmo1U3rbc-9hJz7Tf9VHb$mhlt9gKJjKI=+H
z_K1z7kHJ!Zex-R!V(FoQx>#4dDste9w0u-2^LUmY=VR3DgdqQP@?(4rVLv4(bz?MO
zlQiXWam^yuw?!6LIa=d)%#f*T1g#H0I9YI#XA%_}Bv_bp^jK`(JB?0iX;b55S;cq4
zSv|g}9e)loRVM7;;mnlCPx?~{b4T54B3_;&y-7znwAoB|5^ZABb7@&;QK*Qf+Ft<C
zrNS5UX7zRVP=#JWTI}D6qzpTpMgK$Dvt;j7g`*lXhfIxfq&9@V;s}LA@i4%@Dyk;F
z^K2KXylqJDcdC@S-3nAwtsS{+8L%&x1JbNJgV*-Zy94`n&fDLqE6B@-Twf;)x^apK
zJs+~P`%yb6k`-)E7wV)bmSxo?Wg~)YTO{_X?wrZ(^bpAjj`z=Q<Sjia#1XaPbqXD+
z%j2pJ_4DrGeh2}_&nb?qKb7=0Cg>2YV1Ry@caZEs*8oS3Lx?-zq@@M-g=!o!s=Cj>
z43g%<xDKpbd|R;m5$*V-Ni3R;{7vj=3g4vrqb(hxg~GN>){emMs*;kdiRm^&d6{mp
zI+y`Z+UTdh2>n$B(UYc_Wy<=ymxl;-AM;jkfse4i*jBqO)ZbvXur!U12FOJE@7w+r
z=%-5bQ-FAGr_6Vd5$Gi48V|Q^rGVBLygmIm&8->rx^r;`SgHe1H^}KmIVq3ok&o&m
z1C)-+X@&9!dTH74E_;Ss!Ki^Wu_e)<t1za8FqzaqNpP97r_*VB6+tJsqgQaNyWwzX
z*BGRr%tQ=L7EXK9vl=ZFhxSo?f4uXx&dXy;d?pi;Lw}3En!*>?DK>|5Be0l@m124$
z2e(zqz85Or^JphE=WJm-u_i>t&ZhDJu$5)7J`teCWPwx-a{M0Cox4dWDb#M6dw?C>
z;*XEycN8%*4I$U+)7g5_(JdI`gR$QUhh|F4_xXHYJq6jm&paOOnZQzdR+{I5cJ@`Q
z%7Ds#^UX^y@KF~ce=S^hVHnwTZja>mW%#ij-Mc@`fAE5<;oXNsa#eeTib0kaK7>WI
zldnSv%NW`Gq(FulcK0@L#^-rJnxKQ(=Vmav@RmVC?PcPY+OwFj(VJ{o@HZQYq5&Z4
z+qpPenj1tn#5M_2CD=#e?~2kHg4X)gC5M98n3YLq)to8VbUik8gm4SCtD!QVWBeH?
zXQavI3(F=lY+;|0VJa~vPlFi#8;2gPSJsHKM|v=V{}9X|{*}eI3k>6H2nI!Wp6d9%
z%}Q1k<v1l?I7BfZZK%eL5!VGd6poe~e23pK7iE!OD;AHhv5me;Z7@(4kP0i7imCpa
zFY^=F3aAJKt|IJGO9JZ6DqHEd*d6#PA^C7lvmNzUsL6vxKkK{Bc@Fh2Z6~WBeJi9d
zL}~{$K4|z|VohMQ+cd&)SBNoWi$o(QLQjKu=|{O1+rj@1DB{_W7nw&2f-@dk1l%=4
zgLcOucCEC5T0DjB5HnnRd3~VuN1JNF*qR_2stnkCk(<yv{N>u?_0VQw@u>iu;O{@e
z<`1~~XZ;rqQqlihiF?Gy6fqP95{DavqSRjT!nNkx5m<M}7m3j&9ZQQr$(KOCj*bs4
zIaDTJf>#DTr6L3L_S@_$V5|ae?ED=5;t-=lKk<23`Z=Oh3Z)djn@O%_hbOY$Pi_(E
zjz!gqZKb5vrSH{t51OXMr2EK8tDAuhoD-su257!hTSli=sL$0WYpJ+Nn1=P!wW7-l
z;&<p1VQb+o0V|?Q1A_kbyg1`L5NP*{sqz~JM-5&c-Q56*p9zUgKG1()E~&X<F~QYo
zX#B{ZWjf7vBTW7Wl^1<KTl7}>Sm`vawQDL~+P*9#j<>WKY(N}|6OsfpDCcztC<$+D
zQA_A2M5!=szlGN}unw@_<PL8>QF)t_w7Cfk{HH!p@0I;L>hy?O`FRs1@84I7KC)Yx
z>yUBby1aGo*oK2<;>qSbi;nLI&f$P~f=s7y9)ukNi+1!HnyHa{r#91d?Lg1@k~EMR
z{IY#6?)`CdV6I-81JDFCeGE_6PbQ+5R#hT*mP8b@zG{Yw!~0Km2QNMh1xi@6C&}?5
zHLH#np_A|%&C*CYA(}U5{L=~qQbcpsAeT;(>()j;-PXP-7mYY<(3rBVz0Ba+BUQ1e
zijlF{J+1W~#Esa3P!m?EKpUO3-s?u#^w#98@081p@H8zNbiZCqx|Y2e=yl}Y6?NJ4
zdBP8^395Y0fCJ*q1rp??uye^)uz$%Xb6uZ;VE;l`oOHBy%(bC~67`AtDD--D_cuv0
zry>=F2|5aoJ`?3|ir>u$LQRsRpB{~PM*Vift8jYi-b@nytVaH<cwjq)iw#3q)ZoZp
zyClv68LrxGXmSd0RAISUI{0C#RNdjuA>PYMSw48hSUBWHwCnaC6CiK+e!z9NAL9i%
z_XB%X_bgn=l5x-(28ZRKlUo#XFXlo{#+Z&jof8;$FW%l3nH8^LH6C^R9*X=q3%F@0
z%6E;yF*RrrxlP*LWcf$&Z+T6M%vH@mc1BcC5B;|5&xeCET=SOj{%qgLtAjc8Rm)NQ
z^y19eYzJW<v-hCOKw{z(`2I*x(%is8=BI)r*g-SUl(-LD(}lnCM1-K23Lj+VSKd^c
zs=pzzlIhtyQ@3qBY+=*-kmIG%WUY+Gy;5*;5=OpbB|Kf4efl`8?xAMfq_6bh%HmsV
z+N=KN@Yd(o`$yr;B}8k*Cu*_A*tdZI!IsXx(WrCVKwkJ?K9oHx>#WI`aC35db4Y2(
zzWh$PB!z5BU~gdmF-R?WsOjFnUdU}YIk*tKS;HXnV>%aOyLXU~e>UNCSq;oV>hm67
zqY%Kev267zusO$2`p-e^Ju0Ui*>!D~NDZ_GEjC<fmn7=PF#Yw(enb5;g0!;P#v<-r
z@ztv&bqXZM=Z(I=EPep8-SeFfZyo3x>X7DGC&phz)buXY*C8^2bJzsXLz=*tCGEId
zvUkcZQkT+Nl`0^MyIcH2F#?+q)1R8FPv{<a^S$YtqC1y(dpQNj_T)%&*B#y9a)ZNU
zf2u2|UUub16k8Q!ph3|4y(hU;qeAvf-e?r_u3(+Auajn)=FgpoYca%Sf&!@+t?0Q+
z0qipQ&A21b<{o(i{t6m_-zobsSk5(A%amP}m-mCq>(^qpnmZf;f$nZt6~CPs5e+u3
zY!n9#cY&`Ys<_~{i$AzthP?FMh}M`g_F4nq4E68rC9W~>9$T(w{n#vv8(W@S#BP>v
zpk)>O*o@Qv0(<9hYyFhxPn7fbz+Eep!vbu3S_>@b7i5fJ3A5&qcG;`RF-q_I`N8pf
zq85SY`%Z^{P|F6PquPH~7L;QG^?ccFQ2jlphv|Z6Ie#$mQByn0wu2-ztM3vEE6<<C
zN_Z^LYE#8t(CbU0J834#D#*CK7>H<@TFOSivt@OnbLR}JdNn>KKT7Yk%Ah6R7~bc-
zqUCZn6VO~5e$1h9Eqw4ihh(G<!S8msWo(mgAP+tswpU=^4<_Pv%Y3fT3+{k+jlDOX
zZ4_()-AwcqUV#R3F`vs4G&{4E|Ka}lP2(R4rR3qt`6%!P{3hjFvRbZ-svJ#omj4He
zye@B9tNEngf=2zy$z%8ydeC2!;{|#pm2P@lbG)dbEDx4nXQPi+@}&Ly{4%X`z?Al_
zjbm*9;*C5-2KND$B!#wbjjTi%u-~8~%ukHZ+tJUq=M^4llq`92yg(v;YztzIf&Ey2
zvfesofM3%zdX2&FQ^HphS3hjwUD@(v7UQDZ4YG?Qe=@6i!TPoj-^)B`s$y`g73FAq
z+fodzJP^#yvQj}>|4Sgx(2zgYpiOPO3qLOJC}+ujVLP!gX*21ti0x4~{X%qvI1o{^
zNAjZ>_#VG<XW<d;Q>GVrK^Q??2kKJ-Ip&Sqqfg4Fe+=vydoi)s;j#(}DeHizHbfMl
zKYW)UYvqw+BJBoNjyLO1fKa5421u<Rv;4aAhyul9TfRUR8s`~qyE1;g8@1TY`r+nu
z;9D0@7aqNbp6$}ybBlV$k)|~`9(Lar9=mPvRsD)klXuFaI}bZMwLSW>aqBX%w#s&2
z$%J>W0y>GuCc+Gq1fo8955n+JNvuM=pxNG-X4@!|KD5oi2!26MbS`jFe@4t^^kSVb
zQghz&1JUGXMJMyWN?g=3Wd~cPBCt(mcAyVZ2DA&Xx=<Elp$f_R>~hR{>Xz}kIKuvk
zw2>C>@@c<IX=pR_iTeO~%hjlXKe_gQM$Z4VlI2EOh?O1M6VhkrW34NPhK)T4@2Wgw
z45PpGLJ$e8P2qe*CX6vs!pFP^;fcxEba#WkrQL0<0NXMas^$4cRwuggpiMsc<ZY1T
zB{hoHs4IQb#8jG)0Td)L)9)xef4$v(+>A0IJ4=5%-pKx6TTUdCewsFRT9}+5Si?MM
z6kGL9hW?i|y<uo7F;cHjvkf>q;Mg0pUfyU9!>GeU*4uqXGCuRQ`&0}jCYI~tsE1d6
z{?n?<#qc#9sn?1VMV7s-0DCjnKb$~Fd@=>Ci_Vto%Mhnc&YpQ+hyUO@+`y{shzHho
z=cHwtjHDpGr8<mR-4p=E2xG(vDze4j{1U-izPkP~;kd|b2O<EuFqN!a_!?QaO)#<X
zeGy^?xQ-XLMHR%>&suItG-(Jw?Iut1^)o|s%+PU4+ST?iex5F018UwCz9!z-?mvUx
zz4n1hfVai5<^mXd$I&uDQgL5a!*(@gznM<m#7Okkn~wt@;?&8X**jH51?_VhvznZF
z!#g#2)C%ap+!-c5xe}yCK>$bWKW80Z)KXHD={0D7rX+wg`zJ5G0!vp8__dsf07|`O
zXO#||&)=o+v37y&!=I$;Y}{<-dP)IfTAQET0~K7!f>kw(*RdVJX%1tq@^#USOQ+8i
z1<A5@5K;$9;|Vqgo6O)d9YYf?t&ox_(J0Y1EZqSG*|>AQ{oqVPykz%9`FXNI-u&M!
z%{O5Sgtg6dtOzpWuyE_G+?rp%G^DR8K2cMc>y!NHi9~h@m5W~36di^68%#r-7gYrm
zNESxA7B`8E7l0kMiG_NfWX<uR?u38w{ZG@ur;<&BBK!!dq;V5?E+2>yahX9cYE+p=
z&K2e;{#i}1?SvB*v&7_^V}MJmb&dodDka%xn7Zl^J0AY$>!=d)qZ-CL$(BfhsdZBV
zpBR4&_IoZ(bT8GlAE#qoDYG)5_V|x*#iZ|+scDZYq9?h(boPW!S>^CyDzNz2R^%n~
zrdxQY%$?=Hr{26O@xzXt(zPVy2~d%@@|(c@WeR`WX)~Swl!;9MzbYcLa&++@F)ecP
zi2MpD4;w$F-t0C4i2f6<<TR;&HVJ(lr=X!PEQ%o+Q6qqUizntArea!;Qd$$|x_9E2
zgY*G1uT@R2MQ29%bKbW_1wZeLF)15$R57P5B<=W5=X`pHPax{*wLVUuMuNnJ?qe#q
z-(nYsnftlam{a*L7}HL;aud|<E>(nj1s$W$HEdMqWP=_`$(y9KXEQ*qB^9iVh@?@)
zuYztFf2-H6oNqo4THY3AepWU@tBM!BMOEBEgwP5HOxDLN?T#S0G4&3yBG|@F(7(sW
zb1YJ)?H%$35h9yNcB-wQFE){dEk*r-y-l|=1yqW&yRX&jvfJ`(ItvD^Tdy$H!B1!N
z;;hURlz~RnCcEu2e*x|TWM=%8dm;5zx5SJ$9281ijZNgj(TfQY_22PGzHcD%38}*s
zXNDh|`TR0!P;G)3bGFEq_9|c)veJ)K2kp(`WfDK|5?K01aa;g35y%*A)I}@S;XoOy
z!Bqa5=s`iI6CM2Eu?|k(Q1MF`IpNE*WEtH8-`^~(B0Kv>JwNSCv=nKh^YJS|FQVl9
zemT(<KQsXUn*gkJ<5_Ibhc`LJdHyUXqclLxN$hg-*XBE9uH=mFa{-jCcQ}McOmMD*
zVVTrR1(S_kg%@Oha>3<j;~L>|`oPLwiFDN=GA={-;{^RT;(f$j!GZMrKAUA=3$?Gk
z8dnC4cdC2sP!)5jPmM=%4<6u@Wi>~wLm7ruEsFX8)|IS}^=3E|**`YP7x2rsQ9$4}
z{P-e^K^=4C5RRWs-n}1*Tnm^-UA65zgB<yVf}DiuoQT>xVaWJ-U#TpsYBZQ8uRfmr
zY=dlwiu*a5+}0{E&MtwCiVYs2qGvQp6`$i?!b2FVMcT2OQC8iWKhzx7M>9g8Kl~^b
z@yWz&gC7nBp{{fF$>TYA9W|*kamw`pJ#HB{$2F$4g=E@}#3mKa1o>@6|FO<RT#_I9
zG-d^tuO5tppIRL!wKuT0+q(O1^Hdjdf`ry1XB98XY6QDtFv$#-$AA^jn%BHnd{h2l
zGyDD$3{J64aH_qb_lWhyBTl6No|)M)j;F-tJENZlp|UIn3A*Qw&_5WgZj%(Y!^TZl
zjba)qZR<e-6UO-FD1&Qj*<F^!u5sH`Ed2K1!KsS=^c&GvnyuZb0nnd*mA61yV^uhu
zHbrA#J{`6N6vtSAm^9x}_<uq#J9yEpIFrsA!e#P*EY~mLwa}V+C0Vv^Qz+c)IpWJE
z)5qN9SMn;MZ_Fr@5GmAXykNfJsKPom;_f@qj2v!TFCwGbQRCp@8<DOLrt$2P*dqhW
zfQfbRr?8<3(zr9wRX7dq0)CHmpP1bMI+i2ud|CNfo~!`IH6FOll1yoU3YsfcF3t*n
zBLC6{BG7tZJiYq^?5}K|Pf0etI`shV*}C?>WbF1%FL`9U^8Oe-iU4=vz3kbIF@YEG
zcAb*y1^<hyvs=x0#<27vA72yw_UzxFhZYl2X`6QM8@AbF@(V2!QHox?_YPSpA!>bn
zyHgr3`h?m>k4jXXo8QPz;fejY1g_D=UE`hCvB}<e^TM<A&b~0oDV%e0g!C8eC2Pyy
zEpUp@)V_;FgnwXp^KEJSMs21s9|bQ#R25_(6HCkkt)D^=`b(f$E56O(U_sGmHROOX
zUiNO(Br8#o#cP}xDe68KM7XvxYPY=;)IF^scJ1@~?b0gxd@b(X=+aN6@H2(bTa;Y+
zanNRKGbRY`pPtR8{@YzQI{r;Xu;P*|W8S7D2o^L;o>g`<Jc%(hdV+F!dIABtduTfO
z2;tX~ZTR(Iw827OKFL-^8C5;h%3xe!C&o6gQs%Fe!(wy~W!)A{dbG6d=)wWiaEI$w
zcO}N{!YeIS`(DArOrA2c&&Sa>(eS%b=OvqijX|9=JxRf}E{D0r<%LgnHGtA)Qkn;g
zV!q={Xoa|5v2(t9o97lICs`|)V<E+hUF2kU@)20Xo}D&=Vfbaj)IHST@-UzS6fyky
z2Ku7Sxtkt&!EZbyF9QAQVXWF(FXR3BjIR?I<CeDYZ`+P-iB5jXCU{IF9fk|^9+Mxo
zFMh5EAv9tFb<k65Npt#hMjxbGdKJ`Is{kJ~VW7ipM*gF@!a`FHDbOAC%(Ahk#$Jpe
zaVn-4t1MpB!mrb$s?nF-x+@pE@s^Lxr$z|t;qPAl6clb%cq^u{FMlF^zr^0_s82k4
znvlrx&(Da0S=7+}nK}<gVbOAU;B;(ETBWI<W^Wmnquyu#X2LVvw9Tm}ye67^LO5jq
zk?<&#YdMDeJG&Z@*RM+6;nqCXCjL~D0w5fA?chyrWq)`B36888j1^a;#KR>ISgn9k
zK4uKUKK__+1w2I_1BX3}Xr5-;dK8wmXrw7#0XC^1vAq&lF1ouX3f3pxO93SS#V;72
zyIG&hioNHaj#}C7S<|fy{(zjGNZfl#`SlUh+!?>?gU4=QzkbUzQHA7h!H&0~oNV@a
zU+O0uG#NNzO;qMxa&JfjsX2zRJq^uO_0KWr;t6ZPdc+j@L}!_ABu$EBbg6EhTV~jh
zDVK{s^0#XDB@jUeq%kdy37tD~<+b5&->Jn^+`)ZWtkTQOOR33Bt7x&PNw@mS*)!(!
zj+iLb%q|3Okoj+0EQByHsX)Nvbbq^HwQHNsS%K)=2VS79&puf(BYW>JS=FlZGWf~|
z?Hf=havCH4P<&|Ep-@znA^Xh<+7?Q9f>Y#n{4KKYWpmnhS9r>zqM!8vfc#Q<+jMg+
zOP2l4<N~^UbTJf1uxYPDYwysR8<WdaxByvW5>SHWAxFV3^9ynKY($}U=P|GWqbm@_
z`ge?_VOLh7)RNP#w}B`mwVrGpjG`!(P;1M6Q_us_#hVSJ;jSoUM*I<5iql-4Ufpfb
zD^3DI@A(OeVzXUCu5gg!Y?ToE;((3{FdNvov!bb-Z*rcRJWw+Q-MzSxg5NU^yotiD
zd9qR;$uSa=RRK^l5PKIpt);E!K4`&WUU*8%fKgU;?1gJ2$Bp}nf|39)keW?0QNP1k
zkZYvmgfT1y_!C3@?CSE}<;JEwMdHR{P_m=O+?UYPH1^FHf>_N;`?o_Pt-e;ITX^OV
z<|xOwA7tUS-o|*?TE0PP>%X)sj~u<@FgVnLy>xNP=5NH<hFgqPy2k-i>=K}%^T?OO
zR0m&92yE-*rW$lz@pml!X=%zTuub|P&CNh(Pep;nM!gw5#HJxuN8Hj9cMh1Kz{I+O
zz8r`Q`a}y}X&>D9PNJhtUqCn<N;SZgaF06x<Lpput&QZRM77kP3W2+Z&wv=2x`c7S
znM12i?hQL4ef2f8*`x7hPlJ38$1|R^K5_6fAK$<9N|GPh`#!k+qyR*Oe;h3X_F(tW
zF%7*oh4bR#$isIfGh$Mgt2X{d!T{9yF%zSd15(@k;xv@3qHt`09=%~MJ*vCh#TUCT
z=46h<?+!h)i@1Fy5tUc69Ut2PBSWtq96|R)y#*;YJw}|u&zn((oZFLgJ54;_H9SdF
zYU3os)sn4>hVZko@jyFQ@dVR#S=~UUL{zrHH_P7QA3+meBaOfrlRnU|!XuIFkG$sg
zUT4sAO?MM(-lDu)K_VDXG9tE9_Zt_zZrr>&^Xh;|wW-cL5ue@v%5B|$EQC|cpM_OZ
zOX&|zoGGaB)5{rK*5Uffz^Gk}*?{(gjzVH&KoxRM#T1OKFJmV{Ovs_IMnO+EvWIg<
zdo6|q{$eLTEbGoyRC*a8qAx%+NLtaq&Y>{<3Xr#f++yeu6H<yVDUFA{7!#dWtyGz+
zai&XC-@BBq0cAmd;NID44`%U+;TE(c*Kgf^`9ugU02PtB31fV;X|JRNLE-?MO^V5?
z3qOfv2gE$g+`txiw@qP;jSj~1_{VKA!dC<1jK$hZ!VMO`Kps)i*EWF4zwm1M%}lum
z>A>F(kJ4!uC`BJ~zJ5uWX;8J>o6M*rD!%#dYNWt4dRcs>l}ZwJCBEeAe{u_B?7i>{
zJst_JN=&H^%769kJHg(oRa#Z${v96@U~yRiR09Q;%rp>B(vrT-kkhjaP9SW{4#i!t
zCyFf*_L=9y#@vRW>tp!t?kms|LeNRPcjIp5g3k>xL4m+jADwXefd01?Ozd3L7Q;Oe
z#a=xPlCaV6Ccy}}8ve^{naq3ie2JFz`{%L7Qh*%~uy_Zf)A+4P7#F6NM*!b&-Q`(%
z(d){a{Z5}8+R`tNH4@g6n3k*P3+&;7-iMUd-%0iqC&Xu2vi9}oJ<@vV@ymqUo#g~z
z^m@TTQ&v^!I`IRnu#>S+y1OS!+5j%_7o0s5mkzdZiwg}4r4r_YPQVRq{@7ZSg2o;E
z7fT+fOaEnG72jm|7G)oAua~cpN#R$d1oZFjf7IeAjlWa1bYB1&FzTM;FY?qlx}711
zG*cVr2Zms7S`G)72ELkjq(x9_bz6dd{|Ah@1Tj9FK>C(s;Jnv9SUULqMC7B)fuXsT
z^N&QJYnUl`Vs->Y;mx$=YtvK6-#nklT3$r3Ev-_tR=w<WHxj?SP{y7soDaw^9u>%k
za<7(?t!^`!<ySdgrP|;>qTJFndE+Rt6;kC34;(zVIBnFDmk6|R6p!${b7F?oTuqz-
zH|=Ad+Do_40wb4*;$JXo1a38*6vP)*5YC@`%2bD+-8!M4C1~W|0#&U-1Y2F=fzGnu
zq~qLUr(BOxe=Ygs=u$LJWRi5($XrjnM*m~^yI&1-5A}smo6b+1e{?|X#MhC%0^}dx
zS13M9KCUCPCQ_``k*bQzjy%UZE9LDL?z^|T9v|1a<q+v*$OzsYg_}t_-xd3yeMo=n
z$8X>@;AL(7KMJV@CF}q8hAYg9c;IDV-cb2{f9dP;zeud-(S{>DJZ-=bwE<VJ$LiV%
zdzYf=ASRdjkw0yS$-#N#laFFvNQd9xiH+fi|A5k)oDgW?zAG7>i=oPJ6iSBfzFX=_
zR`*?TXC#K}l4q5qi0uV?oq-3E@)+SsGbzJ|FD(WBx;50J_NMvRgXj9zhql~~n6{=Q
zyNv2+-;tHH8185c&onvKsj!|K&<g#lhd-7zpcIbrKU>E+T!QhZ4-YbS3{tIzIyvhm
z<DH~S;@}{!6oQrMW63^yvkVIcP6ToHdH}+aY;?E)uIL7G{euNkY&pfyL3wp!Zm?tM
zxW6+cME>k-<P8dbRG<8!EzYvmjb!=zoA5}^L#<1{p<a&3QN+f}{a#rFQxn9)jcm>G
zmClYPF1thx*=G^Gho;DmI5YMj)G>yJuHM2=|D{~ZW#8Yp7XOl-nrg|_SATzc`V;Nu
zhJVD3Zx`+HFt!=pfv5XM89>G&yA}<DZ=}(6>m3QE5t0pg(oKp=w6$AHTsd*Mt1T)A
zAygqpRO?Hczg(U@(%XheDuf!!$!g7EvE@oUOlH2^Psp?LDmY$k9|up0s^7}!(;rl8
zd{NQ@8CP-Ob*UQMli^zh*Xxff>;jy)lkJ`!pryeKSzaWW-mHNG-Sz`ZT*~lg_(#+7
zDpdhZb0mBh`#AMYA1nyU9;cP|F)>X_9HYz_`+y75h+J3Lry~%kk6j#3I{7JH>Ck81
z*O{R$%xLwh?OWWaAY7dbg`fFRA^ape_ZIkaphb;tOO8rHdoRV7BWxj7b9?I!furI*
zm!2z>;EN6xV#S*~I}hC7`rbIfi4;jb_+{IE#L2+Vb{o06lL`<?+g|rM4raJ1R6cA=
zT(OEw1H#w(=|*3@8xUiLtkr8MLDINi=K&ZKh$Z$%FZD%Ci?K#?7@~ebuXpu5VY+Va
z_fqJlnA@(FO{}zl#qP$(guhFhrtRmc8dt()ZH5#Lbd=<Y8*eYjuDu^Zr6(yK`)~r}
z?tH(lS^dS)Vv2<t=$+iYG>y2H>Ae@Ty3P8V;MHp5$%GJaM_ikzVp!mXppYOG?}g3z
z`j>~j<Fxa~mc4~vtR%oa;y-qiq;<xiK>1uIi392U<vDdnq|n07Co^IhV<>=N+Gk^`
zgNH@wWL~sgo-N^Uv&BmLL6J82CIaHy?vydRNG-Zk9|00tqIk`sQQHI!b)KQoA`&F}
zy<9mk0+t9mo1|Aifar|(>3}%B$BI(|{n4jt@e0!o%P!JF|9|6RPf_oRKmI+1N-Ifa
ze!Yc=O-$fu+>O@xqt-lfY5@Cjpnc)lLp7$tox``49JEdm-hDTjJf+bfun@=^pov0K
za;8ryK2By96R3>YpQ9O5roTq`br3da%%bN;HOu7=cMnHKzLFI7zH2Q;oNcl7$ZG+_
zev&_+18>eMfwd<rm3jSQVN}>bE7#$$^)c^LRv~=UEywq+-&g&^)fIYYaK}oe-Rk?c
z`>6;JpB=WOSyXGz>#1?9)t{dsJj)EB=P{3OcR+xt5xa!`V;c%htm_274;gsK_6oo5
z`#m%Dvu%4GR)X@55<cC@16IQG_j(|9bwuTi$Pp@vD7NGI9>08S^zqB$64vHxBu=+B
zE)kL12wQ;R+Z1I>IPYu0Cu43Ghjiv`b|O~@I%JPnAwfHfV9!VY(Z8(ty-Ni>QW+|0
zx@LINiBt!A5T-|u=3HOVz-33+dDjBDy6EpN_roS`^?J@39E?89ihNu6@aQ(%2$!cd
zal)OHX@W0EQJ+zbk6<2bd&qxJEd!2ukwYRaB?ma@U*H8DZQwZ)CwtXjRB`FUZ{#$9
z)_H$3PB8FT!yz_%ChudT4>oG2bZ|Pf;0-61wu+Rhq|GXc+K-xd`Md=32!3cBMQ)gm
zo%zaeM9G>#yB$QQ#lJXTa6^NQX^hVkGH8q8&$uvz^7y9v3N20cR>0Q4yCR`K9OHF%
zx5?{MIg79JCj4s^FaR+&D7i&&-MB7d7<rCFbtVWCqIR2L-kRWS>mU8S$>9G@9S|7k
znKXv#4Ms)jN-63UvYr!~GP_f-f1yVX17BtNp$bR)HOACI_lhI~!UGifU5-hg0--jA
zxj+u!(~r)+AS*PZS%Bz!r{r_f(b81NM?ycO%t}R$URYH>u3-RGK7N2VEsbT5MUg9O
zrK!Z>(p>Zl6~qm50SWy4G4CVQnHn3L^ue{`g#z1RwOhVU#Qlu$QxoX9AyP&Yy<DFW
zvYKQDx=M=qe83aJe8*W@%`NKDb<tlh3KgzXxc?GbKI~6*IH3q9?i<_SasDs!t)FG|
zmWiYbY+aZAWXz4#-vc2X_c+%+Xd^GbXa9I|6wWYQxoFJJa=9o1NnSg~I~iyC9fxt|
zw=cGRL(tAy+LC+S2GQv5p&CJouB#Eqt_zia<iVjZS+uNzZ;4hlK#iiP(wIY{*KMg_
z4!3o*Bv|(SzNoDu`9n!jkWDY(<qz?~v4L?G$;3jaCXRfkRCkuvkI53q_7)DozgSE)
zC2NreiIHowQ_`6}%z=?2?je-q1jYC*YwJmY|H@O&q2}cKd;!$*{p6$N5mE;9q@z6O
zY|E5C;WBSBY<WbS{a|1pNtEQUma-UlO=mqVt?S4p_`oyx^TMFOZu0s~(TJtRhpW5H
zdP4*`euP{-zN~*#4cK=Y4ap`4K!w&V{weuo<XDy-?<Q;+zm50ejk6uxZFOAy#d8fn
zzuc~c%m6*8SSi}~Tbk+|K2+~8Z<(e=b}vjOVax`s;JTJb*~6#&2mh^~*a~T}eIBrv
z{ejk2FATM0v&~a|${_f$I2z~-=WfiRL?rxFQ<sj_h}jx_Al#+TVp(ALm~_xmURJdR
zXTRq%UEsZ8%I$oZ+pU@!$kBFeO{0q4Y}U-CTP2@(MI!&U9mRt52MW9zsOc(o8x9<I
zSH`Bs$I7n(%ldPg+Qo%bW^;Pf4i$n0XhceSo;GNlHpPAS+FjO>(WhH=(&$0PJWy;)
z$NPK?_wjLuzn@2ZlRtBKyAO63TKEW5gf?m5R_7`%lWu<)t9N*-3(CUF{sIM24SYxQ
z69{*52zRZy3IM!c(LX2V8VPj;wdj~QcD&Ktxu7mr=YDIZ-^PMQnFrdeW-~VL0`w<N
z%Cu<lclZtObA{J!wz-_86d}j(a}A@WIa%dQ%O}=is+vf9HGS^wJX_>bKJqT&XgS3P
zml4p6G%(m`XL>_YB?%icVFxvw4qWN&G$}#^g=P06biccaYAHs;x(h7Xk8QYD!}9)g
zV=wi%ieot<Pj$~vFJsYrQ=q5!v-ln_G&5egZ?IX{JaLE-3$GtIiQ;4Hhz+p-_Is$3
z2k(cgpHqd<NxcUEc5eg|_AQgDfY<|Zww<RlgjsMwT*>(!y#Db%KE!Y{{vFMFBd(|3
zOYZ&oZl);)F%CTr{e5M|u{3YXtwe)-lZ!|2;<??N+g1U<td+L$u`h)NPg?4tTyGgO
z!sml0Z-VJwW4nqQhQ-k47Hr}TU==)G0CzFNhIOMP)84&}#@UFwg06+{E>BP2`iEY5
zvo1GIf}YW;2{{Mf<JW7B<)y$P*BOXvCMz41V)6RhO637BYJA%B24CrQfZzTaL3@Rt
za;UeavjJ)gYOGsMzGa_7^0LZ|4K}>l<oU>6a?wIEyj6IejrM)aMJw%FcL&}KDR#5p
z8#AS~3;4YyDuSbX;YQ@6j*@yoPG|ya8hfpjJU<a{zp(*rs};SEj)z6vR(o;-Obv;&
zn>|1Gv|{e=I^AV8y9e)VEdr`qAsa%&6O{YokrD1FR8d;TId?iiR+Uc)BK?n|GY@3?
z|KoV2^6j!piX5vXU8p2swo0W^R#9@UawV}!Z0stM5DOva97*L0$-R-Am?O7s?qS$$
z>^^?`{rmaz^Lc;X@AvEVdOjb|;xm$gKxL8GR_w~rGFZ>U$EKB`k<`xn%#Ti=Ap?G;
ziw-$AeN)ZgrQ+*w-z)jM>g;}6FSeLkcG!821)J~BMbc&?Y=?rKug!54PHuplPf01q
z4_`|4r_K<<#w}CtUOhW7S9(vh`s<G7z=C#sIlFef#ERytLl|z5JK|=nlzp|aAnhuQ
zA~w{AB?$AC1f6BEaw9HepL&*r>ysL%zG8^{u@*ALF^gxi6fvDatCIRjj;=oSTMPTF
z^?3v6ORYNW%UHC_Qv*}TIu{Q!tk<@s#?^-ZSQh%#T=&!e7Yn@}9UUesw29V__ahEi
z0-wmC8u*cV>}N83<)2V<Zi3%iKFt5AkguF>M|YP#jZI@2a)KA-F=J`0gPiVXV03O8
zKgxNA4xMSZ8p0&y@OxGT9*(l;IS=lt5`SWPDT-XWbO~;-o3cm|Sl403jE#vq@_2=O
zh;pFE_Nz?i$<g5TJeuy(CF;J&uC|!$uhne?*?gpEv}>k?vdF1e{Xl_2iq&PAHLD*w
zZGvi2P>Ne}$Wah;)KBeAzi=F@6a{=*F4M>ySR5u1XQ?cje?N=L^n=+~_45g(Z!F`&
z&SHlu62)lm0^lal3V4+cFO)271f6+E_1MlD0tsEripE4HH2V=eh4z7p2a1XZ%F)l#
z6^62V93a~(rTdYrb1NZ&QHaLtu1(I8fURh<tw1o#G%|Uw<ygoG@?vP%I+q32nOC?g
zwkd$*CVpU9-@(cAvw9C?9Mka$`*>)nXkQM%71}4)&wx^?Ve-m&7EWFV393@xcUYL_
zkJKGpW)AW-aoB{(+mSYVUjqZ>W;^Wc7u*9UZPU>)N(62vUa^{IE_%%*9~Zg%Ic2}L
zyh|^sSX5!Wb+Hi-sURnxh>M5W(_t&sE3(Uw!Cji^j-+<NBK^cl?n>L%@za0`-T%-s
z!W`W{D`j5r0e6uMk+URZ*p+>fhiY=kG5;Uw<F+C$DfaSE38@=UPC;z-4Pnk`RdsHQ
zKwQQgySN^6ED8S~<mgbDr3$`IM!s@75}%-1@AB_o<%9Hdk#v$Nyd-11F)mmtlTl29
zX`j2-)MX}zz`Vf#x=Ai*YnpBa^Sm1*f|PgzWBJuCG8l-pk>V)|4ocX6k0!!06O}ZY
zl#bZF^~EBCUFYOT!;aZ<JMa<HXIAtm(de=fe!Y~b*eJgOw&a);%E1@P&x^R{*`rsI
z`>4*6mGdNZZ45(!C^?UgbvOYGn<z<tUG#b1Q!J`Xc___XnAK7z7b+;d#1AbPv_TK$
zN+_WIy10LRG=D}VQ|DHWAL$6`ANy^Jz3$^et}Cy=CH*oSh!APKOuwPV1D7$0BCvnB
z4NC<Z+*3d~Ca#nC;@GP;ESVD`no&X;hTiaMEjrlU-Zv>5dTo-R2vzoUkEK84RcaBA
z5Ki5U$>=ot@p7|Zgg(Mc@RV17Ilz2<R)ZQBNY0@<$-QBSm4GhQ=Q4ksoDz`u_xWD4
z-6x_vxd^uXQf`|HkJ$F7v{9t9>U^JRg;wI<DuDC8Z%c3RmFiTpj9K+{60gAW#C7vp
zjJLSLHOK{G2|>4Tc(DuM_3JwGwk4aIvvvoqgmu&GH#)iOvTlqMe_+a_<-|MO70I^%
z+!z1tLQooNSuTzvujiCSJFg?XHOu{0cZK~HR*8M+I$lhhN9$RqzS;!_3^GT|&YZ4m
zp!Em?Xa#jTY&}wh@92s`qH{3q-3@}HWbQP7q9eZkcTEoSj7VVr;>MLZhzip7Mgd&#
zW+`!4cg-fUR10>0j84d_`ITmsS8qQ}c8bUOqSvS@d?4zPP}X;X1vMR%0kKzBA(iB)
zDUTBCC+iD1#v&5xiqP<Eoy^PJn)w5{5beiJ8b6LrY*}JT_EZomLz`vVg$@+USB8*B
z_4mX{n(crgjSq;z3CkVIGT=JuS~43o$g39AN(aYrR7i=GWi^=L7&yHNnZ;;Lga%Pp
zS^Eb20i}4+0hjT<!YRNhdi`XYV6Y(i0KQP?%|)qts+D`2T>#?*G1LFh{XRs!X<j{k
zY*IKn4=<64dQ}}?hm9SU-EOQ^T-9OKiMDNnM*xEX)x2%opG289CULC|SWH_w0#16p
zZkpJ{+k5-6tK{#}Yen<hpvUYp$`zi!Sxafj8s+{(YSgkMyU4e+>wBS+=3Yv3*O6Wx
zu~<@SJ!Hg7>wAT0^_)!r`bq;j&19o6%}t=6E+mnX;BBJZ2{U9ir%0G{^=GXj1kOU`
zlQb$zUy#aJ7X5UVg|v{hrZM{1(wg?6>P15mTk9);K<%%58@N`jo8h^DVvXJ?x2DVC
zGS&(IW>xYxYV9J3-sSr#B42%8#S13FANS;yRYF=#2VK{kiEZsRfj)%dv2xQzVr~LM
zZs7P^+u}R{7K!cm27=kd-Qu5??Ch7r;swzhr=VoY{9#5cpblqg=GGq6{Yi29Ua}Q=
zNHVz}P?@VSE!<KI%t|bLpB|Oj;57b**)CbR&68%0c3Uc9Yb@t-oY{7_^drnKS<@>d
z>NE8`U_9g@8@x?!7q@--6Z^ZRF|+nCY=C6PJI#;(MaFjf?BG+O@+XAA#nW5{N-mDu
z4rL_{JRyV$oN3Cd78jho7UE=c0^H!S0q`3o$1-3w?gcY^(K_t5u~uL+v-wqQ4M8Wf
zoB4fJHY`~dO~s`@g(MYKaTNE0n~Ey_{|@_(j311X<JVBHbJ6c`(ngFfFVb_8eqb4p
ztjS#aP%$1p+dEVvv8l^GbIhXbJ)mPnqx!yc%+$kb+1iHMk*2iBUU_%X-=rQ>7e{&v
zE;ij)+Hplrk>n3#%5n{Qtm52u9eMdM8@3xE(-SN-V!zg0ruJQjKajaa*d^?{N4V~)
znj<@bH7-7G38&$aJJR~RAqmE#qWx7(iQwXz7cs^|Elwe+5}b5%;Ftl*9Dt>60oDBE
z+9ZV-tN?_1G2%lg!m|2!af1%*oaf@<=j0%sdGOzh-)#wcy44=MC+XsC_{hj@N2%pi
z7S})%qN^wF{zSZuYk}s_YQI&$cPoOlZ~C)-?i_|y=L#A~{1=>QtB&Q%>mi!*nRiEl
z!N^li;%mz$KiX+%(uEaQq{33)!c=|UCV+kx%_wjlK=h0?BfYTOP{4dt7}{B1k$!=u
z;^)AAyuu9IQV&1^s?e8uS~&QVBYWoJ4#x~^$yvs!BTFyKr=8lUr&wm_<&j(jegGB)
zp&cn6@3~Gv>2r3t^ehoTsSg;6hD^#bMdN0c1WE9ckFMOW|6p$Y&_aX$@V|t;7y87Q
zb*qt??wpk(NGgi^186FHiQak#6Z=BnJ|~QGA?#6Gh9Tyi2TpeVtK{vyJ48xDSYYfn
z$e9OXxZlC#!=8{^SBxVqEOqJC30|5E<&-2Rnu^K^L5b*H(%mN#mbbjQNG^^x*u<WU
zr}b-yfp_N++VD!uXR|th9J}c_HJbYydm+8j>PCGw(z9iOr2a<acY}BnpbO1elO*2j
z`HZjmcU?#PQ+v{}G{nNji%{%y1sItkT@N{nHzU<Pe9E=IOB2aD<K995RT$q=8*fM^
z^O_9q3Tf(lFP%vHhj&nuIO*>YsU5{pC%^Z5W%!v(3TrI|{-@BNKbtD8!bApQh^%q6
zXNiMf4*}UGA1qj_&Ap{UAN0>4!q+C_yw+;#J1BvcUcFuf=@DPq_0m^=cpAOoV~VmT
zrd(M664_oDJx*nh;5+9XIE4c%E6YDRM^Apz!d86szez6Npyh1CcIQa2P$<|Z%aL&F
z^Lmpk_!xgdbKFHZ@BzSChj*vmvFF+xR(LshUl12HUf%ie)kpB~CiG#}M@3%@3p$=T
z|EcAa=&q4A`U)YuQ(0>}D555AhLGqnjm~Ssos#@MtjxY^BM#WiFRHWnS|#|nF{y_z
z#yblsc<jN)CGvd^eAul73VJWRd$Z8cEykH~s;hI`y^ak8LL&C3lmmaQ7`3Z$_UKj5
zi@2*ll)O3I6QmX}^ob_EM*!pFuv1+SC(;WYJ`pYtf{F7~0X@b~4=$t&N*?pVZulkB
z95s;LyC+7?vwzpQMr@IpuBv@hF-62e3^yS2+}dS)$ld1Zb%04}j7oK&Blc^Pc5O+q
zOwTuc0ex-&XD3bR$2|3**X+FxKRK;%-(ygCTHVdFfVv8*?m7V?iS(i0HH3wDgK7bJ
z!Q=tmeE3*3sZvJ~+j?TyzBGkwulq9pWO8Q|lzx#Qj}_J<42;FySQ8rhVsIw>)5?bj
z2XOv<A<pV21Z4=@(J!4D=U=68;Y=mnuB79Iq@cepGc%w%Nb43zQLH!_qqZLO#9$4q
z`b2>>lq+An<+~nWKc0wZXW_?cg3_Gk=(iXC3?y#C_KN<Lqvyw*viyc}Bc>LyLWS|u
zMl)|xfG_7Ti_U<hvBhhlW8Xj9jd$7m#HyPUI?C{huftecj8Vi!_JyzpHvJY^90X&w
z3$iKViEFHe4MKR_bQ9Ad2lSdETZq{wc|Nvgr90Cv%?4O;M$x%y<ERzas4h?TAxrJ1
zux2~lv<1AJD@V+&#rzShlq*n+ijoLS$-gBOA%-S~&Ohq#cGm!&l+q;zQ=BEilG7K0
zkMFeJz=}bC<q&2Fy=jOZKA@y2+&4Z(N&x@j+57IRV=gRE2RkI|NsK;$1A#tR7s9Jx
zs)84C&o`-e1J{)KZzOdj1$-b>NKz9P)Q9mQD=OiR68Gh>RM)F%Q%>U@;6@_ekDi-z
z^uM%3q1-nuiZy(rNO-j-+dPgH<4SWAxBY=L<W28UvsnMF_8QYfU~%P6;qmy@(zXub
zrSFpq-svb`%+i;FzRzNXjqUcTrW%P@@Mg^JeHY0fzj^yF{{?~Tz~>Yp?*s|~#JD#i
zn>n=KI?~;ZW@Yz;1MHzD3l^|&4&@{5Pdq4B`SI4b$h!ekvw6Uu)~d{8HQ=oH=sl-e
z*Bcjr*iw83?!K35wIz<H-Sr|C1<AQ|hv@x#lBa+EP+a5<DA;P53K((PV{TuQR!TV3
zl;QW&cp1(a6{$2V19uY~fg|r9r;1JwLc~3+ls1Fo%~HcXE$~1+Vd^H*<rm`7<0abM
zt}eL)xY*Qy;~H{fCuvccu-M{4Ke0t-8<$=#YE67CO0VPvSbYli_0qBAyyk7x+7Amn
z$nhIUyhQvXKTt;lDMxigDY&1b2FAZ%{ivvFEB)gO>x=H~4wF9MsG9?|nHElvA9F2y
zx_=Y-Yq>Wzn38lTYGqS|SA(v6=6-!SHO|YOUwCLFyvYC;e-TilyQKun{@~sO=|@!1
z?tMGSaNFm;yW}J3BxB=WHPrnCPNy!$*RN9a$->&Q%%8}6Zqj93E$2n}i}CRGZIDAZ
zL>imWCt0mAg*a?Jh~956tY57Yu=z5dSIfH=NjEm}-=L?CjK`?F=i#qS4LeB)wcQhj
z{Wz<OvQH{2y7($)Px&S-=hmgZ3fma8_2=o+nzVl6Zra*a{{RM~`p)$ibHxwcx8Ecy
zVt#NIcAmmzEa&o*46Z1eCEg-r747~1Xy&_{`}Ewtrm6TLT<~!r<>za@vA2q3x$WPw
znEdqKds<v8(b4>ywaTIav(>Q%q#?d7b_pS`hj^r!;U9ae2qq3fDzQ@q$Ga=TKwI-@
zI)&{5-}#xv+@q}Sb+r-&)_7pVR6fKL^1R57Z>9DmK4(7~YZq|PeB;8MDE`qjIV&_m
zUP`CMN`HyK-gy^+MczeZ+Xhndar1{k$TQ5KjYL3fzNwU~XiC#fbuA&cTKLAv;JnWz
zSou1xV4B}j(8An$nb@&RS%-J)`mw@^C;#lIX>k)82JYbNrA_~%0`y!$#2@U0G$C2>
zU!7Fxu7)S)?(!RE<#anLoV;=Z{9F`v0&QJm*uE5*Co$p9<X8`|L2ce!wU!c({HiFr
z(`ox+Eqbn?G!27wR+gF^=!m6I8w!q9&Q(*EjIZ74n9D$4Q(=+5g{E5Xq5Q>bZX_~)
zuZHwzcJ;?nzH4>o)_y%Fbi<2?ZnLIy4cg1%Bm>4n%llPgQdzV(PH$x_XlBin<x{q+
z3#=TLEKwoVMrpqmX|<&<hjvXZ#3~-0?5h53zfZ`D{ynopX`qSNh@hd`ZJ7{p<3-nb
zK(Xn=h9G`hT$9}_L8H(zeL>NV4EnB!3A$!5oLXMQQ1;Y(&e6(V$X0BR<Sc=i#yh&z
zNfns*$k#1L#<5%Zp6Varo^mjhz`<gXqCb%WbI9I>249f+`EpGPcG1uONwcgi+9jmF
z69N!-*6|g@-RNXkaqPN`fBRaS{u2Pc+J)?oB;*oa2@2d?xj@<yeSYwK`~u%~tcqR~
zl?mY;)zhL4s+z}*Vt@w`%Hrns$(?<pWyvgO%#1;jmUr)4J_FOXMnJ<a+pPG7xv|Uj
z3PIF8rkATEZ?2Qv(i*0H@?o2hLx#hMxFQ?aV`kR0Zi=K<s1rz;pOiJXqQX2%a(DH)
zw=8LO{`8mzKCNVzeNn?U9ea^6Pruwb5huZDRNZ?PO-Q=V_*{clBo?I|z28NB<n;z!
zpe!2|M+xh)r5|gC#wx$--EHds&g=JQ{NvQ)D^AF0eAd%#TnIF&uzI6)ykoE|PTs2L
zjG}&jB1TndOE_H3w+XHOm*%#JZ&@vbtmmkKS5~Um^K23n0P4&UxhKI~PL~d>bSmfu
ztY_K`!gYuXsrG9A9n2_rD1>#1A>J-_I>85JME7MFad|n!C%P|dvy4b)b!pk`JxIR#
z{Q3^Ur>7xWPqM)$QgHohNWPLCS+*V&E3is{-RMoIs0i(nfLJ$uVtA)}0p~oCSjRcF
z3-nh@EaMGS^{2y1B;Vhwl})=8M;_s{ZP%;)5pEiBHTZfBubIQL|6V(N6df^Y`Hxt;
zde1Fj9$0O8?u+@W2iij3G;ndfR-ohluX{v+Bsq-QCJ3A~6KcAXMC<9ikur6<T;Ub!
zC~k2Vn)p>As5%{mXPWXKIZhKk1J|lTX4W@CL~jP?{)4G}axO*mT}3n!535L)G-Pu}
zO@3f)R*QpHuCOdR+U1g$E<(T`th=2HWft(4d0F}qoxSF|ICt3e)Az6HKo4LaE{YU%
z4fanl2n!hFJP?%!YAX_tEUO<TmQ<##nKsa!SF307Q48A%klU&3-D27f@O^3gOdrVE
z4Ik`My@H(4AHl`!T%rjlzXrsB!}YZ>Y_5c;pE`Irt*BGoq<@pllPEuiIsmzg5s=iY
zqH+Ya)_EoJDg$-P<>f1Fpw<#s=l=3LO*L&<`>L$jw>vPE-^i{-ylFWc1AHtzd`BMB
z9o-QI4BKUJ_yBwz+U;}ywlS0%=g;|;O|gk<&*nC<K7%5*<###$FncvF<sarGR&kv9
zQTKWIJt60h9)J(~J-)iupn;&<-&#*|wBiRq5SD;0@2pWp|3W!?JA1M|vQC}b2vO7P
zDi3_@gUTveu2>_+k6Sj|eeq&$E@Xs*)uy`QZ}mr>N2D@vvzxSD{7r+1y$s|exbXzI
zMsMU=Viog=oS>Dv7vfY;Y>{oQj=R3QN=;ZUdMCcBkoK=-++dRyv9^d)O)9niWGO#^
z0t=|Dwzn6RYB2D*8Yud)f0kZtRJu^VFOS4~2OzXgI!Y(50ND=k>GJ%?ge{_rP+|5>
z*{4NCjLSDAUu^53q}%Y;9=Zc|u~a%e{FHwM$nxY_5;x2;oi{F<=fQsQv%1zT4(bbZ
zR~D%&vP?!z!!u%4IplrU-#I<i%ep2#mws9N+j%5>XHT@tp);3@!gi*G@70+&dMD&g
zcJq@S_sdM}x0f|9z29B*S7Kl2P2dU4WuU>aVeT-k%#P+=WPV#vr%HwWM0-TODS_z(
zFFX`&caz!(DR&MBu?ua19dDJFO(;um<gBx7fl8&~iZiOITzSi7&+Wm$<)glm*ZwY=
zm(dbeW6yMUh!J$!say{3sh>Mdg`Orln>`RsW^47bt?d-8NTE#swFTv7lwpOxFGqHl
zrXVA*^On+DK3ELVG<)F#VJr!(w8Lf39jAwAN5B69-tzXj3`~TyOeat)wh{>fizCN5
z+&z-{l_|Wr4ylvxg>7bjta(5RRsMh<C;m+1<)}tz?C@fKC_2AKT4{Y*fk05eXOa?n
zOqNcq`oM>)|6{d}r=M@5JmZ$rPOUz-mTOjAnzuKQOgqi+<9%vC|NE=Os1n9!$Va(Q
z$vzJvxa+^kS^9#pbph9g)$tQ;f%ESMeptMSfwcfE;f?JOd4xUuy!76key;~u=J~1Y
z%}3+BUOK$mD7~qjR%B0gJ&PQ>GOt*wt!Vifc!=~^Zxyl{FZXuUSh&$EC$v|>7}tO!
zlF(%B6%;NebtLdcLrnLQQP0HI7rZ0Sfr6{m2C%?S;*WKz#zmuEpPG#30$G*gGZnf|
zrf|SekjsE{HiRG#t>l!0_L@OYnkNfF*jYW<6S8nN(DcB!%H|6=s?KTiG1PYMjCa3*
z8pO#1-Ri=t{kOrj36OrwmzvLgAnrF~!wZW3B^S@tPDE%gVkO>F56HefEnSYN=!U|y
zkJ#Vnj<+jw>#0i^fwTiTDSXze>nfo9Qa*2KRuuTRsP){gz%8bB1*dnJXyzJVHp282
z@JR;(;R?&)vnWOt`;7XS@kO*&lymEf5%*UHcjmwp1099?g8_1ABiPQMtqcV1Ef^PU
zspLm<HofD3nK%>?f%|K)Bjv427U0L4l`LqtAj!OB-+hFz;qc;nyNcnKln*?&JBPh7
zw&{k{lz#+%`Ebm|xCu`x{x=`d?zZ~Wc*b+H>pHDl&E%8XmA^6H%{K`FJ=;B69B&?E
z_BaHA6Sf@=%e@9b26y>b<R04RM-gr7ug|WULluy^8^5<wP6-Hjz9Li&*y|!Hi`kK4
z6vd%U>BE*%u1Z0+L4Ow%P`C!LzOXx!{2ks}{$)`7+u%`OF=@wT@}}`kUmM_X7V$X4
zsfo{DF||C}9E?quk|a5Q4L|l(`f6#PI_Gn(ST;Lvfbqq6kN&O0V-~3f>8CA(r!s5v
z0K7BcpVzs67IvhQ>j(y4kp;&^pI;nV-BN|?SqGXWViDURHL7Ef7*yIh*-b9u9b|=>
zNbe|ZO`LtfOfgOkmH6ljQ_>ertkCy-a;cKy3as>GfsC_2Z6xXWQk2rimCcvZ|1{Y1
zU5)$kXSckSvK<RNS1b~JPmtn?Yxe_Is%eKTYiD3NzrYSOuQU=V6FEFt=0dwD8}_AT
z=FkpWhEhcDTI#j8z9+Oerqw;0&I$n1QJ7Mhqi6a@o9r<(`|I$1GArGp{G$nr^W+6F
zEios(0W3X6>R{J7&pym;_rgIu&D9iI*HRpCE_1i_USrh0`aNP8{4-uB>8p^mCwE?1
z{=q;kQJQ1Mse7c2q$TrcH_m(S{a#|#X3tH43F^0=%qh^SAW%R!GH5s()1o@Tg-VlF
z-mLYi2SApAtOvrELz2)loR~->HgwVXw=<`w0axXJTai8r#xCdUc5IklR+$OKu7i`-
z;k>fNxID7`?{%nMtI^GyQap<f8*ixT;muhP&W5k)R{jb{R1{V*{t|aqpK@6F+7u$#
zn+Z3p;vK0nm_#wJLzA)Ue~?VudBNAerHEaO{5Fx%c+tsbgC^1$9Ch1rn!eET4;-^E
z7rLna)3^u)3=}?|Y|---SFkr}rJqDx<Nt@sgvv&XRRb%>iABkXEkPfu?9E8(l^Z1x
zJ4P|$`k%x}_?MTW6=LltOi>mm(MNUh`@7uTQk{UqeP^Z*LAcR@$MvTWqm|6oRfi+k
zF0EDlQFOCnY-CYB%w`1G4S_FIA1_Has8fiPgyTjl8)|@GXuYYoTL27o+^phKH4xV<
zeya#MS~Q27o>lQX*<vt>DF-ZJC%3L%_b!K`{GUVp63M9iZe}w#q4`Ox&@;cTYjZ6M
zr2+E5b32y(6CA=JgjpNUGz+^)0DMhH>JvD4;sdlouRR6G58RHfrljx@yCY$B=89i<
z`DC9<H-(MhsPqgGJ~NL62w8S?ch2$CfjRS>zIPvAT_XF|bSr_D?+Hu-aNLc&$_@8&
z1hlilqN_4OA80n$XcPS7b=unY(DQyq0TBpQ9~wSH_e(dn7A-^U;OxW=V>nvgEZjmQ
zE???%Y)X6Zeb;~iqsVAlkF<yIYaO)qJ~!x}1y7R`;yqkspCt?ENGX`9IY2U4f#>BW
zS1Sod^rffGkWV!OTf<={d~Ze!&$GlVz@>XVNO+<gHZZw1-9WoL?JIH3mA%KIu5$8S
z#kIg<v-zg-W<aR%PCPUo;=z>|vWAXK(zRQgrgr3$K2PppjK-n0gRsM%U7)o(^VOD9
zVn$SN9z9rSXYe~v>Fo1aNZBq)ptH!E-bxCw+#7d!$OPVhtJT@x^hhS1?E42&^Cd7J
z%uzz}@AV7|AG?ozppXt#*F*$*z^!EvrnamkN!+`u3FEcv=Y2<(@sEze8IN>wIjb5$
zL6y;7ThjiS>Hz}Qfj&BkU8O#u1&x`H9Pl%0)X}ZDpn1p^!iV7qr^9#9ZZCs;P6TkB
z%a@HA(0PlJBc0;AT8lDuNh9xSL>KThuJIh#+#ztw6qz!bLEmM}yaP^<)J{<cz12Gq
zI*6(7yFTDEfzkbgQTQezJci~z5NJH5JeT-5fUY!^{jzc`ud+NF8cePKUao0gb2or<
zkLcYVFzp^Q-OA?ZCh2Atf!1?4dCWR$lyD@|6T^CIED!xDKRc4iKLidPHGarenx&78
zv40uYVdNhEy_RkxThekDs!x)|E7p9s%X*$^J^`n(@zad0;VGQz2cE%mq)&nAXTa&_
zDa#WHBT>%pibg`psZo@ZN5M6U=61oB+&k2Mu^{*F6rqS|1U6VJ6(=-xjG;`4go!Yt
zLK=7zh%a4JV;x=a*-kFA6#lTdjqw;ZA7TLfcRv**amK0ddKF6RN0&lnWZ`bvZ?WT9
zq|?3`lekAb_z+)pcvm%D^*6r8-k=8uLDpj$Elb_hPTaZ1lYkfPT;@GHta2%M@RkMT
zdru*PEclo8i(>PaBtC1({Gy;&(s&VG#qX7LXA;@s1Q|Kt0^=s~F#61@+RJs=xkIF`
z<rsPLi+Hd-dju2Jq1bKbPpK#xzsN1mVE5*<PGL|xF(LzYE5Gyu;JM4gl{+IAEI&PC
z5^vz(DukXM0FhX*-e;grbOJJsquUKi5Tm3G06|X*zno%s3-_7Xd9?N^eUYJ*ZG5A>
zs1&q7Z5XN#&1!(NEMj3Si{(h)`?`ICeT!B~<yfy>$iG@`qRZF=I1Tpu8ru@=;<!AN
zY~N6Ac<GC|I2TjqZ!nUeAs<xtVzLZAz;Q-GD`4_iyds{Ghbcy#F2zY`T;8cE*R9@P
z=5xBU=Pam?im|&o@n>Wkj0wLtjwRZ%OSXX4PIL1T*t!9L<uq5m-s(iL_-`NYAKm16
z=S<l5mcs_ph{Bpw@KsRk0SVbp|6qA^J>9UWd@lt1N&_d_RzMTCsj}W*DX|G4%^pXJ
zpG@3hLE8xzmb2nL&sCeq-Yz(1J<j1Rj^T8tw6&gUaR{ZUmvKsSv*UW!lXT!G*wes~
zEg$f7?0v6uQfRZN*_(6|He=R=#f%SZ%Zaj+g5DyMe9}TxnNdAhLA^oh8OU&yF*EfK
z{Fye6yl}~na25J;S)fs~6X|xQ%~@~2PziMITRNBJ#bwwC)VbE)U*%EJ+`V7BXbaEC
z8Mwj-U#^rtXE;YEApv{PJ!*5;VH-F_y@XA<5OL7P*=^6sU`)|k$cX=5p~3U1=t;UN
z?Sc4QI`F^L2AO>}txTADlOB@|j<7jo^4}s_%iM3Q7G{#ZGT}qvF?hkKuN7;}{(<GE
z`Iu%qeO7IGtph;#<2dq<gK*zPdd0Tsw3=lBU$U)4B!y4MI8e<N52527QteX%t6VNK
z^<rcu8*1)?upKAM!Qv_8^xU^D3cJLBQQzR%3QuZbUUlj<ozkyj?y13Uft>mVZ>X_K
zB?P%yF4m4Hju#*MWu2$o!An_0Iq4f0xy%|*HtLMnqjLFFIA4z!4}iV_e?NabZqe%Q
zeC>uIGnzXeM_hfE7IJelFWRmtG%fdV^(Bp!q{-WyqAsU{>60$+1fz*X8MwRELRlHD
zO`ac&wWofayf<rd2;<G%T8oMYX)#rkNxb2ET<`BEUn+Lco#Mp-$Mvd)&4Vuuwwjs8
zP|pP}B6pa>VB&LoEuWu4ig%SSukK@geBC_wTPy(bx3tW7f`iGPvU(==0A}r6kiQ9%
zRh=cj4aHTjl|yBGns9+z`B!ELbzFk-{gNHY0~65cVojCL`H;P1>OU~WAh&u3+5q#o
z6L@sJ7Q%w<q7NjYDB`OtbiZ@YjFEqwuWbCP3p9k@+~qEXEwrh#IJ>TV0#3<RiEkuA
zN4B^BhbiBWo}=F-CBmrC56}$jQP!fdz2^*8Da|aTr7(`*Dp4Dtx{>BAo~%5q>FlFn
zcs2j@27s%D42S15yNKMUnV#vCO9q<$jDVW*B;B;h|2XQd@DAXAvg^{<O$IH`Kx+>Z
zidq8|af`wHmeqS^&tdNK=4LohP#6XW6FuhHOfq*4e&`7gnF)P)_!Jr58#h3%#BAWE
zNe>R>zS5eS`ptbY7bx76z7~q`z`mQ8ZEUuDzP!0Q^zvAf%f_|S-!^C&4-`P2q4x!*
z(gy_FJ!@ok<&a0?`YSzJD+RSJwsfsm$gFq=S`V(iwqpiI-CVS`59_7WqjyY{&Lb{5
zh;Q<+mzzY5@rqx{p>GCj@Gg2fwNIHpp|0o+(t_H=(_t$_HhUd3rM7|`^wF}z$_ewj
z=Gh)#GAwNYJ{gQ$iC>Fn2e*6~5PR_KLc&gdI`TaVT(f4pqJ&9V8v9Xau_{iCFz(cM
z!!`;5H^@NubbwSq6R@1e4|-0+oD~e%st{Q;yDcGcPVo8s>G0K*rc4W<_Mqc5%)SOK
zIsGzdY)Lm^Eqwa)<Lv3;b;udreBH8X#HW4^sGcwlF6p<Yc%rAR1$OdKBS~(zUcB6B
z=o5g8pm<FV1fD~`BfYrDH8m3toV)&capbbG3$=|u^sd)+VBh45;egGh{dGbvPGG=3
zZ^wQj=q($6GhcH1J}hz8M2L%EZ<l4*Wv4R`+OanPwhyI#2CVmA<}V%cJ=X9rXujER
zm`Bucr)k$&)v_)tGyQZV|1!zjSrzrm<}K9+GaGmL600uk?oYdVpL0a&BS>gBV9C0?
zCus<>4&+9b0Mqshiwg4=;5cH-a(&-4s`vHKFv34^f+8c<mJvSf{Q1TIi|CT8Q%l$z
z$!?hoP`SvTaSxQ#EYg1p>?>t<ZigI4c`~<s2z(>6Bo9F;s7{e8u=tw1+_5N;+t%L#
zZc`iB2|6yjG<Q3MlhtD?)c(`jcLLMD^-m5|AM`j|M1^f*T>z}$*U}s}YE@sR&A6lA
z?Q!rFFH5_Ez#9Q3hs__-_f+3~-=)PC%-R86(bGyjx<*pJ<WKv7S8&@qvS)7zNVH=o
zlJ7D;+{hFAC=bYXOku{DKhX|zFt77P2oaWvJuM|+FQ;&iv(HFA9*>{BJ}$Z60k^%i
z$=tC6UX1RFvK1D-)okZ{(Rt{dw%?S#TlcWLxc=XMAmy&eSJIfCt8{D8=GSNNOP6L+
z+EqrlYW~^-%E+g)$+|y&&3W-MpkKD!)3jD7Up@`e6REz!mth@N93TD^-!uaV4;Nqu
zJ20kw5LZ=TgXq8j?A0R&4Ez-cvrA44v!1d@z5y`UOk20yxkwxgIF*Jqp8mvd>9Q#L
z5+d!8M`ENOvBGQI>I;N<tTudJZ54ga>_TYXC<?qpL<qzMx1;c0=l&*<e2=nKK5G3I
zk2c<(&$AUcW6DfzgIsODp`uAK0&_?kyg2B?<46A{5DCC15{nz5#Zu%TOmp`;4NX59
zBYa1nsq4t`DNp|z^9CdE?2e_#G(YG6ETb2Wxqv&vB<bsetna28?W(c5x(eMZI5;ai
z+0lyCL@-py!KmzaW=Q0bi52^I=aG_|L!s?|ZV}2m--3${W88V^kL3vUA7-2{UHO8B
z`E8F@tZY5nuKeg*u59c5iyma`_rfmjnBCIN{4)nT6v>)9>s#AyY5x(id~aAV5`Qu?
z92+SE@HDGf`I(Iu*}Qz<OG$pd?C&X0b01Zv;}Q9{vG^U_5`_>E#3?G(ZK4nNAzbTo
zJtpVw>;4yzu9~#NJmHdPIRpZI9rh)L5U^db@GkduKiT%VXfC={39_e`2y{y;t(VY5
z%Cg^_MD5|SE;)<Lvctx_L*FEs*iuW2Ijt!ES-+IszX9Y+KvAnsD58;V<`7Bf${Spx
zY`|C>V?8IXbOhYj%^jGBe&;jRF~*wt-^A^N2V-eR66Y3aMYOW>N7X9~z8_^NZLK|z
zM1E?PZIGOp4hGv$g#8JXtJN;TaC_Q_+Bos*NDD!r2(O8d=29Q#G#QPjr}YvN5VeY0
zcW!bXNG_1Z{>HVNL&suMF!GyTF6?h7Vn+`znUq)udUK}NHGnAa(89o{6{rOsX<qEd
ziNzsY>x=U>-H*N>%1-U}c_5F;@L$TNh@_z_EA#QdiaPP|p`YF@)4HD_z+G>s`iBC`
z5t+12&<xq{8J^ZD=$;oCXN?TcU3|MKH~W*(=i{JAB)lBPpo-@>VZEdGWgqj`y>iTE
zmQ+>$*mT$cH~o@%40rp$*<vN1<qiGA$+e$t*O@2W6}bn#TiWzXTG3R9A>CeQp5!D>
z*d)A(*<r3`oA{D$G+q30RJZc>#pxBIJf`R6j;&9za0P*X08VhRzPpic&UI}%=EB+&
zI!=Bqk5SZJ+jbBJ^pfuH78o{%`9b@Z?Ofz7LF+YlX~8K5=>WJGYs1+(<@vRT=MqAT
z-4g>IvjQIMh}>)NhiLf}7ez+xaR<_$N(OYfVOgzrpz}~OdX>{2Oe`$cUBq@cEl$Y5
zt}#{mh%JbZIPZX`XQ!s7D55=)k!^%|+rc$Y?D5T%h^N3MkT8DI0Z;$TZW|ahwRtgJ
zTr}sw`!DD;xFXtJb;{iFUj37x#r4QV#~Rl^pirxaxxqrrEd~6-^1xJ@!FmbPDtHle
z_WJc%lc9eCYL!kV6w*UmfPM`|1uyR+Jk)~P@xcCk#$*^V&RMiJz(DV#zY3rVDU7*1
z^@y_t<hx78b<7STXu3gI`zAe;{6ip+Z`A1*#U6oL1jX8sd+B7xUlK)uqEs1BT9+~u
zGt(=(zpqLS^eF03S%+%P-yDA7XuFjoWE5&OK~8-|CM6hx52o?k#l`C5yDU^Z?bC4W
zy%Bg}z(;K4CLHN3gK)6&w|Iix%U8e1jCS^@;eGXnT6ByXILAO(`eF^21Pmd#h6PAY
zh$rs2J~gXIJQ`WEJ(m~^NVmHm^mm`FU1{aX7o8`U22Ht$fXZ%Jpo<u4!k_r$h@kNG
z#J`&TQ<)B%m(^yuk=RlYQe~++trX{wUJ=5>2R*2D51jl2cLy%jAh&S%>hA$9Sx;Wx
zKhQPuHLXm%G_tjE?Rz6&FVkr=V5gk}7&1S~>c7|)S=(X1<}>}Og4-nIuDYT5qAb#I
zHlg04M*epK!);ZHy-#O(!kP{8uZ>k*Ont`n##~wTIZ;3p?ruB-&4@euq2KVZZLAiH
z=f?nUwL2m;JuVwtxKbU`vepecJ)Yan#txtDkwFJ&U$&xO-U(<Fe+<8uAyet0EsBW8
z^C918@Z=wj@eTgkMLWYgr1#3CECUJ(==bANd4DVnh0l1K$aIivn?M#Qg8%|=M$ceB
z>kou>9iF0fUP-ImN<>r^Cz8MQZCgl*sopRAkvO?}KR?&sXgV)e9d`5EJM*nUzyKBG
zv)hEEj|+cE4%|P>dIR5;2<U<p*a*?qZfxJUvw8<U>PIxXKL!(M@A*e8_2}g^(|J4K
zCs3X%4+{{jDLv&aU4!pxLu5Ag=*P^4F0^9M{TCAMiNDHh;_US;nDhW!*vvR;OviiN
z_^z%;K&erMaf*CqO(68w$>dTt_qnhMqn{n8M_!=HCA+6El9??JB-bO7=ay{17yvRS
znKgQFC9}Uz$qk*6*2R$Jyr8SGHg-LdXFc7E^!Mmzau4b|+HAwHQ@R+?M^Cm5G{Yzc
zg0iY2LD@>*`=SC84PVwaRoiS9&aEvI6ngv!yQwI9^<4ocJ#PKel={Yhi1#HH#;AT-
zyHVudkAckOnog_Zt$+dJ)qfVUj3>Vs*L=X``F>lrUwzKBN8jE@yk$`Re0_^I&RJYH
zIf={5y(Q5XPHWCYE)xAp5j~^Yds^&klqLEBK5<-~*ha=3)_)5(|3c;+@W`5^$xze3
zq(Uw1u9rS*4+j|sNo&7gQyC4OYcY{0de!aiWoXtn-#<%|&d9Y1PPMN%cG8@P2pzR6
z;Gp=BB<H{+QTkl!sj(bR6|Z}=?{Fpb0oh`9<!$BKM9%(kgQhvL@5!lsXX_wsa|7l1
z@YiXzlSEhlFK@)Mj}C=0T!NqhdIDVHM|iozNS1B8Eb1~>pVWO09h-h}*J6fNlK7I-
zi`xGfe?*`xi(W@oZ6l7`Ct=i7!<|@Kzh*kK<TD8yxq(~~{q`Cr(I8ahtVRt}x+q7f
z%fK9Hx4;U!8>mOKg#S$>z+bd4@l-r@#sa4DOMrC%Tu1g#P(Tsja=A5c3|ktf3N#PK
zJ|4$IUZ+n{Oyf=hcZc2gW0FX`g97mZk<pX|Ul#508v!AohCZj&{EF(f`qwa2UA|T)
z@vhC<$1k}$_eNn^AoXo-DS9;(xf}SVXn8WfbQAL0u5#IEJ^nI1`WOYA1yBPf-g}w6
z!PFLh(@7?F^^{tVOW#E7yKzdI*gS21JRCSXDrr9=qy*OJdegg_Qsl8oUlJEV#m30z
zwUUG*Lz}2Zr3jk-xq5w#ILa^dn!@bLtGiB4Dwuw;>*S~Es)@3Oh3sT@HDix`3d#7_
zF=>F|yiW%-{poQqDE<oDTd<&htIg~MsewN%3Kw61DGuV7<N>b>82N?3@UJ2sdDQfQ
zEU&8bEvl84jM3=%fYhUQ0?&beh<?Ah+YTJT)ZOd+B_$U7qA@jUXlo}pFO73HtVnAC
zQLy~P!4He58ikH;m{M3RDDn4rcF^>4&{z$kZ|_{#LWK5B^2w)fY8?+${;W#dI4jVe
z)2esWYtmhD9plaJFMA8eUjvkTq=)LQ;C!E?c_6exM8vx_ai5q4{Wrv^K85^Y{;3}-
zFW&;e+tDvh@Ht6hXh$4iwVqG|?NPx!OazdQ-eg>Vcu~cXfwFj7DKg413W8fgJtf;5
zrxG_0cls4fl()y4b;RX+h15XhBO}wd-M{(%VKX>lr>WnsQ1XdZQi*6!ttxXgf8{Gc
z_jf4R<T9|-j6NExxO}v$W=ooSc?h`U@V=FC#>j+anR2L}taKYF0ijiZ@6P9Tm!_Nz
znTZnlUx;SE(5mO>YnG8>6y{Rg{L?jiAVasZaV^pOI}H^uvN+G|hi|>(pMC&-;2YKG
zaqdwMjJLdJd6r)3VZeSB3|`%Gx>|4$DK=~iZF<3|*A7{hs4RY<joM5tVH)<PU7-)F
z)$DKKUmx%3x5fLs=)<Rln|UxU*Ddg{3xA{@b{daXD75h{c5{Z|7Y3wzFfXmeuH4#V
z$n*Z;&0!s29og^8^tJm%s5u*c&5xrj1F-;W*JB8~opzI6IBk*egF1d{tG8JNy>QXP
zA`d6pURiMj^Calmf5?A(=am`8{*BF$-4LhsxUE_}j&%I`uJtYc4ZyC0SfU3#mU1#W
zfMcS^nWy+MEt-xE7_2xM%Y(pz#S?FR=O!lGSwkWx3^+_WHAZ}@Tc>T92Pf-l>`cHv
zMsMynNCK|;>_JzM3wY;u>zJ^+64TMcfG=j;$KM?BcfOf1G<1U!%D{I%@L1SXfg!zK
z`FQ*CXX1{fH!wRVc|G^4NsFK3E&pFMBa+R3Zqr?>4gjL}BVWN+3fiXJX8}cd0zF*(
z^tMUiMC|Pj#1-^<^YSdai98+HI2`&3_cEBN*Q*R!_zsf$g6zJhvv3efbusEuB<d2u
zD=TEit7z3$+K8|T`pY&fS~~=OdR#*L9GK31oVKf7_jAqQVnK~}P6qLPK~T1gUgiIV
z#(U>mP2s%PzziXTYe^bLn|Na%UCx+jjw;FoZ)d&2EW~@p5}jVY2;H={7zr60Sqn>C
z4NVW7k>xAOiVd)$dlFyp-1FCgS@X2Vfv-K~+8WFU5?ztp2Ow%@(u_z|2a%tkLF_YZ
z?B+4V4e{>}a%Qh9EwWmAGfc{&d-hHzkRc;LYzA>~5u3Q4uRf&%`;D(9yJL!_po5qb
z6)&6~u3PD`H3pAtS(eq;l5lS8Rx7oI4@k>d3KL-mh5A!uJ%ygUdpYHvZ*qZeHQe{m
z9Ha&92Ucb3%YuJ5p5r{^q7^vA=s%fT;%X*kAF&Au{n7ylRCF~+kZ;)MFh<Bz0Sj5;
zQH{mH&ChX)uu0li+}$1Zxc7<9KmD@&<(0dz;ba%RS76uN@-K1Bo?4O!Ohue+e*<J|
z<Fm(zWr6RqT3GN-S^n8QQl`GSE9O@28_QcUxF;{}Z$LgfGR!a=?+-hOP`@k#of`P?
zXs-X_WS-FnNGp=u>Y{|v0%%7owNHg&uRC!H&e+Y`8Egc6(Iq!CiDnvtpnC#~Jnsmt
zLUe0(moM0j`J4~QJ{jCpiciwj|31BPFlZ`e7aw&IGi{Ck2#P+=Xm?F7$}sfTOh8Da
zC+0_o6no<mjI00hD}WT!oEq&ONZ=R`of19m^ssQ!vI9j{`_7E2WN_&x&qbh}yUl44
z*&q8-M_Q09=2b5#KhV_kmx$zZwUi{G1eNAw_YksYpvmB2<77;reyy7z!nmc54EL5e
zCz1M9`Fa_COWv)64y@1qy#VlR<>{-!->uk0saMNm<HT0TFR@Qb@emD8!T!io1GbrO
z=p!4pgr~otRWt3hRCTfZG;}Cs>YAz|M7F>UwKmp5|C}y9Bz8i8u+B%y3$w|{0o=ux
zgOMu=x;x7^&k%UHY(7PVKRmeFKO9wMpy5AQYXIt<9oDHVMK=v9zu$JXYBfCNHDTaM
zf<>5{a=7IHqnfCQ^UUJv9Df2EvHnz(dVG%9QiVJuePoQAq|Gwj-@gM`vXr(VWl#8r
zUFDmyRoxVL4}`Xnv_)$&26%V-dfzo8A^J1u7pgl@0g2qp8v}hs%w86KW+jX==OzZ(
zxT?)*W?|6BxUjkE#j)p{!-5IwGFw>=QElXZPGRE~#rl12Jti9<v}MGn)DM{aOvxF^
zu=g3EKz)96YFu3ni2Npqf(A%{m_gvMxQ&8H>a%_W23(OHjU3!AtM9bvI#-h#3E9Nk
z6TnQ|k$wXtbv6o9vdMj%dp8o84{ZY4^gwF7y)eIJkI+aQ)x;eg<;9X&mt(2MQ3Av@
zS4YyMps(A`@0T?SHhXNUfmy}V&LTdNe2>>H2P@bSCs4AF5>o}~@++>+T<s;<D?V4D
z^C52oHaXhKZI=XYU)#8SRbWhPB&AHKN<blN=#2AC4gBqf^47R7_{Ypmw#w=j<3OkF
zT3E{$-f-1g$w~I{RUGRycJ1UqlAYjro)uK8C-_xcf;X<$#ch))wn2)8OSZIP5^TPv
zUwC^)79I4n+}XTu$!v~wlODTQj_*l-uPP592GVxvDyc1WlX{=cUZ3IaQ2N_UxG8r|
z1o^i;o6Srgn@d1MFTVFI95B(W>C>R#hhAP~_B;^tDH^LoYD<yBiH3fy9TUJ2-u*2P
zX}T2>amwZg0A}652AcW>NNTL446L3s`v-8*AC^XcCnZZ&`{WI&=r|B~1_JWbGGIQ%
z)bYz_i@P#JHE@tEX%mfEm?m`7LchEo$aiNo7;xSz&ePllgl!zR-1aZ>w$S;b6twtl
z1}I=zFjpRuh3{YMPr}pgI$|@{JV*Z`VaoFs9SUQQ(W{5r$^fS5lGh;5+l0R+a)7n2
zFOe6?lsV!?KEA*8W8Jf`U>A`&JLR6R^uJd}f9^!RsK-Ds8;~0$r^14PuvX&bCuuXE
zbz2T~83Zq{pMkw4ncI<4f>)~d&Q~8Y43}vOCK|?jE;28<IDf$mPrl$NxbG{KzR4n`
ziB=V%N9Tn}4fPV#7%|bfKD#Rd_?L<KttuIAE?|5se~Zay3?kkjV1ESX{l6r5o^Rw=
z2=>GM*YNeOW>3=`>#g+SA-BQb$ew9Ay>@TFzMx**F$OeCa>k74ek{l%*oquy)dOI*
zYMH;LmFREFA;+2#|D2I5KQ7ACWtMdu#Z=geeCb`;i4%%!Yy_nbufUTXw0aac<=8Pz
z=2uq+HXVlSB<R~opYMD5Phkvp3H>ApP64n2gQv~&hRbFaU41n7IMSN>#$QyUOiAih
z8%WFR0@OCMi|WYv+5$Oua{fjYbbpl0RY<Q^=~YKTBYd$e*!_%_=qilL?*LmW72=X!
zFdqk!wU`}Hu`7`}%hAg!K6blvHC~EPCm)1MnVI5niW$~l1$*T~3M@JHVAyQ<AX9%m
z{8t1r_g&Y;r)O}DPY2>Ial3>bJm)CfC7k*cJ?0!Zkqz)%B2u5O26(jf@W!P^tiZeF
zfT1p<>6qh{yqKc=T@qJpfPf2Br(F`ZuvO*<{^;_ii&LoIe(%M-6Fu2$u-zRkHd%oh
zu}*4VvW4&c9(Svc133dOEMgecmMB%*&&Y)WGj-Vmj4!T-HZw*3KN3~@>*NO!Ofiid
z+4YsiEexUku4a<cJ*50Dw%wBS+WcBReTTsA{$R0}c>p?eHH6}MldB#0W6!eLey?-m
zJgGIrtr_=gJ&9*Dp^}7)otVhV?I*)F$URE9y6M8ktE>#Hy+VBm)7^k}wCc*HwG>M6
z9ceuLU59R)ag6a%om=h!mHkK95VbGmoiJgLGP>ka>ch2B+#Acncpx?LPsZt#73CvG
ziTt>g-1@0`<0tI&7u#N%y9isT1&(rTb{2-v!S8cy-Itc2dD>j9DjxGipE6nT$5BB2
zH?q$R!FnTlS1B>~c&1{WlKXtV()WZ2d*#(nkWVOKh<3Lfgl>d<R$3<MNKfMyV<+aX
z7<ahRY42p5YrEantf)R8=oG&WJ2K^~gu?n;YlrktVSkIc82E3xcuvO63aQ1}DUTW2
zB=-p;qa$?+y$;rT1{h8SthU*#WTwHOW6`iZ-8?0?^f}GBuv<cBGrJp=%HX8g*`yOo
zhrtd<WR;qnFGD&g&GJ7pbapk%&@)e|b0INd`A?zbDE1slc)o)E+lt=um-hXm-0E0u
zp)7J$Ot0cSbzDr4ovTbaw6B`BBJmafN+^M8<<VtoxOv@zmW7)Gif67BSu4|`r%-v~
zd;zQ|m$zq8<0*^G@~c60m3$Ipf9oqnT}Z4`E}2JZCqbU!`MF}6FL1U4#o~EX24vQ`
z@X-~E$@4jzQ6_`b<F!xME_rgZpr&%Y>GCDs1VA1~=ipM#2V=`~7x_1=RF^!_I^{0<
zJZv-U4#=##>k%*8v*f$9k9rHqTZeUUE+@O~LCR&*mBZDciXRhI?Z`mL1?tPHfalxz
zu)oR`dCU^ix}PCK)hoSWS2A(a7y0#5R7=%1{#<9QK`AT@kQD~MuK$<#0sNL!YsqEo
z<iD}#p0Ju9b?esccr=-YponiOJ|}PHnTM`JqAfdJUv#fDG#=xWNo$Vek{;A##JKY*
z)Nv|?O<uw*C~x}*(+?s{I-xwDjv92!5~f=xC6`{zLblNwnM&^)Aj}NSawK{OG6Sz}
z>>R00E4w6e_uqFN|38Y(#jmCRkK+jOEe#=b8A7h5LaDVO3DI0j*C7efbX{vVNlMWW
zC8;6Zq^6rLYpry@u8VGJTlZC~-P+oH`|bA+?6Jo=+d1#g`}KM~Utf}2g~5%EhPTtL
zMO8}F6V7&5>by_-oA@7^M{vdi#F6BYh3Z9*ZB@MxQ@X@;36nc*u7E8*_&BM6tLtuh
zCbn{BO<!-)GQz$W2jqZ)dznKC?}#_|OBMiQTP(m}breWEHgZMk@b`-{38QV7B^+2A
zq4~JeTyXYkL+Wzy4qBl2cAj_)!F6vM5|#3k_eQA^(EI3Z=T>_c{Th$A<}aC11D$U%
z+FE))wmV3#b`Nc2u-3}|*ts=Q?II0UP32mA-d(-s9MD}kS(o_Zn$$W6)=`x>qdShM
zQ}?JwNe{fYS%s0tf*WJ5Ijeb%p#w&SwrV!rSpR-<@F(lCEWy*E-09J=RU?(v;OsHx
zm2tmfv(%al>BF=zWsppu0z<0?p`6WUmF(&Bt)C;6$P$WIjbB<VaqAxCQJiw3xC@di
zw`28&kNun(Rn!WDEeKJ-ev;xy_UEY1$C=58RO_u{fXA+EDwfTvEWnYKX10!Ogf|cM
z2)Y0ViDwpPpyRoC^Ec4WI;xZJsdiI9`AP4b!f^{00J5}#wSStw=%8*p>wt5>-zm*D
zWfjUO<}U2)^6pxCtpWP2Vq8v>b{P4jHv?#hN0yCIdTJ<x@=->(Kn4AlI+QWRn~}8t
z$u}}<+tc5BF|1x{M<<=BN^%cM-gx$+Qh!mCL6lsQ8QIo!XkmEzd~x*L#!G~eRd~=o
z%D>67R^J65wCj}`x#Vnecg!iyx!;s_u=mEMe~R9zWS);@E2OY|V#Ifn_0a>Tw3@Il
z@W;tc$4FgA7ni;j3z;cFt039A!^C+HeTWmQq)Ks&n{%9PduSHhWc2t(dh2AKN%-U$
zJ&4Fw=@C08{YgKhx*<NECZnH{<cX=oR@0AFukNC+BX9gZI!&7Pa-h&QG6%_g(sAha
z{3iCq8P5q)rP|!*S=xQ90kZ+HS>$G5_lDQKyjx|$T{mzy8?3x63lO5Lh&vIsoA-Yt
zc#Z*<{7dE&hTayAR*Swff-Io5kOtScgbE2c0#}rN&iBj$`Rf*3TxYe-xW}TCnd&9P
zo;KYkT1T`ev<1+b1*{_5TzVi!WmKL(^V~_90$@d*p)K74-YMZ$E3S_^MQvCEqeNmo
za>akdzq;2gMazFpIcPp}M0u&?sOhzU8_K51J&H?{7>b7#dlevMewr0Qn?y7{z~y@f
z^j+fFHyiPyczva*Qu;by0XcBgH{cZYixLZd0#t-ugwK;3BCJJ6W$%`b3v$1Qx+@+(
z=8E~PtStNPi&d}bS;Y5!u4ZaUc=(@L@r3A+a-YcCKE?JG&Pm!a_x|2?<xTk`#o2dz
zkElx%(`LzgN3X=}c8ebxEnms!UUIP(v|vRL8_M>LGfY16E2&*oEchyX%tpAPH}_nP
zsFVJCT@g<SJpUOkuhIdT4khat;q=HM7nlCdW%>m{L1J(?4>h^&(_+A}@Fvt}IG-Lv
z3!ZHee@rSW{>>R?*P5i%1N!yYTNa-i^ngDpIt0P1`7!T|7lThDMJLw(K+dCoZwx;N
z7J+FalxD_ivMyO*#*Zw%VKxx=TAM-zQFCCvK!2JE<VhE1z;+tUKzYg&m!podB0GJz
zTnu8Y{m0+&UUt8Ax85zgCZk^*ssmGPY)~WYB<qGSq^9?>oydxqo)~)`>jLO{`a}CJ
z)Dt1Fhq9~jb<_*cb?*Xr7p8I>U`%!23cpE{ed2(fkEADNl$TuMyl8Um?i5zUUamvC
z0O>)7ggo<LE)5yWA9r@>^T@`)v1FqU%tu%yOI1@=nn@*h1@}Q_Qnt=+V>$lAIvj7<
zu(`hM9{$2{SFdYlx@@1i8D*HH#&#ywXn|eQnfNcF*i^_1a9M*%%20A*`-EX$=%<mX
z@IT_>R+XAN_9HTeh+ripgS(aeYyUA6P_F&1yQ0IytK9t&`(GdWM1#)DH%T5JPz}k)
zZbM(j!#>bu%jMSPG3e5%DGQJ;A!gFGkxGY|inVdKO8Ayx3H_XH6b}!k%QOMKmObX#
zzT~U3_}s^80Yx2@pJGN-s2T|JlVY%phI>hhKM(ncO_iAiM(pW;%Tp8*9P9kHjp_oQ
ztpH_swDkCMSeT4n#rrG{jJ)?dco?5v>`b4MtXH8=OxRV4{1kOKU$l5#%N2jF3H7VT
z&bdcpdG0%J_vriFHM<A_tioT&#gvIdNUu$(KH<N2-~PwYe~0L061r5!kI#5z_p2OX
zBRfZTR&jiUgV)}vQ`e2<$m00Xz(n**oJV!u#j8`dzs+VG`!`oso1t?a;*l<KzuKWo
zzQ9+$T2<<_7xeXGC+4To{ACLaTx^FS@@^NnmMFQ20bah*dSYA<bKN`A1~YCwYUmWl
zBOm9$5)guA77Lh2RWeQ)mLNz^(*uP&uy~NZ3*Jll7Yc+jq<NQo*eRp9g*u|{sqqf*
z<R6(^_rjV5YXwEttuv7C4gYhkCAZIT-TAM=mB-74M-a8T)lXPn9$9}md(qjO-3<ix
z7nU%wof|B^F!-50;+u4PD`l?RUfs~WY!dwOwOK@lD2||h?e0nSi=KIebw2Y@9E1Hj
zt@-;>2gvF#p|;blGP7IUjM@%Y0H?o45?$H|B_a>RGuh%n+~ykg^K4%`q0kFFo%=os
zc{ZLA;bG|Ro^QgxF_n9WQkaIUx<(6@ERIH6t+o|VKbc+>DH2~o77UYOLuMj(6{W_k
z{VvPaRaczl1#hus;4fth#WsP#%PBd*5iJfoqEb0h5P8}Sr+$(IvNkq4f`eq|9$g@Y
zF0Gq$`fW+BKDZLsCvWWe+Vwb9P%L>(K3&?G(>Y%E_+kium68D4uzAw;?tebYDz!i4
z_Ezb_jlgG;KEpZz$=r6trpJ1k2imAej%u<5A1E7t|6=Q}sxfYhA3rv1M^02-X(#_!
zsE+TFfXO{F<rj_^9`9=3HaZ+VZeN@oWw`@^YhkAXi}ple2g<I8?bH+i+V+9u&%>&Y
zKC?QUF*91%`)e^{YhzQl*|;mWB;|Qi@?V4-E;S&f3o;@qjGzcd>1t|~KGU*Rb?F1O
zFyi~OloU#id{?|?s$aj2j~r&p7`CzuLJTf=kk){z)Ab2P8lrC3e(`}zTf~sE`2?XW
z+`_b1_0xky6@O&?L)bRKKi^o4N!BF{O4QD(Lfb^4*EDleM<ZBzl-}t#>^Fg`;M_t!
z9UJ=dH)iS0xYi<-X#uqsS{}z;JT6|$CK}j0YReMVUy`-EsYpY|pl7zUw3#*{T6Hiw
zv6lJHocm!Nz={j#J0jl;%%>_sGob_(+kN6sdDB-+323m@;Py-8$D9?D$u)51n>58l
z4hx>$@e)&!)k;lfW}hhSjP<hNSYo%nu{_ibQ&`U^`p=&jBfz~dq!pmbj2X9e@|}w^
z{(hpb<au?)^QM3vQC19C!@Gg<!-eJs?H_T+H6K^=|B3y}p)<L>dqmmPS#KK>=f4~6
zQB~KIFoja;+R<t)8)gv}Kfr&Un@|vw8iV_&srY?a8AYp$Yj&c!XYzDt|1o{hZt7tY
zqR)&5di!(G19zv_%6DV@(YEo()BN))Rn&6pKVtEgar?#Ojr?&l%r`|TXyNCYd1K7v
z&jiKwl|d2L0xPF#LES^%_3u=wiW@?7a~r;>t)KYlA$UoVfVHxdKY7nvyXP2%Mrlrm
zg+D?JsN|*)nf29_J$aht>x`Q7FsgKgm&a2M=1_&DLJnUpPC^-gJyia$03XtG+d&Y>
zABwc2&&S6*k+%P8L#eGF%)Z*?CGioi?!Om%rX%e_XW&%%2Q5Ci-f)_E=wK{l{q+IN
zTb}uY-Lw6E#K4`eMdA`pzw1}r&Y3XJz?`&<zJ0H7GDlcUC#^QaHrD>$Pz7`Yw(Qkp
z=Xg`4!zlHkS|SAAzqXQWb8XX1%rdB^=o`EP@6{@=6~=vac-s_Il=`7YbMqAGfIsXa
z+t~vA^;!SW8hPIxF7k01`<svXWI?pJmA!|iA=(ovi~6vy6N{N?+)x(Z23^#YJix~<
zlEe#1O{UjZ*rKiqULH}KJ=Bc2HYcZZR7aPP#f5>bz}a91iRyB7sS|ZIVwkO0V*1kX
z#6DZTb_DjyI}Cg`_`KSqb9194?OS_sS{q0M523fzGLVL3X&k?D-C>F#Vynn=vf@Tr
zaHG|3$8L?0>RLBDca^M+5<2sFxK4`OqBsn{_9u#P*&Zh4W4r-s$$zF|t2`@)lYbC%
z%&=-G^;<CdG6Vk-KJL1btSX(qG%vg)@lkJfbw`3-E#-~!%nSQX6LjL@H9!0zrvC)t
z`!w*T4)TvzLoBh@zTy83X^|*Zg-7|#vi(^mh~$0*@)@5Qm^o!~7ciF?Mm~y+63NwX
zkt#yAcF4JLHJh|hd+AQ}oYf%}B~Lr7Hlv(6KdP2VR|*O8iZs3hPxb*)sB}2dW&!O|
zBokY|`304Wj+!M!Lz4iAe#sl&PTdhKKC~^8px%2L*6K!(m`@q+d*z28BGopZh}q~@
z0D_uU2x$8XwfJTwrj;>HW1DtxMoSt0$p}JM-I^!{MZ5}B_4a6bgIQhMM2u%I$Js|d
z$>%->cle0XI7xbtO_Je!!jSuNg{LbLkl0J9wM)F))Is>kJ&r8?B4SW*sp#$tJbYii
zLiu~rPWfw+HZGm{9)UYD{X<+kr#?9E!!A)4=IW}|DR%vbX^OARrMNCh$r5dHd|CKu
zXWmy@hIZa_y3$43B{kVJ2|lgO_hsHUYD8JwS4N#>Ug%oLn!mD%HADsNWC^?)0VXQE
zOb2mbjPP8tQAK~c>|(BVx+7L-Ki%T8%8nb?$;&66KC?OBk`23Y+8uo*FOI))NJGt?
z_FkwH-|XCTm=3zU%C=lhEDbyCr4~|FVE%O|`}5*dZyY0j>c!ns%WFEXK^<pKkS8@%
zNd|6|<RtIOUCEPw#=G8*zOC@h{+T{$u_&&rP)ruzFiwa~rWZV`(mqy|!@?;&UW)_1
zO`9W$E@{GGN)108_SD4ly64Ddba3cWba@TCkDX_#6djiI*Q#qVLM)~%^I@mzZKnZk
z^vAx6{r)wCZ6m11C;Zo|(nA@y*KQg>Uh_Q8``Tbz`f#)<D@-O{w*sGUs&s3{S;Ooj
zeCm#ij9{NWaUq!1-t@&E`?148XXW>TtbXhb+fCYcFDx5+SUi>>u9Y4-T;T9|(0i$2
z&JrGpq9A1A8@aEm#}#W(eqa3_OW@UrS?dmn_#KZP6Q`LUu=McpxGx*_5v%;J69N8k
z=$2l*@!XE=^E6RZ&)+GMwV!0AJil_#k)6DaQB4hp+Pvmyg3Al!Ip-+D*%6^$0{Oap
z$^jN~(QEP<VrvKC0k@!k8$Vu<F4@f73bbCRw#TS}eQV}U$BcF%@|xs6FKj2E1NPp(
z&%uW5*zbk4klyN#^nj~C=}O7M;#^{ko3X?~)+e=-tKAfbiA6%YDS+0C{Wy<k9+goC
zpWk<)NEyV`uW{|Dhde%P^q|=$aX-!%OIyY*C$o_v_~=f^OTuB(yp1j3tYmM+@+$w`
zvQlqphdgFkxVG>#Aqp0EH|=j~3gOxehKENaPTFXyzW$ZXJDrqSeBfbfCUTfZtN+~#
z2j}-nt+ptap|%UE$BsOql50Cb6E$^Z@q`YDd^6|;w(6c^KvWaoIjMm&1UUm4>CrZE
zgR0XBIQNG9(!pf-Rv@Mg<ND3TxF6D{&izS3HS~9KNZ+?r4G!tQ5)lzodnS!%u6Zne
zgwbY<`5O_tyZcR;jgEu4P2&ei-ft-8Ea-X&VkNxmBZJ0jjEbruH=MERC8X9E`#-Ro
z24+1z4IYd2u)12ZHb~&F)+nq#ePLcZ2XnK#os1u=dvBK}Y}bI6Pp41#!T-YrVec;S
zva{wnA+w9_^KF<$&47b|TcKL%(B^{y2o?*x3P0|(vDnN9^43mjos8-%=jzUQUiy6E
z6@y$4dg~BlEr2pEMjX5S-lHsxnIJ8DE}!j(Tn|`{aq)lgx}B1fGEaMvz~B8^1-CM0
z-)A>+ke~c1yE^w7y*fsw8JxI~EC0~ql{Z~Ki`xe+O5%NRzon`A04`ZfzR!&v7{QEm
zuaF&ckT%H+CJ#@+p`uD<Sbox^c~Pt~S3>tb%=38I!!VL>4gWJj@00>d|6&&|vDvQw
zT*O|uhgcHj+BVS6QtP3~K=eWJ?~fpQ`?PD>X)0trE<l4YQ^&yWB^}2jw@A8tXzCgo
zfZw`_iPqdZUm?$jS#_`jKRK0DaaH~hQJ-x`M0n_GZg3nv5j5O?`(>y_=!No7N5=27
zW`<WieZm&EhBx2y-Al?inO9N^0gXG!hdVVX52G+uIhg(aa>i<;ww~Q%9OID|uzwQ{
zyd2)M#fF&V<#AhN7I)cf({8<k!{3OjE0s0m-|vY0i4m|fv9wO7dY8h7`Q5VCF7-R1
z14f2V5aX58fbd}-O{Az_5S+KvWtpw6b30$XN~GAMER%j#j22psR3?|%?m(a%{Mw=<
zwlya6#D)!wkQ(pxjyGuo52jyAJy_-_*Y6qAFMo{p&-Ts5LXejvTUdyQd}9`DC!|%L
z^k3R9+fr~yfALDWL(NYdz^Fe3eceG((1%Q#*EY;jmvbm;BaVQ-y=WXJZSJ+PCnOa4
zC;7FFtWx~C7||oR*lRkYve*ublh~qLZJa7aS#Zn&ifP*^b(trY7vU;EZ!FXK@plDT
zcLTOB-_gD6Lsb(-z2wcXoB2;2f~q3!qzsEJ<#gO6T>elk5DIR0$yV&CA+ttg)`Td>
zI>2;t0qX?;c?o@=WBXldaAHc{JeNh6dIpv3%wf>D)JyPv>80fpgUp#2RsaUxzi-MU
zW7mj$l69qP%<sW!k|RhT6o)uCj}ST3!kc{kUc*&!yBPYLvNy3im29;KQdHy-iArvE
zKBfT~@RCho`s_sLe`(@mc~lzi183)m>&0yi|Lx1#ZWrrs5eLurF8s4oNaJG{`u#E8
z_AF60f_fv_9QP#+J3x;gY7>iBu&Z}VPBTx@w-?x97PaIt?R@4!RjyX}>8lNf(<+>7
z6~h4+zL=bZUJg4pj#<g2)Yf^#;pWqw-lo@MXd{Sn@7ZXYrwLBz*XTMMt-u^oJzfbp
zLeYx|j~DmzL!n!N??y1HoB+63ULd&YVo)v|UAr!Hqx-Y?gcH(z_zfu9Lhs;r0Ftt<
zD%me&8QyJX$)~C}hT)YZwP9ta6`QGH;Rwn@fdgS>TALX=Z;|)rNnpa%Htb#WpA{{x
z$7EjI8DM>3lcXR)(UrKi2X5cRq)B}o=i-PDzd@3hnsi*=dw#T&=0VijrSjJB@}DaB
z5bF<`Q@gww-ldQlXz)lqvCu<sPrn@#xI_q?c}P?9j-GNu+JYh@D9YL-;sAa?u6llI
zrp{I9)yRbFBvr}H8#7goQLh>GR2Tfedq*N3WU<$!Fw%q91o~c}^lR*_*1+@Q!PA7#
zhTr7Slr?3HKbDO$ABUJjUHPAZm{2eIt)-G;AecB&-F7^cx17%mgU?g|F%IOM*+gyo
zF~YGPLL<R9W}L_ll<jx003UbL(*#;<LfKqNDWQ#;)J_bLLSKfyxDDf1iegRH*;A`b
z6c6N}c%J#Jr|K?n!UtNRsHCo|gQo9P)w3HWB^$}Sj2X+VRmZ}^ud)$4^b#rBPE~;M
zZESjWDpg#b@-3>bm%dsgpHWl5%|9#B+U%^kzv~)et`JEP*y$&eA@ToDZ>o?spA|oL
zD;`N=+>MoW*Pb7(JaFm0NPO?r$$}{9pM1mG2xk&MRd!ImbRo`v`WZqMr|`-$EUZj`
zI^MBD4)je{$}EJz@gPpW<;8pG>wCxUY2pme%e|c`{$Z5*ePR%0KA|Nv^U9#&lKV??
z+mVP(yiTJI2B5OzZWYsBvfy}F)hOTafhNKP;av=!1<C9aY86e~k{JrUYqb1EW;b^@
zn{AhSDudTsj(8-RvBD=Q@#`WGvcdZ^=$d@ZPV=*YinK4%Nq3(&*E(U3l%mF1qD^Qh
z1G2qQ{09Av8OG(k0;s3Uu}Jgzf!mU@;q^~{6&B$!fJ)|?4L)y)oDozn0Uxac7^%+6
zdnBh6UE6|}A5RL^(O>9NnNCbp2T}c4ucH8Y7fk=WjsF-pv(P*4!7A=Xfmmx3y?#~I
z|K@!Q&isOiEl6;Ll=N_nRuhlb@>QR3$K{K|EAtr;XI7a_yW?nNLtPrDBiTZL>o>1H
zv4Jf5OD523xjze(^X3~!knC)G)uL`o-RC{fW*ZL&pX@DC^)y}8b%r}Q7GQwcXY)$7
zs>fuDBO|_%itlM%`21~lfE(<T=5fiYLiR~qm@-Z(esr?&{G|Q%a$ybq{JUiF7w|3M
zrDrND66Os!^*Q9kIpx#Y#KSMBJrT$2PNtenP(B399`8;4Cea0Nn?b`f_H*q^)SDox
zY1%XIb(PQ%UC?hM&X1>hsd2cQ-djfIYVTz6Ne-D**IVbppbdnz5dgb~+k<S}q)&3D
zJhI*<S0A9N%*9rWeWrt#J)|9UA3N!5F-5hIt3&I#<j4qkgFOzRbcRf^=B_`Ph`-&-
zV^k*+rjOZNZ1P52PrL1;4XxZZb3=N(s*0jvbUzP7-GMFd(e4j!wbOK4W`w(_d^N<H
zupCw8y5rOIOj2KZeF4{wf10y=345o$R>x)KFL_t;rl=n2U6xwd^uuI79$e*?1qt<j
zB$rbURf{mZzK7x?in5-((5}3_hz*SKfyaNP3u%J>(drNC&t&XTB%rTf_9AG4bVepK
zO~Oa@MBb`;P6=gfil(sR8%mR^>wUzL&x(hV4aRlzh%?q6=wl`+AhfO7&3du*fltnn
zjFe00w+_;wr9!?zHG;@3;o8@om@${G{)iJV7z~xZ=_#OFL)2r8YlCr^QoQ5jh+YV_
zQtYYrHWwJeHI2$Vu{4vPesiAFX8Un<0%QWR*^KjVtKq};I;tuWv8N`6daY_bp`Hw}
zh(w~riCgp@rNpSvpHg4Wyk?CSHqnApjxI`Q<T$hO+TO#LvDSA!umFEOPZ}A|fb!Ix
zQ-C>!?d|1!@o({M5DOqP0uN<j%Fyn8oKjf!v(8fySgNF36leU?NVq;+d_FLX2H0Nm
z1~hhjc3UEAgBFjFxUWw4KOe8<BHCMq@&v2>*Euw6EX^#>DYr0I2+vYBb^7Vu#?#kF
z=fiq`I1EO&{6mmjgPORSb)VIl_lwGhA5$rF<eQ6*jR)w3;Rhnj(c(B%fi$FWQgr=<
zE7s}oZS=#2Yc6HIch(BN`XGb*Av&PDuLY08CKcet`jsVEmXllHe(7B30&yx--8B15
zDocaK5yI@T?<FS4<lB_EHq%s^9K8*Dx(g-JPp*Y4GEEk$@6G_~^=R*z=8z`?0RF+N
z(dC%e1(x8k5;aCE6XI3?deZl3T(cPO>#_q;x@qk{Wxwan69<Ai7nqj5tCV$j7T!zh
znp{Vr>}f18B&X<IaNR1l#4Gs&*S<=OKBVJ|<Hk<AQ*{gkM3*8wbF$3yp0ane(059&
z;{~|yPAtBXr1T?hop*YJUKdx3kNA$UQap)8jz63;V2uBaPO;eUok7f{Ii4$x6RvFN
z4t0480rX+rM*gk`JtX8=efwxq{q&I1bW$;XU?%ab61glIi`c9@z`0cQSC!{RwVcvl
zz_e3c5&;I8yd*t$vb&6(GF1&j`j*Z+DYnO<U#nEU%9)S=@b8iB*s_muNiqla^OW}|
zCphJyaJB#2c%m9}KzXI5t+Fp~aS*r*m^Ty!w7j`W9lMhZr(s4PD`(=;Y(Gy~C;pi3
zo-L8w=#SSyHIc$5P0N!}(tc=0JAN>5{7kXT4);CaKn{$3zfpE?j`WK0J2Iv$8GA&<
z?7??QUaD;f_GZ6MNsqG+x-yQBd<g~r_v6~(Usoos<%h{)O6akl6S_G6D!ez9Xa5++
z&B|UkPpoZ;mpJ*=YD{g?D_I3Eeu+#tp8-DU3>mH$N4?ddB}K+)rZr8`UI8t<q~A4w
zm;JOQ@-OH=R~us}#xh^|6PzWQpV<#b%A_78u;uLiH<e!(w#<t+3<WNd5*}Z{+J?Pw
zF1SP;89Gh3=p-`)x3of(H{RXn>@T5T7zw#F(E;F8egI8^hTaB`x^Cq#4&Yk&SN7ok
zI0wSp=B7SHH3h*)hLN?Egc4=!xwK8FZ4{=7!22@fb6dME-CpusYc&1wAZh!%uCya;
z>0>#2i(2P@(xV39NJ@XQ^ITTp%#zBdQv^{B8!T%z1Sv-$D$&iEszEaR-CbJ=H}oGO
zukA;*q2ff#YvaZM6Z$qY8xO3-kd9owy2uu83FR10BEw#Smz;+NY<~^lWa==zm{qSc
zf5p8F@A58fkWseT%)?HVXS*l6`f!0l5uVLQEi|*-!N2RAc?;#Tfa)@pv%JKr0X|&@
zyQ`dE<wZ(FCCi`tpx!$cVR#FttGAzn43eA^5w(z09Fu~Ph7%1SgfhR6R~I#hf?H6^
za)z5M+5&jzdpRXW#s0!DCxYnGf)w&N%y<A&DZ(X3Hhq4=dPL+ja@Mt4W-C*y1IdSy
zdFM+BFLC~@%1_=8o5kY8tv(+Ki-r?E>E}5qI8p-7d?c#4GPW0Dj2NN(7T*15Y{Q^T
z_f&9==5OK3pc7u)*xTbri&Gm!<0?)t$FO}+i%_ybu>cm*$&>c?_5pp7Pv>P^HK*M-
zR+55Rx~-|oGTJDw1!JwsWTrP#6wSg_3j=$&lF{yX-);G3BWhlUgGlL~sWC$kej1V*
zm|E9>R|~r@Sudlcg|XIOHP}t5?C*e{HBzHh>@#iTgo*VNP9#MnOAQI_jOW>B*uT?)
zBVA3Wfv2e}X?o?W*&b@gpCli%)i&r1+E<|uvDOBzo=U-4zcL)!qZJ^b*HU7MVXJ7c
z^u>62Oas$P5iHY_M2-y~qtlVvuYDNQI2{+b3&>ec;Z>nv8CMNtMJKVJW+l||X4J}A
zvO{1JFi~lRdOx=&f^KF9XVTz?k+>YqUsaxd+(C_TD^m6^LF}9j`c$Z4*;e2+cZxsL
z7_N*1dm3K15*`ej)ECJE*u;?-uQ|5tl=^f=L|#lVQeCKK`SI|xkv|>XsJoG#Wbqi=
zaRGEXkkDsdV7q+@B8zxzdqCj^{-8#(wO`?nX>EeKDOAsWn!QY0h<(Y*pjRCA{EA)#
zHgPJapmLeh#<YsxKdSf5r3+MT(r*(pkqhIvwmQNp5w0NB(Cf(7KIdlB`m|&(H9C^9
zcAn#{#trn?n|x$?STr^}O(f3yd>41kkz>*}sR*B@*#qoE74Q6~H*MMB5JUO&`Ofa8
z1H?PR!+q-dch*r#+HitRG^FZs^O?PsPvXk03G;7h_)g?@tm#+l1~wi6er;IwJyco~
zlm0@<ASp7oq`d$(o;O-hR6ic&b+^`Sr9`LIrmv>;K3HK?v46(y&J&zT3(bqW$&aV6
zAK$yQgL{d(QPb{;Y~m6qzIuD6^eoFHiDSU8uHm3vGlG9+mmNyuEo|Vfq&FS4OB@IB
zoL&ij2(=XRRe~|W7cdH|HWsT5I3QUsQlQ#xMUgH8?Nqk~2r8J*1b#<32UCn>qbrum
zD1vOVfA2e9q5d(ty#0#aZp2vINM%>4-Wyh;DZ`ucRN?+p+%4yB)Z<xgnL*^k?#IV-
z7uHKMU7&rkZ`1hmV~yRct(=Y@iP46ep4^SsG|La~;)gOKO|;*8qAHH4pjCYAR2~Tl
zq3)UAA-eDro7J&rPWo)__BXRy*Qhf%TRmGHHgUJyJUouk1*iD?9d`byZIp5<f;!)}
zlDk!U$PGf)AEny`5Gv)#Cp5Jy9X-b^uv!Ys4uFA<(bhex{AKcAEQ>%*g?7HFG`X!_
z&wkPhd+rXKc5vpkwJ81H<Ut!pE#6!F9i`zb5oF5ifcgxo8*$EO*seZ+GC?)tnJ5)K
zaJiwKrx)`(%$(}#$|FU@DP5qXZJ;AA{Avvl?HIp=aUZ+LH~=%ohd2d2=7mQ>zSJ38
z0eYta@`H3QT1&*er%ir|*v^$oy~TQ1@Kj|pp&b~)_)$w3WX-Z=Psyq?oX|x2zWX9}
zN|WC8rmKrKEVPrz57v+LW_sR>ve0%h2{s(D$GC6fngx7e811K&Eti|rS(anP#rk4N
z+Xu$hr-ZJ_y$mPAPg8HP%kY3X|FVUw$v~-Q0cbBNTK%wxXpcpykBX{o`)xct<)Xu#
zz5%a7u~x#zE#2de0SesEFxT&SKRoQV_%SA#b1BWw%?M006b!F$D_Ogy5rz1o5%^kY
z?)2dcCoXpk>l(Fka!;Dt%JVjKE%&hG;$mGdBO2IA3KarJ`b4YGl0pqJ+klu;a>;t7
zTT?hhvM1gQTiJHv?;|U?Bo?``^BiEX;>IwFYj4%TSXbq2*C#rAghI<p3&mrA?0!yz
zIaF{|?TZfs>}rCwQ=k#Yv`<%Q86|r!*{rC{UkUv}2!?8h&B?lo3q4@GE#YW&lv?_L
zScQl5U)|Q6yZ&33hCFY1Yssc(PvB7|UGQ3goC)Z1brg`Y7+H3=6k3}j6K=tN0RNIg
zccMnn*IOw(IMQrzDbu(dmvks&s3~`JEX83=6YW|MBWBvuq;CoUJXW~h&}78Xa!Q=w
zs>XDRV!iDRH|6iC<)+{>07xKJxXb7Yr)*@wzGrkpV1O4ds^LQhP;G<>vADwvUokN;
z?SykTJY5g@;rdEvj>2n%yu!gG2Yc&ak&g0NsC-yVIa7S`CFjNNE?mo;!bN3F-tcy~
zl!8+2#9gH&i$%WJaPF6*-|T~?5)V_{<%Q!3Rg)R7pf->faFcV?Gf$}z7mcRZb2hpg
zcB^|Wzo0rEr0-KDA+x5-FpnfF!8?_u9NKF3@NTEVr^00QZ&+Q)^K0!{v?fSw_vyup
z<c%s1&@u7;AUhY{{DyuN^IC(W(#q2=QMPR<ge;!3o?t=hRPw^aMRFUVkn%b8qbK7I
z`tI7PNUL2iiOQEkUmt)C{Y#m&&mnQ6h$>g*-5t$@DiN`tU^j!_{h&xYuI(2kte{ME
zf(8HC{Fi;o49zpsr7l-(CJZX#AFIYxLsQXgg(y{R4iExvptrv?H28F8LO00&yF??o
z#@N)!GPx84z1q<IwoHwV_s@E!DRLOO6W%4efJl6(h+JZmUv=I6Gf@_co5#9+)eFBv
zv8BgboyhML=U9upy3e-=$lZtri16z$fVf5k@MryGmbsQVGtP_1oto;*#iZ%3vnG4D
za5h~sDiC2>D=|!)-2)NhMs2!WH#)dtX4|>FswTS7JJFM(@8ucMD1W2hQrcOQ*Q$TB
zI_JiJ9l8ux*&U&N_x_{Mc9Vb+vSsu%@71;RezD1$tBc}@hemlCl+RZuCUkfKIx=t5
z57T%+1e|w`TfPGqq#rI`H3pT?;z!dx#}kcTQQv%$w{H_wOY+oTOwdD-(Sjpga@EQ{
z{ET@UZ0b@5hyUUN$BmM;|G}TWnA_zj?}~+0>EW>1A{H#uIZt?oYxI0pRo3&uq?MC1
z%N8pij9IZ4+^ecA4hMz&%3CDQ_B=pOUR4K?6ZOCMin;5h(WlGKzX*o6bsFF4eaYBW
zfqaPk<1|}>#p#wY?vVvt<bS;3Hmq>Ajz=w3+mqRm0(ZZ5t2s5BLVR=IVn{F6E$w#r
z$LW{phinY|l%1nHQ+yrgF_XyANCDqx(UM9TO&4uK_?_9|_}tj68|$Y?t@~;zvc3o(
zS?kD&K43Jon!ZazFtShehP`WNZ|y|z1)z=wG<5@(w6pELe985!fVnmee)b*w(fhU7
zn;DA7wc@oY^)cDc=GqY!U{lXe47S;(_E+hIFKCqM@$#$prd1sa1g^(DK@F|8Q;zd}
z0X89j(^xJ~b^BteSUK<ASahfvWyyOv6{>1}hHaZ~Oid};g;>0MJKuYTs248Aaqc<{
zYF(3?=}Yt1DNR@e*$R~z5PV<;)59owpd4I1V(WvBn*ZZtv4}Ml@8ITa=_$)%CQjZ0
z&QkA5!(ci~icpdKTSzBYg{1%6k=<WmwGR$4H;I_|jKV*7?5rq&=Zib$&$W6E5-FL5
zhvC2^Eom>IYyMHDXS3cCZJg2BuB(ckq)A;KcV;q#N$)%jmf;p|%=3@rFZx!G_i^hN
zN3NaXtP){2+d%HK)VIX7ZVIAFla<SVV6Cbv=ZRCB+a~)#frm@6tZTH*pod?^YeQb)
zTV8uvkM-v(K6o(n^{+#P_0tb>k@F+P-bSxQzwlXQwv(q!<IXYMy*fHh?v?0g+_Me2
z*)BeLN{#4+gPJuUfcI&oQnC|r4`)N77fE+xEn;0THSj<bs<B+5yWQ~@r=FAKYS1K}
zxw{>XmECT1Typ)sSSn#kCaIsx)#-^a3JNSn$BMh=In8J}d#{=ZlBs&hi^P1(ZW)lE
zXEIIPv&pKfJ8<Pv?;fU_QWS<2aIcoZ=aS@HT<|Qx`uJ%6ig~@z`7n6Mz2#!bcNXN3
z1|Ir`@=#RIF^ArLD5>kmkCzT`J?2P(jHd%{G9a5(|1jjMt5ULK<?C4foA%`(Pq(%J
zQQMeX&H(<tvn#dsjo2xUQ5q%T$v0y;wCN=hR);-CK8@1bQFJ8aT!uPS_6-u=9607w
zcx|oMuZe3k#KrV2Nk;pCvvZN{4kewj)8mV}KULuyrs2CP7ns27`w!Sj0x!cl3LV~N
zJaI5}Nk$dsOapSiSo?z)wGXT|yo01X<>}XGVBQmdVV~ZJx5O6j3XG?meTHIeY?wD#
zI1ny&d0l2LNZdF$MJ$Ciy2d!|Gg{kzRq<hV5#sbE28nCxT+T7at6s>e!)o8n)D4k8
z3qv&V;Dd?>7>pLVQyKQ2e#EX{94i03vI8zrDUO3rOM55n1nZUp)A%a?BjI|r_H$|t
z`FGWsV*qS}U4w5Jw4Ygve|!+qBo!ne&GN)w-;cX3W~gxiONPGI@W|wFT}Uy0*vjnZ
zCh7MCafe*>t7kB|aXX`zZJV3~0Sa9&GyYk01*gin+t*iK+r~o<>;QArcEtRm0d>gi
zpa!I5fb$7B`1Md2^Yc=hU@U?gE9d9sLoOBt#Tm~X4V#FKnCb$&7Lv29UXUHCj=L!F
zQ!P|-Cg!F3mT+2O-s=2`>8?lEClDmS*3ZDpNP7LfQ8Csw_u$DGw|{1=VplED(pwZ|
zcJV*1K6BHw<3jF^3NG^lX0`!h{Rgys4*C;vvcHVi6kgUjr!RZjB;IXy&#&y6tRPmY
zTa$SGIqt;+O1oKy%Xt=0@fDSu1UTfjmMpEYi+SiLc4$fNy8^wJ{-#peunWz-%AMeZ
zt9N~*D$2&CXz;BqO`8i|DRXl^43bbjwG)Z4@CED?XEZ&e)n`~{5t{df@k|Q1_+z6I
zLcLaS<84)aW-x<jc6~E;lx8~2Am)8*a()Q=34ZuVPeHW<$5Wh<4ly%`dceH_Bh-|h
zWR8UKI^bgOJ;+$Yt?ui}BjQ8)AqhNsb&pDPSZ9UE1i@O#zwRgZY7s79$^(WsyYRjy
z^A6TxI!e<WMxlAeuo2emGT3IErt&*1ZisY`vp$>fUU{^7LH$Sd{r0qvp*F{EdV_Y8
zf5==t0k0Ic*!z#Fac2xIbQ^90b~C?5SA>bvRg>rl1A>#0pTru)$M91C+rD}R>nm@I
z=IdKkIQ$ZMvjC>HV%;l>>c^o>Ch9aFRPly0Kh4`JaykGlo>~!Ly=tI5ar2xCsER@1
z<_JS6AMoSy9Id$W^N0CKr#Sv*ISxj|qSS2iRj068yw@+VkJU|RJ+>u!wrs9+jEZ+4
ztl{n-t&Z#gWNc{Go(T2UmArV8SC&#Ij&<%~HkqGWTl!MVni7tLX6pz{5{@8oL>=_T
z5Yr={c<DOZ;nF1px0(KT=wHQo!})F(<fgE6exO>h*L6EOv1lGzi1#mrg%J=4ugQXx
zasS2M|HubzZ%%$q1>jN1LQaq5+0+UD{wUzP7PuApZ=Mmq)Hy^SP+e-oQ(BZ!FBVBv
zw&`<R+=yOIjd;*1#3$2Icq^W@NLEuVI)LKWyfH$Blvyg8v<g`B1NBpA6!9X$QdUqp
zdS!W;@&HVuA9oJ>lZ>)m0Ya0lcpUvv(e^KdnE2lI^y;Cm@ylvZM&57uzKDRl0^~(!
z%A+-k3fyhQXQ(-N`m?$e5gtphthcjLfj3stddw0cJ2_Q&@>ZhSnO0}QnZTVb$6PY0
z#@n^-$H-!Z@0Cw^Lk&!ZMfHL5WJHJeGz3!Pech#c#)`WveEz-!GOdDW;3Hi5zG#mr
z`~G5gM&CbvCh(h8)_KcRi2R}Pd?&23_AW9MXDm2h;uLe^m58m@AZ+BaSAaud9HE-7
ziNW1adYdXwHQ{6RTn?B$3@g6svve?p1jAYFrKYGE-09<hKN}foFWKtg={4e7!TC&d
z_x`zONl{G$>uKp+5+L<SLYL?J!ib3hNTW_bm<&rjCJ$EgGdJoz_yMwCDVz)Q9$E&%
zmdQH*W?y<siWvvSPv{)oLuc%Dy34ugfLQ@K8YCQ~Lz^culj$>eIpyYH_IK%y6bzN|
zs%qtjl&}Dc-`nITNBl&a5{}!OKAS@;@1?JwvwKB|KNbTPIuK6G%YIDP!(h#-LTM(^
zW0ZOw!8y1GuC_2;59^qBYDhx6N&<8+dw;*jE^fZ+Dc6i%(YuvnW-2K{+%EWCBCqJI
z_zB*9?cjX(LADIP&iyMc>;c7_KD+|(RV6>eeFe_PHEu4`srm&){>r0V48@iu;xUrJ
zeBF=CIvp4N(Vxs+i%smLh891`9$?VFYjWVrlg9(r!F>69lw=*v@dy4hu<N|H$;fwQ
zI~jE6h<5RDgucXNtdv%D;p_2lxOWwmjJwjYj^jT~qFGj*x3L@x-hwq3_;1wYz0gGY
zm=nACK|Drsf$tyaf>W1sux)*thQIlRQ`-9%FW8C~*D7|`=KZcy8932X85m;Pcyx6<
zO)AH>PkeQz&vUj+uchq7{<daUj%CwiE2y;@j^)BznZp@P{Up)D;iwqbK7^r#?Vu4!
zSKVrjX`$81&vti6pY$)BL`R%KetbBJvbhgbFf)l~YatZGErnotG0J0)?SX{F>=2p2
zWuaMmtr_=m6}>EDnz-RQ9F)pSU;fUY<j2b~4hnQf-(d=gA%7?x^Gh8$!{-<A|M7$W
zAx_hSA5tz-(OT?GZyH<IP!kX2q_<7Zw~Ia8nc6dqVoRmBmn$VY>=b<D#&j3kFLdUc
zFb3WuMMV)ycxu(7x<fpQo}Dn2(w;wU^dNluM);PT6{k#MDEZeW^Io7B%&zPtPLOOk
zdnS$mVJr-EXXGu}ExplqgwD0vWLJb@@+vQIrl5J%yTUk1;57ck4@n2^zGNFCG!=Dl
z&6BbKvB@ck>LrcK`tLeohA|b)fBhlPHl)qKfsRV#`xrk`T;bln=X*K%R(MfJOhEF8
zb;05Ai#Bt*x86fY#)t=Z5lQCNcL8!{=(z4M5p2ix0mcRNH;Mfln|}8y|Jk}ZqJF`a
zi|C@@Mj4Vb%qIh}%NZ_71b9TaOm9Z5|3X|u>6IoSTEVO#Fz2Q6K?Z{c028w(JBu60
zL@V>S>X|C5yS#auX;FPSzb8YF_t&5$y6?&%4G|l`*yA>=1%|NciLLb1D#me9T74{?
zZ>dgY2qh+F+@EGYOL&E|)M%3uEN88{H{6GFFdvm$%ke8^uY>jdmHas|vv?LLCnUu&
zI^ZV;9G83p^<5Ks1btH7XKee;?1L2tDO9^AxH@@f6yiNZG+W~RmM5`Bol+RKS0vj=
zs_IPQWQg;~bw8yeCN%vjcm`b+1eu>s4nPm&0nr=xNRBBet4Am>DHlXxvGC;Pf{10T
z;=-R0th1)X#A=($2iN_WbEnJ<COPzAx8weLNbu$L&=f|oleCN8y$|%1v2HHd0=<l>
zMXq=4r-Bwv&Yuo#Sk)K!B_^^-=L)FwBLj2fvfxpRtTTzyY8xxI8m*qVY%oG;?4yQi
zo{IT7jvH2|s_LmcA+0=DaqG3{Vz6RqZB)1GSOFHioQ;CA9;~DD9?jKTw=tkwRH0mE
z)L34Wp<$(P`!l11`vDzdWX{+rIY<|zM7+k=y>$mYuL|tK$n#$i0y%|7%S6XQWd(9A
zHgQ6|G@!?{PU%5p&(yA)1DRN1I`5qp3X)d|R6h7BkCLG5<n{Pdp$KfF%r=m*O};&R
zMExplz&O0%d$rI+B*wOfyf5?b`-<0XmlCR5`8~iQAymKB233ja`K`St{ohQrhER{f
z`bzzv2vFXh)W|#UGmLr**XiXnu2!%~bzBc?Xc_9DWsPp!0r>At8o0+>l}MjiTs(uZ
z)w#;;hU`8k<JfUIZ1y$@P&$(QT6smopsM4^{2!93p?cQs*Rn!Y-Y%baUEDzt2%dBb
zbx2Z4_md@77K8_nKghzbfmZolueRe<THuHqCeMdcyTv%}8vf~H$MAh8eyW4a|B0%E
z&tID){Hh#(z5(sJd1|U1e|TxL+~qVjmNuc!{~$Q~V{L%lqN6cSw>pdga9?4h^b~!)
z_wCE#s~%8y;t0|-;SVk+Pkphxh8=^kHiHWXtI^u>sPw{WU}~+d%Rb<60^_i`i|p8*
zW-8Hgi|TgN%p>N@!;KHq)<%s)e7xb)GW@v<l!Ui4-(p8-{UG87)*DBcnuT?y>W)Az
z$?gRDR|F>cje^@$8LX;|yq`%FU_^}lOyA}AI;SE4E3QT_yZRlu^85L<Uee{W$3ot0
zS?-V-ec+rH+5XUuUFY8HN?Z19Q?%=%;uVWVt)$4PUfUW^$WrVu)bw>&KorAe5*|^e
z6+Zb`V%Vk&OI@w<*bgj3z)6=fbSBi1;guAixUfC9IHFTs%B928*&g|C;=#LMSb(Vd
zWYTQ&ZRC(2D_AEb0Vls8z(sa8^%kmE;v1E}v7>#x4Soz`1lU76<e3ZNiTKU^)nUgj
zGB&TMn$e!Wy84EDJFagz8+br=4;g^p#!ZndOM)2?PJRA8l7@0K-6+9dufDZ(_snid
z^Wie@kTq!7uVIS&{VX}wcA6}=a%IBAkU$^tdPG1=Y|2cV55iO$={E0EB9ES;4c)ue
zG?=mZp8>6)xG?Vq4RIcu_F5siu@tQTs#*thC(DD=0oJ6{+1_!1JOGS{E~q^_t2CKU
z3YaMX?lLqkXL5wCr~Nse0o?JjDEK)qc=q6Enq#U@V$KFmO~mvTqt%cEnZ>jyxWky3
z^0Pfa>y;4%Z$0^29xXKMI3@?R`-~w(o!36Q6-E!6y<I4~{v+mYFf+x3fX7a~r;waA
zrhZA@#o%4aIS&e!Lrha9n>yWk4xJ<>`rGX_*{t`*G33L@(!Dgp$e8E%84KxuD^?9A
zCeG>pRyKat%7rvt_|~fXG0FX$k>a}ajwoBI0hncWZnItkI;pA{N}+rKqAmwcpPBhC
zxgO~1>D}P9b2M4JNr~#zMPV-BoXZcac4@j<xdtP@vMo=NtP%f~YEo2|qzCeNgs~04
zWQaGa#oW)+lsVJe3c=XQr+5po`snoMtF9&p{c4VWFS+uNgHgi%pkFeIRb*3^3phZg
zZ|N!ewQDZN_#eOYQ`;{msL*T4Tb|@QXwS~S=^40H{)Ae^&TfnKcu}b+`|vFX1-<I|
zSXj30%3w?3xV<)T3vZja<1QheO`FZW)%TkD&@KzFUyDCys-8W~7lP*N28vXBUDchK
zIL;1=4`+9Pn{)b&24NeoX5#k`I77O;lK7PRAe4Sr(e4=O=$(xIcY=0ol#ZaoJX#_^
zOC|zUI3%a%f~0p<@(73w=01^nAHset*(kZ27UsQZ_eAB;as#$xHy*sCc#cx-n_k2z
zoTOjg#Qb=36ULjRjtz7EIkGg)^H*U%BPu(TuJUJ9;U(fH8^hsIxI>sS(WikG0Qo#r
zJj@>QQawYN4vZl8=ekOiOibpXyu0vXy~TC_tU-$MPwO8Dy!~MY$ZOvgz8X8iRFmu;
z3->TcFHvV}@XG<x;k1~PiG$-0r4EO&Y|Rm<f+5}Y8<#1jJkiW=l9mvk0j<t`2qRg!
zF8ME&<)><{^SI>6E0F(eNTmF1WJo6U8lMruUU&Nb`P5vn`l+8=M!Em6F2Xr<?ATz;
zYykGJwoP?bfVX^X``l_=Lh$Gn|2M<$#-H}JzzVLQz5A{Kw7s3u;zXA&(u4B%IOhr8
zY5+Ay2B55qFXWt?2c@g*1kh)|5U0SmeQ(n>@bmj5C)TCa*zgmse}gjv8eT%kfzx4J
zV_TW7^7n~BV!jFcZ~>;U;^yJVm`MbKY4{)LkENby8TW{^EFZep@u)QD61q4dsP;ZP
zIy9ICId8R|`MlY?<F~SI-OQDMzMUQ$G_fnHDJGn)?l?oSGG6MPS|-1*5gLVw>-`DM
z;+_=`o#%PGksN<t5#XxF(_;z-W5KIOWVEv54{?}uxoN}RxyIS+)K^6npHgFE5)T^v
zvKhX?t@Cc>-!z=%-CK%Bc5W#Xmpw@+zP$7m!Y%dqrFz+ixQl7__&uuW7YA^0m7}y+
zLj~ou>H4IhI5{XxR*(wcW3*JIPueIy>Fm&%Edjhk+kZYg;>%f4B5fSEql;GJOu1e0
z?oih}V?}}W@m-|JR_SisGDs52Dva`_{kWh+y529%=V{FDzKC`ThjA7=h8*DQh;M&w
zHJc|793TFwI+^}gKAJr2%k)4^1C3Tf4#kTf1V4zwI2qh@3A)d;)uJ@8)2<tcSI4E@
z(F_Z%T<R8(`*j5O)h&>r%Z&m((ZynuJDPmz=jST=#4?7cbdoXOCp4^g1-^tI*V`46
zJ!J2@@3vg?TG-VxQC0Q{f0G~*gWMDtkljZbIq~L1SRt0`StKXDAz+oyDNRM`P;EwC
z3^lTe{EjxbMk)2;Pk^bPzZG}kTk=}_;4UUZ9o3f+Mbfb@T4jvK%uoJa7Uy4;2SuN9
zMqYAanaLMj;msu#MfMN%3vRiI<K}5|AHcBnmIiGT&)JD{*Rnwiqgy4tAA<wPIj6Oe
zL*_%kL;}zJueozY=-0X$<AHN@H5Y%@d+u=Eh|Srz<jICTdmikCPc2<AJ6%*6yzoaf
zu4%u=HLQAR^Am<Th+AEQdxpL4E;5W6SW@`Ms9FxNiJ@Y*P@v=%PJ&_SrdI$khjz9u
zv0DH&87`z?*P{6tD(_ztF*2DBMSIjP)a8<an2KDX2c>`a=*~9Z!Ue<Oy_&y#Mv5(M
zEF)#T<)UpOgUc{>@73{a8dWi|4Ey8RI5~Xu5?~j#tdDUg_;Z-P{LN$+Jsb7k2;l<S
zKT`D&6)Q!1&H98H;F|2`+YYwi8w!IX9bf5<%rlc?uKR7RhJ~86nVA~=0c##qR@@7X
zsv9hG@i72vgWADKF6sUvu(wfTLFZfC{HnBW$1daP;g8i#KncPQ83q1$2>XeW_vT}T
zE>uY7Y>att^CNt(%u<A2Qe^xk9(b7;#<6{JUAi^GQF>qG3$~4e=_G-MKj)BYG$15S
z_DaKRBiM{%m_uD=f!ZW<Sjdm%08JyClagFv9>VU0q1a=4+J6ogLJTC1^y5XG*LZ)*
zUW03nu&p8YB7x~npY8;2T{1G!smKXl@ad9t&Y<Xl%^@qQAFr>UuA8(yC0~jbKVa&u
zbN)qP`VtnZ;1g?SvR%;u!jw%WEwH4D2n7H8(w;bsx!om1oOtQg{Ewlrp6p4panNGc
z*)+8ev3XzTO;FY1CZwZr8Gvgput!pa6v^joURzTLp@AKvv(o6gvq@CNm5)GYUBHp-
zwmI&sPoah}ExgqC5brzFjuBlrIE=q5dRNrBII4L-9Rh+q1G+kH^p*aPqI2<Q`hEX+
zNGfHOkgvlkYMmvYlH)3sO3_(}C7}|M!?06Q31x*yY%4-?K80qR^D!GapSGF99Jet$
z*zvdDfAD@h-uHc9_kCTj*YmYQs3F3_hQ%Z!If1#d^baawJrLLk%4l9{vtAW7pL&TP
z>|$Y(ZGP@a@mcYX)$l?))FQygsj13lV^bl}IPext!$CMY#a9)|bXm2jKH$9+&7I(#
zsxl?cb;+ygo<`&pv@_4?+ljC_I=W9KJ(k!EenNidSe=WiY|@?G!eY>&mUadY@{L<X
z$#>6y{sk8w{~sL3lrZXb=R!FOjzB5*l{w`mIM#WbGEcF4*;@GtS5}jkzm@6`hL7)A
zixqm_-95qHMmIn<pg*>{5NsHr_R9pYyM>D+iEn-)R$Xprxu=$^z+C~sH_*J!#4S}4
zmOj%@@4ls&91CdGK8!36X8JL|mEYE{es7SzY{siFNz;7u&DYuq=wniaz00;n9!gv7
zT>O_?H|aID7I+ZZ6FC4%bw3etSfIYLZJ&5pU3i>+1J_aPf))RP2oRDyV}Lej$~Are
zcgWsfr1|-<!2e`A7_rcryZM#Lb>~f?%(J1SGwxEoVRJl6u%s$EC(j{AzHo0!s7#U!
z5ymg-#8P0F4WAJoI&c~-ubeB8@kcK#o^i*ZhQ%S3$3EE`Yy18+Jf_O>JL2%7Z>9J2
zYBpZtXs;ifaGFs%wPIpW57dky5$E`@^U7#_-AlqzM*E@EVcMMl!x3Qk?qcGq?+!9;
z3oRH`NDk~K{h(EH>-lw)=^e^L_nY1*<Z-UUm(x>M1X?R)If-gkF<XgOYDI=Yr}^_u
zcNmR-I&}V$bF1ItB58=Ks-2uKStHQ+)VueSJnUgJG%UV_NILA`y|NAUfgP6!DHkq%
zSQsLF4nVx%hYkc^PVrUcsL{nc))Zw@fF6-07-FttCe{g!P=hrT3(8m`fpiPECPu{I
z%udX^k9=(Z^=wo+t!&N_tKKoGw0KPk{OB7*`aAz|UjW10yoQ-rWqwfh-XvE6Fp{vY
zP1Sr{ZJYA64N*4f&m&?(FOL5JcqX{TScl!>|0)5=38>!G<4*Wx8z?p`#cj6IS4Mdp
zotn!YpEs`h<VIChR{}rRlMK4Axxn;biFf!-qNo2GtJnCO3}-2$nhp3>#MM5@2-m79
z37S19Cs;+K)`lxEuk&8s?1vP$%cMm~P?Ni4#O{uv<ISIhtp+sHDi7%n%THZ9W86G?
z=dklC6AF_45xF}GK!6QmAm&T9GV?d9<oQN>mO6MPldkQwfl&$@9kYyhW(_}3$om3}
z&<D_54-tPolg0q((Y}s>(=oyYv$$XdHbWZI<nU%(HUVfXKS0b5@DeEJ*c!{e%N~R#
zzLmG)H`Sx*@^EQpvjyU%{js2hq*35^s9vPif|EE#2w}go0u{Cchc1&20DjvJwGNd+
zBqDZwp!kc$lcf6y-A$5rzQhHe*(RS!i~(`Mmeck|G+t_4!NVRXmY01I8xF66go5af
z-X%Dbt~upfws&F|-9r8dLi|j$X5jZmsb#7{RAdSdVt(vr^I;43&$$KQ+|?1XFXY+4
zT40E-0LgmJK|nfh+9(rw*Ctx`0%pu9(ZHKGrD@zQG`JCf?QTyUjta!>k#|*)W>VSK
zSuAtcpl<{Rw<(L|md)+4(?R~&TdDCW)@~ldIuhae4xNj;&p>frRks{Wj<A19m5G&~
ztnHN`Yp)`kLzY3{SV2{tm-ryL)Ru6|WM}F{Q*#R0&P?{kpn9*e`t=_Zs379?E6dnn
zc_-bzutzomoA#Fb00mbx3T2WW8a&mPwXl~SBprvXr%Ag6Vb3W_+}Z|P^F(iaLIz-+
zA)bO5oZ0&va;N={{=#1YI`v9h^wXy{+MvOWiNN=c`_W!&NHBf-hcV(;JNZ9F?Fwu=
zHazybB6hvNdw@t$p&Eah6}q)Kjz}_&${XbUS!pB79;X*y#8x^6y8rZf*n_q#O45i2
z4}!EYb)#|S0bf0@C>v1j_l8`44P3jqhVQ>X^3{0y=m)=fCav$%FB*>wP<Whf-&w*>
z=hD`p*Um(GO1BgzHpEOZ%Euvx)2=?J1=QOWLjFq|U_(seJ(;my@+i5U{TmqLr;)r)
zb7j@BND5a*$PXb>hnbt(&Gye;@LP%O%x&4n#8;a?609&@su4n%^GwG*q8nrJrLz7%
z2kDKQpdJG)DEcOW=bTCfTyh|U0f<eQbNH8>sVS}$K0%W9aX9?M;Bv3{D0{P9vS^5%
zvlFZm`r~{2$E1e56Te7;5(V}7>7j|%WsjP*yp+5qUr61O5hgK??JcYA$MBT|{*j|D
zPS`#Xm9xN-{5zDlHom>g3#=Tt5m{#zgYtOV1NfVy2r60_d$JxqB`e0@L#uyOTQXiT
zlop&=n~?v#2oRq%zt-{^zBWwx_qaD+{mBpe?aL!N>A-vYjz;$NRt6%XT0vprQIlLP
zu$K*+DU+dUgHul!h-7EPer%(vOKLd1ca0!=V{*ul5;e6HA=zO0eSDf786`i0Sv}mA
z1*!a3j$9q2cIkfg2+8z|rTm60^ft<oafiQhlmIX7fnjV?RmV%JO<#?tm+~vAZj(G8
zqiwMeu@Nb8oEv0!KVfT*0dp{AQdhQJ5iwZ&=GBRZF&02`*=qYwgv;@!O3)kek2{hy
z576~f_6ywinZVz75QBR6C@Jq}*~gYrd6zvl81`LT@mlu(^gz;S&XQJ>>+A&8!ADcp
z`(Aywu=mOz>1{xCS3-MYpK*6!@+LyOHn8B>e^#3CFPVr^=pld-;BqeFuST>a%>~R|
zDn!w%{xa;Qn2F|Aki%G2(HQjc%i6WFr#7Bl;}-q>QEJ&ClbHc7X7d@DF;?b^+47!!
z#<+p1v;*nFTcx>f&`2vik`;MLML+%8N=ii0D&fzvlH{E;BYis8w``BxAlv>oq`xef
zXx1k!x>1KX>8*CIJ03IKlZsfeN`Xo=tTSxy#LIDZAPxbB`gKWT!v08d#!$p{7(M8_
z<qgYbc0gwoYD=nnWyDKC9YF7UTRk=E5JuBd%iDKDefJs1<vsJ*dC-iYd}aqY_c)j)
z>2#~1J4Ff%I6*ZZxweT_IR)HH$EHA~D;@uZu}_;v+FX}4P<1q>w28%E=3jumm!ANL
zb{%W4_!GdW6@DVdnc;^C*7P2%g+z_JH!xPA6VT~e`JaUSEwbnA`utJ974ZZX`fYzS
za4lyP_ndRG5Ih?@?|$JPYH1rWzi^%c{$?*eSAnhW?D#TYDg)O60_TZU_l$r@aB(`|
zcV~=&_||f6m)D$<^{MhBx#M_UEWoC4jvTt_V5&>VKpSd!O{lY0fi00Fa`Wrdr|q$M
z!Cz7L6CsjK7VQ6jjvHB1(A4I(6Za4={FD~|LCU=N3Y79IVR79(U+J}%_WT~vQODUE
z*J*k^ZlC6Xe1d8v+LqtL_tOr^<gjN1lbiQCs~E=&KyNcb8QK1c@O0)dKXeTf0I6Y;
zlIqc5I=OvIqzd6@Hk`)KU)5`yFg5p(Dm;x<EUWi^AIOe^+QkOFp?rJA7S(uD5(9aM
zn;A^eX@GnLe>LE0rPOK>*;q*O(JiR`)x1A~m#rCn32xG0Th7qExyjS3dv9##OY2+7
zqI8`e+ZOm76(rqQ4X$FG!8`v0hEJKAI}WKyhc0#$93>sTv$N)!vFwpO&`(Fp0CGSY
zHxzZM&d5=5-3*M5KZi;Y21===by?UvjR)+Vpu=y8g6$aX<9~cikyR@jW8{VLp3Z6U
zq1%O5XV>3J!AS!(076fj9|yw%r5_kW`7c(Wx-OJH#?)u-xIp7iYIh_95D#F#1QXY<
zBwdA@5#kR;Wfb3ZXPkJ2EqHXX3&E>(!xS37kfnns*ngi%x)V9W!E)#(;l#-h+2gPo
zEum?8pYsFhCEY6rksI^oTl9Dio^nAa)fMyT(ZQ({==2fCQRg^O<J0!<!ykk<|HXfs
zWJx<D-)EbR%?*XSZ!br@2iZb2i0D{>kDPYw17?a)@{~hz^%`G5SF_R_uK!Q`{5rpv
zdKtBJjq!S<2*Z};%(nhW&A69wm$(Jl6if>X*PW##qpm)b>UlqMR;h(O=6zs#pV+_Z
zrS|3zExq;#(gM9ggTVutWo=qgt-D}-73*hd^ci$QYQJa_ly5t%WU14!ol>x!Rsh@&
zjgY)holXy9nH5>TsC1!u3vy4~?M7m_W96*tN(jh7iZ^dwMe82(3Y2v{E>4&l$%?S=
zjhmf3xa54Cgx^@ruC{*HY+>?EGsI5(SoYtK9eiBG*;8PS0e!hr3;YF#@rXq%9w7Z*
zFBH^yAya6j+)w6*^QkW$5#3_+@42i_#?=TWu}XkzN38+{N;=NpJ<OdXrWQ4~RPpXk
zLEpNTFWvqee$WvV=`!Jj|J7$o?T=KZ7ymkBc{ch&>k7;N&KmW0M=(B-^QgE*5Fqb%
zk-vO8rI-m5=LXIDD`a1GmPrPnt~r(~_g(lFrVH<X775p${ABoAwf+?r&Qqy1XK>E;
zKz1xHrZfg@M-!Y28zuYA7!Oz=S3`SDQO?A-!fh+Li_z0H*ZkTv#5zw~m&Sg8gr<c%
z6?kgk4Hd+}qY))Fm7$G8#g?MxKSNPI^7>}nt!`c5TYXuMq671w_RcN7SxfI=PyT+s
zS^1GQ_brHys&~HDQs-t`gJaHZ_{j~TcE9b#Daljmwcf=as68g0E5p^NLcfy(3}9ys
z_-~M*N%_F}670hOxm{1yvRFME%}?-jqn}N0qAYG30aza?U*zZy;4+T|Io2{F78)tH
zofl%Sf$*Nebq(`hGaf5cl^M#&vHMj486?9MnhSF<f2g&T$I-EIw}q&JvCyP04V|CG
z2<x)ZLc5g0VxD~j^`J%{2({WR&$i{^2%=*!>5sE2$f}yD;dy>}RE+Z=amebVj@|<h
z>BRz$QV&S}=w3<e5N%Zj+TpMm2gkrRS)|C>+}xNfs7+t{u_x#i^ZrR^qq*@O9hQaI
zO<q?n%WCwL_{+S*jTWzFo@t<^pvU~1WU`~OQJd8~_BP7YXZ^1k@@0*+EME;tWlI~=
z=5jJG-#kDWlk7@rZZD5gGuV#kP1U(p0zmyj{bdd613*Rj`$-ZDp~csSAZ`tt8>V8Y
zS%7eQ?~xG@mm%n}T!Mp~&1T`u0cNhb7sh35?PFCPU>cd(tabG3Er`@X)-aO+eVRav
zO_i348i%0!n1wd%?vsJ_YZn6BqiGzs5=h=YT#kwOWlVAs)g>dPY#(pp>WaOO@Bb>A
zJU*xT7Iaw(s`?@i?RRGvFg+X?O#4Jsxt^}8C)2s(M8T`GZ(QpsV{zavq~kgTEIsU`
z###6#>mQkJl!AX>C8my_eh(823Wrm3M|67Q8|zef3i%_xE-U>+F`Bm%29RwD6+7E2
z3rM-aaRr>*=X#5m&3M4Ca(93=%YV(Kb5Qow&Z8xxPCldb`+{vS|M`GC$ZfR(&+#Yo
zMZXJ}75s(o7<Pq<{MTr4WfwieY=rQocIgv}aiDw@J<^EdmpR-8nT#pH#94f)JAK;f
z0VSqGqZUv*A%4|LRyUUThdmIAn*i4ucF0cExC@DlwD_&OhMeKGXtpK*#ZPIha_$Dq
ze+&I;&E(42+_Es_+>Lw4!J=c!M$UF)HHVGB-(=;A2$F<Z5rCr}yORlhMF!Lv1sqC<
z++2Ixo)O0CO(QG~ZYL$#^E*U)PeFI0ln;)DKQRxHV7be=2JOXy8on{icj^Q5-4PT}
z&D!V7sDOv?T?V~~>%^sEO3hrda|gden0At9`-c4&bX>PsN9MaZjc&Fs@Z3ESh&K;m
z+f741nX+u&Y;ot9IQ`JM3l5~Iin7Oo*L3R|Z9=09-_lwOV}SGL?)TkZCXGV_`adHC
zf3qP&pKB*Uh)?Zz;LcOQ=~Jx|ncnzE3gxyST`Agjp@r>pb9#*RsX5Gue8dD%0n@C+
zPeKx^gD2Bz6Yj2}b%h=kB~~QZg|NE$9e&?5r_vfZJ^%(YEP&*VGaT}#Sdaxa-NnOE
zuSs1+wr?C~BiH=!gU^?Yrns>%RBgCZztcJOKkU%obFuK0Ufa9MwnZT11l0SckJH1g
zvTlsMd%ljSva1m2xZW_?9`4wz#%5p8w`#@2i`9e^`P05jgkOIMvA!Gdh!Qr>lXU0`
zQ2wfiri>;Wi1$SNh~0Zz?aOSQO0D);!oz~8?wR+Yv1fpQ1ME}sY7I%<_6awt^w#Ue
zr;8zTsl$}32n8X*l{q@gV<IMe4^Fc!4y>0`Q{kT9R^B*pCZ0f61Inh3n!P_fiave(
ze%OmQyl7tIv6HE`BR26iQjQ5=3Q~Yx7(_Nj<w`f9)a*zXQO%%nI13&P6({B5!WJqH
zi;ZH+jVY#e4qLxrHBFp+gT`Mf^*PL`|5^t(<dj6SYKf1dV=if$uam2U_t_v)``!Kl
znjn4G_5GLz(Jy1nuN!{avKDcA8=;YymN8}c`u=CA81q{OME;=c?gY;1cthT9ZGZqn
z*<P&mhQTg0@um=>xuwcJ@PNto6JM&$Kh0-<*mVBNmKLI^Gi^oGUuQSpQ8ZGUH5&cN
z*U1L7=*7qej7LOj+P(#ERo;Y3M-6X94rvWD33W+Z_ONUwRtg8Vt!7rQc8cl;lmTF4
zu~%qGdUq@`lWU)jzZrT!EY4fCIU1|@Vu{d4Ft%qy_~LW#Z8Ok+MVSz?72we>{?gBZ
zK-pts&KdXVpcFPujpel8b`%k%-5A?CQ^WqJq3?)2aWlo&SbWEKy*T{_&y6dVZ7(w$
z{ntjmhqXejC&AogEYLu(o+XvI+-gLZKb_0Nkap_EVrufj8)s^})C>u2m?VAkM4I=p
z?BTV)S?^%!k5NllNAV5L(Kj%si24J~7kcc*Y%_RSKk+9Z<eBaMz<v1Sl}}cK)AI-7
z^|YQ0DOv;TMAK=&6USeUQMG6z9DwsnHR31tO4y^%7wu3VCCM10Ey^tXk+mv8qGLh}
z(L3?Y*k;Mh<JHnA>#w|4!(B!wgUN_g&>SdJb16b6YYbGtC4v<jwU{8$>=cKPAM)h_
zr*|OVKeD3fdwkQ~DF4VFz3}e!H%h95^f*HfA`dGklxYf^VUV$np50Q4O&&>&u7fF~
zoj~GeOrcs->!ZQQf&_u!^kOX}()E9c%O|lS!<A<uw_xj_2CjyN^x)*aKusG3o4r*r
zrhcwz?s$3~rtbc58f-u@C$tVJXXwU*MjdyP*UrI9s=epdGq`gMQa{S@EU4loqh$|#
z@MCP-QTF{I>!oSU;o`}}QG+@>DfNzYSN0f8RJ;Y1&lqhfAPpHyDw(!(-Io&^{qNkj
z7(21a>bSe``>t;dNyDisze;S@krp2@wy{zPE$m}y1>AT3`^JbOAV@RjNa}bAv_kLN
zCnD|i49l5zun*>R8F{Fjotpa~5WyNl-@dhMuQ>%QFOi{hHiK=^j+_4$X()q3Fsp53
z0Sfbr_Zr+Cd4%eCVylhf!s81_dn<w7nPHX7v^jQP4^hi4p8`3Et;PV&k1-&6Yepz7
z>#CK3g~fbJw$>KvU}50u*MxD0BY=R=!O1#;;8r5#3@xUeh1eh==q4s{8j3QGV84g9
zT>FF_sa>7b6{ec5koH$y-rGYvyTS%G;<7)*je_|ZRUWZF6uYHT$n`cBoxb`4sTz@g
zLKAi(HaM6A>N+nAd_2v^h7Y@R=k1XJe%CnFAqdM~y1|y}_zu|KFel01BeUq|yu*TL
z?P&Dcvs2*Qxo7kJ*oYZTUkAv3+4n1s8#zV6-KlwH$5YI0((N)d_lqO?S(RNEWDW<g
zrAT^kotN_hv88yx-qggaLGrpfmt_?@&fK1x-P7Uk7&>M>n>)}xVzv{%1fMtTcbB?b
z0HwcXi1N?=N()c&BWHHYzK<&RPx$#m*~MG$zqGy@D&Cr-g!aUK?%$gE62@FB-eBl*
zW4V@R%2GCT&8RuR0ZpEpnktjL>Qcv)eyk3NUY*^?IZU@F9gdh)!(ef7$i)Ng!79oH
zp*RN624SzN^GT;*FrsSuWNAFdO0#cMiEjAY<^u4&1(U#q`&W_f?Vm?4)JX~ZV!Z1p
zzt`I^F!qza3S{%e_Vj69G307i&GU4NO`Ch={;sbiM^f}h2%Uc&CgdtJZ_k3{H)l;!
zGMLBZ)jQ=kuj(f8zy<5T`#*@j6|j;cbwktNCaQHpuN+OXy=W6M*?x*1L)B0edqFH!
zdY=0Lk>wq6wHWMjacrSSkW`m75+68_I%KigV)%!I%$V=GF*V42#LR8LW!-4n6W_!H
z)XU8_<9l5B12Yx5qAesRR8~91UeOB_+Ar9pOLdpqOM5iHB=P&uqR%)R6}iq)9Slc#
zq}Y>Q3`xMiaa_LvF5Dt)j&UgloabCZE-O<cC!3Ziuic*`_e08+<u@<LEWxW)=Ri56
z`P=m=I>k+ZQ~HyfnyxD=303#;74Ur_aq(o=9iKyRa<=H6I^EQB#fq|sJjUS|ucV)n
zPl=enS}(H07D^8i&yc})aE(t+<<NARK>1_P%cl_E;U#Au_LLIyav^Pj+Wgwo8{S$g
zjrXsBIVN|%+e6|T!su#uJ)MrV0}^~_R;XA5{Eu+)9wC~vUaq>b0k{HxlL2S)$M3Ag
zoi_gbUmtlN6LG<?{=T|Z>*CtUh=nKpTz|#7?O#nxg)*;e;l6nAY^c%4#RHE{F2sh=
z0-uH)ijg#LfjZKw`#aPhe*L2Wz(YRBBfs(7XwI1@+w3+kiIwS|b#_S`<$AO4RSiF%
zUCS9~hnH-qDJ&9ptyJ&z>nY~{OV+M)E4tu#Visn`@kG*tPW~|Qp}-2gX*R*-I)z<d
zj+^Wy=30T^>Ov$%l1cE>!iDI~k)w`So{^xX4!oF939CJ{DQfEEOfjx-(w2O$O5-ES
zCL-hpV({)%Nnhm3c8Zn3cDfk)hkY(V6};#^;U@npsLQfVM3jg_4rUIguCT02p_%o?
z``|Drau;V8)xIRM=kH@i(p;i>zHd<!F)$rQo7(>z%uQY#3+_M03XGf?CnySoO*v!V
zf*gG!{K;^>bXWC%dU-HfGNuZ8nHsqt-xry=H&Z@i7HDj8y0}K$N04&{WQ|+FXVnRm
z(TLV1=d0zLkjQ-mVS}jtOU$;Bpx0bNR+K$88D%bh9<2F-m4@T2mz)8u#rxJZnrr4>
z=(Kekf70fIgeHyJ|Iv_KpNT-Ox1QE!B#pT;!>3Bv+WgY5l0jEGv<~fO9Pi8C)=#^V
z0Utm>VH=;*JPUiLo_F1qh_{)e#r}tbCI<r`e%<EXzOq~%C0TSah}=3ij*MQRx7u7k
z@5yzDQ9&0MwaJ|q+baWC@t+y@t=9TDX88eQsSN=F|F+<FVTbf(@bV9}#qWuOQ+yqc
z5wx0pjZ|YGyZ@PZ&mf#0CL!-=cD@^^zgpOjuOP|i#;aUW8Z-5-hzI7vv)Bj&^C-2j
z_JA)2hpSa2<pKA5p2tXD+|E-aL%W9eh_!{?AIuY2FXfG&ajsw#A0uHE|1DnU5tcjq
zV{wAdg^tFe^!If7@c1M6ZkqB)>UQHgD`+hFQ(l0<<S}8-+8Dg1A%MS}AcSuf8b@<A
za>mPT@oxMkR0E+nNKL|Ftvn8@^IO{EltCYnd%%(fs^iba#mcZDfx75Ix=u3at#HB$
z)j$iQ_8oo88{1(pDsXyO;!J6^SRiSs(AwaXf0qzG#q``+^M%dGegr+{wG~ZIfgU+a
zOHT{Msu|vON)sNW>+*v=YR53po(R&^spD57V%me*QsMG57M{-(l$!u<vriC;LS6=E
zc9a25IX!4mntEQinAoK>`eGdk;?DnWBpRLCy+Bj=TjZk)yTvb@WSuj+?4#NFCSaaA
zDP6QJ?8K*lulIm~7wMi0KXOk&38y(fI|ER+Kif5_z`SvR%D^WatADpTjfkgTqu%#h
zB=DkW;2+^Lo#Fj%&xm)^8iz*z24KE7dNw<pRe*vUHIkS!I}tGU+=^#&e$VHzKQ3e=
zZFwiyQ3>^TyKt>$s-C<6(61+Ehp<o5Y+rfk1T9@{&k~KtV#PZR5)yHSH;gqqWLWDC
z<npm{UY-cuPApu=tof7zg(J5h$qEzZjK&RjOCO&fjkwO%<lNWcE6J}~m(^Fl53hAr
zPqr}~)`pMM-OyejqY6@IRO>pxN`}gQi+Tb1hJL{EnJ&#Xt`cUqo3vcMY5r1`ao`Me
zKjvdb(|<ve)VCmS--d@{f@(1~S^gnDNc>D^9pF*0z<csCBZC}(>yJ%ZrNCH)V9QwP
z+L?v_@Z+MLH1Rvw`n!Y5EXcRWHyCwii)%!A+mibKRIH!7aK`J<xD-S}S6&Af#XcVm
zOui{=TfE7=HxDzb4r+{aY%aroEsN1+6XXUFf^~|;A|5Vjpn0_(%j<1iSqPwM`XZ0O
z{MgsoN`@#G{xGZgk*I#Qv&a?fd6~XEJticXa5&>-F={Sy*T%ryB*lLwi?RlE@806&
z>(x!Zw1@s97VPiNgKm&F*B<F)=U~ptXp77`GmN**-%r28zYVzXm$CVSJ-*o_d**@i
z-?mhkZ#&vHdAhhAswLVa5AR0^N(P)d;wR_vA~Drzk$r2qb-uz2nVDd~9w-gQ*%kf1
z3{)#6k21e$9<seh_&G$WGh2{!P8D`hgk2X12DV2wfCK(;j$$cLZ1tZHD+jG0$3ktr
z8Zs*KnPZm0o!qIQzO6^7=}$ub{NetWkO4wh=ZH$W0`p|*5w|p^4~7*DF6*ognt>(y
zLeo5N+9Dj(sLGGuM42&%s2TR$UjD-S++TeFzZ2g|P?OeQnBUWUN6oQC4N%)g)Y*wL
zj0SI!bWa8tJUAva)lu1ms+v?ehrB?dejam$v>u{w*BKYDn4_{;=FUMddwPUPJtaNP
zDWROaA(c~3I{5FBFV~#W2E_l79<^e0r(XGmbH4EMCd5Z-#KUVtL-Fr{M~>E%A$ji2
zWyV5j0~Q)?4k3Rzp1Oz`nJ<?b3a4nC!OP>wo<8U5;))I%Kq35%b(<N$e^HA+t!T4M
zL-gv<zQnZtP!nCuwn3~;&9Bh?1SU~^VCE3=IA#&c(?uda(+qNG{w=SFO5hY|%TXfF
z-Okam=EcqV|1BGHeHZmh+E1<u-p|LSm>Z~q;do@#sa5#~@Y7lju$;ZGC?02uwH*}{
zaozK@Ob1j@ww&1!Mmf(5sA_oIVYLu#$z=DfnVCANgiF|*iCBhaQp`j1pZ4QP$ZP97
zSQ}Qxu8_jj#3Vqq$(RlMQc#kpkcnYvo5$ju@VtJcd8tF+s63s!&N=}Znr^qEwu)FV
z2Du2w6RYY-C;v@2Rl3E|9@-#2C)EoEZ`ks7T3!z5WWV>76%G@+M`yimL{!Z0>UIj$
z1j9ixH(*;3efh?#(XrT9&>_fb^J4I*)$F)KJ9@6?wN)EMxu;Y(zc&O<iwB%4#y7YN
zNlgTjyxm<W`Pbii6sk4oEf_<`<Kt1Zy|6DMi%T}bl1r<Fa?e(q#Zf+016NM74-mAK
z--A4^6fZjeZ%wr~>zE*$9Xo*MQb|OL1@9D;%04{XdhL-6#JRhiST!4yh!gMXVAa{p
zI?bxdD#90AHdTQ={j8A_uQ>iiou%P?f-(2aO8{)6EHd<%iwvnB-dC@rf!YCnNGig!
zX9?1c5kG%GDr7O=>%2S;1l(7vl>y@dRj`5xD_K-+s1}hIVYtrlg#C&a`#-7b810;J
zt_~;sB56*-T~rZB4-toJJQlsCxCPel#;bm<yk>WpQ70N-gHp^78g{<S&_^~9X*V|b
zF5ejd54Wzy1s6DC<xW%GTt^oGeS0ls=woO~<Q4ddu0j$*cst0eYKj%nQIb0~SgYpA
zwVOE$n#mD9PvGUE_J>REC~iH?^bCOu*r`jNMYLhDS66PCU1%l8{?9fExQQqHgvNc(
zwK8^=_cPbVXIm%rEeGq-zSNv%uM4<Iol}QQ$bJYviZ=*hAG+favW6DCDzXjJ68>fi
zKP3g={6Fb5^&cL$t-zYx^IiI+fpaGAE?(`UIo6)Rs$W9N@Zc348Nnble8EYkP8z=P
z;vwRsoqTT*eh!N+Sc`{~NK?Lt#BS0m{S5VL=_YrXk5p$I!Iqkb(H(d+!?Q|`Q9z;#
zNt}b}B{U&#IvK9VM4Du?uf1rynT846gnYDhd3feVpo*c^5k-dr4XcZ0<(=CVhYbjC
zwqZ4A21bT3w2;Agy<#f-jl_66cuDrGA61PjkwwJyKCQ3%q?j~|b~U<_tPLcbRE6He
z{@vDp)^W#Ky3OmHQZI34V-q!Dxn<w${nY+nTHW*Wd?d=uC&ta0wh0N3s7hG2-&+X!
z{S#I^)!0=33#!#ayq8g9VJd7)o_nN*wTe}Y5WHLeZ3k~rHEgh2oFVa50P?HI0nr28
z{vOM$yL0$O$xoM?6Rpn_lIzeKq2AXReZkc<*#UZf(zzH#suKm|xIeu6qHq(^o31od
z>6)SW=_-6<{2c|z+`tjk8`<!-Cb<2W9q2XpVY*T3z8d;>s5?R3NrQGb4t%#&;q({p
zN`^$>`aOLVhWG|ZYKDS;>H7`1mPYJkeg5IJNAisj_pvbGx78btmv5)ZJ;|DmVsx4v
zn==@d?CJ#f?)NPqnw#x=@wpFkSbXb>B9gZ7(387@w)D+N;$gH8_f<=-wsbbP%*?I3
z*XfoWDO31_J7toqZGhS_e7Ki(<;knLs-3u_Mfph=7h*eS2kdNRYO-QNq2P~I?nAf#
z5e3%}#m!5t?~zXt?0s~ne~)dxTN#5+*%#TnPJO7sXah{Hb`pX8k<UC@Ybr7|%m4Cp
zYW}H$`aYoho-ZVQ=zW6ugpIsJk!Rt;u2?SKx!iB}upOWDBbCs>Ds@il^|R@z8V`P*
zqWH^HgSJVslisrsYj#Y+H2}>r9^g~#m^&!Kxrb6rO`?Fq^#srtW0e=75dMJVLfV$L
zwP*eQKD(Xcqgvm8mW<jgPwJirXIL2X4P7n*Uku$`@d}mA+wz0H!vcSPm~i^+U2gp|
z9w0t`jmaAT!n7@eniMWI*~akjgH`BN>HAF0<=^uaIcWTeOdaU7$&rLBx&^%Rk3L%8
zLp>lrSl;t6&r1Ho;5p6m@`Ec#LHvV7ZtgD-ybiFl?RD*R5W6Rt^4eN(>%PrS;d;8~
zzH!mbEg=li6WTR2*>|%er}K@%X<>U@WHpU0z?EE|c|fo#Z@cB&wncXJ^1E@r^duLN
zA+fiRo6%9gd;K?zVo&zg@X<(2Po3_1h0^`S(=j@J=##2M_172aX7HdA8gAT$S&zBv
z!o%BAbrk&-Qh_UqUL(osKg?G_&lOpZOG4+KbqmJWdh4yndI1r}ddM{&Gc~ZWm2mXF
zm3A6NaWe)!6c)X=SdT6^fSOVxo#K4yE#vxB0h9q<Ok(cG|3Dm?ck0MlRJfxM-m>K7
zqKXX37<j_8|NJ5i7{dITK*?su*&GG<g`GqNNE%GdWoZ~aFfU3G{W<@V5(>1Cz0wo3
zFk5hMJLMx0E<M&w4!A2u&xivz>7LC$Ab8=++Yzehr&(HGktfA!vOr93dM??liIdu{
zLY)F0n`#F7_lp|qP)jG<-TH8eRf_g+#5KO;{)S=hI!+iJFo95t2f;|%86SZkY_k7k
zV;qX$9}sc}KL3A_L5J4k1@|PSw%N3E-Mt+FV;<H(zHi!MZnON>%61(oi|n6{b6VK+
zhfTgL)3Ut5&f8J8K?Wt8Sjy}&y?9F#Yo(1DUak_bEqJA-1wndY5^@fugDM~g?<Gkd
zylVwuyPU>u-bT(_=?9M}XKF4)<Q6<rTJ<YJLXU9BsvP@kijJ+Dl)F1b5<9jQBlxB%
zj<pIjhMZk}SA$0s2IlTwetrxyJB*J>-HJ+?TC)s!QJVlM`gN&Y<ZD^$XdU6kL}=%p
zghjLcvyduD`FjGtq5tlw`a`3dm*g)sMZj>=6!W(9nO+b8IdQH@?~_uD++Tf9AZh{M
z@DitDcp3Pu*&$-HA7;W#L8|Yl%Tjkh%gO<7Cb%xcr9c;E5XUHPGmR{M755T%Uyzt-
zah#=MJzro&3c0m?tvCP+y~)x(OCtq|@BGrfU~B$ZT6mB0E|ZgnM7qfnGN%-&ZjgJB
zX~{$3o9H5f&F!m^IuQ<$zWgaA;dggq=K)-Ki6SrF9?>EhuVD-^tyTsHoIFZj56mG3
z3#>R_qW&q?yC&q^!V^MUrHc2JGHf%0a+<Dk<)QD*PK_fzlYx#`b1mz%rj6F#fzYpj
z7YPmX=ZH58f(c}UtH?je4XEr;=EM;-@YCqk13->K8{s!A!VjM7DL$W=<jKi(I>492
zrpF+ak@Pg;Afqn+dwnEo!b#vxw$2_-wfJYW0AgSNpA2py?Q)!0JojX3%BuN8Si)Lo
zx`g!=OBSRYHL3=C@IALF50bV>+B0kG$hq2|OW_b%&lKmTZgWh$4cmX;A$4$i4KrOc
zDrRdAaWm~-a-)XvEo&bs|3l|xlJ-?7&oA79!AwZhEYByM1Hnrd%g0TQ-8F>qVi~}E
zl^<(+tb&Lz@PAKK7b(Y@LkB<umCE9VjGO7Hr*}y{I(gp!|F($HD#_1(EysE6f`5gf
zEJ7~~(9ZvFBoW}IVLhc*$UNz{u5dlh`Sm`Dg^rx6R9&397>hZ4H1GWQ<VA(-75b9>
z^E|xSs{9m)bbp%un)_*cWuK0xc&Plu%JF+E934HBVR&1ij4XntTmp$R9Q9A(F@())
z4|dGWsV?AESmKdNoO8b9Fd*U;HlgxzB&R%X>c{gv&W;_oFBHvJv$r5styxxz>s+t%
zozJ8u>*r$Au)EQ?+N8&bwqobjVuLWI?2TgbZPszjy~?)be^V}a&}n$vUAtwE$D5%=
zZRsbwb!L3hGf<nY;aeqYNc`KySPED6V&pjIaGT6ca^37Izb3QQ7QNZXRzI6vCi_U}
z-sGNBTeesI=&dBtUp-NgZW{{ob;wC1_dnJvrpH9E(ytb`BbPqPT-^odt}O+&U0*7m
zW7C6bTd!dsOa5}S7f=T%51F^FQ5y_d&$;o0x=FqEVi(|r5m$~pd+}FuKf>=I_I>eW
zOHyM!+HiMGrEtE}wJ8ekt@amaP;|itbTNXKDhYV(Kf5!T22ln>RnQ~*!QMRi`Ot4k
zuHuKGZB+{;vaZCWXkk}PsBs|iQBke*dJN*PvD_QUykao_^Qe|dn!!)Osh~VxjpyvD
zwQ*CH{tpX!3^tUR>yB`f)ZU=k$RkyeZTqVrrDxpvK_BNSVKUnt;Y~M}>m}h)k+W=e
z9Cvaem=bvxJcx904>IC(-(=NL@6h)&X$?5ttFYzIzqigBr)9VTQ9W0sKWSV~bX4nw
z^*dyajl?Z}yTzI(J250esnSX;AyV1e+it)K@~7*K-am(kQhD{t?tEu+ze{74E<suS
z{u;_?ha%g!!*#v?J(RYO)!d8F3&JwmbFaJto^q4u#*FcwoUb*#8`SB)p0QpSL^}lN
z+DJ<zHp;MlvJv7Igj$4`N6eC#3w?)g6Bh)eeW_uTu9~<Yvfy3}6s30A@<X%yG+Jsx
zeO-<C?uIHFc+D2w_;{mk(1y|w@$tx){-knw$`vHXS6al&Uwx`fOKkTbct&hqZJhtZ
zZX>M&pSUM_%o{3szP3>9UdB8Hn21y?vFQQb&E^*%aqWh#q}kj$M3&a3p^T}-uA$<S
z3d}IJ>yguD;0r1HJSPjKpzFZ#Rk|ecl^p?VPgZ7z+SN2Mys34DOKCXy-QXqXq5IGT
zLG?_WgLEwfyGt4F63j?>698;*p`X=DX6|o2PT&=-?nPEvf8!bSKR$~nD}tf(?9~_f
z9>Zx?bpRy+E|`f=d72k`5hgnDwZfR>_C4wJf>j4KuDYtmic;h6C$zY@P-UBR#;?$<
z`-TLqge*H5X|OOr=_P@XcNeGlf$~+uNOQZD8s*mBf~_=|$Bt@EyAu4?73;o2G2y8l
z;qli)McRTKzj*iYd8#;HZOr+yq)KomrZSr<E1yNJgBMMx#RK*`lh&cFj({Hr2fnCO
z0h1W>>><JBy2fSo6g5Pz27Y3WYpp_*|C*|28G+X+R1K2O6_NQ!)}VUDty4IZ5ogw9
z{7*NAUyI&$NZm_>%~ugZy#tTR^fy{RMUTokc4`tUHvJxrZo{#&YL``=qi(J(rtwn$
zDPW(EdIfn#yif42sLM;OPSP1F<S;we(Bt-V1yRI}(}+6+Ic_7;s}96jC-c&v@^zv&
zTJkS8v`u5QyNb86bV5zr{<7g!>XpzR9`^1di~PETp|qYvr~F2=nqj#M-}ir<d-Su*
zMYJ_l(Zs=VYs(-|^QcRjvyY^pKbGelD(<%rc}PpkSH$rip-*%wit{KDxcC}Q%;Q4w
z0OSVAN6oU)6tppWi<DcY;^XW99YCrEv^S2xoPc2$ostgPn%j*3b6JjfY$_N#MKlXr
z@oP`#Rpv-OR(t=3ndI<ehHUm*+%q`&BYrkSz_F-MS6C}BSxEPf`GZYP_~Huf@YUFo
z*Ch3ldgmy6hR$DG-=!-AQ(g!YYWJt1Dm?(@+E~=a3|(%W@w%$Y%0(iTki=Jxrx&WY
z1*gWFD0-pyQ6t6aQ@Pc-WVv@0YAKBRZSmF^ae?+{V(>SfY4zsMEr7*t@dNgx@xobK
zx7H7>PnFQ8C#egIqjr*rUHg$E7M+hcjU!iNOK^W@z*LOD?kF0jjNxSVc`jNn81aLu
z1_GH@z;)=cUvT~@4lYWpap*;f0Hr7Bi@3Ipd2-KhGPWsgxeRxT!u*djd!f(i2ypSu
zxb0z-=Zl-UI<k=1#n|CS3wmqljhM@Occs>vzc_JgC6Ha~tYp|n>vA&ZwP-knP8Oxp
zTO(NZwKTPe^kcGn8QXf*@Xlw&kGVKD?<|!VHhmPeo^~>*LM0G*cHAd#v3xlD2^~g>
zo;lAUT)QJkk48o8{9aw^_QD*{HI~X2oqO>RS$h^T;Bs-H0_w<Iy?_jxgD%<jICsao
z97K-TNPX)j7w~IOsK_Sgqf>&V@ueJTcYOLk^?Vp~9WC`DvYVB@$Z8eY2oObrB-wsH
z<AmWFyLy?BrWB|4%tQK=zRYb>8x@G_CaswvpVhW8eP1vu`AUZF151L_)-S{91$vbG
zdUfpmVa$r1`j@QXe@)>0pw%<04?j)~uT0<Cfck5FSh>C|x&(%WibQ~OG+zhy5hT@g
zV}$yrjN&NAg?eFL%CCj5wS}TxmZPr&1tErtl46W}yUqmMMD}f#8+U_GpI?4X*brc?
zZ?RL{azBKt9`p8)318l2t;Ao(e~;s4jT{7;))1_dh4sNKe)xeGpRX)9bw=iB*pYJl
zNJj!Bp<kwcmE<O*`krQ<p3BZXsu=#g)ubeEZ+(`)`aAKjm4mx)_5AT^@yQW{+M&nm
zBU{A*`@t73KDMDeJ$h9*x>_~5aglE@_l5^E0iKo4S1{lUt+GgCPFI}dD7pAV9HRKJ
zMJabSug>WAoc_f2RW|w+#nv44S9|v{LP6v^f?L(`I>F2ioY;jnGD}B=FoBk<<|E?Y
z?DrQTrxvVd_X|N6Z>1K^u9%5;P0y(_#-&ef-|`A>7#u7fH(y&%syV+_)*PzfumXdb
zF4KmGMcZ+ILSI5!uGreygr?`$H70HfK>UEVG6ZIaic702R!&PAo>Z~MSKrJ#ZXflI
zL8(%M^w*v^2yB{gt=|W2evp7W&|11^2<toCe+x%CSxDWbFv2W)>I-`u#$m@S_CJtw
z51Nz+np>`3$5@NrGoFv8W^0xtHT7#(>Bl(s>AQqmp$^)9vaTqQOq!7=2XrL}sN-OE
zY#XWomT*6O2mdu};Vvi-X8L*2Vueq${&0B_23|W^&cwfrS)u-!j;(rWf2*pZdiq0q
zhCsE3t<(4Ah}Cs=;2;a}pDyCrVXHu1)e^mx7(&}b*o>q<1*m~T;uag*kGJRcC*d7S
zEfv1g!@WjyQ`lz<SKv8nUV&U^F0Ws=!)Y2e`V;BRb#8U)Cl2m9)wxEc<aF2yt$Eqe
z-J2+TVBTxb;+_cK97qL2bCwC|W3cD6t1%i(<=^booM4vrek&hA7wFnx#?NXMOD9wD
zz{3s5UsVdJ>fWIkzq%~vxJGak&EjSdTiFTsPjpGx0^2tr2v-iDRbxbVNyE3r0%_dR
z#+ZL*(}S;w|D>Pf^FPg&tzaihgLTE#PjZC%<`>rbf;dox@cCTipGKAog@ONbSfl14
zbFutU@vE<M_#@O^mg;Ml4~c_yg-+!qUge78S`iv{Vs!Nezm?3pNZC&<VqmTGu^%A(
zziQ-DYGU}E6<wd;kf<2LkCJ<|If+I6SG4I6B8CxfF?0vF+OzTw!n_`MxhVL9GUxlm
zeTI^#ML`kXLRTVL37!b<&rh-2u+S*SVzno)<uOO7{`7k8X`P>iNmktG56l~&ykGFK
zsq&MYZ}7}O?lx^Z&|=)ojv>SWIh>e^FtshlnvisFH7}_XtRRtsY~P|0s_GQNMT_K8
zdjq;hnvHjti`&mln0IKUaG*~H%Ki4dz&F`I$*Tv0P6Trn?^mwoE{Ye*%)-zQj&nE~
z0jP!nrykl^8Guiuv|MN#Jw0r?FenY)9`pu;K2W{O0yjmq)34qYai9QEMPyuvZ;lDR
z)*Q2r6CiITe0S)M4bS6!!ThaUF9c;iV1G39cm=<!h!UVeTC%4OqB>06XqQOYW%7fF
z6pMLOR!V~!4k=jAp{2yhr=Pyrr%+4o>p8J_^KNt1DL`)PiFrM2a8Z2Sqz$|9NBlz|
zWfQht)Sh)(FhPy+e+iDOR=~%<cNq~hFx8_YI{Co6k}YyF{`NrYkj$)S)1fR$&uT#X
z3y$D@kT7CX_=Aka#AY*#yW0fBeX`M-r(&%#d7%wAGp1lSj`ufeSjqa>MSj!jDr@r;
zM}6%e44p;4(wV!8A84IcV~KCk?kHW9{N7;&oFeO7ky(V2{$`SrKjev2L*E}PdzPYe
zU-$}<wkQ56b8ea5I(^+>bn#-^ommXiJy$Wx9$0wIO2Oa@88CB&(5E}K4J^3!9_dA2
zwr@7aoBucMFneC8aGencdLa*EAoCfWGw$-un4eErM7b)aMCBLotHG>TOIGnsQpr1b
zR30bUS3dA$xkZ;_S3U;^8_1teA7-Se{X3GLza}00*L%%jXRZrkWq5E3ft7tYk)H>-
zwnNnlZCL3V)L=ld81&8erex*f`Eb$yhVutbj;%F<<?4Vdz$sF0cq3WND)a=_IC(DQ
zm8Kvd-!BztzbZo>4ShlNtU|`({d(}PUb#Ucqe4?~9j^%Wfb)f3B-@+Rr-E1J(Lha5
zjVOAnUacV_5QNB6k<3O)n%~cmMRu85&a~=9QT<BKEL&d@IQ8i5g$2BXa@%QkgS4G)
zZ<FX=$&J6$jYhFrmT2}|!ot3GOgFx@r>Q@p0@<5&8~iBMI$Sh6?_Wo4so@?z<xhuo
zUIq%36an)#9s6o3MPbwre*(35IWSV*_(gKPxJH@*2{4Ateh(di`8t_jL1r@C*EUg`
z*4mf>2qXRQ$NnzX`Qk$AdeonTzzT7Qh52F9Mr)TvPVS=5iaIsOP@|URBP_XzY-QmR
z)*1F+kpw23(I3Am8NR)2=YWK^Yp+(J$vu`XB-UL<zPjjGxgMr!N9tW?ck=uO=F8T%
z2OP^qEqb)wffp`X!da^yrgAHp262~Z9QRtCXOYVv>P;NVMME}H{~_}k@|%}n{qVnT
ziNFP>MfFyzfm=a2y!32Zf`nvb>t>j&7d~bO^>C?KYIAb!DGe`{hY2}367uC;Rmzg<
ztZPS9P@Q2czx%wQ!$@;R6f7Wgc);w+g5rP&%&PI@h{H?&XghHFH!k`Fxyl3cCNVuw
z7fjeGVHB=E^&#8KL(MSq2IAx?oeGKuqungdtPmx{8x$njs+BvV!>;=xjnRRkn-4*2
zw@G)&?0~U6_|adbOoKE`Td<43!?W4FDGGckz~8nm&b=+x*Op^~pY?UvD}EsRuUTQ@
zI)P`ZheoyT3!N~4W(@{*1l*JG`vcbMNt|fUIyTD(<EzX71NqB_i;qIv3&(rM2=>UM
zk-7OM6hT`+h!-|@SbpAA*lXr)AX`Q6k!J$i89$flG0(Kr_V4ai6g2H5>ncy+E%rW$
zqJ^9P_jhV78wPb8sU|d;9lT?D+zK91EbNtk(*yk&v$wtX7OMYJXSfv_1a6*!uiCB<
zl>@9fM}?-%`#^e8ASwX)rIVs9o*?Do9$iHCgBri&KVhPS`I@OYH?V%}f2S1L^pOv~
zm6J`?-kHVZ%fdE9udI^{6@L!OP)2djN&;`LZRh%>Y8;YTFxq`v4IWDW29^dZK!Z(`
zlEyf_!XntrHe^a|KVzc1vB2!J;-ujR9prr6Ibz>Q3p7l@efT*|^*a{19zT9-<<z#C
z$c1+Unq|(RhhT$QYulF`I*tVZy|DUErqPy)*JZ|WCD9G(v<@|j{M+bX{5uQ_{+nyR
zSbJ4`vqO}ckVyg_&_u5z3J-+7bQ-fT6esL;HveIA7lPPiKvVD6)Xw~PFd;sHVumIN
zgBGpD51Emb37Txe#Q!^VdT7>;aO~-ioT}k8fa5oG-XjG!PA<?a@XeNZsje?=xy*<I
zH#^14^{~eBr{AqBcEfie5_wy+$Ee;8k()^=XCt33qfT?$HV%6#PB>QbqVMjZO5Bay
z5<SGem>jm?rM>Ov^J%o<NY@qZ+jm2bIH5xR7cqONy<Iulve^~W#8baf+F^3ehWoLq
zxgo}D#Xd}yF0q;$|Io_9GtnfwqE}j!^sz7@mK|vvaZhnqkw)>XZ&A$?*rFA+`3p&(
zfiB~L0O5qmBh(Q#aVzq=>cps&VGQ08laWFyLMs|ipRAK%m+vwyct&s{n@Ia_af`?i
z_--8hC-NeEV;*CK(%>5{_XXc<E&uH(KybI$c_m)a&{4*%vo1<vB#~U?SLmL;ZvuIL
zDkTBu_g?<Si=Gy5vM8A5XTv#3vrS|zgq5$ZGO{T*&Pnp$h-_I?WLR81DC+)|Ax;I<
zL^DRJnZH#i^)YcH(1m=7dN>@`ue-7bV1(K)%iE8a(ySiVW%+eL?$sKEVc8!-DeO#&
zm(#!%!-RFHAP@fWj$lYZhY5Vpq@#Mtus)m~^%yFn+R`VMrrEF7Vp?=wGE;MKzXiak
zm}G6Wzb32I8>RbLRvYv3AKkJ&c|G*4&w(i)j?rZHoHkHfekY9nWRrl9NG9!d293#H
z-ykstAMV3>);TMo4;(=G3P?Ba@4&Pb|8Vh1eR2Pxbn7Dk%m^3dFe?t4hT!Tb_k-es
zi~gp*9<^}II?YJ4E`x=cgdgO*i)NsC{WMj>d%ID-%Wmw>Ax%nc!O7H0LsY<07RKte
zWP{XvpEK|A`ZS&%vZj6`69$N4Lvq-aVgp|BZrrL%S_Y-&oO@9;<L5+ML~;HsuUg@x
z7y#7LfAwR=){a{h#RZnn!AgTajMD8RsW$DE`|>3{TLoD67Qe+w?Ru}F;>^L1`Sbsb
z;sucqBi6`q^4fU$pzzoX!Hwn^wIDo8y-;a!$)?B-g%)ZiSnJmqW^fGedy7~{NaSU!
zAiAqS|2PY}mWOQpLAr}VZa`lBRb?Q9;?K&cZediiQ!4cViE+EMbj_U-@D3c+m&k3b
z(;PR3aB8a(#rq?h2oCXqZtDd6Ye#D~(a47Zm?pK`wHK)Kc_4tQ;YzgFP&(-*91e~1
z-Csto3j9Bc&OM&#|9#_?%BK?@sT}q#p`4afa@ZCsq^u($R!P#q$k|RIO-TzOVM{8N
zV@|_tb3WuSl2dGRp5w+gw%O^o-+%jed+hys->>VwuIHsgB$qo|sY+)~KbxNoB5k+M
ze<8fHl5QIo2Y7oFJmMe0)?yF&{6VL~GJ@?x`!LtUyEjPE5EioK0{K!d#rd?;1{ea1
zvQU8Yz*Tly-`@DU{F6+Eh9wgAmLN{s2U;x+CPo)M$g*IM!CZdadmyFhaPFq1R<c@s
zqm)B-k91{!WZ27Q8;EPQBjUyc>3zbY<lYo&;o9yYtgVY&88Y+Dqa}PJdN7!XGl5!*
zSE`4@{{0Wni!J{d?@kY~S}Mkl=VrNjy-lMZ6_BT8ZjASfQT(G1ERxM$sXBo_p+EF}
z?Uk)x6Xqyvqx&T5B{QDmI7O54$~yAQvCCyaeSxaK5VTl7>7gLNqpUHME+kbQfO3!y
znVExyi4xCSey%DSkb1fE4T*Qib0EMG9D`Ov@zkjx+am89>z!5X<Quh3I~RQ&<jPzT
z*60;k|JI_ZSXRw%l`J@n-UWx5{GMu=JZ9eLYlXcid$E?m%KEVY9TXV(XD!+-<+#sp
zECnsuKu7IN+DcdUVN|Rw6NP>uHN(&)obHH)A4;|n67raZC{lC*CuzFN?Z$FDwnTV@
z802AH5wDRI+Eb%p$gLQI?{BYah5x<Y1@LuXu<z=7*WujtsE~t5rrAv9Zv6r<bM(OS
zS&!wRE*-`u$ivjb->tftl1qV4#=QIi!dJfILBgkt@pP**f;Y(QR|aK=X3lr1Pq!$X
zEauU&di6%{j++(Yy%|yVDife9qY%ZNpjv}UN7{J$P_3wk#jwGz1NLX;fpT@(VeH}6
z*&}F0jZw*CX~ZqL)95nsCa}bERgAG~DataAk8WCr+ppi&)*wj5I3jH!rDT%&X6ut=
zVX~4qX#A_hDU>$C{q8#B8E5pW)3i%~d!V;K%4H(@Axjvs2!%(>yhmGnuaDppIGqHC
zrFDYm3&@CZ$kImgV-s?zCCzR$J9AP2{2Fac-#w=h2q3K_M7}bU(!j|-Ub$gz&h|jN
ztF~J!Qmg&DC28_ndAWBip#7~Ivjpg<x9nRo+>&wFPp@s5^E0nzBi{5!|DK!I)*f=I
zL!lp!MagAiw$+v1PkRVG<yhvCKFf)4*Y-7oWL+i5jnFp!$usFo-uOIb13M-E(zg}i
zpJV=IV%V!>-;2fi`#_u{4;)M^v)j(+nl4?ao%rE;i*nq&s((+lD{|(=2s-gLGTtD!
z>sFo)J=WPFV#tw1CFpNr&d=)qNVW~O4f6A4P5{swnMCtT!u|Y#YlmGuC(S#d<rj}x
z?m~UFcPRpYNaDOsoH{AyJunb<cV-b*ZyNOAMAt(b<}{e!l8_a6Hbp&1N%H+pfv^6O
zezz*8Xhm{o{!+roAM6vUv3Ha*>KMXbG(h>=>T563iTAknZPy4(#IW%z!w*g-LFd)i
ztanf|2D7MP%9cH|`{cv7r4qkb0Qs8up41GG+xh+uYhrje<W7;xmp)E&SRj)w)HR-m
z79tz@pD~vFwO>~Hhb*&}CcKV07gx`>^4*~~9NP+35SbgamlHhT(2q9a@>(;%k7t`F
z$AHVd)3}7zPb=pd{iJH<+F0k+YbII2;4$ouL`+%4iBrgK%oGE2d(0bj^R}pJGrD`=
zpTO+D;D;ARcWkzjq*KmPH6rL)X8mS5VthRc8lf93Njm~xb?y|s84qerD;W;ezIt>&
zxZ`iwa&_bt!sw+ff$*o$te~yJ_0#@0v8sreM56jn)*z^*I{h6s>GjbCaQ*K~C1w<|
zLONB4E7AZYN%<lou_Jx=IAfcqBCYP1;T9ZSa?}<dja=<|BYmR~f|2bZ>27jcf$T48
zCY<$RZ%1^^)t1um1)Uh;4T&{CIA+uuv;*bpF*;OIj|JW|FFiAvl`rhoeqFSHZ&v`c
zPG9sdfPznED8$}+YIFlWWd|hQdYC++NU%Ms5~Q{Ju)-qX?fkItP$8zJfXQw%k-Zq$
zjiLC0sQ2yB^&^s#ekzkZ^|}Id3Q$?%rwGji?Q)uI1Z(b<vTJpo9j3MHgAdnyD|&WO
zd#+#)>oQQ=R-YS(VAfnRnVsl$D+Gsj#d?_m|1H%1yglQ6+1%^*N2}|$TH@K0=Im;`
zM{qreXJ9sMqY{7AKfSZre(I{Ecr@j)FQrpQ)(CI`buaizYi0&^DeSebqIKb|mIBX#
z9T8&<CuaQ+qtqAx#BRA@X!vK*Y?w6tzWF7Yy<AC7ECT-HIgk7qxJBdC6W8qi?36rt
z!=E}y9X_>DW;EudE%dhKlkRG4B3fL{t-~EKsyc=Ea0IY)#clI&k&Ebv>R8=Rv72Yu
zCgHN`B(vZx83>raeWcAV!6w2Avb-;-twXk5S^FybeFGs@)H5&mnyV()q!DH@{dqxZ
z&*2G;gdN*M)4kRqX3_=a`xPLkA@g`ZzuI$EzVR(EV#C_<o~EewX_z7o-gdw4iGN2&
z^o(b*uon<sGVn^k2<6x<B0VGbf*Cv+eLlZ*hZHjSs~Wy@;A;}dlzLnxd||V~ez|zY
z0ll_4R9HML=S_MNxB?&@3Auhq^h0>3&-W4_e&6n_TkKP}kT)qinHu2!?B1%K%X4~R
z>=9P%XoJz>!a7Rc<GV}AhPz862Zri}3NXkEsyu@T+iz(&iIKl>#vV=&hRnZ_eC&fm
zs(*k*SJsrDWIcZUF89ST*pd?D*2c9{`yeMvsspc1+4SIp7Cp|tDvC~FcCM!en+mUc
zgm$of%8tF1{GHaa8;yVM2kPM*{eQ?GL0t!b>9G7ED_F5#`?}M|O8)5PZE<*GE~<>z
z4{oZH|0cJTsf7QvH1DEa-9SDw%}~#C+Yq5)i~`t4AG~SH+!p~|@gV6ZeLgZTceWC)
zk6E-lC`nylL@YtqsYVtGS=UD|JGGgJz7M2ZLyyLK)m(dVM_QepbV7d#KRGh(B)KEB
zphw>LcZJ)M&ejyBW(&2ZH9TY?8^VznhXAEc2b^Lcx5dxaUx0381Aj^j&e?=&FSXwA
zM=yK&N#3$Ng>T@yf#e&gj<pMqY8-DzUKE7QeO6bl6`*ofZeiez6N4;d$&r5fhyoOH
zR@TLyN8Ol)RsG(zm&jZxHT%8fNgR=hf@))?e?#0yZsz6B*vo&5@u9$PM%?a8iX39I
z;qQw@IUvE|ywnEf(;%wgoCW`3oDf;pfBh{=<i_<wai`jK<bY%FlAzC>wG(0of9Zb8
zn|(|6;`b1DX8ZH4jR_qEB`X+ZYuPD*_0h-Y`A3QU*EetSxP28pmdPUH?M7QBgIFCK
zT@QC@9{H_C4f&U1Lv2SI=Q-WT+n7aK^DH$}dTy`&POCU5Q`(KgT^%Xk4Ea!UV%`^@
z(X=ncz?%pOnMl}`GE`*2<up83NItd4vvU7NqaF51#QXbronEM`u|nT>GZ{#)b=rvL
z1j6;HKQ(o6`do3U`KFt?z;I}&@YG~3`sS+P*TZT&o%ZKgQ$X|FGjZNw)&Wm3;q$@B
z>cd83@I36Bd_Aj*=fdAzhPWFsG+H^eKlh^|(7mEy(pjS<_ZQ(;z^DPQ(Sp3>mXKW|
z5_pjUcOJ(NRA*-Vc)27U&5(C`D3SQF3;3y5cD1UvZ(=(fN4;wWm#;~lNH_aNVfECG
ze3W)-UO;tt!<pOc@Eis7o)Zb*zgk?fO6QNGKS-W!7nKk3GEbe?|CWE)#0n?e96n>b
znASN(601eHxi?u5)?=2{LPzuYO>+rfAJqZYl=BHsFB#9m9|l6f*S3j_7Mq=vAN>M?
zrtI^zZ&E5G!W*<q#&r2F*Ul;P0uyreX~~%O_pH2T1vNjAwK!Rj!%UD~<~~6Elg{rX
zK$DnN5BYVf(65#AzxsYLU&7PrNNU$`H$-pC?Sz`ea1HX3FkT@+WK6ep8J(nFQAa#e
zP}xH7gnBOA+$^9h-5eb|@1rU%`NUo+>v}hz<YA?n@Ez+#OTj2i)|=;+$w4=m6%kg8
z^V=YkPX(ZlL$wpzw)%4`bUmHfv}#U?)_172T47}ucV_F36M-s6k@1+1C;ta2m~Y;a
z9Mxhf_%ohaxw*CBrT`yu#jbzo)*3jTb8+AbRYScS?5=&|(;+Sm6r7yw-@RPEf4*C^
zA^Z+`SQXQUCcaZhUT1YASC!jh`ij=ptLAo%>|Y~pN5f>}RD^(247B5u^b|hWI+=AM
z=$G)RR816n_MY4RcteGI5?@(V+Lf8GY}Kg<t*Tadde0*6{N&TQQ^yiswR}5TZ%#hL
z{2-k(tn9=Z4R2hVY|_(D&iGE*#g2f3wo2Yf>WQLM<&SsdI`p**sR45gs6?^ew78QM
z5Z}Ak!UHov9LrQcx&4TQ{-4lnNeRzmvoA*xcGu`DpT~aO%>n(T+@jCgH^@KA?jiuW
z>HSoxxd4>I?JQ1a^`*nb8RZe*UIdA7iXy!4#vi>2#5l8W>J86ZnnMDYyraa5o~#jp
z$?BX|9W?O@YO}TVM+?aD@g~xs$dD}^`D?t9dDTeq?=MwN@u-!%aWg^*4^IoTe~eU}
zwQ_F-maYCxh7yls^sQWWAjJMoS-v+{GJR2l*N|^Vj$zCbIE#w$sS5<0_we8Wvl=5}
z>hbZk<yu_D5svu!ffrLc7Vg;tihy)+1njcM)v(3fGmYHN#e#Rqp=)040$*CIK?L~F
zWmB>^Zy%avJY>ilp!5qj(K4%F75qr^4-p51mg%V+`(jypb`<Mw$PxZ19X}bbWJbkm
zPo<7H`!G2aWr$PU+s*^%Rc+)g1%SnaxC8n9%YOlxD^2B{?~fPh$;!Cu@ht`wJ{YNj
z2kH6?MksHhcwYJXSX1hLU^p8nxKCU}N2Y|fMx0f&Rw;Ex*-yRC9G3D^YIPns6fvj6
z0A)GoQ(XnHsi)8pyj`I9#5~}1c!*ol#Gz=&Qz)hCJbGimm9HwFIfTXLs|8m7(<dCI
zogkg0D#@08-9|aP8XGy+X~$;q>hCdx$~e)BZ@GQXTd41{h-+;ff^1k*7Bi%72I7i*
z%-Y)~Sz5Fr(taLW`X3|V1nTw_ixiF->JRFIdh(SWqo)F^Ahj@7vc!X2)~5U$_{Z3V
z@`QCF2Yg2gs1Cs;)ap#=LR<)#93Av;GhFaJd$b^B9GlSEAbI<*$N^`qxey2ND-tel
z7EW0PqTM|rPp%99)-~y)5$x|1O2YV#r&F8cTNgNEU6buiBM8GH%L&*!-*)ABRGbuO
zKz`V|xyG_U);IImpB}C+q_lANwnypD+M+nGt$;+d`ZzKDwVAQW)1KHfKM9n9HHVh7
z`bjl^X7V>f`1a-u(nf1N;$#aqr^eH4lPKwnswFqvuUjssZuM;AoWYfblk8pF+IkUe
zi_z*rE)dN~D6c|VecJQko3m=3vNro7r53e^cO6*GC2#YIFoOQ*PpCEw*<zIj|8tpT
zbC*EknP`V5YssqLSVnXJ_RYVoNl`~{U#g@3%Ilj9TkyJ-r!9<)|G9tCZoP{V&Z*!`
z??O-suDhi`!L?8xE5{Y{?CHXaHTyy6_~8lO#?i6M``mo&cLHo6sc36nm@eY5Ye&TC
zwME1|;`M5&eo!6mu?{jG>ly_p^ICh%>Hf<0VeMTrNp84JE_P*wbM}XC8|}&TO~=4C
zT4%~`<+Xq}YX3=7K<HQAF<#r**3-}2N5Z*r<NjWnLmC#xa>0%nMU-md<dGS(0idKu
zgS1>dx7u(2?}sXKwWjD`pE9INRMOUFwuD+yTylrOYHw?S;nSv@pDW9D%Z=gx_S$3}
zQaCCjxChoANlkepD+BZK^zRdMuBDWp@Qt1U^BOv9CHT*4p6$5Rb*k{AqB0rli1Z6b
z<Ae7T@vUzFariI_?sFF+`FC@LUQjCYXpsNQ!ey00ByjdBD{LOeq$;2W$oqa6VgF?@
zSY0?Ib7x6SEO8ZUw_4YYZ{$cA>&Ky^c}*%coOKH~Px7?g<f-e0o2HXJvgVrCP3;;J
z?PI#j@5-VwV=nE~%9}_4v_{zM8#2vcy_>OSUB(MWSSpRQ(09IW(CD<toe|^yQ>RYT
z0`vly_XF>&51ej^Ss`7uVT*&WEAu=f?qdw@#6h=zQ!(o-@J32ag-io&#`Cj{O1N!_
zS+~!97Iy8NOSYqj8LO(=z}}Kj8;)Ve)hqSyp|k6+NM>(|Y!J#pZC8ePPo3!K=M8p0
z8ZrYX2xSeoeBFi)SP9ZWm$=vS6o`j~IrwPHlc%hur%M5CIC-W5cioBG-XhBln6I_b
zX;pu12>4ZbxcxsN(&m|uz^XzCC%Y(0oB}G_8+0jbzGs+x{-gs%L6{zXvwvnw&O7W|
z_U%UFocqxFG?E|@qcRHoLt<@8x6i`|OcZ-SkDmBgIiq^MxXrYiw?me?@I1@TbEEb%
z2Xq}{SE0qrnv}}cHHcYYQ42!#`^5e^wD}SFYS)u~Xk0wL{cXD3c&qi~yKxK;rv<Jv
z@kznl-htdC?D16)MDj-Mvjp)FJ#6N1B<=2FT)D(n_LqIgWRtc?Z_lAm$>EyliYx?s
z&-M{@;2Gkf=${G6BPy_O;YJ&U%A;8B+b>z1?V9$;O4s>ckzFdIS8KLm_6R*kWl#Pv
zI|h^eCK89MxK~0|*^=<NuPJnk^Qz5G(3nsX&-db`(Xe(0nOQ0Iag=@7O>)yXd3euY
z%dWNa$$1y|yeit=Ua0oGYj{tO4ub{y56y6_$EiFMzc9R1Pnk-yX4>O@m2mC4vRj^q
zY4=wHZEw{x4X=I()6-Gq(<J6lMfSOPZY~vDsH{zaK6|{9(9*4X`Abd1+DN4HA?FEc
zWJYg!=vLX|TuS@6gfyyL;jkgT<dfQUc^Lf%XzBaIS*IhC%q`XdSD8K`txDGudF%Zd
zk&g|Q+is-MUgajLny5>xMnk?GVkI15t@?Mp@LM|6SOC;o2RUtqg3a{UE!jC&3j#<`
zeeg&wr(75$44ymks%d>Zb5*fE|HbV;KI;4Jx*TI*1s9>e9eAy5+b~kKHRQoN9A{Zy
z;`txQ{ZvfkUy{F^MKlw7oopJ<i%#SZOW6I(1{eNWWEuU;5*Wvy!+jtA!0=qJjfVzK
zyY74hPOj9I9`%*>J~#}|yP+<H7q)j?+7gsH&L#z=qCXtN?BaK4CG+%y4{vp(mL#2#
ze!R*#D!Tq7`o46v;6XOkJVg8cN*=xRyUvcliLv=nWjs&Y{22*(I@HK{MKhy8jy%2m
zGM82`so5`b*fqOlV_==;WWhUy>rAUCGY0a=81Ych1SaH3e^YzO%GDSX3Fb1oW!hIS
zqlLphz*({oSW9euhLrPE%aqx}`H}f;qURCmyQkkazYXN17=5tEBivTJ5H#W(at62?
z@WiC?+-Tt4lH>g><c{!GPxh=5t?D^N>g@0N^$_Z>Y4UyO6G~&*rkS){YNUzqP~H*j
zDy8}IXy5_5I2Wh(Ke?GM&84%I_|B52IAl^?!Jhxg;YXbnk-cfc2B40mU7ccQY57$$
zI$t|)Y+HER01ALh8*1(3p}e$n@xQPG?~8WSsfg7kim<b!4wbSEOezd{8gua1egr;2
z)FELL<NJUIIq6E0J;C)k^sp@eV81ka=4FS+1nITWdJK8)>I1By@gbF56~7Q%dhG=J
z7*P0p<;$&$AYX-HyKLXm%>K6Q&cKgbt&jdd07Q~&tLE6lgN>oM@B^}=Rg*ymLZ#F;
zS)<QDSh}W(S2O2ZDgdBZ{OG-|_Ky=%mBkXTy-Y-rVg%K#Rmyvhv-SlMbI$mtAKfD1
zfbx$n+|nKMpx^27ZEVvR37ac5vWH!K$OOhP_bVW4vpx5hu)r1qMHls}MrW&}*stE)
z!kUzc68$ACg~7JlFYjy3WziQm8^%F@SB1Qxxs3X@C;%Xg5oWDUc+t?@yHl>V%sudv
zo3*JI6y3#16E25c!9>{1a0(v|37kg@T<<Z%al@0;Y1U7j5MGC_7!#Zomf1Pb+v1wA
z+sGv$!10`K%F$QPR#J;M+8j~4dieKN8;45wV3(r1yT}C$H*%@s^XGvbJ+WA6P0PH6
zAO$8HZVP0Ky3$3LEP|&05-v+w_XS#uj-_=6xMt0AQ0cNDTzxn|9Ah!s$8vuq3Q-iz
zRd$f&XYQ+@IeQkxclR#rok0Edam(`UzAd!w2NAZW8=`=-xtzN}y$Y=T>;I;=c;+Lc
z>A*O1&JIvuEnwga=VgPs?26an-}==n0z)gD)Zl1BMfJ>2UhVM3U|S_+*~eVz>zbd^
z5^KjOksnNKU<03j_*9z0@@6Vmvo>T+C&NDKTwZt@62_}@WIy&Gk5`Ch5QiebYOaMM
z=LqrsIfOCi{nI+kaE|phBe;&02R0#p3#cT2SU<OK!(6;dC2I3aqn&_$$^=7Mj#?iX
zS=-6fj?w<pouISZ=v<-RR@DNp;9A=S6|s+0_nRpr=(cEMJ0e^y8;2|^ppG8qKTPKn
z)x|>A;qf#}_uMSAY4`ky4Gr|jl!VScfZor+|6#q*rmUZ|7we`6jBj<2|BC!Q8#guE
z>%C`$_(<%X8fiz+oDU~&Z_xG%6YoD6qaARi@)2s?nn@kod~eslX-LqPNKm`FfH)P4
zAG8KIX#0P@<CvC2y=*L!3@du8?lF1o&IiE27uxTx1vUn4z~v{limo?V^}GH=9I4D2
zDqz91ws`IPL#aWfMJ<nUsv`aY)0W9VA7x{7=0;GaY_4=j@I>K-%5ir*!r#!IIQ(qf
z*P24q4QB3dD;OKoovBMNdlt`3F1(_x;{$WsX@xt}52}*9yP9OkgXa~U<)C{b@x}Ne
zmv`{(dt}I_NNrO_si)Y7t5%sLUAwiMxWat6p5Bfyt>CQB6Ec$5On6SE8sv&IexgOk
zr~3vPzZ@Kw_zP~1cAOk5rF(l)w@NZOt9A~R2O(oxL!0I`Dnd>PuQ<({QrX%QN@VUN
zqV$u&<JyE=OXAPpk%fhKW%F!t(y{&|xl#Vg6RgZQ7`l5Ft~Rex?6NjYuF(*9x*J-h
z3>QHn#zR^iz1nc}Tv@Odk9Lhx9{}Gp5fh`!N>vs0&YVI9Vur;rfFdkJN?&V^oKGZN
z^@sclogWHYbIOpH29u|HU+hm!BN4S_WqSxkw!rErky)jP@miys*<UgdYH~b6NmxP6
zX&@lp;E+(RALqXtj5ti6M{vBr%0`uHO#L@r5~ER<%vtet!DQUqBkO~@Lv_)@pcw{i
zB<yOgonSGDDX%Vb6ipVtGEwnmywUuYs9PSH;g?|nEHs1+Jw`Gvjf}B~k|yh(I(OU@
z20U1AiD-r7*FzqbZUP<56`Jhe4jH^&fv0M{Qf0h7z6P%+-|vq1*Ttos4fhdyc^jht
z862t_iy(iULmU{of{x9CsnTCE*~xhKkupq%<WF&9p_iomGIEf;&v(1>hKfBL;<I_>
zi%(d{Ln8^Cxu<CuagYyvT}e&wpNaJMg8ylkQOeCKoG`<}tlZ2IXBnh*#l!!Jx_=tl
z9{qO8&y2m!mGhfDC~}(6Y8~bz(Vn#OB4@_Z?&B_&;shV`x1!3J#x=<`2{264w+n(T
zfP4nrh~J&Zwo(rYeI)IfEk~0ufp3@BXPsiK<tZ=PG9G-#-`AMH+TzGXoRXUEa!;YE
z)n3d#AN(bfg`h)M{?mdhTJax;;XL4G_~om1<=4q$v=<;@NcnpR4LhPYVi*yJR*W^U
z_)p|Pse=IZ-2fqC6wxg$nO+Ni`Vq2FwChs<7k2$j@%xoaG1{8Oke})kfQ1Ig7ddXK
zWj9BeSzWyn5+QJ6R4Z3<UBao8BKpOjMLb)1AOu-xBqps}tCtQAS=1+6F3BzUGoJ3*
zW5}0Ety`8$RsjBy>qK9GpUF_vzDU0AaxXjYfn{rzhJamwpKGuiWDc<r`OB&~VHtF^
z9;0D!(^};}L}I&YOtSZT`x0J@qAvV)DDSH%$BlJ?X!00&@>wNJ`=bc430F&izc34R
zc9s8!?s`DPxlnaxnylPk(c`PaHj3Q(>(X=QuL^7a6)@v1f1(I!wqkY+diH4GWu;{%
zzwEau|8UU55oUjw`RaZ}D<`q2b(;pHj*Jzr1di20&>@%2aLEHw&%o<WGd|7_sY$_M
zfhF`U<7-d-0bQQ@OAuIVP+lzue;+wYtp~Lee8ozj%RfWZbRgX_)i(K8vU~1Ooy8kf
z&99dfsl5~UbBsT6Jk$cE?d}++17r?9h)$B6)kuK02=jA`f%7lVFg<4WE{|@9jWDO}
zV{HX*pG^#H$&E84#V7B3m#pd>gUA@EE;q?dY3Uk-aqoyrrZKG;La!ypuh;)aY1h*Z
zKu}jx-$vijAp0qJrwQLW2KgXlapAw_7O$}R<3K_kTvJcAj=$FBCVA~y|FkrwsjH5l
zJ)S{tAq1#U1+mQ<DuDaQ8#m2q@5Zd>b0Gz@A=_pccE5A}MfBr&e~R?OJRyr&Fe7k?
zw9oL3YFtQ*di8Vkt`;{fTj{o$f%T$asjd;>b=>AZ+uC(D!Oj)slEi-`hbz^M$!3xo
z%r2^>g1IlD1)I*$!^alggiPbj)|Y^d6_L3dU?O&Tep?m~%5~5=MQsbpfh_ZW_?Diz
zcZMGa84>p=%l6{W>88N$il4=ca<2W>9<mrPoZbTZgeq#W9FW8^TM>zB1DO&hStz>-
zEu94Fz^_jcf_?EH+J)y^bZOJd-)cUuoSRHNUxD_YEqo|V8LvWnel=Y1c5m{ThHQTz
z;q||6eFAeH6#jKr)LpSiuR%?!zXSkk^>4J)m|D-hK`+V%qFFLhVU*J((+Gl0U)H8t
ze%?ON!_;!ek>foNMqWDHHg+X%{<-!_@;pJa${865ov6ZVFOBVxd~fFh7z}7l9p&7y
z(x+0*W*gil;tqfb{mShCQniOb_<lL6R9AuK^Wy1oOL5@u-5BaI3!o@BkLqy%u<|=)
zSV&x&PdyfMUuNf#gG)oY!}uI{3<4A9^?I2(au>a3`4M)Kr6Q}X_}3*l#;KRjx>Kjj
ze~y$#+{YPV&PYsTeUAj_d9P;sBfDjT7Vhnc*5PNJ$+1i+OS_UaK!6yjk(k$bglL8s
zo`Cy4&M0zI0R{Y+>|I-g$TX;i#L1!Y86bN?@Ss2P39Q*xl{w!$(2}jZa0Pi+_9#ht
z6bT%g{GZC^Z;<~1KF~lA%T1t?PZ?MvzUs4Z7l~Y3#*bl>fuM4MN|%jlHhzR{M;7c9
z9f92y>?DCVwuF*UhaOlTDZ&SSYM}LX>|xjhlC$>Ey^#-Xh%l!2wBTkK4_>aF9hT7K
z8=s>LPC`dW8TQ(|xQLG=j-P*w_QC*F@rG5_+^g*lE|7RnTHA{62_9YpN2#JwuP@pN
zb`k!qQD17;A);RrQG^*}9jT4uIideY@E<koW9V_{B!OKuoUOmas?kt?kACgxMH9~=
z2X@XRrUbL^u(F3gDM#)Vq-$+aRFTUc){ONDeFt+~*BF#;Uq}Pw$=8~MDN}7596CEi
zy%c<$whRF{>^72DELnt?+|=JoJxg1S4yg#CQLCw=)}LQmC+8yJHJF}wMu~b)_q;qF
z<v7P6Ei?(gU*?h)kdrd%f;uNQUG^>V7zX|KoB(fIp4J*+E+VctOrBDVN*>~esAfyb
zd#1*GAdO^BJpyeNe{tcYEv0aO9guQ=mBa2r4XatLo?d=<zaQj4jE7dM#C33LJ)8W~
zsVL4$ZQB8tI$~du&W<*m!C6Y(QVjs;5N>rPV!IUpw)RpsjhH8e$XMAeHxenh^V$Z@
z1Cpz4Wv~YW7bw}(M0p+;zGyu~6t2<l_}d;}Fno}E)3@?mm3GgB<xD%>8(#K|-Te?>
zyph|``Brf0)5?ojlHerH6jziUZ?<XoBV?=V>!3wX;l6GiJ<>{u@9w!U?-N_G#_U_k
z4m>ecpq1q?0YaRlW&w#8HTUX6_QY3n*v5|e5r<1F1MMYYgDq9Ir}G*(vbWQ?tnWd4
z+T~B~A_GGB(FsQHUPQEpxuNeg264apmcgDDbd9YD&Czgy#D65q>c^^KXr_nnEi=C>
znXr%5m0W_?j85`gn3A9}q`2jiGCxsz0)$GsfsDJ%T1|{2YzOBGnxs#q>0(`PX8TNL
zQ`anhKe>3}pX0j13(r<TUnjfA<NLZBs%U-N!8Hzr(yhSx{sU^^X&i1IK)g4yaqppu
zv8AD~Cc<RZBvC<pO5JNSXP?+xuH)fyh*+civ~u9&rpN)PqJoGF+nRvGAEUU*AU+q{
z92+kU*~bGiDBoJ9q@mT+Vg0YuxQN0tU2C7=mwupBo%Jxa-2J5MkEDlmM-X1K*ZuG_
zbbl0rd}Cpv$x8)7Iu3p>2rfJeX$qI4o7AuW!qeHHBHxY)$GNrPSfv&6QwhWM=icut
zEjI#0$4~D>%M5BxA<=t}q9cjbA$k_qAA?M{&CuRR!mleg4P{j;zqdbu)OhdC!_oqH
z+WH?_T;0QktC@#Sg_qQVfa0SG(_3!O#EXXm5H26hnJehpWEoq4cgPWeNXtrFCS{jm
zyhhUw`lmS?%Fay(ih6a7k>S}=_s!D#?)=Xw)1t;X<>*oQDWcaekDaSuzf%O3k)Vx{
z4;3%zuB_x-Z&`k3uMKAd=%qL#6m$QAB?^8{b<qjD*YDIs4$#RtpCQZPkFJy2c6PnA
z!$skv)=l4xoMvfV%7dbTG5ws&Qxq#0Fh;0Weopb+ESR4aTuO$d0_r}#+eNatwMw5`
z+~e~n5;=7<s#F#EIAe<#?-4j|*$kz<K&8+3GrfHA#cxag1Kqv-s$)={`%4d=a3Tly
z<0SOzjImcQQ)saZy>d0?gZ=_)?5@QO@Cn}ApK*eT821f^2)yh>g8MjIjml?d#zDeR
zy8}4rU`vPFIUFNftITrvhg)|qILSQTE{*z)+J@1a<@7IW-^Ismv0XPm;W~;Eo*rx>
ze(UzOoWIcFcCe)8g?0*7ux-IB)Me>+5e#+bbPpMKM89AEC$!>IWw^n&l6F>r1`LKK
z%}ywUGSYP%eT{7Y1~>R4yspb_Yj|z)B3qjEpu2&#4SpG2eHLfTX?8OMbr3E;^WlWj
zxp9Q3CO+xZP|=2=L;wU*buV->Q^20Lk%LHR^Dk+XRs{=FxsspW>|uRNAG;9VTvNyd
zTPugQ<b=3`16)<w9B)C}UJWrPy2*b7-LzLu@Xm=(;>hNS(@K)DI_{nhn1N(Hv)n22
zZg^k(GUI;&+33UOmeh9;zli6T0FRJooeFxnSO6w2i+&7LE<ToU0AT4P1Z<!9hi*j|
z>|-j1<UiQaK9{K<3lxumOq;-vO=D<jksj-u?6K1Xvbz`cCBpXSvEGM)EeW`?t~(6%
z)0s%guC+cGm+)rg#q>SUWgkb{3Ca_HNt^#TZb}q3eZkq}m8wfo$Z2!5kyO9^7XEdF
z?Z7r{d}-Zf?*E9&b`!D+UVdjpw5-%w7^*!>UjeZ#y!&eghgkmf*3p`e`uS=6ygj^y
z=i2lEG8F&;Ff(i-*3ApNj=^?Hy&ADzE`xzPtj^P;`}PfVz|Z7VwyhaSH-Ku27TUEm
z1sHAvR?pJ(m&B`QLlRb1y2e0yJr6&UK1{s_2!^^$sRFsGT(!N-dLSv}Rrxk9>976=
zMU?)3vJ4nRvS-s6^zQPIL^2+G64P*lUF92Z+xpaExo*|R?~v60zGJ7i;6m@lQqE+Z
z5v||gjDsMUO%eoGZ`6@jO%cMg&5homM8pCfc~@*=!^b~q|N4Pn{}Y$r;EF(E@y%WR
z*WDud8$eRZf8p1zqDf<8z&E&0&dpuaelyHo>B$ZVrYoFwb^zdiZ7(Fdn$o_o!fC3d
zZK*en7pthn5ag8{b06u45R)Y2Kg5nE$Yz26<Ed$Qus8Cr^K84;Ob#TK@Xj<!gIHmp
z%_oHXo5;or8_o0VJ#T1QOYEo_+eFsuLE%|5FI`_<{4}6UmoSLBt$A-!Q75b1Z`eN5
zpbr<2z^)tQ1*ww(n%lHsyG3It00O30eIyiHt<ui%Irf#aRX#++88iujBi4P-uen3-
zAgGkMH>!&U*1s%kxrFDg+wN2IRfB#)dr0tb%*OLtcler$smU=ExyB3(EBP}RTefz1
zUdO%UWN3D^hp!mnR{$9)f(cBUvC}<~Mle4506$J<(Lb=9dtz{Y*&pq#Hvy8q@Yeml
z#{uS2nTB{1z<EmOE15YJ;mkugr8anpSNay*-iAyow#P{FSIvmr^v@cFn<K}3uZ>Z&
z)L%p{V}0A;L`j3|)UuowPjG?$p<1J#sVYbqx1XBeyo9qH!W+Sn8xo&T<fBbvkCK%9
zkzth^Rv%XM!&eUdF#J5=GZOY_^I1XXK1#?2!3EdD+E4UR<_IDn@~@u&m70IGO;)N6
z_V5|+JjEtg988J%+Y%$#8aS+E>GA-S5sZH*V5*<R(T_m-*OKV5+QnD)l5&$vw@P5y
z%<`ZPgPV=Sq;xt(jp|~<^uRVt>FYHey!Ocpa`Oi2ZuZziz?br0kGy;gYTEf}_%x1*
zBA)AO-GkP*P>q$D@r#pwXAF@Hobq-t165n+jA1THnD25T(w06qvvP2NUH0QG<$W*3
zqb9XxGuOo-@)7#)>cORCbk{1`^#H*724~lxRV(aoBRXOPMc4|eh+3$e<-~kk8dDz&
z(B^-h_MK^WYszRTF13R6f?qaQ2KK+AHDb@sja%Aa<Uy0g*&fQmDb^&0@{SCym1JD6
zH>XNG6jgQ}_=ljhY`8?zs^nZEUAY_4R}UTJa3LjXOp@yvq)LR7hlcEky8kWE-PnH%
zh<vo*`;_S;Gn#1={m0S&IUU%5fA2byxXZ$5?_tWO+`xHNJKOg_X?_*=!L-16M;$@#
zHcynWrgko@+-s}qGu~ThS98`nJQ{WBhU=R4K|_=|%IKQ9_*PfKyw%?(OxIDFU`j%K
z?AbK&tB+n8a+0^Ptk-&4f8nL}@Hw>>_SMap?1&mdWypVDsb?9^7oTYluFW6AYrSVS
zB^+F-ZA<?L%%d%ML06X@(dq<*`c=Z*(K*tBSMBFWci)1Oj7n+&<l6Kaav)p;>2Jw#
zL`_x^(F2lq72QgfYvVH6^A&lUH6?<L-uL7=Iew>fQS?M<A!OUw;**({0{~&}VXHi`
zCto)-v*vS_y*=s`(+Of?rJQ+stMwSj9wC3oOj~eOTV^uoPTlWT#7z@+2S0O|4$k?i
zj_2(7%O4~F5+}7PaT0PQ$56iMU}B5VMIrmyzC0Z*&zXW}jIg8F#@{7h#(c}0lky_a
z0@I9>%^b@-&MD2Azx$C#XXC{P(@0dxGUJs$wQ>YjC(mG8T?A3?$?hqxv8rn^%cg!Q
z`oF5*YhLaqZS~ipKi3;9&+vz&>R#@i|8Iaj^0dBc9cNnx^MmB^LJxRA`;_cs1o|2!
z_-oU3X03cX+meM=lIQ3W`f&o0`3&7pfd~ov$R#7b*tF#PD@O+Fh_F#EgafZVSLbQ(
z%=aQ6XJ;9=SxfB_4cWOLq?UWP`crjC4`gF@)2}{Li7Rx2-tAzc8{c{))eD_t!<uP?
zO&>Gl`LC~7rQQCcX@&3z9b*5;g1^mtr(97TXKB0yz2+zFCuT#pakW!gVZVUbY(zM#
zb<(1j_(ul^lio~+>&l^$InqyLJOwun*5aEoOJJ(y)KsX|im|vJq!MokFok}CWkI`A
z2j~BOCK8eEPLg!9B<1*+)bjeb@O>B~=bE95%zcUfKtOcg>oe7_CtDagN15)d%O2tC
z4DQ!t_XgVPA01wND6yHQsdKv|vI6+;C_saqhLdLR;Ekv;7f_7#-3^A-0$&!Ok6g13
zCkfzr6D!6LQU=M9uT|M|ai7-p(c$eg>tjbK{hadiD!rAcueQVE%BS~Y^afFFoCDMg
zie99M%h7B%BMbgnj0Ch=&ym*IE_UZ^`q;uRjOmHcA7}=gSSz}JNBI2W;#dP31;0qL
z@AVREPq3gSk7yL0EV^&~gPG@9YnSIuNmp`|xQ?=3E_#pUJIJg_=CA6yl#V^tF3VkM
zM=wRc<+dEotwcS}pk2wFYR{3Dht<YdJ<3|2tthFdgx#}WHLV(_w0G~p20HIzmdBj0
zj|1e9Q2%4aM)6wcVaY^OaCN%GE0214Rq5Hje5Mxd<%-0HxepQ}Ict^16e@{6r;dB<
z<trL`!V)2n-F2OP>DGhl*@}A?A$eC;3LtK+o{TY1S*{CGtdLx-CLpXyuXX%<&)Vd*
z*CUIXRH*vuuMb8aMH&j*Dv=s%M#^Ujal*yUVXFy!S)BA@9;f`wy)GOQ$dR~HnF((M
zH`MT%#fYQb4Yj_>$>E+c8~#vbAN3{D)3~0S5=h3`#AgvRE2JdcLH2YM$}=(Vnd0eC
z_xQ69Qu897H(&i(9g^qYBB@sQEO&-&Bbt1-F`wiqAIhcMSr1;8h2C){svNl));U3D
z4y5Ov3+uON2NiL8q|`<38}_J@6x4wM|I4cMi(4q_gJhOQ{Hf;L{vvv1{l~Ghw6E*&
zC;NK?jBy@xuzZ?7_JXpauNVy!(3=<z{|b6#?aV+|Bx3*DHu>#GvTLgR<%<4fr8O&1
z4^#KG@*>jgI<%8OinEfZff6xPK{;uq5&kBHeiHOg5x&~#?#jIrYW6YWbDl_3MvZ2#
zAh1)V1UJmVDP5QBck}3GIZX#?Mm@TuuCQ>Uin8o3OE!s1exqF32l>x=^~2-^*Ho{`
zEj?Cw_QpNiBEW^qYVy<bn`Cd2Ysf1(`vJ$h3Vbt|@ijxXvp>kH&%UOO-=k@bWw&8u
zj3rE(2b`I&I4fIFk9tW5$gdt>t46o4Z^i<-?Y?WZEQhSp4`|dxFL?9cxZr+y77o?+
z8D%~Krdc0?gau5uDfTS)lXo_A2RpM{xL&1M_7aA&Eccy4$oaN{S^{`|FFauexKaXS
zY4IJ8SN-f$C(CRieIqJtP))4wo@~@$C+a44XE%fF8uGnJ=+?=(z2E{1SU}9e5i=rj
z9qq@zu)O*G-N2)Ts(nBDNB8r0Nbl!@dF|eSSoTT|WL6*fcK-yv^!_{)tw$BVy>xS?
zE`l!G60%kbE3E`Rha5i;dBekT^nA0u8I*5w=!<BJpR$AVhM-E>qviFDK(rK{r*al|
z%>eDF)UA2HrYL`!dN+K<P*`;toz=8$>QhTsaNtS{tPQ)6NEx)6<sAT^FK~m_wKSQ%
z3ore3I54^4n^IkZHCz0$N6E*0nEUqm6lS-IEi><EgExyFqkK25C{F&;wRdx%qGQ6J
zba!WHRM?|S;AE8xjBqSnQaB!yn5_M}+gSAq`grJ4)yW>NwxRN4X&%-f`AOh)$szgE
zB16?f{*Uyl$-MILxW#yGS*X7@=4fc~_3y$~;iK-H3(F=J{3yHSobN>bvpdIMEgx#5
zi}B{zdMut&N!9nb4cV^AFo-|hIp_Ft47Tj`Wy+hT;*Ej%p-Zjg+xKAlaepZL@p}(A
zd(GDv(xzVKz?MD5eZFU&H6cu<SvbHJ73dW(lbwBARiDzTcl&9RP%np1`V}!lYZIz<
z=d`yuyMdn`=f~C8+aa)lCxYeH!}V8}4xJ032dx{~o-@?4`n%K(HpTpeU3fB&<P^Fc
zYh-D#QNwmQiG*v4!z2Ua6}~;<FVcjOdY~cVoOR%!Wbv5ysGa|8?9>kx+%B-aa@9(z
zdCUI@h>@T%OYffEll6PzeOuo4QS5gR=JI{DCUQ>yr(9tx56~3dq>3XaTC(j4uOZ*U
z^gm&bC|q7ybJ&T*WEFSXcFnkg?gmRobUy5gG-kY1zkiCCyGKO7$Ci#0^pfD&oTx0F
zj`X<9nt42t9jkqb(!@P9@Bwl%!zgRT;>oEksQlU0l`N|*){yLoe2S0ZM2=ZJJa()h
z#&PM;0T%8J+#<bF_)DS*n8>}fnYq;v^Dv@D=Z$Kn4wS~2b+X<h1EvwYS3g_wYr!VW
zNavn4Z}%!x`UN{d>U+#R&gsI;Xu^aq=kvGcG!4&8$m!TKWmQ~NUpGw558-*Vp!mV1
zK5KkieMBCP-YP8iE(z-!qfxK_3gd^AA(R)<r93@Xpo;7Q!#fY*y!>H#J?jVo_$e&&
zCBW*+>OZzvfPaZ`rvFE$DxJP;2bBj-#JBX;{(9IJ<Z)V$5j<J?e!OV7gK*DMH0b$T
zqEWaSt1WbJ@IgC7|JQU%cVY{m!zB03|NJfI8D_sbg`@w4WqBU16<H|^h{M2G?SFs!
ziXb|*dC^J9(pE>wfpI(bITJ6Rj5<jT<esPv`e37i5r8q;qcS2nAe3jdDm4(I%<7_K
zzXu9pwa>((in6styTAh(D|*ZiMx#7Z5|kGdc^rHi&u`-2TQlmHr?nGMrL_qc6@#FL
zb(^&pLw(hhGRhg9JH41gFV)xr;=TzeDxq^^St5?1qI+w?U*e1pz(1(4KHEIhcuagm
zz9XGA{$zDZ>(GZj@7shOcxK8uH&3@Hi*DtIFe6nSU2|!!CZKKZs#Ql51-kp~ip|*L
z4m<xgpxbS;``XN#u1UNtVy?yn2-kRk=b<<>Ob%C*Ti!nciwYw$|1OaLoh>p(AH@Uk
zrGl4I#70~Y0eC^vo%S3(2Y+Ki@m=s4`7PO(m0VDhaL|!!u3Zcqn09i;3$uVN9%qpQ
zUZE@#K2Ghq8JZIp63s@yLg=gb*0-BxJgsJPL|d>59dG6TRXYOK<Q(khQHWnS<NmG)
zA)77M!k8SE2c1`Z=WYHbws@!4gnoU<{JqK0FRKGeWW@;C`==hets7wqK1pe&!ew*!
z7M;$Z<Ayr9PPM#iNi0mZ;C6IYB(oq$yGhus%QerJkA2krNF~ECDYu%j+fzXo+rcVc
zuccC#)`(hu<gsUeE<by`%-N>_yA<xjnl3*)MvI&+Z_2jI#v+f2@2#B2*a&303OU~P
zqtAk?&)6y_)z{+!;}0jRysf=>TV9hgf)xqmh1*}$(Tk#qQzu*{Q~ihTdmf6==Kn=8
zvzxb07RO9>bL9{_Rc#idbbn=ZP@(uEb5(FW7@j{KP3}*-qbq!OUHn*T8fk;uKh^)r
z*mH|KsG2M3GDr|04Ms}EHa2;q7|56;GQj(P6H2R9sB^x7kglN1%zax?dnTlu&PBKL
zV1r+eIsW+@2-H4{9_N{1ml#&A*peCIUp^lD$YKO>_(%T|`LF&UXH}B5_S&$JFcO>)
zaH8y0z#p#n-N&tj;4sdZ$vs)?w%4uO<#`27m`^xjpZVKcPO|LR2tu&by#Nxnp6Gw1
z$8yOGzuF`DwSE2rL7;c>5aDuvVByJTg$)3^9Mpdd9RYt4(7;x0J`Qcv9D?PwsCePz
z7M-2SDz|VoQiG9<t*8_H8GI6er^?FL$7mQ+(xsp>Z3QoTl`iQ!tWnl=`ufP)=i(is
zH$O;1^9;`vM}_!5<48fwPc_#oVW{)J6K2Hw$0i@nB$ywj?Q8PwWpWMxeq9c&8>hU|
zc$JYv60}yBfhY4N9__TfBQK<px?m63c=6@>;mx4(-6SBAu$-v+C2ZBpZn1N;p<=pA
zAlnG4tUwRUc|{ZQ<N>2M1*qoujO9JA{U$jxh#}*ps_4nzb2ll&wj&@1S%<^kI|_!u
zz0WSPq=?-Y>R32FDeV(R1r!>60>aB?ChP_yhO5!uZwm&8bhz{RFqiCt(OjljXYrH$
zbB%BIdBl3!gx7K%S2SFUB}}>wO8bw`{F+>!PmzwEmSk>woonkR&wIK`B4@2ginSn5
z(>0)4!_J;;HFJDqwWpA`2o{jvoV2RteP&C07p#_iD<Ka>EElUr+M}<YXp?(Lp@l#*
zpjV~K9-W42qp8|+Hu|1WfW+jSg?pf)GGHj?G|xoxo%>JltfTjV`m>N*TzS9tqAgnQ
zp|ov`1)5eJ`YP(gMYajMUHm~$m+8V^upemJc-ALSWBa}`SSs#dnX+gSWJU5NMlE0E
z{~}6!jTDtK{_@m!<VKj=SKtGvPPX#xy(Y#{UZI38btI`=(e?Xs(N1NcI->OG4C5Xb
znqP$YDP79VGlK8nn^woKRVx$rG8bewvZTWE)Mc;{e^a+z*o$Vx5s|<Ioz+xd{Oy~l
zlpj>Hq_{qyvazoIYJxE5`836^UO6xLX5pYo?_6ZAjQ&rCd^g!SY1V#dviObgUEGQQ
z^nx1ruOMd-9Vga9b3DI+-=HS5P9-;-z}77aCeviiYhhZ=s;~67xIJ9!vS#G|(IK^@
zSsp}Obr)BvMLLx6P49ds;bEV9aw7a8WidUYi<$yZKO9%9a0{Z{^4@;3uhH;X76vuj
zgHr)kn<8K3<OdNK;-}23HJje%c1K<+ve!x(*_^CgEJ`zjKH1#|zojkfyUI-tx(z9<
zGhMjxVW~m~>4n;k%KutD6)iM_0qm&~?$!CXI<(wi{}1h44gE6N6?TdTCGaG_HJK|Y
zT&H;*Izy_#(!;iMGS?NI_RH$K<@*s*83ySkLvD#xC*|KKd%I#WcO=QNY|-fLW-L2Y
zeA`nT!;>CllTr<xqj|?t%!?yOX-;}LgsSPcQcILuCPjWE#0o(V(Pr%YZh33%&<B`+
zdqftoe(b_2w7KXQ#qc89RatnPy;rajTD3-cvz+LwYq9Ely{&h!^H9maG_k`nL2@I2
z_e`)KAc<;*j)lz=wnRRSDWSZbNZl-v%RgqVCt}`vWiU^%x37j32%m(b_eVZ)6M%~H
zecPDha1VUJxZ8NqlqF>CKhbTB8e}#00mb(D^3==?OXkS`z#cULBF#$ajeXOhkg3!B
zZgC0co4qQn4d7LId*3#NHDc7d($!|oUwZQ(!Jc|XU=Eg}@u-eNnrQLch6oYiYVwQi
zYVfzz=Mdi4h4?IG-J1VYFhJFcZTv&(JuQ8|<+r05M_w*BOgerfKnyPkC6hH8K)IG3
z<)dIv0rSa6r-cDReR9vnKfS=a&>!)|Yi--!sJ0ql?i^h65<t=B6hoq$!gZ|?i1uB+
zBcs-OFc24`>o2{~UM?~!X$k~>&|j+bfM?1|gx2>7!Y6{RgP#4uUUfQCDmxK67bj86
z<H6R0?iUW*OUHc1E;YoOK!R?scO^LeF*4a77|Uz?^;xnJ!}jd4jsgF*9(x0Pc5{9^
z6DTP|KldrBCs_LvUNm)kJ2@6@i_!<Cx5z0$sgGyGJJR5yDu7mr``Vukv6A=8i9xri
zMEwcxJzH8rJuu?O`K&LBq&z{nFp4$g31KlG|3<X1LufwHMGbORz3#kK56@C8i|2lp
zu6v(8(9;t18~P7azF>X}f?B$SHei0jHx|jEkDHZa;L>a;xlUs5qr5|IHnI^rZ{XZ<
z>Ff!<o`Q=vHns!2uy9#2nQyzBr20XqCMwKjgJyv69)Mr^<AF7LJp?{Feqq6Q!PCa^
zo5)xMpV0pjLi4aXt6G>NiD`1<`8UWZzi+A4ntUNCQLe(_qK1<0oX8$xW<&*ZJq_wm
zx^O#x$x~9Om9!^s&%;1<@y*sweH?Y0%KbjsM+x%<o2+l;kDe9_E&+qNh;32(18|Y;
zdlkjUKs*Ave8-k*`L45LPif<#LNZ9@^=?z}X2k-u5%QBNZYT%c?VV&`cBe9t51*dp
zOp~_u_ahqXCV7ilC66$@fYD#fszK%`%~JGhnrY%A8w^g`L&C|q@a4Oh7msn^YK0O4
zeos!LuYp;|?CD{J>Lbc>c>rz5`%?=#UlKz{{1&exDd9h8%`QE!yz@ouFMil8{w5xm
zRfGqyl=xrcBq#H*2ZX9rtFsZd2>CJ&BP=vgL==Ft-x44O;(HMluT|RsdWz!KE=;%G
zYFPBb4bc9u)a5AUBU`4iz9{~M!V{Z>6<7a{qB9R<`v2qjw^S-=l_bfQR4P{`$uX;Z
zOHx)TDzPN_My|xLs}gcWB*`(NBsbMC+j8IL$Q3j9=Gttt`}*zo@BZ5H+3Wp&y<X4f
z<Ehue{D9byP13EY<PfpB(I4IcgKe3+tR71?@v~Z?pc#k)VhzqPnHabv7}zX&+@hSg
z2cil{v2urPje|HjU!UG0#^*&>^<>8<#`iLv+_PxdBr})XP^xGLFEkdpJvDQrX7F>t
z<nID@+Op*HqRHy_cL6iL6Jkwjs%<EDFJ4Uryj93QB_q&^<u21GwArk=c#K-os?{N&
zKY>_K5y`A~>93=qLdtIANt!0#x<_oBRP>}&dz(jHSn|9VFRY$_WLtuGjNw92>~kEb
zo@j0nro#B}Zo4m!B{<{5{_8C7BTmv4blq>L9~Ntoy}A}EWyKB)`_~jJI_i(Q`^nBD
z_<BF=Vn}a9=W%OO(!ovPlUGLLHg-|z+&9&d!Sh04eH%IZA4=L5;xZ3Wvjv<4-<5G5
zy4N_1-Ci&k{gL#ZVJcN6ZcMYu6H<<|KFW!_&H&TdZY%$xMm*$pPT4CU!PN|8h`D{5
zNS`43xd!G5M5Vp^6133{@d~tN*erQO_*aKsv8K;ZlD_OKQjBzeAu74M0<izpUAhNE
zwE2j%<W@;_FPj~!)ZRcQe&3K})Ae(0ITLHQW*{6}=YjBIze8>pQ2wi%%}BQla_6_O
zids3Rtbatcj9G7g0nEO^en8_c<=C$5d<gh`zCHc&(iW|JV^c)m@povm<0V6|eb#Wh
zCTp}F-Xk#Z^o*{ux8%fpqPuJ}3B6fSI&7$+meAr4ch=tch)UI0OB^5ad_E(31VM_s
zcGsuE9)6D}@|+z%Yi_9vBmpoxPGaWZNw~v`xi!X1YC?4fsl>;N5vi;cmir&aQOo=M
zy-fYjZ)Q9M9}d`AaJhyn6U?L88x(-cu&Ub8ww~{pxcIX8@qP4_y`Y<8ihJbLVEm!!
z2>u5}VIpWH=fHk8L5pDBA9shZo7<vR-<xjtW!SQy-Jf-W{9*gC!+<FT*VVO4ZNQfI
zhc{RCsDI#h;U_8^9h~eV3o{LNctm5{B>Nz5VOHX}sry8w0!_xSvF8H5t^IhjPogH%
zE;p<Jc<gOC5j=471Uk-u8%USupDT6X1`}~luas~^cLo72R$~Vg>wUpnnQO0O!G&yP
zeTN_7Bh;@KNHTS!bcmH<>iiZAE6>C_@PO#{Igt-Pwc`T7$OzN2c<JkfMC5T&=@GVM
z*;Lvsy;4S%cAPF$=vo`xi*SWX;IGG+N6yI&e-14?$-ml(cubPDS~8s#OY2$XP0h8m
zY)a1;j3M@}Qf=C^;S^m}WT&FLIBlmyT_36SA$ot-C2^%$++tW4k!hb7yy?%L3xCDC
zJ^N#UsJoouSJp>M&}OUE0)MVYK`ug`G<QlWI=<P;Kp%-fKo4C;X46_}k!1_=V36<a
z9g=)N&BDcw=bs?U5$AiX&M%bDL{cPS*Ta{e`7GpRmCZSnv2@UZ48X!v5VW0UxH}j;
zgTi{F5s9X!l%5H$Wd7h=x?M<YJ4&js<ecu<3~{XCYizPfEIgKp8M8g9#)i3?FlRyW
zZLc$(XRK6Oq#G$NFsfFkAUXZ8-i_hc*eD3qYm-^1yjj7W=#G~t7j7SC6aX*)%iDFN
zMzS`u9>?bHN0*u(Lh{s;Brf0<y}Q2&pBqkEGPT}c<k&v`0P~hj#2DNw@QNmOPUMkN
zHd^ODXKHJpVVux@I)3?nAzz%__#ec)E7ff&o=__6ew&DZ@fzUwcnyn(c_%TCyr**K
zmiixiVtg*64Pe6ud}^z$9{m%XAL0N`VfD=@v|kv>-J$2T!&M_?O!%3F;FafoS#Cv7
z+q7uIdxpz8qg;XdmOk8yF-=frYj;Wkw=NyxbMDU$T<N?|;&P>Nv<nIMyOHnohkxle
zZvQAtf9Q&XRlM8^-=f@WMwT?LE|26b{cT+vDV#9>jkBGuqUgG1DvA5g3!ZW(;Li@o
zonJp-312d;FKZ|!aoy8H+N#2HNI%E6ZjWWjKSH}B!iwr+oao7$*6k$=Pci_kAldbC
z_h*(fHnX!ow9*V;0`EIM^Q$JvZA$cx+*G)B^5H>jyvZ8jOU`h|7R-?v>1*4$Kl~^G
zCF0Fv<mF4!Qepc#&`J3oJ2skE!Lt=KcBhhYbpu!FeJekh+$lK>#Bxoc1Yz&h{BFO{
z;8JAIntLdf|0fM`3$REVQp>oGJR=Wq^IMhVtjc%Hq|FamO|6WhPq_r;X*AA}`R<L+
z=G{rt$3T8z$=B&q*vs3y<>^_`sI?`>KnP&T?x=i#4J5M<U{xQPQF&gSDiG{3vIj~A
zvH{qYb=j<^cXQm~7cP>vqFk*PJQ&#fV9GlHN^&Fc`4!$_XY}-eo`EV8;%#&{$m(*)
zBefaO91T%W8~AVC`pHX2SgiqH@2``@_BTM|T=Y&@FV^uW?Blj7J2cV)XQuNv9>xup
zUXgXnjh%LgD`C9m>GzQvg_H#b-X5p2%geN%I6_FZ-B=M3c1XU*`LWRk%)ZMG*(q=C
zx?bkY7S9F~`G;maI*+=Q!&^@&H_E>lY7-+jdU(}%WhKf_?ho&3ZJ@pEGBMnXTI-;m
zP>d+OAGWWkg*EVV#apXniePBntsPJ;Fgj08o`2DGaSi`+SiMgH;`)4XFXp~v|3m4)
z*x$5WfA1o^etF#(bxg#96OP7W16;zTDTB1#DdSNef@biG%^xB6MQ2sRaSsIuI7Mu0
z6Z?{5(ky@7MJn7|P5Fz$O>bZOUE5DR9$zLq8RCUcqG{1L#+g6^`QUfG)AyjuAV$sY
zvguEHU#pi333yyw*k{QigsEYRuIzQz44>O2@v~pZBIudc{aahjDJ+SmAT+hEl*`hl
z^XKvw-(S^$W6VEe5lp<NousSJLU_CZ0D1|``Ulf5I*@wMe`dIh8+UVZ(SmQi+;?-5
zXM-zyIsqLi+rsuJvG(4(wkn8?Gn8X_jsahBs{;XCdwPZRB2Kn<0Frt?axQqzTWdzC
zV+-Gac=`4|E4vcrwGQPq{R9%>{?0E1+Fn)gWEA_!ym9mU8~f8j5?vtJLId_C%$ClK
z+xl_T48?IFy4-ZinrAr}{1GJB8~za{b;*6U3aJSY0H4Fmr;SPC7mXb|nWx{^je_48
zcB$3g=4xHr@{!6psCW1@i6Z_+yO^E$1Pn95c=^{>i<e*iY{nEtd}<V|Y9@OP<c)QK
z1URd8MVQTois1Cqd;DBvkNm=f7b*I+AyW=vJie09@b>S)QuU8C$2l#pQ|N$=vkGVU
zo=!X?3dp%Ei<)a?NRscdIy>FBgDRajq{VupJNdE*>?9MgyYvm|Mw0>v<9l(67EI#r
zGjcivl;7DW)g`&q?h4zssALFSaEp=L36wqr2u>&(tqXTAamvozx}pK^q0h*222s*_
zLE9z<B2WEzp0UT61$8X%6ep<Em*#15yz{M@)yj}-<|ClLxv)J-@5}cj(iaaBh4%es
zq_lRLHzwQ_ervrMQ|hBGAzv$%3(YvTeC_38J@?x}9rt%?Sxmzl>SFpZoUc!>kNlUK
zi0!TUPBdG5<&t=^>^L&+LjfhO$?22#WIl|<x-__|)Y|cOMEZW9H^TXiU+~|;?><tB
zIpnA8glExAT1y&MVQA)luY#p3xOuuqoYDxJ=?A1gYu~L5R``s42@E0AZwIe2_AzU0
z<RvV8#}eZ`;a6?FH1CUTy$Z$p_nglph7lk>^St<_)oJyf5d!7SzR3ynLK&B~<@**t
zjJ~{SRrvJUX!l<<UlTjn1bM1RV*LkP@70z8!vM)%BX`R#{rZKtironnE(}Y^{mm5H
zRlx%H(tKj=Va!wIwPmcLFr8MDuSo03kXE;*4jU6xy1AjE%Y=dcy2tYato?+9*FQ(f
z5PlQ~=DlQW$d)Ehr+x9aW?|oRg@rpBQ>^OXw_CP1+qk$pbRzm^7~?zueO!p+G)3tM
zqRr-P@1kzS?O0nP2K?@^v5agZ+R}pNg2FcQ^s`r~?8}8qNw}H?p6@qTWdgn=_^)}-
zQTo)Dad<!IPha?j&MPop<+`w?tq?hDsWrLc=i=cD65f{!t|g>=SRL=K>(nKFkdXtg
zL}h!vlk`QF1}GZH$(tqVFSW036r*qM{Lp;fmDnqr@Y6w_kOv)|QOfQhr*E1--++dk
z34fCT5Y_+%jt(3b*MS@KouH!=75w#;gBo&tP|w4#@`Kzdj;T(5bF-$_B=*rw8E4;G
zjOuEhWJ1Gw1I2Qz8<8)+8TKpQgu;zR#<-Dm&F}hAxrd*9bdc2uIV2P7AHO7O#;^8{
zB-M>8{tXFQ$<)hw((j3&pJVhG#rJYQvwWxc?Dfljg1hSB=Z=?f^bls>ccLd%7UG1_
znA7V)Ten6#AJ7}zHv`uWUQ%2yhD0d_9DEt&Bl4ns*m|$M*s?8Q!$qZ#yM<c<JG{+E
zW}mm9DfT*vgSud!&(v=1g?W=Iq$<c_tG~jTlt7x#EPA(8wq1O0sokkwi;o)}J=~=>
z4>v+)vDPU+f?v8I&tS=zC&EcO!1huF>6g`+s|cD7?NqjY%~&u%Rs|KUzZT=Tz0J)f
z`*?ogT+nN>!Xvq*nJVZc;8LyMQ(eDEO@(FJv2LpqDb1#Y^j0lH4A*fsWFP0X?;n{P
z4P>?LBGc_C%$o}^%t#-vWm+!#9wBTOG@^#N-X@D%6_^_ya82A@pV0NGb(#5QJ|4O-
zQ7|^NU*aWIXmoN~yPRcBBKx`r*&jD57HTELAKogGu4@fs!@X>ipGtGoY&Go4{b!&V
zu)+d8+)nh&3LY1GLNIZXx?8|`Ex|91@ZH=qQ3%a@r>wE71CrNo4eM9Jl7p%W>@`8x
z@1A`SM#^z&YdkPT8ZFz?3r^TwA+yg3El*vANa|LpYkaE0OlT;CkZhoRf7!2-IW4{R
zHi^d$<K;tCzl1s=#nNqTU#9%XX$EtARS&Kea5i0%F5M7{8*8%;SE=Q@2ceW9E>FN8
z^!(RT(wtfExx-SGaM;9(sayx{GFu+2PgeVT(7A9oJOgt|DSUOqC~C>8`io&G-Uj*W
z?3YRYq?_s-z$OP80kpbF@(CABBG&k^V!wI(${SFjaistkW;sPmX*TkM{@2PBaWg0?
zl&VgGe{w!p=6!SS@UkovNOxBgTP{7NxS@OEeEh)PWZq=E&Y&*Jp2%YIR%yAb-6Hed
zj05J|2zutHh0MR}tnN>C$QQQ@)CV4c3}KXSx-5HJ9EtVjEgf+$i^<0!53EfhlXu|t
zcI~|coT(PeF0`MR&U#h3ImEj1*f#U~#|fPCQ0f-B&NT=Pzxcc%+bA{i6o%LX7#Y~^
zM~W+jJSa2fKNDC1!*6XW8IXKV?@}{`o_);v^8s`Rb5rQ?i)n9B1!KlwPxeOC{>ENl
zL&GolPh1qsn*6DF_&R`ekyy*!<g8N7uTOivPWh|;L9w!^4OE{n(Sf}KDLM=}h|9=l
zI;ElKY^Oygep2MCQbC1AWD1YLD=lq<S`NYvUjV7VBOErIj1F5&_yg`(CC$;|UrtnN
zkt{F5yqP!Ej~DSj>9*Os5Srrs`UheFvs*H<-Ih1?sI}e&2b41YME82luZZV+320`7
z!3*Gk!*e_dSz%diarc?lI`CS7yvHL^79*IpVD29!Jf-KZeW?iQN(PVc5%&rdPZRH4
zsbnJW?ywSR3Ce0^l&vi5Sce9+k<C!W!)nswVnQPhmW%jm_qp_y2{c!n{h!o{${r<;
z;GK+mwh1%|S_QG%Rm>E06hsmH(Ada@=<3;c!gi^7rHUhit^cDJD+t_eRWJfw1Um%K
zgaj~$pO>WEl}J3QO=MVDxk|J`L0gqnq9N+B<Z^S<qJWdb0Fs;W@&&MP%0>uU%29^w
zkQ*kx|7yk-CbF%p=@~iEKa=Dh=)Vs@NR?p=LlC03m3TD=vKNV%(v=Tg5Cr_~5sM}@
zE_OJKhSjH`l2T;-X|NJELYV{#2>dd2E`m6#*>fx#rHleBE2BU3TNqMr;y~5Ar+D~}
zV*nE2mE`nT+P_|dFz}H`-qNP^Ye_<zvdsW|c~7D!!rt-_WK{6-wv@G$yoGAuFVBIT
zof!rZCI57*nY$s&;Wq$)bK4#NlU+bEadD|$amV!Rs^E7P<*}#*dbaMi2%yu=YVY8T
zCCp*0iS60+B%v5^$e917Wenk~mSZa>*pl22goMT5Np_nmm>7ln8|1%oeq_MjPuoB5
z{H*V(o6HV)cNCC*`w?o7D6?KrRCUYQgFjxS+Go)yW!I`l?@*rWtqJp*KXzufaA8Sw
z(KYIzp5qT$NxX6SZN6{b*5my@LWAb7j}E}43~n(n)=f;X(KxZKmWq#MsyY(?n?NvX
z+^kz{_uS0%IeR_i<0?&bYl?ipMSfzI7TIH24B+jYCuRR$NrZdvWv93bJcJ*b8mAgv
z6^oOzYrhG8+VfRYa_zF)KpolZ_z=#M65AZ(^uzMUnBl};i(%0qu1U)-i?hzmy4zyc
z{cvYi=lTslIxY`2%Klm?pRzuc#T#am^%YyG%d&|(XHL1Ct=@N|eu`r@MQ>JaP_-<R
z>tu$7M)$C5$M!Oh&GN+3451Re)0hA7S>nTNjmpkF1xRIZ`9n}NS^v^8W6Ft&F|54p
z=<4_E)$+(ekHi+De-Lv9r_~KtAF?p?KlAtp?@RZ2K6>tZUz6$JA@UG_HviwUt}MA3
z1&W`7`*%>!)NFkTYyca_iP745VGf4Rm>C8U*@3Uel$ZbP4bUwNXzWR~)>LsTna{GO
zXSF^9(%_{8KZEca=fd4t0@wMNgy%Cu{MPztw4a1Mcy_jgVDN0qY6#;j+c0t5ikBKV
z+saUAO~I5Nl@<?M$pqJD9axmB<sX&MN)jc(yK`(4^kfM%A_nDYC72mzRtPpoUJ^>F
z{ZH3(uEV_f^SpC>>tK#m>qosc=&%DA`vTH}f-d1x{ST5d&T%q8{X1&`q`y76P7b?!
zo^zLQK>?q8Vjfn@eM02NIUAJm{QR5H1}KldVSLu``K~}Jf?Z|+MN7H`FW~Fz`0C83
zdM5*eb_r&_pvM;99FfD_0=aU!zDpXbeyJ`H19F#nrUaL2h$0Y-^03Oa1~vRhZY%bc
zguLtR-7K23;}4j7)_dbhYjy3fI|_=QGfNC2fuGtF;*6p7J!dp}M#4NN3ga=y&5M0#
zsg5g>8z0)1(ch_)(DlM6dtlpM0M&JC=Ts}91N;`FV6n%o%&1JO51Ah!y<Ypm9!!8L
zh#SazLBi`YvI_=bfsUkFW^lencu=dQuc1&H0=^a7&Ag(yPM*@qtldCBZji0Gv0B-3
zb+2++elm2d^^D1?7B!IN3wRFI8AahC2+R>qFXs0|ma(}#RlQ=2nf=#b(C|5#k?sF0
zD>5s5aR`@~@ul`5Q)Rg9j+qL+$}a3yoX=K?!+vQ@oJkhC)!5a@dPEuree9D}(da6#
zl0EHKyVIZLwfJ=EHx8}fzC4a7Ql`kBvE~o>r_@@^h{-~xWa^`Nld-<#S>%YRG6s<+
zcuKpTT@&j<vMc5)c1ff6moGcDN3;toYXn=khohtHhv%<Q^TuMxkEwFc?7fTK2F9*W
zfGk(d1$;9c)1!+`Ixl$q%<X|S^5}AlvEjTf7FTOYwG1Ez{Ooq*OHeE%!#xYmbYIDa
zq5+sL_PrR52WASSafur%dgBOdh+*ldwdWH_hp@UAlY{8D%kCy337f^C6vcpXw0kNp
zsYsnoFE)a+56*^s!jmw@ul)69As^k|-z%1?*5%i|)({!T)#FYa?>=$4(c;*|w#)iZ
z^4j6yT@viAWOD2WX9+0Kv1ymYn^f&FxNEu^V>+?iX+59VosYsHa+=d#d8D6~+3tS8
zxQWJnAPzGqwkNGC%cqSyF`F*E^4B~}#>@yDVw*@7g=*2j|8pNgm*737ftqKT&d$iE
z>4N2jZ&%-sW&u7#ctlfbyDK}VyiR3Rr<0^wYj6IWOCg`f)b1DNGC!>N_oz3;+@@HN
z-|Bz#ieOL8gBYj6Ep^;}WZ_CTKqV8V|JCif?^>4i(`xZU>d3pqACA(^4?4>F%|n}P
z%mC)k)D?+T&Fzszle8nF_#?elC6{`1catEmt=&zZv59B>h2(<X#u<I4H|?WvXa@jY
zEUmO?ck+3&6xKRE&DiD>=~01lC4FhSH%qh3T8jLqSNH#e=TjfSgzezuTBm`5oL~t9
z#sCw)E{(LN#8z#}OLQJ?XHruBqOjAjmT1{QS=kF<9Z=5GA6$2jT5v=?6|~v>7`XCm
z1t*;7gFP$Xu0lytz0byzg5C+0Bt3K36VT9*spLU>4eB|ovpod)pr_KaRF|a+D;HKm
zTi8QBq4`5^qmN>)enu)n>4wxqjYXSJ9g%<+M|`s_Ge*+3#BQKY=u^9_swn)wN1i@L
zI^rh$Rn~f+_vd|?yh${i4DiKao;Dgzc3olvk^VhLdzv42Fa&$$N^6s^{J>Lg^mmvT
zNP_U?Czp31(TO?~ZeuORx~|!2nhyAxsI>ybb=y!K8gFB}t18QEsCad2%ok<{8Gg~f
z(WoqGV@2)PgJXSE(r$mF_0d@0Rx%XwXNrTjEU$ulQVreow}W3JKp&_hI3<+7k!AA4
z;v)PYjrK_6;9hFDUiBJbTBVTy+Y7pGON)Pu0Wq6MzKT0TPjl_c!7_0qdoY9=GU(S0
zs=cv~uR+E8n4yhP_YI-R;m}%nF`}$ox#o&4{s9-4mD9@ZiOk9{@XG$Jqri=iQEQ?(
zj9q>N5eYFu%}zG!^uUd(V0vnJ(pCZ;-`Z{e)V&TDIcvUEq)E@#5gB#rf=A=1E-vA<
zD&a*aq(-P8f4?3>Nf}rhIPiqN^Wq__6C~vkB<zKIDTTF6Ls-@blRlO7cR+z(E_X1*
zr`@yLc7AGI&CTd;WD*sba}cpQJwc2}M={Y;VJ$X(*~e$rNnYwtM-0;bL;<DFfM|c+
z+-T^|p1s>akQ~9$7%JhTSa}tf;w{5*J(Mr<QJ=$#0WDb(nPPDkXwI_9g8w{Nz#G(A
zH6cpchc+|t(Q++-{doYVn)QU%xSB3L|A7X2c4uh|zq6{uvP+crT$cQb3y*IxQocep
zB-fp|C&RRP;7Ig!Ew(Ms(2uBy4g2Xw{xy}CNO!J!eO$(8d3joFmGv4o_i#69-?rK{
z?F_KuALadFqGmn2)U<SDBbM6jiFW8$9u(vSf`=ge;%g6H&xKA8w%0+aB)!~YWanbs
zQ?Pq$dO@n>9D*7`31r*D?A27GJF|adjZ3IMkscH^K|1;Q^izI}!vz57&|6L7oK&gi
zvvI|OzdxPWJS{ihb8qg@*#JdQ`(Yk|W+y2stepA9%z&OEU+u<di);(pbW?Z9RiRrm
zZxU<oX*(x&WL<FB-d1`o5>l1h8afv^YFRJ`RdfEj3sPbfIPzqAt&1T}UFUU(#(5@~
zGbbN#o*5^0Q!{nSPMr_l?u5za8&JhDvjgnGDX+s21+Zey>*S1$WO1+Y1;sXHs9<B3
z4Hab1+*THXZKM_*xZnMN`;1mjvUG)f{~fmGgJ0`ml>C8^2^pRYLKK?z(^v;BJ{1*q
zK{gb2e#fiS+4V~?JFtdWC)xV2swF>)hiVHVWqW`?XfgwCJUy}8_EANkwD2gcq*S->
z;;hxX9bF8S=TSfeOc0>l7$!c5K0qty5m+8=W!V~UFDeEfxwd--E*E)#Hi0MK97jao
zC0(Q6@QIZBFMTk6iG}Z$|3&CCWic2*-tq%KcCEQ=15Wz?Nu$oS=YFRWQ4p41NDXQ2
zkAw%6t%pV(^{cdAR5$jaqL|Md$qa;B%i91sd?)AW>F~qCExvcXq87sw4}^YMJfrnH
z+RAy-MN7d$_oYAIC=NZ(8h(a0o4U;@`f2<@!*DBj`qymJ^1Z~O{<7bcQdyLVb^fm;
z1=-vPcDN_Y$odX8#b!7Oo0qH@d#4h6to;T>E5L3*FUn<hVU+MaefVc~@(>0f`n#0L
zTn?mS35YDKe`vZN5>d~ykbV06i6s6e0h3l1LRh!mIpsc~gj|=4h~x5W_<Q8UTyB?3
z0r!s7U6L`2kTR-5{a$%Ip#+V1o4sq?Q4$1_KM-A$tVpIw3*5$x1~n$c52-ExK#!0G
za?+pp=fZ3$LG3SZtVPsLPur!rOa=wB>ZjwtxQSIApL1zC3`vQ<f)6Vs6a;9Q?_U`j
zWY%2UZ*g7VA?=<ZDft;Fh#vAHh3E<O2;&O^O!Qe_nsc7}?Ldd`1#t<>4Lgbo2t`O|
zPX^}hc;A|lgpa^@vt5^iLCvX7&X{Q<(X?WN{{Be9?D3Rk_Cd=Ncw1ye--<^j11Ro4
zxARKKKYqW#tC)N=PKktAn80-U&fl5+m8<X$>3s*OV2!I~!hjZASkgrIW7#E)N11f_
ziGbRqJ8t%a(^MGGzpajb>zTcq-#!+^99;V>N6j<IHHS7mX+}+VZxoe|cX61g09ou>
z!(wm*s9g4womR{UTveKVR2k4Bx?b`a`R_NEH0}&UptLkz`*lWs0P@qb;HoUhYD2U>
zJ$vCPJs}rSbsUXJL{SAv$c8<9<m`|Q`vIDHcrJYHl68u5=rH{fNoc+T)X`gr<P6@S
zb8M3v^|rWL9pmmDw=d(4)ZC`FcKFMe;crctC(*(2h_{lYum)rOY4juXQ|#%*BB~qh
ztW)$3)&?0yUsw^&Y^DUujV#ivz6{1g#qT-qEGiRibIe`>&&%C7CUD3_P{tPMvh|;n
z^mU-lQq75ZRFtIb#{R!b;ac=}(P7Z^V298sP&1<S0}ZwoFDOlBTPc=Zp2$^01q366
z7!)JSbEyq{SWBDi(h2(ozdpH>9Elx#NRe>TY4mqc@x$tOtc}%+Y0*zuuY$&M{p!ql
z8>R2RR)+?^4tqE)%nX|lJM%heUZi`nI63KlwR@mXMjE{jU#Y>(@j_j+F34N^yEt^5
z*Z>l{$V#|{TH-6b)6Y^A6{vy(V-b%1AkCY7-F98Ol4(*xmHg-_TL|QP$J~FKz0;rW
zzj`Q*jpZ5r?i^mL=7ThD#MBe>6AD;2ieBqEkthOF@b<Jl!2tr32v+@a*;LT9U>^wW
z6nJgt+JEcTu1`R5{A|A#8s1@1!w?|Z8h#FgO3TuHbnP7Y7YOBiWFd>6>_hE5F_8jO
zxN~=93yy<n+6??Q)m^`%ixk>kGrGrGeSa~y*I%y}ei3#P?5jn$RP#oj4RqYV@v_Tj
zz06Y#0G%QB`P|UT<J-Ic3oef_g*NGD#f^qF!F$0=&6p)b*ug;2*_znc<ooF$u~o%9
zz`TU{vwD&OZ^C|SVu0tIdTnZJgt&Gl9Zrb(NzzJ^kM-u!JKbr+b14dkzq+3^DC5vQ
zuh&#m#X7sw&~3t_mQ1(of01$H2P{3Ae!DNnW?sE6d5G>Y>y6Ojh6qj^KNfyN@vBL(
zWhT~9$ha(H%*XvTS@YS6n2h_J*HRtx3jV_u8^CC;pijcH?9FRE&M+Z;S;dPey`LE7
z^SLO^pRkzJ8=3zQM)6&wkNm=SDQ&}RW->RqY07EinX(hs<z-{AHSul{r7b}52>mi1
za6BP<GuzF;e!X^VyloopmTC4ypjL008s$vN|JUK~R!p%%@MFfQYgY?*Me@G(Te%mF
z!*37eKO~jIoT9@t!UJyNn5dp}?O}U`CmW}>z7$bj9Aq%Jdm!JyFn`+4vGg7m%nnTi
zTkQN6d`W%h_O)LKYT-K<62I@$mrYnRd*;4#%un~ksgGhphE!1C8AO`KoG+~K&w`v|
zb<lR7)NfW-s8<wt$Np;{`X{R>L;8uelSM(#IKl>~Bi$n`#r0{5)FxOxn2bT-aG`(K
zzH4whIk)VJxVE=$U;4|oFNvSHDXxrWN&6S!dC7Pd6MufBaGnjg<`=XfM!_(NbiS5r
zrg{N*$_|5I0nTiSAy2f%MqCA!Zh8XFb=hPgsng1rCS>U%EgM9Ts{p^~<8D<53+4Vs
z@{I<4OAt9}o#crzo~Oe>vOdXLs2}NRa{rW<sHX*C%i~kux;a-kBdBjanm=T1i_=w8
zk1FHaFw^KBN!Y1avfX?wQWnKJX-na|ARfI2Y*B}*K9n*&*8@87QU~ng3(&+`=Eff#
z#X_Z-Ev;87ja^Uq0HG!#@Ly>m|93*&r`AP%(fLHpNuo*}4cx89KF8yG%|FS$IHMF*
z%~ZX3K5@G4nf@A*X(G3u`kti{Zzg*3q%@0}-xa%Gri=Fowx#5V`S4FlU_nj5#O%sF
zCjn->1YnS=y1%rD>U#NwnQ|?>c>0aYkbhHN*yovJjJ-Wp-QZ%(PhMxwI<N5Z0{z3Z
z8~=o-FC(2{B?A-90t5V-)NYTnUt^^Y&|in|Hk-FhpHcYMXIBdLk1Tz^=YDCMFKK@=
z*|E`8Xdqt4p(TU-o}JoNYh1WSk;sQ*k0aj(h#!N*J0#nli-|<6V~EbPY99^nx!tm+
z7my)L@m&WA8Ca<j!Z0z@W8a6#5(kS;OE-(rEh}-RBHh`bJ+z&@I7~kGH3g=4Q+4+n
z62j1d9kw-V_>&2*wRphZf#USnN@9v^lS)u-qT8rtQJiJ6inV~ED@$X&GdwKJ5KNt}
z;kr&x{J>#f#z*2(`;8IK@NmC?2<tCOxvjIC(%fokn?dt^f)^JpNag%%$gm{rE<czk
zI4sF*@q}K3{8U(<?zC|VStpD&=4e-Xu-vC2tS_%wWYk!3NI1!9Rp?xy?+-$%rD^jx
zzODtW)ouR=$(Xc5yVqvXj@iP(U)*{?Pcu>vYImr_;N1P|O#~=Q<GC>x_W=^tZY7gK
zzwf>ZN`tVDJmcuWG!9wE76?0Suy=P@k#!*T%2K1X-`B2Xa!(uQbFWU<wGeSCYm?+i
z`>$})o@6-_Oe0#B7w-t{-a1u2y5!ueG!$+Mw3hESsNouf%z1^J5Px)fQ@c_0^#RW(
zYPN|zhKraQ6EkW?NcGDzCUcR?l)-(GEWog%f1?1aVh=^3x#WzkK3N>egtV@~N(asN
zire#&d{_bW0Db57=C%01cDcx-Kev&O;*5Q|KmUc3^`(Arx@%l41kz9X!%)6<G!{a-
zE+cX4t2cn>lV?XKT1W3+U5Wuu^RSrfUCVE0^TFt6Gl|XELug4luVP4zTPSfUQn1A;
z=C@Fe;r&r?M|C~Fk^<IH!LSN=le~A9>YT}SUYzR1?P-O1FSMv=>;(n<yU(3h>##*a
zNK@5DZ+{I;xy-6=wmsRKH~+>@*mCM{1#Dfzx<(<){&OOJyxPOvPB1wPKOB5)XohbT
zHhOciMWeyj5>|R+>-bWkRmq_C%46inW>!7Jz4`rxo+3QAKL+yd{z};NqU$@TfMOJD
zyG+q%>W#2;*-dYCAvEiCIOEGz1|-*6M@fpisI<e0&pw89C^4>-MH|}Z+2$!Yb1wVM
zzMl>~brmQc6K8n7X$`|trsuSJ32P^-h*v=$QpZ~aqts8H@8q<O_kY3DvR>T<vWILD
zP2b7?DZ6*}(cz8?lGeEOQ<WTB&v!sn%s*fFugGh*rZt}!hu_X?->iZa5a^v7_{hcF
z?kaLZo_*S|fPQ7Vpj|%AUY^1B!;3t^?gNP|w~tfMimmLthSu7!2(o^XM#sULO0f_4
z_~p{|z}mAlKh`51oT$Qye03p(!ocfH#LlOo8LK+4SndFqvs5jYcg*gEp&+M{L-KsF
zhtT6ItS_~#F>{cA4|(gyDc*F(o*pY-{Rn?wPZ0Jz(^)eUT8tuXaG3DQ{x<3-PdRwo
zz~LSBKXJc$Ez_)7Wys9*`&JneBHS_r<A<qB2F*WFC5`>J6--;|FRPKH?-IZAfSCib
zb|?BeT)y!TNVa{A9;0wnGPAu`vHZH_%%bgUZyXrr4Rr5G=&AOYcCyHO(&nR;MO<3Y
ztyV_bpa91VcTU^y#<v8BzJ`mcISjV??Y>7W?vKT`+eWCeDZ8P4bgumhelU$!`Vwnm
z#}a6)di_X%9+Bs6k<{E#5=vf&tJ70`ra`62o}=B8RNgmCj#rTtEiE2)+mW5lijQlA
zr|U(*L%NuMg_`V;4gw}?DM*1*aB$9U3aFORW;vk$U~eyg)@q1mId7KZ2FdXr$fL}*
zJFct&^3NVU<MH4RC6RTWsdaZ<JHFkU`~`z`Jo-6R;LM_!ZkUe#OJ`nH9Oruyi@zsi
zQd1~Dkm8R!*jl6xa)m`~tIj>Iwnrrci?8kfoCk3f(tg4oF!*+KHL-O0YZmE!Nu0L)
zddT=}jlJuvRqhZ+Z!IX8i?6}fNbF=A#i?%GVBTAA;qcn;4KLUA0ZMdhWj?aVRTJ;B
zIINU(u5^!msR1;(09YM<C4Hj!P<8ZRBVb%%F-CH4(EGApYlZkFms!j7xM#i=tSovA
z?>f##X_3w)j+CHqoKH7Ylgvas1)#HiQ>?}XbK})>n28rwyr;PAn&!00tHl9d)kUEj
zYrRs@ee6Z<zF4`cqIs983QLO`pp8>3)ppQ_fWXI^GrFq~Ux{H}Yg+T^aihVu<xgux
z+G|4zZ7S-|#224GM4odWroMf;p+~NN?FVOolQ6=^s56nV<BxqZtr-)6%R$YydYZ86
zljv7ek>wdDNq<0$zO&=L2otYIVJq1llCnEw558MiX<0e*<R`t|;W1@N9B3-c^!}m>
zSny&QKWFw<n#jSEmf?v1Ylkg_Z;ng~-G_l$5kOYVa@vCPuQH(<30-iTc!WfQLj&fA
zyG%w)u;XG=G}>#f(5Vr7p8CSM=5%6~%Cclr*wHVkp*Ide9jAiUDd>TNx59S@TnTsQ
zTOT<=q(txYm#w@sTYF)!?gpCMg8THUDEPhYPwUwto0y2l)#$do>(dN|pZs-k_j|o<
zr7OI5NB?XyUp|UBUEc%Fs35sMGB%hH{xIid5r6KXCPV>6M-@BYfcY&?UXuFmvB%Rv
zGU7&&_@|=H>Uez0n*EvhN1@SB5h|fDH|IM<o0#G~<NxV&R(4Eap0*474BK-D{dY$K
zE$@WXGx%JecG=A`AKEW`t^yNiYd9Lq3_o7Wg=te`nSb>X$|X~K=zVpaPsAC&Osi4N
zDDn@e4?0Z*8W`aA>YCJ`rmTF+eXw!Z$7wc-BKC)W4>n-xJ7POQGnL(c0c1FredJpX
zX&w)&k~B^;+u(y~uWwb=<}urr`ZfC4MSNle+04R{%02JG#^GEcq-!qSAnQJ`^8UY0
z;eVJv44TK#XMI^9zoU%Kwtv-#whmwMGGPLfrC`f6w)!ZeFX@vX@B$y=*8=%3<~Q0y
zOE7<PLy*qqtP*wPn_-|F3HSBN4q1uBaU_z`n3X9SQV~CO{+@zZ6EoW}@$%ZxOF;v3
zfBo1x^ZN$-#SQES@rifmdFC-MfT5i$;!lOTVGApM+L!y@Dy%~iaOW_0=?(0igYYP4
zED`=ANEs&!`g4m*V!wYT?$S_I!eNh<O43?(4CF?a2G8(k+yyH!uW2EPlL~(1)k;`G
z4q%}vT#>F=OhhR?mve}jkR1@C6xh8^#x==r0sDI^qDk-tvN;-W7QjL9pJw}fcT~j2
zEM>89_CERTm;$3>QikBEY~qtq1Lxblh9G=mNRA2{c~fH0DA7yT`yM4Yu|0D?S64P-
z;6F}%tN=V7e!Ew}=#hN*T{?S`n3Rcp6jG%hItUe8E0O$+pEEZq;^9oQZ2&}_aP9dg
zy{e>&a*0_=3XyWh%X=7L-Y$5P*{?EIc8fBqA=-IY`&J4=uqF7ly;n}+!dtMb5&p4s
zv2*yU4tjgC^(RcSK#y4TLkoabIE}6Xys{!N7chJ}vU}B=4V`UGmMyN*4Av&kTfk2c
z?5Pn{?h<+Ev$DwTQu0$iG4VVAUl>*leJsgtbN8L&h#TY_a9>&ebQL!mAWE<6cs#1z
zh;@fV;B3t`9%Lgf86P2(ho_220S-UxB+zETOVV##StJ1b25w|xE%I0?qo}nH$1(pl
zhiP(tFfY2jMYqk%p{5oBe_20>@O$i8Y#QJkrni%gW#E<WB6R(ajq}YixF4*eh61HU
zAp{{MfaR+jB}e<C&G18Vp6e|T`j21xRG6i06l3XI-49`kntV#T%O_dCs0tix-0b6u
zP9W=a@IL{sabMDAFu`cEjsmNzCrMUaSnJt<H{#OiAdu({L7`u)1IT7wZ_G!e%!#J4
z25Zeyg0>C1(3t0we|os5hDcXtppIl_Za|?SJv+~8RH3iIb8R1`WY!UEsSwn-w7$H+
z5Bm)y$}_IBd`va1f-H?T$QtCS(nuO~zM3|vA&SEieHa9pPZucV!ZSbArU}qLRP>JZ
zceL*fuA8MnQmy`MEWdXS@KmRk;6-@$5APM+(4?a0Uq#+nVPvDqNBKo_uCc1oEHUUt
zD(eR5a?iEWaCxk@`7Dq6kyj)sT@8<gbwT1EXTSK_LCcUQ6&x1K)1uR~+iE6^rjnau
zTsJ-BOBY!~7XUspBErHZ_rz&C<7J{R{(PISw==Zp&mh4;4hNr6U5^<;(pG6Z6>KP0
z>-2i^17aNfLW%4|SsxrPlrWX^NT^i1>NdeGo20Qre%O|2n@KO@xwLx~OzS+XMo(IK
z-Q13Oc{d8sY`Hs3aC-@dxC7aK4Fpd-5}wo<9bpqQ;2}CY15^DXdubIhXzHmQMa06X
zCl}1O)hw1#f7bDLwb(v>=Ze<IDL#>THd4I#h_h?73A%cEz-`hlVP`V=jnDVllTu%+
zSJLUaMxN)H86}f8<5O0!M!`t--%*;t@X3PlO8ZyTNlY>0@^Uqdx=^;4`2|+A(092-
zO!7Jzc8E2juqkuJ;Z1^XWx+<6C}sj^dk^w}NWVpIi*vTlqnLv`t2!qFmfH-b8gH)V
zOODRYB7}qU#)iO+pq^^J_Nlj<^pr36tjHRM^H^%H%5B@mj<wi6f6hPIzIQD=QW4Va
zXqcnSOv=88y39XWS&;p@vfyQ}_-#E@?8feGU*xx(A{+Aehj8x9F1}(TKKRT3+aG?~
zfd*&A7%QlksIO;-B}LMiAKAb6G0bO#flZxQZ-rzCW(7naNhaF5<eXY3PQFizQ25B4
z>F!(R;OTX~ndj~Y-45wp{CWo3gk|37)5LfkWY@USb`GU29D5FPw|fBG<q~sbCx69z
zp^GzmD8L}W#dh~ra6=hp@|E4}MU~6eh`iyYr!wtno7+Pv$jX*zaDOPm%&_~Bq!DI{
zF{5+$f-;<B@m#|v7MhuNbu)j!*Us1gXxdxH_{wL{nS!v);Gv8LCeavWCXu7I&VV{d
z3U^BVpS3_HrWrXyl;3`ET;S*!_B4fq{rXA||48H0d8$RK)$NmWtp-$dd|1Q5|D({v
zyEV}suxxK2p6SRo;}PPP@l()l>K%-pf;Fb8A=~8Vm1=!Yk`3P{3kmM_4-CwEGCQbT
zi@IEUEd_ESI99T5AkH_Q|1^bylYO?$vDFA77Z_cQ@K00^ySx9rkA*OHcQW?U<Q-pn
zpI*MP?Fheqph9JxALtKtFKDo}1SdbR-m1`83a*E|iTRDm0To8GHhS$CUc1rKAAm4e
zqv!j<-e{YY7py3H4cIRcE`759G!An^o<4aK*j_W|YD=CS_ewa3!h6;Jw}EwvZ(Gb@
zRo$Ju>VTvE^{*08Hi;-Yd-&ZAR8A2NDzQ8pbXW9{=IHAcLBk%aa^5O(qQA4dXl8C;
zp=@6EO_+F!$lE_R@GLD@yeODYqE6<M8I*1A*}Z$aO@2>|eTqPrIBsy~8WzsKLL8pe
zw2sUUG?L`Xa|bn4UjplHi(LT7wv&m-$FC0!^|X>QY>D8+F{bCv8JlnVzc_DlgtOgy
z+WgSJMaEsjR)>}Gw0%$Zyhxcdtr|4+g1vCtKOnm|{wImG)7A9UI<=pV>+~w|RWi?B
z8^)CZRlNb@*AV`DIZhHX967nVo<Gt1F|xy}ltL@Tm~;M(Y7aVrmps>zEHBTuFB!g)
zw@1>*LJD=yPH3Qmm!z&;FtQvAFE&0u(Yz`oqT$+W$KqH@TAhsX*Tm41A>OsqX$8xO
z#=~vuA@z&f8q*HQIq#w6l1pp5);x<P%6R1)-p9}nwzQWFjt<@3YP6DseazL<`fwb`
zU!wtymdtB!g}R917Y`P1KW?AjllV|Fk=Ub^E`yM%W43I9c$|-Pwn?PS5N+0=htPuC
zIN*b&Qxfdvg*b}I-@5&>)4dYsRm|41bHFwTiJ-R~EK*a5D^VN8J(k)><es&Mhlx#X
zWyDyZ_QUKKo)*q4trm*4?xe>;Uc1YO)Ha=9gFVB}5x`Rll^%aMs^pREHFrNT>oucB
zC(-lB+SQ`pw@K(@=1xyQOQ>Sh4{@ielY1JfQa6O^Zn4%I7z@oi@j&XV3;E+QV*aGx
zQ~-&1#N0Ikrkak#sftRg;$c-$sH+Asm3+_Sl8X+#Ww_w&K7|>EON-*mTCkhwg<zg^
z^xpF1UPV9SFODhk$f~1yhj8M8*<}rjSF%f(y*a^?7*B;=MD>y;h3Ogv`3U*(*{W2+
zEA0)J6#dt32mR*@Jt04KCY1b#!Gyb&33Uq;RvApdVa~rs8r0&q;JHoBo}B75FCp!@
zR#J+FBFG#QGX5glNlj69{r0VWYyWG^88CW!xlGnYZpPmEKeW=o4_(%EiPv044)UQ-
zF}>#^0}ePneUu&NC$CM2Ph2}4Ley_Qve*J$LaZnvP>!rxVP{8`Q0tyUE&18alxy^v
z0+AcXCDyk^UbC2O&-*K(va6n&R98@c8q>~@>f4{L<1E$&jw{Wx-rjaAwSLy`tHOc4
zhj4h5TEj~CJ23_Qd?D|n7vAa4`b|IM55C=gW4|xD$3H&t?Cb>jN@Z&8Cl^1`+<upO
z8iyU-ZN!fRy53X70CS^%eIC|VV0JWdJDr{O^rZa^`&E%$6bs*VL4NW|u;06s-324E
z`EeubNAbadIWr-Wlt<$Q53;q#SfC@d%o+*Em8MPQaHXt~jFB7qPQDNS7@hCFdCXf~
z^{01>TXX9~)3?9ZO7>m6{`1~L|A%p!2sOkoloOt94dinKG6@GYi}YvGh-C0ga1WS2
zF1DN^hxDyXI90d`mX5H8nI8*Ui~{U;jpD|aho=;;Wn_<#3^8uc&4m5e>MJmb(L}fz
zt*2f@`T8rHGLrCCG435GB18wJ`1-ka{{@ds9cnNPp;}G2EfmUwoS{JsPo)3GX;Zsf
z*G5%9dla;=VISq02$459%I4-u<J%QyBI-M(YAl*s_(ggO(vJf14yDZY_Mj>mdNRX8
z#UVadEJga;j^dWOOvG~Y0tV*Xvn8?9GaqJNx5aNJ`)xee!w$W}ngdK1N{5u|3F_*4
z_uPt@=UFD+b%H1CI@SRZaE=GC3)>uKbc_(%gxT?IGjgwieRk{gffmFOJYO?N`v?i%
zfMOPEuYJ_%NR#p3j<^RrxXtp)Z??28*Go0UY+7D9NO#A*r%rgXgLdzq9<(Ja-B>=s
zKN}BVYBDL%!du6)JfcEw-4|{QId<bvcptTdwxD4LdXe|nw%@~=vlj%uk8WCCoV(oV
z)loM1=={1?L8+`?1z%>iA$)cJXb@guu=qIY&X=6-2@L2vJ>|VLFgSTu#NYz&8@EJT
z2Z@XQ+>r-_s*O|3#Ll-HnIS88cxr-fjY{l1^Ka&Fv=LkkFsNi@TDnj=7u06eCXQlz
zw}gvQzWdY$Ul*!%>is!eD8Q-GVt$dR*|T^DIx%X&IoYwz_gVK-+UEM+yc(weSx%y3
zgTH$gg-HmCl?16yDK|ceahNHiRR<RwhE^HhXi(D1AxASzTtga{yMCHXzU1}eB_YJH
z4`IAQzt+Wi>$qJM$lKWt(Ft74D{|p|D--Y{hU#;tRq*D*K7Z7SiA#ZRt!}YB1f*s2
zPJ5p^irg2m9TOP-u@U=)_M5imQXbT<+}oH@&D7rDc5b_gK0{$FpV0Whly=k#9<^;;
zEf_{<RvG2Mj1NVpx&NCRHxlh1Ic5ktrB-W9dp>vK{T5?Ig5nqWV7iyW^xAN)q<8UN
znc)>964I8HwjyTO&(??Xn?&^vb@AY<-%+3@Nr90XbWj6pNOC=TkJpOH<MpxCujR$$
z;j5Vy+uv?73m;?w;~%5hfDe58ppEjqE7N29ohQi+Jw1Xg&bt#gJP#yyp1I$?3SrL7
z;$yWDWuc?Xjfu_`O1CMJMW&+H{2cCF6j2+lF2t7AeWQ$ZhhGbsnLT%-IPv<3>Gb%~
zZhzXtrLsUq%Gt9#e@jr;bL}v+uGIskt%mF}c`}7T3X;l2)oy87YlogQi?-Lits~q9
z=TDXD^+tSZE4%%|ZDEtZ{o{_ebGW66f8?QA#?NbBN@n}4VD4`?6OXdZ{@UW@cNj-P
zCu<~?!fqWiL;oS_)L1VTdE0nu5c-sRt$87#kZFp}CL9xMy58jttRk~rx-eEJc+4y(
z&_?jlE9mlaZW!?z`dN;kcia99{u%ZO!?Qf*v0mHp78&V77U>_woP2G~cxC1R+N{%6
z5`2)G=C%&?$8|YOQ2|zhM*lvE#2-<RYcQcS*ZIVy80pw*Diypsbse|8oC{`awLZ3#
zC}gj1{!NxVEha6Y*o)HH(eCZ<!+(ohVu7ksp3)H3UZ7`rZsm0rOz{bCp*B18<S~B+
zB}D>a^a+bg466;8Geg9W69mlV`<E~$I2whZK%*gNNxH9e99WT<WlEa*=8>3hE3B*z
zU;D^%=X;V>AxL1O2v8eVqtn~ix|O=mfe4Jij2;l;YN=$PE*7KzIlWD}D;g-vnlAJx
zhVa!Sq31_^@yZozTX-w)#S>Rv6|9=v;&u4dzYmSY2yb!j)Qy9}>G!7e8;kmS2}{9o
z5G8<DFh>iVU5}M~D%kQ&wl4hN90aV87PM@0&F)PzS1Td=+=u#AxhdV+Eo5Op13By=
z9EdQWUro6>jk%vS`O)q5N$XQZ3cSpM3O$$d2vl5lL7FzQQfLGL8?)dE<A@>soYvDj
zFb0s!g;dFK*DF8LP?B?7yY8rJk$k^st5pm5TBDvBOa}ss1#Tk@`phEp*?Q3x{?RZG
zau~C}2kKaNexmdWa2fcoLgTU242m26a31izI6ho`wrbf$BG9|Q4gv07+aomJu~&?n
z)10rH!^f&58oJ90nK>ZG{g1e{WjSJr5yX$bj#j74Ons+~Zx;ZVo_x{I52SJ#U`}42
zeam^Gf00NOC=<Utqi(cb1)TN%HbxURDNldZ^|NAcul3(ISg{xAx0rH+R<0YF)?p%-
zU>4*u#+~M4Q9;Qq?MJ1Cg;MT}@`aiIvR@oeF1pkUZ@xkL4@;~hKW=qs9Snuu#+5Dv
z-tPuwUy$I!lX<Lv0Yb`3gh=B#7QlvUlwf_4C6K4l%h~T#T80H54|Wu!gPF2-j3tgB
zg4Ha$Cb^urf;clyFy<(8Y@fgTvQ;_B)8QOuc~PP3GQp^VAFf@G2B_sk{|XX+*nc@E
zc+<5#pyhGH)46D~x}w?f31(c{Wyv;*4tQld81P)KNXDCo+8=%h3xz0Lb$_lk5#>6F
z)EB7nmQa{z%ZPd3MS4B<jo;bh?hl7*&TCc`?d`AzEmQ>OyGiLsPFcr`mrtIUe)6yc
zaxfwwZ4NP`*T;-XP>0A7e9c-~7Cqsk*P~tCpwWqDA;P!L8TI(kTF&Q6`5rjTHF-HN
z^ASJho4?uBDNKKStnKz{ZpD+72AVMip4M?_FdQihWK#Hw>8llgKgVK5>B1b;5N+`O
zs)Bb`8ys%}>Gu#*!w30Bmye(?@p?n?kZMCsQR)R=$Kr_BA@W{?AKkKHrGRj#MnOa9
z4PSO;|9k8-ruY2CCZ*g0hnJb53IL<k|0p{1KqmY*j(4lCvPzL0ORkDYl6y-km9k1D
z=PD#AXO3;QC81IYv0Ph{RIZ|Oj4d}g=E!a4Hip@KZ@>Ni_9wH?^E~g@>m5%p{Pa=x
z_W|bb4e;T@(a;VB73Z&%9bE?CyU5O^Pkmx-M52v&d@V&vm-Mt<2=ZEWCAj+^qaV-K
z+_!<8b}dGfAuterOy>A5tV}T2|J?m2?@V>BOB?$)T%g~#hc@JDyMsdGC^4e~j;BVY
zYJQKJ@^=6{Ft$38^Bw$po>v@2*V*)WuiZzC`19N^lw3yn(%5i3aDkYl26T581<7~H
z)+2Q&D=)(4&;3Fq-l+_u^Fg&QAXnN*mb#DhHR68$MZB_qvZZiHY-UqU_Y>cl@#w_>
zYT4`HXI=*>QJ8+GCTfMR(b?<mK7v=!9Io04$d&VZ{lz<|_37^vI^xzLv*l77dS;L{
z-;D4A$gRzm6SL3X^yomU1-J_+erx$EVpYz<6_`9er;??c#%;DJ7z|)$Oe)V7o&x$y
zmwNJX_kjk-QE9z(tC+d&V#@3KpyC8AtQx+_4rwzKtzb79#Y5f9H~N?ulws?kDQYqj
zPOL30#RN(W=kL{bKfJMpG+j07mg)c1S-w*gb{F%_h4<aS1&VIw$+ByUGkPbPcYnY7
z0ZabAuX4f&8M$mruX024HF_LsmqJ?ZId;E@SwR3#0q|r}9(p=?;?a&blCka~q0q<w
z<^>ZYNW^<a%JpNYX5QzHdfRMsQVbP5-}Z%I=Z*Ylu+SscX2;t!^7X7{lb;65IcmV%
zDPnnh(5;vh!$P^?==&H3@8&#vhY<2EH|bI0D!w5-(X;xyfy1XlK)w1x#$qmQU$;UD
zFyOrLR4lPpnA_c1fZS$Mi2NaPLA(d+R&wP%r?tNr{wF4IjFIpP?DZf@2e0~vf%acj
z<odc$E%qqQEA=YOSD`_*ntM!EI63ejwUeG%I8c~H!C7bIy^?K%A7kKiqdXI|qTNxS
zcD&sGPF03=V+M1~Ts}AkMbb{3T-Z#EZ#Nl3#J96zH`1#t4IY77FaxNryAnmFDRD?t
z-O9S4<o`KzuEzo#`T5oSg*##Ip+YL7uQgCmKUL}LUkr-zTi=_HKTP;urJp4_K4JMN
zrvB9rN$vwU$Is4vC+z*);8>will0~uvb<H@dn@SEKl<mXMkRZ|uoH1ti>gs4KdT(T
zMG1!+CI?D_(4&Xr3!vu25LPTkQHNBthoV+$c;n1WTtZE#W7)wN*Igq&Y<h-N?NP>S
zr3cwYX9W}LLhmB=ukL$tTsl`E!$0n~48uF9$Ajwps$MU6*G{d>oMpHG(i7FT);(ND
zo61#WB{yzdi|hAQNG<PCdj$YHp$+&j0DOCdi%P3t??zW>C@H*kPsct4sIQ)eC2wzW
z^zTy|6@kVcVmCBupymy`qgNT3;-4l`;!M-7W<lu-VJRj-J<k!7hCC^j1%@s!IfuL%
z&`f^<nE6Ds=#*mK=1{n)EH^!0%)u?ykza3Ikn2k8z?N0I!t}SO#ZGjoF8}CXJ7Tw3
zjdoaDVDyl?9{xBm;O#&#g};5=qu*|5)#X2Mhn;>}<>rF58S`<3JelkNsw-_1V&HXR
zdWJXOC_?hDzOURV&wHT)a4`<|)zD08a8$>Ng6T+Sz4SYQCj6FjsHEd-C2!>k3Sevc
z=1LZ}n6YxrZ90Ey)X@eiB4`LFp7K2M=tha&!QnhZ-UBk4cl5xx)F3Ri%9dMOIsHz!
z6`sYM%(=P>o3og!Ke}!9{|z=@YQ@2tW%3$(7`vtru_^<w9J_Dk?8R}6k}ej6t4xGe
zz-xg=?nA9>Lnu4cuEuh%r%BK+b8Ji3VM%&*6;b!nkV-+xhBgm*<sA+@!L_~Jl+zTU
zK=wuvi*lZrG~*$k0Xmhr=c*3wgom7+`tk%HlsoX`<(fgdbCZ#`F?5@Z;Ef&X4$N>p
zj#QO7*%Mv2#Y~5i9FJ^%iZH;3N}ipPSCTJY^_w5jIArrSx^zso^ymYh&O7}Wz<%;~
zGA*}3JHtYK6M4ZeJP`mnqC+A^L{Phmb`qaeiF2-Pj=6P~OX;@xeN#KA0Ep+%yS(-y
z@VDT;g3@g_dhv7L3Xc<&<<_)Q7Txe2b|J43xS|2orZ{iOuqY;0i?a(?f;H=GNqp`T
z2^lQgA4#`CV#vzN_t_FAbVtbfv7+`jxxjDM-bKo&8<!(Lw=WoLeeukNEq&1%U{?l5
zaHF2Lh#bnUIz&FacW30sZK}?L4<=E209j=GwT%L`GWyE%yVt*LtJ4i@=9ilPk_LwA
z%H%xTzcZ-kamDnmlB_n?e)%H_0f8#YsGOkNZ`}WyM66j`$Z9j##tGpk#&}zPJ<q<l
zgf{|_JMhn9@5pE1664hyN7*U0xTz`9g9>S6kgRn5uXY!6RbVkzpxTlc@fP?K<q0Ef
zg3hIl51zudqPI!g56d^lu1Tm}_3^EiY%(+zI;vNF+z#F;#`dO;mGrQN?42_V0c-DM
zA0jjd(}sVkCq0UJM)=1>ndCVdh0z8K2L=exU;|ko>dq;zwc+)!mh=-BpMN#9N#iT8
z<mWDIiP0P1O&zeP;<--B{#wUgd?csC*OE;&b77zV`Q*}@AvVEqPY7}B+4cl5+tR*m
zN;UOVN7R7Q22xZQozitD=9c-?$1@og(*2(7D@49L)eZF!?_2JaO$WADn@H+j%f8b5
z#W-G)gqDVxIBHjp+F!DyL)u}UJWx?`4@>3rRW<hjk3&MxQ@$0hIP)i@_6S0-Bwyv^
zx}j#*TKO8SGS3m4F`F$bnb-+iH5U8OL;XeiJ`ZKj+V)kVPgey0*+wr=y~n$Uj<b_p
z3kwqBY3ftlon=uMKE5}&|C@i?QungX@|a5Q6Qifz8{xyYuF0QIG!Xy2_0A?%4L*-v
zab)xh)%_p7((q0vL?s5()B|ft&QlursK`&IVl{o+hrFSeC+_4b%t0;(wVwFF+SOi7
z-Z*-fy|2A+K(ip|NX}puYjaZEe<wDRqB)5HLwjtjT32MhH`QFYesXYe=vBnM-e^`F
zCp&h`@xfe1A|PJtXC})?<?)P;gi`ZCwi>}A24|(vOXgcD0tjd6K~!<K&_wg=`@_E{
zS`6NFw;m;4|57cVcwdT~{R-xX>$K!PEF9>Il_2x~%eNlD*>ELh^1P{))wm}!X0BL-
z<$KJ(sG?1jdG>D*A8Ra0v>n_a3u|6U%C0JyOY+6^u{J*Pcu?z~6OuAA#p#I)tC9e4
zzjVPpLn{F8VpMseI<7kO%372>^>>^Zmoeln)r1Y*ELTr+gGg`BzJ%YiX=R^Ej+vZD
zbKkWc`1=Je(gcC{E<PU}$g}Hr?U9RXBT6>APtn~kKvqEWTdAOeaRS6f{{Ig@9$u$g
zVwF7h4JoFBt_DsQ>#Wu#yO+f0#~i^kCVK`uAvn86?d(j0kDtac4=rXKzE=K#C&W;E
zTw8C3&M$69dM=&v$4(=z1E<YKbJ2D)I$PQZBZ!y_W9PLFV(=pAW%V_y2>yH_{AWs?
z9nCMe^;bPHF3E@z@pT8ENL)*3hcy0f6KJheEzW%Uo!a=vZWW$U*<5P;7BpHtW=72m
zJ|Xj<7L5MD{_ex5O}5}h^BjSDEY!M#C$OxPrB%^n>sXrqWK91wkE5xZsO=3)NYrd1
zDKW-T`qk*$Qk!yC22pbpnYVL+lM`hku#cfe{p&JV7Oc0m^%i`*u{>is&)5@1icgFB
z2XC>B5M^Q(pHmptB=?aNx@O^jrg#kbQyR)*IU(C|rEeRe8&*@76!lY?F>26YFz5(J
z_>Z(}I(pd%zL-fH6y@5b4XZT=&~+Pyu3mp!y(3)G)PTpYh51D+`_~M^UT4c{8~Hts
z){f2{=Q36=YDC>+d4QjN_R2(8&DJv!*wWFmkh1WMkyn7RBi+yJWuMehC9z|zWoIq8
zrWLc}YZKP_QJA{&sCz(%<nu+GTXinjoztPh0(Grb&C{sHBKjPu$6<pU<l~)EZSGSR
zJ!^3-_&A^zBu`Nxn*DaH6DH<4f`?v@X7YLc#jWV<S+LE9tV$c{iGM3`u5~sdX2HR-
z<xX%mBQNk5%7$o3(X_!et&noQC(a%__BG@kS@rp9EOGc)gPQE4LJU{bJ%vukrjB`e
zhlv~@sLD4+3C%Vv_%u540koV6w3WxpVvdM>Bz70MElRqn8aLx7>MR&!6`uF4Ju@4>
zUFa?$dgg;t8^^p+F)_ep*y+lkB@$@be>>gzO&p=0>Wx(Y)_mcJm0O9VT&@V_)t7#D
zt=-vRtt0%X$`}{T@Pv0Qx~pLC8zgPXlBMajLCG!Iu93_uvk%UJXEQ+C?<K0TXKEKy
zJPf{<-~`Ay+CyR(+tGPT%#?UFO_~Kh*76GxEHo_Z)4s&=AP#12T(i-MU=BP34sWmv
z`6$j8d|l{q*xgInOW3RaTq^f3RY*71<tg02I3BZQ?Stzg6Lv%iWNo0-08?8i({YV;
z*zaM62X+Viw!I+Vp{HNzbT{O=?50Iu%-d;pNEs_$@Cxt|kWG%Wv3@ScfP=%7g&9k+
zKhPdtZXfH1V>b(plcFv<00J~M<bydF{hLvl4#Bqw=>QdH+GKqHalm@?n>6q*!Xcc}
z)$w=3hD5KRt^COM%L!9OgidAZ01%}yv+>B^k1eqPQNoj={)<qdo8*&1%&ms5BxBB7
z0C;AJW7VSYGh}A`r^5&ZGfK%2uMXrjy|D7bEMw0T?lcwV_1(9j(81fS*fo^8tu=I=
z0oEmd$@<0@K%0vw?6BR)uF2RO=Hr`%@cWwtFTV-BD=J@{n=T{1MSd5#{W|y2G53?n
zJiTR<AN5k9#5+oI9>oi6Pac_imA{s)@KdXZcHjIz@$b<&*3+w<=xel}(bcO>pPDMl
z69+9!!uG(jiDzVG-p^qT#9ovedh}s_{S<C7N@pJ>@&t`u9D^CC^Hp=u!spKa2><xo
z=Xt;3e?#ft!*M_OT^mx@oKAdhKdyrRQBuvqr+rWe4yR42CO4OYqDY&K&CtUtJOt%c
zbC5y0=GN)yx#XGejrqQmVtW5n=&XlI4JG}Kt>BB>Ux0`7lREp4Q!0xnn0Tf<>F{j2
ztm_rTc9-PA!cuVdi{XO*`Y2942F|`x9r^0q1KDjy%`=Y(^W|tSI2G=~3NFXI@8*-!
z_!F9TnkZ1B))g1He8~LKKCH~#c&}1k|HoDVvG9-dJCqXPb507!K(={YiRHGeZD~_x
z9H$K23+yXz(gI5Uw2I%2S&86$y!~Y!@Mcfgp?J^D3CBqr+V9xU3)JA3&<vKPvOM{;
zU)S@U!g^+Q17VHuy&0+ZO6nY1Dro)Y(u2VVNnn7M#9S3hxjnFh|NT%U$v5ZgWNGlT
zN?ZlD?DJC}Cp^cA=m1zX91o(uAwSbfnLv{CSSPr4o-7YavUC5RM74Lp7RWL)FW8H>
z7^Y)}>e6vdxn)(Dl-^(OW7Fi{_<9lDfL#cg`%Q+#1iO?p2@hiL#N2nA)7y|qY}>vJ
zQLZe-+ps@`2iXnGs!gh_3b0R6FBwzg%8Q-!39L3Oi7<r?FOXz%f>S*=PrY{(Uqan3
zU&|hlUB8@<DAR^k!+Rg-Q_MS7T)~g@8Jr941L4aT_B{qJF^q!OS}(Dw1i}!Pw{J$r
z>^}>Y*+i33`Z-$EiiG;J!qR`+jV(XbVNcGnkFr-G!~QDFOB0>KM#%fkC@x%KWx}Z2
zt+Ym%eg9<ihw|>wWzR)NYH$Bf=SJ5e{|-oVbe$nG;AEJGTUcr?P$?^pP!>hm_1-ek
zcJ`P>8UBt^^oO5(u`1gpoL~BT`u&`qey3lqH{HAyryv1JRyC6f=kK^KvV2hJ4Uchq
zgJeJEI+c%m6V-hr9`kXn6L{Facvif6He#wpBPnKYFnkVjvP*#oYqn>g>`Mt5lFFDi
z0P((*QYQ>Z7Hqarc0@JJT8UMeR<9p>E6a6B2?5gg+I==fl)&9vw3L9<wLHKK5_%=L
zlMinEB4aPP@GQ3zkS5)?a6iL{cX{_NKxhttxK(5+e8zP!GZB6SRk^w$q~l>P)Re&3
z(EZ|N#~aN!!g~05NY_K;7p(E0<aa%`LqAyCR8tk&K3LDHt(%6Z97k(RwJ3I)#WQx<
zH?&96`J3h4I`SaYDU`lR19W@1=-g-M_K6RK-X)y>(F6cH&2$_eVM=rYLujHsQE~x|
z56{-r?y*c)?!akrnnWLFP=x1S{bmr`yFIj)ZD;Im=(-{WrMrnQKx9J`vdki+!@i_-
zIzNCo6}7>)Y`cZGV2915A@V2a<=2d-Mg2(tu9p2!0Y7xrt|T!JdURtUCzO`*+epWl
zU}#k-dNqcr_fJL*t(LTUbi<Wi1VvN}GRCSC*bUqtys(g7kGcBM3X_emz3nspGPn4A
zP&jL-^avoq%$1wfyL#g5*4HEo4|No2R7RW(rS0@KHXy83ak*)Gn>YY+c&5C~VW?U#
zU}|VdS~{!|h)fNa7>li13;|c>qL%-7jOfu?@k>$j=#&4{aCh{il0e?XO>BDG6h+=1
zoxA@Sh*{0<UAm4b)g@^CYo1!*6}@kzdA)yoqfHjG5^cSm7myFV3YrRTQT5(I7}XKT
z&(~8$FCa<V6u5WAYa#OjkH`Z%SixKUbN71Ys0Ht^oXT8HAGS-<>S;V#C4DT}zjjN5
z=hg5jaHMR9F+sCNMH(f4Qwhks@<lZq7JV>v$SygiTnhCzl<xRqVgpNSav6>IcQ|zQ
zwqW5RP1j((H+|{1XDb2tnC^m;`?@YN?{SYc1BW5qL$3gJvQx?KZJ<r3aqWDn$>Y*H
zRdY<>@atf5_#a!EV4|cP5GlQN&yH~xA?&WNl%mV&<BCDA?Y1YbN+u`;;P$lQ2zte*
zi7(*=!74?o9ZNMEaa+OsoIW_*p{#;IshQpcQiNum`$Kx&=3$5|;|y7Ev0M9budUO1
zCg>V!InuOJtGGdb`GWh1GJxHk{Z@vM_bU}-_wbH&(E*Zq{SeNbDV&0MReAn}*lFv+
z#;}1<Gcm7U@U*?Xr)zd44G+uXyy68M!9TF%uH75CfG(?bt3A5x<l5{PDf>B~(xsf@
z!t~*oVUNoDMOS_H6WnX{e3m6VB&W&3rnS0avu%#sp0QRHbY5X*Q+xLw>BO^DiZ{iN
zp884V!4e_M1Qw?OLUmA7s7O>I%%*6{m7o*f(~-LLJ1DL(yN#U+Y%KEoJw<W3fZCoY
z+d@YFT238M|CF>Y@k+9<=!OFP);pu`auiI}9_0TrX@M2IfIp6x>{EA;8<}ecwk4C5
zydOAwonVcV-{gqp*Pa|!EbQQx!)XtBm(Zj2yw$XX(K_sy&3jq7=#6)N?(l10`Ii;+
zjyOLz6-dIBr{UKN8IeD*S*r*I^E^jFs^4#6VklmkK4t{cD&w8GM}G=F`b@o|LQ6(&
z>h*?|5b!C9DSwAOCL+3m#7>UwF9xoTKV6j}p$k#j#1zR3ZR2Aaw;lqxzIZly0wY5K
zgs4u#H@9m^`{g}c$%vl{pyanL=5zSLRX=Rhw@%L;$PRD*v8!5x%pbUA9cSCan*up~
zKyC^;+JtBoODU<s#oTu1)h&WV0`iqgIxR~g&w_WGmQaQiS`fxt>1xtT(NApOyHcu;
z^ypkvG#Ey{^zMmEFhrTwjfI^Gg_@L!f(#yF&opR%9*R)fEpOcjrGJhqPc)TNpiAKj
zy=8;eCfJLozjta27{|(lZ}So-%{T**N~_`TV;Uf-5JV;XRqx`AKTmTIsBe<uM*CqY
zB;Q#+D%p7n^-@cY3OBE?Mpm~9&k}!ar7Gr$f>iBHm?5)UQT~Zb4xK11?^0prdzyTo
zaK`b4ixyt+@k9P7=DAu;d-)!CVgB&g<MJXdVd-1`z1C4n*0`S*T^e@yprCZUJ8=ck
zcz#+)A=d~?Qab7BmEg^GZ8T}{H=p6Dfj-RAnm>U3cH(76XE)k1L8{*y-Ql#y=8Z&S
zah~NUPg~`Bj`41^{-XQ!RfqA{Ecp+9%nmYN;&|uxj$sabcrv}A!ZiT$U3z9Z1bi}#
zzl{ux+4B{2RZopLw<$7M5$XOxlq<g|(QnC*upe44G2ufTUAXHDmd?rft_xhr4{_B%
z-khbL=fXmv<QK}4<7}Gjs>$)B-XX{-cD%mbYcfqvWb(f>1gte4fGksBQx2ALg<%M3
zwA;S>Ng}LpO!y$u(m_0SgEcIv^6_s&T)O&6Op!1uCRhCW9Fvkyzg{(|_2)R<@vrw<
zob@k}O~qBTg+CfW;{n5VFZn;eFF%>XWSmJ+_;U1Ru5w8w!zn_`myQHJKMitf2YmkA
zdx{o5tAN^#mY$LVus+bNLqT0hcaEa9zyr>3e<qg<8`wCGrOuyK^gIQPYy-P%SWG@$
zq6%R{y<Sg9Y}rrIR)stTt#`SVF%KJ(<d=-8Q#6Z#rD@q9&#DIrmcQncbE&%pvndT@
z4yLEvOz!Z$J+PC$3P!!)7kxwxEe~&}nreD_O18qcBF`7&9C|w@GrEJk{O}!395%At
zcEydV?ZoyXzc<j$qK_T|2QIj&fAsV3_73IE{gJt}B8>K<8RI1mPSIz%z7gO7``jle
z#(!ecr&=g%R-1Q2UMXu@p}x12>6KGBjNhL2!Etu4@q=!KoD=Z9$Y6ciOw<lgkHVPv
zc7Ncqt4E~?#kmDh^8zfdi(9Z3y>DC@a%EV<0#=jd9%cDZc$BBP!dDib!1A(oBtG=V
ze)uY1id|OfpEv;6LO5>Yva*Hypk%gnZ7Els8j*gdo32v#qIM<2d(3LGID3?LzAVb&
zB)N%Lydlb-R~;`|)Dih`CZ;NTk{rr?ZYIh)YGxZ&;%66&aZ?!{%R^YMk{#udxZAn?
z!alZkj|Adm;{F}l8r+B@zf>*O(n(-wlTIX)q4&cS5U6jJjftT>KByF#-0M+qGv9i{
zwOS4S4L><0l$T6JNp``nm@s6fwC#0<#7O_rrQ0QFQ7k@#-bc?OCWS*5-lv2<!(0k7
zn@E$eS7;M1NoXKpZ(7W#C?W2HLU?k^@>Gq8Z!!Tnfv=Ge_=`jmGKwiiF3WcEwEWr?
z<Ucw5yJqkrpeJ8BRi?V{jR4SAS(tjyEw?XIq3zBqk3?<;Y(rQTX9{ZjkDg$W;h9<Y
zjrW#*`AfKmjm0?oN|k9J&GryeTabC4(X|F!bZiQ&PgQPoMQTk!BRi(`8oN)tvPbR4
zGo<p(-0YRbBu+;bYad8F|NmP$iPbv1(AwaXP*h~Qet~jR%QCOo9`c1UJUcz62>AlO
zFg+Mr7u{g(RK38A!0v`Z(&pV!_pI5^RU0)x;>~vNK(Frsy+QG~I8L3}t%Yp=nBZr#
zf4j5)+O{hFd^ElGXe+xdoM|JchHDpQm8D_wur<zyM>PoGVVnr-aHI@hcdw==sxiR;
zIhNCS)Z{G?eRaF5F1nq*rH!;-njHPY&gzTkOeD#0%#hixT01cpv$-3*XP+p_c)M`a
zwaMga>BP!!hJAV3j^eV8z?S~jPI2#-p;=zo1z=eS2t@m}OnPqe&a@)xdYKvIzI#_1
z(C#vC3uvvBeWs-{W+P6X@^eGiN`faLN2a`KkZZF?ndttNL@4)Yn0!|-vKj$GCfO~o
zPP86oC|SYutST-2{@FB>r{+9m5$_n<3y&urg{9BfMJ@tLTG?M_5z|jUjZ&n={?;=-
z6K%nx)l&pKGZ1^X9DEZ1qty-0WKv5F`oW{Bbe;-J+{okh^Ri?QHjpdMMUQoFMkQ!v
zLQq}8aDDMQTw(NG*-3;qccbMqp597s%8ece{|?+}H99rf@Xar9PRBlP$-IsPs<FDj
zk=|2p5nTcH?GWZ9vxiw(0(W8^;Jx{qHOMfgF$boPE{Xb?pHzd4%Wmzp&GV+~df&$W
z@edO31DCcWz8WHUc=L|1+X_-E&ty=Z7sBo;ZG(<jc`fl#%s_yiK|)al>QgKC1#^i=
z)+g|HlD)KMPbN%4<{6xC0C21AolH-WID?_RIBq?AecKsc`=_c#wjIw=NMz2_23kM+
zZ74CAeCIrD!Sotaeh#STjq~mw*FPa`gSy5_T~G7>&_^ZjW_lc~3V*w#J8m1nSd6N6
zpg%j$CZZWl(nqM;Lyv)F(j2ed0d{xl{2&jBaQ#8vIXFjAV)diNF(+jc_V!2Eg|`l?
zQN!ZGRBBY5M__KX09<;C$B3Xk#Occq;GN;LVMT)h{@RHADBp<2?LoEl(%p$Y$`_g|
z+xA+!N;KgoW{@WX{9X5zp8t&8?s*uEOk${~1=yij<eIF+_7mt39k*rrwqqdO8N@<h
zZsbI+P4zr4W@opWQk_>A`|hi?gt-V+(+S>3b&@_Lwl>#A>=&VbIZuI}sxeAPhD@o_
zl2K?~+lN(AF8|5xStb}zpRBpAcWxX>%G?biVZ1%G%r7621l>9t+QOWu|N1HFMJ1jK
zGn$d$sGc@@4CdVRX@@iKlF(Q)&<RflCO0scH9%-O5k^BP7bK8!8r@|rr>H6B)W&vO
zKWQ%ll2_@AzIRNz@Nc-$v0>^aI_!YC$Q#P-?+)!QP@(*7ieR-!1A6+ijVHFA&xaj+
zNzJ{BFu{Au5$(t7i}?eTpr=|@mjsXGt8lZ|(1+sbDb$xaZAqW7d0wG`_kgm3qEG^+
zHgX~cEe^O@chQN?up?=W^uB<YrZ{Z3^@0NcGDGlrKV46xwa+VijdGv{`{-#`h=GiV
z6m}cLFCYlQW+bwQe=Nzr31oM~*Qx9OVMeV)?QE2F@>-3n^oby@;^IVc_wTz~W{;K3
z-Z{zqeqy6=_y$WIg?|@|%zM+z1mOIef*yy{0uc6qF9uE#?*MN)+l0#ag{>e|7DZJS
zD7gR^Obyje?8=^NwT96V$7AhlF3I`IZX^2j_3&A}MT{WjP3CtQxJ`LPz!YDidcm|I
zMaorM>}qmOG;~X7DEaGD&H@Mvv~VAilj4hj!*-I+SF#4=Lf!d$C1#(FFjUzTGg0&4
z#xw8UqBfr<;xZ#X(q#iqzP+~C+dOGRqtSj~Bck5w7UY%+J8-+CuEhJGq2&>IRmP*J
zn_R=vHSB=$y{-gX4HYcWPr3(w#d@x?gw%PKYU-wIB_D09Y+{@~!-`AkWy?bHhs1JO
z0x(RF4^2vkcmzn^i5VSgzv6BxfXoy5K(8zNA0e*~&Y#kXY$tkX@Qx^mu;*x%@Mf}=
z<SxxWrfx}`Hrs&K+(|eZi+-5lBt3NCEBhag(I55$>O!vRSL{>{zZLm;cj(P;<C7#o
zAG9Mp@`+Y;TOFqEq($VU!jjx`G&>(vcwyp_G)W#4GgX7(8kkP7*{Fj@sv{<QVNDQ{
zZLWeFb~ZqZ|MsTX0_;8SA_=0pRT?ALv7ZFbnRu_^5#RxFtT*zHcg#yMvDf;tRB_=f
z>i5O|qr|JAGBI;snJD=Nvs|mpT43C>u~tZvm)%n9Qqdh?bOwN+mqO&fir4zv3c`l6
zw9hgtq_sil<u&m#y^QI2vyADpzA-H>mqNa_t}cJIo4M|*VmX}{K)D=5+v`hNs6lF@
zj1NgS>4ne4zuw%NFBF!h4MGSzQNCI1&_k@&Jq_4r)q;<I%4=r^Px0%!9kcdkc<ate
zG?Q8#RR*mkiyn6wS2wZ$tWGz=slfl7obQg_ubujG>Fi`UVh(MD?o)^NToQcMR3V-M
z=-?Jfe9YNT^gG@{@6toukOD%K4O{!{FKm8#^ZLfKtd~z^iyaRvj|4sm`A0aU8f>Ao
z&IH+l_+^>E?WtpZamZ`c#Sr!><?Q+cBBUztehD-0QWbf5ozhoFT0p=5T`Ue_`I?r1
zslRl)*mgdlQ@EaM#^|uULs5dGp^T8mX)0&0MR5OT%jn`?(@hVGE3R$pwL7aD{CUX6
z={)M=?!Tq(cHE-flNQXMn!DJC^<L0xr$>lR5A1Y`<cb8a>opcMU-lw5j*r@c9WQ1<
z5%gl^$I$M)<rv-V@H5tnB1^?RPA^c;tRKyUBdD>EaqG^Cg69~6KzYLgD=O`0xht#y
zngGF?K`z}L0ahTO82wUDJrO#Iv)!<S&cQEm`)|1lDag+G8H;)(RNqgHD9e<|K5mC+
zxeM>pN7;8`hBxxO1qbE&<z`@!PmCfNozJx8dPCyNn+{jT`?oj%Jyk@u^($i)`)g!J
zb6edAtA1`HbrnEQL8rTt_yWastTc6Qm<L9O3@Tr9W<B!^C#jw^1-<3XFKgJk!DflL
zYzoT+pu~owKV5~f|K;1>0Z_+2B%171DtktV@s1U@N2`J@o@pVkMK*RzFxL;rCT~C=
zmu=ua$P-D=7LwXowu<s#%j&OOzDD(td9Fb4hyVUu14-dSRN2;`7uPgSJmp}Do&ni#
z%!5EZ{vvJAVaukcGF(Tp2e20&`wDWv)1T-0<`nPf5xZZ}#{&FD1R-TLRB?JQ<%Bzt
zqp)^eAG9>vvdi_6_%e^2!@Qwupjo^0DB%VpX(gWu9xpM=aXHHkpYe=>mfnzm$wjI9
zZwFM0H&pL0<2OtTW1-K%guUY;y0*E?1LB(wC3%e!S(O@aaWS8xbJ=5uhL*mS_zg_S
zwUH!bIh)R;xvJXvelV(C^a_dKpS&pkVVx;9U$cpSwy>jBdc`3$==qRfba{W972Vcd
zlbO1|82w~SKFrPdY&lOilEGSAz<b}6^AsQa(<MY3fE-5z?w6OxhE_$Mt^0r#o?$oE
z!GgRM5!WEmVM;R=15d$eH{A9#KMfl?M^OyK{(Tj!WOv|_4QPu{BOe$-NltpI_5QL-
zz9vnu>O_dzplP00#@}7HT1>Gc@dnErCW@b<de?4bTX!lSmfelKr}r2~+~ep$oc4(L
z<J9}t=@z9eAmRs!H)hRx7_arruF|$Mt!6key5Z=}O7W`UG)*UH!qUYqWHWtf6ei4r
z%cIQgu#1B()>|cY2W^5;Tu17iTGfZJ=GXQyLjl_U9gex!j7uoNuO&z))<BkpY(H!h
zxji;$o1IZ?NPI4OMX+D=8_Mkx&xcc`7v}u!iiwwzv;DNXWd}}s_DU%0p6s7LQF^6T
zo`{jZZCTqGBO%Ry60!^ql`bhr5rv<%DV*fx>H!~r!Its!(!Ue^0n#0?<{v?_x_Zii
z#BF*D=$%oz_n*n&CdmQxP~YG)*oEKOj*nXSZ>N}X+=;te*=t2X$i<!W+jd~Y!}21J
z{Xa|!U?xv?v<<(Hc!N1(elLdD!uRX8f8Z7)*VU``sTL_jN1lze)O|5cJ=00~^kPu$
zq%+N^(bg;LEsn8-|CP5*^!|bkCx_9V^&sZ)<)P$-!2hsTM=#iHs0(%B=XeW)=-`AC
z&2+Ig{z1g2j#tj{j|{2lS$8n^&X<0+$L+9tTU*zBI5Eo<;w6X=kL(`P5Xdf50vSG)
z^OI8-<iY>T``6nQf1PcbCS2%>54O=z*=>g3Gm;~LAH`o+i)RGq!D7B$L>U<$8ay2x
zaIcDn8T+{o0F0WEoNuuZ)Hf%Vd29uYJ1@?Y!Yh5D%nod}Y-MP79rs(SG?!8TPgPA;
zCdZv^ngc730@iZp^lGe$HY+x>vzaX(5*CBLCQ8Cvvuo>z7gVM__N)9<g7deRP?*n1
zd5+h6mE1vv7YrL+`<?@DEmYr}6sPo=&}jG)b3ta=9^&#DC_(HUd078$X`}27#W1<%
zXPQW9^c($!YIz&|eJ+|=7vf3{uY^M1oSYo<lgF^M0xM3ov4Z<_8hye?&rj&<^}&s#
zqaFO`3N@r?3}+#*L#h?N5;OCAvVhTNf-lUd&JF1`Nh@%hhhF^EXnc7$<w$*H^@?s{
z>{&A5x&LU2sylVC()AHU404z$DMejJFsvp^2pvMv(SR}*rdKqM%2OTFAu0MQY>zTu
zc>=xlkzV%zHmWpiT2@6rqY&~B#h|P%Hc4VxBkN1a=Lb@1Tlb#bbkpC1sKY;U8r8)`
zZede5^yQcE``g|$*&iJTsb8@9fi2vq37TC!Q)}j(dYdsrb)L-m$W)vfgcg|5Vm?s3
zI{6v$@Zo>!M+t>XPeH%mqTD1gNyckC#J71vrAAJwW62iBaYmmw9QVO^de*|KDBC#I
z1KJHKk)Hfs#3jp3wUu>FuI(2t0V{*PpRpLJd|y(U`*8GijEG|GS|0wA(}PUCFG;#R
zZlK);xz-K|-IK4#J|KR+*kRIxguj%P<Uy6}Cu&2kzFy^jWd-2|=rwT)2}iD-^c*GN
z*@tS&##A4li)xoGC^TDiBx<Y#Eg02;<sAUrbrz*AG44Z5v0bx;Y)>il{y$|K+1Eq<
z{3lCww-z2&n*4q5jrze;>G(Nhd#A^OvmvnuR$M&wY+`nV`JAL*Ifw8GCOOd`QUZDR
za=j&2Z8$Abh5NZy9~_SpNvB8jisHI@T*LN;PW(!{A-qW3Kn2|9Y}_F_C|hqGT44(-
zMWr?>dDD%?>8&W(oVFsjRY@al!VUOat4Am5KedT7-@CaA!Q&yJGq0so#AUe%@9eVG
zI)pPhe+~dtx-E@<DO#>$25(7S2tGpOzC$Eowmfw;*qV52VqR}1uDdGY_Y0IS@xPZr
zp`r1>b_0VD5@%F$sQPv095%ZZ*o1066#P(l&3|VkGtcrKT_-p}3wBr@)Bm-WC%nBJ
z?%#gHV-_6qooi@Wjfa*b+%}+f1VJ5lLhX~!o5Tci!U}8?0Gv8N9^}a?_^kMZDC7^T
zjMBNP>`m!nok0w@ntii4)NOksVVVLy->{N1J(ibhh+ALk$=P?YcI1>OaAC$G@hPx&
z&ExZ(Sv|t6<S;)Yd>?A+>!1%kD0u?_F*A0g@dtpCB$I1`f-O<Hg==xmo9oWK1%E9P
z7UiyEEcPG?X|-+y_}o^0xIOppG_^!$q%7teL`u&I+#^nw$NRm$+5CsV+h@MCj2W_~
znpPLM$wm@;*D9WhKd;Qx_BQ#Yy=#>d<E=d#{~jXwaO&DyZ&Rp{y9@ePeb!VNWD#_v
zmFY!CSjVhdsSss_)A{4;{@VNWI+pPs51s-99RLm2C7hUfMv2Kf<e;^cjMj)yT1>QL
zozZYU2){W%*>C*7_KhU>TSWI$+~t<EO2J6iMwz7+F*BBT<wL6ky_&3xTL&(zrfc8y
ziRp<z(l^bJHZ5}YmDPNZ<7f{H<bpx*+4<z{>8Q+Hqmx&qdTeFh_;1P?_H;%_3fTr>
zxl7=7L?bBlZpH;Zrk`o@nP{%B4bIV#4F&t}j@egeVjdIygt0!CEGh)*FCui3s(9H#
z$j$LxH?PwyWL5W$Gjp0tY`T>Hie0LM<0m2#wEnq82frIQ`%EYy2?exs&@v>WQc!ri
zl46JpfIR`ZJmY=4N_-Sy>DCxQv1KNVQG)yTtT~(;VeyI!r>>)TZ)`asd-Qk1+ina2
z2)S}NF`Q&-cF8Aqmz>!*{9^H%a#Wk>BUr+HNGwau{V86cF1EGDPRfIF!M^OrBP;T;
zJN(Zluo|uzji*~l9S1tjzI!{dnOR4Z^;JjC`l$j=_+X!GAKleYDd}+-ePE|TQpvXW
z{QZ}s)0LN~5+O?Imj8uKO72!vI{E(rE{zz`*%=HFp_C$9_HRkNz$^hj%F8U4{q(>L
zY=@tqTe*`PAZGOeX`hCE6N}V<%C3?3j<Ec5;wkM#;Va{N`sT7XJ6j&I4UW!d8O<)`
zF?Vwb?fa>OZOsZ5W|&Nhh!FC1q_5wVMCN@+Bc<eSi(X_BJ2jYTC3=;ECdOOgvk%(i
znqBIFiv&iwuy+5Qy*k37K&2Q<%Rg$wm#_`+rP>x@9Ua@q1BKJU_p%jH=kt&!(4)7F
zxfQAGUh%)D)qS)dixInhMbSRSQe@g-@Pa1bJ;m%|BuR{@gE3w1c=M*w?+f_{Kb_<R
zbXGjn;+oZm_=^wc(;w4NX<e-*q}|;=Yo{j#@_y3_gmL6!5L1xI4-hQ*5}%MD_=W7F
z=qbE@Na<f|i1eUj>3h?!vCziHTB^1UU8;ikdKvitAdK;y939&QiAzgx;_8ccgwB?o
zy3%xp`gr&(vu7i5FuJ2vNtDh3hpdQ!#4x2kR~Ue%V;!*`^;(=T=izN~fT+3@%6EIL
z%~(8`8#fH%LZ5pcP1lre@vPCPkv$;GwY?azs-%PT5F|BevZxr_tEw$?diIQNO8R)V
zuQdxZ&Qrx62OW6Rjh17Xop;+S7V@UwooXq3pF4$~KnqZ&;(#fFYZcm*YldUf-jZi-
z*A|wDJM>zT-A~&hPKUNybjo<ULtOV-m{`b>ZpKvy|J*Y4#!3V^Q1tL{q<OqJ%;kxz
zBGt6kU^snaVY-vvLaaCM8qZh{+=#&3#A*E6gNM6UkwZAye$%o?K-EG$Po>gq+Pw19
z4+_%7>6c$SQWh?!deDl{cdWRN-gBGTRO6YriFRn^PeQz5n_});S-E)X!`{hrLclF8
zrumGHhayp}RJ0tmc5e4#M{tjgtd!0{PmjtT8!|cun${O#<ZsN!d1B0*sWeurUi2y|
zFX~pj?c3H0L{*V%?81+=`62Pmj?!*+d6C~uR-MSpW<(BpWDw-;3YVJ|-I_t<4pfU{
zafIkA$m6y5_A63feP*P-hHb{hjQ*tuK?%yP1bI=3G~$=}TBfyH2kxhb!^G`x^OXqY
z<dZb=f4IX9PWrf{p$6Htzp^NQJNi&q^5L&ZxTNC7H+s9Yj)Bb|XfA9%T4NRC#8j|+
z8&f<b9z=gn29ERKDyIRKN029ir5f<9bj~opY%r}gP)F(K90FLTfHUf~HpyShmA#`d
zNQ?7!H>EGg*b>$|!diXQM%txrJNuTXxYa4m^=UG5^&UkN4bJ$yRne<2BeA3ERwjQS
zZWF=sQ5-l6?NrhjZHmf`q-D^9QYG6KKu@O%s<Knk>Qns@#9#II#2ueNN<jTnfQc{k
za;dnt$3Z?9xh+fjkNykwi<oH=dVF7C_~J^+I2pUY`X(wkhw-g~6ou*ID~-R=id=Ao
z$oNJ(u?GWqi8=ZvaGf1LfqmbY9V}~DEx3a1SsRX|t`8?$ube^0nbl3KCrK?(v+9-7
zPlJ?Y(Z|0^V2JFIAUwB&9*Ye%j7|`xwj|#3=*>sUZ=|vfl*m(nFM85!Pru=FUVh$X
zd_Q&6+8cfVFA0qPEP9`(5HC9l?DJEn!3sFT_*vx-3ceAd!@2QV<Uex`f45HC3xV#E
zkm{}SpkGz*67`(pPT<~9#;JWXb~NACWlzqdO@d)1W+2x)rgr5UaEv;DHm603Blec`
zhXlm0v<VE#iz4X(vyseuGvkP-qTh;`jHx=W{{F&O0A>v@D<Y9u;|kek;#Oym*L3&4
zTn3*{v6)R4*9z~E$ai42bL)f3lZp0#%o(g}DLEGF9VN;KRlxMym2OdfKd`B{O7nAF
z!S=q(Z5y+5TW*d7BQed;KE)#ZR!RXZ62`GZtt0pM*ijDGs@El%jC;hx^jFWJP+@eJ
zoF`i0#nld^p9<&|KR~uUAjz=W+|~>Yh<=ziyQWITEjJT=`z3cfh#a}^=scIQ3T|0$
zrn6HeC-9>YKz3?_jElY3Affsk95F3Ih#!C>k6#h_2}r&Qe|)-TAtiJd>iT7w>;E^8
zMTOR<#LYH0Z_?pQ>$rJofxuMFS&c;a?h1st(nr;{I6+FNf<(H2d|RTBQe^$oqJ$pR
z;*h%VC$n5v#ZeW!NmikQyL6p>jD@Ci%ZiZuq@HOS?!-ZT$3GE#b2*~Brv^aJ%<_I{
zb9(&Ut;~-`oviKfoe`rqTd#4xPzjK6sjlSBU9{49Y+BwIhvcUu#j41MCs};TJMd*i
zyWMd9F3IYC>fVES@^;*VL|Uwt@aw@3MLqO$(-!R}ZWBiRrrp^!PSO>^jl)!Xmapux
z);Fz<7;j9D<J9d^O@|<Wd^!)lNw<W3it*6|p%EJ69!|_FYM@}S5;%~GHzK{|Z=xMu
znsB-twE^7=K{W}re_Ct9N(I>nsLy{hK9Pqfeu{?B*i%}}06YD}uaJY4>3$Z)*zc<s
zmM>l4q2Ll1cmKyGi<mjaD7JyX2r3sa%zHL!ohNoeJuTzCgibW8S9uR(_JdQ0n+F=5
z<J7;}Tz(im`IG-WG}8l;I=!8UxEON`?JC(GsWZBgNO{B1E{b6Ni?a=m*Yb1{`ElGK
z?+s31X1msIO;k{4ROP?4N6>G%n@OKkv6Z&0vL2m`!@)jM(<LKIamjMroLT=_Q&jSj
zZSt^{`yS~b%<{F1Hc@d}?pHG^wy^hJrTXkz%%3xy#yZfulY%3$Oo7$(SC8`l%P9L`
za}K}HbjcmIY+Lwad&@2%AjcAb8<Nk*tFXOQx4AdPkW~|5o1%F2vfQ9djC#h{W%KUG
z572^}@dG>DFU(vef&unCL)WT`i0e1`uhPPbItW;<eok35&^?yGk)gIp4=f}kO`HZy
z6Mi=z9x+xX=0s8+X+&hQs+Lo6i#<c8AnUJ7kYZv_)%|6UF9=kW$$lj6h`gMmxNR@j
z?%xXDW8pvAxQTQO5o1=`<L~nhq4fg;6T^}x*uvwiXMGe>w`QOB*|M@KUasLOz?-)*
z`w9F1BQFGY1xIrJ+-MGUf|4Royy+WUWC0)8$-gu-Oi>)ASo8Zwhn_o9lZ8;td2{hl
zbS0osZoe@|CCjIiT3RtUF`H)$&*k{;Q3wk~)lseGGJ^@hUC2#S(6U89O|Ei5?RxL5
zf(Z9q-wO4%u@lXg@A;z=wR$gcdzSuopW=<k2~eI7^=R;JV(}j5eYZK=dXV$cIh-@&
zpPaL$4>L&BVQCSBFj1Jo_*0Y<XZO5`u{{83;1m>XKJ<uSm~y;bO%5K9HM#T#A^$;(
z%$lYT$#z*68gB&S%s`)?(1yauSFtP0fkWVvRdLYsUoJlEFwrE$Q4Z@VdDQ()*>(7?
zs0%(+(p;T{+;<oe6dIL?Z%Ur~Dc#)TKYkYEP*CVUDSI@}ARFVeb`n;qTKPhzjS8=h
zSO_|+Rffv@N^h(@nF_IS+*+NCMHQa!4_Pi1H54q?P8Tb7&R8wCxU_4@oxvg}-{>c`
zCGzkS5?2FgTeyyqQ0~S=A3)I3y1EKW{IKs2mLn31T)=0X``X`}Jw@m51m7C2ONQyk
zuiEhSuYj7E&j4z4@a3xR)s6RHpDa%_&<HmY9p#!SecX4ipxR^7T{O@62@9*Wt>T+!
zckjg^ZG&fCP;3tL5Su;_Z_LV<ud+?>SINr{w&0Vw`-tr}_KamMw$E%vjf;n@-M}4k
zX|p!4!(!qI;f2uD1_NVk5-^rzP|o4dx&2c=won%b3nvq|xF<KK4`8)}FYGNFkw@FG
zQ>}LHFQ(FZNtv=|23&f|JreW@F6m7uKW9dV%*!`tYA#}f=Mk~wH-?~F8vin2Pgesa
z`Xpi<pR({c*!u~qZt1x@agzloL^7F!Ve1{D{%sFv5kY&SlhC+YU*Mwu{b>CBK{9Sf
z^*nY4gNg?(&P?=+r}svhzgU}c=BvoexhubB$ETnFEvwi5WiHj9Nj3x35V*aoCKkwz
zs6&Tg#-042;5Ai0j@LXigRoxKzfix{mut~f0{KNRe7nG;KgUBiwMrjFqIztW+nt)-
zVp}Zo=~uj7bEY~)S}=ss8#l7lh^kG0*1BBFWFwY64)Z21j_j<1Drb6x=F}PNl>zzC
zYrF4C9`#A$#IFCMMv#qI*-ll@5C#bXTvP*nL?J30*@5e4Hd;c0H%gYld<@5(2!4u?
zZiGKRD;Ovkj@1G!xdPP=fbWMwXXV#XZe&21g-Ncd^XFT5)#-F};C@Hev(7d7$&+&y
zDZdW>lBIZ~{D+BbG!39$CHe3h{i${I5i^)u>Nj1Ld6yv&=&nl2!sPHTGH0S%3P11J
zH6u8~Z(Tx1whUP3D+dA%Z)rN&_BNJ3XJw$Xfe==cZV&9sBAq4&q?f)9AzBA!0=1ys
z{wtn3RH%?B{B<#U-v8wBgM@jW;5xh#^XK@nSZb_W1j_=Xn3Zyh<@is2Gu*Z9C$`O^
z@39TAdXt@gZb+N_iTXrKQ_rTFL`V`ikgAYp%k}>W9n${NZxM{I9_0V_nh8IS9yqff
zD8)0M4f^ZA?sB7W>`<Nm#^v{05uDRYZsb4rs7V~#z5Ynr88#J>8jiOhAAT|a!qPy#
zIhrrkpYlqG4Z^L}UNDCYD@_%gKD0#rlx1L)J=?Q%wMakBHrXC~8A!a4AXa@x<kL}V
zk14MkNRcGTwc`v*<@4nV4zwoQNO|EvYT}iSKs^jdpId__AGBgt4|iEew~$$w<!^$o
zfF4P;Yfz+-WpnF3WA7ulwuOWcc3ISaC1zEbgVi|BD@e*Bdho|`yjG~EC=m9~v8Peg
zc1<nlD<+jAx>&mEAhXg7Yp%2E$BPa(qtRukY}uzhl&4vXh@;)^Z~qgWyn!k_OatRC
zQufxI4$aB!pW_YKf{?n2gV4wCgFg?mo}2&6^Z*?hZvm#|{t(r=xa2!}^YH!!gS;({
zM}qs47(ACiJFM4VLzI#PIKNF@{$Z0A-rdg^+zJa~{5wsxck{J4{Q-J8A7)E@pp`cE
z<mW5mQ7c)8u(}}KYsbFj=`>>h!3A&nYyFD`@JZ(`*-_S>3$51KoKU`6j*^tFvD`@k
z=Za5%amA$#bOO2QfxM6Xcl^t1ka_B#TTz4|!YxT-Sr3xAH4$Te8)MH>kmn_bZ9?}R
z|4=yFD#Z`A@Tohd<2X0ozl)`;d`*8(p=`8!l7`R9Q0;n7xRmOBtCs6@4vCSO3IZz<
zqs*3~8WXGOC+1knWbpOKmI;BR9#F^cMYj4E0wd{wMJG3^+z&9GAs)7J5?tcv-sgc%
zS6(W25_~zamMC@67khm-$|hG-VYUgNg_7eoIa1~JY>E?aVmcS{w&={Ngz_MB#AM>~
zZ&=N}1e^z%R|fDMgnv{xue4*KtnDL1o3L~{{N=OTDa9WhTa+oqvX)oHSq5vbm*dEZ
zkFb|%+ul#N5c|vJr6Z_x@%Bpix)w)bYHg;p#WxMfx}J_SjLWh0$G(kY4keIgeEp%*
z|4(cX`*m!XC$9@s8W$8R0;Q;0|3{I_fcb6J`J8<dV-MI_sTN6i%5gM*p`3LO@<7;#
zgZv^2>N6E2BaUSVN_)6(AAVLno>pvZ5va5r31##z0h#u^GSjBag(8j2Kdc5Bc^_IC
z-V-BNd^MWQZZgnSIepA3IL(E&ZM>B8p1dzx8Rm2_=OOIHT<1()@cTKS{J9~!p<?-j
z^RTU1>>Z)+7#<5bcb;ejym7E{d5Z9(R5K{ULs<Uftw*AZ0Ytx!HzeN$t-N()&V>Ja
z?O`!ruQZ+}q5QE{j(Lgwym$3itz;Au-^c=H&cx7@AoWhw@eZAYm5w6H>wU%iwpDy?
zM+a&k9h)%|1@2NX_WCF;93bu`6$;`415gOyw+Pgro1+kcgRP$C719gHg<rf+F@Z~a
zlTR4^0i9EX?03ex?u4mR2lKpQwf-V6_2YBm*Ic}rBLzEYMrE9)Sa9oT%t3s;&90L&
zR14x}zGF{?N=wkgw47VDZe_=$HD5dcwx5ql52bj31zPa)iagE4rL%v0?9NmYc5F<#
z58c2zGVxUriQ2^;ErKkrpMT+e;6jj62*cz*t<UK4c2?!t-qwFi)r<u}HUlK5`eTEW
z{?eZXg_G!@9e<=bkrMKUbtT{fiOb(}DMuBb;F^#(N#Z9A5Y0E(^)y=Z1D$#FDBfRQ
z=U|G8!g`Pd{-%SOr-b*V2g~;{d#>?&LQa31Zc6Xk)9U7hESa9P5I!42{W9rB=?zwQ
z9@Dp0u=|1;^EZmx)=V#}WoF#C_#M0H+o|s{4W+x+rVN{txut_syZJn;^5A{}dB0wY
z%vx>&LR*yUN*{l){W{0fItKcPWBV!pXEtRvyHLlLs3_^rn~9gbRnc4IZfj(O^gi#D
zWBO@G_I>mUXa?NV2(5`w8o8LS%HDju*6!>7I6Ct{Cj9@8C!vTXMRF{u<gVmqODbKc
zRB|qfRqk`HZA2u;5=A*il25sh+_v207|G4%9%hEI!>-@HzyJ2<_TKw=zF)8B`}wF|
z$0rF@hV!XOkH0WYy|cEXLL>IK^XP+6M_X*#y$$e}CZUgW;l{6;<|<a*+KCxPmAF_z
z+(po4oyL>{C^y({eQk(45ElD!Df~`?4=LB@d6P=fT5unLD>#FVpTE?0-}28^qv4zU
zyQuH!saY{z!|=ORaRI$iz@K*rtSSm(sX)duVg?g|{s=W?p7j~Eo=w>P0+w$shf~@a
zPx0oL!z=fPy%1h%v$)@V9J_z}vr|MlwcUQO4H>-U&?d@w({=JCN0!Tw&x+@)cQcI9
zQrIyWZf$rS<Z+Bo?Mzs#-|>n#=dFKvs2wB@6*0dOu8EHLdU|U)t8{=8`|z}L_Zh?Z
zUO<H0dG?X2hrxe+m&dPcUnds~_2%*9yTdA9@X4_Kpp~ez(|etOsM$3c`}h&a$j?4H
z?XOXZbJ$(C5~#c6m^bA|AA4LpK?;2lrOmmu&V4wgwm0)$`y;a4Wb=<&t1V{deg(Bl
zSx*sThtUdp#PDtJA6_ng*L<1+Wd!p{rl<CxCy_rZxh!wq=QEJa#-gBPpRj78*s|)^
zkn%&UN3|zeC(iQR;MH2Tt`T(%Ps;Z5(qvN;b<9NLQM4Q<YG+`ZoShd3{m{%eHde1O
zvXA|o{?97+SFsV-tqcJ(B{e-%Xnc4pRHw-Lg>C9C>_KeT+K=RsYl?__ia5Lur$L%Q
zP22gmzPM+<S=Ef`-PsdfaD5<(%gA|LlBA%uI$vt{Yb)At#wd>ZtEC9!&0)UNb|bcF
z{~6%X2gYjuac<NFL8v#xuy5K^bNJ4lU)nuB-##f+(cc1*@lIa~sNW^!?~Rn2bBT4~
z=xQegMu5e(-myKa6#@Nex-a1hs{Z_RT`Zx*Q6}Pn4dbWGj((6V<S|3($n_)#YZ}wj
zWDKP8BhLAnA0!dZ!{qE3H6_Ru_Las#GBkJ|TVs|hQPX2JA#--7+sB<lXLWi5QM#w{
z8J}M#l}R7)Zc+<nybJ9Vo`dDQz!qCmaEX9FXN;fHS1aKqlx9x16SAbN2Q4$aN1iUh
zjWN2KJ`_O*0p=)g^*hE%0XWCq6x`h}U9_U(fe=*i=-T(-h;OVt6Yf()E7$2iv??va
z@Jyo|Vdg)8cYJ=ttP^7}SAZ(xOWCb`aRsFGH%Y`+?+WB-cbT|b&Rb#rD#gpFj~xL$
zPl1<*?OxZh@jwC&f*l@*UNzr2ePb(k#8AWQ?M#TWp}zd~&%DK-x8VAvs!Z{)hZAI-
zCbr!C3W%RZ2P0xyd<OhkrBLr{j^N)*)}$Mob2<~m$zZKRrm-OMITatd6cxa6mDCCN
zT<1!!@`NlEr7YJwU?Q5DeGyz2yERlB?aHg++WO?NfN4#3&5kwa7+sl_f}bb~;xmO`
zX&nQh*1Bet`35>jOD_uG;}r4nn`&szMQ`}^s_&EOmzJCyFJe{M*yZIzDE+g5;5*xc
z$M*`pZ;!R$oRFL-Lelj2kZJtx`Qf{M-f>q;O#*#{H|#g?P>oGZ|C|Rolk?v%4Z@Mq
z&cBSJ$}mE>z=v7<tab6QMXS{}Bg$^xIjS{^=ZtEPr0hCr{BtA<$;hl;KT{OIz|^nb
zEgyrE(N(0G>fB$gd@vZ}8^6blJ`1LdM`H6t(#R_jV+t!N6Dwol&8}iwhI?tO<hF0p
z^Ta;%%<j5ZiwS+H#S$y}>ssmPDlDKP$3?Se>T=K$^v0c@TTj6HXk^`4KaRE{loO9J
z&%u6b;)sHakQP~7D@B^<LbwhnB=h};r6p-|l;N3(7xWbRM9BPpDvOc<UY42@Aw}D&
zJRxBf7V*^VV|}43u8+P>HUbik7TDq|%P&=r60wfzqf*w0Klu8bv3CJ9>V_d>=rMn%
z=-j}3dzEA&@5j1K^ARs~n4fI6EU|-%tlrO<!Ev0aXs3log*&FKaeLato+O8D${@@1
zAgw#m&zpGZ+m7&ii6p`TthA0<@yx4SrTG}p&gnK_MM=3D5|qLd^V*~wFOUhgIyv}>
zBMKu0ELZC~l9!utmq4>$MqQaa{@a^rKI#y*@w3_{$M?H!PPw!3JciVIXXw+Imk4I^
zRIj_=?Ri?a7rdur>Cx?45t$A@+{d+A3vPf1hi3I>kv0y*msPMpL|NeC?#7c6iS8*Q
zayod2tB?V;v?Vr51in}BSa>uBYZfH2Zy5a9`vhLgrHFd-??;q6T^4`3d{WRe*(3tm
z&3G$#&Se@sHF+`RHmPwP^Qb?0GcTEiSgA~Aq=^0<=52_<(iC^8l|{G=mBnzf?d_vl
z%Eo48XOQ-?h>hrtM$5X>N8!w39X`63F18kQLors3@;qoY!8iah7ldRUSP(3I2OcG8
zyU6TZ{-}Z4g&GLVz)I#Vs%&i<FX3%wWO)|)^Od%LbR6J5pN_1T*dhyakN93U>#<g+
zxhX6NuJNT`4fP;)V>WK!&w0HLzh!c=$z92uYQ%PP;~i9M)7se^ffm-_^T{_`D4k@b
z#>LNz8?Ic%Vr=cGPUcoo_<6KlCka2Fqqyy%i)#on1DQ_H^*)#vQOjmh*+)5sWRr@L
zq0CzYQorjSnYJk5rdf=suoj#QJbU-yh9&-o5@%z)OrW`fxRYN+{hlzW{Jpy@`*ltM
zVC$*2Ojq)H8~b{JOf1fpZbm=`F8mnlTllO!kQIq0(A<F5J<b!RI~DNw=$dW`2Xxe%
zL_nT)%*Y$=j4kcV*ZL{o`a!<Qha_JTIWdKB*EceXU{nB^b1KT&Ontf(j}Bkh>%Yd)
z^jTQ0=rRK=I~^rq1I5Dn?q&;~+m&fv+Q)t>wdEp3S_haeH#qnh`tS4qWk;RjRH_V`
z+uj*Ae=Fhvh*5-WT`%ADQ0NY|(S)ar*fqOF45BLIq=6$W$!3OmNcce#d(~n<9P7J#
zo=*${ZNQy*X5EisP9JQ$?<KO;yfDp80$&2HR4kUC-4VIrqm6YXo<oa|B7`2p{KAPX
zi-gKM*kVB2`<C|Tl%L3QDh3)o=iofyP()O{e870sZ>eeQ2)k@7bUH_A#WsT6IG1W|
z`mQXxd7ku4aT!_0WNkI7#=eFMt2#gF69|rXnSJ->Pm%UB0#UpT1p9!uo3Z~g*A5q-
z4x6-V+d_4{)|J=`>WsT@?ZzAtRURyBb`I)QevfO~{<oBiJ&|Wn?c!03bgxNaG@_pq
zr=m&k5})VPZ#4FmShNxk{FUidw~A8?iKwf}0Vr48>3S1Kjxbz$!AvM{u2b)Q!FIpX
z^KsQ@@WuQO^9|GDjYN8hri8=vG1D)*O)2~}!vq8pHcF8i`ke!uv*1xm^UR3}eQVb-
z%&wxj^Tpd?)#&{Syo&jN+O2mYnmObH&BL;xuSkuRAsXBD<|kc3R});1+j{$$n9_V2
zk+trQ-^aPvT}SKvSz+=7mKgnV%GBY7iLxkf(<en+457W4j3!IqcZ^g^(DD0^V=<v7
z{tq09W6N~F1?v|k`Unjj0Yl2hve)Pp6hDQh8g`@9oQ^@JzdCL39#)~L{l)EcaDE{R
z)3<nw@e8xT-FU62V6p9cbnnoHTZpr2X$4(b?QSQA96(T)J!ty0XlH2eCI5tH7JvSu
zjyfp{9Qf(&BEB=3SBxyD&8(qeFy5IO<kf4?+Oo0ed%nxxBnK!6kWk~|2>RR9vGpE9
zeH844DEo)HVTDmOu}><H&>_dQ*<vwNsWQ5S+fEKM2$`f@5%CYachA2{4Z6mzhLf8X
zIv#F%>8_S7nI%}}OT@4~23t*vhh1@+TdO$V*Zgu^efwpw^J7E<`+jP=7J|x*H!*=%
zd13!v1t=<GeL^k~t!EcwHkjL<opCk3EHN*3&t?s+IWs#G_g*36LKhtCxpUa}j%bHA
zT8AsS6N%HsU0_VCKzIB~x9yqnu-8a;$cLNe`I|QP2hGnl`hRdgM=k!~Xooi@+@+Zg
znwGJ{&an(0a(fpS`|i^G>NR2~;$V8#rhAI!+B#xP$SNLk9_&Ecs{h8GbLkc9kL6+O
zh&2#gtWRi1Ep?nn98`9GX>qr-vVShTE1q8yf8x(?<30#-L(M{0<Oj;C>UYQ0Wr4qq
z!_I;EcxBFDhbtnWXX@IY*LIMJ#{m^>1$)L3&LXCXd-82_s5}v?v=|3q)obb|#I^$(
zj>=y%VK3{!Or7#5Qwx7BaIT2GgfHMp3DdXSmr;W@eMFeZD$J&B<rUSAr_lj1Jh-l$
z8_o^h3f+U0`#4id^|;qbha*VKOR=2SGwMsrUEXG>9@U0jA61#}jG=|&V2MMnrm78w
z3;B6*m;Z9@O&?6~?HZ3;4PlzrEcNXwLO<@9<38X6HP@#>O(oI?Yl-Uf%OgmqNKC{s
zW?}PmaD+4(;WkaTMvkZ65A*A5?s9sn6ap&A1fUy^I2zfI4nK`v(0Imab8J>@zDd&w
zjB-F4xbov+_{lmU%j?g4@56h%{2Ry0515+%r*PSEQZelJi;1&sJjpu-7IGSm4^g2<
zIX9+vZYuV##jtqi8rO!+I8pt{9GV=1TFEaNO6)4`{64ph`b5;ON!uEG&g2>EL;i&E
zfn~uGCw`?-2MhU*4vUUYvfy2(U`o*GKwPn&1mT^wNV@kRn=jfmEC%!we5CAnzAG*D
zXVAg;u=k;S4|6KN5UllXH?*4{rDw85JWr+Dn}MFArm%je`Bq-kT`Porl=C;ar3gy>
z@yT?AGgs^W{uyZEAz#029)<Bnx5-tgnMdjFdA`-Zr*@64#o}Y8e!1#rs1&~s=h5Rn
zw!?&;6V}=Pb*cG!sx1w#o4goN+t%!v#<cT~{P`d)+3GJGQ5o-Q6Jo?lp6oPNugum1
zffIXKy?cmH14sYSMtp()cWeLyNke>gIw@%C`+@zMng46BO{|X8S1&9dGC&S^;3<v>
z$Xz#=k^h^f%UE&~%-&KT^~Kv4H&k&qJX)wC)3D?EWo}69kjXis_SoyjpQLc89B{OP
zQV=7EnrJ?=GN;on(hKo&h=Vh(QO85?;lYDt=iy~b*=p=4HeF`pS6!vx0;hRxJpCeQ
zwwXOEu|o06ahfFjE!M$>!F?FE^QdOqC$rXYpPSw#!vm<F+#YsM^}@_S29y_%j3_j4
zJ5JSj9?@-*4j|@<z>X07?ZN+ve`OUva$ZuUYJdtrYk3_7sK*5VKtX22`tyimb>laf
zHV|#(-olOThsI}lk72dJ%Ghu)-*JUt^rvNZ+XM}2JG)2Bo?{qZ*>;6H>6xRxQwp+e
zo{t|Ud|z$Ct!X-Ved4IrKRW8heKzgBj#TA;v0>mv6tr+N_!P;rUI?L>>ik4;dEZX%
zyUK^3%6b{;Z1-<t;pQmbo<910i^}C!1#Pu4NOhdA|4+V*Dn#n=AeG@N<7K`p+-65O
zSbV1T{o>%B(9*OT=<<Z7v1f4Z_G89o^kNGhhN*f)0+WI$vuwR}CAd}bfT7C)1LBv_
zms|H24zkbr70rlc$VIXFjr7j4_$zpOb*=9GSIT}lF`%wibHJ)No0?Rt)9PNo+f+(z
zpr$-%aWYEbzc~!V5h=2J)w;vFYDx!o%BQLDCFi@<`m718wiiw81773Q^f-LUX1IYl
zrAwSY8;jFAX)MY*CI9o<6tKb0@7=CzXrmN%eSubRt5ysVmhEtyAf$*_hEE)ZU)ouL
zYdOQ~#kkiRiS=%<Dpcyy4^0fIQO>kP1vw+p0xx&qCoZatX^X74fD#`^Ktt--ii;+-
zi=!JZyHnA~L+^pLMs2Y0b|k^U8&p2&yw<4Ih@E<-O{;pp&Qn+cmp;byV(Yij#&6S!
z{Mf7|DXa4E?}Bu@X{Dy;^yFGIfTkKK!_kd^f@m#mhi)R+PNL-WCAmT!P^Y^0jKmE1
zHeyYZ#%@8ZJ;975XMns-B7tBHmOJMJ&YWKIuV*e`B03^{j8YT1VO*JF4)%Y~vSdxe
z$O{Um%l!Y8`0T{xG}u2~Cw#K_xo-wqwi!9101rCoc=_J$q5eLkLMvM97#R7?tU#iT
zCuIbUXfbgG<c|T)7{;1QD1K_ro^|u_(XsA6J0W14{*rJrM0ZDfb>SL9pDelk4nB>z
z_6xPrc={Y)d2?-xlo{!SOanqA>)>|H?NH4Gl!--!59*u|H4$_hGt|W|s7D-YOowp0
zw-3iFGiMGi-CEDNAHFiQ<4_eg!%v*jdk2UmrYa5_nL-~TU-&I;x^B*?Y_$wHz!ciF
zFF(SJtzCea0Zg<wlVZw~@)m^JZe@xK;ZDvKuFtJ!UO?7WKu94IPL2SE?Odw$3I3Wo
z-s4M77^!^@>VX}XNah#=u*MP%6m{k=uq<y_b=}u`PQTIT7cGreaQB?P71-}Km-Og*
zx+3K=t>(=pYN;YlD<2=yuuTr$c+9Sz?|&QX4f;lTIiF4S#?a?pGLBf#2y2gC<tUYH
zj1&eA%Cadv%MxgPbjtuGRY4*aF}9+~e<DZl&*>nz`BB@FaIHAEN>_LO1L^A&t5+85
z_?96HzI9ZYy_)%aH#Hsiz?v}#*H(R*<~xvC_tn7>q9=;gxk~Wh*k)eaYJ77BEUjXN
zYSn@lv3(B;KdTtx_vqQO*v!z*(A{0jPzhGR9jXH|9-AwolG^F?EP_bwp1U+bKJ9sz
zD>hE8z4{^;=&~!ceSPbV`e7eJ{cj`ncRs6R=i>{}t2SPt9f>kS%6sWwvVnmqbvYQ9
zU>|+v+4ZRtTV3mS8}1ZS8+=0mM=vVN0&gp%^@Ax#Ln>>+QU8m}Pz{pU)!ZQ^0%nxq
z6`15VTFSVcJGB9|Khsli^OY*2*5MqtJ;3EazgG3mIQ%1%Uov5DUMzllV}hATa?egf
ziZ#wn5?2!enQB>2;YC(AdO>{=#ROgB&39V@)S0HiEcMS^=nSJ#eLSEHF?782gNhG%
zzUZW_9TvTwH<RiV@+cyK?Z~Rj`Tf$Add+ILolC}rpgsDkhRB&tQej8vlNt#50C5vX
zE9stXpRLj=?b;dcKB3YD0!kI=5tdCAW<1BzhV~v<y;d}A=?6Mvqo)6M^=$~5yit@~
z*ccO8KD6f${1;DQ?41ko{Cqn3mcfS+{R*G;1SaW@{+3w!PU9y47G|?8Z7}e$_FwI$
z2lTAZCz)5FVw`vXjCiE{UPcCfTx7)~3Gu|Be@zqIm}H`n#<hnO3)fZv3TDFMOA`TV
zT5R{-+9I!rP`~jVZ*_hMNdZ<GhQ%ahrKOpSgFZF1F=x#ASC7S6<4Pi)BiA_X0^vi!
zy##h%Am`q{HmIqDwG`2(VR#3^*|Mnzj3%LooQ@Fdv`+LQ%zC=R>Th}{-s~m}(44H!
z*V&KkF$Lf!H|UDjCbD0C?8?Xe+$tP1^$qu6lDdjj-Z7&k4iVSS?kfrdVlO}<GJi9A
z>2o|$8RRk|(#i5$fM`{m8}KO_`vH>yKe2Bn^$O`Cy#CM(v~d1)#h?x7dA7}&xZymJ
ztEjvO)rO>X+L6#wHD(1u!yNbrV*4{+;-!1~SH(5w=Yg7Yz*H)t>XJY2A^UO`lB~pl
zzM)+NGrT61M*|-EzaUzME6%0M)Ek@$J<PsUNPR&{rRnahl(vpE=i(waSg7?_!y1u`
z>$c*2?8-FB#63Gd?N)gM;TEa`$aCSh1?y2MwMFk_G<;I$;yXnUDhPXdna!ARQD;AX
zfb}}%s?yz}^i1Y~Y3DJrN7zRE`Xex2p{nlEu+8>WXUagAi4e~7lXJu&?;o_o#)Dnt
zDpQ(ls0v=7+NkvI@lg61j7COwA;d+Icg%bG;eui4B&o737*M;|AJ}@xnF8Ahw<3Hz
zJvRVLLL>uKZ*ZeRCCpGEWp)12I~v;EA~i=<#LEz@tHFKdXsKR{Af#E23Wn_?S;T_3
z>|qs_H|I|7WH6ho<4lmdN1N!4oetol7VY@LqrHlc-<YLCUe`iJW$p3q?dqM{{;Y~J
zWCt758g~xt=d4WZ?LhW+(V`S-W?T8p{)EA{VLtDSThJ=Eegm|cKS!?dd7?tUWywv)
zwm`6-z$f=}0G;7@F|!Hg&>MXQWY5x$OCFIkro7LtZnA8t-2@kI-ZE(<>`9x9I<R!5
z+xC#_aFL8N7D1b$0>UZD=k2};3LJgfGi*9>ZhB^8`epUpr|gkK*H%c`t216RXM*VK
z_&?o7udmlwzdd#L=&k2@K#e1MPdVV0NM_OjJz=?Z<#Ay-c5i3vnLEfwSX-U!b31`K
zcE}Un9zTol;k#=EVY_Q2Y%4tMFio|nklqZ*BLtr7M$<2Z?~c_aqYd+T9J@2^BfMzZ
zE9phKqN&Ygo*6<a5~RVU*?EHZj*MGq;QdjJ843~$O~;7M6sM<9E$}$odop!nKhsxs
zw7`YP!ZnGJO%tszVV??4S!W+;s4!{3wuDj`O5HAxAzLD_xjn>imVU^_%y|)vFezNH
z20Q1S7=HQ6>k8I73N65cp$Zfk=U$F2xKngUjkPYke+v5mMfssRWNZ4ab&L1&T?Fzv
z%O(t=xHAKuYnm8-%61?KQNLHfS(i`n!m86V<PpO!FCf+)|0WfU^TrBW7%Z;DqLMMR
ziKRG**uK8Z9uc#SqnVPf%t4;9xZ$l$wO@h#0}4Os*P1XAVTG(@!IxvyD71Txjt}G1
zKU2^bT{MNgmUF>}WqN_~QiHPMd?n5Xa)8N{809%%;0|T>EudjO--!HrSVhQC3gLH<
ziNfLuhca!R@Ibf#W-O9C4<8sM3(R@>TD1(UmSO-q*j@Z`__WA|nD4;9K1!YmaLU@(
z7fkATDvgtGqtQfKQum}TcRL3{a)~|2NKWrM&DxcPH~zix%zr@<nniw6INt-^hk>#G
zYLxkp^Um<YiL~X<kRL*(qk{g)nvM<ZGcuV6EyL~;0)$JAG4ztJSzr$00vA*)*p$ox
z`hz2(%&vWaMs&yk=V_MPw9I-o=8-3M;pk=>_-!D=SRT3jYZ=x6j6kj+*N$J<pE{*|
zhWyW}Zr60#WV1u$w~;f}8$sE21zbUdA76*Kr*qLF`>>qN8v$J2DxjVF$><CndFpqS
z3cx?JL-rNG!~uncQ&mp^>=6GF6c6qgZrvM)Xz+-=;|P*UR9Oa`p$$0DB#QK0<`tS8
zoW12G$f3kbfjMT8KBCkUvIOVdQzv+f0g>hzP8_9mY{c<y@lF-kQ=aJwsC#g4Xm~D1
zZyHjJzvBk@9l$BcwQHd0RB~}|LO&BYqo!AC;az6lJdq+aZW0;43oPf66c76jJlWhk
z$48^fjE}4<cG&^UxNOy8?WwW)xKkX0Xox}w4IFZCAYnIs+;j!^jAh9amMkn&;(_P#
z-cpGDL0Jy~Z?>R#_kjfG-!xNHWT+jcB_(b@mNWezj*J4nV?C3gbpTHjKpQRw1Gtv`
zE)+Wm=Ryq6d(Z=SEsRTS+c&U;%fJ~cGJMnIK7}o#LJT&_v|l?u+Y4mQT_H+Um7|<d
z{L9$Ev?7M$=|(=ZM{0S71-<}ENR<akE#V!M257<$J#{^O2#2<5DsL&q69zcJ=1usq
z6<`a^=95tm41LIdU046=n<v5E#z^TuskVX&8Pg#HcIDR4fhhQ&fu%CA*y`rt@v%Mx
z<9H34QBaSU;ALKkYews0dxLpZd7SThJIFJLQ`t%W3x$ISg&L&5l#lU@Cu$~CZzErL
z6Od2~UP|d!k)53?@{?z#T%i0w>D>*1%dseJum>60so}@|L=g;r@;GPsc7rKv&cRt1
z;s-inXQBZTkh%owutUXeK{Y4_kYc*Z1KI;>b8N3-64luddXguEGIXd_p>utxp`>2L
z=rHohL9x37>?PNG7`WU@+d3Np7G_p8xql^&DJF!>8T$b`cN?B-PhO|+w;XCaxp^N>
z@s0wjcK!O^LQ*f`>Qxh(-+Ab0fAB&|SDs?+q8<4uui2vCf187f-a>Je2hk&5jr4_~
z(l)Abuoe@B>e@m|L=3FqdHOUg8P-zzloGp$Yk}{)R<~qmWk=I+4t-ni#<HXL6sUFM
z4Fq3_?U8=g4wk1~17;j52PXIku--8xMbMGK>t2yE!ze6@+{<zS&LqdMXi`@IS`bfA
zTv)4A3c-2b-s|RGW~s_))2Zd~N@N1Zr{N^~g*1xOuaei?EV8H5xHOoW%iE<yCrZ$`
zL;d5t@36=$Xc!Tj6BEqPoE3oYpVBsvA;0JC=kY7MoPqj-Jo8h}Iu~zkn4CaDR%5vO
z!&Td%b&ySkHdtO3FG(ezv#Gm+8!#=4xHP~Lcw+Iri^uLMN1}3klJBs^lLO+;O7MzQ
z&?RHM>2THV9)}83)-nD@Ai9E^_a8GAT5ett@_oj-6--fNp&1#5IC8qR0EmfWwVIv_
z2CRIxzTVidkGtF^SvFGGig4uSgn|(wIFDkYfwA?QP!#tK6Ho9!zw-}~KC{>*InZdw
z>Qx%p^m=%LOlXB~nHUhDL^zPA`EAN)zq1B@w}5apluNhR#o9$ISpBu4PFUG(Plys1
z8gQ=>Q2&MR)cXSwLhDDQZ4Jr$r(ux&xBRu+>HhqMA;(yAyzGmOCl_+N9OE`&NV&Oo
zMvq~)ZLKQ{6L3Z<8)vD+L$*Xf7PgOVj)Z<PdavEVRY3^($1WL0oDm9}o5x*=h}`1U
zJ}4*fr|ActaU5&QliG+UZauYVrrZeN)ZPh=p@uHAX|>zkXrvfx%iWQnK75nNibVDg
z<n#7VSvy5jPv^o4?n9<U9xtA#!RkbBMa2ogpRm`0Jqh%O<!C#^n07g5<>fMK0MPxl
z34U=?u-Db_i%^Jn^Wn<|#v;i6!c%4b1XLf<(x<x>G^qn%t(;Pulq-i5kWrYYp(oJ;
ztqqqo{W5*ZxjvEIYpBgQijqk<_u%@w;m;hJ-hbfKJ=+t!vj$dbae<AZ>$idj9QyO7
z5#l=$D%?$&;kb6MG{#6D6)MKVIr;=B0U|Q&_2>|sGEaVgGg6Sx+*q+F-XF(rsRLbD
zc=J=>F<&^)_KK1GzA%jJ6xx1YePF^8e&wnF`ARXWW!|t%a~9JmdHJM68MtE$dI6G<
zjfBgxD51JHPXr^j+E4#sdbmV<hnA^5<2jUG7-EWDe?oY4$0-@v&SjOhn^;#<f!oHB
zV?hMHG1IzD*gc4=SR2U|8_nH6D&rPBGe@{?U>yk$Qu)hM^R%8h#7dd5ZsNd(@GRX;
zKoMzI&=Y%{ig^N`4F`$u4*5jOb3Gi>Ex_Vid$R55&%hnWb>wh;Ii-OvmLt4l_$m*_
zLJJ2n<{_WQ=)DHq9`I|%i6ZMt;_7*5PRwpm1xLnO1e?DZ5&#-$Mz^rF2Px}LiK99L
zqZFbV@=)+YTLegO5nly<IvS0xJ1|h<4iXD=4f5l0Wml|S6oq<iI06IVBFjNKhQ7->
zL--e0n!Lrjm~5T<7*na0zHLzi^KRmuS&m&Nu8?9LPQkfAD_9!4@bl^3mso|`ZQL<%
zCwpMPmX<foupYEI-Ac{ktN`bXZ{I~Y*8=CASmhEYjB%V5MD_3nfIR_+aQ7u+50ZBG
z%kvgQeAzOu<=qkO9QPlNMy|_5$m^}oS)rX8D`gG{cTnvfp~_$Y)wgTK`~0g=070|b
z%BDv}@Sn~L&<+>jLMP?7nW4XV8qQxb%^5t=mCm&Qd?E)0I@k$ix+0Uw;Tn`cBvgVq
zXBE(#a{CZ@QF<_{qX=t%m08o}2sI9PPu4zxUTX1HxP}#`L|0LB%UoEP!pQ6Zb>Unb
zIEJ+%If!m1hTz}SQ8o^R5%cPzK8oG<;eI#7Z+{gtLpef2p=$x-n3pfHFxe$)<`oc9
zajT&&kw(k3T0vI9;a?B4wv2i-fS}ero?x*I)dBmK3_BJDDn^Vs@dZuBSPPySHh3M1
zGnrQeQ1+-Zu-95fa(EGTF_XPR*WM2@DS9;^=QF_H3#WeH*U;KZ4c*BHK2J8so1ze3
z&r((d#9lx_e<OgrpF-m>3#2gXt3$09f0oOhJ`v=|5YgB_qs9Iaij{Y~21>gEyjUN&
zd-@NLc-17U<37(-lKoZ(A-L>D|2N>&3U~P-GV<hV_&T<q0(XoikJ3rlSn>~x&p35p
z=!u=yU9gZ*l~LQ#8iGqbfE6BhQG$owr;-41f}LQN2(cY+h|G44^V;?Mf@m}iL5u}Z
zl-yT_b`lQLLi^;v!ev+Ew?-fpY@{ca96>cr4nV(QZ>r9Ue1~cyq`OU-GVYB|;nI5^
zgnb|v*2*8~TodX*eV~2~?|3rS6OMi+w3*$qWtX+~?s&C6MqEUr&l?*cv=l0`bFQd1
zxbijEUVM=)kS3R2GT(Ik2_)Ex{{4|WQ7l))PLWYt&huheiBDkxO()1W))xwCse-c@
zq_Ttk3{-MX3}k4RcRfL@Pie*OP6p(MHgiw1(CjoO-f!;U4z}YfT|YUu>DNjNpo$i)
za+geSBfm6|e9EQ*E#6B2UQ^*U5K!o$96CpvYS;^Qdd+u(0(eDUgOI|F7-|{m31=Ld
z-%K~m73|I2YpqH_O1sF{P!Ne6sNN|||Jv0ukjUaxXkq5k)UWifjz%Jj!l|x=4qE1B
zws$9bJHQ2RtQcGn4=M}S8h=T@6`dV?Yzj+rTx?5l!Io1;RX~6-b#ZDX>%%W%UIZh@
z4uoZgo<OsYguE`6prO!l{@ahK7-JGMM6nsjNSg84%O(nD)sppz;n;0v9R_uAtbjK`
zz0Z4w2ojqDVD@djx@w%D(zGq~0=)Rt*}bqiZkHhD_hI<rY<TRxh)P^5I${4FOyxJ$
znBV&y9!KnCmt&n@v-S$d5o^x5`oIJ!iv0D^-LvJjJn1f;XboXY;k}QBl|N8&!Lu+r
zhUt)H+fK7#_0b>s$lS+sk9Pw<#cg)$F1BH#434JS5+H3`Kp`^fno(2TJKD&{TuR2w
zcB)!VZ-nILvmkrL`{pcS(kbK<c+DM;^IaFHYhHC)=%PI5&am!cEs|};%pSK_-y?Et
zw>D$9yUY)tO7DVs`LgevT}%znppNiZy7%Ikqdt-F)-~hilPpSOcLac*d2}-F`0oVf
z5DsEtyeJu>)i*yfj<I+XEGc<J?;dKQ@#ebxCPxlxynGQ9D8=MKuRtG*aO1}j`$@D5
z*eBx$_STsJ0W-5wnJaNx(OD77t;|@<#5VBke_T4Of@31fp%2eCW%P_B_OU&30aF$}
zA0-E5euLbYCm<c%a1F%7%XB5IX%Aa#b16L!&xD?c%a+P+=jzYk*b>`i;|4yjcikvl
z4Fz+SDAgJh&6(=TFo_Bdw%QB+-#K!X5*5Lf=^7+J_7AuO_2fLZ2-#lV1DAEsQVBv~
zm35=8awp;p#e;WB4&qXT=UM3&v=b=J@>5d*r=a7;$IvZ)RwKVR;JPOVKcCweMt#PK
z#hlyAqYJY>O{4-_xG+bLQUJAZJZDd_x+<)f7qd{!lVf}?>CLwv#L&69A`{`G{n88;
zD)sj^)Ni@A#+S$KTgM^3zVV+uIgaw_3dK(EH;j0o*E@%<xmRkxkqK^23JeigPlszD
z@HZOZCq_wO>pZ)4<WYhOTxWo_*n1yC7J&cR-k}YJ+0aA!`tayXzG;0Oi`({Ic$A)>
z9ZPv|(U@$l9mnX)FV!VxbH!-{s#7j_IP;gW;$hZ?0$<`zgk_grFx*FVPGAhEpQkUM
zLPt&L;JUbD$XUMBOb~3c7BDv1JscS)+fHcpE5%O9`|yNEb!ta731!cCkZ7kZWqIPs
z<IIT%793m!&$1AxV`WVBQ7dNs0A!AFCbT=k>98pHz_u^KMv%40km(D4__)pFlgelE
zJM~{x7kMp?WeZ6sb98cq`HfCLq@Tj{800tIyn<uTmsGChQ=gmQxRE3Jc-A-Dj1{KP
zI&$sQl>t8EN&3%Oll14??0ScNP!?&Keh^gtCJ-Y|Q!XL|jp|LJfr8CURyXd4*EgzX
z+W}%xIp^QlQ#d$zKL=bh5t_v0VnVVuNL_u^ke8*k!DD{k+R9pz_f$NQT!~3TbZdjx
z%{Txhi=0tNf8<$<&*Zk`u%wy}`i9f`Pw*%LwokL>P6p(R443_;?unSkyjv2}ghY|T
zFSe7xxa}(lz-qmOB;axStQ}S);#X)aGrRI6&4=KPDU2{C@ecC!dT0?68JmN~Htmy^
z=*1xi#r&LTtrA9W$W;Coq4_&*CakKM<I1|b!=#CQ=80wf-u{hiI7%J~&l=>p6a7@m
zu0@~)Hk*L58{~0>`i->=I6{VmJiACO59mv0gF1gDe<rE%j!fBzu30Ra&#9%Q@(yS9
z&0k0=S^+f^`YiRYB7_pa5nQzldOP?tg$dd|@Tb;jws+gXUS$x&;s4#^@Ho^{9u4}G
zkR83rGp<30WIq4uuy(y0U3MV8f5WUA5);<+s+8wDn&2|y6ZW=#V<JVyb(#UnMOt?W
zF%H*gFPK_>D&vmGR8j8*D0G-=n;BtcR(jTSOPUTafu!vU_Bas}!;D{Mt&U+1Eb;b_
zA76(zK+3s<xF(MJR&+@^Un0}p$1M^GrJ<^S;tH>RTS|F5hQ%J^<c>u)J=><;LPiF=
zi<(F-YlG>4_h`z2`WF1io({kGAv_M@b#8Z+3bW>pO#(dmzQ`onZ!wqVCm<TJG&ac4
z5BWqUxHN39*O#q-72lgQuGM^aXI2*%dv~9^b~DrMe4Hjlwppy}B~pyxD>c_d==B5R
zB|@5oS+>r}Tz;{P_^`sMlM6fe`@V%_lt|OOCx^48ZI1_niO1`bKe0RSI7hK|&OY@?
z_f-JDC9@PCU2Nf%+n(k%$;`U=b?>PAL9)dCbEEvXYiz&5w?$7VMKACKYY4HFyB8Zz
z)792d+gUS$4fBt>0RRzjc857;Q|$@CEip4_!KCaeV+it;UZoYLo0W=x*0W$As=JY%
zDS&WSiP#vqNz{&h?#`MoEW2SWO1=8o2}T&pHDy!w@!n{FH+AbEiu?2rOdzn$I1Y(l
zbs_m&z-H1s<dKG6qtQf;5`UOmlN~I~LT7;Uq0*SKz74aiEsHv5LM-1*<Ac0dL)a55
zm&!2VS$Gmy_h+ZTEwnE5H6xRmh>d%O@e5gEJI`rE^>W^=V#2@*Gb!~1>W@GSwrl>X
zidhbu0qG-t&>5QrsqK%uz*=nexWJ95El^z0?Y0G9ASPjtb={f~VkIvTxF@E{c*tdg
zo=y)xG-5geWgMirp<RsZn2lKe)g4C{LZ)_r3324`Qb7j)w~*{-aW--Np|>ISCW2(?
zaoBp(u5+1rb2Rl5B7{M@N167-6f$$hluVv<#kax3mPt|E@CuM&ugo7zPKT=!;X}up
zN&Zz_-3*m=?J9eSbg`6mIbfRN<BZy-3BQ%ej^~tx32uKZ@aEA8k(=P~-fMhiAjy;`
zgu9Uo^dHpIe}5(+pM45%l^ZJSGEf}u6|K?c{bHJMzUV)5Zf`V0V-8ILeHFIbf<gdd
zDv0h(-z;2<0l0;04VT*HjhXQ-h5PeMtkY67$pr8;?LtVpSJ_!akWMmzdvdmSXP1bN
zq5Ta|!fajQk9yZZV(2OQ6ZY*ET0ZOd#-2b8uMOxry$sm`88<>>$l=&$H04V^od&-J
z%k+k9!gY4A;*|Icyp<83&Rw`b4&^BeMo9E4p}z*U^INDpnkRr<gTbUNG7SIP-$3v~
zO)N)-AiA~LkJTaGa^^gC>}pin-?#pi*d$Id&JyETKVuo=W4D<-%hWFxSOu!XfF6s2
z3peiM`G`ayqsZE!#v5fmnK)xSy>Zi-+^2a#xd^q@QLBu!-)_J)Db6v4ix+gyck7kL
z?Tx6MTxOHUoB_ezkLYh$8pQ)W`uq{>v3?4-%jwG=TL={yJ><d>qg-L&gt*T`KW-bB
z^IW4^H3$?0J*L65_A3O37u*{#9z@n=scgViws|HiW=(pRsd}D1;6sc1!n@{xg!nM#
zujPRE(UhwpqRU3ttwZ!XH3?5k2|;s>_qpuj#WKcpPpsV1RKUJ`Io~YnXW^ohHa@gt
zYL!0Qz*g$^>co{HQB^bBnx0rM@@**&rPa?W`(^2!O_IYbypM$5zZ0QML(;@=THl!|
zm-GG&-;?Fv(lt=?!fArirjOv-8(n3Qj_`|rc%*XpvIPSqM#HW)p9j)j$3BbLM&c7l
zr_Fl-ey^d;08UqWYeQAjo=g)TF{Eljapz8U5#j>N8QQRUgR$NVR+3$Ybk0HE$7R;R
zxC%H<bJ?V)2#?wxen2Dw_|;I2-RIn+r2R8{pjj$l_5c)qWQqAX;GB^OF}mAlZ2wH@
zRSbMrWJtm@bAb%`?dRPJ3;CRdCBzMCRZhoEvXmSNU9EedoStUD9EhVhm{h`20mX#o
zQFO;lxzKgwyz=0-(jsvQpo|6{sD~*Wo$m$SXxx&2kJEt6r|7?KhHtAsMO|d6p~yN&
zk5ZZHVCBv>G~ff($P*l@+#asYIJyX{V8I|*N%C)D{&5qGKqzmNQ8GzMSv1MTRM@^5
zd^EWiXod+h$RdJ{j4g41W=P(fCvgXuyiH4k0p+I(pRrVFzBmY?Vpv_77eH*O!NPT?
zNdQ+nO$ECTFt0q$I|S_T8{B@rdjLVq@3y79Ht6|vqK?UQdkWA13tb}e4z42C^G^|d
zI`{5q_{{YUpF)Iee~_6c402UG*|;{NN_aET^&qaXf3IQtVq)#IT&D~18;*7253w+E
z`l<hJ$vB95JwTzHf;dcL4e>4$Ya`~Zk0>5mR5R8#=D4r$+F+k?6JWT`M%mFP_pmpN
z2+8C^1d#m(I@|Ia-F#^2TZi-BM*kp)8ZaC17&(gob}{fGeL+9bZ^$}jP2K;vov1eM
zD+l~V_Fh*CL1TAtfPJ7<HHvK##ROZk5A5JfpQE|@Qx@AQPw`T~$WY$L?C@v2sdB9&
zRgH*vvi@ANrZg_AS%_R<5zV2#OstJqkgguy<h<FR%;Pv*kO<J;gnm}U5>+mOBGBN=
zNxWR^c_Yw_qb;u<eJu<#9N`?Xik@#?Htq{*B5(@-E5x|<(CauFv%K0bgm?@ct(2uL
zf`Mxc8zW=cOzkVcb6~<-vI<Z8iDTaYTe^nu^YwSG5)FqGoi#z^Ody-qZ2l8LKP$DM
z4_N21O$1oBE@5lK|Dj5S4S%np`u{n|T{VC3$j`hX*FM|uva$NjuA&DHQkVTowESv5
zRhOJ~_2`+j_pkZXR8sKNLv?cQ)<ov|1^=ez9tnM@NLH2kz=Roby_`yuWv(asu0FWo
zXhV{Rj6IC9-uis3YpEL&v*K@)n)dxBLP~;fqA5q39r<)1`3~f3_m}F)pD*5>(YxJC
z9a++34F+fYmH+IOw)#M<B<cE-&GnWrix~~Ck9BEkw=7+p{<Sy2pBulDHSW=oh;V@n
zCi1=fw7II6sI=5fIeww1$~>n^@O@Rl4K3s0l^1{g8gA_gK=&8^7d(2h@?7=D(FVu#
zn3GE0FRQIX;pfb3+JAmaWLVZrz8a0uyzjSbhsej<OOaj?@T<D_KOR1YK2F+g>;L)C
zyPC9gCtXdoMYK!lmczGMU~5Y4?Nyb7KlpURzoY)wd*khklx%y`KYmin`t7DRV)<kA
zN2-v6=g7CebB|m~;UT(bccP$Cy&u24vPe-g?pK?0{PE-C;r!9npJOCAc;LSs9kZ{5
zLrHve>?c{TFGth$lWo0%zSt9f7@Cg_jm8q^q^{<zU93Ft+{>-v$BzQB2XLsWM)2))
z*rH~I)%W^qXIN&cnxvxVcHMoI--^ADO4<k>Q(xttAtrxJwvGSxzV_Q~@Su!nms;l6
z(<6KI+2N{VsnMF(iKvNBUjrw<OuzcH7L&yp^Q<p;)fqJYfwkM8{v{puE&1}vKZB}8
zJhNNBG}NA%YmT@z)@jn97Ei(}d!{~o?KwJeOOI){!V3E0DXsj98XWbp!sFXr4DUhz
zt#{Q{T(sx?t3NPmN<Y1v{v2KX_YnH8X1cicXP59z8=bde@TJxB5E-@S7@<o*ZvM!*
zO{#4DtxhSA({rtww{kB8>2Hna`(GytblD4A`DVG^jXG&~*mIY(ZSOD)n-?mPeT4t-
z-E&MsxvHK=(5*a8hPBzp>IHwV?-QeIt)IUAcg?=<O6K5^kFNWZPZzxl5zx<nbvh;O
zQOaGg`Aw{|ir~xF_*ZPpBSl}-AWEMn&+88y6x-v8Mi`m%W`;r^-lR_7Ejjy;RC2B&
z#liAX{uJl+VUF|Ak=Tve&z^ZKilb3nYT&~k?k6r;-@Q2+zd+5JQ_<=#48yuTxN)=Y
zSu9E5^Xp`W98R*RoFyl6ubl9={Vho;y<ZmD`>nE>@b0?Q@{ePmtp|GmFMj5>{M(RO
z4Qw&6H|nK!g2m3A(22n4+n&qT=X}!oo`iHybgGh7j=wY!0m#0q1l=pS*S!;|^ZJuI
zZ8GV?a@d^~x%f}IJ2*KRrOfOfw@A+lt-KDNK6>5K=HSQo1$p8a2g*IyZx(A;QM#gU
z0_lX#M@tXRT{>pK(YExysry?S`m)<!=uY&@Lx#y#uLLBJRgqBc1?wGYbDN3pmXXkO
z9ZTbH7C*oGwWl5WplDWq+0HTQOYy&FC8K96CSFo!n4{OOr=0CD$@6<^bVsI8Iz{od
zy^j}eFzOg1GqFUq#7M3(FM-e3IH#`j^ijO7+Re#p#a=rZr=VX{Q!^)|NnLLp|Gv$*
zSJ0Vw`ccxl`9-DvR=o<P6KW5gi%H+Umk8(O`KY{Xqzk;6+6@20F0i3|whC}KR|Cov
z<vslMxG^p|rA1Zj(7S6!=Rf4W5N=7;rK#=E%s%ORXK73vdf@cE)izhHYOKFC^x-Re
z155gCdHPjnXfB@e<}Uv4J&g>xcQ5Y<rk{>}I7J-$7CS!u-<@ljgG(kiY_UV`Jnwhn
z@$ANlm&Ga9&jc!qTD>SKlQO-^J-z(FH`JoImsH91uzXzfZu))ZwZheA)rEs!u2tv#
zck5^F<M@KY55UQX#Zo%q=2K^oDaUga<$|TIx#bU^^51@~H*_TM{u}XvUzSPwl~(^u
zNAjLX1xcS--v7BlRblLa-SO(|ns4R@?2{08PCWc7W_5U7_FWk1Nud|IXiW0^DP);V
zXKv&NB#c%2BYTQ;cjYSgo`XWcWWn)^zaCnS8ht7C(fyiuUC3T_{<*JZ-QDS<LiIP6
z-O^H%YY(NaI=0?#_1ayz4R)YhE($bJFsppko_A!t^^k``eQD2T=BoprP8F`T4MDm=
zKgPPTKT0gqMSlM}+<}PEeQ+|yPxa;7n<*L>{vFi5bj0Iu&@;o@S21DDA8n={Jd!3A
zM@wFA|MDRwL)n<2GH@{PYu3%W{2!_Rjs4@~5B&_{S$@l@YkL}fPQ6{+4{G@gEBWfg
ze|S!8v6L5?TM|9~N^aTblEa^UZz7+<4)qxP)5sR)NvNOk5?!o){Bhml8RLs-{N2Wp
zpU~0c@p~%Y^Sqqu6aT$W6R$jNyr1)P@!92l?e$1Akz@^*9~VzVnl=0FAI%(eJTK<d
z9`9hzwKTZzC7EwO8XWlG2+Ys?t74a%!XsskvC*_8=DWxLYMZ7VeI!YtcJxVU#%rx>
zLEdRE91HO&F<y34$NsCwOgzaUIC>{er`&gq>V2^9GW=>~(8p{yEn8cUujRLdm1ufG
zUoZN1ZInld{!<P4k><4e-H*|pxUv1%iT7pL>HTPfY(l@Amb&BNKVF|+1e^xW>~6SZ
zt7LwTaE<K5XCD0{apC?8xh|BP?St`W9@-C43AvU=*FvOXdcFkf?~`0@IGW-s_3Z_H
zVg5@~hhNqptG+tI*Q4kF+AHvFMgeCxWf%Ll%s<rP@x7h<4v`mt3KjJ;7iuIQMVF|j
zwf9R8wU&4ZyexN%UH)5e+N@|I@5okYRM=w=&8ui{?d5m(k)K>k8j=?0Z891rCqd|g
z(kJ^s{AePHtJiJ*`TzRrCqMG)vb(Csx4egvJ;;xby8-{SKNjsrI5;2wPtdMMO#S08
z|Fg;uD_hl6(#B8PR-3pynfJeqNW9Hmy0BRjH0x!wNqZvLtNEz5AktXPK1%Oi=Rn#m
zk_N7uxVhkn2G(mN$+Y5a<CCV;N@N?B{yS21XCkOV?PY-K@DUneN4Rz4>+SG9SmX2m
zj+(qbn}G9+RSHx1)_W&LK(c4z&)K3X8Ry>xAykw7Nt#avFK}*bs^ou*xq+2%w0d%8
zNBR4q3AoXC!4k9J-S1vqhREz+H<Y<Wab-5~M`ZNHiwANYiqn?FXzuW_5CxZ0(qXnz
zn@OPC#sBf{);N!tDNDQDCIZC*nS1O{!^nWWvyhRqHB`@Q`)zA4cL96eXWz&?dEur=
zm(>qvmBK^aW%~;P2*9aq5cuf)YVenZ;*J|ds^pAF2iRJ=9xY&f?!pJXz%yNnS@?YI
znsqwjU_j_vym)~=bY-bdafi;m@*4+txjAQ7Y4kR=MucC}M(J7kum4*(({<>C$}T76
z^oYpi*)v^sWD?diE%nCAT(^=$fcU~0iwyCsMMh&%YL><7uD>%%OGTVfuYK6m%0H(`
zJ+y9mmN48jOp$G)U;TBV?#>se)B3xg=(Od(kG{)4|2ur^WR=8O3vr=={SreX8ch`~
zX6i|_M*x(ag>F`KfJ?Mip?tn1(Dud6%gI-1Fpo@G?a-N;rIjy1%qmBxCkwaFg7S+D
z?35L&BZLHUr}C~@`U;<~_+s?v*=t+z+#NaH<K6!qc${$k(tprb-*SGWblpwTTMj;T
zc}61U`;_u<VEFSd-l)67USgK<5$VUCp_S>u{oda%y+!_}y6-PX%Ma>*A;d}+f2!Xq
ze27NZnBp2|ka#lpnC~PO|6}g*1N73#D+=N1em@p3|GgJdQ?lvn*!;`vri$wAI|77j
zy4<YCMwU*WCyejW(_aciH|n<w*94c3SJqGzivP91FB3s}V$~2-4hP!R@eDj^{N!%C
zz`t?DyW&K2wnj+{Jk};3cURB&)jr+5pz;jE$1)d_Jhg9j>0Z~+)Sk+o$|HCV)y+rz
z`mk|Bw^*zBqJ6&iAMwo}_wNqaNXz8j%EkU1jnJ(*wPR74U4P6}%SU(e>s8Z9wIt*U
zPxfVXVES`UgXF^&JbcQvf@>h{XK8LFRa%3`R8DTdL|JKShAtgPl<bCnK+Yjkcw+~D
z_co25koqp)dd=X<)W2INq<&vII9_u`p(x(iPavVhC8^WIRalC{Cr=d|x|??6>YX1$
z=htqwJrDaJ+GR!yOc<HGQvLXh{@}eIFCt^vKg@?uN}iNDKQiQQ1$(1v<rvwd@JOv^
zLHxanVD;n!8{1WN(;tShj?*=NI=rm?{lc%+uN?U$k%+9F>F#(hAooZs_VDOU|BI(H
zg#UEBciFzK<qi0l052E4_WvKO1~aZqDBjWX4*!@ig<pJjB<9qG;uLQ?f#k&usNTWE
ztW*EaT(a{J(Q#jibLcI7qJC38u``TuGF@vu<Y95L^>yq%V0NG$;f>0^m6v}=ngvn#
z1f+73*mw=Rj=Z&xr1N(ra>Db>IU6@S_qz+B?<-m+Y7(nQdE=njIZMgYw$-_kYTI*b
zl5}+P8OFMlf9^deDOb;%7RQEYhb&_LX+60iGQuU_EH}DqsAgB<oGVso4^~Jjt~u1@
zy6^3Dvbnr|u`4gQc-ObzM7U~5w>;KoW}iovzsa)SFO?E>a+`_Psb601us)qp;R>Yj
zXjt9&>6w*Ztle^i(PY^8IeCZm#CpY?$Nufwnok-&q>Ng3DUrtiPV4$5iaw86HBz**
z;0?Zdn2eDh)wZw~p9)+ccMjcp^=rAS!{?fJm8Je^gkD2p0{$(*O`Pa{!Hs?sae3|k
z$U5iX%9^%c$F^<T#>BR5+qP}nwrzXInpl%$Vos7ddA|33&R2ELAFJ!yy;gVCu3c;2
zzZ>2Ch;2wl@|5E%s=X=D;2qZY3;4O(VuQP((S^Y9jBl|28vWT0vC+XNq%Q;L*ld;m
zii5GmA;&yH?sWyDD~8gv{>Uk)U?L9778(&R;sZodeV@xHsT}VD=+XH}>+kBlr}~by
z+3ZdD!ddCKMCSZm%Rvh~(gLY0&-vxusk~P<FZ=z@{O?Vu<>xoYV{H1Ryd{fPe=d+S
z9`FnC1Ko)m-J8^FW{>G-PhPX*3p_#G5S<SG>r^`hUbF3G`OW8M74dSH0>s@Lv<_Bn
zLDxPN@w4wi;+YH7-aOO3@q1nQ4z3?pdly;W+VJ)}?#t5jQPrnxc0T#lcOJz}%fra|
zGv|UZkK+&GGMfj=qE4h<GAx&Q^DtX?<(iOb2<Y(U+(vo68-1X)3=T`I4Zo)VMQU>p
zBo<&pT_Z3}=-%8v`E*-MDdXH(!Rx)#=}hk1)J0NrK+W5pZ_T#w>bBG~Y<6+r<5hT{
z?jdcc6quoGWDo<&?ULg5v@y||x`??IY%UIFS}}gRXRoh~Wkhk~#|h!t{obD`&00$@
ztzDmbz7%ZeOJG#7;GNrA?84{q%E|T3S#3Z>xwGhY7kh*Ljb4Af7|QyZ_ajvA_Sw3o
zi^0JaO^UH(7>pub@`0hoO{om%g8W(b;_t5fd*fENmF`R!3M`cxD;1G>k0n|Z<{BEb
zTf5BmsuBM=Ge4thMvXk!LG<Z1vbPUsRSv)>w)MBrRN_%>={8%Dkd%bL?2SKI{CeI7
zg)S>~iW_}eyLy<kP^G1BG}VBec2f}dQfLZ?CVT;x*F^}@x(NO%AX6z*lGwc)+5Gno
zr^-ls{kBlOjbc-^P-F{|dT+4}snFF?_hIwtr>=SdDv+PSDAoQ0ZH6r#G2v3H|4B{U
z(24(XQyi<^%0*TGWfRptE*_J{YP!jwZUc;k<7X7#3=~MJFH5)juy=_5YJahg3)GAt
zHqadYI&FGdyEJzZ$vHdOoLbnuYPfI^PUTB^`Z>BNl_>&fN>}8|&Y3+eBh&;ew@}rR
zzG8~^4@$M<cXt{b-c1NuP&8q=t>hY%3HugUJ23znVJ_kfm>1rj;cg9YH3j?Nt`O>W
zEN~sx$_k@VjtQM7`0@qpJXhrr<j4p|t$xamN&C|Nv<@T|zVL*C#Cx*`9iOsCL^sYS
z#5n2R5>Evl?+dZ2LFS)F50LJ?#d*b-%WJ4-kOCnxEx}42v6xZbr}^fgyq<({VBc)D
zhp}h%7K+Q0FEg7>(dF?a+Tn(DJw@lX!}1op<1b$`!cGH&i%!*R%U1tt{WpA>eHu}W
z89A%l22Ey1Ma)jt%D9y&Pij0KN3CipxU%Ugb(yMn8~9c*v#dxL5{C0RC%r?~D#$SK
z4ox$mrKV=Xrz!>Ty4AW$W*NdHE4xZ?7TTrsYSUES@I9+**4;0r70VJ5g9f}nzw;S3
z;TOj0?(k>LW?AAj>-SaIa=o6$$6r_sj#&&PDnr%A#!>{Ae^YDJw40ln%6;gA&1;C3
zIt-?}_MRh;Hs7DH7kC=T`PMvo^#va<9Ffh`?;Bfn>u?X{oaKL7wxd<4-Y{qn@Wg{!
zlbnW{nUI6{2vQ1`LN2-cZJ%`LRWgPkHW5S+V~7g`Yp378Bh;<z6oC&_8Q<uMU1Tqm
z2NIfDKF<Vh50}F)Uhn<I$a_eQC(js%(^K2+8r~(Lo}W~PW)Vl5m&Eu3x7|Otn7I1u
zO*IT&=ju*Q)aLu(8Rjb+DY^g|BY4Ij_TI<U+hmOq8ND~1!|6SM`iP7+Jfj(VZ|LeE
zKn<zC;%lRuYMnRw_*}=)t7~;n25YOM0Q_=swaKv1?}tRsYL&_K(u31EcQh}{v_(kt
zFbv4sPy1*4w8#Lt0zbz}5Z*`BoT<%-N)DIhCc^wvINtY{k-avxHk<%SCixTgE*-dC
zOZnKE#W=AA%|Vic9??DHQ=V~zKH0JEee$>mn{B=zMMQ#?NPS&QG%JxpM2MlyeOZeh
zjaE$S2-sW`QgI2}r%n9qS$&{h>=o;69He=>qUE(1;>_>lb=E{}eaz!^E&Tgyh=`8I
zv0K<0Fa&B676gLaZaq(wH_`b`J(9MPa@DA7<I~{DaQ7u`v21RL{n+b?Tr=IrzQG(Q
zo-MUnRd|4=fXD0H#~ra0Z>zC=^+wKVY1{mGSlwEafTI>u@`}8Ovo-1@hJKRk!qmqD
zaC7~8NSrzXUqBy4o<WLLlgB-ywh_T5_;(_Auy{p#drnTu_Nd^oz*=SrkE`~DYH*Mc
z7-4rTx$L(M7ONwVJY4zOmYK2|s-=0*4<MC4e}jvpL3(K}5ycyayr~}l*1b512r#VX
z4!C_m3zRYbIlpZRD7;qig-YtDrT7l4of|r^Fe+(vM3<e+WwXQ(D~exd2R}Jo!~nZe
zJb}!=Z^QX<oPhW*I${Zc0R_gg))oqE+FxM5uVs}kVot>R?X!~cs=8mZJw@mi#qIwz
zohb&yNtsrcN`}Li{$1Cd8ufWxMVP?E$kj<w9~N)>^(qa*2iK%ug2DWeqsepZ@Z1mM
zS6q%OR5)GAUxE_9Rom7I8*SCkC32<=%{$$8R7$*nYP`QqVp^9&5)-`0`2(#vdo(*`
z{W}`F7CQC`3mai!anAUDL~+XbvorW2jq=cr{q>i5g%=#bPVQ36&?B`uj-60K_&IJ|
zVaF2L#<Jk~4G9PsV-=Df_wqR#?lGqy(~lIB1v#|?u{``}OHf@pf;%Fe_=xnMBZj&(
z1sr{aX}|jH#8n;L%c}xvP#$quvMAK{U25S8&;Z(x7u@$U{g%FdF=y}rrm?B}EV>ZH
zBxn~;(+}mGi}zL|pzd$6(9^#2Ox^+-nL)<G!XkX~vYKj_#B_@rAMqE+G)Eoa4<nvo
zB!VSvTb%;s8h74|dro7*;dM|?9y)GW)?!C9DqX%eLHq&>C$kO8W^e=O0M_?QE>o^g
zW+cD43qTUKJD6Ka?JIL0GE`6t_)&~ymTR@d4V<5->|((caW9vM0n9a(&G1${bUj@G
zNB^K2Q-5CioHKuB%Vw@qwQc@QUuwo2?$6{I446~MYvpms0p}`V#8EsUAou7>Wb}a8
zdn(1HN3!q4;2=YR6tQx<e;CO+XtClf7I#G^hoQ1;4gn3VIoyZdY-T<Joq2R$SBzHu
z1jShJ1^0k)kN{!b2s!)X9M8zt(h=T{URG*Ul?pbAgDZ(9@2M;x_^L&B{?UWk>^;X5
z{B(d-9N~oJt@uJ?`RDQN)WFX_ew(d#8t=NqWATy%u$x`3`Ik;0Z?q=a6ngt`08%}s
zfv<Fi(^!yVO{PAg45<qE0ds)Xaz~c$G!Z<D*U!)&<(h1KmRWLH2CZbYR#@CKSz^$e
z5D=Lyd<Vdz+ufp@vOhm0P0B4jRhe_xO>*Y22}x(~E^6-@Y~!Vn+ObFJp*M9mO4ka1
z7P?5^C@iAif@|ejOB69uz^+p88Bdnam&qwmCJ(&L%F3x<oNwEr{HPa+BUM4|SK0XF
zFd?&Ju<_+)%V1^oV6ZTa*B$DW>?#)0N4~J9&=9cm4oI0fiwQR)Hg4`<?-HKob0#+P
zyhv_txR9F^&c8}+59j(tp6nKvRluB>)9$g}x4oG1+SU4&w4%$gy8Y1p<qK25W6C0!
zb~+n?YhXbhU>5g!D=Pg+CHBR_pFM?Ym(B5!J&*g-hMZ^Rk%~5hb207=raVH`tKL#m
zF8_?Rd_w;X&TmvL@z>>JoNka7zacDg4C)*)K&Tk|Bsisx42o6fvU{~zzLxqE^Zo{#
zpKLl`2F<j7aa0gW#etS(RqJF#^l~+d097-*Nk|<fseetYB0&)q6?uY_0ddzh!!1&-
z%x4+XG4usy^gd;aI*0=mHM_()w%xRwUe#^sI};yKiN2ML0WZgdWMMg_1u<>G{c1b6
zn3`?%t3l=Y77)NXqh7+dWJX;`QL92|m-2qb?iHeKG-^$cGHvf6wXG6H5tK`#4V84p
zsxEBGMf>sAn}#$h-fEn>uxXjHpedCtuT_=C3H@1nC#6W@8>L*K8{#&*guVoC^UDMo
zH7h?)3g+qWqxxsjXtk(+Q2{cC-B4d5_J@HmHA$Me_0z*8{U^1h7P|E)Uul9N&8u*}
z<PN}G#_BvsC*4RX1)T@V$(1M?(cHzn{122)Qg-we<9#2+Qn_$PR7HR@6IdPy#N@mp
zY@0NnrCgPa+$SRox>(HDW~hNVTAjYh&tinAl^u{DPnc-b^p6#(kr#3PI9qSRaa)6S
zr&JBJbr5c$j|MJi97&xf?AcsD<7$$G;*+Y@&8!1qVDii$_~bwLWYyPr;>P0}*Qy9o
zDlxy8$cmRGGzyWxI8{`36}tbz@taj4ElGig37=<{5^T==-c0{Mry+Py)h=PaqBi1r
zMKE~eJ-S`7P)PC9PV>^Ew~yS+VR}0UroFt?A17_wvW?@Ha#3AtE5=aCU_JvQL6Vx*
zasmB%0rA=6fR6Ny+#irQq{&bQU+eZ&OC)E;MUUO{mq#Y1K7dvF@rhUVx?BM#W16%U
zmP){RZn&U|>H56XW7q}<b{E^az83l+km_?G-Rige9WQSQZEBGay-igY3-dH@c~>IV
zGM1ws!g~|z1q)X(_imwIp5WF<r{M-@1472?yz?48Wg4V&IU%CM=(V=o`IyQ>?#1vE
zMu-T(UJZaO)ATK&(pGYVR(_a*j=SC~+jb5^ST~8PJ_9+jp6=<jz-DY4)YK)nks4c-
z2p_SRokZ(dmM%Y+$M#X%I5fk89R_OVusk<K_IGfYUH3IVW49m>p6)7=wdvm2PR^0j
zdGV91r|_E;tjAl;Bj^cSn)^IFrl~aNspX*q8e2xY^EIuF4F1T1^U+=MX0fK+SBbE}
z$3XD90q}lXvQ?-H=I;T<M6fFs@W@KAepE)931fYd8Pv_f%)C=f9ayUNo<qW<o=EGa
z_u=oZQ7*NFqJUJTErR!$(>Xp<^hnchX!ROe+!g0VMZ43>%tA(R{K;j*u(CPA>v!9@
z(;Y{^&uF^wVz7`X;OcvB4{ovA@5KgW^>^EcbzO6mos~WWuerOkUEim=X!;m$@wRSC
z&GXU`-+5fyu{j&Ie^ocefO&h8OxhA&JQtF8w6ut)mq<@SjT`?J)86kiX`yYg@>d%O
zvcf-y>7qaXUBTj8xKq1f%YIV*o1G3-WOHm94m*2q&wkwlV~k@C$C>oJ<q_VnnvC9a
zD$ZTz!kFFg_YRBSsP=&}&oX`V1esZS$r=dbF*U4*E;Ye!<_=AodKdsO_H^=Am;58{
z^%TR2OIkEJ4j#6^e2~p1V*RYtT92$a@$@qu0S~>MFX{UXpaZvi>dkb;=K!V^$m{M@
z7bHjbr|kK-IED#UBVjq3a)rF>hM+-0tb$_(qkUr_P(dh&9Hohbg}B@=9kU2c!HF66
zs;a3=79%o<0<AnyU)m!lgQ=1HJKX6nnJaK<{lD;Phq<lw6)Q<`eOFfmPhpNo+95@P
zY#UNq`^&S5C9ONDY+c@+)NO04{!CkO4n5#0ZMei*J(^Qx<CM1JlA60zn%4A@Hp=*e
zrz#jP1cs2Q&a}!pBv9+=>|!_Szt3u)^$@#QDB*NczI+95f=W;VJp;^hJ7lVLy)$b}
zpGpvenk06`8-3cPwIo?_C0B04wX!Q}4C*r4uQpEg;^t9ns#aD~@iPRRslWFz*D}aR
z*amKN80q!<dwTtcQ?OtB;Qrl#7U@_0MJG~AeKH1wLrQU;&b_+|uLGw%UhG%!ZVK&&
zlu~1YTB}NhrN=ei4kYAFktJci3~#26R?frXTGaMJEFrTbheK>~S<N-a#6tVF-a^g{
zv(GURG77$!vW%bZYol?W5fGm^9u^UEM6+dV=_;RaI<%PuL7r+)e`!SD>FTZ_)&a=n
z3q1m0#XWnnOR86##pZ2)OMMCfow4J7CQ(9-Pk4F8b?ZXvN!O@NZHavB!2S^LN|Kc(
z4B#YZU2R%VU<Er%!-PYh7CU(CBR1m@6-~zh%|4~R26G8zpM{i`_;OqQqhxy%y~!(<
zF^!=<rA{xHw%s_zk|9jrg9heL4)0?ei<4P@GZj)R>@dlPtV2^ED%%uT5RPbf>v98(
z`$ZB^>6;$IZ4{BzY49Th=BsF;kS>!fHaE~F>|(>Y)hw102xXB(I*KUCG#D%ZploVa
zvBGXR<DREaGZ!^e<31AW(TH_j1n3pv+x;?HBCgGIhO()^Gj6AjVCoX_O)u%v$*52F
zGs3P(V&R#&C9Oo9-i)<iG0%@egb6V-AW_8Xb%HE5Y(FLAV8k%590lQ5ki|em<73w1
zQ@kBCt;b6SaSL>HC{2)HTalU)Ewouio6LupaV1UhK8b@RZ=#@XsmoqbYp;^(5Ew3z
z%#BrC*Hq}0z#$MrnS(^VNeP!o5`7pN^(i}0B3trJ+&lptph~tBnEZVoWPm2cMtJQ0
zHpm!FmW_Dd<GYV3HhvI7Pgx5|Jc!=2dD_Z3s9>_$OPzkrlEJ#vh<H32@|$~!U%!h%
zA2PX(2pH)1i*+a&W_PWYm0Kzeye8m&#7sR=E`N<nXWtcj@?7Mw7g9%Bs@7f@gm4Tc
zx%P_6vPD`(&FUdqlraN!QSF}D?i>?CzdXpI{`{7BrfAc-^RMf7vR`z-68oVTS$0zm
z&5Kk1Tu=(d2<TbN$D1_lD}`)4H}Sf-ZtsxMgLaEX#U~t%OzPbw_&PY+|C5QdzRE4W
z!KQk!;#D^K$eC{;Sp-}=CLvyZm6gLYJ4T=JvV_)5`_98=Ebn0A%r>Xc$5*BuSj|ry
zSFvJLEbS9br+9zA*jjzSLNexYo$9j`psVA+h!+~YuWYAPx(YW1bfTtDWya<XD+o|i
z@KB<}$<yyEg`HB@x0tmOkbsWixkFE7pk^{Vqcu{pFn%?e{$6lVJU@Cnk(xIVDwY>@
zkU-5_@%<R+8>z02uWBkN$8<^v8z*r-ltq-NtPMiJU)RWn$D5eT)VHj!<sr_feElRG
zdbxX&-K!07x?V_-jzO~wUK_VA?X?>4IsDp3xiAkBv<&@*7#t%cx0E#_dX47LcP|h%
z^y*>ce&f_xJ;|6iJ^3EnG?sTlnKV!kgKpghxAd|N9@R~!O2kt|``Glvwhpu49*!dt
zmq0>dO{}R^!ga3ETZnWUJY!Gr8FqvtgM_AQWPw3g|N1+et2;^)I|!e$sX?R0Gq&S*
zwZig{GdzaRdHZ~fJm5&srrPx4=2~Ns{PS4b0jb0-v!uXtR&KuG>wC!`k6CyG2OeHz
zMDMZ)38nu7vH4CV0~_eLGQPKdAxOQ@3zD79RH%`QNPj4Uu;7>0phqnu?WKssMaYb5
z^&SN{{h$iJU-HN335fHFhEa8=@#t`7j=|tUl^@7K7sl;TaJXPXm4U{v%VTz^*nv>N
ziojyj<uTjAP-Yvj3nzaz%1!i|<-NMraI=$k9GYGSYY8+gs<arEQY8Z^aly8r9X&#R
zY^NyTwJo|+$u(XIP$UOBwKsfF03NyH?~3->?lvF0V*d-=F?U6UunNq)=@sXipHn$G
zmJzcZ$IAy4t;+zhBTfp86Edzy|D&rR-qt3c`HtD(+Y6*m<X?-ZD+jBS$sVX9MKDVD
z^~R54BwrrP5bD79)AAg^O2;F@vj@?68vV^Cs9R4p{TrkCL*o4afvne8k0k0m7`vO!
zQKt_XId?pfZ6yXLyuW}H{0UvzZ%|Ifp9p?pZgm6EEW9ZU^D$tj`2HQ4I~;Fn#=#&N
z7rMs4Ar(ASOoBryda9U*hGuqE4ICrY#C`FQ?=dK%NyUFEgB?aDbvVl7G2f>m6Jj2m
zUUVx^)u1$>)smUy0Wo6_xYmpoU-t~gQOvR8y-)nAWyqqU6zU#5uVrZBilEg1k%WPo
zd4)M~Win-D$y^@lBtrf>sZm%FLQIT2C}p^kIFau(%=Z*SEYO4q8R0&Rso-l&NP%#D
zZ2w9dvg^`I9z;u^W35M3ZPSb)_IZm(vq+Ezh?RcFjr>!i1}G|<m0InF!fyNZ*!vqD
z-tAD;W(O6VqW_mK+e#MJSLQ3s(~{ypFWsSma7;K4>Ifm~Uli^C-pg1lE|RZ(3t@CU
z;ype>5YnjtyK6+4%&rzx8HUwWcVO$EBdC;V!81vZiZ*OIC8;;ul4x<0QhiT0w)4)S
zH01&RBw7C0?~K#iF_(td%Gph=o_OZ8!R&yh0tDfAr_>ilpz;8_I-BOYCqBT+mx1w#
za0&)f;H0sIgvu}hhn{n&UR`iFhIBz$-)D(AMUW`#8(6d7ZKz62`#;N2DBnFX;R?q$
zMBIT@vTRSEgy^uL@N(N=$|{=Pd-;<Llao4-1hZ{(%8O!q?SV}=WsFYPN@1u~<P(N4
zmsI2tQVuJ{ggOst7JYA7CB^rJGn9VdlIm`<!9?rq*nFeq)c#dmydnCa#KdBg{AQ^^
zz^z1%wP%?8Ms<I7>IG*{;ueKMX}Xa-=DjHg7BSN_QbL+c(lEm&ptS`kNx*LBsiBwN
zR4&joI|<yE(Oe^4!Ho0o7(_`tVM!$E{ZUwQp8f$n=Phgz&uG_$U#h8Yk(OQ!u$464
zu1orBo$)TVbG|P!yf5-&HXSVtC*+i=ATHC1t6$RP>NPky^eQE9v%9i-^gPYVm@3FQ
zS_MC(LN1q22JuzFDBI+=H4Euy<}ljCz7?v?&wa0OL3~?{G%)F8Q<vdK>iB)hWLx=6
z0d{0OspL86<%|b{|HAISF!3J<VI)@|r;L^RXWV{qfXWoKNebC!uHwcC*xo;LQ2lle
zb|8~tqBPAXa_kWjC$vIw(4S=Og;tG8Zr`lFhR6%4h%w+ai+;bDL{?JTO!A%1RFb-#
zCA3#DT+z(UeAtB@@1Z;)UL^aOY(e!?#d8oDPYz`sR>gDlUzq$CX8(o7e_`cc*!UNA
z{)PQ-NS=jN@jgZ-Qc9kO?<tZHj7oO3-+&i*mr5;l8L@v|QYa?N!*vHu^hY7T*lENK
zeoUc~It$+=DlHI|;^DjsC;lXp26P#5B3)4aX9~&hDID$hJxr4RJ0#}6Lp1+8WSr!C
zNN*RhnK0h(QrQQaX(42?DP5+pcHtjjQY@IVMR7<-Ldmn>DweolqKRZKLumO55dQ_4
ze?j735cwAb{{`M}7<C>>)%S;rCW$%?*}W}tK#O80blm-=e*7Sx)++lTBuum-Ir%<9
zj00>Foqz;VByPMOko_`{uo7wesd3tOh&Ow;bP&l!B<xL=2^q}IC(VFJc5^k!J3oYn
zPo4ou@o;R3G`@^U1{aD0oen&Nhex3SA$!_&KonbXv&e*GP3Hbtantz?a9V$N(nUcP
z%rq2QDjv_)EjW4SOv<7)>rJPw@EDO{BGsf8@A@q5?BW7jh5d7EPzQC_GS0j{r(Tpr
z))>%MuhW%PEI7-4H35{BkT|mOi@ZO$wCIX9m2r&q64?t4voJ~&V9kMgxKOqfEnQO8
z%cg4^SsZ9o6(&{CrdcjXGNf7FWc1p5Aq?)b%w2q~Xc1yF7~DaVP!1ZpeZyR%YVGEu
zzl$Q(i36%?>OP}Me#<&FQi$S=X`A*`j68z7i<B;f-c3K6B}Pb=Xg<JXn7DE^idYIE
z6&M4ffH5a`zb{jw1QUrXYXrPAq<{&<mezkg>XASPV@c_KUi9$&=NT2Ozwm)rpc;bz
zuZU_mT0y%Emh=WF)EsK-9lnC!CwOZSN)tzxOY6{%2z$F*OyoXkTFIz+>D4nxPlwA7
z0`5_SHn5zQL8&p3uhdmQ-jYx|uYSqv&`=jk?~umDs%G0<UWbLyo9U=pe+w(s(Qwgz
zhK74#>XM}|C(XTs4TZWXTs|vfdI+!hA_MiA*4jt{$Vxe85is$8#O$M&NYFoGmdS5|
z@xSopWcZJml`W{i!x9@m3_0<_1?Z{^-WH^+RFiZ-kCF>xA6CFU0KffqT5R87xL`<_
zBm9MUY!vLD3xq#uQ1<oVb^+*>Sx>$hcBv|DrII<ftRmMzk+8DLA6BnJRG=ujAfq0V
zCl-;Ps?AqnsX0pp%NO^&kkl!Wf#%sMUeP24Lh?TMF{x@cpjsSoWyFyjLRPi~{sT!O
zkzO+09ZTO;EHeuqPWGmU0F$K)$~`HkuiXUcAZ8uIBkVLKbL7*7{7-4AxsDvV!}NT+
zHGr*0L`a3==jm<ahJwMN<bLYK0%nA{1^9)hnzc=^xB{H>m?l!GAq5okp*uG@-0-MQ
zU~KpYTKFy~#VncQ7#hUEe<9rX-yU;N3fbPSVxJI)0TT8xJrh>EZdo7&*`g|JIz5U&
z%JRiUxO9dRNXGjM&BT%#nJ2Dz*WNlT5T0ecFStymI}CynV!<$V@xjoj+ZB7OpL5JB
zwl#ewe87k+VtUb6whY?;{0Rkj86-K{OX_Fg7a$>0D1LM1ERh(G4NJ3(ob~M*6|{TY
z4AKQ^+30N!)X+vYvUI`*l4UU2)MH*^sAz#yGTG3m5T#@?86y!65OQ!-tUOYN?5I+&
z13K}`OC1z<g~iQ+kl19*V|1dJirAz`dURqC4xcWCz_cw&)Qt{+%?;1Z6+`SPQvgGx
z`X&xJ*eV}L{N21;GtO<P%uy1MUV1%pEySrq)lwT(t&6VeSNBgqi9th(Rbv+oT}VY#
zOJ!zt|E9Kc7Tb{h7J;*Dt$PT+1CV(mauniv2kN537{Blp%Z?0b$F?pe@>+{(%(L@M
zzv%FHs;>|Ebu~Qc@$E<Lr1p~zAvf1=fA!q!0?TuBN|#B4WH6H<Q8y*p{^R>PAQf*h
z>sGcY6Yz54VKx)g@~nQJ>56Ju`>T54vNFTOufcic2z^}>6hX7V1UQ`~7Mcqk0`o#1
zy+{tYF*E6j@8CtU7)4DtG4|Yg?_eyCv8NgU^!hB-3o9C;ZT&ktJsk!@Y>f9T!DC?p
zFGGF^TDPT|5r`P|qe-2IA&SXQi^>SuGP%?Az1d)dWbvFjVJx<uqbv7^z+x(fT7hui
zs&zt{2xQtUlfZ~_#WXK%;+Rrbts;d9OseDi`H7Ks+A<}#Y%Odzh+a$~So9M~wWbF5
zkV5M?6Fi^M#)Lf(*qINM`20fFEY*kZ=2dOOdPR4l)<$S_TQ*h-*0P0as9dGgarOl(
z%P_?Xne*JE-Y|5IVo6S=E{}}^EgIC4`b_^K1^Xh_3|%zuBUEc||BCheKXtkFL(Jza
zMb-Yon`e(h)Qb~$U<)j;H))9Wc4^|=ZbiO>R9Va_&co+SnqG2<_z*EiLavS1X~sX-
z#w(N&>~ckLZx+*^qt?8O*lF8#(X@}C-@}?@p1O!h7VhrEy;puYGj9kH0Hk63mZcHS
z=U;#&X}c5^Xs2=j($Z_KDE?q3o9Hp6pT<c_SY&zTaK+0e0d3Met*P8q+L%MtiZXB$
zSidk7USGS+-!c!+3qH=4$1)GOHauO!Ou}QR<3k>Lb`Q=oem>z&3~`np5*xrpDgUEH
zg(qSx3qhO9pXZ3~MM5Dix8n|XoWPfj=hw)Q;}`Q-2-jTq>NB{|4a4>-of8h_TZM?z
z8aZSQ9`o9#vS0j+F+KXL>H-(t+O~`&hu)A!y~DS5yZibEw0b)ASbKRr8p{l&7m<vx
z`Vt5*%8zu6h>fSusLD+YJ6VLYk4^V8q2iw+OEC4_(h@RE#`lq>lGe?n4wTWQbkv}V
zRVNziv;Zw#vSq7E)hK>4$-~Mp%dyw}SS?iTGIDa8O9eQ&DQjl${&2t)O7i!U8=?!h
z{>G?%Snjw@GE^b(V#5=QG6I;CqrR~n$Dn*U&Iy?bLg~UZ@{w_bT2Ub$+(7)NlIEb#
z{UzORc%<*K{xEZx!?C{+&A#qL?A=FMjNUgxm|fcHQ5(lxdUW_K-#a%Co0=sdG|F5$
z#{60&eYXxv>TQH;4?oC=lrq7{qN5~8L~?6IJEQxmcjxlNq_%BWlYc$BC-9`;;o`)L
zp%@E~G)aomSyEvf`J6ZnlN>O-0)4pq-QGg6b%*7j3dj9`KMDBTd)w;pR#uXA9-{QH
z1fQ^A9CxEI1|4&!2hTebhEqWhtwr*YP^3vV42&HsX3Up(VEO8yn|3M!j{q+*Hvn40
zMo233Ln#O7D6{xrj3*u$Cu;IHe*8FCWk7Uz!n+`Ti=ALUu%QS&Dyd*lF$cCfu;4!z
za1hh?ZHylj`o)1Sj8^1%@M>tKvXw%bd|H@y;f0BjeXLkvqN0hAC5ce5UQ94ijq#8r
z`zEi9nAYw~hOHkme3EBZWxRkcMf{7QN{YjMe<m3HVRL3K<MRkSUIQxmCtz8q6(^_n
z<b)(@^e%}LbV!X$%mAs>%)&b)Jl|NXGgt&Wqc!9G7`XN6^2$Yzl5Pj_xpr&i=AC3@
zr@O;~&W0KTCQx?DETdn4RTs3`$`J929zU%Wx)oz1-toe@R7yTnaj}V&r^1?);8r)V
z>|#U-xNl)GH7+l#FERak<PP_m$w{<XaA=|;vtz@fGhD=8vb!_tWC;PWRmB8wr8nL@
zDThZzLE-y-HRU7ZfOBo0BOQ9hzt0jZsgI7TAj?Zxs+nSl5<0D>RhGMNsqr1?545w;
z_vI2IV>ztX&vDy7`>5Ur+3Or;^qH?4@*~z_um7+)G`L>X>hrj(GvfDP1lJaLxUjED
zN7v^npkDn^E6JHn_H(Mpfo+?5(-8J4omT#wI`l{bz*z|1&p7tuzr6+4N5STbid=pB
zBQ3}jozFjPp^nALUekh4QY3Ga8F6pl-+KmS9(Xo@Z^B2CuER5xXU5j{{b0fWlnH!P
z8W>3|56}jF9bVYa?H*idbZ$^qWrWTkT+~jLFtAgT+n^P3b(he7m86E^sd`|E;jbYY
zCKV%$fCnn01gq+D?x+jhhR6sKLP%?DsJD-`i=agWqd{Bk{{(JgHzp<T8zyX%)XjQ{
z7COEkW`+3D)1G>Leh%`eEpCtOH9=}~eu4==v9Cu67KE014%vUX(YL0+O&INL<%Vtt
zq*vc}>*}SZ!ux&fvc6EAACr(I!#;Jj9H`#*gnLt*>F5UqV7<E&5kjtUkXbdo<RkuL
z4~efNvJ&x=pLv-}C@UbTB_i(iH<GwuV>*>r;xwnkQz*`58Gnj1PK5XhH*iPyHZ&xd
zIrpDTiVDSK^2>23(}geaECCq^l7O8@v`$FW+R_#vs&se@^H^5|kgaOB5_|qDcf}1l
zl{Iw!po{HDsZx#etEY6SD?!?c57ThM)qvJz3tpY^i1N_bK7(=P>mW63T=<tQRvb+-
zzL!M!vFaEDAL1EoHOuS@S0>>0m_QS<{)R=^R4NkSJwSOPv%QryM@yy2$$NV0R(&ul
zk+`wz6wd~y>9j&P7nNei^w(sTMRlFMM(q+pMYFG8^D!P9Rh{rFDb2=ZMmFy>mt{uo
z0!FUPyrsm!dmxt;-I7_aHDk1xkWlgh-CJ(?nIxkuF&eAkRIWY&CYSZ)O(wKa;f_5L
z0FVW<aO}xF5VR8S;BTp7vReTD#q4}E3j0xS+Lyy+!f~RL$4z*LOVX@MJo$z}a)&%b
z%*(hmu5G@q2^-JC0M_83F~JY>6Kmk}d^uYFYi!XoX=;w*cJBR_?o(p-^LJ}bz@~%%
z@%bM9qNZd+r31Ssm>{$Uh-Z9|f%=7<4iwio70VSUf_`s8S!`$d8h3wv6-dD$D|P(L
zT`xj_N-Zo2vcD>hdex8p|H%A|co-oXwJmMz5*TAaS1R9m@bq(g19bJM6%2;rUzT#J
zC)I_&M$y_$t$K9H=XBjvRKets&E)7crq0rezn5~=#Ve;#9jD@@qNQ;M&5l9qy1P}-
zr=cmOS)<1ds{H?MKp=Gk0I-8|?SPr;TUj<6?idmv6{#h#!gC;U8{JgJDXs5raOF<;
zh7iNYAlu_w$#?*F;QLqqb*h{d!S30%(Uyl0aV9{uf8!~cq%bY!Gxe#CsN)R&WV_|w
zo$QmA>5MX6fJZI@1A%a3fC$RkLXHX+9_T#SI_*#oT2%9XmpcP2e&JhoumyGeuk4t!
zmtHlwa*p0&yx5qUKk*!HG&A2#N3_4l^pX22AmZ_q*3SHHol*P>N2V?B3w16+5jv>Y
z*CIiz0iwRbF=f(1|2PF16AO>SSfrT=@WCS7S(LfG6iWL2imDwt(sJMe1lrn}hjV4F
z&-uGoYzf#lFocW$xilEa{uosyW8Oz>qgkc>x=L0|m%{8)O@5j?lxS9FT4^>QKJVYF
zIqDzKCdb#F&Q-08F-&_?b*2h`mEC$5r8oE-pHSiX0e5$&+Cvfk>KWY=5t?wo!tvHA
zlDK$BvULzxTjj^NJ|=z~=i08wRJUoXhmzKxS@-mTQ}8=AqBYsX5IX`KuPoV0d*Gr<
zhvrXCTg*252=mfVdNAi?M5FcN79E{z$+}C4YQ>zA?8Knsm<fF7@qcuM$zw0iaQT(^
zAjX(`RTVX_BBz{oh817!YHR|}BYMvH+k%2^@}Sk}qKGiIEftE?eoc|2EEq5OPzYYM
z=&^l?2c0i3UG!4(_vwD`t#tl;0mvn0cd2rim}Govn{luxM;Tjj$S7l@q)EgOQY5q0
zKevnjwffdX?k1H|&n4j|Nl?5VR2WfAt`WvbP%_^*#pDKAk|e6*aXu_+fAt<LMq)ei
zk2UAQixwlP{U7AR`!?)XBL|kUfkMJdnLsh2#mvAI&|;*{IirMZ6hA^#zMHUrnuvdz
zsP9H3<{_nM>}_iC@Wa&7NdQ@U=i?X^3^66GgAXiB^eSqIip*FLPTUCOS(v1D^ZV0q
zGJfngZv2D6-*~)Mqk;FR=)$a3bUGxH3?<_W1QP{a4nIVU{49PGRwJjBWZhC%UQLbf
zZQ;<amXd7t6&EQ(vQ}m|ZYCd1N#lQTcy<JQr(G<Xc~w%B47KdXrix-ToDeQeBKxMV
zpZx9giORGbRFWxW#<l*4N;D%iN~TjP*I@zNwHq^8C7Wf(g-gSM4N`S%z7nup<7=Od
z+|sx;fOrr1*fk|W(+U{kK(hbZjz0Nd{Dn&y9=iYzUcklp>%2h0l5EIR#zGFKZKagF
z%KF=)RhOXuRf^W7e~VXIapnyai{9dZ2Pz}Os?uHGsV90J%ELwkEu*!i-8SAn0CtB_
zCMyjZ1yVva`Tq=>QViq`mZ;sQ=LC_p*e~?2$~nu1Tgn44KctT+E&+ucL>^kZDw>9w
zRWYf}#R&!56&JQq<3hTf{FbKm+W#?ELnozeOIlKE{&&>c6>jlsR&s`ZyaQ55pfYx3
z1HlVC2XRkrP=HUQIH|1GK;+mhO?)XdbUP^R{9*&UYYj9fN+pI+pIQo+I+At562mmy
z@YNu7dZVi|gfh|FeBRXLLC<eLhf0lu_wv%sfB+MAi2@h0Ba=T8X&*(r{{Td9*z`@<
zgy8@THnZ}`hI9<$T`&sg?ereP|2Xyp{L3CiQucWup|g|%8k@n{wAU_qQcRW3U^yN<
z<?Rm6o6eICSppB3-<E*?Rf?++`qAhib04Xz^a(g(lHZ)rF;W+2?1_H`X(3D43&0^j
zcP17BH*ci9ukr{!3Xx?mv}5Jg3R~u_Qw(iLim!AMsvIRyI{8ANtXm%71TNad!rL=I
zz2;F*WHNt_DAHmSajc$25IRbUk4Rl7uT#J&b4uUN`>Xtil`fAg&g40I+>z?%laY`e
zwYJxWOVUxuqK_I&!vIazx<MM9T^&psH!&BV#wm6&A0?D?iymeT*gBL_d2JGUsJhNc
zvv8Iy>B`jbB`OFv0!$4xSQch%A&jvc8C?r`7=lX~(TYTfPa3Ma*KsW#c_$5Z>I|yT
zCBz&tQoEU5imgqM>;MCG(Fh+*5%BM6Vrlz8fsw*>?66`a^p8*taq~2W0-&p;I}bm$
z!Z_24zjGz~(y$V*ctN4oB}_jU&kHes1gAq;l7ApBrZ_v>$bb}kXF5UAh^Ap1PQ%E)
z1MD(x6r{WFQ@vjcLih!kM({cN-NLs&iv4tIS0m{~#DPGCf;z6V=vGqG`}r^H)P1P@
zM<W}J&kdCx9jBmYdmU4WQ@P&HS9+ykLn6iSbgmnfQ_!l$ogGgvICZC)Slf&co^7#q
z)r9=|ceZy$WU1>rsR&ZidE!>nzed+-R^7^!TKuT$8-byL5sU38ZKLOKunjuye4E6)
zSerckwNzE3=FSqCB~!pJdYafgs9A$iC6G+VE$3}x(>qfesn|v-nqZ-)Xtk9#_I8l1
zO+kc9#hU+i1~)<pri_)hqySUqQiutobak!rK;!~Qp@)39M(Wh%3K^o{r8rSxc)mt&
zPn**j%9MX&U6(7rl;ef^9L4+QAAzW6iIrn)WDG;(;E8H5ed$g@MfBl!>WV41A6Khv
z63>JHmWc_6NhgU8kUUBu3BTltF=OQtJzat>R%xn;+1Zh07Ub*Lpkm3UPD80vp@NdW
zL+(tkT=w5<a%_{ya!?@%t>yo3RNiE@>NvDX3dKf#-#e{y(n7JtJ-Tkpa1z-D;hbAK
zg3K;UzVy1)YTtTb@I<3@hBvtyUtOK7P40t|+VH1lG_%8ZU_nS1Rkm?44D(t9Lg_n!
zo{B+;0rTmm61--Fg@W3IlJAUr6dYP{Jl;ukK+VcTM)sbG3%#}S>1te*ApiIlDh2Kt
z%%=#WK|Kx{#`O~&_8Y*XqBNtpC_W-;(2jydk1y_%XvP-9Y&50s0A(W#%4;lWIgkEk
zCBDdV@-vDByaN=~&T5KozW<3USwVRGuO^Zy>w2F4sAl5B4WC)Ms!<C|lm$dpG{2v%
zi86{bdp8WPoC67kdpIsSHU)<#ptD^t7doYAZ*EIa+}3K~T`ea2Edv73FHfSiwWlL(
ztn-d8vuSRr1yT+>b;|)5IcEGXihBs;lP@kkF{iJ9^oZ-TU~e(t7i*<+dtuJ~(<nL;
zVR`V#IrUbEV{qE7xxz5zmSrvynq9TY#qclRkiO_!?4<T_v79)PJQ_J6Cq@2p3!e%y
z90CaXLo^tVpqo((nNXpa$u<8m+~FZINl~{IWOQcZ-iMwsvdx^l`_}0XAS!0d-H8Dn
z?payvcue+B*#+QZgocKiWb@9KW`lv3=79x2!R5A$+<hiU_N~gn(HYu@pAH7$@$M&q
z%TKd+ik!Opx#4DK^fLt8b^Lcz0z)b!Nz-<Y#35GNFHO`*lWv5%B9_@}ezwwN&byF;
z@yv3U0vzNhUB5#J(X-0k2y;+Gax<-%&%7jD1PV=4l7dm1<kFmg{Z^tJ<Q1YjfdW33
zKSf$vf?a!Q+SrBm`0+BJ?SyheLp{vz6|X2=we}MX5St5|_a*uYsYZ(uhT@!L5W)uT
z{SWMPec$(vRO#<Q|I9L7A)ap#o~N;QBmHF+`#w5#x5XXST>H89;qWNG?czX|2EyC(
zLzkUbz!&Zod%(UDzkq8)>L{bQ{U{{{SRnr=LL8Pm;!SwAN)Q=~QQ_vJk(XPN2%+1l
zyQ#jO<|yKLNDR(1mbqm_;X!c(e>fs-Xh|1I_%7#MoBWJtw}R0LObb1Dbdvi}-igd-
zbVzqqL%;W^TDwa&2*4-56E^NoQLdwN&d)2hab1}2C7S&4%RS}7owhP((c{^r=f|>H
zxg-YWm(^XLt2A0v!4VhpI!G?%%eygLbKN^^v$JS+ijz3`Oc|ox3Klx-)R|qK#ts^^
zxIyx(A~ntQ?b}21t9m_J&9d2mqIu82WjENA-x{UmlBRO|D&?$wVI{Z<--7d}Ivf;a
zsO_53=?_XeZA#l4FhQ%APYS)<oKra6aXVWoKsbZv#xgmuQPzCUGxSLT5+&j1-1QI9
zf)QA~p~*gSsp=|>DIo0)#BF1|xSt+O404Q|)6rnJ>4O|BFWf}c${lDfG8Y)b&+w7^
zwlQBS?u2mFi<j-I`xbCxz2|~H8E+YpQ3Sw1LfG7&+`L#a7GPkX>>lq5Sh;h{0rQ6N
z1;C@%lqz!wW@*0mk2D&)eFUo$kUDj*EYY-@5IyPjK=;csC$ynWyrZZkO~Fq621#2e
zMg=&3{697)?rr5r(azbeKWS=pPI8&`3-K`=Zy`(r<2$_a3-#=mZ4bD%&A~#PTjW~6
zP7HIDm^1Gv_NWr4g71&!TENbSUXC6N`3PAHB2FE%Do*0yP^M#vc|1<xIg52T+tYCr
z7O*55&$I3zVU#g5PoZ@&u`FPvFf)<hWWUL&2o|KDU%+8zzypzEZi4WO;I>l(6+yzI
zO#ovQ+f!x?v;@+Qn(KyUfF69APDmSO9<cTTG@$hrhPuUhgkh<;$EUV`;QQeEy-EJ_
zA2_Q$SBoF!8Brd?EsS!@;l>8p=8xtE5I#L~X%J39Q=x0u3AA1Bmxev5lRj+l5|7%(
ztw{1jH!PM+u1+IS;D77U=C_@P#~VZ6l;{qalw0(Sj>Kn2Pe5vVPMnQZ3S@egWnB>`
z7@tSLJs=sMZ}jFJ_;Ve32R{EyZKd}g=Z$;mgeMp>Z39l4biI{qd*G7+4&%^qfEzwA
z(TlU8FrlX<Py~Mfw=lHVuSqbp^HLK?*OjsmeA|s_S?quiwfBvou*%tw8xO<j;lDwz
zPdtAk(AyU&VTm=17E<<+!em}6mTzFQB#|-dVM39H(2nz&?4iq*J8V|-LvK|De^h92
zh2ciyOthbu>t(Fwf7QL2CSW|0DLqW;7>ViZ*n1EXAUO*a7*`S7q_Y39py#O*ilyfK
z((}`SN>hl4vc?MP4BsFSM3^WB{#|U)*I+!u(u4>f)`u!AN{ivdz%WBH>iNef7VeoY
z=4YHBSc3%xR{u-rh~`_=n$U1Bq<IcsDc=YCLLfwDfK?97IhyQcs7VA_34b&`Y}~~o
zQgKmQKvW#Ztw{H><z9}E8R9m@^b5(Ax5(fFxSLm*p#G3)*|Pyt0ji1}DtKnjmI3x#
ze!lg#)q!c{784ws)GCM0zE^cSc1RsJ^I$0yh0*djM-h3&mN^2c;3|hzq(-4_GH>J|
z1_uNTjkkpaB|!0KX1H=EGJg&!Pd=d~_UMcn`=zFkx6E1<$V)mMD#fY}4rH9wQ+jb>
zTEfp{w-~U~R!s`&`ML>YV#L(HCcZb!WcQtuZVH%v4k3kl3;o;k4(rQ2N{RIr26Mj$
zF0InKq2;UZgJ<gj@HxhJavk?UG%D#n=;UL;tOvnP_jS$uT$Fp!@}u%!n$LcGzy0GJ
zsV!A6=?S3XnsiY;jTU(0^__*r7mTnPM3bFD6(0~~Srag)nz|^oUh1Q;V;d1z<yyL-
zVMKjTywMsfRxA<1I0P`LSb}hGkvp`e!PIh>uuB4^8MqtT_sBD3TfnrOr`VJNzwrUg
z{5boKUK`eft!v-o7qjeH5nP~2a(PeA>%55U{Zf$*4zF2LcWKiR66$qVn94k{=mLHA
zNp|n(XCyyohue2;$(j9S?#4g?k=rRpj^F~Bz)(B!az^DuCrYBlhY8LoDV|B!$+J=K
zap;BwEEDahQFGyg@Rdrq%G?I<YT^9LwF>x&I5!b`BO`lctN^bnf(rP#8vG8-P^k!y
zZP?<yApR)=Dd>vP7Lv;ke2((JZMQLyCr3bDQSqvakXF%d?;#iMtHHHWS*v-^SkW`(
zf5ugG+l~0B8MZBjXc+#O2GKHXrxH^$@Ky(X_o+@v$>Cx@SJh1u5`=xk`0_FZEJDl&
zUY~XZnH11Sf?5RnKJ&X@5z&owA)f@A6?zooox*;or;g<6%e-2At_}iYC%BixEa<l{
z;79k_7H~{m<mE4B0a|`ZTAh~HcK`83fQ%u7Hd_%7^~o>*C6kYJNzg+!+ycao5XZwd
zja3ZKFyZfl%FL!9{cKHHFQNQneM&OQR~fB$Co(azRKxvJHb?Q0_z5`UTH1xSD-hBZ
zKJ=uxz(^Jdku3~`IYHvnhDOIv7m_M@Ejpq`9@SeD3Xg&ww2JKwgBz*k490{S=Xq_4
zMgFA*GP9#EpGzkK?zv-{SC#XfPm9#kgSRhcMrbQ;yU`<IDid&?RK3698wc?ej_HmK
z8Dppj7q7;eaOX=j*&^XrO0;I-j@UcN9h73v`rfYaU)cN?cK-qNToFulCGZ+ZJXPr$
zxBNiH1szfw;N3sxF{_i@Nlja<BKv!8eIi84&Z$e5p_$GeyoMy;<$)kF?d|iZhUIR1
zF3@|+wSO48{S#3iU5U$Fb&}xN3buK)_NR8%phNr)ivJFYFul#F$3xQ_Z1Xr_O>M1l
zr{q@g3o!JoX-|T|%3?w)^RKc<B&B;7+nditfCZ-N^Gz535vC(NdDi5l?g}yq<0=Q@
zc0ji@j^Ek;jyIEXa%~kj9z#HuqJDQ|TEQjZo<>os%EyPR-;<eEb`9yXNKDLpuq7N&
z{{ir+CT?b=XYEjkZ5fOm^bIGjjCL?LW~v7;fGCe~LkJ3RmouOc0$1(uL8m{{1%mR{
zvM;3M9*UFz3$&$02$Lk_$R)n?LW9(ctavQE`7xMhQBJxv`D2v)g;c{p&OMj>*yy~{
zwr`3W-3C(}Z^0m7<{?bR<d2_A$()>cofO0Wi*+#l5;@Jyj84sG8&E*_tmp>Br^?~j
zZFg0l8F&PR>Wzj0t}o>+N!l-A<Rme_tfaY<^x%qy;c?7|A2x>1tsr5PWEr%dFnk#E
z&-a_W8S|zuIb36N#vwlaEeg^uF50imb<!mKm`0*i=jhSfGb{z(;>trJvu%=UK$FRA
zUg8;MT07zy;Ur8ycFZ)85egJ>03r+Hm`&f<EGwTvUeC6SB`IqK#tkC<mN9w_<SX2w
zHa=#WVIxAW5!<59mu$MlqESq;e(b#1nr0szt(!6<w5&c%P2&u16BwqZJ~rhHPouM7
zRUbH0!{s##oTiB#sV6*L+c{yh?urnlIHj!FL#}ZsRQV%K)sVVe-UU3<oQDbF!l(M;
z2L)6)Tue$3vOF~gr70-=#37r}KDkyd1$;Z*%zmH=)2eiCCspe`oqS4!Qt_D8Pcq5~
zpAn1ot(ZW|pkKE?q}#b>kE(2AO0JQeF4CRieUp<11l%Rfq>*BIqy!zojtr*9NQ3Vf
z&sf46GWT~msmFx)v|)%bp`0e|a2Oe<1mY`tiT*eWoq}`Eo^}~R72JWwmzEpFMoqPP
zV<IQb%;l_W8MLbzLdraMC9A*~yY5%C<B3L+Ik!+p_uEDX&IrTpMEFl!<DbH?*b7d|
z-wH<lCMrk8hkguQsIQlICtDOM9<SmX-QZB-^W8_bhv-_gimEEzck%#Jku!?<aZpq$
zJfI```!~WfzFDxys?q_6)(dF~oEjzY&})WvB#SD3mTy*K%%7#uYEqLKE`$9W7v%Li
zlHZ)ur8;c~J06Ie)p53~#Vyt~zsf6H!{FU>bU3Z?d#C{3dLW!xneNqF0~K4psMM-B
z%Nr@GmH+<!cAbE9-WQXAA?3Nx=gknMwwi_WJnbx`Y!llGD*VYaRvoGqq^#AFw%NQ&
zMqQ#yrKi(XQE}ei;upz2)mW4ym*Mivf{v)|oUx0#r4T#b6)jb&QMn)#dx_iO1)^Lq
zJCT@MM;e{BqIZabO>HbCz&CXb_L6uLpu{@<PVU>%8s{K6X?AGW&?JgkOUl_XO(5V(
z{_UE0BX!KxlD(~|+k~-O&q@fdn$&b&Jr7T>Da|U$CAEyEva#;cHnz>?mJH``tU{O0
z6GLuBGBNBjp^rN!XNY)l=~g4_Mlc<08XWT+1sN$6(XID<980?-_R&qrwuYK$cQW`g
zltc-TZzQ`@;KzMcND$&f`oZNv28@|-{$82LOD{dl<e1KI=Lkt^T!=)B7#TD?N<;+F
zthq=J^6F%lxtrVdy`j>aI_m;sG_MUHy41S3SWnd7AhmT)ea`=}lTPD)_};fo8O=4|
z|1Ia%4FdTt!Z#B7TS>jvVv|iGby5aH=}4^x2yL&7gm06rwWrN>S8%FIMu!k_cr#9a
zL`OINj5+y^zSB?oa{M2v-Z{9Ft@|DhCbn(c$;7txiEZ1qt%;3^ZQHhObAm~Jx%d0r
zx9Y7rwQKb{yQ{kTkM4E$-e(^*O?7ESA#~{&_B$DiTcapS?ubt^*0Ee$i{T?PEtm5(
zoK$B~H{$!&k6=&uL#p#4L`bCZzuE`IQkt0Ii?ph0sJlpGGsXH!k!HB)0TZeg=jj5`
zKk~_!$aE<2P*Z7~0%0om2UK`!B&-Z|tN~<#+7z=)mCmco0^S;+2L3=efFhwwSW6vL
zNHBV2sUR4f^IG~xV?$A05@xf)$~4?Y$(+P#11h7<;zrRDr6-%t4CGW7bH^<NQ^D}~
zr&&iWWVo_4NwdHPP3kIDc&Nt?RRfzk$9#MH33B{RMicMUIGV@Qnqo-H4*H80;SrsV
z;OlW(Li)Hmw1ZIS-0P|`VmoWgz-8p~`F6m17ULzQ5-KO&L|tvv9N!^!Vm+`kzyWmq
zS+m$$o@tGgWI6n=auT@Mp;y9_OM+B0UKk&3eEV|31>2ZKa;Q6OVTrSV3#?N`ZTmth
zIQU4Ki$zXuF$8!cN!_I86CJVsigqSdy2lnJp5M4Hs?y!0XdF;50rHZAZ0UH6n7I58
zUDORODHsueTNBn!RSl5JFXanmG^&U!2?wbBSJ7~N%Oe@g7Sis#BE4Y9lIX)=2kHGN
z@we{@DKR<BmLJOBk}eqYLu8)5#hqln$YElaqtvx+2q!^^kMuFtj&^3}Lx{%oiRvG_
zr2mg)`?eDcFrjy%G^TbK!$Qcz7*)S?{K7*>qZu@rIt)=^Br)|GJ0*nNkUk7W=Wn%N
zAhTnDs-EEvCYb*YeZFb8wQZjh9Jo!Y?9N}fD3X+Pv`exaO%zfnt1T9fXYG0?gI_oi
zVKp|Yv`J9*?i5cvp%Bq6pqmu)=uyEu_O|^%JXy<kCiN998KJI)>==QqBUS0tcJ&Kq
z0vmxtLZJp|C+)3~wdkZLQ3lE~W5{;HM#A)wr$>>0QL@ti$TX(U_#l~YMYK+AGry0M
zI}oasJT4gHSBin@Bj(h7I!_z^6TU>SxbHrBjx#ds_T(+*01aS@g*f3W#2gWJ&Q**)
z2xy<79KN^b1@~m!E*rXw=auth#G;hzqaJ3mA^sN+Gi4KtdCux=!Bh)XpcztiZXHJ6
z%KJI#gr3n4T;B=FNTOBf=hz+o`XC88{YMP3yq=-WC4I{yvwLOg0t(g2pA<=TSfd^F
z6jY>{)^Zu%8mI(`vg{PH-3aLa1M>d^g5_$~66|YPtYBxlbwnDZP<q?E%YVq>UPHBU
z7ec&+>0={=x`{9*P>H@s<-A{VZX|{s5Z+>qabF5<B;<y2qD}U5b|i+GT^P{OWj7O|
zjP})dXfs+#FeZ#^)HPTo1({>L7<JKQmEyA^d9fx?Cx2?N?v>&cb*O(gC=`DBIZp*Z
zGW0WNdL21ITA%{(B<)!%xvFgs=IWwM3MVo684A@v9p_U?Y(_wIk^c%SAvB@Df6UOw
z&j>WmcAvEh^e~5>citDQk#Kb8X)m~wMZSe-P&WntGgy76!|lhE^}!ZxVi{J0Im}!$
zpayG{zPLvdS~qzbuKP8F-JqUBG9vy(1~M?FH=s@qGWai6F98}9`)c#rp;k+1{QkYH
zR`sBMuF<cUptXZ^l>WLaRH`&|@l`Oqm!~Buo*%rMILwt3lPZolNE_pih)$Ne+fOT)
zI^1e9+Lx`0ILf7}wb~c>Kj8Eq@cKV6Hq#vm)<mA_N6!C1jlLL3dNZChfVDG;$A24X
z)E!IUKExzFg3!7DEAt>uKjMz>0jWp*nuFjj>Zto0O78eMOh!MT^r#;XiQ422V%GdT
zRu;AWKOi?W%qI!tTeoTFP$!S<zf*M6^V5`mc#zLPGUA_Xt6Rfcu<Y+`au#icDr96@
z)X0k;w)ylnk}iV83eZiqfd$k+4nKUe6T&`{@})jszt-N@uSF6{_C9{SZ#cQe5*GMQ
zk{T~hWvV%w-n_rfL)6Kx64v^YPuKXBx8s0WprWBBWi@aov|N{;pL<@MTZ*uME@a36
z9cc&%7brcyK?mYnuwqLI>x4!4VER2z5ezXlsWBpo@%3ZlE{x?P3LZ?!96&TdJ>Cmj
zx8i9sI9t~5l#iD|17)&MfUJiloN2OF{s2PI)GfXI;SnQ%qdaq@vXwaKxnli+2V|$~
zwT$L1x^>#Yp}Xncmu*%DNmk;<E@9}2DbG`-isRnUTQKpWj(%Dg*CTACl4n+I5S)6p
zuu*4*HH4xT)wr3myO>0AfIZ9;WblPfv0Qz6+NsQy!5bB<Avxek=z1g5Ru{zB-k|gL
zvk%g;bs9=QWf;Pr*DRQzr<t6!#fvEVV-!E`_XODj{DEQFIL(*&8u&2-$xUwM!B*^?
zs?qO{AhDgRG78cY_`FrH&}!~_5|I0SHrn2C4@7u)f5s^as-{}4VXyb|5Y6wO*uhTv
z+3K7jgaG(ew(?~roCEGduBrP`8_Ec{%_$#)^3lQBlEh@?K2Tk!7hA~G^udC5|9uNy
zmwQ7QLNf>uu5d{{Z@hnXugXqc*t0*l(?$V=%ly=th>R>$`byh)h@B*1GyP?smJT^l
zQcy-h`jCibhEYmz)|zNPW!1`7h^C9qO?1mLOs+X(mLR9B+nJu1tZzHS@sVrJPRsnQ
z*p~u~bcm)EVVO1&Lf1{s38Tx}4iC-!hLV;Lq|RLoOa2|cB8PE?7Bf>VPOl7wc{qgb
zDHxIi&&&<4Gn9v`*`TMN+In!SE+ZHT9xP-xS{Z^(m2jy!2auLj>lqM1H{UGO_0*h0
z*OEPABsx(J0X5xx5cwSPt;T^q7@H&#EB9G<|A@W}DA#AVzEQa8LOkpz@c=j$HE958
zG`iM^m`sJpee2Kb3HK_m2e!4KXi-dV^4jR+;mM}2?0^>(BKo}4j53bYYm#X~x@V^0
z#eAeIxNcC@crNgdD}?qUj#ko-gXu(J6gurbnD0=y%`uA3?Vojsxc#87-W`hWkSaRe
zfMuh17h$;pTqkVXD5Uy`poSj;8ts#QN=}o_1A;G-8yTWU&*Rd+@ylb{h<4m&;HW?i
zue+CGVl(rpGh<Z`SFMGdEP4)XQbitsoNPHGPBCu~F!)RsE)u`n=Onp@77GbF!GevE
z%=3?KLrDiQ7+#A^wjT~;N9rd&1u|T7V>9t{zeoa{x?69|2R|-1DKxC!_qz*`9$Hh+
zp;HKAIheD#H0C<`00g<DNXw>(JN`XTpSJ2K<=2opF{kAwgc!bE1}j009iZ;V`1%c2
zGFPW#4+SO)#}RxR2B@^P2$2&mhHGd=)bN71=*VP2%yUc)9IZrca?(&*YQDZmPnB*G
z*^%~3)}&vDo9biVN5^X=Av%4`&_<8KuvO?}`S*-OZXw_p+eclX2(wK~Gtf<Lj8d0I
z5vZvJcWW)ixd+A-P`}gTI>$!@1H5tclqaC(ex)Y+U&I!CmtW17g>B|><_Yd$7-hz%
znMn^&11r;oanS@Ri)DkhkG5D(T$=~gsky3U#^io%OUdbM4$UbWoVz;Wbxr3J0fKP-
z%*KAtrb*n-1b35;KBmv6iEuU-=vDbBLx7&_p&tbvVLHV+lc68hC~L$MMD)KN8xOb6
za*5}*cg)I9&DIc=?zj+z-9jQ)!aJ`<#Ietj4$#v*8P!eX<NT&}QI|S1tYGT4!{FBX
z>*dzivDD+H=B4rX$WEP$rsC@$uP1Hk%VBnB;{5C9>5b7-TA(kUvw;QqK%GWG_wwNg
z(Et%(URUGeEqAgFR0YKUWB5*HQ)=<W-*K1_SG6ZA{sOvwv}Uyha~KCIJ@bX}R0^e9
zl-ku*n7nfvi7tXf1^0oo(!T1}xsB#TYWn<Q_ejo;(?mrq-Id;?h}&=DUFjGT<T?xL
z){0?o`SM_bBY?BmPWRUHh!Z|(aD*?50*=`G0t{(`6pvD8`Ep@0=9212-d%NUE{ws@
z&%1n)8O;D=lHXbJ?LhhH@^w!bBb}d5mHl2g9s0E0U~<A%S+QDxZKeb@%HXoLtu>B~
zg*uKE1Dn4o+?)Su{gmE)v9kGW+Z|Vd#JUO`#VWnCPR@fZ*r3LF!uDrb-q>68@EKkN
z_GB#fo`VEfSJLl=$zfO3h=CRd8>~A0XRO!-E+h*}3*YPL&yzdJSn-UwKCIjkZccm)
zK5#Sd(}5~Ek$)(Hx7Bi#gkvN7;V{1VbCIG~%&dGr2eGpvDsI$rXYgJ2hV_)am!SdJ
z3hxOR^YMuvQZ4HymIhoAa9*!C7s*067tYH+H{>8dAAOko;r)9--`zT^Z1t_F-qm1F
zzc-nfG7S%&Qms>y4Lj#rINlg#Uinz3sr^!veL*9^JMieh&U}+uv97;Wb1(MJ$O;2Y
z485a3sEn76r9bpjz~?8+C$XG_$m6n7<&v9C!{q*yQR0)G&cfhx&@cM-=Vb8SSCDvR
z<#f_D_q!AF_y?SN{|9{k1!lUlpJ9}G0VB*2j@O&FXr8o5lqb`0dVSwSeeu0HUMf#Y
z(~)qUOs3A&CQV=W0QM)6JImKF%<|o;eWyV)y_Mj+zTl@3eYIisQl@kE5_Q9(+bFmK
zOl4WNtMK^r=%R<))buEBeMFw?s5SifjS5&*{t8mxRKhU}PSsTYJd3cYQ)P|ms6=!$
zOY%aSdRB`6^w54KsS`c=d(<J9fdjyi10$*dxwTE*8&<NzgIAwIS(I1IXJ`MHO{{J1
z#2@R}i5xKW4bVszIyYTL>U;Z%0%No^8ox55wtFMxvNvjr;@bDmR6VhBc4;Rd>0X-_
z2OgZW?=OOu16k<7aO-)fOtzIVF2}GchcUck*?H)sps(syJm+XvISw;~hsKClNrpSX
zruHX|fwnA91^f3C{;49*QN^L1mf8iN%#_2SzmGJW2M-C>RjlhfC|s7~tK(vKlz+^|
zD*wEG!piur_r%5a`>8Sh>-kj4uD)L`uC9YwII`5#r@!m3c%CGk6ZOiiEj@zd`HWbs
z4bk&oAaP2~U8rT#TCT=>WtP!7NSE<ej|54@ug178@oW9Xd9otjAHvD8)#^cb7Q3-g
zLr4&|GhB)*u0ZlY=yozg2CR%`13nv852@7#^?tc))4#x1sL^-i8&p||jGpn6ptE}9
z$jLHCwUIl{7E+C?GYFelsiBGgdNg0E$i_Pz2hKF8mRbg8p<#HhQ#-1n9A>rcN|Sh>
z?mK`be9l7>v|DQn7V*nZwU$FUjw8+kGD|=23Ii!|oj;$(=KZ5qi!N8)o><5w36i+X
z7^UUA^Dh-}U9l@XrLtMp?KBWWxa^u~!~4f5hW98JIq9x2#YA`&etKw%WRqI+h89h0
zl#VDMKMCv|q8toL72s3i7Ldvv>$;_uR!O|j>t~nUE>z3oC;cpaw0G@q_*8lrJ<X!O
zh(x2;+G|CX`5kECP@ozhJj_48$xH5VjwuPi0d-%=w=z~QhVmh!&k2`kIz&Hmc$`7|
z_!^>bDpaC-74<3L1B)KfgH`5d_Th<rWo<*CAYPC}IdiLBTqI6imlPg<Pe*Oit65ck
zS|X_7J=uT|ubf62GMb38oa0RIEW@ly8jFg&<I3(VV=;s{dbw=)Tgsi6up03J!;Qzu
zI>~F5_m!7kIIE~a0Ufcf&=gv5D&@5Q3rXE|4+b;b7Xhw20c#x{3Tth2v&4=U#+GI|
z3M-zH@rv?N!{7W5<0&FouQSO4_&y>#Nc9;doZLNszT$y_ethie*<(#WX_0t_-MZk7
ztGz5Zk&?0ArAse923d3A=Z_cFg25oj!n;vpBXuyvZVaOFTn~{~2SUY+nL&ipL0<}G
zJDIw4f}Y6cqNjd}@m+lWU&@xKBO3~h0^X9^e^5CZvrAU?SJ^!cW||7K->p|~m!{QI
z7qlEM7j@my@<=z@#Fq?ruA&V*c&`WkY;|LG!FrFxx}LTpAh!=Jj@NX-`^>%P$qW2}
z@8ZjJV(q-gh1fn4@3>r{mT<vA#q0v@mSbzd2tSv1lL?x=2f>E#qRFcraQ%Z$F>k(8
z&7lx>qqG&0y&!a5iXi1KkXyPKBV=UTxZSDWiPC`I!khXq-<y^8SG5Z&u=jJybR`BO
z&!BC95Pto~=LLc*DzQanj=4k-C*D`gAXR`=+tn3}!G*!?XwKHc=@1R*@V(Zge)fLM
zd>&8M!D42wG3?}_M~=l4qdBsue77gVWo#GMQny!*6N<a?Kz5K0#Fl2tXzuW~^V(u%
zfp&l*XD0JnS0?_t9=&nO5b&zx1~;(g)yg4jTf+dP#<`qLXLTJHpP@sM6zZS6M8HcR
z+Y0R}!l+UetiVsmJFw@MbCct4{191@p85<7_+3%j>E-}RkAw~31;4wM;aW8A4<mh6
z6bxY7-KiqV#aprAG3$|>qgXs@9cy?x{n~k47TB$=%2S=Y1^PZJoe%II-q7d;R&=X%
zA#(JdTD(W`VqF1p_XQwa58huxYR94Eo4Ygx&=Be)s_A_1?pyE6P@Y38?qWvcs-`b+
zpBizyUeD)MJ-fqnbuI1li3#R@Ejldfy_Y_BQOo8D3hrHhm>MD4ZPGmYAPN$&f3zlr
zyIn<VQGi2(Qh*e=_uc{0eOy)`YZE%^TdSu^`ErcgXq6Aa@)C*P@NH7?k$WFWk)Q>d
z<kCq5T*=G<P$;ZvUAIE=Xfa>qIMLoJL1R;s4!>GO#x^IM{gK)}ui|mZGc%=Ss(CNQ
zGYg8}w{QvvJ0EC~Ky}5BBo$Il#2I#Q);jjfu=7pcP=n`I8>kl{ryil_kr!w!GY2ZA
zsc)h!E;8gM(@};XPHnl^-8dp*6SKsC-tG4mVm>Dgvg(oFDz~I30xdfCK6WZeInDW0
z@UN(Tf~|;3axN&G<>4TwZ%!SSxVStBDtg+Y*5F@FPh_LLN#srKTbLENCG^GxC?E%|
z{g6x;G3IW`f$`dIy<QJ09|yCPkM%d0Bx5#j^;n}7hyC~&irE|M8XZ{U*6IsTDW&7&
zZ%yhdrA+i{KRo?C+&=O{J^o}hR4|Sz58mr#18}&84DYt$CgNo_tS5!d_qC=}<E(pS
zXm&F#^=dzQED=$A`bq40xA|1Nc2Pc})xIhN@IWco=WP!3J%t>W(|bw7TTdW_#~g$1
zcm{Dbv%%B#U(%s#r?IXFHS>VCUxs5V#5!d&noflDuch05)1xHJsb4;7`brj_JnvJU
zM(%Xk)(Lc<yvOF&uZMMv0{cvcEvrV9>>&@4uoV2gP^_UQ5i^W&pdw$6FvdBKaq<nu
zQJ!AZs;MehrsfCEb&L^?Y;%FTwGIbtPmZX~{BO~ls}<8*bm{<rB+i2)Zw)Q+LcmsW
zZhZ!>7h!jjz$_UOVpm7l%Z4vr_iA6O9r&D(2s%x9nhJuBlHVr$EY6eoH6flN#9?{n
z0od`i&dXCOy*hSILWCjxrSo@z2s=^rs)&!nOZm>1Xi$9B0#>BqD_{D<#nf+)A)GbX
zs0{OC1}9tcb;YlMi@@2-*-2CPMiF5ju{RNAY=Y=O#;au&Pnn@BdoAoZ^hq%o(Jo+e
z)+!A2`5WH9X;!-zYl~r=dtgY?<P#dV7zsmd##L_#qW#U!x{Za!;iGy7GAO`WdMB4g
z*E8Uc{Sp>@eLd1db>rk`Fv1i`C~S}(N^z{b1?|j`1D@8FHF$HeokKp{pYtMIp*`Ik
zpW-`0>cXrG{R2V*jG5CAJh8;w^$mGQD2G(6Ir!i@^Raa)VByqBuoO-d@=}Q?=)zRM
zSC-JZS!@(p2Xzc&c{)>l3}#bMC+?5ZQ08h*e<n1XgvdsE771*wqEMtr#yp&aF8&7s
zKZl@-6An8$^Z)(_9{vOG|AJ^v!FPhzyCLYKxx-11J(@{%;(w%MH%JWG{J+HF|A@f<
zh|T{zV*lrH_@Bpr#N|IkCdOh-t5L*1;`2`=cdEoclJ#HWHyQ)2l^1*+pQF2pk4ax{
zC?i1t4PW>8Pj&-75H)Y_BM0k#l^#9%jyP*s!RGI9nH@#V5O5Y5p~I{}ri-8<OKvt4
za%S4|^!HhRR!U}pgU3V3EP{p))V=A1b)4Ql<Pz4g9XZX6OZmRU6{WL757pGPqEERC
zDFx*)K5`n3b;j5#Du)jTjAI_(8O?M^G_=Q$pV~?X%sD2MQ&TW1;<F!NMs-P-{NmB@
z6=-VG$?z43YEfeiJ~Vx8`VOCU5m#p$CxJt+;uOuLlQ}TxCj_~xIVJ8=E$W8lRoVMg
za{lKK+a0nayf532ufX&a+FCs67Ft@4OO`gjRT5Pi;9m_mPmL<&Ql%0tmudNFA$)dI
zCa)~^OY10IF?$}gE9lVrxZb3SiT^NdmI*Hho(Bz$1v#1M*OA@4YS)$>4DR4XaZTG=
z%rAJ9XYeZiCb7GU7#D;ENS)m)n`JG5MFjmSr<d@CbmgKf(ZV2whdx{W=7`%}1o!iz
z8`=pS;wiMh>3imJ&f{{qsFS9_GI)rpCCj@``lJ)WlV)@Y+$>;)Z<)IT;Q0xf_bq&T
zn%wQd1-_-QpV!?itbciJ*-ZHWC!xCdt9Gtx*t$&PgPSG1F86OZbb|g)9_y<jcJ)O?
zZ#<8yB4S#(I#(qImGe<83UzKy*L8%PemZ!6laoSu>y_c0BMZKC;YEJoqcoJnGPzgh
zu%x|#mA^lUBKXitz5ggZQ;^O<G1GDwWU7{SNY5r218`#(IoF`93_!r<sD9yi^AzTH
zpDj`ps%1Y4jj_I3XL8Aj)gVj?=h|qEjGelq0>tq+?$GgO8k#DkhHGOv+l~y?2i%V%
z;6B@lRR<EvlXy5`U@tIBKNBfZ%I^yy!ZMhe<LIBrHwuL5?v^Q{#&Z)TT<*ii2?xV!
z7JQY6eOPT@|6KemB~_|w6_rKWpRYH^^c0kP9fHNXB@>P5X=fIG;|%O!BiR@^DMKKD
zuEttpcU<Ip%gjO(^@0wA$>sZ{{5DZy7ao_vbgIR{?lKJJO%01}i~LtZ%?P34o;50k
zEKhYnLKDk;sW!R4WK9={#@oW|?_B_5l|lINp<!{ixzFtPfgz|>?1o2Kh`hmyZp@L3
zVw)`j12DEgl?5e=n@T@%67ZRf4tq2JPoWn!!;UuFnZ7M2+hH?*9AdlLV+R%SMoN>?
zU)hS6q5ck8QYpn`{!x5A!9B=cQYy;mJrO_3b&B>sRvL5<6Wgo^M12icoaTxz>1<Vo
z(C5JADz-%($z>PKloQozzN5YQvpO^7Do!f<G#1r@ML<pyL6##8Kwe?JSElnVjgtXH
z?VJfGxBVdt_5=Q~oQ{S{P~v5_;PA10+Z1G=AXPH*a0LI8%}1(X<e^08E1pWRMC_#E
z;pi<aW5K7Gn}LMKq9TXi!iB@oVH;eLGN6Oxz~_5eV;lSqtNnCG66ivrJ=JzjBd5+n
zy_BWb4dTsKI8SBhgJW_z0{yNUY>7wWkCv}FqQ5H!<u~lm7n69pO4KjlFGRj7-89$F
zB~|nw)D+7!_zep4-<XJ_C{iUT7{Ql-J6WA3cgJDm2&lOUdb)I-E7EWPP&Rym!F9UM
z?>~5+p!TDl3N|Qqe_KXg_<HA*7wum|<WC(N6?D6oJGc9Q<g9y}uVBch$hFA#Drd$i
zyzl>>KYNC9w|uZL(Bo0%+B%<7*24mNBAypNNR0zrl<A6ajop8N-@Ww#zG(UyQ=`68
z^ff1%zN8p=ea`+G8F<b@ZJ33e36|RDqLn~oFZuv};XA9`*D?Mj9Fqtubn!2dIUx=K
zK{f=YL@Om;n&IN2k+Dh-SK+@ntz_gK{pS*)K6V;<A*iyjq5qNaKN`J+fRyRJXn77Q
z(6|b7$7`4KAw7p@=*Byh#ZtW8bEvF>c!okEz7p?@55mkRkacW5;o8Z5nL;A<KPvhE
zqq4p!%NY$l3(2O!1&G6R`S>hnO|EQGev5|2zxq^Cszh27w8iD|RVD>Ws-w%yYQL$C
zt<tMi(CV8e)z>Tir#btIQ76Y|9MT=lspXu07bo&^d^=n!Nt1cme)}I4r%F9<e&4=7
zah76T#l&5s0!1h0p`U(xGnV!~Louz%F}_4&3_x<>6U-6WqI65FT^A$vt}W9PZB4zo
z41w*A^y%V?{Yc;QtVW0Q`g`d4h|4C*OR1&?Q>1e4O$}3opZt#M{RDN-dLh;(-=~&K
zDBWP2T*0m9bHu$ABSZ0AN49W0@U~jKuQ@T85@}y$vMnXry3A~2QW(tj9Kl_YhX{IX
zE|~uoUd}SmlsfU{f~sm3YDI_fWkptQYWwrShe4g2pwbY9#mImi$8Td!nm>=og$_H;
z$o)J|N0#o<iD(DPr;8-%wD3yrC&s-GK70lFk2i~-m5D#iIk#nog(!t0oW4V*SbGa2
zM6uDg!05i~KfOT-BN*~%7ovD6Qu)P$<!@$kXeQ#$2D3Pk(n(UIk5)d&{6uuiKs}k0
zd0eK>n71De)KX(D63a9hItyn?9*n!6h8JV3Z+inFoTT6uyGU3X>5znooie+hXj`k)
z8B7HVdK(LC&42-x3$D1<AwQ0B>e8-)fd<ZqR^`Bo*I;sYZ|HP7J^I|!VpGW31$1B2
zL=ov58k&@wlMu)%`*K(iGDTo=(RUL{j@~2Nt&amJ@qk^;Cu8K8D&uBH2k0WzCzy`S
z*=(&3<t)A|LVqWP3m49mdXg|rv~U!$=MmAny|Fi$`)X|}So6P8LidBn(#V=)M**j<
znkt8|Gff_Z{uwgr^^KcK5EkY7>uan~yXCdOADk=&Vc=x8V8vCZlUYb=XTja$>bbYG
z=wPdJGo>>i(-F{;=s+v#7o;{u(+#6MkT1G=y9?jUlzJc3ehN01J6GiNBviFRV+ZS_
zj{(Jt>6S64VAaV)O>YR!@#8ZoaJ1c77D7;Eqvvuq7N8S|EIRq!vFVSQ#nQyKnk_C1
zh%3q=a?Oci6@U06XVb2keE$#7?+~|;8PrLqfi?o2**?eUV3^nKu0{AQs4W+84HYzx
z!u<a~iviJ-_)iui#z0)c>Jo-)f*`$bDWxtD#u_NNFvcDezJHZ?w<A<4>M@TuFt;u>
z0UO&u<P@HF$Enk7gE<=*h>S>#MH-e-%2r@KA`LiF8Z&sv4twwi<FPQaJK;YW4ar4e
zY{nL>yBgT141HY@#<Ca!*0*a9BpHx}FL>9?D8TT#F%_TMThOe(+X494;-k+W{SF{b
zd_r;9JjSuIt;{GSoq}P7^J)bU;ANsn`XZdw>Hc|qB5(p8316i*>u5z=#VH+yDe3U{
z0Ep*)R(boHI(t7AV_p2!ko-nKrCs_m%oZPL#c6$bQ!8taEr{K?2!R{(hSnq`mX2Fp
z3fhyZ`h=S+CKd*Nbv2|<OBq1|B%DCg+Ss;LOB=HVvSI9(;Lcu11{$^EA1_B6kaFYO
za8Ktl0E*WH8t7Fr=Ijdw=m>mO7G_~%lvO~sOwNIAYna!HZNZ)_E>|gh{;o;<-MBqj
z7N$t{;GusmldbzoI`0O(B9&L?Hi6&UcNS5Hs-onTmH4uQDf@DL&hO^YwWKb49f<XB
zZE`5j$~x`-{C>$=0B}ywE9YZ124;NyU}cB%$f&IEB!)cI9tDW)y5;;c?~J4;Xdb>7
zdpPWdzHToWWGr5<lFIUHeTVZ&g{}y~U*OTa;PCZIfSfq6u=14Rsejaij3EV_wU|8t
z1q*~}Fn4nsfqx6%59Fddrdb6(aBNHRSqT!@UQb(EG#qXi{T+&`vEYn3+B}1t$Dx*e
zHvqHx%_U`!(_3I_qoJendau+Q{-PAEC&~dDRZP0o7dL2UL0;NkE?a)7!RgVw15cC(
zZ&y#H;OKHyQve4HZDf9N4)+~w=Wq6Tzye|)+!{%-!+-(KZ1~RXkMEu$BevzVm?`bW
z`o;_{;v?LXixS&_lwu!PF5j*#@ifn*MLHXSpf;Q09joo{h>I4e|4_*w9(tn!3yaW6
z8TDJD_R3;DrioF*KD_Br)A+$eF|0o^4iK3iQ1TP7f-z{GF@(U_H$?zsG5|!m_Aey?
zE|37{Uq1mf7`&oDNmY*0_h??GDXi!WR#c3W&aUn)Em>UF3i)Ul%0ODA80WG)4Cn*(
z0^Wb(9ce~ib69|gI)gMO>0co}Q&hqE_zvBF#~tiFpmA7!4Qy-p8GlT;i$UZlvhwG3
zV<{lTvy@PX8H3pn<T)0iVSB#yB_zbR#;lpQTk9u_puW8m<72`90X1hS&h+>$LgN?v
z;G!60$o$?(!I&L4GGNVB5P(T9AT7O(9^@ir+%BD<#4N-$Qn(Vvgwsyw)3IoxxtR0#
z$pQP*bbJ;5OGB)mShPX7QF&Ikes61g;VNF=3IQ~z>>TLVE;B1GR|tIWX)yRNq~79A
zgT~eI4g(x)`Xp>O*MVN&FVfZQf~S6~Nb(E}V$=_kF^bbU%WjLHKz}}N2me7#tlOb<
zgoxx3##y(_>;Vg^9qaFCpJglthi)&R+4_YOc+=}gql>F1%8DM!I&%1o+N~wXDEmep
zUd>}njVvP^Q<`xO3JcwBalUiTK?iMTR7)}6FmQ~dffh;iy0#}=1-thncb*2Fk2L&_
z0i5lCnqQusbaFaBE5k6Gr5h%#t+iWp#_yBu@c7k4%c0k!2-(AFHt1acScBAcBU1wG
z3TyD=u{~}k$O>Q0VE)SzRbzs^)M1fjaUO%@K=}Y*e%my5V^<539eSI}jbgZTo%PZ6
z;+SZi_4tkA7`X2VtAFQ(4b#|}U8z=c*lU0N&3wjNa54Ds^htlAl~IModRQ|3O?xv8
zECU<I5aJO>H^3A732aua7JQI=!?I!U5gG+94KL86JAw5@LB3bqITTps2YfgHE(mY^
zb${u=4;^hqz`#uiw==2Fa|wq=oUDQGD;rD_fHfROpcq5UVk1GQ(8&GpVhGj{N>EqE
zySsoc+|s=UDVSq43$p5Bsnz9Yh%o4xe~=C;>=H+X94G8}#eWaBN2e@sWzXJ&;=7i@
zA!;S?qd(>N$bA!`tToE25`yEmL6R=!)gt+%inc+-buVQ&=hCzW+xVb6d?@F0Cp-z+
z2%*^fSu^5x6$LbL^0eECCmI#hoPK~uhQ_8+qb+cw3jCiJAQ2w-f&<>u+_ToD_)TTf
zmyATOjKduIww2V)iRxRbcIq~YGc`NOYst4IvcJt_fBqe{&ZIXkq~G?hYx|m)jwt)7
zTe)fHhQSZ!A0cO5SOGFnZKNgx*0<&-B|~dEtasV-f=~64-=F2Z!KzaSQ{qwM5=Jkc
zA*(KfARGvq{B;?s$9b;n`^wHF=U8^}aen$$FV{_O4_7O%rJu?TtgT9pr7WRvMoV9V
zhT+U;8z*z3B#`#m3l6_1`!{tU8u6h{S!%K2=83j!>T5|zXJ#*m=6AhCCo!xNr~2xI
z$R&UaoCTbif?b*H(}ncLB}%qdB--W3ipQ#r*g!xHn2z`%C+gJ4iNgXP-EWCgtEA)w
z(*@INWzqGL$MU1!MALD{7wy>D{F(hSf#0;ui1nD;lp;TmoYIb+cB&a_ZS4D)7IEx;
zVK+P#Z0|Cl55?#_)CjH_DQE@~CsX)^boJ!8u8Q>bpZeH8%wkX^t`U#1s~o~>OcNVi
zPz!iDaJuRlnciLzfi33<D!^+R=b=p6oFgj01W7ahkpoxzK7|q-{2GX<)%&mDI_6mS
zNTYn~Z13B5+DPYJ*n7{)@rtu8<L<B>7Q|^T$qtwKP1w*cp%oX|2sV6<g~V0GLSi>+
z_`TkNOI!aivFlaz8F?(HVfLL&NUFr?AgWWGm_Z^D756o<NT<nf9qdJgROPCc;>Hy|
zG-Xg+=h$><4y^`$X?@73T)4?qu<cyIW*JTuUHUw8nMSC?jrR9Ukfas)YgwvtvtzW?
z$h4GrWwXL`1ov{}nB&v-LHm38R7yKc5my3|63(BJjgBEaDXWRu-M+Mz>cuCsJ(#{r
z@&hE>%P<D5tnq7h8^9C^b%`C1q7{1ZGcJo#C*eNPi>wEWE3etl@tZvyOpR6#4qdLF
z!aR&$#ryfAwHeE0xK+o@f>9Vq8(F`Kj~KLXxGgstL{+aKM)7y_JP=lROk;<VP}$(~
z!uXn?i=wWV*Rha#e9Nm<9-r&`da^bKvbEl601BR!0`+d>X~T&TWKt-!aA=HJ*b^{w
zY?+Srs%YtJqzq$7@+0&WX+y(FcHu@VhQS)VA%PA240F+?Nz&v#C>)Kq+h52>{q<0)
z!yi;yW*6)HjBT&0#IZ+H991Sb^X=xEwwhQplyza@n_Ry;T*Cpp8-_xEwu_m}rMk_^
zN~{a<rrFsB%Ts#KVf$A25A&S)pa7h|8>J_gSEiedN>9_7qf_=5<$yZSsr$Rq4;6NZ
z6o=U^Mt|!aD|?Lbw6qf2K0^2*=M+4Mt}D?ld|ojx<XO%rnD8g6>as@cqIQ%g3N^$5
z&r0nhn#I`v_5O-Ps@{s!UV>b)t1CAQZkh?Tzi1$;OhY7Gq0#d-^;48*$o5Jnqa^{+
zOVMtKno;n;%l*-$Y&Jq6c!j!oCs`XezER=m+ZQs~clnwgio|m1p@;>*0RXDfFz!;`
zO2wkEo+5m<(~LFRY6X~lIdOj>GCap(b=H4em6!Mq!E|yuClnc5L&sfn>|@2uCVH;3
zLH=&6fHFzba-zy6_B{7AIXc?ZUVz;0=J-o9lMVE&NQt82fi6ea<cKAaQerj}2h$XB
z6}z?!y@}IEZ68{^JZ*4lX-1G7pn`R;SE0MN<uSv*r6Do0vRHckt9{w9&=N&u^fHl}
zLbB|s$*W~?)$tB?#Qs4{v1^n)e|Ywt=5Z5mL4amP;1I&CjwrhCee9XFgK?4D>>M2$
zJ2^AIvqB7{j*Jy~GSX%!+c438ki~|ARYZ0d+>Asq0D1RlrQorstQ6{_e+HJb8_&63
zkvBct;X{!Q;6%HS&a<S>K)jxk?*<0Psn(HVkE=Ru<8Z~V0@|lkU^i`ab|QknyvA6_
z0$Y@wMcfos@sHI4aB_-1Yr4JG^GQ=HC$dxVbJbj351OhPH!BrT|DG+AqGm0>8ut-Z
zH9}uWoIzd&1Q2?b;0uasb!GhZm%DtS;CebPu(V7CRGqu6(yC!%RvEG{k{$uGC;smF
z-bSVxKph=Q`<s-OiVD2km3l{_<WwyHBh;<=J!6|jLuZjC>IezbEP^aa&;!K63B&~t
zZg`%tB708_+cX;?O5=UNu-R*Wq)i{tQ|7JlYiU}M8m{4uEF&dkO&7~#1D@b41R;l}
z5{kA)t+32RS$(69Bq(h6*GH?f7zy~b?nZ^{Ps!4Hn^}m2ZH4vflSHboUm_EQp|M+L
z%Y2uB>)<BGwE|09%*}XDblu;;vaT(XES(Ee_%nI;M#$7DGgZNAA&U4!c`m*w#lPx5
z^QP&=BSx2IF3g99-1Zr@r{_PKMVca^b!y=_?VKk|j(*MOOtf2H6FaL;9md=`1!XdF
zyBmof`aB`3WMv@5F@$OUlJ~MHt0rGAu|#;3omE!=Ac~_q8;Sd=R6wMnCP8#P1PaTq
zrEF_PHYDD0Yn!p*EL~904Zqd^v#iB(1IrQj@(W2+@@&E*Y_Q|3C6#Byj8~)_)0{qS
zf#Lw<Eyvm{DM-Q-*<YsHIO>H<S?8^#hHxca(KzO;E0JO=(W;KjoY^U2v8wK^z;*g<
zCzu`P)0zFMOvatpz{9w}$GV42Iob6dO1h02(uUVvpH14asaWd?TzXb_&8-zW+@Drf
zX-7(2y;^(zaeS}T$IBg#>3k50T4+@a9%e4lD)oS&bWsjI_N$)j95Vm(M-e&{_CvZC
z5VD+atSm{KqOmMrQiDrH%~MIm0QKjWb3U9qcrFhewA^WcgIo_~YOOv)mPC_SW;j&<
zPHcL(DHo`B1*rc+D3*edUZk0+0w+F6@B9WD+p4;$ysq?pudQ@%xU-e(qd$$v2J4Ey
zvR(ad9Kg=NmsLi0pS^_sIz0(lOTUW&kdId5^=+@Iei=?OsvU8f8)!WdT5LQ1z3-8H
zdUD_auUQVu(~<jQ#%Wg7WY+`!{9K=hjWLCP;s-B;bUiH3McQvYqyt}QxXAEj`gIMY
z6JK;5ez=1iVa$?f;J>u)IYDk(&<DQQB5oX!_0`^5jtm`aEo+OUFQjYovO13P^Em*Y
zz}(<dJi@J`2Pc8tv@zuoCEx+QjfP00(bcsGwVZ?6KZBC14Wv@42{8%c6tC-XsdN^z
zi=>m4lE2!>G&n3xb{3L{U28MXQDQ(crw@u7Cm6G2ZC+l-e0?L{a!xSW_2i^+pWC4o
zLooB9V=iHr7fqjaSvrn{txTcvElQyd=@^#f3>KiX`vG#-B_&M=dre{qAb_@9nsJn-
zPJyfk%Z-j=#H$U9B)7K~tkzcdcB_`9G}aVAVf+%i>f`r%gkwJ>d8q!DjB@bMrj9Gx
zMP^A(086BVn|vnVMeGvF;dclMo%(G)kJ00!f9SK_xaC1M8?n@h_~u<qJioy?W|z~j
z?9uH{T@ms;nUkPQ=yO#w#CebDf=&_pApQ^dMc1rWA;!*CB7LArUgWY<igY<~!HRJU
zXVf3DJU+2O%BJhuxt{BlyGP1CA>lc`_I%2w1j&{xI?uq})5<0c-m%QG#?UOvwH*bT
zk59FGu_0G=vh7BDs-Q48=4GZOhq>YziHSiA{E-N%P?jS()+vOFLFuY+y39Qmycr8h
z4Rckgq|nRr^>^2)%ik+|$?l~FgMrkX7`GPEC4iQVq*tP4MU@<T#>%;|aBNlVkGR;P
z9b5L`wR5Sr)9+#WK8v%)=S&urNiW&9l0sYMEIJ=Xd?uXon15VNwAcgkSyyy+$3&y|
zD`$5x!f13JB`*c3m|v<vLe4)1AFKpN4yYehEL;TuFgEF=*Em_s)L1K%UgmQdTQ8;8
zcwfv!ekIqioM#(rLDngjc2235yp2C)=t^1Q@RSa;lMbvgUX!+y)VKX->?WNm>7+dp
z&DFGvq@CM9;oC?O;C<itx7_VpPm?yzFci7^mUb--^z(z4jIjTSb2L0WyZS23qk1S`
zDK+WHKZ><>G7e=8xJo(u8CNYjv{%v=RzSU;{pwX0C_fOlpB3KxbK9_M9)n(K#sP09
zy7RZq)8}5K9F97JGmn!%+m@G+B@aAQj>#OMSkzf#6xmY$TKMCr``RVPM89#OwSYsI
zapK-?e9eusk0E#RPiHwip{+GmU|k9Kf$t!Q?7+;DQ-P8zKZ{{xstYD6FHI#{M4lRH
zpss~kNINmodHEo)BAFB*g;GT|ElVv=I(9amvcr@lN?duLkd5q?jSOB%dH<3<Gw}mW
z5?eyq@R5}aTvFLEo>fajlZ_0zhYD+=B-mFrLU}Ve+C!Q7Sa$3e2U)D6a=~a*D5*(F
zLWq1)bQn1kDI3%kTf|<eBrLhCkg}{0zpN0=_ozxLPFYU*0Yl1aE}8Y7N(`k<nMfEJ
zEdSllx4T#>5H+!}B$XPfw=A(Ygc@pG0@pv4{H(Cp8nOE`d}4=NM|za?nTX+lvm~hi
z8Bxo^Sd;3R=}zDUwM=+>4~w5TA9l$CGtFld)rmF-b}{X2>6#Ln@+bvY=ynPB6oqA3
zWIH24UX__0*iB(Py4lK(P8;RXR2x52*$-x!uB5@!@5zoXRn9EhMi)z%q*Emr*4qa$
zeU6s3+Q+wGk-dMI?dNj&RTZ98H%hGldll)erjQZLqA-><)w%?YGig|(XsQu3t2SV3
z6{=6keuJ_7XjZPP4)5f<oB@lqUar{Kll)Pg5Jx_SlZ-FH=J;I~F#<_(V~k{Vbe-Fz
z1gx569lm%}y5N%Q#}cgG$+mX1c^m;c4YvGCQDW6*b#<%G(PlNYEyUaDkFKy@7=!Te
z0}o%j4g5#gNvi>R0Th|E&GhQJ?6YY0&>-_h$h!{(iv;{eIa<5(2H#!>EY=ka&1KHE
z^!-EAz$81!2f(ZbR-#~>KLxXj1c*)%xwkmt2}!<}iZxa_wKIoPu9+!gi4n*&78_{5
z`<=rwBxJ0m!toz;bnO>b_Yxzb3_v-lL;oQ?8S0Rk+jFoOdznk>dv<F58LhkSStVJw
zS3&;CBvXwxYq)5M`6#3UAyiLY<>9EMStV!#Ih8AIag)Zcv<Pvf<Wz={y$y1r<3G6?
zm<bq`__DoF#rDA(2+I1m7~`$^Qp+~ePy|HC;Y8HN&gJT2aG|dea<jLApMLeW8i9WN
zRz4A0YhA321zR8s4QuhwBh=|Pa}<2)qV4TgcALPj8*1JBwC*1XrmuY0?S%B6xWN~)
zRq@x9$$<D>g6u&o`%oeSgy~S8QhlJm3;r-ZMpTb43MXN`t%?yCBL0Q9CsNXO2Wa2P
z@N4UKhMsWod1DVr+G-j)TlZ3S-`Ue)*urkCVAfbo91BxxxT;4ZVZWiBMCC-4CRP}m
zB|k6ob$IZIuvLhh?oL<Rdp?rCJ7HS57sHkk$<wO-CYWH&l`KX%tSYIXIYS+)0s>TN
z2Il-75kTBKt}Y#7*Gn+Cp^A0N8qc=d3Z)IiVb!?nf^AX2SFo(GiRfb>wJSpY)&gl=
z9D?2DS9-4I;*yT7m#5Z@y6NRA;p?6SGp>+3yFuL1D?1CLgZ40>fHBZz#_F(CmOC8d
zeH3AG?3_?!c5BOGfvq7I+7C?C(HM*m*{Kz_-=smC_*Xz)XHmkc55m*^vn(!(!2un}
z1cVs0WRav<sXn~*?wbzGPFc9ZW+BF!Y%VubYS0-Lr&xs67`U8Rs!aiQ?Yw-}TE)M4
zQWGGAzh7r~g(UiJGVCk9g2jhA=^$*4Xx#=qY(g!iTIsTzL>xaC5Q-{THO4xtD}?%$
zc7W`$dE6}(HDCL!2&^rX3_<3i6pTPD7<AH5r=jlt;VsPw?0}VfG>+FeO0b({%Sm7Y
zLebllG*ThdKvGDmKhPX1Fx7g^d|&Ip8fOOY&E45sq{U>oL+#&TktF>&xb#9S;OG!`
z*b`PzfI_XrxF}W{hVr5)A)7wz!02HV>`_arU67iGNxd3vDSvxVng;9hwg9^DPO@qP
z{VHFrDFG~9?GC;#*WZmcK`wL2{Tw$?(^thrN_KVT`Q%6*?ZqEvl}dDZAv6Wf%LHWQ
zy)+pF3Olf6;ofz)>4_{qT8?5b{Y&N%S6ct(mLi?Q&iOIv7~7hISOt|`SOnwsOZ!SO
z(c90{N?i(0?sX-jjdwZ$RI)9Cef8x9wWrRCL&j9pla_Wn**O47MZGE&1v8OM**QQ9
zS$qfsDsuq=8etCn#Uy~*s7Uci&c5)YM-8TuudILOX@;GhL1diXDlr%Cpctpl8VqG9
zD0*2-XX+Va;t2Pi-Ax=_Yv2(E6*X>@R_T_A+SKB}#*>e*W*{)1_dhbb_!-n=sAfV{
zVB7%&>p%EDZ5uuJ^p0|xJPkY#vu)Uf`5N4IKb?L)HLb2WSrX%VEX@3#<NfQKm!vG9
z>wf?nv^%ksOU&)ZzG?>M`gv)%MVHWNG}){<=?hzJ)1EWhR1D_Bh%<!DmxuC>hrk5=
z;D~tnG!(bgj#1r;F}|kA)#^c&XC#miI~Gj$2lY>-*LQ+PtyyNr=`R-MZjVKcJASG`
zbWUi|4D+zH{2VDxV>8a)rok&b4|mZ`0%oHS)=AqAG>Ny@iMK^`v5$XPIOrcY{Wm_k
z#g4c3H*8$gk;YS0X^m`Q=Gf_(5$BOdpB?Qi?{kbt14ll)x`f`vEQ<huqj+r|N$OWu
z@4o8}c>Co&cd9V{QyW33`}S__0BjP=$95MLoa>fTVTtAH(A$JDhs)A{zQXF0Jp3U4
zh=}G2teIX>Q++%*;dg7?x8b|V(O<av{IR=D9Kud!-i`30L$D=WaiWViQQ=45y|S1m
zWVVov!O11`p`Ho}s~v13ljN3V@it<EBxo`z`Lpj2cb8#S**nl{;fS5uG^ho)jZQ-W
z$nXPrH*liliq&)LG!vhM$`GHa##j2+-V79Od?1r!!3hQS#er}o*1&!y3oBah+va1o
zH{J^;7VVRN)-X3m1o%Czs&z(g2WV#W>=8(y%Q%M$*QXqI8g;3h$DRN9d2AK+T=_eK
zt85feWaz_>7jv7wyScM#`Pr;%`8;=x>vn;x5J*6-x3>O7q)NjyxIldU>?D&auZRCM
zLHrf9zB^0)(L-mx`MV0U9T-j>9=nUfCza~g1_TCPYp0(yhC?itF7q*Pnebyy%;&^B
z-DTvRUzVse`0Bn;#Z{}IISeR#Ty=xMQ8fHH`YdU0<-;uwtb(I$X>P`K;6tOxA-N-d
z%u9GX5$uS+SfnRZ(hwd(7dLk_`=!7vve(iaiv(_TVi=lKH%;@-8G6_Xa%n|bQAe=8
zmZvH7B7JR%fhGfHMqa{Gf4@+OusQaQRy*nu0%1%Fc+Z)q5w)$1Z0;XZeYt_0E^w<(
zf+ac8=BqxkU3aqzx~*26Ju%<`ckIo0zH3)z`=kJ=@{)UoBIbEaqU*s&q}aLw>)Yt0
zES#GOVVY|SdWn+V%#B>5N)?~oO!U84^L2N&oDEEfh634R*%0i1dD6z?q=`#UNMi(r
zVuIL*y@_($27#SlABRk?;ZRxwMB`hhmlz>1@*-dCF7KAG34vW?@p(6x(7K*3-AQUw
zK$>?9v>KWJI#6tr_K^~qCmuVJYV5mB&wu4qVU_Q@qx)lvnHp<Jhqn|pr7nptnOvb5
z+_3$EWw%)lwRweSmv-Q+g=tY^i5R)x@UZyJO%5VG@QET|2{*?!+vZURcia5K-qy1r
zYv0O3?rw^`t!$ThFvtyyhXvR|+?wtrNkYW@KvOcD7uLc44*@X?$y=myAzj(sF5Q`;
zmnNg^w)ZdDG`Nt7tpJIzuuh%71hHhAYVd49LhH9E3WXEAg}s@>rrMS#<0$vC^u?h=
zlqtwQ&|D~SNxAfq;(MNCl54;aVY%j>K(Fl=hZm-!rD#MuO~Ky0gnDsM$5iooGyPa!
zuRkUOv+`UTsw=`9=1%RnJ=>Taz_7!9;(AW<rqwU8^RuNL`1)kDMI2t!X5R?STNb8A
zWO|5lnPsKmq;)AgGJT2e^8&Qo>{I41P2HPX4QyYGiUWwWKu2(cB%BkaIJSY$gK)ln
zY?e9$oV+;1c(fSu!AmPuLpK!Tv?`|KxbNDmmWWa%*;(qzkdtkVjG|2sQhflH9_VWw
z*9&$=tJxEhkEFk?B2_yZrP3hgzmSg5AB}a8wQc(DrGC{9V;@!-8D6v3;F3L|<xE{h
zq@0f`X!4Lj+BM*Pcs0)XfEmp2k;nK5DCmA+tl-1nbpOfua2~Y@Dj)FI(A$i4dFZ{{
z)?atNLNxus%DRm#9?#xCk9I;6?o~8rP8lNuyh#f$O)t}9-l5KFhilebH&ksi=~-$n
z&+^j4+Dj;oyBQB3upSM{#YF7(OsVgP2aZUI6ghICKcv7wmE(I!qK6X2(s}4XI0?Bg
zE(lV(Ig~IsYU%(K<zbWZG@fY)vdIiw>vAyJkKut02$*?bZmrLyu1U)`*|@ZRnlzL@
z>{7y5l&#IT9n>`&1jV(fQ!h6co`cbQ*{Ivam$Ld^Q|=DyLJUlt=z&bq4CyB-+7PCh
zdgC<~uS+8)Usvqye{_Rfz>~wP7jq6<ukordi|{msLPhQe1&xcUsP)ayaFQ%-8Wl~$
zi9ez2uCC*au)R(QCPS(s^5a9A`Uwhc_|Q=+EgiEp>D%7og6eb(O~RxW`fw~U;rhKZ
zn<sR$%Da{hubZ$hQ#I7trpHjl=x7bR9enPO3*$sUBnaqENHOlwh<%y(Y$73>iuylB
zB|#f!yBay9OC+A<HBD?x-OL|b07s_O`!UP3fapKa42DLiK6df241$PW<0+J!q07EK
zyRkmi{kkyfeR*}Ay?=iniVnW$5&v7v6_BJ1LHE6<8A6K&_8i^L<`s}u2t@8{X7RuR
zQ9eL0$bnS^Tk)#bu?&Cg?GcZw6XbcMb*T0MrsjGsZfJrpCgNwZ;$hVNR6*C(blt^?
zcVIYl|Nj6<K(@bIrSZDFxvkr+pUdd6fg{$(`K}#;0nN86NlELQ3&%6ZDUBs<`c7%%
zcml^HpnV*Kd9Sx0=-V)$%nP697F=rLSsp9i?TRii8i6;&!~<r^>)wEQ#V($xLt*v?
zMqB*i_9x2iRFg*DkmUC8u---Nk4PJ709#x1d&E#@Q!0&P+)1uoRG1`eekm=C5Jl8Q
z_qlIIFYyxUb~3EX>R`M{Qm3I>(~ZE**6X8>E;Slay*nOu5q&aZbd0g6<qW!4|LMNj
z?zqR}ynQU0-2qL)b{RhUyl8k)0v!U1QXwc!l|AHvar*vZ&O%&@AoFE4MB`gypN8Al
zv#EdSIHGLmlA%UV121=?6;c&hZcP(TY4C!+EL78HwaDYnV;!NB>GXK+!FGUoq96wt
zhExu8yIw$JPDnLSXQw=df;f*#?YHC$@XH);jGk=b+U{UB;&ua<NK16487;Tgt!vKh
zXIyI9&~w`IZ@u=tH{8o}Z@Q5khUTC4^9$dlU916Zy@5OLZHMm_<sK&clQ(n6KLJ5I
z&PV3>ue39aGzRL%d<$2G3}94Qo;%-wcDBW}-N3JRX7EfIGU4Oo2INm}H)Lc#Lo?VL
z?$%KLU<r5h4_smV=COSzgQ!i|Rt}|uXG@T08ZrB?YjbA+e3;d`pmd+Gs*rnJ9|%k<
z0{hVv@kMr!l}4ThQOEW|f@V1U24s401^<JsLi=ho1zX}90}EuRnX#A|WQ2pw7I;^<
zycI*{Ef1Nub!6VkK;~^LGH+|xaKKv@&SxNK>&+fh*Ra0%W)N|0G6<ok0mgm-jTs0W
zc1l&>8WNBpPqzaTJ{v@8W5VUb5=9c3&xvNBm(s_$$v`-4jI;DO2w^)6OhLDiY>?sW
zH(Ur?>j3Wc--fue0y<F0uJkO4&5F`<6Pv9wn1$Igwmb1)mY`5^NJAxjqYv(^G6Q<?
zV!C7a!kmu98y40MAa5YG*FK3~Wp`s*<Khlkc5`6`Q5el8lW#DX#Q2lkJYC)!<h${s
z_dv)6=o^t3Orj~V9M8q|C^GhlNRJ+4U2<a1-Y*b5Oo|<UQ{-=u33N?N4BilmTU#zB
zfe9lro=vBV3y-O194wN!&6c84-<YD*7@)w9_u~hGBwf^if=Q01o)7joBPw{&@sbmK
z8AnSJ^&O`02D@dx;hGHo1onu$ytO7teCnFAp|pR~Cv$AS!wk5XMUxJ<H|>a}$+H^)
z7U2eRv)uIUYgz5r0mGcFieA0U+}CX@qHD`JiO;_Sh_C45rW$2;FOrMjafGb!%6Y2C
z#uKm|xNwwWicH%AJq+(%a5nXPJ|eC-M-Z<Z?>Vsx$elS3J249{7<TxBzME6%6#ZuF
zb%RRojIsLmGsZ{c;HfHmgExfp+@j>g^MI-d21bRqQ9#8Pa~fBMFKDLq!aI)vA&x;p
zl1J<bu|p7|>{)(vV^bH3@`FvR0YJ(cR>ed^(8GOz-rAzP!3Xb}a*52ckgz27hCX!O
z2apB3!6UwmE4BBRF?1gWQJ1piCt^=}|LaC!&<vw-8<$^UZuf5H*Zvc{)EZOET=a&q
zIc?m`pZJlHJk`Un#e+K=UCC?zQ5<`;D>*Wtf*Ug)i%YRtFuvMz3^QF^VOBbZk3ixE
zB<94uMzeU^!(Tf$-W;%266hb;L|oqEuvRn>XYp?84&38gC-)*>k%kSm3C4!YQo+24
zDJh=%I^HwVzHRmt0_vwTH^{Mq@u!10Rk`YL{v8euZX}*k!fc>eeQ9H?e2uuBK@{*K
zvur>PC1Jr)k$zZcG}98}fxg8piBqC3SP;O3cNd|(DdN2`8mL}k1HXAV7DIt5(b!-r
zIOc2vPD8{Yo+!xvAxiTnmP-0$zOf_4#LaTMZycrjmgpY$O=HM234wZA0vx6LRU7G^
zS^OTq`%Rdqvv1T}KrV0$@CI0#ckGZ=xX;gS)H!ba=tj&>oO;3H=dya-;k~A4oa*u-
z)ebj%MPv<~+1Zq)?*&$T{hP#r%y5$-ng&#D@lV4SZ|2~Nk~guzrV4pppW31CKDci#
zYAP}USCo!dKG8m;P?cxGdz@0!<u8FDhEerwR~tPF4r<C|ZyT#7zOxpT#`1t3%F^@V
z4Z7fL2%>R!cZ=lRG`PYL{?ClgXwne=7jG0ChMk&(G3Vh{7B1Kfxr#3*^l@MzE24uz
zF(G#{cma=c%+^gYt~)ncbkoY~-tEC>P1V{0Ybx{%O&czFJV*eYvS0a7ZT%9#p3<r1
zFUSOJlF`y1EJV2G)zg)J#ZWLZrP25Q8ee+v=)?@B7^oRx(ken_2G1MhTQ|h~PoCnL
zGs&7)o;%0mqIs@W&xIMw7A8dP3Alf4Kill2T7{?@&wJz_u?;6awfL!q+^XWw(QaXP
z_lFFZYZ+vJUjd^GS!-{{hM^^3KoD44*0CYb1q7npfADPdZ{Mc-K>=K|X$^RXF`>Z~
z*D&artI)(?Hl3P*{TpChzG4`t{n^E%OXHpY?Vs)lS58)7?~vbDKIn=ra?2|Pdx9%K
zsFlUHhmAs$Ehr7W@3YAS(759}&BbU(3kU6AY8WGKfMJ^4)b~Ke_0YRvr3+P}^N)?b
zeE=Yx8zCTv-oRxkCX*g^JS3cIN1P}suYGodQFOLI%cT|`)yt1apTSc_?HGN_&R<0@
zz(#)uc0@Vx0BiKmb~w=d=wwkEH#Xel<p#M(UvUZ+uPF}ubh;tlRbYTr-tEl;eP-cv
zu)vt2NsW#zgRz88`(9`tt5ax)&rddf<I~KCLPBDEDj{()qVS0zY=6VHQfMB)XN@Ot
z{E)q1zVriX*-S%BM@7k4G_j;qme<x;USyuI2d(cQH-g2`1J1Cgrn76JXXSWiAXJ)9
zGdH20)A;i3gYgDVj7Hqdd34|S>8!R5;8|y6{ue)dqXc{l2xykk#&XV;E?~fG8u+GV
zM+;_=-%Uj{D~muH?t{#u0${Z20Y<YPU}*IKLp>Ob3PjI#6~96BfIdhYajOccb(2B)
zpq^A1d2A~l`WUN~BfR3Fp-s{DHElVyUACU*&^dKBq_eIGX1)@L>(Swh=Zp(~*ztK{
zB<s`XCu$V@R@KC!w@3>KiGyh+?gp*C2DIsp10XHyJ2IaOe%5&v?&Br@e8|7d;k*Hj
z-+N&51K-AUCPkfvG>E${hOmNfqglmM3`9w|O*zLb`(l~+(S2og2TV+VwnY92%vC<t
ztSuHTW(mP0&Mg>Y#57vubC9Zq3)gxHJXf4^zUokEP6A4CSO`lK*}Vl-TZ4ndE$-8p
z@<c7iw5KAYLNsag=NCSvBk`U>%63ytW)XcSZ>BBwQ1D+YDGM)Op-CVbCV+W-;<4-x
zHZnzLn{Lg*$eZ#3yi*z?Z=Ff`k-|%+*!}*zZ)2(U`2Z_fOW#upyw@n$UPIbmxR{Q-
zSg7P}lu*pzdEOvAbz<*q8m0A2#^9SUp&F9u?0}~9XM*)8R?QvImioNbPT_`BP&L3E
zjx%6XypCHj`Zse?xuU!F=rVW?4PZ<|k8JCeMhB4~wBdhqLV4}d14z)uatRJ4Q`7hH
zwL`{6)%e(?8hn9w4;Ul0@my+qO81%PHG))#CqR%p^kNKo8S8o9vW@Pm;W)M*+PNuD
z+d*h7TMfW|fO!fA%MIX&edM2dpKbO|Wyi4c?8HA=-v9Rn+cMLa)DBg!#u|LidWxKX
z`bxuaCb~ujFXNzZ?bI;~NR2rfj56E$gZ7>NZL-I~CBgsNWVeo6*K}&)dP>h_XE<TY
zAkB7bgcXFp9FGI6pWeS2VGWvFwB4pKJ@NPgea8khR$(5kL^M|-5VboE<Ocp|#Wi<V
zJi=gYBdq&(p<!FAQrB#;-2{TrFvQ$L)S8&$fvRCX4m}dieBTS0Ql!oVSJnu4>(A_k
zu^5rv@-6Qao$af*XW#PUK^PmgHb?HH^FX;b7bD8I5utl^N8RV>CDmShLRHZ=y9~Mm
z!D4NE2N@lE39H$;M|*-|7+3>$;2_YHB*oV0v{OTEUY_aAV+(v(SLLAQnyfj)wY>3i
z7t&t%v3A6PetWmVkz<>p>}bYMb4au`+J{mUj57F`nF9v`_R|e5&p&kXG+0}An3s+X
z4Q7)=XvXKwVSL`=rNA(ka54#LbO4=RlY@7+!O7S(;}T<bD4Bn{|IWabpV$YEn&5y(
zm&)heK9l(B*M9_T!2zt<Ns+9N)g=!n8t&g1BU2qlG>zj46k~^@9wezc2?-j9*OTq#
zE)#5!R}Zu4hz4n}c58=Eoq;zCtOIGKzkZ+DPGmEkwfoHBfEe#S+7#=8a}SjOBz7W+
zR4Lw2v%$jy$lty2()HZM)SHE@e4fut$wbRj1AJe2MMSXnm;s!_z#l3@=OZ1lP%c)T
zJ5*%&Jh++Rj@>v-Z3^QCrzecD=gbckX`LmiS7sRTV&406&1;P4?!3zZxwg?fp4zS{
z4xn2BvI?<*j`FM>isz(#Q4yGnqn#esI^L%xRf$U`vv>em)f3qRst&Ioz*7?0-mfr!
z_r*r2)R~K$roh)e9IR%0)fk2Y*FqpWwhi;@+PlQDLwA7}C!KOHwt45h-Qn1>$F0ka
z0haYvo8VOry_-0o*`FWW=31^J`xI=o*A4Ye)}iWLd8Pxto-{7dWgu;wBb#<PbmNG9
zVtdP`aQ}v;RE)g-_FRgaEB66LRhA*0<i@@Iz)@RM^PTT9#f_tfH>haz-Hu?6lkvoi
z%#ABC8^CI!E6)6Mm;mMo&#UG@U5sbEoJ!%9A@vnR99U_K2hemyizdY145(G`6P?>g
z+_w3Nr!e&g;h1rvA{t|N3od8H0NmSFP!#IKM~-6~7szRa3sp4k%~v{vFHlrG&S@}-
zGixKAtx9-GgY6pkJs2~VkJu!?R7DLJVMN)6XzP^~)9l1U)N=+=i~a1~If{Y*^HS=(
z21S!K7c+onS<!EOOe52Fl!j%`ZN5kWJ>3wc5mMYI%T~L10|x1`?{O*_{n3Sq)mB;L
zCbUd{b;wl#vRQ<E12Wg4ZqYTkD}#O06X5TVoHojJsM8|r^{0z=hprW@6r%FCf4VdU
zSr4mAV(@R;ACms9S&*Hf_rK|A0IFvfAmF<{={qxO?x<_Cqvw}ZJy<E=!o$MNlb(xP
z<)g(TSaNvCq%~-gez6iJg~nba*zyd_-kq&93>z1bpd*dg{b7Ujiw)OW!QUyJ#$}v2
zoc3f@XLD*s)(hX?jnbm<D!1CY_ApBndWe(dzJt8RMfKi4eO6O6wSSoJ9%j{>XD$d*
z7gOfQa+5G-&+%pWK?|e7{~Qd&v^pT}+I{bhRgIbETJURv{|*ePnLk8G@Pr4DkH5gq
zMcKwmtRK*d`F>C<PARZBrNF{YP8G=>rGS-f@IVOvDW#QZY1CTg#$;Q>EF8-etLg!6
zWpl)`I$nZqw)wL-T1Vqb80_vM+_ndB%?|Idk|4MkY5B9A9ILxd{8eECeSOojLfT;L
zT=jp3``11#0%=p>SbFHAItVkSQv5rkuC>?+WmS>3aR337?gMWTsBp7vZ*OW8+aays
zawtDZYS_ERtyjxTliWa2`7M;r4Xdr}br_8mG=(Oj1_VXhc^F!K(+&#ztZEaNRPVvK
zjy%`4uF!@?H)Y>YM3+sK^~|GJy3<5iYqP!HoG)%bv-`E!V$Qf3(R4Z!p52X!CG-7S
zZ6@Ga_tU}fz|vA<YhgK*c`8icf}4Q9S+dj)Vz)7-;AFAgw%9my>%9@Uhnb|5r!t~`
zC~VbfKlukkkEfX~58g_rVuCBtWEHh;rqRSPpTmo#14JCAq_D@;y@~x!H`Y<j`d@3C
z)|oxsP{*5A4Ysz@eifTC_ih24iW|h`zkrok>r9}ztPY+pKeHXId`ArhNc-pTil5hF
zbY_vo+RT?k`!=@&eCuus3KvBG9+Uf637ZuGrg(1`X!mJ+-?kGinf|5{LEEXSYV2&%
zCA6kLq+#^vItx}>3!l*q3aq5|6O1=W&$n&H+g4(!uLEj@eH#299>ID@JJ;r-gm#**
zpqZi<zB+xt{MC8ZRts0!u=0%_{eFQv*d9hrNSrnziWUUD8@Sz=xi+Y9jFRS@EiLI*
z!-2yC$N179icBqDGZ^!8s#)&(6CSzoUzXah#^a5jX?LDEHt_U6R=B!L?uj@|8or3S
z<kDS`u^E~0M*X2z8UX&(bj@cx%RC7_G;l+p^$xk`kBJvoslLc9g|(euI+$*?hQk5v
zsmjgFdI@c_%qB%nyQIn94&0rkIvW!t`~K5SLcWd5AA2>pp~To;4YHg-V?!d~eyt8(
zZJ(XR_;6cVqwQZ}gUkLD$l;%ZhAFR2F;e^CpVMe5B#_R^14$rn^FR_v8%>cQr)t{%
zqHa)fdwasSNzUyF;zrR~zJT8w$_-7HB;XTXmpw`p|0&L<aqD;X=&BR1yNQwq@+B~B
zeF@Cy;)b`#Csuf(?#=gQ_b0{uq?qr=rO?DHWj*ZHx7~NJjCO(peJ`}%4{|#AqFJ1Q
zdTZg<Ddzy6fhQGVa0k)j=iaJBY2g<C_aO$=Sh3^%y@_~TP(a(aFP7dH3E6BfOb>-M
zzd9s%J(WT1m%K5tuJ3}00Q3Vo@vhvgsXtIiaa+C%wmdWFS;1+MVzTLo1@T&51Waee
zqiqKsvLm{AQlF^kykDE0YwyW?!z!iyzSYNN(cgQvq%>ZK0niQ4dfgWqrNL7{4#5ae
z;=>THk0Ww?lQR}ErE?mvt(CxAINtk?MN9MoZQigE0qrSbSMtsneJ?_SML+(qzIhkJ
zzaLxb1$~M0=Ga*g|9x1e$TN+^8(0^P|H7|WRFZvjr#1<Bet#EdWuvQ#!3=liD_z33
zP!h1>L%5HJp7z0~6?cvJgA13w#r`cnvtoVP6OwqvxZs%(xTQ_@`km64fXB&e&9CB`
zk8lg`TsV>P2NtTg=Hi45c9=jaTZKh>Sq*ts(Vi!zScY+JKRpacixrmd-3|%c6Use_
zf{k3yc56j>!zxQMSVoCP;x?}BT^d1H<gFx+*;s3=3#}+R@n-OS$k*c)RgjZy1IDxN
z@hB-7j;uB)*3}UxC%?t9flojw&4R$gV0UP2fTJ_BLJh%4b#!enJ8BRBkRNuH>8D7$
zy`sn^`b6aNaFcbWXfcxjNk`sP9L_aQH6My<u|*neGw5wM4WJ-{Ad0;UfDH~?h*cQy
zw2@nO+6eqNy|#A&s4z9ttg;iZ9S$pYb{$sCnX>-xI&6l)I2spNHXveID%St|e~ot`
zUQxXh!p$+YK`<K~Pn%-(2z<}6t%ZVTptxW&kkM;|8T1W8CT7SkFVG|SBaD!Dy$e=S
zmL-J2HJO^W%b!O~m}8k!csMov_-E*N5j%+FnWamigcL`gpn@T6MUt>HKE8F-wjy2|
zkKiRNE&xym_MAuYRzH_#rLb3kP&0>y@R7Kt(+hs2%Ib^oVuHdy(Hgm9We|wgZ0UG0
zbH!y_OI~W7M)I=NRFapv-dZ)(ZnTrn+THF2A-LxftWZLjV}+-}AdJ8g@Py(q>?DSn
z5P>}WGXeBjHCA@U340Z27SbRR*y5H?@sl6?5>t-fL-X%~EeV1eYv@ZDJ4zCpj;daa
z_)d|Sh|6nsnhjjTeR04CG^KWQ(T#ZRTRg5IE(cLIvQsmJZW~Io72|`e^6-fL1>V4g
zQaVmPj7Qypx5gf@COcY@gfBp|i};G`;pB5@=>llWkJy1vQCsseYN&URsV<1?5DVrH
z5_%TmQVQOHx%3RiFM1jg9?yA!|16tHy@Dwv(AqR)w^@1@!OX7pYjSr*u7>~DHzfBT
ze%>2Ty(`I+Veek{!PVp4-Q`gB<o@x&7+ya8pX`w_7+n4^29ihp%f9g>1ME`T{pI!b
z6Er4+*SItKe*z5B{x1hVpNxCsVJLapyN3I{o8Hysu=n`D2yO<}i#<n*<1f4e<AXo3
zU;zBY^%RsOcx%E&Q+&ayDPN2&8|=ggI2~H>oml|lghHnmf#*dROt9dr!fbwiWleoP
zC%PS_m6!%?5IZ;t;ca-N>hT3I^>2!IlG7TdQ&SZ9VMn{++~!pY;LWxweS}Yx<s4MB
zRyWb0s;JuXnW{CD6I9hS<$@j3$KlpN`k)*ednkATZ9c_et~D6RISmPa95NzL!)Hw1
z60dgKjqXZdC5h0{F8Bms6Cd7ZCIY))Chx`6eCJ}FB?7Z;R|I^>^bL3^bz|9=-foEY
zMVsvGrmmtVWpBHsiGdW8nZEnq*tuYS;Q8Owi^amnE*A?np14U7ezS9j;4gZj>|uZ}
z1`59Y>_r}bBz`gFC_4EAn@84}n*sa_zU>8b#ZUyq<DsJ-d!{J{=&XhkMsgbRPuO4b
zW`nqnrhaVd`S3Agqjsm$zVKfbh&kNCYaN9bb>}GS-8nm?DQ>vcyl_zc!hJj7$|~+&
z*MxFo^D9hhoJLY}wVLgO*iUj?M{h2lbW=>wZM83~cas2N-|Z9~nkfpj;=)$^6s-wy
znC=fq<dLcG#z&C_Sg@CQ?E#Hu0eD;^I|_kcHBA@iZ?P{|w-tWd;rDqKegceE>moFv
zv5DnI!NtEbJ4$koj=F(=vl<~K1-aHt3~iEHYFABMHQVZHmMAI~B*G&<Jn>`cA79ws
z#B#ilCSXi-p)^yHqm`Q4tz`F25J=G0#F>RJysh}76#OcG4FpV>q>7S4G1;f8u@7)A
zuQi*3Md{#M%w0>gtEWi9-T{F-rjDH)6Ft>mI|(idGaINA%}29I65wR#N+ZdEO<jRc
zW?&>oRtn-yCwb9IVXViWyrsVZ0}M#DelyiMjKUk3w4TqbR}*y01jhFb>w3-nn2+C3
z0P<Is^CsC!tCgBWDm?2w6806`9P@1_WQyWb`T%z$^T#*}_Ly=rh>B7Q_}g^eOpqO}
zhlUc~z<{m8YGvRRSmE&R%ne`cNrXQ^4dEa0#w6z7CG#f-4aON+YK`8Y2180;)3i&D
zZYRxl>cu=1<z?|3z!RpjOFXgbhPQ^t9!??(7GRnkTS-<^8x7`D5VqM0U*xtk_y{2@
zT(Z;%oY4Fj3~YTeNfL93teP_6RXv5fnrH(zCoYGH-Fgp!t=v?r>yPjzo49cV>LQrA
zWa1|=QZHEDH85C7Eazi}Z>`vla~+uAxc`9p1sAciz^s@tWwtZnFN6$~WxJrKrpZ1#
z3Hc9de<hR}N^0O5os^JLnk#PsER)n^Q9B9M*GxZawiAX$x4RO8twuN5UrT8x>EBZI
zRhyu)QqMGP<z2P3bTh5?>Y1*k>^WW2w5;dFb=uPFLfVP(0>`U}pOzRF_#%wP$OYk&
z*V!de#rWbhhl$KGQ;3>+MUlOtq+V&rUTLh(p7L-j&XlRf=*=S_8sG!4xm-%oMS}M%
z4_S@*>k)VCL;7#(0%ZyFz2I&5kA-KaBT&9fUcOoIYdT{0LUuFczun~p{Ohup#Kp2p
z_zgGF_(b>sJPZGwjxMIJZ1<kWEkU+w;juNEi|99=$>^~|MrTp-Ha8|2`=eP9{k~v3
zuHXmr2%_I4V16sVi@$ke2^}3KGiSebI$d47k}|oJR!So)Ej?+L>q+KQwa&_%SAnBb
zdL3-2=(mUx$EzdJ@39?xYjr@*@n-;%7ylg7dHi#VM8O?Y!pCI4mg`IW8kp7(FPL9t
zkKaSSQp6%Ch?Y;S3#0-WhhUgZ_;27V{0+pMFsgH*y1ZPH3Px`A0tMa2one-M4VUbQ
zRvUO;7`JFvAYKW*(oM+{6-_u1&LBkm7U$VANbwrLz>ya&LAwK1?9|0tTqIx=WT9g=
z*vP){NSqW4%{ksPHxpTr)U;r2Utp{$xteit=RFV2XZ(Z30514421OuTYDM624p>WA
zUW`37E!(l91^W)jjeqaWaK$p|*ifs{P6*j{;sVXiD5U7U;*1EWH3Me708<KZ_ZB3+
z0r&wf=-h_P0fLF@;E6aZw}Gt)vZYcc?!jh85iP3X@i-&iYj!W<bAA6XBTy}`i7{$l
z;Ei}$gZQ53q-?>J)<~LMO1A}VhJVE7E=op`n=S-pAt9RmOeTHf;-3Y-=QS)aZYH7u
zTwNpECZ0`%G(>dpY%IR2v>GI|71Iyn$XfhPGv&B9afl1X_c)x(YOw&xs&ecLb-=B-
zm`}Lz1k)oqTAH4kQ7OY0jP0@WM_k~|6GuPeJ|Jp>zXcO@WhyBb<AqDWHS)i8Ti{fH
zt%zJl(ZvM+H-x)j#X@r||AX0|V+Ust{}nE##AmTny1c=EFoxiP*JZ5t>JN5;I%9Tp
z)NQ1KH${21b|)G+t2>}2Qg6UDKEL{73L-8tg9XkC56qppX*<l3hmJt&n9Oa#U!d1O
z&xl`dcm(wGA1j-5WdnBDlPQ?jSW+gQY$NVZ3WFv^_zwR<V6}Wn2ff2JDn3bBnJ}QC
zWxDB(6;)3Lg22ee5kcVwuQ7-ITUWtQ3<kEq!UKN*tz{fr&o{>y@)<cMp4$7H1|AKW
zd&Lajln_qEp;PXm4$8{*-b7nqLhw`4g%!hsUSI?-FL0l7__DnGXEp`Z6OJ8mf;s;|
z#vTw3?oLH?U;N_t!KQH7T~IDdb0MI(7Ms=`Dc)`>Ov1c~d20sGpa<<Kk8BBR*yA%C
zcL9A<nkx8_ELb}U@k(uo;28W=69bltktjNdJLGx3)5H^JSo5vS-L~FkJ`{UM-Y?K&
zo8ZA;WEwu>X8|4w&NOAf?G%jAH80>P{^;T>OUG;Mpic&d4HD7=^#wwo+Ta}FTT?r<
z#7q3}>iL*+?S+qPH844~hKetWL;sM1GuK7m5EUFQ<V-{%bS!Y=gTVzniE*b3oMqs!
z1D#yZKcNq%SjcYTOvAq+e}Juv;lrhcC_dl)0s+Utd;_Jyp<Sr}JaS_->)}oINE~*j
zG&Bs!!28MgKLd)d1i17KA4ehDiD=?}>nNaeLN0e0AFbFZ6q1JB=H0~iK@_pOD5K(g
z^Z4d`c^BIXktIAHTbr0u+gW_;=l~_V!6r9cwl7TJp^gql9;Y`3e%KEZpLOnAv55-5
z*fy*SH#BhxB)srYJqKXOz*O^KQ1F)yvKf>F*6C#G>HS+<Z#DT%Kl1pJnE0(-*b{s)
z<oZfntgILy*_g6m1Y%^)-WlKEf(#Z<xA0tVEG>xd#iw0)e0RR6o6D32BaelS<Jb`_
z&ckO@P--_%m-hxS9<G^k_5;c^i;3qT@P$9Pi=si?qV5=O{CN0Dj6cP<e_lVqEtnuC
zv3)Rr#aCk4^6}<oU<}Fd^81}ZQt$Dm(mnEfiT+{`GVf%;<og*=e=K}Va3Z4xO55HW
zTX5Z!;M+lS0)!0>66r9QAj6hTVd#7OT(TQbKUm5A-t_xyEw$IbebAph@7bXpcDy|}
zj!Nssrp|a(w$*qTv`7ct9hlC6_7A8u%$J3CmPZ(1qLpE=J)JssVEo$~bjaM$*aa2~
zQH_6%f!P~Gns3@c?-m~OvkGFo22q<3>-}9(x{L$__^I~>6zSSr?gMDJy2bl@Td(W!
zhD|9VUpa%4a?j&2chG>+8PI@xSVQlTw{7$XEYD^A!!*{K(wk0aEG&=f((J^XN0)jN
zMht9wNsueW=<_No8EV=rArFt3L&0Y-g(dW_6ogf>+~0OU`3^;fhk{A^0x^CRylQ)R
z2;i8GdoEar1A!YmZnn+tKe8ns@n9pyO2cCZTmX(%Q+c93R_hus@lKEb26V-FS#9wy
zOz}sS(!>)4q^YBs$|9Ws?%a>qF?<cu{l2(#7g%1ArE+!oUIjl|>`(*7P&(q=zM*#&
zPafb-9k50ILiRNAU&DZZSaOKvU;-jL)@(R$5LeX*PS`H*&=xQ=%F5UintO{`R4gnL
z=G-vtju`@O#ImFZ5!MD^5&*u~&XsCw$(6v^bK6RAp&AcMTRch(%sLxx=ts9gz{OYE
zAUM(kueQWb8c!-V#K>z)mTa?wv}nK!*=8oEl;e~R)-+t}t8-1EnJEmFILQR7HJY5M
zu*#-{m%1aiB#9z$5Q6Xlr59pB9vs{d*Z@ExY!ylDhz6Smt4N_Qw9M9%kw$4e(TT%r
zqOX|0vBvievYNg6>I2;LJ~iWywADv_&vQ806irO*IQNz3<Y$B=OlB@5y`n;rPdjJ`
z4ba^`*Fo{ZR|bfbC*V}D=~?2?+ek{K&JFkO1~d}+m|?z<PLNd5f6yqFIXyShH9^nz
zQr_iB*BCuPCq+#Pg#3xA=q%}m8CU4Hc@uVc>U1;9@(I{oO+eO5nr#smK1EO&%4bGe
z0Tzb2K?ZSpk+BU_l_`cLR8KVYVb)NBVI@TYa^Hj7ik2-Op8R$iSKf4Lx??=toaOLN
zOpB`BUoihC3#NCl$*||HMkN$X-AUAfhn_~f3Jf0oO=912vkFvs%~LM3)DG@_8-O0i
z+}>IEa)-L<66@spSeBiozJuA*G5qk#^A`!7s5IESyr8j^bJyly%(b~>X<ELoYQX0|
zUAE-Scp&^`f>0beG*3W)0FJexRD3DTi6c(y!9=xQaRoOB9|o61Y8f^-mkQJD2kD4n
z2Wtk}4Pg>8mKREwkT~6sC-K4P^{#E0IqPeF`G%@43T~}{X|0vAGNyfN&nesra0;W6
z*4V)c!(W-<LIbIV?3v&NRYm3yM@S^?CSj2`vCf2tXThKX#VyHTnd0H{Qii}D+Uyjz
zq^YGnppIoH<E$aqVKMC8ZQUk(VgRD>Us4XU6j+wb4gaHSi~ChTkPWU0-zb)WS3^b1
z3dSY$5I)422?k1ph0`Xc?c|zk`+Fb2q&vzPr780{)>vA}W9g6?bcTj}!t_6~zoN0o
z<C5OMKts+y5`BvUW#tW&)X*$$Wvk6{t!t8qClfP@OzS1LI)h{kTg-IgW7h!TgEp!;
z4NDlbH9Kr=c<yYqrSmhV45P~o`v+8-bI^A@&(sy!%`$G(uDoEZ=*GLxmPxKKNEXhf
z%<6{0V`~%}RZN#Lza@653O=$iX3!(J4&__^Vq*)Pp~bXR&_U7m-5w}H`z4*wm3B(0
zG|tV+(Bk8a+E|?Pq>ENr9W++#Y`T-T*hO9WBk*Q^FJ(u832blj9fzbi|F%Gk*kD57
z(TG>9Fgf3GLqk@+A@;3eyElC}3}Xcy#=no7eqs-a2RT{nw1|VE3$#+kR|HUm6iZcs
zVgH^xm7vqNDKHotUtG<O7ewDfpoc58flf&5o$-W8nB*`&<%5wl4wNPeTFIPd0yy6;
z*f`2+H{;baw9qB?X%KJVPP&xVGUBq8nrlHG<htGcJ)l`@slU0zlxnmVOHncUZ>&<!
zFv1TNwgrK(z%(P6wHfYL4=1?Nx@CWpZtz^V)=F!Y%fy=9!6j`X!!8?bf@rd%C(nzF
zc>5whL@8j$t+MqrGd{~DO_zd`;gaN@#M*rD-g51axSuZ5>dVvq5|K7V74dyWU!W{2
zGn`{@NwgY3XT_Fb#&T|gBk|&m1^-H13*580igNZWChFrkv~xs73*SuNcmjWvn|xrV
zKD#r9NhgfPw#QSYa47;=PpYG(9)N=LQee@&r@=ELCEp^HmgO*>YFv+|DR$oFgKcc3
zcY~~GoZXzq?8i|)LG)k*e8}o6uuPkOFx5)N<VzvaTt@ezfKB<o1I%g<P(dr|0O`y5
z8N8Iaom>62X@Tlpnh#x6#J^GB=gONE0GP6H%@?fV5EDupUdt5jU}-u*chhHV{X{2*
z(LvbaQ9)gr{MZ<@IZJS-X-wi>!vvQS@X3qYAv@bLs)1rdOffv;4Y6kT4BIa5pKbK`
zbEh2J`(%kzop-bVROMAL?Eq&a`z4N`eMkg8LlGJSp^55lm5vm!rA&MV{Eqc9T?Z|y
zWwMRbDpFJyAdiKC8gKe#Ox1@m+tb%eFgb&sEhf<xL1usnb1(9M-r+NFyKpxf4qkp$
zYU%mSx~ON(ZX-*<%-x~PxRiWM7c_a3t23W5m<^+naJF}nfvsQ+w9a+AyI>i_XRzT8
zdKQ?xbo>|d0W4$gMDE9rZBb#@NQzx(#6|p^m1oq)YThiA9v_fbIHtW+xN#(=vC?8J
zb7Q$ohAg|EBAd#6;{x$-v>HSE8NRTlEZvG*85-}{+oT5gP=`tjr!+Hjc?PsGoo*=i
zC}q@klAj_b5ZTEGs<zH(c&Z<J&YchOd|<n;>~3z{CR6LZ$(Ce#@c?tDyYy8WCWamc
z-&dz+iOO#qv{@t8W+_$X80}uj`|sZhXK>6IjIHu-v;t$hGUHvSjo2Dyece+Q+>(cP
zVW@R0A+)4rNmB(4+E^fkIk1mD_d|P=3G<JJ1nc5+Cdq)Uc7D374L_hj1ul9Co|y#V
zEaJ6?(Kow}4YJ{&pnul@K7qF~GhpM~*|tU%>mPo`g*eh80%vu>kF@C8A>r3~J;elT
zrbm7mOu4iy7&l<jX|6pjW$^ge0Gu7-bdeo+w|EG&&CVBMn~9n#i{kCjO`qFik`?cj
zp@d;)tax&rG{NPC6FVMb7t@hM3UfRQ7N^-^PP4*^9X#da7pT`BNbDkk@9zX7+BZca
z+JEMS|GtZe_IwV`koh<y#!m;65Xk0Ijlc3sHKrEQth|LZ`2sYzQrJFeEH$w(3|=-M
z8P2sZ{4#b3%ihA}Nj@8;`4YRY<rP2N3A_N`cJE+1{%x|8brOZVZ62XgQ?Dcn4M_`q
z=XQ%nP2(9zLw4FwU-%n&70yx~hoUf-<4?xTtOrHoR>{&QL7Kc-SQ2Bi>D=O#vGMd3
zb`+M{j7w(U1m2W$*LRdotH44h$^Js^=UN<m2L+|CZ&NdP#VjI`C~QViz-?C*_gP3I
z_H8EKgh@@}6;_^E3oVB<VlE%yB~5Vaglkc!P{aq718bchv6mYuD}2hG(qSz+Sj`s?
z1^Uy*x>0zvv_|^Vex43n0p>5F7tigk!Y)lFgVsPwtv1Hz8)aAH@m%lp8pmiifxbDy
zm$eVn*gim6$<2cvJDO_ULckQA4nAVXIKtq$euN2@tfIo4r-tkmxW{~N5xCECQj48{
zOvl+}*(9a@KYMSwoj9_si>@a+1Bw2pjg?iTolcG+tInxEF+j++(ty|qOuC-_&L$$%
zMMxoR*IMh|yGQMnnQlNx5i@4<HPklsJn6%Zl^$H~P{0XEUzx}Ow8YC4+V|*?K@sjb
zMo|M2>cXG;`f$sm7!{m3NHAC<&L@>#hrftD|0yBH;1HP2A!Y}wV16fXSfdRbOqonW
zUbwbASoLdzX?lO!z&RI>1F~^4wlW|CFZA!Amh&LroMv1e?o!-Vn@0^zygvOo{dxuG
zMM%fjtNW6@+2id|=aih@PS2s|39((#d{7*NKB1H0*rS}128ysb&+`HNWl-P#r>QqN
zmno^Xj|?7u|AAn;5PNy4-C(n2Nq~Z842j>%VMypIRPzB7LFIu~{DFlCT!ALG&(R^S
z0BI_aU6wB%9_bZ)`kJiW%#XcOTt)18<9A56`wovEjQH1Yvn9eC)YgHT$P=oK%xZVo
zj_2{H<t}CK;dwWB-(|vNUfhLT(#Jl98W{)X<g=5(e%`eWtg~saJHxgE_9XA4v%r#$
zOfWkl=X%+6+BKpYJ?~FELId>Dwp4Z1j<0DS_7MHt(3|i?eaAO7B9y}IWzZoXmLUDA
zzh6P#wBO4omLg=Za_8htm3==*UDRmopk(A@9M70WJ#9)OQ))lPq<)SY8SC`liGSqv
zvlTVpB=Dki>+ZIr4jnx3mw<KKuqTXN+(hDWg4yfB>U&hIzB|aE;|1!C5h1cj<Y~!3
zmFXQ#-eu`Q$2JL*h3d9;J0f>q^(}(~@rVhT2+R<btp7aX&Afo)uX;fHJvnT}6r1K_
z$!0?>T-9yp(_?5ta}DwO_xw%|DDjcU5ImR>iaY`t7lW0;jA$wh{0-7^l)^+#K$~a&
zfzb7B4JiHE1WMl`#_>RljoX3~w=Lcgb7iRD9iL;x{KJzr-9*tI<9?9!IT}1V@tWZ~
zzEEH6sQ<GeN@}YDbKiY_+(q^hW%YnlCh9aTJb|s-256ohgJRV0Q0ts7DZqB-%n<Uq
z1vyZcriX+kT!eGqraPQ3?s!jf%Lbca`uMrpBA^LPiDvV(z7H)A313}u>1a?D2{zSI
zcr!b$(~#Va33!M@fe`}3s7Y$cE3>ssSpWn-i42(P79W%uSL-!4R8W&qeHo8)xqruo
zh9F<7&T`}_VoMS6RPg$OIXl#=I)z6yuPq4h*7pH5+}tF`ixUFXk}yGglo8Wtk>t`9
zLxt>l7@7(+gUevC)n2J7Im(taq{28S#vTFTGBN^&4PRq?$>Ic^PUI}JdAQA{W-2hn
zHDiWBO2fJEb!Ew!^{r6K{GNaPc8m~LdzYx2TrI3L<}6z4bkn%pyTzPTs6<v$AtaOd
zasSLdNA}KsF~s-~992+Ld>)=`7(z`P&z|*D7)v~Gi3_89Fo!cyGMIPS2EsD<mB+9+
zfluM#as$`?vAf*|0-$mmyHKyF&bHUR#=(M`#>feW;GXgcr7ki`UW@VzP7MeEmEwy`
z;uw`SE`96j@B}65?6o1aDNGeSM2o@ySH}wXbub4S_9@&&&CelV7j|&`gwJJr&Vh>{
z-GfKU;3D4&F4B*or<NP6o9~YZ3gE7K=}0pbHtq9sLOY$e@Cmz?d6)TK8V@VKqlq*3
zQMAUz19fFH;vBOt3qA=cfu`I|CtBlNqBYTp7Amd>5|lA!SrBC7T9L(uhN2g29=}D~
z=@t|79<M*O@T30;<Q*d(@bWn5)%QQ`4d4DOie4rxx^oBd^$V2aQF_!xGTKpPefM^)
z{~U*ARp|CN%ptP?-Fz;U_?kodacs;y5GXi0bbZ;GRdVcVK&O8)usnNgEo-SPOe4q7
zD7=XHim4ojTmX|^5h{)oj5g=MSpTEfs~ia2>VwRP-B$5TOBV^j^Nr`k3?queSpgr~
z_mB^<f6LB<R78pSVAvQ-W6G@qY_qNS70;>h-aJ$fdi|><@Q!OTR=_p(2%?ikUQ=#{
zE(wYdX~T0B(k@%pV$Zi3G(GXN{Utwhk{WMnh)$*IXWduYfC(H;5Lli&_(PhTGm4oO
z(me!$XpQAQn^9NbyGXsku4`K;SOuACKa(^$sR34XVRv-%LEX{D(yB}CwVNcw77b*n
z*U9=#fm6!kk*v9?@<&Tz-_Y;h23>4m&R%2L%Ku<SOACTlJMPMmhu6MOUBKjk!UH&W
zku&7!6$B)F*=sS~t^(QjU%(5D5c?P|(<23$gLyO6#h97I)>h*QoGM9rI+(k+<(=&f
z)RSY(WOR@ffK*q_XQ=HlTm!xhjX<<pMxt%&lReGh@O$6(Y8|OfcVHR?VyamRpSc|6
zvjk%1M=(4tK2a5-`t!SP`9W*x2)d<2v9o|r&QLQQyVTY;oi-DpnqbDp-PEWi@g=V&
z;nGOyu^+0QWpHS#A;eh-8~p6YhF{}OX_mNj@qS7qfh9=tc{x&WgTTz{%|~*gN-xh-
zQ^a25eZ*MszM+;6F=}}@rg#8OpI}c#lXfVj3cz$IwXoouer)$6Y6QfgMG$T15-RTf
z1WU#EB|@dh{B+=od-$hHJ!(o%!^GyiCEWBxOYn<h0w;cSXwKog9i5^ZtGrC?p-PIc
zXpWSc8gMHuO%3@;5TttABezRLPkS|1sA3O|6U;6XiPG!031m|nIEx}otJ1sW-)}g{
zQJIJ8=NX|*?MkfX_JJ3C*Q|}!FnolIDd;o7b?x@6)AYwqi@?bkGe9)!$;|CCKnWD&
zxeBh&_xvqc;HQWG3=A-zOdvWB1c71ta*<xai@&9DS`O&rdU>F+ln2VsV(RLd`Duk9
zY<N$Efx$-E#S}lwfe&&SBpBZO`M)5k|6lCO1$kkLn8*0|CSKX{D8}jimxn?TVhn6u
zoa5b1uf-pbL!nzlU0UILlyt9`p^DHG6zOUu>|~|oYB)gs0UcA67#O02rsZA<dKNt~
zMY#3+rcBE9Mu%v%+|U#g644Z4-wIIP2;upPMa2AfcnZG@8$O}baqvfKW#343mN1Ue
z@5JbgZIzt5Uqh*!?0YD&vlJv`dJ2ycN@)ZZO4S$yp2nQQnL7^pmc@m|8#A^Er@^z=
z3)5NEvaAU$MkH+RR(~u2jK;k=^cNNTwb-u#-g$OH<irkk-vpjJA^2-SPhKB0jjJ6T
znv8j|z&}eE;glxwgY5StIm_0pER|j(yKKNvK2Jss-{1b&v;aJdaDzy-j|#@H0=0aC
zQwf>6Mo~g@4S(P`6U*>8jE{dt%a?qrYwiddD9h;Mr8BQ~g$vXJ2{FsgQS`E2z8P@Q
zMwts9I=nygll{G(5Gco;q@;d<^0N{r4>til$KXAdtN7K!GBd=Usn88=nPBk+T#n1W
z%{R$${0i5jNsN0l_iezaava+*Kb@YLqQ7kw7Vt96x<&jcY(?}Q?@><}?`iP!pQ%sF
z%QbEb3W>{!NFAKAjUJAX&DCMx!VK;bmNf*f_kQefB}gu!W^v(e?9I`6kb4M{Sa@}y
z4IJp+V)p=P1};WLrB~Lf^LP+bK^JU{P(J&Fgpl2cUbu@Nqsbe@dZ;#=QJJHwwX97|
zH-ywX=-hNFR~5Ro@`mGLiO!foUv5)!D7bJg=S+A!XN1SI<gC@F?-S41Fej#t*dnYz
zkZaQ>N%qs3VVUc@)o^KW80IDhJ;A9S#=Q;Zg?*fzAuADwYNRekzsehKaD!aSIE4K+
zhl`00ejolyS%G|a&Ip#=2@hTu0@6H&5H0-r0f22#<s&ELD}3*pWj@tu=sV|^A6NC$
z?*a`Pq^!ssu>`2uig$^+h!|h-W>1@*a&{wQxQ!4d5VBRcr}Rh*w-ggbdI`Qg*Ft00
zbIZ{n1Is!ITE6d6z-M;JO&GFZO#~h}AEcP*=OH@t6f!Vua6Ce_r17Yz$xCKh=0}n1
z1db@%E9j+Zo<{zw)UTHl0l)KCbVy7SxrSB@66e=(`V;Rcj@BLeExnSgUnceHB=c(M
zxzt}`>1LkQN#l14%4_I@TQ9v<N5?F{1qP~HSQXn0h<6t5Pej603eqN2i(iozrEu#g
znNfbZUbiY4DY7pW*JK|D^atIileK!{#=%kzzK<RNsWQ9;Pa|-`vT`u-x^xZdvM6tn
z#F*nKLa4epCiDee!(WT}Zy1a`pD%xt9K|Elmap@NPiPUvT$Wg_G%j9exo}P?|1XZV
z3UiS5NvpMcmSZW5FrpxA&tXu_!6B1^*4+SC0cdkCR?PQOvVBdHlbhXL{`Bz?H}@hf
zkON=#AR(gdlazYV#jY}EI%qvu4}7^;dIhyS3H>C$XjNfxfH3jN-^DXN1K18xH)#1Q
z-k!E{)0cI^KUJi{lCxFd3Km^ZiS|4cq`5MUBV9TT)92(2kFb7%nj31<+s@<<NIXzW
zR(dr*AE>7|K_x_F`Sgf~i?7AAF{`u){02WAC|l?tS{zP<qcQIyuP09nnPdzFTY$F^
z1NXe^`02+E+hfssdKdSCpnrxtojL)buxgns_wkVd;l$gpZPZn%tAT!@g2W=Jfk-xH
z>*Tbu0G5onYl9wE4#=Ch19|7i@hOco?5a;%C^X8aabE#Tb$R#j-_v03b4xj%&2PnQ
zK6MEn-JzC?t`lSKjtYt$aulrTL^Wb|m-ca`?oN~J4NC+T6z06{O)}kuo6|a?-fIi#
zAtxe219`ct#Z9Q<!k$C?2&JD+>kMzAY*p~>E)ZhN&0Nhs7#+g>^38-I4t<x&i;k%7
z4y&X=svAL3{E_9tp#0Lh9u^B*(rHcdt%L6H5axi_KhUQM*3IM)cKz`B?JsgrqH}l@
z($~aMsTO7T+3&DB8`_RbAH0Jj7R&1|4sXo1WwcwH;l6?)R%DM%KMl`M4PO7hlX?52
zLqxxf!;q&#au)F;tX>>fE)Q>Ra-9A^V%Q9IXhuiE?O97lYLBb+2XpjC|B*tS_zS}k
zy#74eJZg3bWi&#p;Z%z^9{lZ?Faa745D}wF%obaE;m?H#@aN(uxchjVzM$%Ro0ZUt
z4eIv@pLHP{^q&~ZG%F)^%F>J^!rF!ONA+Q^)@ub8TJt6G5f_J;+x#x2eX12Wk0<XJ
zq9-LMjJE+VnU%ikHNE5xsdaAYK}rDYCJLdjCz~($Dy)beCN9CE(*iMz@75E3R|=lR
z5Y81R><{=IRDP8Cd(lh<i!vjP%_Oq|8T@D}16iK2bp<y`BQ3P#%}XTm_sv)nGzfD!
zf_Tlz`VaW+uAfWR>skL;U6tUpGb_jzF?|Rk#RnCyb273{@t$;hjih$RS6I&ViD9e|
zx&>p{UKk$#_WT8W?XP4<l(X?Qy!H!zg*o_=gX?v8K9``t1}-QmKK7PESYq)pT4xPh
z-I_zafL?>>8Xv#!ZoZ&XI00YLc!m@-mD3Cs{>?Rvj|gUtV{{ZKlZn*cabT7BQ4#1*
zl)e9G+X)9@ssW9jCit*;<&GYtn`|)qvU#l+chN9kZ-~-%r_J&JHxtTBToIe&KY{M8
zYY6*-BD;8w*F=n%oppDrN=i2>4HHK$HEzC(7_p@x)nzlZ4BK)pV6Ec0sLxf$f5m&E
z3>=yz%%x;wsiM+WJaafR@SvjmBZ=r)?@m6<nL!p8QaYEuknho-^EcQAzozIXMeeO?
zhZ?mLq?bblCf^_dKOk-jsVv}Ri7gWN8PwlSi<3{Md>>d-7uU|0MCr(?`EgUdHOMfl
zW$DzepXIEyuiz(S*;Ol~IZyjJ8BKdOTeiy^($e{YH>>L_3fRxg{J?CGS75h&2r{+8
zbhElxbdaHki1E`ec{&#b?}qqOkRX!s%16sm5<l?%w7sEh{rllQdRpStX!@xBrUlz8
zIAUu%giyC#8Np=BDhwLUm2?GUpI3SPY&F#_o=b@(jicaD4t!tdW3dpn_How4WR4=m
z(QZ#=@K+n^Y7%3SVT)gun+@V+5N7-Z8E^lRlIHFE4*98ZUVxwdMInuPPEIL=gA}Tp
zebW=+FxMD|OP+p^^h>T+DgpeQuux)BD7aq@t_e1)o7wF`aDpRWT=sT0%O@Mgy21wW
zJ!M`(>q^P?)Ee)=^>s>LS1LI9<Th?-hd2{fGJh5Q!MW;Uy@=}7dF5|pm)FSF>d~LL
z(OBp*$8vE#xav+jYkpT~vUvVoa=wdRqYdSav)fmM+at!{3CG=n{MQjc#hzq&4jJMT
z{EUE+lgl!cMj0%@_t3V79xGK-3X<AkAwKdV+;GM)#5@jvGe0$-e&^m>{!;8=z~oIg
zK&u`^e?@Cd?cq)TqV9oCR{g>^e?D{9+>)mb-<_uhKQ`L{S2RB3%C%903k&X{AVJ+Y
z(EpxKCAP(Ec-9UTI$%(!tLIs0Q&5-O3vcl9EqRUBnVzd-sW2p0rw9KNO`WXmZ_hr>
zE)P>FTW@0WE8J#J!AsOzRpoy$;oFw;p*+O3WfoLQf<C$j7q^5U#5mFZP5ru3#!iFR
zp#O?dz#KM8!e~g{*{$V(^ZJeMe7nr7mQoKDH2g-izR}D=gVIPkEbx-(Ysn@J-elg8
zH-e&h%^G4O;SOwL>@ito;#r-=D9+g8V{%@K6ZWLDrY?NUU5K&>Y2-T|Y_&+71__WJ
z>*?NVuAXe)(CFhv89$jnm^A;+r~Fv_k{P7odls>#GUKu*`*+$B$Vd3rSw4Te{cYtG
zZ`-76o7pl9xYtn6%K6Zkr7-dI*L?kIiajfNnwkl-WekMG06{>$zt>;)>GChOqr!;d
zb?CtpUe2v8H+)f80_<y})^96)%8QLI^K_RgW#uAYOK-sG5L{ml<Mlg2a4l(14wp@}
zX0klCQFv%%Zh0N$ryahrR&4ur(Q>XkMJXKo(SD4s$A^g6(WsELq)>+3k4rS-yQlqX
z{FF();s^M1dD!7?eqZoz<s`+Ss;C1GD=H0>z3i12c^+u}9Ipi)zqQ3($i<x(o(}MW
zEa7c(VdLyVA(U_@K?Z=Yu4X4h0jATQ`3fn@xSu~6ktNj{prqE3%1~EXTA$x75YwzU
zt+f2SK59Kl+b0&ua`vsXVsb)fOip)^+z_7VcZlzD+<zm752YYK+VcKPbN-X{f-fV9
zpErxXK**WdG+*4v7{=3aP@Z2-%{u%!bHbdMk?YU_o<LVfmO5KT%BIcC6;zg=Q;x*w
z`b`E}{1+nIHpy9<7r`50pMeICi)5ls1fo@R1(jkUN?aqVX@rLZUUm??Hc|<?f>f3k
zV*Xtq=o_}#d5NJ*{)jj(pE#Y9NHEOG=Lscos8vWRFX6K#Rn3R`xiop08izj@a&W3|
zS;$?TG$o6OB!9Bs7xe%?s&NU)Fl7E`&RjR|Yzg28%g+&vU4j2T44&6L5FAKQ{gVdI
z&k~7;ZYP(PeJ()0eg()^?e_ZFAV*2Pk+_=;_M*?#Obb|S;qSBso0Ku%k@czPwcWa9
zbo4Y*iUSUqA#wbh&~JGEPKbYlNU(oi;|O{2+7UayCtPRj+*VM6p|#DcTBYd>!Iv{k
zZz;UuUkdb|)c6@SD#?UlMMS1yw$;IPd2hx2m#dyt75DGdHt+Vx!Ww=8`);J1L;yVn
z8o-Q21Boxxiqg%sW~TMSTkEM0oOj={pQAl!bU7&XmU1iTeOi)I@O2RHUa^5LmWQVk
z)~}7dw0aHjwn3=gysla0*MUM->~|B%s%#Kp?JUZ=TeNb`Y%zcJUugC^=;1x$&w}O?
zKGHtaxW$kr)B+asOcTF1f7^vc(ZBeJ;TZdz;vium;t@_#tvgGHnOf_%*kNR87pc~x
zn>gJskKyz5F<{<6j~cyAE}SI}KP`ROE^~w*?I5yCs9Nw)#jQ2LM`Q(*>4n?F+2NGJ
zc6@;UE%9&gh^+8$TI~EB*Wcn4lVw@D8`3Q#Pd;Z^-<EHyh@a=-g%lx;sTQ)7@cSgN
z->!Z)bqPJicb5B~Eoe*5FLmnc#L^-gVkn~5sC)xYWT9lIl!U-dd~+&x+_lSX%>&LF
zBgPsBZqAx#9p4WeLVD-tB_9=a;@p<pyDr~k7L>qXvQDF|NOnz9#=PWwg}TC$V?5n`
zOP>^vEO$~qSSk-1Nck!{k|JI0^rWL&p6P|AIl0z435h#8iH=|Xj8>?dfU6bCE3$@a
zuGj4Xtv^4}zUn>M?y6<ia#g2i+6E0gALd0*3wcnx+|%o2+Z8{*Y)Ma#%AB(?J5qbQ
z*ggv}8k>7GHU|}-kyeX@@;ignfl4z=<~-GgRka3Ovc#r>lJu0CH&0C(muATW%&kvg
zj{j8?38PF$vG?h5?~}S~^?5XfnQjNq4al0)2;!287wL3|_xrG$IEI@tXvw$Qj~M+{
z%46^xEZy@U{f09=!brt&ztolP;SSp8b;tg(#x%wlY@xUBi6iu&7>rB{7V4yeeU;ax
zf9u&6yh`n7AknHm)^h|RDzn&X0X+Fp6$6Omug@nF(k=WuaxkLs8nIz#63(FB-Y84R
zOyRdr<`NIs!=&5L?n#rpv*B9?b>|Sy3dAr!w@P|(lcZ2PWvT2`gQOXlA$wpyb}Q5X
z$$l=F#g=#SyErw+d_PJhti3%2ttX0vz(xoT5wxj6nV<f4<@C4w4YX--MQM$taE+>I
z$R^u3Il!(kZV#1T!;)NxJ~zZ?3^4Bt&y!1(Xgc+R!k6r?l`Vnvd&t*BriA3h=4zi?
z_%qrdqary$J%GFKYL()@Qz&gReuz~0)k#>!-h2<4Ha`m*7qn4ES{lW<wy(pKHv2y|
zy?mp`q~9+$5gIticI}^<{!30-MhX#I=*Z?|geC?w9FCtKFOvM{e1Aatzl&tP!}eP{
z3F&`Hb-w|3at8uyn@jC=a+$ndOdq7bI!|LGsniI9)ZO@gt{dM+^l+scFO8IyhjL$h
zec)Kz#fzYMKV>HB*8_@*uExs0kt%DTos|o=%DGy%PN1NFj5Zqr4rkU=F3wXQiK-}&
z+`50l1>K^K6vfWAm<kg8?BUjtl+G^@dF3sXwFa}@*YQC?eb&hqK8iN*xD3c*JFm*-
zVZNU`u5w@R5ihe|&#%|XShK~Isr-PXPpL&#qm@pRL0;!$#$jo*9f90nsR=P-5uNyr
zwt;1+nYa7v>BcWIIN@*FnQ%t*7=I*=zfe}LAiqeQzis+7vpO9*iJp{f5V4RO<ri3!
z{uL!ma4Df|gSrsPs!jSb*ra11xVV{@;ZUYT5%Ndcxa<p0!*3!e4jB+(F))+b%@{Xm
z{+56INGx1k*oR~z_6$RAR=>lc9DY@u)S1me@0kJYp#_y<@_hGuBD@-+t;>b3?+ygY
z&ebv5#^LWt@-m%$d1YAXUGg-KAajq8NRkR;Y?>jiVfqytAb3Q@4_DohV9v`co)n^t
ze=#cYwjAVCfHN_n{?XjcbPu~d6CFd`EmzS-OjDvynB!vZ?)yVUvmo8;JGe2Y{d9MY
z^-PMbKkhryPZt!A|6M8q`6Fs1FzJTSEea<UuFFll3dNFY1reT($>ZaH4BlpNtwaSz
zc~OD?0IW?Wmg&ko?<^35$pxK~0UcuR>F{dN-}Zd!T*$TLsGHafM(<%+jYs>(Akj<0
zU0!#F2{evT@1f{M1orH;%nf#laS+}pE?*Sj>cmVh)3#TStWlc78^Gt5TX7R*aOj$k
zUjbEDPduxCQCSi7GOOX+xuZyTe~&lHCY+cPajlNvaw1NZx2h9;YOK_K8i=SSw1Z9M
zWyY)1+4+@1!%%4LLMPyv-$j_%bO)j8`t<l19j=$*3x<_oGYfwj@1#*7ZlLV2Vwr;D
z{aJ5_;Z29E*A?)+*W@K)b)DCO01w2zS5$=9;UF0~PSXCCTO$}WzqSbV$B|N;pMF`r
z;*m^p99Ky7`py<{P>G^l3%n+NmZt-RS~`N@3Z~n;Es12zC-?(Becj3NIXZlYEE`h?
z7r{-xgE#?+fVqhe5l>=ko_!+<XrwekN|2@Yg8gc^<H|DW-IKfk1WaQxqWa~PvPpv2
z)+>!?dx7hvK?(j(!(bOqh&Yuh84Jjf9SLt^T-Cv$Gygow8zOT4mY9AdAKM;Z7qxfj
z*OA-X;zXMjq0}=eUSLDNLU2X60ZK(4Li_^vnqCP;623mdBgy#+iwzth`;98229R*b
z*$xA8nVwKPL(uBn&L`%T=e_6PY|tTuWE0J~luVYB>qq?rrKSYTtefOfP=^erV9?9d
zcXeAeQ$;J_@hWq-i%m&#lVNziiiaA<@wRp%ESH7f%^KCP>iBiIS)G=_AI62y<&CSx
zq(U|DU3H@}q*>7zRo_507@e*HucMRhh33}PEZ_Z|PD~BY&P*ETldN;v!QP3`59>3;
zxNB)wV=Y`PhgfYJgkx7}zl)%(j964Xx&zd2DFO*HJ>_>GBnz-4ZrV8F8#r<{u#XKU
z4jpOYK;QXt+H6|ZBy|jCdyZZ<Eoq~+Fuq!^7iXw=5P%V_c^vytqiA3oaC!q=toh8t
z?>#KfcL~v2@m{=1^mMeADC}e}WWg@a`Si4Ugd-d3NY_&W9x)yhgZGtJZPVwnDtUd}
z$kcJqIa?joF~e?pCh(AJow-&P+DrTrV(}Oj?9Cf$JqO0zy~JAZt0&U?tRfm!NqzqY
zKLH0PM7XGfSgz4g?%O42t_xA(T~~-W9(uboj@FLj9i;jg6^;DzN<~~zA<iUuzaVb+
zoE%=5Cv6<a3fv@F<Jpmp=8wxA!w2rytQm-5Zw6c<L9H3!*6DQ$+X$BaX_r37kH_Gl
zkR8lIy8T^6#qoSC-cSQ!zPu0VVyNZhr-cI-Ev8hMrLhst)Z7-Y70op0(YeCKy+IjY
zX(x~LWjX|fOhhu0n;8F(iV9ss)}KTrH2j!^WC#gwhH`E)K#yrJ*7>zRG#V~ol0W8)
zfy<+|etJ9-=kGSm!oO*{f_Aplh;p#9HTI!=A0=e&qTLfZJg#S_^qB-E+6YPYb$;<@
zLTGTa6I7lAWg3lH&m{#OxpXwg+1oo6+5Xej2AUJ!>396_5XaUGFEx&AhKAxm;MWQ<
zxQ#&zAp$%1QM68Ha3I|!$zIAJo7PFiyHfX7;Qp`0>X0ng;W9m5_LxvTwT2$(Hsi_N
zc}(TvUsEzYU+iWJaW|W%n7-dE!cBUB2*7$Z;pUFUaZ(jBc|^nIU>-nlxDkQ;?hww6
z4gB~N`*-vTV{9Vw*YM}=Vti@p`UT(N3oIBDry&A{MUqNvpQY^U70DBJ25)&sjlU-G
zjvo8epumYDvlyY;?XcT|m9wdf*Nu`#n~_elMLYFPMjABb;>!Lp{S%F2lfPK24nNr>
zyE=7vZeOw6;Bvj(6K}d{npWpUn0tN$p_CGWU^5?zsxw~RY_NN&*&zE3qV$+Y|7#hS
zl~T8{opfAiCuQmAEeXutq?=m3$@YTPckycCQG+-)Nc<GpYFcn(da=LZjlDq_zs4J`
zxMGc2ubd>El2{`}Yy)cFo(pwuqc;?L#bg(Dv<Jx$W`*Am4~)vYm&?-=L-@&i0;r`8
zP<Bn#lqL!0oO_<~%$navpol)}WLewyEil5KQn-;|1x`){lNPKAl1W}`geelqFw`hC
znDJfOG78?5HqC(lk~zL&99%OHAZIkJxoBb8&bAAs$aeWlY$#=G=42LFENpoHNaFNC
z{BY}vqV`9`&ZejMHBEMy>-`|;;|{jI=4g~#FcwG99BqTj@Z+k|Za4?SP@0*eW2-Ot
zKiO_*1+3!iud29xfoo^~fY=V*ADO2EWr;^Lw(Y-Et^z?T`lUpJ_J=qLqZkFQZD+2T
z(kjawcv?tn{S^c&6jrTgurk0@`Vz;x7q!?;O?>AT^dszcLXiHCym9*ZQDuBg=s*r;
zVG~oIazP$VDN(=dSS)%$;Sx)k3zXGH=51SBle#H1b~_bi?4pi<J#VOXi|Pg@s<SdO
zdVJOl!LaJ34KatCJzK)och9)CTk8m~fIjp61vZD~$Mp|YB&a^C9MR=$AKT4jy9T53
zvsvrKY>ui^0yFvlpMoZuFD{b;Uj3X<HO!nDR-$p0tSV=q@`Ol`CObD8_!?+edH%!)
z)2<pI0sU+XmAZy{XSZZ+w2{Q`_M{{}XD`@+t&kbnexWbqc~xaQDwIkM6Wq5Qxq4xY
zi*k@OS|{{Z@B#e0Sq#OY+=|)ov?Z<9V|@{pt8?feqk=ELXRTo}zT{G~pBl#v%>MSp
zHgBWh3js%tjA$%$Yw?sf%zP}S?f3qE)hh^Fh#$wtk=(O+Dpf9DelP#Th=s3boiu~u
zz0o0BEjNgCK#n#;<Y$hgk}pImxe+r`mr_0NlCB_X!>pHYnVjHl&dgGt_9WC5;CB}W
z$hqfO8gwm_nL7E|YPYY8&55hcQ*wX}ziljzZ{vzbJokKj?`pGuUf#o@tdb2%ov^(D
zh3uq7e?!xB(iT>?DVf!0S#Bd-%J-yTl8h$GB9Z)^S~b7n-^i=GhUlYwI95$Q9GLqa
z$n`DAydPn4Xy?aVIO!kar{~OBxvW-VjSsyP5ft1$hj++3OX4sF&imb^<9xbFTRppX
zg<<wEn-6B^8W>`uuoY^Lm4vPSlP5&kLvHTcj4E9lbFRjR|9ymWe6?(qZ?Q?lID|`S
zH_pL=orM5v5V*5h1A4-a3vNjh&4K;Jim<5iA4}YCZn?SFRn`kcF!p>&=HjESAtz~c
z|H;I&T+Mguxut&h8(dqAq*Bg=NikucS(M~9ZC|A^nwQ)vn~_qzD)Q77x_+_HmAxqx
za6#^1vfD+h<5ZjHjKbx986p*@6|S0d8H)sNhGJLfG380^c{hoMmQ!8wD(8W}{o&wU
zJDwcEZ_zf~zj+<_>lJDM>><LxqIE~nzjhT2qumokob)qBU>AweTw>Fj#RO_IU>ksH
zA)5|h3(QkJg|mpz{j2NGKGT$<eygi)L{9#&9xYn?$%Y}DAB`u^r`-$Uui)lJ(F+9J
z1q5-)c_jZt1bk!$iYmvfk`k$nxrYRSn_guL%O)*pvyEPUQb^4=h$;J&Od71mwHlwd
zSNAXwhw@6Ch7qZ~O=}5EuqEZ#6?SZ_s=l1mG(mvkIJW!0HN3;7`VQ6Pp}1qZBoI;<
z2TLj#+_8HiVO**$Pa1hWrwLJ~KF7$c1u@b%S;!ky%6P5X7%^3t-^ZJG_Fc?7uWeEE
zN}6}dLxWw=>SQl1t7L7H3btT*yxH;%6|k{Y=}4gR#`=_lLkd>g@sPY_@ag%{@0Y+?
z@IT%lgJ_{<>T+|2(iOP?$?mlcg2m^l47*tluhvA=vxm;P?TGaK`Ezo@7CQMX+$B#^
zJLlCD3eUBnuoXlG0=;p_(c-l7KJT=uqrs?lKz)BVP|XI939ech%{0Rs$&p~*At&dO
zTyj?`PuOH}Xnb*BvM$Tx)=Suz-JU4pY|2ctR-GtUBC}nyydWB9QY#N?Y@Dd6ls9t1
zFJLsnuY0|soS-t+(metz>rj8X(R8<g&%4fHIK3XaG9DI*EQKhk!5kCGGD`U&_Y_ti
zpV+z-+c{P&#`AK+cLY}t%NZTqR6i1Gz4$T0vM8mlv{DGHDcgV7WxJ04BSGphK_9jd
zj`p#h-&z?**6t9iF0m0t5U*<+L!<{#>Y<nSmkqt!^#wzTm6W-8H#AVC3I@ZzM%r*o
zzNDoR#Fm`EMP6qtzA2jhFBXzjAbm6S6Oz%Lc%_VmX`-}~;4@>L%#8pPeE9wsdq|2u
z_&1S#aDYAe0Zh>mK`mf42d~T)MfllqC@*pP6)gfus^}|rJ&EpejGoZFD8fO17)`fd
zC4UsDqpxvFqHaha4bUeX5yK)*&zwS81%`TaQZk0Kk-8ZiQARn5i>u>Zgd9h6Hkuc{
zBsjzJOyUJB!@3YH1Xry~DRZ`-_&RU&JAXxo1do<#Gc*fievWY=Lg^N35$(CaX+atT
ztfQiSwk;j$C<mKwad?0$!pg{GWK+G(!^%lVR&0wz-Ve)3SncxGv_xb(HPl_$%*UeL
zaGCGQZX=NR31Nq%k5$IyE|1+sc8Nyd7@U22sC3d&mc1yxV@keDP1F)wp^ixDkllS#
z^MPrtEouMVwxkZzK2~ZGB7GHSt}Gnj!@h^-jQ-qEckbbEh=zhgsgs9^8xtf06RM^(
zW*0Tme<nLq__pVd3Sv+=yHFB2^BOPF9{jG|?XJ+)8%`c3q`iw8WE+f2QA*Du_&K}s
z`vdXQeS&7d%X_UlAw`$8r<_Zg;R5>K5E_L&1-xA1L_z3RGpo5a(vBU$U73S<^Jeh+
z-}ZU4+yxO$S9izH-Wa3?)-9-x)i2w@{tYsr-8fsDWIoT+YmMkjm3X|@p<uOK#jhTc
zn4pr3P+~$i;w+N!Rh2D&m<h;L9G29F99F+`S-;2Kc<!u>=UD088SvP_Ue$N@k&M+K
zW|KzIi?P0|XPz18O|8zCv8G-$<pVTA!R&_UsQ()(s`xRE)(HEWRv?vxz%OZLH^>S|
zS8=5u++w>^4DV386la?a=a7$mq1)&Ux5)S1=1tj&H2Am=__wqoI%L$jpvfu@+&oc-
zyp6dxUMC7ETjK4JLbCFAu6WVN9<u|OQ9m5L?(!-)hP;!tI5!)yF;A;XhE7H4M#&0*
zkIOVpOgp7tD+<FY5KX~#*8+gVZJe)DapU_^+eU?|1M|hjuXOop>?id)naHFAsOF<5
zxOO<U@e@}(eJ71*u2z$6*RFF-Cz)f6CoI*5`_RT4^HE1GKV3e)4m9{PcJ%PI`oo3H
zjZU!5_=Sc4s9qZWs_qJYb#r=(cfyb8+r#AX5&co=b#lRclpfb{B2c=T035bbpnuX~
z5qJEBjObi0Qb1rMe94*+mDK<c4b8O`Bqp#$;4eswq&_anG6u6RE3+))Y!=Sqc1mkk
z-n#_X93Z`21?in~h`W*z&IS{zp!gjX@LGa6<#<+IO&Y|rTX{tVWMfMq4Z<M8S#f+O
z^9E;ZBU<%gkq2kfMeTPZ$AGg9h@pE+ja^l_kb8To;p|ZVTs=J<&?-}E{b5Ffa;StT
z)fN;**N=={Qqn-a)Xdv`<lLwq=Z&W+sX)t<LxCXMj9v@E6xIW-SJdd~Q#}Vidx*|(
z@1#t0`L{T^^N3c2=@A7(n@ujpQ;4NflgC-S%X|3DVaxN*8(2x!)<@jPlPC<#sL$%8
z`BztUnB)p=-Qiv#EBZP|4RJ$?fkPs{Q^*E$Q^H1YPyg`%cbzVw<Q|=Oh^ZP#i!;0o
z93v=BE7p*!md?R0pM&ZMG=dB9n`PJK)?u~J=>kjgp}DS7&>Zhi>9fFYq&9504CD;w
zsRB8>Oh0huQP-pQ#*;&mruel79E4z_IrThz1xa{OV8j9vdQ6(ML`{4RyiSDwBAl}d
zyJ32Q+r6vD>{RhqgPR0}yX1y14XH_z!CYE(JLS?*$7ZS>GntXJhwsxc?()af)TTFv
zTrxmysOfIaPZh&`O<UVcaz$l<94rj}^*8xDjZjt(|AopCaL~qKsz;?B<V6rblzhG=
zW9WIsxy^J9Pa}a3AHGqCU#zq1<BbK|0oez{*TEzB%j>HP!K7P+I%mxhPlFfJOh$ig
z>Dsx;V)Uu__yJ|mW|1718~SHX8N(GaJb+IM-wS3<WGC6FtW(k}bc1r8$~p=;nRKY*
zK1Z)?sN1^}Qh!wFC}l2|wwkAS9{!?S7HX2>s0~x-;&iirVe=qvJmu_CBA#4=n<i%_
zHTzS}Ot)msRIx~<k7dpwoGe&yf_0K^=4>fcx3lM|-8{zZ<+OzN!r~>=0P72oZtW<m
zi{;br32so<zOW3KDz!Mqe65h>G%(9#C-wR$%t*Q#rG2057;f&0ZvI%z#ij-~u_>Y^
zHn>nXCE&g5KIzXh4JD*=1aZ7-*k}U<+)`v;jD<uyChQ`KaF<7_7Nb1_pIGU7@k1>*
zC)eeL1FmsYF4!)QLUXW6G3J1oZJ}bC)717c)jVf>HTCtb;LK5^&+#^;)?+3PN#k{6
zRZBW5g-=9Yb#tSd^NMnz*=^ae7~>WEx2msuqZy4cg;?(1<n_0U$|DvNC@na1tFcn)
z=8(x{$4u;T4XCD({BILPMp9KvY{^!8x9Vk+OKqzyoE8H1a9O%AryX=ZA40jNzgU;p
zdILmT9|-fljy4h2h4YD+F?h2nMap@gAFt!%H(t-k9^KdlF^im~&Ry~(w>lh>cQIVI
zG)lf&2w`U|)xS#LtG>!5a`0TdY%}gw(~LtF(-7w9c%@}CQbA7!|BlJ0M6SJoqTaGN
zSB4QPL)DF>kEVW$CuD=ANuuInuJ1d9lJgf{#jWBFuAR-8Ib-=a?|aw}sZ0~S9{okj
zK$H)lI99?U85YQzn9eNL<ZhM_qhjKHT?bXH1ETecKs5OH`op+YDFxiqFsGF$^Cd^v
zQ!E?o4QOhINRzSsB@(D~I*N0chHA{!Abx1N&10<P2=Pg;7N_TQk0L>+@c!ErcTl*0
zdq>fj9YCGpYAGqd)?fGlhoFlCPFfC=<z|zbUbM=!p{ZtHkAqzx0c~>>Pba^%iddfy
zhb{WQp~N`q28sRgFuf%}Y`!7blTS-sBF0&T1Lf1O5eYjrB4LsIUQDXno?(xR9jY}&
zJBDyRPXEvDm>&35@IufGfj49P_(tCEvi^yK9$90vd>@^GXxXI-I(A&&EZMb;goIo=
z1%3e~XlfGpB{);<I&e(-e2>L@@SVt%;coeNym<>yw5z0U!GX8ZU<+*1$IoAhRp<4F
z<!CvdK6q8S&>U@Z?lH$mI1Ieb75T~#=SEHCSU?ai`j9}~MGfkGqeg;BB4JaN2Sm*Z
z`Yo3F8zZ58q3Jrd#K9xNOBBZVo+O&5OQs<Tp()TZVP~^CtL?yQIS;~?5UVbG$Yskz
z#_KQfFWF$58VRIiu*kUMfwGHkJI(U?+M`6VQt~_$M~NiAK;Fvn?NuOvi`zqG|CZB6
zY7I~*E82hj0J~8_;d$dCp-|o*LrKa)ubo9gjypVqE4Idm_-pX<0f}CYs5Sm$kJ?W1
zm{*;v={njS5&2WobvMMXZkJ8f*~~>g85;RMCJc&PcgHEQ$b^gwkI6x-PEW`x-~>>>
zf7|3Wl7qlOcsy*x(SEF5;N%)xRcYdqCXL_CG-*ibLmUxv^>_@PXY*?)TuHCUL;<rL
zF+|@{r--hj%~^4&dEgK4qcd@_o~Z+gDo_MC{T++FHYhi^A^qG7QSDe9&6N%h$HA#V
zlh$~gpdX?V;jn5>6^a7*JFba4oG{Ovih+hS<8WHNW#N&Ej&JcU-a-*6Tgf(B?0Av9
zL_4%e@w$t{o3w~R!*Wb-X6x#7HD{gDuD-2~Vy*GiuSu>7gZQprH4;{6ER8&KAcbhz
zx9UBz*#~82o+QL17lriY*joCo)*~$-U<*QG64;rs(WJFhE)A<a^^fSMI~^#!_nD()
z6M8y4x5dmM|6PT3Xy1U^-;wTB3;R*2BRqXnZ(3P<t-QNEUtwtP66G~L%}I30TcO%I
zLkSMO?$gK2nO$VEv%T}Pq#f7sbjwx0UKL-K?ETl`@Ue-e#ja<>I6D{AITaU<sko}0
z=KI+>wS2@3R<>6!mQQn~2is)nYO`co!IaT2vE}iEIY)Yw#3pnaxwIo#U+u9}V;tgv
zCuRCE1?a-LTAJUI-p49J5Gcg1@Yy<Cm*NEZ06E4*JV{PFi_b*6E#bnxt`&9kV>4hl
z2TxXI>@;Owh&vIpf1!8N#7Eu(d!LSkwcl-uq<s;(UmykCk;o$H1@PS=GAi~-io5X<
z{+t%?uc^6hLcZ6Xrynm#)Re$^Ic&QzM;q#r-`z2S2(~mj<Lgi|$Z7B@`$aCzAFoLl
zzg6#No@~-!T@#U52L+)HmWF?rHT+#q#y-m9u7%dSFNo?lh~?Arsoe@A%>4g=yz@U+
zljRk5_RSJm*grP7DnxcJD_aaBXBH21jS}R$RdpQb?i9zU8j<VhB_5hO6Rh(_W7IB|
z@sS}5cVUc=`S7m`kkw>wtW_FI9!qA8Mplh9qtf$C3%{0WVJ;KOH5B^RaZsSWD<T}R
zS#Er%h>YY3cXvcMZUwNqeq#kCf?wfHepC=Fi+q`J-rfjC)HsEl$8u<+TpJG!na!G_
zxP4G=%@K<&7{3dvFi2s|upZ17(#s#ZlJ$gc(U1Xfo(IpQVE4rW5%D4AY7~NjtVVMy
z{$fW@Y6=#J-+x?AZ*S9HvZdB_{vT3m0vUHRY+{ZOR!ewt-2{T8jwE4_&v&IHo^w%c
zDA<0r2xaJMd^XNF_`r0`wtuH=`wL{-ly_5Vf@88>A~v#CwjgkF+=nKqAFGjImJSE|
z6hlJ}8j7xk%XOYdJpGG~d`&a<3*X!v+0NENFdn{}U<?PyHoy;zXobqP&40sA5<H)w
zptB|p^uN)MM@kjj0q41h*`1$O8c$9Q3b-GnV=9GEzCNH2_HFpUWqi}10ig(}dyl5`
zt#aG+UA+RD9qY;TJcT1>ZZ`KV71Lgy65%tX7J?FEQWVO^nmSxsA5La;VGZt4J%#=O
zM<c?6vN1>dr{G6hHqSw1|MV+;5jIXwSZ``^fZZ$Ui&%Dq=}C~6?bSOT#2OX@+;n^*
zZz+Vb$M}h!4czK*yNC6%Tc#l*%8DLvx+X4g{p3s45z&SuLd%`E2b7P-C{nU%H8x3W
zbuIkHf!dicd|4sq*<|>NvwpvpbZW3wHxQt>A0a=Zp?5?;XwzynAfdIRB}yDYO~eML
z@DS5yjK50s!9j;%_-(H~+dr(t(A3}RV0v|5!V$|&fqk}`CV~tsa`A4&^7WSs#K<2=
zl|{n{pOY-<+qlOaj@f^UDr>+(RQnB2vpUjJ41SJ1-8w7@1ZmR~4tZ^_Jk;lSO7^0V
z_xfx!`kit+L+w1OHgNPHBQpYx8(C+A7czFMIuSSiCeiafEc{`oe^VkpyE<jZS;eZQ
z0A5*=YooDK)T&`6<2`|ZhB^BMg`Tr@%)Rk<-iieSw1HGRG<?ra{jcD0$Mh%NoH|o=
zOW@MOO|OjnmN&it{dUgHXJ(d-*B~aK1I-ZO8`twsBwPL`YxhGgj4;^=9yvGoKf1?|
zMX|IT#fnzfaMxxxr_AB{64SI^!86U|!vu@<N;=P@mng}TDK`#@SCy*3g-Z|3P23L>
zgBp}NX!!8!h*tkFl5TceBv#HRle(4h#Rxwl%#vA~v*DcdNghw`r<(++nk*_%b#JJ|
z(E=E9<*+18mWK_wQ>XHfEp9V)#%@(-w>rk0o*B!#a-XmwmwfqR@Zm5+b}JmPKVb>E
zD7_-OqbH_uTr2H*RhD+W60!o}hUT>+j15javyE9La*w_#uupCA{5d(H=Tk0bB`!Mm
zo*(|Jn$Oj7W)WPYx_G(ixqZ{BX#4@aG<rYyxJLm$W5zI;b;$jW<i8Yfadvm9f0!iX
z&EK}GWRqhEb@?lG^q^X_RYnu~=OYQV2V0uixx^lutTe@*8!2(@Gl)8YDyeXm$zO+`
z-LAAMTC?{!N-=EA=Zsw*q&qCO=4Im@zE%*CYZ49d#)g+Mm`T)<tu@ZW9qm(*nsp=)
zG#tdehJ*NWm(^U?#qW`QPk1_zd<1rgUy9;quB1lapCilUM~ZrG;pT+g`gyb=CweqD
z`L*Au3Z@|ESf>|PEla-bNtNrLkYsgIJAi8bCEkCLYQ>Vod3*W5!f5t7yY-J-RC2t|
zQh6oegQbcR?!Z1C^V=J`WEKS!pJGgbOjT5G89y#JX+-)^4zS9C#x#ei!f}FR?T=HQ
zCeWqV#|}Qc#v=KatWTRZa1*&Yt9YV1TgA^VQ+)3R2QYD{8kh_j8zIPuaL*T3E<Ru1
zCV>UBgRnZkXRAOplVzPxyk}`-(csEI>OPJgbHSiYs{7bUiI0<#3kN0b2@wrOe&%R6
zglB+YY)KoeCUfoQ#&{EdTO3KWvlv1%7-BnB)lu>)MOCc?=XXjP6^qwTku$<kDJ~4b
zfF%5ZuMfA>#tGEIZ-G;se}znN3V-3O2iHxfyl^VEdlzKo<}Fnba`3%^Se*hnn3@BZ
zkkng-$6FI9_#BL&W<BkjwMV$GOcf&98&0GeLxbvTgYH-_#P*kq=!v5~d~LX2qtMC|
z-lz=VcoV@<`lMb}X+1UZQJwoN83X#38u~ZsrXG`4me4>^H@#w!jzeU8CTkqW^c_qy
z#`;@!(G1Thn&E<fcJgRw)yf&m2Ji!g=ij5v9(Bqy6{|TMZt0XF-QCvXcyYHK5x|7g
z!#te`&Oke_%C6XhC(`bCb$FU?;dK{+U{O8Z!u)+Y5cW|>GN96Mn!i7fcQ5qS3pVcb
zF7A#@x)9Cscc$UBK5>T!>1nsU?64e)IV>3T$qXe0&#*FluL!Ej)4LI#jrjU-nI6j_
z=R#>yvig(a4NZEcC~kdYw$aNcJOfT`jahB{ky))IrZ5tGzmL|O)>6o9ncCLGP@UqO
z>pQh0sxZ{oRkE1UY%?kisOlVmBp%j2plX^#xCE1yPQ#aM!Cud_1uZ@mouJMjt<7-T
z)8<S~qm>IB3s*MBLMvAaF9)MA>YcBZx|>C8zlOXz3U=!h8^F^iNaLdkqv)JFyuD_~
zPPfk<gAjhhNMi92$FkGysGJ;1y$pp>mTkEwBr3fc#0n3=m_**AFFTaXzCTO$C#>vc
zO9DHbF^f5ML{@4H7t45qq8Ze(pgNF6ohq#ij|F<TQ(B6rIZZ>FU4}Bt#!dsNKWFYj
zniK^Wzh1@KlHMosRDpS|nS#v-VE^TAxr#Q6gu)qPVx0|K0yBp8BRzrI87(RR*u~y4
z764hHx#bT@Q(TfOv9C!TsS>x+AozdTan1&KjV2=@<qpLJMAcsNRPvy`8t5Y-A6xNm
z8Vi3<5F3;We^eMzJf!ctFU#X{lZA4Te^jkfz+pboJJPEBd2t3<dG4jW!tU4*<UBg9
zXO9*2lL_aR<m6P2#+7J~3elLaKa&-u;8TBK6qFX~_mB@!m&I+P`zTsR1glBSZWZ}y
zAU4`8$Ryj~Pq)m*xt7^Px6BBWUF?-d{{!z4UZMd{n0C|*G^|v{1_n8ZN!vYokT8*O
zyOkMqQM%rxJo5(`R8r0Xi@~uf%-9n`8N4x<QX*Mfs4YHJbrfTiC|ihz9LWZ4%f=uj
zX(~??r1s4lt}Kb5sf$-@bvGjAZ~SVO$1dDdY4@bB?i;CN`@-+)n_aroK^NZ2S}Bxh
zcUaOGxOFNN{}<98d>_&jSXFSs;Y3o;YgN>2$$c<Aq47;}pB$fKjpAjQA3TXr9t5?1
z8d1p=l^=Mf^fY7<%|qE*&7W(<A8-J4AQbPn<7XNlNN(9$nXZZ@fexi*=5Bx7V1yM1
zxWKd?DPB<Q7}8tK(X%y@X~=`hP{xWnmQPaLQvgnPeVkuOCoaUG;uP`SeQdQx<2YN*
zeV&~6-KF%o6|V!NDMLn7bmozX*j0&FR&9B6Hi!X8RwDIQj+J;eUL4-=6vtPX?$ppy
zQ_S4&KKIW|+Op*{ti**S4Xb^UQk#?L2yM*8FEe1ViD_25IosBKn<kXNxE3kd9jQ}=
zfj117bQA`eAN%JJZhv#t>!A)5q?%7qSswU0{(vW&ojP@va=EgX_uNR{m-%FJ1-t0&
z?~3<xEtMzUu1-<e+STS%7fPqP^+urN4V2Prv5J=s=5qVzz1P<cD{Mc-@;PQA=w-bh
zzi;UMq&-1`a-={5D>Fd}a9W4|%mDd6%|P9VkTo===tLlo2;9rXvUPskZ|vK9zTyme
z0p%s!>H!jkDg-CUDiGLm$%AeSqUe3Y4f~;jmsgVXl#6}VD(~Nbr;eRq^|_@HTcOkc
z1s7gG132>PaV07n6HBC%$~AriguF&v+3P3R+rq&KyLdMdbo=Pm!!|iQI~$RG4=V@r
z>P#ih>eZwgT{tA+?$r5qB4tq9gDdE3`GoJU6L`c-ogj}<BxBA(*wYX2|CaSZ9T3lF
z1-JR>5o7(oVJ(#vQSw*^&&!>a@U1Js%FWe-)a%|v`!rV$Qej2;yQ$Lqtv)V)Gsfkw
z6qg6EJa;Js|2zihhk*Yq_s;JjgBL|JWMY!LgR|(cpl~~nw!K9hz9@Off}f(-;~!%6
z$K#uooIg^^U#Mmty)N)dSv3z|wTIu81z~@Jti0S0C?wo5U5m-$|IPw&ZG`f9WeXJx
zR&+sDH#sk-VjJ~h?L8&3=2l1f)9oJWQX-BhyreX$D7AGB=K^Ql&1^vxS*nAyOz+!(
zEv-&Q94p#ypIOoJD%eI_*wgi}Ez1;a8<3I)_Ic2>r7V^aqw*lvUbx2V(W`bT1dLr8
zJ4!yNwYI!2uBD!jbD{6MkbFm{4`>kfl|ne=g77rAaX9@cr6lHX@~lq~@1H1X`L5tj
zL7$?-ze?&Jm!n$Ck{%b7ab1n_d9R*FHkgP5Q&=~$H_M#>!qCGOyeezuRg^pW?#dm%
zQTHkkGfJK{=-#cd?im~E-M((9e^);{VVR=nk#rllvNMqj`O@%IM8&Uyrfq6b!|V5q
z$PV#Gbci2g9=FcvxYu_n^Pg;l5V`RWn;~N*;rO$QYJ4r=zb(|DQNf@=Ez<D&O~OTv
zp_yz}{}}W>wcF?r#m35e`Gy7=Y`tc2QS^H>6E!f0_^iyS$>Jv(8Pt_j=N2OUnx~Vv
zMj<h^7mWrepg&ap*V2y-ejTN+BWZpOY4i-v6Z|toVGI2K)}UQDjZLC}lv!Wq{muBO
zX20i$Qq5C`@Y$rnulikOb1(5mIQdJ9ew4a)XnAUQgKVcaS^kyU0DT_O-X%}6gH&}c
z&(hJ@y>}YR4MZ=>@4;R1-h98@X{2o}Oa$TfQV~IJ&nb=C!uoFIhcNfzf^2MT=hz{&
z4k>oTwL^{_l!&s9GpNIr{9?VXW)o?}mHMDQRPYsYxbnqz+k|=>9wHI|Qor#b!-MKc
z={_-VMI3v7+|0kvPkSs1yw2-7O=!c4k5<#~c@Ap&vVUXH)2H}x!);KpJpJNk!dR%*
zs6pMkwMR2g(?*V?G-V<__dj=*c7eKmkB~|A%J#jSqJ2}U<m85Hs|rz0wlBp|az)G4
zdWo@Qa1H0$k3Cac%!n<MY^krx`nz~FX#iaD<C2y+s!xJvP$rd7^_1svg~4`iRxiua
z0G00ipoiHKa*JIn7t~;$MKxBWYekxqfT52WMztf9wq+eO4IiZ~rH23q@+2ub*i>8x
z&Uvt`32Er7?;<A(e;_&G`7RD5)2WH}THYOB&g%=oMW|rBr#%<QLk^*)K7?3=(-P#Q
zl8%c^O#DJ=%6U9sA-nK(MYDD-*G5EKNX+on=|?O6$=*mPe2Ny(2xiX)%LE**$QDFJ
zsI`9WR{%D>Ub)hV5VAYLCiWWj(bDT={WgC-J;JJX^$~aEe-oipn_;~}gAKB0NHO+s
zhQw*6hFO(u_R#?{6F1Ct?F~!GZm07usqNafv)BDI+H7tyaUz?QwvyUIGZ*wXGfloK
zedUelFGZF<kI!8>{g#>RjOLZy(kmBH&|SP=8e3E$s9h-XKT<3ySIWr0;&dH9k%FSx
zGM-cVf0IpHVg8%<3mnnes?SQg!MHrG>xT-z8HWltZrbd4zjLZ>$S8*$2HWcR49Cjs
z_Uv$sbvs5;#~g&TAU{<rJmoruR)W`N)Y8WEQeBKOc?n5Pt&U}>W|m?r;Cre9I`$-Y
zh~~$;)86-%_`{rJLtGM^WKz%Wb@p0-LL)yRCd4PQH-Cqhs<a~{Gsl$T^i$X>5HLdH
z4KOL?!PzgBTUsE!ZeL;PmM}T^kAZwCBRbWGb*57a)FjagfvrKRGsXz&SK}92G$`r$
zp2E?}1;<0yAub-oP4Wjq&WJ=&x+Qsyj0dlak+e-Sv=3V_#EeX-gl)Gr3abe;6}JXW
z8R7M+b4H$H)HFMA$1H>eurVO9KMja|<KPzF>>*k=G&3l&w4hu0qc7ArisC0(yia!}
z&{i4$+~lNU*FIR1j}CQS^MNBj@x?x!6NRF+m)^fcdEI0pKNT~X6dAiKwbd^6Q^xoY
zwvy+fP^!z8WMz9sS=lCD$TskLza5hEeR8$iCB(#B#r5cP?5?b{r2Zj-`ZhiKWB%wV
z$vhK`4^I)fic)7mR8N+?v{)d^=AreBChBygU^8FfDE+rT@?th;Eq(US1LcZ<jeKLK
zBvRpV*NiGbSXodQNBflNbr)t$mGt|&W$f2T-1K}z@B|y`k|3kqvJ9%S(%o-+mcCc&
zO8>ZWpru*&Wzd^_+9)bp+;W!B*ChN$O>y=gb3f!q^mW3c!cOB#ohZ>*3_v)Aa<m=^
z;BnPV>0H;7K`BDW372TsSoUi~K*Q9-exwg+>Oo3SYV4s@WSf0*WGlj$uKR>+CAb!b
zJm$k?se2`#?v&0xssc+{ZO+uq>&Z)dltsJg`pDPD>`_w>x#%P0g5EPz>X5{e+*fDE
zLnZ01L9}-QR$1LcQOLJL3Xh*De*T24F%?_%`xaX`+Uj>Uafs=bDb?o!3Z*SDt9uK7
zMjJeQlG71xJJruO(jcn7{gaP@gbB*4w3raoj>1S-1N?xKVbBZW=he0@)%}B60dzQI
zZNa+dAziWu@H`-AI;C)kr*Jgvr3n4K*P-89uHskEgLLwdvnUb$3ZuQgCl}Z@5vik>
zS<N+2Aj}tNX!YdufMlfZ@SoTk9^WO&3tZRL(W;<VYgv_<XSkqPX-YghZ_bxxk|+$q
z#>-*W)oq=Q%3)IzLF<+Y$zkbTOmrOGMqd137Vy7bu9aXvZ%RuU)}-Jmm)7OBQ8s#b
zuc#2GEHfLG<5tE6bEyogrXa`4Ml6<hKl6PkdkA^f>615_%B7ga@BG-QVUW_((B_m-
zaGcM)mLSVLQ2>Y7NS9I*-Zl9ht5aQWI=TRQ=|LHEN;%g30umPav(&_GF=M)>vb!hx
zJj*hI2MJYh8}m;$Hc(BIK%>hWKW{ka=$JbpLmVk<<)co5QreG4ye{?LN!bleb0EF0
zLR8LnHIaJqj@PY_cM$4}N?D4Ab~-+K19}%&xh8Q)39Pj_j5nq0YsvL}Wi?wm?Z(;2
zA~X22M#IZu=tNp*AWa<N=_@jS#PaZT!lI$v!#0J?hQ3#)>|;TC(%m1sbom%jN(CQV
z?U6MXZ6@p7!d?w{`z}N;ZznI?bON`Sq)rsCzMMT|DxW2)nz6lUpsEQug~ZX1Lzie=
zZdF_4M`{t)<z5jL&3XB~OfbCqKzR`QV|T`a0CLIS9xgn-6;{Sg3Irl1wqEo}ER}2P
z5*)t+;pO`y;ytKiDn;zSns#^h_vn{g5>)f!62n)@+MaoLa~EFX;FoM>pRHCtpFXN7
zz(#J%0~_C?dKiC;<b>25!vqv*AnZ+z-H0z2SX$((gfU%PvzTM`5UqHBd!&BJ$L00g
z1!8CQQ*EEFOB!!X&6kR5RWsSwZUk{ul#Pb4)z~dfE4FhFqgVQ>ad<&#l1>xPsAFnA
zITxb*`N=P>rF<juNb;vDyhb#;tx9v$S9zrxdML3h)bPZ<E~??Gy4!W8<qu1+K>qUu
zmGBN;AOE6EUeP^Pt8cfBZoPtn3MA>sHddquoxrq|>*c9Pf%fpx-U9CS7wwP%LpHmx
zdIMZR@yz*W-W|Z5YUopfZc+l$srtJJhm9sYUHLLHY0u~qUdg+NCwNk254(moo1S)8
zQDAQ5#FWy>DLp3Ai{P@CHsf}@qSU|y8~xVTUl}<IM%Q_7tUS~jfkm~wIsXRYT}ejY
zu^%WEHO!#+_lU{%x;R#u?v4qHCv2kMP~})cn--EjNhA~$n#IO_*CJb##mGP7LnLwK
zB<41!PS{+csJI2cSU%ww)F7{_nZH#bHA7vgu9(pwyhb@{4VR~yV~#YV@2j5^`2Q;B
zro<J?H9Fo&7OT0Rc&KCxxA#4VfUjm14*RA!Jnv~J33g!%El<>Q%ZNS}Ol0lceUSI$
zs<%lEw&#44yp$}Av1a8mhe^G#zVPXOfEX7hKr(f|bwz~?AdiOEtqd;;YLf^#D5y>H
zN7Kr`&GyorY%BSG1qaEZmvy=(d91>-)=jj)B*hclzE@U!hjZZ=?}TDVz8kL8+AYsz
za#qO1jngmu2HKdG<U!v_e|TR%F(VJ=oSg>xi?uEQ15GHDw$9V9>;d4&y}TyIC2>?x
zL~MSmZJ?XA^K#Tcb*=TvqJ_GyPfsQ*?6PTKE0mOZsTY$bONUP_FOUC%OYbS#5eNqj
zq!P+TmK)Npt5h&;hCkkbj#!C8=OGZg@)nF{!oc%zLUK4|UNhLQ@;ewGmT3JacF|el
zl|BP?+csgQU&zUDHVd`%;F`?3pRGMIbSoC((>mJ3l|EP|GG-}{VGWEI$xF0D3wLjD
z4~vsf-CQA~n{1jBy@OB76yR*wb@5?8)?HpHHDYM;KJYo}3qB7W?%7?OVqaS+`@32e
z8+-rCx7f7A`fTc)lemCIv`7f)LjgSRz`i^l5BP|PRf<`rJo9o2aJf#N%zTr&%-7y~
zE*?QWs|d2;7}94bC6@MMs9<u{t~AE+r@`kcB%iC$%<;|My-$Bmzg|Ha5zf;q$cOL`
z-xtyo$USQ2yM%3f2H9rM_hOZ>M{VY}WXoQ~BDvUdf)J$eP0uG+iw}06D0&Kd{crIv
z83`Hugo|ti;T2QMWBhbVPAM{)XSdJW!un_r!S_9g3J`<f06N0MTPk3M14o%X9LzZK
zd^Z6bbR?_M0=IfO*GK6()#7kFWSyZntnv-Bv$tkPj45xBlTJ#9mh&mr#O&~rlOY=l
z0ye(F(S?xa<S4Mg6{jM_lW9H>`11$SQWD|oltv2jp9gi`AoQ74%G4j!2%=ZS7l*{_
zIL4QRAh<lRV#Y+^pGe1AN8$2~td`U-Q@?TmzYuB_eiXHbpa05^Oi=N_cNvLFdiM{g
zyg}`16o!&7^c}w9(D|v1WQ^WFA4;XeZg8&mqU8EZZKUipI>LfD2IkhV4cC4_y;qBC
zH#JU%$bE;X;d!@_W_UDq52O+@md{nm{mWy7KKn`nO*t<#XNiq+vrMi6NH}{!98riu
z<jIBNaf@uPzY9}HRo*sq9}lPW*zHiW2c33cJ1L}BI^8XvPrH{%h?RJ5<oEC?jQ$+V
zIyTOyC`l;Hr*gD^o%zO8WVveq{6^w7*4A7(p&B#v26o$Mk;v4WMLhT$>Widb^shA9
ziWBPBy_mroTEiQ&8r+691WE%?x*)sjHcXbwm8S0F0?1$_F$Sr|yp<4bq<|`O$n{D{
zJ!VNugs_Y%03v$DMBQa8T6^D49vI%RA`jnE9;_)@9kgR7Yi)p9cCsNC$W80|EQ*X+
zg^w6EN~7a}gxS5%>loj_-><r!$a8<qWU`N`gXfCG*C=}Eq@RiLp^+JwKL=WxDQ4Ce
zKKBEpt*~d43(7ZNbmya6fDa76pN^<f=vH32$x^wQLf39zJUl#KDLE@uxJDTTZZPS$
z%PM_2lXlldsB{{Kh)KBqR5^`ishG~ynt2OdKZt*tJ9hr)$1c`<6bXnGqz}D3SnMDM
zWh4`C;I3KX>?R7~p~#*Xtx8q+!=lbCw%<rh5WTW6MSG;4GJors>lGaLdjTsQla2i$
zPEc)#7kOUJz*S3Yq_ngMV53Odb948)A{y^86oZ~Cg0DUvk1@s<Oi}K~)~a#*pq(qy
zH$=6q>Fmqv22q4Jr|mXNR;}QkszH<gf@^Tlo4}{RlS{B^(K<f-=QJFx1A6Mt4eO`#
z^*N4$5oaU~U(&ZwU^v|Ft-#AgLY>{;lM~#xD&s(X2E*Z!4foTa#!YJsp@f0#{g=hz
z6kR;H$csXz?WG{o@*}CF!ltRjgLF{BHz(2;ZD{%1?(>Q-q!oDs=`^y)<_~&YVE~91
ziRd!vts84t)R#tZawUg~h6st|LQ)$i>EjaFj0llLg;aGe=Zhyftv3S-jM{vKGK+uR
z+BK_e;}Hqz93`G~bp4huB02~|J(D6=i+I*7!BiNS4>AF!^3>dF1Z{q$4#N;iX~pn?
zt-ybzQ3_GxIzCoLudXzf9x0n!P3*iMyFHDnHp?gD#%|j}UC!-h$<6w_dGvH04<A`y
zjI2P;Fm_H4%eU!YtmnYr!1S9F8f>d#@WkZh)k1ZgeOVzRE0|x&Zx7V`S&P%e!H-Rh
zBCagc4F6g7<^bQC+ILFw!E1)c>1{g1)x76{+yiQ?lbxk3wp8DsT*#}giK<#_1`IiX
zh|^y6yO=D%uF@$I+m)wmzfti`GAF$Ls8Xm4No`hZ?NdCWd!u)FM3YGK;EFo?u!1TE
z5b2?t9@o0nx*&v|(e>f=J9(L|vl>5*mWS|p6KhB0{6Mdlz+2M&Ex~5$DKZ|*H?Yo_
z320PfHyE^(d=Tetv<>%fmV}enuX@y;fBklhaQ2i5KejxmNFP(F!oR`+jt>QLZ*)?%
z4Fg>q2C0QTtalUa8;f8RftEFrxvDUy8i7R5`a{E~dCPTG*2|flN+pMWxl=n&rIPY#
zJ!LvoE}sBhK%&1dFU|GTBgX+tEgUf8-ADPpya*fo6K>u$W<lgR%)9OS^!OMZ=5&%b
zH(xV(Ac~6^s1Cb{rR8b}oz%fA!xBv$YHA=41-sc9cat$<RWm<dl-jrcM`CXB96ngG
zV~7L%l|0(!s)V))$d!go_8QIdu0#$x0RJFz!u$@l($|tl9zH1gO{qe)@Zi{-lP(K-
zQ_RJ}Z%{;Mc>iR-*ZGk?OKdxzP9{FavzDeh=`E~Ulf$k`t6w`}=l5{dWu|jkv#%T-
z*C2NI4(~HpJwR_j4ij)H<U9#p<Jq(6MI7272KB1TDZg7HSZ|FVs5cNbG-r$OR-Oxv
zyuZ^f`n88u8m%GV69vt!A#RYc_PubqkB^L^;BrXgm@s+>v0Sgk6T*op9}i}*%ss)r
zH{01Q{6#AE)F=gDT8pP--ai7HU-|urDMy^t5}y=XS3`OHerY_BBSM~8>tMV5B?{=(
zV^{p)dp#C*L0;bzl!-SP(a`T^uL*IG2m6v*d2=eB2$s~P+OzF;jfAKlaLqxA4`BD?
zb?A$jP^7tyZs3d6S4?(&@uHIeuhEb154kDWU=CMGSVqFJLysYOf{HX|R#-)&=9{^k
z@$>u8P|CPT4UnQmHZOA+uQ`l+{p;jcwARHqwlW*JYI#Jmtknw=5`B`82w{_-h+%1m
z59o5VTTcH}MGN&ncaCFuh`5%Tw$#@jsZm^=^Lz{NZqvA@ppoPXPV_u{g|^ULLgKb-
zhCw!gLS68e@Ah6;BPyYBBCNvxn5&jT+|O_Wz96v+NdDIGa)%Re660xf7H+l~)0xzO
zw(7uQH=LzXe<9A>>O~f~dy#c-zRXcSH~6u^H;2CnDZl<r{wFPsjc~R<qt$%*7;#UX
z;&YoB0w-cL9rqZ6q20I|YVqK^9HP1kw{>Sp8vj!2ZF;;|gWSqIKM&Dk2uW3ra{UmY
zH!*hTA0k4Mm^-wJ9?pT&>&)S8Ab+R)v^rTcqZ^9n0S?A8UId=;JWWQ$2HZGj%o$F5
z0q?VH-YL1Md{OVPxOuW!teZv1#@q&Wi<V|2bM2hZ5ir~9G{CzqHvXyONTQk#)a0rk
zD955>VzyFswr#OrnnhBSey6GTvu)ktp@(h-yXR6tlhS(|=z@KK(-KGz$>e!?Sm)}M
zv}Uw3E{}F<j68N5F%fqYu?X&h+3(-)1La3Y$Zr8b$voFCb$=Qy`}`4~K?}Gc2Ja(J
z;(a^WPc_eC{n7tE!7_e~v3o#elX8~HCrh0|{ak?f7*&M~IyrtvdJaeUTokUwUZmF}
z74nKDs#~SY=XOo2%ypo$ed>ctRi3_u$l+%@l5`I|C6e8}OZy3pQN^devJ58Ncto#p
zSD1AyyYBN49#QyA9zY*k5qddsk;amc6ON(;qIK?F?-uS?1c&Z(;_Nlx?(Y1w(*9(S
zG-8&)Py{*a|N3wR_4TbJKQy-EdX%~aGDXH0Glrw#WRs+@CHcq{Y5epPGRk!MiYhp9
zdj3V4_rgh`_Gi$O8Hk<l&>pqwtT>pl3Y{^m{S@aSL7WGyRytr%eogZt-g5sg_q6z6
zPayDZfd@BNHS+4Fgr)dOT7d+9=gUAHuaSCA!76j(%(<CjO;PHopGyt(Mhj_fk=`W7
zbdgMw4Ig`Lusr{OHcq+kUZ^~|bQ=}@k_c2^gGUUEk~i0OFJvlc81QmTPMeMXTsn_Y
zTo9edw4#JuI--|KCFiaAh$^3)I3U}<6(?+qqzU-vOh_8$xkl_)6kSY0YTYrPWF2#t
ziA<ePMB53Y4}s;hmubrb;`vTAoaSn+grN%<^G7Pd=Fx1nJNM7~OzPd!awIrYH>ees
z^CVp0LuN8J4K>=R(BcV?vF8r$(`I@~flb}BT(aznRNr(d>T2ssC!bl4^;gT~MJh8h
zco)n?EQ1XzNzfOlJ9;TSuzT9C#!s2W$hUYGQ<8=E|BvP20!XBDk!(DkON<gvGya*k
zyV;Pl(ba1LDK?5?d<2Q)@_=42Be*U05$BUhUEuy=4BRwB92^MM5olfOOWoM1cO&_R
z1sZarBPwsD56Ndf2Z3lxWQ@d{MRJpz5V}tO0|wxx#p%zikBh5&ByxsXil#=FrLfD@
zPix>t7^a9V%rd+#1p=9hTRaRbj*PBgy+)x=68H(4kZL8D%H8_6&#Va>B(%Lp*bIVl
ze0kICV?|@=R7Z2VoU;z|2Uv4?y>&vB{W*$W*2_0%hpvCdeXDX97tOcI`p}~r9FiOm
zmPm~dL}hjF;>QT@PD%+a?(POH$KQ?dF>vwY`mfWYYorm`QyNbTxkWrc!d^~BBf*`;
z-(-wn5OA)s5EcyR$Df;)_;1RG+EN8*l;)45i!XAtpODiUKZ;$15qo)fld-L(73PSX
zJk!&*Nv)|+kas&4G2o`|kRckH$0<d?y91<FQuex7EEV~B2G*$N=21i!zeWQw=ph3G
zwr==*{)cMhf2-A>(_*qNhi>tp)Uy>;ZcHB`C6hJfB3W2ZPF<sUB?e2nhi4eU*^hk}
zl(4yv&H`U%_G&;Rj59=nThaMFL(6ys5O`%XDzT&wkfWggJLR+}b<7EAk+I;vNki*{
ziK#8f8ZMy{D`qQ|imFDn19E(-c{)5WV^=oWG1F1Bx`J39ypbhMDl5qtsNY80Vr5w|
zt%KG!myO;40x{dj%dN;su9UmeYJ%bvroBP~44*(xA-dF@#qj>Mf+t-PJlVe?(-G;g
z=SEwPGs_!~N_Ig>UDqdP7nJK0)z#eDZ`8Rh;$g8a%2_BU>UFY(WzC}&)j!8J;zpd1
zu)jt5fPXaz%Q<p={Z6S@njamqzz45moK!(*{eLe6MS@S7P+$R;`EmxS+j*&Ju<0_{
zcyyR-xHe9oFK(Q^Q-abPXUz1&Q?2%-s|e_Le_BBRNAeKa!(!DIJ;m$d*h@uKVzc5>
z@^HlE%fm+?LItN=o*HgFzz^7Ij%H#-mLv>}NrIqLGA}37b|~6k!6(}_bQZckQME`J
zuAZ+|ovr6|F*$cL1_HlWUaGV}eX!iFA94APAj{ese()>ZpN?ey$wA-6^`p@Gi1nPq
z(NQ?s?~ezID^QEnXGn?wo2Zsrv%-@+V<W$!$%{x=hnG*tSKR8|^nx^`v102EAo-m<
zOu9a%*BdTn{?BM|_3&-N0&YauD+yO#%=xjj_Nra35q7!$7=50*<3)4&?yx$ichd{#
z<7x5~9h4*yIu;o@fSwoguc1yC>TM|+AUuEO0TTajw-K}N^XdN~>VV}kd=K7h!mBc!
zKEYWYP1pk0H9xknZ|&y8<2v)<)LQlUJ`Tw+?ghV|myp{;YqCdsr;bDgG-dOaY#N6%
z)+qztwV9RF@zi=Zr|n*@(xLoDi_iQpPcC`a;rz5ByqB3TQ!B+kLShN!o3IIEBQLVo
zEIq?GO22}m%qJj4>}Vs}t@{n0P)x^l!C0@6j&F8E$XLcI$!3EJqR^-HJ*bLkkLv;F
zlCAlTpi?b=CG%KvbGQU^TExk~|MLteh@aPOyeA-|e}>Y6Gt)BE%K=>6uPhVndX~m7
zHAK;WqGfH!M@-(fV!@)8ExX%Su1z(2Ia(R?Ycfg|!v-aqwDE0n@GbKm{DI8v3>w1C
zqWvS5Ti{j3X#hz$7!P}uj-&lf`&rR|M@250u@5tIzp`Mzioynn2Ejk|u92RabtlH+
zdFPR=s#EL1YKdtq^9`fXhVnPlyp%2StO)dVI6R(KZh@rGWbV?#BYY9^v;D~dxAc8P
zM}3=UVx^~!h@Pt1>>Jqd!Os?$cq5Oskau>6^dS(<8!tB~#DATjwdGnlU`o-O%r8QH
zBX@uXuBPjQZ`uNhl}RM_;4^*KO>!HpTzm?L>Igy`kL({wtAd<R>=ItpRc#8P1$9kh
z?v3Oed^q@Lx{tzusuld3tw&+nYyA_-9q1T&u`#cMgnh_;VG*bC?s3zA0COZONVA4T
zvcHR7qYZwmx@!&Yb<Gi8ElS%VtoRL+#s8fJ;vBEpgP|Hf3tP+6!tw-B($+=kA|XW{
zxj!3JOCF$tg&WF1G-qy#6M^3!V&=;`5ijftN}Ho*SF_A<E#_>59}KoaT4%(I&x0V{
zL9oI$ru!sA<PXI58suGr;{Msl)+o13DeT@v`$I%iTGSz3C!xC&8uhS-1wbKXNu{MJ
zQO?+wvd*GER?D;;qn!0j)n%mo&sEh$Aa7<O^CI$X)!9tDwu&@{AU=Y@l9$wil0*Cy
z@5Fw2G#+#&aO9Y<kwZpE4(N~mdt4M6#u*)wxlIWyDZ8D$BH}Bs-Nkd@`xIxDa+B6A
zH;l(V5R>=MlFGb6h@~7A0PN)&;3#!Q()M`?Xr&YS61`buJS&!@D9Mi>O|Bl2rO0~T
zYKmAM;$a${K;U>_aSB3P^~5Zk4+LuOH%zhAk<u-aM(ZV~{oXv@?(-W{Q`%~H?$)**
zB&q1%_j0vKCGK76*tbw5=wc}$y@5?z@EoZAMSDp9fSnBjmi=<T^baG}H?c|YTT~R8
z`O9pdTE97OI)gt5`ef~&k+9TM-m&Zq?V%-W5MOp9loUx%(v(j-*wrsMp|DIJ+=!64
zo>(`r+&QX{FskEsud|Dul>dk>r;Q5k=b#UpCEf)Og)NlZHRs%}S-8tcHJHip>e-r^
z<)+z3`yT238FGE4PfmQt17!Ta+WV84s)C~PmlbAP$R?40A+t$jF|CPfSg6c~^wml|
zqlr83A&6o&zb&0qITt7E48+lc)-Sd9${w^9jeCcR)Bm>r1Mb`78&M+R2(~tNtwkiB
z+oPgyp!K}1AGHie)lo~6<caUmpR##D7(|43$s6KVEI)bHC&#D*jev`=cb;Xet$0wS
z4|TO(tK+16xQNYWgNezDIK%2OE^4fR^KVV}IW^gb=gB`(JyY$eBD?FIz99cL^jXGK
zm<SY&gZoFLP?_nh-UP!3>I=jUa<G?sYJ{{BFQ}N?K|Z{Qw)^C;JiG}S&?yg(x|665
zWMEq0>gv4VG|gm5*97g5DRLR_YErj1pT>S)wsorCs&54pco3DziHv|&EdULf&4C+S
zD-t+5q5eQz|0fh7?n)-Lo+bsU$bU5}oH^j~99==25UsZ*9APLK9q2M3QdWCJNZM|>
za|*dVwvT{onMhA5^-wwL_6!j9_r=}C^xl$`@n>=Abl3ZQb$eO28!j!xt`Av@=`Cn;
zl5wwAv>Mb{MzZ*^5qwAV)JiBSpz8*Vu8aQXwA`c^n5G1Z49KY&{zI|Mqdz!64Vi2u
zB3ZwKI4+;eU2uF9N+7<b%o;)ly-N_|fRr!gaapF{waciw*_>wOLbq!*&Ss&+y#9Bc
z^fzz$lEFxz<iLmZa^RCDIq<)DJ5(-+(b7W!|1E@84yS+5zbarO?rOxEW8EIFvvSk(
z)3+4TAg$YrKPZ(L;qjn~FBAx96$eLqZDD3bxQ+J7UZ^f;&b<UbJ|)tq9ejw_Qk$Ss
z*BGH*;U-C=i?M0LG>Tr5$H!o!7s(t+Vez3Iy_>r@zb{kFdh7jS4ZU>NQNtiTCTSX8
zgj4XcP!&E$+hsK@#m0dX^|)zQ=V~A*{VYG-EoPBI#q6pNi1wj3@+RykcgtwAEPiGf
zYP#`GIW1`@Wt&<B85ghED!|DD9$sxhOBgeXX{bpc!0VOXtxNyb$v?b`1KP%`^Pw`R
z9EvUL$lwmv(gYukuW&MZfqZWo$MT#j8P8G&o+PNzi=2)<aZKn7tco*5Eov#{Vbm$z
zZ3OvNh$V^vBc;_kcK*(*IKO4;PQwA-gnT{d_pdN?&C#iJgL;QFJK;s6WTon#qBopu
zmMQhfNmc?PYmOgM_3J#_J0^|%sFBbDfvTGl%$~F1wqXcwAIeq$k=}Lu^kaw3DOizr
z@u(LB2r*hDI5U@y<rv}xPS{y`e!E?wuh8zSWvj?lMxd<>Y7sSI#PV8aN^@@7T2{oN
z{p7K@qy!3RYf6h=xPw-<QLE8-r&WWY|7CMZpDi)9Dh4_JMmqFVS60hPZAI-=68d8m
zX^eaVjNq2ysa=6s0N}_L))<yl#2R0z%CFE`@0fjkT5)x*Q@^Mt^tO7YZ2Q?0-=#Y<
zS9)~?t~baWOyo&IUL&NASdq=FYY3x-2w8p*tq7;+7=fu}BPWCxC*t+Vb??UxbI&zI
zckBdeGx7xiewdyzLP1386VASHKj{yqMxs6zDws9&0ceB{zmiTLnhZH0RJ3B86D!u(
z11q5Pu5Bp2D{e^yudndLmfzLDS63@T6{K1M6>D2?aY3;xwj1q|!7l0yqvI|b?IH<t
zU>@C!%YBAIkD*U!QcGMhjuWc%>ehJWt2JSlrgs<~M!}k`1_O`u(VU<0NYo#&g&5|2
zU;Ug^EV(X@UATE=&ApDW2|bkKYJKk4$^Er)?C|B!a&xs-8IZoyS`)AhMA<Uf&0JP!
zhS8c+W|Z&pvt!COw-`^+{y9QDW^Z;NryLcWFtIEwK@G=8cA_`JfBpSqkEqzi0jqNa
z=talp1kMvAYCXnHjt~Y!fS;i%DKVMu!p&)Io8TBBFHVV7&be(~5zIGNq>`O?HYzxl
zV17D%F-Sev3{P=0S%iT22aMabMvKA1<jScrz!k-P><v62?&5Kuq|<WuHN#P?kFQiK
zpjROrm%Gcx)<all*p+Q`!nr-uew>d5`9!E*Z3&w_fPIWmt=V}CzcIUI{hCW0@(Qv;
zxARnK2Zk2yKx+pzS4L)Si4m#Y@&q$JQfRVZmrZSc|MS}X7V}D<sxa;M%t_dv%fk-O
z`Z#XKLz-6%v+9n0r!DOJ#BbSe-mc%ipg~2lc#iIm&)8puJa4&K?QE}aWEiXTY>JMD
zPdG1JEyTqX<3@;&XDkK0E)~F8f#hV)UV@Dc6>3nwEQI;R^J(`o2`$E5E{T3=xofFK
zD3)MBFB0PFDl7|%9cED#mcclEPR_8(-a;E*p`ePKQ@p_fPjwm#RSJSLs}he@p%<xG
z;WqP^6Z5+y+0Ue2#XSV$7Nkon6yU?~6e>fyXz%o}?F0EEqlyoZ62;rvKwe|!1EDv}
zPMoH29&&m``UBTEbm=@Y{I7A`Qr<mX-MX_-zMRbC*Bh}7lhf`f&U^-l5apT7NrCBE
z)Zy#iBW%^OFuq9M%Ig&g(^~o50GF+4>6Np{4mWx}Jc+DPUoDXG2nwPW$B!u*Yf}eb
zM8D!ALgd1<3}SO#?Sss^3LZeSeU%+y>Eqs8P+B#;xfK0Jx=KAkve>0p=!MB<gXx<_
zTjqjB%`}i7<2skV48O^;g?%;QQ!M{}%b!iMh+WNo{&ZCvGYHX7tUgee`i!)wr)oMl
zf5wN1uM|Iy*P+817F8F=LQT-Qdf?5lkc76u-;hd&zQ%Fs+jybF$$n4$07sP;_z)TN
zB^w1_t(SX=?VyK0s{V+XyJgB?homQbMWA`oC*=RZjFw^bm*%y#l1cC$*yPE*nx#K-
zhWliBYGrlx0p13s32r7D+L}6j*iO-}@#65t`p_ywV&fubX*!Dz93AFwyYRVe*x?=@
z>gR`&jA<JZbbYDT4N+A{-8smIuz5C3Y3yfy_+IY@qfQ*kw^8#+-z$DyzWoRnD&g=}
zYGxDfUh(C{^6+#*=uTa!PzRZuHOdifgP>wOy*s7{ekUZhT)|&B-o=k^dGU#&2Q|Sm
zZyAMm4%5RifeO05-uJlPw`rAOt8@ZU0X|=v6WcM5W~_%+H?_&bl%{B7cF-!!y{zs}
z4Zbc0L+XpGyh)=2RY_OuA_@3`n*=-}MQET%4Q$VY-~vCj#ZSO|f%F_7!)J^*CATnR
zr^?`_Hl{EA4GU!`Yt2>)%+vHCqNH<uiNJcQu<?Y~Zb%jiS(iWHdJPuQ1}c0S$!QZ2
z)cUHY`1-w<8%VOBc%#kXbM21bmWLNQpy9S+TiB_n9_e(z&|`I~36QJFHv=o!^i`Dx
zunybZ&8C*Hi-rScF~|GU76mpS4N-}K!+y@8Hj5e3<*3bf0tma>S6YvDqbDqSFExP6
zQ2GcCIUbTXD537<>*ObEoVda_uTH<{pkdFX(s&N>=ST&F(rkGMp9zRaozUe=B%UL*
zu6dsjU`3TI2V5Kq)ugBw1}x|TW&(ZrQ90s8F*}!a_E+)1c(^)gMrvA*)ni+}C8wj5
zb^h0fIL#Tkq$MI_3yuC7E4fBWrT4Hr!xN`&n7J2Ly)fr_+O^9tNHTl%&R|z0U-(_U
zfl8!5Dm~#VLK|w>b)(+ZchGWaTeqG9VTsatpTt;fLToJ<+k|V%X|>g&Zf!uj4<WMF
z9DMl+JzT&b7ishwhMkPx@qCOrtk#{AZzKg9<g(hw(>RsJG=j#|IG&ygbfjp=gbH>s
zrMX%FhrmOUkaQ*i;u$GtP(X0Xn67LM)e;)s<96y4i6N49WDuUj>ThN;){JRNeIYJh
z9RHROUSs+R+Z?liO!&{|)Aoi;9KIj!qo*a_%ju)~Tku@!9bIh9;9cg*a6gYpY&W)o
z1`3s=-(8@E?)<o(a!GY1D=MwK+!9;sYjO9h-5dAmGAR?Y)K~S`sjnU!S||N!ifyPY
z!))ie>cjCSl1D+l$b?_8sTPi|-|nK_)A1R8s($PXhs)|Mr!yAsmQYz2O?(VHsVWJf
z3ytzsUg|%IRSB%K?Gkl5;UDKUOZSOAmMDn9F_(B2Zs3I&NY<)QEPR#ER~UL;Pkh6U
z`$jdTn{uw0ByhJ6w{Zr~&1oJyC&`N{oL$Jnd8`<2HaKV>eyPf@GOkzrwmMnrvYxOU
zWfgK`i$+`?KgnWIsNvH}S&3#G$4#m-2iPp-?ze%$-Q6cCRSbfvL3^sP#-a@ckaN8&
zs8fPv_&n#m8pL>>j2@-?$n?v~Jso(s^*X`kaRAZrd3^{h(WISrg0&~tgR|x3Qd}?|
z9E3u?kxsUHrK2~LX0y5-+&-U`)M~a$#8o&qUQe$OsSb4eYA(8M0%w(2ui79{QHh31
z)oS31sZ?mL*2ZWB$2q|#t9J!n|3$wUeH~-Oeka!P>mjm^Z9doID0b4!$@z!GjzWj?
zMEb*<b#G_UVH>A-THZvv_+!LmjjB*23I#=0Fncw7s{363C`@<2+8k0)*0p!|9xIGy
zh6S#vfgypYC0yK;2^Tj^xVRBEo`qP4G30@`u>ZxZ*qk}V&8f<QH9gsG%tJfDCuufl
zox{K2!%T}T`@5|-$S{z7X|;O|sla@boTp!Dq)83!UM3wsH@eWj({J4_GtwwfYe6gx
zrz)!~<hc?$W|&hHI7I`gC4kt7T=Vi0fDF8JoW5iq-ZqM<oLv|51manhY<Icz8HyO0
z)Xx-Rux8>0bqt~aP%brw(~$%)nmA@I@VOj+)7iSVE@AG7EJ-#pAWa>6zlUTcD5-Yw
z-;_+{&||moXS6|uMM&JS@PCP}R_Xn6m((<C3=;s)$Jh7^lCryaHR<8&*sC>5H@?TM
z)kt@Y%gecN)W*-N6&|-=5TRqH>`Fr;thzGvNn0xoQ|e2p({=JIS}!trt+vR`IOzU{
za#N7;NUz<v;86O8;VgbIIn$zyMAa?yJ%?f=JIzP(4Qc}FJEMQZbzX17zW6kF;r31%
z#BtoFef#mIh1kz-sp~v+@nNJP@lv(b)H}jURc@4Wnup46%`*Zf|Gz#!Xq(Z3FnJJV
zO@V47VxZYhGS=e2@u->W^_phZLY=v|J+a;9@H{1ggoj9H$QR%?V2|~9uz_ZZNXo*N
zQCWObkECoAWqQ6ns+8-)tS9PXY~CVu7oCNErnS^CRs$Vpz(WXLUmvdgj<^jU7)Jt+
z7Lykx1Tf$MJ0lT9Uucx>rQqP_cY%Y6Vp-_#$S?Yk@r5{)DoLV*%}ucZ!rqqW=_a7=
zxqC;<pw8ncu41hT`eY@OlhyGhaH#Zkb*BHbe%jc|Iql;AIYm&Vv-zXdYU|3~YKx`-
zRFUHLQB5`$rJT-xt9Oq4W^|7HS~BfkZ;*C=XeHPAA4xmU8<976&zuB^TB&&bx4MX0
zF}p5UWl!7sRauILhP;z>Qrq!?ZYj}IWEjQ;1|njcJ{`hWv4eZN3!}|tXYT$kkh~)9
zPD>0}8il8WRobCAU>VK#@eVtOkm5l3{DTBIgP*yyA|K@q957d<Pq^c27d4cUzOJ9O
z@Jvm+0zWe%2QW&*3mseJ?|#Ox*|5E=qAHg`-1A|k*|P~sp0_v$7W$T~Pn(Fe;xRX$
zRx)!WNvlb9jdySNfs#1Ryo|}1=LNg<R957T=DiX=RPNgvI^K2tf-1fTk1b?UpLWqN
zNMUe1i_iYw6j!%x`=ncId~8t2=fr7_Vv5sM+w94Ox$P0j;dfXCn_9Aaf03}!%eQ!U
zIz}l2y>Cv3tlBmKw+99*3WePEWfE$%t1zQ?N3tOcsf+%gEX&qEhY-!2hW?dFJ=Zr~
z!Jv7g1ZTBTY>NhlitE;_f$nu-XP;8I^(idLy%snbqc9j%8%}LGPj(tg=sbOz=}9OV
zG}y6h|9zFXaYJ43`2F^ezpBXY<v^mSdzwnb)+qP&qQpSkbC%jhik`ehKJiwKk8@gb
zIlpq(cBC)$d(e#ID7J)cC4h=DD|CQ44$Jm83!0$)ygT+i|C4QST99O<>(H0@SF|4V
z)G%_>NSA59IktqHd&ePDsQtKKH!ALNTAnpWQD98gSzBvxJiIAmc!8Ri(}(#~e8s%s
zcfl84-01U(n12ya0L*ViFj6i0U=@7NwKH5s;AU=dkef?CLG*ki;Le-a?Jc)|z<P0z
zo*=?f?mKhKsoSZv3ktB*50%cU;e6OADaC+egAO{$w_GR;Wmjn^4MY{|hJEHsY7KQ-
z$^{g`P_^5O6>{#J97>WP91z2GLaPu%i0nT8|2>(So=kO|`@{Imhm%c`W;$&1<0ds8
z4-Z)hugvZiC}WD&?T~kgd2~FZyf>+Q=8N9uQ$x81`=90-tYBA=W>NVJJNvT3w-1jk
zbyfv&Nkk-Us?goIrV`yEJg4v95PfBKr~P<>K=HdcJq{=Q6~%;=_FT@rkg|WEuL%(o
zxPOeLyu_@)>tyGz-=WWYwOdn+l4^SyMyvwXC<!W<acI<alS;>yk-s<0HnTKg@cg?Z
zc{%OpETG*YS?vp><Y%AyQO^m!xU|E<#~{aQ-!SQ38P6s;1oCi5NZeg^Eq<kj>T<nC
zoHeFl=^hX24Loayxt`AbN&V{@h4|fjaXxBK$zey<OcL<pk5Lm{&mwv|%&te_(3-`g
z;5n?!dPlq?i9HA>8qWJYfs-@0pd&5N;J%aQ)>SIOYUUVZ2`xXHXgm$cP(i$`#-mSb
zz!!9d;7}yX*Eh0yZE*eOmP~~JWocDA@zDOd_xCH$$2qY~2#}B#;=@HF+NBg#ObIb7
zD;BXl{er4xYc6Vaz!;GEuq^Xw>`XyGe!(uR_5YCfrrV9%TAOgLsFz61KV34Ns63Qj
zOO<rz4;D?)Hp`T#7B!S}_1_)<jsQr?u9LI+J1Zxt@*s&Mu(5|{aD#nNfR-z#zu7*3
z>j-x5-u4A@gE4wm9Pz=PAZ6K54+DO&?*<HFYMa3{U}5yG01a7aNszLM8~jufP-_9e
zyr#V3%liZI3Opl5-<_wB=6-wTi2&EIGS%ij+!V44frus~&s=P?i7tED=u>+MwNZA<
z)V4*bKEO2hYs%{@=gRBsOPl09Mk<q4?b7~3c$QsK-Tu!SuVt`EMuSu@gXC``s<EmA
zuEcR??KDTxQb6Nh>||1?6%8}xfMk{>F^>iUxYH<pre0uzjfw!WzCxR#%g~_I)?x-g
z!K_xRNA(GWm>#)nGppw$(U7QP!VV!yiKdM+NKX_J7NL^<h@3crf*5TJ&HYB&g&p2t
z89BTqXvbVX$0r#}R(GeZQT^L?`FcF8AtZ4inyW2W_e;W}lI-fdhwm}$Bu`8P+@VwQ
z7Aom<ZQy!Hh-rJ2ZX0la<_Nr)h}%G~qW}rS8aWjyKE0dM^$x<yVF=IECoKh5Q1EU}
zk8H`Il~%akeOpe;Kn_N5z#U(TXpMY)NW}wrAhxU`NN|MXS>pt{gHXI2r1S+OmOqZ^
z;ZvByMW*mbD7^yDi<cu|V+;RXq6=5+Xs>-8-M_wBVl9gPyCaf56-+Ni@016za>Po1
zN)q~g%FgE35#^F;^jrFl@_eyA88DiXbpXPlY`SU_zh=fuy7^7l9pwmjSd$);*!4@d
z)#X_B$b!U($~X+EhpcH`%$mB2rL3%P5L_}g>xL<1Hig8I9u9tO;lIa;zs@KmH}HWI
zsSr*)@D5ZVybtWeXA1DTb4NL7x=LKMXiJD)F$r<QQ9~)0vigC_w6T+d1{wrz*WdOJ
z$Cxz~+t!lG7sh*lQb5pOV9j9JmB9_H-lc{FL8FU!zf)x#)=<jl`<JzqeojVWG!QB2
z(y$6{)?CuJF(HXaDEy&i9=9_2AAJH}%UR!~Y}P8Fs)$1QKGiR{Wz7aR>)0*$9dQYw
z#~I-UvBz+l!()Pv^|%ssr>0xIE3*cQX_R{Y7~H*n02QE2V|*(3_dH8P6!Yx3-@{Tv
zEnCSaUuLq(7o@UIpCkmHqkT&9dfE8xL(GAe<#tE1NhUCti3CwfGPqi=zxw-oe;YkR
zs?<a%l+crDsgH9&(%R;@@d~cRc6zAOr@{@%e-r|3My1*p)A&YkD{+rkg?C_^LYB2;
zWhS`X7mU~OMiVt<JTg|lU4%orxaBq^P`NNeb<jPl%8LvGCFsw%urzw{14W(HU6Qj(
zzHcLh|N1c<$OEKsP_qMFizmfvXcFu))YnxOwuUBmfu!Y-ek7Y@>prOM<S2CpHBlv-
zHu{I>WG{79>%O5w>|kLpL@9=}&XNW!;gKcM48bhvdJN0{5TtRE>CE&*>A|xE7(*>v
zm;j{2J%@zv&Z=eG-W$NAWm)w%zATQh{>|w7?g`@yowan#J+|YV)cWxgNP9zw|LfcW
z%yBr?=Y+i}_L*wnj|S|Pw^hzEbo>t^v$38P4RTP1>iX_~-zUf2JhQ9$wZM!Hhl|_4
ziGD(q4<U@Rp!S^qtK%J+l)*cypcT!^&z|Ezh6c$^i0zy#?$i{A&z{9P*uZ%sW!f6w
z&CuJQ;QVDHcAKoZ|DT<AQ(V%`%;W|95pAiQG!Cb)wZrKv{c!q@J>6#FZYJi}-ot8s
zGoM|p=HDKSz5cpe;E3zE_Vd4?j0<7rersN2oof98A_^JA$JpQhi6gid6q?-}{sVhX
zgD>HpMYle>h2xYPKMX}cCeK&S=vS%a5@&ZRmLj0&?GXtL5i#pntatc9o*O5_qz#M-
zXpW|-r!i9vujo=i8MyS|buZF1bm43kPw8{lXgGyvIO81-H<4v%3*JE*y!Q$3=HeDs
z(Z7o3Ogn=)Q=32=tua!sD{8N4C9}S7;b@Iw;^KUQfJ7md^BC<dLYQrv#s#fe7a5V5
z-NmHRMDiHeFQCt7H#IQNyfdbS1=HU&T3UNfFL!&B!>Zr^)J%TdXw4!`YEbbreF+a+
zLrGr1ts|O&pZA}rYTXjD&eE6eGJq`*ye<*(U>^8>2A`}$u+mm>8VwFJ`Rq%TeD<Y4
zKKmjV@kOpa{Id_s{}DK3+NOsrZTB9R4??XS)mu`}DXVBUs2RlSK8PpcAMcAl-H8x;
z<j04XH2rg~on9K0s*P*)PorshH&cS%DnXL!w{86Hl{G_5ucc?oavK3zvT*)QuA_8^
zON~msC*+(A=zwkF&YGN&bRzTvj2n97XD%HuD$ncXNwb#?%hw;$zrX@ew)xRj*vVFt
zxiVF`yVqRXtvZ#%f=6OOv7l>z0>#N04%~#rSEy83z8;?;uHad?Ph#vWq|6%`1&2Ls
zq^3fHhh&2WZ-&yGEFUt@m0DXz9bl*T{qQ{D1yqfGt&^)Brc{((eIT>yuFUVw7v~dg
z=5g-d@hQ5cpRTp*jHnw%M=JwoJrp8cEWHLX(t5tdw>{^|ES@OwJNdCRtJ7qMD(UK2
zb#~TTK|q-^SnR{o3Sw%?jaO=^k4Wz&aeDOYy98Ix18hnR_Kusrr-yKZW0&B~!!J+P
zlCL$7mxm$!aefy&9{!*HN4&dS<{j>Dbc$lU0QI)jW?oUDFCgCl4XsJM;G_X!4KhqZ
z$b#bN$sQ1URTWmOZ>CuznF997W+0iXV>$+P%z_RnWY>fvA-(PF?dZWPkq%iY`8$Fn
zL8^mFAPgc^U*wXCYcsd_LQF4`^0Mlu31*M41Gi@{6>$XDGa`kPhTMf(C7Kw<Um&gI
z;zs8GO*9M*|2gv}xQ9)h`Ha;Ao*u|r8GDRs(mIz@)7p@o9T$<x-?jlghWX>osg2;B
z_mz{E(*pJqx+O%x{D;&NTA~~CF^2t2@ZF5&;tgp#Xi<>F-O!UO@agpQk0!eYoyXB5
zZ<-EH3sdyMC8X_VRX~RAc(q>Vyc@a4H~vpns)vug!P4h~@s*nUc0asEEtOd%On-Ck
zmOYkrR^C5m!r1z4$Hf<?NuKw7xw^{-Fo{1*6QG=>uSiUF)zO;p)sLd^mF`fakzn*w
z-__D(Om3fSoIc%ybi$&iB(aM5#&xuZtwuRM#*?&_Jy>(kzujoT22r+JCA6rx#>*f<
z(+QM~cp-6t>!z(}9N&$6^4jwl@Qv0q@az6lbaJ4;5NRag;v^`9mc5yuPglEfUTWA_
z3Gfz~dZ0FrogQOE1>IbZ8n@MQ3u@^#+S$YqYECS=kESdy;Z~gJDRbU9%DxK)dGZ#)
zLGm{zl*Ml-#@*Krjkc0-@d*cn+*J|x$te^hw@La;m@DHk#|?OzD4*~g`?hirGY99I
zC%%4z2P{9%JpW-2`>uR7m+&3uhfnpdGB-9YeFHQzT+rOCo19a<kSPpm>r17J<$G?m
z!lv&JaKD{V_QjdR2x0L96;FBkpP~{3(#vO1<y_g*33ps!0TkPqQ~a--ubCNGKbl*8
z!-^Sh-3GTdY74x{3zqhZu?r!s5MML{w>Azx>K)~Tr&Q2iw+51pk&(DuI=>7#)|ot&
z>!eg>Q`$KB97E=i@z1-o?H^#V>32e@k?)xr`PbaYM@{vT*ejKkIv{U0{?v%P_jXAt
z^B~GC{r$^7g4}S~!fx}F%6#)Vfa}+Cii{=!<9V9(b+92MtF|`wphjT<cf2I_9@a4w
za?mbzz4BiOb0%NDZXdEy&ZRR%5K<LXtFT+1w~}fh?cnjr=eIT6No?%ru!ovGX=xyA
zyRaG$DBHaaAHs0W`b_w=8<r(D<_&%mG<Vjlz--1mEzFo_*^HUIYP5&`B=?9^C}_vc
z=6MvW4BUE@e?}`BjWBc{p|I%Qr{Xm;s#1y1shUPK22gh*U2MyXLw-tp39a`G9+rz%
zQx(HD!%od$orq`1o5Y%2WikaCNTh{gx0J;m&l-}8iUFO5gfn;kc-0?^+W_KDElu$K
zAWru~v6#&kp6gOdlj#yfm_p+lGN{!n{Aj;N<clbX4)MGEB`lh<U&&Pdo>Yc`H^Tb{
zU;ic@vf5M{LvGEw^q(>P`$IOdofRwUY|Hu*&Iojs*HZA6Q%`K&fha(^b23;R#j9XP
zIn;beEI?Qf=(Bzn>1(v1MJVJritvd%U10LCzz`+x3Vc6G&(!Y{4em9qCB;m~d?~I^
zGb@Vu9mih&LhQe!UccgBEJdD_ma`eSDk+Up)b+L~mLFBc@~5!tcqR;)ZBHz2uaE51
zy^i4y?Xk9$i1KLNy6NK#=`uKMk)U1&fGQo)F7{v~mX^JKkY6A+;f7a*Y35ZQNLj3B
zTK5{BGOENhN3yp-e%dt5{<{SM>(Hn_I>w_9VQ@P3=rE((B>NKbg%#agp@*Nd-N9H(
zmYWuM;wU@t0<R3Qgmy<Er05@O9S#N=PKCGpuuSkh<dieSnli!bo_|B~vR!D6>x&+S
z(}!eRX3LLe{`PwsW}!B128WDG5?;R{7h@Nj^E!AbI_I!jN6UlT<*1>HJe2m_swy*v
z#VWF`4wGujys88b1=)tEm*=1q(u(F(1-YkSccdv52Rv9OnWm`lpK&k(OAXc9a?`8}
z<<q3lI*a>SI%#rBGA&ccE<v$B?_mq@1E`G)8ofm98h=v~vY_yy?G#$5qwYv+7A5H9
zkdLpz@6uA#TBxiyvU>`VP&c#D`X_qLHY`?umqvRSt?sJaNjmvlaw~2VM^GN}OT@hx
zgt$WunF+MCtH#`(@}?;jWLXm)?hq`M!~1mzIpW^nq}j0kt0plYmQx>~^OCY%s=bia
zbg>;^)zHALi6yAjt@UWY<1;s7pcylsL7CA|(O})p4Ax;CRQ60{Nu=SFWUXsLiNY%d
zo1KUWD@vQTkUQ$Ct-2B^=3t~`SiH<BB4uXSF)`;u+G$gdn;O`_U>uYqt*GTNNsX9@
zO0?Yh+c~!|%FrrPNv;#~HVNLfvJ|k8$vVsBcEO9F`MFfVgIgoxc?&%YDKjEJ4k8bV
z-YRuSWZgN5jUQQ7Jf&5b%@4dy0C&%4O9mZ%UAt6FdwaS{-oh>7&|sy62Tai5YQ;7@
z<B&Qf9DwbNQAh*wJhW@$v@jcV`mA{k%Z&BH^-ZKphgB)LNlKd&(}pqWtB<(*{};UG
z>^;CfSgbcLt?`tm*iFi^$1m@+7&=YuD~dc9nrc<`crXlg>jG(mFYd!ig`mB$J^aBh
ztT3kfm+f6%kWH;mEIJmCGuJT6t!>O{i1+!B*+R8DxCh_2GkCx;O6lQ4C#|dQkK7Wd
z`n%U%n<xc!&*?c0{OxnLoK3^m*1lq{GvD4vaU8*smTcE4RuT`%xi&x^NZ@il-(gE5
zN!YcOPNaG!@dT@-wKkq+n5;QBJ146|sxa?oQXgRcSThqiVUk)Hg{Dw$$@wZmfDlDD
zeDt?(uIGJ^Pfa*O*}JNNPwPT&xjpkOF%PfPxD&y!K3o{c4mU&Oif%^fVI3uQKMr^x
z6I>)W^SgS|zG*6P{iSzq7@x?b;@;okWDEiT0xQ_QmAX;<1xg^zqvuwdZ;h#bm8W0G
zF7rNyqnpCjYzi(j*ZL++Agz1k+8CRvXUe!bq0qA13Zn{B@*yYCW&!NF#WJR4v&Hvz
zh?ucWxhU_k<g!ypok-0n?AtuxC+z}$Uop(FAV4`BNc>Ywa^fWUb;?Npt}N2>Ubd4e
zOHN~=Dvc^dYe#p846>=Se#+=5DULP?Il+HKlxqSx-Me93LEecc%BiYX@adek%BYSW
zkD0$Ss`7V66}bk!%dD;LZ&Mt26q>nn0sm0Z2O&z}dQl~#;N*=4C@CdYB&tX{b<{G^
zD%BC}yz~@ErVJAa{NOKpKjy*!&#@=!x-D)WD#IJ(oWeg(MI+Uk{L3O-&>9fJ->UJA
z8J7FYEv-so+_zO@E7w5;2mKZ$04hE#H5%J9yT<lhOJlxiVFKy>Bv18KF@m@w(%T70
zl_m(qk?fe5(%+EOwUuJ%Ok2@PVl5AA_)yqGPEpUeJ*Rpq)s9u3Nx2uFEHtbuvsFv7
zt`KEbV#uw%1@oZcu{yHsB|+uK%481L&y{N7cv?~BLD{((3Q_!fHl=yO-59;3#}t8z
z8G;#AzqnaV=fXr>%YG1wYNQlF9q|au0*BA`9-<VHC`(x8sYJDQWiSXm?ePb#Li&&?
z(?%Bs8=5x#l=5BH0Mfg+RcgcSe#uf`wqgjV)S1pF+IHB)06(x6GV$yg05^!4_`v7Z
zs+#wm8bMqg&JgMj;l|q9DSnb>zll<*|6m~DoF!DSDzIz4n-hf&L{#>v9j?SUIJC0{
zTvVZw8y6N<oSYFag_p|*17~|tfUAOSsU+LI)b%A1oCO4p0R@L*|4_m>K6?OcP4%4q
zUtt{IBG{5XPuBtP*qk@~j?7?FZ9Y*HG56{qQ<plCY{WQarzgo=5&6Zr1ZgFb@WFpE
z^lOcl4UfOhvccF&Dq~ao5bc9KSwKFbDIyj+kOCiGueR$&vb)10(j<GYYk`f4tslO5
zahCrq;jimxU+Q)JCP;P>zD!M&^tgpQ?W`UARO7qqE_FjNJKs3@Ln6JJ<lf3YUw0|v
z(K^B3@>qJ%n)W^ZFt$N8WW`=aR(w|Q56kSh>YZvK<6c-+XH)h@Do{XFpygCNV5?^#
z|N3i!NF{sK#FQMes7+bNS<2czxDb@zo$N#UfXJ17*(YZaJ&SFKXbFG+ZeExbmfiFr
z*+lRMsPS+1PzpgR`<_W9l`9$ai_S_)*m<!;00a`CqODRKZI!a%@;rMrexa2qO{nC7
z?u44`svGj<ol@XTVocK;`5<kso#T}|tkNJGvUTlEIFnoy{n@LW_#YKGY(I_fMA^<V
zJ?TC+|B9d6b#@V~#&ZO#Et_Wvi1ow6aTntcb<pbYmUjYwW5U7|Oopq;@i}EVKC0{<
zm)C+t_LhH(Ox57S`Vx!V^T!1y%0z*R7aX3R7E9Gmp!|zaBPH;Vs|Mzs=PymNja6`E
zWfJA!0q4hO|2;)7D!8>4RvAfi{PhY;g4}h2E=E8XU7x@7z8MsME8XZC+*M=Egy^;?
zK(|HK&94QGg<f?edzxcBF?I~{c!c9+i;F`ok(SDf7Uc@p{Zu@nJ{9%$ztBCby;OH5
z#cdcwW{qHll}}}?M3v4~l2Y4Ul9IF-g!iZIvvE-yGs*Ehy@3mk^W(Z1^c|<(p^|^q
zYfWru)byd%JkPX8jES4FbxN!4X^jq}oa`)9(m{~^sLw=%$pClGY`4qscJvF_e0^ze
zZ92te_IKZX{Dq{jMwf?vuNn|qD%>|6_@BjUq`aWOXLRuIHY%gjXE3hdd>DV=D<9Zu
zkF-3tzfe~Pes!^&3nX@61j!sp^-^(iDHfp|adbGyR>SDaJMxLSpzdL>;!Gx^$XnsP
zx{i@wCwR2~8ymt51Dt5WveYM~HQ^89Eq{UhG;@3_2(3j>%Z2nl@B*ZtbvQCTCfuF`
zD(FWc?~t^0rK4O$@NmWH4;F%Ai?5$z%B7W2Y(jy%)KZlP0QTFEsQs6}N72F#r)d;r
zz;Fm8JAbW>MkBGr?|H?t^}IMka>a0)ONOsl0J7TABv(7?vJnPYT;O7t;2olYF~eJz
zDys}eSrTR9<UvWCys4(>J2j(^%G9(^uqlOk&{q^iRz4EapILragg=9j(g2IntroF`
z(j)xmSt&HFKH?Q-Z!+3Q&W?kB$Qqeup0oOh)Y!nss_o}Y%sAqYh<UtUEFofNW@Agg
zcyrQf%UP~P)MHRMuj2tC6@$F4Q|cBWxb?A=WG`;7(<Pj^@PCLYBlyF}%*-!BG#q!f
z4-n~vnQNHgVB4an9MrXe|CbkfK29+dJ()U5A-QcHFZ3lVQ+4<6!-K!hj4P|R&?JY|
zlO#)=`iYdyM)mWwO3z}%URdtnF=0^4D!GF+WcC^cZzS_2#WFQI=dGdIqc8Bf-*+bH
zxsgvYC1uX<X}C78{Sh|A%Gx52QsnCDDcK+XNRl^ifg(*olsTbXDrA^JW8hr4)Z%Tx
zjZtyNp0EGjra`)J51R_KYQoSevO>1utENZDnfA}ILdR9FRIM+RggL0CS753a=AfC#
z&JCLLaNo6YC-!HLGx%BTh{4xH4C#h;)wtzVsiK~Abg7SADP?k}`rj&UKJ)p;Nq4S0
z(+UUr*<N^VuQIV_<$$`V5uO@Ok1{{=xuKbr%TCNZ!@^5l;pmX~;)rLL<YXK3`gyuQ
z`hCiCk8KpL>u#Nzrfk2&$tt#GIWNDYHLK%!t;GK(a(4Rx49%>u9AUDsLACD!R&Xo)
zpEIThiz%FhF)(@->00z1++H1_x`r|T69eZvSH|*ImdzkI^!-0&5n#vGv^Oo|4k<~e
zr;CKM-q+8=C3c6~6q-r4ri+rlYj!6YGFG@^(B%KD88j`mJ{H_=Z4v@8*g$FC#galu
z>-Tqj8sGO_8m$ZN1hswW!(|Q&L6kL=mQneTwgIs?RzTGqld`8w*~HJzW83L6+^!*K
zOI~X5_qq-TJO};UTYC!4Tpe9Xf|nRU0F^=xs5u6ytIu~!E?vk=%;-pJ(bUylt<Ao+
z5<D^_+lkNS<2>U-bKghmU@cQ>uct)_>iTdZECmY8VaJBv6bF;X?aR^MuMv#u?+>(w
z8{xjS%TwC0h4$`1sHBvkq$Zdzp?vct%rCSgkwHhkEH}>>%u5Z5-{n6_WTG2)^^#p%
zN&E*G=+xR!mmJ7Wii=`KtZ+(aTMH(nicH0aYsi@SO{VE<a^Cpc_uyhzv2nqIvGqJ-
zSWx1=ntWucVSZ=^CqLJNrMnM8`N&eq=Hb9y!cfAIOatIDsK1(gD8(ez9xw6Hhcjg^
z$C-u@X`0BZYfQ0CnDAC3a+7nbqmG?$7AM$L>;`6S+k%NMZ^2xo<~{zC-$32!d|)n>
zkswCh29H+`7NP$^b)>1x!K&&=Q}NBDHdtkQPG!@d3GPxG%g8V>YdYE_KOsST!i>{f
zAiW80k+yo(>3?M-qt@1?CURk`xq|ClkqRpA=a+D=y0P;O9dE^F%68<A6Y(!&^;Hza
zJjn<0xJ)HkNE5hlJWt&FB5?F-?c=Q;Jm6Sru{hyS7!sUAoRU^Eo{-VnnBZJ)|J+J`
z+gu=g$qEFV3AI5lRo{*CBNT1ky=S|F@y%+@X4??b%oA$Cu@{czNX)%VC9@D~<|m%^
zeMzvZv;KQFU+O1?h5;aQ3QH<fh6W*~?NOknxesvGP-wb6Elw3N+lK-~BB&rFRI=F~
z)55&mNB@k0Z%AW>PqS8X82dz@-0dq^@KsD+u9=OqzCzIhnB&d>W(|O>yiO%cI|q<m
zK-q0<$qi?Zv%c%}FvsHNuSuoN)(Fc~+AQ@_(VAd_1kCUy+GZ=(-^~veroK`1s#2Cf
zMRH1sVEhYkl$n8(*`x@;oLvba9(plFk=4cNy2=8(F1R>dizTt_MtgF#@ivttwP;1G
zkhoBv>Ns{rAV@uH<_5QRIgAm}oIF3*LCy6ut>zw;V!M8eBVywjUAjZg@ILw}5verc
zaYlE^nPkN2-f^^gZ7`m%799=}Jql4mO3PiWbN~yJlvfVPvxrON_j-L?un=^5OY(ZZ
zKCn?)T`d+Ku`i$~hGjvzsBi;*lfG)j=dP5@3Jr<go&oG9%o(GDY(<z<yNcH5!%WOj
zj(I!uRcdoANJz5ol=j|1S{qWsw}u>Ygc_k19PbN^s^IOn+-~`>r^{pkoUKy8Nz*j!
z%l$GfFd#nwZ@1GL9|>;d3f@-mX;A4fJP7~vbLfz5<LRFeWvX}V!_ol9tYaxNSXV7_
ze>~M3-s3Kvp!x_>Xyh3;x<CGroR{)%kcn?)ZD_|7;05#{^1o#ow7i;-a*&VlKLJ{b
z+A$*h86BRtv{S-$m%~A48RiUgDQCD5tl|`ScbmRTK%=|Ogt$-)(ZUKlQN!@XNgn^p
z)ESZcWbCI9?GhCAB0UPbTsK)(tIOt%_`$SD<8+^|p}IBsv|vrH?m=S{>$d$zTnbFS
zRSND&_PA&96GuYKIXVQda59QBrf$cbfT-y==5KoXVcA8gEAbG+(WUcXdk*E6)k~E;
z><>>iP!^`SIB(n0cWOCH$QRDU#E;`<2L&0oC?9SMhr^)Ut<HPZgYzq^qc=!4U#C?8
z+W#MBWS7!kI`JhC{c9pZq*We775<pEqd|Nl5Z~`eZ@9u95$#JPF118UUJ=Ow!IBdV
zShC*ohYzbVmL_E$So&{9{iMnygSydNNn{V3E096ut9dVyM5ZZbQKMf_Ge1t}n$Y!F
zPf~)F09!z$zaWQgYWuEM%e56TXuMEl+rZ65+-}9gw`e7gQxXGRr;S}@zptA-mX&8S
zxkpKUeoiz5fc)4vz{fvOnzQqdDXs>n&4Ms)e6VfNrDv9(7?DI0Ic&L1tE<*Ph1)cN
z<sELbfs^%wn8Jd&PL3!L^btwF;u)*%lQW?|=&*8VZ&HF6%2x0gPb7S$JU@ym7h1@K
zab};7<|xlI08I^|Y4%K{EDo9}i_ZLAbYPQ<j`yhgW9}durQ-`<qwJ3?I2xc8m?KSB
zugC2hgJVmAN$M6?)geCKS?LtEJA<D4*+Zvo*M<FdVbp&ltrB9jalrr5I^dUCZIyse
z@TG1XChPOY8&)ES!9}JJiWe9{kgELv1%Rn#*$NzyC&XO`Q6?w3D)bDmfpn~w)P$6+
zdv6gjXPy!itd$zLa)auvP+U2lNuUz7TJJSZcVNm@wfJafkh|*Pa{n@<`-0&<gI3xr
zVLju@acN_!21p0noXfAJ3qL*9W6N}}J7VK{ZxOJ}q3y&Q?y(qzMS5<i{|Gjg$@a0V
zGo1n&<~t4!4zJ0&h=FYC0L@Gi*9PdzxBz|mPHseA6#Y=U+*Q?qgek%!f?I;>F6J#$
zNTbvopQnmw4Gs4Y;SNJqrpKX_94n>7ON8t?CZ#~i(R2?*lcdR49|`1vz~!7}U+Plo
z0OVnnEG;{g&)GLys&4Dy=iOzu+m!us9JD8MgrST_SKD`{3Tf5+BpXQa1lvq%Inypt
zh}{XzcS?SqR|kl!Psf9fVk&pL<UT>B)5A=Mn`W@vnk3P&^EAcGfC#uYU8IT#a`hDl
zJ;58S>YI}hstCvm1++(g%c*QZHnsJp<)=-9nIWMa+xNY+3e~KfjjD6k?I{q`45MmW
z1BVf}TG0v;HzTAQ`~?zEOR0^`@)JvV0fGcjQ1~>c2CiKTR6}go6bN$RH-)|nUg4Jh
zR#P)B(xa-1Mr~uiq*a}~2M2p8_!p5PgYI3n*h`Y@x^4+N6%iU+RB2{)ET20dn-O(R
z7J$)u++1g5q2n%~B!g$TO0J_O^<h4v`iSw#@z7=&8q!UlvgQ|@ByJDi3W1D}POcKE
z1*ZJSO8AViglBjNY;z{~w|~Cx)^G<`d$htsR2%Kj`5I~F=xyH6V=FM+q<WOR0m>q%
z54oh*IItgaof192t8!68g3`fb1CK2o^uR_(8*N%8y0zCD{2lHSMk$nOX$rG(d(t!c
z&9m5=y=_Y+el4`Lgy*v%_~otC(E%7ddTl~BBY35!ZbPy5bp}MgO|Rm}PqTWnkQPo5
z5=hYtzkxd(bE=Hjizz|?*;Ffq#RiUbW@{uRn!oKIkaA;ydY252Y_3!l3ueSwgolC!
zGq*k`@Yf~$6?Idu4tF6+ALv&TAyhO>RrPRnG)B+Vk8sMqbMmm$uM<fB_Qx$X+~N1B
zt)1!_F_ri<r90<g1(P?keucy7ppC=nl}SlyDjiNW4}2SonYf#Y+3No+BnPW-N@$!o
zc|YKfN;8>3a$-VQiPzDJOEjGAlQg}Hwr?Di<YOLHLzIkshS-JY+&QDARjatJY`Stq
zI)Cq2irzN+h2vMzz7hv_yW>-gOJE;(F-A+mQ{e3{|B5H+roSHOHr049wnw`;gB>67
z(yvUqRkiGp7_JbzZtFk&{RrC{zKMqF7Nt3Bke-&u$XHMiZBj?AT5M&UKQcI3H+F<+
zhM<y!Zmr?SI-hfUYOapbl-H0sW8%{^W2e2<)+@pI37la{^u0W@TKMlMNo&-9H{~J|
zQBx*uBQjcl1Ib4i<Zc%i7_6w3ya~!(8yi2MkDZ`L9oC5uCn`v}!xDdeQX;WOp5s86
z2vNU*^9NLaK`ruVdy?srNMFg=#vlo!!x8H}i;y_v|MM<CS3Z00)&p~$Li9XEzB0mY
zNlBJPg%ZVa#8Ls0VjBOPvA{3Sf6zvV=XVh9_Uqb19;z$JxMQ7;0}}(&8C6sKId3A9
zb8XiCMZFaa@c6k(X{J5ols&B>dgO8yB->g>A51Gz1KXP{H)~HO>x4N@a8}9gOM*YJ
z!v<7SZ*L;^XQ3Xz`{l3MS{!A+;9&imlpmE;ku$vC6~DbA>yyph0f!H)R8(!(F2~}d
z`bFONIP!48xI*&@m%roWVl3dFmEa#$e_zfOm&rU(u)FwK6jeVY)0uYF*i4Q3y)yy-
z$cUif(^akR36F%+^hg?DcJCLCQ1ql&F)N@6EF>+LvWw1>(?cxulBFy@hypK5-sNhr
zHM4nViX{<WOhNCC<vl7wh*UhtA`vn~l0KdaAsu}%XuO15apDXm$|UL`076`kgpclM
z^To~S+uxi;i$D1{;S!TQygy<7(HE%b9K`-W6Ve}prRAMqp?`zrj?ubeCImnCm30V6
z3G)S43k#`+^Uc@04bKUojy*+bbf8n}EyRJ}(o+zP3Z=itaggFOc3hG@B=Hz{ABu`L
z)9hPaJtA5>yPStF37;BymT`>>s`bx7q(|OrfVJa38}>ojSFe8u=h0OhV}MR!bI5l~
zO-<#x|4m5&wm_5n6niIE^$uj!W;J)Rq4$d;pK10Ng41Az*9@d^-S6Afe-4+g*oHl$
zOB4(Hml45`YIG9EZ`&sRMKQZWAD~-oA9L03x>RW<dr_{<=2rs|@IZd^lv7G9CZ04R
zIc{O^J|EZsKA^O&|4S67J65M1J<E-Eg-~j<(mgS+>G29;G<veFSaIn&(c5iFJ*R=v
z`jC?s%Y226?Ta-nH(eU_77KP@I_(Ecr2X|8VXoo!6hXZwJ2|&p*{pL3wH&7TD^<*;
zYWYO)KQu|%H;!GS`q<UMssWZ1lo-!QMx(B3Q6|ns@_hJn2f+kq0ce`1FH0w-AtLps
zueRIdKqZ&sqCYK0th*%d>Shv(3i707*IwSLX}R~|rv|vLJ46+H-HAZkHaJbQ=R#}W
z>?Yd85~dPmg*hd47^w7!pGaWvwGoD+;ga|AQ<;xk9xvm;N$DfW7^a$&QAZ*ltJCq*
zaVtMMHVeChICppK^eR7pf%c;NphSByompc<d~c6C&LT$v|1B5VTKO-YRb^m;JtoL8
zQ+|aH^|yO%`rDo<reDkcHrilb``@TqJ3+OUb)GI;#3S$j9-~vfj8pFwR<DSE;xqjG
zBQN4jZa|AiWvqBqx&!p91%z39=`n-ub3^7haBM<DCAe=_d(dUlN9RoAcv;8v9pCKm
z6>bXFpC2>;H;dBvX%IE(4wh406tk3|rXMQqSX39Cisa%pW@9hAJwlDZKmD3SJo=h*
z#ij=Pdl5sRqq73G9>)34Du(yRr*~)UZK;g{X%5?7r(V<wOjMv&a|4DVI|>f4)5&6G
zYDVB)>u<vsA9Hp=cGxYzy%mqG&(K3nFBaqIsv|MDK5llhvy~wj9+ydD4K;>%L*-Tn
zD0<82Dcza|*qRt_1!_^okQ)2Guk8g5$`F8(3xiX|-d~KPqhJE7r^KiX^xmL-VG(}e
z+M_B5WuUqiDulvX#<@(N$dW%~nARw2IYwbZ{sB7)Id7<r?ssKQq?CLxG*gEkZl*F1
zHF({BZVO(j_tc*jBveKB)=%n4J8t2D?dK6syYZ%-pvutQBgi#2mL~EQb4%c#LKB((
z4ppW_>AeE3K-@NI=ziPD#~H^YF-H}U0j*fwW2N!tFEQB}ls8EyhQVYXKKU_09ic2w
zQP*BY%#K_EwYze4(;)-dv^`|I{7gZ2r<>^I2hywlxb82e(Fe_S9J4v;8e@AmrKwNu
z(HNm!7xroX6ZFSsJM0hfWOxzx@hxe*LahRIfuBc-X-wLCwWPh#kGJi@suQuQ+K<h^
zzRDhO>P_jgvAx+dDyp~V3tgx_OI_RWfJ|V>e83ZkNm)&RCz&+a#a#33Ga9>@i{>~r
z`kAgQKf+yg+zH&U=N1pO0+A)<U#YYQiLF$}Ye<KkQMJ9&A7He)!I=~;W-Rn;Ju!}M
z14(PoS)KV0l*4AyI&3yt3Q?2woaKrC)y<7-@d@3HYbj%J?JsUC-3|N%!R{Rai>@ID
z;Ca#oY^d)2so@hzGFf5Tq;y;KQ{bkD#c;u1FP3e!meKN8+8t@M{Rc~|cr-(P)n(Mx
zt4J5ql&sh&OyAQ(xXGAQ`1|x{f(rctCClpApm5i+xX^dh_RhrI5V`dbp5;`~1ST#B
z;&kh==6RQ?Sptdq0NyIr>%}95JwwJ5cLLXESCM#S!>jcU+YmSbFGG+GJ3Z{a_|tU;
z@`1tqdP(;0<nJXvjO-QTE5k3NtPJ6eOZZhgvu6PDJ=|LfH5%R#g3)AZk|!7qIAu)!
z+NdG2p+`N!Wr)#n0Wo@&Ax7B})?eaDGR`XgUr)c(vZpLi5_hbel4g8~7^GE)kB-5p
z!8gg$A7BFi>SiMKL%Jwou_}aCLR4x<jwI}_EF)RV&N3Ovh6!Wl3oC_V>a)cSIfxW7
zdLOnReeG^Qnwb@L8Lk&quM{1i1ZlrOv>A32j+vjMeVU0g;XR(2@*?BO+7orssgf_d
z#K<Lc^pt6>RF@V$@>NuVt0e^2Nz=MVJpS^2g{|`3rIh@}I;?J!qxy7}yoForWTQkX
z6W%#-3K|k-+4hBhXKOZ_^_nT1<cfwFK{ZR3yv5a@4Q`L^`-#N{P3dKe+9UdxE9ze=
z_`6AuN^@fThP1?1`S7oxw+!1P$X`qe@>Om8_wYT&#+xug&nva&q*fU>@Te&3v5I=*
zsS}6Wm&0q8$;mEV?ZfoPnx!D{YY1rApTafGaXt?hZwCAl_-V_6v`{A0C^)q&LwA@o
zXPeF#o@r_Pk{T9e10rltAW}#M7T=-ylczpkdCo)H)E$N&ZFo!r>0uVq_4jRTa9fsO
zLWa|nVIOXiQ+PQ%W`e2&%IN9eg0N|_uF5^<wNHSN&S*C_;c@x%<~ZiB4f5~Ob7COf
zlWxQJGZdbk9kq3dza4;3n(s}Cd5nD%CeJ>~*))B5x%GGHYjThkrOj=5Z$w{bS3H4C
zi3~dm8Be!lgd7l??7;D~b=`Sdph{%@#w>QUl65kcs-+tB#z*AOyXzpmTBYaBDxj)3
zYNJX#O(C+PI%MD(1}<fU-;^k=++(S?Br?1CuKtrw{;N&3*{o?oS?-?vzW$YF(U&wc
zWe+oZpw!G1PwASvCVKtjJntF&741VV7RW1TL?R(fxw}HZJbd7FhEH(DL}afYptV7C
zcV;P3!ccZ*(4_9Glhp2uiiUQk&X<w?GXeExSXc;^h&@CY^us3ia0=~983s4@U7^S5
zQTqJ!iy@@95<@y=04ds}!vc5~&pYa|oO7Mh%LaLl-g~j_AzGZ^e6Dr5GsxQzxq<m8
z`=ZUo-0kP%);N4VAR>4ly}Ta0*Tr%s76#Xpn&#asFOGF2Aw!>2H-sI^A#7nvuV%1@
zASNXPtNhV!dS6x&X6g;$0-|lrNH|bF!q;iRNVuRPPEg>waEcLAJ4EOq;$QH;CqMSa
z2mXUSd69}p6Af{r^AN9L<U(i8W|NIwYGuqQXPb(zX|la3H+YcZ;~S{e`DV!j_Fz;i
zcci4Hk}85Ad<Zw`D&bIW6uxXxBXyn+=1{|0aA-FDaC#)StYfd(WT8>bWRR($$-p1f
zC6Zg8hc2Iogie%q5$k*|lptJSU$EikMG}qNNeYMsY9ii~1$_`gUWNx$+DS))!UXoX
z-AfZ@k#`n9;+pJ8*JP~Px>zP_<jfi9VH`!)p_z{JC3^Y3O<AS!E}9JJMLq_@9Q5m4
zZ;^jVdacRtG<!m{XE2mt75@z<8_qdo#9>n&)~4X}bqU)pc!g3A?m}DC#TVt*xLD2+
z??G>)$U&bCsj)TToKen0c?_|9ybM%h(r7UoPnrBM+xt&t!CaYwkFOI7g0zQDCiY*!
zGGt6)iP&H2emL|8si3j0r0SZXozv%Zq)1!-Y*m%m0^*O$ApRJiPJDrJaNiL{g;T9o
zpuxW<fOix3IQm4`GG=`kTnrdX^E?^OKJ}&~%fPYmBfMo=X1(n9(Ay0@W%3q<o@6wS
z$uCg&DMn6C(3sNPzSmr*KGPgzCYbh&-LeYvc_L{4UqpSLi{+g@i`F#}Gclw>TA(*A
z!5gK^e1C~Q!oNmOMc2|AKeag%E@#2md(c1$TEbcQXdiIa+ZSpo(}88KCZ^QNK+!dI
zf)z*i`Yu>u_g<LgOfbWFM_&(aJhaMieu=5gpx4&a#*Td$&C>-66>JZce7OPr&|w79
zcll7sUQfQx4OxWExQf@S0+7-t8@-Igkhf%)tnT~vjC<kHkJ8XnG+h0(uW0bq1<@6m
zByH?y`C$%hhx-6;^31fHp^(rA&5*_3V6w`iI0J>akd}pV3TvC5d=Ld3wN<Omr3*4#
zaFvW#M+J|vlr-E>QwvTO0`*-4{9Qf}>bD8>OXKe05*FPt_V>!)eZD1EgIQqkG|<JO
z{&Dv-eaSit!~19(QENB57k~Qu3%n)m!WbhYJ<!MZ_k4zYs;AfAOY%8^Cj$pB%4o$&
zvTL-V$_u~<9y+ozA&QpV(__Lpm+aGVmC$Rj6V(@K1K(;iU13<}Jb=$}RoTYbw2E}Z
zFz-qk>G*jho)7Y^`)!e3iw2<cv~1BsOSpfvRxTq2$ERLr$EQedRi`$->r}Zx)NZNh
zV7Wd12@LN`RGVf7=i%<v!rjvIlDZ3FWyB=pDk<P&fkVUE=)aK(kp_#T5p+y;;WkcQ
zx;NMgteX;wqVRRisQj#cPlsX4qd7MQ-y(TA1@+fGkATJV&(uF@D=(T7p~WW`ovY*~
zPN0xnU)-e~R=c#UgWQF}QxU(Oe&6oHXFOONhCJ$HjpS<5fudS|1ecQjT?O&g@ib_b
zPUXj&bp;iy{|I|j!j0{dFH`b^Pj!fiMIq;zIdV&Xx<(u9DrN_<mi?!QVc@MEsET|Y
z#v!)7ro!voAevQdfZ=@D!5$|HI>mxE6Z)}5P^v#Eom8^?%@SDa@`o$S`oPb7I<1gm
zhS4cCJgU)>R7ss7_72ts!&w`;Ttd7J_ElwF9_gHD#(6aMe+Qn2dMSTlKTmmaT`Iwu
zHMa5hyEL{N8C>nWkdip{4uvg>o~fUZop-b-{0Nn_>@(OMTRqA&s&e6`99)g^pKfwQ
zFfd!7wy1fl;W-y5$_8V3R;ZEHAoq!~E>10P#yfh&*Nb}1(=6ob`?58OZeq}`RL*G>
z>Mk?Gt00E6X9R3knZ<YoTW$tl;%fgN=-U@t5>EfGFph6=DtQ64EoG)e=Pq$!4GihO
z^RHJ^5iC<wexv5wsr^m6-l-N`9cHM@;E3}gHIn9w6YeQj82q~G`~offHuq_n#mUx&
zzSY3ibw|7^ONuV%6NsPeyYedz|MuO~vFO}R9qaLrzq6<sCd?azqlvuOU07{z?UnFy
zC<?>SN&!5o6u|g^=~wC2xI?%lG}lw}U>fK7+(V-h`FB|&uMp;jHa32|d-d7IrWPF3
zM|MWCbyuO;B4CQ$9gg|jypxPb!BIsE<;0`4z+|~g&g6iB79hdk22*jPv$7^X7|waf
zuu7!X!-geM;nblS%Jckxr+ciT94F#mLpmEZ-8dRxGoDq?<#fJLYrKFS`)Jp>fOKoj
zJOU-Eu2Dj1G7qI55$fx5A6c#etaQstyH&HP&!;bp+t3%TO*?lc=?kX9WO_%S*%C0y
zC`?`jzhD;wi-G0wiPDW<Qq#2I2<EYZ=pNPP$^?=rsPM5jLQr}H$@K4{=MWcR%5J4_
z(`H#kqjjVBBjXlkcXuLvwCizkVd%f<+rAD?a8ziFwCjqRM(X5ZFmmQBR9s9g0Eg|B
zLn>aE4t+|Vu)`8L2Wha`*>T!bvGwKWmgShHKapQ5CwB(@w*Mp^VoLcRmcMh>>FJtR
zQGtws2JZJ4@rZj7{zV5S^|-nLMe*|8-IL=Yidktd7|JGnP0@hf8m_3Q!uFFyYQ(TZ
zg7*Lqg|*<ZJlSxbH~#)D+}lSmBZJQ?e6ta_-WRPJE(|}1Pn8}a_#Et>iu!&>zn8B-
zv~&x%!TY_xg$qv)_)&G`jZXG+#Jrz2!N1m`G2@$cZI>HL-DYhLg|FtdIj2x3tJdo%
zeai=Ch7`A9@?-4XIm;l~p-dQT{5>wQ^fiIv(CqxhW;2d+h2kfC`pWUq#jY~;5JglH
z6jGewI(Q6Y!V~|`5zdO|C|oc6!>fLpRn?<HtEeD-rp!i*tZlL=m`cWJ$)!Mx;4HvB
zEpz^o|CVfbQWj(Z@Kj2a3)$LGlOk|O<(TcGxrLcBS|m}LY(EOO$l^;&){1xfrL2`@
zE4NM(1;)-Byal#QE0FQZ3t1{>^YJg@=qV8X{w28V{z8o?kVWV%&W$F~)OzY;9MvGo
z^GH132JvxiGT60S$z@$u#fo2Mg<4_K*scG035;;cE`AUxya?~SVSv=eg}9aN!q_IB
zdlA{V-k+;BA-jM?nq&mCA)Jjb;LaEDpB36{XKtL9Bg+Ecvh`qfP}N?Ap`rz<enjRq
zzF6k9AqmF@pZ60Yb%g1nA5$KQ_k)^-b^>E(Wr~puS7d2Strvc%XsNYiX&kzz3oLSb
z0-mIUPZEE5d2oAhpUyt=SLJpT2mi%Bd@op7DSU>Jomf4>CN>?!Rwr2pG`d6toTT`V
zMEgmiQ?p6}RI-iM4t=P{5iaIE+<uSSHygYj9Q>ZLW%`sblQ&f{<?kwKaJd}Se@5zO
z{acx{QN;hkUlLk|eykxY7^+N~FLiiel+|Mc0@2F?E|3hwCB*gX-`EQ&NX@k=POx3{
zu)J+kUEDXdoC=C^*jmAg<J1U%@&q}fNdy|+f~^vu6G!+EG}io0I=74UlfY4O@|=wX
z-@<oEhEsUj>;aCS{U}DZud&fu;>^2FQ4{;YKSeM283%~8@izASM(R*xGFp=Tzjs_L
zGpgcR)q?U#E4oxpo?I`5T*ha!5G${%v6ORFDTmi9AuER%Zf+!CA!TDayRf{Dim9H-
zlfU0bw2&gbI+pfO{Q$ka%}|^r);cKH>Ec_#cQF^y2`mh!HBJvO5Eed~7eC*JoB4)Z
z?C+A~?YNUha?Au}!BN<K^u<j4vLQhCzoY0|3QIanSINxZMF-B#X0Y<&SwX4C2oP6n
z)4&_U)5Rb`pU7=Ww^$H%&>#p~LKwCHY+{S_OOhPm+4?(7-L{O~EkQEd2Tzt)YVAPN
z%gj5T2Z$W?WG?^jp4j<;y*l;8)*XnJ1Jq`1`QZ&jOR2{=!!lTx&?~c;It8VMUnkd|
zGD1>ywJTpGv{uEj9<B*3>k-?4O`pcVMk~;@3NO{xU!(h#LsClB-xJSkL?W&udqb3?
z_H4JS1&`M)q|2J}-G(uviK`ma!`9rc;Vs%{9XhUGhh_ISdd9b0+=F~^vu;*TcvCd;
zWEvCpSEu4?`%VPzZ!8ReTx8ow@!SCa?-Tip`nMHSEnn<k{+?tO+h1}NNfLf@F<i9=
zrw>o#F+t;}#XfwFel{GbsBSR8PF&fpg_RJhJz<*yWX(g)^B`s{vKD&<0c+rHR`!8|
z2Z}mH+TX+{W7E$><&INtar3xL;NxaOtj)+^US5<0KQT1qm#}GnJ=~&=KK;kx2YPK6
z-Hjcdqjk7Nb)qca_74Z7E5fPl2XB~*+fS9MM1V`h_3!)SxV!h?pF*X!5a~`EyONIB
z?6&AWxH-ncxvYh$Z(E2>vVJx~lfQ5M<KZ>j9wKBqtSR7hmiMY^g7OnV=S1A@$%)l_
z%P95R&LhO(ehm+!%?|HR&E~D8^RJtDN)gT4+^k!^!g2q;N)~<^_+4X-y@!E^@syV#
zEX*LDe?`TJ%_fQnw>A<Ikah(RJfoK5SnB`aRf*yXu)k5sT78=Ps(+?LD6SEQ4;b#8
zI4U`9c*;{^+ff18#o~RLj+iB#p_Xuw=Gh2w?D_&zbg}WbuzUCOwsQFYrRbTW_aFB%
zSaqAP4#g4k90u<F0_Aik;-0@PAU)jsCbs40Tif@%A9n`_?w*;{^Izd^zpR^D4=|Ia
zBC|T5(!1i-apV<<%D;K)e>P>^ooFcQg+p#2>-Ai<&1i3B>YcXei1d4Q8CzpzS?#)y
z<ltE6J@g5@rH}aG%4cH3uP%s&UGJTE7J&|?*A^r?@C&#G@atyJX!@-|>8aO%Kqd37
zLeFzbw7Q_>@UVl4PdDRsz1B1}4G(b2r;y*K@JM!fB6_J3VhI_}xUH71xqM>Ua|R7v
z!g++p2}!L~8vYU;?)~)5qzs)km-_|bQu<A~8|Ednhc}+5-ez||B}uDMm@%d8!w+CO
z@I-p<5UpE)VJa%-Mf9$6Z@*5f_U$Nsv+;ilE+-{XQo~2VdIeK#G^db#3nOc8gdOQ(
znm?8RnG6GhLmu>PJew*WlkJ}Yd!hSr^Pyy4Fm?Uw(bak_8)K_PuivZ@ez>fb8FBb%
z*0($pu>Nc+aLgd99%aPWVT|=!RN3b`eWczF?p;9~iNcsO+wD{oBe_olcoEicuO)29
z8Rzzt)wF2XADPpl&+w_VwE%aoyJ>w})svdap#srQ?3lUTraLqBpkCUA-?3kojja!=
zR!BxDaI$~DR^Ul;iNPhVGWl8>(Rid6tDOD-4^sRIY1GU8u1s+RZPmNi$Mw~eyYqa6
zFPa-j%X5q>R5SJG-z#K3+r>bd7#RB+t7L||KDm$LI7&l!>vhUy;`MQ_8ujA$Ia!3g
z+I!y@41`*CBBv}hSi&0T-hDca{EBu@P5i7^sVGE-(<ilrHdccltLWU)H=hnxXWdUJ
z<ZKSJEeg37$SYUnO`2rio{;E(J+wB`aKkv&HfWWhxt*0`RfaiM#gfaKBobK2xvf<J
zl?Y`E?g@$Uf8U{K=xUD-VXv65bJQ$FFtQ9n^(n-puFt6lCXI{ia#0rUEVkzw+w`uR
zx9R`q7=?%U{RUQA%!o@iAcG?71aI2V5~iKRVGEMs@x6RNtsOlr0vNe)4MvE-TtI$?
z8+c*tAPbKgP3;nIa4TrGpS2GOivElc3#CoePFusx#H0M}J5A*Ry#0<#b%$(WNhK-O
z;=}Pzte}WPY7Fk->ZG5dMYFd;Wt^_yh=B}teaA%u_0APYR<p_*!K7xFR~5wDy1dp+
zUO%9l&{kpyNsCx#%(RKF(fs%WNSV*2<<*J*1#n!2^aA-z5jfqaa|thtI4C;i3)1s2
zskyP!^lr5@y+8Ccy(Qh5yhIBBFIGeslv^y%hnrhdWU=<Ax5RWS^9;bc>Ob>X%5Kx8
z=Wttl5Q<}{;)dx-Sf0RK`vmB*IU~4l+w>VVPV=YmKLY-#k05n>X#f}3R0iogHT|q*
zg-~^Q<SkLXV=jel+hKd__2w99BH#Z_Z<BTjPCjeG24reE4L>uJ@75}`!Tv|sA=|E%
zSAd!!ND;BdYE@6~`Tg+d{=x@mXVe<?GAkfNnvK(K%8amc0MA^{MuTFne2CQ*`&Qyf
zO$vD!lctG`bomgmh%D>GH0B3^Xwnd2$xr@TWD-w0A%KorM0ltQ$kh(71O#j?LW_Cn
zIXVQdC{N9=(bUP~uINDFWS4;t|DMjbm{shzvkqF9<}|o>8$z~4z(y1yaz+pEu~x~S
ztQ8I4<aBF-UzWrbxV48kUBf$&!|(Gs^xtZk$|dp&Z8Md#AyXMRTI01l|0#@hjvcq{
zK#QZ7AUSRic3ZKFi0`cdD^pbVD@bU|F7+BhVL|!j2YjzDx*0xoT>Y9c2W^0+J)kjw
zs?;AAPjM)rB1~*{Nu(Y_TO)_ol>DcTG<$>=4sdif=Yi`NfgMaZ(X%^9Q?oXws5{C>
zo6^y=Yj?nEpI7zk<#ViT)$Jb+e(-8tldhvaoqT7O#~v?}{Q;$K^!}4=7{dh#*M$__
zxhB~zY2zCcI6d?4Z7RQ78lS2I`vRJoD@X)Kyhhl%g#;`xvU?k7n({+vs?Opm@bo?{
z_pP+8Q`I0<hD+%#3_Oa+_$LI<VWJ>liwXR~S?~6zY3Wp;rAD(P4bOZ?HDVsLrhkX~
zq|%$LP|fX47n%C1fm}yqmU&QQ_VpssU_G113Z#|Oz6K&p_0b{?Q6SGKIg27hR{HD~
zrfNgTo3_#wE~eBmz$$(L=ZrY{@Fm#olE3&Vu5LB4!nA|=8cGimk{N~goPj(+ZH)1z
zT~V2_wB&Y}ET0B=z<SYQ@!Isr7^hebEd~W^^Jn<RmtOn~qc48&_I<|!2yF@y$b>56
zWIF@jG)wMc<Vt#TG3>%{3m+RkFuW=pCkv7S`~6QnB(pdTp+Y4^RN;YIeOVQJA}k7=
zMeFQm8C_x|%vkW-^Sfv?^`t=G)k+B5K9ISd(sz@SS%EV$C0BRVySqe-@w1^p?Lb|r
z4bPJz2#E8SB9P0n&N8#g%|=Npv{jaxe0i4~!CwG|(=?m%Cd_g+lXH%I?1?Y7oQhKC
zXj<qT&9crBs|$OOe;_5anDI@SA*yNSJ+zYzf^0F4*<$xI>QJSL+tmuC@H4aAD!JUv
zICIr<2@TpLC&=<T!xgsSWFk1aKmL)Nmj(`$#SN%oy7YC4qX98biT9${lW_);W2RIV
zr<qd`y${}v)VOwO^5*ofC=4(5P@Z%GiGO4aCxTZK<tu03AcQ?$KZa{4(`41yr8!XU
zKTPRtBOLtpxOq$;6#o%lufm{JSyqGp=oHqj1Z?R%NH?}zO|q2wnxas9jzNHY<S+&~
zyL7u!k|BG_lCn+S0U3e9TNWzk<&j?3NS|h0uTr1Q*a-iUg)>xpZo}sJx4_C81q*Ep
z=K_J@u^{bd3$U4S&0Y!NdV2|bhu$FeA>ZC6s=}sK%-Tj9qV-$^qcqtx*N$O>I<@1f
zbNDV%!m*bOw9TNgLVZ72p8Z{=nB%JW_dg%>P+T`!%R)*Dl1y-?AAAy-ggc+?#O_I%
z^67!HB@0@F;XnFk9<OZJ&{E%*FtX2ov73uliJ(A##(PK~jk_!E1i$c*DZ#>@3W5OI
zCQJGLkA?k$ZDmIA6uv|TbL%Eo^#Lo<eA{1#0S$a^b^bFAgj&5<#30vvsz?axg#~%a
zGO26gG){hoftfg_ZNcJ`@YhPRXPHL&D%PeY-yj&s9Ai9<8Q_TTg#hl(Ub{Kk{WBmZ
zwUr;_6P^aSG^eOU-B^0-$?$5B6u{|L93)Xp*OU6sLA1?C{h!`X{%<+~i*4$;rA<xb
zF;RF%(twB_QD$Ob*JJ6Gjc8>9mxu50RdEbbcaO%{1w4)g3(AH>RxD`KkuWAZM{Wpz
zpQ9;wOLOw*hj!Z!mT31H)}sk2Y{|UXXy|7_@n&`gPEQ2w7Z5Q=CnC2p=&lYlQtCix
z=Gn2=ahaBo;n0}ehnr+yYRs9&>UAfx7d4`Wl7M9k#Lvk{j0QaMqs2_JO|X6AXKaV>
zgF{^4l#@tKO9<H{gODXJQNRc?*`oaf$OOeh!>Wwx5V2(|c>)wQKo(5)TshPeLC363
zrO~A69}fXp@rZw5|2GNh_P%c+wR>B}$ywR|E|J>t7ksV-b(R~CVL00eCyYpelQ=VD
zDIY^vTUbb!Evtim6k^($L@+G=^pjp`mAfb8+iXyYEjPa1FUikvoxxx5bfArk_i2I*
zy_`0EC??!;JAFQNv3<B|afG1?MR#WyZKK&}zVmUj+?rpI_ffB0{bLy_PQ=o91mdg3
z7>Np0{7Xd)^Z86<lLX@3psh~3zp-NWf3tviKewk+J+NB0Q)X_XohsoDa|o((Yar#=
zZ(^e)`LFR`Ud4XM#t0mzVfcnB%#h<f!++;xE@Zn-L9O%YBF#(nJX@mhYr~fQpgL^n
zk~$Un^z-dH{HZkWwRx21_HjOQRWu$yGB|=%D{5}G*fqsMF5F&tb<VJUb=_ZO*sH!u
zE+?sSkVDkUb+bfC!S$2EmJOKx3w7NQQWf%XpDRdK_Zm<3PO{ESJ8Yv)7{c*3cLxiZ
z=yT|g@Z`q<SuSNFc_lT$vp3Dk5S*Nv(dpdXAKpMzfShrL#?n{EpE7wVx9!JLtCL&$
zjykBI{FvW#@F6S6$L37u>tluLj1!*_yDE{fl~;Qn)BByg*RoRoh0kFAjj=>O)0gnD
zHDJ1&dXY%dE-h)pWbt;XQoI^xw&W%+r($s?WjOdrU!Y_68bPI@pPI+!nta*KG#pW9
z+-L?^d?4;Hb3t4s3Nlkf%Rt@e_S83OP`~C`WQwiYN4W<q?Z}!ri*l)@YRZl+ZRZZH
zj~G9!5#tw{LuZCg+W3C8eV;3;6729gYrF`|lS0W;lTb1bo13+Xr)aL8X%jae4t*yR
zc`&GGWS$4vDkC{2D^E>3go7j`Dx;-XRSYWoWCH~?N(zjrSr{E;RK_ukzt(SoarwAM
zhbqkg!`ieS?y=kD>5U-tiob={mQFsvfI!ted6x`B(a*lHA+OdxdwY`P+*KSQW9`vD
zXJYIYwT?^|r6kp{uE}#0=N8?7*IjhSp9w+3<X3q8LvoBIpzBf)LsRu$RqelpuPx3i
zqyba)Z_(_B5D0ZamIVz7-+-_ARLN;BDONH*$UyQzE^z`bK<nBRD5R=x;bck#1Agrh
zZRa3U2vf(wSD4APNR}|4XDfU|_EQAzyA>amz$dR6i7m%FHb1o1&>_wCk~Ac|z5h(K
z)OQ3qmuoB=*nbSaiJtSY&f<1QDYcirH6EoJQoifZvE)HbKi@9nWcL`pFitv%Ou}Q8
zeqetXhcABc4v8V$^k<R@#Mj0)C@g>4tm`Vyxu_YAtwsbzz`>)8i@EI|FnU!3%!v|5
zwrgsMhpvs!^lqqy5Z;JSH<w)g1fPsXkr3{e4Rbwp7P_g8wlVli5EQJj(a&}C66r0x
zoN<2tCAZ9(&>tQ{IN47a-qDqkX94cCI?5^kl-_l5C{Q%G^lD|T#6Gq;t}?yQmel|<
z&;A|_{-e~hGTIrAt}ArCl|Z<53YL{fmx-tFkheAIJnNZl?mWmq#CCUx;b@ntt59R5
z+Ty#(K23qqb8!Dh%+s3YS<?IT-rrf?s`k2%5^?A6kkVDfAQl?L(`P@H8uzCPTu?#Z
z3miRc{0@->RuGESkGwmG<1}zVYyDd3ko*v)D1-|ym#Q&buXYD&%8gy$%pKk*>th^}
z6>|Ps*nFQG_>jxAaWtoVw^U@LEj2S}(K!85S~%ZGk2$xceWk0P0|jah)G$D-Y{tBn
zh@N7EG&M-a=6%srLYASrxvZcc?L(aBaoDMedbws%uV!3AP#AjaMW_As8kV{^ZsDTe
z3;`#Go3Tu2gC1dpI_~5Wz>97y%9I?VgC{W#$3ls_W$az0;b5FK*gBZ?+gV+SKRj=>
zt(bam59yxY37hMvY|Obs^!#2l_l~5u_g$2ANpHFLLc-Xm-RnE5k-db9Hr$4|$&zCj
zui*9c6KRtkOn(`6(F?1p#$4_b`N>K2rc)B#A{*-)nhGtMigxvciKLt<QV2W<U4m2*
z)G`YE>qbUXIU9PU*uf|}G^baPGRVW>UQ(rZw;2tnPP*GnXtu}M5u3xZ?xwdm{R)x)
zsJ_>9TA3Lx*e3rPmBnA95=bcGCR8Dk7TDeU5F+W;G({@GFWjEeE1y#ddYAZXIE=f~
z^RoVTR8{({x4&E4oDYA`F+gmI8JTADHYhI6=D!iedLYD46cd5p*d6wI&8w<&U0t+7
zSI!vQ!-X7>Jc)|e!)u@=&^0plt__s0@%Jsplef!&pqj&L@Ia}+;<PZ}BaLQQg>t2s
zE~2=N5{tp2KYjgJSF9VFw@D<WB_Ekg+6dOM$_BBzCgV^x84HaB*<&=xdYFi}6YS5E
z``W@d2Wzlnu4VIT+i9dOvAY3Jz^<uHe!0^MdxUu-Q5RyJ>o5ssPR({~Jz$qG^)_6*
zj)KD;0-bi_svSgOLm_L}1ogI5gii@HM<sFlAwHb*#%7T%(QYj-`P4nMxy`U6I-Um-
zG6*%~8P~?gu`LxA6ubdpLlwQ7$_V?AwJ$cCY<`-KgM9(Cu6xJv7oP;<j_J4kRe&rQ
z+BVOKtw=_LG6E*CB4C<OHjdJ_FrZ{EZJV1s1S>o^MdUy3cFF!wQ4lqf`15!^D#@F|
zqu;@+h5}b#Mfbf8|F|%6RQ1#b0fMSsOYa{far5anK=jA$HaTxUM$v6db@d+eHgM*m
zuJo!ymQ!S%VBZ&&dppY#U!YfUUok&E(GbPvdHhMIT1UnH_Us<ccgywXI>)WF=KM6|
z*;#vIg*cFO7U)%%dX-njN2={A^l}qKE$3jEQf$i8FpgDlox|_jefVq+Y<2h1Au313
z;nn^H&ik2v@br?X_5`j$ot42dgT+4l&vRi5ys;q-`XI_Ksb3HX)xq4xVkYipVz&A}
z3lH_Lp#~yz3Trn2PrH5}$|txWY{J7OeBZuN$bpP<8NyvUL_um@Sf9-(sesxdo8!l*
z>i97dWp2nwL^f_Dzrc0b@+B&%KRsiYCTi*$m^eFyY^KsLeX8TzTl?BOH}g9WBSf@)
z<9U0h*vfQGKS0U&N~9gCqdFrlbt))is!*4}f^wq41;?z^7NYpA*djUsUN3nk{VzzD
z;O8D_Je%szx#B!SMPFqKN`k3MGLNu`JRIb8fj$f=<Pwbt*xGxl$wQ(2%R)~Bp}cE`
zLL|G?8Hzc)jKBp%FF417yHMEk3!&%~MFsjB54e49x6|47yK;MKH((l2DXu%>s|0sW
zwzHNh+!33sJGllD>d7ed(s0ZUnoVRaa>5$2$fsxlX;^E__guFC_d1UBna1X<M_y@t
z{)!c-Fd_^uvDjG<)>|xRV!=(~&C@;(^{pyXQ)pCZqA)KkGPXwSaT{F~{-bd_`ib8m
zn#A=gh|@hRcJ8AG@f~4ba5@3&C3z;0#sV^;<(=^4cgIj#$MECxNBkzf0&HjXHT*el
z!k-A3`l#fCNh>aszSrEP@m=zQk=Lj$nwNQZ{y*>esz8b!e&yq|Gu_(``a+|hz@vE8
zG>T-uSzOq>pX`#I$Pn0tv_xRvK-O#0SF`N7DZSDzqiWaz!-(xlj*z0lom$*pr=$=w
z5R2<0ES^V$v2YzUFudQva{kZ3hl{2#X2vj0OH$^orc8dW3ws3kLwLKoSIY*;JL?T^
z#G+6WWm=hWQ03Zk$YD)b-Tpj<Z4|}t`7~oqZq%I$%yo=fUgWQWJZ?CKW09t5*tdUx
zUWO&*GZ`z}86t@YT53*}%gBVqYc3V2k!fo+pGNvy@hHcuQ5$`e?9qz5m3v1&#|-6?
z3#F5{<;<%{!3&BmU?t9$n-SJ8&>-m(P;&P!@VoFa&J7tF>{!OQPlT})oe&}R1=mZS
zVSDj2T<d&;{m}uR+H?7$TOwW<WH2l9q7k$6##d`zp_X`#vcek<Hn>FH9yc>ikdKPz
zeX^lT_7-|PQP#_y2sNO})@iH7W^YAJq-#jI4WTAsKRiVmDSscw-tAyJhS^)WWTHN`
zLXIr_!>gyGKoK$|7kudGT;~|{;B~bG6WMFyC_8PTjBcCIjexsGX+B|Xvf)6{b6B_3
z`u(zXk_zzGkl^@o`q1pAqybH|^t)&ZD}zc{(HW8UN=-A#I@JXi>4deF$*;NEsfePC
zA>Qubb=AC4m(Ia4j+~6qW5^6@Udm-2{9qC8B}W8F-4~`$#Cx{bx0KsM4z-8=AQMN<
zHMg+{j(e1(#8%J4_j~VgJ~K|jG}4>77BFTJC)AA-{{H2-ftO@)68T+soot{EC|jbp
zL!(GImo^KuJcgFV8Fsd0aTaMkQmTcl5_7HM0g&TbD!hh_36B;~R4<lB>$XO`d*KsW
zoNh}gP-OJG&7^3rxIh{RcALAdeR_+8Pt)jn$V=op+H;@aQ=if@?fiNAS%4r6S4ECD
z*Cww&!=g4XY4V~tFN*Y{Hm`cD<yL8cvrWM;Xoxeo#T$hO%LVq}k-2i}1c+p>yke(>
zKIL0quZyK^){HPoz;g~OhixHy)@2X>g8NX3slhqvq#WPr@mUz>p4Q3c3(48FQ1iPj
zYd)}4=sr2_jKt9<`@u%TkkSLv2*_D_RNXpi734vWO-FANByGsCG;D{I8kaFfnp%nT
zSeHu)AR~i^=KqSe{eO`Vlrt!|`3+Vvb$Ww4At_a~@KMX6kWF<cFJ%N6Rb8lQn%5$6
z^VCZ;Em+9V8mv%B6L=^dmN#u2PXDOf+oA9phR7Y%ek}c4O#}DBv9;@DHcaYHnL#*p
z)=!ftpB{&d2M4^WNYilOv`LQLCI|R@Ad63?Gh=lCq40U{2ZGKuR`^{l3&pbAgTwx~
zPm$D${UpxMTF+73A)}n+-7i`_nC&laW%Q{1#)U{?OjyrZDc-DR<)U};j1y>1=6TF|
zcvnoo>Q`@0i&G{RQ!{SP<^2A&XxdURy%-`>t5~c%Ahp;pWwqE3jX}yok074YIanHw
zP@IvPLUN#0FTqEO3xuet!(;eNNWvT!+5%8IS|qz8K1A7=MV=Ubf+$p6nu5CY%8z0+
z;-nT1r7{b)@vU}sAt8g;VWm>K98*a)Vqt(BnMf<>6zK<KMw29-_%gmX>+G1^kUCI)
zCaCPEg61mG!0$}G8(f)iexdClVHowCi(nrVcEW5QV1Y}frc)OAgfDq&Sn4P~JvXs%
z_=M;9|4I-3E?pn~*OOGIsEt7;!b(Im%tG`G8mEs9oLL4b!aFeN*PUZT{-v_#FOCvU
z3)qj6!ESh)k^J%UJGqnZTe@GcN#SVaJV9U|9oAp|(!bTTaIjsEMYn3jYBX+^B!bEQ
zEBPFpSU_yGvPss2KVbwMKjh&WAMs~AU4My<B*SQ??1t#r0OcPT5O=LgU1Xu27xD20
zR*sj;zT&~a7+y8GsUZ3b$Hb>(8>AS=8y&YOzGtc>oKc2jL})plK0xHK;O~d$$u;)I
z<ym5E3OK6-R_f0Of19vs+W@6tT7qE<o-6K4oIv@`o<90qWUAQ`ts0gBkMC&xQzAOq
zYpW^U(a~VtA`P~Ur<1;I;IbvJ{7v}6{19$d@CI|u+%ctzB<jJyMwXmI)qcMZ5B{2l
zj+)VAyTr)pT^*856#M}<WsXVD?J34#%k^=y$y5o^d?U7AAjT^Kk7ZkvZ<{0^^=Jt4
zGhFvw@5c{2hM`}U1j%+jBbgHv2az)DCr&F}r}PWz=i0kvLvpx_ws$Dud3<>xj_q|A
z`|l6S2K<UDN2cln=<%W12u;mpEc^h5wx>!haAOo=8}KsCG!k`+i3Mda9&d;kG2jdV
zw~uh$`8J4;>+pA!gfexXN?i>e#8T~End`Q1AS<spjYM|q<?(}qTVXiZPY>%T$tVlD
zWZHesBqVZQZO)vvkkIAM-_CCd>w*z?WD-Dn)O6D-qcV7r$EcM`(nwI-GgC=wvQ;g=
z(R9AOPhV81Y~iZPg0$+s&N4OmPs|0}KHM`z-Gp(7gNRi42L_qw`!>o#Tdu4YLoRnx
z8*+)<;I{<wFUkdE)7Y~&z~-$1+h{_rR0Me1j-GK=jF_f*inJwarEv0SBaoH)k}f6@
z@{}@nhg;yNe=t5Ggi;YZ8<qQ`vli^_k~EjRs}mrg>fOT!PY<6kU5VNrwbSe`?WaMG
z!?05t!g^hFf|l1}LGzjAz0y488%3p&+bc>v!KEDV6MI1*CvQ`dW{HXlddn2@$$PPm
z(jR!MP5RpsT5@erQ!smPKq(Giu!(ro2i$VAVLxGNb>1k1vk6CF^dhh_$EG{n{3ycV
zeKbqhbjlKPEAF+?2&PH?Y(P~)O8RG6&RjrKRf_}Z3<G(3qCa^co9DTgV?1829C1s6
zku8o72g#o5_<%*Y4_^0jl@67HY6<(@1v_CXbL{a~6Tpk-Hl7T=5&$ZW|7@a!&M1HV
zM?^v)WoDXlgWx{QNjk#&iecJyc2O9F=LmLuzB%F14iCp&9Kt<@V-R-qjlk2K0I7Jl
z7b}4`(tyA=jSKHfIA<?<)y)e#QF(0QTR4O$t5dcTrnF1hjz2?~a^vB;bA{#;k_90K
zm$6uhOv94?zMLB&?=?v082fVH{~Z;mrb%HpPz7o}FEaH;jiyaKn;q`R`-k7eCO$YR
zok;%ir*OT^xc~)~qJjZyp&y>?1P-^yk8&w%J$@7vg0*+t-WQqVSe|;X*&WDv9iCDI
zE`(Bt!lwedTyXqcpgz8uEi=cnq~v&J%nl(9NbKo53x$*y4X(S%z5f>eiRedlwjlYx
zyYO{}b+bD|;VNr_l{7pgPAdujSb9i~BSSNdo}zA!6NHgd0{%8X5G@X1WSlt{Y<V+f
zumUX8m>5|4>TW?wOZl4>%q6RwO8biF{o$v7x+_^1bbA3)XOkX)Vo1>iia_R}k=@8G
z3$+srwfF1guZ*=#L)Bh`@I)&Vvu!5a8raA+a#HXQi?K3D>gJ1@8meFSX0Knm%=V?2
zMiS>EFlzah@O$n0uzmXLKUktcHU9G;QXgFmu$mKxFg;*4tMC6+J7J@uW=rK6sBIC>
z;$&+BeC{D#M%c5q1yIru=SC`yL?S=FfnS-YQbBxaBsz_@?4(fWQY?;#)j7H5dHIip
zvFD~`WcFu_)SjdG_Y3LouE>Ykl`T5{KIMSBFkqDpt}6NaNGOs}f{u!1P9G@<*l>p<
zYO^c#-{E0y;Qu~k`K%s8%#%#WP-#QLBmb#4WGLNf8!ph&^5I!egKlgVNZdXpZ8;11
z29kg32K@_3oLbR?yc#Ag6b*y2+7{JGBv@Jhqh*PwHyX6{Z?iY$%c7_^eRt{ni+559
zK$bF^aUyS09n}|j7|KLRtP|Gp#^1k%d*nwRd~LxwFj3*Kr!Dyr)EJOS?!V@Xcp-p8
zdL3dRO2{sY*<sG@R%uMh{#@1U4T)%3q{kiItCVQFN_GkHd;Iv@9s)}j<p$?V^zwa+
z#~iHryJ&zK9#`u%bE@|HcWF+j**FDS2+ipKfD#g3dzC2jwYvW4IwsMqrg})po^LWW
zZNY<ek-kQo)amhTo#nPj^G3^$Uy14)a0>xe244Ql-jBKJ@}b^+qOK!ut+LPq0%PEx
zM#K96TRGccv-^Jvi!{+dk$yeSxmSTW>twK9x%~ft_e*UE=W8v(`Km3#*<55h-uvMn
zxT)d(&VNsi2Nnt#;D0<LB5j%;p^l9X$3s5%>_ff+VSvD<e}q3X&_G!oq0z6_qC8%4
zTeE6SQT3r68|?7>2-lxId~z^HXQmY|J8XcE+_S_p<y69fAmP%5^fQ46IagF;d?`|6
zusb!>{i?c)V(I*<+G+ueC0;Jqg)~A#ip1l#dv1hN5ZH7`SduufIvYgm0a4LLY0vmT
z$2m?*6|3Xw`ufpZF7<6_8=lG}99D?E4o)g*t1|vRYSP**1NU<AP(tuo`6AIJ4B?vR
z9ok}`WQqwJqkRz#E`G3pvj)yl3{I2^D)njkq6W4zT2<EDEE(JNLdUi~{EAn#;a=Rr
zF^Cu$64^G`ISk7EC$s3zv&6jM>?GSs=!o<dext7Lyq#UbR0;{I+cjr=&!Ao|;Oqvz
zK9=x7yn!oat%(r_7Q+-Co-8LAV1d72bV}fNshS5@8gPC3d*)N|<b97%9vsVG(ZsPw
z1?>3GBtrgzcfF&t{D!03YQA!W)Uxir*NS3Wx_-8<j|W#O;Gl`(s`dm+Vo?{H96>}N
z_&eU?0>Zfbi{Sn?E)iFCVRXoOrwW^IW<t5Wx0`5>kYvW0vP+|qYIH`F-$2=T5ZmMc
z=bwtK0`oVx?n9gkKZYb&Yz*W91B48lKXN;l?4zPw$YiZlCN%Ww@)AT0&!H^O&k%+(
z09`<$zr&i->p|rQm8g{2^h!GzaeJyaTx=5cGYSWNeF<NJD=gAu+DUHb6K@q3<=nfS
zfW-*)7yn2O*!*I!U-5RB%5jAR(!ifuHKMrx0SCn@`Eq=I4);pa)!QtBABLBie0k>_
z+c^C%^Yk17m&DY$w2c}uLl7*ukZsOX@4Bt^T3F$%&XYLbi^bj>S$S^%{um#k`h-D2
z$?C^Jh9bK0@dw}AD!2BeNGs%!{fF?ZQ*N~+psjs&hBA;Vkdw)C<5WH;2BO0drP*o6
zsDs$Mq8gcwGXf@@5Kf@-_9rOaBYdE>%>9!~(>es8+!**PjAIf|y?{)Z@|3?Fm#`3u
zSQTRa6{}aqWVC-G*Skgsm3C-T$6<~L>T9(%D5!U0hu2XWVB|T4`}e~uO2hn%y;zRP
z@*VRl&7dU|%s8*;cs%r^{`L2L+=1h{9IEo*!aO$9M{SE7Azj$;nVZ8<HBjTX>IYLy
zt?CkC9jGfMSY+!ON3J}%ry}W*W2GqR4Vt8VPu;NXY=DIpVf%P;hZzXqgE&Lm%0aw}
zzdewo6Dl}NP?3@rb5_Gb7$I#3RCK)3;Ft(P=T+f{AF(U^gJ6g^VnKjJnPX3LkVy_t
zut}wBfewGxljfd5eN(T5q|Ba{B^$co6I|+B>(g;sJsmUJ#8@_;N{8eE&&YD^)M1-{
zA(iEUI%MrgaQx}+26k3GeB*>kC!E$nSbF_=64HjyoH-)=8SbO!_e;+qf)*@;e|K(G
zyE++Mu&*hEzg}m`6R>C&D}g{ulp_o_i(B{u9TwQ&#lZCQkYK0HICrv|Yu`mrGlBro
zh?m#EXdOZ<gK!i?rzocJ1a}#FX$Wy{jU7nOY);SxbN$JhJ3*-rpx`_gbckORuv~0S
zLlCz|r|B9~cQ^R*j{007^VKE+eN7xP$+}Li5)IYK7*E3;SIm#$0m<dL_{XDO9=hp>
zbNaN2R*5`mtJ|2_i7lvKE>fJo!8t=g^byHl)=E12hzvn`A^`0~JP{ri%446HWb+>q
zGrvS-#3LH!-6PWDTaK88j}RWj239g#%>9k9>-=;W3q?GW9p(M}268PP75lM9nl}$D
zQ=0tJ1<8fhKHhtOQ(Fy3kO;DyHwtW^DlUY5C`K-m*vJxrFFX(PPA6F9{x<@?q8N_w
z7)ONNM`}S##ntv*Am{I!Y<F6iA+Dpfx1c%C>vkeOh!)EP#d6&GM0HQwKQJ9!yTc=+
z`-qea#|`13!>1(v(ERJ)q)~*=5|Y}~c6Q?r_LoOo#!vFT_k_oE4l~zEqn@X8a&I{B
zCuLRcd4c?KdC$aTuvG!GId#F75~n)1HDc|d>oo3&o^xEfJSz~!Q1SF#Oysk#;Eh3i
z7kx@@vd$S}l|6;*XSo8vrx`^H#hLAwUdmhOQ>OgGj8wx=5k&?|($i!v|1ur#Lt1TK
z6YYXJ0dP=T<U*zp6u7H`!CQ(^kcBW@sTmb!?ln1M$o!Vndhs^9!#nn;%(hvY5tB2$
ziI3^))t3C858RFP7Oz%3VjogWDo_iW92WYE0wLq!pPY*Jx{a<wHo@qo_9uKuRL`YS
zz?ShYqfzt%PctOsBSMbde(u=?&w~vpY1SE3F6}od&86#>YP7ksR;fkKrtaxPijoZm
zN0^;Yaq^PxaIG5rD0Fn)bmlZ#AaIilr{6RmXBFyoEMB9R*AOusn9FjL`?5qE=O<`E
zDW2Zt>uBaiGD$P83OUZ!)wD)9u0=}eVVRJbSORGbQ6vvZ9E*Hd*kTQi%N@IW($;rH
z!DFr-jPtN=MG!ZRH&7$%u#jJ!Ef#+=GSzG_S^}R!M)4X3Z{HMUP*&y5Cr(-2&|EIs
z?9MHS7&Tm%4K1ZQ@O#$S%5rU;`ZD6W;D-87(aCXPBcC>r)P~F$nT{(2EQa;_HbC8=
z7|Fo+7%D#nFO(ji#2X%6i(A%yK^KsbU}M#hP%k0&VTvL#Ee`5|YxSYJM6UanILS`h
z8Och1f%GWC5p5GJZ_ExwooH7T3vY)%2%U}tR}P8pqiqBcjh6%-f^_|uo~v9TH8o%m
zJ{_J3V}01apZ)020qI0ssz4u*ntExjQ_73JyvvERh7Y3Eu2AD!m9u6D8l^6*G?JJ_
zP{M0`(5o5IN78XLilU7b*{FiEDS0RxKb#d9E3nx<XxGV*K;3vm{*@rG*mOoRiVLbf
ziQ+P}u1U(Q1kh@FpkxRQX%7-06`?KHqU<EbYa5-xCYGbK*y7F-m%UkH+<+(t<MOM*
zZWqs6*vHEm-QsVSx(+KU$C0&NxV}nRPoiG!Rno+2E`^(=2IaU&QE7y&GdlYCU;g3s
zF^q|Bqx$P*1#!&Ax$iisbK9D52U0TJe+~&$Hl#$_oQ0DU<+@1T9U?V$<>!O9A6DRA
zPsNpXv<62zJj_+uZ{Yg>v5<7^5gWE+xPzy5Pn05jM=CQ<lpa!!F9QD%yoy7r=bltF
zQh2ytlo;|9y<g_cRw|=2CLGQ)B6SKt99OhehjpfEN7B;iO93dW--j6ihZbZ7X&%nE
z`Ifn2DMBpSAV1j2`}KMb{9SX0zvuvtw6HE_**M&}kV`5Tr7I^ob%D%A^J_d@>kPUq
zyh=xh?iSZZzGm%A?a%f}nnJXA`?kGC=R+xv(V-EA`7>NP_2^)Qk+`1933|tEgm~iJ
zVQ;w?JV~h`s4=I=&SWwLWAt)f4wS)g4uatn3XV>#eX7TR)amDWA$k}JI5ExyCObW|
zE}%WGNJW8>!i8~k$6(BVx(i?Y;5|c)Ey|0N&)ja1#ZJR%xBphwTZ2?^e}M36%7;<4
z3qmmj-kUuZ&_qm;BPQ~7k0MO&`x0}i*ADW`gPt<B$dxdnFF1P{%~L$KX$aoQHP;zt
z{Jyg30!ls>U#N+qUQj3~dXaq0$;(dVoZclbSz(dW`qcudmcDx1te#zqq=R|%B?*RJ
zvayf({SEeZ2}DG_2*Qs@n~b7EQX_^h<Jl@9tU3WX=h>n*qV)*Z94I*?g!sj|{d=31
zvOCrJNnIv{_nVe^f~nFF_evpCGHLFrmtvzcM;L8+s$5OP)wtLsRKObDt+0q-RHfg)
zkQ4$bRbmet7Ds@{XtlH{6It9qOew5Ch%Fgd9=*MA$m>F_Lp?Rg9@<etPYO}Q+J1WD
zA*SZORh859(g-bVg$$-~jSF_7QE<%%>Ta!DTrC6gh*UueH82<}S}f}NG@9|UVS;SJ
z(10V;M)Df9aY7)A15GG;BE#p>88=<NMLX)rcNub_T{LmbSIJD3eFfW1<dw0VD4Ly7
z6bvx^TTWYu?6&ZL>n5&ydvPj>MZJ#Tq2NcwCvP9$G^&F=dnD$H_Y}9}3hvhPqDg5_
zsVc(1%gJgT7E#Iihj<bQ8;QP7knJ;8r-=2ktt_WU@?)LX7L|<;%P(TcFy+N9+0FjF
z`l}5ldd$KR1<?qTH9=4I)3MJaQWk)h0PSM`6-)i+1PbuAIBw6_>T1(a|HDro!~c7P
zjBl-aje32Q)~XKUqILs2JwRG<v8=;w_oT_`qZfB3e`Z`dC~U`m4EG3$f%S$;4|{Yl
zh})@}xTQg`Nz=q~;9ac?F(G|CZsGSNc+C-Y;K*+!SYlZ<$!7VWg(Wssmo2XjS8Um^
zY;b<{4=tPpP&)r6PW(el(T3-i=$x7`bAUO4PMX=!@N81Eo+>r#V;ti+lwDd0J*3MZ
z#^n|`f`%`eXG>Y;OysZ&$$aL{AFuiYaT`2d4d}vGTU5@3Tm<pT(ewO&`#!ow55;0O
zTX?Q3?vqoPY3oNQC6DjQm9AI#(SDDNjH4hr#P9N#aO-EkvYfH^n)f8RZ)_L*4Zi*j
zzG3Jzly4fzM`l6=)ABcShUBH%Ge170J<}K{nuy*lc$XPysIht2m(9aC^xwku=QYBM
z9FnHqOtBo&Hey%}vKzOA6aYqhny57)P}Qzo?ce2Q?PPQ;o`2@8o0f1>2`Jq}a20(~
z!Ik!_xKau|Vzb+d2>-P?#$wA!n{PBxcX~5a8z5J+ZobVQ8bx7ti6<(gC5KlMl##=z
zCWQ_C&epjRTx`L+Tn|$0W<M^a%0X81O@%ly(E#VoFX2|4n41x0z;}poNP!bRIn2OO
z@$GN6AQO_J0JoNCl!S=<ip#!$(|bDM5}uH_EKMl9?=b=p@xF}ZThH;AklE;cWkBVK
zbWB3zc){i&1nJkijpOmi51wHf9TaR4!Hu0PHUIn7N#Iy%Cr_de+8lZ@V8b(<Tu12+
zXCWOf2*Ny;T?6VyG=+O}$x-E>PTyc(suT^9RX-aFhd+amY20}7U65?Jg%I}FE9_JT
zB<ZP2V`0+_Hn{lQ76r7iqQF`M?<-a`VzD^=XdV-}IbEB`vF8mV)KZ$u<PyRyfl=^?
zir6TNK*$9aXsrQ=G#!TzGe!3RX@=glA3U?rsf_A$re-GPL?iDfgznr-=d)vj(S5ft
zau{_UIbiZSk0Q@9LTCN=!Vn$5koossV=VM^6ZM6`(m@Z8MIRt8I-)Lz`;@-)4;1DD
zHnh1*{I#N&(6iuqs)*wl>Tf7L-^3a6ujV2MuAM36hN)wfC-U1BeBkV`jKgpTu|pI;
zf9<^QHvMyp(3A7pf5$*hXMYAlS>O(Df}t=GF?Y*C@K#eV9Q#ClSdG*979ZMvJ8NmV
z(V|^fKy9n_P-@m?q}Y}qx=JS{gTqMq5^|#?v#IPmCQMW_3vI#(;lA5;HmyBrN;rVg
zHKpR6m3bYP?n>T+ueFQXAICZat|u90<%HFyI!!=c@~KkXCPizCwy%&z9#SOI5EOvy
zI&<j|Yg?wK{`mMSS#(`Qkw;f+#a%a94OaVhO;$H9iisR!e~+^v*mkSe<MwS9d|=zz
zd@g(U{`(U<TzUCXbBdbk`rE>Su;2s7QA&>CCNCt{EuUH?NK&EGSiqPJ@VLQ@M#5#x
z#|**6zd@)*rVwO^OKd7fyhJA1S7*e>MkYm5HQzc<IkQM2f)B91P!Q8SS;8rpObt7)
z+fanhW~Cpy+9P{xDVI1bV5N?tHHwX;?sAtP)++z*<CyW`xM3mUZ~F%+20edPfAS9H
zWU(Yqp3nMq%=t!SxXjvJw`fjx9X`{eP{KQPaZTxMUc-H;+hN=ctwwfz#BhI;JhJN$
z3bBCDgb*O3r{f`<>u)*MeB_sBMDK2%_J`zbRC?BO`3gjPE+?@+rP#40;%ijlx-yAB
zT0r`}$R%+)4g_|0(*Fm^C<Rnhw?0T~#G78fOfN-4`#`T>Hber}u&!TbA<AC@2GYy%
zRT(B4PX(tBKfQyp{#_`Q;gay*G<{9Zy97S#MFRVMEw`_wM3!5cV&)=Q8A@{@KRP}f
zGElQ<WOXkwGZR9V!%c_ei`9<t)_R9KW5u*<GjEpBMsY6-Wa<u8P|m0)*5;U?xv04n
z#gKA+U(FchGzuW;-zJl_G*z6(%fpcVIKPV>5C3n3HdWvjbpQ$C>e6lAon5BL^u^2`
za<UEg9dvMmAr1MQ(N&7As7C@T{DELprT>ov7RF+hIcjG^GF@b7POv$N^YAvn4%y_H
z(0}DT;68*@PdcL_#2EkfX$OY=P+rPIx!n-%sbO@O1&q3nfqiKkxoqxaMiPbP7gH5*
zw+g5+Hu63F%ij~5r9-E5Bx=A+S5#xIJi)p-Y!)De)0{_nJUmZ$eO{+BMUkAkHH71>
zY2-aXD<9mQ5<*sx6~Dp#@t2R`Xn_CWN~V7c-wtEk_edN0v}3>CUQ(xECIU1PN*K_P
z6MP|EVdF>A_(VEh{Cpp7<{K1x9V`h<p@1Tz?>l0Su*`3Q8elh%kS}C*Ir<0RH;6rz
zO<^I5-TD8#FAwjrd2dzdq=XQ1CJKE!n_a;ry#LeGj~Gj4A}@+9I#uB67I2jU4!Zrj
zJ|s98J&aMeR36C`3UNx^?Cw~Fb|9XLy`!^P)TPAK9?l+TeRsrqB;Mi&)Qt^8K(3!1
zY_U<?hyodHE$p<<CJi;IrCW5+zhpY-2vF0D>Q&%E%w?7Sh@U?7ed;)|eWK|hJpXO_
zj3cii3rZ59E<jQ`{RNiAn6y2FXMupvG6K|?&}3%@d1rOSi0fEujVhZHNH9rdo>9_t
z^9nR68bO(aI6I2Sxg;W|%)+A|O%ie~8|Kri_4+&a9;4T%AD3%g^<lmI75Z;woLPfF
zm#Jz$>*;Mq0K4`!$YWE{YUAWwpw$*dYwIvYoq{b%;}0v+_>Chkh9QxL4ea<8ZVcPJ
z>r+fu^6=Dh!ka4hlq-iOxDODL%>F42jrfA)m@HsQeR!om+lVI}D^P09HK9fCco@V<
zYM7(eVI=flsr<_nwaQpV7VY{@Ph`y8b0gr^-JU_e#KqwMW(rx^^Czhz;k5$#HF&_a
zl$_&k`DpMfHRrH_lZpFu8*6D#n^6u^65k=C&Y8q@OG8UT)L(j*-m7^u>6X#ff9=sm
zXFrcUEYLQ|DZE3?1Og&_ScMKfk<A_vX+>miN^oct=JZbRX_#5LCFCe!fp)L&DZDa-
zV*7^2jp|P3>3ln5L`3|qIuP5J8BN=?lZMI|g8;0;U;jX{y4MhOKN`Yn?K4TS9j`EQ
z8VD7(JuhCOhc)C7LL|Es!Z?-%0<VK!lptJ%6Ovzy4P+eo(lhvBUuup(G$*9w@(;0c
z#41zI?~Y}L^MsB#+R(*H5b|gA`_4r)8j}%4Dd`*Vyt!<qhOW@Unoa2$4Tu1U7gi87
zYSw3fO<0%O<(}q5^9>`c;^sO!UCY)JD-~vc<K7I?h>f*$W5Z;`f}n^Q?WhHM$@A9`
zurbN$<S}!(uT$+ZNE@!A#8z$0JSVoQ#?!hxebHk(?oGxd1I0+Ivi}YAH&_*gQxktk
zk_gMtbsbqMATYGZgL^h2(j=h2)jf*}FQoG!`lz^Q>pVXDOM9tNXCnQbUg0$b1Agbx
zS4MLqim#=(@{M3ozy<y0lec^jcqcMd%jcgsnja1LaKUrnvO$mRvu|36q7UCzuTk)}
z3{}WhV`hC^h`i}K5plSEIlOw0C59a;(hS7L9#^6!oOmm`UzXpN-Sx<Bf(F)fVEKF0
z5%9>>Akx|9Ia=F19Qz^GjsEFYdOFxnml1GY3WxBtvpTe<)Pb76_BVnwd--}itkKqV
zadSE~mzmQ#+NOm{Y|}7mLbY|7!=W)YsTQ-!*Q9wl*5nIvjegXcEsY17xX30ce3zy0
zzh_$bSqG^gD()lO#IVkOk&B~#Ikt9j#1`jEoIJs+7Tn#s5ABE!9Hsms1-)ct$?<Z8
zdK|e2zg;R)h#wyw1SW2=|Dw&DiKdOKsIX037Y{ljn3letc_DPa)*&VI@~lgl`JV|9
zYCqL<mAr*pENz@I53cAfBwL9AkoH=@E}%1|9Y#4qH~5{J8`Y<wALH}q37<Q;=jymD
zts^(t{8{-sRit-T!fQEG`;GMQwl4w}9^~`keiLn#lvh0^D}wlNTMskF1d^Qh7$r;|
zH26+0NBA_E@Vc>AYEjv61`?0{C4{?*q%0H!Qo*F0P_d773pTZ@?vjL2lv_eZL7E~)
z66*)L^Zy@rU)r5EvbEbk35ofmjg>U99rGHJe((9B1wz=01>ztucK`ajhpN(4C6%z#
z=iIwix)a-&L8{udhi6!$thUvaZ?ul#2Fb|iUSFhp*VRuIx_4gwxsB3|hKsMISoM8R
z4G)a)iF~2$_D~^@g%{o@aDv9jMWUm$HQC6dwAm4SA~?=YDIBvYL{@{uuJIUC;AfVx
zYA{K6x=KGHCvLuK0aDd9vkX0|@AIKAx`kgb#5X`N<%G(ey+=8K?N_mo8SzuAm1V`#
zZuF2Ip^0>d#t{4X{rcVPhI<M0F0Q`_I&lD0ggFX*nJ_cXWb+6p$NT_cs-ne?-MTcf
zXtmdo8gjdF;LE(tL%q`ao{-yzbH~H6s(7YK7ij(!6MzME9_B|_fyPtWT=6W#Q(y(j
zX2=bB^KJMJ?+e%Dbn7`|me6@PJTj#8yEq6Pe+Uo6ui#OZZQkMio@Pu_X7O@gx4c0Z
zy!QJXM#_SNu7h7=ezZt_Mu+2x#YtO1(b2q2fLSH`Ax_{|*2!rV+cD;c6}?%VnomPe
zC}6yLMVWitZK5hb6A;N|ueW*Jzy*pnXc&=}%4)s4Jw_JaTA`}ZSW3PTcbIkW=z>sl
zP`*oE2(Cjzgvw9xzMOVjq2_lvw}qu4E+Mk&MEZ3fa&&{JliY1DeU4^VaILDJt>;aS
zr=&ocb%A1#71+!Nnd&g4xX%|@j(OjI#3-iVk9@^a9ZF)H%gVPo#j|;N!C5XUdx~D5
zD0-@Gp~-Qo_sPx*ralpK=8(id4$eMfc9@>}E>j9cC?rQA@+Tsb5r#9!oLTb@_N9*y
zNg<akLvDqYBii*H^`hWbWmRYII}7>UzRsi}x~b)5;xX!+AIIqYcr~Q|I|Ke}{1G?E
zc{(_(us|`ALEr<9L}guWApb;Z3`yOU_pA!EfgNa($Ch~lJ^EW3A5Ygfx!puca@-jg
z8&(bA&p#y7E?`9qe*>AW|N3~VK}Q6zD1yIjrZK{Kj{SVE-?0b~%ATao-nt%e`=vDk
z|ARLz0Javr)ep#?xFeE1>AL@QvM2q{LL>?BT0Y+r-`&WY0{_gW(7qee_lL=5lZHpV
z5S?ykIXyqHzi3zeY$MXv8~NFux}9HYts^ufY!2MVw+owEL(%;9wx}lCGth$bo!)}S
z6O`Y`hbub~`Ei_v;R|mwT${_6&~5~62OQGZ9d%{L?8^!tD?mdFoH0N09OcNhzdVnV
z6V3}6jwD+smmp=`&dYT7iqHs5&F2`ec41u4jWC|=a8CPz9x)5HjI~0r?c2u|Sl4!S
z{St?Rcn=R2Cw<ijrqg)BSEz)6q7nvmZZ!(Olagl*wgaSl4HirdQaf3rr`GIbB-?))
zR~X?!u1lW>Zz&v;m`0pq(ZS;L1@9TcYn$LkNQo{Ay?&5jgFJNk3Caq-CNxCWR+^@G
z8^hgtxjQnmYM9ZQB@eO&b>C?Qs*w#z#yr;y_ljmUmt782vdL67B<)D2B*?m->ljJU
zk`FCr8m*Yf9awGRTFq9}kc0T3dR4mQMboP?$7a3%o<?c-w<tnhrZsBPgKV^u>sPu4
zRqjkz?i|@4#~f0OG_bWfTLvihWjEX?j&u4@Y(f2iwk$Ek_0-M-uUY&wbC^?e)LLsD
zZOjz$j69U>ovSi<M?r-9a(6T(Fo52xyVKs^pVDX4)6pArm9y#0@v$r%uM4wICllb9
zzTr&Kg#+GnWQ^qTpg9`);%JbP6u3mEv=;~bTV5p{P7nMV4uq3mQtJxG3sEX749sw+
z50G~ZeTF@zS?r;o!4JMcmdjbpXh(fudKTp8r%Mt<JN6->F5l4wRHVl=uz+9r>Z2R?
zbbjkIG_UX-h-uNzXS>Ry{2>LG>dD!4{#>S+u+zhy*Cp2c;))>xaN?7Wm*@3g39J^$
zY(2s`fq|x=6*03Q0p`|x&Mo!U$}Y7<-9x<LW>?i~6LaIL?5f(>R}t21`DT~XF9?Ou
zl(^WTh*<b!p7x<;-5oDbN^*KR)g(xdc#<7)LmGZG4_{FS<egSxkKCV&qc`h9xI_MJ
zGomvqu>X+6-$-dz!u`LY4iGWBEph+KDD{FYNHT$B8g$ExWbI3pI+`eFdaMLcDzxb+
z7g&cvEH^Z2qm<m%QRBS~*l&+>-gpIX&<4~&ri1pKPpTSC=nJM)Z`!xO;`16Q6I-v?
zvH5Us??2~1VF>o25?iMJTJ4_0hHdkLtpcq;b`16GsUfdxGqs?x<aP2E@>sGyx2})^
z9^Kz5p@W2(LXw`fmXzOFsjp<`e5PW~NC;5oeWnJ8dgH_k^&)r2>Axtml%L({-|zE3
zUeN4$b$9HT=VrqX&&|9a@z%p|g5AQ(JA~uX!&iYn<dq$H>g)N`r!InK7iifoRy@4w
z!KrC(n!FL}jZazvU+g>FimEr3Ame;{*utl@*Qx9%Rru-s8+31Na7D7Dx%Y+Y4zE!J
zao}(!g}K9V>vQh5HWZ@Py8i11lwu9c%Fa2H++Sz9R)eW+Y}MTCd}Kyo2{~~Y@y2Ht
zWNigUY$C^D(y@BH)f#5=MwOtI`|!9VCWm1}ei0xGvE5iLFdFY#m`+QZHVuZX)P;2V
z!G15V+fjx0D&_kFjo+SMCVp3YbGo^6*UwoYwW<Ook#JrkxS*$s$y0Q-JRBnYbjJhX
z|MkI9=T=t=Y5F2j0wI@}ioQF;Cn?^Fs9XG&)~F03wV&*Q@bk17Wa1x1nfOAV#TWWU
z@r5gYCNxnSXukzNSy%Nj7`y@1L&i&ptdO5Y_p81%o|9e<bir@1#Z<ll)<Ee&&Ja+5
zr6UPE$gw#_Q1OPD^wA|6N|}j{dIM%tr%6==Puo5qq;W;<%^@=A*Pj~6fKDbEP+8qY
z=P#krAy6C^i@ZXmEh(%-5hW@ewk%t|nC^L@)Wj=?U+3D9Txz1YAO`6BB{|a4Q#<?x
z6%s9Rj2|(3?)JYPk~5Y!u!0g4S%h7HUH65ML!eSXZ}zOmK7A|~?T8K`tl#PJ4#H@6
z@SC&H=!02kWxMveRTiM18-5hl=EaKg8c8a_%`l6juy|Co<GxhNI`h8^lGubutl~o~
zFp7VQt6rBwIs=I}o5V>97rkSxi8oL_q2gMKYH%pNta`w@m7ipkcx*??Vow6s%C2YG
z9IQMAsm#AD<gDDTA%Um&gUbDQle6Ol^P(Wy`KY#J1^Tk+r<XzF{xl-NL^`J(Q#*=^
zDXV^z<5TBK^`kV97m429iKdB9LpTGz#^fZY*9EJQZ0oROn-XhlZ&|E{gcirAP;CEv
z^_;qTW=xG!flnuOyq4Z5W8%-EOf<iq+^MPeDjM4tb?BmEhfZ@z;?#SbCy#}pf?aE<
zf4_&zBk=gY6-I1ZboNg;KF(3Uwz&SVeAyqOBnYFphB4E`+5HslGxiUmDMz@a(}s5V
zz?TcAnTv}qI&)7@ap&LsT>n|qJFauyYw?LI(i3U(=c2OS@<R<78J~(z^)>rcR#B;o
z<7~`ONLYJz2shCitW7*2Qgpk&SSzZEunuHdN>l)2?Ftc2Vg4UTT+pCDorix^=i{81
ztV4L$$vY}W_$V0xkDgWejmr%w7Qg$u{UuF^;Ug5(5t_R*a$@n?@pmqYYQSkNijlgw
zYr<;?=J27Q+ytN0-0Q1PpIxV%j&h&vU)=J`(qxWOXg0&3h7#{i1g%%RIhq(X`?4Zo
za}+5wbbun2`4XB7!HK^9oYE~cnr4#|SH;>-*YPQJaLM#uVo7O<=d}1mUSZMbv`4m>
zI-T8KPJ&0x3K{?GPg4@)VM#`d59Q>*_iZNba4jDUJTh(5(e(qk_oDg8h{?}tL6%vh
z=4B2?GZWzYb{2ZBgIHc^AMm~p8P?mD+o$V)<zI&9rCn}zq}T6vsH!H3gei((qFK3;
z;xhu!bZ>wprMJu7dyr-KR>-y9et#q#Ck5mX9dxLP&IkOLDF@YqBY)n^9|S!OtzeRu
z)1JjdJw_}G+5dvvXh+D6O6~u=r$J3OvfybzhqTtf-SL`*>WOJL#^zQ^>?p1Bl137f
z&^IIB&%Lk^$EVlDM=Uf^-g*f&>bhNI2crPvEi-S5R3xRlwo7D3_j}RT_y=;?+S-Q=
zAYGwjkn?}6j^Q+Nb3>mS7vk#aob=qhliu``{PMn)4f6;HL_lGFp@x%)OoKY}02du>
z)A<fQ_aga$1q`v6C(E>LlxvF0vFG%#zxO>6_G+QG;vTWJXo@>zRZXm~uxH7M$71<J
z1(#UZrI-EXd0R1M>X4DhnjUOS*We@+jL)k$p3Zd=br;Yo*t;{r6HM@=nh*vJijS5P
z#1HWPMo9a^-~EtvWwUNy_bUnMyhbzaw(CQoRvmxS_aq&NRBz2reXaGwP>(b~=#nJZ
zY`5%%@%{3v$spo}!4G=vAS;#eA}nA-`9{&fVq6N{xG;KzFlp$_m5p`Fvhf!}sV{K{
z%&3QIROd!(yz<dn9orB(v%@|s1M@F4;@KoN4QmzQ$NLoo3#{b4$do=A(p-gW|JaVL
z(UZvNhNKgM4T4liFIr0FiDr`cr8a|@|DIMHIVt_A%DIA$lG`n$QgEkZkxy}VnhOc7
zR8mK;++|457XJSdYwZuchF+Ao1HpgH*Vb3-rP)2KaDN?ELS%4#VOwVba&|nhq6i+s
ztrZjJYw~#0Ct{7x5t#rGi3=@~>ty|2JzG{ELti%AbM<`b{j1T3oj&-k@4&0Ak*;NN
znwHR)Iom>$qV_x$Er<&HW@h#ft*|JHjEV8}`_=A!0@vjOlnD+akX~-s&jn7Z7vuXu
zVqUsP{tVy5&ihzOSG=gQqR7pS@;dJbnuRSKr#18b7L|JeDc*0ei(&3fh7=%cUs%hq
zp$0vfC=Lrh&HUx8Y~RKtZ%Ol_HPa1LBTCeCQNzRpt6p6r>f*UtTRAXoo2L64+B2;T
zzX<F|=gEJe>zBXfNg=lBrDtmmB@3tCGx1#vK*D9jWC+yshAfmExmJSDJe)1x<7ByR
z@T|k1cB>m9?|?l=sL+v#iq?1_w}V|Pd0fdKj3iN*t#_~(gQFZ?Zi@t!LzFP+agdVd
zimCmHyor3YM)=VsxLVhdL;nJ%ObjzMWT=}OW9nxAW4A~8GtvzVa;rs{9v^nGf~={?
zQR_G9=n<g;t>oiIjxViz%AVwblBhGZvN~A{?e=1sd21eWh41{EUMDu)Wh1F3PN#Pf
zYyrVMyIS}@R*dXxza)R_@NEyfm{7;{PNCL05-NnA|M1UnJ_c|&`m6Jr=2l2{K$S9!
z#K;{~ik3R|!u&XfQbFl7BYp%Ixjgc{RY|DXwn@#BhdcwDTR>H0FL<2IDKcYu<CX2E
z$Ae*DrniqPbob1ijls<cMJ<qhx%r;#zMo=cHm+lE)VI7?bQ@E{Jrq{>H+@4L=^9Dk
zU&cm!tsmiCw3>{s;Tc|t<dwG}bUO5l<U|Q4NYC&3KV8R7-_v8b^#g4Fd-&}JyF$()
zQ3Dqi@p2WtI!FvxVx3TS?$$A7Cy>!&_3o3yh|j3uwi^(_RfU?lJ4$jU3ag_HJSW1@
z=AFbwwFE}m!nZ=Csb1!^mxH|)B~ByH(2!jCo^4fMJQiw4!Mzj*TaSiLh0|l`usq*!
z8i#1S%<)7^la(F-+dHCgXi^rlJ9Lg!wOyvh62-ZXc5oN(!q-p@w$!oJlM>wu2*7!>
zIFxcWbK2>+i73*WM`&SMC8$X?&o~ra7;KI6j7n65b*?jJG}Z{xvL^&!F4wqqsMIj%
zRH^LO?2@Si^qWr;NLAqh-i+iYD7cQZ>Lv@Cb-eI84R#^+S|RV4U2!z<Ld3}Ruv$DU
z1Ak3?!)i|Po3u?f&4q5g&aSDgXM$r=3rGPP8VHe96$yt*HBmklWj?>pQ>fqOJ|zQq
zK~isqLw89HyF|wZN1s@>yl)MNf)d(YA`|4Gw=4~0uUXr<TCWxD`B}u$ilnTyjcNWj
zyF;R=&Xx!4E#dCEPEZPEEy-(AYhNLsb*wi1^=Oe_A@oozscRhXufw;7X*BEJSKMCJ
zEJ(q&A9i6eZBU&6quR1H@(cYI_{Wez9F_+NPY|3T3w@zkMOGz0C&^3W5juu@ExhvV
z^ru;jNM@N6B@<CFx^rrb?(z=}YCZ85&pT(}w{|{oscaV)+=S6;pl1wlIWWJUiU_#5
zZ=4p@1dEsC7)Lv&e@lO73vGxI2Trr?X)8M@C8SRsnnFZ4Q4m9ULb6u=^6+%Rf}4+I
zdk~iLi}|z~$k->wb0av{cfxs_x<60}DGibX_De4rfv*}1WgO$v*IubgYV7zaLcI1=
z&06+3fg61b@W0zQ=Mb)zF^z7MgU_V7*+p(SfA}K#T(4j;>|Rg|#Ap2`Rsv+>=Kzk$
z6tX@j&T|!W6*5;sF`~OCgIB!hH+V|PYc#uU(S7x-g!7mP<8<jgsHzZOo-}3PUX8+k
zpJ0a_6Z!^=c1&;K-$Xz1Ty7A-?I{}TieHDvZdbw}051G0kkpDl1dC2*N-Ah{kYqN)
zXU8}T_&e9C7rO{b%sE#yraomgv(_0l8&h~x(zwH_R}aYSRNx5(N8Ubl{+iOCvO`ek
z<x89_j{>gZ@4_Rk<s~sY5D-KHU!T7KBQ`iSER?9YOv>9j)q0YBDSP={EJoeWbe?>c
zqb8E{V>ClSm)ca{;usj0>lXv&Mr3WeAS*i=2n<i34S<Y1usYWpkRU!QSpm04^PX&6
zk_4EIVA7yX`tmO6x8_mHh4_k5^2$nrA}uxz@~FbDk*hFBx))D8S4}MF``<~qW+G<(
z+LNyseeynag2XE;&GrWE16Yy!<=Q*P`PDZ&!+LzIhquwh1~wJ^S=Gp4lipBXZAd}}
z>%&Rj&tPTcXRtC;cy;=KvXM52s3fM+1ObixQw%5W8#Ygk<B~dQ1}Jeu6lIv>azbhZ
zzfJKNjD_oXi}>CgHklY15KmwU1TU!DZ`VN_Juc54wF~c(Cnm9QCTGt14LXZ0c->tW
zuiYL8i!t}*lozqwp^ptav@UthLzZ+`U<`N3-_SXeU5FtcJP1vJ+llk4{+IZKi9w3a
zKrK=cG8bDOf@dN-o>pk3aA42dTm2p^Nvm4J*UJ8HIar5YEK!@B2ZbqCHHj)6?TU(Y
zNX<>NoTZuMPzX!2q5lZ?4iBw95tSMy3sY6r;5;>-Vw)UdO9TeUOmHiOyC4eF2gt4Q
z8Cj5A+Z)w069)CnggJ?#nxD1kB-%Wz<uIbz-3YD@p2cbIQ!a{(Vchdn^%+vX@^HtN
z$<xw>XiTdOx2z%tXnYiNbmUa{#G6>iZG=>t$;v6Qn(MgAB+tK3(x^yO{#e%3>&R`X
z#_fb_4bPNCNefJ&`(xwP*vg4LGlldpXHCt;ab+)bi$fD%t{5A%f#{YP6qbwWh{}cA
zwYX*B1nD=zBjv~xB0i_bq~;cAC#Pv|Bhs*xE#fWp%bF1=&R_<oFTx{Xvv08-Q)5Jz
zb-)ZJHV${Yh5hE1y8+c^SqZnCZ|_+feD|`JBo&1fBfYjqsqi+yqZBW6&4EoWKE3>J
zQH<Y*0sXS*f$-1e>1>VY8f1Vjb|}EJ=VEM^mCLt*hVhShe-APQOV0Y+5|-xnNU>BU
zT|dZRa0hR-kdT!(MU820VMwXFv`$BPrlg*(V%2aI^=hj_tgNo$SS1On&dY0v&ngDI
zReJ?El*Yai57Ukd&2%a;hi2w=Lm_D+nE(3?+sokJf?s=~3@z$%ISy+Ok#xD^-bXvg
zwNlcI@oLQ6ziQ3g$@Rn;9EH+RzIpQC!yo(pI-$Rf*}t0UuYVe38M7-YCsr75yPY}Q
zxgv#!RHOFaldLh;IFs)oa^E}a7q){NNG6GwY7y0Q-ee0zPHpE=K{-6e)IEAsP~LWH
zUzG;E01o^5+=X@C@B`;YyK0Qbtk*4$Q1!&FW^o*+K|EJT9k^H#L9(|E*U@t49}`xA
zX%u0Si&u--p6{2t=`AGDQC^T~<V$N+ogfnq3F!Hy0VMxni6zJz^&i?Ihwx-C8sfrf
z&uY#7TeJ?gYjMb2nt%~QZjG5`3x=Gw8&c@AI^#)ne8*@p=;0olhapOwAsEx3O<5oi
zA;Ucr6cGH{lD994_=@OXO7j}fY2_ZZ`$EQ+Ov&UW)!$IxKzGIJoW7M(Gef{Q5W)*t
zC2u2*l)@$RG4!}$cW!psX#vcDQjjt(v1uEUPBE#ijPf%(<ieqihe?5R(G&v;^ZG${
zbymNsh@574Po==CvtrRMaNH94b{~|w)Qmvb|Kpd}SMM7wQivAtJWwM-zQ|ec96{nI
z6cM_|y9Tu@7O<TQ)!!LsYOuK~pb~i4m(hx?5?1s57K(xn{mo}k3GQGttCP)o9qf$N
z8u|I=$M;xlL1zRN{qpqmeDqazX~8}0&oeONHCkBO0WzZchG~tIC#f@=%)hG^QD#Y6
zgV;+{A=pSbyG9U#iG=i)xM0xYrL26R5pVGqvX&ydE_4pZ+P#SgYQ2tq0cqgIfe))9
zc=nI!x|j*pNwgfGY>|-p#=H!fv1M|th4Al3#IAD4f^6umIpXunf)>m`SG7p7tgGDI
z`ic|lq8u-*Ke8RS0v3EDV8NgM4E}2&vF(0<K$Ta4(gNI@)SGQWaOaBR?4L>UGM#;a
z#3iAPwv0(_%=%4pa1<0h&*|Qrwp%5n=V8isUCN~`KMGYb-JG2mtXy29B()76W0Pc3
z)%wnlY<2a610Lw`*dMzyHV1I*|K+Ma&*@_pMN5pOY27Y<Lk7p3+@v5pzv`T0iz(O0
zuZ4LheY8y6d$CF!A@6%xNBTNK-=}Bm(eGi3?@?;&v>M$s;oV(`bjwXhZO+Fq4q;8*
zLDFq`QfS*SMSlWTjXxyY3ka*6=5rT)MS|`Og<T;F_K%z`D6=~FjTF5@<)MY&jZaU}
zPFjfaAiu;SANa&hx8TaU!y2P9)9gv>Xu$2rJiaMC`shUVcGMKKYny`BxC!A1wW6pN
z?%`P7!s#8yQ~pN0d`dmHBxNC5>{1P+hX3mkyU5_S@iC!iHz)KwN9-zrcBaR>XXhW$
zd&UZwUkk;Y$0X@|jV@dBFFrr2lhb|{m*C@*UDhFL80>qkr@#8Q)>$OTGD`Phz)L{(
zq3Sn})4Pe%7hWU_IF)NHS*<kuHA%-jjkNeVZOUC%`=>mk?~_JoNuLvq?+*TQhpasG
znDu6qNPN*xUiB0-XE;r>A@EvE6D&z(MUAk|V>*Y}-CDpdQ(J&cv|M=g<s84t(Rtcp
zUqu8SD>+L8VJE|047At_pY9U|(I{QU@P-<v{YEG*hPwmYv1AMP48a9BnMEj9yJcr9
zsv=k5c55e@LW@m^ed(LUH@@)6#?PO>!%eZC$dNb@`~!uY%>j1su$w=hj_c&SyP;Jr
z;z(J%WXg7UvjthUeg6?dCgS-clze|pUML@G9wv6-I{XzbU!=^xm6Ndfy*u1WrtAey
zRspHPNi;DU8$1Mx1b642kMm+qC|xf;hcDF~6>x51N~OX9#m^6ey`8bNSAc{LF9_+>
z-EG~Ti2c;t{JfxBRT66AQ*_k@A(TK#7C9#)RKb*I)+=8j@OpZ1N_FYd)ih22vpChh
z|AeX`sJRCL`*CY*2N#<IL$vsyx#Yv17uodr*+Ur`$_1Ev(b&W5xwT8K+QzGv0Y=ee
zqjhHmJY`3ycGx@Wdy*@rT9l;v!?Dirjs*Ib@p<{4!m7nCv<>d1=Tt7K$%i0o>uMTZ
z1$E9+2d0njcn1rQ9H;#w`oDh`GpXz=V}FS;`7L%uFVRyG1Z&L>7{k?Io)TWTFRR(B
z*CfGKGE9(>I)4Z3KVO~7nwtp+<?x!u@YtY)JITZ|`T@2!U^Vt(F-EC(l#b*jik4R0
zPQi@i)1@Os;HE-r<)ap{u9ZdXB`si=NRU{d3lkcal2h^tHJt=Y!Gi%SvTh@foL)LX
z^onhyh%A-6q`41UYz>j=2~LdI*!i_#%HF*16jQch1c%V_zyvMVYkf7T6U(^*2TXy7
z<z!}7YYB7Fv_W6C6say^LuhR0FB7P6db30LN*Rihe)@cw3W~v*UJsORyhyT_{ljMv
zszRAIB70!lW=fVeqSe^{OE#No2T<FCu^$0wVIFQz11;x@v#Je|2Vzy7ft=1Rd=hPk
zYD+ffg4mAg!@LK0zk*KlcG}k$hlb>lPCM-4B2wUjV93%w<Fd5RCC}3DRiC9L*So8R
z*$Nhe7=cXLI9(*vGBje~d%o<?Q~Co-3*)d4R}Nn1F#Qi2un%nv*l$cKqLZ=#yZ0l8
zZ+gB*9Z~W55Q8xGuXgXWydiUa^r=&D&p$@lcn%f%q}oQJZ84uG#Me7R^}kgnn4eTV
zHBHD`R7ctlRaPj?BNEY=1+m3K9V(0gibYY6sZ^RbYZwnF`@NJguCBsy&bQ7W_DtQI
z(~jaeO-&(jfm>`WUYkYRCQT=>ewR9<?+Dr{wC>6^<HcD4<G%f40Cxw^B*W;y?PVf<
z6xh`wotoq?y|(Sui$Ry!^_x#7f^3?F4t%ot*e^gR$2kb)L_sJ?I2fYGjSq{qu-?al
zvh4JVRAub)_-nj&M;e(-AB2wV9}K0hhz^|@Q;`!s%iYAGcre|VlKL4^0EA)1I>TWY
zbGnL0g3E%Qccejn6UMl|!u28%bacVYs#d$v2M2xz1ZXcSCgAgnI=aFyfDO~EbMCnF
z=j0Txf5H*AdADfmQGVu(#HWNMa|Lhj{qInq7{@0#z@#YMg@Qo>oL=e%4|vdq_OM7`
zQDP%46qq;$tw^8|<tnt<TuD2(WRp9$7b}-~A-Lv(CFiQ`5FMDhk8oRjnch|3tQo^t
zm&s#vftqr;mK|m|TzX{m*uuZcZR=m<jw&H8Cv2)=Y<^PPmH>Ci4Z=CRXxb`Fgoc|P
zAWnk+<Zu{RxH#k7`<3B)q!d}z%=-*CZy#ypE4o7~`-CwmBJp^s8d4OW)W+gO_?yU|
z`azPsM4=~)PsaHl>{xDRs`WkL_tE$75uc17oZEHMCxs0BD5-fxK;Q$iDWyBgL&+Uw
zpmRrQBR4Vlv5SrJ4@M1KL}NT0SP$}U3D*}rW$T5OM60B$dW#0J=M2<}H?9`cdYcQ^
zH&H2GQ?m)G>N$0iQAq)@!8Z|HvPVMYmH;*vLZ!7So#oQB6DurJ%13nXe(VvSy*S`}
z|1i2s()9gmz0R%YbaHVspLy0jfBSf=kV;v$ol2#4NM<(sQ=qze1z!Vf@G84Qq_pD`
z(*fSb%iuQ1-h<}SxP!+KLH-_sLax#vivD_r+m-IovxDU9{q26|AK)ErjwViheSECI
zp}P!+&Tg(a%D+T!VzExO%KMD+AePubDtx!gXUw~^OEHd+DVbHpiXj_P0B$m!>oi-9
zC=QC!d4vmw<aPMA->7o?K}2*8U-J}iBXiDOlMk@DJ5v#>XjeOQ;a9v8RUt5{G!(iS
zZts5iMpAE3)nF4CR|W1Ym829_rHhh0ao|%|+Yf}knqF(IIbqav^fO}bO-L@B+SAqM
zSRd9oGG?c`TT*|iHD0pgYW2va&ejPa_ZmaUjHEtXtq4fQ*Km7iVSYM>c{!^z@0?Y!
z>onz_S|i{T#nxI0q$6eVEnGj4B-bKQO#|89ZD`xt+}Z|m_{Rq9?dhpf*KTVfrNSn|
z7?o>`NNrjZk-15GN<XXREl9WIz%46mXRm#!)>Y5ec7`UVwrI`CEdTPJSI!8zHD{Bd
zBSo&}cyfTlAHVk)ZbG;eL71ZVX^Nsr*dFi%IjztkbGw-)-629g1zg`a+#J2<tW!qy
z*8X$|;aoZ#PfI1VTQ&k|ZL=chW<{Q0BTR~|#Q01SDRmabI)xRFY}F`C*&;G?j}Ww=
ztZ;M(JcvFW=+gNoN{6}0W~Wv~pFtB=#k$s!nbgTMECr^#M0zWz%jG2D0v+oXmz%*p
zVuT$`?xvYJz+bc+;0a0WjSeBbL+r{v9g;JwAAc93Fxc|&ZW<^x5P{7H#MnbN1m;9{
z(e5Q&-$kiVT^yk%6y-P~votq~x<zk4b&5(ov+34zIzkU&kt`6DZn|sZ^aQm@bcAzC
z-L~%4;fW9w%!^4$ZN^_8Eu33joXSpcxj%+*pW!|I4{XqA6G35xx-VL5)J_9r-Rw^}
zppG4>*@`g?4on15Ai^0^6NNbv?6k&_FXx<h%T*|NTJE6KQs>ivA7PyLT7xQFM|*<W
zsJU_nj5PI?g1G~!CEUbZmtH7D)jUuCK&mAu^taWIXKKZ$Eitk`p}3F^LKe2U?TQm^
zf4L=xsy2#2bX4e4D@bW-Xpzez@WiAU$uFqCe%%h)vZ7fnoDy>TL%ndHKFQva#Wkh1
z>dIdyA>PaKEqiCmKsr-ywbcmj*B&VyED7axOx8pUm>DO*9X1)bf?scgJSrLM<)-KD
z8ZMu?rt;dfC6z4dteHh+2W3&&fnPlJ20r)Zs*<5o14*~4<9eY|M5Ba4j<eH(>im(5
zYd<V+XRtZs(YR5)_sZ$`__WtK{a!80XSt^<4=J?c&e0qwiRl}xnb?Lc-=pJeh8cc{
z31^Ef!Y4&z!l_`rRl-#ZMSyz7^dM*d!W#CLZ1Jd+#?|Si*RaF-*yPMnoyOlGtWKU!
zyGAfOYmGz!(i(LQFOl<Ex4Lz9Z=wN;y~XV*_MI}6$To-vqC(5rFkfs@yxnrocB{Vu
z+JP9~RrCAq`0BlCr+cLV<;5{wJEBZ;LrE*6AZj^bzGWChrad2)wBw?|WeUaa@<m}6
z>P1JlXCn~2P@0xCc<j>8T>IfB#Bl~TMo@}f5-%Q^8KaF{8VAb0q<@HaQ|~@mG@R`D
zEoSWXMwE5%I-$sj;Pf`4jNJafLJnTW%$#Yh1g5YKXD?fG84*m4F)|_;ZyeutqkCdg
z=H6Cg<A+&MLKvLA8pWa3s9@9+xrg@(2j7DDmJrA`$>F@jL6UeN;)1nns@}iDX#3HV
z5-Pmx^3w43kj`Uk6hajtt|iSA;wy@xcK7WMrFU6@Up002t%wQ^m#g%>{}fHZDoQnu
zZEF-y>d6HfwX{5MexOoc1^;}t8Z^6IYFR*J+ry@LZ!aQm4b8v2lC_BgHO;nb)oeqs
z0J+S6DeLLg;9<u5)iQV?eUx98v*$r>_B;>Z%H}MxwX94F%Sv4KIk!zoXO)n>#ZL?e
z<rsW!LrfXnAg<&IhjdWc3a_M^BY(U<!HvU<LxO%fcR(YD&hnIYouBA6w4?=kOuD7C
zx{MgZ<*1pLHjCxC)d`^9xy}TGM+dtO9MU-${5tm6>Cw;nnbk}%Z-b&s?tXt;yCVNq
z7^Kj}aYpo*A_uc(yLsB)Hu}SOgF{FlLTzor11hJBwfaOMgD41@r{PczzRuvCh>mh~
zoF<Li%BHEN^BIA&9r;W7mVwi!KzS8MaMZ8SHUM5z8)Dtjj~(3_sIuWC;CSidbQ2Bd
zG-wvhsK|`&v%n5@sVXg~8UNV*TlT$a%qk^oOHtIY=m=w%%TyNAqKBIJ5Y;`=;KSCo
zire3ry}s(&4|Tc$I*UR(<*(5k$;HQz@zkU1cTtIOXu=f#>}~hQ_ZAt8hp;6vCYi{6
zKGkYy!vE+J2c#}NrkQTcytXyZ=HSvWkKy|~qEjy-v@`M&h*Bf?MpodD0z1%o;8lv9
za?J55Zz)j*Wx&)0N}a@f6(=pvwF^`fji;VFAu{dc5OiIkLlV%x{i6p_q#n6kwx2ND
zFlIZ7H9ZU%k(TxXMjO8d5QJ>EqrU91c&xGN{zVep#!c!Bsmn+*vY7_=S$13$&DB9N
ze72PtC}fn1&o$j#>RH94zn|J_6h;>|pHL};koTT(=G6Cg*pJX)HX817p})~JWFB3o
zFtDE=$@=FeghNCK=vbK<ln5)+^g2n7XcVx|6GF?$z2*6!Q4yjeV-coDp5nkAfqZ1K
zd|D*TXYiiIu6G$ArV>_0Ri=7$Oh-53bX?W{r)H+92bHy8ehP(s(K#~DqN{RBT?`@V
zX&e67tq?Mp>Ggk4raOp6ls(V8LLF*Yd6+kAFA7QILAOF4B;W~Z5I@DqY8fLvB|Ux|
zn550k4I&w}sZKV9%INI@<jL#AKPE9c$$0waK!pn94DXfr9!q#F2nYV_4h|T)Fb0*b
z{)bh%O!<I1@7dAJ{*2daIF|~NeuZgJonmBA9;%jV#~96R07Ll6M9EcKzYY*r-Od0)
zK)t`2o@%o?ZobVEMU+-_=qr>!Q3sMbLB_C<c1!p<=Hh4t8_e{Jx7_i8N_P_;4!D-6
zx<qBeo~$$lXy7i|gqTbjV<El0u6md<rK~}V;E*JHhVDE(>MGe5mEV7XoT}61(BYrR
zECYYx8)>DI9q2_Wt2~0tbe@~z!<dxcyY8c_2X6<T5C!TGYPr6j2#@0R3yzK-agaG*
zY7(>fS?JPB{)XD2Z8`aER8#pIzd<e4GN;l*mR#8W@P@arlfH1XKbK8mLa9@v;nhmS
z)U-sg#?d;%HpJ)*M-eG8Jm5(&bW3lHOQjGL$m((cjF@{i+`k23e&$l))m0j4SL}~W
zQUh_g+@1C~js5aEdu`Lfkc0<~BkDy&I}72}UZ?U@hLg@Xu_>C@b>{GyAlav$qgHB)
z%)N9TqgV}dl=SyUz1XSaUhUqeyH~jANTs{|^2$+4;&@@hOi?bMS<i6QB@v$a`_uW*
zugCuM$j%rYTke<dtFY#w!$tDr2G9M1$WJrqPL!rX&Zj<NxLq~3_?}RpqpB`k8(4Bi
zABq7}iGLh75(2}5MXo=7kctlNpnBL)H?o|?oHEaMagbfOhJxpiyk~Tm$7=fv^7gM&
zvLD~>|7e0d7O)S7E_;b7Q`J~9^yeIfEvb7_i9y#lS*kt!VwMCcPC@gnj%;2qkpCJ=
z*SDx4c`QSV1nPu%u^TwmW7DkEY$De4{WsLrgh#<fO}Qk6l1|e6)|l1W5@T!u3F9&#
z0Xb@w<d6t}3uXF{5>mCrNc5Vhbv=n?sJHLIM>nGv%(rwP^#f!Y)J5{;>{WE@?eI@@
z_3Ms4$FITOd;+(eDSr6RYZ4U~Foo0_TuN2|5Q?<D>%ig=YoamL$qQ=q1sgh?a>^za
zrm5b<3O`!L+DZ`VFBdWt>z9<<EhpMaIy|2~dPBh=mSgamXDo6T<kM|D%ubOt%lh{E
z)S$YJvlPea(1KmAqF2X-)8lm;iOG+$FlZLU7c?GmtuNHYXNi+&=bzG0s}bOgHEo;=
z^byA9u0;Vn>-OYIQizXQGNn1fTq5`G^zZliA9E{ddw1;oX0`V%slB_t<{gq&jZ}DN
zVR-rVd@3d1Z;KOS#DyuiPF)gFe+dVf_&r}A3eeh$S-uG+0?@9ExyUcA-j5;=z~!Bx
z=zZ2uTmzsu5AZ6IZVq@fyW-zP@K9E%S+W1>3|m_BBsGO;v)mWd*(~!=4{+-%>U`_?
zQ!MO1AJ*{OVe>h}&;{eL0Rcb`VtiChv<t46oT;ZdLR8y1K^@gkBe~Y2{Bg0v?gT`6
z%+sUI^nZ89^uVu-5RWVPhcbnjLVWW2uY~%KydDkh?xK#IO<<F-j4!-UGlcpm!pOuY
zF(ia+_WZ|aMv518(c`ji314@q<)NOvhlFq_0O$T8+yu#KcVyWq_pCS5%Gn%BAZO0z
zu*m|aCuH@7vYlCRs?N5>Ov5(_-1P2PEERT#MmYtmKOAIFQF8!MB;=}@A`dE7PiA<@
zyyL7iFLRMid={UDP5BI_7+Q7N41VmonY_k+`5q_BHOp+&i6=ONOjSvY9Prkod|Th%
z<yzY(lx8*UoUZ4`Sg#>lXP8OaBADhL(HaZ2NBEYkPt9!w!K5TsCX)R&NDA<`*b(x#
z+vVPV&O4e%2pPOOJVAuGV(-kydHQCz{@gx(`L~~v9Gnt+O%+U8Gs-EDu4OxJf>&}S
z>A{dJ!#SYWi$xU}T*|Va_W^&E?x^roKJ1R|K7sWbyx)bdVeC&+8Y-39J`L#Z*%yqY
z5QaRPUa4hcM(a{H{D4bc8@89*{Sv)h#c@Rq$l9*1dzYN)no{q<>Cs=<jppKHOGR$3
zQo$ILoDh4$q<{j&IFkr$m%kD?-Xe8<)K`nS83mrE0(jAmKiocbLK)r~1Dcj85&eP}
zz2UDS?c!z;#OVPd5@!TKd`BSH<$8U<hR=rhBQuDFkU)9jr^7Wo4jw*z#2?}_j8RjL
zzlV?Gbb_1QaM$#HN##gTCtcd8P1yahn0&x{$m!0o5rnPl@8Q`;Wa#X*P&{K;+a*Fa
zLtljJtqgi4=HdW7TA5=3_v#wWO(1@spF?DGrVvQC8_T@0E7}{$6Zw2`nl8Wkqi93f
z3bW3qGY0b~%-a0TDUSJQ3ij`Qnx<h_8$W922uN5wLbzQbY_?)lI$~K%RFtfh#K<%!
z2`@j0cCQ$q{pI25gm<rDw%9E!0qlnz1zJF*DXCG?ON(8?G-|ipZS<3sk~l#R&)QSG
zJj{b7{GU5J8)Dk<NnyM8dve_~Jl_;q`ZOzYTucq;a3tR)iR6m*=WrpP|AOmE6yB7M
zI8qU!m&34V(blx}mA=VbGTN43B^wNPzjEAf@Y>?Ou~C5@iq6*;j|6`eK1I7`SY3ab
zK0-DUzq10uv4QI|tR?u=9j6ck)ZlDATTvGcR<g`ojP4DWz)JER25}BVQN;$Y@0Xhm
z^2vNiiZD7(zp-zbB_srShm??`VII`(Qv!rsT7^5^94Ix}cxMBm1NImjX4D#r<!|~J
z(QYiI_`8qt1~0jbj`AK}7oin$?T_RQ5h4K8IX)0d*GFVPvWwrv9U!ZXp7N#+pOVA7
z(+U55ieMq)+J7YUw|D^D(&&#0|E0`!?HD-D38rsz{i$gj33rIE@%50L_Fkk*>6Jpn
zkjNoreF#gCNm*#j&EUGR1|~<AGnw={K1hu4a`Lx0;4d$94KcXvyKzCsqaWnyr$Tp6
zxTqZAhQG6mN_VGtqt@_vbxDLUmNSOjs8XvK@NZQj56h`kG1hs;*L1fI-z1w^8w5SJ
zNG4)*Og05+o(K(_f&o3X+kX77Xitmlz?>jv)Avf8!lb6ki&KV_;T~{f0z~`b99P0S
zXi7v1tkOWjK$sec45`SOVkWzZE_LZy(C9=_Z<%UgNih;=!e@AW1u0Cw5$=!#N-U3$
zFN7$(fz#uL5QX#aei2k?*WPfhqo*Icl)z8ZyQt@R<2h<oB124Ui2R%n$G@c+9|A|#
zkooTenj_wl(DJL)wie%q;F?OXOvAuqntEtd62BATB?{LFDrGIdI>cN<vaDOABd89T
zG5)J{3leQpDc2T$bru-T5n?!hjvk%g2H{-CJ_M2EfNIMA^Ep`VQ@Le}qRbs8+H%jD
za0S{X!NM<peAM@+G@ylgGnxnYn`dG5H2S)lv4`mC3u)(<D{15+y3;FmajSwF{m&KD
zsGJ_-vMOFdU_6gds^bc`gF<1!myd<C6jQu8J0|MW*9I1<zVEHG<}zcFn?xBSug8R$
zSKc(PQ}_i1U8a-Ge?nVKc0|LJ!#@S7TWI}rTR-E|!>t;;rI1pQz%h0Jj(_8JKuB{v
zqDxQ`9D&6sp?4L_PF6q{*x+{2MJ0Nhlk;C%vN5b&QrW^sBifvzxj~QDPSjpg(q1|z
zqp>>vuAGnAjMZ&6wu7y4L<i)?7Zv@Lk7=_P`vJXXZ(0*d*MK8*#&irw;~2QM$8bxh
zNohF4r-mewsYa6?1>wKIqe2=rK#q1;`%3bcvvhO+Bj0_KXZpils=!o7<rcSTgqXUP
z$|$AL)FrYgf+&VX-nd|^J5sK?4&*%{aw8)}tTsLRCSqRLX-6gm-eUo8I}51gPJ>w?
zG*if$jS^|~abFWoZI@M-BB%V0+#JP}1&-Bv2^Q48DYTR!*-ejC+?B<dWaMw@BU-ns
zJzxAB5kkj{zo75p`gAlyJ`YP3KiXML*nhCD=rx2FobZRGU}#&wmK!^)?q)MMgH&2Y
z8v#@Oo$8KS^^Gd)N>!pIt^lM+1wc-hLK60H7f|$QsQ@S^jrG<S61g(!b=+$8I{q|y
zr*WJcXOm2ei9o3UDVb1d8}<0ZHmX=On|nN80-5>ssqmM6xkZ_iO&hE9i3p2AR$Kdi
zgF}#&;FHHm*A-dx`uZJ<PwZR#+EPoc7r=+Jzfzfdy{togoO(kI#B_Xy+@J)j<1>{x
zi@JTKBGxGImG$L*?C>hBVJlpd->6a?r<ME5dY@H`{=Q#A#Py3k3T_MhWFx5C@Vz2z
zE*leLpG!$Jyi=t_(M*s8Yzn=K9AnWuekt5Yr$0Fa_u)3!zk9Hnc41SO57jbya4e$k
zKGf6ORT8tO5W2mRH4pyd1R<^dpy6nt!rNuCtGU?3*M(ZhQjbKNt&B3uPSK@G3o<e-
zwR0Nz23b-yhYPb^Iz1_Q!6qaBuZouS!vlE-;lH=knvYT<(Azf!29z$6N0HL0as3f~
zgVoM&E!&_KiLJbZp|-0AwGU#uGvS<<Kf|}l^RlKsE9$8^gh=}nlI=JzrKadv=Mp^&
ziQ$|d=8Vm@7q-DBj`yH2fft*$LZme4hxEGDO_H;^t<dR6PdCE<rT;$oY~mb<dgBAa
zxQz<wXQ_}5t59E>RH$ECEAbjwS}#Z-GS1EoEyH3i-Y6s6lp@z?GDfrNpw{k`#ksPM
zA%-rXh6#sB<g8Q>G>h!YK9z<Fn6rO@WApD?&4|l{SQ*VZu<x<E9eiVho|gv8eJCq%
z;ck2TyqzulmC}6{1a{beN@ljzHdN8W)Z?jf$=dQN$(d_quIryMU5{is5_u%9-#AZy
zM2?>AJROO_aH`Bu(7~I3Rnv3?!pLks(W6lRW5rOR1iCHPK(0fo4`nARV=Yv3+D^4K
z&=<Wk!T$(X%!|@Jgc|)VqB4{d_)L@5^;E~#1tG`mjaf4CL-@#PzekAPJbGHLlEaaW
z{8rk?q=Al(5jlDVr)~gS^I`;PuJ@Uv%RAlUb8<@Iv`=9X?Qz5IVxOSh>twq`AP&CB
z+vc#P##{Zw44K3t;jsr~Yrtt{m9NSKy2XsymPE`HWEb<kr^9mpTr&^W325rEXC?7W
zY|cR%g#Zl}mqmmeWCG&OD8*SJIhaRiRC1b5mcaOhse&i^fdy>zVmeR6INa=1Yk@v!
z;>l*b!&_1gyh-C4-r@AYKbM6P4Q%3~wy5JGzmJ)HT{ygrvcbh|>EfJj@*D;)4{Wm`
zm+d@hD6w@c$PT`ToE8GJ+;kvAGhLgx3C?&Qg+X|ZaAC-G)li8QGPDtFLBZvZ+kX%j
zjo!X2<Cv6&@uSo}2Trky<Vw=Rw%~v|-l~=ZI`||GD7ohFpM_t_+J{;FuM~RNE4HGz
zpZALw)x}3K9g%I$J<eL+g``CtpHUUs!8NRHx>Ce%*li$3Y@Q;29mSO3CQDwn${}+i
zNbTlr^~<kQCa6=>t0(hX?%`3?`!9vyj7hW>dt~0L=X65+if&3n_^_BaUn(g&2nc{H
zRJD(BDm?&~C`)9~L(^Mm!0(_rcNE9?N=L}}#8(U76E#+A8`KVGNEG-Z{T0(gvo2l`
z4Nj?fWZiFaNv&Hk`u0x2D-2>WnSxXQ3=jMM%RCH)WKz^aFq}6FB*wr3T{l4N_2J#r
z7;u&8?^+4dXM{l0EYTo3_jAyj|31+<#P_d}n`e>yNQn=p563NLosVIf#INDO3b<*f
zIH~d{5nHMAS7V-4F|uplIAfJya&+P4Rs}f(dbg6U)P*UXn-{7V$TPMY5?rD!e9Vr{
zmldmoe<Jkrl9Ptik!8BXAz~!FzOc{BP1Len3Tg6@S1eRo6aQ}FPZs}Y=85hdR~+FR
z<mK|NN&;QGlT#{I*mCH6T>48$9PI&{eZ2Tj;bD<*?mPX3Wq)D1mmY8c={OPp8p8DQ
zQ$08$d8{W8y=Kfp>h<9R!MRjID^R=n5&oOqq>$u28ff1rPl)u<(n(<5&+L^n{?#^B
z@lCfY<qf{~=JTts-kdf^>cAcGvHR-dJ%e&6nEQH4cIo_3P0PHkfYwE;*ix+PGIZys
zRc7pjP*PZ4gdz}u;M?OBY_nTIUbQuPQv8t*b>Q`C({&Jyq9o<R>emGRvk)>Y$^!5R
z567lNF^7<6q@U}fRIiwIbV;|EZqoJpcbd>l;4&j~db$zKPvREJfV4$27y;6S%3bk5
zuAAnQ)H_RV;tokD^r<n9+b``d_@6USC?Y#pklp0T8K=ul$if9D$K{ROTFc}FPY1uO
z*C=%QV&%x=w?<i*o=r;mOY`a6!ZVN~<{F=^hj{}jyLULP-p57qqA*5=j9swdL|QzC
z{7i3Bvnn)xkZu2-uERZ%gZ%Sz0wER`0w=x~QE~As-0V--X@EsW#L;kzEap80dSs*I
z525x61vwi&AuR~s2B}jA`J)I{)!2WG8X!apq-qo<t<?**td$C_d0kdA#F)L=9z}Q1
zFX)yyolTr9p`^jSo8j}QY+{%nc+ADr99u7YIS#5B+~tjZbllf^9G;Zh#LcY?u7ogN
zvo-*pgHMoxgoimS5#*}QSVrRDp+N2JYiy^0u7?}v1f42uVPRFEd-kr2MU;fq;on=h
zKKBsi@{LbS@3Fy%yQhBl)^o!DTJDZ1lut9^;)ZV-se9+>7(DxMxzE__FexJDLypGS
z(XvL*U`1;Eb)jniEmX(4<Y7!l8i{AJ*mPS~<hag{x;`5k7jF!ea@OfwjbAa!oE0(e
zJaw#_-PW}fS^PC8&2M{y#tQ<lg@?zGKvE=9e7EgU{qV|Z{XYYx>0AP%sovGEGG^xH
zPhxbh8+{nO8w?;}mwmWyk`q?b(c|sf7|}GRA}pr2P~es@?V|)6<IOB%YL3=ITWK24
zkA3>*^e%Qh{LiSRS#*Lab6KE*g1rNmkH$!f=AcC>YD@$j$BQ@j;dZ(ubskJI-nUol
zH8MTN@S_1F<L`QN7tNS)q{fVw>(n&#Jq89{aIFBr94R<+pF3O!o=xUp2^Z_?*C}?l
z=>Jtdt4c0a|98N2{Xv<oKRSe~WsHJj=ntQwvzhc1XzbNrF;#ycsQTiPSP8<*(>3j4
zSKLY*-d@q&a%?b!y?VcV`+}Irbh<+cl;bjZ;fc7NiK;#e%y`}yr~^~9#w;L+lLo~M
zDKK#ty<8?R@!5y4CMui#KHDC`7_AH11YaxK1fncmuT+If%3nTY_E5xz5?Rqoy2cs!
zx)!tJOHpIDQ>az5GF2{m0rt*Ju!S5s-C)=+0d6tv6cn3-;(C;%snzJ#_UP!Sf@))G
z29(G?eQX9$8}s^|4w`nnE-l&}-+4v-zNMIZt(0N04CpT4NQ67PzFw}SUBYA;6JVM>
z87?dsrF}z<zoetphSF#jl^qdt^Qj8x<%1G@u|AmMGV5b;lAE!YaE%Sh1yaqfC;8!`
z3E?!FeQQQeZdb<0yJ&S-9^R+BAU>@_TgybJU#eT(!5qa{ex#5{zu{BC#hHikMzWY>
zFHzQ<eU;>?E!!qq4)6$saEV=Yp*(3aW16RAx72cA+t2wg^?f>P^Cvf+xW*F0ke8B%
znCw4bhro-XMg=N5dV38=Zy{+?BcRLF_MBc${uMsSb)N#vH1@>&pmBt-FxDddMKYlT
z`aas7j-nH%gi38h@+;C+g^!+{{7T@wrLwu(d%<zdSNbt5iS;De!lA#3-t_3<Ht@8J
zj_>8?q}mi;>rcgU*lV7G)6{8nzdS;TlxEIUskfTz{0`_Ubjv<g$OgcUXK6~Hwob=~
z>+K2jg6r2>30XJU;_~685!va%vvC8dnWyErlS6<Vc$#9n<L@+yAc-!zbMVuv<M-q9
z<oUFF(VJjXbjGL1MQ3(*sO|P=2-3tZ(P2Hz73DT~J?A>>3=N}yl)k4lmGfpJOkBTA
z@9b<hYB64JhmS4JehOGGnfuJk)`CHK!kjPRN04iTBpLmhn_x)36vbs(xK$Z#^==~u
z9;#j-wo~qV7HPL8WPjz9YdN8Uw1XysH(B0cpK>`Ipo9(@J&&AC48=Da#G0Bq3`!!4
zCujyI$&v5pI#=9*;XR3-y!3S$hWg(jsg~E&YEbafIbqjcO_#)6NCy&L0#<xQNvo+8
zB&A%4*Fq6tGP!~)^8R;|Pbg~*cTqYqPn@xAZC2zRbC4ss81PJ~;iF{b-un28|FsyY
z8yteolw@5(;%?SrJl2Cy)n2b#RFF06ngLJ5WELW#mL4)XQ#J%9GxD{V=Mw@_dsrA_
zTYb~hV4$=1*x&Rus<=JX@urq@?|~*+4D^FSAV6^}oTS3v@lt$(k)#1#;4W0Z!5FS3
z3rLL*?qV6mSXWYazhzce7Q6b5(6J9@u(cQxJEpIVyoTAutz)DJ>$Q=}shq8TM2CPc
z(qzxR5GGovs|WVfk2@O?h9#`^oUQN>Q2P9<j<ixY`%fVk$8p3-Fs6v}Tcop@{XvX<
zRCD%wlfzpV#=6uhTRiWafnTqTvfV;aeHZPr5(=&hrf6avDg~w5{XFJM10Em5({B-v
z5nzLf`2fV)XoG6yAC!hK7ptwS)TT2u=P+!rFEy+xXQ04XVy6@g88zp|c#*t>JFM8?
z+)Q(pA4);Lp-bRYy8{McXIG_y0#I6O1J=lsa71CFLxY;~_Ez)HPj@6jR%S~}BK(yC
z;6h6x)8nFdutWnT|4}BS5loBh68x-epU!THin~CSLTrF<*fUve2v|)|7O5_ZK@sXk
zi9!7bD5V7eJg2lJk~Be(Y6i-lmMMB|RLi-9?$F;H;3_m765WU0{P}cTC+FScX(zBQ
zo*2N_3|C3<9OeExs3TK>B8${xoFU?s1emP2%dVYTU{WOd1Z6mhrr(-DN9v(~#)w~X
z4v?t`quVY7Wd9>ZA!}(=E8xjXRHMj7M7BGG=fS@E32hQHYbY|Zfugd+jj^{}<iTLl
ziC^d7g|ynpV;XH*?w5xbQonXF*QGD$lxbsKJ8W<-?@<?p<L2xLhZiJHQkry)L$qc)
z%X%P(%)%aTe`)tv_bSCQK8rW$pJBX5`5pd&bSlZ>krCk8He|rDr|q_$Gea}Dz1TR3
z@kBPd(dj|UZlS`nv|pE=i4OfOcyC<o49d)f29`34rn9PSS$oFwq=4-}&YIcL3l>{6
zpZIlJ;D3~$u6d3~9`jlPy^@g$vQD;pWoEKiXaEnUVQIa)7@TOHyiitD^;U9c&KN`8
zA`#PqYce#R-q95lDF|i!PCK+s<Hss@U<#k^zZ*2>jt(Kc8v15J26Kix?C(OHAuJE?
zc9@l})8L3}QNOvpX?hnvEn_sFQ%U&+!+NdcY|C<|3)$S7u>7>uF5uZ2dUCh9^K!UZ
zMll@ZV)EBJKQ9}zqW*&Vg!APlWH|%}IcmGp{tiAIO#_I>6zcDqjl76m$5XVyG#$^D
zazl2C14MdXET87eId86!Yd0SsjkUCB&^YewJ<6K5Bf2PyWKZ5~xU>y|*4hZ17Y=KH
zDe9z*a_Fj@;6+lyM{MYb4U5F_HvKSb@I+bX^wJ%usC0Ic&q2^oxa$n2#?#$>`oxxq
z1rzy4!}_IT#Fg{a33ei3!+o9lg+o&?d5!9ASfJ=}Lm20bg}<ZF%uQ5Rw+T4d)}OrI
zvZ2F<p+%c&TQM5FB9B&D-Z+lYcb~r=|IzMqty_s<Zj<vXDez+P;4e;cvji>tw{nxc
z2(#Q*QUm|G95QBB`y-Se1}seHs|YN6hmBr}$L3>my|2L3eF9T|$n#S_Z8rh^6m9c4
zNj^y0A_0dJ71agi_j@^<=0s5-NeP1pxuE+b68#kFM|XYXQ~4shXgeMsQ!z*rDaD%;
z#R;AEg&cF9ic6<qMOiup7?b?YH2t1HvT`CPUwj7xY`vch&K<ebMj0V@3q`wdGm>Gn
zj_@V*s3c@TXQifb6cCxsR4Ke3T<7ZP=>Tc1v=2cbsxho;VXMr2zXZ10bWm9M5ww$(
zf*ldW%V>*G<=}-3o5SN4ekiObwK!TLEasG>&$HXJv1?tWypD2|*Fmo}<8|A_gcQht
zA{fE&_WEDqgz|(u+D>HtM(y*eDp7eI41~9eb04Jv+ovBq$#d}Xim`2lXM~DuL($Q>
z4c~>l^>phE9=SKKZ4#M&$r+%2$|5m~RbTiKhS_jat{ZFEeszMonAV;(Bkc9TM@XlS
zddT($)^z4e+@krHlKP{r9Z;N{T$?5*S3Vtk9(wEDEFTuW_ajC$?WeUKE}H+e1Q-qZ
zL%1%P9wZ09IB}R>xp2I*Pug}RcoMK&mi|)oL81B$LW;BcDovxlZ8X>TEK9!e)p|W=
zZSxjauHVFWw^y~n1pWJIdks(hMV(a^ZSSH7gVW>AW6mMPR3)J%3;nL@S*nBn5{uhn
zSJzM_1(hnvc5K)W35_Yc3i;VykZIG&{Cu@M9HOu!6458<CTe?jc=ntM&0Oi`Qt)bb
zJ^;bQH|XOwVs7d@%}qD-C|VtZhFy&Rh7a1K@|Sku6`BMbM<~?;aUn+JNQgC_lO9n$
zEd2KgQq5yRQ<Y;6qXho*`+Nd-+rLlNVzi1sVEOe4ya!*@L;S-v{Z#%4t5ZZhQNY<#
zY~iOHW}i@A1iZU=GX&?ECb{&Bs2AS=2h!F4l9>mWjTD%2RZ&AG(0^GxN5RV+1Cz0}
z*&X?sSfE6ZA~MYj2&2FQvTeA{#NKS@HeJ}&C1>uExP@v$1f?cKsp+pjBDCOmfo;D!
zQ0HWH6Qz5^#-pUe3L7LnDxPTq+bhH1=ld|A1vjf#sdfe=bvRYyo^?Ikl=rC?Zu<Yt
z(KoJ~eAQ)_UBA4!5qG#W7Eam|pj#M*X<a`UnD05guZQIPJrPas&|5{4J7wRR&1bK&
zc0QYGXZ<u<Q#hX`z<-#-W=SwAo)YpTv0?El%qE44=*=VpV$aN2{l`Sdw^nnZ9QI?Y
zRg3u6tRAU~aBiX(^yXEEwM1@HHKhT(q3=2Az?ni1rXtYSUeryYLNozK&ujb;X=kGc
z@wz>ELCUj{9*Wp7X|aApIn2@Gez0D#-4r%zkcBWHq*osLNy4+fMl)k5E>3dC6!x)~
zzTG3mh0h8yX{s5bb`}W|f>StL3RagzX)iLICVeG;x&8$y!DUDUYeNy?CjvX@EQ6w)
zx@XWJ<|(BH;l=#j8-300p1fg}J@%+gtSK5!Rj@U!$gd8fQxQy;^W95pw0g%CyX>wo
zgYZea5G^6*N7vElb^EXz`o|O0YtwHJc#_WV{pmMWetbsV2BnVInjVld$f*J6{1qKS
z4tykM=TNV4J{7Xy3XL_S?OVZO8L#T_ryvkIWh#{(n_bF!yVDdQ(YN9I8ISDGY9Cg*
z#%_;-yiOPKu|_kIe`dCZsg#TcZh5s4ZehDLCf6k_Z<`V8gY5S5h-u0RZvOn@A21|}
zRn{K~RI2w_wK5p8CeRrtfOus!L;6f{NwfnR*h&9Lu2LQ^=+Lb6m`_2oR&ttqE1<er
zmek?-LLUCsiag_tmw1<jr;E?{G~pBUs?U6kH7=JJwv#ird->3eXWz#phO@Qcmu)jI
zX|z`NDpu;f&$UvYr=xwc_p=UAOU_0YvB}Zwwn-YIfHxduyn(V(DwClvaI(K`lhpR9
znUkF&7CgLWI!Zyqubc?ngshJmeh)*U@$Yef)X+o62x9Q%Hnq!D7#Qcmz(j=s62C*Z
zB~&G+6@(&uBcvJ4`-LX~B(y`#6jVuzP^c49^CKjW$$r`>$16gOws4;Bm%Az2T19y;
z+>tNAc%Bziyhmy1)am=vBO+ZPTcQ_Wn!;CPTrT8L=|Tv%6n$xc40Vf;q3rw^>(38{
zIT&Chnz@Vs_|L?5ght9|TA-J}AFX`Q|AA94OP}YH39O3ZS*BmaIonn=NV5QN)@SX5
zX?nN(`~7nm*7J&ZuOr2KFV<C83Pn}29S#SUTYnFCe0F=T0p{pzqiW>5a?VkHuz`w*
zKR|<%T=y8EF?wP@eCmj<Ek<3^Cs)@b^&!*IzDlfhUQ|Tv$CYX2_JmNrFuRzxI7vNk
z;d8d$6Z+inYTMcp+E`F!5G1VM(EB&s1@92%UiHdhr7Wj|70rEuw!jA5UOAEc1D@##
z3Ru{$ui_T_Sb!Tr1{Dn|=Q?`&vBR!%xSrlcJ<K2PPw_F@$M5rFxW^RWSELur?n!k3
z-apk!PH%T<;_hH2m146CWuP)Gk!P_$FKu(t`5vVwY~7gNP6e0S?N4{XAw;p@#}IC0
zN-7=u<MY*SJv*h(cQm$(v~hvDs>Ys<8R73d@JIRyOVw6<R)?>3hBzpZ6B+hKpeM`A
zChWqqoGlY@W3&;(`RNz<BB49FjBC~Y3xd7W)o8Qpys>I=plQ@MxR3*%U<fziCiQBP
z416Ft4S3!Pu>dzdT5~}yv7lZ^$Jdt>s+&|ltu=0LC3N|{f<!ZNt%emKeW~!htW`IV
zJVnFFP||S`;xC#U=X-L*`$y{>yKm+kr*10Xjw`*Nk_h?q!QT>h%wI<v;ZJ1O%P3e#
zLxjO20IIs<8yc#nX(Cq|T{IzBVSi8-MEi@bitvHWGdZV8k%GGwV>5`MfJLjRjiOoM
zAP{Re1E05xg^+k>Y<H4b5@g3{hUkJ?G`dv}L9fMbsTH&0x)psxICl*$+a5Ug#_N5o
z#ZDPfFuK9r=YU@Svy}DA=C(%TW!*@Oth#qO?u~TwvF_-zY*;;nwT?3Bw1R~-%mkXK
zXf4e7+-|1Re2AW&kEre+hnu7KJcGh_HaFwhj2T0mLdNE}UF1?Cr1xs!``E4du{-0a
z{cCu<TcX|+)H3@ph&EAxOWZ20sAzw=U05&Q!xVy<I@6GFC}=~q=I{dWE(gt*7E2~w
z$!#me4uMMH6gL#=ROxTnn6+jH&LAVyG5YK>rR9R0#0RWZ`pT@$C+m@E=xKQHK|qrx
z*5v)@__?uBQ?y^2rhnZoFg-*crU~55r{wT%;$b&4X`JExUY^c*C)r=MPO|!$M_Y!C
z7Lg={O}{U930&!9x3&^Dt$Z*tH}nq9>_4JVRcm+RK$i7Aft7t7ndqS9I5d>b#s$zP
z$Dc0{y8o^n?bt1?4$ClqQoCAnb6r>7C4ael7qvQEPiKsMnfQLWTcYvZA$o=LO!(|d
z9Wz)KD22^8txpthbmL{MCU&~hIsYx={qqtHncgt+)vlc3Hr!%_p5AS{1FE9}GdIZ@
ziy}3j?7IWOi_-k8R-?8S!0Gf+^oIEpnbDRs&~Q2|B!_cRh`~L->;H5eH+_c_YKx-n
z!Hb9AZZO&q8U@ZEfQujJU#x=nssY+I>o}LD=twh;h@?2^EfP}u!_daSw7aN}@2f%R
zBo;1*cB(EtmVUhr<~q&S-wvTL$bxl?^UfCO6x=YRAX8_U$BJG)jrtr~Sjl)VV}(_n
z^&k^C!0V(?RqeH~S%_owq$m@C91#(kmuwjS7;bVt+r6A+LYvz&7D5V4W8rx{`fAEN
zc^)UQ8mOBAd)+0-@!fVrLK%E0;9W{2lx_BE*5S5W9shZU<IB_Tp^zWor9jJV$If#M
zcUvr<JX=Z)A0!{*&~$7#G@dD2ywPxIUOm69ea$8HQh5_ySTo^0!+S?Jv2gPihHSLm
z*sz%nKDt`3Sx3kcTu4%=ui;@O9Ac`^Ud6>|oF{%iJ|({o%Y(W`7;RJoqqVg?=|Rb{
z_SMNR&9YoS%LXjy`mpf`SUyJ&B+2_s4uTt7xMv0|Yg<f%OcI8^OxJ{=#KFFcuB!xF
z^wIx?$A#0!Sd%?Zs-4kS0#FJu7lVdHWcg~YL;JoE9Lsa_g!}hv^1@o*WB&>=UtH7=
z@N<j#{4i^o%8_^rNe>%ECr*iQscCbfdD`=#Ky(N2LGT=7LMbI2Seno~yHqEz7pPf+
z9nyTfIJ`fG>t&E@t=YEJxOAv0z3CMyDk@+Vc`kC<(_=I%FRtWibh;@myFXRsBJ|%n
zN9Gi^=oU7bKPRVH5Eh9*lD7-f&u{XzbGM_6oUf6(AFd^EU1a20zAk@|*NM=MP_?s1
zw=cwbj>{O?E-4QiakN;20Bz*L4Sy^q1Uvr>!#eFruR${XhLjFFzoMEJ7-~XKk9^rd
zYxccEvpYDVX7efj<3U2G^IA7M2;6C)AAFajb_JP~-0K<iKGQZyG}FLLNJ(g=BW_@$
zNWToAaDD7jCTG8B+a!Q_`K_hI?*bLw+9>Mgh;ufEP)5adrL3TIxX`X93R6ZkWXjHZ
zv~ceRNd!?K_MYm*xK8m0UzP|mdmmv_gzCp;naD<IDuo^<q(xz1*cS8(0W^3C*VjoB
zb122}qQ3oh*_aD1jCl^y<<$7{QDF;6WU0@Wjh82KZ4_t{A3<T8v{CEi8j8vcgPbyh
zszrv#5FWs7fkgQ#hl<F}!U$klEKl65JXvmzM4hHigk==^6Wuo<7G>s}Ie^B9eJxN{
zR+(Gq?$h8cg?kG*cMywcASl~sZv+P>9*^AjasAo30c%~jspALv?@7rR%ud*@Pe<2}
z-7$*!{K6pj1b6h+Umed$;2XoMrdf}J^yF~Fc=F@88Sz>8%h;pVzfHaUfR*V^MZWZ6
zZDK8YZIMtX(B9LGF8SXOBBI?(mf^U?goK&0yO)8m7R>1fXvJ!f@|TI#+@71LL4#@f
z{S?PIgT!9yiZO+<Hzpe<2ttRm4K7?gf}kB@LbBY=9mj#z*^$WWRq}~zLq2gc$KmQ!
zqF*-p77E;k(FA+Z#20wc>|!5@)azsmk<m|2E5vZZ1-`Hpfuay+#hd7mqL2e#jGo_6
z*BCPhC0RqyB5JX!q`Wc@uC%UomqYn=_{YByvI4d1Tk*imi~b4$w>pfqym=TZYLzUD
zQrQ(jQO9BaFH_-^puaS@DHuvybG~!l?v+hn6iY9Ahm{n6*0H~9FnzF*igt#NjBWgp
zhG}ke#|(5xNTbcWvIigx(S-^i|2{>*3z88^$xxM??DnX)AhVvFDU(LcP9(BM{ksd1
zzJo(fS3@`Q>rB%xOSs7BAc(`<Y=Tu(d((}Wbh}`fhT+RTA(H6^{+<?9FZ3-8*wo%*
zYB)eDWGQxQXSKmgbp~&<6viFoQP81(+7U&WYL}cMaE&I&K<-q@AukzIHB=}6bAt7;
ziO^0~ocp9SXYaiI;jHvi5kzAT&Fe9D^<F)v!&de?lWSw?SS{<}8Ejo@C5|gV#LA*_
zi|TF)P?vRqj5geT$Ua~{Jr<TV=B=oa+k@N{@&9bbb_ro08^v3wpYISHF|!8iI+dEz
zhWt04pPt|};?no~DJLpe>5)hdu|eiuD<E5y+IL)WcYSG{+1hKPk_A^?+S%UXS#ZiM
zdbssQWto9AhQlbJG7Z%Ls|nMrzD}rc)LrWN%f@J=Q;4~kw=R*c<C11U>DcVjTTt-F
zcJLI#xO{XEYxq#8DR_mtzCy*IiZ<;~p^XEPgzPuw$MFf$--=;^hIsCg3QtKzN!S}c
z+MZY3y6ULbRZb?%&|9ikogd$aho?|VT9@ypNa6igs9j##L~d)8t)w(Y5T=Rc$P@f7
z{i<ra{z=+ls9jmm6&v`)=sw`787g1!3&=i63ZcDEjE#?=*gD?oA3(9;O=n>=I?@&4
zE4R+H+A_M;)%;1_UiL}l8Fu)JdFM1!Py4-}Hz8tAB2Ka#VNR>PcUZ&cXvO!;*COVe
zy>}C(FHG-4@xmS^d@bcKY}K`gxIUR+Hc3t#i7kc79k^ZG|Kw#U7(&1G2I-n4eLPt6
zvlUlB)k@!oYoDZsDNyND>z7Y84b9=6AAqlA5T3`Puw<D<nb1wdlP)N7{W=ZXvXZVl
zR8x^B8AhoVB-!BCvStv0mavABtC?{V?KR4BREJeXr;LXeTa4WPIYK=tsEXOSripB>
zNt`p=nT%jQ@TFL=mSB!|j-GVNC_gzsSnlVL^gvYUlWWiM@Ggf9)WBFW+KWi(f8w7-
z$DdCHHT@s(yD4&~t*F!3o^Cu)w9QA{K!e_o9W1BizLmmsqp2jZT3xB#fkdwHbcZ4D
zu$x#qQ&`P*oe|q2N#-`H93b_FSiM9V<jA*p?f5&l=jR~;b+#YP(h#=36oYbmFkGXE
zVGHQ83FzH<bbcSu8-1@EnBjj2s+>5@`*iX{>7PDF`b=6kREPgzHwS0yt%mBKg^&6j
zyRkscXqZH*Rt1${`8GwTu0w%iJ-n@ZyoU8h7t82O_Ir=no`fW?+jLBFrMpS@GQ}`0
z#s$)M8Sg()?eQW*nh>*W*%HqC6&?7q+w#hQZ!K_`#(yqEhWA1^L#S`*M+(tU(_GLA
z$!nZWdvKO*4$Ht_M^CW2ZB1EdBmQg9`<)x{A4UO^2#uz*;fhc8C%j%-r%!dG)u*~L
zyRCjo=e)l6?D!?~;M*D*;qf|=`PU=dQ|?4HOcwfCdO^3<8Auf<iSt$qB!~OP!A7{#
zc4-ZT!tiRn#<7?eJ+Gpc4uk!BO#d7gZO6jH59-N^{gYZNKvIL4O+*^r_h`C{VSx(o
zBzliSksKFVYpdC>Uz*L+(7GPMMU2)Y(8~^1^nDp0+Z09q4ry0$7$WjV`MByx@7Ahm
zWmHGC64v@<$?1<RcGg8r(0?U6YM5{lzQY>e=%1JIkwckHnpU+CTRfk3FO#4}qSk_T
z(dB!UJ%PAuU!pfb=`vdLthj-IfDIv@*5XcYjv?&HK~KaSC{HpG0Z#Y);B;7F7m0XP
zQcb04Hax8JDQKDfvF_Xk*W_n`CmnX3BLJnX^_;O{n9%-+!!_eD+BF|^ReH4t>o7qI
zO9sJ@!i8s4>}HV|-BW8UyG+=DZdVHs@pIrMWq2L+aUHQAy1^`LfGr05zOw6R0Som0
zF)z+w3YKGY<;|@?9)T=qOzyckI7n4Tzw#Leg?YjRGfID&Qb;zUU6oJ(T6fG(aNI`6
zQ)Z-LzmzobzI1H_Xv)lnGeW<087ZwZC^Oe7Lha4sMom3@m-dW85D3J7%Y76@!c#l%
zY5}2aPreff0_6UCtS{N>04Dg1kYd2qi>LE0TL=9ttRX#AB7bb7Ah(Ef*#HDHg>0s@
zKE4uN1O*uB4XdxTPcK_P?wE|pu}cGKOhI{lPPG<iLpku@1eNhA+OiDI25&uwe{6dx
z6-dnfAV!|{0Zj;R3(ApH`V>_oz1d7VBnw}mxPo`wxHbxV{okiBJu2r8E$@~<bj3h6
zMuZo2W-YYvoDQVsKivhVUV80GZMmKU!3a)3pN+xmOY;ih=F{~RRxK41R>tC^{%nWi
zNmk{8Cwj=nrKVba)zsx}8hGDCxrw)4(a2Tx#Z^oKZWx*bZ4ujFUtVXgR9+<KfRKI0
zLvkv@K=UElG<1dhEnK5A__krfO3_Idoa>{LgRC4_7m&GZ;^mXR14+mcDzFH>4H-Hr
z1PY|q&rA@lJ?>}XHg>K9lE;5VT|p>#^H6NVT2L~#760rECSy^FbR9V#Gc+OP%Us;+
z?`j+U@Ci};#q}9bSUQ%*KHLiapr2{!bd7**-`dH^WaMP_aWdODS-3dS|D!jldE*X*
zURj(x!5X7+DP`l^^vP@>@u|`?Et&WiY0>Co>t}zowlY>JyAN4N$=2IcIBW(@<kD#|
z$<Q=8)R^0fqSt(Q7nxICg*KKTbe$aqzIfNyvaF26$-XQw3q3e%7IohBqtZZj;me%8
z9j2JlxQM62uWeh&@c2>TIr-@p{{P~6VQ5L1#Fj}0Vx#cq#Prq^6#5-~q4*Qguo1H*
zNuLG1^yEE$mC{oII>De4_ihb$%-^hy$8wcaF~YW;SY}Efb)Fizh2`;g9pAq=Q5((!
z$duRj(e5sJx<dh5xVJ1rfW*lVk-x|HtK(g`OpguCpRy+}e*lenLvDZ`9-eBYeX50?
zuF@g)t}rxIpG}OQ4d$38|7~oVTnvk~y1PSIeupr9mbr;o?7btK{`_`K6OGY7glghJ
zy#5@>H`{O0n^Qx({pQ5|cC2Z4$BjNdmtCbt=qio<H|#~UH<pf4iX!@!j)e`k$289U
zf6uYkLvlw8r4f&fc$NB$T))44#;SMGvC^U#m1eDV47cw7c|R_9=$$^YxpT}~_FDae
zP3Q5{l1V#U1y&yvMO<lSB%V&=%oo(iXcjsr&JDt_#4W`m1FkQ;?lIZ<;oFkeW^*av
zj2R$S;I`u1Bjvt}^M9e(XM&Pu%!;!f<!5Jm-p6t36#4Jh9H*mMJr`LN>98=ckpe~O
zS_&9d%W^Ac4wA(f*1K@@wQG^IFzWGpInGVD^CJyuf`L#uSOQn6C`M+7a0B%NE&#PQ
zTXdS;ZVu(v*n%$5*^7rz<3iKQk1P5wZkrkk9Oj4YSm!^7OB(}{@`>g8Q#_ZKQ>wW=
z5=CpW89^-91hHHTE7o6kRG}nl5#Jf>T~$^0VGjCl4gPLI8FqVm+<d0<Wq3(V;3zcr
z@bHw`6)}fqlBL&|J6lx+BA$soL*eSvpmFsug<6$~I;S3o#my)&cU(wp$*Kpje|6`~
zS1pj?#<#(5!{N~{b$oKLl$+GMsmh~R^ETN|H(oMr^DIiP22}FIC{(Ypu#&@dWsmYP
zzdNidm#4Q^Hqk1f$K{bL(mj8(_hSJ{fDAq$9Bq&hnA08|_g2=)RU1>?#7mI@3*xpK
z-FK60t>aLz<!e=#+ByCoOYYCIu!p|KUrX-%Otv|eO<9Z0brwj_m><^<LS2N1QJK0(
zUR9(Y5KLNc2U7A^{$;RH<|_D@u7zOf;^FS$FYi(Nly3f_WX|UKO2Qhqqo=(q$}$t)
zg&*sNW;x7Q4A;8%{9`uLzvoK{?S`G{_8HomYZpmcU0#%63ZeVW>9Bzc22yjKKbB4(
z%QzR0r=-=znh#S;nwyx0DA7!G0%19_Drn;se=zhi9&FC}ZjA8%vF|wIMl&{%bui@{
zEIHiK%aqH%9xdGo+*`^LoGyK>ypL8adN@zfJr%M5jQPW#Nwl6F4^XR9F(vwFiz(y>
zUJs{zvTLqnHJmX;By@f!MZ)uTnZ9^OJ`A_JW3t!k?H1yLanzSLq;TB4*LjhXSDl~2
zqOTn@oXdD5&7m$JboPotdYz-(XBhh2Cdc?6rOV^-z4$Kj!KD@s1-T!8dba~_WPQf=
zLe67J2?`Wkv;wm-Z=>LSv!-vcf7rdxH@Cd#xu)6sVfn3(g^8Ye<DC9bu`^KLtP|gA
zM?%(LDz}5CY_caVe}I<hP*$#Q!*}+fv4h@^j9tYd+0-rB`qky;c9Jy0a!mGNMfA&c
z`}IcfMiSKU!z3uL_wum+4ORxxtO;1&Mdvb=`*}5O#HiRrj0&lB#41ad`2J}RsIm#G
zyhZtzKyEiM28l)ui_&S-LacW}Q=h&(-s;^l@zD)duJDTc0R8jQ&~4Xe&)2CJ?}jSG
zB^72OqB}M4QydjUYj{AiGc->%cSrCTD6u8yz=P{tJv|-5Cw0fNinQp)q&d3uoejO@
zQ#m`wlOu^!kDX^Cr<3`Npt;E7JbKi(@pI7c1znr@auX6X1J5!uj<;&VNAR*mm>yZ`
z!gcZ3M*+IS8WKnX%E^|XHfzW(FDeA=*6h@BSsT1@7->mYp{u!`)ENM{!6C>FyUF9E
z>yG9D9B~9v`c;3;yV-OW!X7%pXDyI*Sshh$bB%a^Sj=b2@VM@@FeY=w&AG-Sy3h3V
zJA@^Uy!BH^QG+P2h>YmtpSogISiX06xcZUTf{u&=`GMG6;cGy(a(xgewz!GIdmrth
z?P)8M?^ml<0jH=wY)8m0;mnYQxhNh=$)rZ)sVVbfkrtvDhbc~_AzrSQt0<0+){d?9
z6W(r74Mf3Wq@2t&_Ih*lCPHCGvb}c-zaSsy2{9{k5-CZ~2sb)yl^EzOBA9B2>X7^8
zOO4iHu_|}^bA&CPP-x@p3G!XX<$0{P!@yqS$(7T?c11>7qRrdOm)DLO>J%V7WwS&L
zkDOT3TFpo<SIqv9?<DDEXVUyuI@#AgD)4`?(aHYPG>^O1DDWeS$@l2E*|G-=g5NT!
zY&e}3K4Bb$MT`$ifYBYMh&sN0hu@yShwjlV)c(qtNhfAMMz?<xEuVHtdW?b;cJdAB
zU;fW2lmI(z{{h~KzoC|M4sO6bXav|qJIbZ|U*Z#vofCAVX)$#F0~K`PK_c23IDxh_
z`&K242{Wk`+v<_n*6>4OTUB+vj)}(D)>v+}*x?xwQoMoud-}h-V|w6c!AAKN{DW6|
zw0WPxau$7WFA{B&yQm|5>2B%pTMM)gMTYIZ1mdV?GMJ2OE_XbWSjK|A*?ayu+j~e1
zm}H|dPODnct<anaif`;NB7%i3M~#Wz01_=s351=cwR=Ig4h;H{F2eX~Ewt3z<(8T=
z#qCk{q<K{f*N2WEL-L^@7ITX;?)z=sWhWbhoYY_Wtq40GO+{fH`nnwYt`1Ka_C_~R
zx?diH=P9gtk9mzfs{1KH>G6Xn)PAI31jQJ^VhzeH)^tTN(1UlllN#u;syS<uxN)Tl
zD0{wWod#O9tX%O}YFHV2<vmG6C_}3T*URAL#~yFEFvolhF;U|Y6B|8r{JGEltV6i>
zQLy#{X3+(G$p4~zM^B>rhcliUZ;<OxgB#UPkt?Afrzr!6>S-7K`xN^7BMQg#{elo|
zSLpq364YP9d(o3#>#YAholks5sekdky4murcDDTIr7f_WaHd>rsA_aNgq`l=$q>K_
zTy&>5FR~;gkhegSUC!~g=?y@1LWUa4^Y(<B0i>6t-CT(^B|N}NZ);L%;EqU4JedDZ
z(T1j0o$YWigVgY7Rhb<WL=v+le1tW1Y?AOVYc%H2>)8t<#6dLduA?Kx;#U44Ztv!h
z?71!==45gb_H>@ka_*5YXTOZ9fWs~8K1Mqn5uwcAcXz+)j=sU?kTXah<>3Wz0fTK3
zfPD$$r{YGQ(?5h?G*C<hNCSUaJ&wv?y;ASTy4jj>>&IHy*VMx9S+=mR8(Y|R$ds8*
zTk;I+p#nOTt`_YfjMlKkN{6<~%n$kO486r~vAP(1{_A&f5aL(k`Af8?VOg8gTDHxg
zR$8vtI9<-uVk<d<I}Z=9QBV%JnryU<A?D~y^d{99k^`+RrTS1_X#)4tDScmJe(DaX
zVSX~kj8f(dR%d2L+mx(52?g(#nYlc1ZZQt1oKJp=%{MINXxxgZq%(3GMGsjZ0RqX5
z&f#g>)u7s)U;gk8`VQVvivq$Z)^c!MEcT1tV}v+{*XW@^gQZa{bo=|oLccDKltu{G
z0)~7w>Ghbk;*rM<YuEpE+U~U<zT(%R$w69nL_9sJ!=;t4UrA<>fT~{g?08V71S1lo
z{JPv5_(vI;ug40V^xYZl<DXm>QpvTbgR*t#O8VPyOW?GIo`NhNyO^M8m^<w>>zv=2
zbuFfP4F0(_%`Vez5%2OQ+)yjq=wj58LRf~(ZL<^VV%{LHJ*QjnuHsi4|JX%p+A2_W
zxba_Sa5bAW^^0Z^P{I6lyTF9*VfAY=fsgQ%9NydL3N#6yAS6vd9%)2lvK%aIz#QDD
z?#$DZU|k1W<{6g#U0flla`hhq(^Xxl|KG;aHPn9NIRqM(0M8`N9n;Fv%>(QDc?#~i
z-3mROG<t#ya}bl(yp@c0xeZjWu>j?Rgbf}-hf+cy-1@$e@%=?_O_ig`x(;Irv0qX?
ze2DuyR1cB0l*q;<kv8DlLV{DLIM!#GdRGUyDIzN@tsTmL-Ld|+@^`8p?rS<s)tm1w
z<Jf$X=aB{7$>YQXeK&Llyu+jW8#@D)i>&o^u<)NK=kXX#sR&OwAGi(Q&!{lesz*OR
zLhv!JQP^L^qQPxFLwSqGTOm_YxAT;AmWE{BPRvZQCNj2A`0wfLT=(LnX2sGC6<QIC
zi+I#}gv9a$g~2gs1Je92MbS0TQ~Yy~Zda*K*4qeYwm$tGN&<DkxpY!-a8^Nxa5{4L
z!<Cj@)3+4j<*xo{IGk4RPVe!wiU3tWs=qdz)hu_%mYAlwr7d)d>Bgh9gww5oeoFpL
z>Yj|*&k1rl2W8D>%Xhq}?er&O^moc@Pnr_Df#8Icayy3-b8&fPPM1gT!NT7kV<rrd
zNL77xJ`$9Yf~6y>53s5~$^2lxij&#CAI)^>?82nMkng8M)+JqH3+8H^R~Hn$OIdLg
zt&HB*|I8GjoQ-51SehDC=;=2oz;VFpTQ(@2?p?GAF&?JW)x~{0sh=ABsht{lwB-kE
z;0T`%`$qm|2Mb|7^Wl%kM?|lpy@F&n8*H!YC)@glW@%}dr5uY^O+<lCg%D<r9@=Gl
z)H;zrh)YqW*=k0)6!BN2??uvai|LI%aTto>iad_+LNJ0*o@$;*k=nO7EL6$duGj~n
zg3x$)6^YM{?p?;|DXEUI&ZhakMcSS2cA1H;9DQU3Q6;z7OWyV=|MQhDRFiE79<Hv7
zhpQ|p@00Z@4rz>}Rkzg@u(qx#ju&t4!|ikn_r~clL_)TW>E68RFI6GWbo+|vC$#Yw
z$wMlX_1J@^AW#TfW0M@h=m~WKf{@OEW(l{F0uKC7&KML}(9C18lxx0>uOZ$$(V4V*
z3Jo}`dSz(sy>w)j^cZfYU*_qnr}BovJh)Zg(CKCWrm{dcE=KNpGu@~NcXkQirvT4f
zm1BvXmXAqnU*u+k^AwMcv|>12il}v|QCHMqX1#sJ4yQHREv+3iFthr8+FrwZfy6<6
zxV*8=;Y<dTLhh%&?>fqN*>UA@>Gx+C?=jiETCb&$;jj8wY~+t+X>lP8S1cU%(cU<P
zssrfVMg5Tk*j+7rUvH{bZQvTNue@a>r)N`WI->~+SxvWSAIS04ptyniuUmYa*jEOk
zqIfR^9wsuSrZbID1)6=;H55vVtp5Y)BxwMFGF>DSi2m^e8yWaHP*n2p8m?=5t+rxf
z%)xj#kUjS9Zh3e@2LKbK+Dcid;NC>>a4m=6Z9%pS9%F;RV-u>3z3lnt5}GSD9?No-
z*L})z7_a$A=v3A^3`}G0eAQBFcI5g!ZPTYdT(q>=#o(5eI@yM#L@<(Vzy^Ym?$&j?
z+Jc6B>(OEfh2|>;*inrOQGt*2F1GxlECpT@x1ByRmJgVI`+L%iD`O$5C}KX3aL}fL
zI330s>Q(DPa)ieg&8M5)eVQAv1q<&>4A8L=wN%~kqWBt=4|6}@@kSJy2qy(JB(Dbe
z^g%rRW{M`*#fJr$!*bhZX+zQ}<XTE{jZON0?m*}O<%J=x)=T0&I;7WoEw%7ufFWl%
zl<L^ftn1z138=Ojdz<n~rzedW`NlZi8M=v}+tBy$jJ?9w*=u7zGZUuBx(z(7CL4h1
zzi76gX4)No1TKo{@ebB!cVM1n4?a$@{Sil4YO~lK{4wjJnR7x%Wb!|w@NDD^XdA*t
z>w=D-Qx{O3wTK#JftZK2oI>M}3KJ>rh>Qf?8RtoV3IwafciQ001{o_=xZ`NXtfG{~
zi(V`K*x2xQ+{q!pvXs<*$hWge?8!7&ar@a27)i3K?<Py2!kgQ^;L$8XQCW<@b&%-;
ztL{1Vm#ftwe2ws;doyWLAB}JerU{}OgC+x-T+g`e7@j5^Uyr{P`<TlQjD@I4@=Bz3
zndFtDRtP3Nur^pCU=H;zjY~CXNDjOMeqhrqI>);^i{&Xw0s2M`8Yv*yuQJokin0>t
zU_SEOrIJkxv76IXgC!Wg?GK7BozwnmX(!lq1jUCs8M0HIE;pe_9|`3&$(rX$UGu!-
zD}P*dT)+`}@1LV}xMKjMBDD^4!o9L(M%2+uPx3(~iM31evRF7ve3++@QZ5axgYwyx
z2NFmPNU`q`!sv^P7m1^RgzI5TIfc*Z^Qfdv3%Wx(A0(t9#6Gsmy%hUEEzkL}hbnd?
zY+jN1EGTri-9xxq#uWAs(bF?&)WqTD=snNo*Zxen?%AC;R<7IiQOd#zzF|+g^2ESh
zz<KE|_UT?To=o4(G)a-^>kQ_rGR?Y_99L4_Kv2>oI=;{zvKygQ+6Ao}LvC-5-iNtQ
zr`R*3<aZUvm=a)*GxbdUpU=#`p8r$X7nziP1cQkpXF2Uson%}cHm)6(-x7P+&+^4D
za8Y6w$TM_~^>!CG$qC*?&hEkv88f>*H$vIQiYH>pw6iclt!xRms}4LQePrM}{SlX|
z_D9^yOy76)g|R6ysUNi#P%61u>%Tstty{w#t}2CN!oC#yvg;}(_+RCt7sc>)%flf#
z)121zgPC4^u-qs!ujMQ!8x=SyB6Tk|r0e9{8*GIg%$3vdNHayRJY?h@sW&dWpww}C
zSL<~l2mVs5R2!ZY7V7cgyi-$?A`MkMhb|;`e}lSqJGJjdMe(6;#YU?OkhHzs$$sB(
z;@5|RtO$^v?G|AHmd6rmkTn^1MeC1Ns>LCMSo5M$MjcmpE9rA?CXwbFDdE`~V>80D
zd$v42*FkFAj|?2m$e^YVZ<HA+$9Km?Kf%2aa*;hWPEs{)GzI;w?q6XX-{LTau&Pp7
zI7-h?hvoj6^?2Ip-7MeAdN<ZeCgTVB?}_DV<&f!Qp;C71wECX9dp5jYt{Fn~aA3_D
zrdT$R2P#hRzqy`Q39+Vd6PiCAu@___dy>NCQ_BL<CXx(hP;6mS6HeeQmAn#u;rm%L
z9G-3PmOh2Yo#>@lE`X7@jgANp4|m6uBjHqwZo?)(IpCNPZ)kf?KO2eX7Ci;@FcY7;
zv8y$lJWk~NMLS2zbT@^-`T!-`j)x>o4o5#ul4gzdwq)r6sjm-MeZ4BZj+dC8eLDNH
zQVt;~!#@90U`S=PFEuw>I@|WL;Rt?KF@u_-PneYRt;Z{I4N+qn!Hu@Tk6n7&;}BC|
zm^=nyP{1T5Yu7<e<eW0a(*csQclJX4B<VFd!5ygyu7-z`O`WS^7nRwwR*M7e00lIo
z(KukFA(Z%7aUy2LnhaGs_Lnbs@Mgi+QVNXc%p(aHoJ_7@$GmfN@ZUxQf6((We?l&=
z5TZdEGUQY7CcgyRr|u~GqEVAMzt_)o+-^A){R_^!y<n57ipuK}1M)R$BIq>v2H4`l
z>`o|HXb*HlG4sJFYw_Mph_$S<sRjUyF%`s6oCPdXbCXxwV9g6Uj3i6v9}?Z5#2FhE
zL;#0XBvjDQ4QcxAUu0R(PJ(QLo)xGVVWG%zZ&Ku-C-InOyu<?u6*(q8K}TO3%{M%M
z{uTRC`v=3svcPrg=f;$HaF$U?wURuwA;NX_Fpd^C2*sC#%lg{Sh+EA|SffmV)2rhR
zWUr8|u5r;?XjE`hy1zLj(z<tEHp@eFUuO1Bt516<l0aPH^TB@R#fl%R;-u$jo%C3s
zve6Mfu<Tu7#CnU454#)cT?sSXh77t>sk@4rwJrTsK2YX4Y9NU_%G|`bou?%m4%rgU
z*`NBa=+Ckv7~@m8^Iv(e5GnNr*T08UIr5j(V4Z#8xt01oxO>S<6nYQ;Vh(5i2eK{o
zt%bHjJ{YbL<H(KuzJH&*hCT*NF8?s<eM4mVHHHUrJb8V9jO_twKR;sB^YI_x%oOit
znmzU#2g^akDwt3M|NDex;dJ}$Zj1J)n6$w=OrxWe0fLw%FzPiSS!w6Fjvt_M-etOZ
zXwe2c7cbw2?o#mF8o}ZW%I$IPj5{uW#dVo*uA~a=)zJQiOS$!M%|P-}ebV`r>ULAK
z&Ue2jm_Ijxk__w$iCJ$NgP9&@Z&s9>o^xU*V9it<@o?7QR)i(vD1U3s5UGOmu#8}X
zH#&C9NUJ)^z<{Yp*aDBsIYj-G$2^VE4tBaiAZk!E;L)&z-R{+T{TK!($cbJ<hE%d$
zi@>ex<d^hEYK<nP1KW$l=PpyF)SM5)6TE=qjvxiyRQlxY<~1h!9qs2Cd_-OIb7r?9
z`O=lu`7}JDQ+c3Ch}7iwitRRgK4fxNY(Zrl{NlV9=e{%m#=-BcKbub_WKbirQ{4+a
zoSrCDU12_k1<yJRB1{nXNwljmo2dcDLz3|2|8n=G-DxA++WAHALK5Rg8_Q{8$Ke{1
zzPG>B0wHY0LgFAWasT>v?_GnYDyf8>KIh)GdPp#4kg9g=;ThnB{I63K9%F1G2c8QF
z*=}8Atz{&GuG*<DAs32+FZde9uD)ATmIRQ^AwAjvu3R5JUTl*x6hP_*6^su4we1&c
z$Rl`u$v7R<DcJ7{f@qy0GvwKa(+i^4h%;qoL<sL?AuQnyJFcDtzjS<a;+-mDOIhxc
zNStJ3Q^-FjrU<P=Mt5~Ic*ac1-8GJOQ<Pyvt23X{qa}RdDTMqbH^bYeu*6V<2`2>v
z8}g-3ptdUG4ub7vP@ng(R2gLcMEyUbLnv+{d3zGz633?KEd5hqUq>|Ft94t<tFg6V
zO>>Hc>Q)I!3DKL4(Xkm_iw-X#mpy2w5-Grbj#kbOWFrn6!o61Q?1MaAoC-3}<a&r_
zw;<-hd0gpb+v<4=E9181!6D^=sX<$CTg(v@lqy2<;EF$&l{bC^m9;~)(9v~x#5F%%
zUKOS28c=kCo?W>^#s%hPyR~m}$F@jdg_^?xevU2fJpzr<QyohyY<6GL=gy&f`u28H
zcN>GNJCK7(@j~24X(jRAOKhMRa`wKL_wEJiAY+Age#s6{BMZSj@#GAg7z0IPJH2+!
zMI}xS{uzAT7k`XmVvfIV6chUZk0UCAjP(+BsBjgIiuDrx9nv3h?Ykoj^G*#8aba)m
zAn(bJ&Hdd9ZhuS-v2Cd*78&q78dixrE;vK~4z|2*5TNswbcS?{A-EbIjv@Z|dQo9c
z3!ZC>Ynn35#Q9OcwG0Gbq5dOfm1;(^)}S5yVo4Vdlo}=C6EaVhoEB*s4XfAm9#_dG
z-SOAZn}hs@_*|cu7Y;RNDEu^usu~byzN0n#m^B4y4B?AuV}vdXbBt!$eR_t2D=;MF
zmBFO;DFub)QEh$e6CyokRmUuEo;j6O-|{($h1gUrj*nQ=Ow7Q{=*VZ7ns6EAuT?Q+
zaR&2KMk5Ef%$O*5M2c7QS=4Vo?eIF|D1(RL<?3lc+P-%>J&?%vcS7N}$Hf)s$=$N(
z9>*Ovyv<HONHq)NHP11t3VH378*;vHqeF(8m+-MBi|6zNxoi5=GTo39UU_C#@1IS&
zYb7@4O%G|7-ABm_u5bYw(XDn<OR4#ml@C6i)$)<~4)cP_Ac&vzN|^x)S1z}#6?|<I
zFvnpj6<8eh8i}4@p?l%Fq&_eC5={O`<2`CRxkiMAE*^@Qk-d_+vFub(m0h5sx9rtA
z_;rXll<#}gFp%*Kb^*VPjgkx{JW51K@&wUYW$EPZ?j|UqRnkpvOxt^KdA@B?Uy(kG
z0MhWDoPf^ga}n8qgG%*Pa8C;Zx&pQc1(P5PGk`bhS%JX=Y-6XB-h>KNlc~ED6QY|e
zzHl;S<e-fzU38+nHuje~1k?p>nC7^xz2D<{&7!kb%*}q)HZ++1N<xKIgL1S#t@9q`
zze${PqG6f*-&N?;hpK#Bs&2mBlI(<R%6qHRI8EN!TNQRPylV7!Tz8yH+6Rggk~@C)
zHYq!%G3B^tu|{psjDrA$oO5dW2U=C>2^9u83h7P#xH^}1Ha{P2WtZF~JoZ<bP;<49
zI4vcOdqGKUr_pfc5)EUi{Aua~7nXpxIIVw2s~0JLJ9vY{#Oxb<MQsku{(_f3pTmSZ
zTZouCfgDDJ16r~)UU@#iO6H@`g3-Vo{6CEGVyAH9*QQ%kw<vI~qo?l)+JuFh*?lzb
zb1}8m=7t-=39UX3u5K|q{SWRgI{k9NTEi#XI(xvYVBfHVPzWr<W+u}}=&#qokNOrI
z=K5uVasx-vmK}uRbvJOx2ghqtcbKOFE{6&XQHS_dkhZhXDH&i!_Jjk=E#zghn!j!m
zVs`X`CYFd6{EX`KxsS(1W8g-tc!?O`U$#b+mW^jX38TtJKX1tJyC=_N4)9UQ+eWJ3
z8N46NIhsd3w*_fZ;qWMG8y>Ztwa&QC=*sVQQ3V^XKrK;|<k!|CeNr)>HJ#~=k`L=o
zLZ4^Ii>o1{x>~8T)x>Lrnar56!q8W^0MHZk8qCdtDSS^tw3=w1V?Ieo@}@Gb8k-)5
zTv}i-Jz%`!$HS1LYxQ}yPPg9~mF%uLMf*-K$(N)37(Ne5u&=xU700|Pq=J&+o}xbp
zP~aya`Qt$91Y3oBPZ#T3DHRh4B`V$a7}pj*%XdrLE}-bg&jQF=r67q_^Q)evqGthC
z(%i(VQJbMOOzGo^r=}=SfMWB2sqtwcs9Y?rY6-LI(}qwNv~V43TPCnSg<E@?6(YoB
zrW)ZYUswJ>HVzfF!%~Vpw#f*z12EduJ(je17prZ^n}GwVcX<_ytciD{#KYvE7eU77
zJJba<)~CAbTCPv;ij9|Ut7D7;RrtF$#<B?0)o(>B#XPfKYmfUf+)!)KPWqENidau0
z=uN@a;x{pS5w7YQ;ub%1Dw21)ckm$Xq(fHtunLGwp(B{9R`#pihzt8*GWB@vvBd4O
zuDMjp?ka1*H?amQzT7U32Vi4fBO1-=;Tg4n>`xj>Sa)l4CUkR~Q9(s-SD5O&S&$@K
z%m$mdOHrMtg5H0l>3*-Q|M+WSJ4Ia;4i>ZPKA4m-b9pKy$xCyK4!t+^R(x{qatl!@
zIXT-vgo(Bhc{pY?+3ry<2TN>vMPZ-i9Zm@?TJE29skrnf^foZBhvBzm@q9XN(sROh
zE}xN@-Fh)JE|EXrKYWj&#PHdeDPZ@AwWR6j#Z$8X`PT`Kd7p6Ft4*53Zw%tj%C-S%
zluOZ8N`xSQ_;th+WfQHEf||nor#9jY^7mw-rOa8+HLuC~Twn8fxzach*>UQjH<@->
z2Xu(7`dc|&s!DF<srlk~S~mf;3%Ib<4yf(H6YvaJle;7GRa&|`GP+|oz-2`*k--Mn
ziv@SKJVBjs<RUzjcZxio6^Dl-Tb+Jk8)Lw3@YVD40G<dRyH6rY1S=jhdW;@|7a@d?
z-oK~hSw5EixKf*4d{S~%Fxe^CsjY~FL(l8KiHNa?y`{%ejXuA-iR8Bl7DM>MP!G?t
z?~s?thEBiizsMWqJyWBc2ouA4qrAatRA)!j+9)q~IMRj=N1XX@^?_PZe57?oR&NHB
zJj*o6gu&aOIrjHh9`CgnOlvj!A2*9{0!r%iu-Mz5*fwDo_EQR+w|3RAQC(A^($C50
zLM*afbB;3#;&7Fm_O7$Sw4cvqQOb?uXn8BMBs1oW^6e`9TySc6p@}d$p2y_jDVvo8
z#`dd?Hd7q31^&!0_50^Y$uJmn!O>P(<3d9NK2{RYv|!J&EOhOAc_<^VS4*ju5#(y9
zruNM#u4+EjN1PLCM<)f+q_H$N7+N|$XC~~^jIua%b~BiscUWib+Lh!kfwCi<kAtEu
z%XErc91$c439S?FKgx4>a{YFdyiMVvet_w)7P74MjI7=X+nLV+5og#+*_nM<8mgMn
zEaQp_b8M%toAcO4oNCYic@N>t?f*{STmRvX5U4?n-ND&6mZa1>DknP~#w9CG93wez
zQk;+zt+~Ods<xtvt7puH*K+BM87E8p`3&DZ+v89K-wMS_2r>x^T8@Ke$QAY&wNV4?
zIU*BjjFTb!;5K75k7@->mcB7Gk=XJnw0a7XQ}i7^!+3KjU2rjm+``em`unYtB9-o~
z9(CIW$Z_S#jZ)>LV9q`3EsbESS;+)N8r9dhej~nkH>r^BJ8-oS%v>cG%VIbNgowLF
z=c(fB?KlM#vLDS+Q<bi75uIET7%{ZrbD`JP!(vne+%#zA)j5DJkr}UGDH6A_NB@Hd
zuN?T(gb~B`GJ>ELKgUBV&NrbraT7uqC3~H#BfQP}B#LW|w$LI&frcji0P9RqYG1!&
zh)fLief)O)Mk0ea7I1qgt45@C0>$(6<`a_Kk9<td4$>F(2p0p&`S>8kfm_7?B%@G+
z^~<;MgyRYi=}vTQ1<;Tbl^nlPC-AnWQdlwDk8z-zq6$=G8Qg*_12&gJ_#Jq?Gq%x>
z6Z#3JYZLXOu1XATxdz%G5|e<uUM~n5A1gMfq0!`VbTOS)jqD}`BfF_GvYXgx3|coa
zA$fm-um)FOKB_+lp4aOO$HKU)s2L!<kRk;8-4-);csFcfZRF7xvi<YspeC8Mo4$~~
zsQXjd7u9+uK6QC5)ZXpk0DI}9`OubhYd1?6#TEW2$0+D$<jzER9@tN+%ZB5nR)_|x
zZ;*%5n~%0!ADOB13+good%H=uk-mc0W`L2W(3YIwm~xt)OkuFF>^aW`GB=27@>u+M
zF}1gDVrrM+EU2@#Qy2UKfqd1de@K&Ag4865^36p;O=1%bZa9tsu2FI?YMRuHxuNCs
z5O{9DJCA(p1oQ|y;?^;=4J&CQw|yg#As({fs&b3L_a6h+m^7#rj^S$aHpRLBLwe5r
zFS&j?pHI+|UuWU!KmsdbhEW6)yk~;ZL61`_!`&#9SDQ60G6fdf?Kt>F3P{Ce0V(k{
zU7il9?>RTvv$c@L7lJI_8Smo^iUxOZCUPbJDl%K&xHn#SGE$N5f2AYLG~IMZMX_u(
zv*7*2igT0w3>E<_=ttWE1Sy+Vmq=cY!tDP6E4j04hBLUq6FLfHZQ{8LteU@PA=Gq1
zd_sNFMHp`%QbdC)bWXL+_<xJsUFUW~!h1j*V*G|F-Dw|g@RuO|?bfn?J0q!?C60j#
z{v7X7?^2K>l99x2hc@UZF`KgcDf{~E!CziI{!e@6owoq6p9E)o#rCjTrWvPYhOvy9
z<64ewqnbRsZk%owtH!S$uac(-0Ur96vL2R-#Wap83uE=X3~h8(A4M7AK22HBr1DNo
z4##Owq#Ke}>;+v<jy>gLNm2g!hct2FmmPK-PjdLB&w?sg)jH{N2KWaNYzw6Bi_!j4
z;K(klwWOWi;3kB3+d&}7WkM>l>6zZudBSClFx1rSXEIYp)GTm815Jqgf36M*_pR%e
zv)Gn@{jVi4vI}r5tsRO9To-oOz=t5DsRj_{n5n(L*@Ql8Fpt01n#WUEx2V5i&$)w2
z@G2PpLI^|02{GuZ4wn%`Z<>vpXT&5VDrdD^5I^soNAN{BIjtgMgKe5D62a=o5kXs|
zt-{VnDePVLWV$)lR?aT0r-YiQgp5I@0m#g`7LrajYfL9#Bq{0U`H7jZASFF^J6<dq
zrzn~gHlY2ibC=RBDlO~RY(h1zijg^<fKqVLJouF_k9?lu;d^IsdZha@lWGJ!ao}#V
zJo2b8$v<*IWo>cG(8b_}%}E7~CmYDpY1c#4L?ul0v(qjoGugD2N206Tdym4L1+c<%
zvEJhq-a~ryVHF<&bdU}A8HbUp<fB|Dc2mRUWDE_C`66g!D*(<J${o!GEKo(4|LHz_
zT0xwnNvc9<R2bu}q_d{B9c`SvZ>K?nc7$&COgWorSfwu%EVL>p`IBX-JI>Mn<ujiM
zCe4Eb^F#)&kck_C@VP^&@|55G;=#hywJ?U7kcAn|B%7L)?Wzi*`Cq9P3a*N9su@9@
z@8Xzm&8_z)zm{y7U?w6A8l&y(zmsEj;ID$G`xX3wXa3Rljo@K}S1x-X$h`MaPx`&w
zEe5~AYv|+J|K!m4`NHnu{$4-U#99(9tfQC`S=`M#IDR^G4JsNc?j#Ar4WtyX1BJUf
zHtLyhh7h%eWly^~b@$6+2XBeKfmDW}r~;MG6O}X4W2vJhX13L#qjul-$`OR%4VjB5
zaRpMpeuFA=Eqf?>N_@+8k$ZGll*iIgJGxK2ZH4>p1k<>~bli0X5~^K*sNKi6zksiC
zidP5Gdoj*kAO<_VD+pu>k-lcs%_D7YlPZ6!nBIi`e~no~lSWvsZE`vsaK5`gL@COU
z=Dn2Z@_**ONW0hZDtRFg+A4Tq!Sf55rqXBpk2gH)V~cCXE2$~$6q?(r)k68^j)vR2
z0LL`qScRekYku<J9I%Bj&}G{=UE!uH3{K{OQA)qF#BgL=7f<qOsLbS}QX(Je^7sSI
zE*Kpwng9HZMi8HbJhzn8ZonTj1}((?LqJY8s1q}jvi{D1vP2q)Vf4vlp<c;w`BLrQ
zMA-|U?l0jY70W|I5`<qFQ6HKb&G9t4#vig=|G@?=U%XcXM&!O*<MRD@*}8?T7q0%s
zW5-gCXZTS?jq`;@Kz+h2cXOdgCGQhw2-i2sw&+WMMd%jFi`T_HgMYN=U!ydbY}o#r
z#Aime^XGrP^i2Jb?IYZdYqpiiJJl)q#~V1AD<O<1#Y$)}&4perCYp8g?rNzMCl)3&
z-1B;$nqlSjlFvY|^1O1}P7eHTLP!QU{KBMZ@v+H3<O@-BdZrSv!6)I*;P!_9I>DAa
zru^`WOnM^b0%5p+J3gn$qyP=&8fUfLC=zYWK9z_c8zQmOLnbj-J2R+jSW`TjI8hIj
z6JtM9j!Y&5@xxdkKCi=J$M2uscmD3_cI(FqZnA(!Hqk-*wHug?l46D9J246`b(ZXp
z<~f`v6K2c~8s(GjqxBSlw0tqh5mm$I9tl4*%p-+F`25vi>-nj~nwAO;FF3JH_EvaX
z4YCGeX+ky(hjb4c<c;$*x|=?5HI;}$8MdjGt0%=(b2zY4>cb&pW(VKtIYZeRgRrc=
zuI^ze71zt@vamx?RmlznOjaq1@I-zLiM-4{_A8twC&p$@g}gArzy8e<xGyYQp*_q;
zBK?}Sp3B5uGp2cy4DE_}fs%h<UM33Azf8U~TS9k?;$n3B#aE!ZV;=_eLLyt|KZiT?
zBArYL4}7U@dg16^m(FfMFQp4{Hn!hJQ%(%yDD0u2iKz?X;R0<O2si^2zs;36GX6?c
z`@ZY}l5>r4Gsn)iI{ICkliDj~==Y5j&mr$JItp34Hsy+z3S-^E0PfnB!R@`GCI-=g
zs<6dwV+RkhKsM;aw~x;^ENir^NpHK0v81^54cgpppP*hEqQ1<)kgZX-sWRYP^}Pg0
zX?VjZdR}+x%I7OQ2fPt&O(@$+oLh~n?{mYH8n8{NKsDNP6&9?nob(!exT*)F=hWnH
zDotV~)Lb$<GizIE+#iRK-3bjYMk11U`(KS*f}WO3U~m_3i&xMa$)rfBTinz9{w9p^
z+l8A4I;Q8(>elF70aP^+6w<~20E%0QAUQ4(B>(OFHoZ-xTeOLsU1SECnN1$?zST?~
zGj4G5ct`!en#<!CY+V+79>vokhA+g&w2_T+U$}?^_8c+;-K@yYaQkXOVygxIbS3QA
z+dy))`pn@C?yES)u|hUWNcFr8JnEHnNpMbh{JQ!T?M^$tfGjgdIM<QTM6uWTyq?tK
zxH`GgYb(eVSqnTYmv&5UeL;Y&`yh;BxSZ6Y-v_WRkRr}bh-twYZR0&H4as_3itYk3
zlI0X`T<2xyp3zvmMgekrX*Q+C;s#~3j-#A9@UYQA+L7`w(jM6NN8yf;<FIp3yTq@I
zbe(aO<-0e+hhI_Ugj8qw@K*H4qzZ1fzn6IOLgF=0=Y=dO3Nk4+;uaI7e}a4ud|!Qj
zA$$~u(u}BVrC`zzQ!WZ0Huum2m#Ra}4w$7uh9?KIT0b)}<*=ZaPjIC6!*k~{xhhf2
z3{`p;8o6DSJ>l|9^1V3(ucT@{7oeBLG1g-mAM5L6iJnPhI16VLBwNxztv)8M5QS;?
zXnd+{`#!^8WGe5^gWsS~tXnr4-%TY)1jl*FpJq(ANI{rL$_5wLwHiujv6r8<*h@sP
z`NKnqPM4zdxXAhpa!iMuDl(Rl@SfbtziR-_=ij^YKXSRtAQ4pgAyU^sEZ-}5@wY6>
zn&2aT{c28x0kyWFyL?U{kt*WVn}Q)ho6zSA8#SBrN~$*e<Hp|IbGebo<tDmZu9nJ;
zE_Lj_!}PWaWUWi_I?g6#CFCn7KtNK05aTo>Q~(^9qRH0)lz<XDAM;)YGrW<ufg@P3
z+bE8)E6qb2{S7Wr&W+OO3Og3M!cBcjIRfhE>Oz!VGz*w&r-D+sR7_fO!L3>(quOv;
znfi68$*vhDs(m>|)WTBekhzQavl}J4$_YtR=Gxzf;R_FY?tbmKUskUxIRq{FjP%-(
zFODZL1=|#t4_a0n@elCRhcH9Hk#Y1U_yCt``$~+XwNc=R=>5FIaFd>}ydr0z*X%8W
zBj0q2YEwEIo*ap#pm8++kI<dz;nFz&=hWm~&sTdFfpgVGp!@6$LeJOyctD*(I0bhm
z+dZA9au;q<VgKBOm|bF~+AmSCK6v6D$~j|k7<87zIM{`!EEKwX245kc`l4kOK2)JW
zMo59TQlPA8Bd!7>N-s%X-IUp^W!+6*Q*SjPql)G*BxGlRuohX7i)i>16d(_F<#S!j
zXsl>q0*6tU(_hF36OGJERh3P^b1O2h!>v|mjP1BzqXg*@<iu-g>Y@Zj5e)%>*WjxA
zF-i)vxTAzZoslUS$0fF!v1x50mb=`(m3ZaLl#J|fg2mVPeMEw2Ev?>2NNMXrzrd&Z
zh_T2T28g<gCX1g@VJ2%=gO9NW{~j&e-&le-W*2q5><BIy>N=aGfQxdl{klDq=yck3
z1FIr7wN}vCZ<MF_t#ridJd^^+m{~9sB`<7>MRK)lzBPmSzB2fyp>w5i0CgNfbP04-
z#qiS@lB9n@S;2K}&J_s%a5lR6RA}CV8qHhd+0tqSORv@M)n3amyvo`0d=J~JoOiM?
zZymPjWx<Pz5t<pF+mm2H9Zktze1kk@8!ZukN*L3BQbXV?0<{ed0ew5*+edW+W+nh_
zE994sqw?a&6hozg_{KNzPW$!bNv?~@e6<mZI^8A@`s`5>7%#}oz3lmb?pDW?ZKGp@
zZ3Et$9AVO%axw*XCgD~9$G6#*tIFrlR&8qqi5M*7@;`!Ra*>%|C#HH!Q@)lQ7FzCE
zm0duHn*&kK`6%9>!vQcC(7I*?D0#@EqqRI5du4p<@o%DjiD`eWa)ujfsGNDY9>ab*
zY_U4kS^<<ptmFAvu-b>%rP!oF=jB)s9MCpHkcA<n92F6Vrg?CnuC~PVA|Xbr*(l^f
zZ&A@1oP0247eauTswX+b4}m!$@<&PR>620U=mQm=a`m0XS&UZsOx5-9fpYF7GFn<_
zuX1_hNmnJcf|R0BcDi{fy3_r>eNwEk6g};U!F`6TK&(!8lkQ-{RfMCkYmN0QHAXPR
zyw0}xtpcbP>J`MD&dORXny31Dv4;>f=#P=9Pe;q}D)!Vvu~a&`xiPtcz++EsN6G_d
zi{CXRW<zob-CN3+*A;0ebc#_1tI3r(1MC=Ww)V|W0;h@s5{pM7@d}Dxp+q7jh^%>u
z8dz2&K%B#T-%vPJaO>F<E;VV?*y`%@b@jFmP2Oa)dSvGI-vvTy?V8P(Y;BTb(02st
zI*)lbrfc*W3S^>@Q~YlAxt4}j0i>+!XVveu*Q;zdR#8!@Q&QinXqg+tV65ou$K0w9
z(5Ie|4UV;k*Z3h#%2(Ks^p`P4J%w*2xS?opG=LCWYAqd=cQQ+s&!^;N8t7@*+5=}n
zRfOt+${~}lS=0liM=Y!TZjCp><lDJ<Hqf(ON7apT<#k&SW$gR}`$&IdZYpgzN5Tn!
zi~m#NIi@Fl-=o;_@_-zP1NJ%*s9f;WvPj)ViYz5zJ1(9?n97OPOr1@oA<vscv72au
zb{RIRO^FO!*K_HW`Yi)i&Q2=L(#iCYW*I&P*-&`E$}Zz{l&LsWMDwK$9D}(uelYx^
z&v3lJ`^|4(UoE9B1}_WR>Np8{IK{C65?DytoE}yGgfua9#wsWjJbTZ<;h1u{!3KuS
z5-RxVDvqh?hs#biR!XD4Zd(hd962<7-Q4yKtFv_L!joX-+vt!T8C)3sRxUNTkcKKS
zzi5rvgvzp#ahWWhqwVoN+zQC?1rh|(0`v!sdYyu;AKzIUaTY9#Iz`T?Fou`GuR*W3
z3LSUGSDQ@*?d(SomW}H0myHOe2V>*vp1=p{)b(xqoXs(Bd=<x6SrA1X3sp1RwO1XP
zVNZM{bR6{yqb+UWqP1K-wcgklrs|s*KH?jvDIyy(BRnWO#+hkI@z0R=v6t47y-)2o
zp*_KWy@|bFtJ<2hb~VzSW{0>8g%DD<Tm6z^er-)=lt;}0*Le@wP{D~>5vMIx%D+Ev
zN&Bl-qJ<?<Yl~l?v1dKb4+`Ua0nM$(uGTI$p3kl~6To)TEXS2W=-`czux})Nx9y;*
zTN`Rx%(@qu-xo)NYrxjjV(Cc1^_QuPV+K7vNRW{XS?@0JN)r3`a^YxO3G!354rXcx
zopA6zB~Z(uIE}VG$kF)Dq^u;$Vf!t&bpO0}1}a|^&1qWjx*nw#xZxHzGM6eAZJ{;9
z20V{1t3z;Y9Fl2=Iz%T5FuAA65w2HN7?FFF$ylj=M9^DFGnTEdPKo(zblJ8Y!sSN0
zw=N~SevJI}`1m`=$ak75|Ll(-+A5oQga1J(6)u9ra9B0$SGnwscsAqY-sM&WV%2Jo
znMVA--Y>3*{kNxHXtbskcr6pKlR74?6$+M-UKX<HhHQyvt{D%;cKd|wPBBZ~2X~@R
zDFjie7dYGa8p7&1Shl$(^LjNuG>f9ecKQ2Y#>aXxN^`}G5+x-&c-e8|I1&FfWE&RM
z1@Uy?gp|G<1~jPxo7B_HhSJU;e{7a)!e7p?&{UurHHf9bORg78fFEC&*5<3g?H#1`
zJlXFFcZybD#}<xsE*z;^s@mQ!d);QiD%rj}r^y>`YRefk=F3IWK+ZRFG>B?3VYfmK
zlZm=%mNPZ8>%5}+Nk#(mQ1xP0D&1~YZ+5YlXf%I$?r#jfxqh9X`R~(x!*tb4!lzZm
zNYs|T($6s8cx=m4czXsrNd+t$B^h+YW@AD)qo{mC*Xe?4+t^rbF6P8o2-bT_ofy>_
z&SWjtH2-%hfR1br%Q&osc}UMtnu2yJFXbv3L0=r3`EnLhMrJ)-Y<3IIokK@5gZi;L
zTt`oY<9p@}hTrBI`bmf}7bGz*GY}{oEF;0OXheY_dh$egAC<uKd^P_;%UG6|eNlh}
zgFkpfa8}Ame0au@S0ZzR-hhtlFsO1J^vyn+PZ#CR`mBS&Ks#%}o(uRpgV-+I<#x`(
zf@q_6@o3J}w2-$?T=>Zu7cZK5OsT|GS|?d&?Ii2t&2M-&MbjkDNBtQlF0&}|8>GTW
zSEVQxh7VxQ3BP#<e-=bDT+jTiZ^bDJ=by-v${B0J7_*{aiPL2wOYygZcNx)ini^a(
z%l$$>u^>M58L{<=O<c*L#kC?_4!)OTd@uW^*Vyh;IgCqg$WPTea_`MD91_q(wTs?}
zHk^=&bRJI3O{!)z141(JTjnrA49@2uJ#oEeV^XfwUh<^sQUVe3X?FDe^^#q#snmi8
zb!&Lg;*htLcjjV1cj+;XlAA348lv8_(MqpnINoo6Pn+*hcpZLR(RomrN~+H;Za(EL
z_Lx=!`+$$2aOzyN&a4lgkZ72sM0J$#9$XyhmY1w@E?B??@rNJ>+T*8!q5(D|w=!ib
zR2+ZdFADiJ+8dffa)HY&Q6_@RJ%W;Rje!Mn6-0sxFn>!g$$4CzAuiD%Ti-tFT?Ej9
zINFxO>WqZ?!m~p)JIY|L<_5BSK~Cew+epNb9l|XO66Vz{FY3)2r?jzEDQ<g(&*Xa4
z50GuD{Aa!nx%FO;RI{vTH;+_ZEX4`hLwY2s`EWxrupRDxrDdhV{I+S$3R{C_fZl|!
zB-lkkj5ucw2@G;4mb-TIAQa}=q-+C$9g;jh#(D#@oXWHCcTa1Ef{Tb$AQAyTgdcfQ
z$K*@E&d!iFCbPIx%(J*chwxG|6(?PXM_O38!_o7kY5F{OkIglaGbwOXMW0`-{7RPl
z{PX9}u6~vIimnZWy12a$F1O?1@>OTV@wLFCOyu%DO3!e|U?Esu)<O|^GGv<~PcErZ
zqU(4w$g9-=*DXM@@PIDyT+Dui#>zU7#7mp0d(W=|>vf$cj%dB0uPj~KGzE)IB|rGO
z&!ginL@xaHD!#Mq{TS|AdMHs>hS#g$<vR^lSV_kT&j{`ON^jUPm1zax;U%oyD)X*`
zT^mfdbvo5;o!F_$f)r~O-rq!NcMz((31MlZZ*0GY%ky4rRgt}*N}|Z`?us@jREPsc
z6=VrQ<$8y3y^2>!5VAPj5{~;2Jv|@&=lS9fHecK_!YgIFHHrQuAtAnvt$nPBi;$`z
z<Y@P)=-N2&r$q=iIy%0Q=q`M&zxnZ!4Gst~5J(~00%g2NC?~!3=fRHZ66bq@=brGq
zQ$<NGI>dK}$A6AR4gOg9F6j6-8vg}YwCDY5lh{-Q<HoAy(u#&KU@hzn_*`6}r@j2~
zbgr%4tDo9rLR0=YgYto3_<k+#<d(q9nzw1fH<m$v4xjlT7&-HIg_VN(R2Vso!f>Ss
z?YUKLz-3w~-f_%{y#J9HOX*EsTSn*}#J<Ta`I<dR43fpzoKk96dVfu&%ky3FvqY88
zf=EHA454i6LBe<wQNGq^^8oWkKGD)B<7ll2T%xzqx+?#`m!0JcRd!p={WM@xPh}*Z
z;}l{a6<V@YR?!^L<|eg)FIkXVAN!;H*hhiD<hUe8(C+>?aNK|V{I7q$aX!+&UBxjS
zXa69DT_mV7krm?sLFDodr-bT{iidqW7RYrASRgI1-cS|%-(shC<lLJKT7Rp*(;zSt
zs=XnriDW1#{D{PdgOJsOTXu6QM>hw<+bTY<-ZDtMFsGp*F%?__c93CWh)m5O+8Crq
za|8pe?W=^OWWOJ}NKDL0yte&-alQHhLs}UUq13tuurb0Vt;IP}QeCz<b_>u0F<LLk
zx2UL!RC{@QAkQLcFO%)Og$C#lImd@L9H<)RxmsEbU+L_a!CDHQDQA1#$PT7<!0z~b
zRUDtwQwEh#1}lK*ckFP+(uN(5J4WTsA%uGxa>Lh*Tq3jIIymakI?&b#8u>Nzl<B%U
zWx6iZ5Z7$+*>cL%j))h*NMpk243%MHUba#92onA@5Le#u*aFHCR2+OJ!gXK)kcIOa
z+sm?Y&Gu2kPKhjCbzJNw>)vk*k9~W9|KQ-|7m9wsZ|skUOfGO6VaFC^hCZ^ou2g6#
zGvY{?ty&-GR?6TEVJ-0mlwmCOS;`u{RqC&a0O^f#RShOTiLfBY(pWA$eb=n7vFD^h
z)&eT5?>jfJ!Wvoy-FnZJ*yxF`E!xnU$jB9;#LrvIE2@15ZJW@Fi`ZqZrZ}Le{SO}p
z+X48dv-6uD&1qUQM{UD}G&#E69U)P9%7olcOG!FGYSv-1M(sbnUZBHT@EjFclu4T?
zN~C~g28B$g;Fo=|v{o0l54fgqoSYE|+#V>E1NH@AA`_r?$emhqx3fFD<u-~kqF)>3
zql)5FHGG%D7r0n@P;?!R)mcjvt?Ppi$l6|a^~r}rlaJG$1|Rb~{p16F@XALV116rE
zPdGZv!7I~j$o5Xh`D(LKnppPdv;2;QUQ;3RBIcSdaktxD>C$U^9#Hi>AJQa6jTPPx
zqdzq*6bJcV{;xd*Rpdm5!Ao}9aorJHwa@a=wm5q1hwJp|G+~IIdP2Rp2Fv!cG7TxD
z&Te?tuw0~ub(lwV&qF~0f#lzC_KDJn5DwAW+_^?GhEy4Xb{3?te&ABV-i)b@(n0qD
zZag+m6S$mMa$uzr+u$OcTKqOO>E7F0ll}DpCU?SDtpq2~!CN%9ZHz77qSWDq&gKIj
z#U>tk%@5h>HC)PvFx*Jx@vh9Hl0t7w!^Rm4oxws)fwZL6hCAQ!-p%YUV$Z4ONss>!
zvyR#GJ!}$hXm06@-rdsizsHe}8w)`Iwa-SWI_L0_4;MUD{(UjSv%EYCaS&l2rH!Kw
zJ{W<rCE38$Ev;gGL4};XJt}Hb1XX!uCoG@Hv&FlVdh^<Pt=ZbV3*M(uH(MuL)WSy{
zOb@t|NqM*k-j9M(o(sp;4#zbEsjX5aRAU;x)0a*akW4up%5@xM)h1c;v)e`wkwOTW
z(5X(^-lAdCp*sDGjD1nv^CsM8O}gFqL~n6gql_!8U93Wx@B<-vH$3wu>?(O9l=e3P
z+WELx>bez}RwKZyejm(wMJ*YwD~FpjK6kz+*=iduo)P|dM#>;>`=g7X0j*pNGEkOE
zx*<mv$xu{yzp_`Sp}$h^jtbRQe*N%{E~vN4TT;X=d=~Q#$IHb(4Q3shhW$+(L++6t
zj!js|@?2NfNvMnJR*~p#lyDe?>oVA4+#DNGrno(_6g9=Inkt1*3h8FL&milZAxaLv
z8x;`L>Zz2C4(C-OSOc!(^_$2_5HPaDHty1(B;Oo|(6;<2Xx6azrEbBiydyOjL~x;w
zzyRJa>moF6m4N7gBp&J^Qw1$*3t_ILmxiv{U3PG|Cv%l|IAC6J&wE?Zk=%>+79vE<
zry3nt0+(LV3DrrtZEo|P?4t}CY_%Qi^4s)axhdybkrVnQ<nsvRMf}Fk#hZxJ@LM>$
zUYWD2RAc3Qa~AuKE1=7m?JeO&<M}JeGMo}v4VNwTsnbg2<g5IZME$SW<DJRC(wfj$
zHa#`Kr7qR7!WLqDjP~){_1i66zh%074j+!sMn3NN=EU1#`}^FJq&s&1u>%_O%3(N&
z?~LF7o}4jb!t&2gP}Lp}d6DyIPfd?E<fI%;Z$S=6H?*efxw~~I63PhK+gv<DFfNu;
z6HVKbOe@nTw*amZ(+4Q04jbO5=3}Zu7`*N>X}%#F%~IZ9cQwhQ8O2aF7Uk9aJ>ZPP
zUJ^c)lJ`~z_sR4SK&}+*-!O$bULAsG#Nk9+NOF@W2&kE<>)!@Oa|vc!T=^EAA~6U0
zH6F5IpW)zzSbfz0V`y;2uis#Uio&zb2KAhk4i9OmF*s|4c;oA}o)8yTN+C=nbL)1f
z>lJb`60W$4BM9{*Ata<Q8)n@X$RyyYi~~raOI~&}FRJEa!b<<Nl~q#LO}vK&+oMN<
zm(`?Nub~dA>o|zjy&BPf-QMNEU4zDtM)Y_>5B&}MZWyQO%W2QWX@>zd>zp1pWk=xI
zj4C4RpGlS50Hc9V71c%r=2;9&nf^Gtj~yTX^+hVuUKID5A!=O+{oL;U>hJ`sYq~n-
z6w(XT3M9}+_x2<Cw#3anK?2~ooFDp)YA!2B%m!eD+f)9XA=i}^KyyAii*m5&#g_4{
zmKpA-GRx=xe~EC5wCV<kJvAxLz^IKAJ!Pj1hXKV_&PUskYf-DZqp!iIu#9nOn?94d
zPJ{fzjjR^iaKQX&+Rm07kiu2WQV|%aQN;{}s0Mj&hoN;xkAiO{OL?dm<oEXHx379|
zEe3qQbhyp6>TJzXsm~2lR$Tnce74yxnTc2%k7O>%rLs}~Lv64)g*`!Yjr(2S$4ia>
zM=ApEl@>}sC@)_1TuqZ#lJ>wgZ$B-#x;-^SX(Vap9v!g2G8{l|Ki4GY^KMBg;sgUF
z=dn?%#&^7{O+m_7s4de3NF?GBT)n8x%h*m6IR6CvBGOE)CXAfF^%36sXfAx;frTNV
z{w~sW^b0<LbJ|*i`VLB;X9YWKp+JUJC*f90-_||^_o*U>x%TeDRppBjy+kh=su!Ow
zAKq{&t(4y!S8!c&JMdyTe~}(Ntu={JrU;<cwL(GYbjYAwmw3+uKd9NSYz1GgIajTC
z7mf?ERAr1zJw%szenU=FfgLB}9mj|_4-9!pKg?69E>xAMtU+#<w|;Q@>xz9q|Lck)
zQMo$<{LMaf6!O=kNOd1MLy;9Y4n4l1A5c9pU>w6p*e_Y4Hdjk^NnK~~aM~?X8dlPS
zt(jO^neE4T@jE@X>qQRH9r$k4n8Vo=IlQ_dR^nCv9VJd{Jz+#d$=qp@gFo{rU=!L-
z_!4p_YUC>;o+u7iFMJ@(Uf>ReF$?ym-70%g)qOqvuh8PfOMi6YYk6d4?FlWPO$5kv
zug)gg`eKc;BYE>~NO<ufZQGbum2rgO!E%+xf2;ihCkzL70Dq)iBwm|qqOEvZPos=K
zaFnrZo4OD3SEfy(nBwX~YuCBKiO{GV*3#FAs(p<*$fV$w?COp$o+RX7Y?%MTB6tpW
zE7d`-7)s4c+|pc3PckJ@#-q}}t}BK0;eF$Fjt^PBoRSQ+vN_QwAPAc${idxzKGvQ@
zIFWV-Ig&;wT;HDJnEIk+GE=t+NRyR{l#R3oe2t3oCPylPR+s9YEMI#par?}+Nvjk%
zGSRN341c92bnkU{Ln#4i;udXwRUF<%+_8;Imli$S>=THZ7aS)@O@+f7Dt;hJvS9Ky
z7TQJcad|5f>!K>(15x~^goVGNql7$UpSDlo5%-c{7dcRM!x!XQj82XT72E9M?#@Ih
zZ3@IhUH#y!1N@=vDqp}|w7&it_UFG<Ew&bX$F(w*<prwap!F0i*p2dNwu74vrAv4a
zoA&O2)Z*bVU8eVlsFmu@?_@VM98bL;e9_*8Z+MA^Z2W-SQH}%@oa+(u@h1f2P-<;u
zQFSyvtlG}0E@rqRweQ&%Eb3inAB919j<T>|vVB|}2glPMa@a55s4=s6U^rKs@U)wU
zBF-vTOOt=i0@WN&WEADOC6+h5#DBAbB9~p{Hy*IXqY#Ze)~6?t^F(v(R?zAk7ao@t
zrWqZ3R!-y6a11|;7Ab2y2wLicTJqsmlaETmy<9Zr+yrz&FTnrk8trB^zaxAgKEf`W
zjbGw8uam_-8&G#fBUK|{X*?5WY!2Ua2ZDxN|53qOr7VmTaG_+BW)oRL=Fd$g&}Hj^
z@0d!Wm5i@_wl~r!Ix&2#j90EvV05hOzPvVCcPPtN$r%3Sy4}%p+|=q>L_~OaY`F>s
zA0r3H!Zq`vV(yGkX?ZBa8hJ%+Jjh|5PN;{KE0pPFSA~{Kn_4-U3FN~?<;qxA?dmHF
z#+tI{10r{VRSf%Elnn*ml!cq#2<{P)tF@XZRUXT(?0%qA=<jZEC`>|2^!Tw<A~aeh
z<nav~_h@Q0+g=?xqoZYtHIS1Ge9QarHH=keAd-%P%r@m6zonO~Dd!5umG@^D$9Fhv
zBkF3`wlf)~xZ^`e9|Ub=pAP96a(<SCh)-HUHD?x3A;%pQ*dhE1rZl(FeEvF*A}mD_
z;lkxdFga?T`AN9}r6@=0MJp*NXC~cUt}55inO>aM$lQeQKakuXY=ygcVTqyp)u`pG
zYj1m4pMTFndT#{1!*0FGMC)2O1r&lvN#c;Z%kgM0b!RYW>@GX{hL$4#{NTf0+k~l}
zXgx;h%nEc?iSW@m^m3Qa*56yG$SFIb>@Ssh69!|*wL3l&xX^+ZC$!!SdLkpj6kDKG
zI%{#-5oWOFzTxstGwqOv8(dMBtKV*vF_z=|*}8V%n3<{iL8l?p=|7Nb5k!o+WCLr{
zn$?c&cd~bG($Z+?VL1+G<&Yynx9L!I9uCR99B(U~1AqRkAWIWL$N3G(9|nYl={mVR
znf}p^sN{g;I&D$R+STul_jS)1JW>#@_fHGLbkpxqT@o`^*Qrk8#g~v^U8g6yY|C_s
z#Fu${vp2#SJlQqf9@CXC^c))ce`H_gpA8|#=y*{Yg%@2-8v4mz_3O%(a#?g9;{lr5
z+!KAZ33)`x@0G}XyNa1gsAz^qE<+}N0atoTl#VaQ{@|1qzM~cnD(GBJa5@}V#@)3^
zFeQ#@V{Fdwp75uQDYL20!L7doZxyswy2DCFHh{x+I&*m^rji#9_2Zg>pvR4Qg9hay
zmPy5jCOL8^8YDw!SaU2H{hsiliG&T!ebn>ucRw?<uHo0i*+kh-*%`&^1ztjQGa?*E
zF8-jG!lHeK`aS9ZWk8z0leq2z-svjyV-f^b7OA|0qkV5*?>dFQfZgN~V$;X?pNWN3
zEgIOCap`WKeBmVj`6f-s<Q_w|J|4iHoh;LrFu~8_V7DNJ1$lmk9hU8}Z(#VfNwq#M
z)yA5<X!)EtLso1tHk4qpeWjr59Y`Yn)SW$Ed3|;lz?H16lhrDSvjfEF>2wY^kh<zh
zJ``{F9N&<4!~Mcjy&l8CK@>#C_)YwhTp{!;O6Y$rZ#SuieuKw3(naj<&6;hFuj~j*
z?1Vd}75U+g{_6y5Wg8)9jq>Q3&{Kj?W}0vnup!!V1WtJ_6eMTX<!*+VhFkh%ef7yy
z-N=EMCKgHuf<avz)P#iB&{(y8*zg^jwN~|e%2QkqmH$A-S|%{p(^HOQX*&D}qWH?r
z{2ZD(hKqBC7dB*Sg_}OaL|`dEV8vqHTm-gwv*~KdTu2uRniW%G^@f-BN}|GI@>Q}c
zlrJczxtGib3U=4Xpb)+OOib|0y?jsjs-2PuahHqi3xP2)DDyyL*`TM+{xzFZt9DIA
z0JiAch}&A~hw7RMp$Ir#SPGlF=F0==E@meF<3cg6FRcap@LC~K_)+oTw3C%!6h*tn
za_|!)6%6tAEuu0I=L!9hp^{s8I2anpdg!M%X4NU9gJ~{FXZFK3lO%%!3a(fRl8#V4
z0b>5!JUzRdWwLlqPw|Ex|Abi@dxq7zg|~@z!iBRXwXGq*FQj|oC{x&4!jf*WX^>Qo
zNd<maQF$2F;vQuZW=D+9aE_hE&9j>XLGA@!2NUVmlsTb7Zd1u~3?f8!tW8Nbaqb>1
zZKLalYgvH&;u2bW;NekSbAFIQ>AyRI>ZhTZ{cN)oIw1`gqfO+@WGzzmWnYz2a~v)q
z;#CUafgt$J5?)P1fFbN8sJINeXwBJg1^*{<sU&7oB0j+7w%MJ!<o;^2kqZbD+N&e%
zk@e|lX;9-h#B}6H7zvhcWl!pyJVaVHQ~glbJ^ruN4q1U)@v{tpTCGz@Q){Y#fEzK%
za)1Rx<rfFm^IxpcZ+vl~@270K{GYim=w>GjH^$+VNw3Xy%2}S=&ZAkD6C*ZU_rY*A
z?a|OufGa%8+KK9T^zq4oG5R#HS>LP20j4xRREjXx$-;p2CUeimg+_?cJbgweD7stC
z&$TZ8KqfCr>7bLc8y^<zlwKsnI0(^4#3mj084*FsyS+*15%CM;=7FBdHrh{Zl)Ua|
zXTIQVq=-wLR>^5uarwCB8i)7NMmfJkE<zg|d^-xhg(~bi^qp_vJfPR+q8bL8K^vE}
z!#31*Q)zn9(44oiG5HufQB90>`+T}LKds{^xC!yrhDi{GMhiNbm0#)w>cOvIC9p1*
z06}<3R+bkvI^zav>mSkGNQs^B5<T!mkU%IT)M)w5B{kWZ@Y<C>;}7b|bA0kMr%i(J
zX6)B3#*F(X1^C63FQ#pfs7mHlQ!~ex-%O`y$)BLV`?}F$l|+CwWRltyD!p8}B+gJ$
zVuD(P@WCIimW&B{tO4e4zNg(3$}i`j=IxlpbXw(}P72)9sp6huSJ-j+o5ksoZ6Wu2
zUHnlk$H%-J#}lbhOpRc%o{<~Vbg_SF8`Jz%@Jn35A9!yz+P)Qy(#uU^x><LmGqyp}
z;`;Q&a*gaoW)17&y2>t5a+J*Spc(5=Z7^q+eLke8{eASJBwY2Fqk_;#0bp#aS_WZQ
zK~j0d>!e#oxBtc@Xz~}K@dk+Y%iqNk^oQc_4~s80BaVAB=wzs{eBU^fkL1#9WK(Xq
zGk~a%5LzP7`Cl1iO^JQr8f0Pkvd13RcAsXmy0eLW`>q*MTy5tO1^?TknU|+AaWl$~
z*E$%U(io~qBEY`Eb_iV5fPmwc!$?Q~cX~K=5h{R!r;n@itV|{8({<xZ0ekb(#n=i-
zP-$V+)D&xGN9{aG*HhK{le}&4`+P!pLA&N>tzFYLR?z5u+%?hx>cp3uQ-S%?;=#l9
zEzpErT<woB<YC9ZG38^y=>W0em-dUhgkrH*DI%M^n(6xWfNnltz7XNj#<fy7U7X*+
zUfhWWZb=}t5Wtz_s7slsR@SBCDp(>mlB4<EPvf8&gL_e~2mT7n>>8UxPVZ{75f9An
z@g|J@%~MD?KZ07IM2!GejKuTW4Tf?n&l~}IA&QKqvwbG3Sasv**a_g&q5mLkG=nw7
z2H`8B0(cN~dU?Bj_6ra9=n-T3Haey&c7|`$Ua{E-qc)hgYWT~h1a?<F)UBProy+{Z
zKTu{F0nFFwuW&;P=hCSF*#=@`VkJo;)QQ1~*VAbQYk0Lz56255sP`H9i+8Wl+`wOK
zHZvXxGvgV;dvWr5Fu{Q<75|v>Ex1$|dw+0_oY=ZLx6gG)lHU>PL#WbL*|F99fF{R|
zpB>>iJE9KOQ-bIT>UecSs_CqkYYlq^tD%w+&l&hmqI0i?Zi>xfJ9w%qR_nC0a)6#>
zuE>+ctaHy5k|Y=_o5Erjr`3@ENH8%h6=PsQ!DD}=*qIexE#Zlyfi6KyK@cdeVAXvi
znMj)xdL*xa4(s_5-g#XsHrt70t+2bitQ)iHY*!rrO^W-vGQ{%{X^gA=TN1zdIwc-M
zGFv%aMolp`zf-EKiG@#>Ibd1IWV+v%lx&V)VQ=mreb_`)Mrh+lBV2)8<S_3vBNkdO
zLa`}YGp8Zl-iOl;mF{m<lg>!8(^Lv(cyiY&q3O&}W%c9_IH};%Z|DJ0p4ta>4q+W3
z9u;5QQb*kxpw|6z^^_YF-UZFvbBz(Cql_Tw9{vF@sZ&_(c0ygq@@m!Qp{O=lq5_15
zD*ssTYj^wD8qAYa@2?7gTELhm`MRV>?$dPt8yU&Q)XUf&hkB8ix$HUG5GHCKG<D+s
z2?-Dz#!zc`Rgp#YD|DoXf+hRm31#by5!Rk6YZR*I_qV8N?+e_BZp3H2V_tSVDEBcd
zC85c5b(|x2Ix}El?Yn;#d2fR=qB_k`dFUE7J5ijKgs(dKvrPVq_9XCnkZt=$UTldJ
zq(OMtx#!mL0R=-dI2^-Y`-3_qbvb^^e7csiIxaCCIoKIB{t)Ac@Gh!<Ws{9$8Ldd_
z<W~|`Tz52Jsg?nE`=xSu7?TP<nn`CdKt~$QzQr}GDy~ubsiyYR=@neFH`E_}G^jbg
zNB4ea(}w<LYC}H=-FrUO%!VuFGnVa|-G`B-h_n|%4@jx=SHtmO6A3Na7?o5@W<<&b
z76}c_AG#*K{E~w!X2);`2}(xgrrohgf@1z*@%zL(RE<i?!FX_CAtzesh71HF%uvvO
ziUH<ov%+OOxQ$P+D(I^H!m4-J=S{_DNO9;+8QsMOTq6o4KhN{k@tK#nvh~%Z-+DGS
z3~}H-z$~vYZy!t%^CgT8C$KXZLIm*4&b#0W;o1!yg0iG#@3o>LxicYLO^8Z5;jbX1
zEp4PsRa(1>B!8oHQyNJX{6v5|Kas~lQ3XJ#6A^z%iHz3fYJ4L{zpDeMSqZ}h*M}Br
zSy%D?dG(->!m=B$&B<t5iRnwh;=qr$U&GyOhb?)ye%OD4w87Xa{#YOHnnVCj1uI<p
zF+E4cATH@@mOb{>=(*_ReQnDyFD=HpJz}eF^hh-DCS+wK^SNqhGTL0g(^h*rLZKeO
zk&UPirL^cGD-Rc&X61dtchy?0b>%ay<CqoJvjwNz(Dv@;8`~c=4L8{$+^rI99?mjq
zoca>5+?O(I!j0Eem#{eN3OY%=d8hq)@}!PL4?84uWbkSjBPr)_+uIz9ip=zR@G{n5
z#VySvA<&zn*Hs2;wxJ=n13U<;W8c<BwuJ+M2;!PvtmkR5oa`oq&Bxcq2T@4-qLVH6
z1cI3g2d2_GkNgR&0Jx7&c*K@&1_CwutQp8Brvo)L2<`^`aYeJv_`E^7GQ%=*7DaxO
zm-$uI%lxX~WiE+y&Jb2_lA(Eb0oC)B!9UulR#9fz`2Eiie*LvxR5(u;op855zA+k4
zUerRKw|<tbU+*8k2N-m9p&Zokunys9Hg=gQ0h~IsMW$(YSLwBx;WK^{eFUv1#Pw<;
zJs@~pNlM@?>Z4^LJ^#>~|C8dr{eF?N#`yo2D>!+NOMYYvkVOIH&~-2v`6wSxwUya(
zS2Nvl)pQ3=tNwku+K9@uFCXM;4*DKwi!H0;D%uK{ICAVTajx^YI#X5w;pni0(k6RO
z<Bed97yJ;ej`tznPzgx1#WLW47SXD3!(&q-I=+6pr`XyjuPOV3awp<;3%xCPUAGN7
z_s@H$0GO&OYmI6%3!mdtlLA1s@3yu49glZ64(X2O3Httn0K`^B98jI}Vp*C`m%%F~
zkk-b7O?J|~Q4aMkANjb(;X;UUSFv|v<dz6J$v;$mn5iv<PAuNZvFOT+1D%+~_-W}l
zG*=^^wbjUt`3(KW;GfpfmBZPUd74#OJ{`@co!%CfD2YR6!g%U&V~~n(!s+q+riGp^
zH11Tp9RoG(J;D}!fgch?q{zxgRq}MpjvIW85r7A3vJU6c56}H)1zy|87Godw1_XbK
z?cO&5#})3Qy#1%yFFLNtm>GOaYIon|diMCq@p_{pr94wiskuQU+_;X)-t$iH>X^bW
z|B<FIv-#~Sd32JFFK5VjH>cfBskdWtn*Z3;sj?T^8T=_|LyErI&n=t@Am%Z=gADEt
ze6_=@U6-`00ki$Mg!u$T6CVX4aKWe<7Q!ElxC>wTj}a)y>mrLO%cR=YE#tB*+%kD@
zcTX%VY*lujeke;E0t%2W7!5v5Q#93dg-;&-f>NA&IO<AzQ$t3_jqK4MC}@iAncJ&0
zpg1&PUYk73^@^5{Wt6dp=Z?}Zwh@w~QMUmq*e{R4{q_4fUcG8%Psp`C?G*Uj%k(D7
zUR007{OV(#x-Ji4Ask7w?wbaR(OF<!%S}|L$7LVjz8@NV4ofWK+A705vad{}!Z<vJ
zLZ3)PNeNzWld~%HKZ^0L<(DQr+~6%s1HAa5l8r1HKk09+g(^((*m9lea~QnfIeC?A
zsMA;iyxFVvds44IIbI!}W-AC>OLnPj|9kw0H+BEv4dO7_^6QlO4>!!(1XI3I9Vuir
z1{>7yRvO5Wnoq0Lm%_0b74Y#*!%zQ=>tHqI_%Or4?jp!8!W%I^{L1f(UDc-5WuvC|
z@i{$Z5F#_UDEp6N(EYQjxx)jw0zyoUvLHDgXi$$Kbs%xGWxM+K>>qV}gvb*9yBiFq
zg8leT0UsCFB7k(J2%6Rsj<FinaeX-~qh(T#4g|@OG8~+o4*N#%n>Q)Yn3*(hN1<I^
zFR43<3hC?x4cZoP#AKQ7Q*zjV+5ifJuTt1Q!B1&y<Qwr12r@?bJSKVhTai>%1Uw5)
z9ypLK&6H(_+;KK3Bg}dv^>wxRIyN_oX*rz#`VthMczxPJJ#66OR_htZp%ZYKQVh7P
z>x!(3v+BvWoegdsELPbeYEGrZK$_15+c9k)N~JxiTrUquE{&o!FR13PzM)#G32>mf
z7-R~|RJINk7N7EldBuFG_ACM^JfDNrUfcMR&4)=fACbxYdUZHNcyS;Pc`8XkG}K+n
zgUw~Z6?#qgxp?Gd7SnAb8v#cWK;|n_Z7L*kdieRp+TZOJ^mwt45_sJg1XtrW{1d*@
z^eu?P%sirRW}IsX=Pf5O9^_Q`Ea1}%0#8GO2~QtoS>25XCu_~!Dvoj5e&HlV@WSlW
z#m|*D87Sogb#5AK%o6;h;D>Q3HiicAB%I6_&}*p_j*rnk4n<o`;sA{D7wY5GKJ}0T
zDGQAux8N#+eGXZPG?>n`9$ubG7QVx=LG=oTL8ux;K4Yql3{Zi*Jn9D1*6xtt5afbe
z)5odjI%8^vZLZ%C3j{|jRXRU+^Shr0Qof9Lhz&j#+k)NXPK=%c@(^yH=?oya!!E}Y
z<8z#@S8;Za8pR1&A-uktWLD}Sw)YNiOF~p!w(Ut*UFbh<$;A|v25J)cL7<$LJjMZO
zEPIZ2nd_BQJ+={XK67ag{(Z<H?SQ0nVd^kj(@$~PNjTboUe%}+vSj~F;<L@^W)<f>
zdijz2au^Fiu}~mYedt^WHfmWFapdlBfzrX>Gf3}$1@Q@Uw?!ClbB~1Pv4g`YGmCv3
z3DMB{H2vMA89ma-q$i*Ri8HP{rHua&QF%zo|8ck4^M&KFA1>V30|JM_*&MFkk|BSY
z|8sPQ2dD?r9a~XbLM>Z%Ts^hGZC=tN99i|QR6b=?&33(GLU(;dV}P${4LJRW@H|IN
z5*+n*qUUgbnZoai(aa^KkG<bj(CBxC_m=HmHqoJiY%BVnkp+SDJyXLie;&vb;}~oX
zTm$qUsQO#lvW}-iH`+G>#xzcB?za%s5dzCGMUR|c#)D;<LS_EzD}>M}BUC^iVGL!9
zlkVeaRLKw;RwWC^`JH>*1==LEBq*lwZN7j#J_<N`TIsM_4Y6G0pnM}s&3!z3#Hy<?
z_*cxB*8Ugbm9EJu3r?C9&BSIug)Aq!f^1GP@>{S<{3i8^{Q-@KFD`3QEyV~kt@b>t
zGa?OsuSvo{qhVmHuGpW{^jC960Oq1oJb6i>FI%Rh3nxEEd5~+T*=pfCLK*`b?p?$7
zM3sD%O*Ne`n%o+N=tEX-QG|4rhG{weqPt%^F7`BU;SfC?!mNZFZX5zgC}B~5=!AnY
z{#BdE05_3r@#vI%tb6u9eL-8tyAJ<{IG(`8-Nz?Lv-CJXUV7+vwGlc{J<x`<v$6?l
zu5wNLE+-nY_4#jg==hpcdFy%gz$YDtO?@s_j1A=eLyZA)0Edq?Vm#srhKKB<mo<LJ
zhY-?xBxFH_$TCdB<T$2P-WQQ76p7}G&&;nc+rS?|ltv92pR2f*NE%u~K}9#l!4}@%
ze~==o=iWrCrvy%jD9HFjvuv^2Qu`^}LskddSP1sD_M{zw#d}AyZC%8ZK(u|qq>#lZ
zHvxJ6#%#i(C3h9BYt0I`>HODHs-Yx4uMV36+&S|rTF-^U9tHJEi(<f+K{Q|dLAJEU
z`JYsP!(>av;u(2Df1^BGgMiSD(I;XcBSY4VduR8{J$q!kz+)q+8~_Euk`2Us9lizJ
zp$RN`5eg`;e8gWcPSfcfYN>6Ro`bRr@ORmXBNWD~&lVZlWW%9KB1J#a2yx<2x>8mp
zF8^}2beI6k(t^j(>`eE2`8BnUa!0a?$Wjq^gyv}H+_;1MbxE>lD|&fLb2js_kh$ut
zA+nkW7O-zod#akZ65i>bfL)EFpA(}R4HO=&B#+!-o+^pDS`&}NDGkr~jEAGaBd;Na
zH5XCbS&i6jaPZ?upUi5sv#fz}mbJ<6pnh^=KE(=NvZbk!g^5d@SmJo!;JmrT^N?D$
zc<{7YB#8SUuQlpQMMp6bCU;rR{%O0BlSVxiSK*@WsIb4u;wHPp`n##_pr<-6Dr}&`
zCfVlEXpiHV`sZiPykg2>Y<pPkIO~j7tjW-zjL@?oL2BeD+^_o|aENZ-uvyzhjKl<s
z#4rdc4WF3s97nIqWpMATe~U)osmo>1ce^GCj7yBT=R=x^RG|<N=OLltSDQt+BcK8Q
z8)*+9>5L4aT2SR}(wB}$7@=iq>VT_J+2KrVW9|}nkmxt7Mw#rBOLDT+WorZuy+g{Q
zgIcUb%VVU~6237KUI|z~p7KwhHKU`NhGu$8yZ0yux8S=xt}6%s!PXa!Qme;qa|c?@
zZoemc92uvb+`WhfSTU5;UNYS1!@i#dt9_S-wICB}D~dV^X^ar7Kc8D^smQo5nZ#s!
z*aab@E7xmN95f%evS+m0aU&Nvb!D}Ud4qUaGm~%tMOBn&S%i=1m3|W~hVZ8$qtL(F
zU~OWtZ@&ps^F_DS3<)<+rGCKO(GP~4>UfZHc5MePD_@=JCDt;Ht6I5i7w)j2{xu#l
zjxM%iH<Ny`5`6E=i!X<^6$-7D^kJnklMQyKNBt8r!geN5#S(fMdmQl_ryF+~)>w!q
zJLB@faV^AdE62lOBToh^bssLl8;4hiCm|saeLUt(S2UD>)ORI{zfMTLSVP=u`7={H
zHa{$~IIall<{j*g61}d0>7j>^>x#vWQvs7+N41IORyHQvtv0VwCJQN@FJpZdHa2Vr
zA~RZTIe_2kQ%);N^KfIQv}L0&)6a3W;wm&}-Iw1_Pcx1P@^Qp+R&UL67-EYCl2(@Q
z^N&WI=Ed{rxJl0m=DO56hV_p{p6>4VJ@IiM%Mvi9jO7oBZj1OySJ6sau6YN`*G{9X
z5m!TUUDSKW4ky$Ec)Um%l`D6^0+M{1?bg!ZJ-4sD#GcM1<A)QgIzV{A{Y%kYlcB0E
ziM%u_Y{(s#gikBX&q?{-EE}X8*ORJhP=E0f?J;8K1tPbdp!OvqXSKm%TwgBlapy5B
zIgP%P5*3C#9NTbls^#j5Bp1ZXSHJ>0AGN#r0?EfbEhzmGD8MbfVD1a+D4;T7AK@YR
zQbj!p{RF<rf`GwWL6)~*T#^75Cd>HiniAxOa?`m*ViSV-AUe*|7lWIfg`$K@0_+wj
zzB<#W09flR205Y~x{VGQO2i#my7i^cVGB8|ruEm)yJmQ-EzlW)$J+;p&yM>eIvh`{
z_}k$j)eve7*S=XK$>z8k*LWa$JF%{aU$Y0T)^5821g0hQjEb}!qIdbbi}^g(yWbg6
zXX7^d6>f%oIi=l2Y9>3v3$kgN$TqaR&C)R#GNH;(Fb#oKQx2S$lHkSLL1Mse_!w9t
zBZ3l)cj24wzb-jl)hvG30{$5LzxMDTWaTG>8Vh89FfS0~G9h>>$IyBngrf(hH6JS$
zjxP2X0l$j%ZoeqpNT65SY$mjqp^ht|Ma)mCifiGS<+)s3>nBH%^>g3hf*gRh$i7P6
zaC{aJ==1iqzDSCDUl<}y8mv32w7_XQVX>KsX{n+pq+6WF-${|zkwdDogRWcPau*(l
zTEC^^HRkySzn?a0n5}2M;}*~Q_Fk$ryzLC<HLQgp@)&qC5a$8N*g7Sf61CX~@GEga
z2MRc|Om%I-R*f*YI&V=y^Pg61j#ix2=vWZ+B<NS$cu2T)q&k#5m&=CUL{D(V;2;;d
z@N6sp<XiY;c<$HLOQ-@wy?WGoRqEVT3i2_!s$~qt5A}`w>Wt7TNArXah-~tsNURGV
ziYC+e6(|o_9Nj)6n?$mXXNWVxF*Jh$ZicbE9k}ke(?ftQZf<x!KZM)p7d+%sUlEBi
zu%_S$Lt?dBew;r;=4VR}9eZc!!RW9hEJ`#so5+sZC>Ki*9=HFPbKGAv>c7+*Zop6k
z(n6H?vl&r2sCvU)u{Mc@MT10xw*Kbe<Pytk1gQX=><N};*Aaxy4GqGu@}miquSHe0
z$jv%EWNQj$o#i}m{B_SS4L9}_XF&C2khV|nI~o2Rum#zeu*WS>W5NcwU?;FWd<u_o
z8i+)5a1P@1i9?eiLlwPj6|6*`L3Au=R~I4&4;a071&lk27z0zpkO76qjBzPue8zUH
zh#B_w(_ASCk5dPs_dantFw!C(U<cn{+xyb;@0dyH&73Vb9MH(Un|O6p<Vx}%{1L``
z%G<E8eOxlbYNv_N_87*Bd97<h87t{e7h&mh5Jri(0`X_Ta=<);!YFJ_Axo+nqZ+Ek
zATCr%RZ;vs;o9%lZ`?Y%({$mt;49%nDuJUMWjRz2{*zG44+5Ik!Pov5E(Fj8Ti&H7
zJXs2rvd56x{Z#DS?>v{@^R=O&Vu0-;CM4+&+$|ULZtoBVr$dGvRdNq2Wz3e?b4Yb@
zCl?gx%W|<Kg*Ie!$aRG<ZjBRdEHA1YH5y0eVt$klX{QxSR{iq4UNAA(dRhh>1gnx+
zIJ`zU=WghXtsraRm)rkz-i5nhx3?-3axr0KLjMxgHZnSSPfxaaH98zZZpq{YrSI-s
zWYyBKapk<+q$dP{$<FgXpN#O<c%H}N>p|?W)LFs4!W1P1s|m|(Ssuiq<vA=#-sIP|
ztQa;b_11~7RHyRht&<~su49WIj08?ytR^1K%N${2TG<+M8-$c`(HCzV4`*Vc4Z)Tg
zF;bq~$H08kH83mE&n9N8(=VRxc>(d%F7nIN^y$x1MYW30z_C}aYF%aBcpggiCL-`+
z2YJJ1J0H?{?ykh=DkVOP)`Dzb6IM~su_evLLe5KXfH*2y^bo?mOk`h|lfO}r#xc&m
z10|AHM;jo&NkDjtwcZ5b2E0bJBaN3pLA|S^g3Q~W$PrI0HDBPY=p_wUpz#x$*c-)T
zDsbH%-j|0oDQo4qCP6igR^G>f%7qp5?5!)d+&m-3z2|J<4WOLECYc@5)Kdn$rgnK@
z#FwwG2^XG)T_?m|KX4xQ4yQCN5?FqN_60p6A*sz*6ij)#4`0JrSxaYASCYLQrU>GH
zEtiNK<BL6Q8bH}YteorU>3f1Rez;Kg(YTL@)vL{hGZ_z1gG4{&J6lY?^Z-4rU4r8g
zO&jCXLwIJWdpduuK=vA?56J^|2p^t{(2AM5{!aDFda$k{aXt!cf|AxQ2vs$ZWcBq!
zL3v<|**W41EQO9^0Z??jnp?CzH`Vb<KnX4H^plV#Ba`LV)ggkkT*wFT=x#!WX6=|n
z92k}$t^YcO*|Cnq{CL=QyO{)Di=pPiH+oClRJ|o`xVOZOjb7kKgP5v5a@Z0#fAnGX
zqYqiRML6V5bt{u0qjVOjdQ%c4IW|MJc2zmJYN(V9Gv)!$6>gyRp+*mU&XJ%v&#15W
z`iSi<I;OC%%_wb*wy*@?gecVA1IE&Q28(!x03^B^87%vFcGm^#kAe6G|ACaZU3J5{
zQz2IIBb7Y7edi4F4ZMg`e)$6be&_b7({sNYlOvhNo_YQ%<!0oeE!6nC>pDr-$a>D*
z%aNr9&6%L2=A^A@O6%1bPov`-UW#EKPn|_bkt;yG!RVNtS1eA?aM^gC!TZVBn^?Vs
z>^WTRXKnM#sJ3<Zz7b1fz?ViW?<7Y^OxPp!o!}F!*f~8I>9!mV6a}I;H|wDGgv*Ne
z8T!I)0p7CNMA01=`@R^^i@jeYm~-h!|0lc-l+x^3iYDs$&}}v#6C$XQqDCxa<NDNJ
zBh;o&T*a*K)#gN|;~Fd0-2D1uyqohhCT&P#kY|*qT2cN~N8hP$HWb%ub~oCI7gLFe
zGF7w8CG=w0)$S(MBJ}>VZw&4$L$pyM^8N<gfHS068?TB;x^r8<29q^e-M9{%7?81{
zA>=Zh;_baaLh1sb6n^C~e%;&Iy~Voak&L=Hf$TxlwR-{*i%|j^)UxbAqP81zXow!v
zJ{8`cxK^2x4?3pob++*lO#+2ny|}xpo3nku<YSRlGyt;7fWi}sX<RxTe*T4Klrkf+
z994{%pnNTShOPw&?8t`%wX?6g^p6?5SE=yjJ`^$or9%JXvfQFhldi|-mD_ks^+kS%
zD3i6t?bmqm8*R0g253doX?7p2r(H!%$0)vxe`qViJnxY*Lf$(oVZ3w4Yw~LqOAo7E
zj>41xL{gcB+rJ5qkVYx=j&<ob;YxR<_r^AJCkwEO(^nIiw=FUh1xC!}S=lYySfr`Q
zQt|e?scMV3ZaxKFZ85Lo#tOb=boqkOg>*^&U@Bqggc7g<1~?Oqh~~5@WqwGHx9KU_
z5Gbo_&eL$3@9**SZUNNVP#ApGxN6JCxn!qLFyy?q)i!|)K5hc3*U+?{KwjEg!`52w
zD_6yRyME(El;zfPC#AVa!nUV4X6fmeZew_&FIXw%f)L%nH(4s+aQbUJKt8L`-A5@U
z>XUbz-4fnJD7Qg%>`21V;gnE}p;7nTAl;nz_wzxg;~;`erMVK5PlV}B#qt^x;EHZ|
zdv~r~7j*prx}Y@s&^UD)D<LC+5fj%}Nj(}09wU4Yep36Nw(#0Px9Jxhs~dj3NoloL
zd_+J(55uedKI~+9XumzE=v{`{kspz+vmn<rd=%~l9&Y%wsx=QXr)e&rs>?>sNvC6~
zgNR7uL8gwY5v%b9r`0116+;CSEZh+ydxipxu#fgp7=-5tGLt|Slnj>8;CR}{{7Dc<
z7jriI;wwRlu1DPBFQ&ZP?ev@mSs1=N`LQZ17Vvi=ZrU9f2Io&;Y){yP)IPxlNTue7
z#u*~-WaS#?-G*re{UF&7kP{Hy+9=TcTaniT40DgL1HNrZx20)<eOhP7=y*EjDVuk7
zc!I!y@yPol{MAB3)H|JdeSa4nN$mV8*?ixlmb)Z^OD9ZY%(LaTaVKE6S<j@)Mt!$n
zty!&Z{Bhfpw)*0}<MzCz?Rf*+lZFr9^X+Mk5keiz)rJ#HFwdMHLRf9Dp*SY9rV}-q
z->xHkg2!|mxVi4Ej7U~<FSM(-2ORq(!JBn=!$r*aExJq6hlcgZk-i4f(Xi^B&bw@S
z8IT6@Qh^39H)KyhY~e<`k`^Jh%uN{M#G0@|nPCw_F;2qv*YGWH_#R#eQfSQBSBs*K
zh=uS7snrJuykrG=*v>Q?Z+==swju72)N_NSK}-+|;)|&1aQFzlh0Z=^^g&pDkx(@h
zKV!Px8ji45o)wZRV0}teJ2L-B119}H{tY(3C4~~<fl_xiZjvqWwG@JDv+eI!2LI?M
z^fhFeXq~nQ{E~vfDn75?GL%3`lUJL0!3e%UDH<tKRTZ^Z)KisBmzVHOG(h1d{OdRL
z?CjKK46e0foUgRqxdy?Rwq{;ChjwV7w^n<dDCtbW|L1A9&)81*7ret>5!ORb0Q8pW
z(ieR!^Ks%7Y{Teo(CW~5iaFj*xX<zr?|V153xkInu3B_paQaljGGuK(!HscxaKuG$
z84+WLqS;4hAfAyXT+oC{;h2hwnqXOd1{EwB_8*>Gkc7(k#6e@J>}o*&b^7!_ZiaH@
zjo#ylA{Wsji{!xx8`s4q!Qm-n=LjW6j%-cjtkzCX6CR_$79SE6n7{~rT%XM1J*F3(
zVOHV}V0RHaLc9_mysiY61829N@gJPj|AC~RcVeMr!)9@Wnlzf<{fw;CI-6uydz@W*
z4Obu14|ze9X1kXgA+ECUva)IdXVi+9?tFL!zrJFd5HjN@(F)4wG(&&CAWo@;M8CQ-
zpuJ4Be#3HY!T=0Vw-fst)6Q~yc4G*)M-W*)4o8y+%6(`0h7p3E>%)pj%i%V00xG&z
zs@Q2tD5Ue(Zg<wbl{aC!(XrC=i>Nafgp3n(aSsyBPL;NLzHmI(vHq60Wqi{0)8De*
zB7(d)ygH`aF5-z>PB<%^4y(6ysLqJ)YnxY+{damep=rW?wef?v*z}zTI5gGYcU>Ij
zF?Y!0@ZcShmoRyCe0xd0aT_I3W;!DrG1x1XYyAftuFdDKbG;ftThUBAN$PxXjgQPE
z2WqdoUMJ^MhgGk;P8`NTU3a~~#hhn<9d+03f{HUjMZ#0OIzU{3(*jq)`uO`P$6S56
ztX@rJ-3pfePVyi4Ag7f&P{T#*^rSnwr`VwwT#oyoz>J*x&E}Dh2>9d5$Gy|cZIV5w
zXIQ*%fjUAPD-FFBAaz4XlBI0@sy_p2oxD+zn8$m0Vm9$x%{NPI>B;l}1;j4czd57_
z9cD*AdBW+C;Y;L5bZ#7)ziTF!qZatAMFqNj^2AeA-uwxE9d1IyAbBd_*y&U58VPHP
z8fxSSDCKIq@`(DIb}@0sDP#!#&z<P&EV7}<oWycm{&;BQL16PMN`qreU+I)&t5<Yz
zJG_L4Ozz!IN`HgH20o_^%fuPXp!$VWJcKMj5q8EX0x7V0xdf{e;p5_>c&Km%K3(U1
zEKw5<9U(d5ui&u7!`fgPy+(223ATsBK&o+8ygRk)e{S-PZa4<?L%`~}Fhp)I?;Kvg
zU1DTdcBCmm!4?;qVJSE377;3^iC_9L97timy<Z)lSr~`S;MAJL;*d5NNgN3)ECl%S
zk8mI1)@gIWit;?K0A}tsz#)ZFPI_85v!1kA4bROLDcP4SP52kAT2d^3XaS>IiVU7n
z7k?dDCTe_t-vdn;bFm|*XVPEjB;;D9(_M_ln<%H%84tFo2h=Z{^65aAXT0GndBK|2
zEMy^;2j3;IGuZ%z{9fxEt__VO(p?CR^UG=KNaolc!Vp(Tqmg0-l;4w}e9tutW#$lm
zv3CoTBxj66D3MyO;+O^x@Jf+7W*g3EbI%KJfA&t}-!_&a6bG=kEJ&Mm61TP;UheA3
zakN~%g9x?(wO?B8%f=h@wSFo|Fgbp_g{*J3lU^!6LP#gKSEpa_@f;U^I_xw4SWC-S
ze*4;xxH-dj9j%W+y&b~!|Jz`-{eFwIVhv}jX`9d!i$+42XJa~v>R?qbq5nN<PW`gH
zv{|Q6(+g;&UkJ^*HbKjLH`o-0ycRn_&AfsYxIrVkaCMLoy{&(26frF{kNb=RLMyBu
zSo4HkE4Gfy9@FqT3#5%gA<F+&Ya|Oyc_qc`>l_C;y6xi;-|LPj?)4=YZdfssW%?2(
z=vnMKi0OxQ2G@q2pW)(VsGW};61LkX1*`)(pSO&8EO60%pGbKXWVFot8c}@xucdjh
zB|SzI6Pl>p8X6~jvRU%E5S^0pIZ(gG%2s=$p!&I1AmpI|nnx)yuuZJclM+|4dWEx_
zt>F;I%>@^gyFoV&@rWYrJ;Hx2gE`bkQT9@hXqAetjbuL~_)(M6_m>b?An)g=pwg>t
zp7L@nc^vxi-iqAv&WL95asW?3<qHo6uWi8v7a7i+B)&#-AuG-mru=#`l~X@wg8D4N
zuTgG3NweyjKn-&g5ARXT{-Uj~nvsLA`{Iw6q^kGx{y1=4b3bzQ?tY~IJ>L0v_ppss
z`-~(YhCs&=BPGhnSASp3L`c<LYPWc1`?X-RA<-i%+)A$c<hhhQ=6hc%Kt;cV(8Ek0
zB9LJ#u)jmui|*VPP*gDmJnTlo9itM!8yuIKnx|H~&fTLV<(3iNu2<T&5K3aPclm^Y
zr_f!{-iA=HWdDr=Bs0gR?7iy>obNSa-v-=7`kuO1{^p7IvZz4-k4W8N7ABirBD;d^
z0vq0Ke9E5h(<fBw$&AUK>qQCXB^$<rQ30VW<kU%+6p{#JveSCW$ni@(aWr4O!C|=Z
zIcSiINBliMCV7j@C$c)+!YYf<S{BJG!2bo|Qr_;`AWyfLhS@RAvb;lH?;hyQwN!)}
z1#!4aPJ7o`VLs3O#&Kiv_C8$~B{7dWdmo=!|274LK3?3Jc(p$uO_Zs~<HFa*ZEwuV
zm0-hIwiWi~ltj$l?=jSUpxVztfrSt=IwjE&`_L9u!?-d_GPEIOHlgutE{ZW<D5T5}
zq?(X3jSt(!mB(gg<ftmHY|rr5E}sTTP`8i$Xl|=c9~fR<C{HS%L-UB}pU5wE{|oX9
zjZKFEs*iF~I>O$fY<4R<@&!Fl&bJOu2b#Sw^0zBJx3HD^h*mXr^{X=p&v^*Xq>c2P
zVm}b?HtvY8I2!u{0r~a|uzf^QQkU2AJuvbgtfb{_<~%b~E0aX}i=+QOi$3y;zN??z
z!GfxtIG#H>m!e}+C2BIcta|Bjz;l2mt_6M+g<W<IvLp_Z!c4F@u7y8CeS{OA@VJjQ
zEhiTimaa$GxGBPB2(ORvbH67rCjLo)_&epz%hw)DU~ie+(aZwVJ#L^_8Y2tEpdwJ{
z1033ac2v=`KmR44yL@OG8h7rf)a8^bmy4l|7`<YPu6Wr{<*#9X@lP76=(!-h@5vOF
zZH&u`Ub*8?whKWsm(}U<GiD(Sp==CUK1P1<qi{C10*g)UTTL6Q(J2^*-RbFAvkJb6
zqy&GUtb(b9^q!gLgLm4mCr@gk?aq=QK5fF!*jfGnermaNL^Xx0WOGO(SbumGm#a3}
z&j!5~xXC4mn}MMqph0q056@KC2;yTooZU@k2(~zj3H=`{3k9&ylr9D%8qLV7`#Ecf
zHn*NT|BVtMZQIj=Y}6{w?)IdLq_i#PDX_iW=z!%}eXEtF2PaNh>qT2|3UelxcZkb5
zX&Y6?oTC=n?yf7^?vJbU1FTW3^`tto6;nQm*&!q=kbK^0Iqvk_o6~MTpTgd}J;1?$
zJk<>T0(%0kKT_@}Xu~#|M^Ut%qbET?ejRQn69G%zNjtmP3^B`GnUG{Je1>ufbnl1w
zpOJw`Wo~R58VjZQ7F~DT59k7b^gjsNYQ`c~9MsK6o3Q}jGZV9;o>j(DMNKM-rJroR
zZHsQF-Hv-LobpoOVD6@8t)<{`M9|gY3Ae%cCd&4!WAKa!sx^MPK833`X>lu0Y8z8S
zq|@?-kvIcd+C{Rx%kXnJLz<`%(V0nk5BN1wLXl+p29CG=o#TzWa#MJWuktsiq2q3T
zq3JADKC=yu@6k3`fAnd5gD1SJOto4)#7acMJE82F*};Dbp8c-sw&TFP&9amR1Agg_
zE>dFd?vWY4-KW{Cl+v|HF;}OC)jp)A+00KGRj(m$j?nF!Rs&8WOvUN(87jU*t|ER}
z(O19>HkWut5ueU-K*%k-3@_?<*)u%j1%>~%(b05->zuX6Or|i(l(7|)X`1%d<pR8+
z%uuqT*D&NQ@SfOl$d2&!euIliZB!7wb5Iaj3MC^nUUXj&+7%?nLoCCrM6AG5xCA1s
z{?^HN8H$GCwJ)zJS2mlG_n$OZksbCz8^uD>MOn)?pFX*MCsapt@Ra%GGUKao))b6b
zwx{ASc|trfMKD*fK3aM1j*HQf+)t9|*f3V_2x(G8S2+A|Z5+}J!7p)|?zJ3Nje2`s
zaau!Obt)u%m)p91!+Zrcxbh(rG*(iZ76eu)UvsgXWhoYRn?u(cV81#xz$~W0<Ki^<
zk(7S>_&<NQd!%Y`BxRv0A+kcpXi=WFbs!Hu&VjsoY*mCAC_(R~xMK<jm%TC=X{Yem
zO@CKV+nt>B)~Pz5DmEyZi^#Ei2mM6gu^v?vd6cFpaKh{lVGw1)PPAwtpM>Y!-k{Nx
zmD}M=6b1w%-Iqti0pA6W9Q`{lYQNUEX@%zNazf+nA>Bz;wxX<!Nv^GBv{uxu^LWuE
z1eA;=a79zDaouQCu{|%J2qSPo0*&BQr;dJ_7;^ph0rdt~n^){I6p?!KmgU<2p5SS?
zfuosLx+9Pg4-$LhVGUXY52(si`kq5ghR+rpZHS@xw`*w@ei=2MtKs;M2%=!Sa7WFE
zEDK$$?x5Qz!7O;A06s>r+izEK#_J61HVA`3wmI#!%W|l+Kc)S<NufyBs#B(_;lJS9
z6t|Xx02%7~N88zdX9xIElrg*nuswYrt`i|Z{k0Fr+>z=I6#7PhjYd8bGYV4Cyix|s
z4GP(KhVR<C7+Q2a?*~oU{gh3Y|1<X?0XyLkNxZ3z+s)LbYlVg^xmr|_|AAqX_iN_I
zgOUPh?PEzcfyS5&F+lxI%5XZ&GCsbyH8Lh^``6#t8b#0EfCbr!#(&o3%j9JlCd>5U
z_^hwL4XRuwW{Odk%NsGxTviXQX%3o$S;lWGkCJ8`yGI?3qeWg`n<<roNfvr!k}lx{
z2lPIwLImFBT0Ws5LahiPR@VWULZ0PhP4@$qh#kb{njy;O)&@@VhY3z|&AANz>uUi}
zbB%80oa*(OzHl;3ZdU#cetv0gHB5L;ZDZM%H`m0X&07l!y^Z)@-jFitjTvy#j&M$q
zEsty;C29*^Q1rWuT14zQf@B%Ti05x~?radmc}kA(AvV!QTUi+z#il8N=V=YRSfOJ(
z#+(Tgt7ef$qoZG(&EjQ(V3fiUmK?JKe-$LkT)`jsl8Ux(bfR%a1Jw3?I?e7Q+yjrW
zm8rYle#84tlN5r%xKA@StvmNMX$=aSMcTU(@z$e1kQ1f9rCa!GJY>QC#I~a0*jn~T
zSDs6FWAyFxDM(EgxxYBC_5{ndY4O(^^P{WH28}<=Zrd&wF_<0#&kbmt^SYxmJD^9H
zFf87*cP;8Rz#hCirXR~xGkevHJ3rn0`Tq{#_WudaZulz*_gvl!=`X<x9tX`84g~Y9
zi17bVWG~lDx9rPbh+@w}J$zN0V1Glw{>~=Ye>DaB8(px!!C+4|vws$<w+{f!Q_h8;
z`7_EnuHHJ}=H<||*qV~-tI-rx9pxF%f~A^$+eX^@{m+N=?60{t$D%G%*~fgtP#6qE
ziX^5IP@7Hpl9vgSZlK@bK5L3?ei^p_x2`?y8mq%1Z?KsY^g?%Ug3wo08(pNvV2%VY
z=@F8^DlWrqf?_y~cRibEUB(QeCbV2uU{EHz<W8?(cv?+mh9eOP$$S4Uaf|J|Gi(!<
z9x!2nkSz8~G$%#>rfnm7k_=n<t0<l@X(frv_$f@-D_sTQf2DrPq790>q%TqEfBTCg
zLD^T#msg}f!=XjEvA%RbQ4}NW`W531Y2;pGwE4z6Q|t?Tg^~Cavo8o1z9Lljge}Bp
z)o<Hk{WVeTBV?-J*q=WTubwi$=U0Y!d>r=Y0mWnv+WeZkzWIV})ca6ZTa~bKcBN4u
zw=p?fJfDu6^qgQ#NfWVGF09kO6EKv-A?naby<o#et0B&G1RV;6&xbUT1El;T&clP~
zh=x0oU*>-!njlgwPfFTEIGRTnwv9$&DDJo0n;`#iF=o3!)p)sZm#hb*V|EjLQ*Wp0
zSMm*O^E0Pne%6$va@B=uqf#y)w<p`AmBFBz=ZY+Tg`bKG4haZg!E*ZpDqs!W<FXpK
z-JZR#?AbAgf#3mAg`}W&s|2nMl7$K-D`Wz9jB3HJ{Ku$r#Y-hpiGs}}B(s~G_FM=~
zc`7$QllsY$ap;hPPNcnUdN{9el5#A0kS=G<X$xI^r$<j%t)o{5gLD=N7BUSmqXHhx
z4)oZs#Guhaj0tBbJVO1a2o*`PGtEU=Y}XPK4&6~8XB)g1_S=wyMNP?Wvo@NPkxM)$
z$CGl(d46}EpV3e>qRI{#+-RKG2H`3jJFCADV5C`;j-M1>Yf&pO^GLLf@ITqV4lHRo
zgfxtD1gsvvu6{+k(@tiJdc?Y+8E8f)maDO;X*K4DE+KyCgyyvqQb^a$(;e+XGOQ1B
zCo7)%jrYMIt2u`HHa(O=r!s!m&^dK0t)h9@sz#jWrB$|xGkFNl)pl2d;E+up&K+y?
z$Sy{pw=8ozIZJmS^Pxo%iPGR3pi}_4w1?)LHmJ5sJk=J-#~u5Q)v6(92UL*R?G2~=
z`4hBG;jJ>`V7xrva*#!GfX}jso>uGhaOB8ZyWg&~_3k5gB-?UVOUAej*yRh>MRr`h
z#BAh!G##?2Ac3OE{`_pTv9)M`lB3vHD25t@C(F|bEN@9#1$l>IJKDUet~Wt^1df^;
z{aoe-Y)wgSp~M!ljzK3l)emsaoj*=SDTh`!0k)ztTr2W9#tS>3gr<i7Oz=Nf)y9%-
zZ{2Ie0KW&8W?j?TA<K)#VwusagY@uQ<^aWP18u~`+eFV@_*7o6AeBgMR!k(TLW!D;
zep02<KXS*S4Q;o}dg>1S;XA2M`ak8$mMAKPMD3K|3AEZy|23-qz;$9@#Vs>JP`0gv
zgVo7Pvvtj(>&PB>h#8U)Khd6it)?KYzQ-0KiH<wFiC%9`0`9-2)`|KnvNyzhLGM~$
z!j4S{GmZd6)V(4ih)AZIN-K{_tNk0{BQhTR#n7m}(&|7&p$Eoc6rJE^?xcz;o5Ckp
zrucVQtK^19$SW<&xe<9aM&K0+yv!D!jOD6@=k&55;t=}WZ?$Y5rF+K-IYw<)QLHaI
zbYOXrzfr~uX#~zQ;Dd>s82v2w$tIO+i_57`MNWgcr*>782ZZ#?6+IaBQ-tgh;avKA
z4i}{8Qfy(oz=do@l~jyG8=8FY^b)PF!QKnhTmms#aNtQ_`JsH-bdCo&j|r2L3$#Q~
zOGPP$wz)oKzT<3C7NQ&m9yc}$g{^$)ww?u_Qv4TW4@f83OtIxbvj&68XB{452um6r
z*j}!T?KszOTr3-&7R3BI3%iY$db=-O2lxWMVDRa=U(?Mg4)4R)Fs@Z~^z9$J)qFV#
zvI_hmH(Bp{l1Ypzq!UsEV#9NzvFPaFKL0~B{luhj{;*_yAzt3;D{=>PJ`md|o{qNZ
zjQLdozI7?I+Jj&5D;Q`vN8IBs;88qo#m}ZTQM}<I@MFI);6`sDp#hLz1w(tqr9?rj
zYsVwW5!9=K0*i5QXI)&PL>A*C&mI#}R0SastpIPqNVVeO8z>6GyRAXB`m2>4-NpXX
z<FbN`Q#RmNzHmUg<Kf#<mW@fkO#Cvgt!p;B$n0}XheSRS*T5eQGB%i$YISV1&_3*d
zk@s>cvV6Yv`ANkK#wHwRl|WsUe5xe5RtyyCq>G^>3T#ljKrf#mk56a(lHXDe$;zan
zO|CQ0Z8j=~G9N<2v`@J&TlFZ@Dpq|Lg{h*lIrZfoM+i)zye8C`BUsw}5iW=uN^((Y
zUrhYn{zx!x{}t|Dh<~F+{Ye9f<p?FmgQGqPpQK%l2@;T(b-5xK$499euQr$xO|m>O
zYlLfIb&jVLzEf$nE=7sHVRE9(Alk(r-`?oL9QW&N@$bnQrwBL10P}NDQit}@7-J%_
z6vV-=GxfEt5{AFf2o^7T(4I59gIRXJ`a6o>en1X@DH#0it=Ve2c~d%GX;9j92x`IF
zk_Fq?MwQZRMDVyz&mp1zKN6(UUS8Ywg9~iKOspegf3bO5f!9*LIe!B@_`A+42K)7C
zxA#?1aoKoHn{U0foK{`FmgxNFHou!F+oxIB1ng=e>f}s(*%_W6R!_TC{S@f7g6xOJ
z{_d;*xp3hJ#7%{lnP4bh9T0&=xvB;XP$+WUMQ}hxg9Wy$TNhGCu?W{{gk?MD>7aeU
zi4glUdel$>&2d01Kyr^*-9yF{cU`FFDx_`mN~qD(U6l_k;I<()McgA?f~GN41NK1~
zV+`MC_*&5mcKS$S5C)`_L3Ni1ek4B@##YIj_$X+IG>5k|LX`24DfR~uXHQIDoZ~*;
zzRqQquF3D+Ub()bd2J@Vm1}O)zW;@?Z3LhyRM1a;8uu4)i=j@2Py7|{$+to}u4#;V
zy=vdOJSS2o=z+*}Y!hN-JrYJ~bntd=uo&b4wF4>?$r9{-4%&8FFlJik_Z&)Q1WS^J
z5l+mjQB}^LIKDMV&*J-W>CGK+za+OuIK-jX6td@F?cpnwlaMB3r8qO#IF^xV{X2q!
zVvB(e@2X>(eX3V1<t!^vt#oULa@6$>;d&Jl1u71=N0fXxL{HC0|9QUn40WVlan{I)
zH;fCqnS2yhac-1xR`tF;5nIRs<*o6Vvex9#RFS)XPuA%v+2qgj$>3CHzN4uoJdgCp
zsskf5BqlFn3|FuK57bJ+XougEOq3K41Cj&G*g3{^Zot!*rWA_5j$-C35^X30Xt}=4
z@vW>x0Z)VV@Juol^ea%EjTyuy#_44E6a2jR1GmQn{G0!9LqC;2LP$o)go4GMsu2Ei
zqx`GL&4gDSu`?V$L&Plpi&%>6J~jA3oQ-}E<s~?&bzKd8$JVaWw1Mt#W%12xevC_r
zfw5cZ#!hI%{D89+ch6&1?4D}0FWy5tQ=oB`xa!h`Bv#J!q#?jER7JCz7dl$>aBB-)
z{`%0|{%8`m)C*1OShT%rzo1k4on!7fO0t00Ffimh2rqcDr+pREa+2sofejyuALD>8
z#=#r6GkCR19ak?>{tEM;tOIkkrG_07$3o@`*KZ`X`ayN9-6#-w*kTeG{iaD^ecSh5
zZc)Qiv6mZK2_-;lS>&cD!u4R(>cDKY^gZa1*AOJzhGP*de<;&V3557<O=UHpLfEq+
z4UC$MLN!JM;_gjR_}jiVF{)ha3bob{!(XIN4x)+_bdv^H&668>&AzlCZ_1x+WEtS{
z4t9H`_)xokrhK{%@>*myC;&@9w7)^n!Vp*xR!0CF-2K`cVD>57R1EVFVE~E!$5}>y
zG1Db4$V?++#u-)e%|V8PZHU;5Ye+697Rja1Kq;ixc6+?7uQ8OKccj}V-A`oRS)dij
z^1Lc+2ni&MHmbJm5Itxxf_B=RwdJ_j&;16e=QAo4wF&lM=|$iAk1$4Y^f5kA5uFfv
zLiI=0^o_e!A?-9sj`|*Jbw*KZm?(ddJffj`&~^GNr29o*<-+pZMkUMt!mTvA6yE-T
z5N-dK#qSKs`hfJ_xY(MX?*sOE24Q3$?B6=(4ZWQ1hs+Z`5D<jJV%8vj&~jV}M>>h)
zpw@@e!&4q^O?o(ru&5>_9h6lg0igW<+<jSh;z+h`{UjvjM;psor0q1<kk$9}ixvoB
zD=iR55;)zz{_Y_{V}umKc6HxAt50Pn*bGv{jy-%sOR`c;TJshhE)E(fGpy^9Lqrda
z&KYi3hj%&tQ>z}S%Twv&SoaRr_g-p_kERke{AN10ktQZMcloe6ZGP(-h)g_qvXLW$
zFI?0-sgDs6R#|LU$fT<dkRGf2kf=N=0y!z%P~~^iWc{0)Q4Z;Ex{fo4MtivM{nr`W
zQ{4v%R{I#N+wnx1lBkq3oXJGE6EdsNVvx8hrijFJ?nsg28*;F77HVsaDn?<7(oJEM
z_}g5*uVbfh7!wu?)~qld(+8=M>=Vl5#<qC2_;^YmcQ`rW!)vZi#F60N{00S)v`Hq9
zW+H>87D!rpU+Pq0I@TH|Cs@^~m#g_GC9<r73gg9Xib;mnVEM1<%R1q{{rqB;TjU*=
zT&J57u$j@^r{379Nosu75R$Qq*`!m`oW>)5>`KwYPvB}PzW|3K-0KLfk&I0`jasnn
z*b~6UyiS0n8RgEDxcMWsCrNJVbadD7F+Y|tHDOC~H3*qU3Ax;ntM64)j~biR*tEu8
zb(TgI@v3bpZL5+iSs%;!d5{vm1uxJxbkE6qOAusA3_8uShY|dxN_<ujY}C=bdUE7e
z5hV#*8QOIoD~WLnU|Cib*0iMS2-PV)^e+fo1DRyh1cpbsu(07MW>&BbHb8&r7VB7k
zRF@4mv0!1K_9Nk$_&BN=0iteA&qTLop!fVs*zvESxvYBmsX+O_7Ka0l&rG|ILN9pW
z!4ilN$s79LkRvRhu!V-ayd)p-mdBpHi6>3TO~$exg2Rn}Oc(?P=ebk9AXhG76%jJe
z=PUm*t@6Zqf<g^(yVDE~nQ1<A64R|j!s(Nz!Qp8vE^K1;X2PU(dkaEatFzpiNX(EY
zgcTfP6eg(6)y`dPws-4JxD|Ya?S?1s^4~Jb>&r8nY}l|g47o~t^3goE=quDjnrw3X
z&b5&Qr3z)2WX97Ca+y=AI?vY)G0TNy4tAd=nd2mfgk$<z{W`V%hg6O}kOc@tj?K!w
zSU?(;4>SD*1Y<xUaE$29+@rQ+s)0h_r0|x>)sX%RFN1%;Df0oO$Ys5<{=@n=2C{n+
z*3tmc4J#-Ss|BRsA{%A*fnf%215H;=ikw_+;oMJ011EUdgq>XGs;nE9q5hsk2hNjO
zBuO<jkd|O|dmGv9R$IZ6$OM-Ouxa?RbZQ{~hwxc#n|!Y$So*P#SY(&G!1JrI>oL-P
zzbPv5HV7nIXjca*7TR3$jxwPMDx5W%`(a2?Ud6#Vkf0m0(H(&*u-u@8b2*z`!EJc|
z7X#HY$xuH{uun><xn^*o^a(X!r`rR?;DmqK-1`*AAvIl6FGEj4odWkj0PcvLD8Y5e
z0BL}W;LvcH!t0UPQ-Z#@Ob?%+ySoq3HAvsDAjqr}iAXU?Q(1AA7L?DNgIv;in*Vxk
zKdN0Q!*~nVuzf*EQ3-?==I*Pp8^U=hB$3P#VcUi)5xrfnw=yB-fa{dmjGu<99A)4|
z=@YZXl(xfkFmE<Fhi!tb?`%fYA&v}XwbRKRRwNn56d5&@4<7p`M3wnYJG|7X_i!@}
z1L%VY3AQ`A^WT}wkk)`MI{hwnW6E+h#BJLyyGBV4h`NtCQIJJOI7xv0jK>TKR*;lh
z6<gjI6(>B1Aa3bGoB_F06g?uGgz-(vwpJCbGyi|*NYifEU)0jVj=o~<${agqIb$>@
zhls7~7wHpCuU+7;!QMUNR2Gu(=M$!%w7@<K%~`}7ZQgToU#qX4uw~8$BSK{IA$gW2
zXa(S&F8Al@fc)K=ST3+UPl<4Z(`t(e?-0RtE_D{04^4ad5}m>=@j>33?NN<R%+^Et
zVg0`GucIi18w5MD{?bY?>qeqk6Jd&OWOHcQVw_I{*b+`bk+~&sJnWNaSiPBU-sem{
zo4WIVu`nk3Z!AbGIP=)ZntWrI)vvJbzAC627c#afb_mQ{fOB`D(Ipx5T(#hi+6F*z
zc``AH_`%V*M5*9P15EOHZi;azv&>ax*#;VH^=5d_v{o?f+zfjnSU#|UJAYDiZKKtJ
zskOY4iEKgYHkhWiw23f^6wg8z{A#<VF%{u+h&Za2m1a_@BwK`NGB_HPqk6yRVoxJ_
z!~O<ZX843|j=WdaVeY7lWLfl?eu`pkpY?9*{&b??Zix8<?BmI>pOKFGFaB>M2o!}G
z%8F!6-sXapb8XLuJxB_%x(;?)xf}LP+d?hNGGy+XzkY=)4RKl@cXb+kGs~$qPO$la
zw<v=!V>8DK4xKRa)0Ge;dZG`-i0S+NgudfhdgZ9}E~-_ClFNYiZNGl?B|Y0%r0qM_
zqbU>s@XJ5pchOM58lna!_Gew*d`^*ztvm6oEH%>`Ka>GU>m_ER9hxdb{OZqsEJuLz
zkUxFN?x&xmTgwXg*N~`F^hkg#jZG4kgBB&Ik?gC=3_z$vLiI(?P3k!shKWJGw0TL%
zERNgs85nn4pyGTYuBY>Cub)L!`Y@l(!oZfO7rv&<B~x55Yx>Apd@&^D!M6S!EwkwJ
zE?F0o<t9{dDM_fdab}$^-kpnifq>%+cP-<V=ZKq~<BxPX+sfs3Rn-m@L{u!2QLQLs
z{SWwDZt>;{q$r&H$D;&_8X{<Wv-L4Zxnide+Zo_e5zd(>|M0``4gnw)`n@8bP!*-U
z3P(bwzQ*W}hwal>qCZ+F1||10E7KK~5VSyJ3v?kwL)3hVu~iW_V^p2J2|7>b>a0d(
z?bo|O*w2~aiAQar<T~2EcLn?rxyF`KN0>K?qvse2C9VQ<+|x0~l|v>KbKGm0N={I@
z9=;Cck-YlIj7GV})G15_C#CiIt58(CG+f(;k>e)xFQO$xkSd}jxB+SvRO{g)TG%Yz
zuHO@Pz1hV6Ilz<LSqK=UQ5|DjkDFgJ`2PwOAfF{xJy0eIydOa)16A)%m5B7q*V4@_
z(bZR85}3HaRIxNZejsGKCA+CD;=`@HtG*8Zk|kOA;-2muxER}`NzpOYL}~RPL5?VM
z^O0`hY{U*dCf4c;siXDp8(JZ5tmD**0Pfnc6+K;^S~ce4kB7{HgRwX@nHvX7L86BK
z3>SB2$DO#+M30nWlv*I9Q;!m3;&ZinTEK5w@X7bWs=G-ev=KznP8|vTI)G5orZ64O
zPnRdi{9`QQsnKi+KUy((m*aSnzmiT5sO`ni<2WCm*0gE!4n&!_fi@)b?*x`%W_+ov
z#@$nZp(C9a8y|=uz*HF5ARDu4n-b`uaPU)iz1_ww!8h-;XQF{kuRPrN&%r^b%v3$5
zI!IpgVbm{6+f<DRk~BKHA~<Do9NDa2;N#{u!Of|JgJWT-{ra~XHh>JY{UW>fDtpL&
ziX*A{cC~(Xge@)PNN|9m36qz2FY)0N)-WXvn!QEc8?#b>!T>Q?d9a+Wcv$$fOx_VG
z3IBklU1$uOWXw}+4ANhP9Rg=C)m#EX$VYQ$#~Qw7Z$^)+kLX&csO6VNI>d&o#!f8;
z!xJQ_pe+^EaV~_dgjCWo(dleS*s#hPl#i5)q-e6%hffqwQ?u|c{7%x~`f=JrUYXpY
zJ|EXAGSMp~mv0hhY4_dq_kkp4q)>=UTTBCvu2iPQA<{BH@{z9X-bGfF`wMle$X@-S
zYR^(a5tMG74IRT?)-g0e&&G-K^sfF^8Yt7ZoPv!z?c8$@_P|9;%}*fy7fWKT_L9I;
zE^eQe(Nb;ZY)@(pLpSd*4rc}fxc<0epp_gU$@itfbeUV*TE5x6%>Ruh2}S=HJvQ7R
zLX+ip-21|&2F?WB^k34gl&<~e5BCjfY+^3&-jLy#KuW<{2I`K3N=(I`+@QB?Ap{iZ
z31R~bw>~xJmEIv<>=lWnv4@pE&9<hC*xv=e;UNlzXsc$~{+?{ui0d%_P7lHXIUu?y
z=etP<t2QQLv%X9@SvJOn404HQBGJl^3ZH^_9=WMhm8<MIV^2tI;wPYzNW%G>97{~U
z-Wz;1heU-(QfRtf*NfSO(xa}KFkugh8-&-g;5hS6A(XrGOW!h4fwAkl()9AuM=_-I
zcN=2vYyDBC7&M9GiZ5@%)nsidC00m<CDvj)tRZCfry~yjUH=*K1VaOz=_@({{5XZ7
z(K$TIDY9a6bAbeHTV+;pR>xqh749o(eOf#Mje;aPT<uaJDuGax3iIz`Vw}|@@X#@Q
zzkWw)nP2J;Ri7u;xu~XTeMRoHT`bu|FIXvqBb9R@CpjhS!#07$^eDJBCI3F$z!md8
zsRYX4QCf{qF~yQVfO%;zAt^#mVwaH9kW>QoW1vvDJ)hMlvtC`e6{2L1+`kwLuK{yh
zz;lJ`m$XO2J2vLTQf}|>8|6PLcW<Pjot3+MnR*I0K5mk*G5;~e4h|`3<`wF^o+7Y7
z+Q>zLMFCx^@_8Ly)B005f@Zv=p<9`xlu<3ySsWz^J_g~#ClE+tS@;S~I@E@Oct!7a
zts8Z96!GN4F%35x?dm7;9~qPAzXwZi*$Obdetq`y@cwvAhGe-|6Xe#wI@&Z+OWF}P
zko_G3y>>+7$unYOmU&5kMr~Hn-JQj(Fe{1L?@OZgMNNtf1OKMwDCj$UgPS0E&AWV-
zjp+(LMqt`bf?h2dKS6=pvW3#P$1Y`X?J!n#W%O6y{z|fc>)}1<)e!QU=}RYRvGT9>
zAw7XFzlX^2D1T_i*-5qu@E}pdoGC|Uj4jxhDuGxMM-tx)$7+qR*HJX!kGlMT?9IM;
z<<4wHV1Qe@iSJ?Y{fuNpbs+9!Uogs!OL0zkp`=X>vZt8W3YBPjI)?tdgS))Y!8a3b
zn2--tDugno*Y8({cTDDKz%WHdIoT$3@u>FBD|fD#;j9i71lW3gNE3*l+y(oYz$V%G
zc&o2bD-};p>L4;841Tbmebz(}7z22zRWvXBm~(RwxUu`21D?0%KM0t^qDLS0YUv=w
zG|7*7IKfzzY+>lKaz!pH6G#RoZUfo8#-$Mz&S#(WMp{{gJ6`EEqo#FH6oT1=SdkH-
zLe*_X3>IGB+pOz6qNL$}aaEk1fyf~4T)Ub(z@qt++RoTB<j*hN+7st2R*8BKD+!H?
zs*9KyHji!?@N0a+R0SFfvc**$RuK{8e7wMcHtBcfAG-^fyQmk5^cxE~q&ERXsFb>d
z9gpaZEKxIgb{W5&OisJuR2_RPkz`wIoJCT<4^>J8)>YZ?5@!p_D)6={69p_SQNU^^
z3b5Ok5K$Bat%A?OouXT#9I+Lcccu++8csl}C=Ygt6%Q&<t!_;Ac0eA|dB`oDQJr}I
z51;5Cl8O3?W?7{f#JG3|wWW1RX&p$R6F0+SOAMH^c*(8S9poS!YsxvRmxDE;QA00>
z8r2ciR{!8XQ@!P4vqyG3YCFs#0rSF6mg_8lBc;`;!pN^&m#$LF|0<5xMK}4;_1b&=
zDV<IlJ7fI^P9~v9Ddow0Yg)^Yc3sW!?0BS(bfAe>iVZ)4uQ6MvkRT;jeXI(}DUaUk
zDm=cdf1LKDU@rexG?FNJKuFx;U&eiOTk<RKgUw8{9J}O&Bz4S2R*#499nay88_h)4
z2h-q))*n=Cul_rZRAe);Ya^?!B+D0>(Fcb(jUcmDj{OT8d4fnx2-AsXf>9C6>Cknc
z%%fdY=UUf?xN?QX;~8S*`f){=B}~rTvba!zlG$z!Q%VPH=5A4(i>;9`4GVpK*su{-
zcz)nORA^FD#GInPJZ*5Fn5#2VX;RkhY^kd4g?Q)zE<Nn$g(pL&nf;P~l;ejIQkW_?
zIg3)^f;BvAy>UAHfCMjDE{>nNfVCi5F6gDO=;h7fVkMROK>6n($b`tZd}_Fu&_M>B
zss*}p)KO9?ZHL<kJ~-4BJuyDSA>`sFL6bHyY-@H7?vYld5KyXi&#J0+_4<H&p#<hc
zQeC+#)#TMSNRU7EBn`IfU<})G9}t$1zSOY3N>^baoF-1;0!!MCPLN&h*o`9F%8gJi
z?0>;;iOYHuWY_gnxUQ{Kd8?O2ki@CtN|j4P$w|=I=hO#|4H9Ud)?8}xQ>a?9NWG90
zQv94n+%o2{`Y1zQf)X>S6pnnM_{UO%>+P>olEOh1p7w`IGt*RwXRyg^+H1?H&&cD<
z!${1vaE#IFhpX~0vW5lkW8Cg@r7mUB6u5v(o|!^o`Wi1CJHx}sM7ah1T_l=%CvB=`
z_k%+S2l3YBP?7UAm+&tLBSNf|6+`l87wh*hT5p~Ey_I1V<mRk$jHcAw7vcf+<h$67
z&Bh`PH1iyIX^*LEadp_zI~2xSsow~xS=0u{jeu5bOhb=d5GRP7#Bc=L=xwj{AuBt^
z56G+{V`7L6fGsfh*J*zgSZF=prsrrfNt66#N{iy@bim-OO<|OlS1NiO(c-SAA0Wpy
zY3Gf_RQD_3mR~&?8^t8o*aD>#R_qWJS1+f->&&C}jZ#xXg;+Pv)t(DhnI9ncbaFyG
zCx;{cYxntg&#>EBQ7^4DIc-a6*`;lEHZ(cs$|fguM)NYHRLV}VDkEd1PJ{a~>45U#
zF0{XcV4HdO;yQxw_vDAzKKr8x!_35|0<)}Jz~{-^ljb`6jSB|{LgL}!-;<F$8n}3~
z1loh(U1Smkw=ev(d!D-+xABD=ZqIdgdoa5#?aT`#(4pMT!#{<7Z!cd<n1pvH6Jm}k
z_=KAhp-`}6ek_xbA+LsF@!tERg;G<+Bv)jStVxn?gUC(Z4|(dZiY=qx2`rC;vv><}
zVPIxZ=~N6ew^J$R$@cPHOcEHn9BJ8(6{G22LY>S00#HTULZmpO(1Ec<g7GK3U(&Q(
zZ<Nu5kosn)iUtQE1<$!532%lt`mR8tV!k!e<XhZw{G}@`D!s_AGT5bhH<#wt*te_S
zJ>zIf=?<e3U|P7Ax4~~wOca<19Z~#s%Zt8RqNw08S08q5Lvns4kJIGBCZWxIu|)Vg
zOBWIg5?A<j8lb_JebnlUjA!I>*>&om^jae0bXjf2Z>ZU`PSY3<p;rvN2eo*E+Ffhx
zvI!+7BnKZcbg#L3^oLTR1};h?;zj6p4QS8&L}?h=auP$1fBJDm%G25kg;mN5YPQ-0
z*}mG4Up*^NebPvXEBhhxyn{5Ce=yLl>Q8E&3AI;bmNb1H%HKwQ>cM|=efAGZ+%+1o
z!YPpPVg^z!U!GHy_8g6ZX(CGV<?4@DfhsLUlr@l+G`uo8+#WG_uG#G@$y{6{9TJMC
ze1T<6%aoN23GoR@NZ5P|4DO={M^dmYvf;JmlKdQ_VitG7zIj2&jWCo#cGbYG(y@C_
z;1<UDk^KdQVbZnWV_knWhfdw4KEV<R(o>pGtL(utdl1f3=4jF!5S6LBi0Z%%l*_rB
z+H65Fq0;cx@EK(1bx1V=0u9kt0*-+L)EG{RqMDq36_Uz6CzVaD<XP)@M%|F(&CqZX
zXHbU|LJrX$Bs<u$B>PhtGEMoXP}7Ak%b!#H6Z>}`oF}&G+gBOZ44~U#qF?W&S3=r!
z8%aWRKBQ2qM%OYg(h-XxoI?V+m4jUU+EC&ITL2j~oiUV-r@7B6l5y!=?e;<bl!gh3
zAj363CB#%Spzc|tD%rp}I}`bLnL*WwQK$$fZ0R}Qk|-N9k>-(b0D;osunqk=i^hue
z1DE+Ke&%$cAlR&v^2s#=JTncSYMr%l253a$YyvGEy>Tqh$~3e<w>jl4(WFr-$xLe~
z5(zOePr5jF4~xY3863d~LHzcY<_b|_+BU+oEZ8DGA__9ExRx|?FlZUqlqewzcTE#>
z&HjD#Mzab+PYvn6MB?1X{(h}?D6c`Mt>MFw1&k1~bx2pl{{MBK_P$aApxO@?J(liR
zDwbbhG0@b#pScf@Kb+Oo)BmVjB|0C34zp*AzROMUjD_}-_ar%?GUWJai#fc63Rb9c
zWKT0j;GYj!he!J{Tt6$@u+))3c~s$@L)NGGLEV#=3_`z@OW|CTTYg!q=0@5s73<1@
zDA)2Ia|&5;<*9O3(Z)Kjkkp%`_Q}LtzXQ<KqF5imKVhd`Bl?i89hyDelWMxNefDWP
z(L#nt5F=xJ4DaO)-NIUd6E2Cuv+tsx0Atf8Zf6-un+i5rDD>H(;~(pow0DD`ON!w7
zzXM6n`-(Y=1Qi63CIyuDIGoe;>6f#>kH5#ZU(0mjBVf=?qs-?m%chA{T<vtV4(A8h
z0cn!5m;D6UNq9c3<1M~{>7>i*u@I#Fky)2Q5(_m>Au8e?KCIDSwAuh`A1IDdZ+7<L
zd#{g2q2;>S;5tsIreig=)w~nW7}m|2awt3ySE){)UZ>Qi9$!qee++IBR$hg))rAEc
z@+A?@o_+3ob&AUscct({?n)KjO3{9#=7m`v5xnU}1j^jEU@XF-J9WLYHvyA^0JfGM
zc-4EOca?0b9NKIp)qt0Z2y_O7GOIH)L~l!D$u70(REUYrW+SZ|&$bI2k4A{1LGZMU
zUd%EoDLra^85a#sCMX(G7YSbt=sRs7$e~wVo64s1D#4*%s@!Wt@?fSe*2=nTaQ-g#
zhp|TWlhiOL9!qgi$ce8Z(}UCESIQ`jFHDKajLXGe+(vsixyk7h4(i5i5|fRRbPat^
ztGA>P?hTDA)QX_(*TH7hezs)0@k1<Nphk&A(X2OlR$QS@`3?7Usw2j?LbLV*8n1=1
zY-uX{yB&2{!gAi6GSFer1m<j0D%m=gO}IhP!-jwyn6+8QMaqAH6QJ>k<GV7dGMne>
z)@;_1u6xP_=*rvZE7u|0|J6SB92b{Z@)tqg)l<2GH;cizV_ZH?9*DhUyM-B1y;gUe
zKGYf7Nn{0}0;@v>JsIffg;R(fjG`nUrxLYQa72}+1)@i0O-MEc{`n(Xz8^ek=ObuV
zIg{Ps>Xc;{#F^2qw%4w6Tb1vqW8q|1MwQ;SHoIHcG(Qi?dgnuU48!OR_nm-Nms^M!
z9O|CoN_4d_4L4N{%6sw+mG^~M3K|t<VN<FzNp<XExr7dZ>6$GEI!CNu&Ul_ML0P1Y
z-GRN_p&z*WcG$zzM2<d;4$r^#NB2aiDQ&xuS#9%Y$XNUt(-Dn9g99B{zpi#>_3^P1
zv^Sk`lL|>k2iB%rW}Yz}kM|PXwszEJ2wVHO>GumLU6*$xc14iYDKDM@{M;I6q}C_y
zg~V#AYZcL`j9-0@v^^Jl`$!SZY?vwIhTTdAyR<&EcM_I4!W0W7^D_9&ZMju+ecJ8d
zpxQ2!rEC=`Vh>jFJA9i=N05#&qO+Sb;ws%)+alk^Wx9P7#`V%Eij|SOE1K<EM)(S?
zoIU~?6mmJRSVg*^2h{XkrP7YnyS<;eKYl(qPxF~bo2+TcntqZy(__N54&P7`{t#h-
z-zL0UJ=HS0b{WszgxDe|gG^jdm#4^;5pAswoin{OL8tox=~5KGt>bM0{F5{o%1o=C
zC?AqH_(t*u4rv|f#VW{%YrH&dFxhi7;kjNiaZU<FIvQ8<Sgy?b)>OW_f{450SEt`N
z|DKZO&J?~6FI)NgW&iG6&v8!z<a+S_*8v3;A`Cf%-zu07!c$i+%hA@I3DF4jm=tnO
zx{Opns?y1C%}C}4CHC+;3DCoOqVK$h%JUhm)q)+=%-AGc!zI43O91<I?`5Y@)+|GO
z^m7=&`sEgzZAm}35|^`^!XDf#r1dXQV9%{~gi9vKO|66?yP|Jp6_Q@Qr$qw^MM7XP
z7jpnPOevt^)E|lfWB2sV_0I9-8jtO!pnTBJ@pRY(TgXyapzfm(vplQ|-y%rAY1bAS
z#uucZD4vg{vdBR5hLk;WO9p|bLv9h6fzX0Jx=TEnE;9yCCURj5?FqPf216<f1M0tc
zvM&pTuBOBtoed|Fk4XI+mRAi_&M*c-44;-6R%mn*x?`f<K{!>rD!g0$U?V2+Q=~(<
zjx|On8WAgnpSJQiQ#ZL4L|^?Kn24)a*ss`WS#OK8_4z;PNX*VmyY%F~xx+aAxbFVX
zaPQzHv|Yt#qf>;PNmefWXy9c3Ud~<NZdlj-VEuFhorQT*$H>9qE%T(XWkOO0-tV;w
zw+zbI)YFZEY-{O7N0itudA{dZ(-t#EEpA61m5Kzf2=^T2LgU;W!`+H_!-1>N-SWaD
z9=eO!Y=Leb*`NmHv=;bg!g#vyV-U-*$_u<84c`muTlC|2ijzXlMrv=-2ubMUG?Y#z
zYPq(RtL3iz!zx<6_&*?xR(B?Iv{qG6)E-ML&xxCO?vDB`ZUQ9{36w2XE+gI#u%HP;
zv5&UFR`otI|1XHTujb2b%i(S^j~7VWK02mk_9}A^g@VPv71r)jN<H81(_OfJPBx<U
zv4@q~2mWJ?L<JP&Wc5-vxky|0O00Ej5S>eC#%w6t8FpE>!!k_hNmB8)Z!f;mK~Kp#
zhz=N%@VvkuCe`@+=viKYzuTdsWff%voXq^2x-zOPeR_eF2XPcFo4-dGrS9$kInVO`
zze`uv?$vc=I|u>|B<hf*QvMDe{LqQHrp420f~VEDx$C++0%kEZ%MgM>*psUdS&_CY
z4rmIQ&WZz{<iKk#=h&#)eC;k^Q_1#IKZd;-?P0s2Yc&MD2UZSEV@S)?5@I}Tp#Ib`
zN`kVASOYwP%l0~aub)YKGl!Z^c>nh?&W`#><Dp|v{uG6XZS<cPnt71?z(GN_nwWpm
z<z`2ez{5^27as9kXeup!tlR<N;)?x~<&`{oJ}CN{$$4>k&$vTaHKc9K2cl;<eYWsR
zipd|5P?YD8=6Lzl!i%r5|N3^tzDF_vgWtjrfy2X8A#~>uD2RojNA8eQ+K%(?WWCfO
zuT*j4BapQYmS<MM@{ANW4#M-y1jE*YV_W=sm?(T{rCLlaQ%+)jaqMQH^)VkS!S222
zR36BrH|RM+GW(7~aijbMVx+c}QKaIV3?ELgajo(E;KekR$6@Nr5+z3vE5%sIG8%i3
z8#Ck2a-SSFKX%q2w5}5~{E;QFM`Z`R=@0)+9Ii$pGZpvY%ppk`eN?$~OZ#PSLMJTv
zA(R1JrD<?Mi?ya#RFNyX6gi2LT;t>h<pjzwOSPtRHBXo_H3Kde0ScY9_aZX~j$2X>
z_sQSQZ#(Q;?%PmXo&oRp8^ZG3U7s`9ihi7KSvv^7?v^p@tnL<*uX_WBP-410*mF>j
zKdrfEYoikxoRfQh8>|m_9+POoyww@B1}e5)f=7sqiUGz$bT3SxDu-YbyO<-;OF*1k
zxp3a||3ojM7TgE@+)VF=lkdbW`0H`F5zo{pQ&50zvDR>R`spzy(&gQnQF-v;ow&mq
zRk<dcvQCD=b?Q2A=M37J%nz6Q(A_PgQG$8XyLa9gAvN30qh&NJnMeP->KBDijS4U2
zQkK-Y)VXRj_C;MKSo@Blg~nvgB})NHGk$`4l8TQ){wABLeU~xIZt@cBaUZ#v1~j^Y
zl1@EdD13wGm<$w&+m_BZ)I7pSTo$z<z@1jJtCWpdgUt6%&|L4%QYl$duQEI6j*`i3
zB6-CD&Xi7?5?-XL@@=rF%@y}5vH{}A7Tu{IY6B0a`ecCt)!k;H5l!32zIUsJfeyLS
zV+t;sb776~u#R8-nD<0|#)TLTe4a?~U7$5nT|*;>!&$>`CnzA{Gx}RX@nH3Bxw?f}
z76(*>*UwclGVF;Ys&39y)LvS5jCLa;i3qJ>HKB+~Q%FUycg5gRYECZ{MiHL@hY*3V
zZAu={#vCc}lcF<l<%(tt3j*KNkPsHRd9h}wV~BwGP6&uU;p?MW!Seq|4M!J_e)x(Z
z<S=IzuD2l1dG-&&TY7$e{3nBFT_J3b9@Nw`!jIFzB?R6~W(o7#%^AN5`g)@UWa^xq
zpCQT}yWb%X8;ege|Bn1AZXV(Uoj*}k0CK#8j}Ljy^^l?o>-<yR+oKjTwWk{+s1)X_
za660|Oll$doMl)m{bpg5z^8S@n1`5K?%E?Bc}s;VjM?GfC&r{r6yqJl92_P$8Q*j=
zCm6Mu6O3Fc6mVR3EB+yS_jNF5hFbrM_BDT^{oX87q5YIVK5ydHVLou~(V+SIJ@peD
zGz&9(94nKv?zT2mE^?~gq_=1ty!z(s|Jb2yanyj7P>Jg(GjL1d%1Y?Jya27(aOi5|
zi`~WbRkjWFJswXP@Q?)o<OeJFyehj>$&iDS>FThJqhR}k+!3&ABdS@92`(-V4sH1w
z!rOLd+I64OL;r%LWk3@TT3uJTYw~ak@3Zs~cx@$VnITG`w-;iMCh#jW*McY*Z8@6L
zy2mApPuM+IRBZg@mY$VQ;U$MNfH6!*TFU%#<NO=S=!*$1Mr)puqCOVSj_GVrOpGrU
z<45+>SoWobl8VPlDrt1WIO$}n9D16h)rX%y_|JmqsP&eZO2wgAn<i*<v@W&g(2iy8
z-c68r5Xwt@4b3NS6j`_W3k33E$^tvXC5ex74e)0MxE}{x{Ai0#ySIvFFL88;9s)0p
z5=fm6+k}lXZced*?tX`MR|Sj@H`nuBKMe5ZG*>v&vJ(LHx~Es$Ei3+35waMBH8i4Z
zvL%durZd#3MU{EWLKwz63`unxuK4X4n=?!xv3QYW*I!fHn3~V%WUzImo^pCNpy}D<
zYntJofawWeINJOtV|qTA^Ec^AmJ_X!)&*+R?gCXx{-u+zS=Rq2W&O91_20U!aziDW
zls&*+K0Jb@Z`pjue2rQk*3<5$FfbtdK&^I<c1B}aj~qq+f)6y}zqZ<C)zq2BPr}W9
zan^YowaPVH1L4RbX+LTi&;qTiiO8VrROm7%YO|y6n4hb)b?7Y8T&N8HoDlr;C)vA0
ztpd9<MjcmdPRx-B6zl@&s`c?cnPuVR_6-u|Eq?HUO8}$1OvL_v$>d^Tr)sIM!Y+pG
zE2^y$X~#h{{$VRJRca9`%P(bpQ{S~yw*niOR^p6l>2}jny4?sB?@~m80C5ii;$8-b
zM&ux+W=FV)#ng=Im*o*s!4rJREzi2|i(?Vny+<IjNK<X$`x}dPt~NWd{^4&BGmYPJ
z1m&;aRh4zIG@Cu50_3xE_T%>-EV#)Iq4=O)39L+d>Pga*a3f&OlTJ~j3?v@pU=$P~
zZP6ZWfn)iL@bnxUICXUtRL&|<4a*l4sd-}9m9R&zg1h9kTxygU^^yxc>8e!H6}fPm
z*EC4XLHC5JC}wh$S1Zyx<<!$2prjz?$^t7?&|kTOKm8C@;G$D%_vVKm>w`?Dv9|pY
zy_ql&?0$LlU1cD5mO>cMlY%t|lO`2qbpt@CUvt_n2-VPR-`#H1hn)&8f@bxb({n!0
zNA==^)ROsRRRgV@YTd?G2v_DBgIoB<afArdN@+aKuTj?K$}rU#g1YI)`O0c-+lps9
z);Pj=)6DVk3us?WJU<P*xSuUV9QAfaeol%;6FTop)iH!+{W2H+cGsuhZke{yL_L4Y
z5L`=5Lyj@mZIEX~DL?|XPo9m6!I5Yne~QSDs!2G+EUb_uPq0=ZNQE+IVYG$*)GMWU
zQ_Ar0E)OZeYh&w_^|Mg5PPl%&Y_@uW`^W6@aIKC1iUNcYIu|?TW&XR}sFhRMqkr-#
z9izVEJrvXI?8};0T@bSnV`N=r^*>Tr)dj1RPI%Nl!nR%&Oy4|}D-NY?>v8jI2LE4P
z-F-{0Zr0D?sZxO+Y-qr%ZAE>8?C9Sy73Fm`K@8ux8%A-8<!({@Mrk|oi^FJ>=#&?0
z2jv&F{F{Jnbz~dG+i^izxD;^PrV!R7izy}ft0X-hyyLr@B);vQ;OY^@2cFn5E0WIk
zTna)MEAU&n_D;ST{8hdk{1x9&{xRI`q_~9b(~oNba|Y1;%p9!Ji@z8gQIPk|CCx1<
zX?}>(qNaJLZi&c7+f|s~lq$@Oq)YgElbG9jyFTJdYDLm1hU>X(O+MBixw538mS0$h
z*WoRt*PWBv!zfo>Sfas1Y!4-uU%WizIarJ{;+Y_Me_|7HWw|R`jlxh^=1gw<6h0!n
zG_3v|go#wE=A=WYeHjbU!qfN%6b=41$I=Nxo%-VtRk4HG)$U_iKG7N&O6F33S)~~1
ztu#V4C9sywh6JmqEenEZF@JQ=NpAdRE<b5o-07-|ixpHS;nm;vgd0MxRJtx-&^B%1
z<~Bj;2%gFouG*kPN04usdUI(KgzY2mminpZT&VkGs7VPa(${HHwnDIE`TpO-TC0=R
zFhREF3wRu2qvaM#E)%*-S%`h!I63+h3HI8j8cf}0xmdSqkKne#54(G8?BBF?7u>2R
zez~hK>;f=U36W+TZ)%gP$Cg!d1bvuv3Z&%L{M^tp$;t?N4W^t5eXVg>YeC#ecuWju
zwsbRRwo=9S!xO<kY2{gk;L3h|P}+6@H9ktM`6(&QVV~bQqhmMzi)I9}5v$Ri(!<Zx
zr-NO((=EuIS_4D=avcDl=@M2=lk2u`Xool}_@94t8iY+j^7%xQb}}aY&`7Afh6fd)
z$Hv}`$o?=02|Ar&VO!M=DK}4pMV6XP3XeBwfa;S)dyMleOblnd*6|%=_+voDqFMB`
z8|Oo(qFuWLHeFhs&$;l4MTXv@Q=5oE!&^>h@KAuIXC6{F%9u*`v|nv4&EQu_8rY<k
zZ4xokNH5j5qX?%uBwl?lR_Q<=w_I#3<UB!q!b0lGg^IAZV|BRfXP_Q`mXN(Bk%Ag>
zQKdg%=l<<v956v9SC)o~ZUZG9$}^?i#!^6=_V_ChRR1tgi!~=%sH213=f**{yCgbF
z6<c8gt8LyrwaQ&5K3S_ICsfEgh{bObgK6Wj^(NL-!LO_%wNvWy&dZ3}mVLq(->O~w
zCduB??DA8XE3IS9YWB4+SW}hVM5%AKjkoxBO_0fk)cq=@Ub0$C)1|7LX@?*{r~~&U
zfCCS6Ebo!p+fe3WyUj&7b2H>ZL%QA6WOwgsccHrlMW3dIgR({So2m+Z!&bvO^K5GX
z&TUWo{k!|-uU}=sz;tNZe7c#Ceq>GT=X^R%a7E{rZg6dKKBx%`UA;BhLt?AFhN@X@
zJew+6Xw{V)Iy-5}6`GkTYV*);8~v;DP|d*qvtZ4IGJ#JSq?qstn&Ef78271byOvRz
zU{l9PwvZ!F(6Z{e@S-ecuaO~cJuB>dx)f?Pn%myI`6h_B%E`zDu>tk_34VwcUn8&W
z9yJ)GlxGZY%KjaVQyldH|JH(W>(^9P_#l*^#sT>=z)q%aifxs`v-}}P3^6}RB<JrH
z7H$;U`IDftEkkWa1@h!zjDH|T?{eT~O9dLkVqmLBv}qBqKb;>iBFBdr=3s^S+Ec@u
zm;oPuIZ)w~dD*Ya(t??dt~h7v4APiWzgViu64o@6w76XdLJdV+I0@F#tD}jZ$OtZx
z!hoQTEs=vWbNel>`Ota`a^T5LkQ`CB5tTwVcrON&hqoaQDsIJXy?@aHDki=XzS5)t
z(^c&E16w*FD>JdBEBi6gZ$a96xCe1B;uf61794d7FC+XE?hC0uaZl_cN?aH*cnLw0
zAS=t{C3@Sh5APm9#rCjBT{4w${olSPR3BfW=vCX!EsOgw!?q?)+0T9gu_#zCKcTT3
z<X?aKzco!Gi^wIiVWKDnjTT2W$W~6%>aj^v)N$7F!5<=E1xBB~n?qCS8F{#t2*KyG
zhM!Ojnbx>;{BWD!2pC6<raY=tp2mW2JUbp&4Za7T)YtwvrmM&z$Xw^C1V^Z;2$3Bi
z(slpnmp2b~%6^@^wj)BUDcfz8($UN@#|&hoMId;wS9Cm$J<R_Jpj|L*mrS^zNk(}X
zZ{gjuX2>wcT#4~q;$;e!oNX`A2`ypc->)Gwpbnfr-~I6YtuPE%zR*Aj*fHY3p9e(=
zq!qicKi#c*u7H}VES(JlWq&MiayQf`+pZ!iv9Au>+fx{>BJnVz;znK?hi;nL?Nszu
zMg_eUFN{d+j)7?%1XrY`-@xS<0l&oIy8#_HC5SPep>vMcOmvkHTQh{u@u-3Gbh_2U
z+whdUh?8Q6e|Og*it}Ru=)D9XB=+mynwJd|G+N})Bka#HB;=DGSedAF;F7LjaM(pM
zuTg>3kp)dcZZ}X)U}uP-CvZ(4@KvQWjC^+X?q$LX)BFu|uyeI!?mtI^FPyT&B~9J}
z$g40nAdf(Tpu>(Amq^pp?Xf9C-h|Qj+*D}U7E0N_Z#MWLKa^YI1>Qhrbwkr%QFd-O
zE++cX&fTVG(rLkEK;w<ZlK{&y+n%itIosg+9kmJaY`uOYS4`^&7N~Lr>6C_=K_`Mm
z!>LB~RsRY8n-LhC1`p_<>;PT8Z^YoV24w_=SkKgP!a0)in6EfB^=;YOdGep(hGg`R
z4AY~^TomR(AJTWfYZ7=Lp>q4}LW;R7h2G(UkWN_f=jCI~lJDY&>XPrSe6B;Ra$;-o
zm589?xlAG-XmYxR7##0m!Mfh@gz1&5v+OQ6Jmg3(hfeqNbiB}pDRn?h`2ls5`G+{=
z^^8wd!OrqwoZZhs3}v<4o1`KJWsr^5EjcjZ&gB7f-f5$$o)neqYF6?ndK-7$yCefo
zkHJ>+C#*62M^+tzCKLqCu(->Z{lhXoYekvXulw}>JI{`yW{A~e&Au>Nr`ZUyt?xFF
zeK)SNrt`x?@+?Q625mR`Hn!ZbGwDa#EVw=8Vh`@17tX&Y>@$4l6*pZrOTaS5C!Yx;
zr9Zo|YAp>y^U5_l<y$n<&HN%+eL5HKDA)51B=*V-sOp*QwFw^d`%k2s&UZuE*v2+J
zsz1|vaw@R6Lt&7Grqfnvg2=(ViFsA-<h}G`6mieK=oCJHpz?}fHLBu@rM;G!pHp*q
zDEST3{&0RRP#j5lDw-ZC=yCurap{?IIcU7E;e}!`k;d*XSTb6I`2Tm5No$k}vRP4L
z@lT{Gbery$QCDq)+;W7pv(!XXHah}JA&N{HAiK$vs?#B>2UqAiNQ?H^ih+mBxPK?G
zDh`m3#grmoUt))A>(c24oce<{;uc+NzI%%_CIh!eAr+U)I_Y30mkyunC=()DNyR(S
zA&=*`usb5raOu`->Ck6%;N1uA1m$G#J}KeER(}VZi8mN(7P9E|4=7jFGl$al_*1t%
z=tbyqI5+FX9i<ESh|4Mzuo+=7#V7zib*~QZgf4{Z_S2=N!UI2zI$E4s^L1<_0Vj@*
zQK9jm@AsO)=Mui=R-iv`u|WM?s9h&Gtuk?sS-PTPy|kJ)M){7nv;%7aEkq4&{I%}J
zUonrNbl;&&lxGT@O2u1PxO>Et^AGT(kSQokevT**hK;z^KHexmG1ZB-e^C|?8UHx#
zXN#X2&A1wzqM6V$C9nluA5~^X8u&`V{rUisi+SYKAxH%R7xp310Za{Y)WQ<mfK%pm
ziDmP@xHy^bbML@2d`wlI(o#xXG5G@iS12Xu-^-b<l&IqKc8)~=y&sY2oA?CPQ=Mj+
zX5aup*X3lIRAUlHCsN$#b&#R$O)020DwZG(^*-3lN(9tK0HvxB>ehSdeW|rtMddSK
z*M+j!G4}z|_iFD>NOK1KrfOwQORvmn>6JMxjWQ>zatdY6DXAjSi|wE8jJOEnCM0WK
zyk!zY>}-3JgpItK#xblt!i9TB?nLsKx_<vbuJmf{q82uQnvG-FOKO)0=L<EgT_}ZP
zLssMBozhmes<>y1%FTov(Vb4xYGK@FcxG92B#?Z(=AO4In`kv_Douq!3$nc|#b848
z%I6d5*7eV@cQN}-`LCF-Y0lX3jCDQ*z(S~g<^xdF1~yD?7~1}!Y^G<D%{aPj=0;>Q
zh?KZlKhjZkcHELuj*<}e#sa*j0|c;L&5F~b^0=?@UD1d`_U7e&3DgC_woNgyU&eN4
zYeF_#<{^Ag(e__OD@Rvvs=J{RWC0!0zU>4rL02uA|8g767BMBvcAwEHTWhja&2|E9
zw$qeW%OLi-cR(>#&HDw**~|&}nvLjU{V!g|vorWJlhUqUv#A?sMt1D&r=M2@H>di*
zqBGZF=k&jk`OG<37#(aTY{ag1mmNDWBz~q6viS6haPlcJH0U&Z?k;&)AhOEF<t5aV
za^v!CE8#J6{Ym9AwQ0&~Y0@88!dzDo3v(583>Bi_>O!Ne0c(*$7&~!VHWFJTu1KpR
zY>%)I#D!d-DO{mOOs<4@N1idH-v-xf3;~Ri=1kEBck0Ewpyou29mwo43AV@nF8J+l
zF-u_a6oe2a^V(Lx#f$B1^Tpm=?pcL$Pb{+T{lPx`ib6!CMn`$lp=IozG@vNnDsDay
zVoe<Zq__$#W-E-I;d029)8n$m0j`6}SNDlk?K=(~>;n1QI%RsMEjzlh?Sy&)1^aKS
z^arzx&zMrV>-hPEG#R0e(z!b=9Y+daga+8y<!I_Q+ao<6qY7+V7E;<zmSi*URhuMP
zW0#R-Pna@1VYl%Kd(D;cfAPu>2^i_L`14kM1r_VM<7vK3!`60Rq-gi`vE2u0ke69B
ze7;EQwlT$5dq7V!wDY{)L_(1K-BK;erRG7Phn>Wm-uU=^@eQw1xY?Ui>Z^k}_LDUv
zFLC^2s%tI98D5#_RIAJ2Btw?qz=aBJ1b-R14JU#pagGZ#KID0i%M(2orFAzFf$S#l
z`%M%k!tB$G4KSdbGOyVYc|s47vKY1Ax<Dk26^<&#sX+q{kM!P3PCFyF9BW3L*ej=`
zb3~2E=3(uq#q?HlVLLJNFQsQ1g50}?%@1*QhKx83iUge&6bp9>8fLUlRraM2o8~(f
z#d~+1ctMbT0|_D1*sZ^{G~Wgl4sCLTclD*tLG~`0+{i_^F4)x%?lwq%;d*NDId95(
zZCg6tU!Qh6tP$H-1ph8$wE;q`JD#*NcOuUYsU}8}pfxy)Dv4F^K(+Q>oet%uZ|m?C
z{tSbS=k8Bo8XU1XPwmD8`#H+HHKv6tN$*k@<8(wfqE^4wR;8D`m^M&PMK<EA+cX94
zOu!9{1)Ot<AY<5iBh~L4L=s0CNd_ag;hO8T*^JnfGf7rz!<P2H!++b^k!4eRJEw>I
zpHtwc;rlJDy^z)7gKp)Z(wMtO8l2!{F7&TrRD@!sOGxw*?#=~N^DS5#zs};J6opmM
zvzU7ck>`mdG+cLmco*Ny!GuYq$ExTz6w$9R|1}DJDh|hFE^c@JT1`h|rDI`ZbqZ<c
zHExl?&1ruW^Tx4wqKi`0(^5+#`qYkR9Y}@XiK<d^Ig2YG&9dI;q|h66>b=p4fYM}q
z*n|HjrCo3&L#t}5pU7$A2!v%R1m9c_R0v0Xd--*P<Sk^8kR}t$XuE}MG1?(Stc{{d
zf(dyGR%ltC%QQ<&>oov4=Z7`KgfWCnN%RY(bk$$wLcV!8qW3Nuv3>9%g0Kk-IC^(}
z(bXEm(?5tF)YnKt)=ZbDtC+BZr#%fcp5d8+vtOt&=q0w$7>WI|xZ`vp53Qd-84{V}
zah<-n{^5LH$9T$zA*&@ZcxoM_)oT4hxk2uvnF+giI=KS#SgyRjjaiA2tEAy}wTC|s
ziBu?hVh<;|umhdHOgoWsoJl=A9(h5aYy=6#EtU!OB?Qj$v#8j5^Lo{!4DE0%?-a+P
zf^Kd9smD8^GgwmHhto~YJJ%$dwV~6E{{g?1Hv=mj(#!jRpUes=`#o-6avauwDj(#+
zMfg%$ggQ&FeB@D3<?6$36D1Qe{n3JiEk&zJU(#g6LR_$N1goI^_ap@F81{Q24#VCg
zr-K_dZn{du$-3D7J?20y9KuV0?Tk|WhW%C4;&Jy-th5g)rvjoi7d3%S+@W%)Y?^QG
zbd7gQjO1Nzk*T|oQqd)wQ+etJo%XiWj{_Q<tl-dQ$b@Cx`-kWBWfdWg<qK}FD$%TV
zJFBo5d_A~r+N|<A%PNJ7Jk<X<m#w6kw>sV|qW0Z`jx}3OGA6|&qdK$x9AdIzYi`yc
z0pCefDC{mOq;K)|%c>pHs1L;)L}On{zN-r7rs=@~Ri3!WOh)47wTr?g8o6>$h#NMz
zcTtH9b-tVIkK(=zi$|lTe<Y;S2Cn-X4`2AHV;T#qr@p&rkgC$EK!nNsJ{TZ18I?M&
zR;~*NMj5wH%5JbxUQv(WaQvg@j)<dx%npYO$ug1S?s5l3hWkKO^Nv$TgYmCaBm5hR
z*y>iSV5{zk5zy|Ut3*%DGW3)(F3pwI?ya6!^?zLWpXR!tP9Br=VOL^`g6?Q2FL;Z@
zO-TJR&YqpT!;kGbyW@p>DLvmn_1&Hn<Q(fN-~%o<NaKmJP1s{Jfa%aqYxfcvVueii
zj16>cDw$P$2Ej5qtHkrl_4LGTfc$;?t2)-<bY9BkER)QsVZYydv>k_}-_kkm8DVrA
zB)VI>$EC5H!uqO{ka_b7m~mO*^_yhn%V(}NPaGsnh3|hs8oUeq?fv>+@1Jwnnl_ZE
zvV+A^B*!B#G|-}!{?k+7OXe!yTs$Qq`*lm>6?OAKC4KXQWJ$4ApoT2iy>c!{#ahC&
zmIda?7^UfkC)e1EYE-;zls4^?ujldI#b;rayyeD;^-tB<O`cxABR1)DNVWc}1;>R6
zeift%VDWJMPMQ&)(6c`fRifDE!F~$99uBD(8PHY2O|s3*O`)uDIrhLEvPQFY=$%3)
zKwx7e7jm<C#G1LKO8l04gW|(Hab0K-pRGj13{eA_;e(qefQS%P8}`t^{E_2tab$`$
z)-sYxVl`#xZV0)|)R!AIu{hMRH;l%Z%@U6#dY{$5kKXS6vmeql1HC*jEfGf481)(&
zakecK_f<1#v(m93b^+<B)stb!5>6PTf`R?Eq01C-+G)~X*95UNH6$Qq$oD1!(rQ&G
zteTAFBtF-5lNb2)R~#qq0`mSX;73eXCFGWv=`mp)mn06gse_Ns!jLxyDIEV~(<z&C
z%nqaUtqI>gl~R{j@?<B>{BVw5{YUO1n3)Jpg|LmZ?;tidQmgA>6*4D$Vk{O9p0z7?
z$h4%za*7?fDXai-_Of6nk+cg{D1-trexq6+-lk%>VGYWuqSdE=XSB}^(^QtpchoQJ
zxg|T^n<E{4Lcw`8Us<kDcQWbongHK3;Zkw^8W-KNU53)`->$<D(Nwe8gBSCT@6O>F
z5(l{w(c3bKM9f|<C7`vDxoHn7K`;9OHSVbS;s}ItE=z7rDIKC^v(45G`}rtL+B2{+
zY39w``<c6%KU_*?uxwHg4{7!Q*Zmx5kzx%cb%Ca?X?^S6ZE4(P;K9a5Xb{@BXs1-T
zAKVlfqrzqUEIdoYC_4VT{7MbnNxzldNt<2f=gIsK!V=y#Cuq?y^~3N;xEb%a?163}
zFNxFBS|AEqWK_qP#qIW~lVLRT{?MLQHlMUF7*P*VOF1hGs!5X>v4*gTu36OrSiQ!@
z<P?=zQ<m9cB_O;G+x2^hC>8_6PmbuVS8Z})-fEO-iEemjqs-5mnGGuOl(6d;@Bm^!
zoxg}Q1{PI^FP1FPdWPBs3E!@vX<ze{DfjACm``0FOeoD;aJW*xdKEoH+hF%j4eK|L
zoT#~N*HGmQT=<-1q=juvQdQOy`e_tE<w<68Z`o)zCe^As)+zeRdL;E?W?_`T$<fPI
z^vj3ctN~-w+%2`nm3FCGfuQAv{%Qj)h-fj$Lmz<w6}IIypOCsOi0+=u?D;aO31lX5
zKS{S^ys@}^SHwdbo+*w5QqVHMtenM!;NV4@@^wM3w$;?i?w2_OWvJRx>9Ot!aa?s5
zbCA3ryq7pS2!=u74*p|}$I&$zO+T#PH~zH`AI6_=Lkf&BAEM=$W;6*?6>Z%b+$>zv
z67@`-L|DVD9^7hBWlh@u4}XI*Uc6AFfs=Ua<7adbwA;y=V&`KO3EGlC%-vI0O>~?n
z&+m29Vl%EY`~9qeQ2ff<d;cJz@6LXs+dr#l^*{r~0V<O)<4|gpFp&k;%<bXKUAfJB
z>L(Do_qz2vhS!7NUKL(a6(D3vrqyg32x$jt=WJ*3Pe}{a26!6o_j7zRE%W24yv&Um
zHRb7J)HHp>xP$!)&G%EOGWJVyizDQDh?W^SC>mJ4w;ak^avVg)0z#%Wt-{7{ycV}G
z>n*5#qxRVMJ4WysK4ljB>*KRnx%RB_@(3UMX98O#ItWEk4U`H;q-$A|%L`s;8ZQ$f
zIgbUpZw{XeNm1}Y7pp2g&9sP`z%E{UD4283uys%ytrIFuAXQN=EJgc5L`=F-#~1~X
zEmUr}dVY@mXH*S5HhLp5v}jmVsYES3_)G^Mb!}eV9Rk~#t*C1cD~UFR#_-}rZqaEz
z?=ql$!>8~=;>x*e6czlVqEVWg^<?~BGtJJ)@w5rxS#r}Xje+Yz4JGIKPcwwma+=1%
zR-q))f<t>ZMcepuMY{$5!J;jRRBv%N@FmshO;rNDbxyEe7V63<OxUqXm#M)|e=tYR
zy6RKDI`X2>AVeG!q_x&EMpS66O^|zuHEC9u5OZ+uRk;2<!{nm*fNcHH_YJ^N17pgG
z@qn%<BKgZ%-pEjsscxyIu`KL;9ejVA316u#Y1{gaTF^NeO<u+Ex`=M9j)C%f(R7Xu
z5^QBXY1pM^;m)?QfAF+jM!eEMoA!B`{J5ODYHXTXDjKpD56=88pWGRUytNU~GxaYr
z<kTzrH;qVTBiU+m``%oTnGprZd8oTS<`+AKi=Afb3%SIEERzaA8OvI4f1Q#vSKD6J
zG&Da#+iz?ZOkmf9*z|I6yI{xIec!I%KX459ueJ=Lp?&2j(<4jv0-%JR-!7B0V`gmL
zpX$ZeYHrIPYNU0ez?QsP3gp+I#AgdC%vX=}8g%rdTw$Jd?ck-SQYNDifuvW90%+6P
z+PCb*dr(kNlV?04qA_~tsZLEZNghDLhyH~N>a{c-YricW_GF=es_@SS1s5qowtWiq
zEC_-{1Ms0HS3W=kjH{vRb-`P}2c5bFN&W=29M=hgv7LoSsG=YCabwxYB9udzT&c%&
zKsmr#7^4_x9NF1V(h?#-$-1&*LCG#9%7ruG{^p}X-prcRt>VclM&%Qe#QfqG+{a(i
z`;V&}Ns-1!zC*;6tulBS9!SUjK05oZca9<Up!^+o&A3Z&z~X^l3{u|ja4T?ji&`T1
z*P>mhd<+p`!NDcimz(0F^fu#c!p>HtQQWuY$xRUBgtm0zUF|o)^C>zd_z?xVkpGV`
ztO>7GX?}x0^qqbRYj%EC`r9Bj5vNc2XaBLha#8(Sd`Er~uTt^4eMgATeEHL*-=Dhz
z^aH>A;P$OQ*GXQ5J|6kTucGWm@`pY<h5u9bBjJZG4XCXOG1GFJl_%5YQZbIz=h2bN
z7|{;+sPC9y+14@eJ^w9$n3&xxSPSVeJssh;e1BTr;|*K5_*V&6zjo&rxom9+eRXqu
zY#^g_YCrfL+YdV&-$fiFM9j1;cPYk}ICn<g(K8lW0nI@%cELsv&{UMqPvdvQFC*jA
z9A?z#Y;W^xR-|Aktx*tBR`}UQ)M1SiIw5i4^OtH18`s5|I@hO+=@rlpIijai1yg^S
zftra?3QBva0j`8i<5aw;XQwMf$?1L_zOCOASWy_=@^0ZUJJd_)v38)WOeqvfz4E&G
zC<cVnr|vVzx(U10he&yVO(eON0(GFwg<nq$x!bQbUc8kY*w$#4<=-jyk0+U4{a3m`
zhNKFi^xD7+f_n)kks6Yw);qQ`n>sd*7gEm3<AX*-c<<a|SC}DoxG*2qN0cP}lLjz%
z=Vjkzh=8D|aO}r!8zM4V!5H!+QTBtD$Ms=;M-oE?V8+DFc}jIq2A)#%`US|vC+1JZ
zq{S?eQe+m8Cn2m-oso<oBSAWUIfE+XUht+v*zN0g(#RLN$dD6_TX#<B$9GCyDvy+M
zEBT~0zcNWxu4SsCPExKlSm1#I-^A<Gf?)gLr|WI*jNNDpKPfBZT0Q#F^(Hu5#MU8a
zKis+t^s?3vevUlWZ-wMogZn6YJsn{Oa7kXZ#cF8Q<y8NL@QV^JLMA`(9`)9<;74hL
z2R0jy8&bl+pb!>~NF*fILyl#bbzT>yy={??$Sr4jeyMe6l_wZ3Sh<gN{EFI0!RiyT
zMS}g>I4woB1xQ@s;6iIh?mxGxDD=@|mTax}a>&+laF1c}HYQW*6=oOvZnYhd-BX;r
z?@3ArRfTFAT-gpjdC341!E)m{OD+coF}D3o9X>5!v00F>aAFEs*zR(vymllca<=-P
zg(J{P$5@OMmqv~S7PbbmfPvzFsEpXW!mw>D@rZZ{xVMssbd|0OAp+rnU{9H@Z8^US
zW~v<c{Vgod`@Pkwa%+%*^-1Ry<1`EWsErbeff9w<&ig=IwajN)vsx<+|NdYVzY`xL
zGxI#i?U@1i6jR@T3HK8?T%nTjS*t!5F<u5^xcaomwZa@mMoPjrrI3Y8l5`tHE`n$p
z*8>d>e?wM%^x2xu_g|ykt~ufuOL8=iQdJ{1<H~egEH_gDM9ZltZ6zs}(fs@}IK0xM
zcok>MZO>f>La_ybP$bv#>f=s3vp9xoUf3*=V2i)2sg3m$ABSQ~wXZn;z`i|eu=<==
zoqejN3)6E=Je4Jr604P;uD3<TE?jaWxgK!=;B11_-QTidi-5v&V6FCI1QBo~t6HY8
zeTgTxdG7|%4P7X7V-|h4ZL)ulVz(?RFu#I}?QvsgzmW=rZJ7sxy5umVXeC@X-&V4k
zKQMK+EIi)CA<j~`(tx(w^vH+dIuI=^(E;43kV9~-KV8p~%Pf5DixQBY8b@w?Iy6VJ
zsuYUVyA9$by~bVdEYABU(UB266!_Y_WSZMT$oxpJ4)2wVpVU%m?OmF*L+8g=+wC=+
zO_k|wgRQjtcG`u}TcwCsT*o&F_Lf*i)9uDBST}oycATy+`<Ysg(`tKGaxZXty~jrA
zA2g*1qvuOeNRT&qD9$6e0v8Fg+UxZ1(n={Spf^hyWGC?#X&Bi24T|~&T`oeSVrY}$
zttrs9q3>T?SdAj0f4U2j3F?ZRwQkozC^R~&>V`W+PwHM0c_B-zm2Tl;Ao6f=UIYzX
zb7d;k<Ebz<cm(8_q$3s8M&C98slp3VtKo*)0!koZ>(sspP%g3<I#QFDFxZsqc!61A
zKo+(D-C*ZpTnkVzTqZenrR_>wtS3|w=F^~M#=2n4)Daoq;@rW(x(YD;2_HF5Ao1~&
zRWyU|5Y7svhMFrC<cyx`jN20VBv+s`4^-BmWEN72U~rhT<8Fs>I8H%_?xtDb#b4Bi
z=3kKEsb+wBztFGnz-~Ou(d+$b{l<NUis6;s#svQlb4J4s9S_#t)x#uBPhA*<Xi*)*
zdGhlRKn_U#BY!K~fTDTK%TU-6Xs8#9yL6*H6w8XneUit6U-QtvVGoBHTS60iT*@*S
z!B6ZNl<$ua#EHZFbbCg5oHGt*xygJ+To&wwec;W1@oE?>;r!p8LRbM0I30PE6IEwO
zH@-v7Y+0gEzQ?hl6b$HX)?4aK1euJjs-G`?koI$jCmgC^+NuQEGB#?{dg%{ud~PEN
z3OW4XjP=bk+jT7O6klM<$2p0$)rJ1snnSPTAzC@r^Wl}E6NFt2(PmMrCsuo+lX9ub
z2P<!>PDN^Sn;lz@Qs|<xftzbU8>7&Xbb2{{J;9wg6qRzC4DNNo1j0p#;LXDlN`%Ea
zeUWEKXB~q<u46!bV%F&w@)|O$T=S5Vo$VBLCUyi`2u{Nlly_dm8%)gnzEo~Bc;Pzp
zKUr?H7T>2;mv_0o$>iNcqnDIeOejB`g^(CZmqAQ`1+sE#kppQn3tuBq;rdKY@2OSX
z+vF@`^_Qfz%LI3*7CN+v=+0UE``j8Q89h9y`Tk%Ugrg1*1^J`rL=FKp29|G*)!#<$
ze*GIt4V2x~3J4YFcn_REV_qS8o<>OmsaysbsIM(WrB1v|9wHBYMtv1)QM}=}mS;Fs
zHls>=*mCl!J4+`<hc!I;=Af*#`@E-E6lYyb9dnyfga#~T(RcULJtT)F9+KC(O!KPd
z!~5fBi1Tr`fNQPjH@4e1OJMKoo&Wv@M?vBow%Q!L>{!sB%o994$gsfq{jxqKm<bf-
z9E2MnGC6`pgNU2YVIXH#Moue4_C}eiXPN{nA;BuB`LH5bBTq&p_-~=6Uvq>n^gX$x
z)e6<L@0m89Lr!vUZ+7Zx(jnAqGHIg-FBuPozK7Dfgyc0aG(CsWW*w^api9GC<34a*
z>AvF-wAU4}+>;F6`A$tOYt(DYF!Yo9kLaBAvW?MZI2}0X_Cdodbdy`bg(A;gcYi#%
z{%^LD+LC@YJeUN}kT3tr^kvme+lnlOz9<;rp>|6BBJdy~;;U?UOC(j+fak%k)tliw
zXiGn<dXN4zhZMQut3#rJi%X#&cClD!A;6R-YLs+nC{mTOI&{cJn$4p{OKBfLeFvxC
zwpoeW9%ck$d0!=b${JNSRhCC{(W~3A%9xZ}&NgXxU?U9eXZPB+U*ixNJ{aPCL@hI7
z!kpFff^)!@6)f@9V>4biT|Ya9>HxMS<m^R2kh(3lILuee_JbHMY@#Ft3EUih=Kk`u
z!3+zM;SRKk=207iRL4}(VhJctk~lZ=DvsU;<q4*<X{O5!VmK%J59?!-Y+GGO&$<qt
zrN;jJK9~%!sKWYyB=jEEPz1ttmV3A)ucww~ENE&3u`h=K8E=<fpq4ipH!~}Q;9@JO
z<M`YfAWSLOTCR#9lu6P}A_z~sl`Iz<n$#f0W+WnSVek80Hjrg!hYQvtmc08Ile)sM
z?Gb&qCxnSWti;Uk_YvY|QsARkeFHu`-E9<g!3A20n9Ov4b9V*4PuD5hAP2M+*tt{J
zJwt5^>lX^1zxZ$PQc;Yu3V5u2$41da${5aXHw4IR6)Z-fr~Q6?*xm<+T%Q5A3<C%A
zp#q+nXpBTFyDUxb2<I1r7F*FM*6Lktx0Pb6Ca2KA>Yl9+xaNg^BE`{;!~24Y<xamd
zSQ*5wiZc|DY8TrPHFy5i&fZ-Ft1m!-A+|+@0K@L9(3pkKI$Vc{X=C0A&fwZtymsWv
z3E9Bi?@89bZQoISVAWZsb*3t;Sb6ey8q#ZNQkjHD;B+TU4c*+2bLe78TA@pgvh>g2
z6F7VR{Yh*${17xTp|W27x*Wo^bDh2s*U2FRN2s!w)Ru2P-PICsnYA2~tKBy*3Qv3O
z@Ktdri0o+)(4n<mzq{LD$3fk9!u1;d*L)Bc4Sek3!uMbC)I6My_pk%ud_)J93<%zR
zHA)qMfh#JF<h0qJLf6t&<ElMAJ>gUmp(I~o0{ia+W7$&$7)zy=^rj=X>Xe+DnfR7l
zQB3U6x6GtI3ML*p-Itn`hjIU<cRXzn8hVTfEU|+>=VcC-I+v<_kzQpc!Gws<l8UJl
z^DOqO54;Rb|78Tdig9q8@r&y75BhaNj+;Luk^%9|Oppx=4R1rLlV$yNvwY0#`4HWG
zb=YEEv-s&Oel5--<*7Fl?S5G;ID1Yp*KO@kqxcfn;`^FQrJiN7YVqMy>J&_b6+$zT
z|BPwiLfAn6wM^|{sT)5jw&ZVu7L_p_hRwF6fDP=_)Ze2T47F2~B^tFOWs{vX^djm-
z#y3G1HNOTn;dGu{ZD1j&hWCF1QY{~BE@v~?b0e2vTSIY`NaH67k}CFW+UyoP6>hP}
zYfSmgC1f^n&VtF+m?Dh-V$66(KsDZ6PPlvU_wzk`dfQ?$6_0|h-=QYJvW~`8LKu;r
zndgb<7?$P*%~2r|(*jMGsd2xrG%xxIi=0#wB?{-RZ2M~W5CzFyOLrGXdt!7t3$wZU
zn0){Wtz(h0_bR)*WwyR(XyR+uxJ@a+aRt{4@f%l(7X<%!fh(Gz^d0&u(#21v#}leM
zW{iy5`K5MuuY_WOJ5${Z^#Lfabz{Iu9Hco%r_^~W9leXYn}p0?p?>vX`#cFRpwHO3
zOSyRvF~Z;^`pGQm#UH}wV4e6#9Cp)aPL3L(+CuL$rChQxNkRBqwKs<G7T!lajmB1x
z2I^kO5bQoLU0Csz@ldnniGVW7={1C+>wwz*gx<hkrf~}%s7No_uj6;u|Lys-J48x>
z#3e3G;ePU1fYyU&GHDt&UCo*(juAv{(-Cvl)H#_H2M~CnIa07UmuLWfL+-2d>k<%U
z3B*(*Y}z(N<2te_DN1rxIiVy#SN|O)V0t9DpVL-H>vqE1lo9|s?v$kb4{A=yb2A8P
z6+QgXta~zazcXYGi+{t49WTifHVPJm5HHJ<u#9HvA!8wVPo$dVvRFZVP^MWo420vD
zu#7ipw05>?Y*M~@#}(c#|M?mq!cKQrrnvim-XK&>^ZLy*N&Q^DjBlK-Ug8LX;r1rl
z!x~^+HJJo9Fg>eiBNi{Lz@df@$Kubd$Y_3lpEh_fk3Itw#Ym@-%m0&NSE%>IwKKdo
ze8rwCARthzWT$C4cHRUxr*io!dfWc*Al<1sLpA?-o{rGmM<O0C;<L4+GX%RD!N(JY
ze2J0QjruT)F}(Z<x7d&82QNHrJ6V0{8P0bXr>!G41U2yjeG1JmDN_Wb{0lSc0e)3E
z4(rpy%ftGZyhLf~W20VKx0a5@bua}&#N=THRQm>RxI*1clAzv1+zIe9OyHt;reb=N
zB_!;yu3p7oqGLm2uBBqJ2BIQK3-YXIN^?q$bjVb9QSA9!I0)W?!&V0~Qi<G+NaT*B
z?r>6&T#d88cGHH>HSZcXg3VD!7Jv%r*)nNcA%J@A8jI0BX^iMT0vnr~z{VbRjn5wf
zHWvKxw)gjN?ql<pWW4`qrs7Z(nUqtJ>&&dC)p2LA3&PM`_}!k|;My!?sKwf}X;iLf
zR*eutAVDm6_KF_I1b&8*nc6N#BV&NvbQRT|%9YY_zLUS;rKE!HW7f=5*35YdnR<jD
zHtVUf*jc==zEJG!v*|x=;x1ON&}LO-^W%*EXif{FF;?r8nl_mYul69UiIaw-b~Qs;
zfZ{4>13mQIrNTT}RK11e0m)KAs?FHNebs*IT!3M<4no`$bm#E6%{^?YSOq&5dyw(7
z1=3T77&=1g_j2d)=AJPZ%R{|T@TFdo{}$)+eFIJRT1C^{w>L^%Qs+5DxztjdC+GO{
zu3`&L#kL@;d-Ye*PprIhmSiWmgvwJ>Z)$D~^W2ic%G$%8PU-TQ$@SPH;>?hlMh>9d
zkhRXGGho5%&)^8k64V+~<yV`ynJ(usfxWJwO2l?6zLfJMjKZS*J`#{qnVS!*3$Gb}
zS%RyL@^MPe*1^h*DTxh$HC1un0e<3$U9k<~(ZD3Ww8`6d^tWrTgzO<oXhbojP`($S
zEYCiQ-+yKeJIftoQ3OlaDM)Zh!MFr76E;fVLL2#8@R10=<w7Fq?T>DfB!2&+$QZ=m
z`YGNP?)~_`)ix5wvK?kOcUlJ2wEN?sVy)253Y)bs^>*TDIU%w$Gzvz`iMJME9y|6?
zzsT>h|Js!}itWET4YMMqQJ|M-c{MUz&Kre`x>UiV1nC~$Whg(JdS22~%Hnnl_rZeT
zV=_3E<0td^r63_gKk-Ct++iGWbfiqqcI0o(WOa2BA{YU|J#69K1kcDTWmD~-ZFP^N
zR{Y(Y>g)1U3mYiMT+NLJ>8SIjAemq*?u_!QY@-ERvDMqSKYN;8xTU%mI}~<ITJoye
zx82O70w6{9V)_sqg8gYP?XWfDmYQCsMG>4&ivsfb?(#&qZ`f^H*y-Mr&H?@2?0A$U
zDp%kTa3nQPh>6hxFV8B+F;<R0mtR>pn(KL%6mWRJhgA$xPPA&&7#zn1El(|*y5xsS
z8JA!tD>$^u1|UIBP4qb1L_$W@iM58CUc4DrAHhI5)5oBIE%%!HnN?3dKr}b)QTZv}
zN6)C!Ct^glZbut9jAM-+SBGRS(@b9`7UKg$SgLT3C|7PCTu<hE1X7`Lz}0pu{Td)|
z#!J$n3fUMWkpsKYEcvtihc3{z8v5jCoTUIJ*mGrPa9r+sKwdwyl<<mWdJOf)g8n2~
z34?MRX~6OLbjNaQiaM_@_)sq0f`;#AAy!5Z`Dkd49>Xoo>f*rK?y*OgdY#rvwoC#e
zqsY4g^H#(#b)cm5X@y9C(t?QHrDdlj(tTNYDgtsIEQ+%KDn%w{J6e7C(5D1)zXU3l
zrm2VdEWAxj4LRIxW40(s@G;5fK`}#o1tBFM6`{4xP6|ER@<fqRin8yYq%T(<rF#{O
z5+8frSaB^`E~|e!Zl=#U{|NJwRUw)z()h1+Ocb}Stdp+!+i0B`9&j<(dgAr)YW%2>
zA{sSdjL%)cpH-rnGw3vAmrw}41qaBw8FH=h38|)&!mCl4Pqt@IQ_P<J>f29WnLpLn
zUOgV?9LO7$f_)KlKHaTDSbVsSbeq$*AfcS`{!Hf2khc3B+jkjU`NItJyv#LOEDb76
zmFbZ^;%3e%hIo*2_hOFbh{D!Z#l7n8qJ_hBl=H4~uRJBvwUZdi6f&D1euCg6S@B7K
znCcM;iA)z<vIfsxk^r)7iIPT#V!brh@&|4C+xd4d2m+jVF1)?ed{9XrPJ{yV(f3xw
zOM*oI`~OXjUYNwn-*BwKRs4Ly&LZU6(cui)glLf*3DMLx?6iB2r}S}$y$brQTujZs
z2M%N4vG0$&vE+f>H0aJJ2y%XezuxaH-wz%<g7eQ(kNQW1NCC}Mw!YW3-lo-wj_Mv=
zkVXc-H53@+fjsg~D0Zb`XE9bv@mxU&QQwdvVORWj&ER;MjEZVIpYe%?gyYK)75Em(
z386`j`ruQcC#+%S5qL3N;_IhU)!Ai1NDM`As*bt}iF~VnAMAXL<O!87m^HPC(Eh0u
zp+(e~V^4(jFC>fZa~!>qDyWZLH>@Ae)oCcA!7`_F1&%wvF|0l?%?xe`68UsxTkf6r
z#M`>)y_TzFx=d|{Tq4-g>P**q75uSqe1Zg}nYRF!Hb`Cz@)`O=YWQ%1909U}_#I=y
zGGp{L$fpT96?T9AB&YLuUIGF;*64@-hDZxK4N`UrfsDV(Rr(a<az1jdO+kZTQR=@c
zx0e#HL5JNHI?PjN1+pYxxIlFf07DuL>wg*VYb)Q^S9b3s+k2_>J>v>25pA+6wTmq{
zS#G%Gy{gn5UL%7d2cW%*;VY-wNjrL=bXeK;oS<}%vC?{|>?vf)XQiD`+t_XJrJa(x
zHWGE0#G$B_3^s$PXXH*qXTYaGt!cdJ^S3>uHq^&hAmBACS8n&|E?hq+8*%z7YUYZW
z6sEcoBrC@`6?;9Zi7s)HmMg6?=vH!ylb7gizdpQsV&<+|!X8W5Vrb^8#ti)sIXe)m
z3Al2k>lL>8-ixF<_r2FTuvqhCMq~R>!H{DITukS+$Ew0=4(lg@bz6I{s~AeiKVjv!
ztQE;fBRML8W$WMvKNLr6Hl@*M*T{TX1!AsE@7h?d1^ccyw(o*F_6Bvz8zw>>ds5bj
zQ)X5WT&Aau{ICjDK^A_cQFdl&qmGLWCnVISgo#?Fa0O$m+hCoBTZonPwumBJ;&2wq
zxU2NuM_iodmBIv7)%oMHdNa3Xa89`4?qi;Q*aJkaA3Q1-J)agfV^XL?e(t#k8@-7&
z0yx?osp}qAn*Su|h6^m$jl^Vkgq_80Q3Q>fXAG{zu+t*yr5x1Sy{Z!?rA4gmaTSKE
z=%2w+P#1E`H?qCjkzz!96jt|-rMSm75_z8bm1<><5D>{#%!+9v+b%Ulx;DaoMz>TD
z_9-mZh3R#nrw)r<ML0xBY9Lrzm4v=y8n&FaI2t65nhe302%CoR&s35jejex}9Ah7{
zIsTE$$q<SjeMy_qtdm9v)@88#O1s|AR>k0gMp0^IsW)<`YlYRIERbjQ>EF51J+ii_
zRib5gl7n=S--!=oVlOwMzEYAso3Q0}|KSv-0nNzju2>Bf$j1eof2G`X|4$Zh)@lLY
z1Wx-n$I$gRhn(G!tolt7HsUZ%*Ys3yhuMl!&^d>>iy%~*5De)|y5CP63}W~v#ybT_
zaB*%KoAFd&I8TH!29*csB_;md?3a;#luelHlGaSD<U5RAiEV_f&Q&vtm^BuLQ~Daj
zHef%uiB!6JjAug4Wd2mrMMGWSGj7(g&{La#CwGcD+O#=HF2EQud|Dq~Z3kA~8CKqu
zm`vyBl^bAF_v-LYhnu#uUBVdRy&?!9NdQ|tcCV&Z0xEGXDk#HC21M(n^VVtg(fodg
zh(PxMSA2I0!}*!pMiX>#r20-kPs>ZKdHQ5q71gNZ2xpFdf>Ry;jAhZQuoA}*(r6{#
zEcQL7-Nqf0q8wT)K|3Hy=(oRq6qO!4#}2kFakx~$Tcg7J-vqIoYP4ok<9U*Yg)NH+
zYsB*O(GI7uQ*N)rhx5Yu_x+ywZg-ySiMWt>9vP;q|4M@#R?La;>+&}E?QcheOz*aS
z7gTkUVn9|*+AAe!!)U4L0F_o4Lyp}QFl%>PV^%!<JYQqAtcQ_sznMOoHM)h6!>gU3
zzlqRmwhE8wld&FFIJ1{HI&d&ZM;`sd>apBcgl9FrUf=!8w(R5`3XeTX0m6$?DA@|r
ziFvq8hxFI^eF!HRq}uZTcr=vP8rV`12&N11d%Q8-7c2)4QRBtZ2vb^D+pUz_nlEn4
zSD$(Ouw(ugjqSfOkL}RdRO%7dB3V-kdtFUouL~*cwM!Y9GKF;y$24?3B2K$d>9g0e
zIYPF^dn!X?yC1OjlfRG7{_?cj1;6Qt{V(IoY32E_9S*fdQJc@uzi2?sfI=GyJ_?Ps
zuM+W5bn+*4lIn#1gdC}6=Bb<AHurzaSm6d-sd|7tk{a@;@=V9)juV?p%#Vw1Kh2nT
ztN#T5%~aIN9zU>Iu%ROF+jn}#Ik&;Hk^haFDO&YTdq9mT6<%S4Y28&AVl^oYn+hjj
zBCMsf8&2h7L^a(aN`l{b;iv({obNt8D8-*8Trz8NH-UOth)DL`ZLII!MD%MFiPSaO
z&G$i*z>M9?{Jehn{uZ$Up|3IUDpJ`oifGuXI<pg{gxf5e+@dy21!mclC<#Yu8v*TR
zEYIpVNPz~nGx)M-p0{S_4P3Q5{~aPL#syr2mc0@#fvD)pdvOdu@`HqN#3F4XYp}1a
z0olPO-Jy)u1$T<shq7mCDqV;*3UU#$fh?L^I>Kc10tVD5hgTmW0kM7)qoN{oOq3v{
z#<)p?m3g;j{7MP4cYavda>swTjFoJZ{nH7KkRL10i)pgs2>MIY!P3nw-n@9}Q3GA5
z|L?LU{+OEhRbHn`sSbWvWqi_Bl?bf8C9DQ(oXN&$HLA`6h?YDPPmB4N*fjEAXl(6e
zVhPGVIBq^zv#4y?70+t8N$kmf{l4*KrWmgOg-UMX`4+R2!O&Iq72I1IPbf@!y2;>7
zalrUWGbe7Z_2vgC7=5ZurNIsS?9U@k2kD3LRxodbQHr~u0Hdvpi{C2a;*3hsOc<#Z
znwBN(5Od1O2PMrv(_ws4GlI4uO1OK>NHAH=T%l!p)hdE^OS0uR?t&WZ_4p?Y^i<MM
z&GtT}Bc}+Ua7Nsab(Ai9wJkiz`%BczC@AMqY^gC0RPqnC({jV%rT|YJ@76&GrNs4+
z4iZf~GQog<5P^<YI~O;O-4IS_c;5VC|3dT=T#QvDTr31^1!^9AIFrt4>A{TgyD7CU
zAqnl{C#`TW#vU9Jh+WO>-b^@`c3+BO&tmVv-+RY*=kOdHbnUi!U!meD+s9&XaSlXn
zdja~B9SxWX@COr#CQ^L8qeNF*9tG())7c@Bjkg!s(%9(Wm7Ml|M!|(E^o&!?78(OJ
zEU8Xm`B|;lb=4ZNbH4y_ASfP@*<$@YQf<mEi9JxrZc|fGEZSu{J;AZZGx3YH*@Qf4
z3CsHhiibVt*L`XY`=h^G^zcYPkWx!I(7K8#a6lvCC*4EcUua!u42D$rpL!>*qJv2^
z$a_Lg-}oU89{o0ka3z_tVM9r62bEK{IsORK`rl~D4nK8F<AgDgeK>THgXY2oVXcYJ
z@1JqzK!XT_E*Lc;6BbhKs+&v=nNfyZln$(F`2p1kv~jf5?-gza0b>~~vn{Qj);W{l
z{Iz&uFW=Tj&H^hhi?>Ys4G8Fk0IlX$TLl=6(>OA^?m#qRW$lZk;PZ349v6k`Y&#EU
z-h_{VBdw@tOf4(E?HYx3L04fA+OAViz~Y{OC@-Jxc9r(wN6o@VF=wjErLXXV)+n%>
zfS0ZQD_jnUs_8qKv2*rhV!mqBZyMJ@7^;rbP<|!pfYQv8@1CCha{9PB7H7)NT&RV^
z%^_^dl8*O|QWHdRu-FrFDWf<2o-hvVCyfveXnD|u6Q(|V6xGFsvIZ3TO;PXI&76rC
zEh#*s+p%#LQ{hGfj6D1OBFDpN+5l?iK%b*<a{W#+3?6J@%JS~l|9ZzUH^PPkPl`bt
z5V5@8O4k(fQ&`8|3#<@|X^?DTnNBWc|6Ma4%jS=VreC`QtjXo~Hdhxh?5=kWG6>US
z{NogchV9uZbSNX4Fpjt~kijK;z`Kc(S0RE*D1<bpG$XzQ!R}oiVwH&z(U=4vlG`xC
z1(MYy?)|eLGXB!^&KLU&3WK)}O3#fH_)INo?A9E%X0<*^KWmM+aq#>?B!<x6rOwM@
zc?XHuyh7fsauzHnL!*>*Z@N`4mc`|Z`;IhwLjfFR<QrvGj2;qP`=yHca3F~0Sd+<F
zKE(lH{Gb<>8DEiB)BQSr7SIRhQMi{F+P4)*&b2&RTbPdpirxvc>$HSNwn40<%74_0
zFbOJ(WO)P$s?LH{LxMzSEQr7AP!ebAQ*cEsx(O`ONzJC9`P`h@kgCC-D=gY%HX<}8
zhm}*RiAHWB`88d>1iSPew^UHsN^N3ojR{`~;MI2!J0TT~a*)>gm^~)b$z1!TX>cdn
zn|enUlMHMCpEfl0MEIK(oQbPM2Rw0Ih{R!%Fpf&Xsd=tgW~^oTVkhBL<k{AWjHwu&
zV}}FIrRMqhT@x^wf~=3Jlpa*k6{FnGggtmMa<XYCCZ&kpRZJ9h$opdjiqFNzo_q){
zXMaojb_QzBED4xd{zzRvES}=StV2<5s0ZR4w%@)|4@Aj&SNJhnLqXUH;8)>ly%EWM
z@zUuvCIz26cmlIu=NBO_=yecYZ55R06bJ7`rFqr!;FxL(^$v;|1T^j_0M@v$y0E93
zwDP}}=3i1rDuJ*nDoGaOuCXHW;iw4?H~ukUGExJ<|C^HFe`84SZ&GsBRLy~-8++DR
zvITav*-74C9>XA=7t@akJ(LPk{Rrwv^w$&0POrhS;91uJK1qiyYJU&ua%25@<^BP`
z1naa*<~Tj#un4Dho!Yq*2AuY7CwSQe`ZgY>=P~t*m65wh{D!OHr#I0FLKOqhwypD)
z$^y)(FH886{+3;FE&=$I8)H4jXO`O4^%3rypxdh&3o3)au}ep!OpHwQ=VAs%mCf-W
zwZa~Adr91%RCE_Kc}SB0LtTI2uEmQTGm9;vdteJ6;pXCsj6EkrkT~(&ZH;2N-auU<
z-4q7uCU8%y$BIJu5;er9=tt!ZZ0)sZ0Ea@7NXL_;v}!w66JA-f*z4P#!2c49)1ybw
zgV}P`C2PsckZm}Tp$Q2TVc_vd6X>1>vM+s9s8GEZS5BZzla$-hVDW`q%Wr=*v=4fY
zp3G7nq1aD8oOy6q;Zy(?cDIB367S`iG@NI0Kt@!r3_{CN9dC*W=OJ`w?)}W2t^Q}>
zh+Rd;#ASep?vlz9!dFiaL`SWWip`y!0`|qiVKW@J0lpnEG57#q<&^ixjPh>OqBqi-
z!Bi{#aoXdM0D^>!0wjjNNe*!uy?G^$`Ywh%K^f!Kve`w=%da2N|E7h95EuBwkoL*)
zv;~_ocwM~&aMEF?rhvE+$<h2K(V)Q!pJjl>+sw-EXeU3LPVL;9=Vw+nQ#&KMI&3ks
zG(Ywmm>xyJIun{lEg`fmCQk|!iDY}S^=>+a_r(+-*v<cM5+e@QvI73)=Xf2G4jsF-
zIFK)s?$Q&Ps_EW;O3GtFdP?&iN&hN-rXyXGF57lZXhQ-64xtDS=nId_fqcd;i9VSz
zM5Yu=4B9*dW;i%l(o1^yUl8)u<bM;TF)f2_TI~pwx&b8}7E4W8P&%o|Jy8(+7|97%
za7gfI_X7Wrx)L7bHB2+hkggs@mMtd<lI2xR6Fz>feQFI^GT-a!T@)B<yD5b;Wcv^S
z1b(WNx)?pbq|qT{$Ykvx5y(oyegC8yCs*mO9O4C4&yVAomg$f@q0y7QHMwC-Awf8?
zw+CxD3eSElREXrI&z^5G`mE127$q#iUa3qmH%P!6oHfj(W8ei0)-vg<f;=~+v9<}Y
z_iD+4PFx`)k(evrE8>SefO7@`HwXCb8Wf+aOL&PmLc*pSM$vKJmbKLvxc~?kuKB=~
zPz=WjDPwcp=$KeT7aJBXUK4sn*y(+@JT!n;TCyI#cwN@LUNcG4Ij@j!$r9{Zh{h@+
zn#t0KNV82ifZYhbt;tHfh-R!(<+J;w$7g*^k1w&;Oeclx?1&V5I3!h{U;qai0hBTk
zcd68(;Q=%jv9?9USJg>V*0hA(*){PNQEw<qMY|jB)$7orrthcSq45W$5)GOuV}ZqR
z7H{F(AFiNOZ8sUa3iD_QL<<g;QYA3YY&H4<70@gx%&w$Hp%zwq5n|Zt;fpU~ANvb?
zwI@Xhv`0{|^&2-cck;M00tNn&siqX$`d!iv{RFvYYE=NCB-I)6NWPv+D$t%k|4xU3
zbJ3u9Id>(ARY7E^0|=TMjQt*u{0kloG{ig{eA0oDy^&#MYS}VQ80k4j^&*}7Zp*Sp
z$lsG4Dh#s<BL+@xCS`&*aZwr)Nk=(FxYlEDjp^8Z4!lrB;TUFe6F>%^dM|S(tVID%
z9Z}{8JEMb)f7Qg*mK^~jLHaQigs9(oxktx*;hhP!Fm^M8$Y$%LtW(-=r@gCwZzka=
zjcAHOr^tAGUe3!d7@xPYkc`O0MlGl|Z^+DJPRzf%*`;b`6$3IQ$N|IZp-$PSc%EDx
z-m4w(c076gzVrFrMMZ)9eza>B)=y^aLxR(=Vn$MNTU|-i`GM7L!AK}VTMt3v-B8sK
zbICB0Y6mhe6CAR=c~Vhw2=a>#K`S+Yx&wQw_?-&^VepTL&YX4FsA*o(9-||&%eWD*
zkE2tA_$S40v?cg!9VhdrHiZE=)KT|+nfzGZDfI*@*wY6c_7q=(>JJETH|s}|-b1*e
znK*^RA~E7zcgY-;@Px-Wh*1C4-BaF|>&Zc#mQiFo75wc4+9q|AzC;B064j2kk@D<<
zQBXb7wVAG|T3fXt5vv_CNeZerQi0QrqzcnqBo0zJ!rc=dfuIPk?1`PRSLd#U^F{-#
zdx9c>>n-K#zdcg2sB1PSiMKxNR3FO_2c(-~e8$n#ZK8VN7Z}cRx2cxKkxrDn(WJm~
z^m^DGv%{sdC0AyLs_LjI^~-yRn5frr=-*ta>776{Pn7~&{l1D#<JJu^?@H5mRjeGx
zTN;!|OJyAJy6f}rp=Co1a?k(rQLG(yaaVXlE-d)4_TmVQ40eXug3_BnbV007Xoh^m
zI6f1I@EgZAP*keysJO;1D)E_^6t;)sDw45`+q~G|`>vV3Tyd$y`D?a>yq8zaGCG7}
z+ezAql=@WqPjx%EAarT?T6MC}kgXmVc=scsUJy#F`*9aO-q2;Jfaqxx09W0zz)osr
z%u|@fTy59*v8HHVG>cAR(2V0s7g9S2R3T&rLQT~gxq{aZpDc<YC{lLxy~77CCS#j3
z`9`%NO8du`qgAkXto7+D`u)1Yx~o?a0kos`{?Fh+6fWx{Lp4lWKixTOTSpvRi&nb6
z@UP69pK_e4LGdUK+oe`erlo&I8Zeyv)Z}klf?r>JEU`@#gKK(5pm!F5?<s;uD>La8
zYPj1|7~+vdODPATtkZPusZqOD)k&DS`_drnBIIqKF%=vJk_`W#gP13d)!#-?6a02t
zths7O82aiM@6#)5%qLy$vNdrVOxP-V_%^G@6-)Ua(fxYkOM04`kIMilH9}qGv!_+j
z4<OHJQPQtxH6yofA*&ub)Gqg!KBwqry29jKh;QpWCv;G;zWuk$^4EP5#2aItf9D01
zb(1&v`q@llt~Mi7q%wJi=Eu(s;&SfsOcitmMI%*ngk!1cHW+7#9DK8@(MJ+F6S0XY
zT+E+`Q-YXz?2q^dPbz1smuAE8xh-+b%d5K1Hp+;}&>EzK&=&`NGH~H;Q7<O;ciWPo
zsT3gTX2aPh56&|F$`g<pW!J?X)^*lIUZOqCq0r@&^-w;rIrbZ{p(ZP=t(WN*?oi;7
z)LgcZ817DzLb>-+5#WA_v`>C%3)iI|ol>JMHPv@oOXc$iJEh7FOI^3U-QcVu$7frw
z_y8Wb@F2Yy=^b2@25p+tpi*6!8-xE$cg)boKy!<Hk$9_cIWyBD>R|CI2N*^agQ34!
z>)c6g>ju|i;K_4!jSbFstwU+I7CULSUq`=vzA<v47K%sQUyu;U!ilke-4B&8nJ><(
zLj}@zNRyaf2KyFQ@Ry7}UWE1q0@`;UU{{tp#<I=bo~Vw6Tva74<+D~AR6u4wzdb|v
zBI%ksjwyqBRtYdFoRYC+0}oTthCO?h`aoJ~Kci8hPRwswC8;~kI2-&1Ppm<^oEh_k
zztQ;DaTnC~-sBR-8d$pE;7WU1B(jmLj{6d9X(G1p;6kp&jCC17=zWAzOo9#eXxj;i
zdQ5PVg!n6e%P=;NEX&zU$gP*PfZ@`WdT$LHzi@@gJgC&9p9(E@6G&eR2Xlhf62fsi
zd>8v1^DKh@Dv6k?QrcJ&r<bP~sEDIBu_zpULx>*-ufphQ605CvBsQgcQr%l3KsACq
zl_`sP8za$)J6DD=*ScZMl^Dk0=mlPiwN~!%F^nQePeZmz8YWw~8wgOx_Ku4UBDh4q
zPe*0`Imz`(MDbDO8^{4o-C0s>MkqaPl>4B#Oo+NQCSs5Vw4&;othox~xREQzhh+NH
zimkJUuqBBYDT@*<nr>ycsi;&P75f$~n0(3K`R`YU?L)LZv5<PB!J>&4T<>bT6(%Z9
zAcv#fa8VEsAGJ_~9MCc;cplgIxh**+&$egBW0~zC)>CeI-)3vBZ`WElDh`rg82_<b
z`$rv<%vvWx7eQrM&Oab8qES9IN)8a;Jnh7WL`9~o2aILVh$#qo5myoZSCrzlL_($x
z{Z8t^O&AYLp_tJOC9wKb;ZtRfowpI(vaA<Ee0^<muXEOhSjr&8v2}DxbKBMyq>X+(
z^xY+F^y54E`9gK_245b+fikY^Y3B@{$p==S0#<6eOWm<cwQr+!aWGBfjRZ12RtFYW
z*^m}l&WxP?(~qNy17W4<tqzTqMQDv*vC>#Y5O(k{80IS@oFst?SyPag{k+?|Yh&`f
zeEQ1XT5AojZ;O@DS;|t(vWfCg`2KeG{hKJkdiS-gG_6NrtAFsHi45u@_A-n68SP@a
zjoiaJhRoD?^Rmo5enT1^rRFFk-2uf>8?)P1-XElAn4zv26{@_82g&<^EUg6bps@4r
z;7>n94-<%HcJE>R>Pzw~KA526$rmU{<Y`a<;UsXF?xQnp8dXi3MisfS5wU-oJaaxG
zkJp%AkFE}fC@pl|I}71W)IxZFR_jK?_F6{S-R}iF#t_@amk*Nd_33xEXcgCTdJUN&
z=}~+RHTnaK$n?DxC#e>>(eeI`T~;zI>Xec@bBU_m2_s!<bzmnX)9vFo4T4;FZ^%0V
z{wU+vC%M*M6uSvR@{RonuqcOkIuu=ua$VY_<TXU%`mwGI*IYgK%e~DE5hWFqP)y&J
z?pATMU%`j_rD=HP{Zgnl3OM<v6M^LIMu_~<$h(PJFt&R7S37Gb4@cqk%Q~?deemIj
z^}&@1mU6hLgRCtT_P5<g=WW6_mjk|<PKTg;Hc*EzXwePU7=b^e%db?>GH!h*kWQk6
zh!>hK%S<^R+ZL2J?)~lmBkw!A+eXqg{fqVxVE!mka5t^Q6)E?<{RIaEK?xQ}@DdEx
z{Q7-ERUuU&P*U&A?wlT5mc#^9)tjCWdRr9PBnRA2Cj))~7m)u`#@DJtmMT?N=nI&m
z|LFRi4{unZEyopA9OZ5grM>bB4ijGD@Wc;CEHkjcbocO%H_1!0Qgeto7>#EhcY^ni
z9+`N}XY+)R?NzYXHq5BT@~$P`RLKNKN1QULZ*s=dm{OIu$C*F5Mqfbl(5**$a$-;4
zqe0UmCN{plL0e;zm0O3QLFeMjv(OqrIIF8Fhzt#?Wm;P8!8yr$aJJ7?2mUg63Abk3
z;Iaaznw4Zm$KGzIBq{qjywIo!8tOo`cHAbYlj=O>ZrseLNxjmU=<bhOiif0e!~hT~
zFyWP#P~rI=5<T%F9-tmq_fubk=9*Q*5)s!xlFckht53}m%zwlUYju#pyAJF6ZUael
zlQh52W59o|bZ5z*s>;r?t(^X6pkGPREu{vp4ktSQP}q!hcCZ!O1U@$AGy<y<ezO&2
z3!@a#DCwhl+&3d`+FZts8MucT7xK6L8dFGf_3G~{js$gmq~~9jzHoanMZJw$l2#j}
zc;CuMJZU!*l1X6#r;dwvW`$F3`R*@PG)E*P_S{_t{i&-VV^q<YPovIT$Nl&Le+pUP
zMSK%NZjfBo?^dVG=A3_mOFzBTPgHONJ6yrXog;|LCmgroa4pb|NM?d*M^U3wXH;e5
z(HPVx?-bj%o!O0yOf0cW&*OlNh&!32<K~#ZrKS3!PRCuaZL9jFcK7}m9YWHsEgO*5
z@)Em~r-{jq${v*=rfDNBwXV|v-ugIYDjJb$LT)b)5|WpwnSu<>0Y@sguU3!gxn}gf
z?j2j*yVzSzUXR<i8-;}{s{`oazvJgEU13Pb;Ag@$LcTmPV~u++%Zw$o5F~l}p+`DD
zFZk(Piup^Fm1p%O=K#kenk=`WG`L%S%czoEW(wF8CEFY<t_O){#S+dLu+Q$!2-r11
zONLjg)pZ<4sGqy6B2?t$RUsvYv&4sBbKIUGofm6`yf@X2EaeRCLa1qi(!ubwi<7W0
zK{302(lF-||MMq$dCJzQ1i(luW@s|NW^O}|<Pq2zD~D7oijYvhtayKND3XgsHL*i~
zzVJE3)Hn?gbhe4X7=nseGLBaoBbzZOB4L8|B43iKa)49;_fCz2Wo~vw{>m6H>g2;d
zJeu~}&Y#I+iQ$^Z<$50kaBG`)wh76t^}nhm$r>VHUG+YKGcexgRq=Zat+)>k9$~1d
z+lu!`>UVlkb?Rbxt==07-R7k{+o!n0`N7*Ct|W#IPSf!sehaqfpxdXfm|Y~JCkpKy
zg<af*r?|pu<yCUa`hHCzsa06ryRbW!P}{48>)r|?Mq!d^)PndF@1~EzUCZ9pRh~?L
z&;ZEL2F>vP`g61ZOe^q)#6KwjuVrpG>)P96@gndJ(vBbf>@JRXU)RgmyDH~o655~X
zeLqvo)*vWGrPhmHE@n^wzu;%7t41=7kIVQj%N*fF<T%3fXi(H}xH#VH7p8^LMk>o$
zgv1r6r9_Vu^^<fTrI(z&9c^_zf~Np(9HCt)^E@jAT6LS9oAXVv?oIQ=1~&E@<hy0T
zCqRc>sG3*PuyKPv4|>N|eQk1qigNAiu~KlYt;Q-a+gZEzId+C|nDb{4?OGAfXN~W4
z`8r;?g|q%Df4lign+@dEcm^&zA8GJ;gex!U{m5p%kgO@(@2B}a+_L-9gue=TZew@C
z=UF_4ir_bYI+R0{;4EywpT&jCSj-iq>rHC48i27B215&H9AKu&As$ISWc)4yoT_6+
z%Ak_vG`pEm1MvYi%4T<X=S$ALiO|Qk>YtD-MZ$$8A4ph1=vxDEFne4nC*KMgQ@b1g
z;X_01``s=z6V%(<)r+XrT7Wq^#Z7Fc2PcRm+T~R6TQowS;mrR7F?`Dk-eeB?Z1>gt
zB9JI(xf|M?9|T7!K7oYtW*EN}EPjb+l!%$kt}E<mt@I3`c49Q<?XBVOX}+^K*VsDh
z1&XZ!jZ_P*xr#U5NprSt7x4hcLm(n+n%7Ma!6unw$tq3K3c<HXr?H00c)=IKXwK~W
z>0$2nX_>&9bwirVvv$`yT(gh>3V787jhq$YfcO|Im1Sle5WivojGd)+Biuv_ESyv;
z7i0^1ln^_pwm(b3!du!QSA!hW4Zv=b4sCW^qq#i&d*rkAZtx1q1*~y=<hGJ>d?d8p
z5J$37QHAdNg`LX2zgPb3nq*NI6lE)^Dv9m5Y2vEeQTmRE{6JomSuWG<35w}Qx=GW9
z<a;5DBYRq;=l1}alB8$kG_y|llc5lAz|XaC`+}1X5dc>E7*@MTv1#=9gbx^HdN#0n
zRUYEd>lDowdijZh)un&SmV&c%o}&|_Ey)jfKZ}l=lTE$Z(W-}o<LvEMiz&9VnG9Q~
zyUeDio%Dcoxo_Ymui+*^xe?U}#a;__HV8rrbrJmpkC?Ig5gqlRu-?GT2<0&j(<QwO
zmXNaJ(5F`^yu&7>Vt2FKx)C83st>1b_X(1fc*9X37xrXez}rAcvOK3qYrFc8?k_0J
z&b@U&O;2?GKoT0y)9G6@$*48f%V!&Q2fff`k3eM}m*Sc-FxfDdy@a0#j2#j%Hk^^S
zb!}h7hCr3btM&xf-BUs^4Lc+pSbBMudokSgs9l2zLln8kEz%C$APN)VAKmDj$9szC
z6d$r<KJA6<cT2RKHfy3?qcEGkfB2VWBe&r1cuRx75dz-u8$w!Oz-n7o#}7|oMB9<i
zD!9pL0^lCJ7e^K?9PH*UWR4ERyLvf>T-!(dD|c5)?V{#6%uupyCDtU!rYebqoSE{N
z*=tHI(wL$a<XoGWa7wV|#MbkEo1`OGT0|~AE&fmuyn7jf_je|E_g!Zsx0Aza(zh-l
z%VnpjS`^Xh1i$@22u<jRq{Gr2*?@1>olJQ&lT~H@RdNj!?JS$sr$nLC&^g4eY~Ix}
zpsKsEgG@J;ogEssW7p-Iq8)`C!V=jr#cs5l8rBX+s*GH0{G<-5CO<J!4;CL<vQclO
zTEV(lmS=XnMt-%EKaz`9mK91Et${XGj%7;DH?2EOEXK=?<E&mPMU7{I7|Kq6I|3b5
z3y?Co9gu@fit%7Bg3SN8zf#`J>YOk4jq44#+0w7vQ_#S52;OPf7aFnMX12b43<p{N
zw%=|2+aRKGVk_L+s`Cw$&`UpCL9$140u-l4)nmV+V!*@%criG`X@DgEuuMtOQcN#N
z05(9$zmicP3G=)z_xEVv4tg%@tS}XyhUxI$qP711=!RRCb%SDvqH0HZNs$qZGT+ZS
zg0zt<um-};P8EBtY`jKhHg;KsNo!tdb=XIls`w|9_=#eaBzVmegGBsO^Zc`sc6)-p
z$4<tQ1>OjE5eF_iVi)3C1~7t0M5#W5^pFY9HGakx`x%pIE}9ZREh&FAo1K0&kAcJd
zxdp2~J-RxDEpMkMD%_ZKL1{JXz27x?bGGw^O$d?c;+$+I=46@6KSKMXnELXS1BD*`
zutGPqwtBF74{$0k5HP9w6>wLH?hKcm1^Cf7mTHKu`_s1U<UKhA8@NYMD^Yu5v=WYD
z(`bI^)0fk`$a3)i^gjv#T>qoPq%{z=N&2$2Bd-xoPLS5)2wrXuwNN1tMQ=fC{U<k(
zzFV!ia-Ga|lC{By@d}Ommo>A#Eb34@*c-ZvHPpBTO59v)z<^qK*O@-(4;TJxhBH7?
z*8382u>+Y~QHH507MDiMKy~NFpzgPJhSP-RQo@H-Q}9U*#Da0~hXzugrkprGF5$b_
zdNL&o=_RnxF9MqnfpCrBS;F6RcNN~F!@q$+bq;5HM1f~|xO=T2*A6~Ru63TH5J%gH
zn5F+Hd{n#8n47^0f{O+6)2+bZ-d+rXLiU12X!QKMSP8VN%|59TfOnAe7^&zZR86SU
zV3EW|*={6%3#n#~-@-Sii=>Sw9j*3^fxbGRjYNy3WLlD4goX8I_3wAtA1{d3y}Ubg
z%*${18Ov|u;6<@r%{!#gKFSabU2?MFl}i7fPbHVO3Dh|was3Gzzy&0|DEtD|icX9L
zmv%%eWZ~L)4`m&WWLqt*KUL{Dng<(idkCqAiO;+B5w*10p>M)B)Zdi3&J0R9?u7@N
zS^O5b*?0Jf5jj<$#Bf)a)An4_N5QEKltA*IW{#|O&exqLGw};|;d1Zo->;7dd|1(U
zi2>50ipW7fZTN`qLT~i1S9s$LOg`nXpb9b21pC%0$vfv;X2TrWklF}kb=&k_9pJhj
zY8e4JBP`Sf8p*Q$k<1ry%shR{**c)V)Cm{jP}oLHe?UeuaHZh`+#yUp`w+z5?9VXk
z(uvWu+A^>JZ^#WttU#AO6+3lVebhWlUm$5FC5a#S0TQhS8j*MAG>%mgGj?6qY}bWg
zGwH;IbFvWs*c>Bwn=j-9q_KSzlujnMmF%kqeLjO`@uWhtNONAKB}fmKqEOsWs#Ayk
z`!A?<+^t>~Q>U{IF`H{u#7Mdy>>jouQm!P%<&4yP-TS@FgDZuhL6{MXp4r<Q^YArg
zm6sY5HVVRfJk1VBg%-0J4VEd@FwP*&<fN4)O-aIGBV<k6G~1LS-UUpN9HTacG*nw1
zsq0agaHQXFBxORk!CMFJ%MvcO6X~8)E@G`AQzh_1zMFPd4z{pzz)TGR+rcTo7Kot9
z!*VYu2(WfQs1Fe1;_}Qb%_=R3`rX}qUQB9w+>(sZ<>US@Z;#R=4yB46f>hvewa9GG
zu6%*Rti+c+Zs)JZ!zw;+1$=<Jm1U7#T;Q;}`>ylw96`<MxFhtWN4$z7G%f!<P*FLx
zu6oHp+tQ-zjYDrj6v7QaQ6d7{@EEe1NhLHbi+Tn8n#om0X+~3tQ*S7p4CDPTjLVeX
zwr;9b#U*T3;F}~n?M`9Lz)`1&%+Dp>TgY@0pMaPK4)FMnW;r>d3^N3wG@2Pv8|NT!
zy@P8~vtx;=4g#0X+;wS@JE8V1p`sV@L}B?e(PZRGt3mjKuqZw)im_p?ldU0XqQYxI
z*gah(1X(>P^qUDJXBZk~W)Z!76F+At-|duwZ|;{3PhVU`c5fg2&oP88#|P?(2NYQH
zv{K3$APNW01T0MWRBotgr1h6+E^dVI=7ycMZm)i%pAK?w<3ki~ANLQ(C^D&$XzT(c
z^3nYt(k0hgLfRt@P25FVCN3dsh?4knio6mhly+8=V+miX(SUDu4G&8MKq;UOP`t;W
zC3@L9mpypdmtgCjScE-f&?3A?+a+NF*P|BU?EC5QZ#K;O0$08fjin$4K`HkfVfBG|
zZKk4=0+2r#*-1KBFW6~@H4h~Ll#D;_HjF*%!AA?B*jFL(JGN*v_nD<<ZS25>>NaI$
z!1a?TZO)$&9+JsIhyTXAZi}yrXv};%5r%DWVA4R&kKzR0H0(}2a;FSa6{a#%wQjLF
z!@?X+Nc#AhB)f3P;Ck()N;!Izcx98y?#^H1W3>7Shwb_uuE24hgr^{Sue2^KK4q_4
zPK(^kU?XRVR+xz!?SnNJYjm|*u~$>`dsDyxa6hLVFjsq6=PhIA$;oNMDH_Em?)^Bw
zE*g`B&QK)X&g>NGlaT7uaO9SNd-Y&E68>6~U~ag54VSR3_dD;Pbxh0$2?-_Xj?yzY
zpQ~Zd3ifOPu+gb+yUF08`mJp|R0l$EzsP9LcTyqZ*0xbEb4Dl|*&64Nt+WD`t+nc_
zs7g{ryo-&9d?`>K&j~1u9M64;G@zCdUOcKcjjXU$5;Str^XU@r9ox<yC=x|tlUODu
zVyQ$XYlczvKdbbp%qJlVlu@B7-I*r%%6D;+lx*Miroed3q99XG6rF&--ow1uTmPVa
zd1KjT>cHWK)2c^6TqHjgCDbH?feC?Ej47fv)N|(Zno<49)1-^Na5z<WaLsUwM?p1^
zUDfD9<CFL-v5!g@$oA42+hq*w#Nk>d!pIAF+!E6xSke7NcEKy_4(nux`I@+!<Ru{!
zj`?8>zpa<1;1bPQW^o;|lM62eOUozID*wH5k~u`#fb9`3fQMNGq|uxax;)?El({(#
z5(j{@Mks<RfA$N62R;up-44Kz*99_Jm*-|$ggL5f%}KY3t0<zE!?%2eZH<p=5a;d9
z3b%GV-7<@GqIWiHl*C$nk*B)Tgy4i`pPVx6wfiFuw^z{%0?S@EqF2~}%6v;6LU}H8
zx1fNZ6sq>5NJqv{LNhEJyd?{F{-@jgYV%P3A?D<O*T)KVgFK1$jL56LzGZ`&C?b>0
z^lDmLh@;*YhOy}#-pY})dSNlpj?-qahta$OZ<d*jwXEttV)XbQXz^eaLq^><Y7=GT
zkgK}N42j4em<?cJ1)D)MxylngLVfjP9xILMU?R;PgYltsXx2>POf`r#AkpkhCS?<9
z1@^@OLj|hR4|?AfHJjHa4OG3iz<mw8oz_E7gA_@z5oRHJxUKoHWwA#&#&o#Z*Y858
z-C+^>8}~`+&lfc-Dj~oZS%2M=)2VQ<r(pyx`MmUW5gqmk9@M|TVyE(UsWd-KkjQ}k
zB~@-eS4Fp<D_1~c*e>$AT9}+3-peVI*Tv|rqJ9~4CsGS0wF6ruGGb5cb2{?H>cYJ1
zyEmB7#lphCQU2i?YB3E1#%adiz*7;D)g|Kabnk)NQdSq6ABf<g_09pkP}$<(?}XY%
z0;pO8mq46=7oENL1Oh$E$+V$?jUVOLlXO1bsihwqLALV3rI7r>v@}z1ifJkB(w>|W
z%ZZC$mgKF`r@E-|R4OViJQ?zZ2YH?PZ!V+=aN@Y+Tt=FL*suSTO*E$ZjDl^;0-*Nx
zBjoFFA8x}9L^7dUaMDh-Yx?1oOvn4fC7o}lXXA<LW`PGTEr#`xqya=q&FiDntj$!d
zGR^f%XmwJkE<)L!=Ai`NRuRU=NZz0)EKo!tT(lYpn`}2A!J_7UR=uTAh(>zgT|pGs
zNqlb?EcW3G?Aq6)RRJXjhEfy;>iA8(A}dmtk3H?oxSvqFNZrXXw~z4M|BoXb5;W&c
zqnW9;r8!Mdr2{)H&hJ+bD!X8%X<fl*9A!VcS;UTU=-xczncGAg!%2G(yKsw;vf2}X
zrBBDq`@+De7O0Z>78(nKls+iR(wPQwC8pwYjh?v~=7cIn@p@f$AJfXM)L4a_8^@^Z
zfueAjUHo1eoJ@T(UAuFH2R_<-q|=~J5e}`AFvv^H4RjK7LzI{sm?h?*MjDqS=K34-
zEP-1*b!Va@soiSR<SN1y_wM|LEn05areuL;Mf8|_h)E2<=7pzxif6cUS>>&<S#c_f
z*}g{Zrf|q*H6D_<W40@^vc|TJlN1_=>NS}ao$<Zt!(tA%MaP?49}?v!`2Xw%A+}HO
z|LRWTCfJ}b=Jal3kEl=R3%{I-p<TDAyC*ZRT*z@Oo2Z0QfKA&3CwW>5KjqStLS=HI
z|77D&@-+XW<|1ZtD{&FUbyLDVMT5jV;k%}tJ9r}?iq&U8O5XZ>e%xV31OZ#}iM59r
z%`TY5g<qxM_?s{gZ8^Qty<SLsnoRcifk{ZbUB9%nZwe{Lue{Qqo<3CG$_mQ5OQEd&
z-a?S*u;0$F>)LDi%J3zmFK&Om7MISo1Nzwz0u?O1q&oL0Dnf{oO9LcAl{S1dX$3G(
zsQAm)@CgAa$>DJiX~qt!4}JN%m|n~nYkYgF44b%;E2}(`bRWJ4`eNfHZ{pCq*fpn9
zw9IJ&QR$1|Crh}gK23(RF|V7}b6ZprPkE?IK~K#XMvWOO97!nS_l}M17Mls*1rLR)
zv;JILvd4^YovEJ5HML~tB}uIsoetZq(@~h~(cWIs@wzIu&_0J?xoSQW={ZOa37!|<
zM+7yU`8S~vJdE^qd%C6TKayN`;pBj1ZFIDNXW+&o-bMd)zdc5UCS+fNymLP3O0b}g
zO03b&{xmx{yO&DY9N2@PYC>04ChHvy)XAvo48nF)wrR~yNy54-|LBWF(#3#L2W*By
z8Qx~5B9Pz-(^aTXvap;gw6iYMYLbJ|k3W-1`uStrTr)TPtI4?`k#lkMz^}!{5dL}X
z&L{5tyUV}T$q;qLjN$8%KqX1Iq%9JtM3|`1s>o<-YCf9XLp=~w<`6cFnW6D5{2fGi
z+Qr8MY&kmoZiFm{>TTzULmxZU$!P6mA0K!4F6dx9XOH*U8E)cJ*lcjx(kw|cIK?M`
ztLPokgd>%``wTgUmQajs<WAhXi91>R_sn5(ps5lo8k=!=HeyRItrTGe7L_nQFBV~q
z^Kjgta$E*-X&|%oIgYQ&M|9Rwe!5)+zpX)LR)kj9fsexA{lgKC_-PAJdgw?spOmZN
zpaN?HZK$z=GWgN-$FE--s@iY;l(!F+SxK3O^wwNgB@l#tfVYy-6)*qzoc=f-6L6j8
zalf%09WP9$9l}%aJRi@)7gz(3<(f<R!ImbqnY3y|1sNf6k6oL#Z5!?NU&b8lAAu~i
zrLGP6C?=f@IO{1x|L)=(YMUI?kwa&T7Q&>#<;|q-SSjNWnz#*(AODRnml?HT^$50c
zotYK8D<)|Rcjv}c4>mq{yg*<IwM}((5PA1~UxrOkZ}pZ4&5cGefL7XL<2zFIHd_T2
zqu=G_whk+F+qC!6d)XaKMY?A3Vq<-~g0n<ic5EUg+DU^cu<0hRJinws_EZt%X0Ng_
zkzv`=G~w_X9}_5564($sIj`1>%{3=pR``w@6kbpwB)PIW`1O@Fq`y8S{ZgiR=q;7d
zqou@RFDH;z7uIKpDkr4dR_7XO<L=)fCOKl9@>6iY_I;{&_heQs`55m^kj~`eU}wc|
zVc-Zh+Bo|I37+^68I9Ex`|f>w3S3;sym6W2HWJ7fMn676f$@kUQ-ZVhnB%O;-@Syh
zcJIz-bv=JQ)Z&-JlVFj;84Vz?Rp~*Vy4b(NZG9tOt<NG~>hzRr@U`|&xI=g0I>3{U
zyQ{YByH6BquU0pCxL?uSrIFwEXaYx8G$A)l_z0CwxCY!y0rUqY?t55GS1Ie>jlM$|
zy!PjoK^pxNob-%`fiREl!NIxSd%n90U*JmC%Dd;Ha*r8(GB#fw7O!DKQuDm(m5wq&
zU8dYQ|10p`R5$%8SUco3oR!=kEWOn-)Kdzpovp3z40UyI#`O@KUG`rns+ZKPa)m`p
zF++KTftK-*=Z_U>-*s&^p-o^&MoQx7jiS*Y4Mr4x$ZMIuacLydw#8Ax>v_Awr3dNf
zOS!Yqmg|*q4>7hs>Mv%$RH2rKA+mLsLg@+^vrI)cax(;BS(DLQf;`_yq${_ot?TgR
zd5ccX@Ye3a9%RrKg}q($e*L}(wu^Z28ay0cYc$reGn+wzi0Kncwx}%gEqHf*8uZni
zVoi<ISic3HJw7843sw)cid0?uaX~1$m^rzM$W4-<XJ@BYNE<jriMu+Sh?Rw?LONr#
zn?o<8Y%(&?0L#^!I3IY`E|uYGx-n#ysb;xUsS?OAtBYktfMaD=2~b9ZN(@+b$KfL<
z?+Ja<RT4{eCoHHiU2>(QSg?&ect-OEvITVS5*wJD6hvs0cnAwXl`-{}5cT4m&~*a;
zML3#o{2@?q!Cl20cx4==RL&8M2qn0mk0u@W0yRLb2ThrG6ZnxQ4ljL~r>$s8m3)}&
z@IkFQAe9IsWyS)Rx4jBSKLhgaGvT6O+_MZ}CA~wA>h1kk&dT98nUGB92zS|BZ{_U}
z`j4%5cvh=Vy)6`M=U<RG4SP<{^b{m;x=lCyI@CPbz@HuB4M|b{qO+6fIIZ%JF1yGV
zkqNLY7u$kE!1j>r`IWF^kFku8zHt4XbqWZDQNUeDp8`FqZ);V?q?5N$XB2h?gPyaQ
zZ444pdUUyYc4kZTA&0Rj!l9pU9s#N7G2&uw0qd<?;PcT)tswPV6}>DToeG^XxViM+
z<N?Ks^YGdz56!X2T|+&1l*%NQ?GrLwq9h%1EQTklNpxUU(i-<M4njSNAhRH29b@hB
zuooI=wsac$T$XWIL9_@RErWGpPiG-{^*AnGtD#FWMQS;HHpohIR2Uh@mqDz|ToJ^Y
zPCl6`qCh#{VNw38q9Ny=AY9^k;lJwPwJNHkILYuQR^jR5PNrLe!I3{5H5~F{CLOpq
zJWj?KJ;5oC*$M(XB>faR;h=b1Npb=OH*XexwBB{x_0A>2+f%cvX50A}T*Ty`*{c$j
zt#&yY-;10%Q|=W|?9I_;BM0uJ;EN~1tEK$$os&j&&E&E$yG3zVn_#B&ydq(R0;C4@
zmEJvi#4HSaApuu)_X@z5cEeZeJGNc^@-Xuq<6qC)Ll{xR6qYn(gK#c{wDIy|+6L9C
zHKe774GiHyxwrd&1cx8+GnLG%Uy+}%>;c{2rP?sWD{(|6yPs5!GORR>Z{P!Jxm6~h
z8dg!!QYssKE=KAJEQbh0Jt@GG(c`=TC(~%2QKQ}5j=A5IDw{f6_q!#+Ro-bBHI64(
zJFl=+sVw`ncs7KRhxK%=>7#qxCf+G<&l_(Ksg!n{-s><el{c}=e=o37I$);~RUPCC
z)%W|`jHYcAkCNAf)zLdTwltE&+Q>_Zc|bS_U$*f+wTUzKFJvCrI+wmZeQKsWY-j}1
zXUVNE>V{&2nWkf(QvZHwIaX0ISGr~12Jf)(@$*i9Io1HSdV=*Ni<ZRi&M&5Gz^~zR
z!|#~diI;fESp!)2>BAm^GrC8J%hZ=1qF*uN{ztjdRxh9Dmiz3ND{|>un|6=7M4Gb)
zu4Z_MJr|-2TsQ9FSHBx$e1VhW-VGCG-+v9^L*A&(rdg#ymp#GFQdec<3F&%ifjLbc
z)pr%H##CrpLkdpWaD#cx$t0ZHu(&S5WXmnOi%)I;QxENdxRyB@yalHfS)2Jnroq&X
zCngb_4COS0R}tzDD<B9Ci8Q@R(OK7dc1wu0mZz56)K>pK{4G`&+0WTnEi7T}-eKU!
z7!tl5<0DB(Q(NZtRgd1T8@)zO7eoH+B-8^YnVEfsG8i?%N=7^eYaOdAMT01?wE<#L
z-6o0K`9@RNtkG0~Iwe@fc)E??x*{23d_^W_xcC<_e_Ifs3p7GS8YCT}=6u0VK)w<O
z-~y0zKLtsD4}S+pcEZdAPN;CEqhBvv2@lWvAhu-G)#V_%{3BaiQ-*@{(o!|15|Too
zyD9aD2a0pA>~rRSy7C;aH+TPm=I-!_89i$L<SGlD3fQ96!EzZ(eA$g>2m{^3#y7oH
z$}wIDFS{qo6{(h*-fenJ$UHIER2wmj^ny}>FctNVHb;bX58+iA@kSZYKi6`2)7ofE
z#jH%HnPA>*{}=B!iZ&xXLVT!t`Gm=kV=mx`*bv;<;hg%Vf^c7q^L{l2#h8c<yaWfb
zc(Hr#Mjrwix}{h)3eRA1dl%PwQs+o}ojJV6sL<}LXrxqHkg`A`GV8sqA4F6oZ-X-{
zM~j$Ci2nux!cDqRs#}Z2bRC?gE#1f(-3Oa^pUcFo;gr(9`D?hwmJ}8s)VSF^nd%dL
z)}~bt;ygvU(%?3Li*$%g1bH^3=nEww{6~tan#W22)Yl4tT7x1mpIZjzE`2IG(a_1S
zf7~KbUiJ$vV{|BS9*uOEPP^<P#jZKo|G4<m#F?G3IPN!W9*hx9^>^3)S~yi1^_`b$
zx?FT<pG<XKpYk2{A+3O`GV{I(OPvO(CcOf}lNr0Q^j5A!KSCiCMK$)Jy<A>{I^=1j
z&&muaABU#lwl;AnB|TwNcv{+)RB29_8(@W`sZmh4oI8-BIIgn^35y8n(4QD_@Vob}
z$?>C?->QUyq^|o-19oR_R#I@4NvWK<b5sjXKp5R0KOZi~kjuKWG?V4}*+^~8Y97G{
ze}?tnwM!xi74e`3u#E0+#3WPhZx^9MHfO~%y$Gr`>e15}uxVChk)&Pwqnkj67^n)i
zD{l`kv!O&&;D9*u72~NVKA8I4PLZAf+)%T3OUuTgk5rK$Wfr~Q9LC8`4Nj&sP0;x>
zStA7d@*v?lJWy)e3`tx|yC~4c#Ea<DsR|jrE*Fpn6+JVm&q`5!A5m$xQhg?}sxpfj
zHfkRW@oSXz#B4rj+NzLg1x7J@Fh_sT=LCxK-+pvNN5y#%tub5WvzFg;=wl}LCuw^X
z4|(|C=EPvYVJOlE7gzBMBx%L{*_X776yPB-oIe{5{xF{nHmKy8zz6vJ#$?FUrxrMl
zOb98lckAHp7#j9cdPS=ttsB?>1F#TQp(P*Il1P3_NJ#F2eDIX9d80f8sMsbBf{9f7
z(}A&lVfkIH#>Tr`S{ydfCb8%XK2gN2LgTu;ti2E<G0xd%1~vS8O%iQNRq1kQ^>_Q=
z#ML=pEgC!zsAm#e9r{Hg0Zq{;x9k42EjxLK>%2jCA^*+6Z;w_2%RP<ehdzBdy^Aad
z|4;v$QU7k>ho>;gzL;s*j<GFx81(K#e;+3SDmNx&)Hr1_Cgy^bCM)H1#Lik1L5vM{
z6Y@u|p#k)UT9~j)enladUevtHi?)9VQeB0U&;TVq9#&i11~kiB^8o(zQ|aWcO+AYy
zC7#u}-=)gdUsmK*!-vQ66}|WPc=$7jc7f6$EQp0JvtpsOC@y7et33x(T0|OKWumWQ
zYg?>6-VnFch3iTbjh^SM^*R0!^F|Uu##~3`RNIS+RTx;}HH+u+=xA9XTe%OYS?z2#
zn=>~rGKTNn<gg0k%H~&-eOD(CQIX5mI<`O!u=lB<L~{d^4QQ?QeTw|K5&k8JR&TxQ
zIfv;y!Jqf>>KGX^n4*=|=Zix{bTj|&TFN`m(aCA3xg{or8qF=MpEArVz*sf6q>tU>
zW8_JN4c;{@`A^Ez2^>m+&#Uw^va)s>Q|(8pYo|Yn0@U(q=0R=Sh@+n%7vXV7cV1+u
zPxDyRdmpE_W_-fi$pphmvo~$s+6$4JEjL8}EFEir5T8YySD&>q>a(@o9BafXk=ZC|
zKDYYhz5`c%5kKQQcMOu0#g3^)lGmJd^lrlBErnN1Oun)9Fo*Y(4v{RjsS{tTiXy$n
zB5fHtNwsLcdwAHs!~F=(c~d(>mZa^$$+EdD-MA-7brx<UoA+9tpZQJJuL<1vhy0XV
ztiS0>T43tN;4RvLwQ0ggV~Ew<LIV9}<LHE(qcxciRqiSZsOSard{~d@c)6$NHN5|&
z5t>r2)CR1KU|E>Kol#BOd#CG!woIa&f(I#|Cajd)gZJW?2~u?c7)t<P^4J$fzUT>A
z;axal4~I$HL$Bk`r3CEImHkSg7r&>F`p?AgkvpBEI2?!XK|Xvtl(28SEv(8tPFu$A
z)%M-R9S_IRtxHY9d;YN-??l<sDCk?_2sbIp)D>Sks-dCb&^S-;<Mnh!CoxRU3>?%O
z6KY81w(a^zB)^bBPHRZC{Nkp_sMK50fQ&NYU&lNnMoC_(0v^PbE+b&SKzmcRsxXPU
zAk&uY!7lwRF$SXO)%rz=;(8$G#4MYwsD%~16oHO3H^Ys9yZ=mKs!>Ups&Y}Kt{c`M
zr89{8)2F}FZ<~4$dh~&YS}wcw{NW_Eyk?b_tjD@Gt+I5Dh)n1^1%wGtR!bDDC96o$
zAt@2-ZM4DLBYOq{L!B+l;W@T=xudi;oS~FHtV5s14pH5tTpk%>Qtp3rkdv|wX;)Vs
z+8XSq?sCcCSWdP|&0))m2`u0qgr*Kwbdd20hOM*{IWE_b5kqn#uu&;3Bq=&X8C$c7
z#`l>|q80A|>Lqlt-x2KQz10yK`B3A^S>^C~yNr+9RcZwN)#jXw*W>nW;<qs8Y>TqK
z3wvD&lD=BF?yc6_OCOWScLV-`#aPn<t^KSUMXb|`r5XCHYlvqT0?;a5jGni+kXPcO
zSeAfI36{C$evBCpvhj8T4r0D!3eY-m9i^qAb5t3)JgPFSvs$q&EQ(Mn{LV`b!q$9V
z9cC{)A_-!dN}Q20C0Z$tT(l&C-Fo&ARV|K6ED#zc796-#wIupBWhj?1t*8RAHfXnW
zbxqSei_~htBF(0jmD6NZm7rq5##eF$THK4K>E0A@l1c}0n;sAFY@5EhqPbO}hoI#Z
ziu8U(3M6ZNf25}w_Hrj*2VN>8ZBZwWz9HfTte*;rg`NNv2&vxbGBrOyR4*BRkt)cB
z1d@+iG6iNyn2P~FDNwjE>a$rDH2wrp$7J9UPeL!1<~sr)(WeC|7H9=ofk_E-f?n|k
zr;ed171cKn@a`NB!DR1uZNHrhobnMtoP=2SU6*A|-Q+dgB$R=qs!&AH*3POHZt*2x
zaj+q?RxieK=$I(jbux0a+7xOQ%xL`Ox*nAL{3-Q|z=Xxs^e*+#$5pUAzMy_=243bw
z>-%6c-9TP}28*-T)t+X`I)rV(KElyo;sGLM1l-1tVscvJ^=VSt(Ofz0Si1nF`oCcb
zRqO|~hNg^5(3E)_3%v0TJ5H!w<NRvWrj*5^CYj2XU1ehxZR1CaPH>88$Hn@=b&X?6
zw|jERG>7%#Q8V@TXy6WdF5cgS3<`ynJ6`1K3_gb-C|xTXE)l%r4XmSwAXo)tdzI+(
zL#w-nwUn+egOCS`u;^B&@@g1oyc#CTtAUoyMM+|mn_*Q^Mu$H|c|_rFle{3F&h@v4
zz4=JFShcA6!QN<x4P7akPG91sYc85@oJ<tg!;NXulO0ZwXS;XiNd$K?8qOR(_X;<0
z3TfmMf+Y%)pKj?Zh>Sl-G-`qw(+%U&iK-$U&EeIE;^Uou_br4<E>0bHYxmr&$V%E!
zEgu9j;VoZgE$X8*NL$RSMZ5Z_0Fr71B-6V6j71;B1u8*GmVl-mU0AUrb4(a=4d~o>
zsN?(`wb&cglS-Z&nLXt)I)mDg`Sj6UBL)v|r%b`eF5WzhK&~>=#<Xe`yT_eRb?EJb
z)uB+}EyI(Atu%5NNq-;Gbd#Vt?u;nN@Lg>i(;KSIa^HtIrte)DI1Pk)NL!N%@IZ&7
z91LM#C;X6Ed-1{-RJOPQ=}Du5fd1LFBy`Iv=_6Oen~kt4ldw;n(w(Y1GGg*qaNj>r
zewcF?gIA>qD4S0Z?9nutZYRh69`0lGE;~cp7eYKYM?2TceGgFfG(J1$g79o}?Tvg>
z<;*>mp}D7m;t7h`wF|eXoqiKU-n*MUx^&m5f}k)^Rk(qpU`{!@2++R?*2u5V>c!@o
zi~=I*F(QW4wxO1RGaF7-@!?cftpJtj&oIFYgCH38dnos7i=4U83c$2hFRtMm5QJIK
zrlL(wsW9<_OFJ$kVB&i_&kqmpGQT%?_MRp3yA~|bwbHqO%)m>6-17sMUi%lJj|#`o
zv~HwPDOZzvX$%mIiS11IUjz%3FqN(w?-C0=(NI+r-Y-2bAqDI{+(0rg5>LiG7msre
zTIGM>e<;EFr@OG|PrY>{=>WlsMQ+EI_Hi}{V0Vt&3**0oeO%B=aKz|eRo}hoHatu|
zv2M&Hw9O`j3HIC%g5FQM(e4@o%?aJ)#@Y+ewcH$xXcerzV}!F2UaI<ev|&guYJuuw
zQ~?If7Os_T(Q+-RW7+5#qA8;2jG0GPo23g^Z540e0$@5rk^=Zs9IYPq9}%=GUGcn5
z+mE?coo#Lq$~B%18OC(Eevsg>;9$&t3uVfnB(s-hH;VJcCo-b|rn13D$&DEffbTz}
ztIkbK?b{YXWpKkwG9Oora&sJ8s(Xof678G`or9hezHUAnwbdL8Q+G<&2p_f@C6qVx
zI9(#{k0jpm<g=OxlKBAL`EhA763TFXa#HY9W+X3D;<)aR)p8&V)CN+3;nA&GCsk)V
zIJoxwx944*AwjjIwB1@#x;z+9#q;NAnZB<Gb$%pncp6gmIs%k_vioV)SY3LmFKZe%
z1)*EL#l$~vLyCp5fvSVQnQlOfDaM2jwCwwEdlT#uwm+<BQ2e1aGQBDFR~usthP<Pm
zyz@NVzTx`se~*sID_?}}HOYsIp9&$KRycz8L;kK+9P)1?DMUss7PgzfGJTEjv}Qij
z+;P{k`CmN6nMQmL;3($=8(25bah{_MdE{b`r1YdLY6w~6z@-jH=%|0sC(<alr6P;o
z0Ggwf%3KXySlKd!eB&tH9%{mEnu3dHM>UJ_M4vG(p`?uLlysciE8LExypQ2DOrf_6
z%BAMsI-p2hfBqLA(d`M`LU0w41_6oZLJqk-rX;w{X7(L+11Ap^5Ox|poHu5KeY#W)
z{O^2}arzXkc*Z*8)T%u&Yj*1ycW0Ib)g3JM?+?Lw@-*p^IatKnKL0fuTs_?jO!G?S
zhBd8&ez;j41E*+~SV@GixUoFnMWK`yD0xeKO3zt)I(8{utI&i;KtB!P&BQGFEH8Dn
ze}QM2cn2q<6V2!KM3wtxWw)GT!}7u>$P~RJrq`iLTP4S?LN^1p+g!?rwS^+83R)@k
z3Zoj!#r}^p%pn;0kEiC({&Z!zh{1t%ZKW!98ep^T!IQQEIsYbTS|0FR*_K=Di(B4F
zxpvP`$s%0|4gNX{N+R7(iK!6!;Q<ZgXgk#))6_}N@n9q|x|7KjT-f)2843%nvnQIV
zwV0YYC&-7Yeba_YPZ6OA#{|6-=k(PhrNLDOXV_{@-6S$5Wlf~O4nY*vU2@|DJ1y8I
zQM|1z*mMB?^4k&6bB#@{0Q)yX(+b)CxlZ-JVS7fNLamx$nbIgjE5d|`XxY1cAe$&<
zg^7|vof>hrKZI#}3jIPF2>Q|6!Ponq<n~pc%zIH11}|B#A5C5nUa)9`{4U&msfMNW
z>f~(2M(rA@HV6+KhKWm_4tfcWLWEs9R_~8}e13?<7%*^_p}z8Nq18`QO{#Y?SKscS
zJ{tR~p=x3jY+nwqz4NPg$W!nRE2iBczCtkYpaM*>IoSIYW=HkZ?b_B-3l#c4P;!<|
z-CWHnd{*-xfMw#%Wu>DnE3eCnGFqd-ma?c>od(7ep*JS|S1pIC8|}ewwDRe&%4CDQ
zQHL5?HtihZ2J6ZG^a>JWc<4py9gc&&6XB$H0r)&sTo8ixR2FCxsd9)|U_naNDPDD`
zyl~!)neJt8rnlY23M*HNG1?I+^XAukI2K)|OF%Ym29cJ0|A?G%SSJPSMS~btJ7OI{
z21I?Y3=LgWFg>iKg|csHepXhhvt<LH6R`~KOE0)yT`^`E4x0w96Pr3XRlfMfNU0dd
zLR?UP@N0Q-1)tAv%9m#lZco_0g@gX(h`<A5iJps?y|=|{2=7bI)bzo<EFaaUUNL-z
z)WeFiR{|>(vR7>37rvhY>u(#@8rAVtXT$vz_(3Q;B^n#<njAgjK!!(KRtLC&saEr`
zd4b$7l<h@ts5n8t#F%49)WLPQhXMz34Rq&_xs_&Q)y+%?kR>i|G?JYwCj^#Fw^)3P
z?0As42`!TPTrfL`zNM^7WgT2TzbY>yhGE2ATVr@`_EJnw49XPJ{W{K&7nL&XEj^qk
z&R3OOl}ho2E;bhon6zRJf?6sEnRm{-!z-DriO(Oh0i*tzdYO$D$5FR0p&qEku1=%t
z_lF~joIJ#c{?LJW>qbGUr0jhrd<PDFIQXQov8^>W){{qawt={56B0Wh`=Jz&L1fw}
zJBM{Cc}WbN4{fD~UZu9dVtEMVWCB~LfhI|=6&JN`x@q*{vb#{D-;Sw+%d*tS_i|yI
zP{P<&ylFh!2kY=Rd<*tx&&3prp85u@yVGnHzuk8U@UiG3B54XK(ZWKEhBLpBNCkb(
zT)yhw+#zyJo0_03zl_?OLVmgR^oc@4Vd^xV?BgWC@4<}?V3|UkAs(P42ubj3PMo=)
z;5~Q3+58XEXog%%V9nnX6!U1*($Gna30!_I9x=Bz311>u2fsGE`tVnVuv=*ok2WaW
zb}$GeRULuSpFm3$I^&xqh53_dVdxGMxR}R-@Ax#rN)q4GU%%qPSWI}WA^lsPxfJp#
zdFbZ8&wy6ZZ2q=Rg5ZsgBq+38SID5iSBIFD-(ktI1NASQ_4&URu7kg)?5#d!(3VjZ
z<R9W0I(@x6Sg<+7$gMp1fDQRki9sI18RvC>;Cya~J3lk8qkqq*a$eV5kuFzOUL-|S
zk5w{@o3+C#wd3RPNT5N#uZ?wMHy7_)G{M3)n@?tUpX^};g^}>EdfuKfgZ&=EQMclM
zP$cX5@$v8l0KCs<lvMk@Nh7&bzvCl)wU(MKSudV;ikn?@;b>yH^Sg56RXGNH8e!k+
zEZ|@hx+h#I(AZsE2_9r&bL0&!gnYt}r5QPEtH$nTHRe}J5n$++CR>xD|3jK$+(L>m
z)uUo9i9-@Hf#Og_HGC@4k!xYD5Gv!Bib*3hGx=jRxBpQuliZ-LCyd<W*jdQ={r?1J
z(p!DjO)5f%1{FM>a978jL>aiJ^*QC_*VdqxtU+(!>N?vs9_H|g;GRIj90rn%5|5xj
z&sz-XL<idGt_leON`eK&rM5I1U9DCO6`eII$0BO92GzI&BYb$gJHpx`5R6Ysr%{Cb
zrl#$<tjSvQ!)B>H5UTnpM&4qR6`f9e{)pnG7jf-!K>^WFW$8>U8&XQH!DMORRjF`9
zjn};PBIa5cLvAk^<lge5lz~B#Eic^K5vBZIj|tMaEM-O!Bb-F6!zh|U;C7gB$(>S$
zX;<H0q0I${^?R6}Rb9GwVv8tVnbn7jkn<^EdJTE+@NOjBeG>S`eKmAWzHEP*{1rse
zElT1ermH26rUgiezHzmG!Bli~6DB+F;J-2*34Y76(b;B+DM*ik6CTKRPl-qgfvEW|
z@R^NNMsw-jV-I^W)bPw7BO`esQ90ExS?SxQ8N8cvOyQ<)yzL=O`#Gel1Peg&B&4|>
z3Mn430@4d9W~7g(CCBk}c7R22&nx#KZe&pa5h9m)m<ASbG>jMVTd>70fi)HiUDrtJ
zzz7*YG!elZ-GYDn0qwe4gknB9xemWHIr*F{QtNY4EOJ$bnCQ$*a`~a%-3M?E6ZdBy
zzPui=Wf2AIgY%kpr7oK}pq`G8`mzFUKm%04ZnQebZHQgM-9gjG&$Xd!zU-1!n^yRm
z`7mkfRV*TFobCqI@yWuCa_S?t1rbG_UU*t6hwTap61{lKj0tt>+4zYTZjB<EF;^J+
zqOG{u&>V-Rw0r+`|3!{M8X=Qx4PbTiCvsaM6C$mf?wfW9Y7LQ?D?5iPI$#C=Hn(}3
z1GmOBL8gj)c6;KHlbkr&{T%6Xlx1GtB<)QC|DPx&#ts8cZvuS%IKku2kMQw75Q=PD
zyAX1UbC?7vFWEiJ5B&oa5W)1vBb`R`g^OR_ux!EnhYOeE!5t|SCO1S7m0APr&wcn5
z-_AYi%N<<n_%Ia>!Rq!zdPKOyHL%&nPG6AO*@WD(g$9C%-qZ&>`z$P0fKbSztsQol
z0KqK~#Ch!S^bx|<%G5eByIk9d96*a}+}O+=V5juMyYySf9hdRiEc{Y~k;cqhA<hi1
z<c5-op8S&CZ?f}M(|wg4y;i8)W^-@BJU608tC(92y4U|yx6ddVe?i+!uGdi87}JV1
zs{E&)F@f*9L>y|K{h+n`caz*+CDP#AdUu3RjiP@z2hnG~MTb=-#c=j^4wG780qp$U
zJH+%P=$f{ZHTUCPu$muMP`crUNM7S;1q+F}h<EYJJb+RJ_Q%!XE<jBc17IM3CGpB`
zS4z#{`kju@cBR(E+DNH|j5HTAAhOBgtuHO!gkvM?AWT_bCKtAaRDx-B4z>h_NJ%Dk
z7YhTpGmDrRdx(xk#D^2k{9kRx)>dbCT;h~4Uay@<ZJ0TlB!qkI*hkZv%G{nF7FbB#
z#rv{|O=72F!>1~0?RLD?L4cRb`lvN_F9ncWKLc{Rj^ju`+#vq15Fdc2Yik3*9_4xR
z{Dlnc-c?OA*E{~6V&*}~<SC6s$|fG;PQz|mw@1zx>H}rOjcDUjmTMAWmUuTUWxXZo
zr=kZ&1(pD(x{0^WAXK%O|Gv;Z%1n~4P}(EL-XWa8yu#~9eFJ$;NtG;nC^j*icVtrt
z7aQ$;QIF!x)Utlozz`+np+;J`A~VVBY1Fd{M~ppKWkhx@8=h2h3z0=bOy_L#VLAKt
zOH<n85&NEC&x_pG<ZFCuBBRnTIVfn!(yNFpSrCExRsmxbz6Ev@--4PqR<A>RQ#Gy4
zr&yx}+N(owc|0B-*QC_wRLJ7Cj_*|{+`K6EKqrblbXf(!B#J$BS?$m;6Pvo&<S=}g
zp`fM;VIxT_R20sI_fqZmGD3bUe27F4EDIWNEf{Vb%4=oe98-mT!<;vgg`3?H3Im;D
z>Rb6OI?|~jpEyHXxxeK^OKQ)6Ap=Yrivwe;NG1YudgSLF1hS&kn#DlU&hQCnT9whp
zh4U-Zm$ka^8X=A#$c0uEUk!jzkEM2RTfYg}2dX_DN?DhtPN-~X<Pd><VlZ2S=WT$o
za&`TVsvf9o`U@NUo8)EhH<G2Yy6E<vuT(1bR!%#&gRnrsc|jy1TTV^?YaxYBo6OI~
zGJuGro}N23rzzV=Ljtpacp`qi<s@Q$P4BWNZAr9iZoc!j)7y}LyWUT^`T{q%{OMMh
z>Y|#90GBmWwJG)5hnP~&pRBLM0nAIfhiJEDtz!3OA0Ky$qFZA-ns1?vr^!vQL$a=k
z1JEWvMh*z4#Y=sOS=hE?^R_Liw^j5A_#Ozu6KTT481VLn3564@BprD+Q-IQZQa1Jl
zV7g;^h;5e!uk`jZqg6<@ywz$imViMi?<T~mCWdS^c@3e`f6B#ynNQ6Py|NZd>kR)w
zXaWb?MND+d7F_#VBj|)ejMbf>;fv%Pz^Sx4VSD0gyFy?kV!4x)Gng9U6rvfr%wjj|
z32x}@_9h_?V9$k5H-Ik&H2^a``q#1`&A1K^ge$CSrY`1lEo-3L)f<v$imNe+aBw%j
zd^{-Nce?1{5=0RKl1Zkt%=IeLE1QPZ{+<ZPK0V&*G0H%lWmq^P@Q`-^He}u8<es_j
z2JhozZIZHK(xg_bltXClyi&StTF*$&$0=zGAjkMoemzN-1kMTM%Rn@e3X~UUW;AHt
zj@0tWARYe-qe#Akr{D!U8w}89#uwI<@TudysXr`?Ggd)XAk6OKW@G&FoP-@9)to~;
zTjVg+C;>dBRFaHHwZZjIKj*s0hP>i*O-bRp5LwP&UB-7Irx4LduJT*1jWH;3BPR9E
zcJ;W<Z1WZyWL6b?Dvq$->u#*u3MTd*^$ReiC<;LdWC6-f+TApw!1+z=G&uy+Ig+(K
zVG(c%clmK=6rd=9$&CjXv6J*+tTZuDY&X3#w!&;-m*`*B2A_px<x_HA3$!DsDMwVr
zpJ{5aYcOTbaQQf2{T}`fR)gNfUNZT<NayMhZ$kgiIDVVX$fnim-W)fZce&xr9hS0`
zk#!xuJZ}@y#G2lPqaGa|pV@2Ipxf*&oZaxL*HP$`qID7IR?<0Zp`U?AFFhB!=ZK>h
za@>;40i3ukah&=?yf;U7jYg&s@~0K#PLJnpt-V+Em_KWsRV2Ub-e`}A$_5RWY*#vl
zd$ESl(gLaU$7=q?<<p066DFYWD3qYcSr(mx&jP1hqLwUNJ?QsG8IXZ8vC{WmS!1BW
zBFH9|4H7Ja<RE|+$Mrh=-KHa;@7|d0x)26%Ipel|0H~iZ8MjX{Ngm@OIs3uBQFo$F
z?>42hu#W#t5>@sWZ!7!ka9xi3JtU=smNuW%#d%;C5y4O`-w<){asLp!cqEO!mS5F4
zDbZ(@(!43NrB+N}6}btHc{A{GqZ=7+R^djb+pcZh$n>6CMJqCRj$n4HHy^vzxjD6*
zLsIVsJ}W-nX&`Ddvky|XsFzx`6Gg7;;!!6Z(x=Vaj32aYM}K(d63_NKvu8UdT&fG;
z`<fK=6O@G*_CeRY+J5e-HC=Il=Oz@6xc*7FD~rE@%f`pHR*TG-s9}AOPVjq>;zkf&
z(M}kDlDJSc!6~!KVPV<_xGqJvJP_tw>v7Sc-q9W5VQ+#6+pq9WezhovINQ}W=Braw
zP8Tw85KI?BOi)lD2^MJ=?U(v)_=K>Tbb?-&x<i$9D9(h7xjXN~ix(jJn%4Ik2|?G|
zrY0jN(h!bd^%iKkK!_ji`g;sKwuUs2$K~crDCrNpl65Q<+*>G*psu(^7lfx{GI<|N
z_E@kH#%CzdM-q=P%1qK2kYq40&Y`TWX`+kl&DCz&rNvc~u1-dKtQj(<5s}m$DFeRm
ztlLtstTG!lWA=%Od=6HRsn?PkB!LHoW$jLpUT!>2&Irsf$&M$q?ZiLw2F)7lCb~2B
zZfRMQ-A=5F#L!dH%M}?~RXXpq7Le@v>=WlB1=&STKy_k_WddW)+_Pa<`9j@cExxY;
zFf+V~iH~i>#++oC*%Qs}!Wn0<PS&ic3f--Y%4!WE$)srNOHAt2TsC#goGXoktc`-P
z{u>;xe(+bke@kGWE}){SL!KGjDwj@=gv~`%t{3H=JWU3|EBHdorano<Ih&1P<ejbx
zS>;GcGEVX#CBXi+%uzn8R!%tuAs4?0N6E=D5a1uxq#&Ik%VYNt!#}eq5_+h?aOk_s
zP}vrp8OTpot7lyL!K$`5QwMpv_uhg^g%GFguU;oetTBgWz=u3$VRMY2EFoWFqfQp4
zxKWUG<<9hxnz5h?6ok?cq>c&Icn$R_+UZzlHItd58j>!)nn`KnA}kw4fdoNO5EG_N
zDJ7_-aqm*vC7MD#4&f@>;!l^sq>(<&)7&Al8$A3c^BA0m+vn)jf!pi6n)YFzrLNPS
z2Mb=qX=K?Bo&+=R9npWEKvDgOmI+_#Dtk8Ee*;a9;Zz(J#M#Ln7x)dlwfKE|v=8Vp
z-gbqci?bW9-EDwpohK05<pX`d^mVI`)VA%x#h~ZD1@AS(PgGP~7152UrZLLw#%p(V
zIMIn^;?$=OAy)3`Am!e{S_=xYo0?g4)53!#%=GQPqGkfoiv-wARZ!I7F;%PD{)q`x
zQKBI<88>Pf)UpABg^gOD)9opK3wUs>X|!lzSfa#{$*O>1_1rxAJ&z=yA`5;eTM8{C
zv}!iLLWQfV0#@q@A7BJj(JR(Tg%u>hmfXylCwTfSIxcC%{)|J+$Dp>Oj<h%#7t;kK
zPdyY?smFQuGB|JV_#3hd6f}Sw;S}y!p#}qhoFg!U-$<s+h~UUUZJ!CYN)QJzUZQi}
zZcc0Pt|>GE+I!Sk-CSjXJHmEnn$jYyC7id>v2BIxZ(cyyEJHKHP=@_391xXN@LG`X
zE<1&&<+uvra7%)A9+qiQ?5dwq^fBcRVMQWrxaBHcDCVH0WFdvXJ_@pWy*Jhn^F?BK
zJnnd<Pgg5yu8~NFNg!I~JT^XPhZ|ogm^?wwwaqd-r5A8nel7=(u?IMD-1=lN><5A}
z##^{}U(2f38RmLP9j9G<P?8)UCPw`tViYTTz$b%{uLl|BdWan)z0tNx3I_&vB^y&R
zzuo-xzxKiUe^Gj$GY;>Qw3i>O;2NWPTnW4=Clk2~*myu;Y(93~DpTy-@g-21@CP0R
zcnTvT5TDnC7L+APO$9H#rF|oBBfmWg$1MxZj9h7JTy7OfcV?U<p*k`SXFQa7<pp2Q
zlDG-hNfibfi#If##Fkq-Q~Qog(o&#cg+N4U)Y^A_awflY%u2%7*s_8D<2sOA<B+V}
zyT{4Zo$R1wn&a(OUYmw!!M9#Hw#<%8C>2l@9fH{o&eHcRSgW0VDMR)CH{w3lVX!L0
zN=irK^pQedh9af2-cG^9+Tlkj&W=b>`5?^R2G{QsxNweWA-;vXzh2?Gl2J^HEXT1%
ztn32^-$cc}%*blw3ZY*I{-6luV;2-fj-|*B#7!z}wmX@+70isaszB5?hcjB+5Z7+$
zMf|)Cf8U4xK2GR!_mErf=sQyy<MwaWbaU>!j0$A4i%{u$PeyCVc+Oy-K23_#%h!A+
z^n_L@?P^5=wQNh?9Jrlt%4^3WOZLx1`%Kr1A{U8@ONx)&%WJEt#mA7kGsd)HNhkDB
zIJWC2S-MQF+#9jo0$<P0t7U&oj5aOXSb5|D_64jw`OU0W_EkYE8*lv;G4h>S)i+Y-
zS6lLmWig%k9aLmLj8^k(%Y(Y)?wqo~`LjEpODB13ac38bdBml(d`<96tsh&5AU$1(
zG_%`_gH2;@c89pxYg|Q6_;ee77D}VU7T3>|3?|=jE;GYJIl-m&-j)0@>el8pEB_hK
zs5I!!Clja0@}#NZ*v*OSj5Fdo6D6)Q7V0-QE|f62?&#R1_GG;a@uzA#RUlwmYdek2
zx}!}$M;~iRnl|j3yk%>Us(dkA+;K*7YBAMGPa!RKA!N|I>cy}-GZnugq;s2!UgosO
zErnhC6XL%~%%b7mwWY+~lXuRq`0#bv)||E4F}mM(3XaiP-0C{qhU5}Wpl=JF3C=2|
z9$CVtA$C49A<W9D@d<y4q?&H(xN!dq3y&IAr*VFYObFPFVGU;F3RhL63LEO#Ok)jE
zP4FTXp_{hv8MO$NKs@o{YX&#BZArs_#wW%$AGIExIx8!COw^X__=yM2kO1%S9pV?c
zoJPxsDFQqMk4Nj#<leieb5a&L$z8+-kkCqn^AC~D4X|ow|D~+dwj0n}Y)Q_NM!`@W
zO#f?pNcQ|J7*DR?3qEwi^*d?_I{g#bh=-!Fd>3})21a04eH&&tPbFJ!;v-60G!s4!
z^%_S78R<yC7tCmjip$~5zUT0!J-6AZW_RYV@e#_A_yv1Z$k_?54sCr9bb2aA4^?WW
z@roHE8@^!Q;fQprqUG-!(!cW@Pc~z-Rx4v`U&A4UJr=Ba<Pse|Z<q0LyGmthxk8lP
z7L0>A`CH7z=-d74!sD8NyPIeZv^6cL7t+O^dNp*Va_)jB8G#vR=hF18rS`aK`lhK)
z1*VRwV91#cWIr1m_`8&gRgYTAfFfh2h1PC!Zyikj41PO_@3odvE}tf4actYZL7WdC
zRJaTa9r97;$Cd64g~Mc>J4|l%I?0y3iXjP!k|3*v*jj8=I)K*Ioj##1um?o$Hs5p}
zWu>7aTmVQ*_h^>@b3ly0BVG2S;T{^5S%WoCLTTQDAA{S9QaMCq05w#@f^RJbC0lj>
zs3xQ4?$IaSqiM@kBS>u=s?f&9)^y2<=W|WX(@d^+6DDt*%`NspVD+&v_A}fcj$YJ~
zoUb&b+rqvE9*y*b(7dicN$vWPXc;D-fCnk{JM9kM)j^MUvIHGEXrD9lQF(dUr~{Rf
zW-)i%y>n|g>(X!)h44acK7&y%!+n7~|KyS}4i{*!r7md|!m`=K`*$78>XVCQ1*U1y
zq0uT=YOpqDsLgc|YIB`Yw!GH$2pWJTB}^38jb+maPEuOv<1=eI^s#*T6E1m#)ia@#
zPcuGuo21q`GqOXS8Cn11W@L!l3JJHRP2K7)M3?f82gq#5GP3SU)QKC}11*}!rK5=?
zON@XdeU);5__vU$Z@OI?bB4=}WgX7Ky+B`l$jYx~2d=9j4*2GdoAck&(E;G9GQz0m
zK&{opUAb(cs7lwgONG-mQ<kgCYiv7jcP)RU5kN6E7;-cz%f|Qw`{5dU|4Qc!w|Vnh
zSme`GwCHG-TgjVwy0S@xI=qNLGjF7}Jb(l$-Um)3q+FGCBfOj-@8Qe61Y7sSB154P
z1%o?qj1Hme?f2gMboQND9qMteAIEQD;5`1#z~<}^WX~IUfm!At@dKHl(0A|AnH8@i
z)6cO-_CvNSsi%5EMf696kv&HUS9Ko?ltcQ}AIza4KrNC76VzVa`oVPb<8H%X+aA2P
zFbT0_M6@2ZI_GyXtM2>M1w9ke`5ZzD;OO(sX0?oMUA?^Qkt-{j{7pM$qnZInH%|dj
z%4QN?KV3Sw#%Xkm$chC#?Q*7v0koKCRe4Pm(1KO@NOd39?iBm5+sI|e(80Z%xDU_w
z&eL?_9ut}}YKFE}PuAU;3ahSYx5~n%xtVS%(tHsUo7o{23I#ykc}yUzCa^qre3fbx
zgtT+83>vD5By&H6AJOuXo#n5Xt!PEd^@4)!<|-qatJwS&QYOZqHFJt`ns3wHdVu;b
zyW~}Y-YFp<wJOv0&^`R#Qs@3GBgKt{^Htc0xY4GM?wJM$ztO0dVXKMNO<v(w-%xjb
z9UdCDN$jyIk#&+{#y6_@Oob?$A$Q2OO;wX9OZchNV6ny2v$~73<U+VC*y3m?m#QB+
zNZ!KTxrXT3Oz)@BzIJzU68?5K0R&=*q7AmJb_*WYSy8PfKo|nVH%Gyg;kRAYGoQo4
z8(fLX-T#J@iFLw6PR*OqzJKQaoWvAN1WUh&EiCf*%n-DaySK)1BqQN<>7aguILCJ!
zb~SKwkWvcOvjbGdxbyz?K0mxi)mAI*+ba`$T5t4+nIt4o3rzOmOz#R$q-_*Ph<rf@
zq?0yg|8bzez@_4#FE${xx{@$)3RXN>w188#;u*UPS}8|?dzUpskWT5YBk#o|Iyqnx
z>-0yN8zi|Dm_a6daE`8`-K+O-+(`d!`cDE-;04#=@8d3ilP~A2bn3K2^Vo4B`C@M8
z=%@i{tGH?z+aoz$&o!IH3r-_P8qwr`j>ETRld`W!F&YyI_02P-@1`X0*kwUODrB5W
zyF6u5S$Y#;?~i=peX&2yfJI^&S=9Xcb}2Ek3Js?=jbb|vxKTGKz}d#sT|z;7?D2O3
z{1-v)<P|W153DYH$c^_~n(8T2+Y{B#)f;By?2^JX5?SNkid%Fncsc!>?x*VC_3wAt
zA1??8^y}`>F?aEXAMfH(5ASc*ek{F1>UZ+tLt^%!qy7!mt8fZyh}9Y9qbqEzZs#Tr
z5~xP$Cx3dU;33}PAXobPG|-M7^Yj$1J8G+h)Wv{{m16Z8vC&1SpC6)Hmscq-s$5=E
zuf?(gY5AEHwz@LNTP$Hg$m-A3vCwy@gwe-O(N3ZV7YMgQNwB@!ShUZ&ZpP|)`xb6p
zNb2JKTLl=gi#sBZL~Pc*mGDH?7pUTs%WO`dj&gIjCj9m>$p-O6myTJ|ftJ0Eo7h(_
zsKrd(bkVuS$SDv|?<H4bESJRszTw1lga;JOBJ_(&&!MwMu8g$vV9%{hXZEUKNn>$(
zWv4u~D0RYy_9c@)%R@9iX8d=!qYJ*bdi3{AxDQxGpq5i<TiBydxs>8QWMy{^rc~4k
z@uIW$o<JbLxtM%NqL2vHHG@4$$Drlj6<U^USGaJ+6cVGgf@5QoEv!-at7{kyO9lfO
z0~!s^LuDXU{iFY<ClaK4%Wq6-)FqG)Fpi5(?{EkS4IYEe%#Xx*KFnYqWks3c1L6le
z#Oth^(Fb(S$YqL?H7F!vC>7wtmJ_VAZw_m%lqO0tOPN$M`COd{NIQkqWgE4KD^iOX
zxie<@%w08fsK=t&X=nF;A49mY@84l}Mn)f=B3Q(>sQ-l<6bl`>wPjmNyK|p-f>}nH
zH0u?q0I#t=watLQnNA?AwS_c}xzc$_T@T=vn*a_`5U*WyfLJr#Uj34L@LsAvwn%!1
zd4mk%ub~eU(qX8tk6@QNvkh?xEq$BKqS!(T$%fW>gSnlBbGv`>Od9S7>XCW-mw&n5
z3W;XB&nh=lHIdrpMnwxFPk7LC0xE(Gh4R7kHaYHg@m?0+<LUN3d6D8?8I2#4Js+!6
z%dBT2Q?SfoHWbs<S}VFs%Bfaxh<}Sh%6tKOe?ex%i4VTt@f$kYkmi=iTx{=<YD#~x
z>8xIdt+*M9nxTQ8T5=*1WZaG#Z_5-IfQRDu<?Q5`+D+AzzmWh11XC^156(8CKq|fJ
z0h3B8O2cJ<AkE)!icO)pJ8;STTie({7if~PzXUEoR-fEQXE6Xh0!hbv8xZZS@A@sk
zR7e#WtEMASHL}<Uab2?B+9JMUi#~%H)}=em`rHh1OapJJ#4RZ9HKNj%ks>v;pu*;}
zZHgyU8Qy#E%YbouD<>4BSuUc6B|^xDg4j5n6`?^$#ja_fL}Rf4!XED#zEScH5vYLY
zeMDL*$n#CLog}CFEnu}|HwsQcWYgDq97xp|r`~X|a~r%v4S`4Mbm_o3O2w^o05&J&
zUxPs`v)^*!NZr4JD7r-q_ywhjz>QQlY_D?-+sZ~*x1*#0)V7%ja#vOsz%VMp=BH8u
zU;)fB#z{z*G(sbe1(Z)g9TlP{A9)jw$&4)ea1idjJ?;|y;ey&3)GDB>0w;~tWkuyd
zj|atuo<pkgJF$z(WR_{tQRb+Tb3xh%$WJk(TUo<SYKf*r!`dqJw<SU78R?u$XN2%l
zXEFHG`WtncSpa5F`!QTyHa%-R-f>sQon3qN6;-uIU(nOgZYTtlFchzpc~e#V4?Hk%
z$>A&I<A@GOcs6^c5dl&rZ0*##8-IAaOJB@iA(_upS@mJ{!`Gm3EVa6CbMg!7+A5o^
zldxf<Uv2L65#!%}6XV}&(`kO?N|-WooGbbi|3pKrp-)S;OO{l^cI~d~7o*W1KOZi~
zMc83#3(&IV-OKm|mZvgW^l1{H2nN!aM6FPbB<?ltzBFdmz?F)3tlBvJh4KR}=IwT$
zvdo7-(a<wdq#~x*Wt!x%l1hRg3hH_LKQf1?GN}3%CLZDwnq=GEaj99YM>#em5DRAq
zF(Qox2amF)lcul_L;aiV4mBQtE`Cq8qFC<|AARb$Tf67tY8$7kt${X)%u4GFgYD8K
z%GLmRd!7y(<3OZD(QbKgOTwMh-l_;VV(2Y3x~TQ1C_&E5m-2L_D^_nRibhGejJQH5
zHG9@x7(pU+-KYItk2>iusOCWCBqdySS2{;uMP%WoQp-Ee2gQ$RHHSE*qsjTnR3w)b
zqiq^d(j+DSgZ@O~&)`f%Si&LR3Sa;}dH1+mj$cxs=Y6;hDJx~EJy@)?ojy)RD-W(a
z8jM=IG~xn`+A4xAAb81jz|Fya89>2m#2#uLJ?#%WSF}%TIk22JMb!8G<Abxfdirkx
z`-b2cufr(U{a}V{jR&MSzqq(j^xZYFOO*JV!F$<k4c%JMJ#DIDXZ;3tG#$tj)bub(
z$I&TTMD}szEh72H2U2G7>>P?XG)iczan@CavIlwDO;O0S4ibbp#mWtSqi-)Vkj}53
zsY9*GGb<DA>BBJ_xSR@D-J4*Sq){(}roXTZkfuHLv2%<g^PiAvf2I0HHCl(fr$`IX
zs8V>5RZu6j3i<+@psMo?F8?Dde^@nHU5hD(W%Iv8o9-8{T)aakLzl#Pjy4tJ2OOrt
zBjLZy_<{aCpP0rEy?)Nz#htETtHh84`0sbv{ZqFfjrW>N3j=K*Pp5*+jnU2ItlUgA
z?&B3s_i~*Le{x_dXCqa~s&+{5|1FBNiK)QnI=cP76x8r3DAB&J6selqg$&-vA+uo0
zQD+j;P~NH1))wg?JAe0H*}*eb&{EOD?2VA=d1kb_vdMfm_Ko^n1}CnPNKt$A;y;5}
zUaQjy^8iUF^=OXW2-7esVHy%?>Z++a&AFYp<`aaj#4pJR!Wpxmw0!%LAkFA%wfX~l
zum*m9%{enBuOB?Llk0%q>C8L4J_Ql`uW}G7h=PcZIVz*#<o&ZdIaHo>eZEPIxV(9c
zunoQ8V=jZ~b`&##w3C9B6onE|Cj~f~)S^gYugoI){4k(Pb4xzpNde+9%0N7>%Pf@<
zxADp(l^;zddu<w4usO^_d~mj?<PK*ErmQWh*QK`L?&cj(T)Es$QxyY>STAX6_cT;b
z-d-7T(+Aq?8Rledp=q+Ttjh|=Xft~x7{G>2$~3u$D&(yqxLeYdQqMAcf=t@lW#V5|
z1gR<iy6G|fxJ!ys^o2utslBDz>6BrBees0q161_2(?hWpy#G|P*jDZV>gtLxc&k@1
zD__}u@B*1Zt+xG$I+YOr98*uNx;E&iX*|tHh!u6~qjjv2994{xmlzN?B=uAgGj^}L
zalU6MG78m0Of;s5m3)b>$2D<JCy~~V%1D4$Ms7atI|JC@n8&i@)9g02!7kW^6AGQ<
ziE6Xr2Wu<C`c(G(MsyMc0%Lo#s4m(ak`;@yJ%oGNViw?!)zx-2i+6Xpg=*3Th6m<3
z*3AHc-)iKg&FGx^F+;Ducdk7UDd^hv<Q03`=!J>lPSFs=T>d{!t)LF>UTW@-+~;km
z<U>Ts@5(YJq{Zn6t|{fufMWWXLJ$Jw`u&2gH}1;hJvjs$);NZ^fdv_TO^M^z#A_uz
zxY-ba)nqKH>t?{}Nv8%yF<-5GC?wH=m(XH8!j6GV=xxZ~GZA^p=oOZp#fii=IH$52
zs!2<S9HfLUEd33eOki@`-5<BqKT`_Q&4F(N3TRLvbnQiag?c<VkLTcX7j`kzsv!}D
zX{gm|l}Pjmw%^@^@=!Cdt1LOtfx6g-kL_=E6e+u|e)hwBEZNr*O#+!$mh1;*>R4eA
z)w~DG0?4PQuap-1012g=l2EX3xY1Hj>P-+NK#7FjI@5#~Z@4mx`1BFzn%O*=!B!?I
zgWGM8xZrIJY4P5;U`QI$?iMh#^C&)JVJq_V4~SB#eoAFeWF$dnCQNIqSw06pTLnLr
z1Q(<%Ov1RuSF^@%cOITEqIW@dWQ|B^P3Qcr6vY=mbB0Z=@lga)x%derO69{`tGc0<
znTa(jS@w?h!P1K;8bd@(kRdF4F}0Mc??kD(ac49Xt84u=@+hqYpczP-mPKDYQzUVI
zRYA#c0jPtgFdM4LP`gj?r%I{RRH#-FhA|mdc}p2Amr|Q)zHRM2GbZ-*>8g(+e7E9Y
zFC79UiF(iTqh#NAXOqc{WD4U`pjsj!zHNLjOj36;zuN5(Qa|*=L-Z~lgj#LtA@e`n
z`Jb3XE~UCXxsg1=_a9mG3f{;u3Ao6qvTqRG-JI%IyZKAT!5b<csMWJ=8_djEks*q=
zFTXY>4pyIXENl?r#hY$LLzm>RU#N`weoAR1x^QDmD~0*c;{*JG@_xV3tsNe*JM0rx
zI2vfk<5euBC7yEE4HK81Yt#s>B#0nzZ14G~yoV%p1KiDQjD(ZVgnam@mH0X4NZAuX
zP~mf@L5IE|K1DqcTG1r_+GE(=Um&S<IkUT$A$1lUig_>p<?Xla?0k`Vmd^utEZ)u$
zSs0vLfTrB;;!Ba>N(T8{v&aT~@A>3iMeZ4%1~zT{cHFruh|OZ($xcv1aGhP@&v0|(
zMj|OtLbZb$vcm&^Vah;9Q}L3S%C0XeyYi3Hqv^ApO+}72KiF`Ru#u>{LFv;a><kxw
zJHh%uD?HnPk1@R8$qX&km+92#%Y0lV8Ua(OAES?XOGF1<Emj1z^ds^Un6A+CcO4Rt
z_Cvl2jg@JzXV@ko&*e?FQrDpFvxy~ANT9nqHHW+qC?a;R<KMw*A!>iF_el+p;!6Jo
zPQ}*?_w()!nH|-oot^Kwi$i!CI$};dJLQwK#=~^ha2Dvd>S1~xu`9y-vz}3wuSG4m
zKk$v4aDT|)7}_412s&*u%pamrQ@mc6y_z(`{XF_`viR?r=z!Y0rDgwsr6QJEa&d9;
zX+Dz{&kCi<<j}Rc{GF`B<fs6)u)3ndzzYL^0o5d^b19SPh6N4D^?!$Y2JuWxO+e5V
z;+fn%q+FZi1!u{0>g1zL9>Q(B)znasNlC@F=oTk<a%bd1yVJc|t!Nxoj2#+g<Czlg
z9=t^KB{-z7Z9%7K7rTQn3X<<8Q#($2%~Bl7E@dT0#UzJy9~`_?n}_z1@X2<)<8O*(
z&KPyY6N7hlb$Q5Q7NcqiU!BWaAHNVN4EFrgj#3(u4@8PlHT$pzMKBmc>n@RXZtj3$
zS=Zsq^EM$6{`4;Fp(81&wC|$#>vyK>w${Rb2+ntbw?;6(?T(z)OF&T$i_Z(>@ozt1
zBP9W9%Ust}!Gp`~U#koCU5FskT@0U&y7DsXflMOV!B5wrUo-!*Ev*Jx-PlaO25Jr$
z76ljZ2e<JUWm7jt;c?9%wM^KP<v9FEHPY){7_AX3F3fOOlXpJ~Cg@i_{=R2L{dXlX
zVD;h?do-rQ3=JI>?~k>Hs@PqHFYsOsozSsn0Hz_d)S?0VxAb?RhrwD=k*lpfnw~FX
z{F{lJ6&8}es-YT18>cbp38N|FzQ8AHC7@3%IX`6K9#IA_ycZLrQ#&5&_Tatn@RfV>
zP&YoX0^fFZwK`!Kcf#51^_x}&ke>FDH+hcLGZ0mr=4Xy_i{D_E$U7X+y5aDKL`d|F
zcXwDStzBsz;ZlO$dZ@&jxl%jFD4DCd;x;5pq|WGaMx81$&f#C)OVCiSkpS_15i#kU
z*vhR?OEiLmdhg>|O}Zum@cvDJBnPf?MUepR8r+VdhKL;YMsgx*IVX@OarkWc{wzzB
zQIG-d>UzDH3MfQ1cX$`C$L-t1H((kxiX;DNJl`@v@Q+3XYTrEJNvAu5!gS{nk)Qu0
zN$@66`BMJZOPd9h_F<yaj7?FfmuKE;CHx#WVXcK9J!Z@{t@1Vz?^hB3&D>^f%(RFn
z$-j{`b^d9@`Qq8&BD6h$nBJt(s}Z{pjj}2oSlAIMCiz1h-?EmcD0!9GkC}V-xq@&F
zcY9Jv<hO{(FIKT4^ScS0+ti?=FOG0s@cmz4G|{Tl(ZXDJ$Sq_stRgL$Woags>=70_
z3==oO9CzU^4OY#9F1&vc&j+bC1Zk{1;C$+4Uy7*l@Db79b<pp3$*O&hWN^!c#Zmap
zIVAcN<i$Xie~$JS^xdXuxvKfglQzkM(#_U%t^?EnzlYzp4;vC(#%}oE@VfHNTm}@a
zYQ9$vs2HM;n=Rq0j#Xq*n^ofgNIjv7FjPciM?eeqV29;Uq00IyOOgE*M<PA(H?X;8
zO?ErkTPrnjJ1XPR^8+eRU3-XR3KB<F+Q^@4+*;WssE23QfW-@do<FFG%IPd4t2^0W
zfMri(044%xTMAnOmSkEAeMAaOQPP1^e<zyhHTH`%zXE-rezY%$Ei#8um*Bg{n9o@*
z?~`3a{ScQ!ksBuGW#nz&u)O1uv?wapu+U*KQB!vVuj)e0v|VFG48M5x6XBUsGY8SI
zh_O<V|HkBn2QZZ3WO@&>oC&wD!9L`}-OzL^@y;zPV;GH!a5X;CmE4{t!|qC>_MxAZ
z5ztvi{yS&fBrPyS5k`FYcNdS4ZE{eDES=^8eU=(yof`;<lwHQ;1e|C)`JANKbS}HZ
zrQPP+T4cV}Q51PmNZytXQIpVo(~f{sNJF~VK=xSXgQiOvSI4ZzPSrGeObuU3A;dtU
z`Ta-rfK(?L?&OcZv7l(FOLgO-;M8ps!Kr)G%DO2EPC3sJqPko%z?eU)IY@I~AN7wc
z=d%fRq)+0aA484QXA)ylV8(gCc(M2VH~gm%-R`i11tkNdOvh5(^nm9by4TSouvf~I
z_RK`N)Gu#Jt*Sn+5J!ukQ0o1?C)hUgU*E(Al!&RD@aCAuOr;<I+eN!>)Fq(Y9eYnn
zyssDMuE82wy}XQ%lbO}RY2{5>mXc5?eJs@ytM5+X+0kKeN3SzQxKkmf+68eS<genY
z6?2szLSumPrv`?x;wZdOUCe}bg|%z<Ah4r^(3Va}Euf<~(bc`dUV>R6>xoStUEv+T
zYe{Evc&?-4jf4qHX7+Dc!XpbI%DE(GIs5fX1K0S9DPiN2)JnDe8&3*Jpuie1FA7a_
z)0Wf}b+K`ZyMfwKpWo`F4!d0~;`AAEHYf2tlB2B8xJo#Lv_*)-8hp%wO<cNg*`9DP
zksKb=iA^(I-hrAviae^ZzNl?!wYV%Bo8>5^co$3A&H5((@Ggem4fgL3^T4MLs%R16
z_x0&w5i48eN0JABtKv<OO_>ASSj|{R!0F*!#1R@rW0jQ{6~?NG?+_Jn6e7`yLmb)T
zHy-!x(S2da8t+f@xQL5sDt9F0Dp<`%LSY2sVAK4-vU>1v#HPWPK~K>_9-cjL+dBwK
zp!~d~0<CoxwdDYTbcgr2f_Z``d{zA49u`pX+0`KjOsir*j3oWCsD&N(r^$@Ix((jX
zm{_y}n$=(pI!_6<c!_4xm?~L=F)K_a@ogr-&V3PgQVDf<hoIPaY6^4Oiv$KAto+F(
zD&cht_1y!jWTeklho@2b4bF{VgY9EXY7h*%`=>IS=nGPth2V&xR7D{3oaVHpJTxh6
zcquD-a9`&HRK#v2KLl`V;5G$q<&AyvsI8jQItP!Ss9WmOse@$@Zchl;MxT}=P828B
z2gDv4bWA37%2Z5nE*nl`OY=bA{eFz1mZVvOM(c8EY`%T5YDr4aK~3c%kX_@CWOeVt
zb%3EK!Rn5d;6zDRY1L2u)T*CQ@vBhjt>z1&>3_8+gPYM!nC!fR|7vIrX?x<%5>NIX
zccg2^1AGSd;Czi*`%Q{8CvDE?Rt5Q#&^TUz#hn@=P656kBMmzMX?m=g!!;3Or-}>(
zs@X@;n}KtOkO|xyY}crvBxVzz0#{569>w)A(tZYid2hjSC*6eeFr(fq*b9x>_pSdb
zS^=$KFP0@hB|l+Z$g(x7`wmym0Fu}!=t%-)i3BcQ6bi)2Q?HUxOBDTzxn+y)T7&X&
zXmqq{4eo`Tqn%1N;TRffhdy^N8N`G#S(Rdx#2CInk<xvG8xWA~_;!W1YwPMVEjIw_
z;20_@-1n|3aG|>0!JB)>eMdkXFC$NzE6$#`XB;ylW(&@|ry#m!j%Hq|sOjW5JGX$f
zwxZcZW>Z|QYD1?+z{EIQyh4C_`b(1AYn5RtT9o+F@8Tq(60yD3MLR)p(}JxgoWoXR
zjfPNaq}OuJtGcq<rgbL2D^Uz&j1I$;=-g)=#(sesV0Tk?^FDleJ-7!P9IX$|>kRV7
znE+^iFy#$(c}xk}CEsh9%QHd^C0pl?$q0ZhzAAOKsCwcDJB=+c^L*|3Q)+=Z*GN?v
z@fcX{!v|Qy-_v}%*>L=cV$avB$j@#M%Nh&8CYEcZMOW}#`*hvamb1I0+7zQrSc9Nd
z>Ek3n%V3&3Km{<p3oTq(OM~iRp+H4;1cQ#{+07+H@~w)0fn|IKqmD=hLcA6;81C&9
zBTn{2Zr?A`DZu)M$#gd-Lab?VGA5%41$Y0Ly3`ce3PBhH^t!0sSyJKbJKNQjY}7yi
z953RxV2fb8K7Ca~G}P_{_!o`NHke!+0O=*+c=l|2hA&AqUXTE1DGh%0zU8|Ng^lo9
zpy9-M6;s*)Pud7h+n+p5y0*ZrtB@Q8-u4Jb=rMV%4LN21dIOZCy#(w<1eFmoRP67N
z{w(6fYw&P*t!oP!!H204-z18+mB`l8C6XV|?&rJTlskw+$SD6ryCBo;>V(+obPtLN
zsslv~uHO;8MkvM>$%(Oc{@m6<w$Y9Eyzko94PvT7UxJhvlQY7lPQ8JOp1^l)Pk<T;
z+IoQ~Bu3tyJmA`DD+`oM+u8Z>BeU~nEN7dK8`AKSHWc3>9}3R#{ta#v&c>1od`+Qv
z?pz&WxKV$`@!NFv{lwEqD2(U939&}+L<hlmj`AbZA9&i|qIBicRTqjGE_+luW1fq4
ze!{b@-=7!XN3EJ-el6AobDOzdf}Vdt7L|QD#Z3W!rqNP6R~f~TOa^jY3Z>A+&qhGe
z8b(siabywiNVT6Pd|1~x73k$kN$USF@Rb=2-7mYEl@F<W{!vheWA#0Ey+TO4XdQ6C
z?EQ)}rZ*<VIK%+{Uhg;h<U~V-9pO?!P_J1hxiHEuqD}3Qe9}2wUZQzZR*&pKeI&~Y
zIAo}dRr;?&z9AbpG2COSDqb7g3Vx;ZR~AT-F|2B$hc>D-)N11F7KUXQXu0(*MgaQp
z{Wmj7O(#EIeGCp#DMsN5LM`S|R`MMu?fk<(g9z#Xmi2gAxCR*y-79v7g)70_<U4N(
z$^R<7K8ALqX2li;!&OFo{dEM{Wu4VdHl~f7O?bdY91_O(6qu$$`(+~gskG9};?r1%
zGU8gifB-c_-iw|NbGfTqg*dim9hUZ86KggT60=IJQx+Ec;3Z6OPP&TL{?>hkkk2=@
z>;AN@!3!Jxx(KU!iIqP{(>o~NdIoHB6Tqu&AeuY`!73pB4IUCT*h-8thH03|-c!r=
zny5sQ@JZj8&?Jq^;ws~^!tlMnM%`}3K#=H)oIX(FqFJKa+9#!bc8#cOGW(R3QH!l?
z{7u;L9fj;~f-aHMBGL0DDluC+GjfCyL6XYd)G%z_Pi+N8ASP?qRc(+x>gc{v<M|~x
z>=KHPm6yCqPneV(9Fz8cvC<rsxs=WL=6UxSQhw%U5Dk=Zoz?9}iq`q3v4;!+Lj=uD
zfRj9A-phW4$riMJtXPoRHQ?RS`3olKw(viJO}mb9S6cdUO6~fF2g2QU<m<S{Rd_mt
z-DW7c?96YBC*>j*IyuZ&Vc80qnkwarlV12A&UxN93IZ@p=i$soOH_3b4h6i_nfa0b
zt<cqSy_3;9Nk8hAB)Tn)yV0*>aXFvOJRlq5rPwjM@+m;Rc_z3%nFyyP6wjBmf+YcR
z(`@EQR)Pr$Pv!9i^}1`M_x$Y7zf|wJQB!P0-ME9$Bodt=RvYY~bLyFF5!;X<`gvzh
zLnUoBF~ZfiNri7YXW2=qSe9JD%O#s<w`aXVxWR`rW7eot|BAdq|3X=ns!(YUSTQ$~
z?I(*^tWk*}EZ9GBYq+h9hoxjZMihjFhQ}X^1A#T+aqxi{tXX?gjb&g5^SXpi{j~fn
z!tbjp1?382b?82L%kX5`mg}B2p#Vl6m{Y%wk(IVWKF4+i$=5Q%8?yJE2<43FF5#`r
zKg2Nzr)n&dtg$pD7DpT5RkYTYgw<NW&KAE(L83+b<C^;9J-5$2nrhZ7{&v3c-o=yf
zN^+-6;?2#>+tyCY&OLkzso&f-dnLGV&m~@u=*ns&env0obf!A!?T-Wt?bQ^w3pK@{
z4A`8%ondV*Nlq?tw?5iHlZL5}PAW)6b49F7<S5D(a*P>rFx3wRH@UhVr6GaLf`J{~
zWs%BMaI78^Z@Wq$ChnB!&ZUy*M)ysP;3(0Zp#c5q?XSZZY<GvR%oF)SwNaLQHyahV
zM`t2u;h>U|lsQI2R?~uK^ko^EUuE@JwKpu+>~>B0U=(cK1ddko4k3TNZSX?&eJ;W0
zjLm+#hj^XWeY_PTs!aNLOOs&K5r~fmxC!wDe=nAjyBBCjMH(5(^xPU3t}U*W;bga?
z<Fljzu{|VvesQeruiy)glHvND46?L(5KnC2d*w=@u45#mx*B#d3e{6jwK*yK{hkVI
zh3)jHg;XIdz(1itMYZe5V78<y#y%UzXQZs;&VQXZw;&W+U3wMy!qjk?GPdO~3jXH^
z<=P>pZ(!Dq-*1*}TYWh;6yw^iJ*6D+aeqfL)6zWWAx5O9)ZxOTCO3`dYl&7nx52wg
z*u`TZG8!341EiW}duP1|yf?GiX=aqLY9y=JW@yd5@6@<JomqJbmRg)o)YjX#Bw+Qr
z8S$cARzUSIrZ9y*@kRML<9p|NEy0!m1a0S#++f<{4=w?j8eDvv@}-n+I_De+Da+;@
zmBJr+8Kggc>Sro4Hr6SC4XaEsKA-_s7M9B71=c`}s^g82VTa155q!h$K5yaW6F-Ji
zWD(Ci6qTIdMsM3!6u@~4{j}2c=*B2W*nC_uR=I^vaI1MGuY<Srk+qg&FkNqu-?3sg
zKJkB&hQiaoi-^L{rnICo5PV|LCAT}e`I^kC|5?b*yr9hv`FFZ(t&G|X{OHOxO3`%D
z9XM@TJEI5K=ai?<HRA1mR1<sdwIH4!6(F8EbYuss@P|SWbXb+a$NG(}1+B)r*dEWs
zj}>}`8{<M4?t{$HG|^_{i;y{j%<)z$h}7-7MIO1yx3OAaM<}*$Hm0UnD&VP<AXOL;
z9sR^8>s_h6Fh)@4Bt8o1WEwiI;kthNkP=3i&JjZRkfC1I0x{n7Af|JUS*gN(K?8Ck
zOhd3f!Y{ciEa_6(Ym>ljiNK9dbBGc|&mNG~vt7rsThNZ^qfdNv!*1Ko=rrNcTIjr+
zWSofm;HE_@ylS7i9;H;SEQ4l3MK#nrAF{ZvYph*bG57q|guE=??^5Xz+sbfFPN65>
zE=mSs537o0GP4gGg<F%;=CG;@Y78<XotZ1<9gs;Ka+kSwE?LG8DW=eO$SVK!4{EzM
zKUg)U7Ft*fwGdi^%C6i>R2iv!&7B;oOh?zywt}$ja&ZUKcB#GVzJ`$XVkiHcHcgwN
zG0KX*Dd1Up31@I6Z4I`B0$&jlW2jJ7;?Ed7!;9(qS7Ua2BMzv>@=a@Juj}p$@x`gy
zO-3utmH;Ik`{gUaNp`2eZ^|W}&3?PBF4*`Zpyr(1sWGiE3*lK~dK(Wx0!N@&X4<)P
z3skX&^jzDD7+<Yc!s)UZ_fD(dZ@j!$Lk5r!KGm|XN?%aUWVr@j&6cz|P99IaOp{Y)
zcP(1jcu?kq%?{p9kksyy(plQTq0!KJX?wbkk@@11^V1pf!%YCmCKTWb4c8C~05|9>
zp#ZITfz5TA4L#4i^MqwT1)eaM8}yu+zKBrA<d}O?5@JptWKvNG=hXnau+9$H!XsT_
z=l833Oz_CfI5cVxd2P3La1FQhnY4lk&z%IsGp12N+hb?+J^U?BX-GG@F=|rz5u`G0
zPvAdP&5hfgf8sa=T?Jg9I!)D;Zoy~X>JvxhdlX|@zxR+zvQ~o=YgqC~X?3Y8smhwf
zv4tC23SG(=q7BqHt31&viO&;vMzbkRWmS*-%?9nN27o?$wB*P=)vQbkHosP96}!i6
z@*2XseS(`b^NHHoZNN?#O}s5Hr|UonAey`HsBm@IHy@|;S?B;NLwJb^6k)&H4UsAY
zmIiaOTd`~j!Xb&q4OiCuGx?Kytd4Yu+STE-Gh`3-4%(dDNYD=3xfBiM!*E$;t$jKA
zW7!t{A$lEpvR$VMr2}m%5RIFYfJ(WT>5Cc3B)UM*&hoW6|1=M^8(qJPBNP8cCQhxP
zcC|j2Del6WywXvC3A{O5z+2aa!%s}^@VNS=OF#@VqvalyhDN3g>=gJtV~*PncT#B2
zXrMAym*EYv<03mccE2Fqo>wNPhi$yyZkD*&9;D>W38a)Bma=l8(^2+TXSZkcJfQy?
z%>9Q~gc6GPsr89r89>&dhO)91YjtO+MS;cP1LQOg;@wVpg3>l}C(2}$a_vJ52U)N$
zUhbx-_sj>anJ3Z*goH67I0`Bwj^@G3M!Hg^$0d&c<F%U`Ye59Q>^4DadygrSyxRsD
z3zcN%ovKu~TizEq342U;IPpfat=t3T?>V$IQoS6UyvGpuy#1jWSf-zXWxgXCzU{!M
zob+TB07VWrPeMm)3aVp>7L{BGBHicaST3{aCwLY*;S7?(+5CHxq@au#HLZKQHxE&#
zsGOZuRT87C2-niP^Bc~ei<En6SfcXan|{EA(l8hIcGE-dESL)^&D>~Y)}mLMPEjfc
zBO@u{T{Uqt99xETW0+r9C~JBdO>O$9MqZ+><>Ns$+lN9ALr6b;NC~p>WMUwQ7F5X4
zm?02uDVG@sRrq)kYFo@h8|r&B;n6n3dnhn=B_gK>XMF&-LM4lhQb$fddU-jB1`6I?
z>bNP0d??X2E}JR2P_1kdtA~9Y!R;q3tmvQNm3rBG5#xcq?P0p4k{I8m#Detci4aES
z;>66`zKi7pd3QLIejZI483->;AU&e60S7T<y7$2bKIyZ%I2I!Q$VjRB)8{7DU4zP>
zJ(v@ub?-eLx0skgaeoa9oianiwZgq327V&S<K+rlUM{>a=$%LZnVR>u($m7L8g5VU
z46p{#H*ymnf_rZZS7pE0hbK58gqD_^O)TPx7s-9prvVR=AK4nxNmDevqYos6h?0$u
zhmudtO+o{_9+tNQ_yUC|k-iVVf@^2(AG85VFKA-fIURWe8c1_(h7;D|;ks-fRe986
zLb^s}_n2TdkRm2jj0nB}HY&RFBi40G=lTC|_pRNDBgwY?i|#_={n5s%Zn|7H$51ur
z&X-&=2wP=93<6W0Uw`9~nR;bPDQx%j+*v){RR;5rG9x2)?AUwr8i+ujE_<UwDd&6h
zN0udBcp_kdj{#F?_q*l(P4khn1Y@2yS2A8FgM<8`J`boWx!SGBKrCm1n+qXE1a+$}
zZWfDL3k=m;nq93{@&{J$YRPPO+rpB!!XOxZ!elACJk{dX_EiebVUNb}EP1Zczx3qg
zWy*RVg`ZKLnM2Mz_Fc4tW@9R&k!}>cq8$<bjdEOP;CD<HnVn?5+F7F1ib&s5ByM1t
zR9`h%{B0kDE?Nm-sbH?*40aY?w*cETIvS|1J%*PrID3vtX+d!g$i%1b(Q>`87P0l_
z@>_0*2hQ%abv^dK+EpAhIfraRHk?HpZ@D+nJf$Ne@zcV)tKzK*s<d(;tRryc*{@64
zIQ1!27oztP72#GShF3!4+VBowbqEML@usP_U2+fiy&v)6cnUYTRTl|9NSnA#Pt`W0
zNLz2rs4(0|&%2_TP3{P^sBZ|sECz6AXDA1=`q6wJ?{1Uj%fy$d$ecY?GwheqPll{0
z&wwSY>1_pvPs7-b!Rd1`Z$9FgNo$O06)J5D1ty!2MyX45ZR-+UnHaZMBDh5QzbYT#
z%K@HjIDVJx!gLv%>Eb$I_jr~44l8;kv04UGad}$uip%H-r70c9S*bA}qR5g=7l#v(
zD7o7p6FA&Rc;ege2|G?wqhwYg9C#h(8jQtqhHv?CPHzr=pg(68(Wxvg%e&c;Nh!q2
z>m=C(@x#~0%ewyD&g_Y;87cI~WlC9r(MV$`5LZG(EUS~_?}Nm3*<CP{D>vs%@U{!_
z3A5Vven+Jvh>Q1<14NGiw+YmeM5Xb%^mj!A$fWxk91i-26?}A(@G~57o`v3MSu7QB
zqAeVO5x&Oqyf$6zma`O<F+!*u%Jl?kqjiwX6ps5^czS<X?|-CB*`}o~KPy<@gtLV(
zYFx{w%>N`7b#%n@)adAJT6H~1--!O4FLH%(d*VbjAuFyzb#`FpRSt;?ge$I7H>TH3
za>B_ww=7p`3mKehe6<Y>nPu^d`2IA7%AIEq?$>xBk1d4-8oJ`rAtPKzbk5pbZt6+L
z1_u%2QeG*Fre4a}QbEfP{)RUwL`jfxd|3x*c!)@%-CYff;y=AvJV+xfPZ2(z$B$+(
z+<}r|UZI8-o<UJ?&d3}B+gjt<y>7pJawvmW(PNsE>Z0`8d@KrMJvEYQa9wZEuBQ-M
z#)5}~NWzLghywLesPFrljpZ2ByPfa5RIOV0yVB`cX@10WeVA`-de^JhD0V&s&E7KS
zq=snmGC9kYN*ZLw?3Zu4H&9|(dSs45Uwz_%xYO&5Wv<r0Fc}Ds=5S(a?p@f0X_zqb
z2E>@(KwbyC?I?(yaNbtsZp(uuHt*Dmgj%(42<eaP3-Q=LxeGqO(AIH>(L48#KPNQ1
zncu{10&JE2vyWG`Yk4T4UEd3F8L$%y3X|~X;;lPSw@Kxg<B8hxQ(0%t>^j92{w6ww
zERtimp+e&pTL(d#tix_G7h4_X;)~5R=y%<{G>Wcs^KZf~K3!~r^-8X$rVdyp3nfPl
zrhm4ms`C@LkFWTh!ugcIbo_P&d5aMKhi$9q7v!FsH=016(oniqmf6td!<9SzUu+Gd
z)XW~j9^9r?^lOSWHyTn%0SpMYahmDg#P~+9IHrknuwEY?<5B#OA9#?Dz@^kLF%LxP
zEVdH8E>p&Ok3b2bGEgVuUrSQ7b($>snYS8#h*wVC<&mK};EwDN!XJqyRn@I=3VjBj
z0*|2W07W${b2INqp0?XuRh;(=A@Q@SWehzpOSqzcVSWVx>hVD-aFz2fw!6cHO1I#@
zj|knv)2^lY*&hNAKiG=;IuQD&nEfVkQ|oc79LgK8?TToK8UQPdWJzOQO<j#siU%QX
z!X=WH&0;w<k{m^#K%$)3U9HvLXu<?yDE})~hi$cpZeytZq$tqULI^#R=`>j}+Mgbc
zAEVx+3l`@!sVTaZj@C`lLiX`8CMtsGL~B_jxnv_7j2a2qs>9leg8p)Ymtx#7X~YY$
z+iW3@z~0?yi+qKgu#y7<rLX|w*2*s}6(F=+b4n?G3YQ>cH8?j}LHa{U3za`@w^Ppj
zOHVV<31)1@T7JDog+PeyiXp?X9Zd`Nh=W7w0nvRQEw`3J*dm^wjzFU#zdE6-ewoW)
zq#R9~tV~PH@vahZlB9v!0CR!Pvm2anR&au(#x~HGilWYASm@{Qu*whK5<**Aw?zVp
z*q<>481z1lDVnzDhgK}54gPsp>l_5^ASn|P%plF2&COk*TBlkEe~f&ey-#eCAggRm
z&J4wf{F`x_pnc8o!4?AYghuB~s05T<m&dExY}IRUBc%z_Mjh>xB)FT+d$K|9ERdlS
zRU{3mVp-Q^;)>EQ!Zfa7Cz5ENf;FsM^D*G(mkhBZxSZE*83)!+N0N6Yhvo2weMz<5
zxcyl32c_0!x`&St3EVU9z*)?b5K`z7dp>&v2=kK=O+a$DKTUCd^9^>!1ck<6+2+E@
zuOkMZmZ)<5d5lOQixo?u&~p2z)oE-U<I?6D!vgg*bMV1w&#m;oGWQOOJ}(uk1J7;`
zTSFWhV!HqqU=3-^{c3M3`LQuKMF$@yLYBlwY+s<2<O*Hn6FklHM?rh}6)VG;?UFD&
zeS$Gv8}`Eo`%iVd1_P@1Vr`!~%;Al)F;)0NJlZjHMBsiW*eIZbT^n||xT?sTZ<tI+
z8QYMeiDKEj(`2P}YF3hZwIMB*-tdj)!xH*a>qZE>TMLv+b57>L9k_Q5>o?l}W)y_H
zv?o;&RP1Hpn-0+IIt&SJg1~r4R;Q)SGTenwRdyCc{>|6d4W4T^r|niZg#tE3-+WX^
z$dqn3HEOk+qE_t&_Y3^YhmAqc#w7OXkeo%l7P|-mzK|V}<js=Yc>#xgh^LJd*7sM*
z7CtMB(eXHk0v!zg0=ZzAldRH(+F2`cx$^(qfs+<w;3oaSg5aRB?3o;rG{v96vWwuj
zhRf-B_zHEb;CIESFYFJ4ZGx{tdOsP)u*k_V$J6|L;l@f5G%u<*l6|Vf<hW6kaZ)eJ
zI5mngera|?DHh@beP<<cMz>8?1d(7vZ1LI=JHIFH=GpXcy)%a8Yc{0G9lIWSu3Rb!
zWHtc}h1F}k(C8qe;4xXTk>2=9?82Qh4UaryG5V#7lGpzf`&bqAJtJ0=nK|YZE-XrL
z4L8xOP#})~meB-GhvUCX08RCVO0$G!yw~@?g)b2mIrj_=$pr3Uo`l6tg*Qr%t2hw|
zbnAwZDM!gEw>4hRfh2etP=QR+pjI^b(T4vLX}Yc5v&)Abmr3s?#4n3;T-UwC_%#)@
zmMMtboQf<(oddZG#}&Yj{9NF>d)1!<aaFt8)JApfUemb*zcFLA{5yy4wVqm_S&&VH
zRIC&S25S7<7Sp?eqfQ4i?20>%GjoEdJd<!AA6YA`meW^-n{DcJe=EMKalv^iNrl8^
z`emNJ2DV(njFRiYl}lX#`|JUjcNndox<i@AY$6fD@;{>Rr8JR)6P4MINJ}J$jVfEk
zw9cRG_oeUwYbsg3AU_oAHM}&Fxtr)IlumPlN0cP|&QoS=bE`$H_ZTqOZBn$ctOXt@
zv0*1&uRqnI@AFLpAB5iEcI)8|_uvnNcSuVK>;@&$q$`-cHf+=G{&}wk^;8_3L&4b1
z3P$+kEGR2$#uCTdN&qa?RX$F}-XmcITiZ?OTp!j$UNt6o<;l=LSsVR02&qb&{xna$
zKy+g9^q@~nVuvQQqib`s@0htEhvMZpQ(c(<D+o`UE=isQ=x57-_dW&!nL1cT`o166
zBhGQus8@wm*whm3)L)KLKUBuUrWxBJ{oVf^DprWo;W9qH1*N*u>+2c$d<7~62Wn(u
ztTd9*QoWV-N0**i=$T7f)@edEcd}3_Rd8e~379(I(S?TEJJktX3-4ii+CdOpUTmeO
zlkjPp#i*4Tdod_*RKz;5zSg6N4f(9aV7|>qYEYz`3m)n{DC@F!W7Kb#;L>%etBOYO
zEI6w#kPP>FImvLW@ZclPyMq6zRSbWS>aBGbu}6xf>LZ#Q;s)F;ic4j%^{$Wq8Se?~
zJB%=a#GaiV0e0l{dtR_vLo}XlVc}rn@gq7wsciN)!r9q;LZ;e&*azONct)H~aa^!k
zfDr*Q){HbK?|ftX6nEe{*;#82$*13^T2jAx9#*|b`m;q(;#xeC{tecqO8iD_)r`7H
z(7xT2nb&0xgx&F(yrdn4>`hm$=Lxemu*I*Ub&_jvXSGY_`1%B^R(l4!f-x}#lyg}5
z9GA1FMeyhXUmb67wc8~}X#>3^hpILdLS>s~?C<}R0M|_a!|or7Pt56oz#<De!igGi
z!?>WXPUmTnGb$CF`zsvbZJsm1?}L~bB>mrn7GOqmPNFN2A@i#%k((7YzDs4G@7RSw
zF5DbH3K}{6%;|d{;hm3`CU)zR4XT7~%u=>i9S`SHUP~fSw$ma~3>>ZzWVo8R!dq2;
ziJq^H^}Fb-vZmMQ8tXU|K;@_N5WREjhu|uB5?Rbo=V`^xF+FtC<7ybEBE`MCpq8r9
z!|_$=FS?1tj;{9m%^R%o^cWvcjO4dbEzm24s-Mx1n66pw<!J2=MV-RICwe>0Xb)S|
zhen9Q5Z9&#^#5W6{U;^RA3o`B1^4PeUV_mfTA^PK=_d#x2429v?e(kd+jsa^z-56q
z+QL;v*Xf8d24uuHC?nw2w*X}}5d@dfx8I}--$?bTTgn1jZEUm5H!ErG_bGh+I9-N^
zRlz&F%4u_6pWX{mhJQ!9W&A~`6wGAohYY5X*@h(b&l$miWZ<|zM9Vnk_Pyy`950fW
zXcv>s7!JUlw$U9a1xSP4dQSB`I%>P>SGS7J?ugK!?z4q*h3G(=h(%0iuV&Q=^XSze
zlg{t@Bqlxkd0{7l{Ia{HY@}wr3>RU%L1>6z9t;bktJ5#mVPZ0f%qLWq7LpE&&6v7G
zVf5-G1goBGnRZ8-Mm^tn0nI^8)4a+6t^$_zhHJ+N$+gnkd3D)YE38XwQw#7sD99q|
zrE0^K^1ZW4^OHZal$(W3@cRR^W0bOAPra|oh?nM?_96?SoQZm)LmQK#Szq)@;5At@
z(OEx79K$CwC$BUH?~%;?O?<%NNZeQ)=3Paz```B2w*G~#n$)=YOrvs#zN-u_wiY3l
zB(?rqwc*hpedCQ;6nB@G21VXyCh>P1A9SBlan`HgW|w}15+8eyuI(@eT4>A5M|qFE
zbvG`z?lSH5))AmMg7rS1^`Y`v#~;j+SRvMi<0X@@&kmTYRfzXQ*;0R%zSI|hx1OJk
zaVP75Rc9^awWVF%KTE_V$+>bG&QO<2o{7_c63;TfUGonwXi)Fx?XhOh4&S|Jp%UH(
zxDI?__=H4nM9$|>kg8Q2=)cdWQajm6PV9JKMe4Xd4{6jU|Jg>H+|<rDDN<ZGIO>N-
z?N8LsKD)SwSUmwgwo*^<m3l%`7o};!vDH{v69V4BN+TtL`Hh_0Pi!rjS`CRT^hh1?
z_5hyU+uKQisGwQNS<CSm`HgwPq7tjg7RJT0=Y&R|$T0IUk20Q3bK_?O$wMWVPAz29
zjI2GDK_!x)jPEwua?Y7X-E5uZR65i;!)%V+T&bdjYxW7g&7aOl=N9=FRJO4Q@9Bzm
zn%<o@8yt!C5e$^lr8T;D7HF2XmkcKwCr>X;GY70m5J+hr8vId4Y^K?vo*L^a*Ijya
z2-3#a^&xRZ{Jrr*lqQ?kNPeZ1TIzJ_R9k8UoMOThtYXy@ScpDD{WDG``)~?L5&)58
z>L)WV;i+5%#=KPkIVf!p{3?icT)`iBsm1FzN)3(J9Dz9q*P0KS`kbW=-KgreSxt=X
zrkb)>(<>U&1$91~CSv2*AcVz835t$$^gJL9KOa2n258Olm(8;Zz6YN+**$6Y^debU
z<i`1;3~RM#^=l8MC%Hl1u)f2N3TYJ?CbwcjCIIc_iMi1ezjJV{glcpuR27TTz9v1R
z#Qw9rQp2h|d4*zS1B*iq0jPdSV_%?)IZdAHrI3(fBa41qy31~ID0Kc=Jc}|Q>E-uL
z@)&LiA7svum6}vAq!>>Q%WrT3@87%*{PAkH!eGEz2dSKn;MrY&DUQKoFpMDB?4pJX
zV-)046Zr{VAy<Zm>3x(mms-n^FtRMMStYcv2YgJZR1e2-@mochit~kj7x~ioqkoHS
z6v|=}0<yWWUKnF=aEmh1qwuS!m#Bt=hNRptB;|HtB{I^fm;R7&XWneW<}}b96b8uo
zzYh^w=wSsuO-Y23uGwOGXKJChBX~4JF(Wkz>plU?Y0GMpzHP<+5WmV9&Ki$2#r0T4
z%NSv}y&Xg_dolR(Q$aa6Jw{uk&XK%)y+~)F$>5M$QM@+dxTJ7Apum!1g5;BWCmd}D
zEW)+zD?QDq-ibE{&I(vX6k#RIDJQVX;n%<1BFN%4IH2v8V;}lmne>z&C{M5Cs;PG1
zwXK?3npL={nzD^S8b?vccKT}cE~D=n_7WXs=dD%C!LDmvahFidJR=(@z~P<Usze`Z
zQ`*()X2h;c%yIS!6hs*pO1QW>TadSoMaNiljwK6Ow2sYWG}@;A&mW)qzoU!W)$D_b
zqSj-{Mduakp;+@Ola>q%*)({s8agXpPpY`X&xwCwj@PbUGxm(%Gpa`9ynKJpOJ?T$
zCT;!U8vTrJ2iHD+o%?l>PRE+Nv>9fKy5kK(RfnqG3JbIqT@aSVaK#E5++KWrz$&<j
zC|{ir&8Vhavds?B=42Z|Gfs!M_2d)3MguYEkp(5MCNiir2Ym;Gt)zlx*{IS|_}<XR
zHG;ITzNfV8q)%~R;MMTkco52dsttvwAd5kwz86XWKS030L84kDl34Jzmt`W6-SQ_9
zLMTP&NlJPZP1j+j*D{3Le67_Y`#kpayO_@Zfd79L+ypHA<mh$cogm&AB>nP1hFA0;
zRZ3qCLW2j<C?oIQ@A(d*_nW+E$XT3-SMKH*qZB+$EJ|b&!^%I>i^o}oBA0$E0X{cd
zys=4{xL6gyv0M{G@a=`zhA)wLj>3Io&$Y6GqzzP%qb~M@YW(xfEgD1OhNKsqqJ?no
zB;yyFCkJ9O^51w;J7gG)8oj@Z2iXm2tZNN~_a3oO9g2%yuc1aS$|tonRQ>ztOnUv5
zZZQZ<hU{OY%7XK*<EQUC#8R>49rprxGFJ79qgOa-F+$QGwqg3he-e)|%KK+1s&UDy
zwe0z-Y9PlV8U#B*{tmArnb&xG-`y?s`!wK-)I>;AlFjKD;UlP4XKAaIb^P<-VKX+B
zI+k9BY4c`XCU0?g!vmTR<LT}ToWIC|)$&&@#vPfgXegRWUm&j~F+@YeeY9(-+}osn
zSt6bevMHyslx-#>ru+HdBC?BVNu#x7RkktHEF8(M^FTquOwEqCNQ4+@$7hNYc%ub^
zzw@IMX{R=??431pR7NOt@cZgPIad_g+ZL0ewv-g72_c*eR96CxyYp<=818-?@VVr}
zxpdk+okF-&D=dYM)c$BZp;U;gA*jP!#DP(C)O29woQ&!G;eY55()UKd^7<7UJv__D
zQcm^R4Eieml<_cGB(RDHy}NLiKpmd!R_w$%x;f>9cs^Fo#zYn_b6RVdz}K3=iWj)j
zJT%18>~)7&1;0dZ79LvxJ~Yd!eLi!fgUk`H-yM81c_e-xc|<7%v6GWVsbu{4*u*8~
z&ay=VDK2Utl@SUOJ!{lMYB+=&-8<Uk$kn%M($IC(h{U4_mLA+nv=NMOwni<E84`ds
z(W*&G#sGvG1!Q~?*d26@U`n4#di*9(9k1hGHR=yF88sTa``vHwQQ`@#XMQP6lCX-M
zcrC?7s?2axxee$0!%vx*<mfN$z;{f$;J4&N<zxLkWtPaPQO<T;n{M__^>4(I$%Pga
zTr^7yiW92(SlG*OdYV)p&>@3~Hm*sIHH+|x@Os(iF7Y}yL9k_edapA<V1vD5>#0Lt
z@B0qR=oQMBBkJnYOy(ikqC05tlV9!!TT@_>X&$>U1*)nh%0QG*)<KCD+T|!cLPy|h
z&Wt6^vnx1QV~MJ16uDXoZrL>^4@KtZ!~731ga0$AKflY}(xEh8s=qDz*cpF|cQO6(
z6O*@#{2bU_PWd>LzutA9UQb1w4-%0^QoN0So0e`upY_|~8Qh?m6p_#J$1!t%4w0r3
zl}j(yg~D#{NQfLmRU*Okgo=yBS&4H|Rhve;)i!;)1Ou8hh3XdGMK$MJBSo=SVkPuv
zr<5#WQS2A$$!Z}L-1YGBnmcc=#{JIZfRTlr<JeJGi9NXC5?vPQ&+8!-eGEp|(x;WP
zln!p{b89aHd6p`S1Hs|d&m`W7-Co}9cLK(?(lU<%-6qM)X%82>^&wh;|1-%X6MQm4
z4CJ4%1^laH!4!vNcp&0v6@oqN{m^Xbk%j(&D%2H|Sav67c0uhrJ(>qp`mA24PBBf9
z-QVC(8m(+4MAPa3^}5uvnA0%Gpclj&t;#(l5@DrX>n@<Cc_{Cj6)(Vt6f4_KiU-Y;
z;%#iCCj$MUzq<HCf3ty_6O%vmL<DZr=K)&?>VfbJ#v2AH&hQ?B?N)~c6wSspwLip2
z7G7h6fDCWyID3q0srp2w^yPUs*BsuLot+;|2SG-G(aaeK-q4ur(5H>kZm#%8HlZ}x
zB)hr^rP}#HtU1uUgP&*;{i;S>>k;!u^ov*AA|ZFXwo3MPa2KUSdr)PpA#{pW`~<&c
zK|8uU9bb=kd{v{0pI3gMK*!REI_BHo>OT2BD8Ij_5lUIfO`9%5RLhq#l<oQ3{YSDo
zYI0X=nsC9HTWLl_B?nYCTeIJxd0Q2m$<irKv$QRBat(bL+hLx^@^5pJ*>}%)MreYt
ziLMSPy>!JBwos4$bimGCh12RrTv~PAQL)D$%?z)JKd@c68C@Qern8J(O1QqQK+43Q
zKA;fp*X4sOkn+stO6xlemz(s^7qiJ^7WlsSmb^xjd}DitA4B@j<(}H@2s~`#WqjPc
z$zM`^a{86|7wKU8sCvuP)w_qE-@^mt7R!a3+|SEJomb%-id>UEkJ9FeXT+JRivS9K
z7#C)cM|s0?r@3`s15}4-d7}P1)J(8VMFWl6OldcuZWb=xI9mo4j-PSB%-*K2scnn=
zC=cyXWeUxhz5bgy8IYIk&>~r6pl$d7|Ay@Kw84}#<Kw8&5MK;6%xH3cYJ;$~6329H
zdmA-$HS4+3c5rWbQ;Wyz6`eG&fZuIIhLy_y(u5jc4V+s$?cz+14%YqtjT2||)8@zc
zho&+li$J7{G$U_Th!6_|j^<aQDVJfvLc9WZ$*!6Pw$D>1USl7P9n4>;>2)QjQEB;@
z&L{3hLSZ>cymM8Jv`!k@Hig;_-ek84xD)aa`xd@EMvH_=__0Z8v#ES@+c3%i-X~t8
zb)>3H%YU-a@-gsq`{MWu8<5$wp_q86X9!UqoqI92z)^_h{38^`{*tP(t-jdB1)iHU
zS1zf&iE!QG>0<4o=*{4B5SpWAHsrsn;Ma0<T9MY(W=;GRHK1d#RX0e;Rmm?_L3?R>
zWD+H0)jG|~kw$OgkerSXt8FKDWjK(NC#9Gjx15h^E5j+f1c5v;=x1of8Sh?5Qjh1;
z<+J!<Ey77im0CAw7gtdBw2;-kfj(_ixz(A&_lQ<El*F5*c>l(2chi}7A<JvjLlp<q
zOUHI)csM}FZ1C^EtVBxcV*BqQ&5@ri9oGw#C5EIdv5pVv5%xaGOR&v!yTieMp$~+~
z(juAc_xJ||BNTgX^<!Uufo5A#?JzE_2D6Nq&W6S!#$*UJ_W2zYGd_hwpJ}eYRV4i}
zuC~(iXXRlv`ZJka!54l*L9QWuGR)iI;;)pdm^m43$aZmT?8|AhdHbIe<YwzQS|O`w
zYMfxinfGD>Y*p+kY;PzSsHUDF3n|>7cky9m?naU(VOvj(=9WA&)Uhp!@YwM-Opg?k
zi%Jup-+EqSTWhlsq`!ZL-`C?~DLT<?Rt>2v3bCz<>1%DiXO>HQ{1jOjzwqGpxmLvK
zZy^X%2f!)XVTb>VryW^#^Q53Qjq58Qq2PGuOpv&=J?W#o9%EhE;3jqYAD#3Ssb$bY
z>B1(uSgIYbZMEZ->?~Y(IQ0*BIN3FW4PzKXL0Fv7vxnjaVGaga+@)_Z)y@i6yl!Us
zFq?m|){se+mQE^{j?I)XzI;*iA+4C59yh4YhZNnbBV5<V(=oEoXAOlqx1^Zp;V-IY
z;N5$<E|=4Sy`~=57nhazhixTZ%aw>7uGv>^ab05t1n2ZOc$*!Br~}Gpj>XmPjYf?i
z4f-yK!|;tCMn*QH&nl}a8)=%88p&vgpVCu`=V6<y_ro;WTrJLPWZEjuq#DTkcr~69
zx0#?HD>srJ&9fu%2Zawm5cC|E#La%Hjw>ie#c``zdvFSZzlps*M@91nOsik+Ib7lc
z!K-o~p3<lYaWt%<60M~uS6YTAc%G>lW9aey$t29%_mE|Y<_6HwY@NP72e=mLk=%=#
zhbD$qQL~F=B0r!j;pMs#uW_in#~tkgW?#<=ggcye^ci?WU(s3S>40wO-r#H6#GK42
zxONY4!X#U<ig2cZoHq#fMX8>H7F_u|vR868N)24Eg4-7L{N|_q9*6Q)O0CK|dQ|+l
z{-`h%fBklwoFfwGZK*xqR0KZ0`TcCQQW&`+g)h>|cYhy4{pmI#q~q!+FO!XdkaKUg
z0rNQ%za;|xO+<|@2xvbo{LN1|jNZ-5Z#r~bNAxS2huyxGS-)3Ln{X>HBF2oI(KlR=
zG3OQdy(`Snv{{S->79fhc2x3f0{7cB1zCLQk$mNlb3ZqUI5%i>n-*vfA0%ce8`Fu`
zP=tpkE)*KRrxxAlizTeMOXW8F{iEmq38#k&2FlNKN)LGuJ#?6GIfJ_T3@Rx$Xyq$O
ze##k|B3pxN<;DZaG)md!QA%~jz^7krXhgBxA91cOL!yWWULOw`l4g@x!^~o8Q~_D@
z^wd#-o;ng#wM%j;ybWr}5pw`hD3wb?tp|@$GP@+jg&Pr!Fec!Kc1c^hg385(nBTWj
z(ynM`b-3|-L5TktdbkW&O%4|^Mf-ti99M;qD<LyNF8^=plv7AC1*KC^LIssmzKYp=
zDztAqoxZr>vWY=tOcXeGgD2KMgS%&yT=_i9k9mV3xb~_094GLLCcdopzEWnf$Y0VC
zWgZ=5HG$o<y2Lg$H5F_iPJ^s(x1=^Q-BDZ5&l&5s8b>y{hWp+5b8<o%cI-7mE`~*V
zv|GN}SXI^@w6PsmZN2rsY)<JjFFNnb^fr)>QF_|qfT?MNmN*|sojaB!HfKiRO|5bk
zrv#*hc)l)iyKepqNh<>mA@Ir44Xnd8eCyZw9|HbqUL{Q?ptk-)(Y~}p6~AnO;2BJv
z4l}!3bwR{-zZ2WjMjp#<&9mMfBG3hu+7J!w_6Y$$YxwW9NG&mBVY`i(h}(&{yZYAX
zCkb_Ev?q*BiVp==U9k`CL&QfW0{)%*5OrX%s-GPt3chXTpC?fuAbLGVhl69!-%PQd
zS1nM=ET+sJ(Ak)}lk=s{I7FU?|4s8}XIdFnrJ$A?_C%k&PJT(F^-_oE9jaH(v9^E)
zqZnx^sf*(*JL?P8<0uaNEw#p(`CLPaC~L+b{gQMPq-%DA@#C4_!F*EH>%NWYzt^Zj
z`RGvknJ(k_1P3_@Oj<_5h6Pnp)lOpQMsC4(--o!MDi{~9{Fq7<9G(qc1Fyr*yE|Fz
zRtD(1LT+yLiOnXS?>6jB+Z*;a3b~ZL#AYiBogMDShc9-&LOAnDZ}RGxtlHpGD~<u#
zgehBSn;mB*2cW%og4G#4FRU<>9+K`-v$b<h1)`m2Oimg){awmRFdfNBVLi6ExTd4V
za)R8!p(p$4TEhKZ@&c4jNZea~bVu)Itu>I>TIxxmrFoi@Phy1+CI69}u!doj!Y(mq
zXh)mqht}JwCEi_Rp+CRQtvWCw1X?s}gf!ccOUHtL=vDjig{)C|d?cq8qG<)6M)6CO
z*JO0gWG9ekgdiT@sB$&Rs76(>&xy}yX`Ybe;3U8~n}UpU<*F))iBelYdRrOX%Bx0H
zuvmgmmWsDkO==k*>0@<M^Z{|;@7J~4ILnJO!yfB2Q%kEdJ)lx+^X?5YSFVgY=?g1M
zv?*yQwDOIWu}MeS-mtI87JFTWSOsHN@GE~3LWh>-{28hWAYM@cg!bzL{ML+q^O3lK
z*|4|aYxlpMpy)vMa|rurad^8;mM=Bl^#z-P{^ViO^*t0OTEd0FWxyt#^P;YJopVE_
zWb!&!t5yCCHlAA#+~6py$kJm4|DvcTyoLZ(<}MN*gZd;}NDAca<AuIFV=))fnrC+2
z>XvS^zeLuewMme?N00rlmGv}@C|(2@HS$Apg=szO$6%aBnZqGU#WP%nHFd$se>H?1
zxqnp2yw$n7)C?aeVZ-Z?4PNlor}w#0EGZg|9~{!H6Z|rHG)ylhywYYbi%iyr$Zie^
zCKUKwPb|lQ1ZoD8*RgH}qoKFG<6D<2D__rnWWgE?FK{=<>qGP}zD}?d<#oFI0B<!2
zk%bGEsl1|wH6)dCsKi|F6$R2%)tBRI75I*Y#C91Vb4>|LW0wU#S~fo8xR6m-niAwz
zVnm~xNG-lO6sD^XPX60%k1{X5hs<J?9CoRJ)i3Wn>rNnWB^yRqE|34lih!?`-}^V*
zETY+qloBqypKyoXYN})9BA>l%7s_HepWcNl9%S`EU&9Ky!{@>{X|SAlhu|79e;NeW
zns{!gCsv@faYJB>I&@Hm)8CXXeOqCs<_3SmJWMB>(hbTp3C7_C+Z``t8AHf2un?xk
z(B>a-e6W?$&!6$^3i2oM(}Eu9f=}SvA_7>jvT+zxM1k8UGR;B|h^@kKGYm0XhTKD)
zB&{aZ{u?#5efGFb4x%`8MSK*<HK*H0J$GV1KDxS1Df7F#gm2~Sg85V%CF0!5*azM-
z+$&kFiQmG=xtjkQT<&uI6wM`aJ_G#{|B?p^6uLQds<MUTk4@v1^fA32BeOcs#(;HR
z#yclUy9L0?EQzYlTvbaos|~3&7*Xe-+G6nR2x>u?0P4u+X!!!a2Q|Pt+@wtE#ff3U
zq3Yo`?*(a7*QfQmi5zF_h4r(36C0<;)aaV`MQpVXr!bO?iF`@hYKvuDvQP%ALWHZI
z5L?|04c;jiy&>GFMl$-9q(J6>h=nH>zQxBTFA{;9p1`qjHah$%<^m?hX}3u77P^`K
zVM+@h>5k~mQO*`Y^sgx{u#~b{RHQd73aQ=#U&0u>dN<e+!Wk9X?TrHP^1N3c_8~Q&
z_XZITKW~$))taS%f)effYcNy;Pb$ZhE2tBfnL}Nwa&SEnTxcT>;R^avPayhgBoO^!
zCrHf2oXAuVRaerk`6F!WRc>;**jBB`J6!a2j3n+H^(OeWhhuw(+>7fNvf<U3w4)C(
zEcp#p%lL)_lhos}`{zAk1H2Yj#IeoerKMH4c-}#PYYRg9)C-dvP@^+-)wM6?nLkit
z&_0urH4W1&1S|n!Vzi+xqA(nx>B_!Frc~jcGQfvut&!8kYezsKChi=|%(l%|=Xl-L
zt~+(3Y&Q<-X;q~HtZpbyn&HZBH#33E#_pLGpCtP%mHmtCDLQ}Aw1R<K;?f!8Y=#gV
zkv_-Ul*aEl@RN@c9Id!}NPYt^_S1osV5o(DoIVm(j@P8<Y#Ly@2uc<H#{lFUbA~;~
z5)A7Muvj=NQdHUMpl5158jPY#b>vw}F;%GD@1Ygvm=8_tS<<el9Z)m~*Lfbk0$W@~
zs=e6WoN=|mz;W7B3~8jN_#U#Xs@8-Zo)6d^yM7S!ZX4p(!QU*lsdBLyR%g0|TfQPa
zfR-*;|DoB>u|q2faZcac$I&u6$7z(EOahMFK3wZfH2w3Q%K2|%`lsp%yEdMFr^Zu2
z_pjP`Y9*$qvr0D4=JeenmI~jgo3Zpl6spB}J0j{Wt2$f-0J%VNXbH7HmT>l#ss(ax
z>QK@k@?>{}Y>?V25M9{*M#EUt*(9OL!pE_)9LpF%*XC92;`fK5312n|gf=(mW&N)2
znltz+epgP6U^)4uXN;*C?I0Y&Pm@D){`Q$3O>7b<_tNExC|+JDlk`BGxj8m2MrAGZ
zvO7x&Rx!>x&eD|vf?u36kbsygqav#}^3AKf^+Z2E;y9;d!q&{HFB_`*og+ktkja&e
zkGF0_hrcR~=m!0u-ekX5h=U%eVyVm;K(i5u_xh6qs#q-dZ^7;fUNhr%{B1NV9{zIC
zih?lvyHqQvd!?P3m3ECHLzAY3za)_={aC5?&ok#p|0s@QlS!eqXtgecAxaj!V)VQ^
zJe_C?`JrH_YwW=or@g(w)rzst>o>(Wy}%K=z_aZAKD(xE6EA5oWq#CkEY2TXjbPZ5
z+zQLr_lLL!_P0<|z~#G2mvQ`$X9%`($f;^~=_>n8PjTbA`vtC*;keBpkN^jsQyX*$
zA2B487_pMWRL4wM6E&~)kB67~Ps9>vCJ7|<5w4z|4(RO}WkMH@qvxa%jO!-f@$tJD
zNNE7B_<&~kqNKI@620@YDwXn^BgZxNJSeLm{f#p7+_rY`PHxieec=ZU-3edU^Kepm
z1NfK5mbuW0rM=o%w@-}OfQR}NXyib$?BxUBa$_o!*YGOK7E{GNj+w8J^knnbj!D5d
zo1$+#AWa?ga;7p?*Ud)J{=PdSK>CILb)z{Pxm7f#-cq)N8sI>YzKSywT_(Qej61`s
zYMS`&$oA$wN#l}vu94cwF7uTwW1QmNQ9#b7xVt_}<lm5u!~Nk-8um`t>QCHDFLbZo
zvhGz=5UI?RdOmEKe-IgU75%CS-{OQE55+bV<W;0@j32MmMeNgw33s3mS1d+FMnqa?
z$A+#Itd4N=HF{elnO9o@U6n)W-3t|QhKGpE+=K0QyDSm?dKfePj+oO7O|%kc$ZiBp
z)o6Nt{pOb4ZUgno=w~syi5^c+xe4Puj6&3!A7z#UciGi-&VBd+oJ)@}Cd*i%tWXn#
zo)M$8`kQf$j?2!I4{XB5rogHxp92x|a19R|)ln&Nu4IJW1RUnA&|2!}o>lEWl=Crc
z-L;PKFvAqmaY&{$I9I(${a}YM$EsS@dj0HYv}rt#ov{N{=H>~HF8}0WU~VF2tm%%6
z&oUT!4#q1~3qUQH;GuxMV0*G>r(PG2*?xA+67`0ggm%VGfo?`@GtXB(1h?_yB*#9k
zMI!u8?l9Hhwj(SNTR&f24goiytB(Gwg%Eb<+WJ=+bgHkC8=6|$NRh^h>c+d2?W|<J
zwj@$)J!2|z%v}P2770h7=^EjXQaXkE+(R^ejZeknl1M%IbP7@n&Zp#iHzm}aiotqe
zcC?i_OvXG>^R>tT!NOl^#~H?)-P5KK?7mc5J(fGu#w{`3Z6MgJen`zYqHm^@s%EUZ
zS@;H*auwWeJuMSwY-A7W9CoYp{lPblJ;-_M+F|ehyNA8&0TH*_sWvC7uGc?d?Oko2
zk^>yf+d8)9Kqu#F%YBua*1mVO**}M{!1ypeGBQkh&SX#FzCLUyd!a|tfvV|#jXiBT
z*X36Gvjx(E`WLn)iq7V36m3HeTSn0#+esnHHKgxSc^yIP(<ap0vLT(TSThc%DeDi-
zzPe4w7O;8a!H*|nzhoa&I3B6!jPMwb)wto;i=#9Z04Gwo&O^6L`aVhoVzT(Zvp}kw
zhZ}gKkLYFng>pnbBrsx&)38WA)%l4W*lX@e{V7VG#nrJ7Eo<=JN%H?d%7!wTQhF)c
zQaLfjJ|A@y9Ip_XJkP(#w%z=zFo}Hj6{@Ip19EB*)VDTj$<-)Fui)}DA=w5kphi)7
z#qSt%r=aK_Jd*o>A^_y6uhGWsGoUtH@uWzjZ6>dluY4ctD&PF}K!)$Ggo4IS-L`t%
zBGZ`FIFX$~=-|}jNv8WXu9>^=HGaZ(>9KyBLzdN~V5OVAq>0xc%31@j3?+9Y>$4aO
zR_S65D|Ag|!=?q;<}>Lpqx-;_zFlC~qEI22TT09U9tz~CaP%6eOi|N7TKAj^_}H*`
zW#PcfSlXQuVccxjh*qx4O_Jht(EAQ2sIk?SC^i}kN7cewBG}wmy*@I(LX<jT=TP{9
zbi0KJQx=f4p<rW4)h?jQ2yWfP2e^bx_nsxZ+-9@aSv;FPo132Say8PLhG&l#$xF0D
z2weA>3j=?-`L%Y}*);N30EbM!CG})Xkng)wgBH594bpuwMHrT}!iR#0wZ&s_lpz<8
zCZwo4d2x!c+KBBkIqi-Ls<kbs(NvyuIrGQ9>{3)8LJ(?h4Dbf3NG9@}wfbACaFkp9
zKijqXOGKFr^gcIpUn;5dKvC{Fg^uJrcvlc;V%}ih_@2LOVZRRK^))=!y!S|D6hS;J
zf{^2jO-$XpGwLEDZghz-qK>Y3=$)_#x3Cr31V0zjF)6yyWa$Q7IEh58By=i0;-%&+
zT2H{CbW`&^47wrf#35;n4<0kyWx^BQuMOHmT*(c-!#z=I+*Bx7l01ibTRY*XmxGv-
zWHaDS^oVn?O<OK37ZKSIKm2_3D}|-F6O<Qk;7noy`)l2?lyOJA5_crs!#9f>{RqsH
zOoc`7`-{VyT=#O#&vB&va$4hmxa4_HtjA)9>Z2L)70n%zwh|{7QJQqxOUq9#<;L<x
zirxhn*Ok`TL5fN1Nrm>NW9Ar^eMTa3alYk9x-z>xUgkH*3MIY1N|&#WM-*aPB;O$y
z$A_jnY7@-kCwTM^CLh__UzhoWo4;fA+@APaV$e=Yy@{*5RI}E~dn{V47>%w|kVf1S
zC_q?e-f~qoZz*9mxTR3UeYfK0-py|XYDw<k5LG)7@~f#WQngH@dN^De%wA(-m>(d=
zZMy1Z9eEcH!&ofmDKi<;OEu){&Sc#cQTiGmeX}ndqmg&51pth)Vbz-pmtd>dYh__u
zd%fOT*w%bnmD?Jqzjb6*j%;wKIQ5$Ihz*a&17_7JdW-DoGCBZ3qd8<LEQ*ma*UTek
zhMcx%5Khj<v^k~79FHgVRHhhOapFQZ@6D4Wk}`tm^AmDk<IHQ<Wd<gb;4|J8(`~OY
z>9)QQ@f$mjaCfkY7aKKKu=3V5KrZ>eT7`Hm2G`;8<@-J`M+X)8yuth#6+|nStwy+@
ztTUxt8(|~K5&xOGqJ;t1te0Bs+BFPB;4RLXI2oF9y<AhyHTbl~TYH+$m(SfKpN}$b
z@~(g%>Kw_$H%!(9wl(J<r6g%ofig4tg=->G8n&m+>gT~Ztd)O1B<H(CNfHK+u^EZg
z%b}-Ul$Q_r>e6MW=p$#m3UAzy*p2@g@5#XZ&^UQ*8BZO3i?+$3fJU(mj4yN|hw~1E
zDsoAI`*0{^Yg!kqD>Wz|lp;hu!=_BOG)Z#wAOI~-2guqv@z)x~Hi<LiEoB~%M}*Kx
zHePEL!3bb$qRzE!^u1TNx$4LBarMcN>yvaw7}te_k}4CVcGKB}EVC8CLYB*oWy^iN
zd}7@5(4_SYnZPQ1bMfj$XS6DOnnyGYh$zXAIGl5OnBI+YKF|^l_m4lF<x%R;cbrUz
z4`Dc#O;^trDdheb$S_pgBE4>P7FA?Fk{nw3h~7HINKhyFKB<|P>;{L!E<u(Lai&|2
zxBcg7b)@f^Ln}P|yDOuv;--@^>Y6b?B{wy^kv0u8YI@+5ERL!&nIByeOF{VJzCxFn
z1tqbvrTGM}GJtSAKYzsD?^8Q{=eHt#luiKVkLK50T(jnoSo-)I6M#`$?t;Y8!L8hi
z<#-;e<>9hc6Hzo-GN#EA{63kpd~-PNOw-%&-|^<{M|2?Tclg^|LpaHcEt#v!T9PDr
zpCU%T!Jh;h8KXK2R3C|@@l5-(Xj_?z*c~sQi|CsvPNn>AC3Wnm1x&2vcl&s1in9_N
z5G+O~<|1Ax>4Nu&X)&%ZexC{<px{U4+Gk_esj2DEy;^0j3R|v5&IWF;Ly<9%5;izr
zjyAC9O~JoB(kXfF6^8JHo1E%ReICmrRZP@)fVbP_4?`t(X7YAwEQx8OFA_ObW>rRO
zj$}jB6}W!zK2g8}LZ5)^4X4-!;>9b^8sLEOQ?wJWEFT&xjsYY?-%#jLgoi`;Hl2N;
z9}e{I!D>ui;wZTPCx7$&11byn6EoP+TBdu`FORRd$2htOyl?_n3`3Q8j{Qkh0=1fH
z9lRpj@P6UpxFZfdQnEFa?=#iU{xeWMzQ+jX98;W!C2!b2Z?~K&_u%8j5MLmEye2OZ
zvXAEXe5@gWhsHL`XR#-1NCa(mN#=Cbo|_EUj&yj%bG#y?c6Pp(4U`X@sQ%Ti&FZiQ
z$G8T640^NAvk<Dsw)K=q{~>yUD-#{6BO<oriQm<t&mqGqP7^?E%KWflvF_idQvF0d
z#y@n<0;{!FPn1%_Uc16h7G^gT3ezBfU9b@IKZS(0%|fy5R#PjXSkq8%SEwmo_|Y*z
z7EgrCqKk{bY{0v{@cB123W6)lrp@~f4fA(0&s?Wv;mfCbSgYB;9Q9LtK_gubLx`ps
z+CcFUss;uYlg5mfo(;1=&fUXkUNN<ym?vEXH|g7l>Cw)WB-hlj8<Aetff$KVq4iLI
zMS4^W^ZU+@2hS(47IFjPet(Jv<zvfU%p>mnLxeh24P=b!necg;$r&n647p-`UI~cH
zPrFE3HYu`i>?Y-EQ<0%DZ&LQncm6uq-{Y~7LGMer**u2Qj)H;&QNiDH3i#zy!2c|O
zU~B*gu0-`rxe_x<mK*hDa3VzK^H)rR3+A`t4i2HBatsC;`b}m$1Sr!g<}BL!9n~YP
zqOAo7`uFINIGA8v3X+-el0`CkJ|w&352z<n>SvE`PKQtzuMKBKzf1tgJZ`&{E(GU6
z2i*X1Y(*5DM?KndIp@(UOzCkNC3Z*K_;`kVd4;_!VV~UZ5tGQUhPfZ7*A+*TQT2Ix
zLQEmPWi5q#W06mn2+_XZnt0nL4~m9U?h*r16x<?rb@<$K*jO8)kWHU&pFi7&G$tQX
z*qQRZkij}8tI=!R!?5@HS)H6Gsok!pJ>=QKXtH(!7~|BaP%d3S3&(PaRtk@C(hSLR
zJ`gjc#y`XgIjh)nwtE{{SF0Ck=?RhnJ}N8K!o+8Jn(+b;4^OY=UcZH)uV&Edc}4BU
z;gw;piR+Y2zp2E2vPsg@A?j#V_OkkGYa7>^nY*G=32OU7daB_%y8qm0eUIIsu9>Lh
zb}-i{>1LlVsBHolq3xTtGswnio|+kC{B~SneSpu&JlUiT^GBXHpG>ac#=iYK;^rl*
z0I7MH>_M-46YX=#Z*W3ftyYugc(Z~v%iYi}JikG&t&_>=dLxRgSGyHkV^T}~rxkT5
zRy@i_qLOX8BnC>|SF$WK14Eq^*qWkN*`dNw`LtYOF!}Wh&hTxBLX2W5(_Zp+Cddj`
zZwi0iMQ5?rb7x1Br7v@RYNfb8QbRpM5%7K*O(@4j6UuQ;`+TCc&&Se)@<z;qq6y_#
z5LeeChJGjDAF2)xW+jw|YV6`23a8G4R&P=HkK_FJ=toSjg0dyTBojY$7d|M&gm2=&
z21{xx@XrVL8kb6fhb<Bj8%qL+d41#oshLe<W=uOr=fW*Ubefas+E#P7Q$ELv{QW|A
zxhYO|O;}D*uA!%P<k#f5iFY^Y=37KsMwT5~o1b^@qH{%d#@<hH>>D<BT>7$oG7@>4
z%hoZSCP2^v1$kdqO_7q<5siBOn+eoC?<NkPc5rUS%M=-v;W}C*(_OlUFLOg5cE!(3
zKSm(=uNx}&Iyh9GKEoA!k>yjodyXGtDd$~Iaoc5&UBgWNS<z!1s8plmReGYwXncpr
z_cl(KO{o@(QXxN;6gcQ_j6C2+C8?^sconP6kzb<O7T#-uSgo^NUSE3A&%)y~dMnq$
zKZjL`v1T7AV#FT*$g`SO0sKZ`@G<?DOqF6n_3hH&u+x&gPzgWOe`pE`D@OU}iQ^`f
zR*@~e>%4+@oq2yEF7SO9qo;eg3Cy#~g`V(GbCQsgNcxu)#WPv6(zd}^H=OMEBo14D
z$B}WD8&dMSloD0xL=7E-I%+UC47FY)QCi?3Iq5`c5WEmxazsl%1H4snXuA!ZU|fna
zDTVF8^Z5<3?Bqr<r`kcLIXY#%pa>Q}3B;SS*wz_7*8}{2wxle_A}Lwg%HvyX9`By6
zj_s!5s;@kdV_fhxAmiPgHXF(K{4iX{8)tA1e|p$b)KWkw=M@nJ19CI_@`(5v`YGE+
z@MDeG_`>k!l#0TulSvCdRsDTFW!MICzom;tv;Tenh#td)7BP8+1P|>B&ASa&x)6FG
zT|hO)%eL7-+7WN-siB3$r5~ir5IN5A(;?hHr|+~5aV)VKn~yctM&(}r(mE}fNAW35
zop@$|rJCh=!|Ye(hxa5EYpRU^55A|haQU&EWxd9_@W$q`E@%8BpCo256%HW?u9x5-
zl$w{ecnJsJiaDA02bM=-4wdG8=B>QLd2m0sh`~1?S52~}o^eLSe5f7|(hwytB1b>K
zK(O6!MmKS~M*;~_G9Ga|_Xw*cK0=S5IwAL60;nLZWs5*pl`~Z=XpLzrxv{Ya+>=uT
z3I58U*K%`xwH+_k-O){z<g{UqIVb7vK)oCxF(*y%5}fPP6CN+AaMr9I6V)r;T|_Cl
zvgf7y{|YipDaD$me828B9M{Grw6<i{?=<|u>#|rQw-1Cpcr!VBlEV^4teJ}9vbD8H
zFFl9*K%peH+L;4Hcf<2^R%9DUIzFZ%Ev^yCKipCx3tukF1`6X{?-<+8X@)xi;5of2
zY)>?3@AB^9H1b1yfApR-&OZi3uf0v4W`}4U|00Uyf2)wom}nVjwTzi#2gkhMsI5iU
zw6=>#UVBJhghx||Mh(~*LT5hbZfYf%CMMU1aLLJ5>R@GKP-B0mc&y)zS;<o{@RT!8
z)R80DkmVX&;*d$AR;5oq{5ndCl1gGCz#~(j4_lNqK(z}zPg5f?_elI~W@Y2iFp%|c
zqVEJU4TgIupY#Bk@EzpJV=U8%{BG`u8}cWg{-7?HN`}kyUBlGv48FlbvDocmg?FVs
zsRi}R3jmKy0>G+9c()Mnd&c>lrD9u7f)81cA9Y}e-^=LpS2AH^P~8MkSCfM!EDyW^
z&rWqKNwM#Y8qsuCoO5OCJk{hVs94~Sq^pusRe68ExUqBQ3)w0&lVyDpl$8{fQu#n=
z5h50=<EwZI_bGoT2-G~twrOlzC<2IXTg+4`W7ZKMF33~CY1Ioh>u=F^y2a_|9#`io
z3ao1EFU)y1r_JcAhq*RwiW5BQ`6FzME<{s`&BKuV_&nad&`)KdcNyrarf%kW6A*eu
zQk{=WRixcx$JL9X+RE=jjDpX&h3%dBRFH5AWO{^Y;ZZ&_UFI><H>g=wB_W$jXq!S-
zqi0+GYjiz5)^2vAmam4_wSGg(eb`e*p8C3SC7D{3A~hh|DNOO`Pou<or#}Nkeree)
zl7-al#WP!oeX@6RMX$nC3JlNMIz6G4unmrE8L#dRcAzu*PDd&^xWPXU%<VClIi00J
zVK&+N0n<yyc~}FI(JPvy2W^tb_c(A<<g}TNO4SW|j$V`W@oN0E1EZfd@gVDcgKz%v
ze;|YYKh%;Jdk9+STLzhrc<ubA3G7A2#e3N6jW`rrZt1BAIkRt;O?ofQWI!E}J1DTD
zmCVG{6{>bm@t__F`A^>B4I4CLsiHvCNNKJJY1KA_EYb!C>M$^P$%%5z;p6X)-@?NS
zd>DvD5MGzHvxx7({afoTbWID=U4MrpnscmgNNEnyHhIOVC;Y<ZT(vK|Ee}zeY+ex)
zVLA-|R8P%yas%Dug@9=j<cvFo8UJnE`drQWuEhtq^<6W^B)ADtgjc)uv3fI2pkbWM
z%=+%(ao4hCEXxeS1NjrQLCKwJm&!fyi=u{_m)=vdhSzTdPs$!AP6QU`Db*|_q^MXR
zig2|`KcJak$LY%4lrXRi#0aZ>!rt;o0k!z?Sk+gcShEmasNV5-C|oU%ab9tLCy=F+
z(U4qykN+U~*e{aAU-mt|pml-Xkt;dozkOF$43$Vp`txEv0NZ@LZ3+5aT!L`(H06io
zvQjxkr!%e?zIE&>buyfjG55E4cbh!jqJF#VqI)Cw!5n^Yfb;t5cpHVO77!={d`A5m
zKe*=xNv-n)rz3{R=SztQ9&6AkNMW}sPiw{TW36ww+fdDjaZ~!yB2n~=B&`|buqkHu
zzidtrXh|6xIo1<YUQC|S0jyex9+Vs8wSf)5noS9)l_r*#Q>Ieom6_+&fP34=D%y!v
z8KK+J)oL|o1t7B|C%pM69~YWhHw8p~@gw);{2tb4yCvOR<nJfT7tT_faW4hluT{0+
z1aw&%NQi%UeI>NFMS)JiX-5ia#~f!0a;IUdW|!FRceu*Lt{wXE<7R$8XN_UsLzcs7
z&lt${8{8nsjZmIMdfODBl8%H*lp0ozLR_(eRq}9g;Q4dBWfG%B<;qwwud0Bvl?Y@|
z@8~Jz4zApEPXlXWSP$W2{OVyH%%&GwfCM2o*nFq`5@Y1-E8N=Itkh=Dy9m2!(&px;
z=F#Cb&RK7CH81lnI;%DJs-C7){GA4<e5ocwd#g=(Wd3Su(4&4bdW;4?<Tex@G%%4x
zVMk$>8LMVgx$-osP5ZRSFtwu<kk$HDp7B?D%z--W3ziVf>|R_3&T>vCTUKVV4B%Ru
zah1ap<At5a50^0SgkhetZz+x6$ut{e1;YdPgg&<$xnJ_gy{)FNuqBy{tymGt_PU&q
z%kjqwwKDkaLZUlly8?>Av-u<_%q9A;F?mbL*+fVfkbP-HE}58Fo9NmFU|nbG&$LjX
zV#cCi%H*~nkhR%7-QU`1gD&KYMhLWKdB(Gf_>y4?%kRxmza>|7>6yxld6HW@oyjgU
z+o&e*n_qC4kGi6$5a;=-J4UCRVk)#EJrv-I7Bd08PDQ-iau3lphL51yi2xHc&$1Ys
z@F^>zvylk)j##{Q#17K0cgps)GpB6C`MW;JE0L;Ky~ff|9>t~9u9eysRPmC2@cLVv
zru%RimBRJq5|KRMC*H`jra4MWiO2<_=Uwr`_j+`?3Iu1KlEWL5x(~}|C_d7t=i}#W
z$eEg(Lu_T?KSUd{#7647=S@?#7Q#2RX*n117%ZnX{)r%2=~m@^n)4I!jyx6?a;6f^
zq~lDzvTZR9DM&^AB?uuUIDsv}p;79V_~AsLQ}b6B`0$$zKAdo$Ja~OY{P3RP!wJHN
zF3DEFGi*B9aw^-$GpMwQ1!X2YnWXFoVhOkRQW5(q-aNq>q8vHddK5}HK#yEs0xt>t
z64nw3H+v4(pTN4fCp|G(Wlg*sbPdaM{eoAxeXoH)k+N4rqu`@$<K^_HbWNP2Ec|H$
zm+c#Jk?!-5p0jv=BX;=CA*f;95Y)Ar@Mq{dC^N0dl3@n_54JJ6nZomKu}_FU{U7O#
zVm4+n7&ee|9QCk|;qoOd))RFRiP*#pyyZ?&msr-Ierr;PF84S~!qDYcQUHis-c+Xo
zP)~C&DV^4pUz;?r;`7C`xl3x|sI?1kb!ZWP`5WfoRBJL&9gFp@<EQVtl(d4TxACYK
z1fv@w&v`i_f!RF%CcPA4DLVPCHZ(si_8U2@_3q{<b&b`%i;o-#9q_^7B;1kO)b$&B
z1>&Jn52dxPps-UwbmsHNw?s`bsI0~r*R<iUO>Ov?G(h%H`Gto_C})D&o^Vm~>dT<_
zscM`Kt4}#V;4k^TtJO+%{#Nr%a>mSrW|-(*7^IGuNTig;L`APqN-1V{3(=ziygYHt
z)_fd)-^F^kM3!ZiG7On<WvbIzS#WHNiDOdRA5ktAb<T52sSDTbZi#x)+r8L8lAT6f
zWB$@D#$%!24r!>NeKQ0uDcYa7D&5txv8yU&Zi+Iiiql#&HbPOHWAB+<kLXw6fE@`)
z0K@^OS7^)NCdLOKh{;-(A6(I+>LDycBS>9old-!DzuYkUD(dp#d5k>~>WdTrHqtz%
zU+eHR(;YP&k>pE1!<Ujx$i7g=I_28D;pk~_pu#h9yk~r>C$oS@%xoa}BY~G8DYYKp
zVo;kD#atihL$!4IEtIKWLMnf}@m+K-kAB#CB2D3XU@7+tZ=AUo$n15U7>F!copXfi
zdbG?um(2sc5qz5&Vpq=zF=Z|?5X?MtI7P0_a%!84#VVj8_$a@1jbm-Cud+K#C;9Zs
z<*F5c00|4$bkX4v+mdg=Cy=O{vT9t8Ir13^n$#R{UyMAniFpwCu3o0n@4aCB|D7Jb
z+Q;c6*-AVm6M=zc<uIO9>`G?nW%=x`3dc)^Tla9<Q5je8FRJg6bm5xZ?`{y*W(;<5
zz^Pf|7B?u?x11xa8HZu7!0wkwiU5_%#@;MCET}U%f7>me-)St7FWpk-L73FU1#{P7
z`(4bKo!?k*%%dYa6G+~{fkbOkd%K0(4kbxi89H5nmKIYAck?S3Jmz;B9`i-wF<4YA
z*jKrG+CPq;G^KH<hpXqOM;T>OxCq3EY89<(IU!~bTNUK<le6z&iwbxdUl7m1sP9;d
zult_SH@5(_S5;3TZjzFzymAFCk<ySKQw&KVBaIMpY3O8TY_Q=1@-akm=suCbdsh=>
zXyGY3HW|wE<hlq?zos+#DYB}^0&B`OlP~mnB#z;eLV@)Kw@RIqdy9IKddc0wrPOdm
z=(KB{qqZMzo@DC(fK`U+H|?`t_5`X-nqzy_@j*8>?$>KL`z(!(_N67)2t8Fr^i;vF
zu3E{#^kV6`EvXtXY2_$xCt|Yrzq3G`QWP6TnH82;Y~o}MY0v_9wqnM15%OapD82eq
z{VbL<SXo&)D2A6)E%%cXYLjxRfB811u?emvrVxoXY;jnRTzX8+ArjHF$Pg__TL-Pl
zJC#k}DY5Ze($H0+0(<dAoOZ-O!fnH#ZvE0WFe8waggKbSVbfJ~t7nkhY$`D-YQS`1
z%A9#^@vgF-70Mme=*T-J{Syo2#>LB!tPGWb;RWnd470@EV`Ry3HeczH&p!{F`Mx`&
zPB5&A>1;|yN)T#M4ds~Z1e^-VflF!x?cI89Wd5#$!}Z$)0>cJziwiP@YTMsNwXWBN
zd3=Ln^R(T=E`wy^HcpSW{N2`yAWFvab#9wiZpf{@k<d_*TGqkrS!-yTIHBfX;xV=B
z5)y)l(|ETok~i)AMmM&mH-An}8#^1bT9z~;`r~q#C_oTeouiDf)k_Ra@5O5h=M!B3
z0?gs4<w3EckNCNMn8xp6)Sk&7D{(HwC>e^cGpBf=gR`1%e8%WanF=1)xseabZsdcK
zs=&aCF~cGX#R1kN1W3|dO?I#F_f3QaVkZ3O`t5l3LFh;53))OWV^#dc0e#70D=z3S
z6R5fI%WogPT9J=>+s|Ib_jA3E6SnH!Cugr?4pU`)mNI)YP-ImH|4ieVRl?2&6x352
ztl;(J2ax+P4+Ync?)y`^)AtAF_rd}r5`yE<eo-A!oni7d;9X>p&mE}cQP;DzRBUKq
zZQaal1{FTg1x_}GOPF!5E)M;qh_YfyM0sQDVyEvFbOhn}*~6W#u;EJn!5zwrW?o-#
zeuBMbEOAjmzA^fbv&`R4#P`@iQb{$}zMF|Ewn)%D@ip8S+$RjrS2OeQK9)M5bmSY1
z-s^zdK3v|k1#H`J*9wLn9ppoAB12~FGAq|t9W%MfIguTd^92$j`FghyeX02Y^=J#v
z*o(A4nkRNV`h&a)4dS8F%pm`HEjd5mvNmPSs48pZM0oYbDhipK-OBVOnrxCCeBior
z<^tv_p$ZKKADL-K@7uogY3~oeqdMF)YhqcvJNobT?%=y&Jc*ZwWi|vkd6;zlfD$)I
znqJ@m3tP*F+<b@YeixR6t$KGPPl-b)v1*|1-?G-}+#nO!jz&plI}MSt$qA=URDQ7I
z`M%t+UK*|`Y#x(APq2rKyQ<VCE`f-yV=;NtS_K{!+_f$@dn{T_)Q<`nue6<;T@j7p
zd#;96a?ShfK3dx!{c9|aTpJ)PW-M0mA-xD`^ATyolS;3f%3*7)UF~^Nw@kHAsZx<T
z(S`RVza%xj)S%1O!|{4bktMSCHLn)aJ3og<OHyibkhQ3U!pG>Z(CW0=EJ0Ee3OrX#
zD7WE0*giVN@`1cECU~k}hNo)ms*LYuQ{mH!qYiQ|>JIXGspMSBS}x3^&%1z+AE8zV
zH~VMY3*z{1ju)4mIxWl_<)Dd_%rAexCPRad5$qW3-yjd#jdOSMTe3QBA{uzkJ^^m9
zX(gA%-kO!pJ1E~4Y)0B|=LNKjdcT@J!5G+7=@P>pwY-^*Tdp!|hI1W`uo00T>C>qt
zcato!7aHx3COs2#QOF*2g_l{d0A3C#dVF-N*FClo?D}wNg6&WG5WV?6+-V)xhU-79
zUVp>3cN}%W>&l&otTj0|$N%i;$n1FVo_pT>CEh!l?3BmAx$WlRiMooGG44as4zvuT
zn>(0!aNvWQ_!a%FT$?_vC{9FM3M_*3gQl)>6X+28JE~1wd4jn5Q0F|)=3`N7<MMZ8
za#m<Af42GfHn7a)^A?#prfK}iAxTsG*+aCB2r^EwfKHcrKhBY85D^)XhzN=GWVAXb
zT@X|Qf$KpOdxI>9wK?9#Z`AAQeZj7yD&ftEf>&EkMy21Uz0!nkOgcJ~L!@|h&2!L(
zAxWFY*~RK429Yxw@!IZ-C6sd^PI@3+agQ=@XjA_SU8mqT;3B0#&Tw-ZrY}t`o%Dzr
zy)x~8NTnbTUK79j?X)?@6S%cZ_M(YBNax;7Pw{#;STMv(6`ti4=nB5-B7KgxsSkh6
zF(Tm5-7pZYSP`#vv{1aS>U#I-Rgq8WjS8>HFSii?OP+X`cmKG{3Dqyv3_f`gwo@_h
z2&VnC$)vgr-jwGZxmV_Q#PQdTzUWz9_Zx4fX~-276Te4fU6t_VzPA}U{O#j4^=c-D
zbfH9AN@WUbFQ9W@DYSWA`nzIa(?mQvhSv3BZpyuwo1F2|4bL1kNbXq<3#07lFfS;2
zq~y9FJ^BvS(UvQ3V#}B-i0u$t%yPL&Ev|MvVTVb$?rn0W(tyBCE=Qp_{b`CzYEAfl
z73#N^D^4wd8X%fcKi`7-)sKeTMz$I@zO8@hYcJ<TvZsqyZxLq}FEVAVO78}C@+v&S
z@`YWyL>PvyPCD_YG?%$R)p58QA;}Z$Hey1gr~BL6tA%>YY*M<Vu7#SEUSTK50i=?X
z(gw_4U8R+}@YVs7*2FSjxj8v^8yY1VnwfLm4vM%`UgjfJT$(Gm7J3Cf1kLN@SG1yf
zv!Oii?w|MB8JF`Vbs~OCBczNmuDp^em<+;HQhrMFJ(U+}Q}OCIePsj=_;XX2sJ8LY
zFoxfS<8eIQEuK%im&uaJmRdx{?ylt0kQiZ4=-cWOX-+m8>Ns!av$SY`l-66XVZ9jz
zC8{8dDcHaPf~;6NijkcTUsP)3FE<TctTLK}xp4+$R2ek$6r$EVE2cS+&Xx;`ZyZW%
z7{E1vhIao#i!Zd=tBlT&vzx+8a#U^`<tX1kRFXe^mJorLmrcVKU68`3v0=1Ty+86T
zgDZK&tGkLrI0?T<PvKy8bh$rfB1m5FPcb-L^Vu;bjbyKYt(ZTe4b(aQkcCPQ>G3Yv
zeK~D5S8I4WKZR}v?xx%fLmD)+4ox0%++3?07PllH1zG<>>XFxy{~-G=x5j(d7C!p{
z3R*qz=nh<J1Yqx?2o{F4IEC=BO008Pe`9M3-(Mr~6E<{_(=}z?)@w1{GQ8r@y)tNb
zVibsv3xe{F(GN0@u_goa^pR75Y8&h`Mr0-~BQjIl_4`AP$QV@A8iI4rI1pc)uXM$k
zTRSG($%k`Czhp<g@;?W?*{2@lO~3@a{##sZok%uTHnQMCZKd_FXOc|2^760gg}>E@
zY+rv{I39*50!GHX&vDJ{LLHM)d#B+<LbN4ObqxbnYxXYlj+Ck-rrvDZq51D_?8iQo
zdugO`SAAXEod>Ns27iG^LsewPwy9w|=2IXkcZdb#;t)l~4Lp$>_>1)1urwjQ8mDdl
zD5>a^m3MqxV@BbeE{$f%K9gBO%GOYhJ56uW(x6lAW-RctD&b4^*sRoZU3KRa+BpC1
z2}tCz`g%Hqc+_#q>uZSz7l0pSdWn#;e>`pXY$g4*4z(F=!(ZgGj4N6J6|<{Z@X%s6
z`$JBCiNp~fpY>z7B&1ncettzN0DfJ@k23q~7Jfxlt15BVw!Id^--bxhvJ|O%Ddpu^
zH3o8`MVIkdZM;(}`_)nhtyS*Pcga1jZMnyl%sujE3s)krwg*d?W@qxYL>^JHeDTIh
z{Iei1O{4?|3f>rTLCJOYiv0KZVR5NfriU8lY_P0YqV<QbKVozeV_UUb=l5vDkMVTF
z%@uLF3t?mJ)9AEH9MZB{OUrB;O*2qx_&zR4;HZKgSgd2(zOiHM=m*4KHcH<a>TH&%
zfs1+$H+b}JEK6;qoQ@4$vw{%m#Gmp|0RKX;*dfI%BDYNuuc!Z;9{A-w*d{-fMj{@3
zy<@B>T@WRD&pozn+qP}nwyk??+qP}nwr$(*d^7VVlT6<0tfbPNs?<*Z=-t^>wU)ho
zd2Sq9N%{?{|0Jz^A<L8<ln0bH#VHt3{XL9y{+n{}?P4N2j~JO|ux;VlFifNsYs|vk
zDKCA{Kpb@i1g~EK`!+ZU8P-w&)oU3|t6stA;p~&1ps94i2ltL<B5VRGWDqN<9nM21
zgtM)`nos6NDpMlqy7+?mcpa`W_lbn%Jmx_oDy*8>A*AobcKjupW_;xul~Ai^0svmG
z8_`e_mcX2wAE4mF!Fh6Iju|N^iocpT(t&6A9SFpP8#?X}d=M?dfSt-Ao<!op5Yxab
z&Gq4^VPohYulUy_<(Dyj=n8Ko*c0db*<#>Xew3U*MqCK|UM)Vgk){;XRdOafHPYs`
zGA}+O-#4h)rfDi_Mh<(Q&gG(%IS9>X&oy*=qn}ER#oirWkN-MyyHyCaln`>WT+jWo
z1rV+aOi}YaO0125t*H~rb##5`<3_RHGz6Fw%xBe>i%Z$}hTEbFq1fWIL@0a2C-e0k
zR&R^~PKlLK89_g4P}JHZjZ|dub^!vUNxq9Y>&Tv)y}BzU&!o^*3?2>1Wpo#dRZZdB
z6iwkr>w~IHMiIhO`a+T3BR-MYafMMxO!#k}j}3mw5Q76*$o%`+Y^wwa0Q!UCEnh&#
zJnmH;I@4MTh*`8;#^17TJgp*9PJtK+$97rO4$}hU18jsT1tV0hj24cuWEO5ZZk@bD
z00cQ)p+%7@Iky1;w*e{aj;2uxU>X^{B&=s|?n;{Zr4f@?Y*jm2z`ZP<<fRLFEJ^78
zZG<yEZ{}OA2;P?#1$+001~%dyeUdiOJeF#N;0}&kMRSk|{nizCcvdD$p?A0oK%AYi
zzz~F0Z-$=TUT-X=)=qSRcp<^vUKjH4G~v=!HFIDU<im${E>Jr^WR9`9LIC6TtT2zd
zIUdG_Nsm;AGo^$<9g)avnUBrJ$bHN4@CXHgtCAd_cTXJ3Gr;iqJJGk<J{Y-@F@cU$
z=#MXbLXPubLvE!n^BeSLRz0Zl6fwfTSI7nQ>xdOLfw{9V?j<_%>=CwRM_GvzdG^CS
z9>qqS-QGFM3zk_|t?=^>+0wj!;6ol-kbu(y)@If!loA<aFwjelb!c-PJ}eMJ)FjhR
z5<C5hSJJ6hpR7<e3-jXd*KNdsRAt=T-%I6%L52n?1vpD(oYz^#FvXK;!vfRkcpjd9
zfASKNrKA6#f3A~qLVfNXW6+2-`diCOP#jZ#9j0&0C?i;hu+*vZ_Z9#0>PhgPBpwNt
z3X(K09#L@wb$+*MJ@f-0+0f!FNllc{OSvV40SW&KLl#>kl&+$7n2|p)ks529(Po9b
zD*~k$T{5x$HA(g>e1>6NGCa;wk~Hv<+*Qw1g*(m@``y*NRH8cEf}NeMf2Pl>&*QiO
z4?nKKXRP!R9?wh2$C~%K^J+UR67S8@(SER;^&S7p(d>Ai?I$FW0b2?+;)@-SxC#lu
zR`~F#S#ZlqETi7Hoz_C@Z;Q;Aqc!znQlFe5dqI58{Q3Ekucl7+`to3Z;ic96si+H7
zIC--ydfH6bk+=S%dD8}xkc#0st(!TFak(T6dT{@hE(QaUK|Y;A$%?&$`Z8}LemTJE
za7uDi(~f)$UG36wnEC)M#7+gKIvAjrNYR?oC{hvl$3GoEalQrI@*Okh+>`Z|NK7Gr
zcO|~fB$2e~Ah$8ZNuCfFa2mdWttfaF=MZ1X1f0C2S2PcUw<DihH9rqitI%kJl)d~N
z8St6xG|yPi7gW;--Rji0d8Jep7&CgJT#swwaB#4moCobi!RPX}UXx;_cs{G@pj2nw
zy=e<PESrq=F8Y%)yYLFdaRAAmqqgUlu&#c&zh$&sOmy|ME(i?a>p0cWz~_~-#@QL>
zTq17&GG!%gaD){qHbAE#Ka!VD!W*0_n8Zi?J}?*@gc}s2BuvwA?#Y2l$GZ~$cysVA
zfFK8JCH#(ax>KfB9oEC(yOX1oQVlETBzo6^(UUsiHH-eFlA-C4txF#!p4x0o8)j0%
z8_=704=DTIs$Aw=!U;vx)yX$q=W1I*npO}oKh#(W$=2d{_nbgi>umWZx?DHL^b7gZ
zk5#+VCxa%isN}16L1TH~p1bpGksXGRrEx2`1KFj)2~=8k@-z)QeV1|QxNh1}t8Jx>
zsow71q8wcvSEouP^gLEZmhhx9<TVou#mNsO(<psINj$2TF%ym&y*Y|$$#s+_IZ<)s
z1Cfd&{XUi<pZ!<BX3(h7Gu;HCM1hP#OBAWV`{%<ZXVAR9W8LbMl!(cAk4#mc9TZa;
zmA84>6)D+~mmq|V)DLiAwKNA{1C)#P5}RVld(!|#Iv`he4xUgV0_>g@Y50_uu`DUL
zBLy1^O9QIF#N`L2pfDq*J^e?@MXrWN#;9CiDUL6s|0%;wK%9@`8}IMFAM|halpdYT
zug@Qs^TWT&P+H2&bjoJ1>4PZBB;mcI)F!UM)dTB#a??+q+Ep*x1H0T+DPDgwEWAiS
z2xY2TS^Uem;IDIn!LayGcII7=3<4OVY+r%5OHY`pX3Ju_i%vm@Y@3zs-faLkP+FNd
zeBN0O>?d=_Yj<Ippn>{*%hKBw3D*N%4?H7^ncJvQQ1|ih3(?AwRE?Db_T28%6DE*8
zM-7Fa-G>_+$walSmI(^x8h!URP*ZINK~rWG)|@XSAl5TBg`->njqfIxg*kHneO&bR
z(;WvMK=em%#I1RCFq%AH!RcnN#E#bu30a)LZVzBjWyrycdNN}Y2lbFF>{CNIkz_Cq
zaW64xt79|xHCjs}(9g-p*RallV6kY{aS-Y5dcp6ZGZZU2-swQHhDq{x-|kU~RfuQ$
zv0lmssUPmoKuD=&DQ?{Wn$DhzA*gaqx-^1H)Yo}uYsTM$)K&(kAY6-QVZiC4ldCFW
zjRJ8ySYSGMtHPUC>OerW?re<jC$oTw8{2OKknb73ecm{RI*VEFnll-eU#j|jq_kWH
zpCk?KfZ#z3HTAGIpbD;$A6={LRlZk6be8+GRKvRrxx^mPuT#iD=6=5UQ{5=h%pFk|
zmpYFmJ-H0?FN(j&oT=CzJX?Iqgv@@F&aoQ8MMEurmVyGRshb%pe1hihnjy*;5N`T(
z!EAqGA~{e{nlgWjUWCh)kG-w)HCgFmO%LuLMzo1X4h!$YvdJ|?H?V1Txl3?+23gum
ziGA5-_3p$mNNf*uGj<oM0^?=QJMKxNLMMz(+m`*dqNy*L{c8pUTBmJH(mhD4qM=Bw
z*CHGh=C7;>lGcQU>`WeopS|)ys3B4K&OAkXHc9;^Ya6kd;Wl)pP$24;P&h2iP@D>8
zfYlTCL835p&KdmFSR-->l=@^5(RdfO$f_mFqwJ<vB^;r5a91k06zG=Wgu`0r0)T1^
zKEhGhPX5#wy$r(U#EqeC6isocp8b{`+e9bfgSOt=?2|`XJ7x9ms{3ofbNi{3+{frT
zR}rYIB8@waQ`_<$T0>!CJ1$T4qPG<<3Z7-^-qkbD3D${ii5a2N(G}A=rJ9YX^Jk^;
z)x-IUQ<9Z|X@9TcjTZSSoXrQ$4>TDfaNGFo$WtU2IJ{ZZ7pOEo-z-HhKeI>8g-D_Y
z$2lBMIMYR}JA`yr63bd!{6tK6A9ydZ>p)ECAiQSNAosSxqiBybUpuV#2Z0YKQD|fA
z0HY&wT;^)Hfo9E=5Afs}zEfA%@zKFF>Al_`j~080+Krxi#~O-=aK4?Re%=i<xz-UT
zAR~z=dPJ||NX##BD8sB1C(9#?m|I1xxh<32np(;aDJWognz5rrdqfEXI;I&V+L2!3
zS3dn{9RV)E!T75~?7E9a%qCz9X5gkt3U33Hfo|gYu)DT1=TD{%-Vu}6eWge)$1lQ-
zg~=+7P<G}_?mFdZ?ZRvg#+K1u@8Z(^(0*Gc*y<apw9MInr+QU|i<nFHPFehO1fBzt
zcij^JRZ1<(QiL9G&{XZnv)0%>13p>Z!c}1U$R~2Ib&Npr%C=$jbZUV1(NiJO%gWNt
zF=r2lS*6M}1#d(G-b)@+t&I6ex)?S>3)0PmstZ7sEfiS`Sja0h;uH_m;__1B%^Njn
z)rV%Gy&YuHAa5OdHVxmz%MZD6`v;{PWzm&<KzHo_HA{CSDU0<}g)!*GEEEe!`jbTl
z>v2k8Hm1T3q(`Hpa-xCCOF~cU03;2{Tg4mkS{qC(o6nyVpMw5n-T3E`2{*~=WEuyR
z>f!Cjc)!?Cypk1<JHY3T8Ti5Oh315($kyZKZo)vP8RdE4J1Vl+Uv#2K*?7Q1T;YJQ
ze^N#g2=BvS(WDAtIx`x)H$!;;egG7u`3jcA4}`(piZS2Aohf3+^I)d4Ct(x-hFi_Q
zWIvaSv5FADLkf~mCJO_0RA8vb!|~ceS0M)tUf?zAMYZTi--ZoQALi#Pjl`h%R5KNm
z4DGm^T+VhTK3uR(Xv|O~r-p82Z{>0R;u=U`ZO~xtEZ3c`0`j&9T7|3t<vr!U5XQsg
zUGv(T0yi+V0cHx+u=bO=v%kWz#p^FIFvadAi9fq1XAdcb3g|~3nA$mfRzI5;z+U-i
zRD1exijK<se6Bg7lR`}rk?!V)f_tI-kMd86l#RJdd6@R<N4H?7F|cQh#e1I@?k~?B
zxdo#GNw+evJZpfCmF33f3BmUv_fNVX?-}&&YP?&kf2ww9T#%r9<fJ_eA3b4ZMHC*j
zoV^ST?HoUDE^#vkG?;`~Gjghk_djE)5SJ6&JpgMD)V+kPn`;@TaBamn`(-`~w~dQi
zOiVFZY&Kxwcc_(fVV1J18<y6csT|o6WryI%2(wA)6Ubm^E@qFEOpHnuHch$7o{#P{
zZ*S;9vEG^<6580B)gs6WC{Pz~cK+MY7*dy3mK^+hjV3mvG>GH|Si-z2TzX`LHrK)%
zCVf`P3hcrJhjBC;mSzBuF1+pER`=neKT%6MGHn$ca}!*HC_b5P2p>ixVFKNA&2=3K
zbI91hOJ4$16Y`sX+1{#Swe^~!sGOH+vJ0={w{2mWKXERAeZ?oLmGqo|RgprkYFN%P
zhUSVqDmu~u5?#OPQNg6o`H@+-v<S!X-D1W>BWBZ~2|rs6;9vi}<lef|P2_PK)zH$i
zDo)$UrB>rqa<pc`5oY5}#^>u{d__o$)`hyWUtLVp$cQ{W472x4v}HEcJam1U?*LcR
z+$3lA_~ob_UwL9@_OA-<T{ns%2GFjWI;Su^a{|feN%Mlg+{G<H_;ZBoTW*xkX*(TP
z9+|e)7~Vo#<1{@uH&k(1h?<}1vYM?VkQd3^ONJc<c2raW09A-7Fb3$j`nRFB+MEKH
z^MJ2g%O1aqn)_e4Ajxq6?L6BdRhlDs!+|b|RGdapw3d!ypu@p8kJ4)q^q1LmsH51W
zo*0J_04d86Ju-D@wBT*fA9nf3$QX!@Iu;Yy+o;6RMNvt|WBVGEhgOmd`KBp(8S~||
zZD2U|n@fyqR9}SL`?B7b*-ToGe|Y!>8c1A3J$MvL50(0b7<CQrxU!`p=wsNAMRI9c
zUxg_wen2O$=m$8n$BZv8?-9OgNbRMvE3ZNarytw@v*HLBUf3^~Z)4{4M@!{Yn^VGK
zY&p-UN$DsUQZ7H-p1s!_Z1GkW`t<93y5;EX57^1qg=>FV9>kRpU8GyWEV*zDI3V%y
z_jL7bC1gKYF>6=xg%BtS4)?CCJMGKo<dYhoFBOSHt!deXcbTf2%o#`QM`9f23yuZf
z;sk@Qobe7-Fc(IuA#1o0?oc*#NJ&iKbaY*vH7WsW#;S_5$WN_rIK@*HZp`ZY2>s;#
zhSn@zr5*B^dd)uQ$EWWjtZ}GsO(NKS)%kLdx8yampM=Kee>c%!6GB6qLoG{_T%^id
z7!_8LDlwQCEGIXiqT$kohTkFyKbqyiHV_kHmt2lec*7aroAoXj%0Gp{`Pw64$A50z
zk6;xtgYazvemz@=opuW8CyVd)NVp8WQ%PSq3!mV$X_5|4t`c;G)oFg%W#{T9?i@Z$
z1>xpf-_81zP5jH4IY+H<9wacIm%Jf(<<h^90BmRTFzXldcc0c^hJQme6MUY0t#=uc
zqCr7Pz8c=~!4nI;_{>@$vRL@9Zz|<uxexO0A*bahTUMt9+Z0@XCI~jEi^}$&>qVg$
z*r;ljj}thVvR)Gc^XcgNS8DPtODU(R+6&Rs#@_qYo8*s{9|RY^>A+E^hH!`h<g*0G
z-RCNB8&^)V&oh)Xw;#T%6~GS00ypwc#hKKDR>d)yNS6GkD}1TMM+w&=R819sUL$nA
z)zVtwnt5Zap96Frh48CDSVha;Up=hrl#H_+vw`t+YrrkQtZl_2QWrRN-b9Xtcu^4I
z7Z$HRAr7G@1u?_7CF=x*OgqO(r+pNq*1vX$xr03%7Op2Iw1DLvWfuewKGU|1_swOp
zWvoM~yUkv*A$LtFXs)1!R?*wyu*2VnJAK?|Psm>h*AdU+&Sg>U++OcEaH~(E_m4x1
zk01JuzI-{#pO6VoR0J7M%eXo(!7-{5dsKh%nvTnTs3j0v-+pz)s#RH0&nEdQ#=DlM
zp>I~XLZ19Cc#Ce(#~zCZTYP4hFD_EwVkMF-J1X<grf-SaB+^ZLm2Q|>_4dap^xY>Q
zk*QH<I7i>Ek14mpza%e_3icU7Et3J7tgr^<p!VGhnOqVwU1dYy2vU7Ilm4ksY?@XN
zLzOs}$!JMAm1aTmK8S{dW<x7;K3C5W=nMda2omr05tIqO!^E$qLe3pBCnmp}T-TEd
z-EQTsTGX4Q^#-?fshC=6Pc0@}o44PvU5+90r*&8!Y}II~bu1?D3^g<M1Dzk;pye1)
z<;Fj;AVj?*s!ru-$*8p!#yb|6kDYz9s9^*g>3uhQOR*d<XG%x@yU6v@leJ_Y5?L#6
zHli&@+s8I44*D)La?S)S8V~7llpuU_Bm@RpUUyI&7p8%WIzPsWH=dy@QBgjy|0{k-
zk+)3RIRk3Pac)*8?1`fl2srS*k`SS)_3;QqO3sQL95S*O&<KBawz`_lL9y~FKF;hL
zivHF<jT>lkk+E?}ok8W^Aokt4=@jC--m<la-i|EVav51g?R-FWzHQu}?99Ms*hiMC
zU``KhgCLM{Yv-NSx5Q4naP+{>EZwmma`R+X0rrU`Tl=L%Sx<<s{Tls+EU*}LzWMcp
zFR#IMlL~5^xTH;iShN;z@`e5^dr;ztmT^(~{y1l}zZqCO#!0vaKh$WS$jlZCNt2^!
zsc5wSj6QR9-~6hvhKh{c+S=P19-#?W^kcFrv@y)jLPB+xC!UqW5BsEw4#meQvI+2V
zn?UUa(grGBF>zB)?)K)m<O*d#9SoYotyL5E^GM?I@hh<F3(vz%zKawNQ`w#ZA0d{^
zmtcYoQS-uSMCBT$g(-iFHbRkWWHghZSVz7SQVAb@2I|(bwvvGe9GacFRS1WTYxDx3
zlP8M_L9+#x?HjEMA3d*Umb%m-$Wp`BkX?mo_wiG6+@64DZoQ;#gL*tM8C-3;7Ejh8
zOw!RL`wvNkCRRW%0Lg}^P!Fy!t>M~P0%fmefAUYkJ-RK>Lo6Oy28oT_OS#{lBPR7V
zi#Jv>Hm1$@`hUl$Dr%i!$r-UtEb|!FA@;<g=MqD_{0CPHyw>%;mFt+DJTrP<lJLCq
zqdG&k&0g?PIQA=h5^vA<w>{&3f(6bddkKsLmuX|)h~|xQmsRzoUjGtEFt}R)RDt{m
zsn|%i+*|rpd`C=_{|q#r*Fduz+A%?lu@PC&lDr#=;i%D`>v*ts4`2;H*b#hU3DZ{G
zP64~8zKL22j&BAZxJ3Y>C_pv*0F%114<oxDXjhf-MNv*-XzDQ>e@CAn65`_u@q7_c
zNJJ!635~Q78YyrK3@3w6*HG~G&!&*vJDd_A&cClbxyNAYO*yq~k*xPI65{%Yxk;@I
zQw?q&(}+8|vk0{92%^WEj&>TCr7p<7`j_|rfZ2aN#a8x~S#K{7@2V7(ASte0<k1F4
zg4nN%zsBeCh%LlXVGd_preI=t!Q|5<BNEMI-j8U!d7$9b_SA`i?W9O)NY`Vl$oWdg
zXjq#a`}dsk8G~suZpIS6ZU_JP98k{>Y)eo=PVU~8p`^kEeDc&Mr}2AmRExgS+V)D{
zW}r<YjB>T?(Vo$%5mrQMr*F~-p-^qsTXLa-syd(`BLKdP&W=BhfJiUW*UXtPZesU{
zB)-57p2AcEYGZk?!U*>kc*C(X;dYTh^M#o0ePV->0Y}rKbb{!F1on|Lm(~nQ7w3LW
zB0WleQWETOR{nYSe=?eQ0t;V1G+|yaYdG%jT6&E+84D}MwX^l#*?&Y;evlzc;=e4E
z^wzr?J~kTVPDFaYhZ+RdL5)11SXW<~P=KcH7JWOV9}NPZ%pF{I=&{z>HM|0rsSDXR
zT+X1QUrK4*6tP&H=xgp;?+6HiwXOFqS?bUl!X75O{`c2!Vt2BKRpA&z%D;?(rpO9+
zdOcTt@%{~Xx}E7fep>G#<*D-tKTuNYQ4|w8H`m3z?uGyNyow^6G6ZS_E#z+e=1A9X
zl<vb!oOV$l+3V9A^&*Yp?dq#qLuqee0RTO}o~YICk0YkopwF{KE&e~J2pupMwXfo)
zefMoV%ic=_i~e2zy5edP;!?eaZxrhiP3Ga%U_5g$9T`IngN~5Gt4Fd@Z}u2SF}uK2
z$4|U5lQ1M>hQJIJ1mq_nqb%V_`iNKhQ*N((#+<wc>%?YD457Ql+%$A-FHp_78*;Ct
z4@1^7kmb<=7kxSmE3V)W!N{IO#ELxk<b|H~SXu0U`|C)(`;gafpRDK;hSS`)!35f)
zPO5oKTk#336!uCwiJIhq06%ibn4s@BayPMAtT{RAL9+E~+I|;*6b7-W$^#e)j}PW5
z@+7f+4J!^vNdzW=Al=s|?l15Sxhf9#IzMqIO-1)Hc_UZB512P==SGdHO#^m}!Bwr=
zwj!WWJh&VD_<@(^=Zk?7w2JOMx%wq>exxBtN(u<jlnU9qAWeHQ!W&rX_tu6z269#a
z^AGBAXws525A8NwWw;Ngw}tFfXw*M>8Vie@&k~i0#u+;`)BP4%_17DZA12?)H$QZd
zBGizAn}bDz-I%{Q-TBoP{e-#I5Q2sISHn{4gj}@Qft?eTH1HD5{`mIIQ`~+I;cpgM
zUh)-+{!W10j$$_%b@U4$(GgW^lZ4>LQ%|X-)7vF~nYnD-a!VWL&ebZ6EG7bF2+ZJl
z|JD>ICZaAKbNL{L5EbuU7|m*23_>}J>@|00%!Lg8(5makIKZM3<y~#m8@$3)Jgo$_
zfX45N^AWe?MxivrRor#7&ug5UQ0wdCYelbZX*-F~#;vSb)*-j9i*f#&0vV49h?`%f
z?gssFg~!RxCzQUDQZy(yfZDVnB-wW%=mu7OxPk3!*|oWQ;h)_rFZ8pwoO;=V>2Tnl
z%gVvAUllmmY8pALdP)_t%3ovB%=`0d22-iPwuHWo&E4dB=Ge&t0vn`rVI_X*rs{WX
zEE5wV_61?=+CMTP_=xd<73DPgskX>o&4HN+mbwM{>MEjTD_%TdUJyC;P~M^<*NXYT
z6{m-g;?uH+^$pSz<*LtH)Ghmb8fje+uu(;t#yQ#n(+c1Wjed+(AA6Sb`0yuVbDe4&
zrQ--+qyB0Ui6Ux)srK;H!R4_?YD4Mhxv2(O*^R7VN}OKdyo`U1y^gEC=49hiFEqrd
zfICqPN_2HPrriG|<Szj(8-bu9-3>;(eh_bk1ZB_fXJ$@=j}EOXG{G2YfX2-t=ugsZ
znpA^){YNm;)c#RWsiak6S9(c-aVu<!eZg6waI+^6vYi9jrfD|DebCS=@?D>(qwp+W
zGppi~g=lhRx{*uRG30C6w1hKY)Y~@iH&bKIdb3b)tl6f>o`**SsuxmawwV_}E<v|*
z#vnV$Qx2V`^WEWv>;ig)`6kw`=1pWL4Cz&th${jhXnqOlH@NU!1OMO96R;Q)F4YQ%
ze~?o+0J*ep%k0^TPs~M`V%3X@)|Nd#c9~8OtJNyg9tA&mRqThQOk;FN?SH$QD0d6p
zI3~S3(ONZP?Ps2!OLuEz9dF*i!fUfp?BNgUd$XZOh74zgYu%nP5TB{js^{c&?3tyN
zax~YTt*p_NPuJjsDQ^qeA;czHN}DJfUpSgaZ~X_+PHrK&vGuxWidui$1rV@0vCpBd
z7AS!g=4!|AiZ~?MWn*S$xM+cD;>gDhcA31q!{%58bf>WD&$zWdPl?rQh*1eNm`PhE
zBm9Q&50N&VKyt8+gQ=wi3Nlm47bpb*VZw9)udn4@Raux5ikc(|AfNc#zR;DTlbX9}
zTkL&Hy)>&)1Zwx6xX=sX|LTGHOeYi@?A=+jN%tVq#`%7^)oo@!(om-wXqRp<3FM=G
z+w9Vb<f`dJcU2pp0A8TF7mEt`f(aCky2k0i{#E?p=o64)Pbo+a7&A6bg}xV?EpRWL
zr2|cPa13gZlXef4APO~?hR3i!kmuZrP;Wps!~|Q(o^B@%u@O|4sg~m5Y>XgHIz>bn
zxP{vIr$v$n7QrF$KoH*g!gR;ok^(^rkjDaA9=^*vZ=$oJEo38UmfD+=Oe7iEReQG^
z&p#(hNQrCfqPSnvQZ+{9oDz1(vrOdbT7!l9ptwL3IoHvAzN5n`eFMFiA<ZK0!6B4Y
z4{U_I6FcDIlEGt&KVLVmm7w{nYF5w+PmB#I26@C-Mq)V^(n)gJMf&a(b^fm~HD{~P
z^BsT&SEbF|Hg}G`>T{cm9!7rg#<+>wTb{b2U$rTm1D_nb>4rh<pPRb5j;#bTn|m$h
z$_v{E^%oBzaeXO%>-}e(adS4|652DvN%4YKB{+^GVVWZX*GZzHG{s@ERgwe=In0uN
zw?>rohdZ}PsF1k696y1vL!le=LWvLJW|r98sdnXoGXdOWd<qF~a*O!%q?%u=V<6rT
z;0p*%fd1~z#Xz!Zjxh>Oj&=+xG>UD3b$CNii>8`qYB(*U)_4D#r){iavsOYx%LEw@
z{g%&6MenhZKnhFR?7EX}HVoXc=X%-~mfahk(`&wroYkEeD9K1=$}@(w&86$!on*XY
z;^t`W{2|iNDhv@qL}2?sXJMs>#p+;@GM}Oh>|DB#hWPDW2tho!l>#<GHr$kK*ATH<
zM|b9xiW47OewkCXCu$aQ)<kHt`5wk9t*k}CfTgWrqKG93XFCs8-r8ZO6P?bHQ>ayQ
z`V+CbasTpz4MIQN-L>=-!gPIy`Byz~*};FZqH_6>!<Di0Y$JSj0z@B}^RdL7iq@cC
zYgE*`1OfFPB(XiCY?5c2Qitj6-`evarP+FEY;iP3s;_>RA}_dEtK7|#O*m0gEn(_9
zC5yv5KwX_}@7jtA>e^hzfpe%34~Q94!FqV`{CfK|l}xXUx4|am>C@t+HFRaNmlX?6
zMIS=pGn)k&QHd`t$9x_%v?nx!8GJO7k|D3d{o-V$6yH79)g;4lm(?$q!EkT}A&}vr
zc!Wp24!K7Z8`dB7QY{-<caM{e3(rK7KxI#&Z5<w;NfaHt$yg3*g?1a-1dUoM6JcU}
zp@D1!&wmWqg(`ut*y0fP|A-bMlYamF{E~s!Y*)a##=u3^+qZ1Y(5QBK-2B{qlyVuz
zDcw7XfDn!SK#nXC<WpW-2+5mF|1J5bWJ(KLbxd#A0+x7irtuKH#8aLRO2E^0YCWpX
zJ5_OtsU_P<@ZhOl<ERPIf1;MJo?8h5GD+^!mJU#3Edf#}7(EgRQW2)FRjUb3nG}i)
zI~uoI7lj|<Nn0LXcUT+UxP?e5@k$YEh$b?(>$9dVhA4pn?YxL4VmgKkfNLQ)@L*X9
z<C&<kV6h{*Y=ZI#QO%Ej)RI!o(Ag1O|G_|+30D0~pQPfZFjy>djLjFfUk@E}eg>BQ
z_XT|+>qFJ*cCr*7&r`{it2prOlM=;!dke&8L?P&8aW(S<5>nbd-k?+tHsR9eWr+rB
zf+f`Hy+1LR)uJdxM2Bm4MDed;Us6~&KieTqa2zJ)Sm+L?#wkVrUl81&OaK`xQWiCJ
zH%#`t!P96?m7c@$K~g^Ko#JAV*V|a<a-rwhSZCPDexmbJs!8~2H7)QQ!5*BUS*=l%
zWyHN#bxZNhCckB`y&5e%y^HGt4q3S{93(6*W?Y(uFv)1yC|=gw;7cv2u%^WK{PNYY
z6O3|!%BR6yTPzX6^IOX}SEYhROEk!p0K9oeqe<kOPOwhkr~$pXV^d?anB>LmMVwd)
zd;78{k>{!&78opmp?2C-wlVaDP`)jxr~MJPmXW=Q<pt6m%n)igsZdhzpr(S(-9_`^
zLK!k229Xy3Jecc~6I%eAl-Z)OeqyQpnnIqKU0D`|-)=GgXd#sOg9Ha95*&f?22aB<
zpQuD8u?cPtTI?*YAQyL-A_Wx>8(eVsP8c%fEkJ(G0X%#Y@CS(?q}^6YZ;XyeLUF1y
zW4|TSPEWCE5)wzO2izogO@LFr;7ldGQu|N-Vd>JgLsQ?s7(*qs5l2Vr#+3tgHZ+ii
zXFHYxh#b3XJLuEoVlP<Zcq(B8K4#;wwK2p@7i5g=vQ)*D2=+9A1**v<x($!9*28J{
zh<N+t%2-YB_OvQMgY8p;2jV=YbO3hm9V~blB{aV#Lx%=5LMf+VGkBai1zn&+AQ=lo
zvndeqF>*meH-kUt*Nz%xYsZU4Lz)YkTRBiyAb&kQ>bILP|B%qnh!3EZwDaiN5Uf5D
zv_h*Yki*q@y(xHCXSFkzTXWVrXldu00y*jzcMtW>^O3cP)-mPT$_WHh#^tq|QLI?*
zVvLB_I&$#Ca@wd@V!!ic(CP>y{C$|KrUvTh-a6Wh(xRs+c}M%^#Z}N`VhH)wOJ98F
zO0!PGeNjx_44oGp-LXK2cUdiXjvbYlr>*XD?GNY`wnj{4k3Y^AMKri4)cDn2nPUpL
z1Fl0VU#LGm$(q!WVOI=%vY+ZUUe?xYC~G4>HlLqTpcYu#CqRnHyh6J5S5r!5F|9=p
z(Zvl0?L)6G4Pb7F@han66o>__hM;~_G8h%a__uPVr4W^2%a0}j1>~PM65UqKPf%|U
zNkyr2Wr!!K^eiM+ed{_Wa~<iHn{#!FH~*J4f&Wlx;{>y{V1<6;1z|wd%19WfCxv;A
zK-_{*@1L@LhUwW_{HkntSAo!LVhd$aN<K*jvVQ$qmP!unItzA~HOqw)tqcMV6F*d(
z_3LWC5H+Lat_jVcX<N~+P7(#;(B18}#E~-iW?RJLApHh@r+I6p=W93iqWo31TVW-X
z{C8>MZ(ZF4D<3I6L5HXzER<l4xkQC@BQl2jbthW6YYsc)S5>3ddwtoST9`OFyqs2-
z{_d!F<Xg3}<f=8bGqYD)QgY=Cz8&HP?~kXK1o6`}@h{~o;BjB8r@oD64pgW$Sw!wx
zn7#0Ld*Ou%$q-r<>A4wqU5_gyVEB)*zP8rvL43-BZOhAEgU$Byo$Ln=^4|;rC7y4>
z^!mztHi-+lhiDfn#fi6yHGxjqsD*d?JR)}KE)~nzMtApDEPu%XNnZi1pM8w5r;<^K
z!7OJi1p3aH_%Lr@nSj>kbPj#Xx;et`WS2guvY~T&u6IVQ`4mi$X!+3D*n6F6MJY2(
z`hxX)sinsHaCBu<MStY$aYmIRt{};_Ucwc#AC5g9Xw0T`<8(M;ZOv`^WOq>z8JUbe
znLG4Nix4!v{C!guINbqd1H^s?Ng9OvCM?cT@Y4(8fR(3eHqTEL2-(=#hKQI{eDQK}
zgj%qyC#s<oiGH2l$`+%DY77OD!pw&>^Pz>aLuwMr$f!mOPmmOSUwZd$u&*+o;e_~8
z;l|kudKs03wdjro&{gN)n>k%u5o3aM4x3}}F_M*|zLe+AP}%0BFKT_}z^?2&wWxBs
z(K@GV4r=hvFl%|F=VVP~z13Tt2DAum_>SDTF=cwjHmccczZVh*K!{TR0hBwe<cF?x
z>Z`BCf29Bb@W_Q(rgUk*GSy&y%H}9TT<~3-CcAUTOG+0m9VQD*!$@?DbT=6f-wsVo
z9;C+w%FTvH3g@KS_GtsU>MQp?0hT?Z7v0k9V{vH4J$_UqwN%BWw)fejk9S!dnC@tS
zl^d&d?&Lew%i8PNlLq~LhuW`U&BEhBssfmAt7z7$Wa}h7EeL4jYOxyg%nK1H3Wk`|
z!{|xNyDV}N=g$77F<)UV>RS4Jn{I(kK7T3#^6ny0z3BUBJ?sXm9!BvtRPJa1&C3ZG
z*fSbuRKmI26iUxJ&T}y!mDK2E?}AnhiRUr4{~*i)x#P^&h%L+LiQp*Wlarzfp{flQ
zizBBBD5(s7fp-aL$#~*NoU<!1((JJd>17bHZbfX*k?roMkQY|U3$e!x$8s^O#3^?q
z3|)!<H7|3EZIsuO`UUNI&)I8@>zX8{;T;o`(XrQmb!I8}Y>ztcrf>g6SC(UH1u?%w
z7aFzV-*4Kdn&x{M)O=N~6cP+;H?_AKpG7r{5QoCKi83Sa!MaZ`y_TfieIX{;{1YLW
ztrR*_p|zrrbP<Wk@;iVf(3<T3j@um6v37JeC?MPp!v3j?{cVomLuE-_8T|I-wNX&0
zl<S7O!u>R(m-0BYHg9$segR+6e6cN%X35v&U(uyiAb-#kux=uSd|-ypBU<(Y`kvxw
zQ5#7UjNeyN1f{3qr!E(%=V)&z@5t|9oa_BN_ufxsxep1}qje3rprmeFP2OXY$(C`>
z-AWGz7pSa5L;{3mph|`Yxd#O0z3lWdH>U3|SgA>%BS0N{83c1jSA7_8z|kU08p#AM
zaa%l9=gE%ImR5yx(;X}zn9Kz+F}CXn-x4{pfjz^?AJe+HxRGN1Ip-y<buMp%a0Is$
z$WMyc?w3Mw1`ro?_J`Gaf3(J11RHpZ2<2P7*+M<cI^r-1HhJaS2=D3s1Av03N_cY;
zVBW1oKT72FZ!K`p7p-UhGFU*LO7k{{Rc61_NSK-BR^$2%s+~e`QR+aKk5Lh?+{z%I
zf6{5HQ;v?n8U8vk7I)gdar2%$Z4HEL`eI{;_6Lh!H#5UfWu_WKZ!>u3=xAxVp`?)A
zV$7t2IlWP#mM5kSxnKCOXN~6;{h@*?(gcDGc*KU?@UqV$XSWd~Q{_Dp;s_%I@3Y0F
zBDX!h+fX#4W_F)@evs#??E0()GS&i6{(;bwo?9Q1O7U9sNJ+2JAwOQX01~bz3By+I
zre0sPiWv#1!?m!Jl&~-@md@1I+bdUOP|XdW61Yj^5<xCY<S;)RBe5=2vMd|$J4)bS
zJO$nvu^J@|oAP7=ZeJ7sn`U%OQ%RJ4^wBl`mbG7zIa2Q~f}j;d7$@D+-jvflhNTTg
zfnYS^JV&z-Aafh0sj3nKlgK2ot!o=U66M2Z6nU8I;Z#UDHp`&XA~}A%_wLhs)ujc(
z#%#K52(4FJSs5cGg~>$PmCKP*hrCp7DiX7GIK3te*8bEeZeXnaK>`(qA!&^yL*3#d
zAsQC<Mq%EJ>Zow8ybswwk}dG(m}0-ks{)Mlu33Kj^)f+K6_FZE$tBe4l0~dENQsL}
zW(NCpwtz5AEa>FJcYUZs&lAqjl*eiPcIiDa|29_jY5i?<=ez@L$r|3#f?lG-&;5OZ
zjgZRT@S|JrTN&jDg&YFxn*_UxD){ar?FhRU-QWvbr~%+Ti~xkBzVrxI{}d&a+tPKq
ztw{r0{b!}`DJWD3R4S@h`$6Q1<+K^FmXZ<&J^nn0u76#kyES5^U_|Lbq?ca^GqvMT
zT9;BaOF}`_=vAbB@&2)sy9DS7^dLnB=%hle3p(}@X_a`MXhJ4CxGlH5X+y0YDW|^i
zir&uiY2g}fRbp>}L@Z^a)T+)#y%`}B{j}EBKasB|wret@-Ch#;+eE1D>uhur<t90N
z_9-`E(@>TWZ&tjcnA##T6)pr)qfsro6Mu;6dPO3Mx*e#uOx*wCqK{6hsxQ-rmjcj0
z{SC$cNE`A>oDx1lf@}7}QT+Oza87N<^k`l%eT5#It~OpQr^8gKlzLq`h-b5lhc9FL
z=W1Z_vVZAP#`co>51A^N$P!pw9*5Y^oXtGeG^T<ON2q{fH)s)BXz?<X%atM;+y^NE
z$7fJklxq?H%1}*r=IQJx>c|NKJx@5Swn#7tsZc2b$U<ndL|6IUf7n%7oZ7(F;FtcO
z+f=@S1t5w7Z|F*{^*!{H`5C6ni@YsQnDr1veNR6s&-*$?H#S}orehGJQ=$mO(jcM8
zH=QL(Omf@_1X4)#15)7>x_FBf^@7YOC-Ah>`_<3bz3(yDN(g<m8qvwZNcfGY6fEku
zTNpSnF^M{YLYNP>O^BfchcK>+&!_2dSL636?#Pic;K2@Dl!twbO3XW{7TjQlY^yfI
zNsbwEsNye`s5^fn8cn3uIM=JdJh}lVgi@Zz^6Gqsa(GY`fd8d>g{HWito73#f*ZYl
z>;lfGNeyB6-!_s)5D-rS^uGHuHhg{q<Y-zNmsuAhz05fQ*XR9n>Ih4Rr4{Qj;Y-p~
zDGCg%#bma%0{J?xxzs*m=YWMbg5_LzToQ-BtvzTh@khWQ$gR|s{QA-Tpp`bI4*)Ii
zY@p`<_yA!zQSn)a%#LnSKRNr5k-W^oq*_EgwQh&$Qofpa6l~ej?CQ5OO=#mA1b;k?
zwc_ic*_&DX#?oqFAQMkNjC*gz{GbTvqysC#>c*T;K~anY>x&0utArJDP0LHuV5}2M
zM#7B&)Y#g}c`~;wn+cGGc^Bsx(l&@OH@Jckb*p0gIX1G&Xj*t7cc=T$;ga_`Py?Ab
zdNQPySuX10^eNZe%3Wb<IBfM4(P<}lp^DB{4P;!#b<~jt%XD&+pG_l)Ft3)v+x`5C
z4(DOdGl2c~9XhUv$!KUOQ6Hmg*oKTd7$j@L{-qRLBXVjehXG-#Nf!TkG#WAyYjNc&
zOsZLlakF)!!U%FU@68<*-h$bYPlabmbB_?-1CwBSrUQ3+c{lsM$0G4Q@!;Cn6<B>S
zRXl{PP3QTgg{0Sc72RZwVQ-(V+E>mzkl%`-!|-U<;_Y`I6?B^#?~I(OleSgYo`v>!
zt&8QZ22hBkWHlo9S=k5|9c|g8yyUMf)=~#a2QSV#yNHfUQvQQ$%@;SAY7DZxHy&Gd
zBSy@LDhtTf05x|%?%=vv6rqjC8w=zjJI7M83v$HN_8mJT0gY6g#K*ki{4%Yu3sfSa
zex^sR)z2PS?Ei<j`fo0zWMRsAYoQjMF|EiJ)-%3ZGZ-EDhhRYAk-FA6#VLra3Qqb4
z;c)tiHX$Q|PLoDR92wCwnNE*CUS|K;+|pnGq)RiNE{d?qVvF8CL||E;{W2(#SOm8p
zNyWa1lL_`mliy+vSnRl$O_Rv@l|Zf<YdFQICvOsSs#C|kT|^SrW<J2vh;8I#z0<QO
zWl&D~v?rU;RX_XY<BXT@KH^_YNdR_`gVEwfyr-~hn^Pi56hq2B11m`sLUo2)N;TX*
z|K`zvUUF{n&2ju@!6ZxcC6H#aQc>zXmCx}^WdabYgQ$)CfA@NAna=+5E)(|LCz)oi
z3ZDA=n$|<R)V+b%TqIs@<{q{>#6wjNg8<gGW$FHw_$aDGMRTDoyBzo+{J4x=yo#!J
zwM6~%3wj{pF)>rap}>tH8FFmI0*Q^;!ia28R`ds5P%#boK+!9hf9;LO{LZY&!ep1U
z%5G2F;>h!{)@@##cJ6*R+Yg{nNo2^7fjcUQ3!R#+YiF$$&-PBE_*=Ci7(3+N7lUS+
ztU<{NWQ7-q;XV(S0Z@EkT^Rmx+ATIhdDB9kZE!B%{yC(#(=-x&`#l1^$B{MEqtUS7
ziY2#tE<x?oN=OR?^U^pzz{8D5-U;TGq)vE(Psw(k@{OoWE-Vyz#Navv^f*7SwS!(N
z+O$rZ5X(INko>K6;i!HJA`+N!%~%MOY+?#S(u*EC&eb5l)Y3oALq*707&4)OFrT;J
z{_B-4dL;fr)8pK@)e@z|FN8*o8GiiXmzS#6^$ns@mU#iZSnh;?YP7>dYbkmmq-2!=
zrTv!Fz(NiD-g&W+WQcLRFV(@v@#YBndn$T!ylDnEiFZV+f$m%<VtR>Ky^lbmgArnv
zd9D+WbAR@v8>%a_YoPnu!@mv^l=FO$jQq~@DmpMmTr(%+xbDlh|Ar~)$QIz_n;D)+
z_`mBfg(iEYZsiloZ`o}HmZSEkF-><1KUT!9$`hODI?v=(Vz<)k7EjBctkLV!4Kro{
zXLU9_3z5np>9%?I6MMR@$e&9oQ1GC};YsbzySGOGQ@LQcXBRoIFrIf_)yu7iujC~9
zaiTmWQFs4KRy?z*J*xlL!>2-|i1e%g@qDtZpln+Q0&0?~Ya`5MLuCb8+;<VX+Z$1z
zNfdDVI761L7s{jYxVUi}9L>0gNXxQ87lgDyYwu1@PJ=A5Nv?^oJgiBG|3E%BSPS=j
zX8x%mP;{I8JM2dpS?&MyipAgAc&>|&20DMemn^*vA}WW6+d$V`Dg&GmuW_i{Y=0AC
ziU!IA8(_v9XzNeE4Td;?QB~~@5$dI2b>*lrDzIK<7^FdVgnv!Y4W>@CCKM5Owv4f;
z)eM?WI^zM4z+ujPwPKt1`si!(<svTNf$mW;J7SQS>wd#&$1vJi%Zcl3fNPxbAcI%N
zha#h9+!To<pq4!y+$bo$SRZMC>pnz9syrzHR7xw#tw1}(CcV7L34!;gy8W*M4v@Rp
zt@XNO^s-L9SS=ky+R|UH?{e#uB+<=r)-SuXbsYBl84>LWaT7Wr{50fYc=^!nm_Y6h
z&6R&+=UkNq9}q;q5I6u4&7mEY?p*`9J)pc-Np)be<#Ay!(Qq^aP04QW15lI(6|3<J
z2Jvr9^zXIyj5|a0>8Nk`C2XDxc5J5adQc9~5gP^#_obDwfH{e}6;D%o!jAM-3{5bP
z2)k8q1)G4GZ|SOH4|&IN_hE}(r=U$qH$9`!e;+b&>{R*xM#<ZD@cGq~>+7WIR^Zk6
zP&FkjE#Uo$g=Q;#rejcOZQYBnUwRVRi<r;lLtzJLwPiW8gbp^{Pp*Iyj#KHd>DA(_
zyYPDeZ_ZbrFbvFkg661u-`Vah(xTlHt`*#^7NQ*qu6S``*H5HcuS%T)s0PNF30uV_
zeN??8joh!x7XR1?Z)SLQiFz#^TpLmjozy8MSQT$w$ixA)5`6&6xQqNG3(njeLQ5Td
zhG4U<DB!cN%e>$wys@Ac27G2mE*H$sO~3nhx@f{rsn4CcvMbHXm9Z77PBciNSx(<P
zmq5uDpgDdsX~l=QpfO|2GOS=i==-;A3T6pJeJ6g+?0F^ji7;;h^>0_atT(Z1C=fQh
zjV~CZXz6?%%5(-DKq;<nb>w<3_FW*{WbJ2^2o)95_VyHbO{%NumvffSB~MzPa3;Gz
z21Qq`906%Fg?4HcQB)6weNbhBM2U^RE!D+-5HKLsS~(L;(u~B4Ttg>NL<XXEUZ;w!
z!2I!Q&)&E9mi)+CfGrBXsRCN9GmROeZSTaX3nn=EE1SC%-PMA^{W4Jt9|buA0KWpY
z5uDgZJrzc1IV?dQ^B;qCw@l6)p>KnFk)O1059WrG{^!TEb$me3JhqX=m6Orj%)vCF
z##+Y+<QAxvHTm$C7H&e6u!Bta3=Xa`NE-M0+B8Sz2I|#1CzdMVSpri=cbcTfr)#r=
z7GBGZ1%+&Wh-0NSMg@xmaZ9q2j_J>If1Mua6PKO#QPd}?-ceJ_g+L!7gS$d?50N>P
zh_5SsG*6<csg`EptkEh*<F>~f2cEXEU(R-+a#dmuVpYq7iKEhywbpZt3ThnS3u7ox
z1;lQA92*cF`s$F2Vg0QY7QdeCEv!DS^tIKmGJ#YleesGCv1Q+G;k}g*eWPT=oo>dK
zo3&UJjjH`#m5SAu(B`lon2;_*0-JqC;n8$Y6tc?kRU^~4<z^fHIceTH_lP4Fxo*eU
zW_!!HCI*{{tchqve8|5V#Y%ULmV-F7de8W{!H8hoqSCOmy9G3E-K2+Et+N@<Rg?K7
z+~5|_{Fv*wZrNSFSzk0$8t2;e2qTq9U1$T^gPtIvOfN$kJ<_Jg`m-(Vaq16jqNY{3
z*-vgNsV3WU1>mV3)~vibiy4MxwX0>atYpwqf!OBys{dXn=?4dpH$c?sHjt*eq-OY<
z<upHwq4s?gaLx?Ssf09&3=2l;0RTU^w8q}(>P_~iz+F_}KQr;rT}&2AzB@TXSe-4b
zcu|vyDwNq17W<Rig_E|%>58KaY^lkwbvL_Pq6`scTcsG88*XVf0UwOj{8QtpBjF8K
z<gK|7vs-~p%S4nJ4d8OeoJ@IgFy#r@wX`6=xLzn%48*AQd7reW<ih6N3RFU{!JZlM
z-r7)Glw4WyVapxIte7nzMZex8k4iH<8!7HqhY~<_)1^Y6+u^qdLhq^lR5sS4Y>wet
zdJi~^Vovr;h8(VLu5q1wy}7wI)`VAguPvIl*MzOdva~-{I2~06xpirDFYVaYk)nak
z4;F&lf@`9~crRu4xOb^j)KWI{9;D!eN8d=@hz69I)Nc%22)7B>BVS*!0WYPA<;Zi=
z(ONHZ9@d}Vh$4MA*0?ca+T^oEZ@_e;VXR!a!}V4v9`7hU1uN4VYG{3iZ}5GF@!gVl
zE&DWSRvvvXBkO9|5%}RcNxSP@`r%Z%8z2)fCO$qd9~A2xH+*&de|#{$J%fI>y^ipG
zje2-zb$-~dUUUy;uy1#E4iA38+fm}PjQTpGdl;kq3afkXewY6N`$p*bT9i4nvoy@R
zdw_d;_g@_F)k`wVw<6Df$nyP8zkmN&f8CiKhW)<c{vI9v+TwnCswwTc#=02!xw*L$
zW%-uvDeTty`P^BK`B{2-J0R!o&hyUY`BuR6{du@~_;oOCT)8;;;q>bKO#S#D4?=Li
zGw<I+)?Zy4?|9$$LO$;_A6q>LKVE%xF@JV>c@JZ(I$hosdw$|rzMXmggO+C(kMFkt
z<`4Yu+%)b_JIk&g%eQUQUC!sqf6>D;3%)<1)}JL_zv%Soe!Tn1i~0e_{XyjU{_w5J
zrvG~XX<_+(r{&#`v7I}B?fz;=%lY}`j(Yl7;@yj(J-yq9T?DW6{ieOYtGVapdQIUq
zjPd0y8A*D62VKAE@ruDtK>MM={SSW69$#KQM>w9>OV|%?8&8NaG?71VgRii!|3TJ=
z!t)c8?z?I5wdFf0%J%~Ic=%vxgcs!`=I2|R=ext}b5HQ;op*No26O#Yw)^ws@~(-P
zyW8f?>+Ytd@s1OA^)>6m>T`sB<i_%V_xL|#AUb#Ye9|`F<#Y`U`!<^#^ptk#@P1R$
z`@Y`5`ldwn^ynYpeyMqX30i;tzR?}duQ-P8w1>Bw`-2*@nTR{z0&ZVf&(8r*tDlvh
zFGSp*0$ur>l^b5;E7{MF?U%LJrJGv9Z-~#Avy_Do-fP;L^MJh_(;DrC15e)~kw5S6
zUy#XnJuimMuwQj7e7HZna*}{RNPqt4h5x_o|1@B~#@xox%Gt=6_W#=p_W$rQwY4?1
z`u}rA`@fy-9BiFz4V+E>cZ&bg;{V~!NwwsL`11$iH{`!%{l5$OUn%}~l)jBS&HuP5
zQqy<bU_to0*7aKm5wSt0u)iLNa%^MQ$hUqr5*Jk%Gv>g?%*RWE7On*{7M(im+1UUl
zlXsXmDo!&W0PEdo>45F{^X^Sw<y57Z6%jGzP)0$R9YI;8+U8+0D6p(xBwSVgsDnaD
zoZPN4@m{!t3aD*UVdbnF(SS<(y_X#Nt5$>m$%V>gB2*Mvj<eWb!2IH@o&MnCn}?%R
zEs6G^(m5^p)UL}xFmsYDhAU~NT!@lZR$<j$#;6UZPBl18Hj5zg{}A?$F``86wr*Ri
zZQHhO8>?;Gwr$(CZQHhOt=8#%zOzqqZ*upoKb871E0t7c)icLC-!W_}l<(;ttKybZ
z-qUm3rY=15slGLB({45B8jMpU2hJeXDF8n%t7?`7`yPZ^`oz5HEI(sEryRf1P^jWB
z4C3brg(A@<mQQ0azuxb|@(?`M>7||p!=Fc%!h~r0)9Q}3_~zmw@%E8BW)znP?M#GW
z=?Ba-X;H<R^cbd%TU3)@oeAmJBBX>sc4%4gTMq>RxHx^o{}6D{p>b|ksVGd6ntLA!
z85SYR$NlCyWP0y$=%W++wZPGwj!+&hgXoMk6KYs5qj>O*aEw_P@=#G{g|w_XP@P0P
z0h2Y!4+Hg5CP0-{Iadco!zOhCh(V}PGw`!x!xg4J6NQgbNTn$j7g1GBirb-3RMc%S
zj=1wrCSKB`-XAf#pNjeSy)tKX!G!k9Yjut4;e#cfe~@=|$PPUlF+&&peLE!Z!68#{
zV~`?Mkfz7s8##cDeLs99eA{J)I`}J1h_E9qMsTNx|1c_nKE#6%175gJkFEO*LO<k|
z06#|F1&K5zP0GXi<y4%e6_JULsdbq9Ey50!_-ggQC_Q3y<A8_|M_1yL6co5V7CYpG
zDnn+EKh~>{4kzm4h6K%H=ckR(1v3&JR{J%7Hm5z1-h~B@@IL3FrUjyRp&JFnIJyHn
zNRCc?wDN7~haYfMCdPlyj2`qRss+S;EOzS&%L@C=HOLJek?(t`+dq2KS{O(SW1?Uu
zw1tr1=7K<`&nN|C&yo(!ab*wR4FfLlsS!oW0B(Z{E^Tr~#+wNa1r&<$){{0&5K50t
zCV)I$BEgQ4OL%$<PeA|ci#t}I6E$vHnXQM|O=cDWZdypTqYeJXQ*h_7<OL-bbq160
z!ki{dzh2+nYk;j4Jy5B~4PiDA<hK)SZx?YC%pe1?&W;S&$n=t(0A`a_GbzOJ%HB!X
zh5UVIE&jRfbw&W2?ZxgDXo=>1do*OFfWsTXRxp_SqjLH@E<v#fhv+@h42sLo)fYzF
z9#{2b%>@2uyD52QKAT&+`rmYfPd82Sxi9&X;e6_FOBV2s{wFD(5f<q5C>Ns}GX|Ho
zN-Md;h~0TVVegv5DR)Nu&XKd~$%RY$F}aYfu(tJ*O+?O5ibmRIgW_aVcW;Kym4Kon
zUFAbcBszHmh30Wr`Qb^olKVHF12q92h1J+N4#c*7y-;pGWwZ;+>_tRH@4iFkm%e89
z^-IfmK{|$zeq6gK$tfc>qz!7c6`K}$Vu9BH8f6W#N=5b4wxBb)OtocNf%jCpU*%(2
zZf3)hicE7V;@mFsQ!0S#J^o`fqs&KMh=_b$uxOkqi^p1txOQN5kk*<Hv17eraD~w{
zvwRX-34wT-a9ci#SCVCsXcsq{Qo{rpq!j-R5a35(uFr!8%(tTD-27P3se5gvE+lrx
z#uwHuZoW=|wiCmb6I+1Fv}p^nb_Tm)W%$iEKa<>WsmVb9)vQ?8Y)}7(Da2i8_@SDY
zd(eYSNBTL?q~ShpL-QT;D5Ax*=eA2AA9?n2>b>Dv_R^K66qO3xvZ4W9aB#VCe8tVV
zEBg0A!|Le%*6`yp+X2V6psWa2!3w3c^Zu|o)iZ0x_M#z+omnrodIq9~Yp4Ks*Z{@F
z)A{?(aJM|HJZ2WK+V?k%T8-1>AD6?==(qeVPx>E7w@&Q%<s5kx5u`R755s3SaeyQ9
zf!&=j!pThubI&%pkN#S*5<a{@jmkSu8mgoLY|o(O_iog7ZG&4!hzyT9E|Zzo0`3}_
zSPUB~^uK?P=hox+bL@}ntOZii_o*fv5>IjA<o$g}jVdV>hplEtSV3<Z^rRHyZQnNr
zhGFP6??1qn9n<F}l2#lI<0m(8?CV1<?yG*PoQrIxp2|3(jum$Wyt>+}()LEbS3U|2
zy*ErKTi3jX@!w#hSr6Vha-z;}+1?g|qJ0jjfNHF#*R>N>wSD&qWqkgQQZ;WJCB%No
zq21H)Uw48SHRn_g8|>0;iO8UW%vGF8nfScg9{7;q-Znn@?5=Ob-(|qe^~CY;2+7m!
zB>S7FN!t&D%%`NCZTOS6O;IZCcJTf@JSW;uNHcl8G<EFB{b?MOb(#@5mGa;$I#ZX-
z*0JPB#27@!|2BvGtmKh3iV2Cu2xdhY?Qazr%059D4L|jgH~88ST2d@(qq=yOB??`?
zUN7udn79_Tz$l0!)LA%5grlg+B`tpC)Lrvxsfu62qL^dw56MP^@XvQKN7LSbj27y}
z#yRNPFEOy_{eHMSf7hLyCD;>)SR)g3JJ0UsX37qHW7{gb^x@pcJxg@>2+Q&&(j&3w
zW)pe&5Y1=IQ$=A(4&mc+Qm?DcI_17H>8Q~dei+`h#s?I-n_F_}rj<wehZBFWMxlg^
z7kdeyhF7TS6lg0Q_{_AV7>?8FDY5sYSwx4@a+1^YSU`0iWQw+hu%ssB<!X^mAJngn
zg`z*x4SkRlOxut|35tV+Q5|{Y&f^d*vU<;1bS=0lSW-@D&&~bpR+5c-5F-n_Sqe+C
z3Z??n<#+)P)lOGWaDF~XImc6|m-R*8nOaaCtb`|(yh3=GSnZi@pigvmK@=J%t9hWo
zR{^fF4i)2v*@~iNTBk?at!DQxCTH@-<Ha@*j+&wg>)QSV9zvfEc4~_}tW4Oi?M#!}
z!@H7tyP0~r#tGA4qYSB=jw<67=P<`*%AHDwPZ48Xy>yOM##t=RXQ<!yw-1@Ob&PJv
zIYD|@B@RNHnX%zt{g(vqc8e4IP)alUz;o7ME4BLTRv`?ZF#$9?-kF7ME4Ab6+UTuI
z5=T%Dp0{Fp!a(!4-(P`#vwy#(J|0N*h-iJA<~j#DJa(?j6lPRatOf#+T{uq7x$|Om
zTba5j`}IYXgcB1ah_UJG;Sza^{`0iO$3#zhYyLCYG22@1z~R&I8)y#!opb+kZ=X7e
zWKf5Vs$4ZmpS@7&$N<Aj-bzF5O2?0e<*gcGB?nEiZDkZz_M+fQk(5dI9;Fr?+D7E!
zGL?`sWfcla+PfqT$d*9h18}y5PaPk}=7|VG$5vT2p_~;xxi_!;&Uj7xmxC*mXIv4;
zVc)q!B4RT+Ra$7(J5<_2+<MQTCb`tVN+%6_;@2bQOwE--Q<Q8s-H4f`>^so~mpNF=
z9l~8#E$k?kK7!euXG~PQ2iT13y_lH6R{0R=+0JSW<Efi6$(uxB!JYZqz|rCxh;bXa
zT9?|>&2rN-8Ikbn8Mc;grfjHq2E4hSc>j&J|6$K%V@^baKL7v>xc@)wX=nZ)_FPui
zcHC@3@qVrCdow=7NtbNsv>r9*6q0J1R##UP;V{owucv@Yh?56N%{yx2dcWm)1<E7m
zm?^m)lzr4&1hMPA<v^2er5Z`DaV~MR?@^~VG9D^#Tk=Ssyp2jLb*5BSn55J!9#)J9
zu30hnUb>FRp~a(Y)>=L|emwQH7ZcVp@`u;Y`J=;BkRYn6$pLpZRZ%15xN<#nta{QB
z)Sx$h8X#TUS<H0gWCC-30Fj+B*3Rf$Y?7&QE?6|IWfc{qK5!<JEaAhXB%;An=UqZ{
zqtcDoaj@$#_)_z%MWdXO5EUa%MUm%QeW5V}%51xg4fjl0eINMCp5C<)#bZtkYEENw
z1S!OqOs1G$AK!iaL{9^nDd+9Tm(k@2p`5|P#9Z0uG&JpR@mYeal!-XhR74ICL>Si7
z!=HWBW>XK!)y62?))2@o2L~|zt&cEKmR1CS(HuXCG{ocX9INXlG?ARo5|@O(*;vW^
zpyQIo?dza9NFgGKb1(VFTk@2=G6RuLG~-n+zx3HU!Xe*WpM#>BC2C!}2+okG%x5R~
zM}6vERk6G;skx@OZeHMcMxO{ujk=ECfgM+r?!uE2S518&iLtO_fI|dSO+f^ur6tN9
zckcdNB`eIxiNPC7meBw7-sp++M$Fs(8#XfjEPCXY^!|8RSt}as%Pb+xZf$gP-w82y
zS6VDFXb3wL5*F`KgWZd)z&DCaAt7vDcxd%d0NP!i9x`;1U6PX!_XUjY%gt>aA&wxV
zkOC58X!RbMtF#cd(#K0Nigw7E`CNN{_Kq8OXwkLmfiMSFVtd$3FhGz2mTa-jl?j5(
zz>5hZHbFej_lx};X5fwU0=y2;L*$7RQ&z+Q1s3e%CLwEnQ=gdtZ{sH75h5kzG%#$b
zzV*uu@wwz^<)%Coe_%`?6ollk4DArZK73D^-F?;GAo1*$Z7oz}9<Fv!>h107^_N1Q
zZAj-?)??y`*-poqb9SVO>^U%>Ij$s_-H~1kj*`)%5Mj4u5bGJf>@XWV#0B>1fM-wH
zB&G<WLKn>#+cD%0=kGu`d?O+H7vM`jurKH1yjq%(qDgPXnTG=#=Mijc3A=LT-8d`=
zf{6s4JQiPA%l->QvwIEDwP6n?&DJ8#2E#zQqZ7|S#v_q7;2Ry3L6&yvZj+eTM$S9d
z=uTlx)rQaruX@ABeOmFJ<A!Q}Nwk{^?Q8FBj2i%lH+=OVE&eC;P)$tCIKx}IpD6~_
z4baICrJ2@QCDO2S;h9Q1vZ;0H_(929j(<UE^D<PCH8aL({OpNfyQEcz<q8lB6dYC0
z)ssm>SGAR&#}GZzj+}aVZQS}+%l1JdxxGuf47=?~V`*8GRrBde$YgjcC0UCccJ%no
zi;S45vWe0bV_A=|vY`$wD%-kWGyRkg?O#vY09PYd=aO}8mY7s_-~_NX&1<1S2cCp5
z8;uG_;hwy2swBX(;vGQQ{*w-)&{Xj_r3#RIxSHQJA@(SMevlF1AD#mix-<^ZJDtu#
zralV`tsV2Hx+pp`Wq{W-L#Z1}3M~zo*Ti)rDo!>}y*xgb&DdeFce~n3j%>+bne;q6
zSNyd1Pk)*|005djVnorp85c5Hijt7z03bqfXc`e1b@^QXb_T1e_yL@3f9<{I2iOGe
zwc<%dE&~Q90FBJQ?Mi7lsvb6<V~pV58T``S!N^1}$UUnOZc~tg)?*b74HORaTcYEP
z7Dy$eqBJR1V}Bl?mx00*P9gzvCQXPZ9lFz7OBs^<`}0he8qR1PqZ3`C^g>GXNy#k3
zPN1?ckA>`xhLz?&U5G&d(WW6Yv0*<uBpmOEXWVW~5;Ndk?$VC2pu+B0q`0cFxh(hU
zq`V!kehccI9DOz!IQWCk$A6aW4a4ES(UK!&_S>*6<fWPaLQ;aIFNC>Gn_?l<4olH-
zP~)CCPc%ActeUqpxNk5y$*qko3z?HutR94lrmYz~6pNgW29##B)Z;G&n@L}<mD?oS
z6lYFUG^04T%JQ9EERFvmmz&mg#i>AG_kJaGyZ?+4Suo#OO3RB%F1k*OB3HPjQ^e08
z0RJJO+Qt^KC0DNF`?LALp&zQ1`YaS`%7r?j+N^vvtxjE@?bCv!msuIm5UV-Zy?RDD
zc-g<UvCym}&z%sy{`(>^ZtKrO=$OdhvW@6{6+a%OJ>=McmNS&+ZL*~Gw3PnJVjNH6
ze_SSkNfYg0aT8LfZ?|tgPcm6>IpMJG(dgepG7B_J59owNOnZckXNbTX>_G{IQJN%6
z^F6=}>r8)Y_2dfmDRY+2dsA_#isnZy1~&S$gU4W-HI>PH$t7|Mg5*-FAz-6q<nrai
zT4r{DX?J7iA*>tGlbt4U#S7pU`u}-`G7HC&luRqv&bfM`k+fUVPr_4yWr7kusS}v#
zO|#ghOjhmGEIOU(NAbhb|5)wzdC#;(Se1swKr`EefztZ`l5xzh^e&8Yo1yKkV=?Qq
z(0ihG7K8^{mGplj^Ekbu-z<#uaup%yIxa*$lVkuq#*y7OZgU)C&UYx=4}8-2Jc}o}
zXHztR3Z=rnqf@wx0p&UKptmEJ!>k_5No?Z_6L^->ah@8R!LWcfd2siw<}E)+eeJyx
zqUjdKI3&|Q%-w*$xmmVxYFdA0ZIp1y$DsN7yf|Z$V}$L+YAp+-PUB)MRmclo$(h<}
zN6l@1E73=!I;VO<ipU)A+pLU0Gz?$uLpr}PBJtf8SK3{;{Kb#f@(@3`#lmXZ)_6=n
zF%skkK&EIT4+0nep%(U#EHiarr>_c*5@G9!79Kuc{n+jIAOTtF&4S#Xa6#94?+iZQ
zTG1E9C!^>m64LvKzGuCHW{`bS<XGm9EN<=bZ4k#LQLLYJW1C{&=7$trlTptLh0MFp
z3E<WJ(WDXAgfb}k(28q$YcZ0;Uioargawglp#zU;Lz)<1087{0JmFN5svGWa8^hk7
zHbuMV1-FCJeALOx4uaJYa;n06MKz0ZehL}Eu51O#L`y*2RvpB3G%3X^sD2?Nc$55;
z0FEZZV%uZ|rsT?h`$PJjnGjJ`JapVGo4<ShnP0#><Eh*PZ8nG9T|K#C?D=!v{PEE~
z1h2(LyN5uuu5t6Wi)X=MP;!XKd}f?y+Pi-@YjC)$85sA}6a9QhUSj%LSS$WX<>#aE
z*e#Hw2t*gi1!o4^dI_Bl>~zaG&g)k5SvDn_0yqs3&lAl3IZ18DqAUK&=%AoKI)*cH
zT*I0xMvKC^YEd;7^&F)3HSv|9_Q{?zU6cuC^bJWRvpyei_H#R#rc&WA=Y&j2SUYX&
z^q&8M*`6}H`}c9nmrJAma$lL9H2Z!3xafnm<rsd~LWlRBvsT=qy?ZuMnbJe5T>iDA
zGY<V4JGy^vc%T09^_Q~yE0*ZVflp8uW?E<3uD(rnOL+_ZdLe)EF#YE+Y5nfXo*Njg
zH(OEapJ^u=xT!S^m?z6=Z*9%d3?)9QOuX`%B<6>DuHC93EsU3^;LYc#_iOS1AgC@N
zv^@tBCqZf9ij9!#=XDU62qsdt7&`1A@SM(sAffydLYKuLBp7`|;7=pr?E3@VH4DE1
z{-l|m?GRW?(G9nsx|XZik=rSQ%2iT29sJPk(j(sPFkNqVWH3a)UY$+olZtQguP{zy
zMbO&)r#<ovht!KOr}KKU^CU0@bdPIbjm!6u`gbP`Wh`m#_As_lTjxg+abAM^1f+2{
zww#<AOt7v@si98mmd!i<-S#Uut9l}%!;iFHs<}oid;NLyi!Th$TQk-0PvHZR+|MPZ
z)eV9c{_c}{)$_6$+tl0s9hEC|5}7u%JF?|P+zrRBvb8E$GWM~n971>9YTT^Y57>VL
z`mYlFzvbZnI{)YRpTuE9TWdRWD`SWMm$t0W;q4X*4FF*EJC^46F8^QJ^8X!fXXR{a
zZu1}3zt*s}#bQJJzR?wc0L^Gh*pl+>77758&~7!=qGLsD&4q<8)0W)uaBU}PPgy4Y
z`N~NrXzy&;y7cDj3!|ao$VxRe!JRqz)Y@jpveLJFw(ea=KV265(z|Y9&Gk^Z$WvJc
zJB-M-X%)4uvUFnS;!{Iw;cBz!{Btpkru)fbqo8J8uY4h+P33cv%(T<ysYF{J+VXW2
z-GGJSlB~A#QbS)+SFG^X*8DosT%vp#xNx!gx=Z85z7*oJtfH@R1<i${oUhqTs`9TT
z$l-0F46l}!cDJWjITK3qZ>jL8Hbl0syN^zWr_v_u2u*9%X+zyKM~@j=!Js>LUv90p
zyQt>wlfLP;l(XrE-sb8c>+@CaXYxPwPDQ?06X&bnJkwqC6*8{p0ahF*huOr96N0ps
zpybzNRqbut%9X^)gIzn2@sHwHKv}=F>c!}_>nK{Do-V&$ANp#0&cClSpBq?J+w5g0
zLXeP{HtU^~=+r6VGAkc54OBEVt={7C?Fia#RLaWTwHwtPZ=a4UU8AV>100(jH*BXO
zP1jn=x;OAJzqV81LUB@smI?K>12NqPPrM#bITX_+1!lKVOcJ42ppSYHyk{&0>zKfe
z)|z<YrfzkW&i>vztR`}qNMM{eE_X-QF$74U@7dRv2`$YX{Wa-Xy=#Ooxn16mwUg^w
z*s6eyaRUqi^=~1(AP6nx&#Kd?k#atzG<a%un^E|i=5kW`sbShV+3!MFPl5kPbDj)d
zF0QH;hqHG`!D$nLQ^);lXROdD^)Ar7Yt_tIg!TF#%4HhQY0HeZD$4Q^)FnGf3ZO;g
zEQXGQcg<I;&5}peyObAP-4kKk-JHf&Vo)L_t*xUQ>Y8l0@(8gxkK)^UH5c1e7S+)f
zO7xA*z4j|$%aAY4XtJUKD3yWaN?W`eS!4Q=>=Unaa|C?l{(WMj{rHq5nN?a=Xz2FH
zM}LDZ?_oWss*&ZW(C~TMA7IoeU)^0vd5rWumBlOrqwp7B+LWFGKt&Mob^w*DV_i>c
z^^;7tXWT~&>-trvQ|U~lTu=%VN3d4_%b>wh*UYO#ax;vHfq5aHq#8DR*(FITMA|N?
z)z0ur<_k77DGN?62IpfkV$vUT@6Y9RIJTp2xjB5?7SIn12Mm#{NQrDHy`+c2E;mAr
z&2|X>OC3|;1^2gz)A-Xsb3!tC;L$4sUJM<rJLJ-LE<59ouZ+u!#7N6hAc)8NOlavB
zXLOfQA)xSj1Z%`+*;N38T(faAUOM9>nwT?R`s5aDtPUJ9srQ;^QK}FH^FU4VO(7*G
zY`r#WhBUu>xOUs{FQFJg$JvRIdXJBEL!nua&k_7-&V{NWZ%9BQBfPW_;3fP<ulA7A
zoJ(`lT7{qGQu6SmtYCt;G=f_FW}l8+XcVWY(qZTr+6*<NOQWT$xxdRuZmb>woNU=N
z*&r(Ea#NngWPdL!#f$V|$XD?Rp^djrjvCg^a4-S+d_OR*$(LhDK7}4p71(6&cEZjT
zfSFuLUc53R5xxUWT+q3W#}yypc}W7hRjegO8yRw-1su7rR1qv*8(7>M%wAHx8_>cb
zN<_P?9ZV$y2@1luW%njXe!sL?095Hp1B%gs9B-_NvItw61s%L&=mMPsg~9~>4IUIZ
zEBg%zS29Rs4ERl)Xu$xOH{2|Ms?Bg5f)U2RLLBKID4v4wept%*v>ur|nuj}58LsAX
z+6ZUefS)%gN}}%?&oO{U>#S3PS4dRaV`*6$`;Z#Uz=a;naAmnq;!<*29(+Jt`7lr(
z>d!}C-zl?^uNp$C5{qJpn^h^b=_4tN3$&kRlgJ5vl^qoEF(ZQDEV;)<tYo98r*~M2
zwFlHpEe|@XQF3C3i^UHBBc-h`4jKWAEX0XLmUY0D`xK)M?+?rDr!qRlbTW47u9|Y9
zp#)zI(tL>$<Ws0BPx1==z3n05cj?(snGKm}JZ?<_fC&g5lT7$|+}cZG^&7*fPr>;}
zaQ&qYr`RWd3ed9}R$sd|y>pt}Kl1YyfomYdrN2yR>Uy44It%90z`!{6VEYi=Xac<$
zro{!ySQ8*`*;G6j!xr@H6w^=o0hT@E#wpukyjlcgP!+FT>G?eSa39*iHH#da4A9Q!
zVOV$7r0EbKs4E;wAUdK>{6>*gUIjBGu)$s9%z1t)J4;v-PP>MICyJq`IG9rs4~?wt
zgD*50ZERau;{2?CKZ%c7RPmR_k#)k^z4*&%6UM&YRf{<Cu09m#W$hs#2f{MC6fP;5
zH+B)Symv)dSjSR!ioXf3j3!!*&f}UF*qOsO)c|&<Ixxn&R$0368TJ~86a4Rc(#_Ti
zMSZ`P^9Cs|=?l1S;j9T*6L~AEW*x*D#7%hp=4zK-Q*CX0e}8Wto?kDB0X=Rk?=L6Y
z&)3hXmA^hnm6xryKGMj(fA79aGczw;TW{4;ceUp;Uc=9Qv6n%$04u=AG8+z%4g5+o
z4Ih-OBFkBnc8SC+C!*6z?YYzmyo_T}YarKHTV{H?Ew6i`Ws9|7iQwO7khMmMK&b$p
zmXsPCu84N{)N=Eyy;<EUi(vw4-%F})rKda^*X1YVkE0L4{6}PWGx_dNJ#LA|-e-hi
zHH($nabrHq@xE_of5vkU>f-r&CBMB)IWcpZl><?x4KA{VlYVC~F&zq~%~1k71M1dg
zxZTvbX!t*OTSP7a@PZ6ARb}aZGlSW^b^)P8GB=`dN-Hco0hPw%DB8|O5+5Z^5P!qv
zK0UWTse&9PGev)N&zf7EV-r57Hr)}^Hu$2G&9t@a1#v(3iX3M1x39cX<o00;zy4y&
z`0VL*nCORM^L@NpVXPJvt6}L(n*jN>5X5ND7{*(LFB>T@(1eXTh0o<HskF?FHvAAJ
zV8ky-hcHStQsRHe`n%c4^vo#;nT6@1aPhC1*2dxCP3AxL!yWEPk+U^pYHz^^k#!6*
z0KFI02jtY!UcvH*V@t<Z_U{6i4>?Vl?t5(w=^<*L92^IgUF@Cu8<Yl0SqABmY2du$
zsK%TzD|{eS$^pqS<&Kpv3fQmd0fPII-E-SS*>8||GYq>6CnD0JI}2lgGC~+m&#{=h
z=bc;yN`nL^9%19#jWx}W+Wi*9kiIbuK>iZD)5@_K$8T8$r~IXs8w-zS6w$$ZwHQlw
zzb9vEz&D-j2|IjHr5#<oW~i>NlrP?^6R;^{B9l94C@9D$t7kShK9D;`24dHDM&DHl
zndi5@)<#rSb3HNsm$!7e3Y4b8Ycw3nU1)ysXg`lByI0P%s(jriodqV(f%c$PkhICL
zPd%e=_MN~a`B(qR3Z-Pw5Hs;{ZN!dVJeHy~(RfHL1X{%o4L_>q079@lw~hkj%?W%r
zk&76A{kVQN-_6)P+(%Xm$e8xcTO0^YD5ZluH(?_2EY%R4YeLdd<IxJ=lPLMN=u#nR
zxv>uT)aoCnvi2AHAKqj>ISE!pz#2ntQuI4!i4l2j<Rub|)5l}>rnXl<ZaSUB(6eO4
ziW(RVs^L;wNR}l_r3_e+I6EF<A`yya65N1yK!51&L_ILby*C`!;M;h(69FadB-OrJ
z?h^O0n-n)|YJ!N*@o$um#46)fotqIP#kJ(ByTYJ8KDiU&oXJ`*eJ&=+*onz>b3w7Q
zsPEHaMo0#G{)&Y*-akf^$wS2{kvz-?LbuQ=^M%3WKB4@zMFtAtpV1HTx^WQgoKe@j
z4Fc0KQE3W!p^zpNR^TYXvjy>ClOFf!#r;TVQZSwlV>1N7$25dEcGye#;VPMY+0d3m
zbbX={v4n^Tj}Exdy0A|9QD!IORavC-X&vOOPs%^{ff04*mNr>Ww8dgWU4CyT@GdRc
zR6gS@VFb`p!B)&~k%kYy9%b&R41DJLRc;b%drAnF6aC`bYdtUn6L5hqS?E?QN`Gi8
z0&U7+|2DVY&}y#+Ta9&UUKGK_I^4b7vm~dUZiTM^uy({~v$71Yh?nPbayrl)<=%<*
zMU+e%!3kvR=l*qG-q{q?${-VJchZ(#N=Q%X%4R-p`Ztds<_VkH&+gos_zzwex$LQ6
zFD%=KeWDQVGe*G%(DB(n;UaLY(30+28aKy8bW}av=5UcpkeKbeDN5M;VNTx3+So{%
zHnDw^lVtgC3A8+;TZ$1;^L%0!IjImwthbZXP*@VzX8YRtm5C6r!FI}f5Fl{9Ezay1
zCKB^cX$W&z)=pVW_MMQ2BsqRz=ra|rVO+{lX03699dnIxq5I`%;}5`pFNpqAvEXM0
zf06+P00{rRr2L;&G<J5nCdT?s&JM<o|EF}JB4fMA58wTv7B%1xY^|l()^w3CBZH!l
zKxtnFFSs&->kHxO+T1A{F8{;Dq|*usL6{s1-1F<z=FarEGeru$KSExrs4^&$d1^+D
zJ&>#@5<N>}GyqvvB$SvUhzilp7;PtjKJfQEx;$c`|IEy3E3{9zM9A;4BjhF%G!S(f
zvyoufZf$|E3|mWGy{>|VLa>4ngz-<aC=o;8G8l*!H7#8A=F*sgb8<nExEd6Ad0gFr
zqDH!cy;GPS4~E#H2#C9g2sv=i$O4D8+yMO`%Zj9u<6uFhV_F4i5wQE2CBz2^tJXR-
z#FZ%LJ?M;HUV7I29y3IfINu)w{@SrJ%<8B>f3ZJYwJMoPgqazVT*e{W7~ltJp~_~t
zZ~e}1V8NC!v~&Hd0Q}}^6ciTdmfOA!aTYQnUEG|UoG>?mc><R0LE30B#j>_i#F)^n
zw8_AweHada1yIJD@N|Do@gW*iQ<eb2)B$so$JH8k+{p7;>IqbZiTkYzuL1Lo?bPDi
zgnRo#o;;B8ZQF4Nve^S3#mf^~8kV{X$<<tZSWpSK;rS_6P*kKE=Qbo!=MWsP9^0c!
zR?JpD&&LMeDMLDqs*$IwL#4e;CBXTM`o$bTD1RMi5>4r256m#-OcsrLie5X<@*M34
zki`o<!0z8aDI*f!24#}E(uG%3KX7V1{k9_G*Hm2%?N`bN;7m|XWzB-4CN_{8k-})n
zv|+kf!TH{d%V0_dz9w$>xjuFviNf2E(1$d2cp!6z#bP81?jzBv9`Z)t&zaUtZj(-6
zWTd7xGGNV+d(gc3ly~8GVQS6EQNy+w7if8D0cc3Df)Qkdys=TOMJ|yX&i9#eyjFaD
zQ$#U3IEs3c$hZ3*oo;nC6&>eSvVC;%U|XMb#MDj?;lS%qog;-ym}p>g!0efFhZ_%R
zglR1%(LwIRX#wsWsI&4}4Kc5MxKZ!D7`q<^o3eVcXKYG?<SJ+IcI65*aSd&wO&_Hi
zL`%8+jqn=1@vdx!WKlQ2q}|flU-&e__z>qBAB7<)UMp!p5_>CmUteJ=)5YiY78dwK
z7Z$r}?qW#Rr5+7hvSMEwuw_zjzZu4Bzk$Z#h`v9tUp-Gadf<8h|DTgmck-uWj0*sO
zX&L~4{C}8~M#heY4(4`FwhsSCVeqze-4spPbN!0o%z#TljA$U<w7;5unn1j!r-{T&
zkla`#lL;giCjbLv1;|iv_}qQvy#(a<8Io|BHE}T6U{!FgyjZE$eANyOJ*gP0^hzl`
zSvRQ<i(J4?Lv!zuKJ+Y37gI4xsEUYOmr0^AY#fVJQNG5;&1m%U)+C<HoWS1g{rTIG
z=EHi4>6lRx(vw^gHreKeHQTv%T2ircoH#h>{>du)$O65ht=M}*t&3A*ObD)&Ge+Rl
zuQTYDlcW+a&8CuIN;+|3qBKHJqjZvKfVxPxNE{iVnW4MRuvyf>;4a{Mf|YSgnM)RF
zgh~(<6CSbF_f}a{anSA`zf0=)CgqHza>v&;!#v$8(Zbxwok_M<J|qi5QIj*abk|E~
zfkgd_J?YaA?pCUq4M5z=2vg|#VvC<NK8T+LS=6-&>RbM^66T5kA@rZ|jqcVO^as?@
z2`XAnw>c2dXZs>#K$Y3HdJZnM5Ph<zjVA$dM#+y}E$YMSDCZ?O13pK0#q|6F_VL2z
z=kRh^V0Z|Ay<oQXsrG{12yUp=23aX`&gwTk^SHz+<5ZLATCh#s5jNAzqW}Cwj!0)t
z?kuB<fRxmaRjkmt_}d-Rh~R6~`@n;Q-pC(Cnnex}CK!)7a|pBrdO;v-_#-CLS|$`#
z{kBJUU&Kt9-FUzEoz|G{UMu(aKEB;=x41n)@jOqg?4B*weDAN<ytvxfZ(+nvo*uA$
zy0PItW@|<R_aXYPa$@oxX}!6+y^KA6+Av>4iI~tcz9%aqdHVtZLrPN*eQcK)z9t(Z
zFCV{;BVz#3PaNn)@zK6gzZjaZ;W(L{8cQ*_+2}k68*TS<OK1O~ece-G{)*&Y;e$MQ
z&<Jzo?VLC<AEv8lr9zI*JYASk9$>4kJ9ydJSueUTGoAF{=&MgXx7sn&XPb+Wk#_A6
zrgwwJwqcfcsg^m<dL^Z^v>xo()h}IqSJ~0_>NmEge!^)-BH)10H6EtkZ(MuD;E|j-
zJr@vb3b(yA`8Zz8r=@gqx_y|hyiqu7MU9vGw<I$-@{AomteCH(tA{!64Cq-%8)Du2
zuV0NjXXWkaQ4sd4g}5>&pH5zqgTToA*iC-De4V(@kilP*_O|R@J(#cHsULNxd;lT8
zk2Cj?WyjMt#KLs_1U9G!fq5^`InTi7wHde@8m2R_K~Z1`vc`q=F|8-gPf9aYy{h%1
zqxGcwL_6!TrswD9a~A9IQRn`Jz<Rd0$B#gN#ZryK26H01`OHmx3VU61&c{}Iy8CMX
zy?}eBzl8Qc@RaRMwRU?0|7Ep@j3PIMrHAbP(z|V}_wp^vmwsDlfP0OE=7zdo9=z+I
zr`)%)aI(x2J81+deVf7=Rd7YdeoJR_pwbjw5%W%~Lp|k=y$=eY71gF-4o7|myN7Mu
z6eVS1V7G$?S%>Dw2@E@c?TAa4ApLira2EjGY_qsCQUi&b9o@E&IsF4~ih3gMRaqn{
z**xfVhMVF*J$Z+aDq_mf%t=<L+Fxyc13t+igS->vJKe|&hRAR`vU9S=T4`t=n}e~A
zH?eBPT_O3y@B9Jv?QZr2t5Ir^W5>Iru`$NPR<B&tP8M(PAeinw1E20Oyv09e!79BJ
zAKdBDz`cwIwsO;13wP#vYE{XPj^8I@N0b+RZNtWTNW<{2sFw5|FNM^>!(4et(!z6E
zGMhqu4*X=OLK(|0<Te%HF3w0Kavk)vcCXjJ#i-HWj=VMbf$7LfQ{1C<;+X<-OgX<z
zQw2zv3IilQk_KnX<gemPlowR4+63LZ6~9S<8?d)c<{T07T4WboaHS$65aePh{F4h4
z(4tJ!SIWleNH&um3Ol4ycb$G2^y<~S+F#EbXoh}-9)XZmu2Xdaz)EP))*TC&CuR6$
zK-pDs0Tx88VU+C{{Ioqc@$D|$Akil1Afpw8tvLQ=2UZQe&kjTRs<7}9&9b!dA1p_Z
zM`kd+SDz5Bh9n}8R+pU8CSgN^*W>;1!jGri_fzhWZpyU1-u(Tjan?$6=&C{1Lfv@O
z+_Y_4o32(V+t`k1^G%5>#o1v}nee!c&OtgPt&yQGZi+(-#1HwMuQ#XD?Cn26W_d6Z
zgtiS{ndyIx%5G$#7uk5e$!NmdMmRw+d&ZUEc_0|-oHMD<BCL#&h)O(8y}LL_S5tj^
zgD#Qo9CYWgfEIED<MFGv66R3p3S=UbJ(0R)<XQh2U<zfv{mDxNy*dUf(gtdcj)Ozx
z-_L`ryJ80?@QwOJ_=a<%OkfdzYGvQo-jf}}_eU*k*my4WnD?~zc!4tc_w3EJ8tH~H
zZ4+%*rae4I3j@#rEbrt6U?FZ5zsi6=dEcbalC$j>_fNDWqQEd=nljWJ6nJz`=Qz?Q
z0II-41i=b<kq@vCsjm={7wAOJv}dbowa&(*atcunxmkD%+5!q2erUv9;uI0WJ)=m%
z`H~3SDCm9<J^u0eu=IIX?(DVp`dvXi>j_10h#9QBF>DcC{ZH-2c!@A`QE%Um9MT>I
z=*@CgezKi&kz>*a0-q!M*m@SNh7K4087eJ$-ZA;MXe-IKKK>Qn5ola$9VhxrO8z`h
zWRdXrYW2a}H$%<-8SjnP-6Qb#`a?)1={Zztn7wVP3mt#sl#(i<Q(|B;J^O~u8BCdk
zu*aG*$r*OrIz+=$sXH^qtLWkQ-opXPBb9AMf2rXQ($&<eE@<v~sz>5zG->RmOpguo
zdj||%b79wb33*uGLsDEk_5Q=E5~bUCqcSVx)9nCm2*sRj2Vl758KiC0n<;?qKF4^O
zHNuZ)BL2G{{6GnS8TF|!7;sDcux55Z>~d=95C6;4quT5{pK-z|p&Fnu;(C!i$_L`2
zwkxbI<rvGmEQka=i)dfaui2%XglQ6!bgxSs5TTJ$TNzM|s+>%11iOv@$x+H-X%uTx
zv&%0`Z07TIESCB8jx1MEbvl(#lxpP?2QtJ|bFV+wN?}OKYJ*kXVL3h|`9JTc=3-zw
zls}tf4CuGe8$&3x;s7kHOVq=O0-bm}Q1g@ayNSJSf^Ut?XU1aHOn&78Yd5?(^NSJ<
z9aE}LOh+HBvYc{c%jI>YtnY_4x2uo%i564p;uV>3L$TM>Re|$g5)&OU3s3;+@wr{F
z-Sj7G-TJLIwfLYn;SLXP8m-_@B>0A$#0H$qCbDO<<yBq*O!pQTYd{GH;8hK05&QZW
z;!@F$bZPmO18JTA`*#5t2iRy=%Isc3vEHKg9s*5d+|(!46{cpEN0=0V7&4j@sz?KD
zbc2FuT|a(D7`N$=IPC^xS5E=Tp<m7n4*rzL$Ayj$jKE>C5@dn3dtikte2Fj~GE{K=
zAj<s1l;(rSKkh)<mIXN=+H*dKTxpbVI%Y^)1Ia|67UHT<QLz-?n|;-=a28GuA|N|6
z(3JvLYp-tE<Y|)pcOIfj1yK;fxx~=9xzNxTBPVP@D>OJCvA6|{9B!kn`ay-*deoRN
zeDKCAt}ET_sOIx6@s1os+cu*=8)x=eKF4bT!G}N3xm^_yJ;6M48R{09K!~yu!iKd+
zAxvOqK_;Ev)S4NrhQu}4jHAVVjT5`geac+nHXt}ysrf7e`RUjG!RJE&^)!-`)Zx=U
zpd-nc#6^-0gKWCpt5|r92>88RWLJ4!v56kOF_fkkQ3;`5kr*bq${$P;d2(w6jaqr^
zOOY^rT-3d<7@^OY9|GG=C0_KhrnPb7J9c+%gEttMs^p5+o94Aj8x9YFQP*keg%r@Z
zB%Db^4a-7#Uvt2Ukv9v%Z@oMd@RQy$nd=JqS!<WfW!^_PiPOi~Dm)4pKME**IL0br
zV(PI?IJz>-^qo=4Cwv-){Ev1U+ac=u5hsy5U>oUYWGG<y%7-=K3S21|N6E1jaM$7l
z1C2QY2WAUlSffCkdSUO%cIwT<(-lD3?k?`9CotO%kn<mB$sjxP$BwmpJ2ieI#g-+C
zF87!XmVcNHlKOF90RAf`B$}o$s8a^JY)l5ex7j<+q>{}2ZWw9^9p4>m^@oLNKKsUT
z8|G+&RQ%n-GG$PIZl#a<jXx-{@m68&k_(Eff#1>!dueI2HDy}}?R`WRd*X3?-IO&f
zs9IpjKqa7V2qoo5ln*f!Ek)Sc1UGm3C?c^*mh(x?0z_F%bTqG#htSzfk5}=uY6EMN
zgdFJn!X!OCI-tz`R`#tGNAPYckt}mdvLw4Bqch)uO;V`|4?M^=GXCZ(0oyqx{P>5X
z93wgM^1niH!grj6rV&%GbHE#$@H2^La6o)h&)v`SCr{Q4umK?|d|}VB8X?qmj6jDm
zY*x(+`=?MJ30XP4S^;v_Ked!lvY+L*->-clsmqi8V84u<i2^mdFt_36Jo_~LgOpES
zBbAJ_I9|61zi;~Ok9Q<1V%fwaKkA|T%``XdUUhR-p%Ghmpl77@xqU`g0H4H>NPOtj
zh>oSB6r+<qktROvZj4;qr=ZP_j($6QK7Q@i|KZ?-8`gQaDKxP@ji3QP4J0#(C$)60
zi_=G($>$^9(F1Fl9;##^N2i9Q2Ous{QSQ=Ta8ZJ)+Zqz1=h72s!Vg?A$?0RmC1=L-
z0)fdYhGeD;zeod_f{shC-C9m#nS+%cl;rGxK4TFc#4s>I`Pw3#<;qDhlI?oECZiF2
zt(BxSJnB#3yaB&Tj`9?VM=LgDGJ72q-DIa|1FZt=1EP)h6edY;tABo5R<U*9Z4<?-
znG5}V`!ulQR6X{SA+z)UbZz*wjl&ao1$Ty>PD{N{h-Rf!RGrU6uLCqdpqDhWgV~A!
zi20X#C<Z6pAn%s$@|?ukb@aA3$=sG0w)L>t{Qb7~nuP^{n9JLmXvo4%zVYwpEPL??
zciFeNMc2KT7Ymy9??NkIzUSLRuw;SPzk*}HE%k9q0akRHRL~ikmd>w&F*eJdl5-be
zcPmkBBzJnK3R%w>)IN<%*x{OY*4+Y_`oWtGB+#t9{#ntmzeL9B`!Z3C3(O>%IN@nS
z7%9xjG#JEVA^5CTKx%;dDht9OCVF5Oy!*O(a{tnsb6hw4Df#VJ8_?`*c1RJLeXB)@
z2|?O?bf{KeT5g8z?7WR>EFTUhcg&pr6^x3~*!vhwUX<W`r92(bFv9TTGrSwxCYjcb
zbjSaN0=ghkWPdR4aCQGutOATd$6m+gvHFx1b~#d79~1nJD202{1{)R3awBDrpZmW5
z*j!8&$T}m;7&#ABNAT`t_g?8tgC_Smcp9ij`}SVzyvU9@*Wk2oieZD(Y&az?uGa%l
zOd*6eIr!5l&?nA(upv;O_OCujYny6bFNd_T$iQ??hH?1Is<3rcI0A_ke)?cFr*@i*
z%UOv=1gP1k!=`TRr{f0BJbv`$rhC)CvDL&8(d$TC@3U-P7(_)6xXLk4jX?DS74u%%
zJXqI${ZAZ;#DFZZfwX4_)#h{S&0`b@h*W*{-Co~!=OT*MjZ+{8S2dE*GmtV(5N0x?
zl_FTb(VHt{*!<J;pFu)LfpHBXqZ{X2XZbc^BC9eB0bQzK*QxbXU0i%kwqt5t&G?qJ
zqJanJL;?A<&HZVeg<y`l(PR?=RJxq@MQtPmpDQTHLIsA-@Ka&)^xD%Jh6up9Xpd*i
zP+|h=S*rR%Gk{^AOo@f-4hxW+xLKfy4+bdDNV_tQ-E42+oIKz!w;a;ZmuT`yKSuw+
z&HhajQuu5rYNWtyuzj17PHXEUe}b-n9b{OEl8rI8S`E6+KA~<1<v#$;ksTYf2?xI)
zwMn;C%i+X|Skq&5Y}nqoptjIaP>=?*X(}-sXRPg;kH7+S1z;DGk2_?Jl@yJPpP|e>
z27~}+3!!vr(*aiV**<V)IWj~UiQ=@2QwH@Jq86MB*mnjZzdg@lQw^iPM@Wo4nS}a{
zO!ruVj9M#8m77LV(9vSARqwme{4jP!#d)1o7IO}1RPkbsxDboULe?q*aT-K6xar%u
z{3axnn=F{7iSC9@MgvdhIp|Lq3#voOFz?&lgL11t@?0TO^6(T`&hXe?dCq;@fT?!P
zYAGDVMQ>AkmL90T!40;jlt7|+QiN}>>@ijK0<o4wY@0O$YoMUn)7THgHhC?5&DUXb
zDAPM-t%f0~myDDr<z<gs@!rrgDuR6&PeayT=d+Pq6V-7i;->8+f=>-3QfI_UV=_52
z&NWO5eP*3kO%R+@%0XdqE{FuW{k|0SoCpUdXx$8K_Q_K&?FwQ8xtEDWVO)EL^>ggN
zn~{a<(X!Ju$y@`&I*N4IQ?P@DSAm4+--;D1#QF4D8IIAy=s6o%+m(~(Yh;w|V`{Rs
z|6Bo^*lLFy>L6k*UTDV_%d0w`UT1q%)vIopTa>DMnUE*k5sjg_aY9e;{A0E%A#dbT
zOu<(Wkp@=skT&=_3suYe9tAN2uX0QUBe&xmp?l=wiCg`EU<k=@>uBiDHWBz7T=?^z
zVM&Y0;`@!|K$P{`h5@rgp{5^!PS=RU$O8hk2TbCzJgK^X)GZCYpQl4nQr*FYnC&tj
zryoRxVYbwgb!e_v?+pqY#*TtaXz%xcNv+5Yj;UXf(MaYD)?SSCry;{{DUQsTk@GqE
zPuYnGan^CRP1l#~1bFY`pxm^${uC=(mk-<!MyKHTc97>8+Fe#}8-$nw#v8qGE<x&m
zZzWn~It!8*mkj3-BCRgB{#)F+#eMEkxFuEMwZUL_RII@2p00ks?@_<{;@MGihNlF?
z4poC_v3-`f+1dwJ){nHt$Z3_0!g6&7G@P0&YyY%+uKw=nsFZ`eK#Z+jn@oSOhQ{A+
zZx(SCg2RD<@qXqNg1CTWCK*AUFf{<0#~d@&CiYW>N`xPew=Tyf7XX@yX>(G=Cw{k)
z7`no{%7Dh~{dl7J!?)BL)9=3|C`@U6v3Z&~d%Gpc(QU&A?C|A>wQNy@+Lk$+J+nk;
z0$IJRM)~Ih26i#jdMnVh;N&mw;=a8NPaNK~yv2s+Bp~Tqb!i)iX1KZoQWsInxzJ)`
znFpk+)eb#d?b+&ylW|jQRuw-%aS_A)i$C8O<@uJpA2(^RT~(KJdI$W0c%ba%1f`Zg
zK5c~4l7acH22Ki*1qqz3zk~Qr*oe6-YyY@8^yK|w3M%)x#GdrC0T(=#%qQpI40ii!
zfZM&Guvrkc7**4BkxIkJ6Uz7Y<86o<m2a*cUluYp>~6Z?#Y3#zW=Ii{3Ug@E?k#pg
zFSrn|1y;iNS?26dY(g%&KS)F9LwB^ZBSLuALHJg1*AbykN+)SW1q2N<uL40{u6Wvn
zpISJ});(Q{KY1c@8K_&*#7keI;?!DDr&*5PH&PyR@f2CoT%qRjB8(jYtSB0}Td}`U
zRuvn?_=KvOs<5SGQb!~F-%c(nO3kh?UGnPpJELwLOXHbV1_m>QPWJtvp$iZ=>Gahh
zl`ft!!cbft%c^-#GZ9v`xXwb3OEBcL0KBn@f&yz)X{XV~!fAdJu%#A}Tqp0qkVyYJ
zFTbf^v#l%?cl89+WnoZ{-f_;+gzDhXoR}<EVI+MXErq>)R<M_N{>`z)FU~N=k`!lH
z#}a*WF{xAxzd4A&s}{hl1hVCRu^myYJk8xoky(hZpia8=rpC;!C<()ptUbiV!fCW3
zFmt6G0t_i;_V6Hq%f=y^P$D=+)e7GAuDz?>uD?Ld--P9x9HYI4K_2mOKjg~_oI%Qv
z6$$2iMO*j*O54aqvI<(=m;}SP9+|f61Z`W$4#Ib(?a`_$G7Jr?zc#`{kquPoBCp+*
zxsv#<?nIdaW_xv35&q40Zp_Sq_S{Y)f+op%Zb*1l@`WmR!~KlYr3xN;uE<O0Bqa*F
z9vsO5L0ZOXqCv>;rx4u^tr@A&<atwPx%3!*H_{VqM&g0za#?SVcBGIXA5D3Ai>x^*
zY0yof5yzToOusD!B<OAYoBAnC><)zT)MuO|HOaQ-f9|kNo<v*#W8R$G36@cNkvJ4g
z<u}lkz4f)B>`h9!gPECMq$$Dh$(;oM0x+`dSTR%CR7fiO=#w9tc)+*aj!RFT3d8x1
zyZiRxCBswj^&ktz%ppyLj(Ax_gMbY7ev93trMuD3-856gG1yYJbEl2sul7~f-(N^(
zl=<7Pq$n1^Py^3wN7dmZCuviGDHf+^<4X+=Lp+G^MNqMhc!77?GEuf5!-zqq^<{4d
zlbR@|wXP`{=|D#|Y}{RVxm225#h}4d_uWhXMyl^$k*q*Hf?kzjhI5O|U}6BFuMo!P
zOQEmMNMb02%bYwsbH}4>PBrU8RiSXq*3k;&u=0><O230R5Je%xctJ}f2ja_!TB)RU
z3Qd1m(VzfXWZw|XO+Z$7eo$&u5_gI?!fOaLYSP^fbTU~m$WCJb!Ymv-*U1nE2RS)C
zR74h1CioG{+Nw6lXL0~P{^lHO3^Sz|CC!Pv((e*R2uhNg__^B1Fzv6krbK?|l3GBf
zgHWs|YZZWJPou=la~AZv*oWajddM1%Cku5343}l)#GtR9`J^bVN9cn`2aUmeBu}n!
zLMU7TY<v~q2t{CO)IEMH<k@5K>cM06&7aK{nvaE`bI?>P5*HWtz{O|F*<0*>(yy~P
z;EOYv6>>eLG?|0vl&k&4%Ba16+ZFc{{9~nkOf0%<%i(XGxg~rIV`0V|F*5EI=mUdB
zOkQ44L+ID+p1|NLB*+^jHaR){{Px~&2w!)wjur7folX<>yoE$1-?E-iy??4cRVhBF
zKWYqt4t-Kw2XD5mfc#pZUNN=nen^OABJG1XdoZ%^;TCQ1k9tc-xnD1G3;cw=*4;-^
z2is6SL;xZ70X%(!?Xn%ByI3o7-YNwR9cSQP-v9nh7;%0H7rIG&*t(5NzoMv5ySvm`
zsT%^uGb|2h3?}V3Vf0ft%Dbmu(Z%Q*E|!gwIthNV&*;p>LElKWY}!bP2A3$?%bAU(
zr!G{yJ>QLBgA%&TKyBcb_1h62M)v@%g-Nj*AQiV9P-mjW3X1f%JF_6%IgWsYUz{-D
zHtpp{-nd^`{PSad51YvEyVJBf5fRWxizlQ%qihE(U>uiGC=OyE^1F=<Lq|8}gU-`v
zqiohaCNoHrhJqSR0%a3ZgyLIhVToCNF#XsYdU=A<>)IA(|5pf1Hq$v`aR*~frv&$|
z;09imo=Gm_gz0lwd>;-=yEcC=CWD?#1AYiJG>6nps}n@v@ZZZ_mI3DoRMolYxXHQQ
zxRtQ)Y~q=Y)ZvfE__Ps!<^Tm?E}wIFYl-A66FE>66vJlxUwpk&duGwLMjP8!RVuda
z<cpJvZQHhO+qP}nwryLd*4gJ=?0vERz`X0v9OE7RZB6V|+SuJHIWG>3$og)0sGkJa
z_m<7TS;sa;Yr|+ngd`4MVxTDw+5Z*v1jtY~F=OiXd@`}cwyb(J&_Ob5(=_pv>O<0A
zkDMYg>MWH<W7lZfPruf3Y-HIq7V`<*+Mv!WcG%xCr9MsAGIkCn1?t*ED<7m?jGcht
z!o4$N#10pfDY*G^%P^%56D1s*dTt|=ko#439B{}v!ljRmr-i>z$+jJJ?(hH31ruQn
zi%BK@i8@e2PUif3;%Ic7sr@y>uphbPT&<-AbZ0boXDn*d@T_4?$XAM*9xmCE&1IW}
zXVJZ78v_34$jV}8<jPBHeb_FwrLJ3zZTI!cWdr9@y{=Vp03BU){^|$UhleaOK`H$W
z+*BHC2x_ysKSN!gyL24LmdEl25MBkWNNb9g;-_pQj`kqTTMtT-WEAV}me=C}t**iC
zQ$AJ47cg*+m4yERK<;s`nKNz2!|<AKJp#Ny{l0Ea=%Bm%eTGm3fg8Kv9|2v4(ek`7
zZxMD$9T#3p{9PYuAxwii4-CTnaX+CfU$w%($#GwT7h3XcJ+ahmU`%)>nMKU2l(|P8
z1fXmtb=Nu%=a(vISjj6MlCur?ea!m3qg-<~7)+?WelHUmJX|ZIC6G+{Qq$ZVr%ox6
zwTi@H;zD0wRbT4aJuS~}48%->LLQxICYIvF3JM|s)GKh~bW>*rT;Ym#L`|o!aUAcp
z(YCK6NI5ZZ@60l#zyhe1C(hHz9@V<nzBAg{lZ8nyXW^4P#M_v((j3zoSc_A)RUwq_
zgnw@rQ0`UcP0p+}GoT8hVjex!bOs02q30>Javq&GCw}ZbR@I_n6;k70N}|dxcM2{8
zrUGk{nw0JvM!x07`OxDF0$_xRdXwi>{9=Zz4t~N=%&JRhvxwup;$?roM6V{sUZho8
z^MpUb*DP<?d9B!*bDeCv-I39(lBUyq4v5ic&c`<(V*S(ZwcRZNwP3TYmfr8-it7Dx
zxC_ZT|Ai>U^SOv-!*gGk-qyuf>wa^Eut-o|e78eF_Idljbj$1T>{4|3*1t4%@Mol3
z*?muCg0YH2Oz_z<^CHf<U)h^?kq~P9B><~S!&hC6=vhEEZt_TYMWpr~3l3DC^<AOU
zTw^*#+|FOUG~NL?C%5EE+l-!CHSh`?$q)byZR)8usNq-y4O}k=)dE%{5Pw0wOUDe@
zYULkycW+29^z<n#EnZfLI|(<%R4|$V)zjkBd=RQFFT%I-ut~vRrAe;2amKMTt2@yo
z9Y86WHfeDl$AfrV6m&luB9VJ|Zyp~*{P(e`Lg6;*FN%#p@jQ8s2MWx3LN$K8bDSTc
zIAM~F{0Rh1Y1jk%fW4eGD5<#8C9Xm4*nvOgG;Mf(AybqWmc@^d)ZokyjtU-9V16I)
zY0uYQob4J|d?qQN69n18)U09kAmsrMy3QxrcJ7!`ar8LtYif$Xo?&ftGZ_4-NylJy
zV+wg@?7k{wcIcvtGf<`AfkGM>6R2i~mIHa>`}-713I-%;h&ZOpVe#RsmtAAmtaph=
zs9MQ7&GIROZC5UPl1bboTYQ=`57T30lrH%z6!2b|_9qDs9*-Rzi(Dn@E|UY%k`eEH
zu=Fa6cYRP^W!awSRTTet@G@1o02;B2dNaQgD9?`}JGOwH@0y;G76Zx+0S4dKm7l>K
zGWF=QQ?o1UoR2gxv+N!U3d}Xg3KgZs;@9TiQY!|zyr@BWt{m{q*nu_U%u^Y!%NdFV
zX<C8!)s`9E4n9tEA$`Oe%CwJKl6=L!Wf|ObX>4xltT#op5uY5<vLzYg61A$paSQEs
zG6}nist))-!<5mF@XOO{aVQ}dti$NA!<X<V>g0HBam-THZ17pR=Y8irQib7>5l1#M
zbx`?bkO$kSG;?Im^i;dc<C+6of(XV*(xHTH?rDF0l_aKTQ2uC>NVHok`z=L9mE=>9
z|6poxi09F`_=#HU1d%D!N6+mBd;5kt>G!hiwtTENO%U#;$#L{O`yq#PL2FiEEQYvA
zc-r)Fm{o@-bfHTaeWogDP7+ph#Cu>eiAu<<)trQ^fsj_GQs(QRhA}!tARFJM&mQVB
z@+TfQNg;bgvAIhlG)WBuS5JQxcZ=;D;KQitUCCDT$yzI-7f1qAjrC87$SKUBJfP{}
zMts7XilS9OyoVZ(husM;(s^b8Or)%*xERi6Ol^5<G0QDOg6gC0uE*H>!z8fer()f@
zr`Q3C#R3e)#0pzN4&jW28fmnL7zQ;R2&CNmfwdE6o6gCHDYswUP7CWdl?6ddz&|%h
zd+)y#t7B;0Q52cV&Lk(>jHfu!wHSdrl^2~}mKUxqyS8t_B{4iYn>)wz5(U(@OS*Z&
zuix({+<`((&Eg^kn^?P(ANB2G1_XL}>KQ~dxXpUm6+aZ~kq&C8v6u*3#<er={18gJ
ze!ue0j(1vm8q@z226;KKVrBn`ee!$n&i~;{?;1a%z9}%pBt9`a;sq9AUoUz*&>}Hb
z8KhYDUlhp0NAbb#$StwM%W2W#J<FLJ;!CJ?X4ekUVMb6ri4Z(!Gj~IGolC&{q^`6o
z5UEH)<6{|C7HY#!mPH+eSdF(;G0sIHnHxl~Vsw-@_0Oga$_OUu1~TB6tfYzylS-wb
zv_jv4Mbmdp#%!JpLn<fcM}h{W$rT!nr<cH`Mb4U03mlVpJe+}fCFBqkItxu!PR@PP
zQ~1kwXpco719MP9JV*$zmhc<J$&+ePF5I<ECvJnZQst3I2>mu1C?jNmY5)q?GP8}W
zmv>zZ6PHkU<~Wxlf(t&;mgC(X9aHLYS$24$=SC1e>#475TBn88nbE>jjRY@ZCvb*=
z#mECL848BB7%<Jen-p1goT5ju`ZInBRla<nAz=PKP@bkvIshIv<e8erPdq?P3Db+3
zbX)`wdVX#uSTyS@pJbjY(NY;K9Owk_WRttuVK<dyU=8R67CMEqrNo(9v@oZ}Qh9*{
zQr;`bHsfR7t0NP*m=?rJcR`Ft5|Ly@_0|N*Kg8U_b=f1ezVRjTGO09JT!JWw7Jkz|
zS5c_n!`RnY`VvQd;DM-E;iC`@>hFjmPBP~~qUs}2$**q+-!~-R>6&`nz9FB+;J!5^
z@|6*M{qflt;Y9S_1E|fq5S5)8R{gu1t4Ta84|5AlVKr8eXW19?-Y*7%6vxqp`GK<T
zK^S~7(s+zc4k@e0&V!FbW13B;vy>3D<}DSU!z>SU($(njUcguF)4>v2$m`|<pKcQp
z!w#EiHo<Qm<sNEP9WXwJ4oxiNarGjK4?x2Q)5*}0gEG(7S(ZJN6X0;c)Vg)FAqC)1
z66o2YdBgJ&y%hX$caA@PtM34zox38cT2#!u5pnc^b~ay=a-P3#Pk4Ur?w~!;ol4g;
z?nH-F!FM)Ak}~U9-MBxUre&qp6y1w@rb25Q{YCd<WKI{r{7xcn^J6?I{5Vmiq_X%z
z1K9P`taB%qoIc?v%FwLVfL}fOqdS8oXr@l=avS=~r5BZwi^%FGsahNM4gd|4=tju5
zaIvbj(x05wr8!FPOI@ingb$fON|O{+3WS7vaXxGlW>(U#l(-#KQIiHSJKj#dpQ@#8
zxLUh}D5j3C!Tq<SSA$E~@}lY&#(gRC#Q6AiI+Bq=0Jf^x04+}p?z-golzmu?6?;N!
z(}Tz(1Xg&H_@^>45zj6ZRjP_?Qjj^4zvl!3?9E`G((SPnUPruSs;Otd2bdxe1Um&c
z{vbZ7OSWAU6f3fD*gec44}@Y2#y+QTLHCIem;{mqdV3?ud|G)*?Qcl;auLxKOB(Ng
z%McN=gZ%Y_SSz5F6E+s-R9WY_VSF{KUCe!`J`!>2NyCcgzEE@ba)Xc&_N-LFkfirH
zRxr}kg%w0c`o9QdxrxP(%iiAA#VUj9gCaLjU(5n7lo-e}Q4pc$$V4l}84fZ9t-z7Z
z+<i+T<;TbYa6G`Ke}+yl!{Up!GwQ>bRB63WQ@oBrv7|a$=mO`58O7)h_IvdeVG)_$
zYtILQD$h6`hy0<uhvb4`6#2CsWlDpa$-%Ddh}r7EI1ttLjW6?qPt|g;n~OHfi)DqN
zx`}XA2&ml27F9=oIXCxWo--bT;_Xyo0g6OWoIASn{t4wuUgaVY`$+akdi}|m<43a~
z&x0xFnhQ-^Yu_8|V)sILa3;CFZGD2<)y8*@r|7E(H$;QVk@LP-b%ytB+}cR+LbAi%
zeEfxV9Ccj4Z$)m0P<R30oLFJCSpRgBhHBMXtXtGuQ#eW_5%Sm7HC<uy`4nLW^FULj
z0>Wlg$w1d&>b+5(CVxsQ_4}OfI_1Dx4{#@(YDlU#)?D6rw*N@*%>*|$(@R<-INr8v
zypDkn;V<#s1+G^BmPH>gaPYm38cE|5KFuYlhmT=1g4B1!7=O<?{L_cTqM7JH#hu_5
z`?@6Cv8D}A7_#syU}yuSHnE#@|C&71WRfw+F_U-dj6MVNAiR71XS`#}w#{4QH2;d3
z`4AY=zmdGb_dP<k>ODJxjX120qk3|mhv;yzv$k~8`&rnnXLGgI9Mkd9tloVu{eu0R
zaeW<c1?k;(am!t9mGABQJF<f?9i<57joD2oFG}bj#K;#CLmwJnbKIn^mT_Fc?4RWB
zo8WNAfIQ5nVxdwlhRUv4mTIdA%vU#;of`fGnYI(tHBMkvLsNF-1bdifv!;HM1l^o$
z2~1lx@InQqQQaDsF1i^I$y$Ju+&^S|pl+uQ_ad_hq9k6|A)Sl%Zl=>zf}<6gZNBM%
zFms3J=Vx9hoFTVMOMetAeBKeJx4)hE?{bO+zI|T8pqXnY8=j8gqoqC-P_g=k$VN_F
z&ww$8;*@QrXeiy$<>0T^>cTGI0ZuewVyk(=q!yTvoN36#)Y3eNkvVLY#Q40ou09ja
z_9zsBuszp`>W60)WrSY0xRZr8=%8dua8~#ykNIpQ#@><)HRw5`Oc)g_(4*UetIR&t
zunm<byw=T!C1*|g>Iea&7(0M340wojmU2t|mw%d<=y&F!0=13WP=Xt;-&IB~aNoli
zILo#7m!RwQoQ~zor%P&Qx~H~Lkh@_6L}dMo@erLTR|;{@lrWuQI9+!mc=Z)LuEa2y
zS${UxOlfs_;-bd~D&YV-$9IfM;iZCb4l3&Ntq-AuvpF&eUOU5Mc5-Ei&7wa`Cp$dE
z?FWPf_dBWqOZU44Q+4h?;WiCi;LtZ;RMf4jk4R*h3h4tV^%0NXL{H1{ymgFR2Ne-*
zGh$(o$D(-=a#QD!;zOA-PMxTaf7vk)X_bufr1~{K-+bwZz}tPF&P(P$YQ*>Z$n164
z5WPEMHr6)2#`)E#Y0$sN%c|wG>}b7*<F0ugOtwx=15*e=J!OXAnSPpxnT4tcW}W@*
z*$ZVip(Qcf^`e(eRB~F})x$?CO?SUu2vB4S0UgOiO9>6e$ndoZrOqPEWt2OBcqtkt
zN19n<0K-h{tV#>1TN{di56DVl-#1)x+1N2YO5e7_?T>p2UFGfj#ZM;k5ZRl?PvImw
z-o=c#X5EpU_W^L(9we+Ap6ycsC=Ax>z&PNPAh^t%>$lFHnZ(?$mYItTgF`lVc*EmY
zLqKNk#=FhtZ`kh1GH+3u<YCEr*Ew7wgksGRC=mnIdQMh+EiDhL&D!O=OK`z=h^dM`
zQ%fFTuPfG$u3UM2OT(+27j13$;jW1W6)BnCBV9&+h=lEjf6v}`qpRwdi8a1KIG36L
zT?3V?&<!p{yCah-sJ}<6SSLnX(Mzdz``)Rx9L$|CF0N=cDH_X<qT+F6h(GR|7<HyJ
zFRZf&F@}a#^a$9j`h(S5ysQJl=?smu`~Li#augdAHD;zX1Q}2dhhs@-0>|#bAtB!v
z5cj?G%4Bpw&<UMVYFO-J4mWLBluL5XU*()3Ax~z+YPW-MFMA-hr!1Rj*fVp$-uFWM
zmsc)@2v6!!A5Fm~Z|}~TH&-_iAHKgG@(Shv;ED^17hD?}HBp+KC1YRV3c%=XyCjr5
zR<Iuv!S>>xMT(s$xUjr7Ub#xYPSV%Y5>ZvmS@*~y|JJLzB6-$=OggQB@{qNRWAw}g
zb73NZXHVB>dle<+xz}Q6=}hst{AWE0nRmy}N2Va3E6Uq%XSCjrud0*uIE#%5BIr-M
z$GlBXM3t8cI)++XcxA$P@RBR|6PblqE1@NzMZuSfj&~#5n~VRpxXrQ{(`&gq<JFTD
zoq!mSZ!6xu#()YvooyILqVAj>9w3^UIT%FD{#<O~9?wNfhkVa*pMQU_e9w$wsh6V!
ztD|@brPDC2HX~e;V)d5$-3ZFO_@WmOj2IC7;2EGS^gYn*hL#+e@3KccH{@|!)duo$
zTWa<E>Oz}A_X4#tMP~44Jy>GQuQ!(i=6Z{$1z9T%FMlivjM=Mxb0z$3RJ}}>yt|4V
z{E1{joe)*OhP|i!)o}X=4X2$xHfj40JEz|!C}d);)T$eSSY?~@O;wc>f(u9zY~gMj
zXr*n}fS<%eC@jUT7vlYv#$!lbqi7m~p_?eUHHL{?+#%k2SKgW$BwhPB0%BXKANxuv
zIUsdg(Ac24*qI+lXXFv9h>Y_eH%da(l+_?>!g0}S*6v6<kTh#gB1h%`RYngsp+e6F
z3`9ioRp<s^1@o)ndzHcWTk<1fP^?yC&8OwD@N5`%7(qwUNHWbfrTL|mggjVMvE4RE
z<aOu+R};#&IP63vu04JGf^6Bv+w<o&@T2E|PaOo+dkH^hQS<tjv6IYX^}fT)La!z~
z<UwB;XhFtpn64?Zl>;yqwIWL1F81@j1vy#~PrI@0Qio%qoihX0+s*QFb`3!+yRX;N
zp@U0ScEXpB&jL1GPTNuF`LHznQFhX%t8`o4o$;qCV-9@p(!Urqp$sR()ye(Yg@T~M
z<oogdGdju=|1SCvzxn9fNSameim4@yt)OmhWoiHJMfHiJ9;L32b0~&vCrA5nMrPvx
zrsoF!V@8KV+KZ$0v42G~mfs-7VnEO8U`*r1Cf4SgawDAlW0K}b%ha+g5xhK09h%W|
z#;)sBs~gKF!iAOR?0Wjj?I!=Hp0E30cR8e@$91Oe&?ic&DzCPVWhcq)IWqylRr$0h
zhkInP+|EHznvNENuhk04?o`c&Swv$&m)&{`(FX3>*rKgKG^Ya=0QkYz%#>2}K9(!2
zx^LN7f<@j?h$w^NrRaFj7I>upcM>666u2lYSd`8~r#DZjK)pO?L-RR2X?Rk1D%HZ*
z!N)s2t@fkmEwUn>JpM?{`xJ=gg1?nyW^>imIm9>}nfg`hMi$?yth{kK#$l_N(Zkhf
zy#VwnxW-HY9H54@`~Y0uz&)Y0ar*C9;A!tYn!zI}OUS0+UTV^=7JGCx%R2{FUW0=?
zl+V_Zyi(hpOQPs@6swI>3r>A_#C|hXU#}dH3Gm@=n)W$?Z5&m1cETQU04p9R!$xMa
zBsh>4dbgn?^{w(_#lUo!QTf!@QJfUZTOOK}mrZ3*qb@gA98{Cm77c%>Gn0iSz*LN@
zC`-?#l3;F(m7tyjl<_up{w}$zmQS!sAo<xI3>WBuv6XM@Z+kSr+%o#4Odsw!zc9ut
z26`~uV389it_eNYcODEnu*yCZ*=+ik%dr+!gw02vy=wnX@>1!(yT@BPXVO%h5i<R&
z8-f8+gsGlI(GxbcgH+u^bm)COSNsGS+a`=(x~sbFmbqrXysf$Z3wAzaT+u^17!sf3
zvg^DB;qTkicPyfj7}>3}BBArpT+^5JK(HHGcvlA*l)=z>4HXiRW|sHRd$w1os}86M
z{T2%)M*(WZ-0BK$<FLOxGTTzEXMMQ_=Z@K$S=!Lxl`GOXV3;=5&~=#C+TYn4Zd&+w
z<yd9V44@ZxlS4i;m~lG5cjzR;9BB`Z%P2v*MtJhV+o0A+d$cxL$kIEyOo<Hid5OwM
zS=PxvEc;sb{g+06`rh`2K^w#YVxiZUbmWKDek#{drcA^*YcMkuPa3})?8ap8FBX!K
zYw`v60e~#-2PnW}ZZWy;F*!5wo;l|Qhv$K+wc-x{>p^>M4tw$-$KY=e9MyUI``P`i
zQoV$(VNgnm!1%4hi@NqmVsBPUU84Mv5x5fUj>h>Cb~onj8XX@wi2<#CxoXCVP3*s$
zStYIQ)ZS3^GePYSir=2jPrc9X&)0>{`k#1+g*3fBD52j5$!ySUuLRCEQR^i-y54_5
ztHBK0AZRU5(=buLRa{=M9%f1tE(h>c`|o*cIbL-hh?<53d%DIJj{Q5dPt2+uAQivx
z+Z=GD4i+ydl%KU))J(QdpJhAZ>TF`<PM^ZKB1CeCt_Eu4LAtvTCZ?qd2Ewj-V>qsV
zU9Bw4p+`a5cA_=O^Ne*bX;wUe*$ZXT`eHf@FvhmWJ-;y?;FEHKyl<MxUwI_yu}G$8
z<tpzdobwTHQSe8$?!ANOMiv+nkmMIWBBn$btrUn+KKIH-{cG;kicuGy^Ea>=+hnB}
zF-l!k^cB8Z@Bp2(J!o@muO$BVCuNBuaoWzeiTFk-7VXcM;#qZ)KdT-p2XQE}KGn;N
ztXo;Saw~hNhwK$rHdP0WDib^AWG%v|*Rx!*#UUp;%~iuh)9^>#h4iA~Jl!LW8=Rt~
zvr<&x^~yNRkdKq*)$3S(tKLmNCtfF$Rhn*`>29`^F%x95H9EXISN%zTfzgD8NGJBH
zF=Wk4B5I8!>oTNFgjA&2HZ_}QJTxXHKB}ULc4_+-=BGl)!@25}uLGnH|I3Qv-)4g;
zs==ad>}#`SJ(^Qv5&#9C=9eazU%w*8H48b-2Yh=j8FkKZ6PuDb{o&8~*@z}`GDj!r
z7zZZ*Y1vJjQ-r(KZX{g8jd~X{8_{TkLfp`<oy<M*dGOw6csR#Zbgv0Z_}e#+EhVog
zz^G^PNx;o=-Hs_Ya&I$5EFxN&Ui?vP4W_SZrCn}T!z}O&Bg~kO(h-*p%ASNH2fO=b
z+jvd)hal|cVV28^%WV}kr;gJ*;*6!K0PT6T>H63HsjERagQ#lAWA;RC@k*?<@Rs{k
zFSK2qWl_k`fJ_&0D;#MOw{{pw(W`O9caIsWD^g$|?a<;pnD_qM!!QQ-U3z`m@ccqR
zzc@Natii_QV-@b9l6-*Rqk`V9JE@a5!O}lcBN6Z1jD11&Y}7ltR^R(ry>kr%kA7jX
z!RBmNg4cT>y(ZIVjU?3Shxra$<?f#*W7n0NHj&3Ov5ix!@{ulZvOdSxGhqA&#LhJh
z!tw$ZAiacFL=MCX-roT>aE_a-NNr>11!iaG2fC@v#etc}vZC9vP6SFIR?*qZP>Xih
zw7W8nA<xl_x;*jRdJ0SJkLQo9%V-KY5)^u>rr!wu_KSw%HKdGzgk>EX&zer~T{38i
znVQL>Nfh!=eDG{KBn{kC4PVvdZ}qs3NFXx)`UsYK0x9If;aEG_p)Ou7AQ5CkpMSrK
zYvngl-2j|Y^kL~g2t+o@_t~Tn!F|j7CS>d`ubllQXbe;C0Y=fM<}nh8o8BSqjE&VB
z!jW2liQLJohv!FqJ!bhb@iIe>j-X$U<BY(DIj2~iQI{gUJ%hsDy?x!}Q>*Lhuhd*x
zR2pvgf6_I~+4J4gM?r@ENl7Jk<y!15gvsGCt1<*sSc5<|o3P(c-K0zq03VlBCBMPX
zV8<23DH@*S^2(rg2gy+}lciglq>f(9<Pts4dvWT9^pyI_*N)XMlzIrH&-#?wfGKjD
zI8ZC~VP5pPH)OqVEtT&r(o?r&3=L*bA^Miy@3kyF>{{JP{7U4`D$tl6y}~I*hq07c
zW89Qbxr9N2msW1CBa?+2yYqrpA%wKJv4coWw+2!v&}wvzuv3^S?!8zG?6Dbnq_w(*
zub`gc+OVXU{r5Gbo`jDPa;`CqvHKMSSDR~|?!J-`OOf`XKnYnuzQ~-j*JBiC^JZ(;
z1_r$5j$P|hn>&s<MG0BzH!E7t$+P3CDc!ciLlLcSP)_M6cF5_qa=_OQ!wZ$>4+_K-
zsn7ncL#I-Ot6tk-+d$hml8(-wjH%OaJrxU}@L>EJCu`anI2B<ZHOJe#wGv45;igAf
zdg?Af7AfE60P}pbnd-RdHG7PJb#VQ$?Fn??oDx#v*W8}F50F)9O7h->(yMV7I}M-x
z$Zd13FMvfWngQqetwqhksg(#I;d0zZlLL&MNhAXEXGh7AE5GY6VT75ai>%@D2D)<=
zt=H0xGvbb_>3s#7abf62XJ}n?OletqkwE+exgFzkMwrRGe)>-!p{7p;?TR4kVlyuq
zkOO2_JndeQ4eII-b9=*YDJF9rq6XW->PYg;$rC(@m}>H>wXa3!3qCjP&$uF(DR^F`
z@Jl0vXfJVQk4Xp`mhEeKO6C)G=x6K#)p>^p5=39l_$J-V-lLW*EHmb6&as9=qO@2A
zU#{fX&`>VnR`u{&GcvsPQlK?f$xQ7ta<w*tT8Khj_{t6Zj~>gQW`r~A0UimJb=~i*
z(GBWDvd!+fHB^oyvH!N<f_a>71~dppd@M_;AJq2iTgz~Wv^|{hz>eO?H0|TDepGLV
zLp4ykwZM_j(73@2w9u!-*8udlKI!ZwDIR0b81d(_e@p7c;WcA<ly1&`C7q$ZjC0PX
zv1RoF?ZTg<yqt>w)yQRF`<6ol>I1fh4iIlR%+ay<B3i;rk#bq4g`F6hDwad5*RQ+-
zIOQ|gt&n)~ro4n7Ep_<043HSfASGpg%30CMh^P&yXS0KEIyRN-nlyty&K0{#_nG#>
z=Uv5d@Qh_MQa5kO7X!P`-mAkTKMjrz3eRg*nRw~(tE+^AAfcNjk@^&xqsPaqWE^$=
zYI#MhBcV%gQDHNuoU70zMfb9Sz51@S?6f;tBDs!)NcWj#-FC^_!?Wx?A^0o1Ha!sM
zSr@p1!-^TRN{1x<)sXue5-WlGNk>aGMve5<p>;-eSA>FDQtR1(g>3{Y1FUUD=|uqc
zgZtE}2x`Q1Z!Gk?y1wzveEsb)--pv4WxoSy%DJfMTUaRArFY>6@qf303$`FLVE)zf
z@lb()NdH?K*vVec(ah%mqm31*S}AOZp?pu*oZc&6_30UcW^6(vD?)4dT1Q<a9NKyk
z8kkuoj^d<<1iQ98_uMQHjm5(owp^F`i>05H<anoDpE+_ePb*dfl4g(0SrgKViQ1LT
zvqybQ!-Z(cr5)0OVhFP&)5|Og?z^Nz+|Apj_umYp$+oU%ilExeOp({b0mf1aq)n6A
zhK6;M2HA8^Y9**+WND=&iE0i+CPC(NYRN*;#o%!WLaO5la+MF%+12-|Ma1)=%If|Y
zW=-P&vwwwSMMH}LnU*t-X?$^`W1S{OPfW^i6FYLO0x7}-u&)UA86%<DPc%{2QGDTO
zK1-AM(i8S9h0=L)V}dCFg!r)u3Cs7}34(x>xiSN+60up`JjZ7&EWNQMgOW_A;(Lsp
ze9}msr2)rsB2XkldisKC2nKU-SSTiA!!{{M5PXlKkgioDNE<vR#Omx@Pb<B=nNeZ?
z5}>%P)PGrk8%>!J05L|55mx=n1|(P*!gPI>-kRKiXll1iRjhbvvR!e>f)v888g^nH
zM4F%lQ(sD9><yF%ZH&2JWvmQ@5;jSavNK>Zsuwv-l8Kr=`YuGd;WI6vWRiMb65C!|
zfc7|Wg1um#u%(ffM)z)a_-PDZ3*4po1SxxD`!r$0<=xROMmWU1;I8XLdk4&s3Fq<G
z44KF3$co->TS|iN;TzmSy%$u=WI9hL*-4MV%$*mG+u?RJB<*c(Z$pUR#jBNlNLOFs
z4MNQZ7#vPC2n2R(i?wf7U#XR1Ph#O5`WC154Mfdz5tnU%N5TC#d~oHp`5{BBl)(n<
z=C+}(2XnUTLEH_}#)`|=cCWKdRyR1ptmHJA30AC+0V2f4G2`^9^{K0+;DTnmWA9=&
z9((1q>V^wX31+R@lLDeN*qA_u-)G%|!yQ}?JN@|c^#)1h&8LaKmug|Rmxa#2@K?_>
zg8yQM>oko+h~(#35q@hQvF)il^EqzINA%0s6~{LRyhyj*=Aa8)TKBJ25gyrH_RHRf
zqd}J_*e$(X*KI?*)`C4?eQ!uazcTo<?z<<`QC7^hgUC*gU}K+D)5f#w;Xap`EsIX$
z1};z68cgOE0g_BJxQeTyJO>`znk>DUJ$NFBb_cH$pgsq$?OmLsQK-@^tPKv+UE_YI
zrmSfzR4x0O(Q6<3G@my7x7`k-cdVBuYl#~T4-faK^V=xeQX|SAvkOlf8;brK5U*lO
zSYzNTAS!b+7;!A#QN_QgZ@vntFz|QW8e<RUUe&)T;eb-;9g=cA)F?AtC<mpxwI#OR
z(#ua8QL7jgijx<XAx<M)QKZNn$t^;bri~Lp(|B@G%&pE*1K&w%&+51~Fe`{-Qs@ma
z$nJxFnZJ`z*ZxjU%N!b(Svi=%Azq9j)Zk6Ehs+kykwdJq6Q6BQ5WlDT*AHpB)O9eW
zQZL5N6(}Kh@pt5wF<K-gPneS<T;MQg%vGQ*<{0<r(h`9qR;5&|SZsu%X%k2L(n}7j
zy$)IeagPvFx*Naml^2&g9-E>#4n`j%39qOABivpr>nl#o7yvsaOY3kgsYB94SZB?E
z1Y=|2$M~~a?#q}K+F5!BoO+>2oh)oZiOWq3+G-%yn}>fmBVSxR%*Xb^7iJhVI%s)3
zZ1k6CT7c?EgplxBd$vYpAv21Wdw>TNfJ+|1?ck+fN-}?<G08)(wy-y6*RplxY(@ia
zEofBp>X&H~3s6tQA6Mbz9q6*C6Utu-jI5^FFTSH|(i9%w<gXmIDr!dXX}}XVP+NYR
zP<r(=u_~zLq<M00DpId2kJX`{KE5iQRqM*>L1H?SgF&B33U#w64>xK20c_DN7UBDB
z4t<DifxdU4cm^Hqf&a?ssn?e8HE(%ev-}7!>`$3pG4=FJ8m99RJ~-`QM$jp#OZY?P
z<iA+Qj4j{udpYk@=i!j6?Y4`%JUK($t}Y8rx8)-Bp;$GEFsjisyfdAwY1106x!z&p
zt7#TDy9PCP`@OF1NlGfj#>|~)$ywj?T^YHzk+e-(<C82tEN#oQb6ASSYMAvTwsW&H
z#=e|RdZRH^!S^EK;JWV`IY_t2;b$n{2^^yjf;I->AA@m+*P5xN)GHNpJjPnxlSX8`
zxojNQqm|2{NytxGQ%|a5uMX${q8ZJ>ch}tV{O2(O4)`weW=K=PI_dJ-{?A-0<(!B{
zyYR;;lQG(0G9x*p=IYdIzd{%siA7d*M3{b4DnM^*d>pvp+W60VltuxoVg!P$BY&JC
z07ENJW|T10igW8xIACcDu#ifFa?17~dlcY0p?4X-TxMOj#9%U{49aWWn`8<X6s?5n
z1wT_>f0G)AZ3ejl*K3z*W$>e=o0~2q<TUG9vp)Fo!b8~Iok2A!LbSuhZXd-JD%`?7
z1jrG8D_A&ixpMh&pW#XLfyHwC8pr~Vg-J*n7BZPba@fWuI{1{f^9q|ZjX^O*P-3{t
zLKnN~_*)!+>IaQR=X%O*?8^HV_PYT=8ZKLAr>8-B8yP<b;l<9AairDs94LI@^Gili
zg*)?`#-pWLGJmtxOUGO@Io+B<m$kd>GYl4mTN4jCX&hd^*(rpIQAYNxX@;b4rWIIX
zF!6xKw2T?zhm47+#GZEY!9=ifQ<d0R3G6XgUXWoKlTvUQHuCIj&W2H8=qlV{5UU|b
z^-~7C-pAlq#)OM`cY!?sJI<=RBkgW)AjJ7i!$kPNfQTp@DJxrcNlSYA<$Lu5^?#ox
z9y&4zn!$j8xS)Z6i2loI!pO?j@&6ZODfiiLh`@DyP|<fYpOG6DcR9w7`4OtjOB=-#
zP;~IRDIZF#2OidUNOEQW{qE`wuQzgG<XMEwAoUFifrOI90$4XLG+FEMUOUgLx<X1;
zy;OY;0f;hzmblE$15RI1oYx)uwE_tS-Cdc@eQa+xK3;tO67+s>0)?()bWZulDW`j^
zfuT9rTG!(D*T%inFM*Q6KJ(I+I$<K9#<^?|#UTljm&ZocPnTYuCSD6X!bd6-($u;$
zH$B=kmt!8!Jv1=6%3cGlzxKF4dU9=*W|f2MP4Z(wr}ijJk3rBsbeZ4w{R$k=Q8d{&
zhg`bJTlOj-AC-?4jlUicit_gM5}x(n&PrWskDHBJ&O?y?W6+PG;U!Zn&ewm|q|lU^
zr>16#97#XT^fE=Io?2%ebY2MUEe(d6eP&PSzr;!u@39X6l5zaT!~~?5TRQSM*SqX5
zHX?oG&FKS?iQ$l_e^7VYVBtXTb_O@>%a?gF`@Q5R2wixdyMI|e@W@X8rn-o+#WCqX
zjj2sy=2H!XSYvxto-h5AB+Uga>SSw=dl(u3%f*Zoy)tl~<&nFWMhbiR$0D67Qi0hv
zn6#X4I=M*!98J5*722q|)H>fEnD<23c?vbT_Y)%uZlAh`=G9)Qk5YrIlAJ&S)iXmG
zJjbTIk{tS&k&@wcek1=8V^znkZyco_<W;HrI5Y%0oV<#i%A|L}wM*Q!Jrh`;KV1o|
z{#d0GFhiN~w)hhrXbG%R8LIMX!+c_)z4e|5t6h|69fuBvCh!{_J%;U~)YnttP;Jcj
zT+$W0hRAy;9*9F%TX%)JDpynZ;%UMjnyf=yO@Jjc1=b<>Z^2u-9H)*|KP-ld;_`z+
zBq8D0Q>5>B<`7<v9A>bv@X(c|Kh4?+{Cgg9{3)fnew59(#xG0xPKs4@J5llRsm@B*
zrZOz*2I{-|l*-m)1}eUOPO2{3jCeOjaYbQXp8Q<fQ@@!9sj;p=?kZI|%lmMXGmXnP
zc*?-PM3K^+%W4uV_$DDnLo@;jzq@gnTGbdlbz(cUn?euC<+@rqT?P`#i|H=gw8hr!
zr&6e+usICD90w$yF)~IZ?RR-Oq```}Uf0XaMyFaV?(8#7x;uI?kw{iDUuC}85lM1}
zM<y_9NS^{CU_U}P_HaG@C41g{dOlt47((AGdbyagz-@XRd@*=lh3i*b$nfDZH=o;w
zF3?OH5M_|_Jn#zPd!FC(5RKS&do=#i=XoN(?BhYs$lOvMQJH*JN;-sCOsn^J(uX3K
z_hi?2cGNkUn;vaRH?@ZI`Y{!F+Rts!Jt3c3)7zJHf=qaR!^v+1&<|wk7>do4aap(j
z$yo(wtGD_o+@~ympl<F?=vvjc-<0oio%a50y*7%msDh}0(q^;}2ljdX{RGu?ddJ^c
z@DRQsw`sAo`+Ku&yXMW#^vriWxK{hmt3m(}M1JN55Nh7`>4yI&DQ6;xtqWm(&jvy)
zhLt(d&+noqNZa+TS1Y|<Tq251I@iO1P)B>jc4%Ec@A4Mu$0qKczQ<pnF&OJCo_t+k
z^n&mXdfT1mR=Zp;$=3I#xA|X#-*;e-0gPFV_pGnq2mAlW%%bE%uEg|@-28_B-;qkj
zW=58VI#zlP7XO1(s``(hg%#sJf|gc9DQC1Ysh7NrzrPLBn%gWS)x#uM7tU0Xpw<48
z10-dem!!WxvOR!fXG2Q3wyp#zVSB%Z+fD#o*;p#=%Vo5KL(XlANys*XP0NTu@7tk&
zm*o$Qs>&TnCLsUE4OqE?3fi@%^fpkAVdL|<XW}9>Xta)=uY=~l5?Pukw^T6R?r5yE
zg8NXtGO<`d`3N!Ij_6sPaqeVu0O!_F8~kV+C@rO!oY6jxxxu+o6l+A<EYe4<_t-3f
z?$a<Tsdlx>yMQd?_8&pZ&jrm!$Ff@Yq=GmjCqP+(|A({2A_>~mdy>hsRHc5H@6bf<
zw4~D$sf@NE69JoZFkbO%I!)x~>*zm*mU)fj^S@zF%m1+h>M@KZ!+wcL(s~n@EIMVE
zBP2Tz!Td9{<Q+3|(Zk{_0FEt`oOD>hU;<iQ1$V8QgY2Sch;tcEeCmUUIp~<OtXIk_
zi)7Rh-)2?Iz$nF(+Nl5Hx=LeVi1VKc?rzE+d8P-Z*jJ5K)}BjjRofxludB{TP)Qg3
z(*u%Wgr7r7o92zf?NCypr`9hwp|En6Zo;wV+YX_?5{De<J=S~Y@7pDjOo|jKs<5Xh
z^eHLI6;;s~WI{S}w}qAHbGA$HK9R-s{zuTl&>cxTG-N_8qEC<GlRdb?7S@Wrr7e<B
zc8W-McSWBzh}mGsoED$@@QoHS<5tD@NuBQ#MK<S1DT0c;6J=vC8sIPPlR7xpNVLDV
z>+Fn;Si=RvIB1&~8@usJD_zTk?WFp2C(h80;xcDw8^HI0d1saBX`G~D$4Km?QUDEo
z9%1JbKNzrP<wH2!Fy_h}1@`8GEd$x|^-9}**$;7wJ~v{T8hR%6^X$B%70>j}97%d8
zcv{^Ws%!SM&r0ZYd1b^M1_9l+<c;$ul>WY1(7*V=6zPCzAEmGC`_N$|EKB4kQx6|w
z$mplq2OeMN%g!;ju+I`@EA9$v%+Z-aYTqzfXy2W={jgT1U~I${NoprzV=fVtEknd|
z(unV@;eRA8IdsMgse)LD38su`Q3<Zho>7@TfIwX{{1Q5j<pP2?OA9g_Dc*$t*A_^`
zyCwAM4cI#>eWJiq5VDC4+{i`gGaOO(8KQ6Rj;blx`;!k(gz`v{Em9NL=_-M%uN)oj
zyN>-KEgoQ%SzYmEe{Jh5>`C&Tf^Sg2b0y02*Fc3Aue&cQ!u#cN^3oS!W<P-4<nZV0
z^J{HQq*#aKJ<<ZU)7RM-y-V-U8zKHt*G^D@Dc)AVR4l6XFpbg@570PPFg#xSxKiAf
z_(PJ%PT%)abLoRr-gSx_@SnFo=jIjZH12mKP5swwN$SUzKTogu=<(@Em8>stg7k^#
z>Y3-!SwUMe<>cRT=Ov75R*7aayr;8lCo2K8vmPDo?x${;9xPcGUL?p}ByJ7CY#GA3
z!tON^ZN9kt74psAvfsy2K*yVivjviWve85s)-$%;^I&~(A~0~(YGxJZ1OwfZEe1(1
zeLCNzGwC|+KVLh9*|=OXY|v~Sy18Y|lx&$q?J27)m{kps{G(GRI9f8^^rb;uEAHTj
zul&_E;=%bHN33U#qjrs#STKFUUtBO95NGg^1>_EScO0Q2Zn(myocH<<E_Lg5XTfc4
z`}*e&Ta>~AU^#F3JLaG)A%$+K!R;oBR;~GK6g!GM3`O-CRmEe$DdZomyD)rmK+qMT
zwFRPHlH_2@=Yn-S__`fXu2n%gg{HjZC|ayrjuv3x!@nHj3K7b(*I2~AX0Al(!@8|(
z>!X^Ff5)hHnh}~I#e%p@a*BX_9Hi=(Oz4mF(>%-}{d>@BW9rym!vR>k3@K@t{EDN?
zK<|MadPu#XiLm_`g=$+vYm-`s?yv);)??7Sq8+;VF6b?D*}vL&z7cLE7YaVYAE3)N
z^Z6KRc|M44{yzM%#_;wa^M1Aj^6nMkhff7tWfW6EEen?C9@npc+u_1&Ihl^8`eX}s
z03)ioq@@C%43<Dc)`cieMuEA^nvFgO@CJnDMkb*39vEx%ILp29fgNj{wva%#-b%zf
zyR5-~P*MDPmFFoj58$JDfM{ISFOagfftQFkq|b%g58?-qu@&1}#YV<rJ6!~E1rqom
zTI-Jp3V5(tong`b3Y-J~KsP7lo2`Rmy%i!lyRN9OIyxpr2$NzIai!iToNlbgNTw`W
zue8@hVbndjAJ$Z`*+yd~{)NtXiq@-zV`M|ss&nt};U|5gldJ+IS5St$jhs7zR_@hD
zJcIz`(f?({+~ofvaGCg5<&}4$@2sW%mK0J@05o>il8iXsXPhj=CACSJ(}2~;1QN|j
zyIq|4&x01ANuuf4tzolkS0Gom-v7ayQLmE!QjB^ApQFK>*+m6o+B6s2c)gVvyMD8-
zh!qLOfl@-cXIFE^hh8x$>HP)cZbobp0K9Cbo!bHbb}amwy++D#k4-;S1aqH(&xX37
zNUUEw9*3o}<i3WMR=Mky3TN(#n9d1XFCJ%<2W7p_|J54>ad3421m35YyfokcWmegO
zJOzgGU>f5PAGMm?v|UUkKh@G%hXi5S+m(qmb&$_Uam?kht#&zi%DhGH)9Wgx)NVp}
zZQn~p4Z#;26^Sbk#Wo_g%qh~wJ-5u&dM2YykyJnfR4yBt)2wI5z;i$;dx_|@>bhph
z5_j7C+Aqhghg~upP?=yKS*<_4%E<>_4QcgF9wIuQp1IN9h)iHNB2X3<#2jb#zM|eI
zC2xzB)SC<>i%_t?rYT17n|}D_%2{8V7$oHDs`jR5@p-{zKLy{1$J~efwwd}n@ETuR
z@%dQ{Ta<-QLTJ1Gx9F4)fwlKGL3nod4^DP9V(Hla49<sW+<B<M$46~;{c<-R@@R(%
zp`HouHH)JR)q8Y~5#G|;fRg0sR?(kCGYE+8YpFa`mYGv6@dpE=h3X!*YG%YUMI;So
z3YQE}MFXP|?n!YAu}Y6O7)eYbd2tz=w>l{rnmK|$&grXSHUH$Y3X-AsF7?8$ChC9a
zYC8oLB!)}PITA6gwiw};jh)X|K_j~CHx6{yReGYfD7J^Noc-Ow0WYnXp(z}~ogm9g
z(y$_JvRI9YO=#zGm>MyFwj*Q<k_iZ@3}D0tWVk?Bc#DF#i~=zT*#>!XmLbVhe;7!u
zYeu^U#o{(G+O%fc`*D-V3_Oi^g$s}PK`B5we}XC#`mBe0Hf8fVi$OYKRo0|#&f#>x
z(==-cYviw&Uh!C%7`w1o`#>CoSIg(9B0-PF`KNh62_x7?ac!zW;MHp8=?D#cquw1G
zqrxIg6p{SL<|h>t3F_d&;sw~^T7->SI1wY2)D>T*3~v8Z7FI7;V%v$-Vxx7u;Uz^a
z{>m#?eK6Hs>kL;qIIH<HEE_*`%9kA<_9inN&i-(N;mtg*81qEdl9_CSQC7+2D%JWp
z;@jr-mj>%hs0LbE(>T}-@TVct8yP4$ES7PEUt@)XW5ipL-);hai0$u!<|F9a<k#k`
ziA_Wz5vx$nkCzz5nw5HsCF~DFM0_`~T!Tqgh6j*Q3mGzx$5q<UIz=0KJo3}j4|E8r
zOjNW)3iR5W`?87sJ{wf4FqTg58}Qzm7%Hh7FFnDGy<#~>syl(t*X}Rx&ipsGfgf)q
zn~Wrz5JolrKeNKL6H~>p9Ud<@*x}AxhRJ*SX+&qVD$c$sA%88dJyV&O(bSm?ac@s~
zLd-mL6Mf2wL_6}#PDVUdPaaS)*3R=raqY)bWFBTsBttz!OeJ+8esR?5L&;?=P`->1
z`ya@ad76EcBjn7V!*KsObxm)^y$hm^Cl<tSCP$Qk#}P9%J{xf7R01ee4|2Vz?BY_P
zwkADweYK9HYffvid_H-#vTo6Ka^LQF)SLypYSdnx_K~cK4x+6X<_vZzf_j*}%!@4f
zI55-ShygYdw1}N?f0(u^9$2YQnt5`qp^kMDwicCn29LPKYP*3tH#m{-m6ksHafSAM
zWf)y=T*(__U=dnWBJHje5OJ}kb-Sx%5A18YV+!Y*6FdJ#SS?5DT#sc^F7U#(a+v-`
z<a@R`nE3cUbQkHNoZ7(nYs^5;2&)=^H}~Q7GHKG)boIhSkm<6Q&?prh5o<bDQ$ZiG
z1joKJ{SErR^Okc#dIp+*fMpg)ARvnWlDC-H{2#t@m7<i)#{ck@?axS7nIFN%34HUa
z0rAHL=;f3a1~I={o~xTWAo9b1w$qxV$N^$X8Ip%<ZcH}Y-D`h*gOrs?$^#!rCuDKi
z{Vj^_QFgG!g3x8fA~@He(})ZuRQlZofH2FqF9>(kuztlzb3zF*-T{*uL0?b$iUhnP
zDCE$?ZD4^V`E8*?M4CJL$Cje`@j5t#sO!UQ@IbNaX#K|Spo^0;ipwP~+=7M;i>)=H
zjQSgf2aa4kC(N!96pJndFf--2uB@6eLn?F)DJnN(=X2ry5>f&NKa`swIK@fTwUD1-
z@-Q0$jntEEU@z!PJ6R%pqY(3Rm&6xVqO#JPRfg4EZXPR*6L*x;DDuKI$St?ZBbLH^
zAsOb0T}>pesB!cz)q7#N8&wMKXC>C@I--2ljT^qQ^{V$-BCVS3r$fxW`d1B$z78}h
z3ciVn5jEK^I8ic%b8t=W<wv==KoA$7Iu|$Uqa2mX$H2(yr&z{8eV5Q9qRN|+PRvn$
zz*YoPpx^?PWlg%vd03@nR1Rwsd$wB`*vA(cOHD|__9Oy|l{4ipS;R`-<IJooc%#;~
zKK&uZYe%DUj6N)5s3e=Xu>DnIgQ<r%&B|tzr6at6utR~9QS7|J=3MZAxZtlbV(3&g
zPulm0);}>Sr|W^JbNFk}m8XX9WYZ(hh~Pm1t5SSeIRX<!8UvZGmnjT<>nWG&`P{}<
zXEuHg$F$PaW|I(V6z6ws$r++LZ_L$>pC@Vh{Mlm#;_u<q;FW}k4T8<EdI3T!r+|PS
zsyfx_m4^huu)m4H7P4VChDNr$dwC_DDO)75pcH_sp1=iHCJmbYh*L@!x;JpUDpURd
z64K;B$LLHt0NGaUhz%|*3ImI!cDx8uF2;0UG)%}szpY;}J(on?OK5$_LW4gdOBYxW
z%?nu5pL2iONRImi5G6f0HXoP|gm=y>2D}`eUtHyfPlAUBS8t5_m2(f3V<%E#b*Rxi
z?pNB=MIH=ogGiiMb7l!Ys?B7=VY-|5#qU4uI&6F9EN$LQM?Y1od}>ci5wDUrC`pJu
z%9cUaR}<e}kKX@h=5`|0&fx!LoaQh<Kve%_=FIh+_5RP)Z7ECH9Q-HiR6)AVOIaP~
zq^T8)4Pc7{ZK+0Ocg7HqgE~NdnoDBo_hh%AzTZj7jI*rSC?=Q9<@btXA;cdOy%(1Q
zLsVBIQ3A);OwMDa_vI?Ohv{L9g`vu=q%l_u<rE!F+=kkSAZ(SJl1_2c({to)H`UTr
zpCIUME$`)H%AL#I*5@R~ch<oEH+(b_pduVJ$b}Nfr>rU(i!8;p+kU=?F)g45F6i|t
zN)nZ03mE<WXe^Z+=qe?Nc)tiIi`niz8G<Vdi4%ik4fL!GXbZ@PXq3zI_JiAI9LSeQ
z^8?(G>_gXqNYyhMSC~51!)I*azk<iGpK9E@L`G%&u}qg86|8ZJXdXe;5381G3;0FO
z>+2*Czp%N=hm*^LcZQUSe?bu_Kxi>$ajD_sQi*nw)uRkA>K|lz=RZKhT!b!%&;ofk
zi~Y^?h1cj1ZM-dlM2Zy#AHm{90`B4B^Kn`7xO!qWg(G{7LheA#z=tI+XIapog8kRu
zGz3{hsN4!}9iar*<5wP+9RW_>JZdKXR#E8yB1sR%!n82Q=)>!r!p<wYm7fQai(s)f
zC4H8f#yb&gRgkm=7B62<42G&bG=jBJ(W5<#27;-hq0mTYGa2WEoS701HF1GY5_!Or
z76qm?WZ*uws4`^(F+`!1<OZsP=!qwgO~=cL=nNL_j69h*`{GusJbjn+JeI1Q<(TKx
z9I)?fjYt{0e<P44U2t{&Xzr^79|bU>9N_S|uXIy=4m2LFLRXb3mnEcX13bB&IBw0e
zvsQ~%O%waSleAtkt#ksb!&)Uz=@2_1P(UI)qRWK2nKqBTVINC+z6m;QSSEa_>7CGj
z%~E^*19;`FhpYN}7nZpSJ>ts1_UM4Ddv=dCty-4G3S3L9&xJa~bUzHtpx!#CM$H$>
zIK}dYvt2@#YY!atT99fUX}lJ3ano~0+zhkLnAD;t3GOeLhkW@!+|{<~Z0q3tVU)uj
z{u8<*2J!i6pP@W4=D|v-kVA|0&k652^2ixLqtF(<4rRP+`Rr|bC{P5^x-f4R6yVr$
zFdDIcqALs~1L;ej0Y+cNL*1B^)h8)84)Qk-&rDdVy|V2n`l<iJ_I_-^m9^{FN50BK
z&dCe@$>8Xl5@b97LT;n?icG{7B5_7y<Mg*vf3jQAa{f7e>;Kc(SwPj1HESDpclY2B
z+$FfXOK^7$?!g^`OK^g7g1fuBy9W*K{N$VYZf3Z5X8p}toYRX_Pw(!-s;=Jqt*Y(q
z`fVWrpt_$%&8c*5JvRbh<(bnt!_*h?&$y+gbQP0?Vw5fsa$!+ED_oFcDIz$QYU<n<
z8GlY5H|Upx4ybWJoAe07oEl&@X5T#0iSBuA=1`~-H}oP=<$dchVxWLiT}8x8c-B|`
zl2ly7C2_#et}nI<;rN_u#_ys?V+eunRm|xf{<ZeSy3~g21>Vh)-K;{kqNU>RcXFyM
zVgBM*uk!A7<%ITMyo#f(vxA|ruA!}sld-GQAJd5WzuXGjuVx8w4(4@srPdx)p8${=
zIo3I0+hGoq>3Ets)+d8G)RT7~CSF#tC8ILXL=Z<hVns&NZdRpDP{1mWBAD}w^xc<j
zR7^K;c6*O3t}+58xu6^Ei)n7YFHp^=o)E22LJ=_?OBK3!K=OM%-VPywG*eLk>3<C1
zuNtQ+X%thDp)@(ww&VvF$R|*-)|6&jxT}{iM-bpfYFND#27$}|rmeErC~F%fn+9Q|
z)G<Mw2R@6}q<F`UyV8Hsb5UjJI%$JgaM3n0alxA`Y3ob{Z3y>W$@dO%ky8cO#CsZ@
zufE0UR)Fhpk>|h!GT)q9Mj+9jC(hw3gvI4W7q>sg@O5`7OM-vb1lMJUgpu^TgCW6z
z+1cyb#+Fl2uWKpYG?XY-QcBtne7a%vSw%u+_B$7n<g?BsRAgl>{Mcn0Oc2-ni?({C
z$*k{8J3q5<DC9(7D+wUvxY`jEGZJffaZh1`g2C*HHUzbctE0)!L<!I)8jl)#)5kpF
ztE*bR7X&lUFG1dc;EFs2kidN_=&TFV1TVsiP#SLv$j~Adv(ld51m1AvFI{M)u*l4=
zYOgKMYwhHafuB<lWA(Dt;HJzvGw1*hu~J<Q<OKE9*<GNE)_|Mx;4wln9(qV0!vv@O
zPG-{J%Mkg~T65d8k@~wf(y$68!|mYLzysdOwIohdknec6BTO5wt0?CTbR4LL>*ild
z4Khdje6eCo!2QS`gD_pI`g{4V_(_S=I^c(L!M))Nc{X}l<T$rPBo9n9WIqtob~Ue0
zP(wSam!BJxW5u*4hf_k|!G}}y17CnN8JoWrdn6ywYWN(#l21zkpX8uF7-P;MgOz__
zVVGI<jYwm!5K2ZkZXnsWJ5B`e>jY*{PUoXHPdm)@63poaarcG{hgjs=OC7g*o>@W_
z?q*bC$c!>tvpPE5t_Ft368Mm<TX(mqIMYU?7WD2ww?6XyWr%<82E1oxIoJ)xd9|Kf
zt0o4I6u;ic={T_wj)Bur%c$by@(se!xraYFzb9+2U7g-7AB9JYCGi6Bc+0o?<{+vG
z>Gwyan2Kz2x9R!Fxv<#4EA}0HdOz#4V3#TSqS~uzDl)=?mOUFxY?s`QN?<)9^gV|{
zU+f4U1kSR(n!P3r?0lGT7BJHh#?HXYAGcrbeq5MM51yxW^D>u$`}iIL$w?nV4yfHx
z&J}85g}wHOIbqt=*6D3ioGG*apmEp-0RhdQL5c_WW8v=UhJM$sG{eTSX7vY7@BpUW
zib9JH<7*EU#CjX<ni-ugPfp%|FQ48weL5CHj=Pe0&|uX-prvprF88q>R#IxN9?Ud!
z*;QQ2vNp9?ZbO|q_KzQKSI|C-B=YxO`_hv0Nl4WogJ2cP>#U0K#(v9;^|E9caSvXG
zDK(>Ov2%lp>iG+da+z6Tv^}BcAtofYQ0}vN#Sm|l<~R#uU1PRNbTQpepLl|2JYacd
zLnoS*=lkf~QhTS(5Z*{fkdvYLtp{i69I}mT*da|N3vD8m=<7_9=NrZ@&eF^s;KLhe
z0tm>l+AEy705z}1l3?i0iNy|Q(V{t_lE+)O%ej5qzxzB4-w#_s5I{hk2tYt&|K{_Y
z9GngR$JZ^{yoOL-V`@llufFd17`?|v>qBjVa2ZKMTsn)~0)VA<CV|zTegH@0r6qW}
zNAh|SJQcE!009vZkxH=&yG&9kZQh8*wpQz->Lu$(oT{NqO!Rlfs;~7H=(k!1T~ccc
zc)s0RvE>F*MHx3P&0QW3CGk7cZ*Twn(m%+Aq9u}F?sS(GPxWwg*!b<WD^{rYcnTGg
zRU>MfxfMcH4(a(-!Mj&giU&BCL`kDGyG%xEx^kwxlKFVfAd7M7j#2z>F%L|eg<!OK
z3x(34&lJ>JfW)LV4oz=z3^gn9GjW+^1`-K>9(3!phssvK#W2%F@-BCnOlIDZ@~gPx
z;9f;6@}<>Xw34LiIHiYt!pW={hie)p0$a;^7&MLR35$Z=8Rrms*jxm=9m^1pQ!aBt
zu$x2aKp<%<8dab@mYx^cD2;`P-A>=vZ}ereQ~YCMXlPo%sO1c%b&xxjx}+fF0h5Y`
zGl~uj1Sx2QBi6gU1LbCH9yQ33>fVn@Y4I`^F|#UZ8mpbym)8RL=D7_%F`tPuC^%-8
zsk0myY6?{Gooqm&%(NFf+c|Q?jBBq*+2!Uml+n3%Tm5wh;nf_(cC2kxRFZ(3#METP
zvwe_PH2q|5TVWn?P0in%dqd{R!1_32awMrCf4n=HL=gPm{7$xo(r)*#A5k!fvrdrX
zYxv0dN&mAW`n<ll_lMD|L1*7!Aio`vD16!epBN|Z2d+t|AP{ce-9+V%$HMj4cc{=$
ztrT~dPS%j&G>_H0QHR1VDCeD_JP0lukZ?v5gD@nffKO$<s)u?z!EE;4QWV<tiH_Fq
z3)g+?jn?LMgf|j)8s(;p@m^-DKu7h{=|`*?YIe&<HprIpQRl-$rntPcJ_yG+QNW><
z9|Z=Sj`xTvs@kz1=m|YUvz~N_OC2sY3P<Ta*Ktu!8sN{*4dcgsK6Jz4oZ$L?FnN<i
z;$a5KKH7<(8-Ex~vdmQ-I6N6f3yp{d6^wh!ryCq4zV8}~4|b@seY*-f{fGhMR|I~V
zZ+7gF?zqHVOSsI)a!5RrJbs)IdEvW*K0}*G`q@3)%oCoNxPa`_U=q*6q%*y>t^Ni0
zS3jGKac{p(PGVg<G7c^f{kb@9O!(zIZA`f(H<Fomd;X<6kzJ2X5BtI62a96cTH4M(
z<i<veNejBT?*m7T&wX5;?~h95e`*EtPL+W(>fyH=z+jWvdsaBs3|#VNc518GRSb!?
zog8yJt{DQ=2P~w(Em>L&u9S+U&-4kZRn;}P4VxyjyKaY%+yPxAxyu_89Tgrh%Z||-
zV(p(3I93)Ladl9ksV`KF(G#YY%EFQXWSF0H5KJ!AmPuAH^H&RUCUz{mK|)JfsKY(5
zo%N_D7Bx6NI$svlaSeIzU6PD`=@HpktxjL<$7#11W!y)rxnqA<kYV)*nZP;^l$?%k
z!WiuuF=bs`B~1Qfi!bs9D<3?1d>aa5zC_~_*({5B3k}arb5=H(<=O|aqaD8HQiTOJ
ztX>r*w1REkW=?<Us7Svj4x}&OO!=_VYEQEGS&LxYLCD4R(y-a=pW8d#OAhMn#KR_k
zfCVCjVPbI$8R5?<g}JKzbQm=<@5gPQnm_*@V-{5#TLYMC4iOHuv5sXC`3h~T#d&NF
z&#gDMe5TD0+kO)~=v%pb0F{~DjqajvS=crf0#wu6*cAjqSPmNEQ;kp`O~Zd7JK}=c
zxG|;MWRYXr>gIJVw}fNhHj7OtaI8tB%86O|arm5I%4p%U<vbo+V|ukpOl25buaV}@
zCQQL@84de{CK6|ONNlvOOIv&|3XK)j-s@924e}?1p*kCOxBQLR!`jbTV+@Eew%Glk
zK)7UR;VL_QtG;ZKw~_LWaxwH$O5UpZT-o=6&|j4@x)+l|?N>>L+tY@CGjFN-JZ0!1
z3}-ZYr<_R;+qBecm+L^p5BRn-k|8eakJd7(Rj`-ao+>@G000k{$!FZ<wued&wOs%|
z;XvQ|!;_fMjicH2Dyz389+CGg1K5vz^c!Kde2h*Jp&AeeOL#1Pre1!p7es0)^A3mw
zlSa`Q)-O}WOThaz*%XU6BiZUtj{M%Kx7pd`gl$mX#Wk4@F_yL*K<9cWxw88>!yc2=
ztBcO3wzMwRq)ka(@w|C!#@Fh_AhzGItO^8Bqm<(T4DOeF!52zS4F!XW_;S(R63<c2
zXFAPtkrjR)!zXa=C$8TA{XTX$2ap1X1p;Ek1_Gk^m;0ELxwWyQlfJdxpJBVYwd3Ne
zi26i#Vu#Ll9R_S(;@V)%yParhP=B2axuUAZ7;zG45h_v^g?v@}`GJ?06xds9Zly6D
zYj@`$>EOWIU6T&Sv{>FR?7)dNZGg6rJcEWcdM7PiPys3|PSB)7kjznnIe|_DFlV74
zmw%(dqKoD<Z}ZZ!EGUbjF1*4)&YPq}?wGPNFuutfo+Ey-rAqU~g-Mm_vxZ~K7|itd
zgv2nGLeW@^+B15!AO#(x2`3d{YU0?>)r0S*bF|C8fA|q={w3r{=P-%g3?Cg<G3B{L
zRdX#LCRYOus@E*0pG@GHi5dnQg=|fPm=6tBVV%F0IckPWau@9zS%j<7Xc|i#ZIsl^
z?VfEk+OWh3^#};Mq-Oa!h&Lq|%P$$V3y;dHj2cBn*w0FjYmf>8%kW52wo}YPzyK-S
zjEectScJ%~?|lMEC7ZTDLnJ+1rNZ9(gHG|+WNR2zsT8yvu4;@?A$@XE;h13(<UOsv
zL(ncV(4)ml!)19<clH1Z11gQOm2XnhpJcxZC~x<E?{25+zE)hGQg(Q3hZ1@1NJ!18
zoHeM39v9())IjVcygmts8j<@HTcQEjU8f=qKUappQ=7-MZ#TwM2n{Xcc~7@~{2aIy
z%g%LC(O52X%kxR>YkKQS;gqHH;xuk##mBwJ&cg7CEZZgm=U}f01g|;Hj9bz<!{n#(
z;E@OSa_(mGha`Zd2SKE^1AQMTq$|?;r{GpY4|s>5Us7tgG2CBLYEKAkj-;sQgy(PB
zBK#{7xy+5#E34qGpX4(9wsb9HO{4gY>`h6N{2EzK8e6B*;2P;8DNbCs7rL*n@GIE&
zxspDu`6I+gT~m1M$Gc46!x5yu3c*XVkH5n=?M@cK%QO{&ruCRxK15mGc(PeO6hTr5
z4hRJJH3L>0&#=7#`pR=HHeV_;pDLhd_2ceWhE6!GN?T6w@f2-07n4f4wKrvCdDnhY
zw94$|D(E(?RISL#j$O-|F`QR#k!O}A9JoA{V<4h&AkduMIc;(-29A!`eRN^E&X}l-
zVs7&f&N9brdRUyxC0?>J=p$&DgBy7sFPz9KfyLdTZ&LFp8#*~#Z^>+Hf+N|Gww|BW
z!CBk`-CHKOw$foR$fD`1I^^K#+X9cmhzjwY53S8Wgl|09;_|>6h4*UQPFJXV8PI<k
zx(b0Dqv{fCs&G+oUt3%nI*r9|ogAyKV1Ai+9$3|(_J0rJTtEx!4zdHpOg$4y24!PJ
zQUGY~ppzDkIu@yYEnWNCC|wx~h+cn}TJ-9>GMlYRNZBS|g4>}~&a6bqhm%2Afb`VC
zGsJ<5J;f)0d`_vD1+Qj=Cs7q{UMJ5SG)&qfjE35R*kMvheTZT*Q@FuhHwx<$FM}St
zIk{=<_4M7X6D-O$Y-~O|*M@)s-MEpkrM89H#{rIK3fzOLmLmf%Yj*bocVC<gqAh4i
z^stuE_2j-a`2z9S<ZVytI1lFMU`eOJ2o)lO3<Hq}V-icEY=;3@2?ot9RTESC2Jhra
z#v$QKy7-yTMgAlTCZEj%!eqdSe2AsKh1>~8g!$ix9?_x16~SQ4%c8c44N*!vK`TLb
zd7%x2S?U%FWFYd_;HnsR9`v9P!0q$II|fRAv7*hoA_2*I3?oBm84SA|ZlnSM4fLI(
zY)r!PQ!3UTdo;y<2L&mEv+w0$XkLmG!V*KWf)kDYaEF4$v@90LNK2-GW{BREz(>V#
zv;Z0U<;ZZ_scS@$95ZOH)PcU=-<#KSN!Y6sTLjvd6-Mf|?0OF`VyrG-ZI(R{mVSuk
zF2IaFXxgTZTjuGoZmIA7hPi12)cf_ZXIG(*pNGr)2DoiD_{UzANa0OHaIOfiDBOpM
z92V8BfLaMK`PRWa?4CJauktwV6!hJ08Qucjl`4V&e0+Sb`Ne9TiZXEwX0NF#jrJGU
zKow8AAJQi807pidYQ0Y%uGN-7wA&oA9wjpj8J3O1NS7OEG+7){FJM=`7g}5`!G!qK
z!m>l}<fSe}s5j8s4CYpt$7~oee4Eo%FFF-2D=T!l;`WqjYoNuF7!kC85tq9Kf)j&n
zL}f&G!CgRPds1I!6{m4IpNnX&3gdph-eXHO)-wU_*MVfb?%vJCv~CTH%N1(mO$v1R
zis>*gwekpOKI7vqZ93Y1Eg)m2YK7)*z876(@S4Q??%_#`lF)O*>SM{wu(+41`o=v-
zQDHRFmY4H=AOHS-rR)naFT4Dqg~ePF7rM}me3>KskQ!XUsZr<hA}vEh`Ni|W&Qgb=
z@90CF?b@@`WowHJw^FDTv3Xop#1{_n&}jS8mzNmJUR1j<dpRjW;+N?O`IB##7NyK6
zP33}I^8%B83O*=Uwz_Z;(ch|^ETd*&RIxdPI;7}xvC2kr+t-&Pnn##9R+HFU9Ple$
zm@VEpcr}I@u%Om(;T|MBQ}<x8&(N?uZ>R`uK^wVT3pLDg<T&|Xi>;(GeL4;mT5Z`x
zqUexUR40On_LLvZdMwrN3vjMTZL#b*BmgQ1^fYv2Nd;&=`H>QE<!X=WTD-@7eirE(
zax6`Tk35}df7evN@8Mf>Kcz16ecw7)u!5mxI~Q`)n`#p6T>+jG3bO@)EKaKL5eH&k
zM8y&4qLHNXfGSo%_{xj&K?H+|tiOa(E(p^Wt=(&Pt;Ew2TPdeL*hi7hmlGeu!Lz4Z
z+<MsOzM1FelB-B)T-}S)Hm_CF7}iuf2@`&yP*=JW{Z6&r*kv_b1SZ34WKl<_4e4S#
zw)|2EbNxmkCJ@F>6x_yUOF$~>6EX9Qv<OzJPK$a8j9i$WzN>x@IXog=yh5&#y)?mY
zm}(I@#mugzkwgjJ5ziRsp(f{S2ZJ>-uKB~)jxkl{-Oc`i$7C{Av1vfIhP^eRuv44&
zxt`P5_Kx(k2fE*uhWLHK7GrkoVP6c?t|Ed@xBiZz_l|*%7V4d-j=0iDPL^awG|5JA
zaCb~mVRjD!I^ySilA${P0!{W2nv{>=z^;rkDu8hZw>mdK5$(X&{Z2CN5tI4?+)h^r
z9qJJ;tMO<3rVG@$lu_=s6;3`2LYGyIV+1^N1A?8fHd`1KYKIlr{TfYJ7A{=!mvVs!
z(_?M=ZRYp=IcP57h<Zs3Fq=6;kze3ox>!>>Q>FBBs++OWciMjlc`d>0xRT20c4|Ih
zcUsZS5cc;AuJNX@Q0UMo3#>NAP0gxiB+{7HQ%VqN?EzB5ZcXy8`n5`xEycuJJe9R6
zKL;rp7X*!hiPAM1p9}`;sSw)GRL!p!m0Be(e%_OwDOe$?8@{~8Z^~*)NVV$6z^~mj
zOYK-`#ID5XVR{zuDZZY)+DdXmVHVJV-t1#=ceGpKQD;LGd|BVTT|d8VuR<{Sx|Vei
z+S>2@MQSAkkXuU;BwlgGS1iBJ;2kfd%TYukYf4@exT7{*wq`Mt%QSq8|Bxyw_jC=D
zu#3`DXco#cx!2YElX_|!D?v*R+$^9@QC&ELx47UQT<uG5&Z+;8qE_yGqdlhB6o#A1
z#(;)_jkJJq{qTl#U9?*EtEEg6o0D4P3VKkxI|wt(Ex3S>Af{}*L!0|?gzkmsa!ssN
zFDZ$~%+&}6-NX3z8k-2H>2;I)ra#h;Qp$u9SWr3HS8fB!b(HaG>HuRmmt79Ie$<#*
z*c!yd`*rJdS>83Hu*)2pP$80^b}Vikayuq7a^2{C=Nd#RR+$MN@~t#*clfKG0LNxD
z5fNVx&WuhUR(;;|CM8_uBbRuc0bj!c0wVdhNZQTL_>UmEOkL}>D=C8atAzHaR2pv>
zn(nOiRy?F+jy2o&Z*gDn`3FcHj2N>ysDrD^jt_j^`(jH@_cX1H>~>^x)Pr6C>lK3L
z3MNpiVmp;ANMqovcGW1#r927<kw^lY>kN`)hCfPlN~6On5IA#<D-Ef{@{LGwJe_Tr
z4uR+p)B&f{g7Qtti_?Xhrc{TT>Lf}%0j4CjtA?jh5^BCCSKyb3n3}`8@v{aw#RS%a
zq~tZyPMWI}P(#L2$eV|n_^GNOOL;TPI4YFR^R4(NRi_6~-}<NkT3{3Ms#q|{a=~+A
zeD5*MH3q@tFC0_Xg*Y+aJrna+Nw?(Pp>|WtDH=?6cgGpsO{9vxJOd1~AXrQ2!c|E0
z6%J6g<YB6ljlzrE3rKPK<Kj!0B8_3AmEf^qNU>!`+`b!PSVS<#(i=^9FCi(<he%mN
zxu+?cEiYoARI=?gSrJRj4hi?n2=3;8i=XZAq~xIjq7la^>c1pEOK0FA1C}Ag8HG0<
zTqfhegq1L1EumLSV;&XIwAj+H>82_@4pi?@R(#4rg)z!p*OJKhFQ8SX>JWycVHdy!
z*y#sBzKUnFXG%S@HvtLY?o@`wG}}@|>oCRNmZuYEXF(03ZJLn;U#J^hKrqkT&~9CH
z){cd4fDu3L-{l6kH?@YY_Yz*N5P_M__tkY#o;7a0P7I+q9)0fj95x+2173cg+YT>u
z26|>A28y_o?ca_qnu%N6j(ZKU)ym#%13c)PO&A;F=W-|_j(ta`+A;?HjK16`a0=nW
z_0e`+1hMpdFgz&lWDrq229%T{q<PhK9gG17l9b=c@A1$>-*(-#&ZaGrElbDlbXgy4
zBa#`*s!7V>@gW;G22sW(`!FY8)@418>$>(7+~z$=9h)3490?AmS!|Zw_BD@ZZ+-p#
z7gV0=()sZx>j)=TD6hTQ22nzv$FYeHva4P{52;#1@lJd8h-Ndq2D{@2F9eT$2p63(
z`1ktj!Fcud``;P8C>&l3g?6+PgY&ucW%m(Z2F2onZ7FQub-5&8ctjv+{vdMsYIuw|
zV5-DjPRJAUAF(X>4Lf}+B4slkYj7vB!KJ%GJe-OF!vY|(jlrn`a<zv0s6lu=KFj01
z)0+Nya|{%ZY81MkMc)zkJ9z6Yr;pZ2j^S0XtLPk0+|fsMm+FYwrbEG9b4`E=TSEK;
z^qejlPk%$v=c=ut+}!+-Hs~YfTDmjfT2LMdOevKwc2=@nR}x~|G(tf~wi8$^nMf%8
za}F}zd5Lhc_B^o-$tDi|?A(|*GSuOcI<tGaJyprmiP;VFrHkAU1h%N8O#KG_S>ITN
z(3wO^^6@l!WF|!t5)M$D$0nsuid3g60I|#(7!HXJ_2ptKkumCHB7k&;AK8(mL+u70
zMv<0lL$nX+B}wTK<G8C7GfqQ|mw8N9SJo;#)*$LAx_h{x>w7z2I{Sd+U91^C;x^^Z
zlEw5die0@|g!6fw2WM5f`1aijyiJWn=u9}K?4UoAElvTlebgYp#i3!NlpE!{aVWXw
zk(r`AZd;DpHBf^rq8)&gD6zi-rc#5qSi5+Ebn}UJWXgHVsGePxMOnQmInXJc)#*sI
z6U=Q%c&%UtFWdJb$oFboZx9Vp(0hvcy<Ss9?A_Og;ax?>iUyrStxo_sS{b=Iotkkv
z=|SdQFx+#zrsSQT51$dC0J`KhYozrsxKzc)p8j9yqo1oqvVVd-FctcD(yvm&#xrVR
ze#{0$;}DFZn#a1;_>P&|d`mvDkO5X1WnI|K-Phli?d=*9IwCh44ITo83oSm&WZ!>y
zPR5BS1AIK!C=g!AYQ?#gRZg0vXB-{C+=Dj&yA8i+6uqWh%O{xI-m~rJ<6cSh`lPAW
zo;h<+B3=7g*G+esPpZu|USEojxiaW00;6=oAkOs1HA13;v0!nT6qb-85&eKWur@pr
zA8O?qtF-*>YWfewLl}se(6SXw1trrluK2fG$oXe_gVtrN`?i2516Y!%0FAHZl1iR6
z9*D@Yu;N|}$1^rIz0MA@2qu}-jRMCAeRaYf49D*L%p2sa6p&RFH&cW*=ROXVK$qo+
z8;ijKcXLfMxU(}Jog%&*?X)+J1I$g8b2zcxAHMc$LWQ-dnG?rjM6R(4mY;gcp+TR}
zYiO3^s1Z`pwO;h<o$`0%8W<{%LEDYmo1JmMK^LoQO`5%1ir^bF8P&tZpI0|@8*$6h
zzR3sY@ZB6=Tnma0I<#Fxt|y%fO};3_{%DhTn1@6Ny2E~7wZZ~FBl{&4*#_^}NwzBt
zJ7uyM8Y1-QGy}p+0<re&f|rXv&z`}o%!O)k)rltwcA3v!|KkmuXI@+k_-UMIlsVFR
zYZy3!9O1^#WJ5g@EPyntkK%mF<RUVCQKN9;R$owPH)m0pRiT6d)(#CK{1V&L@P`ZO
zC28PjpC$Dz55IV*p%hqa=XCAPHlu9$p!RIvX>5_y#Gmfj1;{4xK(oAzM;LjyH}Gm&
z_rfGhctVaW+t`Juc$cmdy*ml5z~Ud@?~#20Y9R-Fc;;0adGE3C%-Zd2QpnP3ks$X2
z`Bcb}hjEW1RQbCsP?RZ%*v_t01R|`@;j;!~qN4!^{C=81&$}!}#}4<~B{&LC3)6V`
zowl#?DWjAY!|_@jByrpYSzJYt#TCo@KF}@~D9>|3+kViO$HeFD-FGkeB=2h-s&EI6
zx05NK0ho7f89D3<#~xKb_i%?|i3PjU3V-4Wuop%v<j{iW5ctGsA`a3iEk5FB`%%!v
z7&nLd&#b7IMg$R7LxbET;XI9pu+Xd(;%fPn5^{8!30MHr#B$M38W+I?WSk!DwNGco
zXHKQIOc24t)FB088iWoxX_UfsE@EJ+H7bW|+QLr887YUrDqY~m-E`cfdD-dKB44Z9
z7D4^AzE5uk--ev+apsZkrR&bW6hTS%tjR>^U}iAvAD0u*y~Lo>FPxF-15hJzCS9_k
zUA3T9OJKl5F@ASx<5%ah_BYS7ek_cRg}mHLzsXS7$1*=b@*EYh%)_pgbmUGu_2M`8
z5Vkmx;-!hXfxl#YH*~Y8GryczG*4rgB5_|WWujTJB*s&%QD1pw=EKYMKt(Yq*iLyy
z`cj?Q|4Cx(T6_#gqfCO%WS`s~o~}mfZ6KBv_8kW1b!l!G@!!irxH#zB*%>=H{#S^w
z=D5j*<UOVfh)-H|=BOvnklkat(fdGb5i0XUYM$v|34Uuq+Z!j8BKvZ4GRXF+zR6Ge
z;sdSa&5|vD*(YAC_ELG#9_j%72JJz?F34ocn!#;E929-9yoOkjW{f+@PDONFeR>E`
ztfJ#qaWzX&HA4Pp%_g9+Ek56PW4#*|G{vD!5pu6{4cw}kuMh#kt^Ly0jOsqdPxpXD
zxLVd&#PG0wppX4SNfN~}vGkJh#dyM*ABx^hf|L!CBwmk@jEDg09-R<B6=?)eANi<g
zw&Et_4Y6Q+o&Z%4Z@*2O#!3Ma^_D>OWU$mf3qBuas*$=t{}qWjOl}*+=G`eP<+c$<
zLs`fV1!<I`K&L6<PIo}PY7q>wb<9d;qwO4wC)Ka*xMyOBvGkot_Xd#ZBCt$JR{C>Z
zyhyMrbESm9s$?X|T-F7FAh}+`VTorn$f@bsnb>nUtAR6vJ2OBk{f%P7r0Y7DK)Yl>
z_IJl6MiYvz$j`K`$R>WMek@<)^?)dvP%&`>FRZL(H$a4yxC)S<jB)d~eU|{ExIjso
zt@tYpi&C$z?1t|IxSQ3ma8qYCe*a)=EbScVO@*#4fS#aMlkc1X+z{--<J;Z@Pl*2&
zm~YJU)GvAgD@d+>KyP~_)03|Oc4IUxDuvK@E9z$%?!6~gU?w5ba6W3*MgEH8GKHSc
zs3!*4`d#~}sZx|HR=dk`OjQ=-GQLbMqYDM^2ROTym=6VynZah*?!377mU3q{8<}^x
z+}d11d^;QQ@NPpwNu4Y1e88Lxj*l_XIYnDtwCAQe?Y`%@7kVttx4gJFv7o)+*X_$l
z{@kWqUK#WouF>=tRKYfl3`YIa*s|DxRSQuKW1__QGklTq!epGs$np$^q)}tvV7v10
zUW(MZAdaG;j_pu;M_ZUX@YXU^ArZ~d?v66+bIAl)-~<Uoi339SBFm0|F9>f#z}XqD
zKxnkl7^F;&K1abvQ&Qq-u3s>~)F;F=5nnu+VK|I=MVmf{zz{1zw)Cl5j^(G9Eb3>z
z2#@Cl^F|WztTK9@#y6|725&>jw<yfBcEwN@$dry?YO|%BLpzE^!0~{%Zv%To2ls(8
zt+R2cf(1odoj95Gj}XiqA3B^YOo4mDj^6sAzAO?P60bYoso#mZ)ZCBMxYBkfLI68c
zHVVzh{+#V-(%vCFBd`R-opv16Dc%rkZ!r{M)cS4F=_F!j$5buT8pX-;bG7dmV2>O!
z8j8V1CAG$%?qLknGUIZi0;=H+gFiyN=lF!8;S6md9->v?9y!u=lxKz0kmzQG8*3J@
zsN>fUl{QEV09IU*OUxODYYr*>5?rpQw8%<Q3cj03gU3kH7m}QT?>ueAfNHg(m<)l%
zIxcL8*#B5jEQDOhA~mu)nJC%|5jv1+66HWf#kQ<yM8qs{tZ}m@Eu@FJqBw*GMP)vp
z52ai4jFFjYGZTz>&1(Hnd>#SbX&i_)@SJS(vMG3K@A(M-bz?Gf>1t=Brw7BaC)GC>
zv<JVYCZ7B?gMl6+#j_V>Kp|&LFHCWj<$>mES&zsLzDg0>d-YNUfWs03s%09`=1?;P
z8OgNNvjhBE^aA-K<>TiALI4+2uN!f=DPDr+5^#{L%-vFSCFupcs#If-aH2VR+n^9#
zYd88Vvt+GwnQZ(*C3xtSCfbrIH)3pIq#FG2b7=!)G}DlGA)3%&BACr7+4RkrPPAK&
zB%1RomG&)NJBG*_s*}N0R$Z;3<-><SKFIXcS%&vN{Ws?%0~Q(medvKK#;Ii;rPgO~
zm~RhuH`h+%wM`_GFF01?4xq!zWRkMsCsB@Q<<7h04s^Zwq6sOcNWCvVel~VrpIdag
zTOguq8$Bm$JBJ6$b;J@~D^Mq}r(F|7v972X#rS#uqno&nO^ifGw*>{Dk@;@3;cuUE
z$X5PD&_k?AfSj&Gk-9X%rn~9FQxgdBq_>(cIiZ<z{DW+yICGQ~M|}wue1Y)?O6jm>
z*vgeT-HqrE<{q*sR5YzLHI&JvsG#HT8#izAW1mv=n__^0fF?kIfL>LzKn}+GM%Kpk
zPOeTWiX#r`3~;RvRIRwjWPZ|e8Ow`!i_6zBm}fY^nOH-H;rY#8#u$qOBZ8AR!SpGC
z_>hm<L4FP$sNRgxeyRSeVS&+t3o>j`pZzYZdYT;;zY|h))a~t^_VKLdSdNgz4NA>j
zIpwxX0593w)<x~n;~UA%ale*Aq|l8ieW-*v<p{e1w38T525y61)!&<41f|itMy&%g
zA<NP(1BMwhf9|Z_EgC@b*Iub)bn5`mKqM-Tl%pEfC=hA4tvmRpGQ$%hPv7U9!>GGe
z#Vv)*1w+2WxQysON8CcP4`Jrw$An?0rVc_c4T0Z4?ir)967S$rY<{7J9jm5>R@sb9
ziWrK%Su1nHwQ%O(=$S?HbkZ-%RD}U1jGcp8hzpysQFa5w{&2}FmJ^a(YE{cEpxlwJ
z;`GJ2)XBwsChJYaf3cT~dRAAF6YXJmEeX*8dt|kb5K?YF@-9XtFeL~FE0=3S|7>*0
zcVehon-y%~Jq+`y_l;HQw61n|bNxO2dkBt-AFX!>Uq+=CE$N1J<)wf@&_K~%zoTCp
z@gFaL{(e;_{<$Fm9Si(=YhZ5kx)l0fi`ObruNKwbF?bQ~j6intasT<Q|1<%z_WL!V
z^UK1{!Pd#v@VDKsPyGEzzes;<zm7EfN;9`Hv~o5w{>#yR{r&G&uc6AH+b^rfzgU^t
z+L~JZyYcIU(_f6KJboYYPvifL+Q8Z5FGKj_gn7RvTk^jCSHrv_{yLyMKiz+!=-d2R
z|Kj&`_yad%%!Oj`YcZMNEp93Bp9iIHXZ}YB_8a%>bpAS?zwZ6IK%TMxj5D;gwllXf
zcKBZ>tIz4>8vL5+ZuLs0`|lNdea-W0`v1Y%Svi}U|5-!q_elRZ@eeGJmol%pETONv
z)PF-qX8y}a?d;x&?B8;Ahh7@{xq*O~NB&68|1Ubvk0j@xxkkp0h7RU-PPPtjuj?P9
zeOou}H<e-aU#NepqV{&AZ>y*LW_s`bGxIOCRNeyL)+P82bUyrN;M*z%Z>evSj($^5
zZvL72zfzFiV&CRf{KgtQ{4@6d$g+3~ek-m14X%IrXYl_ew0=u|D`5OhE(K%yAD{Ks
zfjIs}&iI!2R!Z`l=mh)E#5cl{x6rq<>c63_82<wOpE>roytfaBzj<Or|IGXQqvBiU
l+YsTuOl!Xca;Coo4DwRouaBibKp3w-*{|<pD4AaO{vZBB{=5JH


From 310ce7bf411ab18ad9994b43e0638f7fcc14de01 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 9 Mar 2026 09:11:31 -0700
Subject: [PATCH 554/591] core: Wait for backoff timer on address update in
 pick_first

The backoff timer is only used when serializeRetries=true, and that
exists to match the old/current pick_first's behavior as closely as
possible. InternalSubchannel.updateAddresses() would take no action when
in TRANSIENT_FAILURE; it would update the addresses and just wait for
the backoff timer to expire.

Note that this only impacts serializeRetries=true; in the other cases we
do want to start trying to the new addresses immediately, because the
backoff timers are in the subchannels.

Note that this change was also important because requestConnection() can
be directly triggered by the user with channel.getState(true), and that
shouldn't defeat the backoff timer.
---
 .../java/io/grpc/internal/PickFirstLeafLoadBalancer.java     | 2 +-
 .../java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
index cd9ff9ab58c..f8f5c94f5ba 100644
--- a/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
+++ b/core/src/main/java/io/grpc/internal/PickFirstLeafLoadBalancer.java
@@ -496,7 +496,7 @@ private void shutdownRemaining(SubchannelData activeSubchannelData) {
    */
   @Override
   public void requestConnection() {
-    if (!addressIndex.isValid() || rawConnectivityState == SHUTDOWN) {
+    if (!addressIndex.isValid() || rawConnectivityState == SHUTDOWN || reconnectTask != null) {
       return;
     }
 
diff --git a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
index cb73d17d682..eb7b40257c0 100644
--- a/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
+++ b/core/src/test/java/io/grpc/internal/PickFirstLeafLoadBalancerTest.java
@@ -1446,6 +1446,11 @@ public void updateAddresses_disjoint_transient_failure() {
     loadBalancer.acceptResolvedAddresses(
         ResolvedAddresses.newBuilder().setAddresses(newServers).setAttributes(affinity).build());
 
+    if (serializeRetries) {
+      inOrder.verify(mockSubchannel3, never()).start(stateListenerCaptor.capture());
+      forwardTimeByBackoffDelay();
+    }
+
     // subchannel 3 still attempts a connection even though we stay in transient failure
     assertEquals(TRANSIENT_FAILURE, loadBalancer.getConcludedConnectivityState());
     inOrder.verify(mockSubchannel3).start(stateListenerCaptor.capture());

From 4de47189150ec91371152af5de706da60ce431fb Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Tue, 10 Mar 2026 15:33:04 -0700
Subject: [PATCH 555/591] android-interop-testing: Remove usage of
 MultiDexApplication

Since we're only supporting API levels 23+, all the supported Android
versions handle multidex natively, and without any bugs to workaround.

Also bump some minSdkVersion that didn't get updated in fa7b52b so
that multiDex is actually enabled by default.

See also b/476359563
---
 android-interop-testing/build.gradle                      | 8 ++------
 .../src/androidTest/AndroidManifest.xml                   | 3 +--
 android-interop-testing/src/main/AndroidManifest.xml      | 3 +--
 binder/build.gradle                                       | 1 -
 examples/android/clientcache/app/build.gradle             | 3 +--
 5 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index 17551465f05..49569b911e0 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -33,15 +33,11 @@ android {
 
     defaultConfig {
         applicationId "io.grpc.android.integrationtest"
-        // Held back to 20 as Gradle fails to build at the 21 level. This is
-        // presumably a Gradle bug that can be revisited later.
-        // Maybe this issue: https://github.com/gradle/gradle/issues/20778
-        minSdkVersion 20
+        minSdkVersion 23
         targetSdkVersion 33
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
-        multiDexEnabled = true
     }
     buildTypes {
         debug { minifyEnabled false }
@@ -62,11 +58,11 @@ android {
 
 dependencies {
     implementation 'androidx.appcompat:appcompat:1.3.0'
-    implementation 'androidx.multidex:multidex:2.0.0'
     implementation libraries.androidx.annotation
     implementation 'com.google.android.gms:play-services-base:18.0.1'
 
     implementation project(':grpc-android'),
+            project(':grpc-api'),
             project(':grpc-core'),
             project(':grpc-census'),
             project(':grpc-okhttp'),
diff --git a/android-interop-testing/src/androidTest/AndroidManifest.xml b/android-interop-testing/src/androidTest/AndroidManifest.xml
index b0507f10ab9..3cc0a29a85f 100644
--- a/android-interop-testing/src/androidTest/AndroidManifest.xml
+++ b/android-interop-testing/src/androidTest/AndroidManifest.xml
@@ -5,8 +5,7 @@
         android:name="androidx.test.runner.AndroidJUnitRunner"
         android:targetPackage="io.grpc.android.integrationtest" />
 
-    <application
-        android:name="android.support.multidex.MultiDexApplication" >
+    <application>
     </application>
 
 </manifest>
diff --git a/android-interop-testing/src/main/AndroidManifest.xml b/android-interop-testing/src/main/AndroidManifest.xml
index da7ccef5b1d..08c139e5880 100644
--- a/android-interop-testing/src/main/AndroidManifest.xml
+++ b/android-interop-testing/src/main/AndroidManifest.xml
@@ -14,8 +14,7 @@
         android:allowBackup="true"
         android:icon="@mipmap/ic_launcher"
         android:label="@string/app_name"
-        android:theme="@style/Base.V7.Theme.AppCompat.Light"
-        android:name="androidx.multidex.MultiDexApplication">
+        android:theme="@style/Base.V7.Theme.AppCompat.Light">
         <activity
             android:name=".TesterActivity"
             android:exported="true">
diff --git a/binder/build.gradle b/binder/build.gradle
index 3d743129420..0da3f97ceee 100644
--- a/binder/build.gradle
+++ b/binder/build.gradle
@@ -18,7 +18,6 @@ android {
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
-        multiDexEnabled = true
     }
     lintOptions { abortOnError = false }
     publishing {
diff --git a/examples/android/clientcache/app/build.gradle b/examples/android/clientcache/app/build.gradle
index 0f1dedf11bc..67110a78c43 100644
--- a/examples/android/clientcache/app/build.gradle
+++ b/examples/android/clientcache/app/build.gradle
@@ -10,9 +10,8 @@ android {
 
     defaultConfig {
         applicationId "io.grpc.clientcacheexample"
-        minSdkVersion 21
+        minSdkVersion 23
         targetSdkVersion 33
-        multiDexEnabled true
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"

From 0675f70af83679fe6978e3b4adbda999fe6d6ca5 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 9 Mar 2026 16:33:07 -0700
Subject: [PATCH 556/591] core: Enable dns "caching" on Android

DnsNameResolver discards refresh requests if it has been too soon after
the last refresh, because the result is assumed to be identical to the
previous fetch. Android itself will adhere to the RR's TTL, so
requesting too frequently shouldn't have been causing too much I/O, but
it could be causing extra CPU usage. Having some lower limit will reduce
the number of useless address updates into the LB tree.

30 seconds is the same as regular Java and Go/C++ (which copied Java as
a "reasonable" value). Note that other languages _delay_ the refresh
instead of _discarding_ the refresh, but there's no reason why the
existing discard behavior would cause much problem on Android vs normal
Java. Chrome apparently uses 1 minute, so this really looks like it
shouldn't cause problems as long as AndroidChannelBuilder is being used.
---
 .../io/grpc/internal/DnsNameResolver.java     | 10 +++--
 .../io/grpc/internal/DnsNameResolverTest.java | 45 +++++++------------
 2 files changed, 23 insertions(+), 32 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DnsNameResolver.java b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
index dacbe291b6b..f148ddc34a8 100644
--- a/core/src/main/java/io/grpc/internal/DnsNameResolver.java
+++ b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
@@ -100,7 +100,7 @@ public class DnsNameResolver extends NameResolver {
    * not installed, the ttl value is {@code null} which falls back to {@link
    * #DEFAULT_NETWORK_CACHE_TTL_SECONDS gRPC default value}.
    *
-   * <p>For android, gRPC doesn't attempt to cache; this property value will be ignored.
+   * <p>For android, gRPC uses a fixed value; this property value will be ignored.
    */
   @VisibleForTesting
   static final String NETWORKADDRESS_CACHE_TTL_PROPERTY = "networkaddress.cache.ttl";
@@ -451,12 +451,14 @@ private static final List<String> getHostnamesFromChoice(Map<String, ?> serviceC
 
   /**
    * Returns value of network address cache ttl property if not Android environment. For android,
-   * DnsNameResolver does not cache the dns lookup result.
+   * DnsNameResolver uses a fixed value.
    */
   private static long getNetworkAddressCacheTtlNanos(boolean isAndroid) {
     if (isAndroid) {
-      // on Android, ignore dns cache.
-      return 0;
+      // On Android, use fixed value. If the network used changes this value shouldn't matter, as
+      // channel.enterIdle() should be called and this name resolver instance will be discarded. The
+      // new name resolver instance will then re-request.
+      return TimeUnit.SECONDS.toNanos(DEFAULT_NETWORK_CACHE_TTL_SECONDS);
     }
 
     String cacheTtlPropertyValue = System.getProperty(NETWORKADDRESS_CACHE_TTL_PROPERTY);
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
index 0a46b7d8204..c4b7d605cee 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
@@ -151,13 +151,6 @@ private RetryingNameResolver newResolver(String name, int defaultPort) {
         name, defaultPort, GrpcUtil.NOOP_PROXY_DETECTOR, Stopwatch.createUnstarted());
   }
 
-  private RetryingNameResolver newResolver(String name, int defaultPort, boolean isAndroid) {
-    return newResolver(
-        name, defaultPort, GrpcUtil.NOOP_PROXY_DETECTOR, Stopwatch.createUnstarted(),
-        isAndroid);
-  }
-
-
   private RetryingNameResolver newResolver(
       String name,
       int defaultPort,
@@ -227,30 +220,14 @@ public void invalidDnsName_containsUnderscore() {
     }
   }
 
-  @Test
-  public void resolve_androidIgnoresPropertyValue() throws Exception {
-    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "2");
-    resolveNeverCache(true);
-  }
-
-  @Test
-  public void resolve_androidIgnoresPropertyValueCacheForever() throws Exception {
-    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "-1");
-    resolveNeverCache(true);
-  }
-
   @Test
   public void resolve_neverCache() throws Exception {
     flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "0");
-    resolveNeverCache(false);
-  }
-
-  private void resolveNeverCache(boolean isAndroid) throws Exception {
     final List<InetAddress> answer1 = createAddressList(2);
     final List<InetAddress> answer2 = createAddressList(1);
     String name = "foo.googleapis.com";
 
-    RetryingNameResolver resolver = newResolver(name, 81, isAndroid);
+    RetryingNameResolver resolver = newResolver(name, 81);
     DnsNameResolver dnsResolver = (DnsNameResolver) resolver.getRetriedNameResolver();
     AddressResolver mockResolver = mock(AddressResolver.class);
     when(mockResolver.resolveAddress(anyString())).thenReturn(answer1).thenReturn(answer2);
@@ -443,26 +420,38 @@ public void resolve_cacheExpired() throws Exception {
     verify(mockResolver, times(2)).resolveAddress(anyString());
   }
 
+  @Test
+  public void resolve_androidIgnoresPropertyValue() throws Exception {
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "2");
+    resolveDefaultValue(true);
+  }
+
+  @Test
+  public void resolve_androidIgnoresPropertyValueCacheForever() throws Exception {
+    flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "-1");
+    resolveDefaultValue(true);
+  }
+
   @Test
   public void resolve_invalidTtlPropertyValue() throws Exception {
     flagResetRule.setSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY, "not_a_number");
-    resolveDefaultValue();
+    resolveDefaultValue(false);
   }
 
   @Test
   public void resolve_noPropertyValue() throws Exception {
     flagResetRule.clearSystemPropertyForTest(NETWORKADDRESS_CACHE_TTL_PROPERTY);
-    resolveDefaultValue();
+    resolveDefaultValue(false);
   }
 
-  private void resolveDefaultValue() throws Exception {
+  private void resolveDefaultValue(boolean isAndroid) throws Exception {
     final List<InetAddress> answer1 = createAddressList(2);
     final List<InetAddress> answer2 = createAddressList(1);
     String name = "foo.googleapis.com";
     FakeTicker fakeTicker = new FakeTicker();
 
     RetryingNameResolver resolver = newResolver(
-        name, 81, GrpcUtil.NOOP_PROXY_DETECTOR, Stopwatch.createUnstarted(fakeTicker));
+        name, 81, GrpcUtil.NOOP_PROXY_DETECTOR, Stopwatch.createUnstarted(fakeTicker), isAndroid);
     DnsNameResolver dnsResolver = (DnsNameResolver) resolver.getRetriedNameResolver();
     AddressResolver mockResolver = mock(AddressResolver.class);
     when(mockResolver.resolveAddress(anyString())).thenReturn(answer1).thenReturn(answer2);

From 10c1aeef8322b74a33020aa6af9a5546aa20e707 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 9 Mar 2026 18:22:02 -0700
Subject: [PATCH 557/591] Remove InternalResolutionResult from DnsNameResolver

The internal result was needed before 90d0fabb1 allowed addresses to
fail yet still provide attributes and service config. Now the code can
just use the regular API.

This does cause a behavior change where TXT records are looked up even
if address lookup failed, however that's actually what we wanted to
allow in 90d0fabb1 by adding the new API. Also, the TXT code was added
in 2017 and it's now 2026 yet it is still disabled, so it's unlikely to
matter soon.
---
 .../io/grpc/internal/DnsNameResolver.java     | 62 +++++--------------
 .../io/grpc/internal/DnsNameResolverTest.java |  4 +-
 .../io/grpc/grpclb/GrpclbNameResolver.java    | 19 ++++--
 .../grpc/grpclb/GrpclbNameResolverTest.java   |  5 +-
 4 files changed, 33 insertions(+), 57 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/DnsNameResolver.java b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
index f148ddc34a8..1c1d95ed616 100644
--- a/core/src/main/java/io/grpc/internal/DnsNameResolver.java
+++ b/core/src/main/java/io/grpc/internal/DnsNameResolver.java
@@ -25,7 +25,6 @@
 import com.google.common.base.Stopwatch;
 import com.google.common.base.Verify;
 import com.google.common.base.VerifyException;
-import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.NameResolver;
 import io.grpc.ProxiedSocketAddress;
@@ -262,22 +261,19 @@ private EquivalentAddressGroup detectProxy() throws IOException {
   /**
    * Main logic of name resolution.
    */
-  protected InternalResolutionResult doResolve(boolean forceTxt) {
-    InternalResolutionResult result = new InternalResolutionResult();
+  protected ResolutionResult doResolve() {
+    ResolutionResult.Builder resultBuilder = ResolutionResult.newBuilder();
     try {
-      result.addresses = resolveAddresses();
+      resultBuilder.setAddressesOrError(StatusOr.fromValue(resolveAddresses()));
     } catch (Exception e) {
       logger.log(Level.FINE, "Address resolution failure", e);
-      if (!forceTxt) {
-        result.error =
-            Status.UNAVAILABLE.withDescription("Unable to resolve host " + host).withCause(e);
-        return result;
-      }
+      resultBuilder.setAddressesOrError(StatusOr.fromStatus(
+          Status.UNAVAILABLE.withDescription("Unable to resolve host " + host).withCause(e)));
     }
     if (enableTxt) {
-      result.config = resolveServiceConfig();
+      resultBuilder.setServiceConfig(resolveServiceConfig());
     }
-    return result;
+    return resultBuilder.build();
   }
 
   private final class Resolve implements Runnable {
@@ -292,38 +288,22 @@ public void run() {
       if (logger.isLoggable(Level.FINER)) {
         logger.finer("Attempting DNS resolution of " + host);
       }
-      InternalResolutionResult result = null;
+      ResolutionResult result = null;
       try {
         EquivalentAddressGroup proxiedAddr = detectProxy();
-        ResolutionResult.Builder resolutionResultBuilder = ResolutionResult.newBuilder();
         if (proxiedAddr != null) {
           if (logger.isLoggable(Level.FINER)) {
             logger.finer("Using proxy address " + proxiedAddr);
           }
-          resolutionResultBuilder.setAddressesOrError(
-              StatusOr.fromValue(Collections.singletonList(proxiedAddr)));
+          result = ResolutionResult.newBuilder()
+              .setAddressesOrError(StatusOr.fromValue(Collections.singletonList(proxiedAddr)))
+              .build();
         } else {
-          result = doResolve(false);
-          if (result.error != null) {
-            InternalResolutionResult finalResult = result;
-            syncContext.execute(() ->
-                savedListener.onResult2(ResolutionResult.newBuilder()
-                    .setAddressesOrError(StatusOr.fromStatus(finalResult.error))
-                    .build()));
-            return;
-          }
-          if (result.addresses != null) {
-            resolutionResultBuilder.setAddressesOrError(StatusOr.fromValue(result.addresses));
-          }
-          if (result.config != null) {
-            resolutionResultBuilder.setServiceConfig(result.config);
-          }
-          if (result.attributes != null) {
-            resolutionResultBuilder.setAttributes(result.attributes);
-          }
+          result = doResolve();
         }
+        ResolutionResult savedResult = result;
         syncContext.execute(() -> {
-          savedListener.onResult2(resolutionResultBuilder.build());
+          savedListener.onResult2(savedResult);
         });
       } catch (IOException e) {
         syncContext.execute(() ->
@@ -333,7 +313,7 @@ public void run() {
                         Status.UNAVAILABLE.withDescription(
                             "Unable to resolve host " + host).withCause(e))).build()));
       } finally {
-        final boolean succeed = result != null && result.error == null;
+        final boolean succeed = result != null && result.getAddressesOrError().hasValue();
         syncContext.execute(new Runnable() {
           @Override
           public void run() {
@@ -535,18 +515,6 @@ private static long getNetworkAddressCacheTtlNanos(boolean isAndroid) {
     return sc;
   }
 
-  /**
-   * Used as a DNS-based name resolver's internal representation of resolution result.
-   */
-  protected static final class InternalResolutionResult {
-    private Status error;
-    private List<EquivalentAddressGroup> addresses;
-    private ConfigOrError config;
-    public Attributes attributes;
-
-    private InternalResolutionResult() {}
-  }
-
   /**
    * Describes a parsed SRV record.
    */
diff --git a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
index c4b7d605cee..c53863dcf5d 100644
--- a/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
+++ b/core/src/test/java/io/grpc/internal/DnsNameResolverTest.java
@@ -684,7 +684,7 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
   }
 
   @Test
-  public void resolve_addressFailure_neverLookUpServiceConfig() throws Exception {
+  public void resolve_addressFailure_stillLookUpServiceConfig() throws Exception {
     DnsNameResolver.enableTxt = true;
     AddressResolver mockAddressResolver = mock(AddressResolver.class);
     when(mockAddressResolver.resolveAddress(anyString()))
@@ -703,7 +703,7 @@ public void resolve_addressFailure_neverLookUpServiceConfig() throws Exception {
     Status errorStatus = resultCaptor.getValue().getAddressesOrError().getStatus();
     assertThat(errorStatus.getCode()).isEqualTo(Code.UNAVAILABLE);
     assertThat(errorStatus.getCause()).hasMessageThat().contains("no addr");
-    verify(mockResourceResolver, never()).resolveTxt(anyString());
+    verify(mockResourceResolver).resolveTxt("_grpc_config." + name);
 
     assertEquals(0, fakeClock.numPendingTasks());
     // A retry should be scheduled
diff --git a/grpclb/src/main/java/io/grpc/grpclb/GrpclbNameResolver.java b/grpclb/src/main/java/io/grpc/grpclb/GrpclbNameResolver.java
index d17587fb14d..60d02220e64 100644
--- a/grpclb/src/main/java/io/grpc/grpclb/GrpclbNameResolver.java
+++ b/grpclb/src/main/java/io/grpc/grpclb/GrpclbNameResolver.java
@@ -21,6 +21,7 @@
 import io.grpc.Attributes;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.NameResolver;
+import io.grpc.StatusOr;
 import io.grpc.internal.DnsNameResolver;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import java.net.InetAddress;
@@ -58,14 +59,22 @@ final class GrpclbNameResolver extends DnsNameResolver {
   }
 
   @Override
-  protected InternalResolutionResult doResolve(boolean forceTxt) {
+  protected ResolutionResult doResolve() {
+    ResolutionResult result = super.doResolve();
     List<EquivalentAddressGroup> balancerAddrs = resolveBalancerAddresses();
-    InternalResolutionResult result = super.doResolve(!balancerAddrs.isEmpty());
     if (!balancerAddrs.isEmpty()) {
-      result.attributes =
-          Attributes.newBuilder()
+      ResolutionResult.Builder resultBuilder = result.toBuilder()
+          .setAttributes(result.getAttributes().toBuilder()
               .set(GrpclbConstants.ATTR_LB_ADDRS, balancerAddrs)
-              .build();
+              .build());
+      if (!result.getAddressesOrError().hasValue()) {
+        // While ResolutionResult is powerful enough to communicate attributes simultaneously with
+        // an address resolution failure, LoadBalancer.ResolvedAddresses isn't yet and so the
+        // attributes are lost if addresses fail. GrpclbLB will be able to handle the lack of
+        // addresses since there are LB addresses, so discard the failure for now.
+        resultBuilder.setAddressesOrError(StatusOr.fromValue(Collections.emptyList()));
+      }
+      result = resultBuilder.build();
     }
     return result;
   }
diff --git a/grpclb/src/test/java/io/grpc/grpclb/GrpclbNameResolverTest.java b/grpclb/src/test/java/io/grpc/grpclb/GrpclbNameResolverTest.java
index 1aa11ecf9af..a90556a01b0 100644
--- a/grpclb/src/test/java/io/grpc/grpclb/GrpclbNameResolverTest.java
+++ b/grpclb/src/test/java/io/grpc/grpclb/GrpclbNameResolverTest.java
@@ -20,7 +20,6 @@
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -319,7 +318,7 @@ public void resolveAll_balancerLookupFails_stillLookUpServiceConfig() throws Exc
   }
 
   @Test
-  public void resolve_addressAndBalancersLookupFail_neverLookupServiceConfig() throws Exception {
+  public void resolve_addressAndBalancersLookupFail_stillLookupServiceConfig() throws Exception {
     AddressResolver mockAddressResolver = mock(AddressResolver.class);
     when(mockAddressResolver.resolveAddress(anyString()))
         .thenThrow(new UnknownHostException("I really tried"));
@@ -338,7 +337,7 @@ public void resolve_addressAndBalancersLookupFail_neverLookupServiceConfig() thr
     Status errorStatus = resultCaptor.getValue().getAddressesOrError().getStatus();
     assertThat(errorStatus.getCode()).isEqualTo(Code.UNAVAILABLE);
     verify(mockAddressResolver).resolveAddress(hostName);
-    verify(mockResourceResolver, never()).resolveTxt("_grpc_config." + hostName);
+    verify(mockResourceResolver).resolveTxt("_grpc_config." + hostName);
     verify(mockResourceResolver).resolveSrv("_grpclb._tcp." + hostName);
   }
 }

From 111f9a2d4b48776404ea8a6b334ef1e4e39b3b90 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Thu, 12 Mar 2026 19:49:07 +0530
Subject: [PATCH 558/591] android-interop-testing: replace deprecated classes
 (#12689)

---
 .../android/integrationtest/UdsChannelInteropTest.java    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/android-interop-testing/src/androidTest/java/io/grpc/android/integrationtest/UdsChannelInteropTest.java b/android-interop-testing/src/androidTest/java/io/grpc/android/integrationtest/UdsChannelInteropTest.java
index f5e54da5d4e..5b98665ba29 100644
--- a/android-interop-testing/src/androidTest/java/io/grpc/android/integrationtest/UdsChannelInteropTest.java
+++ b/android-interop-testing/src/androidTest/java/io/grpc/android/integrationtest/UdsChannelInteropTest.java
@@ -19,9 +19,9 @@
 import static org.junit.Assert.assertEquals;
 
 import android.net.LocalSocketAddress.Namespace;
-import androidx.test.InstrumentationRegistry;
+import androidx.test.ext.junit.rules.ActivityScenarioRule;
 import androidx.test.ext.junit.runners.AndroidJUnit4;
-import androidx.test.rule.ActivityTestRule;
+import androidx.test.platform.app.InstrumentationRegistry;
 import io.grpc.Grpc;
 import io.grpc.InsecureServerCredentials;
 import io.grpc.Server;
@@ -60,8 +60,8 @@ public class UdsChannelInteropTest {
   // Ensures Looper is initialized for tests running on API level 15. Otherwise instantiating an
   // AsyncTask throws an exception.
   @Rule
-  public ActivityTestRule<TesterActivity> activityRule =
-      new ActivityTestRule<TesterActivity>(TesterActivity.class);
+  public ActivityScenarioRule<TesterActivity> activityRule =
+      new ActivityScenarioRule<>(TesterActivity.class);
 
   @Before
   public void setUp() throws IOException {

From 679882b8c2c6d4c438006bec70ce7761832c7d1d Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 16 Mar 2026 00:39:19 -0700
Subject: [PATCH 559/591] android-interop-testing: Workaround build
 mergeExtDexDebug race (#12697)

4de471891 upgraded android-interop-testing to SDK version 23, but this
had previously been avoided because it triggered a Gradle or AGP bug.
The race happened to not trigger locally or for the PR's CI and the
change was merged. But the problem still was present, and the CI is
failing to build very frequently.

This works around the problem by explicitly adding a dependency from
mergeExtDexDebug. I didn't see any other mergeExtDex tasks created, in
particular mergeExtDexRelease. Hopefully we can remove this after
upgrading AGP or Gradle, but at least we can move forward with newer
Android API levels again.
---
 android-interop-testing/build.gradle | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index 49569b911e0..39cd84f3a4c 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -111,6 +111,25 @@ tasks.withType(JavaCompile).configureEach {
             "|")
 }
 
+// Workaround error seen with Gradle 8.14.3 and AGP 7.4.1 when building:
+//   ./gradlew clean :grpc-android-interop-testing:build -PskipAndroid=false \
+//       -Pandroid.useAndroidX=true --no-build-cache
+//
+// Error message:
+//
+// Execution failed for task ':grpc-android-interop-testing:mergeExtDexDebug'.
+// > Could not resolve all files for configuration ':grpc-android-interop-testing:debugRuntimeClasspath'.
+//    > Failed to transform opencensus-contrib-grpc-metrics-0.31.1.jar (io.opencensus:opencensus-contrib-grpc-metrics:0.31.1) to match attributes {artifactType=android-dex, asm-transformed-variant=NONE, dexing-enable-desugaring=true, dexing-enable-jacoco-instrumentation=false, dexing-is-debuggable=true, dexing-min-sdk=23, org.gradle.category=library, org.gradle.libraryelements=jar, org.gradle.status=release, org.gradle.usage=java-runtime}.
+//       > Could not resolve all files for configuration ':grpc-android-interop-testing:debugRuntimeClasspath'.
+//          > Failed to transform grpc-api-1.81.0-SNAPSHOT.jar (project :grpc-api) to match attributes {artifactType=android-classes-jar, org.gradle.category=library, org.gradle.dependency.bundling=external, org.gradle.jvm.version=8, org.gradle.libraryelements=jar, org.gradle.usage=java-runtime}.
+//             > Execution failed for IdentityTransform: grpc-java/api/build/libs/grpc-api-1.81.0-SNAPSHOT.jar.
+//                > File/directory does not exist: grpc-java/api/build/libs/grpc-api-1.81.0-SNAPSHOT.jar
+tasks.configureEach { task ->
+    if (task.name.equals("mergeExtDexDebug")) {
+        dependsOn(':grpc-api:jar')
+    }
+}
+
 afterEvaluate {
     // Hack to workaround "Task ':grpc-android-interop-testing:extractIncludeDebugProto' uses this
     // output of task ':grpc-context:jar' without declaring an explicit or implicit dependency." The

From 36a43fc199ec4336dbae57fd7e82fa79f98be98a Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 16 Mar 2026 10:49:40 -0700
Subject: [PATCH 560/591] Cleanup old checkForUpdates restrictions (#12687)

f36defa2d upgraded error_prone_annotations and 4de471891 bumped
minSdkVersion for android-interop-testing.
---
 MODULE.bazel                         |  2 +-
 android-interop-testing/build.gradle |  2 +-
 examples/example-gauth/pom.xml       |  5 +++++
 examples/example-oauth/pom.xml       |  5 +++++
 gradle/libs.versions.toml            | 18 +++++++++---------
 repositories.bzl                     |  2 +-
 6 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index fdaaaff317e..85c8b1aec13 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -14,7 +14,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
-    "com.google.code.gson:gson:2.12.1",
+    "com.google.code.gson:gson:2.13.2",
     "com.google.errorprone:error_prone_annotations:2.45.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.5.0-android",
diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index 39cd84f3a4c..9d142743431 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -79,7 +79,7 @@ dependencies {
         exclude group: 'com.google.guava'
     }
 
-    androidTestImplementation 'androidx.test.ext:junit:1.1.3',
+    androidTestImplementation libraries.androidx.test.ext.junit,
             'androidx.test:runner:1.4.0'
 }
 
diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml
index 4b64eaed454..9fb854629b4 100644
--- a/examples/example-gauth/pom.xml
+++ b/examples/example-gauth/pom.xml
@@ -28,6 +28,11 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency><!-- upgrade version from google-auth-library-oauth2-http -->
+        <groupId>com.google.code.gson</groupId>
+        <artifactId>gson</artifactId>
+        <version>2.13.2</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 480923df5f4..9ce20f2f684 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -30,6 +30,11 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency><!-- upgrade version from google-auth-library-oauth2-http -->
+        <groupId>com.google.code.gson</groupId>
+        <artifactId>gson</artifactId>
+        <version>2.13.2</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 3806fa3404e..039ff63d81c 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -6,19 +6,21 @@ android-annotations = "com.google.android:annotations:4.1.1.4"
 # 1.9.1+ uses Kotlin and requires Android Gradle Plugin 9+
 # checkForUpdates: androidx-annotation:1.9.0
 androidx-annotation = "androidx.annotation:annotation:1.9.0"
-# 1.15.0+ requires minSdkVersion 21 in android-interop-testing (1.14.x doesn't exist)
+# 1.14.x doesn't exist.
+# 1.15.0+ requires compileSdkVersion 35 which officially requires AGP 8.6.0+.
+# It might work before then, but AGP 7.4.1 fails with:
+#   RES_TABLE_TYPE_TYPE entry offsets overlap actual entry data.
+# 1.16.0+ requires AGP 8.6.0+
 # checkForUpdates: androidx-core:1.13.+
 androidx-core = "androidx.core:core:1.13.1"
-# 2.9+ requires minSdkVersion 21 in android-intetrop-testing
+# 2.9+ requires AGP 8.1.1+
 # checkForUpdates: androidx-lifecycle-common:2.8.+
 androidx-lifecycle-common = "androidx.lifecycle:lifecycle-common:2.8.7"
 # checkForUpdates: androidx-lifecycle-service:2.8.+
 androidx-lifecycle-service = "androidx.lifecycle:lifecycle-service:2.8.7"
 androidx-test-core = "androidx.test:core:1.7.0"
 androidx-test-ext-junit = "androidx.test.ext:junit:1.3.0"
-# 1.7.0+ requires minSdkVersion 21 in android-interop-testing
-# checkForUpdates: androidx-test-rules:1.6.+
-androidx-test-rules = "androidx.test:rules:1.6.1"
+androidx-test-rules = "androidx.test:rules:1.7.0"
 animalsniffer = "org.codehaus.mojo:animal-sniffer:1.26"
 animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.26"
 assertj-core = "org.assertj:assertj-core:3.27.6"
@@ -37,7 +39,7 @@ checkstyle = "com.puppycrawl.tools:checkstyle:10.26.1"
 checkstylejava8 = "com.puppycrawl.tools:checkstyle:9.3"
 commons-math3 = "org.apache.commons:commons-math3:3.6.1"
 conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
-# 141.7340.3+ requires minSdkVersion 23
+# 141.7340.3+ requires Java 17+
 # checkForUpdates: cronet-api:119.6045.31
 cronet-api = "org.chromium.net:cronet-api:119.6045.31"
 # checkForUpdates: cronet-embedded:119.6045.31
@@ -54,9 +56,7 @@ google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.41.
 google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.41.0"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
 google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.9"
-# 2.13.0 requires error_prone_annotations:2.37.0, but we are stuck with 2.36.0
-# checkForUpdates: gson:2.12.+
-gson = "com.google.code.gson:gson:2.12.1"
+gson = "com.google.code.gson:gson:2.13.2"
 guava = "com.google.guava:guava:33.5.0-android"
 guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
 guava-testlib = "com.google.guava:guava-testlib:33.5.0-android"
diff --git a/repositories.bzl b/repositories.bzl
index c89e1bdff32..de0729c35ab 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -18,7 +18,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
-    "com.google.code.gson:gson:2.12.1",
+    "com.google.code.gson:gson:2.13.2",
     "com.google.errorprone:error_prone_annotations:2.45.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.5.0-android",

From e39c38bf5b69fc53201d2c98dd5da711d8c93579 Mon Sep 17 00:00:00 2001
From: Daniel Liu <danielztliu@google.com>
Date: Mon, 16 Mar 2026 10:51:14 -0700
Subject: [PATCH 561/591] xds: reuse GrpcXdsTransport and underlying gRPC
 channel to the same xDS server by ref-counting

This PR implements reusing the gRPC xDS transport (and underlying gRPC
channel) to the same xDS server by ref-counting, which is already
implemented in gRPC C++
([link](https://github.com/grpc/grpc/blob/5a3a5d53145b94895610825e783a8896a61a3c73/src/core/xds/grpc/xds_transport_grpc.cc#L399-L414))
and gRPC Go
([link](https://github.com/grpc/grpc-go/blob/81c7924ec9f5f4a01c18b82c9d67691c1cd93bd5/internal/xds/clients/grpctransport/grpc_transport.go#L78-L120)).
This optimization is expected to reduce memory footprint of the xDS
management server and xDS enabled clients as channel establishment and
lifecycle management of the connection is expensive.

* Implemented a map to store `GrpcXdsTransport` instances keyed by the
`Bootstrapper.ServerInfo` and each `GrpcXdsTransport` has a ref count.
Note, the map cannot be simply keyed by the xDS server address as the
client could have different channel credentials to the same xDS server,
which should be counted as different transport instances.
* When `GrpcXdsTransportFactory.create()` is called, the existing
transport is reused if it already exists in the map and increment its
ref count, otherwise create a new transport, store it in the map, and
increment its ref count.
* When `GrpcXdsTransport.shutdown()` is called, its ref count is
decremented and the underlying gRPC channel is shut down when its ref
count reaches zero.
* Note this ref-counting of the `GrpcXdsTransport` is different and
orthogonal to the ref-counting of the xDS client keyed by the xDS server
target name to allow for xDS-based fallback per [gRFC
A71](https://github.com/grpc/proposal/blob/master/A71-xds-fallback.md).

Prod risk level: Low
* Reusing the underlying gRPC channel to the xDS server would not affect
the gRPC xDS (ADS/LRS) streams which would be multiplexed on the same
channel, however, this means new xDS (ADS/LRS) streams and RPCs may fail
due to hitting the limit of `MAX_CONCURRENT_STREAMS`.

Tested:
* Verified end-to-end with a xDS enabled gRPC Java client communicating
to multiple different gRPC backend servers behind *different targets*
using the xDS management server for name resolution and endpoint
discovery. Verified gRPC xDS transport creation, ref-counting, reuse,
shutdown, deletion from map when ref count is zero all worked as
expected.

Implementation details / context:
* Used `java.util.concurrent.ConcurrentHashMap` APIs `compute` and
`computeIfPresent` where the entire method invocation is performed
atomically to achieve a concurrent and thread-safe solution which
follows Java best practices.

Alternatives considered:
* Write own synchronization logic with synchronized block and locks.
After discussion internally, it was preferred to use existing
concurrency libraries which is less error-prone and should offer better
performance.
---
 .../io/grpc/xds/GrpcXdsTransportFactory.java  | 62 +++++++++++++++++--
 .../grpc/xds/GrpcXdsTransportFactoryTest.java | 57 +++++++++++++++++
 2 files changed, 114 insertions(+), 5 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/GrpcXdsTransportFactory.java b/xds/src/main/java/io/grpc/xds/GrpcXdsTransportFactory.java
index 0da51bf47f7..5100537aea2 100644
--- a/xds/src/main/java/io/grpc/xds/GrpcXdsTransportFactory.java
+++ b/xds/src/main/java/io/grpc/xds/GrpcXdsTransportFactory.java
@@ -31,11 +31,35 @@
 import io.grpc.Status;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.XdsTransportFactory;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
 
+/**
+ * A factory for creating gRPC-based transports for xDS communication.
+ *
+ * <p>WARNING: This class reuses channels when possible, based on the provided {@link
+ * Bootstrapper.ServerInfo} with important considerations. The {@link Bootstrapper.ServerInfo}
+ * includes {@link ChannelCredentials}, which is compared by reference equality. This means every
+ * {@link Bootstrapper.BootstrapInfo} would have non-equal copies of {@link
+ * Bootstrapper.ServerInfo}, even if they all represent the same xDS server configuration. For gRPC
+ * name resolution with the {@code xds} and {@code google-c2p} scheme, this transport sharing works
+ * as expected as it internally reuses a single {@link Bootstrapper.BootstrapInfo} instance.
+ * Otherwise, new transports would be created for each {@link Bootstrapper.ServerInfo} despite them
+ * possibly representing the same xDS server configuration and defeating the purpose of transport
+ * sharing.
+ */
 final class GrpcXdsTransportFactory implements XdsTransportFactory {
 
   private final CallCredentials callCredentials;
+  // The map of xDS server info to its corresponding gRPC xDS transport.
+  // This enables reusing and sharing the same underlying gRPC channel.
+  //
+  // NOTE: ConcurrentHashMap is used as a per-entry lock and all reads and writes must be a mutation
+  // via the ConcurrentHashMap APIs to acquire the per-entry lock in order to ensure thread safety
+  // for reference counting of each GrpcXdsTransport instance.
+  private static final Map<Bootstrapper.ServerInfo, GrpcXdsTransport> xdsServerInfoToTransportMap =
+      new ConcurrentHashMap<>();
 
   GrpcXdsTransportFactory(CallCredentials callCredentials) {
     this.callCredentials = callCredentials;
@@ -43,12 +67,20 @@ final class GrpcXdsTransportFactory implements XdsTransportFactory {
 
   @Override
   public XdsTransport create(Bootstrapper.ServerInfo serverInfo) {
-    return new GrpcXdsTransport(serverInfo, callCredentials);
+    return xdsServerInfoToTransportMap.compute(
+        serverInfo,
+        (info, transport) -> {
+          if (transport == null) {
+            transport = new GrpcXdsTransport(serverInfo, callCredentials);
+          }
+          ++transport.refCount;
+          return transport;
+        });
   }
 
   @VisibleForTesting
   public XdsTransport createForTest(ManagedChannel channel) {
-    return new GrpcXdsTransport(channel, callCredentials);
+    return new GrpcXdsTransport(channel, callCredentials, null);
   }
 
   @VisibleForTesting
@@ -56,6 +88,9 @@ static class GrpcXdsTransport implements XdsTransport {
 
     private final ManagedChannel channel;
     private final CallCredentials callCredentials;
+    private final Bootstrapper.ServerInfo serverInfo;
+    // Must only be accessed via the ConcurrentHashMap APIs which act as the locking methods.
+    private int refCount = 0;
 
     public GrpcXdsTransport(Bootstrapper.ServerInfo serverInfo) {
       this(serverInfo, null);
@@ -63,7 +98,7 @@ public GrpcXdsTransport(Bootstrapper.ServerInfo serverInfo) {
 
     @VisibleForTesting
     public GrpcXdsTransport(ManagedChannel channel) {
-      this(channel, null);
+      this(channel, null, null);
     }
 
     public GrpcXdsTransport(Bootstrapper.ServerInfo serverInfo, CallCredentials callCredentials) {
@@ -73,12 +108,17 @@ public GrpcXdsTransport(Bootstrapper.ServerInfo serverInfo, CallCredentials call
           .keepAliveTime(5, TimeUnit.MINUTES)
           .build();
       this.callCredentials = callCredentials;
+      this.serverInfo = serverInfo;
     }
 
     @VisibleForTesting
-    public GrpcXdsTransport(ManagedChannel channel, CallCredentials callCredentials) {
+    public GrpcXdsTransport(
+        ManagedChannel channel,
+        CallCredentials callCredentials,
+        Bootstrapper.ServerInfo serverInfo) {
       this.channel = checkNotNull(channel, "channel");
       this.callCredentials = callCredentials;
+      this.serverInfo = serverInfo;
     }
 
     @Override
@@ -98,7 +138,19 @@ public <ReqT, RespT> StreamingCall<ReqT, RespT> createStreamingCall(
 
     @Override
     public void shutdown() {
-      channel.shutdown();
+      if (serverInfo == null) {
+        channel.shutdown();
+        return;
+      }
+      xdsServerInfoToTransportMap.computeIfPresent(
+          serverInfo,
+          (info, transport) -> {
+            if (--transport.refCount == 0) { // Prefix decrement and return the updated value.
+              transport.channel.shutdown();
+              return null; // Remove mapping.
+            }
+            return transport;
+          });
     }
 
     private class XdsStreamingCall<ReqT, RespT> implements
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsTransportFactoryTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsTransportFactoryTest.java
index 66e0d4b3198..9c606a962f6 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsTransportFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsTransportFactoryTest.java
@@ -30,6 +30,7 @@
 import io.grpc.Server;
 import io.grpc.Status;
 import io.grpc.stub.StreamObserver;
+import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.XdsTransportFactory;
 import java.util.concurrent.BlockingQueue;
@@ -37,6 +38,7 @@
 import java.util.concurrent.TimeUnit;
 import org.junit.After;
 import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -44,6 +46,8 @@
 @RunWith(JUnit4.class)
 public class GrpcXdsTransportFactoryTest {
 
+  @Rule public final GrpcCleanupRule grpcCleanupRule = new GrpcCleanupRule();
+
   private Server server;
 
   @Before
@@ -118,6 +122,59 @@ public void callApis() throws Exception {
     xdsTransport.shutdown();
   }
 
+  @Test
+  public void refCountedXdsTransport_sameXdsServerAddress_returnsExistingTransport() {
+    Bootstrapper.ServerInfo xdsServerInfo =
+        Bootstrapper.ServerInfo.create(
+            "localhost:" + server.getPort(), InsecureChannelCredentials.create());
+    GrpcXdsTransportFactory xdsTransportFactory = new GrpcXdsTransportFactory(null);
+    // Calling create() for the first time creates a new GrpcXdsTransport instance.
+    // The ref count was previously 0 and now is 1.
+    XdsTransportFactory.XdsTransport transport1 = xdsTransportFactory.create(xdsServerInfo);
+    // Calling create() for the second time to the same xDS server address returns the same
+    // GrpcXdsTransport instance. The ref count was previously 1 and now is 2.
+    XdsTransportFactory.XdsTransport transport2 = xdsTransportFactory.create(xdsServerInfo);
+    assertThat(transport1).isSameInstanceAs(transport2);
+    // Calling shutdown() for the first time does not shut down the GrpcXdsTransport instance.
+    // The ref count was previously 2 and now is 1.
+    transport1.shutdown();
+    // Calling shutdown() for the second time shuts down the GrpcXdsTransport instance.
+    // The ref count was previously 1 and now is 0.
+    transport2.shutdown();
+  }
+
+  @Test
+  public void refCountedXdsTransport_differentXdsServerAddress_returnsDifferentTransport()
+      throws Exception {
+    // Create and start a second xDS server on a different port.
+    Server server2 =
+        grpcCleanupRule.register(
+            Grpc.newServerBuilderForPort(0, InsecureServerCredentials.create())
+                .addService(echoAdsService())
+                .build()
+                .start());
+    Bootstrapper.ServerInfo xdsServerInfo1 =
+        Bootstrapper.ServerInfo.create(
+            "localhost:" + server.getPort(), InsecureChannelCredentials.create());
+    Bootstrapper.ServerInfo xdsServerInfo2 =
+        Bootstrapper.ServerInfo.create(
+            "localhost:" + server2.getPort(), InsecureChannelCredentials.create());
+    GrpcXdsTransportFactory xdsTransportFactory = new GrpcXdsTransportFactory(null);
+    // Calling create() to the first xDS server creates a new GrpcXdsTransport instance.
+    // The ref count was previously 0 and now is 1.
+    XdsTransportFactory.XdsTransport transport1 = xdsTransportFactory.create(xdsServerInfo1);
+    // Calling create() to the second xDS server creates a different GrpcXdsTransport instance.
+    // The ref count was previously 0 and now is 1.
+    XdsTransportFactory.XdsTransport transport2 = xdsTransportFactory.create(xdsServerInfo2);
+    assertThat(transport1).isNotSameInstanceAs(transport2);
+    // Calling shutdown() shuts down the GrpcXdsTransport instance for the first xDS server.
+    // The ref count was previously 1 and now is 0.
+    transport1.shutdown();
+    // Calling shutdown() shuts down the GrpcXdsTransport instance for the second xDS server.
+    // The ref count was previously 1 and now is 0.
+    transport2.shutdown();
+  }
+
   private static class FakeEventHandler implements
       XdsTransportFactory.EventHandler<DiscoveryResponse> {
     private final BlockingQueue<DiscoveryResponse> respQ = new LinkedBlockingQueue<>();

From a43f3878007c2719d98ffed72564e7fc033d4395 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 16 Mar 2026 14:15:04 -0700
Subject: [PATCH 562/591] xds: Add support for RFC 3986 URIs (#12660)

---
 .../java/io/grpc/xds/XdsNameResolver.java     | 11 ++-
 .../io/grpc/xds/XdsNameResolverProvider.java  | 36 ++++++++--
 .../grpc/xds/XdsNameResolverProviderTest.java | 72 +++++++++++--------
 .../java/io/grpc/xds/XdsNameResolverTest.java | 10 +--
 4 files changed, 77 insertions(+), 52 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 196d51fb5a6..d4b06a24eb5 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -67,7 +67,6 @@
 import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.client.XdsLogger;
 import io.grpc.xds.client.XdsLogger.XdsLogLevel;
-import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -110,7 +109,6 @@ final class XdsNameResolver extends NameResolver {
   private final XdsLogger logger;
   @Nullable
   private final String targetAuthority;
-  private final String target;
   private final String serviceAuthority;
   // Encoded version of the service authority as per 
   // https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.
@@ -141,12 +139,12 @@ final class XdsNameResolver extends NameResolver {
   private ResolveState resolveState;
 
   XdsNameResolver(
-      URI targetUri, String name, @Nullable String overrideAuthority,
-      ServiceConfigParser serviceConfigParser,
+      String target, @Nullable String targetAuthority, String name,
+      @Nullable String overrideAuthority, ServiceConfigParser serviceConfigParser,
       SynchronizationContext syncContext, ScheduledExecutorService scheduler,
       @Nullable Map<String, ?> bootstrapOverride,
       MetricRecorder metricRecorder, Args nameResolverArgs) {
-    this(targetUri, targetUri.getAuthority(), name, overrideAuthority, serviceConfigParser,
+    this(target, targetAuthority, name, overrideAuthority, serviceConfigParser,
         syncContext, scheduler,
         bootstrapOverride == null
           ? SharedXdsClientPoolProvider.getDefaultProvider()
@@ -157,14 +155,13 @@ final class XdsNameResolver extends NameResolver {
 
   @VisibleForTesting
   XdsNameResolver(
-      URI targetUri, @Nullable String targetAuthority, String name,
+      String target, @Nullable String targetAuthority, String name,
       @Nullable String overrideAuthority, ServiceConfigParser serviceConfigParser,
       SynchronizationContext syncContext, ScheduledExecutorService scheduler,
       XdsClientPoolFactory xdsClientPoolFactory, ThreadSafeRandom random,
       FilterRegistry filterRegistry, @Nullable Map<String, ?> bootstrapOverride,
       MetricRecorder metricRecorder, Args nameResolverArgs) {
     this.targetAuthority = targetAuthority;
-    target = targetUri.toString();
 
     // The name might have multiple slashes so encode it before verifying.
     serviceAuthority = checkNotNull(name, "name");
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
index e3462276b17..89e51694a69 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
@@ -22,6 +22,7 @@
 import io.grpc.Internal;
 import io.grpc.NameResolver.Args;
 import io.grpc.NameResolverProvider;
+import io.grpc.Uri;
 import io.grpc.xds.client.XdsClient;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
@@ -86,16 +87,39 @@ public XdsNameResolver newNameResolver(URI targetUri, Args args) {
           targetPath,
           targetUri);
       String name = targetPath.substring(1);
-      return new XdsNameResolver(
-          targetUri, name, args.getOverrideAuthority(),
-          args.getServiceConfigParser(), args.getSynchronizationContext(),
-          args.getScheduledExecutorService(),
-          bootstrapOverride,
-          args.getMetricRecorder(), args);
+      return newNameResolver(targetUri.toString(), targetUri.getAuthority(), name, args);
     }
     return null;
   }
 
+  @Override
+  public XdsNameResolver newNameResolver(Uri targetUri, Args args) {
+    if (scheme.equals(targetUri.getScheme())) {
+      Preconditions.checkArgument(
+          targetUri.isPathAbsolute(),
+          "the path component of the target (%s) must start with '/'",
+          targetUri);
+      return newNameResolver(
+          targetUri.toString(), targetUri.getAuthority(), targetUri.getPath().substring(1), args);
+    }
+    return null;
+  }
+
+  private XdsNameResolver newNameResolver(
+      String targetUri, String targetAuthority, String name, Args args) {
+    return new XdsNameResolver(
+        targetUri.toString(),
+        targetAuthority,
+        name,
+        args.getOverrideAuthority(),
+        args.getServiceConfigParser(),
+        args.getSynchronizationContext(),
+        args.getScheduledExecutorService(),
+        bootstrapOverride,
+        args.getMetricRecorder(),
+        args);
+  }
+
   @Override
   public String getDefaultScheme() {
     return scheme;
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverProviderTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverProviderTest.java
index 33aae268c60..8998a2bae99 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverProviderTest.java
@@ -29,18 +29,22 @@
 import io.grpc.NameResolverProvider;
 import io.grpc.NameResolverRegistry;
 import io.grpc.SynchronizationContext;
+import io.grpc.Uri;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.GrpcUtil;
 import java.net.URI;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 
 /** Unit tests for {@link XdsNameResolverProvider}. */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class XdsNameResolverProviderTest {
   private final SynchronizationContext syncContext = new SynchronizationContext(
       new Thread.UncaughtExceptionHandler() {
@@ -63,6 +67,13 @@ public void uncaughtException(Thread t, Throwable e) {
 
   private XdsNameResolverProvider provider = new XdsNameResolverProvider();
 
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
   @Test
   public void provided() {
     for (NameResolverProvider current
@@ -81,48 +92,46 @@ public void isAvailable() {
   }
 
   @Test
-  public void newNameResolver() {
-    assertThat(
-        provider.newNameResolver(URI.create("xds://1.1.1.1/foo.googleapis.com"), args))
+  public void newNameResolver_returnsExpectedType() {
+    assertThat(newNameResolver(provider, "xds://1.1.1.1/foo.googleapis.com", args))
         .isInstanceOf(XdsNameResolver.class);
-    assertThat(
-        provider.newNameResolver(URI.create("xds:///foo.googleapis.com"), args))
+    assertThat(newNameResolver(provider, "xds:///foo.googleapis.com", args))
         .isInstanceOf(XdsNameResolver.class);
-    assertThat(
-        provider.newNameResolver(URI.create("notxds://1.1.1.1/foo.googleapis.com"),
-            args))
-        .isNull();
+  }
+
+  @Test
+  public void newNameResolver_matchesExpectedScheme() {
+    assertThat(newNameResolver(provider, "notxds://1.1.1.1/foo.googleapis.com", args)).isNull();
   }
 
   @Test
   public void validName_withAuthority() {
-    XdsNameResolver resolver =
-        provider.newNameResolver(
-            URI.create("xds://trafficdirector.google.com/foo.googleapis.com"), args);
+    NameResolver resolver =
+        newNameResolver(provider, "xds://trafficdirector.google.com/foo.googleapis.com", args);
     assertThat(resolver).isNotNull();
     assertThat(resolver.getServiceAuthority()).isEqualTo("foo.googleapis.com");
   }
 
   @Test
   public void validName_noAuthority() {
-    XdsNameResolver resolver =
-        provider.newNameResolver(URI.create("xds:///foo.googleapis.com"), args);
+    NameResolver resolver = newNameResolver(provider, "xds:///foo.googleapis.com", args);
     assertThat(resolver).isNotNull();
     assertThat(resolver.getServiceAuthority()).isEqualTo("foo.googleapis.com");
   }
 
   @Test
   public void validName_urlExtractedAuthorityInvalidWithoutEncoding() {
-    XdsNameResolver resolver = 
-        provider.newNameResolver(URI.create("xds:///1234/path/foo.googleapis.com:8080"), args);
+    NameResolver resolver =
+        newNameResolver(provider, "xds:///1234/path/foo.googleapis.com:8080", args);
     assertThat(resolver).isNotNull();
     assertThat(resolver.getServiceAuthority()).isEqualTo("1234%2Fpath%2Ffoo.googleapis.com:8080");
   }
 
   @Test
   public void validName_urlwithTargetAuthorityAndExtractedAuthorityInvalidWithoutEncoding() {
-    XdsNameResolver resolver = provider.newNameResolver(URI.create(
-        "xds://trafficdirector.google.com/1234/path/foo.googleapis.com:8080"), args);
+    NameResolver resolver =
+        newNameResolver(
+            provider, "xds://trafficdirector.google.com/1234/path/foo.googleapis.com:8080", args);
     assertThat(resolver).isNotNull();
     assertThat(resolver.getServiceAuthority()).isEqualTo("1234%2Fpath%2Ffoo.googleapis.com:8080");
   }
@@ -135,18 +144,14 @@ public void newProvider_multipleScheme() {
     XdsNameResolverProvider provider1 = XdsNameResolverProvider.createForTest("new-xds-scheme",
             new HashMap<String, String>());
     registry.register(provider1);
-    assertThat(registry.asFactory()
-            .newNameResolver(URI.create("xds:///localhost"), args)).isNotNull();
-    assertThat(registry.asFactory()
-            .newNameResolver(URI.create("new-xds-scheme:///localhost"), args)).isNotNull();
-    assertThat(registry.asFactory()
-            .newNameResolver(URI.create("no-scheme:///localhost"), args)).isNotNull();
+    assertThat(newNameResolver(registry.asFactory(), "xds:///localhost", args)).isNotNull();
+    assertThat(newNameResolver(registry.asFactory(), "new-xds-scheme:///localhost", args))
+        .isNotNull();
+    assertThat(newNameResolver(registry.asFactory(), "no-scheme:///localhost", args)).isNotNull();
     registry.deregister(provider1);
-    assertThat(registry.asFactory()
-            .newNameResolver(URI.create("new-xds-scheme:///localhost"), args)).isNull();
+    assertThat(newNameResolver(registry.asFactory(), "new-xds-scheme:///localhost", args)).isNull();
     registry.deregister(provider0);
-    assertThat(registry.asFactory()
-            .newNameResolver(URI.create("xds:///localhost"), args)).isNotNull();
+    assertThat(newNameResolver(registry.asFactory(), "xds:///localhost", args)).isNotNull();
   }
 
   @Test
@@ -176,4 +181,11 @@ public void newProvider_overrideBootstrap() {
     resolver.shutdown();
     registry.deregister(provider);
   }
+
+  private NameResolver newNameResolver(
+      NameResolver.Factory factory, String uriString, NameResolver.Args args) {
+    return enableRfc3986UrisParam
+        ? factory.newNameResolver(Uri.create(uriString), args)
+        : factory.newNameResolver(URI.create(uriString), args);
+  }
 }
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index 45a96ee172f..d8e63704a45 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -104,8 +104,6 @@
 import io.grpc.xds.client.XdsClient;
 import io.grpc.xds.client.XdsResourceType;
 import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -201,7 +199,7 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
   private XdsNameResolver resolver;
   private TestCall<?, ?> testCall;
   private boolean originalEnableTimeout;
-  private URI targetUri;
+  private String targetUri = AUTHORITY;
   private final NameResolver.Args nameResolverArgs = NameResolver.Args.newBuilder()
       .setDefaultPort(8080)
       .setProxyDetector(GrpcUtil.DEFAULT_PROXY_DETECTOR)
@@ -216,12 +214,6 @@ public ConfigOrError parseServiceConfig(Map<String, ?> rawServiceConfig) {
   public void setUp() {
     lenient().doReturn(Status.OK).when(mockListener).onResult2(any());
 
-    try {
-      targetUri = new URI(AUTHORITY);
-    } catch (URISyntaxException e) {
-      targetUri = null;
-    }
-
     originalEnableTimeout = XdsNameResolver.enableTimeout;
     XdsNameResolver.enableTimeout = true;
 

From d68f260966148d3513f005fce47dee4fcb5e2c4f Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 18 Mar 2026 13:38:35 +0530
Subject: [PATCH 563/591] Update README etc to reference 1.80.0 (#12701)

---
 README.md | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 272f3e0a783..b0f7a6a14af 100644
--- a/README.md
+++ b/README.md
@@ -44,8 +44,8 @@ For a guided tour, take a look at the [quick start
 guide](https://grpc.io/docs/languages/java/quickstart) or the more explanatory [gRPC
 basics](https://grpc.io/docs/languages/java/basics).
 
-The [examples](https://github.com/grpc/grpc-java/tree/v1.79.0/examples) and the
-[Android example](https://github.com/grpc/grpc-java/tree/v1.79.0/examples/android)
+The [examples](https://github.com/grpc/grpc-java/tree/v1.80.0/examples) and the
+[Android example](https://github.com/grpc/grpc-java/tree/v1.80.0/examples/android)
 are standalone projects that showcase the usage of gRPC.
 
 Download
@@ -56,34 +56,34 @@ Download [the JARs][]. Or for Maven with non-Android, add to your `pom.xml`:
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-netty-shaded</artifactId>
-  <version>1.79.0</version>
+  <version>1.80.0</version>
   <scope>runtime</scope>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-protobuf</artifactId>
-  <version>1.79.0</version>
+  <version>1.80.0</version>
 </dependency>
 <dependency>
   <groupId>io.grpc</groupId>
   <artifactId>grpc-stub</artifactId>
-  <version>1.79.0</version>
+  <version>1.80.0</version>
 </dependency>
 ```
 
 Or for Gradle with non-Android, add to your dependencies:
 ```gradle
-runtimeOnly 'io.grpc:grpc-netty-shaded:1.79.0'
-implementation 'io.grpc:grpc-protobuf:1.79.0'
-implementation 'io.grpc:grpc-stub:1.79.0'
+runtimeOnly 'io.grpc:grpc-netty-shaded:1.80.0'
+implementation 'io.grpc:grpc-protobuf:1.80.0'
+implementation 'io.grpc:grpc-stub:1.80.0'
 ```
 
 For Android client, use `grpc-okhttp` instead of `grpc-netty-shaded` and
 `grpc-protobuf-lite` instead of `grpc-protobuf`:
 ```gradle
-implementation 'io.grpc:grpc-okhttp:1.79.0'
-implementation 'io.grpc:grpc-protobuf-lite:1.79.0'
-implementation 'io.grpc:grpc-stub:1.79.0'
+implementation 'io.grpc:grpc-okhttp:1.80.0'
+implementation 'io.grpc:grpc-protobuf-lite:1.80.0'
+implementation 'io.grpc:grpc-stub:1.80.0'
 ```
 
 For [Bazel](https://bazel.build), you can either
@@ -91,7 +91,7 @@ For [Bazel](https://bazel.build), you can either
 (with the GAVs from above), or use `@io_grpc_grpc_java//api` et al (see below).
 
 [the JARs]:
-https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.79.0
+https://search.maven.org/search?q=g:io.grpc%20AND%20v:1.80.0
 
 Development snapshots are available in [Sonatypes's snapshot
 repository](https://central.sonatype.com/repository/maven-snapshots/).
@@ -123,7 +123,7 @@ For protobuf-based codegen integrated with the Maven build system, you can use
       <configuration>
         <protocArtifact>com.google.protobuf:protoc:3.25.8:exe:${os.detected.classifier}</protocArtifact>
         <pluginId>grpc-java</pluginId>
-        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.79.0:exe:${os.detected.classifier}</pluginArtifact>
+        <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.80.0:exe:${os.detected.classifier}</pluginArtifact>
       </configuration>
       <executions>
         <execution>
@@ -153,7 +153,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0'
     }
   }
   generateProtoTasks {
@@ -186,7 +186,7 @@ protobuf {
   }
   plugins {
     grpc {
-      artifact = 'io.grpc:protoc-gen-grpc-java:1.79.0'
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.80.0'
     }
   }
   generateProtoTasks {

From 1f8af94e44f8bbf3ceb0f70ba7785e8e96b003db Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Wed, 18 Mar 2026 21:40:15 +0530
Subject: [PATCH 564/591] android-interop-testing: align AndroidX Test Runner
 version to 1.7.0 (#12703)

---
 android-interop-testing/build.gradle | 2 +-
 gradle/libs.versions.toml            | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index 9d142743431..a47c9c4c78d 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -80,7 +80,7 @@ dependencies {
     }
 
     androidTestImplementation libraries.androidx.test.ext.junit,
-            'androidx.test:runner:1.4.0'
+            libraries.androidx.test.runner
 }
 
 // Checkstyle doesn't run automatically with android
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 039ff63d81c..73c19140478 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -21,6 +21,7 @@ androidx-lifecycle-service = "androidx.lifecycle:lifecycle-service:2.8.7"
 androidx-test-core = "androidx.test:core:1.7.0"
 androidx-test-ext-junit = "androidx.test.ext:junit:1.3.0"
 androidx-test-rules = "androidx.test:rules:1.7.0"
+androidx-test-runner = "androidx.test:runner:1.7.0"
 animalsniffer = "org.codehaus.mojo:animal-sniffer:1.26"
 animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.26"
 assertj-core = "org.assertj:assertj-core:3.27.6"

From 91e9491d7b59681cd68aa70da42da525f949ed85 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 18 Mar 2026 15:12:29 -0700
Subject: [PATCH 565/591] kokoro: Reduce log noise in Android CI

---
 buildscripts/kokoro/android.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/buildscripts/kokoro/android.sh b/buildscripts/kokoro/android.sh
index 5af55b2f551..677825ae66b 100755
--- a/buildscripts/kokoro/android.sh
+++ b/buildscripts/kokoro/android.sh
@@ -132,15 +132,18 @@ fi
 
 # Update the statuses with the deltas
 
+set +x
 gsutil cp gs://grpc-testing-secrets/github_credentials/oauth_token.txt ~/
 
 desc="New DEX reference count: $(printf "%'d" "$new_dex_count") (delta: $(printf "%'d" "$dex_count_delta"))"
+echo "Setting status: $desc"
 curl -f -s -X POST -H "Content-Type: application/json" \
     -H "Authorization: token $(cat ~/oauth_token.txt | tr -d '\n')" \
     -d '{"state": "success", "context": "android/dex_diff", "description": "'"${desc}"'"}' \
     "https://api.github.com/repos/grpc/grpc-java/statuses/${KOKORO_GITHUB_PULL_REQUEST_COMMIT}"
 
 desc="New APK size in bytes: $(printf "%'d" "$new_apk_size") (delta: $(printf "%'d" "$apk_size_delta"))"
+echo "Setting status: $desc"
 curl -f -s -X POST -H "Content-Type: application/json" \
     -H "Authorization: token $(cat ~/oauth_token.txt | tr -d '\n')" \
     -d '{"state": "success", "context": "android/apk_diff", "description": "'"${desc}"'"}' \

From a3a9ffcbe498dcd4a6367da1cde2f859246ec4b2 Mon Sep 17 00:00:00 2001
From: Adrin T Paul <109350438+themechbro@users.noreply.github.com>
Date: Mon, 23 Mar 2026 12:53:02 +0530
Subject: [PATCH 566/591] docs: Correct the manual flow control README
 regarding onNext blocking (#12700)

### Description
This PR updates the "Outgoing Flow Control" section in the Manual Flow
Control example's README.

The previous documentation incorrectly implied that calling `onNext()`
on a stream would block if the underlying Netty buffer was full, thereby
limiting the send rate. This PR clarifies that `onNext()` does *not*
block, but rather queues the messages in memory, which can ultimately
lead to an `OutOfMemoryError` if messages are sent too quickly.

The updated text correctly advises developers to use
`CallStreamObserver.isReady()` to prevent this memory exhaustion, rather
than to avoid blocking.

Fixes #12657

---------

Co-authored-by: Kannan J <kannanjgithub@google.com>
---
 .../io/grpc/examples/manualflowcontrol/README.md | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/examples/src/main/java/io/grpc/examples/manualflowcontrol/README.md b/examples/src/main/java/io/grpc/examples/manualflowcontrol/README.md
index a30688cea15..433697e0a08 100644
--- a/examples/src/main/java/io/grpc/examples/manualflowcontrol/README.md
+++ b/examples/src/main/java/io/grpc/examples/manualflowcontrol/README.md
@@ -1,5 +1,5 @@
-gRPC Manual Flow Control Example
-=====================
+# gRPC Manual Flow Control Example
+
 Flow control is relevant for streaming RPC calls.
 
 By default, gRPC will handle dealing with flow control. However, for specific
@@ -25,14 +25,7 @@ value.
 
 ### Outgoing Flow Control
 
-The underlying layer (such as Netty) will make the write wait when there is no
-space to write the next message. This causes the request stream to go into
-a not ready state and the outgoing onNext method invocation waits. You can
-explicitly check that the stream is ready for writing before calling onNext to
-avoid blocking. This is done with `CallStreamObserver.isReady()`. You can
-utilize this to start doing reads, which may allow
-the other side of the channel to complete a write and then to do its own reads,
-thereby avoiding deadlock.
+The underlying layer (such as Netty) manages a buffer for outgoing messages. If you write messages faster than they can be sent over the network, this buffer will grow, which can eventually lead to an OutOfMemoryError. The outgoing onNext method invocation does not block when this happens. Therefore, you should explicitly check that the stream is ready for writing via `CallStreamObserver.isReady()` before calling onNext to avoid buffering excessive amounts of data in memory.
 
 ### Incoming Manual Flow Control
 
@@ -71,6 +64,7 @@ When you are ready to begin processing the next value from the stream call
 `serverCallStreamObserver.request(1)`
 
 ### Related documents
+
 Also see [gRPC Flow Control Users Guide][user guide]
 
- [user guide]: https://grpc.io/docs/guides/flow-control
\ No newline at end of file
+[user guide]: https://grpc.io/docs/guides/flow-control

From 6b3e2b35a14432ca22e46434ca9b5e122e547b9e Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Mon, 23 Mar 2026 13:35:39 +0530
Subject: [PATCH 567/591] android-interop-testing: add AndroidX Test core in
 implementation (#12718)

This alignment resolves a version skew issue that caused
NoClassDefFoundError crashes during instrumentation tests on Firebase
Test Lab.

Fixes
https://github.com/grpc/grpc-java/pull/12703#issuecomment-4088211068
---
 android-interop-testing/build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/android-interop-testing/build.gradle b/android-interop-testing/build.gradle
index a47c9c4c78d..b61d50a6763 100644
--- a/android-interop-testing/build.gradle
+++ b/android-interop-testing/build.gradle
@@ -72,6 +72,7 @@ dependencies {
             libraries.junit,
             libraries.truth,
             libraries.androidx.test.rules,
+            libraries.androidx.test.core,
             libraries.opencensus.contrib.grpc.metrics
 
     implementation (project(':grpc-services')) {

From d459338d9c9e2870ebf03a551d96cbff4c60747f Mon Sep 17 00:00:00 2001
From: Adrin T Paul <109350438+themechbro@users.noreply.github.com>
Date: Mon, 23 Mar 2026 17:28:18 +0530
Subject: [PATCH 568/591] core: fix false-positive orphan warning in
 ManagedChannelOrphanWrapper (#12705)

This PR addresses a race condition where ManagedChannelOrphanWrapper
could incorrectly log a "not shutdown properly" warning during garbage
collection when using directExecutor().

Changes:

Reference Management: Moved phantom.clearSafely() to execute after the
super.shutdown() calls to ensure the orphan tracker isn't detached
prematurely.

Reachability Fence: Added a reachability fence in shutdown() and
shutdownNow() to ensure the wrapper remains alive until the methods
return, preventing the JIT from marking it for early collection.

Regression Test: Added a test case that simulates a reference being held
on the stack to verify the fix and prevent future regressions.

Testing:
Verified with ./gradlew :grpc-core:test --tests
ManagedChannelOrphanWrapperTest -PskipAndroid=true.

Fixes #12641

---------

Co-authored-by: Kannan J <kannanjgithub@google.com>
---
 .../internal/ManagedChannelOrphanWrapper.java | 17 ++++-
 .../ManagedChannelOrphanWrapperTest.java      | 64 +++++++++++++++++++
 2 files changed, 78 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelOrphanWrapper.java b/core/src/main/java/io/grpc/internal/ManagedChannelOrphanWrapper.java
index eac9b64d9db..c7f722a9499 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelOrphanWrapper.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelOrphanWrapper.java
@@ -62,14 +62,24 @@ final class ManagedChannelOrphanWrapper extends ForwardingManagedChannel {
 
   @Override
   public ManagedChannel shutdown() {
+    ManagedChannel result = super.shutdown();
     phantom.clearSafely();
-    return super.shutdown();
+    // This dummy check prevents the JIT from collecting 'this' too early
+    if (this.getClass() == null) {
+      throw new AssertionError();
+    }
+    return result;
   }
 
   @Override
   public ManagedChannel shutdownNow() {
+    ManagedChannel result = super.shutdownNow();
     phantom.clearSafely();
-    return super.shutdownNow();
+    // This dummy check prevents the JIT from collecting 'this' too early
+    if (this.getClass() == null) {
+      throw new AssertionError();
+    }
+    return result;
   }
 
   @VisibleForTesting
@@ -151,8 +161,9 @@ static int cleanQueue(ReferenceQueue<ManagedChannelOrphanWrapper> refqueue) {
       int orphanedChannels = 0;
       while ((ref = (ManagedChannelReference) refqueue.poll()) != null) {
         RuntimeException maybeAllocationSite = ref.allocationSite.get();
+        boolean wasShutdown = ref.shutdown.get();
         ref.clearInternal(); // technically the reference is gone already.
-        if (!ref.shutdown.get()) {
+        if (!wasShutdown) {
           orphanedChannels++;
           Level level = Level.SEVERE;
           if (logger.isLoggable(level)) {
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelOrphanWrapperTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelOrphanWrapperTest.java
index 5ae97c69211..cdd36fb8273 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelOrphanWrapperTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelOrphanWrapperTest.java
@@ -101,6 +101,70 @@ public boolean isDone() {
     }
   }
 
+  @Test
+  public void shutdown_withDelegateStillReferenced_doesNotLogWarning() {
+    ManagedChannel mc = new TestManagedChannel();
+    final ReferenceQueue<ManagedChannelOrphanWrapper> refqueue = new ReferenceQueue<>();
+    ConcurrentMap<ManagedChannelReference, ManagedChannelReference> refs =
+        new ConcurrentHashMap<>();
+    
+    ManagedChannelOrphanWrapper wrapper = new ManagedChannelOrphanWrapper(mc, refqueue, refs);
+    WeakReference<ManagedChannelOrphanWrapper> wrapperWeakRef = new WeakReference<>(wrapper);
+
+    final List<LogRecord> records = new ArrayList<>();
+    Logger orphanLogger = Logger.getLogger(ManagedChannelOrphanWrapper.class.getName());
+    Filter oldFilter = orphanLogger.getFilter();
+    orphanLogger.setFilter(new Filter() {
+      @Override
+      public boolean isLoggable(LogRecord record) {
+        synchronized (records) { 
+          records.add(record); 
+        }
+        return false;
+      }
+    });
+
+    try {
+      wrapper.shutdown(); 
+      wrapper = null; 
+      
+      // Wait for the WRAPPER itself to be garbage collected
+      GcFinalization.awaitClear(wrapperWeakRef);
+      ManagedChannelReference.cleanQueue(refqueue);
+
+      synchronized (records) {
+        assertEquals("Warning was logged even though shutdownNow() was called!", 0, records.size());
+      }
+    } finally {
+      orphanLogger.setFilter(oldFilter);
+    }
+  }
+
+  @Test
+  public void orphanedChannel_triggerWarningAndCoverage() {
+    ManagedChannel mc = new TestManagedChannel();
+    final ReferenceQueue<ManagedChannelOrphanWrapper> refqueue = new ReferenceQueue<>();
+    ConcurrentMap<ManagedChannelReference, ManagedChannelReference> refs = 
+        new ConcurrentHashMap<>();
+    
+    // Create the wrapper but NEVER call shutdown
+    @SuppressWarnings("UnusedVariable")
+    ManagedChannelOrphanWrapper wrapper = new ManagedChannelOrphanWrapper(mc, refqueue, refs);
+    wrapper = null; // Make it eligible for GC
+
+    // Trigger GC and clean the queue to hit the !wasShutdown branch
+    final AtomicInteger numOrphans = new AtomicInteger();
+    GcFinalization.awaitDone(new FinalizationPredicate() {
+      @Override
+      public boolean isDone() {
+        numOrphans.getAndAdd(ManagedChannelReference.cleanQueue(refqueue));
+        return numOrphans.get() > 0;
+      }
+    });
+    
+    assertEquals(1, numOrphans.get());
+  }
+
   @Test
   public void refCycleIsGCed() {
     ReferenceQueue<ManagedChannelOrphanWrapper> refqueue =

From 9e922428ab008f43925743c6a7bdb9b67e4a0f9f Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 23 Mar 2026 07:50:30 -0700
Subject: [PATCH 569/591] servlet: Remove ModelCheckingCTest reference

In lincheck 3.4 this annotation is marked deprecated, and what to use as
a replacement was thoroughly undocumented in the issue, the PR, the
commit, the documentation, and the release notes. But it seems it has
been unused since 8ac5599b9 when the test was converted to using
ModelCheckingOptions.check().
---
 .../servlet/AsyncServletOutputStreamWriterConcurrencyTest.java  | 2 --
 1 file changed, 2 deletions(-)

diff --git a/servlet/src/threadingTest/java/io/grpc/servlet/AsyncServletOutputStreamWriterConcurrencyTest.java b/servlet/src/threadingTest/java/io/grpc/servlet/AsyncServletOutputStreamWriterConcurrencyTest.java
index ebe1df8c3f3..b2891b6e47e 100644
--- a/servlet/src/threadingTest/java/io/grpc/servlet/AsyncServletOutputStreamWriterConcurrencyTest.java
+++ b/servlet/src/threadingTest/java/io/grpc/servlet/AsyncServletOutputStreamWriterConcurrencyTest.java
@@ -28,7 +28,6 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.BiFunction;
-import org.jetbrains.kotlinx.lincheck.strategy.managed.modelchecking.ModelCheckingCTest;
 import org.jetbrains.lincheck.datastructures.BooleanGen;
 import org.jetbrains.lincheck.datastructures.ModelCheckingOptions;
 import org.jetbrains.lincheck.datastructures.Operation;
@@ -49,7 +48,6 @@
  * test all possibly interleaves (on context switch) between the two threads, and then verify the
  * operations are linearizable in each interleave scenario.
  */
-@ModelCheckingCTest
 @Param(name = "keepReady", gen = BooleanGen.class)
 @RunWith(JUnit4.class)
 public class AsyncServletOutputStreamWriterConcurrencyTest {

From 15670267c6cef62fe7d8f389aaafa7f94860593f Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 24 Mar 2026 15:11:31 -0700
Subject: [PATCH 570/591] xds: Handle empty target URI authorities the same as
 null.

Fixes an oversight in #12660. io.grpc.Uri#getAuthority makes a
distinction between xds:///service and xds:/service but java.net.URI
does not. XdsNameResolver wants to treat those two cases the same.
---
 .../java/io/grpc/xds/XdsNameResolver.java     | 11 +++++-
 .../io/grpc/xds/XdsNameResolverProvider.java  |  6 +++-
 .../java/io/grpc/xds/XdsNameResolverTest.java | 34 +++++++++++++++++++
 3 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index d4b06a24eb5..03a29025ff6 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -138,6 +138,13 @@ final class XdsNameResolver extends NameResolver {
   private CallCounterProvider callCounterProvider;
   private ResolveState resolveState;
 
+  /**
+   * Constructs a new instance.
+   *
+   * @param target the target URI to resolve
+   * @param targetAuthority the authority component of `target`, possibly the empty string, or null
+   *     if 'target' has no such component
+   */
   XdsNameResolver(
       String target, @Nullable String targetAuthority, String name,
       @Nullable String overrideAuthority, ServiceConfigParser serviceConfigParser,
@@ -208,7 +215,9 @@ public void start(Listener2 listener) {
     }
     BootstrapInfo bootstrapInfo = xdsClient.getBootstrapInfo();
     String listenerNameTemplate;
-    if (targetAuthority == null) {
+    if (targetAuthority == null || targetAuthority.isEmpty()) {
+      // Both https://github.com/grpc/proposal/blob/master/A27-xds-global-load-balancing.md and
+      // A47-xds-federation.md seem to treat an empty authority the same as an undefined one.
       listenerNameTemplate = bootstrapInfo.clientDefaultListenerResourceNameTemplate();
     } else {
       AuthorityInfo authorityInfo = bootstrapInfo.authorities().get(targetAuthority);
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
index 89e51694a69..51b1ff49bf0 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolverProvider.java
@@ -87,7 +87,11 @@ public XdsNameResolver newNameResolver(URI targetUri, Args args) {
           targetPath,
           targetUri);
       String name = targetPath.substring(1);
-      return newNameResolver(targetUri.toString(), targetUri.getAuthority(), name, args);
+      // TODO(jdcormie): java.net.URI#getAuthority incorrectly returns null for both xds:///service
+      //  and xds:/service. This doesn't matter for now since XdsNameResolver treats them the same
+      //  anyway and all this code will go away once newNameResolver(io.grpc.Uri) launches.
+      String targetAuthority = targetUri.getAuthority();
+      return newNameResolver(targetUri.toString(), targetAuthority, name, args);
     }
     return null;
   }
diff --git a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
index d8e63704a45..e78f97635ed 100644
--- a/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
+++ b/xds/src/test/java/io/grpc/xds/XdsNameResolverTest.java
@@ -297,6 +297,40 @@ public void resolving_noTargetAuthority_templateWithoutXdstp() {
     verify(mockListener, never()).onError(any(Status.class));
   }
 
+  @Test
+  public void resolving_emptyTargetAuthority_templateWithXdstp() {
+    bootstrapInfo =
+        BootstrapInfo.builder()
+            .servers(
+                ImmutableList.of(
+                    ServerInfo.create("td.googleapis.com", InsecureChannelCredentials.create())))
+            .node(Node.newBuilder().build())
+            .clientDefaultListenerResourceNameTemplate(
+                "xdstp://xds.authority.com/envoy.config.listener.v3.Listener/%s?id=1")
+            .build();
+    String serviceAuthority = "[::FFFF:129.144.52.38]:80";
+    expectedLdsResourceName =
+        "xdstp://xds.authority.com/envoy.config.listener.v3.Listener/"
+            + "%5B::FFFF:129.144.52.38%5D:80?id=1";
+    resolver =
+        new XdsNameResolver(
+            "xds:///foo.googleapis.com",
+            "",
+            serviceAuthority,
+            null,
+            serviceConfigParser,
+            syncContext,
+            scheduler,
+            xdsClientPoolFactory,
+            mockRandom,
+            FilterRegistry.getDefaultRegistry(),
+            rawBootstrap,
+            metricRecorder,
+            nameResolverArgs);
+    resolver.start(mockListener);
+    verify(mockListener, never()).onError(any(Status.class));
+  }
+
   @Test
   public void resolving_noTargetAuthority_templateWithXdstp() {
     bootstrapInfo = BootstrapInfo.builder()

From 70766542a071c4e1b00b83d8f545d8a15f81e8e5 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 24 Mar 2026 16:54:36 -0700
Subject: [PATCH 571/591] api: create a test_fixtures bazel target

---
 MODULE.bazel     |  1 +
 api/BUILD.bazel  | 18 ++++++++++++++++++
 repositories.bzl |  1 +
 3 files changed, 20 insertions(+)

diff --git a/MODULE.bazel b/MODULE.bazel
index 85c8b1aec13..8e911022e85 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -41,6 +41,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
+    "org.mockito:mockito-core:4.4.0",
     "org.checkerframework:checker-qual:3.49.5",
     "org.codehaus.mojo:animal-sniffer-annotations:1.26",
 ]
diff --git a/api/BUILD.bazel b/api/BUILD.bazel
index 4c5e750b5e4..6de00d6272d 100644
--- a/api/BUILD.bazel
+++ b/api/BUILD.bazel
@@ -15,3 +15,21 @@ java_library(
         artifact("com.google.guava:guava"),
     ],
 )
+
+java_library(
+    name = "test_fixtures",
+    testonly = 1,
+    srcs = glob([
+        "src/testFixtures/java/io/grpc/**/*.java",
+    ]),
+    visibility = ["//xds:__pkg__"],
+    deps = [
+        "//core",
+        artifact("com.google.code.findbugs:jsr305"),
+        artifact("com.google.errorprone:error_prone_annotations"),
+        artifact("com.google.guava:guava"),
+        artifact("com.google.truth:truth"),
+        artifact("junit:junit"),
+        artifact("org.mockito:mockito-core"),
+    ],
+)
diff --git a/repositories.bzl b/repositories.bzl
index de0729c35ab..bc502e430c0 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -45,6 +45,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
     "junit:junit:4.13.2",
+    "org.mockito:mockito-core:4.4.0",
     "org.checkerframework:checker-qual:3.49.5",
     "org.codehaus.mojo:animal-sniffer-annotations:1.26",
 ]

From 9238a9d478c1a6c51c4f993392bb169f062668e1 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 24 Mar 2026 16:55:18 -0700
Subject: [PATCH 572/591] xds: Run integration test with both values of RFC
 3986 URI flag

---
 xds/BUILD.bazel                               |  1 +
 .../FakeControlPlaneXdsIntegrationTest.java   | 25 +++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/xds/BUILD.bazel b/xds/BUILD.bazel
index 7f2c5f02338..9a650485c6c 100644
--- a/xds/BUILD.bazel
+++ b/xds/BUILD.bazel
@@ -343,6 +343,7 @@ java_library(
         ":xds",
         ":xds_java_proto",
         "//api",
+        "//api:test_fixtures",
         "//core:internal",
         "//stub",
         "//testing-proto:simpleservice_java_grpc",
diff --git a/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java b/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
index c8f2b8932ef..a273c6f3ebf 100644
--- a/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
+++ b/xds/src/test/java/io/grpc/xds/FakeControlPlaneXdsIntegrationTest.java
@@ -50,8 +50,10 @@
 import io.grpc.ClientCall;
 import io.grpc.ClientInterceptor;
 import io.grpc.ClientStreamTracer;
+import io.grpc.FlagResetRule;
 import io.grpc.ForwardingClientCall.SimpleForwardingClientCall;
 import io.grpc.ForwardingClientCallListener;
+import io.grpc.InternalFeatureFlags;
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.ManagedChannel;
 import io.grpc.Metadata;
@@ -60,10 +62,14 @@
 import io.grpc.testing.protobuf.SimpleResponse;
 import io.grpc.testing.protobuf.SimpleServiceGrpc;
 import java.net.InetSocketAddress;
+import java.util.Arrays;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 
 /**
  * Xds integration tests using a local control plane, implemented in {@link
@@ -85,13 +91,28 @@
  * 3) Construct EDS config w/ test server address from 2). Set CDS and EDS Config at the Control
  * Plane. Then start the test xDS client (requires EDS to do xDS name resolution).
  */
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class FakeControlPlaneXdsIntegrationTest {
 
   @Rule(order = 0)
   public ControlPlaneRule controlPlane = new ControlPlaneRule();
   @Rule(order = 1)
   public DataPlaneRule dataPlane = new DataPlaneRule(controlPlane);
+  @Rule(order = 2)
+  public final FlagResetRule flagResetRule = new FlagResetRule();
+
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
+  @Before
+  public void setupRfc3986UrisFeatureFlag() throws Exception {
+    flagResetRule.setFlagForTest(
+        InternalFeatureFlags::setRfc3986UrisEnabled, enableRfc3986UrisParam);
+  }
 
   @Test
   public void pingPong() throws Exception {

From 867e9687b68da288cbc0c71dc8ad15a2196d17e7 Mon Sep 17 00:00:00 2001
From: Saurav <sauravz@google.com>
Date: Wed, 25 Mar 2026 10:23:12 +0530
Subject: [PATCH 573/591] Add Gemini code review config (#12725)

Copied configuration from grpc-go for default code review settings from
https://github.com/grpc/grpc-go/pull/8873
---
 .gemini/config.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .gemini/config.yaml

diff --git a/.gemini/config.yaml b/.gemini/config.yaml
new file mode 100644
index 00000000000..71adf793964
--- /dev/null
+++ b/.gemini/config.yaml
@@ -0,0 +1,13 @@
+have_fun: false
+memory_config:
+  disabled: false
+code_review:
+  disable: false
+  comment_severity_threshold: MEDIUM
+  max_review_comments: -1
+  pull_request_opened:
+    help: false
+    summary: false
+    code_review: false
+    include_drafts: false
+ignore_patterns: []

From 37eb736664856c8395ba1a8269eca4de74e172c6 Mon Sep 17 00:00:00 2001
From: SreeramdasLavanya <76050406+SreeramdasLavanya@users.noreply.github.com>
Date: Wed, 25 Mar 2026 11:34:19 +0530
Subject: [PATCH 574/591] api: Deprecate LoadBalancer.handleResolvedAddresses()
 (#11623)

Also deprecate its companion
canHandleEmptyAddressListFromNameResolution().
Also fixup the Javadoc to align with the arguments/return values, so
that people would have a better idea of how to use it.

Fixes #11194

---------

Co-authored-by: MV Shiva Prasad <okshiva@google.com>
Co-authored-by: Eric Anderson <ejona@google.com>
---
 api/src/main/java/io/grpc/LoadBalancer.java   | 28 ++++++++++++-------
 .../io/grpc/grpclb/GrpclbLoadBalancer.java    |  2 ++
 .../RpcBehaviorLoadBalancerProvider.java      |  1 +
 .../RpcBehaviorLoadBalancerProviderTest.java  |  1 +
 .../io/grpc/util/ForwardingLoadBalancer.java  |  3 ++
 .../grpc/util/GracefulSwitchLoadBalancer.java |  1 +
 .../util/GracefulSwitchLoadBalancerTest.java  |  2 ++
 .../io/grpc/xds/ClusterImplLoadBalancer.java  |  3 +-
 .../grpc/xds/WeightedTargetLoadBalancer.java  |  2 ++
 .../xds/MetadataLoadBalancerProvider.java     |  1 +
 10 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java
index 9816de95c5e..3187ae8ef1b 100644
--- a/api/src/main/java/io/grpc/LoadBalancer.java
+++ b/api/src/main/java/io/grpc/LoadBalancer.java
@@ -156,15 +156,16 @@ public String toString() {
   private int recursionCount;
 
   /**
-   * Handles newly resolved server groups and metadata attributes from name resolution system.
-   * {@code servers} contained in {@link EquivalentAddressGroup} should be considered equivalent
-   * but may be flattened into a single list if needed.
-   *
-   * <p>Implementations should not modify the given {@code servers}.
+   * Handles newly resolved addresses and metadata attributes from name resolution system.
+   * Addresses in {@link EquivalentAddressGroup} should be considered equivalent but may be
+   * flattened into a single list if needed.
    *
    * @param resolvedAddresses the resolved server addresses, attributes, and config.
    * @since 1.21.0
+   *
+   * @deprecated  Use instead {@link #acceptResolvedAddresses(ResolvedAddresses)}
    */
+  @Deprecated
   public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     if (recursionCount++ == 0) {
       // Note that the information about the addresses actually being accepted will be lost
@@ -179,12 +180,10 @@ public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
    * EquivalentAddressGroup} addresses should be considered equivalent but may be flattened into a
    * single list if needed.
    *
-   * <p>Implementations can choose to reject the given addresses by returning {@code false}.
-   *
-   * <p>Implementations should not modify the given {@code addresses}.
+   * @param resolvedAddresses the resolved server addresses, attributes, and config
+   * @return {@code Status.OK} if the resolved addresses were accepted, otherwise an error to report
+   *     to the name resolver
    *
-   * @param resolvedAddresses the resolved server addresses, attributes, and config.
-   * @return {@code true} if the resolved addresses were accepted. {@code false} if rejected.
    * @since 1.49.0
    */
   public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
@@ -418,7 +417,16 @@ public void handleSubchannelState(
    *
    * <p>This method should always return a constant value.  It's not specified when this will be
    * called.
+   * 
+   * <p>Note that this method is only called when implementing {@code handleResolvedAddresses()}
+   * instead of {@code acceptResolvedAddresses()}.
+   *
+   * @deprecated Instead of overwriting this and {@code handleResolvedAddresses()}, only
+   *     overwrite {@code acceptResolvedAddresses()} which indicates if the addresses provided
+   *     by the name resolver are acceptable with the {@code boolean} return value.
    */
+  @Deprecated
+  @SuppressWarnings("InlineMeSuggester")
   public boolean canHandleEmptyAddressListFromNameResolution() {
     return false;
   }
diff --git a/grpclb/src/main/java/io/grpc/grpclb/GrpclbLoadBalancer.java b/grpclb/src/main/java/io/grpc/grpclb/GrpclbLoadBalancer.java
index 872937b03c1..bf9eea69af0 100644
--- a/grpclb/src/main/java/io/grpc/grpclb/GrpclbLoadBalancer.java
+++ b/grpclb/src/main/java/io/grpc/grpclb/GrpclbLoadBalancer.java
@@ -154,6 +154,8 @@ public void handleNameResolutionError(Status error) {
   }
 
   @Override
+  @Deprecated
+  @SuppressWarnings("InlineMeSuggester")
   public boolean canHandleEmptyAddressListFromNameResolution() {
     return true;
   }
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProvider.java b/interop-testing/src/main/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProvider.java
index 65f1c46892b..f1410142bff 100644
--- a/interop-testing/src/main/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProvider.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProvider.java
@@ -110,6 +110,7 @@ protected LoadBalancer delegate() {
       return delegateLb;
     }
 
+    @Deprecated
     @Override
     public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       helper.setRpcBehavior(
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProviderTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProviderTest.java
index f17ea059211..4a43af67ac8 100644
--- a/interop-testing/src/test/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProviderTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/RpcBehaviorLoadBalancerProviderTest.java
@@ -78,6 +78,7 @@ public void parseInvalidConfig() {
     assertThat(status.getDescription()).contains("rpcBehavior");
   }
 
+  @Deprecated
   @Test
   public void handleResolvedAddressesDelegated() {
     RpcBehaviorLoadBalancer lb = new RpcBehaviorLoadBalancer(new RpcBehaviorHelper(mockHelper),
diff --git a/util/src/main/java/io/grpc/util/ForwardingLoadBalancer.java b/util/src/main/java/io/grpc/util/ForwardingLoadBalancer.java
index cefcbf344ea..d52ff42e652 100644
--- a/util/src/main/java/io/grpc/util/ForwardingLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/ForwardingLoadBalancer.java
@@ -29,6 +29,7 @@ public abstract class ForwardingLoadBalancer extends LoadBalancer {
    */
   protected abstract LoadBalancer delegate();
 
+  @Deprecated
   @Override
   public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     delegate().handleResolvedAddresses(resolvedAddresses);
@@ -52,6 +53,8 @@ public void shutdown() {
   }
 
   @Override
+  @Deprecated
+  @SuppressWarnings("InlineMeSuggester")
   public boolean canHandleEmptyAddressListFromNameResolution() {
     return delegate().canHandleEmptyAddressListFromNameResolution();
   }
diff --git a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
index dc296a7293e..27dc080c71b 100644
--- a/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
+++ b/util/src/main/java/io/grpc/util/GracefulSwitchLoadBalancer.java
@@ -84,6 +84,7 @@ public GracefulSwitchLoadBalancer(Helper helper) {
     this.helper = checkNotNull(helper, "helper");
   }
 
+  @Deprecated
   @Override
   public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     Config config = (Config) resolvedAddresses.getLoadBalancingPolicyConfig();
diff --git a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
index 8f87dab5da6..0467f9526f6 100644
--- a/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
+++ b/util/src/test/java/io/grpc/util/GracefulSwitchLoadBalancerTest.java
@@ -102,6 +102,7 @@ public void handleSubchannelState_shouldThrow() {
   }
 
   @Test
+  @Deprecated
   public void canHandleEmptyAddressListFromNameResolutionForwardedToLatestPolicy() {
     assertIsOk(gracefulSwitchLb.acceptResolvedAddresses(addressesBuilder()
         .setLoadBalancingPolicyConfig(createConfig(lbPolicies[0], new Object()))
@@ -136,6 +137,7 @@ public void canHandleEmptyAddressListFromNameResolutionForwardedToLatestPolicy()
     assertThat(gracefulSwitchLb.canHandleEmptyAddressListFromNameResolution()).isTrue();
   }
 
+  @Deprecated
   @Test
   public void handleResolvedAddressesAndNameResolutionErrorForwardedToLatestPolicy() {
     ResolvedAddresses addresses = newFakeAddresses();
diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index 8b8ce0f03ce..64105144240 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -152,14 +152,13 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
     childLbHelper.updateFilterMetadata(config.filterMetadata);
     childLbHelper.updateBackendMetricPropagation(config.backendMetricPropagation);
 
-    childSwitchLb.handleResolvedAddresses(
+    return childSwitchLb.acceptResolvedAddresses(
         resolvedAddresses.toBuilder()
             .setAttributes(attributes.toBuilder()
               .set(NameResolver.ATTR_BACKEND_SERVICE, cluster)
               .build())
             .setLoadBalancingPolicyConfig(config.childConfig)
             .build());
-    return Status.OK;
   }
 
   @Override
diff --git a/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancer.java
index ce7427e5c2c..9468a9daf9d 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedTargetLoadBalancer.java
@@ -128,6 +128,8 @@ public void handleNameResolutionError(Status error) {
   }
 
   @Override
+  @Deprecated
+  @SuppressWarnings("InlineMeSuggester")
   public boolean canHandleEmptyAddressListFromNameResolution() {
     return true;
   }
diff --git a/xds/src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java b/xds/src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java
index 7b56f59451c..0499bafdb23 100644
--- a/xds/src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java
+++ b/xds/src/test/java/io/grpc/xds/MetadataLoadBalancerProvider.java
@@ -107,6 +107,7 @@ protected LoadBalancer delegate() {
       return delegateLb;
     }
 
+    @Deprecated
     @Override
     public void handleResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       MetadataLoadBalancerConfig config

From 53053bac53e9aa6e729829d377910e5895d22b00 Mon Sep 17 00:00:00 2001
From: jiangyuan <joe469391363@gmail.com>
Date: Thu, 26 Mar 2026 06:10:14 +0800
Subject: [PATCH 575/591] core: fix MetricRecorderImpl.metricSinks()
 ConcurrentModificationException (#12730)

```
java.util.ConcurrentModificationException
    at java.base/java.util.ArrayList$Itr.checkForComodification(ArrayList.java:1013)
    at java.base/java.util.ArrayList$Itr.next(ArrayList.java:967)
    at io.grpc.internal.MetricRecorderImpl.addLongCounter(MetricRecorderImpl.java:95)
    at io.grpc.internal.SubchannelMetrics.recordConnectionAttemptSucceeded(SubchannelMetrics.java:82)
    at io.grpc.internal.InternalSubchannel$TransportListener$1.run(InternalSubchannel.java:605)
    at io.grpc.SynchronizationContext.drain(SynchronizationContext.java:96)
    at io.grpc.SynchronizationContext.execute(SynchronizationContext.java:128)
    at io.grpc.internal.InternalSubchannel$TransportListener.transportReady(InternalSubchannel.java:591)
    at io.grpc.netty.shaded.io.grpc.netty.ClientTransportLifecycleManager.notifyReady(ClientTransportLifecycleManager.java:51)
```

Fix #12727
---
 core/src/main/java/io/grpc/internal/MetricRecorderImpl.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/io/grpc/internal/MetricRecorderImpl.java b/core/src/main/java/io/grpc/internal/MetricRecorderImpl.java
index ded9d5ce589..6a12a38d677 100644
--- a/core/src/main/java/io/grpc/internal/MetricRecorderImpl.java
+++ b/core/src/main/java/io/grpc/internal/MetricRecorderImpl.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
 import io.grpc.CallbackMetricInstrument;
 import io.grpc.DoubleCounterMetricInstrument;
 import io.grpc.DoubleHistogramMetricInstrument;
@@ -49,7 +50,7 @@ final class MetricRecorderImpl implements MetricRecorder {
 
   @VisibleForTesting
   MetricRecorderImpl(List<MetricSink> metricSinks, MetricInstrumentRegistry registry) {
-    this.metricSinks = metricSinks;
+    this.metricSinks = ImmutableList.copyOf(metricSinks);
     this.registry = registry;
   }
 

From 650dee1af0418513eaec829e3b8e65df8092594c Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Mon, 16 Mar 2026 14:32:55 -0700
Subject: [PATCH 576/591] api: remove unnecessary arg to substring in Uri

---
 api/src/main/java/io/grpc/Uri.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/io/grpc/Uri.java b/api/src/main/java/io/grpc/Uri.java
index 612cbbaab99..ecfbaa9df5d 100644
--- a/api/src/main/java/io/grpc/Uri.java
+++ b/api/src/main/java/io/grpc/Uri.java
@@ -257,7 +257,7 @@ public static Uri create(String s) {
       int hostStart = userInfoEnd >= 0 ? userInfoEnd + 1 : 0;
       int portStartColon = findPortStartColon(authority, hostStart);
       if (portStartColon < 0) {
-        builder.setRawHost(authority.substring(hostStart, authority.length()));
+        builder.setRawHost(authority.substring(hostStart));
       } else {
         builder.setRawHost(authority.substring(hostStart, portStartColon));
         builder.setRawPort(authority.substring(portStartColon + 1));

From 78566ff7c83d58702dc2b5cfb8c24d5f4d57c222 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 17 Mar 2026 13:47:21 -0700
Subject: [PATCH 577/591] api: Add a warning about Uri#getAuthority just like
 getPath()

---
 api/src/main/java/io/grpc/Uri.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/api/src/main/java/io/grpc/Uri.java b/api/src/main/java/io/grpc/Uri.java
index ecfbaa9df5d..933f7642375 100644
--- a/api/src/main/java/io/grpc/Uri.java
+++ b/api/src/main/java/io/grpc/Uri.java
@@ -356,6 +356,15 @@ public String getScheme() {
   /**
    * Returns the percent-decoded "Authority" component of this URI, or null if not present.
    *
+   * <p>NB: This method's decoding is lossy -- It only exists for compatibility with {@link
+   * java.net.URI}. Prefer {@link #getRawAuthority()} or work instead with authority in terms of its
+   * individual components ({@link #getUserInfo()}, {@link #getHost()} and {@link #getPort()}). The
+   * problem with getAuthority() is that it returns the delimited concatenation of the percent-
+   * decoded userinfo, host and port components. But both userinfo and host can contain the '@'
+   * character, which becomes indistinguishable from the userinfo/host delimiter after decoding. For
+   * example, URIs <code>scheme://x@y%40z</code> and <code>scheme://x%40y@z</code> have different
+   * userinfo and host components but getAuthority() returns "x@y@z" for both of them.
+   *
    * <p>NB: This method assumes the "host" component was encoded as UTF-8, as mandated by RFC 3986.
    * This method also assumes the "user information" part of authority was encoded as UTF-8,
    * although RFC 3986 doesn't specify an encoding.

From 9fcffedb531b50709d3168fe582ead29c4929551 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 17 Mar 2026 13:41:46 -0700
Subject: [PATCH 578/591] api: Add io.grpc.Uri.Builder#setRawAuthority

---
 api/src/main/java/io/grpc/Uri.java     | 63 +++++++++++++++++++-------
 api/src/test/java/io/grpc/UriTest.java | 47 +++++++++++++++++++
 2 files changed, 93 insertions(+), 17 deletions(-)

diff --git a/api/src/main/java/io/grpc/Uri.java b/api/src/main/java/io/grpc/Uri.java
index 933f7642375..9f8a5a87848 100644
--- a/api/src/main/java/io/grpc/Uri.java
+++ b/api/src/main/java/io/grpc/Uri.java
@@ -245,23 +245,7 @@ public static Uri create(String s) {
           break;
         }
       }
-      String authority = s.substring(authorityStart, i);
-
-      // 3.2.1. UserInfo. Easy, because '@' cannot appear unencoded inside userinfo or host.
-      int userInfoEnd = authority.indexOf('@');
-      if (userInfoEnd >= 0) {
-        builder.setRawUserInfo(authority.substring(0, userInfoEnd));
-      }
-
-      // 3.2.2/3. Host/Port.
-      int hostStart = userInfoEnd >= 0 ? userInfoEnd + 1 : 0;
-      int portStartColon = findPortStartColon(authority, hostStart);
-      if (portStartColon < 0) {
-        builder.setRawHost(authority.substring(hostStart));
-      } else {
-        builder.setRawHost(authority.substring(hostStart, portStartColon));
-        builder.setRawPort(authority.substring(portStartColon + 1));
-      }
+      builder.setRawAuthority(s.substring(authorityStart, i));
     }
 
     // 3.3. Path: Whatever is left before '?' or '#'.
@@ -963,6 +947,51 @@ Builder setRawPort(String port) {
       return this;
     }
 
+    /**
+     * Specifies the userinfo, host and port URI components all at once using a single string.
+     *
+     * <p>This setter is "raw" in the sense that special characters in userinfo and host must be
+     * passed in percent-encoded. See <a
+     * href="https://datatracker.ietf.org/doc/html/rfc3986#section-3.2">RFC 3986 3.2</a> for the set
+     * of characters allowed in each component of an authority.
+     *
+     * <p>There's no "cooked" method to set authority like for other URI components because
+     * authority is a *compound* URI component whose userinfo, host and port components are
+     * delimited with special characters '@' and ':'. But the first two of those components can
+     * themselves contain these delimiters so we need percent-encoding to parse them unambiguously.
+     *
+     * @param authority an RFC 3986 authority string that will be used to set userinfo, host and
+     *     port, or null to clear all three of those components
+     */
+    @CanIgnoreReturnValue
+    public Builder setRawAuthority(@Nullable String authority) {
+      if (authority == null) {
+        setUserInfo(null);
+        setHost((String) null);
+        setPort(-1);
+      } else {
+        // UserInfo. Easy because '@' cannot appear unencoded inside userinfo or host.
+        int userInfoEnd = authority.indexOf('@');
+        if (userInfoEnd >= 0) {
+          setRawUserInfo(authority.substring(0, userInfoEnd));
+        } else {
+          setUserInfo(null);
+        }
+
+        // Host/Port.
+        int hostStart = userInfoEnd >= 0 ? userInfoEnd + 1 : 0;
+        int portStartColon = findPortStartColon(authority, hostStart);
+        if (portStartColon < 0) {
+          setRawHost(authority.substring(hostStart));
+          setPort(-1);
+        } else {
+          setRawHost(authority.substring(hostStart, portStartColon));
+          setRawPort(authority.substring(portStartColon + 1));
+        }
+      }
+      return this;
+    }
+
     /** Builds a new instance of {@link Uri} as specified by the setters. */
     public Uri build() {
       checkState(scheme != null, "Missing required scheme.");
diff --git a/api/src/test/java/io/grpc/UriTest.java b/api/src/test/java/io/grpc/UriTest.java
index a0f2e96b1cd..a1bd550696f 100644
--- a/api/src/test/java/io/grpc/UriTest.java
+++ b/api/src/test/java/io/grpc/UriTest.java
@@ -627,6 +627,53 @@ public void builder_canClearAllOptionalFields() {
     assertThat(uri.toString()).isEqualTo("http:");
   }
 
+  @Test
+  public void builder_canClearAuthorityComponents() {
+    Uri uri = Uri.create("s://user@host:80/path").toBuilder().setRawAuthority(null).build();
+    assertThat(uri.toString()).isEqualTo("s:/path");
+  }
+
+  @Test
+  public void builder_canSetEmptyAuthority() {
+    Uri uri = Uri.create("s://user@host:80/path").toBuilder().setRawAuthority("").build();
+    assertThat(uri.toString()).isEqualTo("s:///path");
+  }
+
+  @Test
+  public void builder_canSetRawAuthority() {
+    Uri uri = Uri.newBuilder().setScheme("http").setRawAuthority("user@host:1234").build();
+    assertThat(uri.getUserInfo()).isEqualTo("user");
+    assertThat(uri.getHost()).isEqualTo("host");
+    assertThat(uri.getPort()).isEqualTo(1234);
+  }
+
+  @Test
+  public void builder_setRawAuthorityPercentDecodes() {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("http")
+            .setRawAuthority("user:user%40user@host%40host%3Ahost")
+            .build();
+    assertThat(uri.getUserInfo()).isEqualTo("user:user@user");
+    assertThat(uri.getHost()).isEqualTo("host@host:host");
+    assertThat(uri.getPort()).isEqualTo(-1);
+  }
+
+  @Test
+  public void builder_setRawAuthorityReplacesAllComponents() {
+    Uri uri =
+        Uri.newBuilder()
+            .setScheme("http")
+            .setUserInfo("user")
+            .setHost("host")
+            .setPort(1234)
+            .setRawAuthority("other")
+            .build();
+    assertThat(uri.getUserInfo()).isNull();
+    assertThat(uri.getHost()).isEqualTo("other");
+    assertThat(uri.getPort()).isEqualTo(-1);
+  }
+
   @Test
   public void toString_percentEncodingMultiChar() throws URISyntaxException {
     Uri uri =

From 6cabaf4a41dc74c369e3d77690866e8ba57d9140 Mon Sep 17 00:00:00 2001
From: John Cormie <jdcormie@google.com>
Date: Tue, 17 Mar 2026 14:25:57 -0700
Subject: [PATCH 579/591] googleapis: Add RFC 3986 URI support.

---
 ...oProdExperimentalNameResolverProvider.java |  6 +++
 .../GoogleCloudToProdNameResolver.java        | 42 +++++++++++++++++++
 ...GoogleCloudToProdNameResolverProvider.java | 11 +++++
 ...leCloudToProdNameResolverProviderTest.java | 40 +++++++++++++-----
 .../GoogleCloudToProdNameResolverTest.java    | 25 ++++++++---
 5 files changed, 108 insertions(+), 16 deletions(-)

diff --git a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdExperimentalNameResolverProvider.java b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdExperimentalNameResolverProvider.java
index 349e1c94380..db674aeb2ee 100644
--- a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdExperimentalNameResolverProvider.java
+++ b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdExperimentalNameResolverProvider.java
@@ -20,6 +20,7 @@
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.Args;
 import io.grpc.NameResolverProvider;
+import io.grpc.Uri;
 import java.net.URI;
 
 /**
@@ -35,6 +36,11 @@ public NameResolver newNameResolver(URI targetUri, Args args) {
     return delegate.newNameResolver(targetUri, args);
   }
 
+  @Override
+  public NameResolver newNameResolver(Uri targetUri, Args args) {
+    return delegate.newNameResolver(targetUri, args);
+  }
+
   @Override
   public String getDefaultScheme() {
     return delegate.getDefaultScheme();
diff --git a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolver.java b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolver.java
index 0aee17b6b9f..427c0658531 100644
--- a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolver.java
+++ b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolver.java
@@ -29,6 +29,7 @@
 import io.grpc.NameResolverRegistry;
 import io.grpc.Status;
 import io.grpc.SynchronizationContext;
+import io.grpc.Uri;
 import io.grpc.alts.InternalCheckGcpEnvironment;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.SharedResourceHolder;
@@ -49,6 +50,7 @@
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
+import java.util.List;
 import java.util.Random;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
@@ -114,6 +116,7 @@ private static synchronized BootstrapInfo getBootstrapInfo()
         NameResolverRegistry.getDefaultRegistry().asFactory());
   }
 
+  // TODO(jdcormie): Remove after io.grpc.Uri migration.
   @VisibleForTesting
   GoogleCloudToProdNameResolver(URI targetUri, Args args, Resource<Executor> executorResource,
       NameResolver.Factory nameResolverFactory) {
@@ -141,6 +144,45 @@ private static synchronized BootstrapInfo getBootstrapInfo()
     usingExecutorResource = executor == null;
   }
 
+  GoogleCloudToProdNameResolver(Uri targetUri, Args args, Resource<Executor> executorResource) {
+    this(targetUri, args, executorResource, NameResolverRegistry.getDefaultRegistry().asFactory());
+  }
+
+  @VisibleForTesting
+  GoogleCloudToProdNameResolver(
+      Uri targetUri,
+      Args args,
+      Resource<Executor> executorResource,
+      NameResolver.Factory nameResolverFactory) {
+    this.executorResource = checkNotNull(executorResource, "executorResource");
+    Preconditions.checkArgument(
+        targetUri.isPathAbsolute(),
+        "the path component of the target (%s) must start with '/'",
+        targetUri);
+    List<String> pathSegments = targetUri.getPathSegments();
+    Preconditions.checkArgument(
+        pathSegments.size() == 1,
+        "the path component of the target (%s) must have exactly one segment",
+        targetUri);
+    authority = GrpcUtil.checkAuthority(pathSegments.get(0));
+    syncContext = checkNotNull(args, "args").getSynchronizationContext();
+    Uri.Builder modifiedTargetBuilder = targetUri.toBuilder().setScheme(schemeOverride);
+    if (schemeOverride.equals("xds")) {
+      modifiedTargetBuilder.setRawAuthority(C2P_AUTHORITY);
+      args =
+          args.toBuilder()
+              .setArg(XdsNameResolverProvider.XDS_CLIENT_SUPPLIER, () -> xdsClient)
+              .build();
+    }
+    targetUri = modifiedTargetBuilder.build();
+    target = targetUri.toString();
+    metricRecorder = args.getMetricRecorder();
+    delegate =
+        checkNotNull(nameResolverFactory, "nameResolverFactory").newNameResolver(targetUri, args);
+    executor = args.getOffloadExecutor();
+    usingExecutorResource = executor == null;
+  }
+
   @Override
   public String getServiceAuthority() {
     return authority;
diff --git a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProvider.java b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProvider.java
index c02cf53c2d2..f936de086e9 100644
--- a/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProvider.java
+++ b/googleapis/src/main/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProvider.java
@@ -21,6 +21,7 @@
 import io.grpc.NameResolver;
 import io.grpc.NameResolver.Args;
 import io.grpc.NameResolverProvider;
+import io.grpc.Uri;
 import io.grpc.internal.GrpcUtil;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
@@ -46,6 +47,7 @@ public GoogleCloudToProdNameResolverProvider() {
     this.scheme = Preconditions.checkNotNull(scheme, "scheme");
   }
 
+  // TODO(jdcormie): Remove after io.grpc.Uri migration is complete.
   @Override
   public NameResolver newNameResolver(URI targetUri, Args args) {
     if (scheme.equals(targetUri.getScheme())) {
@@ -55,6 +57,15 @@ public NameResolver newNameResolver(URI targetUri, Args args) {
     return null;
   }
 
+  @Override
+  public NameResolver newNameResolver(Uri targetUri, Args args) {
+    if (scheme.equals(targetUri.getScheme())) {
+      return new GoogleCloudToProdNameResolver(
+          targetUri, args, GrpcUtil.SHARED_CHANNEL_EXECUTOR);
+    }
+    return null;
+  }
+
   @Override
   public String getDefaultScheme() {
     return scheme;
diff --git a/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProviderTest.java b/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProviderTest.java
index 447b102c8c7..39468472985 100644
--- a/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProviderTest.java
+++ b/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverProviderTest.java
@@ -23,20 +23,23 @@
 import io.grpc.ChannelLogger;
 import io.grpc.InternalServiceProviders;
 import io.grpc.NameResolver;
+import io.grpc.NameResolver.Args;
 import io.grpc.NameResolver.ServiceConfigParser;
 import io.grpc.NameResolverProvider;
 import io.grpc.SynchronizationContext;
+import io.grpc.Uri;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.GrpcUtil;
 import java.net.URI;
+import java.util.Arrays;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 
-/**
- * Unit tests for {@link GoogleCloudToProdNameResolverProvider}.
- */
-@RunWith(JUnit4.class)
+/** Unit tests for {@link GoogleCloudToProdNameResolverProvider}. */
+@RunWith(Parameterized.class)
 public class GoogleCloudToProdNameResolverProviderTest {
   private final SynchronizationContext syncContext = new SynchronizationContext(
       new Thread.UncaughtExceptionHandler() {
@@ -59,6 +62,13 @@ public void uncaughtException(Thread t, Throwable e) {
   private GoogleCloudToProdNameResolverProvider provider =
       new GoogleCloudToProdNameResolverProvider();
 
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
   @Test
   public void provided() {
     for (NameResolverProvider current
@@ -84,16 +94,24 @@ NameResolverProvider.class, getClass().getClassLoader())) {
   }
 
   @Test
-  public void newNameResolver() {
-    assertThat(provider
-        .newNameResolver(URI.create("google-c2p:///foo.googleapis.com"), args))
+  public void shouldProvideNameResolverOfExpectedType() {
+    assertThat(newNameResolver(provider, "google-c2p:///foo.googleapis.com", args))
         .isInstanceOf(GoogleCloudToProdNameResolver.class);
   }
 
   @Test
-  public void experimentalNewNameResolver() {
-    assertThat(new GoogleCloudToProdExperimentalNameResolverProvider()
-        .newNameResolver(URI.create("google-c2p-experimental:///foo.googleapis.com"), args))
+  public void shouldProvideExperimentalNameResolverOfExpectedType() {
+    assertThat(
+            newNameResolver(
+                new GoogleCloudToProdExperimentalNameResolverProvider(),
+                "google-c2p-experimental:///foo.googleapis.com",
+                args))
         .isInstanceOf(GoogleCloudToProdNameResolver.class);
   }
+
+  private NameResolver newNameResolver(NameResolverProvider provider, String uri, Args args) {
+    return enableRfc3986UrisParam
+        ? provider.newNameResolver(Uri.create(uri), args)
+        : provider.newNameResolver(URI.create(uri), args);
+  }
 }
diff --git a/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverTest.java b/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverTest.java
index 6a144696447..d3d3cfc4bff 100644
--- a/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverTest.java
+++ b/googleapis/src/test/java/io/grpc/googleapis/GoogleCloudToProdNameResolverTest.java
@@ -34,6 +34,7 @@
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.SynchronizationContext;
+import io.grpc.Uri;
 import io.grpc.googleapis.GoogleCloudToProdNameResolver.HttpConnectionProvider;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.GrpcUtil;
@@ -43,6 +44,7 @@
 import java.net.HttpURLConnection;
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -53,20 +55,22 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
 
-@RunWith(JUnit4.class)
+@RunWith(Parameterized.class)
 public class GoogleCloudToProdNameResolverTest {
 
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
 
-  private static final URI TARGET_URI = URI.create("google-c2p:///googleapis.com");
+  private static final String TARGET_URI = "google-c2p:///googleapis.com";
   private static final String ZONE = "us-central1-a";
   private static final int DEFAULT_PORT = 887;
 
@@ -108,6 +112,13 @@ public void close(Executor instance) {}
   private GoogleCloudToProdNameResolver resolver;
   private String responseToIpV6 = "1:1:1";
 
+  @Parameters(name = "enableRfc3986UrisParam={0}")
+  public static Iterable<Object[]> data() {
+    return Arrays.asList(new Object[][] {{true}, {false}});
+  }
+
+  @Parameter public boolean enableRfc3986UrisParam;
+
   @Before
   public void setUp() {
     nsRegistry.register(new FakeNsProvider("dns"));
@@ -149,8 +160,12 @@ public void tearDown() {
   }
 
   private void createResolver() {
-    resolver = new GoogleCloudToProdNameResolver(
-        TARGET_URI, args, fakeExecutorResource, nsRegistry.asFactory());
+    resolver =
+        enableRfc3986UrisParam
+            ? new GoogleCloudToProdNameResolver(
+                Uri.create(TARGET_URI), args, fakeExecutorResource, nsRegistry.asFactory())
+            : new GoogleCloudToProdNameResolver(
+                URI.create(TARGET_URI), args, fakeExecutorResource, nsRegistry.asFactory());
   }
 
   @Test

From fbc3a162369c613e420a3f376dfd3b2ce0f5bd00 Mon Sep 17 00:00:00 2001
From: Matteo Merli <mmerli@apache.org>
Date: Tue, 24 Mar 2026 18:54:12 -0700
Subject: [PATCH 580/591] core: Close InputStream in
 NoopClientStream.writeMessage() to prevent resource leaks

NoopClientStream.writeMessage() silently discards the InputStream without
closing it. When a Marshaller.stream() returns an InputStream backed by a
ref-counted ByteBuf (e.g. Netty's PooledByteBufAllocator), this causes a
direct memory leak.

This affects any code path where writeMessage() is called on a
NoopClientStream or its subclass FailingClientStream:
- Context cancelled before stream start (ClientCallImpl line 197)
- Compressor not found (ClientCallImpl line 219)
- Deadline already exceeded (ClientCallImpl line 262, via FailingClientStream)
- DelayedStream draining buffered messages after cancellation sets
  realStream to NoopClientStream.INSTANCE

The fix calls GrpcUtil.closeQuietly(message) to ensure the InputStream is
always closed, matching the contract in AbstractStream.writeMessage().
---
 .../io/grpc/internal/NoopClientStream.java    |  4 +-
 .../grpc/internal/NoopClientStreamTest.java   | 44 +++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 core/src/test/java/io/grpc/internal/NoopClientStreamTest.java

diff --git a/core/src/main/java/io/grpc/internal/NoopClientStream.java b/core/src/main/java/io/grpc/internal/NoopClientStream.java
index d44170f69fa..d77d72a5412 100644
--- a/core/src/main/java/io/grpc/internal/NoopClientStream.java
+++ b/core/src/main/java/io/grpc/internal/NoopClientStream.java
@@ -45,7 +45,9 @@ public Attributes getAttributes() {
   public void request(int numMessages) {}
 
   @Override
-  public void writeMessage(InputStream message) {}
+  public void writeMessage(InputStream message) {
+    GrpcUtil.closeQuietly(message);
+  }
 
   @Override
   public void flush() {}
diff --git a/core/src/test/java/io/grpc/internal/NoopClientStreamTest.java b/core/src/test/java/io/grpc/internal/NoopClientStreamTest.java
new file mode 100644
index 00000000000..d68642dad85
--- /dev/null
+++ b/core/src/test/java/io/grpc/internal/NoopClientStreamTest.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.internal;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
+import java.io.InputStream;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Unit tests for {@link NoopClientStream}.
+ */
+@RunWith(JUnit4.class)
+public class NoopClientStreamTest {
+
+  @Test
+  public void writeMessageShouldCloseInputStream() throws Exception {
+    // NoopClientStream.writeMessage() is called when a stream is cancelled or failed
+    // before the real transport stream is established (e.g. via DelayedStream draining
+    // buffered messages to NoopClientStream on cancellation, or FailingClientStream
+    // which extends NoopClientStream). The InputStream must be closed to avoid leaking
+    // resources such as ref-counted ByteBufs.
+    InputStream message = mock(InputStream.class);
+    NoopClientStream.INSTANCE.writeMessage(message);
+    verify(message).close();
+  }
+}

From 6a2028c6752bc1590d4763561b9797637f0a3758 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 26 Mar 2026 12:36:31 +0530
Subject: [PATCH 581/591] Remove extraneous changes beyond avoiding the false
 positive warnings (#12731)

super.shutdown() is never expected to throw, so some of the changes were
not required.
Also removing the redundant unit test.

Rework of PR #12705.
---
 .../internal/ManagedChannelOrphanWrapper.java |  6 ++---
 .../ManagedChannelOrphanWrapperTest.java      | 25 -------------------
 2 files changed, 2 insertions(+), 29 deletions(-)

diff --git a/core/src/main/java/io/grpc/internal/ManagedChannelOrphanWrapper.java b/core/src/main/java/io/grpc/internal/ManagedChannelOrphanWrapper.java
index c7f722a9499..790d5bd297f 100644
--- a/core/src/main/java/io/grpc/internal/ManagedChannelOrphanWrapper.java
+++ b/core/src/main/java/io/grpc/internal/ManagedChannelOrphanWrapper.java
@@ -62,24 +62,22 @@ final class ManagedChannelOrphanWrapper extends ForwardingManagedChannel {
 
   @Override
   public ManagedChannel shutdown() {
-    ManagedChannel result = super.shutdown();
     phantom.clearSafely();
     // This dummy check prevents the JIT from collecting 'this' too early
     if (this.getClass() == null) {
       throw new AssertionError();
     }
-    return result;
+    return super.shutdown();
   }
 
   @Override
   public ManagedChannel shutdownNow() {
-    ManagedChannel result = super.shutdownNow();
     phantom.clearSafely();
     // This dummy check prevents the JIT from collecting 'this' too early
     if (this.getClass() == null) {
       throw new AssertionError();
     }
-    return result;
+    return super.shutdownNow();
   }
 
   @VisibleForTesting
diff --git a/core/src/test/java/io/grpc/internal/ManagedChannelOrphanWrapperTest.java b/core/src/test/java/io/grpc/internal/ManagedChannelOrphanWrapperTest.java
index cdd36fb8273..45fb3881722 100644
--- a/core/src/test/java/io/grpc/internal/ManagedChannelOrphanWrapperTest.java
+++ b/core/src/test/java/io/grpc/internal/ManagedChannelOrphanWrapperTest.java
@@ -140,31 +140,6 @@ public boolean isLoggable(LogRecord record) {
     }
   }
 
-  @Test
-  public void orphanedChannel_triggerWarningAndCoverage() {
-    ManagedChannel mc = new TestManagedChannel();
-    final ReferenceQueue<ManagedChannelOrphanWrapper> refqueue = new ReferenceQueue<>();
-    ConcurrentMap<ManagedChannelReference, ManagedChannelReference> refs = 
-        new ConcurrentHashMap<>();
-    
-    // Create the wrapper but NEVER call shutdown
-    @SuppressWarnings("UnusedVariable")
-    ManagedChannelOrphanWrapper wrapper = new ManagedChannelOrphanWrapper(mc, refqueue, refs);
-    wrapper = null; // Make it eligible for GC
-
-    // Trigger GC and clean the queue to hit the !wasShutdown branch
-    final AtomicInteger numOrphans = new AtomicInteger();
-    GcFinalization.awaitDone(new FinalizationPredicate() {
-      @Override
-      public boolean isDone() {
-        numOrphans.getAndAdd(ManagedChannelReference.cleanQueue(refqueue));
-        return numOrphans.get() > 0;
-      }
-    });
-    
-    assertEquals(1, numOrphans.get());
-  }
-
   @Test
   public void refCycleIsGCed() {
     ReferenceQueue<ManagedChannelOrphanWrapper> refqueue =

From 16e17abbad068d5f87612fb8748f687ef4753f4b Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Fri, 27 Mar 2026 14:34:25 +0530
Subject: [PATCH 582/591] Upgrade Dependencies (#12719)

---
 MODULE.bazel                        | 10 +++----
 examples/example-gauth/build.gradle |  2 +-
 examples/example-oauth/build.gradle |  2 +-
 gradle/libs.versions.toml           | 45 +++++++++++++++++------------
 repositories.bzl                    | 10 +++----
 5 files changed, 38 insertions(+), 31 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 8e911022e85..6725882740d 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -8,14 +8,14 @@ module(
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.63.2",
-    "com.google.auth:google-auth-library-credentials:1.41.0",
-    "com.google.auth:google-auth-library-oauth2-http:1.41.0",
+    "com.google.api.grpc:proto-google-common-protos:2.64.1",
+    "com.google.auth:google-auth-library-credentials:1.42.1",
+    "com.google.auth:google-auth-library-oauth2-http:1.42.1",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.13.2",
-    "com.google.errorprone:error_prone_annotations:2.45.0",
+    "com.google.errorprone:error_prone_annotations:2.48.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.5.0-android",
     "com.google.re2j:re2j:1.8",
@@ -43,7 +43,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "junit:junit:4.13.2",
     "org.mockito:mockito-core:4.4.0",
     "org.checkerframework:checker-qual:3.49.5",
-    "org.codehaus.mojo:animal-sniffer-annotations:1.26",
+    "org.codehaus.mojo:animal-sniffer-annotations:1.27",
 ]
 # GRPC_DEPS_END
 
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 9846cf3fd84..489197e5f20 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -30,7 +30,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    implementation "com.google.auth:google-auth-library-oauth2-http:1.41.0"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.42.1"
     implementation "com.google.api.grpc:grpc-google-cloud-pubsub-v1:0.1.24"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index d2eda15ab3d..07e51217622 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -29,7 +29,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    implementation "com.google.auth:google-auth-library-oauth2-http:1.41.0"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.42.1"
 
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 73c19140478..7cf46ade850 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -22,9 +22,9 @@ androidx-test-core = "androidx.test:core:1.7.0"
 androidx-test-ext-junit = "androidx.test.ext:junit:1.3.0"
 androidx-test-rules = "androidx.test:rules:1.7.0"
 androidx-test-runner = "androidx.test:runner:1.7.0"
-animalsniffer = "org.codehaus.mojo:animal-sniffer:1.26"
-animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.26"
-assertj-core = "org.assertj:assertj-core:3.27.6"
+animalsniffer = "org.codehaus.mojo:animal-sniffer:1.27"
+animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.27"
+assertj-core = "org.assertj:assertj-core:3.27.7"
 # 1.11.1 started converting jsr305 @Nullable to jspecify
 # checkForUpdates: auto-value:1.11.0
 auto-value = "com.google.auto.value:auto-value:1.11.0"
@@ -45,18 +45,25 @@ conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
 cronet-api = "org.chromium.net:cronet-api:119.6045.31"
 # checkForUpdates: cronet-embedded:119.6045.31
 cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
-errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.45.0"
+errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.48.0"
 # 2.32.0+ requires Java 17+
 # checkForUpdates: errorprone-core:2.31.+
 errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
 # 2.11.0+ requires JDK 11+ (See https://github.com/google/error-prone/releases/tag/v2.11.0)
 # checkForUpdates: errorprone-corejava8:2.10.+
 errorprone-corejava8 = "com.google.errorprone:error_prone_core:2.10.0"
-google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.63.2"
-google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.41.0"
-google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.41.0"
+# 2.65.0+ requires protobuf 4.x
+# checkForUpdates: google-api-protos:2.64.+
+google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.64.1"
+# 1.43.0+ versions of google-auth-library requires protobuf 4.x
+# checkForUpdates: google-auth-credentials:1.42.+
+google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.42.1"
+# checkForUpdates: google-auth-oauth2Http:1.42.+
+google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.42.1"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
-google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.9"
+# 3.23.11+ require protobuf 4.x
+# checkForUpdates: google-cloud-logging:3.23.10
+google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.10"
 gson = "com.google.code.gson:gson:2.13.2"
 guava = "com.google.guava:guava:33.5.0-android"
 guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
@@ -72,16 +79,16 @@ javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
 # 12.0.0+ require Java 17+
 # checkForUpdates: jetty-client:11.+
 jetty-client = "org.eclipse.jetty:jetty-client:11.0.26"
-jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.5"
+jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.7"
 # 10.0.25+ uses uses @Deprecated(since=/forRemoval=) from Java 9
 # checkForUpdates: jetty-http2-server10:10.0.24
 jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.24"
-jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.5"
+jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.7"
 # checkForUpdates: jetty-servlet10:10.0.24
 jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.24"
 jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
 junit = "junit:junit:4.13.2"
-lincheck = "org.jetbrains.lincheck:lincheck:3.3.2"
+lincheck = "org.jetbrains.lincheck:lincheck:3.4"
 # Update notes / 2023-07-19 sergiitk:
 #    Couldn't update to 5.4.0, updated to the last in 4.x line. Version 5.x breaks some tests.
 #    Error log: https://github.com/grpc/grpc-java/pull/10359#issuecomment-1632834435
@@ -114,11 +121,11 @@ opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-g
 opencensus-exporter-stats-stackdriver = { module = "io.opencensus:opencensus-exporter-stats-stackdriver", version.ref = "opencensus" }
 opencensus-exporter-trace-stackdriver = { module = "io.opencensus:opencensus-exporter-trace-stackdriver", version.ref = "opencensus" }
 opencensus-impl = { module = "io.opencensus:opencensus-impl", version.ref = "opencensus" }
-opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.57.0"
-opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.57.0-alpha"
-opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.52.0-alpha"
-opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.57.0"
-opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.57.0"
+opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.60.1"
+opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.60.1-alpha"
+opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.54.0-alpha"
+opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.60.1"
+opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.60.1"
 perfmark-api = "io.perfmark:perfmark-api:0.27.0"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
@@ -131,15 +138,15 @@ protobuf-javalite = "com.google.protobuf:protobuf-javalite:3.25.8"
 # checkForUpdates: protobuf-protoc:3.+
 protobuf-protoc = "com.google.protobuf:protoc:3.25.8"
 re2j = "com.google.re2j:re2j:1.8"
-robolectric = "org.robolectric:robolectric:4.16"
+robolectric = "org.robolectric:robolectric:4.16.1"
 s2a-proto = "com.google.s2a.proto.v2:s2a-proto:0.1.3"
 signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r2"
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
 # checkForUpdates: tomcat-embed-core:10.+
-tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.50"
+tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.52"
 # checkForUpdates: tomcat-embed-core9:9.+
-tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.113"
+tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.115"
 truth = "com.google.truth:truth:1.4.5"
 # checkForUpdates: undertow-servlet22:2.2.+
 undertow-servlet22 = "io.undertow:undertow-servlet:2.2.38.Final"
diff --git a/repositories.bzl b/repositories.bzl
index bc502e430c0..2c284abc2de 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -12,14 +12,14 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.63.2",
-    "com.google.auth:google-auth-library-credentials:1.41.0",
-    "com.google.auth:google-auth-library-oauth2-http:1.41.0",
+    "com.google.api.grpc:proto-google-common-protos:2.64.1",
+    "com.google.auth:google-auth-library-credentials:1.42.1",
+    "com.google.auth:google-auth-library-oauth2-http:1.42.1",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.13.2",
-    "com.google.errorprone:error_prone_annotations:2.45.0",
+    "com.google.errorprone:error_prone_annotations:2.48.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.5.0-android",
     "com.google.re2j:re2j:1.8",
@@ -47,7 +47,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "junit:junit:4.13.2",
     "org.mockito:mockito-core:4.4.0",
     "org.checkerframework:checker-qual:3.49.5",
-    "org.codehaus.mojo:animal-sniffer-annotations:1.26",
+    "org.codehaus.mojo:animal-sniffer-annotations:1.27",
 ]
 # GRPC_DEPS_END
 

From 65ae2efda3cdd8d8dcc1f1daac0880ec1efa5185 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 23 Mar 2026 13:42:29 -0700
Subject: [PATCH 583/591] examples: Reflow manualflowcontrol; check isReady()
 earlier

This change is mostly to flow the paragraph across multiple lines like
all other text in this file. But I did also replace checking for
isReady() before calling onNext() with checking before creating
messages. If you already have the message created, it doesn't change
much to go ahead and enqueue it, but don't go create another message
immediately.
---
 .../java/io/grpc/examples/manualflowcontrol/README.md     | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/examples/src/main/java/io/grpc/examples/manualflowcontrol/README.md b/examples/src/main/java/io/grpc/examples/manualflowcontrol/README.md
index 433697e0a08..f700d428aca 100644
--- a/examples/src/main/java/io/grpc/examples/manualflowcontrol/README.md
+++ b/examples/src/main/java/io/grpc/examples/manualflowcontrol/README.md
@@ -25,7 +25,13 @@ value.
 
 ### Outgoing Flow Control
 
-The underlying layer (such as Netty) manages a buffer for outgoing messages. If you write messages faster than they can be sent over the network, this buffer will grow, which can eventually lead to an OutOfMemoryError. The outgoing onNext method invocation does not block when this happens. Therefore, you should explicitly check that the stream is ready for writing via `CallStreamObserver.isReady()` before calling onNext to avoid buffering excessive amounts of data in memory.
+The underlying layer (such as Netty) manages a buffer for outgoing messages. If
+you write messages faster than they can be sent over the network, this buffer
+will grow, which can eventually lead to an OutOfMemoryError. The outgoing onNext
+method invocation does not block when this happens. Therefore, you should
+explicitly check that the stream is ready for writing via
+`CallStreamObserver.isReady()` before generating messages to avoid buffering
+excessive amounts of data in memory.
 
 ### Incoming Manual Flow Control
 

From 0e39b2967f0ba0a7a7f08bb9cbc9d16391c91dcd Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Fri, 27 Mar 2026 08:13:45 -0700
Subject: [PATCH 584/591] Add custom label for per-RPC metrics

Implements gRFC A108.

https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md
---
 api/src/main/java/io/grpc/Grpc.java           |   7 +
 .../OpenTelemetryMetricsModule.java           |  60 ++++---
 .../internal/OpenTelemetryConstants.java      |   3 +
 .../OpenTelemetryMetricsModuleTest.java       | 154 +++++++++++++++---
 .../java/io/grpc/rls/CachingRlsLbClient.java  |  20 ++-
 .../java/io/grpc/rls/RlsLoadBalancerTest.java |  11 +-
 6 files changed, 202 insertions(+), 53 deletions(-)

diff --git a/api/src/main/java/io/grpc/Grpc.java b/api/src/main/java/io/grpc/Grpc.java
index baa9f5f0ab6..a45c613fd18 100644
--- a/api/src/main/java/io/grpc/Grpc.java
+++ b/api/src/main/java/io/grpc/Grpc.java
@@ -56,6 +56,13 @@ private Grpc() {
   public static final Attributes.Key<SSLSession> TRANSPORT_ATTR_SSL_SESSION =
       Attributes.Key.create("io.grpc.Grpc.TRANSPORT_ATTR_SSL_SESSION");
 
+  /**
+   * The value for the custom label of per-RPC metrics. Defaults to empty string when unset. Must
+   * not be set to {@code null}.
+   */
+  public static final CallOptions.Key<String> CALL_OPTION_CUSTOM_LABEL =
+      CallOptions.Key.createWithDefault("io.grpc.Grpc.CALL_OPTION_CUSTOM_LABEL", "");
+
   /**
    * Annotation for transport attributes. It follows the annotation semantics defined
    * by {@link Attributes}.
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
index b05884305dc..309e0da9558 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.BACKEND_SERVICE_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.BAGGAGE_KEY;
+import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.CUSTOM_LABEL_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.LOCALITY_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.METHOD_KEY;
 import static io.grpc.opentelemetry.internal.OpenTelemetryConstants.STATUS_KEY;
@@ -39,6 +40,7 @@
 import io.grpc.Deadline;
 import io.grpc.ForwardingClientCall.SimpleForwardingClientCall;
 import io.grpc.ForwardingClientCallListener.SimpleForwardingClientCallListener;
+import io.grpc.Grpc;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.ServerStreamTracer;
@@ -99,6 +101,7 @@ final class OpenTelemetryMetricsModule {
   private final Supplier<Stopwatch> stopwatchSupplier;
   private final boolean localityEnabled;
   private final boolean backendServiceEnabled;
+  private final boolean customLabelEnabled;
   private final ImmutableList<OpenTelemetryPlugin> plugins;
   @Nullable
   private final TargetFilter targetAttributeFilter;
@@ -117,6 +120,7 @@ final class OpenTelemetryMetricsModule {
     this.stopwatchSupplier = checkNotNull(stopwatchSupplier, "stopwatchSupplier");
     this.localityEnabled = optionalLabels.contains(LOCALITY_KEY.getKey());
     this.backendServiceEnabled = optionalLabels.contains(BACKEND_SERVICE_KEY.getKey());
+    this.customLabelEnabled = optionalLabels.contains(CUSTOM_LABEL_KEY.getKey());
     this.plugins = ImmutableList.copyOf(plugins);
     this.targetAttributeFilter = targetAttributeFilter;
   }
@@ -277,7 +281,7 @@ public void streamClosed(Status status) {
           statusCode = Code.DEADLINE_EXCEEDED;
         }
       }
-      attemptsState.attemptEnded();
+      attemptsState.attemptEnded(info.getCallOptions());
       recordFinishedAttempt();
     }
 
@@ -301,6 +305,10 @@ void recordFinishedAttempt() {
         }
         builder.put(BACKEND_SERVICE_KEY, savedBackendService);
       }
+      if (module.customLabelEnabled) {
+        builder.put(
+            CUSTOM_LABEL_KEY, info.getCallOptions().getOption(Grpc.CALL_OPTION_CUSTOM_LABEL));
+      }
       for (OpenTelemetryPlugin.ClientStreamPlugin plugin : streamPlugins) {
         plugin.addLabels(builder);
       }
@@ -346,6 +354,7 @@ static final class CallAttemptsTracerFactory extends ClientStreamTracer.Factory
     CallAttemptsTracerFactory(
         OpenTelemetryMetricsModule module,
         String target,
+        CallOptions callOptions,
         String fullMethodName,
         List<OpenTelemetryPlugin.ClientCallPlugin> callPlugins) {
       this.module = checkNotNull(module, "module");
@@ -355,9 +364,14 @@ static final class CallAttemptsTracerFactory extends ClientStreamTracer.Factory
       this.attemptDelayStopwatch = module.stopwatchSupplier.get();
       this.callStopWatch = module.stopwatchSupplier.get().start();
 
-      io.opentelemetry.api.common.Attributes attribute = io.opentelemetry.api.common.Attributes.of(
-          METHOD_KEY, fullMethodName,
-          TARGET_KEY, target);
+      AttributesBuilder builder = io.opentelemetry.api.common.Attributes.builder()
+          .put(METHOD_KEY, fullMethodName)
+          .put(TARGET_KEY, target);
+      if (module.customLabelEnabled) {
+        builder.put(
+            CUSTOM_LABEL_KEY, callOptions.getOption(Grpc.CALL_OPTION_CUSTOM_LABEL));
+      }
+      io.opentelemetry.api.common.Attributes attribute = builder.build();
 
       // Record here in case mewClientStreamTracer() would never be called.
       if (module.resource.clientAttemptCountCounter() != null) {
@@ -381,9 +395,14 @@ public ClientStreamTracer newClientStreamTracer(StreamInfo info, Metadata metada
       // CallAttemptsTracerFactory constructor. attemptsPerCall will be non-zero after the first
       // attempt, as first attempt cannot be a transparent retry.
       if (attemptsPerCall.get() > 0) {
-        io.opentelemetry.api.common.Attributes attribute =
-            io.opentelemetry.api.common.Attributes.of(METHOD_KEY, fullMethodName,
-                TARGET_KEY, target);
+        AttributesBuilder builder = io.opentelemetry.api.common.Attributes.builder()
+            .put(METHOD_KEY, fullMethodName)
+            .put(TARGET_KEY, target);
+        if (module.customLabelEnabled) {
+          builder.put(
+              CUSTOM_LABEL_KEY, info.getCallOptions().getOption(Grpc.CALL_OPTION_CUSTOM_LABEL));
+        }
+        io.opentelemetry.api.common.Attributes attribute = builder.build();
         if (module.resource.clientAttemptCountCounter() != null) {
           module.resource.clientAttemptCountCounter().add(1, attribute);
         }
@@ -411,7 +430,7 @@ private ClientTracer newClientTracer(StreamInfo info) {
     }
 
     // Called whenever each attempt is ended.
-    void attemptEnded() {
+    void attemptEnded(CallOptions callOptions) {
       boolean shouldRecordFinishedCall = false;
       synchronized (lock) {
         if (--activeStreams == 0) {
@@ -423,11 +442,11 @@ void attemptEnded() {
         }
       }
       if (shouldRecordFinishedCall) {
-        recordFinishedCall();
+        recordFinishedCall(callOptions);
       }
     }
 
-    void callEnded(Status status) {
+    void callEnded(Status status, CallOptions callOptions) {
       callStopWatch.stop();
       this.status = status;
       boolean shouldRecordFinishedCall = false;
@@ -443,11 +462,11 @@ void callEnded(Status status) {
         }
       }
       if (shouldRecordFinishedCall) {
-        recordFinishedCall();
+        recordFinishedCall(callOptions);
       }
     }
 
-    void recordFinishedCall() {
+    void recordFinishedCall(CallOptions callOptions) {
       Context otelContext = otelContextWithBaggage();
       if (attemptsPerCall.get() == 0) {
         ClientTracer tracer = newClientTracer(null);
@@ -458,11 +477,13 @@ void recordFinishedCall() {
       callLatencyNanos = callStopWatch.elapsed(TimeUnit.NANOSECONDS);
 
       // Base attributes
-      io.opentelemetry.api.common.Attributes baseAttributes =
-          io.opentelemetry.api.common.Attributes.of(
-              METHOD_KEY, fullMethodName,
-              TARGET_KEY, target
-          );
+      AttributesBuilder builder = io.opentelemetry.api.common.Attributes.builder()
+          .put(METHOD_KEY, fullMethodName)
+          .put(TARGET_KEY, target);
+      if (module.customLabelEnabled) {
+        builder.put(CUSTOM_LABEL_KEY, callOptions.getOption(Grpc.CALL_OPTION_CUSTOM_LABEL));
+      }
+      io.opentelemetry.api.common.Attributes baseAttributes = builder.build();
 
       // Duration
       if (module.resource.clientCallDurationCounter() != null) {
@@ -688,11 +709,12 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
           callOptions = plugin.filterCallOptions(callOptions);
         }
       }
+      final CallOptions finalCallOptions = callOptions;
       // Only record method name as an attribute if isSampledToLocalTracing is set to true,
       // which is true for all generated methods. Otherwise, programatically
       // created methods result in high cardinality metrics.
       final CallAttemptsTracerFactory tracerFactory = new CallAttemptsTracerFactory(
-          OpenTelemetryMetricsModule.this, target,
+          OpenTelemetryMetricsModule.this, target, callOptions,
           recordMethodName(method.getFullMethodName(), method.isSampledToLocalTracing()),
           callPlugins);
       ClientCall<ReqT, RespT> call =
@@ -707,7 +729,7 @@ public void start(Listener<RespT> responseListener, Metadata headers) {
               new SimpleForwardingClientCallListener<RespT>(responseListener) {
                 @Override
                 public void onClose(Status status, Metadata trailers) {
-                  tracerFactory.callEnded(status);
+                  tracerFactory.callEnded(status, finalCallOptions);
                   super.onClose(status, trailers);
                 }
               },
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
index 2c7123198c4..c09a1a2beca 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/internal/OpenTelemetryConstants.java
@@ -38,6 +38,9 @@ public final class OpenTelemetryConstants {
   public static final AttributeKey<String> BACKEND_SERVICE_KEY =
       AttributeKey.stringKey("grpc.lb.backend_service");
 
+  public static final AttributeKey<String> CUSTOM_LABEL_KEY =
+      AttributeKey.stringKey("grpc.client.call.custom");
+
   public static final AttributeKey<String> DISCONNECT_ERROR_KEY =
       AttributeKey.stringKey("grpc.disconnect_error");
 
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
index 391f94cefea..98fdbffc82b 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
@@ -38,6 +38,7 @@
 import io.grpc.ClientInterceptor;
 import io.grpc.ClientInterceptors;
 import io.grpc.ClientStreamTracer;
+import io.grpc.Grpc;
 import io.grpc.KnownLength;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
@@ -98,10 +99,9 @@ public class OpenTelemetryMetricsModuleTest {
   private static final CallOptions.Key<String> CUSTOM_OPTION =
       CallOptions.Key.createWithDefault("option1", "default");
   private static final CallOptions CALL_OPTIONS =
-      CallOptions.DEFAULT.withOption(CUSTOM_OPTION, "customvalue");
+      CallOptions.DEFAULT.withOption(NAME_RESOLUTION_DELAYED, 10L);
   private static final ClientStreamTracer.StreamInfo STREAM_INFO =
-      ClientStreamTracer.StreamInfo.newBuilder()
-          .setCallOptions(CallOptions.DEFAULT.withOption(NAME_RESOLUTION_DELAYED, 10L)).build();
+      ClientStreamTracer.StreamInfo.newBuilder().setCallOptions(CALL_OPTIONS).build();
   private static final String CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME = "grpc.client.attempt.started";
   private static final String CLIENT_ATTEMPT_DURATION_INSTRUMENT_NAME
       = "grpc.client.attempt.duration";
@@ -249,7 +249,8 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
             grpcServerRule.getChannel(), callOptionsCaptureInterceptor,
             module.getClientInterceptor("target:///"));
     ClientCall<String, String> call;
-    call = interceptedChannel.newCall(method, CALL_OPTIONS);
+    call = interceptedChannel.newCall(
+        method, CallOptions.DEFAULT.withOption(CUSTOM_OPTION, "customvalue"));
 
     assertEquals("customvalue", capturedCallOptions.get().getOption(CUSTOM_OPTION));
     assertEquals(1, capturedCallOptions.get().getStreamTracerFactories().size());
@@ -278,7 +279,8 @@ public void clientBasicMetrics() {
         enabledMetricsMap, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(
+            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
     Metadata headers = new Metadata();
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, headers);
@@ -323,7 +325,7 @@ public void clientBasicMetrics() {
     tracer.inboundMessage(1);
     tracer.inboundWireSize(154);
     tracer.streamClosed(Status.OK);
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     io.opentelemetry.api.common.Attributes clientAttributes
         = io.opentelemetry.api.common.Attributes.of(
@@ -445,7 +447,8 @@ public void clientBasicMetrics_withRetryMetricsEnabled_shouldRecordZeroOrBeAbsen
         enabledMetrics, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(
+            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
 
@@ -454,7 +457,7 @@ public void clientBasicMetrics_withRetryMetricsEnabled_shouldRecordZeroOrBeAbsen
     fakeClock.forwardTime(100, TimeUnit.MILLISECONDS);
     tracer.outboundMessage(0);
     tracer.streamClosed(Status.OK);
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     io.opentelemetry.api.common.Attributes finalAttributes
         = io.opentelemetry.api.common.Attributes.of(
@@ -512,7 +515,7 @@ public void recordAttemptMetrics() {
         enabledMetricsMap, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target,
+        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target, CALL_OPTIONS,
             method.getFullMethodName(), emptyList());
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
@@ -828,7 +831,7 @@ public void recordAttemptMetrics() {
     fakeClock.forwardTime(24, MILLISECONDS);
     // RPC succeeded
     tracer.streamClosed(Status.OK);
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     io.opentelemetry.api.common.Attributes clientAttributes2
         = io.opentelemetry.api.common.Attributes.of(
@@ -969,7 +972,7 @@ public void recordAttemptMetrics_withRetryMetricsEnabled() {
         enabledMetrics, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target,
+        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target, CALL_OPTIONS,
             method.getFullMethodName(), emptyList());
 
     ClientStreamTracer tracer =
@@ -996,7 +999,7 @@ public void recordAttemptMetrics_withRetryMetricsEnabled() {
     tracer.streamClosed(Status.OK); // RPC succeeded
 
     // --- The overall call ends ---
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     // Define attributes for assertions
     io.opentelemetry.api.common.Attributes finalAttributes
@@ -1057,7 +1060,7 @@ public void recordAttemptMetrics_withHedgedCalls() {
         enabledMetrics, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target,
+        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target, CALL_OPTIONS,
             method.getFullMethodName(), emptyList());
 
     // Create a StreamInfo specifically for hedged attempts
@@ -1088,7 +1091,7 @@ public void recordAttemptMetrics_withHedgedCalls() {
     hedgeTracer2.streamClosed(Status.OK); // Second hedge succeeds
 
     // --- The overall call ends ---
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     // Define attributes for assertions
     io.opentelemetry.api.common.Attributes finalAttributes
@@ -1138,11 +1141,11 @@ public void clientStreamNeverCreatedStillRecordMetrics() {
         enabledMetricsMap, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target,
+        new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target, CALL_OPTIONS,
             method.getFullMethodName(), emptyList());
     fakeClock.forwardTime(3000, MILLISECONDS);
     Status status = Status.DEADLINE_EXCEEDED.withDescription("5 seconds");
-    callAttemptsTracerFactory.callEnded(status);
+    callAttemptsTracerFactory.callEnded(status, CALL_OPTIONS);
 
     io.opentelemetry.api.common.Attributes attemptStartedAttributes
         = io.opentelemetry.api.common.Attributes.of(
@@ -1247,7 +1250,8 @@ public void clientLocalityMetrics_present() {
     OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
         fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.locality"), emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(
+            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
@@ -1256,7 +1260,7 @@ public void clientLocalityMetrics_present() {
     tracer.addOptionalLabel("grpc.lb.locality", "the-moon");
     tracer.addOptionalLabel("grpc.lb.foo", "thats-no-moon");
     tracer.streamClosed(Status.OK);
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
         TARGET_KEY, target,
@@ -1315,12 +1319,13 @@ public void clientLocalityMetrics_missing() {
     OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
         fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.locality"), emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(
+            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
     tracer.streamClosed(Status.OK);
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
         TARGET_KEY, target,
@@ -1380,7 +1385,8 @@ public void clientBackendServiceMetrics_present() {
         fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.backend_service"),
         emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(
+            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
@@ -1389,7 +1395,7 @@ public void clientBackendServiceMetrics_present() {
     tracer.addOptionalLabel("grpc.lb.backend_service", "the-moon");
     tracer.addOptionalLabel("grpc.lb.foo", "thats-no-moon");
     tracer.streamClosed(Status.OK);
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
         TARGET_KEY, target,
@@ -1449,12 +1455,13 @@ public void clientBackendServiceMetrics_missing() {
         fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.backend_service"),
         emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(module, target, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(
+            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
     tracer.streamClosed(Status.OK);
-    callAttemptsTracerFactory.callEnded(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, CALL_OPTIONS);
 
     io.opentelemetry.api.common.Attributes attributes = io.opentelemetry.api.common.Attributes.of(
         TARGET_KEY, target,
@@ -1505,6 +1512,100 @@ public void clientBackendServiceMetrics_missing() {
                             point -> point.hasAttributes(clientAttributes))));
   }
 
+  @Test
+  public void customLabel_present() {
+    Map<String, Boolean> enabledMetrics = ImmutableMap.of(
+        CLIENT_CALL_HEDGES, true,
+        CLIENT_CALL_RETRIES, true,
+        CLIENT_CALL_RETRY_DELAY, true,
+        CLIENT_CALL_TRANSPARENT_RETRIES, true
+    );
+    String target = "target:///";
+    String customValue = "some-random-value";
+    CallOptions callOptions =
+        STREAM_INFO.getCallOptions().withOption(Grpc.CALL_OPTION_CUSTOM_LABEL, customValue);
+    OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
+        enabledMetrics, disableDefaultMetrics);
+    String customLabel = "grpc.client.call.custom";
+    OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
+        fakeClock.getStopwatchSupplier(), resource, Arrays.asList(customLabel),
+        emptyList());
+    OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
+        new CallAttemptsTracerFactory(
+            module, target, callOptions, method.getFullMethodName(), emptyList());
+
+    ClientStreamTracer.StreamInfo streamInfo =
+        STREAM_INFO.toBuilder().setCallOptions(callOptions).build();
+    ClientStreamTracer tracer =
+        callAttemptsTracerFactory.newClientStreamTracer(streamInfo, new Metadata());
+    tracer.streamClosed(Status.UNAVAILABLE);
+
+    tracer = callAttemptsTracerFactory.newClientStreamTracer(streamInfo, new Metadata());
+    tracer.streamClosed(Status.UNAVAILABLE);
+
+    tracer = callAttemptsTracerFactory.newClientStreamTracer(
+        streamInfo.toBuilder().setIsTransparentRetry(true).build(), new Metadata());
+    tracer.streamClosed(Status.UNAVAILABLE);
+
+    tracer = callAttemptsTracerFactory.newClientStreamTracer(
+        streamInfo.toBuilder().setIsHedging(true).build(), new Metadata());
+    tracer.streamClosed(Status.OK);
+    callAttemptsTracerFactory.callEnded(Status.OK, callOptions);
+
+    AttributeKey<String> attributeKey = AttributeKey.stringKey(customLabel);
+
+    assertThat(sortByName(openTelemetryTesting.getMetrics()))
+        .satisfiesExactly(
+            metric -> assertThat(metric)
+                .hasName(CLIENT_ATTEMPT_DURATION_INSTRUMENT_NAME)
+                .hasHistogramSatisfying(
+                    histogram -> histogram.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue),
+                        point -> point.hasAttribute(attributeKey, customValue))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_ATTEMPT_RECV_TOTAL_COMPRESSED_MESSAGE_SIZE)
+                .hasHistogramSatisfying(
+                    histogram -> histogram.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue),
+                        point -> point.hasAttribute(attributeKey, customValue))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_ATTEMPT_SENT_TOTAL_COMPRESSED_MESSAGE_SIZE)
+                .hasHistogramSatisfying(
+                    histogram -> histogram.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue),
+                        point -> point.hasAttribute(attributeKey, customValue))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_ATTEMPT_COUNT_INSTRUMENT_NAME)
+                .hasLongSumSatisfying(
+                    longSum -> longSum.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_DURATION)
+                .hasHistogramSatisfying(
+                    histogram -> histogram.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_HEDGES)
+                .hasHistogramSatisfying(
+                    histogram -> histogram.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_RETRIES)
+                .hasHistogramSatisfying(
+                    histogram -> histogram.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_RETRY_DELAY)
+                .hasHistogramSatisfying(
+                    histogram -> histogram.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue))),
+            metric -> assertThat(metric)
+                .hasName(CLIENT_CALL_TRANSPARENT_RETRIES)
+                .hasHistogramSatisfying(
+                    histogram -> histogram.hasPointsSatisfying(
+                        point -> point.hasAttribute(attributeKey, customValue))));
+  }
+
   @Test
   public void serverBasicMetrics() {
     OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
@@ -1891,6 +1992,11 @@ public void serverBaggagePropagation_EndToEnd() throws Exception {
     assertEquals("red_pill_or_blue_pill", capturedBaggage.getEntryValue("choice"));
   }
 
+  private static List<MetricData> sortByName(List<MetricData> metrics) {
+    metrics.sort((m1, m2) -> m1.getName().compareTo(m2.getName()));
+    return metrics;
+  }
+
   /**
    * A simple service implementation for the E2E test.
    */
diff --git a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
index 83e9d482bc5..a2846fd04c8 100644
--- a/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
+++ b/rls/src/main/java/io/grpc/rls/CachingRlsLbClient.java
@@ -33,6 +33,7 @@
 import io.grpc.ChannelLogger;
 import io.grpc.ChannelLogger.ChannelLogLevel;
 import io.grpc.ConnectivityState;
+import io.grpc.Grpc;
 import io.grpc.LoadBalancer.Helper;
 import io.grpc.LoadBalancer.PickResult;
 import io.grpc.LoadBalancer.PickSubchannelArgs;
@@ -141,20 +142,22 @@ final class CachingRlsLbClient {
         "grpc.lb.rls.default_target_picks",
         "EXPERIMENTAL. Number of LB picks sent to the default target", "{pick}",
         Arrays.asList("grpc.target", "grpc.lb.rls.server_target",
-            "grpc.lb.rls.data_plane_target", "grpc.lb.pick_result"), Collections.emptyList(),
+            "grpc.lb.rls.data_plane_target", "grpc.lb.pick_result"),
+        Arrays.asList("grpc.client.call.custom"),
         false);
     TARGET_PICKS_COUNTER = metricInstrumentRegistry.registerLongCounter("grpc.lb.rls.target_picks",
         "EXPERIMENTAL. Number of LB picks sent to each RLS target. Note that if the default "
             + "target is also returned by the RLS server, RPCs sent to that target from the cache "
             + "will be counted in this metric, not in grpc.rls.default_target_picks.", "{pick}",
         Arrays.asList("grpc.target", "grpc.lb.rls.server_target", "grpc.lb.rls.data_plane_target",
-            "grpc.lb.pick_result"), Collections.emptyList(),
+            "grpc.lb.pick_result"),
+        Arrays.asList("grpc.client.call.custom"),
         false);
     FAILED_PICKS_COUNTER = metricInstrumentRegistry.registerLongCounter("grpc.lb.rls.failed_picks",
         "EXPERIMENTAL. Number of LB picks failed due to either a failed RLS request or the "
             + "RLS channel being throttled", "{pick}",
         Arrays.asList("grpc.target", "grpc.lb.rls.server_target"),
-        Collections.emptyList(), false);
+        Arrays.asList("grpc.client.call.custom"), false);
     CACHE_ENTRIES_GAUGE = metricInstrumentRegistry.registerLongGauge("grpc.lb.rls.cache_entries",
         "EXPERIMENTAL. Number of entries in the RLS cache", "{entry}",
         Arrays.asList("grpc.target", "grpc.lb.rls.server_target", "grpc.lb.rls.instance_uuid"),
@@ -1033,7 +1036,7 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
           helper.getMetricRecorder().addLongCounter(TARGET_PICKS_COUNTER, 1,
               Arrays.asList(helper.getChannelTarget(), lookupService,
                   childPolicyWrapper.getTarget(), determineMetricsPickResult(pickResult)),
-              Collections.emptyList());
+              Arrays.asList(determineCustomLabel(args)));
         }
         return pickResult;
       } else if (response.hasError()) {
@@ -1041,7 +1044,8 @@ public PickResult pickSubchannel(PickSubchannelArgs args) {
           return useFallback(args);
         }
         helper.getMetricRecorder().addLongCounter(FAILED_PICKS_COUNTER, 1,
-            Arrays.asList(helper.getChannelTarget(), lookupService), Collections.emptyList());
+            Arrays.asList(helper.getChannelTarget(), lookupService),
+            Arrays.asList(determineCustomLabel(args)));
         return PickResult.withError(
             convertRlsServerStatus(response.getStatus(),
                 lbPolicyConfig.getRouteLookupConfig().lookupService()));
@@ -1061,7 +1065,7 @@ private PickResult useFallback(PickSubchannelArgs args) {
         helper.getMetricRecorder().addLongCounter(DEFAULT_TARGET_PICKS_COUNTER, 1,
             Arrays.asList(helper.getChannelTarget(), lookupService,
                 fallbackChildPolicyWrapper.getTarget(), determineMetricsPickResult(pickResult)),
-            Collections.emptyList());
+            Arrays.asList(determineCustomLabel(args)));
       }
       return pickResult;
     }
@@ -1076,6 +1080,10 @@ private String determineMetricsPickResult(PickResult pickResult) {
       }
     }
 
+    private String determineCustomLabel(PickSubchannelArgs args) {
+      return args.getCallOptions().getOption(Grpc.CALL_OPTION_CUSTOM_LABEL);
+    }
+
     // GuardedBy CachingRlsLbClient.lock
     void close() {
       synchronized (lock) { // Lock is already held, but ErrorProne can't tell
diff --git a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
index 188c99bcd5a..a52390743a6 100644
--- a/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
+++ b/rls/src/test/java/io/grpc/rls/RlsLoadBalancerTest.java
@@ -42,6 +42,7 @@
 import io.grpc.ConnectivityStateInfo;
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.ForwardingChannelBuilder2;
+import io.grpc.Grpc;
 import io.grpc.InternalManagedChannelBuilder;
 import io.grpc.LoadBalancer.CreateSubchannelArgs;
 import io.grpc.LoadBalancer.Helper;
@@ -370,8 +371,10 @@ public void metricsWithRealChannel() throws Exception {
         .build());
 
     StreamRecorder<Void> recorder = StreamRecorder.create();
+    CallOptions callOptions = CallOptions.DEFAULT
+        .withOption(Grpc.CALL_OPTION_CUSTOM_LABEL, "customvalue");
     StreamObserver<Void> requestObserver = ClientCalls.asyncClientStreamingCall(
-        channel.newCall(fakeSearchMethod, CallOptions.DEFAULT), recorder);
+        channel.newCall(fakeSearchMethod, callOptions), recorder);
     requestObserver.onCompleted();
     assertThat(recorder.awaitCompletion(10, TimeUnit.SECONDS)).isTrue();
     assertThat(recorder.getError()).isNull();
@@ -381,7 +384,7 @@ public void metricsWithRealChannel() throws Exception {
         eq(1L),
         eq(Arrays.asList("directaddress:///fake-bigtable.googleapis.com", "localhost:8972",
             "defaultTarget", "complete")),
-        eq(Arrays.asList()));
+        eq(Arrays.asList("customvalue")));
   }
 
   @Test
@@ -685,7 +688,7 @@ private void verifyLongCounterAdd(String name, int times, long value,
     verify(mockMetricRecorder, times(times)).addLongCounter(
         eqMetricInstrumentName(name), eq(value),
         eq(Lists.newArrayList(channelTarget, "localhost:8972", dataPlaneTargetLabel, pickResult)),
-        eq(Lists.newArrayList()));
+        eq(Lists.newArrayList("")));
   }
 
   // This one is for verifying the failed_pick metric specifically.
@@ -694,7 +697,7 @@ private void verifyFailedPicksCounterAdd(int times, long value) {
     verify(mockMetricRecorder, times(times)).addLongCounter(
         eqMetricInstrumentName("grpc.lb.rls.failed_picks"), eq(value),
         eq(Lists.newArrayList(channelTarget, "localhost:8972")),
-        eq(Lists.newArrayList()));
+        eq(Lists.newArrayList("")));
   }
 
   @SuppressWarnings("TypeParameterUnusedInFormals")

From b16da37cab5407b8a5abf3353027aa21a1186725 Mon Sep 17 00:00:00 2001
From: wzhang <zhangweikop@gmail.com>
Date: Fri, 27 Mar 2026 08:51:42 -0700
Subject: [PATCH 585/591] util: update AdvancedTlsX509KeyManager to support key
 alias for reloaded cert (#12686)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Overview

Make the alias in `AdvancedTlsX509KeyManager` dynamic so it can be used
with Netty's `OpenSslCachingX509KeyManagerFactory` to update key
material after reload.

Fixes #12670
Fixes #12485

## Problem

When using `SslProvider.OPENSSL`, each TLS handshake must encode Java
key material into a native buffer consumed by OpenSSL, which can account
for ~8% of server CPU. Netty's `OpenSslCachingX509KeyManagerFactory`
avoids this by caching the encoded buffer keyed by alias — but the
previous implementation always returned `"default"`, so the factory
could never detect credential rotations and create a new cache entry on
cert reload.

## Details

- The alias is now set to `key-<N>` (e.g. `key-1`, `key-2`, ...) and
  incremented on every `updateIdentityCredentials` call, ensuring the
  same alias always maps to the same key material.
- One prior key value is kept to allow consistent handshaking during key
  changes.
---
 .../java/io/grpc/netty/AdvancedTlsTest.java   | 15 ++--
 .../grpc/util/AdvancedTlsX509KeyManager.java  | 73 +++++++++++++++----
 .../util/AdvancedTlsX509KeyManagerTest.java   | 62 +++++++++++++---
 3 files changed, 114 insertions(+), 36 deletions(-)

diff --git a/netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java b/netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java
index f34e336553b..66591cda153 100644
--- a/netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java
+++ b/netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java
@@ -436,16 +436,13 @@ public void onFileReloadingTrustManagerBadInitialContentTest() throws Exception
   }
 
   @Test
-  public void keyManagerAliasesTest() {
+  public void keyManagerAliasesTest() throws Exception {
     AdvancedTlsX509KeyManager km = new AdvancedTlsX509KeyManager();
-    assertArrayEquals(
-        new String[] {"default"}, km.getClientAliases("", null));
-    assertEquals(
-        "default", km.chooseClientAlias(new String[] {"default"}, null, null));
-    assertArrayEquals(
-        new String[] {"default"}, km.getServerAliases("", null));
-    assertEquals(
-        "default", km.chooseServerAlias("default", null, null));
+    km.updateIdentityCredentials(serverCert0, serverKey0);
+    assertArrayEquals(new String[] {"key-1"}, km.getClientAliases("", null));
+    assertEquals("key-1", km.chooseClientAlias(new String[] {"key-1"}, null, null));
+    assertArrayEquals(new String[] {"key-1"}, km.getServerAliases("", null));
+    assertEquals("key-1", km.chooseServerAlias("key-1", null, null));
   }
 
   @Test
diff --git a/util/src/main/java/io/grpc/util/AdvancedTlsX509KeyManager.java b/util/src/main/java/io/grpc/util/AdvancedTlsX509KeyManager.java
index 1f807cd405d..eea664f2ad4 100644
--- a/util/src/main/java/io/grpc/util/AdvancedTlsX509KeyManager.java
+++ b/util/src/main/java/io/grpc/util/AdvancedTlsX509KeyManager.java
@@ -32,6 +32,7 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.net.ssl.SSLEngine;
@@ -40,59 +41,86 @@
 /**
  * AdvancedTlsX509KeyManager is an {@code X509ExtendedKeyManager} that allows users to configure
  * advanced TLS features, such as private key and certificate chain reloading.
+ *
+ * <p>The alias increments on every credential load (e.g. {@code "key-1"}, {@code "key-2"}, ...),
+ * so the same alias always maps to the same key material. The previous alias is retained for one
+ * rotation to allow in-progress handshakes to complete, ensuring alias-to-key-material consistency
+ * across credential reloads.
  */
 public final class AdvancedTlsX509KeyManager extends X509ExtendedKeyManager {
   private static final Logger log = Logger.getLogger(AdvancedTlsX509KeyManager.class.getName());
   // Minimum allowed period for refreshing files with credential information.
-  private static final int MINIMUM_REFRESH_PERIOD_IN_MINUTES = 1 ;
-  // The credential information to be sent to peers to prove our identity.
-  private volatile KeyInfo keyInfo;
+  private static final int MINIMUM_REFRESH_PERIOD_IN_MINUTES = 1;
+  // Prefix for the key material alias; revision counter appended on each credential load.
+  static final String ALIAS_PREFIX = "key-";
+
+  private final AtomicInteger revision = new AtomicInteger(0);
+  // Snapshot of current and previous KeyInfo; previous is retained for in-progress handshakes
+  // after one rotation.
+  private volatile KeyInfoSnapshot snapshot = new KeyInfoSnapshot(null, null);
+
+  public AdvancedTlsX509KeyManager() {}
+
+  private String alias() {
+    KeyInfo curr = this.snapshot.current;
+    return curr != null ? curr.alias : null;
+  }
 
   @Override
   public PrivateKey getPrivateKey(String alias) {
-    if (alias.equals("default")) {
-      return this.keyInfo.key;
+    KeyInfoSnapshot snap = this.snapshot;
+    if (snap.current != null && snap.current.alias.equals(alias)) {
+      return snap.current.key;
+    }
+    if (snap.previous != null && snap.previous.alias.equals(alias)) {
+      return snap.previous.key;
     }
     return null;
   }
 
   @Override
   public X509Certificate[] getCertificateChain(String alias) {
-    if (alias.equals("default")) {
-      return Arrays.copyOf(this.keyInfo.certs, this.keyInfo.certs.length);
+    KeyInfoSnapshot snap = this.snapshot;
+    if (snap.current != null && snap.current.alias.equals(alias)) {
+      return Arrays.copyOf(snap.current.certs, snap.current.certs.length);
+    }
+    if (snap.previous != null && snap.previous.alias.equals(alias)) {
+      return Arrays.copyOf(snap.previous.certs, snap.previous.certs.length);
     }
     return null;
   }
 
   @Override
   public String[] getClientAliases(String keyType, Principal[] issuers) {
-    return new String[] {"default"};
+    String alias = alias();
+    return alias != null ? new String[] {alias} : null;
   }
 
   @Override
   public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
-    return "default";
+    return alias();
   }
 
   @Override
   public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) {
-    return "default";
+    return alias();
   }
 
   @Override
   public String[] getServerAliases(String keyType, Principal[] issuers) {
-    return new String[] {"default"};
+    String alias = alias();
+    return alias != null ? new String[] {alias} : null;
   }
 
   @Override
   public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
-    return "default";
+    return alias();
   }
 
   @Override
   public String chooseEngineServerAlias(String keyType, Principal[] issuers,
       SSLEngine engine) {
-    return "default";
+    return alias();
   }
 
   /**
@@ -116,7 +144,9 @@ public void updateIdentityCredentials(PrivateKey key, X509Certificate[] certs) {
    * @param key  the private key that is going to be used
    */
   public void updateIdentityCredentials(X509Certificate[] certs, PrivateKey key) {
-    this.keyInfo = new KeyInfo(checkNotNull(certs, "certs"), checkNotNull(key, "key"));
+    KeyInfo newInfo = new KeyInfo(checkNotNull(certs, "certs"), checkNotNull(key, "key"),
+        ALIAS_PREFIX + revision.incrementAndGet());
+    this.snapshot = new KeyInfoSnapshot(newInfo, this.snapshot.current);
   }
 
   /**
@@ -218,10 +248,22 @@ private static class KeyInfo {
     // The private key and the cert chain we will use to send to peers to prove our identity.
     final X509Certificate[] certs;
     final PrivateKey key;
+    final String alias;
 
-    public KeyInfo(X509Certificate[] certs, PrivateKey key) {
+    public KeyInfo(X509Certificate[] certs, PrivateKey key, String alias) {
       this.certs = certs;
       this.key = key;
+      this.alias = alias;
+    }
+  }
+
+  private static class KeyInfoSnapshot {
+    final KeyInfo current;
+    final KeyInfo previous;
+
+    KeyInfoSnapshot(KeyInfo current, KeyInfo previous) {
+      this.current = current;
+      this.previous = previous;
     }
   }
 
@@ -309,4 +351,3 @@ public interface Closeable extends java.io.Closeable {
     void close();
   }
 }
-
diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509KeyManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509KeyManagerTest.java
index f96c85e4f4f..b8431d4f991 100644
--- a/util/src/test/java/io/grpc/util/AdvancedTlsX509KeyManagerTest.java
+++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509KeyManagerTest.java
@@ -18,6 +18,7 @@
 
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -48,7 +49,6 @@ public class AdvancedTlsX509KeyManagerTest {
   private static final String SERVER_0_PEM_FILE = "server0.pem";
   private static final String CLIENT_0_KEY_FILE = "client.key";
   private static final String CLIENT_0_PEM_FILE = "client.pem";
-  private static final String ALIAS = "default";
 
   private ScheduledExecutorService executor;
 
@@ -79,22 +79,62 @@ public void setUp() throws Exception {
   public void updateTrustCredentials_replacesIssuers() throws Exception {
     // Overall happy path checking of public API.
     AdvancedTlsX509KeyManager serverKeyManager = new AdvancedTlsX509KeyManager();
+
     serverKeyManager.updateIdentityCredentials(serverCert0, serverKey0);
-    assertEquals(serverKey0, serverKeyManager.getPrivateKey(ALIAS));
-    assertArrayEquals(serverCert0, serverKeyManager.getCertificateChain(ALIAS));
+    String alias1 = serverKeyManager.chooseEngineServerAlias(null, null, null);
+    assertEquals(AdvancedTlsX509KeyManager.ALIAS_PREFIX + "1", alias1);
+    assertEquals(serverKey0, serverKeyManager.getPrivateKey(alias1));
+    assertArrayEquals(serverCert0, serverKeyManager.getCertificateChain(alias1));
 
     serverKeyManager.updateIdentityCredentials(clientCert0File, clientKey0File);
-    assertEquals(clientKey0, serverKeyManager.getPrivateKey(ALIAS));
-    assertArrayEquals(clientCert0, serverKeyManager.getCertificateChain(ALIAS));
-
-    serverKeyManager.updateIdentityCredentials(serverCert0File, serverKey0File,1,
+    String alias2 = serverKeyManager.chooseEngineServerAlias(null, null, null);
+    assertEquals(AdvancedTlsX509KeyManager.ALIAS_PREFIX + "2", alias2);
+    assertEquals(clientKey0, serverKeyManager.getPrivateKey(alias2));
+    assertArrayEquals(clientCert0, serverKeyManager.getCertificateChain(alias2));
+    // Previous alias still resolves — retained to allow in-progress handshakes to complete.
+    assertEquals(serverKey0, serverKeyManager.getPrivateKey(alias1));
+    assertArrayEquals(serverCert0, serverKeyManager.getCertificateChain(alias1));
+
+    serverKeyManager.updateIdentityCredentials(serverCert0File, serverKey0File, 1,
         TimeUnit.MINUTES, executor);
-    assertEquals(serverKey0, serverKeyManager.getPrivateKey(ALIAS));
-    assertArrayEquals(serverCert0, serverKeyManager.getCertificateChain(ALIAS));
+    String alias3 = serverKeyManager.chooseEngineServerAlias(null, null, null);
+    assertEquals(serverKey0, serverKeyManager.getPrivateKey(alias3));
+    assertArrayEquals(serverCert0, serverKeyManager.getCertificateChain(alias3));
+    // alias1 is now two rotations back — no longer retained.
+    assertNull(serverKeyManager.getPrivateKey(alias1));
 
     serverKeyManager.updateIdentityCredentials(serverCert0, serverKey0);
-    assertEquals(serverKey0, serverKeyManager.getPrivateKey(ALIAS));
-    assertArrayEquals(serverCert0, serverKeyManager.getCertificateChain(ALIAS));
+    String alias4 = serverKeyManager.chooseEngineServerAlias(null, null, null);
+    assertEquals(serverKey0, serverKeyManager.getPrivateKey(alias4));
+    assertArrayEquals(serverCert0, serverKeyManager.getCertificateChain(alias4));
+  }
+
+  @Test
+  public void allAliasMethods_returnNullBeforeCredentialsLoaded() {
+    AdvancedTlsX509KeyManager keyManager = new AdvancedTlsX509KeyManager();
+
+    assertNull(keyManager.chooseClientAlias(null, null, null));
+    assertNull(keyManager.chooseServerAlias(null, null, null));
+    assertNull(keyManager.chooseEngineClientAlias(null, null, null));
+    assertNull(keyManager.chooseEngineServerAlias(null, null, null));
+    assertNull(keyManager.getClientAliases(null, null));
+    assertNull(keyManager.getServerAliases(null, null));
+    assertNull(keyManager.getPrivateKey("key-1"));
+    assertNull(keyManager.getCertificateChain("key-1"));
+  }
+
+  @Test
+  public void allAliasMethods_agreeAfterCredentialLoad() throws Exception {
+    AdvancedTlsX509KeyManager keyManager = new AdvancedTlsX509KeyManager();
+    keyManager.updateIdentityCredentials(serverCert0, serverKey0);
+
+    String expectedAlias = AdvancedTlsX509KeyManager.ALIAS_PREFIX + "1";
+    assertEquals(expectedAlias, keyManager.chooseClientAlias(null, null, null));
+    assertEquals(expectedAlias, keyManager.chooseServerAlias(null, null, null));
+    assertEquals(expectedAlias, keyManager.chooseEngineClientAlias(null, null, null));
+    assertEquals(expectedAlias, keyManager.chooseEngineServerAlias(null, null, null));
+    assertArrayEquals(new String[]{expectedAlias}, keyManager.getClientAliases(null, null));
+    assertArrayEquals(new String[]{expectedAlias}, keyManager.getServerAliases(null, null));
   }
 
   @Test

From a8f2271ac2b1c565cea76202efdf12731629b0ed Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Tue, 31 Mar 2026 15:25:58 +0530
Subject: [PATCH 586/591] openTelemetry: add tcp metrics (#12652)

Implements [A80](https://github.com/grpc/proposal/pull/519)
---
 .../java/io/grpc/ForwardingServerBuilder.java |   6 +
 .../main/java/io/grpc/InternalTcpMetrics.java |  98 +++
 api/src/main/java/io/grpc/NameResolver.java   |   8 +-
 api/src/main/java/io/grpc/ServerBuilder.java  |  11 +
 .../io/grpc/binder/BinderServerBuilder.java   |   2 +-
 .../grpc/internal/ClientTransportFactory.java |  12 +
 .../io/grpc/internal/InternalSubchannel.java  |   3 +
 .../io/grpc/internal/ServerImplBuilder.java   |  21 +-
 .../grpc/internal/ServerImplBuilderTest.java  |  19 +-
 .../java/io/grpc/internal/ServerImplTest.java |   4 +-
 .../inprocess/InProcessServerBuilder.java     |   4 +-
 .../io/grpc/netty/NettyChannelBuilder.java    |   1 +
 .../io/grpc/netty/NettyClientHandler.java     |  26 +-
 .../io/grpc/netty/NettyClientTransport.java   |   7 +-
 .../main/java/io/grpc/netty/NettyServer.java  |  10 +-
 .../io/grpc/netty/NettyServerBuilder.java     |  13 +-
 .../io/grpc/netty/NettyServerHandler.java     |  25 +-
 .../io/grpc/netty/NettyServerTransport.java   |   9 +-
 .../main/java/io/grpc/netty/TcpMetrics.java   | 227 +++++++
 .../io/grpc/netty/NettyClientHandlerTest.java |   4 +-
 .../grpc/netty/NettyClientTransportTest.java  | 212 +++---
 .../io/grpc/netty/NettyServerBuilderTest.java |   8 +-
 .../io/grpc/netty/NettyServerHandlerTest.java |  17 +-
 .../java/io/grpc/netty/NettyServerTest.java   |  15 +-
 .../io/grpc/netty/NettyTransportTest.java     |   5 +-
 .../grpc/netty/ProtocolNegotiatorsTest.java   |   5 +-
 .../java/io/grpc/netty/TcpMetricsTest.java    | 616 ++++++++++++++++++
 .../io/grpc/okhttp/OkHttpServerBuilder.java   |  11 +-
 .../grpc/opentelemetry/GrpcOpenTelemetry.java |   1 +
 .../opentelemetry/GrpcOpenTelemetryTest.java  |   3 +-
 .../io/grpc/servlet/ServletServerBuilder.java |   4 +-
 .../java/io/grpc/xds/XdsNameResolver.java     |   6 +-
 32 files changed, 1255 insertions(+), 158 deletions(-)
 create mode 100644 api/src/main/java/io/grpc/InternalTcpMetrics.java
 create mode 100644 netty/src/main/java/io/grpc/netty/TcpMetrics.java
 create mode 100644 netty/src/test/java/io/grpc/netty/TcpMetricsTest.java

diff --git a/api/src/main/java/io/grpc/ForwardingServerBuilder.java b/api/src/main/java/io/grpc/ForwardingServerBuilder.java
index 9cef7cfa331..d1f183dd824 100644
--- a/api/src/main/java/io/grpc/ForwardingServerBuilder.java
+++ b/api/src/main/java/io/grpc/ForwardingServerBuilder.java
@@ -201,6 +201,12 @@ public Server build() {
     return delegate().build();
   }
 
+  @Override
+  public T addMetricSink(MetricSink metricSink) {
+    delegate().addMetricSink(metricSink);
+    return thisT();
+  }
+
   @Override
   public String toString() {
     return MoreObjects.toStringHelper(this).add("delegate", delegate()).toString();
diff --git a/api/src/main/java/io/grpc/InternalTcpMetrics.java b/api/src/main/java/io/grpc/InternalTcpMetrics.java
new file mode 100644
index 00000000000..3dd89b6f76c
--- /dev/null
+++ b/api/src/main/java/io/grpc/InternalTcpMetrics.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * TCP Metrics defined to be shared across transport implementations.
+ * These metrics and their definitions are specified in
+ * <a href=
+ * "https://github.com/grpc/proposal/blob/master/A80-tcp-metrics.md">gRFC
+ * A80</a>.
+ */
+@Internal
+public final class InternalTcpMetrics {
+
+  private InternalTcpMetrics() {
+  }
+
+  private static final List<String> OPTIONAL_LABELS = Arrays.asList(
+      "network.local.address",
+      "network.local.port",
+      "network.peer.address",
+      "network.peer.port");
+
+  public static final DoubleHistogramMetricInstrument MIN_RTT_INSTRUMENT =
+      MetricInstrumentRegistry.getDefaultRegistry()
+          .registerDoubleHistogram(
+              "grpc.tcp.min_rtt",
+              "Minimum round-trip time of a TCP connection",
+              "s",
+              Collections.emptyList(),
+              Collections.emptyList(),
+              OPTIONAL_LABELS,
+              false);
+
+  public static final LongCounterMetricInstrument CONNECTIONS_CREATED_INSTRUMENT =
+      MetricInstrumentRegistry
+          .getDefaultRegistry()
+          .registerLongCounter(
+              "grpc.tcp.connections_created",
+              "The total number of TCP connections established.",
+              "{connection}",
+              Collections.emptyList(),
+              OPTIONAL_LABELS,
+              false);
+
+  public static final LongUpDownCounterMetricInstrument CONNECTION_COUNT_INSTRUMENT =
+      MetricInstrumentRegistry
+          .getDefaultRegistry()
+          .registerLongUpDownCounter(
+              "grpc.tcp.connection_count",
+              "The current number of active TCP connections.",
+              "{connection}",
+              Collections.emptyList(),
+              OPTIONAL_LABELS,
+              false);
+
+  public static final LongCounterMetricInstrument PACKETS_RETRANSMITTED_INSTRUMENT =
+      MetricInstrumentRegistry
+          .getDefaultRegistry()
+          .registerLongCounter(
+              "grpc.tcp.packets_retransmitted",
+              "The total number of packets retransmitted for all TCP connections.",
+              "{packet}",
+              Collections.emptyList(),
+              OPTIONAL_LABELS,
+              false);
+
+  public static final LongCounterMetricInstrument RECURRING_RETRANSMITS_INSTRUMENT =
+      MetricInstrumentRegistry
+          .getDefaultRegistry()
+          .registerLongCounter(
+              "grpc.tcp.recurring_retransmits",
+              "The total number of times the retransmit timer "
+                  + "popped for all TCP connections.",
+              "{timeout}",
+              Collections.emptyList(),
+              OPTIONAL_LABELS,
+              false);
+
+}
diff --git a/api/src/main/java/io/grpc/NameResolver.java b/api/src/main/java/io/grpc/NameResolver.java
index 53dbc5d6888..e44a26309ae 100644
--- a/api/src/main/java/io/grpc/NameResolver.java
+++ b/api/src/main/java/io/grpc/NameResolver.java
@@ -355,7 +355,7 @@ public static final class Args {
     @Nullable private final ChannelLogger channelLogger;
     @Nullable private final Executor executor;
     @Nullable private final String overrideAuthority;
-    @Nullable private final MetricRecorder metricRecorder;
+    private final MetricRecorder metricRecorder;
     @Nullable private final NameResolverRegistry nameResolverRegistry;
     @Nullable private final IdentityHashMap<Key<?>, Object> customArgs;
 
@@ -369,7 +369,8 @@ private Args(Builder builder) {
       this.channelLogger = builder.channelLogger;
       this.executor = builder.executor;
       this.overrideAuthority = builder.overrideAuthority;
-      this.metricRecorder = builder.metricRecorder;
+      this.metricRecorder = builder.metricRecorder != null ? builder.metricRecorder
+          : new MetricRecorder() {};
       this.nameResolverRegistry = builder.nameResolverRegistry;
       this.customArgs = cloneCustomArgs(builder.customArgs);
     }
@@ -497,7 +498,6 @@ public String getOverrideAuthority() {
     /**
      * Returns the {@link MetricRecorder} that the channel uses to record metrics.
      */
-    @Nullable
     public MetricRecorder getMetricRecorder() {
       return metricRecorder;
     }
@@ -680,7 +680,7 @@ public <T> Builder setArg(Key<T> key, T value) {
        * See {@link Args#getMetricRecorder()}. This is an optional field.
        */
       public Builder setMetricRecorder(MetricRecorder metricRecorder) {
-        this.metricRecorder = metricRecorder;
+        this.metricRecorder = checkNotNull(metricRecorder, "metricRecorder");
         return this;
       }
 
diff --git a/api/src/main/java/io/grpc/ServerBuilder.java b/api/src/main/java/io/grpc/ServerBuilder.java
index cd1cddbb93f..3effe593e57 100644
--- a/api/src/main/java/io/grpc/ServerBuilder.java
+++ b/api/src/main/java/io/grpc/ServerBuilder.java
@@ -435,6 +435,17 @@ public T setBinaryLog(BinaryLog binaryLog) {
    */
   public abstract Server build();
 
+  /**
+   * Adds a metric sink to the server.
+   *
+   * @param metricSink the metric sink to add.
+   * @return this
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/12693")
+  public T addMetricSink(MetricSink metricSink) {
+    return thisT();
+  }
+
   /**
    * Returns the correctly typed version of the builder.
    */
diff --git a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java
index c926c853472..5f0885883a5 100644
--- a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java
+++ b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java
@@ -68,7 +68,7 @@ private BinderServerBuilder(
 
     serverImplBuilder =
         new ServerImplBuilder(
-            streamTracerFactories -> {
+            (streamTracerFactories, metricRecorder) -> {
               internalBuilder.setStreamTracerFactories(streamTracerFactories);
               BinderServer server = internalBuilder.build();
               BinderInternal.setIBinder(binderReceiver, server.getHostBinder());
diff --git a/core/src/main/java/io/grpc/internal/ClientTransportFactory.java b/core/src/main/java/io/grpc/internal/ClientTransportFactory.java
index 6c10ced4652..6023fb14aa9 100644
--- a/core/src/main/java/io/grpc/internal/ClientTransportFactory.java
+++ b/core/src/main/java/io/grpc/internal/ClientTransportFactory.java
@@ -24,6 +24,7 @@
 import io.grpc.ChannelCredentials;
 import io.grpc.ChannelLogger;
 import io.grpc.HttpConnectProxiedSocketAddress;
+import io.grpc.MetricRecorder;
 import java.io.Closeable;
 import java.net.SocketAddress;
 import java.util.Collection;
@@ -91,6 +92,8 @@ final class ClientTransportOptions {
     private Attributes eagAttributes = Attributes.EMPTY;
     @Nullable private String userAgent;
     @Nullable private HttpConnectProxiedSocketAddress connectProxiedSocketAddr;
+    private MetricRecorder metricRecorder = new MetricRecorder() {
+    };
 
     public ChannelLogger getChannelLogger() {
       return channelLogger;
@@ -101,6 +104,15 @@ public ClientTransportOptions setChannelLogger(ChannelLogger channelLogger) {
       return this;
     }
 
+    public MetricRecorder getMetricRecorder() {
+      return metricRecorder;
+    }
+
+    public ClientTransportOptions setMetricRecorder(MetricRecorder metricRecorder) {
+      this.metricRecorder = Preconditions.checkNotNull(metricRecorder, "metricRecorder");
+      return this;
+    }
+
     public String getAuthority() {
       return authority;
     }
diff --git a/core/src/main/java/io/grpc/internal/InternalSubchannel.java b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
index 7a48bf642fe..ce31921e316 100644
--- a/core/src/main/java/io/grpc/internal/InternalSubchannel.java
+++ b/core/src/main/java/io/grpc/internal/InternalSubchannel.java
@@ -80,6 +80,7 @@ final class InternalSubchannel implements InternalInstrumented<ChannelStats>, Tr
   private final InternalChannelz channelz;
   private final CallTracer callsTracer;
   private final ChannelTracer channelTracer;
+  private final MetricRecorder metricRecorder;
   private final ChannelLogger channelLogger;
   private final boolean reconnectDisabled;
 
@@ -191,6 +192,7 @@ protected void handleNotInUse() {
     this.scheduledExecutor = scheduledExecutor;
     this.connectingTimer = stopwatchSupplier.get();
     this.syncContext = syncContext;
+    this.metricRecorder = metricRecorder;
     this.callback = callback;
     this.channelz = channelz;
     this.callsTracer = callsTracer;
@@ -265,6 +267,7 @@ private void startNewTransport() {
           .setAuthority(eagChannelAuthority != null ? eagChannelAuthority : authority)
           .setEagAttributes(currentEagAttributes)
           .setUserAgent(userAgent)
+          .setMetricRecorder(metricRecorder)
           .setHttpConnectProxiedSocketAddress(proxiedAddr);
     TransportLogger transportLogger = new TransportLogger();
     // In case the transport logs in the constructor, use the subchannel logId
diff --git a/core/src/main/java/io/grpc/internal/ServerImplBuilder.java b/core/src/main/java/io/grpc/internal/ServerImplBuilder.java
index f6566e067db..62a0e66f314 100644
--- a/core/src/main/java/io/grpc/internal/ServerImplBuilder.java
+++ b/core/src/main/java/io/grpc/internal/ServerImplBuilder.java
@@ -31,6 +31,9 @@
 import io.grpc.HandlerRegistry;
 import io.grpc.InternalChannelz;
 import io.grpc.InternalConfiguratorRegistry;
+import io.grpc.MetricInstrumentRegistry;
+import io.grpc.MetricRecorder;
+import io.grpc.MetricSink;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
 import io.grpc.ServerCallExecutorSupplier;
@@ -80,6 +83,7 @@ public static ServerBuilder<?> forPort(int port) {
   final List<ServerTransportFilter> transportFilters = new ArrayList<>();
   final List<ServerInterceptor> interceptors = new ArrayList<>();
   private final List<ServerStreamTracer.Factory> streamTracerFactories = new ArrayList<>();
+  final List<MetricSink> metricSinks = new ArrayList<>();
   private final ClientTransportServersBuilder clientTransportServersBuilder;
   HandlerRegistry fallbackRegistry = DEFAULT_FALLBACK_REGISTRY;
   ObjectPool<? extends Executor> executorPool = DEFAULT_EXECUTOR_POOL;
@@ -104,7 +108,8 @@ public static ServerBuilder<?> forPort(int port) {
    */
   public interface ClientTransportServersBuilder {
     InternalServer buildClientTransportServers(
-        List<? extends ServerStreamTracer.Factory> streamTracerFactories);
+        List<? extends ServerStreamTracer.Factory> streamTracerFactories,
+        MetricRecorder metricRecorder);
   }
 
   /**
@@ -157,6 +162,15 @@ public ServerImplBuilder intercept(ServerInterceptor interceptor) {
     return this;
   }
 
+  /**
+   * Adds a MetricSink to the server.
+   */
+  @Override
+  public ServerImplBuilder addMetricSink(MetricSink metricSink) {
+    metricSinks.add(checkNotNull(metricSink, "metricSink"));
+    return this;
+  }
+
   @Override
   public ServerImplBuilder addStreamTracerFactory(ServerStreamTracer.Factory factory) {
     streamTracerFactories.add(checkNotNull(factory, "factory"));
@@ -241,8 +255,11 @@ public void setDeadlineTicker(Deadline.Ticker ticker) {
 
   @Override
   public Server build() {
+    MetricRecorder metricRecorder = new MetricRecorderImpl(metricSinks,
+        MetricInstrumentRegistry.getDefaultRegistry());
     return new ServerImpl(this,
-        clientTransportServersBuilder.buildClientTransportServers(getTracerFactories()),
+        clientTransportServersBuilder.buildClientTransportServers(
+                getTracerFactories(), metricRecorder),
         Context.ROOT);
   }
 
diff --git a/core/src/test/java/io/grpc/internal/ServerImplBuilderTest.java b/core/src/test/java/io/grpc/internal/ServerImplBuilderTest.java
index 7ad7f15f358..c2cb281a19e 100644
--- a/core/src/test/java/io/grpc/internal/ServerImplBuilderTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerImplBuilderTest.java
@@ -22,6 +22,9 @@
 import io.grpc.InternalConfigurator;
 import io.grpc.InternalConfiguratorRegistry;
 import io.grpc.Metadata;
+import io.grpc.MetricRecorder;
+import io.grpc.MetricSink;
+import io.grpc.NoopMetricSink;
 import io.grpc.ServerBuilder;
 import io.grpc.ServerCall;
 import io.grpc.ServerCallHandler;
@@ -73,7 +76,8 @@ public void setUp() throws Exception {
         new ClientTransportServersBuilder() {
           @Override
           public InternalServer buildClientTransportServers(
-              List<? extends ServerStreamTracer.Factory> streamTracerFactories) {
+              List<? extends ServerStreamTracer.Factory> streamTracerFactories,
+              MetricRecorder metricRecorder) {
             throw new UnsupportedOperationException();
           }
         });
@@ -128,6 +132,13 @@ public void getTracerFactories_disableBoth() {
     assertThat(factories).containsExactly(DUMMY_USER_TRACER);
   }
 
+  @Test
+  public void addMetricSink_addsToSinks() {
+    MetricSink noopMetricSink = new NoopMetricSink();
+    builder.addMetricSink(noopMetricSink);
+    assertThat(builder.metricSinks).containsExactly(noopMetricSink);
+  }
+
   @Test
   public void getTracerFactories_callsGet() throws Exception {
     Class<?> runnable = classLoader.loadClass(StaticTestingClassLoaderCallsGet.class.getName());
@@ -139,7 +150,7 @@ public static final class StaticTestingClassLoaderCallsGet implements Runnable {
     public void run() {
       ServerImplBuilder builder =
           new ServerImplBuilder(
-              streamTracerFactories -> {
+              (streamTracerFactories, metricRecorder) -> {
                 throw new UnsupportedOperationException();
               });
       assertThat(builder.getTracerFactories()).hasSize(2);
@@ -169,7 +180,7 @@ public void configureServerBuilder(ServerBuilder<?> builder) {
           }));
       ServerImplBuilder builder =
           new ServerImplBuilder(
-              streamTracerFactories -> {
+              (streamTracerFactories, metricRecorder) -> {
                 throw new UnsupportedOperationException();
               });
       assertThat(builder.getTracerFactories()).containsExactly(DUMMY_USER_TRACER);
@@ -192,7 +203,7 @@ public void run() {
       InternalConfiguratorRegistry.setConfigurators(Collections.emptyList());
       ServerImplBuilder builder =
           new ServerImplBuilder(
-              streamTracerFactories -> {
+              (streamTracerFactories, metricRecorder) -> {
                 throw new UnsupportedOperationException();
               });
       assertThat(builder.getTracerFactories()).isEmpty();
diff --git a/core/src/test/java/io/grpc/internal/ServerImplTest.java b/core/src/test/java/io/grpc/internal/ServerImplTest.java
index 0f18efe078c..3405cb9bb0c 100644
--- a/core/src/test/java/io/grpc/internal/ServerImplTest.java
+++ b/core/src/test/java/io/grpc/internal/ServerImplTest.java
@@ -65,6 +65,7 @@
 import io.grpc.InternalServerInterceptors;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerCall;
 import io.grpc.ServerCall.Listener;
 import io.grpc.ServerCallExecutorSupplier;
@@ -206,7 +207,8 @@ public void startUp() throws IOException {
         new ClientTransportServersBuilder() {
           @Override
           public InternalServer buildClientTransportServers(
-              List<? extends ServerStreamTracer.Factory> streamTracerFactories) {
+              List<? extends ServerStreamTracer.Factory> streamTracerFactories,
+              MetricRecorder metricRecorder) {
             throw new UnsupportedOperationException();
           }
         });
diff --git a/inprocess/src/main/java/io/grpc/inprocess/InProcessServerBuilder.java b/inprocess/src/main/java/io/grpc/inprocess/InProcessServerBuilder.java
index 190f67603c3..b2004426aae 100644
--- a/inprocess/src/main/java/io/grpc/inprocess/InProcessServerBuilder.java
+++ b/inprocess/src/main/java/io/grpc/inprocess/InProcessServerBuilder.java
@@ -24,6 +24,7 @@
 import io.grpc.ExperimentalApi;
 import io.grpc.ForwardingServerBuilder;
 import io.grpc.Internal;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerBuilder;
 import io.grpc.ServerStreamTracer;
 import io.grpc.internal.FixedObjectPool;
@@ -120,7 +121,8 @@ private InProcessServerBuilder(SocketAddress listenAddress) {
     final class InProcessClientTransportServersBuilder implements ClientTransportServersBuilder {
       @Override
       public InternalServer buildClientTransportServers(
-          List<? extends ServerStreamTracer.Factory> streamTracerFactories) {
+          List<? extends ServerStreamTracer.Factory> streamTracerFactories,
+          MetricRecorder metricRecorder) {
         return buildTransportServers(streamTracerFactories);
       }
     }
diff --git a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
index 258aa15b005..e64f1065681 100644
--- a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
@@ -856,6 +856,7 @@ public void run() {
               localSocketPicker,
               channelLogger,
               useGetForSafeMethods,
+              options.getMetricRecorder(),
               Ticker.systemTicker());
       return transport;
     }
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
index 8ebf89842ad..14a1d7535ad 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -30,6 +30,7 @@
 import io.grpc.InternalChannelz;
 import io.grpc.InternalStatus;
 import io.grpc.Metadata;
+import io.grpc.MetricRecorder;
 import io.grpc.Status;
 import io.grpc.StatusException;
 import io.grpc.internal.ClientStreamListener.RpcProgress;
@@ -123,6 +124,7 @@ class NettyClientHandler extends AbstractNettyHandler {
   private final Supplier<Stopwatch> stopwatchFactory;
   private final TransportTracer transportTracer;
   private final Attributes eagAttributes;
+  private final TcpMetrics tcpMetrics;
   private final String authority;
   private final InUseStateAggregator<Http2Stream> inUseState =
       new InUseStateAggregator<Http2Stream>() {
@@ -164,7 +166,8 @@ static NettyClientHandler newHandler(
       Attributes eagAttributes,
       String authority,
       ChannelLogger negotiationLogger,
-      Ticker ticker) {
+      Ticker ticker,
+      MetricRecorder metricRecorder) {
     Preconditions.checkArgument(maxHeaderListSize > 0, "maxHeaderListSize must be positive");
     Http2HeadersDecoder headersDecoder = new GrpcHttp2ClientHeadersDecoder(maxHeaderListSize);
     Http2FrameReader frameReader = new DefaultHttp2FrameReader(headersDecoder);
@@ -194,7 +197,8 @@ static NettyClientHandler newHandler(
         eagAttributes,
         authority,
         negotiationLogger,
-        ticker);
+        ticker,
+        metricRecorder);
   }
 
   @VisibleForTesting
@@ -214,7 +218,8 @@ static NettyClientHandler newHandler(
       Attributes eagAttributes,
       String authority,
       ChannelLogger negotiationLogger,
-      Ticker ticker) {
+      Ticker ticker,
+      MetricRecorder metricRecorder) {
     Preconditions.checkNotNull(connection, "connection");
     Preconditions.checkNotNull(frameReader, "frameReader");
     Preconditions.checkNotNull(lifecycleManager, "lifecycleManager");
@@ -269,7 +274,8 @@ static NettyClientHandler newHandler(
         pingCounter,
         ticker,
         maxHeaderListSize,
-        softLimitHeaderListSize);
+        softLimitHeaderListSize,
+        metricRecorder);
   }
 
   private NettyClientHandler(
@@ -288,7 +294,8 @@ private NettyClientHandler(
       PingLimiter pingLimiter,
       Ticker ticker,
       int maxHeaderListSize,
-      int softLimitHeaderListSize) {
+      int softLimitHeaderListSize,
+      MetricRecorder metricRecorder) {
     super(
         /* channelUnused= */ null,
         decoder,
@@ -308,6 +315,7 @@ private NettyClientHandler(
     this.authority = authority;
     this.attributes = Attributes.newBuilder()
         .set(GrpcAttributes.ATTR_CLIENT_EAG_ATTRS, eagAttributes).build();
+    this.tcpMetrics = new TcpMetrics(metricRecorder);
 
     // Set the frame listener on the decoder.
     decoder().frameListener(new FrameListener());
@@ -478,6 +486,7 @@ private void onRstStreamRead(int streamId, long errorCode) {
 
   @Override
   public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {
+    tcpMetrics.recordTcpInfo(ctx.channel());
     logger.fine("Network channel being closed by the application.");
     if (ctx.channel().isActive()) { // Ignore notification that the socket was closed
       lifecycleManager.notifyShutdown(
@@ -490,10 +499,17 @@ public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exce
   /**
    * Handler for the Channel shutting down.
    */
+  @Override
+  public void channelActive(ChannelHandlerContext ctx) throws Exception {
+    tcpMetrics.channelActive(ctx.channel());
+    super.channelActive(ctx);
+  }
+
   @Override
   public void channelInactive(ChannelHandlerContext ctx) throws Exception {
     try {
       logger.fine("Network channel is closed");
+      tcpMetrics.channelInactive(ctx.channel());
       Status status = Status.UNAVAILABLE.withDescription("Network closed for unknown reason");
       lifecycleManager.notifyShutdown(status, SimpleDisconnectError.UNKNOWN);
       final Status streamStatus;
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
index 53914b3c877..6585df42df3 100644
--- a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
@@ -34,6 +34,7 @@
 import io.grpc.InternalLogId;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.MetricRecorder;
 import io.grpc.Status;
 import io.grpc.internal.ClientStream;
 import io.grpc.internal.ConnectionClientTransport;
@@ -108,6 +109,7 @@ class NettyClientTransport implements ConnectionClientTransport,
   private final ChannelLogger channelLogger;
   private final boolean useGetForSafeMethods;
   private final Ticker ticker;
+  private final MetricRecorder metricRecorder;
 
 
   NettyClientTransport(
@@ -132,6 +134,7 @@ class NettyClientTransport implements ConnectionClientTransport,
       LocalSocketPicker localSocketPicker,
       ChannelLogger channelLogger,
       boolean useGetForSafeMethods,
+      MetricRecorder metricRecorder,
       Ticker ticker) {
 
     this.negotiator = Preconditions.checkNotNull(negotiator, "negotiator");
@@ -159,6 +162,7 @@ class NettyClientTransport implements ConnectionClientTransport,
     this.logId = InternalLogId.allocate(getClass(), remoteAddress.toString());
     this.channelLogger = Preconditions.checkNotNull(channelLogger, "channelLogger");
     this.useGetForSafeMethods = useGetForSafeMethods;
+    this.metricRecorder = metricRecorder;
     this.ticker = Preconditions.checkNotNull(ticker, "ticker");
   }
 
@@ -251,7 +255,8 @@ public Runnable start(Listener transportListener) {
             eagAttributes,
             authorityString,
             channelLogger,
-            ticker);
+            ticker,
+            metricRecorder);
 
     ChannelHandler negotiationHandler = negotiator.newHandler(handler);
 
diff --git a/netty/src/main/java/io/grpc/netty/NettyServer.java b/netty/src/main/java/io/grpc/netty/NettyServer.java
index 1cf67ea25ca..2bb6b2c5921 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServer.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServer.java
@@ -31,6 +31,7 @@
 import io.grpc.InternalInstrumented;
 import io.grpc.InternalLogId;
 import io.grpc.InternalWithLogId;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerStreamTracer;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.ObjectPool;
@@ -93,6 +94,7 @@ class NettyServer implements InternalServer, InternalWithLogId {
   private final int maxMessageSize;
   private final int maxHeaderListSize;
   private final int softLimitHeaderListSize;
+  private MetricRecorder metricRecorder;
   private final long keepAliveTimeInNanos;
   private final long keepAliveTimeoutInNanos;
   private final long maxConnectionIdleInNanos;
@@ -136,8 +138,10 @@ class NettyServer implements InternalServer, InternalWithLogId {
       long maxConnectionAgeInNanos, long maxConnectionAgeGraceInNanos,
       boolean permitKeepAliveWithoutCalls, long permitKeepAliveTimeInNanos,
       int maxRstCount, long maxRstPeriodNanos,
-      Attributes eagAttributes, InternalChannelz channelz) {
+      Attributes eagAttributes, InternalChannelz channelz,
+      MetricRecorder metricRecorder) {
     this.addresses = checkNotNull(addresses, "addresses");
+    this.metricRecorder = metricRecorder;
     this.channelFactory = checkNotNull(channelFactory, "channelFactory");
     checkNotNull(channelOptions, "channelOptions");
     this.channelOptions = new HashMap<ChannelOption<?>, Object>(channelOptions);
@@ -174,6 +178,7 @@ class NettyServer implements InternalServer, InternalWithLogId {
         String.valueOf(addresses));
   }
 
+
   @Override
   public SocketAddress getListenSocketAddress() {
     Iterator<Channel> it = channelGroup.iterator();
@@ -272,7 +277,8 @@ public void initChannel(Channel ch) {
                     permitKeepAliveTimeInNanos,
                     maxRstCount,
                     maxRstPeriodNanos,
-                    eagAttributes);
+                    eagAttributes,
+                    metricRecorder);
         ServerTransportListener transportListener;
         // This is to order callbacks on the listener, not to guard access to channel.
         synchronized (NettyServer.this) {
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java
index eb3a6d9b538..3c9d2bbe184 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java
@@ -32,6 +32,7 @@
 import io.grpc.ExperimentalApi;
 import io.grpc.ForwardingServerBuilder;
 import io.grpc.Internal;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerBuilder;
 import io.grpc.ServerCredentials;
 import io.grpc.ServerStreamTracer;
@@ -164,8 +165,9 @@ public static NettyServerBuilder forAddress(SocketAddress address, ServerCredent
   private final class NettyClientTransportServersBuilder implements ClientTransportServersBuilder {
     @Override
     public InternalServer buildClientTransportServers(
-        List<? extends ServerStreamTracer.Factory> streamTracerFactories) {
-      return buildTransportServers(streamTracerFactories);
+        List<? extends ServerStreamTracer.Factory> streamTracerFactories,
+        MetricRecorder metricRecorder) {
+      return buildTransportServers(streamTracerFactories, metricRecorder);
     }
   }
 
@@ -703,8 +705,10 @@ void eagAttributes(Attributes eagAttributes) {
     this.eagAttributes = checkNotNull(eagAttributes, "eagAttributes");
   }
 
+  @VisibleForTesting
   NettyServer buildTransportServers(
-      List<? extends ServerStreamTracer.Factory> streamTracerFactories) {
+      List<? extends ServerStreamTracer.Factory> streamTracerFactories,
+      MetricRecorder metricRecorder) {
     assertEventLoopsAndChannelType();
 
     ProtocolNegotiator negotiator = protocolNegotiatorFactory.newNegotiator(
@@ -737,7 +741,8 @@ NettyServer buildTransportServers(
         maxRstCount,
         maxRstPeriodNanos,
         eagAttributes,
-        this.serverImplBuilder.getChannelz());
+        this.serverImplBuilder.getChannelz(),
+        metricRecorder);
   }
 
   @VisibleForTesting
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
index 036fde55e2c..79715ca2996 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerHandler.java
@@ -42,6 +42,7 @@
 import io.grpc.InternalMetadata;
 import io.grpc.InternalStatus;
 import io.grpc.Metadata;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.internal.GrpcUtil;
@@ -127,6 +128,7 @@ class NettyServerHandler extends AbstractNettyHandler {
   private final Http2Connection.PropertyKey streamKey;
   private final ServerTransportListener transportListener;
   private final int maxMessageSize;
+  private final TcpMetrics tcpMetrics;
   private final long keepAliveTimeInNanos;
   private final long keepAliveTimeoutInNanos;
   private final long maxConnectionAgeInNanos;
@@ -174,7 +176,8 @@ static NettyServerHandler newHandler(
       long permitKeepAliveTimeInNanos,
       int maxRstCount,
       long maxRstPeriodNanos,
-      Attributes eagAttributes) {
+      Attributes eagAttributes,
+      MetricRecorder metricRecorder) {
     Preconditions.checkArgument(maxHeaderListSize > 0, "maxHeaderListSize must be positive: %s",
         maxHeaderListSize);
     Http2FrameLogger frameLogger = new Http2FrameLogger(LogLevel.DEBUG, NettyServerHandler.class);
@@ -208,7 +211,8 @@ static NettyServerHandler newHandler(
         maxRstCount,
         maxRstPeriodNanos,
         eagAttributes,
-        Ticker.systemTicker());
+        Ticker.systemTicker(),
+        metricRecorder);
   }
 
   static NettyServerHandler newHandler(
@@ -234,7 +238,8 @@ static NettyServerHandler newHandler(
       int maxRstCount,
       long maxRstPeriodNanos,
       Attributes eagAttributes,
-      Ticker ticker) {
+      Ticker ticker,
+      MetricRecorder metricRecorder) {
     Preconditions.checkArgument(maxStreams > 0, "maxStreams must be positive: %s", maxStreams);
     Preconditions.checkArgument(flowControlWindow > 0, "flowControlWindow must be positive: %s",
         flowControlWindow);
@@ -294,7 +299,8 @@ static NettyServerHandler newHandler(
         keepAliveEnforcer,
         autoFlowControl,
         rstStreamCounter,
-        eagAttributes, ticker);
+        eagAttributes, ticker,
+        metricRecorder);
   }
 
   private NettyServerHandler(
@@ -318,7 +324,8 @@ private NettyServerHandler(
       boolean autoFlowControl,
       RstStreamCounter rstStreamCounter,
       Attributes eagAttributes,
-      Ticker ticker) {
+      Ticker ticker,
+      MetricRecorder metricRecorder) {
     super(
         channelUnused,
         decoder,
@@ -362,6 +369,7 @@ public void onStreamClosed(Http2Stream stream) {
 
     checkArgument(maxMessageSize >= 0, "maxMessageSize must be non-negative: %s", maxMessageSize);
     this.maxMessageSize = maxMessageSize;
+    this.tcpMetrics = new TcpMetrics(metricRecorder);
     this.keepAliveTimeInNanos = keepAliveTimeInNanos;
     this.keepAliveTimeoutInNanos = keepAliveTimeoutInNanos;
     this.maxConnectionIdleManager = maxConnectionIdleManager;
@@ -661,9 +669,16 @@ void setKeepAliveManagerForTest(KeepAliveManager keepAliveManager) {
   /**
    * Handler for the Channel shutting down.
    */
+  @Override
+  public void channelActive(ChannelHandlerContext ctx) throws Exception {
+    tcpMetrics.channelActive(ctx.channel());
+    super.channelActive(ctx);
+  }
+
   @Override
   public void channelInactive(ChannelHandlerContext ctx) throws Exception {
     try {
+      tcpMetrics.channelInactive(ctx.channel());
       if (keepAliveManager != null) {
         keepAliveManager.onTransportTermination();
       }
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerTransport.java b/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
index 758ffeee5b1..c0e52b75876 100644
--- a/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerTransport.java
@@ -25,6 +25,7 @@
 import io.grpc.Attributes;
 import io.grpc.InternalChannelz.SocketStats;
 import io.grpc.InternalLogId;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.internal.ServerTransport;
@@ -81,6 +82,7 @@ class NettyServerTransport implements ServerTransport {
   private final int maxRstCount;
   private final long maxRstPeriodNanos;
   private final Attributes eagAttributes;
+  private final MetricRecorder metricRecorder;
   private final List<? extends ServerStreamTracer.Factory> streamTracerFactories;
   private final TransportTracer transportTracer;
 
@@ -105,7 +107,8 @@ class NettyServerTransport implements ServerTransport {
       long permitKeepAliveTimeInNanos,
       int maxRstCount,
       long maxRstPeriodNanos,
-      Attributes eagAttributes) {
+      Attributes eagAttributes,
+      MetricRecorder metricRecorder) {
     this.channel = Preconditions.checkNotNull(channel, "channel");
     this.channelUnused = channelUnused;
     this.protocolNegotiator = Preconditions.checkNotNull(protocolNegotiator, "protocolNegotiator");
@@ -128,6 +131,7 @@ class NettyServerTransport implements ServerTransport {
     this.maxRstCount = maxRstCount;
     this.maxRstPeriodNanos = maxRstPeriodNanos;
     this.eagAttributes = Preconditions.checkNotNull(eagAttributes, "eagAttributes");
+    this.metricRecorder = metricRecorder;
     SocketAddress remote = channel.remoteAddress();
     this.logId = InternalLogId.allocate(getClass(), remote != null ? remote.toString() : null);
   }
@@ -289,6 +293,7 @@ private NettyServerHandler createHandler(
         permitKeepAliveTimeInNanos,
         maxRstCount,
         maxRstPeriodNanos,
-        eagAttributes);
+        eagAttributes,
+        metricRecorder);
   }
 }
diff --git a/netty/src/main/java/io/grpc/netty/TcpMetrics.java b/netty/src/main/java/io/grpc/netty/TcpMetrics.java
new file mode 100644
index 00000000000..c5809a5677e
--- /dev/null
+++ b/netty/src/main/java/io/grpc/netty/TcpMetrics.java
@@ -0,0 +1,227 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.netty;
+
+import com.google.common.annotations.VisibleForTesting;
+import io.grpc.InternalTcpMetrics;
+import io.grpc.MetricRecorder;
+import io.netty.channel.Channel;
+import io.netty.util.concurrent.ScheduledFuture;
+import java.lang.reflect.Method;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.concurrent.ThreadLocalRandom;
+import java.util.concurrent.TimeUnit;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * Utility for collecting TCP metrics from Netty channels.
+ */
+final class TcpMetrics {
+  private static final Logger log = Logger.getLogger(TcpMetrics.class.getName());
+
+  static EpollInfo epollInfo = loadEpollInfo();
+
+  static final class EpollInfo {
+    final Class<?> channelClass;
+    final java.lang.reflect.Constructor<?> infoConstructor;
+    final Method tcpInfo;
+    final Method totalRetrans;
+    final Method retransmits;
+    final Method rtt;
+
+    EpollInfo(
+        Class<?> channelClass,
+        java.lang.reflect.Constructor<?> infoConstructor,
+        Method tcpInfo,
+        Method totalRetrans,
+        Method retransmits,
+        Method rtt) {
+      this.channelClass = channelClass;
+      this.infoConstructor = infoConstructor;
+      this.tcpInfo = tcpInfo;
+      this.totalRetrans = totalRetrans;
+      this.retransmits = retransmits;
+      this.rtt = rtt;
+    }
+  }
+
+  static EpollInfo loadEpollInfo() {
+    boolean epollAvailable = false;
+    try {
+      Class<?> epollClass = Class.forName("io.netty.channel.epoll.Epoll");
+      Method isAvailableMethod = epollClass.getDeclaredMethod("isAvailable");
+      epollAvailable = (Boolean) isAvailableMethod.invoke(null);
+      if (epollAvailable) {
+        Class<?> channelClass = Class.forName("io.netty.channel.epoll.EpollSocketChannel");
+        Class<?> infoClass = Class.forName("io.netty.channel.epoll.EpollTcpInfo");
+        return new EpollInfo(
+            channelClass,
+            infoClass.getDeclaredConstructor(),
+            channelClass.getMethod("tcpInfo", infoClass),
+            infoClass.getMethod("totalRetrans"),
+            infoClass.getMethod("retrans"),
+            infoClass.getMethod("rtt"));
+      }
+    } catch (ReflectiveOperationException e) {
+      log.log(Level.FINE, "Failed to initialize Epoll tcp_info reflection", e);
+    } finally {
+      log.log(Level.INFO, "Epoll available during static init of TcpMetrics:"
+          + "{0}", epollAvailable);
+    }
+    return null;
+  }
+
+  private static final long RECORD_INTERVAL_MILLIS = TimeUnit.MINUTES.toMillis(5);
+  private final MetricRecorder metricRecorder;
+  private final Object tcpInfo;
+  private long lastTotalRetrans = 0;
+  private ScheduledFuture<?> reportTimer;
+
+  TcpMetrics(MetricRecorder metricRecorder) {
+    this.metricRecorder = metricRecorder;
+
+    Object tcpInfo = null;
+    if (epollInfo != null) {
+      try {
+        tcpInfo = epollInfo.infoConstructor.newInstance();
+      } catch (ReflectiveOperationException e) {
+        log.log(Level.FINE, "Failed to instantiate EpollTcpInfo", e);
+      }
+    }
+    this.tcpInfo = tcpInfo;
+  }
+
+  void channelActive(Channel channel) {
+    List<String> labelValues = getLabelValues(channel);
+    metricRecorder.addLongCounter(InternalTcpMetrics.CONNECTIONS_CREATED_INSTRUMENT, 1,
+        Collections.emptyList(), labelValues);
+    metricRecorder.addLongUpDownCounter(InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT, 1,
+        Collections.emptyList(), labelValues);
+    scheduleNextReport(channel, true);
+  }
+
+  private void scheduleNextReport(final Channel channel, boolean isInitial) {
+    if (epollInfo == null || !epollInfo.channelClass.isInstance(channel) || !channel.isActive()) {
+      return;
+    }
+
+    // Initial report has a larger jitter range to spread out initial connections.
+    // Subsequent reports have a smaller jitter range to avoid drift.
+    double jitter = isInitial
+        ? 0.1 + ThreadLocalRandom.current().nextDouble() // 10% to 110%
+        : 0.9 + ThreadLocalRandom.current().nextDouble() * 0.2; // 90% to 110%
+    long rearmingDelay = (long) (RECORD_INTERVAL_MILLIS * jitter);
+
+    reportTimer = channel.eventLoop().schedule(() -> {
+      if (channel.isActive()) {
+        recordTcpInfo(channel, false);
+        scheduleNextReport(channel, false); // Re-arm
+      }
+    }, rearmingDelay, TimeUnit.MILLISECONDS);
+  }
+
+  void channelInactive(Channel channel) {
+    if (reportTimer != null) {
+      reportTimer.cancel(false);
+    }
+    List<String> labelValues = getLabelValues(channel);
+    metricRecorder.addLongUpDownCounter(InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT, -1,
+        Collections.emptyList(), labelValues);
+    // Final collection on close
+    if (epollInfo != null && epollInfo.channelClass.isInstance(channel)) {
+      recordTcpInfo(channel, true);
+    }
+  }
+
+  void recordTcpInfo(Channel channel) {
+    recordTcpInfo(channel, false);
+  }
+
+  private void recordTcpInfo(Channel channel, boolean isClose) {
+    if (epollInfo == null || !epollInfo.channelClass.isInstance(channel)) {
+      return;
+    }
+    List<String> labelValues = getLabelValues(channel);
+    long totalRetrans;
+    long retransmits;
+    long rtt;
+    try {
+      epollInfo.tcpInfo.invoke(channel, tcpInfo);
+      totalRetrans = (Long) epollInfo.totalRetrans.invoke(tcpInfo);
+      retransmits = (Long) epollInfo.retransmits.invoke(tcpInfo);
+      rtt = (Long) epollInfo.rtt.invoke(tcpInfo);
+    } catch (ReflectiveOperationException e) {
+      log.log(Level.FINE, "Error computing TCP metrics", e);
+      return;
+    }
+
+    long deltaTotal = totalRetrans - lastTotalRetrans;
+    if (deltaTotal > 0) {
+      metricRecorder.addLongCounter(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT,
+          deltaTotal, Collections.emptyList(), labelValues);
+      lastTotalRetrans = totalRetrans;
+    }
+    if (isClose && retransmits > 0) {
+      metricRecorder.addLongCounter(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT,
+          retransmits, Collections.emptyList(), labelValues);
+    }
+    metricRecorder.recordDoubleHistogram(InternalTcpMetrics.MIN_RTT_INSTRUMENT,
+        rtt / 1000000.0, // Convert microseconds to seconds
+        Collections.emptyList(), labelValues);
+  }
+
+  @VisibleForTesting
+  ScheduledFuture<?> getReportTimer() {
+    return reportTimer;
+  }
+
+  private static List<String> getLabelValues(Channel channel) {
+    String localAddress = "";
+    String localPort = "";
+    String peerAddress = "";
+    String peerPort = "";
+
+    SocketAddress local = channel.localAddress();
+    if (local instanceof InetSocketAddress) {
+      InetSocketAddress inetLocal = (InetSocketAddress) local;
+      if (inetLocal.getAddress() != null) {
+        localAddress = inetLocal.getAddress().getHostAddress();
+      } else if (inetLocal.getHostString() != null) {
+        localAddress = inetLocal.getHostString();
+      }
+      localPort = String.valueOf(inetLocal.getPort());
+    }
+
+    SocketAddress remote = channel.remoteAddress();
+    if (remote instanceof InetSocketAddress) {
+      InetSocketAddress inetRemote = (InetSocketAddress) remote;
+      if (inetRemote.getAddress() != null) {
+        peerAddress = inetRemote.getAddress().getHostAddress();
+      } else if (inetRemote.getHostString() != null) {
+        peerAddress = inetRemote.getHostString();
+      }
+      peerPort = String.valueOf(inetRemote.getPort());
+    }
+
+    return Arrays.asList(localAddress, localPort, peerAddress, peerPort);
+  }
+}
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
index 53598727efd..9f6be9a2f3e 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -57,6 +57,7 @@
 import io.grpc.Attributes;
 import io.grpc.CallOptions;
 import io.grpc.Metadata;
+import io.grpc.MetricRecorder;
 import io.grpc.Status;
 import io.grpc.internal.AbstractStream;
 import io.grpc.internal.ClientStreamListener;
@@ -1165,7 +1166,8 @@ public Stopwatch get() {
         Attributes.EMPTY,
         "someauthority",
         null,
-        fakeClock().getTicker());
+        fakeClock().getTicker(),
+        new MetricRecorder() {});
   }
 
   @Override
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
index db44c8f50fd..7023acc947c 100644
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@@ -56,6 +56,7 @@
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.MethodDescriptor.Marshaller;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.Status.Code;
@@ -228,30 +229,31 @@ public void setSoLingerChannelOption() throws IOException, GeneralSecurityExcept
     // set SO_LINGER option
     int soLinger = 123;
     channelOptions.put(ChannelOption.SO_LINGER, soLinger);
-    NettyClientTransport transport =
-        new NettyClientTransport(
-            address,
-            new ReflectiveChannelFactory<>(NioSocketChannel.class),
-            channelOptions,
-            group,
-            newNegotiator(),
-            false,
-            DEFAULT_WINDOW_SIZE,
-            DEFAULT_MAX_MESSAGE_SIZE,
-            GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
-            GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
-            KEEPALIVE_TIME_NANOS_DISABLED,
-            1L,
-            false,
-            authority,
-            null /* user agent */,
-            tooManyPingsRunnable,
-            new TransportTracer(),
-            Attributes.EMPTY,
-            new SocketPicker(),
-            new FakeChannelLogger(),
-            false,
-            Ticker.systemTicker());
+    NettyClientTransport transport = new NettyClientTransport(
+        address,
+        new ReflectiveChannelFactory<>(NioSocketChannel.class),
+        channelOptions,
+        group,
+        newNegotiator(),
+        false,
+        DEFAULT_WINDOW_SIZE,
+        DEFAULT_MAX_MESSAGE_SIZE,
+        GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+        GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+        KEEPALIVE_TIME_NANOS_DISABLED,
+        1L,
+        false,
+        authority,
+        null /* user agent */,
+        tooManyPingsRunnable,
+        new TransportTracer(),
+        Attributes.EMPTY,
+        new SocketPicker(),
+        new FakeChannelLogger(),
+        false,
+        new MetricRecorder() {
+        },
+        Ticker.systemTicker());
     transports.add(transport);
     callMeMaybe(transport.start(clientTransportListener));
 
@@ -503,30 +505,31 @@ private static class CantConstructChannelError extends Error {}
   public void failingToConstructChannelShouldFailGracefully() throws Exception {
     address = TestUtils.testServerAddress(new InetSocketAddress(12345));
     authority = GrpcUtil.authorityFromHostAndPort(address.getHostString(), address.getPort());
-    NettyClientTransport transport =
-        new NettyClientTransport(
-            address,
-            new ReflectiveChannelFactory<>(CantConstructChannel.class),
-            new HashMap<ChannelOption<?>, Object>(),
-            group,
-            newNegotiator(),
-            false,
-            DEFAULT_WINDOW_SIZE,
-            DEFAULT_MAX_MESSAGE_SIZE,
-            GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
-            GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
-            KEEPALIVE_TIME_NANOS_DISABLED,
-            1,
-            false,
-            authority,
-            null,
-            tooManyPingsRunnable,
-            new TransportTracer(),
-            Attributes.EMPTY,
-            new SocketPicker(),
-            new FakeChannelLogger(),
-            false,
-            Ticker.systemTicker());
+    NettyClientTransport transport = new NettyClientTransport(
+        address,
+        new ReflectiveChannelFactory<>(CantConstructChannel.class),
+        new HashMap<ChannelOption<?>, Object>(),
+        group,
+        newNegotiator(),
+        false,
+        DEFAULT_WINDOW_SIZE,
+        DEFAULT_MAX_MESSAGE_SIZE,
+        GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+        GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE,
+        KEEPALIVE_TIME_NANOS_DISABLED,
+        1,
+        false,
+        authority,
+        null,
+        tooManyPingsRunnable,
+        new TransportTracer(),
+        Attributes.EMPTY,
+        new SocketPicker(),
+        new FakeChannelLogger(),
+        false,
+        new MetricRecorder() {
+        },
+        Ticker.systemTicker());
     transports.add(transport);
 
     // Should not throw
@@ -989,7 +992,7 @@ public void authorityOverrideInCallOptions_matchesServerPeerHost_newStreamCreati
 
       new Rpc(transport, new Metadata(), "foo.test.google.fr").waitForResponse();
     } finally {
-      NettyClientHandler.enablePerRpcAuthorityCheck = false;;
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;
     }
   }
 
@@ -1012,7 +1015,7 @@ public void authorityOverrideInCallOptions_portNumberInAuthority_isStrippedForPe
 
       new Rpc(transport, new Metadata(), "foo.test.google.fr:12345").waitForResponse();
     } finally {
-      NettyClientHandler.enablePerRpcAuthorityCheck = false;;
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;
     }
   }
 
@@ -1046,7 +1049,7 @@ public void authorityOverrideInCallOptions_portNumberAndIpv6_isStrippedForPeerVe
           "No subject alternative names matching IP address 2001:db8:3333:4444:5555:6666:1.2.3.4 "
               + "found");
     } finally {
-      NettyClientHandler.enablePerRpcAuthorityCheck = false;;
+      NettyClientHandler.enablePerRpcAuthorityCheck = false;
     }
   }
 
@@ -1125,30 +1128,31 @@ private NettyClientTransport newTransport(ProtocolNegotiator negotiator, int max
     if (!enableKeepAlive) {
       keepAliveTimeNano = KEEPALIVE_TIME_NANOS_DISABLED;
     }
-    NettyClientTransport transport =
-        new NettyClientTransport(
-            address,
-            channelFactory,
-            new HashMap<ChannelOption<?>, Object>(),
-            group,
-            negotiator,
-            false,
-            DEFAULT_WINDOW_SIZE,
-            maxMsgSize,
-            maxHeaderListSize,
-            maxHeaderListSize,
-            keepAliveTimeNano,
-            keepAliveTimeoutNano,
-            false,
-            authority,
-            userAgent,
-            tooManyPingsRunnable,
-            new TransportTracer(),
-            eagAttributes,
-            new SocketPicker(),
-            new FakeChannelLogger(),
-            false,
-            Ticker.systemTicker());
+    NettyClientTransport transport = new NettyClientTransport(
+        address,
+        channelFactory,
+        new HashMap<ChannelOption<?>, Object>(),
+        group,
+        negotiator,
+        false,
+        DEFAULT_WINDOW_SIZE,
+        maxMsgSize,
+        maxHeaderListSize,
+        maxHeaderListSize,
+        keepAliveTimeNano,
+        keepAliveTimeoutNano,
+        false,
+        authority,
+        userAgent,
+        tooManyPingsRunnable,
+        new TransportTracer(),
+        eagAttributes,
+        new SocketPicker(),
+        new FakeChannelLogger(),
+        false,
+        new MetricRecorder() {
+        },
+        Ticker.systemTicker());
     transports.add(transport);
     return transport;
   }
@@ -1167,35 +1171,35 @@ private void startServer(int maxStreamsPerConnection, int maxHeaderListSize) thr
 
   private void startServer(int maxStreamsPerConnection, int maxHeaderListSize,
       ServerListener serverListener) throws IOException {
-    server =
-        new NettyServer(
-            TestUtils.testServerAddresses(new InetSocketAddress(0)),
-            new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
-            new HashMap<ChannelOption<?>, Object>(),
-            new HashMap<ChannelOption<?>, Object>(),
-            new FixedObjectPool<>(group),
-            new FixedObjectPool<>(group),
-            false,
-            negotiator,
-            Collections.<ServerStreamTracer.Factory>emptyList(),
-            TransportTracer.getDefaultFactory(),
-            maxStreamsPerConnection,
-            false,
-            DEFAULT_WINDOW_SIZE,
-            DEFAULT_MAX_MESSAGE_SIZE,
-            maxHeaderListSize,
-            maxHeaderListSize,
-            DEFAULT_SERVER_KEEPALIVE_TIME_NANOS,
-            DEFAULT_SERVER_KEEPALIVE_TIMEOUT_NANOS,
-            MAX_CONNECTION_IDLE_NANOS_DISABLED,
-            MAX_CONNECTION_AGE_NANOS_DISABLED,
-            MAX_CONNECTION_AGE_GRACE_NANOS_INFINITE,
-            true,
-            0,
-            MAX_RST_COUNT_DISABLED,
-            0,
-            Attributes.EMPTY,
-            channelz);
+    server = new NettyServer(
+        TestUtils.testServerAddresses(new InetSocketAddress(0)),
+        new ReflectiveChannelFactory<>(NioServerSocketChannel.class),
+        new HashMap<ChannelOption<?>, Object>(),
+        new HashMap<ChannelOption<?>, Object>(),
+        new FixedObjectPool<>(group),
+        new FixedObjectPool<>(group),
+        false,
+        negotiator,
+        Collections.<ServerStreamTracer.Factory>emptyList(),
+        TransportTracer.getDefaultFactory(),
+        maxStreamsPerConnection,
+        false,
+        DEFAULT_WINDOW_SIZE,
+        DEFAULT_MAX_MESSAGE_SIZE,
+        maxHeaderListSize,
+        maxHeaderListSize,
+        DEFAULT_SERVER_KEEPALIVE_TIME_NANOS,
+        DEFAULT_SERVER_KEEPALIVE_TIMEOUT_NANOS,
+        MAX_CONNECTION_IDLE_NANOS_DISABLED,
+        MAX_CONNECTION_AGE_NANOS_DISABLED,
+        MAX_CONNECTION_AGE_GRACE_NANOS_INFINITE,
+        true,
+        0,
+        MAX_RST_COUNT_DISABLED,
+        0,
+        Attributes.EMPTY,
+        channelz,
+        new MetricRecorder() {});
     server.start(serverListener);
     address = TestUtils.testServerAddress((InetSocketAddress) server.getListenSocketAddress());
     authority = GrpcUtil.authorityFromHostAndPort(address.getHostString(), address.getPort());
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java b/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
index 797cfa95c0e..f3b73a515b5 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
@@ -22,7 +22,7 @@
 import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
-import io.grpc.ServerStreamTracer;
+import io.grpc.MetricRecorder;
 import io.netty.channel.EventLoopGroup;
 import io.netty.channel.local.LocalServerChannel;
 import io.netty.handler.ssl.SslContext;
@@ -43,8 +43,9 @@ public class NettyServerBuilderTest {
   @Test
   public void addMultipleListenAddresses() {
     builder.addListenAddress(new InetSocketAddress(8081));
-    NettyServer server =
-        builder.buildTransportServers(ImmutableList.<ServerStreamTracer.Factory>of());
+    NettyServer server = builder.buildTransportServers(
+        ImmutableList.of(),
+        new MetricRecorder() {});
 
     assertThat(server.getListenSocketAddresses()).hasSize(2);
   }
@@ -189,4 +190,5 @@ public void useNioTransport_shouldNotThrow() {
 
     builder.assertEventLoopsAndChannelType();
   }
+
 }
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
index 0d5a9bab176..1c8d2b5479d 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerHandlerTest.java
@@ -59,6 +59,7 @@
 import io.grpc.Attributes;
 import io.grpc.InternalStatus;
 import io.grpc.Metadata;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.Status.Code;
@@ -129,6 +130,7 @@ public class NettyServerHandlerTest extends NettyHandlerTestBase<NettyServerHand
   private final ServerTransportListener transportListener =
       mock(ServerTransportListener.class, delegatesTo(new ServerTransportListenerImpl()));
   private final TestServerStreamTracer streamTracer = new TestServerStreamTracer();
+  private final MetricRecorder metricRecorder = mock(MetricRecorder.class);
   private NettyServerStream stream;
   private KeepAliveManager spyKeepAliveManager;
   final Queue<InputStream> streamListenerMessageQueue = new LinkedList<>();
@@ -205,6 +207,18 @@ protected void manualSetUp() throws Exception {
     channel().releaseOutbound();
   }
 
+  @Test
+  public void tcpMetrics_recorded() throws Exception {
+    manualSetUp();
+    handler().channelActive(ctx());
+    // Verify that channelActive triggered TcpMetrics
+    verify(metricRecorder, atLeastOnce()).addLongCounter(
+        eq(io.grpc.InternalTcpMetrics.CONNECTIONS_CREATED_INSTRUMENT),
+        eq(1L),
+        any(),
+        any());
+  }
+
   @Test
   public void transportReadyDelayedUntilConnectionPreface() throws Exception {
     initChannel(new GrpcHttp2ServerHeadersDecoder(GrpcUtil.DEFAULT_MAX_HEADER_LIST_SIZE));
@@ -1416,7 +1430,8 @@ protected NettyServerHandler newHandler() {
         maxRstCount,
         maxRstPeriodNanos,
         Attributes.EMPTY,
-        fakeClock().getTicker());
+        fakeClock().getTicker(),
+        metricRecorder);
   }
 
   @Override
diff --git a/netty/src/test/java/io/grpc/netty/NettyServerTest.java b/netty/src/test/java/io/grpc/netty/NettyServerTest.java
index f9bda4c5af1..61c3f9e219e 100644
--- a/netty/src/test/java/io/grpc/netty/NettyServerTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerTest.java
@@ -37,6 +37,7 @@
 import io.grpc.InternalChannelz.SocketStats;
 import io.grpc.InternalInstrumented;
 import io.grpc.Metadata;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerStreamTracer;
 import io.grpc.internal.FixedObjectPool;
 import io.grpc.internal.ServerListener;
@@ -161,7 +162,7 @@ class NoHandlerProtocolNegotiator implements ProtocolNegotiator {
             0,
             0, // ignore
             Attributes.EMPTY,
-            channelz);
+            channelz, mock(MetricRecorder.class));
     final SettableFuture<Void> serverShutdownCalled = SettableFuture.create();
     ns.start(new ServerListener() {
       @Override
@@ -218,7 +219,7 @@ public void multiPortStartStopGet() throws Exception {
             0,
             0, // ignore
             Attributes.EMPTY,
-            channelz);
+            channelz, mock(MetricRecorder.class));
     final SettableFuture<Void> shutdownCompleted = SettableFuture.create();
     ns.start(new ServerListener() {
       @Override
@@ -298,7 +299,7 @@ public void multiPortConnections() throws Exception {
             0,
             0, // ignore
             Attributes.EMPTY,
-            channelz);
+            channelz, mock(MetricRecorder.class));
     final SettableFuture<Void> shutdownCompleted = SettableFuture.create();
     ns.start(new ServerListener() {
       @Override
@@ -366,7 +367,7 @@ public void getPort_notStarted() {
             0,
             0, // ignore
             Attributes.EMPTY,
-            channelz);
+            channelz, mock(MetricRecorder.class));
 
     assertThat(ns.getListenSocketAddress()).isEqualTo(addr);
     assertThat(ns.getListenSocketAddresses()).isEqualTo(addresses);
@@ -447,7 +448,7 @@ class TestProtocolNegotiator implements ProtocolNegotiator {
             0,
             0, // ignore
             eagAttributes,
-            channelz);
+            channelz, mock(MetricRecorder.class));
     ns.start(new ServerListener() {
       @Override
       public ServerTransportListener transportCreated(ServerTransport transport) {
@@ -501,7 +502,7 @@ public void channelzListenSocket() throws Exception {
             0,
             0, // ignore
             Attributes.EMPTY,
-            channelz);
+            channelz, mock(MetricRecorder.class));
     final SettableFuture<Void> shutdownCompleted = SettableFuture.create();
     ns.start(new ServerListener() {
       @Override
@@ -649,7 +650,7 @@ private NettyServer getServer(List<SocketAddress> addr, EventLoopGroup ev) {
         0,
         0, // ignore
         Attributes.EMPTY,
-        channelz);
+        channelz, mock(MetricRecorder.class));
   }
 
   private static class NoopServerTransportListener implements ServerTransportListener {
diff --git a/netty/src/test/java/io/grpc/netty/NettyTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyTransportTest.java
index b779dfbe980..22758a8b727 100644
--- a/netty/src/test/java/io/grpc/netty/NettyTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyTransportTest.java
@@ -22,6 +22,7 @@
 import com.google.common.util.concurrent.SettableFuture;
 import io.grpc.Attributes;
 import io.grpc.ChannelLogger;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.internal.AbstractTransportTest;
@@ -71,7 +72,7 @@ protected InternalServer newServer(
         .forAddress(new InetSocketAddress("localhost", 0))
         .flowControlWindow(AbstractTransportTest.TEST_FLOW_CONTROL_WINDOW)
         .setTransportTracerFactory(fakeClockTransportTracer)
-        .buildTransportServers(streamTracerFactories);
+        .buildTransportServers(streamTracerFactories, new MetricRecorder() {});
   }
 
   @Override
@@ -81,7 +82,7 @@ protected InternalServer newServer(
         .forAddress(new InetSocketAddress("localhost", port))
         .flowControlWindow(AbstractTransportTest.TEST_FLOW_CONTROL_WINDOW)
         .setTransportTracerFactory(fakeClockTransportTracer)
-        .buildTransportServers(streamTracerFactories);
+        .buildTransportServers(streamTracerFactories, new MetricRecorder() {});
   }
 
   @Override
diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 80438532172..403b1b64329 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -46,6 +46,7 @@
 import io.grpc.InternalChannelz;
 import io.grpc.InternalChannelz.Security;
 import io.grpc.Metadata;
+import io.grpc.MetricRecorder;
 import io.grpc.SecurityLevel;
 import io.grpc.ServerCredentials;
 import io.grpc.ServerStreamTracer;
@@ -389,7 +390,9 @@ private Object expectHandshake(
         .buildTransportFactory();
     InternalServer server = NettyServerBuilder
         .forPort(0, serverCreds)
-        .buildTransportServers(Collections.<ServerStreamTracer.Factory>emptyList());
+        .buildTransportServers(
+            Collections.<ServerStreamTracer.Factory>emptyList(),
+            new MetricRecorder() {});
     server.start(serverListener);
 
     ManagedClientTransport.Listener clientTransportListener =
diff --git a/netty/src/test/java/io/grpc/netty/TcpMetricsTest.java b/netty/src/test/java/io/grpc/netty/TcpMetricsTest.java
new file mode 100644
index 00000000000..f75a98b46df
--- /dev/null
+++ b/netty/src/test/java/io/grpc/netty/TcpMetricsTest.java
@@ -0,0 +1,616 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.netty;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNotSame;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+
+import io.grpc.InternalTcpMetrics;
+import io.grpc.MetricRecorder;
+import io.netty.util.concurrent.ScheduledFuture;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import java.util.concurrent.TimeUnit;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+
+@RunWith(JUnit4.class)
+public class TcpMetricsTest {
+
+  @Rule
+  public final MockitoRule mocks = MockitoJUnit.rule();
+
+  @Mock
+  private MetricRecorder metricRecorder;
+
+  private ConfigurableFakeWithTcpInfo channel;
+  private TcpMetrics metrics;
+
+  @Before
+  public void setUp() throws Exception {
+    FakeEpollTcpInfo dummyInfo = new FakeEpollTcpInfo();
+    channel = new ConfigurableFakeWithTcpInfo(dummyInfo);
+    metrics = new TcpMetrics(metricRecorder);
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    TcpMetrics.epollInfo = TcpMetrics.loadEpollInfo();
+  }
+
+  @Test
+  public void metricsInitialization() {
+
+    assertNotNull(InternalTcpMetrics.CONNECTIONS_CREATED_INSTRUMENT);
+    assertNotNull(InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT);
+    assertNotNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT);
+    assertNotNull(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT);
+    assertNotNull(InternalTcpMetrics.MIN_RTT_INSTRUMENT);
+  }
+
+  public static class FakeEpollTcpInfo {
+    long totalRetrans;
+    long retransmits;
+    long rtt;
+
+    public void setValues(long totalRetrans, long retransmits, long rtt) {
+      this.totalRetrans = totalRetrans;
+      this.retransmits = retransmits;
+      this.rtt = rtt;
+    }
+
+    @SuppressWarnings("unused")
+    public long totalRetrans() {
+      return totalRetrans;
+    }
+
+    @SuppressWarnings("unused")
+    public long retrans() {
+      return retransmits;
+    }
+
+    @SuppressWarnings("unused")
+    public long rtt() {
+      return rtt;
+    }
+  }
+
+  @Test
+  public void tracker_recordTcpInfo_reflectionSuccess() throws Exception {
+    MetricRecorder recorder = mock(MetricRecorder.class);
+    TcpMetrics.epollInfo = new TcpMetrics.EpollInfo(
+        ConfigurableFakeWithTcpInfo.class,
+        FakeEpollTcpInfo.class.getConstructor(),
+        ConfigurableFakeWithTcpInfo.class.getMethod("tcpInfo", FakeEpollTcpInfo.class),
+        FakeEpollTcpInfo.class.getMethod("totalRetrans"),
+        FakeEpollTcpInfo.class.getMethod("retrans"),
+        FakeEpollTcpInfo.class.getMethod("rtt"));
+    TcpMetrics tracker = new TcpMetrics(recorder);
+
+    FakeEpollTcpInfo infoSource = new FakeEpollTcpInfo();
+    infoSource.setValues(123, 4, 5000);
+    ConfigurableFakeWithTcpInfo channel = new ConfigurableFakeWithTcpInfo(infoSource);
+    channel.writeInbound("dummy");
+
+    tracker.channelInactive(channel);
+
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(123L), any(), any());
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT)),
+        eq(4L), any(), any());
+    verify(recorder).recordDoubleHistogram(
+        eq(Objects.requireNonNull(InternalTcpMetrics.MIN_RTT_INSTRUMENT)),
+        eq(0.005), any(), any());
+  }
+
+  @Test
+  public void tracker_periodicRecord_doesNotRecordRecurringRetransmits() throws Exception {
+    MetricRecorder recorder = mock(MetricRecorder.class);
+    TcpMetrics.epollInfo = new TcpMetrics.EpollInfo(
+        ConfigurableFakeWithTcpInfo.class,
+        FakeEpollTcpInfo.class.getConstructor(),
+        ConfigurableFakeWithTcpInfo.class.getMethod("tcpInfo", FakeEpollTcpInfo.class),
+        FakeEpollTcpInfo.class.getMethod("totalRetrans"),
+        FakeEpollTcpInfo.class.getMethod("retrans"),
+        FakeEpollTcpInfo.class.getMethod("rtt"));
+    TcpMetrics tracker = new TcpMetrics(recorder);
+
+    FakeEpollTcpInfo infoSource = new FakeEpollTcpInfo();
+    infoSource.setValues(123, 4, 5000);
+    ConfigurableFakeWithTcpInfo channel = new ConfigurableFakeWithTcpInfo(infoSource);
+
+    tracker.channelActive(channel);
+
+    ScheduledFuture<?> timer = tracker.getReportTimer();
+    assertNotNull("Timer should be scheduled", timer);
+
+    long delay = timer.getDelay(TimeUnit.MILLISECONDS);
+    channel.advanceTimeBy(delay + 1, TimeUnit.MILLISECONDS);
+    channel.runScheduledPendingTasks();
+
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(123L), any(), any());
+    verify(recorder).recordDoubleHistogram(
+        eq(Objects.requireNonNull(InternalTcpMetrics.MIN_RTT_INSTRUMENT)),
+        eq(0.005), any(), any());
+    // Should NOT record recurring retransmits during periodic polling
+    verify(recorder, org.mockito.Mockito.never())
+        .addLongCounter(
+            eq(Objects.requireNonNull(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT)),
+            anyLong(), any(), any());
+  }
+
+  @Test
+  public void tracker_channelInactive_recordsRecurringRetransmits_raw_notDelta() throws Exception {
+    MetricRecorder recorder = mock(MetricRecorder.class);
+    TcpMetrics.epollInfo = new TcpMetrics.EpollInfo(
+        ConfigurableFakeWithTcpInfo.class,
+        FakeEpollTcpInfo.class.getConstructor(),
+        ConfigurableFakeWithTcpInfo.class.getMethod("tcpInfo", FakeEpollTcpInfo.class),
+        FakeEpollTcpInfo.class.getMethod("totalRetrans"),
+        FakeEpollTcpInfo.class.getMethod("retrans"),
+        FakeEpollTcpInfo.class.getMethod("rtt"));
+    TcpMetrics tracker = new TcpMetrics(recorder);
+
+    FakeEpollTcpInfo infoSource = new FakeEpollTcpInfo();
+    infoSource.setValues(123, 4, 5000);
+    ConfigurableFakeWithTcpInfo channel = new ConfigurableFakeWithTcpInfo(infoSource);
+
+    tracker.channelActive(channel);
+
+    ScheduledFuture<?> timer = tracker.getReportTimer();
+    assertNotNull("Timer should be scheduled", timer);
+
+    long delay = timer.getDelay(TimeUnit.MILLISECONDS);
+    channel.advanceTimeBy(delay + 1, TimeUnit.MILLISECONDS);
+    channel.runScheduledPendingTasks();
+
+    org.mockito.Mockito.clearInvocations(recorder);
+
+    // Let's just create a new channel instance where tcpInfo sets retrans=5.
+    FakeEpollTcpInfo infoSource2 = new FakeEpollTcpInfo();
+    infoSource2.setValues(130, 5, 5000);
+    ConfigurableFakeWithTcpInfo channel2 = new ConfigurableFakeWithTcpInfo(infoSource2);
+
+    tracker.channelInactive(channel2);
+
+    // It should record delta for totalRetrans (130 - 123 = 7)
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(7L), any(), any());
+    // But for recurringRetransmits it MUST record the raw value 5, not the delta!
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT)),
+        eq(5L), any(), any());
+  }
+
+  @Test
+  public void tracker_periodicRecord_reportsDeltaForTotalRetrans() throws Exception {
+    MetricRecorder recorder = mock(MetricRecorder.class);
+    TcpMetrics.epollInfo = new TcpMetrics.EpollInfo(
+        ConfigurableFakeWithTcpInfo.class,
+        FakeEpollTcpInfo.class.getConstructor(),
+        ConfigurableFakeWithTcpInfo.class.getMethod("tcpInfo", FakeEpollTcpInfo.class),
+        FakeEpollTcpInfo.class.getMethod("totalRetrans"),
+        FakeEpollTcpInfo.class.getMethod("retrans"),
+        FakeEpollTcpInfo.class.getMethod("rtt"));
+    TcpMetrics tracker = new TcpMetrics(recorder);
+
+    FakeEpollTcpInfo infoSource = new FakeEpollTcpInfo();
+    infoSource.setValues(123, 4, 5000);
+    ConfigurableFakeWithTcpInfo channel = new ConfigurableFakeWithTcpInfo(infoSource);
+
+    tracker.channelActive(channel);
+
+    ScheduledFuture<?> timer = tracker.getReportTimer();
+    assertNotNull("Timer should be scheduled", timer);
+
+    long delay = timer.getDelay(TimeUnit.MILLISECONDS);
+    channel.advanceTimeBy(delay + 1, TimeUnit.MILLISECONDS);
+    channel.runScheduledPendingTasks();
+
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(123L), any(), any());
+
+    org.mockito.Mockito.clearInvocations(recorder);
+
+    // Change tcpInfo for second periodic record
+    infoSource.setValues(150, 2, 6000); // 150 - 123 = 27
+
+    ScheduledFuture<?> newTimer = tracker.getReportTimer();
+    assertNotNull("New timer should be scheduled", newTimer);
+    assertNotSame("Timer should be a new instance", timer, newTimer);
+    long newDelay = newTimer.getDelay(TimeUnit.MILLISECONDS);
+    channel.advanceTimeBy(newDelay + 1, TimeUnit.MILLISECONDS);
+    channel.runScheduledPendingTasks();
+
+    // Only the delta (150 - 123 = 27) should be recorded
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(27L), any(), any());
+    verify(recorder).recordDoubleHistogram(
+        eq(Objects.requireNonNull(InternalTcpMetrics.MIN_RTT_INSTRUMENT)),
+        eq(0.006), any(), any());
+    verify(recorder, org.mockito.Mockito.never())
+        .addLongCounter(
+            eq(Objects.requireNonNull(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT)),
+            anyLong(), any(), any());
+  }
+
+  @Test
+  public void tracker_periodicRecord_doesNotReportZeroDeltaForTotalRetrans() throws Exception {
+    MetricRecorder recorder = mock(MetricRecorder.class);
+    TcpMetrics.epollInfo = new TcpMetrics.EpollInfo(
+        ConfigurableFakeWithTcpInfo.class,
+        FakeEpollTcpInfo.class.getConstructor(),
+        ConfigurableFakeWithTcpInfo.class.getMethod("tcpInfo", FakeEpollTcpInfo.class),
+        FakeEpollTcpInfo.class.getMethod("totalRetrans"),
+        FakeEpollTcpInfo.class.getMethod("retrans"),
+        FakeEpollTcpInfo.class.getMethod("rtt"));
+    TcpMetrics tracker = new TcpMetrics(recorder);
+
+    FakeEpollTcpInfo infoSource = new FakeEpollTcpInfo();
+    infoSource.setValues(123, 4, 5000);
+    ConfigurableFakeWithTcpInfo channel = new ConfigurableFakeWithTcpInfo(infoSource);
+
+    tracker.channelActive(channel);
+
+    ScheduledFuture<?> timer = tracker.getReportTimer();
+    assertNotNull("Timer should be scheduled", timer);
+
+    long delay = timer.getDelay(TimeUnit.MILLISECONDS);
+    channel.advanceTimeBy(delay + 1, TimeUnit.MILLISECONDS);
+    channel.runScheduledPendingTasks();
+
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(123L), any(), any());
+
+    org.mockito.Mockito.clearInvocations(recorder);
+
+    // Keep tcpInfo the same for second periodic record
+    ScheduledFuture<?> newTimer = tracker.getReportTimer();
+    assertNotNull("New timer should be scheduled", newTimer);
+    assertNotSame("Timer should be a new instance", timer, newTimer);
+    long newDelay = newTimer.getDelay(TimeUnit.MILLISECONDS);
+    channel.advanceTimeBy(newDelay + 1, TimeUnit.MILLISECONDS);
+    channel.runScheduledPendingTasks();
+
+    // NO delta (123 - 123 = 0), so it should not be recorded
+    verify(recorder, org.mockito.Mockito.never())
+        .addLongCounter(
+            eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+            anyLong(), any(), any());
+
+    // MIN_RTT should be recorded again!
+    verify(recorder).recordDoubleHistogram(
+        eq(Objects.requireNonNull(InternalTcpMetrics.MIN_RTT_INSTRUMENT)),
+        eq(0.005), any(), any());
+  }
+
+  public static class ConfigurableFakeWithTcpInfo extends
+      io.netty.channel.embedded.EmbeddedChannel {
+    private final FakeEpollTcpInfo infoToCopy;
+
+    public ConfigurableFakeWithTcpInfo(FakeEpollTcpInfo infoToCopy) {
+      this.infoToCopy = infoToCopy;
+    }
+
+    public void tcpInfo(FakeEpollTcpInfo info) {
+      info.totalRetrans = infoToCopy.totalRetrans;
+      info.retransmits = infoToCopy.retransmits;
+      info.rtt = infoToCopy.rtt;
+    }
+  }
+
+  private static class AddressOverrideEmbeddedChannel extends
+      io.netty.channel.embedded.EmbeddedChannel {
+    private final SocketAddress local;
+    private final SocketAddress remote;
+
+    public AddressOverrideEmbeddedChannel(SocketAddress local, SocketAddress remote) {
+      this.local = local;
+      this.remote = remote;
+    }
+
+    @Override
+    public SocketAddress localAddress() {
+      return local;
+    }
+
+    @Override
+    public SocketAddress remoteAddress() {
+      return remote;
+    }
+  }
+
+  @Test
+  public void tracker_reportsDeltas_correctly() throws Exception {
+    MetricRecorder recorder = mock(MetricRecorder.class);
+
+    TcpMetrics.epollInfo = new TcpMetrics.EpollInfo(
+        ConfigurableFakeWithTcpInfo.class,
+        FakeEpollTcpInfo.class.getConstructor(),
+        ConfigurableFakeWithTcpInfo.class.getMethod("tcpInfo", FakeEpollTcpInfo.class),
+        FakeEpollTcpInfo.class.getMethod("totalRetrans"),
+        FakeEpollTcpInfo.class.getMethod("retrans"),
+        FakeEpollTcpInfo.class.getMethod("rtt"));
+    TcpMetrics tracker = new TcpMetrics(recorder);
+
+    FakeEpollTcpInfo infoSource = new FakeEpollTcpInfo();
+    ConfigurableFakeWithTcpInfo channel = new ConfigurableFakeWithTcpInfo(infoSource);
+
+    // 10 retransmits total
+    infoSource.setValues(10, 2, 1000);
+    tracker.recordTcpInfo(channel);
+
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(10L), any(), any());
+
+    // 15 retransmits total (delta 5)
+    infoSource.setValues(15, 0, 1000);
+    tracker.recordTcpInfo(channel);
+
+    verify(recorder).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(5L), any(), any());
+
+    // 15 retransmits total (delta 0) - should NOT report
+    // also set retransmits to 1
+    infoSource.setValues(15, 1, 1000);
+    tracker.recordTcpInfo(channel);
+    // Verify no new interactions with this specific metric and value
+    // We can't easily verify "no interaction" for specific value without capturing.
+    verify(recorder, org.mockito.Mockito.times(1)).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(10L), any(), any());
+    verify(recorder, org.mockito.Mockito.times(1)).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        eq(5L), any(), any());
+    // Total interactions for packetsRetransmitted should be 2
+    verify(recorder, org.mockito.Mockito.times(2)).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)),
+        anyLong(), any(), any());
+
+    // recurringRetransmits should NOT have been reported yet (periodic calls)
+    verify(recorder, org.mockito.Mockito.times(0)).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT)),
+        anyLong(), any(), any());
+
+    // Close channel - should report recurringRetransmits
+    tracker.channelInactive(channel);
+    verify(recorder, org.mockito.Mockito.times(1)).addLongCounter(
+        eq(Objects.requireNonNull(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT)),
+        eq(1L), // From last infoSource setValues(15, 1, 1000)
+        any(), any());
+  }
+
+  @Test
+  public void tracker_recordTcpInfo_reflectionFailure() {
+    MetricRecorder recorder = mock(MetricRecorder.class);
+
+    TcpMetrics.epollInfo = null;
+    TcpMetrics tracker = new TcpMetrics(recorder);
+
+    io.netty.channel.embedded.EmbeddedChannel channel = new
+        io.netty.channel.embedded.EmbeddedChannel();
+
+    // Should catch exception and ignore
+    tracker.channelInactive(channel);
+  }
+
+  @Test
+  public void registeredMetrics_haveCorrectOptionalLabels() {
+    List<String> expectedOptionalLabels = Arrays.asList(
+        "network.local.address",
+        "network.local.port",
+        "network.peer.address",
+        "network.peer.port");
+
+    assertEquals(
+        expectedOptionalLabels,
+        InternalTcpMetrics.CONNECTIONS_CREATED_INSTRUMENT.getOptionalLabelKeys());
+    assertEquals(
+        expectedOptionalLabels,
+        InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT.getOptionalLabelKeys());
+
+    assertEquals(
+        expectedOptionalLabels,
+        Objects.requireNonNull(InternalTcpMetrics.PACKETS_RETRANSMITTED_INSTRUMENT)
+            .getOptionalLabelKeys());
+    assertEquals(
+        expectedOptionalLabels,
+        Objects.requireNonNull(InternalTcpMetrics.RECURRING_RETRANSMITS_INSTRUMENT)
+            .getOptionalLabelKeys());
+    assertEquals(
+        expectedOptionalLabels,
+        Objects.requireNonNull(InternalTcpMetrics.MIN_RTT_INSTRUMENT).getOptionalLabelKeys());
+  }
+
+  @Test
+  public void channelActive_extractsLabels_ipv4() throws Exception {
+    InetAddress localInet = InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
+    InetAddress remoteInet = InetAddress.getByAddress(new byte[] {127, 0, 0, 2});
+
+    AddressOverrideEmbeddedChannel channel = new AddressOverrideEmbeddedChannel(
+        new InetSocketAddress(localInet, 8080),
+        new InetSocketAddress(remoteInet, 443));
+
+    metrics.channelActive(channel);
+
+    verify(metricRecorder).addLongCounter(
+        eq(InternalTcpMetrics.CONNECTIONS_CREATED_INSTRUMENT), eq(1L),
+        eq(Collections.emptyList()),
+        eq(Arrays.asList("127.0.0.1", "8080", "127.0.0.2", "443")));
+    verify(metricRecorder).addLongUpDownCounter(
+        eq(InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT), eq(1L),
+        eq(Collections.emptyList()),
+        eq(Arrays.asList("127.0.0.1", "8080", "127.0.0.2", "443")));
+    verifyNoMoreInteractions(metricRecorder);
+  }
+
+  @Test
+  public void channelInactive_extractsLabels_ipv6() throws Exception {
+    InetAddress localInet = InetAddress.getByAddress(new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1});
+    InetAddress remoteInet = InetAddress.getByAddress(new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2});
+
+    AddressOverrideEmbeddedChannel channel = new AddressOverrideEmbeddedChannel(
+        new InetSocketAddress(localInet, 8080),
+        new InetSocketAddress(remoteInet, 443));
+
+    metrics.channelInactive(channel);
+
+    verify(metricRecorder).addLongUpDownCounter(
+        eq(InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT), eq(-1L),
+        eq(Collections.emptyList()),
+        eq(Arrays.asList("0:0:0:0:0:0:0:1", "8080", "0:0:0:0:0:0:0:2", "443")));
+    verifyNoMoreInteractions(metricRecorder);
+  }
+
+  @Test
+  public void channelActive_extractsLabels_nonInetAddress() {
+    SocketAddress dummyAddress = new SocketAddress() {
+    };
+    AddressOverrideEmbeddedChannel channel = new AddressOverrideEmbeddedChannel(
+        dummyAddress, dummyAddress);
+
+    metrics.channelActive(channel);
+
+    verify(metricRecorder).addLongCounter(
+        eq(InternalTcpMetrics.CONNECTIONS_CREATED_INSTRUMENT), eq(1L),
+        eq(Collections.emptyList()),
+        eq(Arrays.asList("", "", "", "")));
+    verify(metricRecorder).addLongUpDownCounter(
+        eq(InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT), eq(1L),
+        eq(Collections.emptyList()),
+        eq(Arrays.asList("", "", "", "")));
+    verifyNoMoreInteractions(metricRecorder);
+  }
+
+  @Test
+  public void channelActive_incrementsCounts() {
+    metrics.channelActive(channel);
+    verify(metricRecorder).addLongCounter(
+        eq(InternalTcpMetrics.CONNECTIONS_CREATED_INSTRUMENT), eq(1L),
+        eq(Collections.emptyList()),
+        eq(Arrays.asList("", "", "", "")));
+    verify(metricRecorder).addLongUpDownCounter(
+        eq(InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT), eq(1L),
+        eq(Collections.emptyList()),
+        eq(Arrays.asList("", "", "", "")));
+    verifyNoMoreInteractions(metricRecorder);
+  }
+
+  @Test
+  public void channelInactive_decrementsCount_noEpoll_noError() {
+    metrics.channelInactive(channel);
+    verify(metricRecorder).addLongUpDownCounter(
+        eq(InternalTcpMetrics.CONNECTION_COUNT_INSTRUMENT), eq(-1L),
+        eq(Collections.emptyList()),
+        eq(Arrays.asList("", "", "", "")));
+    verifyNoMoreInteractions(metricRecorder);
+  }
+
+  @Test
+  public void channelActive_schedulesReportTimer() throws Exception {
+    TcpMetrics.epollInfo = new TcpMetrics.EpollInfo(
+        ConfigurableFakeWithTcpInfo.class,
+        FakeEpollTcpInfo.class.getConstructor(),
+        ConfigurableFakeWithTcpInfo.class.getMethod("tcpInfo", FakeEpollTcpInfo.class),
+        FakeEpollTcpInfo.class.getMethod("totalRetrans"),
+        FakeEpollTcpInfo.class.getMethod("retrans"),
+        FakeEpollTcpInfo.class.getMethod("rtt"));
+
+    metrics = new TcpMetrics(metricRecorder);
+
+    FakeEpollTcpInfo infoSource = new FakeEpollTcpInfo();
+    ConfigurableFakeWithTcpInfo channel = new ConfigurableFakeWithTcpInfo(infoSource);
+
+    metrics.channelActive(channel);
+
+    ScheduledFuture<?> timer = metrics.getReportTimer();
+    assertNotNull("Timer should be scheduled", timer);
+
+    long delay = timer.getDelay(TimeUnit.MILLISECONDS);
+    assertTrue("Delay should be >= 30000 but was " + delay, delay >= 30_000);
+    assertTrue("Delay should be <= 330000 but was " + delay, delay <= 330_000);
+
+    // Advance time to trigger the task
+    channel.advanceTimeBy(delay + 1, TimeUnit.MILLISECONDS);
+    channel.runScheduledPendingTasks();
+
+    // Verify rescheduling
+    ScheduledFuture<?> newTimer = metrics.getReportTimer();
+    assertNotNull("New timer should be scheduled", newTimer);
+    assertNotSame("Timer should be a new instance", timer, newTimer);
+
+    long newDelay = newTimer.getDelay(TimeUnit.MILLISECONDS);
+    // Re-arming jitter is 90% to 110%, so 270,000 ms to 330,000 ms
+    assertTrue("Delay should be >= 270000 but was " + newDelay, newDelay >= 270_000);
+    assertTrue("Delay should be <= 330000 but was " + newDelay, newDelay <= 330_000);
+  }
+
+  @Test
+  public void channelInactive_cancelsReportTimer() throws Exception {
+    TcpMetrics.epollInfo = new TcpMetrics.EpollInfo(
+        ConfigurableFakeWithTcpInfo.class,
+        FakeEpollTcpInfo.class.getConstructor(),
+        ConfigurableFakeWithTcpInfo.class.getMethod("tcpInfo", FakeEpollTcpInfo.class),
+        FakeEpollTcpInfo.class.getMethod("totalRetrans"),
+        FakeEpollTcpInfo.class.getMethod("retrans"),
+        FakeEpollTcpInfo.class.getMethod("rtt"));
+
+    metrics = new TcpMetrics(metricRecorder);
+
+    FakeEpollTcpInfo infoSource = new FakeEpollTcpInfo();
+    ConfigurableFakeWithTcpInfo channel = new ConfigurableFakeWithTcpInfo(infoSource);
+
+    metrics.channelActive(channel);
+
+    ScheduledFuture<?> timer = metrics.getReportTimer();
+    assertNotNull("Timer should be scheduled", timer);
+
+    metrics.channelInactive(channel);
+
+    assertTrue("Timer should be cancelled", timer.isCancelled());
+  }
+}
diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerBuilder.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerBuilder.java
index 8daeed42a8c..163d2023b1c 100644
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerBuilder.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpServerBuilder.java
@@ -27,6 +27,7 @@
 import io.grpc.ForwardingServerBuilder;
 import io.grpc.InsecureServerCredentials;
 import io.grpc.Internal;
+import io.grpc.MetricRecorder;
 import io.grpc.ServerBuilder;
 import io.grpc.ServerCredentials;
 import io.grpc.ServerStreamTracer;
@@ -111,7 +112,15 @@ public static OkHttpServerBuilder forPort(SocketAddress address, ServerCredentia
     return new OkHttpServerBuilder(address, result.factory);
   }
 
-  final ServerImplBuilder serverImplBuilder = new ServerImplBuilder(this::buildTransportServers);
+  final ServerImplBuilder serverImplBuilder = new ServerImplBuilder(
+      new ServerImplBuilder.ClientTransportServersBuilder() {
+        @Override
+        public InternalServer buildClientTransportServers(
+            List<? extends ServerStreamTracer.Factory> streamTracerFactories,
+            MetricRecorder metricRecorder) {
+          return buildTransportServers(streamTracerFactories);
+        }
+      });
   final SocketAddress listenAddress;
   final HandshakerSocketFactory handshakerSocketFactory;
   TransportTracer.Factory transportTracerFactory = TransportTracer.getDefaultFactory();
diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
index 6904340ac74..87ad61c9f27 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/GrpcOpenTelemetry.java
@@ -196,6 +196,7 @@ public void configureServerBuilder(ServerBuilder<?> serverBuilder) {
       serverBuilder.intercept(openTelemetryTracingModule.getServerSpanPropagationInterceptor());
     }
     serverBuilder.addStreamTracerFactory(openTelemetryMetricsModule.getServerTracerFactory());
+    serverBuilder.addMetricSink(sink);
   }
 
   @VisibleForTesting
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
index 16cb02c61c2..f0bd6f93098 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/GrpcOpenTelemetryTest.java
@@ -26,7 +26,6 @@
 import com.google.common.collect.ImmutableList;
 import io.grpc.ClientInterceptor;
 import io.grpc.ManagedChannelBuilder;
-import io.grpc.MetricSink;
 import io.grpc.ServerBuilder;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.opentelemetry.GrpcOpenTelemetry.TargetFilter;
@@ -98,6 +97,7 @@ public void buildTracer() {
     grpcOpenTelemetry.configureServerBuilder(mockServerBuiler);
     verify(mockServerBuiler, times(2)).addStreamTracerFactory(any());
     verify(mockServerBuiler).intercept(any());
+    verify(mockServerBuiler).addMetricSink(any());
     verifyNoMoreInteractions(mockServerBuiler);
 
     ManagedChannelBuilder<?> mockChannelBuilder = mock(ManagedChannelBuilder.class);
@@ -121,7 +121,6 @@ public void builderDefaults() {
         .build());
     assertThat(module.getEnableMetrics()).isEmpty();
     assertThat(module.getOptionalLabels()).isEmpty();
-    assertThat(module.getSink()).isInstanceOf(MetricSink.class);
 
     assertThat(module.getTracer()).isSameInstanceAs(noopOpenTelemetry
         .getTracerProvider()
diff --git a/servlet/src/main/java/io/grpc/servlet/ServletServerBuilder.java b/servlet/src/main/java/io/grpc/servlet/ServletServerBuilder.java
index aee25de01ad..5bea4c6e03b 100644
--- a/servlet/src/main/java/io/grpc/servlet/ServletServerBuilder.java
+++ b/servlet/src/main/java/io/grpc/servlet/ServletServerBuilder.java
@@ -78,7 +78,9 @@ public final class ServletServerBuilder extends ForwardingServerBuilder<ServletS
   private InternalServerImpl internalServer;
 
   public ServletServerBuilder() {
-    serverImplBuilder = new ServerImplBuilder(this::buildTransportServers);
+    serverImplBuilder = new ServerImplBuilder(
+        (streamTracerFactories, metricRecorder) -> 
+            buildTransportServers(streamTracerFactories));
   }
 
   /**
diff --git a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
index 03a29025ff6..69b0b824433 100644
--- a/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
+++ b/xds/src/main/java/io/grpc/xds/XdsNameResolver.java
@@ -1058,18 +1058,18 @@ private static final class BootstrappingXdsClientPool implements XdsClientPool {
     private final XdsClientPoolFactory xdsClientPoolFactory;
     private final String target;
     private final @Nullable Map<String, ?> bootstrapOverride;
-    private final @Nullable MetricRecorder metricRecorder;
+    private final MetricRecorder metricRecorder;
     private ObjectPool<XdsClient> xdsClientPool;
 
     BootstrappingXdsClientPool(
         XdsClientPoolFactory xdsClientPoolFactory,
         String target,
         @Nullable Map<String, ?> bootstrapOverride,
-        @Nullable MetricRecorder metricRecorder) {
+        MetricRecorder metricRecorder) {
       this.xdsClientPoolFactory = checkNotNull(xdsClientPoolFactory, "xdsClientPoolFactory");
       this.target = checkNotNull(target, "target");
       this.bootstrapOverride = bootstrapOverride;
-      this.metricRecorder = metricRecorder;
+      this.metricRecorder = checkNotNull(metricRecorder, "metricRecorder");
     }
 
     @Override

From 15788b772910e3d437ce12cd33fb783ba266bbb7 Mon Sep 17 00:00:00 2001
From: Abhishek Agrawal <81427947+AgraVator@users.noreply.github.com>
Date: Tue, 31 Mar 2026 15:33:52 +0530
Subject: [PATCH 587/591] openTelemetry: fix baggage prop (#12665)

---
 .../OpenTelemetryMetricsModule.java           |  46 +--
 .../OpenTelemetryMetricsModuleTest.java       | 272 ++++++++++--------
 2 files changed, 176 insertions(+), 142 deletions(-)

diff --git a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
index 309e0da9558..c9e623b4415 100644
--- a/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
+++ b/opentelemetry/src/main/java/io/grpc/opentelemetry/OpenTelemetryMetricsModule.java
@@ -163,14 +163,6 @@ static String recordMethodName(String fullMethodName, boolean isGeneratedMethod)
     return isGeneratedMethod ? fullMethodName : "other";
   }
 
-  private static Context otelContextWithBaggage() {
-    Baggage baggage = BAGGAGE_KEY.get();
-    if (baggage == null) {
-      return Context.current();
-    }
-    return Context.current().with(baggage);
-  }
-
   private static final class ClientTracer extends ClientStreamTracer {
     @Nullable private static final AtomicLongFieldUpdater<ClientTracer> outboundWireSizeUpdater;
     @Nullable private static final AtomicLongFieldUpdater<ClientTracer> inboundWireSizeUpdater;
@@ -286,7 +278,6 @@ public void streamClosed(Status status) {
     }
 
     void recordFinishedAttempt() {
-      Context otelContext = otelContextWithBaggage();
       AttributesBuilder builder = io.opentelemetry.api.common.Attributes.builder()
           .put(METHOD_KEY, fullMethodName)
           .put(TARGET_KEY, target)
@@ -316,15 +307,15 @@ void recordFinishedAttempt() {
 
       if (module.resource.clientAttemptDurationCounter() != null ) {
         module.resource.clientAttemptDurationCounter()
-            .record(attemptNanos * SECONDS_PER_NANO, attribute, otelContext);
+            .record(attemptNanos * SECONDS_PER_NANO, attribute, attemptsState.otelContext);
       }
       if (module.resource.clientTotalSentCompressedMessageSizeCounter() != null) {
         module.resource.clientTotalSentCompressedMessageSizeCounter()
-            .record(outboundWireSize, attribute, otelContext);
+            .record(outboundWireSize, attribute, attemptsState.otelContext);
       }
       if (module.resource.clientTotalReceivedCompressedMessageSizeCounter() != null) {
         module.resource.clientTotalReceivedCompressedMessageSizeCounter()
-            .record(inboundWireSize, attribute, otelContext);
+            .record(inboundWireSize, attribute, attemptsState.otelContext);
       }
     }
   }
@@ -339,6 +330,7 @@ static final class CallAttemptsTracerFactory extends ClientStreamTracer.Factory
     private boolean callEnded;
     private final String fullMethodName;
     private final List<OpenTelemetryPlugin.ClientCallPlugin> callPlugins;
+    private final Context otelContext;
     private Status status;
     private long retryDelayNanos;
     private long callLatencyNanos;
@@ -356,11 +348,12 @@ static final class CallAttemptsTracerFactory extends ClientStreamTracer.Factory
         String target,
         CallOptions callOptions,
         String fullMethodName,
-        List<OpenTelemetryPlugin.ClientCallPlugin> callPlugins) {
+        List<OpenTelemetryPlugin.ClientCallPlugin> callPlugins, Context otelContext) {
       this.module = checkNotNull(module, "module");
       this.target = checkNotNull(target, "target");
       this.fullMethodName = checkNotNull(fullMethodName, "fullMethodName");
       this.callPlugins = checkNotNull(callPlugins, "callPlugins");
+      this.otelContext = checkNotNull(otelContext, "otelContext");
       this.attemptDelayStopwatch = module.stopwatchSupplier.get();
       this.callStopWatch = module.stopwatchSupplier.get().start();
 
@@ -375,7 +368,7 @@ static final class CallAttemptsTracerFactory extends ClientStreamTracer.Factory
 
       // Record here in case mewClientStreamTracer() would never be called.
       if (module.resource.clientAttemptCountCounter() != null) {
-        module.resource.clientAttemptCountCounter().add(1, attribute);
+        module.resource.clientAttemptCountCounter().add(1, attribute, otelContext);
       }
     }
 
@@ -404,7 +397,7 @@ public ClientStreamTracer newClientStreamTracer(StreamInfo info, Metadata metada
         }
         io.opentelemetry.api.common.Attributes attribute = builder.build();
         if (module.resource.clientAttemptCountCounter() != null) {
-          module.resource.clientAttemptCountCounter().add(1, attribute);
+          module.resource.clientAttemptCountCounter().add(1, attribute, otelContext);
         }
       }
       if (info.isTransparentRetry()) {
@@ -467,7 +460,6 @@ void callEnded(Status status, CallOptions callOptions) {
     }
 
     void recordFinishedCall(CallOptions callOptions) {
-      Context otelContext = otelContextWithBaggage();
       if (attemptsPerCall.get() == 0) {
         ClientTracer tracer = newClientTracer(null);
         tracer.attemptNanos = attemptDelayStopwatch.elapsed(TimeUnit.NANOSECONDS);
@@ -569,6 +561,7 @@ private static final class ServerTracer extends ServerStreamTracer {
     private final OpenTelemetryMetricsModule module;
     private final String fullMethodName;
     private final List<OpenTelemetryPlugin.ServerStreamPlugin> streamPlugins;
+    private Context otelContext = Context.root();
     private volatile boolean isGeneratedMethod;
     private volatile int streamClosed;
     private final Stopwatch stopwatch;
@@ -583,6 +576,17 @@ private static final class ServerTracer extends ServerStreamTracer {
       this.stopwatch = module.stopwatchSupplier.get().start();
     }
 
+    @Override
+    public io.grpc.Context filterContext(io.grpc.Context context) {
+      Baggage baggage = BAGGAGE_KEY.get(context);
+      if (baggage != null) {
+        otelContext = Context.current().with(baggage);
+      } else {
+        otelContext = Context.current();
+      }
+      return context;
+    }
+
     @Override
     public void serverCallStarted(ServerCallInfo<?, ?> callInfo) {
       // Only record method name as an attribute if isSampledToLocalTracing is set to true,
@@ -590,12 +594,13 @@ public void serverCallStarted(ServerCallInfo<?, ?> callInfo) {
       // created methods result in high cardinality metrics.
       boolean isSampledToLocalTracing = callInfo.getMethodDescriptor().isSampledToLocalTracing();
       isGeneratedMethod = isSampledToLocalTracing;
+
       io.opentelemetry.api.common.Attributes attribute =
           io.opentelemetry.api.common.Attributes.of(
               METHOD_KEY, recordMethodName(fullMethodName, isSampledToLocalTracing));
 
       if (module.resource.serverCallCountCounter() != null) {
-        module.resource.serverCallCountCounter().add(1, attribute);
+        module.resource.serverCallCountCounter().add(1, attribute, otelContext);
       }
     }
 
@@ -627,7 +632,6 @@ public void inboundWireSize(long bytes) {
      */
     @Override
     public void streamClosed(Status status) {
-      Context otelContext = otelContextWithBaggage();
       if (streamClosedUpdater != null) {
         if (streamClosedUpdater.getAndSet(this, 1) != 0) {
           return;
@@ -678,7 +682,8 @@ public ServerStreamTracer newServerStreamTracer(String fullMethodName, Metadata
         }
         streamPlugins = Collections.unmodifiableList(streamPluginsMutable);
       }
-      return new ServerTracer(OpenTelemetryMetricsModule.this, fullMethodName, streamPlugins);
+      return new ServerTracer(OpenTelemetryMetricsModule.this, fullMethodName,
+          streamPlugins);
     }
   }
 
@@ -716,7 +721,7 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
       final CallAttemptsTracerFactory tracerFactory = new CallAttemptsTracerFactory(
           OpenTelemetryMetricsModule.this, target, callOptions,
           recordMethodName(method.getFullMethodName(), method.isSampledToLocalTracing()),
-          callPlugins);
+          callPlugins, Context.current());
       ClientCall<ReqT, RespT> call =
           next.newCall(method, callOptions.withStreamTracerFactory(tracerFactory));
       return new SimpleForwardingClientCall<ReqT, RespT>(call) {
@@ -739,3 +744,4 @@ public void onClose(Status status, Metadata trailers) {
     }
   }
 }
+
diff --git a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
index 98fdbffc82b..14139b8e439 100644
--- a/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
+++ b/opentelemetry/src/test/java/io/grpc/opentelemetry/OpenTelemetryMetricsModuleTest.java
@@ -25,9 +25,11 @@
 import static java.util.Collections.emptyList;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyDouble;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
 import com.google.common.collect.ImmutableMap;
@@ -40,13 +42,16 @@
 import io.grpc.ClientStreamTracer;
 import io.grpc.Grpc;
 import io.grpc.KnownLength;
+import io.grpc.ManagedChannel;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.Server;
 import io.grpc.ServerCall;
 import io.grpc.ServerCallHandler;
 import io.grpc.ServerServiceDefinition;
 import io.grpc.ServerStreamTracer;
 import io.grpc.ServerStreamTracer.ServerCallInfo;
+import io.grpc.ServiceDescriptor;
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.inprocess.InProcessChannelBuilder;
@@ -55,17 +60,19 @@
 import io.grpc.opentelemetry.GrpcOpenTelemetry.TargetFilter;
 import io.grpc.opentelemetry.OpenTelemetryMetricsModule.CallAttemptsTracerFactory;
 import io.grpc.opentelemetry.internal.OpenTelemetryConstants;
-import io.grpc.stub.MetadataUtils;
-import io.grpc.stub.StreamObserver;
+import io.grpc.stub.ClientCalls;
+import io.grpc.testing.GrpcCleanupRule;
 import io.grpc.testing.GrpcServerRule;
-import io.grpc.testing.protobuf.SimpleRequest;
-import io.grpc.testing.protobuf.SimpleResponse;
-import io.grpc.testing.protobuf.SimpleServiceGrpc;
 import io.opentelemetry.api.OpenTelemetry;
 import io.opentelemetry.api.baggage.Baggage;
+import io.opentelemetry.api.baggage.propagation.W3CBaggagePropagator;
 import io.opentelemetry.api.common.AttributeKey;
 import io.opentelemetry.api.metrics.DoubleHistogram;
 import io.opentelemetry.api.metrics.Meter;
+import io.opentelemetry.context.Context;
+import io.opentelemetry.context.Scope;
+import io.opentelemetry.context.propagation.ContextPropagators;
+import io.opentelemetry.sdk.OpenTelemetrySdk;
 import io.opentelemetry.sdk.common.InstrumentationScopeInfo;
 import io.opentelemetry.sdk.metrics.data.MetricData;
 import io.opentelemetry.sdk.testing.junit4.OpenTelemetryRule;
@@ -165,6 +172,8 @@ public String parse(InputStream stream) {
   @Rule
   public final MockitoRule mocks = MockitoJUnit.rule();
   @Rule
+  public final GrpcCleanupRule grpcCleanup = new GrpcCleanupRule();
+  @Rule
   public final GrpcServerRule grpcServerRule = new GrpcServerRule().directExecutor();
   @Rule
   public final OpenTelemetryRule openTelemetryTesting = OpenTelemetryRule.create();
@@ -174,14 +183,9 @@ public String parse(InputStream stream) {
   private ServerCall.Listener<String> mockServerCallListener;
   @Captor
   private ArgumentCaptor<Status> statusCaptor;
-  @Mock
-  private DoubleHistogram mockServerCallDurationHistogram;
-  @Captor
-  private ArgumentCaptor<io.opentelemetry.context.Context> contextCaptor;
-  private io.grpc.Server server;
-  private io.grpc.ManagedChannel channel;
-  private OpenTelemetryMetricsResource resource;
-  private final String serverName = "E2ETestServer-" + Math.random();
+
+  private Server server;
+  private ManagedChannel channel;
 
   private final FakeClock fakeClock = new FakeClock();
   private final MethodDescriptor<String, String> method =
@@ -201,9 +205,7 @@ public String parse(InputStream stream) {
   public void setUp() throws Exception {
     testMeter = openTelemetryTesting.getOpenTelemetry()
         .getMeter(OpenTelemetryConstants.INSTRUMENTATION_SCOPE);
-    resource = OpenTelemetryMetricsResource.builder()
-        .serverCallDurationCounter(mockServerCallDurationHistogram)
-        .build();
+
   }
 
   @After
@@ -279,8 +281,8 @@ public void clientBasicMetrics() {
         enabledMetricsMap, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(
-            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(module, target, CALL_OPTIONS, method.getFullMethodName(),
+            emptyList(), Context.root());
     Metadata headers = new Metadata();
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, headers);
@@ -447,8 +449,8 @@ public void clientBasicMetrics_withRetryMetricsEnabled_shouldRecordZeroOrBeAbsen
         enabledMetrics, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(
-            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(module, target, CALL_OPTIONS, method.getFullMethodName(),
+             emptyList(), Context.root());
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
 
@@ -516,7 +518,7 @@ public void recordAttemptMetrics() {
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
         new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target, CALL_OPTIONS,
-            method.getFullMethodName(), emptyList());
+            method.getFullMethodName(), emptyList(), Context.root());
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
 
@@ -973,7 +975,7 @@ public void recordAttemptMetrics_withRetryMetricsEnabled() {
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
         new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target, CALL_OPTIONS,
-            method.getFullMethodName(), emptyList());
+            method.getFullMethodName(), emptyList(), Context.root());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
@@ -1061,7 +1063,7 @@ public void recordAttemptMetrics_withHedgedCalls() {
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
         new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target, CALL_OPTIONS,
-            method.getFullMethodName(), emptyList());
+            method.getFullMethodName(), emptyList(), Context.root());
 
     // Create a StreamInfo specifically for hedged attempts
     final ClientStreamTracer.StreamInfo hedgedStreamInfo =
@@ -1142,7 +1144,7 @@ public void clientStreamNeverCreatedStillRecordMetrics() {
     OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(resource);
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
         new OpenTelemetryMetricsModule.CallAttemptsTracerFactory(module, target, CALL_OPTIONS,
-            method.getFullMethodName(), emptyList());
+            method.getFullMethodName(), emptyList(), Context.root());
     fakeClock.forwardTime(3000, MILLISECONDS);
     Status status = Status.DEADLINE_EXCEEDED.withDescription("5 seconds");
     callAttemptsTracerFactory.callEnded(status, CALL_OPTIONS);
@@ -1248,10 +1250,11 @@ public void clientLocalityMetrics_present() {
     OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
         enabledMetricsMap, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
-        fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.locality"), emptyList());
+        fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.locality"),
+        emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(
-            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(module, target, CALL_OPTIONS, method.getFullMethodName(),
+            emptyList(), Context.root());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
@@ -1317,10 +1320,11 @@ public void clientLocalityMetrics_missing() {
     OpenTelemetryMetricsResource resource = GrpcOpenTelemetry.createMetricInstruments(testMeter,
         enabledMetricsMap, disableDefaultMetrics);
     OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
-        fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.locality"), emptyList());
+        fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.locality"),
+        emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(
-            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(module, target, CALL_OPTIONS, method.getFullMethodName(),
+            emptyList(), Context.root());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
@@ -1385,8 +1389,8 @@ public void clientBackendServiceMetrics_present() {
         fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.backend_service"),
         emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(
-            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(module, target, CALL_OPTIONS, method.getFullMethodName(),
+            emptyList(), Context.root());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
@@ -1455,8 +1459,8 @@ public void clientBackendServiceMetrics_missing() {
         fakeClock.getStopwatchSupplier(), resource, Arrays.asList("grpc.lb.backend_service"),
         emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
-        new CallAttemptsTracerFactory(
-            module, target, CALL_OPTIONS, method.getFullMethodName(), emptyList());
+        new CallAttemptsTracerFactory(module, target, CALL_OPTIONS, method.getFullMethodName(),
+            emptyList(), Context.root());
 
     ClientStreamTracer tracer =
         callAttemptsTracerFactory.newClientStreamTracer(STREAM_INFO, new Metadata());
@@ -1532,7 +1536,7 @@ public void customLabel_present() {
         emptyList());
     OpenTelemetryMetricsModule.CallAttemptsTracerFactory callAttemptsTracerFactory =
         new CallAttemptsTracerFactory(
-            module, target, callOptions, method.getFullMethodName(), emptyList());
+            module, target, callOptions, method.getFullMethodName(), emptyList(), Context.root());
 
     ClientStreamTracer.StreamInfo streamInfo =
         STREAM_INFO.toBuilder().setCallOptions(callOptions).build();
@@ -1730,44 +1734,6 @@ public void serverBasicMetrics() {
 
   }
 
-  @Test
-  public void serverBaggagePropagationToMetrics() {
-    // 1. Create module and tracer factory using the mock resource
-    OpenTelemetryMetricsModule module = new OpenTelemetryMetricsModule(
-        fakeClock.getStopwatchSupplier(), resource, emptyList(), emptyList());
-    ServerStreamTracer.Factory tracerFactory = module.getServerTracerFactory();
-    ServerStreamTracer tracer =
-        tracerFactory.newServerStreamTracer(method.getFullMethodName(), new Metadata());
-
-    // 2. Define the test baggage and gRPC context
-    Baggage testBaggage = Baggage.builder()
-        .put("user-id", "67")
-        .build();
-
-    // This simulates the context that the Tracing module would have created
-    io.grpc.Context grpcContext = io.grpc.Context.current()
-        .withValue(OpenTelemetryConstants.BAGGAGE_KEY, testBaggage);
-
-    // 3. Attach the gRPC context, trigger metric recording, and detach
-    io.grpc.Context previousContext = grpcContext.attach();
-    try {
-      tracer.streamClosed(Status.OK);
-    } finally {
-      grpcContext.detach(previousContext);
-    }
-
-    // 4. Verify the record call and capture the OTel Context
-    verify(mockServerCallDurationHistogram).record(
-        anyDouble(),
-        any(io.opentelemetry.api.common.Attributes.class),
-        contextCaptor.capture());
-
-    // 5. Assert on the captured OTel Context
-    io.opentelemetry.context.Context capturedOtelContext = contextCaptor.getValue();
-    Baggage capturedBaggage = Baggage.fromContext(capturedOtelContext);
-
-    assertEquals("67", capturedBaggage.getEntryValue("user-id"));
-  }
 
   @Test
   public void targetAttributeFilter_notSet_usesOriginalTarget() {
@@ -1909,7 +1875,8 @@ private OpenTelemetryMetricsModule newOpenTelemetryMetricsModule(
   private OpenTelemetryMetricsModule newOpenTelemetryMetricsModule(
       OpenTelemetryMetricsResource resource, TargetFilter filter) {
     return new OpenTelemetryMetricsModule(
-        fakeClock.getStopwatchSupplier(), resource, emptyList(), emptyList(), filter);
+        fakeClock.getStopwatchSupplier(), resource, emptyList(), emptyList(),
+        filter);
   }
 
   static class CallInfo<ReqT, RespT> extends ServerCallInfo<ReqT, RespT> {
@@ -1944,67 +1911,128 @@ public String getAuthority() {
   }
 
   @Test
-  public void serverBaggagePropagation_EndToEnd() throws Exception {
-    // 1. Create Both Modules
-    OpenTelemetry otel = openTelemetryTesting.getOpenTelemetry();
-    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(otel);
-    OpenTelemetryMetricsModule metricsModule = new OpenTelemetryMetricsModule(
-        fakeClock.getStopwatchSupplier(), resource, emptyList(), emptyList());
-
-    // 2. Create Server with *both* tracer factories
-    server = InProcessServerBuilder.forName(serverName)
-        .addService(new SimpleServiceImpl()) // <-- Uses the helper class below
-        .addStreamTracerFactory(tracingModule.getServerTracerFactory())
-        .addStreamTracerFactory(metricsModule.getServerTracerFactory())
-        .build()
-        .start();
+  public void serverMetrics_recordsBaggage() {
+    DoubleHistogram mockDurationHistogram = mock(DoubleHistogram.class);
+    OpenTelemetryMetricsResource mockResource = OpenTelemetryMetricsResource.builder()
+        .serverCallDurationCounter(mockDurationHistogram)
+        .build();
 
-    // 3. Create Client Channel
-    channel = InProcessChannelBuilder.forName(serverName).directExecutor().build();
+    OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(mockResource);
+    ServerStreamTracer.Factory tracerFactory = module.getServerTracerFactory();
 
-    // 4. Manually create baggage headers
-    Metadata headers = new Metadata();
-    headers.put(Metadata.Key.of("baggage", Metadata.ASCII_STRING_MARSHALLER),
-        "choice=red_pill_or_blue_pill");
+    Baggage baggage = Baggage.builder()
+        .put("baggage-key-1", "baggage-val-1")
+        .build();
 
-    // 5. Make the gRPC call with these headers
-    ClientInterceptor headerAttachingInterceptor =
-        MetadataUtils.newAttachHeadersInterceptor(headers);
+    io.grpc.Context grpcContext = io.grpc.Context.ROOT
+        .withValue(OpenTelemetryConstants.BAGGAGE_KEY, baggage);
+    io.grpc.Context previous = grpcContext.attach();
 
-    // Now, create the stub and apply that interceptor
-    SimpleServiceGrpc.SimpleServiceBlockingStub stub =
-        SimpleServiceGrpc.newBlockingStub(channel)
-            .withInterceptors(headerAttachingInterceptor);
+    ServerStreamTracer tracer;
+    try {
+      tracer = tracerFactory.newServerStreamTracer(
+          method.getFullMethodName(), new Metadata());
+      tracer.filterContext(grpcContext);
+      tracer.serverCallStarted(
+          new CallInfo<>(method, Attributes.EMPTY, null));
+    } finally {
+      grpcContext.detach(previous);
+    }
 
-    // Use the imported SimpleRequest
-    stub.unaryRpc(SimpleRequest.getDefaultInstance());
+    try (io.opentelemetry.context.Scope scope = Context.root().makeCurrent()) {
+      tracer.streamClosed(Status.CANCELLED);
+    }
 
-    // 6. Verify the Mock
-    verify(mockServerCallDurationHistogram).record(
+    ArgumentCaptor<Context> contextCaptor = ArgumentCaptor.forClass(Context.class);
+    verify(mockDurationHistogram).record(
         anyDouble(),
-        any(io.opentelemetry.api.common.Attributes.class),
+        any(),
         contextCaptor.capture());
 
-    // 7. Assert on the captured Context
-    io.opentelemetry.context.Context capturedOtelContext = contextCaptor.getValue();
-    Baggage capturedBaggage = Baggage.fromContext(capturedOtelContext);
-
-    assertEquals("red_pill_or_blue_pill", capturedBaggage.getEntryValue("choice"));
+    Baggage capturedBaggage = Baggage.fromContext(contextCaptor.getValue());
+    assertNotNull("Captured context should have baggage", capturedBaggage);
+    assertEquals(
+        "baggage-val-1", capturedBaggage.getEntryValue("baggage-key-1"));
   }
 
+  @Test
+  public void serverMetrics_recordsBaggage_endToEnd() throws Exception {
+    DoubleHistogram mockDurationHistogram = mock(DoubleHistogram.class);
+    OpenTelemetryMetricsResource mockResource = OpenTelemetryMetricsResource.builder()
+        .serverCallDurationCounter(mockDurationHistogram)
+        .build();
+
+    OpenTelemetry openTelemetry = OpenTelemetrySdk
+        .builder()
+        .setPropagators(ContextPropagators.create(
+            W3CBaggagePropagator.getInstance()))
+        .build();
+
+    OpenTelemetryMetricsModule module = newOpenTelemetryMetricsModule(mockResource);
+    OpenTelemetryTracingModule tracingModule = new OpenTelemetryTracingModule(openTelemetry);
+
+    String serverName = InProcessServerBuilder.generateName();
+    InProcessServerBuilder serverBuilder = InProcessServerBuilder
+        .forName(serverName).directExecutor();
+
+    serverBuilder.addStreamTracerFactory(tracingModule.getServerTracerFactory());
+    serverBuilder.intercept(tracingModule.getServerSpanPropagationInterceptor());
+    serverBuilder.addStreamTracerFactory(module.getServerTracerFactory());
+
+    serverBuilder.addService(ServerServiceDefinition.builder(
+            ServiceDescriptor.newBuilder("package1.service2")
+                .addMethod(method)
+                .build())
+        .addMethod(method, new ServerCallHandler<String, String>() {
+          @Override
+          public ServerCall.Listener<String> startCall(
+              ServerCall<String, String> call, Metadata headers) {
+            call.sendHeaders(new Metadata());
+            call.sendMessage("response");
+            call.close(Status.OK, new Metadata());
+            return new ServerCall.Listener<String>() {
+            };
+          }
+        }).build());
+    grpcCleanup.register(serverBuilder.build().start());
+
+    InProcessChannelBuilder channelBuilder = InProcessChannelBuilder
+        .forName(serverName).directExecutor();
+    channelBuilder.intercept(tracingModule.getClientInterceptor());
+    channelBuilder.intercept(module.getClientInterceptor(serverName));
+    Channel channel = grpcCleanup.register(channelBuilder.intercept(new ClientInterceptor() {
+      @Override
+      public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
+          MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
+        return next.newCall(method, callOptions);
+      }
+    }).build());
+
+    Baggage baggage = Baggage.builder()
+        .put("baggage-key-1", "baggage-val-1")
+        .build();
+
+    Context otelContext = Context.root().with(baggage);
+
+    try (Scope scope = otelContext.makeCurrent()) {
+      ClientCalls.blockingUnaryCall(channel,
+          method, CallOptions.DEFAULT, "request");
+    }
+
+    ArgumentCaptor<Context> contextCaptor = ArgumentCaptor.forClass(Context.class);
+    verify(mockDurationHistogram).record(
+        anyDouble(),
+        any(),
+        contextCaptor.capture());
+
+    Baggage capturedBaggage = Baggage.fromContext(contextCaptor.getValue());
+    assertNotNull("Captured context should have baggage", capturedBaggage);
+    assertEquals(
+        "baggage-val-1", capturedBaggage.getEntryValue("baggage-key-1"));
+  }
+    
   private static List<MetricData> sortByName(List<MetricData> metrics) {
     metrics.sort((m1, m2) -> m1.getName().compareTo(m2.getName()));
     return metrics;
   }
-
-  /**
-   * A simple service implementation for the E2E test.
-   */
-  private static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase {
-    @Override
-    public void unaryRpc(SimpleRequest request, StreamObserver<SimpleResponse> responseObserver) {
-      responseObserver.onNext(SimpleResponse.getDefaultInstance());
-      responseObserver.onCompleted();
-    }
-  }
 }

From 842636f88452c30769a5561f7659db6e4f9fc2a0 Mon Sep 17 00:00:00 2001
From: Saurav <sauravz@google.com>
Date: Thu, 2 Apr 2026 17:09:21 +0530
Subject: [PATCH 588/591] xds: Add configuration objects for ExtAuthz,
 GrpcService and Bootstrap changes for GrpcService (#12492)

This commit introduces configuration objects for the external
authorization (ExtAuthz) filter and the gRPC service and corresponding
translations from XDS proto and Bootstrap. These classes provide a
structured, immutable representation of the subset of the configuration
defined in the xDS protobuf messages.

This PR should mostly now (hopefully ) be compliant with
https://github.com/grpc/proposal/pull/510 but without
- CallCredentials (since I don't see A97) being implemented yet and
would prefer to do it in a followup , we return empty optional)
- TlsCredentials( since it's non trivial to construct a TLS credentials
object, we throw an exception)
- LocalCredentials(Java does't support these, we throw an exception)

The main new classes are:
- `ExtAuthzConfig`: Represents the configuration for the `ExtAuthz`
filter, including settings for the gRPC service, header mutation rules,
and other filter behaviors.
- `GrpcServiceConfig`: Represents the configuration for a gRPC service,
including the target URI, credentials, and other settings.
- `HeaderMutationRulesConfig`: Represents the configuration for header
mutation rules.
- `ChannelCredsConfig` and friends: To allow comparison between
credential configuration , to allow caching based on creds which'll be
needed in followup PRs for authz and proc.

The relevant sections of the spec are
- GrpcService: https://github.com/grpc/proposal/pull/510
- ExtAuthz:
https://github.com/grpc/proposal/pull/481/files#diff-6bb76a24aa142cc33db9218509688f01b30c8885d2fd8849f164244e68cd54eaR106-R190

This commit also includes parsers to create these configuration objects
from the corresponding protobuf messages, as well as unit tests for the
new classes.
---
 .../io/grpc/xds/ExtAuthzConfigParser.java     | 103 +++
 .../io/grpc/xds/GrpcBootstrapImplConfig.java  |  34 +
 .../io/grpc/xds/GrpcBootstrapperImpl.java     | 111 ++-
 .../io/grpc/xds/GrpcServiceConfigParser.java  | 339 ++++++++
 .../grpc/xds/client/AllowedGrpcServices.java  |  66 ++
 .../java/io/grpc/xds/client/Bootstrapper.java |  13 +-
 .../io/grpc/xds/client/BootstrapperImpl.java  |  11 +
 .../client/ConfiguredChannelCredentials.java  |  48 ++
 .../io/grpc/xds/internal/MatcherParser.java   |  21 +
 .../xds/internal/extauthz/ExtAuthzConfig.java | 145 ++++
 .../extauthz/ExtAuthzParseException.java      |  34 +
 .../grpcservice/GrpcServiceConfig.java        |  87 ++
 .../GrpcServiceParseException.java            |  33 +
 .../xds/internal/grpcservice/HeaderValue.java |  44 +
 .../HeaderValueValidationUtils.java           |  67 ++
 .../HeaderMutationRulesConfig.java            |  77 ++
 .../HeaderMutationRulesParseException.java    |  32 +
 .../HeaderMutationRulesParser.java            |  55 ++
 .../io/grpc/xds/ExtAuthzConfigParserTest.java | 297 +++++++
 .../io/grpc/xds/GrpcBootstrapperImplTest.java |  55 ++
 .../grpc/xds/GrpcServiceConfigParserTest.java | 757 ++++++++++++++++++
 .../grpc/xds/internal/MatcherParserTest.java  |  85 ++
 .../internal/grpcservice/HeaderValueTest.java |  49 ++
 .../HeaderValueValidationUtilsTest.java       |  87 ++
 .../HeaderMutationRulesConfigTest.java        |  84 ++
 .../HeaderMutationRulesParserTest.java        |  90 +++
 26 files changed, 2814 insertions(+), 10 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/ExtAuthzConfigParser.java
 create mode 100644 xds/src/main/java/io/grpc/xds/GrpcBootstrapImplConfig.java
 create mode 100644 xds/src/main/java/io/grpc/xds/GrpcServiceConfigParser.java
 create mode 100644 xds/src/main/java/io/grpc/xds/client/AllowedGrpcServices.java
 create mode 100644 xds/src/main/java/io/grpc/xds/client/ConfiguredChannelCredentials.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfig.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzParseException.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfig.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceParseException.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/grpcservice/HeaderValue.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/grpcservice/HeaderValueValidationUtils.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesConfig.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParseException.java
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParser.java
 create mode 100644 xds/src/test/java/io/grpc/xds/ExtAuthzConfigParserTest.java
 create mode 100644 xds/src/test/java/io/grpc/xds/GrpcServiceConfigParserTest.java
 create mode 100644 xds/src/test/java/io/grpc/xds/internal/MatcherParserTest.java
 create mode 100644 xds/src/test/java/io/grpc/xds/internal/grpcservice/HeaderValueTest.java
 create mode 100644 xds/src/test/java/io/grpc/xds/internal/grpcservice/HeaderValueValidationUtilsTest.java
 create mode 100644 xds/src/test/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesConfigTest.java
 create mode 100644 xds/src/test/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParserTest.java

diff --git a/xds/src/main/java/io/grpc/xds/ExtAuthzConfigParser.java b/xds/src/main/java/io/grpc/xds/ExtAuthzConfigParser.java
new file mode 100644
index 00000000000..853e8a5c03a
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/ExtAuthzConfigParser.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import com.google.common.collect.ImmutableList;
+import io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3.ExtAuthz;
+import io.grpc.internal.GrpcUtil;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
+import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.internal.MatcherParser;
+import io.grpc.xds.internal.extauthz.ExtAuthzConfig;
+import io.grpc.xds.internal.extauthz.ExtAuthzParseException;
+import io.grpc.xds.internal.grpcservice.GrpcServiceConfig;
+import io.grpc.xds.internal.grpcservice.GrpcServiceParseException;
+import io.grpc.xds.internal.headermutations.HeaderMutationRulesParseException;
+import io.grpc.xds.internal.headermutations.HeaderMutationRulesParser;
+
+
+/**
+ * Parser for {@link io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3.ExtAuthz}.
+ */
+final class ExtAuthzConfigParser {
+
+  private ExtAuthzConfigParser() {}
+
+  /**
+   * Parses the {@link io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3.ExtAuthz} proto to
+   * create an {@link ExtAuthzConfig} instance.
+   *
+   * @param extAuthzProto The ext_authz proto to parse.
+   * @return An {@link ExtAuthzConfig} instance.
+   * @throws ExtAuthzParseException if the proto is invalid or contains unsupported features.
+   */
+  public static ExtAuthzConfig parse(
+      ExtAuthz extAuthzProto, BootstrapInfo bootstrapInfo, ServerInfo serverInfo)
+      throws ExtAuthzParseException {
+    if (!extAuthzProto.hasGrpcService()) {
+      throw new ExtAuthzParseException(
+          "unsupported ExtAuthz service type: only grpc_service is supported");
+    }
+    GrpcServiceConfig grpcServiceConfig;
+    try {
+      grpcServiceConfig =
+          GrpcServiceConfigParser.parse(extAuthzProto.getGrpcService(), bootstrapInfo, serverInfo);
+    } catch (GrpcServiceParseException e) {
+      throw new ExtAuthzParseException("Failed to parse GrpcService config: " + e.getMessage(), e);
+    }
+    ExtAuthzConfig.Builder builder = ExtAuthzConfig.builder().grpcService(grpcServiceConfig)
+        .failureModeAllow(extAuthzProto.getFailureModeAllow())
+        .failureModeAllowHeaderAdd(extAuthzProto.getFailureModeAllowHeaderAdd())
+        .includePeerCertificate(extAuthzProto.getIncludePeerCertificate())
+        .denyAtDisable(extAuthzProto.getDenyAtDisable().getDefaultValue().getValue());
+
+    if (extAuthzProto.hasFilterEnabled()) {
+      try {
+        builder.filterEnabled(
+            MatcherParser.parseFractionMatcher(extAuthzProto.getFilterEnabled().getDefaultValue()));
+      } catch (IllegalArgumentException e) {
+        throw new ExtAuthzParseException(e.getMessage());
+      }
+    }
+
+    if (extAuthzProto.hasStatusOnError()) {
+      builder.statusOnError(
+          GrpcUtil.httpStatusToGrpcStatus(extAuthzProto.getStatusOnError().getCodeValue()));
+    }
+
+    if (extAuthzProto.hasAllowedHeaders()) {
+      builder.allowedHeaders(extAuthzProto.getAllowedHeaders().getPatternsList().stream()
+          .map(MatcherParser::parseStringMatcher).collect(ImmutableList.toImmutableList()));
+    }
+
+    if (extAuthzProto.hasDisallowedHeaders()) {
+      builder.disallowedHeaders(extAuthzProto.getDisallowedHeaders().getPatternsList().stream()
+          .map(MatcherParser::parseStringMatcher).collect(ImmutableList.toImmutableList()));
+    }
+
+    if (extAuthzProto.hasDecoderHeaderMutationRules()) {
+      try {
+        builder.decoderHeaderMutationRules(
+            HeaderMutationRulesParser.parse(extAuthzProto.getDecoderHeaderMutationRules()));
+      } catch (HeaderMutationRulesParseException e) {
+        throw new ExtAuthzParseException(e.getMessage(), e);
+      }
+    }
+
+    return builder.build();
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/GrpcBootstrapImplConfig.java b/xds/src/main/java/io/grpc/xds/GrpcBootstrapImplConfig.java
new file mode 100644
index 00000000000..e119321fb6c
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/GrpcBootstrapImplConfig.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import com.google.auto.value.AutoValue;
+import io.grpc.Internal;
+import io.grpc.xds.client.AllowedGrpcServices;
+
+/**
+ * Custom configuration for gRPC xDS bootstrap implementation.
+ */
+@Internal
+@AutoValue
+public abstract class GrpcBootstrapImplConfig {
+  public abstract AllowedGrpcServices allowedGrpcServices();
+
+  public static GrpcBootstrapImplConfig create(AllowedGrpcServices services) {
+    return new AutoValue_GrpcBootstrapImplConfig(services);
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
index 494e95a58f6..00a2e0d48d6 100644
--- a/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java
@@ -19,14 +19,20 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
+import io.grpc.CallCredentials;
 import io.grpc.ChannelCredentials;
 import io.grpc.internal.JsonUtil;
+import io.grpc.xds.client.AllowedGrpcServices;
+import io.grpc.xds.client.AllowedGrpcServices.AllowedGrpcService;
 import io.grpc.xds.client.BootstrapperImpl;
+import io.grpc.xds.client.ConfiguredChannelCredentials;
+import io.grpc.xds.client.ConfiguredChannelCredentials.ChannelCredsConfig;
 import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.client.XdsLogger;
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import javax.annotation.Nullable;
 
 class GrpcBootstrapperImpl extends BootstrapperImpl {
@@ -97,7 +103,8 @@ protected String getJsonContent() throws XdsInitializationException, IOException
   @Override
   protected Object getImplSpecificConfig(Map<String, ?> serverConfig, String serverUri)
       throws XdsInitializationException {
-    return getChannelCredentials(serverConfig, serverUri);
+    ConfiguredChannelCredentials configuredChannel = getChannelCredentials(serverConfig, serverUri);
+    return configuredChannel != null ? configuredChannel.channelCredentials() : null;
   }
 
   @GuardedBy("GrpcBootstrapperImpl.class")
@@ -120,26 +127,26 @@ static synchronized BootstrapInfo defaultBootstrap() throws XdsInitializationExc
     return defaultBootstrap;
   }
 
-  private static ChannelCredentials getChannelCredentials(Map<String, ?> serverConfig,
-                                                          String serverUri)
+  private static ConfiguredChannelCredentials getChannelCredentials(Map<String, ?> serverConfig,
+                                                                  String serverUri)
       throws XdsInitializationException {
     List<?> rawChannelCredsList = JsonUtil.getList(serverConfig, "channel_creds");
     if (rawChannelCredsList == null || rawChannelCredsList.isEmpty()) {
       throw new XdsInitializationException(
           "Invalid bootstrap: server " + serverUri + " 'channel_creds' required");
     }
-    ChannelCredentials channelCredentials =
+    ConfiguredChannelCredentials credentials =
         parseChannelCredentials(JsonUtil.checkObjectList(rawChannelCredsList), serverUri);
-    if (channelCredentials == null) {
+    if (credentials == null) {
       throw new XdsInitializationException(
           "Server " + serverUri + ": no supported channel credentials found");
     }
-    return channelCredentials;
+    return credentials;
   }
 
   @Nullable
-  private static ChannelCredentials parseChannelCredentials(List<Map<String, ?>> jsonList,
-                                                            String serverUri)
+  private static ConfiguredChannelCredentials parseChannelCredentials(List<Map<String, ?>> jsonList,
+          String serverUri)
       throws XdsInitializationException {
     for (Map<String, ?> channelCreds : jsonList) {
       String type = JsonUtil.getString(channelCreds, "type");
@@ -155,9 +162,95 @@ private static ChannelCredentials parseChannelCredentials(List<Map<String, ?>> j
           config = ImmutableMap.of();
         }
 
-        return provider.newChannelCredentials(config);
+        ChannelCredentials creds = provider.newChannelCredentials(config);
+        if (creds == null) {
+          return null;
+        }
+        return ConfiguredChannelCredentials.create(creds, new JsonChannelCredsConfig(type, config));
       }
     }
     return null;
   }
+
+  @Override
+  protected Optional<Object> parseImplSpecificObject(
+      @Nullable Map<String, ?> rawAllowedGrpcServices)
+      throws XdsInitializationException {
+    if (rawAllowedGrpcServices == null || rawAllowedGrpcServices.isEmpty()) {
+      return Optional.of(GrpcBootstrapImplConfig.create(AllowedGrpcServices.empty()));
+    }
+
+    ImmutableMap.Builder<String, AllowedGrpcService> builder =
+        ImmutableMap.builder();
+    for (String targetUri : rawAllowedGrpcServices.keySet()) {
+      Map<String, ?> serviceConfig = JsonUtil.getObject(rawAllowedGrpcServices, targetUri);
+      if (serviceConfig == null) {
+        throw new XdsInitializationException(
+            "Invalid allowed_grpc_services config for " + targetUri);
+      }
+      ConfiguredChannelCredentials configuredChannel =
+          getChannelCredentials(serviceConfig, targetUri);
+
+      Optional<CallCredentials> callCredentials = Optional.empty();
+      List<?> rawCallCredsList = JsonUtil.getList(serviceConfig, "call_creds");
+      if (rawCallCredsList != null && !rawCallCredsList.isEmpty()) {
+        callCredentials =
+            parseCallCredentials(JsonUtil.checkObjectList(rawCallCredsList), targetUri);
+      }
+
+      AllowedGrpcService.Builder b = AllowedGrpcService.builder()
+          .configuredChannelCredentials(configuredChannel);
+      callCredentials.ifPresent(b::callCredentials);
+      builder.put(targetUri, b.build());
+    }
+    GrpcBootstrapImplConfig customConfig =
+        GrpcBootstrapImplConfig.create(AllowedGrpcServices.create(builder.build()));
+    return Optional.of(customConfig);
+  }
+
+  @SuppressWarnings("unused")
+  private static Optional<CallCredentials> parseCallCredentials(List<Map<String, ?>> jsonList,
+                                                          String targetUri)
+      throws XdsInitializationException {
+    // TODO(sauravzg): Currently no xDS call credentials providers are implemented (no
+    // XdsCallCredentialsRegistry).
+    // As per A102/A97, we should just ignore unsupported call credentials types
+    // without throwing an exception.
+    return Optional.empty();
+  }
+
+  private static final class JsonChannelCredsConfig implements ChannelCredsConfig {
+    private final String type;
+    private final Map<String, ?> config;
+
+    JsonChannelCredsConfig(String type, Map<String, ?> config) {
+      this.type = type;
+      this.config = config;
+    }
+
+    @Override
+    public String type() {
+      return type;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+      if (this == o) {
+        return true;
+      }
+      if (o == null || getClass() != o.getClass()) {
+        return false;
+      }
+      JsonChannelCredsConfig that = (JsonChannelCredsConfig) o;
+      return java.util.Objects.equals(type, that.type)
+          && java.util.Objects.equals(config, that.config);
+    }
+
+    @Override
+    public int hashCode() {
+      return java.util.Objects.hash(type, config);
+    }
+  }
+
 }
+
diff --git a/xds/src/main/java/io/grpc/xds/GrpcServiceConfigParser.java b/xds/src/main/java/io/grpc/xds/GrpcServiceConfigParser.java
new file mode 100644
index 00000000000..1510924f74c
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/GrpcServiceConfigParser.java
@@ -0,0 +1,339 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import com.google.auth.oauth2.AccessToken;
+import com.google.auth.oauth2.OAuth2Credentials;
+import com.google.common.collect.ImmutableList;
+import com.google.protobuf.Any;
+import com.google.protobuf.InvalidProtocolBufferException;
+import com.google.protobuf.util.Durations;
+import io.envoyproxy.envoy.config.core.v3.GrpcService;
+import io.envoyproxy.envoy.extensions.grpc_service.call_credentials.access_token.v3.AccessTokenCredentials;
+import io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.xds.v3.XdsCredentials;
+import io.grpc.CallCredentials;
+import io.grpc.CompositeCallCredentials;
+import io.grpc.InsecureChannelCredentials;
+import io.grpc.Metadata;
+import io.grpc.NameResolverRegistry;
+import io.grpc.SecurityLevel;
+import io.grpc.alts.GoogleDefaultChannelCredentials;
+import io.grpc.auth.MoreCallCredentials;
+import io.grpc.xds.client.AllowedGrpcServices;
+import io.grpc.xds.client.AllowedGrpcServices.AllowedGrpcService;
+import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.ConfiguredChannelCredentials;
+import io.grpc.xds.internal.grpcservice.GrpcServiceConfig;
+import io.grpc.xds.internal.grpcservice.GrpcServiceParseException;
+import io.grpc.xds.internal.grpcservice.HeaderValue;
+import io.grpc.xds.internal.grpcservice.HeaderValueValidationUtils;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Optional;
+import java.util.concurrent.Executor;
+
+/**
+ * Parser for {@link io.envoyproxy.envoy.config.core.v3.GrpcService} and related protos.
+ */
+final class GrpcServiceConfigParser {
+
+  static final String TLS_CREDENTIALS_TYPE_URL =
+      "type.googleapis.com/envoy.extensions.grpc_service.channel_credentials."
+          + "tls.v3.TlsCredentials";
+  static final String LOCAL_CREDENTIALS_TYPE_URL =
+      "type.googleapis.com/envoy.extensions.grpc_service.channel_credentials."
+          + "local.v3.LocalCredentials";
+  static final String XDS_CREDENTIALS_TYPE_URL =
+      "type.googleapis.com/envoy.extensions.grpc_service.channel_credentials."
+          + "xds.v3.XdsCredentials";
+  static final String INSECURE_CREDENTIALS_TYPE_URL =
+      "type.googleapis.com/envoy.extensions.grpc_service.channel_credentials."
+          + "insecure.v3.InsecureCredentials";
+  static final String GOOGLE_DEFAULT_CREDENTIALS_TYPE_URL =
+      "type.googleapis.com/envoy.extensions.grpc_service.channel_credentials."
+          + "google_default.v3.GoogleDefaultCredentials";
+
+
+
+  /**
+   * Parses the {@link io.envoyproxy.envoy.config.core.v3.GrpcService} proto to create a
+   * {@link GrpcServiceConfig} instance.
+   *
+   * @param grpcServiceProto The proto to parse.
+   * @return A {@link GrpcServiceConfig} instance.
+   * @throws GrpcServiceParseException if the proto is invalid or uses unsupported features.
+   */
+  public static GrpcServiceConfig parse(GrpcService grpcServiceProto,
+      Bootstrapper.BootstrapInfo bootstrapInfo, Bootstrapper.ServerInfo serverInfo)
+      throws GrpcServiceParseException {
+    if (!grpcServiceProto.hasGoogleGrpc()) {
+      throw new GrpcServiceParseException(
+          "Unsupported: GrpcService must have GoogleGrpc, got: " + grpcServiceProto);
+    }
+    GrpcServiceConfig.GoogleGrpcConfig googleGrpcConfig =
+        parseGoogleGrpcConfig(grpcServiceProto.getGoogleGrpc(), bootstrapInfo, serverInfo);
+
+    GrpcServiceConfig.Builder builder = GrpcServiceConfig.builder().googleGrpc(googleGrpcConfig);
+
+    ImmutableList.Builder<HeaderValue> initialMetadata = ImmutableList.builder();
+    for (io.envoyproxy.envoy.config.core.v3.HeaderValue header : grpcServiceProto
+        .getInitialMetadataList()) {
+      String key = header.getKey();
+      HeaderValue headerValue;
+      if (key.endsWith(Metadata.BINARY_HEADER_SUFFIX)) {
+        headerValue = HeaderValue.create(key, header.getRawValue());
+      } else {
+        headerValue = HeaderValue.create(key, header.getValue());
+      }
+      if (HeaderValueValidationUtils.isDisallowed(headerValue)) {
+        throw new GrpcServiceParseException("Invalid initial metadata header: " + key);
+      }
+      initialMetadata.add(headerValue);
+    }
+    builder.initialMetadata(initialMetadata.build());
+
+    if (grpcServiceProto.hasTimeout()) {
+      com.google.protobuf.Duration timeout = grpcServiceProto.getTimeout();
+      if (!Durations.isValid(timeout) || Durations.compare(timeout, Durations.ZERO) <= 0) {
+        throw new GrpcServiceParseException("Timeout must be strictly positive and valid");
+      }
+      builder.timeout(Duration.ofSeconds(timeout.getSeconds(), timeout.getNanos()));
+    }
+    return builder.build();
+  }
+
+  /**
+   * Parses the {@link io.envoyproxy.envoy.config.core.v3.GrpcService.GoogleGrpc} proto to create a
+   * {@link GrpcServiceConfig.GoogleGrpcConfig} instance.
+   *
+   * @param googleGrpcProto The proto to parse.
+   * @return A {@link GrpcServiceConfig.GoogleGrpcConfig} instance.
+   * @throws GrpcServiceParseException if the proto is invalid.
+   */
+  public static GrpcServiceConfig.GoogleGrpcConfig parseGoogleGrpcConfig(
+      GrpcService.GoogleGrpc googleGrpcProto, Bootstrapper.BootstrapInfo bootstrapInfo,
+      Bootstrapper.ServerInfo serverInfo) throws GrpcServiceParseException {
+
+    String targetUri = googleGrpcProto.getTargetUri();
+
+    AllowedGrpcServices allowedGrpcServices =
+        bootstrapInfo.implSpecificObject()
+            .filter(GrpcBootstrapImplConfig.class::isInstance)
+            .map(GrpcBootstrapImplConfig.class::cast)
+            .map(GrpcBootstrapImplConfig::allowedGrpcServices)
+            .orElse(AllowedGrpcServices.empty());
+
+    boolean isTrustedControlPlane = serverInfo.isTrustedXdsServer();
+    Optional<AllowedGrpcService> override =
+        Optional.ofNullable(allowedGrpcServices.services().get(targetUri));
+
+    boolean isTargetUriSchemeSupported = false;
+    try {
+      URI uri = new URI(targetUri);
+      String scheme = uri.getScheme();
+      if (scheme == null) {
+        scheme = NameResolverRegistry.getDefaultRegistry().getDefaultScheme();
+      }
+      if (scheme != null) {
+        isTargetUriSchemeSupported =
+            NameResolverRegistry.getDefaultRegistry().getProviderForScheme(scheme) != null;
+      }
+    } catch (URISyntaxException e) {
+      // Fallback or ignore if not a valid URI
+    }
+
+    if (!isTargetUriSchemeSupported) {
+      throw new GrpcServiceParseException("Target URI scheme is not resolvable: " + targetUri);
+    }
+
+    if (!isTrustedControlPlane) {
+      if (!override.isPresent()) {
+        throw new GrpcServiceParseException(
+            "Untrusted xDS server & URI not found in allowed_grpc_services: " + targetUri);
+      }
+
+      GrpcServiceConfig.GoogleGrpcConfig.Builder builder =
+          GrpcServiceConfig.GoogleGrpcConfig.builder().target(targetUri)
+              .configuredChannelCredentials(override.get().configuredChannelCredentials());
+      if (override.get().callCredentials().isPresent()) {
+        builder.callCredentials(override.get().callCredentials().get());
+      }
+      return builder.build();
+    }
+
+    ConfiguredChannelCredentials channelCreds =
+        extractChannelCredentials(googleGrpcProto.getChannelCredentialsPluginList());
+
+    Optional<CallCredentials> callCreds =
+        extractCallCredentials(googleGrpcProto.getCallCredentialsPluginList());
+
+    GrpcServiceConfig.GoogleGrpcConfig.Builder builder =
+        GrpcServiceConfig.GoogleGrpcConfig.builder().target(googleGrpcProto.getTargetUri())
+            .configuredChannelCredentials(channelCreds);
+    if (callCreds.isPresent()) {
+      builder.callCredentials(callCreds.get());
+    }
+    return builder.build();
+  }
+
+  private static Optional<ConfiguredChannelCredentials> channelCredsFromProto(Any cred)
+      throws GrpcServiceParseException {
+    String typeUrl = cred.getTypeUrl();
+    try {
+      switch (typeUrl) {
+        case GOOGLE_DEFAULT_CREDENTIALS_TYPE_URL:
+          return Optional
+              .of(ConfiguredChannelCredentials.create(GoogleDefaultChannelCredentials.create(),
+                  new ProtoChannelCredsConfig(typeUrl, cred)));
+        case INSECURE_CREDENTIALS_TYPE_URL:
+          return Optional.of(ConfiguredChannelCredentials.create(
+              InsecureChannelCredentials.create(), new ProtoChannelCredsConfig(typeUrl, cred)));
+        case XDS_CREDENTIALS_TYPE_URL:
+          XdsCredentials xdsConfig = cred.unpack(XdsCredentials.class);
+          Optional<ConfiguredChannelCredentials> fallbackCreds =
+              channelCredsFromProto(xdsConfig.getFallbackCredentials());
+          if (!fallbackCreds.isPresent()) {
+            throw new GrpcServiceParseException(
+                "Unsupported fallback credentials type for XdsCredentials");
+          }
+          return Optional.of(ConfiguredChannelCredentials.create(
+              XdsChannelCredentials.create(fallbackCreds.get().channelCredentials()),
+              new ProtoChannelCredsConfig(typeUrl, cred)));
+        case LOCAL_CREDENTIALS_TYPE_URL:
+          throw new GrpcServiceParseException(
+              "LocalCredentials are not supported in grpc-java. "
+                  + "See https://github.com/grpc/grpc-java/issues/8928");
+        case TLS_CREDENTIALS_TYPE_URL:
+          // For this PR, we establish this structural skeleton,
+          // but throw an GrpcServiceParseException until the exact stream conversions are
+          // merged.
+          throw new GrpcServiceParseException(
+              "TlsCredentials input stream construction pending.");
+        default:
+          return Optional.empty();
+      }
+    } catch (InvalidProtocolBufferException e) {
+      throw new GrpcServiceParseException("Failed to parse channel credentials: " + e.getMessage());
+    }
+  }
+
+  private static ConfiguredChannelCredentials extractChannelCredentials(
+      List<Any> channelCredentialPlugins) throws GrpcServiceParseException {
+    for (Any cred : channelCredentialPlugins) {
+      Optional<ConfiguredChannelCredentials> parsed = channelCredsFromProto(cred);
+      if (parsed.isPresent()) {
+        return parsed.get();
+      }
+    }
+    throw new GrpcServiceParseException("No valid supported channel_credentials found");
+  }
+
+  private static Optional<CallCredentials> callCredsFromProto(Any cred)
+      throws GrpcServiceParseException {
+    if (cred.is(AccessTokenCredentials.class)) {
+      try {
+        AccessTokenCredentials accessToken = cred.unpack(AccessTokenCredentials.class);
+        if (accessToken.getToken().isEmpty()) {
+          throw new GrpcServiceParseException("Missing or empty access token in call credentials.");
+        }
+        return Optional
+            .of(new SecurityAwareAccessTokenCredentials(MoreCallCredentials.from(OAuth2Credentials
+                .create(new AccessToken(accessToken.getToken(), new Date(Long.MAX_VALUE))))));
+      } catch (InvalidProtocolBufferException e) {
+        throw new GrpcServiceParseException(
+            "Failed to parse access token credentials: " + e.getMessage());
+      }
+    }
+    return Optional.empty();
+  }
+
+  private static Optional<CallCredentials> extractCallCredentials(List<Any> callCredentialPlugins)
+      throws GrpcServiceParseException {
+    List<CallCredentials> creds = new ArrayList<>();
+    for (Any cred : callCredentialPlugins) {
+      Optional<CallCredentials> parsed = callCredsFromProto(cred);
+      if (parsed.isPresent()) {
+        creds.add(parsed.get());
+      }
+    }
+    return creds.stream().reduce(CompositeCallCredentials::new);
+  }
+
+  private static final class SecurityAwareAccessTokenCredentials extends CallCredentials {
+
+    private final CallCredentials delegate;
+
+    SecurityAwareAccessTokenCredentials(CallCredentials delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public void applyRequestMetadata(RequestInfo requestInfo, Executor appExecutor,
+        MetadataApplier applier) {
+      if (requestInfo.getSecurityLevel() == SecurityLevel.PRIVACY_AND_INTEGRITY) {
+        delegate.applyRequestMetadata(requestInfo, appExecutor, applier);
+      } else {
+        applier.apply(new Metadata());
+      }
+    }
+  }
+
+  static final class ProtoChannelCredsConfig
+      implements ConfiguredChannelCredentials.ChannelCredsConfig {
+    private final String type;
+    private final Any configProto;
+
+    ProtoChannelCredsConfig(String type, Any configProto) {
+      this.type = type;
+      this.configProto = configProto;
+    }
+
+    @Override
+    public String type() {
+      return type;
+    }
+
+    Any configProto() {
+      return configProto;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+      if (this == o) {
+        return true;
+      }
+      if (o == null || getClass() != o.getClass()) {
+        return false;
+      }
+      ProtoChannelCredsConfig that = (ProtoChannelCredsConfig) o;
+      return java.util.Objects.equals(type, that.type)
+          && java.util.Objects.equals(configProto, that.configProto);
+    }
+
+    @Override
+    public int hashCode() {
+      return java.util.Objects.hash(type, configProto);
+    }
+  }
+
+
+
+}
diff --git a/xds/src/main/java/io/grpc/xds/client/AllowedGrpcServices.java b/xds/src/main/java/io/grpc/xds/client/AllowedGrpcServices.java
new file mode 100644
index 00000000000..e2d77689fca
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/client/AllowedGrpcServices.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.client;
+
+import com.google.auto.value.AutoValue;
+import com.google.common.collect.ImmutableMap;
+import io.grpc.CallCredentials;
+import io.grpc.Internal;
+import java.util.Map;
+import java.util.Optional;
+
+/**
+ * Wrapper for allowed gRPC services keyed by target URI.
+ */
+@Internal
+@AutoValue
+public abstract class AllowedGrpcServices {
+  public abstract ImmutableMap<String, AllowedGrpcService> services();
+
+  public static AllowedGrpcServices create(Map<String, AllowedGrpcService> services) {
+    return new AutoValue_AllowedGrpcServices(ImmutableMap.copyOf(services));
+  }
+
+  public static AllowedGrpcServices empty() {
+    return create(ImmutableMap.of());
+  }
+
+  /**
+   * Represents an allowed gRPC service configuration with call credentials.
+   */
+  @Internal
+  @AutoValue
+  public abstract static class AllowedGrpcService {
+    public abstract ConfiguredChannelCredentials configuredChannelCredentials();
+
+    public abstract Optional<CallCredentials> callCredentials();
+
+    public static Builder builder() {
+      return new AutoValue_AllowedGrpcServices_AllowedGrpcService.Builder();
+    }
+
+    @AutoValue.Builder
+    public abstract static class Builder {
+      public abstract Builder configuredChannelCredentials(
+          ConfiguredChannelCredentials credentials);
+
+      public abstract Builder callCredentials(CallCredentials callCredentials);
+
+      public abstract AllowedGrpcService build();
+    }
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
index 1d526703299..b8d6444e3b3 100644
--- a/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
+++ b/xds/src/main/java/io/grpc/xds/client/Bootstrapper.java
@@ -26,6 +26,7 @@
 import io.grpc.xds.client.EnvoyProtoData.Node;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import javax.annotation.Nullable;
 
 /**
@@ -205,11 +206,18 @@ public abstract static class BootstrapInfo {
      */
     public abstract ImmutableMap<String, AuthorityInfo> authorities();
 
+    /**
+     * Parsed configuration for implementation-specific extensions.
+     * Returns an opaque object containing the parsed configuration.
+     */
+    public abstract Optional<Object> implSpecificObject();
+
     @VisibleForTesting
     public static Builder builder() {
       return new AutoValue_Bootstrapper_BootstrapInfo.Builder()
           .clientDefaultListenerResourceNameTemplate("%s")
-          .authorities(ImmutableMap.<String, AuthorityInfo>of());
+          .authorities(ImmutableMap.<String, AuthorityInfo>of())
+          .implSpecificObject(Optional.empty());
     }
 
     @AutoValue.Builder
@@ -231,7 +239,10 @@ public abstract Builder clientDefaultListenerResourceNameTemplate(
 
       public abstract Builder authorities(Map<String, AuthorityInfo> authorities);
 
+      public abstract Builder implSpecificObject(Optional<Object> implSpecificObject);
+
       public abstract BootstrapInfo build();
     }
   }
+
 }
diff --git a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
index b44e32bb2d9..3f4ea8eb5c6 100644
--- a/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
+++ b/xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java
@@ -34,6 +34,8 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
+import javax.annotation.Nullable;
 
 /**
  * A {@link Bootstrapper} implementation that reads xDS configurations from local file system.
@@ -239,9 +241,18 @@ protected BootstrapInfo.Builder bootstrapBuilder(Map<String, ?> rawData)
       builder.authorities(authorityInfoMapBuilder.buildOrThrow());
     }
 
+    Map<String, ?> rawAllowedGrpcServices = JsonUtil.getObject(rawData, "allowed_grpc_services");
+    builder.implSpecificObject(parseImplSpecificObject(rawAllowedGrpcServices));
+
     return builder;
   }
 
+  protected Optional<Object> parseImplSpecificObject(
+      @Nullable Map<String, ?> rawAllowedGrpcServices)
+      throws XdsInitializationException {
+    return Optional.empty();
+  }
+
   private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger logger)
       throws XdsInitializationException {
     logger.log(XdsLogLevel.INFO, "Configured with {0} xDS servers", rawServerConfigs.size());
diff --git a/xds/src/main/java/io/grpc/xds/client/ConfiguredChannelCredentials.java b/xds/src/main/java/io/grpc/xds/client/ConfiguredChannelCredentials.java
new file mode 100644
index 00000000000..c6b9d774b4d
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/client/ConfiguredChannelCredentials.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.client;
+
+import com.google.auto.value.AutoValue;
+import io.grpc.ChannelCredentials;
+import io.grpc.Internal;
+
+/**
+ * Composition of {@link ChannelCredentials} and {@link ChannelCredsConfig}.
+ */
+@Internal
+@AutoValue
+public abstract class ConfiguredChannelCredentials {
+  public abstract ChannelCredentials channelCredentials();
+
+  public abstract ChannelCredsConfig channelCredsConfig();
+
+  public static ConfiguredChannelCredentials create(ChannelCredentials creds,
+      ChannelCredsConfig config) {
+    return new AutoValue_ConfiguredChannelCredentials(creds, config);
+  }
+
+  /**
+   * Configuration for channel credentials.
+   */
+  @Internal
+  public interface ChannelCredsConfig {
+    /**
+     * Returns the type of the credentials.
+     */
+    String type();
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/MatcherParser.java b/xds/src/main/java/io/grpc/xds/internal/MatcherParser.java
index fb291efc461..91b77b05d01 100644
--- a/xds/src/main/java/io/grpc/xds/internal/MatcherParser.java
+++ b/xds/src/main/java/io/grpc/xds/internal/MatcherParser.java
@@ -97,4 +97,25 @@ public static Matchers.StringMatcher parseStringMatcher(
                 "Unknown StringMatcher match pattern: " + proto.getMatchPatternCase());
     }
   }
+
+  /** Translates envoy proto FractionalPercent to internal FractionMatcher. */
+  public static Matchers.FractionMatcher parseFractionMatcher(
+      io.envoyproxy.envoy.type.v3.FractionalPercent proto) {
+    int denominator;
+    switch (proto.getDenominator()) {
+      case HUNDRED:
+        denominator = 100;
+        break;
+      case TEN_THOUSAND:
+        denominator = 10_000;
+        break;
+      case MILLION:
+        denominator = 1_000_000;
+        break;
+      case UNRECOGNIZED:
+      default:
+        throw new IllegalArgumentException("Unknown denominator type: " + proto.getDenominator());
+    }
+    return Matchers.FractionMatcher.create(proto.getNumerator(), denominator);
+  }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfig.java b/xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfig.java
new file mode 100644
index 00000000000..5aeb44c6e2a
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfig.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.extauthz;
+
+import com.google.auto.value.AutoValue;
+import com.google.common.collect.ImmutableList;
+import io.grpc.Status;
+import io.grpc.xds.internal.Matchers;
+import io.grpc.xds.internal.grpcservice.GrpcServiceConfig;
+import io.grpc.xds.internal.headermutations.HeaderMutationRulesConfig;
+import java.util.Optional;
+
+/**
+ * Represents the configuration for the external authorization (ext_authz) filter. This class
+ * encapsulates the settings defined in the
+ * {@link io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3.ExtAuthz} proto, providing a
+ * structured, immutable representation for use within gRPC. It includes configurations for the gRPC
+ * service used for authorization, header mutation rules, and other filter behaviors.
+ */
+@AutoValue
+public abstract class ExtAuthzConfig {
+
+  /** Creates a new builder for creating {@link ExtAuthzConfig} instances. */
+  public static Builder builder() {
+    return new AutoValue_ExtAuthzConfig.Builder().allowedHeaders(ImmutableList.of())
+        .disallowedHeaders(ImmutableList.of()).statusOnError(Status.PERMISSION_DENIED)
+        .filterEnabled(Matchers.FractionMatcher.create(100, 100));
+  }
+
+  /**
+   * The gRPC service configuration for the external authorization service. This is a required
+   * field.
+   *
+   * @see ExtAuthz#getGrpcService()
+   */
+  public abstract GrpcServiceConfig grpcService();
+
+  /**
+   * Changes the filter's behavior on errors from the authorization service. If {@code true}, the
+   * filter will accept the request even if the authorization service fails or returns an error.
+   *
+   * @see ExtAuthz#getFailureModeAllow()
+   */
+  public abstract boolean failureModeAllow();
+
+  /**
+   * Determines if the {@code x-envoy-auth-failure-mode-allowed} header is added to the request when
+   * {@link #failureModeAllow()} is true.
+   *
+   * @see ExtAuthz#getFailureModeAllowHeaderAdd()
+   */
+  public abstract boolean failureModeAllowHeaderAdd();
+
+  /**
+   * Specifies if the peer certificate is sent to the external authorization service.
+   *
+   * @see ExtAuthz#getIncludePeerCertificate()
+   */
+  public abstract boolean includePeerCertificate();
+
+  /**
+   * The gRPC status returned to the client when the authorization server returns an error or is
+   * unreachable. Defaults to {@code PERMISSION_DENIED}.
+   *
+   * @see io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3.ExtAuthz#getStatusOnError()
+   */
+  public abstract Status statusOnError();
+
+  /**
+   * Specifies whether to deny requests when the filter is disabled. Defaults to {@code false}.
+   *
+   * @see ExtAuthz#getDenyAtDisable()
+   */
+  public abstract boolean denyAtDisable();
+
+  /**
+   * The fraction of requests that will be checked by the authorization service. Defaults to all
+   * requests.
+   *
+   * @see ExtAuthz#getFilterEnabled()
+   */
+  public abstract Matchers.FractionMatcher filterEnabled();
+
+  /**
+   * Specifies which request headers are sent to the authorization service. If empty, all headers
+   * are sent.
+   *
+   * @see ExtAuthz#getAllowedHeaders()
+   */
+  public abstract ImmutableList<Matchers.StringMatcher> allowedHeaders();
+
+  /**
+   * Specifies which request headers are not sent to the authorization service. This overrides
+   * {@link #allowedHeaders()}.
+   *
+   * @see ExtAuthz#getDisallowedHeaders()
+   */
+  public abstract ImmutableList<Matchers.StringMatcher> disallowedHeaders();
+
+  /**
+   * Rules for what modifications an ext_authz server may make to request headers.
+   *
+   * @see ExtAuthz#getDecoderHeaderMutationRules()
+   */
+  public abstract Optional<HeaderMutationRulesConfig> decoderHeaderMutationRules();
+
+  @AutoValue.Builder
+  public abstract static class Builder {
+    public abstract Builder grpcService(GrpcServiceConfig grpcService);
+
+    public abstract Builder failureModeAllow(boolean failureModeAllow);
+
+    public abstract Builder failureModeAllowHeaderAdd(boolean failureModeAllowHeaderAdd);
+
+    public abstract Builder includePeerCertificate(boolean includePeerCertificate);
+
+    public abstract Builder statusOnError(Status statusOnError);
+
+    public abstract Builder denyAtDisable(boolean denyAtDisable);
+
+    public abstract Builder filterEnabled(Matchers.FractionMatcher filterEnabled);
+
+    public abstract Builder allowedHeaders(Iterable<Matchers.StringMatcher> allowedHeaders);
+
+    public abstract Builder disallowedHeaders(Iterable<Matchers.StringMatcher> disallowedHeaders);
+
+    public abstract Builder decoderHeaderMutationRules(HeaderMutationRulesConfig rules);
+
+    public abstract ExtAuthzConfig build();
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzParseException.java b/xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzParseException.java
new file mode 100644
index 00000000000..78edea5c305
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzParseException.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.extauthz;
+
+/**
+ * A custom exception for signaling errors during the parsing of external authorization
+ * (ext_authz) configurations.
+ */
+public class ExtAuthzParseException extends Exception {
+
+  private static final long serialVersionUID = 0L;
+
+  public ExtAuthzParseException(String message) {
+    super(message);
+  }
+
+  public ExtAuthzParseException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfig.java b/xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfig.java
new file mode 100644
index 00000000000..cefc235e9eb
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfig.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.grpcservice;
+
+import com.google.auto.value.AutoValue;
+import com.google.common.collect.ImmutableList;
+import io.grpc.CallCredentials;
+import io.grpc.xds.client.ConfiguredChannelCredentials;
+import java.time.Duration;
+import java.util.Optional;
+
+
+/**
+ * This class encapsulates the configuration for a gRPC service, including target URI, credentials,
+ * and other settings. This class is immutable and uses the AutoValue library for its
+ * implementation.
+ */
+@AutoValue
+public abstract class GrpcServiceConfig {
+
+  public static Builder builder() {
+    return new AutoValue_GrpcServiceConfig.Builder();
+  }
+
+  public abstract GoogleGrpcConfig googleGrpc();
+
+  public abstract Optional<Duration> timeout();
+
+  public abstract ImmutableList<HeaderValue> initialMetadata();
+
+  @AutoValue.Builder
+  public abstract static class Builder {
+    public abstract Builder googleGrpc(GoogleGrpcConfig googleGrpc);
+
+    public abstract Builder timeout(Duration timeout);
+
+    public abstract Builder initialMetadata(ImmutableList<HeaderValue> initialMetadata);
+
+    public abstract GrpcServiceConfig build();
+  }
+
+  /**
+   * This class encapsulates settings specific to Google's gRPC implementation, such as target URI
+   * and credentials.
+   */
+  @AutoValue
+  public abstract static class GoogleGrpcConfig {
+
+    public static Builder builder() {
+      return new AutoValue_GrpcServiceConfig_GoogleGrpcConfig.Builder();
+    }
+
+    public abstract String target();
+
+    public abstract ConfiguredChannelCredentials configuredChannelCredentials();
+
+    public abstract Optional<CallCredentials> callCredentials();
+
+    @AutoValue.Builder
+    public abstract static class Builder {
+      public abstract Builder target(String target);
+
+      public abstract Builder configuredChannelCredentials(
+          ConfiguredChannelCredentials channelCredentials);
+
+      public abstract Builder callCredentials(CallCredentials callCredentials);
+
+      public abstract GoogleGrpcConfig build();
+    }
+  }
+
+
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceParseException.java b/xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceParseException.java
new file mode 100644
index 00000000000..319ad3d07e3
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceParseException.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.grpcservice;
+
+/**
+ * Exception thrown when there is an error parsing the gRPC service config.
+ */
+public class GrpcServiceParseException extends Exception {
+
+  private static final long serialVersionUID = 1L;
+
+  public GrpcServiceParseException(String message) {
+    super(message);
+  }
+
+  public GrpcServiceParseException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/grpcservice/HeaderValue.java b/xds/src/main/java/io/grpc/xds/internal/grpcservice/HeaderValue.java
new file mode 100644
index 00000000000..1b7bb283744
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/grpcservice/HeaderValue.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.grpcservice;
+
+import com.google.auto.value.AutoValue;
+import com.google.protobuf.ByteString;
+import java.util.Optional;
+
+/**
+ * Represents a header to be mutated or added as part of xDS configuration.
+ * Avoids direct dependency on Envoy's proto objects while providing an immutable representation.
+ */
+@AutoValue
+public abstract class HeaderValue {
+
+  public static HeaderValue create(String key, String value) {
+    return new AutoValue_HeaderValue(key, Optional.of(value), Optional.empty());
+  }
+
+  public static HeaderValue create(String key, ByteString rawValue) {
+    return new AutoValue_HeaderValue(key, Optional.empty(), Optional.of(rawValue));
+  }
+
+
+  public abstract String key();
+
+  public abstract Optional<String> value();
+
+  public abstract Optional<ByteString> rawValue();
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/grpcservice/HeaderValueValidationUtils.java b/xds/src/main/java/io/grpc/xds/internal/grpcservice/HeaderValueValidationUtils.java
new file mode 100644
index 00000000000..ff0df11bdc5
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/grpcservice/HeaderValueValidationUtils.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.grpcservice;
+
+import java.util.Locale;
+
+/**
+ * Utility class for validating HTTP headers.
+ */
+public final class HeaderValueValidationUtils {
+  public static final int MAX_HEADER_LENGTH = 16384;
+
+  private HeaderValueValidationUtils() {}
+
+  /**
+   * Returns true if the header key is disallowed for mutations or validation.
+   *
+   * @param key The header key (e.g., "content-type")
+   */
+  public static boolean isDisallowed(String key) {
+    if (key.isEmpty() || key.length() > MAX_HEADER_LENGTH) {
+      return true;
+    }
+    if (!key.equals(key.toLowerCase(Locale.ROOT))) {
+      return true;
+    }
+    if (key.startsWith("grpc-")) {
+      return true;
+    }
+    if (key.startsWith(":") || key.equals("host")) {
+      return true;
+    }
+    return false;
+  }
+
+  /**
+   * Returns true if the header value is disallowed.
+   *
+   * @param header The HeaderValue containing key and values
+   */
+  public static boolean isDisallowed(HeaderValue header) {
+    if (isDisallowed(header.key())) {
+      return true;
+    }
+    if (header.value().isPresent() && header.value().get().length() > MAX_HEADER_LENGTH) {
+      return true;
+    }
+    if (header.rawValue().isPresent() && header.rawValue().get().size() > MAX_HEADER_LENGTH) {
+      return true;
+    }
+    return false;
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesConfig.java b/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesConfig.java
new file mode 100644
index 00000000000..b16ec7948ed
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesConfig.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.headermutations;
+
+import com.google.auto.value.AutoValue;
+import com.google.re2j.Pattern;
+import io.envoyproxy.envoy.config.common.mutation_rules.v3.HeaderMutationRules;
+import java.util.Optional;
+
+/**
+ * Represents the configuration for header mutation rules, as defined in the
+ * {@link io.envoyproxy.envoy.config.common.mutation_rules.v3.HeaderMutationRules} proto.
+ */
+@AutoValue
+public abstract class HeaderMutationRulesConfig {
+  /** Creates a new builder for creating {@link HeaderMutationRulesConfig} instances. */
+  public static Builder builder() {
+    return new AutoValue_HeaderMutationRulesConfig.Builder().disallowAll(false)
+        .disallowIsError(false);
+  }
+
+  /**
+   * If set, allows any header that matches this regular expression.
+   *
+   * @see HeaderMutationRules#getAllowExpression()
+   */
+  public abstract Optional<Pattern> allowExpression();
+
+  /**
+   * If set, disallows any header that matches this regular expression.
+   *
+   * @see HeaderMutationRules#getDisallowExpression()
+   */
+  public abstract Optional<Pattern> disallowExpression();
+
+  /**
+   * If true, disallows all header mutations.
+   *
+   * @see HeaderMutationRules#getDisallowAll()
+   */
+  public abstract boolean disallowAll();
+
+  /**
+   * If true, a disallowed header mutation will result in an error instead of being ignored.
+   *
+   * @see HeaderMutationRules#getDisallowIsError()
+   */
+  public abstract boolean disallowIsError();
+
+
+  @AutoValue.Builder
+  public abstract static class Builder {
+    public abstract Builder allowExpression(Pattern matcher);
+
+    public abstract Builder disallowExpression(Pattern matcher);
+
+    public abstract Builder disallowAll(boolean disallowAll);
+
+    public abstract Builder disallowIsError(boolean disallowIsError);
+
+    public abstract HeaderMutationRulesConfig build();
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParseException.java b/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParseException.java
new file mode 100644
index 00000000000..3782e84a54b
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParseException.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.headermutations;
+
+/**
+ * Exception thrown when parsing header mutation rules fails.
+ */
+public final class HeaderMutationRulesParseException extends Exception {
+  private static final long serialVersionUID = 1L;
+
+  public HeaderMutationRulesParseException(String message) {
+    super(message);
+  }
+
+  public HeaderMutationRulesParseException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}
diff --git a/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParser.java b/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParser.java
new file mode 100644
index 00000000000..f6bb2ec508d
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParser.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.headermutations;
+
+import com.google.re2j.Pattern;
+import com.google.re2j.PatternSyntaxException;
+import io.envoyproxy.envoy.config.common.mutation_rules.v3.HeaderMutationRules;
+
+/**
+ * Parser for {@link io.envoyproxy.envoy.config.common.mutation_rules.v3.HeaderMutationRules}.
+ */
+public final class HeaderMutationRulesParser {
+
+  private HeaderMutationRulesParser() {}
+
+  public static HeaderMutationRulesConfig parse(HeaderMutationRules proto)
+      throws HeaderMutationRulesParseException {
+    HeaderMutationRulesConfig.Builder builder = HeaderMutationRulesConfig.builder();
+    builder.disallowAll(proto.getDisallowAll().getValue());
+    builder.disallowIsError(proto.getDisallowIsError().getValue());
+    if (proto.hasAllowExpression()) {
+      builder.allowExpression(
+          parseRegex(proto.getAllowExpression().getRegex(), "allow_expression"));
+    }
+    if (proto.hasDisallowExpression()) {
+      builder.disallowExpression(
+          parseRegex(proto.getDisallowExpression().getRegex(), "disallow_expression"));
+    }
+    return builder.build();
+  }
+
+  private static Pattern parseRegex(String regex, String fieldName)
+      throws HeaderMutationRulesParseException {
+    try {
+      return Pattern.compile(regex);
+    } catch (PatternSyntaxException e) {
+      throw new HeaderMutationRulesParseException(
+          "Invalid regex pattern for " + fieldName + ": " + e.getMessage(), e);
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/ExtAuthzConfigParserTest.java b/xds/src/test/java/io/grpc/xds/ExtAuthzConfigParserTest.java
new file mode 100644
index 00000000000..fa2718cbe63
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/ExtAuthzConfigParserTest.java
@@ -0,0 +1,297 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.fail;
+
+import com.google.protobuf.Any;
+import com.google.protobuf.BoolValue;
+import io.envoyproxy.envoy.config.common.mutation_rules.v3.HeaderMutationRules;
+import io.envoyproxy.envoy.config.core.v3.GrpcService;
+import io.envoyproxy.envoy.config.core.v3.HeaderValue;
+import io.envoyproxy.envoy.config.core.v3.RuntimeFeatureFlag;
+import io.envoyproxy.envoy.config.core.v3.RuntimeFractionalPercent;
+import io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3.ExtAuthz;
+import io.envoyproxy.envoy.extensions.grpc_service.call_credentials.access_token.v3.AccessTokenCredentials;
+import io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.google_default.v3.GoogleDefaultCredentials;
+import io.envoyproxy.envoy.type.matcher.v3.ListStringMatcher;
+import io.envoyproxy.envoy.type.matcher.v3.RegexMatcher;
+import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
+import io.envoyproxy.envoy.type.v3.FractionalPercent;
+import io.envoyproxy.envoy.type.v3.FractionalPercent.DenominatorType;
+import io.grpc.Status;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
+import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.client.EnvoyProtoData.Node;
+import io.grpc.xds.internal.Matchers;
+import io.grpc.xds.internal.extauthz.ExtAuthzConfig;
+import io.grpc.xds.internal.extauthz.ExtAuthzParseException;
+import io.grpc.xds.internal.headermutations.HeaderMutationRulesConfig;
+import java.util.Collections;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class ExtAuthzConfigParserTest {
+
+  private static final Any GOOGLE_DEFAULT_CHANNEL_CREDS =
+      Any.pack(GoogleDefaultCredentials.newBuilder().build());
+  private static final Any FAKE_ACCESS_TOKEN_CALL_CREDS =
+      Any.pack(AccessTokenCredentials.newBuilder().setToken("fake-token").build());
+
+  private static BootstrapInfo dummyBootstrapInfo() {
+    return BootstrapInfo.builder()
+        .servers(
+            Collections.singletonList(ServerInfo.create("test_target", Collections.emptyMap())))
+        .node(Node.newBuilder().build()).build();
+  }
+
+  private static ServerInfo dummyServerInfo() {
+    return ServerInfo.create("test_target", Collections.emptyMap(), false, true, false, false);
+  }
+
+  private ExtAuthz.Builder extAuthzBuilder;
+
+  @Before
+  public void setUp() {
+    extAuthzBuilder = ExtAuthz.newBuilder()
+        .setGrpcService(GrpcService.newBuilder().setGoogleGrpc(GrpcService.GoogleGrpc.newBuilder()
+                .setTargetUri("test-cluster")
+                .addChannelCredentialsPlugin(GOOGLE_DEFAULT_CHANNEL_CREDS)
+                .addCallCredentialsPlugin(FAKE_ACCESS_TOKEN_CALL_CREDS).build())
+            .build());
+  }
+
+  @Test
+  public void parse_missingGrpcService_throws() {
+    ExtAuthz extAuthz = ExtAuthz.newBuilder().build();
+    try {
+      ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+      fail("Expected ExtAuthzParseException");
+    } catch (ExtAuthzParseException e) {
+      assertThat(e).hasMessageThat()
+          .isEqualTo("unsupported ExtAuthz service type: only grpc_service is supported");
+    }
+  }
+
+  @Test
+  public void parse_invalidGrpcService_throws() {
+    ExtAuthz extAuthz = ExtAuthz.newBuilder()
+        .setGrpcService(GrpcService.newBuilder().build())
+        .build();
+    try {
+      ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+      fail("Expected ExtAuthzParseException");
+    } catch (ExtAuthzParseException e) {
+      assertThat(e).hasMessageThat().startsWith("Failed to parse GrpcService config:");
+    }
+  }
+
+  @Test
+  public void parse_invalidAllowExpression_throws() {
+    ExtAuthz extAuthz = extAuthzBuilder
+        .setDecoderHeaderMutationRules(HeaderMutationRules.newBuilder()
+            .setAllowExpression(RegexMatcher.newBuilder().setRegex("[invalid").build()).build())
+        .build();
+    try {
+      ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+      fail("Expected ExtAuthzParseException");
+    } catch (ExtAuthzParseException e) {
+      assertThat(e).hasMessageThat().startsWith("Invalid regex pattern for allow_expression:");
+    }
+  }
+
+  @Test
+  public void parse_invalidDisallowExpression_throws() {
+    ExtAuthz extAuthz = extAuthzBuilder
+        .setDecoderHeaderMutationRules(HeaderMutationRules.newBuilder()
+            .setDisallowExpression(RegexMatcher.newBuilder().setRegex("[invalid").build()).build())
+        .build();
+    try {
+      ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+      fail("Expected ExtAuthzParseException");
+    } catch (ExtAuthzParseException e) {
+      assertThat(e).hasMessageThat().startsWith("Invalid regex pattern for disallow_expression:");
+    }
+  }
+
+  @Test
+  public void parse_success() throws ExtAuthzParseException {
+    ExtAuthz extAuthz =
+        extAuthzBuilder
+            .setGrpcService(extAuthzBuilder.getGrpcServiceBuilder()
+                .setTimeout(com.google.protobuf.Duration.newBuilder().setSeconds(5).build())
+                .addInitialMetadata(
+                    HeaderValue.newBuilder().setKey("key").setValue("value").build())
+                .build())
+            .setFailureModeAllow(true).setFailureModeAllowHeaderAdd(true)
+            .setIncludePeerCertificate(true)
+            .setStatusOnError(
+                io.envoyproxy.envoy.type.v3.HttpStatus.newBuilder().setCodeValue(403).build())
+            .setDenyAtDisable(
+                RuntimeFeatureFlag.newBuilder().setDefaultValue(BoolValue.of(true)).build())
+            .setFilterEnabled(RuntimeFractionalPercent.newBuilder()
+                .setDefaultValue(FractionalPercent.newBuilder().setNumerator(50)
+                    .setDenominator(DenominatorType.TEN_THOUSAND).build())
+                .build())
+            .setAllowedHeaders(ListStringMatcher.newBuilder()
+                .addPatterns(StringMatcher.newBuilder().setExact("allowed-header").build()).build())
+            .setDisallowedHeaders(ListStringMatcher.newBuilder()
+                .addPatterns(StringMatcher.newBuilder().setPrefix("disallowed-").build()).build())
+            .setDecoderHeaderMutationRules(HeaderMutationRules.newBuilder()
+                .setAllowExpression(RegexMatcher.newBuilder().setRegex("allow.*").build())
+                .setDisallowExpression(RegexMatcher.newBuilder().setRegex("disallow.*").build())
+                .setDisallowAll(BoolValue.of(true)).setDisallowIsError(BoolValue.of(true)).build())
+            .build();
+
+    ExtAuthzConfig config = ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+
+    assertThat(config.grpcService().googleGrpc().target()).isEqualTo("test-cluster");
+    assertThat(config.grpcService().timeout().get().getSeconds()).isEqualTo(5);
+    assertThat(config.grpcService().initialMetadata()).isNotEmpty();
+    assertThat(config.failureModeAllow()).isTrue();
+    assertThat(config.failureModeAllowHeaderAdd()).isTrue();
+    assertThat(config.includePeerCertificate()).isTrue();
+    assertThat(config.statusOnError().getCode()).isEqualTo(Status.PERMISSION_DENIED.getCode());
+    assertThat(config.statusOnError().getDescription()).isEqualTo("HTTP status code 403");
+    assertThat(config.denyAtDisable()).isTrue();
+    assertThat(config.filterEnabled()).isEqualTo(Matchers.FractionMatcher.create(50, 10_000));
+    assertThat(config.allowedHeaders()).hasSize(1);
+    assertThat(config.allowedHeaders().get(0).matches("allowed-header")).isTrue();
+    assertThat(config.disallowedHeaders()).hasSize(1);
+    assertThat(config.disallowedHeaders().get(0).matches("disallowed-foo")).isTrue();
+    assertThat(config.decoderHeaderMutationRules().isPresent()).isTrue();
+    HeaderMutationRulesConfig rules = config.decoderHeaderMutationRules().get();
+    assertThat(rules.allowExpression().get().pattern()).isEqualTo("allow.*");
+    assertThat(rules.disallowExpression().get().pattern()).isEqualTo("disallow.*");
+    assertThat(rules.disallowAll()).isTrue();
+    assertThat(rules.disallowIsError()).isTrue();
+  }
+
+  @Test
+  public void parse_saneDefaults() throws ExtAuthzParseException {
+    ExtAuthz extAuthz = extAuthzBuilder.build();
+
+    ExtAuthzConfig config = ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+
+    assertThat(config.failureModeAllow()).isFalse();
+    assertThat(config.failureModeAllowHeaderAdd()).isFalse();
+    assertThat(config.includePeerCertificate()).isFalse();
+    assertThat(config.statusOnError()).isEqualTo(Status.PERMISSION_DENIED);
+    assertThat(config.denyAtDisable()).isFalse();
+    assertThat(config.filterEnabled()).isEqualTo(Matchers.FractionMatcher.create(100, 100));
+    assertThat(config.allowedHeaders()).isEmpty();
+    assertThat(config.disallowedHeaders()).isEmpty();
+    assertThat(config.decoderHeaderMutationRules().isPresent()).isFalse();
+  }
+
+  @Test
+  public void parse_headerMutationRules_allowExpressionOnly() throws ExtAuthzParseException {
+    ExtAuthz extAuthz = extAuthzBuilder
+        .setDecoderHeaderMutationRules(HeaderMutationRules.newBuilder()
+            .setAllowExpression(RegexMatcher.newBuilder().setRegex("allow.*").build()).build())
+        .build();
+
+    ExtAuthzConfig config = ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+
+    assertThat(config.decoderHeaderMutationRules().isPresent()).isTrue();
+    HeaderMutationRulesConfig rules = config.decoderHeaderMutationRules().get();
+    assertThat(rules.allowExpression().get().pattern()).isEqualTo("allow.*");
+    assertThat(rules.disallowExpression().isPresent()).isFalse();
+  }
+
+  @Test
+  public void parse_headerMutationRules_disallowExpressionOnly() throws ExtAuthzParseException {
+    ExtAuthz extAuthz =
+        extAuthzBuilder.setDecoderHeaderMutationRules(HeaderMutationRules.newBuilder()
+            .setDisallowExpression(RegexMatcher.newBuilder().setRegex("disallow.*").build())
+            .build()).build();
+
+    ExtAuthzConfig config = ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+
+    assertThat(config.decoderHeaderMutationRules().isPresent()).isTrue();
+    HeaderMutationRulesConfig rules = config.decoderHeaderMutationRules().get();
+    assertThat(rules.allowExpression().isPresent()).isFalse();
+    assertThat(rules.disallowExpression().get().pattern()).isEqualTo("disallow.*");
+  }
+
+  @Test
+  public void parse_filterEnabled_hundred() throws ExtAuthzParseException {
+    ExtAuthz extAuthz = extAuthzBuilder
+        .setFilterEnabled(RuntimeFractionalPercent.newBuilder().setDefaultValue(FractionalPercent
+            .newBuilder().setNumerator(25).setDenominator(DenominatorType.HUNDRED).build()).build())
+        .build();
+
+    ExtAuthzConfig config = ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+
+    assertThat(config.filterEnabled()).isEqualTo(Matchers.FractionMatcher.create(25, 100));
+  }
+
+  @Test
+  public void parse_filterEnabled_million() throws ExtAuthzParseException {
+    ExtAuthz extAuthz = extAuthzBuilder
+        .setFilterEnabled(
+            RuntimeFractionalPercent.newBuilder().setDefaultValue(FractionalPercent.newBuilder()
+                .setNumerator(123456).setDenominator(DenominatorType.MILLION).build()).build())
+        .build();
+
+    ExtAuthzConfig config = ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+
+    assertThat(config.filterEnabled())
+        .isEqualTo(Matchers.FractionMatcher.create(123456, 1_000_000));
+  }
+
+  @Test
+  public void parse_filterEnabled_unrecognizedDenominator() {
+    ExtAuthz extAuthz = extAuthzBuilder.setFilterEnabled(RuntimeFractionalPercent.newBuilder()
+        .setDefaultValue(
+            FractionalPercent.newBuilder().setNumerator(1).setDenominatorValue(4).build())
+        .build()).build();
+
+    try {
+      ExtAuthzConfigParser.parse(extAuthz, 
+          dummyBootstrapInfo(),
+          dummyServerInfo());
+      fail("Expected ExtAuthzParseException");
+    } catch (ExtAuthzParseException e) {
+      assertThat(e).hasMessageThat().isEqualTo("Unknown denominator type: UNRECOGNIZED");
+    }
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
index 0a303b7255d..d4ee4159bc2 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java
@@ -28,6 +28,8 @@
 import io.grpc.TlsChannelCredentials;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.GrpcUtil.GrpcBuildVersion;
+import io.grpc.xds.client.AllowedGrpcServices;
+import io.grpc.xds.client.AllowedGrpcServices.AllowedGrpcService;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.Bootstrapper.AuthorityInfo;
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
@@ -97,6 +99,59 @@ public void parseBootstrap_emptyServers_throws() {
     assertThat(e).hasMessageThat().isEqualTo("Invalid bootstrap: 'xds_servers' is empty");
   }
 
+  @Test
+  public void parseBootstrap_allowedGrpcServices() throws XdsInitializationException {
+    String rawData = "{\n"
+        + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [{\"type\": \"insecure\"}]\n"
+        + "    }\n"
+        + "  ],\n"
+        + "  \"allowed_grpc_services\": {\n"
+        + "    \"dns:///foo.com:443\": {\n"
+        + "      \"channel_creds\": [{\"type\": \"insecure\"}],\n"
+        + "      \"call_creds\": [{\"type\": \"access_token\"}]\n"
+        + "    }\n"
+        + "  }\n"
+        + "}";
+
+    bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
+    BootstrapInfo info = bootstrapper.bootstrap();
+    GrpcBootstrapImplConfig customConfig =
+        (GrpcBootstrapImplConfig) info.implSpecificObject().get();
+    AllowedGrpcServices allowed = customConfig.allowedGrpcServices();
+    assertThat(allowed).isNotNull();
+    assertThat(allowed.services()).containsKey("dns:///foo.com:443");
+    AllowedGrpcService service = allowed.services().get("dns:///foo.com:443");
+    assertThat(service.configuredChannelCredentials().channelCredentials())
+        .isInstanceOf(InsecureChannelCredentials.class);
+    assertThat(service.callCredentials().isPresent()).isFalse();
+  }
+
+  @Test
+  public void parseBootstrap_allowedGrpcServices_invalidChannelCreds() {
+    String rawData = "{\n"
+        + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [{\"type\": \"insecure\"}]\n"
+        + "    }\n"
+        + "  ],\n"
+        + "  \"allowed_grpc_services\": {\n"
+        + "    \"dns:///foo.com:443\": {\n"
+        + "      \"channel_creds\": []\n"
+        + "    }\n"
+        + "  }\n"
+        + "}";
+
+    bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
+    XdsInitializationException e = assertThrows(XdsInitializationException.class,
+        bootstrapper::bootstrap);
+    assertThat(e).hasMessageThat()
+        .isEqualTo("Invalid bootstrap: server dns:///foo.com:443 'channel_creds' required");
+  }
+
   @Test
   public void parseBootstrap_singleXdsServer() throws XdsInitializationException {
     String rawData = "{\n"
diff --git a/xds/src/test/java/io/grpc/xds/GrpcServiceConfigParserTest.java b/xds/src/test/java/io/grpc/xds/GrpcServiceConfigParserTest.java
new file mode 100644
index 00000000000..ddfd0f19498
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/GrpcServiceConfigParserTest.java
@@ -0,0 +1,757 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.protobuf.Any;
+import com.google.protobuf.ByteString;
+import com.google.protobuf.Duration;
+import io.envoyproxy.envoy.config.core.v3.GrpcService;
+import io.envoyproxy.envoy.config.core.v3.HeaderValue;
+import io.envoyproxy.envoy.extensions.grpc_service.call_credentials.access_token.v3.AccessTokenCredentials;
+import io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.google_default.v3.GoogleDefaultCredentials;
+import io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.insecure.v3.InsecureCredentials;
+import io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.local.v3.LocalCredentials;
+import io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.xds.v3.XdsCredentials;
+import io.grpc.Attributes;
+import io.grpc.CallCredentials;
+import io.grpc.CompositeCallCredentials;
+import io.grpc.CompositeChannelCredentials;
+import io.grpc.InsecureChannelCredentials;
+import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
+import io.grpc.SecurityLevel;
+import io.grpc.Status;
+import io.grpc.alts.GoogleDefaultChannelCredentials;
+import io.grpc.xds.client.AllowedGrpcServices;
+import io.grpc.xds.client.AllowedGrpcServices.AllowedGrpcService;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
+import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.client.ConfiguredChannelCredentials;
+import io.grpc.xds.client.EnvoyProtoData.Node;
+import io.grpc.xds.internal.grpcservice.GrpcServiceConfig;
+import io.grpc.xds.internal.grpcservice.GrpcServiceParseException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Collections;
+import java.util.Optional;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.Mockito;
+
+@RunWith(JUnit4.class)
+public class GrpcServiceConfigParserTest {
+
+  private static final String CALL_CREDENTIALS_CLASS_NAME =
+      "io.grpc.xds.GrpcServiceConfigParser$SecurityAwareAccessTokenCredentials";
+
+  private static BootstrapInfo dummyBootstrapInfo() {
+    return dummyBootstrapInfo(Optional.empty());
+  }
+
+  private static BootstrapInfo dummyBootstrapInfo(Optional<Object> implSpecificObject) {
+    return BootstrapInfo.builder()
+        .servers(Collections
+            .singletonList(ServerInfo.create("test_target", Collections.emptyMap())))
+        .node(Node.newBuilder().build()).implSpecificObject(implSpecificObject).build();
+  }
+
+  private static ServerInfo dummyServerInfo() {
+    return dummyServerInfo(true);
+  }
+
+  private static ServerInfo dummyServerInfo(boolean isTrusted) {
+    return ServerInfo.create("test_target", Collections.emptyMap(), false, isTrusted, false,
+        false);
+  }
+
+  private static GrpcServiceConfig parse(
+      GrpcService grpcServiceProto, BootstrapInfo bootstrapInfo,
+      ServerInfo serverInfo)
+      throws GrpcServiceParseException {
+    return GrpcServiceConfigParser.parse(grpcServiceProto, bootstrapInfo, serverInfo);
+  }
+
+  private static GrpcServiceConfig.GoogleGrpcConfig parseGoogleGrpcConfig(
+      GrpcService.GoogleGrpc googleGrpcProto, BootstrapInfo bootstrapInfo,
+      ServerInfo serverInfo)
+      throws GrpcServiceParseException {
+    return GrpcServiceConfigParser.parseGoogleGrpcConfig(
+        googleGrpcProto, bootstrapInfo, serverInfo);
+  }
+
+  @Test
+  public void parse_success() throws GrpcServiceParseException {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).addCallCredentialsPlugin(accessTokenCreds)
+        .build();
+    HeaderValue asciiHeader =
+        HeaderValue.newBuilder().setKey("test_key").setValue("test_value").build();
+    HeaderValue binaryHeader =
+        HeaderValue.newBuilder().setKey("test_key-bin").setRawValue(ByteString
+            .copyFrom("test_value_binary".getBytes(StandardCharsets.UTF_8))).build();
+    Duration timeout = Duration.newBuilder().setSeconds(10).build();
+    GrpcService grpcService =
+        GrpcService.newBuilder().setGoogleGrpc(googleGrpc).addInitialMetadata(asciiHeader)
+            .addInitialMetadata(binaryHeader).setTimeout(timeout).build();
+
+    GrpcServiceConfig config = parse(grpcService,
+            dummyBootstrapInfo(),
+            dummyServerInfo());
+
+    // Assert target URI
+    assertThat(config.googleGrpc().target()).isEqualTo("test_uri");
+
+    // Assert channel credentials
+    assertThat(config.googleGrpc().configuredChannelCredentials().channelCredentials())
+        .isInstanceOf(InsecureChannelCredentials.class);
+    GrpcServiceConfigParser.ProtoChannelCredsConfig credsConfig =
+        (GrpcServiceConfigParser.ProtoChannelCredsConfig)
+            config.googleGrpc().configuredChannelCredentials().channelCredsConfig();
+    assertThat(credsConfig.configProto()).isEqualTo(insecureCreds);
+
+    // Assert call credentials
+    assertThat(config.googleGrpc().callCredentials().isPresent()).isTrue();
+    assertThat(config.googleGrpc().callCredentials().get().getClass().getName())
+        .isEqualTo(CALL_CREDENTIALS_CLASS_NAME);
+
+    // Assert initial metadata
+    assertThat(config.initialMetadata()).isNotEmpty();
+    assertThat(config.initialMetadata().get(0).key()).isEqualTo("test_key");
+    assertThat(config.initialMetadata().get(0).value().get()).isEqualTo("test_value");
+    assertThat(config.initialMetadata().get(1).key()).isEqualTo("test_key-bin");
+    assertThat(config.initialMetadata().get(1).rawValue().get().toByteArray())
+        .isEqualTo("test_value_binary".getBytes(StandardCharsets.UTF_8));
+
+    // Assert timeout
+    assertThat(config.timeout().isPresent()).isTrue();
+    assertThat(config.timeout().get()).isEqualTo(java.time.Duration.ofSeconds(10));
+  }
+
+  @Test
+  public void parse_minimalSuccess_defaults() throws GrpcServiceParseException {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).addCallCredentialsPlugin(accessTokenCreds)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceConfig config = parse(grpcService,
+            dummyBootstrapInfo(),
+            dummyServerInfo());
+
+    assertThat(config.googleGrpc().target()).isEqualTo("test_uri");
+    assertThat(config.initialMetadata()).isEmpty();
+    assertThat(config.timeout().isPresent()).isFalse();
+  }
+
+  @Test
+  public void parse_missingGoogleGrpc() {
+    GrpcService grpcService = GrpcService.newBuilder().build();
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService,
+                    dummyBootstrapInfo(),
+            dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .startsWith("Unsupported: GrpcService must have GoogleGrpc, got: ");
+  }
+
+  @Test
+  public void parse_emptyCallCredentials() throws GrpcServiceParseException {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceConfig config = parse(grpcService,
+            dummyBootstrapInfo(),
+            dummyServerInfo());
+
+    assertThat(config.googleGrpc().callCredentials().isPresent()).isFalse();
+  }
+
+  @Test
+  public void parse_emptyChannelCredentials() {
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addCallCredentialsPlugin(accessTokenCreds).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService,
+                    dummyBootstrapInfo(),
+            dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .isEqualTo("No valid supported channel_credentials found");
+  }
+
+  @Test
+  public void parse_googleDefaultCredentials() throws GrpcServiceParseException {
+    Any googleDefaultCreds = Any.pack(GoogleDefaultCredentials.getDefaultInstance());
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(googleDefaultCreds).addCallCredentialsPlugin(accessTokenCreds)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceConfig config = parse(grpcService,
+            dummyBootstrapInfo(),
+            dummyServerInfo());
+
+    assertThat(config.googleGrpc().configuredChannelCredentials().channelCredentials())
+        .isInstanceOf(CompositeChannelCredentials.class);
+    GrpcServiceConfigParser.ProtoChannelCredsConfig credsConfig =
+        (GrpcServiceConfigParser.ProtoChannelCredsConfig)
+            config.googleGrpc().configuredChannelCredentials().channelCredsConfig();
+    assertThat(credsConfig.configProto()).isEqualTo(googleDefaultCreds);
+  }
+
+  @Test
+  public void parse_localCredentials() throws GrpcServiceParseException {
+    Any localCreds = Any.pack(LocalCredentials.getDefaultInstance());
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(localCreds).addCallCredentialsPlugin(accessTokenCreds).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+            () -> parse(grpcService,
+                    dummyBootstrapInfo(),
+            dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .contains("LocalCredentials are not supported in grpc-java");
+  }
+
+  @Test
+  public void parse_xdsCredentials_withInsecureFallback() throws GrpcServiceParseException {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    XdsCredentials xdsCreds =
+        XdsCredentials.newBuilder().setFallbackCredentials(insecureCreds).build();
+    Any xdsCredsAny = Any.pack(xdsCreds);
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(xdsCredsAny).addCallCredentialsPlugin(accessTokenCreds)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceConfig config = GrpcServiceConfigParser.parse(grpcService,
+            dummyBootstrapInfo(),
+            dummyServerInfo());
+
+    assertThat(config.googleGrpc().configuredChannelCredentials().channelCredentials())
+        .isNotNull();
+    GrpcServiceConfigParser.ProtoChannelCredsConfig credsConfig =
+        (GrpcServiceConfigParser.ProtoChannelCredsConfig)
+            config.googleGrpc().configuredChannelCredentials().channelCredsConfig();
+    assertThat(credsConfig.configProto()).isEqualTo(xdsCredsAny);
+  }
+
+  @Test
+  public void parse_tlsCredentials_notSupported() {
+    Any tlsCreds = Any
+        .pack(io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.tls.v3.TlsCredentials
+            .getDefaultInstance());
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(tlsCreds).addCallCredentialsPlugin(accessTokenCreds).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+            () -> parse(grpcService,
+                    dummyBootstrapInfo(),
+            dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .contains("TlsCredentials input stream construction pending");
+  }
+
+  @Test
+  public void parse_invalidChannelCredentialsProto() {
+    // Pack a Duration proto, but try to unpack it as GoogleDefaultCredentials
+    Any invalidCreds = Any.pack(Duration.getDefaultInstance());
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(invalidCreds).addCallCredentialsPlugin(accessTokenCreds)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService,
+                    dummyBootstrapInfo(),
+            dummyServerInfo()));
+    assertThat(exception).hasMessageThat().contains("No valid supported channel_credentials found");
+  }
+
+  @Test
+  public void parse_ignoredUnsupportedCallCredentialsProto() throws GrpcServiceParseException {
+    // Pack a Duration proto, but try to unpack it as AccessTokenCredentials
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any invalidCallCredentials = Any.pack(Duration.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).addCallCredentialsPlugin(invalidCallCredentials)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceConfig config = parse(grpcService,
+            dummyBootstrapInfo(),
+            dummyServerInfo());
+    assertThat(config.googleGrpc().callCredentials().isPresent()).isFalse();
+  }
+
+  @Test
+  public void parse_invalidAccessTokenCallCredentialsProto() {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any invalidCallCredentials = Any.pack(AccessTokenCredentials.newBuilder().setToken("").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).addCallCredentialsPlugin(invalidCallCredentials)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService,
+                    dummyBootstrapInfo(),
+            dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .contains("Missing or empty access token in call credentials");
+  }
+
+  @Test
+  public void parse_multipleCallCredentials() throws GrpcServiceParseException {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any accessTokenCreds1 =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("token1").build());
+    Any accessTokenCreds2 =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("token2").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).addCallCredentialsPlugin(accessTokenCreds1)
+        .addCallCredentialsPlugin(accessTokenCreds2).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceConfig config = parse(grpcService,
+            dummyBootstrapInfo(),
+            dummyServerInfo());
+
+    assertThat(config.googleGrpc().callCredentials().isPresent()).isTrue();
+    assertThat(config.googleGrpc().callCredentials().get())
+        .isInstanceOf(CompositeCallCredentials.class);
+  }
+
+  @Test
+  public void parse_untrustedControlPlane_withoutOverride() {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    BootstrapInfo untrustedBootstrapInfo = dummyBootstrapInfo(Optional.empty());
+    ServerInfo untrustedServerInfo =
+        dummyServerInfo(false);
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+            () -> parse(
+            grpcService, untrustedBootstrapInfo, untrustedServerInfo));
+    assertThat(exception).hasMessageThat()
+        .contains("Untrusted xDS server & URI not found in allowed_grpc_services");
+  }
+
+  @Test
+  public void parse_untrustedControlPlane_withOverride() throws GrpcServiceParseException {
+    // The proto credentials (insecure) should be ignored in favor of the override (google default)
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    ConfiguredChannelCredentials overrideChannelCreds = ConfiguredChannelCredentials.create(
+            GoogleDefaultChannelCredentials.create(),
+            new GrpcServiceConfigParser.ProtoChannelCredsConfig(
+                GrpcServiceConfigParser.GOOGLE_DEFAULT_CREDENTIALS_TYPE_URL,
+                Any.pack(GoogleDefaultCredentials.getDefaultInstance())));
+    AllowedGrpcService override = AllowedGrpcService.builder()
+            .configuredChannelCredentials(overrideChannelCreds).build();
+    AllowedGrpcServices servicesMap =
+            AllowedGrpcServices.create(
+                ImmutableMap.of("test_uri", override));
+
+    BootstrapInfo untrustedBootstrapInfo =
+        dummyBootstrapInfo(Optional.of(GrpcBootstrapImplConfig.create(servicesMap)));
+    ServerInfo untrustedServerInfo =
+        dummyServerInfo(false);
+
+    GrpcServiceConfig config =
+            parse(grpcService, untrustedBootstrapInfo, untrustedServerInfo);
+
+    // Assert channel credentials are the override, not the proto's insecure creds
+    assertThat(config.googleGrpc().configuredChannelCredentials().channelCredentials())
+            .isInstanceOf(CompositeChannelCredentials.class);
+  }
+
+  @Test
+  public void parse_invalidTimeout() {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+
+    // Negative timeout
+    Duration timeout = Duration.newBuilder().setSeconds(-10).build();
+    GrpcService grpcService = GrpcService.newBuilder()
+        .setGoogleGrpc(googleGrpc).setTimeout(timeout).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+            () -> parse(grpcService,
+                    dummyBootstrapInfo(),
+            dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .contains("Timeout must be strictly positive");
+
+    // Zero timeout
+    timeout = Duration.newBuilder().setSeconds(0).setNanos(0).build();
+    GrpcService grpcServiceZero = GrpcService.newBuilder()
+        .setGoogleGrpc(googleGrpc).setTimeout(timeout).build();
+
+    exception = assertThrows(GrpcServiceParseException.class,
+            () -> parse(grpcServiceZero,
+                    dummyBootstrapInfo(),
+            dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .contains("Timeout must be strictly positive");
+  }
+
+  @Test
+  public void parseGoogleGrpcConfig_unsupportedScheme() {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder()
+        .setTargetUri("unknown://test")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+
+    BootstrapInfo bootstrapInfo = dummyBootstrapInfo();
+    ServerInfo serverInfo = dummyServerInfo();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parseGoogleGrpcConfig(
+            googleGrpc, bootstrapInfo, serverInfo));
+    assertThat(exception).hasMessageThat()
+        .contains("Target URI scheme is not resolvable");
+  }
+
+  @Test
+  public void parse_disallowedInitialMetadata() {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+    HeaderValue disallowedHeader =
+        HeaderValue.newBuilder().setKey("host").setValue("test_value").build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc)
+        .addInitialMetadata(disallowedHeader).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService, dummyBootstrapInfo(), dummyServerInfo()));
+    assertThat(exception).hasMessageThat().contains("Invalid initial metadata header: host");
+  }
+
+  @Test
+  public void parse_invalidDuration() {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+
+    Duration timeout = Duration.newBuilder().setSeconds(10).setNanos(1_000_000_000).build();
+    GrpcService grpcService = GrpcService.newBuilder()
+        .setGoogleGrpc(googleGrpc).setTimeout(timeout).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService, dummyBootstrapInfo(), dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .contains("Timeout must be strictly positive and valid");
+  }
+
+  @Test
+  public void parse_invalidChannelCredsProto() {
+    Any invalidCreds = Any.newBuilder()
+        .setTypeUrl(GrpcServiceConfigParser.XDS_CREDENTIALS_TYPE_URL)
+        .setValue(ByteString.copyFrom(new byte[]{1, 2, 3})).build();
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(invalidCreds).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService, dummyBootstrapInfo(), dummyServerInfo()));
+    assertThat(exception).hasMessageThat().contains("Failed to parse channel credentials");
+  }
+
+  @Test
+  public void parse_unsupportedXdsFallbackCreds() {
+    Any unsupportedFallback = Any.pack(Duration.getDefaultInstance());
+    XdsCredentials xds =
+        XdsCredentials.newBuilder().setFallbackCredentials(unsupportedFallback).build();
+    Any xdsCredsAny = Any.newBuilder()
+        .setTypeUrl(GrpcServiceConfigParser.XDS_CREDENTIALS_TYPE_URL)
+        .setValue(xds.toByteString()).build();
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(xdsCredsAny).build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService, dummyBootstrapInfo(), dummyServerInfo()));
+    assertThat(exception).hasMessageThat()
+        .contains("Unsupported fallback credentials type for XdsCredentials");
+  }
+
+  @Test
+  public void parse_invalidCallCredsProto() {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    // We just create an Any representing AccessTokenCredentials but with invalid bytes
+    Any invalidCallCreds = Any.newBuilder()
+        .setTypeUrl(Any.pack(AccessTokenCredentials.getDefaultInstance()).getTypeUrl())
+        .setValue(ByteString.copyFrom(new byte[]{1, 2, 3})).build();
+
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).addCallCredentialsPlugin(invalidCallCreds)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parse(grpcService, dummyBootstrapInfo(), dummyServerInfo()));
+    assertThat(exception).hasMessageThat().contains("Failed to parse access token credentials");
+  }
+
+  @Test
+  public void parseGoogleGrpcConfig_malformedUriThrows() {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri(":::::")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+
+    BootstrapInfo bootstrapInfo = dummyBootstrapInfo();
+    ServerInfo serverInfo = dummyServerInfo();
+
+    GrpcServiceParseException exception = assertThrows(GrpcServiceParseException.class,
+        () -> parseGoogleGrpcConfig(googleGrpc, bootstrapInfo, serverInfo));
+    assertThat(exception).hasMessageThat().contains("Target URI scheme is not resolvable");
+  }
+
+  @Test
+  public void parseGoogleGrpcConfig_untrustedWithCallCredentialsOverride() throws Exception {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder().setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds).build();
+
+    ConfiguredChannelCredentials overrideChannelCreds =
+        ConfiguredChannelCredentials.create(GoogleDefaultChannelCredentials.create(),
+            new GrpcServiceConfigParser.ProtoChannelCredsConfig(
+                GrpcServiceConfigParser.GOOGLE_DEFAULT_CREDENTIALS_TYPE_URL,
+                Any.pack(GoogleDefaultCredentials.getDefaultInstance())));
+
+    CallCredentials fakeCallCreds = Mockito.mock(CallCredentials.class);
+    AllowedGrpcService override = AllowedGrpcService.builder()
+        .configuredChannelCredentials(overrideChannelCreds).callCredentials(fakeCallCreds).build();
+
+    AllowedGrpcServices servicesMap =
+        AllowedGrpcServices
+            .create(ImmutableMap.of("test_uri", override));
+
+    BootstrapInfo untrustedBootstrapInfo =
+        dummyBootstrapInfo(Optional.of(GrpcBootstrapImplConfig.create(servicesMap)));
+    ServerInfo untrustedServerInfo = dummyServerInfo(false);
+
+    GrpcServiceConfig.GoogleGrpcConfig config =
+        parseGoogleGrpcConfig(googleGrpc, untrustedBootstrapInfo, untrustedServerInfo);
+
+    assertThat(config.callCredentials().isPresent()).isTrue();
+    assertThat(config.callCredentials().get()).isSameInstanceAs(fakeCallCreds);
+  }
+
+  @Test
+  public void protoChannelCredsConfig_equalsAndHashCode() {
+    Any insecureCreds1 = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any insecureCreds2 = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any localCreds = Any.pack(LocalCredentials.getDefaultInstance());
+
+    GrpcServiceConfigParser.ProtoChannelCredsConfig config1 =
+        new GrpcServiceConfigParser.ProtoChannelCredsConfig("type1", insecureCreds1);
+    GrpcServiceConfigParser.ProtoChannelCredsConfig config1Equivalent =
+        new GrpcServiceConfigParser.ProtoChannelCredsConfig("type1", insecureCreds2);
+    GrpcServiceConfigParser.ProtoChannelCredsConfig configDifferentType =
+        new GrpcServiceConfigParser.ProtoChannelCredsConfig("type2", insecureCreds1);
+    GrpcServiceConfigParser.ProtoChannelCredsConfig configDifferentProto =
+        new GrpcServiceConfigParser.ProtoChannelCredsConfig("type1", localCreds);
+
+    assertThat(config1.type()).isEqualTo("type1");
+    assertThat(config1.equals(config1)).isTrue();
+    assertThat(config1.equals(null)).isFalse();
+    assertThat(config1.equals(new Object())).isFalse();
+    assertThat(config1.equals(config1Equivalent)).isTrue();
+    assertThat(config1.hashCode()).isEqualTo(config1Equivalent.hashCode());
+    assertThat(config1.equals(configDifferentType)).isFalse();
+    assertThat(config1.equals(configDifferentProto)).isFalse();
+  }
+
+  static class RecordingMetadataApplier extends CallCredentials.MetadataApplier {
+    boolean applied = false;
+    boolean failed = false;
+    Metadata appliedHeaders = null;
+
+    @Override
+    public void apply(Metadata headers) {
+      applied = true;
+      appliedHeaders = headers;
+    }
+
+    @Override
+    public void fail(Status status) {
+      failed = true;
+    }
+  }
+
+  static class FakeRequestInfo extends CallCredentials.RequestInfo {
+    private final SecurityLevel securityLevel;
+    private final MethodDescriptor<?, ?> methodDescriptor;
+
+    FakeRequestInfo(SecurityLevel securityLevel) {
+      this.securityLevel = securityLevel;
+      this.methodDescriptor = MethodDescriptor.<Void, Void>newBuilder()
+          .setType(MethodDescriptor.MethodType.UNARY)
+          .setFullMethodName("test_service/test_method")
+          .setRequestMarshaller(new NoopMarshaller<Void>())
+          .setResponseMarshaller(new NoopMarshaller<Void>())
+          .build();
+    }
+
+    private static class NoopMarshaller<T> implements MethodDescriptor.Marshaller<T> {
+      @Override
+      public InputStream stream(T value) {
+        return null;
+      }
+
+      @Override
+      public T parse(InputStream stream) {
+        return null;
+      }
+    }
+
+    @Override
+    public MethodDescriptor<?, ?> getMethodDescriptor() {
+      return methodDescriptor;
+    }
+
+    @Override
+    public SecurityLevel getSecurityLevel() {
+      return securityLevel;
+    }
+
+    @Override
+    public String getAuthority() {
+      return "dummy-authority";
+    }
+
+    @Override
+    public Attributes getTransportAttrs() {
+      return Attributes.EMPTY;
+    }
+  }
+
+
+  @Test
+  public void securityAwareCredentials_secureConnection_appliesToken() throws Exception {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder()
+        .setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds)
+        .addCallCredentialsPlugin(accessTokenCreds)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceConfig config = parse(grpcService,
+        dummyBootstrapInfo(),
+            dummyServerInfo());
+
+    CallCredentials creds = config.googleGrpc().callCredentials().get();
+    RecordingMetadataApplier applier = new RecordingMetadataApplier();
+    CountDownLatch latch = new CountDownLatch(1);
+
+    creds.applyRequestMetadata(
+        new FakeRequestInfo(SecurityLevel.PRIVACY_AND_INTEGRITY),
+        Runnable::run, // Use direct executor to avoid async issues in test
+        new CallCredentials.MetadataApplier() {
+          @Override
+          public void apply(Metadata headers) {
+            applier.apply(headers);
+            latch.countDown();
+          }
+
+          @Override
+          public void fail(Status status) {
+            applier.fail(status);
+            latch.countDown();
+          }
+        });
+
+    latch.await(5, TimeUnit.SECONDS);
+    assertThat(applier.applied).isTrue();
+    assertThat(applier.appliedHeaders.get(
+        Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)))
+        .isEqualTo("Bearer test_token");
+  }
+
+  @Test
+  public void securityAwareCredentials_insecureConnection_appliesEmptyMetadata() throws Exception {
+    Any insecureCreds = Any.pack(InsecureCredentials.getDefaultInstance());
+    Any accessTokenCreds =
+        Any.pack(AccessTokenCredentials.newBuilder().setToken("test_token").build());
+    GrpcService.GoogleGrpc googleGrpc = GrpcService.GoogleGrpc.newBuilder()
+        .setTargetUri("test_uri")
+        .addChannelCredentialsPlugin(insecureCreds)
+        .addCallCredentialsPlugin(accessTokenCreds)
+        .build();
+    GrpcService grpcService = GrpcService.newBuilder().setGoogleGrpc(googleGrpc).build();
+
+    GrpcServiceConfig config = parse(grpcService,
+        dummyBootstrapInfo(),
+            dummyServerInfo());
+
+    CallCredentials creds = config.googleGrpc().callCredentials().get();
+    RecordingMetadataApplier applier = new RecordingMetadataApplier();
+
+    creds.applyRequestMetadata(
+        new FakeRequestInfo(SecurityLevel.NONE),
+        Runnable::run,
+        applier);
+
+    assertThat(applier.applied).isTrue();
+    assertThat(applier.appliedHeaders.get(
+        Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)))
+        .isNull();
+  }
+
+
+}
diff --git a/xds/src/test/java/io/grpc/xds/internal/MatcherParserTest.java b/xds/src/test/java/io/grpc/xds/internal/MatcherParserTest.java
new file mode 100644
index 00000000000..86a6a95fd4b
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/internal/MatcherParserTest.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import io.envoyproxy.envoy.type.matcher.v3.RegexMatcher;
+import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
+import io.envoyproxy.envoy.type.v3.FractionalPercent;
+import io.envoyproxy.envoy.type.v3.FractionalPercent.DenominatorType;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class MatcherParserTest {
+
+  @Test
+  public void parseStringMatcher_exact() {
+    StringMatcher proto =
+        StringMatcher.newBuilder().setExact("exact-match").setIgnoreCase(true).build();
+    Matchers.StringMatcher matcher = MatcherParser.parseStringMatcher(proto);
+    assertThat(matcher).isNotNull();
+  }
+
+  @Test
+  public void parseStringMatcher_allTypes() {
+    MatcherParser.parseStringMatcher(StringMatcher.newBuilder().setExact("test").build());
+    MatcherParser.parseStringMatcher(StringMatcher.newBuilder().setPrefix("test").build());
+    MatcherParser.parseStringMatcher(StringMatcher.newBuilder().setSuffix("test").build());
+    MatcherParser.parseStringMatcher(StringMatcher.newBuilder().setContains("test").build());
+    MatcherParser.parseStringMatcher(StringMatcher.newBuilder()
+        .setSafeRegex(RegexMatcher.newBuilder().setRegex(".*").build()).build());
+  }
+
+  @Test
+  public void parseStringMatcher_unknownTypeThrows() {
+    StringMatcher unknownProto = StringMatcher.getDefaultInstance();
+    IllegalArgumentException exception = assertThrows(IllegalArgumentException.class,
+        () -> MatcherParser.parseStringMatcher(unknownProto));
+    assertThat(exception).hasMessageThat().contains("Unknown StringMatcher match pattern");
+  }
+
+  @Test
+  public void parseFractionMatcher_denominators() {
+    Matchers.FractionMatcher hundred = MatcherParser.parseFractionMatcher(FractionalPercent
+        .newBuilder().setNumerator(1).setDenominator(DenominatorType.HUNDRED).build());
+    assertThat(hundred.numerator()).isEqualTo(1);
+    assertThat(hundred.denominator()).isEqualTo(100);
+
+    Matchers.FractionMatcher tenThousand = MatcherParser.parseFractionMatcher(FractionalPercent
+        .newBuilder().setNumerator(2).setDenominator(DenominatorType.TEN_THOUSAND).build());
+    assertThat(tenThousand.numerator()).isEqualTo(2);
+    assertThat(tenThousand.denominator()).isEqualTo(10_000);
+
+    Matchers.FractionMatcher million = MatcherParser.parseFractionMatcher(FractionalPercent
+        .newBuilder().setNumerator(3).setDenominator(DenominatorType.MILLION).build());
+    assertThat(million.numerator()).isEqualTo(3);
+    assertThat(million.denominator()).isEqualTo(1_000_000);
+  }
+
+  @Test
+  public void parseFractionMatcher_unknownDenominatorThrows() {
+    FractionalPercent unknownProto =
+        FractionalPercent.newBuilder().setDenominatorValue(999).build();
+    IllegalArgumentException exception = assertThrows(IllegalArgumentException.class,
+        () -> MatcherParser.parseFractionMatcher(unknownProto));
+    assertThat(exception).hasMessageThat().contains("Unknown denominator type");
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/internal/grpcservice/HeaderValueTest.java b/xds/src/test/java/io/grpc/xds/internal/grpcservice/HeaderValueTest.java
new file mode 100644
index 00000000000..b55e6ae76f7
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/internal/grpcservice/HeaderValueTest.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.grpcservice;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import com.google.protobuf.ByteString;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class HeaderValueTest {
+
+  @Test
+  public void create_withStringValue_success() {
+    HeaderValue headerValue = HeaderValue.create("key1", "value1");
+    assertThat(headerValue.key()).isEqualTo("key1");
+    assertThat(headerValue.value().isPresent()).isTrue();
+    assertThat(headerValue.value().get()).isEqualTo("value1");
+    assertThat(headerValue.rawValue().isPresent()).isFalse();
+  }
+
+  @Test
+  public void create_withByteStringValue_success() {
+    ByteString rawValue = ByteString.copyFromUtf8("raw_value");
+    HeaderValue headerValue = HeaderValue.create("key2", rawValue);
+    assertThat(headerValue.key()).isEqualTo("key2");
+    assertThat(headerValue.rawValue().isPresent()).isTrue();
+    assertThat(headerValue.rawValue().get()).isEqualTo(rawValue);
+    assertThat(headerValue.value().isPresent()).isFalse();
+  }
+
+
+}
diff --git a/xds/src/test/java/io/grpc/xds/internal/grpcservice/HeaderValueValidationUtilsTest.java b/xds/src/test/java/io/grpc/xds/internal/grpcservice/HeaderValueValidationUtilsTest.java
new file mode 100644
index 00000000000..c4658f3f305
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/internal/grpcservice/HeaderValueValidationUtilsTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.grpcservice;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import com.google.protobuf.ByteString;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Unit tests for {@link HeaderValueValidationUtils}.
+ */
+@RunWith(JUnit4.class)
+public class HeaderValueValidationUtilsTest {
+
+  @Test
+  public void isDisallowed_string_emptyKey() {
+    assertThat(HeaderValueValidationUtils.isDisallowed("")).isTrue();
+  }
+
+  @Test
+  public void isDisallowed_string_tooLongKey() {
+    String longKey = new String(new char[16385]).replace('\0', 'a');
+    assertThat(HeaderValueValidationUtils.isDisallowed(longKey)).isTrue();
+  }
+
+  @Test
+  public void isDisallowed_string_notLowercase() {
+    assertThat(HeaderValueValidationUtils.isDisallowed("Content-Type")).isTrue();
+  }
+
+  @Test
+  public void isDisallowed_string_grpcPrefix() {
+    assertThat(HeaderValueValidationUtils.isDisallowed("grpc-timeout")).isTrue();
+  }
+
+  @Test
+  public void isDisallowed_string_systemHeader_colon() {
+    assertThat(HeaderValueValidationUtils.isDisallowed(":authority")).isTrue();
+  }
+
+  @Test
+  public void isDisallowed_string_systemHeader_host() {
+    assertThat(HeaderValueValidationUtils.isDisallowed("host")).isTrue();
+  }
+
+  @Test
+  public void isDisallowed_string_valid() {
+    assertThat(HeaderValueValidationUtils.isDisallowed("content-type")).isFalse();
+  }
+
+  @Test
+  public void isDisallowed_headerValue_tooLongValue() {
+    String longValue = new String(new char[16385]).replace('\0', 'v');
+    HeaderValue header = HeaderValue.create("content-type", longValue);
+    assertThat(HeaderValueValidationUtils.isDisallowed(header)).isTrue();
+  }
+
+  @Test
+  public void isDisallowed_headerValue_tooLongRawValue() {
+    ByteString longRawValue = ByteString.copyFrom(new byte[16385]);
+    HeaderValue header = HeaderValue.create("content-type", longRawValue);
+    assertThat(HeaderValueValidationUtils.isDisallowed(header)).isTrue();
+  }
+
+  @Test
+  public void isDisallowed_headerValue_valid() {
+    HeaderValue header = HeaderValue.create("content-type", "application/grpc");
+    assertThat(HeaderValueValidationUtils.isDisallowed(header)).isFalse();
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesConfigTest.java b/xds/src/test/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesConfigTest.java
new file mode 100644
index 00000000000..9f5cb75460f
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesConfigTest.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.headermutations;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.re2j.Pattern;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class HeaderMutationRulesConfigTest {
+  @Test
+  public void testBuilderDefaultValues() {
+    HeaderMutationRulesConfig config = HeaderMutationRulesConfig.builder().build();
+    assertFalse(config.disallowAll());
+    assertFalse(config.disallowIsError());
+    assertThat(config.allowExpression()).isEmpty();
+    assertThat(config.disallowExpression()).isEmpty();
+  }
+
+  @Test
+  public void testBuilder_setDisallowAll() {
+    HeaderMutationRulesConfig config =
+        HeaderMutationRulesConfig.builder().disallowAll(true).build();
+    assertTrue(config.disallowAll());
+  }
+
+  @Test
+  public void testBuilder_setDisallowIsError() {
+    HeaderMutationRulesConfig config =
+        HeaderMutationRulesConfig.builder().disallowIsError(true).build();
+    assertTrue(config.disallowIsError());
+  }
+
+  @Test
+  public void testBuilder_setAllowExpression() {
+    Pattern pattern = Pattern.compile("allow.*");
+    HeaderMutationRulesConfig config =
+        HeaderMutationRulesConfig.builder().allowExpression(pattern).build();
+    assertThat(config.allowExpression()).hasValue(pattern);
+  }
+
+  @Test
+  public void testBuilder_setDisallowExpression() {
+    Pattern pattern = Pattern.compile("disallow.*");
+    HeaderMutationRulesConfig config =
+        HeaderMutationRulesConfig.builder().disallowExpression(pattern).build();
+    assertThat(config.disallowExpression()).hasValue(pattern);
+  }
+
+  @Test
+  public void testBuilder_setAll() {
+    Pattern allowPattern = Pattern.compile("allow.*");
+    Pattern disallowPattern = Pattern.compile("disallow.*");
+    HeaderMutationRulesConfig config = HeaderMutationRulesConfig.builder()
+        .disallowAll(true)
+        .disallowIsError(true)
+        .allowExpression(allowPattern)
+        .disallowExpression(disallowPattern)
+        .build();
+    assertTrue(config.disallowAll());
+    assertTrue(config.disallowIsError());
+    assertThat(config.allowExpression()).hasValue(allowPattern);
+    assertThat(config.disallowExpression()).hasValue(disallowPattern);
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParserTest.java b/xds/src/test/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParserTest.java
new file mode 100644
index 00000000000..e880c197450
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/internal/headermutations/HeaderMutationRulesParserTest.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2025 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.headermutations;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
+
+import com.google.protobuf.BoolValue;
+import io.envoyproxy.envoy.config.common.mutation_rules.v3.HeaderMutationRules;
+import io.envoyproxy.envoy.type.matcher.v3.RegexMatcher;
+import io.grpc.xds.internal.headermutations.HeaderMutationRulesParseException;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class HeaderMutationRulesParserTest {
+
+  @Test
+  public void parse_protoWithAllFields_success() throws Exception {
+    HeaderMutationRules proto = HeaderMutationRules.newBuilder()
+        .setAllowExpression(RegexMatcher.newBuilder().setRegex("allow-.*"))
+        .setDisallowExpression(RegexMatcher.newBuilder().setRegex("disallow-.*"))
+        .setDisallowAll(BoolValue.newBuilder().setValue(true).build())
+        .setDisallowIsError(BoolValue.newBuilder().setValue(true).build())
+        .build();
+
+    HeaderMutationRulesConfig config = HeaderMutationRulesParser.parse(proto);
+
+    assertThat(config.allowExpression().isPresent()).isTrue();
+    assertThat(config.allowExpression().get().pattern()).isEqualTo("allow-.*");
+
+    assertThat(config.disallowExpression().isPresent()).isTrue();
+    assertThat(config.disallowExpression().get().pattern()).isEqualTo("disallow-.*");
+
+    assertThat(config.disallowAll()).isTrue();
+    assertThat(config.disallowIsError()).isTrue();
+  }
+
+  @Test
+  public void parse_protoWithNoExpressions_success() throws Exception {
+    HeaderMutationRules proto = HeaderMutationRules.newBuilder().build();
+
+    HeaderMutationRulesConfig config = HeaderMutationRulesParser.parse(proto);
+
+    assertThat(config.allowExpression().isPresent()).isFalse();
+    assertThat(config.disallowExpression().isPresent()).isFalse();
+    assertThat(config.disallowAll()).isFalse();
+    assertThat(config.disallowIsError()).isFalse();
+  }
+
+  @Test
+  public void parse_invalidRegexAllowExpression_throwsHeaderMutationRulesParseException() {
+    HeaderMutationRules proto = HeaderMutationRules.newBuilder()
+        .setAllowExpression(RegexMatcher.newBuilder().setRegex("allow-["))
+        .build();
+
+    HeaderMutationRulesParseException exception = assertThrows(
+        HeaderMutationRulesParseException.class, () -> HeaderMutationRulesParser.parse(proto));
+
+    assertThat(exception).hasMessageThat().contains("Invalid regex pattern for allow_expression");
+  }
+
+  @Test
+  public void parse_invalidRegexDisallowExpression_throwsHeaderMutationRulesParseException() {
+    HeaderMutationRules proto = HeaderMutationRules.newBuilder()
+        .setDisallowExpression(RegexMatcher.newBuilder().setRegex("disallow-["))
+        .build();
+
+    HeaderMutationRulesParseException exception = assertThrows(
+        HeaderMutationRulesParseException.class, () -> HeaderMutationRulesParser.parse(proto));
+
+    assertThat(exception).hasMessageThat()
+        .contains("Invalid regex pattern for disallow_expression");
+  }
+}

From d057a7ebee2945fc0a9ca58b36afdb5b37a99680 Mon Sep 17 00:00:00 2001
From: Saurav <sauravz@google.com>
Date: Thu, 2 Apr 2026 17:48:58 +0530
Subject: [PATCH 589/591] [xds] Implement A114: WRR support for custom backend
 metrics (#12645)

### Description
This PR implements [gRFC A114: WRR Support for Custom Backend
Metrics](https://github.com/grpc/proposal/pull/536).

It updates the `weighted_round_robin` policy to allow users to configure
which backend metrics drive the load balancing weights.

### Key Changes
* **Configuration**: Supports the new
`metric_names_for_computing_utilization` field in
`WeightedRoundRobinLbConfig`.
* **Weight Calculation**: Implements logic to resolve custom metrics
(including map lookups like `named_metrics.foo`) when
`application_utilization` is absent.
* **Refactor**: Centralizes the complex metric lookup and validation
logic (checking for NaN, <= 0, etc.) into a new internal utility
`MetricReportUtils`.
* **Testing**: Verifies correct precedence: `application_utilization` >
`custom_metrics` (max valid value) > `cpu_utilization`.
---
 .../grpc/xds/LoadBalancerConfigFactory.java   |  18 +-
 .../xds/WeightedRoundRobinLoadBalancer.java   | 112 ++++--
 ...eightedRoundRobinLoadBalancerProvider.java |  12 +-
 .../grpc/xds/internal/MetricReportUtils.java  |  67 ++++
 .../xds/LoadBalancerConfigFactoryTest.java    |  32 ++
 ...tedRoundRobinLoadBalancerProviderTest.java |  16 +
 .../WeightedRoundRobinLoadBalancerTest.java   | 333 ++++++++++++++++--
 .../xds/internal/MetricReportUtilsTest.java   |  98 ++++++
 8 files changed, 614 insertions(+), 74 deletions(-)
 create mode 100644 xds/src/main/java/io/grpc/xds/internal/MetricReportUtils.java
 create mode 100644 xds/src/test/java/io/grpc/xds/internal/MetricReportUtilsTest.java

diff --git a/xds/src/main/java/io/grpc/xds/LoadBalancerConfigFactory.java b/xds/src/main/java/io/grpc/xds/LoadBalancerConfigFactory.java
index e08ea0fab43..5fd8ec5526e 100644
--- a/xds/src/main/java/io/grpc/xds/LoadBalancerConfigFactory.java
+++ b/xds/src/main/java/io/grpc/xds/LoadBalancerConfigFactory.java
@@ -91,6 +91,7 @@ class LoadBalancerConfigFactory {
   static final String SHUFFLE_ADDRESS_LIST_FIELD_NAME = "shuffleAddressList";
 
   static final String ERROR_UTILIZATION_PENALTY = "errorUtilizationPenalty";
+  static final String METRIC_NAMES_FOR_COMPUTING_UTILIZATION = "metricNamesForComputingUtilization";
 
   /**
    * Factory method for creating a new {link LoadBalancerConfigConverter} for a given xDS {@link
@@ -134,11 +135,9 @@ class LoadBalancerConfigFactory {
    * the given config values.
    */
   private static ImmutableMap<String, ?> buildWrrConfig(String blackoutPeriod,
-                                                        String weightExpirationPeriod,
-                                                        String oobReportingPeriod,
-                                                        Boolean enableOobLoadReport,
-                                                        String weightUpdatePeriod,
-                                                        Float errorUtilizationPenalty) {
+      String weightExpirationPeriod, String oobReportingPeriod, Boolean enableOobLoadReport,
+      String weightUpdatePeriod, Float errorUtilizationPenalty,
+      ImmutableList<String> metricNamesForComputingUtilization) {
     ImmutableMap.Builder<String, Object> configBuilder = ImmutableMap.builder();
     if (blackoutPeriod != null) {
       configBuilder.put(BLACK_OUT_PERIOD, blackoutPeriod);
@@ -158,6 +157,10 @@ class LoadBalancerConfigFactory {
     if (errorUtilizationPenalty != null) {
       configBuilder.put(ERROR_UTILIZATION_PENALTY, errorUtilizationPenalty);
     }
+    if (metricNamesForComputingUtilization != null
+        && !metricNamesForComputingUtilization.isEmpty()) {
+      configBuilder.put(METRIC_NAMES_FOR_COMPUTING_UTILIZATION, metricNamesForComputingUtilization);
+    }
     return ImmutableMap.of(WeightedRoundRobinLoadBalancerProvider.SCHEME,
         configBuilder.buildOrThrow());
   }
@@ -284,7 +287,7 @@ static class LoadBalancingPolicyConverter {
     }
 
     private static ImmutableMap<String, ?> convertWeightedRoundRobinConfig(
-            ClientSideWeightedRoundRobin wrr) throws ResourceInvalidException {
+        ClientSideWeightedRoundRobin wrr) throws ResourceInvalidException {
       try {
         return buildWrrConfig(
             wrr.hasBlackoutPeriod() ? Durations.toString(wrr.getBlackoutPeriod()) : null,
@@ -293,7 +296,8 @@ static class LoadBalancingPolicyConverter {
             wrr.hasOobReportingPeriod() ? Durations.toString(wrr.getOobReportingPeriod()) : null,
             wrr.hasEnableOobLoadReport() ? wrr.getEnableOobLoadReport().getValue() : null,
             wrr.hasWeightUpdatePeriod() ? Durations.toString(wrr.getWeightUpdatePeriod()) : null,
-            wrr.hasErrorUtilizationPenalty() ? wrr.getErrorUtilizationPenalty().getValue() : null);
+            wrr.hasErrorUtilizationPenalty() ? wrr.getErrorUtilizationPenalty().getValue() : null,
+            ImmutableList.copyOf(wrr.getMetricNamesForComputingUtilizationList()));
       } catch (IllegalArgumentException ex) {
         throw new ResourceInvalidException("Invalid duration in weighted round robin config: "
             + ex.getMessage());
diff --git a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
index fc6c3f5b119..a8b7e120cca 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancer.java
@@ -40,6 +40,7 @@
 import io.grpc.services.MetricReport;
 import io.grpc.util.ForwardingSubchannel;
 import io.grpc.util.MultiChildLoadBalancer;
+import io.grpc.xds.internal.MetricReportUtils;
 import io.grpc.xds.orca.OrcaOobUtil;
 import io.grpc.xds.orca.OrcaOobUtil.OrcaOobReportListener;
 import io.grpc.xds.orca.OrcaPerRequestUtil;
@@ -49,6 +50,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Objects;
+import java.util.OptionalDouble;
 import java.util.Random;
 import java.util.Set;
 import java.util.concurrent.ScheduledExecutorService;
@@ -189,7 +191,7 @@ public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses) {
       this.backendService = "";
     }
     config =
-            (WeightedRoundRobinLoadBalancerConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
+        (WeightedRoundRobinLoadBalancerConfig) resolvedAddresses.getLoadBalancingPolicyConfig();
 
     if (weightUpdateTimer != null && weightUpdateTimer.isPending()) {
       weightUpdateTimer.cancel();
@@ -236,7 +238,8 @@ protected void updateOverallBalancingState() {
 
   private SubchannelPicker createReadyPicker(Collection<ChildLbState> activeList) {
     WeightedRoundRobinPicker picker = new WeightedRoundRobinPicker(ImmutableList.copyOf(activeList),
-        config.enableOobLoadReport, config.errorUtilizationPenalty, sequence);
+        config.enableOobLoadReport, config.errorUtilizationPenalty, sequence,
+        config.metricNamesForComputingUtilization);
     updateWeight(picker);
     return picker;
   }
@@ -325,12 +328,16 @@ public void addSubchannel(WrrSubchannel wrrSubchannel) {
       subchannels.add(wrrSubchannel);
     }
 
-    public OrcaReportListener getOrCreateOrcaListener(float errorUtilizationPenalty) {
+    public OrcaReportListener getOrCreateOrcaListener(float errorUtilizationPenalty,
+        ImmutableList<String> metricNamesForComputingUtilization) {
       if (orcaReportListener != null
-          && orcaReportListener.errorUtilizationPenalty == errorUtilizationPenalty) {
+          && orcaReportListener.errorUtilizationPenalty == errorUtilizationPenalty
+          && orcaReportListener.metricNamesForComputingUtilization
+              .equals(metricNamesForComputingUtilization)) {
         return orcaReportListener;
       }
-      orcaReportListener = new OrcaReportListener(errorUtilizationPenalty);
+      orcaReportListener =
+          new OrcaReportListener(errorUtilizationPenalty, metricNamesForComputingUtilization);
       return orcaReportListener;
     }
 
@@ -355,18 +362,19 @@ public void updateBalancingState(ConnectivityState newState, SubchannelPicker ne
 
     final class OrcaReportListener implements OrcaPerRequestReportListener, OrcaOobReportListener {
       private final float errorUtilizationPenalty;
+      private final ImmutableList<String> metricNamesForComputingUtilization;
 
-      OrcaReportListener(float errorUtilizationPenalty) {
+      OrcaReportListener(float errorUtilizationPenalty,
+          ImmutableList<String> metricNamesForComputingUtilization) {
         this.errorUtilizationPenalty = errorUtilizationPenalty;
+        this.metricNamesForComputingUtilization = metricNamesForComputingUtilization;
       }
 
       @Override
       public void onLoadReport(MetricReport report) {
+        double utilization = getUtilization(report, metricNamesForComputingUtilization);
+
         double newWeight = 0;
-        // Prefer application utilization and fallback to CPU utilization if unset.
-        double utilization =
-            report.getApplicationUtilization() > 0 ? report.getApplicationUtilization()
-                : report.getCpuUtilization();
         if (utilization > 0 && report.getQps() > 0) {
           double penalty = 0;
           if (report.getEps() > 0 && errorUtilizationPenalty > 0) {
@@ -383,6 +391,40 @@ public void onLoadReport(MetricReport report) {
         lastUpdated = ticker.nanoTime();
         weight = newWeight;
       }
+
+      /**
+       * Returns the utilization value computed from the specified metric names. If the custom
+       * metrics are present and valid, the maximum of the custom metrics is returned. Otherwise,
+       * if application utilization is > 0, it is returned. If neither are present, the CPU
+       * utilization is returned.
+       */
+      private double getUtilization(MetricReport report, ImmutableList<String> metricNames) {
+        OptionalDouble customUtil = getCustomMetricUtilization(report, metricNames);
+        if (customUtil.isPresent()) {
+          return customUtil.getAsDouble();
+        }
+        double appUtil = report.getApplicationUtilization();
+        if (appUtil > 0) {
+          return appUtil;
+        }
+        return report.getCpuUtilization();
+      }
+
+      /**
+       * Returns the maximum utilization value among the specified metric names.
+       * Returns OptionalDouble.empty() if NONE of the specified metrics are present in the report,
+       * or if all present metrics are NaN.
+       * Returns OptionalDouble.of(maxUtil) if at least one non-NaN metric is present.
+       */
+      private OptionalDouble getCustomMetricUtilization(MetricReport report,
+          ImmutableList<String> metricNames) {
+        return metricNames.stream()
+            .map(name -> MetricReportUtils.getMetric(report, name))
+            .filter(OptionalDouble::isPresent)
+            .mapToDouble(OptionalDouble::getAsDouble)
+            .filter(d -> !Double.isNaN(d) && d > 0)
+            .max();
+      }
     }
   }
 
@@ -403,10 +445,10 @@ private void createAndApplyOrcaListeners() {
       for (WrrSubchannel weightedSubchannel : wChild.subchannels) {
         if (config.enableOobLoadReport) {
           OrcaOobUtil.setListener(weightedSubchannel,
-              wChild.getOrCreateOrcaListener(config.errorUtilizationPenalty),
+              wChild.getOrCreateOrcaListener(config.errorUtilizationPenalty,
+                      config.metricNamesForComputingUtilization),
               OrcaOobUtil.OrcaReportingConfig.newBuilder()
-                  .setReportInterval(config.oobReportingPeriodNanos, TimeUnit.NANOSECONDS)
-                  .build());
+                  .setReportInterval(config.oobReportingPeriodNanos, TimeUnit.NANOSECONDS).build());
         } else {
           OrcaOobUtil.setListener(weightedSubchannel, null, null);
         }
@@ -473,7 +515,8 @@ static final class WeightedRoundRobinPicker extends SubchannelPicker {
     private volatile StaticStrideScheduler scheduler;
 
     WeightedRoundRobinPicker(List<ChildLbState> children, boolean enableOobLoadReport,
-        float errorUtilizationPenalty, AtomicInteger sequence) {
+        float errorUtilizationPenalty, AtomicInteger sequence,
+        ImmutableList<String> metricNamesForComputingUtilization) {
       checkNotNull(children, "children");
       Preconditions.checkArgument(!children.isEmpty(), "empty child list");
       this.children = children;
@@ -482,7 +525,8 @@ static final class WeightedRoundRobinPicker extends SubchannelPicker {
       for (ChildLbState child : children) {
         WeightedChildLbState wChild = (WeightedChildLbState) child;
         pickers.add(wChild.getCurrentPicker());
-        reportListeners.add(wChild.getOrCreateOrcaListener(errorUtilizationPenalty));
+        reportListeners.add(wChild.getOrCreateOrcaListener(errorUtilizationPenalty,
+            metricNamesForComputingUtilization));
       }
       this.pickers = pickers;
       this.reportListeners = reportListeners;
@@ -723,23 +767,23 @@ static final class WeightedRoundRobinLoadBalancerConfig {
     final long oobReportingPeriodNanos;
     final long weightUpdatePeriodNanos;
     final float errorUtilizationPenalty;
+    final ImmutableList<String> metricNamesForComputingUtilization;
 
     public static Builder newBuilder() {
       return new Builder();
     }
 
     private WeightedRoundRobinLoadBalancerConfig(long blackoutPeriodNanos,
-                                                 long weightExpirationPeriodNanos,
-                                                 boolean enableOobLoadReport,
-                                                 long oobReportingPeriodNanos,
-                                                 long weightUpdatePeriodNanos,
-                                                 float errorUtilizationPenalty) {
+        long weightExpirationPeriodNanos, boolean enableOobLoadReport, long oobReportingPeriodNanos,
+        long weightUpdatePeriodNanos, float errorUtilizationPenalty,
+        ImmutableList<String> metricNamesForComputingUtilization) {
       this.blackoutPeriodNanos = blackoutPeriodNanos;
       this.weightExpirationPeriodNanos = weightExpirationPeriodNanos;
       this.enableOobLoadReport = enableOobLoadReport;
       this.oobReportingPeriodNanos = oobReportingPeriodNanos;
       this.weightUpdatePeriodNanos = weightUpdatePeriodNanos;
       this.errorUtilizationPenalty = errorUtilizationPenalty;
+      this.metricNamesForComputingUtilization = metricNamesForComputingUtilization;
     }
 
     @Override
@@ -754,27 +798,26 @@ public boolean equals(Object o) {
           && this.oobReportingPeriodNanos == that.oobReportingPeriodNanos
           && this.weightUpdatePeriodNanos == that.weightUpdatePeriodNanos
           // Float.compare considers NaNs equal
-          && Float.compare(this.errorUtilizationPenalty, that.errorUtilizationPenalty) == 0;
+          && Float.compare(this.errorUtilizationPenalty, that.errorUtilizationPenalty) == 0
+          && Objects.equals(this.metricNamesForComputingUtilization,
+              that.metricNamesForComputingUtilization);
     }
 
     @Override
     public int hashCode() {
-      return Objects.hash(
-          blackoutPeriodNanos,
-          weightExpirationPeriodNanos,
-          enableOobLoadReport,
-          oobReportingPeriodNanos,
-          weightUpdatePeriodNanos,
-          errorUtilizationPenalty);
+      return Objects.hash(blackoutPeriodNanos, weightExpirationPeriodNanos, enableOobLoadReport,
+          oobReportingPeriodNanos, weightUpdatePeriodNanos, errorUtilizationPenalty,
+          metricNamesForComputingUtilization);
     }
 
     static final class Builder {
       long blackoutPeriodNanos = 10_000_000_000L; // 10s
-      long weightExpirationPeriodNanos = 180_000_000_000L; //3min
+      long weightExpirationPeriodNanos = 180_000_000_000L; // 3min
       boolean enableOobLoadReport = false;
       long oobReportingPeriodNanos = 10_000_000_000L; // 10s
       long weightUpdatePeriodNanos = 1_000_000_000L; // 1s
       float errorUtilizationPenalty = 1.0F;
+      ImmutableList<String> metricNamesForComputingUtilization = ImmutableList.of();
 
       private Builder() {
 
@@ -812,10 +855,17 @@ Builder setErrorUtilizationPenalty(float errorUtilizationPenalty) {
         return this;
       }
 
+      Builder setMetricNamesForComputingUtilization(
+          List<String> metricNamesForComputingUtilization) {
+        this.metricNamesForComputingUtilization =
+            ImmutableList.copyOf(metricNamesForComputingUtilization);
+        return this;
+      }
+
       WeightedRoundRobinLoadBalancerConfig build() {
         return new WeightedRoundRobinLoadBalancerConfig(blackoutPeriodNanos,
-                weightExpirationPeriodNanos, enableOobLoadReport, oobReportingPeriodNanos,
-                weightUpdatePeriodNanos, errorUtilizationPenalty);
+            weightExpirationPeriodNanos, enableOobLoadReport, oobReportingPeriodNanos,
+            weightUpdatePeriodNanos, errorUtilizationPenalty, metricNamesForComputingUtilization);
       }
     }
   }
diff --git a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancerProvider.java b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancerProvider.java
index 433ea34b857..e17b8764a6c 100644
--- a/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancerProvider.java
+++ b/xds/src/main/java/io/grpc/xds/WeightedRoundRobinLoadBalancerProvider.java
@@ -24,8 +24,10 @@
 import io.grpc.LoadBalancerProvider;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.JsonUtil;
 import io.grpc.xds.WeightedRoundRobinLoadBalancer.WeightedRoundRobinLoadBalancerConfig;
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -73,14 +75,16 @@ public ConfigOrError parseLoadBalancingPolicyConfig(Map<String, ?> rawConfig) {
   private ConfigOrError parseLoadBalancingPolicyConfigInternal(Map<String, ?> rawConfig) {
     Long blackoutPeriodNanos = JsonUtil.getStringAsDuration(rawConfig, "blackoutPeriod");
     Long weightExpirationPeriodNanos =
-            JsonUtil.getStringAsDuration(rawConfig, "weightExpirationPeriod");
+        JsonUtil.getStringAsDuration(rawConfig, "weightExpirationPeriod");
     Long oobReportingPeriodNanos = JsonUtil.getStringAsDuration(rawConfig, "oobReportingPeriod");
     Boolean enableOobLoadReport = JsonUtil.getBoolean(rawConfig, "enableOobLoadReport");
     Long weightUpdatePeriodNanos = JsonUtil.getStringAsDuration(rawConfig, "weightUpdatePeriod");
     Float errorUtilizationPenalty = JsonUtil.getNumberAsFloat(rawConfig, "errorUtilizationPenalty");
+    List<String> metricNamesForComputingUtilization = JsonUtil.getListOfStrings(rawConfig,
+        LoadBalancerConfigFactory.METRIC_NAMES_FOR_COMPUTING_UTILIZATION);
 
     WeightedRoundRobinLoadBalancerConfig.Builder configBuilder =
-            WeightedRoundRobinLoadBalancerConfig.newBuilder();
+        WeightedRoundRobinLoadBalancerConfig.newBuilder();
     if (blackoutPeriodNanos != null) {
       configBuilder.setBlackoutPeriodNanos(blackoutPeriodNanos);
     }
@@ -102,6 +106,10 @@ private ConfigOrError parseLoadBalancingPolicyConfigInternal(Map<String, ?> rawC
     if (errorUtilizationPenalty != null) {
       configBuilder.setErrorUtilizationPenalty(errorUtilizationPenalty);
     }
+    if (metricNamesForComputingUtilization != null
+        && GrpcUtil.getFlag("GRPC_EXPERIMENTAL_WRR_CUSTOM_METRICS", false)) {
+      configBuilder.setMetricNamesForComputingUtilization(metricNamesForComputingUtilization);
+    }
     return ConfigOrError.fromConfig(configBuilder.build());
   }
 }
diff --git a/xds/src/main/java/io/grpc/xds/internal/MetricReportUtils.java b/xds/src/main/java/io/grpc/xds/internal/MetricReportUtils.java
new file mode 100644
index 00000000000..7da9a3ab6d9
--- /dev/null
+++ b/xds/src/main/java/io/grpc/xds/internal/MetricReportUtils.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal;
+
+import io.grpc.services.MetricReport;
+import java.util.Map;
+import java.util.OptionalDouble;
+
+/**
+ * Utilities for parsing and resolving metrics from {@link MetricReport}.
+ */
+public final class MetricReportUtils {
+
+  private MetricReportUtils() {}
+
+  /**
+   * Resolves a metric value from the report based on the given metric name.
+   * The logic checks for specific prefixes to determine where to look up the metric:
+   * <ul>
+   * <li>"cpu_utilization" -> getCpuUtilization()</li>
+   * <li>"application_utilization" -> getApplicationUtilization()</li>
+   * <li>"mem_utilization" -> getMemoryUtilization()</li>
+   * <li>"utilization." -> lookup in utilizationMetrics</li>
+   * <li>"named_metrics." -> lookup in namedMetrics</li>
+   * </ul>
+   *
+   * @param report The metric report to query.
+   * @param metricName The name of the custom metric to look up.
+   * @return The value of the metric if found, or empty if not found.
+   */
+  public static OptionalDouble getMetric(MetricReport report, String metricName) {
+    if (metricName.equals("cpu_utilization")) {
+      return OptionalDouble.of(report.getCpuUtilization());
+    } else if (metricName.equals("application_utilization")) {
+      return OptionalDouble.of(report.getApplicationUtilization());
+    } else if (metricName.equals("mem_utilization")) {
+      return OptionalDouble.of(report.getMemoryUtilization());
+    } else if (metricName.startsWith("utilization.")) {
+      Map<String, Double> map = report.getUtilizationMetrics();
+      Double val = map.get(metricName.substring("utilization.".length()));
+      if (val != null) {
+        return OptionalDouble.of(val);
+      }
+    } else if (metricName.startsWith("named_metrics.")) {
+      Map<String, Double> map = report.getNamedMetrics();
+      Double val = map.get(metricName.substring("named_metrics.".length()));
+      if (val != null) {
+        return OptionalDouble.of(val);
+      }
+    }
+    return OptionalDouble.empty();
+  }
+}
diff --git a/xds/src/test/java/io/grpc/xds/LoadBalancerConfigFactoryTest.java b/xds/src/test/java/io/grpc/xds/LoadBalancerConfigFactoryTest.java
index e09066461c4..b8b20248026 100644
--- a/xds/src/test/java/io/grpc/xds/LoadBalancerConfigFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/LoadBalancerConfigFactoryTest.java
@@ -101,6 +101,22 @@ public class LoadBalancerConfigFactoryTest {
                           .build()))
                   .build())
               .build();
+
+  private static final Policy WRR_POLICY_WITH_METRICS = Policy.newBuilder()
+              .setTypedExtensionConfig(TypedExtensionConfig.newBuilder()
+                  .setName("backend")
+                  .setTypedConfig(
+                      Any.pack(ClientSideWeightedRoundRobin.newBuilder()
+                          .setBlackoutPeriod(Duration.newBuilder().setSeconds(287).build())
+                          .setEnableOobLoadReport(
+                              BoolValue.newBuilder().setValue(true).build())
+                          .setErrorUtilizationPenalty(
+                              FloatValue.newBuilder().setValue(1.75F).build())
+                          .addMetricNamesForComputingUtilization("foo")
+                          .addMetricNamesForComputingUtilization("bar")
+                          .build()))
+                  .build())
+              .build();
   private static final String CUSTOM_POLICY_NAME = "myorg.MyCustomLeastRequestPolicy";
   private static final String CUSTOM_POLICY_FIELD_KEY = "choiceCount";
   private static final double CUSTOM_POLICY_FIELD_VALUE = 2;
@@ -130,6 +146,15 @@ public class LoadBalancerConfigFactoryTest {
       ImmutableMap.of("weighted_round_robin",
       ImmutableMap.of("blackoutPeriod","287s", "enableOobLoadReport", true,
           "errorUtilizationPenalty", 1.75F )))));
+
+  private static final LbConfig VALID_WRR_CONFIG_WITH_METRICS =
+      new LbConfig("wrr_locality_experimental",
+          ImmutableMap.of("childPolicy",
+              ImmutableList.of(ImmutableMap.of("weighted_round_robin",
+                  ImmutableMap.of("blackoutPeriod", "287s", "enableOobLoadReport", true,
+                      "errorUtilizationPenalty", 1.75F,
+                      LoadBalancerConfigFactory.METRIC_NAMES_FOR_COMPUTING_UTILIZATION,
+                      ImmutableList.of("foo", "bar"))))));
   private static final LbConfig VALID_RING_HASH_CONFIG = new LbConfig("ring_hash_experimental",
       ImmutableMap.of("minRingSize", (double) RING_HASH_MIN_RING_SIZE, "maxRingSize",
           (double) RING_HASH_MAX_RING_SIZE));
@@ -165,6 +190,13 @@ public void weightedRoundRobin() throws ResourceInvalidException {
     assertThat(newLbConfig(cluster, true)).isEqualTo(VALID_WRR_CONFIG);
   }
 
+  @Test
+  public void weightedRoundRobin_withMetrics() throws ResourceInvalidException {
+    Cluster cluster = newCluster(buildWrrPolicy(WRR_POLICY_WITH_METRICS));
+
+    assertThat(newLbConfig(cluster, true)).isEqualTo(VALID_WRR_CONFIG_WITH_METRICS);
+  }
+
   @Test
   public void weightedRoundRobin_invalid() throws ResourceInvalidException {
     Cluster cluster = newCluster(buildWrrPolicy(Policy.newBuilder()
diff --git a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerProviderTest.java b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerProviderTest.java
index ddde84ca842..7bd1590885e 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerProviderTest.java
@@ -111,6 +111,22 @@ public void parseLoadBalancingConfigDefaultValues() throws IOException {
     assertThat(config.errorUtilizationPenalty).isEqualTo(1.0F);
   }
 
+  @Test
+  public void parseLoadBalancingConfigCustomMetrics() throws IOException {
+    System.setProperty("GRPC_EXPERIMENTAL_WRR_CUSTOM_METRICS", "true");
+    try {
+      String lbConfig = "{\"metricNamesForComputingUtilization\" : [\"foo\", \"bar\"]}";
+      ConfigOrError configOrError = provider.parseLoadBalancingPolicyConfig(
+          parseJsonObject(lbConfig));
+      assertThat(configOrError.getConfig()).isNotNull();
+      WeightedRoundRobinLoadBalancerConfig config =
+          (WeightedRoundRobinLoadBalancerConfig) configOrError.getConfig();
+      assertThat(config.metricNamesForComputingUtilization).containsExactly("foo", "bar");
+    } finally {
+      System.clearProperty("GRPC_EXPERIMENTAL_WRR_CUSTOM_METRICS");
+    }
+  }
+
 
   @SuppressWarnings("unchecked")
   private static Map<String, ?> parseJsonObject(String json) throws IOException {
diff --git a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
index 0b026b06f6f..d495521123a 100644
--- a/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/WeightedRoundRobinLoadBalancerTest.java
@@ -19,10 +19,10 @@
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.ConnectivityState.CONNECTING;
 import static org.mockito.AdditionalAnswers.delegatesTo;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.argThat;
-import static org.mockito.Mockito.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.atLeast;
-import static org.mockito.Mockito.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.reset;
@@ -33,6 +33,7 @@
 
 import com.github.xds.data.orca.v3.OrcaLoadReport;
 import com.github.xds.service.orca.v3.OrcaLoadReportRequest;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
@@ -289,10 +290,12 @@ public void wrrLifeCycle() {
 
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
@@ -344,10 +347,12 @@ public void enableOobLoadReportConfig() {
         getWrrPicker(pickerCaptor.getAllValues().get(1));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.9, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
@@ -403,9 +408,12 @@ private void pickByWeight(MetricReport r1, MetricReport r2, MetricReport r3,
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
     WeightedChildLbState weightedChild3 = (WeightedChildLbState) getChild(weightedPicker, 2);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(r1);
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(r2);
-    weightedChild3.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(r3);
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(r1);
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(r2);
+    weightedChild3.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(r3);
 
     assertThat(fakeClock.forwardTime(11, TimeUnit.SECONDS)).isEqualTo(1);
     Map<EquivalentAddressGroup, Integer> pickCount = new HashMap<>();
@@ -602,10 +610,12 @@ public void blackoutPeriod() {
         getWrrPicker(pickerCaptor.getAllValues().get(1));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     int expectedCount = isEnabledHappyEyeballs() ? 2 : 1;
@@ -665,10 +675,12 @@ public void updateWeightTimer() {
     assertThat(weightedPicker.getChildren().size()).isEqualTo(2);
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
@@ -682,10 +694,12 @@ weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).on
         .setAddresses(servers).setLoadBalancingPolicyConfig(weightedConfig)
         .setAttributes(affinity).build()));
     assertThat(getNumFilteredPendingTasks()).isEqualTo(1);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     //timer fires, new weight updated
@@ -717,10 +731,12 @@ public void weightExpired() {
         getWrrPicker(pickerCaptor.getAllValues().get(1));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     int expectedTasks = isEnabledHappyEyeballs() ? 2 : 1;
@@ -823,10 +839,12 @@ public void unknownWeightIsAvgWeight() {
         getWrrPicker(pickerCaptor.getAllValues().get(2));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     assertThat(fakeClock.forwardTime(10, TimeUnit.SECONDS)).isEqualTo(1);
@@ -864,10 +882,12 @@ public void pickFromOtherThread() throws Exception {
         getWrrPicker(pickerCaptor.getAllValues().get(1));
     WeightedChildLbState weightedChild1 = (WeightedChildLbState) getChild(weightedPicker, 0);
     WeightedChildLbState weightedChild2 = (WeightedChildLbState) getChild(weightedPicker, 1);
-    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild1.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.1, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
-    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty).onLoadReport(
+    weightedChild2.new OrcaReportListener(weightedConfig.errorUtilizationPenalty,
+        weightedConfig.metricNamesForComputingUtilization).onLoadReport(
         InternalCallMetricRecorder.createMetricReport(
             0.2, 0, 0.1, 1, 0, new HashMap<>(), new HashMap<>(), new HashMap<>()));
     CyclicBarrier barrier = new CyclicBarrier(2);
@@ -1102,7 +1122,7 @@ public void testImmediateWraparound() {
           .isLessThan(0.002);
     }
   }
-  
+
   @Test
   public void testWraparound() {
     float[] weights = {1.0f, 2.0f, 3.0f, 4.0f, 5.0f};
@@ -1203,22 +1223,22 @@ public void metrics() {
     // Send one child LB state an ORCA update with some valid utilization/qps data so that weights
     // can be calculated, but it's still essentially round_robin
     Iterator<ChildLbState> childLbStates = wrr.getChildLbStates().iterator();
-    ((WeightedChildLbState)childLbStates.next()).new OrcaReportListener(
-        weightedConfig.errorUtilizationPenalty).onLoadReport(
-        InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0, new HashMap<>(),
-            new HashMap<>(), new HashMap<>()));
+    ((WeightedChildLbState) childLbStates.next()).new OrcaReportListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization)
+            .onLoadReport(InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0,
+                new HashMap<>(), new HashMap<>(), new HashMap<>()));
 
     fakeClock.forwardTime(1, TimeUnit.SECONDS);
 
     // Now send a second child LB state an ORCA update, so there's real weights
-    ((WeightedChildLbState)childLbStates.next()).new OrcaReportListener(
-        weightedConfig.errorUtilizationPenalty).onLoadReport(
-        InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0, new HashMap<>(),
-            new HashMap<>(), new HashMap<>()));
-    ((WeightedChildLbState)childLbStates.next()).new OrcaReportListener(
-        weightedConfig.errorUtilizationPenalty).onLoadReport(
-        InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0, new HashMap<>(),
-            new HashMap<>(), new HashMap<>()));
+    ((WeightedChildLbState) childLbStates.next()).new OrcaReportListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization)
+            .onLoadReport(InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0,
+                new HashMap<>(), new HashMap<>(), new HashMap<>()));
+    ((WeightedChildLbState) childLbStates.next()).new OrcaReportListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization)
+            .onLoadReport(InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0,
+                new HashMap<>(), new HashMap<>(), new HashMap<>()));
 
     // Let's reset the mock MetricsRecorder so that it's easier to verify what happened after the
     // weights were updated
@@ -1316,6 +1336,251 @@ public void metricWithRealChannel() throws Exception {
         eq(Arrays.asList("", "")));
   }
 
+
+  @Test
+  public void customMetric_priority_overAppUtil() {
+    weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder().setBlackoutPeriodNanos(0)
+        .setMetricNamesForComputingUtilization(ImmutableList.of("named_metrics.cost")).build();
+    wrr = new WeightedRoundRobinLoadBalancer(helper, fakeClock.getDeadlineTicker());
+
+    syncContext.execute(
+        () -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(servers)
+            .setLoadBalancingPolicyConfig(weightedConfig).setAttributes(affinity).build()));
+
+    Iterator<Subchannel> it = subchannels.values().iterator();
+    Subchannel readySubchannel = it.next();
+    getSubchannelStateListener(readySubchannel)
+        .onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+
+    WeightedChildLbState weightedChild =
+        (WeightedChildLbState) wrr.getChildLbStates().iterator().next();
+    WeightedChildLbState.OrcaReportListener listener = weightedChild.getOrCreateOrcaListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization);
+
+    Map<String, Double> namedMetrics = new HashMap<>();
+    namedMetrics.put("cost", 0.5);
+    // App util = 0.8
+    MetricReport report = InternalCallMetricRecorder.createMetricReport(0.1, 0.8, 0.1, 1, 0,
+        new HashMap<>(), new HashMap<>(), namedMetrics);
+    listener.onLoadReport(report);
+    // Custom metrics now take priority over app_util
+    // qps=1, util=0.5 -> weight=2.0
+    fakeClock.forwardTime(1100, TimeUnit.MILLISECONDS);
+    verify(mockMetricRecorder).recordDoubleHistogram(
+        argThat(instr -> instr.getName().equals("grpc.lb.wrr.endpoint_weights")), eq(2.0), any(),
+        any());
+  }
+
+  @Test
+  public void customMetric_invalid_fallbackToAppUtil() {
+    weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder().setBlackoutPeriodNanos(0)
+        .setMetricNamesForComputingUtilization(ImmutableList.of("named_metrics.cost")).build();
+    wrr = new WeightedRoundRobinLoadBalancer(helper, fakeClock.getDeadlineTicker());
+
+    syncContext.execute(
+        () -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(servers)
+            .setLoadBalancingPolicyConfig(weightedConfig).setAttributes(affinity).build()));
+
+    Iterator<Subchannel> it = subchannels.values().iterator();
+    Subchannel readySubchannel = it.next();
+    getSubchannelStateListener(readySubchannel)
+        .onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+
+    WeightedChildLbState weightedChild =
+        (WeightedChildLbState) wrr.getChildLbStates().iterator().next();
+    WeightedChildLbState.OrcaReportListener listener = weightedChild.getOrCreateOrcaListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization);
+
+    // custom metric is NaN, App util = 0.8
+    Map<String, Double> namedMetrics = new HashMap<>();
+    namedMetrics.put("cost", Double.NaN);
+    MetricReport report = InternalCallMetricRecorder.createMetricReport(0.1, 0.8, 0.1, 1, 0,
+        new HashMap<>(), new HashMap<>(), namedMetrics);
+    listener.onLoadReport(report);
+
+    // Should fallback to App Util (0.8)
+    // qps=1, util=0.8 -> weight=1.25
+    fakeClock.forwardTime(1100, TimeUnit.MILLISECONDS);
+    verify(mockMetricRecorder).recordDoubleHistogram(
+        argThat(instr -> instr.getName().equals("grpc.lb.wrr.endpoint_weights")), eq(1.25), any(),
+        any());
+  }
+
+  @Test
+  public void customMetric_mapLookup_used() {
+    weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder().setBlackoutPeriodNanos(0)
+        .setMetricNamesForComputingUtilization(ImmutableList.of("named_metrics.cost")).build();
+    wrr = new WeightedRoundRobinLoadBalancer(helper, fakeClock.getDeadlineTicker());
+
+    syncContext.execute(
+        () -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(servers)
+            .setLoadBalancingPolicyConfig(weightedConfig).setAttributes(affinity).build()));
+
+    Iterator<Subchannel> it = subchannels.values().iterator();
+    Subchannel readySubchannel = it.next();
+    getSubchannelStateListener(readySubchannel)
+        .onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+
+    WeightedChildLbState weightedChild =
+        (WeightedChildLbState) wrr.getChildLbStates().iterator().next();
+    WeightedChildLbState.OrcaReportListener listener = weightedChild.getOrCreateOrcaListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization);
+
+    Map<String, Double> namedMetrics = new HashMap<>();
+    namedMetrics.put("cost", 0.5);
+    MetricReport report = InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0,
+        new HashMap<>(), new HashMap<>(), namedMetrics);
+    listener.onLoadReport(report);
+    // qps=1, util=0.5 -> weight=2.0
+    fakeClock.forwardTime(1100, TimeUnit.MILLISECONDS);
+    verify(mockMetricRecorder).recordDoubleHistogram(
+        argThat(instr -> instr.getName().equals("grpc.lb.wrr.endpoint_weights")), eq(2.0), any(),
+        any());
+  }
+
+  @Test
+  public void customMetric_shouldFilterOutAndFallbackToCpu() {
+    weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder().setBlackoutPeriodNanos(0)
+        .setMetricNamesForComputingUtilization(ImmutableList.of("named_metrics.cost")).build();
+    wrr = new WeightedRoundRobinLoadBalancer(helper, fakeClock.getDeadlineTicker());
+
+    syncContext.execute(
+        () -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(servers)
+            .setLoadBalancingPolicyConfig(weightedConfig).setAttributes(affinity).build()));
+
+    Iterator<Subchannel> it = subchannels.values().iterator();
+    Subchannel readySubchannel = it.next();
+    getSubchannelStateListener(readySubchannel)
+        .onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+
+    WeightedChildLbState weightedChild =
+        (WeightedChildLbState) wrr.getChildLbStates().iterator().next();
+    WeightedChildLbState.OrcaReportListener listener = weightedChild.getOrCreateOrcaListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization);
+
+    // custom metric is NaN, but CPU is 0.1
+    Map<String, Double> namedMetrics = new HashMap<>();
+    namedMetrics.put("cost", Double.NaN);
+    MetricReport report = InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0,
+        new HashMap<>(), new HashMap<>(), namedMetrics);
+    listener.onLoadReport(report);
+
+    // Should fallback to CPU (0.1)
+    // fallback to cpu: qps=1, util=0.1 -> weight=10.0
+    fakeClock.forwardTime(1100, TimeUnit.MILLISECONDS);
+    verify(mockMetricRecorder).recordDoubleHistogram(
+        argThat(instr -> instr.getName().equals("grpc.lb.wrr.endpoint_weights")), eq(10.0), any(),
+        any());
+  }
+
+  @Test
+  public void customMetric_multipleMetrics_maxUsed() {
+    weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder().setBlackoutPeriodNanos(0)
+        .setMetricNamesForComputingUtilization(
+            ImmutableList.of("named_metrics.cost", "named_metrics.score"))
+        .build();
+    wrr = new WeightedRoundRobinLoadBalancer(helper, fakeClock.getDeadlineTicker());
+
+    syncContext.execute(
+        () -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(servers)
+            .setLoadBalancingPolicyConfig(weightedConfig).setAttributes(affinity).build()));
+
+    Iterator<Subchannel> it = subchannels.values().iterator();
+    Subchannel readySubchannel = it.next();
+    getSubchannelStateListener(readySubchannel)
+        .onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+
+    WeightedChildLbState weightedChild =
+        (WeightedChildLbState) wrr.getChildLbStates().iterator().next();
+    WeightedChildLbState.OrcaReportListener listener = weightedChild.getOrCreateOrcaListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization);
+
+    Map<String, Double> namedMetrics = new HashMap<>();
+    namedMetrics.put("cost", 0.5);
+    namedMetrics.put("score", 0.8);
+    MetricReport report = InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0,
+        new HashMap<>(), new HashMap<>(), namedMetrics);
+    listener.onLoadReport(report);
+    // qps=1, util=0.8 (max of 0.5 and 0.8) -> weight=1.25
+    fakeClock.forwardTime(1100, TimeUnit.MILLISECONDS);
+    verify(mockMetricRecorder).recordDoubleHistogram(
+        argThat(instr -> instr.getName().equals("grpc.lb.wrr.endpoint_weights")), eq(1.25), any(),
+        any());
+  }
+
+  @Test
+  public void customMetric_allInvalid_fallbackToCpu() {
+    weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder().setBlackoutPeriodNanos(0)
+        .setMetricNamesForComputingUtilization(
+            ImmutableList.of("named_metrics.cost", "named_metrics.score", "named_metrics.other"))
+        .build();
+    wrr = new WeightedRoundRobinLoadBalancer(helper, fakeClock.getDeadlineTicker());
+
+    syncContext.execute(
+        () -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(servers)
+            .setLoadBalancingPolicyConfig(weightedConfig).setAttributes(affinity).build()));
+
+    Iterator<Subchannel> it = subchannels.values().iterator();
+    Subchannel readySubchannel = it.next();
+    getSubchannelStateListener(readySubchannel)
+        .onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+
+    WeightedChildLbState weightedChild =
+        (WeightedChildLbState) wrr.getChildLbStates().iterator().next();
+    WeightedChildLbState.OrcaReportListener listener = weightedChild.getOrCreateOrcaListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization);
+
+    Map<String, Double> namedMetrics = new HashMap<>();
+    namedMetrics.put("cost", Double.NaN);
+    namedMetrics.put("score", 0.0);
+    namedMetrics.put("other", -1.0);
+    MetricReport report = InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0,
+        new HashMap<>(), new HashMap<>(), namedMetrics);
+    listener.onLoadReport(report);
+    // qps=1, util=0.1 (fallback to cpu) -> weight=10.0
+    fakeClock.forwardTime(1100, TimeUnit.MILLISECONDS);
+    verify(mockMetricRecorder).recordDoubleHistogram(
+        argThat(instr -> instr.getName().equals("grpc.lb.wrr.endpoint_weights")), eq(10.0), any(),
+        any());
+  }
+
+  @Test
+  public void customMetric_mixInvalidAndValid_validUsed() {
+    weightedConfig = WeightedRoundRobinLoadBalancerConfig.newBuilder().setBlackoutPeriodNanos(0)
+        .setMetricNamesForComputingUtilization(ImmutableList.of("named_metrics.cost",
+            "named_metrics.score", "named_metrics.other1", "named_metrics.other2"))
+        .build();
+    wrr = new WeightedRoundRobinLoadBalancer(helper, fakeClock.getDeadlineTicker());
+
+    syncContext.execute(
+        () -> wrr.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(servers)
+            .setLoadBalancingPolicyConfig(weightedConfig).setAttributes(affinity).build()));
+
+    Iterator<Subchannel> it = subchannels.values().iterator();
+    Subchannel readySubchannel = it.next();
+    getSubchannelStateListener(readySubchannel)
+        .onSubchannelState(ConnectivityStateInfo.forNonError(ConnectivityState.READY));
+
+    WeightedChildLbState weightedChild =
+        (WeightedChildLbState) wrr.getChildLbStates().iterator().next();
+    WeightedChildLbState.OrcaReportListener listener = weightedChild.getOrCreateOrcaListener(
+        weightedConfig.errorUtilizationPenalty, weightedConfig.metricNamesForComputingUtilization);
+
+    Map<String, Double> namedMetrics = new HashMap<>();
+    namedMetrics.put("cost", Double.NaN);
+    namedMetrics.put("score", 0.5);
+    namedMetrics.put("other1", 0.0);
+    namedMetrics.put("other2", -123.0);
+    MetricReport report = InternalCallMetricRecorder.createMetricReport(0.1, 0, 0.1, 1, 0,
+        new HashMap<>(), new HashMap<>(), namedMetrics);
+    listener.onLoadReport(report);
+    // qps=1, util=0.5 -> weight=2.0
+    fakeClock.forwardTime(1100, TimeUnit.MILLISECONDS);
+    verify(mockMetricRecorder).recordDoubleHistogram(
+        argThat(instr -> instr.getName().equals("grpc.lb.wrr.endpoint_weights")), eq(2.0), any(),
+        any());
+  }
+
   // Verifies that the MetricRecorder has been called to record a long counter value of 1 for the
   // given metric name, the given number of times
   private void verifyLongCounterRecord(String name, int times, long value) {
diff --git a/xds/src/test/java/io/grpc/xds/internal/MetricReportUtilsTest.java b/xds/src/test/java/io/grpc/xds/internal/MetricReportUtilsTest.java
new file mode 100644
index 00000000000..bf5e0ae9ede
--- /dev/null
+++ b/xds/src/test/java/io/grpc/xds/internal/MetricReportUtilsTest.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import io.grpc.services.InternalCallMetricRecorder;
+import io.grpc.services.MetricReport;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.OptionalDouble;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Tests for {@link MetricReportUtils}. */
+@RunWith(JUnit4.class)
+public class MetricReportUtilsTest {
+
+  @Test
+  public void getMetric_cpuUtilization() {
+    MetricReport report = createMetricReport(0.5, 0.1, 0.2, 10.0, 5.0, Collections.emptyMap());
+    OptionalDouble result = MetricReportUtils.getMetric(report, "cpu_utilization");
+    assertTrue(result.isPresent());
+    assertEquals(0.5, result.getAsDouble(), 0.0001);
+  }
+
+  @Test
+  public void getMetric_applicationUtilization() {
+    MetricReport report = createMetricReport(0.5, 0.1, 0.2, 10.0, 5.0, Collections.emptyMap());
+    OptionalDouble result = MetricReportUtils.getMetric(report, "application_utilization");
+    assertTrue(result.isPresent());
+    assertEquals(0.1, result.getAsDouble(), 0.0001);
+  }
+
+  @Test
+  public void getMetric_memUtilization() {
+    MetricReport report = createMetricReport(0.5, 0.1, 0.2, 10.0, 5.0, Collections.emptyMap());
+    OptionalDouble result = MetricReportUtils.getMetric(report, "mem_utilization");
+    assertTrue(result.isPresent());
+    assertEquals(0.2, result.getAsDouble(), 0.0001);
+  }
+
+  @Test
+  public void getMetric_utilizationMetric() {
+    Map<String, Double> utilizationMetrics = new HashMap<>();
+    utilizationMetrics.put("foo", 1.23);
+    MetricReport report = InternalCallMetricRecorder.createMetricReport(
+        0, 0, 0, 0, 0, Collections.emptyMap(), utilizationMetrics, Collections.emptyMap());
+
+    OptionalDouble result = MetricReportUtils.getMetric(report, "utilization.foo");
+    assertTrue(result.isPresent());
+    assertEquals(1.23, result.getAsDouble(), 0.0001);
+    assertFalse(MetricReportUtils.getMetric(report, "utilization.bar").isPresent());
+  }
+
+  @Test
+  public void getMetric_namedMetric() {
+    Map<String, Double> namedMetrics = new HashMap<>();
+    namedMetrics.put("foo", 7.89);
+    MetricReport report = createMetricReport(0, 0, 0, 0, 0, namedMetrics);
+    OptionalDouble result = MetricReportUtils.getMetric(report, "named_metrics.foo");
+    assertTrue(result.isPresent());
+    assertEquals(7.89, result.getAsDouble(), 0.0001);
+
+    assertFalse(MetricReportUtils.getMetric(report, "named_metrics.bar").isPresent());
+  }
+
+  @Test
+  public void getMetric_unknownPrefix() {
+    MetricReport report = createMetricReport(0, 0, 0, 0, 0, Collections.emptyMap());
+    assertFalse(MetricReportUtils.getMetric(report, "unknown.foo").isPresent());
+    assertFalse(MetricReportUtils.getMetric(report, "foo").isPresent());
+  }
+
+  private MetricReport createMetricReport(double cpu, double app, double mem, double qps,
+      double eps, Map<String, Double> namedMetrics) {
+    return InternalCallMetricRecorder.createMetricReport(
+        cpu, app, mem, qps, eps, Collections.emptyMap(), Collections.emptyMap(), namedMetrics);
+  }
+}

From 1528f809c9e506cf2e7052e3f41fd8b75636d3d3 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Mon, 30 Mar 2026 10:15:32 -0700
Subject: [PATCH 590/591] Upgrade Netty to 4.1.132 and netty-tcnative to 2.0.75

---
 MODULE.bazel                                  | 28 +++++++++----------
 SECURITY.md                                   |  3 +-
 .../internal/AltsProtocolNegotiatorTest.java  | 15 ++++++----
 gradle/libs.versions.toml                     | 12 ++++----
 repositories.bzl                              | 28 +++++++++----------
 5 files changed, 46 insertions(+), 40 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 6725882740d..803eacba297 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -23,20 +23,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.5",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.130.Final",
-    "io.netty:netty-codec-http2:4.1.130.Final",
-    "io.netty:netty-codec-http:4.1.130.Final",
-    "io.netty:netty-codec-socks:4.1.130.Final",
-    "io.netty:netty-codec:4.1.130.Final",
-    "io.netty:netty-common:4.1.130.Final",
-    "io.netty:netty-handler-proxy:4.1.130.Final",
-    "io.netty:netty-handler:4.1.130.Final",
-    "io.netty:netty-resolver:4.1.130.Final",
-    "io.netty:netty-tcnative-boringssl-static:2.0.74.Final",
-    "io.netty:netty-tcnative-classes:2.0.74.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.130.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.130.Final",
-    "io.netty:netty-transport:4.1.130.Final",
+    "io.netty:netty-buffer:4.1.132.Final",
+    "io.netty:netty-codec-http2:4.1.132.Final",
+    "io.netty:netty-codec-http:4.1.132.Final",
+    "io.netty:netty-codec-socks:4.1.132.Final",
+    "io.netty:netty-codec:4.1.132.Final",
+    "io.netty:netty-common:4.1.132.Final",
+    "io.netty:netty-handler-proxy:4.1.132.Final",
+    "io.netty:netty-handler:4.1.132.Final",
+    "io.netty:netty-resolver:4.1.132.Final",
+    "io.netty:netty-tcnative-boringssl-static:2.0.75.Final",
+    "io.netty:netty-tcnative-classes:2.0.75.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.132.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.132.Final",
+    "io.netty:netty-transport:4.1.132.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
diff --git a/SECURITY.md b/SECURITY.md
index fa5b85c0e3a..e710ceaabe1 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -399,7 +399,8 @@ grpc-netty version | netty-handler version | netty-tcnative-boringssl-static ver
 1.71.x-1.74.x      | 4.1.110.Final         | 2.0.70.Final
 1.75.x-1.76.x      | 4.1.124.Final         | 2.0.72.Final
 1.77.x-1.78.x      | 4.1.127.Final         | 2.0.74.Final
-1.79.x-            | 4.1.130.Final         | 2.0.74.Final
+1.79.x-1.80.x      | 4.1.130.Final         | 2.0.74.Final
+1.81.x-            | 4.1.132.Final         | 2.0.75.Final
 
 _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_
 
diff --git a/alts/src/test/java/io/grpc/alts/internal/AltsProtocolNegotiatorTest.java b/alts/src/test/java/io/grpc/alts/internal/AltsProtocolNegotiatorTest.java
index 24392af75fd..d47607ed90f 100644
--- a/alts/src/test/java/io/grpc/alts/internal/AltsProtocolNegotiatorTest.java
+++ b/alts/src/test/java/io/grpc/alts/internal/AltsProtocolNegotiatorTest.java
@@ -202,8 +202,11 @@ public void operationComplete(ChannelFuture future) throws Exception {
     channel.flush();
 
     // Capture the protected data written to the wire.
-    assertEquals(1, channel.outboundMessages().size());
-    ByteBuf protectedData = channel.readOutbound();
+    assertThat(channel.outboundMessages()).isNotEmpty();
+    ByteBuf protectedData = channel.alloc().buffer();
+    while (!channel.outboundMessages().isEmpty()) {
+      protectedData.writeBytes((ByteBuf) channel.readOutbound());
+    }
     assertEquals(message.length(), writeCount.get());
 
     // Read the protected message at the server and verify it matches the original message.
@@ -327,16 +330,18 @@ public void doNotFlushEmptyBuffer() throws Exception {
     String message = "hello";
     ByteBuf in = Unpooled.copiedBuffer(message, UTF_8);
 
-    assertEquals(0, protector.flushes.get());
+    int flushes = protector.flushes.get();
     Future<?> done = channel.write(in);
     channel.flush();
+    flushes++;
     done.get(5, TimeUnit.SECONDS);
-    assertEquals(1, protector.flushes.get());
+    assertEquals(flushes, protector.flushes.get());
 
+    // Flush does not propagate
     done = channel.write(Unpooled.EMPTY_BUFFER);
     channel.flush();
     done.get(5, TimeUnit.SECONDS);
-    assertEquals(1, protector.flushes.get());
+    assertEquals(flushes, protector.flushes.get());
   }
 
   @Test
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 7cf46ade850..705026a3fe3 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -101,17 +101,17 @@ mockito-android = "org.mockito:mockito-android:4.4.0"
 mockito-core = "org.mockito:mockito-core:4.4.0"
 # Need to decide when we require users to absorb the breaking changes in 4.2
 # checkForUpdates: netty-codec-http2:4.1.+
-netty-codec-http2 = "io.netty:netty-codec-http2:4.1.130.Final"
+netty-codec-http2 = "io.netty:netty-codec-http2:4.1.132.Final"
 # checkForUpdates: netty-handler-proxy:4.1.+
-netty-handler-proxy = "io.netty:netty-handler-proxy:4.1.130.Final"
+netty-handler-proxy = "io.netty:netty-handler-proxy:4.1.132.Final"
 # Keep the following references of tcnative version in sync whenever it's updated:
 #   SECURITY.md
-netty-tcnative = "io.netty:netty-tcnative-boringssl-static:2.0.74.Final"
-netty-tcnative-classes = "io.netty:netty-tcnative-classes:2.0.74.Final"
+netty-tcnative = "io.netty:netty-tcnative-boringssl-static:2.0.75.Final"
+netty-tcnative-classes = "io.netty:netty-tcnative-classes:2.0.75.Final"
 # checkForUpdates: netty-transport-epoll:4.1.+
-netty-transport-epoll = "io.netty:netty-transport-native-epoll:4.1.130.Final"
+netty-transport-epoll = "io.netty:netty-transport-native-epoll:4.1.132.Final"
 # checkForUpdates: netty-unix-common:4.1.+
-netty-unix-common = "io.netty:netty-transport-native-unix-common:4.1.130.Final"
+netty-unix-common = "io.netty:netty-transport-native-unix-common:4.1.132.Final"
 okhttp = "com.squareup.okhttp:okhttp:2.7.5"
 # okio 3.5+ uses Kotlin 1.9+ which requires Android Gradle Plugin 9+
 # checkForUpdates: okio:3.4.+
diff --git a/repositories.bzl b/repositories.bzl
index 2c284abc2de..0a09cece070 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -27,20 +27,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.5",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.130.Final",
-    "io.netty:netty-codec-http2:4.1.130.Final",
-    "io.netty:netty-codec-http:4.1.130.Final",
-    "io.netty:netty-codec-socks:4.1.130.Final",
-    "io.netty:netty-codec:4.1.130.Final",
-    "io.netty:netty-common:4.1.130.Final",
-    "io.netty:netty-handler-proxy:4.1.130.Final",
-    "io.netty:netty-handler:4.1.130.Final",
-    "io.netty:netty-resolver:4.1.130.Final",
-    "io.netty:netty-tcnative-boringssl-static:2.0.74.Final",
-    "io.netty:netty-tcnative-classes:2.0.74.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.130.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.130.Final",
-    "io.netty:netty-transport:4.1.130.Final",
+    "io.netty:netty-buffer:4.1.132.Final",
+    "io.netty:netty-codec-http2:4.1.132.Final",
+    "io.netty:netty-codec-http:4.1.132.Final",
+    "io.netty:netty-codec-socks:4.1.132.Final",
+    "io.netty:netty-codec:4.1.132.Final",
+    "io.netty:netty-common:4.1.132.Final",
+    "io.netty:netty-handler-proxy:4.1.132.Final",
+    "io.netty:netty-handler:4.1.132.Final",
+    "io.netty:netty-resolver:4.1.132.Final",
+    "io.netty:netty-tcnative-boringssl-static:2.0.75.Final",
+    "io.netty:netty-tcnative-classes:2.0.75.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.132.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.132.Final",
+    "io.netty:netty-transport:4.1.132.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",

From eac9fe9612881d54d51ddc5496599ba9a8201021 Mon Sep 17 00:00:00 2001
From: MV Shiva <speakupshiva@gmail.com>
Date: Mon, 6 Apr 2026 10:49:01 +0530
Subject: [PATCH 591/591] xds: fix xDS HTTP CONNECT's transport socket name bug
 (#12740)

fixes https://github.com/grpc/grpc-java/issues/12739
---
 xds/src/main/java/io/grpc/xds/XdsClusterResource.java | 11 ++++-------
 .../java/io/grpc/xds/GrpcXdsClientImplDataTest.java   |  3 +--
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
index d9848d97017..10efc47be47 100644
--- a/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
+++ b/xds/src/main/java/io/grpc/xds/XdsClusterResource.java
@@ -80,9 +80,6 @@ class XdsClusterResource extends XdsResourceType<CdsUpdate> {
       "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext";
   private static final String TYPE_URL_UPSTREAM_TLS_CONTEXT_V2 =
       "type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext";
-  static final String TRANSPORT_SOCKET_NAME_HTTP11_PROXY =
-      "type.googleapis.com/envoy.extensions.transport_sockets.http_11_proxy.v3"
-          + ".Http11ProxyUpstreamTransport";
   private final LoadBalancerRegistry loadBalancerRegistry
       = LoadBalancerRegistry.getDefaultRegistry();
 
@@ -261,14 +258,14 @@ private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(
     TransportSocket transportSocket = cluster.getTransportSocket();
 
     if (hasTransportSocket && !TRANSPORT_SOCKET_NAME_TLS.equals(transportSocket.getName())
-        && !(isEnabledXdsHttpConnect
-        && TRANSPORT_SOCKET_NAME_HTTP11_PROXY.equals(transportSocket.getName()))) {
+        && !(isEnabledXdsHttpConnect && transportSocket.getTypedConfig().is(
+        Http11ProxyUpstreamTransport.class))) {
       return StructOrError.fromError(
           "transport-socket with name " + transportSocket.getName() + " not supported.");
     }
 
-    if (hasTransportSocket && isEnabledXdsHttpConnect
-        && TRANSPORT_SOCKET_NAME_HTTP11_PROXY.equals(transportSocket.getName())) {
+    if (hasTransportSocket && isEnabledXdsHttpConnect && transportSocket.getTypedConfig().is(
+        Http11ProxyUpstreamTransport.class)) {
       isHttp11ProxyAvailable = true;
       try {
         Http11ProxyUpstreamTransport wrappedTransportSocket = transportSocket
diff --git a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
index be29e5e719f..a1b1adae17f 100644
--- a/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
+++ b/xds/src/test/java/io/grpc/xds/GrpcXdsClientImplDataTest.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.envoyproxy.envoy.config.route.v3.RouteAction.ClusterSpecifierCase.CLUSTER_SPECIFIER_PLUGIN;
-import static io.grpc.xds.XdsClusterResource.TRANSPORT_SOCKET_NAME_HTTP11_PROXY;
 import static io.grpc.xds.XdsEndpointResource.GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS;
 import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.fail;
@@ -2615,7 +2614,7 @@ public void parseNonAggregateCluster_withHttp11ProxyTransportSocket() throws Exc
             .build();
 
     TransportSocket transportSocket = TransportSocket.newBuilder()
-        .setName(TRANSPORT_SOCKET_NAME_HTTP11_PROXY)
+        .setName("envoy.transport_sockets.http_11_proxy")
         .setTypedConfig(Any.pack(http11ProxyUpstreamTransport))
         .build();